[Pkg-openldap-devel] r793 - in openldap/vendor: . openldap-2.3.35 openldap-2.3.35/build openldap-2.3.35/clients openldap-2.3.35/clients/tools openldap-2.3.35/contrib openldap-2.3.35/contrib/ldapc++ openldap-2.3.35/contrib/ldapc++/examples openldap-2.3.35/contrib/ldapc++/src openldap-2.3.35/contrib/ldapc++/src/ac openldap-2.3.35/contrib/slapd-modules openldap-2.3.35/contrib/slapd-modules/acl openldap-2.3.35/contrib/slapd-modules/comp_match openldap-2.3.35/contrib/slapd-modules/dsaschema openldap-2.3.35/contrib/slapd-modules/passwd openldap-2.3.35/contrib/slapd-modules/smbk5pwd openldap-2.3.35/contrib/slapd-tools openldap-2.3.35/contrib/slapi-plugins openldap-2.3.35/contrib/slapi-plugins/addrdnvalues openldap-2.3.35/doc openldap-2.3.35/doc/devel openldap-2.3.35/doc/drafts openldap-2.3.35/doc/guide openldap-2.3.35/doc/guide/admin openldap-2.3.35/doc/guide/images openldap-2.3.35/doc/guide/release openldap-2.3.35/doc/install openldap-2.3.35/doc/man openldap-2.3.35/doc/man/man1 openldap-2.3.35/doc/man/man3 openldap-2.3.35/doc/man/man5 openldap-2.3.35/doc/man/man8 openldap-2.3.35/include openldap-2.3.35/include/ac openldap-2.3.35/libraries openldap-2.3.35/libraries/liblber openldap-2.3.35/libraries/libldap openldap-2.3.35/libraries/libldap_r openldap-2.3.35/libraries/liblunicode openldap-2.3.35/libraries/liblunicode/ucdata openldap-2.3.35/libraries/liblunicode/ure openldap-2.3.35/libraries/liblunicode/utbm openldap-2.3.35/libraries/liblutil openldap-2.3.35/libraries/librewrite openldap-2.3.35/servers openldap-2.3.35/servers/slapd openldap-2.3.35/servers/slapd/back-bdb openldap-2.3.35/servers/slapd/back-dnssrv openldap-2.3.35/servers/slapd/back-hdb openldap-2.3.35/servers/slapd/back-ldap openldap-2.3.35/servers/slapd/back-ldbm openldap-2.3.35/servers/slapd/back-ldif openldap-2.3.35/servers/slapd/back-meta openldap-2.3.35/servers/slapd/back-monitor openldap-2.3.35/servers/slapd/back-null openldap-2.3.35/servers/slapd/back-passwd openldap-2.3.35/servers/slapd/back-perl openldap-2.3.35/servers/slapd/back-relay openldap-2.3.35/servers/slapd/back-shell openldap-2.3.35/servers/slapd/back-sql openldap-2.3.35/servers/slapd/back-sql/docs openldap-2.3.35/servers/slapd/back-sql/rdbms_depend openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2 openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse openldap-2.3.35/servers/slapd/overlays openldap-2.3.35/servers/slapd/schema openldap-2.3.35/servers/slapd/shell-backends openldap-2.3.35/servers/slapd/slapi openldap-2.3.35/servers/slurpd openldap-2.3.35/tests openldap-2.3.35/tests/data openldap-2.3.35/tests/data/sql-concurrency openldap-2.3.35/tests/progs openldap-2.3.35/tests/scripts
Russ Allbery
rra at alioth.debian.org
Wed May 23 18:54:20 UTC 2007
Author: rra
Date: 2007-05-23 18:54:14 +0000 (Wed, 23 May 2007)
New Revision: 793
Added:
openldap/vendor/openldap-2.3.35/
openldap/vendor/openldap-2.3.35/ANNOUNCEMENT
openldap/vendor/openldap-2.3.35/CHANGES
openldap/vendor/openldap-2.3.35/COPYRIGHT
openldap/vendor/openldap-2.3.35/INSTALL
openldap/vendor/openldap-2.3.35/LICENSE
openldap/vendor/openldap-2.3.35/Makefile.in
openldap/vendor/openldap-2.3.35/README
openldap/vendor/openldap-2.3.35/aclocal.m4
openldap/vendor/openldap-2.3.35/build/
openldap/vendor/openldap-2.3.35/build/LICENSE-2.0.1
openldap/vendor/openldap-2.3.35/build/README
openldap/vendor/openldap-2.3.35/build/config.guess
openldap/vendor/openldap-2.3.35/build/config.sub
openldap/vendor/openldap-2.3.35/build/crupdate
openldap/vendor/openldap-2.3.35/build/dir.mk
openldap/vendor/openldap-2.3.35/build/info.mk
openldap/vendor/openldap-2.3.35/build/lib-shared.mk
openldap/vendor/openldap-2.3.35/build/lib-static.mk
openldap/vendor/openldap-2.3.35/build/lib.mk
openldap/vendor/openldap-2.3.35/build/ltmain.sh
openldap/vendor/openldap-2.3.35/build/man.mk
openldap/vendor/openldap-2.3.35/build/missing
openldap/vendor/openldap-2.3.35/build/mkdep
openldap/vendor/openldap-2.3.35/build/mkdep.aix
openldap/vendor/openldap-2.3.35/build/mkrelease
openldap/vendor/openldap-2.3.35/build/mkvers.bat
openldap/vendor/openldap-2.3.35/build/mkversion
openldap/vendor/openldap-2.3.35/build/mod.mk
openldap/vendor/openldap-2.3.35/build/openldap.m4
openldap/vendor/openldap-2.3.35/build/rules.mk
openldap/vendor/openldap-2.3.35/build/shtool
openldap/vendor/openldap-2.3.35/build/srv.mk
openldap/vendor/openldap-2.3.35/build/top.mk
openldap/vendor/openldap-2.3.35/build/version.h
openldap/vendor/openldap-2.3.35/build/version.sh
openldap/vendor/openldap-2.3.35/build/version.var
openldap/vendor/openldap-2.3.35/clients/
openldap/vendor/openldap-2.3.35/clients/Makefile.in
openldap/vendor/openldap-2.3.35/clients/tools/
openldap/vendor/openldap-2.3.35/clients/tools/Makefile.in
openldap/vendor/openldap-2.3.35/clients/tools/common.c
openldap/vendor/openldap-2.3.35/clients/tools/common.h
openldap/vendor/openldap-2.3.35/clients/tools/ldapcompare.c
openldap/vendor/openldap-2.3.35/clients/tools/ldapdelete.c
openldap/vendor/openldap-2.3.35/clients/tools/ldapmodify.c
openldap/vendor/openldap-2.3.35/clients/tools/ldapmodrdn.c
openldap/vendor/openldap-2.3.35/clients/tools/ldappasswd.c
openldap/vendor/openldap-2.3.35/clients/tools/ldapsearch.c
openldap/vendor/openldap-2.3.35/clients/tools/ldapwhoami.c
openldap/vendor/openldap-2.3.35/configure
openldap/vendor/openldap-2.3.35/configure.in
openldap/vendor/openldap-2.3.35/contrib/
openldap/vendor/openldap-2.3.35/contrib/README
openldap/vendor/openldap-2.3.35/contrib/ldapc++/
openldap/vendor/openldap-2.3.35/contrib/ldapc++/AUTHORS
openldap/vendor/openldap-2.3.35/contrib/ldapc++/COPYRIGHT
openldap/vendor/openldap-2.3.35/contrib/ldapc++/LICENSE
openldap/vendor/openldap-2.3.35/contrib/ldapc++/Makefile.am
openldap/vendor/openldap-2.3.35/contrib/ldapc++/Makefile.in
openldap/vendor/openldap-2.3.35/contrib/ldapc++/README
openldap/vendor/openldap-2.3.35/contrib/ldapc++/TODO
openldap/vendor/openldap-2.3.35/contrib/ldapc++/acconfig.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/aclocal.m4
openldap/vendor/openldap-2.3.35/contrib/ldapc++/config.guess
openldap/vendor/openldap-2.3.35/contrib/ldapc++/config.sub
openldap/vendor/openldap-2.3.35/contrib/ldapc++/configure
openldap/vendor/openldap-2.3.35/contrib/ldapc++/configure.in
openldap/vendor/openldap-2.3.35/contrib/ldapc++/depcomp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/doxygen.rc
openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/
openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/Makefile.am
openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/Makefile.in
openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/main.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/readSchema.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/install-sh
openldap/vendor/openldap-2.3.35/contrib/ldapc++/ltmain.sh
openldap/vendor/openldap-2.3.35/contrib/ldapc++/missing
openldap/vendor/openldap-2.3.35/contrib/ldapc++/mkinstalldirs
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAddRequest.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAddRequest.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAsynConnection.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAsynConnection.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttrType.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttrType.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttribute.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttribute.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttributeList.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttributeList.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPBindRequest.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPBindRequest.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPCompareRequest.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPCompareRequest.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConnection.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConnection.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConstraints.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConstraints.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControl.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControl.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControlSet.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControlSet.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPDeleteRequest.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPDeleteRequest.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntry.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntry.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntryList.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntryList.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPException.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPException.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtRequest.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtRequest.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtResult.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtResult.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessage.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessage.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessageQueue.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessageQueue.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModDNRequest.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModDNRequest.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModList.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModList.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModification.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModification.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModifyRequest.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModifyRequest.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPObjClass.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPObjClass.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebind.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebind.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebindAuth.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebindAuth.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferenceList.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferenceList.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferralException.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferralException.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRequest.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRequest.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPResult.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPResult.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSchema.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSchema.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchReference.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchReference.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchRequest.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchRequest.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResult.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResult.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResults.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResults.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrl.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrl.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrlList.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrlList.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/Makefile.am
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/Makefile.in
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/StringList.cpp
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/StringList.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/ac/
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/ac/time.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/config.h.in
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/debug.h
openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/stamp-h.in
openldap/vendor/openldap-2.3.35/contrib/ldapc++/stamp-h.in
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/acl/
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/acl/README
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/acl/posixgroup.c
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/Makefile
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/README
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/asn.h
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/asn_to_syn_mr.c
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/authorityKeyIdentifier.asn
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/authorityKeyIdentifier.c
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/authorityKeyIdentifier.h
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/certificate.asn1
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/certificate.c
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/certificate.h
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/componentlib.c
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/componentlib.h
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/crl.c
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/crl.h
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/init.c
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/dsaschema/
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/dsaschema/README
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/dsaschema/dsaschema.c
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/passwd/
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/passwd/README
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/passwd/kerberos.c
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/passwd/netscape.c
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/smbk5pwd/
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/smbk5pwd/Makefile
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/smbk5pwd/README
openldap/vendor/openldap-2.3.35/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
openldap/vendor/openldap-2.3.35/contrib/slapd-tools/
openldap/vendor/openldap-2.3.35/contrib/slapd-tools/README
openldap/vendor/openldap-2.3.35/contrib/slapd-tools/statslog
openldap/vendor/openldap-2.3.35/contrib/slapi-plugins/
openldap/vendor/openldap-2.3.35/contrib/slapi-plugins/addrdnvalues/
openldap/vendor/openldap-2.3.35/contrib/slapi-plugins/addrdnvalues/README
openldap/vendor/openldap-2.3.35/contrib/slapi-plugins/addrdnvalues/addrdnvalues.c
openldap/vendor/openldap-2.3.35/doc/
openldap/vendor/openldap-2.3.35/doc/Makefile.in
openldap/vendor/openldap-2.3.35/doc/devel/
openldap/vendor/openldap-2.3.35/doc/devel/README
openldap/vendor/openldap-2.3.35/doc/devel/args
openldap/vendor/openldap-2.3.35/doc/devel/template.c
openldap/vendor/openldap-2.3.35/doc/devel/todo
openldap/vendor/openldap-2.3.35/doc/devel/toolargs
openldap/vendor/openldap-2.3.35/doc/devel/utfconv.txt
openldap/vendor/openldap-2.3.35/doc/drafts/
openldap/vendor/openldap-2.3.35/doc/drafts/README
openldap/vendor/openldap-2.3.35/doc/drafts/draft-behera-ldap-password-policy-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-chu-ldap-csn-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-authmeth-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-bcp64-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-dn-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-filter-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-models-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-protocol-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-roadmap-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-strprep-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-syntaxes-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-url-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-user-schema-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-acl-model-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-ldapv3-dupent-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-ldapv3-vlv-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-locate-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-joslin-config-schema-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-lachman-laser-ldap-mail-routing-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-acm-admin-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-acm-bac-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-admin-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-binary-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-transfer-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-chaining-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-csn-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-distproc-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-subordinate-scope-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-adlist-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-assert-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-authzid-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-cosine-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-dontusecopy-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-incr.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-managedit-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-noop-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-readentry-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-t-f-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-turn-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-txn-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-uuid-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-x509-xx.txt
openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldup-sync-xx.txt
openldap/vendor/openldap-2.3.35/doc/guide/
openldap/vendor/openldap-2.3.35/doc/guide/COPYRIGHT
openldap/vendor/openldap-2.3.35/doc/guide/LICENSE
openldap/vendor/openldap-2.3.35/doc/guide/README
openldap/vendor/openldap-2.3.35/doc/guide/admin/
openldap/vendor/openldap-2.3.35/doc/guide/admin/Makefile
openldap/vendor/openldap-2.3.35/doc/guide/admin/abstract.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/admin.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/config.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/config_dit.gif
openldap/vendor/openldap-2.3.35/doc/guide/admin/config_local.gif
openldap/vendor/openldap-2.3.35/doc/guide/admin/config_ref.gif
openldap/vendor/openldap-2.3.35/doc/guide/admin/config_repl.gif
openldap/vendor/openldap-2.3.35/doc/guide/admin/config_x500fe.gif
openldap/vendor/openldap-2.3.35/doc/guide/admin/config_x500ref.gif
openldap/vendor/openldap-2.3.35/doc/guide/admin/dbtools.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/guide.html
openldap/vendor/openldap-2.3.35/doc/guide/admin/guide.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/index.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/install.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/intro.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/intro_dctree.gif
openldap/vendor/openldap-2.3.35/doc/guide/admin/intro_tree.gif
openldap/vendor/openldap-2.3.35/doc/guide/admin/master.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/monitoringslapd.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/preface.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/proxycache.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/quickstart.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/referrals.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/replication.gif
openldap/vendor/openldap-2.3.35/doc/guide/admin/replication.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/runningslapd.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/sasl.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/schema.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/security.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/slapdconf2.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/slapdconfig.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/syncrepl.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/title.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/tls.sdf
openldap/vendor/openldap-2.3.35/doc/guide/admin/tuning.sdf
openldap/vendor/openldap-2.3.35/doc/guide/images/
openldap/vendor/openldap-2.3.35/doc/guide/images/LDAPlogo.gif
openldap/vendor/openldap-2.3.35/doc/guide/images/LDAPwww.gif
openldap/vendor/openldap-2.3.35/doc/guide/plain.sdf
openldap/vendor/openldap-2.3.35/doc/guide/preamble.sdf
openldap/vendor/openldap-2.3.35/doc/guide/release/
openldap/vendor/openldap-2.3.35/doc/guide/release/autoconf-install.txt
openldap/vendor/openldap-2.3.35/doc/guide/release/autoconf.sdf
openldap/vendor/openldap-2.3.35/doc/guide/release/copyright-plain.sdf
openldap/vendor/openldap-2.3.35/doc/guide/release/copyright.sdf
openldap/vendor/openldap-2.3.35/doc/guide/release/install.sdf
openldap/vendor/openldap-2.3.35/doc/guide/release/license-plain.sdf
openldap/vendor/openldap-2.3.35/doc/guide/release/license.sdf
openldap/vendor/openldap-2.3.35/doc/install/
openldap/vendor/openldap-2.3.35/doc/install/configure
openldap/vendor/openldap-2.3.35/doc/man/
openldap/vendor/openldap-2.3.35/doc/man/Makefile.in
openldap/vendor/openldap-2.3.35/doc/man/man1/
openldap/vendor/openldap-2.3.35/doc/man/man1/Makefile.in
openldap/vendor/openldap-2.3.35/doc/man/man1/ldapcompare.1
openldap/vendor/openldap-2.3.35/doc/man/man1/ldapdelete.1
openldap/vendor/openldap-2.3.35/doc/man/man1/ldapmodify.1
openldap/vendor/openldap-2.3.35/doc/man/man1/ldapmodify.1.links
openldap/vendor/openldap-2.3.35/doc/man/man1/ldapmodrdn.1
openldap/vendor/openldap-2.3.35/doc/man/man1/ldappasswd.1
openldap/vendor/openldap-2.3.35/doc/man/man1/ldapsearch.1
openldap/vendor/openldap-2.3.35/doc/man/man1/ldapwhoami.1
openldap/vendor/openldap-2.3.35/doc/man/man3/
openldap/vendor/openldap-2.3.35/doc/man/man3/Makefile.in
openldap/vendor/openldap-2.3.35/doc/man/man3/lber-decode.3
openldap/vendor/openldap-2.3.35/doc/man/man3/lber-decode.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/lber-encode.3
openldap/vendor/openldap-2.3.35/doc/man/man3/lber-encode.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/lber-memory.3
openldap/vendor/openldap-2.3.35/doc/man/man3/lber-types.3
openldap/vendor/openldap-2.3.35/doc/man/man3/lber-types.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_abandon.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_abandon.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_add.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_add.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_bind.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_bind.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_compare.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_compare.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_delete.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_delete.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_error.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_error.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_attribute.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_attribute.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_entry.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_entry.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_message.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_message.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_reference.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_reference.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_dn.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_dn.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_values.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_values.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modify.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modify.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modrdn.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modrdn.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_open.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_open.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_parse_reference.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_parse_result.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_parse_result.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_result.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_result.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_schema.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_schema.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_search.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_search.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_sort.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_sort.3.links
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_url.3
openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_url.3.links
openldap/vendor/openldap-2.3.35/doc/man/man5/
openldap/vendor/openldap-2.3.35/doc/man/man5/Makefile.in
openldap/vendor/openldap-2.3.35/doc/man/man5/ldap.conf.5
openldap/vendor/openldap-2.3.35/doc/man/man5/ldif.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-bdb.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-bdb.5.links
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-dnssrv.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-ldap.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-ldbm.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-ldif.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-meta.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-monitor.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-null.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-passwd.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-perl.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-relay.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-shell.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-sql.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-tcl.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.access.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.conf.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.plugin.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.replog.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-accesslog.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-auditlog.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-chain.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-dynlist.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-lastmod.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-pcache.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-ppolicy.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-refint.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-retcode.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-rwm.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-syncprov.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-translucent.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-unique.5
openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-valsort.5
openldap/vendor/openldap-2.3.35/doc/man/man8/
openldap/vendor/openldap-2.3.35/doc/man/man8/Makefile.in
openldap/vendor/openldap-2.3.35/doc/man/man8/slapacl.8
openldap/vendor/openldap-2.3.35/doc/man/man8/slapadd.8
openldap/vendor/openldap-2.3.35/doc/man/man8/slapauth.8
openldap/vendor/openldap-2.3.35/doc/man/man8/slapcat.8
openldap/vendor/openldap-2.3.35/doc/man/man8/slapd.8
openldap/vendor/openldap-2.3.35/doc/man/man8/slapdn.8
openldap/vendor/openldap-2.3.35/doc/man/man8/slapindex.8
openldap/vendor/openldap-2.3.35/doc/man/man8/slappasswd.8
openldap/vendor/openldap-2.3.35/doc/man/man8/slaptest.8
openldap/vendor/openldap-2.3.35/doc/man/man8/slurpd.8
openldap/vendor/openldap-2.3.35/include/
openldap/vendor/openldap-2.3.35/include/Makefile.in
openldap/vendor/openldap-2.3.35/include/ac/
openldap/vendor/openldap-2.3.35/include/ac/alloca.h
openldap/vendor/openldap-2.3.35/include/ac/assert.h
openldap/vendor/openldap-2.3.35/include/ac/bytes.h
openldap/vendor/openldap-2.3.35/include/ac/crypt.h
openldap/vendor/openldap-2.3.35/include/ac/ctype.h
openldap/vendor/openldap-2.3.35/include/ac/dirent.h
openldap/vendor/openldap-2.3.35/include/ac/errno.h
openldap/vendor/openldap-2.3.35/include/ac/fdset.h
openldap/vendor/openldap-2.3.35/include/ac/krb.h
openldap/vendor/openldap-2.3.35/include/ac/krb5.h
openldap/vendor/openldap-2.3.35/include/ac/localize.h
openldap/vendor/openldap-2.3.35/include/ac/param.h
openldap/vendor/openldap-2.3.35/include/ac/regex.h
openldap/vendor/openldap-2.3.35/include/ac/setproctitle.h
openldap/vendor/openldap-2.3.35/include/ac/signal.h
openldap/vendor/openldap-2.3.35/include/ac/socket.h
openldap/vendor/openldap-2.3.35/include/ac/stdarg.h
openldap/vendor/openldap-2.3.35/include/ac/stdlib.h
openldap/vendor/openldap-2.3.35/include/ac/string.h
openldap/vendor/openldap-2.3.35/include/ac/sysexits.h
openldap/vendor/openldap-2.3.35/include/ac/syslog.h
openldap/vendor/openldap-2.3.35/include/ac/termios.h
openldap/vendor/openldap-2.3.35/include/ac/time.h
openldap/vendor/openldap-2.3.35/include/ac/unistd.h
openldap/vendor/openldap-2.3.35/include/ac/wait.h
openldap/vendor/openldap-2.3.35/include/avl.h
openldap/vendor/openldap-2.3.35/include/getopt-compat.h
openldap/vendor/openldap-2.3.35/include/lber.h
openldap/vendor/openldap-2.3.35/include/lber_pvt.h
openldap/vendor/openldap-2.3.35/include/lber_types.hin
openldap/vendor/openldap-2.3.35/include/ldap.h
openldap/vendor/openldap-2.3.35/include/ldap_cdefs.h
openldap/vendor/openldap-2.3.35/include/ldap_config.hin
openldap/vendor/openldap-2.3.35/include/ldap_defaults.h
openldap/vendor/openldap-2.3.35/include/ldap_features.hin
openldap/vendor/openldap-2.3.35/include/ldap_int_thread.h
openldap/vendor/openldap-2.3.35/include/ldap_log.h
openldap/vendor/openldap-2.3.35/include/ldap_pvt.h
openldap/vendor/openldap-2.3.35/include/ldap_pvt_thread.h
openldap/vendor/openldap-2.3.35/include/ldap_pvt_uc.h
openldap/vendor/openldap-2.3.35/include/ldap_queue.h
openldap/vendor/openldap-2.3.35/include/ldap_rq.h
openldap/vendor/openldap-2.3.35/include/ldap_schema.h
openldap/vendor/openldap-2.3.35/include/ldap_utf8.h
openldap/vendor/openldap-2.3.35/include/ldif.h
openldap/vendor/openldap-2.3.35/include/lutil.h
openldap/vendor/openldap-2.3.35/include/lutil_hash.h
openldap/vendor/openldap-2.3.35/include/lutil_ldap.h
openldap/vendor/openldap-2.3.35/include/lutil_lockf.h
openldap/vendor/openldap-2.3.35/include/lutil_md5.h
openldap/vendor/openldap-2.3.35/include/lutil_sha1.h
openldap/vendor/openldap-2.3.35/include/portable.hin
openldap/vendor/openldap-2.3.35/include/rewrite.h
openldap/vendor/openldap-2.3.35/include/slapi-plugin.h
openldap/vendor/openldap-2.3.35/include/sysexits-compat.h
openldap/vendor/openldap-2.3.35/libraries/
openldap/vendor/openldap-2.3.35/libraries/Makefile.in
openldap/vendor/openldap-2.3.35/libraries/liblber/
openldap/vendor/openldap-2.3.35/libraries/liblber/Makefile.in
openldap/vendor/openldap-2.3.35/libraries/liblber/assert.c
openldap/vendor/openldap-2.3.35/libraries/liblber/bprint.c
openldap/vendor/openldap-2.3.35/libraries/liblber/debug.c
openldap/vendor/openldap-2.3.35/libraries/liblber/decode.c
openldap/vendor/openldap-2.3.35/libraries/liblber/dtest.c
openldap/vendor/openldap-2.3.35/libraries/liblber/encode.c
openldap/vendor/openldap-2.3.35/libraries/liblber/etest.c
openldap/vendor/openldap-2.3.35/libraries/liblber/idtest.c
openldap/vendor/openldap-2.3.35/libraries/liblber/io.c
openldap/vendor/openldap-2.3.35/libraries/liblber/lber-int.h
openldap/vendor/openldap-2.3.35/libraries/liblber/memory.c
openldap/vendor/openldap-2.3.35/libraries/liblber/nt_err.c
openldap/vendor/openldap-2.3.35/libraries/liblber/options.c
openldap/vendor/openldap-2.3.35/libraries/liblber/sockbuf.c
openldap/vendor/openldap-2.3.35/libraries/liblber/stdio.c
openldap/vendor/openldap-2.3.35/libraries/libldap/
openldap/vendor/openldap-2.3.35/libraries/libldap/Makefile.in
openldap/vendor/openldap-2.3.35/libraries/libldap/abandon.c
openldap/vendor/openldap-2.3.35/libraries/libldap/add.c
openldap/vendor/openldap-2.3.35/libraries/libldap/addentry.c
openldap/vendor/openldap-2.3.35/libraries/libldap/apitest.c
openldap/vendor/openldap-2.3.35/libraries/libldap/bind.c
openldap/vendor/openldap-2.3.35/libraries/libldap/cancel.c
openldap/vendor/openldap-2.3.35/libraries/libldap/charray.c
openldap/vendor/openldap-2.3.35/libraries/libldap/compare.c
openldap/vendor/openldap-2.3.35/libraries/libldap/controls.c
openldap/vendor/openldap-2.3.35/libraries/libldap/cyrus.c
openldap/vendor/openldap-2.3.35/libraries/libldap/delete.c
openldap/vendor/openldap-2.3.35/libraries/libldap/dnssrv.c
openldap/vendor/openldap-2.3.35/libraries/libldap/dntest.c
openldap/vendor/openldap-2.3.35/libraries/libldap/error.c
openldap/vendor/openldap-2.3.35/libraries/libldap/extended.c
openldap/vendor/openldap-2.3.35/libraries/libldap/filter.c
openldap/vendor/openldap-2.3.35/libraries/libldap/free.c
openldap/vendor/openldap-2.3.35/libraries/libldap/ftest.c
openldap/vendor/openldap-2.3.35/libraries/libldap/getattr.c
openldap/vendor/openldap-2.3.35/libraries/libldap/getdn.c
openldap/vendor/openldap-2.3.35/libraries/libldap/getentry.c
openldap/vendor/openldap-2.3.35/libraries/libldap/getvalues.c
openldap/vendor/openldap-2.3.35/libraries/libldap/groupings.c
openldap/vendor/openldap-2.3.35/libraries/libldap/init.c
openldap/vendor/openldap-2.3.35/libraries/libldap/kbind.c
openldap/vendor/openldap-2.3.35/libraries/libldap/ldap-int.h
openldap/vendor/openldap-2.3.35/libraries/libldap/ldap.conf
openldap/vendor/openldap-2.3.35/libraries/libldap/messages.c
openldap/vendor/openldap-2.3.35/libraries/libldap/modify.c
openldap/vendor/openldap-2.3.35/libraries/libldap/modrdn.c
openldap/vendor/openldap-2.3.35/libraries/libldap/open.c
openldap/vendor/openldap-2.3.35/libraries/libldap/options.c
openldap/vendor/openldap-2.3.35/libraries/libldap/os-ip.c
openldap/vendor/openldap-2.3.35/libraries/libldap/os-local.c
openldap/vendor/openldap-2.3.35/libraries/libldap/passwd.c
openldap/vendor/openldap-2.3.35/libraries/libldap/ppolicy.c
openldap/vendor/openldap-2.3.35/libraries/libldap/print.c
openldap/vendor/openldap-2.3.35/libraries/libldap/references.c
openldap/vendor/openldap-2.3.35/libraries/libldap/request.c
openldap/vendor/openldap-2.3.35/libraries/libldap/result.c
openldap/vendor/openldap-2.3.35/libraries/libldap/sasl.c
openldap/vendor/openldap-2.3.35/libraries/libldap/sbind.c
openldap/vendor/openldap-2.3.35/libraries/libldap/schema.c
openldap/vendor/openldap-2.3.35/libraries/libldap/search.c
openldap/vendor/openldap-2.3.35/libraries/libldap/sort.c
openldap/vendor/openldap-2.3.35/libraries/libldap/sortctrl.c
openldap/vendor/openldap-2.3.35/libraries/libldap/string.c
openldap/vendor/openldap-2.3.35/libraries/libldap/t61.c
openldap/vendor/openldap-2.3.35/libraries/libldap/test.c
openldap/vendor/openldap-2.3.35/libraries/libldap/tls.c
openldap/vendor/openldap-2.3.35/libraries/libldap/turn.c
openldap/vendor/openldap-2.3.35/libraries/libldap/txn.c
openldap/vendor/openldap-2.3.35/libraries/libldap/unbind.c
openldap/vendor/openldap-2.3.35/libraries/libldap/url.c
openldap/vendor/openldap-2.3.35/libraries/libldap/utf-8-conv.c
openldap/vendor/openldap-2.3.35/libraries/libldap/utf-8.c
openldap/vendor/openldap-2.3.35/libraries/libldap/util-int.c
openldap/vendor/openldap-2.3.35/libraries/libldap/vlvctrl.c
openldap/vendor/openldap-2.3.35/libraries/libldap/whoami.c
openldap/vendor/openldap-2.3.35/libraries/libldap_r/
openldap/vendor/openldap-2.3.35/libraries/libldap_r/Makefile.in
openldap/vendor/openldap-2.3.35/libraries/libldap_r/ldap_thr_debug.h
openldap/vendor/openldap-2.3.35/libraries/libldap_r/rdwr.c
openldap/vendor/openldap-2.3.35/libraries/libldap_r/rq.c
openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_cthreads.c
openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_debug.c
openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_lwp.c
openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_nt.c
openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_posix.c
openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_pth.c
openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_stub.c
openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_thr.c
openldap/vendor/openldap-2.3.35/libraries/libldap_r/threads.c
openldap/vendor/openldap-2.3.35/libraries/libldap_r/tpool.c
openldap/vendor/openldap-2.3.35/libraries/liblunicode/
openldap/vendor/openldap-2.3.35/libraries/liblunicode/CompositionExclusions.txt
openldap/vendor/openldap-2.3.35/libraries/liblunicode/Makefile.in
openldap/vendor/openldap-2.3.35/libraries/liblunicode/UCD-Terms
openldap/vendor/openldap-2.3.35/libraries/liblunicode/UnicodeData.txt
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/MUTTUCData.txt
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/README
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/api.txt
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/bidiapi.txt
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/format.txt
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucdata.c
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucdata.h
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucdata.man
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucgendat.c
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucpgba.c
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucpgba.h
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucpgba.man
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/uctable.h
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucstr.c
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/README
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/ure.c
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/ure.h
openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/urestubs.c
openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/
openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/README
openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/utbm.c
openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/utbm.h
openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/utbmstub.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/
openldap/vendor/openldap-2.3.35/libraries/liblutil/Makefile.in
openldap/vendor/openldap-2.3.35/libraries/liblutil/avl.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/base64.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/csn.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/detach.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/entropy.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/fetch.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/getopt.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/getpass.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/getpeereid.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/hash.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/ldif.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/lockf.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/md5.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/memcmp.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/ntservice.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/passfile.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/passwd.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/ptest.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/sasl.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/setproctitle.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/sha1.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/signal.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/slapdmsg.bin
openldap/vendor/openldap-2.3.35/libraries/liblutil/slapdmsg.h
openldap/vendor/openldap-2.3.35/libraries/liblutil/slapdmsg.mc
openldap/vendor/openldap-2.3.35/libraries/liblutil/slapdmsg.rc
openldap/vendor/openldap-2.3.35/libraries/liblutil/sockpair.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/tavl.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/testavl.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/utils.c
openldap/vendor/openldap-2.3.35/libraries/liblutil/uuid.c
openldap/vendor/openldap-2.3.35/libraries/librewrite/
openldap/vendor/openldap-2.3.35/libraries/librewrite/Copyright
openldap/vendor/openldap-2.3.35/libraries/librewrite/Makefile.in
openldap/vendor/openldap-2.3.35/libraries/librewrite/RATIONALE
openldap/vendor/openldap-2.3.35/libraries/librewrite/config.c
openldap/vendor/openldap-2.3.35/libraries/librewrite/context.c
openldap/vendor/openldap-2.3.35/libraries/librewrite/info.c
openldap/vendor/openldap-2.3.35/libraries/librewrite/ldapmap.c
openldap/vendor/openldap-2.3.35/libraries/librewrite/map.c
openldap/vendor/openldap-2.3.35/libraries/librewrite/params.c
openldap/vendor/openldap-2.3.35/libraries/librewrite/parse.c
openldap/vendor/openldap-2.3.35/libraries/librewrite/rewrite-int.h
openldap/vendor/openldap-2.3.35/libraries/librewrite/rewrite-map.h
openldap/vendor/openldap-2.3.35/libraries/librewrite/rewrite.c
openldap/vendor/openldap-2.3.35/libraries/librewrite/rule.c
openldap/vendor/openldap-2.3.35/libraries/librewrite/session.c
openldap/vendor/openldap-2.3.35/libraries/librewrite/subst.c
openldap/vendor/openldap-2.3.35/libraries/librewrite/var.c
openldap/vendor/openldap-2.3.35/libraries/librewrite/xmap.c
openldap/vendor/openldap-2.3.35/servers/
openldap/vendor/openldap-2.3.35/servers/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/
openldap/vendor/openldap-2.3.35/servers/slapd/DB_CONFIG
openldap/vendor/openldap-2.3.35/servers/slapd/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/abandon.c
openldap/vendor/openldap-2.3.35/servers/slapd/aci.c
openldap/vendor/openldap-2.3.35/servers/slapd/acl.c
openldap/vendor/openldap-2.3.35/servers/slapd/aclparse.c
openldap/vendor/openldap-2.3.35/servers/slapd/ad.c
openldap/vendor/openldap-2.3.35/servers/slapd/add.c
openldap/vendor/openldap-2.3.35/servers/slapd/alock.c
openldap/vendor/openldap-2.3.35/servers/slapd/alock.h
openldap/vendor/openldap-2.3.35/servers/slapd/at.c
openldap/vendor/openldap-2.3.35/servers/slapd/attr.c
openldap/vendor/openldap-2.3.35/servers/slapd/ava.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/add.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/attr.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/back-bdb.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/bind.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/cache.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/compare.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/config.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/dbcache.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/delete.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/dn2entry.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/dn2id.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/error.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/extended.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/filterindex.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/id2entry.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/idl.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/idl.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/index.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/init.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/key.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/modify.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/modrdn.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/nextid.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/operational.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/proto-bdb.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/referral.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/search.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/tools.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/trans.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/
openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/bind.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/compare.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/config.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/init.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/proto-dnssrv.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/referral.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/search.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-hdb/
openldap/vendor/openldap-2.3.35/servers/slapd/back-hdb/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/back-hdb/back-bdb.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/TODO.proxy
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/add.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/back-ldap.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/bind.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/chain.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/compare.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/config.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/delete.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/extended.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/init.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/modify.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/modrdn.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/proto-ldap.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/search.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/unbind.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/add.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/alias.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/attr.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/back-ldbm.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/bind.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/cache.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/close.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/compare.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/config.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/dbcache.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/delete.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/dn2id.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/entry.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/extended.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/filterindex.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/id2children.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/id2entry.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/idl.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/index.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/init.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/key.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/ldbm.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/ldbm.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/modify.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/modrdn.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/nextid.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/operational.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/proto-back-ldbm.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/referral.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/search.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/tools.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldif/
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldif/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/back-ldif/ldif.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/add.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/back-meta.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/bind.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/candidates.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/compare.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/config.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/conn.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/delete.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/dncache.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/init.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/map.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/modify.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/modrdn.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/proto-meta.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/search.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/suffixmassage.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/unbind.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/README
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/back-monitor.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/backend.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/bind.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/cache.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/compare.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/conn.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/database.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/entry.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/init.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/listener.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/log.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/modify.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/operation.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/operational.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/overlay.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/proto-back-monitor.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/rww.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/search.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/sent.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/thread.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/time.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-null/
openldap/vendor/openldap-2.3.35/servers/slapd/back-null/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/back-null/README
openldap/vendor/openldap-2.3.35/servers/slapd/back-null/null.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/
openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/back-passwd.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/config.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/init.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/proto-passwd.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/search.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/README
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/SampleLDAP.pm
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/add.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/asperl_undefs.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/bind.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/close.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/compare.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/config.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/delete.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/init.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/modify.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/modrdn.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/perl_back.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/proto-perl.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/search.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/
openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/README
openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/back-relay.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/config.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/init.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/op.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/proto-back-relay.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/add.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/bind.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/compare.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/config.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/delete.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/fork.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/init.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/modify.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/modrdn.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/proto-shell.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/result.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/search.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/searchexample.conf
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/searchexample.sh
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/shell.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/unbind.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/add.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/api.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/back-sql.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/bind.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/compare.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/config.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/delete.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/bugs
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/concept
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/install
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/platforms
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/todo
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/entry-id.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/init.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/modify.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/modrdn.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/operational.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/proto-sql.h
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/README
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/backsql_create.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/backsql_drop.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/slapd.conf
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_create.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_data.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_drop.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_metadata.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/backsql_create.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/backsql_drop.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/slapd.conf
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_create.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_data.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_drop.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_metadata.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/backsql_create.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/backsql_drop.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/slapd.conf
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_create.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_data.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_drop.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_metadata.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/backsql_create.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/backsql_drop.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/slapd.conf
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_create.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_data.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_drop.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_metadata.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_create.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_drop.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/slapd.conf
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_create.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_data.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_drop.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_metadata.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/backsql_create.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/backsql_drop.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/create_schema.sh
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/slapd.conf
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_create.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_data.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_drop.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_metadata.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/ttcreate_schema.sh
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_create.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_data.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_drop.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_metadata.sql
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/schema-map.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/search.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/sql-wrap.c
openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/util.c
openldap/vendor/openldap-2.3.35/servers/slapd/backend.c
openldap/vendor/openldap-2.3.35/servers/slapd/backglue.c
openldap/vendor/openldap-2.3.35/servers/slapd/backover.c
openldap/vendor/openldap-2.3.35/servers/slapd/bconfig.c
openldap/vendor/openldap-2.3.35/servers/slapd/bind.c
openldap/vendor/openldap-2.3.35/servers/slapd/cancel.c
openldap/vendor/openldap-2.3.35/servers/slapd/ch_malloc.c
openldap/vendor/openldap-2.3.35/servers/slapd/compare.c
openldap/vendor/openldap-2.3.35/servers/slapd/component.c
openldap/vendor/openldap-2.3.35/servers/slapd/component.h
openldap/vendor/openldap-2.3.35/servers/slapd/config.c
openldap/vendor/openldap-2.3.35/servers/slapd/config.h
openldap/vendor/openldap-2.3.35/servers/slapd/connection.c
openldap/vendor/openldap-2.3.35/servers/slapd/controls.c
openldap/vendor/openldap-2.3.35/servers/slapd/cr.c
openldap/vendor/openldap-2.3.35/servers/slapd/ctxcsn.c
openldap/vendor/openldap-2.3.35/servers/slapd/daemon.c
openldap/vendor/openldap-2.3.35/servers/slapd/delete.c
openldap/vendor/openldap-2.3.35/servers/slapd/dn.c
openldap/vendor/openldap-2.3.35/servers/slapd/entry.c
openldap/vendor/openldap-2.3.35/servers/slapd/extended.c
openldap/vendor/openldap-2.3.35/servers/slapd/filter.c
openldap/vendor/openldap-2.3.35/servers/slapd/filterentry.c
openldap/vendor/openldap-2.3.35/servers/slapd/frontend.c
openldap/vendor/openldap-2.3.35/servers/slapd/globals.c
openldap/vendor/openldap-2.3.35/servers/slapd/index.c
openldap/vendor/openldap-2.3.35/servers/slapd/init.c
openldap/vendor/openldap-2.3.35/servers/slapd/kerberos.c
openldap/vendor/openldap-2.3.35/servers/slapd/ldapsync.c
openldap/vendor/openldap-2.3.35/servers/slapd/limits.c
openldap/vendor/openldap-2.3.35/servers/slapd/lock.c
openldap/vendor/openldap-2.3.35/servers/slapd/main.c
openldap/vendor/openldap-2.3.35/servers/slapd/matchedValues.c
openldap/vendor/openldap-2.3.35/servers/slapd/modify.c
openldap/vendor/openldap-2.3.35/servers/slapd/modrdn.c
openldap/vendor/openldap-2.3.35/servers/slapd/mods.c
openldap/vendor/openldap-2.3.35/servers/slapd/module.c
openldap/vendor/openldap-2.3.35/servers/slapd/mr.c
openldap/vendor/openldap-2.3.35/servers/slapd/mra.c
openldap/vendor/openldap-2.3.35/servers/slapd/nt_svc.c
openldap/vendor/openldap-2.3.35/servers/slapd/oc.c
openldap/vendor/openldap-2.3.35/servers/slapd/oidm.c
openldap/vendor/openldap-2.3.35/servers/slapd/operation.c
openldap/vendor/openldap-2.3.35/servers/slapd/operational.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/README
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/accesslog.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/auditlog.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/collect.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/denyop.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/dyngroup.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/dynlist.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/lastmod.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/overlays.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/pcache.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/ppolicy.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/refint.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/retcode.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwm.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwm.h
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwmconf.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwmdn.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwmmap.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/seqmod.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/slapover.txt
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/syncprov.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/translucent.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/unique.c
openldap/vendor/openldap-2.3.35/servers/slapd/overlays/valsort.c
openldap/vendor/openldap-2.3.35/servers/slapd/passwd.c
openldap/vendor/openldap-2.3.35/servers/slapd/phonetic.c
openldap/vendor/openldap-2.3.35/servers/slapd/proto-slap.h
openldap/vendor/openldap-2.3.35/servers/slapd/referral.c
openldap/vendor/openldap-2.3.35/servers/slapd/repl.c
openldap/vendor/openldap-2.3.35/servers/slapd/result.c
openldap/vendor/openldap-2.3.35/servers/slapd/root_dse.c
openldap/vendor/openldap-2.3.35/servers/slapd/sasl.c
openldap/vendor/openldap-2.3.35/servers/slapd/saslauthz.c
openldap/vendor/openldap-2.3.35/servers/slapd/schema.c
openldap/vendor/openldap-2.3.35/servers/slapd/schema/
openldap/vendor/openldap-2.3.35/servers/slapd/schema/README
openldap/vendor/openldap-2.3.35/servers/slapd/schema/corba.schema
openldap/vendor/openldap-2.3.35/servers/slapd/schema/core.ldif
openldap/vendor/openldap-2.3.35/servers/slapd/schema/core.schema
openldap/vendor/openldap-2.3.35/servers/slapd/schema/cosine.schema
openldap/vendor/openldap-2.3.35/servers/slapd/schema/dyngroup.schema
openldap/vendor/openldap-2.3.35/servers/slapd/schema/inetorgperson.schema
openldap/vendor/openldap-2.3.35/servers/slapd/schema/java.schema
openldap/vendor/openldap-2.3.35/servers/slapd/schema/misc.schema
openldap/vendor/openldap-2.3.35/servers/slapd/schema/nis.schema
openldap/vendor/openldap-2.3.35/servers/slapd/schema/openldap.ldif
openldap/vendor/openldap-2.3.35/servers/slapd/schema/openldap.schema
openldap/vendor/openldap-2.3.35/servers/slapd/schema/ppolicy.schema
openldap/vendor/openldap-2.3.35/servers/slapd/schema_check.c
openldap/vendor/openldap-2.3.35/servers/slapd/schema_init.c
openldap/vendor/openldap-2.3.35/servers/slapd/schema_prep.c
openldap/vendor/openldap-2.3.35/servers/slapd/schemaparse.c
openldap/vendor/openldap-2.3.35/servers/slapd/search.c
openldap/vendor/openldap-2.3.35/servers/slapd/sets.c
openldap/vendor/openldap-2.3.35/servers/slapd/sets.h
openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/
openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/passwd-shell.c
openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/shellutil.c
openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/shellutil.h
openldap/vendor/openldap-2.3.35/servers/slapd/sl_malloc.c
openldap/vendor/openldap-2.3.35/servers/slapd/slap.h
openldap/vendor/openldap-2.3.35/servers/slapd/slapacl.c
openldap/vendor/openldap-2.3.35/servers/slapd/slapadd.c
openldap/vendor/openldap-2.3.35/servers/slapd/slapauth.c
openldap/vendor/openldap-2.3.35/servers/slapd/slapcat.c
openldap/vendor/openldap-2.3.35/servers/slapd/slapcommon.c
openldap/vendor/openldap-2.3.35/servers/slapd/slapcommon.h
openldap/vendor/openldap-2.3.35/servers/slapd/slapd.conf
openldap/vendor/openldap-2.3.35/servers/slapd/slapdn.c
openldap/vendor/openldap-2.3.35/servers/slapd/slapi/
openldap/vendor/openldap-2.3.35/servers/slapd/slapi/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slapd/slapi/TODO
openldap/vendor/openldap-2.3.35/servers/slapd/slapi/plugin.c
openldap/vendor/openldap-2.3.35/servers/slapd/slapi/printmsg.c
openldap/vendor/openldap-2.3.35/servers/slapd/slapi/proto-slapi.h
openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi.h
openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_dn.c
openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_ext.c
openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_ops.c
openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_overlay.c
openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_pblock.c
openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_utils.c
openldap/vendor/openldap-2.3.35/servers/slapd/slapindex.c
openldap/vendor/openldap-2.3.35/servers/slapd/slappasswd.c
openldap/vendor/openldap-2.3.35/servers/slapd/slaptest.c
openldap/vendor/openldap-2.3.35/servers/slapd/starttls.c
openldap/vendor/openldap-2.3.35/servers/slapd/str2filter.c
openldap/vendor/openldap-2.3.35/servers/slapd/syncrepl.c
openldap/vendor/openldap-2.3.35/servers/slapd/syntax.c
openldap/vendor/openldap-2.3.35/servers/slapd/unbind.c
openldap/vendor/openldap-2.3.35/servers/slapd/user.c
openldap/vendor/openldap-2.3.35/servers/slapd/value.c
openldap/vendor/openldap-2.3.35/servers/slapd/zn_malloc.c
openldap/vendor/openldap-2.3.35/servers/slurpd/
openldap/vendor/openldap-2.3.35/servers/slurpd/DESIGN
openldap/vendor/openldap-2.3.35/servers/slurpd/Makefile.in
openldap/vendor/openldap-2.3.35/servers/slurpd/NOTES
openldap/vendor/openldap-2.3.35/servers/slurpd/admin.c
openldap/vendor/openldap-2.3.35/servers/slurpd/args.c
openldap/vendor/openldap-2.3.35/servers/slurpd/ch_malloc.c
openldap/vendor/openldap-2.3.35/servers/slurpd/config.c
openldap/vendor/openldap-2.3.35/servers/slurpd/fm.c
openldap/vendor/openldap-2.3.35/servers/slurpd/globals.c
openldap/vendor/openldap-2.3.35/servers/slurpd/globals.h
openldap/vendor/openldap-2.3.35/servers/slurpd/ldap_op.c
openldap/vendor/openldap-2.3.35/servers/slurpd/lock.c
openldap/vendor/openldap-2.3.35/servers/slurpd/main.c
openldap/vendor/openldap-2.3.35/servers/slurpd/nt_svc.c
openldap/vendor/openldap-2.3.35/servers/slurpd/proto-slurp.h
openldap/vendor/openldap-2.3.35/servers/slurpd/re.c
openldap/vendor/openldap-2.3.35/servers/slurpd/reject.c
openldap/vendor/openldap-2.3.35/servers/slurpd/replica.c
openldap/vendor/openldap-2.3.35/servers/slurpd/replog.c
openldap/vendor/openldap-2.3.35/servers/slurpd/ri.c
openldap/vendor/openldap-2.3.35/servers/slurpd/rq.c
openldap/vendor/openldap-2.3.35/servers/slurpd/sanity.c
openldap/vendor/openldap-2.3.35/servers/slurpd/slurp.h
openldap/vendor/openldap-2.3.35/servers/slurpd/st.c
openldap/vendor/openldap-2.3.35/tests/
openldap/vendor/openldap-2.3.35/tests/Makefile.in
openldap/vendor/openldap-2.3.35/tests/README
openldap/vendor/openldap-2.3.35/tests/data/
openldap/vendor/openldap-2.3.35/tests/data/aci.out
openldap/vendor/openldap-2.3.35/tests/data/acl.out.master
openldap/vendor/openldap-2.3.35/tests/data/certificate.out
openldap/vendor/openldap-2.3.35/tests/data/certificate.tls
openldap/vendor/openldap-2.3.35/tests/data/chain.out
openldap/vendor/openldap-2.3.35/tests/data/chainmod.out
openldap/vendor/openldap-2.3.35/tests/data/chainref.out
openldap/vendor/openldap-2.3.35/tests/data/compsearch.out
openldap/vendor/openldap-2.3.35/tests/data/ditcontentrules.conf
openldap/vendor/openldap-2.3.35/tests/data/dn.out
openldap/vendor/openldap-2.3.35/tests/data/do_add.1
openldap/vendor/openldap-2.3.35/tests/data/do_add.2
openldap/vendor/openldap-2.3.35/tests/data/do_add.3
openldap/vendor/openldap-2.3.35/tests/data/do_add.4
openldap/vendor/openldap-2.3.35/tests/data/do_modify.0
openldap/vendor/openldap-2.3.35/tests/data/do_modrdn.0
openldap/vendor/openldap-2.3.35/tests/data/do_read.0
openldap/vendor/openldap-2.3.35/tests/data/do_search.0
openldap/vendor/openldap-2.3.35/tests/data/dynlist.out
openldap/vendor/openldap-2.3.35/tests/data/emptydn.out
openldap/vendor/openldap-2.3.35/tests/data/emptydn.out.slapadd
openldap/vendor/openldap-2.3.35/tests/data/gluesync.out
openldap/vendor/openldap-2.3.35/tests/data/idassert.out
openldap/vendor/openldap-2.3.35/tests/data/lang-out.ldif
openldap/vendor/openldap-2.3.35/tests/data/ldapglue.out
openldap/vendor/openldap-2.3.35/tests/data/ldapglueanonymous.out
openldap/vendor/openldap-2.3.35/tests/data/manage.out
openldap/vendor/openldap-2.3.35/tests/data/meta.out
openldap/vendor/openldap-2.3.35/tests/data/metaconcurrency.out
openldap/vendor/openldap-2.3.35/tests/data/modify.out.master
openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.0
openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.1
openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.2
openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.3
openldap/vendor/openldap-2.3.35/tests/data/nis_sample.ldif
openldap/vendor/openldap-2.3.35/tests/data/passwd.ldif
openldap/vendor/openldap-2.3.35/tests/data/ppolicy.ldif
openldap/vendor/openldap-2.3.35/tests/data/proxycache.out
openldap/vendor/openldap-2.3.35/tests/data/referrals.ldif
openldap/vendor/openldap-2.3.35/tests/data/referrals.out
openldap/vendor/openldap-2.3.35/tests/data/relay.out
openldap/vendor/openldap-2.3.35/tests/data/retcode.conf
openldap/vendor/openldap-2.3.35/tests/data/rootdse.ldif
openldap/vendor/openldap-2.3.35/tests/data/search.out.master
openldap/vendor/openldap-2.3.35/tests/data/search.out.xsearch
openldap/vendor/openldap-2.3.35/tests/data/slapd-aci.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-acl.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-cache-master.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-chain1.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-chain2.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-component.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-deltasync-master.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-deltasync-slave.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-dn.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-dnssrv.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-dynlist.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-emptydn.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-glue-ldap.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-glue-syncrepl1.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-glue-syncrepl2.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-glue.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-idassert.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-ldapglue.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-ldapgluegroups.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-ldapgluepeople.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-limits.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-master.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-meta.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-meta2.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-nis-master.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-passwd.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-ppolicy.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-proxycache.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-pw.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-ref-slave.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-referrals.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-refint.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-relay.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-repl-master.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-repl-slave.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-retcode.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-schema.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-sql-syncrepl-master.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-sql.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-master.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-persist1.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-persist2.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-persist3.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-refresh1.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-refresh2.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-translucent-local.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-translucent-remote.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-unique.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-valsort.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd-whoami.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd.conf
openldap/vendor/openldap-2.3.35/tests/data/slapd2.conf
openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/
openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.1
openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.2
openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.3
openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.4
openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_modrdn.0
openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_read.0
openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_search.0
openldap/vendor/openldap-2.3.35/tests/data/sql-read.out
openldap/vendor/openldap-2.3.35/tests/data/sql-write.out
openldap/vendor/openldap-2.3.35/tests/data/subtree-rename.out
openldap/vendor/openldap-2.3.35/tests/data/test-chain1.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-chain2.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-compmatch.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-dn.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-emptydn1.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-emptydn2.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-glued.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-idassert1.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-idassert2.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-lang.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-ldapglue.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-ldapgluegroups.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-ldapgluepeople.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-limits.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-meta.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-ordered-cp.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-ordered-nocp.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-ordered.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-refint.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-translucent-add.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-translucent-config.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-translucent-data.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-translucent-merged.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-unique.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-valsort.ldif
openldap/vendor/openldap-2.3.35/tests/data/test-whoami.ldif
openldap/vendor/openldap-2.3.35/tests/data/test.ldif
openldap/vendor/openldap-2.3.35/tests/data/test.schema
openldap/vendor/openldap-2.3.35/tests/data/valsort1.out
openldap/vendor/openldap-2.3.35/tests/data/valsort2.out
openldap/vendor/openldap-2.3.35/tests/data/valsort3.out
openldap/vendor/openldap-2.3.35/tests/progs/
openldap/vendor/openldap-2.3.35/tests/progs/Makefile.in
openldap/vendor/openldap-2.3.35/tests/progs/slapd-addel.c
openldap/vendor/openldap-2.3.35/tests/progs/slapd-bind.c
openldap/vendor/openldap-2.3.35/tests/progs/slapd-modify.c
openldap/vendor/openldap-2.3.35/tests/progs/slapd-modrdn.c
openldap/vendor/openldap-2.3.35/tests/progs/slapd-read.c
openldap/vendor/openldap-2.3.35/tests/progs/slapd-search.c
openldap/vendor/openldap-2.3.35/tests/progs/slapd-tester.c
openldap/vendor/openldap-2.3.35/tests/run.in
openldap/vendor/openldap-2.3.35/tests/scripts/
openldap/vendor/openldap-2.3.35/tests/scripts/acfilter.sh
openldap/vendor/openldap-2.3.35/tests/scripts/all
openldap/vendor/openldap-2.3.35/tests/scripts/conf.sh
openldap/vendor/openldap-2.3.35/tests/scripts/defines.sh
openldap/vendor/openldap-2.3.35/tests/scripts/passwd-search
openldap/vendor/openldap-2.3.35/tests/scripts/relay
openldap/vendor/openldap-2.3.35/tests/scripts/sql-all
openldap/vendor/openldap-2.3.35/tests/scripts/sql-test000-read
openldap/vendor/openldap-2.3.35/tests/scripts/sql-test001-concurrency
openldap/vendor/openldap-2.3.35/tests/scripts/sql-test900-write
openldap/vendor/openldap-2.3.35/tests/scripts/sql-test901-syncrepl
openldap/vendor/openldap-2.3.35/tests/scripts/start-server
openldap/vendor/openldap-2.3.35/tests/scripts/start-server-nolog
openldap/vendor/openldap-2.3.35/tests/scripts/start-server2
openldap/vendor/openldap-2.3.35/tests/scripts/start-server2-nolog
openldap/vendor/openldap-2.3.35/tests/scripts/startup_nis_ldap_server.sh
openldap/vendor/openldap-2.3.35/tests/scripts/test000-rootdse
openldap/vendor/openldap-2.3.35/tests/scripts/test001-slapadd
openldap/vendor/openldap-2.3.35/tests/scripts/test002-populate
openldap/vendor/openldap-2.3.35/tests/scripts/test003-search
openldap/vendor/openldap-2.3.35/tests/scripts/test004-modify
openldap/vendor/openldap-2.3.35/tests/scripts/test005-modrdn
openldap/vendor/openldap-2.3.35/tests/scripts/test006-acls
openldap/vendor/openldap-2.3.35/tests/scripts/test007-replication
openldap/vendor/openldap-2.3.35/tests/scripts/test008-concurrency
openldap/vendor/openldap-2.3.35/tests/scripts/test009-referral
openldap/vendor/openldap-2.3.35/tests/scripts/test010-passwd
openldap/vendor/openldap-2.3.35/tests/scripts/test011-glue-slapadd
openldap/vendor/openldap-2.3.35/tests/scripts/test012-glue-populate
openldap/vendor/openldap-2.3.35/tests/scripts/test013-language
openldap/vendor/openldap-2.3.35/tests/scripts/test014-whoami
openldap/vendor/openldap-2.3.35/tests/scripts/test015-xsearch
openldap/vendor/openldap-2.3.35/tests/scripts/test016-subref
openldap/vendor/openldap-2.3.35/tests/scripts/test017-syncreplication-refresh
openldap/vendor/openldap-2.3.35/tests/scripts/test018-syncreplication-persist
openldap/vendor/openldap-2.3.35/tests/scripts/test019-syncreplication-cascade
openldap/vendor/openldap-2.3.35/tests/scripts/test020-proxycache
openldap/vendor/openldap-2.3.35/tests/scripts/test021-certificate
openldap/vendor/openldap-2.3.35/tests/scripts/test022-ppolicy
openldap/vendor/openldap-2.3.35/tests/scripts/test023-refint
openldap/vendor/openldap-2.3.35/tests/scripts/test024-unique
openldap/vendor/openldap-2.3.35/tests/scripts/test025-limits
openldap/vendor/openldap-2.3.35/tests/scripts/test026-dn
openldap/vendor/openldap-2.3.35/tests/scripts/test027-emptydn
openldap/vendor/openldap-2.3.35/tests/scripts/test028-idassert
openldap/vendor/openldap-2.3.35/tests/scripts/test029-ldapglue
openldap/vendor/openldap-2.3.35/tests/scripts/test030-relay
openldap/vendor/openldap-2.3.35/tests/scripts/test031-component-filter
openldap/vendor/openldap-2.3.35/tests/scripts/test032-chain
openldap/vendor/openldap-2.3.35/tests/scripts/test033-glue-syncrepl
openldap/vendor/openldap-2.3.35/tests/scripts/test034-translucent
openldap/vendor/openldap-2.3.35/tests/scripts/test035-meta
openldap/vendor/openldap-2.3.35/tests/scripts/test036-meta-concurrency
openldap/vendor/openldap-2.3.35/tests/scripts/test037-manage
openldap/vendor/openldap-2.3.35/tests/scripts/test038-retcode
openldap/vendor/openldap-2.3.35/tests/scripts/test039-glue-ldap-concurrency
openldap/vendor/openldap-2.3.35/tests/scripts/test040-subtree-rename
openldap/vendor/openldap-2.3.35/tests/scripts/test041-aci
openldap/vendor/openldap-2.3.35/tests/scripts/test042-valsort
openldap/vendor/openldap-2.3.35/tests/scripts/test043-delta-syncrepl
openldap/vendor/openldap-2.3.35/tests/scripts/test044-dynlist
Log:
Import upstream 2.3.35 release.
Added: openldap/vendor/openldap-2.3.35/ANNOUNCEMENT
===================================================================
--- openldap/vendor/openldap-2.3.35/ANNOUNCEMENT (rev 0)
+++ openldap/vendor/openldap-2.3.35/ANNOUNCEMENT 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,104 @@
+A N N O U N C E M E N T -- OpenLDAP 2.3
+
+ The OpenLDAP Project is pleased to announce the availability
+ of OpenLDAP Software 2.3, a suite of the Lightweight Directory
+ Access Protocol (v3) servers, clients, utilities, and
+ development tools.
+
+ This release contains the following major enhancements:
+
+ * Slapd(8) enhancements
+ - Updated slapd "overlay" interface, and several
+ example (and mostly experimental) overlays.
+ - Updated LDAP "sync" Engine with replication support,
+ provider now an "overlay"
+ - Numerous access control enhancements, including
+ experimental "don't disclose on error" capability
+ - Configuration backend
+ * LDAPv3 extensions, including:
+ - LDAP Password Policy
+ - LDAP Component Matching (requires OpenLDAP snacc)
+ - LDAP Modify Increment
+
+ This release includes the following major components:
+
+ * slapd - a stand-alone LDAP directory server
+ * slurpd - a stand-alone LDAP replication server
+ * -lldap - a LDAP client library
+ * -llber - a lightweight BER/DER encoding/decoding library
+ * LDIF tools - data conversion tools for use with slapd
+ * LDAP tools - A collection of command line LDAP utilities
+ * Admin Guide, Manual Pages - associated documentation
+ * SNACC - ASN.1 development tools for OpenLDAP
+
+ In addition, there are some contributed components:
+
+ * LDAPC++ - a LDAP C++ SDK
+ * Various slapd modules and slapi plugins
+
+
+ACKNOWLEDGEMENTS
+
+ OpenLDAP Software is developed by the OpenLDAP Project. The
+ Project consists of a team of volunteers whose use the
+ Internet to coordinate their activities. The Project is
+ managed by the OpenLDAP Foundation.
+
+ OpenLDAP Software is derived from University of Michigan LDAP,
+ release 3.3.
+
+
+AVAILABILITY
+
+ This software is available under the OpenLDAP Public License,
+ an non-restrictive, "free", open-source license. For download
+ information is available at:
+
+ http://www.OpenLDAP.org/software/download/
+
+
+SUPPORT
+
+ OpenLDAP Software is user supported:
+
+ http://www.openldap.org/support/
+
+ The OpenLDAP Administrator's Guide, which includes quick
+ start instructions, is available at:
+
+ http://www.openldap.org/doc/admin/
+
+ The project maintains a FAQ which you may find useful:
+
+ http://www.openldap.org/faq/
+
+ In addition, there are also a number of discussion lists
+ related OpenLDAP Software. A list of mailing lists is
+ available at:
+
+ http://www.OpenLDAP.org/lists/
+
+ To report bugs, please use project's Issue Tracking System:
+
+ http://www.openldap.org/its/
+
+ The OpenLDAP home page containing lots of interesting information
+ and online documentation is available at this URL:
+
+ http://www.OpenLDAP.org/
+
+
+SUPPORTED PLATFORMS
+
+ This release has been ported to many UNIX (and UNIX-like)
+ platforms including Darwin, FreeBSD, Linux, NetBSD, OpenBSD
+ and most commercial UNIX systems. The release has also been
+ ported (in part or in whole) to other platforms including
+ Apple MacOS X, IBM zOS, and Microsoft Windows 2000.
+
+---
+OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+Copyright 1999-2007 The OpenLDAP Foundation, Redwood City,
+California, USA. All Rights Reserved. Permission to copy and
+distribute verbatim copies of this document is granted.
Added: openldap/vendor/openldap-2.3.35/CHANGES
===================================================================
--- openldap/vendor/openldap-2.3.35/CHANGES (rev 0)
+++ openldap/vendor/openldap-2.3.35/CHANGES 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,766 @@
+OpenLDAP 2.3 Change Log
+
+OpenLDAP 2.3.35 Release (2007/04/09)
+ Fixed ldapmodify to use correct memory free functions (ITS#4901)
+ Fixed slapd acl set minor typo (ITS#4874)
+ Fixed slapd entry consistency check in str2entry2 (ITS#4852)
+ Fixed slapd ldapi:// credential issue (ITS#4893)
+ Fixed slapd str2anlist handling of undefined attrs/OCs (ITS#4854)
+ Fixed slapd syncrepl delta-sync modlist free (ITS#4904)
+ Added slapd syncrepl retry logging (ITS#4915)
+ Fixed slapd zero-length IA5string handling (ITS#4823)
+ Fixed slapd-bdb/hdb startup with missing shm env (ITS#4851)
+ Fixed slapd-ldap/meta consistency in referral proxying (ITS#4861)
+ Fixed slapd-ldap bind cleanup in case of unauthorized idassert
+ Fixed slapd-meta search cleanup
+ Fixed slapd-meta/slapo-rwm filter mapping
+ Fixed slapd-sql subtree shortcut (ITS#4856)
+ Fixed slapo-dynlist crasher (ITS#4891)
+ Fixed slapo-refint config message (ITS#4853)
+ Fixed libldap time_t signedness (ITS#4872)
+ Fixed libldap_r tpool reset (ITS#4855,#4899)
+ Documentation
+ Misc Doc fixes (ITS#4863, ITS#4877, ITS#4885, ITS#4897)
+
+OpenLDAP 2.3.34 Release (2007/02/16)
+ Fixed libldap missing get_option(TLS CipherSuite) (ITS#4815)
+ Fixed ldapmodify printing error from ldap_result() (ITS#4812)
+ Fixed slapadd LDIF parsing (ITS#4817)
+ Fixed slapd libltdl link ordering (ITS#4830)
+ Fixed slapd syncrepl memory leaks (ITS#4805)
+ Fixed slapd dynacl/ACI compatibility with 2.1
+ Fixed slapd-bdb/hdb be_entry_get with aliases/referrals (ITS#4810)
+ Fixed slapd-ldap more response handling bugs (ITS#4782)
+ Fixed slapd-ldap C-API code tests (ITS#4808)
+ Fixed slapd-monitor NULL printf (ITS#4811)
+ Fixed slapo-chain spurious additional info in response (ITS#4828)
+ Fixed slapo-syncprov presence list (ITS#4813)
+ Fixed slapo-syncprov contextCSN checkpoint again (ITS#4720)
+ Added slapo-ppolicy cn=config support (ITS#4836)
+ Added slapo-auditlog cn=config support
+ Build environment
+ Added Berkeley DB 4.5 detection
+ Documentation
+ Note slapo-dynlist interaction with manageDSAit (ITS#4831)
+
+OpenLDAP 2.3.33 Release (2007/01/17)
+ Fixed slapd syncrepl error logging with delta-syncrepl
+ Fixed slapd-ldap/meta privileged conn caching (ITS#4547)
+ Fixed slapd-ldap chase-referrals switch (ITS#4557)
+ Fixed slapd-ldap bind behavior when idassert is always used (ITS#4781)
+ Fixed slapd-ldap response handling bugs (ITS#4782)
+ Fixed slapd-ldap idassert mode=self anonymous ops (ITS#4798)
+ Fixed slapd-ldap/meta privileged connections handling (ITS#4791)
+ Fixed slapd-meta retrying (ITS#4594, 4762)
+ Fixed slapo-chain referral DN use (ITS#4776)
+ Fixed slapo-dynlist dangling pointer after entry free (ITS#4801)
+ Fixed libldap ldap_pvt_put_filter syntax checks (ITS#4648)
+ Documentation
+ Fixed reference to deprecated stmt in slapacl(8) (ITS#4803)
+
+OpenLDAP 2.3.32 Release (2007/01/04)
+ Fixed slapd add redundant duplicate value check (ITS#4600)
+ Fixed slapd ACL set memleak (ITS#4780)
+ Fixed slapd syncrepl shutdown hang (ITS#4790)
+ Fixed slapd connection_get race condition on Windows (ITS#4793)
+ Fixed slapd values return filter control leak (ITS#4794)
+ Fixed slapd-sql Debug typo (ITS#4784)
+ Fixed slapo-rwm parameter handling (ITS#3971, 4458, 4638, 4689)
+ Documentation
+ Fixed reference to deprecated option in admin guide (ITS#4795)
+
+OpenLDAP 2.3.31 Release (2006/12/17)
+ Fixed libldap unchased referral leak (ITS#4545)
+ Fixed libldap tls callback (ITS#4723)
+ Fixed liblutil ldif file: URL parsing
+ Fixed slapd syncrepl logging (ITS#4755)
+ Fixed slapd group ACL caching when proxyAuthz'ing (ITS#4760)
+ Fixed slapd "group" authz default member parsing (ITS#4761)
+ Fixed slapd uninitialized sd_actives array (ITS#4765)
+ Fixed slapd DN parsing in bindconf_parse (ITS#4766)
+ Fixed slapd conditional in macro argument (ITS#4769)
+ Fixed slapd send_search_reference should propagate errors
+ Fixed slapd memleak on failed bind (ITS#4771)
+ Fixed slapd schema preparation case to match RFCs (ITS#4764)
+ Fixed slapd kbind buffer overflow condition (ITS#4775)
+ Fixed slapd connections_shutdown assert
+ Fixed slapd glue parent/sub db overlay nesting (ITS#4615)
+ Fixed slapd-bdb/hdb/ldbm slap_add_opattrs error checking
+ Fixed slapd-bdb/hdb setting up tool threads when no indices specified
+ Fixed slapd-perl interpreter context (ITS#4751)
+ Fixed slapo-syncprov to complain if defined outside of a database
+ Fixed test021 modify ops to be syntactically correct
+ Fixed contrib smbk5pwd, check kadm5 init result
+ Documentation
+ Fixed typo in slapo-retcode(5) man page (ITS#4753)
+ Fixed syncrepl searchbase note (ITS#4540)
+ Added syncrepl starttls in the admin guide (ITS#4510)
+ Fixed reference to deprecated function in ldap_parse_result(3)
+
+OpenLDAP 2.3.30 Release (2006/11/14)
+ Fixed slapd authzTo/authzFrom URL matching (ITS#4744)
+ Fixed slapd syncrepl consumer memory leaks (ITS#4746)
+ Fixed slapd-hdb livelock (ITS#4738)
+ Fixed slapo-ppolicy external quality check (ITS#4741)
+ Documentation
+ Fixed ldapsearch(1) man page acknowledgement (ITS#4743)
+
+OpenLDAP 2.3.29 Release (2006/11/10)
+ Fixed liblber/libldap error codes on Windows (ITS#4606)
+ Fixed libldap string length assert (ITS#4740)
+ Fixed liblunicode case mapping (ITS#4724)
+ Fixed slapd ldapi:// socket permissions (ITS#4709)
+ Fixed slapd c_writewaiters assert (ITS#4696,4736)
+ Fixed slapo-accesslog purge contextCSN bug (ITS#4704)
+ Fixed slapo-accesslog modify/replace bug (ITS#4728)
+ Fixed slapo-dynlist leaks (ITS#4664)
+ Fixed slapo-ppolicy leaks (ITS#4665)
+ Fixed slapo-syncprov deadlock (ITS#4720)
+ Build environment
+ Added selection of ODBC (ITS#4735)
+ Documentation
+ Fixed slapd-ldap/meta(5) rebind-as-user usage (ITS#4715)
+ Fixed slapd-ldap/meta(5) missing network-timeout (ITS#4718)
+
+OpenLDAP 2.3.28 Release (2006/10/21)
+ Fixed libldap ldap.conf max line length (ITS#4669)
+ Fixed libldap use keepalive for syncrepl (ITS#4708)
+ Fixed liblutil LDIF CR/LF parsing bug (ITS#4635)
+ Fixed librewrite LDAP map parsing bug
+ Fixed librewrite map double free bug
+ Added ldapsearch bad filter pattern check (ITS#4647)
+ Fixed slapd global access controls initialization (ITS#4654)
+ Fixed slapd setting c_sasl_bindop only on SASL binds
+ Fixed slapd max line length issue (ITS#4651)
+ Fixed slapd return code not being propagated (ITS#4565)
+ Fixed slapd integerBitAndMatch (ITS#4672)
+ Fixed slapd syncrepl modrdn new superior (ITS#4695)
+ Fixed slapd-ldap retry with idassert (ITS#4686)
+ Fixed slapd-meta DN massage error code handling (ITS#4711)
+ Fixed slapd-monitor locking with scope "subordinate" (ITS#4668)
+ Fixed slapd-perl deletes (ITS#2612)
+ Fixed slapd-perl backend initialization (ITS#4358)
+ Fixed slapd-perl finding interpreter inside a thread (ITS#4358)
+ Fixed slapo-ppolicy pwdChangedTime behavior (ITS#4692)
+ Fixed slapo-translucent ldapmodify crash (ITS#4673)
+ Documentation
+ Updated ldapsearch(1) options (ITS#4371,4526,4647)
+ Fixed slapd.access(5) non-optional dn= error (ITS#4522)
+
+OpenLDAP 2.3.27 Release (2006/08/19)
+ Fixed libldap dangling pointer issue (previous fix was broken) (ITS#4405)
+
+OpenLDAP 2.3.26 Release (2006/08/17)
+ Fixed libldap dnssrv bug with "not present" positive statement (ITS#4610)
+ Fixed libldap dangling pointer issue (ITS#4405)
+ Fixed slapd incorrect rebuilding of replica URI (ITS#4633)
+ Fixed slapd DN X.509 normalization crash (ITS#4644)
+ Fixed slapd-monitor operations order via callbacks (ITS#4631)
+ Fixed slapd-sql undefined filter handling (ITS#4604)
+ Fixed slapo-accesslog purge task during shutdown
+ Fixed slapo-ppolicy handling of default policy (ITS#4634)
+ Fixed slapo-ppolicy logging verbosity when using default policy
+ Fixed slapo-syncprov incomplete sync on restart issues (ITS#4622)
+
+OpenLDAP 2.3.25 Release (2006/08/01)
+ Fixed liblber ber_bvreplace_x argument checks
+ Add libldap_r TLS concurrency workaround (ITS#4583)
+ Fixed liblutil password length bug
+ Add slapd glue/subordinate conflict check (ITS#4614)
+ Fixed slapd acl selfwrite bug (ITS#4587)
+ Fixed slapd bconfig "require" and "none" handling (ITS#4574)
+ Fixed slapd bconfig segfault when ldapadding new schema entries
+ Fixed slapd syncrepl no rootdn bug (ITS#4582)
+ Fixed slapd syncrepl contextCSN issue (ITS#4622)
+ Fixed slapd-bdb/hdb lock bug with virtual root (ITS#4572)
+ Fixed slapd-bdb/hdb modrdn new entry disappearing bug (ITS#4616)
+ Fixed slapd-bdb/hdb cache job issue
+ Fixed slapo-syncprov need new CSN with delete syncID sets (ITS#4534)
+ Fixed slapo-syncprov startup when lastmod is off (ITS#4613)
+ Fixed slapo-accesslog cn=config purge bug (ITS#4595)
+ Fixes slapo-auditlog DB initialization
+ Fixed slapo-ppolicy password hashing bug (ITS#4575)
+ Fixed slapo-ppolicy password modify pwdMustChange reset bug (ITS#4576)
+ Fixed slapo-ppolicy control can be critical (ITS#4596)
+ Fixed slapo-retcode logical and bug
+ Fixed slapo-syncprov DEL propagation bug (ITS#4589)
+ Fixed slurpd ldaps:// default port bug (ITS#4580)
+ Build environment
+ Fix configure winsock.h detection for Cygwin (ITS#4621)
+ Fix configure GMP detection (ITS#4608)
+ Updated test006-acls to test selfwrite access (ITS#4587)
+ Documentation
+ Fixed ldapsearch(1) formatting (ITS#4619)
+ Updated slapd.conf(5) RFC references
+ Updated slapd.conf(5) lastmod discussion (ITS#4613)
+ Updated slapd.conf(5) "require" and "none" handling (ITS#4574)
+ Added slapd.conf(5) access control note to authz-regexp discussion
+ Updated slapo-syncprov(5) to clarify SyncProv and syncrepl diffs
+
+OpenLDAP 2.3.24 Release (2006/05/30)
+ Fixed slapd syncrepl timestamp bug (delta-sync/cascade) (ITS#4567)
+ Fixed slapd-bdb/hdb non-root users adding suffix/root entries (ITS#4552)
+ Re-fixed slapd-ldap improper free bug in exop (ITS#4550)
+ Fixed slapd-ldif assert bug (ITS#4568)
+ Fixed slapo-syncprov crash under glued database (ITS#4562)
+
+OpenLDAP 2.3.23 Release (2006/05/17)
+ Fixed slapd-ldap improper free bug (ITS#4550)
+
+OpenLDAP 2.3.22 Release (2006/05/15)
+ Fixed libldap referral input destroy issue (ITS#4533)
+ Fixed libldap ldap_sort_entries tail bug (ITS#4536)
+ Fixed libldap default connection concurrency issue (ITS#4541)
+ Fixed libldap_r thread debug missing break
+ Fixed libldap_r tpool cleanup
+ Fixed liblutil strtoul(3) usage (ITS#4503)
+ Fixed liblutil time resolution issue (ITS#4514)
+ Updated ldapdelete(1) to stdout bug (ITS#4453)
+ Updated ldapsearch(1) BASE output (ITS#4504)
+ Fixed slapd backglue issue (ITS#4529)
+ Fixed slapd cn=config (ITS#4512)
+ Fixed slapd cn=config ACL application fix
+ Fixed slapd cn=config olcLimits (ITS#4515)
+ Fixed slapd dynacl tgrant/tdeny initialization
+ Fixed slapd runqueue use of freed memory (ITS#4517)
+ Fixed slapd slap_send_ldap_result bug (ITS#4499)
+ Fixed slapd thread pool init issue (ITS#4513)
+ Added slapd syncrepl mandatory searchbase check
+ Fixed slapd-bdb/hdb pre/post-read freeing (ITS#4532)
+ Fixed slapd-bdb/hdb pre/post-read unavailable issue (ITS#4538)
+ Fixed slapd-bdb/hdb referral issue (ITS#4548)
+ Fixed slapd-hdb IDL sort issue (ITS#4531)
+ Fixed slapd-ldap proxyAuthz of bound identity/override (ITS#4497)
+ Fixed slapd-ldap/meta protocol version propagation (ITS#4488)
+ Fixed slapd-ldap fd cleanup (ITS#4474)
+ Fixed slapd-ldif deadlock (ITS#4500)
+ Fixed slapd-shell lutil_atoi issue (ITS#4495)
+ Fixed slapadd cn=config issue (ITS#4194)
+ Fixed slapo-accesslog log purging issue (ITS#4505)
+ Added slapo-accesslog reqOld feature
+ Fixed slapo-auditlog missing return codes
+ Fixed slapo-ppolicy BER tags issue (ITS#4528)
+ Fixed slapo-ppolicy rebind bug (ITS#4516)
+ Fixed slapo-refint delete prohibit issue (ITS#4442)
+ Fixed slapo-syncprov MODs cause DELs (ITS#4423)
+ Fixed slapo-syncprov/syncrepl sessionlog issue (ITS#4534)
+ Added slapo-syncprov extra logging
+ Fixed slapo-translucent modifications (ITS#4527)
+ Fixed slurpd potential overflow issue
+ Build Environment
+ Fixed OSF1 compilation problem (ITS#4537)
+ Fixed test020-proxycache disabled debug issue (ITS#4491)
+ Fixed test033-glue-syncrepl overlay detection (ITS#4544)
+ Documentation
+ Fixed slapd(8) logging header reference (ITS#4509)
+ Clarified slapd.conf(5) "disable bind_anon" feature
+
+OpenLDAP 2.3.21 Release (2006/04/08)
+ Fixed libldap referral chasing issue (ITS#4448)
+ Fixed libldap invalid free bug (ITS#4436)
+ Fixed libldap mutex leak (ITS#4441)
+ Fixed libldap_r thr_yield(2) return handling (ITS#4469)
+ Fixed slapd syncprov/glue interaction issue (ITS#4323, ITS#4417)
+ Fixed slapd operational attrs in presence of global overlays (ITS#4431)
+ Fixed slapd "threads" config value checking (ITS#4433)
+ Fixed slapd connection index bound check (ITS#4449)
+ Fixed slapd connection cleanup (ITS#4465)
+ Fixed slapd slap_realloc misuse (ITS#4477)
+ Fixed slapd size limit check when pagesize=1 (ITS#4479)
+ Fixed slapd-bdb/hdb cache issue (ITS#4439)
+ Fixed slapd-ldbm crash on modify bug (ITS#4464)
+ Fixed slapd-ldap potential bind deadlock (ITS#4409)
+ Fixed slapd-ldap/meta conn expiration concurrency (ITS#4429)
+ Fixed slapd-ldap failed bind connection trashing (ITS#4428)
+ Fixed slapd-ldap/meta chase-referrals disabling (ITS#4447)
+ Fixed slapd-ldap controls forwarding (ITS#4457)
+ Fixed slapd-ldap pretty DN in proxied requests (ITS#4456)
+ Fixed slapd-ldbm crash on modify bug (ITS#4464)
+ Fixed slapd-meta write error mapping (ITS#4419)
+ Removed lint
+ Build Environment
+ Added slapo-auditlog build support (ITS#4372)
+ Fixed multi-precision sizeof detection (ITS#4416)
+ Fixed liblunicode build (ITS#4435)
+ Updated libtool to version 1.5.22 (ITS#4471)
+ Updated shtool to version 2.0.5
+
+OpenLDAP 2.3.20 Release (2006/02/18)
+ Added libldap SASL workaround for broken LDAP servers (ITS#4391)
+ Fixed libldap/slapd valuesReturnFilter OID (ITS#4404)
+ Fixed slapd config_generic_wrapper missing parameter bug (ITS#4376)
+ Fixed slapd extensible filter value normalization bug (ITS#4380)
+ Fixed slapd context CSN not updating issue (ITS#4384)
+ Fixed slapd non-read/write epoll event handling (ITS#4395)
+ Fixed slapd syncrepl de-normalize UUID issue
+ Fixed slapd syncrepl dynamic reconfig issue (ITS#4401)
+ Added slapd syncrepl log messages (ITS#4369)
+ Added slapd permissive modify/increment support
+ Added slapd dynamically registered debug level support
+ Fixed slapd connectionless LDAP support
+ Fixed slapd cn=config error on create failure issue (ITS#4407)
+ Fixed slapd-bdb/hdb wake listener on runqueue submit (ITS#4385)
+ Fixed slapd-ldap/meta resources leaks on multiple binds (ITS#4387)
+ Fixed slapd-ldap/meta assert on connection shutdown (ITS#4390)
+ Added slapd-meta subtree-exclude feature
+ Fixed slapo-syncprov update latency issue (ITS#4385)
+ Fixed slapo-auditlog crash (ITS#4394)
+ Fixed slapo-accesslog unbind crash (ITS#4386)
+ Fixed slurpd reject error formating (ITS#4382)
+ Fixed ldappasswd unbind issue (ITS#4403)
+ Fixed slapo-pcache assert on attrsonly search (ITS#4406)
+ Added slapo-pcache max_queries enhancement (ITS#4225)
+ Added slapo-pcache negative caching enhancement
+ Build Environment
+ Fixed liblunicode cross compiling problem (ITS#4363)
+ Updated <netinet/tcp.h> detection for AIX (ITS#4312)
+ Updated multi-precision library detection
+ Documentation
+ Updated misc. manual pages
+
+OpenLDAP 2.3.19 Release (2006/01/25)
+ Fixed libldap disable DH key exchange with DH params (ITS#4354)
+ Fixed libldap_r thread pool destroy hang (ITS#4349,ITS#4368)
+ Fixed slapd slap_daemon destroy issue (ITS#4370)
+ Fixed slapd-hdb livelock issue (ITS#4360)
+ Fixed slapd-bdb/hdb auto-recovery issue (ITS#4361,ITS#4373)
+ Fixed slapd-bdb/hdb BDB 4.4 compatibility issues (ITS#4362)
+ Fixed slapo-ppolicy modify issue (ITS#4355)
+ Fixed slapo-syncprov/pcache filter dup issue (ITS#4364)
+ Fixed slapo-syncprov playlog nentries reset issue (ITS#4365)
+ Build environment
+ Fixed slaptools when --disable-debug (ITS#4351)
+ Fixed slapd(8) solaris select(2) issue (ITS#4357)
+
+OpenLDAP 2.3.18 Release (2006/01/17)
+ Fixed slapd syncrepl variable used before set bug (ITS#4331)
+ Updated slapd-meta retry capabilities (ITS#4328)
+ Fixed slapd-bdb slapcat autorecover bug (ITS#4324)
+ Fixed slapo-chain search limits (ITS#4336)
+ Fixed slapo-pcache attrsets issues (ITS#4316)
+ Fixed slapo-translucent connection destroy (ITS#4334)
+ Fixed slapd-config handling of attribute options (ITS#4339)
+ Fixed slapd-ldap idassert resource leak (ITS#4326)
+ Fixed slapd-meta nretries issue (ITS#4059)
+ Fixed slapd wake_listener loses wakes (ITS#4343)
+ Fixed slapd connection manager issue (ITS#4338)
+ Fixed slapd handling of old style configuration directives (ITS#4341)
+ Removed slapd-bdb/hdb extraneous yields (ITS#3950)
+ Build Environment
+ Removed problematic Linux sched_yield(2) workarounds (ITS#3950)
+ Documentation
+ Updated release documents
+ Updated misc. manual pages
+
+OpenLDAP 2.3.17 Release (2006/01/10)
+ Fixed slapd anonymous proxy authorization issue (ITS#4320)
+ Fixed slapd-ldap/meta session reuse issue (ITS#4315)
+ Fixed slapd-ldap idassert anon-to-anon issue (ITS#4321)
+ Fixed slapd-monitor thread issue (ITS#4318)
+ Build environment
+ Updated Linux sched_yield(2) workaround to use nanosleep(2) (ITS#3950)
+ Fixed configure report-to URL
+
+OpenLDAP 2.3.16 Release (2006/01/08)
+ Fixed slapd-bdb reindexing via cn=config not noticed issue (ITS#4260)
+ Fixed slapd-monitor connection search crash (ITS#4300)
+ Flapd slapd cn=config bad ACL syntax modify crash (ITS#4306)
+ Fixed slapd ACL/suffix configuration issue (ITS#4307)
+ Fixed slapd-bdb/hdb cache issue (ITS#4308)
+ Fixed slapd-bdb/hdb/ldbm suffix add with default referral issue (ITS#4310)
+ Fixed slapd-ldbm compare cache release issue (ITS#4313)
+ Fixed slapd syncrepl time/size limit parsing
+ Fixed slapi slapi_op_bind_callback fix (ITS#4311)
+ Fixed slapi pluginlog fix (ITS#4291)
+ Fixed ldapsearch response control handling issue
+ Build environment
+ Replace sched_yield(2) on Linux with select(2) (ITS#3950)
+ Documentation
+ Added slapd-bdb(5) cachefree description
+ Updated misc. manual pages
+
+OpenLDAP 2.3.15 Release (2006/01/04)
+ Fixed slapd strerror logging bug (ITS#4292)
+ Fixed slapd ACL add/delete fraction issue (ITS#4295)
+ Fixed slapd ACL users selfwrite issue (ITS#4299)
+ Fixed slapd attrs/objectclass replog issues (ITS#4298)
+ Fixed slapd-ldap password modify exop password return (ITS#4294)
+ Build environment
+ Disable test030-relay when threads are unavailable (ITS#4297)
+
+OpenLDAP 2.3.14 Release (2005/12/23)
+ Fixed slapd assertion control restrictions
+ Fixed slapd sc_prev update after free bug (ITS#4237)
+ Fixed slapd pid file creation (ITS#4241,4251)
+ Fixed slapd DEBUG dependency (ITS#4245)
+ Added slapd warning for excessive threads number (ITS#4249)
+ Fixed slapd passwd incomplete mod structure issue (ITS#4278)
+ Fixed slapd ACL exact attrval clause normalization (ITS#4255)
+ Fixed slapd modify/delete by ordered index issue
+ Fixed slapd strerror NULL bug (ITS#4285)
+ Fixed slapd-glue issues (ITS#4084,4133)
+ Fixed slapd-hdb idl Delete bug (ITS#4250)
+ Fixed slapd-hdb cache deadlock (ITS#4254)
+ Fixed slapd-bdb/hdb alock_close bug (ITS#4259)
+ Fixed slapd-bdb dn2id IDL cache bug (ITS#4263)
+ Fixed slapd-bdb/hdb mode argument parsing (ITS#4257)
+ Fixed slapd-bdb/hdb cn=config reindexing (ITS#4260)
+ Fixed slapd-bdb/hdb cn=config olcDbIndex modify/replace (ITS#4262)
+ Fixed slapd-bdb/hdb lockup issue (ITS#4184)
+ Fixed slapd-ldap anonymous identity assertion (ITS#4272)
+ Added slapd-ldap/meta idle-timeout support (ITS#4115)
+ Fixed slapd-meta bind-timeout handling
+ Fixed slapd-sql plug leak
+ Fixed slapo-dynlist/dyngroup nonexistant object return code (ITS#4224)
+ Updated slapo-dynlist (ITS#3756,3781)
+ Fixed slapo-rwm static DN free bug (ITS#4248)
+ Fixed slapo-syncprov unpublished control (ITS#4238)
+ Fixed slapo-syncprov message id issue
+ Fixed slapo-unique extraneous searches (ITS#4267)
+ Build environment
+ Fixed thread dependency of test028 (ITS#4141)
+ Updated test026-dn
+ Updated test033-glue-syncrepl (ITS#4264)
+ Documentation
+ Updated slapd.conf(5) and Admin Guide (ITS#4146,4266)
+ Updated slapo-dynlist(5) (ITS#4197)
+ Updated slapo-pcache(5) (ITS#4232)
+ Updated slapindex(8) (ITS#4242)
+
+OpenLDAP 2.3.13 Release (2005/11/30)
+ Fixed libldap/liblutil MSG_ACCRIGHTSLEN bug (ITS#4206)
+ Fixed libldap ldap_bv2escaped_filter_value issue (ITS#4212)
+ Fixed liblutil URL value-specs issue (ITS#4221)
+ Fixed slapd sizelimit disclose issue (ITS#4213)
+ Fixed slapd gentlehup write restrict issue (ITS#3717)
+ Fixed slapd gentlehup abnormal issue (ITS#4217)
+ Fixed slapd delta-sync subtree scope issue (ITS#4227)
+ Fixed slapd cn=config OID/name pollution issue (ITS#4185)
+ Fixed slapd cn=config rootdn issue (ITS#4192)
+ Fixed slapd cn=config slaptest -F without -f issue (ITS#4194)
+ Fixed slapd cn=config ACL issue (ITS#4218)
+ Fixed slapd-bdb negative results IDL cache issue (ITS#4223)
+ Fixed slapd-bdb cursor close issue (ITS#4226)
+ Fixed slapd-hdb slapadd -q issue (ITS#4210)
+ Fixed slapd-hdb missing results issue (ITS#4186)
+ Fixed slapd-ldap potential double free issue (ITS#4189)
+ Fixed slapd-meta matched DN issue (ITS#4195)
+ Fixed slapd-meta DN cache issue (ITS#4196)
+ Fixed slapd-monitor shadow issue (ITS#4214)
+ Fixed slapo-accesslog delta-syncrepl issue (ITS#4198)
+ Fixed slapo-accesslog cleanup issue (ITS#4209)
+ Fixed slapo-chain resource leak issue (ITS#4140)
+ Fixed slapo-chain identity assertion issue (ITS#4256)
+ Fixed slapo-pcache attrset check issue (ITS#4199)
+ Fixed slapd-bdb readonly dirty alock issue (ITS#4201)
+ Fixed slapd-pcache non-requested attributes issues (ITS#4203,4204)
+ Fixed slaptest -F -f success with unsupported issue (ITS#4220)
+ Build environment
+ Improved Berkeley DB detection (ITS#3809)
+ Updated DB_CONFIG example (ITS#4229)
+ Documentation
+ Updated ldif(5) to include change record description
+
+OpenLDAP 2.3.12 Release (2005/11/17)
+ Fixed libldap ldapi:// authdn construction
+ Added libldap ldap_bv2escaped_filter_value (ITS#2535)
+ Added libldap/slapd TLS DSA certificate support (ITS#4017)
+ Fixed libldap SASL bind issue (ITS#4158)
+ Fixed ldapmodrdn empty line handling (ITS#4101)
+ Fixed client tools additional info printing (ITS#4147)
+ Updated slapd ldaps:// not configured fix (ITS#4082,4083)
+ Fixed slapd connection crashes (ITS#4108)
+ Fixed slapd illegal S option bug (ITS#4119)
+ Fixed slapd cn=monitor log level mod issue (ITS#4091)
+ Fixed slapd cn=config bad access issue (ITS#4111)
+ Fixed slapd cn=config access modify issue (ITS#4127)
+ Fixed slapd cn=config init issue (ITS#4128)
+ Fixed slapd non-reentrant libwrap issue (ITS#4099)
+ Fixed slapd thread v. tools_threads settings
+ Fixed slapd spurious defer message (ITS#3850)
+ Fixed slapd attribute SYNTAX OIDM issue (ITS#4116)
+ Fixed slapd modify empty sequence bug (ITS#4183)
+ Fixed slapd-bdb uninitialized condition in tool mode (ITS#4143)
+ Fixed slapd-bdb empty suffix and syncprov issue (ITS#4171)
+ Fixed slapd-hdb syncrepl deadlock issue (ITS#4088)
+ Added slapd-ldap write op timeout support (ITS#4157)
+ Fixed slapd-ldap/slapo-chain matched dn handling (ITS#4176)
+ Fixed slapd-meta invalid DN attrs normalize/pretty issue (ITS#4107)
+ Fixed slapd-meta rootdn erroneous success issue (ITS#4122)
+ Fixed slapd-meta proxying bind result issue (ITS#4129)
+ Fixed slapd-meta/slapo-rwm rwm-mapping issue (ITS#4086)
+ Fixed slapd-meta per-target retry (ITS#4150)
+ Fixed slapd-meta size/time limit handling (ITS#4145)
+ Fixed slapd-sql size limit count (ITS#4181)
+ Fixed slapo-ppolicy pwdFailureTime after bind success issue (ITS#4134)
+ Fixed slapo-ppolicy add passord_hash quality config dependency
+ Fixed slapo-syncprov LDAP response types (ITS#4183)
+ Added slapd delta syncrepl support
+ Added slapadd thread support
+ Updated slapcat subordinate database handling (ITS#4089)
+ Added slapd/slaptest pid/arg file consistency check (ITS#4074)
+ Updated slaptools default debug level to "none" (ITS#4044)
+ Fixed slurpd backwards compat issue (ITS#4151)
+ Added slurpd pid/arg file consistency check (ITS#4152)
+ Updated contrib smbk5pwd module
+ Removed lint
+ Build environment
+ Fixed libldap HSTRERROR issue (ITS#4124)
+ Fixed slapd AIX IFMT issue (ITS#4123)
+ Added slapd-bind test program
+ Added inet_ntoa_b support for VxWorks (ITS#3440)
+ Updated test036 (ITS#4095)
+ Fixed test036 cmp issue (ITS#4142)
+ Dropped SSLeay support
+ Documentation
+ slapd.conf(5) defaultSearchBase issue (ITS#4162)
+ slap tool man pages wll typo (ITS#4169)
+
+OpenLDAP 2.3.11 Release (2005/10/12)
+ Fixed libldap reentrancy issue (ITS#3988)
+ Fixed libldap ndelay without timeout
+ Fixed slapd ldaps:// not configured issue (ITS#4082,4083)
+ Fixed slapd-bdb/hdb mode argument parsing (ITS#4077)
+ Fixed slapd WIN32 writefds init issue
+ Fixed slapadd buffer alignment issue (ITS#4078)
+ Updated slapd syncrepl to use ldap_unbind_ext
+ Removed lint
+
+OpenLDAP 2.3.10 Release (2005/10/10)
+ Fixed libldap chasing of chased referrals (ITS#2942)
+ Added libldap LDAP_NOT_SUPPORTED for TLS (ITS#4072)
+ Added libldap LDAP_MSG_RECEIVED support
+ Dropped libldap LDAP_MORE_RESULTS_TO_RETURN use
+ Fixed slapd cn=config updated rootdn issue (ITS#4035)
+ Fixed slapd-meta bus error (ITS#4073)
+ Fixed slapd-meta/ldap/rwm empty naming context issue (ITS#4071)
+
+OpenLDAP 2.3.9 Release (2005/10/07)
+ Fixed slapd req_pwdexop bug
+ Fixed slapo-syncprov queued UUIDs bug (ITS#4068)
+ Fixed slapo-syncprov memory leak
+ Fixed slapd anlist leak
+ Removed lint
+ Build Environment
+ Updated testsuite to test only primary backends by default
+ Disable test041-aci
+
+OpenLDAP 2.3.8 Release (2005/10/05)
+ Fixed slapd undef HAVE_EPOLL issue
+ Fixed slapd connection-get wake bug (ITS#3999)
+ Fixed slapd uninitialized var bug (ITS#3854)
+ Fixed slapd add entry without parent bug (ITS#2757)
+ Fixed slapd cn=config value escaping bug (ITS#3807)
+ Fixed slapd cn=config missing host/uri bug (ITS#4009)
+ Fixed slapd alock symbol bug (ITS#3978)
+ Fixed slapd replogfile assert (ITS#4003)
+ Fixed slapd rewrite session var set bug (ITS#4023)
+ Fixed slapd syncrepl empty uniqueMember bug (ITS#4040)
+ Fixed slapd alias resolution bug (ITS#4030)
+ Fixed slapd password-hash cleartext bug (ITS#4021)
+ Fixed slapd realloc zero bug (ITS#3981)
+ Fixed slapd nested overlay configuration bug (ITS#4047)
+ Fixed slapd password modify oldPassword ignore bug (ITS#4049)
+ Added slapd password oldPassword verify (ITS#4051)
+ Fixed slapd select_backend manageDSAit with glue issue (ITS#4027)
+ Updated slapd authz backend detection (ITS#4018)
+ Fixed slapd-bdb/hdb pointer/integer size mismatch (ITS#4015)
+ Updated slapd-hdb index management
+ Fixed slapd-glue mixtures bug (ITS#3979)
+ Fixed slapd-ldap unlock issue (ITS#4001)
+ Fixed slapd-ldap manageDIT check bug (ITS#4005)
+ Fixed slapd-ldap resource release issue (ITS#4016)
+ Fixed slapd-meta rootdn lookup bug (ITS#4004)
+ Fixed slapd-meta null value assert issue (ITS#4028)
+ Added slapd-meta pooled connections (ITS#4056)
+ Added slapd-meta target DSA bind defer when auth'd as rootdn (ITS#4057)
+ Fixed slapd-meta pseudorootdn issue
+ Fixed slapd-monitor unavailable issue (ITS#4013)
+ Fixed slapd-perl init/destroy bug (ITS#3923)
+ Fixed slapd-sql missing space issue (ITS#4061)
+ Fixed slapo-accesslog timestamp normalization issue
+ Fixed slapo-accesslog normalizer issue
+ Fixed slapo-ppolicy replication issues (ITS#3980)
+ Added slapo-ppolicy pwdattribute descriptor support (ITS#4025)
+ Fixed slapo-syncprov/unique interact issues (ITS#3989)
+ Fixed slapo-syncprov/subordinate interact issues (ITS#3996)
+ Fixed slapo-syncprov schema check assert (ITS#4031)
+ Fixed slapo-syncprov psearch flush in qtask
+ Fixed slapo-syncprov abandon checks
+ Fixed slapo-unique ignore writes not under unique_base (ITS#4066)
+ Fixed slapo-valsort unknown valsort-attr bug (ITS#4047)
+ Fixed slapcat out-of-memory problem (ITS#4010)
+ Fixed slurpd unrecognized slave names bug (ITS#4012)
+ Fixed liblber dgram len bug (ITS#4046)
+ Fixed libldap SASL and TLS potential ld_error leaks (ITS#4064)
+ Fixed liblutil/csn time counter issue
+ Updated contrib/ldapc++ to avoid deprecated functions
+ Documentation
+ Added slapo-valsort(5) man page (ITS#3994)
+ Added slap tool -F option documentation (ITS#4026)
+ Build Environment
+ Fixed misc POSIX conformance issues (ITS#2667)
+ Fixed --without-threads build issue (ITS#4006)
+ Fixed test script exit checks (ITS#4045)
+ Added test suite parameterized directory support
+ Fixed test suite tool error handling
+ Updated contrib/ldapc++ build environment
+
+OpenLDAP 2.3.7 Release (2005/08/31)
+ Updated slapd ManageDIT support
+ Updated slapd ACI syntax checking (ITS#3877)
+ Fixed slapd STATS2 referral logging
+ Refixed slapd cn=config default search base bug (ITS#3900)
+ Fixed slapd cn=config TLSVerifyClient bug (ITS#3962)
+ Fixed slapd winsock assert (ITS#3983)
+ Fixed slapd-bdb/hdb paged results deadlock (ITS#3940)
+ Fixed slapd-bdb/hdb/ldbm searchBase disclose (ITS#3964)
+ Fixed slapd-bdb/hdb bi_dbenv check (ITS#3992)
+ Fixed slapd-meta generic attribute normalize/pretty (ITS#3956)
+ Fixed slapd-ldap/meta 'undefined' attribute mutex protection (ITS#3958)
+ Added slapd-ldap/meta 'proxied' attribute support (ITS#3959)
+ Fixed slapd-meta no candidate target selected bug (ITS#3990)
+ Fixed slapd-meta matchedDN handling (ITS#3944)
+ Fixed slapd-monitor hiding issue (ITS#3986)
+ Fixed slapo-ppolicy lockout status at Bind (ITS#3946)
+ Moved slapo-glue into slapd core
+ Fixed slaptest cn=config segfault (ITS#3961)
+ Fixed slaptools logging issue (ITS#3937)
+ Fixed slaptools fails after db clean (ITS#3970)
+ Fixed slaptools reject unsupported -w (ITS#3939)
+ Fixed libldap global_opt failure
+ Fixed libldap schema handling
+ Fixed libldap secprops parsing (ITS#3955)
+ Fixed libldap_r tpool (ITS#3925)
+ Updated liblutil password scheme check
+ Updated libldap schema to allow OID macros in syntaxes
+ Removed lint
+ Documentation
+ Updated misc. man pages
+ Build Environment
+ Updated build tools (ITS#3928)
+ Fixed tests diff -u usage (ITS#3969)
+ Fixed slapo-rwm dependency checking (ITS#3965)
+ Fixed tests --disable-monitor support
+ Fixed tests veryclean-local testdata cleanup
+ Add subtree rename test (hdb only)
+
+OpenLDAP 2.3.6 Release (2005/08/19)
+ Fixed slapd dnRelativeMatch return (ITS#3931)
+ Fixed slapd send_search_entry issue (ITS#3951)
+ Fixed slapd-bdb/hdb release entry in paged response
+ Fixed slapd-meta resources release issue (ITS#3943)
+ Fixed slapd-ldap/meta matched return (ITS#3942,ITS#3944)
+ Fixed slapo-ppolicy reset lockouts issue (ITS#3946)
+ Fixed nis.schema posixGroup object class kind (ITS#3941)
+ Revert librewrite regex mutex change (ITS#3932)
+ Updated slapd manage capability
+ Updated slapo-syncprov CSN filter checks
+ Updated libldap url list parsing
+ Added slapd SASL rootpw support (ITS#3845)
+ Added slapd Stats logging for additional cases
+ Added slapd ACI syntax validater (ITS#3877)
+ Added slapd posixgroup ACL module to contrib
+ Added slapi SLAPI_X_ADD_STRUCTURAL_CLASS extension
+ Added slapd-ldap subtree renaming proxing
+ Added slapd-meta overlapping targets enhancement (ITS#3711)
+ Removed lint
+ Documentation
+ Added slapcat(8) -a usage example (ITS#3930)
+ Updated slapo-unique(5) for clarity (ITS#3936)
+ Updated slapo-syncprov(5) sessionlog description (ITS#3935)
+ Updated doc/drafts
+ Build Environment
+ Updated test prog bind retry code
+ Fixed test015-xsearch regression (ITS#3506)
+ Added test040-subtree-rename
+
+OpenLDAP 2.3.5 Release (2005/08/14)
+ Fixed slapd integerBitOr/AndMatch logic (ITS#3782)
+ Fixed slapd substrings filter length checks (ITS#3790)
+ Fixed slapd thread pool initialization (ITS#3793)
+ Fixed slapd cancel exop (ITS#3549)
+ Fixed slapd syncrepl cookie problem (ITS#3917)
+ Fixed slapd inequality filter index bug (ITS#3920)
+ Fixed slapd syncrepl ctxcsn leak (ITS#3922)
+ Fixed slapd syncrepl scope issue (ITS#3831)
+ Fixed slapd syncrepl missing array subscript (ITS#3834)
+ Fixed slapd slapd_remove null deref (ITS#3842)
+ Fixed slapd ldapi credential normalization bug (ITS#3876)
+ Fixed slapd userPassword cleartext bug (ITS#3846)
+ Fixed slapd cn=config default search base bug (ITS#3900)
+ Fixed slapd cn=config olcDbConfig bug (ITS#3815)
+ Fixed slapd cn=config olcReadOnly bug (ITS#3820)
+ Fixed slapd cn=config hdb+bdb bug (ITS#3821)
+ Fixed slapd ACL attrs/val EQUALITY issue (ITS#3830)
+ Fixed slapd authx-regexp diagnostics (ITS#3819)
+ Fixed slapd index_substr_any_step keyword (ITS#3818)
+ Fixed slapd -f directory issue (ITS#3865)
+ Fixed slapd attributeOptions config parsing (ITS#3829)
+ Fixed slapd whitespace config parsing bug (ITS#3901)
+ Fixed slapd rootdn space issue (ITS#3806)
+ Fixed slapd passwd change w/ {CRYPT} bug (ITS#3805)
+ Fixed slapd backend_init_controls assert (ITS#3853)
+ Fixed slapd loglevel -1 bug (ITS#3858)
+ Fixed slapi bind bound DN issue (ITS#2971)
+ Fixed slapi issues (ITS#3884,3885,3886)
+ Fixed slapi authorization name issue (ITS#3892)
+ Fixed slapi slapi_int_connection_init operation problem (ITS#3868)
+ Fixed slapi slapi_entry_has_children bug (ITS#3879)
+ Fixed slapd-bdb manual recovery startup (ITS#3607,3824)
+ Fixed slapd-bdb manual recovery startup (ITS#3833)
+ Fixed slapd-bdb/hdb checkpoint before suffix bug (ITS#3784)
+ Fixed slapd-hdb modrdn base bug (ITS#3857)
+ Fixed slapd-ldap access to freed connection (ITS#3913)
+ Fixed slapd-ldap/meta filter bug (ITS#3785)
+ Fixed slapd-ldap/meta connection pooling (ITS#3813)
+ Fixed slapd-ldap/meta memory leak (ITS#3862)
+ Added slapd-sql enhancements (ITS#3432)
+ Fixed slapd-sql attribute with no values issue (ITS#3861)
+ Fixed slapd-sql truncating keyval column problem (ITS#3888)
+ Fixed slapd-sql return code ignored problem (ITS#3891)
+ Fixed slapo-glue alock bug (ITS#3817,3841)
+ Fixed slapo-dyngroup hidden subschemaSubentry bug (ITS#3844)
+ Fixed slapo-ppolicy hashed length problem (ITS#3783)
+ Fixed slapo-ppolicy quality check (ITS#3777)
+ Fixed slapo-ppolicy lockout duration (ITS#3779)
+ Fixed slapo-rwm leak (ITS#3914)
+ Fixed slapo-glue/rwm conflict (ITS#3788)
+ Fixed slapadd segfault (ITS#3926)
+ Fixed slapcat cn=config segfault (ITS#3796)
+ Fixed slaptest -F crash (ITS#3912)
+ Fixed slapd authzTo/From syntax issue (ITS#3921)
+ Fixed libldap abandon concurrency issue (ITS#3800)
+ Fixed libldap start_tls referral chasing (ITS#3791)
+ Fixed libldap referral chasing issues (ITS#2894,3578)
+ Fixed librewrite concurrency issue (ITS#3932)
+ Use IANA-assigned OIDs for recently approved IETF LDAP extensions
+ Removed lint (ITS#3857)
+ Build Environment
+ Upgraded shtool (ITS#3752)
+ Upgraded config.guess/config.sub
+ Fixed FreeBSD thread stacksize problem (ITS#3456)
+ Fixed cygwin shared libraries build problem (ITS#3712)
+ Fixed acl_get/acl_mask v AIX symbol clash (ITS#3787)
+ Fixed test020 logging problem (ITS#3811)
+ Fixed duplicate symbol problem (ITS#3843)
+ Fixed liblunicode 64bit builds (ITS#3869)
+ Fixed passwd/kerberos module builds (ITS#3896)
+ Fixed test037 manageDIT discovery issue (ITS#3898)
+ Fixed installed man page symlinks (ITS#3904)
+ Fixed <sasl.h> inclusion (ITS#3905)
+ Fixed smbk5pwd Heimdal compat issue (ITS#3910)
+ Fixed slapd make install issue (ITS#3929)
+ Fixed DESTDIR reporting (ITS#3916)
+ Documentation
+ Fixed Admin Guide authz v. saslauthz problem (ITS#3875)
+ Fixed Admin Guide --disable-bdb issue (ITS#3837)
+ Fixed slapd-meta(5) lastmod issue (ITS#3789)
+ Updated slapd.conf(5) (ITS#3866)
+ Updated slapd(8) OPTIONS section (ITS#3816)
+ Updated slapd-monitor(5) (ITS#3822,3836)
+ Updated slapd-bdb(5) (ITS#3823)
+
+OpenLDAP 2.3.4 Release (2005/06/10)
+ Initial release for "general use".
+
Added: openldap/vendor/openldap-2.3.35/COPYRIGHT
===================================================================
--- openldap/vendor/openldap-2.3.35/COPYRIGHT (rev 0)
+++ openldap/vendor/openldap-2.3.35/COPYRIGHT 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,62 @@
+Copyright 1998-2007 The OpenLDAP Foundation
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
+OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+Individual files and/or contributed packages may be copyright by
+other parties and/or subject to additional restrictions.
+
+This work is derived from the University of Michigan LDAP v3.3
+distribution. Information concerning this software is available
+at <http://www.umich.edu/~dirsvcs/ldap/ldap.html>.
+
+This work also contains materials derived from public sources.
+
+Additional information about OpenLDAP can be obtained at
+<http://www.openldap.org/>.
+
+---
+
+Portions Copyright 1998-2006 Kurt D. Zeilenga.
+Portions Copyright 1998-2006 Net Boolean Incorporated.
+Portions Copyright 2001-2006 IBM Corporation.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+---
+
+Portions Copyright 1999-2005 Howard Y.H. Chu.
+Portions Copyright 1999-2005 Symas Corporation.
+Portions Copyright 1998-2003 Hallvard B. Furuseth.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that this notice is preserved.
+The names of the copyright holders may not be used to endorse or
+promote products derived from this software without their specific
+prior written permission. This software is provided ``as is''
+without express or implied warranty.
+
+---
+
+Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+All rights reserved.
+
+Redistribution and use in source and binary forms are permitted
+provided that this notice is preserved and that due credit is given
+to the University of Michigan at Ann Arbor. The name of the
+University may not be used to endorse or promote products derived
+from this software without specific prior written permission. This
+software is provided ``as is'' without express or implied warranty.
+
Added: openldap/vendor/openldap-2.3.35/INSTALL
===================================================================
--- openldap/vendor/openldap-2.3.35/INSTALL (rev 0)
+++ openldap/vendor/openldap-2.3.35/INSTALL 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,121 @@
+Making and Installing the OpenLDAP Distribution
+===============================================
+
+This file provides brief instructions on how to build and install
+OpenLDAP on UNIX (and UNIX-like) system. More detailed information
+and instructions can be found in The OpenLDAP Administrator's Guide
+(available from http://www.openldap.org/doc/).
+
+It is recommended that you read, or at least skim through, ALL of the
+instructions in this file before attempting to build the software.
+
+It is also recommended you review the Frequently Asked Questions
+(http://www.openldap.org/faq/) pages, in particular the Installation
+section (http://www.openldap.org/faq/index.cgi?file=8) and Platform
+Hints (http://www.openldap.org/faq/index.cgi?file=9) should be
+examined.
+
+Making and Installing the OpenLDAP Distribution
+-----------------------------------------------
+
+1. Unpack the distribution and change directory:
+
+ % tar xfz openldap-VERSION.tgz
+ % cd openldap-VERSION
+
+ (replacing VERSION with the appropriate version string). If you
+ are reading this file, you probably have already done this!
+
+2. Type:
+
+ % ./configure --help
+
+ to list available configuration options.
+
+ Note also that the configure script uses environmental variables
+ for determining compiler/linker options including:
+
+ Variable Description Example
+ CC C compiler gcc
+ CFLAGS C flags -O -g
+ CPPFLAGS cpp flags -I/path/include -DFOO=42
+ LDFLAGS ld flags -L/usr/local/lib
+ LIBS libraries -llib
+ PATH command path /usr/local/bin:/usr/bin:/bin
+
+ See doc/install/configure for generic configure documentation.
+
+3. Configure the build system:
+
+ % [env settings] ./configure [options]
+
+ If all goes well, the configure script will automatically detect
+ the appropriate settings. If the configure script fails, you
+ should read the config.log file that it generated to see what it
+ was trying to do and exactly what failed. You may need to specify
+ additional options and/or environment variables besides those
+ listed above to obtain desired results, depending on your operating
+ system. The Platform Hints section of the FAQ provides help for
+ operating system related problems.
+
+4. Build dependencies:
+
+ % make depend
+
+5. Build the system:
+
+ % make
+
+ If all goes well, the system will build as configured. If not,
+ return to step 3 after reviewing the configuration settings. You
+ may want to consult the Platform Hints subsection of the FAQ if
+ you have not done so already.
+
+6. Test the standalone system:
+
+ This step requires the standalone LDAP server, slapd(8), with
+ BDB or HDB support.
+
+ % make test
+
+ If all goes well, the system has been built as configured. If
+ not, return to step 2 after reviewing your configuration
+ settings. You may want to consult the Installation section of
+ the FAQ if you have not done so already.
+
+7. Install the software. You may need to be come the super-user
+ (e.g. root) to do this (depending on where you are installing
+ things):
+
+ % su root -c 'make install'
+
+8. That's it. Enjoy!
+
+See the OpenLDAP Administrator's Guide and the manual pages for the
+individual applications for configuration and use information. You may
+also want to edit the configuration files used by the various
+components. These configuration files are located in the OpenLDAP
+configuration directory (normally /usr/local/etc/openldap).
+
+ ldap.conf client defaults
+ slapd.conf Standalone LDAP daemon
+ schema/*.schema Schema Definitions
+
+---
+$OpenLDAP: pkg/openldap-guide/release/install.sdf,v 1.16 2002/02/18
+17:09:26 kurt Exp $
+
+This work is part of OpenLDAP Software <http://www.openldap.org/>.
+
+Copyright 1998-2007 The OpenLDAP Foundation.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
+OpenLDAP is a registered trademark of the OpenLDAP Foundation.
Added: openldap/vendor/openldap-2.3.35/LICENSE
===================================================================
--- openldap/vendor/openldap-2.3.35/LICENSE (rev 0)
+++ openldap/vendor/openldap-2.3.35/LICENSE 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,47 @@
+The OpenLDAP Public License
+ Version 2.8, 17 August 2003
+
+Redistribution and use of this software and associated documentation
+("Software"), with or without modification, are permitted provided
+that the following conditions are met:
+
+1. Redistributions in source form must retain copyright statements
+ and notices,
+
+2. Redistributions in binary form must reproduce applicable copyright
+ statements and notices, this list of conditions, and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution, and
+
+3. Redistributions must contain a verbatim copy of this document.
+
+The OpenLDAP Foundation may revise this license from time to time.
+Each revision is distinguished by a version number. You may use
+this Software under terms of this license revision or under the
+terms of any subsequent revision of the license.
+
+THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
+CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S)
+OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+The names of the authors and copyright holders must not be used in
+advertising or otherwise to promote the sale, use or other dealing
+in this Software without specific, written prior permission. Title
+to copyright in this Software shall at all times remain with copyright
+holders.
+
+OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+Copyright 1999-2003 The OpenLDAP Foundation, Redwood City,
+California, USA. All Rights Reserved. Permission to copy and
+distribute verbatim copies of this document is granted.
Added: openldap/vendor/openldap-2.3.35/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,38 @@
+# Master Makefile for OpenLDAP
+# $OpenLDAP: pkg/ldap/Makefile.in,v 1.27.2.4 2007/01/02 21:43:21 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SUBDIRS= include libraries clients servers tests doc
+CLEANDIRS=
+INSTALLDIRS=
+
+makefiles: FORCE
+ ./config.status
+
+# force a make all before make install
+# only done at the top-level
+install-common: all FORCE
+
+clean-local: FORCE
+ $(RM) config.cache config.log configure.lineno
+ $(RM) -r autom4te.cache
+
+veryclean-local: FORCE
+ $(RM) config.status libtool stamp-h stamp-h.in
+
+distclean: veryclean FORCE
+
+check: test
+test: FORCE
+ cd tests; make test
Added: openldap/vendor/openldap-2.3.35/README
===================================================================
--- openldap/vendor/openldap-2.3.35/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,94 @@
+OpenLDAP 2.3 README
+ For a description of what this distribution contains, see the
+ ANNOUNCEMENT file in this directory. For a description of
+ changes from previous releases, see the CHANGES file in this
+ directory.
+
+ This is 2.3 release, it includes significant changes from prior
+ releases.
+
+REQUIRED SOFTWARE
+ Building OpenLDAP Software requires a number of software packages
+ to be preinstalled. Additional information regarding prerequisite
+ software can be found in the OpenLDAP Administrator's Guide.
+
+ Base system (libraries and tools):
+ Standard C compiler (required)
+ Cyrus SASL 2.1.18+ (recommended)
+ OpenSSL 0.9.7+ (recommended)
+ POSIX REGEX software (required)
+
+ SLAPD:
+ BDB and HDB backends require Sleepycat Berkeley DB 4.2 or later
+
+ SLURPD:
+ LTHREAD compatible thread package
+ [POSIX threads, Mach Cthreads, select others]
+
+ CLIENTS/CONTRIB ware:
+ Depends on package. See per package README.
+
+
+MAKING AND INSTALLING THE DISTRIBUTION
+ Please see the INSTALL file for basic instructions. More
+ detailed instructions can be found in the OpenLDAP Admnistrator's
+ Guide (see DOCUMENTATION section).
+
+
+DOCUMENTATION
+ The OpenLDAP Administrator's Guide is available in the
+ guide.html file in the doc/guide/admin directory. The
+ guide and a number of other documents are available at
+ <http://www.openldap.org/doc/guide/admin/guide.html>.
+
+ The distribution also includes manual pages for most programs
+ and library APIs. See ldap(3) for details.
+
+ The OpenLDAP website is available and contains the latest LDAP
+ news, releases announcements, pointers to other LDAP resources,
+ etc.. It is located at <http://www.OpenLDAP.org/>.
+
+ The OpenLDAP Software FAQ is available at
+ <http://www.openldap.org/faq/>.
+
+
+SUPPORT / FEEDBACK / PROBLEM REPORTS / DISCUSSIONS
+ OpenLDAP Software is user supported. If you have problems, please
+ review the OpenLDAP FAQ <http://www.openldap.org/faq/> and
+ archives of the OpenLDAP-software and OpenLDAP-bugs mailing lists
+ <http://www.openldap.org/lists/>. If you cannot find the answer,
+ please enquire on the OpenLDAP-software list.
+
+ Issues, such as bug reports, should be reported using our our
+ Issue Tracking System <http://www.OpenLDAP.org/its/>. Do not
+ use this system for software enquiries. Please direct these
+ to an appropriate mailing list.
+
+
+CONTRIBUTING
+ See <http://www.openldap.org/devel/contributing.html> for
+ information regarding how to contribute code or documentation
+ to the OpenLDAP Project for inclusion in OpenLDAP Software.
+ While you are encouraged to coordinate and discuss the development
+ activities on the <openldap-devel at openldap.org> mailing list
+ prior to submission, it is noted that contributions must be
+ submitted using the Issue Tracking System
+ <http://www.openldap.org/its/> to be considered.
+
+---
+$OpenLDAP: pkg/ldap/README,v 1.38.2.7 2007/01/02 21:43:21 kurt Exp $
+
+This work is part of OpenLDAP Software <http://www.openldap.org/>.
+
+Copyright 1998-2007 The OpenLDAP Foundation.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
+OpenLDAP is a registered trademark of the OpenLDAP Foundation.
Added: openldap/vendor/openldap-2.3.35/aclocal.m4
===================================================================
--- openldap/vendor/openldap-2.3.35/aclocal.m4 (rev 0)
+++ openldap/vendor/openldap-2.3.35/aclocal.m4 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,7014 @@
+# generated automatically by aclocal 1.9.6 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005 Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+# Copyright (C) 2002, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version="1.9"])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION so it can be traced.
+# This function is AC_REQUIREd by AC_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+ [AM_AUTOMAKE_VERSION([1.9.6])])
+
+# AM_AUX_DIR_EXPAND -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory. The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run. This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+# fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+# fails if $ac_aux_dir is absolute,
+# fails when called from a subdirectory in a VPATH build with
+# a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir. In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir. That would be:
+# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+# MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH. The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 7
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])],
+ [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])
+AC_SUBST([$1_FALSE])
+if $2; then
+ $1_TRUE=
+ $1_FALSE='#'
+else
+ $1_TRUE='#'
+ $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+ AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 8
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery. Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC, [depcc="$CC" am_compiler_list=],
+ [$1], CXX, [depcc="$CXX" am_compiler_list=],
+ [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+ [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'],
+ [depcc="$$1" am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+ [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_$1_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+ fi
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ case $depmode in
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ none) break ;;
+ esac
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this.
+ if depmode=$depmode \
+ source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_$1_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[ --disable-dependency-tracking speeds up one-time build
+ --enable-dependency-tracking do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+ am_depcomp="$ac_aux_dir/depcomp"
+ AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])
+])
+
+# Generate code to set up dependency tracking. -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 3
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[for mf in $CONFIG_FILES; do
+ # Strip MF so we end up with the name of the file.
+ mf=`echo "$mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile or not.
+ # We used to match only the files named `Makefile.in', but
+ # some people rename them; so instead we look at the file content.
+ # Grep'ing the first line is not enough: some people post-process
+ # each Makefile.in and add a new line on top of each file to say so.
+ # So let's grep whole file.
+ if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then
+ dirpart=`AS_DIRNAME("$mf")`
+ else
+ continue
+ fi
+ # Extract the definition of DEPDIR, am__include, and am__quote
+ # from the Makefile without running `make'.
+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+ test -z "$DEPDIR" && continue
+ am__include=`sed -n 's/^am__include = //p' < "$mf"`
+ test -z "am__include" && continue
+ am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+ # When using ansi2knr, U may be empty or an underscore; expand it
+ U=`sed -n 's/^U = //p' < "$mf"`
+ # Find all dependency output files, they are included files with
+ # $(DEPDIR) in their names. We invoke sed twice because it is the
+ # simplest approach to changing $(DEPDIR) to its actual value in the
+ # expansion.
+ for file in `sed -n "
+ s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+ # Make sure the directory exists.
+ test -f "$dirpart/$file" && continue
+ fdir=`AS_DIRNAME(["$file"])`
+ AS_MKDIR_P([$dirpart/$fdir])
+ # echo "creating $dirpart/$file"
+ echo '# dummy' > "$dirpart/$file"
+ done
+done
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled. FIXME. This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+ [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+ [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Do all the work for Automake. -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 12
+
+# This macro actually does too much. Some checks are only needed if
+# your package does certain things. But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out. PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition. After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.58])dnl
+dnl Autoconf wants to disallow AM_ names. We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+# test to see if srcdir already configured
+if test "`cd $srcdir && pwd`" != "`pwd`" &&
+ test -f $srcdir/config.status; then
+ AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+ if (cygpath --version) >/dev/null 2>/dev/null; then
+ CYGPATH_W='cygpath -w'
+ else
+ CYGPATH_W=echo
+ fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AM_PROG_INSTALL_SH
+AM_PROG_INSTALL_STRIP
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target. The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+ [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+ [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+ [_AM_DEPENDENCIES(CC)],
+ [define([AC_PROG_CC],
+ defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+ [_AM_DEPENDENCIES(CXX)],
+ [define([AC_PROG_CXX],
+ defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+])
+])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated. The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+ case $_am_header in
+ $1 | $1:* )
+ break ;;
+ * )
+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+ esac
+done
+echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+install_sh=${install_sh-"$am_aux_dir/install-sh"}
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot. For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+ am__leading_dot=.
+else
+ am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
+
+# serial 47 AC_PROG_LIBTOOL
+
+
+# AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED)
+# -----------------------------------------------------------
+# If this macro is not defined by Autoconf, define it here.
+m4_ifdef([AC_PROVIDE_IFELSE],
+ [],
+ [m4_define([AC_PROVIDE_IFELSE],
+ [m4_ifdef([AC_PROVIDE_$1],
+ [$2], [$3])])])
+
+
+# AC_PROG_LIBTOOL
+# ---------------
+AC_DEFUN([AC_PROG_LIBTOOL],
+[AC_REQUIRE([_AC_PROG_LIBTOOL])dnl
+dnl If AC_PROG_CXX has already been expanded, run AC_LIBTOOL_CXX
+dnl immediately, otherwise, hook it in at the end of AC_PROG_CXX.
+ AC_PROVIDE_IFELSE([AC_PROG_CXX],
+ [AC_LIBTOOL_CXX],
+ [define([AC_PROG_CXX], defn([AC_PROG_CXX])[AC_LIBTOOL_CXX
+ ])])
+dnl And a similar setup for Fortran 77 support
+ AC_PROVIDE_IFELSE([AC_PROG_F77],
+ [AC_LIBTOOL_F77],
+ [define([AC_PROG_F77], defn([AC_PROG_F77])[AC_LIBTOOL_F77
+])])
+
+dnl Quote A][M_PROG_GCJ so that aclocal doesn't bring it in needlessly.
+dnl If either AC_PROG_GCJ or A][M_PROG_GCJ have already been expanded, run
+dnl AC_LIBTOOL_GCJ immediately, otherwise, hook it in at the end of both.
+ AC_PROVIDE_IFELSE([AC_PROG_GCJ],
+ [AC_LIBTOOL_GCJ],
+ [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
+ [AC_LIBTOOL_GCJ],
+ [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ],
+ [AC_LIBTOOL_GCJ],
+ [ifdef([AC_PROG_GCJ],
+ [define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[AC_LIBTOOL_GCJ])])
+ ifdef([A][M_PROG_GCJ],
+ [define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[AC_LIBTOOL_GCJ])])
+ ifdef([LT_AC_PROG_GCJ],
+ [define([LT_AC_PROG_GCJ],
+ defn([LT_AC_PROG_GCJ])[AC_LIBTOOL_GCJ])])])])
+])])# AC_PROG_LIBTOOL
+
+
+# _AC_PROG_LIBTOOL
+# ----------------
+AC_DEFUN([_AC_PROG_LIBTOOL],
+[AC_REQUIRE([AC_LIBTOOL_SETUP])dnl
+AC_BEFORE([$0],[AC_LIBTOOL_CXX])dnl
+AC_BEFORE([$0],[AC_LIBTOOL_F77])dnl
+AC_BEFORE([$0],[AC_LIBTOOL_GCJ])dnl
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+AC_SUBST(LIBTOOL)dnl
+
+# Prevent multiple expansion
+define([AC_PROG_LIBTOOL], [])
+])# _AC_PROG_LIBTOOL
+
+
+# AC_LIBTOOL_SETUP
+# ----------------
+AC_DEFUN([AC_LIBTOOL_SETUP],
+[AC_PREREQ(2.50)dnl
+AC_REQUIRE([AC_ENABLE_SHARED])dnl
+AC_REQUIRE([AC_ENABLE_STATIC])dnl
+AC_REQUIRE([AC_ENABLE_FAST_INSTALL])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_PROG_LD])dnl
+AC_REQUIRE([AC_PROG_LD_RELOAD_FLAG])dnl
+AC_REQUIRE([AC_PROG_NM])dnl
+
+AC_REQUIRE([AC_PROG_LN_S])dnl
+AC_REQUIRE([AC_DEPLIBS_CHECK_METHOD])dnl
+# Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers!
+AC_REQUIRE([AC_OBJEXT])dnl
+AC_REQUIRE([AC_EXEEXT])dnl
+dnl
+
+AC_LIBTOOL_SYS_MAX_CMD_LEN
+AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
+AC_LIBTOOL_OBJDIR
+
+AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
+_LT_AC_PROG_ECHO_BACKSLASH
+
+case $host_os in
+aix3*)
+ # AIX sometimes has problems with the GCC collect2 program. For some
+ # reason, if we set the COLLECT_NAMES environment variable, the problems
+ # vanish in a puff of smoke.
+ if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+ fi
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='sed -e 1s/^X//'
+[sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g']
+
+# Same as above, but do not quote variable references.
+[double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g']
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Constants:
+rm="rm -f"
+
+# Global variables:
+default_ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+ltmain="$ac_aux_dir/ltmain.sh"
+ofile="$default_ofile"
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+AC_CHECK_TOOL(AR, ar, false)
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+AC_CHECK_TOOL(STRIP, strip, :)
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+test -z "$AS" && AS=as
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+test -z "$LD" && LD=ld
+test -z "$LN_S" && LN_S="ln -s"
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+test -z "$NM" && NM=nm
+test -z "$SED" && SED=sed
+test -z "$OBJDUMP" && OBJDUMP=objdump
+test -z "$RANLIB" && RANLIB=:
+test -z "$STRIP" && STRIP=:
+test -z "$ac_objext" && ac_objext=o
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+ case $host_os in
+ openbsd*)
+ old_postinstall_cmds="\$RANLIB -t \$oldlib~$old_postinstall_cmds"
+ ;;
+ *)
+ old_postinstall_cmds="\$RANLIB \$oldlib~$old_postinstall_cmds"
+ ;;
+ esac
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+
+_LT_CC_BASENAME([$compiler])
+
+# Only perform the check for file, if the check method requires it
+case $deplibs_check_method in
+file_magic*)
+ if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+ AC_PATH_MAGIC
+ fi
+ ;;
+esac
+
+AC_PROVIDE_IFELSE([AC_LIBTOOL_DLOPEN], enable_dlopen=yes, enable_dlopen=no)
+AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL],
+enable_win32_dll=yes, enable_win32_dll=no)
+
+AC_ARG_ENABLE([libtool-lock],
+ [AC_HELP_STRING([--disable-libtool-lock],
+ [avoid locking (might break parallel builds)])])
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+AC_ARG_WITH([pic],
+ [AC_HELP_STRING([--with-pic],
+ [try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
+ [pic_mode="$withval"],
+ [pic_mode=default])
+test -z "$pic_mode" && pic_mode=default
+
+# Use C for the default configuration in the libtool script
+tagname=
+AC_LIBTOOL_LANG_C_CONFIG
+_LT_AC_TAGCONFIG
+])# AC_LIBTOOL_SETUP
+
+
+# _LT_AC_SYS_COMPILER
+# -------------------
+AC_DEFUN([_LT_AC_SYS_COMPILER],
+[AC_REQUIRE([AC_PROG_CC])dnl
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+])# _LT_AC_SYS_COMPILER
+
+
+# _LT_CC_BASENAME(CC)
+# -------------------
+# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
+AC_DEFUN([_LT_CC_BASENAME],
+[for cc_temp in $1""; do
+ case $cc_temp in
+ compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
+ distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+])
+
+
+# _LT_COMPILER_BOILERPLATE
+# ------------------------
+# Check for compiler boilerplate output or warnings with
+# the simple compiler test code.
+AC_DEFUN([_LT_COMPILER_BOILERPLATE],
+[ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+])# _LT_COMPILER_BOILERPLATE
+
+
+# _LT_LINKER_BOILERPLATE
+# ----------------------
+# Check for linker boilerplate output or warnings with
+# the simple link test code.
+AC_DEFUN([_LT_LINKER_BOILERPLATE],
+[ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+])# _LT_LINKER_BOILERPLATE
+
+
+# _LT_AC_SYS_LIBPATH_AIX
+# ----------------------
+# Links a minimal program and checks the executable
+# for the system default hardcoded library path. In most cases,
+# this is /usr/lib:/lib, but when the MPI compilers are used
+# the location of the communication and MPI libs are included too.
+# If we don't find anything, use the default library path according
+# to the aix ld manual.
+AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX],
+[AC_LINK_IFELSE(AC_LANG_PROGRAM,[
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi],[])
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+])# _LT_AC_SYS_LIBPATH_AIX
+
+
+# _LT_AC_SHELL_INIT(ARG)
+# ----------------------
+AC_DEFUN([_LT_AC_SHELL_INIT],
+[ifdef([AC_DIVERSION_NOTICE],
+ [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)],
+ [AC_DIVERT_PUSH(NOTICE)])
+$1
+AC_DIVERT_POP
+])# _LT_AC_SHELL_INIT
+
+
+# _LT_AC_PROG_ECHO_BACKSLASH
+# --------------------------
+# Add some code to the start of the generated configure script which
+# will find an echo command which doesn't interpret backslashes.
+AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH],
+[_LT_AC_SHELL_INIT([
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$ECHO in
+X*--fallback-echo)
+ # Remove one level of quotation (which was required for Make).
+ ECHO=`echo "$ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','`
+ ;;
+esac
+
+echo=${ECHO-echo}
+if test "X[$]1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X[$]1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then
+ # Yippee, $echo works!
+ :
+else
+ # Restart under the correct shell.
+ exec $SHELL "[$]0" --no-reexec ${1+"[$]@"}
+fi
+
+if test "X[$]1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<EOF
+[$]*
+EOF
+ exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$ECHO"; then
+if test "X${echo_test_string+set}" != Xset; then
+# find a string as large as possible, as long as the shell can cope with it
+ for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do
+ # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+ if (echo_test_string=`eval $cmd`) 2>/dev/null &&
+ echo_test_string=`eval $cmd` &&
+ (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null
+ then
+ break
+ fi
+ done
+fi
+
+if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ :
+else
+ # The Solaris, AIX, and Digital Unix default echo programs unquote
+ # backslashes. This makes it impossible to quote backslashes using
+ # echo "$something" | sed 's/\\/\\\\/g'
+ #
+ # So, first we look for a working echo in the user's PATH.
+
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for dir in $PATH /usr/ucb; do
+ IFS="$lt_save_ifs"
+ if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+ test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ echo="$dir/echo"
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ if test "X$echo" = Xecho; then
+ # We didn't find a better echo, so look for alternatives.
+ if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # This shell has a builtin print -r that does the trick.
+ echo='print -r'
+ elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
+ test "X$CONFIG_SHELL" != X/bin/ksh; then
+ # If we have ksh, try running configure again with it.
+ ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+ export ORIGINAL_CONFIG_SHELL
+ CONFIG_SHELL=/bin/ksh
+ export CONFIG_SHELL
+ exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"}
+ else
+ # Try using printf.
+ echo='printf %s\n'
+ if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # Cool, printf works
+ :
+ elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+ export CONFIG_SHELL
+ SHELL="$CONFIG_SHELL"
+ export SHELL
+ echo="$CONFIG_SHELL [$]0 --fallback-echo"
+ elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ echo="$CONFIG_SHELL [$]0 --fallback-echo"
+ else
+ # maybe with a smaller string...
+ prev=:
+
+ for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do
+ if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null
+ then
+ break
+ fi
+ prev="$cmd"
+ done
+
+ if test "$prev" != 'sed 50q "[$]0"'; then
+ echo_test_string=`eval $prev`
+ export echo_test_string
+ exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"}
+ else
+ # Oops. We lost completely, so just stick with echo.
+ echo=echo
+ fi
+ fi
+ fi
+ fi
+fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+ECHO=$echo
+if test "X$ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then
+ ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo"
+fi
+
+AC_SUBST(ECHO)
+])])# _LT_AC_PROG_ECHO_BACKSLASH
+
+
+# _LT_AC_LOCK
+# -----------
+AC_DEFUN([_LT_AC_LOCK],
+[AC_ARG_ENABLE([libtool-lock],
+ [AC_HELP_STRING([--disable-libtool-lock],
+ [avoid locking (might break parallel builds)])])
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *ELF-32*)
+ HPUX_IA64_MODE="32"
+ ;;
+ *ELF-64*)
+ HPUX_IA64_MODE="64"
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+*-*-irix6*)
+ # Find out which ABI we are using.
+ echo '[#]line __oline__ "configure"' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -melf32bsmip"
+ ;;
+ *N32*)
+ LD="${LD-ld} -melf32bmipn32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -melf64bmip"
+ ;;
+ esac
+ else
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -32"
+ ;;
+ *N32*)
+ LD="${LD-ld} -n32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -64"
+ ;;
+ esac
+ fi
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case `/usr/bin/file conftest.o` in
+ *32-bit*)
+ case $host in
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ ppc64-*linux*|powerpc64-*linux*)
+ LD="${LD-ld} -m elf32ppclinux"
+ ;;
+ s390x-*linux*)
+ LD="${LD-ld} -m elf_s390"
+ ;;
+ sparc64-*linux*)
+ LD="${LD-ld} -m elf32_sparc"
+ ;;
+ esac
+ ;;
+ *64-bit*)
+ case $host in
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ ppc*-*linux*|powerpc*-*linux*)
+ LD="${LD-ld} -m elf64ppc"
+ ;;
+ s390*-*linux*)
+ LD="${LD-ld} -m elf64_s390"
+ ;;
+ sparc*-*linux*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+*-*-sco3.2v5*)
+ # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+ SAVE_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -belf"
+ AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
+ [AC_LANG_PUSH(C)
+ AC_TRY_LINK([],[],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
+ AC_LANG_POP])
+ if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+ # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+ CFLAGS="$SAVE_CFLAGS"
+ fi
+ ;;
+AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL],
+[*-*-cygwin* | *-*-mingw* | *-*-pw32*)
+ AC_CHECK_TOOL(DLLTOOL, dlltool, false)
+ AC_CHECK_TOOL(AS, as, false)
+ AC_CHECK_TOOL(OBJDUMP, objdump, false)
+ ;;
+ ])
+esac
+
+need_locks="$enable_libtool_lock"
+
+])# _LT_AC_LOCK
+
+
+# AC_LIBTOOL_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
+# ----------------------------------------------------------------
+# Check whether the given compiler option works
+AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION],
+[AC_REQUIRE([LT_AC_PROG_SED])
+AC_CACHE_CHECK([$1], [$2],
+ [$2=no
+ ifelse([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$3"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed >conftest.exp
+ $SED '/^$/d' conftest.err >conftest.er2
+ if test ! -s conftest.err || diff conftest.exp conftest.er2 >/dev/null; then
+ $2=yes
+ fi
+ fi
+ $rm conftest*
+])
+
+if test x"[$]$2" = xyes; then
+ ifelse([$5], , :, [$5])
+else
+ ifelse([$6], , :, [$6])
+fi
+])# AC_LIBTOOL_COMPILER_OPTION
+
+
+# AC_LIBTOOL_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+# [ACTION-SUCCESS], [ACTION-FAILURE])
+# ------------------------------------------------------------
+# Check whether the given compiler option works
+AC_DEFUN([AC_LIBTOOL_LINKER_OPTION],
+[AC_CACHE_CHECK([$1], [$2],
+ [$2=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $3"
+ printf "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&AS_MESSAGE_LOG_FD
+ $echo "X$_lt_linker_boilerplate" | $Xsed > conftest.exp
+ $SED '/^$/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ $2=yes
+ fi
+ else
+ $2=yes
+ fi
+ fi
+ $rm conftest*
+ LDFLAGS="$save_LDFLAGS"
+])
+
+if test x"[$]$2" = xyes; then
+ ifelse([$4], , :, [$4])
+else
+ ifelse([$5], , :, [$5])
+fi
+])# AC_LIBTOOL_LINKER_OPTION
+
+
+# AC_LIBTOOL_SYS_MAX_CMD_LEN
+# --------------------------
+AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN],
+[# find the maximum length of command line arguments
+AC_MSG_CHECKING([the maximum length of command line arguments])
+AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
+ i=0
+ teststring="ABCD"
+
+ case $build_os in
+ msdosdjgpp*)
+ # On DJGPP, this test can blow up pretty badly due to problems in libc
+ # (any single argument exceeding 2000 bytes causes a buffer overrun
+ # during glob expansion). Even if it were fixed, the result of this
+ # check would be larger than it should be.
+ lt_cv_sys_max_cmd_len=12288; # 12K is about right
+ ;;
+
+ gnu*)
+ # Under GNU Hurd, this test is not required because there is
+ # no limit to the length of command line arguments.
+ # Libtool will interpret -1 as no limit whatsoever
+ lt_cv_sys_max_cmd_len=-1;
+ ;;
+
+ cygwin* | mingw*)
+ # On Win9x/ME, this test blows up -- it succeeds, but takes
+ # about 5 minutes as the teststring grows exponentially.
+ # Worse, since 9x/ME are not pre-emptively multitasking,
+ # you end up with a "frozen" computer, even though with patience
+ # the test eventually succeeds (with a max line length of 256k).
+ # Instead, let's just punt: use the minimum linelength reported by
+ # all of the supported platforms: 8192 (on NT/2K/XP).
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ amigaos*)
+ # On AmigaOS with pdksh, this test takes hours, literally.
+ # So we just punt and use a minimum line length of 8192.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+ # This has been around since 386BSD, at least. Likely further.
+ if test -x /sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+ elif test -x /usr/sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+ else
+ lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
+ fi
+ # And add a safety zone
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ ;;
+ osf*)
+ # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+ # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+ # nice to cause kernel panics so lets avoid the loop below.
+ # First set a reasonable default.
+ lt_cv_sys_max_cmd_len=16384
+ #
+ if test -x /sbin/sysconfig; then
+ case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+ *1*) lt_cv_sys_max_cmd_len=-1 ;;
+ esac
+ fi
+ ;;
+ *)
+ # If test is not a shell built-in, we'll probably end up computing a
+ # maximum length that is only half of the actual maximum length, but
+ # we can't tell.
+ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+ while (test "X"`$SHELL [$]0 --fallback-echo "X$teststring" 2>/dev/null` \
+ = "XX$teststring") >/dev/null 2>&1 &&
+ new_result=`expr "X$teststring" : ".*" 2>&1` &&
+ lt_cv_sys_max_cmd_len=$new_result &&
+ test $i != 17 # 1/2 MB should be enough
+ do
+ i=`expr $i + 1`
+ teststring=$teststring$teststring
+ done
+ teststring=
+ # Add a significant safety factor because C++ compilers can tack on massive
+ # amounts of additional arguments before passing them to the linker.
+ # It appears as though 1/2 is a usable value.
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+ ;;
+ esac
+])
+if test -n $lt_cv_sys_max_cmd_len ; then
+ AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
+else
+ AC_MSG_RESULT(none)
+fi
+])# AC_LIBTOOL_SYS_MAX_CMD_LEN
+
+
+# _LT_AC_CHECK_DLFCN
+# --------------------
+AC_DEFUN([_LT_AC_CHECK_DLFCN],
+[AC_CHECK_HEADERS(dlfcn.h)dnl
+])# _LT_AC_CHECK_DLFCN
+
+
+# _LT_AC_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
+# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
+# ------------------------------------------------------------------
+AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF],
+[AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl
+if test "$cross_compiling" = yes; then :
+ [$4]
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+[#line __oline__ "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+
+ exit (status);
+}]
+EOF
+ if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) $1 ;;
+ x$lt_dlneed_uscore) $2 ;;
+ x$lt_unknown|x*) $3 ;;
+ esac
+ else :
+ # compilation failed
+ $3
+ fi
+fi
+rm -fr conftest*
+])# _LT_AC_TRY_DLOPEN_SELF
+
+
+# AC_LIBTOOL_DLOPEN_SELF
+# -------------------
+AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF],
+[AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl
+if test "x$enable_dlopen" != xyes; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32*)
+ lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen="dlopen"
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ AC_CHECK_LIB([dl], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[
+ lt_cv_dlopen="dyld"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ])
+ ;;
+
+ *)
+ AC_CHECK_FUNC([shl_load],
+ [lt_cv_dlopen="shl_load"],
+ [AC_CHECK_LIB([dld], [shl_load],
+ [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"],
+ [AC_CHECK_FUNC([dlopen],
+ [lt_cv_dlopen="dlopen"],
+ [AC_CHECK_LIB([dl], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],
+ [AC_CHECK_LIB([svld], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"],
+ [AC_CHECK_LIB([dld], [dld_link],
+ [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"])
+ ])
+ ])
+ ])
+ ])
+ ])
+ ;;
+ esac
+
+ if test "x$lt_cv_dlopen" != xno; then
+ enable_dlopen=yes
+ else
+ enable_dlopen=no
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS="$CPPFLAGS"
+ test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS="$LDFLAGS"
+ eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS="$LIBS"
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ AC_CACHE_CHECK([whether a program can dlopen itself],
+ lt_cv_dlopen_self, [dnl
+ _LT_AC_TRY_DLOPEN_SELF(
+ lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
+ lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
+ ])
+
+ if test "x$lt_cv_dlopen_self" = xyes; then
+ LDFLAGS="$LDFLAGS $link_static_flag"
+ AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
+ lt_cv_dlopen_self_static, [dnl
+ _LT_AC_TRY_DLOPEN_SELF(
+ lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
+ lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross)
+ ])
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+])# AC_LIBTOOL_DLOPEN_SELF
+
+
+# AC_LIBTOOL_PROG_CC_C_O([TAGNAME])
+# ---------------------------------
+# Check to see if options -c and -o are simultaneously supported by compiler
+AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O],
+[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
+AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
+ [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
+ [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
+ $rm -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&AS_MESSAGE_LOG_FD
+ echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $echo "X$_lt_compiler_boilerplate" | $Xsed > out/conftest.exp
+ $SED '/^$/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.err || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+ fi
+ fi
+ chmod u+w . 2>&AS_MESSAGE_LOG_FD
+ $rm conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+ $rm out/* && rmdir out
+ cd ..
+ rmdir conftest
+ $rm conftest*
+])
+])# AC_LIBTOOL_PROG_CC_C_O
+
+
+# AC_LIBTOOL_SYS_HARD_LINK_LOCKS([TAGNAME])
+# -----------------------------------------
+# Check to see if we can do hard links to lock some files if needed
+AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS],
+[AC_REQUIRE([_LT_AC_LOCK])dnl
+
+hard_links="nottested"
+if test "$_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ AC_MSG_CHECKING([if we can lock with hard links])
+ hard_links=yes
+ $rm conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ AC_MSG_RESULT([$hard_links])
+ if test "$hard_links" = no; then
+ AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe])
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+])# AC_LIBTOOL_SYS_HARD_LINK_LOCKS
+
+
+# AC_LIBTOOL_OBJDIR
+# -----------------
+AC_DEFUN([AC_LIBTOOL_OBJDIR],
+[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
+[rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+ lt_cv_objdir=.libs
+else
+ # MS-DOS does not allow filenames that begin with a dot.
+ lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null])
+objdir=$lt_cv_objdir
+])# AC_LIBTOOL_OBJDIR
+
+
+# AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH([TAGNAME])
+# ----------------------------------------------
+# Check hardcoding attributes.
+AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH],
+[AC_MSG_CHECKING([how to hardcode library paths into programs])
+_LT_AC_TAGVAR(hardcode_action, $1)=
+if test -n "$_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)" || \
+ test -n "$_LT_AC_TAGVAR(runpath_var, $1)" || \
+ test "X$_LT_AC_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then
+
+ # We can hardcode non-existant directories.
+ if test "$_LT_AC_TAGVAR(hardcode_direct, $1)" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)" != no &&
+ test "$_LT_AC_TAGVAR(hardcode_minus_L, $1)" != no; then
+ # Linking always hardcodes the temporary library directory.
+ _LT_AC_TAGVAR(hardcode_action, $1)=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ _LT_AC_TAGVAR(hardcode_action, $1)=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ _LT_AC_TAGVAR(hardcode_action, $1)=unsupported
+fi
+AC_MSG_RESULT([$_LT_AC_TAGVAR(hardcode_action, $1)])
+
+if test "$_LT_AC_TAGVAR(hardcode_action, $1)" = relink; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+])# AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH
+
+
+# AC_LIBTOOL_SYS_LIB_STRIP
+# ------------------------
+AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP],
+[striplib=
+old_striplib=
+AC_MSG_CHECKING([whether stripping libraries is possible])
+if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ AC_MSG_RESULT([yes])
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+fi
+ ;;
+ *)
+ AC_MSG_RESULT([no])
+ ;;
+ esac
+fi
+])# AC_LIBTOOL_SYS_LIB_STRIP
+
+
+# AC_LIBTOOL_SYS_DYNAMIC_LINKER
+# -----------------------------
+# PORTME Fill in your ld.so characteristics
+AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER],
+[AC_MSG_CHECKING([dynamic linker characteristics])
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix4* | aix5*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[[01]] | aix4.[[01]].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[[45]]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $rm \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | [grep ';[c-zC-Z]:/' >/dev/null]; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+ # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+ if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+ else
+ sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+ fi
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+kfreebsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[[123]]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[[01]]* | freebsdelf3.[[01]]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ *) # from 3.2 on
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+knetbsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+nto-qnx*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+openbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[[89]] | openbsd2.[[89]].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+sco3.2v5*)
+ version_type=osf
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+AC_MSG_RESULT([$dynamic_linker])
+test "$dynamic_linker" = no && can_build_shared=no
+])# AC_LIBTOOL_SYS_DYNAMIC_LINKER
+
+
+# _LT_AC_TAGCONFIG
+# ----------------
+AC_DEFUN([_LT_AC_TAGCONFIG],
+[AC_ARG_WITH([tags],
+ [AC_HELP_STRING([--with-tags@<:@=TAGS@:>@],
+ [include additional configurations @<:@automatic@:>@])],
+ [tagnames="$withval"])
+
+if test -f "$ltmain" && test -n "$tagnames"; then
+ if test ! -f "${ofile}"; then
+ AC_MSG_WARN([output file `$ofile' does not exist])
+ fi
+
+ if test -z "$LTCC"; then
+ eval "`$SHELL ${ofile} --config | grep '^LTCC='`"
+ if test -z "$LTCC"; then
+ AC_MSG_WARN([output file `$ofile' does not look like a libtool script])
+ else
+ AC_MSG_WARN([using `LTCC=$LTCC', extracted from `$ofile'])
+ fi
+ fi
+
+ # Extract list of available tagged configurations in $ofile.
+ # Note that this assumes the entire list is on one line.
+ available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'`
+
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for tagname in $tagnames; do
+ IFS="$lt_save_ifs"
+ # Check whether tagname contains only valid characters
+ case `$echo "X$tagname" | $Xsed -e 's:[[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]]::g'` in
+ "") ;;
+ *) AC_MSG_ERROR([invalid tag name: $tagname])
+ ;;
+ esac
+
+ if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null
+ then
+ AC_MSG_ERROR([tag name \"$tagname\" already exists])
+ fi
+
+ # Update the list of available tags.
+ if test -n "$tagname"; then
+ echo appending configuration tag \"$tagname\" to $ofile
+
+ case $tagname in
+ CXX)
+ if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ AC_LIBTOOL_LANG_CXX_CONFIG
+ else
+ tagname=""
+ fi
+ ;;
+
+ F77)
+ if test -n "$F77" && test "X$F77" != "Xno"; then
+ AC_LIBTOOL_LANG_F77_CONFIG
+ else
+ tagname=""
+ fi
+ ;;
+
+ GCJ)
+ if test -n "$GCJ" && test "X$GCJ" != "Xno"; then
+ AC_LIBTOOL_LANG_GCJ_CONFIG
+ else
+ tagname=""
+ fi
+ ;;
+
+ RC)
+ AC_LIBTOOL_LANG_RC_CONFIG
+ ;;
+
+ *)
+ AC_MSG_ERROR([Unsupported tag name: $tagname])
+ ;;
+ esac
+
+ # Append the new tag name to the list of available tags.
+ if test -n "$tagname" ; then
+ available_tags="$available_tags $tagname"
+ fi
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ # Now substitute the updated list of available tags.
+ if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then
+ mv "${ofile}T" "$ofile"
+ chmod +x "$ofile"
+ else
+ rm -f "${ofile}T"
+ AC_MSG_ERROR([unable to update list of available tagged configurations.])
+ fi
+fi
+])# _LT_AC_TAGCONFIG
+
+
+# AC_LIBTOOL_DLOPEN
+# -----------------
+# enable checks for dlopen support
+AC_DEFUN([AC_LIBTOOL_DLOPEN],
+ [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])
+])# AC_LIBTOOL_DLOPEN
+
+
+# AC_LIBTOOL_WIN32_DLL
+# --------------------
+# declare package support for building win32 DLLs
+AC_DEFUN([AC_LIBTOOL_WIN32_DLL],
+[AC_BEFORE([$0], [AC_LIBTOOL_SETUP])
+])# AC_LIBTOOL_WIN32_DLL
+
+
+# AC_ENABLE_SHARED([DEFAULT])
+# ---------------------------
+# implement the --enable-shared flag
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+AC_DEFUN([AC_ENABLE_SHARED],
+[define([AC_ENABLE_SHARED_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE([shared],
+ [AC_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
+ [build shared libraries @<:@default=]AC_ENABLE_SHARED_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_shared=yes ;;
+ no) enable_shared=no ;;
+ *)
+ enable_shared=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_shared=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_shared=]AC_ENABLE_SHARED_DEFAULT)
+])# AC_ENABLE_SHARED
+
+
+# AC_DISABLE_SHARED
+# -----------------
+#- set the default shared flag to --disable-shared
+AC_DEFUN([AC_DISABLE_SHARED],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_SHARED(no)
+])# AC_DISABLE_SHARED
+
+
+# AC_ENABLE_STATIC([DEFAULT])
+# ---------------------------
+# implement the --enable-static flag
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+AC_DEFUN([AC_ENABLE_STATIC],
+[define([AC_ENABLE_STATIC_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE([static],
+ [AC_HELP_STRING([--enable-static@<:@=PKGS@:>@],
+ [build static libraries @<:@default=]AC_ENABLE_STATIC_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_static=yes ;;
+ no) enable_static=no ;;
+ *)
+ enable_static=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_static=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_static=]AC_ENABLE_STATIC_DEFAULT)
+])# AC_ENABLE_STATIC
+
+
+# AC_DISABLE_STATIC
+# -----------------
+# set the default static flag to --disable-static
+AC_DEFUN([AC_DISABLE_STATIC],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_STATIC(no)
+])# AC_DISABLE_STATIC
+
+
+# AC_ENABLE_FAST_INSTALL([DEFAULT])
+# ---------------------------------
+# implement the --enable-fast-install flag
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+AC_DEFUN([AC_ENABLE_FAST_INSTALL],
+[define([AC_ENABLE_FAST_INSTALL_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE([fast-install],
+ [AC_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
+ [optimize for fast installation @<:@default=]AC_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_fast_install=yes ;;
+ no) enable_fast_install=no ;;
+ *)
+ enable_fast_install=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_fast_install=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_fast_install=]AC_ENABLE_FAST_INSTALL_DEFAULT)
+])# AC_ENABLE_FAST_INSTALL
+
+
+# AC_DISABLE_FAST_INSTALL
+# -----------------------
+# set the default to --disable-fast-install
+AC_DEFUN([AC_DISABLE_FAST_INSTALL],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_FAST_INSTALL(no)
+])# AC_DISABLE_FAST_INSTALL
+
+
+# AC_LIBTOOL_PICMODE([MODE])
+# --------------------------
+# implement the --with-pic flag
+# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
+AC_DEFUN([AC_LIBTOOL_PICMODE],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+pic_mode=ifelse($#,1,$1,default)
+])# AC_LIBTOOL_PICMODE
+
+
+# AC_PROG_EGREP
+# -------------
+# This is predefined starting with Autoconf 2.54, so this conditional
+# definition can be removed once we require Autoconf 2.54 or later.
+m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP],
+[AC_CACHE_CHECK([for egrep], [ac_cv_prog_egrep],
+ [if echo a | (grep -E '(a|b)') >/dev/null 2>&1
+ then ac_cv_prog_egrep='grep -E'
+ else ac_cv_prog_egrep='egrep'
+ fi])
+ EGREP=$ac_cv_prog_egrep
+ AC_SUBST([EGREP])
+])])
+
+
+# AC_PATH_TOOL_PREFIX
+# -------------------
+# find a file program which can recognise shared library
+AC_DEFUN([AC_PATH_TOOL_PREFIX],
+[AC_REQUIRE([AC_PROG_EGREP])dnl
+AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
+[case $MAGIC_CMD in
+[[\\/*] | ?:[\\/]*])
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+dnl $ac_dummy forces splitting on constant user-supplied paths.
+dnl POSIX.2 word splitting is done only on the output of word expansions,
+dnl not every word. This closes a longstanding sh security hole.
+ ac_dummy="ifelse([$2], , $PATH, [$2])"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/$1; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/$1"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool at gnu.org
+
+EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac])
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ AC_MSG_RESULT($MAGIC_CMD)
+else
+ AC_MSG_RESULT(no)
+fi
+])# AC_PATH_TOOL_PREFIX
+
+
+# AC_PATH_MAGIC
+# -------------
+# find a file program which can recognise a shared library
+AC_DEFUN([AC_PATH_MAGIC],
+[AC_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+ if test -n "$ac_tool_prefix"; then
+ AC_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
+ else
+ MAGIC_CMD=:
+ fi
+fi
+])# AC_PATH_MAGIC
+
+
+# AC_PROG_LD
+# ----------
+# find the pathname to the GNU or non-GNU linker
+AC_DEFUN([AC_PROG_LD],
+[AC_ARG_WITH([gnu-ld],
+ [AC_HELP_STRING([--with-gnu-ld],
+ [assume the C compiler uses GNU ld @<:@default=no@:>@])],
+ [test "$withval" = no || with_gnu_ld=yes],
+ [with_gnu_ld=no])
+AC_REQUIRE([LT_AC_PROG_SED])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ AC_MSG_CHECKING([for ld used by $CC])
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [[\\/]]* | ?:[[\\/]]*)
+ re_direlt='/[[^/]][[^/]]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'`
+ while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ AC_MSG_CHECKING([for GNU ld])
+else
+ AC_MSG_CHECKING([for non-GNU ld])
+fi
+AC_CACHE_VAL(lt_cv_path_LD,
+[if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some variants of GNU ld only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi])
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ AC_MSG_RESULT($LD)
+else
+ AC_MSG_RESULT(no)
+fi
+test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
+AC_PROG_LD_GNU
+])# AC_PROG_LD
+
+
+# AC_PROG_LD_GNU
+# --------------
+AC_DEFUN([AC_PROG_LD_GNU],
+[AC_REQUIRE([AC_PROG_EGREP])dnl
+AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
+[# I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac])
+with_gnu_ld=$lt_cv_prog_gnu_ld
+])# AC_PROG_LD_GNU
+
+
+# AC_PROG_LD_RELOAD_FLAG
+# ----------------------
+# find reload flag for linker
+# -- PORTME Some linkers may need a different reload flag.
+AC_DEFUN([AC_PROG_LD_RELOAD_FLAG],
+[AC_CACHE_CHECK([for $LD option to reload object files],
+ lt_cv_ld_reload_flag,
+ [lt_cv_ld_reload_flag='-r'])
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+ darwin*)
+ if test "$GCC" = yes; then
+ reload_cmds='$CC -nostdlib ${wl}-r -o $output$reload_objs'
+ else
+ reload_cmds='$LD$reload_flag -o $output$reload_objs'
+ fi
+ ;;
+esac
+])# AC_PROG_LD_RELOAD_FLAG
+
+
+# AC_DEPLIBS_CHECK_METHOD
+# -----------------------
+# how to check for library dependencies
+# -- PORTME fill in with the dynamic library characteristics
+AC_DEFUN([AC_DEPLIBS_CHECK_METHOD],
+[AC_CACHE_CHECK([how to recognise dependent libraries],
+lt_cv_deplibs_check_method,
+[lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix4* | aix5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+beos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+bsdi[[45]]*)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
+ lt_cv_file_magic_cmd='/usr/bin/file -L'
+ lt_cv_file_magic_test_file=/shlib/libc.so
+ ;;
+
+cygwin*)
+ # func_win32_libid is a shell function defined in ltmain.sh
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ ;;
+
+mingw* | pw32*)
+ # Base MSYS/MinGW do not provide the 'file' command needed by
+ # func_win32_libid shell function, so use a weaker test based on 'objdump'.
+ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
+darwin* | rhapsody*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+freebsd* | kfreebsd*-gnu | dragonfly*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+ case $host_cpu in
+ i*86 )
+ # Not sure whether the presence of OpenBSD here was a mistake.
+ # Let's accept both of them until this is cleared up.
+ lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+ ;;
+ esac
+ else
+ lt_cv_deplibs_check_method=pass_all
+ fi
+ ;;
+
+gnu*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+hpux10.20* | hpux11*)
+ lt_cv_file_magic_cmd=/usr/bin/file
+ case $host_cpu in
+ ia64*)
+ lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
+ lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+ ;;
+ hppa*64*)
+ [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]']
+ lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+ ;;
+ *)
+ lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library'
+ lt_cv_file_magic_test_file=/usr/lib/libc.sl
+ ;;
+ esac
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $LD in
+ *-32|*"-32 ") libmagic=32-bit;;
+ *-n32|*"-n32 ") libmagic=N32;;
+ *-64|*"-64 ") libmagic=64-bit;;
+ *) libmagic=never-match;;
+ esac
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
+ fi
+ ;;
+
+newos6*)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=/usr/lib/libnls.so
+ ;;
+
+nto-qnx*)
+ lt_cv_deplibs_check_method=unknown
+ ;;
+
+openbsd*)
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+ fi
+ ;;
+
+osf3* | osf4* | osf5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sco3.2v5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+solaris*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ case $host_vendor in
+ motorola)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+ ;;
+ ncr)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ sequent)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
+ ;;
+ sni)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
+ lt_cv_file_magic_test_file=/lib/libc.so
+ ;;
+ siemens)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ esac
+ ;;
+
+sysv5OpenUNIX8* | sysv5UnixWare7* | sysv5uw[[78]]* | unixware7* | sysv4*uw2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+esac
+])
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+])# AC_DEPLIBS_CHECK_METHOD
+
+
+# AC_PROG_NM
+# ----------
+# find the pathname to a BSD-compatible name lister
+AC_DEFUN([AC_PROG_NM],
+[AC_CACHE_CHECK([for BSD-compatible nm], lt_cv_path_NM,
+[if test -n "$NM"; then
+ # Let the user override the test.
+ lt_cv_path_NM="$NM"
+else
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH /usr/ccs/bin /usr/ucb /bin; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ tmp_nm="$ac_dir/${ac_tool_prefix}nm"
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+ # Check to see if the nm accepts a BSD-compat flag.
+ # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+ # nm: unknown option "B" ignored
+ # Tru64's nm complains that /dev/null is an invalid object file
+ case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+ */dev/null* | *'Invalid file or object type'*)
+ lt_cv_path_NM="$tmp_nm -B"
+ break
+ ;;
+ *)
+ case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+ */dev/null*)
+ lt_cv_path_NM="$tmp_nm -p"
+ break
+ ;;
+ *)
+ lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+ continue # so that we can try to find one that supports BSD flags
+ ;;
+ esac
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+ test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm
+fi])
+NM="$lt_cv_path_NM"
+])# AC_PROG_NM
+
+
+# AC_CHECK_LIBM
+# -------------
+# check for math library
+AC_DEFUN([AC_CHECK_LIBM],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+LIBM=
+case $host in
+*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*)
+ # These system don't have libm, or don't need it
+ ;;
+*-ncr-sysv4.3*)
+ AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw")
+ AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
+ ;;
+*)
+ AC_CHECK_LIB(m, cos, LIBM="-lm")
+ ;;
+esac
+])# AC_CHECK_LIBM
+
+
+# AC_LIBLTDL_CONVENIENCE([DIRECTORY])
+# -----------------------------------
+# sets LIBLTDL to the link flags for the libltdl convenience library and
+# LTDLINCL to the include flags for the libltdl header and adds
+# --enable-ltdl-convenience to the configure arguments. Note that
+# AC_CONFIG_SUBDIRS is not called here. If DIRECTORY is not provided,
+# it is assumed to be `libltdl'. LIBLTDL will be prefixed with
+# '${top_builddir}/' and LTDLINCL will be prefixed with '${top_srcdir}/'
+# (note the single quotes!). If your package is not flat and you're not
+# using automake, define top_builddir and top_srcdir appropriately in
+# the Makefiles.
+AC_DEFUN([AC_LIBLTDL_CONVENIENCE],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+ case $enable_ltdl_convenience in
+ no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;;
+ "") enable_ltdl_convenience=yes
+ ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;;
+ esac
+ LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdlc.la
+ LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
+ # For backwards non-gettext consistent compatibility...
+ INCLTDL="$LTDLINCL"
+])# AC_LIBLTDL_CONVENIENCE
+
+
+# AC_LIBLTDL_INSTALLABLE([DIRECTORY])
+# -----------------------------------
+# sets LIBLTDL to the link flags for the libltdl installable library and
+# LTDLINCL to the include flags for the libltdl header and adds
+# --enable-ltdl-install to the configure arguments. Note that
+# AC_CONFIG_SUBDIRS is not called here. If DIRECTORY is not provided,
+# and an installed libltdl is not found, it is assumed to be `libltdl'.
+# LIBLTDL will be prefixed with '${top_builddir}/'# and LTDLINCL with
+# '${top_srcdir}/' (note the single quotes!). If your package is not
+# flat and you're not using automake, define top_builddir and top_srcdir
+# appropriately in the Makefiles.
+# In the future, this macro may have to be called after AC_PROG_LIBTOOL.
+AC_DEFUN([AC_LIBLTDL_INSTALLABLE],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+ AC_CHECK_LIB(ltdl, lt_dlinit,
+ [test x"$enable_ltdl_install" != xyes && enable_ltdl_install=no],
+ [if test x"$enable_ltdl_install" = xno; then
+ AC_MSG_WARN([libltdl not installed, but installation disabled])
+ else
+ enable_ltdl_install=yes
+ fi
+ ])
+ if test x"$enable_ltdl_install" = x"yes"; then
+ ac_configure_args="$ac_configure_args --enable-ltdl-install"
+ LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdl.la
+ LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
+ else
+ ac_configure_args="$ac_configure_args --enable-ltdl-install=no"
+ LIBLTDL="-lltdl"
+ LTDLINCL=
+ fi
+ # For backwards non-gettext consistent compatibility...
+ INCLTDL="$LTDLINCL"
+])# AC_LIBLTDL_INSTALLABLE
+
+
+# AC_LIBTOOL_CXX
+# --------------
+# enable support for C++ libraries
+AC_DEFUN([AC_LIBTOOL_CXX],
+[AC_REQUIRE([_LT_AC_LANG_CXX])
+])# AC_LIBTOOL_CXX
+
+
+# _LT_AC_LANG_CXX
+# ---------------
+AC_DEFUN([_LT_AC_LANG_CXX],
+[AC_REQUIRE([AC_PROG_CXX])
+AC_REQUIRE([_LT_AC_PROG_CXXCPP])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}CXX])
+])# _LT_AC_LANG_CXX
+
+# _LT_AC_PROG_CXXCPP
+# ---------------
+AC_DEFUN([_LT_AC_PROG_CXXCPP],
+[
+AC_REQUIRE([AC_PROG_CXX])
+if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ AC_PROG_CXXCPP
+fi
+])# _LT_AC_PROG_CXXCPP
+
+# AC_LIBTOOL_F77
+# --------------
+# enable support for Fortran 77 libraries
+AC_DEFUN([AC_LIBTOOL_F77],
+[AC_REQUIRE([_LT_AC_LANG_F77])
+])# AC_LIBTOOL_F77
+
+
+# _LT_AC_LANG_F77
+# ---------------
+AC_DEFUN([_LT_AC_LANG_F77],
+[AC_REQUIRE([AC_PROG_F77])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}F77])
+])# _LT_AC_LANG_F77
+
+
+# AC_LIBTOOL_GCJ
+# --------------
+# enable support for GCJ libraries
+AC_DEFUN([AC_LIBTOOL_GCJ],
+[AC_REQUIRE([_LT_AC_LANG_GCJ])
+])# AC_LIBTOOL_GCJ
+
+
+# _LT_AC_LANG_GCJ
+# ---------------
+AC_DEFUN([_LT_AC_LANG_GCJ],
+[AC_PROVIDE_IFELSE([AC_PROG_GCJ],[],
+ [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],[],
+ [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ],[],
+ [ifdef([AC_PROG_GCJ],[AC_REQUIRE([AC_PROG_GCJ])],
+ [ifdef([A][M_PROG_GCJ],[AC_REQUIRE([A][M_PROG_GCJ])],
+ [AC_REQUIRE([A][C_PROG_GCJ_OR_A][M_PROG_GCJ])])])])])])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}GCJ])
+])# _LT_AC_LANG_GCJ
+
+
+# AC_LIBTOOL_RC
+# --------------
+# enable support for Windows resource files
+AC_DEFUN([AC_LIBTOOL_RC],
+[AC_REQUIRE([LT_AC_PROG_RC])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}RC])
+])# AC_LIBTOOL_RC
+
+
+# AC_LIBTOOL_LANG_C_CONFIG
+# ------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined. Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG], [_LT_AC_LANG_C_CONFIG])
+AC_DEFUN([_LT_AC_LANG_C_CONFIG],
+[lt_save_CC="$CC"
+AC_LANG_PUSH(C)
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}\n'
+
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+#
+# Check for any special shared library compilation flags.
+#
+_LT_AC_TAGVAR(lt_prog_cc_shlib, $1)=
+if test "$GCC" = no; then
+ case $host_os in
+ sco3.2v5*)
+ _LT_AC_TAGVAR(lt_prog_cc_shlib, $1)='-belf'
+ ;;
+ esac
+fi
+if test -n "$_LT_AC_TAGVAR(lt_prog_cc_shlib, $1)"; then
+ AC_MSG_WARN([`$CC' requires `$_LT_AC_TAGVAR(lt_prog_cc_shlib, $1)' to build shared libraries])
+ if echo "$old_CC $old_CFLAGS " | grep "[[ ]]$_LT_AC_TAGVAR(lt_prog_cc_shlib, $1)[[ ]]" >/dev/null; then :
+ else
+ AC_MSG_WARN([add `$_LT_AC_TAGVAR(lt_prog_cc_shlib, $1)' to the CC or CFLAGS env variable and reconfigure])
+ _LT_AC_TAGVAR(lt_cv_prog_cc_can_build_shared, $1)=no
+ fi
+fi
+
+
+#
+# Check to make sure the static flag actually works.
+#
+AC_LIBTOOL_LINKER_OPTION([if $compiler static flag $_LT_AC_TAGVAR(lt_prog_compiler_static, $1) works],
+ _LT_AC_TAGVAR(lt_prog_compiler_static_works, $1),
+ $_LT_AC_TAGVAR(lt_prog_compiler_static, $1),
+ [],
+ [_LT_AC_TAGVAR(lt_prog_compiler_static, $1)=])
+
+
+AC_LIBTOOL_PROG_COMPILER_NO_RTTI($1)
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+AC_LIBTOOL_SYS_LIB_STRIP
+AC_LIBTOOL_DLOPEN_SELF($1)
+
+# Report which librarie types wil actually be built
+AC_MSG_CHECKING([if libtool supports shared libraries])
+AC_MSG_RESULT([$can_build_shared])
+
+AC_MSG_CHECKING([whether to build shared libraries])
+test "$can_build_shared" = "no" && enable_shared=no
+
+# On AIX, shared libraries and static libraries use the same namespace, and
+# are all built from PIC.
+case $host_os in
+aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+
+aix4* | aix5*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+esac
+AC_MSG_RESULT([$enable_shared])
+
+AC_MSG_CHECKING([whether to build static libraries])
+# Make sure either enable_shared or enable_static is yes.
+test "$enable_shared" = yes || enable_static=yes
+AC_MSG_RESULT([$enable_static])
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_POP
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_C_CONFIG
+
+
+# AC_LIBTOOL_LANG_CXX_CONFIG
+# --------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined. Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG], [_LT_AC_LANG_CXX_CONFIG(CXX)])
+AC_DEFUN([_LT_AC_LANG_CXX_CONFIG],
+[AC_LANG_PUSH(C++)
+AC_REQUIRE([AC_PROG_CXX])
+AC_REQUIRE([_LT_AC_PROG_CXXCPP])
+
+_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_AC_TAGVAR(allow_undefined_flag, $1)=
+_LT_AC_TAGVAR(always_export_symbols, $1)=no
+_LT_AC_TAGVAR(archive_expsym_cmds, $1)=
+_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_direct, $1)=no
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_AC_TAGVAR(hardcode_minus_L, $1)=no
+_LT_AC_TAGVAR(hardcode_automatic, $1)=no
+_LT_AC_TAGVAR(module_cmds, $1)=
+_LT_AC_TAGVAR(module_expsym_cmds, $1)=
+_LT_AC_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_AC_TAGVAR(no_undefined_flag, $1)=
+_LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Dependencies to place before and after the object being linked:
+_LT_AC_TAGVAR(predep_objects, $1)=
+_LT_AC_TAGVAR(postdep_objects, $1)=
+_LT_AC_TAGVAR(predeps, $1)=
+_LT_AC_TAGVAR(postdeps, $1)=
+_LT_AC_TAGVAR(compiler_lib_search_path, $1)=
+
+# Source file extension for C++ test sources.
+ac_ext=cpp
+
+# Object file extension for compiled C++ test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(int, char *[]) { return(0); }\n'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC=$CC
+lt_save_LD=$LD
+lt_save_GCC=$GCC
+GCC=$GXX
+lt_save_with_gnu_ld=$with_gnu_ld
+lt_save_path_LD=$lt_cv_path_LD
+if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+ lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+else
+ unset lt_cv_prog_gnu_ld
+fi
+if test -n "${lt_cv_path_LDCXX+set}"; then
+ lt_cv_path_LD=$lt_cv_path_LDCXX
+else
+ unset lt_cv_path_LD
+fi
+test -z "${LDCXX+set}" || LD=$LDCXX
+CC=${CXX-"c++"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+
+# We don't want -fno-exception wen compiling C++ code, so set the
+# no_builtin_flag separately
+if test "$GXX" = yes; then
+ _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+else
+ _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+fi
+
+if test "$GXX" = yes; then
+ # Set up default GNU C++ configuration
+
+ AC_PROG_LD
+
+ # Check if GNU C++ uses GNU ld as the underlying linker, since the
+ # archiving commands below assume that GNU ld is being used.
+ if test "$with_gnu_ld" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+ # investigate it a little bit more. (MM)
+ wlarc='${wl}'
+
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if eval "`$CC -print-prog-name=ld` --help 2>&1" | \
+ grep 'no-whole-archive' > /dev/null; then
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ else
+ with_gnu_ld=no
+ wlarc=
+
+ # A generic and very simple default shared library creation
+ # command for GNU C++ for the case where it uses the native
+ # linker, instead of GNU ld. If possible, this setting should
+ # overridden to take advantage of the native linker features on
+ # the platform it is being used on.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ fi
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+else
+ GXX=no
+ with_gnu_ld=no
+ wlarc=
+fi
+
+# PORTME: fill in a description of your system's C++ link characteristics
+AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+_LT_AC_TAGVAR(ld_shlibs, $1)=yes
+case $host_os in
+ aix3*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ case $ld_flag in
+ *-brtl*)
+ aix_use_runtimelinking=yes
+ break
+ ;;
+ esac
+ done
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ _LT_AC_TAGVAR(archive_cmds, $1)=''
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+ if test "$GXX" = yes; then
+ case $host_os in aix4.[[012]]|aix4.[[012]].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ else
+ # We have old collect2
+ _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+ fi
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok'
+ # Determine the default libpath from the value encoded in an empty executable.
+ _LT_AC_SYS_LIBPATH_AIX
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an empty executable.
+ _LT_AC_SYS_LIBPATH_AIX
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+ # -bexpall does not export symbols beginning with underscore (_)
+ _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+ # Exported symbols can be pulled into shared objects from archives
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=' '
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}-bE:$export_symbols ${wl}-bnoentry${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+ chorus*)
+ case $cc_basename in
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+
+ cygwin* | mingw* | pw32*)
+ # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+ # as there is no search path for DLLs.
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_AC_TAGVAR(always_export_symbols, $1)=no
+ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ darwin* | rhapsody*)
+ case $host_os in
+ rhapsody* | darwin1.[[012]])
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress'
+ ;;
+ *) # Darwin 1.3 on
+ if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ else
+ case ${MACOSX_DEPLOYMENT_TARGET} in
+ 10.[[012]])
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ ;;
+ 10.*)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_automatic, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=''
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+ if test "$GXX" = yes ; then
+ lt_int_apple_cc_single_mod=no
+ output_verbose_link_cmd='echo'
+ if $CC -dumpspecs 2>&1 | $EGREP 'single_module' >/dev/null ; then
+ lt_int_apple_cc_single_mod=yes
+ fi
+ if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ fi
+ _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ fi
+ _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ case $cc_basename in
+ xlc*)
+ output_verbose_link_cmd='echo'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+ _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ ;;
+ *)
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ fi
+ ;;
+
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+ freebsd[[12]]*)
+ # C++ shared libraries reported to be fairly broken before switch to ELF
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ freebsd-elf*)
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ ;;
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+ # conventions
+ _LT_AC_TAGVAR(ld_shlibs, $1)=yes
+ ;;
+ gnu*)
+ ;;
+ hpux9*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aCC*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "[[-]]L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+ hpux10*|hpux11*)
+ if test $with_gnu_ld = no; then
+ case $host_cpu in
+ hppa*64*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+ ia64*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ ;;
+ *)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ ;;
+ esac
+ fi
+ case $host_cpu in
+ hppa*64*)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+ ia64*)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+ ;;
+ *)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+ ;;
+ esac
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aCC*)
+ case $host_cpu in
+ hppa*64*|ia64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname -o $lib $linker_flags $libobjs $deplibs'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test $with_gnu_ld = no; then
+ case $host_cpu in
+ ia64*|hppa*64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname -o $lib $linker_flags $libobjs $deplibs'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ fi
+ else
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+ irix5* | irix6*)
+ case $cc_basename in
+ CC*)
+ # SGI C++
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+
+ # Archives containing C++ object files must be created using
+ # "CC -ar", where "CC" is the IRIX C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test "$with_gnu_ld" = no; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` -o $lib'
+ fi
+ fi
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+ esac
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+ linux*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | grep "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath,$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+ # Archives containing C++ object files must be created using
+ # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
+ ;;
+ icpc*)
+ # Intel C++
+ with_gnu_ld=yes
+ # version 8.0 and above of icpc choke on multiply defined symbols
+ # if we add $predep_objects and $postdep_objects, however 7.1 and
+ # earlier do not add the objects themselves.
+ case `$CC -V 2>&1` in
+ *"Version 7."*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ *) # Version 8.0 or newer
+ tmp_idyn=
+ case $host_cpu in
+ ia64*) tmp_idyn=' -i_dynamic';;
+ esac
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ esac
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ ;;
+ pgCC*)
+ # Portland Group C++ compiler
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ ;;
+ cxx*)
+ # Compaq C++
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
+
+ runpath_var=LD_RUN_PATH
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ esac
+ ;;
+ lynxos*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ m88k*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+ wlarc=
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ fi
+ # Workaround some broken pre-1.5 toolchains
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+ ;;
+ openbsd2*)
+ # C++ shared libraries are fairly broken
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ openbsd*)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ fi
+ output_verbose_link_cmd='echo'
+ ;;
+ osf3*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Archives containing C++ object files must be created using
+ # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
+
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ cxx*)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && echo ${wl}-set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+ else
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+ osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Archives containing C++ object files must be created using
+ # the KAI C++ compiler.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs'
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ cxx*)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+ echo "-hidden">> $lib.exp~
+ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname -Wl,-input -Wl,$lib.exp `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~
+ $rm $lib.exp'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+ else
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+ psos*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ sco*)
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ lcc*)
+ # Lucid
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ _LT_AC_TAGVAR(archive_cmds_need_lc,$1)=yes
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' -zdefs'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ case $host_os in
+ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+ *)
+ # The C++ compiler is used as linker so we must use $wl
+ # flag to pass the commands to the underlying system
+ # linker. We must also pass each convience library through
+ # to the system linker between allextract/defaultextract.
+ # The C++ compiler will combine linker options so we
+ # cannot just pass the convience library names through
+ # without $wl.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract'
+ ;;
+ esac
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+ output_verbose_link_cmd='echo'
+
+ # Archives containing C++ object files must be created using
+ # "CC -xar", where "CC" is the Sun C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+
+ # The C++ compiler must be used to create the archive.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+ ;;
+ *)
+ # GNU C++ compiler with Solaris linker
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs'
+ if $CC --version | grep -v '^2\.7' > /dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd="$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
+ else
+ # g++ 2.7 appears to require `-G' NOT `-shared' on this
+ # platform.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd="$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
+ fi
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir'
+ fi
+ ;;
+ esac
+ ;;
+ sysv5OpenUNIX8* | sysv5UnixWare7* | sysv5uw[[78]]* | unixware7*)
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ ;;
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+ vxworks*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+esac
+AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)])
+test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+_LT_AC_TAGVAR(GCC, $1)="$GXX"
+_LT_AC_TAGVAR(LD, $1)="$LD"
+
+AC_LIBTOOL_POSTDEP_PREDEP($1)
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+AC_LIBTOOL_SYS_LIB_STRIP
+AC_LIBTOOL_DLOPEN_SELF($1)
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_POP
+CC=$lt_save_CC
+LDCXX=$LD
+LD=$lt_save_LD
+GCC=$lt_save_GCC
+with_gnu_ldcxx=$with_gnu_ld
+with_gnu_ld=$lt_save_with_gnu_ld
+lt_cv_path_LDCXX=$lt_cv_path_LD
+lt_cv_path_LD=$lt_save_path_LD
+lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+])# AC_LIBTOOL_LANG_CXX_CONFIG
+
+# AC_LIBTOOL_POSTDEP_PREDEP([TAGNAME])
+# ------------------------
+# Figure out "hidden" library dependencies from verbose
+# compiler output when linking a shared library.
+# Parse the compiler output and extract the necessary
+# objects, libraries and library flags.
+AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP],[
+dnl we can't use the lt_simple_compile_test_code here,
+dnl because it contains code intended for an executable,
+dnl not a library. It's possible we should let each
+dnl tag define a new lt_????_link_test_code variable,
+dnl but it's only used here...
+ifelse([$1],[],[cat > conftest.$ac_ext <<EOF
+int a;
+void foo (void) { a = 0; }
+EOF
+],[$1],[CXX],[cat > conftest.$ac_ext <<EOF
+class Foo
+{
+public:
+ Foo (void) { a = 0; }
+private:
+ int a;
+};
+EOF
+],[$1],[F77],[cat > conftest.$ac_ext <<EOF
+ subroutine foo
+ implicit none
+ integer*4 a
+ a=0
+ return
+ end
+EOF
+],[$1],[GCJ],[cat > conftest.$ac_ext <<EOF
+public class foo {
+ private int a;
+ public void bar (void) {
+ a = 0;
+ }
+};
+EOF
+])
+dnl Parse the compiler output and extract the necessary
+dnl objects, libraries and library flags.
+if AC_TRY_EVAL(ac_compile); then
+ # Parse the compiler output and extract the necessary
+ # objects, libraries and library flags.
+
+ # Sentinel used to keep track of whether or not we are before
+ # the conftest object file.
+ pre_test_object_deps_done=no
+
+ # The `*' in the case matches for architectures that use `case' in
+ # $output_verbose_cmd can trigger glob expansion during the loop
+ # eval without this substitution.
+ output_verbose_link_cmd=`$echo "X$output_verbose_link_cmd" | $Xsed -e "$no_glob_subst"`
+
+ for p in `eval $output_verbose_link_cmd`; do
+ case $p in
+
+ -L* | -R* | -l*)
+ # Some compilers place space between "-{L,R}" and the path.
+ # Remove the space.
+ if test $p = "-L" \
+ || test $p = "-R"; then
+ prev=$p
+ continue
+ else
+ prev=
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ case $p in
+ -L* | -R*)
+ # Internal compiler library paths should come after those
+ # provided the user. The postdeps already come after the
+ # user supplied libs so there is no need to process them.
+ if test -z "$_LT_AC_TAGVAR(compiler_lib_search_path, $1)"; then
+ _LT_AC_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}"
+ else
+ _LT_AC_TAGVAR(compiler_lib_search_path, $1)="${_LT_AC_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}"
+ fi
+ ;;
+ # The "-l" case would never come before the object being
+ # linked, so don't bother handling this case.
+ esac
+ else
+ if test -z "$_LT_AC_TAGVAR(postdeps, $1)"; then
+ _LT_AC_TAGVAR(postdeps, $1)="${prev}${p}"
+ else
+ _LT_AC_TAGVAR(postdeps, $1)="${_LT_AC_TAGVAR(postdeps, $1)} ${prev}${p}"
+ fi
+ fi
+ ;;
+
+ *.$objext)
+ # This assumes that the test object file only shows up
+ # once in the compiler output.
+ if test "$p" = "conftest.$objext"; then
+ pre_test_object_deps_done=yes
+ continue
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ if test -z "$_LT_AC_TAGVAR(predep_objects, $1)"; then
+ _LT_AC_TAGVAR(predep_objects, $1)="$p"
+ else
+ _LT_AC_TAGVAR(predep_objects, $1)="$_LT_AC_TAGVAR(predep_objects, $1) $p"
+ fi
+ else
+ if test -z "$_LT_AC_TAGVAR(postdep_objects, $1)"; then
+ _LT_AC_TAGVAR(postdep_objects, $1)="$p"
+ else
+ _LT_AC_TAGVAR(postdep_objects, $1)="$_LT_AC_TAGVAR(postdep_objects, $1) $p"
+ fi
+ fi
+ ;;
+
+ *) ;; # Ignore the rest.
+
+ esac
+ done
+
+ # Clean up.
+ rm -f a.out a.exe
+else
+ echo "libtool.m4: error: problem compiling $1 test program"
+fi
+
+$rm -f confest.$objext
+
+# PORTME: override above test on systems where it is broken
+ifelse([$1],[CXX],
+[case $host_os in
+solaris*)
+ case $cc_basename in
+ CC*)
+ # Adding this requires a known-good setup of shared libraries for
+ # Sun compiler versions before 5.6, else PIC objects from an old
+ # archive will be linked into the output, leading to subtle bugs.
+ _LT_AC_TAGVAR(postdeps,$1)='-lCstd -lCrun'
+ ;;
+ esac
+esac
+])
+
+case " $_LT_AC_TAGVAR(postdeps, $1) " in
+*" -lc "*) _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no ;;
+esac
+])# AC_LIBTOOL_POSTDEP_PREDEP
+
+# AC_LIBTOOL_LANG_F77_CONFIG
+# ------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined. Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG], [_LT_AC_LANG_F77_CONFIG(F77)])
+AC_DEFUN([_LT_AC_LANG_F77_CONFIG],
+[AC_REQUIRE([AC_PROG_F77])
+AC_LANG_PUSH(Fortran 77)
+
+_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_AC_TAGVAR(allow_undefined_flag, $1)=
+_LT_AC_TAGVAR(always_export_symbols, $1)=no
+_LT_AC_TAGVAR(archive_expsym_cmds, $1)=
+_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_direct, $1)=no
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_AC_TAGVAR(hardcode_minus_L, $1)=no
+_LT_AC_TAGVAR(hardcode_automatic, $1)=no
+_LT_AC_TAGVAR(module_cmds, $1)=
+_LT_AC_TAGVAR(module_expsym_cmds, $1)=
+_LT_AC_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_AC_TAGVAR(no_undefined_flag, $1)=
+_LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for f77 test sources.
+ac_ext=f
+
+# Object file extension for compiled f77 test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code=" subroutine t\n return\n end\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code=" program t\n end\n"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${F77-"f77"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+
+AC_MSG_CHECKING([if libtool supports shared libraries])
+AC_MSG_RESULT([$can_build_shared])
+
+AC_MSG_CHECKING([whether to build shared libraries])
+test "$can_build_shared" = "no" && enable_shared=no
+
+# On AIX, shared libraries and static libraries use the same namespace, and
+# are all built from PIC.
+case $host_os in
+aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+aix4* | aix5*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+esac
+AC_MSG_RESULT([$enable_shared])
+
+AC_MSG_CHECKING([whether to build static libraries])
+# Make sure either enable_shared or enable_static is yes.
+test "$enable_shared" = yes || enable_static=yes
+AC_MSG_RESULT([$enable_static])
+
+test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+_LT_AC_TAGVAR(GCC, $1)="$G77"
+_LT_AC_TAGVAR(LD, $1)="$LD"
+
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+AC_LIBTOOL_SYS_LIB_STRIP
+
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_POP
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_F77_CONFIG
+
+
+# AC_LIBTOOL_LANG_GCJ_CONFIG
+# --------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined. Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG], [_LT_AC_LANG_GCJ_CONFIG(GCJ)])
+AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG],
+[AC_LANG_SAVE
+
+# Source file extension for Java test sources.
+ac_ext=java
+
+# Object file extension for compiled Java test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="class foo {}\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }\n'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${GCJ-"gcj"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+
+# GCJ did not exist at the time GCC didn't implicitly link libc in.
+_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+
+_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+
+AC_LIBTOOL_PROG_COMPILER_NO_RTTI($1)
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+AC_LIBTOOL_SYS_LIB_STRIP
+AC_LIBTOOL_DLOPEN_SELF($1)
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_RESTORE
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_GCJ_CONFIG
+
+
+# AC_LIBTOOL_LANG_RC_CONFIG
+# --------------------------
+# Ensure that the configuration vars for the Windows resource compiler are
+# suitably defined. Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG], [_LT_AC_LANG_RC_CONFIG(RC)])
+AC_DEFUN([_LT_AC_LANG_RC_CONFIG],
+[AC_LANG_SAVE
+
+# Source file extension for RC test sources.
+ac_ext=rc
+
+# Object file extension for compiled RC test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }\n'
+
+# Code to be used in simple link tests
+lt_simple_link_test_code="$lt_simple_compile_test_code"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${RC-"windres"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_RESTORE
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_RC_CONFIG
+
+
+# AC_LIBTOOL_CONFIG([TAGNAME])
+# ----------------------------
+# If TAGNAME is not passed, then create an initial libtool script
+# with a default configuration from the untagged config vars. Otherwise
+# add code to config.status for appending the configuration named by
+# TAGNAME from the matching tagged config vars.
+AC_DEFUN([AC_LIBTOOL_CONFIG],
+[# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+ # See if we are running on zsh, and set the options which allow our commands through
+ # without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+ # Now quote all the things that may contain metacharacters while being
+ # careful not to overquote the AC_SUBSTed values. We take copies of the
+ # variables and quote the copies for generation of the libtool script.
+ for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC NM \
+ SED SHELL STRIP \
+ libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+ old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+ deplibs_check_method reload_flag reload_cmds need_locks \
+ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+ lt_cv_sys_global_symbol_to_c_name_address \
+ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+ old_postinstall_cmds old_postuninstall_cmds \
+ _LT_AC_TAGVAR(compiler, $1) \
+ _LT_AC_TAGVAR(CC, $1) \
+ _LT_AC_TAGVAR(LD, $1) \
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1) \
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1) \
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1) \
+ _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) \
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1) \
+ _LT_AC_TAGVAR(thread_safe_flag_spec, $1) \
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1) \
+ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1) \
+ _LT_AC_TAGVAR(old_archive_cmds, $1) \
+ _LT_AC_TAGVAR(old_archive_from_new_cmds, $1) \
+ _LT_AC_TAGVAR(predep_objects, $1) \
+ _LT_AC_TAGVAR(postdep_objects, $1) \
+ _LT_AC_TAGVAR(predeps, $1) \
+ _LT_AC_TAGVAR(postdeps, $1) \
+ _LT_AC_TAGVAR(compiler_lib_search_path, $1) \
+ _LT_AC_TAGVAR(archive_cmds, $1) \
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1) \
+ _LT_AC_TAGVAR(postinstall_cmds, $1) \
+ _LT_AC_TAGVAR(postuninstall_cmds, $1) \
+ _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1) \
+ _LT_AC_TAGVAR(allow_undefined_flag, $1) \
+ _LT_AC_TAGVAR(no_undefined_flag, $1) \
+ _LT_AC_TAGVAR(export_symbols_cmds, $1) \
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) \
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1) \
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1) \
+ _LT_AC_TAGVAR(hardcode_automatic, $1) \
+ _LT_AC_TAGVAR(module_cmds, $1) \
+ _LT_AC_TAGVAR(module_expsym_cmds, $1) \
+ _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1) \
+ _LT_AC_TAGVAR(exclude_expsyms, $1) \
+ _LT_AC_TAGVAR(include_expsyms, $1); do
+
+ case $var in
+ _LT_AC_TAGVAR(old_archive_cmds, $1) | \
+ _LT_AC_TAGVAR(old_archive_from_new_cmds, $1) | \
+ _LT_AC_TAGVAR(archive_cmds, $1) | \
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1) | \
+ _LT_AC_TAGVAR(module_cmds, $1) | \
+ _LT_AC_TAGVAR(module_expsym_cmds, $1) | \
+ _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1) | \
+ _LT_AC_TAGVAR(export_symbols_cmds, $1) | \
+ extract_expsyms_cmds | reload_cmds | finish_cmds | \
+ postinstall_cmds | postuninstall_cmds | \
+ old_postinstall_cmds | old_postuninstall_cmds | \
+ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+ # Double-quote double-evaled strings.
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+ ;;
+ *)
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+ ;;
+ esac
+ done
+
+ case $lt_echo in
+ *'\[$]0 --fallback-echo"')
+ lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\[$]0 --fallback-echo"[$]/[$]0 --fallback-echo"/'`
+ ;;
+ esac
+
+ifelse([$1], [],
+ [cfgfile="${ofile}T"
+ trap "$rm \"$cfgfile\"; exit 1" 1 2 15
+ $rm -f "$cfgfile"
+ AC_MSG_NOTICE([creating $ofile])],
+ [cfgfile="$ofile"])
+
+ cat <<__EOF__ >> "$cfgfile"
+ifelse([$1], [],
+[#! $SHELL
+
+# `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
+# Free Software Foundation, Inc.
+#
+# This file is part of GNU Libtool:
+# Originally by Gordon Matzigkeit <gord at gnu.ai.mit.edu>, 1996
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="$SED -e 1s/^X//"
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+# The names of the tagged configurations supported by this script.
+available_tags=
+
+# ### BEGIN LIBTOOL CONFIG],
+[# ### BEGIN LIBTOOL TAG CONFIG: $tagname])
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# A language-specific compiler.
+CC=$lt_[]_LT_AC_TAGVAR(compiler, $1)
+
+# Is the compiler the GNU C compiler?
+with_gcc=$_LT_AC_TAGVAR(GCC, $1)
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_[]_LT_AC_TAGVAR(LD, $1)
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_[]_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_static, $1)
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_[]_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_[]_LT_AC_TAGVAR(whole_archive_flag_spec, $1)
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_[]_LT_AC_TAGVAR(thread_safe_flag_spec, $1)
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_cmds, $1)
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_new_cmds, $1)
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1)
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_[]_LT_AC_TAGVAR(archive_cmds, $1)
+archive_expsym_cmds=$lt_[]_LT_AC_TAGVAR(archive_expsym_cmds, $1)
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_[]_LT_AC_TAGVAR(module_cmds, $1)
+module_expsym_cmds=$lt_[]_LT_AC_TAGVAR(module_expsym_cmds, $1)
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_[]_LT_AC_TAGVAR(predep_objects, $1)
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_[]_LT_AC_TAGVAR(postdep_objects, $1)
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_[]_LT_AC_TAGVAR(predeps, $1)
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_[]_LT_AC_TAGVAR(postdeps, $1)
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1)
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_[]_LT_AC_TAGVAR(allow_undefined_flag, $1)
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_[]_LT_AC_TAGVAR(no_undefined_flag, $1)
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$_LT_AC_TAGVAR(hardcode_action, $1)
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_separator, $1)
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$_LT_AC_TAGVAR(hardcode_direct, $1)
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$_LT_AC_TAGVAR(hardcode_minus_L, $1)
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$_LT_AC_TAGVAR(hardcode_automatic, $1)
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$_LT_AC_TAGVAR(link_all_deplibs, $1)
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$_LT_AC_TAGVAR(fix_srcfile_path, $1)"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$_LT_AC_TAGVAR(always_export_symbols, $1)
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_[]_LT_AC_TAGVAR(export_symbols_cmds, $1)
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_[]_LT_AC_TAGVAR(exclude_expsyms, $1)
+
+# Symbols that must always be exported.
+include_expsyms=$lt_[]_LT_AC_TAGVAR(include_expsyms, $1)
+
+ifelse([$1],[],
+[# ### END LIBTOOL CONFIG],
+[# ### END LIBTOOL TAG CONFIG: $tagname])
+
+__EOF__
+
+ifelse([$1],[], [
+ case $host_os in
+ aix3*)
+ cat <<\EOF >> "$cfgfile"
+
+# AIX sometimes has problems with the GCC collect2 program. For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+fi
+EOF
+ ;;
+ esac
+
+ # We use sed instead of cat because bash on DJGPP gets confused if
+ # if finds mixed CR/LF and LF-only lines. Since sed operates in
+ # text mode, it properly converts lines to CR/LF. This bash problem
+ # is reportedly fixed, but why not run on old versions too?
+ sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1)
+
+ mv -f "$cfgfile" "$ofile" || \
+ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+ chmod +x "$ofile"
+])
+else
+ # If there is no Makefile yet, we rely on a make rule to execute
+ # `config.status --recheck' to rerun these tests and create the
+ # libtool script then.
+ ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+ if test -f "$ltmain_in"; then
+ test -f Makefile && make "$ltmain"
+ fi
+fi
+])# AC_LIBTOOL_CONFIG
+
+
+# AC_LIBTOOL_PROG_COMPILER_NO_RTTI([TAGNAME])
+# -------------------------------------------
+AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI],
+[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
+
+_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+
+if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+
+ AC_LIBTOOL_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
+ lt_cv_prog_compiler_rtti_exceptions,
+ [-fno-rtti -fno-exceptions], [],
+ [_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
+fi
+])# AC_LIBTOOL_PROG_COMPILER_NO_RTTI
+
+
+# AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
+# ---------------------------------
+AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE],
+[AC_REQUIRE([AC_CANONICAL_HOST])
+AC_REQUIRE([AC_PROG_NM])
+AC_REQUIRE([AC_OBJEXT])
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+AC_MSG_CHECKING([command to parse $NM output from $compiler object])
+AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
+[
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix. What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[[BCDEGRST]]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
+
+# Transform an extracted symbol line into a proper C declaration
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+ symcode='[[BCDT]]'
+ ;;
+cygwin* | mingw* | pw32*)
+ symcode='[[ABCDGISTW]]'
+ ;;
+hpux*) # Its linker distinguishes data from code symbols
+ if test "$host_cpu" = ia64; then
+ symcode='[[ABCDEGRST]]'
+ fi
+ lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+ lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+ ;;
+linux*)
+ if test "$host_cpu" = ia64; then
+ symcode='[[ABCDGIRSTW]]'
+ lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+ lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+ fi
+ ;;
+irix* | nonstopux*)
+ symcode='[[BCDEGRST]]'
+ ;;
+osf*)
+ symcode='[[BCDEGQRST]]'
+ ;;
+solaris* | sysv5*)
+ symcode='[[BDRT]]'
+ ;;
+sysv4)
+ symcode='[[DFNSTU]]'
+ ;;
+esac
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+ opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+ ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+ symcode='[[ABCDGIRSTW]]' ;;
+esac
+
+# Try without a prefix undercore, then with it.
+for ac_symprfx in "" "_"; do
+
+ # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+ symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+ # Write the raw and C identifiers.
+ lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+
+ # Check to see that the pipe works correctly.
+ pipe_works=no
+
+ rm -f conftest*
+ cat > conftest.$ac_ext <<EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+EOF
+
+ if AC_TRY_EVAL(ac_compile); then
+ # Now try to grab the symbols.
+ nlist=conftest.nm
+ if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then
+ # Try sorting and uniquifying the output.
+ if sort "$nlist" | uniq > "$nlist"T; then
+ mv -f "$nlist"T "$nlist"
+ else
+ rm -f "$nlist"T
+ fi
+
+ # Make sure that we snagged all the symbols we need.
+ if grep ' nm_test_var$' "$nlist" >/dev/null; then
+ if grep ' nm_test_func$' "$nlist" >/dev/null; then
+ cat <<EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+EOF
+ # Now generate the symbol file.
+ eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext'
+
+ cat <<EOF >> conftest.$ac_ext
+#if defined (__STDC__) && __STDC__
+# define lt_ptr_t void *
+#else
+# define lt_ptr_t char *
+# define const
+#endif
+
+/* The mapping between symbol names and symbols. */
+const struct {
+ const char *name;
+ lt_ptr_t address;
+}
+lt_preloaded_symbols[[]] =
+{
+EOF
+ $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext
+ cat <<\EOF >> conftest.$ac_ext
+ {0, (lt_ptr_t) 0}
+};
+
+#ifdef __cplusplus
+}
+#endif
+EOF
+ # Now try linking the two files.
+ mv conftest.$ac_objext conftstm.$ac_objext
+ lt_save_LIBS="$LIBS"
+ lt_save_CFLAGS="$CFLAGS"
+ LIBS="conftstm.$ac_objext"
+ CFLAGS="$CFLAGS$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
+ if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then
+ pipe_works=yes
+ fi
+ LIBS="$lt_save_LIBS"
+ CFLAGS="$lt_save_CFLAGS"
+ else
+ echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
+ cat conftest.$ac_ext >&5
+ fi
+ rm -f conftest* conftst*
+
+ # Do not use the global_symbol_pipe unless it works.
+ if test "$pipe_works" = yes; then
+ break
+ else
+ lt_cv_sys_global_symbol_pipe=
+ fi
+done
+])
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+ lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+ AC_MSG_RESULT(failed)
+else
+ AC_MSG_RESULT(ok)
+fi
+]) # AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
+
+
+# AC_LIBTOOL_PROG_COMPILER_PIC([TAGNAME])
+# ---------------------------------------
+AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC],
+[_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)=
+_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+_LT_AC_TAGVAR(lt_prog_compiler_static, $1)=
+
+AC_MSG_CHECKING([for $compiler option to produce PIC])
+ ifelse([$1],[CXX],[
+ # C++ specific cases for pic, static, wl, etc.
+ if test "$GXX" = yes; then
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+ amigaos*)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+ mingw* | os2* | pw32*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
+ ;;
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+ ;;
+ *djgpp*)
+ # DJGPP does not support shared libraries at all
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+ ;;
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+ fi
+ ;;
+ hpux*)
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ else
+ case $host_os in
+ aix4* | aix5*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ else
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ chorus*)
+ case $cc_basename in
+ cxch68*)
+ # Green Hills C++ Compiler
+ # _LT_AC_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+ ;;
+ esac
+ ;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon'
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ ;;
+ esac
+ ;;
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ # FreeBSD uses GNU C++
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ case $cc_basename in
+ CC*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)="${ac_cv_prog_cc_wl}-a ${ac_cv_prog_cc_wl}archive"
+ if test "$host_cpu" != ia64; then
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ fi
+ ;;
+ aCC*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)="${ac_cv_prog_cc_wl}-a ${ac_cv_prog_cc_wl}archive"
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ ;;
+ esac
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ irix5* | irix6* | nonstopux*)
+ case $cc_basename in
+ CC*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ # CC pic flag -KPIC is the default.
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ linux*)
+ case $cc_basename in
+ KCC*)
+ # KAI C++ Compiler
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ icpc* | ecpc*)
+ # Intel C++
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ pgCC*)
+ # Portland Group C++ compiler.
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ cxx*)
+ # Compaq C++
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ lynxos*)
+ ;;
+ m88k*)
+ ;;
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ netbsd*)
+ ;;
+ osf3* | osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ cxx*)
+ # Digital/Compaq C++
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ psos*)
+ ;;
+ sco*)
+ case $cc_basename in
+ CC*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ lcc*)
+ # Lucid
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ unixware*)
+ ;;
+ vxworks*)
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+ esac
+ fi
+],
+[
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+ ;;
+
+ beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ enable_shared=no
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+ fi
+ ;;
+
+ hpux*)
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ ;;
+
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ else
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon'
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ ;;
+ esac
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # PIC (with -KPIC) is the default.
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+
+ newsos6)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ linux*)
+ case $cc_basename in
+ icc* | ecc*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ ccc*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # All Alpha code is PIC.
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ esac
+ ;;
+
+ osf3* | osf4* | osf5*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # All OSF/1 code is PIC.
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+
+ sco3.2v5*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-Kpic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-dn'
+ ;;
+
+ solaris*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+
+ unicos*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+
+ uts4*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+ esac
+ fi
+])
+AC_MSG_RESULT([$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)])
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)"; then
+ AC_LIBTOOL_COMPILER_OPTION([if $compiler PIC flag $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) works],
+ _LT_AC_TAGVAR(lt_prog_compiler_pic_works, $1),
+ [$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])], [],
+ [case $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) in
+ "" | " "*) ;;
+ *) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)" ;;
+ esac],
+ [_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
+fi
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])"
+ ;;
+esac
+])
+
+
+# AC_LIBTOOL_PROG_LD_SHLIBS([TAGNAME])
+# ------------------------------------
+# See if the linker supports building shared libraries.
+AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS],
+[AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+ifelse([$1],[CXX],[
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ case $host_os in
+ aix4* | aix5*)
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+ else
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+ fi
+ ;;
+ pw32*)
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds"
+ ;;
+ cygwin* | mingw*)
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([[^ ]]*\) [[^ ]]*/\1 DATA/;/^I /d;/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ *)
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ esac
+],[
+ runpath_var=
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=
+ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+ _LT_AC_TAGVAR(archive_cmds, $1)=
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)=
+ _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)=
+ _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1)=
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+ _LT_AC_TAGVAR(thread_safe_flag_spec, $1)=
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=unknown
+ _LT_AC_TAGVAR(hardcode_automatic, $1)=no
+ _LT_AC_TAGVAR(module_cmds, $1)=
+ _LT_AC_TAGVAR(module_expsym_cmds, $1)=
+ _LT_AC_TAGVAR(always_export_symbols, $1)=no
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ _LT_AC_TAGVAR(include_expsyms, $1)=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ _LT_AC_TAGVAR(exclude_expsyms, $1)="_GLOBAL_OFFSET_TABLE_"
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ extract_expsyms_cmds=
+ # Just being paranoid about ensuring that cc_basename is set.
+ _LT_CC_BASENAME([$compiler])
+ case $host_os in
+ cygwin* | mingw* | pw32*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ esac
+
+ _LT_AC_TAGVAR(ld_shlibs, $1)=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>/dev/null` in
+ *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix3* | aix4* | aix5*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ cat <<EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+EOF
+ fi
+ ;;
+
+ amigaos*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+
+ # Samuel A. Falvo II <kc5tja at dolphin.openprojects.net> reports
+ # that the semantics of dynamic libraries on AmigaOS, at least up
+ # to version 4, is to share data among multiple programs linked
+ # with the same dynamic library. Since this doesn't match the
+ # behavior of shared libraries on other platforms, we can't use
+ # them.
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+ # as there is no search path for DLLs.
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_AC_TAGVAR(always_export_symbols, $1)=no
+ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ linux*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ tmp_addflag=
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ esac
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test $supports_anon_versioning = yes; then
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ $echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris* | sysv5*)
+ if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ cat <<EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+EOF
+ elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ sunos4*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+
+ if test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no; then
+ runpath_var=
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ if test "$GCC" = yes && test -z "$link_static_flag"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
+ fi
+ ;;
+
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+ else
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ _LT_AC_TAGVAR(archive_cmds, $1)=''
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[[012]]|aix4.[[012]].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ else
+ # We have old collect2
+ _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+ fi
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok'
+ # Determine the default libpath from the value encoded in an empty executable.
+ _LT_AC_SYS_LIBPATH_AIX
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an empty executable.
+ _LT_AC_SYS_LIBPATH_AIX
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+ # -bexpall does not export symbols beginning with underscore (_)
+ _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+ # Exported symbols can be pulled into shared objects from archives
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=' '
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}-bE:$export_symbols ${wl}-bnoentry${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ # see comment about different semantics on the GNU ld section
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ bsdi[[45]]*)
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='true'
+ # FIXME: Should let the user specify the lib program.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='lib /OUT:$oldlib$oldobjs$old_deplibs'
+ _LT_AC_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`'
+ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ ;;
+
+ darwin* | rhapsody*)
+ case $host_os in
+ rhapsody* | darwin1.[[012]])
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress'
+ ;;
+ *) # Darwin 1.3 on
+ if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ else
+ case ${MACOSX_DEPLOYMENT_TARGET} in
+ 10.[[012]])
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ ;;
+ 10.*)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_automatic, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=''
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+ if test "$GCC" = yes ; then
+ output_verbose_link_cmd='echo'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ case $cc_basename in
+ xlc*)
+ output_verbose_link_cmd='echo'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+ _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ ;;
+ *)
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ fi
+ ;;
+
+ dgux*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ freebsd1*)
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ ;;
+
+ hpux10* | hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case $host_cpu in
+ hppa*64*|ia64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case $host_cpu in
+ hppa*64*|ia64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname -o $lib $libobjs $deplibs $linker_flags'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ case $host_cpu in
+ hppa*64*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+ ia64*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ ;;
+ *)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ newsos6)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ openbsd*)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ else
+ case $host_os in
+ openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ ;;
+
+ os2*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_AC_TAGVAR(archive_cmds, $1)='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ else
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
+ $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+
+ sco3.2v5*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ;;
+
+ solaris*)
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' -z text'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
+ else
+ wlarc=''
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ case $host_os in
+ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+ *)
+ # The compiler driver will combine linker options so we
+ # cannot just pass the convience library names through
+ # without $wl, iff we do not link with $LD.
+ # Luckily, gcc supports the same syntax we need for Sun Studio.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ case $wlarc in
+ '')
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;;
+ *)
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
+ esac ;;
+ esac
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ ;;
+ motorola)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ sysv4.3*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ _LT_AC_TAGVAR(ld_shlibs, $1)=yes
+ fi
+ ;;
+
+ sysv4.2uw2*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ hardcode_runpath_var=yes
+ runpath_var=LD_RUN_PATH
+ ;;
+
+ sysv5OpenUNIX8* | sysv5UnixWare7* | sysv5uw[[78]]* | unixware7*)
+ _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z ${wl}text'
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ runpath_var='LD_RUN_PATH'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ sysv5*)
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' -z text'
+ # $CC -shared without GNU ld will not create a library from C++
+ # object files and a static libstdc++, better avoid it by now
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var='LD_RUN_PATH'
+ ;;
+
+ uts4*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ *)
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ fi
+])
+AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)])
+test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)" in
+x|xyes)
+ # Assume -lc should be added
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $_LT_AC_TAGVAR(archive_cmds, $1) in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ AC_MSG_CHECKING([whether -lc should be explicitly linked in])
+ $rm conftest*
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$_LT_AC_TAGVAR(allow_undefined_flag, $1)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=
+ if AC_TRY_EVAL(_LT_AC_TAGVAR(archive_cmds, $1) 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1)
+ then
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ else
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+ fi
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $rm conftest*
+ AC_MSG_RESULT([$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)])
+ ;;
+ esac
+ fi
+ ;;
+esac
+])# AC_LIBTOOL_PROG_LD_SHLIBS
+
+
+# _LT_AC_FILE_LTDLL_C
+# -------------------
+# Be careful that the start marker always follows a newline.
+AC_DEFUN([_LT_AC_FILE_LTDLL_C], [
+# /* ltdll.c starts here */
+# #define WIN32_LEAN_AND_MEAN
+# #include <windows.h>
+# #undef WIN32_LEAN_AND_MEAN
+# #include <stdio.h>
+#
+# #ifndef __CYGWIN__
+# # ifdef __CYGWIN32__
+# # define __CYGWIN__ __CYGWIN32__
+# # endif
+# #endif
+#
+# #ifdef __cplusplus
+# extern "C" {
+# #endif
+# BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved);
+# #ifdef __cplusplus
+# }
+# #endif
+#
+# #ifdef __CYGWIN__
+# #include <cygwin/cygwin_dll.h>
+# DECLARE_CYGWIN_DLL( DllMain );
+# #endif
+# HINSTANCE __hDllInstance_base;
+#
+# BOOL APIENTRY
+# DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved)
+# {
+# __hDllInstance_base = hInst;
+# return TRUE;
+# }
+# /* ltdll.c ends here */
+])# _LT_AC_FILE_LTDLL_C
+
+
+# _LT_AC_TAGVAR(VARNAME, [TAGNAME])
+# ---------------------------------
+AC_DEFUN([_LT_AC_TAGVAR], [ifelse([$2], [], [$1], [$1_$2])])
+
+
+# old names
+AC_DEFUN([AM_PROG_LIBTOOL], [AC_PROG_LIBTOOL])
+AC_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
+AC_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
+AC_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
+AC_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
+AC_DEFUN([AM_PROG_LD], [AC_PROG_LD])
+AC_DEFUN([AM_PROG_NM], [AC_PROG_NM])
+
+# This is just to silence aclocal about the macro not being used
+ifelse([AC_DISABLE_FAST_INSTALL])
+
+AC_DEFUN([LT_AC_PROG_GCJ],
+[AC_CHECK_TOOL(GCJ, gcj, no)
+ test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2"
+ AC_SUBST(GCJFLAGS)
+])
+
+AC_DEFUN([LT_AC_PROG_RC],
+[AC_CHECK_TOOL(RC, windres, no)
+])
+
+# NOTE: This macro has been submitted for inclusion into #
+# GNU Autoconf as AC_PROG_SED. When it is available in #
+# a released version of Autoconf we should remove this #
+# macro and use it instead. #
+# LT_AC_PROG_SED
+# --------------
+# Check for a fully-functional sed program, that truncates
+# as few characters as possible. Prefer GNU sed if found.
+AC_DEFUN([LT_AC_PROG_SED],
+[AC_MSG_CHECKING([for a sed that does not truncate output])
+AC_CACHE_VAL(lt_cv_path_SED,
+[# Loop through the user's path and test for sed and gsed.
+# Then use that list of sed's as ones to test for truncation.
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for lt_ac_prog in sed gsed; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
+ lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
+ fi
+ done
+ done
+done
+lt_ac_max=0
+lt_ac_count=0
+# Add /usr/xpg4/bin/sed as it is typically found on Solaris
+# along with /bin/sed that truncates output.
+for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
+ test ! -f $lt_ac_sed && continue
+ cat /dev/null > conftest.in
+ lt_ac_count=0
+ echo $ECHO_N "0123456789$ECHO_C" >conftest.in
+ # Check for GNU sed and select it if it is found.
+ if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
+ lt_cv_path_SED=$lt_ac_sed
+ break
+ fi
+ while true; do
+ cat conftest.in conftest.in >conftest.tmp
+ mv conftest.tmp conftest.in
+ cp conftest.in conftest.nl
+ echo >>conftest.nl
+ $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
+ cmp -s conftest.out conftest.nl || break
+ # 10000 chars as input seems more than enough
+ test $lt_ac_count -gt 10 && break
+ lt_ac_count=`expr $lt_ac_count + 1`
+ if test $lt_ac_count -gt $lt_ac_max; then
+ lt_ac_max=$lt_ac_count
+ lt_cv_path_SED=$lt_ac_sed
+ fi
+ done
+done
+])
+SED=$lt_cv_path_SED
+AC_MSG_RESULT([$SED])
+])
+
+# Check to see how 'make' treats includes. -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 3
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+ @echo done
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# We grep out `Entering directory' and `Leaving directory'
+# messages which can occur if `w' ends up in MAKEFLAGS.
+# In particular we don't look at `^make:' because GNU make might
+# be invoked under some other name (usually "gmake"), in which
+# case it prints its new name instead of `make'.
+if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then
+ am__include=include
+ am__quote=
+ _am_result=GNU
+fi
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+ echo '.include "confinc"' > confmf
+ if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
+ am__include=.include
+ am__quote="\""
+ _am_result=BSD
+ fi
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+ am_missing_run="$MISSING --run "
+else
+ am_missing_run=
+ AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check whether `mkdir -p' is supported, fallback to mkinstalldirs otherwise.
+#
+# Automake 1.8 used `mkdir -m 0755 -p --' to ensure that directories
+# created by `make install' are always world readable, even if the
+# installer happens to have an overly restrictive umask (e.g. 077).
+# This was a mistake. There are at least two reasons why we must not
+# use `-m 0755':
+# - it causes special bits like SGID to be ignored,
+# - it may be too restrictive (some setups expect 775 directories).
+#
+# Do not use -m 0755 and let people choose whatever they expect by
+# setting umask.
+#
+# We cannot accept any implementation of `mkdir' that recognizes `-p'.
+# Some implementations (such as Solaris 8's) are not thread-safe: if a
+# parallel make tries to run `mkdir -p a/b' and `mkdir -p a/c'
+# concurrently, both version can detect that a/ is missing, but only
+# one can create it and the other will error out. Consequently we
+# restrict ourselves to GNU make (using the --version option ensures
+# this.)
+AC_DEFUN([AM_PROG_MKDIR_P],
+[if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
+ # We used to keeping the `.' as first argument, in order to
+ # allow $(mkdir_p) to be used without argument. As in
+ # $(mkdir_p) $(somedir)
+ # where $(somedir) is conditionally defined. However this is wrong
+ # for two reasons:
+ # 1. if the package is installed by a user who cannot write `.'
+ # make install will fail,
+ # 2. the above comment should most certainly read
+ # $(mkdir_p) $(DESTDIR)$(somedir)
+ # so it does not work when $(somedir) is undefined and
+ # $(DESTDIR) is not.
+ # To support the latter case, we have to write
+ # test -z "$(somedir)" || $(mkdir_p) $(DESTDIR)$(somedir),
+ # so the `.' trick is pointless.
+ mkdir_p='mkdir -p --'
+else
+ # On NextStep and OpenStep, the `mkdir' command does not
+ # recognize any option. It will interpret all options as
+ # directories to create, and then abort because `.' already
+ # exists.
+ for d in ./-p ./--version;
+ do
+ test -d $d && rmdir $d
+ done
+ # $(mkinstalldirs) is defined by Automake if mkinstalldirs exists.
+ if test -f "$ac_aux_dir/mkinstalldirs"; then
+ mkdir_p='$(mkinstalldirs)'
+ else
+ mkdir_p='$(install_sh) -d'
+ fi
+fi
+AC_SUBST([mkdir_p])])
+
+# Helper functions for option handling. -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 3
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME. Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[AC_FOREACH([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Check to make sure that the build environment is sane. -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
+ if test "$[*]" = "X"; then
+ # -L didn't work.
+ set X `ls -t $srcdir/configure conftest.file`
+ fi
+ rm -f conftest.file
+ if test "$[*]" != "X $srcdir/configure conftest.file" \
+ && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken
+alias in your environment])
+ fi
+
+ test "$[2]" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries. This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'. However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+ AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Check how to create a tarball. -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+# tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+# $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+ [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+ [m4_case([$1], [ustar],, [pax],,
+ [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+ case $_am_tool in
+ gnutar)
+ for _am_tar in tar gnutar gtar;
+ do
+ AM_RUN_LOG([$_am_tar --version]) && break
+ done
+ am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+ am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+ am__untar="$_am_tar -xf -"
+ ;;
+ plaintar)
+ # Must skip GNU tar: if it does not support --format= it doesn't create
+ # ustar tarball either.
+ (tar --version) >/dev/null 2>&1 && continue
+ am__tar='tar chf - "$$tardir"'
+ am__tar_='tar chf - "$tardir"'
+ am__untar='tar xf -'
+ ;;
+ pax)
+ am__tar='pax -L -x $1 -w "$$tardir"'
+ am__tar_='pax -L -x $1 -w "$tardir"'
+ am__untar='pax -r'
+ ;;
+ cpio)
+ am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+ am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+ am__untar='cpio -i -H $1 -d'
+ ;;
+ none)
+ am__tar=false
+ am__tar_=false
+ am__untar=false
+ ;;
+ esac
+
+ # If the value was cached, stop now. We just wanted to have am__tar
+ # and am__untar set.
+ test -n "${am_cv_prog_tar_$1}" && break
+
+ # tar/untar a dummy directory, and stop if the command works
+ rm -rf conftest.dir
+ mkdir conftest.dir
+ echo GrepMe > conftest.dir/file
+ AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+ rm -rf conftest.dir
+ if test -s conftest.tar; then
+ AM_RUN_LOG([$am__untar <conftest.tar])
+ grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+ fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
Added: openldap/vendor/openldap-2.3.35/build/LICENSE-2.0.1
===================================================================
--- openldap/vendor/openldap-2.3.35/build/LICENSE-2.0.1 (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/LICENSE-2.0.1 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,56 @@
+A number of files contained in OpenLDAP Software contain
+a statement:
+ USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT
+ TO VERSION 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF
+ WHICH IS AVAILABLE AT HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR
+ IN THE FILE "LICENSE" IN THE TOP-LEVEL DIRECTORY OF THE
+ DISTRIBUTION.
+
+The following is a verbatim copy of version 2.0.1 of the OpenLDAP
+Public License referenced in the above statement.
+
+
+The OpenLDAP Public License
+
+ Version 2.0.1, 21 December 1999
+ Copyright 1999, The OpenLDAP Foundation, Redwood City, California, USA.
+ All Rights Reserved.
+
+Redistribution and use of this software and associated documentation
+("Software"), with or without modification, are permitted provided
+that the following conditions are met:
+
+1. Redistributions of source code must retain copyright
+statements and notices. Redistributions must also contain a
+copy of this document.
+
+2. Redistributions in binary form must reproduce the
+above copyright notice, this list of conditions and the
+following disclaimer in the documentation and/or other
+materials provided with the distribution.
+
+3. The name "OpenLDAP" must not be used to endorse or promote
+products derived from this Software without prior written
+permission of the OpenLDAP Foundation. For written permission,
+please contact foundation at openldap.org.
+
+4. Products derived from this Software may not be called "OpenLDAP"
+nor may "OpenLDAP" appear in their names without prior written
+permission of the OpenLDAP Foundation. OpenLDAP is a trademark
+of the OpenLDAP Foundation.
+
+5. Due credit should be given to the OpenLDAP Project
+(http://www.openldap.org/).
+
+THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND CONTRIBUTORS
+``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT
+NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+THE OPENLDAP FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+OF THE POSSIBILITY OF SUCH DAMAGE.
Added: openldap/vendor/openldap-2.3.35/build/README
===================================================================
--- openldap/vendor/openldap-2.3.35/build/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,13 @@
+The OpenLDAP build environment relies on non-standard versions of
+configuration tools:
+ Autoconf 2.13.1
+ Automake 1.4a
+ Libtool 1.4.3
+
+The autoconf/automake releases used are available at:
+ ftp://ftp.openldap.org/pub/tools/
+
+The libtool release used is available from:
+ ftp://ftp.gnu.org/
+
+but with ltmain.sh replaced with versions found in this directory.
Added: openldap/vendor/openldap-2.3.35/build/config.guess
===================================================================
--- openldap/vendor/openldap-2.3.35/build/config.guess (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/config.guess 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1423 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+
+timestamp='2003-07-02-OpenLDAP'
+# $OpenLDAP: pkg/ldap/build/config.guess,v 1.14.2.4 2007/01/02 21:43:40 kurt Exp $
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is distributed with OpenLDAP Software, which contains a
+# configuration script generated by Autoconf, and is distributable
+# under the same distributions terms as OpenLDAP itself.
+
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# Originally written by Per Bothner <per at bothner.com>.
+# Please send patches to <config-patches at gnu.org>. Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub. If it succeeds, it prints the system name on stdout, and
+# exits with 0. Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches at gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit 0 ;;
+ --version | -v )
+ echo "$version" ; exit 0 ;;
+ --help | --h* | -h )
+ echo "$usage"; exit 0 ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help" >&2
+ exit 1 ;;
+ * )
+ break ;;
+ esac
+done
+
+if test $# != 0; then
+ echo "$me: too many arguments$help" >&2
+ exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,) echo "int x;" > $dummy.c ;
+ for c in cc gcc c89 c99 ; do
+ if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+ CC_FOR_BUILD="$c"; break ;
+ fi ;
+ done ;
+ if test x"$CC_FOR_BUILD" = x ; then
+ CC_FOR_BUILD=no_compiler_found ;
+ fi
+ ;;
+ ,,*) CC_FOR_BUILD=$CC ;;
+ ,*,*) CC_FOR_BUILD=$HOST_CC ;;
+esac ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi at noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+ PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+ *:NetBSD:*:*)
+ # NetBSD (nbsd) targets should (where applicable) match one or
+ # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+ # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
+ # switched to ELF, *-*-netbsd* would select the old
+ # object file format. This provides both forward
+ # compatibility and a consistent mechanism for selecting the
+ # object file format.
+ #
+ # Note: NetBSD doesn't particularly care about the vendor
+ # portion of the name. We always set it to "unknown".
+ sysctl="sysctl -n hw.machine_arch"
+ UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+ /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+ case "${UNAME_MACHINE_ARCH}" in
+ armeb) machine=armeb-unknown ;;
+ arm*) machine=arm-unknown ;;
+ sh3el) machine=shl-unknown ;;
+ sh3eb) machine=sh-unknown ;;
+ *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+ esac
+ # The Operating System including object format, if it has switched
+ # to ELF recently, or will in the future.
+ case "${UNAME_MACHINE_ARCH}" in
+ arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+ eval $set_cc_for_build
+ if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep __ELF__ >/dev/null
+ then
+ # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+ # Return netbsd for either. FIX?
+ os=netbsd
+ else
+ os=netbsdelf
+ fi
+ ;;
+ *)
+ os=netbsd
+ ;;
+ esac
+ # The OS release
+ # Debian GNU/NetBSD machines have a different userland, and
+ # thus, need a distinct triplet. However, they do not need
+ # kernel version information, so it can be replaced with a
+ # suitable tag, in the style of linux-gnu.
+ case "${UNAME_VERSION}" in
+ Debian*)
+ release='-gnu'
+ ;;
+ *)
+ release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ ;;
+ esac
+ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+ # contains redundant information, the shorter form:
+ # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+ echo "${machine}-${os}${release}"
+ exit 0 ;;
+ amiga:OpenBSD:*:*)
+ echo m68k-unknown-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ arc:OpenBSD:*:*)
+ echo mipsel-unknown-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ hp300:OpenBSD:*:*)
+ echo m68k-unknown-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ mac68k:OpenBSD:*:*)
+ echo m68k-unknown-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ macppc:OpenBSD:*:*)
+ echo powerpc-unknown-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ mvme68k:OpenBSD:*:*)
+ echo m68k-unknown-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ mvme88k:OpenBSD:*:*)
+ echo m88k-unknown-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ mvmeppc:OpenBSD:*:*)
+ echo powerpc-unknown-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ pmax:OpenBSD:*:*)
+ echo mipsel-unknown-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ sgi:OpenBSD:*:*)
+ echo mipseb-unknown-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ sun3:OpenBSD:*:*)
+ echo m68k-unknown-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ wgrisc:OpenBSD:*:*)
+ echo mipsel-unknown-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ *:OpenBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ alpha:OSF1:*:*)
+ if test $UNAME_RELEASE = "V4.0"; then
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+ fi
+ # According to Compaq, /usr/sbin/psrinfo has been available on
+ # OSF/1 and Tru64 systems produced since 1995. I hope that
+ # covers most systems running today. This code pipes the CPU
+ # types through head -n 1, so we only detect the type of CPU 0.
+ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+ case "$ALPHA_CPU_TYPE" in
+ "EV4 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "EV4.5 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "LCA4 (21066/21068)")
+ UNAME_MACHINE="alpha" ;;
+ "EV5 (21164)")
+ UNAME_MACHINE="alphaev5" ;;
+ "EV5.6 (21164A)")
+ UNAME_MACHINE="alphaev56" ;;
+ "EV5.6 (21164PC)")
+ UNAME_MACHINE="alphapca56" ;;
+ "EV5.7 (21164PC)")
+ UNAME_MACHINE="alphapca57" ;;
+ "EV6 (21264)")
+ UNAME_MACHINE="alphaev6" ;;
+ "EV6.7 (21264A)")
+ UNAME_MACHINE="alphaev67" ;;
+ "EV6.8CB (21264C)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8AL (21264B)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8CX (21264D)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.9A (21264/EV69A)")
+ UNAME_MACHINE="alphaev69" ;;
+ "EV7 (21364)")
+ UNAME_MACHINE="alphaev7" ;;
+ "EV7.9 (21364A)")
+ UNAME_MACHINE="alphaev79" ;;
+ esac
+ # A Vn.n version is a released version.
+ # A Tn.n version is a released field test version.
+ # A Xn.n version is an unreleased experimental baselevel.
+ # 1.2 uses "1.2" for uname -r.
+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ exit 0 ;;
+ Alpha*:OpenVMS:*:*)
+ echo alpha-hp-vms
+ exit 0 ;;
+ Alpha\ *:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # Should we change UNAME_MACHINE based on the output of uname instead
+ # of the specific Alpha model?
+ echo alpha-pc-interix
+ exit 0 ;;
+ 21064:Windows_NT:50:3)
+ echo alpha-dec-winnt3.5
+ exit 0 ;;
+ Amiga*:UNIX_System_V:4.0:*)
+ echo m68k-unknown-sysv4
+ exit 0;;
+ *:[Aa]miga[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-amigaos
+ exit 0 ;;
+ *:[Mm]orph[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-morphos
+ exit 0 ;;
+ *:OS/390:*:*)
+ echo i370-ibm-openedition
+ exit 0 ;;
+ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+ echo arm-acorn-riscix${UNAME_RELEASE}
+ exit 0;;
+ SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+ echo hppa1.1-hitachi-hiuxmpp
+ exit 0;;
+ Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+ # akee at wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+ if test "`(/bin/universe) 2>/dev/null`" = att ; then
+ echo pyramid-pyramid-sysv3
+ else
+ echo pyramid-pyramid-bsd
+ fi
+ exit 0 ;;
+ NILE*:*:*:dcosx)
+ echo pyramid-pyramid-svr4
+ exit 0 ;;
+ DRS?6000:unix:4.0:6*)
+ echo sparc-icl-nx6
+ exit 0 ;;
+ DRS?6000:UNIX_SV:4.2*:7*)
+ case `/usr/bin/uname -p` in
+ sparc) echo sparc-icl-nx7 && exit 0 ;;
+ esac ;;
+ sun4H:SunOS:5.*:*)
+ echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit 0 ;;
+ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+ echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit 0 ;;
+ i86pc:SunOS:5.*:*)
+ echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit 0 ;;
+ sun4*:SunOS:6*:*)
+ # According to config.sub, this is the proper way to canonicalize
+ # SunOS6. Hard to guess exactly what SunOS6 will be like, but
+ # it's likely to be more like Solaris than SunOS4.
+ echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit 0 ;;
+ sun4*:SunOS:*:*)
+ case "`/usr/bin/arch -k`" in
+ Series*|S4*)
+ UNAME_RELEASE=`uname -v`
+ ;;
+ esac
+ # Japanese Language versions have a version number like `4.1.3-JL'.
+ echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+ exit 0 ;;
+ sun3*:SunOS:*:*)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ exit 0 ;;
+ sun*:*:4.2BSD:*)
+ UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+ test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+ case "`/bin/arch`" in
+ sun3)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ ;;
+ sun4)
+ echo sparc-sun-sunos${UNAME_RELEASE}
+ ;;
+ esac
+ exit 0 ;;
+ aushp:SunOS:*:*)
+ echo sparc-auspex-sunos${UNAME_RELEASE}
+ exit 0 ;;
+ # The situation for MiNT is a little confusing. The machine name
+ # can be virtually everything (everything which is not
+ # "atarist" or "atariste" at least should have a processor
+ # > m68000). The system name ranges from "MiNT" over "FreeMiNT"
+ # to the lowercase version "mint" (or "freemint"). Finally
+ # the system name "TOS" denotes a system which is actually not
+ # MiNT. But MiNT is downward compatible to TOS, so this should
+ # be no problem.
+ atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit 0 ;;
+ atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit 0 ;;
+ *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit 0 ;;
+ milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+ echo m68k-milan-mint${UNAME_RELEASE}
+ exit 0 ;;
+ hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+ echo m68k-hades-mint${UNAME_RELEASE}
+ exit 0 ;;
+ *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+ echo m68k-unknown-mint${UNAME_RELEASE}
+ exit 0 ;;
+ powerpc:machten:*:*)
+ echo powerpc-apple-machten${UNAME_RELEASE}
+ exit 0 ;;
+ RISC*:Mach:*:*)
+ echo mips-dec-mach_bsd4.3
+ exit 0 ;;
+ RISC*:ULTRIX:*:*)
+ echo mips-dec-ultrix${UNAME_RELEASE}
+ exit 0 ;;
+ VAX*:ULTRIX*:*:*)
+ echo vax-dec-ultrix${UNAME_RELEASE}
+ exit 0 ;;
+ 2020:CLIX:*:* | 2430:CLIX:*:*)
+ echo clipper-intergraph-clix${UNAME_RELEASE}
+ exit 0 ;;
+ mips:*:*:UMIPS | mips:*:*:RISCos)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h> /* for printf() prototype */
+ int main (int argc, char *argv[]) {
+#else
+ int main (argc, argv) int argc; char *argv[]; {
+#endif
+ #if defined (host_mips) && defined (MIPSEB)
+ #if defined (SYSTYPE_SYSV)
+ printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_SVR4)
+ printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+ printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+ #endif
+ #endif
+ exit (-1);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c \
+ && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
+ && exit 0
+ echo mips-mips-riscos${UNAME_RELEASE}
+ exit 0 ;;
+ Motorola:PowerMAX_OS:*:*)
+ echo powerpc-motorola-powermax
+ exit 0 ;;
+ Motorola:*:4.3:PL8-*)
+ echo powerpc-harris-powermax
+ exit 0 ;;
+ Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+ echo powerpc-harris-powermax
+ exit 0 ;;
+ Night_Hawk:Power_UNIX:*:*)
+ echo powerpc-harris-powerunix
+ exit 0 ;;
+ m88k:CX/UX:7*:*)
+ echo m88k-harris-cxux7
+ exit 0 ;;
+ m88k:*:4*:R4*)
+ echo m88k-motorola-sysv4
+ exit 0 ;;
+ m88k:*:3*:R3*)
+ echo m88k-motorola-sysv3
+ exit 0 ;;
+ AViiON:dgux:*:*)
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+ then
+ if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+ [ ${TARGET_BINARY_INTERFACE}x = x ]
+ then
+ echo m88k-dg-dgux${UNAME_RELEASE}
+ else
+ echo m88k-dg-dguxbcs${UNAME_RELEASE}
+ fi
+ else
+ echo i586-dg-dgux${UNAME_RELEASE}
+ fi
+ exit 0 ;;
+ M88*:DolphinOS:*:*) # DolphinOS (SVR3)
+ echo m88k-dolphin-sysv3
+ exit 0 ;;
+ M88*:*:R3*:*)
+ # Delta 88k system running SVR3
+ echo m88k-motorola-sysv3
+ exit 0 ;;
+ XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+ echo m88k-tektronix-sysv3
+ exit 0 ;;
+ Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+ echo m68k-tektronix-bsd
+ exit 0 ;;
+ *:IRIX*:*:*)
+ echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+ exit 0 ;;
+ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+ exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ i*86:AIX:*:*)
+ echo i386-ibm-aix
+ exit 0 ;;
+ ia64:AIX:*:*)
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+ exit 0 ;;
+ *:AIX:2:3)
+ if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <sys/systemcfg.h>
+
+ main()
+ {
+ if (!__power_pc())
+ exit(1);
+ puts("powerpc-ibm-aix3.2.5");
+ exit(0);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
+ echo rs6000-ibm-aix3.2.5
+ elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+ echo rs6000-ibm-aix3.2.4
+ else
+ echo rs6000-ibm-aix3.2
+ fi
+ exit 0 ;;
+ *:AIX:*:[45])
+ IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+ if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+ IBM_ARCH=rs6000
+ else
+ IBM_ARCH=powerpc
+ fi
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+ exit 0 ;;
+ *:AIX:*:*)
+ echo rs6000-ibm-aix
+ exit 0 ;;
+ ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+ echo romp-ibm-bsd4.4
+ exit 0 ;;
+ ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
+ echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
+ exit 0 ;; # report: romp-ibm BSD 4.3
+ *:BOSX:*:*)
+ echo rs6000-bull-bosx
+ exit 0 ;;
+ DPX/2?00:B.O.S.:*:*)
+ echo m68k-bull-sysv3
+ exit 0 ;;
+ 9000/[34]??:4.3bsd:1.*:*)
+ echo m68k-hp-bsd
+ exit 0 ;;
+ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+ echo m68k-hp-bsd4.4
+ exit 0 ;;
+ 9000/[34678]??:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ case "${UNAME_MACHINE}" in
+ 9000/31? ) HP_ARCH=m68000 ;;
+ 9000/[34]?? ) HP_ARCH=m68k ;;
+ 9000/[678][0-9][0-9])
+ if [ -x /usr/bin/getconf ]; then
+ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+ case "${sc_cpu_version}" in
+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 532) # CPU_PA_RISC2_0
+ case "${sc_kernel_bits}" in
+ 32) HP_ARCH="hppa2.0n" ;;
+ 64) HP_ARCH="hppa2.0w" ;;
+ '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
+ esac ;;
+ esac
+ fi
+ if [ "${HP_ARCH}" = "" ]; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+
+ #define _HPUX_SOURCE
+ #include <stdlib.h>
+ #include <unistd.h>
+
+ int main ()
+ {
+ #if defined(_SC_KERNEL_BITS)
+ long bits = sysconf(_SC_KERNEL_BITS);
+ #endif
+ long cpu = sysconf (_SC_CPU_VERSION);
+
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+ case CPU_PA_RISC2_0:
+ #if defined(_SC_KERNEL_BITS)
+ switch (bits)
+ {
+ case 64: puts ("hppa2.0w"); break;
+ case 32: puts ("hppa2.0n"); break;
+ default: puts ("hppa2.0"); break;
+ } break;
+ #else /* !defined(_SC_KERNEL_BITS) */
+ puts ("hppa2.0"); break;
+ #endif
+ default: puts ("hppa1.0"); break;
+ }
+ exit (0);
+ }
+EOF
+ (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+ test -z "$HP_ARCH" && HP_ARCH=hppa
+ fi ;;
+ esac
+ if [ ${HP_ARCH} = "hppa2.0w" ]
+ then
+ # avoid double evaluation of $set_cc_for_build
+ test -n "$CC_FOR_BUILD" || eval $set_cc_for_build
+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null
+ then
+ HP_ARCH="hppa2.0w"
+ else
+ HP_ARCH="hppa64"
+ fi
+ fi
+ echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+ exit 0 ;;
+ ia64:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ echo ia64-hp-hpux${HPUX_REV}
+ exit 0 ;;
+ 3050*:HI-UX:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <unistd.h>
+ int
+ main ()
+ {
+ long cpu = sysconf (_SC_CPU_VERSION);
+ /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+ true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
+ results, however. */
+ if (CPU_IS_PA_RISC (cpu))
+ {
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+ default: puts ("hppa-hitachi-hiuxwe2"); break;
+ }
+ }
+ else if (CPU_IS_HP_MC68K (cpu))
+ puts ("m68k-hitachi-hiuxwe2");
+ else puts ("unknown-hitachi-hiuxwe2");
+ exit (0);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
+ echo unknown-hitachi-hiuxwe2
+ exit 0 ;;
+ 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+ echo hppa1.1-hp-bsd
+ exit 0 ;;
+ 9000/8??:4.3bsd:*:*)
+ echo hppa1.0-hp-bsd
+ exit 0 ;;
+ *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+ echo hppa1.0-hp-mpeix
+ exit 0 ;;
+ hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+ echo hppa1.1-hp-osf
+ exit 0 ;;
+ hp8??:OSF1:*:*)
+ echo hppa1.0-hp-osf
+ exit 0 ;;
+ i*86:OSF1:*:*)
+ if [ -x /usr/sbin/sysversion ] ; then
+ echo ${UNAME_MACHINE}-unknown-osf1mk
+ else
+ echo ${UNAME_MACHINE}-unknown-osf1
+ fi
+ exit 0 ;;
+ parisc*:Lites*:*:*)
+ echo hppa1.1-hp-lites
+ exit 0 ;;
+ C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+ echo c1-convex-bsd
+ exit 0 ;;
+ C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit 0 ;;
+ C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+ echo c34-convex-bsd
+ exit 0 ;;
+ C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+ echo c38-convex-bsd
+ exit 0 ;;
+ C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+ echo c4-convex-bsd
+ exit 0 ;;
+ CRAY*Y-MP:*:*:*)
+ echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit 0 ;;
+ CRAY*[A-Z]90:*:*:*)
+ echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+ -e 's/\.[^.]*$/.X/'
+ exit 0 ;;
+ CRAY*TS:*:*:*)
+ echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit 0 ;;
+ CRAY*T3E:*:*:*)
+ echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit 0 ;;
+ CRAY*SV1:*:*:*)
+ echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit 0 ;;
+ *:UNICOS/mp:*:*)
+ echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit 0 ;;
+ F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+ FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit 0 ;;
+ i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+ echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+ exit 0 ;;
+ sparc*:BSD/OS:*:*)
+ echo sparc-unknown-bsdi${UNAME_RELEASE}
+ exit 0 ;;
+ *:BSD/OS:*:*)
+ echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+ exit 0 ;;
+ *:FreeBSD:*:*|*:GNU/FreeBSD:*:*)
+ # Determine whether the default compiler uses glibc.
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <features.h>
+ #if __GLIBC__ >= 2
+ LIBC=gnu
+ #else
+ LIBC=
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
+ # GNU/FreeBSD systems have a "k" prefix to indicate we are using
+ # FreeBSD's kernel, but not the complete OS.
+ case ${LIBC} in gnu) kernel_only='k' ;; esac
+ echo ${UNAME_MACHINE}-unknown-${kernel_only}freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
+ exit 0 ;;
+ i*:CYGWIN*:*)
+ echo ${UNAME_MACHINE}-pc-cygwin
+ exit 0 ;;
+ i*:MINGW*:*)
+ echo ${UNAME_MACHINE}-pc-mingw32
+ exit 0 ;;
+ i*:PW*:*)
+ echo ${UNAME_MACHINE}-pc-pw32
+ exit 0 ;;
+ x86:Interix*:[34]*)
+ echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
+ exit 0 ;;
+ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+ echo i${UNAME_MACHINE}-pc-mks
+ exit 0 ;;
+ i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+ # UNAME_MACHINE based on the output of uname instead of i386?
+ echo i586-pc-interix
+ exit 0 ;;
+ i*:UWIN*:*)
+ echo ${UNAME_MACHINE}-pc-uwin
+ exit 0 ;;
+ p*:CYGWIN*:*)
+ echo powerpcle-unknown-cygwin
+ exit 0 ;;
+ prep*:SunOS:5.*:*)
+ echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit 0 ;;
+ *:GNU:*:*)
+ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+ exit 0 ;;
+ i*86:Minix:*:*)
+ echo ${UNAME_MACHINE}-pc-minix
+ exit 0 ;;
+ arm*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit 0 ;;
+ cris:Linux:*:*)
+ echo cris-axis-linux-gnu
+ exit 0 ;;
+ ia64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit 0 ;;
+ m68*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit 0 ;;
+ mips:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #undef CPU
+ #undef mips
+ #undef mipsel
+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+ CPU=mipsel
+ #else
+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+ CPU=mips
+ #else
+ CPU=
+ #endif
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+ test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
+ ;;
+ mips64:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #undef CPU
+ #undef mips64
+ #undef mips64el
+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+ CPU=mips64el
+ #else
+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+ CPU=mips64
+ #else
+ CPU=
+ #endif
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+ test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
+ ;;
+ ppc:Linux:*:*)
+ echo powerpc-unknown-linux-gnu
+ exit 0 ;;
+ ppc64:Linux:*:*)
+ echo powerpc64-unknown-linux-gnu
+ exit 0 ;;
+ alpha:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5) UNAME_MACHINE=alphaev5 ;;
+ EV56) UNAME_MACHINE=alphaev56 ;;
+ PCA56) UNAME_MACHINE=alphapca56 ;;
+ PCA57) UNAME_MACHINE=alphapca56 ;;
+ EV6) UNAME_MACHINE=alphaev6 ;;
+ EV67) UNAME_MACHINE=alphaev67 ;;
+ EV68*) UNAME_MACHINE=alphaev68 ;;
+ esac
+ objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+ exit 0 ;;
+ parisc:Linux:*:* | hppa:Linux:*:*)
+ # Look for CPU level
+ case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+ PA7*) echo hppa1.1-unknown-linux-gnu ;;
+ PA8*) echo hppa2.0-unknown-linux-gnu ;;
+ *) echo hppa-unknown-linux-gnu ;;
+ esac
+ exit 0 ;;
+ parisc64:Linux:*:* | hppa64:Linux:*:*)
+ echo hppa64-unknown-linux-gnu
+ exit 0 ;;
+ s390:Linux:*:* | s390x:Linux:*:*)
+ echo ${UNAME_MACHINE}-ibm-linux
+ exit 0 ;;
+ sh64*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit 0 ;;
+ sh*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit 0 ;;
+ sparc:Linux:*:* | sparc64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit 0 ;;
+ x86_64:Linux:*:*)
+ echo x86_64-unknown-linux-gnu
+ exit 0 ;;
+ i*86:Linux:*:*)
+ # The BFD linker knows what the default object file format is, so
+ # first see if it will tell us. cd to the root directory to prevent
+ # problems with other programs or directories called `ld' in the path.
+ # Set LC_ALL=C to ensure ld outputs messages in English.
+ ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+ | sed -ne '/supported targets:/!d
+ s/[ ][ ]*/ /g
+ s/.*supported targets: *//
+ s/ .*//
+ p'`
+ case "$ld_supported_targets" in
+ elf32-i386)
+ TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+ ;;
+ a.out-i386-linux)
+ echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+ exit 0 ;;
+ coff-i386)
+ echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+ exit 0 ;;
+ "")
+ # Either a pre-BFD a.out linker (linux-gnuoldld) or
+ # one that does not give us useful --help.
+ echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+ exit 0 ;;
+ esac
+ # Determine whether the default compiler is a.out or elf
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <features.h>
+ #ifdef __ELF__
+ # ifdef __GLIBC__
+ # if __GLIBC__ >= 2
+ LIBC=gnu
+ # else
+ LIBC=gnulibc1
+ # endif
+ # else
+ LIBC=gnulibc1
+ # endif
+ #else
+ #ifdef __INTEL_COMPILER
+ LIBC=gnu
+ #else
+ LIBC=gnuaout
+ #endif
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
+ test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
+ test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
+ ;;
+ i*86:DYNIX/ptx:4*:*)
+ # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+ # earlier versions are messed up and put the nodename in both
+ # sysname and nodename.
+ echo i386-sequent-sysv4
+ exit 0 ;;
+ i*86:UNIX_SV:4.2MP:2.*)
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+ # I am not positive that other SVR4 systems won't match this,
+ # I just have to hope. -- rms.
+ # Use sysv4.2uw... so that sysv4* matches it.
+ echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+ exit 0 ;;
+ i*86:OS/2:*:*)
+ # If we were able to find `uname', then EMX Unix compatibility
+ # is probably installed.
+ echo ${UNAME_MACHINE}-pc-os2-emx
+ exit 0 ;;
+ i*86:XTS-300:*:STOP)
+ echo ${UNAME_MACHINE}-unknown-stop
+ exit 0 ;;
+ i*86:atheos:*:*)
+ echo ${UNAME_MACHINE}-unknown-atheos
+ exit 0 ;;
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+ echo i386-unknown-lynxos${UNAME_RELEASE}
+ exit 0 ;;
+ i*86:*DOS:*:*)
+ echo ${UNAME_MACHINE}-pc-msdosdjgpp
+ exit 0 ;;
+ i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+ UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+ if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+ echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+ else
+ echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+ fi
+ exit 0 ;;
+ i*86:*:5:[78]*)
+ case `/bin/uname -X | grep "^Machine"` in
+ *486*) UNAME_MACHINE=i486 ;;
+ *Pentium) UNAME_MACHINE=i586 ;;
+ *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+ esac
+ echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+ exit 0 ;;
+ i*86:*:3.2:*)
+ if test -f /usr/options/cb.name; then
+ UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+ echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+ elif /bin/uname -X 2>/dev/null >/dev/null ; then
+ UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+ (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+ (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+ && UNAME_MACHINE=i586
+ (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+ && UNAME_MACHINE=i686
+ (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+ && UNAME_MACHINE=i686
+ echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+ else
+ echo ${UNAME_MACHINE}-pc-sysv32
+ fi
+ exit 0 ;;
+ pc:*:*:*)
+ # Left here for compatibility:
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i386.
+ echo i386-pc-msdosdjgpp
+ exit 0 ;;
+ Intel:Mach:3*:*)
+ echo i386-pc-mach3
+ exit 0 ;;
+ paragon:*:*:*)
+ echo i860-intel-osf1
+ exit 0 ;;
+ i860:*:4.*:*) # i860-SVR4
+ if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+ echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+ else # Add other i860-SVR4 vendors below as they are discovered.
+ echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
+ fi
+ exit 0 ;;
+ mini*:CTIX:SYS*5:*)
+ # "miniframe"
+ echo m68010-convergent-sysv
+ exit 0 ;;
+ mc68k:UNIX:SYSTEM5:3.51m)
+ echo m68k-convergent-sysv
+ exit 0 ;;
+ M680?0:D-NIX:5.3:*)
+ echo m68k-diab-dnix
+ exit 0 ;;
+ M68*:*:R3V[567]*:*)
+ test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
+ 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0)
+ OS_REL=''
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && echo i486-ncr-sysv4.3${OS_REL} && exit 0
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
+ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && echo i486-ncr-sysv4 && exit 0 ;;
+ m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+ echo m68k-unknown-lynxos${UNAME_RELEASE}
+ exit 0 ;;
+ mc68030:UNIX_System_V:4.*:*)
+ echo m68k-atari-sysv4
+ exit 0 ;;
+ TSUNAMI:LynxOS:2.*:*)
+ echo sparc-unknown-lynxos${UNAME_RELEASE}
+ exit 0 ;;
+ rs6000:LynxOS:2.*:*)
+ echo rs6000-unknown-lynxos${UNAME_RELEASE}
+ exit 0 ;;
+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+ echo powerpc-unknown-lynxos${UNAME_RELEASE}
+ exit 0 ;;
+ SM[BE]S:UNIX_SV:*:*)
+ echo mips-dde-sysv${UNAME_RELEASE}
+ exit 0 ;;
+ RM*:ReliantUNIX-*:*:*)
+ echo mips-sni-sysv4
+ exit 0 ;;
+ RM*:SINIX-*:*:*)
+ echo mips-sni-sysv4
+ exit 0 ;;
+ *:SINIX-*:*:*)
+ if uname -p 2>/dev/null >/dev/null ; then
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ echo ${UNAME_MACHINE}-sni-sysv4
+ else
+ echo ns32k-sni-sysv
+ fi
+ exit 0 ;;
+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says <Richard.M.Bartel at ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+ exit 0 ;;
+ *:UNIX_System_V:4*:FTX*)
+ # From Gerald Hewes <hewes at openmarket.com>.
+ # How about differentiating between stratus architectures? -djm
+ echo hppa1.1-stratus-sysv4
+ exit 0 ;;
+ *:*:*:FTX*)
+ # From seanf at swdc.stratus.com.
+ echo i860-stratus-sysv4
+ exit 0 ;;
+ *:VOS:*:*)
+ # From Paul.Green at stratus.com.
+ echo hppa1.1-stratus-vos
+ exit 0 ;;
+ mc68*:A/UX:*:*)
+ echo m68k-apple-aux${UNAME_RELEASE}
+ exit 0 ;;
+ news*:NEWS-OS:6*:*)
+ echo mips-sony-newsos6
+ exit 0 ;;
+ R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+ if [ -d /usr/nec ]; then
+ echo mips-nec-sysv${UNAME_RELEASE}
+ else
+ echo mips-unknown-sysv${UNAME_RELEASE}
+ fi
+ exit 0 ;;
+ BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
+ echo powerpc-be-beos
+ exit 0 ;;
+ BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
+ echo powerpc-apple-beos
+ exit 0 ;;
+ BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
+ echo i586-pc-beos
+ exit 0 ;;
+ SX-4:SUPER-UX:*:*)
+ echo sx4-nec-superux${UNAME_RELEASE}
+ exit 0 ;;
+ SX-5:SUPER-UX:*:*)
+ echo sx5-nec-superux${UNAME_RELEASE}
+ exit 0 ;;
+ SX-6:SUPER-UX:*:*)
+ echo sx6-nec-superux${UNAME_RELEASE}
+ exit 0 ;;
+ Power*:Rhapsody:*:*)
+ echo powerpc-apple-rhapsody${UNAME_RELEASE}
+ exit 0 ;;
+ *:Rhapsody:*:*)
+ echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+ exit 0 ;;
+ *:Darwin:*:*)
+ case `uname -p` in
+ *86) UNAME_PROCESSOR=i686 ;;
+ powerpc) UNAME_PROCESSOR=powerpc ;;
+ esac
+ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+ exit 0 ;;
+ *:procnto*:*:* | *:QNX:[0123456789]*:*)
+ UNAME_PROCESSOR=`uname -p`
+ if test "$UNAME_PROCESSOR" = "x86"; then
+ UNAME_PROCESSOR=i386
+ UNAME_MACHINE=pc
+ fi
+ echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+ exit 0 ;;
+ *:QNX:*:4*)
+ echo i386-pc-qnx
+ exit 0 ;;
+ NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*)
+ echo nsr-tandem-nsk${UNAME_RELEASE}
+ exit 0 ;;
+ *:NonStop-UX:*:*)
+ echo mips-compaq-nonstopux
+ exit 0 ;;
+ BS2000:POSIX*:*:*)
+ echo bs2000-siemens-sysv
+ exit 0 ;;
+ DS/*:UNIX_System_V:*:*)
+ echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+ exit 0 ;;
+ *:Plan9:*:*)
+ # "uname -m" is not consistent, so use $cputype instead. 386
+ # is converted to i386 for consistency with other x86
+ # operating systems.
+ if test "$cputype" = "386"; then
+ UNAME_MACHINE=i386
+ else
+ UNAME_MACHINE="$cputype"
+ fi
+ echo ${UNAME_MACHINE}-unknown-plan9
+ exit 0 ;;
+ *:TOPS-10:*:*)
+ echo pdp10-unknown-tops10
+ exit 0 ;;
+ *:TENEX:*:*)
+ echo pdp10-unknown-tenex
+ exit 0 ;;
+ KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+ echo pdp10-dec-tops20
+ exit 0 ;;
+ XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+ echo pdp10-xkl-tops20
+ exit 0 ;;
+ *:TOPS-20:*:*)
+ echo pdp10-unknown-tops20
+ exit 0 ;;
+ *:ITS:*:*)
+ echo pdp10-unknown-its
+ exit 0 ;;
+ SEI:*:*:SEIUX)
+ echo mips-sei-seiux${UNAME_RELEASE}
+ exit 0 ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
+ I don't know.... */
+ printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+ printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+ "4"
+#else
+ ""
+#endif
+ ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+ printf ("arm-acorn-riscix"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+ printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+ int version;
+ version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+ if (version < 4)
+ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+ else
+ printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+ exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+ printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+ printf ("ns32k-encore-mach\n"); exit (0);
+#else
+ printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+ printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+ printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+ printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+ struct utsname un;
+
+ uname(&un);
+
+ if (strncmp(un.version, "V2", 2) == 0) {
+ printf ("i386-sequent-ptx2\n"); exit (0);
+ }
+ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+ printf ("i386-sequent-ptx1\n"); exit (0);
+ }
+ printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+# include <sys/param.h>
+# if defined (BSD)
+# if BSD == 43
+ printf ("vax-dec-bsd4.3\n"); exit (0);
+# else
+# if BSD == 199006
+ printf ("vax-dec-bsd4.3reno\n"); exit (0);
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# endif
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# else
+ printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+ printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+ exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+ case `getsysinfo -f cpu_type` in
+ c1*)
+ echo c1-convex-bsd
+ exit 0 ;;
+ c2*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit 0 ;;
+ c34*)
+ echo c34-convex-bsd
+ exit 0 ;;
+ c38*)
+ echo c38-convex-bsd
+ exit 0 ;;
+ c4*)
+ echo c4-convex-bsd
+ exit 0 ;;
+ esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+ ftp://ftp.gnu.org/pub/gnu/config/
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches at gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo = `(hostinfo) 2>/dev/null`
+/bin/universe = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
Property changes on: openldap/vendor/openldap-2.3.35/build/config.guess
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/build/config.sub
===================================================================
--- openldap/vendor/openldap-2.3.35/build/config.sub (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/config.sub 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1520 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+
+timestamp='2003-07-04-OpenLDAP'
+# $OpenLDAP: pkg/ldap/build/config.sub,v 1.14.2.4 2007/01/02 21:43:40 kurt Exp $
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine. It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330,
+# Boston, MA 02111-1307, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is distributed with OpenLDAP Software, which contains a
+# configuration script generated by Autoconf, and is distributable
+# under the same distributions terms as OpenLDAP itself.
+
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+##
+
+# Please send patches to <config-patches at gnu.org>. Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support. The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+ $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches at gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit 0 ;;
+ --version | -v )
+ echo "$version" ; exit 0 ;;
+ --help | --h* | -h )
+ echo "$usage"; exit 0 ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help"
+ exit 1 ;;
+
+ *local*)
+ # First pass through any local machine types.
+ echo $1
+ exit 0;;
+
+ * )
+ break ;;
+ esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+ exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+ exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+ nto-qnx* | linux-gnu* | kfreebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
+ os=-$maybe_os
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+ ;;
+ *)
+ basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+ if [ $basic_machine != $1 ]
+ then os=`echo $1 | sed 's/.*-/-/'`
+ else os=; fi
+ ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work. We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+ -sun*os*)
+ # Prevent following clause from handling this invalid input.
+ ;;
+ -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+ -apple | -axis)
+ os=
+ basic_machine=$1
+ ;;
+ -sim | -cisco | -oki | -wec | -winbond)
+ os=
+ basic_machine=$1
+ ;;
+ -scout)
+ ;;
+ -wrs)
+ os=-vxworks
+ basic_machine=$1
+ ;;
+ -chorusos*)
+ os=-chorusos
+ basic_machine=$1
+ ;;
+ -chorusrdb)
+ os=-chorusrdb
+ basic_machine=$1
+ ;;
+ -hiux*)
+ os=-hiuxwe2
+ ;;
+ -sco5)
+ os=-sco3.2v5
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco4)
+ os=-sco3.2v4
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2.[4-9]*)
+ os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2v[4-9]*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco*)
+ os=-sco3.2v2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -udk*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -isc)
+ os=-isc2.2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -clix*)
+ basic_machine=clipper-intergraph
+ ;;
+ -isc*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -lynx*)
+ os=-lynxos
+ ;;
+ -ptx*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+ ;;
+ -windowsnt*)
+ os=`echo $os | sed -e 's/windowsnt/winnt/'`
+ ;;
+ -psos*)
+ os=-psos
+ ;;
+ -mint | -mint[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+ # Recognize the basic CPU types without company name.
+ # Some are omitted here because they have special meanings below.
+ 1750a | 580 \
+ | a29k \
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
+ | c4x | clipper \
+ | d10v | d30v | dlx | dsp16xx \
+ | fr30 | frv \
+ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | i370 | i860 | i960 | ia64 \
+ | ip2k \
+ | m32r | m68000 | m68k | m88k | mcore \
+ | mips | mipsbe | mipseb | mipsel | mipsle \
+ | mips16 \
+ | mips64 | mips64el \
+ | mips64vr | mips64vrel \
+ | mips64orion | mips64orionel \
+ | mips64vr4100 | mips64vr4100el \
+ | mips64vr4300 | mips64vr4300el \
+ | mips64vr5000 | mips64vr5000el \
+ | mipsisa32 | mipsisa32el \
+ | mipsisa32r2 | mipsisa32r2el \
+ | mipsisa64 | mipsisa64el \
+ | mipsisa64sb1 | mipsisa64sb1el \
+ | mipsisa64sr71k | mipsisa64sr71kel \
+ | mipstx39 | mipstx39el \
+ | mn10200 | mn10300 \
+ | msp430 \
+ | ns16k | ns32k \
+ | openrisc | or32 \
+ | pdp10 | pdp11 | pj | pjl \
+ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+ | pyramid \
+ | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
+ | sh64 | sh64le \
+ | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
+ | strongarm \
+ | tahoe | thumb | tic4x | tic80 | tron \
+ | v850 | v850e \
+ | we32k \
+ | x86 | xscale | xstormy16 | xtensa \
+ | z8k)
+ basic_machine=$basic_machine-unknown
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12)
+ # Motorola 68HC11/12.
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+ ;;
+
+ # We use `pc' rather than `unknown'
+ # because (1) that's what they normally are, and
+ # (2) the word "unknown" tends to confuse beginning users.
+ i*86 | x86_64)
+ basic_machine=$basic_machine-pc
+ ;;
+ # Object if more than one company name word.
+ *-*-*)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+ # Recognize the basic CPU types with company name.
+ 580-* \
+ | a29k-* \
+ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+ | alphapca5[67]-* | alpha64pca5[67]-* | amd64-* | arc-* \
+ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
+ | avr-* \
+ | bs2000-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+ | clipper-* | cydra-* \
+ | d10v-* | d30v-* | dlx-* \
+ | elxsi-* \
+ | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+ | h8300-* | h8500-* \
+ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+ | i*86-* | i860-* | i960-* | ia64-* \
+ | ip2k-* \
+ | m32r-* \
+ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+ | m88110-* | m88k-* | mcore-* \
+ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+ | mips16-* \
+ | mips64-* | mips64el-* \
+ | mips64vr-* | mips64vrel-* \
+ | mips64orion-* | mips64orionel-* \
+ | mips64vr4100-* | mips64vr4100el-* \
+ | mips64vr4300-* | mips64vr4300el-* \
+ | mips64vr5000-* | mips64vr5000el-* \
+ | mipsisa32-* | mipsisa32el-* \
+ | mipsisa32r2-* | mipsisa32r2el-* \
+ | mipsisa64-* | mipsisa64el-* \
+ | mipsisa64sb1-* | mipsisa64sb1el-* \
+ | mipsisa64sr71k-* | mipsisa64sr71kel-* \
+ | mipstx39-* | mipstx39el-* \
+ | msp430-* \
+ | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
+ | orion-* \
+ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+ | pyramid-* \
+ | romp-* | rs6000-* \
+ | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
+ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+ | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
+ | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
+ | tahoe-* | thumb-* \
+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tron-* \
+ | v850-* | v850e-* | vax-* \
+ | we32k-* \
+ | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
+ | xtensa-* \
+ | ymp-* \
+ | z8k-*)
+ ;;
+ # Recognize the various machine names and aliases which stand
+ # for a CPU type and a company and sometimes even an OS.
+ 386bsd)
+ basic_machine=i386-unknown
+ os=-bsd
+ ;;
+ 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+ basic_machine=m68000-att
+ ;;
+ 3b*)
+ basic_machine=we32k-att
+ ;;
+ a29khif)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ adobe68k)
+ basic_machine=m68010-adobe
+ os=-scout
+ ;;
+ alliant | fx80)
+ basic_machine=fx80-alliant
+ ;;
+ altos | altos3068)
+ basic_machine=m68k-altos
+ ;;
+ am29k)
+ basic_machine=a29k-none
+ os=-bsd
+ ;;
+ amd64)
+ basic_machine=x86_64-pc
+ ;;
+ amdahl)
+ basic_machine=580-amdahl
+ os=-sysv
+ ;;
+ amiga | amiga-*)
+ basic_machine=m68k-unknown
+ ;;
+ amigaos | amigados)
+ basic_machine=m68k-unknown
+ os=-amigaos
+ ;;
+ amigaunix | amix)
+ basic_machine=m68k-unknown
+ os=-sysv4
+ ;;
+ apollo68)
+ basic_machine=m68k-apollo
+ os=-sysv
+ ;;
+ apollo68bsd)
+ basic_machine=m68k-apollo
+ os=-bsd
+ ;;
+ aux)
+ basic_machine=m68k-apple
+ os=-aux
+ ;;
+ balance)
+ basic_machine=ns32k-sequent
+ os=-dynix
+ ;;
+ c90)
+ basic_machine=c90-cray
+ os=-unicos
+ ;;
+ convex-c1)
+ basic_machine=c1-convex
+ os=-bsd
+ ;;
+ convex-c2)
+ basic_machine=c2-convex
+ os=-bsd
+ ;;
+ convex-c32)
+ basic_machine=c32-convex
+ os=-bsd
+ ;;
+ convex-c34)
+ basic_machine=c34-convex
+ os=-bsd
+ ;;
+ convex-c38)
+ basic_machine=c38-convex
+ os=-bsd
+ ;;
+ cray | j90)
+ basic_machine=j90-cray
+ os=-unicos
+ ;;
+ crds | unos)
+ basic_machine=m68k-crds
+ ;;
+ cris | cris-* | etrax*)
+ basic_machine=cris-axis
+ ;;
+ da30 | da30-*)
+ basic_machine=m68k-da30
+ ;;
+ decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+ basic_machine=mips-dec
+ ;;
+ decsystem10* | dec10*)
+ basic_machine=pdp10-dec
+ os=-tops10
+ ;;
+ decsystem20* | dec20*)
+ basic_machine=pdp10-dec
+ os=-tops20
+ ;;
+ delta | 3300 | motorola-3300 | motorola-delta \
+ | 3300-motorola | delta-motorola)
+ basic_machine=m68k-motorola
+ ;;
+ delta88)
+ basic_machine=m88k-motorola
+ os=-sysv3
+ ;;
+ dpx20 | dpx20-*)
+ basic_machine=rs6000-bull
+ os=-bosx
+ ;;
+ dpx2* | dpx2*-bull)
+ basic_machine=m68k-bull
+ os=-sysv3
+ ;;
+ ebmon29k)
+ basic_machine=a29k-amd
+ os=-ebmon
+ ;;
+ elxsi)
+ basic_machine=elxsi-elxsi
+ os=-bsd
+ ;;
+ encore | umax | mmax)
+ basic_machine=ns32k-encore
+ ;;
+ es1800 | OSE68k | ose68k | ose | OSE)
+ basic_machine=m68k-ericsson
+ os=-ose
+ ;;
+ fx2800)
+ basic_machine=i860-alliant
+ ;;
+ genix)
+ basic_machine=ns32k-ns
+ ;;
+ gmicro)
+ basic_machine=tron-gmicro
+ os=-sysv
+ ;;
+ go32)
+ basic_machine=i386-pc
+ os=-go32
+ ;;
+ h3050r* | hiux*)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ h8300hms)
+ basic_machine=h8300-hitachi
+ os=-hms
+ ;;
+ h8300xray)
+ basic_machine=h8300-hitachi
+ os=-xray
+ ;;
+ h8500hms)
+ basic_machine=h8500-hitachi
+ os=-hms
+ ;;
+ harris)
+ basic_machine=m88k-harris
+ os=-sysv3
+ ;;
+ hp300-*)
+ basic_machine=m68k-hp
+ ;;
+ hp300bsd)
+ basic_machine=m68k-hp
+ os=-bsd
+ ;;
+ hp300hpux)
+ basic_machine=m68k-hp
+ os=-hpux
+ ;;
+ hp3k9[0-9][0-9] | hp9[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k2[0-9][0-9] | hp9k31[0-9])
+ basic_machine=m68000-hp
+ ;;
+ hp9k3[2-9][0-9])
+ basic_machine=m68k-hp
+ ;;
+ hp9k6[0-9][0-9] | hp6[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k7[0-79][0-9] | hp7[0-79][0-9])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k78[0-9] | hp78[0-9])
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][13679] | hp8[0-9][13679])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][0-9] | hp8[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hppa-next)
+ os=-nextstep3
+ ;;
+ hppaosf)
+ basic_machine=hppa1.1-hp
+ os=-osf
+ ;;
+ hppro)
+ basic_machine=hppa1.1-hp
+ os=-proelf
+ ;;
+ i370-ibm* | ibm*)
+ basic_machine=i370-ibm
+ ;;
+# I'm not sure what "Sysv32" means. Should this be sysv3.2?
+ i*86v32)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv32
+ ;;
+ i*86v4*)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv4
+ ;;
+ i*86v)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv
+ ;;
+ i*86sol2)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-solaris2
+ ;;
+ i386mach)
+ basic_machine=i386-mach
+ os=-mach
+ ;;
+ i386-vsta | vsta)
+ basic_machine=i386-unknown
+ os=-vsta
+ ;;
+ iris | iris4d)
+ basic_machine=mips-sgi
+ case $os in
+ -irix*)
+ ;;
+ *)
+ os=-irix4
+ ;;
+ esac
+ ;;
+ isi68 | isi)
+ basic_machine=m68k-isi
+ os=-sysv
+ ;;
+ m88k-omron*)
+ basic_machine=m88k-omron
+ ;;
+ magnum | m3230)
+ basic_machine=mips-mips
+ os=-sysv
+ ;;
+ merlin)
+ basic_machine=ns32k-utek
+ os=-sysv
+ ;;
+ mingw32)
+ basic_machine=i386-pc
+ os=-mingw32
+ ;;
+ miniframe)
+ basic_machine=m68000-convergent
+ ;;
+ *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+ mips3*-*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+ ;;
+ mips3*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+ ;;
+ mmix*)
+ basic_machine=mmix-knuth
+ os=-mmixware
+ ;;
+ monitor)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ morphos)
+ basic_machine=powerpc-unknown
+ os=-morphos
+ ;;
+ msdos)
+ basic_machine=i386-pc
+ os=-msdos
+ ;;
+ mvs)
+ basic_machine=i370-ibm
+ os=-mvs
+ ;;
+ ncr3000)
+ basic_machine=i486-ncr
+ os=-sysv4
+ ;;
+ netbsd386)
+ basic_machine=i386-unknown
+ os=-netbsd
+ ;;
+ netwinder)
+ basic_machine=armv4l-rebel
+ os=-linux
+ ;;
+ news | news700 | news800 | news900)
+ basic_machine=m68k-sony
+ os=-newsos
+ ;;
+ news1000)
+ basic_machine=m68030-sony
+ os=-newsos
+ ;;
+ news-3600 | risc-news)
+ basic_machine=mips-sony
+ os=-newsos
+ ;;
+ necv70)
+ basic_machine=v70-nec
+ os=-sysv
+ ;;
+ next | m*-next )
+ basic_machine=m68k-next
+ case $os in
+ -nextstep* )
+ ;;
+ -ns2*)
+ os=-nextstep2
+ ;;
+ *)
+ os=-nextstep3
+ ;;
+ esac
+ ;;
+ nh3000)
+ basic_machine=m68k-harris
+ os=-cxux
+ ;;
+ nh[45]000)
+ basic_machine=m88k-harris
+ os=-cxux
+ ;;
+ nindy960)
+ basic_machine=i960-intel
+ os=-nindy
+ ;;
+ mon960)
+ basic_machine=i960-intel
+ os=-mon960
+ ;;
+ nonstopux)
+ basic_machine=mips-compaq
+ os=-nonstopux
+ ;;
+ np1)
+ basic_machine=np1-gould
+ ;;
+ nv1)
+ basic_machine=nv1-cray
+ os=-unicosmp
+ ;;
+ nsr-tandem)
+ basic_machine=nsr-tandem
+ ;;
+ op50n-* | op60c-*)
+ basic_machine=hppa1.1-oki
+ os=-proelf
+ ;;
+ or32 | or32-*)
+ basic_machine=or32-unknown
+ os=-coff
+ ;;
+ OSE68000 | ose68000)
+ basic_machine=m68000-ericsson
+ os=-ose
+ ;;
+ os68k)
+ basic_machine=m68k-none
+ os=-os68k
+ ;;
+ pa-hitachi)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ paragon)
+ basic_machine=i860-intel
+ os=-osf
+ ;;
+ pbd)
+ basic_machine=sparc-tti
+ ;;
+ pbb)
+ basic_machine=m68k-tti
+ ;;
+ pc532 | pc532-*)
+ basic_machine=ns32k-pc532
+ ;;
+ pentium | p5 | k5 | k6 | nexgen | viac3)
+ basic_machine=i586-pc
+ ;;
+ pentiumpro | p6 | 6x86 | athlon | athlon_*)
+ basic_machine=i686-pc
+ ;;
+ pentiumii | pentium2 | pentiumiii | pentium3)
+ basic_machine=i686-pc
+ ;;
+ pentium4)
+ basic_machine=i786-pc
+ ;;
+ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+ basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumpro-* | p6-* | 6x86-* | athlon-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium4-*)
+ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pn)
+ basic_machine=pn-gould
+ ;;
+ power) basic_machine=power-ibm
+ ;;
+ ppc) basic_machine=powerpc-unknown
+ ;;
+ ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppcle | powerpclittle | ppc-le | powerpc-little)
+ basic_machine=powerpcle-unknown
+ ;;
+ ppcle-* | powerpclittle-*)
+ basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64) basic_machine=powerpc64-unknown
+ ;;
+ ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+ basic_machine=powerpc64le-unknown
+ ;;
+ ppc64le-* | powerpc64little-*)
+ basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ps2)
+ basic_machine=i386-ibm
+ ;;
+ pw32)
+ basic_machine=i586-unknown
+ os=-pw32
+ ;;
+ rom68k)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ rm[46]00)
+ basic_machine=mips-siemens
+ ;;
+ rtpc | rtpc-*)
+ basic_machine=romp-ibm
+ ;;
+ s390 | s390-*)
+ basic_machine=s390-ibm
+ ;;
+ s390x | s390x-*)
+ basic_machine=s390x-ibm
+ ;;
+ sa29200)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ sb1)
+ basic_machine=mipsisa64sb1-unknown
+ ;;
+ sb1el)
+ basic_machine=mipsisa64sb1el-unknown
+ ;;
+ sei)
+ basic_machine=mips-sei
+ os=-seiux
+ ;;
+ sequent)
+ basic_machine=i386-sequent
+ ;;
+ sh)
+ basic_machine=sh-hitachi
+ os=-hms
+ ;;
+ sh64)
+ basic_machine=sh64-unknown
+ ;;
+ sparclite-wrs | simso-wrs)
+ basic_machine=sparclite-wrs
+ os=-vxworks
+ ;;
+ sps7)
+ basic_machine=m68k-bull
+ os=-sysv2
+ ;;
+ spur)
+ basic_machine=spur-unknown
+ ;;
+ st2000)
+ basic_machine=m68k-tandem
+ ;;
+ stratus)
+ basic_machine=i860-stratus
+ os=-sysv4
+ ;;
+ sun2)
+ basic_machine=m68000-sun
+ ;;
+ sun2os3)
+ basic_machine=m68000-sun
+ os=-sunos3
+ ;;
+ sun2os4)
+ basic_machine=m68000-sun
+ os=-sunos4
+ ;;
+ sun3os3)
+ basic_machine=m68k-sun
+ os=-sunos3
+ ;;
+ sun3os4)
+ basic_machine=m68k-sun
+ os=-sunos4
+ ;;
+ sun4os3)
+ basic_machine=sparc-sun
+ os=-sunos3
+ ;;
+ sun4os4)
+ basic_machine=sparc-sun
+ os=-sunos4
+ ;;
+ sun4sol2)
+ basic_machine=sparc-sun
+ os=-solaris2
+ ;;
+ sun3 | sun3-*)
+ basic_machine=m68k-sun
+ ;;
+ sun4)
+ basic_machine=sparc-sun
+ ;;
+ sun386 | sun386i | roadrunner)
+ basic_machine=i386-sun
+ ;;
+ sv1)
+ basic_machine=sv1-cray
+ os=-unicos
+ ;;
+ symmetry)
+ basic_machine=i386-sequent
+ os=-dynix
+ ;;
+ t3e)
+ basic_machine=alphaev5-cray
+ os=-unicos
+ ;;
+ t90)
+ basic_machine=t90-cray
+ os=-unicos
+ ;;
+ tic54x | c54x*)
+ basic_machine=tic54x-unknown
+ os=-coff
+ ;;
+ tic55x | c55x*)
+ basic_machine=tic55x-unknown
+ os=-coff
+ ;;
+ tic6x | c6x*)
+ basic_machine=tic6x-unknown
+ os=-coff
+ ;;
+ tx39)
+ basic_machine=mipstx39-unknown
+ ;;
+ tx39el)
+ basic_machine=mipstx39el-unknown
+ ;;
+ toad1)
+ basic_machine=pdp10-xkl
+ os=-tops20
+ ;;
+ tower | tower-32)
+ basic_machine=m68k-ncr
+ ;;
+ udi29k)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ ultra3)
+ basic_machine=a29k-nyu
+ os=-sym1
+ ;;
+ v810 | necv810)
+ basic_machine=v810-nec
+ os=-none
+ ;;
+ vaxv)
+ basic_machine=vax-dec
+ os=-sysv
+ ;;
+ vms)
+ basic_machine=vax-dec
+ os=-vms
+ ;;
+ vpp*|vx|vx-*)
+ basic_machine=f301-fujitsu
+ ;;
+ vxworks960)
+ basic_machine=i960-wrs
+ os=-vxworks
+ ;;
+ vxworks68)
+ basic_machine=m68k-wrs
+ os=-vxworks
+ ;;
+ vxworks29k)
+ basic_machine=a29k-wrs
+ os=-vxworks
+ ;;
+ w65*)
+ basic_machine=w65-wdc
+ os=-none
+ ;;
+ w89k-*)
+ basic_machine=hppa1.1-winbond
+ os=-proelf
+ ;;
+ xps | xps100)
+ basic_machine=xps100-honeywell
+ ;;
+ ymp)
+ basic_machine=ymp-cray
+ os=-unicos
+ ;;
+ z8k-*-coff)
+ basic_machine=z8k-unknown
+ os=-sim
+ ;;
+ none)
+ basic_machine=none-none
+ os=-none
+ ;;
+
+# Here we handle the default manufacturer of certain CPU types. It is in
+# some cases the only manufacturer, in others, it is the most popular.
+ w89k)
+ basic_machine=hppa1.1-winbond
+ ;;
+ op50n)
+ basic_machine=hppa1.1-oki
+ ;;
+ op60c)
+ basic_machine=hppa1.1-oki
+ ;;
+ romp)
+ basic_machine=romp-ibm
+ ;;
+ rs6000)
+ basic_machine=rs6000-ibm
+ ;;
+ vax)
+ basic_machine=vax-dec
+ ;;
+ pdp10)
+ # there are many clones, so DEC is not a safe bet
+ basic_machine=pdp10-unknown
+ ;;
+ pdp11)
+ basic_machine=pdp11-dec
+ ;;
+ we32k)
+ basic_machine=we32k-att
+ ;;
+ sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele)
+ basic_machine=sh-unknown
+ ;;
+ sh64)
+ basic_machine=sh64-unknown
+ ;;
+ sparc | sparcv9 | sparcv9b)
+ basic_machine=sparc-sun
+ ;;
+ cydra)
+ basic_machine=cydra-cydrome
+ ;;
+ orion)
+ basic_machine=orion-highlevel
+ ;;
+ orion105)
+ basic_machine=clipper-highlevel
+ ;;
+ mac | mpw | mac-mpw)
+ basic_machine=m68k-apple
+ ;;
+ pmac | pmac-mpw)
+ basic_machine=powerpc-apple
+ ;;
+ *-unknown)
+ # Make sure to match an already-canonicalized machine name.
+ ;;
+ *)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+ *-digital*)
+ basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+ ;;
+ *-commodore*)
+ basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+ ;;
+ *)
+ ;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+ # First match some system type aliases
+ # that might get confused with valid system types.
+ # -solaris* is a basic system type, with this one exception.
+ -solaris1 | -solaris1.*)
+ os=`echo $os | sed -e 's|solaris1|sunos4|'`
+ ;;
+ -solaris)
+ os=-solaris2
+ ;;
+ -svr4*)
+ os=-sysv4
+ ;;
+ -unixware*)
+ os=-sysv4.2uw
+ ;;
+ -gnu/linux*)
+ os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+ ;;
+ # First accept the basic system types.
+ # The portable systems comes first.
+ # Each alternative MUST END IN A *, to match a version number.
+ # -sysv* is not here because it comes later, after sysvr4.
+ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+ | -aos* \
+ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+ | -hiux* | -386bsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \
+ | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+ | -chorusos* | -chorusrdb* \
+ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+ | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei*)
+ # Remember, each alternative MUST END IN *, to match a version number.
+ ;;
+ -qnx*)
+ case $basic_machine in
+ x86-* | i*86-*)
+ ;;
+ *)
+ os=-nto$os
+ ;;
+ esac
+ ;;
+ -nto-qnx*)
+ ;;
+ -nto*)
+ os=`echo $os | sed -e 's|nto|nto-qnx|'`
+ ;;
+ -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
+ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+ ;;
+ -mac*)
+ os=`echo $os | sed -e 's|mac|macos|'`
+ ;;
+ -linux*)
+ os=`echo $os | sed -e 's|linux|linux-gnu|'`
+ ;;
+ -sunos5*)
+ os=`echo $os | sed -e 's|sunos5|solaris2|'`
+ ;;
+ -sunos6*)
+ os=`echo $os | sed -e 's|sunos6|solaris3|'`
+ ;;
+ -opened*)
+ os=-openedition
+ ;;
+ -wince*)
+ os=-wince
+ ;;
+ -osfrose*)
+ os=-osfrose
+ ;;
+ -osf*)
+ os=-osf
+ ;;
+ -utek*)
+ os=-bsd
+ ;;
+ -dynix*)
+ os=-bsd
+ ;;
+ -acis*)
+ os=-aos
+ ;;
+ -atheos*)
+ os=-atheos
+ ;;
+ -386bsd)
+ os=-bsd
+ ;;
+ -ctix* | -uts*)
+ os=-sysv
+ ;;
+ -nova*)
+ os=-rtmk-nova
+ ;;
+ -ns2 )
+ os=-nextstep2
+ ;;
+ -nsk*)
+ os=-nsk
+ ;;
+ # Preserve the version number of sinix5.
+ -sinix5.*)
+ os=`echo $os | sed -e 's|sinix|sysv|'`
+ ;;
+ -sinix*)
+ os=-sysv4
+ ;;
+ -triton*)
+ os=-sysv3
+ ;;
+ -oss*)
+ os=-sysv3
+ ;;
+ -svr4)
+ os=-sysv4
+ ;;
+ -svr3)
+ os=-sysv3
+ ;;
+ -sysvr4)
+ os=-sysv4
+ ;;
+ # This must come after -sysvr4.
+ -sysv*)
+ ;;
+ -ose*)
+ os=-ose
+ ;;
+ -es1800*)
+ os=-ose
+ ;;
+ -xenix)
+ os=-xenix
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ os=-mint
+ ;;
+ -aros*)
+ os=-aros
+ ;;
+ -kaos*)
+ os=-kaos
+ ;;
+ -none)
+ ;;
+ *)
+ # Get rid of the `-' at the beginning of $os.
+ os=`echo $os | sed 's/[^-]*-//'`
+ echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system. Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+ *-acorn)
+ os=-riscix1.2
+ ;;
+ arm*-rebel)
+ os=-linux
+ ;;
+ arm*-semi)
+ os=-aout
+ ;;
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
+ # This must come before the *-dec entry.
+ pdp10-*)
+ os=-tops20
+ ;;
+ pdp11-*)
+ os=-none
+ ;;
+ *-dec | vax-*)
+ os=-ultrix4.2
+ ;;
+ m68*-apollo)
+ os=-domain
+ ;;
+ i386-sun)
+ os=-sunos4.0.2
+ ;;
+ m68000-sun)
+ os=-sunos3
+ # This also exists in the configure program, but was not the
+ # default.
+ # os=-sunos4
+ ;;
+ m68*-cisco)
+ os=-aout
+ ;;
+ mips*-cisco)
+ os=-elf
+ ;;
+ mips*-*)
+ os=-elf
+ ;;
+ or32-*)
+ os=-coff
+ ;;
+ *-tti) # must be before sparc entry or we get the wrong os.
+ os=-sysv3
+ ;;
+ sparc-* | *-sun)
+ os=-sunos4.1.1
+ ;;
+ *-be)
+ os=-beos
+ ;;
+ *-ibm)
+ os=-aix
+ ;;
+ *-wec)
+ os=-proelf
+ ;;
+ *-winbond)
+ os=-proelf
+ ;;
+ *-oki)
+ os=-proelf
+ ;;
+ *-hp)
+ os=-hpux
+ ;;
+ *-hitachi)
+ os=-hiux
+ ;;
+ i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+ os=-sysv
+ ;;
+ *-cbm)
+ os=-amigaos
+ ;;
+ *-dg)
+ os=-dgux
+ ;;
+ *-dolphin)
+ os=-sysv3
+ ;;
+ m68k-ccur)
+ os=-rtu
+ ;;
+ m88k-omron*)
+ os=-luna
+ ;;
+ *-next )
+ os=-nextstep
+ ;;
+ *-sequent)
+ os=-ptx
+ ;;
+ *-crds)
+ os=-unos
+ ;;
+ *-ns)
+ os=-genix
+ ;;
+ i370-*)
+ os=-mvs
+ ;;
+ *-next)
+ os=-nextstep3
+ ;;
+ *-gould)
+ os=-sysv
+ ;;
+ *-highlevel)
+ os=-bsd
+ ;;
+ *-encore)
+ os=-bsd
+ ;;
+ *-sgi)
+ os=-irix
+ ;;
+ *-siemens)
+ os=-sysv4
+ ;;
+ *-masscomp)
+ os=-rtu
+ ;;
+ f30[01]-fujitsu | f700-fujitsu)
+ os=-uxpv
+ ;;
+ *-rom68k)
+ os=-coff
+ ;;
+ *-*bug)
+ os=-coff
+ ;;
+ *-apple)
+ os=-macos
+ ;;
+ *-atari*)
+ os=-mint
+ ;;
+ *)
+ os=-none
+ ;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer. We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+ *-unknown)
+ case $os in
+ -riscix*)
+ vendor=acorn
+ ;;
+ -sunos*)
+ vendor=sun
+ ;;
+ -aix*)
+ vendor=ibm
+ ;;
+ -beos*)
+ vendor=be
+ ;;
+ -hpux*)
+ vendor=hp
+ ;;
+ -mpeix*)
+ vendor=hp
+ ;;
+ -hiux*)
+ vendor=hitachi
+ ;;
+ -unos*)
+ vendor=crds
+ ;;
+ -dgux*)
+ vendor=dg
+ ;;
+ -luna*)
+ vendor=omron
+ ;;
+ -genix*)
+ vendor=ns
+ ;;
+ -mvs* | -opened*)
+ vendor=ibm
+ ;;
+ -ptx*)
+ vendor=sequent
+ ;;
+ -vxsim* | -vxworks* | -windiss*)
+ vendor=wrs
+ ;;
+ -aux*)
+ vendor=apple
+ ;;
+ -hms*)
+ vendor=hitachi
+ ;;
+ -mpw* | -macos*)
+ vendor=apple
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ vendor=atari
+ ;;
+ -vos*)
+ vendor=stratus
+ ;;
+ esac
+ basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+ ;;
+esac
+
+echo $basic_machine$os
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
Property changes on: openldap/vendor/openldap-2.3.35/build/config.sub
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/build/crupdate
===================================================================
--- openldap/vendor/openldap-2.3.35/build/crupdate (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/crupdate 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,22 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/build/crupdate,v 1.5.2.3 2007/01/02 21:43:40 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Update copyright statements
+#
+
+set -e # exit immediately if any errors occur
+
+find . -type f -not -name 'LICENSE*' -print -exec perl -pi -e 's/Copyright ([0-9]{4})([,\-][0-9]{2,4})*,? The OpenLDAP Foundation/Copyright $1-2007 The OpenLDAP Foundation/g;' {} \;
+
Property changes on: openldap/vendor/openldap-2.3.35/build/crupdate
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/build/dir.mk
===================================================================
--- openldap/vendor/openldap-2.3.35/build/dir.mk (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/dir.mk 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,65 @@
+# $OpenLDAP: pkg/ldap/build/dir.mk,v 1.14.2.4 2007/01/02 21:43:40 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##---------------------------------------------------------------------------
+#
+# Makes subdirectories
+#
+
+
+all-common: FORCE
+ @echo "Making all in `$(PWD)`"
+ @for i in $(SUBDIRS) $(ALLDIRS); do \
+ echo " Entering subdirectory $$i"; \
+ ( cd $$i; $(MAKE) $(MFLAGS) all ); \
+ if test $$? != 0 ; then exit 1; fi ; \
+ echo " "; \
+ done
+
+install-common: FORCE
+ @echo "Making install in `$(PWD)`"
+ @for i in $(SUBDIRS) $(INSTALLDIRS); do \
+ echo " Entering subdirectory $$i"; \
+ ( cd $$i; $(MAKE) $(MFLAGS) install ); \
+ if test $$? != 0 ; then exit 1; fi ; \
+ echo " "; \
+ done
+
+clean-common: FORCE
+ @echo "Making clean in `$(PWD)`"
+ @for i in $(SUBDIRS) $(CLEANDIRS); do \
+ echo " Entering subdirectory $$i"; \
+ ( cd $$i; $(MAKE) $(MFLAGS) clean ); \
+ if test $$? != 0 ; then exit 1; fi ; \
+ echo " "; \
+ done
+
+veryclean-common: FORCE
+ @echo "Making veryclean in `$(PWD)`"
+ @for i in $(SUBDIRS) $(CLEANDIRS); do \
+ echo " Entering subdirectory $$i"; \
+ ( cd $$i; $(MAKE) $(MFLAGS) veryclean ); \
+ if test $$? != 0 ; then exit 1; fi ; \
+ echo " "; \
+ done
+
+depend-common: FORCE
+ @echo "Making depend in `$(PWD)`"
+ @for i in $(SUBDIRS) $(DEPENDDIRS); do \
+ echo " Entering subdirectory $$i"; \
+ ( cd $$i; $(MAKE) $(MFLAGS) depend ); \
+ if test $$? != 0 ; then exit 1; fi ; \
+ echo " "; \
+ done
+
+Makefile: $(top_srcdir)/build/dir.mk
Added: openldap/vendor/openldap-2.3.35/build/info.mk
===================================================================
--- openldap/vendor/openldap-2.3.35/build/info.mk (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/info.mk 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,19 @@
+# $OpenLDAP: pkg/ldap/build/info.mk,v 1.9.2.4 2007/01/02 21:43:40 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##---------------------------------------------------------------------------
+#
+# Makefile Template for Non-Source Directories
+#
+
+Makefile: $(top_srcdir)/build/info.mk
Added: openldap/vendor/openldap-2.3.35/build/lib-shared.mk
===================================================================
--- openldap/vendor/openldap-2.3.35/build/lib-shared.mk (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/lib-shared.mk 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,30 @@
+# $OpenLDAP: pkg/ldap/build/lib-shared.mk,v 1.19.2.4 2007/01/02 21:43:40 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##---------------------------------------------------------------------------
+#
+# Makefile Template for Shared Libraries
+#
+
+MKDEPFLAG = -l
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+ $(LTCOMPILE_LIB) $<
+
+$(LIBRARY): version.lo
+ $(LTLINK_LIB) -o $@ $(OBJS) version.lo $(LINK_LIBS)
+
+Makefile: $(top_srcdir)/build/lib-shared.mk
+
Added: openldap/vendor/openldap-2.3.35/build/lib-static.mk
===================================================================
--- openldap/vendor/openldap-2.3.35/build/lib-static.mk (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/lib-static.mk 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,23 @@
+# $OpenLDAP: pkg/ldap/build/lib-static.mk,v 1.10.2.4 2007/01/02 21:43:40 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##---------------------------------------------------------------------------
+#
+# Makefile Template for Static Libraries
+#
+
+$(LIBRARY): version.o
+ $(AR) ru $@ $(OBJS) version.o
+ @$(RANLIB) $@
+
+Makefile: $(top_srcdir)/build/lib-static.mk
Added: openldap/vendor/openldap-2.3.35/build/lib.mk
===================================================================
--- openldap/vendor/openldap-2.3.35/build/lib.mk (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/lib.mk 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,54 @@
+# $OpenLDAP: pkg/ldap/build/lib.mk,v 1.20.2.4 2007/01/02 21:43:40 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##---------------------------------------------------------------------------
+#
+# Makefile Template for Libraries
+#
+
+all-common: $(LIBRARY) $(PROGRAMS)
+
+version.c: Makefile
+ $(RM) $@
+ $(MKVERSION) $(LIBRARY) > $@
+
+version.o version.lo: version.c $(OBJS)
+
+install-common: FORCE
+
+lint: lint-local FORCE
+ $(LINT) $(DEFS) $(DEFINES) $(SRCS)
+
+lint5: lint5-local FORCE
+ $(5LINT) $(DEFS) $(DEFINES) $(SRCS)
+
+#
+# In the mingw/cygwin environment, the so and dll files must be
+# deleted separately, instead of using the {.so*,*.dll} construct
+# that was previously used. It just didn't work.
+#
+clean-common: FORCE
+ $(RM) $(LIBRARY) ../$(LIBRARY) $(XLIBRARY) \
+ $(PROGRAMS) $(XPROGRAMS) $(XSRCS) $(XXSRCS) \
+ *.o *.lo a.out *.exe core version.c .libs/* \
+ ../`$(BASENAME) $(LIBRARY) .la`.so* \
+ ../`$(BASENAME) $(LIBRARY) .la`*.dll
+
+depend-common: FORCE
+ $(MKDEP) $(DEFS) $(DEFINES) $(SRCS) $(XXSRCS)
+
+lint-local: FORCE
+lint5-local: FORCE
+
+Makefile: $(top_srcdir)/build/lib.mk
+
Added: openldap/vendor/openldap-2.3.35/build/ltmain.sh
===================================================================
--- openldap/vendor/openldap-2.3.35/build/ltmain.sh (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/ltmain.sh 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,6934 @@
+# ltmain.sh - Provide generalized library-building support services.
+# NOTE: Changing this file will not affect anything until you rerun configure.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+# Originally by Gordon Matzigkeit <gord at gnu.ai.mit.edu>, 1996
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is distributed with OpenLDAP Software, which contains a
+# configuration script generated by Autoconf, and is distributable
+# under the same distributions terms as OpenLDAP inself.
+
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+basename="s,^.*/,,g"
+
+# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
+# is ksh but when the shell is invoked as "sh" and the current value of
+# the _XPG environment variable is not equal to 1 (one), the special
+# positional parameter $0, within a function call, is the name of the
+# function.
+progpath="$0"
+
+# The name of this program:
+progname=`echo "$progpath" | $SED $basename`
+modename="$progname"
+
+# Global variables:
+EXIT_SUCCESS=0
+EXIT_FAILURE=1
+
+PROGRAM=ltmain.sh
+PACKAGE=libtool
+VERSION=1.5.22-OpenLDAP
+TIMESTAMP=" (1.1220.2.365 2005/12/18 22:14:06)"
+
+# See if we are running on zsh, and set the options which allow our
+# commands through without removal of \ escapes.
+if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+
+# Check that we have a working $echo.
+if test "X$1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X$1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then
+ # Yippee, $echo works!
+ :
+else
+ # Restart under the correct shell, and then maybe $echo will work.
+ exec $SHELL "$progpath" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<EOF
+$*
+EOF
+ exit $EXIT_SUCCESS
+fi
+
+default_mode=
+help="Try \`$progname --help' for more information."
+magic="%%%MAGIC variable%%%"
+mkdir="mkdir"
+mv="mv -f"
+rm="rm -f"
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed="${SED}"' -e 1s/^X//'
+sed_quote_subst='s/\([\\`\\"$\\\\]\)/\\\1/g'
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+ # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+ SP2NL='tr \040 \012'
+ NL2SP='tr \015\012 \040\040'
+ ;;
+ *) # EBCDIC based system
+ SP2NL='tr \100 \n'
+ NL2SP='tr \r\n \100\100'
+ ;;
+esac
+
+# NLS nuisances.
+# Only set LANG and LC_ALL to C if already set.
+# These must not be set unconditionally because not all systems understand
+# e.g. LANG=C (notably SCO).
+# We save the old values to restore during execute mode.
+if test "${LC_ALL+set}" = set; then
+ save_LC_ALL="$LC_ALL"; LC_ALL=C; export LC_ALL
+fi
+if test "${LANG+set}" = set; then
+ save_LANG="$LANG"; LANG=C; export LANG
+fi
+
+# Make sure IFS has a sensible default
+lt_nl='
+'
+IFS=" $lt_nl"
+
+if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
+ $echo "$modename: not configured to build any kind of library" 1>&2
+ $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2
+ exit $EXIT_FAILURE
+fi
+
+# Global variables.
+mode=$default_mode
+nonopt=
+prev=
+prevopt=
+run=
+show="$echo"
+show_help=
+execute_dlfiles=
+duplicate_deps=no
+preserve_args=
+lo2o="s/\\.lo\$/.${objext}/"
+o2lo="s/\\.${objext}\$/.lo/"
+
+#####################################
+# Shell function definitions:
+# This seems to be the best place for them
+
+# func_mktempdir [string]
+# Make a temporary directory that won't clash with other running
+# libtool processes, and avoids race conditions if possible. If
+# given, STRING is the basename for that directory.
+func_mktempdir ()
+{
+ my_template="${TMPDIR-/tmp}/${1-$progname}"
+
+ if test "$run" = ":"; then
+ # Return a directory name, but don't create it in dry-run mode
+ my_tmpdir="${my_template}-$$"
+ else
+
+ # If mktemp works, use that first and foremost
+ my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
+
+ if test ! -d "$my_tmpdir"; then
+ # Failing that, at least try and use $RANDOM to avoid a race
+ my_tmpdir="${my_template}-${RANDOM-0}$$"
+
+ save_mktempdir_umask=`umask`
+ umask 0077
+ $mkdir "$my_tmpdir"
+ umask $save_mktempdir_umask
+ fi
+
+ # If we're not in dry-run mode, bomb out on failure
+ test -d "$my_tmpdir" || {
+ $echo "cannot create temporary directory \`$my_tmpdir'" 1>&2
+ exit $EXIT_FAILURE
+ }
+ fi
+
+ $echo "X$my_tmpdir" | $Xsed
+}
+
+
+# func_win32_libid arg
+# return the library type of file 'arg'
+#
+# Need a lot of goo to handle *both* DLLs and import libs
+# Has to be a shell function in order to 'eat' the argument
+# that is supplied when $file_magic_command is called.
+func_win32_libid ()
+{
+ win32_libid_type="unknown"
+ win32_fileres=`file -L $1 2>/dev/null`
+ case $win32_fileres in
+ *ar\ archive\ import\ library*) # definitely import
+ win32_libid_type="x86 archive import"
+ ;;
+ *ar\ archive*) # could be an import, or static
+ if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | \
+ $EGREP -e 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then
+ win32_nmres=`eval $NM -f posix -A $1 | \
+ $SED -n -e '1,100{/ I /{s,.*,import,;p;q;};}'`
+ case $win32_nmres in
+ import*) win32_libid_type="x86 archive import";;
+ *) win32_libid_type="x86 archive static";;
+ esac
+ fi
+ ;;
+ *DLL*)
+ win32_libid_type="x86 DLL"
+ ;;
+ *executable*) # but shell scripts are "executable" too...
+ case $win32_fileres in
+ *MS\ Windows\ PE\ Intel*)
+ win32_libid_type="x86 DLL"
+ ;;
+ esac
+ ;;
+ esac
+ $echo $win32_libid_type
+}
+
+
+# func_infer_tag arg
+# Infer tagged configuration to use if any are available and
+# if one wasn't chosen via the "--tag" command line option.
+# Only attempt this if the compiler in the base compile
+# command doesn't match the default compiler.
+# arg is usually of the form 'gcc ...'
+func_infer_tag ()
+{
+ # FreeBSD-specific: where we install compilers with non-standard names
+ tag_compilers_CC="*cc cc* *gcc gcc*"
+ tag_compilers_CXX="*c++ c++* *g++ g++*"
+ base_compiler=`set -- "$@"; echo $1`
+
+ # If $tagname isn't set, then try to infer if the default "CC" tag applies
+ if test -z "$tagname"; then
+ for zp in $tag_compilers_CC; do
+ case $base_compiler in
+ $zp) tagname="CC"; break;;
+ esac
+ done
+ fi
+
+ if test -n "$available_tags" && test -z "$tagname"; then
+ CC_quoted=
+ for arg in $CC; do
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ CC_quoted="$CC_quoted $arg"
+ done
+ case $@ in
+ # Blanks in the command may have been stripped by the calling shell,
+ # but not from the CC environment variable when configure was run.
+ " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) ;;
+ # Blanks at the start of $base_compile will cause this to fail
+ # if we don't check for them as well.
+ *)
+ for z in $available_tags; do
+ if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
+ # Evaluate the configuration.
+ eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
+ CC_quoted=
+ for arg in $CC; do
+ # Double-quote args containing other shell metacharacters.
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ CC_quoted="$CC_quoted $arg"
+ done
+ case "$@ " in
+ " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*)
+ # The compiler in the base compile command matches
+ # the one in the tagged configuration.
+ # Assume this is the tagged configuration we want.
+ tagname=$z
+ break
+ ;;
+ esac
+
+ # FreeBSD-specific: try compilers based on inferred tag
+ if test -z "$tagname"; then
+ eval "tag_compilers=\$tag_compilers_${z}"
+ if test -n "$tag_compilers"; then
+ for zp in $tag_compilers; do
+ case $base_compiler in
+ $zp) tagname=$z; break;;
+ esac
+ done
+ if test -n "$tagname"; then
+ break
+ fi
+ fi
+ fi
+ fi
+ done
+ # If $tagname still isn't set, then no tagged configuration
+ # was found and let the user know that the "--tag" command
+ # line option must be used.
+ if test -z "$tagname"; then
+ $echo "$modename: unable to infer tagged configuration"
+ $echo "$modename: specify a tag with \`--tag'" 1>&2
+ exit $EXIT_FAILURE
+# else
+# $echo "$modename: using $tagname tagged configuration"
+ fi
+ ;;
+ esac
+ fi
+}
+
+
+# func_extract_an_archive dir oldlib
+func_extract_an_archive ()
+{
+ f_ex_an_ar_dir="$1"; shift
+ f_ex_an_ar_oldlib="$1"
+
+ $show "(cd $f_ex_an_ar_dir && $AR x $f_ex_an_ar_oldlib)"
+ $run eval "(cd \$f_ex_an_ar_dir && $AR x \$f_ex_an_ar_oldlib)" || exit $?
+ if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
+ :
+ else
+ $echo "$modename: ERROR: object name conflicts: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" 1>&2
+ exit $EXIT_FAILURE
+ fi
+}
+
+# func_extract_archives gentop oldlib ...
+func_extract_archives ()
+{
+ my_gentop="$1"; shift
+ my_oldlibs=${1+"$@"}
+ my_oldobjs=""
+ my_xlib=""
+ my_xabs=""
+ my_xdir=""
+ my_status=""
+
+ $show "${rm}r $my_gentop"
+ $run ${rm}r "$my_gentop"
+ $show "$mkdir $my_gentop"
+ $run $mkdir "$my_gentop"
+ my_status=$?
+ if test "$my_status" -ne 0 && test ! -d "$my_gentop"; then
+ exit $my_status
+ fi
+
+ for my_xlib in $my_oldlibs; do
+ # Extract the objects.
+ case $my_xlib in
+ [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;;
+ *) my_xabs=`pwd`"/$my_xlib" ;;
+ esac
+ my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'`
+ my_xdir="$my_gentop/$my_xlib"
+
+ $show "${rm}r $my_xdir"
+ $run ${rm}r "$my_xdir"
+ $show "$mkdir $my_xdir"
+ $run $mkdir "$my_xdir"
+ exit_status=$?
+ if test "$exit_status" -ne 0 && test ! -d "$my_xdir"; then
+ exit $exit_status
+ fi
+ case $host in
+ *-darwin*)
+ $show "Extracting $my_xabs"
+ # Do not bother doing anything if just a dry run
+ if test -z "$run"; then
+ darwin_orig_dir=`pwd`
+ cd $my_xdir || exit $?
+ darwin_archive=$my_xabs
+ darwin_curdir=`pwd`
+ darwin_base_archive=`$echo "X$darwin_archive" | $Xsed -e 's%^.*/%%'`
+ darwin_arches=`lipo -info "$darwin_archive" 2>/dev/null | $EGREP Architectures 2>/dev/null`
+ if test -n "$darwin_arches"; then
+ darwin_arches=`echo "$darwin_arches" | $SED -e 's/.*are://'`
+ darwin_arch=
+ $show "$darwin_base_archive has multiple architectures $darwin_arches"
+ for darwin_arch in $darwin_arches ; do
+ mkdir -p "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+ lipo -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}"
+ cd "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+ func_extract_an_archive "`pwd`" "${darwin_base_archive}"
+ cd "$darwin_curdir"
+ $rm "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}"
+ done # $darwin_arches
+ ## Okay now we have a bunch of thin objects, gotta fatten them up :)
+ darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print| xargs basename | sort -u | $NL2SP`
+ darwin_file=
+ darwin_files=
+ for darwin_file in $darwin_filelist; do
+ darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP`
+ lipo -create -output "$darwin_file" $darwin_files
+ done # $darwin_filelist
+ ${rm}r unfat-$$
+ cd "$darwin_orig_dir"
+ else
+ cd "$darwin_orig_dir"
+ func_extract_an_archive "$my_xdir" "$my_xabs"
+ fi # $darwin_arches
+ fi # $run
+ ;;
+ *)
+ func_extract_an_archive "$my_xdir" "$my_xabs"
+ ;;
+ esac
+ my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
+ done
+ func_extract_archives_result="$my_oldobjs"
+}
+# End of Shell function definitions
+#####################################
+
+# Darwin sucks
+eval std_shrext=\"$shrext_cmds\"
+
+disable_libs=no
+
+# Parse our command line options once, thoroughly.
+while test "$#" -gt 0
+do
+ arg="$1"
+ shift
+
+ case $arg in
+ -*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+ esac
+
+ # If the previous option needs an argument, assign it.
+ if test -n "$prev"; then
+ case $prev in
+ execute_dlfiles)
+ execute_dlfiles="$execute_dlfiles $arg"
+ ;;
+ tag)
+ tagname="$arg"
+ preserve_args="${preserve_args}=$arg"
+
+ # Check whether tagname contains only valid characters
+ case $tagname in
+ *[!-_A-Za-z0-9,/]*)
+ $echo "$progname: invalid tag name: $tagname" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ case $tagname in
+ CC)
+ # Don't test for the "default" C tag, as we know, it's there, but
+ # not specially marked.
+ ;;
+ *)
+ if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "$progpath" > /dev/null; then
+ taglist="$taglist $tagname"
+ # Evaluate the configuration.
+ eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$tagname'$/,/^# ### END LIBTOOL TAG CONFIG: '$tagname'$/p' < $progpath`"
+ else
+ $echo "$progname: ignoring unknown tag $tagname" 1>&2
+ fi
+ ;;
+ esac
+ ;;
+ *)
+ eval "$prev=\$arg"
+ ;;
+ esac
+
+ prev=
+ prevopt=
+ continue
+ fi
+
+ # Have we seen a non-optional argument yet?
+ case $arg in
+ --help)
+ show_help=yes
+ ;;
+
+ --version)
+ $echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP"
+ $echo
+ $echo "Copyright (C) 2005 Free Software Foundation, Inc."
+ $echo "This is free software; see the source for copying conditions. There is NO"
+ $echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+ exit $?
+ ;;
+
+ --config)
+ ${SED} -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $progpath
+ # Now print the configurations for the tags.
+ for tagname in $taglist; do
+ ${SED} -n -e "/^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$/,/^# ### END LIBTOOL TAG CONFIG: $tagname$/p" < "$progpath"
+ done
+ exit $?
+ ;;
+
+ --debug)
+ $echo "$progname: enabling shell trace mode"
+ set -x
+ preserve_args="$preserve_args $arg"
+ ;;
+
+ --dry-run | -n)
+ run=:
+ ;;
+
+ --features)
+ $echo "host: $host"
+ if test "$build_libtool_libs" = yes; then
+ $echo "enable shared libraries"
+ else
+ $echo "disable shared libraries"
+ fi
+ if test "$build_old_libs" = yes; then
+ $echo "enable static libraries"
+ else
+ $echo "disable static libraries"
+ fi
+ exit $?
+ ;;
+
+ --finish) mode="finish" ;;
+
+ --mode) prevopt="--mode" prev=mode ;;
+ --mode=*) mode="$optarg" ;;
+
+ --preserve-dup-deps) duplicate_deps="yes" ;;
+
+ --quiet | --silent)
+ show=:
+ preserve_args="$preserve_args $arg"
+ ;;
+
+ --tag)
+ prevopt="--tag"
+ prev=tag
+ preserve_args="$preserve_args --tag"
+ ;;
+ --tag=*)
+ set tag "$optarg" ${1+"$@"}
+ shift
+ prev=tag
+ preserve_args="$preserve_args --tag"
+ ;;
+
+ -dlopen)
+ prevopt="-dlopen"
+ prev=execute_dlfiles
+ ;;
+
+ -*)
+ $echo "$modename: unrecognized option \`$arg'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+
+ *)
+ nonopt="$arg"
+ break
+ ;;
+ esac
+done
+
+if test -n "$prevopt"; then
+ $echo "$modename: option \`$prevopt' requires an argument" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+fi
+
+case $disable_libs in
+no)
+ ;;
+shared)
+ build_libtool_libs=no
+ build_old_libs=yes
+ ;;
+static)
+ build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac`
+ ;;
+esac
+
+# If this variable is set in any of the actions, the command in it
+# will be execed at the end. This prevents here-documents from being
+# left over by shells.
+exec_cmd=
+
+if test -z "$show_help"; then
+
+ # Infer the operation mode.
+ if test -z "$mode"; then
+ $echo "*** Warning: inferring the mode of operation is deprecated." 1>&2
+ $echo "*** Future versions of Libtool will require --mode=MODE be specified." 1>&2
+ case $nonopt in
+ *cc | cc* | *++ | gcc* | *-gcc* | g++* | xlc*)
+ mode=link
+ for arg
+ do
+ case $arg in
+ -c)
+ mode=compile
+ break
+ ;;
+ esac
+ done
+ ;;
+ *db | *dbx | *strace | *truss)
+ mode=execute
+ ;;
+ *install*|cp|mv)
+ mode=install
+ ;;
+ *rm)
+ mode=uninstall
+ ;;
+ *)
+ # If we have no mode, but dlfiles were specified, then do execute mode.
+ test -n "$execute_dlfiles" && mode=execute
+
+ # Just use the default operation mode.
+ if test -z "$mode"; then
+ if test -n "$nonopt"; then
+ $echo "$modename: warning: cannot infer operation mode from \`$nonopt'" 1>&2
+ else
+ $echo "$modename: warning: cannot infer operation mode without MODE-ARGS" 1>&2
+ fi
+ fi
+ ;;
+ esac
+ fi
+
+ # Only execute mode is allowed to have -dlopen flags.
+ if test -n "$execute_dlfiles" && test "$mode" != execute; then
+ $echo "$modename: unrecognized option \`-dlopen'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Change the help message to a mode-specific one.
+ generic_help="$help"
+ help="Try \`$modename --help --mode=$mode' for more information."
+
+ # These modes are in order of execution frequency so that they run quickly.
+ case $mode in
+ # libtool compile mode
+ compile)
+ modename="$modename: compile"
+ # Get the compilation command and the source file.
+ base_compile=
+ srcfile="$nonopt" # always keep a non-empty value in "srcfile"
+ suppress_opt=yes
+ suppress_output=
+ arg_mode=normal
+ libobj=
+ later=
+
+ for arg
+ do
+ case $arg_mode in
+ arg )
+ # do not "continue". Instead, add this to base_compile
+ lastarg="$arg"
+ arg_mode=normal
+ ;;
+
+ target )
+ libobj="$arg"
+ arg_mode=normal
+ continue
+ ;;
+
+ normal )
+ # Accept any command-line options.
+ case $arg in
+ -o)
+ if test -n "$libobj" ; then
+ $echo "$modename: you cannot specify \`-o' more than once" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ arg_mode=target
+ continue
+ ;;
+
+ -static | -prefer-pic | -prefer-non-pic)
+ later="$later $arg"
+ continue
+ ;;
+
+ -no-suppress)
+ suppress_opt=no
+ continue
+ ;;
+
+ -Xcompiler)
+ arg_mode=arg # the next one goes into the "base_compile" arg list
+ continue # The current "srcfile" will either be retained or
+ ;; # replaced later. I would guess that would be a bug.
+
+ -Wc,*)
+ args=`$echo "X$arg" | $Xsed -e "s/^-Wc,//"`
+ lastarg=
+ save_ifs="$IFS"; IFS=','
+ for arg in $args; do
+ IFS="$save_ifs"
+
+ # Double-quote args containing other shell metacharacters.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, so we specify it separately.
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ lastarg="$lastarg $arg"
+ done
+ IFS="$save_ifs"
+ lastarg=`$echo "X$lastarg" | $Xsed -e "s/^ //"`
+
+ # Add the arguments to base_compile.
+ base_compile="$base_compile $lastarg"
+ continue
+ ;;
+
+ * )
+ # Accept the current argument as the source file.
+ # The previous "srcfile" becomes the current argument.
+ #
+ lastarg="$srcfile"
+ srcfile="$arg"
+ ;;
+ esac # case $arg
+ ;;
+ esac # case $arg_mode
+
+ # Aesthetically quote the previous argument.
+ lastarg=`$echo "X$lastarg" | $Xsed -e "$sed_quote_subst"`
+
+ case $lastarg in
+ # Double-quote args containing other shell metacharacters.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, and some SunOS ksh mistreat backslash-escaping
+ # in scan sets (worked around with variable expansion),
+ # and furthermore cannot handle '|' '&' '(' ')' in scan sets
+ # at all, so we specify them separately.
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ lastarg="\"$lastarg\""
+ ;;
+ esac
+
+ base_compile="$base_compile $lastarg"
+ done # for arg
+
+ case $arg_mode in
+ arg)
+ $echo "$modename: you must specify an argument for -Xcompile"
+ exit $EXIT_FAILURE
+ ;;
+ target)
+ $echo "$modename: you must specify a target with \`-o'" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ *)
+ # Get the name of the library object.
+ [ -z "$libobj" ] && libobj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%'`
+ ;;
+ esac
+
+ # Recognize several different file suffixes.
+ # If the user specifies -o file.o, it is replaced with file.lo
+ xform='[cCFSifmso]'
+ case $libobj in
+ *.ada) xform=ada ;;
+ *.adb) xform=adb ;;
+ *.ads) xform=ads ;;
+ *.asm) xform=asm ;;
+ *.c++) xform=c++ ;;
+ *.cc) xform=cc ;;
+ *.ii) xform=ii ;;
+ *.class) xform=class ;;
+ *.cpp) xform=cpp ;;
+ *.cxx) xform=cxx ;;
+ *.f90) xform=f90 ;;
+ *.for) xform=for ;;
+ *.java) xform=java ;;
+ esac
+
+ libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"`
+
+ case $libobj in
+ *.lo) obj=`$echo "X$libobj" | $Xsed -e "$lo2o"` ;;
+ *)
+ $echo "$modename: cannot determine name of library object from \`$libobj'" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ func_infer_tag $base_compile
+
+ for arg in $later; do
+ case $arg in
+ -static)
+ build_old_libs=yes
+ continue
+ ;;
+
+ -prefer-pic)
+ pic_mode=yes
+ continue
+ ;;
+
+ -prefer-non-pic)
+ pic_mode=no
+ continue
+ ;;
+ esac
+ done
+
+ qlibobj=`$echo "X$libobj" | $Xsed -e "$sed_quote_subst"`
+ case $qlibobj in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ qlibobj="\"$qlibobj\"" ;;
+ esac
+ test "X$libobj" != "X$qlibobj" \
+ && $echo "X$libobj" | grep '[]~#^*{};<>?"'"'"' &()|`$[]' \
+ && $echo "$modename: libobj name \`$libobj' may not contain shell special characters."
+ objname=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
+ xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$xdir" = "X$obj"; then
+ xdir=
+ else
+ xdir=$xdir/
+ fi
+ lobj=${xdir}$objdir/$objname
+
+ if test -z "$base_compile"; then
+ $echo "$modename: you must specify a compilation command" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Delete any leftover library objects.
+ if test "$build_old_libs" = yes; then
+ removelist="$obj $lobj $libobj ${libobj}T"
+ else
+ removelist="$lobj $libobj ${libobj}T"
+ fi
+
+ $run $rm $removelist
+ trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15
+
+ # On Cygwin there's no "real" PIC flag so we must build both object types
+ case $host_os in
+ cygwin* | mingw* | pw32* | os2*)
+ pic_mode=default
+ ;;
+ esac
+ if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then
+ # non-PIC code in shared libraries is not supported
+ pic_mode=default
+ fi
+
+ # Calculate the filename of the output object if compiler does
+ # not support -o with -c
+ if test "$compiler_c_o" = no; then
+ output_obj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
+ lockfile="$output_obj.lock"
+ removelist="$removelist $output_obj $lockfile"
+ trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15
+ else
+ output_obj=
+ need_locks=no
+ lockfile=
+ fi
+
+ # Lock this critical section if it is needed
+ # We use this script file to make the link, it avoids creating a new file
+ if test "$need_locks" = yes; then
+ until $run ln "$progpath" "$lockfile" 2>/dev/null; do
+ $show "Waiting for $lockfile to be removed"
+ sleep 2
+ done
+ elif test "$need_locks" = warn; then
+ if test -f "$lockfile"; then
+ $echo "\
+*** ERROR, $lockfile exists and contains:
+`cat $lockfile 2>/dev/null`
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $run $rm $removelist
+ exit $EXIT_FAILURE
+ fi
+ $echo "$srcfile" > "$lockfile"
+ fi
+
+ if test -n "$fix_srcfile_path"; then
+ eval srcfile=\"$fix_srcfile_path\"
+ fi
+ qsrcfile=`$echo "X$srcfile" | $Xsed -e "$sed_quote_subst"`
+ case $qsrcfile in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ qsrcfile="\"$qsrcfile\"" ;;
+ esac
+
+ $run $rm "$libobj" "${libobj}T"
+
+ # Create a libtool object file (analogous to a ".la" file),
+ # but don't create it if we're doing a dry run.
+ test -z "$run" && cat > ${libobj}T <<EOF
+# $libobj - a libtool object file
+# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# Name of the PIC object.
+EOF
+
+ # Only build a PIC object if we are building libtool libraries.
+ if test "$build_libtool_libs" = yes; then
+ # Without this assignment, base_compile gets emptied.
+ fbsd_hideous_sh_bug=$base_compile
+
+ if test "$pic_mode" != no; then
+ command="$base_compile $qsrcfile $pic_flag"
+ else
+ # Don't build PIC code
+ command="$base_compile $qsrcfile"
+ fi
+
+ if test ! -d "${xdir}$objdir"; then
+ $show "$mkdir ${xdir}$objdir"
+ $run $mkdir ${xdir}$objdir
+ exit_status=$?
+ if test "$exit_status" -ne 0 && test ! -d "${xdir}$objdir"; then
+ exit $exit_status
+ fi
+ fi
+
+ if test -z "$output_obj"; then
+ # Place PIC objects in $objdir
+ command="$command -o $lobj"
+ fi
+
+ $run $rm "$lobj" "$output_obj"
+
+ $show "$command"
+ if $run eval "$command"; then :
+ else
+ test -n "$output_obj" && $run $rm $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ if test "$need_locks" = warn &&
+ test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+ $echo "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $run $rm $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ # Just move the object if needed, then go on to compile the next one
+ if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then
+ $show "$mv $output_obj $lobj"
+ if $run $mv $output_obj $lobj; then :
+ else
+ error=$?
+ $run $rm $removelist
+ exit $error
+ fi
+ fi
+
+ # Append the name of the PIC object to the libtool object file.
+ test -z "$run" && cat >> ${libobj}T <<EOF
+pic_object='$objdir/$objname'
+
+EOF
+
+ # Allow error messages only from the first compilation.
+ if test "$suppress_opt" = yes; then
+ suppress_output=' >/dev/null 2>&1'
+ fi
+ else
+ # No PIC object so indicate it doesn't exist in the libtool
+ # object file.
+ test -z "$run" && cat >> ${libobj}T <<EOF
+pic_object=none
+
+EOF
+ fi
+
+ # Only build a position-dependent object if we build old libraries.
+ if test "$build_old_libs" = yes; then
+ if test "$pic_mode" != yes; then
+ # Don't build PIC code
+ command="$base_compile $qsrcfile"
+ else
+ command="$base_compile $qsrcfile $pic_flag"
+ fi
+ if test "$compiler_c_o" = yes; then
+ command="$command -o $obj"
+ fi
+
+ # Suppress compiler output if we already did a PIC compilation.
+ command="$command$suppress_output"
+ $run $rm "$obj" "$output_obj"
+ $show "$command"
+ if $run eval "$command"; then :
+ else
+ $run $rm $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ if test "$need_locks" = warn &&
+ test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+ $echo "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $run $rm $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ # Just move the object if needed
+ if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then
+ $show "$mv $output_obj $obj"
+ if $run $mv $output_obj $obj; then :
+ else
+ error=$?
+ $run $rm $removelist
+ exit $error
+ fi
+ fi
+
+ # Append the name of the non-PIC object the libtool object file.
+ # Only append if the libtool object file exists.
+ test -z "$run" && cat >> ${libobj}T <<EOF
+# Name of the non-PIC object.
+non_pic_object='$objname'
+
+EOF
+ else
+ # Append the name of the non-PIC object the libtool object file.
+ # Only append if the libtool object file exists.
+ test -z "$run" && cat >> ${libobj}T <<EOF
+# Name of the non-PIC object.
+non_pic_object=none
+
+EOF
+ fi
+
+ $run $mv "${libobj}T" "${libobj}"
+
+ # Unlock the critical section if it was locked
+ if test "$need_locks" != no; then
+ $run $rm "$lockfile"
+ fi
+
+ exit $EXIT_SUCCESS
+ ;;
+
+ # libtool link mode
+ link | relink)
+ modename="$modename: link"
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+ # It is impossible to link a dll without this setting, and
+ # we shouldn't force the makefile maintainer to figure out
+ # which system we are compiling for in order to pass an extra
+ # flag for every libtool invocation.
+ # allow_undefined=no
+
+ # FIXME: Unfortunately, there are problems with the above when trying
+ # to make a dll which has undefined symbols, in which case not
+ # even a static library is built. For now, we need to specify
+ # -no-undefined on the libtool link line when we can be certain
+ # that all symbols are satisfied, otherwise we get a static library.
+ allow_undefined=yes
+ ;;
+ *)
+ allow_undefined=yes
+ ;;
+ esac
+ libtool_args="$nonopt"
+ base_compile="$nonopt $@"
+ compile_command="$nonopt"
+ finalize_command="$nonopt"
+
+ compile_rpath=
+ finalize_rpath=
+ compile_shlibpath=
+ finalize_shlibpath=
+ convenience=
+ old_convenience=
+ deplibs=
+ old_deplibs=
+ compiler_flags=
+ linker_flags=
+ dllsearchpath=
+ lib_search_path=`pwd`
+ inst_prefix_dir=
+
+ avoid_version=no
+ dlfiles=
+ dlprefiles=
+ dlself=no
+ export_dynamic=no
+ export_symbols=
+ export_symbols_regex=
+ generated=
+ libobjs=
+ ltlibs=
+ module=no
+ no_install=no
+ objs=
+ non_pic_objects=
+ notinst_path= # paths that contain not-installed libtool libraries
+ precious_files_regex=
+ prefer_static_libs=no
+ preload=no
+ prev=
+ prevarg=
+ release=
+ rpath=
+ xrpath=
+ perm_rpath=
+ temp_rpath=
+ thread_safe=no
+ vinfo=
+ vinfo_number=no
+
+ func_infer_tag $base_compile
+
+ # We need to know -static, to get the right output filenames.
+ for arg
+ do
+ case $arg in
+ -all-static | -static)
+ if test "X$arg" = "X-all-static"; then
+ if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
+ $echo "$modename: warning: complete static linking is impossible in this configuration" 1>&2
+ fi
+ if test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=yes
+ else
+ if test -z "$pic_flag" && test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=built
+ fi
+ build_libtool_libs=no
+ build_old_libs=yes
+ break
+ ;;
+ esac
+ done
+
+ # See if our shared archives depend on static archives.
+ test -n "$old_archive_from_new_cmds" && build_old_libs=yes
+
+ # Go through the arguments, transforming them on the way.
+ while test "$#" -gt 0; do
+ arg="$1"
+ shift
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ qarg=\"`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`\" ### testsuite: skip nested quoting test
+ ;;
+ *) qarg=$arg ;;
+ esac
+ libtool_args="$libtool_args $qarg"
+
+ # If the previous option needs an argument, assign it.
+ if test -n "$prev"; then
+ case $prev in
+ output)
+ compile_command="$compile_command @OUTPUT@"
+ finalize_command="$finalize_command @OUTPUT@"
+ ;;
+ esac
+
+ case $prev in
+ dlfiles|dlprefiles)
+ if test "$preload" = no; then
+ # Add the symbol object into the linking commands.
+ compile_command="$compile_command @SYMFILE@"
+ finalize_command="$finalize_command @SYMFILE@"
+ preload=yes
+ fi
+ case $arg in
+ *.la | *.lo) ;; # We handle these cases below.
+ force)
+ if test "$dlself" = no; then
+ dlself=needless
+ export_dynamic=yes
+ fi
+ prev=
+ continue
+ ;;
+ self)
+ if test "$prev" = dlprefiles; then
+ dlself=yes
+ elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then
+ dlself=yes
+ else
+ dlself=needless
+ export_dynamic=yes
+ fi
+ prev=
+ continue
+ ;;
+ *)
+ if test "$prev" = dlfiles; then
+ dlfiles="$dlfiles $arg"
+ else
+ dlprefiles="$dlprefiles $arg"
+ fi
+ prev=
+ continue
+ ;;
+ esac
+ ;;
+ expsyms)
+ export_symbols="$arg"
+ if test ! -f "$arg"; then
+ $echo "$modename: symbol file \`$arg' does not exist"
+ exit $EXIT_FAILURE
+ fi
+ prev=
+ continue
+ ;;
+ expsyms_regex)
+ export_symbols_regex="$arg"
+ prev=
+ continue
+ ;;
+ inst_prefix)
+ inst_prefix_dir="$arg"
+ prev=
+ continue
+ ;;
+ precious_regex)
+ precious_files_regex="$arg"
+ prev=
+ continue
+ ;;
+ release)
+ release="-$arg"
+ prev=
+ continue
+ ;;
+ objectlist)
+ if test -f "$arg"; then
+ save_arg=$arg
+ moreargs=
+ for fil in `cat $save_arg`
+ do
+# moreargs="$moreargs $fil"
+ arg=$fil
+ # A libtool-controlled object.
+
+ # Check to see that this really is a libtool object.
+ if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ pic_object=
+ non_pic_object=
+
+ # Read the .lo file
+ # If there is no directory component, then add one.
+ case $arg in
+ */* | *\\*) . $arg ;;
+ *) . ./$arg ;;
+ esac
+
+ if test -z "$pic_object" || \
+ test -z "$non_pic_object" ||
+ test "$pic_object" = none && \
+ test "$non_pic_object" = none; then
+ $echo "$modename: cannot find name of object for \`$arg'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Extract subdirectory from the argument.
+ xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$xdir" = "X$arg"; then
+ xdir=
+ else
+ xdir="$xdir/"
+ fi
+
+ if test "$pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ pic_object="$xdir$pic_object"
+
+ if test "$prev" = dlfiles; then
+ if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ dlfiles="$dlfiles $pic_object"
+ prev=
+ continue
+ else
+ # If libtool objects are unsupported, then we need to preload.
+ prev=dlprefiles
+ fi
+ fi
+
+ # CHECK ME: I think I busted this. -Ossama
+ if test "$prev" = dlprefiles; then
+ # Preload the old-style object.
+ dlprefiles="$dlprefiles $pic_object"
+ prev=
+ fi
+
+ # A PIC object.
+ libobjs="$libobjs $pic_object"
+ arg="$pic_object"
+ fi
+
+ # Non-PIC object.
+ if test "$non_pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ non_pic_object="$xdir$non_pic_object"
+
+ # A standard non-PIC object
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ if test -z "$pic_object" || test "$pic_object" = none ; then
+ arg="$non_pic_object"
+ fi
+ else
+ # If the PIC object exists, use it instead.
+ # $xdir was prepended to $pic_object above.
+ non_pic_object="$pic_object"
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ fi
+ else
+ # Only an error if not doing a dry-run.
+ if test -z "$run"; then
+ $echo "$modename: \`$arg' is not a valid libtool object" 1>&2
+ exit $EXIT_FAILURE
+ else
+ # Dry-run case.
+
+ # Extract subdirectory from the argument.
+ xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$xdir" = "X$arg"; then
+ xdir=
+ else
+ xdir="$xdir/"
+ fi
+
+ pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"`
+ non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"`
+ libobjs="$libobjs $pic_object"
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ fi
+ fi
+ done
+ else
+ $echo "$modename: link input file \`$save_arg' does not exist"
+ exit $EXIT_FAILURE
+ fi
+ arg=$save_arg
+ prev=
+ continue
+ ;;
+ rpath | xrpath)
+ # We need an absolute path.
+ case $arg in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ $echo "$modename: only absolute run-paths are allowed" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+ if test "$prev" = rpath; then
+ case "$rpath " in
+ *" $arg "*) ;;
+ *) rpath="$rpath $arg" ;;
+ esac
+ else
+ case "$xrpath " in
+ *" $arg "*) ;;
+ *) xrpath="$xrpath $arg" ;;
+ esac
+ fi
+ prev=
+ continue
+ ;;
+ xcompiler)
+ compiler_flags="$compiler_flags $qarg"
+ prev=
+ compile_command="$compile_command $qarg"
+ finalize_command="$finalize_command $qarg"
+ continue
+ ;;
+ xlinker)
+ linker_flags="$linker_flags $qarg"
+ compiler_flags="$compiler_flags $wl$qarg"
+ prev=
+ compile_command="$compile_command $wl$qarg"
+ finalize_command="$finalize_command $wl$qarg"
+ continue
+ ;;
+ xcclinker)
+ linker_flags="$linker_flags $qarg"
+ compiler_flags="$compiler_flags $qarg"
+ prev=
+ compile_command="$compile_command $qarg"
+ finalize_command="$finalize_command $qarg"
+ continue
+ ;;
+ shrext)
+ shrext_cmds="$arg"
+ prev=
+ continue
+ ;;
+ darwin_framework|darwin_framework_skip)
+ test "$prev" = "darwin_framework" && compiler_flags="$compiler_flags $arg"
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ prev=
+ continue
+ ;;
+ *)
+ eval "$prev=\"\$arg\""
+ prev=
+ continue
+ ;;
+ esac
+ fi # test -n "$prev"
+
+ prevarg="$arg"
+
+ case $arg in
+ -all-static)
+ if test -n "$link_static_flag"; then
+ compile_command="$compile_command $link_static_flag"
+ finalize_command="$finalize_command $link_static_flag"
+ fi
+ continue
+ ;;
+
+ -allow-undefined)
+ # FIXME: remove this flag sometime in the future.
+ $echo "$modename: \`-allow-undefined' is deprecated because it is the default" 1>&2
+ continue
+ ;;
+
+ -avoid-version)
+ avoid_version=yes
+ continue
+ ;;
+
+ -dlopen)
+ prev=dlfiles
+ continue
+ ;;
+
+ -dlpreopen)
+ prev=dlprefiles
+ continue
+ ;;
+
+ -export-dynamic)
+ export_dynamic=yes
+ continue
+ ;;
+
+ -export-symbols | -export-symbols-regex)
+ if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
+ $echo "$modename: more than one -exported-symbols argument is not allowed"
+ exit $EXIT_FAILURE
+ fi
+ if test "X$arg" = "X-export-symbols"; then
+ prev=expsyms
+ else
+ prev=expsyms_regex
+ fi
+ continue
+ ;;
+
+ -framework|-arch|-isysroot)
+ case " $CC " in
+ *" ${arg} ${1} "* | *" ${arg} ${1} "*)
+ prev=darwin_framework_skip ;;
+ *) compiler_flags="$compiler_flags $arg"
+ prev=darwin_framework ;;
+ esac
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ continue
+ ;;
+
+ -inst-prefix-dir)
+ prev=inst_prefix
+ continue
+ ;;
+
+ # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
+ # so, if we see these flags be careful not to treat them like -L
+ -L[A-Z][A-Z]*:*)
+ case $with_gcc/$host in
+ no/*-*-irix* | /*-*-irix*)
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ ;;
+ esac
+ continue
+ ;;
+
+ -L*)
+ dir=`$echo "X$arg" | $Xsed -e 's/^-L//'`
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ absdir=`cd "$dir" && pwd`
+ if test -z "$absdir"; then
+ $echo "$modename: cannot determine absolute directory name of \`$dir'" 1>&2
+ absdir="$dir"
+ notinst_path="$notinst_path $dir"
+ fi
+ dir="$absdir"
+ ;;
+ esac
+ case "$deplibs " in
+ *" -L$dir "*) ;;
+ *)
+ deplibs="$deplibs -L$dir"
+ lib_search_path="$lib_search_path $dir"
+ ;;
+ esac
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+ testbindir=`$echo "X$dir" | $Xsed -e 's*/lib$*/bin*'`
+ case :$dllsearchpath: in
+ *":$dir:"*) ;;
+ *) dllsearchpath="$dllsearchpath:$dir";;
+ esac
+ case :$dllsearchpath: in
+ *":$testbindir:"*) ;;
+ *) dllsearchpath="$dllsearchpath:$testbindir";;
+ esac
+ ;;
+ esac
+ continue
+ ;;
+
+ -l*)
+ if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos*)
+ # These systems don't actually have a C or math library (as such)
+ continue
+ ;;
+ *-*-os2*)
+ # These systems don't actually have a C library (as such)
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc due to us having libc/libc_r.
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # Rhapsody C and math libraries are in the System framework
+ deplibs="$deplibs -framework System"
+ continue
+ ;;
+ *-*-sco3.2v5* | *-*-sco5v6*)
+ # Causes problems with __ctype
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+ # Compiler inserts libc in the correct place for threads to work
+ test "X$arg" = "X-lc" && continue
+ ;;
+ esac
+ elif test "X$arg" = "X-lc_r"; then
+ case $host in
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc_r directly, use -pthread flag.
+ continue
+ ;;
+ esac
+ fi
+ deplibs="$deplibs $arg"
+ continue
+ ;;
+
+ # Tru64 UNIX uses -model [arg] to determine the layout of C++
+ # classes, name mangling, and exception handling.
+ -model)
+ compile_command="$compile_command $arg"
+ compiler_flags="$compiler_flags $arg"
+ finalize_command="$finalize_command $arg"
+ prev=xcompiler
+ continue
+ ;;
+
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe)
+ compiler_flags="$compiler_flags $arg"
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ deplibs="$deplibs $arg"
+ continue
+ ;;
+
+ -module)
+ module=yes
+ continue
+ ;;
+
+ # -64, -mips[0-9] enable 64-bit mode on the SGI compiler
+ # -r[0-9][0-9]* specifies the processor on the SGI compiler
+ # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler
+ # +DA*, +DD* enable 64-bit mode on the HP compiler
+ # -q* pass through compiler args for the IBM compiler
+ # -m* pass through architecture-specific compiler args for GCC
+ # -m*, -t[45]*, -txscale* pass through architecture-specific
+ # compiler args for GCC
+ # -pg pass through profiling flag for GCC
+ # @file GCC response files
+ -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*|-pg| \
+ -t[45]*|-txscale*|@*)
+
+ # Unknown arguments in both finalize_command and compile_command need
+ # to be aesthetically quoted because they are evaled later.
+ arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ compiler_flags="$compiler_flags $arg"
+ continue
+ ;;
+
+ -shrext)
+ prev=shrext
+ continue
+ ;;
+
+ -no-fast-install)
+ fast_install=no
+ continue
+ ;;
+
+ -no-install)
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+ # The PATH hackery in wrapper scripts is required on Windows
+ # in order for the loader to find any dlls it needs.
+ $echo "$modename: warning: \`-no-install' is ignored for $host" 1>&2
+ $echo "$modename: warning: assuming \`-no-fast-install' instead" 1>&2
+ fast_install=no
+ ;;
+ *) no_install=yes ;;
+ esac
+ continue
+ ;;
+
+ -no-undefined)
+ allow_undefined=no
+ continue
+ ;;
+
+ -objectlist)
+ prev=objectlist
+ continue
+ ;;
+
+ -o) prev=output ;;
+
+ -precious-files-regex)
+ prev=precious_regex
+ continue
+ ;;
+
+ -release)
+ prev=release
+ continue
+ ;;
+
+ -rpath)
+ prev=rpath
+ continue
+ ;;
+
+ -R)
+ prev=xrpath
+ continue
+ ;;
+
+ -R*)
+ dir=`$echo "X$arg" | $Xsed -e 's/^-R//'`
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ $echo "$modename: only absolute run-paths are allowed" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+ case "$xrpath " in
+ *" $dir "*) ;;
+ *) xrpath="$xrpath $dir" ;;
+ esac
+ continue
+ ;;
+
+ -static)
+ # The effects of -static are defined in a previous loop.
+ # We used to do the same as -all-static on platforms that
+ # didn't have a PIC flag, but the assumption that the effects
+ # would be equivalent was wrong. It would break on at least
+ # Digital Unix and AIX.
+ continue
+ ;;
+
+ -thread-safe)
+ thread_safe=yes
+ continue
+ ;;
+
+ -version-info)
+ prev=vinfo
+ continue
+ ;;
+ -version-number)
+ prev=vinfo
+ vinfo_number=yes
+ continue
+ ;;
+
+ -Wc,*)
+ args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wc,//'`
+ arg=
+ save_ifs="$IFS"; IFS=','
+ for flag in $args; do
+ IFS="$save_ifs"
+ case $flag in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ flag="\"$flag\""
+ ;;
+ esac
+ arg="$arg $wl$flag"
+ compiler_flags="$compiler_flags $flag"
+ done
+ IFS="$save_ifs"
+ arg=`$echo "X$arg" | $Xsed -e "s/^ //"`
+ ;;
+
+ -Wl,*)
+ args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wl,//'`
+ arg=
+ save_ifs="$IFS"; IFS=','
+ for flag in $args; do
+ IFS="$save_ifs"
+ case $flag in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ flag="\"$flag\""
+ ;;
+ esac
+ arg="$arg $wl$flag"
+ compiler_flags="$compiler_flags $wl$flag"
+ linker_flags="$linker_flags $flag"
+ done
+ IFS="$save_ifs"
+ arg=`$echo "X$arg" | $Xsed -e "s/^ //"`
+ ;;
+
+ -Xcompiler)
+ prev=xcompiler
+ continue
+ ;;
+
+ -Xlinker)
+ prev=xlinker
+ continue
+ ;;
+
+ -XCClinker)
+ prev=xcclinker
+ continue
+ ;;
+
+ # Some other compiler flag.
+ -* | +*)
+ # Unknown arguments in both finalize_command and compile_command need
+ # to be aesthetically quoted because they are evaled later.
+ arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ ;;
+
+ *.$objext)
+ # A standard object.
+ objs="$objs $arg"
+ ;;
+
+ *.lo)
+ # A libtool-controlled object.
+
+ # Check to see that this really is a libtool object.
+ if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ pic_object=
+ non_pic_object=
+
+ # Read the .lo file
+ # If there is no directory component, then add one.
+ case $arg in
+ */* | *\\*) . $arg ;;
+ *) . ./$arg ;;
+ esac
+
+ if test -z "$pic_object" || \
+ test -z "$non_pic_object" ||
+ test "$pic_object" = none && \
+ test "$non_pic_object" = none; then
+ $echo "$modename: cannot find name of object for \`$arg'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Extract subdirectory from the argument.
+ xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$xdir" = "X$arg"; then
+ xdir=
+ else
+ xdir="$xdir/"
+ fi
+
+ if test "$pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ pic_object="$xdir$pic_object"
+
+ if test "$prev" = dlfiles; then
+ if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ dlfiles="$dlfiles $pic_object"
+ prev=
+ continue
+ else
+ # If libtool objects are unsupported, then we need to preload.
+ prev=dlprefiles
+ fi
+ fi
+
+ # CHECK ME: I think I busted this. -Ossama
+ if test "$prev" = dlprefiles; then
+ # Preload the old-style object.
+ dlprefiles="$dlprefiles $pic_object"
+ prev=
+ fi
+
+ # A PIC object.
+ libobjs="$libobjs $pic_object"
+ arg="$pic_object"
+ fi
+
+ # Non-PIC object.
+ if test "$non_pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ non_pic_object="$xdir$non_pic_object"
+
+ # A standard non-PIC object
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ if test -z "$pic_object" || test "$pic_object" = none ; then
+ arg="$non_pic_object"
+ fi
+ else
+ # If the PIC object exists, use it instead.
+ # $xdir was prepended to $pic_object above.
+ non_pic_object="$pic_object"
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ fi
+ else
+ # Only an error if not doing a dry-run.
+ if test -z "$run"; then
+ $echo "$modename: \`$arg' is not a valid libtool object" 1>&2
+ exit $EXIT_FAILURE
+ else
+ # Dry-run case.
+
+ # Extract subdirectory from the argument.
+ xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$xdir" = "X$arg"; then
+ xdir=
+ else
+ xdir="$xdir/"
+ fi
+
+ pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"`
+ non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"`
+ libobjs="$libobjs $pic_object"
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ fi
+ fi
+ ;;
+
+ *.$libext)
+ # An archive.
+ deplibs="$deplibs $arg"
+ old_deplibs="$old_deplibs $arg"
+ continue
+ ;;
+
+ *.la)
+ # A libtool-controlled library.
+
+ if test "$prev" = dlfiles; then
+ # This library was specified with -dlopen.
+ dlfiles="$dlfiles $arg"
+ prev=
+ elif test "$prev" = dlprefiles; then
+ # The library was specified with -dlpreopen.
+ dlprefiles="$dlprefiles $arg"
+ prev=
+ else
+ deplibs="$deplibs $arg"
+ fi
+ continue
+ ;;
+
+ # Some other compiler argument.
+ *)
+ # Unknown arguments in both finalize_command and compile_command need
+ # to be aesthetically quoted because they are evaled later.
+ arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ ;;
+ esac # arg
+
+ # Now actually substitute the argument into the commands.
+ if test -n "$arg"; then
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ fi
+ done # argument parsing loop
+
+ if test -n "$prev"; then
+ $echo "$modename: the \`$prevarg' option requires an argument" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then
+ eval arg=\"$export_dynamic_flag_spec\"
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ fi
+
+ oldlibs=
+ # calculate the name of the file, without its directory
+ outputname=`$echo "X$output" | $Xsed -e 's%^.*/%%'`
+ libobjs_save="$libobjs"
+
+ if test -n "$shlibpath_var"; then
+ # get the directories listed in $shlibpath_var
+ eval shlib_search_path=\`\$echo \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\`
+ else
+ shlib_search_path=
+ fi
+ eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
+ eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
+
+ output_objdir=`$echo "X$output" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$output_objdir" = "X$output"; then
+ output_objdir="$objdir"
+ else
+ output_objdir="$output_objdir/$objdir"
+ fi
+ # Create the object directory.
+ if test ! -d "$output_objdir"; then
+ $show "$mkdir $output_objdir"
+ $run $mkdir $output_objdir
+ exit_status=$?
+ if test "$exit_status" -ne 0 && test ! -d "$output_objdir"; then
+ exit $exit_status
+ fi
+ fi
+
+ # Determine the type of output
+ case $output in
+ "")
+ $echo "$modename: you must specify an output file" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ *.$libext) linkmode=oldlib ;;
+ *.lo | *.$objext) linkmode=obj ;;
+ *.la) linkmode=lib ;;
+ *) linkmode=prog ;; # Anything else should be a program.
+ esac
+
+ case $host in
+ *cygwin* | *mingw* | *pw32*)
+ # don't eliminate duplications in $postdeps and $predeps
+ duplicate_compiler_generated_deps=yes
+ ;;
+ *)
+ duplicate_compiler_generated_deps=$duplicate_deps
+ ;;
+ esac
+ specialdeplibs=
+
+ libs=
+ # Find all interdependent deplibs by searching for libraries
+ # that are linked more than once (e.g. -la -lb -la)
+ for deplib in $deplibs; do
+ if test "X$duplicate_deps" = "Xyes" ; then
+ case "$libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ libs="$libs $deplib"
+ done
+
+ if test "$linkmode" = lib; then
+ libs="$predeps $libs $compiler_lib_search_path $postdeps"
+
+ # Compute libraries that are listed more than once in $predeps
+ # $postdeps and mark them as special (i.e., whose duplicates are
+ # not to be eliminated).
+ pre_post_deps=
+ if test "X$duplicate_compiler_generated_deps" = "Xyes" ; then
+ for pre_post_dep in $predeps $postdeps; do
+ case "$pre_post_deps " in
+ *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;;
+ esac
+ pre_post_deps="$pre_post_deps $pre_post_dep"
+ done
+ fi
+ pre_post_deps=
+ fi
+
+ deplibs=
+ newdependency_libs=
+ newlib_search_path=
+ need_relink=no # whether we're linking any uninstalled libtool libraries
+ notinst_deplibs= # not-installed libtool libraries
+ case $linkmode in
+ lib)
+ passes="conv link"
+ for file in $dlfiles $dlprefiles; do
+ case $file in
+ *.la) ;;
+ *)
+ $echo "$modename: libraries can \`-dlopen' only libtool libraries: $file" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+ done
+ ;;
+ prog)
+ compile_deplibs=
+ finalize_deplibs=
+ alldeplibs=no
+ newdlfiles=
+ newdlprefiles=
+ passes="conv scan dlopen dlpreopen link"
+ ;;
+ *) passes="conv"
+ ;;
+ esac
+ for pass in $passes; do
+ if test "$linkmode,$pass" = "lib,link" ||
+ test "$linkmode,$pass" = "prog,scan"; then
+ libs="$deplibs"
+ deplibs=
+ fi
+ if test "$linkmode" = prog; then
+ case $pass in
+ dlopen) libs="$dlfiles" ;;
+ dlpreopen) libs="$dlprefiles" ;;
+ link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
+ esac
+ fi
+ if test "$pass" = dlopen; then
+ # Collect dlpreopened libraries
+ save_deplibs="$deplibs"
+ deplibs=
+ fi
+ for deplib in $libs; do
+ lib=
+ found=no
+ case $deplib in
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe)
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ compiler_flags="$compiler_flags $deplib"
+ fi
+
+ case $linkmode in
+ lib)
+ deplibs="$deplib $deplibs"
+ test "$pass" = conv && continue
+ newdependency_libs="$deplib $newdependency_libs"
+ ;;
+ prog)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ continue
+ fi
+ if test "$pass" = scan; then
+ deplibs="$deplib $deplibs"
+ else
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ fi
+ ;;
+ *)
+ ;;
+ esac # linkmode
+
+ continue
+ ;;
+ -l*)
+ if test "$linkmode" != lib && test "$linkmode" != prog; then
+ $echo "$modename: warning: \`-l' is ignored for archives/objects" 1>&2
+ continue
+ fi
+ name=`$echo "X$deplib" | $Xsed -e 's/^-l//'`
+ for searchdir in $newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path; do
+ for search_ext in .la $std_shrext .so .a; do
+ # Search the libtool library
+ lib="$searchdir/lib${name}${search_ext}"
+ if test -f "$lib"; then
+ if test "$search_ext" = ".la"; then
+ found=yes
+ else
+ found=no
+ fi
+ break 2
+ fi
+ done
+ done
+ if test "$found" != yes; then
+ # deplib doesn't seem to be a libtool library
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+ fi
+ continue
+ else # deplib is a libtool library
+ # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib,
+ # We need to do some special things here, and not later.
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $deplib "*)
+ if (${SED} -e '2q' $lib |
+ grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ library_names=
+ old_library=
+ case $lib in
+ */* | *\\*) . $lib ;;
+ *) . ./$lib ;;
+ esac
+ for l in $old_library $library_names; do
+ ll="$l"
+ done
+ if test "X$ll" = "X$old_library" ; then # only static version available
+ found=no
+ ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$ladir" = "X$lib" && ladir="."
+ lib=$ladir/$old_library
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+ fi
+ continue
+ fi
+ fi
+ ;;
+ *) ;;
+ esac
+ fi
+ fi
+ ;; # -l
+ -L*)
+ case $linkmode in
+ lib)
+ deplibs="$deplib $deplibs"
+ test "$pass" = conv && continue
+ newdependency_libs="$deplib $newdependency_libs"
+ newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
+ ;;
+ prog)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ continue
+ fi
+ if test "$pass" = scan; then
+ deplibs="$deplib $deplibs"
+ else
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ fi
+ newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
+ ;;
+ *)
+ $echo "$modename: warning: \`-L' is ignored for archives/objects" 1>&2
+ ;;
+ esac # linkmode
+ continue
+ ;; # -L
+ -R*)
+ if test "$pass" = link; then
+ dir=`$echo "X$deplib" | $Xsed -e 's/^-R//'`
+ # Make sure the xrpath contains only unique directories.
+ case "$xrpath " in
+ *" $dir "*) ;;
+ *) xrpath="$xrpath $dir" ;;
+ esac
+ fi
+ deplibs="$deplib $deplibs"
+ continue
+ ;;
+ *.la) lib="$deplib" ;;
+ *.$libext)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ continue
+ fi
+ case $linkmode in
+ lib)
+ valid_a_lib=no
+ case $deplibs_check_method in
+ match_pattern*)
+ set dummy $deplibs_check_method
+ match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
+ if eval $echo \"$deplib\" 2>/dev/null \
+ | $SED 10q \
+ | $EGREP "$match_pattern_regex" > /dev/null; then
+ valid_a_lib=yes
+ fi
+ ;;
+ pass_all)
+ valid_a_lib=yes
+ ;;
+ esac
+ if test "$valid_a_lib" != yes; then
+ $echo
+ $echo "*** Warning: Trying to link with static lib archive $deplib."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which you do not appear to have"
+ $echo "*** because the file extensions .$libext of this argument makes me believe"
+ $echo "*** that it is just a static archive that I should not used here."
+ else
+ $echo
+ $echo "*** Warning: Linking the shared library $output against the"
+ $echo "*** static library $deplib is not portable!"
+ deplibs="$deplib $deplibs"
+ fi
+ continue
+ ;;
+ prog)
+ if test "$pass" != link; then
+ deplibs="$deplib $deplibs"
+ else
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ fi
+ continue
+ ;;
+ esac # linkmode
+ ;; # *.$libext
+ *.lo | *.$objext)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ elif test "$linkmode" = prog; then
+ if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
+ # If there is no dlopen support or we're linking statically,
+ # we need to preload.
+ newdlprefiles="$newdlprefiles $deplib"
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ newdlfiles="$newdlfiles $deplib"
+ fi
+ fi
+ continue
+ ;;
+ %DEPLIBS%)
+ alldeplibs=yes
+ continue
+ ;;
+ esac # case $deplib
+ if test "$found" = yes || test -f "$lib"; then :
+ else
+ $echo "$modename: cannot find the library \`$lib' or unhandled argument \`$deplib'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Check to see that this really is a libtool archive.
+ if (${SED} -e '2q' $lib | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
+ else
+ $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$ladir" = "X$lib" && ladir="."
+
+ dlname=
+ dlopen=
+ dlpreopen=
+ libdir=
+ library_names=
+ old_library=
+ # If the library was installed with an old release of libtool,
+ # it will not redefine variables installed, or shouldnotlink
+ installed=yes
+ shouldnotlink=no
+ avoidtemprpath=
+
+
+ # Read the .la file
+ case $lib in
+ */* | *\\*) . $lib ;;
+ *) . ./$lib ;;
+ esac
+
+ if test "$linkmode,$pass" = "lib,link" ||
+ test "$linkmode,$pass" = "prog,scan" ||
+ { test "$linkmode" != prog && test "$linkmode" != lib; }; then
+ test -n "$dlopen" && dlfiles="$dlfiles $dlopen"
+ test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen"
+ fi
+
+ if test "$pass" = conv; then
+ # Only check for convenience libraries
+ deplibs="$lib $deplibs"
+ if test -z "$libdir"; then
+ if test -z "$old_library"; then
+ $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ # It is a libtool convenience library, so add in its objects.
+ convenience="$convenience $ladir/$objdir/$old_library"
+ old_convenience="$old_convenience $ladir/$objdir/$old_library"
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ deplibs="$deplib $deplibs"
+ if test "X$duplicate_deps" = "Xyes" ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done
+ elif test "$linkmode" != prog && test "$linkmode" != lib; then
+ $echo "$modename: \`$lib' is not a convenience library" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ continue
+ fi # $pass = conv
+
+
+ # Get the name of the library we link against.
+ linklib=
+ for l in $old_library $library_names; do
+ linklib="$l"
+ done
+ if test -z "$linklib"; then
+ $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # This library was specified with -dlopen.
+ if test "$pass" = dlopen; then
+ if test -z "$libdir"; then
+ $echo "$modename: cannot -dlopen a convenience library: \`$lib'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ if test -z "$dlname" ||
+ test "$dlopen_support" != yes ||
+ test "$build_libtool_libs" = no; then
+ # If there is no dlname, no dlopen support or we're linking
+ # statically, we need to preload. We also need to preload any
+ # dependent libraries so libltdl's deplib preloader doesn't
+ # bomb out in the load deplibs phase.
+ dlprefiles="$dlprefiles $lib $dependency_libs"
+ else
+ newdlfiles="$newdlfiles $lib"
+ fi
+ continue
+ fi # $pass = dlopen
+
+ # We need an absolute path.
+ case $ladir in
+ [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;;
+ *)
+ abs_ladir=`cd "$ladir" && pwd`
+ if test -z "$abs_ladir"; then
+ $echo "$modename: warning: cannot determine absolute directory name of \`$ladir'" 1>&2
+ $echo "$modename: passing it literally to the linker, although it might fail" 1>&2
+ abs_ladir="$ladir"
+ fi
+ ;;
+ esac
+ laname=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
+
+ # Find the relevant object directory and library name.
+ if test "X$installed" = Xyes; then
+ if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+ $echo "$modename: warning: library \`$lib' was moved." 1>&2
+ dir="$ladir"
+ absdir="$abs_ladir"
+ libdir="$abs_ladir"
+ else
+ dir="$libdir"
+ absdir="$libdir"
+ fi
+ test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes
+ else
+ if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+ dir="$ladir"
+ absdir="$abs_ladir"
+ # Remove this search path later
+ notinst_path="$notinst_path $abs_ladir"
+ else
+ dir="$ladir/$objdir"
+ absdir="$abs_ladir/$objdir"
+ # Remove this search path later
+ notinst_path="$notinst_path $abs_ladir"
+ fi
+ fi # $installed = yes
+ name=`$echo "X$laname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
+
+ # This library was specified with -dlpreopen.
+ if test "$pass" = dlpreopen; then
+ if test -z "$libdir"; then
+ $echo "$modename: cannot -dlpreopen a convenience library: \`$lib'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ # Prefer using a static library (so that no silly _DYNAMIC symbols
+ # are required to link).
+ if test -n "$old_library"; then
+ newdlprefiles="$newdlprefiles $dir/$old_library"
+ # Otherwise, use the dlname, so that lt_dlopen finds it.
+ elif test -n "$dlname"; then
+ newdlprefiles="$newdlprefiles $dir/$dlname"
+ else
+ newdlprefiles="$newdlprefiles $dir/$linklib"
+ fi
+ fi # $pass = dlpreopen
+
+ if test -z "$libdir"; then
+ # Link the convenience library
+ if test "$linkmode" = lib; then
+ deplibs="$dir/$old_library $deplibs"
+ elif test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$dir/$old_library $compile_deplibs"
+ finalize_deplibs="$dir/$old_library $finalize_deplibs"
+ else
+ deplibs="$lib $deplibs" # used for prog,scan pass
+ fi
+ continue
+ fi
+
+
+ if test "$linkmode" = prog && test "$pass" != link; then
+ newlib_search_path="$newlib_search_path $ladir"
+ deplibs="$lib $deplibs"
+
+ linkalldeplibs=no
+ if test "$link_all_deplibs" != no || test -z "$library_names" ||
+ test "$build_libtool_libs" = no; then
+ linkalldeplibs=yes
+ fi
+
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ case $deplib in
+ -L*) newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`;; ### testsuite: skip nested quoting test
+ esac
+ # Need to link against all dependency_libs?
+ if test "$linkalldeplibs" = yes; then
+ deplibs="$deplib $deplibs"
+ else
+ # Need to hardcode shared library paths
+ # or/and link against static libraries
+ newdependency_libs="$deplib $newdependency_libs"
+ fi
+ if test "X$duplicate_deps" = "Xyes" ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done # for deplib
+ continue
+ fi # $linkmode = prog...
+
+ if test "$linkmode,$pass" = "prog,link"; then
+ if test -n "$library_names" &&
+ { test "$prefer_static_libs" = no || test -z "$old_library"; }; then
+ # We need to hardcode the library path
+ if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then
+ # Make sure the rpath contains only unique directories.
+ case "$temp_rpath " in
+ *" $dir "*) ;;
+ *" $absdir "*) ;;
+ *) temp_rpath="$temp_rpath $absdir" ;;
+ esac
+ fi
+
+ # Hardcode the library path.
+ # Skip directories that are in the system default run-time
+ # search path.
+ case " $sys_lib_dlsearch_path " in
+ *" $absdir "*) ;;
+ *)
+ case "$compile_rpath " in
+ *" $absdir "*) ;;
+ *) compile_rpath="$compile_rpath $absdir"
+ esac
+ ;;
+ esac
+ case " $sys_lib_dlsearch_path " in
+ *" $libdir "*) ;;
+ *)
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir"
+ esac
+ ;;
+ esac
+ fi # $linkmode,$pass = prog,link...
+
+ if test "$alldeplibs" = yes &&
+ { test "$deplibs_check_method" = pass_all ||
+ { test "$build_libtool_libs" = yes &&
+ test -n "$library_names"; }; }; then
+ # We only need to search for static libraries
+ continue
+ fi
+ fi
+
+ link_static=no # Whether the deplib will be linked statically
+ use_static_libs=$prefer_static_libs
+ if test "$use_static_libs" = built && test "$installed" = yes ; then
+ use_static_libs=no
+ fi
+ if test -n "$library_names" &&
+ { test "$use_static_libs" = no || test -z "$old_library"; }; then
+ if test "$installed" = no; then
+ notinst_deplibs="$notinst_deplibs $lib"
+ need_relink=yes
+ fi
+ # This is a shared library
+
+ # Warn about portability, can't link against -module's on
+ # some systems (darwin)
+ if test "$shouldnotlink" = yes && test "$pass" = link ; then
+ $echo
+ if test "$linkmode" = prog; then
+ $echo "*** Warning: Linking the executable $output against the loadable module"
+ else
+ $echo "*** Warning: Linking the shared library $output against the loadable module"
+ fi
+ $echo "*** $linklib is not portable!"
+ fi
+ if test "$linkmode" = lib &&
+ test "$hardcode_into_libs" = yes; then
+ # Hardcode the library path.
+ # Skip directories that are in the system default run-time
+ # search path.
+ case " $sys_lib_dlsearch_path " in
+ *" $absdir "*) ;;
+ *)
+ case "$compile_rpath " in
+ *" $absdir "*) ;;
+ *) compile_rpath="$compile_rpath $absdir"
+ esac
+ ;;
+ esac
+ case " $sys_lib_dlsearch_path " in
+ *" $libdir "*) ;;
+ *)
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir"
+ esac
+ ;;
+ esac
+ fi
+
+ if test -n "$old_archive_from_expsyms_cmds"; then
+ # figure out the soname
+ set dummy $library_names
+ realname="$2"
+ shift; shift
+ libname=`eval \\$echo \"$libname_spec\"`
+ # use dlname if we got it. it's perfectly good, no?
+ if test -n "$dlname"; then
+ soname="$dlname"
+ elif test -n "$soname_spec"; then
+ # bleh windows
+ case $host in
+ *cygwin* | mingw*)
+ major=`expr $current - $age`
+ versuffix="-$major"
+ ;;
+ esac
+ eval soname=\"$soname_spec\"
+ else
+ soname="$realname"
+ fi
+
+ # Make a new name for the extract_expsyms_cmds to use
+ soroot="$soname"
+ soname=`$echo $soroot | ${SED} -e 's/^.*\///'`
+ newlib="libimp-`$echo $soname | ${SED} 's/^lib//;s/\.dll$//'`.a"
+
+ # If the library has no export list, then create one now
+ if test -f "$output_objdir/$soname-def"; then :
+ else
+ $show "extracting exported symbol list from \`$soname'"
+ save_ifs="$IFS"; IFS='~'
+ cmds=$extract_expsyms_cmds
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ fi
+
+ # Create $newlib
+ if test -f "$output_objdir/$newlib"; then :; else
+ $show "generating import library for \`$soname'"
+ save_ifs="$IFS"; IFS='~'
+ cmds=$old_archive_from_expsyms_cmds
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ fi
+ # make sure the library variables are pointing to the new library
+ dir=$output_objdir
+ linklib=$newlib
+ fi # test -n "$old_archive_from_expsyms_cmds"
+
+ if test "$linkmode" = prog || test "$mode" != relink; then
+ add_shlibpath=
+ add_dir=
+ add=
+ lib_linked=yes
+ case $hardcode_action in
+ immediate | unsupported)
+ if test "$hardcode_direct" = no; then
+ add="$dir/$linklib"
+ case $host in
+ *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;;
+ *-*-sysv4*uw2*) add_dir="-L$dir" ;;
+ *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \
+ *-*-unixware7*) add_dir="-L$dir" ;;
+ *-*-darwin* )
+ # if the lib is a module then we can not link against
+ # it, someone is ignoring the new warnings I added
+ if /usr/bin/file -L $add 2> /dev/null |
+ $EGREP ": [^:]* bundle" >/dev/null ; then
+ $echo "** Warning, lib $linklib is a module, not a shared library"
+ if test -z "$old_library" ; then
+ $echo
+ $echo "** And there doesn't seem to be a static archive available"
+ $echo "** The link will probably fail, sorry"
+ else
+ add="$dir/$old_library"
+ fi
+ fi
+ esac
+ elif test "$hardcode_minus_L" = no; then
+ case $host in
+ *-*-sunos*) add_shlibpath="$dir" ;;
+ esac
+ add_dir="-L$dir"
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = no; then
+ add_shlibpath="$dir"
+ add="-l$name"
+ else
+ lib_linked=no
+ fi
+ ;;
+ relink)
+ if test "$hardcode_direct" = yes; then
+ add="$dir/$linklib"
+ elif test "$hardcode_minus_L" = yes; then
+ add_dir="-L$dir"
+ # Try looking first in the location we're being installed to.
+ if test -n "$inst_prefix_dir"; then
+ case $libdir in
+ [\\/]*)
+ add_dir="$add_dir -L$inst_prefix_dir$libdir"
+ ;;
+ esac
+ fi
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = yes; then
+ add_shlibpath="$dir"
+ add="-l$name"
+ else
+ lib_linked=no
+ fi
+ ;;
+ *) lib_linked=no ;;
+ esac
+
+ if test "$lib_linked" != yes; then
+ $echo "$modename: configuration error: unsupported hardcode properties"
+ exit $EXIT_FAILURE
+ fi
+
+ if test -n "$add_shlibpath"; then
+ case :$compile_shlibpath: in
+ *":$add_shlibpath:"*) ;;
+ *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;;
+ esac
+ fi
+ if test "$linkmode" = prog; then
+ test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
+ test -n "$add" && compile_deplibs="$add $compile_deplibs"
+ else
+ test -n "$add_dir" && deplibs="$add_dir $deplibs"
+ test -n "$add" && deplibs="$add $deplibs"
+ if test "$hardcode_direct" != yes && \
+ test "$hardcode_minus_L" != yes && \
+ test "$hardcode_shlibpath_var" = yes; then
+ case :$finalize_shlibpath: in
+ *":$libdir:"*) ;;
+ *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+ esac
+ fi
+ fi
+ fi
+
+ if test "$linkmode" = prog || test "$mode" = relink; then
+ add_shlibpath=
+ add_dir=
+ add=
+ # Finalize command for both is simple: just hardcode it.
+ if test "$hardcode_direct" = yes; then
+ add="$libdir/$linklib"
+ elif test "$hardcode_minus_L" = yes; then
+ add_dir="-L$libdir"
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = yes; then
+ case :$finalize_shlibpath: in
+ *":$libdir:"*) ;;
+ *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+ esac
+ add="-l$name"
+ elif test "$hardcode_automatic" = yes; then
+ if test -n "$inst_prefix_dir" &&
+ test -f "$inst_prefix_dir$libdir/$linklib" ; then
+ add="$inst_prefix_dir$libdir/$linklib"
+ else
+ add="$libdir/$linklib"
+ fi
+ else
+ # We cannot seem to hardcode it, guess we'll fake it.
+ add_dir="-L$libdir"
+ # Try looking first in the location we're being installed to.
+ if test -n "$inst_prefix_dir"; then
+ case $libdir in
+ [\\/]*)
+ add_dir="$add_dir -L$inst_prefix_dir$libdir"
+ ;;
+ esac
+ fi
+ add="-l$name"
+ fi
+
+ if test "$linkmode" = prog; then
+ test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
+ test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
+ else
+ test -n "$add_dir" && deplibs="$add_dir $deplibs"
+ test -n "$add" && deplibs="$add $deplibs"
+ fi
+ fi
+ elif test "$linkmode" = prog; then
+ # Here we assume that one of hardcode_direct or hardcode_minus_L
+ # is not unsupported. This is valid on all known static and
+ # shared platforms.
+ if test "$hardcode_direct" != unsupported; then
+ test -n "$old_library" && linklib="$old_library"
+ compile_deplibs="$dir/$linklib $compile_deplibs"
+ finalize_deplibs="$dir/$linklib $finalize_deplibs"
+ else
+ compile_deplibs="-l$name -L$dir $compile_deplibs"
+ finalize_deplibs="-l$name -L$dir $finalize_deplibs"
+ fi
+ elif test "$build_libtool_libs" = yes; then
+ # Not a shared library
+ if test "$deplibs_check_method" != pass_all; then
+ # We're trying link a shared library against a static one
+ # but the system doesn't support it.
+
+ # Just print a warning and add the library to dependency_libs so
+ # that the program can be linked against the static library.
+ $echo
+ $echo "*** Warning: This system can not link to static lib archive $lib."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which you do not appear to have."
+ if test "$module" = yes; then
+ $echo "*** But as you try to build a module library, libtool will still create "
+ $echo "*** a static module, that should work as long as the dlopening application"
+ $echo "*** is linked with the -dlopen flag to resolve symbols at runtime."
+ if test -z "$global_symbol_pipe"; then
+ $echo
+ $echo "*** However, this would only work if libtool was able to extract symbol"
+ $echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ $echo "*** not find such a program. So, this module is probably useless."
+ $echo "*** \`nm' from GNU binutils and a full rebuild may help."
+ fi
+ if test "$build_old_libs" = no; then
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ fi
+ else
+ deplibs="$dir/$old_library $deplibs"
+ link_static=yes
+ fi
+ fi # link shared/static library?
+
+ if test "$linkmode" = lib; then
+ if test -n "$dependency_libs" &&
+ { test "$hardcode_into_libs" != yes ||
+ test "$build_old_libs" = yes ||
+ test "$link_static" = yes; }; then
+ # Extract -R from dependency_libs
+ temp_deplibs=
+ for libdir in $dependency_libs; do
+ case $libdir in
+ -R*) temp_xrpath=`$echo "X$libdir" | $Xsed -e 's/^-R//'`
+ case " $xrpath " in
+ *" $temp_xrpath "*) ;;
+ *) xrpath="$xrpath $temp_xrpath";;
+ esac;;
+ *) temp_deplibs="$temp_deplibs $libdir";;
+ esac
+ done
+ dependency_libs="$temp_deplibs"
+ fi
+
+ newlib_search_path="$newlib_search_path $absdir"
+ # Link against this library
+ test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
+ # ... and its dependency_libs
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ newdependency_libs="$deplib $newdependency_libs"
+ if test "X$duplicate_deps" = "Xyes" ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done
+
+ if test "$link_all_deplibs" != no; then
+ # Add the search paths of all dependency libraries
+ for deplib in $dependency_libs; do
+ case $deplib in
+ -L*) path="$deplib" ;;
+ *.la)
+ dir=`$echo "X$deplib" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$dir" = "X$deplib" && dir="."
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;;
+ *)
+ absdir=`cd "$dir" && pwd`
+ if test -z "$absdir"; then
+ $echo "$modename: warning: cannot determine absolute directory name of \`$dir'" 1>&2
+ absdir="$dir"
+ fi
+ ;;
+ esac
+ if grep "^installed=no" $deplib > /dev/null; then
+ path="$absdir/$objdir"
+ else
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ if test -z "$libdir"; then
+ $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ if test "$absdir" != "$libdir"; then
+ $echo "$modename: warning: \`$deplib' seems to be moved" 1>&2
+ fi
+ path="$absdir"
+ fi
+ depdepl=
+ case $host in
+ *-*-darwin*)
+ # we do not want to link against static libs,
+ # but need to link against shared
+ eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
+ if test -n "$deplibrary_names" ; then
+ for tmp in $deplibrary_names ; do
+ depdepl=$tmp
+ done
+ if test -f "$path/$depdepl" ; then
+ depdepl="$path/$depdepl"
+ fi
+ # do not add paths which are already there
+ case " $newlib_search_path " in
+ *" $path "*) ;;
+ *) newlib_search_path="$newlib_search_path $path";;
+ esac
+ fi
+ path=""
+ ;;
+ *)
+ path="-L$path"
+ ;;
+ esac
+ ;;
+ -l*)
+ case $host in
+ *-*-darwin*)
+ # Again, we only want to link against shared libraries
+ eval tmp_libs=`$echo "X$deplib" | $Xsed -e "s,^\-l,,"`
+ for tmp in $newlib_search_path ; do
+ if test -f "$tmp/lib$tmp_libs.dylib" ; then
+ eval depdepl="$tmp/lib$tmp_libs.dylib"
+ break
+ fi
+ done
+ path=""
+ ;;
+ *) continue ;;
+ esac
+ ;;
+ *) continue ;;
+ esac
+ case " $deplibs " in
+ *" $path "*) ;;
+ *) deplibs="$path $deplibs" ;;
+ esac
+ case " $deplibs " in
+ *" $depdepl "*) ;;
+ *) deplibs="$depdepl $deplibs" ;;
+ esac
+ done
+ fi # link_all_deplibs != no
+ fi # linkmode = lib
+ done # for deplib in $libs
+ dependency_libs="$newdependency_libs"
+ if test "$pass" = dlpreopen; then
+ # Link the dlpreopened libraries before other libraries
+ for deplib in $save_deplibs; do
+ deplibs="$deplib $deplibs"
+ done
+ fi
+ if test "$pass" != dlopen; then
+ if test "$pass" != conv; then
+ # Make sure lib_search_path contains only unique directories.
+ lib_search_path=
+ for dir in $newlib_search_path; do
+ case "$lib_search_path " in
+ *" $dir "*) ;;
+ *) lib_search_path="$lib_search_path $dir" ;;
+ esac
+ done
+ newlib_search_path=
+ fi
+
+ if test "$linkmode,$pass" != "prog,link"; then
+ vars="deplibs"
+ else
+ vars="compile_deplibs finalize_deplibs"
+ fi
+ for var in $vars dependency_libs; do
+ # Add libraries to $var in reverse order
+ eval tmp_libs=\"\$$var\"
+ new_libs=
+ for deplib in $tmp_libs; do
+ # FIXME: Pedantically, this is the right thing to do, so
+ # that some nasty dependency loop isn't accidentally
+ # broken:
+ #new_libs="$deplib $new_libs"
+ # Pragmatically, this seems to cause very few problems in
+ # practice:
+ case $deplib in
+ -L*) new_libs="$deplib $new_libs" ;;
+ -R*) ;;
+ *)
+ # And here is the reason: when a library appears more
+ # than once as an explicit dependence of a library, or
+ # is implicitly linked in more than once by the
+ # compiler, it is considered special, and multiple
+ # occurrences thereof are not removed. Compare this
+ # with having the same library being listed as a
+ # dependency of multiple other libraries: in this case,
+ # we know (pedantically, we assume) the library does not
+ # need to be listed more than once, so we keep only the
+ # last copy. This is not always right, but it is rare
+ # enough that we require users that really mean to play
+ # such unportable linking tricks to link the library
+ # using -Wl,-lname, so that libtool does not consider it
+ # for duplicate removal.
+ case " $specialdeplibs " in
+ *" $deplib "*) new_libs="$deplib $new_libs" ;;
+ *)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$deplib $new_libs" ;;
+ esac
+ ;;
+ esac
+ ;;
+ esac
+ done
+ tmp_libs=
+ for deplib in $new_libs; do
+ case $deplib in
+ -L*)
+ case " $tmp_libs " in
+ *" $deplib "*) ;;
+ *) tmp_libs="$tmp_libs $deplib" ;;
+ esac
+ ;;
+ *) tmp_libs="$tmp_libs $deplib" ;;
+ esac
+ done
+ eval $var=\"$tmp_libs\"
+ done # for var
+ fi
+ # Last step: remove runtime libs from dependency_libs
+ # (they stay in deplibs)
+ tmp_libs=
+ for i in $dependency_libs ; do
+ case " $predeps $postdeps $compiler_lib_search_path " in
+ *" $i "*)
+ i=""
+ ;;
+ esac
+ if test -n "$i" ; then
+ tmp_libs="$tmp_libs $i"
+ fi
+ done
+ dependency_libs=$tmp_libs
+ done # for pass
+ if test "$linkmode" = prog; then
+ dlfiles="$newdlfiles"
+ dlprefiles="$newdlprefiles"
+ fi
+
+ case $linkmode in
+ oldlib)
+ if test -n "$deplibs"; then
+ $echo "$modename: warning: \`-l' and \`-L' are ignored for archives" 1>&2
+ fi
+
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ $echo "$modename: warning: \`-dlopen' is ignored for archives" 1>&2
+ fi
+
+ if test -n "$rpath"; then
+ $echo "$modename: warning: \`-rpath' is ignored for archives" 1>&2
+ fi
+
+ if test -n "$xrpath"; then
+ $echo "$modename: warning: \`-R' is ignored for archives" 1>&2
+ fi
+
+ if test -n "$vinfo"; then
+ $echo "$modename: warning: \`-version-info/-version-number' is ignored for archives" 1>&2
+ fi
+
+ if test -n "$release"; then
+ $echo "$modename: warning: \`-release' is ignored for archives" 1>&2
+ fi
+
+ if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
+ $echo "$modename: warning: \`-export-symbols' is ignored for archives" 1>&2
+ fi
+
+ # Now set the variables for building old libraries.
+ build_libtool_libs=no
+ oldlibs="$output"
+ objs="$objs$old_deplibs"
+ ;;
+
+ lib)
+ # Make sure we only generate libraries of the form `libNAME.la'.
+ case $outputname in
+ lib*)
+ name=`$echo "X$outputname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
+ eval shared_ext=\"$shrext_cmds\"
+ eval libname=\"$libname_spec\"
+ ;;
+ *)
+ if test "$module" = no; then
+ $echo "$modename: libtool library \`$output' must begin with \`lib'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ if test "$need_lib_prefix" != no; then
+ # Add the "lib" prefix for modules if required
+ name=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
+ eval shared_ext=\"$shrext_cmds\"
+ eval libname=\"$libname_spec\"
+ else
+ libname=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
+ fi
+ ;;
+ esac
+
+ if test -n "$objs"; then
+ if test "$deplibs_check_method" != pass_all; then
+ $echo "$modename: cannot build libtool library \`$output' from non-libtool objects on this host:$objs" 2>&1
+ exit $EXIT_FAILURE
+ else
+ $echo
+ $echo "*** Warning: Linking the shared library $output against the non-libtool"
+ $echo "*** objects $objs is not portable!"
+ libobjs="$libobjs $objs"
+ fi
+ fi
+
+ if test "$dlself" != no; then
+ $echo "$modename: warning: \`-dlopen self' is ignored for libtool libraries" 1>&2
+ fi
+
+ set dummy $rpath
+ if test "$#" -gt 2; then
+ $echo "$modename: warning: ignoring multiple \`-rpath's for a libtool library" 1>&2
+ fi
+ install_libdir="$2"
+
+ oldlibs=
+ if test -z "$rpath"; then
+ if test "$build_libtool_libs" = yes; then
+ # Building a libtool convenience library.
+ # Some compilers have problems with a `.al' extension so
+ # convenience libraries should have the same extension an
+ # archive normally would.
+ oldlibs="$output_objdir/$libname.$libext $oldlibs"
+ build_libtool_libs=convenience
+ build_old_libs=yes
+ fi
+
+ if test -n "$vinfo"; then
+ $echo "$modename: warning: \`-version-info/-version-number' is ignored for convenience libraries" 1>&2
+ fi
+
+ if test -n "$release"; then
+ $echo "$modename: warning: \`-release' is ignored for convenience libraries" 1>&2
+ fi
+ else
+
+ # Parse the version information argument.
+ save_ifs="$IFS"; IFS=':'
+ set dummy $vinfo 0 0 0
+ IFS="$save_ifs"
+
+ if test -n "$8"; then
+ $echo "$modename: too many parameters to \`-version-info'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # convert absolute version numbers to libtool ages
+ # this retains compatibility with .la files and attempts
+ # to make the code below a bit more comprehensible
+
+ case $vinfo_number in
+ yes)
+ number_major="$2"
+ number_minor="$3"
+ number_revision="$4"
+ #
+ # There are really only two kinds -- those that
+ # use the current revision as the major version
+ # and those that subtract age and use age as
+ # a minor version. But, then there is irix
+ # which has an extra 1 added just for fun
+ #
+ case $version_type in
+ darwin|linux|osf|windows)
+ current=`expr $number_major + $number_minor`
+ age="$number_minor"
+ revision="$number_revision"
+ ;;
+ freebsd-aout|freebsd-elf|sunos)
+ current="$number_major"
+ revision="$number_minor"
+ age="0"
+ ;;
+ irix|nonstopux)
+ current=`expr $number_major + $number_minor - 1`
+ age="$number_minor"
+ revision="$number_minor"
+ ;;
+ esac
+ ;;
+ no)
+ current="$2"
+ revision="$3"
+ age="$4"
+ ;;
+ esac
+
+ # Check that each of the things are valid numbers.
+ case $current in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ $echo "$modename: CURRENT \`$current' must be a nonnegative integer" 1>&2
+ $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ case $revision in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ $echo "$modename: REVISION \`$revision' must be a nonnegative integer" 1>&2
+ $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ case $age in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ $echo "$modename: AGE \`$age' must be a nonnegative integer" 1>&2
+ $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ if test "$age" -gt "$current"; then
+ $echo "$modename: AGE \`$age' is greater than the current interface number \`$current'" 1>&2
+ $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Calculate the version variables.
+ major=
+ versuffix=
+ verstring=
+ case $version_type in
+ none) ;;
+
+ darwin)
+ # Like Linux, but with the current version available in
+ # verstring for coding it into the library header
+ major=.`expr $current - $age`
+ versuffix="$major.$age.$revision"
+ # Darwin ld doesn't like 0 for these options...
+ minor_current=`expr $current + 1`
+ verstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision"
+ ;;
+
+ freebsd-aout)
+ major=".$current"
+ versuffix=".$current.$revision";
+ ;;
+
+ freebsd-elf)
+ major=".$current"
+ versuffix=".$current";
+ ;;
+
+ irix | nonstopux)
+ major=`expr $current - $age + 1`
+
+ case $version_type in
+ nonstopux) verstring_prefix=nonstopux ;;
+ *) verstring_prefix=sgi ;;
+ esac
+ verstring="$verstring_prefix$major.$revision"
+
+ # Add in all the interfaces that we are compatible with.
+ loop=$revision
+ while test "$loop" -ne 0; do
+ iface=`expr $revision - $loop`
+ loop=`expr $loop - 1`
+ verstring="$verstring_prefix$major.$iface:$verstring"
+ done
+
+ # Before this point, $major must not contain `.'.
+ major=.$major
+ versuffix="$major.$revision"
+ ;;
+
+ linux)
+ major=.`expr $current - $age`
+ versuffix="$major.$age.$revision"
+ ;;
+
+ osf)
+ major=.`expr $current - $age`
+ versuffix=".$current.$age.$revision"
+ verstring="$current.$age.$revision"
+
+ # Add in all the interfaces that we are compatible with.
+ loop=$age
+ while test "$loop" -ne 0; do
+ iface=`expr $current - $loop`
+ loop=`expr $loop - 1`
+ verstring="$verstring:${iface}.0"
+ done
+
+ # Make executables depend on our current version.
+ verstring="$verstring:${current}.0"
+ ;;
+
+ sunos)
+ major=".$current"
+ versuffix=".$current.$revision"
+ ;;
+
+ windows)
+ # Use '-' rather than '.', since we only want one
+ # extension on DOS 8.3 filesystems.
+ major=`expr $current - $age`
+ versuffix="-$major"
+ ;;
+
+ *)
+ $echo "$modename: unknown library version type \`$version_type'" 1>&2
+ $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ # Clear the version info if we defaulted, and they specified a release.
+ if test -z "$vinfo" && test -n "$release"; then
+ major=
+ case $version_type in
+ darwin)
+ # we can't check for "0.0" in archive_cmds due to quoting
+ # problems, so we reset it completely
+ verstring=
+ ;;
+ *)
+ verstring="0.0"
+ ;;
+ esac
+ if test "$need_version" = no; then
+ versuffix=
+ else
+ versuffix=".0.0"
+ fi
+ fi
+
+ # Remove version info from name if versioning should be avoided
+ if test "$avoid_version" = yes && test "$need_version" = no; then
+ major=
+ versuffix=
+ verstring=""
+ fi
+
+ # Check to see if the archive will have undefined symbols.
+ if test "$allow_undefined" = yes; then
+ if test "$allow_undefined_flag" = unsupported; then
+ $echo "$modename: warning: undefined symbols not allowed in $host shared libraries" 1>&2
+ build_libtool_libs=no
+ build_old_libs=yes
+ fi
+ else
+ # Don't allow undefined symbols.
+ allow_undefined_flag="$no_undefined_flag"
+ fi
+ fi
+
+ if test "$mode" != relink; then
+ # Remove our outputs, but don't remove object files since they
+ # may have been created when compiling PIC objects.
+ removelist=
+ tempremovelist=`$echo "$output_objdir/*"`
+ for p in $tempremovelist; do
+ case $p in
+ *.$objext)
+ ;;
+ $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*)
+ if test "X$precious_files_regex" != "X"; then
+ if echo $p | $EGREP -e "$precious_files_regex" >/dev/null 2>&1
+ then
+ continue
+ fi
+ fi
+ removelist="$removelist $p"
+ ;;
+ *) ;;
+ esac
+ done
+ if test -n "$removelist"; then
+ $show "${rm}r $removelist"
+ $run ${rm}r $removelist
+ fi
+ fi
+
+ # Now set the variables for building old libraries.
+ if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then
+ oldlibs="$oldlibs $output_objdir/$libname.$libext"
+
+ # Transform .lo files to .o files.
+ oldobjs="$objs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP`
+ fi
+
+ # Eliminate all temporary directories.
+ for path in $notinst_path; do
+ lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"`
+ deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"`
+ dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"`
+ done
+
+ if test -n "$xrpath"; then
+ # If the user specified any rpath flags, then add them.
+ temp_xrpath=
+ for libdir in $xrpath; do
+ temp_xrpath="$temp_xrpath -R$libdir"
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir" ;;
+ esac
+ done
+ if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
+ dependency_libs="$temp_xrpath $dependency_libs"
+ fi
+ fi
+
+ # Make sure dlfiles contains only unique files that won't be dlpreopened
+ old_dlfiles="$dlfiles"
+ dlfiles=
+ for lib in $old_dlfiles; do
+ case " $dlprefiles $dlfiles " in
+ *" $lib "*) ;;
+ *) dlfiles="$dlfiles $lib" ;;
+ esac
+ done
+
+ # Make sure dlprefiles contains only unique files
+ old_dlprefiles="$dlprefiles"
+ dlprefiles=
+ for lib in $old_dlprefiles; do
+ case "$dlprefiles " in
+ *" $lib "*) ;;
+ *) dlprefiles="$dlprefiles $lib" ;;
+ esac
+ done
+
+ if test "$build_libtool_libs" = yes; then
+ if test -n "$rpath"; then
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos*)
+ # these systems don't actually have a c library (as such)!
+ ;;
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # Rhapsody C library is in the System framework
+ deplibs="$deplibs -framework System"
+ ;;
+ *-*-netbsd*)
+ # Don't link with libc until the a.out ld.so is fixed.
+ ;;
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc due to us having libc/libc_r.
+ ;;
+ *-*-sco3.2v5* | *-*-sco5v6*)
+ # Causes problems with __ctype
+ ;;
+ *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+ # Compiler inserts libc in the correct place for threads to work
+ ;;
+ *)
+ # Add libc to deplibs on all other systems if necessary.
+ if test "$build_libtool_need_lc" = "yes"; then
+ deplibs="$deplibs -lc"
+ fi
+ ;;
+ esac
+ fi
+
+ # Transform deplibs into only deplibs that can be linked in shared.
+ name_save=$name
+ libname_save=$libname
+ release_save=$release
+ versuffix_save=$versuffix
+ major_save=$major
+ # I'm not sure if I'm treating the release correctly. I think
+ # release should show up in the -l (ie -lgmp5) so we don't want to
+ # add it in twice. Is that correct?
+ release=""
+ versuffix=""
+ major=""
+ newdeplibs=
+ droppeddeps=no
+ case $deplibs_check_method in
+ pass_all)
+ # Don't check for shared/static. Everything works.
+ # This might be a little naive. We might want to check
+ # whether the library exists or not. But this is on
+ # osf3 & osf4 and I'm not really sure... Just
+ # implementing what was already the behavior.
+ newdeplibs=$deplibs
+ ;;
+ test_compile)
+ # This code stresses the "libraries are programs" paradigm to its
+ # limits. Maybe even breaks it. We compile a program, linking it
+ # against the deplibs as a proxy for the library. Then we can check
+ # whether they linked in statically or dynamically with ldd.
+ $rm conftest.c
+ cat > conftest.c <<EOF
+ int main() { return 0; }
+EOF
+ $rm conftest
+ $LTCC $LTCFLAGS -o conftest conftest.c $deplibs
+ if test "$?" -eq 0 ; then
+ ldd_output=`ldd conftest`
+ for i in $deplibs; do
+ name=`expr $i : '-l\(.*\)'`
+ # If $name is empty we are operating on a -L argument.
+ if test "$name" != "" && test "$name" -ne "0"; then
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $i "*)
+ newdeplibs="$newdeplibs $i"
+ i=""
+ ;;
+ esac
+ fi
+ if test -n "$i" ; then
+ libname=`eval \\$echo \"$libname_spec\"`
+ deplib_matches=`eval \\$echo \"$library_names_spec\"`
+ set dummy $deplib_matches
+ deplib_match=$2
+ if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+ newdeplibs="$newdeplibs $i"
+ else
+ droppeddeps=yes
+ $echo
+ $echo "*** Warning: dynamic linker does not accept needed library $i."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which I believe you do not have"
+ $echo "*** because a test_compile did reveal that the linker did not use it for"
+ $echo "*** its dynamic dependency list that programs get resolved with at runtime."
+ fi
+ fi
+ else
+ newdeplibs="$newdeplibs $i"
+ fi
+ done
+ else
+ # Error occurred in the first compile. Let's try to salvage
+ # the situation: Compile a separate program for each library.
+ for i in $deplibs; do
+ name=`expr $i : '-l\(.*\)'`
+ # If $name is empty we are operating on a -L argument.
+ if test "$name" != "" && test "$name" != "0"; then
+ $rm conftest
+ $LTCC $LTCFLAGS -o conftest conftest.c $i
+ # Did it work?
+ if test "$?" -eq 0 ; then
+ ldd_output=`ldd conftest`
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $i "*)
+ newdeplibs="$newdeplibs $i"
+ i=""
+ ;;
+ esac
+ fi
+ if test -n "$i" ; then
+ libname=`eval \\$echo \"$libname_spec\"`
+ deplib_matches=`eval \\$echo \"$library_names_spec\"`
+ set dummy $deplib_matches
+ deplib_match=$2
+ if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+ newdeplibs="$newdeplibs $i"
+ else
+ droppeddeps=yes
+ $echo
+ $echo "*** Warning: dynamic linker does not accept needed library $i."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which you do not appear to have"
+ $echo "*** because a test_compile did reveal that the linker did not use this one"
+ $echo "*** as a dynamic dependency that programs can get resolved with at runtime."
+ fi
+ fi
+ else
+ droppeddeps=yes
+ $echo
+ $echo "*** Warning! Library $i is needed by this library but I was not able to"
+ $echo "*** make it link in! You will probably need to install it or some"
+ $echo "*** library that it depends on before this library will be fully"
+ $echo "*** functional. Installing it before continuing would be even better."
+ fi
+ else
+ newdeplibs="$newdeplibs $i"
+ fi
+ done
+ fi
+ ;;
+ file_magic*)
+ set dummy $deplibs_check_method
+ file_magic_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
+ for a_deplib in $deplibs; do
+ name=`expr $a_deplib : '-l\(.*\)'`
+ # If $name is empty we are operating on a -L argument.
+ if test "$name" != "" && test "$name" != "0"; then
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $a_deplib "*)
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ ;;
+ esac
+ fi
+ if test -n "$a_deplib" ; then
+ libname=`eval \\$echo \"$libname_spec\"`
+ for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+ potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+ for potent_lib in $potential_libs; do
+ # Follow soft links.
+ if ls -lLd "$potent_lib" 2>/dev/null \
+ | grep " -> " >/dev/null; then
+ continue
+ fi
+ # The statement above tries to avoid entering an
+ # endless loop below, in case of cyclic links.
+ # We might still enter an endless loop, since a link
+ # loop can be closed while we follow links,
+ # but so what?
+ potlib="$potent_lib"
+ while test -h "$potlib" 2>/dev/null; do
+ potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'`
+ case $potliblink in
+ [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";;
+ *) potlib=`$echo "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";;
+ esac
+ done
+ if eval $file_magic_cmd \"\$potlib\" 2>/dev/null \
+ | ${SED} 10q \
+ | $EGREP "$file_magic_regex" > /dev/null; then
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ break 2
+ fi
+ done
+ done
+ fi
+ if test -n "$a_deplib" ; then
+ droppeddeps=yes
+ $echo
+ $echo "*** Warning: linker path does not have real file for library $a_deplib."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which you do not appear to have"
+ $echo "*** because I did check the linker path looking for a file starting"
+ if test -z "$potlib" ; then
+ $echo "*** with $libname but no candidates were found. (...for file magic test)"
+ else
+ $echo "*** with $libname and none of the candidates passed a file format test"
+ $echo "*** using a file magic. Last file checked: $potlib"
+ fi
+ fi
+ else
+ # Add a -L argument.
+ newdeplibs="$newdeplibs $a_deplib"
+ fi
+ done # Gone through all deplibs.
+ ;;
+ match_pattern*)
+ set dummy $deplibs_check_method
+ match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
+ for a_deplib in $deplibs; do
+ name=`expr $a_deplib : '-l\(.*\)'`
+ # If $name is empty we are operating on a -L argument.
+ if test -n "$name" && test "$name" != "0"; then
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $a_deplib "*)
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ ;;
+ esac
+ fi
+ if test -n "$a_deplib" ; then
+ libname=`eval \\$echo \"$libname_spec\"`
+ for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+ potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+ for potent_lib in $potential_libs; do
+ potlib="$potent_lib" # see symlink-check above in file_magic test
+ if eval $echo \"$potent_lib\" 2>/dev/null \
+ | ${SED} 10q \
+ | $EGREP "$match_pattern_regex" > /dev/null; then
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ break 2
+ fi
+ done
+ done
+ fi
+ if test -n "$a_deplib" ; then
+ droppeddeps=yes
+ $echo
+ $echo "*** Warning: linker path does not have real file for library $a_deplib."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which you do not appear to have"
+ $echo "*** because I did check the linker path looking for a file starting"
+ if test -z "$potlib" ; then
+ $echo "*** with $libname but no candidates were found. (...for regex pattern test)"
+ else
+ $echo "*** with $libname and none of the candidates passed a file format test"
+ $echo "*** using a regex pattern. Last file checked: $potlib"
+ fi
+ fi
+ else
+ # Add a -L argument.
+ newdeplibs="$newdeplibs $a_deplib"
+ fi
+ done # Gone through all deplibs.
+ ;;
+ none | unknown | *)
+ newdeplibs=""
+ tmp_deplibs=`$echo "X $deplibs" | $Xsed -e 's/ -lc$//' \
+ -e 's/ -[LR][^ ]*//g'`
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ for i in $predeps $postdeps ; do
+ # can't use Xsed below, because $i might contain '/'
+ tmp_deplibs=`$echo "X $tmp_deplibs" | ${SED} -e "1s,^X,," -e "s,$i,,"`
+ done
+ fi
+ if $echo "X $tmp_deplibs" | $Xsed -e 's/[ ]//g' \
+ | grep . >/dev/null; then
+ $echo
+ if test "X$deplibs_check_method" = "Xnone"; then
+ $echo "*** Warning: inter-library dependencies are not supported in this platform."
+ else
+ $echo "*** Warning: inter-library dependencies are not known to be supported."
+ fi
+ $echo "*** All declared inter-library dependencies are being dropped."
+ droppeddeps=yes
+ fi
+ ;;
+ esac
+ versuffix=$versuffix_save
+ major=$major_save
+ release=$release_save
+ libname=$libname_save
+ name=$name_save
+
+ case $host in
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # On Rhapsody replace the C library is the System framework
+ newdeplibs=`$echo "X $newdeplibs" | $Xsed -e 's/ -lc / -framework System /'`
+ ;;
+ esac
+
+ if test "$droppeddeps" = yes; then
+ if test "$module" = yes; then
+ $echo
+ $echo "*** Warning: libtool could not satisfy all declared inter-library"
+ $echo "*** dependencies of module $libname. Therefore, libtool will create"
+ $echo "*** a static module, that should work as long as the dlopening"
+ $echo "*** application is linked with the -dlopen flag."
+ if test -z "$global_symbol_pipe"; then
+ $echo
+ $echo "*** However, this would only work if libtool was able to extract symbol"
+ $echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ $echo "*** not find such a program. So, this module is probably useless."
+ $echo "*** \`nm' from GNU binutils and a full rebuild may help."
+ fi
+ if test "$build_old_libs" = no; then
+ oldlibs="$output_objdir/$libname.$libext"
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ else
+ $echo "*** The inter-library dependencies that have been dropped here will be"
+ $echo "*** automatically added whenever a program is linked with this library"
+ $echo "*** or is declared to -dlopen it."
+
+ if test "$allow_undefined" = no; then
+ $echo
+ $echo "*** Since this library must not contain undefined symbols,"
+ $echo "*** because either the platform does not support them or"
+ $echo "*** it was explicitly requested with -no-undefined,"
+ $echo "*** libtool will only create a static version of it."
+ if test "$build_old_libs" = no; then
+ oldlibs="$output_objdir/$libname.$libext"
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ fi
+ fi
+ fi
+ # Done checking deplibs!
+ deplibs=$newdeplibs
+ fi
+
+
+ # move library search paths that coincide with paths to not yet
+ # installed libraries to the beginning of the library search list
+ new_libs=
+ for path in $notinst_path; do
+ case " $new_libs " in
+ *" -L$path/$objdir "*) ;;
+ *)
+ case " $deplibs " in
+ *" -L$path/$objdir "*)
+ new_libs="$new_libs -L$path/$objdir" ;;
+ esac
+ ;;
+ esac
+ done
+ for deplib in $deplibs; do
+ case $deplib in
+ -L*)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ done
+ deplibs="$new_libs"
+
+
+ # All the library-specific variables (install_libdir is set above).
+ library_names=
+ old_library=
+ dlname=
+
+ # Test again, we may have decided not to build it any more
+ if test "$build_libtool_libs" = yes; then
+ if test "$hardcode_into_libs" = yes; then
+ # Hardcode the library paths
+ hardcode_libdirs=
+ dep_rpath=
+ rpath="$finalize_rpath"
+ test "$mode" != relink && rpath="$compile_rpath$rpath"
+ for libdir in $rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ dep_rpath="$dep_rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$perm_rpath " in
+ *" $libdir "*) ;;
+ *) perm_rpath="$perm_rpath $libdir" ;;
+ esac
+ fi
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ if test -n "$hardcode_libdir_flag_spec_ld"; then
+ eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
+ else
+ eval dep_rpath=\"$hardcode_libdir_flag_spec\"
+ fi
+ fi
+ if test -n "$runpath_var" && test -n "$perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
+ fi
+ test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
+ fi
+
+ shlibpath="$finalize_shlibpath"
+ test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath"
+ if test -n "$shlibpath"; then
+ eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
+ fi
+
+ # Get the real and link names of the library.
+ eval shared_ext=\"$shrext_cmds\"
+ eval library_names=\"$library_names_spec\"
+ set dummy $library_names
+ realname="$2"
+ shift; shift
+
+ if test -n "$soname_spec"; then
+ eval soname=\"$soname_spec\"
+ else
+ soname="$realname"
+ fi
+ if test -z "$dlname"; then
+ dlname=$soname
+ fi
+
+ lib="$output_objdir/$realname"
+ linknames=
+ for link
+ do
+ linknames="$linknames $link"
+ done
+
+ # Use standard objects if they are pic
+ test -z "$pic_flag" && libobjs=`$echo "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+
+ # Prepare the list of exported symbols
+ if test -z "$export_symbols"; then
+ if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then
+ $show "generating symbol list for \`$libname.la'"
+ export_symbols="$output_objdir/$libname.exp"
+ $run $rm $export_symbols
+ cmds=$export_symbols_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ if len=`expr "X$cmd" : ".*"` &&
+ test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ skipped_export=false
+ else
+ # The command line is too long to execute in one step.
+ $show "using reloadable object file for export list..."
+ skipped_export=:
+ # Break out early, otherwise skipped_export may be
+ # set to false by a later but shorter cmd.
+ break
+ fi
+ done
+ IFS="$save_ifs"
+ if test -n "$export_symbols_regex"; then
+ $show "$EGREP -e \"$export_symbols_regex\" \"$export_symbols\" > \"${export_symbols}T\""
+ $run eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+ $show "$mv \"${export_symbols}T\" \"$export_symbols\""
+ $run eval '$mv "${export_symbols}T" "$export_symbols"'
+ fi
+ fi
+ fi
+
+ if test -n "$export_symbols" && test -n "$include_expsyms"; then
+ $run eval '$echo "X$include_expsyms" | $SP2NL >> "$export_symbols"'
+ fi
+
+ tmp_deplibs=
+ for test_deplib in $deplibs; do
+ case " $convenience " in
+ *" $test_deplib "*) ;;
+ *)
+ tmp_deplibs="$tmp_deplibs $test_deplib"
+ ;;
+ esac
+ done
+ deplibs="$tmp_deplibs"
+
+ if test -n "$convenience"; then
+ if test -n "$whole_archive_flag_spec"; then
+ save_libobjs=$libobjs
+ eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+ else
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $convenience
+ libobjs="$libobjs $func_extract_archives_result"
+ fi
+ fi
+
+ if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then
+ eval flag=\"$thread_safe_flag_spec\"
+ linker_flags="$linker_flags $flag"
+ fi
+
+ # Make a backup of the uninstalled library when relinking
+ if test "$mode" = relink; then
+ $run eval '(cd $output_objdir && $rm ${realname}U && $mv $realname ${realname}U)' || exit $?
+ fi
+
+ # Do each of the archive commands.
+ if test "$module" = yes && test -n "$module_cmds" ; then
+ if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+ eval test_cmds=\"$module_expsym_cmds\"
+ cmds=$module_expsym_cmds
+ else
+ eval test_cmds=\"$module_cmds\"
+ cmds=$module_cmds
+ fi
+ else
+ if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+ eval test_cmds=\"$archive_expsym_cmds\"
+ cmds=$archive_expsym_cmds
+ else
+ eval test_cmds=\"$archive_cmds\"
+ cmds=$archive_cmds
+ fi
+ fi
+
+ if test "X$skipped_export" != "X:" &&
+ len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
+ test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ :
+ else
+ # The command line is too long to link in one step, link piecewise.
+ $echo "creating reloadable object files..."
+
+ # Save the value of $output and $libobjs because we want to
+ # use them later. If we have whole_archive_flag_spec, we
+ # want to use save_libobjs as it was before
+ # whole_archive_flag_spec was expanded, because we can't
+ # assume the linker understands whole_archive_flag_spec.
+ # This may have to be revisited, in case too many
+ # convenience libraries get linked in and end up exceeding
+ # the spec.
+ if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then
+ save_libobjs=$libobjs
+ fi
+ save_output=$output
+ output_la=`$echo "X$output" | $Xsed -e "$basename"`
+
+ # Clear the reloadable object creation command queue and
+ # initialize k to one.
+ test_cmds=
+ concat_cmds=
+ objlist=
+ delfiles=
+ last_robj=
+ k=1
+ output=$output_objdir/$output_la-${k}.$objext
+ # Loop over the list of objects to be linked.
+ for obj in $save_libobjs
+ do
+ eval test_cmds=\"$reload_cmds $objlist $last_robj\"
+ if test "X$objlist" = X ||
+ { len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
+ test "$len" -le "$max_cmd_len"; }; then
+ objlist="$objlist $obj"
+ else
+ # The command $test_cmds is almost too long, add a
+ # command to the queue.
+ if test "$k" -eq 1 ; then
+ # The first file doesn't have a previous command to add.
+ eval concat_cmds=\"$reload_cmds $objlist $last_robj\"
+ else
+ # All subsequent reloadable object files will link in
+ # the last one created.
+ eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj\"
+ fi
+ last_robj=$output_objdir/$output_la-${k}.$objext
+ k=`expr $k + 1`
+ output=$output_objdir/$output_la-${k}.$objext
+ objlist=$obj
+ len=1
+ fi
+ done
+ # Handle the remaining objects by creating one last
+ # reloadable object file. All subsequent reloadable object
+ # files will link in the last one created.
+ test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+ eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\"
+
+ if ${skipped_export-false}; then
+ $show "generating symbol list for \`$libname.la'"
+ export_symbols="$output_objdir/$libname.exp"
+ $run $rm $export_symbols
+ libobjs=$output
+ # Append the command to create the export file.
+ eval concat_cmds=\"\$concat_cmds~$export_symbols_cmds\"
+ fi
+
+ # Set up a command to remove the reloadable object files
+ # after they are used.
+ i=0
+ while test "$i" -lt "$k"
+ do
+ i=`expr $i + 1`
+ delfiles="$delfiles $output_objdir/$output_la-${i}.$objext"
+ done
+
+ $echo "creating a temporary reloadable object file: $output"
+
+ # Loop through the commands generated above and execute them.
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $concat_cmds; do
+ IFS="$save_ifs"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+
+ libobjs=$output
+ # Restore the value of output.
+ output=$save_output
+
+ if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then
+ eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+ fi
+ # Expand the library linking commands again to reset the
+ # value of $libobjs for piecewise linking.
+
+ # Do each of the archive commands.
+ if test "$module" = yes && test -n "$module_cmds" ; then
+ if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+ cmds=$module_expsym_cmds
+ else
+ cmds=$module_cmds
+ fi
+ else
+ if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+ cmds=$archive_expsym_cmds
+ else
+ cmds=$archive_cmds
+ fi
+ fi
+
+ # Append the command to remove the reloadable object files
+ # to the just-reset $cmds.
+ eval cmds=\"\$cmds~\$rm $delfiles\"
+ fi
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || {
+ lt_exit=$?
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ $run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)'
+ fi
+
+ exit $lt_exit
+ }
+ done
+ IFS="$save_ifs"
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ $run eval '(cd $output_objdir && $rm ${realname}T && $mv $realname ${realname}T && $mv "$realname"U $realname)' || exit $?
+
+ if test -n "$convenience"; then
+ if test -z "$whole_archive_flag_spec"; then
+ $show "${rm}r $gentop"
+ $run ${rm}r "$gentop"
+ fi
+ fi
+
+ exit $EXIT_SUCCESS
+ fi
+
+ # Create links to the real library.
+ for linkname in $linknames; do
+ if test "$realname" != "$linkname"; then
+ $show "(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)"
+ $run eval '(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)' || exit $?
+ fi
+ done
+
+ # If -module or -export-dynamic was specified, set the dlname.
+ if test "$module" = yes || test "$export_dynamic" = yes; then
+ # On all known operating systems, these are identical.
+ dlname="$soname"
+ fi
+ fi
+ ;;
+
+ obj)
+ if test -n "$deplibs"; then
+ $echo "$modename: warning: \`-l' and \`-L' are ignored for objects" 1>&2
+ fi
+
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ $echo "$modename: warning: \`-dlopen' is ignored for objects" 1>&2
+ fi
+
+ if test -n "$rpath"; then
+ $echo "$modename: warning: \`-rpath' is ignored for objects" 1>&2
+ fi
+
+ if test -n "$xrpath"; then
+ $echo "$modename: warning: \`-R' is ignored for objects" 1>&2
+ fi
+
+ if test -n "$vinfo"; then
+ $echo "$modename: warning: \`-version-info' is ignored for objects" 1>&2
+ fi
+
+ if test -n "$release"; then
+ $echo "$modename: warning: \`-release' is ignored for objects" 1>&2
+ fi
+
+ case $output in
+ *.lo)
+ if test -n "$objs$old_deplibs"; then
+ $echo "$modename: cannot build library object \`$output' from non-libtool objects" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ libobj="$output"
+ obj=`$echo "X$output" | $Xsed -e "$lo2o"`
+ ;;
+ *)
+ libobj=
+ obj="$output"
+ ;;
+ esac
+
+ # Delete the old objects.
+ $run $rm $obj $libobj
+
+ # Objects from convenience libraries. This assumes
+ # single-version convenience libraries. Whenever we create
+ # different ones for PIC/non-PIC, this we'll have to duplicate
+ # the extraction.
+ reload_conv_objs=
+ gentop=
+ # reload_cmds runs $LD directly, so let us get rid of
+ # -Wl from whole_archive_flag_spec
+ wl=
+
+ if test -n "$convenience"; then
+ if test -n "$whole_archive_flag_spec"; then
+ eval reload_conv_objs=\"\$reload_objs $whole_archive_flag_spec\"
+ else
+ gentop="$output_objdir/${obj}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $convenience
+ reload_conv_objs="$reload_objs $func_extract_archives_result"
+ fi
+ fi
+
+ # Create the old-style object.
+ reload_objs="$objs$old_deplibs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
+
+ output="$obj"
+ cmds=$reload_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+
+ # Exit if we aren't doing a library object file.
+ if test -z "$libobj"; then
+ if test -n "$gentop"; then
+ $show "${rm}r $gentop"
+ $run ${rm}r $gentop
+ fi
+
+ exit $EXIT_SUCCESS
+ fi
+
+ if test "$build_libtool_libs" != yes; then
+ if test -n "$gentop"; then
+ $show "${rm}r $gentop"
+ $run ${rm}r $gentop
+ fi
+
+ # Create an invalid libtool object if no PIC, so that we don't
+ # accidentally link it into a program.
+ # $show "echo timestamp > $libobj"
+ # $run eval "echo timestamp > $libobj" || exit $?
+ exit $EXIT_SUCCESS
+ fi
+
+ if test -n "$pic_flag" || test "$pic_mode" != default; then
+ # Only do commands if we really have different PIC objects.
+ reload_objs="$libobjs $reload_conv_objs"
+ output="$libobj"
+ cmds=$reload_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ fi
+
+ if test -n "$gentop"; then
+ $show "${rm}r $gentop"
+ $run ${rm}r $gentop
+ fi
+
+ exit $EXIT_SUCCESS
+ ;;
+
+ prog)
+ case $host in
+ *cygwin*) output=`$echo $output | ${SED} -e 's,.exe$,,;s,$,.exe,'` ;;
+ esac
+ if test -n "$vinfo"; then
+ $echo "$modename: warning: \`-version-info' is ignored for programs" 1>&2
+ fi
+
+ if test -n "$release"; then
+ $echo "$modename: warning: \`-release' is ignored for programs" 1>&2
+ fi
+
+ if test "$preload" = yes; then
+ if test "$dlopen_support" = unknown && test "$dlopen_self" = unknown &&
+ test "$dlopen_self_static" = unknown; then
+ $echo "$modename: warning: \`AC_LIBTOOL_DLOPEN' not used. Assuming no dlopen support."
+ fi
+ fi
+
+ case $host in
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # On Rhapsody replace the C library is the System framework
+ compile_deplibs=`$echo "X $compile_deplibs" | $Xsed -e 's/ -lc / -framework System /'`
+ finalize_deplibs=`$echo "X $finalize_deplibs" | $Xsed -e 's/ -lc / -framework System /'`
+ ;;
+ esac
+
+ case $host in
+ *darwin*)
+ # Don't allow lazy linking, it breaks C++ global constructors
+ if test "$tagname" = CXX ; then
+ compile_command="$compile_command ${wl}-bind_at_load"
+ finalize_command="$finalize_command ${wl}-bind_at_load"
+ fi
+ ;;
+ esac
+
+
+ # move library search paths that coincide with paths to not yet
+ # installed libraries to the beginning of the library search list
+ new_libs=
+ for path in $notinst_path; do
+ case " $new_libs " in
+ *" -L$path/$objdir "*) ;;
+ *)
+ case " $compile_deplibs " in
+ *" -L$path/$objdir "*)
+ new_libs="$new_libs -L$path/$objdir" ;;
+ esac
+ ;;
+ esac
+ done
+ for deplib in $compile_deplibs; do
+ case $deplib in
+ -L*)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ done
+ compile_deplibs="$new_libs"
+
+
+ compile_command="$compile_command $compile_deplibs"
+ finalize_command="$finalize_command $finalize_deplibs"
+
+ if test -n "$rpath$xrpath"; then
+ # If the user specified any rpath flags, then add them.
+ for libdir in $rpath $xrpath; do
+ # This is the magic to use -rpath.
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir" ;;
+ esac
+ done
+ fi
+
+ # Now hardcode the library paths
+ rpath=
+ hardcode_libdirs=
+ for libdir in $compile_rpath $finalize_rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ rpath="$rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$perm_rpath " in
+ *" $libdir "*) ;;
+ *) perm_rpath="$perm_rpath $libdir" ;;
+ esac
+ fi
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+ testbindir=`$echo "X$libdir" | $Xsed -e 's*/lib$*/bin*'`
+ case :$dllsearchpath: in
+ *":$libdir:"*) ;;
+ *) dllsearchpath="$dllsearchpath:$libdir";;
+ esac
+ case :$dllsearchpath: in
+ *":$testbindir:"*) ;;
+ *) dllsearchpath="$dllsearchpath:$testbindir";;
+ esac
+ ;;
+ esac
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ eval rpath=\" $hardcode_libdir_flag_spec\"
+ fi
+ compile_rpath="$rpath"
+
+ rpath=
+ hardcode_libdirs=
+ for libdir in $finalize_rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ rpath="$rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$finalize_perm_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;;
+ esac
+ fi
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ eval rpath=\" $hardcode_libdir_flag_spec\"
+ fi
+ finalize_rpath="$rpath"
+
+ if test -n "$libobjs" && test "$build_old_libs" = yes; then
+ # Transform all the library objects into standard objects.
+ compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ fi
+
+ dlsyms=
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ if test -n "$NM" && test -n "$global_symbol_pipe"; then
+ dlsyms="${outputname}S.c"
+ else
+ $echo "$modename: not configured to extract global symbols from dlpreopened files" 1>&2
+ fi
+ fi
+
+ if test -n "$dlsyms"; then
+ case $dlsyms in
+ "") ;;
+ *.c)
+ # Discover the nlist of each of the dlfiles.
+ nlist="$output_objdir/${outputname}.nm"
+
+ $show "$rm $nlist ${nlist}S ${nlist}T"
+ $run $rm "$nlist" "${nlist}S" "${nlist}T"
+
+ # Parse the name list into a source file.
+ $show "creating $output_objdir/$dlsyms"
+
+ test -z "$run" && $echo > "$output_objdir/$dlsyms" "\
+/* $dlsyms - symbol resolution table for \`$outputname' dlsym emulation. */
+/* Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP */
+
+#ifdef __cplusplus
+extern \"C\" {
+#endif
+
+/* Prevent the only kind of declaration conflicts we can make. */
+#define lt_preloaded_symbols some_other_symbol
+
+/* External symbol declarations for the compiler. */\
+"
+
+ if test "$dlself" = yes; then
+ $show "generating symbol list for \`$output'"
+
+ test -z "$run" && $echo ': @PROGRAM@ ' > "$nlist"
+
+ # Add our own program objects to the symbol list.
+ progfiles=`$echo "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ for arg in $progfiles; do
+ $show "extracting global C symbols from \`$arg'"
+ $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'"
+ done
+
+ if test -n "$exclude_expsyms"; then
+ $run eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
+ $run eval '$mv "$nlist"T "$nlist"'
+ fi
+
+ if test -n "$export_symbols_regex"; then
+ $run eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T'
+ $run eval '$mv "$nlist"T "$nlist"'
+ fi
+
+ # Prepare the list of exported symbols
+ if test -z "$export_symbols"; then
+ export_symbols="$output_objdir/$outputname.exp"
+ $run $rm $export_symbols
+ $run eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
+ case $host in
+ *cygwin* | *mingw* )
+ $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+ $run eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
+ ;;
+ esac
+ else
+ $run eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
+ $run eval 'grep -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
+ $run eval 'mv "$nlist"T "$nlist"'
+ case $host in
+ *cygwin* | *mingw* )
+ $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+ $run eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
+ ;;
+ esac
+ fi
+ fi
+
+ for arg in $dlprefiles; do
+ $show "extracting global C symbols from \`$arg'"
+ name=`$echo "$arg" | ${SED} -e 's%^.*/%%'`
+ $run eval '$echo ": $name " >> "$nlist"'
+ $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'"
+ done
+
+ if test -z "$run"; then
+ # Make sure we have at least an empty file.
+ test -f "$nlist" || : > "$nlist"
+
+ if test -n "$exclude_expsyms"; then
+ $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
+ $mv "$nlist"T "$nlist"
+ fi
+
+ # Try sorting and uniquifying the output.
+ if grep -v "^: " < "$nlist" |
+ if sort -k 3 </dev/null >/dev/null 2>&1; then
+ sort -k 3
+ else
+ sort +2
+ fi |
+ uniq > "$nlist"S; then
+ :
+ else
+ grep -v "^: " < "$nlist" > "$nlist"S
+ fi
+
+ if test -f "$nlist"S; then
+ eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$dlsyms"'
+ else
+ $echo '/* NONE */' >> "$output_objdir/$dlsyms"
+ fi
+
+ $echo >> "$output_objdir/$dlsyms" "\
+
+#undef lt_preloaded_symbols
+
+#if defined (__STDC__) && __STDC__
+# define lt_ptr void *
+#else
+# define lt_ptr char *
+# define const
+#endif
+
+/* The mapping between symbol names and symbols. */
+"
+
+ case $host in
+ *cygwin* | *mingw* )
+ $echo >> "$output_objdir/$dlsyms" "\
+/* DATA imports from DLLs on WIN32 can't be const, because
+ runtime relocations are performed -- see ld's documentation
+ on pseudo-relocs */
+struct {
+"
+ ;;
+ * )
+ $echo >> "$output_objdir/$dlsyms" "\
+const struct {
+"
+ ;;
+ esac
+
+
+ $echo >> "$output_objdir/$dlsyms" "\
+ const char *name;
+ lt_ptr address;
+}
+lt_preloaded_symbols[] =
+{\
+"
+
+ eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$dlsyms"
+
+ $echo >> "$output_objdir/$dlsyms" "\
+ {0, (lt_ptr) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+ return lt_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif\
+"
+ fi
+
+ pic_flag_for_symtable=
+ case $host in
+ # compiling the symbol table file with pic_flag works around
+ # a FreeBSD bug that causes programs to crash when -lm is
+ # linked before any other PIC object. But we must not use
+ # pic_flag when linking with -static. The problem exists in
+ # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
+ *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
+ case "$compile_command " in
+ *" -static "*) ;;
+ *) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND";;
+ esac;;
+ *-*-hpux*)
+ case "$compile_command " in
+ *" -static "*) ;;
+ *) pic_flag_for_symtable=" $pic_flag";;
+ esac
+ esac
+
+ # Now compile the dynamic symbol file.
+ $show "(cd $output_objdir && $LTCC $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable \"$dlsyms\")"
+ $run eval '(cd $output_objdir && $LTCC $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable "$dlsyms")' || exit $?
+
+ # Clean up the generated files.
+ $show "$rm $output_objdir/$dlsyms $nlist ${nlist}S ${nlist}T"
+ $run $rm "$output_objdir/$dlsyms" "$nlist" "${nlist}S" "${nlist}T"
+
+ # Transform the symbol file into the correct name.
+ case $host in
+ *cygwin* | *mingw* )
+ if test -f "$output_objdir/${outputname}.def" ; then
+ compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"`
+ finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"`
+ else
+ compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+ finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+ fi
+ ;;
+ * )
+ compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+ finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+ ;;
+ esac
+ ;;
+ *-*-freebsd*)
+ # FreeBSD doesn't need this...
+ ;;
+ *)
+ $echo "$modename: unknown suffix for \`$dlsyms'" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+ else
+ # We keep going just in case the user didn't refer to
+ # lt_preloaded_symbols. The linker will fail if global_symbol_pipe
+ # really was required.
+
+ # Nullify the symbol file.
+ compile_command=`$echo "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
+ finalize_command=`$echo "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
+ fi
+
+ if test "$need_relink" = no || test "$build_libtool_libs" != yes; then
+ # Replace the output file specification.
+ compile_command=`$echo "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+ link_command="$compile_command$compile_rpath"
+
+ # We have no uninstalled library dependencies, so finalize right now.
+ $show "$link_command"
+ $run eval "$link_command"
+ exit_status=$?
+
+ # Delete the generated files.
+ if test -n "$dlsyms"; then
+ $show "$rm $output_objdir/${outputname}S.${objext}"
+ $run $rm "$output_objdir/${outputname}S.${objext}"
+ fi
+
+ exit $exit_status
+ fi
+
+ if test -n "$shlibpath_var"; then
+ # We should set the shlibpath_var
+ rpath=
+ for dir in $temp_rpath; do
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*)
+ # Absolute path.
+ rpath="$rpath$dir:"
+ ;;
+ *)
+ # Relative path: add a thisdir entry.
+ rpath="$rpath\$thisdir/$dir:"
+ ;;
+ esac
+ done
+ temp_rpath="$rpath"
+ fi
+
+ if test -n "$compile_shlibpath$finalize_shlibpath"; then
+ compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
+ fi
+ if test -n "$finalize_shlibpath"; then
+ finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command"
+ fi
+
+ compile_var=
+ finalize_var=
+ if test -n "$runpath_var"; then
+ if test -n "$perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
+ fi
+ if test -n "$finalize_perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $finalize_perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
+ fi
+ fi
+
+ if test "$no_install" = yes; then
+ # We don't need to create a wrapper script.
+ link_command="$compile_var$compile_command$compile_rpath"
+ # Replace the output file specification.
+ link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+ # Delete the old output file.
+ $run $rm $output
+ # Link the executable and exit
+ $show "$link_command"
+ $run eval "$link_command" || exit $?
+ exit $EXIT_SUCCESS
+ fi
+
+ if test "$hardcode_action" = relink; then
+ # Fast installation is not supported
+ link_command="$compile_var$compile_command$compile_rpath"
+ relink_command="$finalize_var$finalize_command$finalize_rpath"
+
+ $echo "$modename: warning: this platform does not like uninstalled shared libraries" 1>&2
+ $echo "$modename: \`$output' will be relinked during installation" 1>&2
+ else
+ if test "$fast_install" != no; then
+ link_command="$finalize_var$compile_command$finalize_rpath"
+ if test "$fast_install" = yes; then
+ relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'`
+ else
+ # fast_install is set to needless
+ relink_command=
+ fi
+ else
+ link_command="$compile_var$compile_command$compile_rpath"
+ relink_command="$finalize_var$finalize_command$finalize_rpath"
+ fi
+ fi
+
+ # Replace the output file specification.
+ link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
+
+ # Delete the old output files.
+ $run $rm $output $output_objdir/$outputname $output_objdir/lt-$outputname
+
+ $show "$link_command"
+ $run eval "$link_command" || exit $?
+
+ # Now create the wrapper script.
+ $show "creating $output"
+
+ # Quote the relink command for shipping.
+ if test -n "$relink_command"; then
+ # Preserve any variables that may affect compiler behavior
+ for var in $variables_saved_for_relink; do
+ if eval test -z \"\${$var+set}\"; then
+ relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command"
+ elif eval var_value=\$$var; test -z "$var_value"; then
+ relink_command="$var=; export $var; $relink_command"
+ else
+ var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"`
+ relink_command="$var=\"$var_value\"; export $var; $relink_command"
+ fi
+ done
+ relink_command="(cd `pwd`; $relink_command)"
+ relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+ fi
+
+ # Quote $echo for shipping.
+ if test "X$echo" = "X$SHELL $progpath --fallback-echo"; then
+ case $progpath in
+ [\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";;
+ *) qecho="$SHELL `pwd`/$progpath --fallback-echo";;
+ esac
+ qecho=`$echo "X$qecho" | $Xsed -e "$sed_quote_subst"`
+ else
+ qecho=`$echo "X$echo" | $Xsed -e "$sed_quote_subst"`
+ fi
+
+ # Only actually do things if our run command is non-null.
+ if test -z "$run"; then
+ # win32 will think the script is a binary if it has
+ # a .exe suffix, so we strip it off here.
+ case $output in
+ *.exe) output=`$echo $output|${SED} 's,.exe$,,'` ;;
+ esac
+ # test for cygwin because mv fails w/o .exe extensions
+ case $host in
+ *cygwin*)
+ exeext=.exe
+ outputname=`$echo $outputname|${SED} 's,.exe$,,'` ;;
+ *) exeext= ;;
+ esac
+ case $host in
+ *cygwin* | *mingw* )
+ output_name=`basename $output`
+ output_path=`dirname $output`
+ cwrappersource="$output_path/$objdir/lt-$output_name.c"
+ cwrapper="$output_path/$output_name.exe"
+ $rm $cwrappersource $cwrapper
+ trap "$rm $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15
+
+ cat > $cwrappersource <<EOF
+
+/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
+ Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+
+ The $output program cannot be directly executed until all the libtool
+ libraries that it depends on are installed.
+
+ This wrapper executable should never be moved out of the build directory.
+ If it is, it will not operate correctly.
+
+ Currently, it simply execs the wrapper *script* "/bin/sh $output",
+ but could eventually absorb all of the scripts functionality and
+ exec $objdir/$outputname directly.
+*/
+EOF
+ cat >> $cwrappersource<<"EOF"
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <malloc.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/stat.h>
+
+#if defined(PATH_MAX)
+# define LT_PATHMAX PATH_MAX
+#elif defined(MAXPATHLEN)
+# define LT_PATHMAX MAXPATHLEN
+#else
+# define LT_PATHMAX 1024
+#endif
+
+#ifndef DIR_SEPARATOR
+# define DIR_SEPARATOR '/'
+# define PATH_SEPARATOR ':'
+#endif
+
+#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \
+ defined (__OS2__)
+# define HAVE_DOS_BASED_FILE_SYSTEM
+# ifndef DIR_SEPARATOR_2
+# define DIR_SEPARATOR_2 '\\'
+# endif
+# ifndef PATH_SEPARATOR_2
+# define PATH_SEPARATOR_2 ';'
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR_2
+# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR)
+#else /* DIR_SEPARATOR_2 */
+# define IS_DIR_SEPARATOR(ch) \
+ (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2))
+#endif /* DIR_SEPARATOR_2 */
+
+#ifndef PATH_SEPARATOR_2
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR)
+#else /* PATH_SEPARATOR_2 */
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2)
+#endif /* PATH_SEPARATOR_2 */
+
+#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type)))
+#define XFREE(stale) do { \
+ if (stale) { free ((void *) stale); stale = 0; } \
+} while (0)
+
+/* -DDEBUG is fairly common in CFLAGS. */
+#undef DEBUG
+#if defined DEBUGWRAPPER
+# define DEBUG(format, ...) fprintf(stderr, format, __VA_ARGS__)
+#else
+# define DEBUG(format, ...)
+#endif
+
+const char *program_name = NULL;
+
+void * xmalloc (size_t num);
+char * xstrdup (const char *string);
+const char * base_name (const char *name);
+char * find_executable(const char *wrapper);
+int check_executable(const char *path);
+char * strendzap(char *str, const char *pat);
+void lt_fatal (const char *message, ...);
+
+int
+main (int argc, char *argv[])
+{
+ char **newargz;
+ int i;
+
+ program_name = (char *) xstrdup (base_name (argv[0]));
+ DEBUG("(main) argv[0] : %s\n",argv[0]);
+ DEBUG("(main) program_name : %s\n",program_name);
+ newargz = XMALLOC(char *, argc+2);
+EOF
+
+ cat >> $cwrappersource <<EOF
+ newargz[0] = (char *) xstrdup("$SHELL");
+EOF
+
+ cat >> $cwrappersource <<"EOF"
+ newargz[1] = find_executable(argv[0]);
+ if (newargz[1] == NULL)
+ lt_fatal("Couldn't find %s", argv[0]);
+ DEBUG("(main) found exe at : %s\n",newargz[1]);
+ /* we know the script has the same name, without the .exe */
+ /* so make sure newargz[1] doesn't end in .exe */
+ strendzap(newargz[1],".exe");
+ for (i = 1; i < argc; i++)
+ newargz[i+1] = xstrdup(argv[i]);
+ newargz[argc+1] = NULL;
+
+ for (i=0; i<argc+1; i++)
+ {
+ DEBUG("(main) newargz[%d] : %s\n",i,newargz[i]);
+ ;
+ }
+
+EOF
+
+ case $host_os in
+ mingw*)
+ cat >> $cwrappersource <<EOF
+ execv("$SHELL",(char const **)newargz);
+EOF
+ ;;
+ *)
+ cat >> $cwrappersource <<EOF
+ execv("$SHELL",newargz);
+EOF
+ ;;
+ esac
+
+ cat >> $cwrappersource <<"EOF"
+ return 127;
+}
+
+void *
+xmalloc (size_t num)
+{
+ void * p = (void *) malloc (num);
+ if (!p)
+ lt_fatal ("Memory exhausted");
+
+ return p;
+}
+
+char *
+xstrdup (const char *string)
+{
+ return string ? strcpy ((char *) xmalloc (strlen (string) + 1), string) : NULL
+;
+}
+
+const char *
+base_name (const char *name)
+{
+ const char *base;
+
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ /* Skip over the disk name in MSDOS pathnames. */
+ if (isalpha ((unsigned char)name[0]) && name[1] == ':')
+ name += 2;
+#endif
+
+ for (base = name; *name; name++)
+ if (IS_DIR_SEPARATOR (*name))
+ base = name + 1;
+ return base;
+}
+
+int
+check_executable(const char * path)
+{
+ struct stat st;
+
+ DEBUG("(check_executable) : %s\n", path ? (*path ? path : "EMPTY!") : "NULL!");
+ if ((!path) || (!*path))
+ return 0;
+
+ if ((stat (path, &st) >= 0) &&
+ (
+ /* MinGW & native WIN32 do not support S_IXOTH or S_IXGRP */
+#if defined (S_IXOTH)
+ ((st.st_mode & S_IXOTH) == S_IXOTH) ||
+#endif
+#if defined (S_IXGRP)
+ ((st.st_mode & S_IXGRP) == S_IXGRP) ||
+#endif
+ ((st.st_mode & S_IXUSR) == S_IXUSR))
+ )
+ return 1;
+ else
+ return 0;
+}
+
+/* Searches for the full path of the wrapper. Returns
+ newly allocated full path name if found, NULL otherwise */
+char *
+find_executable (const char* wrapper)
+{
+ int has_slash = 0;
+ const char* p;
+ const char* p_next;
+ /* static buffer for getcwd */
+ char tmp[LT_PATHMAX + 1];
+ int tmp_len;
+ char* concat_name;
+
+ DEBUG("(find_executable) : %s\n", wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!");
+
+ if ((wrapper == NULL) || (*wrapper == '\0'))
+ return NULL;
+
+ /* Absolute path? */
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ if (isalpha ((unsigned char)wrapper[0]) && wrapper[1] == ':')
+ {
+ concat_name = xstrdup (wrapper);
+ if (check_executable(concat_name))
+ return concat_name;
+ XFREE(concat_name);
+ }
+ else
+ {
+#endif
+ if (IS_DIR_SEPARATOR (wrapper[0]))
+ {
+ concat_name = xstrdup (wrapper);
+ if (check_executable(concat_name))
+ return concat_name;
+ XFREE(concat_name);
+ }
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ }
+#endif
+
+ for (p = wrapper; *p; p++)
+ if (*p == '/')
+ {
+ has_slash = 1;
+ break;
+ }
+ if (!has_slash)
+ {
+ /* no slashes; search PATH */
+ const char* path = getenv ("PATH");
+ if (path != NULL)
+ {
+ for (p = path; *p; p = p_next)
+ {
+ const char* q;
+ size_t p_len;
+ for (q = p; *q; q++)
+ if (IS_PATH_SEPARATOR(*q))
+ break;
+ p_len = q - p;
+ p_next = (*q == '\0' ? q : q + 1);
+ if (p_len == 0)
+ {
+ /* empty path: current directory */
+ if (getcwd (tmp, LT_PATHMAX) == NULL)
+ lt_fatal ("getcwd failed");
+ tmp_len = strlen(tmp);
+ concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1);
+ memcpy (concat_name, tmp, tmp_len);
+ concat_name[tmp_len] = '/';
+ strcpy (concat_name + tmp_len + 1, wrapper);
+ }
+ else
+ {
+ concat_name = XMALLOC(char, p_len + 1 + strlen(wrapper) + 1);
+ memcpy (concat_name, p, p_len);
+ concat_name[p_len] = '/';
+ strcpy (concat_name + p_len + 1, wrapper);
+ }
+ if (check_executable(concat_name))
+ return concat_name;
+ XFREE(concat_name);
+ }
+ }
+ /* not found in PATH; assume curdir */
+ }
+ /* Relative path | not found in path: prepend cwd */
+ if (getcwd (tmp, LT_PATHMAX) == NULL)
+ lt_fatal ("getcwd failed");
+ tmp_len = strlen(tmp);
+ concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1);
+ memcpy (concat_name, tmp, tmp_len);
+ concat_name[tmp_len] = '/';
+ strcpy (concat_name + tmp_len + 1, wrapper);
+
+ if (check_executable(concat_name))
+ return concat_name;
+ XFREE(concat_name);
+ return NULL;
+}
+
+char *
+strendzap(char *str, const char *pat)
+{
+ size_t len, patlen;
+
+ assert(str != NULL);
+ assert(pat != NULL);
+
+ len = strlen(str);
+ patlen = strlen(pat);
+
+ if (patlen <= len)
+ {
+ str += len - patlen;
+ if (strcmp(str, pat) == 0)
+ *str = '\0';
+ }
+ return str;
+}
+
+static void
+lt_error_core (int exit_status, const char * mode,
+ const char * message, va_list ap)
+{
+ fprintf (stderr, "%s: %s: ", program_name, mode);
+ vfprintf (stderr, message, ap);
+ fprintf (stderr, ".\n");
+
+ if (exit_status >= 0)
+ exit (exit_status);
+}
+
+void
+lt_fatal (const char *message, ...)
+{
+ va_list ap;
+ va_start (ap, message);
+ lt_error_core (EXIT_FAILURE, "FATAL", message, ap);
+ va_end (ap);
+}
+EOF
+ # we should really use a build-platform specific compiler
+ # here, but OTOH, the wrappers (shell script and this C one)
+ # are only useful if you want to execute the "real" binary.
+ # Since the "real" binary is built for $host, then this
+ # wrapper might as well be built for $host, too.
+ $run $LTCC $LTCFLAGS -s -o $cwrapper $cwrappersource
+ ;;
+ esac
+ $rm $output
+ trap "$rm $output; exit $EXIT_FAILURE" 1 2 15
+
+ $echo > $output "\
+#! $SHELL
+
+# $output - temporary wrapper script for $objdir/$outputname
+# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+#
+# The $output program cannot be directly executed until all the libtool
+# libraries that it depends on are installed.
+#
+# This wrapper script should never be moved out of the build directory.
+# If it is, it will not operate correctly.
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='${SED} -e 1s/^X//'
+sed_quote_subst='$sed_quote_subst'
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+relink_command=\"$relink_command\"
+
+# This environment variable determines our operation mode.
+if test \"\$libtool_install_magic\" = \"$magic\"; then
+ # install mode needs the following variable:
+ notinst_deplibs='$notinst_deplibs'
+else
+ # When we are sourced in execute mode, \$file and \$echo are already set.
+ if test \"\$libtool_execute_magic\" != \"$magic\"; then
+ echo=\"$qecho\"
+ file=\"\$0\"
+ # Make sure echo works.
+ if test \"X\$1\" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+ elif test \"X\`(\$echo '\t') 2>/dev/null\`\" = 'X\t'; then
+ # Yippee, \$echo works!
+ :
+ else
+ # Restart under the correct shell, and then maybe \$echo will work.
+ exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"}
+ fi
+ fi\
+"
+ $echo >> $output "\
+
+ # Find the directory that this script lives in.
+ thisdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\`
+ test \"x\$thisdir\" = \"x\$file\" && thisdir=.
+
+ # Follow symbolic links until we get to the real thisdir.
+ file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\`
+ while test -n \"\$file\"; do
+ destdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\`
+
+ # If there was a directory component, then change thisdir.
+ if test \"x\$destdir\" != \"x\$file\"; then
+ case \"\$destdir\" in
+ [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
+ *) thisdir=\"\$thisdir/\$destdir\" ;;
+ esac
+ fi
+
+ file=\`\$echo \"X\$file\" | \$Xsed -e 's%^.*/%%'\`
+ file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\`
+ done
+
+ # Try to get the absolute directory name.
+ absdir=\`cd \"\$thisdir\" && pwd\`
+ test -n \"\$absdir\" && thisdir=\"\$absdir\"
+"
+
+ if test "$fast_install" = yes; then
+ $echo >> $output "\
+ program=lt-'$outputname'$exeext
+ progdir=\"\$thisdir/$objdir\"
+
+ if test ! -f \"\$progdir/\$program\" || \\
+ { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\
+ test \"X\$file\" != \"X\$progdir/\$program\"; }; then
+
+ file=\"\$\$-\$program\"
+
+ if test ! -d \"\$progdir\"; then
+ $mkdir \"\$progdir\"
+ else
+ $rm \"\$progdir/\$file\"
+ fi"
+
+ $echo >> $output "\
+
+ # relink executable if necessary
+ if test -n \"\$relink_command\"; then
+ if relink_command_output=\`eval \$relink_command 2>&1\`; then :
+ else
+ $echo \"\$relink_command_output\" >&2
+ $rm \"\$progdir/\$file\"
+ exit $EXIT_FAILURE
+ fi
+ fi
+
+ $mv \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
+ { $rm \"\$progdir/\$program\";
+ $mv \"\$progdir/\$file\" \"\$progdir/\$program\"; }
+ $rm \"\$progdir/\$file\"
+ fi"
+ else
+ $echo >> $output "\
+ program='$outputname'
+ progdir=\"\$thisdir/$objdir\"
+"
+ fi
+
+ $echo >> $output "\
+
+ if test -f \"\$progdir/\$program\"; then"
+
+ # Export our shlibpath_var if we have one.
+ if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+ $echo >> $output "\
+ # Add our own library path to $shlibpath_var
+ $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
+
+ # Some systems cannot cope with colon-terminated $shlibpath_var
+ # The second colon is a workaround for a bug in BeOS R4 sed
+ $shlibpath_var=\`\$echo \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\`
+
+ export $shlibpath_var
+"
+ fi
+
+ # fixup the dll searchpath if we need to.
+ if test -n "$dllsearchpath"; then
+ $echo >> $output "\
+ # Add the dll search path components to the executable PATH
+ PATH=$dllsearchpath:\$PATH
+"
+ fi
+
+ $echo >> $output "\
+ if test \"\$libtool_execute_magic\" != \"$magic\"; then
+ # Run the actual program with our arguments.
+"
+ case $host in
+ # Backslashes separate directories on plain windows
+ *-*-mingw | *-*-os2*)
+ $echo >> $output "\
+ exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
+"
+ ;;
+
+ *)
+ $echo >> $output "\
+ exec \"\$progdir/\$program\" \${1+\"\$@\"}
+"
+ ;;
+ esac
+ $echo >> $output "\
+ \$echo \"\$0: cannot exec \$program \${1+\"\$@\"}\"
+ exit $EXIT_FAILURE
+ fi
+ else
+ # The program doesn't exist.
+ \$echo \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2
+ \$echo \"This script is just a wrapper for \$program.\" 1>&2
+ $echo \"See the $PACKAGE documentation for more information.\" 1>&2
+ exit $EXIT_FAILURE
+ fi
+fi\
+"
+ chmod +x $output
+ fi
+ exit $EXIT_SUCCESS
+ ;;
+ esac
+
+ # See if we need to build an old-fashioned archive.
+ for oldlib in $oldlibs; do
+
+ if test "$build_libtool_libs" = convenience; then
+ oldobjs="$libobjs_save"
+ addlibs="$convenience"
+ build_libtool_libs=no
+ else
+ if test "$build_libtool_libs" = module; then
+ oldobjs="$libobjs_save"
+ build_libtool_libs=no
+ else
+ oldobjs="$old_deplibs $non_pic_objects"
+ fi
+ addlibs="$old_convenience"
+ fi
+
+ if test -n "$addlibs"; then
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $addlibs
+ oldobjs="$oldobjs $func_extract_archives_result"
+ fi
+
+ # Do each command in the archive commands.
+ if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then
+ cmds=$old_archive_from_new_cmds
+ else
+ # POSIX demands no paths to be encoded in archives. We have
+ # to avoid creating archives with duplicate basenames if we
+ # might have to extract them afterwards, e.g., when creating a
+ # static archive out of a convenience library, or when linking
+ # the entirety of a libtool archive into another (currently
+ # not supported by libtool).
+ if (for obj in $oldobjs
+ do
+ $echo "X$obj" | $Xsed -e 's%^.*/%%'
+ done | sort | sort -uc >/dev/null 2>&1); then
+ :
+ else
+ $echo "copying selected object files to avoid basename conflicts..."
+
+ if test -z "$gentop"; then
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ $show "${rm}r $gentop"
+ $run ${rm}r "$gentop"
+ $show "$mkdir $gentop"
+ $run $mkdir "$gentop"
+ exit_status=$?
+ if test "$exit_status" -ne 0 && test ! -d "$gentop"; then
+ exit $exit_status
+ fi
+ fi
+
+ save_oldobjs=$oldobjs
+ oldobjs=
+ counter=1
+ for obj in $save_oldobjs
+ do
+ objbase=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
+ case " $oldobjs " in
+ " ") oldobjs=$obj ;;
+ *[\ /]"$objbase "*)
+ while :; do
+ # Make sure we don't pick an alternate name that also
+ # overlaps.
+ newobj=lt$counter-$objbase
+ counter=`expr $counter + 1`
+ case " $oldobjs " in
+ *[\ /]"$newobj "*) ;;
+ *) if test ! -f "$gentop/$newobj"; then break; fi ;;
+ esac
+ done
+ $show "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
+ $run ln "$obj" "$gentop/$newobj" ||
+ $run cp "$obj" "$gentop/$newobj"
+ oldobjs="$oldobjs $gentop/$newobj"
+ ;;
+ *) oldobjs="$oldobjs $obj" ;;
+ esac
+ done
+ fi
+
+ eval cmds=\"$old_archive_cmds\"
+
+ if len=`expr "X$cmds" : ".*"` &&
+ test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ cmds=$old_archive_cmds
+ else
+ # the command line is too long to link in one step, link in parts
+ $echo "using piecewise archive linking..."
+ save_RANLIB=$RANLIB
+ RANLIB=:
+ objlist=
+ concat_cmds=
+ save_oldobjs=$oldobjs
+
+ # Is there a better way of finding the last object in the list?
+ for obj in $save_oldobjs
+ do
+ last_oldobj=$obj
+ done
+ for obj in $save_oldobjs
+ do
+ oldobjs="$objlist $obj"
+ objlist="$objlist $obj"
+ eval test_cmds=\"$old_archive_cmds\"
+ if len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
+ test "$len" -le "$max_cmd_len"; then
+ :
+ else
+ # the above command should be used before it gets too long
+ oldobjs=$objlist
+ if test "$obj" = "$last_oldobj" ; then
+ RANLIB=$save_RANLIB
+ fi
+ test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+ eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\"
+ objlist=
+ fi
+ done
+ RANLIB=$save_RANLIB
+ oldobjs=$objlist
+ if test "X$oldobjs" = "X" ; then
+ eval cmds=\"\$concat_cmds\"
+ else
+ eval cmds=\"\$concat_cmds~\$old_archive_cmds\"
+ fi
+ fi
+ fi
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ eval cmd=\"$cmd\"
+ IFS="$save_ifs"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ done
+
+ if test -n "$generated"; then
+ $show "${rm}r$generated"
+ $run ${rm}r$generated
+ fi
+
+ # Now create the libtool archive.
+ case $output in
+ *.la)
+ old_library=
+ test "$build_old_libs" = yes && old_library="$libname.$libext"
+ $show "creating $output"
+
+ # Preserve any variables that may affect compiler behavior
+ for var in $variables_saved_for_relink; do
+ if eval test -z \"\${$var+set}\"; then
+ relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command"
+ elif eval var_value=\$$var; test -z "$var_value"; then
+ relink_command="$var=; export $var; $relink_command"
+ else
+ var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"`
+ relink_command="$var=\"$var_value\"; export $var; $relink_command"
+ fi
+ done
+ # Quote the link command for shipping.
+ relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
+ relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+ if test "$hardcode_automatic" = yes ; then
+ relink_command=
+ fi
+
+
+ # Only create the output if not a dry run.
+ if test -z "$run"; then
+ for installed in no yes; do
+ if test "$installed" = yes; then
+ if test -z "$install_libdir"; then
+ break
+ fi
+ output="$output_objdir/$outputname"i
+ # Replace all uninstalled libtool libraries with the installed ones
+ newdependency_libs=
+ for deplib in $dependency_libs; do
+ case $deplib in
+ *.la)
+ name=`$echo "X$deplib" | $Xsed -e 's%^.*/%%'`
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ if test -z "$libdir"; then
+ $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ newdependency_libs="$newdependency_libs $libdir/$name"
+ ;;
+ *) newdependency_libs="$newdependency_libs $deplib" ;;
+ esac
+ done
+ dependency_libs="$newdependency_libs"
+ newdlfiles=
+ for lib in $dlfiles; do
+ name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+ if test -z "$libdir"; then
+ $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ newdlfiles="$newdlfiles $libdir/$name"
+ done
+ dlfiles="$newdlfiles"
+ newdlprefiles=
+ for lib in $dlprefiles; do
+ name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+ if test -z "$libdir"; then
+ $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ newdlprefiles="$newdlprefiles $libdir/$name"
+ done
+ dlprefiles="$newdlprefiles"
+ else
+ newdlfiles=
+ for lib in $dlfiles; do
+ case $lib in
+ [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+ *) abs=`pwd`"/$lib" ;;
+ esac
+ newdlfiles="$newdlfiles $abs"
+ done
+ dlfiles="$newdlfiles"
+ newdlprefiles=
+ for lib in $dlprefiles; do
+ case $lib in
+ [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+ *) abs=`pwd`"/$lib" ;;
+ esac
+ newdlprefiles="$newdlprefiles $abs"
+ done
+ dlprefiles="$newdlprefiles"
+ fi
+ $rm $output
+ # place dlname in correct position for cygwin
+ tdlname=$dlname
+ case $host,$output,$installed,$module,$dlname in
+ *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;;
+ esac
+ $echo > $output "\
+# $outputname - a libtool library file
+# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname='$tdlname'
+
+# Names of this library.
+library_names='$library_names'
+
+# The name of the static archive.
+old_library='$old_library'
+
+# Libraries that this one depends upon.
+dependency_libs='$dependency_libs'
+
+# Version information for $libname.
+current=$current
+age=$age
+revision=$revision
+
+# Is this an already installed library?
+installed=$installed
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=$module
+
+# Files to dlopen/dlpreopen
+dlopen='$dlfiles'
+dlpreopen='$dlprefiles'
+
+# Directory that this library needs to be installed in:
+libdir='$install_libdir'"
+ if test "$installed" = no && test "$need_relink" = yes; then
+ $echo >> $output "\
+relink_command=\"$relink_command\""
+ fi
+ done
+ fi
+
+ # Do a symbolic link so that the libtool archive can be found in
+ # LD_LIBRARY_PATH before the program is installed.
+ $show "(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)"
+ $run eval '(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)' || exit $?
+ ;;
+ esac
+ exit $EXIT_SUCCESS
+ ;;
+
+ # libtool install mode
+ install)
+ modename="$modename: install"
+
+ # There may be an optional sh(1) argument at the beginning of
+ # install_prog (especially on Windows NT).
+ if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
+ # Allow the use of GNU shtool's install command.
+ $echo "X$nonopt" | grep shtool > /dev/null; then
+ # Aesthetically quote it.
+ arg=`$echo "X$nonopt" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ install_prog="$arg "
+ arg="$1"
+ shift
+ else
+ install_prog=
+ arg=$nonopt
+ fi
+
+ # The real first argument should be the name of the installation program.
+ # Aesthetically quote it.
+ arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ install_prog="$install_prog$arg"
+
+ # We need to accept at least all the BSD install flags.
+ dest=
+ files=
+ opts=
+ prev=
+ install_type=
+ isdir=no
+ stripme=
+ for arg
+ do
+ if test -n "$dest"; then
+ files="$files $dest"
+ dest=$arg
+ continue
+ fi
+
+ case $arg in
+ -d) isdir=yes ;;
+ -f)
+ case " $install_prog " in
+ *[\\\ /]cp\ *) ;;
+ *) prev=$arg ;;
+ esac
+ ;;
+ -g | -m | -o) prev=$arg ;;
+ -s)
+ stripme=" -s"
+ continue
+ ;;
+ -*)
+ ;;
+ *)
+ # If the previous option needed an argument, then skip it.
+ if test -n "$prev"; then
+ prev=
+ else
+ dest=$arg
+ continue
+ fi
+ ;;
+ esac
+
+ # Aesthetically quote the argument.
+ arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ install_prog="$install_prog $arg"
+ done
+
+ if test -z "$install_prog"; then
+ $echo "$modename: you must specify an install program" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ if test -n "$prev"; then
+ $echo "$modename: the \`$prev' option requires an argument" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ if test -z "$files"; then
+ if test -z "$dest"; then
+ $echo "$modename: no file or destination specified" 1>&2
+ else
+ $echo "$modename: you must specify a destination" 1>&2
+ fi
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Strip any trailing slash from the destination.
+ dest=`$echo "X$dest" | $Xsed -e 's%/$%%'`
+
+ # Check to see that the destination is a directory.
+ test -d "$dest" && isdir=yes
+ if test "$isdir" = yes; then
+ destdir="$dest"
+ destname=
+ else
+ destdir=`$echo "X$dest" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$destdir" = "X$dest" && destdir=.
+ destname=`$echo "X$dest" | $Xsed -e 's%^.*/%%'`
+
+ # Not a directory, so check to see that there is only one file specified.
+ set dummy $files
+ if test "$#" -gt 2; then
+ $echo "$modename: \`$dest' is not a directory" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ fi
+ case $destdir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ for file in $files; do
+ case $file in
+ *.lo) ;;
+ *)
+ $echo "$modename: \`$destdir' must be an absolute directory name" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+ done
+ ;;
+ esac
+
+ # This variable tells wrapper scripts just to set variables rather
+ # than running their programs.
+ libtool_install_magic="$magic"
+
+ staticlibs=
+ future_libdirs=
+ current_libdirs=
+ for file in $files; do
+
+ # Do each installation.
+ case $file in
+ *.$libext)
+ # Do the static libraries later.
+ staticlibs="$staticlibs $file"
+ ;;
+
+ *.la)
+ # Check to see that this really is a libtool archive.
+ if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
+ else
+ $echo "$modename: \`$file' is not a valid libtool archive" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ library_names=
+ old_library=
+ relink_command=
+ # If there is no directory component, then add one.
+ case $file in
+ */* | *\\*) . $file ;;
+ *) . ./$file ;;
+ esac
+
+ # Add the libdir to current_libdirs if it is the destination.
+ if test "X$destdir" = "X$libdir"; then
+ case "$current_libdirs " in
+ *" $libdir "*) ;;
+ *) current_libdirs="$current_libdirs $libdir" ;;
+ esac
+ else
+ # Note the libdir as a future libdir.
+ case "$future_libdirs " in
+ *" $libdir "*) ;;
+ *) future_libdirs="$future_libdirs $libdir" ;;
+ esac
+ fi
+
+ dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`/
+ test "X$dir" = "X$file/" && dir=
+ dir="$dir$objdir"
+
+ if test -n "$relink_command"; then
+ # Determine the prefix the user has applied to our future dir.
+ inst_prefix_dir=`$echo "$destdir" | $SED "s%$libdir\$%%"`
+
+ # Don't allow the user to place us outside of our expected
+ # location b/c this prevents finding dependent libraries that
+ # are installed to the same prefix.
+ # At present, this check doesn't affect windows .dll's that
+ # are installed into $libdir/../bin (currently, that works fine)
+ # but it's something to keep an eye on.
+ if test "$inst_prefix_dir" = "$destdir"; then
+ $echo "$modename: error: cannot install \`$file' to a directory not ending in $libdir" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ if test -n "$inst_prefix_dir"; then
+ # Stick the inst_prefix_dir data into the link command.
+ relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
+ else
+ relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%%"`
+ fi
+
+ $echo "$modename: warning: relinking \`$file'" 1>&2
+ $show "$relink_command"
+ if $run eval "$relink_command"; then :
+ else
+ $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ fi
+
+ # See the names of the shared library.
+ set dummy $library_names
+ if test -n "$2"; then
+ realname="$2"
+ shift
+ shift
+
+ srcname="$realname"
+ test -n "$relink_command" && srcname="$realname"T
+
+ # Install the shared library and build the symlinks.
+ $show "$install_prog $dir/$srcname $destdir/$realname"
+ $run eval "$install_prog $dir/$srcname $destdir/$realname" || exit $?
+ if test -n "$stripme" && test -n "$striplib"; then
+ $show "$striplib $destdir/$realname"
+ $run eval "$striplib $destdir/$realname" || exit $?
+ fi
+
+ if test "$#" -gt 0; then
+ # Delete the old symlinks, and create new ones.
+ # Try `ln -sf' first, because the `ln' binary might depend on
+ # the symlink we replace! Solaris /bin/ln does not understand -f,
+ # so we also need to try rm && ln -s.
+ for linkname
+ do
+ if test "$linkname" != "$realname"; then
+ $show "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })"
+ $run eval "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })"
+ fi
+ done
+ fi
+
+ # Do each command in the postinstall commands.
+ lib="$destdir/$realname"
+ cmds=$postinstall_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || {
+ lt_exit=$?
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ $run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)'
+ fi
+
+ exit $lt_exit
+ }
+ done
+ IFS="$save_ifs"
+ fi
+
+ # Install the pseudo-library for information purposes.
+ name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+ instname="$dir/$name"i
+ $show "$install_prog $instname $destdir/$name"
+ $run eval "$install_prog $instname $destdir/$name" || exit $?
+
+ # Maybe install the static library, too.
+ test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library"
+ ;;
+
+ *.lo)
+ # Install (i.e. copy) a libtool object.
+
+ # Figure out destination file name, if it wasn't already specified.
+ if test -n "$destname"; then
+ destfile="$destdir/$destname"
+ else
+ destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+ destfile="$destdir/$destfile"
+ fi
+
+ # Deduce the name of the destination old-style object file.
+ case $destfile in
+ *.lo)
+ staticdest=`$echo "X$destfile" | $Xsed -e "$lo2o"`
+ ;;
+ *.$objext)
+ staticdest="$destfile"
+ destfile=
+ ;;
+ *)
+ $echo "$modename: cannot copy a libtool object to \`$destfile'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ # Install the libtool object if requested.
+ if test -n "$destfile"; then
+ $show "$install_prog $file $destfile"
+ $run eval "$install_prog $file $destfile" || exit $?
+ fi
+
+ # Install the old object if enabled.
+ if test "$build_old_libs" = yes; then
+ # Deduce the name of the old-style object file.
+ staticobj=`$echo "X$file" | $Xsed -e "$lo2o"`
+
+ $show "$install_prog $staticobj $staticdest"
+ $run eval "$install_prog \$staticobj \$staticdest" || exit $?
+ fi
+ exit $EXIT_SUCCESS
+ ;;
+
+ *)
+ # Figure out destination file name, if it wasn't already specified.
+ if test -n "$destname"; then
+ destfile="$destdir/$destname"
+ else
+ destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+ destfile="$destdir/$destfile"
+ fi
+
+ # If the file is missing, and there is a .exe on the end, strip it
+ # because it is most likely a libtool script we actually want to
+ # install
+ stripped_ext=""
+ case $file in
+ *.exe)
+ if test ! -f "$file"; then
+ file=`$echo $file|${SED} 's,.exe$,,'`
+ stripped_ext=".exe"
+ fi
+ ;;
+ esac
+
+ # Do a test to see if this is really a libtool program.
+ case $host in
+ *cygwin*|*mingw*)
+ wrapper=`$echo $file | ${SED} -e 's,.exe$,,'`
+ ;;
+ *)
+ wrapper=$file
+ ;;
+ esac
+ if (${SED} -e '4q' $wrapper | grep "^# Generated by .*$PACKAGE")>/dev/null 2>&1; then
+ notinst_deplibs=
+ relink_command=
+
+ # Note that it is not necessary on cygwin/mingw to append a dot to
+ # foo even if both foo and FILE.exe exist: automatic-append-.exe
+ # behavior happens only for exec(3), not for open(2)! Also, sourcing
+ # `FILE.' does not work on cygwin managed mounts.
+ #
+ # If there is no directory component, then add one.
+ case $wrapper in
+ */* | *\\*) . ${wrapper} ;;
+ *) . ./${wrapper} ;;
+ esac
+
+ # Check the variables that should have been set.
+ if test -z "$notinst_deplibs"; then
+ $echo "$modename: invalid libtool wrapper script \`$wrapper'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ finalize=yes
+ for lib in $notinst_deplibs; do
+ # Check to see that each library is installed.
+ libdir=
+ if test -f "$lib"; then
+ # If there is no directory component, then add one.
+ case $lib in
+ */* | *\\*) . $lib ;;
+ *) . ./$lib ;;
+ esac
+ fi
+ libfile="$libdir/"`$echo "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test
+ if test -n "$libdir" && test ! -f "$libfile"; then
+ $echo "$modename: warning: \`$lib' has not been installed in \`$libdir'" 1>&2
+ finalize=no
+ fi
+ done
+
+ relink_command=
+ # Note that it is not necessary on cygwin/mingw to append a dot to
+ # foo even if both foo and FILE.exe exist: automatic-append-.exe
+ # behavior happens only for exec(3), not for open(2)! Also, sourcing
+ # `FILE.' does not work on cygwin managed mounts.
+ #
+ # If there is no directory component, then add one.
+ case $wrapper in
+ */* | *\\*) . ${wrapper} ;;
+ *) . ./${wrapper} ;;
+ esac
+
+ outputname=
+ if test "$fast_install" = no && test -n "$relink_command"; then
+ if test "$finalize" = yes && test -z "$run"; then
+ tmpdir=`func_mktempdir`
+ file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'`
+ outputname="$tmpdir/$file"
+ # Replace the output file specification.
+ relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
+
+ $show "$relink_command"
+ if $run eval "$relink_command"; then :
+ else
+ $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2
+ ${rm}r "$tmpdir"
+ continue
+ fi
+ file="$outputname"
+ else
+ $echo "$modename: warning: cannot relink \`$file'" 1>&2
+ fi
+ else
+ # Install the binary that we compiled earlier.
+ file=`$echo "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
+ fi
+ fi
+
+ # remove .exe since cygwin /usr/bin/install will append another
+ # one anyway
+ case $install_prog,$host in
+ */usr/bin/install*,*cygwin*)
+ case $file:$destfile in
+ *.exe:*.exe)
+ # this is ok
+ ;;
+ *.exe:*)
+ destfile=$destfile.exe
+ ;;
+ *:*.exe)
+ destfile=`$echo $destfile | ${SED} -e 's,.exe$,,'`
+ ;;
+ esac
+ ;;
+ esac
+ $show "$install_prog$stripme $file $destfile"
+ $run eval "$install_prog\$stripme \$file \$destfile" || exit $?
+ test -n "$outputname" && ${rm}r "$tmpdir"
+ ;;
+ esac
+ done
+
+ for file in $staticlibs; do
+ name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+
+ # Set up the ranlib parameters.
+ oldlib="$destdir/$name"
+
+ $show "$install_prog $file $oldlib"
+ $run eval "$install_prog \$file \$oldlib" || exit $?
+
+ if test -n "$stripme" && test -n "$old_striplib"; then
+ $show "$old_striplib $oldlib"
+ $run eval "$old_striplib $oldlib" || exit $?
+ fi
+
+ # Do each command in the postinstall commands.
+ cmds=$old_postinstall_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ done
+
+ if test -n "$future_libdirs"; then
+ $echo "$modename: warning: remember to run \`$progname --finish$future_libdirs'" 1>&2
+ fi
+
+ if test -n "$current_libdirs"; then
+ # Maybe just do a dry run.
+ test -n "$run" && current_libdirs=" -n$current_libdirs"
+ exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs'
+ else
+ exit $EXIT_SUCCESS
+ fi
+ ;;
+
+ # libtool finish mode
+ finish)
+ modename="$modename: finish"
+ libdirs="$nonopt"
+ admincmds=
+
+ if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
+ for dir
+ do
+ libdirs="$libdirs $dir"
+ done
+
+ for libdir in $libdirs; do
+ if test -n "$finish_cmds"; then
+ # Do each command in the finish commands.
+ cmds=$finish_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || admincmds="$admincmds
+ $cmd"
+ done
+ IFS="$save_ifs"
+ fi
+ if test -n "$finish_eval"; then
+ # Do the single finish_eval.
+ eval cmds=\"$finish_eval\"
+ $run eval "$cmds" || admincmds="$admincmds
+ $cmds"
+ fi
+ done
+ fi
+
+ # Exit here if they wanted silent mode.
+ test "$show" = : && exit $EXIT_SUCCESS
+
+ $echo "X----------------------------------------------------------------------" | $Xsed
+ $echo "Libraries have been installed in:"
+ for libdir in $libdirs; do
+ $echo " $libdir"
+ done
+ $echo
+ $echo "If you ever happen to want to link against installed libraries"
+ $echo "in a given directory, LIBDIR, you must either use libtool, and"
+ $echo "specify the full pathname of the library, or use the \`-LLIBDIR'"
+ $echo "flag during linking and do at least one of the following:"
+ if test -n "$shlibpath_var"; then
+ $echo " - add LIBDIR to the \`$shlibpath_var' environment variable"
+ $echo " during execution"
+ fi
+ if test -n "$runpath_var"; then
+ $echo " - add LIBDIR to the \`$runpath_var' environment variable"
+ $echo " during linking"
+ fi
+ if test -n "$hardcode_libdir_flag_spec"; then
+ libdir=LIBDIR
+ eval flag=\"$hardcode_libdir_flag_spec\"
+
+ $echo " - use the \`$flag' linker flag"
+ fi
+ if test -n "$admincmds"; then
+ $echo " - have your system administrator run these commands:$admincmds"
+ fi
+ if test -f /etc/ld.so.conf; then
+ $echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
+ fi
+ $echo
+ $echo "See any operating system documentation about shared libraries for"
+ $echo "more information, such as the ld(1) and ld.so(8) manual pages."
+ $echo "X----------------------------------------------------------------------" | $Xsed
+ exit $EXIT_SUCCESS
+ ;;
+
+ # libtool execute mode
+ execute)
+ modename="$modename: execute"
+
+ # The first argument is the command name.
+ cmd="$nonopt"
+ if test -z "$cmd"; then
+ $echo "$modename: you must specify a COMMAND" 1>&2
+ $echo "$help"
+ exit $EXIT_FAILURE
+ fi
+
+ # Handle -dlopen flags immediately.
+ for file in $execute_dlfiles; do
+ if test ! -f "$file"; then
+ $echo "$modename: \`$file' is not a file" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ dir=
+ case $file in
+ *.la)
+ # Check to see that this really is a libtool archive.
+ if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
+ else
+ $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Read the libtool library.
+ dlname=
+ library_names=
+
+ # If there is no directory component, then add one.
+ case $file in
+ */* | *\\*) . $file ;;
+ *) . ./$file ;;
+ esac
+
+ # Skip this library if it cannot be dlopened.
+ if test -z "$dlname"; then
+ # Warn if it was a shared library.
+ test -n "$library_names" && $echo "$modename: warning: \`$file' was not linked with \`-export-dynamic'"
+ continue
+ fi
+
+ dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$dir" = "X$file" && dir=.
+
+ if test -f "$dir/$objdir/$dlname"; then
+ dir="$dir/$objdir"
+ else
+ $echo "$modename: cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ ;;
+
+ *.lo)
+ # Just add the directory containing the .lo file.
+ dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$dir" = "X$file" && dir=.
+ ;;
+
+ *)
+ $echo "$modename: warning \`-dlopen' is ignored for non-libtool libraries and objects" 1>&2
+ continue
+ ;;
+ esac
+
+ # Get the absolute pathname.
+ absdir=`cd "$dir" && pwd`
+ test -n "$absdir" && dir="$absdir"
+
+ # Now add the directory to shlibpath_var.
+ if eval "test -z \"\$$shlibpath_var\""; then
+ eval "$shlibpath_var=\"\$dir\""
+ else
+ eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
+ fi
+ done
+
+ # This variable tells wrapper scripts just to set shlibpath_var
+ # rather than running their programs.
+ libtool_execute_magic="$magic"
+
+ # Check if any of the arguments is a wrapper script.
+ args=
+ for file
+ do
+ case $file in
+ -*) ;;
+ *)
+ # Do a test to see if this is really a libtool program.
+ if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ # If there is no directory component, then add one.
+ case $file in
+ */* | *\\*) . $file ;;
+ *) . ./$file ;;
+ esac
+
+ # Transform arg to wrapped name.
+ file="$progdir/$program"
+ fi
+ ;;
+ esac
+ # Quote arguments (to preserve shell metacharacters).
+ file=`$echo "X$file" | $Xsed -e "$sed_quote_subst"`
+ args="$args \"$file\""
+ done
+
+ if test -z "$run"; then
+ if test -n "$shlibpath_var"; then
+ # Export the shlibpath_var.
+ eval "export $shlibpath_var"
+ fi
+
+ # Restore saved environment variables
+ if test "${save_LC_ALL+set}" = set; then
+ LC_ALL="$save_LC_ALL"; export LC_ALL
+ fi
+ if test "${save_LANG+set}" = set; then
+ LANG="$save_LANG"; export LANG
+ fi
+
+ # Now prepare to actually exec the command.
+ exec_cmd="\$cmd$args"
+ else
+ # Display what would be done.
+ if test -n "$shlibpath_var"; then
+ eval "\$echo \"\$shlibpath_var=\$$shlibpath_var\""
+ $echo "export $shlibpath_var"
+ fi
+ $echo "$cmd$args"
+ exit $EXIT_SUCCESS
+ fi
+ ;;
+
+ # libtool clean and uninstall mode
+ clean | uninstall)
+ modename="$modename: $mode"
+ rm="$nonopt"
+ files=
+ rmforce=
+ exit_status=0
+
+ # This variable tells wrapper scripts just to set variables rather
+ # than running their programs.
+ libtool_install_magic="$magic"
+
+ for arg
+ do
+ case $arg in
+ -f) rm="$rm $arg"; rmforce=yes ;;
+ -*) rm="$rm $arg" ;;
+ *) files="$files $arg" ;;
+ esac
+ done
+
+ if test -z "$rm"; then
+ $echo "$modename: you must specify an RM program" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ rmdirs=
+
+ origobjdir="$objdir"
+ for file in $files; do
+ dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$dir" = "X$file"; then
+ dir=.
+ objdir="$origobjdir"
+ else
+ objdir="$dir/$origobjdir"
+ fi
+ name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+ test "$mode" = uninstall && objdir="$dir"
+
+ # Remember objdir for removal later, being careful to avoid duplicates
+ if test "$mode" = clean; then
+ case " $rmdirs " in
+ *" $objdir "*) ;;
+ *) rmdirs="$rmdirs $objdir" ;;
+ esac
+ fi
+
+ # Don't error if the file doesn't exist and rm -f was used.
+ if (test -L "$file") >/dev/null 2>&1 \
+ || (test -h "$file") >/dev/null 2>&1 \
+ || test -f "$file"; then
+ :
+ elif test -d "$file"; then
+ exit_status=1
+ continue
+ elif test "$rmforce" = yes; then
+ continue
+ fi
+
+ rmfiles="$file"
+
+ case $name in
+ *.la)
+ # Possibly a libtool archive, so verify it.
+ if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ . $dir/$name
+
+ # Delete the libtool libraries and symlinks.
+ for n in $library_names; do
+ rmfiles="$rmfiles $objdir/$n"
+ done
+ test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library"
+
+ case "$mode" in
+ clean)
+ case " $library_names " in
+ # " " in the beginning catches empty $dlname
+ *" $dlname "*) ;;
+ *) rmfiles="$rmfiles $objdir/$dlname" ;;
+ esac
+ test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i"
+ ;;
+ uninstall)
+ if test -n "$library_names"; then
+ # Do each command in the postuninstall commands.
+ cmds=$postuninstall_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd"
+ if test "$?" -ne 0 && test "$rmforce" != yes; then
+ exit_status=1
+ fi
+ done
+ IFS="$save_ifs"
+ fi
+
+ if test -n "$old_library"; then
+ # Do each command in the old_postuninstall commands.
+ cmds=$old_postuninstall_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd"
+ if test "$?" -ne 0 && test "$rmforce" != yes; then
+ exit_status=1
+ fi
+ done
+ IFS="$save_ifs"
+ fi
+ # FIXME: should reinstall the best remaining shared library.
+ ;;
+ esac
+ fi
+ ;;
+
+ *.lo)
+ # Possibly a libtool object, so verify it.
+ if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+
+ # Read the .lo file
+ . $dir/$name
+
+ # Add PIC object to the list of files to remove.
+ if test -n "$pic_object" \
+ && test "$pic_object" != none; then
+ rmfiles="$rmfiles $dir/$pic_object"
+ fi
+
+ # Add non-PIC object to the list of files to remove.
+ if test -n "$non_pic_object" \
+ && test "$non_pic_object" != none; then
+ rmfiles="$rmfiles $dir/$non_pic_object"
+ fi
+ fi
+ ;;
+
+ *)
+ if test "$mode" = clean ; then
+ noexename=$name
+ case $file in
+ *.exe)
+ file=`$echo $file|${SED} 's,.exe$,,'`
+ noexename=`$echo $name|${SED} 's,.exe$,,'`
+ # $file with .exe has already been added to rmfiles,
+ # add $file without .exe
+ rmfiles="$rmfiles $file"
+ ;;
+ esac
+ # Do a test to see if this is a libtool program.
+ if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ relink_command=
+ . $dir/$noexename
+
+ # note $name still contains .exe if it was in $file originally
+ # as does the version of $file that was added into $rmfiles
+ rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}"
+ if test "$fast_install" = yes && test -n "$relink_command"; then
+ rmfiles="$rmfiles $objdir/lt-$name"
+ fi
+ if test "X$noexename" != "X$name" ; then
+ rmfiles="$rmfiles $objdir/lt-${noexename}.c"
+ fi
+ fi
+ fi
+ ;;
+ esac
+ $show "$rm $rmfiles"
+ $run $rm $rmfiles || exit_status=1
+ done
+ objdir="$origobjdir"
+
+ # Try to remove the ${objdir}s in the directories where we deleted files
+ for dir in $rmdirs; do
+ if test -d "$dir"; then
+ $show "rmdir $dir"
+ $run rmdir $dir >/dev/null 2>&1
+ fi
+ done
+
+ exit $exit_status
+ ;;
+
+ "")
+ $echo "$modename: you must specify a MODE" 1>&2
+ $echo "$generic_help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ if test -z "$exec_cmd"; then
+ $echo "$modename: invalid operation mode \`$mode'" 1>&2
+ $echo "$generic_help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+fi # test -z "$show_help"
+
+if test -n "$exec_cmd"; then
+ eval exec $exec_cmd
+ exit $EXIT_FAILURE
+fi
+
+# We need to display help for each of the modes.
+case $mode in
+"") $echo \
+"Usage: $modename [OPTION]... [MODE-ARG]...
+
+Provide generalized library-building support services.
+
+ --config show all configuration variables
+ --debug enable verbose shell tracing
+-n, --dry-run display commands without modifying any files
+ --features display basic configuration information and exit
+ --finish same as \`--mode=finish'
+ --help display this help message and exit
+ --mode=MODE use operation mode MODE [default=inferred from MODE-ARGS]
+ --quiet same as \`--silent'
+ --silent don't print informational messages
+ --tag=TAG use configuration variables from tag TAG
+ --version print version information
+
+MODE must be one of the following:
+
+ clean remove files from the build directory
+ compile compile a source file into a libtool object
+ execute automatically set library path, then run a program
+ finish complete the installation of libtool libraries
+ install install libraries or executables
+ link create a library or an executable
+ uninstall remove libraries from an installed directory
+
+MODE-ARGS vary depending on the MODE. Try \`$modename --help --mode=MODE' for
+a more detailed description of MODE.
+
+Report bugs to <bug-libtool at gnu.org>."
+ exit $EXIT_SUCCESS
+ ;;
+
+clean)
+ $echo \
+"Usage: $modename [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
+
+Remove files from the build directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, object or program, all the files associated
+with it are deleted. Otherwise, only FILE itself is deleted using RM."
+ ;;
+
+compile)
+ $echo \
+"Usage: $modename [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
+
+Compile a source file into a libtool library object.
+
+This mode accepts the following additional options:
+
+ -o OUTPUT-FILE set the output file name to OUTPUT-FILE
+ -prefer-pic try to building PIC objects only
+ -prefer-non-pic try to building non-PIC objects only
+ -static always build a \`.o' file suitable for static linking
+
+COMPILE-COMMAND is a command to be used in creating a \`standard' object file
+from the given SOURCEFILE.
+
+The output file name is determined by removing the directory component from
+SOURCEFILE, then substituting the C source code suffix \`.c' with the
+library object suffix, \`.lo'."
+ ;;
+
+execute)
+ $echo \
+"Usage: $modename [OPTION]... --mode=execute COMMAND [ARGS]...
+
+Automatically set library path, then run a program.
+
+This mode accepts the following additional options:
+
+ -dlopen FILE add the directory containing FILE to the library path
+
+This mode sets the library path environment variable according to \`-dlopen'
+flags.
+
+If any of the ARGS are libtool executable wrappers, then they are translated
+into their corresponding uninstalled binary, and any of their required library
+directories are added to the library path.
+
+Then, COMMAND is executed, with ARGS as arguments."
+ ;;
+
+finish)
+ $echo \
+"Usage: $modename [OPTION]... --mode=finish [LIBDIR]...
+
+Complete the installation of libtool libraries.
+
+Each LIBDIR is a directory that contains libtool libraries.
+
+The commands that this mode executes may require superuser privileges. Use
+the \`--dry-run' option if you just want to see what would be executed."
+ ;;
+
+install)
+ $echo \
+"Usage: $modename [OPTION]... --mode=install INSTALL-COMMAND...
+
+Install executables or libraries.
+
+INSTALL-COMMAND is the installation command. The first component should be
+either the \`install' or \`cp' program.
+
+The rest of the components are interpreted as arguments to that command (only
+BSD-compatible install options are recognized)."
+ ;;
+
+link)
+ $echo \
+"Usage: $modename [OPTION]... --mode=link LINK-COMMAND...
+
+Link object files or libraries together to form another library, or to
+create an executable program.
+
+LINK-COMMAND is a command using the C compiler that you would use to create
+a program from several object files.
+
+The following components of LINK-COMMAND are treated specially:
+
+ -all-static do not do any dynamic linking at all
+ -avoid-version do not add a version suffix if possible
+ -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime
+ -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols
+ -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
+ -export-symbols SYMFILE
+ try to export only the symbols listed in SYMFILE
+ -export-symbols-regex REGEX
+ try to export only the symbols matching REGEX
+ -LLIBDIR search LIBDIR for required installed libraries
+ -lNAME OUTPUT-FILE requires the installed library libNAME
+ -module build a library that can dlopened
+ -no-fast-install disable the fast-install mode
+ -no-install link a not-installable executable
+ -no-undefined declare that a library does not refer to external symbols
+ -o OUTPUT-FILE create OUTPUT-FILE from the specified objects
+ -objectlist FILE Use a list of object files found in FILE to specify objects
+ -precious-files-regex REGEX
+ don't remove output files matching REGEX
+ -release RELEASE specify package release information
+ -rpath LIBDIR the created library will eventually be installed in LIBDIR
+ -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries
+ -static do not do any dynamic linking of libtool libraries
+ -version-info CURRENT[:REVISION[:AGE]]
+ specify library version info [each variable defaults to 0]
+
+All other options (arguments beginning with \`-') are ignored.
+
+Every other argument is treated as a filename. Files ending in \`.la' are
+treated as uninstalled libtool libraries, other files are standard or library
+object files.
+
+If the OUTPUT-FILE ends in \`.la', then a libtool library is created,
+only library objects (\`.lo' files) may be specified, and \`-rpath' is
+required, except when creating a convenience library.
+
+If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created
+using \`ar' and \`ranlib', or on Windows using \`lib'.
+
+If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file
+is created, otherwise an executable program is created."
+ ;;
+
+uninstall)
+ $echo \
+"Usage: $modename [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
+
+Remove libraries from an installation directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, all the files associated with it are deleted.
+Otherwise, only FILE itself is deleted using RM."
+ ;;
+
+*)
+ $echo "$modename: invalid operation mode \`$mode'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+esac
+
+$echo
+$echo "Try \`$modename --help' for more information about other modes."
+
+exit $?
+
+# The TAGs below are defined such that we never get into a situation
+# in which we disable both kinds of libraries. Given conflicting
+# choices, we go for a static library, that is the most portable,
+# since we can't tell whether shared libraries were disabled because
+# the user asked for that or because the platform doesn't support
+# them. This is particularly important on AIX, because we don't
+# support having both static and shared libraries enabled at the same
+# time on that platform, so we default to a shared-only configuration.
+# If a disable-shared tag is given, we'll fallback to a static-only
+# configuration. But we'll never go from static-only to shared-only.
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-shared
+disable_libs=shared
+# ### END LIBTOOL TAG CONFIG: disable-shared
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-static
+disable_libs=static
+# ### END LIBTOOL TAG CONFIG: disable-static
+
+# Local Variables:
+# mode:shell-script
+# sh-indentation:2
+# End:
Property changes on: openldap/vendor/openldap-2.3.35/build/ltmain.sh
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/build/man.mk
===================================================================
--- openldap/vendor/openldap-2.3.35/build/man.mk (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/man.mk 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,57 @@
+# $OpenLDAP: pkg/ldap/build/man.mk,v 1.27.2.8 2007/01/02 23:42:47 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##---------------------------------------------------------------------------
+#
+# Makefile Template for Manual Pages
+#
+
+MANDIR=$(mandir)/man$(MANSECT)
+TMP_SUFFIX=tmp
+
+all-common:
+ PAGES=`cd $(srcdir); echo *.$(MANSECT)`; \
+ for page in $$PAGES; do \
+ $(SED) -e "s%LDVERSION%$(VERSION)%" \
+ -e 's%ETCDIR%$(sysconfdir)%' \
+ -e 's%LOCALSTATEDIR%$(localstatedir)%' \
+ -e 's%SYSCONFDIR%$(sysconfdir)%' \
+ -e 's%DATADIR%$(datadir)%' \
+ -e 's%SBINDIR%$(sbindir)%' \
+ -e 's%BINDIR%$(bindir)%' \
+ -e 's%LIBDIR%$(libdir)%' \
+ -e 's%LIBEXECDIR%$(libexecdir)%' \
+ -e 's%RELEASEDATE%$(RELEASEDATE)%' \
+ $(srcdir)/$$page > $$page.$(TMP_SUFFIX); \
+ done
+
+install-common:
+ -$(MKDIR) $(DESTDIR)$(MANDIR)
+ PAGES=`cd $(srcdir); echo *.$(MANSECT)`; \
+ for page in $$PAGES; do \
+ echo "installing $$page in $(DESTDIR)$(MANDIR)"; \
+ $(RM) $(DESTDIR)$(MANDIR)/$$page; \
+ $(INSTALL) $(INSTALLFLAGS) -m 644 $$page.$(TMP_SUFFIX) $(DESTDIR)$(MANDIR)/$$page; \
+ if test -f "$(srcdir)/$$page.links" ; then \
+ for link in `$(CAT) $(srcdir)/$$page.links`; do \
+ echo "installing $$link in $(DESTDIR)$(MANDIR) as link to $$page"; \
+ $(RM) $(DESTDIR)$(MANDIR)/$$link ; \
+ $(LN_S) $(DESTDIR)$(MANDIR)/$$page $(DESTDIR)$(MANDIR)/$$link; \
+ done; \
+ fi; \
+ done
+
+clean-common: FORCE
+ $(RM) *.tmp all-common
+
+Makefile: $(top_srcdir)/build/man.mk
Added: openldap/vendor/openldap-2.3.35/build/missing
===================================================================
--- openldap/vendor/openldap-2.3.35/build/missing (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/missing 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,373 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard at iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is distributed with OpenLDAP Software, which contains a
+# configuration script generated by Autoconf, and is distributable
+# under the same distributions terms as OpenLDAP itself.
+
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+##
+
+if test $# -eq 0; then
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+fi
+
+run=:
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+ configure_ac=configure.ac
+else
+ configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case "$1" in
+--run)
+ # Try to run requested program, and just exit if it succeeds.
+ run=
+ shift
+ "$@" && exit 0
+ # Exit code 63 means version mismatch. This often happens
+ # when the user try to use an ancient version of a tool on
+ # a file that requires a minimum version. In this case we
+ # we should proceed has if the program had been absent, or
+ # if --run hadn't been passed.
+ if test $? = 63; then
+ run=:
+ msg="probably too old"
+ fi
+ ;;
+
+ -h|--h|--he|--hel|--help)
+ echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+ -h, --help display this help and exit
+ -v, --version output version information and exit
+ --run try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+ aclocal touch file \`aclocal.m4'
+ autoconf touch file \`configure'
+ autoheader touch file \`config.h.in'
+ automake touch all \`Makefile.in' files
+ bison create \`y.tab.[ch]', if possible, from existing .[ch]
+ flex create \`lex.yy.c', if possible, from existing .c
+ help2man touch the output file
+ lex create \`lex.yy.c', if possible, from existing .c
+ makeinfo touch the output file
+ tar try tar, gnutar, gtar, then tar without non-portable flags
+ yacc create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Send bug reports to <bug-automake at gnu.org>."
+ exit $?
+ ;;
+
+ -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+ echo "missing $scriptversion (GNU Automake)"
+ exit $?
+ ;;
+
+ -*)
+ echo 1>&2 "$0: Unknown \`$1' option"
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+ ;;
+
+esac
+
+# Now exit if we have it, but it failed. Also exit now if we
+# don't have it and --version was passed (most likely to detect
+# the program).
+case "$1" in
+ lex|yacc)
+ # Not GNU programs, they don't have --version.
+ ;;
+
+ tar)
+ if test -n "$run"; then
+ echo 1>&2 "ERROR: \`tar' requires --run"
+ exit 1
+ elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+ exit 1
+ fi
+ ;;
+
+ *)
+ if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+ # We have it, but it failed.
+ exit 1
+ elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+ # Could not run --version or --help. This is probably someone
+ # running `$TOOL --version' or `$TOOL --help' to check whether
+ # $TOOL exists and not knowing $TOOL uses missing.
+ exit 1
+ fi
+ ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case "$1" in
+ aclocal*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`acinclude.m4' or \`${configure_ac}'. You might want
+ to install the \`Automake' and \`Perl' packages. Grab them from
+ any GNU archive site."
+ touch aclocal.m4
+ ;;
+
+ autoconf)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`${configure_ac}'. You might want to install the
+ \`Autoconf' and \`GNU m4' packages. Grab them from any GNU
+ archive site."
+ touch configure
+ ;;
+
+ autoheader)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`acconfig.h' or \`${configure_ac}'. You might want
+ to install the \`Autoconf' and \`GNU m4' packages. Grab them
+ from any GNU archive site."
+ files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+ test -z "$files" && files="config.h"
+ touch_files=
+ for f in $files; do
+ case "$f" in
+ *:*) touch_files="$touch_files "`echo "$f" |
+ sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+ *) touch_files="$touch_files $f.in";;
+ esac
+ done
+ touch $touch_files
+ ;;
+
+ automake*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+ You might want to install the \`Automake' and \`Perl' packages.
+ Grab them from any GNU archive site."
+ find . -type f -name Makefile.am -print |
+ sed 's/\.am$/.in/' |
+ while read f; do touch "$f"; done
+ ;;
+
+ autom4te)
+ echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+ You might have modified some files without having the
+ proper tools for further handling them.
+ You can get \`$1' as part of \`Autoconf' from any GNU
+ archive site."
+
+ file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'`
+ test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'`
+ if test -f "$file"; then
+ touch $file
+ else
+ test -z "$file" || exec >$file
+ echo "#! /bin/sh"
+ echo "# Created by GNU Automake missing as a replacement of"
+ echo "# $ $@"
+ echo "exit 0"
+ chmod +x $file
+ exit 1
+ fi
+ ;;
+
+ bison|yacc)
+ echo 1>&2 "\
+WARNING: \`$1' $msg. You should only need it if
+ you modified a \`.y' file. You may need the \`Bison' package
+ in order for those modifications to take effect. You can get
+ \`Bison' from any GNU archive site."
+ rm -f y.tab.c y.tab.h
+ if [ $# -ne 1 ]; then
+ eval LASTARG="\${$#}"
+ case "$LASTARG" in
+ *.y)
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+ if [ -f "$SRCFILE" ]; then
+ cp "$SRCFILE" y.tab.c
+ fi
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+ if [ -f "$SRCFILE" ]; then
+ cp "$SRCFILE" y.tab.h
+ fi
+ ;;
+ esac
+ fi
+ if [ ! -f y.tab.h ]; then
+ echo >y.tab.h
+ fi
+ if [ ! -f y.tab.c ]; then
+ echo 'main() { return 0; }' >y.tab.c
+ fi
+ ;;
+
+ lex|flex)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a \`.l' file. You may need the \`Flex' package
+ in order for those modifications to take effect. You can get
+ \`Flex' from any GNU archive site."
+ rm -f lex.yy.c
+ if [ $# -ne 1 ]; then
+ eval LASTARG="\${$#}"
+ case "$LASTARG" in
+ *.l)
+ SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+ if [ -f "$SRCFILE" ]; then
+ cp "$SRCFILE" lex.yy.c
+ fi
+ ;;
+ esac
+ fi
+ if [ ! -f lex.yy.c ]; then
+ echo 'main() { return 0; }' >lex.yy.c
+ fi
+ ;;
+
+ help2man)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a dependency of a manual page. You may need the
+ \`Help2man' package in order for those modifications to take
+ effect. You can get \`Help2man' from any GNU archive site."
+
+ file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
+ if test -z "$file"; then
+ file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'`
+ fi
+ if [ -f "$file" ]; then
+ touch $file
+ else
+ test -z "$file" || exec >$file
+ echo ".ab help2man is required to generate this page"
+ exit 1
+ fi
+ ;;
+
+ makeinfo)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a \`.texi' or \`.texinfo' file, or any other file
+ indirectly affecting the aspect of the manual. The spurious
+ call might also be the consequence of using a buggy \`make' (AIX,
+ DU, IRIX). You might want to install the \`Texinfo' package or
+ the \`GNU make' package. Grab either from any GNU archive site."
+ # The file to touch is that specified with -o ...
+ file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
+ if test -z "$file"; then
+ # ... or it is the one specified with @setfilename ...
+ infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+ file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $infile`
+ # ... or it is derived from the source name (dir/f.texi becomes f.info)
+ test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
+ fi
+ # If the file does not exist, the user really needs makeinfo;
+ # let's fail without touching anything.
+ test -f $file || exit 1
+ touch $file
+ ;;
+
+ tar)
+ shift
+
+ # We have already tried tar in the generic part.
+ # Look for gnutar/gtar before invocation to avoid ugly error
+ # messages.
+ if (gnutar --version > /dev/null 2>&1); then
+ gnutar "$@" && exit 0
+ fi
+ if (gtar --version > /dev/null 2>&1); then
+ gtar "$@" && exit 0
+ fi
+ firstarg="$1"
+ if shift; then
+ case "$firstarg" in
+ *o*)
+ firstarg=`echo "$firstarg" | sed s/o//`
+ tar "$firstarg" "$@" && exit 0
+ ;;
+ esac
+ case "$firstarg" in
+ *h*)
+ firstarg=`echo "$firstarg" | sed s/h//`
+ tar "$firstarg" "$@" && exit 0
+ ;;
+ esac
+ fi
+
+ echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+ You may want to install GNU tar or Free paxutils, or check the
+ command line arguments."
+ exit 1
+ ;;
+
+ *)
+ echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+ You might have modified some files without having the
+ proper tools for further handling them. Check the \`README' file,
+ it often tells you about the needed prerequisites for installing
+ this package. You may also peek at any GNU archive site, in case
+ some other package would contain this missing \`$1' program."
+ exit 1
+ ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
Property changes on: openldap/vendor/openldap-2.3.35/build/missing
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/build/mkdep
===================================================================
--- openldap/vendor/openldap-2.3.35/build/mkdep (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/mkdep 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,223 @@
+#! /bin/sh -
+# $OpenLDAP: pkg/ldap/build/mkdep,v 1.29.2.4 2007/01/02 21:43:41 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (c) 1987 Regents of the University of California.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms are permitted
+## provided that the above copyright notice and this paragraph are
+## duplicated in all such forms and that any documentation,
+## advertising materials, and other materials related to such
+## distribution and use acknowledge that the software was developed
+## by the University of California, Berkeley. The name of the
+## University may not be used to endorse or promote products derived
+## from this software without specific prior written permission.
+## THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+## IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+## WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+#
+# @(#)mkdep.sh 5.12 (Berkeley) 6/30/88
+#
+# We now use whatever path is already set by the invoker
+#PATH=/bin:/usr/bin:/usr/ucb
+#export PATH
+
+set -e # exit immediately if any errors occur
+
+MAKE=Makefile # default makefile name is "Makefile"
+NOSLASH="no" # by default, / dependencies are included
+SRCDIR=""
+SED=cat
+
+: ${CC=cc} # use cc by default
+
+# We generally set these via the command line options
+: ${MKDEP_CC=$CC} # select default compiler to generate dependencies
+: ${MKDEP_CFLAGS="-M"} # cc -M usually produces dependencies
+
+while :
+ do case "$1" in
+ # the -s flag removes dependencies to files that begin with /
+ -s)
+ NOSLASH=yes;
+ shift ;;
+
+ # -f allows you to select a makefile name
+ -f)
+ MAKE=$2
+ shift; shift ;;
+
+ # -d allows you to select a VPATH directory
+ -d)
+ SRCDIR=$2
+ shift; shift ;;
+
+ # -c allows you to override the compiler used to generate dependencies
+ -c)
+ MKDEP_CC=$2
+ shift; shift ;;
+
+ # -m allows you to override the compiler flags used to generate
+ # dependencies.
+ -m)
+ MKDEP_CFLAGS=$2
+ shift; shift ;;
+
+ # the -p flag produces "program: program.c" style dependencies
+ # so .o's don't get produced
+ -p)
+ SED='sed -e s;\.o;;'
+ shift ;;
+
+ # the -l flag produces libtool compatible dependencies
+ -l)
+ SED='sed -e s;\.o:;.lo:;'
+ shift ;;
+
+# -*) shift ;;
+
+ *)
+ break ;;
+ esac
+done
+
+if test $# = 0 ; then
+ echo 'usage: mkdep [-p] [-s] [-c cc] [-m flags] [-f makefile] [-d srcdir] [cppflags] file ...'
+ exit 1
+fi
+
+if test ! -w $MAKE ; then
+ echo "mkdep: no writeable file \"$MAKE\""
+ exit 1
+fi
+
+TMP=/tmp/mkdep$$
+
+trap 'rm -f $TMP.sed $TMP ; exit 1' 1 2 3 13 15
+
+cp $MAKE ${MAKE}.bak
+
+sed -e '/DO NOT DELETE THIS LINE/,$d' < $MAKE > $TMP
+
+cat << _EOF_ >> $TMP
+# DO NOT DELETE THIS LINE -- mkdep uses it.
+# DO NOT PUT ANYTHING AFTER THIS LINE, IT WILL GO AWAY.
+
+_EOF_
+
+# If your compiler doesn't have -M, you may be able to use -E instead.
+# The preprocessor must generate lines of the form
+# #.* [0-9]* "dependent file" .*
+# This script will parse out the "dependent file"s to generate the
+# dependency list.
+
+if test "x$SRCDIR" = "x" ; then
+ files=$*
+else
+ files=
+ for i in $* ; do
+ if test -f $i ; then
+ files="$files $i"
+ elif test -f $SRCDIR/$i ; then
+ files="$files $SRCDIR/$i"
+ else
+ files="$files $i"
+ fi
+ done
+
+ MKDEP_CFLAGS="$MKDEP_CFLAGS -I$SRCDIR"
+fi
+
+cat << _EOF_ >> $TMP
+
+#
+# files: $*
+# command: $MKDEP_CC $MKDEP_CFLAGS $files
+#
+
+_EOF_
+
+case $MKDEP_CFLAGS in
+# Using regular preprocessor output
+ -E*)
+FLAGS=""
+FILES=""
+for i in $files; do
+ case $i in
+ -*) FLAGS="$FLAGS $i" ;;
+ *) FILES="$FILES $i" ;;
+ esac
+done
+for i in $FILES; do
+ $MKDEP_CC $MKDEP_CFLAGS $FLAGS $i | grep '^#.*"' > $TMP.sed
+awk '
+BEGIN {
+ file = "'$i'"
+ n = split(file, parts, "/")
+ filenm = substr(parts[n], 0, length(parts[n])-1) "o"
+}
+{
+ dep = split($3, parts, "\"")
+ dep = parts[2]
+ if (dep ~ "^\./.*") dep = substr(dep, 3, length(dep)-2)
+ if (( noslash == "yes") && (dep ~ /^\// )) continue
+ if (deps[dep] == 0) printf "%s: %s\n", filenm, dep
+ deps[dep] = 1
+}' noslash="$NOSLASH" $TMP.sed >> $TMP
+done
+ ;;
+
+ *)
+# Using -M or some other specific dependency-generating option
+$MKDEP_CC $MKDEP_CFLAGS $files | \
+ sed -e 's; \./; ;g' -e 's/ :/:/' | \
+ $SED > $TMP.sed
+# do not pipe to awk. SGI awk wants a filename as argument.
+# (or '-', but I do not know if all other awks support that.)
+awk '
+$1 ~ /:$/ {
+ filenm=$1
+ dep=substr($0, length(filenm)+1)
+}
+$1 !~ /:$/ {
+ dep=$0
+}
+/.*/ {
+ if ( length(filenm) < 2 ) next
+ if ( filenm ~ /:.*:$/ ) next
+ split(dep, depends, " ")
+ for(d in depends) {
+ dfile = depends[d]
+ if ( length(dfile) < 2 ) continue
+ if ( dfile ~ /:/ ) continue
+ if (( noslash == "yes") && (dfile ~ /^\// )) continue
+ rec = filenm " " dfile
+ print rec
+ }
+}
+' noslash="$NOSLASH" $TMP.sed >> $TMP
+ ;;
+esac
+
+
+cat << _EOF_ >> $TMP
+
+# IF YOU PUT ANYTHING HERE IT WILL GO AWAY
+_EOF_
+
+# copy to preserve permissions
+cp $TMP $MAKE
+rm -f ${MAKE}.bak $TMP.sed $TMP
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/build/mkdep
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/build/mkdep.aix
===================================================================
--- openldap/vendor/openldap-2.3.35/build/mkdep.aix (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/mkdep.aix 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,17 @@
+#! /bin/sh
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+cc_r -ME $* > /dev/null
+cat *.u
+rm *.u
Property changes on: openldap/vendor/openldap-2.3.35/build/mkdep.aix
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/build/mkrelease
===================================================================
--- openldap/vendor/openldap-2.3.35/build/mkrelease (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/mkrelease 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,79 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/build/mkrelease,v 1.18.2.5 2007/01/02 21:43:41 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Make a release
+# mkrelease RELNAME CVSTAG CVSMODULES
+# where CVSTAG is the tag to export from the current CVSROOT
+#
+
+#
+# This script MUST NOT add files to the export nor modify
+# any file in the export.
+#
+
+set -e # exit immediately if any errors occur
+
+if test $# != 3 ; then
+ echo 'usage: mkrelease RELNAME CVSTAG CVSMODULES ...'
+ exit 1
+fi
+
+RELNAME=openldap-$1
+shift
+CVSTAG=$1
+shift
+
+if test -e $RELNAME ; then
+ echo "error: $RELNAME exists"
+ exit 1
+fi
+
+echo Release: $RELNAME
+echo CVS Tag: $CVSTAG
+echo Modules: $*
+
+cvs -q export -kkv -r $CVSTAG -d $RELNAME $*
+
+if test ! -d $RELNAME ; then
+ echo "error: $RELNAME doesn't exists"
+ exit 1
+fi
+
+if test -e $RELNAME/doc/guide/admin/guide.sdf ; then
+ echo "build guide..."
+ ( cd $RELNAME/doc/guide/admin ; make guide.html )
+else
+ echo "No guide"
+fi
+
+if test ! -e $RELNAME/build/version.sh ; then
+ echo "No build version"
+ OL_STRING="something"
+else
+ eval `$RELNAME/build/version.sh`
+fi
+
+echo "Rolling up $OL_STRING ..."
+
+
+tar cf $RELNAME.tar $RELNAME
+gzip -9 -c $RELNAME.tar > $RELNAME.tgz
+md5 $RELNAME.tgz > $RELNAME.md5
+sha1 $RELNAME.tgz > $RELNAME.sha1
+rm -f $RELNAME.tar
+
+ls -l $RELNAME.*
+
+echo "Made $OL_STRING as $RELNAME.tgz"
Property changes on: openldap/vendor/openldap-2.3.35/build/mkrelease
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/build/mkvers.bat
===================================================================
--- openldap/vendor/openldap-2.3.35/build/mkvers.bat (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/mkvers.bat 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,28 @@
+:: $OpenLDAP: pkg/ldap/build/mkvers.bat,v 1.5.2.3 2007/01/02 21:43:41 kurt Exp $
+:: This work is part of OpenLDAP Software <http://www.openldap.org/>.
+::
+:: Copyright 1998-2007 The OpenLDAP Foundation.
+:: All rights reserved.
+::
+:: Redistribution and use in source and binary forms, with or without
+:: modification, are permitted only as authorized by the OpenLDAP
+:: Public License.
+::
+:: A copy of this license is available in the file LICENSE in the
+:: top-level directory of the distribution or, alternatively, at
+:: <http://www.OpenLDAP.org/license.html>.
+
+::
+:: Create a version.c file from build/version.h
+::
+
+:: usage: mkvers.bat <path/version.h>, <version.c>, <appname>, <static>
+
+copy %1 %2
+(echo. ) >> %2
+(echo #include "portable.h") >> %2
+(echo. ) >> %2
+(echo %4 const char __Version[] =) >> %2
+(echo "@(#) $" OPENLDAP_PACKAGE ": %3 " OPENLDAP_VERSION) >> %2
+(echo " (" __DATE__ " " __TIME__ ") $\n") >> %2
+(echo "\t%USERNAME%@%COMPUTERNAME% %CD:\=/%\n";) >> %2
Property changes on: openldap/vendor/openldap-2.3.35/build/mkvers.bat
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/build/mkversion
===================================================================
--- openldap/vendor/openldap-2.3.35/build/mkversion (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/mkversion 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,78 @@
+#! /bin/sh
+# Create a version.c file
+# $OpenLDAP: pkg/ldap/build/mkversion,v 1.12.2.3 2007/01/02 21:43:41 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+PACKAGE=OpenLDAP
+VERSION=unknown
+SYMBOL=__Version
+static=static
+const=const
+while :
+ do case "$1" in
+ -p)
+ PACKAGE=$2
+ shift; shift ;;
+ -v)
+ VERSION=$2
+ shift; shift ;;
+
+ -c)
+ const=
+ shift ;;
+ -n)
+ SYMBOL=$2
+ shift; shift ;;
+ -s)
+ static=
+ shift ;;
+
+# -*) shift ;;
+ *)
+ break ;;
+ esac
+done
+
+if test $# != 1 ; then
+ echo 'usage: mkversion [-c] [-s] [-p package] [-v version] application'
+ exit 1
+fi
+
+APPLICATION=$1
+WHOWHERE="$USER@`uname -n`:`pwd`"
+
+cat << __EOF__
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+static const char copyright[] =
+"Copyright 1998-2007 The OpenLDAP Foundation. All rights reserved.\n"
+"COPYING RESTRICTIONS APPLY\n";
+
+$static $const char $SYMBOL[] =
+"@(#) \$$PACKAGE: $APPLICATION $VERSION (" __DATE__ " " __TIME__ ") \$\n"
+"\t$WHOWHERE\n";
+
+__EOF__
Property changes on: openldap/vendor/openldap-2.3.35/build/mkversion
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/build/mod.mk
===================================================================
--- openldap/vendor/openldap-2.3.35/build/mod.mk (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/mod.mk 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,92 @@
+# $OpenLDAP: pkg/ldap/build/mod.mk,v 1.22.2.4 2007/01/02 21:43:41 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##---------------------------------------------------------------------------
+#
+# Makefile Template for Server Modules
+#
+
+LIBRARY = $(LIBBASE).la
+LIBSTAT = lib$(LIBBASE).a
+
+MKDEPFLAG = -l
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+ $(LTCOMPILE_MOD) $<
+
+all-no lint-no 5lint-no depend-no install-no: FORCE
+ @echo "run configure with $(BUILD_OPT) to make $(LIBBASE)"
+
+all-common: all-$(BUILD_MOD)
+
+version.c: Makefile
+ $(RM) $@
+ $(MKVERSION) $(LIBBASE) > $@
+
+version.lo: version.c $(OBJS)
+
+$(LIBRARY): version.lo
+ $(LTLINK_MOD) -module -o $@ $(OBJS) version.lo $(LINK_LIBS)
+
+$(LIBSTAT): version.lo
+ $(AR) ruv $@ `echo $(OBJS) | sed 's/\.lo/.o/g'` version.o
+ @$(RANLIB) $@
+
+clean-common: clean-lib FORCE
+veryclean-common: veryclean-lib FORCE
+
+
+lint-common: lint-$(BUILD_MOD)
+
+5lint-common: 5lint-$(BUILD_MOD)
+
+depend-common: depend-$(BUILD_MOD)
+
+install-common: install-$(BUILD_MOD)
+
+all-local-mod:
+all-mod: $(LIBRARY) all-local-mod FORCE
+
+all-local-lib:
+all-yes: $(LIBSTAT) all-local-lib FORCE
+
+install-mod: $(LIBRARY)
+ @-$(MKDIR) $(DESTDIR)$(moduledir)
+ $(LTINSTALL) $(INSTALLFLAGS) -m 755 $(LIBRARY) $(DESTDIR)$(moduledir)
+
+install-local-lib:
+install-yes: install-local-lib FORCE
+
+lint-local-lib:
+lint-yes lint-mod: lint-local-lib FORCE
+ $(LINT) $(DEFS) $(DEFINES) $(SRCS)
+
+5lint-local-lib:
+5lint-yes 5lint-mod: 5lint-local-lib FORCE
+ $(5LINT) $(DEFS) $(DEFINES) $(SRCS)
+
+clean-local-lib:
+clean-lib: clean-local-lib FORCE
+ $(RM) $(LIBRARY) $(LIBSTAT) version.c *.o *.lo a.out core .libs/*
+
+depend-local-lib:
+depend-yes depend-mod: depend-local-lib FORCE
+ $(MKDEP) $(DEFS) $(DEFINES) $(SRCS)
+
+veryclean-local-lib:
+veryclean-lib: clean-lib veryclean-local-lib
+
+Makefile: $(top_srcdir)/build/mod.mk
+
Added: openldap/vendor/openldap-2.3.35/build/openldap.m4
===================================================================
--- openldap/vendor/openldap-2.3.35/build/openldap.m4 (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/openldap.m4 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1460 @@
+dnl OpenLDAP Autoconf Macros
+dnl $OpenLDAP: pkg/ldap/build/openldap.m4,v 1.140.2.12 2007/02/13 04:35:39 kurt Exp $
+dnl This work is part of OpenLDAP Software <http://www.openldap.org/>.
+dnl
+dnl Copyright 1998-2007 The OpenLDAP Foundation.
+dnl All rights reserved.
+dnl
+dnl Redistribution and use in source and binary forms, with or without
+dnl modification, are permitted only as authorized by the OpenLDAP
+dnl Public License.
+dnl
+dnl A copy of this license is available in the file LICENSE in the
+dnl top-level directory of the distribution or, alternatively, at
+dnl <http://www.OpenLDAP.org/license.html>.
+dnl
+dnl --------------------------------------------------------------------
+dnl Restricted form of AC_ARG_ENABLE that limits user options
+dnl
+dnl $1 = option name
+dnl $2 = help-string
+dnl $3 = default value (auto). "--" means do not set it by default
+dnl $4 = allowed values (auto yes no)
+dnl $5 = overridden default
+AC_DEFUN([OL_ARG_ENABLE], [# OpenLDAP --enable-$1
+ pushdef([ol_DefVal],ifelse($3,,auto,$3))
+ AC_ARG_ENABLE($1,ifelse($4,,[$2],[$2] translit([$4],[ ],[|])) ifelse($3,--,,@<:@ol_DefVal@:>@),[
+ ol_arg=invalid
+ for ol_val in ifelse($4,,[auto yes no],[$4]) ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ AC_MSG_ERROR(bad value $enableval for --enable-$1)
+ fi
+ ol_enable_$1="$ol_arg"
+]ifelse($3,--,,[,
+[ ol_enable_$1=ifelse($5,,ol_DefVal,[${]$5[:-]ol_DefVal[}])]]))dnl
+dnl AC_MSG_RESULT([OpenLDAP -enable-$1 $ol_enable_$1])
+ popdef([ol_DefVal])
+# end --enable-$1
+])dnl
+dnl
+dnl --------------------------------------------------------------------
+dnl Restricted form of AC_ARG_WITH that limits user options
+dnl
+dnl $1 = option name
+dnl $2 = help-string
+dnl $3 = default value (no)
+dnl $4 = allowed values (yes or no)
+AC_DEFUN([OL_ARG_WITH], [# OpenLDAP --with-$1
+ AC_ARG_WITH($1,[$2 @<:@]ifelse($3,,yes,$3)@:>@,[
+ ol_arg=invalid
+ for ol_val in ifelse($4,,[yes no],[$4]) ; do
+ if test "$withval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ AC_MSG_ERROR(bad value $withval for --with-$1)
+ fi
+ ol_with_$1="$ol_arg"
+],
+[ ol_with_$1=ifelse($3,,"no","$3")])dnl
+dnl AC_MSG_RESULT([OpenLDAP --with-$1 $ol_with_$1])
+# end --with-$1
+])dnl
+dnl ====================================================================
+dnl Check for dependency generation flag
+AC_DEFUN([OL_MKDEPEND], [# test for make depend flag
+OL_MKDEP=
+OL_MKDEP_FLAGS=
+if test -z "${MKDEP}"; then
+ OL_MKDEP="${CC-cc}"
+ if test -z "${MKDEP_FLAGS}"; then
+ AC_CACHE_CHECK([for ${OL_MKDEP} depend flag], ol_cv_mkdep, [
+ ol_cv_mkdep=no
+ for flag in "-M" "-xM"; do
+ cat > conftest.c <<EOF
+ noCode;
+EOF
+ if AC_TRY_COMMAND($OL_MKDEP $flag conftest.c) \
+ | grep '^conftest\.'"${ac_objext}" >/dev/null 2>&1
+ then
+ if test ! -f conftest."${ac_object}" ; then
+ ol_cv_mkdep=$flag
+ OL_MKDEP_FLAGS="$flag"
+ break
+ fi
+ fi
+ done
+ rm -f conftest*
+ ])
+ else
+ cc_cv_mkdep=yes
+ OL_MKDEP_FLAGS="${MKDEP_FLAGS}"
+ fi
+else
+ cc_cv_mkdep=yes
+ OL_MKDEP="${MKDEP}"
+ OL_MKDEP_FLAGS="${MKDEP_FLAGS}"
+fi
+AC_SUBST(OL_MKDEP)
+AC_SUBST(OL_MKDEP_FLAGS)
+])
+dnl
+dnl ====================================================================
+dnl Check if system uses EBCDIC instead of ASCII
+AC_DEFUN([OL_CPP_EBCDIC], [# test for EBCDIC
+AC_CACHE_CHECK([for EBCDIC],ol_cv_cpp_ebcdic,[
+ AC_PREPROC_IFELSE([AC_LANG_SOURCE([[
+#if !('M' == 0xd4)
+#include <__ASCII__/generate_error.h>
+#endif
+]])],[ol_cv_cpp_ebcdic=yes],[ol_cv_cpp_ebcdic=no])])
+if test $ol_cv_cpp_ebcdic = yes ; then
+ AC_DEFINE(HAVE_EBCDIC,1, [define if system uses EBCDIC instead of ASCII])
+fi
+])
+dnl
+dnl --------------------------------------------------------------------
+dnl OpenLDAP version of STDC header check w/ EBCDIC support
+AC_DEFUN([OL_HEADER_STDC],
+[AC_REQUIRE_CPP()dnl
+AC_REQUIRE([OL_CPP_EBCDIC])dnl
+AC_CACHE_CHECK([for ANSI C header files], ol_cv_header_stdc,
+[AC_PREPROC_IFELSE([AC_LANG_SOURCE([[#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>]])],[ol_cv_header_stdc=yes],[ol_cv_header_stdc=no])
+
+if test $ol_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+AC_EGREP_HEADER(memchr, string.h, , ol_cv_header_stdc=no)
+fi
+
+if test $ol_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+AC_EGREP_HEADER(free, stdlib.h, , ol_cv_header_stdc=no)
+fi
+
+if test $ol_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <ctype.h>
+#ifndef HAVE_EBCDIC
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int main () { int i; for (i = 0; i < 256; i++)
+if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2);
+exit (0); }
+]])],[],[ol_cv_header_stdc=no],[:])
+fi])
+if test $ol_cv_header_stdc = yes; then
+ AC_DEFINE(STDC_HEADERS)
+fi
+ac_cv_header_stdc=disable
+])
+dnl
+dnl ====================================================================
+dnl DNS resolver macros
+AC_DEFUN([OL_RESOLVER_TRY],
+[if test $ol_cv_lib_resolver = no ; then
+ AC_CACHE_CHECK([for resolver link (]ifelse($2,,default,$2)[)],[$1],
+[
+ ol_RESOLVER_LIB=ifelse($2,,,$2)
+ ol_LIBS=$LIBS
+ LIBS="$ol_RESOLVER_LIB $LIBS"
+
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <netinet/in.h>
+#ifdef HAVE_ARPA_NAMESER_H
+# include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+# include <resolv.h>
+#endif
+]], [[{
+ int len, status;
+ char *request = NULL;
+ unsigned char reply[64*1024];
+ unsigned char host[64*1024];
+ unsigned char *p;
+
+#ifdef NS_HFIXEDSZ
+ /* Bind 8/9 interface */
+ len = res_query(request, ns_c_in, ns_t_srv, reply, sizeof(reply));
+#else
+ /* Bind 4 interface */
+# ifndef T_SRV
+# define T_SRV 33
+# endif
+ len = res_query(request, C_IN, T_SRV, reply, sizeof(reply));
+#endif
+ p = reply;
+#ifdef NS_HFIXEDSZ
+ /* Bind 8/9 interface */
+ p += NS_HFIXEDSZ;
+#elif defined(HFIXEDSZ)
+ /* Bind 4 interface w/ HFIXEDSZ */
+ p += HFIXEDSZ;
+#else
+ /* Bind 4 interface w/o HFIXEDSZ */
+ p += sizeof(HEADER);
+#endif
+ status = dn_expand( reply, reply+len, p, host, sizeof(host));
+}]])],[$1=yes],[$1=no])
+
+ LIBS="$ol_LIBS"
+])
+
+ if test $$1 = yes ; then
+ ol_cv_lib_resolver=ifelse($2,,yes,$2)
+ fi
+fi
+])
+dnl --------------------------------------------------------------------
+dnl Try to locate appropriate library
+AC_DEFUN([OL_RESOLVER_LINK],
+[ol_cv_lib_resolver=no
+OL_RESOLVER_TRY(ol_cv_resolver_none)
+OL_RESOLVER_TRY(ol_cv_resolver_resolv,[-lresolv])
+OL_RESOLVER_TRY(ol_cv_resolver_bind,[-lbind])
+])
+dnl
+dnl ====================================================================
+dnl International Components for Unicode (ICU)
+AC_DEFUN([OL_ICU],
+[ol_icu=no
+AC_CHECK_HEADERS( unicode/utypes.h )
+if test $ac_cv_header_unicode_utypes_h = yes ; then
+ dnl OL_ICULIBS="-licui18n -licuuc -licudata"
+ OL_ICULIBS="-licuuc -licudata"
+
+ AC_CACHE_CHECK([for ICU libraries], [ol_cv_lib_icu], [
+ ol_LIBS="$LIBS"
+ LIBS="$OL_ICULIBS $LIBS"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <unicode/utypes.h>
+]], [[
+(void) u_errorName(0);
+]])],[ol_cv_lib_icu=yes],[ol_cv_lib_icu=no])
+ LIBS="$ol_LIBS"
+])
+
+ if test $ol_cv_lib_icu != no ; then
+ ol_icu="$OL_ICULIBS"
+ AC_DEFINE(HAVE_ICU,1,[define if you actually have ICU])
+ fi
+fi
+])
+dnl
+dnl ====================================================================
+dnl Berkeley DB macros
+dnl
+dnl --------------------------------------------------------------------
+dnl Try to link
+AC_DEFUN([OL_BERKELEY_DB_TRY],
+[if test $ol_cv_lib_db = no ; then
+ AC_CACHE_CHECK([for Berkeley DB link (]ifelse($2,,default,$2)[)],[$1],
+[
+ ol_DB_LIB=ifelse($2,,,$2)
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+]], [[
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+]])],[$1=yes],[$1=no])
+
+ LIBS="$ol_LIBS"
+])
+
+ if test $$1 = yes ; then
+ ol_cv_lib_db=ifelse($2,,yes,$2)
+ fi
+fi
+])
+dnl
+dnl --------------------------------------------------------------------
+dnl Try to locate appropriate library
+AC_DEFUN([OL_BERKELEY_DB_LINK],
+[ol_cv_lib_db=no
+
+dnl Determine major version
+AC_CACHE_CHECK([for Berkeley DB major version], [ol_cv_bdb_major],[
+ ol_cv_bdb_major=0
+ if test $ol_cv_bdb_major = 0 ; then
+ AC_EGREP_CPP(__db_version, [
+#include <db.h>
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#if DB_VERSION_MAJOR == 4
+__db_version
+#endif
+ ], [ol_cv_bdb_major=4], [:])
+ fi
+ if test $ol_cv_bdb_major = 0 ; then
+ AC_EGREP_CPP(__db_version, [
+#include <db.h>
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#if DB_VERSION_MAJOR == 3
+__db_version
+#endif
+ ], [ol_cv_bdb_major=3], [:])
+ fi
+ if test $ol_cv_bdb_major = 0 ; then
+ AC_EGREP_CPP(__db_version, [
+#include <db.h>
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#if DB_VERSION_MAJOR == 2
+__db_version
+#endif
+ ], [ol_cv_bdb_major=2], [:])
+ fi
+ if test $ol_cv_bdb_major = 0 ; then
+ AC_EGREP_CPP(__db_version, [
+#include <db.h>
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#if DB_VERSION_MAJOR == 1
+__db_version
+#endif
+ ], [ol_cv_bdb_major=1], [:])
+ fi
+
+ if test $ol_cv_bdb_major = 0 ; then
+ AC_MSG_ERROR([Unknown Berkeley DB major version])
+ fi
+])
+
+dnl Determine minor version
+AC_CACHE_CHECK([for Berkeley DB minor version], [ol_cv_bdb_minor],[
+ ol_cv_bdb_minor=0
+ if test $ol_cv_bdb_minor = 0 ; then
+ AC_EGREP_CPP(__db_version, [
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 9
+__db_version
+#endif
+ ], [ol_cv_bdb_minor=9], [:])
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ AC_EGREP_CPP(__db_version, [
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 8
+__db_version
+#endif
+ ], [ol_cv_bdb_minor=8], [:])
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ AC_EGREP_CPP(__db_version, [
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 7
+__db_version
+#endif
+ ], [ol_cv_bdb_minor=7], [:])
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ AC_EGREP_CPP(__db_version, [
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 6
+__db_version
+#endif
+ ], [ol_cv_bdb_minor=6], [:])
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ AC_EGREP_CPP(__db_version, [
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 5
+__db_version
+#endif
+ ], [ol_cv_bdb_minor=5], [:])
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ AC_EGREP_CPP(__db_version, [
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 4
+__db_version
+#endif
+ ], [ol_cv_bdb_minor=4], [:])
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ AC_EGREP_CPP(__db_version, [
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 3
+__db_version
+#endif
+ ], [ol_cv_bdb_minor=3], [:])
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ AC_EGREP_CPP(__db_version, [
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 2
+__db_version
+#endif
+ ], [ol_cv_bdb_minor=2], [:])
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ AC_EGREP_CPP(__db_version, [
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 1
+__db_version
+#endif
+ ], [ol_cv_bdb_minor=1], [:])
+ fi
+])
+
+if test $ol_cv_bdb_major = 4 ; then
+ if test $ol_cv_bdb_minor = 5 ; then
+ OL_BERKELEY_DB_TRY(ol_cv_db_db45,[-ldb45])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_45,[-ldb-45])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_4_dot_5,[-ldb-4.5])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_4_5,[-ldb-4-5])
+ elif test $ol_cv_bdb_minor = 4 ; then
+ OL_BERKELEY_DB_TRY(ol_cv_db_db44,[-ldb44])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_44,[-ldb-44])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_4_dot_4,[-ldb-4.4])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_4_4,[-ldb-4-4])
+ elif test $ol_cv_bdb_minor = 3 ; then
+ OL_BERKELEY_DB_TRY(ol_cv_db_db43,[-ldb43])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_43,[-ldb-43])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_4_dot_3,[-ldb-4.3])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_4_3,[-ldb-4-3])
+ elif test $ol_cv_bdb_minor = 2 ; then
+ OL_BERKELEY_DB_TRY(ol_cv_db_db42,[-ldb42])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_42,[-ldb-42])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_4_dot_2,[-ldb-4.2])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_4_2,[-ldb-4-2])
+ elif test $ol_cv_bdb_minor = 1 ; then
+ OL_BERKELEY_DB_TRY(ol_cv_db_db41,[-ldb41])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_41,[-ldb-41])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_4_dot_1,[-ldb-4.1])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_4_1,[-ldb-4-1])
+ fi
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_4,[-ldb-4])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db4,[-ldb4])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db,[-ldb])
+
+elif test $ol_cv_bdb_major = 3 ; then
+ OL_BERKELEY_DB_TRY(ol_cv_db_db3,[-ldb3])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_3,[-ldb-3])
+
+elif test $ol_cv_bdb_major = 2 ; then
+ OL_BERKELEY_DB_TRY(ol_cv_db_db2,[-ldb2])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_2,[-ldb-2])
+
+elif test $ol_cv_bdb_major = 1 ; then
+ OL_BERKELEY_DB_TRY(ol_cv_db_db1,[-ldb1])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_1,[-ldb-1])
+fi
+OL_BERKELEY_DB_TRY(ol_cv_db_none)
+])
+dnl
+dnl --------------------------------------------------------------------
+dnl Check if Berkeley DB version
+AC_DEFUN([OL_BERKELEY_DB_VERSION],
+[AC_CACHE_CHECK([for Berkeley DB version match], [ol_cv_berkeley_db_version], [
+ ol_LIBS="$LIBS"
+ LIBS="$LTHREAD_LIBS $LIBS"
+ if test $ol_cv_lib_db != yes ; then
+ LIBS="$ol_cv_lib_db $LIBS"
+ fi
+
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#ifdef HAVE_DB_185_H
+ choke me;
+#else
+#include <db.h>
+#endif
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#ifndef NULL
+#define NULL ((void *)0)
+#endif
+main()
+{
+#if DB_VERSION_MAJOR > 1
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor != DB_VERSION_MINOR ||
+ patch != DB_VERSION_PATCH )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+#endif
+
+ return 0;
+}]])],[ol_cv_berkeley_db_version=yes],[ol_cv_berkeley_db_version=no],[ol_cv_berkeley_db_version=cross])
+
+ LIBS="$ol_LIBS"
+])
+
+ if test $ol_cv_berkeley_db_version = no ; then
+ AC_MSG_ERROR([Berkeley DB version mismatch])
+ fi
+])dnl
+dnl
+dnl --------------------------------------------------------------------
+dnl Check if Berkeley DB supports DB_THREAD
+AC_DEFUN([OL_BERKELEY_DB_THREAD],
+[AC_CACHE_CHECK([for Berkeley DB thread support], [ol_cv_berkeley_db_thread], [
+ ol_LIBS="$LIBS"
+ LIBS="$LTHREAD_LIBS $LIBS"
+ if test $ol_cv_lib_db != yes ; then
+ LIBS="$ol_cv_lib_db $LIBS"
+ fi
+
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#ifdef HAVE_DB_185_H
+ choke me;
+#else
+#include <db.h>
+#endif
+#ifndef NULL
+#define NULL ((void *)0)
+#endif
+main()
+{
+ int rc;
+ u_int32_t flags = DB_CREATE |
+#ifdef DB_PRIVATE
+ DB_PRIVATE |
+#endif
+ DB_THREAD;
+
+#if DB_VERSION_MAJOR > 2
+ DB_ENV *env = NULL;
+
+ rc = db_env_create( &env, 0 );
+
+ flags |= DB_INIT_MPOOL;
+#ifdef DB_MPOOL_PRIVATE
+ flags |= DB_MPOOL_PRIVATE;
+#endif
+
+ if( rc ) {
+ printf("BerkeleyDB: %s\n", db_strerror(rc) );
+ return rc;
+ }
+
+#if (DB_VERSION_MAJOR > 3) || (DB_VERSION_MINOR >= 1)
+ rc = env->open( env, NULL, flags, 0 );
+#else
+ rc = env->open( env, NULL, NULL, flags, 0 );
+#endif
+
+ if ( rc == 0 ) {
+ rc = env->close( env, 0 );
+ }
+
+ if( rc ) {
+ printf("BerkeleyDB: %s\n", db_strerror(rc) );
+ return rc;
+ }
+
+#else
+ DB_ENV env;
+ memset( &env, '\0', sizeof(env) );
+
+ rc = db_appinit( NULL, NULL, &env, flags );
+
+ if( rc == 0 ) {
+ db_appexit( &env );
+ }
+
+ unlink("__db_mpool.share");
+ unlink("__db_lock.share");
+#endif
+
+ return rc;
+}]])],[ol_cv_berkeley_db_thread=yes],[ol_cv_berkeley_db_thread=no],[ol_cv_berkeley_db_thread=cross])
+
+ LIBS="$ol_LIBS"
+])
+
+ if test $ol_cv_berkeley_db_thread != no ; then
+ AC_DEFINE(HAVE_BERKELEY_DB_THREAD, 1,
+ [define if Berkeley DB has DB_THREAD support])
+ fi
+])dnl
+dnl
+dnl --------------------------------------------------------------------
+dnl Find any DB
+AC_DEFUN([OL_BERKELEY_DB],
+[ol_cv_berkeley_db=no
+AC_CHECK_HEADERS(db.h)
+if test $ac_cv_header_db_h = yes; then
+ OL_BERKELEY_DB_LINK
+ if test "$ol_cv_lib_db" != no ; then
+ ol_cv_berkeley_db=yes
+ OL_BERKELEY_DB_VERSION
+ OL_BERKELEY_DB_THREAD
+ fi
+fi
+])
+dnl --------------------------------------------------------------------
+dnl Check for version compatility with back-bdb
+AC_DEFUN([OL_BDB_COMPAT],
+[AC_CACHE_CHECK([Berkeley DB version for BDB/HDB backends], [ol_cv_bdb_compat],[
+ AC_EGREP_CPP(__db_version_compat,[
+#include <db.h>
+
+ /* this check could be improved */
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+
+/* require 4.2 or later */
+#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2)
+ __db_version_compat
+#endif
+ ], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])])
+])
+
+dnl --------------------------------------------------------------------
+dnl Find old Berkeley DB 1.85/1.86
+AC_DEFUN([OL_BERKELEY_COMPAT_DB],
+[AC_CHECK_HEADERS(db_185.h db.h)
+if test $ac_cv_header_db_185_h = yes || test $ac_cv_header_db_h = yes; then
+ AC_CACHE_CHECK([if Berkeley DB header compatibility], [ol_cv_header_db1],[
+ AC_EGREP_CPP(__db_version_1,[
+#if HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+ /* this check could be improved */
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#if DB_VERSION_MAJOR == 1
+ __db_version_1
+#endif
+], [ol_cv_header_db1=yes], [ol_cv_header_db1=no])])
+
+ if test $ol_cv_header_db1 = yes ; then
+ OL_BERKELEY_DB_LINK
+ if test "$ol_cv_lib_db" != no ; then
+ ol_cv_berkeley_db=yes
+ fi
+ fi
+fi
+])
+dnl
+dnl ====================================================================
+dnl Check if GDBM library exists
+dnl Check for gdbm_open in standard libraries or -lgdbm
+dnl
+dnl defines ol_cv_lib_gdbm to 'yes' or '-lgdbm' or 'no'
+dnl 'yes' implies gdbm_open is in $LIBS
+dnl
+dnl uses:
+dnl AC_CHECK_FUNC(gdbm_open)
+dnl AC_CHECK_LIB(gdbm,gdbm_open)
+dnl
+AC_DEFUN([OL_LIB_GDBM],
+[AC_CACHE_CHECK(for GDBM library, [ol_cv_lib_gdbm],
+[ ol_LIBS="$LIBS"
+ AC_CHECK_FUNC(gdbm_open,[ol_cv_lib_gdbm=yes], [
+ AC_CHECK_LIB(gdbm,gdbm_open,[ol_cv_lib_gdbm=-lgdbm],[ol_cv_lib_gdbm=no])
+ ])
+ LIBS="$ol_LIBS"
+])
+])dnl
+dnl
+dnl --------------------------------------------------------------------
+dnl Check if GDBM exists
+dnl
+dnl defines ol_cv_gdbm to 'yes' or 'no'
+dnl
+dnl uses:
+dnl OL_LIB_GDBM
+dnl AC_CHECK_HEADERS(gdbm.h)
+dnl
+AC_DEFUN([OL_GDBM],
+[AC_REQUIRE([OL_LIB_GDBM])
+ AC_CHECK_HEADERS(gdbm.h)
+ AC_CACHE_CHECK(for db, [ol_cv_gdbm], [
+ if test $ol_cv_lib_gdbm = no || test $ac_cv_header_gdbm_h = no ; then
+ ol_cv_gdbm=no
+ else
+ ol_cv_gdbm=yes
+ fi
+])
+ if test $ol_cv_gdbm = yes ; then
+ AC_DEFINE(HAVE_GDBM,1, [define if GNU DBM is available])
+ fi
+])dnl
+dnl
+dnl ====================================================================
+dnl Check if MDBM library exists
+dnl Check for mdbm_open in standard libraries or -lmdbm
+dnl
+dnl defines ol_cv_lib_mdbm to 'yes' or '-lmdbm' or 'no'
+dnl 'yes' implies mdbm_open is in $LIBS
+dnl
+dnl uses:
+dnl AC_CHECK_FUNC(mdbm_set_chain)
+dnl AC_CHECK_LIB(mdbm,mdbm_set_chain)
+dnl
+AC_DEFUN([OL_LIB_MDBM],
+[AC_CACHE_CHECK(for MDBM library, [ol_cv_lib_mdbm],
+[ ol_LIBS="$LIBS"
+ AC_CHECK_FUNC(mdbm_set_chain,[ol_cv_lib_mdbm=yes], [
+ AC_CHECK_LIB(mdbm,mdbm_set_chain,[ol_cv_lib_mdbm=-lmdbm],[ol_cv_lib_mdbm=no])
+ ])
+ LIBS="$ol_LIBS"
+])
+])dnl
+dnl
+dnl --------------------------------------------------------------------
+dnl Check if MDBM exists
+dnl
+dnl defines ol_cv_mdbm to 'yes' or 'no'
+dnl
+dnl uses:
+dnl OL_LIB_MDBM
+dnl AC_CHECK_HEADERS(mdbm.h)
+dnl
+AC_DEFUN([OL_MDBM],
+[AC_REQUIRE([OL_LIB_MDBM])
+ AC_CHECK_HEADERS(mdbm.h)
+ AC_CACHE_CHECK(for db, [ol_cv_mdbm], [
+ if test $ol_cv_lib_mdbm = no || test $ac_cv_header_mdbm_h = no ; then
+ ol_cv_mdbm=no
+ else
+ ol_cv_mdbm=yes
+ fi
+])
+ if test $ol_cv_mdbm = yes ; then
+ AC_DEFINE(HAVE_MDBM,1, [define if MDBM is available])
+ fi
+])dnl
+dnl
+dnl ====================================================================
+dnl Check if NDBM library exists
+dnl Check for dbm_open in standard libraries or -lndbm or -ldbm
+dnl
+dnl defines ol_cv_lib_ndbm to 'yes' or '-lndbm' or -ldbm or 'no'
+dnl 'yes' implies ndbm_open is in $LIBS
+dnl
+dnl uses:
+dnl AC_CHECK_FUNC(dbm_open)
+dnl AC_CHECK_LIB(ndbm,dbm_open)
+dnl AC_CHECK_LIB(dbm,dbm_open)
+dnl
+dnl restrictions:
+dnl should also check SVR4 case: dbm_open() in -lucb but that
+dnl would requiring dealing with -L/usr/ucblib
+dnl
+AC_DEFUN([OL_LIB_NDBM],
+[AC_CACHE_CHECK(for NDBM library, [ol_cv_lib_ndbm],
+[ ol_LIBS="$LIBS"
+ AC_CHECK_FUNC(dbm_open,[ol_cv_lib_ndbm=yes], [
+ AC_CHECK_LIB(ndbm,dbm_open,[ol_cv_lib_ndbm=-lndbm], [
+ AC_CHECK_LIB(dbm,dbm_open,[ol_cv_lib_ndbm=-ldbm],
+ [ol_cv_lib_ndbm=no])dnl
+ ])
+ ])
+ LIBS="$ol_LIBS"
+])
+])dnl
+dnl
+dnl --------------------------------------------------------------------
+dnl Check if NDBM exists
+dnl
+dnl defines ol_cv_ndbm to 'yes' or 'no'
+dnl
+dnl uses:
+dnl OL_LIB_NDBM
+dnl AC_CHECK_HEADERS(ndbm.h)
+dnl
+dnl restrictions:
+dnl Doesn't handle SVR4 case (see above)
+dnl
+AC_DEFUN([OL_NDBM],
+[AC_REQUIRE([OL_LIB_NDBM])
+ AC_CHECK_HEADERS(ndbm.h)
+ AC_CACHE_CHECK(for db, [ol_cv_ndbm], [
+ if test $ol_cv_lib_ndbm = no || test $ac_cv_header_ndbm_h = no ; then
+ ol_cv_ndbm=no
+ else
+ ol_cv_ndbm=yes
+ fi
+])
+ if test $ol_cv_ndbm = yes ; then
+ AC_DEFINE(HAVE_NDBM,1, [define if NDBM is available])
+ fi
+])dnl
+dnl
+dnl ====================================================================
+dnl Check POSIX Thread version
+dnl
+dnl defines ol_cv_pthread_version to 4, 5, 6, 7, 8, 10, depending on the
+dnl version of the POSIX.4a Draft that is implemented.
+dnl 10 == POSIX.4a Final == POSIX.1c-1996 for our purposes.
+dnl Existence of pthread.h should be tested separately.
+dnl
+dnl tests:
+dnl pthread_detach() was dropped in Draft 8, it is present
+dnl in every other version
+dnl PTHREAD_CREATE_UNDETACHED is only in Draft 7, it was called
+dnl PTHREAD_CREATE_JOINABLE after that
+dnl pthread_attr_create was renamed to pthread_attr_init in Draft 6.
+dnl Draft 6-10 has _init, Draft 4-5 has _create.
+dnl pthread_attr_default was dropped in Draft 6, only 4 and 5 have it
+dnl PTHREAD_MUTEX_INITIALIZER was introduced in Draft 5. It's not
+dnl interesting to us because we don't try to statically
+dnl initialize mutexes. 5-10 has it.
+dnl
+dnl Draft 9 and 10 are equivalent for our purposes.
+dnl
+AC_DEFUN([OL_POSIX_THREAD_VERSION],
+[AC_CACHE_CHECK([POSIX thread version],[ol_cv_pthread_version],[
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+# include <pthread.h>
+ ]], [[
+ int i = PTHREAD_CREATE_JOINABLE;
+ ]])],[
+ AC_EGREP_HEADER(pthread_detach,pthread.h,
+ ol_cv_pthread_version=10, ol_cv_pthread_version=8)],[
+ AC_EGREP_CPP(draft7,[
+# include <pthread.h>
+# ifdef PTHREAD_CREATE_UNDETACHED
+ draft7
+# endif
+ ], ol_cv_pthread_version=7, [
+ AC_EGREP_HEADER(pthread_attr_init,pthread.h,
+ ol_cv_pthread_version=6, [
+ AC_EGREP_CPP(draft5,[
+# include <pthread.h>
+#ifdef PTHREAD_MUTEX_INITIALIZER
+ draft5
+#endif
+ ], ol_cv_pthread_version=5, ol_cv_pthread_version=4) ]) ]) ])
+])
+])dnl
+dnl
+dnl --------------------------------------------------------------------
+AC_DEFUN([OL_PTHREAD_TEST_INCLUDES], [[
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+]])
+AC_DEFUN([OL_PTHREAD_TEST_FUNCTION],[[
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+]])
+
+AC_DEFUN([OL_PTHREAD_TEST_PROGRAM],
+AC_LANG_SOURCE([OL_PTHREAD_TEST_INCLUDES
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+OL_PTHREAD_TEST_FUNCTION
+}
+]))
+dnl --------------------------------------------------------------------
+AC_DEFUN([OL_PTHREAD_TRY], [# Pthread try link: $1 ($2)
+if test "$ol_link_threads" = no ; then
+ # try $1
+ AC_CACHE_CHECK([for pthread link with $1], [$2], [
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="$1 $LIBS"
+
+ AC_RUN_IFELSE([OL_PTHREAD_TEST_PROGRAM],
+ [$2=yes],
+ [$2=no],
+ [AC_LINK_IFELSE([AC_LANG_PROGRAM(OL_PTHREAD_TEST_INCLUDES,
+ OL_PTHREAD_TEST_FUNCTION)],
+ [$2=yes], [$2=no])])
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+ ])
+
+ if test $$2 = yes ; then
+ ol_link_pthreads="$1"
+ ol_link_threads=posix
+ fi
+fi
+])
+dnl
+dnl ====================================================================
+dnl Check GNU Pth pthread Header
+dnl
+dnl defines ol_cv_header linux_threads to 'yes' or 'no'
+dnl 'no' implies pthreads.h is not LinuxThreads or pthreads.h
+dnl doesn't exists. Existance of pthread.h should separately
+dnl checked.
+dnl
+AC_DEFUN([OL_HEADER_GNU_PTH_PTHREAD_H], [
+ AC_CACHE_CHECK([for GNU Pth pthread.h],
+ [ol_cv_header_gnu_pth_pthread_h],
+ [AC_EGREP_CPP(__gnu_pth__,
+ [#include <pthread.h>
+#ifdef _POSIX_THREAD_IS_GNU_PTH
+ __gnu_pth__;
+#endif
+],
+ [ol_cv_header_gnu_pth_pthread_h=yes],
+ [ol_cv_header_gnu_pth_pthread_h=no])
+ ])
+])dnl
+dnl ====================================================================
+dnl Check for NT Threads
+AC_DEFUN([OL_NT_THREADS], [
+ AC_CHECK_FUNC(_beginthread)
+
+ if test $ac_cv_func__beginthread = yes ; then
+ AC_DEFINE(HAVE_NT_THREADS,1,[if you have NT Threads])
+ ol_cv_nt_threads=yes
+ fi
+])
+dnl ====================================================================
+dnl Check LinuxThreads Header
+dnl
+dnl defines ol_cv_header linux_threads to 'yes' or 'no'
+dnl 'no' implies pthreads.h is not LinuxThreads or pthreads.h
+dnl doesn't exists. Existance of pthread.h should separately
+dnl checked.
+dnl
+AC_DEFUN([OL_HEADER_LINUX_THREADS], [
+ AC_CACHE_CHECK([for LinuxThreads pthread.h],
+ [ol_cv_header_linux_threads],
+ [AC_EGREP_CPP(pthread_kill_other_threads_np,
+ [#include <pthread.h>],
+ [ol_cv_header_linux_threads=yes],
+ [ol_cv_header_linux_threads=no])
+ ])
+ if test $ol_cv_header_linux_threads = yes; then
+ AC_DEFINE(HAVE_LINUX_THREADS,1,[if you have LinuxThreads])
+ fi
+])dnl
+dnl --------------------------------------------------------------------
+dnl Check LinuxThreads Implementation
+dnl
+dnl defines ol_cv_sys_linux_threads to 'yes' or 'no'
+dnl 'no' implies pthreads implementation is not LinuxThreads.
+dnl
+AC_DEFUN([OL_SYS_LINUX_THREADS], [
+ AC_CHECK_FUNCS(pthread_kill_other_threads_np)
+ AC_CACHE_CHECK([for LinuxThreads implementation],
+ [ol_cv_sys_linux_threads],
+ [ol_cv_sys_linux_threads=$ac_cv_func_pthread_kill_other_threads_np])
+])dnl
+dnl
+dnl --------------------------------------------------------------------
+dnl Check LinuxThreads consistency
+AC_DEFUN([OL_LINUX_THREADS], [
+ AC_REQUIRE([OL_HEADER_LINUX_THREADS])
+ AC_REQUIRE([OL_SYS_LINUX_THREADS])
+ AC_CACHE_CHECK([for LinuxThreads consistency], [ol_cv_linux_threads], [
+ if test $ol_cv_header_linux_threads = yes &&
+ test $ol_cv_sys_linux_threads = yes; then
+ ol_cv_linux_threads=yes
+ elif test $ol_cv_header_linux_threads = no &&
+ test $ol_cv_sys_linux_threads = no; then
+ ol_cv_linux_threads=no
+ else
+ ol_cv_linux_threads=error
+ fi
+ ])
+])dnl
+dnl
+dnl ====================================================================
+dnl Check for POSIX Regex
+AC_DEFUN([OL_POSIX_REGEX], [
+AC_CACHE_CHECK([for compatible POSIX regex],ol_cv_c_posix_regex,[
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <sys/types.h>
+#include <regex.h>
+static char *pattern, *string;
+main()
+{
+ int rc;
+ regex_t re;
+
+ pattern = "^A";
+
+ if(regcomp(&re, pattern, 0)) {
+ return -1;
+ }
+
+ string = "ALL MATCH";
+
+ rc = regexec(&re, string, 0, (void*)0, 0);
+
+ regfree(&re);
+
+ return rc;
+}]])],[ol_cv_c_posix_regex=yes],[ol_cv_c_posix_regex=no],[ol_cv_c_posix_regex=cross])])
+])
+dnl
+dnl ====================================================================
+dnl Check if toupper() requires islower() to be called first
+AC_DEFUN([OL_C_UPPER_LOWER],
+[AC_CACHE_CHECK([if toupper() requires islower()],ol_cv_c_upper_lower,[
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <ctype.h>
+main()
+{
+ if ('C' == toupper('C'))
+ exit(0);
+ else
+ exit(1);
+}]])],[ol_cv_c_upper_lower=no],[ol_cv_c_upper_lower=yes],[ol_cv_c_upper_lower=safe])])
+if test $ol_cv_c_upper_lower != no ; then
+ AC_DEFINE(C_UPPER_LOWER,1, [define if toupper() requires islower()])
+fi
+])
+dnl
+dnl ====================================================================
+dnl Error string checks
+dnl
+dnl Check for declaration of sys_errlist in one of stdio.h and errno.h.
+dnl Declaration of sys_errlist on BSD4.4 interferes with our declaration.
+dnl Reported by Keith Bostic.
+AC_DEFUN([OL_SYS_ERRLIST],
+[AC_CACHE_CHECK([declaration of sys_errlist],ol_cv_dcl_sys_errlist,[
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <sys/types.h>
+#include <errno.h>
+#ifdef WINNT
+#include <stdlib.h>
+#endif ]], [[char *c = (char *) *sys_errlist]])],[ol_cv_dcl_sys_errlist=yes
+ ol_cv_have_sys_errlist=yes],[ol_cv_dcl_sys_errlist=no])])
+#
+# It's possible (for near-UNIX clones) that sys_errlist doesn't exist
+if test $ol_cv_dcl_sys_errlist = no ; then
+ AC_DEFINE(DECL_SYS_ERRLIST,1,
+ [define if sys_errlist is not declared in stdio.h or errno.h])
+
+ AC_CACHE_CHECK([existence of sys_errlist],ol_cv_have_sys_errlist,[
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <errno.h>]], [[char *c = (char *) *sys_errlist]])],[ol_cv_have_sys_errlist=yes],[ol_cv_have_sys_errlist=no])])
+fi
+if test $ol_cv_have_sys_errlist = yes ; then
+ AC_DEFINE(HAVE_SYS_ERRLIST,1,
+ [define if you actually have sys_errlist in your libs])
+fi
+])dnl
+AC_DEFUN([OL_NONPOSIX_STRERROR_R],
+[AC_CACHE_CHECK([non-posix strerror_r],ol_cv_nonposix_strerror_r,[
+ AC_EGREP_CPP(strerror_r,[#include <string.h>],
+ ol_decl_strerror_r=yes, ol_decl_strerror_r=no)dnl
+
+ if test $ol_decl_strerror_r = yes ; then
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <string.h>]], [[ /* from autoconf 2.59 */
+ char buf[100];
+ char x = *strerror_r (0, buf, sizeof buf);
+ char *p = strerror_r (0, buf, sizeof buf);
+ ]])],[ol_cv_nonposix_strerror_r=yes],[ol_cv_nonposix_strerror_r=no])
+ else
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+ main() {
+ char buf[100];
+ buf[0] = 0;
+ strerror_r( 1, buf, sizeof buf );
+ exit( buf[0] == 0 );
+ }
+ ]])],[ol_cv_nonposix_strerror_r=yes],[ol_cv_nonposix_strerror=no],[ol_cv_nonposix_strerror=no])
+ fi
+ ])
+if test $ol_cv_nonposix_strerror_r = yes ; then
+ AC_DEFINE(HAVE_NONPOSIX_STRERROR_R,1,
+ [define if strerror_r returns char* instead of int])
+fi
+])dnl
+dnl
+AC_DEFUN([OL_STRERROR],
+[OL_SYS_ERRLIST dnl TEMPORARY
+AC_CHECK_FUNCS(strerror strerror_r)
+ol_cv_func_strerror_r=no
+if test "${ac_cv_func_strerror_r}" = yes ; then
+ OL_NONPOSIX_STRERROR_R
+elif test "${ac_cv_func_strerror}" = no ; then
+ OL_SYS_ERRLIST
+fi
+])dnl
+dnl ====================================================================
+dnl Early MIPS compilers (used in Ultrix 4.2) don't like
+dnl "int x; int *volatile a = &x; *a = 0;"
+dnl -- borrowed from PDKSH
+AC_DEFUN([OL_C_VOLATILE],
+ [AC_CACHE_CHECK(if compiler understands volatile, ol_cv_c_volatile,
+ [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[int x, y, z;]], [[volatile int a; int * volatile b = x ? &y : &z;
+ /* Older MIPS compilers (eg., in Ultrix 4.2) don't like *b = 0 */
+ *b = 0;]])],[ol_cv_c_volatile=yes],[ol_cv_c_volatile=no])])
+ if test $ol_cv_c_volatile = yes; then
+ :
+ else
+ AC_DEFINE(volatile,,[define as empty if volatile is not supported])
+ fi
+ ])dnl
+dnl
+dnl ====================================================================
+dnl Look for fetch(3)
+AC_DEFUN([OL_LIB_FETCH],
+[ol_LIBS=$LIBS
+LIBS="-lfetch -lcom_err $LIBS"
+AC_CACHE_CHECK([fetch(3) library],ol_cv_lib_fetch,[
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/param.h>
+#include <stdio.h>
+#include <fetch.h>]], [[struct url *u = fetchParseURL("file:///"); ]])],[ol_cv_lib_fetch=yes],[ol_cv_lib_fetch=no])])
+LIBS=$ol_LIBS
+if test $ol_cv_lib_fetch != no ; then
+ ol_link_fetch="-lfetch -lcom_err"
+ AC_DEFINE(HAVE_FETCH,1,
+ [define if you actually have FreeBSD fetch(3)])
+fi
+])dnl
+dnl
+dnl ====================================================================
+dnl Define inet_aton is available
+AC_DEFUN([OL_FUNC_INET_ATON],
+ [AC_CACHE_CHECK([for inet_aton()], ol_cv_func_inet_aton,
+ [AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+# include <sys/socket.h>
+# ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+# endif
+# include <netinet/in.h>
+# ifdef HAVE_ARPA_INET_H
+# include <arpa/inet.h>
+# endif
+#endif
+]], [[struct in_addr in;
+int rc = inet_aton( "255.255.255.255", &in );]])],[ol_cv_func_inet_aton=yes],[ol_cv_func_inet_aton=no])])
+ if test $ol_cv_func_inet_aton != no; then
+ AC_DEFINE(HAVE_INET_ATON, 1,
+ [define to you inet_aton(3) is available])
+ fi
+ ])dnl
+dnl
+dnl ====================================================================
+dnl check no of arguments for ctime_r
+AC_DEFUN([OL_FUNC_CTIME_R_NARGS],
+ [AC_CACHE_CHECK(number of arguments of ctime_r, ol_cv_func_ctime_r_nargs,
+ [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <time.h>]], [[time_t ti; char *buffer; ctime_r(&ti,buffer,32);]])],[ol_cv_func_ctime_r_nargs3=yes],[ol_cv_func_ctime_r_nargs3=no])
+
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <time.h>]], [[time_t ti; char *buffer; ctime_r(&ti,buffer);]])],[ol_cv_func_ctime_r_nargs2=yes],[ol_cv_func_ctime_r_nargs2=no])
+
+ if test $ol_cv_func_ctime_r_nargs3 = yes &&
+ test $ol_cv_func_ctime_r_nargs2 = no ; then
+
+ ol_cv_func_ctime_r_nargs=3
+
+ elif test $ol_cv_func_ctime_r_nargs3 = no &&
+ test $ol_cv_func_ctime_r_nargs2 = yes ; then
+
+ ol_cv_func_ctime_r_nargs=2
+
+ else
+ ol_cv_func_ctime_r_nargs=0
+ fi
+ ])
+
+ if test $ol_cv_func_ctime_r_nargs -gt 1 ; then
+ AC_DEFINE_UNQUOTED(CTIME_R_NARGS, $ol_cv_func_ctime_r_nargs,
+ [set to the number of arguments ctime_r() expects])
+ fi
+])dnl
+dnl
+dnl --------------------------------------------------------------------
+dnl check return type of ctime_r()
+AC_DEFUN([OL_FUNC_CTIME_R_TYPE],
+ [AC_CACHE_CHECK(return type of ctime_r, ol_cv_func_ctime_r_type,
+ [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <time.h>]], [[extern int (ctime_r)();]])],[ol_cv_func_ctime_r_type="int"],[ol_cv_func_ctime_r_type="charp"])
+ ])
+ if test $ol_cv_func_ctime_r_type = "int" ; then
+ AC_DEFINE(CTIME_R_RETURNS_INT,1, [define if ctime_r() returns int])
+ fi
+])dnl
+dnl ====================================================================
+dnl check no of arguments for gethostbyname_r
+AC_DEFUN([OL_FUNC_GETHOSTBYNAME_R_NARGS],
+ [AC_CACHE_CHECK(number of arguments of gethostbyname_r,
+ ol_cv_func_gethostbyname_r_nargs,
+ [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#define BUFSIZE (sizeof(struct hostent)+10)]], [[struct hostent hent; char buffer[BUFSIZE];
+ int bufsize=BUFSIZE;int h_errno;
+ (void)gethostbyname_r("segovia.cs.purdue.edu", &hent,
+ buffer, bufsize, &h_errno);]])],[ol_cv_func_gethostbyname_r_nargs5=yes],[ol_cv_func_gethostbyname_r_nargs5=no])
+
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#define BUFSIZE (sizeof(struct hostent)+10)]], [[struct hostent hent;struct hostent *rhent;
+ char buffer[BUFSIZE];
+ int bufsize=BUFSIZE;int h_errno;
+ (void)gethostbyname_r("localhost", &hent, buffer, bufsize,
+ &rhent, &h_errno);]])],[ol_cv_func_gethostbyname_r_nargs6=yes],[ol_cv_func_gethostbyname_r_nargs6=no])
+
+ if test $ol_cv_func_gethostbyname_r_nargs5 = yes &&
+ test $ol_cv_func_gethostbyname_r_nargs6 = no ; then
+
+ ol_cv_func_gethostbyname_r_nargs=5
+
+ elif test $ol_cv_func_gethostbyname_r_nargs5 = no &&
+ test $ol_cv_func_gethostbyname_r_nargs6 = yes ; then
+
+ ol_cv_func_gethostbyname_r_nargs=6
+
+ else
+ ol_cv_func_gethostbyname_r_nargs=0
+ fi
+ ])
+ if test $ol_cv_func_gethostbyname_r_nargs -gt 1 ; then
+ AC_DEFINE_UNQUOTED(GETHOSTBYNAME_R_NARGS,
+ $ol_cv_func_gethostbyname_r_nargs,
+ [set to the number of arguments gethostbyname_r() expects])
+ fi
+])dnl
+dnl
+dnl check no of arguments for gethostbyaddr_r
+AC_DEFUN([OL_FUNC_GETHOSTBYADDR_R_NARGS],
+ [AC_CACHE_CHECK(number of arguments of gethostbyaddr_r,
+ [ol_cv_func_gethostbyaddr_r_nargs],
+ [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#define BUFSIZE (sizeof(struct hostent)+10)]], [[struct hostent hent; char buffer[BUFSIZE];
+ struct in_addr add;
+ size_t alen=sizeof(struct in_addr);
+ int bufsize=BUFSIZE;int h_errno;
+ (void)gethostbyaddr_r( (void *)&(add.s_addr),
+ alen, AF_INET, &hent, buffer, bufsize, &h_errno);]])],[ol_cv_func_gethostbyaddr_r_nargs7=yes],[ol_cv_func_gethostbyaddr_r_nargs7=no])
+
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#define BUFSIZE (sizeof(struct hostent)+10)]], [[struct hostent hent;
+ struct hostent *rhent; char buffer[BUFSIZE];
+ struct in_addr add;
+ size_t alen=sizeof(struct in_addr);
+ int bufsize=BUFSIZE;int h_errno;
+ (void)gethostbyaddr_r( (void *)&(add.s_addr),
+ alen, AF_INET, &hent, buffer, bufsize,
+ &rhent, &h_errno);]])],[ol_cv_func_gethostbyaddr_r_nargs8=yes],[ol_cv_func_gethostbyaddr_r_nargs8=no])
+
+ if test $ol_cv_func_gethostbyaddr_r_nargs7 = yes &&
+ test $ol_cv_func_gethostbyaddr_r_nargs8 = no ; then
+
+ ol_cv_func_gethostbyaddr_r_nargs=7
+
+ elif test $ol_cv_func_gethostbyaddr_r_nargs7 = no &&
+ test $ol_cv_func_gethostbyaddr_r_nargs8 = yes ; then
+
+ ol_cv_func_gethostbyaddr_r_nargs=8
+
+ else
+ ol_cv_func_gethostbyaddr_r_nargs=0
+ fi
+ ])
+ if test $ol_cv_func_gethostbyaddr_r_nargs -gt 1 ; then
+ AC_DEFINE_UNQUOTED(GETHOSTBYADDR_R_NARGS,
+ $ol_cv_func_gethostbyaddr_r_nargs,
+ [set to the number of arguments gethostbyaddr_r() expects])
+ fi
+])dnl
+dnl
+dnl --------------------------------------------------------------------
+dnl Check for Cyrus SASL version compatility
+AC_DEFUN([OL_SASL_COMPAT],
+[AC_CACHE_CHECK([Cyrus SASL library version], [ol_cv_sasl_compat],[
+ AC_EGREP_CPP(__sasl_compat,[
+#ifdef HAVE_SASL_SASL_H
+#include <sasl/sasl.h>
+#else
+#include <sasl.h>
+#endif
+
+/* Require 2.1.15+ */
+#if SASL_VERSION_MAJOR == 2 && SASL_VERSION_MINOR > 1
+ char *__sasl_compat = "2.2+ or better okay (we guess)";
+#elif SASL_VERSION_MAJOR == 2 && SASL_VERSION_MINOR == 1 \
+ && SASL_VERSION_STEP >=15
+ char *__sasl_compat = "2.1.15+ or better okay";
+#endif
+ ], [ol_cv_sasl_compat=yes], [ol_cv_sasl_compat=no])])
+])
+dnl ====================================================================
+dnl check for SSL compatibility
+AC_DEFUN([OL_SSL_COMPAT],
+[AC_CACHE_CHECK([OpenSSL library version (CRL checking capability)], [ol_cv_ssl_crl_compat],[
+ AC_EGREP_CPP(__ssl_compat,[
+#ifdef HAVE_OPENSSL_SSL_H
+#include <openssl/ssl.h>
+#else
+#include <ssl.h>
+#endif
+
+/* Require 0.9.7d+ */
+#if OPENSSL_VERSION_NUMBER >= 0x0090704fL
+ char *__ssl_compat = "0.9.7d";
+#endif
+ ], [ol_cv_ssl_crl_compat=yes], [ol_cv_ssl_crl_compat=no])])
+])
Added: openldap/vendor/openldap-2.3.35/build/rules.mk
===================================================================
--- openldap/vendor/openldap-2.3.35/build/rules.mk (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/rules.mk 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,35 @@
+# $OpenLDAP: pkg/ldap/build/rules.mk,v 1.12.2.4 2007/01/02 21:43:41 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##---------------------------------------------------------------------------
+#
+# Makefile Template for Programs
+#
+
+all-common: $(PROGRAMS) FORCE
+
+clean-common: FORCE
+ $(RM) $(PROGRAMS) $(XPROGRAMS) $(XSRCS) *.o *.lo a.out core *.core \
+ .libs/* *.exe
+
+depend-common: FORCE
+ $(MKDEP) $(DEFS) $(DEFINES) $(SRCS)
+
+lint: FORCE
+ $(LINT) $(DEFS) $(DEFINES) $(SRCS)
+
+lint5: FORCE
+ $(5LINT) $(DEFS) $(DEFINES) $(SRCS)
+
+Makefile: $(top_srcdir)/build/rules.mk
+
Added: openldap/vendor/openldap-2.3.35/build/shtool
===================================================================
--- openldap/vendor/openldap-2.3.35/build/shtool (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/shtool 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1436 @@
+#!/bin/sh
+##
+## GNU shtool -- The GNU Portable Shell Tool
+## Copyright (c) 1994-2006 Ralf S. Engelschall <rse at engelschall.com>
+##
+## See http://www.gnu.org/software/shtool/ for more information.
+## See ftp://ftp.gnu.org/gnu/shtool/ for latest version.
+##
+## Version: 2.0.5 (07-Feb-2006)
+## Contents: 6/19 available modules
+##
+
+##
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; either version 2 of the License, or
+## (at your option) any later version.
+##
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+## General Public License for more details.
+##
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+## USA, or contact Ralf S. Engelschall <rse at engelschall.com>.
+##
+## NOTICE: Given that you include this file verbatim into your own
+## source tree, you are justified in saying that it remains separate
+## from your package, and that this way you are simply just using GNU
+## shtool. So, in this situation, there is no requirement that your
+## package itself is licensed under the GNU General Public License in
+## order to take advantage of GNU shtool.
+##
+
+##
+## Usage: shtool [<options>] [<cmd-name> [<cmd-options>] [<cmd-args>]]
+##
+## Available commands:
+## echo Print string with optional construct expansion
+## move Move files with simultaneous substitution
+## install Install a program, script or datafile
+## mkdir Make one or more directories
+## mkln Make link with calculation of relative paths
+## subst Apply sed(1) substitution operations
+##
+## Not available commands (because module was not built-in):
+## mdate Pretty-print modification time of a file or dir
+## table Pretty-print a field-separated list as a table
+## prop Display progress with a running propeller
+## mkshadow Make a shadow tree through symbolic links
+## fixperm Fix file permissions inside a source tree
+## rotate Logfile rotation
+## tarball Roll distribution tarballs
+## platform Platform Identification Utility
+## arx Extended archive command
+## slo Separate linker options by library class
+## scpp Sharing C Pre-Processor
+## version Maintain a version information file
+## path Deal with program paths
+##
+
+# maximum Bourne-Shell compatibility
+if [ ".$ZSH_VERSION" != . ] && (emulate sh) >/dev/null 2>&1; then
+ # reconfigure zsh(1)
+ emulate sh
+ NULLCMD=:
+ alias -g '${1+"$@"}'='"$@"'
+elif [ ".$BASH_VERSION" != . ] && (set -o posix) >/dev/null 2>&1; then
+ # reconfigure bash(1)
+ set -o posix
+fi
+
+# maximum independence of NLS nuisances
+for var in \
+ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
+ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
+ LC_TELEPHONE LC_TIME
+do
+ if (set +x; test -z "`(eval $var=C; export $var) 2>&1`"); then
+ eval $var=C; export $var
+ else
+ unset $var
+ fi
+done
+
+# initial command line handling
+if [ $# -eq 0 ]; then
+ echo "$0:Error: invalid command line" 1>&2
+ echo "$0:Hint: run \`$0 -h' for usage" 1>&2
+ exit 1
+fi
+if [ ".$1" = ".-h" ] || [ ".$1" = ".--help" ]; then
+ echo "This is GNU shtool, version 2.0.5 (07-Feb-2006)"
+ echo 'Copyright (c) 1994-2006 Ralf S. Engelschall <rse at engelschall.com>'
+ echo 'Report bugs to <bug-shtool at gnu.org>'
+ echo ''
+ echo 'Usage: shtool [<options>] [<cmd-name> [<cmd-options>] [<cmd-args>]]'
+ echo ''
+ echo 'Available global <options>:'
+ echo ' -v, --version display shtool version information'
+ echo ' -h, --help display shtool usage help page (this one)'
+ echo ' -d, --debug display shell trace information'
+ echo ' -r, --recreate recreate this shtool script via shtoolize'
+ echo ''
+ echo 'Available <cmd-name> [<cmd-options>] [<cmd-args>]:'
+ echo ' echo [-n|--newline] [-e|--expand] [<string> ...]'
+ echo ' move [-v|--verbose] [-t|--trace] [-e|--expand] [-p|--preserve]'
+ echo ' <src-file> <dst-file>'
+ echo ' install [-v|--verbose] [-t|--trace] [-d|--mkdir] [-c|--copy]'
+ echo ' [-C|--compare-copy] [-s|--strip] [-m|--mode <mode>]'
+ echo ' [-o|--owner <owner>] [-g|--group <group>] [-e|--exec'
+ echo ' <sed-cmd>] <file> [<file> ...] <path>'
+ echo ' mkdir [-t|--trace] [-f|--force] [-p|--parents] [-m|--mode'
+ echo ' <mode>] [-o|--owner <owner>] [-g|--group <group>] <dir>'
+ echo ' [<dir> ...]'
+ echo ' mkln [-t|--trace] [-f|--force] [-s|--symbolic] <src-path>'
+ echo ' [<src-path> ...] <dst-path>'
+ echo ' subst [-v|--verbose] [-t|--trace] [-n|--nop] [-w|--warning]'
+ echo ' [-q|--quiet] [-s|--stealth] [-i|--interactive] [-b|--backup'
+ echo ' <ext>] [-e|--exec <cmd>] [-f|--file <cmd-file>] [<file>]'
+ echo ' [...]'
+ echo ''
+ echo 'Not available <cmd-name> (because module was not built-in):'
+ echo ' mdate [-n|--newline] [-z|--zero] [-s|--shorten] [-d|--digits]'
+ echo ' [-f|--field-sep <str>] [-o|--order <spec>] <path>'
+ echo ' table [-F|--field-sep <sep>] [-w|--width <width>] [-c|--columns'
+ echo ' <cols>] [-s|--strip <strip>] <str><sep><str>...'
+ echo ' prop [-p|--prefix <str>]'
+ echo ' mkshadow [-v|--verbose] [-t|--trace] [-a|--all] <src-dir> <dst-dir>'
+ echo ' fixperm [-v|--verbose] [-t|--trace] <path> [<path> ...]'
+ echo ' rotate [-v|--verbose] [-t|--trace] [-f|--force] [-n|--num-files'
+ echo ' <count>] [-s|--size <size>] [-c|--copy] [-r|--remove]'
+ echo ' [-a|--archive-dir <dir>] [-z|--compress [<tool>:]<level>]'
+ echo ' [-b|--background] [-d|--delay] [-p|--pad <len>] [-m|--mode'
+ echo ' <mode>] [-o|--owner <owner>] [-g|--group <group>] [-M|--migrate'
+ echo ' <cmd>] [-P|--prolog <cmd>] [-E|--epilog <cmd>] <file> [...]'
+ echo ' tarball [-t|--trace] [-v|--verbose] [-o|--output <tarball>]'
+ echo ' [-c|--compress <prog>] [-d|--directory <dir>] [-u|--user'
+ echo ' <user>] [-g|--group <group>] [-e|--exclude <pattern>]'
+ echo ' <path> [<path> ...]'
+ echo ' platform [-F|--format <format>] [-S|--sep <string>] [-C|--conc'
+ echo ' <string>] [-L|--lower] [-U|--upper] [-v|--verbose]'
+ echo ' [-c|--concise] [-n|--no-newline] [-t|--type <type>]'
+ echo ' [-V|--version] [-h|--help]'
+ echo ' arx [-t|--trace] [-C|--command <cmd>] <op> <archive> [<file>'
+ echo ' ...]'
+ echo ' slo [-p|--prefix <str>] -- -L<dir> -l<lib> [-L<dir> -l<lib>'
+ echo ' ...]'
+ echo ' scpp [-v|--verbose] [-p|--preserve] [-f|--filter <filter>]'
+ echo ' [-o|--output <ofile>] [-t|--template <tfile>] [-M|--mark'
+ echo ' <mark>] [-D|--define <dname>] [-C|--class <cname>]'
+ echo ' <file> [<file> ...]'
+ echo ' version [-l|--language <lang>] [-n|--name <name>] [-p|--prefix'
+ echo ' <prefix>] [-s|--set <version>] [-e|--edit] [-i|--increase'
+ echo ' <knob>] [-d|--display <type>] <file>'
+ echo ' path [-s|--suppress] [-r|--reverse] [-d|--dirname] [-b|--basename]'
+ echo ' [-m|--magic] [-p|--path <path>] <str> [<str> ...]'
+ echo ''
+ exit 0
+fi
+if [ ".$1" = ".-v" ] || [ ".$1" = ".--version" ]; then
+ echo "GNU shtool 2.0.5 (07-Feb-2006)"
+ exit 0
+fi
+if [ ".$1" = ".-r" ] || [ ".$1" = ".--recreate" ]; then
+ shtoolize -oshtool echo move install mkdir mkln subst
+ exit 0
+fi
+if [ ".$1" = ".-d" ] || [ ".$1" = ".--debug" ]; then
+ shift
+ set -x
+fi
+name=`echo "$0" | sed -e 's;.*/\([^/]*\)$;\1;' -e 's;-sh$;;' -e 's;\.sh$;;'`
+case "$name" in
+ echo|move|install|mkdir|mkln|subst )
+ # implicit tool command selection
+ tool="$name"
+ ;;
+ * )
+ # explicit tool command selection
+ tool="$1"
+ shift
+ ;;
+esac
+arg_spec=""
+opt_spec=""
+gen_tmpfile=no
+
+##
+## DISPATCH INTO SCRIPT PROLOG
+##
+
+case $tool in
+ echo )
+ str_tool="echo"
+ str_usage="[-n|--newline] [-e|--expand] [<string> ...]"
+ arg_spec="0+"
+ opt_spec="n.e."
+ opt_alias="n:newline,e:expand"
+ opt_n=no
+ opt_e=no
+ ;;
+ move )
+ str_tool="move"
+ str_usage="[-v|--verbose] [-t|--trace] [-e|--expand] [-p|--preserve] <src-file> <dst-file>"
+ arg_spec="2="
+ opt_spec="v.t.e.p."
+ opt_alias="v:verbose,t:trace,e:expand,p:preserve"
+ opt_v=no
+ opt_t=no
+ opt_e=no
+ opt_p=no
+ ;;
+ install )
+ str_tool="install"
+ str_usage="[-v|--verbose] [-t|--trace] [-d|--mkdir] [-c|--copy] [-C|--compare-copy] [-s|--strip] [-m|--mode <mode>] [-o|--owner <owner>] [-g|--group <group>] [-e|--exec <sed-cmd>] <file> [<file> ...] <path>"
+ arg_spec="1+"
+ opt_spec="v.t.d.c.C.s.m:o:g:e+"
+ opt_alias="v:verbose,t:trace,d:mkdir,c:copy,C:compare-copy,s:strip,m:mode,o:owner,g:group,e:exec"
+ opt_v=no
+ opt_t=no
+ opt_d=no
+ opt_c=no
+ opt_C=no
+ opt_s=no
+ opt_m="0755"
+ opt_o=""
+ opt_g=""
+ opt_e=""
+ ;;
+ mkdir )
+ str_tool="mkdir"
+ str_usage="[-t|--trace] [-f|--force] [-p|--parents] [-m|--mode <mode>] [-o|--owner <owner>] [-g|--group <group>] <dir> [<dir> ...]"
+ arg_spec="1+"
+ opt_spec="t.f.p.m:o:g:"
+ opt_alias="t:trace,f:force,p:parents,m:mode,o:owner,g:group"
+ opt_t=no
+ opt_f=no
+ opt_p=no
+ opt_m=""
+ opt_o=""
+ opt_g=""
+ ;;
+ mkln )
+ str_tool="mkln"
+ str_usage="[-t|--trace] [-f|--force] [-s|--symbolic] <src-path> [<src-path> ...] <dst-path>"
+ arg_spec="2+"
+ opt_spec="t.f.s."
+ opt_alias="t:trace,f:force,s:symbolic"
+ opt_t=no
+ opt_f=no
+ opt_s=no
+ ;;
+ subst )
+ str_tool="subst"
+ str_usage="[-v|--verbose] [-t|--trace] [-n|--nop] [-w|--warning] [-q|--quiet] [-s|--stealth] [-i|--interactive] [-b|--backup <ext>] [-e|--exec <cmd>] [-f|--file <cmd-file>] [<file>] [...]"
+ gen_tmpfile=yes
+ arg_spec="0+"
+ opt_spec="v.t.n.w.q.s.i.b:e+f:"
+ opt_alias="v:verbose,t:trace,n:nop,w:warning,q:quiet,s:stealth,i:interactive,b:backup,e:exec,f:file"
+ opt_v=no
+ opt_t=no
+ opt_n=no
+ opt_w=no
+ opt_q=no
+ opt_s=no
+ opt_i=no
+ opt_b=""
+ opt_e=""
+ opt_f=""
+ ;;
+ -* )
+ echo "$0:Error: unknown option \`$tool'" 2>&1
+ echo "$0:Hint: run \`$0 -h' for usage" 2>&1
+ exit 1
+ ;;
+ * )
+ echo "$0:Error: unknown command \`$tool'" 2>&1
+ echo "$0:Hint: run \`$0 -h' for usage" 2>&1
+ exit 1
+ ;;
+esac
+
+##
+## COMMON UTILITY CODE
+##
+
+# commonly used ASCII values
+ASC_TAB=" "
+ASC_NL="
+"
+
+# determine name of tool
+if [ ".$tool" != . ]; then
+ # used inside shtool script
+ toolcmd="$0 $tool"
+ toolcmdhelp="shtool $tool"
+ msgprefix="shtool:$tool"
+else
+ # used as standalone script
+ toolcmd="$0"
+ toolcmdhelp="sh $0"
+ msgprefix="$str_tool"
+fi
+
+# parse argument specification string
+eval `echo $arg_spec |\
+ sed -e 's/^\([0-9]*\)\([+=]\)/arg_NUMS=\1; arg_MODE=\2/'`
+
+# parse option specification string
+eval `echo h.$opt_spec |\
+ sed -e 's/\([a-zA-Z0-9]\)\([.:+]\)/opt_MODE_\1=\2;/g'`
+
+# parse option alias string
+eval `echo h:help,$opt_alias |\
+ sed -e 's/-/_/g' -e 's/\([a-zA-Z0-9]\):\([^,]*\),*/opt_ALIAS_\2=\1;/g'`
+
+# interate over argument line
+opt_PREV=''
+while [ $# -gt 0 ]; do
+ # special option stops processing
+ if [ ".$1" = ".--" ]; then
+ shift
+ break
+ fi
+
+ # determine option and argument
+ opt_ARG_OK=no
+ if [ ".$opt_PREV" != . ]; then
+ # merge previous seen option with argument
+ opt_OPT="$opt_PREV"
+ opt_ARG="$1"
+ opt_ARG_OK=yes
+ opt_PREV=''
+ else
+ # split argument into option and argument
+ case "$1" in
+ --[a-zA-Z0-9]*=*)
+ eval `echo "x$1" |\
+ sed -e 's/^x--\([a-zA-Z0-9-]*\)=\(.*\)$/opt_OPT="\1";opt_ARG="\2"/'`
+ opt_STR=`echo $opt_OPT | sed -e 's/-/_/g'`
+ eval "opt_OPT=\${opt_ALIAS_${opt_STR}-${opt_OPT}}"
+ ;;
+ --[a-zA-Z0-9]*)
+ opt_OPT=`echo "x$1" | cut -c4-`
+ opt_STR=`echo $opt_OPT | sed -e 's/-/_/g'`
+ eval "opt_OPT=\${opt_ALIAS_${opt_STR}-${opt_OPT}}"
+ opt_ARG=''
+ ;;
+ -[a-zA-Z0-9]*)
+ eval `echo "x$1" |\
+ sed -e 's/^x-\([a-zA-Z0-9]\)/opt_OPT="\1";/' \
+ -e 's/";\(.*\)$/"; opt_ARG="\1"/'`
+ ;;
+ -[a-zA-Z0-9])
+ opt_OPT=`echo "x$1" | cut -c3-`
+ opt_ARG=''
+ ;;
+ *)
+ break
+ ;;
+ esac
+ fi
+
+ # eat up option
+ shift
+
+ # determine whether option needs an argument
+ eval "opt_MODE=\$opt_MODE_${opt_OPT}"
+ if [ ".$opt_ARG" = . ] && [ ".$opt_ARG_OK" != .yes ]; then
+ if [ ".$opt_MODE" = ".:" ] || [ ".$opt_MODE" = ".+" ]; then
+ opt_PREV="$opt_OPT"
+ continue
+ fi
+ fi
+
+ # process option
+ case $opt_MODE in
+ '.' )
+ # boolean option
+ eval "opt_${opt_OPT}=yes"
+ ;;
+ ':' )
+ # option with argument (multiple occurances override)
+ eval "opt_${opt_OPT}=\"\$opt_ARG\""
+ ;;
+ '+' )
+ # option with argument (multiple occurances append)
+ eval "opt_${opt_OPT}=\"\$opt_${opt_OPT}\${ASC_NL}\$opt_ARG\""
+ ;;
+ * )
+ echo "$msgprefix:Error: unknown option: \`$opt_OPT'" 1>&2
+ echo "$msgprefix:Hint: run \`$toolcmdhelp -h' or \`man shtool' for details" 1>&2
+ exit 1
+ ;;
+ esac
+done
+if [ ".$opt_PREV" != . ]; then
+ echo "$msgprefix:Error: missing argument to option \`$opt_PREV'" 1>&2
+ echo "$msgprefix:Hint: run \`$toolcmdhelp -h' or \`man shtool' for details" 1>&2
+ exit 1
+fi
+
+# process help option
+if [ ".$opt_h" = .yes ]; then
+ echo "Usage: $toolcmdhelp $str_usage"
+ exit 0
+fi
+
+# complain about incorrect number of arguments
+case $arg_MODE in
+ '=' )
+ if [ $# -ne $arg_NUMS ]; then
+ echo "$msgprefix:Error: invalid number of arguments (exactly $arg_NUMS expected)" 1>&2
+ echo "$msgprefix:Hint: run \`$toolcmd -h' or \`man shtool' for details" 1>&2
+ exit 1
+ fi
+ ;;
+ '+' )
+ if [ $# -lt $arg_NUMS ]; then
+ echo "$msgprefix:Error: invalid number of arguments (at least $arg_NUMS expected)" 1>&2
+ echo "$msgprefix:Hint: run \`$toolcmd -h' or \`man shtool' for details" 1>&2
+ exit 1
+ fi
+ ;;
+esac
+
+# establish a temporary file on request
+if [ ".$gen_tmpfile" = .yes ]; then
+ # create (explicitly) secure temporary directory
+ if [ ".$TMPDIR" != . ]; then
+ tmpdir="$TMPDIR"
+ elif [ ".$TEMPDIR" != . ]; then
+ tmpdir="$TEMPDIR"
+ else
+ tmpdir="/tmp"
+ fi
+ tmpdir="$tmpdir/.shtool.$$"
+ ( umask 077
+ rm -rf "$tmpdir" >/dev/null 2>&1 || true
+ mkdir "$tmpdir" >/dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ echo "$msgprefix:Error: failed to create temporary directory \`$tmpdir'" 1>&2
+ exit 1
+ fi
+ )
+
+ # create (implicitly) secure temporary file
+ tmpfile="$tmpdir/shtool.tmp"
+ touch "$tmpfile"
+fi
+
+# utility function: map string to lower case
+util_lower () {
+ echo "$1" | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'
+}
+
+# utility function: map string to upper case
+util_upper () {
+ echo "$1" | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+}
+
+# cleanup procedure
+shtool_exit () {
+ rc="$1"
+ if [ ".$gen_tmpfile" = .yes ]; then
+ rm -rf "$tmpdir" >/dev/null 2>&1 || true
+ fi
+ exit $rc
+}
+
+##
+## DISPATCH INTO SCRIPT BODY
+##
+
+case $tool in
+
+echo )
+ ##
+ ## echo -- Print string with optional construct expansion
+ ## Copyright (c) 1998-2006 Ralf S. Engelschall <rse at engelschall.com>
+ ##
+
+ text="$*"
+
+ # check for broken escape sequence expansion
+ seo=''
+ bytes=`echo '\1' | wc -c | awk '{ printf("%s", $1); }'`
+ if [ ".$bytes" != .3 ]; then
+ bytes=`echo -E '\1' | wc -c | awk '{ printf("%s", $1); }'`
+ if [ ".$bytes" = .3 ]; then
+ seo='-E'
+ fi
+ fi
+
+ # check for existing -n option (to suppress newline)
+ minusn=''
+ bytes=`echo -n 123 2>/dev/null | wc -c | awk '{ printf("%s", $1); }'`
+ if [ ".$bytes" = .3 ]; then
+ minusn='-n'
+ fi
+
+ # determine terminal bold sequence
+ term_bold=''
+ term_norm=''
+ if [ ".$opt_e" = .yes ] && [ ".`echo $text | grep '%[Bb]'`" != . ]; then
+ case $TERM in
+ # for the most important terminal types we directly know the sequences
+ xterm|xterm*|vt220|vt220*)
+ term_bold=`awk 'BEGIN { printf("%c%c%c%c", 27, 91, 49, 109); }' </dev/null 2>/dev/null`
+ term_norm=`awk 'BEGIN { printf("%c%c%c", 27, 91, 109); }' </dev/null 2>/dev/null`
+ ;;
+ vt100|vt100*|cygwin)
+ term_bold=`awk 'BEGIN { printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }' </dev/null 2>/dev/null`
+ term_norm=`awk 'BEGIN { printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }' </dev/null 2>/dev/null`
+ ;;
+ # for all others, we try to use a possibly existing `tput' or `tcout' utility
+ * )
+ paths=`echo $PATH | sed -e 's/:/ /g'`
+ for tool in tput tcout; do
+ for dir in $paths; do
+ if [ -r "$dir/$tool" ]; then
+ for seq in bold md smso; do # 'smso' is last
+ bold="`$dir/$tool $seq 2>/dev/null`"
+ if [ ".$bold" != . ]; then
+ term_bold="$bold"
+ break
+ fi
+ done
+ if [ ".$term_bold" != . ]; then
+ for seq in sgr0 me rmso init reset; do # 'reset' is last
+ norm="`$dir/$tool $seq 2>/dev/null`"
+ if [ ".$norm" != . ]; then
+ term_norm="$norm"
+ break
+ fi
+ done
+ fi
+ break
+ fi
+ done
+ if [ ".$term_bold" != . ] && [ ".$term_norm" != . ]; then
+ break;
+ fi
+ done
+ ;;
+ esac
+ if [ ".$term_bold" = . ] || [ ".$term_norm" = . ]; then
+ echo "$msgprefix:Warning: unable to determine terminal sequence for bold mode" 1>&2
+ term_bold=''
+ term_norm=''
+ fi
+ fi
+
+ # determine user name
+ username=''
+ if [ ".$opt_e" = .yes ] && [ ".`echo $text | grep '%[uUgG]'`" != . ]; then
+ username="`(id -un) 2>/dev/null`"
+ if [ ".$username" = . ]; then
+ str="`(id) 2>/dev/null`"
+ if [ ".`echo $str | grep '^uid[ ]*=[ ]*[0-9]*('`" != . ]; then
+ username=`echo $str | sed -e 's/^uid[ ]*=[ ]*[0-9]*(//' -e 's/).*$//'`
+ fi
+ if [ ".$username" = . ]; then
+ username="$LOGNAME"
+ if [ ".$username" = . ]; then
+ username="$USER"
+ if [ ".$username" = . ]; then
+ username="`(whoami) 2>/dev/null |\
+ awk '{ printf("%s", $1); }'`"
+ if [ ".$username" = . ]; then
+ username="`(who am i) 2>/dev/null |\
+ awk '{ printf("%s", $1); }'`"
+ if [ ".$username" = . ]; then
+ username='unknown'
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+
+ # determine user id
+ userid=''
+ if [ ".$opt_e" = .yes ] && [ ".`echo $text | grep '%U'`" != . ]; then
+ userid="`(id -u) 2>/dev/null`"
+ if [ ".$userid" = . ]; then
+ userid="`(id -u ${username}) 2>/dev/null`"
+ if [ ".$userid" = . ]; then
+ str="`(id) 2>/dev/null`"
+ if [ ".`echo $str | grep '^uid[ ]*=[ ]*[0-9]*('`" != . ]; then
+ userid=`echo $str | sed -e 's/^uid[ ]*=[ ]*//' -e 's/(.*$//'`
+ fi
+ if [ ".$userid" = . ]; then
+ userid=`(getent passwd ${username}) 2>/dev/null | \
+ sed -e 's/[^:]*:[^:]*://' -e 's/:.*$//'`
+ if [ ".$userid" = . ]; then
+ userid=`grep "^${username}:" /etc/passwd 2>/dev/null | \
+ sed -e 's/[^:]*:[^:]*://' -e 's/:.*$//'`
+ if [ ".$userid" = . ]; then
+ userid=`(ypcat passwd) 2>/dev/null |
+ grep "^${username}:" | \
+ sed -e 's/[^:]*:[^:]*://' -e 's/:.*$//'`
+ if [ ".$userid" = . ]; then
+ userid='?'
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+
+ # determine (primary) group id
+ groupid=''
+ if [ ".$opt_e" = .yes ] && [ ".`echo $text | grep '%[gG]'`" != . ]; then
+ groupid="`(id -g ${username}) 2>/dev/null`"
+ if [ ".$groupid" = . ]; then
+ str="`(id) 2>/dev/null`"
+ if [ ".`echo $str | grep 'gid[ ]*=[ ]*[0-9]*('`" != . ]; then
+ groupid=`echo $str | sed -e 's/^.*gid[ ]*=[ ]*//' -e 's/(.*$//'`
+ fi
+ if [ ".$groupid" = . ]; then
+ groupid=`(getent passwd ${username}) 2>/dev/null | \
+ sed -e 's/[^:]*:[^:]*:[^:]*://' -e 's/:.*$//'`
+ if [ ".$groupid" = . ]; then
+ groupid=`grep "^${username}:" /etc/passwd 2>/dev/null | \
+ sed -e 's/[^:]*:[^:]*:[^:]*://' -e 's/:.*$//'`
+ if [ ".$groupid" = . ]; then
+ groupid=`(ypcat passwd) 2>/dev/null | grep "^${username}:" | \
+ sed -e 's/[^:]*:[^:]*:[^:]*://' -e 's/:.*$//'`
+ if [ ".$groupid" = . ]; then
+ groupid='?'
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+
+ # determine (primary) group name
+ groupname=''
+ if [ ".$opt_e" = .yes ] && [ ".`echo $text | grep '%g'`" != . ]; then
+ groupname="`(id -gn ${username}) 2>/dev/null`"
+ if [ ".$groupname" = . ]; then
+ str="`(id) 2>/dev/null`"
+ if [ ".`echo $str | grep 'gid[ ]*=[ ]*[0-9]*('`" != . ]; then
+ groupname=`echo $str | sed -e 's/^.*gid[ ]*=[ ]*[0-9]*(//' -e 's/).*$//'`
+ fi
+ if [ ".$groupname" = . ]; then
+ groupname=`(getent group) 2>/dev/null | \
+ grep "^[^:]*:[^:]*:${groupid}:" | \
+ sed -e 's/:.*$//'`
+ if [ ".$groupname" = . ]; then
+ groupname=`grep "^[^:]*:[^:]*:${groupid}:" /etc/group 2>/dev/null | \
+ sed -e 's/:.*$//'`
+ if [ ".$groupname" = . ]; then
+ groupname=`(ypcat group) 2>/dev/null | \
+ grep "^[^:]*:[^:]*:${groupid}:" | \
+ sed -e 's/:.*$//'`
+ if [ ".$groupname" = . ]; then
+ groupname='?'
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+
+ # determine host and domain name
+ hostname=''
+ domainname=''
+ if [ ".$opt_e" = .yes ] && [ ".`echo $text | grep '%h'`" != . ]; then
+ hostname="`(uname -n) 2>/dev/null |\
+ awk '{ printf("%s", $1); }'`"
+ if [ ".$hostname" = . ]; then
+ hostname="`(hostname) 2>/dev/null |\
+ awk '{ printf("%s", $1); }'`"
+ if [ ".$hostname" = . ]; then
+ hostname='unknown'
+ fi
+ fi
+ case $hostname in
+ *.* )
+ domainname=".`echo $hostname | cut -d. -f2-`"
+ hostname="`echo $hostname | cut -d. -f1`"
+ ;;
+ esac
+ fi
+ if [ ".$opt_e" = .yes ] && [ ".`echo $text | grep '%d'`" != . ]; then
+ if [ ".$domainname" = . ]; then
+ if [ -f /etc/resolv.conf ]; then
+ domainname="`grep '^[ ]*domain' /etc/resolv.conf | sed -e 'q' |\
+ sed -e 's/.*domain//' \
+ -e 's/^[ ]*//' -e 's/^ *//' -e 's/^ *//' \
+ -e 's/^\.//' -e 's/^/./' |\
+ awk '{ printf("%s", $1); }'`"
+ if [ ".$domainname" = . ]; then
+ domainname="`grep '^[ ]*search' /etc/resolv.conf | sed -e 'q' |\
+ sed -e 's/.*search//' \
+ -e 's/^[ ]*//' -e 's/^ *//' -e 's/^ *//' \
+ -e 's/ .*//' -e 's/ .*//' \
+ -e 's/^\.//' -e 's/^/./' |\
+ awk '{ printf("%s", $1); }'`"
+ fi
+ fi
+ fi
+ fi
+
+ # determine current time
+ time_day=''
+ time_month=''
+ time_year=''
+ time_monthname=''
+ if [ ".$opt_e" = .yes ] && [ ".`echo $text | grep '%[DMYm]'`" != . ]; then
+ time_day=`date '+%d'`
+ time_month=`date '+%m'`
+ time_year=`date '+%Y' 2>/dev/null`
+ if [ ".$time_year" = . ]; then
+ time_year=`date '+%y'`
+ case $time_year in
+ [5-9][0-9]) time_year="19$time_year" ;;
+ [0-4][0-9]) time_year="20$time_year" ;;
+ esac
+ fi
+ case $time_month in
+ 1|01) time_monthname='Jan' ;;
+ 2|02) time_monthname='Feb' ;;
+ 3|03) time_monthname='Mar' ;;
+ 4|04) time_monthname='Apr' ;;
+ 5|05) time_monthname='May' ;;
+ 6|06) time_monthname='Jun' ;;
+ 7|07) time_monthname='Jul' ;;
+ 8|08) time_monthname='Aug' ;;
+ 9|09) time_monthname='Sep' ;;
+ 10) time_monthname='Oct' ;;
+ 11) time_monthname='Nov' ;;
+ 12) time_monthname='Dec' ;;
+ esac
+ fi
+
+ # expand special ``%x'' constructs
+ if [ ".$opt_e" = .yes ]; then
+ text=`echo $seo "$text" |\
+ sed -e "s/%B/${term_bold}/g" \
+ -e "s/%b/${term_norm}/g" \
+ -e "s/%u/${username}/g" \
+ -e "s/%U/${userid}/g" \
+ -e "s/%g/${groupname}/g" \
+ -e "s/%G/${groupid}/g" \
+ -e "s/%h/${hostname}/g" \
+ -e "s/%d/${domainname}/g" \
+ -e "s/%D/${time_day}/g" \
+ -e "s/%M/${time_month}/g" \
+ -e "s/%Y/${time_year}/g" \
+ -e "s/%m/${time_monthname}/g" 2>/dev/null`
+ fi
+
+ # create output
+ if [ .$opt_n = .no ]; then
+ echo $seo "$text"
+ else
+ # the harder part: echo -n is best, because
+ # awk may complain about some \xx sequences.
+ if [ ".$minusn" != . ]; then
+ echo $seo $minusn "$text"
+ else
+ echo dummy | awk '{ printf("%s", TEXT); }' TEXT="$text"
+ fi
+ fi
+
+ shtool_exit 0
+ ;;
+
+move )
+ ##
+ ## move -- Move files with simultaneous substitution
+ ## Copyright (c) 1999-2006 Ralf S. Engelschall <rse at engelschall.com>
+ ##
+
+ src="$1"
+ dst="$2"
+
+ # consistency checks
+ if [ ".$src" = . ] || [ ".$dst" = . ]; then
+ echo "$msgprefix:Error: Invalid arguments" 1>&2
+ shtool_exit 1
+ fi
+ if [ ".$src" = ".$dst" ]; then
+ echo "$msgprefix:Error: Source and destination files are the same" 1>&2
+ shtool_exit 1
+ fi
+ expsrc="$src"
+ if [ ".$opt_e" = .yes ]; then
+ expsrc="`echo $expsrc`"
+ fi
+ if [ ".$opt_e" = .yes ]; then
+ if [ ".`echo "$src" | sed -e 's;^.*\\*.*$;;'`" = ".$src" ]; then
+ echo "$msgprefix:Error: Source doesn't contain wildcard ('*'): $dst" 1>&2
+ shtool_exit 1
+ fi
+ if [ ".`echo "$dst" | sed -e 's;^.*%[1-9].*$;;'`" = ".$dst" ]; then
+ echo "$msgprefix:Error: Destination doesn't contain substitution ('%N'): $dst" 1>&2
+ shtool_exit 1
+ fi
+ if [ ".$expsrc" = ".$src" ]; then
+ echo "$msgprefix:Error: Sources not found or no asterisk : $src" 1>&2
+ shtool_exit 1
+ fi
+ else
+ if [ ! -r "$src" ]; then
+ echo "$msgprefix:Error: Source not found: $src" 1>&2
+ shtool_exit 1
+ fi
+ fi
+
+ # determine substitution patterns
+ if [ ".$opt_e" = .yes ]; then
+ srcpat=`echo "$src" | sed -e 's/\\./\\\\./g' -e 's/;/\\;/g' -e 's;\\*;\\\\(.*\\\\);g'`
+ dstpat=`echo "$dst" | sed -e 's;%\([1-9]\);\\\\\1;g'`
+ fi
+
+ # iterate over source(s)
+ for onesrc in $expsrc; do
+ if [ .$opt_e = .yes ]; then
+ onedst=`echo $onesrc | sed -e "s;$srcpat;$dstpat;"`
+ else
+ onedst="$dst"
+ fi
+ errorstatus=0
+ if [ ".$opt_v" = .yes ]; then
+ echo "$onesrc -> $onedst"
+ fi
+ if [ ".$opt_p" = .yes ]; then
+ if [ -r $onedst ]; then
+ if cmp -s $onesrc $onedst; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "rm -f $onesrc" 1>&2
+ fi
+ rm -f $onesrc || errorstatus=$?
+ else
+ if [ ".$opt_t" = .yes ]; then
+ echo "mv -f $onesrc $onedst" 1>&2
+ fi
+ mv -f $onesrc $onedst || errorstatus=$?
+ fi
+ else
+ if [ ".$opt_t" = .yes ]; then
+ echo "mv -f $onesrc $onedst" 1>&2
+ fi
+ mv -f $onesrc $onedst || errorstatus=$?
+ fi
+ else
+ if [ ".$opt_t" = .yes ]; then
+ echo "mv -f $onesrc $onedst" 1>&2
+ fi
+ mv -f $onesrc $onedst || errorstatus=$?
+ fi
+ if [ $errorstatus -ne 0 ]; then
+ break;
+ fi
+ done
+
+ shtool_exit $errorstatus
+ ;;
+
+install )
+ ##
+ ## install -- Install a program, script or datafile
+ ## Copyright (c) 1997-2006 Ralf S. Engelschall <rse at engelschall.com>
+ ##
+
+ # special case: "shtool install -d <dir> [...]" internally
+ # maps to "shtool mkdir -f -p -m 755 <dir> [...]"
+ if [ "$opt_d" = yes ]; then
+ cmd="$0 mkdir -f -p -m 755"
+ if [ ".$opt_o" != . ]; then
+ cmd="$cmd -o '$opt_o'"
+ fi
+ if [ ".$opt_g" != . ]; then
+ cmd="$cmd -g '$opt_g'"
+ fi
+ if [ ".$opt_v" = .yes ]; then
+ cmd="$cmd -v"
+ fi
+ if [ ".$opt_t" = .yes ]; then
+ cmd="$cmd -t"
+ fi
+ for dir in "$@"; do
+ eval "$cmd $dir" || shtool_exit $?
+ done
+ shtool_exit 0
+ fi
+
+ # determine source(s) and destination
+ argc=$#
+ srcs=""
+ while [ $# -gt 1 ]; do
+ srcs="$srcs $1"
+ shift
+ done
+ dstpath="$1"
+
+ # type check for destination
+ dstisdir=0
+ if [ -d $dstpath ]; then
+ dstpath=`echo "$dstpath" | sed -e 's:/$::'`
+ dstisdir=1
+ fi
+
+ # consistency check for destination
+ if [ $argc -gt 2 ] && [ $dstisdir = 0 ]; then
+ echo "$msgprefix:Error: multiple sources require destination to be directory" 1>&2
+ shtool_exit 1
+ fi
+
+ # iterate over all source(s)
+ for src in $srcs; do
+ dst=$dstpath
+
+ # if destination is a directory, append the input filename
+ if [ $dstisdir = 1 ]; then
+ dstfile=`echo "$src" | sed -e 's;.*/\([^/]*\)$;\1;'`
+ dst="$dst/$dstfile"
+ fi
+
+ # check for correct arguments
+ if [ ".$src" = ".$dst" ]; then
+ echo "$msgprefix:Warning: source and destination are the same - skipped" 1>&2
+ continue
+ fi
+ if [ -d "$src" ]; then
+ echo "$msgprefix:Warning: source \`$src' is a directory - skipped" 1>&2
+ continue
+ fi
+
+ # make a temp file name in the destination directory
+ dsttmp=`echo $dst |\
+ sed -e 's;[^/]*$;;' -e 's;\(.\)/$;\1;' -e 's;^$;.;' \
+ -e "s;\$;/#INST@$$#;"`
+
+ # verbosity
+ if [ ".$opt_v" = .yes ]; then
+ echo "$src -> $dst" 1>&2
+ fi
+
+ # copy or move the file name to the temp name
+ # (because we might be not allowed to change the source)
+ if [ ".$opt_C" = .yes ]; then
+ opt_c=yes
+ fi
+ if [ ".$opt_c" = .yes ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "cp $src $dsttmp" 1>&2
+ fi
+ cp $src $dsttmp || shtool_exit $?
+ else
+ if [ ".$opt_t" = .yes ]; then
+ echo "mv $src $dsttmp" 1>&2
+ fi
+ mv $src $dsttmp || shtool_exit $?
+ fi
+
+ # adjust the target file
+ if [ ".$opt_e" != . ]; then
+ sed='sed'
+ OIFS="$IFS"; IFS="$ASC_NL"; set -- $opt_e; IFS="$OIFS"
+ for e
+ do
+ sed="$sed -e '$e'"
+ done
+ cp $dsttmp $dsttmp.old
+ chmod u+w $dsttmp
+ eval "$sed <$dsttmp.old >$dsttmp" || shtool_exit $?
+ rm -f $dsttmp.old
+ fi
+ if [ ".$opt_s" = .yes ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "strip $dsttmp" 1>&2
+ fi
+ strip $dsttmp || shtool_exit $?
+ fi
+ if [ ".$opt_o" != . ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "chown $opt_o $dsttmp" 1>&2
+ fi
+ chown $opt_o $dsttmp || shtool_exit $?
+ fi
+ if [ ".$opt_g" != . ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "chgrp $opt_g $dsttmp" 1>&2
+ fi
+ chgrp $opt_g $dsttmp || shtool_exit $?
+ fi
+ if [ ".$opt_m" != ".-" ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "chmod $opt_m $dsttmp" 1>&2
+ fi
+ chmod $opt_m $dsttmp || shtool_exit $?
+ fi
+
+ # determine whether to do a quick install
+ # (has to be done _after_ the strip was already done)
+ quick=no
+ if [ ".$opt_C" = .yes ]; then
+ if [ -r $dst ]; then
+ if cmp -s $src $dst; then
+ quick=yes
+ fi
+ fi
+ fi
+
+ # finally, install the file to the real destination
+ if [ $quick = yes ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "rm -f $dsttmp" 1>&2
+ fi
+ rm -f $dsttmp
+ else
+ if [ ".$opt_t" = .yes ]; then
+ echo "rm -f $dst && mv $dsttmp $dst" 1>&2
+ fi
+ rm -f $dst && mv $dsttmp $dst
+ fi
+ done
+
+ shtool_exit 0
+ ;;
+
+mkdir )
+ ##
+ ## mkdir -- Make one or more directories
+ ## Copyright (c) 1996-2006 Ralf S. Engelschall <rse at engelschall.com>
+ ##
+
+ errstatus=0
+ for p in ${1+"$@"}; do
+ # if the directory already exists...
+ if [ -d "$p" ]; then
+ if [ ".$opt_f" = .no ] && [ ".$opt_p" = .no ]; then
+ echo "$msgprefix:Error: directory already exists: $p" 1>&2
+ errstatus=1
+ break
+ else
+ continue
+ fi
+ fi
+ # if the directory has to be created...
+ if [ ".$opt_p" = .no ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "mkdir $p" 1>&2
+ fi
+ mkdir $p || errstatus=$?
+ if [ ".$opt_o" != . ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "chown $opt_o $p" 1>&2
+ fi
+ chown $opt_o $p || errstatus=$?
+ fi
+ if [ ".$opt_g" != . ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "chgrp $opt_g $p" 1>&2
+ fi
+ chgrp $opt_g $p || errstatus=$?
+ fi
+ if [ ".$opt_m" != . ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "chmod $opt_m $p" 1>&2
+ fi
+ chmod $opt_m $p || errstatus=$?
+ fi
+ else
+ # the smart situation
+ set fnord `echo ":$p" |\
+ sed -e 's/^:\//%/' \
+ -e 's/^://' \
+ -e 's/\// /g' \
+ -e 's/^%/\//'`
+ shift
+ pathcomp=''
+ for d in ${1+"$@"}; do
+ pathcomp="$pathcomp$d"
+ case "$pathcomp" in
+ -* ) pathcomp="./$pathcomp" ;;
+ esac
+ if [ ! -d "$pathcomp" ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "mkdir $pathcomp" 1>&2
+ fi
+ mkdir $pathcomp || errstatus=$?
+ if [ ".$opt_o" != . ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "chown $opt_o $pathcomp" 1>&2
+ fi
+ chown $opt_o $pathcomp || errstatus=$?
+ fi
+ if [ ".$opt_g" != . ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "chgrp $opt_g $pathcomp" 1>&2
+ fi
+ chgrp $opt_g $pathcomp || errstatus=$?
+ fi
+ if [ ".$opt_m" != . ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "chmod $opt_m $pathcomp" 1>&2
+ fi
+ chmod $opt_m $pathcomp || errstatus=$?
+ fi
+ fi
+ pathcomp="$pathcomp/"
+ done
+ fi
+ done
+
+ shtool_exit $errstatus
+ ;;
+
+mkln )
+ ##
+ ## mkln -- Make link with calculation of relative paths
+ ## Copyright (c) 1998-2006 Ralf S. Engelschall <rse at engelschall.com>
+ ##
+
+ # determine source(s) and destination
+ args=$?
+ srcs=""
+ while [ $# -gt 1 ]; do
+ srcs="$srcs $1"
+ shift
+ done
+ dst="$1"
+ if [ ! -d $dst ]; then
+ if [ $args -gt 2 ]; then
+ echo "$msgprefix:Error: multiple sources not allowed when target isn't a directory" 1>&2
+ shtool_exit 1
+ fi
+ fi
+
+ # determine link options
+ lnopt=""
+ if [ ".$opt_f" = .yes ]; then
+ lnopt="$lnopt -f"
+ fi
+ if [ ".$opt_s" = .yes ]; then
+ lnopt="$lnopt -s"
+ fi
+
+ # iterate over sources
+ for src in $srcs; do
+ # determine if one of the paths is an absolute path,
+ # because then we _have_ to use an absolute symlink
+ oneisabs=0
+ srcisabs=0
+ dstisabs=0
+ case $src in
+ /* ) oneisabs=1; srcisabs=1 ;;
+ esac
+ case $dst in
+ /* ) oneisabs=1; dstisabs=1 ;;
+ esac
+
+ # split source and destination into dir and base name
+ if [ -d $src ]; then
+ srcdir=`echo $src | sed -e 's;/*$;;'`
+ srcbase=""
+ else
+ srcdir=`echo $src | sed -e 's;^[^/]*$;;' -e 's;^\(.*/\)[^/]*$;\1;' -e 's;\(.\)/$;\1;'`
+ srcbase=`echo $src | sed -e 's;.*/\([^/]*\)$;\1;'`
+ fi
+ if [ -d $dst ]; then
+ dstdir=`echo $dst | sed -e 's;/*$;;'`
+ dstbase=""
+ else
+ dstdir=`echo $dst | sed -e 's;^[^/]*$;;' -e 's;^\(.*/\)[^/]*$;\1;' -e 's;\(.\)/$;\1;'`
+ dstbase=`echo $dst | sed -e 's;.*/\([^/]*\)$;\1;'`
+ fi
+
+ # consistency check
+ if [ ".$dstdir" != . ]; then
+ if [ ! -d $dstdir ]; then
+ echo "$msgprefix:Error: destination directory not found: $dstdir" 1>&2
+ shtool_exit 1
+ fi
+ fi
+
+ # make sure the source is reachable from the destination
+ if [ $dstisabs = 1 ]; then
+ if [ $srcisabs = 0 ]; then
+ if [ ".$srcdir" = . ]; then
+ srcdir="`pwd | sed -e 's;/*$;;'`"
+ srcisabs=1
+ oneisabs=1
+ elif [ -d $srcdir ]; then
+ srcdir="`cd $srcdir; pwd | sed -e 's;/*$;;'`"
+ srcisabs=1
+ oneisabs=1
+ fi
+ fi
+ fi
+
+ # split away a common prefix
+ prefix=""
+ if [ ".$srcdir" = ".$dstdir" ] && [ ".$srcdir" != . ]; then
+ prefix="$srcdir/"
+ srcdir=""
+ dstdir=""
+ else
+ while [ ".$srcdir" != . ] && [ ".$dstdir" != . ]; do
+ presrc=`echo $srcdir | sed -e 's;^\([^/]*\)/.*;\1;'`
+ predst=`echo $dstdir | sed -e 's;^\([^/]*\)/.*;\1;'`
+ if [ ".$presrc" != ".$predst" ]; then
+ break
+ fi
+ prefix="$prefix$presrc/"
+ srcdir=`echo $srcdir | sed -e 's;^[^/]*/*;;'`
+ dstdir=`echo $dstdir | sed -e 's;^[^/]*/*;;'`
+ done
+ fi
+
+ # destination prefix is just the common prefix
+ dstpre="$prefix"
+
+ # determine source prefix which is the reverse directory
+ # step-up corresponding to the destination directory
+ srcpre=""
+
+ isroot=0
+ if [ ".$prefix" = . ] || [ ".$prefix" = ./ ]; then
+ isroot=1
+ fi
+ if [ $oneisabs = 0 ] || [ $isroot = 0 ]; then
+ pl="$dstdir/"
+ OIFS="$IFS"; IFS='/'
+ for pe in $pl; do
+ [ ".$pe" = . ] && continue
+ [ ".$pe" = .. ] && continue
+ srcpre="../$srcpre"
+ done
+ IFS="$OIFS"
+ else
+ if [ $srcisabs = 1 ]; then
+ srcpre="$prefix"
+ fi
+ fi
+
+ # determine destination symlink name
+ if [ ".$dstbase" = . ]; then
+ if [ ".$srcbase" != . ]; then
+ dstbase="$srcbase"
+ else
+ dstbase=`echo "$prefix$srcdir" | sed -e 's;/*$;;' -e 's;.*/\([^/]*\)$;\1;'`
+ fi
+ fi
+
+ # now finalize source and destination directory paths
+ srcdir=`echo $srcdir | sed -e 's;\([^/]\)$;\1/;'`
+ dstdir=`echo $dstdir | sed -e 's;\([^/]\)$;\1/;'`
+
+ # run the final link command
+ if [ ".$opt_t" = .yes ]; then
+ echo "ln$lnopt $srcpre$srcdir$srcbase $dstpre$dstdir$dstbase"
+ fi
+ eval ln$lnopt $srcpre$srcdir$srcbase $dstpre$dstdir$dstbase
+ done
+
+ shtool_exit 0
+ ;;
+
+subst )
+ ##
+ ## subst -- Apply sed(1) substitution operations
+ ## Copyright (c) 2001-2006 Ralf S. Engelschall <rse at engelschall.com>
+ ##
+
+ # remember optional list of file(s)
+ files="$*"
+ files_num="$#"
+
+ # parameter consistency check
+ if [ $# -eq 0 ] && [ ".$opt_b" != . ]; then
+ echo "$msgprefix:Error: option -b cannot be applied to stdin" 1>&2
+ shtool_exit 1
+ fi
+ if [ $# -eq 0 ] && [ ".$opt_s" = .yes ]; then
+ echo "$msgprefix:Error: option -s cannot be applied to stdin" 1>&2
+ shtool_exit 1
+ fi
+
+ # build underlying sed(1) command
+ sedcmd='sed'
+ if [ ".$opt_e" != . ]; then
+ OIFS="$IFS"; IFS="$ASC_NL"; set -- $opt_e; IFS="$OIFS"
+ for e
+ do
+ sedcmd="$sedcmd -e '$e'"
+ done
+ elif [ ".$opt_f" != . ]; then
+ if [ ! -f $opt_f ]; then
+ echo "$msgprefix:Error: command file \`$opt_f' not found or not a regular file" 1>&2
+ shtool_exit 1
+ fi
+ sedcmd="$sedcmd -f '$opt_f'"
+ else
+ echo "$msgprefix:Error: either -e option(s) or -f option required" 1>&2
+ shtool_exit 1
+ fi
+
+ # determine extension for original file
+ orig=".orig"
+ if [ ".$opt_b" != . ]; then
+ orig="$opt_b"
+ fi
+
+ # apply sed(1) operation(s)
+ if [ ".$files" != . ]; then
+ # apply operation(s) to files
+ substdone=no
+ for file in $files; do
+ test ".$file" = . && continue
+ if [ ! -f $file ]; then
+ echo "$msgprefix:Warning: file \`$file' not found or not a regular file" 1>&2
+ continue
+ fi
+
+ # handle interactive mode
+ if [ ".$opt_i" = .yes ]; then
+ eval "$sedcmd <$file >$file.new"
+ skip=no
+ if cmp $file $file.new >/dev/null 2>&1; then
+ rm -f $file.new
+ skip=yes
+ else
+ (diff -U1 $file $file.new >$tmpfile) 2>/dev/null
+ if [ ".`cat $tmpfile`" = . ]; then
+ (diff -C1 $file $file.new >$tmpfile) 2>/dev/null
+ if [ ".`cat $tmpfile`" = . ]; then
+ echo "$msgprefix:Warning: unable to show difference for file \`$file'" 1>&2
+ cp /dev/null $tmpfile
+ fi
+ fi
+ rm -f $file.new
+ cat $tmpfile
+ echo dummy | awk '{ printf("%s", TEXT); }' TEXT=">>> Apply [Y/n]: "
+ read input
+ if [ ".$input" != .Y ] &&\
+ [ ".$input" != .y ] &&\
+ [ ".$input" != . ]; then
+ skip=yes
+ fi
+ fi
+ if [ ".$skip" = .yes ]; then
+ if [ ".$opt_v" = .yes ]; then
+ echo "file \`$file' -- skipped" 1>&2
+ fi
+ continue
+ fi
+ fi
+
+ # apply sed(1) operation(s)
+ if [ ".$opt_v" = .yes ]; then
+ echo "patching \`$file'" 1>&2
+ fi
+ if [ ".$opt_t" = .yes ]; then
+ echo "\$ cp -p $file $file$orig"
+ echo "\$ chmod u+w $file"
+ echo "\$ $sedcmd <$file$orig >$file"
+ fi
+ if [ ".$opt_n" = .no ]; then
+ cp -p $file $file$orig
+ chmod u+w $file >/dev/null 2>&1 || true
+ eval "$sedcmd <$file$orig >$file"
+ fi
+
+ # optionally fix timestamp
+ if [ ".$opt_s" = .yes ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "\$ touch -r $file$orig $file"
+ fi
+ if [ ".$opt_n" = .no ]; then
+ touch -r $file$orig $file
+ fi
+ fi
+
+ # optionally check whether any content change actually occurred
+ if [ ".$opt_q" = .no ]; then
+ if cmp $file$orig $file >/dev/null 2>&1; then
+ if [ ".$opt_w" = .yes ]; then
+ echo "$msgprefix:Warning: substitution resulted in no content change on file \"$file\"" 1>&2
+ fi
+ else
+ substdone=yes
+ fi
+ fi
+
+ # optionally remove preserved original file
+ if [ ".$opt_b" = . ]; then
+ if [ ".$opt_t" = .yes ]; then
+ echo "\$ rm -f $file$orig"
+ fi
+ if [ ".$opt_n" = .no ]; then
+ rm -f $file$orig
+ fi
+ fi
+ done
+ if [ ".$opt_q" = .no ] && [ ".$opt_w" = .no ]; then
+ if [ ".$substdone" = .no ]; then
+ if [ ".$files_num" = .1 ]; then
+ echo "$msgprefix:Warning: substitution resulted in no content change on file \"$file\"" 1>&2
+ else
+ echo "$msgprefix:Warning: substitution resulted in no content change on any file" 1>&2
+ fi
+ fi
+ fi
+ else
+ # apply operation(s) to stdin/stdout
+ if [ ".$opt_v" = .yes ]; then
+ echo "patching <stdin>" 1>&2
+ fi
+ if [ ".$opt_t" = .yes ]; then
+ echo "\$ $sedcmd"
+ fi
+ if [ ".$opt_n" = .no ]; then
+ eval "$sedcmd"
+ fi
+ fi
+
+ shtool_exit 0
+ ;;
+
+esac
+
+shtool_exit 0
+
Property changes on: openldap/vendor/openldap-2.3.35/build/shtool
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/build/srv.mk
===================================================================
--- openldap/vendor/openldap-2.3.35/build/srv.mk (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/srv.mk 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,59 @@
+# $OpenLDAP: pkg/ldap/build/srv.mk,v 1.15.2.4 2007/01/02 21:43:41 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##---------------------------------------------------------------------------
+#
+# Makefile Template for Servers
+#
+
+all-common: all-$(BUILD_SRV)
+all-no lint-no 5lint-no depend-no install-no:
+ @echo "run configure with $(BUILD_OPT) to make $(PROGRAMS)"
+
+clean-common: clean-srv FORCE
+veryclean-common: veryclean-srv FORCE
+
+lint-common: lint-$(BUILD_SRV)
+
+5lint-common: 5lint-$(BUILD_SRV)
+
+depend-common: depend-$(BUILD_SRV)
+
+install-common: install-$(BUILD_SRV)
+
+all-local-srv:
+all-yes: all-local-srv FORCE
+
+install-local-srv:
+install-yes: install-local-srv FORCE
+
+lint-local-srv:
+lint-yes: lint-local-srv FORCE
+ $(LINT) $(DEFS) $(DEFINES) $(SRCS)
+
+5lint-local-srv:
+5lint-yes: 5lint-local-srv FORCE
+ $(5LINT) $(DEFS) $(DEFINES) $(SRCS)
+
+clean-local-srv:
+clean-srv: clean-local-srv FORCE
+ $(RM) $(PROGRAMS) $(XPROGRAMS) $(XSRCS) *.o a.out core .libs/* *.exe
+
+depend-local-srv:
+depend-yes: depend-local-srv FORCE
+ $(MKDEP) $(DEFS) $(DEFINES) $(SRCS)
+
+veryclean-local-srv:
+veryclean-srv: clean-srv veryclean-local-srv
+
+Makefile: $(top_srcdir)/build/srv.mk
Added: openldap/vendor/openldap-2.3.35/build/top.mk
===================================================================
--- openldap/vendor/openldap-2.3.35/build/top.mk (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/top.mk 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,250 @@
+# $OpenLDAP: pkg/ldap/build/top.mk,v 1.93.2.11 2007/01/02 23:42:47 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+##---------------------------------------------------------------------------
+#
+# Top-level Makefile template
+#
+
+PACKAGE= @PACKAGE@
+VERSION= @VERSION@
+RELEASEDATE= @OPENLDAP_RELEASE_DATE@
+
+ at SET_MAKE@
+SHELL = /bin/sh
+
+top_builddir = @top_builddir@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+ldap_subdir = @ldap_subdir@
+
+bindir = @bindir@
+datadir = @datadir@$(ldap_subdir)
+includedir = @includedir@
+infodir = @infodir@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+moduledir = @libexecdir@$(ldap_subdir)
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@$(ldap_subdir)
+schemadir = $(sysconfdir)/schema
+
+PLAT = @PLAT@
+EXEEXT = @EXEEXT@
+OBJEXT = @OBJEXT@
+
+BUILD_LIBS_DYNAMIC = @BUILD_LIBS_DYNAMIC@
+
+SHTOOL = $(top_srcdir)/build/shtool
+
+INSTALL = $(SHTOOL) install -c
+INSTALL_PROGRAM = $(INSTALL)
+INSTALL_DATA = $(INSTALL) -m 644
+INSTALL_SCRIPT = $(INSTALL)
+
+STRIP = -s
+
+LINT = lint
+5LINT = 5lint
+
+MKDEP = $(top_srcdir)/build/mkdep $(MKDEPFLAG) \
+ -d "$(srcdir)" -c "$(MKDEP_CC)" -m "$(MKDEP_CFLAGS)"
+MKDEP_CC = @OL_MKDEP@
+MKDEP_CFLAGS = @OL_MKDEP_FLAGS@
+
+MKVERSION = $(top_srcdir)/build/mkversion -v "$(VERSION)"
+
+LIBTOOL = @LIBTOOL@
+LIBRELEASE = @OPENLDAP_LIBRELEASE@
+LIBVERSION = @OPENLDAP_LIBVERSION@
+LTVERSION = -release $(LIBRELEASE) -version-info $(LIBVERSION)
+
+# libtool --only flag for libraries: platform specific
+NT_LTONLY_LIB = # --only-$(BUILD_LIBS_DYNAMIC)
+LTONLY_LIB = $(@PLAT at _LTONLY_LIB)
+
+# libtool --only flag for modules: depends on linkage of module
+# The BUILD_MOD macro is defined in each backend Makefile.in file
+LTONLY_yes = --tag=disable-shared
+LTONLY_mod = --tag=disable-static
+LTONLY_MOD = $(LTONLY_$(BUILD_MOD))
+
+# platform-specific libtool flags
+NT_LTFLAGS_LIB = -no-undefined -avoid-version -rpath $(libdir)
+NT_LTFLAGS_MOD = -no-undefined -avoid-version -rpath $(moduledir)
+UNIX_LTFLAGS_LIB = $(LTVERSION) -rpath $(libdir)
+UNIX_LTFLAGS_MOD = $(LTVERSION) -rpath $(moduledir)
+
+# libtool flags
+LTFLAGS = $(@PLAT at _LTFLAGS)
+LTFLAGS_LIB = $(@PLAT at _LTFLAGS_LIB)
+LTFLAGS_MOD = $(@PLAT at _LTFLAGS_MOD)
+
+# LIB_DEFS defined in liblber and libldap Makefile.in files.
+# MOD_DEFS defined in backend Makefile.in files.
+
+# platform-specific LINK_LIBS defined in various Makefile.in files.
+# LINK_LIBS referenced in library and module link commands.
+LINK_LIBS = $(MOD_LIBS) $(@PLAT at _LINK_LIBS)
+
+LTSTATIC = @LTSTATIC@
+
+LTLINK = $(LIBTOOL) --mode=link \
+ $(CC) $(LTSTATIC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS)
+
+LTCOMPILE_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=compile \
+ $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(LIB_DEFS) -c
+
+LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \
+ $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB)
+
+LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \
+ $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c
+
+LTLINK_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=link \
+ $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_MOD)
+
+LTINSTALL = $(LIBTOOL) --mode=install $(INSTALL)
+LTFINISH = $(LIBTOOL) --mode=finish
+
+# Misc UNIX commands used in build environment
+AR = @AR@
+BASENAME = basename
+CAT = cat
+CHMOD = chmod
+DATE = date
+ECHO = $(SHTOOL) echo
+HOSTNAME = $(SHTOOL) echo -e "%h%d"
+LN = $(SHTOOL) mkln
+LN_H = $(LN)
+LN_S = $(LN) -s
+MAKEINFO = @MAKEINFO@
+MKDIR = $(SHTOOL) mkdir -p
+MV = $(SHTOOL) move
+PWD = pwd
+RANLIB = @RANLIB@
+RM = rm -f
+SED = sed
+SUBST = $(SHTOOL) subst
+
+# For manual pages
+# MANCOMPRESS=@MANCOMPRESS@
+# MANCOMPRESSSUFFIX=@MANCOMPRESSSUFFIX@
+MANCOMPRESS=$(CAT)
+MANCOMPRESSSUFFIX=
+
+INCLUDEDIR= $(top_srcdir)/include
+LDAP_INCPATH= -I$(LDAP_INCDIR) -I$(INCLUDEDIR)
+LDAP_LIBDIR= $(top_builddir)/libraries
+
+LUTIL_LIBS = @LUTIL_LIBS@
+LDBM_LIBS = @LDBM_LIBS@
+LTHREAD_LIBS = @LTHREAD_LIBS@
+
+LDAP_LIBLBER_LA = $(LDAP_LIBDIR)/liblber/liblber.la
+LDAP_LIBLDAP_LA = $(LDAP_LIBDIR)/libldap/libldap.la
+LDAP_LIBLDAP_R_LA = $(LDAP_LIBDIR)/libldap_r/libldap_r.la
+
+LDAP_LIBREWRITE_A = $(LDAP_LIBDIR)/librewrite/librewrite.a
+LDAP_LIBLUNICODE_A = $(LDAP_LIBDIR)/liblunicode/liblunicode.a
+LDAP_LIBLUTIL_A = $(LDAP_LIBDIR)/liblutil/liblutil.a
+
+LDAP_L = $(LDAP_LIBLUTIL_A) \
+ $(LDAP_LIBLDAP_LA) $(LDAP_LIBLBER_LA)
+SLURPD_L = $(LDAP_LIBLUTIL_A) \
+ $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+SLAPD_L = $(LDAP_LIBLUNICODE_A) $(LDAP_LIBREWRITE_A) \
+ $(SLURPD_L)
+
+WRAP_LIBS = @WRAP_LIBS@
+# AutoConfig generated
+AC_CC = @CC@
+AC_CFLAGS = @CFLAGS@
+AC_DEFS = @CPPFLAGS@ # @DEFS@
+AC_LDFLAGS = @LDFLAGS@
+AC_LIBS = @LIBS@
+
+KRB4_LIBS = @KRB4_LIBS@
+KRB5_LIBS = @KRB5_LIBS@
+KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
+SASL_LIBS = @SASL_LIBS@
+TLS_LIBS = @TLS_LIBS@
+AUTH_LIBS = @AUTH_LIBS@
+SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
+
+MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
+MODULES_LDFLAGS = @SLAPD_MODULES_LDFLAGS@
+MODULES_LIBS = @MODULES_LIBS@
+SLAPD_PERL_LDFLAGS = @SLAPD_PERL_LDFLAGS@
+
+SLAPD_SQL_LDFLAGS = @SLAPD_SQL_LDFLAGS@
+SLAPD_SQL_INCLUDES = @SLAPD_SQL_INCLUDES@
+SLAPD_SQL_LIBS = @SLAPD_SQL_LIBS@
+
+SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_PERL_LDFLAGS@ @SLAPD_SQL_LDFLAGS@ @SLAPD_SQL_LIBS@ @SLAPD_SLP_LIBS@ @SLAPD_GMP_LIBS@
+SLURPD_LIBS = @SLURPD_LIBS@
+
+# Our Defaults
+CC = $(AC_CC)
+DEFS = $(LDAP_INCPATH) $(XINCPATH) $(XDEFS) $(AC_DEFS) $(DEFINES)
+CFLAGS = $(AC_CFLAGS) $(DEFS)
+LDFLAGS = $(LDAP_LIBPATH) $(AC_LDFLAGS) $(XLDFLAGS)
+LIBS = $(XLIBS) $(XXLIBS) $(AC_LIBS) $(XXXLIBS)
+
+LT_CFLAGS = $(AC_CFLAGS)
+LT_CPPFLAGS = $(DEFS)
+
+all: all-common all-local FORCE
+install: install-common install-local FORCE
+clean: clean-common clean-local FORCE
+veryclean: veryclean-common veryclean-local FORCE
+depend: depend-common depend-local FORCE
+
+# empty common rules
+all-common:
+install-common:
+clean-common:
+veryclean-common: clean-common FORCE
+depend-common:
+lint-common:
+lint5-common:
+
+# empty local rules
+all-local:
+install-local:
+clean-local:
+veryclean-local: clean-local FORCE
+depend-local:
+lint-local:
+lint5-local:
+
+veryclean: FORCE
+ $(RM) Makefile
+ $(RM) -r .libs
+
+Makefile: Makefile.in $(top_srcdir)/build/top.mk
+
+pathtest:
+ $(SHTOOL) --version
+
+# empty rule for forcing rules
+FORCE:
+
+##---------------------------------------------------------------------------
+
Added: openldap/vendor/openldap-2.3.35/build/version.h
===================================================================
--- openldap/vendor/openldap-2.3.35/build/version.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/version.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,18 @@
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+static const char copyright[] =
+"Copyright 1998-2007 The OpenLDAP Foundation. All rights reserved.\n"
+"COPYING RESTRICTIONS APPLY.\n";
+
Added: openldap/vendor/openldap-2.3.35/build/version.sh
===================================================================
--- openldap/vendor/openldap-2.3.35/build/version.sh (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/version.sh 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,46 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/build/version.sh,v 1.14.2.3 2007/01/02 21:43:41 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+DIR=`dirname $0`
+. $DIR/version.var
+
+if test $ol_patch != X ; then
+ ol_version=${ol_major}.${ol_minor}.${ol_patch}
+ ol_api_lib_release=${ol_major}.${ol_minor}
+ ol_type=Release
+elif test $ol_minor != X ; then
+ ol_version=${ol_major}.${ol_minor}.${ol_patch}
+ ol_api_lib_release=${ol_major}.${ol_minor}-releng
+ ol_type=Engineering
+else
+ ol_version=${ol_major}.${ol_minor}
+ ol_api_lib_release=${ol_major}-devel
+ ol_type=Devel
+fi
+
+ol_string="${ol_package} ${ol_version}-${ol_type}"
+ol_api_lib_version="${ol_api_current}:${ol_api_revision}:${ol_api_age}"
+
+echo OL_PACKAGE=\"${ol_package}\"
+echo OL_MAJOR=$ol_major
+echo OL_MINOR=$ol_minor
+echo OL_PATCH=$ol_patch
+echo OL_API_INC=$ol_api_inc
+echo OL_API_LIB_RELEASE=$ol_api_lib_release
+echo OL_API_LIB_VERSION=$ol_api_lib_version
+echo OL_VERSION=$ol_version
+echo OL_TYPE=$ol_type
+echo OL_STRING=\"${ol_string}\"
+echo OL_RELEASE_DATE=\"${ol_release_date}\"
Property changes on: openldap/vendor/openldap-2.3.35/build/version.sh
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/build/version.var
===================================================================
--- openldap/vendor/openldap-2.3.35/build/version.var (rev 0)
+++ openldap/vendor/openldap-2.3.35/build/version.var 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,23 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/build/version.var,v 1.7.2.85 2007/04/09 17:22:49 quanah Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+ol_package=OpenLDAP
+ol_major=2
+ol_minor=3
+ol_patch=35
+ol_api_inc=20335
+ol_api_current=2
+ol_api_revision=23
+ol_api_age=2
+ol_release_date="2007/04/09"
Added: openldap/vendor/openldap-2.3.35/clients/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/clients/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/clients/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,15 @@
+# Clients Makefile.in for OpenLDAP
+# $OpenLDAP: pkg/ldap/clients/Makefile.in,v 1.14.2.4 2007/01/02 21:43:41 kurt Exp $
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SUBDIRS = tools
+
Added: openldap/vendor/openldap-2.3.35/clients/tools/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/clients/tools/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/clients/tools/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,107 @@
+# Makefile for LDAP tools
+# $OpenLDAP: pkg/ldap/clients/tools/Makefile.in,v 1.39.2.5 2007/01/02 21:43:41 kurt Exp $
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SRCS = ldapsearch.c ldapmodify.c ldapdelete.c ldapmodrdn.c \
+ ldappasswd.c ldapwhoami.c ldapcompare.c common.c
+OBJS = ldapsearch.o ldapmodify.o ldapdelete.o ldapmodrdn.o \
+ ldappasswd.o ldapwhoami.o ldapcompare.o common.o
+
+LDAP_INCDIR= ../../include
+LDAP_LIBDIR= ../../libraries
+
+MKVOPTS = -s
+
+XLIBS = $(LDAP_L)
+XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS)
+
+XSRCS = ldsversion.c ldmversion.c lddversion.c ldrversion.c \
+ ldpversion.c ldwversion.c ldcversion.c
+
+PROGRAMS = ldapsearch ldapmodify ldapdelete ldapmodrdn \
+ ldappasswd ldapwhoami ldapcompare
+
+
+ldapsearch: ldsversion.o
+ $(LTLINK) -o $@ ldapsearch.o common.o ldsversion.o $(LIBS)
+
+ldapmodify: ldmversion.o
+ $(LTLINK) -o $@ ldapmodify.o common.o ldmversion.o $(LIBS)
+
+ldapdelete: lddversion.o
+ $(LTLINK) -o $@ ldapdelete.o common.o lddversion.o $(LIBS)
+
+ldapmodrdn: ldrversion.o
+ $(LTLINK) -o $@ ldapmodrdn.o common.o ldrversion.o $(LIBS)
+
+ldappasswd: ldpversion.o
+ $(LTLINK) -o $@ ldappasswd.o common.o ldpversion.o $(LIBS)
+
+ldapwhoami: ldwversion.o
+ $(LTLINK) -o $@ ldapwhoami.o common.o ldwversion.o $(LIBS)
+
+ldapcompare: ldcversion.o
+ $(LTLINK) -o $@ ldapcompare.o common.o ldcversion.o $(LIBS)
+
+ldsversion.c: Makefile
+ @-$(RM) $@
+ $(MKVERSION) $(MKVOPTS) ldapsearch > $@
+
+ldsversion.o: ldapsearch.o common.o $(XLIBS)
+
+ldmversion.c: Makefile
+ @-$(RM) $@
+ $(MKVERSION) $(MKVOPTS) ldapmodify > $@
+
+ldmversion.o: ldapmodify.o common.o $(XLIBS)
+
+lddversion.c: Makefile
+ @-$(RM) $@
+ $(MKVERSION) $(MKVOPTS) ldapdelete > $@
+
+lddversion.o: ldapdelete.o common.o $(XLIBS)
+
+ldpversion.c: Makefile
+ @-$(RM) $@
+ $(MKVERSION) $(MKVOPTS) ldappasswd > $@
+
+ldpversion.o: ldappasswd.o common.o $(XLIBS)
+
+ldrversion.c: Makefile
+ @-$(RM) $@
+ $(MKVERSION) $(MKVOPTS) ldapmodrdn > $@
+
+ldrversion.o: ldapmodrdn.o common.o $(XLIBS)
+
+ldwversion.c: Makefile
+ @-$(RM) $@
+ $(MKVERSION) $(MKVOPTS) ldapwhoami > $@
+
+ldwversion.o: ldapwhoami.o common.o $(XLIBS)
+
+ldcversion.c: Makefile
+ @-$(RM) $@
+ $(MKVERSION) $(MKVOPTS) ldapcompare > $@
+
+ldcversion.o: ldapcompare.o common.o $(XLIBS)
+
+install-local: FORCE
+ -$(MKDIR) $(DESTDIR)$(bindir)
+ @( \
+ for prg in $(PROGRAMS); do \
+ $(LTINSTALL) $(INSTALLFLAGS) $(STRIP) -m 755 $$prg$(EXEEXT) \
+ $(DESTDIR)$(bindir); \
+ done \
+ )
+ $(RM) $(DESTDIR)$(bindir)/ldapadd$(EXEEXT)
+ $(LN_S) $(DESTDIR)$(bindir)/ldapmodify$(EXEEXT) $(DESTDIR)$(bindir)/ldapadd$(EXEEXT)
+
Added: openldap/vendor/openldap-2.3.35/clients/tools/common.c
===================================================================
--- openldap/vendor/openldap-2.3.35/clients/tools/common.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/clients/tools/common.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1274 @@
+/* common.c - common routines for the ldap client tools */
+/* $OpenLDAP: pkg/ldap/clients/tools/common.c,v 1.39.2.11 2007/04/01 22:44:09 quanah Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2003 Kurt D. Zeilenga.
+ * Portions Copyright 2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This file was initially created by Hallvard B. Furuseth based (in
+ * part) upon argument parsing code for individual tools located in
+ * this directory. Additional contributors include:
+ * Kurt D. Zeilenga (additional common argument and control support)
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/signal.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/errno.h>
+
+#ifdef HAVE_CYRUS_SASL
+#ifdef HAVE_SASL_SASL_H
+#include <sasl/sasl.h>
+#else
+#include <sasl.h>
+#endif
+#endif
+
+#include <ldap.h>
+
+#include "lutil_ldap.h"
+#include "ldap_defaults.h"
+#include "ldap_pvt.h"
+#include "lber_pvt.h"
+
+#include "common.h"
+
+
+int authmethod = -1;
+char *binddn = NULL;
+int contoper = 0;
+int debug = 0;
+char *infile = NULL;
+char *ldapuri = NULL;
+char *ldaphost = NULL;
+int ldapport = 0;
+#ifdef HAVE_CYRUS_SASL
+unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
+char *sasl_realm = NULL;
+char *sasl_authc_id = NULL;
+char *sasl_authz_id = NULL;
+char *sasl_mech = NULL;
+char *sasl_secprops = NULL;
+#endif
+int use_tls = 0;
+
+int assertctl;
+char *assertion = NULL;
+char *authzid = NULL;
+int manageDIT = 0;
+int manageDSAit = 0;
+int noop = 0;
+int ppolicy = 0;
+int preread = 0;
+char *preread_attrs = NULL;
+int postread = 0;
+char *postread_attrs = NULL;
+
+int not = 0;
+int want_bindpw = 0;
+struct berval passwd = { 0, NULL };
+char *pw_file = NULL;
+int referrals = 0;
+int protocol = -1;
+int verbose = 0;
+int version = 0;
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+int chaining = 0;
+static int chainingResolve = -1;
+static int chainingContinuation = -1;
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+static int gotintr;
+static int abcan;
+
+RETSIGTYPE
+do_sig( int sig )
+{
+ gotintr = abcan;
+}
+
+/* Set in main() */
+char *prog = NULL;
+
+void
+tool_init( void )
+{
+ ldap_pvt_setlocale(LC_MESSAGES, "");
+ ldap_pvt_bindtextdomain(OPENLDAP_PACKAGE, LDAP_LOCALEDIR);
+ ldap_pvt_textdomain(OPENLDAP_PACKAGE);
+}
+
+void
+tool_destroy( void )
+{
+#ifdef HAVE_CYRUS_SASL
+ sasl_done();
+#endif
+#ifdef HAVE_TLS
+ ldap_pvt_tls_destroy();
+#endif
+}
+
+void
+tool_common_usage( void )
+{
+ static const char *const descriptions[] = {
+N_(" -c continuous operation mode (do not stop on errors)\n"),
+N_(" -C chase referrals (anonymously)\n"),
+N_(" -d level set LDAP debugging level to `level'\n"),
+N_(" -D binddn bind DN\n"),
+N_(" -e [!]<ext>[=<extparam>] general extensions (! indicates criticality)\n")
+N_(" [!]assert=<filter> (an RFC 2254 Filter)\n")
+N_(" [!]authzid=<authzid> (\"dn:<dn>\" or \"u:<user>\")\n")
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+N_(" [!]chaining[=<resolveBehavior>[/<continuationBehavior>]]\n")
+N_(" one of \"chainingPreferred\", \"chainingRequired\",\n")
+N_(" \"referralsPreferred\", \"referralsRequired\"\n")
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+#ifdef LDAP_DEVEL
+N_(" [!]manageDIT\n")
+#endif
+N_(" [!]manageDSAit\n")
+N_(" [!]noop\n")
+#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
+N_(" ppolicy\n")
+#endif
+N_(" [!]postread[=<attrs>] (a comma-separated attribute list)\n")
+N_(" [!]preread[=<attrs>] (a comma-separated attribute list)\n"),
+N_(" abandon, cancel (SIGINT sends abandon/cancel; not really controls)\n")
+N_(" -f file read operations from `file'\n"),
+N_(" -h host LDAP server\n"),
+N_(" -H URI LDAP Uniform Resource Indentifier(s)\n"),
+N_(" -I use SASL Interactive mode\n"),
+N_(" -k use Kerberos authentication\n"),
+N_(" -K like -k, but do only step 1 of the Kerberos bind\n"),
+N_(" -M enable Manage DSA IT control (-MM to make critical)\n"),
+N_(" -n show what would be done but don't actually do it\n"),
+N_(" -O props SASL security properties\n"),
+N_(" -p port port on LDAP server\n"),
+N_(" -P version protocol version (default: 3)\n"),
+N_(" -Q use SASL Quiet mode\n"),
+N_(" -R realm SASL realm\n"),
+N_(" -U authcid SASL authentication identity\n"),
+N_(" -v run in verbose mode (diagnostics to standard output)\n"),
+N_(" -V print version info (-VV only)\n"),
+N_(" -w passwd bind password (for simple authentication)\n"),
+N_(" -W prompt for bind password\n"),
+N_(" -x Simple authentication\n"),
+N_(" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"),
+N_(" -y file Read password from file\n"),
+N_(" -Y mech SASL mechanism\n"),
+N_(" -Z Start TLS request (-ZZ to require successful response)\n"),
+NULL
+ };
+ const char *const *cpp;
+
+ fputs( _("Common options:\n"), stderr );
+ for( cpp = descriptions; *cpp != NULL; cpp++ ) {
+ if( strchr( options, (*cpp)[3] ) || (*cpp)[3] == ' ' ) {
+ fputs( _(*cpp), stderr );
+ }
+ }
+}
+
+void tool_perror(
+ char *func,
+ int err,
+ char *extra,
+ char *matched,
+ char *info,
+ char **refs )
+{
+ fprintf( stderr, "%s: %s (%d)%s\n",
+ func, ldap_err2string( err ), err, extra ? extra : "" );
+
+ if ( matched && *matched ) {
+ fprintf( stderr, _("\tmatched DN: %s\n"), matched );
+ }
+
+ if ( info && *info ) {
+ fprintf( stderr, _("\tadditional info: %s\n"), info );
+ }
+
+ if ( refs && *refs ) {
+ int i;
+ fprintf( stderr, _("\treferrals:\n") );
+ for( i=0; refs[i]; i++ ) {
+ fprintf( stderr, "\t\t%s\n", refs[i] );
+ }
+ }
+}
+
+
+void
+tool_args( int argc, char **argv )
+{
+ int i;
+
+ while (( i = getopt( argc, argv, options )) != EOF ) {
+ int crit, ival;
+ char *control, *cvalue, *next;
+ switch( i ) {
+ case 'c': /* continuous operation mode */
+ contoper++;
+ break;
+ case 'C':
+ referrals++;
+ break;
+ case 'd':
+ ival = strtol( optarg, &next, 10 );
+ if (next == NULL || next[0] != '\0') {
+ fprintf( stderr, "%s: unable to parse debug value \"%s\"\n", prog, optarg);
+ exit(EXIT_FAILURE);
+ }
+ debug |= ival;
+ break;
+ case 'D': /* bind DN */
+ if( binddn != NULL ) {
+ fprintf( stderr, "%s: -D previously specified\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ binddn = ber_strdup( optarg );
+ break;
+ case 'e': /* general extensions (controls and such) */
+ /* should be extended to support comma separated list of
+ * [!]key[=value] parameters, e.g. -e !foo,bar=567
+ */
+
+ crit = 0;
+ cvalue = NULL;
+ if( optarg[0] == '!' ) {
+ crit = 1;
+ optarg++;
+ }
+
+ control = ber_strdup( optarg );
+ if ( (cvalue = strchr( control, '=' )) != NULL ) {
+ *cvalue++ = '\0';
+ }
+
+ if ( strcasecmp( control, "assert" ) == 0 ) {
+ if( assertctl ) {
+ fprintf( stderr, "assert control previously specified\n");
+ exit( EXIT_FAILURE );
+ }
+ if( cvalue == NULL ) {
+ fprintf( stderr, "assert: control value expected\n" );
+ usage();
+ }
+
+ assertctl = 1 + crit;
+
+ assert( assertion == NULL );
+ assertion = cvalue;
+
+ } else if ( strcasecmp( control, "authzid" ) == 0 ) {
+ if( authzid != NULL ) {
+ fprintf( stderr, "authzid control previously specified\n");
+ exit( EXIT_FAILURE );
+ }
+ if( cvalue == NULL ) {
+ fprintf( stderr, "authzid: control value expected\n" );
+ usage();
+ }
+ if( !crit ) {
+ fprintf( stderr, "authzid: must be marked critical\n" );
+ usage();
+ }
+
+ assert( authzid == NULL );
+ authzid = cvalue;
+
+ } else if ( strcasecmp( control, "manageDIT" ) == 0 ) {
+ if( manageDIT ) {
+ fprintf( stderr,
+ "manageDIT control previously specified\n");
+ exit( EXIT_FAILURE );
+ }
+ if( cvalue != NULL ) {
+ fprintf( stderr,
+ "manageDIT: no control value expected\n" );
+ usage();
+ }
+
+ manageDIT = 1 + crit;
+
+ } else if ( strcasecmp( control, "manageDSAit" ) == 0 ) {
+ if( manageDSAit ) {
+ fprintf( stderr,
+ "manageDSAit control previously specified\n");
+ exit( EXIT_FAILURE );
+ }
+ if( cvalue != NULL ) {
+ fprintf( stderr,
+ "manageDSAit: no control value expected\n" );
+ usage();
+ }
+
+ manageDSAit = 1 + crit;
+
+ } else if ( strcasecmp( control, "noop" ) == 0 ) {
+ if( noop ) {
+ fprintf( stderr, "noop control previously specified\n");
+ exit( EXIT_FAILURE );
+ }
+ if( cvalue != NULL ) {
+ fprintf( stderr, "noop: no control value expected\n" );
+ usage();
+ }
+
+ noop = 1 + crit;
+
+#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
+ } else if ( strcasecmp( control, "ppolicy" ) == 0 ) {
+ if( ppolicy ) {
+ fprintf( stderr, "ppolicy control previously specified\n");
+ exit( EXIT_FAILURE );
+ }
+ if( cvalue != NULL ) {
+ fprintf( stderr, "ppolicy: no control value expected\n" );
+ usage();
+ }
+ if( crit ) {
+ fprintf( stderr, "ppolicy: critical flag not allowed\n" );
+ usage();
+ }
+
+ ppolicy = 1;
+#endif
+
+ } else if ( strcasecmp( control, "preread" ) == 0 ) {
+ if( preread ) {
+ fprintf( stderr, "preread control previously specified\n");
+ exit( EXIT_FAILURE );
+ }
+
+ preread = 1 + crit;
+ preread_attrs = cvalue;
+
+ } else if ( strcasecmp( control, "postread" ) == 0 ) {
+ if( postread ) {
+ fprintf( stderr, "postread control previously specified\n");
+ exit( EXIT_FAILURE );
+ }
+
+ postread = 1 + crit;
+ postread_attrs = cvalue;
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ } else if ( strcasecmp( control, "chaining" ) == 0 ) {
+ chaining = 1 + crit;
+
+ if ( cvalue != NULL ) {
+ char *continuation;
+
+ continuation = strchr( cvalue, '/' );
+ if ( continuation ) {
+ /* FIXME: this makes sense only in searches */
+ *continuation++ = '\0';
+ if ( strcasecmp( continuation, "chainingPreferred" ) == 0 ) {
+ chainingContinuation = LDAP_CHAINING_PREFERRED;
+ } else if ( strcasecmp( continuation, "chainingRequired" ) == 0 ) {
+ chainingContinuation = LDAP_CHAINING_REQUIRED;
+ } else if ( strcasecmp( continuation, "referralsPreferred" ) == 0 ) {
+ chainingContinuation = LDAP_REFERRALS_PREFERRED;
+ } else if ( strcasecmp( continuation, "referralsRequired" ) == 0 ) {
+ chainingContinuation = LDAP_REFERRALS_REQUIRED;
+ } else {
+ fprintf( stderr,
+ "chaining behavior control "
+ "continuation value \"%s\" invalid\n",
+ continuation );
+ exit( EXIT_FAILURE );
+ }
+ }
+
+ if ( strcasecmp( cvalue, "chainingPreferred" ) == 0 ) {
+ chainingResolve = LDAP_CHAINING_PREFERRED;
+ } else if ( strcasecmp( cvalue, "chainingRequired" ) == 0 ) {
+ chainingResolve = LDAP_CHAINING_REQUIRED;
+ } else if ( strcasecmp( cvalue, "referralsPreferred" ) == 0 ) {
+ chainingResolve = LDAP_REFERRALS_PREFERRED;
+ } else if ( strcasecmp( cvalue, "referralsRequired" ) == 0 ) {
+ chainingResolve = LDAP_REFERRALS_REQUIRED;
+ } else {
+ fprintf( stderr,
+ "chaining behavior control "
+ "resolve value \"%s\" invalid\n",
+ cvalue);
+ exit( EXIT_FAILURE );
+ }
+ }
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+ /* this shouldn't go here, really; but it's a feature... */
+ } else if ( strcasecmp( control, "abandon" ) == 0 ) {
+ abcan = LDAP_REQ_ABANDON;
+
+ } else if ( strcasecmp( control, "cancel" ) == 0 ) {
+ abcan = LDAP_REQ_EXTENDED;
+
+ } else {
+ fprintf( stderr, "Invalid general control name: %s\n",
+ control );
+ usage();
+ }
+ break;
+ case 'f': /* read from file */
+ if( infile != NULL ) {
+ fprintf( stderr, "%s: -f previously specified\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ infile = ber_strdup( optarg );
+ break;
+ case 'h': /* ldap host */
+ if( ldaphost != NULL ) {
+ fprintf( stderr, "%s: -h previously specified\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ ldaphost = ber_strdup( optarg );
+ break;
+ case 'H': /* ldap URI */
+ if( ldapuri != NULL ) {
+ fprintf( stderr, "%s: -H previously specified\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ ldapuri = ber_strdup( optarg );
+ break;
+ case 'I':
+#ifdef HAVE_CYRUS_SASL
+ if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+ fprintf( stderr, "%s: incompatible previous "
+ "authentication choice\n",
+ prog );
+ exit( EXIT_FAILURE );
+ }
+ authmethod = LDAP_AUTH_SASL;
+ sasl_flags = LDAP_SASL_INTERACTIVE;
+ break;
+#else
+ fprintf( stderr, "%s: was not compiled with SASL support\n",
+ prog );
+ exit( EXIT_FAILURE );
+#endif
+ case 'k': /* kerberos bind */
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ if( authmethod != -1 ) {
+ fprintf( stderr, "%s: -k incompatible with previous "
+ "authentication choice\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ authmethod = LDAP_AUTH_KRBV4;
+#else
+ fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
+ exit( EXIT_FAILURE );
+#endif
+ break;
+ case 'K': /* kerberos bind, part one only */
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ if( authmethod != -1 ) {
+ fprintf( stderr, "%s: incompatible with previous "
+ "authentication choice\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ authmethod = LDAP_AUTH_KRBV41;
+#else
+ fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
+ exit( EXIT_FAILURE );
+#endif
+ break;
+ case 'M':
+ /* enable Manage DSA IT */
+ manageDSAit++;
+ break;
+ case 'n': /* print operations, don't actually do them */
+ not++;
+ break;
+ case 'O':
+#ifdef HAVE_CYRUS_SASL
+ if( sasl_secprops != NULL ) {
+ fprintf( stderr, "%s: -O previously specified\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+ fprintf( stderr, "%s: incompatible previous "
+ "authentication choice\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ authmethod = LDAP_AUTH_SASL;
+ sasl_secprops = ber_strdup( optarg );
+#else
+ fprintf( stderr, "%s: not compiled with SASL support\n", prog );
+ exit( EXIT_FAILURE );
+#endif
+ break;
+ case 'p':
+ if( ldapport ) {
+ fprintf( stderr, "%s: -p previously specified\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ ival = strtol( optarg, &next, 10 );
+ if ( next == NULL || next[0] != '\0' ) {
+ fprintf( stderr, "%s: unable to parse port number \"%s\"\n", prog, optarg );
+ exit( EXIT_FAILURE );
+ }
+ ldapport = ival;
+ break;
+ case 'P':
+ ival = strtol( optarg, &next, 10 );
+ if ( next == NULL || next[0] != '\0' ) {
+ fprintf( stderr, "%s: unabel to parse protocol version \"%s\"\n", prog, optarg );
+ exit( EXIT_FAILURE );
+ }
+ switch( ival ) {
+ case 2:
+ if( protocol == LDAP_VERSION3 ) {
+ fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
+ prog, protocol );
+ exit( EXIT_FAILURE );
+ }
+ protocol = LDAP_VERSION2;
+ break;
+ case 3:
+ if( protocol == LDAP_VERSION2 ) {
+ fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
+ prog, protocol );
+ exit( EXIT_FAILURE );
+ }
+ protocol = LDAP_VERSION3;
+ break;
+ default:
+ fprintf( stderr, "%s: protocol version should be 2 or 3\n",
+ prog );
+ usage();
+ }
+ break;
+ case 'Q':
+#ifdef HAVE_CYRUS_SASL
+ if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+ fprintf( stderr, "%s: incompatible previous "
+ "authentication choice\n",
+ prog );
+ exit( EXIT_FAILURE );
+ }
+ authmethod = LDAP_AUTH_SASL;
+ sasl_flags = LDAP_SASL_QUIET;
+ break;
+#else
+ fprintf( stderr, "%s: not compiled with SASL support\n",
+ prog );
+ exit( EXIT_FAILURE );
+#endif
+ case 'R':
+#ifdef HAVE_CYRUS_SASL
+ if( sasl_realm != NULL ) {
+ fprintf( stderr, "%s: -R previously specified\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+ fprintf( stderr, "%s: incompatible previous "
+ "authentication choice\n",
+ prog );
+ exit( EXIT_FAILURE );
+ }
+ authmethod = LDAP_AUTH_SASL;
+ sasl_realm = ber_strdup( optarg );
+#else
+ fprintf( stderr, "%s: not compiled with SASL support\n",
+ prog );
+ exit( EXIT_FAILURE );
+#endif
+ break;
+ case 'U':
+#ifdef HAVE_CYRUS_SASL
+ if( sasl_authc_id != NULL ) {
+ fprintf( stderr, "%s: -U previously specified\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+ fprintf( stderr, "%s: incompatible previous "
+ "authentication choice\n",
+ prog );
+ exit( EXIT_FAILURE );
+ }
+ authmethod = LDAP_AUTH_SASL;
+ sasl_authc_id = ber_strdup( optarg );
+#else
+ fprintf( stderr, "%s: not compiled with SASL support\n",
+ prog );
+ exit( EXIT_FAILURE );
+#endif
+ break;
+ case 'v': /* verbose mode */
+ verbose++;
+ break;
+ case 'V': /* version */
+ version++;
+ break;
+ case 'w': /* password */
+ passwd.bv_val = ber_strdup( optarg );
+ {
+ char* p;
+
+ for( p = optarg; *p != '\0'; p++ ) {
+ *p = '\0';
+ }
+ }
+ passwd.bv_len = strlen( passwd.bv_val );
+ break;
+ case 'W':
+ want_bindpw++;
+ break;
+ case 'y':
+ pw_file = optarg;
+ break;
+ case 'Y':
+#ifdef HAVE_CYRUS_SASL
+ if( sasl_mech != NULL ) {
+ fprintf( stderr, "%s: -Y previously specified\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+ fprintf( stderr,
+ "%s: incompatible with authentication choice\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ authmethod = LDAP_AUTH_SASL;
+ sasl_mech = ber_strdup( optarg );
+#else
+ fprintf( stderr, "%s: not compiled with SASL support\n", prog );
+ exit( EXIT_FAILURE );
+#endif
+ break;
+ case 'x':
+ if( authmethod != -1 && authmethod != LDAP_AUTH_SIMPLE ) {
+ fprintf( stderr, "%s: incompatible with previous "
+ "authentication choice\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ authmethod = LDAP_AUTH_SIMPLE;
+ break;
+ case 'X':
+#ifdef HAVE_CYRUS_SASL
+ if( sasl_authz_id != NULL ) {
+ fprintf( stderr, "%s: -X previously specified\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+ fprintf( stderr, "%s: -X incompatible with "
+ "authentication choice\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ authmethod = LDAP_AUTH_SASL;
+ sasl_authz_id = ber_strdup( optarg );
+#else
+ fprintf( stderr, "%s: not compiled with SASL support\n", prog );
+ exit( EXIT_FAILURE );
+#endif
+ break;
+ case 'Z':
+#ifdef HAVE_TLS
+ use_tls++;
+#else
+ fprintf( stderr, "%s: not compiled with TLS support\n", prog );
+ exit( EXIT_FAILURE );
+#endif
+ break;
+ default:
+ if( handle_private_option( i ) ) break;
+ fprintf( stderr, "%s: unrecognized option -%c\n",
+ prog, optopt );
+ usage();
+ }
+ }
+
+ {
+ /* prevent bad linking */
+ LDAPAPIInfo api;
+ api.ldapai_info_version = LDAP_API_INFO_VERSION;
+
+ if ( ldap_get_option(NULL, LDAP_OPT_API_INFO, &api)
+ != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr, "%s: ldap_get_option(API_INFO) failed\n", prog );
+ exit( EXIT_FAILURE );
+ }
+
+ if (api.ldapai_info_version != LDAP_API_INFO_VERSION) {
+ fprintf( stderr, "LDAP APIInfo version mismatch: "
+ "library %d, header %d\n",
+ api.ldapai_info_version, LDAP_API_INFO_VERSION );
+ exit( EXIT_FAILURE );
+ }
+
+ if( api.ldapai_api_version != LDAP_API_VERSION ) {
+ fprintf( stderr, "LDAP API version mismatch: "
+ "library %d, header %d\n",
+ api.ldapai_api_version, LDAP_API_VERSION );
+ exit( EXIT_FAILURE );
+ }
+
+ if( strcmp(api.ldapai_vendor_name, LDAP_VENDOR_NAME ) != 0 ) {
+ fprintf( stderr, "LDAP vendor name mismatch: "
+ "library %s, header %s\n",
+ api.ldapai_vendor_name, LDAP_VENDOR_NAME );
+ exit( EXIT_FAILURE );
+ }
+
+ if( api.ldapai_vendor_version != LDAP_VENDOR_VERSION ) {
+ fprintf( stderr, "LDAP vendor version mismatch: "
+ "library %d, header %d\n",
+ api.ldapai_vendor_version, LDAP_VENDOR_VERSION );
+ exit( EXIT_FAILURE );
+ }
+
+ if (version) {
+ fprintf( stderr, "%s: %s\t(LDAP library: %s %d)\n",
+ prog, __Version,
+ LDAP_VENDOR_NAME, LDAP_VENDOR_VERSION );
+ if (version > 1) exit( EXIT_SUCCESS );
+ }
+
+ ldap_memfree( api.ldapai_vendor_name );
+ ber_memvfree( (void **)api.ldapai_extensions );
+ }
+
+ if (protocol == -1)
+ protocol = LDAP_VERSION3;
+
+ if (authmethod == -1 && protocol > LDAP_VERSION2) {
+#ifdef HAVE_CYRUS_SASL
+ authmethod = LDAP_AUTH_SASL;
+#else
+ authmethod = LDAP_AUTH_SIMPLE;
+#endif
+ }
+
+ if( ldapuri == NULL ) {
+ if( ldapport && ( ldaphost == NULL )) {
+ fprintf( stderr, "%s: -p without -h is invalid.\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ } else {
+ if( ldaphost != NULL ) {
+ fprintf( stderr, "%s: -H incompatible with -h\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ if( ldapport ) {
+ fprintf( stderr, "%s: -H incompatible with -p\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ }
+ if( protocol == LDAP_VERSION2 ) {
+ if( assertctl || authzid || manageDIT || manageDSAit ||
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ chaining ||
+#endif
+ noop || ppolicy || preread || postread )
+ {
+ fprintf( stderr, "%s: -e/-M incompatible with LDAPv2\n", prog );
+ exit( EXIT_FAILURE );
+ }
+#ifdef HAVE_TLS
+ if( use_tls ) {
+ fprintf( stderr, "%s: -Z incompatible with LDAPv2\n", prog );
+ exit( EXIT_FAILURE );
+ }
+#endif
+#ifdef HAVE_CYRUS_SASL
+ if( authmethod == LDAP_AUTH_SASL ) {
+ fprintf( stderr, "%s: -[IOQRUXY] incompatible with LDAPv2\n",
+ prog );
+ exit( EXIT_FAILURE );
+ }
+#endif
+ } else {
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ if ( authmethod == LDAP_AUTH_KRBV4 || authmethod == LDAP_AUTH_KRBV41 ) {
+ fprintf( stderr, "%s: -k/-K incompatible with LDAPv%d\n",
+ prog, protocol );
+ exit( EXIT_FAILURE );
+ }
+#endif
+ }
+}
+
+
+LDAP *
+tool_conn_setup( int not, void (*private_setup)( LDAP * ) )
+{
+ LDAP *ld = NULL;
+
+ if ( debug ) {
+ if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug )
+ != LBER_OPT_SUCCESS )
+ {
+ fprintf( stderr,
+ "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug );
+ }
+ if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug )
+ != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr,
+ "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug );
+ }
+ }
+
+#ifdef SIGPIPE
+ (void) SIGNAL( SIGPIPE, SIG_IGN );
+#endif
+
+ if ( abcan ) {
+ SIGNAL( SIGINT, do_sig );
+ }
+
+ if ( !not ) {
+ int rc;
+
+ if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) {
+ /* construct URL */
+ LDAPURLDesc url;
+ memset( &url, 0, sizeof(url));
+
+ url.lud_scheme = "ldap";
+ url.lud_host = ldaphost;
+ url.lud_port = ldapport;
+ url.lud_scope = LDAP_SCOPE_DEFAULT;
+
+ ldapuri = ldap_url_desc2str( &url );
+ }
+
+ if ( verbose ) {
+ fprintf( stderr, "ldap_initialize( %s )\n",
+ ldapuri != NULL ? ldapuri : "<DEFAULT>" );
+ }
+ rc = ldap_initialize( &ld, ldapuri );
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr,
+ "Could not create LDAP session handle for URI=%s (%d): %s\n",
+ ldapuri, rc, ldap_err2string(rc) );
+ exit( EXIT_FAILURE );
+ }
+
+ if( private_setup ) private_setup( ld );
+
+ /* referrals */
+ if( ldap_set_option( ld, LDAP_OPT_REFERRALS,
+ referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
+ referrals ? "on" : "off" );
+ exit( EXIT_FAILURE );
+ }
+
+ if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &protocol )
+ != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
+ protocol );
+ exit( EXIT_FAILURE );
+ }
+
+ if ( use_tls &&
+ ( ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ))
+ {
+ ldap_perror( ld, "ldap_start_tls" );
+ if ( use_tls > 1 ) {
+ exit( EXIT_FAILURE );
+ }
+ }
+ }
+
+ return ld;
+}
+
+
+void
+tool_bind( LDAP *ld )
+{
+#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
+ if ( ppolicy ) {
+ LDAPControl *ctrls[2], c;
+ c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
+ c.ldctl_value.bv_val = NULL;
+ c.ldctl_value.bv_len = 0;
+ c.ldctl_iscritical = 0;
+ ctrls[0] = &c;
+ ctrls[1] = NULL;
+ ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls );
+ }
+#endif
+
+ if ( authmethod == LDAP_AUTH_SASL ) {
+#ifdef HAVE_CYRUS_SASL
+ void *defaults;
+ int rc;
+
+ if( sasl_secprops != NULL ) {
+ rc = ldap_set_option( ld, LDAP_OPT_X_SASL_SECPROPS,
+ (void *) sasl_secprops );
+
+ if( rc != LDAP_OPT_SUCCESS ) {
+ fprintf( stderr,
+ "Could not set LDAP_OPT_X_SASL_SECPROPS: %s\n",
+ sasl_secprops );
+ exit( EXIT_FAILURE );
+ }
+ }
+
+ defaults = lutil_sasl_defaults( ld,
+ sasl_mech,
+ sasl_realm,
+ sasl_authc_id,
+ passwd.bv_val,
+ sasl_authz_id );
+
+ rc = ldap_sasl_interactive_bind_s( ld, binddn,
+ sasl_mech, NULL, NULL,
+ sasl_flags, lutil_sasl_interact, defaults );
+
+ lutil_sasl_freedefs( defaults );
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
+ exit( EXIT_FAILURE );
+ }
+#else
+ fprintf( stderr, "%s: not compiled with SASL support\n",
+ prog );
+ exit( EXIT_FAILURE );
+#endif
+ } else {
+ int msgid, err;
+ LDAPMessage *result;
+ LDAPControl **ctrls;
+ char msgbuf[256];
+ char *matched = NULL;
+ char *info = NULL;
+ char **refs = NULL;
+
+ msgbuf[0] = 0;
+
+ msgid = ldap_bind( ld, binddn, passwd.bv_val, authmethod );
+ if ( msgid == -1 ) {
+ ldap_perror( ld, "ldap_bind" );
+ exit( EXIT_FAILURE );
+ }
+
+ if ( ldap_result( ld, msgid, 1, NULL, &result ) == -1 ) {
+ ldap_perror( ld, "ldap_result" );
+ exit( EXIT_FAILURE );
+ }
+
+ if ( ldap_parse_result( ld, result, &err, &matched, &info, &refs,
+ &ctrls, 1 ) != LDAP_SUCCESS )
+ {
+ ldap_perror( ld, "ldap_bind parse result" );
+ exit( EXIT_FAILURE );
+ }
+
+#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
+ if ( ctrls && ppolicy ) {
+ LDAPControl *ctrl;
+ int expire, grace, len = 0;
+ LDAPPasswordPolicyError pErr = -1;
+
+ ctrl = ldap_find_control( LDAP_CONTROL_PASSWORDPOLICYRESPONSE,
+ ctrls );
+
+ if ( ctrl && ldap_parse_passwordpolicy_control( ld, ctrl,
+ &expire, &grace, &pErr ) == LDAP_SUCCESS )
+ {
+ if ( pErr != PP_noError ){
+ msgbuf[0] = ';';
+ msgbuf[1] = ' ';
+ strcpy( msgbuf+2, ldap_passwordpolicy_err2txt( pErr ));
+ len = strlen( msgbuf );
+ }
+ if ( expire >= 0 ) {
+ sprintf( msgbuf+len,
+ " (Password expires in %d seconds)",
+ expire );
+ } else if ( grace >= 0 ) {
+ sprintf( msgbuf+len,
+ " (Password expired, %d grace logins remain)",
+ grace );
+ }
+ }
+ }
+#endif
+
+ if ( ctrls ) {
+ ldap_controls_free( ctrls );
+ }
+
+ if ( err != LDAP_SUCCESS
+ || msgbuf[0]
+ || ( matched && matched[ 0 ] )
+ || ( info && info[ 0 ] )
+ || refs )
+ {
+ tool_perror( "ldap_bind", err, msgbuf, matched, info, refs );
+
+ if( matched ) ber_memfree( matched );
+ if( info ) ber_memfree( info );
+ if( refs ) ber_memvfree( (void **)refs );
+
+ if ( err != LDAP_SUCCESS ) exit( EXIT_FAILURE );
+ }
+ }
+}
+
+void
+tool_unbind( LDAP *ld )
+{
+ int err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, NULL );
+
+ if ( err != LDAP_OPT_SUCCESS ) {
+ fprintf( stderr, "Could not unset controls\n");
+ }
+
+ (void) ldap_unbind_ext( ld, NULL, NULL );
+}
+
+
+/* Set server controls. Add controls extra_c[0..count-1], if set. */
+void
+tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
+{
+ int i = 0, j, crit = 0, err;
+ LDAPControl c[10], **ctrls;
+
+ ctrls = (LDAPControl**) malloc(sizeof(c) + (count+1)*sizeof(LDAPControl*));
+ if ( ctrls == NULL ) {
+ fprintf( stderr, "No memory\n" );
+ exit( EXIT_FAILURE );
+ }
+
+ if ( assertctl ) {
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+
+ if( assertion == NULL || *assertion == '\0' ) {
+ fprintf( stderr, "Assertion=<empty>\n" );
+ exit( EXIT_FAILURE );
+ }
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+
+ err = ldap_pvt_put_filter( ber, assertion );
+ if( err < 0 ) {
+ fprintf( stderr, "assertion encode failed (%d)\n", err );
+ exit( EXIT_FAILURE );
+ }
+
+ err = ber_flatten2( ber, &c[i].ldctl_value, 0 );
+ if( err < 0 ) {
+ fprintf( stderr, "assertion flatten failed (%d)\n", err );
+ exit( EXIT_FAILURE );
+ }
+
+ c[i].ldctl_oid = LDAP_CONTROL_ASSERT;
+ c[i].ldctl_iscritical = assertctl > 1;
+ ctrls[i] = &c[i];
+ i++;
+ }
+
+ if ( authzid ) {
+ c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
+ c[i].ldctl_value.bv_val = authzid;
+ c[i].ldctl_value.bv_len = strlen( authzid );
+ c[i].ldctl_iscritical = 1;
+ ctrls[i] = &c[i];
+ i++;
+ }
+
+ if ( manageDIT ) {
+ c[i].ldctl_oid = LDAP_CONTROL_MANAGEDIT;
+ BER_BVZERO( &c[i].ldctl_value );
+ c[i].ldctl_iscritical = manageDIT > 1;
+ ctrls[i] = &c[i];
+ i++;
+ }
+
+ if ( manageDSAit ) {
+ c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
+ BER_BVZERO( &c[i].ldctl_value );
+ c[i].ldctl_iscritical = manageDSAit > 1;
+ ctrls[i] = &c[i];
+ i++;
+ }
+
+ if ( noop ) {
+ c[i].ldctl_oid = LDAP_CONTROL_NOOP;
+ BER_BVZERO( &c[i].ldctl_value );
+ c[i].ldctl_iscritical = noop > 1;
+ ctrls[i] = &c[i];
+ i++;
+ }
+
+ if ( preread ) {
+ char berbuf[LBER_ELEMENT_SIZEOF];
+ BerElement *ber = (BerElement *)berbuf;
+ char **attrs = NULL;
+
+ if( preread_attrs ) {
+ attrs = ldap_str2charray( preread_attrs, "," );
+ }
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+
+ if( ber_printf( ber, "{v}", attrs ) == -1 ) {
+ fprintf( stderr, "preread attrs encode failed.\n" );
+ exit( EXIT_FAILURE );
+ }
+
+ err = ber_flatten2( ber, &c[i].ldctl_value, 0 );
+ if( err < 0 ) {
+ fprintf( stderr, "preread flatten failed (%d)\n", err );
+ exit( EXIT_FAILURE );
+ }
+
+ c[i].ldctl_oid = LDAP_CONTROL_PRE_READ;
+ c[i].ldctl_iscritical = preread > 1;
+ ctrls[i] = &c[i];
+ i++;
+
+ if( attrs ) ldap_charray_free( attrs );
+ }
+
+ if ( postread ) {
+ char berbuf[LBER_ELEMENT_SIZEOF];
+ BerElement *ber = (BerElement *)berbuf;
+ char **attrs = NULL;
+
+ if( postread_attrs ) {
+ attrs = ldap_str2charray( postread_attrs, "," );
+ }
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+
+ if( ber_printf( ber, "{v}", attrs ) == -1 ) {
+ fprintf( stderr, "postread attrs encode failed.\n" );
+ exit( EXIT_FAILURE );
+ }
+
+ err = ber_flatten2( ber, &c[i].ldctl_value, 0 );
+ if( err < 0 ) {
+ fprintf( stderr, "postread flatten failed (%d)\n", err );
+ exit( EXIT_FAILURE );
+ }
+
+ c[i].ldctl_oid = LDAP_CONTROL_POST_READ;
+ c[i].ldctl_iscritical = postread > 1;
+ ctrls[i] = &c[i];
+ i++;
+
+ if( attrs ) ldap_charray_free( attrs );
+ }
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ if ( chaining ) {
+ if ( chainingResolve > -1 ) {
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+
+ err = ber_printf( ber, "{e" /* } */, chainingResolve );
+ if ( err == -1 ) {
+ ber_free( ber, 1 );
+ fprintf( stderr, _("Chaining behavior control encoding error!\n") );
+ exit( EXIT_FAILURE );
+ }
+
+ if ( chainingContinuation > -1 ) {
+ err = ber_printf( ber, "e", chainingContinuation );
+ if ( err == -1 ) {
+ ber_free( ber, 1 );
+ fprintf( stderr, _("Chaining behavior control encoding error!\n") );
+ exit( EXIT_FAILURE );
+ }
+ }
+
+ err = ber_printf( ber, /* { */ "N}" );
+ if ( err == -1 ) {
+ ber_free( ber, 1 );
+ fprintf( stderr, _("Chaining behavior control encoding error!\n") );
+ exit( EXIT_FAILURE );
+ }
+
+ if ( ber_flatten2( ber, &c[i].ldctl_value, 0 ) == -1 ) {
+ exit( EXIT_FAILURE );
+ }
+
+ } else {
+ BER_BVZERO( &c[i].ldctl_value );
+ }
+
+ c[i].ldctl_oid = LDAP_CONTROL_X_CHAINING_BEHAVIOR;
+ c[i].ldctl_iscritical = chaining > 1;
+ ctrls[i] = &c[i];
+ i++;
+ }
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+ while ( count-- ) {
+ ctrls[i++] = extra_c++;
+ }
+ ctrls[i] = NULL;
+
+ err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls );
+
+ if ( err != LDAP_OPT_SUCCESS ) {
+ for ( j = 0; j < i; j++ ) {
+ if ( ctrls[j]->ldctl_iscritical ) crit = 1;
+ }
+ fprintf( stderr, "Could not set %scontrols\n",
+ crit ? "critical " : "" );
+ }
+
+ free( ctrls );
+ if ( crit ) {
+ exit( EXIT_FAILURE );
+ }
+}
+
+int
+tool_check_abandon( LDAP *ld, int msgid )
+{
+ int rc;
+
+ switch ( gotintr ) {
+ case LDAP_REQ_EXTENDED:
+ rc = ldap_cancel_s( ld, msgid, NULL, NULL );
+ fprintf( stderr, "got interrupt, cancel got %d: %s\n",
+ rc, ldap_err2string( rc ) );
+ return -1;
+
+ case LDAP_REQ_ABANDON:
+ rc = ldap_abandon( ld, msgid );
+ fprintf( stderr, "got interrupt, abandon got %d: %s\n",
+ rc, ldap_err2string( rc ) );
+ return -1;
+ }
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/clients/tools/common.h
===================================================================
--- openldap/vendor/openldap-2.3.35/clients/tools/common.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/clients/tools/common.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,95 @@
+/* common.h - common definitions for the ldap client tools */
+/* $OpenLDAP: pkg/ldap/clients/tools/common.h,v 1.11.2.7 2007/01/02 21:43:41 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This file was initially created by Hallvard B. Furuseth based (in
+ * part) upon argument parsing code for individual tools located in
+ * this directory.
+ */
+
+#ifndef _CLIENT_TOOLS_COMMON_H_
+#define _CLIENT_TOOLS_COMMON_H_
+
+LDAP_BEGIN_DECL
+
+/* Defined and set in common.c */
+extern int authmethod;
+extern char *binddn;
+extern int contoper;
+extern int debug;
+extern char *infile;
+extern char *ldapuri;
+extern char *ldaphost;
+extern int ldapport;
+#ifdef HAVE_CYRUS_SASL
+extern unsigned sasl_flags;
+extern char *sasl_realm;
+extern char *sasl_authc_id;
+extern char *sasl_authz_id;
+extern char *sasl_mech;
+extern char *sasl_secprops;
+#endif
+extern int use_tls;
+
+extern char *assertion;
+extern char *authzid;
+extern int manageDIT;
+extern int manageDSAit;
+extern int noop;
+extern int ppolicy;
+extern int preread, postread;
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+extern int chaining;
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+extern int not;
+extern int want_bindpw;
+extern struct berval passwd;
+extern char *pw_file;
+extern int referrals;
+extern int protocol;
+extern int verbose;
+extern int version;
+
+/* Defined in common.c, set in main() */
+extern char *prog;
+extern const char __Version[];
+
+/* Defined in main program */
+extern const char options[];
+void usage LDAP_P(( void )) LDAP_GCCATTR((noreturn));
+int handle_private_option LDAP_P(( int i ));
+
+/* Defined in common.c */
+void tool_init LDAP_P(( void ));
+void tool_common_usage LDAP_P(( void ));
+void tool_args LDAP_P(( int, char ** ));
+LDAP *tool_conn_setup LDAP_P(( int dont, void (*private_setup)( LDAP * ) ));
+void tool_bind LDAP_P(( LDAP * ));
+void tool_unbind LDAP_P(( LDAP * ));
+void tool_destroy LDAP_P(( void ));
+void tool_server_controls LDAP_P(( LDAP *, LDAPControl *, int ));
+int tool_check_abandon LDAP_P(( LDAP *ld, int msgid ));
+void tool_perror LDAP_P((
+ char *func,
+ int err,
+ char *extra,
+ char *matched,
+ char *info,
+ char **refs ));
+
+LDAP_END_DECL
+
+#endif /* _CLIENT_TOOLS_COMMON_H_ */
Added: openldap/vendor/openldap-2.3.35/clients/tools/ldapcompare.c
===================================================================
--- openldap/vendor/openldap-2.3.35/clients/tools/ldapcompare.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/clients/tools/ldapcompare.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,320 @@
+/* ldapcompare.c -- LDAP compare tool */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapcompare.c,v 1.34.2.5 2007/01/02 21:43:41 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * Portions Copyright 1998-2001 Net Boolean Incorporated.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission. This
+ * software is provided ``as is'' without express or implied warranty.
+ */
+/* Portions Copyright 2002, F5 Networks, Inc, All rights reserved.
+ * This software is not subject to any license of F5 Networks.
+ * This is free software; you can redistribute and use it
+ * under the same terms as OpenLDAP itself.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by Jeff Costlow (F5 Networks)
+ * based, in part, on existing LDAP tools and adapted for inclusion
+ * into OpenLDAP Software by Kurt D. Zeilenga.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/errno.h>
+#include <ac/time.h>
+#include <sys/stat.h>
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif
+
+#include <ldap.h>
+
+#include "lutil.h"
+#include "lutil_ldap.h"
+#include "ldap_defaults.h"
+
+#include "common.h"
+
+
+static int quiet = 0;
+
+
+void
+usage( void )
+{
+ fprintf( stderr, _("usage: %s [options] DN <attr:value|attr::b64value>\n"), prog);
+ fprintf( stderr, _("where:\n"));
+ fprintf( stderr, _(" DN\tDistinguished Name\n"));
+ fprintf( stderr, _(" attr\tassertion attribute\n"));
+ fprintf( stderr, _(" value\tassertion value\n"));
+ fprintf( stderr, _(" b64value\tbase64 encoding of assertion value\n"));
+
+ fprintf( stderr, _("Compare options:\n"));
+ fprintf( stderr, _(" -z Quiet mode,"
+ " don't print anything, use return values\n"));
+ tool_common_usage();
+ exit( EXIT_FAILURE );
+}
+
+static int docompare LDAP_P((
+ LDAP *ld,
+ char *dn,
+ char *attr,
+ struct berval *bvalue,
+ int quiet,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls));
+
+
+const char options[] = "z"
+ "Cd:D:e:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
+
+int
+handle_private_option( int i )
+{
+ switch ( i ) {
+#if 0
+ char *control, *cvalue;
+ int crit;
+ case 'E': /* compare extensions */
+ if( protocol == LDAP_VERSION2 ) {
+ fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
+ prog, protocol );
+ exit( EXIT_FAILURE );
+ }
+
+ /* should be extended to support comma separated list of
+ * [!]key[=value] parameters, e.g. -E !foo,bar=567
+ */
+
+ crit = 0;
+ cvalue = NULL;
+ if( optarg[0] == '!' ) {
+ crit = 1;
+ optarg++;
+ }
+
+ control = strdup( optarg );
+ if ( (cvalue = strchr( control, '=' )) != NULL ) {
+ *cvalue++ = '\0';
+ }
+ fprintf( stderr, _("Invalid compare extension name: %s\n"), control );
+ usage();
+#endif
+
+ case 'z':
+ quiet = 1;
+ break;
+
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+
+int
+main( int argc, char **argv )
+{
+ char *compdn = NULL, *attrs = NULL;
+ char *sep;
+ int rc;
+ LDAP *ld = NULL;
+ struct berval bvalue = { 0, NULL };
+
+ tool_init();
+ prog = lutil_progname( "ldapcompare", argc, argv );
+
+ tool_args( argc, argv );
+
+ if ( argc - optind != 2 ) {
+ usage();
+ }
+
+ compdn = argv[optind++];
+ attrs = argv[optind++];
+
+ /* user passed in only 2 args, the last one better be in
+ * the form attr:value or attr::b64value
+ */
+ sep = strchr(attrs, ':');
+ if (!sep) {
+ usage();
+ }
+
+ *sep++='\0';
+ if ( *sep != ':' ) {
+ bvalue.bv_val = strdup( sep );
+ bvalue.bv_len = strlen( bvalue.bv_val );
+
+ } else {
+ /* it's base64 encoded. */
+ bvalue.bv_val = malloc( strlen( &sep[1] ));
+ bvalue.bv_len = lutil_b64_pton( &sep[1],
+ (unsigned char *) bvalue.bv_val, strlen( &sep[1] ));
+
+ if (bvalue.bv_len == (ber_len_t)-1) {
+ fprintf(stderr, _("base64 decode error\n"));
+ exit(-1);
+ }
+ }
+
+ ld = tool_conn_setup( 0, 0 );
+
+ if ( pw_file || want_bindpw ) {
+ if ( pw_file ) {
+ rc = lutil_get_filed_password( pw_file, &passwd );
+ if( rc ) return EXIT_FAILURE;
+ } else {
+ passwd.bv_val = getpassphrase( _("Enter LDAP Password: ") );
+ passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ }
+ }
+
+ tool_bind( ld );
+
+ if ( assertion || authzid || manageDSAit || noop ) {
+ tool_server_controls( ld, NULL, 0 );
+ }
+
+ if ( verbose ) {
+ fprintf( stderr, _("DN:%s, attr:%s, value:%s\n"),
+ compdn, attrs, sep );
+ }
+
+ rc = docompare( ld, compdn, attrs, &bvalue, quiet, NULL, NULL );
+
+ free( bvalue.bv_val );
+
+ tool_unbind( ld );
+ tool_destroy();
+ return rc;
+}
+
+
+static int docompare(
+ LDAP *ld,
+ char *dn,
+ char *attr,
+ struct berval *bvalue,
+ int quiet,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+ int rc, msgid, code;
+ LDAPMessage *res;
+ char *matcheddn;
+ char *text;
+ char **refs;
+
+ if ( not ) {
+ return LDAP_SUCCESS;
+ }
+
+ rc = ldap_compare_ext( ld, dn, attr, bvalue,
+ sctrls, cctrls, &msgid );
+ if ( rc == -1 ) {
+ return( rc );
+ }
+
+ for ( ; ; ) {
+ struct timeval tv;
+
+ tv.tv_sec = 0;
+ tv.tv_usec = 100000;
+
+ if ( tool_check_abandon( ld, msgid ) ) {
+ return LDAP_CANCELLED;
+ }
+
+ rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
+ if ( rc < 0 ) {
+ ldap_perror( ld, "ldapcompare: ldap_result" );
+ return rc;
+ }
+
+ if ( rc != 0 ) {
+ break;
+ }
+ }
+
+ rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 1 );
+
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n",
+ prog, ldap_err2string( rc ), rc );
+ return rc;
+ }
+
+ if ( !quiet && ( verbose || ( code != LDAP_SUCCESS && code != LDAP_COMPARE_TRUE && code != LDAP_COMPARE_FALSE )||
+ (matcheddn && *matcheddn) || (text && *text) || (refs && *refs) ) )
+ {
+ printf( _("Compare Result: %s (%d)\n"),
+ ldap_err2string( code ), code );
+
+ if( text && *text ) {
+ printf( _("Additional info: %s\n"), text );
+ }
+
+ if( matcheddn && *matcheddn ) {
+ printf( _("Matched DN: %s\n"), matcheddn );
+ }
+
+ if( refs ) {
+ int i;
+ for( i=0; refs[i]; i++ ) {
+ printf(_("Referral: %s\n"), refs[i] );
+ }
+ }
+ }
+
+ ber_memfree( text );
+ ber_memfree( matcheddn );
+ ber_memvfree( (void **) refs );
+
+ /* if we were told to be quiet, use the return value. */
+ if ( !quiet ) {
+ if ( code == LDAP_COMPARE_TRUE ) {
+ printf(_("TRUE\n"));
+ } else if ( code == LDAP_COMPARE_FALSE ) {
+ printf(_("FALSE\n"));
+ } else {
+ printf(_("UNDEFINED\n"));
+ }
+ }
+
+ return( code );
+}
+
Added: openldap/vendor/openldap-2.3.35/clients/tools/ldapdelete.c
===================================================================
--- openldap/vendor/openldap-2.3.35/clients/tools/ldapdelete.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/clients/tools/ldapdelete.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,439 @@
+/* ldapdelete.c - simple program to delete an entry using LDAP */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapdelete.c,v 1.109.2.6 2007/01/02 21:43:41 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission. This
+ * software is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP). Additional significant contributors
+ * include:
+ * Kurt D. Zeilenga
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/time.h>
+
+#include <ldap.h>
+#include "lutil.h"
+#include "lutil_ldap.h"
+#include "ldap_defaults.h"
+
+#include "common.h"
+
+
+static int prune = 0;
+
+
+static int dodelete LDAP_P((
+ LDAP *ld,
+ const char *dn));
+
+static int deletechildren LDAP_P((
+ LDAP *ld,
+ const char *dn ));
+
+void
+usage( void )
+{
+ fprintf( stderr, _("Delete entries from an LDAP server\n\n"));
+ fprintf( stderr, _("usage: %s [options] [dn]...\n"), prog);
+ fprintf( stderr, _(" dn: list of DNs to delete. If not given, it will be readed from stdin\n"));
+ fprintf( stderr, _(" or from the file specified with \"-f file\".\n"));
+ fprintf( stderr, _("Delete Options:\n"));
+ fprintf( stderr, _(" -r delete recursively\n"));
+ tool_common_usage();
+ exit( EXIT_FAILURE );
+}
+
+
+const char options[] = "r"
+ "cd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
+
+int
+handle_private_option( int i )
+{
+ switch ( i ) {
+#if 0
+ int crit;
+ char *control, *cvalue;
+ case 'E': /* delete extensions */
+ if( protocol == LDAP_VERSION2 ) {
+ fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
+ prog, protocol );
+ exit( EXIT_FAILURE );
+ }
+
+ /* should be extended to support comma separated list of
+ * [!]key[=value] parameters, e.g. -E !foo,bar=567
+ */
+
+ crit = 0;
+ cvalue = NULL;
+ if( optarg[0] == '!' ) {
+ crit = 1;
+ optarg++;
+ }
+
+ control = strdup( optarg );
+ if ( (cvalue = strchr( control, '=' )) != NULL ) {
+ *cvalue++ = '\0';
+ }
+ fprintf( stderr, _("Invalid delete extension name: %s\n"), control );
+ usage();
+#endif
+
+ case 'r':
+ prune = 1;
+ break;
+
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+
+static void
+private_conn_setup( LDAP *ld )
+{
+ /* this seems prudent for searches below */
+ int deref = LDAP_DEREF_NEVER;
+ ldap_set_option( ld, LDAP_OPT_DEREF, &deref );
+}
+
+
+int
+main( int argc, char **argv )
+{
+ char buf[ 4096 ];
+ FILE *fp;
+ LDAP *ld;
+ int rc, retval;
+
+ fp = NULL;
+
+ tool_init();
+ prog = lutil_progname( "ldapdelete", argc, argv );
+
+ tool_args( argc, argv );
+
+ if ( infile != NULL ) {
+ if (( fp = fopen( infile, "r" )) == NULL ) {
+ perror( optarg );
+ exit( EXIT_FAILURE );
+ }
+ } else {
+ if ( optind >= argc ) {
+ fp = stdin;
+ }
+ }
+
+ ld = tool_conn_setup( 0, &private_conn_setup );
+
+ if ( pw_file || want_bindpw ) {
+ if ( pw_file ) {
+ rc = lutil_get_filed_password( pw_file, &passwd );
+ if( rc ) return EXIT_FAILURE;
+ } else {
+ passwd.bv_val = getpassphrase( _("Enter LDAP Password: ") );
+ passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ }
+ }
+
+ tool_bind( ld );
+
+ if ( assertion || authzid || manageDIT || manageDSAit || noop ) {
+ tool_server_controls( ld, NULL, 0 );
+ }
+
+ retval = rc = 0;
+
+ if ( fp == NULL ) {
+ for ( ; optind < argc; ++optind ) {
+ rc = dodelete( ld, argv[ optind ] );
+
+ /* Stop on error and no -c option */
+ if( rc != 0 ) {
+ retval = rc;
+ if( contoper == 0 ) break;
+ }
+ }
+ } else {
+ while ((rc == 0 || contoper) && fgets(buf, sizeof(buf), fp) != NULL) {
+ buf[ strlen( buf ) - 1 ] = '\0'; /* remove trailing newline */
+
+ if ( *buf != '\0' ) {
+ rc = dodelete( ld, buf );
+ if ( rc != 0 )
+ retval = rc;
+ }
+ }
+ }
+
+ tool_unbind( ld );
+ tool_destroy();
+ return retval;
+}
+
+
+static int dodelete(
+ LDAP *ld,
+ const char *dn)
+{
+ int id;
+ int rc, code;
+ char *matcheddn = NULL, *text = NULL, **refs = NULL;
+ LDAPMessage *res;
+
+ if ( verbose ) {
+ printf( _("%sdeleting entry \"%s\"\n"),
+ (not ? "!" : ""), dn );
+ }
+
+ if ( not ) {
+ return LDAP_SUCCESS;
+ }
+
+ /* If prune is on, remove a whole subtree. Delete the children of the
+ * DN recursively, then the DN requested.
+ */
+ if ( prune ) deletechildren( ld, dn );
+
+ rc = ldap_delete_ext( ld, dn, NULL, NULL, &id );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: ldap_delete_ext: %s (%d)\n",
+ prog, ldap_err2string( rc ), rc );
+ return rc;
+ }
+
+ for ( ; ; ) {
+ struct timeval tv;
+
+ if ( tool_check_abandon( ld, id ) ) {
+ return LDAP_CANCELLED;
+ }
+
+ tv.tv_sec = 0;
+ tv.tv_usec = 100000;
+
+ rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
+ if ( rc < 0 ) {
+ ldap_perror( ld, "ldapdelete: ldap_result" );
+ return rc;
+ }
+
+ if ( rc != 0 ) {
+ break;
+ }
+ }
+
+ rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 1 );
+
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n",
+ prog, ldap_err2string( rc ), rc );
+ return rc;
+ }
+
+ if( code != LDAP_SUCCESS ) {
+ tool_perror( "ldap_delete", code, NULL, matcheddn, text, refs );
+ } else if ( verbose &&
+ ((matcheddn && *matcheddn) || (text && *text) || (refs && *refs) ))
+ {
+ printf( _("Delete Result: %s (%d)\n"),
+ ldap_err2string( code ), code );
+
+ if( text && *text ) {
+ printf( _("Additional info: %s\n"), text );
+ }
+
+ if( matcheddn && *matcheddn ) {
+ printf( _("Matched DN: %s\n"), matcheddn );
+ }
+
+ if( refs ) {
+ int i;
+ for( i=0; refs[i]; i++ ) {
+ printf(_("Referral: %s\n"), refs[i] );
+ }
+ }
+ }
+
+ ber_memfree( text );
+ ber_memfree( matcheddn );
+ ber_memvfree( (void **) refs );
+
+ return code;
+}
+
+/*
+ * Delete all the children of an entry recursively until leaf nodes are reached.
+ */
+static int deletechildren(
+ LDAP *ld,
+ const char *dn )
+{
+ LDAPMessage *res, *e;
+ int entries;
+ int rc;
+ static char *attrs[] = { LDAP_NO_ATTRS, NULL };
+ LDAPControl c, *ctrls[2];
+ BerElement *ber = NULL;
+ LDAPMessage *res_se;
+
+ if ( verbose ) printf ( _("deleting children of: %s\n"), dn );
+
+ /*
+ * Do a one level search at dn for children. For each, delete its children.
+ */
+
+ rc = ldap_search_ext_s( ld, dn, LDAP_SCOPE_ONELEVEL, NULL, attrs, 1,
+ NULL, NULL, NULL, -1, &res );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_search" );
+ return( rc );
+ }
+
+ entries = ldap_count_entries( ld, res );
+
+ if ( entries > 0 ) {
+ int i;
+
+ for (e = ldap_first_entry( ld, res ), i = 0; e != NULL;
+ e = ldap_next_entry( ld, e ), i++ )
+ {
+ char *dn = ldap_get_dn( ld, e );
+
+ if( dn == NULL ) {
+ ldap_perror( ld, "ldap_prune" );
+ ldap_get_option( ld, LDAP_OPT_ERROR_NUMBER, &rc );
+ ber_memfree( dn );
+ return rc;
+ }
+
+ rc = deletechildren( ld, dn );
+ if ( rc == -1 ) {
+ ldap_perror( ld, "ldap_prune" );
+ ber_memfree( dn );
+ return rc;
+ }
+
+ if ( verbose ) {
+ printf( _("\tremoving %s\n"), dn );
+ }
+
+ rc = ldap_delete_s( ld, dn );
+ if ( rc == -1 ) {
+ ldap_perror( ld, "ldap_delete" );
+ ber_memfree( dn );
+ return rc;
+
+ }
+
+ if ( verbose ) {
+ printf( _("\t%s removed\n"), dn );
+ }
+
+ ber_memfree( dn );
+ }
+ }
+
+ ldap_msgfree( res );
+
+ /*
+ * Do a one level search at dn for subentry children.
+ */
+
+ if ((ber = ber_alloc_t(LBER_USE_DER)) == NULL) {
+ return EXIT_FAILURE;
+ }
+ rc = ber_printf( ber, "b", 1 );
+ if ( rc == -1 ) {
+ ber_free( ber, 1 );
+ fprintf( stderr, _("Subentries control encoding error!\n"));
+ return EXIT_FAILURE;
+ }
+ if ( ber_flatten2( ber, &c.ldctl_value, 0 ) == -1 ) {
+ return EXIT_FAILURE;
+ }
+ c.ldctl_oid = LDAP_CONTROL_SUBENTRIES;
+ c.ldctl_iscritical = 1;
+ ctrls[0] = &c;
+ ctrls[1] = NULL;
+
+ rc = ldap_search_ext_s( ld, dn, LDAP_SCOPE_ONELEVEL, NULL, attrs, 1,
+ ctrls, NULL, NULL, -1, &res_se );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_search" );
+ return( rc );
+ }
+ ber_free( ber, 1 );
+
+ entries = ldap_count_entries( ld, res_se );
+
+ if ( entries > 0 ) {
+ int i;
+
+ for (e = ldap_first_entry( ld, res_se ), i = 0; e != NULL;
+ e = ldap_next_entry( ld, e ), i++ )
+ {
+ char *dn = ldap_get_dn( ld, e );
+
+ if( dn == NULL ) {
+ ldap_perror( ld, "ldap_prune" );
+ ldap_get_option( ld, LDAP_OPT_ERROR_NUMBER, &rc );
+ ber_memfree( dn );
+ return rc;
+ }
+
+ if ( verbose ) {
+ printf( _("\tremoving %s\n"), dn );
+ }
+
+ rc = ldap_delete_s( ld, dn );
+ if ( rc == -1 ) {
+ ldap_perror( ld, "ldap_delete" );
+ ber_memfree( dn );
+ return rc;
+
+ }
+
+ if ( verbose ) {
+ printf( _("\t%s removed\n"), dn );
+ }
+
+ ber_memfree( dn );
+ }
+ }
+
+ ldap_msgfree( res_se );
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/clients/tools/ldapmodify.c
===================================================================
--- openldap/vendor/openldap-2.3.35/clients/tools/ldapmodify.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/clients/tools/ldapmodify.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1220 @@
+/* ldapmodify.c - generic program to modify or add entries using LDAP */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapmodify.c,v 1.158.2.12 2007/04/01 22:44:23 quanah Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * Portions Copyright 1998-2001 Net Boolean Incorporated.
+ * Portions Copyright 2001-2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission. This
+ * software is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP). Additional significant contributors
+ * include:
+ * Kurt D. Zeilenga
+ * Norbert Klasen
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/time.h>
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#include <ldap.h>
+
+#include "lutil.h"
+#include "lutil_ldap.h"
+#include "ldif.h"
+#include "ldap_defaults.h"
+#include "ldap_log.h"
+#include "ldap_pvt.h"
+
+#include "common.h"
+
+
+static int ldapadd, force = 0;
+static char *rejfile = NULL;
+static LDAP *ld = NULL;
+
+#define LDAPMOD_MAXLINE 4096
+
+/* strings found in replog/LDIF entries (mostly lifted from slurpd/slurp.h) */
+#define T_VERSION_STR "version"
+#define T_REPLICA_STR "replica"
+#define T_DN_STR "dn"
+#define T_CONTROL_STR "control"
+#define T_CHANGETYPESTR "changetype"
+#define T_ADDCTSTR "add"
+#define T_MODIFYCTSTR "modify"
+#define T_DELETECTSTR "delete"
+#define T_MODRDNCTSTR "modrdn"
+#define T_MODDNCTSTR "moddn"
+#define T_RENAMECTSTR "rename"
+#define T_MODOPADDSTR "add"
+#define T_MODOPREPLACESTR "replace"
+#define T_MODOPDELETESTR "delete"
+#define T_MODOPINCREMENTSTR "increment"
+#define T_MODSEPSTR "-"
+#define T_NEWRDNSTR "newrdn"
+#define T_DELETEOLDRDNSTR "deleteoldrdn"
+#define T_NEWSUPSTR "newsuperior"
+
+
+static int process_ldif_rec LDAP_P(( char *rbuf, int count ));
+static int parse_ldif_control LDAP_P(( char *line, LDAPControl ***pctrls ));
+static void addmodifyop LDAP_P((
+ LDAPMod ***pmodsp, int modop,
+ const char *attr,
+ struct berval *value ));
+static int domodify LDAP_P((
+ const char *dn,
+ LDAPMod **pmods,
+ LDAPControl **pctrls,
+ int newentry ));
+static int dodelete LDAP_P((
+ const char *dn,
+ LDAPControl **pctrls ));
+static int dorename LDAP_P((
+ const char *dn,
+ const char *newrdn,
+ const char *newsup,
+ int deleteoldrdn,
+ LDAPControl **pctrls ));
+static int process_response(
+ LDAP *ld,
+ int msgid,
+ const char *opstr,
+ const char *dn );
+static char *read_one_record LDAP_P(( FILE *fp ));
+
+#ifdef LDAP_GROUP_TRANSACTION
+static int txn = 0;
+static int txnabort = 0;
+#endif
+
+void
+usage( void )
+{
+ fprintf( stderr, _("Add or modify entries from an LDAP server\n\n"));
+ fprintf( stderr, _("usage: %s [options]\n"), prog);
+ fprintf( stderr, _(" The list of desired operations are read from stdin"
+ " or from the file\n"));
+ fprintf( stderr, _(" specified by \"-f file\".\n"));
+ fprintf( stderr, _("Add or modify options:\n"));
+ fprintf( stderr, _(" -a add values (%s)\n"),
+ (ldapadd ? _("default") : _("default is to replace")));
+ fprintf( stderr, _(" -E [!]ext=extparam modify extensions"
+ " (! indicate s criticality)\n"));
+#ifdef LDAP_GROUP_TRANSACTION
+ fprintf( stderr,
+ _(" [!]txn (transaction)\n"));
+#endif
+ fprintf( stderr, _(" -F force all changes records to be used\n"));
+ fprintf( stderr, _(" -S file write skipped modifications to `file'\n"));
+
+ tool_common_usage();
+ exit( EXIT_FAILURE );
+}
+
+
+const char options[] = "aE:FrS:"
+ "cd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
+
+int
+handle_private_option( int i )
+{
+ char *control, *cvalue;
+ int crit;
+
+ switch ( i ) {
+ case 'E': /* modify extensions */
+ if( protocol == LDAP_VERSION2 ) {
+ fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
+ prog, protocol );
+ exit( EXIT_FAILURE );
+ }
+
+ /* should be extended to support comma separated list of
+ * [!]key[=value] parameters, e.g. -E !foo,bar=567
+ */
+
+ crit = 0;
+ cvalue = NULL;
+ if( optarg[0] == '!' ) {
+ crit = 1;
+ optarg++;
+ }
+
+ control = ber_strdup( optarg );
+ if ( (cvalue = strchr( control, '=' )) != NULL ) {
+ *cvalue++ = '\0';
+ }
+
+#ifdef LDAP_GROUP_TRANSACTION
+ if( strcasecmp( control, "txn" ) == 0 ) {
+ /* Transaction */
+ if( txn ) {
+ fprintf( stderr,
+ _("txn control previously specified\n"));
+ exit( EXIT_FAILURE );
+ }
+ if( cvalue != NULL ) {
+ if( strcasecmp( cvalue, "abort" ) == 0 ) {
+ txnabort=1;
+ } else if( strcasecmp( cvalue, "commit" ) != 0 ) {
+ fprintf( stderr, _("Invalid value for txn control, %s\n"),
+ cvalue );
+ exit( EXIT_FAILURE );
+ }
+ }
+
+ txn = 1 + crit;
+ } else
+#endif
+ {
+ fprintf( stderr, _("Invalid modify extension name: %s\n"),
+ control );
+ usage();
+ }
+
+ case 'a': /* add */
+ ldapadd = 1;
+ break;
+
+ case 'F': /* force all changes records to be used */
+ force = 1;
+ break;
+
+ case 'r': /* replace (obsolete) */
+ break;
+
+ case 'S': /* skipped modifications to file */
+ if( rejfile != NULL ) {
+ fprintf( stderr, _("%s: -S previously specified\n"), prog );
+ exit( EXIT_FAILURE );
+ }
+ rejfile = ber_strdup( optarg );
+ break;
+
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+
+int
+main( int argc, char **argv )
+{
+#ifdef LDAP_GROUP_TRANSACTION
+ BerElement *txnber;
+ struct berval txnCookie = { 0, NULL };
+#endif
+ char *rbuf, *start, *rejbuf = NULL;
+ FILE *fp, *rejfp;
+ char *matched_msg, *error_msg;
+ int rc, retval;
+ int count, len;
+
+ tool_init();
+ prog = lutil_progname( "ldapmodify", argc, argv );
+
+ /* strncmp instead of strcmp since NT binaries carry .exe extension */
+ ldapadd = ( strncasecmp( prog, "ldapadd", sizeof("ldapadd")-1 ) == 0 );
+
+ tool_args( argc, argv );
+
+ if ( argc != optind ) usage();
+
+ if ( rejfile != NULL ) {
+ if (( rejfp = fopen( rejfile, "w" )) == NULL ) {
+ perror( rejfile );
+ return( EXIT_FAILURE );
+ }
+ } else {
+ rejfp = NULL;
+ }
+
+ if ( infile != NULL ) {
+ if (( fp = fopen( infile, "r" )) == NULL ) {
+ perror( infile );
+ return( EXIT_FAILURE );
+ }
+ } else {
+ fp = stdin;
+ }
+
+ if ( debug ) ldif_debug = debug;
+
+ ld = tool_conn_setup( not, 0 );
+
+ if ( !not ) {
+ if ( pw_file || want_bindpw ) {
+ if ( pw_file ) {
+ rc = lutil_get_filed_password( pw_file, &passwd );
+ if( rc ) return EXIT_FAILURE;
+ } else {
+ passwd.bv_val = getpassphrase( _("Enter LDAP Password: ") );
+ passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ }
+ }
+ tool_bind( ld );
+ }
+
+#ifdef LDAP_GROUP_TRANSACTION
+ if( txn ) {
+ struct berval *txnCookiep = &txnCookie;
+
+ /* create transaction */
+ rc = ldap_txn_create_s( ld, &txnCookiep, NULL, NULL );
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_txn_create_s" );
+ if( txn > 2 ) return EXIT_FAILURE;
+ txn = 0;
+ }
+ }
+#endif
+
+ if ( assertion || authzid || manageDIT || manageDSAit || noop
+#ifdef LDAP_GROUP_TRANSACTION
+ || txn
+#endif
+ || preread || postread )
+ {
+ int i = 0;
+ LDAPControl c[1];
+
+#ifdef LDAP_GROUP_TRANSACTION
+ if( txn ) {
+ int err;
+ txnber = ber_alloc_t( LBER_USE_DER );
+ if( txnber == NULL ) return EXIT_FAILURE;
+
+ err = ber_printf( txnber, "{o}", &txnCookie );
+ if( err == -1 ) {
+ ber_free( txnber, 1 );
+ fprintf( stderr, _("txn grouping control encoding error!\n") );
+ return EXIT_FAILURE;
+ }
+
+ err = ber_flatten2( txnber, &c[i].ldctl_value, 0 );
+ if( err == -1 ) return EXIT_FAILURE;
+
+ c[i].ldctl_oid = LDAP_CONTROL_GROUPING;
+ c[i].ldctl_iscritical = 1;
+ i++;
+ }
+#endif
+
+ tool_server_controls( ld, c, i );
+ }
+
+ rc = 0;
+ count = 0;
+ retval = 0;
+ while (( rc == 0 || contoper ) &&
+ ( rbuf = read_one_record( fp )) != NULL )
+ {
+ count++;
+
+ start = rbuf;
+
+ if ( rejfp ) {
+ len = strlen( rbuf );
+ if (( rejbuf = (char *)ber_memalloc( len+1 )) == NULL ) {
+ perror( "malloc" );
+ exit( EXIT_FAILURE );
+ }
+ memcpy( rejbuf, rbuf, len+1 );
+ }
+
+ rc = process_ldif_rec( start, count );
+
+ if ( rc ) retval = rc;
+ if ( rc && rejfp ) {
+ fprintf(rejfp, _("# Error: %s (%d)"), ldap_err2string(rc), rc);
+
+ matched_msg = NULL;
+ ldap_get_option(ld, LDAP_OPT_MATCHED_DN, &matched_msg);
+ if ( matched_msg != NULL ) {
+ if ( *matched_msg != '\0' ) {
+ fprintf( rejfp, _(", matched DN: %s"), matched_msg );
+ }
+ ldap_memfree( matched_msg );
+ }
+
+ error_msg = NULL;
+ ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &error_msg);
+ if ( error_msg != NULL ) {
+ if ( *error_msg != '\0' ) {
+ fprintf( rejfp, _(", additional info: %s"), error_msg );
+ }
+ ldap_memfree( error_msg );
+ }
+ fprintf( rejfp, "\n%s\n", rejbuf );
+ }
+
+ if (rejfp) ber_memfree( rejbuf );
+ ber_memfree( rbuf );
+ }
+
+#ifdef LDAP_GROUP_TRANSACTION
+ if( txn ) {
+ /* create transaction */
+ rc = ldap_txn_end_s( ld, &txnCookie, !txnabort, NULL, NULL );
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_txn_create_s" );
+ if( txn > 2 ) return EXIT_FAILURE;
+ txn = 0;
+ }
+ }
+#endif
+
+ if ( !not ) {
+ tool_unbind( ld );
+ }
+
+ if ( rejfp != NULL ) {
+ fclose( rejfp );
+ }
+
+ tool_destroy();
+ return( retval );
+}
+
+
+static int
+process_ldif_rec( char *rbuf, int count )
+{
+ char *line, *dn, *type, *newrdn, *newsup, *p;
+ int rc, linenum, modop, replicaport;
+ int expect_modop, expect_sep, expect_ct, expect_newrdn, expect_newsup;
+ int expect_deleteoldrdn, deleteoldrdn;
+ int saw_replica, use_record, new_entry, delete_entry, got_all;
+ LDAPMod **pmods;
+ int version;
+ struct berval val;
+ LDAPControl **pctrls;
+
+ new_entry = ldapadd;
+
+ rc = got_all = saw_replica = delete_entry = modop = expect_modop = 0;
+ expect_deleteoldrdn = expect_newrdn = expect_newsup = 0;
+ expect_sep = expect_ct = 0;
+ linenum = 0;
+ version = 0;
+ deleteoldrdn = 1;
+ use_record = force;
+ pmods = NULL;
+ pctrls = NULL;
+ dn = newrdn = newsup = NULL;
+
+ while ( rc == 0 && ( line = ldif_getline( &rbuf )) != NULL ) {
+ ++linenum;
+
+ if ( expect_sep && strcasecmp( line, T_MODSEPSTR ) == 0 ) {
+ expect_sep = 0;
+ expect_ct = 1;
+ continue;
+ }
+
+ if ( ldif_parse_line( line, &type, &val.bv_val, &val.bv_len ) < 0 ) {
+ fprintf( stderr, _("%s: invalid format (line %d) entry: \"%s\"\n"),
+ prog, linenum, dn == NULL ? "" : dn );
+ rc = LDAP_PARAM_ERROR;
+ break;
+ }
+
+ if ( dn == NULL ) {
+ if ( !use_record && strcasecmp( type, T_REPLICA_STR ) == 0 ) {
+ ++saw_replica;
+ if (( p = strchr( val.bv_val, ':' )) == NULL ) {
+ replicaport = 0;
+ } else {
+ *p++ = '\0';
+ if ( lutil_atoi( &replicaport, p ) != 0 ) {
+ fprintf( stderr, _("%s: unable to parse replica port \"%s\" (line %d) entry: \"%s\"\n"),
+ prog, p, linenum, dn == NULL ? "" : dn );
+ rc = LDAP_PARAM_ERROR;
+ break;
+ }
+ }
+ if ( ldaphost != NULL &&
+ strcasecmp( val.bv_val, ldaphost ) == 0 &&
+ replicaport == ldapport )
+ {
+ use_record = 1;
+ }
+ } else if ( count == 1 && linenum == 1 &&
+ strcasecmp( type, T_VERSION_STR ) == 0 )
+ {
+ int v;
+ if( val.bv_len == 0 || lutil_atoi( &v, val.bv_val) != 0 || v != 1 ) {
+ fprintf( stderr,
+ _("%s: invalid version %s, line %d (ignored)\n"),
+ prog, val.bv_val, linenum );
+ }
+ version++;
+
+ } else if ( strcasecmp( type, T_DN_STR ) == 0 ) {
+ if (( dn = ber_strdup( val.bv_val )) == NULL ) {
+ perror( "strdup" );
+ exit( EXIT_FAILURE );
+ }
+ expect_ct = 1;
+ }
+ goto end_line; /* skip all lines until we see "dn:" */
+ }
+
+ if ( expect_ct ) {
+ /* Check for "control" tag after dn and before changetype. */
+ if (strcasecmp(type, T_CONTROL_STR) == 0) {
+ /* Parse and add it to the list of controls */
+ rc = parse_ldif_control( line, &pctrls );
+ if (rc != 0) {
+ fprintf( stderr,
+ _("%s: Error processing %s line, line %d: %s\n"),
+ prog, T_CONTROL_STR, linenum, ldap_err2string(rc) );
+ }
+ goto end_line;
+ }
+
+ expect_ct = 0;
+ if ( !use_record && saw_replica ) {
+ printf(_("%s: skipping change record for entry: %s\n"),
+ prog, dn);
+ printf(_("\t(LDAP host/port does not match replica: lines)\n"));
+ ber_memfree( dn );
+ ber_memfree( type );
+ ber_memfree( val.bv_val );
+ return( 0 );
+ }
+
+ if ( strcasecmp( type, T_CHANGETYPESTR ) == 0 ) {
+#ifdef LIBERAL_CHANGETYPE_MODOP
+ /* trim trailing spaces (and log warning ...) */
+ int icnt;
+ for ( icnt = val.bv_len; --icnt > 0; ) {
+ if ( !isspace( (unsigned char) val.bv_val[icnt] ) ) {
+ break;
+ }
+ }
+
+ if ( ++icnt != val.bv_len ) {
+ fprintf( stderr, _("%s: illegal trailing space after"
+ " \"%s: %s\" trimmed (line %d of entry \"%s\")\n"),
+ prog, T_CHANGETYPESTR, val.bv_val, linenum, dn );
+ val.bv_val[icnt] = '\0';
+ }
+#endif /* LIBERAL_CHANGETYPE_MODOP */
+
+ if ( strcasecmp( val.bv_val, T_MODIFYCTSTR ) == 0 ) {
+ new_entry = 0;
+ expect_modop = 1;
+ } else if ( strcasecmp( val.bv_val, T_ADDCTSTR ) == 0 ) {
+ new_entry = 1;
+ } else if ( strcasecmp( val.bv_val, T_MODRDNCTSTR ) == 0
+ || strcasecmp( val.bv_val, T_MODDNCTSTR ) == 0
+ || strcasecmp( val.bv_val, T_RENAMECTSTR ) == 0)
+ {
+ expect_newrdn = 1;
+ } else if ( strcasecmp( val.bv_val, T_DELETECTSTR ) == 0 ) {
+ got_all = delete_entry = 1;
+ } else {
+ fprintf( stderr,
+ _("%s: unknown %s \"%s\" (line %d of entry \"%s\")\n"),
+ prog, T_CHANGETYPESTR, val.bv_val, linenum, dn );
+ rc = LDAP_PARAM_ERROR;
+ }
+ goto end_line;
+ } else if ( ldapadd ) { /* missing changetype => add */
+ new_entry = 1;
+ modop = LDAP_MOD_ADD;
+ } else {
+ expect_modop = 1; /* missing changetype => modify */
+ }
+ }
+
+ if ( expect_modop ) {
+#ifdef LIBERAL_CHANGETYPE_MODOP
+ /* trim trailing spaces (and log warning ...) */
+ int icnt;
+ for ( icnt = val.bv_len; --icnt > 0; ) {
+ if ( !isspace( (unsigned char) val.bv_val[icnt] ) ) break;
+ }
+
+ if ( ++icnt != val.bv_len ) {
+ fprintf( stderr, _("%s: illegal trailing space after"
+ " \"%s: %s\" trimmed (line %d of entry \"%s\")\n"),
+ prog, type, val.bv_val, linenum, dn );
+ val.bv_val[icnt] = '\0';
+ }
+#endif /* LIBERAL_CHANGETYPE_MODOP */
+
+ expect_modop = 0;
+ expect_sep = 1;
+ if ( strcasecmp( type, T_MODOPADDSTR ) == 0 ) {
+ modop = LDAP_MOD_ADD;
+ goto end_line;
+ } else if ( strcasecmp( type, T_MODOPREPLACESTR ) == 0 ) {
+ modop = LDAP_MOD_REPLACE;
+ addmodifyop( &pmods, modop, val.bv_val, NULL );
+ goto end_line;
+ } else if ( strcasecmp( type, T_MODOPDELETESTR ) == 0 ) {
+ modop = LDAP_MOD_DELETE;
+ addmodifyop( &pmods, modop, val.bv_val, NULL );
+ goto end_line;
+ } else if ( strcasecmp( type, T_MODOPINCREMENTSTR ) == 0 ) {
+ modop = LDAP_MOD_INCREMENT;
+ addmodifyop( &pmods, modop, val.bv_val, NULL );
+ goto end_line;
+ } else { /* no modify op: use default */
+ modop = ldapadd ? LDAP_MOD_ADD : LDAP_MOD_REPLACE;
+ }
+ }
+
+ if ( expect_newrdn ) {
+ if ( strcasecmp( type, T_NEWRDNSTR ) == 0 ) {
+ if (( newrdn = ber_strdup( val.bv_val )) == NULL ) {
+ perror( "strdup" );
+ exit( EXIT_FAILURE );
+ }
+ expect_deleteoldrdn = 1;
+ expect_newrdn = 0;
+ } else {
+ fprintf( stderr, _("%s: expecting \"%s:\" but saw"
+ " \"%s:\" (line %d of entry \"%s\")\n"),
+ prog, T_NEWRDNSTR, type, linenum, dn );
+ rc = LDAP_PARAM_ERROR;
+ }
+ } else if ( expect_deleteoldrdn ) {
+ if ( strcasecmp( type, T_DELETEOLDRDNSTR ) == 0 ) {
+ deleteoldrdn = ( *val.bv_val == '0' ) ? 0 : 1;
+ expect_deleteoldrdn = 0;
+ expect_newsup = 1;
+ got_all = 1;
+ } else {
+ fprintf( stderr, _("%s: expecting \"%s:\" but saw"
+ " \"%s:\" (line %d of entry \"%s\")\n"),
+ prog, T_DELETEOLDRDNSTR, type, linenum, dn );
+ rc = LDAP_PARAM_ERROR;
+ }
+ } else if ( expect_newsup ) {
+ if ( strcasecmp( type, T_NEWSUPSTR ) == 0 ) {
+ if (( newsup = ber_strdup( val.bv_val )) == NULL ) {
+ perror( "strdup" );
+ exit( EXIT_FAILURE );
+ }
+ expect_newsup = 0;
+ } else {
+ fprintf( stderr, _("%s: expecting \"%s:\" but saw"
+ " \"%s:\" (line %d of entry \"%s\")\n"),
+ prog, T_NEWSUPSTR, type, linenum, dn );
+ rc = LDAP_PARAM_ERROR;
+ }
+ } else if ( got_all ) {
+ fprintf( stderr,
+ _("%s: extra lines at end (line %d of entry \"%s\")\n"),
+ prog, linenum, dn );
+ rc = LDAP_PARAM_ERROR;
+ } else {
+ if ( new_entry && strcasecmp( type, T_DN_STR ) == 0 ) {
+ fprintf( stderr, _("%s: attributeDescription \"%s\":"
+ " (possible missing newline"
+ " after line %d of entry \"%s\"?)\n"),
+ prog, type, linenum - 1, dn );
+ }
+ addmodifyop( &pmods, modop, type, &val );
+ }
+
+end_line:
+ ber_memfree( type );
+ ber_memfree( val.bv_val );
+ }
+
+ if( linenum == 0 ) {
+ return 0;
+ }
+
+ if( version && linenum == 1 ) {
+ return 0;
+ }
+
+ /* If default controls are set (as with -M option) and controls are
+ specified in the LDIF file, we must add the default controls to
+ the list of controls sent with the ldap operation.
+ */
+ if ( rc == 0 ) {
+ if (pctrls) {
+ LDAPControl **defctrls = NULL; /* Default server controls */
+ LDAPControl **newctrls = NULL;
+ ldap_get_option(ld, LDAP_OPT_SERVER_CONTROLS, &defctrls);
+ if (defctrls) {
+ int npc=0; /* Num of LDIF controls */
+ int ndefc=0; /* Num of default controls */
+ while (pctrls[npc]) npc++; /* Count LDIF controls */
+ while (defctrls[ndefc]) ndefc++; /* Count default controls */
+ newctrls = ber_memrealloc(pctrls,
+ (npc+ndefc+1)*sizeof(LDAPControl*));
+
+ if (newctrls == NULL) {
+ rc = LDAP_NO_MEMORY;
+ } else {
+ int i;
+ pctrls = newctrls;
+ for (i=npc; i<npc+ndefc; i++) {
+ pctrls[i] = ldap_control_dup(defctrls[i-npc]);
+ if (pctrls[i] == NULL) {
+ rc = LDAP_NO_MEMORY;
+ break;
+ }
+ }
+ pctrls[npc+ndefc] = NULL;
+ }
+ ldap_controls_free(defctrls); /* Must be freed by library */
+ }
+ }
+ }
+
+
+ if ( rc == 0 ) {
+ if ( delete_entry ) {
+ rc = dodelete( dn, pctrls );
+ } else if ( newrdn != NULL ) {
+ rc = dorename( dn, newrdn, newsup, deleteoldrdn, pctrls );
+ } else {
+ rc = domodify( dn, pmods, pctrls, new_entry );
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ rc = 0;
+ }
+ }
+
+ if ( dn != NULL ) {
+ ber_memfree( dn );
+ }
+ if ( newrdn != NULL ) {
+ ber_memfree( newrdn );
+ }
+ if ( newsup != NULL ) {
+ ber_memfree( newsup );
+ }
+ if ( pmods != NULL ) {
+ ldap_mods_free( pmods, 1 );
+ }
+ if (pctrls != NULL) {
+ ldap_controls_free( pctrls );
+ }
+
+ return( rc );
+}
+
+/* Parse an LDIF control line of the form
+ control: oid [true/false] [: value] or
+ control: oid [true/false] [:: base64-value] or
+ control: oid [true/false] [:< url]
+ The control is added to the list of controls in *ppctrls.
+*/
+static int
+parse_ldif_control(
+ char *line,
+ LDAPControl ***ppctrls )
+{
+ char *oid = NULL;
+ int criticality = 0; /* Default is false if not present */
+ char *type=NULL;
+ char *val = NULL;
+ ber_len_t value_len = 0;
+ int i, rc=0;
+ char *s, *oidStart, *pcolon;
+ LDAPControl *newctrl = NULL;
+ LDAPControl **pctrls = NULL;
+
+ if (ppctrls) pctrls = *ppctrls;
+ s = line + strlen(T_CONTROL_STR); /* Skip over "control" */
+ pcolon = s; /* Save this position for later */
+ if (*s++ != ':') { /* Make sure colon follows */
+ return ( LDAP_PARAM_ERROR );
+ }
+ while (*s && isspace((unsigned char)*s)) {
+ s++; /* Skip white space before OID */
+ }
+
+ /* OID should come next. Validate and extract it. */
+ if (*s == 0) return ( LDAP_PARAM_ERROR );
+ oidStart = s;
+ while (isdigit((unsigned char)*s) || *s == '.') {
+ s++; /* OID should be digits or . */
+ }
+ if (s == oidStart) {
+ return ( LDAP_PARAM_ERROR ); /* OID was not present */
+ }
+ if (*s) { /* End of OID should be space or NULL */
+ if (!isspace((unsigned char)*s)) {
+ return ( LDAP_PARAM_ERROR ); /* else OID contained invalid chars */
+ }
+ *s++ = 0; /* Replace space with null to terminate */
+ }
+
+ oid = ber_strdup(oidStart);
+ if (oid == NULL) return ( LDAP_NO_MEMORY );
+
+ /* Optional Criticality field is next. */
+ while (*s && isspace((unsigned char)*s)) {
+ s++; /* Skip white space before criticality */
+ }
+ if (strncasecmp(s, "true", 4) == 0) {
+ criticality = 1;
+ s += 4;
+ }
+ else if (strncasecmp(s, "false", 5) == 0) {
+ criticality = 0;
+ s += 5;
+ }
+
+ /* Optional value field is next */
+ while (*s && isspace((unsigned char)*s)) {
+ s++; /* Skip white space before value */
+ }
+ if (*s) {
+ if (*s != ':') { /* If value is present, must start with : */
+ rc = LDAP_PARAM_ERROR;
+ goto cleanup;
+ }
+
+ /* Shift value down over OID and criticality so it's in the form
+ control: value
+ control:: base64-value
+ control:< url
+ Then we can use ldif_parse_line to extract and decode the value
+ */
+ while ( (*pcolon++ = *s++) != 0) { /* Shift value */
+ /* EMPTY */;
+ }
+ rc = ldif_parse_line(line, &type, &val, &value_len);
+ if (type) ber_memfree(type); /* Don't need this field*/
+ if (rc < 0) {
+ rc = LDAP_PARAM_ERROR;
+ goto cleanup;
+ }
+ }
+
+ /* Create a new LDAPControl structure. */
+ newctrl = (LDAPControl *)ber_memalloc(sizeof(LDAPControl));
+ if ( newctrl == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto cleanup;
+ }
+ newctrl->ldctl_oid = oid;
+ oid = NULL;
+ newctrl->ldctl_iscritical = criticality;
+ newctrl->ldctl_value.bv_len = value_len;
+ newctrl->ldctl_value.bv_val = val;
+ val = NULL;
+
+ /* Add the new control to the passed-in list of controls. */
+ i = 0;
+ if (pctrls) {
+ while ( pctrls[i] ) { /* Count the # of controls passed in */
+ i++;
+ }
+ }
+ /* Allocate 1 more slot for the new control and 1 for the NULL. */
+ pctrls = (LDAPControl **) ber_memrealloc(pctrls,
+ (i+2)*(sizeof(LDAPControl *)));
+ if (pctrls == NULL) {
+ rc = LDAP_NO_MEMORY;
+ goto cleanup;
+ }
+ pctrls[i] = newctrl;
+ newctrl = NULL;
+ pctrls[i+1] = NULL;
+ *ppctrls = pctrls;
+
+cleanup:
+ if (newctrl) {
+ if (newctrl->ldctl_oid) ber_memfree(newctrl->ldctl_oid);
+ if (newctrl->ldctl_value.bv_val) {
+ ber_memfree(newctrl->ldctl_value.bv_val);
+ }
+ ber_memfree(newctrl);
+ }
+ if (val) ber_memfree(val);
+ if (oid) ber_memfree(oid);
+
+ return( rc );
+}
+
+
+static void
+addmodifyop(
+ LDAPMod ***pmodsp,
+ int modop,
+ const char *attr,
+ struct berval *val )
+{
+ LDAPMod **pmods;
+ int i, j;
+
+ pmods = *pmodsp;
+ modop |= LDAP_MOD_BVALUES;
+
+ i = 0;
+ if ( pmods != NULL ) {
+ for ( ; pmods[ i ] != NULL; ++i ) {
+ if ( strcasecmp( pmods[ i ]->mod_type, attr ) == 0 &&
+ pmods[ i ]->mod_op == modop )
+ {
+ break;
+ }
+ }
+ }
+
+ if ( pmods == NULL || pmods[ i ] == NULL ) {
+ if (( pmods = (LDAPMod **)ber_memrealloc( pmods, (i + 2) *
+ sizeof( LDAPMod * ))) == NULL )
+ {
+ perror( "realloc" );
+ exit( EXIT_FAILURE );
+ }
+
+ *pmodsp = pmods;
+ pmods[ i + 1 ] = NULL;
+
+ pmods[ i ] = (LDAPMod *)ber_memcalloc( 1, sizeof( LDAPMod ));
+ if ( pmods[ i ] == NULL ) {
+ perror( "calloc" );
+ exit( EXIT_FAILURE );
+ }
+
+ pmods[ i ]->mod_op = modop;
+ pmods[ i ]->mod_type = ber_strdup( attr );
+ if ( pmods[ i ]->mod_type == NULL ) {
+ perror( "strdup" );
+ exit( EXIT_FAILURE );
+ }
+ }
+
+ if ( val != NULL ) {
+ j = 0;
+ if ( pmods[ i ]->mod_bvalues != NULL ) {
+ for ( ; pmods[ i ]->mod_bvalues[ j ] != NULL; ++j ) {
+ /* Empty */;
+ }
+ }
+
+ pmods[ i ]->mod_bvalues = (struct berval **) ber_memrealloc(
+ pmods[ i ]->mod_bvalues, (j + 2) * sizeof( struct berval * ));
+ if ( pmods[ i ]->mod_bvalues == NULL ) {
+ perror( "ber_realloc" );
+ exit( EXIT_FAILURE );
+ }
+
+ pmods[ i ]->mod_bvalues[ j + 1 ] = NULL;
+ pmods[ i ]->mod_bvalues[ j ] = ber_bvdup( val );
+ if ( pmods[ i ]->mod_bvalues[ j ] == NULL ) {
+ perror( "ber_bvdup" );
+ exit( EXIT_FAILURE );
+ }
+ }
+}
+
+
+static int
+domodify(
+ const char *dn,
+ LDAPMod **pmods,
+ LDAPControl **pctrls,
+ int newentry )
+{
+ int rc, i, j, k, notascii, op;
+ struct berval *bvp;
+
+ if ( dn == NULL ) {
+ fprintf( stderr, _("%s: no DN specified\n"), prog );
+ return( LDAP_PARAM_ERROR );
+ }
+
+ if ( pmods == NULL ) {
+ /* implement "touch" (empty sequence)
+ * modify operation (note that there
+ * is no symmetry with the UNIX command,
+ * since \"touch\" on a non-existent entry
+ * will fail)*/
+ printf( "warning: no attributes to %sadd (entry=\"%s\")\n",
+ newentry ? "" : "change or ", dn );
+
+ } else {
+ for ( i = 0; pmods[ i ] != NULL; ++i ) {
+ op = pmods[ i ]->mod_op & ~LDAP_MOD_BVALUES;
+ if( op == LDAP_MOD_ADD && ( pmods[i]->mod_bvalues == NULL )) {
+ fprintf( stderr,
+ _("%s: attribute \"%s\" has no values (entry=\"%s\")\n"),
+ prog, pmods[i]->mod_type, dn );
+ return LDAP_PARAM_ERROR;
+ }
+ }
+
+ if ( verbose ) {
+ for ( i = 0; pmods[ i ] != NULL; ++i ) {
+ op = pmods[ i ]->mod_op & ~LDAP_MOD_BVALUES;
+ printf( "%s %s:\n",
+ op == LDAP_MOD_REPLACE ? _("replace") :
+ op == LDAP_MOD_ADD ? _("add") :
+ op == LDAP_MOD_INCREMENT ? _("increment") :
+ op == LDAP_MOD_DELETE ? _("delete") :
+ _("unknown"),
+ pmods[ i ]->mod_type );
+
+ if ( pmods[ i ]->mod_bvalues != NULL ) {
+ for ( j = 0; pmods[ i ]->mod_bvalues[ j ] != NULL; ++j ) {
+ bvp = pmods[ i ]->mod_bvalues[ j ];
+ notascii = 0;
+ for ( k = 0; (unsigned long) k < bvp->bv_len; ++k ) {
+ if ( !isascii( bvp->bv_val[ k ] )) {
+ notascii = 1;
+ break;
+ }
+ }
+ if ( notascii ) {
+ printf( _("\tNOT ASCII (%ld bytes)\n"), bvp->bv_len );
+ } else {
+ printf( "\t%s\n", bvp->bv_val );
+ }
+ }
+ }
+ }
+ }
+ }
+
+ if ( newentry ) {
+ printf( "%sadding new entry \"%s\"\n", not ? "!" : "", dn );
+ } else {
+ printf( "%smodifying entry \"%s\"\n", not ? "!" : "", dn );
+ }
+
+ if ( !not ) {
+ int msgid;
+ if ( newentry ) {
+ rc = ldap_add_ext( ld, dn, pmods, pctrls, NULL, &msgid );
+ } else {
+ rc = ldap_modify_ext( ld, dn, pmods, pctrls, NULL, &msgid );
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ /* print error message about failed update including DN */
+ fprintf( stderr, _("%s: update failed: %s\n"), prog, dn );
+ ldap_perror( ld, newentry ? "ldap_add" : "ldap_modify" );
+ goto done;
+ } else if ( verbose ) {
+ printf( _("modify complete\n") );
+ }
+
+ rc = process_response( ld, msgid,
+ newentry ? "ldap_add" : "ldap_modify", dn );
+
+ } else {
+ rc = LDAP_SUCCESS;
+ }
+
+done:
+ putchar( '\n' );
+ return rc;
+}
+
+
+static int
+dodelete(
+ const char *dn,
+ LDAPControl **pctrls )
+{
+ int rc;
+ int msgid;
+
+ printf( _("%sdeleting entry \"%s\"\n"), not ? "!" : "", dn );
+ if ( !not ) {
+ rc = ldap_delete_ext( ld, dn, pctrls, NULL, &msgid );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, _("%s: delete failed: %s\n"), prog, dn );
+ ldap_perror( ld, "ldap_delete" );
+ goto done;
+ } else if ( verbose ) {
+ printf( _("delete complete") );
+ }
+
+ rc = process_response( ld, msgid, "ldap_delete", dn );
+
+ } else {
+ rc = LDAP_SUCCESS;
+ }
+
+done:
+ putchar( '\n' );
+ return( rc );
+}
+
+
+static int
+dorename(
+ const char *dn,
+ const char *newrdn,
+ const char* newsup,
+ int deleteoldrdn,
+ LDAPControl **pctrls )
+{
+ int rc;
+ int msgid;
+
+ printf( _("%smodifying rdn of entry \"%s\"\n"), not ? "!" : "", dn );
+ if ( verbose ) {
+ printf( _("\tnew RDN: \"%s\" (%skeep existing values)\n"),
+ newrdn, deleteoldrdn ? _("do not ") : "" );
+ }
+ if ( !not ) {
+ rc = ldap_rename( ld, dn, newrdn, newsup, deleteoldrdn,
+ pctrls, NULL, &msgid );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, _("%s: rename failed: %s\n"), prog, dn );
+ ldap_perror( ld, "ldap_rename" );
+ goto done;
+ } else {
+ printf( _("rename completed\n") );
+ }
+
+ rc = process_response( ld, msgid, "ldap_rename", dn );
+
+ } else {
+ rc = LDAP_SUCCESS;
+ }
+
+done:
+ putchar( '\n' );
+ return( rc );
+}
+
+static int process_response(
+ LDAP *ld,
+ int msgid,
+ const char *opstr,
+ const char *dn )
+{
+ LDAPMessage *res;
+ int rc = LDAP_OTHER;
+ struct timeval tv = { 0, 0 };
+
+ for ( ; ; ) {
+ tv.tv_sec = 0;
+ tv.tv_usec = 100000;
+
+ rc = ldap_result( ld, msgid,
+#ifdef LDAP_GROUP_TRANSACTION
+ txn ? 0 : 1,
+#else
+ 1,
+#endif
+ &tv, &res );
+ if ( tool_check_abandon( ld, msgid ) ) {
+ return LDAP_CANCELLED;
+ }
+
+ if ( rc == -1 ) {
+ ldap_get_option( ld, LDAP_OPT_ERROR_NUMBER, &rc );
+ tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL );
+ return rc;
+ }
+
+ if ( rc != 0 ) {
+ break;
+ }
+ }
+
+ if ( ldap_msgtype( res ) != LDAP_RES_INTERMEDIATE ) {
+ rc = ldap_result2error( ld, res, 1 );
+ if( rc != LDAP_SUCCESS ) ldap_perror( ld, opstr );
+ return rc;
+ }
+
+#ifdef LDAP_GROUP_TRANSACTION
+ /* assume (successful) transaction intermediate response */
+ return LDAP_SUCCESS;
+
+#else
+ /* intermediate response? */
+ return LDAP_DECODING_ERROR;
+#endif
+}
+
+static char *
+read_one_record( FILE *fp )
+{
+ char *buf, line[ LDAPMOD_MAXLINE ];
+ int lcur, lmax;
+
+ lcur = lmax = 0;
+ buf = NULL;
+
+ while ( fgets( line, sizeof(line), fp ) != NULL ) {
+ int len = strlen( line );
+
+ if( len < 2 || ( len == 2 && *line == '\r' )) {
+ if( buf == NULL ) {
+ continue;
+ } else {
+ break;
+ }
+ }
+
+ if ( lcur + len + 1 > lmax ) {
+ lmax = LDAPMOD_MAXLINE
+ * (( lcur + len + 1 ) / LDAPMOD_MAXLINE + 1 );
+
+ if (( buf = (char *)ber_memrealloc( buf, lmax )) == NULL ) {
+ perror( "realloc" );
+ exit( EXIT_FAILURE );
+ }
+ }
+
+ strcpy( buf + lcur, line );
+ lcur += len;
+ }
+
+ return( buf );
+}
+
+
Added: openldap/vendor/openldap-2.3.35/clients/tools/ldapmodrdn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/clients/tools/ldapmodrdn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/clients/tools/ldapmodrdn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,323 @@
+/* ldapmodrdn.c - generic program to modify an entry's RDN using LDAP */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapmodrdn.c,v 1.106.2.6 2007/01/02 21:43:41 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * Portions Copyright 1998-2001 Net Boolean Incorporated.
+ * Portions Copyright 2001-2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright 1999, Juan C. Gomez, All rights reserved.
+ * This software is not subject to any license of Silicon Graphics
+ * Inc. or Purdue University.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * without restriction or fee of any kind as long as this notice
+ * is preserved.
+ */
+/* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission. This
+ * software is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP). Additional significant contributors
+ * include:
+ * Kurt D. Zeilenga
+ * Juan C Gomez
+ */
+
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/time.h>
+
+#include <ldap.h>
+#include "lutil.h"
+#include "lutil_ldap.h"
+#include "ldap_defaults.h"
+
+#include "common.h"
+
+
+static char *newSuperior = NULL;
+static int remove_old_RDN = 0;
+
+
+static int domodrdn(
+ LDAP *ld,
+ char *dn,
+ char *rdn,
+ char *newSuperior,
+ int remove ); /* flag: remove old RDN */
+
+void
+usage( void )
+{
+ fprintf( stderr, _("Rename LDAP entries\n\n"));
+ fprintf( stderr, _("usage: %s [options] [dn rdn]\n"), prog);
+ fprintf( stderr, _(" dn rdn: If given, rdn will replace the RDN of the entry specified by DN\n"));
+ fprintf( stderr, _(" If not given, the list of modifications is read from stdin or\n"));
+ fprintf( stderr, _(" from the file specified by \"-f file\" (see man page).\n"));
+ fprintf( stderr, _("Rename options:\n"));
+ fprintf( stderr, _(" -r remove old RDN\n"));
+ fprintf( stderr, _(" -s newsup new superior entry\n"));
+ tool_common_usage();
+ exit( EXIT_FAILURE );
+}
+
+
+const char options[] = "rs:"
+ "cd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
+
+int
+handle_private_option( int i )
+{
+ switch ( i ) {
+#if 0
+ int crit;
+ char *control, *cvalue;
+ case 'E': /* modrdn extensions */
+ if( protocol == LDAP_VERSION2 ) {
+ fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
+ prog, version );
+ exit( EXIT_FAILURE );
+ }
+
+ /* should be extended to support comma separated list of
+ * [!]key[=value] parameters, e.g. -E !foo,bar=567
+ */
+
+ crit = 0;
+ cvalue = NULL;
+ if( optarg[0] == '!' ) {
+ crit = 1;
+ optarg++;
+ }
+
+ control = strdup( optarg );
+ if ( (cvalue = strchr( control, '=' )) != NULL ) {
+ *cvalue++ = '\0';
+ }
+ fprintf( stderr, _("Invalid modrdn extension name: %s\n"), control );
+ usage();
+#endif
+
+ case 'r': /* remove old RDN */
+ remove_old_RDN++;
+ break;
+
+ case 's': /* newSuperior */
+ if( protocol == LDAP_VERSION2 ) {
+ fprintf( stderr, _("%s: -X incompatible with LDAPv%d\n"),
+ prog, protocol );
+ exit( EXIT_FAILURE );
+ }
+ newSuperior = strdup( optarg );
+ protocol = LDAP_VERSION3;
+ break;
+
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+
+int
+main(int argc, char **argv)
+{
+ char *entrydn = NULL, *rdn = NULL, buf[ 4096 ];
+ FILE *fp;
+ LDAP *ld;
+ int rc, retval, havedn;
+
+ tool_init();
+ prog = lutil_progname( "ldapmodrdn", argc, argv );
+
+ tool_args( argc, argv );
+
+ havedn = 0;
+ if (argc - optind == 2) {
+ if (( rdn = strdup( argv[argc - 1] )) == NULL ) {
+ perror( "strdup" );
+ return( EXIT_FAILURE );
+ }
+ if (( entrydn = strdup( argv[argc - 2] )) == NULL ) {
+ perror( "strdup" );
+ return( EXIT_FAILURE );
+ }
+ ++havedn;
+ } else if ( argc - optind != 0 ) {
+ fprintf( stderr, _("%s: invalid number of arguments (%d), only two allowed\n"), prog, argc-optind );
+ usage();
+ }
+
+ if ( infile != NULL ) {
+ if (( fp = fopen( infile, "r" )) == NULL ) {
+ perror( infile );
+ return( EXIT_FAILURE );
+ }
+ } else {
+ fp = stdin;
+ }
+
+ ld = tool_conn_setup( 0, 0 );
+
+ if ( pw_file || want_bindpw ) {
+ if ( pw_file ) {
+ rc = lutil_get_filed_password( pw_file, &passwd );
+ if( rc ) return EXIT_FAILURE;
+ } else {
+ passwd.bv_val = getpassphrase( _("Enter LDAP Password: ") );
+ passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ }
+ }
+
+ tool_bind( ld );
+
+ if ( assertion || authzid || manageDSAit || noop ) {
+ tool_server_controls( ld, NULL, 0 );
+ }
+
+ retval = rc = 0;
+ if (havedn)
+ retval = domodrdn( ld, entrydn, rdn, newSuperior, remove_old_RDN );
+ else while ((rc == 0 || contoper) && fgets(buf, sizeof(buf), fp) != NULL) {
+ if ( *buf != '\n' ) { /* blank lines optional, skip */
+ buf[ strlen( buf ) - 1 ] = '\0'; /* remove nl */
+
+ if ( havedn ) { /* have DN, get RDN */
+ if (( rdn = strdup( buf )) == NULL ) {
+ perror( "strdup" );
+ return( EXIT_FAILURE );
+ }
+ rc = domodrdn(ld, entrydn, rdn, newSuperior, remove_old_RDN );
+ if ( rc != 0 )
+ retval = rc;
+ havedn = 0;
+ } else if ( !havedn ) { /* don't have DN yet */
+ if (( entrydn = strdup( buf )) == NULL ) {
+ perror( "strdup" );
+ return( EXIT_FAILURE );
+ }
+ ++havedn;
+ }
+ }
+ }
+
+ tool_unbind( ld );
+ tool_destroy();
+ return( retval );
+}
+
+static int domodrdn(
+ LDAP *ld,
+ char *dn,
+ char *rdn,
+ char *newSuperior,
+ int remove ) /* flag: remove old RDN */
+{
+ int rc, code, id;
+ char *matcheddn=NULL, *text=NULL, **refs=NULL;
+ LDAPMessage *res;
+
+ if ( verbose ) {
+ printf( _("Renaming \"%s\"\n"), dn );
+ printf( _("\tnew rdn=\"%s\" (%s old rdn)\n"),
+ rdn, remove ? _("delete") : _("keep") );
+ if( newSuperior != NULL ) {
+ printf(_("\tnew parent=\"%s\"\n"), newSuperior);
+ }
+ }
+
+ if( not ) return LDAP_SUCCESS;
+
+ rc = ldap_rename( ld, dn, rdn, newSuperior, remove,
+ NULL, NULL, &id );
+
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: ldap_rename: %s (%d)\n",
+ prog, ldap_err2string( rc ), rc );
+ return rc;
+ }
+
+ for ( ; ; ) {
+ struct timeval tv = { 0, 0 };
+
+ if ( tool_check_abandon( ld, id ) ) {
+ return LDAP_CANCELLED;
+ }
+
+ tv.tv_sec = 0;
+ tv.tv_usec = 100000;
+
+ rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
+ if ( rc < 0 ) {
+ ldap_perror( ld, "ldapmodrdn: ldap_result" );
+ return rc;
+ }
+
+ if ( rc != 0 ) {
+ break;
+ }
+ }
+
+ rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 1 );
+
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n",
+ prog, ldap_err2string( rc ), rc );
+ return rc;
+ }
+
+ if( verbose || code != LDAP_SUCCESS ||
+ (matcheddn && *matcheddn) || (text && *text) || (refs && *refs) )
+ {
+ printf( _("Rename Result: %s (%d)\n"),
+ ldap_err2string( code ), code );
+
+ if( text && *text ) {
+ printf( _("Additional info: %s\n"), text );
+ }
+
+ if( matcheddn && *matcheddn ) {
+ printf( _("Matched DN: %s\n"), matcheddn );
+ }
+
+ if( refs ) {
+ int i;
+ for( i=0; refs[i]; i++ ) {
+ printf(_("Referral: %s\n"), refs[i] );
+ }
+ }
+ }
+
+ ber_memfree( text );
+ ber_memfree( matcheddn );
+ ber_memvfree( (void **) refs );
+
+ return code;
+}
Added: openldap/vendor/openldap-2.3.35/clients/tools/ldappasswd.c
===================================================================
--- openldap/vendor/openldap-2.3.35/clients/tools/ldappasswd.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/clients/tools/ldappasswd.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,418 @@
+/* ldappasswd -- a tool for change LDAP passwords */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldappasswd.c,v 1.127.2.6 2007/01/02 21:43:42 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * Portions Copyright 1998-2001 Net Boolean Incorporated.
+ * Portions Copyright 2001-2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission. This
+ * software is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * The original ldappasswd(1) tool was developed by Dave Storey (F5
+ * Network), based on other OpenLDAP client tools (which are, of
+ * course, based on U-MICH LDAP). This version was rewritten
+ * by Kurt D. Zeilenga (based on other OpenLDAP client tools).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include <ldap.h>
+#include "lutil.h"
+#include "lutil_ldap.h"
+#include "ldap_defaults.h"
+
+#include "common.h"
+
+
+static struct berval newpw = { 0, NULL };
+static struct berval oldpw = { 0, NULL };
+
+static int want_newpw = 0;
+static int want_oldpw = 0;
+
+static char *oldpwfile = NULL;
+static char *newpwfile = NULL;
+
+void
+usage( void )
+{
+ fprintf( stderr, _("Change password of an LDAP user\n\n"));
+ fprintf( stderr,_("usage: %s [options] [user]\n"), prog);
+ fprintf( stderr, _(" user: the authentication identity, commonly a DN\n"));
+ fprintf( stderr, _("Password change options:\n"));
+ fprintf( stderr, _(" -a secret old password\n"));
+ fprintf( stderr, _(" -A prompt for old password\n"));
+ fprintf( stderr, _(" -t file read file for old password\n"));
+ fprintf( stderr, _(" -s secret new password\n"));
+ fprintf( stderr, _(" -S prompt for new password\n"));
+ fprintf( stderr, _(" -T file read file for new password\n"));
+ tool_common_usage();
+ exit( EXIT_FAILURE );
+}
+
+
+const char options[] = "a:As:St:T:"
+ "d:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z";
+
+int
+handle_private_option( int i )
+{
+ switch ( i ) {
+#if 0
+ case 'E': /* passwd extensions */ {
+ int crit;
+ char *control, *cvalue;
+ if( protocol == LDAP_VERSION2 ) {
+ fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
+ prog, protocol );
+ exit( EXIT_FAILURE );
+ }
+
+ /* should be extended to support comma separated list of
+ * [!]key[=value] parameters, e.g. -E !foo,bar=567
+ */
+
+ crit = 0;
+ cvalue = NULL;
+ if( optarg[0] == '!' ) {
+ crit = 1;
+ optarg++;
+ }
+
+ control = strdup( optarg );
+ if ( (cvalue = strchr( control, '=' )) != NULL ) {
+ *cvalue++ = '\0';
+ }
+ fprintf( stderr, _("Invalid passwd extension name: %s\n"), control );
+ usage();
+ }
+#endif
+
+ case 'a': /* old password (secret) */
+ oldpw.bv_val = strdup( optarg );
+ {
+ char* p;
+ for( p = optarg; *p != '\0'; p++ ) {
+ *p = '\0';
+ }
+ }
+ oldpw.bv_len = strlen( oldpw.bv_val );
+ break;
+
+ case 'A': /* prompt for old password */
+ want_oldpw++;
+ break;
+
+ case 's': /* new password (secret) */
+ newpw.bv_val = strdup (optarg);
+ {
+ char* p;
+ for( p = optarg; *p != '\0'; p++ ) {
+ *p = '\0';
+ }
+ }
+ newpw.bv_len = strlen( newpw.bv_val );
+ break;
+
+ case 'S': /* prompt for user password */
+ want_newpw++;
+ break;
+
+ case 't':
+ oldpwfile = optarg;
+ break;
+
+ case 'T':
+ newpwfile = optarg;
+ break;
+
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+
+int
+main( int argc, char *argv[] )
+{
+ int rc;
+ char *user = NULL;
+
+ LDAP *ld = NULL;
+ struct berval bv = {0, NULL};
+ BerElement *ber = NULL;
+
+ int id, code = LDAP_OTHER;
+ LDAPMessage *res;
+ char *matcheddn = NULL, *text = NULL, **refs = NULL;
+ char *retoid = NULL;
+ struct berval *retdata = NULL;
+
+ tool_init();
+ prog = lutil_progname( "ldappasswd", argc, argv );
+
+ /* LDAPv3 only */
+ protocol = LDAP_VERSION3;
+
+ tool_args( argc, argv );
+
+ if( argc - optind > 1 ) {
+ usage();
+ } else if ( argc - optind == 1 ) {
+ user = strdup( argv[optind] );
+ } else {
+ user = NULL;
+ }
+
+ if( oldpwfile ) {
+ rc = lutil_get_filed_password( oldpwfile, &oldpw );
+ if( rc ) {
+ rc = EXIT_FAILURE;
+ goto done;
+ }
+ }
+
+ if( want_oldpw && oldpw.bv_val == NULL ) {
+ /* prompt for old password */
+ char *ckoldpw;
+ oldpw.bv_val = strdup(getpassphrase(_("Old password: ")));
+ ckoldpw = getpassphrase(_("Re-enter old password: "));
+
+ if( oldpw.bv_val == NULL || ckoldpw == NULL ||
+ strcmp( oldpw.bv_val, ckoldpw ))
+ {
+ fprintf( stderr, _("passwords do not match\n") );
+ rc = EXIT_FAILURE;
+ goto done;
+ }
+
+ oldpw.bv_len = strlen( oldpw.bv_val );
+ }
+
+ if( newpwfile ) {
+ rc = lutil_get_filed_password( newpwfile, &newpw );
+ if( rc ) {
+ rc = EXIT_FAILURE;
+ goto done;
+ }
+ }
+
+ if( want_newpw && newpw.bv_val == NULL ) {
+ /* prompt for new password */
+ char *cknewpw;
+ newpw.bv_val = strdup(getpassphrase(_("New password: ")));
+ cknewpw = getpassphrase(_("Re-enter new password: "));
+
+ if( newpw.bv_val == NULL || cknewpw == NULL ||
+ strcmp( newpw.bv_val, cknewpw ))
+ {
+ fprintf( stderr, _("passwords do not match\n") );
+ rc = EXIT_FAILURE;
+ goto done;
+ }
+
+ newpw.bv_len = strlen( newpw.bv_val );
+ }
+
+ if ( pw_file ) {
+ rc = lutil_get_filed_password( pw_file, &passwd );
+ if( rc ) {
+ rc = EXIT_FAILURE;
+ goto done;
+ }
+
+ } else if ( want_bindpw ) {
+ passwd.bv_val = getpassphrase( _("Enter LDAP Password: ") );
+ passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ }
+
+ ld = tool_conn_setup( 0, 0 );
+
+ tool_bind( ld );
+
+ if ( assertion || authzid || manageDSAit || noop ) {
+ tool_server_controls( ld, NULL, 0 );
+ }
+
+ if( user != NULL || oldpw.bv_val != NULL || newpw.bv_val != NULL ) {
+ /* build change password control */
+ ber = ber_alloc_t( LBER_USE_DER );
+
+ if( ber == NULL ) {
+ perror( "ber_alloc_t" );
+ rc = EXIT_FAILURE;
+ goto done;
+ }
+
+ ber_printf( ber, "{" /*}*/ );
+
+ if( user != NULL ) {
+ ber_printf( ber, "ts",
+ LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user );
+ free(user);
+ }
+
+ if( oldpw.bv_val != NULL ) {
+ ber_printf( ber, "tO",
+ LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw );
+ free(oldpw.bv_val);
+ }
+
+ if( newpw.bv_val != NULL ) {
+ ber_printf( ber, "tO",
+ LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw );
+ free(newpw.bv_val);
+ }
+
+ ber_printf( ber, /*{*/ "N}" );
+
+ rc = ber_flatten2( ber, &bv, 0 );
+
+ if( rc < 0 ) {
+ perror( "ber_flatten2" );
+ rc = EXIT_FAILURE;
+ goto done;
+ }
+ }
+
+ if ( not ) {
+ rc = LDAP_SUCCESS;
+ goto done;
+ }
+
+ rc = ldap_extended_operation( ld,
+ LDAP_EXOP_MODIFY_PASSWD, bv.bv_val ? &bv : NULL,
+ NULL, NULL, &id );
+
+ ber_free( ber, 1 );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_extended_operation" );
+ rc = EXIT_FAILURE;
+ goto done;
+ }
+
+ for ( ; ; ) {
+ struct timeval tv;
+
+ if ( tool_check_abandon( ld, id ) ) {
+ return LDAP_CANCELLED;
+ }
+
+ tv.tv_sec = 0;
+ tv.tv_usec = 100000;
+
+ rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
+ if ( rc < 0 ) {
+ ldap_perror( ld, "ldappasswd: ldap_result" );
+ return rc;
+ }
+
+ if ( rc != 0 ) {
+ break;
+ }
+ }
+
+ rc = ldap_parse_result( ld, res,
+ &code, &matcheddn, &text, &refs, NULL, 0 );
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_parse_result" );
+ rc = EXIT_FAILURE;
+ goto done;
+ }
+
+ rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 );
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_parse_extended_result" );
+ rc = EXIT_FAILURE;
+ goto done;
+ }
+
+ if( retdata != NULL ) {
+ ber_tag_t tag;
+ char *s;
+ ber = ber_init( retdata );
+
+ if( ber == NULL ) {
+ perror( "ber_init" );
+ rc = EXIT_FAILURE;
+ goto done;
+ }
+
+ /* we should check the tag */
+ tag = ber_scanf( ber, "{a}", &s);
+
+ if( tag == LBER_ERROR ) {
+ perror( "ber_scanf" );
+ } else {
+ printf(_("New password: %s\n"), s);
+ free( s );
+ }
+
+ ber_free( ber, 1 );
+ }
+
+ if( verbose || code != LDAP_SUCCESS || matcheddn || text || refs ) {
+ printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code );
+
+ if( text && *text ) {
+ printf( _("Additional info: %s\n"), text );
+ }
+
+ if( matcheddn && *matcheddn ) {
+ printf( _("Matched DN: %s\n"), matcheddn );
+ }
+
+ if( refs ) {
+ int i;
+ for( i=0; refs[i]; i++ ) {
+ printf(_("Referral: %s\n"), refs[i] );
+ }
+ }
+ }
+
+ ber_memfree( text );
+ ber_memfree( matcheddn );
+ ber_memvfree( (void **) refs );
+ ber_memfree( retoid );
+ ber_bvfree( retdata );
+
+ rc = ( code == LDAP_SUCCESS ) ? EXIT_SUCCESS : EXIT_FAILURE;
+
+done:
+ /* disconnect from server */
+ if ( ld )
+ tool_unbind( ld );
+ tool_destroy();
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/clients/tools/ldapsearch.c
===================================================================
--- openldap/vendor/openldap-2.3.35/clients/tools/ldapsearch.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/clients/tools/ldapsearch.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1622 @@
+/* ldapsearch -- a tool for searching LDAP directories */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapsearch.c,v 1.207.2.11 2007/01/02 21:43:42 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * Portions Copyright 1998-2001 Net Boolean Incorporated.
+ * Portions Copyright 2001-2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission. This
+ * software is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP). Additional significant contributors
+ * include:
+ * Jong Hyuk Choi
+ * Lynn Moss
+ * Mikhail Sahalaev
+ * Kurt D. Zeilenga
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/errno.h>
+#include <sys/stat.h>
+
+#include <ac/signal.h>
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif
+
+#include <ldap.h>
+
+#include "ldif.h"
+#include "lutil.h"
+#include "lutil_ldap.h"
+#include "ldap_defaults.h"
+#include "ldap_log.h"
+#include "ldap_pvt.h"
+
+#include "common.h"
+
+
+static int scope = LDAP_SCOPE_SUBTREE;
+static int deref = -1;
+static int attrsonly;
+static int timelimit = -1;
+static int sizelimit = -1;
+
+static char *def_tmpdir;
+static char *def_urlpre;
+
+#if defined(__CYGWIN__) || defined(__MINGW32__)
+/* Turn off commandline globbing, otherwise you cannot search for
+ * attribute '*'
+ */
+int _CRT_glob = 0;
+#endif
+
+void
+usage( void )
+{
+ fprintf( stderr, _("usage: %s [options] [filter [attributes...]]\nwhere:\n"), prog);
+ fprintf( stderr, _(" filter\tRFC-2254 compliant LDAP search filter\n"));
+ fprintf( stderr, _(" attributes\twhitespace-separated list of attribute descriptions\n"));
+ fprintf( stderr, _(" which may include:\n"));
+ fprintf( stderr, _(" 1.1 no attributes\n"));
+ fprintf( stderr, _(" * all user attributes\n"));
+ fprintf( stderr, _(" + all operational attributes\n"));
+
+
+ fprintf( stderr, _("Search options:\n"));
+ fprintf( stderr, _(" -a deref one of never (default), always, search, or find\n"));
+ fprintf( stderr, _(" -A retrieve attribute names only (no values)\n"));
+ fprintf( stderr, _(" -b basedn base dn for search\n"));
+ fprintf( stderr, _(" -E [!]<ext>[=<extparam>] search extensions (! indicates criticality)\n"));
+#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
+ fprintf( stderr, _(" [!]domainScope (domain scope)\n"));
+#endif
+ fprintf( stderr, _(" [!]mv=<filter> (matched values filter)\n"));
+#ifdef LDAP_CONTROL_PAGEDRESULTS
+ fprintf( stderr, _(" [!]pr=<size>[/prompt|noprompt] (paged results/prompt)\n"));
+#endif
+#ifdef LDAP_CONTROL_SUBENTRIES
+ fprintf( stderr, _(" [!]subentries[=true|false] (subentries)\n"));
+#endif
+ fprintf( stderr, _(" [!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)\n"));
+ fprintf( stderr, _(" rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)\n"));
+ fprintf( stderr, _(" -F prefix URL prefix for files (default: %s)\n"), def_urlpre);
+ fprintf( stderr, _(" -l limit time limit (in seconds, or \"none\" or \"max\") for search\n"));
+ fprintf( stderr, _(" -L print responses in LDIFv1 format\n"));
+ fprintf( stderr, _(" -LL print responses in LDIF format without comments\n"));
+ fprintf( stderr, _(" -LLL print responses in LDIF format without comments\n"));
+ fprintf( stderr, _(" and version\n"));
+#ifdef LDAP_SCOPE_SUBORDINATE
+ fprintf( stderr, _(" -s scope one of base, one, sub or children (search scope)\n"));
+#else /* ! LDAP_SCOPE_SUBORDINATE */
+ fprintf( stderr, _(" -s scope one of base, one, or sub (search scope)\n"));
+#endif /* ! LDAP_SCOPE_SUBORDINATE */
+ fprintf( stderr, _(" -S attr sort the results by attribute `attr'\n"));
+ fprintf( stderr, _(" -t write binary values to files in temporary directory\n"));
+ fprintf( stderr, _(" -tt write all values to files in temporary directory\n"));
+ fprintf( stderr, _(" -T path write files to directory specified by path (default: %s)\n"), def_tmpdir);
+ fprintf( stderr, _(" -u include User Friendly entry names in the output\n"));
+ fprintf( stderr, _(" -z limit size limit (in entries, or \"none\" or \"max\") for search\n"));
+ tool_common_usage();
+ exit( EXIT_FAILURE );
+}
+
+static void print_entry LDAP_P((
+ LDAP *ld,
+ LDAPMessage *entry,
+ int attrsonly));
+
+static void print_reference(
+ LDAP *ld,
+ LDAPMessage *reference );
+
+static void print_extended(
+ LDAP *ld,
+ LDAPMessage *extended );
+
+static void print_partial(
+ LDAP *ld,
+ LDAPMessage *partial );
+
+static int print_result(
+ LDAP *ld,
+ LDAPMessage *result,
+ int search );
+
+static void print_ctrls(
+ LDAPControl **ctrls );
+
+static int write_ldif LDAP_P((
+ int type,
+ char *name,
+ char *value,
+ ber_len_t vallen ));
+
+static int dosearch LDAP_P((
+ LDAP *ld,
+ char *base,
+ int scope,
+ char *filtpatt,
+ char *value,
+ char **attrs,
+ int attrsonly,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ struct timeval *timeout,
+ int sizelimit ));
+
+static char *tmpdir = NULL;
+static char *urlpre = NULL;
+static char *base = NULL;
+static char *sortattr = NULL;
+static int includeufn, vals2tmp = 0, ldif = 0;
+
+static int subentries = 0, valuesReturnFilter = 0;
+static char *vrFilter = NULL;
+
+#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
+static int domainScope = 0;
+#endif
+
+static int ldapsync = 0;
+static struct berval sync_cookie = { 0, NULL };
+static int sync_slimit = -1;
+
+#ifdef LDAP_CONTROL_PAGEDRESULTS
+static int pagedResults = 0;
+static int pagePrompt = 1;
+static ber_int_t pageSize = 0;
+static ber_int_t entriesLeft = 0;
+static ber_int_t morePagedResults = 1;
+static struct berval page_cookie = { 0, NULL };
+static int npagedresponses;
+static int npagedentries;
+static int npagedreferences;
+static int npagedextended;
+static int npagedpartial;
+
+static int parse_page_control(
+ LDAP *ld,
+ LDAPMessage *result,
+ struct berval *cookie );
+#endif
+
+static void
+urlize(char *url)
+{
+ char *p;
+
+ if (*LDAP_DIRSEP != '/') {
+ for (p = url; *p; p++) {
+ if (*p == *LDAP_DIRSEP)
+ *p = '/';
+ }
+ }
+}
+
+
+const char options[] = "a:Ab:cE:F:l:Ls:S:tT:uz:"
+ "Cd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
+
+int
+handle_private_option( int i )
+{
+ int crit, ival;
+ char *control, *cvalue, *next;
+ switch ( i ) {
+ case 'a': /* set alias deref option */
+ if ( strcasecmp( optarg, "never" ) == 0 ) {
+ deref = LDAP_DEREF_NEVER;
+ } else if ( strncasecmp( optarg, "search", sizeof("search")-1 ) == 0 ) {
+ deref = LDAP_DEREF_SEARCHING;
+ } else if ( strncasecmp( optarg, "find", sizeof("find")-1 ) == 0 ) {
+ deref = LDAP_DEREF_FINDING;
+ } else if ( strcasecmp( optarg, "always" ) == 0 ) {
+ deref = LDAP_DEREF_ALWAYS;
+ } else {
+ fprintf( stderr,
+ _("alias deref should be never, search, find, or always\n") );
+ usage();
+ }
+ break;
+ case 'A': /* retrieve attribute names only -- no values */
+ ++attrsonly;
+ break;
+ case 'b': /* search base */
+ base = ber_strdup( optarg );
+ break;
+ case 'E': /* search extensions */
+ if( protocol == LDAP_VERSION2 ) {
+ fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
+ prog, protocol );
+ exit( EXIT_FAILURE );
+ }
+
+ /* should be extended to support comma separated list of
+ * [!]key[=value] parameters, e.g. -E !foo,bar=567
+ */
+
+ crit = 0;
+ cvalue = NULL;
+ if( optarg[0] == '!' ) {
+ crit = 1;
+ optarg++;
+ }
+
+ control = ber_strdup( optarg );
+ if ( (cvalue = strchr( control, '=' )) != NULL ) {
+ *cvalue++ = '\0';
+ }
+
+ if ( strcasecmp( control, "mv" ) == 0 ) {
+ /* ValuesReturnFilter control */
+ if( valuesReturnFilter ) {
+ fprintf( stderr,
+ _("ValuesReturnFilter previously specified\n"));
+ exit( EXIT_FAILURE );
+ }
+ valuesReturnFilter= 1 + crit;
+
+ if ( cvalue == NULL ) {
+ fprintf( stderr,
+ _("missing filter in ValuesReturnFilter control\n"));
+ exit( EXIT_FAILURE );
+ }
+
+ vrFilter = cvalue;
+ protocol = LDAP_VERSION3;
+
+#ifdef LDAP_CONTROL_PAGEDRESULTS
+ } else if ( strcasecmp( control, "pr" ) == 0 ) {
+ int num, tmp;
+ /* PagedResults control */
+ if ( pagedResults != 0 ) {
+ fprintf( stderr,
+ _("PagedResultsControl previously specified\n") );
+ exit( EXIT_FAILURE );
+ }
+
+ if( cvalue != NULL ) {
+ char *promptp;
+
+ promptp = strchr( cvalue, '/' );
+ if ( promptp != NULL ) {
+ *promptp++ = '\0';
+ if ( strcasecmp( promptp, "prompt" ) == 0 ) {
+ pagePrompt = 1;
+ } else if ( strcasecmp( promptp, "noprompt" ) == 0) {
+ pagePrompt = 0;
+ } else {
+ fprintf( stderr,
+ _("Invalid value for PagedResultsControl,"
+ " %s/%s.\n"), cvalue, promptp );
+ exit( EXIT_FAILURE );
+ }
+ }
+ num = sscanf( cvalue, "%d", &tmp );
+ if ( num != 1 ) {
+ fprintf( stderr,
+ _("Invalid value for PagedResultsControl, %s.\n"),
+ cvalue );
+ exit( EXIT_FAILURE );
+ }
+ } else {
+ fprintf(stderr, _("Invalid value for PagedResultsControl.\n"));
+ exit( EXIT_FAILURE );
+ }
+ pageSize = (ber_int_t) tmp;
+ pagedResults = 1 + crit;
+
+#endif
+#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
+ } else if ( strcasecmp( control, "domainScope" ) == 0 ) {
+ if( domainScope ) {
+ fprintf( stderr,
+ _("domainScope control previously specified\n"));
+ exit( EXIT_FAILURE );
+ }
+ if( cvalue != NULL ) {
+ fprintf( stderr,
+ _("domainScope: no control value expected\n") );
+ usage();
+ }
+
+ domainScope = 1 + crit;
+#endif
+
+#ifdef LDAP_CONTROL_SUBENTRIES
+ } else if ( strcasecmp( control, "subentries" ) == 0 ) {
+ if( subentries ) {
+ fprintf( stderr,
+ _("subentries control previously specified\n"));
+ exit( EXIT_FAILURE );
+ }
+ if( cvalue == NULL || strcasecmp( cvalue, "true") == 0 ) {
+ subentries = 2;
+ } else if ( strcasecmp( cvalue, "false") == 0 ) {
+ subentries = 1;
+ } else {
+ fprintf( stderr,
+ _("subentries control value \"%s\" invalid\n"),
+ cvalue );
+ exit( EXIT_FAILURE );
+ }
+ if( crit ) subentries *= -1;
+#endif
+
+ } else if ( strcasecmp( control, "sync" ) == 0 ) {
+ char *cookiep;
+ char *slimitp;
+ if ( ldapsync ) {
+ fprintf( stderr, _("sync control previously specified\n") );
+ exit( EXIT_FAILURE );
+ }
+ if ( cvalue == NULL ) {
+ fprintf( stderr, _("missing specification of sync control\n"));
+ exit( EXIT_FAILURE );
+ }
+ if ( strncasecmp( cvalue, "ro", 2 ) == 0 ) {
+ ldapsync = LDAP_SYNC_REFRESH_ONLY;
+ cookiep = strchr( cvalue, '/' );
+ if ( cookiep != NULL ) {
+ cookiep++;
+ if ( *cookiep != '\0' ) {
+ ber_str2bv( cookiep, 0, 0, &sync_cookie );
+ }
+ }
+ } else if ( strncasecmp( cvalue, "rp", 2 ) == 0 ) {
+ ldapsync = LDAP_SYNC_REFRESH_AND_PERSIST;
+ cookiep = strchr( cvalue, '/' );
+ if ( cookiep != NULL ) {
+ *cookiep++ = '\0';
+ cvalue = cookiep;
+ }
+ slimitp = strchr( cvalue, '/' );
+ if ( slimitp != NULL ) {
+ *slimitp++ = '\0';
+ }
+ if ( cookiep != NULL && *cookiep != '\0' )
+ ber_str2bv( cookiep, 0, 0, &sync_cookie );
+ if ( slimitp != NULL && *slimitp != '\0' ) {
+ ival = strtol( slimitp, &next, 10 );
+ if ( next == NULL || next[0] != '\0' ) {
+ fprintf( stderr, _("Unable to parse sync control value \"%s\"\n"), slimitp );
+ exit( EXIT_FAILURE );
+ }
+ sync_slimit = ival;
+ }
+ } else {
+ fprintf( stderr, _("sync control value \"%s\" invalid\n"),
+ cvalue );
+ exit( EXIT_FAILURE );
+ }
+ if ( crit ) ldapsync *= -1;
+
+ } else {
+ fprintf( stderr, _("Invalid search extension name: %s\n"),
+ control );
+ usage();
+ }
+ break;
+ case 'F': /* uri prefix */
+ if( urlpre ) free( urlpre );
+ urlpre = strdup( optarg );
+ break;
+ case 'l': /* time limit */
+ if ( strcasecmp( optarg, "none" ) == 0 ) {
+ timelimit = 0;
+
+ } else if ( strcasecmp( optarg, "max" ) == 0 ) {
+ timelimit = LDAP_MAXINT;
+
+ } else {
+ ival = strtol( optarg, &next, 10 );
+ if ( next == NULL || next[0] != '\0' ) {
+ fprintf( stderr,
+ _("Unable to parse time limit \"%s\"\n"), optarg );
+ exit( EXIT_FAILURE );
+ }
+ timelimit = ival;
+ }
+ if( timelimit < 0 || timelimit > LDAP_MAXINT ) {
+ fprintf( stderr, _("%s: invalid timelimit (%d) specified\n"),
+ prog, timelimit );
+ exit( EXIT_FAILURE );
+ }
+ break;
+ case 'L': /* print entries in LDIF format */
+ ++ldif;
+ break;
+ case 's': /* search scope */
+ if ( strncasecmp( optarg, "base", sizeof("base")-1 ) == 0 ) {
+ scope = LDAP_SCOPE_BASE;
+ } else if ( strncasecmp( optarg, "one", sizeof("one")-1 ) == 0 ) {
+ scope = LDAP_SCOPE_ONELEVEL;
+#ifdef LDAP_SCOPE_SUBORDINATE
+ } else if (( strcasecmp( optarg, "subordinate" ) == 0 )
+ || ( strcasecmp( optarg, "children" ) == 0 ))
+ {
+ scope = LDAP_SCOPE_SUBORDINATE;
+#endif
+ } else if ( strncasecmp( optarg, "sub", sizeof("sub")-1 ) == 0 ) {
+ scope = LDAP_SCOPE_SUBTREE;
+ } else {
+ fprintf( stderr, _("scope should be base, one, or sub\n") );
+ usage();
+ }
+ break;
+ case 'S': /* sort attribute */
+ sortattr = strdup( optarg );
+ break;
+ case 't': /* write attribute values to TMPDIR files */
+ ++vals2tmp;
+ break;
+ case 'T': /* tmpdir */
+ if( tmpdir ) free( tmpdir );
+ tmpdir = strdup( optarg );
+ break;
+ case 'u': /* include UFN */
+ ++includeufn;
+ break;
+ case 'z': /* size limit */
+ if ( strcasecmp( optarg, "none" ) == 0 ) {
+ sizelimit = 0;
+
+ } else if ( strcasecmp( optarg, "max" ) == 0 ) {
+ sizelimit = LDAP_MAXINT;
+
+ } else {
+ ival = strtol( optarg, &next, 10 );
+ if ( next == NULL || next[0] != '\0' ) {
+ fprintf( stderr,
+ _("Unable to parse size limit \"%s\"\n"), optarg );
+ exit( EXIT_FAILURE );
+ }
+ sizelimit = ival;
+ }
+ if( sizelimit < 0 || sizelimit > LDAP_MAXINT ) {
+ fprintf( stderr, _("%s: invalid sizelimit (%d) specified\n"),
+ prog, sizelimit );
+ exit( EXIT_FAILURE );
+ }
+ break;
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+
+static void
+private_conn_setup( LDAP *ld )
+{
+ if (deref != -1 &&
+ ldap_set_option( ld, LDAP_OPT_DEREF, (void *) &deref )
+ != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr, _("Could not set LDAP_OPT_DEREF %d\n"), deref );
+ exit( EXIT_FAILURE );
+ }
+ if (timelimit > 0 &&
+ ldap_set_option( ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit )
+ != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr,
+ _("Could not set LDAP_OPT_TIMELIMIT %d\n"), timelimit );
+ exit( EXIT_FAILURE );
+ }
+ if (sizelimit > 0 &&
+ ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit )
+ != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr,
+ _("Could not set LDAP_OPT_SIZELIMIT %d\n"), sizelimit );
+ exit( EXIT_FAILURE );
+ }
+}
+
+int
+main( int argc, char **argv )
+{
+ char *filtpattern, **attrs = NULL, line[BUFSIZ];
+ FILE *fp = NULL;
+ int rc, i, first;
+ LDAP *ld = NULL;
+ BerElement *seber = NULL, *vrber = NULL, *prber = NULL;
+
+ BerElement *syncber = NULL;
+ struct berval *syncbvalp = NULL;
+
+ tool_init();
+
+#ifdef LDAP_CONTROL_PAGEDRESULTS
+ npagedresponses = npagedentries = npagedreferences =
+ npagedextended = npagedpartial = 0;
+#endif
+
+ prog = lutil_progname( "ldapsearch", argc, argv );
+
+ if((def_tmpdir = getenv("TMPDIR")) == NULL &&
+ (def_tmpdir = getenv("TMP")) == NULL &&
+ (def_tmpdir = getenv("TEMP")) == NULL )
+ {
+ def_tmpdir = LDAP_TMPDIR;
+ }
+
+ if ( !*def_tmpdir )
+ def_tmpdir = LDAP_TMPDIR;
+
+ def_urlpre = malloc( sizeof("file:////") + strlen(def_tmpdir) );
+
+ if( def_urlpre == NULL ) {
+ perror( "malloc" );
+ return EXIT_FAILURE;
+ }
+
+ sprintf( def_urlpre, "file:///%s/",
+ def_tmpdir[0] == *LDAP_DIRSEP ? &def_tmpdir[1] : def_tmpdir );
+
+ urlize( def_urlpre );
+
+ tool_args( argc, argv );
+
+ if (( argc - optind < 1 ) ||
+ ( *argv[optind] != '(' /*')'*/ &&
+ ( strchr( argv[optind], '=' ) == NULL ) ) )
+ {
+ filtpattern = "(objectclass=*)";
+ } else {
+ filtpattern = argv[optind++];
+ }
+
+ if ( argv[optind] != NULL ) {
+ attrs = &argv[optind];
+ }
+
+ if ( infile != NULL ) {
+ int percent = 0;
+
+ if ( infile[0] == '-' && infile[1] == '\0' ) {
+ fp = stdin;
+ } else if (( fp = fopen( infile, "r" )) == NULL ) {
+ perror( infile );
+ return EXIT_FAILURE;
+ }
+
+ for( i=0 ; filtpattern[i] ; i++ ) {
+ if( filtpattern[i] == '%' ) {
+ if( percent ) {
+ fprintf( stderr, _("Bad filter pattern \"%s\"\n"),
+ filtpattern );
+ return EXIT_FAILURE;
+ }
+
+ percent++;
+
+ if( filtpattern[i+1] != 's' ) {
+ fprintf( stderr, _("Bad filter pattern \"%s\"\n"),
+ filtpattern );
+ return EXIT_FAILURE;
+ }
+ }
+ }
+ }
+
+ if ( tmpdir == NULL ) {
+ tmpdir = def_tmpdir;
+
+ if ( urlpre == NULL )
+ urlpre = def_urlpre;
+ }
+
+ if( urlpre == NULL ) {
+ urlpre = malloc( sizeof("file:////") + strlen(tmpdir) );
+
+ if( urlpre == NULL ) {
+ perror( "malloc" );
+ return EXIT_FAILURE;
+ }
+
+ sprintf( urlpre, "file:///%s/",
+ tmpdir[0] == *LDAP_DIRSEP ? &tmpdir[1] : tmpdir );
+
+ urlize( urlpre );
+ }
+
+ if ( debug )
+ ldif_debug = debug;
+
+ ld = tool_conn_setup( 0, &private_conn_setup );
+
+ if ( pw_file || want_bindpw ) {
+ if ( pw_file ) {
+ rc = lutil_get_filed_password( pw_file, &passwd );
+ if( rc ) return EXIT_FAILURE;
+ } else {
+ passwd.bv_val = getpassphrase( _("Enter LDAP Password: ") );
+ passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ }
+ }
+
+ tool_bind( ld );
+
+getNextPage:
+ if ( assertion || authzid || manageDSAit || noop
+#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
+ || domainScope
+#endif
+#ifdef LDAP_CONTROL_PAGEDRESULTS
+ || pagedResults
+#endif
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ || chaining
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+ || ldapsync
+ || subentries || valuesReturnFilter )
+ {
+ int err;
+ int i=0;
+ LDAPControl c[10];
+
+#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
+ if ( domainScope ) {
+ c[i].ldctl_oid = LDAP_CONTROL_X_DOMAIN_SCOPE;
+ c[i].ldctl_value.bv_val = NULL;
+ c[i].ldctl_value.bv_len = 0;
+ c[i].ldctl_iscritical = domainScope > 1;
+ i++;
+ }
+#endif
+
+#ifdef LDAP_CONTROL_SUBENTRIES
+ if ( subentries ) {
+ if (( seber = ber_alloc_t(LBER_USE_DER)) == NULL ) {
+ return EXIT_FAILURE;
+ }
+
+ err = ber_printf( seber, "b", abs(subentries) == 1 ? 0 : 1 );
+ if ( err == -1 ) {
+ ber_free( seber, 1 );
+ fprintf( stderr, _("Subentries control encoding error!\n") );
+ return EXIT_FAILURE;
+ }
+
+ if ( ber_flatten2( seber, &c[i].ldctl_value, 0 ) == -1 ) {
+ return EXIT_FAILURE;
+ }
+
+ c[i].ldctl_oid = LDAP_CONTROL_SUBENTRIES;
+ c[i].ldctl_iscritical = subentries < 1;
+ i++;
+ }
+#endif
+
+ if ( ldapsync ) {
+ if (( syncber = ber_alloc_t(LBER_USE_DER)) == NULL ) {
+ return EXIT_FAILURE;
+ }
+
+ if ( sync_cookie.bv_len == 0 ) {
+ err = ber_printf( syncber, "{e}", abs(ldapsync) );
+ } else {
+ err = ber_printf( syncber, "{eO}", abs(ldapsync),
+ &sync_cookie );
+ }
+
+ if ( err == LBER_ERROR ) {
+ ber_free( syncber, 1 );
+ fprintf( stderr, _("ldap sync control encoding error!\n") );
+ return EXIT_FAILURE;
+ }
+
+ if ( ber_flatten( syncber, &syncbvalp ) == LBER_ERROR ) {
+ return EXIT_FAILURE;
+ }
+
+ c[i].ldctl_oid = LDAP_CONTROL_SYNC;
+ c[i].ldctl_value = (*syncbvalp);
+ c[i].ldctl_iscritical = ldapsync < 0;
+ i++;
+ }
+
+ if ( valuesReturnFilter ) {
+ if (( vrber = ber_alloc_t(LBER_USE_DER)) == NULL ) {
+ return EXIT_FAILURE;
+ }
+
+ if ( ( err = ldap_put_vrFilter( vrber, vrFilter ) ) == -1 ) {
+ ber_free( vrber, 1 );
+ fprintf( stderr, _("Bad ValuesReturnFilter: %s\n"), vrFilter );
+ return EXIT_FAILURE;
+ }
+
+ if ( ber_flatten2( vrber, &c[i].ldctl_value, 0 ) == -1 ) {
+ return EXIT_FAILURE;
+ }
+
+ c[i].ldctl_oid = LDAP_CONTROL_VALUESRETURNFILTER;
+ c[i].ldctl_iscritical = valuesReturnFilter > 1;
+ i++;
+ }
+
+#ifdef LDAP_CONTROL_PAGEDRESULTS
+ if ( pagedResults ) {
+ if (( prber = ber_alloc_t(LBER_USE_DER)) == NULL ) {
+ return EXIT_FAILURE;
+ }
+
+ ber_printf( prber, "{iO}", pageSize, &page_cookie );
+ if ( ber_flatten2( prber, &c[i].ldctl_value, 0 ) == -1 ) {
+ return EXIT_FAILURE;
+ }
+ if ( page_cookie.bv_val != NULL ) {
+ ber_memfree( page_cookie.bv_val );
+ page_cookie.bv_val = NULL;
+ }
+
+ c[i].ldctl_oid = LDAP_CONTROL_PAGEDRESULTS;
+ c[i].ldctl_iscritical = pagedResults > 1;
+ i++;
+ }
+#endif
+
+ tool_server_controls( ld, c, i );
+
+#ifdef LDAP_CONTROL_SUBENTRIES
+ ber_free( seber, 1 );
+#endif
+ ber_free( vrber, 1 );
+#ifdef LDAP_CONTROL_PAGEDRESULTS
+ ber_free( prber, 1 );
+#endif
+ }
+
+ if ( verbose ) {
+ fprintf( stderr, _("filter%s: %s\nrequesting: "),
+ infile != NULL ? _(" pattern") : "",
+ filtpattern );
+
+ if ( attrs == NULL ) {
+ fprintf( stderr, _("All userApplication attributes") );
+ } else {
+ for ( i = 0; attrs[ i ] != NULL; ++i ) {
+ fprintf( stderr, "%s ", attrs[ i ] );
+ }
+ }
+ fprintf( stderr, "\n" );
+ }
+
+ if ( ldif == 0 ) {
+ printf( _("# extended LDIF\n") );
+ } else if ( ldif < 3 ) {
+ printf( _("version: %d\n\n"), 1 );
+ }
+
+ if (ldif < 2 ) {
+ printf( "#\n" );
+ printf(_("# LDAPv%d\n"), protocol);
+ printf(_("# base <%s> with scope %s\n"),
+ base ? base : "",
+ ((scope == LDAP_SCOPE_BASE) ? "baseObject"
+ : ((scope == LDAP_SCOPE_ONELEVEL) ? "oneLevel"
+#ifdef LDAP_SCOPE_SUBORDINATE
+ : ((scope == LDAP_SCOPE_SUBORDINATE) ? "children"
+#endif
+ : "subtree"
+#ifdef LDAP_SCOPE_SUBORDINATE
+ )
+#endif
+ )));
+ printf(_("# filter%s: %s\n"), infile != NULL ? _(" pattern") : "",
+ filtpattern);
+ printf(_("# requesting: "));
+
+ if ( attrs == NULL ) {
+ printf( _("ALL") );
+ } else {
+ for ( i = 0; attrs[ i ] != NULL; ++i ) {
+ printf( "%s ", attrs[ i ] );
+ }
+ }
+
+ if ( manageDSAit ) {
+ printf(_("\n# with manageDSAit %scontrol"),
+ manageDSAit > 1 ? _("critical ") : "" );
+ }
+ if ( noop ) {
+ printf(_("\n# with noop %scontrol"),
+ noop > 1 ? _("critical ") : "" );
+ }
+ if ( subentries ) {
+ printf(_("\n# with subentries %scontrol: %s"),
+ subentries < 0 ? _("critical ") : "",
+ abs(subentries) == 1 ? "false" : "true" );
+ }
+ if ( valuesReturnFilter ) {
+ printf(_("\n# with valuesReturnFilter %scontrol: %s"),
+ valuesReturnFilter > 1 ? _("critical ") : "", vrFilter );
+ }
+#ifdef LDAP_CONTROL_PAGEDRESULTS
+ if ( pagedResults ) {
+ printf(_("\n# with pagedResults %scontrol: size=%d"),
+ (pagedResults > 1) ? _("critical ") : "",
+ pageSize );
+ }
+#endif
+
+ printf( _("\n#\n\n") );
+ }
+
+ if ( infile == NULL ) {
+ rc = dosearch( ld, base, scope, NULL, filtpattern,
+ attrs, attrsonly, NULL, NULL, NULL, -1 );
+
+ } else {
+ rc = 0;
+ first = 1;
+ while ( rc == 0 && fgets( line, sizeof( line ), fp ) != NULL ) {
+ line[ strlen( line ) - 1 ] = '\0';
+ if ( !first ) {
+ putchar( '\n' );
+ } else {
+ first = 0;
+ }
+ rc = dosearch( ld, base, scope, filtpattern, line,
+ attrs, attrsonly, NULL, NULL, NULL, -1 );
+ }
+ if ( fp != stdin ) {
+ fclose( fp );
+ }
+ }
+
+#ifdef LDAP_CONTROL_PAGEDRESULTS
+ if ( ( rc == LDAP_SUCCESS ) && ( pageSize != 0 ) && ( morePagedResults != 0 ) ) {
+ char buf[6];
+ int i, moreEntries, tmpSize;
+
+ /* Loop to get the next pages when
+ * enter is pressed on the terminal.
+ */
+ if ( pagePrompt != 0 ) {
+ if ( entriesLeft > 0 ) {
+ printf( _("Estimate entries: %d\n"), entriesLeft );
+ }
+ printf( _("Press [size] Enter for the next {%d|size} entries.\n"),
+ (int)pageSize );
+ i = 0;
+ moreEntries = getchar();
+ while ( moreEntries != EOF && moreEntries != '\n' ) {
+ if ( i < (int)sizeof(buf) - 1 ) {
+ buf[i] = moreEntries;
+ i++;
+ }
+ moreEntries = getchar();
+ }
+ buf[i] = '\0';
+
+ if ( i > 0 && isdigit( (unsigned char)buf[0] ) ) {
+ int num = sscanf( buf, "%d", &tmpSize );
+ if ( num != 1 ) {
+ fprintf( stderr, _("Invalid value for PagedResultsControl, %s.\n"), buf);
+ return EXIT_FAILURE;
+
+ }
+ pageSize = (ber_int_t)tmpSize;
+ }
+ }
+
+ goto getNextPage;
+ }
+#endif
+
+ tool_unbind( ld );
+ tool_destroy();
+ return( rc );
+}
+
+
+static int dosearch(
+ LDAP *ld,
+ char *base,
+ int scope,
+ char *filtpatt,
+ char *value,
+ char **attrs,
+ int attrsonly,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ struct timeval *timeout,
+ int sizelimit )
+{
+ char *filter;
+ int rc;
+ int nresponses;
+ int nentries;
+ int nreferences;
+ int nextended;
+ int npartial;
+ LDAPMessage *res, *msg;
+ ber_int_t msgid;
+ char *retoid = NULL;
+ struct berval *retdata = NULL;
+ int nresponses_psearch = -1;
+ int cancel_msgid = -1;
+
+ if( filtpatt != NULL ) {
+ filter = malloc( strlen( filtpatt ) + strlen( value ) );
+ if( filter == NULL ) {
+ perror( "malloc" );
+ return EXIT_FAILURE;
+ }
+
+ sprintf( filter, filtpatt, value );
+
+ if ( verbose ) {
+ fprintf( stderr, _("filter: %s\n"), filter );
+ }
+
+ if( ldif < 2 ) {
+ printf( _("#\n# filter: %s\n#\n"), filter );
+ }
+
+ } else {
+ filter = value;
+ }
+
+ if ( not ) {
+ return LDAP_SUCCESS;
+ }
+
+ rc = ldap_search_ext( ld, base, scope, filter, attrs, attrsonly,
+ sctrls, cctrls, timeout, sizelimit, &msgid );
+
+ if ( filtpatt != NULL ) {
+ free( filter );
+ }
+
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, _("%s: ldap_search_ext: %s (%d)\n"),
+ prog, ldap_err2string( rc ), rc );
+ return( rc );
+ }
+
+ nresponses = nentries = nreferences = nextended = npartial = 0;
+
+ res = NULL;
+
+ while ((rc = ldap_result( ld, LDAP_RES_ANY,
+ sortattr ? LDAP_MSG_ALL : LDAP_MSG_ONE,
+ NULL, &res )) > 0 )
+ {
+ rc = tool_check_abandon( ld, msgid );
+ if ( rc ) {
+ return rc;
+ }
+
+ if( sortattr ) {
+ (void) ldap_sort_entries( ld, &res,
+ ( *sortattr == '\0' ) ? NULL : sortattr, strcasecmp );
+ }
+
+ for ( msg = ldap_first_message( ld, res );
+ msg != NULL;
+ msg = ldap_next_message( ld, msg ) )
+ {
+ if ( nresponses++ ) putchar('\n');
+ if ( nresponses_psearch >= 0 )
+ nresponses_psearch++;
+
+ switch( ldap_msgtype( msg ) ) {
+ case LDAP_RES_SEARCH_ENTRY:
+ nentries++;
+ print_entry( ld, msg, attrsonly );
+ break;
+
+ case LDAP_RES_SEARCH_REFERENCE:
+ nreferences++;
+ print_reference( ld, msg );
+ break;
+
+ case LDAP_RES_EXTENDED:
+ nextended++;
+ print_extended( ld, msg );
+
+ if( ldap_msgid( msg ) == 0 ) {
+ /* unsolicited extended operation */
+ goto done;
+ }
+
+ if ( cancel_msgid != -1 &&
+ cancel_msgid == ldap_msgid( msg ) ) {
+ printf(_("Cancelled \n"));
+ printf(_("cancel_msgid = %d\n"), cancel_msgid);
+ goto done;
+ }
+ break;
+
+ case LDAP_RES_SEARCH_RESULT:
+ rc = print_result( ld, msg, 1 );
+#ifdef LDAP_CONTROL_PAGEDRESULTS
+ if ( pageSize != 0 ) {
+ if ( rc == LDAP_SUCCESS ) {
+ rc = parse_page_control( ld, msg, &page_cookie );
+ } else {
+ morePagedResults = 0;
+ }
+ } else {
+ morePagedResults = 0;
+ }
+#endif
+
+ if ( ldapsync == LDAP_SYNC_REFRESH_AND_PERSIST ) {
+ break;
+ }
+
+ goto done;
+
+ case LDAP_RES_INTERMEDIATE:
+ npartial++;
+ ldap_parse_intermediate( ld, msg,
+ &retoid, &retdata, NULL, 0 );
+
+ nresponses_psearch = 0;
+
+ if ( strcmp( retoid, LDAP_SYNC_INFO ) == 0 ) {
+ printf(_("SyncInfo Received\n"));
+ ldap_memfree( retoid );
+ ber_bvfree( retdata );
+ break;
+ }
+
+ print_partial( ld, msg );
+ ldap_memfree( retoid );
+ ber_bvfree( retdata );
+ goto done;
+ }
+
+ if ( ldapsync && sync_slimit != -1 &&
+ nresponses_psearch >= sync_slimit ) {
+ BerElement *msgidber = NULL;
+ struct berval *msgidvalp = NULL;
+ msgidber = ber_alloc_t(LBER_USE_DER);
+ ber_printf(msgidber, "{i}", msgid);
+ ber_flatten(msgidber, &msgidvalp);
+ ldap_extended_operation(ld, LDAP_EXOP_X_CANCEL,
+ msgidvalp, NULL, NULL, &cancel_msgid);
+ nresponses_psearch = -1;
+ }
+ }
+
+ ldap_msgfree( res );
+ }
+
+done:
+ if ( rc == -1 ) {
+ ldap_perror( ld, "ldap_result" );
+ return( rc );
+ }
+
+ ldap_msgfree( res );
+#ifdef LDAP_CONTROL_PAGEDRESULTS
+ if ( pagedResults ) {
+ npagedresponses += nresponses;
+ npagedentries += nentries;
+ npagedextended += nextended;
+ npagedpartial += npartial;
+ npagedreferences += nreferences;
+ if ( ( morePagedResults == 0 ) && ( ldif < 2 ) ) {
+ printf( _("\n# numResponses: %d\n"), npagedresponses );
+ if( npagedentries ) printf( _("# numEntries: %d\n"), npagedentries );
+ if( npagedextended ) printf( _("# numExtended: %d\n"), npagedextended );
+ if( npagedpartial ) printf( _("# numPartial: %d\n"), npagedpartial );
+ if( npagedreferences ) printf( _("# numReferences: %d\n"), npagedreferences );
+ }
+ } else
+#endif
+ if ( ldif < 2 ) {
+ printf( _("\n# numResponses: %d\n"), nresponses );
+ if( nentries ) printf( _("# numEntries: %d\n"), nentries );
+ if( nextended ) printf( _("# numExtended: %d\n"), nextended );
+ if( npartial ) printf( _("# numPartial: %d\n"), npartial );
+ if( nreferences ) printf( _("# numReferences: %d\n"), nreferences );
+ }
+
+ return( rc );
+}
+
+/* This is the proposed new way of doing things.
+ * It is more efficient, but the API is non-standard.
+ */
+static void
+print_entry(
+ LDAP *ld,
+ LDAPMessage *entry,
+ int attrsonly)
+{
+ char *ufn = NULL;
+ char tmpfname[ 256 ];
+ char url[ 256 ];
+ int i, rc;
+ BerElement *ber = NULL;
+ struct berval bv, *bvals, **bvp = &bvals;
+ LDAPControl **ctrls = NULL;
+ FILE *tmpfp;
+
+ rc = ldap_get_dn_ber( ld, entry, &ber, &bv );
+
+ if ( ldif < 2 ) {
+ ufn = ldap_dn2ufn( bv.bv_val );
+ write_ldif( LDIF_PUT_COMMENT, NULL, ufn, ufn ? strlen( ufn ) : 0 );
+ }
+ write_ldif( LDIF_PUT_VALUE, "dn", bv.bv_val, bv.bv_len );
+
+ rc = ldap_get_entry_controls( ld, entry, &ctrls );
+ if( rc != LDAP_SUCCESS ) {
+ fprintf(stderr, _("print_entry: %d\n"), rc );
+ ldap_perror( ld, "ldap_get_entry_controls" );
+ exit( EXIT_FAILURE );
+ }
+
+ if( ctrls ) {
+ print_ctrls( ctrls );
+ ldap_controls_free( ctrls );
+ }
+
+ if ( includeufn ) {
+ if( ufn == NULL ) {
+ ufn = ldap_dn2ufn( bv.bv_val );
+ }
+ write_ldif( LDIF_PUT_VALUE, "ufn", ufn, ufn ? strlen( ufn ) : 0 );
+ }
+
+ if( ufn != NULL ) ldap_memfree( ufn );
+
+ if ( attrsonly ) bvp = NULL;
+
+ for ( rc = ldap_get_attribute_ber( ld, entry, ber, &bv, bvp );
+ rc == LDAP_SUCCESS;
+ rc = ldap_get_attribute_ber( ld, entry, ber, &bv, bvp ) )
+ {
+ if (bv.bv_val == NULL) break;
+
+ if ( attrsonly ) {
+ write_ldif( LDIF_PUT_NOVALUE, bv.bv_val, NULL, 0 );
+
+ } else if ( bvals ) {
+ for ( i = 0; bvals[i].bv_val != NULL; i++ ) {
+ if ( vals2tmp > 1 || ( vals2tmp &&
+ ldif_is_not_printable( bvals[i].bv_val, bvals[i].bv_len )))
+ {
+ int tmpfd;
+ /* write value to file */
+ snprintf( tmpfname, sizeof tmpfname,
+ "%s" LDAP_DIRSEP "ldapsearch-%s-XXXXXX",
+ tmpdir, bv.bv_val );
+ tmpfp = NULL;
+
+ tmpfd = mkstemp( tmpfname );
+
+ if ( tmpfd < 0 ) {
+ perror( tmpfname );
+ continue;
+ }
+
+ if (( tmpfp = fdopen( tmpfd, "w")) == NULL ) {
+ perror( tmpfname );
+ continue;
+ }
+
+ if ( fwrite( bvals[ i ].bv_val,
+ bvals[ i ].bv_len, 1, tmpfp ) == 0 )
+ {
+ perror( tmpfname );
+ fclose( tmpfp );
+ continue;
+ }
+
+ fclose( tmpfp );
+
+ snprintf( url, sizeof url, "%s%s", urlpre,
+ &tmpfname[strlen(tmpdir) + sizeof(LDAP_DIRSEP) - 1] );
+
+ urlize( url );
+ write_ldif( LDIF_PUT_URL, bv.bv_val, url, strlen( url ));
+
+ } else {
+ write_ldif( LDIF_PUT_VALUE, bv.bv_val,
+ bvals[ i ].bv_val, bvals[ i ].bv_len );
+ }
+ }
+ ber_memfree( bvals );
+ }
+ }
+
+ if( ber != NULL ) {
+ ber_free( ber, 0 );
+ }
+}
+
+static void print_reference(
+ LDAP *ld,
+ LDAPMessage *reference )
+{
+ int rc;
+ char **refs = NULL;
+ LDAPControl **ctrls;
+
+ if( ldif < 2 ) {
+ printf(_("# search reference\n"));
+ }
+
+ rc = ldap_parse_reference( ld, reference, &refs, &ctrls, 0 );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror(ld, "ldap_parse_reference");
+ exit( EXIT_FAILURE );
+ }
+
+ if( refs ) {
+ int i;
+ for( i=0; refs[i] != NULL; i++ ) {
+ write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
+ "ref", refs[i], strlen(refs[i]) );
+ }
+ ber_memvfree( (void **) refs );
+ }
+
+ if( ctrls ) {
+ print_ctrls( ctrls );
+ ldap_controls_free( ctrls );
+ }
+}
+
+static void print_extended(
+ LDAP *ld,
+ LDAPMessage *extended )
+{
+ int rc;
+ char *retoid = NULL;
+ struct berval *retdata = NULL;
+
+ if( ldif < 2 ) {
+ printf(_("# extended result response\n"));
+ }
+
+ rc = ldap_parse_extended_result( ld, extended,
+ &retoid, &retdata, 0 );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror(ld, "ldap_parse_extended_result");
+ exit( EXIT_FAILURE );
+ }
+
+ if ( ldif < 2 ) {
+ write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
+ "extended", retoid, retoid ? strlen(retoid) : 0 );
+ }
+ ber_memfree( retoid );
+
+ if(retdata) {
+ if ( ldif < 2 ) {
+ write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_BINARY,
+ "data", retdata->bv_val, retdata->bv_len );
+ }
+ ber_bvfree( retdata );
+ }
+
+ print_result( ld, extended, 0 );
+}
+
+static void print_partial(
+ LDAP *ld,
+ LDAPMessage *partial )
+{
+ int rc;
+ char *retoid = NULL;
+ struct berval *retdata = NULL;
+ LDAPControl **ctrls = NULL;
+
+ if( ldif < 2 ) {
+ printf(_("# extended partial response\n"));
+ }
+
+ rc = ldap_parse_intermediate( ld, partial,
+ &retoid, &retdata, &ctrls, 0 );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror(ld, "ldap_parse_intermediate");
+ exit( EXIT_FAILURE );
+ }
+
+ if ( ldif < 2 ) {
+ write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
+ "partial", retoid, retoid ? strlen(retoid) : 0 );
+ }
+
+ ber_memfree( retoid );
+
+ if( retdata ) {
+ if ( ldif < 2 ) {
+ write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_BINARY,
+ "data", retdata->bv_val, retdata->bv_len );
+ }
+
+ ber_bvfree( retdata );
+ }
+
+ if( ctrls ) {
+ print_ctrls( ctrls );
+ ldap_controls_free( ctrls );
+ }
+}
+
+static int print_result(
+ LDAP *ld,
+ LDAPMessage *result, int search )
+{
+ int rc;
+ int err;
+ char *matcheddn = NULL;
+ char *text = NULL;
+ char **refs = NULL;
+ LDAPControl **ctrls = NULL;
+
+ if( search ) {
+ if ( ldif < 2 ) {
+ printf(_("# search result\n"));
+ }
+ if ( ldif < 1 ) {
+ printf("%s: %d\n", _("search"), ldap_msgid(result) );
+ }
+ }
+
+ rc = ldap_parse_result( ld, result,
+ &err, &matcheddn, &text, &refs, &ctrls, 0 );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror(ld, "ldap_parse_result");
+ exit( EXIT_FAILURE );
+ }
+
+
+ if( !ldif ) {
+ printf( _("result: %d %s\n"), err, ldap_err2string(err) );
+
+ } else if ( err != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s (%d)\n", ldap_err2string(err), err );
+ }
+
+ if( matcheddn ) {
+ if( *matcheddn ) {
+ if( !ldif ) {
+ write_ldif( LDIF_PUT_VALUE,
+ "matchedDN", matcheddn, strlen(matcheddn) );
+ } else {
+ fprintf( stderr, _("Matched DN: %s\n"), matcheddn );
+ }
+ }
+
+ ber_memfree( matcheddn );
+ }
+
+ if( text ) {
+ if( *text ) {
+ if( !ldif ) {
+ write_ldif( LDIF_PUT_TEXT, "text",
+ text, strlen(text) );
+ } else {
+ fprintf( stderr, _("Additional information: %s\n"), text );
+ }
+ }
+
+ ber_memfree( text );
+ }
+
+ if( refs ) {
+ int i;
+ for( i=0; refs[i] != NULL; i++ ) {
+ if( !ldif ) {
+ write_ldif( LDIF_PUT_VALUE, "ref", refs[i], strlen(refs[i]) );
+ } else {
+ fprintf( stderr, _("Referral: %s\n"), refs[i] );
+ }
+ }
+
+ ber_memvfree( (void **) refs );
+ }
+
+ if( ctrls ) {
+ print_ctrls( ctrls );
+ ldap_controls_free( ctrls );
+ }
+
+ return err;
+}
+
+static void print_ctrls(
+ LDAPControl **ctrls )
+{
+ int i;
+ for(i=0; ctrls[i] != NULL; i++ ) {
+ /* control: OID criticality base64value */
+ struct berval *b64 = NULL;
+ ber_len_t len;
+ char *str;
+
+ len = ldif ? 2 : 0;
+ len += strlen( ctrls[i]->ldctl_oid );
+
+ /* add enough for space after OID and the critical value itself */
+ len += ctrls[i]->ldctl_iscritical
+ ? sizeof("true") : sizeof("false");
+
+ /* convert to base64 */
+ if( ctrls[i]->ldctl_value.bv_len ) {
+ b64 = ber_memalloc( sizeof(struct berval) );
+
+ b64->bv_len = LUTIL_BASE64_ENCODE_LEN(
+ ctrls[i]->ldctl_value.bv_len ) + 1;
+ b64->bv_val = ber_memalloc( b64->bv_len + 1 );
+
+ b64->bv_len = lutil_b64_ntop(
+ (unsigned char *) ctrls[i]->ldctl_value.bv_val,
+ ctrls[i]->ldctl_value.bv_len,
+ b64->bv_val, b64->bv_len );
+ }
+
+ if( b64 ) {
+ len += 1 + b64->bv_len;
+ }
+
+ str = malloc( len + 1 );
+ if ( ldif ) {
+ strcpy( str, ": " );
+ } else {
+ str[0] = '\0';
+ }
+ strcat( str, ctrls[i]->ldctl_oid );
+ strcat( str, ctrls[i]->ldctl_iscritical
+ ? " true" : " false" );
+
+ if( b64 ) {
+ strcat(str, " ");
+ strcat(str, b64->bv_val );
+ }
+
+ if ( ldif < 2 ) {
+ write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
+ "control", str, len );
+ }
+
+ free( str );
+ ber_bvfree( b64 );
+ }
+}
+
+static int
+write_ldif( int type, char *name, char *value, ber_len_t vallen )
+{
+ char *ldif;
+
+ if (( ldif = ldif_put( type, name, value, vallen )) == NULL ) {
+ return( -1 );
+ }
+
+ fputs( ldif, stdout );
+ ber_memfree( ldif );
+
+ return( 0 );
+}
+
+
+#ifdef LDAP_CONTROL_PAGEDRESULTS
+static int
+parse_page_control(
+ LDAP *ld,
+ LDAPMessage *result,
+ struct berval *cookie )
+{
+ int rc;
+ int err;
+ LDAPControl **ctrl = NULL;
+ LDAPControl *ctrlp = NULL;
+ BerElement *ber;
+ ber_tag_t tag;
+
+ rc = ldap_parse_result( ld, result,
+ &err, NULL, NULL, NULL, &ctrl, 0 );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror(ld, "ldap_parse_result");
+ exit( EXIT_FAILURE );
+ }
+
+ if ( err != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s (%d)\n", ldap_err2string(err), err );
+ }
+
+ if ( ctrl ) {
+ /* There might be others, e.g. ppolicy... */
+ ctrlp = ldap_find_control( LDAP_CONTROL_PAGEDRESULTS, ctrl );
+ }
+
+ if ( ctrlp ) {
+ /* Parse the control value
+ * searchResult ::= SEQUENCE {
+ * size INTEGER (0..maxInt),
+ * -- result set size estimate from server - unused
+ * cookie OCTET STRING
+ * }
+ */
+ ctrlp = *ctrl;
+ ber = ber_init( &ctrlp->ldctl_value );
+ if ( ber == NULL ) {
+ fprintf( stderr, _("Internal error.\n") );
+ return EXIT_FAILURE;
+ }
+
+ tag = ber_scanf( ber, "{io}", &entriesLeft, cookie );
+ (void) ber_free( ber, 1 );
+
+ if( tag == LBER_ERROR ) {
+ fprintf( stderr,
+ _("Paged results response control could not be decoded.\n") );
+ return EXIT_FAILURE;
+ }
+
+ if( entriesLeft < 0 ) {
+ fprintf( stderr,
+ _("Invalid entries estimate in paged results response.\n") );
+ return EXIT_FAILURE;
+ }
+
+ if ( cookie->bv_len == 0 ) {
+ morePagedResults = 0;
+ }
+
+ ldap_controls_free( ctrl );
+
+ } else {
+ morePagedResults = 0;
+ }
+
+ return err;
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/clients/tools/ldapwhoami.c
===================================================================
--- openldap/vendor/openldap-2.3.35/clients/tools/ldapwhoami.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/clients/tools/ldapwhoami.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,246 @@
+/* ldapwhoami.c -- a tool for asking the directory "Who Am I?" */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapwhoami.c,v 1.33.2.5 2007/01/02 21:43:42 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * Portions Copyright 1998-2001 Net Boolean Incorporated.
+ * Portions Copyright 2001-2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission. This
+ * software is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by Kurt D. Zeilenga for inclusion
+ * in OpenLDAP Software based, in part, on other client tools.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include <ldap.h>
+#include "lutil.h"
+#include "lutil_ldap.h"
+#include "ldap_defaults.h"
+
+#include "common.h"
+
+
+void
+usage( void )
+{
+ fprintf( stderr, _("Issue LDAP Who am I? operation to request user's authzid\n\n"));
+ fprintf( stderr, _("usage: %s [options]\n"), prog);
+ tool_common_usage();
+ exit( EXIT_FAILURE );
+}
+
+
+const char options[] = ""
+ "d:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z";
+
+int
+handle_private_option( int i )
+{
+ switch ( i ) {
+#if 0
+ char *control, *cvalue;
+ int crit;
+ case 'E': /* whoami extension */
+ if( protocol == LDAP_VERSION2 ) {
+ fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
+ prog, protocol );
+ exit( EXIT_FAILURE );
+ }
+
+ /* should be extended to support comma separated list of
+ * [!]key[=value] parameters, e.g. -E !foo,bar=567
+ */
+
+ crit = 0;
+ cvalue = NULL;
+ if( optarg[0] == '!' ) {
+ crit = 1;
+ optarg++;
+ }
+
+ control = strdup( optarg );
+ if ( (cvalue = strchr( control, '=' )) != NULL ) {
+ *cvalue++ = '\0';
+ }
+
+ fprintf( stderr, _("Invalid whoami extension name: %s\n"), control );
+ usage();
+#endif
+
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+
+int
+main( int argc, char *argv[] )
+{
+ int rc;
+ char *user = NULL;
+
+ LDAP *ld = NULL;
+
+ char *matcheddn = NULL, *text = NULL, **refs = NULL;
+ char *retoid = NULL;
+ struct berval *retdata = NULL;
+ int id, code=0;
+ LDAPMessage *res;
+
+ tool_init();
+ prog = lutil_progname( "ldapwhoami", argc, argv );
+
+ /* LDAPv3 only */
+ protocol = LDAP_VERSION3;
+
+ tool_args( argc, argv );
+
+ if( argc - optind > 1 ) {
+ usage();
+ } else if ( argc - optind == 1 ) {
+ user = strdup( argv[optind] );
+ } else {
+ user = NULL;
+ }
+
+ if ( pw_file || want_bindpw ) {
+ if ( pw_file ) {
+ rc = lutil_get_filed_password( pw_file, &passwd );
+ if( rc ) return EXIT_FAILURE;
+ } else {
+ passwd.bv_val = getpassphrase( _("Enter LDAP Password: ") );
+ passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ }
+ }
+
+ ld = tool_conn_setup( 0, 0 );
+
+ tool_bind( ld );
+
+ if ( not ) {
+ rc = LDAP_SUCCESS;
+ goto skip;
+ }
+
+ if ( assertion || authzid || manageDSAit || noop ) {
+ tool_server_controls( ld, NULL, 0 );
+ }
+
+ rc = ldap_whoami( ld, NULL, NULL, &id );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_extended_operation" );
+ rc = EXIT_FAILURE;
+ goto skip;
+ }
+
+ for ( ; ; ) {
+ struct timeval tv;
+
+ if ( tool_check_abandon( ld, id ) ) {
+ return LDAP_CANCELLED;
+ }
+
+ tv.tv_sec = 0;
+ tv.tv_usec = 100000;
+
+ rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
+ if ( rc < 0 ) {
+ ldap_perror( ld, "ldapwhoami: ldap_result" );
+ return rc;
+ }
+
+ if ( rc != 0 ) {
+ break;
+ }
+ }
+
+ rc = ldap_parse_result( ld, res,
+ &code, &matcheddn, &text, &refs, NULL, 0 );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_parse_result" );
+ rc = EXIT_FAILURE;
+ goto skip;
+ }
+
+ rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_parse_result" );
+ rc = EXIT_FAILURE;
+ goto skip;
+ }
+
+ if( retdata != NULL ) {
+ if( retdata->bv_len == 0 ) {
+ printf(_("anonymous\n") );
+ } else {
+ printf("%s\n", retdata->bv_val );
+ }
+ }
+
+ if( verbose || ( code != LDAP_SUCCESS ) || matcheddn || text || refs ) {
+ printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code );
+
+ if( text && *text ) {
+ printf( _("Additional info: %s\n"), text );
+ }
+
+ if( matcheddn && *matcheddn ) {
+ printf( _("Matched DN: %s\n"), matcheddn );
+ }
+
+ if( refs ) {
+ int i;
+ for( i=0; refs[i]; i++ ) {
+ printf(_("Referral: %s\n"), refs[i] );
+ }
+ }
+ }
+
+ ber_memfree( text );
+ ber_memfree( matcheddn );
+ ber_memvfree( (void **) refs );
+ ber_memfree( retoid );
+ ber_bvfree( retdata );
+
+skip:
+ /* disconnect from server */
+ tool_unbind( ld );
+ tool_destroy();
+
+ return code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
+}
Added: openldap/vendor/openldap-2.3.35/configure
===================================================================
--- openldap/vendor/openldap-2.3.35/configure (rev 0)
+++ openldap/vendor/openldap-2.3.35/configure 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,47547 @@
+#! /bin/sh
+# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.560.2.32 2007/01/02 21:43:40 kurt Exp .
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.59.
+#
+# Copyright 1998-2007 The OpenLDAP Foundation. All rights reserved.
+# Restrictions apply, see COPYRIGHT and LICENSE files.
+#
+# Copyright (C) 2003 Free Software Foundation, Inc.
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## --------------------- ##
+## M4sh Initialization. ##
+## --------------------- ##
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
+ set -o posix
+fi
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+ as_unset=unset
+else
+ as_unset=false
+fi
+
+
+# Work around bugs in pre-3.0 UWIN ksh.
+$as_unset ENV MAIL MAILPATH
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+for as_var in \
+ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
+ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
+ LC_TELEPHONE LC_TIME
+do
+ if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
+ eval $as_var=C; export $as_var
+ else
+ $as_unset $as_var
+ fi
+done
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)$' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
+ /^X\/\(\/\/\)$/{ s//\1/; q; }
+ /^X\/\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+
+
+# PATH needs CR, and LINENO needs CR and PATH.
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+
+
+ as_lineno_1=$LINENO
+ as_lineno_2=$LINENO
+ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+ test "x$as_lineno_1" != "x$as_lineno_2" &&
+ test "x$as_lineno_3" = "x$as_lineno_2" || {
+ # Find who we are. Look in the path if we contain no path at all
+ # relative or not.
+ case $0 in
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+
+ ;;
+ esac
+ # We did not find ourselves, most probably we were run as `sh COMMAND'
+ # in which case we are not to be found in the path.
+ if test "x$as_myself" = x; then
+ as_myself=$0
+ fi
+ if test ! -f "$as_myself"; then
+ { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2
+ { (exit 1); exit 1; }; }
+ fi
+ case $CONFIG_SHELL in
+ '')
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for as_base in sh bash ksh sh5; do
+ case $as_dir in
+ /*)
+ if ("$as_dir/$as_base" -c '
+ as_lineno_1=$LINENO
+ as_lineno_2=$LINENO
+ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+ test "x$as_lineno_1" != "x$as_lineno_2" &&
+ test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then
+ $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
+ $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
+ CONFIG_SHELL=$as_dir/$as_base
+ export CONFIG_SHELL
+ exec "$CONFIG_SHELL" "$0" ${1+"$@"}
+ fi;;
+ esac
+ done
+done
+;;
+ esac
+
+ # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+ # uniformly replaced by the line number. The first 'sed' inserts a
+ # line-number line before each line; the second 'sed' does the real
+ # work. The second script uses 'N' to pair each line-number line
+ # with the numbered line, and appends trailing '-' during
+ # substitution so that $LINENO is not a special case at line end.
+ # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+ # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-)
+ sed '=' <$as_myself |
+ sed '
+ N
+ s,$,-,
+ : loop
+ s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
+ t loop
+ s,-$,,
+ s,^['$as_cr_digits']*\n,,
+ ' >$as_me.lineno &&
+ chmod +x $as_me.lineno ||
+ { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+ { (exit 1); exit 1; }; }
+
+ # Don't try to exec as it changes $[0], causing all sort of problems
+ # (the dirname of $[0] is not the place where we might find the
+ # original and so on. Autoconf is especially sensible to this).
+ . ./$as_me.lineno
+ # Exit status is that of the last command.
+ exit
+}
+
+
+case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
+ *c*,-n*) ECHO_N= ECHO_C='
+' ECHO_T=' ' ;;
+ *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;;
+ *) ECHO_N= ECHO_C='\c' ECHO_T= ;;
+esac
+
+if expr a : '\(a\)' >/dev/null 2>&1; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+echo >conf$$.file
+if ln -s conf$$.file conf$$ 2>/dev/null; then
+ # We could just check for DJGPP; but this test a) works b) is more generic
+ # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
+ if test -f conf$$.exe; then
+ # Don't use ln at all; we don't have any links
+ as_ln_s='cp -p'
+ else
+ as_ln_s='ln -s'
+ fi
+elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.file
+
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p=:
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+as_executable_p="test -f"
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.
+as_nl='
+'
+IFS=" $as_nl"
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$ECHO in
+X*--fallback-echo)
+ # Remove one level of quotation (which was required for Make).
+ ECHO=`echo "$ECHO" | sed 's,\\\\\$\\$0,'$0','`
+ ;;
+esac
+
+echo=${ECHO-echo}
+if test "X$1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X$1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then
+ # Yippee, $echo works!
+ :
+else
+ # Restart under the correct shell.
+ exec $SHELL "$0" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<EOF
+$*
+EOF
+ exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$ECHO"; then
+if test "X${echo_test_string+set}" != Xset; then
+# find a string as large as possible, as long as the shell can cope with it
+ for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
+ # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+ if (echo_test_string=`eval $cmd`) 2>/dev/null &&
+ echo_test_string=`eval $cmd` &&
+ (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null
+ then
+ break
+ fi
+ done
+fi
+
+if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ :
+else
+ # The Solaris, AIX, and Digital Unix default echo programs unquote
+ # backslashes. This makes it impossible to quote backslashes using
+ # echo "$something" | sed 's/\\/\\\\/g'
+ #
+ # So, first we look for a working echo in the user's PATH.
+
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for dir in $PATH /usr/ucb; do
+ IFS="$lt_save_ifs"
+ if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+ test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ echo="$dir/echo"
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ if test "X$echo" = Xecho; then
+ # We didn't find a better echo, so look for alternatives.
+ if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # This shell has a builtin print -r that does the trick.
+ echo='print -r'
+ elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
+ test "X$CONFIG_SHELL" != X/bin/ksh; then
+ # If we have ksh, try running configure again with it.
+ ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+ export ORIGINAL_CONFIG_SHELL
+ CONFIG_SHELL=/bin/ksh
+ export CONFIG_SHELL
+ exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"}
+ else
+ # Try using printf.
+ echo='printf %s\n'
+ if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # Cool, printf works
+ :
+ elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+ export CONFIG_SHELL
+ SHELL="$CONFIG_SHELL"
+ export SHELL
+ echo="$CONFIG_SHELL $0 --fallback-echo"
+ elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ echo="$CONFIG_SHELL $0 --fallback-echo"
+ else
+ # maybe with a smaller string...
+ prev=:
+
+ for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
+ if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null
+ then
+ break
+ fi
+ prev="$cmd"
+ done
+
+ if test "$prev" != 'sed 50q "$0"'; then
+ echo_test_string=`eval $prev`
+ export echo_test_string
+ exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"}
+ else
+ # Oops. We lost completely, so just stick with echo.
+ echo=echo
+ fi
+ fi
+ fi
+ fi
+fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+ECHO=$echo
+if test "X$ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then
+ ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo"
+fi
+
+
+
+
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+exec 6>&1
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_config_libobj_dir=.
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+# Maximum number of lines to put in a shell here document.
+# This variable seems obsolete. It should probably be removed, and
+# only ac_max_sed_lines should be used.
+: ${ac_max_here_lines=38}
+
+# Identity of this package.
+PACKAGE_NAME=
+PACKAGE_TARNAME=
+PACKAGE_VERSION=
+PACKAGE_STRING=
+PACKAGE_BUGREPORT=
+
+ac_unique_file="OpenLDAP"
+ac_unique_file="build/version.sh"
+ac_default_prefix=/usr/local
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#if HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#if HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#if STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# if HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif
+#if HAVE_STRING_H
+# if !STDC_HEADERS && HAVE_MEMORY_H
+# include <memory.h>
+# endif
+# include <string.h>
+#endif
+#if HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#if HAVE_INTTYPES_H
+# include <inttypes.h>
+#else
+# if HAVE_STDINT_H
+# include <stdint.h>
+# endif
+#endif
+#if HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar OPENLDAP_LIBRELEASE OPENLDAP_LIBVERSION OPENLDAP_RELEASE_DATE top_builddir ldap_subdir CC AR CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO ac_ct_AR RANLIB ac_ct_RANLIB DLLTOOL ac_ct_DLLTOOL AS ac_ct_AS OBJDUMP ac_ct_OBJDUMP CPP LIBTOOL PERLBIN OL_MKDEP OL_MKDEP_FLAGS LTSTATIC LIBOBJS LIBSRCS PLAT WITH_SASL WITH_TLS WITH_MODULES_ENABLED WITH_ACI_ENABLED BUILD_THREAD BUILD_LIBS_DYNAMIC BUILD_SLAPD BUILD_SLAPI SLAPD_SLAPI_DEPEND BUILD_BDB BUILD_DNSSRV BUILD_HDB BUILD_LDAP BUILD_LDBM BUILD_META BUILD_MONITOR BUILD_NULL BUILD_PASSWD BUILD_RELAY BUILD_PERL BUILD_SHELL BUILD_SQL BUILD_ACCESSLOG BUILD_AUDITLOG BUILD_DENYOP BUILD_DYNGROUP BUILD_DYNLIST BUILD_LASTMOD BUILD_PPOLICY BUILD_PROXYCACHE BUILD_REFINT BUILD_RETCODE BUILD_RWM BUILD_SYNCPROV BUILD_TRANSLUCENT BUILD_UNIQUE BUILD_VALSORT BUILD_SLURPD LDAP_LIBS SLAPD_LIBS SLURPD_LIBS LDBM_LIBS LTHREAD_LIBS LUTIL_LIBS WRAP_LIBS SLAPD_MODULES_CPPFLAGS SLAPD_MODULES_LDFLAGS SLAPD_NO_STATIC SLAPD_STATIC_BACKENDS SLAPD_DYNAMIC_BACKENDS SLAPD_STATIC_OVERLAYS SLAPD_DYNAMIC_OVERLAYS PERL_CPPFLAGS SLAPD_PERL_LDFLAGS MOD_PERL_LDFLAGS KRB4_LIBS KRB5_LIBS SASL_LIBS TLS_LIBS MODULES_LIBS SLAPI_LIBS LIBSLAPI LIBSLAPITOOLS AUTH_LIBS SLAPD_SLP_LIBS SLAPD_GMP_LIBS SLAPD_SQL_LDFLAGS SLAPD_SQL_LIBS SLAPD_SQL_INCLUDES LTLIBOBJS'
+ac_subst_files=''
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datadir='${prefix}/share'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+libdir='${exec_prefix}/lib'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+infodir='${prefix}/info'
+mandir='${prefix}/man'
+
+ac_prev=
+for ac_option
+do
+ # If the previous option needs an argument, assign it.
+ if test -n "$ac_prev"; then
+ eval "$ac_prev=\$ac_option"
+ ac_prev=
+ continue
+ fi
+
+ ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'`
+
+ # Accept the important Cygnus configure options, so we can diagnose typos.
+
+ case $ac_option in
+
+ -bindir | --bindir | --bindi | --bind | --bin | --bi)
+ ac_prev=bindir ;;
+ -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+ bindir=$ac_optarg ;;
+
+ -build | --build | --buil | --bui | --bu)
+ ac_prev=build_alias ;;
+ -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+ build_alias=$ac_optarg ;;
+
+ -cache-file | --cache-file | --cache-fil | --cache-fi \
+ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+ ac_prev=cache_file ;;
+ -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+ cache_file=$ac_optarg ;;
+
+ --config-cache | -C)
+ cache_file=config.cache ;;
+
+ -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
+ ac_prev=datadir ;;
+ -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
+ | --da=*)
+ datadir=$ac_optarg ;;
+
+ -disable-* | --disable-*)
+ ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+ { echo "$as_me: error: invalid feature name: $ac_feature" >&2
+ { (exit 1); exit 1; }; }
+ ac_feature=`echo $ac_feature | sed 's/-/_/g'`
+ eval "enable_$ac_feature=no" ;;
+
+ -enable-* | --enable-*)
+ ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+ { echo "$as_me: error: invalid feature name: $ac_feature" >&2
+ { (exit 1); exit 1; }; }
+ ac_feature=`echo $ac_feature | sed 's/-/_/g'`
+ case $ac_option in
+ *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
+ *) ac_optarg=yes ;;
+ esac
+ eval "enable_$ac_feature='$ac_optarg'" ;;
+
+ -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+ | --exec | --exe | --ex)
+ ac_prev=exec_prefix ;;
+ -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+ | --exec=* | --exe=* | --ex=*)
+ exec_prefix=$ac_optarg ;;
+
+ -gas | --gas | --ga | --g)
+ # Obsolete; use --with-gas.
+ with_gas=yes ;;
+
+ -help | --help | --hel | --he | -h)
+ ac_init_help=long ;;
+ -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+ ac_init_help=recursive ;;
+ -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+ ac_init_help=short ;;
+
+ -host | --host | --hos | --ho)
+ ac_prev=host_alias ;;
+ -host=* | --host=* | --hos=* | --ho=*)
+ host_alias=$ac_optarg ;;
+
+ -includedir | --includedir | --includedi | --included | --include \
+ | --includ | --inclu | --incl | --inc)
+ ac_prev=includedir ;;
+ -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+ | --includ=* | --inclu=* | --incl=* | --inc=*)
+ includedir=$ac_optarg ;;
+
+ -infodir | --infodir | --infodi | --infod | --info | --inf)
+ ac_prev=infodir ;;
+ -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+ infodir=$ac_optarg ;;
+
+ -libdir | --libdir | --libdi | --libd)
+ ac_prev=libdir ;;
+ -libdir=* | --libdir=* | --libdi=* | --libd=*)
+ libdir=$ac_optarg ;;
+
+ -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+ | --libexe | --libex | --libe)
+ ac_prev=libexecdir ;;
+ -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+ | --libexe=* | --libex=* | --libe=*)
+ libexecdir=$ac_optarg ;;
+
+ -localstatedir | --localstatedir | --localstatedi | --localstated \
+ | --localstate | --localstat | --localsta | --localst \
+ | --locals | --local | --loca | --loc | --lo)
+ ac_prev=localstatedir ;;
+ -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+ | --localstate=* | --localstat=* | --localsta=* | --localst=* \
+ | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
+ localstatedir=$ac_optarg ;;
+
+ -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+ ac_prev=mandir ;;
+ -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+ mandir=$ac_optarg ;;
+
+ -nfp | --nfp | --nf)
+ # Obsolete; use --without-fp.
+ with_fp=no ;;
+
+ -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+ | --no-cr | --no-c | -n)
+ no_create=yes ;;
+
+ -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+ no_recursion=yes ;;
+
+ -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+ | --oldin | --oldi | --old | --ol | --o)
+ ac_prev=oldincludedir ;;
+ -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+ oldincludedir=$ac_optarg ;;
+
+ -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+ ac_prev=prefix ;;
+ -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+ prefix=$ac_optarg ;;
+
+ -program-prefix | --program-prefix | --program-prefi | --program-pref \
+ | --program-pre | --program-pr | --program-p)
+ ac_prev=program_prefix ;;
+ -program-prefix=* | --program-prefix=* | --program-prefi=* \
+ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+ program_prefix=$ac_optarg ;;
+
+ -program-suffix | --program-suffix | --program-suffi | --program-suff \
+ | --program-suf | --program-su | --program-s)
+ ac_prev=program_suffix ;;
+ -program-suffix=* | --program-suffix=* | --program-suffi=* \
+ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+ program_suffix=$ac_optarg ;;
+
+ -program-transform-name | --program-transform-name \
+ | --program-transform-nam | --program-transform-na \
+ | --program-transform-n | --program-transform- \
+ | --program-transform | --program-transfor \
+ | --program-transfo | --program-transf \
+ | --program-trans | --program-tran \
+ | --progr-tra | --program-tr | --program-t)
+ ac_prev=program_transform_name ;;
+ -program-transform-name=* | --program-transform-name=* \
+ | --program-transform-nam=* | --program-transform-na=* \
+ | --program-transform-n=* | --program-transform-=* \
+ | --program-transform=* | --program-transfor=* \
+ | --program-transfo=* | --program-transf=* \
+ | --program-trans=* | --program-tran=* \
+ | --progr-tra=* | --program-tr=* | --program-t=*)
+ program_transform_name=$ac_optarg ;;
+
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ silent=yes ;;
+
+ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+ ac_prev=sbindir ;;
+ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+ | --sbi=* | --sb=*)
+ sbindir=$ac_optarg ;;
+
+ -sharedstatedir | --sharedstatedir | --sharedstatedi \
+ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+ | --sharedst | --shareds | --shared | --share | --shar \
+ | --sha | --sh)
+ ac_prev=sharedstatedir ;;
+ -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+ | --sha=* | --sh=*)
+ sharedstatedir=$ac_optarg ;;
+
+ -site | --site | --sit)
+ ac_prev=site ;;
+ -site=* | --site=* | --sit=*)
+ site=$ac_optarg ;;
+
+ -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+ ac_prev=srcdir ;;
+ -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+ srcdir=$ac_optarg ;;
+
+ -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+ | --syscon | --sysco | --sysc | --sys | --sy)
+ ac_prev=sysconfdir ;;
+ -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+ sysconfdir=$ac_optarg ;;
+
+ -target | --target | --targe | --targ | --tar | --ta | --t)
+ ac_prev=target_alias ;;
+ -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+ target_alias=$ac_optarg ;;
+
+ -v | -verbose | --verbose | --verbos | --verbo | --verb)
+ verbose=yes ;;
+
+ -version | --version | --versio | --versi | --vers | -V)
+ ac_init_version=: ;;
+
+ -with-* | --with-*)
+ ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+ { echo "$as_me: error: invalid package name: $ac_package" >&2
+ { (exit 1); exit 1; }; }
+ ac_package=`echo $ac_package| sed 's/-/_/g'`
+ case $ac_option in
+ *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
+ *) ac_optarg=yes ;;
+ esac
+ eval "with_$ac_package='$ac_optarg'" ;;
+
+ -without-* | --without-*)
+ ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+ { echo "$as_me: error: invalid package name: $ac_package" >&2
+ { (exit 1); exit 1; }; }
+ ac_package=`echo $ac_package | sed 's/-/_/g'`
+ eval "with_$ac_package=no" ;;
+
+ --x)
+ # Obsolete; use --with-x.
+ with_x=yes ;;
+
+ -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+ | --x-incl | --x-inc | --x-in | --x-i)
+ ac_prev=x_includes ;;
+ -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+ x_includes=$ac_optarg ;;
+
+ -x-libraries | --x-libraries | --x-librarie | --x-librari \
+ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+ ac_prev=x_libraries ;;
+ -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+ x_libraries=$ac_optarg ;;
+
+ -*) { echo "$as_me: error: unrecognized option: $ac_option
+Try \`$0 --help' for more information." >&2
+ { (exit 1); exit 1; }; }
+ ;;
+
+ *=*)
+ ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
+ { echo "$as_me: error: invalid variable name: $ac_envvar" >&2
+ { (exit 1); exit 1; }; }
+ ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`
+ eval "$ac_envvar='$ac_optarg'"
+ export $ac_envvar ;;
+
+ *)
+ # FIXME: should be removed in autoconf 3.0.
+ echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+ echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+ ;;
+
+ esac
+done
+
+if test -n "$ac_prev"; then
+ ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+ { echo "$as_me: error: missing argument to $ac_option" >&2
+ { (exit 1); exit 1; }; }
+fi
+
+# Be sure to have absolute paths.
+for ac_var in exec_prefix prefix
+do
+ eval ac_val=$`echo $ac_var`
+ case $ac_val in
+ [\\/$]* | ?:[\\/]* | NONE | '' ) ;;
+ *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+ { (exit 1); exit 1; }; };;
+ esac
+done
+
+# Be sure to have absolute paths.
+for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \
+ localstatedir libdir includedir oldincludedir infodir mandir
+do
+ eval ac_val=$`echo $ac_var`
+ case $ac_val in
+ [\\/$]* | ?:[\\/]* ) ;;
+ *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+ { (exit 1); exit 1; }; };;
+ esac
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+ if test "x$build_alias" = x; then
+ cross_compiling=maybe
+ echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
+ If a cross compiler is detected then cross compile mode will be used." >&2
+ elif test "x$build_alias" != "x$host_alias"; then
+ cross_compiling=yes
+ fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+ ac_srcdir_defaulted=yes
+ # Try the directory containing this script, then its parent.
+ ac_confdir=`(dirname "$0") 2>/dev/null ||
+$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$0" : 'X\(//\)[^/]' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$0" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ srcdir=$ac_confdir
+ if test ! -r $srcdir/$ac_unique_file; then
+ srcdir=..
+ fi
+else
+ ac_srcdir_defaulted=no
+fi
+if test ! -r $srcdir/$ac_unique_file; then
+ if test "$ac_srcdir_defaulted" = yes; then
+ { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2
+ { (exit 1); exit 1; }; }
+ else
+ { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
+ { (exit 1); exit 1; }; }
+ fi
+fi
+(cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null ||
+ { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2
+ { (exit 1); exit 1; }; }
+srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'`
+ac_env_build_alias_set=${build_alias+set}
+ac_env_build_alias_value=$build_alias
+ac_cv_env_build_alias_set=${build_alias+set}
+ac_cv_env_build_alias_value=$build_alias
+ac_env_host_alias_set=${host_alias+set}
+ac_env_host_alias_value=$host_alias
+ac_cv_env_host_alias_set=${host_alias+set}
+ac_cv_env_host_alias_value=$host_alias
+ac_env_target_alias_set=${target_alias+set}
+ac_env_target_alias_value=$target_alias
+ac_cv_env_target_alias_set=${target_alias+set}
+ac_cv_env_target_alias_value=$target_alias
+ac_env_CC_set=${CC+set}
+ac_env_CC_value=$CC
+ac_cv_env_CC_set=${CC+set}
+ac_cv_env_CC_value=$CC
+ac_env_CFLAGS_set=${CFLAGS+set}
+ac_env_CFLAGS_value=$CFLAGS
+ac_cv_env_CFLAGS_set=${CFLAGS+set}
+ac_cv_env_CFLAGS_value=$CFLAGS
+ac_env_LDFLAGS_set=${LDFLAGS+set}
+ac_env_LDFLAGS_value=$LDFLAGS
+ac_cv_env_LDFLAGS_set=${LDFLAGS+set}
+ac_cv_env_LDFLAGS_value=$LDFLAGS
+ac_env_CPPFLAGS_set=${CPPFLAGS+set}
+ac_env_CPPFLAGS_value=$CPPFLAGS
+ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set}
+ac_cv_env_CPPFLAGS_value=$CPPFLAGS
+ac_env_CPP_set=${CPP+set}
+ac_env_CPP_value=$CPP
+ac_cv_env_CPP_set=${CPP+set}
+ac_cv_env_CPP_value=$CPP
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+ # Omit some internal or obsolete options to make the list less imposing.
+ # This message is too long to be a string in the A/UX 3.1 sh.
+ cat <<_ACEOF
+\`configure' configures this package to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE. See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+ -h, --help display this help and exit
+ --help=short display options specific to this package
+ --help=recursive display the short help of all the included packages
+ -V, --version display version information and exit
+ -q, --quiet, --silent do not print \`checking...' messages
+ --cache-file=FILE cache test results in FILE [disabled]
+ -C, --config-cache alias for \`--cache-file=config.cache'
+ -n, --no-create do not create output files
+ --srcdir=DIR find the sources in DIR [configure dir or \`..']
+
+_ACEOF
+
+ cat <<_ACEOF
+Installation directories:
+ --prefix=PREFIX install architecture-independent files in PREFIX
+ [$ac_default_prefix]
+ --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+ [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+ --bindir=DIR user executables [EPREFIX/bin]
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+ --datadir=DIR read-only architecture-independent data [PREFIX/share]
+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+ --includedir=DIR C header files [PREFIX/include]
+ --oldincludedir=DIR C header files for non-gcc [/usr/include]
+ --infodir=DIR info documentation [PREFIX/info]
+ --mandir=DIR man documentation [PREFIX/man]
+_ACEOF
+
+ cat <<\_ACEOF
+
+Program names:
+ --program-prefix=PREFIX prepend PREFIX to installed program names
+ --program-suffix=SUFFIX append SUFFIX to installed program names
+ --program-transform-name=PROGRAM run sed PROGRAM on installed program names
+
+System types:
+ --build=BUILD configure for building on BUILD [guessed]
+ --host=HOST cross-compile to build programs to run on HOST [BUILD]
+ --target=TARGET configure for building compilers for TARGET [HOST]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+
+ cat <<\_ACEOF
+
+Optional Features:
+ --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
+ --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+ --enable-debug enable debugging [yes]
+ --enable-dynamic enable linking built binaries with dynamic libs [no]
+ --enable-syslog enable syslog support [auto]
+ --enable-proctitle enable proctitle support [yes]
+ --enable-ipv6 enable IPv6 support [auto]
+ --enable-local enable AF_LOCAL (AF_UNIX) socket support [auto]
+
+SLAPD (Standalone LDAP Daemon) Options:
+ --enable-slapd enable building slapd [yes]
+ --enable-aci enable per-object ACIs (experimental) [no]
+ --enable-cleartext enable cleartext passwords [yes]
+ --enable-crypt enable crypt(3) passwords [no]
+ --enable-lmpasswd enable LAN Manager passwords [no]
+ --enable-spasswd enable (Cyrus) SASL password verification [no]
+ --enable-modules enable dynamic module support [no]
+ --enable-rewrite enable DN rewriting in back-ldap and rwm overlay [auto]
+ --enable-rlookups enable reverse lookups of client hostnames [no]
+ --enable-slapi enable SLAPI support (experimental) [no]
+ --enable-slp enable SLPv2 support [no]
+ --enable-wrappers enable tcp wrapper support [no]
+
+SLAPD Backend Options:
+ --enable-backends enable all available backends no|yes|mod
+ --enable-bdb enable Berkeley DB backend no|yes|mod [yes]
+ --enable-dnssrv enable dnssrv backend no|yes|mod [no]
+ --enable-hdb enable Hierarchical DB backend no|yes|mod [yes]
+ --enable-ldap enable ldap backend no|yes|mod [no]
+ --enable-ldbm enable ldbm backend no|yes|mod [no]
+ --enable-ldbm-api use LDBM API auto|berkeley|bcompat|mdbm|gdbm [auto]
+ --enable-ldbm-type use LDBM type auto|btree|hash [auto]
+ --enable-meta enable metadirectory backend no|yes|mod [no]
+ --enable-monitor enable monitor backend no|yes|mod [yes]
+ --enable-null enable null backend no|yes|mod [no]
+ --enable-passwd enable passwd backend no|yes|mod [no]
+ --enable-perl enable perl backend no|yes|mod [no]
+ --enable-relay enable relay backend no|yes|mod [yes]
+ --enable-shell enable shell backend no|yes|mod [no]
+ --enable-sql enable sql backend no|yes|mod [no]
+
+SLAPD Overlay Options:
+ --enable-overlays enable all available overlays no|yes|mod
+ --enable-accesslog In-Directory Access Logging overlay no|yes|mod [no]
+ --enable-auditlog Audit Logging overlay no|yes|mod [no]
+ --enable-denyop Deny Operation overlay no|yes|mod [no]
+ --enable-dyngroup Dynamic Group overlay no|yes|mod [no]
+ --enable-dynlist Dynamic List overlay no|yes|mod [no]
+ --enable-lastmod Last Modification overlay no|yes|mod [no]
+ --enable-ppolicy Password Policy overlay no|yes|mod [no]
+ --enable-proxycache Proxy Cache overlay no|yes|mod [no]
+ --enable-refint Referential Integrity overlay no|yes|mod [no]
+ --enable-retcode Return Code testing overlay no|yes|mod [no]
+ --enable-rwm Rewrite/Remap overlay no|yes|mod [no]
+ --enable-syncprov Syncrepl Provider overlay no|yes|mod [yes]
+ --enable-translucent Translucent Proxy overlay no|yes|mod [no]
+ --enable-unique Attribute Uniqueness overlay no|yes|mod [no]
+ --enable-valsort Value Sorting overlay no|yes|mod [no]
+
+SLURPD (Replication Daemon) Options:
+ --enable-slurpd enable building slurpd [auto]
+
+Library Generation & Linking Options
+ --enable-static[=PKGS]
+ build static libraries [default=yes]
+ --enable-shared[=PKGS]
+ build shared libraries [default=yes]
+ --enable-fast-install[=PKGS]
+ optimize for fast installation [default=yes]
+ --disable-dependency-tracking speeds up one-time build
+ --enable-dependency-tracking do not reject slow dependency extractors
+ --disable-libtool-lock avoid locking (might break parallel builds)
+
+Optional Packages:
+ --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --with-subdir=DIR change default subdirectory used for installs
+ --with-cyrus-sasl with Cyrus SASL support [auto]
+ --with-fetch with fetch(3) URL support [auto]
+ --with-threads with threads [auto]
+ --with-tls with TLS/SSL support [auto]
+ --with-yielding-select with implicitly yielding select [auto]
+ --with-mp with multiple precision statistics auto|longlong|long|bignum|gmp [auto]
+ --with-odbc with specific ODBC support iodbc|unixodbc|auto [auto]
+
+ --with-gnu-ld assume the C compiler uses GNU ld [default=no]
+ --with-pic try to use only PIC/non-PIC objects [default=use
+ both]
+ --with-tags[=TAGS]
+ include additional configurations [automatic]
+
+See INSTALL file for further details.
+
+Some influential environment variables:
+ CC C compiler command
+ CFLAGS C compiler flags
+ LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
+ nonstandard directory <lib dir>
+ CPPFLAGS C/C++ preprocessor flags, e.g. -I<include dir> if you have
+ headers in a nonstandard directory <include dir>
+ CPP C preprocessor
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+_ACEOF
+fi
+
+if test "$ac_init_help" = "recursive"; then
+ # If there are subdirs, report their specific --help.
+ ac_popdir=`pwd`
+ for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+ test -d $ac_dir || continue
+ ac_builddir=.
+
+if test "$ac_dir" != .; then
+ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+ # A "../" for each directory in $ac_dir_suffix.
+ ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
+else
+ ac_dir_suffix= ac_top_builddir=
+fi
+
+case $srcdir in
+ .) # No --srcdir option. We are building in place.
+ ac_srcdir=.
+ if test -z "$ac_top_builddir"; then
+ ac_top_srcdir=.
+ else
+ ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
+ fi ;;
+ [\\/]* | ?:[\\/]* ) # Absolute path.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir ;;
+ *) # Relative path.
+ ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_builddir$srcdir ;;
+esac
+
+# Do not use `cd foo && pwd` to compute absolute paths, because
+# the directories may not exist.
+case `pwd` in
+.) ac_abs_builddir="$ac_dir";;
+*)
+ case "$ac_dir" in
+ .) ac_abs_builddir=`pwd`;;
+ [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
+ *) ac_abs_builddir=`pwd`/"$ac_dir";;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_builddir=${ac_top_builddir}.;;
+*)
+ case ${ac_top_builddir}. in
+ .) ac_abs_top_builddir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
+ *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_srcdir=$ac_srcdir;;
+*)
+ case $ac_srcdir in
+ .) ac_abs_srcdir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
+ *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_srcdir=$ac_top_srcdir;;
+*)
+ case $ac_top_srcdir in
+ .) ac_abs_top_srcdir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
+ *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
+ esac;;
+esac
+
+ cd $ac_dir
+ # Check for guested configure; otherwise get Cygnus style configure.
+ if test -f $ac_srcdir/configure.gnu; then
+ echo
+ $SHELL $ac_srcdir/configure.gnu --help=recursive
+ elif test -f $ac_srcdir/configure; then
+ echo
+ $SHELL $ac_srcdir/configure --help=recursive
+ elif test -f $ac_srcdir/configure.ac ||
+ test -f $ac_srcdir/configure.in; then
+ echo
+ $ac_configure --help
+ else
+ echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ fi
+ cd $ac_popdir
+ done
+fi
+
+test -n "$ac_init_help" && exit 0
+if $ac_init_version; then
+ cat <<\_ACEOF
+
+Copyright (C) 2003 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+
+Copyright 1998-2007 The OpenLDAP Foundation. All rights reserved.
+Restrictions apply, see COPYRIGHT and LICENSE files.
+_ACEOF
+ exit 0
+fi
+exec 5>config.log
+cat >&5 <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by $as_me, which was
+generated by GNU Autoconf 2.59. Invocation command line was
+
+ $ $0 $@
+
+_ACEOF
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
+
+/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+hostinfo = `(hostinfo) 2>/dev/null || echo unknown`
+/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
+/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ echo "PATH: $as_dir"
+done
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_sep=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+ for ac_arg
+ do
+ case $ac_arg in
+ -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ continue ;;
+ *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
+ ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ case $ac_pass in
+ 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
+ 2)
+ ac_configure_args1="$ac_configure_args1 '$ac_arg'"
+ if test $ac_must_keep_next = true; then
+ ac_must_keep_next=false # Got value, back to normal.
+ else
+ case $ac_arg in
+ *=* | --config-cache | -C | -disable-* | --disable-* \
+ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+ | -with-* | --with-* | -without-* | --without-* | --x)
+ case "$ac_configure_args0 " in
+ "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+ esac
+ ;;
+ -* ) ac_must_keep_next=true ;;
+ esac
+ fi
+ ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'"
+ # Get rid of the leading space.
+ ac_sep=" "
+ ;;
+ esac
+ done
+done
+$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
+$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log. We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Be sure not to use single quotes in there, as some shells,
+# such as our DU 5.0 friend, will then `close' the trap.
+trap 'exit_status=$?
+ # Save into config.log some information that might help in debugging.
+ {
+ echo
+
+ cat <<\_ASBOX
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+_ASBOX
+ echo
+ # The following way of writing the cache mishandles newlines in values,
+{
+ (set) 2>&1 |
+ case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in
+ *ac_space=\ *)
+ sed -n \
+ "s/'"'"'/'"'"'\\\\'"'"''"'"'/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p"
+ ;;
+ *)
+ sed -n \
+ "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
+ ;;
+ esac;
+}
+ echo
+
+ cat <<\_ASBOX
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+_ASBOX
+ echo
+ for ac_var in $ac_subst_vars
+ do
+ eval ac_val=$`echo $ac_var`
+ echo "$ac_var='"'"'$ac_val'"'"'"
+ done | sort
+ echo
+
+ if test -n "$ac_subst_files"; then
+ cat <<\_ASBOX
+## ------------- ##
+## Output files. ##
+## ------------- ##
+_ASBOX
+ echo
+ for ac_var in $ac_subst_files
+ do
+ eval ac_val=$`echo $ac_var`
+ echo "$ac_var='"'"'$ac_val'"'"'"
+ done | sort
+ echo
+ fi
+
+ if test -s confdefs.h; then
+ cat <<\_ASBOX
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+_ASBOX
+ echo
+ sed "/^$/d" confdefs.h | sort
+ echo
+ fi
+ test "$ac_signal" != 0 &&
+ echo "$as_me: caught signal $ac_signal"
+ echo "$as_me: exit $exit_status"
+ } >&5
+ rm -f core *.core &&
+ rm -rf conftest* confdefs* conf$$* $ac_clean_files &&
+ exit $exit_status
+ ' 0
+for ac_signal in 1 2 13 15; do
+ trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -rf conftest* confdefs.h
+# AIX cpp loses on an empty file, so make sure it contains at least a newline.
+echo >confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer explicitly selected file to automatically selected ones.
+if test -z "$CONFIG_SITE"; then
+ if test "x$prefix" != xNONE; then
+ CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
+ else
+ CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
+ fi
+fi
+for ac_site_file in $CONFIG_SITE; do
+ if test -r "$ac_site_file"; then
+ { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
+echo "$as_me: loading site script $ac_site_file" >&6;}
+ sed 's/^/| /' "$ac_site_file" >&5
+ . "$ac_site_file"
+ fi
+done
+
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in `(set) 2>&1 |
+ sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do
+ eval ac_old_set=\$ac_cv_env_${ac_var}_set
+ eval ac_new_set=\$ac_env_${ac_var}_set
+ eval ac_old_val="\$ac_cv_env_${ac_var}_value"
+ eval ac_new_val="\$ac_env_${ac_var}_value"
+ case $ac_old_set,$ac_new_set in
+ set,)
+ { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,set)
+ { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
+echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,);;
+ *)
+ if test "x$ac_old_val" != "x$ac_new_val"; then
+ { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
+echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ { echo "$as_me:$LINENO: former value: $ac_old_val" >&5
+echo "$as_me: former value: $ac_old_val" >&2;}
+ { echo "$as_me:$LINENO: current value: $ac_new_val" >&5
+echo "$as_me: current value: $ac_new_val" >&2;}
+ ac_cache_corrupted=:
+ fi;;
+ esac
+ # Pass precious variables to config.status.
+ if test "$ac_new_set" = set; then
+ case $ac_new_val in
+ *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
+ ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *) ac_arg=$ac_var=$ac_new_val ;;
+ esac
+ case " $ac_configure_args " in
+ *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+ *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+ esac
+ fi
+done
+if $ac_cache_corrupted; then
+ { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
+echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+ { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
+echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ac_aux_dir=
+for ac_dir in build $srcdir/build; do
+ if test -f $ac_dir/install-sh; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install-sh -c"
+ break
+ elif test -f $ac_dir/install.sh; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install.sh -c"
+ break
+ elif test -f $ac_dir/shtool; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/shtool install -c"
+ break
+ fi
+done
+if test -z "$ac_aux_dir"; then
+ { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in build $srcdir/build" >&5
+echo "$as_me: error: cannot find install-sh or install.sh in build $srcdir/build" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"
+ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure.
+
+eval `$ac_aux_dir/version.sh`
+if test -z "$OL_STRING"; then
+ { { echo "$as_me:$LINENO: error: could not determine version" >&5
+echo "$as_me: error: could not determine version" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+if test -f "$ac_aux_dir/shtool" && test ! -d $ac_aux_dir/shtool; then
+ ac_cv_shtool="$ac_aux_dir/shtool"
+else
+ { { echo "$as_me:$LINENO: error: no shtool found in $ac_aux_dir" >&5
+echo "$as_me: error: no shtool found in $ac_aux_dir" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+SHTOOL="$ac_cv_shtool"
+
+TB="`$SHTOOL echo -e '%B' 2>/dev/null`"
+TN="`$SHTOOL echo -e '%b' 2>/dev/null`"
+
+OPENLDAP_CVS=""
+if test -d $ac_aux_dir/CVS; then
+ OPENLDAP_CVS="(from CVS sources) "
+fi
+
+echo "Configuring ${TB}${OL_STRING}${TN} ${OPENLDAP_CVS}..."
+
+# Make sure we can run config.sub.
+$ac_config_sub sun4 >/dev/null 2>&1 ||
+ { { echo "$as_me:$LINENO: error: cannot run $ac_config_sub" >&5
+echo "$as_me: error: cannot run $ac_config_sub" >&2;}
+ { (exit 1); exit 1; }; }
+
+echo "$as_me:$LINENO: checking build system type" >&5
+echo $ECHO_N "checking build system type... $ECHO_C" >&6
+if test "${ac_cv_build+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_build_alias=$build_alias
+test -z "$ac_cv_build_alias" &&
+ ac_cv_build_alias=`$ac_config_guess`
+test -z "$ac_cv_build_alias" &&
+ { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
+echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
+ { (exit 1); exit 1; }; }
+ac_cv_build=`$ac_config_sub $ac_cv_build_alias` ||
+ { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_build_alias failed" >&5
+echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed" >&2;}
+ { (exit 1); exit 1; }; }
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_build" >&5
+echo "${ECHO_T}$ac_cv_build" >&6
+build=$ac_cv_build
+build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+
+
+echo "$as_me:$LINENO: checking host system type" >&5
+echo $ECHO_N "checking host system type... $ECHO_C" >&6
+if test "${ac_cv_host+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_host_alias=$host_alias
+test -z "$ac_cv_host_alias" &&
+ ac_cv_host_alias=$ac_cv_build_alias
+ac_cv_host=`$ac_config_sub $ac_cv_host_alias` ||
+ { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_host_alias failed" >&5
+echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;}
+ { (exit 1); exit 1; }; }
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_host" >&5
+echo "${ECHO_T}$ac_cv_host" >&6
+host=$ac_cv_host
+host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+
+
+echo "$as_me:$LINENO: checking target system type" >&5
+echo $ECHO_N "checking target system type... $ECHO_C" >&6
+if test "${ac_cv_target+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_target_alias=$target_alias
+test "x$ac_cv_target_alias" = "x" &&
+ ac_cv_target_alias=$ac_cv_host_alias
+ac_cv_target=`$ac_config_sub $ac_cv_target_alias` ||
+ { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_target_alias failed" >&5
+echo "$as_me: error: $ac_config_sub $ac_cv_target_alias failed" >&2;}
+ { (exit 1); exit 1; }; }
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_target" >&5
+echo "${ECHO_T}$ac_cv_target" >&6
+target=$ac_cv_target
+target_cpu=`echo $ac_cv_target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+target_vendor=`echo $ac_cv_target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+target_os=`echo $ac_cv_target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+
+
+# The aliases save the names the user supplied, while $host etc.
+# will get canonicalized.
+test -n "$target_alias" &&
+ test "$program_prefix$program_suffix$program_transform_name" = \
+ NONENONEs,x,x, &&
+ program_prefix=${target_alias}-
+
+am__api_version="1.9"
+# Find a good install program. We prefer a C program (faster),
+# so one script is as good as another. But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
+echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6
+if test -z "$INSTALL"; then
+if test "${ac_cv_path_install+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in
+ ./ | .// | /cC/* | \
+ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+ ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
+ /usr/ucb/* ) ;;
+ *)
+ # OSF1 and SCO ODT 3.0 have their own names for install.
+ # Don't use installbsd from OSF since it installs stuff as root
+ # by default.
+ for ac_prog in ginstall scoinst install; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
+ if test $ac_prog = install &&
+ grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # AIX install. It has an incompatible calling convention.
+ :
+ elif test $ac_prog = install &&
+ grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # program-specific install script used by HP pwplus--don't use.
+ :
+ else
+ ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ break 3
+ fi
+ fi
+ done
+ done
+ ;;
+esac
+done
+
+
+fi
+ if test "${ac_cv_path_install+set}" = set; then
+ INSTALL=$ac_cv_path_install
+ else
+ # As a last resort, use the slow shell script. We don't cache a
+ # path for INSTALL within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the path is relative.
+ INSTALL=$ac_install_sh
+ fi
+fi
+echo "$as_me:$LINENO: result: $INSTALL" >&5
+echo "${ECHO_T}$INSTALL" >&6
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+echo "$as_me:$LINENO: checking whether build environment is sane" >&5
+echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
+ if test "$*" = "X"; then
+ # -L didn't work.
+ set X `ls -t $srcdir/configure conftest.file`
+ fi
+ rm -f conftest.file
+ if test "$*" != "X $srcdir/configure conftest.file" \
+ && test "$*" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ { { echo "$as_me:$LINENO: error: ls -t appears to fail. Make sure there is not a broken
+alias in your environment" >&5
+echo "$as_me: error: ls -t appears to fail. Make sure there is not a broken
+alias in your environment" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ test "$2" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ { { echo "$as_me:$LINENO: error: newly created file is older than distributed files!
+Check your system clock" >&5
+echo "$as_me: error: newly created file is older than distributed files!
+Check your system clock" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+test "$program_prefix" != NONE &&
+ program_transform_name="s,^,$program_prefix,;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+ program_transform_name="s,\$,$program_suffix,;$program_transform_name"
+# Double any \ or $. echo might interpret backslashes.
+# By default was `s,x,x', remove it if useless.
+cat <<\_ACEOF >conftest.sed
+s/[\\$]/&&/g;s/;s,x,x,$//
+_ACEOF
+program_transform_name=`echo $program_transform_name | sed -f conftest.sed`
+rm conftest.sed
+
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+
+test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+ am_missing_run="$MISSING --run "
+else
+ am_missing_run=
+ { echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5
+echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
+ # We used to keeping the `.' as first argument, in order to
+ # allow $(mkdir_p) to be used without argument. As in
+ # $(mkdir_p) $(somedir)
+ # where $(somedir) is conditionally defined. However this is wrong
+ # for two reasons:
+ # 1. if the package is installed by a user who cannot write `.'
+ # make install will fail,
+ # 2. the above comment should most certainly read
+ # $(mkdir_p) $(DESTDIR)$(somedir)
+ # so it does not work when $(somedir) is undefined and
+ # $(DESTDIR) is not.
+ # To support the latter case, we have to write
+ # test -z "$(somedir)" || $(mkdir_p) $(DESTDIR)$(somedir),
+ # so the `.' trick is pointless.
+ mkdir_p='mkdir -p --'
+else
+ # On NextStep and OpenStep, the `mkdir' command does not
+ # recognize any option. It will interpret all options as
+ # directories to create, and then abort because `.' already
+ # exists.
+ for d in ./-p ./--version;
+ do
+ test -d $d && rmdir $d
+ done
+ # $(mkinstalldirs) is defined by Automake if mkinstalldirs exists.
+ if test -f "$ac_aux_dir/mkinstalldirs"; then
+ mkdir_p='$(mkinstalldirs)'
+ else
+ mkdir_p='$(install_sh) -d'
+ fi
+fi
+
+for ac_prog in gawk mawk nawk awk
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_AWK+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$AWK"; then
+ ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_AWK="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+ echo "$as_me:$LINENO: result: $AWK" >&5
+echo "${ECHO_T}$AWK" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ test -n "$AWK" && break
+done
+
+echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6
+set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y,:./+-,___p_,'`
+if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.make <<\_ACEOF
+all:
+ @echo 'ac_maketemp="$(MAKE)"'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+eval `${MAKE-make} -f conftest.make 2>/dev/null | grep temp=`
+if test -n "$ac_maketemp"; then
+ eval ac_cv_prog_make_${ac_make}_set=yes
+else
+ eval ac_cv_prog_make_${ac_make}_set=no
+fi
+rm -f conftest.make
+fi
+if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+ SET_MAKE=
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+ SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+ am__leading_dot=.
+else
+ am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+# test to see if srcdir already configured
+if test "`cd $srcdir && pwd`" != "`pwd`" &&
+ test -f $srcdir/config.status; then
+ { { echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5
+echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+ if (cygpath --version) >/dev/null 2>/dev/null; then
+ CYGPATH_W='cygpath -w'
+ else
+ CYGPATH_W=echo
+ fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE=$OL_PACKAGE
+ VERSION=$OL_VERSION
+
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+install_sh=${install_sh-"$am_aux_dir/install-sh"}
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'. However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_STRIP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ echo "$as_me:$LINENO: result: $STRIP" >&5
+echo "${ECHO_T}$STRIP" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+ test -z "$ac_cv_prog_ac_ct_STRIP" && ac_cv_prog_ac_ct_STRIP=":"
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+echo "${ECHO_T}$ac_ct_STRIP" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ STRIP=$ac_ct_STRIP
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s"
+
+# We need awk for the "check" target. The system "awk" is bad on
+# some platforms.
+# Always define AMTAR for backward compatibility.
+
+AMTAR=${AMTAR-"${am_missing_run}tar"}
+
+am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+
+
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define OPENLDAP_PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define OPENLDAP_VERSION "$VERSION"
+_ACEOF
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define LDAP_VENDOR_VERSION $OL_API_INC
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define LDAP_VENDOR_VERSION_MAJOR $OL_MAJOR
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define LDAP_VENDOR_VERSION_MINOR $OL_MINOR
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define LDAP_VENDOR_VERSION_PATCH $OL_PATCH
+_ACEOF
+
+
+OPENLDAP_LIBRELEASE=$OL_API_LIB_RELEASE
+
+OPENLDAP_LIBVERSION=$OL_API_LIB_VERSION
+
+OPENLDAP_RELEASE_DATE="$OL_RELEASE_DATE"
+
+
+
+
+
+
+
+ ac_config_headers="$ac_config_headers include/portable.h:include/portable.hin"
+
+ ac_config_headers="$ac_config_headers include/ldap_features.h:include/ldap_features.hin"
+
+ ac_config_headers="$ac_config_headers include/lber_types.h:include/lber_types.hin"
+
+
+echo "$as_me:$LINENO: checking configure arguments" >&5
+echo $ECHO_N "checking configure arguments... $ECHO_C" >&6
+
+
+top_builddir=`pwd`
+
+ldap_subdir="/openldap"
+
+
+# Check whether --with-subdir or --without-subdir was given.
+if test "${with_subdir+set}" = set; then
+ withval="$with_subdir"
+ case "$withval" in
+ no) ldap_subdir=""
+ ;;
+ yes)
+ ;;
+ /*|\\*)
+ ldap_subdir="$withval"
+ ;;
+ *)
+ ldap_subdir="/$withval"
+ ;;
+esac
+
+fi;
+
+# OpenLDAP --enable-debug
+
+ # Check whether --enable-debug or --disable-debug was given.
+if test "${enable_debug+set}" = set; then
+ enableval="$enable_debug"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-debug" >&5
+echo "$as_me: error: bad value $enableval for --enable-debug" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_debug="$ol_arg"
+
+else
+ ol_enable_debug=yes
+fi;
+# end --enable-debug
+# OpenLDAP --enable-dynamic
+
+ # Check whether --enable-dynamic or --disable-dynamic was given.
+if test "${enable_dynamic+set}" = set; then
+ enableval="$enable_dynamic"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-dynamic" >&5
+echo "$as_me: error: bad value $enableval for --enable-dynamic" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_dynamic="$ol_arg"
+
+else
+ ol_enable_dynamic=no
+fi;
+# end --enable-dynamic
+# OpenLDAP --enable-syslog
+
+ # Check whether --enable-syslog or --disable-syslog was given.
+if test "${enable_syslog+set}" = set; then
+ enableval="$enable_syslog"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-syslog" >&5
+echo "$as_me: error: bad value $enableval for --enable-syslog" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_syslog="$ol_arg"
+
+else
+ ol_enable_syslog=auto
+fi;
+# end --enable-syslog
+# OpenLDAP --enable-proctitle
+
+ # Check whether --enable-proctitle or --disable-proctitle was given.
+if test "${enable_proctitle+set}" = set; then
+ enableval="$enable_proctitle"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-proctitle" >&5
+echo "$as_me: error: bad value $enableval for --enable-proctitle" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_proctitle="$ol_arg"
+
+else
+ ol_enable_proctitle=yes
+fi;
+# end --enable-proctitle
+ol_enable_referrals=${ol_enable_referrals-no}
+ol_enable_kbind=${ol_enable_kbind-no}
+# OpenLDAP --enable-ipv6
+
+ # Check whether --enable-ipv6 or --disable-ipv6 was given.
+if test "${enable_ipv6+set}" = set; then
+ enableval="$enable_ipv6"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-ipv6" >&5
+echo "$as_me: error: bad value $enableval for --enable-ipv6" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_ipv6="$ol_arg"
+
+else
+ ol_enable_ipv6=auto
+fi;
+# end --enable-ipv6
+# OpenLDAP --enable-local
+
+ # Check whether --enable-local or --disable-local was given.
+if test "${enable_local+set}" = set; then
+ enableval="$enable_local"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-local" >&5
+echo "$as_me: error: bad value $enableval for --enable-local" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_local="$ol_arg"
+
+else
+ ol_enable_local=auto
+fi;
+# end --enable-local
+
+# OpenLDAP --with-cyrus_sasl
+
+# Check whether --with-cyrus_sasl or --without-cyrus_sasl was given.
+if test "${with_cyrus_sasl+set}" = set; then
+ withval="$with_cyrus_sasl"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$withval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $withval for --with-cyrus_sasl" >&5
+echo "$as_me: error: bad value $withval for --with-cyrus_sasl" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_with_cyrus_sasl="$ol_arg"
+
+else
+ ol_with_cyrus_sasl="auto"
+fi; # end --with-cyrus_sasl
+
+# OpenLDAP --with-fetch
+
+# Check whether --with-fetch or --without-fetch was given.
+if test "${with_fetch+set}" = set; then
+ withval="$with_fetch"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$withval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $withval for --with-fetch" >&5
+echo "$as_me: error: bad value $withval for --with-fetch" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_with_fetch="$ol_arg"
+
+else
+ ol_with_fetch="auto"
+fi; # end --with-fetch
+
+ol_with_kerberos=${ol_with_kerberos-auto}
+# OpenLDAP --with-threads
+
+# Check whether --with-threads or --without-threads was given.
+if test "${with_threads+set}" = set; then
+ withval="$with_threads"
+
+ ol_arg=invalid
+ for ol_val in auto nt posix mach pth lwp yes no manual ; do
+ if test "$withval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $withval for --with-threads" >&5
+echo "$as_me: error: bad value $withval for --with-threads" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_with_threads="$ol_arg"
+
+else
+ ol_with_threads="auto"
+fi; # end --with-threads
+
+# OpenLDAP --with-tls
+
+# Check whether --with-tls or --without-tls was given.
+if test "${with_tls+set}" = set; then
+ withval="$with_tls"
+
+ ol_arg=invalid
+ for ol_val in auto openssl yes no ; do
+ if test "$withval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $withval for --with-tls" >&5
+echo "$as_me: error: bad value $withval for --with-tls" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_with_tls="$ol_arg"
+
+else
+ ol_with_tls="auto"
+fi; # end --with-tls
+
+# OpenLDAP --with-yielding_select
+
+# Check whether --with-yielding_select or --without-yielding_select was given.
+if test "${with_yielding_select+set}" = set; then
+ withval="$with_yielding_select"
+
+ ol_arg=invalid
+ for ol_val in auto yes no manual ; do
+ if test "$withval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $withval for --with-yielding_select" >&5
+echo "$as_me: error: bad value $withval for --with-yielding_select" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_with_yielding_select="$ol_arg"
+
+else
+ ol_with_yielding_select="auto"
+fi; # end --with-yielding_select
+
+# OpenLDAP --with-mp
+
+# Check whether --with-mp or --without-mp was given.
+if test "${with_mp+set}" = set; then
+ withval="$with_mp"
+
+ ol_arg=invalid
+ for ol_val in auto longlong long bignum gmp yes no ; do
+ if test "$withval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $withval for --with-mp" >&5
+echo "$as_me: error: bad value $withval for --with-mp" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_with_mp="$ol_arg"
+
+else
+ ol_with_mp="auto"
+fi; # end --with-mp
+
+# OpenLDAP --with-odbc
+
+# Check whether --with-odbc or --without-odbc was given.
+if test "${with_odbc+set}" = set; then
+ withval="$with_odbc"
+
+ ol_arg=invalid
+ for ol_val in auto iodbc unixodbc ; do
+ if test "$withval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $withval for --with-odbc" >&5
+echo "$as_me: error: bad value $withval for --with-odbc" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_with_odbc="$ol_arg"
+
+else
+ ol_with_odbc="auto"
+fi; # end --with-odbc
+
+
+
+# Check whether --enable-xxslapdoptions or --disable-xxslapdoptions was given.
+if test "${enable_xxslapdoptions+set}" = set; then
+ enableval="$enable_xxslapdoptions"
+
+fi;
+# OpenLDAP --enable-slapd
+
+ # Check whether --enable-slapd or --disable-slapd was given.
+if test "${enable_slapd+set}" = set; then
+ enableval="$enable_slapd"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-slapd" >&5
+echo "$as_me: error: bad value $enableval for --enable-slapd" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_slapd="$ol_arg"
+
+else
+ ol_enable_slapd=yes
+fi;
+# end --enable-slapd
+# OpenLDAP --enable-aci
+
+ # Check whether --enable-aci or --disable-aci was given.
+if test "${enable_aci+set}" = set; then
+ enableval="$enable_aci"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-aci" >&5
+echo "$as_me: error: bad value $enableval for --enable-aci" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_aci="$ol_arg"
+
+else
+ ol_enable_aci=no
+fi;
+# end --enable-aci
+# OpenLDAP --enable-cleartext
+
+ # Check whether --enable-cleartext or --disable-cleartext was given.
+if test "${enable_cleartext+set}" = set; then
+ enableval="$enable_cleartext"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-cleartext" >&5
+echo "$as_me: error: bad value $enableval for --enable-cleartext" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_cleartext="$ol_arg"
+
+else
+ ol_enable_cleartext=yes
+fi;
+# end --enable-cleartext
+# OpenLDAP --enable-crypt
+
+ # Check whether --enable-crypt or --disable-crypt was given.
+if test "${enable_crypt+set}" = set; then
+ enableval="$enable_crypt"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-crypt" >&5
+echo "$as_me: error: bad value $enableval for --enable-crypt" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_crypt="$ol_arg"
+
+else
+ ol_enable_crypt=no
+fi;
+# end --enable-crypt
+# OpenLDAP --enable-lmpasswd
+
+ # Check whether --enable-lmpasswd or --disable-lmpasswd was given.
+if test "${enable_lmpasswd+set}" = set; then
+ enableval="$enable_lmpasswd"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-lmpasswd" >&5
+echo "$as_me: error: bad value $enableval for --enable-lmpasswd" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_lmpasswd="$ol_arg"
+
+else
+ ol_enable_lmpasswd=no
+fi;
+# end --enable-lmpasswd
+# OpenLDAP --enable-spasswd
+
+ # Check whether --enable-spasswd or --disable-spasswd was given.
+if test "${enable_spasswd+set}" = set; then
+ enableval="$enable_spasswd"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-spasswd" >&5
+echo "$as_me: error: bad value $enableval for --enable-spasswd" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_spasswd="$ol_arg"
+
+else
+ ol_enable_spasswd=no
+fi;
+# end --enable-spasswd
+# OpenLDAP --enable-modules
+
+ # Check whether --enable-modules or --disable-modules was given.
+if test "${enable_modules+set}" = set; then
+ enableval="$enable_modules"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-modules" >&5
+echo "$as_me: error: bad value $enableval for --enable-modules" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_modules="$ol_arg"
+
+else
+ ol_enable_modules=no
+fi;
+# end --enable-modules
+ol_enable_multimaster=${ol_enable_multimaster-no}
+# OpenLDAP --enable-rewrite
+
+ # Check whether --enable-rewrite or --disable-rewrite was given.
+if test "${enable_rewrite+set}" = set; then
+ enableval="$enable_rewrite"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-rewrite" >&5
+echo "$as_me: error: bad value $enableval for --enable-rewrite" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_rewrite="$ol_arg"
+
+else
+ ol_enable_rewrite=auto
+fi;
+# end --enable-rewrite
+# OpenLDAP --enable-rlookups
+
+ # Check whether --enable-rlookups or --disable-rlookups was given.
+if test "${enable_rlookups+set}" = set; then
+ enableval="$enable_rlookups"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-rlookups" >&5
+echo "$as_me: error: bad value $enableval for --enable-rlookups" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_rlookups="$ol_arg"
+
+else
+ ol_enable_rlookups=no
+fi;
+# end --enable-rlookups
+# OpenLDAP --enable-slapi
+
+ # Check whether --enable-slapi or --disable-slapi was given.
+if test "${enable_slapi+set}" = set; then
+ enableval="$enable_slapi"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-slapi" >&5
+echo "$as_me: error: bad value $enableval for --enable-slapi" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_slapi="$ol_arg"
+
+else
+ ol_enable_slapi=no
+fi;
+# end --enable-slapi
+# OpenLDAP --enable-slp
+
+ # Check whether --enable-slp or --disable-slp was given.
+if test "${enable_slp+set}" = set; then
+ enableval="$enable_slp"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-slp" >&5
+echo "$as_me: error: bad value $enableval for --enable-slp" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_slp="$ol_arg"
+
+else
+ ol_enable_slp=no
+fi;
+# end --enable-slp
+# OpenLDAP --enable-wrappers
+
+ # Check whether --enable-wrappers or --disable-wrappers was given.
+if test "${enable_wrappers+set}" = set; then
+ enableval="$enable_wrappers"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-wrappers" >&5
+echo "$as_me: error: bad value $enableval for --enable-wrappers" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_wrappers="$ol_arg"
+
+else
+ ol_enable_wrappers=no
+fi;
+# end --enable-wrappers
+
+Backends="bdb \
+ dnssrv \
+ hdb \
+ ldap \
+ ldbm \
+ meta \
+ monitor \
+ null \
+ passwd \
+ perl \
+ relay \
+ shell \
+ sql"
+
+# Check whether --enable-xxslapbackends or --disable-xxslapbackends was given.
+if test "${enable_xxslapbackends+set}" = set; then
+ enableval="$enable_xxslapbackends"
+
+fi;
+
+# OpenLDAP --enable-backends
+
+ # Check whether --enable-backends or --disable-backends was given.
+if test "${enable_backends+set}" = set; then
+ enableval="$enable_backends"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-backends" >&5
+echo "$as_me: error: bad value $enableval for --enable-backends" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_backends="$ol_arg"
+
+fi;
+# end --enable-backends
+# OpenLDAP --enable-bdb
+
+ # Check whether --enable-bdb or --disable-bdb was given.
+if test "${enable_bdb+set}" = set; then
+ enableval="$enable_bdb"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-bdb" >&5
+echo "$as_me: error: bad value $enableval for --enable-bdb" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_bdb="$ol_arg"
+
+else
+ ol_enable_bdb=${ol_enable_backends:-yes}
+fi;
+# end --enable-bdb
+# OpenLDAP --enable-dnssrv
+
+ # Check whether --enable-dnssrv or --disable-dnssrv was given.
+if test "${enable_dnssrv+set}" = set; then
+ enableval="$enable_dnssrv"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-dnssrv" >&5
+echo "$as_me: error: bad value $enableval for --enable-dnssrv" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_dnssrv="$ol_arg"
+
+else
+ ol_enable_dnssrv=${ol_enable_backends:-no}
+fi;
+# end --enable-dnssrv
+# OpenLDAP --enable-hdb
+
+ # Check whether --enable-hdb or --disable-hdb was given.
+if test "${enable_hdb+set}" = set; then
+ enableval="$enable_hdb"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-hdb" >&5
+echo "$as_me: error: bad value $enableval for --enable-hdb" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_hdb="$ol_arg"
+
+else
+ ol_enable_hdb=${ol_enable_backends:-yes}
+fi;
+# end --enable-hdb
+# OpenLDAP --enable-ldap
+
+ # Check whether --enable-ldap or --disable-ldap was given.
+if test "${enable_ldap+set}" = set; then
+ enableval="$enable_ldap"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-ldap" >&5
+echo "$as_me: error: bad value $enableval for --enable-ldap" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_ldap="$ol_arg"
+
+else
+ ol_enable_ldap=${ol_enable_backends:-no}
+fi;
+# end --enable-ldap
+# OpenLDAP --enable-ldbm
+
+ # Check whether --enable-ldbm or --disable-ldbm was given.
+if test "${enable_ldbm+set}" = set; then
+ enableval="$enable_ldbm"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-ldbm" >&5
+echo "$as_me: error: bad value $enableval for --enable-ldbm" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_ldbm="$ol_arg"
+
+else
+ ol_enable_ldbm=${ol_enable_backends:-no}
+fi;
+# end --enable-ldbm
+
+# Check whether --with-ldbm_api or --without-ldbm_api was given.
+if test "${with_ldbm_api+set}" = set; then
+ withval="$with_ldbm_api"
+
+ { echo "$as_me:$LINENO: WARNING: Please use --enable-ldbm-api instead of --with-ldbm-api" >&5
+echo "$as_me: WARNING: Please use --enable-ldbm-api instead of --with-ldbm-api" >&2;}
+ enable_ldbm_api="$with_ldbm_api"
+fi;
+# OpenLDAP --enable-ldbm_api
+
+ # Check whether --enable-ldbm_api or --disable-ldbm_api was given.
+if test "${enable_ldbm_api+set}" = set; then
+ enableval="$enable_ldbm_api"
+
+ ol_arg=invalid
+ for ol_val in auto berkeley bcompat mdbm gdbm ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-ldbm_api" >&5
+echo "$as_me: error: bad value $enableval for --enable-ldbm_api" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_ldbm_api="$ol_arg"
+
+else
+ ol_enable_ldbm_api=auto
+fi;
+# end --enable-ldbm_api
+
+
+# Check whether --with-ldbm_type or --without-ldbm_type was given.
+if test "${with_ldbm_type+set}" = set; then
+ withval="$with_ldbm_type"
+
+ { echo "$as_me:$LINENO: WARNING: Please use --enable-ldbm-type instead of --with-ldbm-type" >&5
+echo "$as_me: WARNING: Please use --enable-ldbm-type instead of --with-ldbm-type" >&2;}
+ enable_ldbm_type="$with_ldbm_type"
+fi;
+# OpenLDAP --enable-ldbm_type
+
+ # Check whether --enable-ldbm_type or --disable-ldbm_type was given.
+if test "${enable_ldbm_type+set}" = set; then
+ enableval="$enable_ldbm_type"
+
+ ol_arg=invalid
+ for ol_val in auto btree hash ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-ldbm_type" >&5
+echo "$as_me: error: bad value $enableval for --enable-ldbm_type" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_ldbm_type="$ol_arg"
+
+else
+ ol_enable_ldbm_type=auto
+fi;
+# end --enable-ldbm_type
+
+# OpenLDAP --enable-meta
+
+ # Check whether --enable-meta or --disable-meta was given.
+if test "${enable_meta+set}" = set; then
+ enableval="$enable_meta"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-meta" >&5
+echo "$as_me: error: bad value $enableval for --enable-meta" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_meta="$ol_arg"
+
+else
+ ol_enable_meta=${ol_enable_backends:-no}
+fi;
+# end --enable-meta
+# OpenLDAP --enable-monitor
+
+ # Check whether --enable-monitor or --disable-monitor was given.
+if test "${enable_monitor+set}" = set; then
+ enableval="$enable_monitor"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-monitor" >&5
+echo "$as_me: error: bad value $enableval for --enable-monitor" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_monitor="$ol_arg"
+
+else
+ ol_enable_monitor=${ol_enable_backends:-yes}
+fi;
+# end --enable-monitor
+# OpenLDAP --enable-null
+
+ # Check whether --enable-null or --disable-null was given.
+if test "${enable_null+set}" = set; then
+ enableval="$enable_null"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-null" >&5
+echo "$as_me: error: bad value $enableval for --enable-null" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_null="$ol_arg"
+
+else
+ ol_enable_null=${ol_enable_backends:-no}
+fi;
+# end --enable-null
+# OpenLDAP --enable-passwd
+
+ # Check whether --enable-passwd or --disable-passwd was given.
+if test "${enable_passwd+set}" = set; then
+ enableval="$enable_passwd"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-passwd" >&5
+echo "$as_me: error: bad value $enableval for --enable-passwd" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_passwd="$ol_arg"
+
+else
+ ol_enable_passwd=${ol_enable_backends:-no}
+fi;
+# end --enable-passwd
+# OpenLDAP --enable-perl
+
+ # Check whether --enable-perl or --disable-perl was given.
+if test "${enable_perl+set}" = set; then
+ enableval="$enable_perl"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-perl" >&5
+echo "$as_me: error: bad value $enableval for --enable-perl" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_perl="$ol_arg"
+
+else
+ ol_enable_perl=${ol_enable_backends:-no}
+fi;
+# end --enable-perl
+# OpenLDAP --enable-relay
+
+ # Check whether --enable-relay or --disable-relay was given.
+if test "${enable_relay+set}" = set; then
+ enableval="$enable_relay"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-relay" >&5
+echo "$as_me: error: bad value $enableval for --enable-relay" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_relay="$ol_arg"
+
+else
+ ol_enable_relay=${ol_enable_backends:-yes}
+fi;
+# end --enable-relay
+# OpenLDAP --enable-shell
+
+ # Check whether --enable-shell or --disable-shell was given.
+if test "${enable_shell+set}" = set; then
+ enableval="$enable_shell"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-shell" >&5
+echo "$as_me: error: bad value $enableval for --enable-shell" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_shell="$ol_arg"
+
+else
+ ol_enable_shell=${ol_enable_backends:-no}
+fi;
+# end --enable-shell
+# OpenLDAP --enable-sql
+
+ # Check whether --enable-sql or --disable-sql was given.
+if test "${enable_sql+set}" = set; then
+ enableval="$enable_sql"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-sql" >&5
+echo "$as_me: error: bad value $enableval for --enable-sql" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_sql="$ol_arg"
+
+else
+ ol_enable_sql=${ol_enable_backends:-no}
+fi;
+# end --enable-sql
+
+Overlays="accesslog \
+ auditlog \
+ denyop \
+ dyngroup \
+ dynlist \
+ lastmod \
+ ppolicy \
+ proxycache \
+ refint \
+ retcode \
+ rwm \
+ syncprov \
+ translucent \
+ unique \
+ valsort"
+
+# Check whether --enable-xxslapoverlays or --disable-xxslapoverlays was given.
+if test "${enable_xxslapoverlays+set}" = set; then
+ enableval="$enable_xxslapoverlays"
+
+fi;
+
+# OpenLDAP --enable-overlays
+
+ # Check whether --enable-overlays or --disable-overlays was given.
+if test "${enable_overlays+set}" = set; then
+ enableval="$enable_overlays"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-overlays" >&5
+echo "$as_me: error: bad value $enableval for --enable-overlays" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_overlays="$ol_arg"
+
+fi;
+# end --enable-overlays
+# OpenLDAP --enable-accesslog
+
+ # Check whether --enable-accesslog or --disable-accesslog was given.
+if test "${enable_accesslog+set}" = set; then
+ enableval="$enable_accesslog"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-accesslog" >&5
+echo "$as_me: error: bad value $enableval for --enable-accesslog" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_accesslog="$ol_arg"
+
+else
+ ol_enable_accesslog=${ol_enable_overlays:-no}
+fi;
+# end --enable-accesslog
+
+# OpenLDAP --enable-auditlog
+
+ # Check whether --enable-auditlog or --disable-auditlog was given.
+if test "${enable_auditlog+set}" = set; then
+ enableval="$enable_auditlog"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-auditlog" >&5
+echo "$as_me: error: bad value $enableval for --enable-auditlog" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_auditlog="$ol_arg"
+
+else
+ ol_enable_auditlog=${ol_enable_overlays:-no}
+fi;
+# end --enable-auditlog
+
+# OpenLDAP --enable-denyop
+
+ # Check whether --enable-denyop or --disable-denyop was given.
+if test "${enable_denyop+set}" = set; then
+ enableval="$enable_denyop"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-denyop" >&5
+echo "$as_me: error: bad value $enableval for --enable-denyop" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_denyop="$ol_arg"
+
+else
+ ol_enable_denyop=${ol_enable_overlays:-no}
+fi;
+# end --enable-denyop
+
+# OpenLDAP --enable-dyngroup
+
+ # Check whether --enable-dyngroup or --disable-dyngroup was given.
+if test "${enable_dyngroup+set}" = set; then
+ enableval="$enable_dyngroup"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-dyngroup" >&5
+echo "$as_me: error: bad value $enableval for --enable-dyngroup" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_dyngroup="$ol_arg"
+
+else
+ ol_enable_dyngroup=${ol_enable_overlays:-no}
+fi;
+# end --enable-dyngroup
+
+# OpenLDAP --enable-dynlist
+
+ # Check whether --enable-dynlist or --disable-dynlist was given.
+if test "${enable_dynlist+set}" = set; then
+ enableval="$enable_dynlist"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-dynlist" >&5
+echo "$as_me: error: bad value $enableval for --enable-dynlist" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_dynlist="$ol_arg"
+
+else
+ ol_enable_dynlist=${ol_enable_overlays:-no}
+fi;
+# end --enable-dynlist
+
+# OpenLDAP --enable-lastmod
+
+ # Check whether --enable-lastmod or --disable-lastmod was given.
+if test "${enable_lastmod+set}" = set; then
+ enableval="$enable_lastmod"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-lastmod" >&5
+echo "$as_me: error: bad value $enableval for --enable-lastmod" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_lastmod="$ol_arg"
+
+else
+ ol_enable_lastmod=${ol_enable_overlays:-no}
+fi;
+# end --enable-lastmod
+
+# OpenLDAP --enable-ppolicy
+
+ # Check whether --enable-ppolicy or --disable-ppolicy was given.
+if test "${enable_ppolicy+set}" = set; then
+ enableval="$enable_ppolicy"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-ppolicy" >&5
+echo "$as_me: error: bad value $enableval for --enable-ppolicy" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_ppolicy="$ol_arg"
+
+else
+ ol_enable_ppolicy=${ol_enable_overlays:-no}
+fi;
+# end --enable-ppolicy
+
+# OpenLDAP --enable-proxycache
+
+ # Check whether --enable-proxycache or --disable-proxycache was given.
+if test "${enable_proxycache+set}" = set; then
+ enableval="$enable_proxycache"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-proxycache" >&5
+echo "$as_me: error: bad value $enableval for --enable-proxycache" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_proxycache="$ol_arg"
+
+else
+ ol_enable_proxycache=${ol_enable_overlays:-no}
+fi;
+# end --enable-proxycache
+
+# OpenLDAP --enable-refint
+
+ # Check whether --enable-refint or --disable-refint was given.
+if test "${enable_refint+set}" = set; then
+ enableval="$enable_refint"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-refint" >&5
+echo "$as_me: error: bad value $enableval for --enable-refint" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_refint="$ol_arg"
+
+else
+ ol_enable_refint=${ol_enable_overlays:-no}
+fi;
+# end --enable-refint
+
+# OpenLDAP --enable-retcode
+
+ # Check whether --enable-retcode or --disable-retcode was given.
+if test "${enable_retcode+set}" = set; then
+ enableval="$enable_retcode"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-retcode" >&5
+echo "$as_me: error: bad value $enableval for --enable-retcode" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_retcode="$ol_arg"
+
+else
+ ol_enable_retcode=${ol_enable_overlays:-no}
+fi;
+# end --enable-retcode
+
+# OpenLDAP --enable-rwm
+
+ # Check whether --enable-rwm or --disable-rwm was given.
+if test "${enable_rwm+set}" = set; then
+ enableval="$enable_rwm"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-rwm" >&5
+echo "$as_me: error: bad value $enableval for --enable-rwm" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_rwm="$ol_arg"
+
+else
+ ol_enable_rwm=${ol_enable_overlays:-no}
+fi;
+# end --enable-rwm
+
+# OpenLDAP --enable-syncprov
+
+ # Check whether --enable-syncprov or --disable-syncprov was given.
+if test "${enable_syncprov+set}" = set; then
+ enableval="$enable_syncprov"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-syncprov" >&5
+echo "$as_me: error: bad value $enableval for --enable-syncprov" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_syncprov="$ol_arg"
+
+else
+ ol_enable_syncprov=${ol_enable_overlays:-yes}
+fi;
+# end --enable-syncprov
+
+# OpenLDAP --enable-translucent
+
+ # Check whether --enable-translucent or --disable-translucent was given.
+if test "${enable_translucent+set}" = set; then
+ enableval="$enable_translucent"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-translucent" >&5
+echo "$as_me: error: bad value $enableval for --enable-translucent" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_translucent="$ol_arg"
+
+else
+ ol_enable_translucent=${ol_enable_overlays:-no}
+fi;
+# end --enable-translucent
+
+# OpenLDAP --enable-unique
+
+ # Check whether --enable-unique or --disable-unique was given.
+if test "${enable_unique+set}" = set; then
+ enableval="$enable_unique"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-unique" >&5
+echo "$as_me: error: bad value $enableval for --enable-unique" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_unique="$ol_arg"
+
+else
+ ol_enable_unique=${ol_enable_overlays:-no}
+fi;
+# end --enable-unique
+
+# OpenLDAP --enable-valsort
+
+ # Check whether --enable-valsort or --disable-valsort was given.
+if test "${enable_valsort+set}" = set; then
+ enableval="$enable_valsort"
+
+ ol_arg=invalid
+ for ol_val in no yes mod ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-valsort" >&5
+echo "$as_me: error: bad value $enableval for --enable-valsort" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_valsort="$ol_arg"
+
+else
+ ol_enable_valsort=${ol_enable_overlays:-no}
+fi;
+# end --enable-valsort
+
+
+# Check whether --enable-xxslurpdoptions or --disable-xxslurpdoptions was given.
+if test "${enable_xxslurpdoptions+set}" = set; then
+ enableval="$enable_xxslurpdoptions"
+
+fi;
+# OpenLDAP --enable-slurpd
+
+ # Check whether --enable-slurpd or --disable-slurpd was given.
+if test "${enable_slurpd+set}" = set; then
+ enableval="$enable_slurpd"
+
+ ol_arg=invalid
+ for ol_val in auto yes no ; do
+ if test "$enableval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-slurpd" >&5
+echo "$as_me: error: bad value $enableval for --enable-slurpd" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_enable_slurpd="$ol_arg"
+
+else
+ ol_enable_slurpd=auto
+fi;
+# end --enable-slurpd
+
+# Check whether --enable-xxliboptions or --disable-xxliboptions was given.
+if test "${enable_xxliboptions+set}" = set; then
+ enableval="$enable_xxliboptions"
+
+fi;
+# Check whether --enable-static or --disable-static was given.
+if test "${enable_static+set}" = set; then
+ enableval="$enable_static"
+ p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_static=yes ;;
+ no) enable_static=no ;;
+ *)
+ enable_static=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_static=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_static=yes
+fi;
+
+# Check whether --enable-shared or --disable-shared was given.
+if test "${enable_shared+set}" = set; then
+ enableval="$enable_shared"
+ p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_shared=yes ;;
+ no) enable_shared=no ;;
+ *)
+ enable_shared=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_shared=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_shared=yes
+fi;
+
+
+
+# validate options
+if test $ol_enable_slapd = no ; then
+ if test $ol_enable_slapi = yes ; then
+ { echo "$as_me:$LINENO: WARNING: slapd disabled, ignoring --enable-slapi argument" >&5
+echo "$as_me: WARNING: slapd disabled, ignoring --enable-slapi argument" >&2;}
+ fi
+ case "$ol_enable_backends" in yes | mod)
+ { echo "$as_me:$LINENO: WARNING: slapd disabled, ignoring --enable-backends argument" >&5
+echo "$as_me: WARNING: slapd disabled, ignoring --enable-backends argument" >&2;}
+ esac
+ for i in $Backends; do
+ eval "ol_tmp=\$ol_enable_$i"
+ if test $ol_tmp != no ; then
+ { echo "$as_me:$LINENO: WARNING: slapd disabled, ignoring --enable-$i argument" >&5
+echo "$as_me: WARNING: slapd disabled, ignoring --enable-$i argument" >&2;}
+ eval "ol_enable_$i=no"
+ fi
+ done
+ if test $ol_enable_modules = yes ; then
+ { echo "$as_me:$LINENO: WARNING: slapd disabled, ignoring --enable-modules argument" >&5
+echo "$as_me: WARNING: slapd disabled, ignoring --enable-modules argument" >&2;}
+ fi
+ if test $ol_enable_multimaster = yes ; then
+ { echo "$as_me:$LINENO: WARNING: slapd disabled, ignoring --enable-multimaster argument" >&5
+echo "$as_me: WARNING: slapd disabled, ignoring --enable-multimaster argument" >&2;}
+ fi
+ if test $ol_enable_wrappers = yes ; then
+ { echo "$as_me:$LINENO: WARNING: slapd disabled, ignoring --enable-wrappers argument" >&5
+echo "$as_me: WARNING: slapd disabled, ignoring --enable-wrappers argument" >&2;}
+ fi
+ if test $ol_enable_rlookups = yes ; then
+ { echo "$as_me:$LINENO: WARNING: slapd disabled, ignoring --enable-rlookups argument" >&5
+echo "$as_me: WARNING: slapd disabled, ignoring --enable-rlookups argument" >&2;}
+ fi
+ if test $ol_enable_aci = yes ; then
+ { echo "$as_me:$LINENO: WARNING: slapd disabled, ignoring --enable-aci argument" >&5
+echo "$as_me: WARNING: slapd disabled, ignoring --enable-aci argument" >&2;}
+ fi
+ if test $ol_enable_ldbm_api != auto ; then
+ { echo "$as_me:$LINENO: WARNING: slapd disabled, ignoring --enable-ldbm-api argument" >&5
+echo "$as_me: WARNING: slapd disabled, ignoring --enable-ldbm-api argument" >&2;}
+ fi
+ if test $ol_enable_ldbm_type != auto ; then
+ { echo "$as_me:$LINENO: WARNING: slapd disabled, ignoring --enable-ldbm-type argument" >&5
+echo "$as_me: WARNING: slapd disabled, ignoring --enable-ldbm-type argument" >&2;}
+ fi
+ if test $ol_enable_slurpd = yes ; then
+ { { echo "$as_me:$LINENO: error: slurpd requires slapd" >&5
+echo "$as_me: error: slurpd requires slapd" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ if test $ol_enable_rewrite = yes ; then
+ { echo "$as_me:$LINENO: WARNING: slapd disabled, ignoring --enable-rewrite argument" >&5
+echo "$as_me: WARNING: slapd disabled, ignoring --enable-rewrite argument" >&2;}
+ fi
+ case "$ol_enable_overlays" in yes | mod)
+ { echo "$as_me:$LINENO: WARNING: slapd disabled, ignoring --enable-overlays argument" >&5
+echo "$as_me: WARNING: slapd disabled, ignoring --enable-overlays argument" >&2;}
+ esac
+ for i in $Overlays; do
+ eval "ol_tmp=\$ol_enable_$i"
+ if test $ol_tmp != no ; then
+ { echo "$as_me:$LINENO: WARNING: slapd disabled, ignoring --enable-$i argument" >&5
+echo "$as_me: WARNING: slapd disabled, ignoring --enable-$i argument" >&2;}
+ eval "ol_enable_$i=no"
+ fi
+ done
+
+ # force settings to no
+ ol_enable_slapi=no
+
+ ol_enable_backends=
+ ol_enable_overlays=
+ ol_enable_modules=no
+ ol_enable_multimaster=no
+ ol_enable_rlookups=no
+ ol_enable_aci=no
+ ol_enable_wrappers=no
+
+ ol_enable_ldbm_api=no
+ ol_enable_ldbm_type=no
+
+ ol_enable_slurpd=no
+
+ ol_enable_rewrite=no
+
+elif test $ol_enable_ldbm = no ; then
+
+ if test $ol_enable_ldbm_api != auto ; then
+ { echo "$as_me:$LINENO: WARNING: LDBM disabled, ignoring --enable-ldbm-api argument" >&5
+echo "$as_me: WARNING: LDBM disabled, ignoring --enable-ldbm-api argument" >&2;}
+ fi
+
+ if test $ol_enable_ldbm_type != auto ; then
+ { echo "$as_me:$LINENO: WARNING: LDBM disabled, ignoring --enable-ldbm-type argument" >&5
+echo "$as_me: WARNING: LDBM disabled, ignoring --enable-ldbm-type argument" >&2;}
+ fi
+
+ if test $ol_enable_modules != yes &&
+ test $ol_enable_bdb = no &&
+ test $ol_enable_dnssrv = no &&
+ test $ol_enable_hdb = no &&
+ test $ol_enable_ldap = no &&
+ test $ol_enable_meta = no &&
+ test $ol_enable_monitor = no &&
+ test $ol_enable_null = no &&
+ test $ol_enable_passwd = no &&
+ test $ol_enable_perl = no &&
+ test $ol_enable_relay = no &&
+ test $ol_enable_shell = no &&
+ test $ol_enable_sql = no ; then
+
+ if test $ol_enable_slapd = yes ; then
+ { { echo "$as_me:$LINENO: error: slapd requires a backend" >&5
+echo "$as_me: error: slapd requires a backend" >&2;}
+ { (exit 1); exit 1; }; }
+ else
+ { echo "$as_me:$LINENO: WARNING: skipping slapd, no backend specified" >&5
+echo "$as_me: WARNING: skipping slapd, no backend specified" >&2;}
+ ol_enable_slapd=no
+ fi
+ fi
+
+ ol_enable_ldbm_api=no
+ ol_enable_ldbm_type=no
+
+ if test $ol_enable_bdb/$ol_enable_hdb != no/no; then
+ ol_enable_ldbm_api=berkeley
+ fi
+
+else
+ if test $ol_enable_ldbm_api = gdbm &&
+ test $ol_enable_ldbm_type = btree ; then
+ { { echo "$as_me:$LINENO: error: GDBM only supports LDBM type hash" >&5
+echo "$as_me: error: GDBM only supports LDBM type hash" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ if test $ol_enable_ldbm_api = mdbm &&
+ test $ol_enable_ldbm_type = btree ; then
+ { { echo "$as_me:$LINENO: error: MDBM only supports LDBM type hash" >&5
+echo "$as_me: error: MDBM only supports LDBM type hash" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ if test $ol_enable_ldbm_api = ndbm &&
+ test $ol_enable_ldbm_type = btree ; then
+ { { echo "$as_me:$LINENO: error: NDBM only supports LDBM type hash" >&5
+echo "$as_me: error: NDBM only supports LDBM type hash" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ if test $ol_enable_bdb/$ol_enable_hdb != no/no ; then
+ if test $ol_enable_ldbm_api = auto ; then
+ ol_enable_ldbm_api=berkeley
+ elif test $ol_enable_ldbm_api != berkeley ; then
+ { { echo "$as_me:$LINENO: error: LDBM API not compatible with BDB/HDB" >&5
+echo "$as_me: error: LDBM API not compatible with BDB/HDB" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ fi
+fi
+
+if test $ol_enable_meta/$ol_enable_ldap = yes/no ; then
+ { { echo "$as_me:$LINENO: error: --enable-meta requires --enable-ldap" >&5
+echo "$as_me: error: --enable-meta requires --enable-ldap" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+if test $ol_enable_slurpd = yes ; then
+ if test $ol_with_threads = no ; then
+ { { echo "$as_me:$LINENO: error: slurpd requires threads" >&5
+echo "$as_me: error: slurpd requires threads" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+
+if test $ol_enable_lmpasswd = yes ; then
+ if test $ol_with_tls = no ; then
+ { { echo "$as_me:$LINENO: error: LAN Manager passwords require OpenSSL" >&5
+echo "$as_me: error: LAN Manager passwords require OpenSSL" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+
+if test $ol_enable_kbind = yes ; then
+ if test $ol_with_kerberos = no ; then
+ { { echo "$as_me:$LINENO: error: options require --with-kerberos" >&5
+echo "$as_me: error: options require --with-kerberos" >&2;}
+ { (exit 1); exit 1; }; }
+ elif test $ol_with_kerberos = auto ; then
+ ol_with_kerberos=yes
+ fi
+
+elif test $ol_enable_kbind = no ; then
+ if test $ol_with_kerberos = auto ; then
+ ol_with_kerberos=no
+ elif test $ol_with_kerberos != no ; then
+ { echo "$as_me:$LINENO: WARNING: Kerberos detection enabled unnecessarily" >&5
+echo "$as_me: WARNING: Kerberos detection enabled unnecessarily" >&2;};
+ ol_with_kerberos=no
+ fi
+fi
+
+if test $ol_enable_spasswd = yes ; then
+ if test $ol_with_cyrus_sasl = no ; then
+ { { echo "$as_me:$LINENO: error: options require --with-cyrus-sasl" >&5
+echo "$as_me: error: options require --with-cyrus-sasl" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_with_cyrus_sasl=yes
+fi
+
+echo "$as_me:$LINENO: result: done" >&5
+echo "${ECHO_T}done" >&6
+
+LDAP_LIBS=
+LDBM_LIBS=
+LTHREAD_LIBS=
+LUTIL_LIBS=
+
+SLAPD_LIBS=
+SLURPD_LIBS=
+
+BUILD_SLAPD=no
+BUILD_SLURPD=no
+
+BUILD_THREAD=no
+
+BUILD_SLAPI=no
+SLAPD_SLAPI_DEPEND=
+
+BUILD_BDB=no
+BUILD_DNSSRV=no
+BUILD_HDB=no
+BUILD_LDAP=no
+BUILD_LDBM=no
+BUILD_META=no
+BUILD_MONITOR=no
+BUILD_NULL=no
+BUILD_PASSWD=no
+BUILD_PERL=no
+BUILD_RELAY=no
+BUILD_SHELL=no
+BUILD_SQL=no
+
+BUILD_ACCESSLOG=no
+BUILD_AUDITLOG=no
+BUILD_DENYOP=no
+BUILD_DYNGROUP=no
+BUILD_DYNLIST=no
+BUILD_LASTMOD=no
+BUILD_PPOLICY=no
+BUILD_PROXYCACHE=no
+BUILD_REFINT=no
+BUILD_RETCODE=no
+BUILD_RWM=no
+BUILD_SYNCPROV=no
+BUILD_TRANSLUCENT=no
+BUILD_UNIQUE=no
+BUILD_VALSORT=no
+
+SLAPD_STATIC_OVERLAYS=
+SLAPD_DYNAMIC_OVERLAYS=
+
+SLAPD_MODULES_LDFLAGS=
+SLAPD_MODULES_CPPFLAGS=
+
+SLAPD_STATIC_BACKENDS=back-ldif
+SLAPD_DYNAMIC_BACKENDS=
+
+SLAPD_PERL_LDFLAGS=
+MOD_PERL_LDFLAGS=
+PERL_CPPFLAGS=
+
+SLAPD_SQL_LDFLAGS=
+SLAPD_SQL_LIBS=
+SLAPD_SQL_INCLUDES=
+
+KRB4_LIBS=
+KRB5_LIBS=
+SASL_LIBS=
+TLS_LIBS=
+MODULES_LIBS=
+SLAPI_LIBS=
+LIBSLAPI=
+LIBSLAPITOOLS=
+AUTH_LIBS=
+
+SLAPD_SLP_LIBS=
+SLAPD_GMP_LIBS=
+
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_MKVERSION 1
+_ACEOF
+
+
+
+
+ol_aix_threads=no
+case "$target" in
+*-*-aix*) if test -z "$CC" ; then
+ case "$ol_with_threads" in
+ auto | yes | posix) ol_aix_threads=yes ;;
+ esac
+ fi
+;;
+esac
+
+if test $ol_aix_threads = yes ; then
+ if test -z "${CC}" ; then
+ for ac_prog in cc_r xlc_r cc
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ test -n "$CC" && break
+done
+
+
+ if test "$CC" = cc ; then
+ if test $ol_with_threads != auto ; then
+ { { echo "$as_me:$LINENO: error: --with-threads requires cc_r (or other suitable compiler) on AIX" >&5
+echo "$as_me: error: --with-threads requires cc_r (or other suitable compiler) on AIX" >&2;}
+ { (exit 1); exit 1; }; }
+ else
+ { echo "$as_me:$LINENO: WARNING: disabling threads, no cc_r on AIX" >&5
+echo "$as_me: WARNING: disabling threads, no cc_r on AIX" >&2;}
+ fi
+ ol_with_threads=no
+ fi
+ fi
+
+ case ${CC} in cc_r | xlc_r)
+ ol_with_threads=posix
+ ol_cv_pthread_create=yes
+ ;;
+ esac
+fi
+
+if test -z "${CC}"; then
+ for ac_prog in cc gcc
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ test -n "$CC" && break
+done
+test -n "$CC" || CC="missing"
+
+
+ if test "${CC}" = "missing" ; then
+ { { echo "$as_me:$LINENO: error: Unable to locate cc(1) or suitable replacement. Check PATH or set CC." >&5
+echo "$as_me: error: Unable to locate cc(1) or suitable replacement. Check PATH or set CC." >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+
+if test -z "${AR}"; then
+ for ac_prog in ar gar
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_AR+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$AR"; then
+ ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_AR="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+ echo "$as_me:$LINENO: result: $AR" >&5
+echo "${ECHO_T}$AR" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ test -n "$AR" && break
+done
+test -n "$AR" || AR="missing"
+
+
+ if test "${AR}" = "missing" ; then
+ { { echo "$as_me:$LINENO: error: Unable to locate ar(1) or suitable replacement. Check PATH or set AR." >&5
+echo "$as_me: error: Unable to locate ar(1) or suitable replacement. Check PATH or set AR." >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+
+
+
+
+
+# Check whether --enable-fast-install or --disable-fast-install was given.
+if test "${enable_fast_install+set}" = set; then
+ enableval="$enable_fast_install"
+ p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_fast_install=yes ;;
+ no) enable_fast_install=no ;;
+ *)
+ enable_fast_install=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_fast_install=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_fast_install=yes
+fi;
+
+DEPDIR="${am__leading_dot}deps"
+
+ ac_config_commands="$ac_config_commands depfiles"
+
+
+am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+ @echo done
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5
+echo $ECHO_N "checking for style of include used by $am_make... $ECHO_C" >&6
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# We grep out `Entering directory' and `Leaving directory'
+# messages which can occur if `w' ends up in MAKEFLAGS.
+# In particular we don't look at `^make:' because GNU make might
+# be invoked under some other name (usually "gmake"), in which
+# case it prints its new name instead of `make'.
+if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then
+ am__include=include
+ am__quote=
+ _am_result=GNU
+fi
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+ echo '.include "confinc"' > confmf
+ if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
+ am__include=.include
+ am__quote="\""
+ _am_result=BSD
+ fi
+fi
+
+
+echo "$as_me:$LINENO: result: $_am_result" >&5
+echo "${ECHO_T}$_am_result" >&6
+rm -f confinc confmf
+
+# Check whether --enable-dependency-tracking or --disable-dependency-tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then
+ enableval="$enable_dependency_tracking"
+
+fi;
+if test "x$enable_dependency_tracking" != xno; then
+ am_depcomp="$ac_aux_dir/depcomp"
+ AMDEPBACKSLASH='\'
+fi
+
+
+if test "x$enable_dependency_tracking" != xno; then
+ AMDEP_TRUE=
+ AMDEP_FALSE='#'
+else
+ AMDEP_TRUE='#'
+ AMDEP_FALSE=
+fi
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}gcc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="gcc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ CC=$ac_ct_CC
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}cc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="cc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ CC=$ac_ct_CC
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+fi
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $# != 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in cl
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ test -n "$CC" && break
+ done
+fi
+if test -z "$CC"; then
+ ac_ct_CC=$CC
+ for ac_prog in cl
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ test -n "$ac_ct_CC" && break
+done
+
+ CC=$ac_ct_CC
+fi
+
+fi
+
+
+test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&5
+echo "$as_me: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+
+# Provide some information about the compiler.
+echo "$as_me:$LINENO:" \
+ "checking for C compiler version" >&5
+ac_compiler=`set X $ac_compile; echo $2`
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
+ (eval $ac_compiler --version </dev/null >&5) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5
+ (eval $ac_compiler -v </dev/null >&5) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5
+ (eval $ac_compiler -V </dev/null >&5) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
+echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6
+ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5
+ (eval $ac_link_default) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ # Find the output, starting from the most likely. This scheme is
+# not robust to junk in `.', hence go to wildcards (a.*) only as a last
+# resort.
+
+# Be careful to initialize this variable, since it used to be cached.
+# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile.
+ac_cv_exeext=
+# b.out is created by i960 compilers.
+for ac_file in a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out
+do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj )
+ ;;
+ conftest.$ac_ext )
+ # This is the source file.
+ ;;
+ [ab].out )
+ # We found the default executable, but exeext='' is most
+ # certainly right.
+ break;;
+ *.* )
+ ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ # FIXME: I believe we export ac_cv_exeext for Libtool,
+ # but it would be cool to find out if it's true. Does anybody
+ # maintain Libtool? --akim.
+ export ac_cv_exeext
+ break;;
+ * )
+ break;;
+ esac
+done
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { echo "$as_me:$LINENO: error: C compiler cannot create executables
+See \`config.log' for more details." >&5
+echo "$as_me: error: C compiler cannot create executables
+See \`config.log' for more details." >&2;}
+ { (exit 77); exit 77; }; }
+fi
+
+ac_exeext=$ac_cv_exeext
+echo "$as_me:$LINENO: result: $ac_file" >&5
+echo "${ECHO_T}$ac_file" >&6
+
+# Check the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+echo "$as_me:$LINENO: checking whether the C compiler works" >&5
+echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6
+# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
+# If not cross compiling, check that we can run a simple program.
+if test "$cross_compiling" != yes; then
+ if { ac_try='./$ac_file'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ cross_compiling=no
+ else
+ if test "$cross_compiling" = maybe; then
+ cross_compiling=yes
+ else
+ { { echo "$as_me:$LINENO: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ fi
+fi
+echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+
+rm -f a.out a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+# Check the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
+echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6
+echo "$as_me:$LINENO: result: $cross_compiling" >&5
+echo "${ECHO_T}$cross_compiling" >&6
+
+echo "$as_me:$LINENO: checking for suffix of executables" >&5
+echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;;
+ *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ export ac_cv_exeext
+ break;;
+ * ) break;;
+ esac
+done
+else
+ { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+rm -f conftest$ac_cv_exeext
+echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
+echo "${ECHO_T}$ac_cv_exeext" >&6
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+echo "$as_me:$LINENO: checking for suffix of object files" >&5
+echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6
+if test "${ac_cv_objext+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg ) ;;
+ *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+ break;;
+ esac
+done
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
+echo "${ECHO_T}$ac_cv_objext" >&6
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
+echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6
+if test "${ac_cv_c_compiler_gnu+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_compiler_gnu=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_compiler_gnu=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
+echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6
+GCC=`test $ac_compiler_gnu = yes && echo yes`
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+CFLAGS="-g"
+echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
+echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6
+if test "${ac_cv_prog_cc_g+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_prog_cc_g=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_prog_cc_g=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_g" >&6
+if test "$ac_test_CFLAGS" = set; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
+else
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
+fi
+echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5
+echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6
+if test "${ac_cv_prog_cc_stdc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_prog_cc_stdc=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not '\xHH' hex character constants.
+ These don't provoke an error unfortunately, instead are silently treated
+ as 'x'. The following induces an error, until -std1 is added to get
+ proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
+ array size at least. It's necessary to write '\x00'==0 to get something
+ that's true only with -std1. */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
+ ;
+ return 0;
+}
+_ACEOF
+# Don't try gcc -ansi; that turns off useful extensions and
+# breaks some systems' header files.
+# AIX -qlanglvl=ansi
+# Ultrix and OSF/1 -std1
+# HP-UX 10.20 and later -Ae
+# HP-UX older versions -Aa -D_HPUX_SOURCE
+# SVR4 -Xc -D__EXTENSIONS__
+for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+ CC="$ac_save_CC $ac_arg"
+ rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_prog_cc_stdc=$ac_arg
+break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext
+done
+rm -f conftest.$ac_ext conftest.$ac_objext
+CC=$ac_save_CC
+
+fi
+
+case "x$ac_cv_prog_cc_stdc" in
+ x|xno)
+ echo "$as_me:$LINENO: result: none needed" >&5
+echo "${ECHO_T}none needed" >&6 ;;
+ *)
+ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6
+ CC="$CC $ac_cv_prog_cc_stdc" ;;
+esac
+
+# Some people use a C++ compiler to compile C. Since we use `exit',
+# in C++ we need to declare it. In case someone uses the same compiler
+# for both compiling C and C++ we need to have the C++ compiler decide
+# the declaration of exit, since it's the most demanding environment.
+cat >conftest.$ac_ext <<_ACEOF
+#ifndef __cplusplus
+ choke me
+#endif
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ for ac_declaration in \
+ '' \
+ 'extern "C" void std::exit (int) throw (); using std::exit;' \
+ 'extern "C" void std::exit (int); using std::exit;' \
+ 'extern "C" void exit (int) throw ();' \
+ 'extern "C" void exit (int);' \
+ 'void exit (int);'
+do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_declaration
+#include <stdlib.h>
+int
+main ()
+{
+exit (42);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+continue
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_declaration
+int
+main ()
+{
+exit (42);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+rm -f conftest*
+if test -n "$ac_declaration"; then
+ echo '#ifdef __cplusplus' >>confdefs.h
+ echo $ac_declaration >>confdefs.h
+ echo '#endif' >>confdefs.h
+fi
+
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CC" am_compiler_list=
+
+echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
+echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6
+if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_CC_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+ fi
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ case $depmode in
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ none) break ;;
+ esac
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this.
+ if depmode=$depmode \
+ source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_CC_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
+echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+
+
+if
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+ am__fastdepCC_TRUE=
+ am__fastdepCC_FALSE='#'
+else
+ am__fastdepCC_TRUE='#'
+ am__fastdepCC_FALSE=
+fi
+
+
+echo "$as_me:$LINENO: checking for a sed that does not truncate output" >&5
+echo $ECHO_N "checking for a sed that does not truncate output... $ECHO_C" >&6
+if test "${lt_cv_path_SED+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # Loop through the user's path and test for sed and gsed.
+# Then use that list of sed's as ones to test for truncation.
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for lt_ac_prog in sed gsed; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
+ lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
+ fi
+ done
+ done
+done
+lt_ac_max=0
+lt_ac_count=0
+# Add /usr/xpg4/bin/sed as it is typically found on Solaris
+# along with /bin/sed that truncates output.
+for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
+ test ! -f $lt_ac_sed && continue
+ cat /dev/null > conftest.in
+ lt_ac_count=0
+ echo $ECHO_N "0123456789$ECHO_C" >conftest.in
+ # Check for GNU sed and select it if it is found.
+ if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
+ lt_cv_path_SED=$lt_ac_sed
+ break
+ fi
+ while true; do
+ cat conftest.in conftest.in >conftest.tmp
+ mv conftest.tmp conftest.in
+ cp conftest.in conftest.nl
+ echo >>conftest.nl
+ $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
+ cmp -s conftest.out conftest.nl || break
+ # 10000 chars as input seems more than enough
+ test $lt_ac_count -gt 10 && break
+ lt_ac_count=`expr $lt_ac_count + 1`
+ if test $lt_ac_count -gt $lt_ac_max; then
+ lt_ac_max=$lt_ac_count
+ lt_cv_path_SED=$lt_ac_sed
+ fi
+ done
+done
+
+fi
+
+SED=$lt_cv_path_SED
+echo "$as_me:$LINENO: result: $SED" >&5
+echo "${ECHO_T}$SED" >&6
+
+echo "$as_me:$LINENO: checking for egrep" >&5
+echo $ECHO_N "checking for egrep... $ECHO_C" >&6
+if test "${ac_cv_prog_egrep+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if echo a | (grep -E '(a|b)') >/dev/null 2>&1
+ then ac_cv_prog_egrep='grep -E'
+ else ac_cv_prog_egrep='egrep'
+ fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5
+echo "${ECHO_T}$ac_cv_prog_egrep" >&6
+ EGREP=$ac_cv_prog_egrep
+
+
+
+# Check whether --with-gnu-ld or --without-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then
+ withval="$with_gnu_ld"
+ test "$withval" = no || with_gnu_ld=yes
+else
+ with_gnu_ld=no
+fi;
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ echo "$as_me:$LINENO: checking for ld used by $CC" >&5
+echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [\\/]* | ?:[\\/]*)
+ re_direlt='/[^/][^/]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'`
+ while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ echo "$as_me:$LINENO: checking for GNU ld" >&5
+echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6
+else
+ echo "$as_me:$LINENO: checking for non-GNU ld" >&5
+echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6
+fi
+if test "${lt_cv_path_LD+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some variants of GNU ld only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ echo "$as_me:$LINENO: result: $LD" >&5
+echo "${ECHO_T}$LD" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5
+echo "$as_me: error: no acceptable ld found in \$PATH" >&2;}
+ { (exit 1); exit 1; }; }
+echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5
+echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6
+if test "${lt_cv_prog_gnu_ld+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_gnu_ld" >&5
+echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+echo "$as_me:$LINENO: checking for $LD option to reload object files" >&5
+echo $ECHO_N "checking for $LD option to reload object files... $ECHO_C" >&6
+if test "${lt_cv_ld_reload_flag+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_ld_reload_flag='-r'
+fi
+echo "$as_me:$LINENO: result: $lt_cv_ld_reload_flag" >&5
+echo "${ECHO_T}$lt_cv_ld_reload_flag" >&6
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+ darwin*)
+ if test "$GCC" = yes; then
+ reload_cmds='$CC -nostdlib ${wl}-r -o $output$reload_objs'
+ else
+ reload_cmds='$LD$reload_flag -o $output$reload_objs'
+ fi
+ ;;
+esac
+
+echo "$as_me:$LINENO: checking for BSD-compatible nm" >&5
+echo $ECHO_N "checking for BSD-compatible nm... $ECHO_C" >&6
+if test "${lt_cv_path_NM+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$NM"; then
+ # Let the user override the test.
+ lt_cv_path_NM="$NM"
+else
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH /usr/ccs/bin /usr/ucb /bin; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ tmp_nm="$ac_dir/${ac_tool_prefix}nm"
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+ # Check to see if the nm accepts a BSD-compat flag.
+ # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+ # nm: unknown option "B" ignored
+ # Tru64's nm complains that /dev/null is an invalid object file
+ case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+ */dev/null* | *'Invalid file or object type'*)
+ lt_cv_path_NM="$tmp_nm -B"
+ break
+ ;;
+ *)
+ case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+ */dev/null*)
+ lt_cv_path_NM="$tmp_nm -p"
+ break
+ ;;
+ *)
+ lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+ continue # so that we can try to find one that supports BSD flags
+ ;;
+ esac
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+ test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm
+fi
+fi
+echo "$as_me:$LINENO: result: $lt_cv_path_NM" >&5
+echo "${ECHO_T}$lt_cv_path_NM" >&6
+NM="$lt_cv_path_NM"
+
+echo "$as_me:$LINENO: checking whether ln -s works" >&5
+echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+ echo "$as_me:$LINENO: result: no, using $LN_S" >&5
+echo "${ECHO_T}no, using $LN_S" >&6
+fi
+
+echo "$as_me:$LINENO: checking how to recognise dependent libraries" >&5
+echo $ECHO_N "checking how to recognise dependent libraries... $ECHO_C" >&6
+if test "${lt_cv_deplibs_check_method+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix4* | aix5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+beos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+bsdi[45]*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
+ lt_cv_file_magic_cmd='/usr/bin/file -L'
+ lt_cv_file_magic_test_file=/shlib/libc.so
+ ;;
+
+cygwin*)
+ # func_win32_libid is a shell function defined in ltmain.sh
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ ;;
+
+mingw* | pw32*)
+ # Base MSYS/MinGW do not provide the 'file' command needed by
+ # func_win32_libid shell function, so use a weaker test based on 'objdump'.
+ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
+darwin* | rhapsody*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+freebsd* | kfreebsd*-gnu | dragonfly*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+ case $host_cpu in
+ i*86 )
+ # Not sure whether the presence of OpenBSD here was a mistake.
+ # Let's accept both of them until this is cleared up.
+ lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+ ;;
+ esac
+ else
+ lt_cv_deplibs_check_method=pass_all
+ fi
+ ;;
+
+gnu*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+hpux10.20* | hpux11*)
+ lt_cv_file_magic_cmd=/usr/bin/file
+ case $host_cpu in
+ ia64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
+ lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+ ;;
+ hppa*64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'
+ lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+ ;;
+ *)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
+ lt_cv_file_magic_test_file=/usr/lib/libc.sl
+ ;;
+ esac
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $LD in
+ *-32|*"-32 ") libmagic=32-bit;;
+ *-n32|*"-n32 ") libmagic=N32;;
+ *-64|*"-64 ") libmagic=64-bit;;
+ *) libmagic=never-match;;
+ esac
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
+ fi
+ ;;
+
+newos6*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=/usr/lib/libnls.so
+ ;;
+
+nto-qnx*)
+ lt_cv_deplibs_check_method=unknown
+ ;;
+
+openbsd*)
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ fi
+ ;;
+
+osf3* | osf4* | osf5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sco3.2v5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+solaris*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ case $host_vendor in
+ motorola)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+ ;;
+ ncr)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ sequent)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
+ ;;
+ sni)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
+ lt_cv_file_magic_test_file=/lib/libc.so
+ ;;
+ siemens)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ esac
+ ;;
+
+sysv5OpenUNIX8* | sysv5UnixWare7* | sysv5uw[78]* | unixware7* | sysv4*uw2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+esac
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_deplibs_check_method" >&5
+echo "${ECHO_T}$lt_cv_deplibs_check_method" >&6
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# Check whether --enable-libtool-lock or --disable-libtool-lock was given.
+if test "${enable_libtool_lock+set}" = set; then
+ enableval="$enable_libtool_lock"
+
+fi;
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *ELF-32*)
+ HPUX_IA64_MODE="32"
+ ;;
+ *ELF-64*)
+ HPUX_IA64_MODE="64"
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+*-*-irix6*)
+ # Find out which ABI we are using.
+ echo '#line 5740 "configure"' > conftest.$ac_ext
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -melf32bsmip"
+ ;;
+ *N32*)
+ LD="${LD-ld} -melf32bmipn32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -melf64bmip"
+ ;;
+ esac
+ else
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -32"
+ ;;
+ *N32*)
+ LD="${LD-ld} -n32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -64"
+ ;;
+ esac
+ fi
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ case `/usr/bin/file conftest.o` in
+ *32-bit*)
+ case $host in
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ ppc64-*linux*|powerpc64-*linux*)
+ LD="${LD-ld} -m elf32ppclinux"
+ ;;
+ s390x-*linux*)
+ LD="${LD-ld} -m elf_s390"
+ ;;
+ sparc64-*linux*)
+ LD="${LD-ld} -m elf32_sparc"
+ ;;
+ esac
+ ;;
+ *64-bit*)
+ case $host in
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ ppc*-*linux*|powerpc*-*linux*)
+ LD="${LD-ld} -m elf64ppc"
+ ;;
+ s390*-*linux*)
+ LD="${LD-ld} -m elf64_s390"
+ ;;
+ sparc*-*linux*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+*-*-sco3.2v5*)
+ # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+ SAVE_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -belf"
+ echo "$as_me:$LINENO: checking whether the C compiler needs -belf" >&5
+echo $ECHO_N "checking whether the C compiler needs -belf... $ECHO_C" >&6
+if test "${lt_cv_cc_needs_belf+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ lt_cv_cc_needs_belf=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+lt_cv_cc_needs_belf=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_cc_needs_belf" >&5
+echo "${ECHO_T}$lt_cv_cc_needs_belf" >&6
+ if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+ # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+ CFLAGS="$SAVE_CFLAGS"
+ fi
+ ;;
+*-*-cygwin* | *-*-mingw* | *-*-pw32*)
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args.
+set dummy ${ac_tool_prefix}dlltool; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_DLLTOOL+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$DLLTOOL"; then
+ ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+DLLTOOL=$ac_cv_prog_DLLTOOL
+if test -n "$DLLTOOL"; then
+ echo "$as_me:$LINENO: result: $DLLTOOL" >&5
+echo "${ECHO_T}$DLLTOOL" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_DLLTOOL"; then
+ ac_ct_DLLTOOL=$DLLTOOL
+ # Extract the first word of "dlltool", so it can be a program name with args.
+set dummy dlltool; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_DLLTOOL+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_DLLTOOL"; then
+ ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_DLLTOOL="dlltool"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+ test -z "$ac_cv_prog_ac_ct_DLLTOOL" && ac_cv_prog_ac_ct_DLLTOOL="false"
+fi
+fi
+ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL
+if test -n "$ac_ct_DLLTOOL"; then
+ echo "$as_me:$LINENO: result: $ac_ct_DLLTOOL" >&5
+echo "${ECHO_T}$ac_ct_DLLTOOL" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ DLLTOOL=$ac_ct_DLLTOOL
+else
+ DLLTOOL="$ac_cv_prog_DLLTOOL"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}as", so it can be a program name with args.
+set dummy ${ac_tool_prefix}as; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_AS+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$AS"; then
+ ac_cv_prog_AS="$AS" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_AS="${ac_tool_prefix}as"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+AS=$ac_cv_prog_AS
+if test -n "$AS"; then
+ echo "$as_me:$LINENO: result: $AS" >&5
+echo "${ECHO_T}$AS" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_AS"; then
+ ac_ct_AS=$AS
+ # Extract the first word of "as", so it can be a program name with args.
+set dummy as; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_AS+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_AS"; then
+ ac_cv_prog_ac_ct_AS="$ac_ct_AS" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_AS="as"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+ test -z "$ac_cv_prog_ac_ct_AS" && ac_cv_prog_ac_ct_AS="false"
+fi
+fi
+ac_ct_AS=$ac_cv_prog_ac_ct_AS
+if test -n "$ac_ct_AS"; then
+ echo "$as_me:$LINENO: result: $ac_ct_AS" >&5
+echo "${ECHO_T}$ac_ct_AS" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ AS=$ac_ct_AS
+else
+ AS="$ac_cv_prog_AS"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
+set dummy ${ac_tool_prefix}objdump; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_OBJDUMP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$OBJDUMP"; then
+ ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+OBJDUMP=$ac_cv_prog_OBJDUMP
+if test -n "$OBJDUMP"; then
+ echo "$as_me:$LINENO: result: $OBJDUMP" >&5
+echo "${ECHO_T}$OBJDUMP" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_OBJDUMP"; then
+ ac_ct_OBJDUMP=$OBJDUMP
+ # Extract the first word of "objdump", so it can be a program name with args.
+set dummy objdump; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_OBJDUMP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_OBJDUMP"; then
+ ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_OBJDUMP="objdump"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+ test -z "$ac_cv_prog_ac_ct_OBJDUMP" && ac_cv_prog_ac_ct_OBJDUMP="false"
+fi
+fi
+ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
+if test -n "$ac_ct_OBJDUMP"; then
+ echo "$as_me:$LINENO: result: $ac_ct_OBJDUMP" >&5
+echo "${ECHO_T}$ac_ct_OBJDUMP" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ OBJDUMP=$ac_ct_OBJDUMP
+else
+ OBJDUMP="$ac_cv_prog_OBJDUMP"
+fi
+
+ ;;
+
+esac
+
+need_locks="$enable_libtool_lock"
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
+echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+ if test "${ac_cv_prog_CPP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # Double quotes because CPP needs to be expanded
+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether non-existent headers
+ # can be detected and how.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ # Broken: success on invalid input.
+continue
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+ break
+fi
+
+ done
+ ac_cv_prog_CPP=$CPP
+
+fi
+ CPP=$ac_cv_prog_CPP
+else
+ ac_cv_prog_CPP=$CPP
+fi
+echo "$as_me:$LINENO: result: $CPP" >&5
+echo "${ECHO_T}$CPP" >&6
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether non-existent headers
+ # can be detected and how.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ # Broken: success on invalid input.
+continue
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+ :
+else
+ { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." >&5
+echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+echo "$as_me:$LINENO: checking for ANSI C header files" >&5
+echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
+if test "${ac_cv_header_stdc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_header_stdc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_header_stdc=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then
+ :
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then
+ :
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then
+ :
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ctype.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ exit(2);
+ exit (0);
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ :
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_header_stdc=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
+echo "${ECHO_T}$ac_cv_header_stdc" >&6
+if test $ac_cv_header_stdc = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define STDC_HEADERS 1
+_ACEOF
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+
+
+
+
+
+
+
+
+
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+ inttypes.h stdint.h unistd.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_Header=no"
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in dlfcn.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+# Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers!
+
+# find the maximum length of command line arguments
+echo "$as_me:$LINENO: checking the maximum length of command line arguments" >&5
+echo $ECHO_N "checking the maximum length of command line arguments... $ECHO_C" >&6
+if test "${lt_cv_sys_max_cmd_len+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ i=0
+ teststring="ABCD"
+
+ case $build_os in
+ msdosdjgpp*)
+ # On DJGPP, this test can blow up pretty badly due to problems in libc
+ # (any single argument exceeding 2000 bytes causes a buffer overrun
+ # during glob expansion). Even if it were fixed, the result of this
+ # check would be larger than it should be.
+ lt_cv_sys_max_cmd_len=12288; # 12K is about right
+ ;;
+
+ gnu*)
+ # Under GNU Hurd, this test is not required because there is
+ # no limit to the length of command line arguments.
+ # Libtool will interpret -1 as no limit whatsoever
+ lt_cv_sys_max_cmd_len=-1;
+ ;;
+
+ cygwin* | mingw*)
+ # On Win9x/ME, this test blows up -- it succeeds, but takes
+ # about 5 minutes as the teststring grows exponentially.
+ # Worse, since 9x/ME are not pre-emptively multitasking,
+ # you end up with a "frozen" computer, even though with patience
+ # the test eventually succeeds (with a max line length of 256k).
+ # Instead, let's just punt: use the minimum linelength reported by
+ # all of the supported platforms: 8192 (on NT/2K/XP).
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ amigaos*)
+ # On AmigaOS with pdksh, this test takes hours, literally.
+ # So we just punt and use a minimum line length of 8192.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+ # This has been around since 386BSD, at least. Likely further.
+ if test -x /sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+ elif test -x /usr/sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+ else
+ lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
+ fi
+ # And add a safety zone
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ ;;
+ osf*)
+ # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+ # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+ # nice to cause kernel panics so lets avoid the loop below.
+ # First set a reasonable default.
+ lt_cv_sys_max_cmd_len=16384
+ #
+ if test -x /sbin/sysconfig; then
+ case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+ *1*) lt_cv_sys_max_cmd_len=-1 ;;
+ esac
+ fi
+ ;;
+ *)
+ # If test is not a shell built-in, we'll probably end up computing a
+ # maximum length that is only half of the actual maximum length, but
+ # we can't tell.
+ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+ while (test "X"`$SHELL $0 --fallback-echo "X$teststring" 2>/dev/null` \
+ = "XX$teststring") >/dev/null 2>&1 &&
+ new_result=`expr "X$teststring" : ".*" 2>&1` &&
+ lt_cv_sys_max_cmd_len=$new_result &&
+ test $i != 17 # 1/2 MB should be enough
+ do
+ i=`expr $i + 1`
+ teststring=$teststring$teststring
+ done
+ teststring=
+ # Add a significant safety factor because C++ compilers can tack on massive
+ # amounts of additional arguments before passing them to the linker.
+ # It appears as though 1/2 is a usable value.
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+ ;;
+ esac
+
+fi
+
+if test -n $lt_cv_sys_max_cmd_len ; then
+ echo "$as_me:$LINENO: result: $lt_cv_sys_max_cmd_len" >&5
+echo "${ECHO_T}$lt_cv_sys_max_cmd_len" >&6
+else
+ echo "$as_me:$LINENO: result: none" >&5
+echo "${ECHO_T}none" >&6
+fi
+
+
+
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+echo "$as_me:$LINENO: checking command to parse $NM output from $compiler object" >&5
+echo $ECHO_N "checking command to parse $NM output from $compiler object... $ECHO_C" >&6
+if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix. What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[BCDEGRST]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
+
+# Transform an extracted symbol line into a proper C declaration
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+ symcode='[BCDT]'
+ ;;
+cygwin* | mingw* | pw32*)
+ symcode='[ABCDGISTW]'
+ ;;
+hpux*) # Its linker distinguishes data from code symbols
+ if test "$host_cpu" = ia64; then
+ symcode='[ABCDEGRST]'
+ fi
+ lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+ lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+ ;;
+linux*)
+ if test "$host_cpu" = ia64; then
+ symcode='[ABCDGIRSTW]'
+ lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+ lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+ fi
+ ;;
+irix* | nonstopux*)
+ symcode='[BCDEGRST]'
+ ;;
+osf*)
+ symcode='[BCDEGQRST]'
+ ;;
+solaris* | sysv5*)
+ symcode='[BDRT]'
+ ;;
+sysv4)
+ symcode='[DFNSTU]'
+ ;;
+esac
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+ opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+ ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+ symcode='[ABCDGIRSTW]' ;;
+esac
+
+# Try without a prefix undercore, then with it.
+for ac_symprfx in "" "_"; do
+
+ # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+ symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+ # Write the raw and C identifiers.
+ lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+
+ # Check to see that the pipe works correctly.
+ pipe_works=no
+
+ rm -f conftest*
+ cat > conftest.$ac_ext <<EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+EOF
+
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ # Now try to grab the symbols.
+ nlist=conftest.nm
+ if { (eval echo "$as_me:$LINENO: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\"") >&5
+ (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s "$nlist"; then
+ # Try sorting and uniquifying the output.
+ if sort "$nlist" | uniq > "$nlist"T; then
+ mv -f "$nlist"T "$nlist"
+ else
+ rm -f "$nlist"T
+ fi
+
+ # Make sure that we snagged all the symbols we need.
+ if grep ' nm_test_var$' "$nlist" >/dev/null; then
+ if grep ' nm_test_func$' "$nlist" >/dev/null; then
+ cat <<EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+EOF
+ # Now generate the symbol file.
+ eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext'
+
+ cat <<EOF >> conftest.$ac_ext
+#if defined (__STDC__) && __STDC__
+# define lt_ptr_t void *
+#else
+# define lt_ptr_t char *
+# define const
+#endif
+
+/* The mapping between symbol names and symbols. */
+const struct {
+ const char *name;
+ lt_ptr_t address;
+}
+lt_preloaded_symbols[] =
+{
+EOF
+ $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext
+ cat <<\EOF >> conftest.$ac_ext
+ {0, (lt_ptr_t) 0}
+};
+
+#ifdef __cplusplus
+}
+#endif
+EOF
+ # Now try linking the two files.
+ mv conftest.$ac_objext conftstm.$ac_objext
+ lt_save_LIBS="$LIBS"
+ lt_save_CFLAGS="$CFLAGS"
+ LIBS="conftstm.$ac_objext"
+ CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s conftest${ac_exeext}; then
+ pipe_works=yes
+ fi
+ LIBS="$lt_save_LIBS"
+ CFLAGS="$lt_save_CFLAGS"
+ else
+ echo "cannot find nm_test_func in $nlist" >&5
+ fi
+ else
+ echo "cannot find nm_test_var in $nlist" >&5
+ fi
+ else
+ echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
+ fi
+ else
+ echo "$progname: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ fi
+ rm -f conftest* conftst*
+
+ # Do not use the global_symbol_pipe unless it works.
+ if test "$pipe_works" = yes; then
+ break
+ else
+ lt_cv_sys_global_symbol_pipe=
+ fi
+done
+
+fi
+
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+ lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+ echo "$as_me:$LINENO: result: failed" >&5
+echo "${ECHO_T}failed" >&6
+else
+ echo "$as_me:$LINENO: result: ok" >&5
+echo "${ECHO_T}ok" >&6
+fi
+
+echo "$as_me:$LINENO: checking for objdir" >&5
+echo $ECHO_N "checking for objdir... $ECHO_C" >&6
+if test "${lt_cv_objdir+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+ lt_cv_objdir=.libs
+else
+ # MS-DOS does not allow filenames that begin with a dot.
+ lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null
+fi
+echo "$as_me:$LINENO: result: $lt_cv_objdir" >&5
+echo "${ECHO_T}$lt_cv_objdir" >&6
+objdir=$lt_cv_objdir
+
+
+
+
+
+case $host_os in
+aix3*)
+ # AIX sometimes has problems with the GCC collect2 program. For some
+ # reason, if we set the COLLECT_NAMES environment variable, the problems
+ # vanish in a puff of smoke.
+ if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+ fi
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='sed -e 1s/^X//'
+sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Constants:
+rm="rm -f"
+
+# Global variables:
+default_ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+ltmain="$ac_aux_dir/ltmain.sh"
+ofile="$default_ofile"
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_AR+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$AR"; then
+ ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_AR="${ac_tool_prefix}ar"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+ echo "$as_me:$LINENO: result: $AR" >&5
+echo "${ECHO_T}$AR" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_AR"; then
+ ac_ct_AR=$AR
+ # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_AR+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_AR"; then
+ ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_AR="ar"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+ test -z "$ac_cv_prog_ac_ct_AR" && ac_cv_prog_ac_ct_AR="false"
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+ echo "$as_me:$LINENO: result: $ac_ct_AR" >&5
+echo "${ECHO_T}$ac_ct_AR" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ AR=$ac_ct_AR
+else
+ AR="$ac_cv_prog_AR"
+fi
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_RANLIB+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+ echo "$as_me:$LINENO: result: $RANLIB" >&5
+echo "${ECHO_T}$RANLIB" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+ ac_ct_RANLIB=$RANLIB
+ # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_RANLIB"; then
+ ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_RANLIB="ranlib"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+ test -z "$ac_cv_prog_ac_ct_RANLIB" && ac_cv_prog_ac_ct_RANLIB=":"
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+ echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5
+echo "${ECHO_T}$ac_ct_RANLIB" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ RANLIB=$ac_ct_RANLIB
+else
+ RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_STRIP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ echo "$as_me:$LINENO: result: $STRIP" >&5
+echo "${ECHO_T}$STRIP" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+ test -z "$ac_cv_prog_ac_ct_STRIP" && ac_cv_prog_ac_ct_STRIP=":"
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+echo "${ECHO_T}$ac_ct_STRIP" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ STRIP=$ac_ct_STRIP
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+test -z "$AS" && AS=as
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+test -z "$LD" && LD=ld
+test -z "$LN_S" && LN_S="ln -s"
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+test -z "$NM" && NM=nm
+test -z "$SED" && SED=sed
+test -z "$OBJDUMP" && OBJDUMP=objdump
+test -z "$RANLIB" && RANLIB=:
+test -z "$STRIP" && STRIP=:
+test -z "$ac_objext" && ac_objext=o
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+ case $host_os in
+ openbsd*)
+ old_postinstall_cmds="\$RANLIB -t \$oldlib~$old_postinstall_cmds"
+ ;;
+ *)
+ old_postinstall_cmds="\$RANLIB \$oldlib~$old_postinstall_cmds"
+ ;;
+ esac
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# Only perform the check for file, if the check method requires it
+case $deplibs_check_method in
+file_magic*)
+ if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+ echo "$as_me:$LINENO: checking for ${ac_tool_prefix}file" >&5
+echo $ECHO_N "checking for ${ac_tool_prefix}file... $ECHO_C" >&6
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/${ac_tool_prefix}file; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool at gnu.org
+
+EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
+echo "${ECHO_T}$MAGIC_CMD" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+ if test -n "$ac_tool_prefix"; then
+ echo "$as_me:$LINENO: checking for file" >&5
+echo $ECHO_N "checking for file... $ECHO_C" >&6
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/file; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool at gnu.org
+
+EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
+echo "${ECHO_T}$MAGIC_CMD" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ else
+ MAGIC_CMD=:
+ fi
+fi
+
+ fi
+ ;;
+esac
+
+enable_dlopen=yes
+enable_win32_dll=yes
+
+# Check whether --enable-libtool-lock or --disable-libtool-lock was given.
+if test "${enable_libtool_lock+set}" = set; then
+ enableval="$enable_libtool_lock"
+
+fi;
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+
+# Check whether --with-pic or --without-pic was given.
+if test "${with_pic+set}" = set; then
+ withval="$with_pic"
+ pic_mode="$withval"
+else
+ pic_mode=default
+fi;
+test -z "$pic_mode" && pic_mode=default
+
+# Use C for the default configuration in the libtool script
+tagname=
+lt_save_CC="$CC"
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+objext=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}\n'
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+#
+# Check for any special shared library compilation flags.
+#
+lt_prog_cc_shlib=
+if test "$GCC" = no; then
+ case $host_os in
+ sco3.2v5*)
+ lt_prog_cc_shlib='-belf'
+ ;;
+ esac
+fi
+if test -n "$lt_prog_cc_shlib"; then
+ { echo "$as_me:$LINENO: WARNING: \`$CC' requires \`$lt_prog_cc_shlib' to build shared libraries" >&5
+echo "$as_me: WARNING: \`$CC' requires \`$lt_prog_cc_shlib' to build shared libraries" >&2;}
+ if echo "$old_CC $old_CFLAGS " | grep "[ ]$lt_prog_cc_shlib[ ]" >/dev/null; then :
+ else
+ { echo "$as_me:$LINENO: WARNING: add \`$lt_prog_cc_shlib' to the CC or CFLAGS env variable and reconfigure" >&5
+echo "$as_me: WARNING: add \`$lt_prog_cc_shlib' to the CC or CFLAGS env variable and reconfigure" >&2;}
+ lt_cv_prog_cc_can_build_shared=no
+ fi
+fi
+
+
+#
+# Check to make sure the static flag actually works.
+#
+echo "$as_me:$LINENO: checking if $compiler static flag $lt_prog_compiler_static works" >&5
+echo $ECHO_N "checking if $compiler static flag $lt_prog_compiler_static works... $ECHO_C" >&6
+if test "${lt_prog_compiler_static_works+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_prog_compiler_static_works=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $lt_prog_compiler_static"
+ printf "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&5
+ $echo "X$_lt_linker_boilerplate" | $Xsed > conftest.exp
+ $SED '/^$/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ lt_prog_compiler_static_works=yes
+ fi
+ else
+ lt_prog_compiler_static_works=yes
+ fi
+ fi
+ $rm conftest*
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works" >&5
+echo "${ECHO_T}$lt_prog_compiler_static_works" >&6
+
+if test x"$lt_prog_compiler_static_works" = xyes; then
+ :
+else
+ lt_prog_compiler_static=
+fi
+
+
+
+
+lt_prog_compiler_no_builtin_flag=
+
+if test "$GCC" = yes; then
+ lt_prog_compiler_no_builtin_flag=' -fno-builtin'
+
+
+echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6
+if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_prog_compiler_rtti_exceptions=no
+ ac_outfile=conftest.$ac_objext
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="-fno-rtti -fno-exceptions"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:7720: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:7724: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed >conftest.exp
+ $SED '/^$/d' conftest.err >conftest.er2
+ if test ! -s conftest.err || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_rtti_exceptions=yes
+ fi
+ fi
+ $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6
+
+if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
+ lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
+else
+ :
+fi
+
+fi
+
+lt_prog_compiler_wl=
+lt_prog_compiler_pic=
+lt_prog_compiler_static=
+
+echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
+echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6
+
+ if test "$GCC" = yes; then
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_static='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
+ ;;
+
+ beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic='-fno-common'
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ lt_prog_compiler_can_build_shared=no
+ enable_shared=no
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic=-Kconform_pic
+ fi
+ ;;
+
+ hpux*)
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+ ;;
+
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ lt_prog_compiler_wl='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ else
+ lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ lt_prog_compiler_pic='-qnocommon'
+ lt_prog_compiler_wl='-Wl,'
+ ;;
+ esac
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ lt_prog_compiler_static='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC (with -KPIC) is the default.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ newsos6)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ linux*)
+ case $cc_basename in
+ icc* | ecc*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fpic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+ ccc*)
+ lt_prog_compiler_wl='-Wl,'
+ # All Alpha code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+ esac
+ ;;
+
+ osf3* | osf4* | osf5*)
+ lt_prog_compiler_wl='-Wl,'
+ # All OSF/1 code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ sco3.2v5*)
+ lt_prog_compiler_pic='-Kpic'
+ lt_prog_compiler_static='-dn'
+ ;;
+
+ solaris*)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ lt_prog_compiler_wl='-Qoption ld ';;
+ *)
+ lt_prog_compiler_wl='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ lt_prog_compiler_wl='-Qoption ld '
+ lt_prog_compiler_pic='-PIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ lt_prog_compiler_pic='-Kconform_pic'
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ ;;
+
+ unicos*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_can_build_shared=no
+ ;;
+
+ uts4*)
+ lt_prog_compiler_pic='-pic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ *)
+ lt_prog_compiler_can_build_shared=no
+ ;;
+ esac
+ fi
+
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic" >&6
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic"; then
+
+echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic works... $ECHO_C" >&6
+if test "${lt_prog_compiler_pic_works+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_prog_compiler_pic_works=no
+ ac_outfile=conftest.$ac_objext
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic -DPIC"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:7982: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:7986: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed >conftest.exp
+ $SED '/^$/d' conftest.err >conftest.er2
+ if test ! -s conftest.err || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_prog_compiler_pic_works=yes
+ fi
+ fi
+ $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_works" >&6
+
+if test x"$lt_prog_compiler_pic_works" = xyes; then
+ case $lt_prog_compiler_pic in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
+ esac
+else
+ lt_prog_compiler_pic=
+ lt_prog_compiler_can_build_shared=no
+fi
+
+fi
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic=
+ ;;
+ *)
+ lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
+ ;;
+esac
+
+echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
+echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_prog_compiler_c_o=no
+ $rm -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:8044: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:8048: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $echo "X$_lt_compiler_boilerplate" | $Xsed > out/conftest.exp
+ $SED '/^$/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.err || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $rm conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+ $rm out/* && rmdir out
+ cd ..
+ rmdir conftest
+ $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_c_o" >&6
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
+echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6
+ hard_links=yes
+ $rm conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ echo "$as_me:$LINENO: result: $hard_links" >&5
+echo "${ECHO_T}$hard_links" >&6
+ if test "$hard_links" = no; then
+ { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6
+
+ runpath_var=
+ allow_undefined_flag=
+ enable_shared_with_static_runtimes=no
+ archive_cmds=
+ archive_expsym_cmds=
+ old_archive_From_new_cmds=
+ old_archive_from_expsyms_cmds=
+ export_dynamic_flag_spec=
+ whole_archive_flag_spec=
+ thread_safe_flag_spec=
+ hardcode_libdir_flag_spec=
+ hardcode_libdir_flag_spec_ld=
+ hardcode_libdir_separator=
+ hardcode_direct=no
+ hardcode_minus_L=no
+ hardcode_shlibpath_var=unsupported
+ link_all_deplibs=unknown
+ hardcode_automatic=no
+ module_cmds=
+ module_expsym_cmds=
+ always_export_symbols=no
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ include_expsyms=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ exclude_expsyms="_GLOBAL_OFFSET_TABLE_"
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ extract_expsyms_cmds=
+ # Just being paranoid about ensuring that cc_basename is set.
+ for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+ case $host_os in
+ cygwin* | mingw* | pw32*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ esac
+
+ ld_shlibs=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec='${wl}--rpath ${wl}$libdir'
+ export_dynamic_flag_spec='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>/dev/null` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix3* | aix4* | aix5*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ ld_shlibs=no
+ cat <<EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+EOF
+ fi
+ ;;
+
+ amigaos*)
+ archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+
+ # Samuel A. Falvo II <kc5tja at dolphin.openprojects.net> reports
+ # that the semantics of dynamic libraries on AmigaOS, at least up
+ # to version 4, is to share data among multiple programs linked
+ # with the same dynamic library. Since this doesn't match the
+ # behavior of shared libraries on other platforms, we can't use
+ # them.
+ ld_shlibs=no
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ allow_undefined_flag=unsupported
+ # Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec='-L$libdir'
+ allow_undefined_flag=unsupported
+ always_export_symbols=no
+ enable_shared_with_static_runtimes=yes
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ linux*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ tmp_addflag=
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
+ whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ esac
+ archive_cmds='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test $supports_anon_versioning = yes; then
+ archive_expsym_cmds='$echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ $echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris* | sysv5*)
+ if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+ ld_shlibs=no
+ cat <<EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+EOF
+ elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ sunos4*)
+ archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+
+ if test "$ld_shlibs" = no; then
+ runpath_var=
+ hardcode_libdir_flag_spec=
+ export_dynamic_flag_spec=
+ whole_archive_flag_spec=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ allow_undefined_flag=unsupported
+ always_export_symbols=yes
+ archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ hardcode_minus_L=yes
+ if test "$GCC" = yes && test -z "$link_static_flag"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ hardcode_direct=unsupported
+ fi
+ ;;
+
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+ export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds=''
+ hardcode_direct=yes
+ hardcode_libdir_separator=':'
+ link_all_deplibs=yes
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ hardcode_direct=yes
+ else
+ # We have old collect2
+ hardcode_direct=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L=yes
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_libdir_separator=
+ fi
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ always_export_symbols=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag='-berok'
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ archive_expsym_cmds="\$CC"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag="-z nodefs"
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag=' ${wl}-bernotok'
+ allow_undefined_flag=' ${wl}-berok'
+ # -bexpall does not export symbols beginning with underscore (_)
+ always_export_symbols=yes
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec=' '
+ archive_cmds_need_lc=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}-bE:$export_symbols ${wl}-bnoentry${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ # see comment about different semantics on the GNU ld section
+ ld_shlibs=no
+ ;;
+
+ bsdi[45]*)
+ export_dynamic_flag_spec=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec=' '
+ allow_undefined_flag=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ archive_cmds='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ old_archive_From_new_cmds='true'
+ # FIXME: Should let the user specify the lib program.
+ old_archive_cmds='lib /OUT:$oldlib$oldobjs$old_deplibs'
+ fix_srcfile_path='`cygpath -w "$srcfile"`'
+ enable_shared_with_static_runtimes=yes
+ ;;
+
+ darwin* | rhapsody*)
+ case $host_os in
+ rhapsody* | darwin1.[012])
+ allow_undefined_flag='${wl}-undefined ${wl}suppress'
+ ;;
+ *) # Darwin 1.3 on
+ if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+ allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ else
+ case ${MACOSX_DEPLOYMENT_TARGET} in
+ 10.[012])
+ allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ ;;
+ 10.*)
+ allow_undefined_flag='${wl}-undefined ${wl}dynamic_lookup'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ archive_cmds_need_lc=no
+ hardcode_direct=no
+ hardcode_automatic=yes
+ hardcode_shlibpath_var=unsupported
+ whole_archive_flag_spec=''
+ link_all_deplibs=yes
+ if test "$GCC" = yes ; then
+ output_verbose_link_cmd='echo'
+ archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ case $cc_basename in
+ xlc*)
+ output_verbose_link_cmd='echo'
+ archive_cmds='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+ module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ ;;
+ *)
+ ld_shlibs=no
+ ;;
+ esac
+ fi
+ ;;
+
+ dgux*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ freebsd1*)
+ ld_shlibs=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ archive_cmds='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ archive_cmds='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ export_dynamic_flag_spec='${wl}-E'
+ ;;
+
+ hpux10* | hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case $host_cpu in
+ hppa*64*|ia64*)
+ archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case $host_cpu in
+ hppa*64*|ia64*)
+ archive_cmds='$LD -b +h $soname -o $lib $libobjs $deplibs $linker_flags'
+ ;;
+ *)
+ archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ case $host_cpu in
+ hppa*64*)
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_flag_spec_ld='+b $libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+ ;;
+ ia64*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ *)
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+ export_dynamic_flag_spec='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec_ld='-rpath $libdir'
+ fi
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ link_all_deplibs=yes
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ newsos6)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_shlibpath_var=no
+ ;;
+
+ openbsd*)
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec='${wl}-E'
+ else
+ case $host_os in
+ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-R$libdir'
+ ;;
+ *)
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ ;;
+
+ os2*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ allow_undefined_flag=unsupported
+ archive_cmds='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ old_archive_From_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
+ $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ hardcode_libdir_flag_spec='-rpath $libdir'
+ fi
+ hardcode_libdir_separator=:
+ ;;
+
+ sco3.2v5*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ export_dynamic_flag_spec='${wl}-Bexport'
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ;;
+
+ solaris*)
+ no_undefined_flag=' -z text'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ archive_cmds='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
+ else
+ wlarc=''
+ archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_shlibpath_var=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The compiler driver will combine linker options so we
+ # cannot just pass the convience library names through
+ # without $wl, iff we do not link with $LD.
+ # Luckily, gcc supports the same syntax we need for Sun Studio.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ case $wlarc in
+ '')
+ whole_archive_flag_spec='-z allextract$convenience -z defaultextract' ;;
+ *)
+ whole_archive_flag_spec='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
+ esac ;;
+ esac
+ link_all_deplibs=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ reload_cmds='$CC -r -o $output$reload_objs'
+ hardcode_direct=no
+ ;;
+ motorola)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4.3*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ export_dynamic_flag_spec='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ld_shlibs=yes
+ fi
+ ;;
+
+ sysv4.2uw2*)
+ archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_minus_L=no
+ hardcode_shlibpath_var=no
+ hardcode_runpath_var=yes
+ runpath_var=LD_RUN_PATH
+ ;;
+
+ sysv5OpenUNIX8* | sysv5UnixWare7* | sysv5uw[78]* | unixware7*)
+ no_undefined_flag='${wl}-z ${wl}text'
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$CC -G ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv5*)
+ no_undefined_flag=' -z text'
+ # $CC -shared without GNU ld will not create a library from C++
+ # object files and a static libstdc++, better avoid it by now
+ archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ hardcode_libdir_flag_spec=
+ hardcode_shlibpath_var=no
+ runpath_var='LD_RUN_PATH'
+ ;;
+
+ uts4*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ ld_shlibs=no
+ ;;
+ esac
+ fi
+
+echo "$as_me:$LINENO: result: $ld_shlibs" >&5
+echo "${ECHO_T}$ld_shlibs" >&6
+test "$ld_shlibs" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $archive_cmds in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
+echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6
+ $rm conftest*
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag
+ allow_undefined_flag=
+ if { (eval echo "$as_me:$LINENO: \"$archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
+ (eval $archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+ then
+ archive_cmds_need_lc=no
+ else
+ archive_cmds_need_lc=yes
+ fi
+ allow_undefined_flag=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $rm conftest*
+ echo "$as_me:$LINENO: result: $archive_cmds_need_lc" >&5
+echo "${ECHO_T}$archive_cmds_need_lc" >&6
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
+echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix4* | aix5*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $rm \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+ # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+ if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+ else
+ sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+ fi
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+kfreebsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[123]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ *) # from 3.2 on
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+knetbsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+nto-qnx*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+openbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[89] | openbsd2.[89].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+sco3.2v5*)
+ version_type=osf
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+echo "$as_me:$LINENO: result: $dynamic_linker" >&5
+echo "${ECHO_T}$dynamic_linker" >&6
+test "$dynamic_linker" = no && can_build_shared=no
+
+echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
+echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6
+hardcode_action=
+if test -n "$hardcode_libdir_flag_spec" || \
+ test -n "$runpath_var" || \
+ test "X$hardcode_automatic" = "Xyes" ; then
+
+ # We can hardcode non-existant directories.
+ if test "$hardcode_direct" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, )" != no &&
+ test "$hardcode_minus_L" != no; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action=unsupported
+fi
+echo "$as_me:$LINENO: result: $hardcode_action" >&5
+echo "${ECHO_T}$hardcode_action" >&6
+
+if test "$hardcode_action" = relink; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+striplib=
+old_striplib=
+echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5
+echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6
+if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+ else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+ ;;
+ *)
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+ ;;
+ esac
+fi
+
+if test "x$enable_dlopen" != xyes; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32*)
+ lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen="dlopen"
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
+echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+int
+main ()
+{
+dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dl_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dl_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
+if test $ac_cv_lib_dl_dlopen = yes; then
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+
+ lt_cv_dlopen="dyld"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+
+fi
+
+ ;;
+
+ *)
+ echo "$as_me:$LINENO: checking for shl_load" >&5
+echo $ECHO_N "checking for shl_load... $ECHO_C" >&6
+if test "${ac_cv_func_shl_load+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define shl_load to an innocuous variant, in case <limits.h> declares shl_load.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define shl_load innocuous_shl_load
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char shl_load (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef shl_load
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char shl_load ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_shl_load) || defined (__stub___shl_load)
+choke me
+#else
+char (*f) () = shl_load;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != shl_load;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_shl_load=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_shl_load=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_shl_load" >&5
+echo "${ECHO_T}$ac_cv_func_shl_load" >&6
+if test $ac_cv_func_shl_load = yes; then
+ lt_cv_dlopen="shl_load"
+else
+ echo "$as_me:$LINENO: checking for shl_load in -ldld" >&5
+echo $ECHO_N "checking for shl_load in -ldld... $ECHO_C" >&6
+if test "${ac_cv_lib_dld_shl_load+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char shl_load ();
+int
+main ()
+{
+shl_load ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dld_shl_load=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dld_shl_load=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dld_shl_load" >&5
+echo "${ECHO_T}$ac_cv_lib_dld_shl_load" >&6
+if test $ac_cv_lib_dld_shl_load = yes; then
+ lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"
+else
+ echo "$as_me:$LINENO: checking for dlopen" >&5
+echo $ECHO_N "checking for dlopen... $ECHO_C" >&6
+if test "${ac_cv_func_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define dlopen to an innocuous variant, in case <limits.h> declares dlopen.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define dlopen innocuous_dlopen
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char dlopen (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef dlopen
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_dlopen) || defined (__stub___dlopen)
+choke me
+#else
+char (*f) () = dlopen;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != dlopen;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_dlopen" >&5
+echo "${ECHO_T}$ac_cv_func_dlopen" >&6
+if test $ac_cv_func_dlopen = yes; then
+ lt_cv_dlopen="dlopen"
+else
+ echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
+echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+int
+main ()
+{
+dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dl_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dl_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
+if test $ac_cv_lib_dl_dlopen = yes; then
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+ echo "$as_me:$LINENO: checking for dlopen in -lsvld" >&5
+echo $ECHO_N "checking for dlopen in -lsvld... $ECHO_C" >&6
+if test "${ac_cv_lib_svld_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvld $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+int
+main ()
+{
+dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_svld_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_svld_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_svld_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_svld_dlopen" >&6
+if test $ac_cv_lib_svld_dlopen = yes; then
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
+else
+ echo "$as_me:$LINENO: checking for dld_link in -ldld" >&5
+echo $ECHO_N "checking for dld_link in -ldld... $ECHO_C" >&6
+if test "${ac_cv_lib_dld_dld_link+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dld_link ();
+int
+main ()
+{
+dld_link ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dld_dld_link=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dld_dld_link=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dld_dld_link" >&5
+echo "${ECHO_T}$ac_cv_lib_dld_dld_link" >&6
+if test $ac_cv_lib_dld_dld_link = yes; then
+ lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+ ;;
+ esac
+
+ if test "x$lt_cv_dlopen" != xno; then
+ enable_dlopen=yes
+ else
+ enable_dlopen=no
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS="$CPPFLAGS"
+ test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS="$LDFLAGS"
+ eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS="$LIBS"
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ echo "$as_me:$LINENO: checking whether a program can dlopen itself" >&5
+echo $ECHO_N "checking whether a program can dlopen itself... $ECHO_C" >&6
+if test "${lt_cv_dlopen_self+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+#line 10292 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+
+ exit (status);
+}
+EOF
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&5 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_unknown|x*) lt_cv_dlopen_self=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_dlopen_self" >&5
+echo "${ECHO_T}$lt_cv_dlopen_self" >&6
+
+ if test "x$lt_cv_dlopen_self" = xyes; then
+ LDFLAGS="$LDFLAGS $link_static_flag"
+ echo "$as_me:$LINENO: checking whether a statically linked program can dlopen itself" >&5
+echo $ECHO_N "checking whether a statically linked program can dlopen itself... $ECHO_C" >&6
+if test "${lt_cv_dlopen_self_static+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self_static=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+#line 10390 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+
+ exit (status);
+}
+EOF
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&5 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_unknown|x*) lt_cv_dlopen_self_static=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self_static=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_dlopen_self_static" >&5
+echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+
+
+# Report which librarie types wil actually be built
+echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5
+echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6
+echo "$as_me:$LINENO: result: $can_build_shared" >&5
+echo "${ECHO_T}$can_build_shared" >&6
+
+echo "$as_me:$LINENO: checking whether to build shared libraries" >&5
+echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6
+test "$can_build_shared" = "no" && enable_shared=no
+
+# On AIX, shared libraries and static libraries use the same namespace, and
+# are all built from PIC.
+case $host_os in
+aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+
+aix4* | aix5*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+esac
+echo "$as_me:$LINENO: result: $enable_shared" >&5
+echo "${ECHO_T}$enable_shared" >&6
+
+echo "$as_me:$LINENO: checking whether to build static libraries" >&5
+echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6
+# Make sure either enable_shared or enable_static is yes.
+test "$enable_shared" = yes || enable_static=yes
+echo "$as_me:$LINENO: result: $enable_static" >&5
+echo "${ECHO_T}$enable_static" >&6
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+ # See if we are running on zsh, and set the options which allow our commands through
+ # without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+ # Now quote all the things that may contain metacharacters while being
+ # careful not to overquote the AC_SUBSTed values. We take copies of the
+ # variables and quote the copies for generation of the libtool script.
+ for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC NM \
+ SED SHELL STRIP \
+ libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+ old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+ deplibs_check_method reload_flag reload_cmds need_locks \
+ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+ lt_cv_sys_global_symbol_to_c_name_address \
+ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+ old_postinstall_cmds old_postuninstall_cmds \
+ compiler \
+ CC \
+ LD \
+ lt_prog_compiler_wl \
+ lt_prog_compiler_pic \
+ lt_prog_compiler_static \
+ lt_prog_compiler_no_builtin_flag \
+ export_dynamic_flag_spec \
+ thread_safe_flag_spec \
+ whole_archive_flag_spec \
+ enable_shared_with_static_runtimes \
+ old_archive_cmds \
+ old_archive_from_new_cmds \
+ predep_objects \
+ postdep_objects \
+ predeps \
+ postdeps \
+ compiler_lib_search_path \
+ archive_cmds \
+ archive_expsym_cmds \
+ postinstall_cmds \
+ postuninstall_cmds \
+ old_archive_from_expsyms_cmds \
+ allow_undefined_flag \
+ no_undefined_flag \
+ export_symbols_cmds \
+ hardcode_libdir_flag_spec \
+ hardcode_libdir_flag_spec_ld \
+ hardcode_libdir_separator \
+ hardcode_automatic \
+ module_cmds \
+ module_expsym_cmds \
+ lt_cv_prog_compiler_c_o \
+ exclude_expsyms \
+ include_expsyms; do
+
+ case $var in
+ old_archive_cmds | \
+ old_archive_from_new_cmds | \
+ archive_cmds | \
+ archive_expsym_cmds | \
+ module_cmds | \
+ module_expsym_cmds | \
+ old_archive_from_expsyms_cmds | \
+ export_symbols_cmds | \
+ extract_expsyms_cmds | reload_cmds | finish_cmds | \
+ postinstall_cmds | postuninstall_cmds | \
+ old_postinstall_cmds | old_postuninstall_cmds | \
+ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+ # Double-quote double-evaled strings.
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+ ;;
+ *)
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+ ;;
+ esac
+ done
+
+ case $lt_echo in
+ *'\$0 --fallback-echo"')
+ lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+ ;;
+ esac
+
+cfgfile="${ofile}T"
+ trap "$rm \"$cfgfile\"; exit 1" 1 2 15
+ $rm -f "$cfgfile"
+ { echo "$as_me:$LINENO: creating $ofile" >&5
+echo "$as_me: creating $ofile" >&6;}
+
+ cat <<__EOF__ >> "$cfgfile"
+#! $SHELL
+
+# `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
+# Free Software Foundation, Inc.
+#
+# This file is part of GNU Libtool:
+# Originally by Gordon Matzigkeit <gord at gnu.ai.mit.edu>, 1996
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="$SED -e 1s/^X//"
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+# The names of the tagged configurations supported by this script.
+available_tags=
+
+# ### BEGIN LIBTOOL CONFIG
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# A language-specific compiler.
+CC=$lt_compiler
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds
+archive_expsym_cmds=$lt_archive_expsym_cmds
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds
+module_expsym_cmds=$lt_module_expsym_cmds
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms
+
+# ### END LIBTOOL CONFIG
+
+__EOF__
+
+
+ case $host_os in
+ aix3*)
+ cat <<\EOF >> "$cfgfile"
+
+# AIX sometimes has problems with the GCC collect2 program. For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+fi
+EOF
+ ;;
+ esac
+
+ # We use sed instead of cat because bash on DJGPP gets confused if
+ # if finds mixed CR/LF and LF-only lines. Since sed operates in
+ # text mode, it properly converts lines to CR/LF. This bash problem
+ # is reportedly fixed, but why not run on old versions too?
+ sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1)
+
+ mv -f "$cfgfile" "$ofile" || \
+ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+ chmod +x "$ofile"
+
+else
+ # If there is no Makefile yet, we rely on a make rule to execute
+ # `config.status --recheck' to rerun these tests and create the
+ # libtool script then.
+ ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+ if test -f "$ltmain_in"; then
+ test -f Makefile && make "$ltmain"
+ fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+
+# Check whether --with-tags or --without-tags was given.
+if test "${with_tags+set}" = set; then
+ withval="$with_tags"
+ tagnames="$withval"
+fi;
+
+if test -f "$ltmain" && test -n "$tagnames"; then
+ if test ! -f "${ofile}"; then
+ { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not exist" >&5
+echo "$as_me: WARNING: output file \`$ofile' does not exist" >&2;}
+ fi
+
+ if test -z "$LTCC"; then
+ eval "`$SHELL ${ofile} --config | grep '^LTCC='`"
+ if test -z "$LTCC"; then
+ { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not look like a libtool script" >&5
+echo "$as_me: WARNING: output file \`$ofile' does not look like a libtool script" >&2;}
+ else
+ { echo "$as_me:$LINENO: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&5
+echo "$as_me: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&2;}
+ fi
+ fi
+
+ # Extract list of available tagged configurations in $ofile.
+ # Note that this assumes the entire list is on one line.
+ available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'`
+
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for tagname in $tagnames; do
+ IFS="$lt_save_ifs"
+ # Check whether tagname contains only valid characters
+ case `$echo "X$tagname" | $Xsed -e 's:[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]::g'` in
+ "") ;;
+ *) { { echo "$as_me:$LINENO: error: invalid tag name: $tagname" >&5
+echo "$as_me: error: invalid tag name: $tagname" >&2;}
+ { (exit 1); exit 1; }; }
+ ;;
+ esac
+
+ if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null
+ then
+ { { echo "$as_me:$LINENO: error: tag name \"$tagname\" already exists" >&5
+echo "$as_me: error: tag name \"$tagname\" already exists" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ # Update the list of available tags.
+ if test -n "$tagname"; then
+ echo appending configuration tag \"$tagname\" to $ofile
+
+ case $tagname in
+ CXX)
+ if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ :
+ else
+ tagname=""
+ fi
+ ;;
+
+ F77)
+ if test -n "$F77" && test "X$F77" != "Xno"; then
+ :
+ else
+ tagname=""
+ fi
+ ;;
+
+ GCJ)
+ if test -n "$GCJ" && test "X$GCJ" != "Xno"; then
+ :
+ else
+ tagname=""
+ fi
+ ;;
+
+ RC)
+
+
+
+# Source file extension for RC test sources.
+ac_ext=rc
+
+# Object file extension for compiled RC test sources.
+objext=o
+objext_RC=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }\n'
+
+# Code to be used in simple link tests
+lt_simple_link_test_code="$lt_simple_compile_test_code"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${RC-"windres"}
+compiler=$CC
+compiler_RC=$CC
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+lt_cv_prog_compiler_c_o_RC=yes
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+ # See if we are running on zsh, and set the options which allow our commands through
+ # without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+ # Now quote all the things that may contain metacharacters while being
+ # careful not to overquote the AC_SUBSTed values. We take copies of the
+ # variables and quote the copies for generation of the libtool script.
+ for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC NM \
+ SED SHELL STRIP \
+ libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+ old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+ deplibs_check_method reload_flag reload_cmds need_locks \
+ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+ lt_cv_sys_global_symbol_to_c_name_address \
+ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+ old_postinstall_cmds old_postuninstall_cmds \
+ compiler_RC \
+ CC_RC \
+ LD_RC \
+ lt_prog_compiler_wl_RC \
+ lt_prog_compiler_pic_RC \
+ lt_prog_compiler_static_RC \
+ lt_prog_compiler_no_builtin_flag_RC \
+ export_dynamic_flag_spec_RC \
+ thread_safe_flag_spec_RC \
+ whole_archive_flag_spec_RC \
+ enable_shared_with_static_runtimes_RC \
+ old_archive_cmds_RC \
+ old_archive_from_new_cmds_RC \
+ predep_objects_RC \
+ postdep_objects_RC \
+ predeps_RC \
+ postdeps_RC \
+ compiler_lib_search_path_RC \
+ archive_cmds_RC \
+ archive_expsym_cmds_RC \
+ postinstall_cmds_RC \
+ postuninstall_cmds_RC \
+ old_archive_from_expsyms_cmds_RC \
+ allow_undefined_flag_RC \
+ no_undefined_flag_RC \
+ export_symbols_cmds_RC \
+ hardcode_libdir_flag_spec_RC \
+ hardcode_libdir_flag_spec_ld_RC \
+ hardcode_libdir_separator_RC \
+ hardcode_automatic_RC \
+ module_cmds_RC \
+ module_expsym_cmds_RC \
+ lt_cv_prog_compiler_c_o_RC \
+ exclude_expsyms_RC \
+ include_expsyms_RC; do
+
+ case $var in
+ old_archive_cmds_RC | \
+ old_archive_from_new_cmds_RC | \
+ archive_cmds_RC | \
+ archive_expsym_cmds_RC | \
+ module_cmds_RC | \
+ module_expsym_cmds_RC | \
+ old_archive_from_expsyms_cmds_RC | \
+ export_symbols_cmds_RC | \
+ extract_expsyms_cmds | reload_cmds | finish_cmds | \
+ postinstall_cmds | postuninstall_cmds | \
+ old_postinstall_cmds | old_postuninstall_cmds | \
+ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+ # Double-quote double-evaled strings.
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+ ;;
+ *)
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+ ;;
+ esac
+ done
+
+ case $lt_echo in
+ *'\$0 --fallback-echo"')
+ lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+ ;;
+ esac
+
+cfgfile="$ofile"
+
+ cat <<__EOF__ >> "$cfgfile"
+# ### BEGIN LIBTOOL TAG CONFIG: $tagname
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_RC
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_RC
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# A language-specific compiler.
+CC=$lt_compiler_RC
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC_RC
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD_RC
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_RC
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_RC
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_RC
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_RC
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_RC
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_RC
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_RC
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec_RC
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds_RC
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_RC
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_RC
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds_RC
+archive_expsym_cmds=$lt_archive_expsym_cmds_RC
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds_RC
+module_expsym_cmds=$lt_module_expsym_cmds_RC
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects_RC
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects_RC
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps_RC
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps_RC
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_RC
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_RC
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_RC
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_RC
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_RC
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_RC
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_RC
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct_RC
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L_RC
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_RC
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic_RC
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_RC
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path_RC"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols_RC
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_RC
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_RC
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_RC
+
+# ### END LIBTOOL TAG CONFIG: $tagname
+
+__EOF__
+
+
+else
+ # If there is no Makefile yet, we rely on a make rule to execute
+ # `config.status --recheck' to rerun these tests and create the
+ # libtool script then.
+ ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+ if test -f "$ltmain_in"; then
+ test -f Makefile && make "$ltmain"
+ fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+ ;;
+
+ *)
+ { { echo "$as_me:$LINENO: error: Unsupported tag name: $tagname" >&5
+echo "$as_me: error: Unsupported tag name: $tagname" >&2;}
+ { (exit 1); exit 1; }; }
+ ;;
+ esac
+
+ # Append the new tag name to the list of available tags.
+ if test -n "$tagname" ; then
+ available_tags="$available_tags $tagname"
+ fi
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ # Now substitute the updated list of available tags.
+ if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then
+ mv "${ofile}T" "$ofile"
+ chmod +x "$ofile"
+ else
+ rm -f "${ofile}T"
+ { { echo "$as_me:$LINENO: error: unable to update list of available tagged configurations." >&5
+echo "$as_me: error: unable to update list of available tagged configurations." >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+
+
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+
+# Prevent multiple expansion
+
+
+
+
+
+
+
+
+
+
+ol_link_perl=no
+if test $ol_enable_perl != no ; then
+ # Extract the first word of "perl", so it can be a program name with args.
+set dummy perl; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_path_PERLBIN+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ case $PERLBIN in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PERLBIN="$PERLBIN" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_PERLBIN="$as_dir/$ac_word$ac_exec_ext"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+ test -z "$ac_cv_path_PERLBIN" && ac_cv_path_PERLBIN="/usr/bin/perl"
+ ;;
+esac
+fi
+PERLBIN=$ac_cv_path_PERLBIN
+
+if test -n "$PERLBIN"; then
+ echo "$as_me:$LINENO: result: $PERLBIN" >&5
+echo "${ECHO_T}$PERLBIN" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+
+ if test "no$PERLBIN" = "no" ; then
+ if test $ol_enable_perl = yes ; then
+ { { echo "$as_me:$LINENO: error: could not locate perl" >&5
+echo "$as_me: error: could not locate perl" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ else
+ PERL_CPPFLAGS="`$PERLBIN -MExtUtils::Embed -e ccopts`"
+ PERL_LDFLAGS="`$PERLBIN -MExtUtils::Embed -e ldopts|sed -e 's/ -lc / /' -e 's/ -lc$//'`"
+
+ if test x"$ol_enable_perl" = "xyes" ; then
+ SLAPD_PERL_LDFLAGS="$PERL_LDFLAGS"
+ else
+ MOD_PERL_LDFLAGS="$PERL_LDFLAGS"
+ fi
+ ol_link_perl=yes
+ fi
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
+echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+ if test "${ac_cv_prog_CPP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # Double quotes because CPP needs to be expanded
+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether non-existent headers
+ # can be detected and how.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ # Broken: success on invalid input.
+continue
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+ break
+fi
+
+ done
+ ac_cv_prog_CPP=$CPP
+
+fi
+ CPP=$ac_cv_prog_CPP
+else
+ ac_cv_prog_CPP=$CPP
+fi
+echo "$as_me:$LINENO: result: $CPP" >&5
+echo "${ECHO_T}$CPP" >&6
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether non-existent headers
+ # can be detected and how.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ # Broken: success on invalid input.
+continue
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+ :
+else
+ { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." >&5
+echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+case $host_os in
+ *mingw32* ) ac_cv_mingw32=yes ;;
+ *cygwin* ) ac_cv_cygwin=yes ;;
+esac
+
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define EXEEXT "${EXEEXT}"
+_ACEOF
+
+
+echo "$as_me:$LINENO: checking for be_app in -lbe" >&5
+echo $ECHO_N "checking for be_app in -lbe... $ECHO_C" >&6
+if test "${ac_cv_lib_be_be_app+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lbe -lroot -lnet $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char be_app ();
+int
+main ()
+{
+be_app ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_be_be_app=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_be_be_app=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_be_be_app" >&5
+echo "${ECHO_T}$ac_cv_lib_be_be_app" >&6
+if test $ac_cv_lib_be_be_app = yes; then
+ LIBS="$LIBS -lbe -lroot -lnet"
+else
+ :
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}gcc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="gcc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ CC=$ac_ct_CC
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}cc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="cc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ CC=$ac_ct_CC
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+fi
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $# != 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in cl
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ test -n "$CC" && break
+ done
+fi
+if test -z "$CC"; then
+ ac_ct_CC=$CC
+ for ac_prog in cl
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ test -n "$ac_ct_CC" && break
+done
+
+ CC=$ac_ct_CC
+fi
+
+fi
+
+
+test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&5
+echo "$as_me: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+
+# Provide some information about the compiler.
+echo "$as_me:$LINENO:" \
+ "checking for C compiler version" >&5
+ac_compiler=`set X $ac_compile; echo $2`
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
+ (eval $ac_compiler --version </dev/null >&5) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5
+ (eval $ac_compiler -v </dev/null >&5) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5
+ (eval $ac_compiler -V </dev/null >&5) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+
+echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
+echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6
+if test "${ac_cv_c_compiler_gnu+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_compiler_gnu=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_compiler_gnu=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
+echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6
+GCC=`test $ac_compiler_gnu = yes && echo yes`
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+CFLAGS="-g"
+echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
+echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6
+if test "${ac_cv_prog_cc_g+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_prog_cc_g=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_prog_cc_g=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_g" >&6
+if test "$ac_test_CFLAGS" = set; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
+else
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
+fi
+echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5
+echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6
+if test "${ac_cv_prog_cc_stdc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_prog_cc_stdc=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not '\xHH' hex character constants.
+ These don't provoke an error unfortunately, instead are silently treated
+ as 'x'. The following induces an error, until -std1 is added to get
+ proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
+ array size at least. It's necessary to write '\x00'==0 to get something
+ that's true only with -std1. */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
+ ;
+ return 0;
+}
+_ACEOF
+# Don't try gcc -ansi; that turns off useful extensions and
+# breaks some systems' header files.
+# AIX -qlanglvl=ansi
+# Ultrix and OSF/1 -std1
+# HP-UX 10.20 and later -Ae
+# HP-UX older versions -Aa -D_HPUX_SOURCE
+# SVR4 -Xc -D__EXTENSIONS__
+for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+ CC="$ac_save_CC $ac_arg"
+ rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_prog_cc_stdc=$ac_arg
+break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext
+done
+rm -f conftest.$ac_ext conftest.$ac_objext
+CC=$ac_save_CC
+
+fi
+
+case "x$ac_cv_prog_cc_stdc" in
+ x|xno)
+ echo "$as_me:$LINENO: result: none needed" >&5
+echo "${ECHO_T}none needed" >&6 ;;
+ *)
+ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6
+ CC="$CC $ac_cv_prog_cc_stdc" ;;
+esac
+
+# Some people use a C++ compiler to compile C. Since we use `exit',
+# in C++ we need to declare it. In case someone uses the same compiler
+# for both compiling C and C++ we need to have the C++ compiler decide
+# the declaration of exit, since it's the most demanding environment.
+cat >conftest.$ac_ext <<_ACEOF
+#ifndef __cplusplus
+ choke me
+#endif
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ for ac_declaration in \
+ '' \
+ 'extern "C" void std::exit (int) throw (); using std::exit;' \
+ 'extern "C" void std::exit (int); using std::exit;' \
+ 'extern "C" void exit (int) throw ();' \
+ 'extern "C" void exit (int);' \
+ 'void exit (int);'
+do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_declaration
+#include <stdlib.h>
+int
+main ()
+{
+exit (42);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+continue
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_declaration
+int
+main ()
+{
+exit (42);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+rm -f conftest*
+if test -n "$ac_declaration"; then
+ echo '#ifdef __cplusplus' >>confdefs.h
+ echo $ac_declaration >>confdefs.h
+ echo '#endif' >>confdefs.h
+fi
+
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CC" am_compiler_list=
+
+echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
+echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6
+if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_CC_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+ fi
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ case $depmode in
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ none) break ;;
+ esac
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this.
+ if depmode=$depmode \
+ source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_CC_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
+echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+
+
+if
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+ am__fastdepCC_TRUE=
+ am__fastdepCC_FALSE='#'
+else
+ am__fastdepCC_TRUE='#'
+ am__fastdepCC_FALSE=
+fi
+
+
+if test "X${ac_cv_prog_cc_stdc}" = "Xno" ; then
+ { { echo "$as_me:$LINENO: error: OpenLDAP requires compiler to support STDC constructs." >&5
+echo "$as_me: error: OpenLDAP requires compiler to support STDC constructs." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+# test for make depend flag
+OL_MKDEP=
+OL_MKDEP_FLAGS=
+if test -z "${MKDEP}"; then
+ OL_MKDEP="${CC-cc}"
+ if test -z "${MKDEP_FLAGS}"; then
+ echo "$as_me:$LINENO: checking for ${OL_MKDEP} depend flag" >&5
+echo $ECHO_N "checking for ${OL_MKDEP} depend flag... $ECHO_C" >&6
+if test "${ol_cv_mkdep+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_cv_mkdep=no
+ for flag in "-M" "-xM"; do
+ cat > conftest.c <<EOF
+ noCode;
+EOF
+ if { ac_try='$OL_MKDEP $flag conftest.c'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } \
+ | grep '^conftest\.'"${ac_objext}" >/dev/null 2>&1
+ then
+ if test ! -f conftest."${ac_object}" ; then
+ ol_cv_mkdep=$flag
+ OL_MKDEP_FLAGS="$flag"
+ break
+ fi
+ fi
+ done
+ rm -f conftest*
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_mkdep" >&5
+echo "${ECHO_T}$ol_cv_mkdep" >&6
+ else
+ cc_cv_mkdep=yes
+ OL_MKDEP_FLAGS="${MKDEP_FLAGS}"
+ fi
+else
+ cc_cv_mkdep=yes
+ OL_MKDEP="${MKDEP}"
+ OL_MKDEP_FLAGS="${MKDEP_FLAGS}"
+fi
+
+
+
+if test "${ol_cv_mkdep}" = no ; then
+ # this will soon become an error
+ { echo "$as_me:$LINENO: WARNING: do not know how to generate dependencies" >&5
+echo "$as_me: WARNING: do not know how to generate dependencies" >&2;}
+fi
+
+echo "$as_me:$LINENO: checking for afopen in -ls" >&5
+echo $ECHO_N "checking for afopen in -ls... $ECHO_C" >&6
+if test "${ac_cv_lib_s_afopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ls $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char afopen ();
+int
+main ()
+{
+afopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_s_afopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_s_afopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_s_afopen" >&5
+echo "${ECHO_T}$ac_cv_lib_s_afopen" >&6
+if test $ac_cv_lib_s_afopen = yes; then
+
+ AUTH_LIBS=-ls
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_AIX_SECURITY 1
+_ACEOF
+
+
+fi
+
+
+case "$target" in
+*-ibm-openedition)
+ ac_cv_func_getopt=no
+
+cat >>confdefs.h <<\_ACEOF
+#define BOTH_STRINGS_H 1
+_ACEOF
+
+ ;;
+esac
+
+ol_link_modules=no
+WITH_MODULES_ENABLED=no
+if test $ol_enable_modules != no ; then
+
+for ac_header in ltdl.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ if test $ac_cv_header_ltdl_h = no ; then
+ { { echo "$as_me:$LINENO: error: could not locate libtool ltdl.h" >&5
+echo "$as_me: error: could not locate libtool ltdl.h" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ echo "$as_me:$LINENO: checking for lt_dlinit in -lltdl" >&5
+echo $ECHO_N "checking for lt_dlinit in -lltdl... $ECHO_C" >&6
+if test "${ac_cv_lib_ltdl_lt_dlinit+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lltdl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char lt_dlinit ();
+int
+main ()
+{
+lt_dlinit ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_ltdl_lt_dlinit=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_ltdl_lt_dlinit=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_ltdl_lt_dlinit" >&5
+echo "${ECHO_T}$ac_cv_lib_ltdl_lt_dlinit" >&6
+if test $ac_cv_lib_ltdl_lt_dlinit = yes; then
+
+ MODULES_LIBS=-lltdl
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_LIBLTDL 1
+_ACEOF
+
+
+fi
+
+
+ if test "$ac_cv_lib_ltdl_lt_dlinit" = no ; then
+ { { echo "$as_me:$LINENO: error: could not locate libtool -lltdl" >&5
+echo "$as_me: error: could not locate libtool -lltdl" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_link_modules=yes
+ WITH_MODULES_ENABLED=yes
+
+else
+ for i in $Backends; do
+ eval "ol_tmp=\$ol_enable_$i"
+ if test $ol_tmp = mod ; then
+ { echo "$as_me:$LINENO: WARNING: building static $i backend" >&5
+echo "$as_me: WARNING: building static $i backend" >&2;}
+ eval "ol_enable_$i=yes"
+ fi
+ done
+ for i in $Overlays; do
+ eval "ol_tmp=\$ol_enable_$i"
+ if test $ol_tmp = mod ; then
+ { echo "$as_me:$LINENO: WARNING: building static $i overlay" >&5
+echo "$as_me: WARNING: building static $i overlay" >&2;}
+ eval "ol_enable_$i=yes"
+ fi
+ done
+fi
+
+# test for EBCDIC
+echo "$as_me:$LINENO: checking for EBCDIC" >&5
+echo $ECHO_N "checking for EBCDIC... $ECHO_C" >&6
+if test "${ol_cv_cpp_ebcdic+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#if !('M' == 0xd4)
+#include <__ASCII__/generate_error.h>
+#endif
+
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ol_cv_cpp_ebcdic=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ol_cv_cpp_ebcdic=no
+fi
+rm -f conftest.err conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ol_cv_cpp_ebcdic" >&5
+echo "${ECHO_T}$ol_cv_cpp_ebcdic" >&6
+if test $ol_cv_cpp_ebcdic = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_EBCDIC 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for ANSI C header files" >&5
+echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
+if test "${ol_cv_header_stdc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ol_cv_header_stdc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ol_cv_header_stdc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+
+if test $ol_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then
+ :
+else
+ ol_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ol_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then
+ :
+else
+ ol_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ol_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+if test "$cross_compiling" = yes; then
+ :
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ctype.h>
+#ifndef HAVE_EBCDIC
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int main () { int i; for (i = 0; i < 256; i++)
+if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2);
+exit (0); }
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ :
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_header_stdc=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+fi
+echo "$as_me:$LINENO: result: $ol_cv_header_stdc" >&5
+echo "${ECHO_T}$ol_cv_header_stdc" >&6
+if test $ol_cv_header_stdc = yes; then
+ cat >>confdefs.h <<\_ACEOF
+#define STDC_HEADERS 1
+_ACEOF
+
+fi
+ac_cv_header_stdc=disable
+
+
+if test $ol_cv_header_stdc != yes; then
+ { echo "$as_me:$LINENO: WARNING: could not locate Standard C compliant headers" >&5
+echo "$as_me: WARNING: could not locate Standard C compliant headers" >&2;}
+fi
+
+
+
+
+
+
+ac_header_dirent=no
+for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do
+ as_ac_Header=`echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_hdr that defines DIR" >&5
+echo $ECHO_N "checking for $ac_hdr that defines DIR... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <$ac_hdr>
+
+int
+main ()
+{
+if ((DIR *) 0)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_Header=no"
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_hdr" | $as_tr_cpp` 1
+_ACEOF
+
+ac_header_dirent=$ac_hdr; break
+fi
+
+done
+# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
+if test $ac_header_dirent = dirent.h; then
+ echo "$as_me:$LINENO: checking for library containing opendir" >&5
+echo $ECHO_N "checking for library containing opendir... $ECHO_C" >&6
+if test "${ac_cv_search_opendir+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+ac_cv_search_opendir=no
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char opendir ();
+int
+main ()
+{
+opendir ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_search_opendir="none required"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_search_opendir" = no; then
+ for ac_lib in dir; do
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char opendir ();
+int
+main ()
+{
+opendir ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_search_opendir="-l$ac_lib"
+break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+fi
+LIBS=$ac_func_search_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5
+echo "${ECHO_T}$ac_cv_search_opendir" >&6
+if test "$ac_cv_search_opendir" != no; then
+ test "$ac_cv_search_opendir" = "none required" || LIBS="$ac_cv_search_opendir $LIBS"
+
+fi
+
+else
+ echo "$as_me:$LINENO: checking for library containing opendir" >&5
+echo $ECHO_N "checking for library containing opendir... $ECHO_C" >&6
+if test "${ac_cv_search_opendir+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+ac_cv_search_opendir=no
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char opendir ();
+int
+main ()
+{
+opendir ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_search_opendir="none required"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_search_opendir" = no; then
+ for ac_lib in x; do
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char opendir ();
+int
+main ()
+{
+opendir ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_search_opendir="-l$ac_lib"
+break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+fi
+LIBS=$ac_func_search_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5
+echo "${ECHO_T}$ac_cv_search_opendir" >&6
+if test "$ac_cv_search_opendir" != no; then
+ test "$ac_cv_search_opendir" = "none required" || LIBS="$ac_cv_search_opendir $LIBS"
+
+fi
+
+fi
+
+echo "$as_me:$LINENO: checking for sys/wait.h that is POSIX.1 compatible" >&5
+echo $ECHO_N "checking for sys/wait.h that is POSIX.1 compatible... $ECHO_C" >&6
+if test "${ac_cv_header_sys_wait_h+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/wait.h>
+#ifndef WEXITSTATUS
+# define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
+#endif
+#ifndef WIFEXITED
+# define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
+#endif
+
+int
+main ()
+{
+ int s;
+ wait (&s);
+ s = WIFEXITED (s) ? WEXITSTATUS (s) : 1;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_header_sys_wait_h=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_header_sys_wait_h=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_sys_wait_h" >&5
+echo "${ECHO_T}$ac_cv_header_sys_wait_h" >&6
+if test $ac_cv_header_sys_wait_h = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_SYS_WAIT_H 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking whether termios.h defines TIOCGWINSZ" >&5
+echo $ECHO_N "checking whether termios.h defines TIOCGWINSZ... $ECHO_C" >&6
+if test "${ac_cv_sys_tiocgwinsz_in_termios_h+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <termios.h>
+#ifdef TIOCGWINSZ
+ yes
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "yes" >/dev/null 2>&1; then
+ ac_cv_sys_tiocgwinsz_in_termios_h=yes
+else
+ ac_cv_sys_tiocgwinsz_in_termios_h=no
+fi
+rm -f conftest*
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_sys_tiocgwinsz_in_termios_h" >&5
+echo "${ECHO_T}$ac_cv_sys_tiocgwinsz_in_termios_h" >&6
+
+if test $ac_cv_sys_tiocgwinsz_in_termios_h != yes; then
+ echo "$as_me:$LINENO: checking whether sys/ioctl.h defines TIOCGWINSZ" >&5
+echo $ECHO_N "checking whether sys/ioctl.h defines TIOCGWINSZ... $ECHO_C" >&6
+if test "${ac_cv_sys_tiocgwinsz_in_sys_ioctl_h+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/ioctl.h>
+#ifdef TIOCGWINSZ
+ yes
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "yes" >/dev/null 2>&1; then
+ ac_cv_sys_tiocgwinsz_in_sys_ioctl_h=yes
+else
+ ac_cv_sys_tiocgwinsz_in_sys_ioctl_h=no
+fi
+rm -f conftest*
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_sys_tiocgwinsz_in_sys_ioctl_h" >&5
+echo "${ECHO_T}$ac_cv_sys_tiocgwinsz_in_sys_ioctl_h" >&6
+
+ if test $ac_cv_sys_tiocgwinsz_in_sys_ioctl_h = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define GWINSZ_IN_SYS_IOCTL 1
+_ACEOF
+
+ fi
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+for ac_header in \
+ arpa/inet.h \
+ arpa/nameser.h \
+ assert.h \
+ bits/types.h \
+ conio.h \
+ crypt.h \
+ direct.h \
+ errno.h \
+ fcntl.h \
+ filio.h \
+ getopt.h \
+ grp.h \
+ io.h \
+ libutil.h \
+ limits.h \
+ locale.h \
+ malloc.h \
+ memory.h \
+ psap.h \
+ pwd.h \
+ process.h \
+ sgtty.h \
+ shadow.h \
+ stddef.h \
+ string.h \
+ strings.h \
+ sysexits.h \
+ sys/file.h \
+ sys/filio.h \
+ sys/errno.h \
+ sys/ioctl.h \
+ sys/param.h \
+ sys/resource.h \
+ sys/select.h \
+ sys/socket.h \
+ sys/stat.h \
+ sys/syslog.h \
+ sys/time.h \
+ sys/types.h \
+ sys/uio.h \
+ syslog.h \
+ termios.h \
+ unistd.h \
+ utime.h \
+
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+if test "$ac_cv_mingw32" = yes ; then
+
+
+for ac_header in winsock.h winsock2.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+fi
+
+
+for ac_header in resolv.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <netinet/in.h>
+
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_Header=no"
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in netinet/tcp.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <netinet/in.h>
+
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_Header=no"
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in sys/ucred.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_Header=no"
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+
+
+for ac_func in sigaction sigset
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+if test $ac_cv_func_sigaction = no && test $ac_cv_func_sigaction = no ; then
+
+echo "$as_me:$LINENO: checking for sigset in -lV3" >&5
+echo $ECHO_N "checking for sigset in -lV3... $ECHO_C" >&6
+if test "${ac_cv_lib_V3_sigset+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lV3 $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char sigset ();
+int
+main ()
+{
+sigset ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_V3_sigset=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_V3_sigset=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_V3_sigset" >&5
+echo "${ECHO_T}$ac_cv_lib_V3_sigset" >&6
+if test $ac_cv_lib_V3_sigset = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBV3 1
+_ACEOF
+
+ LIBS="-lV3 $LIBS"
+
+fi
+
+fi
+
+if test "$ac_cv_header_winsock_h" = yes; then
+echo "$as_me:$LINENO: checking for winsock" >&5
+echo $ECHO_N "checking for winsock... $ECHO_C" >&6
+if test "${ol_cv_winsock+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ save_LIBS="$LIBS"
+for curlib in ws2_32 wsock32; do
+ LIBS="$LIBS -l$curlib"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <winsock.h>
+
+int
+main ()
+{
+
+ socket(0,0,0);
+ select(0,NULL,NULL,NULL,NULL);
+ closesocket(0);
+ gethostname(NULL,0);
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_winsock=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_winsock=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ if test $ol_cv_winsock = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_WINSOCK 1
+_ACEOF
+
+ ac_cv_func_socket=yes
+ ac_cv_func_select=yes
+ ac_cv_func_closesocket=yes
+ ac_cv_func_gethostname=yes
+ if test $curlib = ws2_32; then
+ ol_cv_winsock=winsock2
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_WINSOCK2 1
+_ACEOF
+
+ fi
+ break
+ fi
+ LIBS="$save_LIBS"
+done
+fi
+echo "$as_me:$LINENO: result: $ol_cv_winsock" >&5
+echo "${ECHO_T}$ol_cv_winsock" >&6
+fi
+
+
+echo "$as_me:$LINENO: checking for socket" >&5
+echo $ECHO_N "checking for socket... $ECHO_C" >&6
+if test "${ac_cv_func_socket+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define socket to an innocuous variant, in case <limits.h> declares socket.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define socket innocuous_socket
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char socket (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef socket
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char socket ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_socket) || defined (__stub___socket)
+choke me
+#else
+char (*f) () = socket;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != socket;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_socket=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_socket=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_socket" >&5
+echo "${ECHO_T}$ac_cv_func_socket" >&6
+if test $ac_cv_func_socket = yes; then
+ :
+else
+
+
+echo "$as_me:$LINENO: checking for main in -lsocket" >&5
+echo $ECHO_N "checking for main in -lsocket... $ECHO_C" >&6
+if test "${ac_cv_lib_socket_main+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+main ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_socket_main=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_socket_main=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_socket_main" >&5
+echo "${ECHO_T}$ac_cv_lib_socket_main" >&6
+if test $ac_cv_lib_socket_main = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBSOCKET 1
+_ACEOF
+
+ LIBS="-lsocket $LIBS"
+
+fi
+
+
+echo "$as_me:$LINENO: checking for main in -lnet" >&5
+echo $ECHO_N "checking for main in -lnet... $ECHO_C" >&6
+if test "${ac_cv_lib_net_main+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnet $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+main ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_net_main=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_net_main=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_net_main" >&5
+echo "${ECHO_T}$ac_cv_lib_net_main" >&6
+if test $ac_cv_lib_net_main = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBNET 1
+_ACEOF
+
+ LIBS="-lnet $LIBS"
+
+fi
+
+
+echo "$as_me:$LINENO: checking for main in -lnsl_s" >&5
+echo $ECHO_N "checking for main in -lnsl_s... $ECHO_C" >&6
+if test "${ac_cv_lib_nsl_s_main+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnsl_s $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+main ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_nsl_s_main=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_nsl_s_main=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_s_main" >&5
+echo "${ECHO_T}$ac_cv_lib_nsl_s_main" >&6
+if test $ac_cv_lib_nsl_s_main = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBNSL_S 1
+_ACEOF
+
+ LIBS="-lnsl_s $LIBS"
+
+fi
+
+
+echo "$as_me:$LINENO: checking for main in -lnsl" >&5
+echo $ECHO_N "checking for main in -lnsl... $ECHO_C" >&6
+if test "${ac_cv_lib_nsl_main+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnsl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+main ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_nsl_main=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_nsl_main=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_main" >&5
+echo "${ECHO_T}$ac_cv_lib_nsl_main" >&6
+if test $ac_cv_lib_nsl_main = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBNSL 1
+_ACEOF
+
+ LIBS="-lnsl $LIBS"
+
+fi
+
+
+echo "$as_me:$LINENO: checking for socket in -linet" >&5
+echo $ECHO_N "checking for socket in -linet... $ECHO_C" >&6
+if test "${ac_cv_lib_inet_socket+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-linet $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char socket ();
+int
+main ()
+{
+socket ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_inet_socket=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_inet_socket=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_inet_socket" >&5
+echo "${ECHO_T}$ac_cv_lib_inet_socket" >&6
+if test $ac_cv_lib_inet_socket = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBINET 1
+_ACEOF
+
+ LIBS="-linet $LIBS"
+
+fi
+
+
+echo "$as_me:$LINENO: checking for main in -lgen" >&5
+echo $ECHO_N "checking for main in -lgen... $ECHO_C" >&6
+if test "${ac_cv_lib_gen_main+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgen $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+main ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_gen_main=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_gen_main=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_gen_main" >&5
+echo "${ECHO_T}$ac_cv_lib_gen_main" >&6
+if test $ac_cv_lib_gen_main = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBGEN 1
+_ACEOF
+
+ LIBS="-lgen $LIBS"
+
+fi
+
+
+fi
+
+
+echo "$as_me:$LINENO: checking for select" >&5
+echo $ECHO_N "checking for select... $ECHO_C" >&6
+if test "${ac_cv_func_select+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define select to an innocuous variant, in case <limits.h> declares select.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define select innocuous_select
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char select (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef select
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char select ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_select) || defined (__stub___select)
+choke me
+#else
+char (*f) () = select;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != select;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_select=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_select=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_select" >&5
+echo "${ECHO_T}$ac_cv_func_select" >&6
+if test $ac_cv_func_select = yes; then
+ :
+else
+ { { echo "$as_me:$LINENO: error: select() required." >&5
+echo "$as_me: error: select() required." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+
+if test "${ac_cv_header_winsock_h}" != yes; then
+
+
+for ac_header in sys/select.h sys/socket.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+echo "$as_me:$LINENO: checking types of arguments for select" >&5
+echo $ECHO_N "checking types of arguments for select... $ECHO_C" >&6
+if test "${ac_cv_func_select_args+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ for ac_arg234 in 'fd_set *' 'int *' 'void *'; do
+ for ac_arg1 in 'int' 'size_t' 'unsigned long' 'unsigned'; do
+ for ac_arg5 in 'struct timeval *' 'const struct timeval *'; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#if HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif
+#if HAVE_SYS_SOCKET_H
+# include <sys/socket.h>
+#endif
+
+int
+main ()
+{
+extern int select ($ac_arg1,
+ $ac_arg234, $ac_arg234, $ac_arg234,
+ $ac_arg5);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_select_args="$ac_arg1,$ac_arg234,$ac_arg5"; break 3
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+ done
+done
+# Provide a safe default value.
+: ${ac_cv_func_select_args='int,int *,struct timeval *'}
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_select_args" >&5
+echo "${ECHO_T}$ac_cv_func_select_args" >&6
+ac_save_IFS=$IFS; IFS=','
+set dummy `echo "$ac_cv_func_select_args" | sed 's/\*/\*/g'`
+IFS=$ac_save_IFS
+shift
+
+cat >>confdefs.h <<_ACEOF
+#define SELECT_TYPE_ARG1 $1
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define SELECT_TYPE_ARG234 ($2)
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define SELECT_TYPE_ARG5 ($3)
+_ACEOF
+
+rm -f conftest*
+
+fi
+
+
+
+for ac_func in poll
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+for ac_header in poll.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in sys/epoll.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+if test "${ac_cv_header_sys_epoll_h}" = yes; then
+echo "$as_me:$LINENO: checking for epoll system call" >&5
+echo $ECHO_N "checking for epoll system call... $ECHO_C" >&6
+if test "$cross_compiling" = yes; then
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+int main(int argc, char *argv)
+{
+ int epfd = epoll_create(256);
+ exit (epfd == -1 ? 1 : 0);
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_EPOLL 1
+_ACEOF
+
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+
+# strerror checks
+echo "$as_me:$LINENO: checking declaration of sys_errlist" >&5
+echo $ECHO_N "checking declaration of sys_errlist... $ECHO_C" >&6
+if test "${ol_cv_dcl_sys_errlist+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <errno.h>
+#ifdef WINNT
+#include <stdlib.h>
+#endif
+int
+main ()
+{
+char *c = (char *) *sys_errlist
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_dcl_sys_errlist=yes
+ ol_cv_have_sys_errlist=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_dcl_sys_errlist=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ol_cv_dcl_sys_errlist" >&5
+echo "${ECHO_T}$ol_cv_dcl_sys_errlist" >&6
+#
+# It's possible (for near-UNIX clones) that sys_errlist doesn't exist
+if test $ol_cv_dcl_sys_errlist = no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define DECL_SYS_ERRLIST 1
+_ACEOF
+
+
+ echo "$as_me:$LINENO: checking existence of sys_errlist" >&5
+echo $ECHO_N "checking existence of sys_errlist... $ECHO_C" >&6
+if test "${ol_cv_have_sys_errlist+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <errno.h>
+int
+main ()
+{
+char *c = (char *) *sys_errlist
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_have_sys_errlist=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_have_sys_errlist=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ol_cv_have_sys_errlist" >&5
+echo "${ECHO_T}$ol_cv_have_sys_errlist" >&6
+fi
+if test $ol_cv_have_sys_errlist = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_SYS_ERRLIST 1
+_ACEOF
+
+fi
+
+
+for ac_func in strerror strerror_r
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ol_cv_func_strerror_r=no
+if test "${ac_cv_func_strerror_r}" = yes ; then
+ echo "$as_me:$LINENO: checking non-posix strerror_r" >&5
+echo $ECHO_N "checking non-posix strerror_r... $ECHO_C" >&6
+if test "${ol_cv_nonposix_strerror_r+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <string.h>
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "strerror_r" >/dev/null 2>&1; then
+ ol_decl_strerror_r=yes
+else
+ ol_decl_strerror_r=no
+fi
+rm -f conftest*
+
+ if test $ol_decl_strerror_r = yes ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <string.h>
+int
+main ()
+{
+ /* from autoconf 2.59 */
+ char buf[100];
+ char x = *strerror_r (0, buf, sizeof buf);
+ char *p = strerror_r (0, buf, sizeof buf);
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_nonposix_strerror_r=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_nonposix_strerror_r=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ else
+ if test "$cross_compiling" = yes; then
+ ol_cv_nonposix_strerror=no
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ main() {
+ char buf[100];
+ buf[0] = 0;
+ strerror_r( 1, buf, sizeof buf );
+ exit( buf[0] == 0 );
+ }
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_nonposix_strerror_r=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_nonposix_strerror=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+ fi
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_nonposix_strerror_r" >&5
+echo "${ECHO_T}$ol_cv_nonposix_strerror_r" >&6
+if test $ol_cv_nonposix_strerror_r = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_NONPOSIX_STRERROR_R 1
+_ACEOF
+
+fi
+
+elif test "${ac_cv_func_strerror}" = no ; then
+ echo "$as_me:$LINENO: checking declaration of sys_errlist" >&5
+echo $ECHO_N "checking declaration of sys_errlist... $ECHO_C" >&6
+if test "${ol_cv_dcl_sys_errlist+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <errno.h>
+#ifdef WINNT
+#include <stdlib.h>
+#endif
+int
+main ()
+{
+char *c = (char *) *sys_errlist
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_dcl_sys_errlist=yes
+ ol_cv_have_sys_errlist=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_dcl_sys_errlist=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ol_cv_dcl_sys_errlist" >&5
+echo "${ECHO_T}$ol_cv_dcl_sys_errlist" >&6
+#
+# It's possible (for near-UNIX clones) that sys_errlist doesn't exist
+if test $ol_cv_dcl_sys_errlist = no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define DECL_SYS_ERRLIST 1
+_ACEOF
+
+
+ echo "$as_me:$LINENO: checking existence of sys_errlist" >&5
+echo $ECHO_N "checking existence of sys_errlist... $ECHO_C" >&6
+if test "${ol_cv_have_sys_errlist+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <errno.h>
+int
+main ()
+{
+char *c = (char *) *sys_errlist
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_have_sys_errlist=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_have_sys_errlist=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ol_cv_have_sys_errlist" >&5
+echo "${ECHO_T}$ol_cv_have_sys_errlist" >&6
+fi
+if test $ol_cv_have_sys_errlist = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_SYS_ERRLIST 1
+_ACEOF
+
+fi
+
+fi
+
+
+
+for ac_header in regex.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+if test "$ac_cv_header_regex_h" != yes ; then
+ { { echo "$as_me:$LINENO: error: POSIX regex.h required." >&5
+echo "$as_me: error: POSIX regex.h required." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+echo "$as_me:$LINENO: checking for library containing regfree" >&5
+echo $ECHO_N "checking for library containing regfree... $ECHO_C" >&6
+if test "${ac_cv_search_regfree+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+ac_cv_search_regfree=no
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char regfree ();
+int
+main ()
+{
+regfree ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_search_regfree="none required"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_search_regfree" = no; then
+ for ac_lib in regex gnuregex; do
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char regfree ();
+int
+main ()
+{
+regfree ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_search_regfree="-l$ac_lib"
+break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+fi
+LIBS=$ac_func_search_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_search_regfree" >&5
+echo "${ECHO_T}$ac_cv_search_regfree" >&6
+if test "$ac_cv_search_regfree" != no; then
+ test "$ac_cv_search_regfree" = "none required" || LIBS="$ac_cv_search_regfree $LIBS"
+ :
+else
+ { { echo "$as_me:$LINENO: error: POSIX regex required." >&5
+echo "$as_me: error: POSIX regex required." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+
+
+echo "$as_me:$LINENO: checking for compatible POSIX regex" >&5
+echo $ECHO_N "checking for compatible POSIX regex... $ECHO_C" >&6
+if test "${ol_cv_c_posix_regex+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ if test "$cross_compiling" = yes; then
+ ol_cv_c_posix_regex=cross
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <regex.h>
+static char *pattern, *string;
+main()
+{
+ int rc;
+ regex_t re;
+
+ pattern = "^A";
+
+ if(regcomp(&re, pattern, 0)) {
+ return -1;
+ }
+
+ string = "ALL MATCH";
+
+ rc = regexec(&re, string, 0, (void*)0, 0);
+
+ regfree(&re);
+
+ return rc;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_c_posix_regex=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_c_posix_regex=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ol_cv_c_posix_regex" >&5
+echo "${ECHO_T}$ol_cv_c_posix_regex" >&6
+
+if test "$ol_cv_c_posix_regex" = no ; then
+ { { echo "$as_me:$LINENO: error: broken POSIX regex!" >&5
+echo "$as_me: error: broken POSIX regex!" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+
+have_uuid=no
+
+for ac_header in sys/uuid.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+if test $ac_cv_header_sys_uuid_h = yes ; then
+ save_LIBS="$LIBS"
+ echo "$as_me:$LINENO: checking for library containing uuid_to_str" >&5
+echo $ECHO_N "checking for library containing uuid_to_str... $ECHO_C" >&6
+if test "${ac_cv_search_uuid_to_str+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+ac_cv_search_uuid_to_str=no
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char uuid_to_str ();
+int
+main ()
+{
+uuid_to_str ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_search_uuid_to_str="none required"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_search_uuid_to_str" = no; then
+ for ac_lib in uuid; do
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char uuid_to_str ();
+int
+main ()
+{
+uuid_to_str ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_search_uuid_to_str="-l$ac_lib"
+break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+fi
+LIBS=$ac_func_search_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_search_uuid_to_str" >&5
+echo "${ECHO_T}$ac_cv_search_uuid_to_str" >&6
+if test "$ac_cv_search_uuid_to_str" != no; then
+ test "$ac_cv_search_uuid_to_str" = "none required" || LIBS="$ac_cv_search_uuid_to_str $LIBS"
+ have_uuid=yes
+else
+ :
+fi
+
+ LIBS="$save_LIBS"
+
+ if test have_uuid = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_UUID_TO_STR 1
+_ACEOF
+
+
+ test "$ac_cv_search_uuid_to_str" = "none required" || \
+ SLAPD_LIBS="$SLAPD_LIBS $ac_cv_search_uuid_to_str"
+ fi
+fi
+
+if test $have_uuid = no ; then
+ echo "$as_me:$LINENO: checking to see if -lrpcrt4 is needed for win32 UUID support" >&5
+echo $ECHO_N "checking to see if -lrpcrt4 is needed for win32 UUID support... $ECHO_C" >&6
+ save_LIBS="$LIBS"
+ LIBS="$LIBS -lrpcrt4"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ int __stdcall UuidCreate(void *);
+ int __stdcall UuidToStringA(void *,void **);
+
+int
+main ()
+{
+
+ UuidCreate(0);
+ UuidToStringA(0,0);
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ need_rpcrt=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+need_rpcrt=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ if test $need_rpcrt = yes; then
+ SLAPD_LIBS="$SLAPD_LIBS -lrpcrt4"
+ fi
+ LIBS="$save_LIBS"
+ echo "$as_me:$LINENO: result: $need_rpcrt" >&5
+echo "${ECHO_T}$need_rpcrt" >&6
+fi
+
+ol_cv_lib_resolver=no
+if test $ol_cv_lib_resolver = no ; then
+ echo "$as_me:$LINENO: checking for resolver link (default)" >&5
+echo $ECHO_N "checking for resolver link (default)... $ECHO_C" >&6
+if test "${ol_cv_resolver_none+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_RESOLVER_LIB=
+ ol_LIBS=$LIBS
+ LIBS="$ol_RESOLVER_LIB $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <netinet/in.h>
+#ifdef HAVE_ARPA_NAMESER_H
+# include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+# include <resolv.h>
+#endif
+
+int
+main ()
+{
+{
+ int len, status;
+ char *request = NULL;
+ unsigned char reply[64*1024];
+ unsigned char host[64*1024];
+ unsigned char *p;
+
+#ifdef NS_HFIXEDSZ
+ /* Bind 8/9 interface */
+ len = res_query(request, ns_c_in, ns_t_srv, reply, sizeof(reply));
+#else
+ /* Bind 4 interface */
+# ifndef T_SRV
+# define T_SRV 33
+# endif
+ len = res_query(request, C_IN, T_SRV, reply, sizeof(reply));
+#endif
+ p = reply;
+#ifdef NS_HFIXEDSZ
+ /* Bind 8/9 interface */
+ p += NS_HFIXEDSZ;
+#elif defined(HFIXEDSZ)
+ /* Bind 4 interface w/ HFIXEDSZ */
+ p += HFIXEDSZ;
+#else
+ /* Bind 4 interface w/o HFIXEDSZ */
+ p += sizeof(HEADER);
+#endif
+ status = dn_expand( reply, reply+len, p, host, sizeof(host));
+}
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_resolver_none=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_resolver_none=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_resolver_none" >&5
+echo "${ECHO_T}$ol_cv_resolver_none" >&6
+
+ if test $ol_cv_resolver_none = yes ; then
+ ol_cv_lib_resolver=yes
+ fi
+fi
+
+if test $ol_cv_lib_resolver = no ; then
+ echo "$as_me:$LINENO: checking for resolver link (-lresolv)" >&5
+echo $ECHO_N "checking for resolver link (-lresolv)... $ECHO_C" >&6
+if test "${ol_cv_resolver_resolv+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_RESOLVER_LIB=-lresolv
+ ol_LIBS=$LIBS
+ LIBS="$ol_RESOLVER_LIB $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <netinet/in.h>
+#ifdef HAVE_ARPA_NAMESER_H
+# include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+# include <resolv.h>
+#endif
+
+int
+main ()
+{
+{
+ int len, status;
+ char *request = NULL;
+ unsigned char reply[64*1024];
+ unsigned char host[64*1024];
+ unsigned char *p;
+
+#ifdef NS_HFIXEDSZ
+ /* Bind 8/9 interface */
+ len = res_query(request, ns_c_in, ns_t_srv, reply, sizeof(reply));
+#else
+ /* Bind 4 interface */
+# ifndef T_SRV
+# define T_SRV 33
+# endif
+ len = res_query(request, C_IN, T_SRV, reply, sizeof(reply));
+#endif
+ p = reply;
+#ifdef NS_HFIXEDSZ
+ /* Bind 8/9 interface */
+ p += NS_HFIXEDSZ;
+#elif defined(HFIXEDSZ)
+ /* Bind 4 interface w/ HFIXEDSZ */
+ p += HFIXEDSZ;
+#else
+ /* Bind 4 interface w/o HFIXEDSZ */
+ p += sizeof(HEADER);
+#endif
+ status = dn_expand( reply, reply+len, p, host, sizeof(host));
+}
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_resolver_resolv=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_resolver_resolv=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_resolver_resolv" >&5
+echo "${ECHO_T}$ol_cv_resolver_resolv" >&6
+
+ if test $ol_cv_resolver_resolv = yes ; then
+ ol_cv_lib_resolver=-lresolv
+ fi
+fi
+
+if test $ol_cv_lib_resolver = no ; then
+ echo "$as_me:$LINENO: checking for resolver link (-lbind)" >&5
+echo $ECHO_N "checking for resolver link (-lbind)... $ECHO_C" >&6
+if test "${ol_cv_resolver_bind+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_RESOLVER_LIB=-lbind
+ ol_LIBS=$LIBS
+ LIBS="$ol_RESOLVER_LIB $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <netinet/in.h>
+#ifdef HAVE_ARPA_NAMESER_H
+# include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+# include <resolv.h>
+#endif
+
+int
+main ()
+{
+{
+ int len, status;
+ char *request = NULL;
+ unsigned char reply[64*1024];
+ unsigned char host[64*1024];
+ unsigned char *p;
+
+#ifdef NS_HFIXEDSZ
+ /* Bind 8/9 interface */
+ len = res_query(request, ns_c_in, ns_t_srv, reply, sizeof(reply));
+#else
+ /* Bind 4 interface */
+# ifndef T_SRV
+# define T_SRV 33
+# endif
+ len = res_query(request, C_IN, T_SRV, reply, sizeof(reply));
+#endif
+ p = reply;
+#ifdef NS_HFIXEDSZ
+ /* Bind 8/9 interface */
+ p += NS_HFIXEDSZ;
+#elif defined(HFIXEDSZ)
+ /* Bind 4 interface w/ HFIXEDSZ */
+ p += HFIXEDSZ;
+#else
+ /* Bind 4 interface w/o HFIXEDSZ */
+ p += sizeof(HEADER);
+#endif
+ status = dn_expand( reply, reply+len, p, host, sizeof(host));
+}
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_resolver_bind=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_resolver_bind=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_resolver_bind" >&5
+echo "${ECHO_T}$ol_cv_resolver_bind" >&6
+
+ if test $ol_cv_resolver_bind = yes ; then
+ ol_cv_lib_resolver=-lbind
+ fi
+fi
+
+
+
+ol_link_dnssrv=no
+if test "$ol_cv_lib_resolver" != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_RES_QUERY 1
+_ACEOF
+
+
+ if test "$ol_enable_dnssrv" != no ; then
+ ol_link_dnssrv=yes
+ fi
+
+ if test "$ol_cv_lib_resolver" != yes ; then
+ LIBS="$ol_cv_lib_resolver $LIBS"
+ fi
+fi
+
+if test "$ol_enable_dnssrv" = yes || test "$ol_enable_dnssrv" = mod ; then
+ if test "$ol_link_dnssrv" = no ; then
+ { { echo "$as_me:$LINENO: error: DNSSRV requires res_query()" >&5
+echo "$as_me: error: DNSSRV requires res_query()" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+else
+ ol_enable_dnssrv=no
+fi
+
+
+for ac_func in hstrerror
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+
+
+
+
+for ac_func in getaddrinfo getnameinfo gai_strerror inet_ntop
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+ol_link_ipv6=no
+if test $ac_cv_func_getaddrinfo = no || test $ac_cv_func_inet_ntop = no ; then
+ if test $ol_enable_ipv6 = yes ; then
+ { { echo "$as_me:$LINENO: error: IPv6 support requires getaddrinfo() and inet_ntop()" >&5
+echo "$as_me: error: IPv6 support requires getaddrinfo() and inet_ntop()" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+elif test $ol_enable_ipv6 != no ; then
+ echo "$as_me:$LINENO: checking INET6_ADDRSTRLEN" >&5
+echo $ECHO_N "checking INET6_ADDRSTRLEN... $ECHO_C" >&6
+if test "${ol_cv_inet6_addrstrlen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+# include <netinet/in.h>
+# ifdef INET6_ADDRSTRLEN
+ __has_inet6_addrstrlen__;
+# endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__has_inet6_addrstrlen__" >/dev/null 2>&1; then
+ ol_cv_inet6_addrstrlen=yes
+else
+ ol_cv_inet6_addrstrlen=no
+fi
+rm -f conftest*
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_inet6_addrstrlen" >&5
+echo "${ECHO_T}$ol_cv_inet6_addrstrlen" >&6
+
+
+ echo "$as_me:$LINENO: checking struct sockaddr_storage" >&5
+echo $ECHO_N "checking struct sockaddr_storage... $ECHO_C" >&6
+if test "${ol_cv_struct_sockaddr_storage+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+int
+main ()
+{
+
+ struct sockaddr_storage ss;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_struct_sockaddr_storage=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_struct_sockaddr_storage=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ol_cv_struct_sockaddr_storage" >&5
+echo "${ECHO_T}$ol_cv_struct_sockaddr_storage" >&6
+
+ if test $ol_cv_inet6_addrstrlen = yes &&
+ test $ol_cv_struct_sockaddr_storage = yes ; then
+ ol_link_ipv6=yes
+ elif test $ol_enable_ipv6 = yes &&
+ test $ol_cv_inet6_addrstrlen = no ; then
+ { { echo "$as_me:$LINENO: error: IPv6 support requires INET6_ADDRSTRLEN" >&5
+echo "$as_me: error: IPv6 support requires INET6_ADDRSTRLEN" >&2;}
+ { (exit 1); exit 1; }; }
+ elif test $ol_enable_ipv6 = yes &&
+ test $ol_cv_struct_sockaddr_storage = no ; then
+ { { echo "$as_me:$LINENO: error: IPv6 support requires struct sockaddr_storage" >&5
+echo "$as_me: error: IPv6 support requires struct sockaddr_storage" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+
+if test $ol_enable_local != no ; then
+
+for ac_header in sys/un.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ if test $ol_enable_local = auto ; then
+ ol_enable_local=$ac_cv_header_sys_un_h
+ elif test $ac_cv_header_sys_un_h = no ; then
+ { { echo "$as_me:$LINENO: error: AF_LOCAL domain support requires sys/un.h" >&5
+echo "$as_me: error: AF_LOCAL domain support requires sys/un.h" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+
+ol_link_kbind=no
+ol_link_krb5=no
+ol_link_krb4=no
+
+case $ol_with_kerberos in yes | auto | k5 | k5only | k425)
+
+
+for ac_header in krb5.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ if test $ac_cv_header_krb5_h = yes ; then
+
+for ac_header in heim_err.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ if test $ac_cv_header_heim_err_h = yes ; then
+ krb5_impl=heimdal
+ else
+ krb5_impl=mit
+ fi
+
+ if test $krb5_impl = mit; then
+ echo "$as_me:$LINENO: checking for main in -lk5crypto" >&5
+echo $ECHO_N "checking for main in -lk5crypto... $ECHO_C" >&6
+if test "${ac_cv_lib_k5crypto_main+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lk5crypto $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+main ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_k5crypto_main=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_k5crypto_main=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_k5crypto_main" >&5
+echo "${ECHO_T}$ac_cv_lib_k5crypto_main" >&6
+if test $ac_cv_lib_k5crypto_main = yes; then
+ krb5crypto=k5crypto
+else
+ krb5crypto=crypto
+fi
+
+
+ echo "$as_me:$LINENO: checking for main in -lkrb5" >&5
+echo $ECHO_N "checking for main in -lkrb5... $ECHO_C" >&6
+if test "${ac_cv_lib_krb5_main+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb5 -l$krb5crypto -lcom_err $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+main ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_krb5_main=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_krb5_main=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_main" >&5
+echo "${ECHO_T}$ac_cv_lib_krb5_main" >&6
+if test $ac_cv_lib_krb5_main = yes; then
+ have_krb5=yes
+ KRB5_LIBS="-lkrb5 -l$krb5crypto -lcom_err"
+else
+ have_krb5=no
+fi
+
+
+ elif test $krb5_impl = heimdal; then
+ echo "$as_me:$LINENO: checking for main in -ldes" >&5
+echo $ECHO_N "checking for main in -ldes... $ECHO_C" >&6
+if test "${ac_cv_lib_des_main+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldes $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+main ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_des_main=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_des_main=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_des_main" >&5
+echo "${ECHO_T}$ac_cv_lib_des_main" >&6
+if test $ac_cv_lib_des_main = yes; then
+ krb5crypto=des
+else
+ krb5crypto=crypto
+fi
+
+
+ echo "$as_me:$LINENO: checking for main in -lkrb5" >&5
+echo $ECHO_N "checking for main in -lkrb5... $ECHO_C" >&6
+if test "${ac_cv_lib_krb5_main+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb5 -l$krb5crypto -lasn1 -lroken -lcom_err $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+main ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_krb5_main=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_krb5_main=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_main" >&5
+echo "${ECHO_T}$ac_cv_lib_krb5_main" >&6
+if test $ac_cv_lib_krb5_main = yes; then
+ have_krb5=yes
+ KRB5_LIBS="-lkrb5 -l$krb5crypto -lasn1 -lroken -lcom_err"
+else
+ have_krb5=no
+fi
+
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_HEIMDAL_KERBEROS 1
+_ACEOF
+
+
+ else
+ have_krb5=no
+ { echo "$as_me:$LINENO: WARNING: Unrecognized Kerberos5 Implementation" >&5
+echo "$as_me: WARNING: Unrecognized Kerberos5 Implementation" >&2;}
+ fi
+
+ if test $have_krb5 = yes ; then
+ ol_link_krb5=yes
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_KRB5 1
+_ACEOF
+
+
+ if test $ol_with_kerberos = k5only ; then
+ ol_with_kerberos=found
+ fi
+
+ elif test $ol_with_kerberos != auto ; then
+ { { echo "$as_me:$LINENO: error: Required Kerberos 5 support not available" >&5
+echo "$as_me: error: Required Kerberos 5 support not available" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ fi
+ ;;
+esac
+
+if test $ol_link_krb5 = yes &&
+ { test $ol_with_kerberos = yes ||
+ test $ol_with_kerberos = auto ||
+ test $ol_with_kerberos = k425; }; then
+
+
+
+for ac_header in kerberosIV/krb.h kerberosIV/des.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ if test $ac_cv_header_kerberosIV_krb_h = yes ; then
+ if test $krb5_impl = mit; then
+ echo "$as_me:$LINENO: checking for main in -lkrb4" >&5
+echo $ECHO_N "checking for main in -lkrb4... $ECHO_C" >&6
+if test "${ac_cv_lib_krb4_main+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb4 -ldes425 -lkrb5 -l$krb5crypto -lcom_err $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+main ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_krb4_main=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_krb4_main=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_krb4_main" >&5
+echo "${ECHO_T}$ac_cv_lib_krb4_main" >&6
+if test $ac_cv_lib_krb4_main = yes; then
+ have_k425=yes
+ KRB4_LIBS="-lkrb4 -ldes425"
+else
+ have_k425=no
+fi
+
+
+ elif test $krb5_impl = heimdal; then
+ echo "$as_me:$LINENO: checking for main in -lkrb4" >&5
+echo $ECHO_N "checking for main in -lkrb4... $ECHO_C" >&6
+if test "${ac_cv_lib_krb4_main+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb4 -lkrb5 -l$krb5crypto -lasn1 -lroken -lcom_err $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+main ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_krb4_main=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_krb4_main=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_krb4_main" >&5
+echo "${ECHO_T}$ac_cv_lib_krb4_main" >&6
+if test $ac_cv_lib_krb4_main = yes; then
+ have_k425=yes
+ KRB4_LIBS="-lkrb4"
+else
+ have_k425=no
+fi
+
+
+ else
+ have_425=no
+ { echo "$as_me:$LINENO: WARNING: Unrecongized Kerberos V Implementation" >&5
+echo "$as_me: WARNING: Unrecongized Kerberos V Implementation" >&2;}
+ fi
+
+ if test $have_k425 = yes ; then
+ ol_with_kerberos=found
+ ol_link_krb4=yes
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_KRB425 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_KRB4 1
+_ACEOF
+
+
+ echo "$as_me:$LINENO: checking for des_debug in Kerberos libraries" >&5
+echo $ECHO_N "checking for des_debug in Kerberos libraries... $ECHO_C" >&6
+if test "${ol_cv_var_des_debug+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ save_LIBS="$LIBS"
+ LIBS="$KRB4_LIBS $KRB5_LIBS $LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <kerberosIV/krb.h>
+#include <kerberosIV/des.h>
+extern int des_debug;
+
+int
+main ()
+{
+
+des_debug = 1;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_var_des_debug=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_var_des_debug=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$save_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_var_des_debug" >&5
+echo "${ECHO_T}$ol_cv_var_des_debug" >&6
+
+ if test $ol_cv_var_des_debug = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_DES_DEBUG 1
+_ACEOF
+
+ fi
+
+ LIBS="$save_LIBS"
+ fi
+ fi
+fi
+
+if test $ol_link_krb5 = yes ; then
+ ol_with_kerberos=found
+fi
+
+case $ol_with_kerberos in yes | auto | k4 | kth)
+
+
+
+
+for ac_header in krb.h des.h krb-archaeology.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ if test $ac_cv_header_krb_h = yes ; then
+ echo "$as_me:$LINENO: checking for main in -lkrb" >&5
+echo $ECHO_N "checking for main in -lkrb... $ECHO_C" >&6
+if test "${ac_cv_lib_krb_main+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb -ldes $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+main ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_krb_main=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_krb_main=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_krb_main" >&5
+echo "${ECHO_T}$ac_cv_lib_krb_main" >&6
+if test $ac_cv_lib_krb_main = yes; then
+ have_k4=yes
+else
+ have_k4=no
+fi
+
+
+ if test $have_k4 = yes ; then
+ ol_with_kerberos=found
+ ol_link_krb4=yes
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_KRB4 1
+_ACEOF
+
+
+ KRB4_LIBS="-lkrb -ldes"
+
+ if test $ac_cv_header_krb_archaeology_h = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_KTH_KERBEROS 1
+_ACEOF
+
+ fi
+ fi
+ fi
+ ;;
+esac
+
+if test $ol_link_krb4 = yes && test $ol_enable_kbind != no ; then
+ ol_link_kbind=yes
+
+elif test $ol_enable_kbind = yes ; then
+ { { echo "$as_me:$LINENO: error: Kerberos IV detection failed" >&5
+echo "$as_me: error: Kerberos IV detection failed" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+if test $ol_link_krb4 = yes || test $ol_link_krb5 = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_KERBEROS 1
+_ACEOF
+
+
+elif test $ol_with_kerberos != auto && test $ol_with_kerberos != no ; then
+ { { echo "$as_me:$LINENO: error: Kerberos detection failed" >&5
+echo "$as_me: error: Kerberos detection failed" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+
+ol_link_tls=no
+if test $ol_with_tls != no ; then
+
+for ac_header in openssl/ssl.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ if test $ac_cv_header_openssl_ssl_h = yes ; then
+ echo "$as_me:$LINENO: checking for SSL_library_init in -lssl" >&5
+echo $ECHO_N "checking for SSL_library_init in -lssl... $ECHO_C" >&6
+if test "${ac_cv_lib_ssl_SSL_library_init+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lssl -lcrypto $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char SSL_library_init ();
+int
+main ()
+{
+SSL_library_init ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_ssl_SSL_library_init=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_ssl_SSL_library_init=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_ssl_SSL_library_init" >&5
+echo "${ECHO_T}$ac_cv_lib_ssl_SSL_library_init" >&6
+if test $ac_cv_lib_ssl_SSL_library_init = yes; then
+ have_openssl=yes
+ need_rsaref=no
+else
+ have_openssl=no
+fi
+
+
+ if test $have_openssl = no ; then
+ echo "$as_me:$LINENO: checking for ssl3_accept in -lssl" >&5
+echo $ECHO_N "checking for ssl3_accept in -lssl... $ECHO_C" >&6
+if test "${ac_cv_lib_ssl_ssl3_accept+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lssl -lcrypto -lRSAglue -lrsaref $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char ssl3_accept ();
+int
+main ()
+{
+ssl3_accept ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_ssl_ssl3_accept=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_ssl_ssl3_accept=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_ssl_ssl3_accept" >&5
+echo "${ECHO_T}$ac_cv_lib_ssl_ssl3_accept" >&6
+if test $ac_cv_lib_ssl_ssl3_accept = yes; then
+ have_openssl=yes
+ need_rsaref=yes
+else
+ have_openssl=no
+fi
+
+ fi
+
+ if test $have_openssl = yes ; then
+ ol_with_tls=found
+ ol_link_tls=yes
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_OPENSSL 1
+_ACEOF
+
+
+ if test $need_rsaref = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_RSAREF 1
+_ACEOF
+
+
+ TLS_LIBS="-lssl -lcrypto -lRSAglue -lrsaref"
+ else
+ TLS_LIBS="-lssl -lcrypto"
+ fi
+ fi
+ echo "$as_me:$LINENO: checking OpenSSL library version (CRL checking capability)" >&5
+echo $ECHO_N "checking OpenSSL library version (CRL checking capability)... $ECHO_C" >&6
+if test "${ol_cv_ssl_crl_compat+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_OPENSSL_SSL_H
+#include <openssl/ssl.h>
+#else
+#include <ssl.h>
+#endif
+
+/* Require 0.9.7d+ */
+#if OPENSSL_VERSION_NUMBER >= 0x0090704fL
+ char *__ssl_compat = "0.9.7d";
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__ssl_compat" >/dev/null 2>&1; then
+ ol_cv_ssl_crl_compat=yes
+else
+ ol_cv_ssl_crl_compat=no
+fi
+rm -f conftest*
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_ssl_crl_compat" >&5
+echo "${ECHO_T}$ol_cv_ssl_crl_compat" >&6
+
+ if test $ol_cv_ssl_crl_compat = no ; then
+ ol_link_ssl=no
+ else
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_OPENSSL_CRL 1
+_ACEOF
+
+ fi
+ fi
+
+else
+ { echo "$as_me:$LINENO: WARNING: TLS data protection not supported!" >&5
+echo "$as_me: WARNING: TLS data protection not supported!" >&2;}
+fi
+
+WITH_TLS=no
+if test $ol_link_tls = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_TLS 1
+_ACEOF
+
+ WITH_TLS=yes
+
+elif test $ol_with_tls = auto ; then
+ { echo "$as_me:$LINENO: WARNING: Could not locate TLS/SSL package" >&5
+echo "$as_me: WARNING: Could not locate TLS/SSL package" >&2;}
+ { echo "$as_me:$LINENO: WARNING: TLS data protection not supported!" >&5
+echo "$as_me: WARNING: TLS data protection not supported!" >&2;}
+
+elif test $ol_with_tls != no ; then
+ { { echo "$as_me:$LINENO: error: Could not locate TLS/SSL package" >&5
+echo "$as_me: error: Could not locate TLS/SSL package" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+if test $ol_enable_lmpasswd != no; then
+ if test $ol_link_tls != yes ; then
+ { { echo "$as_me:$LINENO: error: LAN Manager passwords require OpenSSL" >&5
+echo "$as_me: error: LAN Manager passwords require OpenSSL" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+
+cat >>confdefs.h <<\_ACEOF
+#define SLAPD_LMHASH 1
+_ACEOF
+
+fi
+
+ol_link_threads=no
+
+case $ol_with_threads in auto | yes | nt)
+
+
+ echo "$as_me:$LINENO: checking for _beginthread" >&5
+echo $ECHO_N "checking for _beginthread... $ECHO_C" >&6
+if test "${ac_cv_func__beginthread+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define _beginthread to an innocuous variant, in case <limits.h> declares _beginthread.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define _beginthread innocuous__beginthread
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char _beginthread (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef _beginthread
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char _beginthread ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub__beginthread) || defined (__stub____beginthread)
+choke me
+#else
+char (*f) () = _beginthread;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != _beginthread;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func__beginthread=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func__beginthread=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func__beginthread" >&5
+echo "${ECHO_T}$ac_cv_func__beginthread" >&6
+
+
+ if test $ac_cv_func__beginthread = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_NT_THREADS 1
+_ACEOF
+
+ ol_cv_nt_threads=yes
+ fi
+
+
+ if test "$ol_cv_nt_threads" = yes ; then
+ ol_link_threads=nt
+ ol_with_threads=found
+ ol_with_yielding_select=yes
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_NT_SERVICE_MANAGER 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_NT_EVENT_LOG 1
+_ACEOF
+
+ fi
+
+ if test $ol_with_threads = nt ; then
+ { { echo "$as_me:$LINENO: error: could not locate NT Threads" >&5
+echo "$as_me: error: could not locate NT Threads" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ;;
+esac
+
+case $ol_with_threads in auto | yes | posix)
+
+
+for ac_header in pthread.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ if test $ac_cv_header_pthread_h = yes ; then
+ echo "$as_me:$LINENO: checking POSIX thread version" >&5
+echo $ECHO_N "checking POSIX thread version... $ECHO_C" >&6
+if test "${ol_cv_pthread_version+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+# include <pthread.h>
+
+int
+main ()
+{
+
+ int i = PTHREAD_CREATE_JOINABLE;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <pthread.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "pthread_detach" >/dev/null 2>&1; then
+ ol_cv_pthread_version=10
+else
+ ol_cv_pthread_version=8
+fi
+rm -f conftest*
+
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+# include <pthread.h>
+# ifdef PTHREAD_CREATE_UNDETACHED
+ draft7
+# endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "draft7" >/dev/null 2>&1; then
+ ol_cv_pthread_version=7
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <pthread.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "pthread_attr_init" >/dev/null 2>&1; then
+ ol_cv_pthread_version=6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+# include <pthread.h>
+#ifdef PTHREAD_MUTEX_INITIALIZER
+ draft5
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "draft5" >/dev/null 2>&1; then
+ ol_cv_pthread_version=5
+else
+ ol_cv_pthread_version=4
+fi
+rm -f conftest*
+
+fi
+rm -f conftest*
+
+fi
+rm -f conftest*
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_version" >&5
+echo "${ECHO_T}$ol_cv_pthread_version" >&6
+
+
+ if test $ol_cv_pthread_version != 0 ; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_PTHREADS $ol_cv_pthread_version
+_ACEOF
+
+ else
+ { { echo "$as_me:$LINENO: error: unknown pthread version" >&5
+echo "$as_me: error: unknown pthread version" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ # consider threads found
+ ol_with_threads=found
+
+
+ echo "$as_me:$LINENO: checking for LinuxThreads pthread.h" >&5
+echo $ECHO_N "checking for LinuxThreads pthread.h... $ECHO_C" >&6
+if test "${ol_cv_header_linux_threads+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <pthread.h>
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "pthread_kill_other_threads_np" >/dev/null 2>&1; then
+ ol_cv_header_linux_threads=yes
+else
+ ol_cv_header_linux_threads=no
+fi
+rm -f conftest*
+
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_header_linux_threads" >&5
+echo "${ECHO_T}$ol_cv_header_linux_threads" >&6
+ if test $ol_cv_header_linux_threads = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_LINUX_THREADS 1
+_ACEOF
+
+ fi
+
+
+ echo "$as_me:$LINENO: checking for GNU Pth pthread.h" >&5
+echo $ECHO_N "checking for GNU Pth pthread.h... $ECHO_C" >&6
+if test "${ol_cv_header_gnu_pth_pthread_h+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <pthread.h>
+#ifdef _POSIX_THREAD_IS_GNU_PTH
+ __gnu_pth__;
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__gnu_pth__" >/dev/null 2>&1; then
+ ol_cv_header_gnu_pth_pthread_h=yes
+else
+ ol_cv_header_gnu_pth_pthread_h=no
+fi
+rm -f conftest*
+
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_header_gnu_pth_pthread_h" >&5
+echo "${ECHO_T}$ol_cv_header_gnu_pth_pthread_h" >&6
+
+
+ if test $ol_cv_header_gnu_pth_pthread_h = no ; then
+
+for ac_header in sched.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ fi
+
+
+ echo "$as_me:$LINENO: checking for pthread_create in default libraries" >&5
+echo $ECHO_N "checking for pthread_create in default libraries... $ECHO_C" >&6
+if test "${ol_cv_pthread_create+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_create=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_create=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_create=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_create=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_create" >&5
+echo "${ECHO_T}$ol_cv_pthread_create" >&6
+
+ if test $ol_cv_pthread_create != no ; then
+ ol_link_threads=posix
+ ol_link_pthreads=""
+ fi
+
+ # Pthread try link: -kthread (ol_cv_pthread_kthread)
+if test "$ol_link_threads" = no ; then
+ # try -kthread
+ echo "$as_me:$LINENO: checking for pthread link with -kthread" >&5
+echo $ECHO_N "checking for pthread link with -kthread... $ECHO_C" >&6
+if test "${ol_cv_pthread_kthread+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="-kthread $LIBS"
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_kthread=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_kthread=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_kthread=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_kthread=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_kthread" >&5
+echo "${ECHO_T}$ol_cv_pthread_kthread" >&6
+
+ if test $ol_cv_pthread_kthread = yes ; then
+ ol_link_pthreads="-kthread"
+ ol_link_threads=posix
+ fi
+fi
+
+ # Pthread try link: -pthread (ol_cv_pthread_pthread)
+if test "$ol_link_threads" = no ; then
+ # try -pthread
+ echo "$as_me:$LINENO: checking for pthread link with -pthread" >&5
+echo $ECHO_N "checking for pthread link with -pthread... $ECHO_C" >&6
+if test "${ol_cv_pthread_pthread+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="-pthread $LIBS"
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_pthread=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_pthread=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_pthread=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_pthread=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_pthread" >&5
+echo "${ECHO_T}$ol_cv_pthread_pthread" >&6
+
+ if test $ol_cv_pthread_pthread = yes ; then
+ ol_link_pthreads="-pthread"
+ ol_link_threads=posix
+ fi
+fi
+
+ # Pthread try link: -pthreads (ol_cv_pthread_pthreads)
+if test "$ol_link_threads" = no ; then
+ # try -pthreads
+ echo "$as_me:$LINENO: checking for pthread link with -pthreads" >&5
+echo $ECHO_N "checking for pthread link with -pthreads... $ECHO_C" >&6
+if test "${ol_cv_pthread_pthreads+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="-pthreads $LIBS"
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_pthreads=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_pthreads=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_pthreads=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_pthreads=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_pthreads" >&5
+echo "${ECHO_T}$ol_cv_pthread_pthreads" >&6
+
+ if test $ol_cv_pthread_pthreads = yes ; then
+ ol_link_pthreads="-pthreads"
+ ol_link_threads=posix
+ fi
+fi
+
+ # Pthread try link: -mthreads (ol_cv_pthread_mthreads)
+if test "$ol_link_threads" = no ; then
+ # try -mthreads
+ echo "$as_me:$LINENO: checking for pthread link with -mthreads" >&5
+echo $ECHO_N "checking for pthread link with -mthreads... $ECHO_C" >&6
+if test "${ol_cv_pthread_mthreads+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="-mthreads $LIBS"
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_mthreads=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_mthreads=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_mthreads=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_mthreads=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_mthreads" >&5
+echo "${ECHO_T}$ol_cv_pthread_mthreads" >&6
+
+ if test $ol_cv_pthread_mthreads = yes ; then
+ ol_link_pthreads="-mthreads"
+ ol_link_threads=posix
+ fi
+fi
+
+ # Pthread try link: -thread (ol_cv_pthread_thread)
+if test "$ol_link_threads" = no ; then
+ # try -thread
+ echo "$as_me:$LINENO: checking for pthread link with -thread" >&5
+echo $ECHO_N "checking for pthread link with -thread... $ECHO_C" >&6
+if test "${ol_cv_pthread_thread+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="-thread $LIBS"
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_thread=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_thread=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_thread=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_thread=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_thread" >&5
+echo "${ECHO_T}$ol_cv_pthread_thread" >&6
+
+ if test $ol_cv_pthread_thread = yes ; then
+ ol_link_pthreads="-thread"
+ ol_link_threads=posix
+ fi
+fi
+
+
+ # Pthread try link: -lpthread -lmach -lexc -lc_r (ol_cv_pthread_lpthread_lmach_lexc_lc_r)
+if test "$ol_link_threads" = no ; then
+ # try -lpthread -lmach -lexc -lc_r
+ echo "$as_me:$LINENO: checking for pthread link with -lpthread -lmach -lexc -lc_r" >&5
+echo $ECHO_N "checking for pthread link with -lpthread -lmach -lexc -lc_r... $ECHO_C" >&6
+if test "${ol_cv_pthread_lpthread_lmach_lexc_lc_r+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="-lpthread -lmach -lexc -lc_r $LIBS"
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lpthread_lmach_lexc_lc_r=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_lpthread_lmach_lexc_lc_r=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lpthread_lmach_lexc_lc_r=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_lpthread_lmach_lexc_lc_r=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthread_lmach_lexc_lc_r" >&5
+echo "${ECHO_T}$ol_cv_pthread_lpthread_lmach_lexc_lc_r" >&6
+
+ if test $ol_cv_pthread_lpthread_lmach_lexc_lc_r = yes ; then
+ ol_link_pthreads="-lpthread -lmach -lexc -lc_r"
+ ol_link_threads=posix
+ fi
+fi
+
+ # Pthread try link: -lpthread -lmach -lexc (ol_cv_pthread_lpthread_lmach_lexc)
+if test "$ol_link_threads" = no ; then
+ # try -lpthread -lmach -lexc
+ echo "$as_me:$LINENO: checking for pthread link with -lpthread -lmach -lexc" >&5
+echo $ECHO_N "checking for pthread link with -lpthread -lmach -lexc... $ECHO_C" >&6
+if test "${ol_cv_pthread_lpthread_lmach_lexc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="-lpthread -lmach -lexc $LIBS"
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lpthread_lmach_lexc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_lpthread_lmach_lexc=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lpthread_lmach_lexc=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_lpthread_lmach_lexc=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthread_lmach_lexc" >&5
+echo "${ECHO_T}$ol_cv_pthread_lpthread_lmach_lexc" >&6
+
+ if test $ol_cv_pthread_lpthread_lmach_lexc = yes ; then
+ ol_link_pthreads="-lpthread -lmach -lexc"
+ ol_link_threads=posix
+ fi
+fi
+
+
+ # Pthread try link: -lpthread -Wl,-woff,85 (ol_cv_pthread_lib_lpthread_woff)
+if test "$ol_link_threads" = no ; then
+ # try -lpthread -Wl,-woff,85
+ echo "$as_me:$LINENO: checking for pthread link with -lpthread -Wl,-woff,85" >&5
+echo $ECHO_N "checking for pthread link with -lpthread -Wl,-woff,85... $ECHO_C" >&6
+if test "${ol_cv_pthread_lib_lpthread_woff+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="-lpthread -Wl,-woff,85 $LIBS"
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lib_lpthread_woff=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_lib_lpthread_woff=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lib_lpthread_woff=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_lib_lpthread_woff=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_lib_lpthread_woff" >&5
+echo "${ECHO_T}$ol_cv_pthread_lib_lpthread_woff" >&6
+
+ if test $ol_cv_pthread_lib_lpthread_woff = yes ; then
+ ol_link_pthreads="-lpthread -Wl,-woff,85"
+ ol_link_threads=posix
+ fi
+fi
+
+
+ # Pthread try link: -lpthread (ol_cv_pthread_lpthread)
+if test "$ol_link_threads" = no ; then
+ # try -lpthread
+ echo "$as_me:$LINENO: checking for pthread link with -lpthread" >&5
+echo $ECHO_N "checking for pthread link with -lpthread... $ECHO_C" >&6
+if test "${ol_cv_pthread_lpthread+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="-lpthread $LIBS"
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lpthread=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_lpthread=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lpthread=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_lpthread=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthread" >&5
+echo "${ECHO_T}$ol_cv_pthread_lpthread" >&6
+
+ if test $ol_cv_pthread_lpthread = yes ; then
+ ol_link_pthreads="-lpthread"
+ ol_link_threads=posix
+ fi
+fi
+
+ # Pthread try link: -lc_r (ol_cv_pthread_lc_r)
+if test "$ol_link_threads" = no ; then
+ # try -lc_r
+ echo "$as_me:$LINENO: checking for pthread link with -lc_r" >&5
+echo $ECHO_N "checking for pthread link with -lc_r... $ECHO_C" >&6
+if test "${ol_cv_pthread_lc_r+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="-lc_r $LIBS"
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lc_r=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_lc_r=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lc_r=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_lc_r=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_lc_r" >&5
+echo "${ECHO_T}$ol_cv_pthread_lc_r" >&6
+
+ if test $ol_cv_pthread_lc_r = yes ; then
+ ol_link_pthreads="-lc_r"
+ ol_link_threads=posix
+ fi
+fi
+
+
+ # Pthread try link: -threads (ol_cv_pthread_threads)
+if test "$ol_link_threads" = no ; then
+ # try -threads
+ echo "$as_me:$LINENO: checking for pthread link with -threads" >&5
+echo $ECHO_N "checking for pthread link with -threads... $ECHO_C" >&6
+if test "${ol_cv_pthread_threads+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="-threads $LIBS"
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_threads=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_threads=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_threads=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_threads=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_threads" >&5
+echo "${ECHO_T}$ol_cv_pthread_threads" >&6
+
+ if test $ol_cv_pthread_threads = yes ; then
+ ol_link_pthreads="-threads"
+ ol_link_threads=posix
+ fi
+fi
+
+
+ # Pthread try link: -lpthreads -lmach -lexc -lc_r (ol_cv_pthread_lpthreads_lmach_lexc_lc_r)
+if test "$ol_link_threads" = no ; then
+ # try -lpthreads -lmach -lexc -lc_r
+ echo "$as_me:$LINENO: checking for pthread link with -lpthreads -lmach -lexc -lc_r" >&5
+echo $ECHO_N "checking for pthread link with -lpthreads -lmach -lexc -lc_r... $ECHO_C" >&6
+if test "${ol_cv_pthread_lpthreads_lmach_lexc_lc_r+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="-lpthreads -lmach -lexc -lc_r $LIBS"
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lpthreads_lmach_lexc_lc_r=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_lpthreads_lmach_lexc_lc_r=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lpthreads_lmach_lexc_lc_r=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_lpthreads_lmach_lexc_lc_r=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthreads_lmach_lexc_lc_r" >&5
+echo "${ECHO_T}$ol_cv_pthread_lpthreads_lmach_lexc_lc_r" >&6
+
+ if test $ol_cv_pthread_lpthreads_lmach_lexc_lc_r = yes ; then
+ ol_link_pthreads="-lpthreads -lmach -lexc -lc_r"
+ ol_link_threads=posix
+ fi
+fi
+
+ # Pthread try link: -lpthreads -lmach -lexc (ol_cv_pthread_lpthreads_lmach_lexc)
+if test "$ol_link_threads" = no ; then
+ # try -lpthreads -lmach -lexc
+ echo "$as_me:$LINENO: checking for pthread link with -lpthreads -lmach -lexc" >&5
+echo $ECHO_N "checking for pthread link with -lpthreads -lmach -lexc... $ECHO_C" >&6
+if test "${ol_cv_pthread_lpthreads_lmach_lexc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="-lpthreads -lmach -lexc $LIBS"
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lpthreads_lmach_lexc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_lpthreads_lmach_lexc=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lpthreads_lmach_lexc=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_lpthreads_lmach_lexc=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthreads_lmach_lexc" >&5
+echo "${ECHO_T}$ol_cv_pthread_lpthreads_lmach_lexc" >&6
+
+ if test $ol_cv_pthread_lpthreads_lmach_lexc = yes ; then
+ ol_link_pthreads="-lpthreads -lmach -lexc"
+ ol_link_threads=posix
+ fi
+fi
+
+ # Pthread try link: -lpthreads -lexc (ol_cv_pthread_lpthreads_lexc)
+if test "$ol_link_threads" = no ; then
+ # try -lpthreads -lexc
+ echo "$as_me:$LINENO: checking for pthread link with -lpthreads -lexc" >&5
+echo $ECHO_N "checking for pthread link with -lpthreads -lexc... $ECHO_C" >&6
+if test "${ol_cv_pthread_lpthreads_lexc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="-lpthreads -lexc $LIBS"
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lpthreads_lexc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_lpthreads_lexc=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lpthreads_lexc=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_lpthreads_lexc=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthreads_lexc" >&5
+echo "${ECHO_T}$ol_cv_pthread_lpthreads_lexc" >&6
+
+ if test $ol_cv_pthread_lpthreads_lexc = yes ; then
+ ol_link_pthreads="-lpthreads -lexc"
+ ol_link_threads=posix
+ fi
+fi
+
+
+ # Pthread try link: -lpthreads (ol_cv_pthread_lib_lpthreads)
+if test "$ol_link_threads" = no ; then
+ # try -lpthreads
+ echo "$as_me:$LINENO: checking for pthread link with -lpthreads" >&5
+echo $ECHO_N "checking for pthread link with -lpthreads... $ECHO_C" >&6
+if test "${ol_cv_pthread_lib_lpthreads+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ # save the flags
+ ol_LIBS="$LIBS"
+ LIBS="-lpthreads $LIBS"
+
+ if test "$cross_compiling" = yes; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+int
+main ()
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lib_lpthreads=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_pthread_lib_lpthreads=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_lib_lpthreads=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_lib_lpthreads=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ # restore the LIBS
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_lib_lpthreads" >&5
+echo "${ECHO_T}$ol_cv_pthread_lib_lpthreads" >&6
+
+ if test $ol_cv_pthread_lib_lpthreads = yes ; then
+ ol_link_pthreads="-lpthreads"
+ ol_link_threads=posix
+ fi
+fi
+
+
+ if test $ol_link_threads != no ; then
+ LTHREAD_LIBS="$LTHREAD_LIBS $ol_link_pthreads"
+
+ save_CPPFLAGS="$CPPFLAGS"
+ save_LIBS="$LIBS"
+ LIBS="$LTHREAD_LIBS $LIBS"
+
+
+
+
+for ac_func in sched_yield pthread_yield thr_yield
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+ if test $ac_cv_func_sched_yield = no &&
+ test $ac_cv_func_pthread_yield = no &&
+ test $ac_cv_func_thr_yield = no ; then
+ echo "$as_me:$LINENO: checking for sched_yield in -lrt" >&5
+echo $ECHO_N "checking for sched_yield in -lrt... $ECHO_C" >&6
+if test "${ac_cv_lib_rt_sched_yield+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lrt $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char sched_yield ();
+int
+main ()
+{
+sched_yield ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_rt_sched_yield=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_rt_sched_yield=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_rt_sched_yield" >&5
+echo "${ECHO_T}$ac_cv_lib_rt_sched_yield" >&6
+if test $ac_cv_lib_rt_sched_yield = yes; then
+ LTHREAD_LIBS="$LTHREAD_LIBS -lrt"
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_SCHED_YIELD 1
+_ACEOF
+
+ ac_cv_func_sched_yield=yes
+else
+ ac_cv_func_sched_yield=no
+fi
+
+ fi
+ if test $ac_cv_func_sched_yield = no &&
+ test $ac_cv_func_pthread_yield = no &&
+ test "$ac_cv_func_thr_yield" = no ; then
+ { echo "$as_me:$LINENO: WARNING: could not locate sched_yield() or pthread_yield()" >&5
+echo "$as_me: WARNING: could not locate sched_yield() or pthread_yield()" >&2;}
+ fi
+
+
+
+for ac_func in pthread_kill pthread_rwlock_destroy
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+ echo "$as_me:$LINENO: checking for pthread_detach with <pthread.h>" >&5
+echo $ECHO_N "checking for pthread_detach with <pthread.h>... $ECHO_C" >&6
+if test "${ol_cv_func_pthread_detach+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <pthread.h>
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+int
+main ()
+{
+pthread_detach(NULL);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_func_pthread_detach=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_func_pthread_detach=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_func_pthread_detach" >&5
+echo "${ECHO_T}$ol_cv_func_pthread_detach" >&6
+
+ if test $ol_cv_func_pthread_detach = no ; then
+ { { echo "$as_me:$LINENO: error: could not locate pthread_detach()" >&5
+echo "$as_me: error: could not locate pthread_detach()" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_PTHREAD_DETACH 1
+_ACEOF
+
+
+
+
+
+
+for ac_func in \
+ pthread_setconcurrency \
+ pthread_getconcurrency \
+ thr_setconcurrency \
+ thr_getconcurrency \
+
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+
+
+for ac_func in pthread_kill_other_threads_np
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ echo "$as_me:$LINENO: checking for LinuxThreads implementation" >&5
+echo $ECHO_N "checking for LinuxThreads implementation... $ECHO_C" >&6
+if test "${ol_cv_sys_linux_threads+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ol_cv_sys_linux_threads=$ac_cv_func_pthread_kill_other_threads_np
+fi
+echo "$as_me:$LINENO: result: $ol_cv_sys_linux_threads" >&5
+echo "${ECHO_T}$ol_cv_sys_linux_threads" >&6
+
+
+
+
+ echo "$as_me:$LINENO: checking for LinuxThreads consistency" >&5
+echo $ECHO_N "checking for LinuxThreads consistency... $ECHO_C" >&6
+if test "${ol_cv_linux_threads+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ if test $ol_cv_header_linux_threads = yes &&
+ test $ol_cv_sys_linux_threads = yes; then
+ ol_cv_linux_threads=yes
+ elif test $ol_cv_header_linux_threads = no &&
+ test $ol_cv_sys_linux_threads = no; then
+ ol_cv_linux_threads=no
+ else
+ ol_cv_linux_threads=error
+ fi
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_linux_threads" >&5
+echo "${ECHO_T}$ol_cv_linux_threads" >&6
+
+
+ if test $ol_cv_linux_threads = error; then
+ { { echo "$as_me:$LINENO: error: LinuxThreads header/library mismatch" >&5
+echo "$as_me: error: LinuxThreads header/library mismatch" >&2;}
+ { (exit 1); exit 1; }; };
+ fi
+
+ echo "$as_me:$LINENO: checking if pthread_create() works" >&5
+echo $ECHO_N "checking if pthread_create() works... $ECHO_C" >&6
+if test "${ol_cv_pthread_create_works+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ if test "$cross_compiling" = yes; then
+ ol_cv_pthread_create_works=yes
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* pthread test headers */
+#include <pthread.h>
+#if HAVE_PTHREADS < 7
+#include <errno.h>
+#endif
+#ifndef NULL
+#define NULL (void*)0
+#endif
+
+static void *task(p)
+ void *p;
+{
+ return (void *) (p == NULL);
+}
+
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+
+ /* pthread test function */
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+ pthread_t t;
+ int status;
+ int detach = PTHREAD_CREATE_DETACHED;
+
+#if HAVE_PTHREADS > 4
+ /* Final pthreads */
+ pthread_attr_t attr;
+
+ status = pthread_attr_init(&attr);
+ if( status ) return status;
+
+#if HAVE_PTHREADS < 7
+ status = pthread_attr_setdetachstate(&attr, &detach);
+ if( status < 0 ) status = errno;
+#else
+ status = pthread_attr_setdetachstate(&attr, detach);
+#endif
+ if( status ) return status;
+ status = pthread_create( &t, &attr, task, NULL );
+#if HAVE_PTHREADS < 7
+ if( status < 0 ) status = errno;
+#endif
+ if( status ) return status;
+#else
+ /* Draft 4 pthreads */
+ status = pthread_create( &t, pthread_attr_default, task, NULL );
+ if( status ) return errno;
+
+ /* give thread a chance to complete */
+ /* it should remain joinable and hence detachable */
+ sleep( 1 );
+
+ status = pthread_detach( &t );
+ if( status ) return errno;
+#endif
+
+#ifdef HAVE_LINUX_THREADS
+ pthread_kill_other_threads_np();
+#endif
+
+ return 0;
+
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_create_works=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_create_works=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_create_works" >&5
+echo "${ECHO_T}$ol_cv_pthread_create_works" >&6
+
+ if test $ol_cv_pthread_create_works = no ; then
+ { { echo "$as_me:$LINENO: error: pthread_create is not usable, check environment settings" >&5
+echo "$as_me: error: pthread_create is not usable, check environment settings" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ ol_replace_broken_yield=no
+
+ if test $ol_replace_broken_yield = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define REPLACE_BROKEN_YIELD 1
+_ACEOF
+
+ fi
+
+ if test $ol_with_yielding_select = auto ; then
+ echo "$as_me:$LINENO: checking if select yields when using pthreads" >&5
+echo $ECHO_N "checking if select yields when using pthreads... $ECHO_C" >&6
+if test "${ol_cv_pthread_select_yields+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ if test "$cross_compiling" = yes; then
+ ol_cv_pthread_select_yields=cross
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <unistd.h>
+#include <pthread.h>
+#ifndef NULL
+#define NULL (void*) 0
+#endif
+
+static int fildes[2];
+
+static void *task(p)
+ void *p;
+{
+ int i;
+ struct timeval tv;
+
+ fd_set rfds;
+
+ tv.tv_sec=10;
+ tv.tv_usec=0;
+
+ FD_ZERO(&rfds);
+ FD_SET(fildes[0], &rfds);
+
+ /* we're not interested in any fds */
+ i = select(FD_SETSIZE, &rfds, NULL, NULL, &tv);
+
+ if(i < 0) {
+ perror("select");
+ exit(10);
+ }
+
+ exit(0); /* if we exit here, the select blocked the whole process */
+}
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+ pthread_t t;
+
+ /* create a pipe to select */
+ if(pipe(&fildes[0])) {
+ perror("select");
+ exit(1);
+ }
+
+#ifdef HAVE_PTHREAD_SETCONCURRENCY
+ (void) pthread_setconcurrency(2);
+#else
+#ifdef HAVE_THR_SETCONCURRENCY
+ /* Set Solaris LWP concurrency to 2 */
+ thr_setconcurrency(2);
+#endif
+#endif
+
+#if HAVE_PTHREADS < 6
+ pthread_create(&t, pthread_attr_default, task, NULL);
+#else
+ pthread_create(&t, NULL, task, NULL);
+#endif
+
+ /* make sure task runs first */
+#if HAVE_THR_YIELD
+ thr_yield();
+#elif defined( HAVE_SCHED_YIELD )
+ sched_yield();
+#elif defined( HAVE_PTHREAD_YIELD )
+ pthread_yield();
+#endif
+
+ exit(2);
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_pthread_select_yields=no
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_pthread_select_yields=yes
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ol_cv_pthread_select_yields" >&5
+echo "${ECHO_T}$ol_cv_pthread_select_yields" >&6
+
+ if test $ol_cv_pthread_select_yields = cross ; then
+ { { echo "$as_me:$LINENO: error: crossing compiling: use --with-yielding_select=yes|no|manual" >&5
+echo "$as_me: error: crossing compiling: use --with-yielding_select=yes|no|manual" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ if test $ol_cv_pthread_select_yields = yes ; then
+ ol_with_yielding_select=yes
+ fi
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LIBS="$save_LIBS"
+ else
+ { { echo "$as_me:$LINENO: error: could not locate usable POSIX Threads" >&5
+echo "$as_me: error: could not locate usable POSIX Threads" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ fi
+
+ if test $ol_with_threads = posix ; then
+ { { echo "$as_me:$LINENO: error: could not locate POSIX Threads" >&5
+echo "$as_me: error: could not locate POSIX Threads" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ;;
+esac
+
+case $ol_with_threads in auto | yes | mach)
+
+
+
+for ac_header in mach/cthreads.h cthreads.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ if test $ac_cv_header_mach_cthreads_h = yes ; then
+ ol_with_threads=found
+
+ echo "$as_me:$LINENO: checking for cthread_fork" >&5
+echo $ECHO_N "checking for cthread_fork... $ECHO_C" >&6
+if test "${ac_cv_func_cthread_fork+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define cthread_fork to an innocuous variant, in case <limits.h> declares cthread_fork.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define cthread_fork innocuous_cthread_fork
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char cthread_fork (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef cthread_fork
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char cthread_fork ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_cthread_fork) || defined (__stub___cthread_fork)
+choke me
+#else
+char (*f) () = cthread_fork;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != cthread_fork;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_cthread_fork=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_cthread_fork=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_cthread_fork" >&5
+echo "${ECHO_T}$ac_cv_func_cthread_fork" >&6
+if test $ac_cv_func_cthread_fork = yes; then
+ ol_link_threads=yes
+fi
+
+
+ if test $ol_link_threads = no ; then
+ echo "$as_me:$LINENO: checking for cthread_fork with -all_load" >&5
+echo $ECHO_N "checking for cthread_fork with -all_load... $ECHO_C" >&6
+if test "${ol_cv_cthread_all_load+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ save_LIBS="$LIBS"
+ LIBS="-all_load $LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <mach/cthreads.h>
+int
+main ()
+{
+
+ cthread_fork((void *)0, (void *)0);
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_cthread_all_load=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_cthread_all_load=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$save_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_cthread_all_load" >&5
+echo "${ECHO_T}$ol_cv_cthread_all_load" >&6
+
+ if test $ol_cv_cthread_all_load = yes ; then
+ LTHREAD_LIBS="$LTHREAD_LIBS -all_load"
+ ol_link_threads=mach
+ ol_with_threads=found
+ fi
+ fi
+
+ elif test $ac_cv_header_cthreads_h = yes ; then
+
+ ol_with_threads=found
+
+ save_LIBS="$LIBS"
+ LIBS="$LIBS -lthreads"
+ echo "$as_me:$LINENO: checking for cthread_fork" >&5
+echo $ECHO_N "checking for cthread_fork... $ECHO_C" >&6
+if test "${ac_cv_func_cthread_fork+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define cthread_fork to an innocuous variant, in case <limits.h> declares cthread_fork.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define cthread_fork innocuous_cthread_fork
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char cthread_fork (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef cthread_fork
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char cthread_fork ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_cthread_fork) || defined (__stub___cthread_fork)
+choke me
+#else
+char (*f) () = cthread_fork;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != cthread_fork;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_cthread_fork=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_cthread_fork=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_cthread_fork" >&5
+echo "${ECHO_T}$ac_cv_func_cthread_fork" >&6
+if test $ac_cv_func_cthread_fork = yes; then
+ ol_link_threads=yes
+fi
+
+ LIBS="$save_LIBS"
+
+ if test $ol_link_threads = yes ; then
+ LTHREAD_LIBS="-lthreads"
+ ol_link_threads=mach
+ ol_with_threads=found
+ else
+ { { echo "$as_me:$LINENO: error: could not link with Mach CThreads" >&5
+echo "$as_me: error: could not link with Mach CThreads" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ elif test $ol_with_threads = mach ; then
+ { { echo "$as_me:$LINENO: error: could not locate Mach CThreads" >&5
+echo "$as_me: error: could not locate Mach CThreads" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ if test $ol_link_threads = mach ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_MACH_CTHREADS 1
+_ACEOF
+
+ elif test $ol_with_threads = found ; then
+ { { echo "$as_me:$LINENO: error: could not link with Mach CThreads" >&5
+echo "$as_me: error: could not link with Mach CThreads" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ;;
+esac
+
+case $ol_with_threads in auto | yes | pth)
+
+
+for ac_header in pth.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ if test $ac_cv_header_pth_h = yes ; then
+ echo "$as_me:$LINENO: checking for pth_version in -lpth" >&5
+echo $ECHO_N "checking for pth_version in -lpth... $ECHO_C" >&6
+if test "${ac_cv_lib_pth_pth_version+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lpth $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char pth_version ();
+int
+main ()
+{
+pth_version ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_pth_pth_version=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_pth_pth_version=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_pth_pth_version" >&5
+echo "${ECHO_T}$ac_cv_lib_pth_pth_version" >&6
+if test $ac_cv_lib_pth_pth_version = yes; then
+ have_pth=yes
+else
+ have_pth=no
+fi
+
+
+ if test $have_pth = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_GNU_PTH 1
+_ACEOF
+
+ LTHREAD_LIBS="$LTHREAD_LIBS -lpth"
+ ol_link_threads=pth
+ ol_with_threads=found
+
+ if test $ol_with_yielding_select = auto ; then
+ ol_with_yielding_select=yes
+ fi
+ fi
+ fi
+ ;;
+esac
+
+case $ol_with_threads in auto | yes | lwp)
+
+
+
+for ac_header in thread.h synch.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ if test $ac_cv_header_thread_h = yes &&
+ test $ac_cv_header_synch_h = yes ; then
+ echo "$as_me:$LINENO: checking for thr_create in -lthread" >&5
+echo $ECHO_N "checking for thr_create in -lthread... $ECHO_C" >&6
+if test "${ac_cv_lib_thread_thr_create+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lthread $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char thr_create ();
+int
+main ()
+{
+thr_create ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_thread_thr_create=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_thread_thr_create=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_thread_thr_create" >&5
+echo "${ECHO_T}$ac_cv_lib_thread_thr_create" >&6
+if test $ac_cv_lib_thread_thr_create = yes; then
+ have_thr=yes
+else
+ have_thr=no
+fi
+
+
+ if test $have_thr = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_THR 1
+_ACEOF
+
+ LTHREAD_LIBS="$LTHREAD_LIBS -lthread"
+ ol_link_threads=thr
+
+ if test $ol_with_yielding_select = auto ; then
+ ol_with_yielding_select=yes
+ fi
+
+
+
+for ac_func in \
+ thr_setconcurrency \
+ thr_getconcurrency \
+
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ fi
+ fi
+
+
+for ac_header in lwp/lwp.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ if test $ac_cv_header_lwp_lwp_h = yes ; then
+ echo "$as_me:$LINENO: checking for lwp_create in -llwp" >&5
+echo $ECHO_N "checking for lwp_create in -llwp... $ECHO_C" >&6
+if test "${ac_cv_lib_lwp_lwp_create+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-llwp $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char lwp_create ();
+int
+main ()
+{
+lwp_create ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_lwp_lwp_create=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_lwp_lwp_create=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_lwp_lwp_create" >&5
+echo "${ECHO_T}$ac_cv_lib_lwp_lwp_create" >&6
+if test $ac_cv_lib_lwp_lwp_create = yes; then
+ have_lwp=yes
+else
+ have_lwp=no
+fi
+
+
+ if test $have_lwp = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_LWP 1
+_ACEOF
+
+ LTHREAD_LIBS="$LTHREAD_LIBS -llwp"
+ ol_link_threads=lwp
+
+ if test $ol_with_yielding_select = auto ; then
+ ol_with_yielding_select=no
+ fi
+ fi
+ fi
+ ;;
+esac
+
+if test $ol_with_yielding_select = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_YIELDING_SELECT 1
+_ACEOF
+
+fi
+
+if test $ol_with_threads = manual ; then
+ ol_link_threads=yes
+
+ { echo "$as_me:$LINENO: WARNING: thread defines and link options must be set manually" >&5
+echo "$as_me: WARNING: thread defines and link options must be set manually" >&2;}
+
+
+
+for ac_header in pthread.h sched.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_func in sched_yield pthread_yield
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+ echo "$as_me:$LINENO: checking for LinuxThreads pthread.h" >&5
+echo $ECHO_N "checking for LinuxThreads pthread.h... $ECHO_C" >&6
+if test "${ol_cv_header_linux_threads+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <pthread.h>
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "pthread_kill_other_threads_np" >/dev/null 2>&1; then
+ ol_cv_header_linux_threads=yes
+else
+ ol_cv_header_linux_threads=no
+fi
+rm -f conftest*
+
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_header_linux_threads" >&5
+echo "${ECHO_T}$ol_cv_header_linux_threads" >&6
+ if test $ol_cv_header_linux_threads = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_LINUX_THREADS 1
+_ACEOF
+
+ fi
+
+
+
+for ac_header in mach/cthreads.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+for ac_header in lwp/lwp.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in thread.h synch.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+fi
+
+if test $ol_link_threads != no && test $ol_link_threads != nt ; then
+ cat >>confdefs.h <<\_ACEOF
+#define REENTRANT 1
+_ACEOF
+
+ cat >>confdefs.h <<\_ACEOF
+#define _REENTRANT 1
+_ACEOF
+
+ cat >>confdefs.h <<\_ACEOF
+#define THREAD_SAFE 1
+_ACEOF
+
+ cat >>confdefs.h <<\_ACEOF
+#define _THREAD_SAFE 1
+_ACEOF
+
+ cat >>confdefs.h <<\_ACEOF
+#define THREADSAFE 1
+_ACEOF
+
+ cat >>confdefs.h <<\_ACEOF
+#define _THREADSAFE 1
+_ACEOF
+
+ cat >>confdefs.h <<\_ACEOF
+#define _SGI_MP_SOURCE 1
+_ACEOF
+
+
+ echo "$as_me:$LINENO: checking for thread specific errno" >&5
+echo $ECHO_N "checking for thread specific errno... $ECHO_C" >&6
+if test "${ol_cv_errno_thread_specific+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <errno.h>
+int
+main ()
+{
+errno = 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_errno_thread_specific=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_errno_thread_specific=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_errno_thread_specific" >&5
+echo "${ECHO_T}$ol_cv_errno_thread_specific" >&6
+
+ echo "$as_me:$LINENO: checking for thread specific h_errno" >&5
+echo $ECHO_N "checking for thread specific h_errno... $ECHO_C" >&6
+if test "${ol_cv_h_errno_thread_specific+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <netdb.h>
+int
+main ()
+{
+h_errno = 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_h_errno_thread_specific=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_h_errno_thread_specific=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_h_errno_thread_specific" >&5
+echo "${ECHO_T}$ol_cv_h_errno_thread_specific" >&6
+
+ if test $ol_cv_errno_thread_specific != yes ||
+ test $ol_cv_h_errno_thread_specific != yes ; then
+ LIBS="$LTHREAD_LIBS $LIBS"
+ LTHREAD_LIBS=""
+ fi
+
+fi
+
+if test $ol_link_threads = no ; then
+ if test $ol_with_threads = yes ; then
+ { { echo "$as_me:$LINENO: error: no suitable thread support" >&5
+echo "$as_me: error: no suitable thread support" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ if test $ol_with_threads = auto ; then
+ { echo "$as_me:$LINENO: WARNING: no suitable thread support, disabling threads" >&5
+echo "$as_me: WARNING: no suitable thread support, disabling threads" >&2;}
+ ol_with_threads=no
+ fi
+
+
+cat >>confdefs.h <<\_ACEOF
+#define NO_THREADS 1
+_ACEOF
+
+ LTHREAD_LIBS=""
+ BUILD_THREAD=no
+else
+ BUILD_THREAD=yes
+fi
+
+if test $ol_link_threads != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE 1
+_ACEOF
+
+fi
+
+
+
+
+for ac_func in \
+ ctime_r \
+ gethostbyname_r gethostbyaddr_r \
+
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+if test "$ac_cv_func_ctime_r" = no ; then
+ ol_cv_func_ctime_r_nargs=0
+else
+ echo "$as_me:$LINENO: checking number of arguments of ctime_r" >&5
+echo $ECHO_N "checking number of arguments of ctime_r... $ECHO_C" >&6
+if test "${ol_cv_func_ctime_r_nargs+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <time.h>
+int
+main ()
+{
+time_t ti; char *buffer; ctime_r(&ti,buffer,32);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_func_ctime_r_nargs3=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_func_ctime_r_nargs3=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <time.h>
+int
+main ()
+{
+time_t ti; char *buffer; ctime_r(&ti,buffer);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_func_ctime_r_nargs2=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_func_ctime_r_nargs2=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ if test $ol_cv_func_ctime_r_nargs3 = yes &&
+ test $ol_cv_func_ctime_r_nargs2 = no ; then
+
+ ol_cv_func_ctime_r_nargs=3
+
+ elif test $ol_cv_func_ctime_r_nargs3 = no &&
+ test $ol_cv_func_ctime_r_nargs2 = yes ; then
+
+ ol_cv_func_ctime_r_nargs=2
+
+ else
+ ol_cv_func_ctime_r_nargs=0
+ fi
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_func_ctime_r_nargs" >&5
+echo "${ECHO_T}$ol_cv_func_ctime_r_nargs" >&6
+
+ if test $ol_cv_func_ctime_r_nargs -gt 1 ; then
+
+cat >>confdefs.h <<_ACEOF
+#define CTIME_R_NARGS $ol_cv_func_ctime_r_nargs
+_ACEOF
+
+ fi
+
+fi
+
+if test "$ac_cv_func_gethostbyname_r" = yes ; then
+ echo "$as_me:$LINENO: checking number of arguments of gethostbyname_r" >&5
+echo $ECHO_N "checking number of arguments of gethostbyname_r... $ECHO_C" >&6
+if test "${ol_cv_func_gethostbyname_r_nargs+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#define BUFSIZE (sizeof(struct hostent)+10)
+int
+main ()
+{
+struct hostent hent; char buffer[BUFSIZE];
+ int bufsize=BUFSIZE;int h_errno;
+ (void)gethostbyname_r("segovia.cs.purdue.edu", &hent,
+ buffer, bufsize, &h_errno);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_func_gethostbyname_r_nargs5=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_func_gethostbyname_r_nargs5=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#define BUFSIZE (sizeof(struct hostent)+10)
+int
+main ()
+{
+struct hostent hent;struct hostent *rhent;
+ char buffer[BUFSIZE];
+ int bufsize=BUFSIZE;int h_errno;
+ (void)gethostbyname_r("localhost", &hent, buffer, bufsize,
+ &rhent, &h_errno);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_func_gethostbyname_r_nargs6=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_func_gethostbyname_r_nargs6=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ if test $ol_cv_func_gethostbyname_r_nargs5 = yes &&
+ test $ol_cv_func_gethostbyname_r_nargs6 = no ; then
+
+ ol_cv_func_gethostbyname_r_nargs=5
+
+ elif test $ol_cv_func_gethostbyname_r_nargs5 = no &&
+ test $ol_cv_func_gethostbyname_r_nargs6 = yes ; then
+
+ ol_cv_func_gethostbyname_r_nargs=6
+
+ else
+ ol_cv_func_gethostbyname_r_nargs=0
+ fi
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_func_gethostbyname_r_nargs" >&5
+echo "${ECHO_T}$ol_cv_func_gethostbyname_r_nargs" >&6
+ if test $ol_cv_func_gethostbyname_r_nargs -gt 1 ; then
+
+cat >>confdefs.h <<_ACEOF
+#define GETHOSTBYNAME_R_NARGS $ol_cv_func_gethostbyname_r_nargs
+_ACEOF
+
+ fi
+
+else
+ ol_cv_func_gethostbyname_r_nargs=0
+fi
+
+if test "$ac_cv_func_gethostbyaddr_r" = yes ; then
+ echo "$as_me:$LINENO: checking number of arguments of gethostbyaddr_r" >&5
+echo $ECHO_N "checking number of arguments of gethostbyaddr_r... $ECHO_C" >&6
+if test "${ol_cv_func_gethostbyaddr_r_nargs+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#define BUFSIZE (sizeof(struct hostent)+10)
+int
+main ()
+{
+struct hostent hent; char buffer[BUFSIZE];
+ struct in_addr add;
+ size_t alen=sizeof(struct in_addr);
+ int bufsize=BUFSIZE;int h_errno;
+ (void)gethostbyaddr_r( (void *)&(add.s_addr),
+ alen, AF_INET, &hent, buffer, bufsize, &h_errno);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_func_gethostbyaddr_r_nargs7=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_func_gethostbyaddr_r_nargs7=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#define BUFSIZE (sizeof(struct hostent)+10)
+int
+main ()
+{
+struct hostent hent;
+ struct hostent *rhent; char buffer[BUFSIZE];
+ struct in_addr add;
+ size_t alen=sizeof(struct in_addr);
+ int bufsize=BUFSIZE;int h_errno;
+ (void)gethostbyaddr_r( (void *)&(add.s_addr),
+ alen, AF_INET, &hent, buffer, bufsize,
+ &rhent, &h_errno);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_func_gethostbyaddr_r_nargs8=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_func_gethostbyaddr_r_nargs8=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ if test $ol_cv_func_gethostbyaddr_r_nargs7 = yes &&
+ test $ol_cv_func_gethostbyaddr_r_nargs8 = no ; then
+
+ ol_cv_func_gethostbyaddr_r_nargs=7
+
+ elif test $ol_cv_func_gethostbyaddr_r_nargs7 = no &&
+ test $ol_cv_func_gethostbyaddr_r_nargs8 = yes ; then
+
+ ol_cv_func_gethostbyaddr_r_nargs=8
+
+ else
+ ol_cv_func_gethostbyaddr_r_nargs=0
+ fi
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_func_gethostbyaddr_r_nargs" >&5
+echo "${ECHO_T}$ol_cv_func_gethostbyaddr_r_nargs" >&6
+ if test $ol_cv_func_gethostbyaddr_r_nargs -gt 1 ; then
+
+cat >>confdefs.h <<_ACEOF
+#define GETHOSTBYADDR_R_NARGS $ol_cv_func_gethostbyaddr_r_nargs
+_ACEOF
+
+ fi
+
+else
+ ol_cv_func_gethostbyaddr_r_nargs=0
+fi
+
+ol_link_ldbm=no
+
+case $ol_enable_ldbm_api in auto | berkeley | bcompat)
+
+ if test $ol_enable_ldbm_api = bcompat; then \
+
+
+for ac_header in db_185.h db.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+if test $ac_cv_header_db_185_h = yes || test $ac_cv_header_db_h = yes; then
+ echo "$as_me:$LINENO: checking if Berkeley DB header compatibility" >&5
+echo $ECHO_N "checking if Berkeley DB header compatibility... $ECHO_C" >&6
+if test "${ol_cv_header_db1+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#if HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+ /* this check could be improved */
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#if DB_VERSION_MAJOR == 1
+ __db_version_1
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version_1" >/dev/null 2>&1; then
+ ol_cv_header_db1=yes
+else
+ ol_cv_header_db1=no
+fi
+rm -f conftest*
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_header_db1" >&5
+echo "${ECHO_T}$ol_cv_header_db1" >&6
+
+ if test $ol_cv_header_db1 = yes ; then
+ ol_cv_lib_db=no
+
+echo "$as_me:$LINENO: checking for Berkeley DB major version" >&5
+echo $ECHO_N "checking for Berkeley DB major version... $ECHO_C" >&6
+if test "${ol_cv_bdb_major+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_cv_bdb_major=0
+ if test $ol_cv_bdb_major = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#if DB_VERSION_MAJOR == 4
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_major=4
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_major = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#if DB_VERSION_MAJOR == 3
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_major=3
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_major = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#if DB_VERSION_MAJOR == 2
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_major=2
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_major = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#if DB_VERSION_MAJOR == 1
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_major=1
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+
+ if test $ol_cv_bdb_major = 0 ; then
+ { { echo "$as_me:$LINENO: error: Unknown Berkeley DB major version" >&5
+echo "$as_me: error: Unknown Berkeley DB major version" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_bdb_major" >&5
+echo "${ECHO_T}$ol_cv_bdb_major" >&6
+
+echo "$as_me:$LINENO: checking for Berkeley DB minor version" >&5
+echo $ECHO_N "checking for Berkeley DB minor version... $ECHO_C" >&6
+if test "${ol_cv_bdb_minor+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_cv_bdb_minor=0
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 9
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=9
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 8
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=8
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 7
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=7
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 6
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=6
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 5
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=5
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 4
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=4
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 3
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=3
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 2
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=2
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 1
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=1
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_bdb_minor" >&5
+echo "${ECHO_T}$ol_cv_bdb_minor" >&6
+
+if test $ol_cv_bdb_major = 4 ; then
+ if test $ol_cv_bdb_minor = 5 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb45)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb45)... $ECHO_C" >&6
+if test "${ol_cv_db_db45+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb45
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db45=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db45=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db45" >&5
+echo "${ECHO_T}$ol_cv_db_db45" >&6
+
+ if test $ol_cv_db_db45 = yes ; then
+ ol_cv_lib_db=-ldb45
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-45)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-45)... $ECHO_C" >&6
+if test "${ol_cv_db_db_45+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-45
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_45=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_45=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_45" >&5
+echo "${ECHO_T}$ol_cv_db_db_45" >&6
+
+ if test $ol_cv_db_db_45 = yes ; then
+ ol_cv_lib_db=-ldb-45
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.5)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4.5)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_dot_5+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4.5
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_dot_5=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_dot_5=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_5" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_dot_5" >&6
+
+ if test $ol_cv_db_db_4_dot_5 = yes ; then
+ ol_cv_lib_db=-ldb-4.5
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-5)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4-5)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_5+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4-5
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_5=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_5=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_5" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_5" >&6
+
+ if test $ol_cv_db_db_4_5 = yes ; then
+ ol_cv_lib_db=-ldb-4-5
+ fi
+fi
+
+ elif test $ol_cv_bdb_minor = 4 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb44)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb44)... $ECHO_C" >&6
+if test "${ol_cv_db_db44+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb44
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db44=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db44=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db44" >&5
+echo "${ECHO_T}$ol_cv_db_db44" >&6
+
+ if test $ol_cv_db_db44 = yes ; then
+ ol_cv_lib_db=-ldb44
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-44)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-44)... $ECHO_C" >&6
+if test "${ol_cv_db_db_44+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-44
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_44=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_44=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_44" >&5
+echo "${ECHO_T}$ol_cv_db_db_44" >&6
+
+ if test $ol_cv_db_db_44 = yes ; then
+ ol_cv_lib_db=-ldb-44
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.4)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4.4)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_dot_4+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4.4
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_dot_4=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_dot_4=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_4" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_dot_4" >&6
+
+ if test $ol_cv_db_db_4_dot_4 = yes ; then
+ ol_cv_lib_db=-ldb-4.4
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-4)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4-4)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_4+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4-4
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_4=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_4=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_4" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_4" >&6
+
+ if test $ol_cv_db_db_4_4 = yes ; then
+ ol_cv_lib_db=-ldb-4-4
+ fi
+fi
+
+ elif test $ol_cv_bdb_minor = 3 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb43)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb43)... $ECHO_C" >&6
+if test "${ol_cv_db_db43+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb43
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db43=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db43=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db43" >&5
+echo "${ECHO_T}$ol_cv_db_db43" >&6
+
+ if test $ol_cv_db_db43 = yes ; then
+ ol_cv_lib_db=-ldb43
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-43)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-43)... $ECHO_C" >&6
+if test "${ol_cv_db_db_43+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-43
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_43=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_43=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_43" >&5
+echo "${ECHO_T}$ol_cv_db_db_43" >&6
+
+ if test $ol_cv_db_db_43 = yes ; then
+ ol_cv_lib_db=-ldb-43
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.3)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4.3)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_dot_3+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4.3
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_dot_3=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_dot_3=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_3" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_dot_3" >&6
+
+ if test $ol_cv_db_db_4_dot_3 = yes ; then
+ ol_cv_lib_db=-ldb-4.3
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-3)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4-3)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_3+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4-3
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_3=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_3=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_3" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_3" >&6
+
+ if test $ol_cv_db_db_4_3 = yes ; then
+ ol_cv_lib_db=-ldb-4-3
+ fi
+fi
+
+ elif test $ol_cv_bdb_minor = 2 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb42)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb42)... $ECHO_C" >&6
+if test "${ol_cv_db_db42+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb42
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db42=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db42=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db42" >&5
+echo "${ECHO_T}$ol_cv_db_db42" >&6
+
+ if test $ol_cv_db_db42 = yes ; then
+ ol_cv_lib_db=-ldb42
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-42)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-42)... $ECHO_C" >&6
+if test "${ol_cv_db_db_42+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-42
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_42=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_42=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_42" >&5
+echo "${ECHO_T}$ol_cv_db_db_42" >&6
+
+ if test $ol_cv_db_db_42 = yes ; then
+ ol_cv_lib_db=-ldb-42
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.2)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4.2)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_dot_2+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4.2
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_dot_2=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_dot_2=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_2" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_dot_2" >&6
+
+ if test $ol_cv_db_db_4_dot_2 = yes ; then
+ ol_cv_lib_db=-ldb-4.2
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-2)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4-2)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_2+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4-2
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_2=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_2=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_2" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_2" >&6
+
+ if test $ol_cv_db_db_4_2 = yes ; then
+ ol_cv_lib_db=-ldb-4-2
+ fi
+fi
+
+ elif test $ol_cv_bdb_minor = 1 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb41)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb41)... $ECHO_C" >&6
+if test "${ol_cv_db_db41+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb41
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db41=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db41=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db41" >&5
+echo "${ECHO_T}$ol_cv_db_db41" >&6
+
+ if test $ol_cv_db_db41 = yes ; then
+ ol_cv_lib_db=-ldb41
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-41)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-41)... $ECHO_C" >&6
+if test "${ol_cv_db_db_41+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-41
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_41=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_41=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_41" >&5
+echo "${ECHO_T}$ol_cv_db_db_41" >&6
+
+ if test $ol_cv_db_db_41 = yes ; then
+ ol_cv_lib_db=-ldb-41
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.1)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4.1)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_dot_1+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4.1
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_dot_1=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_dot_1=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_1" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_dot_1" >&6
+
+ if test $ol_cv_db_db_4_dot_1 = yes ; then
+ ol_cv_lib_db=-ldb-4.1
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-1)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4-1)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_1+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4-1
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_1=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_1=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_1" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_1" >&6
+
+ if test $ol_cv_db_db_4_1 = yes ; then
+ ol_cv_lib_db=-ldb-4-1
+ fi
+fi
+
+ fi
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4" >&5
+echo "${ECHO_T}$ol_cv_db_db_4" >&6
+
+ if test $ol_cv_db_db_4 = yes ; then
+ ol_cv_lib_db=-ldb-4
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb4)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb4)... $ECHO_C" >&6
+if test "${ol_cv_db_db4+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb4
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db4=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db4=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db4" >&5
+echo "${ECHO_T}$ol_cv_db_db4" >&6
+
+ if test $ol_cv_db_db4 = yes ; then
+ ol_cv_lib_db=-ldb4
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb)... $ECHO_C" >&6
+if test "${ol_cv_db_db+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db" >&5
+echo "${ECHO_T}$ol_cv_db_db" >&6
+
+ if test $ol_cv_db_db = yes ; then
+ ol_cv_lib_db=-ldb
+ fi
+fi
+
+
+elif test $ol_cv_bdb_major = 3 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb3)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb3)... $ECHO_C" >&6
+if test "${ol_cv_db_db3+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb3
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db3=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db3=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db3" >&5
+echo "${ECHO_T}$ol_cv_db_db3" >&6
+
+ if test $ol_cv_db_db3 = yes ; then
+ ol_cv_lib_db=-ldb3
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-3)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-3)... $ECHO_C" >&6
+if test "${ol_cv_db_db_3+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-3
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_3=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_3=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_3" >&5
+echo "${ECHO_T}$ol_cv_db_db_3" >&6
+
+ if test $ol_cv_db_db_3 = yes ; then
+ ol_cv_lib_db=-ldb-3
+ fi
+fi
+
+
+elif test $ol_cv_bdb_major = 2 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb2)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb2)... $ECHO_C" >&6
+if test "${ol_cv_db_db2+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb2
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db2=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db2=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db2" >&5
+echo "${ECHO_T}$ol_cv_db_db2" >&6
+
+ if test $ol_cv_db_db2 = yes ; then
+ ol_cv_lib_db=-ldb2
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-2)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-2)... $ECHO_C" >&6
+if test "${ol_cv_db_db_2+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-2
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_2=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_2=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_2" >&5
+echo "${ECHO_T}$ol_cv_db_db_2" >&6
+
+ if test $ol_cv_db_db_2 = yes ; then
+ ol_cv_lib_db=-ldb-2
+ fi
+fi
+
+
+elif test $ol_cv_bdb_major = 1 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb1)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb1)... $ECHO_C" >&6
+if test "${ol_cv_db_db1+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb1
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db1=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db1=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db1" >&5
+echo "${ECHO_T}$ol_cv_db_db1" >&6
+
+ if test $ol_cv_db_db1 = yes ; then
+ ol_cv_lib_db=-ldb1
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-1)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-1)... $ECHO_C" >&6
+if test "${ol_cv_db_db_1+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-1
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_1=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_1=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_1" >&5
+echo "${ECHO_T}$ol_cv_db_db_1" >&6
+
+ if test $ol_cv_db_db_1 = yes ; then
+ ol_cv_lib_db=-ldb-1
+ fi
+fi
+
+fi
+if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (default)" >&5
+echo $ECHO_N "checking for Berkeley DB link (default)... $ECHO_C" >&6
+if test "${ol_cv_db_none+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_none=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_none=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_none" >&5
+echo "${ECHO_T}$ol_cv_db_none" >&6
+
+ if test $ol_cv_db_none = yes ; then
+ ol_cv_lib_db=yes
+ fi
+fi
+
+
+ if test "$ol_cv_lib_db" != no ; then
+ ol_cv_berkeley_db=yes
+ fi
+ fi
+fi
+
+ else
+ ol_cv_berkeley_db=no
+
+for ac_header in db.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+if test $ac_cv_header_db_h = yes; then
+ ol_cv_lib_db=no
+
+echo "$as_me:$LINENO: checking for Berkeley DB major version" >&5
+echo $ECHO_N "checking for Berkeley DB major version... $ECHO_C" >&6
+if test "${ol_cv_bdb_major+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_cv_bdb_major=0
+ if test $ol_cv_bdb_major = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#if DB_VERSION_MAJOR == 4
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_major=4
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_major = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#if DB_VERSION_MAJOR == 3
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_major=3
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_major = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#if DB_VERSION_MAJOR == 2
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_major=2
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_major = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#if DB_VERSION_MAJOR == 1
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_major=1
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+
+ if test $ol_cv_bdb_major = 0 ; then
+ { { echo "$as_me:$LINENO: error: Unknown Berkeley DB major version" >&5
+echo "$as_me: error: Unknown Berkeley DB major version" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_bdb_major" >&5
+echo "${ECHO_T}$ol_cv_bdb_major" >&6
+
+echo "$as_me:$LINENO: checking for Berkeley DB minor version" >&5
+echo $ECHO_N "checking for Berkeley DB minor version... $ECHO_C" >&6
+if test "${ol_cv_bdb_minor+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_cv_bdb_minor=0
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 9
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=9
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 8
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=8
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 7
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=7
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 6
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=6
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 5
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=5
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 4
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=4
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 3
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=3
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 2
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=2
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+ if test $ol_cv_bdb_minor = 0 ; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+#if DB_VERSION_MINOR == 1
+__db_version
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version" >/dev/null 2>&1; then
+ ol_cv_bdb_minor=1
+else
+ :
+fi
+rm -f conftest*
+
+ fi
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_bdb_minor" >&5
+echo "${ECHO_T}$ol_cv_bdb_minor" >&6
+
+if test $ol_cv_bdb_major = 4 ; then
+ if test $ol_cv_bdb_minor = 5 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb45)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb45)... $ECHO_C" >&6
+if test "${ol_cv_db_db45+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb45
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db45=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db45=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db45" >&5
+echo "${ECHO_T}$ol_cv_db_db45" >&6
+
+ if test $ol_cv_db_db45 = yes ; then
+ ol_cv_lib_db=-ldb45
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-45)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-45)... $ECHO_C" >&6
+if test "${ol_cv_db_db_45+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-45
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_45=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_45=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_45" >&5
+echo "${ECHO_T}$ol_cv_db_db_45" >&6
+
+ if test $ol_cv_db_db_45 = yes ; then
+ ol_cv_lib_db=-ldb-45
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.5)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4.5)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_dot_5+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4.5
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_dot_5=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_dot_5=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_5" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_dot_5" >&6
+
+ if test $ol_cv_db_db_4_dot_5 = yes ; then
+ ol_cv_lib_db=-ldb-4.5
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-5)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4-5)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_5+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4-5
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_5=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_5=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_5" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_5" >&6
+
+ if test $ol_cv_db_db_4_5 = yes ; then
+ ol_cv_lib_db=-ldb-4-5
+ fi
+fi
+
+ elif test $ol_cv_bdb_minor = 4 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb44)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb44)... $ECHO_C" >&6
+if test "${ol_cv_db_db44+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb44
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db44=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db44=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db44" >&5
+echo "${ECHO_T}$ol_cv_db_db44" >&6
+
+ if test $ol_cv_db_db44 = yes ; then
+ ol_cv_lib_db=-ldb44
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-44)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-44)... $ECHO_C" >&6
+if test "${ol_cv_db_db_44+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-44
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_44=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_44=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_44" >&5
+echo "${ECHO_T}$ol_cv_db_db_44" >&6
+
+ if test $ol_cv_db_db_44 = yes ; then
+ ol_cv_lib_db=-ldb-44
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.4)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4.4)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_dot_4+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4.4
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_dot_4=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_dot_4=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_4" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_dot_4" >&6
+
+ if test $ol_cv_db_db_4_dot_4 = yes ; then
+ ol_cv_lib_db=-ldb-4.4
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-4)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4-4)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_4+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4-4
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_4=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_4=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_4" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_4" >&6
+
+ if test $ol_cv_db_db_4_4 = yes ; then
+ ol_cv_lib_db=-ldb-4-4
+ fi
+fi
+
+ elif test $ol_cv_bdb_minor = 3 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb43)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb43)... $ECHO_C" >&6
+if test "${ol_cv_db_db43+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb43
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db43=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db43=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db43" >&5
+echo "${ECHO_T}$ol_cv_db_db43" >&6
+
+ if test $ol_cv_db_db43 = yes ; then
+ ol_cv_lib_db=-ldb43
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-43)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-43)... $ECHO_C" >&6
+if test "${ol_cv_db_db_43+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-43
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_43=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_43=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_43" >&5
+echo "${ECHO_T}$ol_cv_db_db_43" >&6
+
+ if test $ol_cv_db_db_43 = yes ; then
+ ol_cv_lib_db=-ldb-43
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.3)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4.3)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_dot_3+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4.3
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_dot_3=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_dot_3=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_3" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_dot_3" >&6
+
+ if test $ol_cv_db_db_4_dot_3 = yes ; then
+ ol_cv_lib_db=-ldb-4.3
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-3)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4-3)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_3+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4-3
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_3=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_3=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_3" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_3" >&6
+
+ if test $ol_cv_db_db_4_3 = yes ; then
+ ol_cv_lib_db=-ldb-4-3
+ fi
+fi
+
+ elif test $ol_cv_bdb_minor = 2 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb42)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb42)... $ECHO_C" >&6
+if test "${ol_cv_db_db42+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb42
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db42=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db42=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db42" >&5
+echo "${ECHO_T}$ol_cv_db_db42" >&6
+
+ if test $ol_cv_db_db42 = yes ; then
+ ol_cv_lib_db=-ldb42
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-42)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-42)... $ECHO_C" >&6
+if test "${ol_cv_db_db_42+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-42
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_42=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_42=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_42" >&5
+echo "${ECHO_T}$ol_cv_db_db_42" >&6
+
+ if test $ol_cv_db_db_42 = yes ; then
+ ol_cv_lib_db=-ldb-42
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.2)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4.2)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_dot_2+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4.2
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_dot_2=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_dot_2=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_2" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_dot_2" >&6
+
+ if test $ol_cv_db_db_4_dot_2 = yes ; then
+ ol_cv_lib_db=-ldb-4.2
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-2)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4-2)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_2+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4-2
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_2=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_2=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_2" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_2" >&6
+
+ if test $ol_cv_db_db_4_2 = yes ; then
+ ol_cv_lib_db=-ldb-4-2
+ fi
+fi
+
+ elif test $ol_cv_bdb_minor = 1 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb41)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb41)... $ECHO_C" >&6
+if test "${ol_cv_db_db41+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb41
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db41=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db41=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db41" >&5
+echo "${ECHO_T}$ol_cv_db_db41" >&6
+
+ if test $ol_cv_db_db41 = yes ; then
+ ol_cv_lib_db=-ldb41
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-41)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-41)... $ECHO_C" >&6
+if test "${ol_cv_db_db_41+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-41
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_41=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_41=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_41" >&5
+echo "${ECHO_T}$ol_cv_db_db_41" >&6
+
+ if test $ol_cv_db_db_41 = yes ; then
+ ol_cv_lib_db=-ldb-41
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.1)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4.1)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_dot_1+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4.1
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_dot_1=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_dot_1=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_1" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_dot_1" >&6
+
+ if test $ol_cv_db_db_4_dot_1 = yes ; then
+ ol_cv_lib_db=-ldb-4.1
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-1)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4-1)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_1+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4-1
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_1=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_1=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_1" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_1" >&6
+
+ if test $ol_cv_db_db_4_1 = yes ; then
+ ol_cv_lib_db=-ldb-4-1
+ fi
+fi
+
+ fi
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4" >&5
+echo "${ECHO_T}$ol_cv_db_db_4" >&6
+
+ if test $ol_cv_db_db_4 = yes ; then
+ ol_cv_lib_db=-ldb-4
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb4)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb4)... $ECHO_C" >&6
+if test "${ol_cv_db_db4+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb4
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db4=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db4=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db4" >&5
+echo "${ECHO_T}$ol_cv_db_db4" >&6
+
+ if test $ol_cv_db_db4 = yes ; then
+ ol_cv_lib_db=-ldb4
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb)... $ECHO_C" >&6
+if test "${ol_cv_db_db+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db" >&5
+echo "${ECHO_T}$ol_cv_db_db" >&6
+
+ if test $ol_cv_db_db = yes ; then
+ ol_cv_lib_db=-ldb
+ fi
+fi
+
+
+elif test $ol_cv_bdb_major = 3 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb3)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb3)... $ECHO_C" >&6
+if test "${ol_cv_db_db3+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb3
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db3=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db3=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db3" >&5
+echo "${ECHO_T}$ol_cv_db_db3" >&6
+
+ if test $ol_cv_db_db3 = yes ; then
+ ol_cv_lib_db=-ldb3
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-3)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-3)... $ECHO_C" >&6
+if test "${ol_cv_db_db_3+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-3
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_3=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_3=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_3" >&5
+echo "${ECHO_T}$ol_cv_db_db_3" >&6
+
+ if test $ol_cv_db_db_3 = yes ; then
+ ol_cv_lib_db=-ldb-3
+ fi
+fi
+
+
+elif test $ol_cv_bdb_major = 2 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb2)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb2)... $ECHO_C" >&6
+if test "${ol_cv_db_db2+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb2
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db2=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db2=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db2" >&5
+echo "${ECHO_T}$ol_cv_db_db2" >&6
+
+ if test $ol_cv_db_db2 = yes ; then
+ ol_cv_lib_db=-ldb2
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-2)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-2)... $ECHO_C" >&6
+if test "${ol_cv_db_db_2+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-2
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_2=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_2=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_2" >&5
+echo "${ECHO_T}$ol_cv_db_db_2" >&6
+
+ if test $ol_cv_db_db_2 = yes ; then
+ ol_cv_lib_db=-ldb-2
+ fi
+fi
+
+
+elif test $ol_cv_bdb_major = 1 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb1)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb1)... $ECHO_C" >&6
+if test "${ol_cv_db_db1+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb1
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db1=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db1=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db1" >&5
+echo "${ECHO_T}$ol_cv_db_db1" >&6
+
+ if test $ol_cv_db_db1 = yes ; then
+ ol_cv_lib_db=-ldb1
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-1)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-1)... $ECHO_C" >&6
+if test "${ol_cv_db_db_1+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-1
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_1=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_1=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_1" >&5
+echo "${ECHO_T}$ol_cv_db_db_1" >&6
+
+ if test $ol_cv_db_db_1 = yes ; then
+ ol_cv_lib_db=-ldb-1
+ fi
+fi
+
+fi
+if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (default)" >&5
+echo $ECHO_N "checking for Berkeley DB link (default)... $ECHO_C" >&6
+if test "${ol_cv_db_none+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_none=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_none=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_none" >&5
+echo "${ECHO_T}$ol_cv_db_none" >&6
+
+ if test $ol_cv_db_none = yes ; then
+ ol_cv_lib_db=yes
+ fi
+fi
+
+
+ if test "$ol_cv_lib_db" != no ; then
+ ol_cv_berkeley_db=yes
+ echo "$as_me:$LINENO: checking for Berkeley DB version match" >&5
+echo $ECHO_N "checking for Berkeley DB version match... $ECHO_C" >&6
+if test "${ol_cv_berkeley_db_version+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_LIBS="$LIBS"
+ LIBS="$LTHREAD_LIBS $LIBS"
+ if test $ol_cv_lib_db != yes ; then
+ LIBS="$ol_cv_lib_db $LIBS"
+ fi
+
+ if test "$cross_compiling" = yes; then
+ ol_cv_berkeley_db_version=cross
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+ choke me;
+#else
+#include <db.h>
+#endif
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#ifndef NULL
+#define NULL ((void *)0)
+#endif
+main()
+{
+#if DB_VERSION_MAJOR > 1
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor != DB_VERSION_MINOR ||
+ patch != DB_VERSION_PATCH )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+#endif
+
+ return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_berkeley_db_version=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_berkeley_db_version=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_berkeley_db_version" >&5
+echo "${ECHO_T}$ol_cv_berkeley_db_version" >&6
+
+ if test $ol_cv_berkeley_db_version = no ; then
+ { { echo "$as_me:$LINENO: error: Berkeley DB version mismatch" >&5
+echo "$as_me: error: Berkeley DB version mismatch" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ echo "$as_me:$LINENO: checking for Berkeley DB thread support" >&5
+echo $ECHO_N "checking for Berkeley DB thread support... $ECHO_C" >&6
+if test "${ol_cv_berkeley_db_thread+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_LIBS="$LIBS"
+ LIBS="$LTHREAD_LIBS $LIBS"
+ if test $ol_cv_lib_db != yes ; then
+ LIBS="$ol_cv_lib_db $LIBS"
+ fi
+
+ if test "$cross_compiling" = yes; then
+ ol_cv_berkeley_db_thread=cross
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+ choke me;
+#else
+#include <db.h>
+#endif
+#ifndef NULL
+#define NULL ((void *)0)
+#endif
+main()
+{
+ int rc;
+ u_int32_t flags = DB_CREATE |
+#ifdef DB_PRIVATE
+ DB_PRIVATE |
+#endif
+ DB_THREAD;
+
+#if DB_VERSION_MAJOR > 2
+ DB_ENV *env = NULL;
+
+ rc = db_env_create( &env, 0 );
+
+ flags |= DB_INIT_MPOOL;
+#ifdef DB_MPOOL_PRIVATE
+ flags |= DB_MPOOL_PRIVATE;
+#endif
+
+ if( rc ) {
+ printf("BerkeleyDB: %s\n", db_strerror(rc) );
+ return rc;
+ }
+
+#if (DB_VERSION_MAJOR > 3) || (DB_VERSION_MINOR >= 1)
+ rc = env->open( env, NULL, flags, 0 );
+#else
+ rc = env->open( env, NULL, NULL, flags, 0 );
+#endif
+
+ if ( rc == 0 ) {
+ rc = env->close( env, 0 );
+ }
+
+ if( rc ) {
+ printf("BerkeleyDB: %s\n", db_strerror(rc) );
+ return rc;
+ }
+
+#else
+ DB_ENV env;
+ memset( &env, '\0', sizeof(env) );
+
+ rc = db_appinit( NULL, NULL, &env, flags );
+
+ if( rc == 0 ) {
+ db_appexit( &env );
+ }
+
+ unlink("__db_mpool.share");
+ unlink("__db_lock.share");
+#endif
+
+ return rc;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_berkeley_db_thread=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_berkeley_db_thread=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_berkeley_db_thread" >&5
+echo "${ECHO_T}$ol_cv_berkeley_db_thread" >&6
+
+ if test $ol_cv_berkeley_db_thread != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_BERKELEY_DB_THREAD 1
+_ACEOF
+
+ fi
+
+ fi
+fi
+
+ fi
+
+ if test $ol_cv_berkeley_db != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_BERKELEY_DB 1
+_ACEOF
+
+
+ ol_link_ldbm=berkeley
+ ol_enable_ldbm_api=berkeley
+
+ if test $ol_enable_ldbm_type = hash ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define LDBM_USE_DBHASH 1
+_ACEOF
+
+ else
+
+cat >>confdefs.h <<\_ACEOF
+#define LDBM_USE_DBBTREE 1
+_ACEOF
+
+ fi
+
+ if test $ol_cv_lib_db != yes ; then
+ LDBM_LIBS="$LDBM_LIBS $ol_cv_lib_db"
+ fi
+ fi
+ ;;
+esac
+
+if test $ol_enable_bdb/$ol_enable_hdb != no/no; then
+ if test $ol_link_ldbm != berkeley ; then
+ { { echo "$as_me:$LINENO: error: BDB/HDB: BerkeleyDB not available" >&5
+echo "$as_me: error: BDB/HDB: BerkeleyDB not available" >&2;}
+ { (exit 1); exit 1; }; }
+ else
+ echo "$as_me:$LINENO: checking Berkeley DB version for BDB/HDB backends" >&5
+echo $ECHO_N "checking Berkeley DB version for BDB/HDB backends... $ECHO_C" >&6
+if test "${ol_cv_bdb_compat+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <db.h>
+
+ /* this check could be improved */
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 0
+#endif
+
+/* require 4.2 or later */
+#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2)
+ __db_version_compat
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__db_version_compat" >/dev/null 2>&1; then
+ ol_cv_bdb_compat=yes
+else
+ ol_cv_bdb_compat=no
+fi
+rm -f conftest*
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_bdb_compat" >&5
+echo "${ECHO_T}$ol_cv_bdb_compat" >&6
+
+
+ if test $ol_cv_bdb_compat != yes ; then
+ { { echo "$as_me:$LINENO: error: BDB/HDB: BerkeleyDB version incompatible" >&5
+echo "$as_me: error: BDB/HDB: BerkeleyDB version incompatible" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ fi
+fi
+
+if test $ol_link_ldbm = no && test $ol_enable_ldbm_type = btree ; then
+ { echo "$as_me:$LINENO: WARNING: Could not find LDBM with BTREE support" >&5
+echo "$as_me: WARNING: Could not find LDBM with BTREE support" >&2;}
+ ol_enable_ldbm_api=none
+fi
+
+if test $ol_enable_ldbm_api = auto || test $ol_enable_ldbm_api = mdbm ; then
+ echo "$as_me:$LINENO: checking for MDBM library" >&5
+echo $ECHO_N "checking for MDBM library... $ECHO_C" >&6
+if test "${ol_cv_lib_mdbm+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ol_LIBS="$LIBS"
+ echo "$as_me:$LINENO: checking for mdbm_set_chain" >&5
+echo $ECHO_N "checking for mdbm_set_chain... $ECHO_C" >&6
+if test "${ac_cv_func_mdbm_set_chain+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define mdbm_set_chain to an innocuous variant, in case <limits.h> declares mdbm_set_chain.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define mdbm_set_chain innocuous_mdbm_set_chain
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char mdbm_set_chain (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef mdbm_set_chain
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char mdbm_set_chain ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_mdbm_set_chain) || defined (__stub___mdbm_set_chain)
+choke me
+#else
+char (*f) () = mdbm_set_chain;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != mdbm_set_chain;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_mdbm_set_chain=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_mdbm_set_chain=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_mdbm_set_chain" >&5
+echo "${ECHO_T}$ac_cv_func_mdbm_set_chain" >&6
+if test $ac_cv_func_mdbm_set_chain = yes; then
+ ol_cv_lib_mdbm=yes
+else
+
+ echo "$as_me:$LINENO: checking for mdbm_set_chain in -lmdbm" >&5
+echo $ECHO_N "checking for mdbm_set_chain in -lmdbm... $ECHO_C" >&6
+if test "${ac_cv_lib_mdbm_mdbm_set_chain+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lmdbm $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char mdbm_set_chain ();
+int
+main ()
+{
+mdbm_set_chain ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_mdbm_mdbm_set_chain=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_mdbm_mdbm_set_chain=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_mdbm_mdbm_set_chain" >&5
+echo "${ECHO_T}$ac_cv_lib_mdbm_mdbm_set_chain" >&6
+if test $ac_cv_lib_mdbm_mdbm_set_chain = yes; then
+ ol_cv_lib_mdbm=-lmdbm
+else
+ ol_cv_lib_mdbm=no
+fi
+
+
+fi
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_lib_mdbm" >&5
+echo "${ECHO_T}$ol_cv_lib_mdbm" >&6
+
+
+
+for ac_header in mdbm.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ echo "$as_me:$LINENO: checking for db" >&5
+echo $ECHO_N "checking for db... $ECHO_C" >&6
+if test "${ol_cv_mdbm+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ if test $ol_cv_lib_mdbm = no || test $ac_cv_header_mdbm_h = no ; then
+ ol_cv_mdbm=no
+ else
+ ol_cv_mdbm=yes
+ fi
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_mdbm" >&5
+echo "${ECHO_T}$ol_cv_mdbm" >&6
+ if test $ol_cv_mdbm = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_MDBM 1
+_ACEOF
+
+ fi
+
+
+ if test $ol_cv_mdbm = yes ; then
+ ol_link_ldbm=mdbm
+ ol_enable_ldbm_api=mdbm
+ if test $ol_cv_lib_mdbm != yes ; then
+ LDBM_LIBS="$LDBM_LIBS $ol_cv_lib_mdbm"
+ fi
+ fi
+fi
+
+if test $ol_enable_ldbm_api = auto || test $ol_enable_ldbm_api = gdbm ; then
+ echo "$as_me:$LINENO: checking for GDBM library" >&5
+echo $ECHO_N "checking for GDBM library... $ECHO_C" >&6
+if test "${ol_cv_lib_gdbm+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ol_LIBS="$LIBS"
+ echo "$as_me:$LINENO: checking for gdbm_open" >&5
+echo $ECHO_N "checking for gdbm_open... $ECHO_C" >&6
+if test "${ac_cv_func_gdbm_open+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define gdbm_open to an innocuous variant, in case <limits.h> declares gdbm_open.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define gdbm_open innocuous_gdbm_open
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char gdbm_open (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef gdbm_open
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char gdbm_open ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_gdbm_open) || defined (__stub___gdbm_open)
+choke me
+#else
+char (*f) () = gdbm_open;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != gdbm_open;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_gdbm_open=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_gdbm_open=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_gdbm_open" >&5
+echo "${ECHO_T}$ac_cv_func_gdbm_open" >&6
+if test $ac_cv_func_gdbm_open = yes; then
+ ol_cv_lib_gdbm=yes
+else
+
+ echo "$as_me:$LINENO: checking for gdbm_open in -lgdbm" >&5
+echo $ECHO_N "checking for gdbm_open in -lgdbm... $ECHO_C" >&6
+if test "${ac_cv_lib_gdbm_gdbm_open+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgdbm $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char gdbm_open ();
+int
+main ()
+{
+gdbm_open ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_gdbm_gdbm_open=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_gdbm_gdbm_open=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_gdbm_gdbm_open" >&5
+echo "${ECHO_T}$ac_cv_lib_gdbm_gdbm_open" >&6
+if test $ac_cv_lib_gdbm_gdbm_open = yes; then
+ ol_cv_lib_gdbm=-lgdbm
+else
+ ol_cv_lib_gdbm=no
+fi
+
+
+fi
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_lib_gdbm" >&5
+echo "${ECHO_T}$ol_cv_lib_gdbm" >&6
+
+
+
+for ac_header in gdbm.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ echo "$as_me:$LINENO: checking for db" >&5
+echo $ECHO_N "checking for db... $ECHO_C" >&6
+if test "${ol_cv_gdbm+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ if test $ol_cv_lib_gdbm = no || test $ac_cv_header_gdbm_h = no ; then
+ ol_cv_gdbm=no
+ else
+ ol_cv_gdbm=yes
+ fi
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_gdbm" >&5
+echo "${ECHO_T}$ol_cv_gdbm" >&6
+ if test $ol_cv_gdbm = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_GDBM 1
+_ACEOF
+
+ fi
+
+
+ if test $ol_cv_gdbm = yes ; then
+ ol_link_ldbm=gdbm
+ ol_enable_ldbm_api=gdbm
+
+ if test $ol_cv_lib_gdbm != yes ; then
+ LDBM_LIBS="$LDBM_LIBS $ol_cv_lib_gdbm"
+ fi
+ fi
+fi
+
+if test $ol_enable_ldbm_api = ndbm ; then
+ echo "$as_me:$LINENO: checking for NDBM library" >&5
+echo $ECHO_N "checking for NDBM library... $ECHO_C" >&6
+if test "${ol_cv_lib_ndbm+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ol_LIBS="$LIBS"
+ echo "$as_me:$LINENO: checking for dbm_open" >&5
+echo $ECHO_N "checking for dbm_open... $ECHO_C" >&6
+if test "${ac_cv_func_dbm_open+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define dbm_open to an innocuous variant, in case <limits.h> declares dbm_open.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define dbm_open innocuous_dbm_open
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char dbm_open (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef dbm_open
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dbm_open ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_dbm_open) || defined (__stub___dbm_open)
+choke me
+#else
+char (*f) () = dbm_open;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != dbm_open;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_dbm_open=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_dbm_open=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_dbm_open" >&5
+echo "${ECHO_T}$ac_cv_func_dbm_open" >&6
+if test $ac_cv_func_dbm_open = yes; then
+ ol_cv_lib_ndbm=yes
+else
+
+ echo "$as_me:$LINENO: checking for dbm_open in -lndbm" >&5
+echo $ECHO_N "checking for dbm_open in -lndbm... $ECHO_C" >&6
+if test "${ac_cv_lib_ndbm_dbm_open+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lndbm $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dbm_open ();
+int
+main ()
+{
+dbm_open ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_ndbm_dbm_open=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_ndbm_dbm_open=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_ndbm_dbm_open" >&5
+echo "${ECHO_T}$ac_cv_lib_ndbm_dbm_open" >&6
+if test $ac_cv_lib_ndbm_dbm_open = yes; then
+ ol_cv_lib_ndbm=-lndbm
+else
+
+ echo "$as_me:$LINENO: checking for dbm_open in -ldbm" >&5
+echo $ECHO_N "checking for dbm_open in -ldbm... $ECHO_C" >&6
+if test "${ac_cv_lib_dbm_dbm_open+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldbm $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dbm_open ();
+int
+main ()
+{
+dbm_open ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dbm_dbm_open=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dbm_dbm_open=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dbm_dbm_open" >&5
+echo "${ECHO_T}$ac_cv_lib_dbm_dbm_open" >&6
+if test $ac_cv_lib_dbm_dbm_open = yes; then
+ ol_cv_lib_ndbm=-ldbm
+else
+ ol_cv_lib_ndbm=no
+fi
+
+fi
+
+
+fi
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_lib_ndbm" >&5
+echo "${ECHO_T}$ol_cv_lib_ndbm" >&6
+
+
+
+for ac_header in ndbm.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ echo "$as_me:$LINENO: checking for db" >&5
+echo $ECHO_N "checking for db... $ECHO_C" >&6
+if test "${ol_cv_ndbm+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ if test $ol_cv_lib_ndbm = no || test $ac_cv_header_ndbm_h = no ; then
+ ol_cv_ndbm=no
+ else
+ ol_cv_ndbm=yes
+ fi
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_ndbm" >&5
+echo "${ECHO_T}$ol_cv_ndbm" >&6
+ if test $ol_cv_ndbm = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_NDBM 1
+_ACEOF
+
+ fi
+
+
+ if test $ol_cv_ndbm = yes ; then
+ ol_link_ldbm=ndbm
+ ol_enable_ldbm_api=ndbm
+
+ if test $ol_cv_lib_ndbm != yes ; then
+ LDBM_LIBS="$LDBM_LIBS $ol_cv_lib_ndbm"
+ fi
+ fi
+fi
+
+if test $ol_link_ldbm = no && test $ol_enable_ldbm != no ; then
+ { { echo "$as_me:$LINENO: error: could not find suitable LDBM backend" >&5
+echo "$as_me: error: could not find suitable LDBM backend" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+if test $ol_enable_bdb = yes ||
+ test $ol_enable_hdb = yes ||
+ test $ol_enable_ldbm = yes ; then
+ SLAPD_LIBS="$SLAPD_LIBS \$(LDBM_LIBS)"
+fi
+
+
+if test $ol_enable_dynamic = yes && test $enable_shared = yes ; then
+ BUILD_LIBS_DYNAMIC=shared
+
+cat >>confdefs.h <<\_ACEOF
+#define LDAP_LIBS_DYNAMIC 1
+_ACEOF
+
+ LTSTATIC=""
+else
+ BUILD_LIBS_DYNAMIC=static
+ LTSTATIC="-static"
+fi
+
+if test $ol_enable_wrappers != no ; then
+
+for ac_header in tcpd.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+ echo "$as_me:$LINENO: checking for TCP wrappers library" >&5
+echo $ECHO_N "checking for TCP wrappers library... $ECHO_C" >&6
+ save_LIBS="$LIBS"
+ LIBS="$LIBS -lwrap"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <tcpd.h>
+int allow_severity = 0;
+int deny_severity = 0;
+
+struct request_info *req;
+
+int
+main ()
+{
+
+hosts_access(req)
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ echo "$as_me:$LINENO: result: -lwrap" >&5
+echo "${ECHO_T}-lwrap" >&6
+ have_wrappers=yes
+ LIBS="$save_LIBS"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+ LIBS="$LIBS -lnsl"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <tcpd.h>
+int allow_severity = 0;
+int deny_severity = 0;
+
+struct request_info *req;
+
+int
+main ()
+{
+
+hosts_access(req)
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ echo "$as_me:$LINENO: result: -lwrap -lnsl" >&5
+echo "${ECHO_T}-lwrap -lnsl" >&6
+ have_wrappers=yes
+ LIBS="$save_LIBS -lnsl"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+ have_wrappers=no
+ LIBS=$save_LIBS
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+else
+ have_wrappers=no
+fi
+
+done
+
+
+ if test $have_wrappers = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_TCPD 1
+_ACEOF
+
+ WRAP_LIBS="-lwrap"
+ elif test $ol_enable_wrappers = yes ; then
+ { { echo "$as_me:$LINENO: error: could not find TCP wrappers, select apppropriate options or disable" >&5
+echo "$as_me: error: could not find TCP wrappers, select apppropriate options or disable" >&2;}
+ { (exit 1); exit 1; }; }
+ else
+ { echo "$as_me:$LINENO: WARNING: could not find TCP wrappers, support disabled" >&5
+echo "$as_me: WARNING: could not find TCP wrappers, support disabled" >&2;}
+ WRAP_LIBS=""
+ fi
+fi
+
+if test $ol_enable_syslog != no ; then
+ echo "$as_me:$LINENO: checking for openlog" >&5
+echo $ECHO_N "checking for openlog... $ECHO_C" >&6
+if test "${ac_cv_func_openlog+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define openlog to an innocuous variant, in case <limits.h> declares openlog.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define openlog innocuous_openlog
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char openlog (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef openlog
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char openlog ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_openlog) || defined (__stub___openlog)
+choke me
+#else
+char (*f) () = openlog;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != openlog;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_openlog=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_openlog=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_openlog" >&5
+echo "${ECHO_T}$ac_cv_func_openlog" >&6
+
+ if test $ac_cv_func_openlog = no && test $ol_enable_syslog = yes; then
+ { { echo "$as_me:$LINENO: error: could not find syslog" >&5
+echo "$as_me: error: could not find syslog" >&2;}
+ { (exit select appropriate options or disable); exit select appropriate options or disable; }; }
+ fi
+ ol_enable_syslog=$ac_cv_func_openlog
+fi
+
+ol_link_sql=no
+if test $ol_enable_sql != no ; then
+
+
+for ac_header in sql.h sqlext.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+else
+
+ { { echo "$as_me:$LINENO: error: could not locate SQL headers" >&5
+echo "$as_me: error: could not locate SQL headers" >&2;}
+ { (exit 1); exit 1; }; }
+
+fi
+
+done
+
+
+ sql_LIBS="$LIBS"
+ LIBS="$LTHREAD_LIBS"
+
+ if test $ol_with_odbc = auto ; then
+ ol_with_odbc="iodbc unixodbc"
+ fi
+
+ for odbc in $ol_with_odbc ; do
+ if test $ol_link_sql = no ; then
+ case $odbc in
+ iodbc)
+ echo "$as_me:$LINENO: checking for SQLDriverConnect in -liodbc" >&5
+echo $ECHO_N "checking for SQLDriverConnect in -liodbc... $ECHO_C" >&6
+if test "${ac_cv_lib_iodbc_SQLDriverConnect+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-liodbc $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char SQLDriverConnect ();
+int
+main ()
+{
+SQLDriverConnect ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_iodbc_SQLDriverConnect=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_iodbc_SQLDriverConnect=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_iodbc_SQLDriverConnect" >&5
+echo "${ECHO_T}$ac_cv_lib_iodbc_SQLDriverConnect" >&6
+if test $ac_cv_lib_iodbc_SQLDriverConnect = yes; then
+ have_iodbc=yes
+else
+ have_iodbc=no
+fi
+
+ if test $have_iodbc = yes ; then
+ ol_link_sql="-liodbc"
+ fi
+ ;;
+
+ unixodbc)
+ echo "$as_me:$LINENO: checking for SQLDriverConnect in -lodbc" >&5
+echo $ECHO_N "checking for SQLDriverConnect in -lodbc... $ECHO_C" >&6
+if test "${ac_cv_lib_odbc_SQLDriverConnect+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lodbc $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char SQLDriverConnect ();
+int
+main ()
+{
+SQLDriverConnect ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_odbc_SQLDriverConnect=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_odbc_SQLDriverConnect=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_odbc_SQLDriverConnect" >&5
+echo "${ECHO_T}$ac_cv_lib_odbc_SQLDriverConnect" >&6
+if test $ac_cv_lib_odbc_SQLDriverConnect = yes; then
+ have_odbc=yes
+else
+ have_odbc=no
+fi
+
+ if test $have_odbc = yes ; then
+ ol_link_sql="-lodbc"
+ fi
+ ;;
+
+ *)
+ { { echo "$as_me:$LINENO: error: unknown ODBC library" >&5
+echo "$as_me: error: unknown ODBC library" >&2;}
+ { (exit 1); exit 1; }; }
+ ;;
+ esac
+ fi
+ done
+
+ LIBS="$sql_LIBS"
+
+ if test $ol_link_sql != no ; then
+ SLAPD_SQL_LIBS="$ol_link_sql"
+
+ elif test $ol_enable_sql != auto ; then
+ { { echo "$as_me:$LINENO: error: could not locate suitable ODBC library" >&5
+echo "$as_me: error: could not locate suitable ODBC library" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+
+WITH_SASL=no
+ol_link_sasl=no
+ol_link_spasswd=no
+if test $ol_with_cyrus_sasl != no ; then
+
+
+for ac_header in sasl/sasl.h sasl.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ if test $ac_cv_header_sasl_sasl_h = yes ||
+ test $ac_cv_header_sasl_h = yes; then
+ echo "$as_me:$LINENO: checking for sasl_client_init in -lsasl2" >&5
+echo $ECHO_N "checking for sasl_client_init in -lsasl2... $ECHO_C" >&6
+if test "${ac_cv_lib_sasl2_sasl_client_init+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsasl2 $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char sasl_client_init ();
+int
+main ()
+{
+sasl_client_init ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_sasl2_sasl_client_init=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_sasl2_sasl_client_init=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_sasl2_sasl_client_init" >&5
+echo "${ECHO_T}$ac_cv_lib_sasl2_sasl_client_init" >&6
+if test $ac_cv_lib_sasl2_sasl_client_init = yes; then
+ ol_link_sasl="-lsasl2"
+else
+ echo "$as_me:$LINENO: checking for sasl_client_init in -lsasl" >&5
+echo $ECHO_N "checking for sasl_client_init in -lsasl... $ECHO_C" >&6
+if test "${ac_cv_lib_sasl_sasl_client_init+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsasl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char sasl_client_init ();
+int
+main ()
+{
+sasl_client_init ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_sasl_sasl_client_init=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_sasl_sasl_client_init=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_sasl_sasl_client_init" >&5
+echo "${ECHO_T}$ac_cv_lib_sasl_sasl_client_init" >&6
+if test $ac_cv_lib_sasl_sasl_client_init = yes; then
+ ol_link_sasl="-lsasl"
+fi
+
+fi
+
+ fi
+
+ if test $ol_link_sasl = no ; then
+ if test $ol_with_cyrus_sasl != auto ; then
+ { { echo "$as_me:$LINENO: error: Could not locate Cyrus SASL" >&5
+echo "$as_me: error: Could not locate Cyrus SASL" >&2;}
+ { (exit 1); exit 1; }; }
+ else
+ { echo "$as_me:$LINENO: WARNING: Could not locate Cyrus SASL" >&5
+echo "$as_me: WARNING: Could not locate Cyrus SASL" >&2;}
+ { echo "$as_me:$LINENO: WARNING: SASL authentication not supported!" >&5
+echo "$as_me: WARNING: SASL authentication not supported!" >&2;}
+ if test $ol_link_tls = no ; then
+ { echo "$as_me:$LINENO: WARNING: Strong authentication not supported!" >&5
+echo "$as_me: WARNING: Strong authentication not supported!" >&2;}
+ fi
+ fi
+ else
+ echo "$as_me:$LINENO: checking Cyrus SASL library version" >&5
+echo $ECHO_N "checking Cyrus SASL library version... $ECHO_C" >&6
+if test "${ol_cv_sasl_compat+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_SASL_SASL_H
+#include <sasl/sasl.h>
+#else
+#include <sasl.h>
+#endif
+
+/* Require 2.1.15+ */
+#if SASL_VERSION_MAJOR == 2 && SASL_VERSION_MINOR > 1
+ char *__sasl_compat = "2.2+ or better okay (we guess)";
+#elif SASL_VERSION_MAJOR == 2 && SASL_VERSION_MINOR == 1 \
+ && SASL_VERSION_STEP >=15
+ char *__sasl_compat = "2.1.15+ or better okay";
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__sasl_compat" >/dev/null 2>&1; then
+ ol_cv_sasl_compat=yes
+else
+ ol_cv_sasl_compat=no
+fi
+rm -f conftest*
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_sasl_compat" >&5
+echo "${ECHO_T}$ol_cv_sasl_compat" >&6
+
+ if test $ol_cv_sasl_compat = no ; then
+ ol_link_sasl=no
+ { { echo "$as_me:$LINENO: error: Cyrus SASL library located but is incompatible" >&5
+echo "$as_me: error: Cyrus SASL library located but is incompatible" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_CYRUS_SASL 1
+_ACEOF
+
+ SASL_LIBS="$ol_link_sasl"
+ if test $ol_enable_spasswd != no ; then
+ ol_link_spasswd=yes
+ fi
+
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $ol_link_sasl"
+ echo "$as_me:$LINENO: checking for sasl_version" >&5
+echo $ECHO_N "checking for sasl_version... $ECHO_C" >&6
+if test "${ac_cv_func_sasl_version+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define sasl_version to an innocuous variant, in case <limits.h> declares sasl_version.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define sasl_version innocuous_sasl_version
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char sasl_version (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef sasl_version
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char sasl_version ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_sasl_version) || defined (__stub___sasl_version)
+choke me
+#else
+char (*f) () = sasl_version;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != sasl_version;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_sasl_version=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_sasl_version=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_sasl_version" >&5
+echo "${ECHO_T}$ac_cv_func_sasl_version" >&6
+if test $ac_cv_func_sasl_version = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_SASL_VERSION 1
+_ACEOF
+
+fi
+
+ LIBS="$ac_save_LIBS"
+
+ WITH_SASL=yes
+ fi
+
+else
+ { echo "$as_me:$LINENO: WARNING: SASL authentication not supported!" >&5
+echo "$as_me: WARNING: SASL authentication not supported!" >&2;}
+ if test $ol_link_tls = no ; then
+ { echo "$as_me:$LINENO: WARNING: Strong authentication not supported!" >&5
+echo "$as_me: WARNING: Strong authentication not supported!" >&2;}
+ fi
+fi
+
+if test $cross_compiling != yes && test "$ac_cv_mingw32" != yes ; then
+ dev=no
+ if test -r /dev/urandom ; then
+ dev="/dev/urandom";
+ elif test -r /idev/urandom ; then
+ dev="/idev/urandom";
+ elif test -r /dev/srandom ; then
+ dev="/dev/srandom";
+ elif test -r /dev/random ; then
+ dev="/dev/random";
+ elif test -r /idev/random ; then
+ dev="/idev/random";
+ fi
+
+ if test $dev != no ; then
+
+cat >>confdefs.h <<_ACEOF
+#define URANDOM_DEVICE "$dev"
+_ACEOF
+
+ fi
+fi
+
+ol_link_fetch=no
+if test $ol_with_fetch != no ; then
+ ol_LIBS=$LIBS
+LIBS="-lfetch -lcom_err $LIBS"
+echo "$as_me:$LINENO: checking fetch(3) library" >&5
+echo $ECHO_N "checking fetch(3) library... $ECHO_C" >&6
+if test "${ol_cv_lib_fetch+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/param.h>
+#include <stdio.h>
+#include <fetch.h>
+int
+main ()
+{
+struct url *u = fetchParseURL("file:///");
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_lib_fetch=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_lib_fetch=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ol_cv_lib_fetch" >&5
+echo "${ECHO_T}$ol_cv_lib_fetch" >&6
+LIBS=$ol_LIBS
+if test $ol_cv_lib_fetch != no ; then
+ ol_link_fetch="-lfetch -lcom_err"
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_FETCH 1
+_ACEOF
+
+fi
+
+
+ if test $ol_cv_lib_fetch != no ; then
+ LUTIL_LIBS="$LUTIL_LIBS $ol_link_fetch"
+ ol_link_fetch=freebsd
+
+ elif test $ol_with_fetch != auto ; then
+ { { echo "$as_me:$LINENO: error: no suitable API for --with-fetch=$ol_with_fetch" >&5
+echo "$as_me: error: no suitable API for --with-fetch=$ol_with_fetch" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+
+if test $ol_enable_crypt != no ; then
+ save_LIBS="$LIBS"
+ LIBS="$TLS_LIBS $LIBS"
+
+ echo "$as_me:$LINENO: checking for crypt" >&5
+echo $ECHO_N "checking for crypt... $ECHO_C" >&6
+if test "${ac_cv_func_crypt+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define crypt to an innocuous variant, in case <limits.h> declares crypt.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define crypt innocuous_crypt
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char crypt (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef crypt
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char crypt ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_crypt) || defined (__stub___crypt)
+choke me
+#else
+char (*f) () = crypt;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != crypt;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_crypt=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_crypt=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_crypt" >&5
+echo "${ECHO_T}$ac_cv_func_crypt" >&6
+if test $ac_cv_func_crypt = yes; then
+ have_crypt=yes
+else
+
+ LIBS="$save_LIBS"
+ echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5
+echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6
+if test "${ac_cv_lib_crypt_crypt+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypt $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char crypt ();
+int
+main ()
+{
+crypt ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_crypt_crypt=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_crypt_crypt=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5
+echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6
+if test $ac_cv_lib_crypt_crypt = yes; then
+ LUTIL_LIBS="$LUTIL_LIBS -lcrypt"
+ have_crypt=yes
+else
+ have_crypt=no
+fi
+
+fi
+
+
+ LIBS="$save_LIBS"
+
+ if test $have_crypt = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_CRYPT 1
+_ACEOF
+
+ else
+ { echo "$as_me:$LINENO: WARNING: could not find crypt" >&5
+echo "$as_me: WARNING: could not find crypt" >&2;}
+ if test $ol_enable_crypt = yes ; then
+ { { echo "$as_me:$LINENO: error: could not find crypt, select appropriate options or disable" >&5
+echo "$as_me: error: could not find crypt, select appropriate options or disable" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ { echo "$as_me:$LINENO: WARNING: disabling crypt support" >&5
+echo "$as_me: WARNING: disabling crypt support" >&2;}
+ ol_enable_crypt=no
+ fi
+fi
+
+if test $ol_enable_proctitle != no ; then
+ echo "$as_me:$LINENO: checking for setproctitle" >&5
+echo $ECHO_N "checking for setproctitle... $ECHO_C" >&6
+if test "${ac_cv_func_setproctitle+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define setproctitle to an innocuous variant, in case <limits.h> declares setproctitle.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define setproctitle innocuous_setproctitle
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char setproctitle (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef setproctitle
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char setproctitle ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_setproctitle) || defined (__stub___setproctitle)
+choke me
+#else
+char (*f) () = setproctitle;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != setproctitle;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_setproctitle=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_setproctitle=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_setproctitle" >&5
+echo "${ECHO_T}$ac_cv_func_setproctitle" >&6
+if test $ac_cv_func_setproctitle = yes; then
+ have_setproctitle=yes
+else
+
+ echo "$as_me:$LINENO: checking for setproctitle in -lutil" >&5
+echo $ECHO_N "checking for setproctitle in -lutil... $ECHO_C" >&6
+if test "${ac_cv_lib_util_setproctitle+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lutil $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char setproctitle ();
+int
+main ()
+{
+setproctitle ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_util_setproctitle=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_util_setproctitle=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_util_setproctitle" >&5
+echo "${ECHO_T}$ac_cv_lib_util_setproctitle" >&6
+if test $ac_cv_lib_util_setproctitle = yes; then
+ have_setproctitle=yes
+ LUTIL_LIBS="$LUTIL_LIBS -lutil"
+else
+ have_setproctitle=no
+ case $LIBOBJS in
+ "setproctitle.$ac_objext" | \
+ *" setproctitle.$ac_objext" | \
+ "setproctitle.$ac_objext "* | \
+ *" setproctitle.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS setproctitle.$ac_objext" ;;
+esac
+
+ LIBSRCS="$LIBSRCS setproctitle.c"
+fi
+
+fi
+
+
+ if test $have_setproctitle = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_SETPROCTITLE 1
+_ACEOF
+
+ fi
+fi
+
+if test $ol_enable_slp != no ; then
+
+for ac_header in slp.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ if test $ac_cv_header_slp_h = yes ; then
+ echo "$as_me:$LINENO: checking for SLPOpen in -lslp" >&5
+echo $ECHO_N "checking for SLPOpen in -lslp... $ECHO_C" >&6
+if test "${ac_cv_lib_slp_SLPOpen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lslp $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char SLPOpen ();
+int
+main ()
+{
+SLPOpen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_slp_SLPOpen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_slp_SLPOpen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_slp_SLPOpen" >&5
+echo "${ECHO_T}$ac_cv_lib_slp_SLPOpen" >&6
+if test $ac_cv_lib_slp_SLPOpen = yes; then
+ have_slp=yes
+else
+ have_slp=no
+fi
+
+ if test $have_slp = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_SLP 1
+_ACEOF
+
+ SLAPD_SLP_LIBS=-lslp
+ fi
+
+ elif test $ol_enable_slp = yes ; then
+ { { echo "$as_me:$LINENO: error: SLP not found" >&5
+echo "$as_me: error: SLP not found" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+
+
+echo "$as_me:$LINENO: checking for mode_t" >&5
+echo $ECHO_N "checking for mode_t... $ECHO_C" >&6
+if test "${ac_cv_type_mode_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+if ((mode_t *) 0)
+ return 0;
+if (sizeof (mode_t))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_mode_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_mode_t=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_mode_t" >&5
+echo "${ECHO_T}$ac_cv_type_mode_t" >&6
+if test $ac_cv_type_mode_t = yes; then
+ :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define mode_t int
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for off_t" >&5
+echo $ECHO_N "checking for off_t... $ECHO_C" >&6
+if test "${ac_cv_type_off_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+if ((off_t *) 0)
+ return 0;
+if (sizeof (off_t))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_off_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_off_t=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_off_t" >&5
+echo "${ECHO_T}$ac_cv_type_off_t" >&6
+if test $ac_cv_type_off_t = yes; then
+ :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define off_t long
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for pid_t" >&5
+echo $ECHO_N "checking for pid_t... $ECHO_C" >&6
+if test "${ac_cv_type_pid_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+if ((pid_t *) 0)
+ return 0;
+if (sizeof (pid_t))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_pid_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_pid_t=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_pid_t" >&5
+echo "${ECHO_T}$ac_cv_type_pid_t" >&6
+if test $ac_cv_type_pid_t = yes; then
+ :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define pid_t int
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for ssize_t" >&5
+echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6
+if test "${ac_cv_type_ssize_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+if ((ssize_t *) 0)
+ return 0;
+if (sizeof (ssize_t))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_ssize_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_ssize_t=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_ssize_t" >&5
+echo "${ECHO_T}$ac_cv_type_ssize_t" >&6
+if test $ac_cv_type_ssize_t = yes; then
+ :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define ssize_t signed int
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for caddr_t" >&5
+echo $ECHO_N "checking for caddr_t... $ECHO_C" >&6
+if test "${ac_cv_type_caddr_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+if ((caddr_t *) 0)
+ return 0;
+if (sizeof (caddr_t))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_caddr_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_caddr_t=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_caddr_t" >&5
+echo "${ECHO_T}$ac_cv_type_caddr_t" >&6
+if test $ac_cv_type_caddr_t = yes; then
+ :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define caddr_t char *
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for size_t" >&5
+echo $ECHO_N "checking for size_t... $ECHO_C" >&6
+if test "${ac_cv_type_size_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+if ((size_t *) 0)
+ return 0;
+if (sizeof (size_t))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_size_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_size_t=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_size_t" >&5
+echo "${ECHO_T}$ac_cv_type_size_t" >&6
+if test $ac_cv_type_size_t = yes; then
+ :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define size_t unsigned
+_ACEOF
+
+fi
+
+
+echo "$as_me:$LINENO: checking for long long" >&5
+echo $ECHO_N "checking for long long... $ECHO_C" >&6
+if test "${ac_cv_type_long_long+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+if ((long long *) 0)
+ return 0;
+if (sizeof (long long))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_long_long=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_long_long=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5
+echo "${ECHO_T}$ac_cv_type_long_long" >&6
+if test $ac_cv_type_long_long = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_LONG_LONG 1
+_ACEOF
+
+
+fi
+
+echo "$as_me:$LINENO: checking for ptrdiff_t" >&5
+echo $ECHO_N "checking for ptrdiff_t... $ECHO_C" >&6
+if test "${ac_cv_type_ptrdiff_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+if ((ptrdiff_t *) 0)
+ return 0;
+if (sizeof (ptrdiff_t))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_ptrdiff_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_ptrdiff_t=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_ptrdiff_t" >&5
+echo "${ECHO_T}$ac_cv_type_ptrdiff_t" >&6
+if test $ac_cv_type_ptrdiff_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_PTRDIFF_T 1
+_ACEOF
+
+
+fi
+
+
+echo "$as_me:$LINENO: checking for socklen_t" >&5
+echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6
+if test "${ac_cv_type_socklen_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+
+int
+main ()
+{
+if ((socklen_t *) 0)
+ return 0;
+if (sizeof (socklen_t))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_socklen_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_socklen_t=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_socklen_t" >&5
+echo "${ECHO_T}$ac_cv_type_socklen_t" >&6
+if test $ac_cv_type_socklen_t = yes; then
+ :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define socklen_t int
+_ACEOF
+
+fi
+
+
+echo "$as_me:$LINENO: checking return type of signal handlers" >&5
+echo $ECHO_N "checking return type of signal handlers... $ECHO_C" >&6
+if test "${ac_cv_type_signal+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <signal.h>
+#ifdef signal
+# undef signal
+#endif
+#ifdef __cplusplus
+extern "C" void (*signal (int, void (*)(int)))(int);
+#else
+void (*signal ()) ();
+#endif
+
+int
+main ()
+{
+int i;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_signal=void
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_signal=int
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_signal" >&5
+echo "${ECHO_T}$ac_cv_type_signal" >&6
+
+cat >>confdefs.h <<_ACEOF
+#define RETSIGTYPE $ac_cv_type_signal
+_ACEOF
+
+
+
+echo "$as_me:$LINENO: checking for sig_atomic_t" >&5
+echo $ECHO_N "checking for sig_atomic_t... $ECHO_C" >&6
+if test "${ac_cv_type_sig_atomic_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <signal.h>
+
+
+int
+main ()
+{
+if ((sig_atomic_t *) 0)
+ return 0;
+if (sizeof (sig_atomic_t))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_sig_atomic_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_sig_atomic_t=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_sig_atomic_t" >&5
+echo "${ECHO_T}$ac_cv_type_sig_atomic_t" >&6
+if test $ac_cv_type_sig_atomic_t = yes; then
+ :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define sig_atomic_t int
+_ACEOF
+
+fi
+
+
+echo "$as_me:$LINENO: checking for uid_t in sys/types.h" >&5
+echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6
+if test "${ac_cv_type_uid_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "uid_t" >/dev/null 2>&1; then
+ ac_cv_type_uid_t=yes
+else
+ ac_cv_type_uid_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_uid_t" >&5
+echo "${ECHO_T}$ac_cv_type_uid_t" >&6
+if test $ac_cv_type_uid_t = no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define uid_t int
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define gid_t int
+_ACEOF
+
+fi
+
+
+echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5
+echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6
+if test "${ac_cv_header_time+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+
+int
+main ()
+{
+if ((struct tm *) 0)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_header_time=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_header_time=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5
+echo "${ECHO_T}$ac_cv_header_time" >&6
+if test $ac_cv_header_time = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define TIME_WITH_SYS_TIME 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking whether struct tm is in sys/time.h or time.h" >&5
+echo $ECHO_N "checking whether struct tm is in sys/time.h or time.h... $ECHO_C" >&6
+if test "${ac_cv_struct_tm+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <time.h>
+
+int
+main ()
+{
+struct tm *tp; tp->tm_sec;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_struct_tm=time.h
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_struct_tm=sys/time.h
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_struct_tm" >&5
+echo "${ECHO_T}$ac_cv_struct_tm" >&6
+if test $ac_cv_struct_tm = sys/time.h; then
+
+cat >>confdefs.h <<\_ACEOF
+#define TM_IN_SYS_TIME 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for struct stat.st_blksize" >&5
+echo $ECHO_N "checking for struct stat.st_blksize... $ECHO_C" >&6
+if test "${ac_cv_member_struct_stat_st_blksize+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static struct stat ac_aggr;
+if (ac_aggr.st_blksize)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_member_struct_stat_st_blksize=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static struct stat ac_aggr;
+if (sizeof ac_aggr.st_blksize)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_member_struct_stat_st_blksize=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_member_struct_stat_st_blksize=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_member_struct_stat_st_blksize" >&5
+echo "${ECHO_T}$ac_cv_member_struct_stat_st_blksize" >&6
+if test $ac_cv_member_struct_stat_st_blksize = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_STAT_ST_BLKSIZE 1
+_ACEOF
+
+
+fi
+
+echo "$as_me:$LINENO: checking for struct passwd.pw_gecos" >&5
+echo $ECHO_N "checking for struct passwd.pw_gecos... $ECHO_C" >&6
+if test "${ac_cv_member_struct_passwd_pw_gecos+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <pwd.h>
+
+int
+main ()
+{
+static struct passwd ac_aggr;
+if (ac_aggr.pw_gecos)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_member_struct_passwd_pw_gecos=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <pwd.h>
+
+int
+main ()
+{
+static struct passwd ac_aggr;
+if (sizeof ac_aggr.pw_gecos)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_member_struct_passwd_pw_gecos=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_member_struct_passwd_pw_gecos=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_member_struct_passwd_pw_gecos" >&5
+echo "${ECHO_T}$ac_cv_member_struct_passwd_pw_gecos" >&6
+if test $ac_cv_member_struct_passwd_pw_gecos = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_PASSWD_PW_GECOS 1
+_ACEOF
+
+
+fi
+
+echo "$as_me:$LINENO: checking for struct passwd.pw_passwd" >&5
+echo $ECHO_N "checking for struct passwd.pw_passwd... $ECHO_C" >&6
+if test "${ac_cv_member_struct_passwd_pw_passwd+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <pwd.h>
+
+int
+main ()
+{
+static struct passwd ac_aggr;
+if (ac_aggr.pw_passwd)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_member_struct_passwd_pw_passwd=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <pwd.h>
+
+int
+main ()
+{
+static struct passwd ac_aggr;
+if (sizeof ac_aggr.pw_passwd)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_member_struct_passwd_pw_passwd=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_member_struct_passwd_pw_passwd=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_member_struct_passwd_pw_passwd" >&5
+echo "${ECHO_T}$ac_cv_member_struct_passwd_pw_passwd" >&6
+if test $ac_cv_member_struct_passwd_pw_passwd = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_PASSWD_PW_PASSWD 1
+_ACEOF
+
+
+fi
+
+
+echo "$as_me:$LINENO: checking if toupper() requires islower()" >&5
+echo $ECHO_N "checking if toupper() requires islower()... $ECHO_C" >&6
+if test "${ol_cv_c_upper_lower+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ if test "$cross_compiling" = yes; then
+ ol_cv_c_upper_lower=safe
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <ctype.h>
+main()
+{
+ if ('C' == toupper('C'))
+ exit(0);
+ else
+ exit(1);
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_c_upper_lower=no
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ol_cv_c_upper_lower=yes
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ol_cv_c_upper_lower" >&5
+echo "${ECHO_T}$ol_cv_c_upper_lower" >&6
+if test $ol_cv_c_upper_lower != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define C_UPPER_LOWER 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5
+echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6
+if test "${ac_cv_c_const+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+/* FIXME: Include the comments suggested by Paul. */
+#ifndef __cplusplus
+ /* Ultrix mips cc rejects this. */
+ typedef int charset[2];
+ const charset x;
+ /* SunOS 4.1.1 cc rejects this. */
+ char const *const *ccp;
+ char **p;
+ /* NEC SVR4.0.2 mips cc rejects this. */
+ struct point {int x, y;};
+ static struct point const zero = {0,0};
+ /* AIX XL C 1.02.0.0 rejects this.
+ It does not let you subtract one const X* pointer from another in
+ an arm of an if-expression whose if-part is not a constant
+ expression */
+ const char *g = "string";
+ ccp = &g + (g ? g-g : 0);
+ /* HPUX 7.0 cc rejects these. */
+ ++ccp;
+ p = (char**) ccp;
+ ccp = (char const *const *) p;
+ { /* SCO 3.2v4 cc rejects this. */
+ char *t;
+ char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+ *t++ = 0;
+ }
+ { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
+ int x[] = {25, 17};
+ const int *foo = &x[0];
+ ++foo;
+ }
+ { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+ typedef const int *iptr;
+ iptr p = 0;
+ ++p;
+ }
+ { /* AIX XL C 1.02.0.0 rejects this saying
+ "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+ struct s { int j; const int *ap[3]; };
+ struct s *b; b->j = 5;
+ }
+ { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+ const int foo = 10;
+ }
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_c_const=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_c_const=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5
+echo "${ECHO_T}$ac_cv_c_const" >&6
+if test $ac_cv_c_const = no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define const
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking if compiler understands volatile" >&5
+echo $ECHO_N "checking if compiler understands volatile... $ECHO_C" >&6
+if test "${ol_cv_c_volatile+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+int x, y, z;
+int
+main ()
+{
+volatile int a; int * volatile b = x ? &y : &z;
+ /* Older MIPS compilers (eg., in Ultrix 4.2) don't like *b = 0 */
+ *b = 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_c_volatile=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_c_volatile=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ol_cv_c_volatile" >&5
+echo "${ECHO_T}$ol_cv_c_volatile" >&6
+ if test $ol_cv_c_volatile = yes; then
+ :
+ else
+
+cat >>confdefs.h <<\_ACEOF
+#define volatile
+_ACEOF
+
+ fi
+
+
+if test $cross_compiling = yes ; then
+ { echo "$as_me:$LINENO: WARNING: Crossing compiling... all bets are off!" >&5
+echo "$as_me: WARNING: Crossing compiling... all bets are off!" >&2;}
+
+cat >>confdefs.h <<\_ACEOF
+#define CROSS_COMPILING 1
+_ACEOF
+
+else
+ echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5
+echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6
+if test "${ac_cv_c_bigendian+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # See if sys/param.h defines the BYTE_ORDER macro.
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/param.h>
+
+int
+main ()
+{
+#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
+ bogus endian macros
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ # It does; now see whether it defined to BIG_ENDIAN or not.
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/param.h>
+
+int
+main ()
+{
+#if BYTE_ORDER != BIG_ENDIAN
+ not big endian
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_c_bigendian=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_c_bigendian=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+# It does not; compile a test program.
+if test "$cross_compiling" = yes; then
+ # try to guess the endianness by grepping values into an object file
+ ac_cv_c_bigendian=unknown
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+short ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
+short ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
+void _ascii () { char *s = (char *) ascii_mm; s = (char *) ascii_ii; }
+short ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
+short ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
+void _ebcdic () { char *s = (char *) ebcdic_mm; s = (char *) ebcdic_ii; }
+int
+main ()
+{
+ _ascii (); _ebcdic ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ if grep BIGenDianSyS conftest.$ac_objext >/dev/null ; then
+ ac_cv_c_bigendian=yes
+fi
+if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then
+ if test "$ac_cv_c_bigendian" = unknown; then
+ ac_cv_c_bigendian=no
+ else
+ # finding both strings is unlikely to happen, but who knows?
+ ac_cv_c_bigendian=unknown
+ fi
+fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+int
+main ()
+{
+ /* Are we little or big endian? From Harbison&Steele. */
+ union
+ {
+ long l;
+ char c[sizeof (long)];
+ } u;
+ u.l = 1;
+ exit (u.c[sizeof (long) - 1] == 1);
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_c_bigendian=no
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_c_bigendian=yes
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5
+echo "${ECHO_T}$ac_cv_c_bigendian" >&6
+case $ac_cv_c_bigendian in
+ yes)
+
+cat >>confdefs.h <<\_ACEOF
+#define WORDS_BIGENDIAN 1
+_ACEOF
+ ;;
+ no)
+ ;;
+ *)
+ { { echo "$as_me:$LINENO: error: unknown endianness
+presetting ac_cv_c_bigendian=no (or yes) will help" >&5
+echo "$as_me: error: unknown endianness
+presetting ac_cv_c_bigendian=no (or yes) will help" >&2;}
+ { (exit 1); exit 1; }; } ;;
+esac
+
+fi
+
+echo "$as_me:$LINENO: checking for short" >&5
+echo $ECHO_N "checking for short... $ECHO_C" >&6
+if test "${ac_cv_type_short+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+if ((short *) 0)
+ return 0;
+if (sizeof (short))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_short=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_short=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_short" >&5
+echo "${ECHO_T}$ac_cv_type_short" >&6
+
+echo "$as_me:$LINENO: checking size of short" >&5
+echo $ECHO_N "checking size of short... $ECHO_C" >&6
+if test "${ac_cv_sizeof_short+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$ac_cv_type_short" = yes; then
+ # The cast to unsigned long works around a bug in the HP C Compiler
+ # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+ # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+ # This bug is HP SR number 8606223364.
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (short))) >= 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (short))) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_hi=$ac_mid; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_lo=`expr $ac_mid + 1`
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ ac_mid=`expr 2 '*' $ac_mid + 1`
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (short))) < 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (short))) >= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_lo=$ac_mid; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_hi=`expr '(' $ac_mid ')' - 1`
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ ac_mid=`expr 2 '*' $ac_mid`
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_lo= ac_hi=
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (short))) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_hi=$ac_mid
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_lo=`expr '(' $ac_mid ')' + 1`
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in
+?*) ac_cv_sizeof_short=$ac_lo;;
+'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (short), 77
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute sizeof (short), 77
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; } ;;
+esac
+else
+ if test "$cross_compiling" = yes; then
+ { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+long longval () { return (long) (sizeof (short)); }
+unsigned long ulongval () { return (long) (sizeof (short)); }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ exit (1);
+ if (((long) (sizeof (short))) < 0)
+ {
+ long i = longval ();
+ if (i != ((long) (sizeof (short))))
+ exit (1);
+ fprintf (f, "%ld\n", i);
+ }
+ else
+ {
+ unsigned long i = ulongval ();
+ if (i != ((long) (sizeof (short))))
+ exit (1);
+ fprintf (f, "%lu\n", i);
+ }
+ exit (ferror (f) || fclose (f) != 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_sizeof_short=`cat conftest.val`
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+{ { echo "$as_me:$LINENO: error: cannot compute sizeof (short), 77
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute sizeof (short), 77
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+rm -f conftest.val
+else
+ ac_cv_sizeof_short=0
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_sizeof_short" >&5
+echo "${ECHO_T}$ac_cv_sizeof_short" >&6
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_SHORT $ac_cv_sizeof_short
+_ACEOF
+
+
+echo "$as_me:$LINENO: checking for int" >&5
+echo $ECHO_N "checking for int... $ECHO_C" >&6
+if test "${ac_cv_type_int+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+if ((int *) 0)
+ return 0;
+if (sizeof (int))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_int=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_int=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_int" >&5
+echo "${ECHO_T}$ac_cv_type_int" >&6
+
+echo "$as_me:$LINENO: checking size of int" >&5
+echo $ECHO_N "checking size of int... $ECHO_C" >&6
+if test "${ac_cv_sizeof_int+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$ac_cv_type_int" = yes; then
+ # The cast to unsigned long works around a bug in the HP C Compiler
+ # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+ # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+ # This bug is HP SR number 8606223364.
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (int))) >= 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (int))) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_hi=$ac_mid; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_lo=`expr $ac_mid + 1`
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ ac_mid=`expr 2 '*' $ac_mid + 1`
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (int))) < 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (int))) >= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_lo=$ac_mid; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_hi=`expr '(' $ac_mid ')' - 1`
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ ac_mid=`expr 2 '*' $ac_mid`
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_lo= ac_hi=
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (int))) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_hi=$ac_mid
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_lo=`expr '(' $ac_mid ')' + 1`
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in
+?*) ac_cv_sizeof_int=$ac_lo;;
+'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (int), 77
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute sizeof (int), 77
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; } ;;
+esac
+else
+ if test "$cross_compiling" = yes; then
+ { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+long longval () { return (long) (sizeof (int)); }
+unsigned long ulongval () { return (long) (sizeof (int)); }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ exit (1);
+ if (((long) (sizeof (int))) < 0)
+ {
+ long i = longval ();
+ if (i != ((long) (sizeof (int))))
+ exit (1);
+ fprintf (f, "%ld\n", i);
+ }
+ else
+ {
+ unsigned long i = ulongval ();
+ if (i != ((long) (sizeof (int))))
+ exit (1);
+ fprintf (f, "%lu\n", i);
+ }
+ exit (ferror (f) || fclose (f) != 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_sizeof_int=`cat conftest.val`
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+{ { echo "$as_me:$LINENO: error: cannot compute sizeof (int), 77
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute sizeof (int), 77
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+rm -f conftest.val
+else
+ ac_cv_sizeof_int=0
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_sizeof_int" >&5
+echo "${ECHO_T}$ac_cv_sizeof_int" >&6
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_INT $ac_cv_sizeof_int
+_ACEOF
+
+
+echo "$as_me:$LINENO: checking for long" >&5
+echo $ECHO_N "checking for long... $ECHO_C" >&6
+if test "${ac_cv_type_long+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+if ((long *) 0)
+ return 0;
+if (sizeof (long))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_long=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_long=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_long" >&5
+echo "${ECHO_T}$ac_cv_type_long" >&6
+
+echo "$as_me:$LINENO: checking size of long" >&5
+echo $ECHO_N "checking size of long... $ECHO_C" >&6
+if test "${ac_cv_sizeof_long+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$ac_cv_type_long" = yes; then
+ # The cast to unsigned long works around a bug in the HP C Compiler
+ # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+ # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+ # This bug is HP SR number 8606223364.
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (long))) >= 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (long))) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_hi=$ac_mid; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_lo=`expr $ac_mid + 1`
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ ac_mid=`expr 2 '*' $ac_mid + 1`
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (long))) < 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (long))) >= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_lo=$ac_mid; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_hi=`expr '(' $ac_mid ')' - 1`
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ ac_mid=`expr 2 '*' $ac_mid`
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_lo= ac_hi=
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (long))) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_hi=$ac_mid
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_lo=`expr '(' $ac_mid ')' + 1`
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in
+?*) ac_cv_sizeof_long=$ac_lo;;
+'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (long), 77
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute sizeof (long), 77
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; } ;;
+esac
+else
+ if test "$cross_compiling" = yes; then
+ { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+long longval () { return (long) (sizeof (long)); }
+unsigned long ulongval () { return (long) (sizeof (long)); }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ exit (1);
+ if (((long) (sizeof (long))) < 0)
+ {
+ long i = longval ();
+ if (i != ((long) (sizeof (long))))
+ exit (1);
+ fprintf (f, "%ld\n", i);
+ }
+ else
+ {
+ unsigned long i = ulongval ();
+ if (i != ((long) (sizeof (long))))
+ exit (1);
+ fprintf (f, "%lu\n", i);
+ }
+ exit (ferror (f) || fclose (f) != 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_sizeof_long=`cat conftest.val`
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+{ { echo "$as_me:$LINENO: error: cannot compute sizeof (long), 77
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute sizeof (long), 77
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+rm -f conftest.val
+else
+ ac_cv_sizeof_long=0
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_sizeof_long" >&5
+echo "${ECHO_T}$ac_cv_sizeof_long" >&6
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_LONG $ac_cv_sizeof_long
+_ACEOF
+
+
+echo "$as_me:$LINENO: checking for long long" >&5
+echo $ECHO_N "checking for long long... $ECHO_C" >&6
+if test "${ac_cv_type_long_long+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+if ((long long *) 0)
+ return 0;
+if (sizeof (long long))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_long_long=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_long_long=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5
+echo "${ECHO_T}$ac_cv_type_long_long" >&6
+
+echo "$as_me:$LINENO: checking size of long long" >&5
+echo $ECHO_N "checking size of long long... $ECHO_C" >&6
+if test "${ac_cv_sizeof_long_long+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$ac_cv_type_long_long" = yes; then
+ # The cast to unsigned long works around a bug in the HP C Compiler
+ # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+ # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+ # This bug is HP SR number 8606223364.
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (long long))) >= 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (long long))) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_hi=$ac_mid; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_lo=`expr $ac_mid + 1`
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ ac_mid=`expr 2 '*' $ac_mid + 1`
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (long long))) < 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (long long))) >= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_lo=$ac_mid; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_hi=`expr '(' $ac_mid ')' - 1`
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ ac_mid=`expr 2 '*' $ac_mid`
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_lo= ac_hi=
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (long long))) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_hi=$ac_mid
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_lo=`expr '(' $ac_mid ')' + 1`
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in
+?*) ac_cv_sizeof_long_long=$ac_lo;;
+'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (long long), 77
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute sizeof (long long), 77
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; } ;;
+esac
+else
+ if test "$cross_compiling" = yes; then
+ { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+long longval () { return (long) (sizeof (long long)); }
+unsigned long ulongval () { return (long) (sizeof (long long)); }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ exit (1);
+ if (((long) (sizeof (long long))) < 0)
+ {
+ long i = longval ();
+ if (i != ((long) (sizeof (long long))))
+ exit (1);
+ fprintf (f, "%ld\n", i);
+ }
+ else
+ {
+ unsigned long i = ulongval ();
+ if (i != ((long) (sizeof (long long))))
+ exit (1);
+ fprintf (f, "%lu\n", i);
+ }
+ exit (ferror (f) || fclose (f) != 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_sizeof_long_long=`cat conftest.val`
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+{ { echo "$as_me:$LINENO: error: cannot compute sizeof (long long), 77
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute sizeof (long long), 77
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+rm -f conftest.val
+else
+ ac_cv_sizeof_long_long=0
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_sizeof_long_long" >&5
+echo "${ECHO_T}$ac_cv_sizeof_long_long" >&6
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_LONG_LONG $ac_cv_sizeof_long_long
+_ACEOF
+
+
+echo "$as_me:$LINENO: checking for wchar_t" >&5
+echo $ECHO_N "checking for wchar_t... $ECHO_C" >&6
+if test "${ac_cv_type_wchar_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+if ((wchar_t *) 0)
+ return 0;
+if (sizeof (wchar_t))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_wchar_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_wchar_t=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_wchar_t" >&5
+echo "${ECHO_T}$ac_cv_type_wchar_t" >&6
+
+echo "$as_me:$LINENO: checking size of wchar_t" >&5
+echo $ECHO_N "checking size of wchar_t... $ECHO_C" >&6
+if test "${ac_cv_sizeof_wchar_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$ac_cv_type_wchar_t" = yes; then
+ # The cast to unsigned long works around a bug in the HP C Compiler
+ # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+ # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+ # This bug is HP SR number 8606223364.
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (wchar_t))) >= 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (wchar_t))) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_hi=$ac_mid; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_lo=`expr $ac_mid + 1`
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ ac_mid=`expr 2 '*' $ac_mid + 1`
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (wchar_t))) < 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (wchar_t))) >= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_lo=$ac_mid; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_hi=`expr '(' $ac_mid ')' - 1`
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ ac_mid=`expr 2 '*' $ac_mid`
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_lo= ac_hi=
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+static int test_array [1 - 2 * !(((long) (sizeof (wchar_t))) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_hi=$ac_mid
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_lo=`expr '(' $ac_mid ')' + 1`
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in
+?*) ac_cv_sizeof_wchar_t=$ac_lo;;
+'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (wchar_t), 77
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute sizeof (wchar_t), 77
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; } ;;
+esac
+else
+ if test "$cross_compiling" = yes; then
+ { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+long longval () { return (long) (sizeof (wchar_t)); }
+unsigned long ulongval () { return (long) (sizeof (wchar_t)); }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ exit (1);
+ if (((long) (sizeof (wchar_t))) < 0)
+ {
+ long i = longval ();
+ if (i != ((long) (sizeof (wchar_t))))
+ exit (1);
+ fprintf (f, "%ld\n", i);
+ }
+ else
+ {
+ unsigned long i = ulongval ();
+ if (i != ((long) (sizeof (wchar_t))))
+ exit (1);
+ fprintf (f, "%lu\n", i);
+ }
+ exit (ferror (f) || fclose (f) != 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_sizeof_wchar_t=`cat conftest.val`
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+{ { echo "$as_me:$LINENO: error: cannot compute sizeof (wchar_t), 77
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute sizeof (wchar_t), 77
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+rm -f conftest.val
+else
+ ac_cv_sizeof_wchar_t=0
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_sizeof_wchar_t" >&5
+echo "${ECHO_T}$ac_cv_sizeof_wchar_t" >&6
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_WCHAR_T $ac_cv_sizeof_wchar_t
+_ACEOF
+
+
+
+if test "$ac_cv_sizeof_int" -lt 4 ; then
+ { echo "$as_me:$LINENO: WARNING: OpenLDAP requires 'int' to be 32 bits or greater." >&5
+echo "$as_me: WARNING: OpenLDAP requires 'int' to be 32 bits or greater." >&2;}
+
+
+cat >>confdefs.h <<\_ACEOF
+#define LBER_INT_T long
+_ACEOF
+
+else
+
+cat >>confdefs.h <<\_ACEOF
+#define LBER_INT_T int
+_ACEOF
+
+fi
+
+
+cat >>confdefs.h <<\_ACEOF
+#define LBER_LEN_T long
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define LBER_SOCKET_T int
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define LBER_TAG_T long
+_ACEOF
+
+
+if test $ol_with_mp = longlong || test $ol_with_mp = auto ; then
+ if test $ac_cv_sizeof_long_long -gt 4 ; then
+ ol_with_mp=longlong
+
+cat >>confdefs.h <<\_ACEOF
+#define USE_MP_LONG_LONG 1
+_ACEOF
+
+ elif test $ol_with_mp = longlong ; then
+ { { echo "$as_me:$LINENO: error: long long unusable for multiple precision" >&5
+echo "$as_me: error: long long unusable for multiple precision" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+if test $ol_with_mp = long || test $ol_with_mp = auto ; then
+ if test $ac_cv_sizeof_long -gt 4 ; then
+ ol_with_mp=long
+
+cat >>confdefs.h <<\_ACEOF
+#define USE_MP_LONG 1
+_ACEOF
+
+ elif test $ol_with_mp = long ; then
+ { { echo "$as_me:$LINENO: error: long unusable for multiple precision" >&5
+echo "$as_me: error: long unusable for multiple precision" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+if test $ol_with_mp = bignum || test $ol_with_mp = auto ; then
+
+for ac_header in openssl/bn.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+for ac_header in openssl/crypto.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ if test "$ac_cv_header_openssl_bn_h" = "yes" &&
+ test "$ac_cv_header_openssl_crypto_h" = "yes" &&
+ test "$ol_with_tls" = "found" ; then
+ ol_with_mp=bignum
+
+cat >>confdefs.h <<\_ACEOF
+#define USE_MP_BIGNUM 1
+_ACEOF
+
+ elif test $ol_with_mp = bignum ; then
+ { { echo "$as_me:$LINENO: error: bignum not available" >&5
+echo "$as_me: error: bignum not available" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+if test $ol_with_mp = gmp || test $ol_with_mp = auto ; then
+
+for ac_header in gmp.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+echo "$as_me:$LINENO: checking for __gmpz_add_ui in -lgmp" >&5
+echo $ECHO_N "checking for __gmpz_add_ui in -lgmp... $ECHO_C" >&6
+if test "${ac_cv_lib_gmp___gmpz_add_ui+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgmp $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char __gmpz_add_ui ();
+int
+main ()
+{
+__gmpz_add_ui ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_gmp___gmpz_add_ui=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_gmp___gmpz_add_ui=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_gmp___gmpz_add_ui" >&5
+echo "${ECHO_T}$ac_cv_lib_gmp___gmpz_add_ui" >&6
+if test $ac_cv_lib_gmp___gmpz_add_ui = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBGMP 1
+_ACEOF
+
+ LIBS="-lgmp $LIBS"
+
+fi
+
+ if test $ac_cv_header_gmp_h = yes && test $ac_cv_lib_gmp___gmpz_add_ui = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define USE_MP_GMP 1
+_ACEOF
+
+ ol_with_mp=gmp
+ elif test $ol_with_mp = gmp ; then
+ { { echo "$as_me:$LINENO: error: gmp not available" >&5
+echo "$as_me: error: gmp not available" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+if test $ol_with_mp = auto ; then
+ ol_with_mp=no
+fi
+
+echo "$as_me:$LINENO: checking for working memcmp" >&5
+echo $ECHO_N "checking for working memcmp... $ECHO_C" >&6
+if test "${ac_cv_func_memcmp_working+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$cross_compiling" = yes; then
+ ac_cv_func_memcmp_working=no
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+
+ /* Some versions of memcmp are not 8-bit clean. */
+ char c0 = 0x40, c1 = 0x80, c2 = 0x81;
+ if (memcmp(&c0, &c2, 1) >= 0 || memcmp(&c1, &c2, 1) >= 0)
+ exit (1);
+
+ /* The Next x86 OpenStep bug shows up only when comparing 16 bytes
+ or more and with at least one buffer not starting on a 4-byte boundary.
+ William Lewis provided this test program. */
+ {
+ char foo[21];
+ char bar[21];
+ int i;
+ for (i = 0; i < 4; i++)
+ {
+ char *a = foo + i;
+ char *b = bar + i;
+ strcpy (a, "--------01111111");
+ strcpy (b, "--------10000000");
+ if (memcmp (a, b, 16) >= 0)
+ exit (1);
+ }
+ exit (0);
+ }
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_memcmp_working=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_memcmp_working=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_memcmp_working" >&5
+echo "${ECHO_T}$ac_cv_func_memcmp_working" >&6
+test $ac_cv_func_memcmp_working = no && case $LIBOBJS in
+ "memcmp.$ac_objext" | \
+ *" memcmp.$ac_objext" | \
+ "memcmp.$ac_objext "* | \
+ *" memcmp.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS memcmp.$ac_objext" ;;
+esac
+
+
+
+if test $ac_cv_func_memcmp_working = no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_MEMCMP_REPLACEMENT 1
+_ACEOF
+
+fi
+
+
+for ac_func in strftime
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+else
+ # strftime is in -lintl on SCO UNIX.
+echo "$as_me:$LINENO: checking for strftime in -lintl" >&5
+echo $ECHO_N "checking for strftime in -lintl... $ECHO_C" >&6
+if test "${ac_cv_lib_intl_strftime+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lintl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char strftime ();
+int
+main ()
+{
+strftime ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_intl_strftime=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_intl_strftime=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_intl_strftime" >&5
+echo "${ECHO_T}$ac_cv_lib_intl_strftime" >&6
+if test $ac_cv_lib_intl_strftime = yes; then
+ cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRFTIME 1
+_ACEOF
+
+LIBS="-lintl $LIBS"
+fi
+
+fi
+done
+
+
+echo "$as_me:$LINENO: checking for inet_aton()" >&5
+echo $ECHO_N "checking for inet_aton()... $ECHO_C" >&6
+if test "${ol_cv_func_inet_aton+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+# include <sys/socket.h>
+# ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+# endif
+# include <netinet/in.h>
+# ifdef HAVE_ARPA_INET_H
+# include <arpa/inet.h>
+# endif
+#endif
+
+int
+main ()
+{
+struct in_addr in;
+int rc = inet_aton( "255.255.255.255", &in );
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_func_inet_aton=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_func_inet_aton=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ol_cv_func_inet_aton" >&5
+echo "${ECHO_T}$ol_cv_func_inet_aton" >&6
+ if test $ol_cv_func_inet_aton != no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_INET_ATON 1
+_ACEOF
+
+ fi
+
+
+echo "$as_me:$LINENO: checking for _spawnlp" >&5
+echo $ECHO_N "checking for _spawnlp... $ECHO_C" >&6
+if test "${ac_cv_func__spawnlp+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define _spawnlp to an innocuous variant, in case <limits.h> declares _spawnlp.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define _spawnlp innocuous__spawnlp
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char _spawnlp (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef _spawnlp
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char _spawnlp ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub__spawnlp) || defined (__stub____spawnlp)
+choke me
+#else
+char (*f) () = _spawnlp;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != _spawnlp;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func__spawnlp=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func__spawnlp=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func__spawnlp" >&5
+echo "${ECHO_T}$ac_cv_func__spawnlp" >&6
+if test $ac_cv_func__spawnlp = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_SPAWNLP 1
+_ACEOF
+
+fi
+
+
+echo "$as_me:$LINENO: checking for _snprintf" >&5
+echo $ECHO_N "checking for _snprintf... $ECHO_C" >&6
+if test "${ac_cv_func__snprintf+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define _snprintf to an innocuous variant, in case <limits.h> declares _snprintf.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define _snprintf innocuous__snprintf
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char _snprintf (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef _snprintf
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char _snprintf ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub__snprintf) || defined (__stub____snprintf)
+choke me
+#else
+char (*f) () = _snprintf;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != _snprintf;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func__snprintf=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func__snprintf=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func__snprintf" >&5
+echo "${ECHO_T}$ac_cv_func__snprintf" >&6
+if test $ac_cv_func__snprintf = yes; then
+ ac_cv_func_snprintf=yes
+
+cat >>confdefs.h <<\_ACEOF
+#define snprintf _snprintf
+_ACEOF
+
+
+fi
+
+
+echo "$as_me:$LINENO: checking for _vsnprintf" >&5
+echo $ECHO_N "checking for _vsnprintf... $ECHO_C" >&6
+if test "${ac_cv_func__vsnprintf+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define _vsnprintf to an innocuous variant, in case <limits.h> declares _vsnprintf.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define _vsnprintf innocuous__vsnprintf
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char _vsnprintf (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef _vsnprintf
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char _vsnprintf ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub__vsnprintf) || defined (__stub____vsnprintf)
+choke me
+#else
+char (*f) () = _vsnprintf;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != _vsnprintf;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func__vsnprintf=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func__vsnprintf=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func__vsnprintf" >&5
+echo "${ECHO_T}$ac_cv_func__vsnprintf" >&6
+if test $ac_cv_func__vsnprintf = yes; then
+ ac_cv_func_vsnprintf=yes
+
+cat >>confdefs.h <<\_ACEOF
+#define vsnprintf _vsnprintf
+_ACEOF
+
+
+fi
+
+
+
+for ac_func in vprintf
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+echo "$as_me:$LINENO: checking for _doprnt" >&5
+echo $ECHO_N "checking for _doprnt... $ECHO_C" >&6
+if test "${ac_cv_func__doprnt+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define _doprnt to an innocuous variant, in case <limits.h> declares _doprnt.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define _doprnt innocuous__doprnt
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char _doprnt (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef _doprnt
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char _doprnt ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub__doprnt) || defined (__stub____doprnt)
+choke me
+#else
+char (*f) () = _doprnt;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != _doprnt;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func__doprnt=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func__doprnt=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func__doprnt" >&5
+echo "${ECHO_T}$ac_cv_func__doprnt" >&6
+if test $ac_cv_func__doprnt = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_DOPRNT 1
+_ACEOF
+
+fi
+
+fi
+done
+
+
+
+if test $ac_cv_func_vprintf = yes ; then
+
+
+for ac_func in snprintf vsnprintf
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+for ac_func in \
+ bcopy \
+ closesocket \
+ chroot \
+ endgrent \
+ endpwent \
+ fcntl \
+ flock \
+ fstat \
+ getdtablesize \
+ getgrgid \
+ gethostname \
+ getpass \
+ getpassphrase \
+ getpwuid \
+ getpwnam \
+ getspnam \
+ gettimeofday \
+ initgroups \
+ inet_ntoa_b \
+ lockf \
+ memcpy \
+ memmove \
+ memrchr \
+ mkstemp \
+ mktemp \
+ pipe \
+ read \
+ recv \
+ recvfrom \
+ setpwfile \
+ setgid \
+ setegid \
+ setsid \
+ setuid \
+ seteuid \
+ signal \
+ strdup \
+ strpbrk \
+ strrchr \
+ strsep \
+ strstr \
+ strtol \
+ strtoul \
+ strtoq \
+ strtouq \
+ strtoll \
+ strspn \
+ sysconf \
+ waitpid \
+ wait4 \
+ write \
+ send \
+ sendmsg \
+ sendto \
+
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+
+
+for ac_func in getopt getpeereid
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+else
+ case $LIBOBJS in
+ "$ac_func.$ac_objext" | \
+ *" $ac_func.$ac_objext" | \
+ "$ac_func.$ac_objext "* | \
+ *" $ac_func.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS $ac_func.$ac_objext" ;;
+esac
+
+fi
+done
+
+
+
+if test "$ac_cv_func_getopt" != yes; then
+ LIBSRCS="$LIBSRCS getopt.c"
+fi
+if test "$ac_cv_func_getpeereid" != yes; then
+ echo "$as_me:$LINENO: checking for struct msghdr.msg_accrightslen" >&5
+echo $ECHO_N "checking for struct msghdr.msg_accrightslen... $ECHO_C" >&6
+if test "${ac_cv_member_struct_msghdr_msg_accrightslen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+int
+main ()
+{
+static struct msghdr ac_aggr;
+if (ac_aggr.msg_accrightslen)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_member_struct_msghdr_msg_accrightslen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+int
+main ()
+{
+static struct msghdr ac_aggr;
+if (sizeof ac_aggr.msg_accrightslen)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_member_struct_msghdr_msg_accrightslen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_member_struct_msghdr_msg_accrightslen=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_member_struct_msghdr_msg_accrightslen" >&5
+echo "${ECHO_T}$ac_cv_member_struct_msghdr_msg_accrightslen" >&6
+if test $ac_cv_member_struct_msghdr_msg_accrightslen = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_MSGHDR_MSG_ACCRIGHTSLEN 1
+_ACEOF
+
+
+fi
+
+ if test "$ac_cv_member_struct_msghdr_msg_accrightslen" != yes; then
+ echo "$as_me:$LINENO: checking for struct msghdr.msg_control" >&5
+echo $ECHO_N "checking for struct msghdr.msg_control... $ECHO_C" >&6
+if test "${ac_cv_member_struct_msghdr_msg_control+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+int
+main ()
+{
+static struct msghdr ac_aggr;
+if (ac_aggr.msg_control)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_member_struct_msghdr_msg_control=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+int
+main ()
+{
+static struct msghdr ac_aggr;
+if (sizeof ac_aggr.msg_control)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_member_struct_msghdr_msg_control=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_member_struct_msghdr_msg_control=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_member_struct_msghdr_msg_control" >&5
+echo "${ECHO_T}$ac_cv_member_struct_msghdr_msg_control" >&6
+if test $ac_cv_member_struct_msghdr_msg_control = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_MSGHDR_MSG_CONTROL 1
+_ACEOF
+
+
+fi
+
+ fi
+ LIBSRCS="$LIBSRCS getpeereid.c"
+fi
+if test "$ac_cv_func_snprintf" != yes ||
+ test "$ac_cv_func_vsnprintf" != yes; then
+ if test "$ac_cv_func_snprintf" != yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define snprintf ber_pvt_snprintf
+_ACEOF
+
+ fi
+ if test "$ac_cv_func_vsnprintf" != yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define vsnprintf ber_pvt_vsnprintf
+_ACEOF
+
+ fi
+fi
+
+
+if test "$ol_enable_slapi" != no ; then
+
+for ac_header in ltdl.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ if test $ac_cv_header_ltdl_h != yes ; then
+ { { echo "$as_me:$LINENO: error: could not locate <ltdl.h>" >&5
+echo "$as_me: error: could not locate <ltdl.h>" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ echo "$as_me:$LINENO: checking for lt_dlinit in -lltdl" >&5
+echo $ECHO_N "checking for lt_dlinit in -lltdl... $ECHO_C" >&6
+if test "${ac_cv_lib_ltdl_lt_dlinit+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lltdl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char lt_dlinit ();
+int
+main ()
+{
+lt_dlinit ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_ltdl_lt_dlinit=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_ltdl_lt_dlinit=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_ltdl_lt_dlinit" >&5
+echo "${ECHO_T}$ac_cv_lib_ltdl_lt_dlinit" >&6
+if test $ac_cv_lib_ltdl_lt_dlinit = yes; then
+
+ SLAPI_LIBS=-lltdl
+ LIBSLAPI=libslapi.a
+ LIBSLAPITOOLS=../libslapi.a
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_LIBLTDL 1
+_ACEOF
+
+
+else
+ { { echo "$as_me:$LINENO: error: could not locate libtool -lltdl" >&5
+echo "$as_me: error: could not locate libtool -lltdl" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+
+
+cat >>confdefs.h <<\_ACEOF
+#define LDAP_SLAPI 1
+_ACEOF
+
+fi
+
+if test "$ol_enable_debug" != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define LDAP_DEBUG 1
+_ACEOF
+
+fi
+if test "$ol_enable_syslog" = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define LDAP_SYSLOG 1
+_ACEOF
+
+fi
+if test "$ol_link_kbind" != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND LDAP_VENDOR_VERSION
+_ACEOF
+
+fi
+if test "$ol_enable_proctitle" != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define LDAP_PROCTITLE 1
+_ACEOF
+
+fi
+if test "$ol_enable_referrals" != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS LDAP_VENDOR_VERSION
+_ACEOF
+
+fi
+if test "$ol_enable_local" != no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define LDAP_PF_LOCAL 1
+_ACEOF
+
+fi
+if test "$ol_link_ipv6" != no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define LDAP_PF_INET6 1
+_ACEOF
+
+fi
+if test "$ol_enable_cleartext" != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define SLAPD_CLEARTEXT 1
+_ACEOF
+
+fi
+if test "$ol_enable_crypt" != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define SLAPD_CRYPT 1
+_ACEOF
+
+fi
+if test "$ol_link_spasswd" != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define SLAPD_SPASSWD 1
+_ACEOF
+
+fi
+if test "$ol_enable_multimaster" != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define SLAPD_MULTIMASTER 1
+_ACEOF
+
+fi
+if test "$ol_enable_rlookups" != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define SLAPD_RLOOKUPS 1
+_ACEOF
+
+fi
+if test "$ol_enable_aci" != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define SLAPD_ACI_ENABLED 1
+_ACEOF
+
+ WITH_ACI_ENABLED=yes
+else
+ WITH_ACI_ENABLED=no
+fi
+
+if test "$ol_link_modules" != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define SLAPD_MODULES 1
+_ACEOF
+
+ BUILD_SLAPD=yes
+ SLAPD_MODULES_LDFLAGS="-dlopen self"
+fi
+
+
+cat >>confdefs.h <<\_ACEOF
+#define SLAPD_MOD_STATIC 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define SLAPD_MOD_DYNAMIC 2
+_ACEOF
+
+
+if test "$ol_enable_bdb" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_BDB=$ol_enable_bdb
+ if test "$ol_enable_bdb" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-bdb"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-bdb"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_BDB $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_dnssrv" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_DNSSRV=$ol_enable_dnssrv
+ if test "$ol_enable_dnssrv" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-dnssrv"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-dnssrv"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_DNSSRV $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_hdb" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_HDB=$ol_enable_hdb
+ if test "$ol_enable_hdb" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-hdb"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-hdb"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_HDB $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_ldap" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_LDAP=$ol_enable_ldap
+ if test "$ol_enable_ldap" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-ldap"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-ldap"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_LDAP $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_link_ldbm" != no && test $ol_enable_ldbm != no; then
+ BUILD_SLAPD=yes
+ BUILD_LDBM=$ol_enable_ldbm
+ if test "$ol_enable_ldbm" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-ldbm"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-ldbm"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_LDBM $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_meta" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_META=$ol_enable_meta
+ BUILD_REWRITE=yes
+ if test "$ol_enable_meta" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-meta"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-meta"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_META $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_monitor" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_MONITOR=$ol_enable_monitor
+ if test "$ol_enable_monitor" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-monitor"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-monitor"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_MONITOR $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_null" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_NULL=$ol_enable_null
+ if test "$ol_enable_null" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-null"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-null"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_NULL $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_passwd" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_PASSWD=$ol_enable_passwd
+ if test "$ol_enable_passwd" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-passwd"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-passwd"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_PASSWD $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_link_perl" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_PERL=$ol_enable_perl
+ if test "$ol_enable_perl" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-perl"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-perl"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_PERL $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_relay" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_RELAY=$ol_enable_relay
+ if test "$ol_enable_relay" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-relay"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-relay"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_RELAY $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_shell" != no ; then
+ if test "$ol_link_threads" != no ; then
+ { echo "$as_me:$LINENO: WARNING: Use of --without-threads is recommended with back-shell" >&5
+echo "$as_me: WARNING: Use of --without-threads is recommended with back-shell" >&2;}
+ fi
+ BUILD_SLAPD=yes
+ BUILD_SHELL=$ol_enable_shell
+ if test "$ol_enable_shell" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-shell"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-shell"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_SHELL $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_link_sql" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_SQL=$ol_enable_sql
+ if test "$ol_enable_sql" = mod; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-sql"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-sql"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_SQL $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_accesslog" != no ; then
+ BUILD_ACCESSLOG=$ol_enable_accesslog
+ if test "$ol_enable_accesslog" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS accesslog.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS accesslog.o"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_ACCESSLOG $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_auditlog" != no ; then
+ BUILD_AUDITLOG=$ol_enable_auditlog
+ if test "$ol_enable_auditlog" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS auditlog.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS auditlog.o"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_AUDITLOG $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_denyop" != no ; then
+ BUILD_DENYOP=$ol_enable_denyop
+ if test "$ol_enable_denyop" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS denyop.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS denyop.o"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_DENYOP $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_dyngroup" != no ; then
+ BUILD_DYNGROUP=$ol_enable_dyngroup
+ if test "$ol_enable_dyngroup" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS dyngroup.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS dyngroup.o"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_DYNGROUP $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_dynlist" != no ; then
+ BUILD_DYNLIST=$ol_enable_dynlist
+ if test "$ol_enable_dynlist" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS dynlist.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS dynlist.o"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_DYNLIST $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_lastmod" != no ; then
+ BUILD_LASTMOD=$ol_enable_lastmod
+ if test "$ol_enable_lastmod" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS lastmod.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS lastmod.o"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_LASTMOD $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_ppolicy" != no ; then
+ BUILD_PPOLICY=$ol_enable_ppolicy
+ if test "$ol_enable_ppolicy" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS ppolicy.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS ppolicy.o"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_PPOLICY $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_proxycache" != no ; then
+ BUILD_PROXYCACHE=$ol_enable_proxycache
+ if test "$ol_enable_proxycache" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS pcache.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS pcache.o"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_PROXYCACHE $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_refint" != no ; then
+ BUILD_REFINT=$ol_enable_refint
+ if test "$ol_enable_refint" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS refint.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS refint.o"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_REFINT $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_retcode" != no ; then
+ BUILD_RETCODE=$ol_enable_retcode
+ if test "$ol_enable_retcode" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS retcode.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS retcode.o"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_RETCODE $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_rwm" != no ; then
+ BUILD_REWRITE=yes
+ BUILD_RWM=$ol_enable_rwm
+ if test "$ol_enable_rwm" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS rwm.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS rwm_x.o"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_RWM $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_syncprov" != no ; then
+ BUILD_SYNCPROV=$ol_enable_syncprov
+ if test "$ol_enable_syncprov" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS syncprov.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS syncprov.o"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_SYNCPROV $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_translucent" != no ; then
+ BUILD_TRANSLUCENT=$ol_enable_translucent
+ if test "$ol_enable_translucent" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS translucent.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS translucent.o"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_TRANSLUCENT $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_unique" != no ; then
+ BUILD_UNIQUE=$ol_enable_unique
+ if test "$ol_enable_unique" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS unique.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS unique.o"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_UNIQUE $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_valsort" != no ; then
+ BUILD_VALSORT=$ol_enable_valsort
+ if test "$ol_enable_valsort" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS valsort.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS valsort.o"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_VALSORT $MFLAG
+_ACEOF
+
+fi
+
+if test "$ol_enable_slurpd" != no &&
+ test "$ol_link_threads" != no &&
+ test $BUILD_SLAPD = yes ; then
+ BUILD_SLURPD=yes
+fi
+
+if test "$ol_enable_rewrite" != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define ENABLE_REWRITE 1
+_ACEOF
+
+ BUILD_REWRITE=yes
+fi
+
+if test "$ol_enable_slapi" != no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define ENABLE_SLAPI 1
+_ACEOF
+
+ BUILD_SLAPI=yes
+ SLAPD_SLAPI_DEPEND=libslapi.a
+fi
+
+
+
+if test "$ac_cv_mingw32" = yes ; then
+ PLAT=NT
+ SLAPD_MODULES_LDFLAGS=
+else
+ PLAT=UNIX
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-xxinstall or --without-xxinstall was given.
+if test "${with_xxinstall+set}" = set; then
+ withval="$with_xxinstall"
+
+fi;
+
+
+ ac_config_files="$ac_config_files Makefile:build/top.mk:Makefile.in:build/dir.mk doc/Makefile:build/top.mk:doc/Makefile.in:build/dir.mk doc/man/Makefile:build/top.mk:doc/man/Makefile.in:build/dir.mk doc/man/man1/Makefile:build/top.mk:doc/man/man1/Makefile.in:build/man.mk doc/man/man3/Makefile:build/top.mk:doc/man/man3/Makefile.in:build/man.mk doc/man/man5/Makefile:build/top.mk:doc/man/man5/Makefile.in:build/man.mk doc/man/man8/Makefile:build/top.mk:doc/man/man8/Makefile.in:build/man.mk clients/Makefile:build/top.mk:clients/Makefile.in:build/dir.mk clients/tools/Makefile:build/top.mk:clients/tools/Makefile.in:build/rules.mk include/Makefile:build/top.mk:include/Makefile.in libraries/Makefile:build/top.mk:libraries/Makefile.in:build/dir.mk libraries/liblber/Makefile:build/top.mk:libraries/liblber/Makefile.in:build/lib.mk:build/lib-shared.mk libraries/libldap/Makefile:build/top.mk:libraries/libldap/Makefile.in:build/lib.mk:build/lib-shared.mk libraries/libldap_r/Makefile:build/top.mk:libraries/libldap_r/Makefile.in:build/lib.mk:build/lib-shared.mk libraries/liblunicode/Makefile:build/top.mk:libraries/liblunicode/Makefile.in:build/lib.mk:build/lib-static.mk libraries/liblutil/Makefile:build/top.mk:libraries/liblutil/Makefile.in:build/lib.mk:build/lib-static.mk libraries/librewrite/Makefile:build/top.mk:libraries/librewrite/Makefile.in:build/lib.mk:build/lib-static.mk servers/Makefile:build/top.mk:servers/Makefile.in:build/dir.mk servers/slapd/Makefile:build/top.mk:servers/slapd/Makefile.in:build/srv.mk servers/slapd/back-bdb/Makefile:build/top.mk:servers/slapd/back-bdb/Makefile.in:build/mod.mk servers/slapd/back-dnssrv/Makefile:build/top.mk:servers/slapd/back-dnssrv/Makefile.in:build/mod.mk servers/slapd/back-hdb/Makefile:build/top.mk:servers/slapd/back-hdb/Makefile.in:build/mod.mk servers/slapd/back-ldap/Makefile:build/top.mk:servers/slapd/back-ldap/Makefile.in:build/mod.mk servers/slapd/back-ldbm/Makefile:build/top.mk:servers/slapd/back-ldbm/Makefile.in:build/mod.mk servers/slapd/back-ldif/Makefile:build/top.mk:servers/slapd/back-ldif/Makefile.in:build/mod.mk servers/slapd/back-meta/Makefile:build/top.mk:servers/slapd/back-meta/Makefile.in:build/mod.mk servers/slapd/back-monitor/Makefile:build/top.mk:servers/slapd/back-monitor/Makefile.in:build/mod.mk servers/slapd/back-null/Makefile:build/top.mk:servers/slapd/back-null/Makefile.in:build/mod.mk servers/slapd/back-passwd/Makefile:build/top.mk:servers/slapd/back-passwd/Makefile.in:build/mod.mk servers/slapd/back-perl/Makefile:build/top.mk:servers/slapd/back-perl/Makefile.in:build/mod.mk servers/slapd/back-relay/Makefile:build/top.mk:servers/slapd/back-relay/Makefile.in:build/mod.mk servers/slapd/back-shell/Makefile:build/top.mk:servers/slapd/back-shell/Makefile.in:build/mod.mk servers/slapd/back-sql/Makefile:build/top.mk:servers/slapd/back-sql/Makefile.in:build/mod.mk servers/slapd/shell-backends/Makefile:build/top.mk:servers/slapd/shell-backends/Makefile.in:build/srv.mk servers/slapd/slapi/Makefile:build/top.mk:servers/slapd/slapi/Makefile.in:build/lib.mk:build/lib-shared.mk servers/slapd/overlays/Makefile:build/top.mk:servers/slapd/overlays/Makefile.in:build/lib.mk servers/slurpd/Makefile:build/top.mk:servers/slurpd/Makefile.in:build/srv.mk tests/Makefile:build/top.mk:tests/Makefile.in:build/dir.mk tests/run tests/progs/Makefile:build/top.mk:tests/progs/Makefile.in:build/rules.mk"
+
+
+ ac_config_commands="$ac_config_commands default"
+
+
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+# VPATH may cause trouble with some makes, so we remove $(srcdir),
+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+ ac_vpsub='/^[ ]*VPATH[ ]*=/{
+s/:*\$(srcdir):*/:/;
+s/:*\${srcdir}:*/:/;
+s/:*@srcdir@:*/:/;
+s/^\([^=]*=[ ]*\):*/\1/;
+s/:*$//;
+s/^[^=]*=[ ]*$//;
+}'
+fi
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+ # 1. Remove the extension, and $U if already installed.
+ ac_i=`echo "$ac_i" |
+ sed 's/\$U\././;s/\.o$//;s/\.obj$//'`
+ # 2. Add them.
+ ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext"
+ ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+: ${CONFIG_STATUS=./config.status}
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
+echo "$as_me: creating $CONFIG_STATUS" >&6;}
+cat >$CONFIG_STATUS <<_ACEOF
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=\${CONFIG_SHELL-$SHELL}
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+## --------------------- ##
+## M4sh Initialization. ##
+## --------------------- ##
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
+ set -o posix
+fi
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+ as_unset=unset
+else
+ as_unset=false
+fi
+
+
+# Work around bugs in pre-3.0 UWIN ksh.
+$as_unset ENV MAIL MAILPATH
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+for as_var in \
+ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
+ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
+ LC_TELEPHONE LC_TIME
+do
+ if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
+ eval $as_var=C; export $as_var
+ else
+ $as_unset $as_var
+ fi
+done
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)$' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
+ /^X\/\(\/\/\)$/{ s//\1/; q; }
+ /^X\/\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+
+
+# PATH needs CR, and LINENO needs CR and PATH.
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+
+
+ as_lineno_1=$LINENO
+ as_lineno_2=$LINENO
+ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+ test "x$as_lineno_1" != "x$as_lineno_2" &&
+ test "x$as_lineno_3" = "x$as_lineno_2" || {
+ # Find who we are. Look in the path if we contain no path at all
+ # relative or not.
+ case $0 in
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+
+ ;;
+ esac
+ # We did not find ourselves, most probably we were run as `sh COMMAND'
+ # in which case we are not to be found in the path.
+ if test "x$as_myself" = x; then
+ as_myself=$0
+ fi
+ if test ! -f "$as_myself"; then
+ { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5
+echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ case $CONFIG_SHELL in
+ '')
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for as_base in sh bash ksh sh5; do
+ case $as_dir in
+ /*)
+ if ("$as_dir/$as_base" -c '
+ as_lineno_1=$LINENO
+ as_lineno_2=$LINENO
+ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+ test "x$as_lineno_1" != "x$as_lineno_2" &&
+ test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then
+ $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
+ $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
+ CONFIG_SHELL=$as_dir/$as_base
+ export CONFIG_SHELL
+ exec "$CONFIG_SHELL" "$0" ${1+"$@"}
+ fi;;
+ esac
+ done
+done
+;;
+ esac
+
+ # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+ # uniformly replaced by the line number. The first 'sed' inserts a
+ # line-number line before each line; the second 'sed' does the real
+ # work. The second script uses 'N' to pair each line-number line
+ # with the numbered line, and appends trailing '-' during
+ # substitution so that $LINENO is not a special case at line end.
+ # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+ # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-)
+ sed '=' <$as_myself |
+ sed '
+ N
+ s,$,-,
+ : loop
+ s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
+ t loop
+ s,-$,,
+ s,^['$as_cr_digits']*\n,,
+ ' >$as_me.lineno &&
+ chmod +x $as_me.lineno ||
+ { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5
+echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;}
+ { (exit 1); exit 1; }; }
+
+ # Don't try to exec as it changes $[0], causing all sort of problems
+ # (the dirname of $[0] is not the place where we might find the
+ # original and so on. Autoconf is especially sensible to this).
+ . ./$as_me.lineno
+ # Exit status is that of the last command.
+ exit
+}
+
+
+case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
+ *c*,-n*) ECHO_N= ECHO_C='
+' ECHO_T=' ' ;;
+ *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;;
+ *) ECHO_N= ECHO_C='\c' ECHO_T= ;;
+esac
+
+if expr a : '\(a\)' >/dev/null 2>&1; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+echo >conf$$.file
+if ln -s conf$$.file conf$$ 2>/dev/null; then
+ # We could just check for DJGPP; but this test a) works b) is more generic
+ # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
+ if test -f conf$$.exe; then
+ # Don't use ln at all; we don't have any links
+ as_ln_s='cp -p'
+ else
+ as_ln_s='ln -s'
+ fi
+elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.file
+
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p=:
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+as_executable_p="test -f"
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.
+as_nl='
+'
+IFS=" $as_nl"
+
+# CDPATH.
+$as_unset CDPATH
+
+exec 6>&1
+
+# Open the log real soon, to keep \$[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling. Logging --version etc. is OK.
+exec 5>>config.log
+{
+ echo
+ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+} >&5
+cat >&5 <<_CSEOF
+
+This file was extended by $as_me, which was
+generated by GNU Autoconf 2.59. Invocation command line was
+
+ CONFIG_FILES = $CONFIG_FILES
+ CONFIG_HEADERS = $CONFIG_HEADERS
+ CONFIG_LINKS = $CONFIG_LINKS
+ CONFIG_COMMANDS = $CONFIG_COMMANDS
+ $ $0 $@
+
+_CSEOF
+echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5
+echo >&5
+_ACEOF
+
+# Files that config.status was made for.
+if test -n "$ac_config_files"; then
+ echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS
+fi
+
+if test -n "$ac_config_headers"; then
+ echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS
+fi
+
+if test -n "$ac_config_links"; then
+ echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS
+fi
+
+if test -n "$ac_config_commands"; then
+ echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTIONS] [FILE]...
+
+ -h, --help print this help, then exit
+ -V, --version print version number, then exit
+ -q, --quiet do not print progress messages
+ -d, --debug don't remove temporary files
+ --recheck update $as_me by reconfiguring in the same conditions
+ --file=FILE[:TEMPLATE]
+ instantiate the configuration file FILE
+ --header=FILE[:TEMPLATE]
+ instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-autoconf at gnu.org>."
+_ACEOF
+
+cat >>$CONFIG_STATUS <<_ACEOF
+ac_cs_version="\\
+config.status
+configured by $0, generated by GNU Autoconf 2.59,
+ with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
+
+Copyright (C) 2003 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+srcdir=$srcdir
+INSTALL="$INSTALL"
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+# If no file are specified by the user, then we need to provide default
+# value. By we need to know if files were specified by the user.
+ac_need_defaults=:
+while test $# != 0
+do
+ case $1 in
+ --*=*)
+ ac_option=`expr "x$1" : 'x\([^=]*\)='`
+ ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'`
+ ac_shift=:
+ ;;
+ -*)
+ ac_option=$1
+ ac_optarg=$2
+ ac_shift=shift
+ ;;
+ *) # This is not an option, so the user has probably given explicit
+ # arguments.
+ ac_option=$1
+ ac_need_defaults=false;;
+ esac
+
+ case $ac_option in
+ # Handling of the options.
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+ ac_cs_recheck=: ;;
+ --version | --vers* | -V )
+ echo "$ac_cs_version"; exit 0 ;;
+ --he | --h)
+ # Conflict between --help and --header
+ { { echo "$as_me:$LINENO: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&5
+echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2;}
+ { (exit 1); exit 1; }; };;
+ --help | --hel | -h )
+ echo "$ac_cs_usage"; exit 0 ;;
+ --debug | --d* | -d )
+ debug=: ;;
+ --file | --fil | --fi | --f )
+ $ac_shift
+ CONFIG_FILES="$CONFIG_FILES $ac_optarg"
+ ac_need_defaults=false;;
+ --header | --heade | --head | --hea )
+ $ac_shift
+ CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg"
+ ac_need_defaults=false;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil | --si | --s)
+ ac_cs_silent=: ;;
+
+ # This is an error.
+ -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&5
+echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2;}
+ { (exit 1); exit 1; }; } ;;
+
+ *) ac_config_targets="$ac_config_targets $1" ;;
+
+ esac
+ shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+ exec 6>/dev/null
+ ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF
+if \$ac_cs_recheck; then
+ echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6
+ exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+fi
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<_ACEOF
+#
+# INIT-COMMANDS section.
+#
+
+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+
+STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS"
+STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS"
+
+
+_ACEOF
+
+
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+for ac_config_target in $ac_config_targets
+do
+ case "$ac_config_target" in
+ # Handling of arguments.
+ "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile:build/top.mk:Makefile.in:build/dir.mk" ;;
+ "doc/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/Makefile:build/top.mk:doc/Makefile.in:build/dir.mk" ;;
+ "doc/man/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/man/Makefile:build/top.mk:doc/man/Makefile.in:build/dir.mk" ;;
+ "doc/man/man1/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/man/man1/Makefile:build/top.mk:doc/man/man1/Makefile.in:build/man.mk" ;;
+ "doc/man/man3/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/man/man3/Makefile:build/top.mk:doc/man/man3/Makefile.in:build/man.mk" ;;
+ "doc/man/man5/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/man/man5/Makefile:build/top.mk:doc/man/man5/Makefile.in:build/man.mk" ;;
+ "doc/man/man8/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/man/man8/Makefile:build/top.mk:doc/man/man8/Makefile.in:build/man.mk" ;;
+ "clients/Makefile" ) CONFIG_FILES="$CONFIG_FILES clients/Makefile:build/top.mk:clients/Makefile.in:build/dir.mk" ;;
+ "clients/tools/Makefile" ) CONFIG_FILES="$CONFIG_FILES clients/tools/Makefile:build/top.mk:clients/tools/Makefile.in:build/rules.mk" ;;
+ "include/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/Makefile:build/top.mk:include/Makefile.in" ;;
+ "libraries/Makefile" ) CONFIG_FILES="$CONFIG_FILES libraries/Makefile:build/top.mk:libraries/Makefile.in:build/dir.mk" ;;
+ "libraries/liblber/Makefile" ) CONFIG_FILES="$CONFIG_FILES libraries/liblber/Makefile:build/top.mk:libraries/liblber/Makefile.in:build/lib.mk:build/lib-shared.mk" ;;
+ "libraries/libldap/Makefile" ) CONFIG_FILES="$CONFIG_FILES libraries/libldap/Makefile:build/top.mk:libraries/libldap/Makefile.in:build/lib.mk:build/lib-shared.mk" ;;
+ "libraries/libldap_r/Makefile" ) CONFIG_FILES="$CONFIG_FILES libraries/libldap_r/Makefile:build/top.mk:libraries/libldap_r/Makefile.in:build/lib.mk:build/lib-shared.mk" ;;
+ "libraries/liblunicode/Makefile" ) CONFIG_FILES="$CONFIG_FILES libraries/liblunicode/Makefile:build/top.mk:libraries/liblunicode/Makefile.in:build/lib.mk:build/lib-static.mk" ;;
+ "libraries/liblutil/Makefile" ) CONFIG_FILES="$CONFIG_FILES libraries/liblutil/Makefile:build/top.mk:libraries/liblutil/Makefile.in:build/lib.mk:build/lib-static.mk" ;;
+ "libraries/librewrite/Makefile" ) CONFIG_FILES="$CONFIG_FILES libraries/librewrite/Makefile:build/top.mk:libraries/librewrite/Makefile.in:build/lib.mk:build/lib-static.mk" ;;
+ "servers/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/Makefile:build/top.mk:servers/Makefile.in:build/dir.mk" ;;
+ "servers/slapd/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/Makefile:build/top.mk:servers/slapd/Makefile.in:build/srv.mk" ;;
+ "servers/slapd/back-bdb/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-bdb/Makefile:build/top.mk:servers/slapd/back-bdb/Makefile.in:build/mod.mk" ;;
+ "servers/slapd/back-dnssrv/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-dnssrv/Makefile:build/top.mk:servers/slapd/back-dnssrv/Makefile.in:build/mod.mk" ;;
+ "servers/slapd/back-hdb/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-hdb/Makefile:build/top.mk:servers/slapd/back-hdb/Makefile.in:build/mod.mk" ;;
+ "servers/slapd/back-ldap/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-ldap/Makefile:build/top.mk:servers/slapd/back-ldap/Makefile.in:build/mod.mk" ;;
+ "servers/slapd/back-ldbm/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-ldbm/Makefile:build/top.mk:servers/slapd/back-ldbm/Makefile.in:build/mod.mk" ;;
+ "servers/slapd/back-ldif/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-ldif/Makefile:build/top.mk:servers/slapd/back-ldif/Makefile.in:build/mod.mk" ;;
+ "servers/slapd/back-meta/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-meta/Makefile:build/top.mk:servers/slapd/back-meta/Makefile.in:build/mod.mk" ;;
+ "servers/slapd/back-monitor/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-monitor/Makefile:build/top.mk:servers/slapd/back-monitor/Makefile.in:build/mod.mk" ;;
+ "servers/slapd/back-null/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-null/Makefile:build/top.mk:servers/slapd/back-null/Makefile.in:build/mod.mk" ;;
+ "servers/slapd/back-passwd/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-passwd/Makefile:build/top.mk:servers/slapd/back-passwd/Makefile.in:build/mod.mk" ;;
+ "servers/slapd/back-perl/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-perl/Makefile:build/top.mk:servers/slapd/back-perl/Makefile.in:build/mod.mk" ;;
+ "servers/slapd/back-relay/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-relay/Makefile:build/top.mk:servers/slapd/back-relay/Makefile.in:build/mod.mk" ;;
+ "servers/slapd/back-shell/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-shell/Makefile:build/top.mk:servers/slapd/back-shell/Makefile.in:build/mod.mk" ;;
+ "servers/slapd/back-sql/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-sql/Makefile:build/top.mk:servers/slapd/back-sql/Makefile.in:build/mod.mk" ;;
+ "servers/slapd/shell-backends/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/shell-backends/Makefile:build/top.mk:servers/slapd/shell-backends/Makefile.in:build/srv.mk" ;;
+ "servers/slapd/slapi/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/slapi/Makefile:build/top.mk:servers/slapd/slapi/Makefile.in:build/lib.mk:build/lib-shared.mk" ;;
+ "servers/slapd/overlays/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/overlays/Makefile:build/top.mk:servers/slapd/overlays/Makefile.in:build/lib.mk" ;;
+ "servers/slurpd/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slurpd/Makefile:build/top.mk:servers/slurpd/Makefile.in:build/srv.mk" ;;
+ "tests/Makefile" ) CONFIG_FILES="$CONFIG_FILES tests/Makefile:build/top.mk:tests/Makefile.in:build/dir.mk" ;;
+ "tests/run" ) CONFIG_FILES="$CONFIG_FILES tests/run" ;;
+ "tests/progs/Makefile" ) CONFIG_FILES="$CONFIG_FILES tests/progs/Makefile:build/top.mk:tests/progs/Makefile.in:build/rules.mk" ;;
+ "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+ "default" ) CONFIG_COMMANDS="$CONFIG_COMMANDS default" ;;
+ "include/portable.h" ) CONFIG_HEADERS="$CONFIG_HEADERS include/portable.h:include/portable.hin" ;;
+ "include/ldap_features.h" ) CONFIG_HEADERS="$CONFIG_HEADERS include/ldap_features.h:include/ldap_features.hin" ;;
+ "include/lber_types.h" ) CONFIG_HEADERS="$CONFIG_HEADERS include/lber_types.h:include/lber_types.hin" ;;
+ *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+ { (exit 1); exit 1; }; };;
+ esac
+done
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used. Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+ test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+ test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+ test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience. Make it in the build tree
+# simply because there is no reason to put it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Create a temporary directory, and hook for its removal unless debugging.
+$debug ||
+{
+ trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
+ trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+
+# Create a (secure) tmp directory for tmp files.
+
+{
+ tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` &&
+ test -n "$tmp" && test -d "$tmp"
+} ||
+{
+ tmp=./confstat$$-$RANDOM
+ (umask 077 && mkdir $tmp)
+} ||
+{
+ echo "$me: cannot create a temporary directory in ." >&2
+ { (exit 1); exit 1; }
+}
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<_ACEOF
+
+#
+# CONFIG_FILES section.
+#
+
+# No need to generate the scripts if there are no CONFIG_FILES.
+# This happens for instance when ./config.status config.h
+if test -n "\$CONFIG_FILES"; then
+ # Protect against being on the right side of a sed subst in config.status.
+ sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g;
+ s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF
+s, at SHELL@,$SHELL,;t t
+s, at PATH_SEPARATOR@,$PATH_SEPARATOR,;t t
+s, at PACKAGE_NAME@,$PACKAGE_NAME,;t t
+s, at PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t
+s, at PACKAGE_VERSION@,$PACKAGE_VERSION,;t t
+s, at PACKAGE_STRING@,$PACKAGE_STRING,;t t
+s, at PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t
+s, at exec_prefix@,$exec_prefix,;t t
+s, at prefix@,$prefix,;t t
+s, at program_transform_name@,$program_transform_name,;t t
+s, at bindir@,$bindir,;t t
+s, at sbindir@,$sbindir,;t t
+s, at libexecdir@,$libexecdir,;t t
+s, at datadir@,$datadir,;t t
+s, at sysconfdir@,$sysconfdir,;t t
+s, at sharedstatedir@,$sharedstatedir,;t t
+s, at localstatedir@,$localstatedir,;t t
+s, at libdir@,$libdir,;t t
+s, at includedir@,$includedir,;t t
+s, at oldincludedir@,$oldincludedir,;t t
+s, at infodir@,$infodir,;t t
+s, at mandir@,$mandir,;t t
+s, at build_alias@,$build_alias,;t t
+s, at host_alias@,$host_alias,;t t
+s, at target_alias@,$target_alias,;t t
+s, at DEFS@,$DEFS,;t t
+s, at ECHO_C@,$ECHO_C,;t t
+s, at ECHO_N@,$ECHO_N,;t t
+s, at ECHO_T@,$ECHO_T,;t t
+s, at LIBS@,$LIBS,;t t
+s, at build@,$build,;t t
+s, at build_cpu@,$build_cpu,;t t
+s, at build_vendor@,$build_vendor,;t t
+s, at build_os@,$build_os,;t t
+s, at host@,$host,;t t
+s, at host_cpu@,$host_cpu,;t t
+s, at host_vendor@,$host_vendor,;t t
+s, at host_os@,$host_os,;t t
+s, at target@,$target,;t t
+s, at target_cpu@,$target_cpu,;t t
+s, at target_vendor@,$target_vendor,;t t
+s, at target_os@,$target_os,;t t
+s, at INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t
+s, at INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
+s, at INSTALL_DATA@,$INSTALL_DATA,;t t
+s, at CYGPATH_W@,$CYGPATH_W,;t t
+s, at PACKAGE@,$PACKAGE,;t t
+s, at VERSION@,$VERSION,;t t
+s, at ACLOCAL@,$ACLOCAL,;t t
+s, at AUTOCONF@,$AUTOCONF,;t t
+s, at AUTOMAKE@,$AUTOMAKE,;t t
+s, at AUTOHEADER@,$AUTOHEADER,;t t
+s, at MAKEINFO@,$MAKEINFO,;t t
+s, at install_sh@,$install_sh,;t t
+s, at STRIP@,$STRIP,;t t
+s, at ac_ct_STRIP@,$ac_ct_STRIP,;t t
+s, at INSTALL_STRIP_PROGRAM@,$INSTALL_STRIP_PROGRAM,;t t
+s, at mkdir_p@,$mkdir_p,;t t
+s, at AWK@,$AWK,;t t
+s, at SET_MAKE@,$SET_MAKE,;t t
+s, at am__leading_dot@,$am__leading_dot,;t t
+s, at AMTAR@,$AMTAR,;t t
+s, at am__tar@,$am__tar,;t t
+s, at am__untar@,$am__untar,;t t
+s, at OPENLDAP_LIBRELEASE@,$OPENLDAP_LIBRELEASE,;t t
+s, at OPENLDAP_LIBVERSION@,$OPENLDAP_LIBVERSION,;t t
+s, at OPENLDAP_RELEASE_DATE@,$OPENLDAP_RELEASE_DATE,;t t
+s, at top_builddir@,$top_builddir,;t t
+s, at ldap_subdir@,$ldap_subdir,;t t
+s, at CC@,$CC,;t t
+s, at AR@,$AR,;t t
+s, at CFLAGS@,$CFLAGS,;t t
+s, at LDFLAGS@,$LDFLAGS,;t t
+s, at CPPFLAGS@,$CPPFLAGS,;t t
+s, at ac_ct_CC@,$ac_ct_CC,;t t
+s, at EXEEXT@,$EXEEXT,;t t
+s, at OBJEXT@,$OBJEXT,;t t
+s, at DEPDIR@,$DEPDIR,;t t
+s, at am__include@,$am__include,;t t
+s, at am__quote@,$am__quote,;t t
+s, at AMDEP_TRUE@,$AMDEP_TRUE,;t t
+s, at AMDEP_FALSE@,$AMDEP_FALSE,;t t
+s, at AMDEPBACKSLASH@,$AMDEPBACKSLASH,;t t
+s, at CCDEPMODE@,$CCDEPMODE,;t t
+s, at am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t
+s, at am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t
+s, at EGREP@,$EGREP,;t t
+s, at LN_S@,$LN_S,;t t
+s, at ECHO@,$ECHO,;t t
+s, at ac_ct_AR@,$ac_ct_AR,;t t
+s, at RANLIB@,$RANLIB,;t t
+s, at ac_ct_RANLIB@,$ac_ct_RANLIB,;t t
+s, at DLLTOOL@,$DLLTOOL,;t t
+s, at ac_ct_DLLTOOL@,$ac_ct_DLLTOOL,;t t
+s, at AS@,$AS,;t t
+s, at ac_ct_AS@,$ac_ct_AS,;t t
+s, at OBJDUMP@,$OBJDUMP,;t t
+s, at ac_ct_OBJDUMP@,$ac_ct_OBJDUMP,;t t
+s, at CPP@,$CPP,;t t
+s, at LIBTOOL@,$LIBTOOL,;t t
+s, at PERLBIN@,$PERLBIN,;t t
+s, at OL_MKDEP@,$OL_MKDEP,;t t
+s, at OL_MKDEP_FLAGS@,$OL_MKDEP_FLAGS,;t t
+s, at LTSTATIC@,$LTSTATIC,;t t
+s, at LIBOBJS@,$LIBOBJS,;t t
+s, at LIBSRCS@,$LIBSRCS,;t t
+s, at PLAT@,$PLAT,;t t
+s, at WITH_SASL@,$WITH_SASL,;t t
+s, at WITH_TLS@,$WITH_TLS,;t t
+s, at WITH_MODULES_ENABLED@,$WITH_MODULES_ENABLED,;t t
+s, at WITH_ACI_ENABLED@,$WITH_ACI_ENABLED,;t t
+s, at BUILD_THREAD@,$BUILD_THREAD,;t t
+s, at BUILD_LIBS_DYNAMIC@,$BUILD_LIBS_DYNAMIC,;t t
+s, at BUILD_SLAPD@,$BUILD_SLAPD,;t t
+s, at BUILD_SLAPI@,$BUILD_SLAPI,;t t
+s, at SLAPD_SLAPI_DEPEND@,$SLAPD_SLAPI_DEPEND,;t t
+s, at BUILD_BDB@,$BUILD_BDB,;t t
+s, at BUILD_DNSSRV@,$BUILD_DNSSRV,;t t
+s, at BUILD_HDB@,$BUILD_HDB,;t t
+s, at BUILD_LDAP@,$BUILD_LDAP,;t t
+s, at BUILD_LDBM@,$BUILD_LDBM,;t t
+s, at BUILD_META@,$BUILD_META,;t t
+s, at BUILD_MONITOR@,$BUILD_MONITOR,;t t
+s, at BUILD_NULL@,$BUILD_NULL,;t t
+s, at BUILD_PASSWD@,$BUILD_PASSWD,;t t
+s, at BUILD_RELAY@,$BUILD_RELAY,;t t
+s, at BUILD_PERL@,$BUILD_PERL,;t t
+s, at BUILD_SHELL@,$BUILD_SHELL,;t t
+s, at BUILD_SQL@,$BUILD_SQL,;t t
+s, at BUILD_ACCESSLOG@,$BUILD_ACCESSLOG,;t t
+s, at BUILD_AUDITLOG@,$BUILD_AUDITLOG,;t t
+s, at BUILD_DENYOP@,$BUILD_DENYOP,;t t
+s, at BUILD_DYNGROUP@,$BUILD_DYNGROUP,;t t
+s, at BUILD_DYNLIST@,$BUILD_DYNLIST,;t t
+s, at BUILD_LASTMOD@,$BUILD_LASTMOD,;t t
+s, at BUILD_PPOLICY@,$BUILD_PPOLICY,;t t
+s, at BUILD_PROXYCACHE@,$BUILD_PROXYCACHE,;t t
+s, at BUILD_REFINT@,$BUILD_REFINT,;t t
+s, at BUILD_RETCODE@,$BUILD_RETCODE,;t t
+s, at BUILD_RWM@,$BUILD_RWM,;t t
+s, at BUILD_SYNCPROV@,$BUILD_SYNCPROV,;t t
+s, at BUILD_TRANSLUCENT@,$BUILD_TRANSLUCENT,;t t
+s, at BUILD_UNIQUE@,$BUILD_UNIQUE,;t t
+s, at BUILD_VALSORT@,$BUILD_VALSORT,;t t
+s, at BUILD_SLURPD@,$BUILD_SLURPD,;t t
+s, at LDAP_LIBS@,$LDAP_LIBS,;t t
+s, at SLAPD_LIBS@,$SLAPD_LIBS,;t t
+s, at SLURPD_LIBS@,$SLURPD_LIBS,;t t
+s, at LDBM_LIBS@,$LDBM_LIBS,;t t
+s, at LTHREAD_LIBS@,$LTHREAD_LIBS,;t t
+s, at LUTIL_LIBS@,$LUTIL_LIBS,;t t
+s, at WRAP_LIBS@,$WRAP_LIBS,;t t
+s, at SLAPD_MODULES_CPPFLAGS@,$SLAPD_MODULES_CPPFLAGS,;t t
+s, at SLAPD_MODULES_LDFLAGS@,$SLAPD_MODULES_LDFLAGS,;t t
+s, at SLAPD_NO_STATIC@,$SLAPD_NO_STATIC,;t t
+s, at SLAPD_STATIC_BACKENDS@,$SLAPD_STATIC_BACKENDS,;t t
+s, at SLAPD_DYNAMIC_BACKENDS@,$SLAPD_DYNAMIC_BACKENDS,;t t
+s, at SLAPD_STATIC_OVERLAYS@,$SLAPD_STATIC_OVERLAYS,;t t
+s, at SLAPD_DYNAMIC_OVERLAYS@,$SLAPD_DYNAMIC_OVERLAYS,;t t
+s, at PERL_CPPFLAGS@,$PERL_CPPFLAGS,;t t
+s, at SLAPD_PERL_LDFLAGS@,$SLAPD_PERL_LDFLAGS,;t t
+s, at MOD_PERL_LDFLAGS@,$MOD_PERL_LDFLAGS,;t t
+s, at KRB4_LIBS@,$KRB4_LIBS,;t t
+s, at KRB5_LIBS@,$KRB5_LIBS,;t t
+s, at SASL_LIBS@,$SASL_LIBS,;t t
+s, at TLS_LIBS@,$TLS_LIBS,;t t
+s, at MODULES_LIBS@,$MODULES_LIBS,;t t
+s, at SLAPI_LIBS@,$SLAPI_LIBS,;t t
+s, at LIBSLAPI@,$LIBSLAPI,;t t
+s, at LIBSLAPITOOLS@,$LIBSLAPITOOLS,;t t
+s, at AUTH_LIBS@,$AUTH_LIBS,;t t
+s, at SLAPD_SLP_LIBS@,$SLAPD_SLP_LIBS,;t t
+s, at SLAPD_GMP_LIBS@,$SLAPD_GMP_LIBS,;t t
+s, at SLAPD_SQL_LDFLAGS@,$SLAPD_SQL_LDFLAGS,;t t
+s, at SLAPD_SQL_LIBS@,$SLAPD_SQL_LIBS,;t t
+s, at SLAPD_SQL_INCLUDES@,$SLAPD_SQL_INCLUDES,;t t
+s, at LTLIBOBJS@,$LTLIBOBJS,;t t
+CEOF
+
+_ACEOF
+
+ cat >>$CONFIG_STATUS <<\_ACEOF
+ # Split the substitutions into bite-sized pieces for seds with
+ # small command number limits, like on Digital OSF/1 and HP-UX.
+ ac_max_sed_lines=48
+ ac_sed_frag=1 # Number of current file.
+ ac_beg=1 # First line for current file.
+ ac_end=$ac_max_sed_lines # Line after last line for current file.
+ ac_more_lines=:
+ ac_sed_cmds=
+ while $ac_more_lines; do
+ if test $ac_beg -gt 1; then
+ sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
+ else
+ sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
+ fi
+ if test ! -s $tmp/subs.frag; then
+ ac_more_lines=false
+ else
+ # The purpose of the label and of the branching condition is to
+ # speed up the sed processing (if there are no `@' at all, there
+ # is no need to browse any of the substitutions).
+ # These are the two extra sed commands mentioned above.
+ (echo ':t
+ /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed
+ if test -z "$ac_sed_cmds"; then
+ ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed"
+ else
+ ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed"
+ fi
+ ac_sed_frag=`expr $ac_sed_frag + 1`
+ ac_beg=$ac_end
+ ac_end=`expr $ac_end + $ac_max_sed_lines`
+ fi
+ done
+ if test -z "$ac_sed_cmds"; then
+ ac_sed_cmds=cat
+ fi
+fi # test -n "$CONFIG_FILES"
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue
+ # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+ case $ac_file in
+ - | *:- | *:-:* ) # input from stdin
+ cat >$tmp/stdin
+ ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+ *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+ * ) ac_file_in=$ac_file.in ;;
+ esac
+
+ # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories.
+ ac_dir=`(dirname "$ac_file") 2>/dev/null ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$ac_file" : 'X\(//\)[^/]' \| \
+ X"$ac_file" : 'X\(//\)$' \| \
+ X"$ac_file" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$ac_file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ { if $as_mkdir_p; then
+ mkdir -p "$ac_dir"
+ else
+ as_dir="$ac_dir"
+ as_dirs=
+ while test ! -d "$as_dir"; do
+ as_dirs="$as_dir $as_dirs"
+ as_dir=`(dirname "$as_dir") 2>/dev/null ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ done
+ test ! -n "$as_dirs" || mkdir $as_dirs
+ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
+ { (exit 1); exit 1; }; }; }
+
+ ac_builddir=.
+
+if test "$ac_dir" != .; then
+ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+ # A "../" for each directory in $ac_dir_suffix.
+ ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
+else
+ ac_dir_suffix= ac_top_builddir=
+fi
+
+case $srcdir in
+ .) # No --srcdir option. We are building in place.
+ ac_srcdir=.
+ if test -z "$ac_top_builddir"; then
+ ac_top_srcdir=.
+ else
+ ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
+ fi ;;
+ [\\/]* | ?:[\\/]* ) # Absolute path.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir ;;
+ *) # Relative path.
+ ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_builddir$srcdir ;;
+esac
+
+# Do not use `cd foo && pwd` to compute absolute paths, because
+# the directories may not exist.
+case `pwd` in
+.) ac_abs_builddir="$ac_dir";;
+*)
+ case "$ac_dir" in
+ .) ac_abs_builddir=`pwd`;;
+ [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
+ *) ac_abs_builddir=`pwd`/"$ac_dir";;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_builddir=${ac_top_builddir}.;;
+*)
+ case ${ac_top_builddir}. in
+ .) ac_abs_top_builddir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
+ *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_srcdir=$ac_srcdir;;
+*)
+ case $ac_srcdir in
+ .) ac_abs_srcdir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
+ *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_srcdir=$ac_top_srcdir;;
+*)
+ case $ac_top_srcdir in
+ .) ac_abs_top_srcdir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
+ *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
+ esac;;
+esac
+
+
+ case $INSTALL in
+ [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+ *) ac_INSTALL=$ac_top_builddir$INSTALL ;;
+ esac
+
+ if test x"$ac_file" != x-; then
+ { echo "$as_me:$LINENO: creating $ac_file" >&5
+echo "$as_me: creating $ac_file" >&6;}
+ rm -f "$ac_file"
+ fi
+ # Let's still pretend it is `configure' which instantiates (i.e., don't
+ # use $as_me), people would be surprised to read:
+ # /* config.h. Generated by config.status. */
+ if test x"$ac_file" = x-; then
+ configure_input=
+ else
+ configure_input="$ac_file. "
+ fi
+ configure_input=$configure_input"Generated from `echo $ac_file_in |
+ sed 's,.*/,,'` by configure."
+
+ # First look for the input files in the build tree, otherwise in the
+ # src tree.
+ ac_file_inputs=`IFS=:
+ for f in $ac_file_in; do
+ case $f in
+ -) echo $tmp/stdin ;;
+ [\\/$]*)
+ # Absolute (can't be DOS-style, as IFS=:)
+ test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+ { (exit 1); exit 1; }; }
+ echo "$f";;
+ *) # Relative
+ if test -f "$f"; then
+ # Build tree
+ echo "$f"
+ elif test -f "$srcdir/$f"; then
+ # Source tree
+ echo "$srcdir/$f"
+ else
+ # /dev/null tree
+ { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+ { (exit 1); exit 1; }; }
+ fi;;
+ esac
+ done` || { (exit 1); exit 1; }
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF
+ sed "$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s, at configure_input@,$configure_input,;t t
+s, at srcdir@,$ac_srcdir,;t t
+s, at abs_srcdir@,$ac_abs_srcdir,;t t
+s, at top_srcdir@,$ac_top_srcdir,;t t
+s, at abs_top_srcdir@,$ac_abs_top_srcdir,;t t
+s, at builddir@,$ac_builddir,;t t
+s, at abs_builddir@,$ac_abs_builddir,;t t
+s, at top_builddir@,$ac_top_builddir,;t t
+s, at abs_top_builddir@,$ac_abs_top_builddir,;t t
+s, at INSTALL@,$ac_INSTALL,;t t
+" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out
+ rm -f $tmp/stdin
+ if test x"$ac_file" != x-; then
+ mv $tmp/out $ac_file
+ else
+ cat $tmp/out
+ rm -f $tmp/out
+ fi
+
+done
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+#
+# CONFIG_HEADER section.
+#
+
+# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
+# NAME is the cpp macro being defined and VALUE is the value it is being given.
+#
+# ac_d sets the value in "#define NAME VALUE" lines.
+ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)'
+ac_dB='[ ].*$,\1#\2'
+ac_dC=' '
+ac_dD=',;t'
+# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
+ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)'
+ac_uB='$,\1#\2define\3'
+ac_uC=' '
+ac_uD=',;t'
+
+for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue
+ # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+ case $ac_file in
+ - | *:- | *:-:* ) # input from stdin
+ cat >$tmp/stdin
+ ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+ *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+ * ) ac_file_in=$ac_file.in ;;
+ esac
+
+ test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5
+echo "$as_me: creating $ac_file" >&6;}
+
+ # First look for the input files in the build tree, otherwise in the
+ # src tree.
+ ac_file_inputs=`IFS=:
+ for f in $ac_file_in; do
+ case $f in
+ -) echo $tmp/stdin ;;
+ [\\/$]*)
+ # Absolute (can't be DOS-style, as IFS=:)
+ test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+ { (exit 1); exit 1; }; }
+ # Do quote $f, to prevent DOS paths from being IFS'd.
+ echo "$f";;
+ *) # Relative
+ if test -f "$f"; then
+ # Build tree
+ echo "$f"
+ elif test -f "$srcdir/$f"; then
+ # Source tree
+ echo "$srcdir/$f"
+ else
+ # /dev/null tree
+ { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+ { (exit 1); exit 1; }; }
+ fi;;
+ esac
+ done` || { (exit 1); exit 1; }
+ # Remove the trailing spaces.
+ sed 's/[ ]*$//' $ac_file_inputs >$tmp/in
+
+_ACEOF
+
+# Transform confdefs.h into two sed scripts, `conftest.defines' and
+# `conftest.undefs', that substitutes the proper values into
+# config.h.in to produce config.h. The first handles `#define'
+# templates, and the second `#undef' templates.
+# And first: Protect against being on the right side of a sed subst in
+# config.status. Protect against being in an unquoted here document
+# in config.status.
+rm -f conftest.defines conftest.undefs
+# Using a here document instead of a string reduces the quoting nightmare.
+# Putting comments in sed scripts is not portable.
+#
+# `end' is used to avoid that the second main sed command (meant for
+# 0-ary CPP macros) applies to n-ary macro definitions.
+# See the Autoconf documentation for `clear'.
+cat >confdef2sed.sed <<\_ACEOF
+s/[\\&,]/\\&/g
+s,[\\$`],\\&,g
+t clear
+: clear
+s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp
+t end
+s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp
+: end
+_ACEOF
+# If some macros were called several times there might be several times
+# the same #defines, which is useless. Nevertheless, we may not want to
+# sort them, since we want the *last* AC-DEFINE to be honored.
+uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines
+sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs
+rm -f confdef2sed.sed
+
+# This sed command replaces #undef with comments. This is necessary, for
+# example, in the case of _POSIX_SOURCE, which is predefined and required
+# on some systems where configure will not decide to define it.
+cat >>conftest.undefs <<\_ACEOF
+s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */,
+_ACEOF
+
+# Break up conftest.defines because some shells have a limit on the size
+# of here documents, and old seds have small limits too (100 cmds).
+echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS
+echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS
+echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS
+echo ' :' >>$CONFIG_STATUS
+rm -f conftest.tail
+while grep . conftest.defines >/dev/null
+do
+ # Write a limited-size here document to $tmp/defines.sed.
+ echo ' cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS
+ # Speed up: don't consider the non `#define' lines.
+ echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS
+ # Work around the forget-to-reset-the-flag bug.
+ echo 't clr' >>$CONFIG_STATUS
+ echo ': clr' >>$CONFIG_STATUS
+ sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS
+ echo 'CEOF
+ sed -f $tmp/defines.sed $tmp/in >$tmp/out
+ rm -f $tmp/in
+ mv $tmp/out $tmp/in
+' >>$CONFIG_STATUS
+ sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail
+ rm -f conftest.defines
+ mv conftest.tail conftest.defines
+done
+rm -f conftest.defines
+echo ' fi # grep' >>$CONFIG_STATUS
+echo >>$CONFIG_STATUS
+
+# Break up conftest.undefs because some shells have a limit on the size
+# of here documents, and old seds have small limits too (100 cmds).
+echo ' # Handle all the #undef templates' >>$CONFIG_STATUS
+rm -f conftest.tail
+while grep . conftest.undefs >/dev/null
+do
+ # Write a limited-size here document to $tmp/undefs.sed.
+ echo ' cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS
+ # Speed up: don't consider the non `#undef'
+ echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS
+ # Work around the forget-to-reset-the-flag bug.
+ echo 't clr' >>$CONFIG_STATUS
+ echo ': clr' >>$CONFIG_STATUS
+ sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS
+ echo 'CEOF
+ sed -f $tmp/undefs.sed $tmp/in >$tmp/out
+ rm -f $tmp/in
+ mv $tmp/out $tmp/in
+' >>$CONFIG_STATUS
+ sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail
+ rm -f conftest.undefs
+ mv conftest.tail conftest.undefs
+done
+rm -f conftest.undefs
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+ # Let's still pretend it is `configure' which instantiates (i.e., don't
+ # use $as_me), people would be surprised to read:
+ # /* config.h. Generated by config.status. */
+ if test x"$ac_file" = x-; then
+ echo "/* Generated by configure. */" >$tmp/config.h
+ else
+ echo "/* $ac_file. Generated by configure. */" >$tmp/config.h
+ fi
+ cat $tmp/in >>$tmp/config.h
+ rm -f $tmp/in
+ if test x"$ac_file" != x-; then
+ if diff $ac_file $tmp/config.h >/dev/null 2>&1; then
+ { echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+echo "$as_me: $ac_file is unchanged" >&6;}
+ else
+ ac_dir=`(dirname "$ac_file") 2>/dev/null ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$ac_file" : 'X\(//\)[^/]' \| \
+ X"$ac_file" : 'X\(//\)$' \| \
+ X"$ac_file" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$ac_file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ { if $as_mkdir_p; then
+ mkdir -p "$ac_dir"
+ else
+ as_dir="$ac_dir"
+ as_dirs=
+ while test ! -d "$as_dir"; do
+ as_dirs="$as_dir $as_dirs"
+ as_dir=`(dirname "$as_dir") 2>/dev/null ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ done
+ test ! -n "$as_dirs" || mkdir $as_dirs
+ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
+ { (exit 1); exit 1; }; }; }
+
+ rm -f $ac_file
+ mv $tmp/config.h $ac_file
+ fi
+ else
+ cat $tmp/config.h
+ rm -f $tmp/config.h
+ fi
+# Compute $ac_file's index in $config_headers.
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+ case $_am_header in
+ $ac_file | $ac_file:* )
+ break ;;
+ * )
+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+ esac
+done
+echo "timestamp for $ac_file" >`(dirname $ac_file) 2>/dev/null ||
+$as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X$ac_file : 'X\(//\)[^/]' \| \
+ X$ac_file : 'X\(//\)$' \| \
+ X$ac_file : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X$ac_file |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`/stamp-h$_am_stamp_count
+done
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+#
+# CONFIG_COMMANDS section.
+#
+for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue
+ ac_dest=`echo "$ac_file" | sed 's,:.*,,'`
+ ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'`
+ ac_dir=`(dirname "$ac_dest") 2>/dev/null ||
+$as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$ac_dest" : 'X\(//\)[^/]' \| \
+ X"$ac_dest" : 'X\(//\)$' \| \
+ X"$ac_dest" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$ac_dest" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ { if $as_mkdir_p; then
+ mkdir -p "$ac_dir"
+ else
+ as_dir="$ac_dir"
+ as_dirs=
+ while test ! -d "$as_dir"; do
+ as_dirs="$as_dir $as_dirs"
+ as_dir=`(dirname "$as_dir") 2>/dev/null ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ done
+ test ! -n "$as_dirs" || mkdir $as_dirs
+ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
+ { (exit 1); exit 1; }; }; }
+
+ ac_builddir=.
+
+if test "$ac_dir" != .; then
+ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+ # A "../" for each directory in $ac_dir_suffix.
+ ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
+else
+ ac_dir_suffix= ac_top_builddir=
+fi
+
+case $srcdir in
+ .) # No --srcdir option. We are building in place.
+ ac_srcdir=.
+ if test -z "$ac_top_builddir"; then
+ ac_top_srcdir=.
+ else
+ ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
+ fi ;;
+ [\\/]* | ?:[\\/]* ) # Absolute path.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir ;;
+ *) # Relative path.
+ ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_builddir$srcdir ;;
+esac
+
+# Do not use `cd foo && pwd` to compute absolute paths, because
+# the directories may not exist.
+case `pwd` in
+.) ac_abs_builddir="$ac_dir";;
+*)
+ case "$ac_dir" in
+ .) ac_abs_builddir=`pwd`;;
+ [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
+ *) ac_abs_builddir=`pwd`/"$ac_dir";;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_builddir=${ac_top_builddir}.;;
+*)
+ case ${ac_top_builddir}. in
+ .) ac_abs_top_builddir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
+ *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_srcdir=$ac_srcdir;;
+*)
+ case $ac_srcdir in
+ .) ac_abs_srcdir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
+ *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_srcdir=$ac_top_srcdir;;
+*)
+ case $ac_top_srcdir in
+ .) ac_abs_top_srcdir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
+ *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
+ esac;;
+esac
+
+
+ { echo "$as_me:$LINENO: executing $ac_dest commands" >&5
+echo "$as_me: executing $ac_dest commands" >&6;}
+ case $ac_dest in
+ depfiles ) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do
+ # Strip MF so we end up with the name of the file.
+ mf=`echo "$mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile or not.
+ # We used to match only the files named `Makefile.in', but
+ # some people rename them; so instead we look at the file content.
+ # Grep'ing the first line is not enough: some people post-process
+ # each Makefile.in and add a new line on top of each file to say so.
+ # So let's grep whole file.
+ if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then
+ dirpart=`(dirname "$mf") 2>/dev/null ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$mf" : 'X\(//\)[^/]' \| \
+ X"$mf" : 'X\(//\)$' \| \
+ X"$mf" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$mf" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ else
+ continue
+ fi
+ # Extract the definition of DEPDIR, am__include, and am__quote
+ # from the Makefile without running `make'.
+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+ test -z "$DEPDIR" && continue
+ am__include=`sed -n 's/^am__include = //p' < "$mf"`
+ test -z "am__include" && continue
+ am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+ # When using ansi2knr, U may be empty or an underscore; expand it
+ U=`sed -n 's/^U = //p' < "$mf"`
+ # Find all dependency output files, they are included files with
+ # $(DEPDIR) in their names. We invoke sed twice because it is the
+ # simplest approach to changing $(DEPDIR) to its actual value in the
+ # expansion.
+ for file in `sed -n "
+ s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+ # Make sure the directory exists.
+ test -f "$dirpart/$file" && continue
+ fdir=`(dirname "$file") 2>/dev/null ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$file" : 'X\(//\)[^/]' \| \
+ X"$file" : 'X\(//\)$' \| \
+ X"$file" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ { if $as_mkdir_p; then
+ mkdir -p $dirpart/$fdir
+ else
+ as_dir=$dirpart/$fdir
+ as_dirs=
+ while test ! -d "$as_dir"; do
+ as_dirs="$as_dir $as_dirs"
+ as_dir=`(dirname "$as_dir") 2>/dev/null ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ done
+ test ! -n "$as_dirs" || mkdir $as_dirs
+ fi || { { echo "$as_me:$LINENO: error: cannot create directory $dirpart/$fdir" >&5
+echo "$as_me: error: cannot create directory $dirpart/$fdir" >&2;}
+ { (exit 1); exit 1; }; }; }
+
+ # echo "creating $dirpart/$file"
+ echo '# dummy' > "$dirpart/$file"
+ done
+done
+ ;;
+ default )
+chmod +x tests/run
+date > stamp-h
+BACKENDSC="servers/slapd/backends.c"
+echo "Making $BACKENDSC"
+rm -f $BACKENDSC
+cat > $BACKENDSC << ENDX
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This file is automatically generated by configure; please do not edit. */
+
+#include "portable.h"
+#include "slap.h"
+
+ENDX
+if test "${STATIC_BACKENDS}"; then
+ for b in config ${STATIC_BACKENDS}; do
+ bb=`echo "${b}" | sed -e 's/back-//'`
+ cat >> $BACKENDSC << ENDX
+extern BI_init ${bb}_back_initialize;
+ENDX
+ done
+
+ cat >> $BACKENDSC << ENDX
+
+BackendInfo slap_binfo[] = {
+ENDX
+
+ for b in config ${STATIC_BACKENDS}; do
+ bb=`echo "${b}" | sed -e 's/back-//'`
+ echo " Add ${bb} ..."
+ cat >> $BACKENDSC << ENDX
+ { "${bb}", ${bb}_back_initialize },
+ENDX
+ done
+
+ cat >> $BACKENDSC << ENDX
+ { NULL, NULL },
+};
+
+/* end of generated file */
+ENDX
+fi
+OVERLAYSC="servers/slapd/overlays/statover.c"
+echo "Making $OVERLAYSC"
+rm -f $OVERLAYSC
+cat > $OVERLAYSC << ENDX
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This file is automatically generated by configure; please do not edit. */
+
+#include "portable.h"
+#include "slap.h"
+
+ENDX
+if test "${STATIC_OVERLAYS}"; then
+ for o in ${STATIC_OVERLAYS}; do
+ oo=`echo "${o}" | sed -e 's/.o$//' -e 's/_x$//'`
+ cat >> $OVERLAYSC << ENDX
+extern OV_init ${oo}_initialize;
+ENDX
+ done
+fi
+
+cat >> $OVERLAYSC << ENDX
+
+OverlayInit slap_oinfo[] = {
+ENDX
+
+if test "${STATIC_OVERLAYS}"; then
+ for o in ${STATIC_OVERLAYS}; do
+ oo=`echo "${o}" | sed -e 's/.o$//' -e 's/_x$//'`
+ echo " Add ${oo} ..."
+ cat >> $OVERLAYSC << ENDX
+ { "${oo}", ${oo}_initialize },
+ENDX
+ done
+fi
+
+ cat >> $OVERLAYSC << ENDX
+ { NULL, NULL },
+};
+
+/* end of generated file */
+ENDX
+
+echo Please run \"make depend\" to build dependencies
+ ;;
+ esac
+done
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+{ (exit 0); exit 0; }
+_ACEOF
+chmod +x $CONFIG_STATUS
+ac_clean_files=$ac_clean_files_save
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded. So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status. When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+ ac_cs_success=:
+ ac_config_status_args=
+ test "$silent" = yes &&
+ ac_config_status_args="$ac_config_status_args --quiet"
+ exec 5>/dev/null
+ $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+ exec 5>>config.log
+ # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+ # would make configure fail if this is the last instruction.
+ $ac_cs_success || { (exit 1); exit 1; }
+fi
+
Property changes on: openldap/vendor/openldap-2.3.35/configure
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/configure.in
===================================================================
--- openldap/vendor/openldap-2.3.35/configure.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/configure.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3310 @@
+dnl $OpenLDAP: pkg/ldap/configure.in,v 1.560.2.32 2007/01/02 21:43:40 kurt Exp $
+dnl This work is part of OpenLDAP Software <http://www.openldap.org/>.
+dnl
+dnl Copyright 1998-2007 The OpenLDAP Foundation.
+dnl All rights reserved.
+dnl
+dnl Redistribution and use in source and binary forms, with or without
+dnl modification, are permitted only as authorized by the OpenLDAP
+dnl Public License.
+dnl
+dnl A copy of this license is available in the file LICENSE in the
+dnl top-level directory of the distribution or, alternatively, at
+dnl <http://www.OpenLDAP.org/license.html>.
+dnl
+dnl ----------------------------------------------------------------
+dnl Disable config.cache!
+define([AC_CACHE_LOAD], )dnl
+define([AC_CACHE_SAVE], )dnl
+dnl ----------------------------------------------------------------
+dnl Disable libtool 1.5 support for languages we don't use
+define([AC_LIBTOOL_LANG_CXX_CONFIG], [:])dnl
+define([AC_LIBTOOL_LANG_F77_CONFIG], [:])dnl
+define([AC_LIBTOOL_LANG_GCJ_CONFIG], [:])dnl
+dnl ================================================================
+dnl Configure.in for OpenLDAP
+AC_COPYRIGHT([[Copyright 1998-2007 The OpenLDAP Foundation. All rights reserved.
+Restrictions apply, see COPYRIGHT and LICENSE files.]])
+AC_REVISION([$OpenLDAP: pkg/ldap/configure.in,v 1.560.2.32 2007/01/02 21:43:40 kurt Exp $])
+AC_INIT([OpenLDAP],,[http://www.openldap.org/its/])
+m4_define([AC_PACKAGE_BUGREPORT],[<http://www.openldap.org/its/>])
+AC_CONFIG_SRCDIR(build/version.sh)dnl
+dnl ----------------------------------------------------------------
+dnl OpenLDAP Autoconf Macros
+builtin(include, build/openldap.m4)dnl
+dnl ================================================================
+
+AC_CONFIG_AUX_DIR(build)dnl
+
+eval `$ac_aux_dir/version.sh`
+if test -z "$OL_STRING"; then
+ AC_MSG_ERROR([could not determine version])
+fi
+
+if test -f "$ac_aux_dir/shtool" && test ! -d $ac_aux_dir/shtool; then
+ ac_cv_shtool="$ac_aux_dir/shtool"
+else
+ AC_MSG_ERROR([no shtool found in $ac_aux_dir])
+fi
+
+SHTOOL="$ac_cv_shtool"
+dnl AC_SUBST(SHTOOL)dnl
+
+TB="`$SHTOOL echo -e '%B' 2>/dev/null`"
+TN="`$SHTOOL echo -e '%b' 2>/dev/null`"
+
+OPENLDAP_CVS=""
+if test -d $ac_aux_dir/CVS; then
+ OPENLDAP_CVS="(from CVS sources) "
+fi
+
+echo "Configuring ${TB}${OL_STRING}${TN} ${OPENLDAP_CVS}..."
+
+dnl Determine host platform
+dnl we try not to use this for much
+AC_CANONICAL_TARGET([])
+
+AM_INIT_AUTOMAKE([$OL_PACKAGE],[$OL_VERSION], [no defines])dnl
+AC_SUBST(PACKAGE)dnl
+AC_SUBST(VERSION)dnl
+AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package)
+AC_DEFINE_UNQUOTED(OPENLDAP_VERSION,"$VERSION",Version)
+
+AC_DEFINE_UNQUOTED(LDAP_VENDOR_VERSION,$OL_API_INC,Version)
+AC_DEFINE_UNQUOTED(LDAP_VENDOR_VERSION_MAJOR,$OL_MAJOR,Major)
+AC_DEFINE_UNQUOTED(LDAP_VENDOR_VERSION_MINOR,$OL_MINOR,Minor)
+AC_DEFINE_UNQUOTED(LDAP_VENDOR_VERSION_PATCH,$OL_PATCH,Patch)
+
+OPENLDAP_LIBRELEASE=$OL_API_LIB_RELEASE
+AC_SUBST(OPENLDAP_LIBRELEASE)dnl
+
+OPENLDAP_LIBVERSION=$OL_API_LIB_VERSION
+AC_SUBST(OPENLDAP_LIBVERSION)dnl
+
+OPENLDAP_RELEASE_DATE="$OL_RELEASE_DATE"
+AC_SUBST(OPENLDAP_RELEASE_DATE)dnl
+
+dnl We use autoconf features new to 2.59. Later versions like won't work.
+dnl aclocal.m4 should be built using aclocal from automake 1.5
+dnl libtool 1.5 should be installed.
+AC_PREREQ(2.59)dnl Required Autoconf version
+
+AH_TOP([
+/* begin of portable.h.pre */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _LDAP_PORTABLE_H
+#define _LDAP_PORTABLE_H
+
+/* define this if needed to get reentrant functions */
+#ifndef REENTRANT
+#undef REENTRANT
+#endif
+#ifndef _REENTRANT
+#undef _REENTRANT
+#endif
+
+/* define this if needed to get threadsafe functions */
+#ifndef THREADSAFE
+#undef THREADSAFE
+#endif
+#ifndef _THREADSAFE
+#undef _THREADSAFE
+#endif
+#ifndef THREAD_SAFE
+#undef THREAD_SAFE
+#endif
+#ifndef _THREAD_SAFE
+#undef _THREAD_SAFE
+#endif
+
+#ifndef _SGI_MP_SOURCE
+#undef _SGI_MP_SOURCE
+#endif
+
+/* end of portable.h.pre */
+])
+AH_BOTTOM([
+/* begin of portable.h.post */
+
+#ifdef _WIN32
+ /* don't suck in all of the win32 api */
+# define WIN32_LEAN_AND_MEAN 1
+#endif
+
+#ifndef LDAP_NEEDS_PROTOTYPES
+/* force LDAP_P to always include prototypes */
+#define LDAP_NEEDS_PROTOTYPES 1
+#endif
+
+#ifndef LDAP_REL_ENG
+#if (LDAP_VENDOR_VERSION == 000000) && !defined(LDAP_DEVEL)
+#define LDAP_DEVEL
+#endif
+#if defined(LDAP_DEVEL) && !defined(LDAP_TEST)
+#define LDAP_TEST
+#endif
+#endif
+
+#ifdef HAVE_STDDEF_H
+# include <stddef.h>
+#endif
+
+#ifdef HAVE_EBCDIC
+/* ASCII/EBCDIC converting replacements for stdio funcs
+ * vsnprintf and snprintf are used too, but they are already
+ * checked by the configure script
+ */
+#define fputs ber_pvt_fputs
+#define fgets ber_pvt_fgets
+#define printf ber_pvt_printf
+#define fprintf ber_pvt_fprintf
+#define vfprintf ber_pvt_vfprintf
+#define vsprintf ber_pvt_vsprintf
+#endif
+
+#include "ac/fdset.h"
+
+#include "ldap_cdefs.h"
+#include "ldap_features.h"
+
+#include "ac/assert.h"
+#include "ac/localize.h"
+
+#endif /* _LDAP_PORTABLE_H */
+/* end of portable.h.post */
+])
+
+AC_CONFIG_HEADERS([include/portable.h:include/portable.hin])
+AC_CONFIG_HEADERS([include/ldap_features.h:include/ldap_features.hin])
+AC_CONFIG_HEADERS([include/lber_types.h:include/lber_types.hin])
+
+dnl ================================================================
+dnl Start Args
+AC_MSG_CHECKING(configure arguments)
+AC_PREFIX_DEFAULT(/usr/local)
+
+top_builddir=`pwd`
+AC_SUBST(top_builddir)dnl
+
+dnl ----------------------------------------------------------------
+dnl --with-subdir
+ldap_subdir="/openldap"
+
+AC_ARG_WITH(subdir,
+[ --with-subdir=DIR change default subdirectory used for installs],
+[case "$withval" in
+ no) ldap_subdir=""
+ ;;
+ yes)
+ ;;
+ /*|\\*)
+ ldap_subdir="$withval"
+ ;;
+ *)
+ ldap_subdir="/$withval"
+ ;;
+esac
+])dnl
+
+AC_SUBST(ldap_subdir)dnl
+
+dnl ----------------------------------------------------------------
+dnl General "enable" options
+OL_ARG_ENABLE(debug,[ --enable-debug enable debugging], yes)dnl
+OL_ARG_ENABLE(dynamic,[ --enable-dynamic enable linking built binaries with dynamic libs], no)dnl
+OL_ARG_ENABLE(syslog,[ --enable-syslog enable syslog support], auto)dnl
+OL_ARG_ENABLE(proctitle,[ --enable-proctitle enable proctitle support], yes)dnl
+dnl OL_ARG_ENABLE(referrals,[ --enable-referrals enable LDAPv2+ Referrals (experimental)], no)dnl
+ol_enable_referrals=${ol_enable_referrals-no}
+dnl OL_ARG_ENABLE(kbind,[ --enable-kbind enable LDAPv2+ Kerberos IV bind (deprecated)], no)dnl
+ol_enable_kbind=${ol_enable_kbind-no}
+OL_ARG_ENABLE(ipv6,[ --enable-ipv6 enable IPv6 support], auto)dnl
+OL_ARG_ENABLE(local,[ --enable-local enable AF_LOCAL (AF_UNIX) socket support], auto)dnl
+
+dnl ----------------------------------------------------------------
+dnl General "with" options
+OL_ARG_WITH(cyrus_sasl,[ --with-cyrus-sasl with Cyrus SASL support],
+ auto, [auto yes no] )
+OL_ARG_WITH(fetch,[ --with-fetch with fetch(3) URL support],
+ auto, [auto yes no] )
+dnl OL_ARG_WITH(kerberos,[ --with-kerberos with Kerberos support],
+dnl auto, [auto k5 k5only k425 kth k4 afs yes no])
+ol_with_kerberos=${ol_with_kerberos-auto}
+OL_ARG_WITH(threads,[ --with-threads with threads],
+ auto, [auto nt posix mach pth lwp yes no manual] )
+OL_ARG_WITH(tls,[ --with-tls with TLS/SSL support],
+ auto, [auto openssl yes no] )
+OL_ARG_WITH(yielding_select,
+ [ --with-yielding-select with implicitly yielding select],
+ auto, [auto yes no manual] )
+OL_ARG_WITH(mp,
+ [ --with-mp with multiple precision statistics auto|longlong|long|bignum|gmp],
+ auto, [auto longlong long bignum gmp yes no])
+OL_ARG_WITH(odbc,
+ [ --with-odbc with specific ODBC support iodbc|unixodbc|auto],
+ auto, [auto iodbc unixodbc] )
+
+dnl ----------------------------------------------------------------
+dnl Server options
+dnl ----------------------------------------------------------------
+
+dnl ----------------------------------------------------------------
+dnl SLAPD OPTIONS
+AC_ARG_ENABLE(xxslapdoptions,[
+SLAPD (Standalone LDAP Daemon) Options:])
+OL_ARG_ENABLE(slapd,[ --enable-slapd enable building slapd], yes)dnl
+OL_ARG_ENABLE(aci,[ --enable-aci enable per-object ACIs (experimental)], no)dnl
+OL_ARG_ENABLE(cleartext,[ --enable-cleartext enable cleartext passwords], yes)dnl
+OL_ARG_ENABLE(crypt,[ --enable-crypt enable crypt(3) passwords], no)dnl
+OL_ARG_ENABLE(lmpasswd,[ --enable-lmpasswd enable LAN Manager passwords], no)dnl
+OL_ARG_ENABLE(spasswd,[ --enable-spasswd enable (Cyrus) SASL password verification], no)dnl
+OL_ARG_ENABLE(modules,[ --enable-modules enable dynamic module support], no)dnl
+dnl OL_ARG_ENABLE(multimaster,[ --enable-multimaster enable multimaster replication], no)dnl
+ol_enable_multimaster=${ol_enable_multimaster-no}
+OL_ARG_ENABLE(rewrite,[ --enable-rewrite enable DN rewriting in back-ldap and rwm overlay], auto)dnl
+OL_ARG_ENABLE(rlookups,[ --enable-rlookups enable reverse lookups of client hostnames], no)dnl
+OL_ARG_ENABLE(slapi,[ --enable-slapi enable SLAPI support (experimental)], no)dnl
+OL_ARG_ENABLE(slp,[ --enable-slp enable SLPv2 support], no)dnl
+OL_ARG_ENABLE(wrappers,[ --enable-wrappers enable tcp wrapper support], no)dnl
+
+dnl ----------------------------------------------------------------
+dnl SLAPD Backend Options
+Backends="bdb \
+ dnssrv \
+ hdb \
+ ldap \
+ ldbm \
+ meta \
+ monitor \
+ null \
+ passwd \
+ perl \
+ relay \
+ shell \
+ sql"
+
+AC_ARG_ENABLE(xxslapbackends,[
+SLAPD Backend Options:])
+
+OL_ARG_ENABLE(backends,[ --enable-backends enable all available backends],
+ --, [no yes mod])dnl
+OL_ARG_ENABLE(bdb,[ --enable-bdb enable Berkeley DB backend],
+ yes, [no yes mod], ol_enable_backends)dnl
+OL_ARG_ENABLE(dnssrv,[ --enable-dnssrv enable dnssrv backend],
+ no, [no yes mod], ol_enable_backends)dnl
+OL_ARG_ENABLE(hdb,[ --enable-hdb enable Hierarchical DB backend],
+ yes, [no yes mod], ol_enable_backends)dnl
+OL_ARG_ENABLE(ldap,[ --enable-ldap enable ldap backend],
+ no, [no yes mod], ol_enable_backends)dnl
+OL_ARG_ENABLE(ldbm,[ --enable-ldbm enable ldbm backend],
+ no, [no yes mod], ol_enable_backends)dnl
+AC_ARG_WITH(ldbm_api,,[
+ AC_MSG_WARN([Please use --enable-ldbm-api instead of --with-ldbm-api])
+ enable_ldbm_api="$with_ldbm_api"])
+OL_ARG_ENABLE(ldbm_api,[ --enable-ldbm-api use LDBM API],
+ auto, [auto berkeley bcompat mdbm gdbm])
+AC_ARG_WITH(ldbm_type,,[
+ AC_MSG_WARN([Please use --enable-ldbm-type instead of --with-ldbm-type])
+ enable_ldbm_type="$with_ldbm_type"])
+OL_ARG_ENABLE(ldbm_type,[ --enable-ldbm-type use LDBM type],
+ auto, [auto btree hash])
+OL_ARG_ENABLE(meta,[ --enable-meta enable metadirectory backend],
+ no, [no yes mod], ol_enable_backends)dnl
+OL_ARG_ENABLE(monitor,[ --enable-monitor enable monitor backend],
+ yes, [no yes mod], ol_enable_backends)dnl
+OL_ARG_ENABLE(null,[ --enable-null enable null backend],
+ no, [no yes mod], ol_enable_backends)dnl
+OL_ARG_ENABLE(passwd,[ --enable-passwd enable passwd backend],
+ no, [no yes mod], ol_enable_backends)dnl
+OL_ARG_ENABLE(perl,[ --enable-perl enable perl backend],
+ no, [no yes mod], ol_enable_backends)dnl
+OL_ARG_ENABLE(relay,[ --enable-relay enable relay backend],
+ yes, [no yes mod], ol_enable_backends)dnl
+OL_ARG_ENABLE(shell,[ --enable-shell enable shell backend],
+ no, [no yes mod], ol_enable_backends)dnl
+OL_ARG_ENABLE(sql,[ --enable-sql enable sql backend],
+ no, [no yes mod], ol_enable_backends)dnl
+
+dnl ----------------------------------------------------------------
+dnl SLAPD Overlay Options
+Overlays="accesslog \
+ auditlog \
+ denyop \
+ dyngroup \
+ dynlist \
+ lastmod \
+ ppolicy \
+ proxycache \
+ refint \
+ retcode \
+ rwm \
+ syncprov \
+ translucent \
+ unique \
+ valsort"
+
+AC_ARG_ENABLE(xxslapoverlays,[
+SLAPD Overlay Options:])
+
+OL_ARG_ENABLE(overlays,[ --enable-overlays enable all available overlays],
+ --, [no yes mod])dnl
+OL_ARG_ENABLE(accesslog,[ --enable-accesslog In-Directory Access Logging overlay],
+ no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(auditlog,[ --enable-auditlog Audit Logging overlay],
+ no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(denyop,[ --enable-denyop Deny Operation overlay],
+ no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(dyngroup,[ --enable-dyngroup Dynamic Group overlay],
+ no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(dynlist,[ --enable-dynlist Dynamic List overlay],
+ no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(lastmod,[ --enable-lastmod Last Modification overlay],
+ no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(ppolicy,[ --enable-ppolicy Password Policy overlay],
+ no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(proxycache,[ --enable-proxycache Proxy Cache overlay],
+ no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(refint,[ --enable-refint Referential Integrity overlay],
+ no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(retcode,[ --enable-retcode Return Code testing overlay],
+ no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(rwm,[ --enable-rwm Rewrite/Remap overlay],
+ no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(syncprov,[ --enable-syncprov Syncrepl Provider overlay],
+ yes, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(translucent,[ --enable-translucent Translucent Proxy overlay],
+ no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(unique,[ --enable-unique Attribute Uniqueness overlay],
+ no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(valsort,[ --enable-valsort Value Sorting overlay],
+ no, [no yes mod], ol_enable_overlays)
+
+dnl ----------------------------------------------------------------
+dnl SLURPD OPTIONS
+AC_ARG_ENABLE(xxslurpdoptions,[
+SLURPD (Replication Daemon) Options:])
+OL_ARG_ENABLE(slurpd,[ --enable-slurpd enable building slurpd], auto)dnl
+
+dnl ----------------------------------------------------------------
+AC_ARG_ENABLE(xxliboptions,[
+Library Generation & Linking Options])
+AC_ENABLE_STATIC
+AC_ENABLE_SHARED
+
+dnl ----------------------------------------------------------------
+
+# validate options
+if test $ol_enable_slapd = no ; then
+ dnl SLAPD was specificallly disabled
+ if test $ol_enable_slapi = yes ; then
+ AC_MSG_WARN([slapd disabled, ignoring --enable-slapi argument])
+ fi
+ case "$ol_enable_backends" in yes | mod)
+ AC_MSG_WARN([slapd disabled, ignoring --enable-backends argument])
+ esac
+ for i in $Backends; do
+ eval "ol_tmp=\$ol_enable_$i"
+ if test $ol_tmp != no ; then
+ AC_MSG_WARN([slapd disabled, ignoring --enable-$i argument])
+ eval "ol_enable_$i=no"
+ fi
+ done
+ if test $ol_enable_modules = yes ; then
+ AC_MSG_WARN([slapd disabled, ignoring --enable-modules argument])
+ fi
+ if test $ol_enable_multimaster = yes ; then
+ AC_MSG_WARN([slapd disabled, ignoring --enable-multimaster argument])
+ fi
+ if test $ol_enable_wrappers = yes ; then
+ AC_MSG_WARN([slapd disabled, ignoring --enable-wrappers argument])
+ fi
+ if test $ol_enable_rlookups = yes ; then
+ AC_MSG_WARN([slapd disabled, ignoring --enable-rlookups argument])
+ fi
+ if test $ol_enable_aci = yes ; then
+ AC_MSG_WARN([slapd disabled, ignoring --enable-aci argument])
+ fi
+ if test $ol_enable_ldbm_api != auto ; then
+ AC_MSG_WARN([slapd disabled, ignoring --enable-ldbm-api argument])
+ fi
+ if test $ol_enable_ldbm_type != auto ; then
+ AC_MSG_WARN([slapd disabled, ignoring --enable-ldbm-type argument])
+ fi
+ if test $ol_enable_slurpd = yes ; then
+ AC_MSG_ERROR([slurpd requires slapd])
+ fi
+ if test $ol_enable_rewrite = yes ; then
+ AC_MSG_WARN([slapd disabled, ignoring --enable-rewrite argument])
+ fi
+ dnl overlays
+ case "$ol_enable_overlays" in yes | mod)
+ AC_MSG_WARN([slapd disabled, ignoring --enable-overlays argument])
+ esac
+ for i in $Overlays; do
+ eval "ol_tmp=\$ol_enable_$i"
+ if test $ol_tmp != no ; then
+ AC_MSG_WARN([slapd disabled, ignoring --enable-$i argument])
+ eval "ol_enable_$i=no"
+ fi
+ done
+
+ # force settings to no
+ ol_enable_slapi=no
+
+ ol_enable_backends=
+ ol_enable_overlays=
+ ol_enable_modules=no
+ ol_enable_multimaster=no
+ ol_enable_rlookups=no
+ ol_enable_aci=no
+ ol_enable_wrappers=no
+
+ ol_enable_ldbm_api=no
+ ol_enable_ldbm_type=no
+
+ ol_enable_slurpd=no
+
+ ol_enable_rewrite=no
+
+elif test $ol_enable_ldbm = no ; then
+ dnl SLAPD without LDBM
+
+ if test $ol_enable_ldbm_api != auto ; then
+ AC_MSG_WARN([LDBM disabled, ignoring --enable-ldbm-api argument])
+ fi
+
+ if test $ol_enable_ldbm_type != auto ; then
+ AC_MSG_WARN([LDBM disabled, ignoring --enable-ldbm-type argument])
+ fi
+
+ if test $ol_enable_modules != yes &&
+ test $ol_enable_bdb = no &&
+ test $ol_enable_dnssrv = no &&
+ test $ol_enable_hdb = no &&
+ test $ol_enable_ldap = no &&
+ test $ol_enable_meta = no &&
+ test $ol_enable_monitor = no &&
+ test $ol_enable_null = no &&
+ test $ol_enable_passwd = no &&
+ test $ol_enable_perl = no &&
+ test $ol_enable_relay = no &&
+ test $ol_enable_shell = no &&
+ test $ol_enable_sql = no ; then
+
+ if test $ol_enable_slapd = yes ; then
+ AC_MSG_ERROR([slapd requires a backend])
+ else
+ AC_MSG_WARN([skipping slapd, no backend specified])
+ ol_enable_slapd=no
+ fi
+ fi
+
+ ol_enable_ldbm_api=no
+ ol_enable_ldbm_type=no
+
+ if test $ol_enable_bdb/$ol_enable_hdb != no/no; then
+ ol_enable_ldbm_api=berkeley
+ fi
+
+else
+ dnl SLAPD with LDBM
+ if test $ol_enable_ldbm_api = gdbm &&
+ test $ol_enable_ldbm_type = btree ; then
+ AC_MSG_ERROR([GDBM only supports LDBM type hash])
+ fi
+ if test $ol_enable_ldbm_api = mdbm &&
+ test $ol_enable_ldbm_type = btree ; then
+ AC_MSG_ERROR([MDBM only supports LDBM type hash])
+ fi
+ if test $ol_enable_ldbm_api = ndbm &&
+ test $ol_enable_ldbm_type = btree ; then
+ AC_MSG_ERROR([NDBM only supports LDBM type hash])
+ fi
+
+ if test $ol_enable_bdb/$ol_enable_hdb != no/no ; then
+ if test $ol_enable_ldbm_api = auto ; then
+ ol_enable_ldbm_api=berkeley
+ elif test $ol_enable_ldbm_api != berkeley ; then
+ AC_MSG_ERROR([LDBM API not compatible with BDB/HDB])
+ fi
+ fi
+fi
+
+if test $ol_enable_meta/$ol_enable_ldap = yes/no ; then
+ AC_MSG_ERROR([--enable-meta requires --enable-ldap])
+fi
+
+if test $ol_enable_slurpd = yes ; then
+ dnl SLURPD was specifically enabled
+ if test $ol_with_threads = no ; then
+ AC_MSG_ERROR([slurpd requires threads])
+ fi
+fi
+
+if test $ol_enable_lmpasswd = yes ; then
+ if test $ol_with_tls = no ; then
+ AC_MSG_ERROR([LAN Manager passwords require OpenSSL])
+ fi
+fi
+
+if test $ol_enable_kbind = yes ; then
+ if test $ol_with_kerberos = no ; then
+ AC_MSG_ERROR([options require --with-kerberos])
+ elif test $ol_with_kerberos = auto ; then
+ ol_with_kerberos=yes
+ fi
+
+elif test $ol_enable_kbind = no ; then
+ if test $ol_with_kerberos = auto ; then
+ ol_with_kerberos=no
+ elif test $ol_with_kerberos != no ; then
+ AC_MSG_WARN([Kerberos detection enabled unnecessarily]);
+ ol_with_kerberos=no
+ fi
+fi
+
+if test $ol_enable_spasswd = yes ; then
+ if test $ol_with_cyrus_sasl = no ; then
+ AC_MSG_ERROR([options require --with-cyrus-sasl])
+ fi
+ ol_with_cyrus_sasl=yes
+fi
+
+AC_MSG_RESULT(done)
+
+dnl ----------------------------------------------------------------
+dnl Initialize vars
+LDAP_LIBS=
+LDBM_LIBS=
+LTHREAD_LIBS=
+LUTIL_LIBS=
+
+SLAPD_LIBS=
+SLURPD_LIBS=
+
+BUILD_SLAPD=no
+BUILD_SLURPD=no
+
+BUILD_THREAD=no
+
+BUILD_SLAPI=no
+SLAPD_SLAPI_DEPEND=
+
+BUILD_BDB=no
+BUILD_DNSSRV=no
+BUILD_HDB=no
+BUILD_LDAP=no
+BUILD_LDBM=no
+BUILD_META=no
+BUILD_MONITOR=no
+BUILD_NULL=no
+BUILD_PASSWD=no
+BUILD_PERL=no
+BUILD_RELAY=no
+BUILD_SHELL=no
+BUILD_SQL=no
+
+BUILD_ACCESSLOG=no
+BUILD_AUDITLOG=no
+BUILD_DENYOP=no
+BUILD_DYNGROUP=no
+BUILD_DYNLIST=no
+BUILD_LASTMOD=no
+BUILD_PPOLICY=no
+BUILD_PROXYCACHE=no
+BUILD_REFINT=no
+BUILD_RETCODE=no
+BUILD_RWM=no
+BUILD_SYNCPROV=no
+BUILD_TRANSLUCENT=no
+BUILD_UNIQUE=no
+BUILD_VALSORT=no
+
+SLAPD_STATIC_OVERLAYS=
+SLAPD_DYNAMIC_OVERLAYS=
+
+SLAPD_MODULES_LDFLAGS=
+SLAPD_MODULES_CPPFLAGS=
+
+SLAPD_STATIC_BACKENDS=back-ldif
+SLAPD_DYNAMIC_BACKENDS=
+
+SLAPD_PERL_LDFLAGS=
+MOD_PERL_LDFLAGS=
+PERL_CPPFLAGS=
+
+SLAPD_SQL_LDFLAGS=
+SLAPD_SQL_LIBS=
+SLAPD_SQL_INCLUDES=
+
+KRB4_LIBS=
+KRB5_LIBS=
+SASL_LIBS=
+TLS_LIBS=
+MODULES_LIBS=
+SLAPI_LIBS=
+LIBSLAPI=
+LIBSLAPITOOLS=
+AUTH_LIBS=
+
+SLAPD_SLP_LIBS=
+SLAPD_GMP_LIBS=
+
+dnl ================================================================
+dnl Checks for programs
+
+AC_DEFINE(HAVE_MKVERSION, 1, [define this if you have mkversion])
+
+dnl ----------------------------------------------------------------
+dnl
+dnl Determine which C translator to use
+dnl
+
+dnl AIX Thread requires we use cc_r or xlc_r.
+dnl But only do this IF AIX and CC is not set
+dnl and threads are auto|yes|posix.
+dnl
+dnl If we find cc_r|xlc_r, force pthreads and assume
+dnl pthread_create is in $LIBS (ie: don't bring in
+dnl any additional thread libraries)
+dnl If we do not find cc_r|xlc_r, disable threads
+
+ol_aix_threads=no
+case "$target" in
+*-*-aix*) dnl all AIX is not a good idea.
+ if test -z "$CC" ; then
+ case "$ol_with_threads" in
+ auto | yes | posix) ol_aix_threads=yes ;;
+ esac
+ fi
+;;
+esac
+
+if test $ol_aix_threads = yes ; then
+ if test -z "${CC}" ; then
+ AC_CHECK_PROGS(CC,cc_r xlc_r cc)
+
+ if test "$CC" = cc ; then
+ dnl no CC! don't allow --with-threads
+ if test $ol_with_threads != auto ; then
+ AC_MSG_ERROR([--with-threads requires cc_r (or other suitable compiler) on AIX])
+ else
+ AC_MSG_WARN([disabling threads, no cc_r on AIX])
+ fi
+ ol_with_threads=no
+ fi
+ fi
+
+ case ${CC} in cc_r | xlc_r)
+ ol_with_threads=posix
+ ol_cv_pthread_create=yes
+ ;;
+ esac
+fi
+
+if test -z "${CC}"; then
+ AC_CHECK_PROGS(CC,cc gcc,missing)
+
+ if test "${CC}" = "missing" ; then
+ AC_MSG_ERROR([Unable to locate cc(1) or suitable replacement. Check PATH or set CC.])
+ fi
+fi
+
+if test -z "${AR}"; then
+ AC_CHECK_PROGS(AR,ar gar,missing)
+
+ if test "${AR}" = "missing" ; then
+ AC_MSG_ERROR([Unable to locate ar(1) or suitable replacement. Check PATH or set AR.])
+ fi
+fi
+
+AC_LIBTOOL_WIN32_DLL
+AC_LIBTOOL_DLOPEN
+AC_PROG_LIBTOOL
+
+dnl ----------------------------------------------------------------
+dnl Perl
+ol_link_perl=no
+if test $ol_enable_perl != no ; then
+ AC_PATH_PROG(PERLBIN, perl, /usr/bin/perl)
+
+ if test "no$PERLBIN" = "no" ; then
+ if test $ol_enable_perl = yes ; then
+ AC_MSG_ERROR([could not locate perl])
+ fi
+
+ else
+ PERL_CPPFLAGS="`$PERLBIN -MExtUtils::Embed -e ccopts`"
+ PERL_LDFLAGS="`$PERLBIN -MExtUtils::Embed -e ldopts|sed -e 's/ -lc / /' -e 's/ -lc$//'`"
+
+ if test x"$ol_enable_perl" = "xyes" ; then
+ SLAPD_PERL_LDFLAGS="$PERL_LDFLAGS"
+ else
+ MOD_PERL_LDFLAGS="$PERL_LDFLAGS"
+ fi
+ dnl should check perl version
+ ol_link_perl=yes
+ fi
+fi
+
+AC_PROG_CPP
+
+dnl ----------------------------------------------------------------
+dnl Checks for Windows NT
+case $host_os in
+ *mingw32* ) ac_cv_mingw32=yes ;;
+ *cygwin* ) ac_cv_cygwin=yes ;;
+esac
+
+dnl ----------------------------------------------------------------
+dnl Checks for file extensions
+AC_EXEEXT
+AC_OBJEXT
+AC_DEFINE_UNQUOTED(EXEEXT, "${EXEEXT}", [defined to be the EXE extension])
+
+dnl ----------------------------------------------------------------
+dnl BeOS requires -lbe -lroot -lnet
+AC_CHECK_LIB(be, be_app, [LIBS="$LIBS -lbe -lroot -lnet"], :, [-lroot -lnet])
+
+dnl ----------------------------------------------------------------
+dnl OpenLDAP requires STDC features
+AC_PROG_CC
+if test "X${ac_cv_prog_cc_stdc}" = "Xno" ; then
+ AC_MSG_ERROR([OpenLDAP requires compiler to support STDC constructs.])
+fi
+
+dnl ----------------------------------------------------------------
+dnl Check cc depend flags
+OL_MKDEPEND
+if test "${ol_cv_mkdep}" = no ; then
+ # this will soon become an error
+ AC_MSG_WARN([do not know how to generate dependencies])
+fi
+
+dnl ----------------------------------------------------------------
+dnl Check for AIX security library
+AC_CHECK_LIB(s, afopen, [
+ AUTH_LIBS=-ls
+ AC_DEFINE(HAVE_AIX_SECURITY,1,[define if you have AIX security lib])
+])
+
+dnl ----------------------------------------------------------------
+dnl Check for IBM OS/390
+case "$target" in
+*-ibm-openedition)
+ ac_cv_func_getopt=no
+ AC_DEFINE(BOTH_STRINGS_H,1,[define to use both <string.h> and <strings.h>])
+ ;;
+esac
+
+dnl ----------------------------------------------------------------
+dnl Check for module support
+ol_link_modules=no
+WITH_MODULES_ENABLED=no
+if test $ol_enable_modules != no ; then
+ AC_CHECK_HEADERS(ltdl.h)
+
+ if test $ac_cv_header_ltdl_h = no ; then
+ AC_MSG_ERROR([could not locate libtool ltdl.h])
+ fi
+
+ AC_CHECK_LIB(ltdl, lt_dlinit, [
+ MODULES_LIBS=-lltdl
+ AC_DEFINE(HAVE_LIBLTDL,1,[define if you have libtool -ltdl])
+ ])
+
+ if test "$ac_cv_lib_ltdl_lt_dlinit" = no ; then
+ AC_MSG_ERROR([could not locate libtool -lltdl])
+ fi
+ ol_link_modules=yes
+ WITH_MODULES_ENABLED=yes
+
+else
+ for i in $Backends; do
+ eval "ol_tmp=\$ol_enable_$i"
+ if test $ol_tmp = mod ; then
+ AC_MSG_WARN([building static $i backend])
+ eval "ol_enable_$i=yes"
+ fi
+ done
+ for i in $Overlays; do
+ eval "ol_tmp=\$ol_enable_$i"
+ if test $ol_tmp = mod ; then
+ AC_MSG_WARN([building static $i overlay])
+ eval "ol_enable_$i=yes"
+ fi
+ done
+fi
+
+dnl ----------------------------------------------------------------
+dnl Checks for header files.
+OL_HEADER_STDC
+
+if test $ol_cv_header_stdc != yes; then
+ AC_MSG_WARN([could not locate Standard C compliant headers])
+fi
+
+AC_HEADER_DIRENT
+AC_HEADER_SYS_WAIT
+AC_HEADER_TIOCGWINSZ
+
+AC_CHECK_HEADERS( \
+ arpa/inet.h \
+ arpa/nameser.h \
+ assert.h \
+ bits/types.h \
+ conio.h \
+ crypt.h \
+ direct.h \
+ errno.h \
+ fcntl.h \
+ filio.h \
+ getopt.h \
+ grp.h \
+ io.h \
+ libutil.h \
+ limits.h \
+ locale.h \
+ malloc.h \
+ memory.h \
+ psap.h \
+ pwd.h \
+ process.h \
+ sgtty.h \
+ shadow.h \
+ stddef.h \
+ string.h \
+ strings.h \
+ sysexits.h \
+ sys/file.h \
+ sys/filio.h \
+ sys/errno.h \
+ sys/ioctl.h \
+ sys/param.h \
+ sys/resource.h \
+ sys/select.h \
+ sys/socket.h \
+ sys/stat.h \
+ sys/syslog.h \
+ sys/time.h \
+ sys/types.h \
+ sys/uio.h \
+ syslog.h \
+ termios.h \
+ unistd.h \
+ utime.h \
+)
+
+dnl Only check Winsock on MinGW
+if test "$ac_cv_mingw32" = yes ; then
+ AC_CHECK_HEADERS( winsock.h winsock2.h )
+fi
+
+AC_CHECK_HEADERS( resolv.h, [], [],
+[$ac_includes_default
+#include <netinet/in.h>
+])
+
+AC_CHECK_HEADERS( netinet/tcp.h, [], [],
+[$ac_includes_default
+#include <netinet/in.h>
+])
+
+AC_CHECK_HEADERS( sys/ucred.h, [], [],
+[$ac_includes_default
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+])
+
+dnl ----------------------------------------------------------------
+dnl Checks for libraries
+
+AC_CHECK_FUNCS( sigaction sigset )
+
+dnl HP-UX requires -lV3
+dnl this is not needed on newer versions of HP-UX
+if test $ac_cv_func_sigaction = no && test $ac_cv_func_sigaction = no ; then
+ AC_CHECK_LIB(V3, sigset)
+fi
+
+dnl The following is INTENTIONALLY scripted out because shell does not
+dnl support variable names with the '@' character, which is what
+dnl autoconf would try to generate if one merely used AC_SEARCH_LIBS
+if test "$ac_cv_header_winsock_h" = yes; then
+AC_CACHE_CHECK([for winsock], [ol_cv_winsock],
+save_LIBS="$LIBS"
+for curlib in ws2_32 wsock32; do
+ LIBS="$LIBS -l$curlib"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <winsock.h>
+ ]], [[
+ socket(0,0,0);
+ select(0,NULL,NULL,NULL,NULL);
+ closesocket(0);
+ gethostname(NULL,0);
+ ]])],[ol_cv_winsock=yes],[ol_cv_winsock=no])
+
+ if test $ol_cv_winsock = yes; then
+ AC_DEFINE(HAVE_WINSOCK, 1, [define if you have winsock])
+ ac_cv_func_socket=yes
+ ac_cv_func_select=yes
+ ac_cv_func_closesocket=yes
+ ac_cv_func_gethostname=yes
+ if test $curlib = ws2_32; then
+ ol_cv_winsock=winsock2
+ AC_DEFINE(HAVE_WINSOCK2, 1,
+ [define if you have winsock2])
+ fi
+ break
+ fi
+ LIBS="$save_LIBS"
+done)
+fi
+
+dnl Find socket()
+dnl Likely combinations:
+dnl -lsocket [ -lnsl_s | -lnsl ]
+dnl -linet
+
+AC_CHECK_FUNC(socket, :, [
+dnl hopefully we won't include too many libraries
+ AC_CHECK_LIB(socket, main)
+ AC_CHECK_LIB(net, main)
+ AC_CHECK_LIB(nsl_s, main)
+ AC_CHECK_LIB(nsl, main)
+ AC_CHECK_LIB(inet, socket)
+ AC_CHECK_LIB(gen, main)
+])
+
+dnl require select
+AC_CHECK_FUNC(select, :, AC_MSG_ERROR([select() required.]))
+
+if test "${ac_cv_header_winsock_h}" != yes; then
+ dnl Select arg types
+ dnl (if this detection becomes permenent, it and the select() detection
+ dnl should be done before the yielding select test)
+ AC_FUNC_SELECT_ARGTYPES
+fi
+
+dnl check to see if system call automatically restart
+dnl AC_SYS_RESTARTABLE_SYSCALLS
+
+dnl ----------------------------------------------------------------
+AC_CHECK_FUNCS( poll )
+AC_CHECK_HEADERS( poll.h )
+
+dnl ----------------------------------------------------------------
+AC_CHECK_HEADERS( sys/epoll.h )
+if test "${ac_cv_header_sys_epoll_h}" = yes; then
+AC_MSG_CHECKING(for epoll system call)
+AC_RUN_IFELSE([AC_LANG_SOURCE([[int main(int argc, char *argv)
+{
+ int epfd = epoll_create(256);
+ exit (epfd == -1 ? 1 : 0);
+}]])],[AC_MSG_RESULT(yes)
+AC_DEFINE(HAVE_EPOLL,1, [define if your system supports epoll])],[AC_MSG_RESULT(no)],[AC_MSG_RESULT(no)])
+fi
+
+dnl ----------------------------------------------------------------
+# strerror checks
+OL_STRERROR
+
+dnl ----------------------------------------------------------------
+dnl require POSIX regex
+AC_CHECK_HEADERS( regex.h )
+if test "$ac_cv_header_regex_h" != yes ; then
+ AC_MSG_ERROR([POSIX regex.h required.])
+fi
+AC_SEARCH_LIBS(regfree, [regex gnuregex],
+ :, AC_MSG_ERROR([POSIX regex required.]))
+
+OL_POSIX_REGEX
+if test "$ol_cv_c_posix_regex" = no ; then
+ AC_MSG_ERROR([broken POSIX regex!])
+fi
+
+dnl ----------------------------------------------------------------
+dnl UUID Support
+
+have_uuid=no
+AC_CHECK_HEADERS(sys/uuid.h)
+if test $ac_cv_header_sys_uuid_h = yes ; then
+ save_LIBS="$LIBS"
+ AC_SEARCH_LIBS(uuid_to_str, uuid, [have_uuid=yes], :)
+ LIBS="$save_LIBS"
+
+ if test have_uuid = yes ; then
+ AC_DEFINE(HAVE_UUID_TO_STR,1,
+ [define if you have uuid_to_str()])
+
+ test "$ac_cv_search_uuid_to_str" = "none required" || \
+ SLAPD_LIBS="$SLAPD_LIBS $ac_cv_search_uuid_to_str"
+ fi
+fi
+
+dnl For windows, check for the need of RPCRT for UUID function support
+if test $have_uuid = no ; then
+ AC_MSG_CHECKING(to see if -lrpcrt4 is needed for win32 UUID support)
+ save_LIBS="$LIBS"
+ LIBS="$LIBS -lrpcrt4"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+ int __stdcall UuidCreate(void *);
+ int __stdcall UuidToStringA(void *,void **);
+ ]], [[
+ UuidCreate(0);
+ UuidToStringA(0,0);
+ ]])],[need_rpcrt=yes],[need_rpcrt=no])
+ if test $need_rpcrt = yes; then
+ SLAPD_LIBS="$SLAPD_LIBS -lrpcrt4"
+ fi
+ LIBS="$save_LIBS"
+ AC_MSG_RESULT($need_rpcrt)
+fi
+
+dnl ----------------------------------------------------------------
+dnl Check for resolver routines
+OL_RESOLVER_LINK
+
+ol_link_dnssrv=no
+if test "$ol_cv_lib_resolver" != no ; then
+ AC_DEFINE(HAVE_RES_QUERY,1,
+ [define if you have res_query()])
+
+ if test "$ol_enable_dnssrv" != no ; then
+ ol_link_dnssrv=yes
+ fi
+
+ if test "$ol_cv_lib_resolver" != yes ; then
+ LIBS="$ol_cv_lib_resolver $LIBS"
+ fi
+fi
+
+if test "$ol_enable_dnssrv" = yes || test "$ol_enable_dnssrv" = mod ; then
+ if test "$ol_link_dnssrv" = no ; then
+ AC_MSG_ERROR([DNSSRV requires res_query()])
+ fi
+else
+ ol_enable_dnssrv=no
+fi
+
+AC_CHECK_FUNCS( hstrerror )
+
+dnl ----------------------------------------------------------------
+dnl PF_INET6 support requires getaddrinfo and INET6_ADDRSTRLEN
+dnl PF_LOCAL may use getaddrinfo in available
+AC_CHECK_FUNCS( getaddrinfo getnameinfo gai_strerror inet_ntop )
+
+ol_link_ipv6=no
+if test $ac_cv_func_getaddrinfo = no || test $ac_cv_func_inet_ntop = no ; then
+ if test $ol_enable_ipv6 = yes ; then
+ AC_MSG_ERROR([IPv6 support requires getaddrinfo() and inet_ntop()])
+ fi
+elif test $ol_enable_ipv6 != no ; then
+ AC_CACHE_CHECK([INET6_ADDRSTRLEN],[ol_cv_inet6_addrstrlen],[
+ AC_EGREP_CPP(__has_inet6_addrstrlen__,[
+# include <netinet/in.h>
+# ifdef INET6_ADDRSTRLEN
+ __has_inet6_addrstrlen__;
+# endif
+ ], [ol_cv_inet6_addrstrlen=yes], [ol_cv_inet6_addrstrlen=no])])
+
+
+ AC_CACHE_CHECK([struct sockaddr_storage],ol_cv_struct_sockaddr_storage,[
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+]], [[
+ struct sockaddr_storage ss;
+]])],[ol_cv_struct_sockaddr_storage=yes],[ol_cv_struct_sockaddr_storage=no])])
+
+ if test $ol_cv_inet6_addrstrlen = yes &&
+ test $ol_cv_struct_sockaddr_storage = yes ; then
+ ol_link_ipv6=yes
+ elif test $ol_enable_ipv6 = yes &&
+ test $ol_cv_inet6_addrstrlen = no ; then
+ AC_MSG_ERROR([IPv6 support requires INET6_ADDRSTRLEN])
+ elif test $ol_enable_ipv6 = yes &&
+ test $ol_cv_struct_sockaddr_storage = no ; then
+ AC_MSG_ERROR([IPv6 support requires struct sockaddr_storage])
+ fi
+fi
+
+if test $ol_enable_local != no ; then
+ AC_CHECK_HEADERS( sys/un.h )
+
+ if test $ol_enable_local = auto ; then
+ ol_enable_local=$ac_cv_header_sys_un_h
+ elif test $ac_cv_header_sys_un_h = no ; then
+ AC_MSG_ERROR([AF_LOCAL domain support requires sys/un.h])
+ fi
+fi
+
+dnl ----------------------------------------------------------------
+dnl Kerberos
+ol_link_kbind=no
+ol_link_krb5=no
+ol_link_krb4=no
+
+case $ol_with_kerberos in yes | auto | k5 | k5only | k425)
+
+ AC_CHECK_HEADERS(krb5.h)
+
+ if test $ac_cv_header_krb5_h = yes ; then
+ dnl lazy check for Heimdal Kerberos
+ AC_CHECK_HEADERS(heim_err.h)
+ if test $ac_cv_header_heim_err_h = yes ; then
+ krb5_impl=heimdal
+ else
+ krb5_impl=mit
+ fi
+
+ if test $krb5_impl = mit; then
+ AC_CHECK_LIB(k5crypto, main,
+ [krb5crypto=k5crypto],
+ [krb5crypto=crypto])
+
+ AC_CHECK_LIB(krb5, main,
+ [have_krb5=yes
+ KRB5_LIBS="-lkrb5 -l$krb5crypto -lcom_err"],
+ [have_krb5=no],
+ [-l$krb5crypto -lcom_err])
+
+ elif test $krb5_impl = heimdal; then
+ AC_CHECK_LIB(des, main,
+ [krb5crypto=des],
+ [krb5crypto=crypto])
+
+ AC_CHECK_LIB(krb5, main,
+ [have_krb5=yes
+ KRB5_LIBS="-lkrb5 -l$krb5crypto -lasn1 -lroken -lcom_err"],
+ [have_krb5=no],
+ [-l$krb5crypto -lasn1 -lroken -lcom_err])
+
+ AC_DEFINE(HAVE_HEIMDAL_KERBEROS, 1,
+ [define if you have HEIMDAL Kerberos])
+
+ else
+ have_krb5=no
+ AC_MSG_WARN([Unrecognized Kerberos5 Implementation])
+ fi
+
+ if test $have_krb5 = yes ; then
+ ol_link_krb5=yes
+
+ AC_DEFINE(HAVE_KRB5, 1,
+ [define if you have Kerberos V])
+
+ if test $ol_with_kerberos = k5only ; then
+ ol_with_kerberos=found
+ fi
+
+ elif test $ol_with_kerberos != auto ; then
+ AC_MSG_ERROR([Required Kerberos 5 support not available])
+ fi
+
+ fi
+ ;;
+esac
+
+if test $ol_link_krb5 = yes &&
+ { test $ol_with_kerberos = yes ||
+ test $ol_with_kerberos = auto ||
+ test $ol_with_kerberos = k425; }; then
+
+ AC_CHECK_HEADERS(kerberosIV/krb.h kerberosIV/des.h)
+
+ if test $ac_cv_header_kerberosIV_krb_h = yes ; then
+ if test $krb5_impl = mit; then
+ AC_CHECK_LIB(krb4, main, [have_k425=yes
+ KRB4_LIBS="-lkrb4 -ldes425"], [have_k425=no],
+ [-ldes425 -lkrb5 -l$krb5crypto -lcom_err])
+
+ elif test $krb5_impl = heimdal; then
+ AC_CHECK_LIB(krb4, main, [have_k425=yes
+ KRB4_LIBS="-lkrb4"], [have_k425=no],
+ [-lkrb5 -l$krb5crypto -lasn1 -lroken -lcom_err])
+
+ else
+ have_425=no
+ AC_MSG_WARN([Unrecongized Kerberos V Implementation])
+ fi
+
+ if test $have_k425 = yes ; then
+ ol_with_kerberos=found
+ ol_link_krb4=yes
+
+ AC_DEFINE(HAVE_KRB425, 1,
+ [define if you have Kerberos V with IV support])
+ AC_DEFINE(HAVE_KRB4, 1,
+ [define if you have Kerberos IV])
+
+ AC_CACHE_CHECK([for des_debug in Kerberos libraries],
+ [ol_cv_var_des_debug], [
+ dnl save the flags
+ save_LIBS="$LIBS"
+ LIBS="$KRB4_LIBS $KRB5_LIBS $LIBS"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <kerberosIV/krb.h>
+#include <kerberosIV/des.h>
+extern int des_debug;
+]], [[
+des_debug = 1;
+]])],[ol_cv_var_des_debug=yes],[ol_cv_var_des_debug=no])
+ dnl restore the LIBS
+ LIBS="$save_LIBS"
+ ])
+
+ if test $ol_cv_var_des_debug = yes ; then
+ AC_DEFINE(HAVE_DES_DEBUG,1,
+ [define if you have Kerberos des_debug])
+ fi
+
+ LIBS="$save_LIBS"
+ fi
+ fi
+fi
+
+if test $ol_link_krb5 = yes ; then
+ ol_with_kerberos=found
+fi
+
+case $ol_with_kerberos in yes | auto | k4 | kth)
+
+ AC_CHECK_HEADERS(krb.h des.h krb-archaeology.h )
+
+ if test $ac_cv_header_krb_h = yes ; then
+ AC_CHECK_LIB(krb, main, [have_k4=yes], [have_k4=no], [-ldes])
+
+ if test $have_k4 = yes ; then
+ ol_with_kerberos=found
+ ol_link_krb4=yes
+
+ AC_DEFINE(HAVE_KRB4, 1,
+ [define if you have Kerberos IV])
+
+ KRB4_LIBS="-lkrb -ldes"
+
+ if test $ac_cv_header_krb_archaeology_h = yes ; then
+ AC_DEFINE(HAVE_KTH_KERBEROS, 1,
+ [define if you have Kth Kerberos])
+ fi
+ fi
+ fi
+ ;;
+esac
+
+if test $ol_link_krb4 = yes && test $ol_enable_kbind != no ; then
+ ol_link_kbind=yes
+
+elif test $ol_enable_kbind = yes ; then
+ AC_MSG_ERROR([Kerberos IV detection failed])
+fi
+
+if test $ol_link_krb4 = yes || test $ol_link_krb5 = yes ; then
+ AC_DEFINE(HAVE_KERBEROS, 1, [define if you have Kerberos])
+
+elif test $ol_with_kerberos != auto && test $ol_with_kerberos != no ; then
+ AC_MSG_ERROR([Kerberos detection failed])
+fi
+
+dnl ----------------------------------------------------------------
+dnl TLS/SSL
+
+ol_link_tls=no
+if test $ol_with_tls != no ; then
+ AC_CHECK_HEADERS(openssl/ssl.h)
+
+ if test $ac_cv_header_openssl_ssl_h = yes ; then
+ AC_CHECK_LIB(ssl, SSL_library_init,
+ [have_openssl=yes
+ need_rsaref=no], [have_openssl=no],
+ [-lcrypto])
+
+ if test $have_openssl = no ; then
+ AC_CHECK_LIB(ssl, ssl3_accept,
+ [have_openssl=yes
+ need_rsaref=yes], [have_openssl=no],
+ [-lcrypto -lRSAglue -lrsaref])
+ fi
+
+ if test $have_openssl = yes ; then
+ ol_with_tls=found
+ ol_link_tls=yes
+
+ AC_DEFINE(HAVE_OPENSSL, 1,
+ [define if you have OpenSSL])
+
+ if test $need_rsaref = yes; then
+ AC_DEFINE(HAVE_RSAREF, 1,
+ [define if OpenSSL needs RSAref])
+
+ TLS_LIBS="-lssl -lcrypto -lRSAglue -lrsaref"
+ else
+ TLS_LIBS="-lssl -lcrypto"
+ fi
+ fi
+ OL_SSL_COMPAT
+ if test $ol_cv_ssl_crl_compat = no ; then
+ ol_link_ssl=no
+ else
+ AC_DEFINE(HAVE_OPENSSL_CRL, 1,
+ [define if you have OpenSSL with CRL checking capability])
+ fi
+ fi
+
+else
+ AC_MSG_WARN([TLS data protection not supported!])
+fi
+
+WITH_TLS=no
+if test $ol_link_tls = yes ; then
+ AC_DEFINE(HAVE_TLS, 1, [define if you have TLS])
+ WITH_TLS=yes
+
+elif test $ol_with_tls = auto ; then
+ AC_MSG_WARN([Could not locate TLS/SSL package])
+ AC_MSG_WARN([TLS data protection not supported!])
+
+elif test $ol_with_tls != no ; then
+ AC_MSG_ERROR([Could not locate TLS/SSL package])
+fi
+
+dnl ----------------------------------------------------------------
+dnl LAN Manger password checking requires DES from OpenSSL
+if test $ol_enable_lmpasswd != no; then
+ if test $ol_link_tls != yes ; then
+ AC_MSG_ERROR([LAN Manager passwords require OpenSSL])
+ fi
+
+ AC_DEFINE(SLAPD_LMHASH, 1, [define to support LAN Manager passwords])
+fi
+
+dnl ----------------------------------------------------------------
+dnl Threads?
+ol_link_threads=no
+
+case $ol_with_threads in auto | yes | nt)
+
+ OL_NT_THREADS
+
+ if test "$ol_cv_nt_threads" = yes ; then
+ ol_link_threads=nt
+ ol_with_threads=found
+ ol_with_yielding_select=yes
+
+ AC_DEFINE(HAVE_NT_SERVICE_MANAGER,1,[if you have NT Service Manager])
+ AC_DEFINE(HAVE_NT_EVENT_LOG,1,[if you have NT Event Log])
+ fi
+
+ if test $ol_with_threads = nt ; then
+ AC_MSG_ERROR([could not locate NT Threads])
+ fi
+ ;;
+esac
+
+case $ol_with_threads in auto | yes | posix)
+
+ AC_CHECK_HEADERS(pthread.h)
+
+ if test $ac_cv_header_pthread_h = yes ; then
+ OL_POSIX_THREAD_VERSION
+
+ if test $ol_cv_pthread_version != 0 ; then
+ AC_DEFINE_UNQUOTED(HAVE_PTHREADS,$ol_cv_pthread_version,
+ [define to pthreads API spec revision])
+ else
+ AC_MSG_ERROR([unknown pthread version])
+ fi
+
+ # consider threads found
+ ol_with_threads=found
+
+ OL_HEADER_LINUX_THREADS
+ OL_HEADER_GNU_PTH_PTHREAD_H
+
+ if test $ol_cv_header_gnu_pth_pthread_h = no ; then
+ AC_CHECK_HEADERS(sched.h)
+ fi
+
+ dnl Now the hard part, how to link?
+ dnl
+ dnl currently supported checks:
+ dnl
+ dnl Check for no flags
+ dnl pthread_create() in $LIBS
+ dnl
+ dnl Check special pthread (final) flags
+ dnl [skipped] pthread_create() with -mt (Solaris) [disabled]
+ dnl pthread_create() with -kthread (FreeBSD)
+ dnl pthread_create() with -pthread (FreeBSD/Digital Unix)
+ dnl pthread_create() with -pthreads (?)
+ dnl pthread_create() with -mthreads (AIX)
+ dnl pthread_create() with -thread (?)
+ dnl
+ dnl Check pthread (final) libraries
+ dnl pthread_mutex_unlock() in -lpthread -lmach -lexc -lc_r (OSF/1)
+ dnl pthread_mutex_lock() in -lpthread -lmach -lexc (OSF/1)
+ dnl [skipped] pthread_mutex_trylock() in -lpthread -lexc (OSF/1)
+ dnl pthread_join() -Wl,-woff,85 -lpthread (IRIX)
+ dnl pthread_create() in -lpthread (many)
+ dnl pthread_create() in -lc_r (FreeBSD)
+ dnl
+ dnl Check pthread (draft4) flags (depreciated)
+ dnl pthread_create() with -threads (OSF/1)
+ dnl
+ dnl Check pthread (draft4) libraries (depreciated)
+ dnl pthread_mutex_unlock() in -lpthreads -lmach -lexc -lc_r (OSF/1)
+ dnl pthread_mutex_lock() in -lpthreads -lmach -lexc (OSF/1)
+ dnl pthread_mutex_trylock() in -lpthreads -lexc (OSF/1)
+ dnl pthread_create() in -lpthreads (many)
+ dnl
+
+ dnl pthread_create in $LIBS
+ AC_CACHE_CHECK([for pthread_create in default libraries],
+ ol_cv_pthread_create,[
+ AC_RUN_IFELSE([OL_PTHREAD_TEST_PROGRAM],
+ [ol_cv_pthread_create=yes],
+ [ol_cv_pthread_create=no],
+ [AC_TRY_LINK(OL_PTHREAD_TEST_INCLUDES,OL_PTHREAD_TEST_FUNCTION,
+ [ol_cv_pthread_create=yes],
+ [ol_cv_pthread_create=no])])])
+
+ if test $ol_cv_pthread_create != no ; then
+ ol_link_threads=posix
+ ol_link_pthreads=""
+ fi
+
+dnl OL_PTHREAD_TRY([-mt], [ol_cv_pthread_mt])
+ OL_PTHREAD_TRY([-kthread], [ol_cv_pthread_kthread])
+ OL_PTHREAD_TRY([-pthread], [ol_cv_pthread_pthread])
+ OL_PTHREAD_TRY([-pthreads], [ol_cv_pthread_pthreads])
+ OL_PTHREAD_TRY([-mthreads], [ol_cv_pthread_mthreads])
+ OL_PTHREAD_TRY([-thread], [ol_cv_pthread_thread])
+
+ OL_PTHREAD_TRY([-lpthread -lmach -lexc -lc_r],
+ [ol_cv_pthread_lpthread_lmach_lexc_lc_r])
+ OL_PTHREAD_TRY([-lpthread -lmach -lexc],
+ [ol_cv_pthread_lpthread_lmach_lexc])
+dnl OL_PTHREAD_TRY([-lpthread -lexc],
+dnl [ol_cv_pthread_lpthread_lexc])
+
+ OL_PTHREAD_TRY([-lpthread -Wl,-woff,85],
+ [ol_cv_pthread_lib_lpthread_woff])
+
+ OL_PTHREAD_TRY([-lpthread], [ol_cv_pthread_lpthread])
+ OL_PTHREAD_TRY([-lc_r], [ol_cv_pthread_lc_r])
+
+ OL_PTHREAD_TRY([-threads], [ol_cv_pthread_threads])
+
+ OL_PTHREAD_TRY([-lpthreads -lmach -lexc -lc_r],
+ [ol_cv_pthread_lpthreads_lmach_lexc_lc_r])
+ OL_PTHREAD_TRY([-lpthreads -lmach -lexc],
+ [ol_cv_pthread_lpthreads_lmach_lexc])
+ OL_PTHREAD_TRY([-lpthreads -lexc],
+ [ol_cv_pthread_lpthreads_lexc])
+
+ OL_PTHREAD_TRY([-lpthreads],[ol_cv_pthread_lib_lpthreads])
+
+ if test $ol_link_threads != no ; then
+ LTHREAD_LIBS="$LTHREAD_LIBS $ol_link_pthreads"
+
+ dnl save flags
+ save_CPPFLAGS="$CPPFLAGS"
+ save_LIBS="$LIBS"
+ LIBS="$LTHREAD_LIBS $LIBS"
+
+ dnl All POSIX Thread (final) implementations should have
+ dnl sched_yield instead of pthread yield.
+ dnl check for both, and thr_yield for Solaris
+ AC_CHECK_FUNCS(sched_yield pthread_yield thr_yield)
+
+ if test $ac_cv_func_sched_yield = no &&
+ test $ac_cv_func_pthread_yield = no &&
+ test $ac_cv_func_thr_yield = no ; then
+ dnl Digital UNIX has sched_yield() in -lrt
+ AC_CHECK_LIB(rt, sched_yield,
+ [LTHREAD_LIBS="$LTHREAD_LIBS -lrt"
+ AC_DEFINE(HAVE_SCHED_YIELD,1,
+ [Define if you have the sched_yield function.])
+ ac_cv_func_sched_yield=yes],
+ [ac_cv_func_sched_yield=no])
+ fi
+ if test $ac_cv_func_sched_yield = no &&
+ test $ac_cv_func_pthread_yield = no &&
+ test "$ac_cv_func_thr_yield" = no ; then
+ AC_MSG_WARN([could not locate sched_yield() or pthread_yield()])
+ fi
+
+ dnl Check functions for compatibility
+ AC_CHECK_FUNCS(pthread_kill pthread_rwlock_destroy)
+
+ dnl Check for pthread_detach with <pthread.h> inclusion
+ dnl as it's symbol may have been mangled.
+ AC_CACHE_CHECK([for pthread_detach with <pthread.h>],
+ [ol_cv_func_pthread_detach], [
+ dnl save the flags
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <pthread.h>
+#ifndef NULL
+#define NULL (void*)0
+#endif
+]], [[pthread_detach(NULL);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no])
+ ])
+
+ if test $ol_cv_func_pthread_detach = no ; then
+ AC_MSG_ERROR([could not locate pthread_detach()])
+ fi
+
+ AC_DEFINE(HAVE_PTHREAD_DETACH,1,
+ [define if you have pthread_detach function])
+
+ dnl Check for setconcurreny functions
+ AC_CHECK_FUNCS( \
+ pthread_setconcurrency \
+ pthread_getconcurrency \
+ thr_setconcurrency \
+ thr_getconcurrency \
+ )
+
+ OL_SYS_LINUX_THREADS
+ OL_LINUX_THREADS
+
+ if test $ol_cv_linux_threads = error; then
+ AC_MSG_ERROR([LinuxThreads header/library mismatch]);
+ fi
+
+ AC_CACHE_CHECK([if pthread_create() works],
+ ol_cv_pthread_create_works,[
+ AC_RUN_IFELSE([OL_PTHREAD_TEST_PROGRAM],
+ [ol_cv_pthread_create_works=yes],
+ [ol_cv_pthread_create_works=no],
+ [dnl assume yes
+ ol_cv_pthread_create_works=yes])])
+
+ if test $ol_cv_pthread_create_works = no ; then
+ AC_MSG_ERROR([pthread_create is not usable, check environment settings])
+ fi
+
+ ol_replace_broken_yield=no
+dnl case "$target" in
+dnl *-*-linux*)
+dnl AC_CHECK_FUNCS(nanosleep)
+dnl ol_replace_broken_yield=yes
+dnl ;;
+dnl esac
+
+ if test $ol_replace_broken_yield = yes ; then
+ AC_DEFINE([REPLACE_BROKEN_YIELD],1,
+ [define if sched_yield yields the entire process])
+ fi
+
+ dnl Check if select causes an yield
+ if test $ol_with_yielding_select = auto ; then
+ AC_CACHE_CHECK([if select yields when using pthreads],
+ ol_cv_pthread_select_yields,[
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <sys/types.h>
+#include <sys/time.h>
+#include <unistd.h>
+#include <pthread.h>
+#ifndef NULL
+#define NULL (void*) 0
+#endif
+
+static int fildes[2];
+
+static void *task(p)
+ void *p;
+{
+ int i;
+ struct timeval tv;
+
+ fd_set rfds;
+
+ tv.tv_sec=10;
+ tv.tv_usec=0;
+
+ FD_ZERO(&rfds);
+ FD_SET(fildes[0], &rfds);
+
+ /* we're not interested in any fds */
+ i = select(FD_SETSIZE, &rfds, NULL, NULL, &tv);
+
+ if(i < 0) {
+ perror("select");
+ exit(10);
+ }
+
+ exit(0); /* if we exit here, the select blocked the whole process */
+}
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+ pthread_t t;
+
+ /* create a pipe to select */
+ if(pipe(&fildes[0])) {
+ perror("select");
+ exit(1);
+ }
+
+#ifdef HAVE_PTHREAD_SETCONCURRENCY
+ (void) pthread_setconcurrency(2);
+#else
+#ifdef HAVE_THR_SETCONCURRENCY
+ /* Set Solaris LWP concurrency to 2 */
+ thr_setconcurrency(2);
+#endif
+#endif
+
+#if HAVE_PTHREADS < 6
+ pthread_create(&t, pthread_attr_default, task, NULL);
+#else
+ pthread_create(&t, NULL, task, NULL);
+#endif
+
+ /* make sure task runs first */
+#if HAVE_THR_YIELD
+ thr_yield();
+#elif defined( HAVE_SCHED_YIELD )
+ sched_yield();
+#elif defined( HAVE_PTHREAD_YIELD )
+ pthread_yield();
+#endif
+
+ exit(2);
+}]])],[ol_cv_pthread_select_yields=no],[ol_cv_pthread_select_yields=yes],[ol_cv_pthread_select_yields=cross])])
+
+ if test $ol_cv_pthread_select_yields = cross ; then
+ AC_MSG_ERROR([crossing compiling: use --with-yielding_select=yes|no|manual])
+ fi
+
+ if test $ol_cv_pthread_select_yields = yes ; then
+ ol_with_yielding_select=yes
+ fi
+ fi
+
+ dnl restore flags
+ CPPFLAGS="$save_CPPFLAGS"
+ LIBS="$save_LIBS"
+ else
+ AC_MSG_ERROR([could not locate usable POSIX Threads])
+ fi
+ fi
+
+ if test $ol_with_threads = posix ; then
+ AC_MSG_ERROR([could not locate POSIX Threads])
+ fi
+ ;;
+esac
+
+case $ol_with_threads in auto | yes | mach)
+
+ dnl check for Mach CThreads
+ AC_CHECK_HEADERS(mach/cthreads.h cthreads.h)
+ if test $ac_cv_header_mach_cthreads_h = yes ; then
+ ol_with_threads=found
+
+ dnl check for cthreads support in current $LIBS
+ AC_CHECK_FUNC(cthread_fork,[ol_link_threads=yes])
+
+ if test $ol_link_threads = no ; then
+ dnl try -all_load
+ dnl this test needs work
+ AC_CACHE_CHECK([for cthread_fork with -all_load],
+ [ol_cv_cthread_all_load], [
+ dnl save the flags
+ save_LIBS="$LIBS"
+ LIBS="-all_load $LIBS"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <mach/cthreads.h>]], [[
+ cthread_fork((void *)0, (void *)0);
+ ]])],[ol_cv_cthread_all_load=yes],[ol_cv_cthread_all_load=no])
+ dnl restore the LIBS
+ LIBS="$save_LIBS"
+ ])
+
+ if test $ol_cv_cthread_all_load = yes ; then
+ LTHREAD_LIBS="$LTHREAD_LIBS -all_load"
+ ol_link_threads=mach
+ ol_with_threads=found
+ fi
+ fi
+
+ elif test $ac_cv_header_cthreads_h = yes ; then
+ dnl Hurd variant of Mach Cthreads
+ dnl uses <cthreads.h> and -lthreads
+
+ ol_with_threads=found
+
+ dnl save the flags
+ save_LIBS="$LIBS"
+ LIBS="$LIBS -lthreads"
+ AC_CHECK_FUNC(cthread_fork,[ol_link_threads=yes])
+ LIBS="$save_LIBS"
+
+ if test $ol_link_threads = yes ; then
+ LTHREAD_LIBS="-lthreads"
+ ol_link_threads=mach
+ ol_with_threads=found
+ else
+ AC_MSG_ERROR([could not link with Mach CThreads])
+ fi
+
+ elif test $ol_with_threads = mach ; then
+ AC_MSG_ERROR([could not locate Mach CThreads])
+ fi
+
+ if test $ol_link_threads = mach ; then
+ AC_DEFINE(HAVE_MACH_CTHREADS,1,
+ [define if you have Mach Cthreads])
+ elif test $ol_with_threads = found ; then
+ AC_MSG_ERROR([could not link with Mach CThreads])
+ fi
+ ;;
+esac
+
+case $ol_with_threads in auto | yes | pth)
+
+ AC_CHECK_HEADERS(pth.h)
+
+ if test $ac_cv_header_pth_h = yes ; then
+ AC_CHECK_LIB(pth, pth_version, [have_pth=yes], [have_pth=no])
+
+ if test $have_pth = yes ; then
+ AC_DEFINE(HAVE_GNU_PTH,1,[if you have GNU Pth])
+ LTHREAD_LIBS="$LTHREAD_LIBS -lpth"
+ ol_link_threads=pth
+ ol_with_threads=found
+
+ if test $ol_with_yielding_select = auto ; then
+ ol_with_yielding_select=yes
+ fi
+ fi
+ fi
+ ;;
+esac
+
+case $ol_with_threads in auto | yes | lwp)
+
+ dnl check for SunOS5 LWP
+ AC_CHECK_HEADERS(thread.h synch.h)
+ if test $ac_cv_header_thread_h = yes &&
+ test $ac_cv_header_synch_h = yes ; then
+ AC_CHECK_LIB(thread, thr_create, [have_thr=yes], [have_thr=no])
+
+ if test $have_thr = yes ; then
+ AC_DEFINE(HAVE_THR,1,
+ [if you have Solaris LWP (thr) package])
+ LTHREAD_LIBS="$LTHREAD_LIBS -lthread"
+ ol_link_threads=thr
+
+ if test $ol_with_yielding_select = auto ; then
+ ol_with_yielding_select=yes
+ fi
+
+ dnl Check for setconcurreny functions
+ AC_CHECK_FUNCS( \
+ thr_setconcurrency \
+ thr_getconcurrency \
+ )
+ fi
+ fi
+
+ dnl check for SunOS4 LWP
+ AC_CHECK_HEADERS(lwp/lwp.h)
+ if test $ac_cv_header_lwp_lwp_h = yes ; then
+ AC_CHECK_LIB(lwp, lwp_create, [have_lwp=yes], [have_lwp=no])
+
+ if test $have_lwp = yes ; then
+ AC_DEFINE(HAVE_LWP,1,
+ [if you have SunOS LWP package])
+ LTHREAD_LIBS="$LTHREAD_LIBS -llwp"
+ ol_link_threads=lwp
+
+ if test $ol_with_yielding_select = auto ; then
+ ol_with_yielding_select=no
+ fi
+ fi
+ fi
+ ;;
+esac
+
+if test $ol_with_yielding_select = yes ; then
+ AC_DEFINE(HAVE_YIELDING_SELECT,1,
+ [define if select implicitly yields])
+fi
+
+if test $ol_with_threads = manual ; then
+ dnl User thinks he can manually configure threads.
+ ol_link_threads=yes
+
+ AC_MSG_WARN([thread defines and link options must be set manually])
+
+ AC_CHECK_HEADERS(pthread.h sched.h)
+ AC_CHECK_FUNCS(sched_yield pthread_yield)
+ OL_HEADER_LINUX_THREADS
+
+ AC_CHECK_HEADERS(mach/cthreads.h)
+ AC_CHECK_HEADERS(lwp/lwp.h)
+ AC_CHECK_HEADERS(thread.h synch.h)
+fi
+
+if test $ol_link_threads != no && test $ol_link_threads != nt ; then
+ dnl needed to get reentrant/threadsafe versions
+ dnl
+ AC_DEFINE(REENTRANT,1)
+ AC_DEFINE(_REENTRANT,1)
+ AC_DEFINE(THREAD_SAFE,1)
+ AC_DEFINE(_THREAD_SAFE,1)
+ AC_DEFINE(THREADSAFE,1)
+ AC_DEFINE(_THREADSAFE,1)
+ AC_DEFINE(_SGI_MP_SOURCE,1)
+
+ dnl The errno declaration may dependent upon _REENTRANT.
+ dnl If it does, we must link with thread support.
+ AC_CACHE_CHECK([for thread specific errno],
+ [ol_cv_errno_thread_specific], [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <errno.h>]], [[errno = 0;]])],[ol_cv_errno_thread_specific=yes],[ol_cv_errno_thread_specific=no])
+ ])
+
+ dnl The h_errno declaration may dependent upon _REENTRANT.
+ dnl If it does, we must link with thread support.
+ AC_CACHE_CHECK([for thread specific h_errno],
+ [ol_cv_h_errno_thread_specific], [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <netdb.h>]], [[h_errno = 0;]])],[ol_cv_h_errno_thread_specific=yes],[ol_cv_h_errno_thread_specific=no])
+ ])
+
+ if test $ol_cv_errno_thread_specific != yes ||
+ test $ol_cv_h_errno_thread_specific != yes ; then
+ LIBS="$LTHREAD_LIBS $LIBS"
+ LTHREAD_LIBS=""
+ fi
+
+dnl When in thread environment, use
+dnl #if defined( HAVE_REENTRANT_FUNCTIONS ) || defined( HAVE_FUNC_R )
+dnl func_r(...);
+dnl #else
+dnl # if defined( HAVE_THREADS )
+dnl /* lock */
+dnl # endif
+dnl func(...);
+dnl # if defined( HAVE_THREADS )
+dnl /* unlock */
+dnl # endif
+dnl #endif
+dnl
+dnl HAVE_REENTRANT_FUNCTIONS is derived from:
+dnl _POSIX_REENTRANT_FUNCTIONS
+dnl _POSIX_THREAD_SAFE_FUNCTIONS
+dnl _POSIX_THREADSAFE_FUNCTIONS
+dnl
+dnl and is currently defined in <ldap_pvt_thread.h>
+dnl
+dnl HAVE_THREADS is defined by <ldap_pvt_thread.h> iff -UNO_THREADS
+dnl
+dnl libldap/*.c should only include <ldap_pvt_thread.h> iff
+dnl LDAP_R_COMPILE is defined. ie:
+dnl #ifdef LDAP_R_COMPILE
+dnl # include <ldap_pvt_thread.h>
+dnl #endif
+dnl
+dnl LDAP_R_COMPILE is defined by libldap_r/Makefile.in
+dnl specifically for compiling the threadsafe version of
+dnl the ldap library (-lldap_r).
+dnl
+dnl dnl check for reentrant/threadsafe functions
+dnl dnl
+dnl dnl note: these should only be used when linking
+dnl dnl with $LTHREAD_LIBS
+dnl dnl
+dnl save_CPPFLAGS="$CPPFLAGS"
+dnl save_LIBS="$LIBS"
+dnl LIBS="$LTHREAD_LIBS $LIBS"
+dnl AC_CHECK_FUNCS( \
+dnl gmtime_r \
+dnl gethostbyaddr_r gethostbyname_r \
+dnl feof_unlocked unlocked_feof \
+dnl putc_unlocked unlocked_putc \
+dnl flockfile ftrylockfile \
+dnl )
+dnl CPPFLAGS="$save_CPPFLAGS"
+dnl LIBS="$save_LIBS"
+fi
+
+if test $ol_link_threads = no ; then
+ if test $ol_with_threads = yes ; then
+ AC_MSG_ERROR([no suitable thread support])
+ fi
+
+ if test $ol_with_threads = auto ; then
+ AC_MSG_WARN([no suitable thread support, disabling threads])
+ ol_with_threads=no
+ fi
+
+ AC_DEFINE(NO_THREADS,1,
+ [define if you have (or want) no threads])
+ LTHREAD_LIBS=""
+ BUILD_THREAD=no
+else
+ BUILD_THREAD=yes
+fi
+
+if test $ol_link_threads != no ; then
+ AC_DEFINE(LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE,1,
+ [define to 1 if library is thread safe])
+fi
+
+dnl ----------------------------------------------------------------
+dnl Tests for reentrant functions necessary to build -lldap_r
+AC_CHECK_FUNCS( \
+ ctime_r \
+ gethostbyname_r gethostbyaddr_r \
+)
+
+if test "$ac_cv_func_ctime_r" = no ; then
+ ol_cv_func_ctime_r_nargs=0
+else
+ OL_FUNC_CTIME_R_NARGS
+dnl OL_FUNC_CTIME_R_TYPE
+fi
+
+if test "$ac_cv_func_gethostbyname_r" = yes ; then
+ OL_FUNC_GETHOSTBYNAME_R_NARGS
+else
+ ol_cv_func_gethostbyname_r_nargs=0
+fi
+
+if test "$ac_cv_func_gethostbyaddr_r" = yes ; then
+ OL_FUNC_GETHOSTBYADDR_R_NARGS
+else
+ ol_cv_func_gethostbyaddr_r_nargs=0
+fi
+
+dnl ----------------------------------------------------------------
+ol_link_ldbm=no
+
+case $ol_enable_ldbm_api in auto | berkeley | bcompat)
+
+ if test $ol_enable_ldbm_api = bcompat; then \
+ OL_BERKELEY_COMPAT_DB
+ else
+ OL_BERKELEY_DB
+ fi
+
+ if test $ol_cv_berkeley_db != no ; then
+ AC_DEFINE(HAVE_BERKELEY_DB,1,
+ [define this if Berkeley DB is available])
+
+ ol_link_ldbm=berkeley
+ ol_enable_ldbm_api=berkeley
+
+ if test $ol_enable_ldbm_type = hash ; then
+ AC_DEFINE(LDBM_USE_DBHASH,1,
+ [define this to use DBHASH w/ LDBM backend])
+ else
+ AC_DEFINE(LDBM_USE_DBBTREE,1,
+ [define this to use DBBTREE w/ LDBM backend])
+ fi
+
+ dnl $ol_cv_lib_db should be yes or -ldb
+ dnl (it could be no, but that would be an error
+ if test $ol_cv_lib_db != yes ; then
+ LDBM_LIBS="$LDBM_LIBS $ol_cv_lib_db"
+ fi
+ fi
+ ;;
+esac
+
+if test $ol_enable_bdb/$ol_enable_hdb != no/no; then
+ if test $ol_link_ldbm != berkeley ; then
+ AC_MSG_ERROR(BDB/HDB: BerkeleyDB not available)
+ else
+ OL_BDB_COMPAT
+
+ if test $ol_cv_bdb_compat != yes ; then
+ AC_MSG_ERROR([BDB/HDB: BerkeleyDB version incompatible])
+ fi
+ fi
+fi
+
+if test $ol_link_ldbm = no && test $ol_enable_ldbm_type = btree ; then
+ AC_MSG_WARN([Could not find LDBM with BTREE support])
+ ol_enable_ldbm_api=none
+fi
+
+if test $ol_enable_ldbm_api = auto || test $ol_enable_ldbm_api = mdbm ; then
+ OL_MDBM
+
+ if test $ol_cv_mdbm = yes ; then
+ ol_link_ldbm=mdbm
+ ol_enable_ldbm_api=mdbm
+ if test $ol_cv_lib_mdbm != yes ; then
+ LDBM_LIBS="$LDBM_LIBS $ol_cv_lib_mdbm"
+ fi
+ fi
+fi
+
+if test $ol_enable_ldbm_api = auto || test $ol_enable_ldbm_api = gdbm ; then
+ OL_GDBM
+
+ if test $ol_cv_gdbm = yes ; then
+ ol_link_ldbm=gdbm
+ ol_enable_ldbm_api=gdbm
+
+ if test $ol_cv_lib_gdbm != yes ; then
+ LDBM_LIBS="$LDBM_LIBS $ol_cv_lib_gdbm"
+ fi
+ fi
+fi
+
+if test $ol_enable_ldbm_api = ndbm ; then
+ OL_NDBM
+
+ if test $ol_cv_ndbm = yes ; then
+ ol_link_ldbm=ndbm
+ ol_enable_ldbm_api=ndbm
+
+ if test $ol_cv_lib_ndbm != yes ; then
+ LDBM_LIBS="$LDBM_LIBS $ol_cv_lib_ndbm"
+ fi
+ fi
+fi
+
+if test $ol_link_ldbm = no && test $ol_enable_ldbm != no ; then
+ AC_MSG_ERROR([could not find suitable LDBM backend])
+fi
+
+if test $ol_enable_bdb = yes ||
+ test $ol_enable_hdb = yes ||
+ test $ol_enable_ldbm = yes ; then
+ SLAPD_LIBS="$SLAPD_LIBS \$(LDBM_LIBS)"
+fi
+
+dnl ----------------------------------------------------------------
+
+if test $ol_enable_dynamic = yes && test $enable_shared = yes ; then
+ BUILD_LIBS_DYNAMIC=shared
+ AC_DEFINE(LDAP_LIBS_DYNAMIC, 1, [define if LDAP libs are dynamic])
+ LTSTATIC=""
+else
+ BUILD_LIBS_DYNAMIC=static
+ LTSTATIC="-static"
+fi
+AC_SUBST(LTSTATIC)dnl
+
+dnl ----------------------------------------------------------------
+if test $ol_enable_wrappers != no ; then
+ AC_CHECK_HEADERS(tcpd.h,[
+ AC_MSG_CHECKING([for TCP wrappers library])
+ save_LIBS="$LIBS"
+ LIBS="$LIBS -lwrap"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <tcpd.h>
+int allow_severity = 0;
+int deny_severity = 0;
+
+struct request_info *req;
+ ]], [[
+hosts_access(req)
+ ]])],[AC_MSG_RESULT([-lwrap])
+ have_wrappers=yes
+ LIBS="$save_LIBS"],[
+ dnl try with -lnsl
+ LIBS="$LIBS -lnsl"
+ AC_TRY_LINK([
+#include <tcpd.h>
+int allow_severity = 0;
+int deny_severity = 0;
+
+struct request_info *req;
+ ],[
+hosts_access(req)
+ ],[AC_MSG_RESULT([-lwrap -lnsl])
+ have_wrappers=yes
+ LIBS="$save_LIBS -lnsl"],[
+ AC_MSG_RESULT(no)
+ have_wrappers=no
+ LIBS=$save_LIBS])])],[have_wrappers=no])
+
+ if test $have_wrappers = yes ; then
+ AC_DEFINE(HAVE_TCPD,1, [define if you have -lwrap])
+ WRAP_LIBS="-lwrap"
+ elif test $ol_enable_wrappers = yes ; then
+ AC_MSG_ERROR([could not find TCP wrappers, select apppropriate options or disable])
+ else
+ AC_MSG_WARN([could not find TCP wrappers, support disabled])
+ WRAP_LIBS=""
+ fi
+fi
+
+dnl ----------------------------------------------------------------
+if test $ol_enable_syslog != no ; then
+ AC_CHECK_FUNC(openlog)
+ if test $ac_cv_func_openlog = no && test $ol_enable_syslog = yes; then
+ AC_MSG_ERROR(could not find syslog, select appropriate options or disable)
+ fi
+ ol_enable_syslog=$ac_cv_func_openlog
+fi
+
+dnl ----------------------------------------------------------------
+dnl SQL
+ol_link_sql=no
+if test $ol_enable_sql != no ; then
+ AC_CHECK_HEADERS(sql.h sqlext.h,[],[
+ AC_MSG_ERROR([could not locate SQL headers])
+ ])
+
+ sql_LIBS="$LIBS"
+ LIBS="$LTHREAD_LIBS"
+
+ if test $ol_with_odbc = auto ; then
+ ol_with_odbc="iodbc unixodbc"
+ fi
+
+ for odbc in $ol_with_odbc ; do
+ if test $ol_link_sql = no ; then
+ case $odbc in
+ iodbc)
+ AC_CHECK_LIB(iodbc, SQLDriverConnect, [have_iodbc=yes], [have_iodbc=no])
+ if test $have_iodbc = yes ; then
+ ol_link_sql="-liodbc"
+ fi
+ ;;
+
+ unixodbc)
+ AC_CHECK_LIB(odbc, SQLDriverConnect, [have_odbc=yes], [have_odbc=no])
+ if test $have_odbc = yes ; then
+ ol_link_sql="-lodbc"
+ fi
+ ;;
+
+ *)
+ AC_MSG_ERROR([unknown ODBC library])
+ ;;
+ esac
+ fi
+ done
+
+ LIBS="$sql_LIBS"
+
+ if test $ol_link_sql != no ; then
+ SLAPD_SQL_LIBS="$ol_link_sql"
+
+ elif test $ol_enable_sql != auto ; then
+ AC_MSG_ERROR([could not locate suitable ODBC library])
+ fi
+fi
+
+dnl ----------------------------------------------------------------
+dnl
+dnl Check for Cyrus SASL
+dnl
+WITH_SASL=no
+ol_link_sasl=no
+ol_link_spasswd=no
+if test $ol_with_cyrus_sasl != no ; then
+ AC_CHECK_HEADERS(sasl/sasl.h sasl.h)
+
+ if test $ac_cv_header_sasl_sasl_h = yes ||
+ test $ac_cv_header_sasl_h = yes; then
+ AC_CHECK_LIB(sasl2, sasl_client_init,
+ [ol_link_sasl="-lsasl2"],
+ [AC_CHECK_LIB(sasl, sasl_client_init,
+ [ol_link_sasl="-lsasl"])])
+ fi
+
+ if test $ol_link_sasl = no ; then
+ if test $ol_with_cyrus_sasl != auto ; then
+ AC_MSG_ERROR([Could not locate Cyrus SASL])
+ else
+ AC_MSG_WARN([Could not locate Cyrus SASL])
+ AC_MSG_WARN([SASL authentication not supported!])
+ if test $ol_link_tls = no ; then
+ AC_MSG_WARN([Strong authentication not supported!])
+ fi
+ fi
+ else
+ OL_SASL_COMPAT
+ if test $ol_cv_sasl_compat = no ; then
+ ol_link_sasl=no
+ AC_MSG_ERROR([Cyrus SASL library located but is incompatible])
+ fi
+
+ AC_DEFINE(HAVE_CYRUS_SASL,1,[define if you have Cyrus SASL])
+ SASL_LIBS="$ol_link_sasl"
+ if test $ol_enable_spasswd != no ; then
+ ol_link_spasswd=yes
+ fi
+
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $ol_link_sasl"
+ AC_CHECK_FUNC(sasl_version, [AC_DEFINE(HAVE_SASL_VERSION,1,
+ [define if your SASL library has sasl_version()])])
+ LIBS="$ac_save_LIBS"
+
+ WITH_SASL=yes
+ fi
+
+else
+ AC_MSG_WARN([SASL authentication not supported!])
+ if test $ol_link_tls = no ; then
+ AC_MSG_WARN([Strong authentication not supported!])
+ fi
+fi
+
+dnl ----------------------------------------------------------------
+dnl Check for entropy sources
+if test $cross_compiling != yes && test "$ac_cv_mingw32" != yes ; then
+ dev=no
+ if test -r /dev/urandom ; then
+ dev="/dev/urandom";
+ elif test -r /idev/urandom ; then
+ dev="/idev/urandom";
+ elif test -r /dev/srandom ; then
+ dev="/dev/srandom";
+ elif test -r /dev/random ; then
+ dev="/dev/random";
+ elif test -r /idev/random ; then
+ dev="/idev/random";
+ fi
+
+ if test $dev != no ; then
+ AC_DEFINE_UNQUOTED(URANDOM_DEVICE,"$dev",[set to urandom device])
+ fi
+fi
+
+dnl ----------------------------------------------------------------
+dnl
+dnl Check for fetch URL support
+dnl should be extended to support other fetch URL APIs
+dnl
+ol_link_fetch=no
+if test $ol_with_fetch != no ; then
+ OL_LIB_FETCH
+
+ if test $ol_cv_lib_fetch != no ; then
+ LUTIL_LIBS="$LUTIL_LIBS $ol_link_fetch"
+ ol_link_fetch=freebsd
+
+ elif test $ol_with_fetch != auto ; then
+ AC_MSG_ERROR(no suitable API for --with-fetch=$ol_with_fetch)
+ fi
+fi
+
+dnl ----------------------------------------------------------------
+dnl FreeBSD (and others) have crypt(3) in -lcrypt
+if test $ol_enable_crypt != no ; then
+ save_LIBS="$LIBS"
+ LIBS="$TLS_LIBS $LIBS"
+
+ AC_CHECK_FUNC(crypt, [have_crypt=yes], [
+ LIBS="$save_LIBS"
+ AC_CHECK_LIB(crypt, crypt, [LUTIL_LIBS="$LUTIL_LIBS -lcrypt"
+ have_crypt=yes], [have_crypt=no])])
+
+ LIBS="$save_LIBS"
+
+ if test $have_crypt = yes ; then
+ AC_DEFINE(HAVE_CRYPT,1, [define if crypt(3) is available])
+ else
+ AC_MSG_WARN([could not find crypt])
+ if test $ol_enable_crypt = yes ; then
+ AC_MSG_ERROR([could not find crypt, select appropriate options or disable])
+ fi
+
+ AC_MSG_WARN([disabling crypt support])
+ ol_enable_crypt=no
+ fi
+fi
+
+dnl ----------------------------------------------------------------
+dnl FreeBSD (and others) have setproctitle(3) in -lutil
+if test $ol_enable_proctitle != no ; then
+ AC_CHECK_FUNC(setproctitle, [have_setproctitle=yes], [
+ AC_CHECK_LIB(util, setproctitle,
+ [have_setproctitle=yes
+ LUTIL_LIBS="$LUTIL_LIBS -lutil"],
+ [have_setproctitle=no
+ AC_LIBOBJ(setproctitle)
+ LIBSRCS="$LIBSRCS setproctitle.c"])])
+
+ if test $have_setproctitle = yes ; then
+ AC_DEFINE(HAVE_SETPROCTITLE,1,
+ [define if setproctitle(3) is available])
+ fi
+fi
+
+dnl ----------------------------------------------------------------
+if test $ol_enable_slp != no ; then
+ AC_CHECK_HEADERS( slp.h )
+
+ if test $ac_cv_header_slp_h = yes ; then
+ AC_CHECK_LIB(slp, SLPOpen, [have_slp=yes], [have_slp=no])
+ if test $have_slp = yes ; then
+ AC_DEFINE(HAVE_SLP, 1, [define if you have -lslp])
+ SLAPD_SLP_LIBS=-lslp
+ fi
+
+ elif test $ol_enable_slp = yes ; then
+ AC_MSG_ERROR([SLP not found])
+ fi
+fi
+
+dnl ----------------------------------------------------------------
+dnl Checks for typedefs, structures, and compiler characteristics.
+
+AC_CHECK_TYPE(mode_t, int)
+AC_CHECK_TYPE(off_t, long)
+AC_CHECK_TYPE(pid_t, int)
+AC_CHECK_TYPE(ssize_t, [signed int])
+AC_CHECK_TYPE(caddr_t, [char *])
+AC_CHECK_TYPE(size_t, unsigned)
+
+AC_CHECK_TYPES([long long])
+AC_CHECK_TYPES([ptrdiff_t])
+
+AC_CHECK_TYPE([socklen_t],,
+ [AC_DEFINE_UNQUOTED([socklen_t], [int],
+ [Define to `int' if <sys/socket.h> does not define.])],
+ [$ac_includes_default
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+ ])
+
+AC_TYPE_SIGNAL
+
+AC_CHECK_TYPE([sig_atomic_t],,
+ [AC_DEFINE_UNQUOTED([sig_atomic_t], [int],
+ [Define to `int' if <signal.h> does not define.])],
+ [$ac_includes_default
+#include <signal.h>
+ ])
+
+AC_TYPE_UID_T
+
+AC_HEADER_TIME
+AC_STRUCT_TM
+AC_CHECK_MEMBERS([struct stat.st_blksize])
+AC_CHECK_MEMBERS([struct passwd.pw_gecos],,,[$ac_includes_default
+#include <pwd.h>])
+AC_CHECK_MEMBERS([struct passwd.pw_passwd],,,[$ac_includes_default
+#include <pwd.h>])
+
+OL_C_UPPER_LOWER
+AC_C_CONST
+OL_C_VOLATILE
+
+if test $cross_compiling = yes ; then
+ AC_MSG_WARN([Crossing compiling... all bets are off!])
+ AC_DEFINE(CROSS_COMPILING, 1, [define if cross compiling])
+else
+ AC_C_BIGENDIAN
+fi
+
+AC_CHECK_SIZEOF(short)
+AC_CHECK_SIZEOF(int)
+AC_CHECK_SIZEOF(long)
+AC_CHECK_SIZEOF(long long)
+AC_CHECK_SIZEOF(wchar_t)
+
+if test "$ac_cv_sizeof_int" -lt 4 ; then
+ AC_MSG_WARN([OpenLDAP requires 'int' to be 32 bits or greater.])
+
+ AC_DEFINE(LBER_INT_T,long,[define to 32-bit or greater integer type])
+else
+ AC_DEFINE(LBER_INT_T,int,[define to 32-bit or greater integer type])
+fi
+
+AC_DEFINE(LBER_LEN_T,long,[define to large integer type])
+AC_DEFINE(LBER_SOCKET_T,int,[define to socket descriptor type])
+AC_DEFINE(LBER_TAG_T,long,[define to large integer type])
+
+dnl ----------------------------------------------------------------
+dnl Check for multiple precision support
+if test $ol_with_mp = longlong || test $ol_with_mp = auto ; then
+ if test $ac_cv_sizeof_long_long -gt 4 ; then
+ ol_with_mp=longlong
+ AC_DEFINE(USE_MP_LONG_LONG,1,[define to use 'long long' for MP])
+ elif test $ol_with_mp = longlong ; then
+ AC_MSG_ERROR([long long unusable for multiple precision])
+ fi
+fi
+if test $ol_with_mp = long || test $ol_with_mp = auto ; then
+ if test $ac_cv_sizeof_long -gt 4 ; then
+ ol_with_mp=long
+ AC_DEFINE(USE_MP_LONG,1,[define to use 'long' for MP])
+ elif test $ol_with_mp = long ; then
+ AC_MSG_ERROR([long unusable for multiple precision])
+ fi
+fi
+if test $ol_with_mp = bignum || test $ol_with_mp = auto ; then
+ AC_CHECK_HEADERS(openssl/bn.h)
+ AC_CHECK_HEADERS(openssl/crypto.h)
+ if test "$ac_cv_header_openssl_bn_h" = "yes" &&
+ test "$ac_cv_header_openssl_crypto_h" = "yes" &&
+ test "$ol_with_tls" = "found" ; then
+ ol_with_mp=bignum
+ AC_DEFINE(USE_MP_BIGNUM,1,[define to use OpenSSL BIGNUM for MP])
+ elif test $ol_with_mp = bignum ; then
+ AC_MSG_ERROR([bignum not available])
+ fi
+fi
+if test $ol_with_mp = gmp || test $ol_with_mp = auto ; then
+ AC_CHECK_HEADERS(gmp.h)
+ AC_CHECK_LIB(gmp, __gmpz_add_ui)
+ if test $ac_cv_header_gmp_h = yes && test $ac_cv_lib_gmp___gmpz_add_ui = yes ; then
+ AC_DEFINE(USE_MP_GMP,1,[define to use GMP for MP])
+ ol_with_mp=gmp
+ elif test $ol_with_mp = gmp ; then
+ AC_MSG_ERROR([gmp not available])
+ fi
+fi
+if test $ol_with_mp = auto ; then
+ ol_with_mp=no
+fi
+
+dnl ----------------------------------------------------------------
+dnl Checks for library functions.
+AC_FUNC_MEMCMP
+
+if test $ac_cv_func_memcmp_working = no ; then
+ AC_DEFINE(NEED_MEMCMP_REPLACEMENT,1,
+ [define if memcmp is not 8-bit clean or is otherwise broken])
+fi
+
+AC_FUNC_STRFTIME
+
+OL_FUNC_INET_ATON
+
+dnl Check for NT specific routines
+AC_CHECK_FUNC(_spawnlp, AC_DEFINE(HAVE_SPAWNLP,1,[if you have spawnlp()]))
+
+AC_CHECK_FUNC(_snprintf, [ac_cv_func_snprintf=yes
+ AC_DEFINE(snprintf, _snprintf, [define to snprintf routine])
+])
+
+AC_CHECK_FUNC(_vsnprintf, [ac_cv_func_vsnprintf=yes
+ AC_DEFINE(vsnprintf, _vsnprintf, [define to vsnprintf routine])
+])
+
+AC_FUNC_VPRINTF
+
+if test $ac_cv_func_vprintf = yes ; then
+ dnl check for vsnprintf
+ AC_CHECK_FUNCS(snprintf vsnprintf)
+fi
+
+AC_CHECK_FUNCS( \
+ bcopy \
+ closesocket \
+ chroot \
+ endgrent \
+ endpwent \
+ fcntl \
+ flock \
+ fstat \
+ getdtablesize \
+ getgrgid \
+ gethostname \
+ getpass \
+ getpassphrase \
+ getpwuid \
+ getpwnam \
+ getspnam \
+ gettimeofday \
+ initgroups \
+ inet_ntoa_b \
+ lockf \
+ memcpy \
+ memmove \
+ memrchr \
+ mkstemp \
+ mktemp \
+ pipe \
+ read \
+ recv \
+ recvfrom \
+ setpwfile \
+ setgid \
+ setegid \
+ setsid \
+ setuid \
+ seteuid \
+ signal \
+ strdup \
+ strpbrk \
+ strrchr \
+ strsep \
+ strstr \
+ strtol \
+ strtoul \
+ strtoq \
+ strtouq \
+ strtoll \
+ strspn \
+ sysconf \
+ waitpid \
+ wait4 \
+ write \
+ send \
+ sendmsg \
+ sendto \
+)
+
+dnl We actually may need to replace more than this.
+AC_REPLACE_FUNCS(getopt getpeereid)
+
+if test "$ac_cv_func_getopt" != yes; then
+ LIBSRCS="$LIBSRCS getopt.c"
+fi
+if test "$ac_cv_func_getpeereid" != yes; then
+ AC_CHECK_MEMBERS([struct msghdr.msg_accrightslen],,,
+ [$ac_includes_default
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif])
+ if test "$ac_cv_member_struct_msghdr_msg_accrightslen" != yes; then
+ AC_CHECK_MEMBERS([struct msghdr.msg_control],,,
+ [$ac_includes_default
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif])
+ fi
+ LIBSRCS="$LIBSRCS getpeereid.c"
+fi
+if test "$ac_cv_func_snprintf" != yes ||
+ test "$ac_cv_func_vsnprintf" != yes; then
+ if test "$ac_cv_func_snprintf" != yes; then
+ AC_DEFINE(snprintf, ber_pvt_snprintf, [define to snprintf routine])
+ fi
+ if test "$ac_cv_func_vsnprintf" != yes; then
+ AC_DEFINE(vsnprintf, ber_pvt_vsnprintf, [define to snprintf routine])
+ fi
+fi
+
+dnl ----------------------------------------------------------------
+dnl Sort out defines
+
+if test "$ol_enable_slapi" != no ; then
+ dnl This check is done also if --enable-modules is used;
+ dnl it is duplicated here, 'cause it'd be cached anyway
+ AC_CHECK_HEADERS(ltdl.h)
+
+ if test $ac_cv_header_ltdl_h != yes ; then
+ AC_MSG_ERROR([could not locate <ltdl.h>])
+ fi
+ AC_CHECK_LIB(ltdl, lt_dlinit, [
+ SLAPI_LIBS=-lltdl
+ LIBSLAPI=libslapi.a
+ LIBSLAPITOOLS=../libslapi.a
+ AC_DEFINE(HAVE_LIBLTDL,1,[define if you have libtool -ltdl])
+ ],[AC_MSG_ERROR([could not locate libtool -lltdl])])
+
+ AC_DEFINE(LDAP_SLAPI,1, [define this to add SLAPI code])
+fi
+
+if test "$ol_enable_debug" != no ; then
+ AC_DEFINE(LDAP_DEBUG,1,
+ [define this to add debugging code])
+fi
+if test "$ol_enable_syslog" = yes ; then
+ AC_DEFINE(LDAP_SYSLOG,1,
+ [define this to add syslog code])
+fi
+if test "$ol_link_kbind" != no ; then
+ AC_DEFINE(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND,LDAP_VENDOR_VERSION,
+ [define to LDAP VENDOR VERSION])
+fi
+if test "$ol_enable_proctitle" != no ; then
+ AC_DEFINE(LDAP_PROCTITLE,1,
+ [define this for LDAP process title support])
+fi
+if test "$ol_enable_referrals" != no ; then
+ AC_DEFINE(LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS,LDAP_VENDOR_VERSION,
+ [define to LDAP VENDOR VERSION])
+fi
+if test "$ol_enable_local" != no; then
+ AC_DEFINE(LDAP_PF_LOCAL,1,[define to support PF_LOCAL])
+fi
+if test "$ol_link_ipv6" != no; then
+ AC_DEFINE(LDAP_PF_INET6,1,[define to support PF_INET6])
+fi
+if test "$ol_enable_cleartext" != no ; then
+ AC_DEFINE(SLAPD_CLEARTEXT,1,[define to support cleartext passwords])
+fi
+if test "$ol_enable_crypt" != no ; then
+ AC_DEFINE(SLAPD_CRYPT,1,[define to support crypt(3) passwords])
+fi
+if test "$ol_link_spasswd" != no ; then
+ AC_DEFINE(SLAPD_SPASSWD,1,[define to support SASL passwords])
+fi
+if test "$ol_enable_multimaster" != no ; then
+ AC_DEFINE(SLAPD_MULTIMASTER,1,[define to support multimaster replication])
+fi
+if test "$ol_enable_rlookups" != no ; then
+ AC_DEFINE(SLAPD_RLOOKUPS,1,[define to support reverse lookups])
+fi
+if test "$ol_enable_aci" != no ; then
+ AC_DEFINE(SLAPD_ACI_ENABLED,1,[define to support per-object ACIs])
+ WITH_ACI_ENABLED=yes
+else
+ WITH_ACI_ENABLED=no
+fi
+
+if test "$ol_link_modules" != no ; then
+ AC_DEFINE(SLAPD_MODULES,1,[define to support modules])
+ BUILD_SLAPD=yes
+ SLAPD_MODULES_LDFLAGS="-dlopen self"
+fi
+
+AC_DEFINE(SLAPD_MOD_STATIC,1,[statically linked module])
+AC_DEFINE(SLAPD_MOD_DYNAMIC,2,[dynamically linked module])
+
+if test "$ol_enable_bdb" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_BDB=$ol_enable_bdb
+ if test "$ol_enable_bdb" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-bdb"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-bdb"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_BDB,$MFLAG,[define to support BDB backend])
+fi
+
+if test "$ol_enable_dnssrv" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_DNSSRV=$ol_enable_dnssrv
+ if test "$ol_enable_dnssrv" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-dnssrv"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-dnssrv"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_DNSSRV,$MFLAG,[define to support DNS SRV backend])
+fi
+
+if test "$ol_enable_hdb" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_HDB=$ol_enable_hdb
+ if test "$ol_enable_hdb" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-hdb"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-hdb"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_HDB,$MFLAG,[define to support HDB backend])
+fi
+
+if test "$ol_enable_ldap" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_LDAP=$ol_enable_ldap
+ if test "$ol_enable_ldap" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-ldap"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-ldap"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_LDAP,$MFLAG,[define to support LDAP backend])
+fi
+
+if test "$ol_link_ldbm" != no && test $ol_enable_ldbm != no; then
+ BUILD_SLAPD=yes
+ BUILD_LDBM=$ol_enable_ldbm
+ if test "$ol_enable_ldbm" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-ldbm"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-ldbm"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_LDBM,$MFLAG,[define to support LDBM backend])
+fi
+
+if test "$ol_enable_meta" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_META=$ol_enable_meta
+ BUILD_REWRITE=yes
+ if test "$ol_enable_meta" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-meta"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-meta"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_META,$MFLAG,[define to support LDAP Metadirectory backend])
+fi
+
+if test "$ol_enable_monitor" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_MONITOR=$ol_enable_monitor
+ if test "$ol_enable_monitor" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-monitor"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-monitor"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_MONITOR,$MFLAG,[define to support cn=Monitor backend])
+fi
+
+if test "$ol_enable_null" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_NULL=$ol_enable_null
+ if test "$ol_enable_null" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-null"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-null"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_NULL,$MFLAG,[define to support NULL backend])
+fi
+
+if test "$ol_enable_passwd" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_PASSWD=$ol_enable_passwd
+ if test "$ol_enable_passwd" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-passwd"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-passwd"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_PASSWD,$MFLAG,[define to support PASSWD backend])
+fi
+
+if test "$ol_link_perl" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_PERL=$ol_enable_perl
+ if test "$ol_enable_perl" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-perl"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-perl"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_PERL,$MFLAG,[define to support PERL backend])
+fi
+
+if test "$ol_enable_relay" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_RELAY=$ol_enable_relay
+ if test "$ol_enable_relay" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-relay"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-relay"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_RELAY,$MFLAG,[define to support relay backend])
+fi
+
+if test "$ol_enable_shell" != no ; then
+ if test "$ol_link_threads" != no ; then
+ AC_MSG_WARN([Use of --without-threads is recommended with back-shell])
+ fi
+ BUILD_SLAPD=yes
+ BUILD_SHELL=$ol_enable_shell
+ if test "$ol_enable_shell" = mod ; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-shell"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-shell"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_SHELL,$MFLAG,[define to support SHELL backend])
+fi
+
+if test "$ol_link_sql" != no ; then
+ BUILD_SLAPD=yes
+ BUILD_SQL=$ol_enable_sql
+ if test "$ol_enable_sql" = mod; then
+ SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-sql"
+ MFLAG=SLAPD_MOD_DYNAMIC
+ else
+ SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-sql"
+ MFLAG=SLAPD_MOD_STATIC
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_SQL,$MFLAG,[define to support SQL backend])
+fi
+
+if test "$ol_enable_accesslog" != no ; then
+ BUILD_ACCESSLOG=$ol_enable_accesslog
+ if test "$ol_enable_accesslog" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS accesslog.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS accesslog.o"
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_OVER_ACCESSLOG,$MFLAG,[define for In-Directory Access Logging overlay])
+fi
+
+if test "$ol_enable_auditlog" != no ; then
+ BUILD_AUDITLOG=$ol_enable_auditlog
+ if test "$ol_enable_auditlog" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS auditlog.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS auditlog.o"
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_OVER_AUDITLOG,$MFLAG,[define for Audit Logging overlay])
+fi
+
+if test "$ol_enable_denyop" != no ; then
+ BUILD_DENYOP=$ol_enable_denyop
+ if test "$ol_enable_denyop" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS denyop.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS denyop.o"
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_OVER_DENYOP,$MFLAG,[define for Deny Operation overlay])
+fi
+
+if test "$ol_enable_dyngroup" != no ; then
+ BUILD_DYNGROUP=$ol_enable_dyngroup
+ if test "$ol_enable_dyngroup" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS dyngroup.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS dyngroup.o"
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_OVER_DYNGROUP,$MFLAG,[define for Dynamic Group overlay])
+fi
+
+if test "$ol_enable_dynlist" != no ; then
+ BUILD_DYNLIST=$ol_enable_dynlist
+ if test "$ol_enable_dynlist" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS dynlist.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS dynlist.o"
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_OVER_DYNLIST,$MFLAG,[define for Dynamic List overlay])
+fi
+
+if test "$ol_enable_lastmod" != no ; then
+ BUILD_LASTMOD=$ol_enable_lastmod
+ if test "$ol_enable_lastmod" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS lastmod.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS lastmod.o"
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_OVER_LASTMOD,$MFLAG,[define for Last Modification overlay])
+fi
+
+if test "$ol_enable_ppolicy" != no ; then
+ BUILD_PPOLICY=$ol_enable_ppolicy
+ if test "$ol_enable_ppolicy" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS ppolicy.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS ppolicy.o"
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_OVER_PPOLICY,$MFLAG,[define for Password Policy overlay])
+fi
+
+if test "$ol_enable_proxycache" != no ; then
+ BUILD_PROXYCACHE=$ol_enable_proxycache
+ if test "$ol_enable_proxycache" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS pcache.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS pcache.o"
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_OVER_PROXYCACHE,$MFLAG,[define for Proxy Cache overlay])
+fi
+
+if test "$ol_enable_refint" != no ; then
+ BUILD_REFINT=$ol_enable_refint
+ if test "$ol_enable_refint" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS refint.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS refint.o"
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_OVER_REFINT,$MFLAG,[define for Referential Integrity overlay])
+fi
+
+if test "$ol_enable_retcode" != no ; then
+ BUILD_RETCODE=$ol_enable_retcode
+ if test "$ol_enable_retcode" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS retcode.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS retcode.o"
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_OVER_RETCODE,$MFLAG,[define for Referential Integrity overlay])
+fi
+
+if test "$ol_enable_rwm" != no ; then
+ BUILD_REWRITE=yes
+ BUILD_RWM=$ol_enable_rwm
+ if test "$ol_enable_rwm" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS rwm.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS rwm_x.o"
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_OVER_RWM,$MFLAG,[define for Rewrite/Remap overlay])
+fi
+
+if test "$ol_enable_syncprov" != no ; then
+ BUILD_SYNCPROV=$ol_enable_syncprov
+ if test "$ol_enable_syncprov" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS syncprov.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS syncprov.o"
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_OVER_SYNCPROV,$MFLAG,[define for Syncrepl Provider overlay])
+fi
+
+if test "$ol_enable_translucent" != no ; then
+ BUILD_TRANSLUCENT=$ol_enable_translucent
+ if test "$ol_enable_translucent" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS translucent.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS translucent.o"
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_OVER_TRANSLUCENT,$MFLAG,[define for Translucent Proxy overlay])
+fi
+
+if test "$ol_enable_unique" != no ; then
+ BUILD_UNIQUE=$ol_enable_unique
+ if test "$ol_enable_unique" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS unique.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS unique.o"
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_OVER_UNIQUE,$MFLAG,[define for Attribute Uniqueness overlay])
+fi
+
+if test "$ol_enable_valsort" != no ; then
+ BUILD_VALSORT=$ol_enable_valsort
+ if test "$ol_enable_valsort" = mod ; then
+ MFLAG=SLAPD_MOD_DYNAMIC
+ SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS valsort.la"
+ else
+ MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS valsort.o"
+ fi
+ AC_DEFINE_UNQUOTED(SLAPD_OVER_VALSORT,$MFLAG,[define for Value Sorting overlay])
+fi
+
+if test "$ol_enable_slurpd" != no &&
+ test "$ol_link_threads" != no &&
+ test $BUILD_SLAPD = yes ; then
+ BUILD_SLURPD=yes
+fi
+
+if test "$ol_enable_rewrite" != no ; then
+ AC_DEFINE(ENABLE_REWRITE,1,[define to enable rewriting in back-ldap and back-meta])
+ BUILD_REWRITE=yes
+fi
+
+if test "$ol_enable_slapi" != no ; then
+ AC_DEFINE(ENABLE_SLAPI,1,[define to enable slapi library])
+ BUILD_SLAPI=yes
+ SLAPD_SLAPI_DEPEND=libslapi.a
+fi
+
+dnl ----------------------------------------------------------------
+
+dnl
+dnl For Windows build, we don't want to include -dlopen flags.
+dnl They hurt more than they help.
+dnl
+
+if test "$ac_cv_mingw32" = yes ; then
+ PLAT=NT
+ SLAPD_MODULES_LDFLAGS=
+else
+ PLAT=UNIX
+fi
+
+AC_SUBST(LIBSRCS)
+AC_SUBST(PLAT)
+AC_SUBST(WITH_SASL)
+AC_SUBST(WITH_TLS)
+AC_SUBST(WITH_MODULES_ENABLED)
+AC_SUBST(WITH_ACI_ENABLED)
+AC_SUBST(BUILD_THREAD)
+AC_SUBST(BUILD_LIBS_DYNAMIC)
+
+AC_SUBST(BUILD_SLAPD)
+dnl slapi
+ AC_SUBST(BUILD_SLAPI)
+ AC_SUBST(SLAPD_SLAPI_DEPEND)
+dnl backends
+ AC_SUBST(BUILD_BDB)
+ AC_SUBST(BUILD_DNSSRV)
+ AC_SUBST(BUILD_HDB)
+ AC_SUBST(BUILD_LDAP)
+ AC_SUBST(BUILD_LDBM)
+ AC_SUBST(BUILD_META)
+ AC_SUBST(BUILD_MONITOR)
+ AC_SUBST(BUILD_NULL)
+ AC_SUBST(BUILD_PASSWD)
+ AC_SUBST(BUILD_RELAY)
+ AC_SUBST(BUILD_PERL)
+ AC_SUBST(BUILD_SHELL)
+ AC_SUBST(BUILD_SQL)
+dnl overlays
+ AC_SUBST(BUILD_ACCESSLOG)
+ AC_SUBST(BUILD_AUDITLOG)
+ AC_SUBST(BUILD_DENYOP)
+ AC_SUBST(BUILD_DYNGROUP)
+ AC_SUBST(BUILD_DYNLIST)
+ AC_SUBST(BUILD_LASTMOD)
+ AC_SUBST(BUILD_PPOLICY)
+ AC_SUBST(BUILD_PROXYCACHE)
+ AC_SUBST(BUILD_REFINT)
+ AC_SUBST(BUILD_RETCODE)
+ AC_SUBST(BUILD_RWM)
+ AC_SUBST(BUILD_SYNCPROV)
+ AC_SUBST(BUILD_TRANSLUCENT)
+ AC_SUBST(BUILD_UNIQUE)
+ AC_SUBST(BUILD_VALSORT)
+AC_SUBST(BUILD_SLURPD)
+
+AC_SUBST(LDAP_LIBS)
+AC_SUBST(SLAPD_LIBS)
+AC_SUBST(SLURPD_LIBS)
+AC_SUBST(LDBM_LIBS)
+AC_SUBST(LTHREAD_LIBS)
+AC_SUBST(LUTIL_LIBS)
+AC_SUBST(WRAP_LIBS)
+
+AC_SUBST(SLAPD_MODULES_CPPFLAGS)
+AC_SUBST(SLAPD_MODULES_LDFLAGS)
+
+AC_SUBST(SLAPD_NO_STATIC)
+AC_SUBST(SLAPD_STATIC_BACKENDS)
+AC_SUBST(SLAPD_DYNAMIC_BACKENDS)
+AC_SUBST(SLAPD_STATIC_OVERLAYS)
+AC_SUBST(SLAPD_DYNAMIC_OVERLAYS)
+
+AC_SUBST(PERL_CPPFLAGS)
+AC_SUBST(SLAPD_PERL_LDFLAGS)
+AC_SUBST(MOD_PERL_LDFLAGS)
+
+AC_SUBST(KRB4_LIBS)
+AC_SUBST(KRB5_LIBS)
+AC_SUBST(SASL_LIBS)
+AC_SUBST(TLS_LIBS)
+AC_SUBST(MODULES_LIBS)
+AC_SUBST(SLAPI_LIBS)
+AC_SUBST(LIBSLAPI)
+AC_SUBST(LIBSLAPITOOLS)
+AC_SUBST(AUTH_LIBS)
+
+AC_SUBST(SLAPD_SLP_LIBS)
+AC_SUBST(SLAPD_GMP_LIBS)
+
+AC_SUBST(SLAPD_SQL_LDFLAGS)
+AC_SUBST(SLAPD_SQL_LIBS)
+AC_SUBST(SLAPD_SQL_INCLUDES)
+
+dnl ----------------------------------------------------------------
+dnl final help output
+AC_ARG_WITH(xxinstall,[
+See INSTALL file for further details.])
+
+dnl ----------------------------------------------------------------
+dnl final output
+dnl
+
+AC_CONFIG_FILES([Makefile:build/top.mk:Makefile.in:build/dir.mk]
+[doc/Makefile:build/top.mk:doc/Makefile.in:build/dir.mk]
+[doc/man/Makefile:build/top.mk:doc/man/Makefile.in:build/dir.mk]
+[doc/man/man1/Makefile:build/top.mk:doc/man/man1/Makefile.in:build/man.mk]
+[doc/man/man3/Makefile:build/top.mk:doc/man/man3/Makefile.in:build/man.mk]
+[doc/man/man5/Makefile:build/top.mk:doc/man/man5/Makefile.in:build/man.mk]
+[doc/man/man8/Makefile:build/top.mk:doc/man/man8/Makefile.in:build/man.mk]
+[clients/Makefile:build/top.mk:clients/Makefile.in:build/dir.mk]
+[clients/tools/Makefile:build/top.mk:clients/tools/Makefile.in:build/rules.mk]
+[include/Makefile:build/top.mk:include/Makefile.in]
+[libraries/Makefile:build/top.mk:libraries/Makefile.in:build/dir.mk]
+[libraries/liblber/Makefile:build/top.mk:libraries/liblber/Makefile.in:build/lib.mk:build/lib-shared.mk]
+[libraries/libldap/Makefile:build/top.mk:libraries/libldap/Makefile.in:build/lib.mk:build/lib-shared.mk]
+[libraries/libldap_r/Makefile:build/top.mk:libraries/libldap_r/Makefile.in:build/lib.mk:build/lib-shared.mk]
+[libraries/liblunicode/Makefile:build/top.mk:libraries/liblunicode/Makefile.in:build/lib.mk:build/lib-static.mk]
+[libraries/liblutil/Makefile:build/top.mk:libraries/liblutil/Makefile.in:build/lib.mk:build/lib-static.mk]
+[libraries/librewrite/Makefile:build/top.mk:libraries/librewrite/Makefile.in:build/lib.mk:build/lib-static.mk]
+[servers/Makefile:build/top.mk:servers/Makefile.in:build/dir.mk]
+[servers/slapd/Makefile:build/top.mk:servers/slapd/Makefile.in:build/srv.mk]
+[servers/slapd/back-bdb/Makefile:build/top.mk:servers/slapd/back-bdb/Makefile.in:build/mod.mk]
+[servers/slapd/back-dnssrv/Makefile:build/top.mk:servers/slapd/back-dnssrv/Makefile.in:build/mod.mk]
+[servers/slapd/back-hdb/Makefile:build/top.mk:servers/slapd/back-hdb/Makefile.in:build/mod.mk]
+[servers/slapd/back-ldap/Makefile:build/top.mk:servers/slapd/back-ldap/Makefile.in:build/mod.mk]
+[servers/slapd/back-ldbm/Makefile:build/top.mk:servers/slapd/back-ldbm/Makefile.in:build/mod.mk]
+[servers/slapd/back-ldif/Makefile:build/top.mk:servers/slapd/back-ldif/Makefile.in:build/mod.mk]
+[servers/slapd/back-meta/Makefile:build/top.mk:servers/slapd/back-meta/Makefile.in:build/mod.mk]
+[servers/slapd/back-monitor/Makefile:build/top.mk:servers/slapd/back-monitor/Makefile.in:build/mod.mk]
+[servers/slapd/back-null/Makefile:build/top.mk:servers/slapd/back-null/Makefile.in:build/mod.mk]
+[servers/slapd/back-passwd/Makefile:build/top.mk:servers/slapd/back-passwd/Makefile.in:build/mod.mk]
+[servers/slapd/back-perl/Makefile:build/top.mk:servers/slapd/back-perl/Makefile.in:build/mod.mk]
+[servers/slapd/back-relay/Makefile:build/top.mk:servers/slapd/back-relay/Makefile.in:build/mod.mk]
+[servers/slapd/back-shell/Makefile:build/top.mk:servers/slapd/back-shell/Makefile.in:build/mod.mk]
+[servers/slapd/back-sql/Makefile:build/top.mk:servers/slapd/back-sql/Makefile.in:build/mod.mk]
+[servers/slapd/shell-backends/Makefile:build/top.mk:servers/slapd/shell-backends/Makefile.in:build/srv.mk]
+[servers/slapd/slapi/Makefile:build/top.mk:servers/slapd/slapi/Makefile.in:build/lib.mk:build/lib-shared.mk]
+[servers/slapd/overlays/Makefile:build/top.mk:servers/slapd/overlays/Makefile.in:build/lib.mk]
+[servers/slurpd/Makefile:build/top.mk:servers/slurpd/Makefile.in:build/srv.mk]
+[tests/Makefile:build/top.mk:tests/Makefile.in:build/dir.mk]
+[tests/run]
+[tests/progs/Makefile:build/top.mk:tests/progs/Makefile.in:build/rules.mk])
+
+AC_CONFIG_COMMANDS([default],[[
+chmod +x tests/run
+date > stamp-h
+BACKENDSC="servers/slapd/backends.c"
+echo "Making $BACKENDSC"
+rm -f $BACKENDSC
+cat > $BACKENDSC << ENDX
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This file is automatically generated by configure; please do not edit. */
+
+#include "portable.h"
+#include "slap.h"
+
+ENDX
+if test "${STATIC_BACKENDS}"; then
+ for b in config ${STATIC_BACKENDS}; do
+ bb=`echo "${b}" | sed -e 's/back-//'`
+ cat >> $BACKENDSC << ENDX
+extern BI_init ${bb}_back_initialize;
+ENDX
+ done
+
+ cat >> $BACKENDSC << ENDX
+
+BackendInfo slap_binfo[] = {
+ENDX
+
+ for b in config ${STATIC_BACKENDS}; do
+ bb=`echo "${b}" | sed -e 's/back-//'`
+ echo " Add ${bb} ..."
+ cat >> $BACKENDSC << ENDX
+ { "${bb}", ${bb}_back_initialize },
+ENDX
+ done
+
+ cat >> $BACKENDSC << ENDX
+ { NULL, NULL },
+};
+
+/* end of generated file */
+ENDX
+fi
+OVERLAYSC="servers/slapd/overlays/statover.c"
+echo "Making $OVERLAYSC"
+rm -f $OVERLAYSC
+cat > $OVERLAYSC << ENDX
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This file is automatically generated by configure; please do not edit. */
+
+#include "portable.h"
+#include "slap.h"
+
+ENDX
+if test "${STATIC_OVERLAYS}"; then
+ for o in ${STATIC_OVERLAYS}; do
+ oo=`echo "${o}" | sed -e 's/.o$//' -e 's/_x$//'`
+ cat >> $OVERLAYSC << ENDX
+extern OV_init ${oo}_initialize;
+ENDX
+ done
+fi
+
+cat >> $OVERLAYSC << ENDX
+
+OverlayInit slap_oinfo[] = {
+ENDX
+
+if test "${STATIC_OVERLAYS}"; then
+ for o in ${STATIC_OVERLAYS}; do
+ oo=`echo "${o}" | sed -e 's/.o$//' -e 's/_x$//'`
+ echo " Add ${oo} ..."
+ cat >> $OVERLAYSC << ENDX
+ { "${oo}", ${oo}_initialize },
+ENDX
+ done
+fi
+
+ cat >> $OVERLAYSC << ENDX
+ { NULL, NULL },
+};
+
+/* end of generated file */
+ENDX
+
+echo Please run \"make depend\" to build dependencies
+]],[[
+STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS"
+STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS"
+]])
+AC_OUTPUT
Added: openldap/vendor/openldap-2.3.35/contrib/README
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,27 @@
+OpenLDAP Contributed Software README
+
+OpenLDAP Project provides a number of freely-distributable LDAP
+software packages. Though distributed with OpenLDAP Software, they
+are not part of OpenLDAP Software. Some packages may be out of
+date. Each package in this directory has it's own use and
+redistribution restrictions as documented within the package.
+
+Current contributions:
+ ldapc++
+ LDAP C++ API
+ Contributed by SuSE Gmbh.
+
+ slapd-modules
+ Native modules
+
+ slapd-tools
+ Tools to use with slapd
+
+ slapi-plugins
+ SLAPI plugins
+
+
+OpenLDAP Contributing Guidelines are available at:
+ <http://www.openldap.org/devel/contributing.html>.
+
+$OpenLDAP: pkg/ldap/contrib/README,v 1.14.2.6 2005/04/29 21:28:59 kurt Exp $
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/AUTHORS
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/AUTHORS (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/AUTHORS 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1 @@
+Ralf Haferkamp <rhafer at suse.de>
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/COPYRIGHT
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/COPYRIGHT (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/COPYRIGHT 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,37 @@
+Copyright 1998-2007 The OpenLDAP Foundation
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License. A copy of this license is available at
+http://www.OpenLDAP.org/license.html or in file LICENSE in the
+top-level directory of the distribution.
+
+OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+Individual files and/or contributed packages may be copyright by
+other parties and subject to additional restrictions.
+
+This work is derived from the University of Michigan LDAP v3.3
+distribution. Information concerning this software is available
+at: http://www.umich.edu/~dirsvcs/ldap/
+
+This work also contains materials derived from public sources.
+
+Additional Information about OpenLDAP can be obtained at:
+ http://www.openldap.org/
+
+or by sending e-mail to:
+ info at OpenLDAP.org
+
+---
+
+Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+All rights reserved.
+
+Redistribution and use in source and binary forms are permitted
+provided that this notice is preserved and that due credit is given
+to the University of Michigan at Ann Arbor. The name of the University
+may not be used to endorse or promote products derived from this
+software without specific prior written permission. This software
+is provided ``as is'' without express or implied warranty.
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/LICENSE
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/LICENSE (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/LICENSE 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,47 @@
+The OpenLDAP Public License
+ Version 2.7, 7 September 2001
+
+Redistribution and use of this software and associated documentation
+("Software"), with or without modification, are permitted provided
+that the following conditions are met:
+
+1. Redistributions of source code must retain copyright statements
+ and notices,
+
+2. Redistributions in binary form must reproduce applicable copyright
+ statements and notices, this list of conditions, and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution, and
+
+3. Redistributions must contain a verbatim copy of this document.
+
+The OpenLDAP Foundation may revise this license from time to time.
+Each revision is distinguished by a version number. You may use
+this Software under terms of this license revision or under the
+terms of any subsequent revision of the license.
+
+THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
+CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S)
+OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+The names of the authors and copyright holders must not be used in
+advertising or otherwise to promote the sale, use or other dealing
+in this Software without specific, written prior permission. Title
+to copyright in this Software shall at all times remain with
+copyright holders.
+
+OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+Copyright 1999-2003 The OpenLDAP Foundation, Redwood City,
+California, USA. All Rights Reserved. Permission to copy and
+distribute verbatim copies of this document is granted.
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/Makefile.am
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/Makefile.am (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/Makefile.am 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,8 @@
+##
+# Copyright 2000-2003, OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+##
+
+EXTRA_DIST = BUGS
+SUBDIRS = src examples
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,593 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# Copyright 2000-2003, OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = .
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(top_srcdir)/configure AUTHORS TODO \
+ acconfig.h config.guess config.sub depcomp install-sh \
+ ltmain.sh missing mkinstalldirs
+subdir = .
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno configure.status.lineno
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/src/config.h
+CONFIG_CLEAN_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-exec-recursive install-info-recursive \
+ install-recursive installcheck-recursive installdirs-recursive \
+ pdf-recursive ps-recursive uninstall-info-recursive \
+ uninstall-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+ { test ! -d $(distdir) \
+ || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \
+ && rm -fr $(distdir); }; }
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+EXTRA_DIST = BUGS
+SUBDIRS = src examples
+all: all-recursive
+
+.SUFFIXES:
+am--refresh:
+ @:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ echo ' cd $(srcdir) && $(AUTOMAKE) --foreign '; \
+ cd $(srcdir) && $(AUTOMAKE) --foreign \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ echo ' $(SHELL) ./config.status'; \
+ $(SHELL) ./config.status;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ $(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool
+uninstall-info-am:
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+mostlyclean-recursive clean-recursive distclean-recursive \
+maintainer-clean-recursive:
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ $(am__remove_distdir)
+ mkdir $(distdir)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+ list='$(DISTFILES)'; for file in $$list; do \
+ case $$file in \
+ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+ $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+ esac; \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+ dir="/$$dir"; \
+ $(mkdir_p) "$(distdir)$$dir"; \
+ else \
+ dir=''; \
+ fi; \
+ if test -d $$d/$$file; then \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(mkdir_p) "$(distdir)/$$subdir" \
+ || exit 1; \
+ distdir=`$(am__cd) $(distdir) && pwd`; \
+ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+ (cd $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$top_distdir" \
+ distdir="$$distdir/$$subdir" \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
+ || chmod -R a+r $(distdir)
+dist-gzip: distdir
+ tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+ $(am__remove_distdir)
+
+dist-bzip2: distdir
+ tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+ $(am__remove_distdir)
+
+dist-tarZ: distdir
+ tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+ $(am__remove_distdir)
+
+dist-shar: distdir
+ shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+ $(am__remove_distdir)
+
+dist-zip: distdir
+ -rm -f $(distdir).zip
+ zip -rq $(distdir).zip $(distdir)
+ $(am__remove_distdir)
+
+dist dist-all: distdir
+ tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+ $(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration. Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+ case '$(DIST_ARCHIVES)' in \
+ *.tar.gz*) \
+ GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+ *.tar.bz2*) \
+ bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+ *.tar.Z*) \
+ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+ *.shar.gz*) \
+ GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+ *.zip*) \
+ unzip $(distdir).zip ;;\
+ esac
+ chmod -R a-w $(distdir); chmod a+w $(distdir)
+ mkdir $(distdir)/_build
+ mkdir $(distdir)/_inst
+ chmod a-w $(distdir)
+ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+ && cd $(distdir)/_build \
+ && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+ $(DISTCHECK_CONFIGURE_FLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) dvi \
+ && $(MAKE) $(AM_MAKEFLAGS) check \
+ && $(MAKE) $(AM_MAKEFLAGS) install \
+ && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+ && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+ distuninstallcheck \
+ && chmod -R a-w "$$dc_install_base" \
+ && ({ \
+ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+ } || { rm -rf "$$dc_destdir"; exit 1; }) \
+ && rm -rf "$$dc_destdir" \
+ && $(MAKE) $(AM_MAKEFLAGS) dist \
+ && rm -rf $(DIST_ARCHIVES) \
+ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck
+ $(am__remove_distdir)
+ @(echo "$(distdir) archives ready for distribution: "; \
+ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+ sed -e '1{h;s/./=/g;p;x;}' -e '$${p;x;}'
+distuninstallcheck:
+ @cd $(distuninstallcheck_dir) \
+ && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+ || { echo "ERROR: files left after uninstall:" ; \
+ if test -n "$(DESTDIR)"; then \
+ echo " (check DESTDIR support)"; \
+ fi ; \
+ $(distuninstallcheck_listfiles) ; \
+ exit 1; } >&2
+distcleancheck: distclean
+ @if test '$(srcdir)' = . ; then \
+ echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+ exit 1 ; \
+ fi
+ @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+ || { echo "ERROR: files left in build directory after distclean:" ; \
+ $(distcleancheck_listfiles) ; \
+ exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f $(am__CONFIG_DISTCLEAN_FILES)
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-libtool \
+ distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-exec-am:
+
+install-info: install-info-recursive
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f $(am__CONFIG_DISTCLEAN_FILES)
+ -rm -rf $(top_srcdir)/autom4te.cache
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-info-am
+
+uninstall-info: uninstall-info-recursive
+
+.PHONY: $(RECURSIVE_TARGETS) CTAGS GTAGS all all-am am--refresh check \
+ check-am clean clean-generic clean-libtool clean-recursive \
+ ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
+ dist-shar dist-tarZ dist-zip distcheck distclean \
+ distclean-generic distclean-libtool distclean-recursive \
+ distclean-tags distcleancheck distdir distuninstallcheck dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-exec install-exec-am \
+ install-info install-info-am install-man install-strip \
+ installcheck installcheck-am installdirs installdirs-am \
+ maintainer-clean maintainer-clean-generic \
+ maintainer-clean-recursive mostlyclean mostlyclean-generic \
+ mostlyclean-libtool mostlyclean-recursive pdf pdf-am ps ps-am \
+ tags tags-recursive uninstall uninstall-am uninstall-info-am
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/README
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,37 @@
+This is an unstable development release of a LDAPv3 C++ Class Library.
+It was created as the diploma thesis (final project) of my computer
+science studies.
+It is based upon the OpenLDAP C-API and so it needs the C-library and
+Headerfiles installed.
+
+Installation:
+=============
+Just run the "configure" script with the apropriate options. Especially
+these two options can be imported, if you didn't install the OpenLDAP-
+libraries in the default place:
+
+--with-libldap=<path to libldap> : To tell configure where the OpenLDAP
+ C-libraries are located.
+--with-ldap-includes=<path to ldap include files> : To tell configure
+ where the OpenLDAP include files are located.
+--enable-debug to enable compliation with debugging symbols and stderr
+ output
+(run "configure --help" to see all possible command line options)
+
+If configure finishes without problems. You can simply call "make" to
+build the library and "make install" to install it.
+
+Documentation:
+==============
+Docs are very incomplete. You can either look in the source files for
+the documentation comment of generate documentation using "doxygen"
+or any other javadoc compatible documentation generator.
+
+Bugreports and other feedback:
+==============================
+If you find bugs please feel free to send me a detailed report. All
+other kinds of feedback are welcomed as well.
+
+
+ Ralf Haferkamp <rhafer at suse.de>
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/TODO
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/TODO (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/TODO 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,31 @@
+OpenLDAP C++ LDAP API ToDo items:
+=================================
+
+This is a list of projects that need getting done for the C++ API.
+They are not listed in any specific order. Contribute to projects
+based upon your personal priorities.
+
+If you would like to work on any of these projects, please coordinate
+by posting to OpenLDAP-devel mailing list:
+ http://www.OpenLDAP.org/lists
+
+If you have a project you'd like added to the list, talk it up on
+Developer's list or just do it.
+
+Please read:
+ http://www.OpenLDAP.org/devel/programming.html
+ http://www.OpenLDAP.org/devel/contributing.html
+
+
+- Add SASL Authentication
+- Add methods to the Data Classes (LDAPAttribute, LDAPEntry) for higher
+ usability. (e.g. LDAPAttributeList::getAttribute(name), ... )
+- implement some Controls/Extented Operations
+- LDIF im/export library
+- Rework the logging and debugging facilities
+- write some more documentation about the design and structure of the
+ library.
+- example applications
+
+$ID$
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/acconfig.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/acconfig.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/acconfig.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2 @@
+#undef WITH_DEBUG
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/aclocal.m4
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/aclocal.m4 (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/aclocal.m4 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,7010 @@
+# generated automatically by aclocal 1.9.6 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005 Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
+
+# serial 47 AC_PROG_LIBTOOL
+
+
+# AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED)
+# -----------------------------------------------------------
+# If this macro is not defined by Autoconf, define it here.
+m4_ifdef([AC_PROVIDE_IFELSE],
+ [],
+ [m4_define([AC_PROVIDE_IFELSE],
+ [m4_ifdef([AC_PROVIDE_$1],
+ [$2], [$3])])])
+
+
+# AC_PROG_LIBTOOL
+# ---------------
+AC_DEFUN([AC_PROG_LIBTOOL],
+[AC_REQUIRE([_AC_PROG_LIBTOOL])dnl
+dnl If AC_PROG_CXX has already been expanded, run AC_LIBTOOL_CXX
+dnl immediately, otherwise, hook it in at the end of AC_PROG_CXX.
+ AC_PROVIDE_IFELSE([AC_PROG_CXX],
+ [AC_LIBTOOL_CXX],
+ [define([AC_PROG_CXX], defn([AC_PROG_CXX])[AC_LIBTOOL_CXX
+ ])])
+dnl And a similar setup for Fortran 77 support
+ AC_PROVIDE_IFELSE([AC_PROG_F77],
+ [AC_LIBTOOL_F77],
+ [define([AC_PROG_F77], defn([AC_PROG_F77])[AC_LIBTOOL_F77
+])])
+
+dnl Quote A][M_PROG_GCJ so that aclocal doesn't bring it in needlessly.
+dnl If either AC_PROG_GCJ or A][M_PROG_GCJ have already been expanded, run
+dnl AC_LIBTOOL_GCJ immediately, otherwise, hook it in at the end of both.
+ AC_PROVIDE_IFELSE([AC_PROG_GCJ],
+ [AC_LIBTOOL_GCJ],
+ [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
+ [AC_LIBTOOL_GCJ],
+ [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ],
+ [AC_LIBTOOL_GCJ],
+ [ifdef([AC_PROG_GCJ],
+ [define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[AC_LIBTOOL_GCJ])])
+ ifdef([A][M_PROG_GCJ],
+ [define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[AC_LIBTOOL_GCJ])])
+ ifdef([LT_AC_PROG_GCJ],
+ [define([LT_AC_PROG_GCJ],
+ defn([LT_AC_PROG_GCJ])[AC_LIBTOOL_GCJ])])])])
+])])# AC_PROG_LIBTOOL
+
+
+# _AC_PROG_LIBTOOL
+# ----------------
+AC_DEFUN([_AC_PROG_LIBTOOL],
+[AC_REQUIRE([AC_LIBTOOL_SETUP])dnl
+AC_BEFORE([$0],[AC_LIBTOOL_CXX])dnl
+AC_BEFORE([$0],[AC_LIBTOOL_F77])dnl
+AC_BEFORE([$0],[AC_LIBTOOL_GCJ])dnl
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+AC_SUBST(LIBTOOL)dnl
+
+# Prevent multiple expansion
+define([AC_PROG_LIBTOOL], [])
+])# _AC_PROG_LIBTOOL
+
+
+# AC_LIBTOOL_SETUP
+# ----------------
+AC_DEFUN([AC_LIBTOOL_SETUP],
+[AC_PREREQ(2.50)dnl
+AC_REQUIRE([AC_ENABLE_SHARED])dnl
+AC_REQUIRE([AC_ENABLE_STATIC])dnl
+AC_REQUIRE([AC_ENABLE_FAST_INSTALL])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_PROG_LD])dnl
+AC_REQUIRE([AC_PROG_LD_RELOAD_FLAG])dnl
+AC_REQUIRE([AC_PROG_NM])dnl
+
+AC_REQUIRE([AC_PROG_LN_S])dnl
+AC_REQUIRE([AC_DEPLIBS_CHECK_METHOD])dnl
+# Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers!
+AC_REQUIRE([AC_OBJEXT])dnl
+AC_REQUIRE([AC_EXEEXT])dnl
+dnl
+
+AC_LIBTOOL_SYS_MAX_CMD_LEN
+AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
+AC_LIBTOOL_OBJDIR
+
+AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
+_LT_AC_PROG_ECHO_BACKSLASH
+
+case $host_os in
+aix3*)
+ # AIX sometimes has problems with the GCC collect2 program. For some
+ # reason, if we set the COLLECT_NAMES environment variable, the problems
+ # vanish in a puff of smoke.
+ if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+ fi
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='sed -e 1s/^X//'
+[sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g']
+
+# Same as above, but do not quote variable references.
+[double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g']
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Constants:
+rm="rm -f"
+
+# Global variables:
+default_ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except M$VC,
+# which needs '.lib').
+libext=a
+ltmain="$ac_aux_dir/ltmain.sh"
+ofile="$default_ofile"
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+AC_CHECK_TOOL(AR, ar, false)
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+AC_CHECK_TOOL(STRIP, strip, :)
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+test -z "$AS" && AS=as
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+test -z "$LD" && LD=ld
+test -z "$LN_S" && LN_S="ln -s"
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+test -z "$NM" && NM=nm
+test -z "$SED" && SED=sed
+test -z "$OBJDUMP" && OBJDUMP=objdump
+test -z "$RANLIB" && RANLIB=:
+test -z "$STRIP" && STRIP=:
+test -z "$ac_objext" && ac_objext=o
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+ case $host_os in
+ openbsd*)
+ old_postinstall_cmds="\$RANLIB -t \$oldlib~$old_postinstall_cmds"
+ ;;
+ *)
+ old_postinstall_cmds="\$RANLIB \$oldlib~$old_postinstall_cmds"
+ ;;
+ esac
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+
+_LT_CC_BASENAME([$compiler])
+
+# Only perform the check for file, if the check method requires it
+case $deplibs_check_method in
+file_magic*)
+ if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+ AC_PATH_MAGIC
+ fi
+ ;;
+esac
+
+AC_PROVIDE_IFELSE([AC_LIBTOOL_DLOPEN], enable_dlopen=yes, enable_dlopen=no)
+AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL],
+enable_win32_dll=yes, enable_win32_dll=no)
+
+AC_ARG_ENABLE([libtool-lock],
+ [AC_HELP_STRING([--disable-libtool-lock],
+ [avoid locking (might break parallel builds)])])
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+AC_ARG_WITH([pic],
+ [AC_HELP_STRING([--with-pic],
+ [try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
+ [pic_mode="$withval"],
+ [pic_mode=default])
+test -z "$pic_mode" && pic_mode=default
+
+# Use C for the default configuration in the libtool script
+tagname=
+AC_LIBTOOL_LANG_C_CONFIG
+_LT_AC_TAGCONFIG
+])# AC_LIBTOOL_SETUP
+
+
+# _LT_AC_SYS_COMPILER
+# -------------------
+AC_DEFUN([_LT_AC_SYS_COMPILER],
+[AC_REQUIRE([AC_PROG_CC])dnl
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+])# _LT_AC_SYS_COMPILER
+
+
+# _LT_CC_BASENAME(CC)
+# -------------------
+# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
+AC_DEFUN([_LT_CC_BASENAME],
+[for cc_temp in $1""; do
+ case $cc_temp in
+ compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
+ distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+])
+
+
+# _LT_COMPILER_BOILERPLATE
+# ------------------------
+# Check for compiler boilerplate output or warnings with
+# the simple compiler test code.
+AC_DEFUN([_LT_COMPILER_BOILERPLATE],
+[ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+])# _LT_COMPILER_BOILERPLATE
+
+
+# _LT_LINKER_BOILERPLATE
+# ----------------------
+# Check for linker boilerplate output or warnings with
+# the simple link test code.
+AC_DEFUN([_LT_LINKER_BOILERPLATE],
+[ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+])# _LT_LINKER_BOILERPLATE
+
+
+# _LT_AC_SYS_LIBPATH_AIX
+# ----------------------
+# Links a minimal program and checks the executable
+# for the system default hardcoded library path. In most cases,
+# this is /usr/lib:/lib, but when the MPI compilers are used
+# the location of the communication and MPI libs are included too.
+# If we don't find anything, use the default library path according
+# to the aix ld manual.
+AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX],
+[AC_LINK_IFELSE(AC_LANG_PROGRAM,[
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi],[])
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+])# _LT_AC_SYS_LIBPATH_AIX
+
+
+# _LT_AC_SHELL_INIT(ARG)
+# ----------------------
+AC_DEFUN([_LT_AC_SHELL_INIT],
+[ifdef([AC_DIVERSION_NOTICE],
+ [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)],
+ [AC_DIVERT_PUSH(NOTICE)])
+$1
+AC_DIVERT_POP
+])# _LT_AC_SHELL_INIT
+
+
+# _LT_AC_PROG_ECHO_BACKSLASH
+# --------------------------
+# Add some code to the start of the generated configure script which
+# will find an echo command which doesn't interpret backslashes.
+AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH],
+[_LT_AC_SHELL_INIT([
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$ECHO in
+X*--fallback-echo)
+ # Remove one level of quotation (which was required for Make).
+ ECHO=`echo "$ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','`
+ ;;
+esac
+
+echo=${ECHO-echo}
+if test "X[$]1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X[$]1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then
+ # Yippee, $echo works!
+ :
+else
+ # Restart under the correct shell.
+ exec $SHELL "[$]0" --no-reexec ${1+"[$]@"}
+fi
+
+if test "X[$]1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<EOF
+[$]*
+EOF
+ exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$ECHO"; then
+if test "X${echo_test_string+set}" != Xset; then
+# find a string as large as possible, as long as the shell can cope with it
+ for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do
+ # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+ if (echo_test_string="`eval $cmd`") 2>/dev/null &&
+ echo_test_string="`eval $cmd`" &&
+ (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null
+ then
+ break
+ fi
+ done
+fi
+
+if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ :
+else
+ # The Solaris, AIX, and Digital Unix default echo programs unquote
+ # backslashes. This makes it impossible to quote backslashes using
+ # echo "$something" | sed 's/\\/\\\\/g'
+ #
+ # So, first we look for a working echo in the user's PATH.
+
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for dir in $PATH /usr/ucb; do
+ IFS="$lt_save_ifs"
+ if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+ test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ echo="$dir/echo"
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ if test "X$echo" = Xecho; then
+ # We didn't find a better echo, so look for alternatives.
+ if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # This shell has a builtin print -r that does the trick.
+ echo='print -r'
+ elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
+ test "X$CONFIG_SHELL" != X/bin/ksh; then
+ # If we have ksh, try running configure again with it.
+ ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+ export ORIGINAL_CONFIG_SHELL
+ CONFIG_SHELL=/bin/ksh
+ export CONFIG_SHELL
+ exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"}
+ else
+ # Try using printf.
+ echo='printf %s\n'
+ if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # Cool, printf works
+ :
+ elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+ export CONFIG_SHELL
+ SHELL="$CONFIG_SHELL"
+ export SHELL
+ echo="$CONFIG_SHELL [$]0 --fallback-echo"
+ elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ echo="$CONFIG_SHELL [$]0 --fallback-echo"
+ else
+ # maybe with a smaller string...
+ prev=:
+
+ for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do
+ if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null
+ then
+ break
+ fi
+ prev="$cmd"
+ done
+
+ if test "$prev" != 'sed 50q "[$]0"'; then
+ echo_test_string=`eval $prev`
+ export echo_test_string
+ exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"}
+ else
+ # Oops. We lost completely, so just stick with echo.
+ echo=echo
+ fi
+ fi
+ fi
+ fi
+fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+ECHO=$echo
+if test "X$ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then
+ ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo"
+fi
+
+AC_SUBST(ECHO)
+])])# _LT_AC_PROG_ECHO_BACKSLASH
+
+
+# _LT_AC_LOCK
+# -----------
+AC_DEFUN([_LT_AC_LOCK],
+[AC_ARG_ENABLE([libtool-lock],
+ [AC_HELP_STRING([--disable-libtool-lock],
+ [avoid locking (might break parallel builds)])])
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *ELF-32*)
+ HPUX_IA64_MODE="32"
+ ;;
+ *ELF-64*)
+ HPUX_IA64_MODE="64"
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+*-*-irix6*)
+ # Find out which ABI we are using.
+ echo '[#]line __oline__ "configure"' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -melf32bsmip"
+ ;;
+ *N32*)
+ LD="${LD-ld} -melf32bmipn32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -melf64bmip"
+ ;;
+ esac
+ else
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -32"
+ ;;
+ *N32*)
+ LD="${LD-ld} -n32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -64"
+ ;;
+ esac
+ fi
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case "`/usr/bin/file conftest.o`" in
+ *32-bit*)
+ case $host in
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ ppc64-*linux*|powerpc64-*linux*)
+ LD="${LD-ld} -m elf32ppclinux"
+ ;;
+ s390x-*linux*)
+ LD="${LD-ld} -m elf_s390"
+ ;;
+ sparc64-*linux*)
+ LD="${LD-ld} -m elf32_sparc"
+ ;;
+ esac
+ ;;
+ *64-bit*)
+ case $host in
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ ppc*-*linux*|powerpc*-*linux*)
+ LD="${LD-ld} -m elf64ppc"
+ ;;
+ s390*-*linux*)
+ LD="${LD-ld} -m elf64_s390"
+ ;;
+ sparc*-*linux*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+*-*-sco3.2v5*)
+ # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+ SAVE_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -belf"
+ AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
+ [AC_LANG_PUSH(C)
+ AC_TRY_LINK([],[],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
+ AC_LANG_POP])
+ if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+ # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+ CFLAGS="$SAVE_CFLAGS"
+ fi
+ ;;
+AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL],
+[*-*-cygwin* | *-*-mingw* | *-*-pw32*)
+ AC_CHECK_TOOL(DLLTOOL, dlltool, false)
+ AC_CHECK_TOOL(AS, as, false)
+ AC_CHECK_TOOL(OBJDUMP, objdump, false)
+ ;;
+ ])
+esac
+
+need_locks="$enable_libtool_lock"
+
+])# _LT_AC_LOCK
+
+
+# AC_LIBTOOL_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
+# ----------------------------------------------------------------
+# Check whether the given compiler option works
+AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION],
+[AC_REQUIRE([LT_AC_PROG_SED])
+AC_CACHE_CHECK([$1], [$2],
+ [$2=no
+ ifelse([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$3"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed >conftest.exp
+ $SED '/^$/d' conftest.err >conftest.er2
+ if test ! -s conftest.err || diff conftest.exp conftest.er2 >/dev/null; then
+ $2=yes
+ fi
+ fi
+ $rm conftest*
+])
+
+if test x"[$]$2" = xyes; then
+ ifelse([$5], , :, [$5])
+else
+ ifelse([$6], , :, [$6])
+fi
+])# AC_LIBTOOL_COMPILER_OPTION
+
+
+# AC_LIBTOOL_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+# [ACTION-SUCCESS], [ACTION-FAILURE])
+# ------------------------------------------------------------
+# Check whether the given compiler option works
+AC_DEFUN([AC_LIBTOOL_LINKER_OPTION],
+[AC_CACHE_CHECK([$1], [$2],
+ [$2=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $3"
+ printf "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&AS_MESSAGE_LOG_FD
+ $echo "X$_lt_linker_boilerplate" | $Xsed > conftest.exp
+ $SED '/^$/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ $2=yes
+ fi
+ else
+ $2=yes
+ fi
+ fi
+ $rm conftest*
+ LDFLAGS="$save_LDFLAGS"
+])
+
+if test x"[$]$2" = xyes; then
+ ifelse([$4], , :, [$4])
+else
+ ifelse([$5], , :, [$5])
+fi
+])# AC_LIBTOOL_LINKER_OPTION
+
+
+# AC_LIBTOOL_SYS_MAX_CMD_LEN
+# --------------------------
+AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN],
+[# find the maximum length of command line arguments
+AC_MSG_CHECKING([the maximum length of command line arguments])
+AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
+ i=0
+ teststring="ABCD"
+
+ case $build_os in
+ msdosdjgpp*)
+ # On DJGPP, this test can blow up pretty badly due to problems in libc
+ # (any single argument exceeding 2000 bytes causes a buffer overrun
+ # during glob expansion). Even if it were fixed, the result of this
+ # check would be larger than it should be.
+ lt_cv_sys_max_cmd_len=12288; # 12K is about right
+ ;;
+
+ gnu*)
+ # Under GNU Hurd, this test is not required because there is
+ # no limit to the length of command line arguments.
+ # Libtool will interpret -1 as no limit whatsoever
+ lt_cv_sys_max_cmd_len=-1;
+ ;;
+
+ cygwin* | mingw*)
+ # On Win9x/ME, this test blows up -- it succeeds, but takes
+ # about 5 minutes as the teststring grows exponentially.
+ # Worse, since 9x/ME are not pre-emptively multitasking,
+ # you end up with a "frozen" computer, even though with patience
+ # the test eventually succeeds (with a max line length of 256k).
+ # Instead, let's just punt: use the minimum linelength reported by
+ # all of the supported platforms: 8192 (on NT/2K/XP).
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ amigaos*)
+ # On AmigaOS with pdksh, this test takes hours, literally.
+ # So we just punt and use a minimum line length of 8192.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+ # This has been around since 386BSD, at least. Likely further.
+ if test -x /sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+ elif test -x /usr/sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+ else
+ lt_cv_sys_max_cmd_len=65536 # usable default for *BSD
+ fi
+ # And add a safety zone
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ ;;
+ osf*)
+ # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+ # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+ # nice to cause kernel panics so lets avoid the loop below.
+ # First set a reasonable default.
+ lt_cv_sys_max_cmd_len=16384
+ #
+ if test -x /sbin/sysconfig; then
+ case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+ *1*) lt_cv_sys_max_cmd_len=-1 ;;
+ esac
+ fi
+ ;;
+ *)
+ # If test is not a shell built-in, we'll probably end up computing a
+ # maximum length that is only half of the actual maximum length, but
+ # we can't tell.
+ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+ while (test "X"`$SHELL [$]0 --fallback-echo "X$teststring" 2>/dev/null` \
+ = "XX$teststring") >/dev/null 2>&1 &&
+ new_result=`expr "X$teststring" : ".*" 2>&1` &&
+ lt_cv_sys_max_cmd_len=$new_result &&
+ test $i != 17 # 1/2 MB should be enough
+ do
+ i=`expr $i + 1`
+ teststring=$teststring$teststring
+ done
+ teststring=
+ # Add a significant safety factor because C++ compilers can tack on massive
+ # amounts of additional arguments before passing them to the linker.
+ # It appears as though 1/2 is a usable value.
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+ ;;
+ esac
+])
+if test -n $lt_cv_sys_max_cmd_len ; then
+ AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
+else
+ AC_MSG_RESULT(none)
+fi
+])# AC_LIBTOOL_SYS_MAX_CMD_LEN
+
+
+# _LT_AC_CHECK_DLFCN
+# --------------------
+AC_DEFUN([_LT_AC_CHECK_DLFCN],
+[AC_CHECK_HEADERS(dlfcn.h)dnl
+])# _LT_AC_CHECK_DLFCN
+
+
+# _LT_AC_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
+# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
+# ------------------------------------------------------------------
+AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF],
+[AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl
+if test "$cross_compiling" = yes; then :
+ [$4]
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+[#line __oline__ "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+
+ exit (status);
+}]
+EOF
+ if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) $1 ;;
+ x$lt_dlneed_uscore) $2 ;;
+ x$lt_unknown|x*) $3 ;;
+ esac
+ else :
+ # compilation failed
+ $3
+ fi
+fi
+rm -fr conftest*
+])# _LT_AC_TRY_DLOPEN_SELF
+
+
+# AC_LIBTOOL_DLOPEN_SELF
+# -------------------
+AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF],
+[AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl
+if test "x$enable_dlopen" != xyes; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32*)
+ lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen="dlopen"
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ AC_CHECK_LIB([dl], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[
+ lt_cv_dlopen="dyld"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ])
+ ;;
+
+ *)
+ AC_CHECK_FUNC([shl_load],
+ [lt_cv_dlopen="shl_load"],
+ [AC_CHECK_LIB([dld], [shl_load],
+ [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"],
+ [AC_CHECK_FUNC([dlopen],
+ [lt_cv_dlopen="dlopen"],
+ [AC_CHECK_LIB([dl], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],
+ [AC_CHECK_LIB([svld], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"],
+ [AC_CHECK_LIB([dld], [dld_link],
+ [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"])
+ ])
+ ])
+ ])
+ ])
+ ])
+ ;;
+ esac
+
+ if test "x$lt_cv_dlopen" != xno; then
+ enable_dlopen=yes
+ else
+ enable_dlopen=no
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS="$CPPFLAGS"
+ test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS="$LDFLAGS"
+ eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS="$LIBS"
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ AC_CACHE_CHECK([whether a program can dlopen itself],
+ lt_cv_dlopen_self, [dnl
+ _LT_AC_TRY_DLOPEN_SELF(
+ lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
+ lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
+ ])
+
+ if test "x$lt_cv_dlopen_self" = xyes; then
+ LDFLAGS="$LDFLAGS $link_static_flag"
+ AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
+ lt_cv_dlopen_self_static, [dnl
+ _LT_AC_TRY_DLOPEN_SELF(
+ lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
+ lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross)
+ ])
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+])# AC_LIBTOOL_DLOPEN_SELF
+
+
+# AC_LIBTOOL_PROG_CC_C_O([TAGNAME])
+# ---------------------------------
+# Check to see if options -c and -o are simultaneously supported by compiler
+AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O],
+[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
+AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
+ [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
+ [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
+ $rm -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&AS_MESSAGE_LOG_FD
+ echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $echo "X$_lt_compiler_boilerplate" | $Xsed > out/conftest.exp
+ $SED '/^$/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.err || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+ fi
+ fi
+ chmod u+w .
+ $rm conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+ $rm out/* && rmdir out
+ cd ..
+ rmdir conftest
+ $rm conftest*
+])
+])# AC_LIBTOOL_PROG_CC_C_O
+
+
+# AC_LIBTOOL_SYS_HARD_LINK_LOCKS([TAGNAME])
+# -----------------------------------------
+# Check to see if we can do hard links to lock some files if needed
+AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS],
+[AC_REQUIRE([_LT_AC_LOCK])dnl
+
+hard_links="nottested"
+if test "$_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ AC_MSG_CHECKING([if we can lock with hard links])
+ hard_links=yes
+ $rm conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ AC_MSG_RESULT([$hard_links])
+ if test "$hard_links" = no; then
+ AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe])
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+])# AC_LIBTOOL_SYS_HARD_LINK_LOCKS
+
+
+# AC_LIBTOOL_OBJDIR
+# -----------------
+AC_DEFUN([AC_LIBTOOL_OBJDIR],
+[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
+[rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+ lt_cv_objdir=.libs
+else
+ # MS-DOS does not allow filenames that begin with a dot.
+ lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null])
+objdir=$lt_cv_objdir
+])# AC_LIBTOOL_OBJDIR
+
+
+# AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH([TAGNAME])
+# ----------------------------------------------
+# Check hardcoding attributes.
+AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH],
+[AC_MSG_CHECKING([how to hardcode library paths into programs])
+_LT_AC_TAGVAR(hardcode_action, $1)=
+if test -n "$_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)" || \
+ test -n "$_LT_AC_TAGVAR(runpath_var, $1)" || \
+ test "X$_LT_AC_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then
+
+ # We can hardcode non-existant directories.
+ if test "$_LT_AC_TAGVAR(hardcode_direct, $1)" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)" != no &&
+ test "$_LT_AC_TAGVAR(hardcode_minus_L, $1)" != no; then
+ # Linking always hardcodes the temporary library directory.
+ _LT_AC_TAGVAR(hardcode_action, $1)=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ _LT_AC_TAGVAR(hardcode_action, $1)=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ _LT_AC_TAGVAR(hardcode_action, $1)=unsupported
+fi
+AC_MSG_RESULT([$_LT_AC_TAGVAR(hardcode_action, $1)])
+
+if test "$_LT_AC_TAGVAR(hardcode_action, $1)" = relink; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+])# AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH
+
+
+# AC_LIBTOOL_SYS_LIB_STRIP
+# ------------------------
+AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP],
+[striplib=
+old_striplib=
+AC_MSG_CHECKING([whether stripping libraries is possible])
+if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ AC_MSG_RESULT([yes])
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+fi
+ ;;
+ *)
+ AC_MSG_RESULT([no])
+ ;;
+ esac
+fi
+])# AC_LIBTOOL_SYS_LIB_STRIP
+
+
+# AC_LIBTOOL_SYS_DYNAMIC_LINKER
+# -----------------------------
+# PORTME Fill in your ld.so characteristics
+AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER],
+[AC_MSG_CHECKING([dynamic linker characteristics])
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix4* | aix5*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[[01]] | aix4.[[01]].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[[45]]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $rm \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | [grep ';[c-zC-Z]:/' >/dev/null]; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='$(test .$module = .yes && echo .so || echo .dylib)'
+ # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+ if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+ else
+ sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+ fi
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+kfreebsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[[01]]* | freebsdelf3.[[01]]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ *) # from 3.2 on
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case "$host_cpu" in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+knetbsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+nto-qnx*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+openbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[[89]] | openbsd2.[[89]].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+sco3.2v5*)
+ version_type=osf
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+AC_MSG_RESULT([$dynamic_linker])
+test "$dynamic_linker" = no && can_build_shared=no
+])# AC_LIBTOOL_SYS_DYNAMIC_LINKER
+
+
+# _LT_AC_TAGCONFIG
+# ----------------
+AC_DEFUN([_LT_AC_TAGCONFIG],
+[AC_ARG_WITH([tags],
+ [AC_HELP_STRING([--with-tags@<:@=TAGS@:>@],
+ [include additional configurations @<:@automatic@:>@])],
+ [tagnames="$withval"])
+
+if test -f "$ltmain" && test -n "$tagnames"; then
+ if test ! -f "${ofile}"; then
+ AC_MSG_WARN([output file `$ofile' does not exist])
+ fi
+
+ if test -z "$LTCC"; then
+ eval "`$SHELL ${ofile} --config | grep '^LTCC='`"
+ if test -z "$LTCC"; then
+ AC_MSG_WARN([output file `$ofile' does not look like a libtool script])
+ else
+ AC_MSG_WARN([using `LTCC=$LTCC', extracted from `$ofile'])
+ fi
+ fi
+
+ # Extract list of available tagged configurations in $ofile.
+ # Note that this assumes the entire list is on one line.
+ available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'`
+
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for tagname in $tagnames; do
+ IFS="$lt_save_ifs"
+ # Check whether tagname contains only valid characters
+ case `$echo "X$tagname" | $Xsed -e 's:[[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]]::g'` in
+ "") ;;
+ *) AC_MSG_ERROR([invalid tag name: $tagname])
+ ;;
+ esac
+
+ if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null
+ then
+ AC_MSG_ERROR([tag name \"$tagname\" already exists])
+ fi
+
+ # Update the list of available tags.
+ if test -n "$tagname"; then
+ echo appending configuration tag \"$tagname\" to $ofile
+
+ case $tagname in
+ CXX)
+ if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ AC_LIBTOOL_LANG_CXX_CONFIG
+ else
+ tagname=""
+ fi
+ ;;
+
+ F77)
+ if test -n "$F77" && test "X$F77" != "Xno"; then
+ AC_LIBTOOL_LANG_F77_CONFIG
+ else
+ tagname=""
+ fi
+ ;;
+
+ GCJ)
+ if test -n "$GCJ" && test "X$GCJ" != "Xno"; then
+ AC_LIBTOOL_LANG_GCJ_CONFIG
+ else
+ tagname=""
+ fi
+ ;;
+
+ RC)
+ AC_LIBTOOL_LANG_RC_CONFIG
+ ;;
+
+ *)
+ AC_MSG_ERROR([Unsupported tag name: $tagname])
+ ;;
+ esac
+
+ # Append the new tag name to the list of available tags.
+ if test -n "$tagname" ; then
+ available_tags="$available_tags $tagname"
+ fi
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ # Now substitute the updated list of available tags.
+ if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then
+ mv "${ofile}T" "$ofile"
+ chmod +x "$ofile"
+ else
+ rm -f "${ofile}T"
+ AC_MSG_ERROR([unable to update list of available tagged configurations.])
+ fi
+fi
+])# _LT_AC_TAGCONFIG
+
+
+# AC_LIBTOOL_DLOPEN
+# -----------------
+# enable checks for dlopen support
+AC_DEFUN([AC_LIBTOOL_DLOPEN],
+ [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])
+])# AC_LIBTOOL_DLOPEN
+
+
+# AC_LIBTOOL_WIN32_DLL
+# --------------------
+# declare package support for building win32 dll's
+AC_DEFUN([AC_LIBTOOL_WIN32_DLL],
+[AC_BEFORE([$0], [AC_LIBTOOL_SETUP])
+])# AC_LIBTOOL_WIN32_DLL
+
+
+# AC_ENABLE_SHARED([DEFAULT])
+# ---------------------------
+# implement the --enable-shared flag
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+AC_DEFUN([AC_ENABLE_SHARED],
+[define([AC_ENABLE_SHARED_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE([shared],
+ [AC_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
+ [build shared libraries @<:@default=]AC_ENABLE_SHARED_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_shared=yes ;;
+ no) enable_shared=no ;;
+ *)
+ enable_shared=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_shared=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_shared=]AC_ENABLE_SHARED_DEFAULT)
+])# AC_ENABLE_SHARED
+
+
+# AC_DISABLE_SHARED
+# -----------------
+#- set the default shared flag to --disable-shared
+AC_DEFUN([AC_DISABLE_SHARED],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_SHARED(no)
+])# AC_DISABLE_SHARED
+
+
+# AC_ENABLE_STATIC([DEFAULT])
+# ---------------------------
+# implement the --enable-static flag
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+AC_DEFUN([AC_ENABLE_STATIC],
+[define([AC_ENABLE_STATIC_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE([static],
+ [AC_HELP_STRING([--enable-static@<:@=PKGS@:>@],
+ [build static libraries @<:@default=]AC_ENABLE_STATIC_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_static=yes ;;
+ no) enable_static=no ;;
+ *)
+ enable_static=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_static=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_static=]AC_ENABLE_STATIC_DEFAULT)
+])# AC_ENABLE_STATIC
+
+
+# AC_DISABLE_STATIC
+# -----------------
+# set the default static flag to --disable-static
+AC_DEFUN([AC_DISABLE_STATIC],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_STATIC(no)
+])# AC_DISABLE_STATIC
+
+
+# AC_ENABLE_FAST_INSTALL([DEFAULT])
+# ---------------------------------
+# implement the --enable-fast-install flag
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+AC_DEFUN([AC_ENABLE_FAST_INSTALL],
+[define([AC_ENABLE_FAST_INSTALL_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE([fast-install],
+ [AC_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
+ [optimize for fast installation @<:@default=]AC_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_fast_install=yes ;;
+ no) enable_fast_install=no ;;
+ *)
+ enable_fast_install=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_fast_install=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_fast_install=]AC_ENABLE_FAST_INSTALL_DEFAULT)
+])# AC_ENABLE_FAST_INSTALL
+
+
+# AC_DISABLE_FAST_INSTALL
+# -----------------------
+# set the default to --disable-fast-install
+AC_DEFUN([AC_DISABLE_FAST_INSTALL],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_FAST_INSTALL(no)
+])# AC_DISABLE_FAST_INSTALL
+
+
+# AC_LIBTOOL_PICMODE([MODE])
+# --------------------------
+# implement the --with-pic flag
+# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
+AC_DEFUN([AC_LIBTOOL_PICMODE],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+pic_mode=ifelse($#,1,$1,default)
+])# AC_LIBTOOL_PICMODE
+
+
+# AC_PROG_EGREP
+# -------------
+# This is predefined starting with Autoconf 2.54, so this conditional
+# definition can be removed once we require Autoconf 2.54 or later.
+m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP],
+[AC_CACHE_CHECK([for egrep], [ac_cv_prog_egrep],
+ [if echo a | (grep -E '(a|b)') >/dev/null 2>&1
+ then ac_cv_prog_egrep='grep -E'
+ else ac_cv_prog_egrep='egrep'
+ fi])
+ EGREP=$ac_cv_prog_egrep
+ AC_SUBST([EGREP])
+])])
+
+
+# AC_PATH_TOOL_PREFIX
+# -------------------
+# find a file program which can recognise shared library
+AC_DEFUN([AC_PATH_TOOL_PREFIX],
+[AC_REQUIRE([AC_PROG_EGREP])dnl
+AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
+[case $MAGIC_CMD in
+[[\\/*] | ?:[\\/]*])
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+dnl $ac_dummy forces splitting on constant user-supplied paths.
+dnl POSIX.2 word splitting is done only on the output of word expansions,
+dnl not every word. This closes a longstanding sh security hole.
+ ac_dummy="ifelse([$2], , $PATH, [$2])"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/$1; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/$1"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex="`expr \"$deplibs_check_method\" : \"file_magic \(.*\)\"`"
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool at gnu.org
+
+EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac])
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ AC_MSG_RESULT($MAGIC_CMD)
+else
+ AC_MSG_RESULT(no)
+fi
+])# AC_PATH_TOOL_PREFIX
+
+
+# AC_PATH_MAGIC
+# -------------
+# find a file program which can recognise a shared library
+AC_DEFUN([AC_PATH_MAGIC],
+[AC_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+ if test -n "$ac_tool_prefix"; then
+ AC_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
+ else
+ MAGIC_CMD=:
+ fi
+fi
+])# AC_PATH_MAGIC
+
+
+# AC_PROG_LD
+# ----------
+# find the pathname to the GNU or non-GNU linker
+AC_DEFUN([AC_PROG_LD],
+[AC_ARG_WITH([gnu-ld],
+ [AC_HELP_STRING([--with-gnu-ld],
+ [assume the C compiler uses GNU ld @<:@default=no@:>@])],
+ [test "$withval" = no || with_gnu_ld=yes],
+ [with_gnu_ld=no])
+AC_REQUIRE([LT_AC_PROG_SED])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ AC_MSG_CHECKING([for ld used by $CC])
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [[\\/]]* | ?:[[\\/]]*)
+ re_direlt='/[[^/]][[^/]]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'`
+ while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ AC_MSG_CHECKING([for GNU ld])
+else
+ AC_MSG_CHECKING([for non-GNU ld])
+fi
+AC_CACHE_VAL(lt_cv_path_LD,
+[if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some GNU ld's only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi])
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ AC_MSG_RESULT($LD)
+else
+ AC_MSG_RESULT(no)
+fi
+test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
+AC_PROG_LD_GNU
+])# AC_PROG_LD
+
+
+# AC_PROG_LD_GNU
+# --------------
+AC_DEFUN([AC_PROG_LD_GNU],
+[AC_REQUIRE([AC_PROG_EGREP])dnl
+AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
+[# I'd rather use --version here, but apparently some GNU ld's only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac])
+with_gnu_ld=$lt_cv_prog_gnu_ld
+])# AC_PROG_LD_GNU
+
+
+# AC_PROG_LD_RELOAD_FLAG
+# ----------------------
+# find reload flag for linker
+# -- PORTME Some linkers may need a different reload flag.
+AC_DEFUN([AC_PROG_LD_RELOAD_FLAG],
+[AC_CACHE_CHECK([for $LD option to reload object files],
+ lt_cv_ld_reload_flag,
+ [lt_cv_ld_reload_flag='-r'])
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+ darwin*)
+ if test "$GCC" = yes; then
+ reload_cmds='$CC -nostdlib ${wl}-r -o $output$reload_objs'
+ else
+ reload_cmds='$LD$reload_flag -o $output$reload_objs'
+ fi
+ ;;
+esac
+])# AC_PROG_LD_RELOAD_FLAG
+
+
+# AC_DEPLIBS_CHECK_METHOD
+# -----------------------
+# how to check for library dependencies
+# -- PORTME fill in with the dynamic library characteristics
+AC_DEFUN([AC_DEPLIBS_CHECK_METHOD],
+[AC_CACHE_CHECK([how to recognise dependent libraries],
+lt_cv_deplibs_check_method,
+[lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix4* | aix5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+beos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+bsdi[[45]]*)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
+ lt_cv_file_magic_cmd='/usr/bin/file -L'
+ lt_cv_file_magic_test_file=/shlib/libc.so
+ ;;
+
+cygwin*)
+ # func_win32_libid is a shell function defined in ltmain.sh
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ ;;
+
+mingw* | pw32*)
+ # Base MSYS/MinGW do not provide the 'file' command needed by
+ # func_win32_libid shell function, so use a weaker test based on 'objdump'.
+ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
+darwin* | rhapsody*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+freebsd* | kfreebsd*-gnu | dragonfly*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+ case $host_cpu in
+ i*86 )
+ # Not sure whether the presence of OpenBSD here was a mistake.
+ # Let's accept both of them until this is cleared up.
+ lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+ ;;
+ esac
+ else
+ lt_cv_deplibs_check_method=pass_all
+ fi
+ ;;
+
+gnu*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+hpux10.20* | hpux11*)
+ lt_cv_file_magic_cmd=/usr/bin/file
+ case "$host_cpu" in
+ ia64*)
+ lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
+ lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+ ;;
+ hppa*64*)
+ [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]']
+ lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+ ;;
+ *)
+ lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library'
+ lt_cv_file_magic_test_file=/usr/lib/libc.sl
+ ;;
+ esac
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $LD in
+ *-32|*"-32 ") libmagic=32-bit;;
+ *-n32|*"-n32 ") libmagic=N32;;
+ *-64|*"-64 ") libmagic=64-bit;;
+ *) libmagic=never-match;;
+ esac
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
+ fi
+ ;;
+
+newos6*)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=/usr/lib/libnls.so
+ ;;
+
+nto-qnx*)
+ lt_cv_deplibs_check_method=unknown
+ ;;
+
+openbsd*)
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+ fi
+ ;;
+
+osf3* | osf4* | osf5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sco3.2v5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+solaris*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ case $host_vendor in
+ motorola)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+ ;;
+ ncr)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ sequent)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
+ ;;
+ sni)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
+ lt_cv_file_magic_test_file=/lib/libc.so
+ ;;
+ siemens)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ esac
+ ;;
+
+sysv5OpenUNIX8* | sysv5UnixWare7* | sysv5uw[[78]]* | unixware7* | sysv4*uw2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+esac
+])
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+])# AC_DEPLIBS_CHECK_METHOD
+
+
+# AC_PROG_NM
+# ----------
+# find the pathname to a BSD-compatible name lister
+AC_DEFUN([AC_PROG_NM],
+[AC_CACHE_CHECK([for BSD-compatible nm], lt_cv_path_NM,
+[if test -n "$NM"; then
+ # Let the user override the test.
+ lt_cv_path_NM="$NM"
+else
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH /usr/ccs/bin /usr/ucb /bin; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ tmp_nm="$ac_dir/${ac_tool_prefix}nm"
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+ # Check to see if the nm accepts a BSD-compat flag.
+ # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+ # nm: unknown option "B" ignored
+ # Tru64's nm complains that /dev/null is an invalid object file
+ case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+ */dev/null* | *'Invalid file or object type'*)
+ lt_cv_path_NM="$tmp_nm -B"
+ break
+ ;;
+ *)
+ case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+ */dev/null*)
+ lt_cv_path_NM="$tmp_nm -p"
+ break
+ ;;
+ *)
+ lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+ continue # so that we can try to find one that supports BSD flags
+ ;;
+ esac
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+ test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm
+fi])
+NM="$lt_cv_path_NM"
+])# AC_PROG_NM
+
+
+# AC_CHECK_LIBM
+# -------------
+# check for math library
+AC_DEFUN([AC_CHECK_LIBM],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+LIBM=
+case $host in
+*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*)
+ # These system don't have libm, or don't need it
+ ;;
+*-ncr-sysv4.3*)
+ AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw")
+ AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
+ ;;
+*)
+ AC_CHECK_LIB(m, cos, LIBM="-lm")
+ ;;
+esac
+])# AC_CHECK_LIBM
+
+
+# AC_LIBLTDL_CONVENIENCE([DIRECTORY])
+# -----------------------------------
+# sets LIBLTDL to the link flags for the libltdl convenience library and
+# LTDLINCL to the include flags for the libltdl header and adds
+# --enable-ltdl-convenience to the configure arguments. Note that LIBLTDL
+# and LTDLINCL are not AC_SUBSTed, nor is AC_CONFIG_SUBDIRS called. If
+# DIRECTORY is not provided, it is assumed to be `libltdl'. LIBLTDL will
+# be prefixed with '${top_builddir}/' and LTDLINCL will be prefixed with
+# '${top_srcdir}/' (note the single quotes!). If your package is not
+# flat and you're not using automake, define top_builddir and
+# top_srcdir appropriately in the Makefiles.
+AC_DEFUN([AC_LIBLTDL_CONVENIENCE],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+ case $enable_ltdl_convenience in
+ no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;;
+ "") enable_ltdl_convenience=yes
+ ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;;
+ esac
+ LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdlc.la
+ LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
+ # For backwards non-gettext consistent compatibility...
+ INCLTDL="$LTDLINCL"
+])# AC_LIBLTDL_CONVENIENCE
+
+
+# AC_LIBLTDL_INSTALLABLE([DIRECTORY])
+# -----------------------------------
+# sets LIBLTDL to the link flags for the libltdl installable library and
+# LTDLINCL to the include flags for the libltdl header and adds
+# --enable-ltdl-install to the configure arguments. Note that LIBLTDL
+# and LTDLINCL are not AC_SUBSTed, nor is AC_CONFIG_SUBDIRS called. If
+# DIRECTORY is not provided and an installed libltdl is not found, it is
+# assumed to be `libltdl'. LIBLTDL will be prefixed with '${top_builddir}/'
+# and LTDLINCL will be prefixed with '${top_srcdir}/' (note the single
+# quotes!). If your package is not flat and you're not using automake,
+# define top_builddir and top_srcdir appropriately in the Makefiles.
+# In the future, this macro may have to be called after AC_PROG_LIBTOOL.
+AC_DEFUN([AC_LIBLTDL_INSTALLABLE],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+ AC_CHECK_LIB(ltdl, lt_dlinit,
+ [test x"$enable_ltdl_install" != xyes && enable_ltdl_install=no],
+ [if test x"$enable_ltdl_install" = xno; then
+ AC_MSG_WARN([libltdl not installed, but installation disabled])
+ else
+ enable_ltdl_install=yes
+ fi
+ ])
+ if test x"$enable_ltdl_install" = x"yes"; then
+ ac_configure_args="$ac_configure_args --enable-ltdl-install"
+ LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdl.la
+ LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
+ else
+ ac_configure_args="$ac_configure_args --enable-ltdl-install=no"
+ LIBLTDL="-lltdl"
+ LTDLINCL=
+ fi
+ # For backwards non-gettext consistent compatibility...
+ INCLTDL="$LTDLINCL"
+])# AC_LIBLTDL_INSTALLABLE
+
+
+# AC_LIBTOOL_CXX
+# --------------
+# enable support for C++ libraries
+AC_DEFUN([AC_LIBTOOL_CXX],
+[AC_REQUIRE([_LT_AC_LANG_CXX])
+])# AC_LIBTOOL_CXX
+
+
+# _LT_AC_LANG_CXX
+# ---------------
+AC_DEFUN([_LT_AC_LANG_CXX],
+[AC_REQUIRE([AC_PROG_CXX])
+AC_REQUIRE([_LT_AC_PROG_CXXCPP])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}CXX])
+])# _LT_AC_LANG_CXX
+
+# _LT_AC_PROG_CXXCPP
+# ---------------
+AC_DEFUN([_LT_AC_PROG_CXXCPP],
+[
+AC_REQUIRE([AC_PROG_CXX])
+if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ AC_PROG_CXXCPP
+fi
+])# _LT_AC_PROG_CXXCPP
+
+# AC_LIBTOOL_F77
+# --------------
+# enable support for Fortran 77 libraries
+AC_DEFUN([AC_LIBTOOL_F77],
+[AC_REQUIRE([_LT_AC_LANG_F77])
+])# AC_LIBTOOL_F77
+
+
+# _LT_AC_LANG_F77
+# ---------------
+AC_DEFUN([_LT_AC_LANG_F77],
+[AC_REQUIRE([AC_PROG_F77])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}F77])
+])# _LT_AC_LANG_F77
+
+
+# AC_LIBTOOL_GCJ
+# --------------
+# enable support for GCJ libraries
+AC_DEFUN([AC_LIBTOOL_GCJ],
+[AC_REQUIRE([_LT_AC_LANG_GCJ])
+])# AC_LIBTOOL_GCJ
+
+
+# _LT_AC_LANG_GCJ
+# ---------------
+AC_DEFUN([_LT_AC_LANG_GCJ],
+[AC_PROVIDE_IFELSE([AC_PROG_GCJ],[],
+ [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],[],
+ [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ],[],
+ [ifdef([AC_PROG_GCJ],[AC_REQUIRE([AC_PROG_GCJ])],
+ [ifdef([A][M_PROG_GCJ],[AC_REQUIRE([A][M_PROG_GCJ])],
+ [AC_REQUIRE([A][C_PROG_GCJ_OR_A][M_PROG_GCJ])])])])])])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}GCJ])
+])# _LT_AC_LANG_GCJ
+
+
+# AC_LIBTOOL_RC
+# --------------
+# enable support for Windows resource files
+AC_DEFUN([AC_LIBTOOL_RC],
+[AC_REQUIRE([LT_AC_PROG_RC])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}RC])
+])# AC_LIBTOOL_RC
+
+
+# AC_LIBTOOL_LANG_C_CONFIG
+# ------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined. Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG], [_LT_AC_LANG_C_CONFIG])
+AC_DEFUN([_LT_AC_LANG_C_CONFIG],
+[lt_save_CC="$CC"
+AC_LANG_PUSH(C)
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}\n'
+
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+#
+# Check for any special shared library compilation flags.
+#
+_LT_AC_TAGVAR(lt_prog_cc_shlib, $1)=
+if test "$GCC" = no; then
+ case $host_os in
+ sco3.2v5*)
+ _LT_AC_TAGVAR(lt_prog_cc_shlib, $1)='-belf'
+ ;;
+ esac
+fi
+if test -n "$_LT_AC_TAGVAR(lt_prog_cc_shlib, $1)"; then
+ AC_MSG_WARN([`$CC' requires `$_LT_AC_TAGVAR(lt_prog_cc_shlib, $1)' to build shared libraries])
+ if echo "$old_CC $old_CFLAGS " | grep "[[ ]]$_LT_AC_TAGVAR(lt_prog_cc_shlib, $1)[[ ]]" >/dev/null; then :
+ else
+ AC_MSG_WARN([add `$_LT_AC_TAGVAR(lt_prog_cc_shlib, $1)' to the CC or CFLAGS env variable and reconfigure])
+ _LT_AC_TAGVAR(lt_cv_prog_cc_can_build_shared, $1)=no
+ fi
+fi
+
+
+#
+# Check to make sure the static flag actually works.
+#
+AC_LIBTOOL_LINKER_OPTION([if $compiler static flag $_LT_AC_TAGVAR(lt_prog_compiler_static, $1) works],
+ _LT_AC_TAGVAR(lt_prog_compiler_static_works, $1),
+ $_LT_AC_TAGVAR(lt_prog_compiler_static, $1),
+ [],
+ [_LT_AC_TAGVAR(lt_prog_compiler_static, $1)=])
+
+
+AC_LIBTOOL_PROG_COMPILER_NO_RTTI($1)
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+AC_LIBTOOL_SYS_LIB_STRIP
+AC_LIBTOOL_DLOPEN_SELF($1)
+
+# Report which librarie types wil actually be built
+AC_MSG_CHECKING([if libtool supports shared libraries])
+AC_MSG_RESULT([$can_build_shared])
+
+AC_MSG_CHECKING([whether to build shared libraries])
+test "$can_build_shared" = "no" && enable_shared=no
+
+# On AIX, shared libraries and static libraries use the same namespace, and
+# are all built from PIC.
+case "$host_os" in
+aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+
+aix4* | aix5*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+esac
+AC_MSG_RESULT([$enable_shared])
+
+AC_MSG_CHECKING([whether to build static libraries])
+# Make sure either enable_shared or enable_static is yes.
+test "$enable_shared" = yes || enable_static=yes
+AC_MSG_RESULT([$enable_static])
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_POP
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_C_CONFIG
+
+
+# AC_LIBTOOL_LANG_CXX_CONFIG
+# --------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined. Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG], [_LT_AC_LANG_CXX_CONFIG(CXX)])
+AC_DEFUN([_LT_AC_LANG_CXX_CONFIG],
+[AC_LANG_PUSH(C++)
+AC_REQUIRE([AC_PROG_CXX])
+AC_REQUIRE([_LT_AC_PROG_CXXCPP])
+
+_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_AC_TAGVAR(allow_undefined_flag, $1)=
+_LT_AC_TAGVAR(always_export_symbols, $1)=no
+_LT_AC_TAGVAR(archive_expsym_cmds, $1)=
+_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_direct, $1)=no
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_AC_TAGVAR(hardcode_minus_L, $1)=no
+_LT_AC_TAGVAR(hardcode_automatic, $1)=no
+_LT_AC_TAGVAR(module_cmds, $1)=
+_LT_AC_TAGVAR(module_expsym_cmds, $1)=
+_LT_AC_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_AC_TAGVAR(no_undefined_flag, $1)=
+_LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Dependencies to place before and after the object being linked:
+_LT_AC_TAGVAR(predep_objects, $1)=
+_LT_AC_TAGVAR(postdep_objects, $1)=
+_LT_AC_TAGVAR(predeps, $1)=
+_LT_AC_TAGVAR(postdeps, $1)=
+_LT_AC_TAGVAR(compiler_lib_search_path, $1)=
+
+# Source file extension for C++ test sources.
+ac_ext=cc
+
+# Object file extension for compiled C++ test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(int, char *[]) { return(0); }\n'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC=$CC
+lt_save_LD=$LD
+lt_save_GCC=$GCC
+GCC=$GXX
+lt_save_with_gnu_ld=$with_gnu_ld
+lt_save_path_LD=$lt_cv_path_LD
+if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+ lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+else
+ unset lt_cv_prog_gnu_ld
+fi
+if test -n "${lt_cv_path_LDCXX+set}"; then
+ lt_cv_path_LD=$lt_cv_path_LDCXX
+else
+ unset lt_cv_path_LD
+fi
+test -z "${LDCXX+set}" || LD=$LDCXX
+CC=${CXX-"c++"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+
+# We don't want -fno-exception wen compiling C++ code, so set the
+# no_builtin_flag separately
+if test "$GXX" = yes; then
+ _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+else
+ _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+fi
+
+if test "$GXX" = yes; then
+ # Set up default GNU C++ configuration
+
+ AC_PROG_LD
+
+ # Check if GNU C++ uses GNU ld as the underlying linker, since the
+ # archiving commands below assume that GNU ld is being used.
+ if test "$with_gnu_ld" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+ # investigate it a little bit more. (MM)
+ wlarc='${wl}'
+
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if eval "`$CC -print-prog-name=ld` --help 2>&1" | \
+ grep 'no-whole-archive' > /dev/null; then
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ else
+ with_gnu_ld=no
+ wlarc=
+
+ # A generic and very simple default shared library creation
+ # command for GNU C++ for the case where it uses the native
+ # linker, instead of GNU ld. If possible, this setting should
+ # overridden to take advantage of the native linker features on
+ # the platform it is being used on.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ fi
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+else
+ GXX=no
+ with_gnu_ld=no
+ wlarc=
+fi
+
+# PORTME: fill in a description of your system's C++ link characteristics
+AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+_LT_AC_TAGVAR(ld_shlibs, $1)=yes
+case $host_os in
+ aix3*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ case $ld_flag in
+ *-brtl*)
+ aix_use_runtimelinking=yes
+ break
+ ;;
+ esac
+ done
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ _LT_AC_TAGVAR(archive_cmds, $1)=''
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+ if test "$GXX" = yes; then
+ case $host_os in aix4.[[012]]|aix4.[[012]].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ else
+ # We have old collect2
+ _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+ fi
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok'
+ # Determine the default libpath from the value encoded in an empty executable.
+ _LT_AC_SYS_LIBPATH_AIX
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an empty executable.
+ _LT_AC_SYS_LIBPATH_AIX
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+ # -bexpall does not export symbols beginning with underscore (_)
+ _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+ # Exported symbols can be pulled into shared objects from archives
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=' '
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+ # This is similar to how AIX traditionally builds it's shared libraries.
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}-bE:$export_symbols ${wl}-bnoentry${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+ chorus*)
+ case $cc_basename in
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+
+ cygwin* | mingw* | pw32*)
+ # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+ # as there is no search path for DLLs.
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_AC_TAGVAR(always_export_symbols, $1)=no
+ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ darwin* | rhapsody*)
+ case "$host_os" in
+ rhapsody* | darwin1.[[012]])
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress'
+ ;;
+ *) # Darwin 1.3 on
+ if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ else
+ case ${MACOSX_DEPLOYMENT_TARGET} in
+ 10.[[012]])
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ ;;
+ 10.*)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_automatic, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=''
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+ if test "$GXX" = yes ; then
+ lt_int_apple_cc_single_mod=no
+ output_verbose_link_cmd='echo'
+ if $CC -dumpspecs 2>&1 | $EGREP 'single_module' >/dev/null ; then
+ lt_int_apple_cc_single_mod=yes
+ fi
+ if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ fi
+ _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
+ if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ fi
+ _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ case $cc_basename in
+ xlc*)
+ output_verbose_link_cmd='echo'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+ _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ ;;
+ *)
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ fi
+ ;;
+
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+ freebsd[[12]]*)
+ # C++ shared libraries reported to be fairly broken before switch to ELF
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ freebsd-elf*)
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ ;;
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+ # conventions
+ _LT_AC_TAGVAR(ld_shlibs, $1)=yes
+ ;;
+ gnu*)
+ ;;
+ hpux9*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aCC*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "[[-]]L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+ hpux10*|hpux11*)
+ if test $with_gnu_ld = no; then
+ case "$host_cpu" in
+ hppa*64*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+ ia64*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ ;;
+ *)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ ;;
+ esac
+ fi
+ case "$host_cpu" in
+ hppa*64*)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+ ia64*)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+ ;;
+ *)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+ ;;
+ esac
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aCC*)
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname -o $lib $linker_flags $libobjs $deplibs'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test $with_gnu_ld = no; then
+ case "$host_cpu" in
+ ia64*|hppa*64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname -o $lib $linker_flags $libobjs $deplibs'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ fi
+ else
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+ irix5* | irix6*)
+ case $cc_basename in
+ CC*)
+ # SGI C++
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+
+ # Archives containing C++ object files must be created using
+ # "CC -ar", where "CC" is the IRIX C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test "$with_gnu_ld" = no; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` -o $lib'
+ fi
+ fi
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+ esac
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+ linux*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | grep "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath,$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+ # Archives containing C++ object files must be created using
+ # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
+ ;;
+ icpc*)
+ # Intel C++
+ with_gnu_ld=yes
+ # version 8.0 and above of icpc choke on multiply defined symbols
+ # if we add $predep_objects and $postdep_objects, however 7.1 and
+ # earlier do not add the objects themselves.
+ case `$CC -V 2>&1` in
+ *"Version 7."*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ *) # Version 8.0 or newer
+ tmp_idyn=
+ case $host_cpu in
+ ia64*) tmp_idyn=' -i_dynamic';;
+ esac
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ esac
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ ;;
+ pgCC*)
+ # Portland Group C++ compiler
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive,`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ ;;
+ cxx*)
+ # Compaq C++
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
+
+ runpath_var=LD_RUN_PATH
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ esac
+ ;;
+ lynxos*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ m88k*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+ wlarc=
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ fi
+ # Workaround some broken pre-1.5 toolchains
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+ ;;
+ openbsd2*)
+ # C++ shared libraries are fairly broken
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ openbsd*)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ fi
+ output_verbose_link_cmd='echo'
+ ;;
+ osf3*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Archives containing C++ object files must be created using
+ # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
+
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ cxx*)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && echo ${wl}-set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+ else
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+ osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Archives containing C++ object files must be created using
+ # the KAI C++ compiler.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs'
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ cxx*)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+ echo "-hidden">> $lib.exp~
+ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname -Wl,-input -Wl,$lib.exp `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~
+ $rm $lib.exp'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+ else
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+ psos*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ sco*)
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ lcc*)
+ # Lucid
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' -zdefs'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -nolib -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} -nolib ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ case $host_os in
+ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+ *)
+ # The C++ compiler is used as linker so we must use $wl
+ # flag to pass the commands to the underlying system
+ # linker. We must also pass each convience library through
+ # to the system linker between allextract/defaultextract.
+ # The C++ compiler will combine linker options so we
+ # cannot just pass the convience library names through
+ # without $wl.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract'
+ ;;
+ esac
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep "\-[[LR]]"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+
+ # Archives containing C++ object files must be created using
+ # "CC -xar", where "CC" is the Sun C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+
+ # The C++ compiler must be used to create the archive.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+ ;;
+ *)
+ # GNU C++ compiler with Solaris linker
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs'
+ if $CC --version | grep -v '^2\.7' > /dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd="$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
+ else
+ # g++ 2.7 appears to require `-G' NOT `-shared' on this
+ # platform.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd="$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
+ fi
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir'
+ fi
+ ;;
+ esac
+ ;;
+ sysv5OpenUNIX8* | sysv5UnixWare7* | sysv5uw[[78]]* | unixware7*)
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ ;;
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+ vxworks*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+esac
+AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)])
+test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+_LT_AC_TAGVAR(GCC, $1)="$GXX"
+_LT_AC_TAGVAR(LD, $1)="$LD"
+
+AC_LIBTOOL_POSTDEP_PREDEP($1)
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+AC_LIBTOOL_SYS_LIB_STRIP
+AC_LIBTOOL_DLOPEN_SELF($1)
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_POP
+CC=$lt_save_CC
+LDCXX=$LD
+LD=$lt_save_LD
+GCC=$lt_save_GCC
+with_gnu_ldcxx=$with_gnu_ld
+with_gnu_ld=$lt_save_with_gnu_ld
+lt_cv_path_LDCXX=$lt_cv_path_LD
+lt_cv_path_LD=$lt_save_path_LD
+lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+])# AC_LIBTOOL_LANG_CXX_CONFIG
+
+# AC_LIBTOOL_POSTDEP_PREDEP([TAGNAME])
+# ------------------------
+# Figure out "hidden" library dependencies from verbose
+# compiler output when linking a shared library.
+# Parse the compiler output and extract the necessary
+# objects, libraries and library flags.
+AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP],[
+dnl we can't use the lt_simple_compile_test_code here,
+dnl because it contains code intended for an executable,
+dnl not a library. It's possible we should let each
+dnl tag define a new lt_????_link_test_code variable,
+dnl but it's only used here...
+ifelse([$1],[],[cat > conftest.$ac_ext <<EOF
+int a;
+void foo (void) { a = 0; }
+EOF
+],[$1],[CXX],[cat > conftest.$ac_ext <<EOF
+class Foo
+{
+public:
+ Foo (void) { a = 0; }
+private:
+ int a;
+};
+EOF
+],[$1],[F77],[cat > conftest.$ac_ext <<EOF
+ subroutine foo
+ implicit none
+ integer*4 a
+ a=0
+ return
+ end
+EOF
+],[$1],[GCJ],[cat > conftest.$ac_ext <<EOF
+public class foo {
+ private int a;
+ public void bar (void) {
+ a = 0;
+ }
+};
+EOF
+])
+dnl Parse the compiler output and extract the necessary
+dnl objects, libraries and library flags.
+if AC_TRY_EVAL(ac_compile); then
+ # Parse the compiler output and extract the necessary
+ # objects, libraries and library flags.
+
+ # Sentinel used to keep track of whether or not we are before
+ # the conftest object file.
+ pre_test_object_deps_done=no
+
+ # The `*' in the case matches for architectures that use `case' in
+ # $output_verbose_cmd can trigger glob expansion during the loop
+ # eval without this substitution.
+ output_verbose_link_cmd="`$echo \"X$output_verbose_link_cmd\" | $Xsed -e \"$no_glob_subst\"`"
+
+ for p in `eval $output_verbose_link_cmd`; do
+ case $p in
+
+ -L* | -R* | -l*)
+ # Some compilers place space between "-{L,R}" and the path.
+ # Remove the space.
+ if test $p = "-L" \
+ || test $p = "-R"; then
+ prev=$p
+ continue
+ else
+ prev=
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ case $p in
+ -L* | -R*)
+ # Internal compiler library paths should come after those
+ # provided the user. The postdeps already come after the
+ # user supplied libs so there is no need to process them.
+ if test -z "$_LT_AC_TAGVAR(compiler_lib_search_path, $1)"; then
+ _LT_AC_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}"
+ else
+ _LT_AC_TAGVAR(compiler_lib_search_path, $1)="${_LT_AC_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}"
+ fi
+ ;;
+ # The "-l" case would never come before the object being
+ # linked, so don't bother handling this case.
+ esac
+ else
+ if test -z "$_LT_AC_TAGVAR(postdeps, $1)"; then
+ _LT_AC_TAGVAR(postdeps, $1)="${prev}${p}"
+ else
+ _LT_AC_TAGVAR(postdeps, $1)="${_LT_AC_TAGVAR(postdeps, $1)} ${prev}${p}"
+ fi
+ fi
+ ;;
+
+ *.$objext)
+ # This assumes that the test object file only shows up
+ # once in the compiler output.
+ if test "$p" = "conftest.$objext"; then
+ pre_test_object_deps_done=yes
+ continue
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ if test -z "$_LT_AC_TAGVAR(predep_objects, $1)"; then
+ _LT_AC_TAGVAR(predep_objects, $1)="$p"
+ else
+ _LT_AC_TAGVAR(predep_objects, $1)="$_LT_AC_TAGVAR(predep_objects, $1) $p"
+ fi
+ else
+ if test -z "$_LT_AC_TAGVAR(postdep_objects, $1)"; then
+ _LT_AC_TAGVAR(postdep_objects, $1)="$p"
+ else
+ _LT_AC_TAGVAR(postdep_objects, $1)="$_LT_AC_TAGVAR(postdep_objects, $1) $p"
+ fi
+ fi
+ ;;
+
+ *) ;; # Ignore the rest.
+
+ esac
+ done
+
+ # Clean up.
+ rm -f a.out a.exe
+else
+ echo "libtool.m4: error: problem compiling $1 test program"
+fi
+
+$rm -f confest.$objext
+
+case " $_LT_AC_TAGVAR(postdeps, $1) " in
+*" -lc "*) _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no ;;
+esac
+])# AC_LIBTOOL_POSTDEP_PREDEP
+
+# AC_LIBTOOL_LANG_F77_CONFIG
+# ------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined. Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG], [_LT_AC_LANG_F77_CONFIG(F77)])
+AC_DEFUN([_LT_AC_LANG_F77_CONFIG],
+[AC_REQUIRE([AC_PROG_F77])
+AC_LANG_PUSH(Fortran 77)
+
+_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_AC_TAGVAR(allow_undefined_flag, $1)=
+_LT_AC_TAGVAR(always_export_symbols, $1)=no
+_LT_AC_TAGVAR(archive_expsym_cmds, $1)=
+_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_direct, $1)=no
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_AC_TAGVAR(hardcode_minus_L, $1)=no
+_LT_AC_TAGVAR(hardcode_automatic, $1)=no
+_LT_AC_TAGVAR(module_cmds, $1)=
+_LT_AC_TAGVAR(module_expsym_cmds, $1)=
+_LT_AC_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_AC_TAGVAR(no_undefined_flag, $1)=
+_LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for f77 test sources.
+ac_ext=f
+
+# Object file extension for compiled f77 test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code=" subroutine t\n return\n end\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code=" program t\n end\n"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${F77-"f77"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+
+AC_MSG_CHECKING([if libtool supports shared libraries])
+AC_MSG_RESULT([$can_build_shared])
+
+AC_MSG_CHECKING([whether to build shared libraries])
+test "$can_build_shared" = "no" && enable_shared=no
+
+# On AIX, shared libraries and static libraries use the same namespace, and
+# are all built from PIC.
+case "$host_os" in
+aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+aix4* | aix5*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+esac
+AC_MSG_RESULT([$enable_shared])
+
+AC_MSG_CHECKING([whether to build static libraries])
+# Make sure either enable_shared or enable_static is yes.
+test "$enable_shared" = yes || enable_static=yes
+AC_MSG_RESULT([$enable_static])
+
+test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+_LT_AC_TAGVAR(GCC, $1)="$G77"
+_LT_AC_TAGVAR(LD, $1)="$LD"
+
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+AC_LIBTOOL_SYS_LIB_STRIP
+
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_POP
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_F77_CONFIG
+
+
+# AC_LIBTOOL_LANG_GCJ_CONFIG
+# --------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined. Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG], [_LT_AC_LANG_GCJ_CONFIG(GCJ)])
+AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG],
+[AC_LANG_SAVE
+
+# Source file extension for Java test sources.
+ac_ext=java
+
+# Object file extension for compiled Java test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="class foo {}\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }\n'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${GCJ-"gcj"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+
+# GCJ did not exist at the time GCC didn't implicitly link libc in.
+_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+
+_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+
+AC_LIBTOOL_PROG_COMPILER_NO_RTTI($1)
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+AC_LIBTOOL_SYS_LIB_STRIP
+AC_LIBTOOL_DLOPEN_SELF($1)
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_RESTORE
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_GCJ_CONFIG
+
+
+# AC_LIBTOOL_LANG_RC_CONFIG
+# --------------------------
+# Ensure that the configuration vars for the Windows resource compiler are
+# suitably defined. Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG], [_LT_AC_LANG_RC_CONFIG(RC)])
+AC_DEFUN([_LT_AC_LANG_RC_CONFIG],
+[AC_LANG_SAVE
+
+# Source file extension for RC test sources.
+ac_ext=rc
+
+# Object file extension for compiled RC test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }\n'
+
+# Code to be used in simple link tests
+lt_simple_link_test_code="$lt_simple_compile_test_code"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${RC-"windres"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_RESTORE
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_RC_CONFIG
+
+
+# AC_LIBTOOL_CONFIG([TAGNAME])
+# ----------------------------
+# If TAGNAME is not passed, then create an initial libtool script
+# with a default configuration from the untagged config vars. Otherwise
+# add code to config.status for appending the configuration named by
+# TAGNAME from the matching tagged config vars.
+AC_DEFUN([AC_LIBTOOL_CONFIG],
+[# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+ # See if we are running on zsh, and set the options which allow our commands through
+ # without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+ # Now quote all the things that may contain metacharacters while being
+ # careful not to overquote the AC_SUBSTed values. We take copies of the
+ # variables and quote the copies for generation of the libtool script.
+ for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC NM \
+ SED SHELL STRIP \
+ libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+ old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+ deplibs_check_method reload_flag reload_cmds need_locks \
+ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+ lt_cv_sys_global_symbol_to_c_name_address \
+ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+ old_postinstall_cmds old_postuninstall_cmds \
+ _LT_AC_TAGVAR(compiler, $1) \
+ _LT_AC_TAGVAR(CC, $1) \
+ _LT_AC_TAGVAR(LD, $1) \
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1) \
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1) \
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1) \
+ _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) \
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1) \
+ _LT_AC_TAGVAR(thread_safe_flag_spec, $1) \
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1) \
+ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1) \
+ _LT_AC_TAGVAR(old_archive_cmds, $1) \
+ _LT_AC_TAGVAR(old_archive_from_new_cmds, $1) \
+ _LT_AC_TAGVAR(predep_objects, $1) \
+ _LT_AC_TAGVAR(postdep_objects, $1) \
+ _LT_AC_TAGVAR(predeps, $1) \
+ _LT_AC_TAGVAR(postdeps, $1) \
+ _LT_AC_TAGVAR(compiler_lib_search_path, $1) \
+ _LT_AC_TAGVAR(archive_cmds, $1) \
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1) \
+ _LT_AC_TAGVAR(postinstall_cmds, $1) \
+ _LT_AC_TAGVAR(postuninstall_cmds, $1) \
+ _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1) \
+ _LT_AC_TAGVAR(allow_undefined_flag, $1) \
+ _LT_AC_TAGVAR(no_undefined_flag, $1) \
+ _LT_AC_TAGVAR(export_symbols_cmds, $1) \
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) \
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1) \
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1) \
+ _LT_AC_TAGVAR(hardcode_automatic, $1) \
+ _LT_AC_TAGVAR(module_cmds, $1) \
+ _LT_AC_TAGVAR(module_expsym_cmds, $1) \
+ _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1) \
+ _LT_AC_TAGVAR(exclude_expsyms, $1) \
+ _LT_AC_TAGVAR(include_expsyms, $1); do
+
+ case $var in
+ _LT_AC_TAGVAR(old_archive_cmds, $1) | \
+ _LT_AC_TAGVAR(old_archive_from_new_cmds, $1) | \
+ _LT_AC_TAGVAR(archive_cmds, $1) | \
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1) | \
+ _LT_AC_TAGVAR(module_cmds, $1) | \
+ _LT_AC_TAGVAR(module_expsym_cmds, $1) | \
+ _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1) | \
+ _LT_AC_TAGVAR(export_symbols_cmds, $1) | \
+ extract_expsyms_cmds | reload_cmds | finish_cmds | \
+ postinstall_cmds | postuninstall_cmds | \
+ old_postinstall_cmds | old_postuninstall_cmds | \
+ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+ # Double-quote double-evaled strings.
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+ ;;
+ *)
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+ ;;
+ esac
+ done
+
+ case $lt_echo in
+ *'\[$]0 --fallback-echo"')
+ lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\[$]0 --fallback-echo"[$]/[$]0 --fallback-echo"/'`
+ ;;
+ esac
+
+ifelse([$1], [],
+ [cfgfile="${ofile}T"
+ trap "$rm \"$cfgfile\"; exit 1" 1 2 15
+ $rm -f "$cfgfile"
+ AC_MSG_NOTICE([creating $ofile])],
+ [cfgfile="$ofile"])
+
+ cat <<__EOF__ >> "$cfgfile"
+ifelse([$1], [],
+[#! $SHELL
+
+# `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
+# Free Software Foundation, Inc.
+#
+# This file is part of GNU Libtool:
+# Originally by Gordon Matzigkeit <gord at gnu.ai.mit.edu>, 1996
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="$SED -e 1s/^X//"
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+# The names of the tagged configurations supported by this script.
+available_tags=
+
+# ### BEGIN LIBTOOL CONFIG],
+[# ### BEGIN LIBTOOL TAG CONFIG: $tagname])
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# A language-specific compiler.
+CC=$lt_[]_LT_AC_TAGVAR(compiler, $1)
+
+# Is the compiler the GNU C compiler?
+with_gcc=$_LT_AC_TAGVAR(GCC, $1)
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_[]_LT_AC_TAGVAR(LD, $1)
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_[]_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_static, $1)
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_[]_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_[]_LT_AC_TAGVAR(whole_archive_flag_spec, $1)
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_[]_LT_AC_TAGVAR(thread_safe_flag_spec, $1)
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_cmds, $1)
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_new_cmds, $1)
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1)
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_[]_LT_AC_TAGVAR(archive_cmds, $1)
+archive_expsym_cmds=$lt_[]_LT_AC_TAGVAR(archive_expsym_cmds, $1)
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_[]_LT_AC_TAGVAR(module_cmds, $1)
+module_expsym_cmds=$lt_[]_LT_AC_TAGVAR(module_expsym_cmds, $1)
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_[]_LT_AC_TAGVAR(predep_objects, $1)
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_[]_LT_AC_TAGVAR(postdep_objects, $1)
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_[]_LT_AC_TAGVAR(predeps, $1)
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_[]_LT_AC_TAGVAR(postdeps, $1)
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1)
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_[]_LT_AC_TAGVAR(allow_undefined_flag, $1)
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_[]_LT_AC_TAGVAR(no_undefined_flag, $1)
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$_LT_AC_TAGVAR(hardcode_action, $1)
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_separator, $1)
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$_LT_AC_TAGVAR(hardcode_direct, $1)
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$_LT_AC_TAGVAR(hardcode_minus_L, $1)
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$_LT_AC_TAGVAR(hardcode_automatic, $1)
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$_LT_AC_TAGVAR(link_all_deplibs, $1)
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$_LT_AC_TAGVAR(fix_srcfile_path, $1)"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$_LT_AC_TAGVAR(always_export_symbols, $1)
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_[]_LT_AC_TAGVAR(export_symbols_cmds, $1)
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_[]_LT_AC_TAGVAR(exclude_expsyms, $1)
+
+# Symbols that must always be exported.
+include_expsyms=$lt_[]_LT_AC_TAGVAR(include_expsyms, $1)
+
+ifelse([$1],[],
+[# ### END LIBTOOL CONFIG],
+[# ### END LIBTOOL TAG CONFIG: $tagname])
+
+__EOF__
+
+ifelse([$1],[], [
+ case $host_os in
+ aix3*)
+ cat <<\EOF >> "$cfgfile"
+
+# AIX sometimes has problems with the GCC collect2 program. For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+fi
+EOF
+ ;;
+ esac
+
+ # We use sed instead of cat because bash on DJGPP gets confused if
+ # if finds mixed CR/LF and LF-only lines. Since sed operates in
+ # text mode, it properly converts lines to CR/LF. This bash problem
+ # is reportedly fixed, but why not run on old versions too?
+ sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1)
+
+ mv -f "$cfgfile" "$ofile" || \
+ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+ chmod +x "$ofile"
+])
+else
+ # If there is no Makefile yet, we rely on a make rule to execute
+ # `config.status --recheck' to rerun these tests and create the
+ # libtool script then.
+ ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+ if test -f "$ltmain_in"; then
+ test -f Makefile && make "$ltmain"
+ fi
+fi
+])# AC_LIBTOOL_CONFIG
+
+
+# AC_LIBTOOL_PROG_COMPILER_NO_RTTI([TAGNAME])
+# -------------------------------------------
+AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI],
+[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
+
+_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+
+if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+
+ AC_LIBTOOL_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
+ lt_cv_prog_compiler_rtti_exceptions,
+ [-fno-rtti -fno-exceptions], [],
+ [_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
+fi
+])# AC_LIBTOOL_PROG_COMPILER_NO_RTTI
+
+
+# AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
+# ---------------------------------
+AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE],
+[AC_REQUIRE([AC_CANONICAL_HOST])
+AC_REQUIRE([AC_PROG_NM])
+AC_REQUIRE([AC_OBJEXT])
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+AC_MSG_CHECKING([command to parse $NM output from $compiler object])
+AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
+[
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix. What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[[BCDEGRST]]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
+
+# Transform an extracted symbol line into a proper C declaration
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+ symcode='[[BCDT]]'
+ ;;
+cygwin* | mingw* | pw32*)
+ symcode='[[ABCDGISTW]]'
+ ;;
+hpux*) # Its linker distinguishes data from code symbols
+ if test "$host_cpu" = ia64; then
+ symcode='[[ABCDEGRST]]'
+ fi
+ lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+ lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+ ;;
+linux*)
+ if test "$host_cpu" = ia64; then
+ symcode='[[ABCDGIRSTW]]'
+ lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+ lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+ fi
+ ;;
+irix* | nonstopux*)
+ symcode='[[BCDEGRST]]'
+ ;;
+osf*)
+ symcode='[[BCDEGQRST]]'
+ ;;
+solaris* | sysv5*)
+ symcode='[[BDRT]]'
+ ;;
+sysv4)
+ symcode='[[DFNSTU]]'
+ ;;
+esac
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+ opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+ ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+ symcode='[[ABCDGIRSTW]]' ;;
+esac
+
+# Try without a prefix undercore, then with it.
+for ac_symprfx in "" "_"; do
+
+ # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+ symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+ # Write the raw and C identifiers.
+ lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+
+ # Check to see that the pipe works correctly.
+ pipe_works=no
+
+ rm -f conftest*
+ cat > conftest.$ac_ext <<EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+EOF
+
+ if AC_TRY_EVAL(ac_compile); then
+ # Now try to grab the symbols.
+ nlist=conftest.nm
+ if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then
+ # Try sorting and uniquifying the output.
+ if sort "$nlist" | uniq > "$nlist"T; then
+ mv -f "$nlist"T "$nlist"
+ else
+ rm -f "$nlist"T
+ fi
+
+ # Make sure that we snagged all the symbols we need.
+ if grep ' nm_test_var$' "$nlist" >/dev/null; then
+ if grep ' nm_test_func$' "$nlist" >/dev/null; then
+ cat <<EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+EOF
+ # Now generate the symbol file.
+ eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext'
+
+ cat <<EOF >> conftest.$ac_ext
+#if defined (__STDC__) && __STDC__
+# define lt_ptr_t void *
+#else
+# define lt_ptr_t char *
+# define const
+#endif
+
+/* The mapping between symbol names and symbols. */
+const struct {
+ const char *name;
+ lt_ptr_t address;
+}
+lt_preloaded_symbols[[]] =
+{
+EOF
+ $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext
+ cat <<\EOF >> conftest.$ac_ext
+ {0, (lt_ptr_t) 0}
+};
+
+#ifdef __cplusplus
+}
+#endif
+EOF
+ # Now try linking the two files.
+ mv conftest.$ac_objext conftstm.$ac_objext
+ lt_save_LIBS="$LIBS"
+ lt_save_CFLAGS="$CFLAGS"
+ LIBS="conftstm.$ac_objext"
+ CFLAGS="$CFLAGS$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
+ if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then
+ pipe_works=yes
+ fi
+ LIBS="$lt_save_LIBS"
+ CFLAGS="$lt_save_CFLAGS"
+ else
+ echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
+ cat conftest.$ac_ext >&5
+ fi
+ rm -f conftest* conftst*
+
+ # Do not use the global_symbol_pipe unless it works.
+ if test "$pipe_works" = yes; then
+ break
+ else
+ lt_cv_sys_global_symbol_pipe=
+ fi
+done
+])
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+ lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+ AC_MSG_RESULT(failed)
+else
+ AC_MSG_RESULT(ok)
+fi
+]) # AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
+
+
+# AC_LIBTOOL_PROG_COMPILER_PIC([TAGNAME])
+# ---------------------------------------
+AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC],
+[_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)=
+_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+_LT_AC_TAGVAR(lt_prog_compiler_static, $1)=
+
+AC_MSG_CHECKING([for $compiler option to produce PIC])
+ ifelse([$1],[CXX],[
+ # C++ specific cases for pic, static, wl, etc.
+ if test "$GXX" = yes; then
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+ amigaos*)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+ mingw* | os2* | pw32*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
+ ;;
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+ ;;
+ *djgpp*)
+ # DJGPP does not support shared libraries at all
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+ ;;
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+ fi
+ ;;
+ hpux*)
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ else
+ case $host_os in
+ aix4* | aix5*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ else
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ chorus*)
+ case $cc_basename in
+ cxch68*)
+ # Green Hills C++ Compiler
+ # _LT_AC_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+ ;;
+ esac
+ ;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon'
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ ;;
+ esac
+ ;;
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ # FreeBSD uses GNU C++
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ case $cc_basename in
+ CC*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)="${ac_cv_prog_cc_wl}-a ${ac_cv_prog_cc_wl}archive"
+ if test "$host_cpu" != ia64; then
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ fi
+ ;;
+ aCC*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)="${ac_cv_prog_cc_wl}-a ${ac_cv_prog_cc_wl}archive"
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ ;;
+ esac
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ irix5* | irix6* | nonstopux*)
+ case $cc_basename in
+ CC*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ # CC pic flag -KPIC is the default.
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ linux*)
+ case $cc_basename in
+ KCC*)
+ # KAI C++ Compiler
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ icpc* | ecpc*)
+ # Intel C++
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ pgCC*)
+ # Portland Group C++ compiler.
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ cxx*)
+ # Compaq C++
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ lynxos*)
+ ;;
+ m88k*)
+ ;;
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ netbsd*)
+ ;;
+ osf3* | osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ cxx*)
+ # Digital/Compaq C++
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ psos*)
+ ;;
+ sco*)
+ case $cc_basename in
+ CC*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ lcc*)
+ # Lucid
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ unixware*)
+ ;;
+ vxworks*)
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+ esac
+ fi
+],
+[
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+ ;;
+
+ beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ enable_shared=no
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+ fi
+ ;;
+
+ hpux*)
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ ;;
+
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ else
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon'
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ ;;
+ esac
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # PIC (with -KPIC) is the default.
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+
+ newsos6)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ linux*)
+ case $cc_basename in
+ icc* | ecc*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ pgcc* | pgf77* | pgf90*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ ccc*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # All Alpha code is PIC.
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ esac
+ ;;
+
+ osf3* | osf4* | osf5*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # All OSF/1 code is PIC.
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+
+ sco3.2v5*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-Kpic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-dn'
+ ;;
+
+ solaris*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+
+ unicos*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+
+ uts4*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+ esac
+ fi
+])
+AC_MSG_RESULT([$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)])
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)"; then
+ AC_LIBTOOL_COMPILER_OPTION([if $compiler PIC flag $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) works],
+ _LT_AC_TAGVAR(lt_prog_compiler_pic_works, $1),
+ [$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])], [],
+ [case $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) in
+ "" | " "*) ;;
+ *) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)" ;;
+ esac],
+ [_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
+fi
+case "$host_os" in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])"
+ ;;
+esac
+])
+
+
+# AC_LIBTOOL_PROG_LD_SHLIBS([TAGNAME])
+# ------------------------------------
+# See if the linker supports building shared libraries.
+AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS],
+[AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+ifelse([$1],[CXX],[
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ case $host_os in
+ aix4* | aix5*)
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+ else
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+ fi
+ ;;
+ pw32*)
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds"
+ ;;
+ cygwin* | mingw*)
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([[^ ]]*\) [[^ ]]*/\1 DATA/;/^I /d;/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ *)
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ esac
+],[
+ runpath_var=
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=
+ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+ _LT_AC_TAGVAR(archive_cmds, $1)=
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)=
+ _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)=
+ _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1)=
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+ _LT_AC_TAGVAR(thread_safe_flag_spec, $1)=
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=unknown
+ _LT_AC_TAGVAR(hardcode_automatic, $1)=no
+ _LT_AC_TAGVAR(module_cmds, $1)=
+ _LT_AC_TAGVAR(module_expsym_cmds, $1)=
+ _LT_AC_TAGVAR(always_export_symbols, $1)=no
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ _LT_AC_TAGVAR(include_expsyms, $1)=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ _LT_AC_TAGVAR(exclude_expsyms, $1)="_GLOBAL_OFFSET_TABLE_"
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ extract_expsyms_cmds=
+ # Just being paranoid about ensuring that cc_basename is set.
+ _LT_CC_BASENAME([$compiler])
+ case $host_os in
+ cygwin* | mingw* | pw32*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ esac
+
+ _LT_AC_TAGVAR(ld_shlibs, $1)=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>/dev/null` in
+ *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix3* | aix4* | aix5*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ cat <<EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+EOF
+ fi
+ ;;
+
+ amigaos*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+
+ # Samuel A. Falvo II <kc5tja at dolphin.openprojects.net> reports
+ # that the semantics of dynamic libraries on AmigaOS, at least up
+ # to version 4, is to share data among multiple programs linked
+ # with the same dynamic library. Since this doesn't match the
+ # behavior of shared libraries on other platforms, we can't use
+ # them.
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+ # as there is no search path for DLLs.
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_AC_TAGVAR(always_export_symbols, $1)=no
+ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ linux*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ tmp_addflag=
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive,`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* ) # Portland Group f77 and f90 compilers
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive,`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ esac
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test $supports_anon_versioning = yes; then
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ $echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris* | sysv5*)
+ if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ cat <<EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+EOF
+ elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ sunos4*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+
+ if test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no; then
+ runpath_var=
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ if test "$GCC" = yes && test -z "$link_static_flag"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
+ fi
+ ;;
+
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+ else
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ _LT_AC_TAGVAR(archive_cmds, $1)=''
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[[012]]|aix4.[[012]].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ else
+ # We have old collect2
+ _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+ fi
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok'
+ # Determine the default libpath from the value encoded in an empty executable.
+ _LT_AC_SYS_LIBPATH_AIX
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an empty executable.
+ _LT_AC_SYS_LIBPATH_AIX
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+ # -bexpall does not export symbols beginning with underscore (_)
+ _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+ # Exported symbols can be pulled into shared objects from archives
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=' '
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+ # This is similar to how AIX traditionally builds it's shared libraries.
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}-bE:$export_symbols ${wl}-bnoentry${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ # see comment about different semantics on the GNU ld section
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ bsdi[[45]]*)
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='true'
+ # FIXME: Should let the user specify the lib program.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='lib /OUT:$oldlib$oldobjs$old_deplibs'
+ _LT_AC_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`'
+ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ ;;
+
+ darwin* | rhapsody*)
+ case "$host_os" in
+ rhapsody* | darwin1.[[012]])
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress'
+ ;;
+ *) # Darwin 1.3 on
+ if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ else
+ case ${MACOSX_DEPLOYMENT_TARGET} in
+ 10.[[012]])
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ ;;
+ 10.*)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_automatic, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=''
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+ if test "$GCC" = yes ; then
+ output_verbose_link_cmd='echo'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ case $cc_basename in
+ xlc*)
+ output_verbose_link_cmd='echo'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+ _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ ;;
+ *)
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ fi
+ ;;
+
+ dgux*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ freebsd1*)
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ ;;
+
+ hpux10* | hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname -o $lib $libobjs $deplibs $linker_flags'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ case "$host_cpu" in
+ hppa*64*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+ ia64*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ ;;
+ *)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ newsos6)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ openbsd*)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ else
+ case $host_os in
+ openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ ;;
+
+ os2*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_AC_TAGVAR(archive_cmds, $1)='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ else
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
+ $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+
+ sco3.2v5*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ;;
+
+ solaris*)
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' -z text'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
+ else
+ wlarc=''
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ case $host_os in
+ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+ *)
+ # The compiler driver will combine linker options so we
+ # cannot just pass the convience library names through
+ # without $wl, iff we do not link with $LD.
+ # Luckily, gcc supports the same syntax we need for Sun Studio.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ case $wlarc in
+ '')
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;;
+ *)
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
+ esac ;;
+ esac
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ ;;
+ motorola)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ sysv4.3*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ _LT_AC_TAGVAR(ld_shlibs, $1)=yes
+ fi
+ ;;
+
+ sysv4.2uw2*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ hardcode_runpath_var=yes
+ runpath_var=LD_RUN_PATH
+ ;;
+
+ sysv5OpenUNIX8* | sysv5UnixWare7* | sysv5uw[[78]]* | unixware7*)
+ _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z ${wl}text'
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ runpath_var='LD_RUN_PATH'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ sysv5*)
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' -z text'
+ # $CC -shared without GNU ld will not create a library from C++
+ # object files and a static libstdc++, better avoid it by now
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var='LD_RUN_PATH'
+ ;;
+
+ uts4*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ *)
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ fi
+])
+AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)])
+test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)" in
+x|xyes)
+ # Assume -lc should be added
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $_LT_AC_TAGVAR(archive_cmds, $1) in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ AC_MSG_CHECKING([whether -lc should be explicitly linked in])
+ $rm conftest*
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$_LT_AC_TAGVAR(allow_undefined_flag, $1)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=
+ if AC_TRY_EVAL(_LT_AC_TAGVAR(archive_cmds, $1) 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1)
+ then
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ else
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+ fi
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $rm conftest*
+ AC_MSG_RESULT([$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)])
+ ;;
+ esac
+ fi
+ ;;
+esac
+])# AC_LIBTOOL_PROG_LD_SHLIBS
+
+
+# _LT_AC_FILE_LTDLL_C
+# -------------------
+# Be careful that the start marker always follows a newline.
+AC_DEFUN([_LT_AC_FILE_LTDLL_C], [
+# /* ltdll.c starts here */
+# #define WIN32_LEAN_AND_MEAN
+# #include <windows.h>
+# #undef WIN32_LEAN_AND_MEAN
+# #include <stdio.h>
+#
+# #ifndef __CYGWIN__
+# # ifdef __CYGWIN32__
+# # define __CYGWIN__ __CYGWIN32__
+# # endif
+# #endif
+#
+# #ifdef __cplusplus
+# extern "C" {
+# #endif
+# BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved);
+# #ifdef __cplusplus
+# }
+# #endif
+#
+# #ifdef __CYGWIN__
+# #include <cygwin/cygwin_dll.h>
+# DECLARE_CYGWIN_DLL( DllMain );
+# #endif
+# HINSTANCE __hDllInstance_base;
+#
+# BOOL APIENTRY
+# DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved)
+# {
+# __hDllInstance_base = hInst;
+# return TRUE;
+# }
+# /* ltdll.c ends here */
+])# _LT_AC_FILE_LTDLL_C
+
+
+# _LT_AC_TAGVAR(VARNAME, [TAGNAME])
+# ---------------------------------
+AC_DEFUN([_LT_AC_TAGVAR], [ifelse([$2], [], [$1], [$1_$2])])
+
+
+# old names
+AC_DEFUN([AM_PROG_LIBTOOL], [AC_PROG_LIBTOOL])
+AC_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
+AC_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
+AC_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
+AC_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
+AC_DEFUN([AM_PROG_LD], [AC_PROG_LD])
+AC_DEFUN([AM_PROG_NM], [AC_PROG_NM])
+
+# This is just to silence aclocal about the macro not being used
+ifelse([AC_DISABLE_FAST_INSTALL])
+
+AC_DEFUN([LT_AC_PROG_GCJ],
+[AC_CHECK_TOOL(GCJ, gcj, no)
+ test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2"
+ AC_SUBST(GCJFLAGS)
+])
+
+AC_DEFUN([LT_AC_PROG_RC],
+[AC_CHECK_TOOL(RC, windres, no)
+])
+
+# NOTE: This macro has been submitted for inclusion into #
+# GNU Autoconf as AC_PROG_SED. When it is available in #
+# a released version of Autoconf we should remove this #
+# macro and use it instead. #
+# LT_AC_PROG_SED
+# --------------
+# Check for a fully-functional sed program, that truncates
+# as few characters as possible. Prefer GNU sed if found.
+AC_DEFUN([LT_AC_PROG_SED],
+[AC_MSG_CHECKING([for a sed that does not truncate output])
+AC_CACHE_VAL(lt_cv_path_SED,
+[# Loop through the user's path and test for sed and gsed.
+# Then use that list of sed's as ones to test for truncation.
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for lt_ac_prog in sed gsed; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
+ lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
+ fi
+ done
+ done
+done
+lt_ac_max=0
+lt_ac_count=0
+# Add /usr/xpg4/bin/sed as it is typically found on Solaris
+# along with /bin/sed that truncates output.
+for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
+ test ! -f $lt_ac_sed && continue
+ cat /dev/null > conftest.in
+ lt_ac_count=0
+ echo $ECHO_N "0123456789$ECHO_C" >conftest.in
+ # Check for GNU sed and select it if it is found.
+ if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
+ lt_cv_path_SED=$lt_ac_sed
+ break
+ fi
+ while true; do
+ cat conftest.in conftest.in >conftest.tmp
+ mv conftest.tmp conftest.in
+ cp conftest.in conftest.nl
+ echo >>conftest.nl
+ $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
+ cmp -s conftest.out conftest.nl || break
+ # 10000 chars as input seems more than enough
+ test $lt_ac_count -gt 10 && break
+ lt_ac_count=`expr $lt_ac_count + 1`
+ if test $lt_ac_count -gt $lt_ac_max; then
+ lt_ac_max=$lt_ac_count
+ lt_cv_path_SED=$lt_ac_sed
+ fi
+ done
+done
+])
+SED=$lt_cv_path_SED
+AC_MSG_RESULT([$SED])
+])
+
+# Copyright (C) 2002, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version="1.9"])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION so it can be traced.
+# This function is AC_REQUIREd by AC_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+ [AM_AUTOMAKE_VERSION([1.9.6])])
+
+# AM_AUX_DIR_EXPAND -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory. The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run. This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+# fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+# fails if $ac_aux_dir is absolute,
+# fails when called from a subdirectory in a VPATH build with
+# a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir. In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir. That would be:
+# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+# MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH. The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 7
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])],
+ [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])
+AC_SUBST([$1_FALSE])
+if $2; then
+ $1_TRUE=
+ $1_FALSE='#'
+else
+ $1_TRUE='#'
+ $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+ AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 8
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery. Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC, [depcc="$CC" am_compiler_list=],
+ [$1], CXX, [depcc="$CXX" am_compiler_list=],
+ [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+ [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'],
+ [depcc="$$1" am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+ [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_$1_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+ fi
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ case $depmode in
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ none) break ;;
+ esac
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this.
+ if depmode=$depmode \
+ source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_$1_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[ --disable-dependency-tracking speeds up one-time build
+ --enable-dependency-tracking do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+ am_depcomp="$ac_aux_dir/depcomp"
+ AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])
+])
+
+# Generate code to set up dependency tracking. -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 3
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[for mf in $CONFIG_FILES; do
+ # Strip MF so we end up with the name of the file.
+ mf=`echo "$mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile or not.
+ # We used to match only the files named `Makefile.in', but
+ # some people rename them; so instead we look at the file content.
+ # Grep'ing the first line is not enough: some people post-process
+ # each Makefile.in and add a new line on top of each file to say so.
+ # So let's grep whole file.
+ if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then
+ dirpart=`AS_DIRNAME("$mf")`
+ else
+ continue
+ fi
+ # Extract the definition of DEPDIR, am__include, and am__quote
+ # from the Makefile without running `make'.
+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+ test -z "$DEPDIR" && continue
+ am__include=`sed -n 's/^am__include = //p' < "$mf"`
+ test -z "am__include" && continue
+ am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+ # When using ansi2knr, U may be empty or an underscore; expand it
+ U=`sed -n 's/^U = //p' < "$mf"`
+ # Find all dependency output files, they are included files with
+ # $(DEPDIR) in their names. We invoke sed twice because it is the
+ # simplest approach to changing $(DEPDIR) to its actual value in the
+ # expansion.
+ for file in `sed -n "
+ s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+ # Make sure the directory exists.
+ test -f "$dirpart/$file" && continue
+ fdir=`AS_DIRNAME(["$file"])`
+ AS_MKDIR_P([$dirpart/$fdir])
+ # echo "creating $dirpart/$file"
+ echo '# dummy' > "$dirpart/$file"
+ done
+done
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled. FIXME. This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+ [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+ [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 8
+
+# AM_CONFIG_HEADER is obsolete. It has been replaced by AC_CONFIG_HEADERS.
+AU_DEFUN([AM_CONFIG_HEADER], [AC_CONFIG_HEADERS($@)])
+
+# Do all the work for Automake. -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 12
+
+# This macro actually does too much. Some checks are only needed if
+# your package does certain things. But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out. PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition. After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.58])dnl
+dnl Autoconf wants to disallow AM_ names. We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+# test to see if srcdir already configured
+if test "`cd $srcdir && pwd`" != "`pwd`" &&
+ test -f $srcdir/config.status; then
+ AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+ if (cygpath --version) >/dev/null 2>/dev/null; then
+ CYGPATH_W='cygpath -w'
+ else
+ CYGPATH_W=echo
+ fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AM_PROG_INSTALL_SH
+AM_PROG_INSTALL_STRIP
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target. The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+ [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+ [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+ [_AM_DEPENDENCIES(CC)],
+ [define([AC_PROG_CC],
+ defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+ [_AM_DEPENDENCIES(CXX)],
+ [define([AC_PROG_CXX],
+ defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+])
+])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated. The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+ case $_am_header in
+ $1 | $1:* )
+ break ;;
+ * )
+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+ esac
+done
+echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+install_sh=${install_sh-"$am_aux_dir/install-sh"}
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot. For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+ am__leading_dot=.
+else
+ am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Check to see how 'make' treats includes. -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 3
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+ @echo done
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# We grep out `Entering directory' and `Leaving directory'
+# messages which can occur if `w' ends up in MAKEFLAGS.
+# In particular we don't look at `^make:' because GNU make might
+# be invoked under some other name (usually "gmake"), in which
+# case it prints its new name instead of `make'.
+if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then
+ am__include=include
+ am__quote=
+ _am_result=GNU
+fi
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+ echo '.include "confinc"' > confmf
+ if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
+ am__include=.include
+ am__quote="\""
+ _am_result=BSD
+ fi
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+ am_missing_run="$MISSING --run "
+else
+ am_missing_run=
+ AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check whether `mkdir -p' is supported, fallback to mkinstalldirs otherwise.
+#
+# Automake 1.8 used `mkdir -m 0755 -p --' to ensure that directories
+# created by `make install' are always world readable, even if the
+# installer happens to have an overly restrictive umask (e.g. 077).
+# This was a mistake. There are at least two reasons why we must not
+# use `-m 0755':
+# - it causes special bits like SGID to be ignored,
+# - it may be too restrictive (some setups expect 775 directories).
+#
+# Do not use -m 0755 and let people choose whatever they expect by
+# setting umask.
+#
+# We cannot accept any implementation of `mkdir' that recognizes `-p'.
+# Some implementations (such as Solaris 8's) are not thread-safe: if a
+# parallel make tries to run `mkdir -p a/b' and `mkdir -p a/c'
+# concurrently, both version can detect that a/ is missing, but only
+# one can create it and the other will error out. Consequently we
+# restrict ourselves to GNU make (using the --version option ensures
+# this.)
+AC_DEFUN([AM_PROG_MKDIR_P],
+[if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
+ # We used to keeping the `.' as first argument, in order to
+ # allow $(mkdir_p) to be used without argument. As in
+ # $(mkdir_p) $(somedir)
+ # where $(somedir) is conditionally defined. However this is wrong
+ # for two reasons:
+ # 1. if the package is installed by a user who cannot write `.'
+ # make install will fail,
+ # 2. the above comment should most certainly read
+ # $(mkdir_p) $(DESTDIR)$(somedir)
+ # so it does not work when $(somedir) is undefined and
+ # $(DESTDIR) is not.
+ # To support the latter case, we have to write
+ # test -z "$(somedir)" || $(mkdir_p) $(DESTDIR)$(somedir),
+ # so the `.' trick is pointless.
+ mkdir_p='mkdir -p --'
+else
+ # On NextStep and OpenStep, the `mkdir' command does not
+ # recognize any option. It will interpret all options as
+ # directories to create, and then abort because `.' already
+ # exists.
+ for d in ./-p ./--version;
+ do
+ test -d $d && rmdir $d
+ done
+ # $(mkinstalldirs) is defined by Automake if mkinstalldirs exists.
+ if test -f "$ac_aux_dir/mkinstalldirs"; then
+ mkdir_p='$(mkinstalldirs)'
+ else
+ mkdir_p='$(install_sh) -d'
+ fi
+fi
+AC_SUBST([mkdir_p])])
+
+# Helper functions for option handling. -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 3
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME. Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[AC_FOREACH([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Check to make sure that the build environment is sane. -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
+ if test "$[*]" = "X"; then
+ # -L didn't work.
+ set X `ls -t $srcdir/configure conftest.file`
+ fi
+ rm -f conftest.file
+ if test "$[*]" != "X $srcdir/configure conftest.file" \
+ && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken
+alias in your environment])
+ fi
+
+ test "$[2]" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries. This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'. However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+ AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Check how to create a tarball. -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+# tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+# $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+ [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+ [m4_case([$1], [ustar],, [pax],,
+ [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+ case $_am_tool in
+ gnutar)
+ for _am_tar in tar gnutar gtar;
+ do
+ AM_RUN_LOG([$_am_tar --version]) && break
+ done
+ am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+ am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+ am__untar="$_am_tar -xf -"
+ ;;
+ plaintar)
+ # Must skip GNU tar: if it does not support --format= it doesn't create
+ # ustar tarball either.
+ (tar --version) >/dev/null 2>&1 && continue
+ am__tar='tar chf - "$$tardir"'
+ am__tar_='tar chf - "$tardir"'
+ am__untar='tar xf -'
+ ;;
+ pax)
+ am__tar='pax -L -x $1 -w "$$tardir"'
+ am__tar_='pax -L -x $1 -w "$tardir"'
+ am__untar='pax -r'
+ ;;
+ cpio)
+ am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+ am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+ am__untar='cpio -i -H $1 -d'
+ ;;
+ none)
+ am__tar=false
+ am__tar_=false
+ am__untar=false
+ ;;
+ esac
+
+ # If the value was cached, stop now. We just wanted to have am__tar
+ # and am__untar set.
+ test -n "${am_cv_prog_tar_$1}" && break
+
+ # tar/untar a dummy directory, and stop if the command works
+ rm -rf conftest.dir
+ mkdir conftest.dir
+ echo GrepMe > conftest.dir/file
+ AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+ rm -rf conftest.dir
+ if test -s conftest.tar; then
+ AM_RUN_LOG([$am__untar <conftest.tar])
+ grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+ fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/config.guess
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/config.guess (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/config.guess 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1473 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+
+timestamp='2005-07-08'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner <per at bothner.com>.
+# Please send patches to <config-patches at gnu.org>. Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub. If it succeeds, it prints the system name on stdout, and
+# exits with 0. Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches at gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help" >&2
+ exit 1 ;;
+ * )
+ break ;;
+ esac
+done
+
+if test $# != 0; then
+ echo "$me: too many arguments$help" >&2
+ exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,) echo "int x;" > $dummy.c ;
+ for c in cc gcc c89 c99 ; do
+ if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+ CC_FOR_BUILD="$c"; break ;
+ fi ;
+ done ;
+ if test x"$CC_FOR_BUILD" = x ; then
+ CC_FOR_BUILD=no_compiler_found ;
+ fi
+ ;;
+ ,,*) CC_FOR_BUILD=$CC ;;
+ ,*,*) CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi at noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+ PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+case "${UNAME_MACHINE}" in
+ i?86)
+ test -z "$VENDOR" && VENDOR=pc
+ ;;
+ *)
+ test -z "$VENDOR" && VENDOR=unknown
+ ;;
+esac
+test -f /etc/SuSE-release -o -f /.buildenv && VENDOR=suse
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+ *:NetBSD:*:*)
+ # NetBSD (nbsd) targets should (where applicable) match one or
+ # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+ # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
+ # switched to ELF, *-*-netbsd* would select the old
+ # object file format. This provides both forward
+ # compatibility and a consistent mechanism for selecting the
+ # object file format.
+ #
+ # Note: NetBSD doesn't particularly care about the vendor
+ # portion of the name. We always set it to "unknown".
+ sysctl="sysctl -n hw.machine_arch"
+ UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+ /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+ case "${UNAME_MACHINE_ARCH}" in
+ armeb) machine=armeb-unknown ;;
+ arm*) machine=arm-unknown ;;
+ sh3el) machine=shl-unknown ;;
+ sh3eb) machine=sh-unknown ;;
+ *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+ esac
+ # The Operating System including object format, if it has switched
+ # to ELF recently, or will in the future.
+ case "${UNAME_MACHINE_ARCH}" in
+ arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+ eval $set_cc_for_build
+ if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep __ELF__ >/dev/null
+ then
+ # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+ # Return netbsd for either. FIX?
+ os=netbsd
+ else
+ os=netbsdelf
+ fi
+ ;;
+ *)
+ os=netbsd
+ ;;
+ esac
+ # The OS release
+ # Debian GNU/NetBSD machines have a different userland, and
+ # thus, need a distinct triplet. However, they do not need
+ # kernel version information, so it can be replaced with a
+ # suitable tag, in the style of linux-gnu.
+ case "${UNAME_VERSION}" in
+ Debian*)
+ release='-gnu'
+ ;;
+ *)
+ release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ ;;
+ esac
+ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+ # contains redundant information, the shorter form:
+ # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+ echo "${machine}-${os}${release}"
+ exit ;;
+ *:OpenBSD:*:*)
+ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+ exit ;;
+ *:ekkoBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+ exit ;;
+ macppc:MirBSD:*:*)
+ echo powerppc-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ *:MirBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ alpha:OSF1:*:*)
+ case $UNAME_RELEASE in
+ *4.0)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+ ;;
+ *5.*)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+ ;;
+ esac
+ # According to Compaq, /usr/sbin/psrinfo has been available on
+ # OSF/1 and Tru64 systems produced since 1995. I hope that
+ # covers most systems running today. This code pipes the CPU
+ # types through head -n 1, so we only detect the type of CPU 0.
+ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+ case "$ALPHA_CPU_TYPE" in
+ "EV4 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "EV4.5 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "LCA4 (21066/21068)")
+ UNAME_MACHINE="alpha" ;;
+ "EV5 (21164)")
+ UNAME_MACHINE="alphaev5" ;;
+ "EV5.6 (21164A)")
+ UNAME_MACHINE="alphaev56" ;;
+ "EV5.6 (21164PC)")
+ UNAME_MACHINE="alphapca56" ;;
+ "EV5.7 (21164PC)")
+ UNAME_MACHINE="alphapca57" ;;
+ "EV6 (21264)")
+ UNAME_MACHINE="alphaev6" ;;
+ "EV6.7 (21264A)")
+ UNAME_MACHINE="alphaev67" ;;
+ "EV6.8CB (21264C)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8AL (21264B)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8CX (21264D)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.9A (21264/EV69A)")
+ UNAME_MACHINE="alphaev69" ;;
+ "EV7 (21364)")
+ UNAME_MACHINE="alphaev7" ;;
+ "EV7.9 (21364A)")
+ UNAME_MACHINE="alphaev79" ;;
+ esac
+ # A Pn.n version is a patched version.
+ # A Vn.n version is a released version.
+ # A Tn.n version is a released field test version.
+ # A Xn.n version is an unreleased experimental baselevel.
+ # 1.2 uses "1.2" for uname -r.
+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ exit ;;
+ Alpha\ *:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # Should we change UNAME_MACHINE based on the output of uname instead
+ # of the specific Alpha model?
+ echo alpha-pc-interix
+ exit ;;
+ 21064:Windows_NT:50:3)
+ echo alpha-dec-winnt3.5
+ exit ;;
+ Amiga*:UNIX_System_V:4.0:*)
+ echo m68k-unknown-sysv4
+ exit ;;
+ *:[Aa]miga[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-amigaos
+ exit ;;
+ *:[Mm]orph[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-morphos
+ exit ;;
+ *:OS/390:*:*)
+ echo i370-ibm-openedition
+ exit ;;
+ *:z/VM:*:*)
+ echo s390-ibm-zvmoe
+ exit ;;
+ *:OS400:*:*)
+ echo powerpc-ibm-os400
+ exit ;;
+ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+ echo arm-acorn-riscix${UNAME_RELEASE}
+ exit ;;
+ arm:riscos:*:*|arm:RISCOS:*:*)
+ echo arm-unknown-riscos
+ exit ;;
+ SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+ echo hppa1.1-hitachi-hiuxmpp
+ exit ;;
+ Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+ # akee at wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+ if test "`(/bin/universe) 2>/dev/null`" = att ; then
+ echo pyramid-pyramid-sysv3
+ else
+ echo pyramid-pyramid-bsd
+ fi
+ exit ;;
+ NILE*:*:*:dcosx)
+ echo pyramid-pyramid-svr4
+ exit ;;
+ DRS?6000:unix:4.0:6*)
+ echo sparc-icl-nx6
+ exit ;;
+ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+ case `/usr/bin/uname -p` in
+ sparc) echo sparc-icl-nx7; exit ;;
+ esac ;;
+ sun4H:SunOS:5.*:*)
+ echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+ echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ i86pc:SunOS:5.*:*)
+ echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:6*:*)
+ # According to config.sub, this is the proper way to canonicalize
+ # SunOS6. Hard to guess exactly what SunOS6 will be like, but
+ # it's likely to be more like Solaris than SunOS4.
+ echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:*:*)
+ case "`/usr/bin/arch -k`" in
+ Series*|S4*)
+ UNAME_RELEASE=`uname -v`
+ ;;
+ esac
+ # Japanese Language versions have a version number like `4.1.3-JL'.
+ echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+ exit ;;
+ sun3*:SunOS:*:*)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ exit ;;
+ sun*:*:4.2BSD:*)
+ UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+ test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+ case "`/bin/arch`" in
+ sun3)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ ;;
+ sun4)
+ echo sparc-sun-sunos${UNAME_RELEASE}
+ ;;
+ esac
+ exit ;;
+ aushp:SunOS:*:*)
+ echo sparc-auspex-sunos${UNAME_RELEASE}
+ exit ;;
+ # The situation for MiNT is a little confusing. The machine name
+ # can be virtually everything (everything which is not
+ # "atarist" or "atariste" at least should have a processor
+ # > m68000). The system name ranges from "MiNT" over "FreeMiNT"
+ # to the lowercase version "mint" (or "freemint"). Finally
+ # the system name "TOS" denotes a system which is actually not
+ # MiNT. But MiNT is downward compatible to TOS, so this should
+ # be no problem.
+ atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+ echo m68k-milan-mint${UNAME_RELEASE}
+ exit ;;
+ hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+ echo m68k-hades-mint${UNAME_RELEASE}
+ exit ;;
+ *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+ echo m68k-unknown-mint${UNAME_RELEASE}
+ exit ;;
+ m68k:machten:*:*)
+ echo m68k-apple-machten${UNAME_RELEASE}
+ exit ;;
+ powerpc:machten:*:*)
+ echo powerpc-apple-machten${UNAME_RELEASE}
+ exit ;;
+ RISC*:Mach:*:*)
+ echo mips-dec-mach_bsd4.3
+ exit ;;
+ RISC*:ULTRIX:*:*)
+ echo mips-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ VAX*:ULTRIX*:*:*)
+ echo vax-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ 2020:CLIX:*:* | 2430:CLIX:*:*)
+ echo clipper-intergraph-clix${UNAME_RELEASE}
+ exit ;;
+ mips:*:*:UMIPS | mips:*:*:RISCos)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h> /* for printf() prototype */
+ int main (int argc, char *argv[]) {
+#else
+ int main (argc, argv) int argc; char *argv[]; {
+#endif
+ #if defined (host_mips) && defined (MIPSEB)
+ #if defined (SYSTYPE_SYSV)
+ printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_SVR4)
+ printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+ printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+ #endif
+ #endif
+ exit (-1);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c &&
+ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+ SYSTEM_NAME=`$dummy $dummyarg` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo mips-mips-riscos${UNAME_RELEASE}
+ exit ;;
+ Motorola:PowerMAX_OS:*:*)
+ echo powerpc-motorola-powermax
+ exit ;;
+ Motorola:*:4.3:PL8-*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:Power_UNIX:*:*)
+ echo powerpc-harris-powerunix
+ exit ;;
+ m88k:CX/UX:7*:*)
+ echo m88k-harris-cxux7
+ exit ;;
+ m88k:*:4*:R4*)
+ echo m88k-motorola-sysv4
+ exit ;;
+ m88k:*:3*:R3*)
+ echo m88k-motorola-sysv3
+ exit ;;
+ AViiON:dgux:*:*)
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+ then
+ if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+ [ ${TARGET_BINARY_INTERFACE}x = x ]
+ then
+ echo m88k-dg-dgux${UNAME_RELEASE}
+ else
+ echo m88k-dg-dguxbcs${UNAME_RELEASE}
+ fi
+ else
+ echo i586-dg-dgux${UNAME_RELEASE}
+ fi
+ exit ;;
+ M88*:DolphinOS:*:*) # DolphinOS (SVR3)
+ echo m88k-dolphin-sysv3
+ exit ;;
+ M88*:*:R3*:*)
+ # Delta 88k system running SVR3
+ echo m88k-motorola-sysv3
+ exit ;;
+ XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+ echo m88k-tektronix-sysv3
+ exit ;;
+ Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+ echo m68k-tektronix-bsd
+ exit ;;
+ *:IRIX*:*:*)
+ echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+ exit ;;
+ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ i*86:AIX:*:*)
+ echo i386-ibm-aix
+ exit ;;
+ ia64:AIX:*:*)
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:2:3)
+ if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <sys/systemcfg.h>
+
+ main()
+ {
+ if (!__power_pc())
+ exit(1);
+ puts("powerpc-ibm-aix3.2.5");
+ exit(0);
+ }
+EOF
+ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+ then
+ echo "$SYSTEM_NAME"
+ else
+ echo rs6000-ibm-aix3.2.5
+ fi
+ elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+ echo rs6000-ibm-aix3.2.4
+ else
+ echo rs6000-ibm-aix3.2
+ fi
+ exit ;;
+ *:AIX:*:[45])
+ IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+ if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+ IBM_ARCH=rs6000
+ else
+ IBM_ARCH=powerpc
+ fi
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:*:*)
+ echo rs6000-ibm-aix
+ exit ;;
+ ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+ echo romp-ibm-bsd4.4
+ exit ;;
+ ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
+ echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
+ exit ;; # report: romp-ibm BSD 4.3
+ *:BOSX:*:*)
+ echo rs6000-bull-bosx
+ exit ;;
+ DPX/2?00:B.O.S.:*:*)
+ echo m68k-bull-sysv3
+ exit ;;
+ 9000/[34]??:4.3bsd:1.*:*)
+ echo m68k-hp-bsd
+ exit ;;
+ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+ echo m68k-hp-bsd4.4
+ exit ;;
+ 9000/[34678]??:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ case "${UNAME_MACHINE}" in
+ 9000/31? ) HP_ARCH=m68000 ;;
+ 9000/[34]?? ) HP_ARCH=m68k ;;
+ 9000/[678][0-9][0-9])
+ if [ -x /usr/bin/getconf ]; then
+ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+ case "${sc_cpu_version}" in
+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 532) # CPU_PA_RISC2_0
+ case "${sc_kernel_bits}" in
+ 32) HP_ARCH="hppa2.0n" ;;
+ 64) HP_ARCH="hppa2.0w" ;;
+ '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
+ esac ;;
+ esac
+ fi
+ if [ "${HP_ARCH}" = "" ]; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+
+ #define _HPUX_SOURCE
+ #include <stdlib.h>
+ #include <unistd.h>
+
+ int main ()
+ {
+ #if defined(_SC_KERNEL_BITS)
+ long bits = sysconf(_SC_KERNEL_BITS);
+ #endif
+ long cpu = sysconf (_SC_CPU_VERSION);
+
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+ case CPU_PA_RISC2_0:
+ #if defined(_SC_KERNEL_BITS)
+ switch (bits)
+ {
+ case 64: puts ("hppa2.0w"); break;
+ case 32: puts ("hppa2.0n"); break;
+ default: puts ("hppa2.0"); break;
+ } break;
+ #else /* !defined(_SC_KERNEL_BITS) */
+ puts ("hppa2.0"); break;
+ #endif
+ default: puts ("hppa1.0"); break;
+ }
+ exit (0);
+ }
+EOF
+ (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+ test -z "$HP_ARCH" && HP_ARCH=hppa
+ fi ;;
+ esac
+ if [ ${HP_ARCH} = "hppa2.0w" ]
+ then
+ eval $set_cc_for_build
+
+ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
+ # generating 64-bit code. GNU and HP use different nomenclature:
+ #
+ # $ CC_FOR_BUILD=cc ./config.guess
+ # => hppa2.0w-hp-hpux11.23
+ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+ # => hppa64-hp-hpux11.23
+
+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+ grep __LP64__ >/dev/null
+ then
+ HP_ARCH="hppa2.0w"
+ else
+ HP_ARCH="hppa64"
+ fi
+ fi
+ echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+ exit ;;
+ ia64:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ echo ia64-hp-hpux${HPUX_REV}
+ exit ;;
+ 3050*:HI-UX:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <unistd.h>
+ int
+ main ()
+ {
+ long cpu = sysconf (_SC_CPU_VERSION);
+ /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+ true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
+ results, however. */
+ if (CPU_IS_PA_RISC (cpu))
+ {
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+ default: puts ("hppa-hitachi-hiuxwe2"); break;
+ }
+ }
+ else if (CPU_IS_HP_MC68K (cpu))
+ puts ("m68k-hitachi-hiuxwe2");
+ else puts ("unknown-hitachi-hiuxwe2");
+ exit (0);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo unknown-hitachi-hiuxwe2
+ exit ;;
+ 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+ echo hppa1.1-hp-bsd
+ exit ;;
+ 9000/8??:4.3bsd:*:*)
+ echo hppa1.0-hp-bsd
+ exit ;;
+ *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+ echo hppa1.0-hp-mpeix
+ exit ;;
+ hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+ echo hppa1.1-hp-osf
+ exit ;;
+ hp8??:OSF1:*:*)
+ echo hppa1.0-hp-osf
+ exit ;;
+ i*86:OSF1:*:*)
+ if [ -x /usr/sbin/sysversion ] ; then
+ echo ${UNAME_MACHINE}-unknown-osf1mk
+ else
+ echo ${UNAME_MACHINE}-unknown-osf1
+ fi
+ exit ;;
+ parisc*:Lites*:*:*)
+ echo hppa1.1-hp-lites
+ exit ;;
+ C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+ echo c1-convex-bsd
+ exit ;;
+ C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+ echo c34-convex-bsd
+ exit ;;
+ C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+ echo c38-convex-bsd
+ exit ;;
+ C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+ echo c4-convex-bsd
+ exit ;;
+ CRAY*Y-MP:*:*:*)
+ echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*[A-Z]90:*:*:*)
+ echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+ -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*TS:*:*:*)
+ echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*T3E:*:*:*)
+ echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*SV1:*:*:*)
+ echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ *:UNICOS/mp:*:*)
+ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+ FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ 5000:UNIX_System_V:4.*:*)
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+ echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+ exit ;;
+ sparc*:BSD/OS:*:*)
+ echo sparc-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:BSD/OS:*:*)
+ echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:FreeBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ exit ;;
+ i*:CYGWIN*:*)
+ echo ${UNAME_MACHINE}-pc-cygwin
+ exit ;;
+ i*:MINGW*:*)
+ echo ${UNAME_MACHINE}-pc-mingw32
+ exit ;;
+ i*:windows32*:*)
+ # uname -m includes "-pc" on this system.
+ echo ${UNAME_MACHINE}-mingw32
+ exit ;;
+ i*:PW*:*)
+ echo ${UNAME_MACHINE}-pc-pw32
+ exit ;;
+ x86:Interix*:[34]*)
+ echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
+ exit ;;
+ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+ echo i${UNAME_MACHINE}-pc-mks
+ exit ;;
+ i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+ # UNAME_MACHINE based on the output of uname instead of i386?
+ echo i586-pc-interix
+ exit ;;
+ i*:UWIN*:*)
+ echo ${UNAME_MACHINE}-pc-uwin
+ exit ;;
+ amd64:CYGWIN*:*:*)
+ echo x86_64-unknown-cygwin
+ exit ;;
+ p*:CYGWIN*:*)
+ echo powerpcle-unknown-cygwin
+ exit ;;
+ prep*:SunOS:5.*:*)
+ echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ *:GNU:*:*)
+ # the GNU system
+ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+ exit ;;
+ *:GNU/*:*:*)
+ # other systems with GNU libc and userland
+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+ exit ;;
+ i*86:Minix:*:*)
+ echo ${UNAME_MACHINE}-pc-minix
+ exit ;;
+ arm*:Linux:*:*)
+ echo ${UNAME_MACHINE}-${VENDOR}-linux
+ exit ;;
+ cris:Linux:*:*)
+ echo cris-axis-linux
+ exit ;;
+ crisv32:Linux:*:*)
+ echo crisv32-axis-linux
+ exit ;;
+ frv:Linux:*:*)
+ echo frv-${VENDOR}-linux
+ exit ;;
+ ia64:Linux:*:*)
+ echo ${UNAME_MACHINE}-${VENDOR}-linux
+ exit ;;
+ m32r*:Linux:*:*)
+ echo ${UNAME_MACHINE}-${VENDOR}-linux
+ exit ;;
+ m68*:Linux:*:*)
+ echo ${UNAME_MACHINE}-${VENDOR}-linux
+ exit ;;
+ mips:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #undef CPU
+ #undef mips
+ #undef mipsel
+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+ CPU=mipsel
+ #else
+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+ CPU=mips
+ #else
+ CPU=
+ #endif
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+ test x"${CPU}" != x && { echo "${CPU}-${VENDOR}-linux"; exit; }
+ ;;
+ mips64:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #undef CPU
+ #undef mips64
+ #undef mips64el
+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+ CPU=mips64el
+ #else
+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+ CPU=mips64
+ #else
+ CPU=
+ #endif
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+ test x"${CPU}" != x && { echo "${CPU}-${VENDOR}-linux"; exit; }
+ ;;
+ ppc:Linux:*:*)
+ echo powerpc-${VENDOR}-linux
+ exit ;;
+ ppc64:Linux:*:*)
+ echo powerpc64-${VENDOR}-linux
+ exit ;;
+ alpha:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5) UNAME_MACHINE=alphaev5 ;;
+ EV56) UNAME_MACHINE=alphaev56 ;;
+ PCA56) UNAME_MACHINE=alphapca56 ;;
+ PCA57) UNAME_MACHINE=alphapca56 ;;
+ EV6) UNAME_MACHINE=alphaev6 ;;
+ EV67) UNAME_MACHINE=alphaev67 ;;
+ EV68*) UNAME_MACHINE=alphaev68 ;;
+ esac
+ objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-${VENDOR}-linux${LIBC}
+ exit ;;
+ parisc:Linux:*:* | hppa:Linux:*:*)
+ # Look for CPU level
+ case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+ PA7*) echo hppa1.1-${VENDOR}-linux ;;
+ PA8*) echo hppa2.0-${VENDOR}-linux ;;
+ *) echo hppa-${VENDOR}-linux ;;
+ esac
+ exit ;;
+ parisc64:Linux:*:* | hppa64:Linux:*:*)
+ echo hppa64-${VENDOR}-linux
+ exit ;;
+ s390:Linux:*:* | s390x:Linux:*:*)
+ echo ${UNAME_MACHINE}-ibm-linux
+ exit ;;
+ sh64*:Linux:*:*)
+ echo ${UNAME_MACHINE}-${VENDOR}-linux
+ exit ;;
+ sh*:Linux:*:*)
+ echo ${UNAME_MACHINE}-${VENDOR}-linux
+ exit ;;
+ sparc:Linux:*:* | sparc64:Linux:*:*)
+ echo ${UNAME_MACHINE}-${VENDOR}-linux
+ exit ;;
+ x86_64:Linux:*:*)
+ echo x86_64-${VENDOR}-linux
+ exit ;;
+ i*86:Linux:*:*)
+ # The BFD linker knows what the default object file format is, so
+ # first see if it will tell us. cd to the root directory to prevent
+ # problems with other programs or directories called `ld' in the path.
+ # Set LC_ALL=C to ensure ld outputs messages in English.
+ ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+ | sed -ne '/supported targets:/!d
+ s/[ ][ ]*/ /g
+ s/.*supported targets: *//
+ s/ .*//
+ p'`
+ case "$ld_supported_targets" in
+ elf32-i386)
+ TENTATIVE="${UNAME_MACHINE}-${VENDOR}-linux"
+ ;;
+ a.out-i386-linux)
+ echo "${UNAME_MACHINE}-${VENDOR}-linuxaout"
+ exit ;;
+ coff-i386)
+ echo "${UNAME_MACHINE}-${VENDOR}-linuxcoff"
+ exit ;;
+ "")
+ # Either a pre-BFD a.out linker (linuxoldld) or
+ # one that does not give us useful --help.
+ echo "${UNAME_MACHINE}-${VENDOR}-linuxoldld"
+ exit ;;
+ esac
+ # Determine whether the default compiler is a.out or elf
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <features.h>
+ #ifdef __ELF__
+ # ifdef __GLIBC__
+ # if __GLIBC__ >= 2
+ LIBC=gnu
+ # else
+ LIBC=gnulibc1
+ # endif
+ # else
+ LIBC=gnulibc1
+ # endif
+ #else
+ #ifdef __INTEL_COMPILER
+ LIBC=gnu
+ #else
+ LIBC=gnuaout
+ #endif
+ #endif
+ #ifdef __dietlibc__
+ LIBC=dietlibc
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
+ test x"${LIBC}" != x && {
+ echo "${UNAME_MACHINE}-${VENDOR}-linux-${LIBC}" | sed 's/linux-gnu/linux/'
+ exit
+ }
+ test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+ ;;
+ i*86:DYNIX/ptx:4*:*)
+ # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+ # earlier versions are messed up and put the nodename in both
+ # sysname and nodename.
+ echo i386-sequent-sysv4
+ exit ;;
+ i*86:UNIX_SV:4.2MP:2.*)
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+ # I am not positive that other SVR4 systems won't match this,
+ # I just have to hope. -- rms.
+ # Use sysv4.2uw... so that sysv4* matches it.
+ echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+ exit ;;
+ i*86:OS/2:*:*)
+ # If we were able to find `uname', then EMX Unix compatibility
+ # is probably installed.
+ echo ${UNAME_MACHINE}-pc-os2-emx
+ exit ;;
+ i*86:XTS-300:*:STOP)
+ echo ${UNAME_MACHINE}-unknown-stop
+ exit ;;
+ i*86:atheos:*:*)
+ echo ${UNAME_MACHINE}-unknown-atheos
+ exit ;;
+ i*86:syllable:*:*)
+ echo ${UNAME_MACHINE}-pc-syllable
+ exit ;;
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+ echo i386-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ i*86:*DOS:*:*)
+ echo ${UNAME_MACHINE}-pc-msdosdjgpp
+ exit ;;
+ i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+ UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+ if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+ echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+ else
+ echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+ fi
+ exit ;;
+ i*86:*:5:[678]*)
+ # UnixWare 7.x, OpenUNIX and OpenServer 6.
+ case `/bin/uname -X | grep "^Machine"` in
+ *486*) UNAME_MACHINE=i486 ;;
+ *Pentium) UNAME_MACHINE=i586 ;;
+ *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+ esac
+ echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+ exit ;;
+ i*86:*:3.2:*)
+ if test -f /usr/options/cb.name; then
+ UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+ echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+ elif /bin/uname -X 2>/dev/null >/dev/null ; then
+ UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+ (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+ (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+ && UNAME_MACHINE=i586
+ (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+ && UNAME_MACHINE=i686
+ (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+ && UNAME_MACHINE=i686
+ echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+ else
+ echo ${UNAME_MACHINE}-pc-sysv32
+ fi
+ exit ;;
+ pc:*:*:*)
+ # Left here for compatibility:
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i386.
+ echo i386-pc-msdosdjgpp
+ exit ;;
+ Intel:Mach:3*:*)
+ echo i386-pc-mach3
+ exit ;;
+ paragon:*:*:*)
+ echo i860-intel-osf1
+ exit ;;
+ i860:*:4.*:*) # i860-SVR4
+ if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+ echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+ else # Add other i860-SVR4 vendors below as they are discovered.
+ echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
+ fi
+ exit ;;
+ mini*:CTIX:SYS*5:*)
+ # "miniframe"
+ echo m68010-convergent-sysv
+ exit ;;
+ mc68k:UNIX:SYSTEM5:3.51m)
+ echo m68k-convergent-sysv
+ exit ;;
+ M680?0:D-NIX:5.3:*)
+ echo m68k-diab-dnix
+ exit ;;
+ M68*:*:R3V[5678]*:*)
+ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+ OS_REL=''
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4; exit; } ;;
+ m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+ echo m68k-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ mc68030:UNIX_System_V:4.*:*)
+ echo m68k-atari-sysv4
+ exit ;;
+ TSUNAMI:LynxOS:2.*:*)
+ echo sparc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ rs6000:LynxOS:2.*:*)
+ echo rs6000-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+ echo powerpc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ SM[BE]S:UNIX_SV:*:*)
+ echo mips-dde-sysv${UNAME_RELEASE}
+ exit ;;
+ RM*:ReliantUNIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ RM*:SINIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ *:SINIX-*:*:*)
+ if uname -p 2>/dev/null >/dev/null ; then
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ echo ${UNAME_MACHINE}-sni-sysv4
+ else
+ echo ns32k-sni-sysv
+ fi
+ exit ;;
+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says <Richard.M.Bartel at ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+ exit ;;
+ *:UNIX_System_V:4*:FTX*)
+ # From Gerald Hewes <hewes at openmarket.com>.
+ # How about differentiating between stratus architectures? -djm
+ echo hppa1.1-stratus-sysv4
+ exit ;;
+ *:*:*:FTX*)
+ # From seanf at swdc.stratus.com.
+ echo i860-stratus-sysv4
+ exit ;;
+ i*86:VOS:*:*)
+ # From Paul.Green at stratus.com.
+ echo ${UNAME_MACHINE}-stratus-vos
+ exit ;;
+ *:VOS:*:*)
+ # From Paul.Green at stratus.com.
+ echo hppa1.1-stratus-vos
+ exit ;;
+ mc68*:A/UX:*:*)
+ echo m68k-apple-aux${UNAME_RELEASE}
+ exit ;;
+ news*:NEWS-OS:6*:*)
+ echo mips-sony-newsos6
+ exit ;;
+ R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+ if [ -d /usr/nec ]; then
+ echo mips-nec-sysv${UNAME_RELEASE}
+ else
+ echo mips-unknown-sysv${UNAME_RELEASE}
+ fi
+ exit ;;
+ BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
+ echo powerpc-be-beos
+ exit ;;
+ BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
+ echo powerpc-apple-beos
+ exit ;;
+ BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
+ echo i586-pc-beos
+ exit ;;
+ SX-4:SUPER-UX:*:*)
+ echo sx4-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-5:SUPER-UX:*:*)
+ echo sx5-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-6:SUPER-UX:*:*)
+ echo sx6-nec-superux${UNAME_RELEASE}
+ exit ;;
+ Power*:Rhapsody:*:*)
+ echo powerpc-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Rhapsody:*:*)
+ echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Darwin:*:*)
+ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+ case $UNAME_PROCESSOR in
+ *86) UNAME_PROCESSOR=i686 ;;
+ unknown) UNAME_PROCESSOR=powerpc ;;
+ esac
+ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+ exit ;;
+ *:procnto*:*:* | *:QNX:[0123456789]*:*)
+ UNAME_PROCESSOR=`uname -p`
+ if test "$UNAME_PROCESSOR" = "x86"; then
+ UNAME_PROCESSOR=i386
+ UNAME_MACHINE=pc
+ fi
+ echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+ exit ;;
+ *:QNX:*:4*)
+ echo i386-pc-qnx
+ exit ;;
+ NSE-?:NONSTOP_KERNEL:*:*)
+ echo nse-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSR-?:NONSTOP_KERNEL:*:*)
+ echo nsr-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ *:NonStop-UX:*:*)
+ echo mips-compaq-nonstopux
+ exit ;;
+ BS2000:POSIX*:*:*)
+ echo bs2000-siemens-sysv
+ exit ;;
+ DS/*:UNIX_System_V:*:*)
+ echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+ exit ;;
+ *:Plan9:*:*)
+ # "uname -m" is not consistent, so use $cputype instead. 386
+ # is converted to i386 for consistency with other x86
+ # operating systems.
+ if test "$cputype" = "386"; then
+ UNAME_MACHINE=i386
+ else
+ UNAME_MACHINE="$cputype"
+ fi
+ echo ${UNAME_MACHINE}-unknown-plan9
+ exit ;;
+ *:TOPS-10:*:*)
+ echo pdp10-unknown-tops10
+ exit ;;
+ *:TENEX:*:*)
+ echo pdp10-unknown-tenex
+ exit ;;
+ KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+ echo pdp10-dec-tops20
+ exit ;;
+ XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+ echo pdp10-xkl-tops20
+ exit ;;
+ *:TOPS-20:*:*)
+ echo pdp10-unknown-tops20
+ exit ;;
+ *:ITS:*:*)
+ echo pdp10-unknown-its
+ exit ;;
+ SEI:*:*:SEIUX)
+ echo mips-sei-seiux${UNAME_RELEASE}
+ exit ;;
+ *:DragonFly:*:*)
+ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ exit ;;
+ *:*VMS:*:*)
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ case "${UNAME_MACHINE}" in
+ A*) echo alpha-dec-vms ; exit ;;
+ I*) echo ia64-dec-vms ; exit ;;
+ V*) echo vax-dec-vms ; exit ;;
+ esac ;;
+ *:XENIX:*:SysV)
+ echo i386-pc-xenix
+ exit ;;
+ i*86:skyos:*:*)
+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+ exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
+ I don't know.... */
+ printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+ printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+ "4"
+#else
+ ""
+#endif
+ ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+ printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+ printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+ int version;
+ version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+ if (version < 4)
+ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+ else
+ printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+ exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+ printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+ printf ("ns32k-encore-mach\n"); exit (0);
+#else
+ printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+ printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+ printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+ printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+ struct utsname un;
+
+ uname(&un);
+
+ if (strncmp(un.version, "V2", 2) == 0) {
+ printf ("i386-sequent-ptx2\n"); exit (0);
+ }
+ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+ printf ("i386-sequent-ptx1\n"); exit (0);
+ }
+ printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+# include <sys/param.h>
+# if defined (BSD)
+# if BSD == 43
+ printf ("vax-dec-bsd4.3\n"); exit (0);
+# else
+# if BSD == 199006
+ printf ("vax-dec-bsd4.3reno\n"); exit (0);
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# endif
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# else
+ printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+ printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+ exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+ case `getsysinfo -f cpu_type` in
+ c1*)
+ echo c1-convex-bsd
+ exit ;;
+ c2*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ c34*)
+ echo c34-convex-bsd
+ exit ;;
+ c38*)
+ echo c38-convex-bsd
+ exit ;;
+ c4*)
+ echo c4-convex-bsd
+ exit ;;
+ esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches at gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo = `(hostinfo) 2>/dev/null`
+/bin/universe = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
Property changes on: openldap/vendor/openldap-2.3.35/contrib/ldapc++/config.guess
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/config.sub
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/config.sub (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/config.sub 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1576 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+
+timestamp='2005-07-08'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine. It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches at gnu.org>. Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support. The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+ $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches at gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help"
+ exit 1 ;;
+
+ *local*)
+ # First pass through any local machine types.
+ echo $1
+ exit ;;
+
+ * )
+ break ;;
+ esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+ exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+ exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+ nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \
+ kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
+ os=-$maybe_os
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+ ;;
+ *)
+ basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+ if [ $basic_machine != $1 ]
+ then os=`echo $1 | sed 's/.*-/-/'`
+ else os=; fi
+ ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work. We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+ -sun*os*)
+ # Prevent following clause from handling this invalid input.
+ ;;
+ -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+ -apple | -axis | -knuth | -cray)
+ os=
+ basic_machine=$1
+ ;;
+ -sim | -cisco | -oki | -wec | -winbond)
+ os=
+ basic_machine=$1
+ ;;
+ -scout)
+ ;;
+ -wrs)
+ os=-vxworks
+ basic_machine=$1
+ ;;
+ -chorusos*)
+ os=-chorusos
+ basic_machine=$1
+ ;;
+ -chorusrdb)
+ os=-chorusrdb
+ basic_machine=$1
+ ;;
+ -hiux*)
+ os=-hiuxwe2
+ ;;
+ -sco5)
+ os=-sco3.2v5
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco4)
+ os=-sco3.2v4
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2.[4-9]*)
+ os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2v[4-9]*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco*)
+ os=-sco3.2v2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -udk*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -isc)
+ os=-isc2.2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -clix*)
+ basic_machine=clipper-intergraph
+ ;;
+ -isc*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -lynx*)
+ os=-lynxos
+ ;;
+ -ptx*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+ ;;
+ -windowsnt*)
+ os=`echo $os | sed -e 's/windowsnt/winnt/'`
+ ;;
+ -psos*)
+ os=-psos
+ ;;
+ -mint | -mint[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+ # Recognize the basic CPU types without company name.
+ # Some are omitted here because they have special meanings below.
+ 1750a | 580 \
+ | a29k \
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ | am33_2.0 \
+ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
+ | bfin \
+ | c4x | clipper \
+ | d10v | d30v | dlx | dsp16xx \
+ | fr30 | frv \
+ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | i370 | i860 | i960 | ia64 \
+ | ip2k | iq2000 \
+ | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
+ | mips | mipsbe | mipseb | mipsel | mipsle \
+ | mips16 \
+ | mips64 | mips64el \
+ | mips64vr | mips64vrel \
+ | mips64orion | mips64orionel \
+ | mips64vr4100 | mips64vr4100el \
+ | mips64vr4300 | mips64vr4300el \
+ | mips64vr5000 | mips64vr5000el \
+ | mips64vr5900 | mips64vr5900el \
+ | mipsisa32 | mipsisa32el \
+ | mipsisa32r2 | mipsisa32r2el \
+ | mipsisa64 | mipsisa64el \
+ | mipsisa64r2 | mipsisa64r2el \
+ | mipsisa64sb1 | mipsisa64sb1el \
+ | mipsisa64sr71k | mipsisa64sr71kel \
+ | mipstx39 | mipstx39el \
+ | mn10200 | mn10300 \
+ | ms1 \
+ | msp430 \
+ | ns16k | ns32k \
+ | or32 \
+ | pdp10 | pdp11 | pj | pjl \
+ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+ | pyramid \
+ | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
+ | sh64 | sh64le \
+ | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b \
+ | strongarm \
+ | tahoe | thumb | tic4x | tic80 | tron \
+ | v850 | v850e \
+ | we32k \
+ | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
+ | z8k)
+ basic_machine=$basic_machine-unknown
+ ;;
+ m32c)
+ basic_machine=$basic_machine-unknown
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12)
+ # Motorola 68HC11/12.
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+ ;;
+
+ # We use `pc' rather than `unknown'
+ # because (1) that's what they normally are, and
+ # (2) the word "unknown" tends to confuse beginning users.
+ i*86 | x86_64)
+ basic_machine=$basic_machine-pc
+ ;;
+ # Object if more than one company name word.
+ *-*-*)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+ # Recognize the basic CPU types with company name.
+ 580-* \
+ | a29k-* \
+ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
+ | avr-* \
+ | bfin-* | bs2000-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+ | clipper-* | craynv-* | cydra-* \
+ | d10v-* | d30v-* | dlx-* \
+ | elxsi-* \
+ | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+ | h8300-* | h8500-* \
+ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+ | i*86-* | i860-* | i960-* | ia64-* \
+ | ip2k-* | iq2000-* \
+ | m32r-* | m32rle-* \
+ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* \
+ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+ | mips16-* \
+ | mips64-* | mips64el-* \
+ | mips64vr-* | mips64vrel-* \
+ | mips64orion-* | mips64orionel-* \
+ | mips64vr4100-* | mips64vr4100el-* \
+ | mips64vr4300-* | mips64vr4300el-* \
+ | mips64vr5000-* | mips64vr5000el-* \
+ | mips64vr5900-* | mips64vr5900el-* \
+ | mipsisa32-* | mipsisa32el-* \
+ | mipsisa32r2-* | mipsisa32r2el-* \
+ | mipsisa64-* | mipsisa64el-* \
+ | mipsisa64r2-* | mipsisa64r2el-* \
+ | mipsisa64sb1-* | mipsisa64sb1el-* \
+ | mipsisa64sr71k-* | mipsisa64sr71kel-* \
+ | mipstx39-* | mipstx39el-* \
+ | mmix-* \
+ | ms1-* \
+ | msp430-* \
+ | none-* | np1-* | ns16k-* | ns32k-* \
+ | orion-* \
+ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+ | pyramid-* \
+ | romp-* | rs6000-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \
+ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+ | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
+ | sparclite-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
+ | tahoe-* | thumb-* \
+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tron-* \
+ | v850-* | v850e-* | vax-* \
+ | we32k-* \
+ | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
+ | xstormy16-* | xtensa-* \
+ | ymp-* \
+ | z8k-*)
+ ;;
+ m32c-*)
+ ;;
+ # Recognize the various machine names and aliases which stand
+ # for a CPU type and a company and sometimes even an OS.
+ 386bsd)
+ basic_machine=i386-unknown
+ os=-bsd
+ ;;
+ 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+ basic_machine=m68000-att
+ ;;
+ 3b*)
+ basic_machine=we32k-att
+ ;;
+ a29khif)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ abacus)
+ basic_machine=abacus-unknown
+ ;;
+ adobe68k)
+ basic_machine=m68010-adobe
+ os=-scout
+ ;;
+ alliant | fx80)
+ basic_machine=fx80-alliant
+ ;;
+ altos | altos3068)
+ basic_machine=m68k-altos
+ ;;
+ am29k)
+ basic_machine=a29k-none
+ os=-bsd
+ ;;
+ amd64)
+ basic_machine=x86_64-pc
+ ;;
+ amd64-*)
+ basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ amdahl)
+ basic_machine=580-amdahl
+ os=-sysv
+ ;;
+ amiga | amiga-*)
+ basic_machine=m68k-unknown
+ ;;
+ amigaos | amigados)
+ basic_machine=m68k-unknown
+ os=-amigaos
+ ;;
+ amigaunix | amix)
+ basic_machine=m68k-unknown
+ os=-sysv4
+ ;;
+ apollo68)
+ basic_machine=m68k-apollo
+ os=-sysv
+ ;;
+ apollo68bsd)
+ basic_machine=m68k-apollo
+ os=-bsd
+ ;;
+ aux)
+ basic_machine=m68k-apple
+ os=-aux
+ ;;
+ balance)
+ basic_machine=ns32k-sequent
+ os=-dynix
+ ;;
+ c90)
+ basic_machine=c90-cray
+ os=-unicos
+ ;;
+ convex-c1)
+ basic_machine=c1-convex
+ os=-bsd
+ ;;
+ convex-c2)
+ basic_machine=c2-convex
+ os=-bsd
+ ;;
+ convex-c32)
+ basic_machine=c32-convex
+ os=-bsd
+ ;;
+ convex-c34)
+ basic_machine=c34-convex
+ os=-bsd
+ ;;
+ convex-c38)
+ basic_machine=c38-convex
+ os=-bsd
+ ;;
+ cray | j90)
+ basic_machine=j90-cray
+ os=-unicos
+ ;;
+ craynv)
+ basic_machine=craynv-cray
+ os=-unicosmp
+ ;;
+ cr16c)
+ basic_machine=cr16c-unknown
+ os=-elf
+ ;;
+ crds | unos)
+ basic_machine=m68k-crds
+ ;;
+ crisv32 | crisv32-* | etraxfs*)
+ basic_machine=crisv32-axis
+ ;;
+ cris | cris-* | etrax*)
+ basic_machine=cris-axis
+ ;;
+ crx)
+ basic_machine=crx-unknown
+ os=-elf
+ ;;
+ da30 | da30-*)
+ basic_machine=m68k-da30
+ ;;
+ decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+ basic_machine=mips-dec
+ ;;
+ decsystem10* | dec10*)
+ basic_machine=pdp10-dec
+ os=-tops10
+ ;;
+ decsystem20* | dec20*)
+ basic_machine=pdp10-dec
+ os=-tops20
+ ;;
+ delta | 3300 | motorola-3300 | motorola-delta \
+ | 3300-motorola | delta-motorola)
+ basic_machine=m68k-motorola
+ ;;
+ delta88)
+ basic_machine=m88k-motorola
+ os=-sysv3
+ ;;
+ djgpp)
+ basic_machine=i586-pc
+ os=-msdosdjgpp
+ ;;
+ dpx20 | dpx20-*)
+ basic_machine=rs6000-bull
+ os=-bosx
+ ;;
+ dpx2* | dpx2*-bull)
+ basic_machine=m68k-bull
+ os=-sysv3
+ ;;
+ ebmon29k)
+ basic_machine=a29k-amd
+ os=-ebmon
+ ;;
+ elxsi)
+ basic_machine=elxsi-elxsi
+ os=-bsd
+ ;;
+ encore | umax | mmax)
+ basic_machine=ns32k-encore
+ ;;
+ es1800 | OSE68k | ose68k | ose | OSE)
+ basic_machine=m68k-ericsson
+ os=-ose
+ ;;
+ fx2800)
+ basic_machine=i860-alliant
+ ;;
+ genix)
+ basic_machine=ns32k-ns
+ ;;
+ gmicro)
+ basic_machine=tron-gmicro
+ os=-sysv
+ ;;
+ go32)
+ basic_machine=i386-pc
+ os=-go32
+ ;;
+ h3050r* | hiux*)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ h8300hms)
+ basic_machine=h8300-hitachi
+ os=-hms
+ ;;
+ h8300xray)
+ basic_machine=h8300-hitachi
+ os=-xray
+ ;;
+ h8500hms)
+ basic_machine=h8500-hitachi
+ os=-hms
+ ;;
+ harris)
+ basic_machine=m88k-harris
+ os=-sysv3
+ ;;
+ hp300-*)
+ basic_machine=m68k-hp
+ ;;
+ hp300bsd)
+ basic_machine=m68k-hp
+ os=-bsd
+ ;;
+ hp300hpux)
+ basic_machine=m68k-hp
+ os=-hpux
+ ;;
+ hp3k9[0-9][0-9] | hp9[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k2[0-9][0-9] | hp9k31[0-9])
+ basic_machine=m68000-hp
+ ;;
+ hp9k3[2-9][0-9])
+ basic_machine=m68k-hp
+ ;;
+ hp9k6[0-9][0-9] | hp6[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k7[0-79][0-9] | hp7[0-79][0-9])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k78[0-9] | hp78[0-9])
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][13679] | hp8[0-9][13679])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][0-9] | hp8[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hppa-next)
+ os=-nextstep3
+ ;;
+ hppaosf)
+ basic_machine=hppa1.1-hp
+ os=-osf
+ ;;
+ hppro)
+ basic_machine=hppa1.1-hp
+ os=-proelf
+ ;;
+ i370-ibm* | ibm*)
+ basic_machine=i370-ibm
+ ;;
+# I'm not sure what "Sysv32" means. Should this be sysv3.2?
+ i*86v32)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv32
+ ;;
+ i*86v4*)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv4
+ ;;
+ i*86v)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv
+ ;;
+ i*86sol2)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-solaris2
+ ;;
+ i386mach)
+ basic_machine=i386-mach
+ os=-mach
+ ;;
+ i386-vsta | vsta)
+ basic_machine=i386-unknown
+ os=-vsta
+ ;;
+ iris | iris4d)
+ basic_machine=mips-sgi
+ case $os in
+ -irix*)
+ ;;
+ *)
+ os=-irix4
+ ;;
+ esac
+ ;;
+ isi68 | isi)
+ basic_machine=m68k-isi
+ os=-sysv
+ ;;
+ m88k-omron*)
+ basic_machine=m88k-omron
+ ;;
+ magnum | m3230)
+ basic_machine=mips-mips
+ os=-sysv
+ ;;
+ merlin)
+ basic_machine=ns32k-utek
+ os=-sysv
+ ;;
+ mingw32)
+ basic_machine=i386-pc
+ os=-mingw32
+ ;;
+ miniframe)
+ basic_machine=m68000-convergent
+ ;;
+ *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+ mips3*-*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+ ;;
+ mips3*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+ ;;
+ monitor)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ morphos)
+ basic_machine=powerpc-unknown
+ os=-morphos
+ ;;
+ msdos)
+ basic_machine=i386-pc
+ os=-msdos
+ ;;
+ mvs)
+ basic_machine=i370-ibm
+ os=-mvs
+ ;;
+ ncr3000)
+ basic_machine=i486-ncr
+ os=-sysv4
+ ;;
+ netbsd386)
+ basic_machine=i386-unknown
+ os=-netbsd
+ ;;
+ netwinder)
+ basic_machine=armv4l-rebel
+ os=-linux
+ ;;
+ news | news700 | news800 | news900)
+ basic_machine=m68k-sony
+ os=-newsos
+ ;;
+ news1000)
+ basic_machine=m68030-sony
+ os=-newsos
+ ;;
+ news-3600 | risc-news)
+ basic_machine=mips-sony
+ os=-newsos
+ ;;
+ necv70)
+ basic_machine=v70-nec
+ os=-sysv
+ ;;
+ next | m*-next )
+ basic_machine=m68k-next
+ case $os in
+ -nextstep* )
+ ;;
+ -ns2*)
+ os=-nextstep2
+ ;;
+ *)
+ os=-nextstep3
+ ;;
+ esac
+ ;;
+ nh3000)
+ basic_machine=m68k-harris
+ os=-cxux
+ ;;
+ nh[45]000)
+ basic_machine=m88k-harris
+ os=-cxux
+ ;;
+ nindy960)
+ basic_machine=i960-intel
+ os=-nindy
+ ;;
+ mon960)
+ basic_machine=i960-intel
+ os=-mon960
+ ;;
+ nonstopux)
+ basic_machine=mips-compaq
+ os=-nonstopux
+ ;;
+ np1)
+ basic_machine=np1-gould
+ ;;
+ nsr-tandem)
+ basic_machine=nsr-tandem
+ ;;
+ op50n-* | op60c-*)
+ basic_machine=hppa1.1-oki
+ os=-proelf
+ ;;
+ openrisc | openrisc-*)
+ basic_machine=or32-unknown
+ ;;
+ os400)
+ basic_machine=powerpc-ibm
+ os=-os400
+ ;;
+ OSE68000 | ose68000)
+ basic_machine=m68000-ericsson
+ os=-ose
+ ;;
+ os68k)
+ basic_machine=m68k-none
+ os=-os68k
+ ;;
+ pa-hitachi)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ paragon)
+ basic_machine=i860-intel
+ os=-osf
+ ;;
+ pbd)
+ basic_machine=sparc-tti
+ ;;
+ pbb)
+ basic_machine=m68k-tti
+ ;;
+ pc532 | pc532-*)
+ basic_machine=ns32k-pc532
+ ;;
+ pentium | p5 | k5 | k6 | nexgen | viac3)
+ basic_machine=i586-pc
+ ;;
+ pentiumpro | p6 | 6x86 | athlon | athlon_*)
+ basic_machine=i686-pc
+ ;;
+ pentiumii | pentium2 | pentiumiii | pentium3)
+ basic_machine=i686-pc
+ ;;
+ pentium4)
+ basic_machine=i786-pc
+ ;;
+ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+ basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumpro-* | p6-* | 6x86-* | athlon-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium4-*)
+ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pn)
+ basic_machine=pn-gould
+ ;;
+ power) basic_machine=power-ibm
+ ;;
+ ppc) basic_machine=powerpc-unknown
+ ;;
+ ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppcle | powerpclittle | ppc-le | powerpc-little)
+ basic_machine=powerpcle-unknown
+ ;;
+ ppcle-* | powerpclittle-*)
+ basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64) basic_machine=powerpc64-unknown
+ ;;
+ ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+ basic_machine=powerpc64le-unknown
+ ;;
+ ppc64le-* | powerpc64little-*)
+ basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ps2)
+ basic_machine=i386-ibm
+ ;;
+ pw32)
+ basic_machine=i586-unknown
+ os=-pw32
+ ;;
+ rom68k)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ rm[46]00)
+ basic_machine=mips-siemens
+ ;;
+ rtpc | rtpc-*)
+ basic_machine=romp-ibm
+ ;;
+ s390 | s390-*)
+ basic_machine=s390-ibm
+ ;;
+ s390x | s390x-*)
+ basic_machine=s390x-ibm
+ ;;
+ sa29200)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ sb1)
+ basic_machine=mipsisa64sb1-unknown
+ ;;
+ sb1el)
+ basic_machine=mipsisa64sb1el-unknown
+ ;;
+ sei)
+ basic_machine=mips-sei
+ os=-seiux
+ ;;
+ sequent)
+ basic_machine=i386-sequent
+ ;;
+ sh)
+ basic_machine=sh-hitachi
+ os=-hms
+ ;;
+ sh64)
+ basic_machine=sh64-unknown
+ ;;
+ sparclite-wrs | simso-wrs)
+ basic_machine=sparclite-wrs
+ os=-vxworks
+ ;;
+ sps7)
+ basic_machine=m68k-bull
+ os=-sysv2
+ ;;
+ spur)
+ basic_machine=spur-unknown
+ ;;
+ st2000)
+ basic_machine=m68k-tandem
+ ;;
+ stratus)
+ basic_machine=i860-stratus
+ os=-sysv4
+ ;;
+ sun2)
+ basic_machine=m68000-sun
+ ;;
+ sun2os3)
+ basic_machine=m68000-sun
+ os=-sunos3
+ ;;
+ sun2os4)
+ basic_machine=m68000-sun
+ os=-sunos4
+ ;;
+ sun3os3)
+ basic_machine=m68k-sun
+ os=-sunos3
+ ;;
+ sun3os4)
+ basic_machine=m68k-sun
+ os=-sunos4
+ ;;
+ sun4os3)
+ basic_machine=sparc-sun
+ os=-sunos3
+ ;;
+ sun4os4)
+ basic_machine=sparc-sun
+ os=-sunos4
+ ;;
+ sun4sol2)
+ basic_machine=sparc-sun
+ os=-solaris2
+ ;;
+ sun3 | sun3-*)
+ basic_machine=m68k-sun
+ ;;
+ sun4)
+ basic_machine=sparc-sun
+ ;;
+ sun386 | sun386i | roadrunner)
+ basic_machine=i386-sun
+ ;;
+ sv1)
+ basic_machine=sv1-cray
+ os=-unicos
+ ;;
+ symmetry)
+ basic_machine=i386-sequent
+ os=-dynix
+ ;;
+ t3e)
+ basic_machine=alphaev5-cray
+ os=-unicos
+ ;;
+ t90)
+ basic_machine=t90-cray
+ os=-unicos
+ ;;
+ tic54x | c54x*)
+ basic_machine=tic54x-unknown
+ os=-coff
+ ;;
+ tic55x | c55x*)
+ basic_machine=tic55x-unknown
+ os=-coff
+ ;;
+ tic6x | c6x*)
+ basic_machine=tic6x-unknown
+ os=-coff
+ ;;
+ tx39)
+ basic_machine=mipstx39-unknown
+ ;;
+ tx39el)
+ basic_machine=mipstx39el-unknown
+ ;;
+ toad1)
+ basic_machine=pdp10-xkl
+ os=-tops20
+ ;;
+ tower | tower-32)
+ basic_machine=m68k-ncr
+ ;;
+ tpf)
+ basic_machine=s390x-ibm
+ os=-tpf
+ ;;
+ udi29k)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ ultra3)
+ basic_machine=a29k-nyu
+ os=-sym1
+ ;;
+ v810 | necv810)
+ basic_machine=v810-nec
+ os=-none
+ ;;
+ vaxv)
+ basic_machine=vax-dec
+ os=-sysv
+ ;;
+ vms)
+ basic_machine=vax-dec
+ os=-vms
+ ;;
+ vpp*|vx|vx-*)
+ basic_machine=f301-fujitsu
+ ;;
+ vxworks960)
+ basic_machine=i960-wrs
+ os=-vxworks
+ ;;
+ vxworks68)
+ basic_machine=m68k-wrs
+ os=-vxworks
+ ;;
+ vxworks29k)
+ basic_machine=a29k-wrs
+ os=-vxworks
+ ;;
+ w65*)
+ basic_machine=w65-wdc
+ os=-none
+ ;;
+ w89k-*)
+ basic_machine=hppa1.1-winbond
+ os=-proelf
+ ;;
+ xbox)
+ basic_machine=i686-pc
+ os=-mingw32
+ ;;
+ xps | xps100)
+ basic_machine=xps100-honeywell
+ ;;
+ ymp)
+ basic_machine=ymp-cray
+ os=-unicos
+ ;;
+ z8k-*-coff)
+ basic_machine=z8k-unknown
+ os=-sim
+ ;;
+ none)
+ basic_machine=none-none
+ os=-none
+ ;;
+
+# Here we handle the default manufacturer of certain CPU types. It is in
+# some cases the only manufacturer, in others, it is the most popular.
+ w89k)
+ basic_machine=hppa1.1-winbond
+ ;;
+ op50n)
+ basic_machine=hppa1.1-oki
+ ;;
+ op60c)
+ basic_machine=hppa1.1-oki
+ ;;
+ romp)
+ basic_machine=romp-ibm
+ ;;
+ mmix)
+ basic_machine=mmix-knuth
+ ;;
+ rs6000)
+ basic_machine=rs6000-ibm
+ ;;
+ vax)
+ basic_machine=vax-dec
+ ;;
+ pdp10)
+ # there are many clones, so DEC is not a safe bet
+ basic_machine=pdp10-unknown
+ ;;
+ pdp11)
+ basic_machine=pdp11-dec
+ ;;
+ we32k)
+ basic_machine=we32k-att
+ ;;
+ sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+ basic_machine=sh-unknown
+ ;;
+ sparc | sparcv8 | sparcv9 | sparcv9b)
+ basic_machine=sparc-sun
+ ;;
+ cydra)
+ basic_machine=cydra-cydrome
+ ;;
+ orion)
+ basic_machine=orion-highlevel
+ ;;
+ orion105)
+ basic_machine=clipper-highlevel
+ ;;
+ mac | mpw | mac-mpw)
+ basic_machine=m68k-apple
+ ;;
+ pmac | pmac-mpw)
+ basic_machine=powerpc-apple
+ ;;
+ *-unknown)
+ # Make sure to match an already-canonicalized machine name.
+ ;;
+ *)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+ *-digital*)
+ basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+ ;;
+ *-commodore*)
+ basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+ ;;
+ *)
+ ;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+ # First match some system type aliases
+ # that might get confused with valid system types.
+ # -solaris* is a basic system type, with this one exception.
+ -solaris1 | -solaris1.*)
+ os=`echo $os | sed -e 's|solaris1|sunos4|'`
+ ;;
+ -solaris)
+ os=-solaris2
+ ;;
+ -svr4*)
+ os=-sysv4
+ ;;
+ -unixware*)
+ os=-sysv4.2uw
+ ;;
+ -gnu/linux*)
+ os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+ ;;
+ # First accept the basic system types.
+ # The portable systems comes first.
+ # Each alternative MUST END IN A *, to match a version number.
+ # -sysv* is not here because it comes later, after sysvr4.
+ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+ | -aos* \
+ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \
+ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+ | -chorusos* | -chorusrdb* \
+ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+ | -mingw32* | -linux* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+ | -skyos* | -haiku*)
+ # Remember, each alternative MUST END IN *, to match a version number.
+ ;;
+ -qnx*)
+ case $basic_machine in
+ x86-* | i*86-*)
+ ;;
+ *)
+ os=-nto$os
+ ;;
+ esac
+ ;;
+ -nto-qnx*)
+ ;;
+ -nto*)
+ os=`echo $os | sed -e 's|nto|nto-qnx|'`
+ ;;
+ -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+ ;;
+ -mac*)
+ os=`echo $os | sed -e 's|mac|macos|'`
+ ;;
+ -linux-dietlibc)
+ os=-linux-dietlibc
+ ;;
+ -sunos5*)
+ os=`echo $os | sed -e 's|sunos5|solaris2|'`
+ ;;
+ -sunos6*)
+ os=`echo $os | sed -e 's|sunos6|solaris3|'`
+ ;;
+ -opened*)
+ os=-openedition
+ ;;
+ -os400*)
+ os=-os400
+ ;;
+ -wince*)
+ os=-wince
+ ;;
+ -osfrose*)
+ os=-osfrose
+ ;;
+ -osf*)
+ os=-osf
+ ;;
+ -utek*)
+ os=-bsd
+ ;;
+ -dynix*)
+ os=-bsd
+ ;;
+ -acis*)
+ os=-aos
+ ;;
+ -atheos*)
+ os=-atheos
+ ;;
+ -syllable*)
+ os=-syllable
+ ;;
+ -386bsd)
+ os=-bsd
+ ;;
+ -ctix* | -uts*)
+ os=-sysv
+ ;;
+ -nova*)
+ os=-rtmk-nova
+ ;;
+ -ns2 )
+ os=-nextstep2
+ ;;
+ -nsk*)
+ os=-nsk
+ ;;
+ # Preserve the version number of sinix5.
+ -sinix5.*)
+ os=`echo $os | sed -e 's|sinix|sysv|'`
+ ;;
+ -sinix*)
+ os=-sysv4
+ ;;
+ -tpf*)
+ os=-tpf
+ ;;
+ -triton*)
+ os=-sysv3
+ ;;
+ -oss*)
+ os=-sysv3
+ ;;
+ -svr4)
+ os=-sysv4
+ ;;
+ -svr3)
+ os=-sysv3
+ ;;
+ -sysvr4)
+ os=-sysv4
+ ;;
+ # This must come after -sysvr4.
+ -sysv*)
+ ;;
+ -ose*)
+ os=-ose
+ ;;
+ -es1800*)
+ os=-ose
+ ;;
+ -xenix)
+ os=-xenix
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ os=-mint
+ ;;
+ -aros*)
+ os=-aros
+ ;;
+ -kaos*)
+ os=-kaos
+ ;;
+ -zvmoe)
+ os=-zvmoe
+ ;;
+ -none)
+ ;;
+ *)
+ # Get rid of the `-' at the beginning of $os.
+ os=`echo $os | sed 's/[^-]*-//'`
+ echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system. Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+ *-acorn)
+ os=-riscix1.2
+ ;;
+ arm*-rebel)
+ os=-linux
+ ;;
+ arm*-semi)
+ os=-aout
+ ;;
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
+ # This must come before the *-dec entry.
+ pdp10-*)
+ os=-tops20
+ ;;
+ pdp11-*)
+ os=-none
+ ;;
+ *-dec | vax-*)
+ os=-ultrix4.2
+ ;;
+ m68*-apollo)
+ os=-domain
+ ;;
+ i386-sun)
+ os=-sunos4.0.2
+ ;;
+ m68000-sun)
+ os=-sunos3
+ # This also exists in the configure program, but was not the
+ # default.
+ # os=-sunos4
+ ;;
+ m68*-cisco)
+ os=-aout
+ ;;
+ mips*-cisco)
+ os=-elf
+ ;;
+ mips*-*)
+ os=-elf
+ ;;
+ or32-*)
+ os=-coff
+ ;;
+ *-tti) # must be before sparc entry or we get the wrong os.
+ os=-sysv3
+ ;;
+ sparc-* | *-sun)
+ os=-sunos4.1.1
+ ;;
+ *-be)
+ os=-beos
+ ;;
+ *-haiku)
+ os=-haiku
+ ;;
+ *-ibm)
+ os=-aix
+ ;;
+ *-knuth)
+ os=-mmixware
+ ;;
+ *-wec)
+ os=-proelf
+ ;;
+ *-winbond)
+ os=-proelf
+ ;;
+ *-oki)
+ os=-proelf
+ ;;
+ *-hp)
+ os=-hpux
+ ;;
+ *-hitachi)
+ os=-hiux
+ ;;
+ i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+ os=-sysv
+ ;;
+ *-cbm)
+ os=-amigaos
+ ;;
+ *-dg)
+ os=-dgux
+ ;;
+ *-dolphin)
+ os=-sysv3
+ ;;
+ m68k-ccur)
+ os=-rtu
+ ;;
+ m88k-omron*)
+ os=-luna
+ ;;
+ *-next )
+ os=-nextstep
+ ;;
+ *-sequent)
+ os=-ptx
+ ;;
+ *-crds)
+ os=-unos
+ ;;
+ *-ns)
+ os=-genix
+ ;;
+ i370-*)
+ os=-mvs
+ ;;
+ *-next)
+ os=-nextstep3
+ ;;
+ *-gould)
+ os=-sysv
+ ;;
+ *-highlevel)
+ os=-bsd
+ ;;
+ *-encore)
+ os=-bsd
+ ;;
+ *-sgi)
+ os=-irix
+ ;;
+ *-siemens)
+ os=-sysv4
+ ;;
+ *-masscomp)
+ os=-rtu
+ ;;
+ f30[01]-fujitsu | f700-fujitsu)
+ os=-uxpv
+ ;;
+ *-rom68k)
+ os=-coff
+ ;;
+ *-*bug)
+ os=-coff
+ ;;
+ *-apple)
+ os=-macos
+ ;;
+ *-atari*)
+ os=-mint
+ ;;
+ *)
+ os=-none
+ ;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer. We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+ *-unknown)
+ case $os in
+ -riscix*)
+ vendor=acorn
+ ;;
+ -sunos*)
+ vendor=sun
+ ;;
+ -aix*)
+ vendor=ibm
+ ;;
+ -beos*)
+ vendor=be
+ ;;
+ -hpux*)
+ vendor=hp
+ ;;
+ -mpeix*)
+ vendor=hp
+ ;;
+ -hiux*)
+ vendor=hitachi
+ ;;
+ -unos*)
+ vendor=crds
+ ;;
+ -dgux*)
+ vendor=dg
+ ;;
+ -luna*)
+ vendor=omron
+ ;;
+ -genix*)
+ vendor=ns
+ ;;
+ -mvs* | -opened*)
+ vendor=ibm
+ ;;
+ -os400*)
+ vendor=ibm
+ ;;
+ -ptx*)
+ vendor=sequent
+ ;;
+ -tpf*)
+ vendor=ibm
+ ;;
+ -vxsim* | -vxworks* | -windiss*)
+ vendor=wrs
+ ;;
+ -aux*)
+ vendor=apple
+ ;;
+ -hms*)
+ vendor=hitachi
+ ;;
+ -mpw* | -macos*)
+ vendor=apple
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ vendor=atari
+ ;;
+ -vos*)
+ vendor=stratus
+ ;;
+ esac
+ basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+ ;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
Property changes on: openldap/vendor/openldap-2.3.35/contrib/ldapc++/config.sub
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/configure
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/configure (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/configure 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,21717 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.59.
+#
+# Copyright (C) 2003 Free Software Foundation, Inc.
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## --------------------- ##
+## M4sh Initialization. ##
+## --------------------- ##
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
+ set -o posix
+fi
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+ as_unset=unset
+else
+ as_unset=false
+fi
+
+
+# Work around bugs in pre-3.0 UWIN ksh.
+$as_unset ENV MAIL MAILPATH
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+for as_var in \
+ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
+ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
+ LC_TELEPHONE LC_TIME
+do
+ if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
+ eval $as_var=C; export $as_var
+ else
+ $as_unset $as_var
+ fi
+done
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)$' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
+ /^X\/\(\/\/\)$/{ s//\1/; q; }
+ /^X\/\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+
+
+# PATH needs CR, and LINENO needs CR and PATH.
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+
+
+ as_lineno_1=$LINENO
+ as_lineno_2=$LINENO
+ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+ test "x$as_lineno_1" != "x$as_lineno_2" &&
+ test "x$as_lineno_3" = "x$as_lineno_2" || {
+ # Find who we are. Look in the path if we contain no path at all
+ # relative or not.
+ case $0 in
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+
+ ;;
+ esac
+ # We did not find ourselves, most probably we were run as `sh COMMAND'
+ # in which case we are not to be found in the path.
+ if test "x$as_myself" = x; then
+ as_myself=$0
+ fi
+ if test ! -f "$as_myself"; then
+ { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2
+ { (exit 1); exit 1; }; }
+ fi
+ case $CONFIG_SHELL in
+ '')
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for as_base in sh bash ksh sh5; do
+ case $as_dir in
+ /*)
+ if ("$as_dir/$as_base" -c '
+ as_lineno_1=$LINENO
+ as_lineno_2=$LINENO
+ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+ test "x$as_lineno_1" != "x$as_lineno_2" &&
+ test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then
+ $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
+ $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
+ CONFIG_SHELL=$as_dir/$as_base
+ export CONFIG_SHELL
+ exec "$CONFIG_SHELL" "$0" ${1+"$@"}
+ fi;;
+ esac
+ done
+done
+;;
+ esac
+
+ # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+ # uniformly replaced by the line number. The first 'sed' inserts a
+ # line-number line before each line; the second 'sed' does the real
+ # work. The second script uses 'N' to pair each line-number line
+ # with the numbered line, and appends trailing '-' during
+ # substitution so that $LINENO is not a special case at line end.
+ # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+ # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-)
+ sed '=' <$as_myself |
+ sed '
+ N
+ s,$,-,
+ : loop
+ s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
+ t loop
+ s,-$,,
+ s,^['$as_cr_digits']*\n,,
+ ' >$as_me.lineno &&
+ chmod +x $as_me.lineno ||
+ { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+ { (exit 1); exit 1; }; }
+
+ # Don't try to exec as it changes $[0], causing all sort of problems
+ # (the dirname of $[0] is not the place where we might find the
+ # original and so on. Autoconf is especially sensible to this).
+ . ./$as_me.lineno
+ # Exit status is that of the last command.
+ exit
+}
+
+
+case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
+ *c*,-n*) ECHO_N= ECHO_C='
+' ECHO_T=' ' ;;
+ *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;;
+ *) ECHO_N= ECHO_C='\c' ECHO_T= ;;
+esac
+
+if expr a : '\(a\)' >/dev/null 2>&1; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+echo >conf$$.file
+if ln -s conf$$.file conf$$ 2>/dev/null; then
+ # We could just check for DJGPP; but this test a) works b) is more generic
+ # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
+ if test -f conf$$.exe; then
+ # Don't use ln at all; we don't have any links
+ as_ln_s='cp -p'
+ else
+ as_ln_s='ln -s'
+ fi
+elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.file
+
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p=:
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+as_executable_p="test -f"
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.
+as_nl='
+'
+IFS=" $as_nl"
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$ECHO in
+X*--fallback-echo)
+ # Remove one level of quotation (which was required for Make).
+ ECHO=`echo "$ECHO" | sed 's,\\\\\$\\$0,'$0','`
+ ;;
+esac
+
+echo=${ECHO-echo}
+if test "X$1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X$1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then
+ # Yippee, $echo works!
+ :
+else
+ # Restart under the correct shell.
+ exec $SHELL "$0" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<EOF
+$*
+EOF
+ exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$ECHO"; then
+if test "X${echo_test_string+set}" != Xset; then
+# find a string as large as possible, as long as the shell can cope with it
+ for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
+ # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+ if (echo_test_string="`eval $cmd`") 2>/dev/null &&
+ echo_test_string="`eval $cmd`" &&
+ (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null
+ then
+ break
+ fi
+ done
+fi
+
+if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ :
+else
+ # The Solaris, AIX, and Digital Unix default echo programs unquote
+ # backslashes. This makes it impossible to quote backslashes using
+ # echo "$something" | sed 's/\\/\\\\/g'
+ #
+ # So, first we look for a working echo in the user's PATH.
+
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for dir in $PATH /usr/ucb; do
+ IFS="$lt_save_ifs"
+ if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+ test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ echo="$dir/echo"
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ if test "X$echo" = Xecho; then
+ # We didn't find a better echo, so look for alternatives.
+ if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # This shell has a builtin print -r that does the trick.
+ echo='print -r'
+ elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
+ test "X$CONFIG_SHELL" != X/bin/ksh; then
+ # If we have ksh, try running configure again with it.
+ ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+ export ORIGINAL_CONFIG_SHELL
+ CONFIG_SHELL=/bin/ksh
+ export CONFIG_SHELL
+ exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"}
+ else
+ # Try using printf.
+ echo='printf %s\n'
+ if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # Cool, printf works
+ :
+ elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+ export CONFIG_SHELL
+ SHELL="$CONFIG_SHELL"
+ export SHELL
+ echo="$CONFIG_SHELL $0 --fallback-echo"
+ elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ echo="$CONFIG_SHELL $0 --fallback-echo"
+ else
+ # maybe with a smaller string...
+ prev=:
+
+ for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
+ if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null
+ then
+ break
+ fi
+ prev="$cmd"
+ done
+
+ if test "$prev" != 'sed 50q "$0"'; then
+ echo_test_string=`eval $prev`
+ export echo_test_string
+ exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"}
+ else
+ # Oops. We lost completely, so just stick with echo.
+ echo=echo
+ fi
+ fi
+ fi
+ fi
+fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+ECHO=$echo
+if test "X$ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then
+ ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo"
+fi
+
+
+
+
+tagnames=${tagnames+${tagnames},}CXX
+
+tagnames=${tagnames+${tagnames},}F77
+
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+exec 6>&1
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_config_libobj_dir=.
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+# Maximum number of lines to put in a shell here document.
+# This variable seems obsolete. It should probably be removed, and
+# only ac_max_sed_lines should be used.
+: ${ac_max_here_lines=38}
+
+# Identity of this package.
+PACKAGE_NAME=
+PACKAGE_TARNAME=
+PACKAGE_VERSION=
+PACKAGE_STRING=
+PACKAGE_BUGREPORT=
+
+ac_unique_file="examples/main.cpp"
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#if HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#if HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#if STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# if HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif
+#if HAVE_STRING_H
+# if !STDC_HEADERS && HAVE_MEMORY_H
+# include <memory.h>
+# endif
+# include <string.h>
+#endif
+#if HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#if HAVE_INTTYPES_H
+# include <inttypes.h>
+#else
+# if HAVE_STDINT_H
+# include <stdint.h>
+# endif
+#endif
+#if HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE build build_cpu build_vendor build_os host host_cpu host_vendor host_os CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS LTLIBOBJS'
+ac_subst_files=''
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datadir='${prefix}/share'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+libdir='${exec_prefix}/lib'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+infodir='${prefix}/info'
+mandir='${prefix}/man'
+
+ac_prev=
+for ac_option
+do
+ # If the previous option needs an argument, assign it.
+ if test -n "$ac_prev"; then
+ eval "$ac_prev=\$ac_option"
+ ac_prev=
+ continue
+ fi
+
+ ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'`
+
+ # Accept the important Cygnus configure options, so we can diagnose typos.
+
+ case $ac_option in
+
+ -bindir | --bindir | --bindi | --bind | --bin | --bi)
+ ac_prev=bindir ;;
+ -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+ bindir=$ac_optarg ;;
+
+ -build | --build | --buil | --bui | --bu)
+ ac_prev=build_alias ;;
+ -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+ build_alias=$ac_optarg ;;
+
+ -cache-file | --cache-file | --cache-fil | --cache-fi \
+ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+ ac_prev=cache_file ;;
+ -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+ cache_file=$ac_optarg ;;
+
+ --config-cache | -C)
+ cache_file=config.cache ;;
+
+ -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
+ ac_prev=datadir ;;
+ -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
+ | --da=*)
+ datadir=$ac_optarg ;;
+
+ -disable-* | --disable-*)
+ ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+ { echo "$as_me: error: invalid feature name: $ac_feature" >&2
+ { (exit 1); exit 1; }; }
+ ac_feature=`echo $ac_feature | sed 's/-/_/g'`
+ eval "enable_$ac_feature=no" ;;
+
+ -enable-* | --enable-*)
+ ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+ { echo "$as_me: error: invalid feature name: $ac_feature" >&2
+ { (exit 1); exit 1; }; }
+ ac_feature=`echo $ac_feature | sed 's/-/_/g'`
+ case $ac_option in
+ *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
+ *) ac_optarg=yes ;;
+ esac
+ eval "enable_$ac_feature='$ac_optarg'" ;;
+
+ -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+ | --exec | --exe | --ex)
+ ac_prev=exec_prefix ;;
+ -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+ | --exec=* | --exe=* | --ex=*)
+ exec_prefix=$ac_optarg ;;
+
+ -gas | --gas | --ga | --g)
+ # Obsolete; use --with-gas.
+ with_gas=yes ;;
+
+ -help | --help | --hel | --he | -h)
+ ac_init_help=long ;;
+ -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+ ac_init_help=recursive ;;
+ -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+ ac_init_help=short ;;
+
+ -host | --host | --hos | --ho)
+ ac_prev=host_alias ;;
+ -host=* | --host=* | --hos=* | --ho=*)
+ host_alias=$ac_optarg ;;
+
+ -includedir | --includedir | --includedi | --included | --include \
+ | --includ | --inclu | --incl | --inc)
+ ac_prev=includedir ;;
+ -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+ | --includ=* | --inclu=* | --incl=* | --inc=*)
+ includedir=$ac_optarg ;;
+
+ -infodir | --infodir | --infodi | --infod | --info | --inf)
+ ac_prev=infodir ;;
+ -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+ infodir=$ac_optarg ;;
+
+ -libdir | --libdir | --libdi | --libd)
+ ac_prev=libdir ;;
+ -libdir=* | --libdir=* | --libdi=* | --libd=*)
+ libdir=$ac_optarg ;;
+
+ -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+ | --libexe | --libex | --libe)
+ ac_prev=libexecdir ;;
+ -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+ | --libexe=* | --libex=* | --libe=*)
+ libexecdir=$ac_optarg ;;
+
+ -localstatedir | --localstatedir | --localstatedi | --localstated \
+ | --localstate | --localstat | --localsta | --localst \
+ | --locals | --local | --loca | --loc | --lo)
+ ac_prev=localstatedir ;;
+ -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+ | --localstate=* | --localstat=* | --localsta=* | --localst=* \
+ | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
+ localstatedir=$ac_optarg ;;
+
+ -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+ ac_prev=mandir ;;
+ -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+ mandir=$ac_optarg ;;
+
+ -nfp | --nfp | --nf)
+ # Obsolete; use --without-fp.
+ with_fp=no ;;
+
+ -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+ | --no-cr | --no-c | -n)
+ no_create=yes ;;
+
+ -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+ no_recursion=yes ;;
+
+ -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+ | --oldin | --oldi | --old | --ol | --o)
+ ac_prev=oldincludedir ;;
+ -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+ oldincludedir=$ac_optarg ;;
+
+ -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+ ac_prev=prefix ;;
+ -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+ prefix=$ac_optarg ;;
+
+ -program-prefix | --program-prefix | --program-prefi | --program-pref \
+ | --program-pre | --program-pr | --program-p)
+ ac_prev=program_prefix ;;
+ -program-prefix=* | --program-prefix=* | --program-prefi=* \
+ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+ program_prefix=$ac_optarg ;;
+
+ -program-suffix | --program-suffix | --program-suffi | --program-suff \
+ | --program-suf | --program-su | --program-s)
+ ac_prev=program_suffix ;;
+ -program-suffix=* | --program-suffix=* | --program-suffi=* \
+ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+ program_suffix=$ac_optarg ;;
+
+ -program-transform-name | --program-transform-name \
+ | --program-transform-nam | --program-transform-na \
+ | --program-transform-n | --program-transform- \
+ | --program-transform | --program-transfor \
+ | --program-transfo | --program-transf \
+ | --program-trans | --program-tran \
+ | --progr-tra | --program-tr | --program-t)
+ ac_prev=program_transform_name ;;
+ -program-transform-name=* | --program-transform-name=* \
+ | --program-transform-nam=* | --program-transform-na=* \
+ | --program-transform-n=* | --program-transform-=* \
+ | --program-transform=* | --program-transfor=* \
+ | --program-transfo=* | --program-transf=* \
+ | --program-trans=* | --program-tran=* \
+ | --progr-tra=* | --program-tr=* | --program-t=*)
+ program_transform_name=$ac_optarg ;;
+
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ silent=yes ;;
+
+ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+ ac_prev=sbindir ;;
+ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+ | --sbi=* | --sb=*)
+ sbindir=$ac_optarg ;;
+
+ -sharedstatedir | --sharedstatedir | --sharedstatedi \
+ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+ | --sharedst | --shareds | --shared | --share | --shar \
+ | --sha | --sh)
+ ac_prev=sharedstatedir ;;
+ -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+ | --sha=* | --sh=*)
+ sharedstatedir=$ac_optarg ;;
+
+ -site | --site | --sit)
+ ac_prev=site ;;
+ -site=* | --site=* | --sit=*)
+ site=$ac_optarg ;;
+
+ -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+ ac_prev=srcdir ;;
+ -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+ srcdir=$ac_optarg ;;
+
+ -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+ | --syscon | --sysco | --sysc | --sys | --sy)
+ ac_prev=sysconfdir ;;
+ -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+ sysconfdir=$ac_optarg ;;
+
+ -target | --target | --targe | --targ | --tar | --ta | --t)
+ ac_prev=target_alias ;;
+ -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+ target_alias=$ac_optarg ;;
+
+ -v | -verbose | --verbose | --verbos | --verbo | --verb)
+ verbose=yes ;;
+
+ -version | --version | --versio | --versi | --vers | -V)
+ ac_init_version=: ;;
+
+ -with-* | --with-*)
+ ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+ { echo "$as_me: error: invalid package name: $ac_package" >&2
+ { (exit 1); exit 1; }; }
+ ac_package=`echo $ac_package| sed 's/-/_/g'`
+ case $ac_option in
+ *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
+ *) ac_optarg=yes ;;
+ esac
+ eval "with_$ac_package='$ac_optarg'" ;;
+
+ -without-* | --without-*)
+ ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+ { echo "$as_me: error: invalid package name: $ac_package" >&2
+ { (exit 1); exit 1; }; }
+ ac_package=`echo $ac_package | sed 's/-/_/g'`
+ eval "with_$ac_package=no" ;;
+
+ --x)
+ # Obsolete; use --with-x.
+ with_x=yes ;;
+
+ -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+ | --x-incl | --x-inc | --x-in | --x-i)
+ ac_prev=x_includes ;;
+ -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+ x_includes=$ac_optarg ;;
+
+ -x-libraries | --x-libraries | --x-librarie | --x-librari \
+ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+ ac_prev=x_libraries ;;
+ -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+ x_libraries=$ac_optarg ;;
+
+ -*) { echo "$as_me: error: unrecognized option: $ac_option
+Try \`$0 --help' for more information." >&2
+ { (exit 1); exit 1; }; }
+ ;;
+
+ *=*)
+ ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
+ { echo "$as_me: error: invalid variable name: $ac_envvar" >&2
+ { (exit 1); exit 1; }; }
+ ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`
+ eval "$ac_envvar='$ac_optarg'"
+ export $ac_envvar ;;
+
+ *)
+ # FIXME: should be removed in autoconf 3.0.
+ echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+ echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+ ;;
+
+ esac
+done
+
+if test -n "$ac_prev"; then
+ ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+ { echo "$as_me: error: missing argument to $ac_option" >&2
+ { (exit 1); exit 1; }; }
+fi
+
+# Be sure to have absolute paths.
+for ac_var in exec_prefix prefix
+do
+ eval ac_val=$`echo $ac_var`
+ case $ac_val in
+ [\\/$]* | ?:[\\/]* | NONE | '' ) ;;
+ *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+ { (exit 1); exit 1; }; };;
+ esac
+done
+
+# Be sure to have absolute paths.
+for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \
+ localstatedir libdir includedir oldincludedir infodir mandir
+do
+ eval ac_val=$`echo $ac_var`
+ case $ac_val in
+ [\\/$]* | ?:[\\/]* ) ;;
+ *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+ { (exit 1); exit 1; }; };;
+ esac
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+ if test "x$build_alias" = x; then
+ cross_compiling=maybe
+ echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
+ If a cross compiler is detected then cross compile mode will be used." >&2
+ elif test "x$build_alias" != "x$host_alias"; then
+ cross_compiling=yes
+ fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+ ac_srcdir_defaulted=yes
+ # Try the directory containing this script, then its parent.
+ ac_confdir=`(dirname "$0") 2>/dev/null ||
+$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$0" : 'X\(//\)[^/]' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$0" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ srcdir=$ac_confdir
+ if test ! -r $srcdir/$ac_unique_file; then
+ srcdir=..
+ fi
+else
+ ac_srcdir_defaulted=no
+fi
+if test ! -r $srcdir/$ac_unique_file; then
+ if test "$ac_srcdir_defaulted" = yes; then
+ { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2
+ { (exit 1); exit 1; }; }
+ else
+ { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
+ { (exit 1); exit 1; }; }
+ fi
+fi
+(cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null ||
+ { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2
+ { (exit 1); exit 1; }; }
+srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'`
+ac_env_build_alias_set=${build_alias+set}
+ac_env_build_alias_value=$build_alias
+ac_cv_env_build_alias_set=${build_alias+set}
+ac_cv_env_build_alias_value=$build_alias
+ac_env_host_alias_set=${host_alias+set}
+ac_env_host_alias_value=$host_alias
+ac_cv_env_host_alias_set=${host_alias+set}
+ac_cv_env_host_alias_value=$host_alias
+ac_env_target_alias_set=${target_alias+set}
+ac_env_target_alias_value=$target_alias
+ac_cv_env_target_alias_set=${target_alias+set}
+ac_cv_env_target_alias_value=$target_alias
+ac_env_CXX_set=${CXX+set}
+ac_env_CXX_value=$CXX
+ac_cv_env_CXX_set=${CXX+set}
+ac_cv_env_CXX_value=$CXX
+ac_env_CXXFLAGS_set=${CXXFLAGS+set}
+ac_env_CXXFLAGS_value=$CXXFLAGS
+ac_cv_env_CXXFLAGS_set=${CXXFLAGS+set}
+ac_cv_env_CXXFLAGS_value=$CXXFLAGS
+ac_env_LDFLAGS_set=${LDFLAGS+set}
+ac_env_LDFLAGS_value=$LDFLAGS
+ac_cv_env_LDFLAGS_set=${LDFLAGS+set}
+ac_cv_env_LDFLAGS_value=$LDFLAGS
+ac_env_CPPFLAGS_set=${CPPFLAGS+set}
+ac_env_CPPFLAGS_value=$CPPFLAGS
+ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set}
+ac_cv_env_CPPFLAGS_value=$CPPFLAGS
+ac_env_CC_set=${CC+set}
+ac_env_CC_value=$CC
+ac_cv_env_CC_set=${CC+set}
+ac_cv_env_CC_value=$CC
+ac_env_CFLAGS_set=${CFLAGS+set}
+ac_env_CFLAGS_value=$CFLAGS
+ac_cv_env_CFLAGS_set=${CFLAGS+set}
+ac_cv_env_CFLAGS_value=$CFLAGS
+ac_env_CPP_set=${CPP+set}
+ac_env_CPP_value=$CPP
+ac_cv_env_CPP_set=${CPP+set}
+ac_cv_env_CPP_value=$CPP
+ac_env_CXXCPP_set=${CXXCPP+set}
+ac_env_CXXCPP_value=$CXXCPP
+ac_cv_env_CXXCPP_set=${CXXCPP+set}
+ac_cv_env_CXXCPP_value=$CXXCPP
+ac_env_F77_set=${F77+set}
+ac_env_F77_value=$F77
+ac_cv_env_F77_set=${F77+set}
+ac_cv_env_F77_value=$F77
+ac_env_FFLAGS_set=${FFLAGS+set}
+ac_env_FFLAGS_value=$FFLAGS
+ac_cv_env_FFLAGS_set=${FFLAGS+set}
+ac_cv_env_FFLAGS_value=$FFLAGS
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+ # Omit some internal or obsolete options to make the list less imposing.
+ # This message is too long to be a string in the A/UX 3.1 sh.
+ cat <<_ACEOF
+\`configure' configures this package to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE. See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+ -h, --help display this help and exit
+ --help=short display options specific to this package
+ --help=recursive display the short help of all the included packages
+ -V, --version display version information and exit
+ -q, --quiet, --silent do not print \`checking...' messages
+ --cache-file=FILE cache test results in FILE [disabled]
+ -C, --config-cache alias for \`--cache-file=config.cache'
+ -n, --no-create do not create output files
+ --srcdir=DIR find the sources in DIR [configure dir or \`..']
+
+_ACEOF
+
+ cat <<_ACEOF
+Installation directories:
+ --prefix=PREFIX install architecture-independent files in PREFIX
+ [$ac_default_prefix]
+ --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+ [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+ --bindir=DIR user executables [EPREFIX/bin]
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+ --datadir=DIR read-only architecture-independent data [PREFIX/share]
+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+ --includedir=DIR C header files [PREFIX/include]
+ --oldincludedir=DIR C header files for non-gcc [/usr/include]
+ --infodir=DIR info documentation [PREFIX/info]
+ --mandir=DIR man documentation [PREFIX/man]
+_ACEOF
+
+ cat <<\_ACEOF
+
+Program names:
+ --program-prefix=PREFIX prepend PREFIX to installed program names
+ --program-suffix=SUFFIX append SUFFIX to installed program names
+ --program-transform-name=PROGRAM run sed PROGRAM on installed program names
+
+System types:
+ --build=BUILD configure for building on BUILD [guessed]
+ --host=HOST cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+
+ cat <<\_ACEOF
+
+Optional Features:
+ --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
+ --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+ --disable-dependency-tracking speeds up one-time build
+ --enable-dependency-tracking do not reject slow dependency extractors
+ --enable-shared[=PKGS]
+ build shared libraries [default=yes]
+ --enable-static[=PKGS]
+ build static libraries [default=yes]
+ --enable-fast-install[=PKGS]
+ optimize for fast installation [default=yes]
+ --disable-libtool-lock avoid locking (might break parallel builds)
+ --enable-debug
+
+Optional Packages:
+ --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --with-gnu-ld assume the C compiler uses GNU ld [default=no]
+ --with-pic try to use only PIC/non-PIC objects [default=use
+ both]
+ --with-tags[=TAGS]
+ include additional configurations [automatic]
+ --with-libldap=DIR Path to the libldap library /usr/local/lib
+ --with-ldap-includes=DIR Path to the libldap include files /usr/local/include
+
+Some influential environment variables:
+ CXX C++ compiler command
+ CXXFLAGS C++ compiler flags
+ LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
+ nonstandard directory <lib dir>
+ CPPFLAGS C/C++ preprocessor flags, e.g. -I<include dir> if you have
+ headers in a nonstandard directory <include dir>
+ CC C compiler command
+ CFLAGS C compiler flags
+ CPP C preprocessor
+ CXXCPP C++ preprocessor
+ F77 Fortran 77 compiler command
+ FFLAGS Fortran 77 compiler flags
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+_ACEOF
+fi
+
+if test "$ac_init_help" = "recursive"; then
+ # If there are subdirs, report their specific --help.
+ ac_popdir=`pwd`
+ for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+ test -d $ac_dir || continue
+ ac_builddir=.
+
+if test "$ac_dir" != .; then
+ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+ # A "../" for each directory in $ac_dir_suffix.
+ ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
+else
+ ac_dir_suffix= ac_top_builddir=
+fi
+
+case $srcdir in
+ .) # No --srcdir option. We are building in place.
+ ac_srcdir=.
+ if test -z "$ac_top_builddir"; then
+ ac_top_srcdir=.
+ else
+ ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
+ fi ;;
+ [\\/]* | ?:[\\/]* ) # Absolute path.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir ;;
+ *) # Relative path.
+ ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_builddir$srcdir ;;
+esac
+
+# Do not use `cd foo && pwd` to compute absolute paths, because
+# the directories may not exist.
+case `pwd` in
+.) ac_abs_builddir="$ac_dir";;
+*)
+ case "$ac_dir" in
+ .) ac_abs_builddir=`pwd`;;
+ [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
+ *) ac_abs_builddir=`pwd`/"$ac_dir";;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_builddir=${ac_top_builddir}.;;
+*)
+ case ${ac_top_builddir}. in
+ .) ac_abs_top_builddir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
+ *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_srcdir=$ac_srcdir;;
+*)
+ case $ac_srcdir in
+ .) ac_abs_srcdir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
+ *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_srcdir=$ac_top_srcdir;;
+*)
+ case $ac_top_srcdir in
+ .) ac_abs_top_srcdir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
+ *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
+ esac;;
+esac
+
+ cd $ac_dir
+ # Check for guested configure; otherwise get Cygnus style configure.
+ if test -f $ac_srcdir/configure.gnu; then
+ echo
+ $SHELL $ac_srcdir/configure.gnu --help=recursive
+ elif test -f $ac_srcdir/configure; then
+ echo
+ $SHELL $ac_srcdir/configure --help=recursive
+ elif test -f $ac_srcdir/configure.ac ||
+ test -f $ac_srcdir/configure.in; then
+ echo
+ $ac_configure --help
+ else
+ echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ fi
+ cd $ac_popdir
+ done
+fi
+
+test -n "$ac_init_help" && exit 0
+if $ac_init_version; then
+ cat <<\_ACEOF
+
+Copyright (C) 2003 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+ exit 0
+fi
+exec 5>config.log
+cat >&5 <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by $as_me, which was
+generated by GNU Autoconf 2.59. Invocation command line was
+
+ $ $0 $@
+
+_ACEOF
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
+
+/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+hostinfo = `(hostinfo) 2>/dev/null || echo unknown`
+/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
+/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ echo "PATH: $as_dir"
+done
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_sep=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+ for ac_arg
+ do
+ case $ac_arg in
+ -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ continue ;;
+ *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
+ ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ case $ac_pass in
+ 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
+ 2)
+ ac_configure_args1="$ac_configure_args1 '$ac_arg'"
+ if test $ac_must_keep_next = true; then
+ ac_must_keep_next=false # Got value, back to normal.
+ else
+ case $ac_arg in
+ *=* | --config-cache | -C | -disable-* | --disable-* \
+ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+ | -with-* | --with-* | -without-* | --without-* | --x)
+ case "$ac_configure_args0 " in
+ "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+ esac
+ ;;
+ -* ) ac_must_keep_next=true ;;
+ esac
+ fi
+ ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'"
+ # Get rid of the leading space.
+ ac_sep=" "
+ ;;
+ esac
+ done
+done
+$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
+$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log. We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Be sure not to use single quotes in there, as some shells,
+# such as our DU 5.0 friend, will then `close' the trap.
+trap 'exit_status=$?
+ # Save into config.log some information that might help in debugging.
+ {
+ echo
+
+ cat <<\_ASBOX
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+_ASBOX
+ echo
+ # The following way of writing the cache mishandles newlines in values,
+{
+ (set) 2>&1 |
+ case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in
+ *ac_space=\ *)
+ sed -n \
+ "s/'"'"'/'"'"'\\\\'"'"''"'"'/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p"
+ ;;
+ *)
+ sed -n \
+ "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
+ ;;
+ esac;
+}
+ echo
+
+ cat <<\_ASBOX
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+_ASBOX
+ echo
+ for ac_var in $ac_subst_vars
+ do
+ eval ac_val=$`echo $ac_var`
+ echo "$ac_var='"'"'$ac_val'"'"'"
+ done | sort
+ echo
+
+ if test -n "$ac_subst_files"; then
+ cat <<\_ASBOX
+## ------------- ##
+## Output files. ##
+## ------------- ##
+_ASBOX
+ echo
+ for ac_var in $ac_subst_files
+ do
+ eval ac_val=$`echo $ac_var`
+ echo "$ac_var='"'"'$ac_val'"'"'"
+ done | sort
+ echo
+ fi
+
+ if test -s confdefs.h; then
+ cat <<\_ASBOX
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+_ASBOX
+ echo
+ sed "/^$/d" confdefs.h | sort
+ echo
+ fi
+ test "$ac_signal" != 0 &&
+ echo "$as_me: caught signal $ac_signal"
+ echo "$as_me: exit $exit_status"
+ } >&5
+ rm -f core *.core &&
+ rm -rf conftest* confdefs* conf$$* $ac_clean_files &&
+ exit $exit_status
+ ' 0
+for ac_signal in 1 2 13 15; do
+ trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -rf conftest* confdefs.h
+# AIX cpp loses on an empty file, so make sure it contains at least a newline.
+echo >confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer explicitly selected file to automatically selected ones.
+if test -z "$CONFIG_SITE"; then
+ if test "x$prefix" != xNONE; then
+ CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
+ else
+ CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
+ fi
+fi
+for ac_site_file in $CONFIG_SITE; do
+ if test -r "$ac_site_file"; then
+ { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
+echo "$as_me: loading site script $ac_site_file" >&6;}
+ sed 's/^/| /' "$ac_site_file" >&5
+ . "$ac_site_file"
+ fi
+done
+
+if test -r "$cache_file"; then
+ # Some versions of bash will fail to source /dev/null (special
+ # files actually), so we avoid doing that.
+ if test -f "$cache_file"; then
+ { echo "$as_me:$LINENO: loading cache $cache_file" >&5
+echo "$as_me: loading cache $cache_file" >&6;}
+ case $cache_file in
+ [\\/]* | ?:[\\/]* ) . $cache_file;;
+ *) . ./$cache_file;;
+ esac
+ fi
+else
+ { echo "$as_me:$LINENO: creating cache $cache_file" >&5
+echo "$as_me: creating cache $cache_file" >&6;}
+ >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in `(set) 2>&1 |
+ sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do
+ eval ac_old_set=\$ac_cv_env_${ac_var}_set
+ eval ac_new_set=\$ac_env_${ac_var}_set
+ eval ac_old_val="\$ac_cv_env_${ac_var}_value"
+ eval ac_new_val="\$ac_env_${ac_var}_value"
+ case $ac_old_set,$ac_new_set in
+ set,)
+ { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,set)
+ { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
+echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,);;
+ *)
+ if test "x$ac_old_val" != "x$ac_new_val"; then
+ { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
+echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ { echo "$as_me:$LINENO: former value: $ac_old_val" >&5
+echo "$as_me: former value: $ac_old_val" >&2;}
+ { echo "$as_me:$LINENO: current value: $ac_new_val" >&5
+echo "$as_me: current value: $ac_new_val" >&2;}
+ ac_cache_corrupted=:
+ fi;;
+ esac
+ # Pass precious variables to config.status.
+ if test "$ac_new_set" = set; then
+ case $ac_new_val in
+ *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
+ ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *) ac_arg=$ac_var=$ac_new_val ;;
+ esac
+ case " $ac_configure_args " in
+ *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+ *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+ esac
+ fi
+done
+if $ac_cache_corrupted; then
+ { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
+echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+ { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
+echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+am__api_version="1.9"
+ac_aux_dir=
+for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
+ if test -f $ac_dir/install-sh; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install-sh -c"
+ break
+ elif test -f $ac_dir/install.sh; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install.sh -c"
+ break
+ elif test -f $ac_dir/shtool; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/shtool install -c"
+ break
+ fi
+done
+if test -z "$ac_aux_dir"; then
+ { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5
+echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"
+ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure.
+
+# Find a good install program. We prefer a C program (faster),
+# so one script is as good as another. But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
+echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6
+if test -z "$INSTALL"; then
+if test "${ac_cv_path_install+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in
+ ./ | .// | /cC/* | \
+ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+ ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
+ /usr/ucb/* ) ;;
+ *)
+ # OSF1 and SCO ODT 3.0 have their own names for install.
+ # Don't use installbsd from OSF since it installs stuff as root
+ # by default.
+ for ac_prog in ginstall scoinst install; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
+ if test $ac_prog = install &&
+ grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # AIX install. It has an incompatible calling convention.
+ :
+ elif test $ac_prog = install &&
+ grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # program-specific install script used by HP pwplus--don't use.
+ :
+ else
+ ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ break 3
+ fi
+ fi
+ done
+ done
+ ;;
+esac
+done
+
+
+fi
+ if test "${ac_cv_path_install+set}" = set; then
+ INSTALL=$ac_cv_path_install
+ else
+ # As a last resort, use the slow shell script. We don't cache a
+ # path for INSTALL within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the path is relative.
+ INSTALL=$ac_install_sh
+ fi
+fi
+echo "$as_me:$LINENO: result: $INSTALL" >&5
+echo "${ECHO_T}$INSTALL" >&6
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+echo "$as_me:$LINENO: checking whether build environment is sane" >&5
+echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
+ if test "$*" = "X"; then
+ # -L didn't work.
+ set X `ls -t $srcdir/configure conftest.file`
+ fi
+ rm -f conftest.file
+ if test "$*" != "X $srcdir/configure conftest.file" \
+ && test "$*" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ { { echo "$as_me:$LINENO: error: ls -t appears to fail. Make sure there is not a broken
+alias in your environment" >&5
+echo "$as_me: error: ls -t appears to fail. Make sure there is not a broken
+alias in your environment" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ test "$2" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ { { echo "$as_me:$LINENO: error: newly created file is older than distributed files!
+Check your system clock" >&5
+echo "$as_me: error: newly created file is older than distributed files!
+Check your system clock" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+test "$program_prefix" != NONE &&
+ program_transform_name="s,^,$program_prefix,;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+ program_transform_name="s,\$,$program_suffix,;$program_transform_name"
+# Double any \ or $. echo might interpret backslashes.
+# By default was `s,x,x', remove it if useless.
+cat <<\_ACEOF >conftest.sed
+s/[\\$]/&&/g;s/;s,x,x,$//
+_ACEOF
+program_transform_name=`echo $program_transform_name | sed -f conftest.sed`
+rm conftest.sed
+
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+
+test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+ am_missing_run="$MISSING --run "
+else
+ am_missing_run=
+ { echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5
+echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
+ # We used to keeping the `.' as first argument, in order to
+ # allow $(mkdir_p) to be used without argument. As in
+ # $(mkdir_p) $(somedir)
+ # where $(somedir) is conditionally defined. However this is wrong
+ # for two reasons:
+ # 1. if the package is installed by a user who cannot write `.'
+ # make install will fail,
+ # 2. the above comment should most certainly read
+ # $(mkdir_p) $(DESTDIR)$(somedir)
+ # so it does not work when $(somedir) is undefined and
+ # $(DESTDIR) is not.
+ # To support the latter case, we have to write
+ # test -z "$(somedir)" || $(mkdir_p) $(DESTDIR)$(somedir),
+ # so the `.' trick is pointless.
+ mkdir_p='mkdir -p --'
+else
+ # On NextStep and OpenStep, the `mkdir' command does not
+ # recognize any option. It will interpret all options as
+ # directories to create, and then abort because `.' already
+ # exists.
+ for d in ./-p ./--version;
+ do
+ test -d $d && rmdir $d
+ done
+ # $(mkinstalldirs) is defined by Automake if mkinstalldirs exists.
+ if test -f "$ac_aux_dir/mkinstalldirs"; then
+ mkdir_p='$(mkinstalldirs)'
+ else
+ mkdir_p='$(install_sh) -d'
+ fi
+fi
+
+for ac_prog in gawk mawk nawk awk
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_AWK+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$AWK"; then
+ ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_AWK="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+ echo "$as_me:$LINENO: result: $AWK" >&5
+echo "${ECHO_T}$AWK" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ test -n "$AWK" && break
+done
+
+echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6
+set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y,:./+-,___p_,'`
+if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.make <<\_ACEOF
+all:
+ @echo 'ac_maketemp="$(MAKE)"'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+eval `${MAKE-make} -f conftest.make 2>/dev/null | grep temp=`
+if test -n "$ac_maketemp"; then
+ eval ac_cv_prog_make_${ac_make}_set=yes
+else
+ eval ac_cv_prog_make_${ac_make}_set=no
+fi
+rm -f conftest.make
+fi
+if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+ SET_MAKE=
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+ SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+ am__leading_dot=.
+else
+ am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+# test to see if srcdir already configured
+if test "`cd $srcdir && pwd`" != "`pwd`" &&
+ test -f $srcdir/config.status; then
+ { { echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5
+echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+ if (cygpath --version) >/dev/null 2>/dev/null; then
+ CYGPATH_W='cygpath -w'
+ else
+ CYGPATH_W=echo
+ fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE=main
+ VERSION=0.0.1
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+install_sh=${install_sh-"$am_aux_dir/install-sh"}
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'. However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_STRIP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ echo "$as_me:$LINENO: result: $STRIP" >&5
+echo "${ECHO_T}$STRIP" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+ test -z "$ac_cv_prog_ac_ct_STRIP" && ac_cv_prog_ac_ct_STRIP=":"
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+echo "${ECHO_T}$ac_ct_STRIP" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ STRIP=$ac_ct_STRIP
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s"
+
+# We need awk for the "check" target. The system "awk" is bad on
+# some platforms.
+# Always define AMTAR for backward compatibility.
+
+AMTAR=${AMTAR-"${am_missing_run}tar"}
+
+am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+
+
+
+
+
+ ac_config_headers="$ac_config_headers src/config.h"
+
+
+
+# Find a good install program. We prefer a C program (faster),
+# so one script is as good as another. But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
+echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6
+if test -z "$INSTALL"; then
+if test "${ac_cv_path_install+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in
+ ./ | .// | /cC/* | \
+ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+ ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
+ /usr/ucb/* ) ;;
+ *)
+ # OSF1 and SCO ODT 3.0 have their own names for install.
+ # Don't use installbsd from OSF since it installs stuff as root
+ # by default.
+ for ac_prog in ginstall scoinst install; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
+ if test $ac_prog = install &&
+ grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # AIX install. It has an incompatible calling convention.
+ :
+ elif test $ac_prog = install &&
+ grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # program-specific install script used by HP pwplus--don't use.
+ :
+ else
+ ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ break 3
+ fi
+ fi
+ done
+ done
+ ;;
+esac
+done
+
+
+fi
+ if test "${ac_cv_path_install+set}" = set; then
+ INSTALL=$ac_cv_path_install
+ else
+ # As a last resort, use the slow shell script. We don't cache a
+ # path for INSTALL within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the path is relative.
+ INSTALL=$ac_install_sh
+ fi
+fi
+echo "$as_me:$LINENO: result: $INSTALL" >&5
+echo "${ECHO_T}$INSTALL" >&6
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+ac_ext=cc
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ for ac_prog in $CCC g++ c++ gpp aCC CC cxx cc++ cl FCC KCC RCC xlC_r xlC
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CXX+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CXX"; then
+ ac_cv_prog_CXX="$CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+CXX=$ac_cv_prog_CXX
+if test -n "$CXX"; then
+ echo "$as_me:$LINENO: result: $CXX" >&5
+echo "${ECHO_T}$CXX" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ test -n "$CXX" && break
+ done
+fi
+if test -z "$CXX"; then
+ ac_ct_CXX=$CXX
+ for ac_prog in $CCC g++ c++ gpp aCC CC cxx cc++ cl FCC KCC RCC xlC_r xlC
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_CXX"; then
+ ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CXX="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
+if test -n "$ac_ct_CXX"; then
+ echo "$as_me:$LINENO: result: $ac_ct_CXX" >&5
+echo "${ECHO_T}$ac_ct_CXX" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ test -n "$ac_ct_CXX" && break
+done
+test -n "$ac_ct_CXX" || ac_ct_CXX="g++"
+
+ CXX=$ac_ct_CXX
+fi
+
+
+# Provide some information about the compiler.
+echo "$as_me:$LINENO:" \
+ "checking for C++ compiler version" >&5
+ac_compiler=`set X $ac_compile; echo $2`
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
+ (eval $ac_compiler --version </dev/null >&5) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5
+ (eval $ac_compiler -v </dev/null >&5) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5
+ (eval $ac_compiler -V </dev/null >&5) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+echo "$as_me:$LINENO: checking for C++ compiler default output file name" >&5
+echo $ECHO_N "checking for C++ compiler default output file name... $ECHO_C" >&6
+ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5
+ (eval $ac_link_default) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ # Find the output, starting from the most likely. This scheme is
+# not robust to junk in `.', hence go to wildcards (a.*) only as a last
+# resort.
+
+# Be careful to initialize this variable, since it used to be cached.
+# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile.
+ac_cv_exeext=
+# b.out is created by i960 compilers.
+for ac_file in a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out
+do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj )
+ ;;
+ conftest.$ac_ext )
+ # This is the source file.
+ ;;
+ [ab].out )
+ # We found the default executable, but exeext='' is most
+ # certainly right.
+ break;;
+ *.* )
+ ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ # FIXME: I believe we export ac_cv_exeext for Libtool,
+ # but it would be cool to find out if it's true. Does anybody
+ # maintain Libtool? --akim.
+ export ac_cv_exeext
+ break;;
+ * )
+ break;;
+ esac
+done
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { echo "$as_me:$LINENO: error: C++ compiler cannot create executables
+See \`config.log' for more details." >&5
+echo "$as_me: error: C++ compiler cannot create executables
+See \`config.log' for more details." >&2;}
+ { (exit 77); exit 77; }; }
+fi
+
+ac_exeext=$ac_cv_exeext
+echo "$as_me:$LINENO: result: $ac_file" >&5
+echo "${ECHO_T}$ac_file" >&6
+
+# Check the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+echo "$as_me:$LINENO: checking whether the C++ compiler works" >&5
+echo $ECHO_N "checking whether the C++ compiler works... $ECHO_C" >&6
+# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
+# If not cross compiling, check that we can run a simple program.
+if test "$cross_compiling" != yes; then
+ if { ac_try='./$ac_file'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ cross_compiling=no
+ else
+ if test "$cross_compiling" = maybe; then
+ cross_compiling=yes
+ else
+ { { echo "$as_me:$LINENO: error: cannot run C++ compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot run C++ compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ fi
+fi
+echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+
+rm -f a.out a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+# Check the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
+echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6
+echo "$as_me:$LINENO: result: $cross_compiling" >&5
+echo "${ECHO_T}$cross_compiling" >&6
+
+echo "$as_me:$LINENO: checking for suffix of executables" >&5
+echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;;
+ *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ export ac_cv_exeext
+ break;;
+ * ) break;;
+ esac
+done
+else
+ { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+rm -f conftest$ac_cv_exeext
+echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
+echo "${ECHO_T}$ac_cv_exeext" >&6
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+echo "$as_me:$LINENO: checking for suffix of object files" >&5
+echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6
+if test "${ac_cv_objext+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg ) ;;
+ *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+ break;;
+ esac
+done
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
+echo "${ECHO_T}$ac_cv_objext" >&6
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+echo "$as_me:$LINENO: checking whether we are using the GNU C++ compiler" >&5
+echo $ECHO_N "checking whether we are using the GNU C++ compiler... $ECHO_C" >&6
+if test "${ac_cv_cxx_compiler_gnu+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_compiler_gnu=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_compiler_gnu=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_cxx_compiler_gnu" >&5
+echo "${ECHO_T}$ac_cv_cxx_compiler_gnu" >&6
+GXX=`test $ac_compiler_gnu = yes && echo yes`
+ac_test_CXXFLAGS=${CXXFLAGS+set}
+ac_save_CXXFLAGS=$CXXFLAGS
+CXXFLAGS="-g"
+echo "$as_me:$LINENO: checking whether $CXX accepts -g" >&5
+echo $ECHO_N "checking whether $CXX accepts -g... $ECHO_C" >&6
+if test "${ac_cv_prog_cxx_g+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_prog_cxx_g=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_prog_cxx_g=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_prog_cxx_g" >&5
+echo "${ECHO_T}$ac_cv_prog_cxx_g" >&6
+if test "$ac_test_CXXFLAGS" = set; then
+ CXXFLAGS=$ac_save_CXXFLAGS
+elif test $ac_cv_prog_cxx_g = yes; then
+ if test "$GXX" = yes; then
+ CXXFLAGS="-g -O2"
+ else
+ CXXFLAGS="-g"
+ fi
+else
+ if test "$GXX" = yes; then
+ CXXFLAGS="-O2"
+ else
+ CXXFLAGS=
+ fi
+fi
+for ac_declaration in \
+ '' \
+ 'extern "C" void std::exit (int) throw (); using std::exit;' \
+ 'extern "C" void std::exit (int); using std::exit;' \
+ 'extern "C" void exit (int) throw ();' \
+ 'extern "C" void exit (int);' \
+ 'void exit (int);'
+do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_declaration
+#include <stdlib.h>
+int
+main ()
+{
+exit (42);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+continue
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_declaration
+int
+main ()
+{
+exit (42);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+rm -f conftest*
+if test -n "$ac_declaration"; then
+ echo '#ifdef __cplusplus' >>confdefs.h
+ echo $ac_declaration >>confdefs.h
+ echo '#endif' >>confdefs.h
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+DEPDIR="${am__leading_dot}deps"
+
+ ac_config_commands="$ac_config_commands depfiles"
+
+
+am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+ @echo done
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5
+echo $ECHO_N "checking for style of include used by $am_make... $ECHO_C" >&6
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# We grep out `Entering directory' and `Leaving directory'
+# messages which can occur if `w' ends up in MAKEFLAGS.
+# In particular we don't look at `^make:' because GNU make might
+# be invoked under some other name (usually "gmake"), in which
+# case it prints its new name instead of `make'.
+if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then
+ am__include=include
+ am__quote=
+ _am_result=GNU
+fi
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+ echo '.include "confinc"' > confmf
+ if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
+ am__include=.include
+ am__quote="\""
+ _am_result=BSD
+ fi
+fi
+
+
+echo "$as_me:$LINENO: result: $_am_result" >&5
+echo "${ECHO_T}$_am_result" >&6
+rm -f confinc confmf
+
+# Check whether --enable-dependency-tracking or --disable-dependency-tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then
+ enableval="$enable_dependency_tracking"
+
+fi;
+if test "x$enable_dependency_tracking" != xno; then
+ am_depcomp="$ac_aux_dir/depcomp"
+ AMDEPBACKSLASH='\'
+fi
+
+
+if test "x$enable_dependency_tracking" != xno; then
+ AMDEP_TRUE=
+ AMDEP_FALSE='#'
+else
+ AMDEP_TRUE='#'
+ AMDEP_FALSE=
+fi
+
+
+
+
+depcc="$CXX" am_compiler_list=
+
+echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
+echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6
+if test "${am_cv_CXX_dependencies_compiler_type+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_CXX_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+ fi
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ case $depmode in
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ none) break ;;
+ esac
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this.
+ if depmode=$depmode \
+ source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_CXX_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_CXX_dependencies_compiler_type=none
+fi
+
+fi
+echo "$as_me:$LINENO: result: $am_cv_CXX_dependencies_compiler_type" >&5
+echo "${ECHO_T}$am_cv_CXX_dependencies_compiler_type" >&6
+CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type
+
+
+
+if
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then
+ am__fastdepCXX_TRUE=
+ am__fastdepCXX_FALSE='#'
+else
+ am__fastdepCXX_TRUE='#'
+ am__fastdepCXX_FALSE=
+fi
+
+
+# Check whether --enable-shared or --disable-shared was given.
+if test "${enable_shared+set}" = set; then
+ enableval="$enable_shared"
+ p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_shared=yes ;;
+ no) enable_shared=no ;;
+ *)
+ enable_shared=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_shared=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_shared=yes
+fi;
+
+# Check whether --enable-static or --disable-static was given.
+if test "${enable_static+set}" = set; then
+ enableval="$enable_static"
+ p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_static=yes ;;
+ no) enable_static=no ;;
+ *)
+ enable_static=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_static=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_static=yes
+fi;
+
+# Check whether --enable-fast-install or --disable-fast-install was given.
+if test "${enable_fast_install+set}" = set; then
+ enableval="$enable_fast_install"
+ p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_fast_install=yes ;;
+ no) enable_fast_install=no ;;
+ *)
+ enable_fast_install=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_fast_install=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_fast_install=yes
+fi;
+
+# Make sure we can run config.sub.
+$ac_config_sub sun4 >/dev/null 2>&1 ||
+ { { echo "$as_me:$LINENO: error: cannot run $ac_config_sub" >&5
+echo "$as_me: error: cannot run $ac_config_sub" >&2;}
+ { (exit 1); exit 1; }; }
+
+echo "$as_me:$LINENO: checking build system type" >&5
+echo $ECHO_N "checking build system type... $ECHO_C" >&6
+if test "${ac_cv_build+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_build_alias=$build_alias
+test -z "$ac_cv_build_alias" &&
+ ac_cv_build_alias=`$ac_config_guess`
+test -z "$ac_cv_build_alias" &&
+ { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
+echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
+ { (exit 1); exit 1; }; }
+ac_cv_build=`$ac_config_sub $ac_cv_build_alias` ||
+ { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_build_alias failed" >&5
+echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed" >&2;}
+ { (exit 1); exit 1; }; }
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_build" >&5
+echo "${ECHO_T}$ac_cv_build" >&6
+build=$ac_cv_build
+build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+
+
+echo "$as_me:$LINENO: checking host system type" >&5
+echo $ECHO_N "checking host system type... $ECHO_C" >&6
+if test "${ac_cv_host+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_host_alias=$host_alias
+test -z "$ac_cv_host_alias" &&
+ ac_cv_host_alias=$ac_cv_build_alias
+ac_cv_host=`$ac_config_sub $ac_cv_host_alias` ||
+ { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_host_alias failed" >&5
+echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;}
+ { (exit 1); exit 1; }; }
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_host" >&5
+echo "${ECHO_T}$ac_cv_host" >&6
+host=$ac_cv_host
+host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}gcc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="gcc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ CC=$ac_ct_CC
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}cc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="cc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ CC=$ac_ct_CC
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+fi
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $# != 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in cl
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ test -n "$CC" && break
+ done
+fi
+if test -z "$CC"; then
+ ac_ct_CC=$CC
+ for ac_prog in cl
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ test -n "$ac_ct_CC" && break
+done
+
+ CC=$ac_ct_CC
+fi
+
+fi
+
+
+test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&5
+echo "$as_me: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+
+# Provide some information about the compiler.
+echo "$as_me:$LINENO:" \
+ "checking for C compiler version" >&5
+ac_compiler=`set X $ac_compile; echo $2`
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
+ (eval $ac_compiler --version </dev/null >&5) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5
+ (eval $ac_compiler -v </dev/null >&5) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5
+ (eval $ac_compiler -V </dev/null >&5) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+
+echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
+echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6
+if test "${ac_cv_c_compiler_gnu+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_compiler_gnu=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_compiler_gnu=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
+echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6
+GCC=`test $ac_compiler_gnu = yes && echo yes`
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+CFLAGS="-g"
+echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
+echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6
+if test "${ac_cv_prog_cc_g+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_prog_cc_g=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_prog_cc_g=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_g" >&6
+if test "$ac_test_CFLAGS" = set; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
+else
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
+fi
+echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5
+echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6
+if test "${ac_cv_prog_cc_stdc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_prog_cc_stdc=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not '\xHH' hex character constants.
+ These don't provoke an error unfortunately, instead are silently treated
+ as 'x'. The following induces an error, until -std1 is added to get
+ proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
+ array size at least. It's necessary to write '\x00'==0 to get something
+ that's true only with -std1. */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
+ ;
+ return 0;
+}
+_ACEOF
+# Don't try gcc -ansi; that turns off useful extensions and
+# breaks some systems' header files.
+# AIX -qlanglvl=ansi
+# Ultrix and OSF/1 -std1
+# HP-UX 10.20 and later -Ae
+# HP-UX older versions -Aa -D_HPUX_SOURCE
+# SVR4 -Xc -D__EXTENSIONS__
+for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+ CC="$ac_save_CC $ac_arg"
+ rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_prog_cc_stdc=$ac_arg
+break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext
+done
+rm -f conftest.$ac_ext conftest.$ac_objext
+CC=$ac_save_CC
+
+fi
+
+case "x$ac_cv_prog_cc_stdc" in
+ x|xno)
+ echo "$as_me:$LINENO: result: none needed" >&5
+echo "${ECHO_T}none needed" >&6 ;;
+ *)
+ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6
+ CC="$CC $ac_cv_prog_cc_stdc" ;;
+esac
+
+# Some people use a C++ compiler to compile C. Since we use `exit',
+# in C++ we need to declare it. In case someone uses the same compiler
+# for both compiling C and C++ we need to have the C++ compiler decide
+# the declaration of exit, since it's the most demanding environment.
+cat >conftest.$ac_ext <<_ACEOF
+#ifndef __cplusplus
+ choke me
+#endif
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ for ac_declaration in \
+ '' \
+ 'extern "C" void std::exit (int) throw (); using std::exit;' \
+ 'extern "C" void std::exit (int); using std::exit;' \
+ 'extern "C" void exit (int) throw ();' \
+ 'extern "C" void exit (int);' \
+ 'void exit (int);'
+do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_declaration
+#include <stdlib.h>
+int
+main ()
+{
+exit (42);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+continue
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_declaration
+int
+main ()
+{
+exit (42);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+rm -f conftest*
+if test -n "$ac_declaration"; then
+ echo '#ifdef __cplusplus' >>confdefs.h
+ echo $ac_declaration >>confdefs.h
+ echo '#endif' >>confdefs.h
+fi
+
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CC" am_compiler_list=
+
+echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
+echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6
+if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_CC_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+ fi
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ case $depmode in
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ none) break ;;
+ esac
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this.
+ if depmode=$depmode \
+ source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_CC_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
+echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+
+
+if
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+ am__fastdepCC_TRUE=
+ am__fastdepCC_FALSE='#'
+else
+ am__fastdepCC_TRUE='#'
+ am__fastdepCC_FALSE=
+fi
+
+
+echo "$as_me:$LINENO: checking for a sed that does not truncate output" >&5
+echo $ECHO_N "checking for a sed that does not truncate output... $ECHO_C" >&6
+if test "${lt_cv_path_SED+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # Loop through the user's path and test for sed and gsed.
+# Then use that list of sed's as ones to test for truncation.
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for lt_ac_prog in sed gsed; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
+ lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
+ fi
+ done
+ done
+done
+lt_ac_max=0
+lt_ac_count=0
+# Add /usr/xpg4/bin/sed as it is typically found on Solaris
+# along with /bin/sed that truncates output.
+for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
+ test ! -f $lt_ac_sed && continue
+ cat /dev/null > conftest.in
+ lt_ac_count=0
+ echo $ECHO_N "0123456789$ECHO_C" >conftest.in
+ # Check for GNU sed and select it if it is found.
+ if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
+ lt_cv_path_SED=$lt_ac_sed
+ break
+ fi
+ while true; do
+ cat conftest.in conftest.in >conftest.tmp
+ mv conftest.tmp conftest.in
+ cp conftest.in conftest.nl
+ echo >>conftest.nl
+ $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
+ cmp -s conftest.out conftest.nl || break
+ # 10000 chars as input seems more than enough
+ test $lt_ac_count -gt 10 && break
+ lt_ac_count=`expr $lt_ac_count + 1`
+ if test $lt_ac_count -gt $lt_ac_max; then
+ lt_ac_max=$lt_ac_count
+ lt_cv_path_SED=$lt_ac_sed
+ fi
+ done
+done
+
+fi
+
+SED=$lt_cv_path_SED
+echo "$as_me:$LINENO: result: $SED" >&5
+echo "${ECHO_T}$SED" >&6
+
+echo "$as_me:$LINENO: checking for egrep" >&5
+echo $ECHO_N "checking for egrep... $ECHO_C" >&6
+if test "${ac_cv_prog_egrep+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if echo a | (grep -E '(a|b)') >/dev/null 2>&1
+ then ac_cv_prog_egrep='grep -E'
+ else ac_cv_prog_egrep='egrep'
+ fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5
+echo "${ECHO_T}$ac_cv_prog_egrep" >&6
+ EGREP=$ac_cv_prog_egrep
+
+
+
+# Check whether --with-gnu-ld or --without-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then
+ withval="$with_gnu_ld"
+ test "$withval" = no || with_gnu_ld=yes
+else
+ with_gnu_ld=no
+fi;
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ echo "$as_me:$LINENO: checking for ld used by $CC" >&5
+echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [\\/]* | ?:[\\/]*)
+ re_direlt='/[^/][^/]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'`
+ while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ echo "$as_me:$LINENO: checking for GNU ld" >&5
+echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6
+else
+ echo "$as_me:$LINENO: checking for non-GNU ld" >&5
+echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6
+fi
+if test "${lt_cv_path_LD+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some GNU ld's only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ echo "$as_me:$LINENO: result: $LD" >&5
+echo "${ECHO_T}$LD" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5
+echo "$as_me: error: no acceptable ld found in \$PATH" >&2;}
+ { (exit 1); exit 1; }; }
+echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5
+echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6
+if test "${lt_cv_prog_gnu_ld+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # I'd rather use --version here, but apparently some GNU ld's only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_gnu_ld" >&5
+echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+echo "$as_me:$LINENO: checking for $LD option to reload object files" >&5
+echo $ECHO_N "checking for $LD option to reload object files... $ECHO_C" >&6
+if test "${lt_cv_ld_reload_flag+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_ld_reload_flag='-r'
+fi
+echo "$as_me:$LINENO: result: $lt_cv_ld_reload_flag" >&5
+echo "${ECHO_T}$lt_cv_ld_reload_flag" >&6
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+ darwin*)
+ if test "$GCC" = yes; then
+ reload_cmds='$CC -nostdlib ${wl}-r -o $output$reload_objs'
+ else
+ reload_cmds='$LD$reload_flag -o $output$reload_objs'
+ fi
+ ;;
+esac
+
+echo "$as_me:$LINENO: checking for BSD-compatible nm" >&5
+echo $ECHO_N "checking for BSD-compatible nm... $ECHO_C" >&6
+if test "${lt_cv_path_NM+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$NM"; then
+ # Let the user override the test.
+ lt_cv_path_NM="$NM"
+else
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH /usr/ccs/bin /usr/ucb /bin; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ tmp_nm="$ac_dir/${ac_tool_prefix}nm"
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+ # Check to see if the nm accepts a BSD-compat flag.
+ # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+ # nm: unknown option "B" ignored
+ # Tru64's nm complains that /dev/null is an invalid object file
+ case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+ */dev/null* | *'Invalid file or object type'*)
+ lt_cv_path_NM="$tmp_nm -B"
+ break
+ ;;
+ *)
+ case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+ */dev/null*)
+ lt_cv_path_NM="$tmp_nm -p"
+ break
+ ;;
+ *)
+ lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+ continue # so that we can try to find one that supports BSD flags
+ ;;
+ esac
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+ test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm
+fi
+fi
+echo "$as_me:$LINENO: result: $lt_cv_path_NM" >&5
+echo "${ECHO_T}$lt_cv_path_NM" >&6
+NM="$lt_cv_path_NM"
+
+echo "$as_me:$LINENO: checking whether ln -s works" >&5
+echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+ echo "$as_me:$LINENO: result: no, using $LN_S" >&5
+echo "${ECHO_T}no, using $LN_S" >&6
+fi
+
+echo "$as_me:$LINENO: checking how to recognise dependent libraries" >&5
+echo $ECHO_N "checking how to recognise dependent libraries... $ECHO_C" >&6
+if test "${lt_cv_deplibs_check_method+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix4* | aix5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+beos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+bsdi[45]*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
+ lt_cv_file_magic_cmd='/usr/bin/file -L'
+ lt_cv_file_magic_test_file=/shlib/libc.so
+ ;;
+
+cygwin*)
+ # func_win32_libid is a shell function defined in ltmain.sh
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ ;;
+
+mingw* | pw32*)
+ # Base MSYS/MinGW do not provide the 'file' command needed by
+ # func_win32_libid shell function, so use a weaker test based on 'objdump'.
+ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
+darwin* | rhapsody*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+freebsd* | kfreebsd*-gnu | dragonfly*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+ case $host_cpu in
+ i*86 )
+ # Not sure whether the presence of OpenBSD here was a mistake.
+ # Let's accept both of them until this is cleared up.
+ lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+ ;;
+ esac
+ else
+ lt_cv_deplibs_check_method=pass_all
+ fi
+ ;;
+
+gnu*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+hpux10.20* | hpux11*)
+ lt_cv_file_magic_cmd=/usr/bin/file
+ case "$host_cpu" in
+ ia64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
+ lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+ ;;
+ hppa*64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'
+ lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+ ;;
+ *)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
+ lt_cv_file_magic_test_file=/usr/lib/libc.sl
+ ;;
+ esac
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $LD in
+ *-32|*"-32 ") libmagic=32-bit;;
+ *-n32|*"-n32 ") libmagic=N32;;
+ *-64|*"-64 ") libmagic=64-bit;;
+ *) libmagic=never-match;;
+ esac
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
+ fi
+ ;;
+
+newos6*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=/usr/lib/libnls.so
+ ;;
+
+nto-qnx*)
+ lt_cv_deplibs_check_method=unknown
+ ;;
+
+openbsd*)
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ fi
+ ;;
+
+osf3* | osf4* | osf5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sco3.2v5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+solaris*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ case $host_vendor in
+ motorola)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+ ;;
+ ncr)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ sequent)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
+ ;;
+ sni)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
+ lt_cv_file_magic_test_file=/lib/libc.so
+ ;;
+ siemens)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ esac
+ ;;
+
+sysv5OpenUNIX8* | sysv5UnixWare7* | sysv5uw[78]* | unixware7* | sysv4*uw2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+esac
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_deplibs_check_method" >&5
+echo "${ECHO_T}$lt_cv_deplibs_check_method" >&6
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# Check whether --enable-libtool-lock or --disable-libtool-lock was given.
+if test "${enable_libtool_lock+set}" = set; then
+ enableval="$enable_libtool_lock"
+
+fi;
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *ELF-32*)
+ HPUX_IA64_MODE="32"
+ ;;
+ *ELF-64*)
+ HPUX_IA64_MODE="64"
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+*-*-irix6*)
+ # Find out which ABI we are using.
+ echo '#line 4194 "configure"' > conftest.$ac_ext
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -melf32bsmip"
+ ;;
+ *N32*)
+ LD="${LD-ld} -melf32bmipn32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -melf64bmip"
+ ;;
+ esac
+ else
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -32"
+ ;;
+ *N32*)
+ LD="${LD-ld} -n32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -64"
+ ;;
+ esac
+ fi
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ case "`/usr/bin/file conftest.o`" in
+ *32-bit*)
+ case $host in
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ ppc64-*linux*|powerpc64-*linux*)
+ LD="${LD-ld} -m elf32ppclinux"
+ ;;
+ s390x-*linux*)
+ LD="${LD-ld} -m elf_s390"
+ ;;
+ sparc64-*linux*)
+ LD="${LD-ld} -m elf32_sparc"
+ ;;
+ esac
+ ;;
+ *64-bit*)
+ case $host in
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ ppc*-*linux*|powerpc*-*linux*)
+ LD="${LD-ld} -m elf64ppc"
+ ;;
+ s390*-*linux*)
+ LD="${LD-ld} -m elf64_s390"
+ ;;
+ sparc*-*linux*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+*-*-sco3.2v5*)
+ # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+ SAVE_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -belf"
+ echo "$as_me:$LINENO: checking whether the C compiler needs -belf" >&5
+echo $ECHO_N "checking whether the C compiler needs -belf... $ECHO_C" >&6
+if test "${lt_cv_cc_needs_belf+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ lt_cv_cc_needs_belf=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+lt_cv_cc_needs_belf=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_cc_needs_belf" >&5
+echo "${ECHO_T}$lt_cv_cc_needs_belf" >&6
+ if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+ # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+ CFLAGS="$SAVE_CFLAGS"
+ fi
+ ;;
+
+esac
+
+need_locks="$enable_libtool_lock"
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
+echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+ if test "${ac_cv_prog_CPP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # Double quotes because CPP needs to be expanded
+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether non-existent headers
+ # can be detected and how.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ # Broken: success on invalid input.
+continue
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+ break
+fi
+
+ done
+ ac_cv_prog_CPP=$CPP
+
+fi
+ CPP=$ac_cv_prog_CPP
+else
+ ac_cv_prog_CPP=$CPP
+fi
+echo "$as_me:$LINENO: result: $CPP" >&5
+echo "${ECHO_T}$CPP" >&6
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether non-existent headers
+ # can be detected and how.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ # Broken: success on invalid input.
+continue
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+ :
+else
+ { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." >&5
+echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+echo "$as_me:$LINENO: checking for ANSI C header files" >&5
+echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
+if test "${ac_cv_header_stdc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_header_stdc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_header_stdc=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then
+ :
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then
+ :
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then
+ :
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ctype.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ exit(2);
+ exit (0);
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ :
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_header_stdc=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
+echo "${ECHO_T}$ac_cv_header_stdc" >&6
+if test $ac_cv_header_stdc = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define STDC_HEADERS 1
+_ACEOF
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+
+
+
+
+
+
+
+
+
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+ inttypes.h stdint.h unistd.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_Header=no"
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in dlfcn.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## ------------------------------------------ ##
+## Report this to the AC_PACKAGE_NAME lists. ##
+## ------------------------------------------ ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ ac_ext=cc
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+echo "$as_me:$LINENO: checking how to run the C++ preprocessor" >&5
+echo $ECHO_N "checking how to run the C++ preprocessor... $ECHO_C" >&6
+if test -z "$CXXCPP"; then
+ if test "${ac_cv_prog_CXXCPP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # Double quotes because CXXCPP needs to be expanded
+ for CXXCPP in "$CXX -E" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_cxx_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_cxx_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_cxx_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether non-existent headers
+ # can be detected and how.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_cxx_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_cxx_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ # Broken: success on invalid input.
+continue
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+ break
+fi
+
+ done
+ ac_cv_prog_CXXCPP=$CXXCPP
+
+fi
+ CXXCPP=$ac_cv_prog_CXXCPP
+else
+ ac_cv_prog_CXXCPP=$CXXCPP
+fi
+echo "$as_me:$LINENO: result: $CXXCPP" >&5
+echo "${ECHO_T}$CXXCPP" >&6
+ac_preproc_ok=false
+for ac_cxx_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_cxx_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_cxx_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether non-existent headers
+ # can be detected and how.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_cxx_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_cxx_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ # Broken: success on invalid input.
+continue
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+ :
+else
+ { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+See \`config.log' for more details." >&5
+echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+ac_ext=cc
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+fi
+
+
+ac_ext=f
+ac_compile='$F77 -c $FFLAGS conftest.$ac_ext >&5'
+ac_link='$F77 -o conftest$ac_exeext $FFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_f77_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ for ac_prog in g77 f77 xlf frt pgf77 fort77 fl32 af77 f90 xlf90 pgf90 epcf90 f95 fort xlf95 ifc efc pgf95 lf95 gfortran
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_F77+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$F77"; then
+ ac_cv_prog_F77="$F77" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_F77="$ac_tool_prefix$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+F77=$ac_cv_prog_F77
+if test -n "$F77"; then
+ echo "$as_me:$LINENO: result: $F77" >&5
+echo "${ECHO_T}$F77" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ test -n "$F77" && break
+ done
+fi
+if test -z "$F77"; then
+ ac_ct_F77=$F77
+ for ac_prog in g77 f77 xlf frt pgf77 fort77 fl32 af77 f90 xlf90 pgf90 epcf90 f95 fort xlf95 ifc efc pgf95 lf95 gfortran
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_F77+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_F77"; then
+ ac_cv_prog_ac_ct_F77="$ac_ct_F77" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_F77="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+ac_ct_F77=$ac_cv_prog_ac_ct_F77
+if test -n "$ac_ct_F77"; then
+ echo "$as_me:$LINENO: result: $ac_ct_F77" >&5
+echo "${ECHO_T}$ac_ct_F77" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ test -n "$ac_ct_F77" && break
+done
+
+ F77=$ac_ct_F77
+fi
+
+
+# Provide some information about the compiler.
+echo "$as_me:5309:" \
+ "checking for Fortran 77 compiler version" >&5
+ac_compiler=`set X $ac_compile; echo $2`
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
+ (eval $ac_compiler --version </dev/null >&5) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5
+ (eval $ac_compiler -v </dev/null >&5) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5
+ (eval $ac_compiler -V </dev/null >&5) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+rm -f a.out
+
+# If we don't use `.F' as extension, the preprocessor is not run on the
+# input file. (Note that this only needs to work for GNU compilers.)
+ac_save_ext=$ac_ext
+ac_ext=F
+echo "$as_me:$LINENO: checking whether we are using the GNU Fortran 77 compiler" >&5
+echo $ECHO_N "checking whether we are using the GNU Fortran 77 compiler... $ECHO_C" >&6
+if test "${ac_cv_f77_compiler_gnu+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+ program main
+#ifndef __GNUC__
+ choke me
+#endif
+
+ end
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_f77_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_compiler_gnu=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_compiler_gnu=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_f77_compiler_gnu=$ac_compiler_gnu
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_f77_compiler_gnu" >&5
+echo "${ECHO_T}$ac_cv_f77_compiler_gnu" >&6
+ac_ext=$ac_save_ext
+ac_test_FFLAGS=${FFLAGS+set}
+ac_save_FFLAGS=$FFLAGS
+FFLAGS=
+echo "$as_me:$LINENO: checking whether $F77 accepts -g" >&5
+echo $ECHO_N "checking whether $F77 accepts -g... $ECHO_C" >&6
+if test "${ac_cv_prog_f77_g+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ FFLAGS=-g
+cat >conftest.$ac_ext <<_ACEOF
+ program main
+
+ end
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_f77_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_prog_f77_g=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_prog_f77_g=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_prog_f77_g" >&5
+echo "${ECHO_T}$ac_cv_prog_f77_g" >&6
+if test "$ac_test_FFLAGS" = set; then
+ FFLAGS=$ac_save_FFLAGS
+elif test $ac_cv_prog_f77_g = yes; then
+ if test "x$ac_cv_f77_compiler_gnu" = xyes; then
+ FFLAGS="-g -O2"
+ else
+ FFLAGS="-g"
+ fi
+else
+ if test "x$ac_cv_f77_compiler_gnu" = xyes; then
+ FFLAGS="-O2"
+ else
+ FFLAGS=
+ fi
+fi
+
+G77=`test $ac_compiler_gnu = yes && echo yes`
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+# Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers!
+
+# find the maximum length of command line arguments
+echo "$as_me:$LINENO: checking the maximum length of command line arguments" >&5
+echo $ECHO_N "checking the maximum length of command line arguments... $ECHO_C" >&6
+if test "${lt_cv_sys_max_cmd_len+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ i=0
+ teststring="ABCD"
+
+ case $build_os in
+ msdosdjgpp*)
+ # On DJGPP, this test can blow up pretty badly due to problems in libc
+ # (any single argument exceeding 2000 bytes causes a buffer overrun
+ # during glob expansion). Even if it were fixed, the result of this
+ # check would be larger than it should be.
+ lt_cv_sys_max_cmd_len=12288; # 12K is about right
+ ;;
+
+ gnu*)
+ # Under GNU Hurd, this test is not required because there is
+ # no limit to the length of command line arguments.
+ # Libtool will interpret -1 as no limit whatsoever
+ lt_cv_sys_max_cmd_len=-1;
+ ;;
+
+ cygwin* | mingw*)
+ # On Win9x/ME, this test blows up -- it succeeds, but takes
+ # about 5 minutes as the teststring grows exponentially.
+ # Worse, since 9x/ME are not pre-emptively multitasking,
+ # you end up with a "frozen" computer, even though with patience
+ # the test eventually succeeds (with a max line length of 256k).
+ # Instead, let's just punt: use the minimum linelength reported by
+ # all of the supported platforms: 8192 (on NT/2K/XP).
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ amigaos*)
+ # On AmigaOS with pdksh, this test takes hours, literally.
+ # So we just punt and use a minimum line length of 8192.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+ # This has been around since 386BSD, at least. Likely further.
+ if test -x /sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+ elif test -x /usr/sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+ else
+ lt_cv_sys_max_cmd_len=65536 # usable default for *BSD
+ fi
+ # And add a safety zone
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ ;;
+ osf*)
+ # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+ # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+ # nice to cause kernel panics so lets avoid the loop below.
+ # First set a reasonable default.
+ lt_cv_sys_max_cmd_len=16384
+ #
+ if test -x /sbin/sysconfig; then
+ case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+ *1*) lt_cv_sys_max_cmd_len=-1 ;;
+ esac
+ fi
+ ;;
+ *)
+ # If test is not a shell built-in, we'll probably end up computing a
+ # maximum length that is only half of the actual maximum length, but
+ # we can't tell.
+ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+ while (test "X"`$SHELL $0 --fallback-echo "X$teststring" 2>/dev/null` \
+ = "XX$teststring") >/dev/null 2>&1 &&
+ new_result=`expr "X$teststring" : ".*" 2>&1` &&
+ lt_cv_sys_max_cmd_len=$new_result &&
+ test $i != 17 # 1/2 MB should be enough
+ do
+ i=`expr $i + 1`
+ teststring=$teststring$teststring
+ done
+ teststring=
+ # Add a significant safety factor because C++ compilers can tack on massive
+ # amounts of additional arguments before passing them to the linker.
+ # It appears as though 1/2 is a usable value.
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+ ;;
+ esac
+
+fi
+
+if test -n $lt_cv_sys_max_cmd_len ; then
+ echo "$as_me:$LINENO: result: $lt_cv_sys_max_cmd_len" >&5
+echo "${ECHO_T}$lt_cv_sys_max_cmd_len" >&6
+else
+ echo "$as_me:$LINENO: result: none" >&5
+echo "${ECHO_T}none" >&6
+fi
+
+
+
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+echo "$as_me:$LINENO: checking command to parse $NM output from $compiler object" >&5
+echo $ECHO_N "checking command to parse $NM output from $compiler object... $ECHO_C" >&6
+if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix. What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[BCDEGRST]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
+
+# Transform an extracted symbol line into a proper C declaration
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+ symcode='[BCDT]'
+ ;;
+cygwin* | mingw* | pw32*)
+ symcode='[ABCDGISTW]'
+ ;;
+hpux*) # Its linker distinguishes data from code symbols
+ if test "$host_cpu" = ia64; then
+ symcode='[ABCDEGRST]'
+ fi
+ lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+ lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+ ;;
+linux*)
+ if test "$host_cpu" = ia64; then
+ symcode='[ABCDGIRSTW]'
+ lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+ lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+ fi
+ ;;
+irix* | nonstopux*)
+ symcode='[BCDEGRST]'
+ ;;
+osf*)
+ symcode='[BCDEGQRST]'
+ ;;
+solaris* | sysv5*)
+ symcode='[BDRT]'
+ ;;
+sysv4)
+ symcode='[DFNSTU]'
+ ;;
+esac
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+ opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+ ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+ symcode='[ABCDGIRSTW]' ;;
+esac
+
+# Try without a prefix undercore, then with it.
+for ac_symprfx in "" "_"; do
+
+ # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+ symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+ # Write the raw and C identifiers.
+ lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+
+ # Check to see that the pipe works correctly.
+ pipe_works=no
+
+ rm -f conftest*
+ cat > conftest.$ac_ext <<EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+EOF
+
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ # Now try to grab the symbols.
+ nlist=conftest.nm
+ if { (eval echo "$as_me:$LINENO: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\"") >&5
+ (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s "$nlist"; then
+ # Try sorting and uniquifying the output.
+ if sort "$nlist" | uniq > "$nlist"T; then
+ mv -f "$nlist"T "$nlist"
+ else
+ rm -f "$nlist"T
+ fi
+
+ # Make sure that we snagged all the symbols we need.
+ if grep ' nm_test_var$' "$nlist" >/dev/null; then
+ if grep ' nm_test_func$' "$nlist" >/dev/null; then
+ cat <<EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+EOF
+ # Now generate the symbol file.
+ eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext'
+
+ cat <<EOF >> conftest.$ac_ext
+#if defined (__STDC__) && __STDC__
+# define lt_ptr_t void *
+#else
+# define lt_ptr_t char *
+# define const
+#endif
+
+/* The mapping between symbol names and symbols. */
+const struct {
+ const char *name;
+ lt_ptr_t address;
+}
+lt_preloaded_symbols[] =
+{
+EOF
+ $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext
+ cat <<\EOF >> conftest.$ac_ext
+ {0, (lt_ptr_t) 0}
+};
+
+#ifdef __cplusplus
+}
+#endif
+EOF
+ # Now try linking the two files.
+ mv conftest.$ac_objext conftstm.$ac_objext
+ lt_save_LIBS="$LIBS"
+ lt_save_CFLAGS="$CFLAGS"
+ LIBS="conftstm.$ac_objext"
+ CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s conftest${ac_exeext}; then
+ pipe_works=yes
+ fi
+ LIBS="$lt_save_LIBS"
+ CFLAGS="$lt_save_CFLAGS"
+ else
+ echo "cannot find nm_test_func in $nlist" >&5
+ fi
+ else
+ echo "cannot find nm_test_var in $nlist" >&5
+ fi
+ else
+ echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
+ fi
+ else
+ echo "$progname: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ fi
+ rm -f conftest* conftst*
+
+ # Do not use the global_symbol_pipe unless it works.
+ if test "$pipe_works" = yes; then
+ break
+ else
+ lt_cv_sys_global_symbol_pipe=
+ fi
+done
+
+fi
+
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+ lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+ echo "$as_me:$LINENO: result: failed" >&5
+echo "${ECHO_T}failed" >&6
+else
+ echo "$as_me:$LINENO: result: ok" >&5
+echo "${ECHO_T}ok" >&6
+fi
+
+echo "$as_me:$LINENO: checking for objdir" >&5
+echo $ECHO_N "checking for objdir... $ECHO_C" >&6
+if test "${lt_cv_objdir+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+ lt_cv_objdir=.libs
+else
+ # MS-DOS does not allow filenames that begin with a dot.
+ lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null
+fi
+echo "$as_me:$LINENO: result: $lt_cv_objdir" >&5
+echo "${ECHO_T}$lt_cv_objdir" >&6
+objdir=$lt_cv_objdir
+
+
+
+
+
+case $host_os in
+aix3*)
+ # AIX sometimes has problems with the GCC collect2 program. For some
+ # reason, if we set the COLLECT_NAMES environment variable, the problems
+ # vanish in a puff of smoke.
+ if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+ fi
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='sed -e 1s/^X//'
+sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Constants:
+rm="rm -f"
+
+# Global variables:
+default_ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except M$VC,
+# which needs '.lib').
+libext=a
+ltmain="$ac_aux_dir/ltmain.sh"
+ofile="$default_ofile"
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_AR+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$AR"; then
+ ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_AR="${ac_tool_prefix}ar"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+ echo "$as_me:$LINENO: result: $AR" >&5
+echo "${ECHO_T}$AR" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_AR"; then
+ ac_ct_AR=$AR
+ # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_AR+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_AR"; then
+ ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_AR="ar"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+ test -z "$ac_cv_prog_ac_ct_AR" && ac_cv_prog_ac_ct_AR="false"
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+ echo "$as_me:$LINENO: result: $ac_ct_AR" >&5
+echo "${ECHO_T}$ac_ct_AR" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ AR=$ac_ct_AR
+else
+ AR="$ac_cv_prog_AR"
+fi
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_RANLIB+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+ echo "$as_me:$LINENO: result: $RANLIB" >&5
+echo "${ECHO_T}$RANLIB" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+ ac_ct_RANLIB=$RANLIB
+ # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_RANLIB"; then
+ ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_RANLIB="ranlib"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+ test -z "$ac_cv_prog_ac_ct_RANLIB" && ac_cv_prog_ac_ct_RANLIB=":"
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+ echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5
+echo "${ECHO_T}$ac_ct_RANLIB" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ RANLIB=$ac_ct_RANLIB
+else
+ RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_STRIP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ echo "$as_me:$LINENO: result: $STRIP" >&5
+echo "${ECHO_T}$STRIP" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+ test -z "$ac_cv_prog_ac_ct_STRIP" && ac_cv_prog_ac_ct_STRIP=":"
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+echo "${ECHO_T}$ac_ct_STRIP" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ STRIP=$ac_ct_STRIP
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+test -z "$AS" && AS=as
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+test -z "$LD" && LD=ld
+test -z "$LN_S" && LN_S="ln -s"
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+test -z "$NM" && NM=nm
+test -z "$SED" && SED=sed
+test -z "$OBJDUMP" && OBJDUMP=objdump
+test -z "$RANLIB" && RANLIB=:
+test -z "$STRIP" && STRIP=:
+test -z "$ac_objext" && ac_objext=o
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+ case $host_os in
+ openbsd*)
+ old_postinstall_cmds="\$RANLIB -t \$oldlib~$old_postinstall_cmds"
+ ;;
+ *)
+ old_postinstall_cmds="\$RANLIB \$oldlib~$old_postinstall_cmds"
+ ;;
+ esac
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# Only perform the check for file, if the check method requires it
+case $deplibs_check_method in
+file_magic*)
+ if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+ echo "$as_me:$LINENO: checking for ${ac_tool_prefix}file" >&5
+echo $ECHO_N "checking for ${ac_tool_prefix}file... $ECHO_C" >&6
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/${ac_tool_prefix}file; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex="`expr \"$deplibs_check_method\" : \"file_magic \(.*\)\"`"
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool at gnu.org
+
+EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
+echo "${ECHO_T}$MAGIC_CMD" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+ if test -n "$ac_tool_prefix"; then
+ echo "$as_me:$LINENO: checking for file" >&5
+echo $ECHO_N "checking for file... $ECHO_C" >&6
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/file; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex="`expr \"$deplibs_check_method\" : \"file_magic \(.*\)\"`"
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool at gnu.org
+
+EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
+echo "${ECHO_T}$MAGIC_CMD" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ else
+ MAGIC_CMD=:
+ fi
+fi
+
+ fi
+ ;;
+esac
+
+enable_dlopen=no
+enable_win32_dll=no
+
+# Check whether --enable-libtool-lock or --disable-libtool-lock was given.
+if test "${enable_libtool_lock+set}" = set; then
+ enableval="$enable_libtool_lock"
+
+fi;
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+
+# Check whether --with-pic or --without-pic was given.
+if test "${with_pic+set}" = set; then
+ withval="$with_pic"
+ pic_mode="$withval"
+else
+ pic_mode=default
+fi;
+test -z "$pic_mode" && pic_mode=default
+
+# Use C for the default configuration in the libtool script
+tagname=
+lt_save_CC="$CC"
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+objext=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}\n'
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+#
+# Check for any special shared library compilation flags.
+#
+lt_prog_cc_shlib=
+if test "$GCC" = no; then
+ case $host_os in
+ sco3.2v5*)
+ lt_prog_cc_shlib='-belf'
+ ;;
+ esac
+fi
+if test -n "$lt_prog_cc_shlib"; then
+ { echo "$as_me:$LINENO: WARNING: \`$CC' requires \`$lt_prog_cc_shlib' to build shared libraries" >&5
+echo "$as_me: WARNING: \`$CC' requires \`$lt_prog_cc_shlib' to build shared libraries" >&2;}
+ if echo "$old_CC $old_CFLAGS " | grep "[ ]$lt_prog_cc_shlib[ ]" >/dev/null; then :
+ else
+ { echo "$as_me:$LINENO: WARNING: add \`$lt_prog_cc_shlib' to the CC or CFLAGS env variable and reconfigure" >&5
+echo "$as_me: WARNING: add \`$lt_prog_cc_shlib' to the CC or CFLAGS env variable and reconfigure" >&2;}
+ lt_cv_prog_cc_can_build_shared=no
+ fi
+fi
+
+
+#
+# Check to make sure the static flag actually works.
+#
+echo "$as_me:$LINENO: checking if $compiler static flag $lt_prog_compiler_static works" >&5
+echo $ECHO_N "checking if $compiler static flag $lt_prog_compiler_static works... $ECHO_C" >&6
+if test "${lt_prog_compiler_static_works+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_prog_compiler_static_works=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $lt_prog_compiler_static"
+ printf "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&5
+ $echo "X$_lt_linker_boilerplate" | $Xsed > conftest.exp
+ $SED '/^$/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ lt_prog_compiler_static_works=yes
+ fi
+ else
+ lt_prog_compiler_static_works=yes
+ fi
+ fi
+ $rm conftest*
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works" >&5
+echo "${ECHO_T}$lt_prog_compiler_static_works" >&6
+
+if test x"$lt_prog_compiler_static_works" = xyes; then
+ :
+else
+ lt_prog_compiler_static=
+fi
+
+
+
+
+lt_prog_compiler_no_builtin_flag=
+
+if test "$GCC" = yes; then
+ lt_prog_compiler_no_builtin_flag=' -fno-builtin'
+
+
+echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6
+if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_prog_compiler_rtti_exceptions=no
+ ac_outfile=conftest.$ac_objext
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="-fno-rtti -fno-exceptions"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:6407: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:6411: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed >conftest.exp
+ $SED '/^$/d' conftest.err >conftest.er2
+ if test ! -s conftest.err || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_rtti_exceptions=yes
+ fi
+ fi
+ $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6
+
+if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
+ lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
+else
+ :
+fi
+
+fi
+
+lt_prog_compiler_wl=
+lt_prog_compiler_pic=
+lt_prog_compiler_static=
+
+echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
+echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6
+
+ if test "$GCC" = yes; then
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_static='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
+ ;;
+
+ beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic='-fno-common'
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ lt_prog_compiler_can_build_shared=no
+ enable_shared=no
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic=-Kconform_pic
+ fi
+ ;;
+
+ hpux*)
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+ ;;
+
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ lt_prog_compiler_wl='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ else
+ lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ lt_prog_compiler_pic='-qnocommon'
+ lt_prog_compiler_wl='-Wl,'
+ ;;
+ esac
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ lt_prog_compiler_static='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC (with -KPIC) is the default.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ newsos6)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ linux*)
+ case $cc_basename in
+ icc* | ecc*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ pgcc* | pgf77* | pgf90*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fpic'
+ lt_prog_compiler_static='-static'
+ ;;
+ ccc*)
+ lt_prog_compiler_wl='-Wl,'
+ # All Alpha code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+ esac
+ ;;
+
+ osf3* | osf4* | osf5*)
+ lt_prog_compiler_wl='-Wl,'
+ # All OSF/1 code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ sco3.2v5*)
+ lt_prog_compiler_pic='-Kpic'
+ lt_prog_compiler_static='-dn'
+ ;;
+
+ solaris*)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ lt_prog_compiler_wl='-Qoption ld ';;
+ *)
+ lt_prog_compiler_wl='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ lt_prog_compiler_wl='-Qoption ld '
+ lt_prog_compiler_pic='-PIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ lt_prog_compiler_pic='-Kconform_pic'
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ ;;
+
+ unicos*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_can_build_shared=no
+ ;;
+
+ uts4*)
+ lt_prog_compiler_pic='-pic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ *)
+ lt_prog_compiler_can_build_shared=no
+ ;;
+ esac
+ fi
+
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic" >&6
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic"; then
+
+echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic works... $ECHO_C" >&6
+if test "${lt_prog_compiler_pic_works+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_prog_compiler_pic_works=no
+ ac_outfile=conftest.$ac_objext
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic -DPIC"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:6669: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:6673: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed >conftest.exp
+ $SED '/^$/d' conftest.err >conftest.er2
+ if test ! -s conftest.err || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_prog_compiler_pic_works=yes
+ fi
+ fi
+ $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_works" >&6
+
+if test x"$lt_prog_compiler_pic_works" = xyes; then
+ case $lt_prog_compiler_pic in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
+ esac
+else
+ lt_prog_compiler_pic=
+ lt_prog_compiler_can_build_shared=no
+fi
+
+fi
+case "$host_os" in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic=
+ ;;
+ *)
+ lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
+ ;;
+esac
+
+echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
+echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_prog_compiler_c_o=no
+ $rm -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:6731: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:6735: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $echo "X$_lt_compiler_boilerplate" | $Xsed > out/conftest.exp
+ $SED '/^$/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.err || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o=yes
+ fi
+ fi
+ chmod u+w .
+ $rm conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+ $rm out/* && rmdir out
+ cd ..
+ rmdir conftest
+ $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_c_o" >&6
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
+echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6
+ hard_links=yes
+ $rm conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ echo "$as_me:$LINENO: result: $hard_links" >&5
+echo "${ECHO_T}$hard_links" >&6
+ if test "$hard_links" = no; then
+ { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6
+
+ runpath_var=
+ allow_undefined_flag=
+ enable_shared_with_static_runtimes=no
+ archive_cmds=
+ archive_expsym_cmds=
+ old_archive_From_new_cmds=
+ old_archive_from_expsyms_cmds=
+ export_dynamic_flag_spec=
+ whole_archive_flag_spec=
+ thread_safe_flag_spec=
+ hardcode_libdir_flag_spec=
+ hardcode_libdir_flag_spec_ld=
+ hardcode_libdir_separator=
+ hardcode_direct=no
+ hardcode_minus_L=no
+ hardcode_shlibpath_var=unsupported
+ link_all_deplibs=unknown
+ hardcode_automatic=no
+ module_cmds=
+ module_expsym_cmds=
+ always_export_symbols=no
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ include_expsyms=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ exclude_expsyms="_GLOBAL_OFFSET_TABLE_"
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ extract_expsyms_cmds=
+ # Just being paranoid about ensuring that cc_basename is set.
+ for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+ case $host_os in
+ cygwin* | mingw* | pw32*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ esac
+
+ ld_shlibs=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec='${wl}--rpath ${wl}$libdir'
+ export_dynamic_flag_spec='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>/dev/null` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix3* | aix4* | aix5*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ ld_shlibs=no
+ cat <<EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+EOF
+ fi
+ ;;
+
+ amigaos*)
+ archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+
+ # Samuel A. Falvo II <kc5tja at dolphin.openprojects.net> reports
+ # that the semantics of dynamic libraries on AmigaOS, at least up
+ # to version 4, is to share data among multiple programs linked
+ # with the same dynamic library. Since this doesn't match the
+ # behavior of shared libraries on other platforms, we can't use
+ # them.
+ ld_shlibs=no
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ allow_undefined_flag=unsupported
+ # Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec='-L$libdir'
+ allow_undefined_flag=unsupported
+ always_export_symbols=no
+ enable_shared_with_static_runtimes=yes
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ linux*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ tmp_addflag=
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ whole_archive_flag_spec='${wl}--whole-archive,`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* ) # Portland Group f77 and f90 compilers
+ whole_archive_flag_spec='${wl}--whole-archive,`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ esac
+ archive_cmds='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test $supports_anon_versioning = yes; then
+ archive_expsym_cmds='$echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ $echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris* | sysv5*)
+ if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+ ld_shlibs=no
+ cat <<EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+EOF
+ elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ sunos4*)
+ archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+
+ if test "$ld_shlibs" = no; then
+ runpath_var=
+ hardcode_libdir_flag_spec=
+ export_dynamic_flag_spec=
+ whole_archive_flag_spec=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ allow_undefined_flag=unsupported
+ always_export_symbols=yes
+ archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ hardcode_minus_L=yes
+ if test "$GCC" = yes && test -z "$link_static_flag"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ hardcode_direct=unsupported
+ fi
+ ;;
+
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+ export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds=''
+ hardcode_direct=yes
+ hardcode_libdir_separator=':'
+ link_all_deplibs=yes
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ hardcode_direct=yes
+ else
+ # We have old collect2
+ hardcode_direct=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L=yes
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_libdir_separator=
+ fi
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ always_export_symbols=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag='-berok'
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ archive_expsym_cmds="\$CC"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag="-z nodefs"
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag=' ${wl}-bernotok'
+ allow_undefined_flag=' ${wl}-berok'
+ # -bexpall does not export symbols beginning with underscore (_)
+ always_export_symbols=yes
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec=' '
+ archive_cmds_need_lc=yes
+ # This is similar to how AIX traditionally builds it's shared libraries.
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}-bE:$export_symbols ${wl}-bnoentry${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ # see comment about different semantics on the GNU ld section
+ ld_shlibs=no
+ ;;
+
+ bsdi[45]*)
+ export_dynamic_flag_spec=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec=' '
+ allow_undefined_flag=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ archive_cmds='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ old_archive_From_new_cmds='true'
+ # FIXME: Should let the user specify the lib program.
+ old_archive_cmds='lib /OUT:$oldlib$oldobjs$old_deplibs'
+ fix_srcfile_path='`cygpath -w "$srcfile"`'
+ enable_shared_with_static_runtimes=yes
+ ;;
+
+ darwin* | rhapsody*)
+ case "$host_os" in
+ rhapsody* | darwin1.[012])
+ allow_undefined_flag='${wl}-undefined ${wl}suppress'
+ ;;
+ *) # Darwin 1.3 on
+ if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+ allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ else
+ case ${MACOSX_DEPLOYMENT_TARGET} in
+ 10.[012])
+ allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ ;;
+ 10.*)
+ allow_undefined_flag='${wl}-undefined ${wl}dynamic_lookup'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ archive_cmds_need_lc=no
+ hardcode_direct=no
+ hardcode_automatic=yes
+ hardcode_shlibpath_var=unsupported
+ whole_archive_flag_spec=''
+ link_all_deplibs=yes
+ if test "$GCC" = yes ; then
+ output_verbose_link_cmd='echo'
+ archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
+ archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ case $cc_basename in
+ xlc*)
+ output_verbose_link_cmd='echo'
+ archive_cmds='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+ module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
+ archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ ;;
+ *)
+ ld_shlibs=no
+ ;;
+ esac
+ fi
+ ;;
+
+ dgux*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ freebsd1*)
+ ld_shlibs=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ archive_cmds='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ archive_cmds='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ export_dynamic_flag_spec='${wl}-E'
+ ;;
+
+ hpux10* | hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ archive_cmds='$LD -b +h $soname -o $lib $libobjs $deplibs $linker_flags'
+ ;;
+ *)
+ archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ case "$host_cpu" in
+ hppa*64*)
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_flag_spec_ld='+b $libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+ ;;
+ ia64*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ *)
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+ export_dynamic_flag_spec='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec_ld='-rpath $libdir'
+ fi
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ link_all_deplibs=yes
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ newsos6)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_shlibpath_var=no
+ ;;
+
+ openbsd*)
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec='${wl}-E'
+ else
+ case $host_os in
+ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-R$libdir'
+ ;;
+ *)
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ ;;
+
+ os2*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ allow_undefined_flag=unsupported
+ archive_cmds='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ old_archive_From_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
+ $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ hardcode_libdir_flag_spec='-rpath $libdir'
+ fi
+ hardcode_libdir_separator=:
+ ;;
+
+ sco3.2v5*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ export_dynamic_flag_spec='${wl}-Bexport'
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ;;
+
+ solaris*)
+ no_undefined_flag=' -z text'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ archive_cmds='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
+ else
+ wlarc=''
+ archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_shlibpath_var=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The compiler driver will combine linker options so we
+ # cannot just pass the convience library names through
+ # without $wl, iff we do not link with $LD.
+ # Luckily, gcc supports the same syntax we need for Sun Studio.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ case $wlarc in
+ '')
+ whole_archive_flag_spec='-z allextract$convenience -z defaultextract' ;;
+ *)
+ whole_archive_flag_spec='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
+ esac ;;
+ esac
+ link_all_deplibs=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ reload_cmds='$CC -r -o $output$reload_objs'
+ hardcode_direct=no
+ ;;
+ motorola)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4.3*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ export_dynamic_flag_spec='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ld_shlibs=yes
+ fi
+ ;;
+
+ sysv4.2uw2*)
+ archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_minus_L=no
+ hardcode_shlibpath_var=no
+ hardcode_runpath_var=yes
+ runpath_var=LD_RUN_PATH
+ ;;
+
+ sysv5OpenUNIX8* | sysv5UnixWare7* | sysv5uw[78]* | unixware7*)
+ no_undefined_flag='${wl}-z ${wl}text'
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$CC -G ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv5*)
+ no_undefined_flag=' -z text'
+ # $CC -shared without GNU ld will not create a library from C++
+ # object files and a static libstdc++, better avoid it by now
+ archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ hardcode_libdir_flag_spec=
+ hardcode_shlibpath_var=no
+ runpath_var='LD_RUN_PATH'
+ ;;
+
+ uts4*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ ld_shlibs=no
+ ;;
+ esac
+ fi
+
+echo "$as_me:$LINENO: result: $ld_shlibs" >&5
+echo "${ECHO_T}$ld_shlibs" >&6
+test "$ld_shlibs" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $archive_cmds in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
+echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6
+ $rm conftest*
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag
+ allow_undefined_flag=
+ if { (eval echo "$as_me:$LINENO: \"$archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
+ (eval $archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+ then
+ archive_cmds_need_lc=no
+ else
+ archive_cmds_need_lc=yes
+ fi
+ allow_undefined_flag=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $rm conftest*
+ echo "$as_me:$LINENO: result: $archive_cmds_need_lc" >&5
+echo "${ECHO_T}$archive_cmds_need_lc" >&6
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
+echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix4* | aix5*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $rm \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='$(test .$module = .yes && echo .so || echo .dylib)'
+ # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+ if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+ else
+ sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+ fi
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+kfreebsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ *) # from 3.2 on
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case "$host_cpu" in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+knetbsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+nto-qnx*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+openbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[89] | openbsd2.[89].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+sco3.2v5*)
+ version_type=osf
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+echo "$as_me:$LINENO: result: $dynamic_linker" >&5
+echo "${ECHO_T}$dynamic_linker" >&6
+test "$dynamic_linker" = no && can_build_shared=no
+
+echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
+echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6
+hardcode_action=
+if test -n "$hardcode_libdir_flag_spec" || \
+ test -n "$runpath_var" || \
+ test "X$hardcode_automatic" = "Xyes" ; then
+
+ # We can hardcode non-existant directories.
+ if test "$hardcode_direct" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, )" != no &&
+ test "$hardcode_minus_L" != no; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action=unsupported
+fi
+echo "$as_me:$LINENO: result: $hardcode_action" >&5
+echo "${ECHO_T}$hardcode_action" >&6
+
+if test "$hardcode_action" = relink; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+striplib=
+old_striplib=
+echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5
+echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6
+if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+ else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+ ;;
+ *)
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+ ;;
+ esac
+fi
+
+if test "x$enable_dlopen" != xyes; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32*)
+ lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen="dlopen"
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
+echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+int
+main ()
+{
+dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dl_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dl_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
+if test $ac_cv_lib_dl_dlopen = yes; then
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+
+ lt_cv_dlopen="dyld"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+
+fi
+
+ ;;
+
+ *)
+ echo "$as_me:$LINENO: checking for shl_load" >&5
+echo $ECHO_N "checking for shl_load... $ECHO_C" >&6
+if test "${ac_cv_func_shl_load+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define shl_load to an innocuous variant, in case <limits.h> declares shl_load.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define shl_load innocuous_shl_load
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char shl_load (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef shl_load
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char shl_load ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_shl_load) || defined (__stub___shl_load)
+choke me
+#else
+char (*f) () = shl_load;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != shl_load;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_shl_load=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_shl_load=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_shl_load" >&5
+echo "${ECHO_T}$ac_cv_func_shl_load" >&6
+if test $ac_cv_func_shl_load = yes; then
+ lt_cv_dlopen="shl_load"
+else
+ echo "$as_me:$LINENO: checking for shl_load in -ldld" >&5
+echo $ECHO_N "checking for shl_load in -ldld... $ECHO_C" >&6
+if test "${ac_cv_lib_dld_shl_load+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char shl_load ();
+int
+main ()
+{
+shl_load ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dld_shl_load=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dld_shl_load=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dld_shl_load" >&5
+echo "${ECHO_T}$ac_cv_lib_dld_shl_load" >&6
+if test $ac_cv_lib_dld_shl_load = yes; then
+ lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"
+else
+ echo "$as_me:$LINENO: checking for dlopen" >&5
+echo $ECHO_N "checking for dlopen... $ECHO_C" >&6
+if test "${ac_cv_func_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define dlopen to an innocuous variant, in case <limits.h> declares dlopen.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define dlopen innocuous_dlopen
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char dlopen (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef dlopen
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_dlopen) || defined (__stub___dlopen)
+choke me
+#else
+char (*f) () = dlopen;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != dlopen;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_dlopen" >&5
+echo "${ECHO_T}$ac_cv_func_dlopen" >&6
+if test $ac_cv_func_dlopen = yes; then
+ lt_cv_dlopen="dlopen"
+else
+ echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
+echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+int
+main ()
+{
+dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dl_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dl_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
+if test $ac_cv_lib_dl_dlopen = yes; then
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+ echo "$as_me:$LINENO: checking for dlopen in -lsvld" >&5
+echo $ECHO_N "checking for dlopen in -lsvld... $ECHO_C" >&6
+if test "${ac_cv_lib_svld_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvld $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+int
+main ()
+{
+dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_svld_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_svld_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_svld_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_svld_dlopen" >&6
+if test $ac_cv_lib_svld_dlopen = yes; then
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
+else
+ echo "$as_me:$LINENO: checking for dld_link in -ldld" >&5
+echo $ECHO_N "checking for dld_link in -ldld... $ECHO_C" >&6
+if test "${ac_cv_lib_dld_dld_link+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dld_link ();
+int
+main ()
+{
+dld_link ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dld_dld_link=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dld_dld_link=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dld_dld_link" >&5
+echo "${ECHO_T}$ac_cv_lib_dld_dld_link" >&6
+if test $ac_cv_lib_dld_dld_link = yes; then
+ lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+ ;;
+ esac
+
+ if test "x$lt_cv_dlopen" != xno; then
+ enable_dlopen=yes
+ else
+ enable_dlopen=no
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS="$CPPFLAGS"
+ test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS="$LDFLAGS"
+ eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS="$LIBS"
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ echo "$as_me:$LINENO: checking whether a program can dlopen itself" >&5
+echo $ECHO_N "checking whether a program can dlopen itself... $ECHO_C" >&6
+if test "${lt_cv_dlopen_self+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+#line 8971 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+
+ exit (status);
+}
+EOF
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_unknown|x*) lt_cv_dlopen_self=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_dlopen_self" >&5
+echo "${ECHO_T}$lt_cv_dlopen_self" >&6
+
+ if test "x$lt_cv_dlopen_self" = xyes; then
+ LDFLAGS="$LDFLAGS $link_static_flag"
+ echo "$as_me:$LINENO: checking whether a statically linked program can dlopen itself" >&5
+echo $ECHO_N "checking whether a statically linked program can dlopen itself... $ECHO_C" >&6
+if test "${lt_cv_dlopen_self_static+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self_static=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+#line 9069 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+
+ exit (status);
+}
+EOF
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_unknown|x*) lt_cv_dlopen_self_static=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self_static=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_dlopen_self_static" >&5
+echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+
+
+# Report which librarie types wil actually be built
+echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5
+echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6
+echo "$as_me:$LINENO: result: $can_build_shared" >&5
+echo "${ECHO_T}$can_build_shared" >&6
+
+echo "$as_me:$LINENO: checking whether to build shared libraries" >&5
+echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6
+test "$can_build_shared" = "no" && enable_shared=no
+
+# On AIX, shared libraries and static libraries use the same namespace, and
+# are all built from PIC.
+case "$host_os" in
+aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+
+aix4* | aix5*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+esac
+echo "$as_me:$LINENO: result: $enable_shared" >&5
+echo "${ECHO_T}$enable_shared" >&6
+
+echo "$as_me:$LINENO: checking whether to build static libraries" >&5
+echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6
+# Make sure either enable_shared or enable_static is yes.
+test "$enable_shared" = yes || enable_static=yes
+echo "$as_me:$LINENO: result: $enable_static" >&5
+echo "${ECHO_T}$enable_static" >&6
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+ # See if we are running on zsh, and set the options which allow our commands through
+ # without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+ # Now quote all the things that may contain metacharacters while being
+ # careful not to overquote the AC_SUBSTed values. We take copies of the
+ # variables and quote the copies for generation of the libtool script.
+ for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC NM \
+ SED SHELL STRIP \
+ libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+ old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+ deplibs_check_method reload_flag reload_cmds need_locks \
+ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+ lt_cv_sys_global_symbol_to_c_name_address \
+ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+ old_postinstall_cmds old_postuninstall_cmds \
+ compiler \
+ CC \
+ LD \
+ lt_prog_compiler_wl \
+ lt_prog_compiler_pic \
+ lt_prog_compiler_static \
+ lt_prog_compiler_no_builtin_flag \
+ export_dynamic_flag_spec \
+ thread_safe_flag_spec \
+ whole_archive_flag_spec \
+ enable_shared_with_static_runtimes \
+ old_archive_cmds \
+ old_archive_from_new_cmds \
+ predep_objects \
+ postdep_objects \
+ predeps \
+ postdeps \
+ compiler_lib_search_path \
+ archive_cmds \
+ archive_expsym_cmds \
+ postinstall_cmds \
+ postuninstall_cmds \
+ old_archive_from_expsyms_cmds \
+ allow_undefined_flag \
+ no_undefined_flag \
+ export_symbols_cmds \
+ hardcode_libdir_flag_spec \
+ hardcode_libdir_flag_spec_ld \
+ hardcode_libdir_separator \
+ hardcode_automatic \
+ module_cmds \
+ module_expsym_cmds \
+ lt_cv_prog_compiler_c_o \
+ exclude_expsyms \
+ include_expsyms; do
+
+ case $var in
+ old_archive_cmds | \
+ old_archive_from_new_cmds | \
+ archive_cmds | \
+ archive_expsym_cmds | \
+ module_cmds | \
+ module_expsym_cmds | \
+ old_archive_from_expsyms_cmds | \
+ export_symbols_cmds | \
+ extract_expsyms_cmds | reload_cmds | finish_cmds | \
+ postinstall_cmds | postuninstall_cmds | \
+ old_postinstall_cmds | old_postuninstall_cmds | \
+ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+ # Double-quote double-evaled strings.
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+ ;;
+ *)
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+ ;;
+ esac
+ done
+
+ case $lt_echo in
+ *'\$0 --fallback-echo"')
+ lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+ ;;
+ esac
+
+cfgfile="${ofile}T"
+ trap "$rm \"$cfgfile\"; exit 1" 1 2 15
+ $rm -f "$cfgfile"
+ { echo "$as_me:$LINENO: creating $ofile" >&5
+echo "$as_me: creating $ofile" >&6;}
+
+ cat <<__EOF__ >> "$cfgfile"
+#! $SHELL
+
+# `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
+# Free Software Foundation, Inc.
+#
+# This file is part of GNU Libtool:
+# Originally by Gordon Matzigkeit <gord at gnu.ai.mit.edu>, 1996
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="$SED -e 1s/^X//"
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+# The names of the tagged configurations supported by this script.
+available_tags=
+
+# ### BEGIN LIBTOOL CONFIG
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# A language-specific compiler.
+CC=$lt_compiler
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds
+archive_expsym_cmds=$lt_archive_expsym_cmds
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds
+module_expsym_cmds=$lt_module_expsym_cmds
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms
+
+# ### END LIBTOOL CONFIG
+
+__EOF__
+
+
+ case $host_os in
+ aix3*)
+ cat <<\EOF >> "$cfgfile"
+
+# AIX sometimes has problems with the GCC collect2 program. For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+fi
+EOF
+ ;;
+ esac
+
+ # We use sed instead of cat because bash on DJGPP gets confused if
+ # if finds mixed CR/LF and LF-only lines. Since sed operates in
+ # text mode, it properly converts lines to CR/LF. This bash problem
+ # is reportedly fixed, but why not run on old versions too?
+ sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1)
+
+ mv -f "$cfgfile" "$ofile" || \
+ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+ chmod +x "$ofile"
+
+else
+ # If there is no Makefile yet, we rely on a make rule to execute
+ # `config.status --recheck' to rerun these tests and create the
+ # libtool script then.
+ ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+ if test -f "$ltmain_in"; then
+ test -f Makefile && make "$ltmain"
+ fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+
+# Check whether --with-tags or --without-tags was given.
+if test "${with_tags+set}" = set; then
+ withval="$with_tags"
+ tagnames="$withval"
+fi;
+
+if test -f "$ltmain" && test -n "$tagnames"; then
+ if test ! -f "${ofile}"; then
+ { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not exist" >&5
+echo "$as_me: WARNING: output file \`$ofile' does not exist" >&2;}
+ fi
+
+ if test -z "$LTCC"; then
+ eval "`$SHELL ${ofile} --config | grep '^LTCC='`"
+ if test -z "$LTCC"; then
+ { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not look like a libtool script" >&5
+echo "$as_me: WARNING: output file \`$ofile' does not look like a libtool script" >&2;}
+ else
+ { echo "$as_me:$LINENO: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&5
+echo "$as_me: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&2;}
+ fi
+ fi
+
+ # Extract list of available tagged configurations in $ofile.
+ # Note that this assumes the entire list is on one line.
+ available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'`
+
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for tagname in $tagnames; do
+ IFS="$lt_save_ifs"
+ # Check whether tagname contains only valid characters
+ case `$echo "X$tagname" | $Xsed -e 's:[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]::g'` in
+ "") ;;
+ *) { { echo "$as_me:$LINENO: error: invalid tag name: $tagname" >&5
+echo "$as_me: error: invalid tag name: $tagname" >&2;}
+ { (exit 1); exit 1; }; }
+ ;;
+ esac
+
+ if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null
+ then
+ { { echo "$as_me:$LINENO: error: tag name \"$tagname\" already exists" >&5
+echo "$as_me: error: tag name \"$tagname\" already exists" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ # Update the list of available tags.
+ if test -n "$tagname"; then
+ echo appending configuration tag \"$tagname\" to $ofile
+
+ case $tagname in
+ CXX)
+ if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ ac_ext=cc
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+
+
+
+archive_cmds_need_lc_CXX=no
+allow_undefined_flag_CXX=
+always_export_symbols_CXX=no
+archive_expsym_cmds_CXX=
+export_dynamic_flag_spec_CXX=
+hardcode_direct_CXX=no
+hardcode_libdir_flag_spec_CXX=
+hardcode_libdir_flag_spec_ld_CXX=
+hardcode_libdir_separator_CXX=
+hardcode_minus_L_CXX=no
+hardcode_automatic_CXX=no
+module_cmds_CXX=
+module_expsym_cmds_CXX=
+link_all_deplibs_CXX=unknown
+old_archive_cmds_CXX=$old_archive_cmds
+no_undefined_flag_CXX=
+whole_archive_flag_spec_CXX=
+enable_shared_with_static_runtimes_CXX=no
+
+# Dependencies to place before and after the object being linked:
+predep_objects_CXX=
+postdep_objects_CXX=
+predeps_CXX=
+postdeps_CXX=
+compiler_lib_search_path_CXX=
+
+# Source file extension for C++ test sources.
+ac_ext=cc
+
+# Object file extension for compiled C++ test sources.
+objext=o
+objext_CXX=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(int, char *) { return(0); }\n'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+# Allow CC to be a program name with arguments.
+lt_save_CC=$CC
+lt_save_LD=$LD
+lt_save_GCC=$GCC
+GCC=$GXX
+lt_save_with_gnu_ld=$with_gnu_ld
+lt_save_path_LD=$lt_cv_path_LD
+if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+ lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+else
+ unset lt_cv_prog_gnu_ld
+fi
+if test -n "${lt_cv_path_LDCXX+set}"; then
+ lt_cv_path_LD=$lt_cv_path_LDCXX
+else
+ unset lt_cv_path_LD
+fi
+test -z "${LDCXX+set}" || LD=$LDCXX
+CC=${CXX-"c++"}
+compiler=$CC
+compiler_CXX=$CC
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# We don't want -fno-exception wen compiling C++ code, so set the
+# no_builtin_flag separately
+if test "$GXX" = yes; then
+ lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin'
+else
+ lt_prog_compiler_no_builtin_flag_CXX=
+fi
+
+if test "$GXX" = yes; then
+ # Set up default GNU C++ configuration
+
+
+# Check whether --with-gnu-ld or --without-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then
+ withval="$with_gnu_ld"
+ test "$withval" = no || with_gnu_ld=yes
+else
+ with_gnu_ld=no
+fi;
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ echo "$as_me:$LINENO: checking for ld used by $CC" >&5
+echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [\\/]* | ?:[\\/]*)
+ re_direlt='/[^/][^/]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'`
+ while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ echo "$as_me:$LINENO: checking for GNU ld" >&5
+echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6
+else
+ echo "$as_me:$LINENO: checking for non-GNU ld" >&5
+echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6
+fi
+if test "${lt_cv_path_LD+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some GNU ld's only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ echo "$as_me:$LINENO: result: $LD" >&5
+echo "${ECHO_T}$LD" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5
+echo "$as_me: error: no acceptable ld found in \$PATH" >&2;}
+ { (exit 1); exit 1; }; }
+echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5
+echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6
+if test "${lt_cv_prog_gnu_ld+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # I'd rather use --version here, but apparently some GNU ld's only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_gnu_ld" >&5
+echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+
+ # Check if GNU C++ uses GNU ld as the underlying linker, since the
+ # archiving commands below assume that GNU ld is being used.
+ if test "$with_gnu_ld" = yes; then
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+ # investigate it a little bit more. (MM)
+ wlarc='${wl}'
+
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if eval "`$CC -print-prog-name=ld` --help 2>&1" | \
+ grep 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec_CXX=
+ fi
+ else
+ with_gnu_ld=no
+ wlarc=
+
+ # A generic and very simple default shared library creation
+ # command for GNU C++ for the case where it uses the native
+ # linker, instead of GNU ld. If possible, this setting should
+ # overridden to take advantage of the native linker features on
+ # the platform it is being used on.
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ fi
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+else
+ GXX=no
+ with_gnu_ld=no
+ wlarc=
+fi
+
+# PORTME: fill in a description of your system's C++ link characteristics
+echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6
+ld_shlibs_CXX=yes
+case $host_os in
+ aix3*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ case $ld_flag in
+ *-brtl*)
+ aix_use_runtimelinking=yes
+ break
+ ;;
+ esac
+ done
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds_CXX=''
+ hardcode_direct_CXX=yes
+ hardcode_libdir_separator_CXX=':'
+ link_all_deplibs_CXX=yes
+
+ if test "$GXX" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ hardcode_direct_CXX=yes
+ else
+ # We have old collect2
+ hardcode_direct_CXX=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L_CXX=yes
+ hardcode_libdir_flag_spec_CXX='-L$libdir'
+ hardcode_libdir_separator_CXX=
+ fi
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ always_export_symbols_CXX=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag_CXX='-berok'
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
+
+ archive_expsym_cmds_CXX="\$CC"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec_CXX='${wl}-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag_CXX="-z nodefs"
+ archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag_CXX=' ${wl}-bernotok'
+ allow_undefined_flag_CXX=' ${wl}-berok'
+ # -bexpall does not export symbols beginning with underscore (_)
+ always_export_symbols_CXX=yes
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec_CXX=' '
+ archive_cmds_need_lc_CXX=yes
+ # This is similar to how AIX traditionally builds it's shared libraries.
+ archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}-bE:$export_symbols ${wl}-bnoentry${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+ chorus*)
+ case $cc_basename in
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+
+
+ cygwin* | mingw* | pw32*)
+ # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, CXX) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec_CXX='-L$libdir'
+ allow_undefined_flag_CXX=unsupported
+ always_export_symbols_CXX=no
+ enable_shared_with_static_runtimes_CXX=yes
+
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ else
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ darwin* | rhapsody*)
+ case "$host_os" in
+ rhapsody* | darwin1.[012])
+ allow_undefined_flag_CXX='${wl}-undefined ${wl}suppress'
+ ;;
+ *) # Darwin 1.3 on
+ if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+ allow_undefined_flag_CXX='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ else
+ case ${MACOSX_DEPLOYMENT_TARGET} in
+ 10.[012])
+ allow_undefined_flag_CXX='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ ;;
+ 10.*)
+ allow_undefined_flag_CXX='${wl}-undefined ${wl}dynamic_lookup'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ archive_cmds_need_lc_CXX=no
+ hardcode_direct_CXX=no
+ hardcode_automatic_CXX=yes
+ hardcode_shlibpath_var_CXX=unsupported
+ whole_archive_flag_spec_CXX=''
+ link_all_deplibs_CXX=yes
+
+ if test "$GXX" = yes ; then
+ lt_int_apple_cc_single_mod=no
+ output_verbose_link_cmd='echo'
+ if $CC -dumpspecs 2>&1 | $EGREP 'single_module' >/dev/null ; then
+ lt_int_apple_cc_single_mod=yes
+ fi
+ if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
+ archive_cmds_CXX='$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ else
+ archive_cmds_CXX='$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ fi
+ module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
+ if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
+ archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ fi
+ module_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ case $cc_basename in
+ xlc*)
+ output_verbose_link_cmd='echo'
+ archive_cmds_CXX='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+ module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
+ archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ ;;
+ *)
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ fi
+ ;;
+
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+ freebsd[12]*)
+ # C++ shared libraries reported to be fairly broken before switch to ELF
+ ld_shlibs_CXX=no
+ ;;
+ freebsd-elf*)
+ archive_cmds_need_lc_CXX=no
+ ;;
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+ # conventions
+ ld_shlibs_CXX=yes
+ ;;
+ gnu*)
+ ;;
+ hpux9*)
+ hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+ export_dynamic_flag_spec_CXX='${wl}-E'
+ hardcode_direct_CXX=yes
+ hardcode_minus_L_CXX=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ aCC*)
+ archive_cmds_CXX='$rm $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "[-]L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ archive_cmds_CXX='$rm $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ esac
+ ;;
+ hpux10*|hpux11*)
+ if test $with_gnu_ld = no; then
+ case "$host_cpu" in
+ hppa*64*)
+ hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
+ hardcode_libdir_flag_spec_ld_CXX='+b $libdir'
+ hardcode_libdir_separator_CXX=:
+ ;;
+ ia64*)
+ hardcode_libdir_flag_spec_CXX='-L$libdir'
+ ;;
+ *)
+ hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+ export_dynamic_flag_spec_CXX='${wl}-E'
+ ;;
+ esac
+ fi
+ case "$host_cpu" in
+ hppa*64*)
+ hardcode_direct_CXX=no
+ hardcode_shlibpath_var_CXX=no
+ ;;
+ ia64*)
+ hardcode_direct_CXX=no
+ hardcode_shlibpath_var_CXX=no
+ hardcode_minus_L_CXX=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+ ;;
+ *)
+ hardcode_direct_CXX=yes
+ hardcode_minus_L_CXX=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+ ;;
+ esac
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ aCC*)
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ archive_cmds_CXX='$LD -b +h $soname -o $lib $linker_flags $libobjs $deplibs'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test $with_gnu_ld = no; then
+ case "$host_cpu" in
+ ia64*|hppa*64*)
+ archive_cmds_CXX='$LD -b +h $soname -o $lib $linker_flags $libobjs $deplibs'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ fi
+ else
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ esac
+ ;;
+ irix5* | irix6*)
+ case $cc_basename in
+ CC*)
+ # SGI C++
+ archive_cmds_CXX='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+
+ # Archives containing C++ object files must be created using
+ # "CC -ar", where "CC" is the IRIX C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ old_archive_cmds_CXX='$CC -ar -WR,-u -o $oldlib $oldobjs'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test "$with_gnu_ld" = no; then
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` -o $lib'
+ fi
+ fi
+ link_all_deplibs_CXX=yes
+ ;;
+ esac
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+ ;;
+ linux*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+ archive_expsym_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | grep "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+
+ hardcode_libdir_flag_spec_CXX='${wl}--rpath,$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+
+ # Archives containing C++ object files must be created using
+ # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+ old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs'
+ ;;
+ icpc*)
+ # Intel C++
+ with_gnu_ld=yes
+ # version 8.0 and above of icpc choke on multiply defined symbols
+ # if we add $predep_objects and $postdep_objects, however 7.1 and
+ # earlier do not add the objects themselves.
+ case `$CC -V 2>&1` in
+ *"Version 7."*)
+ archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ *) # Version 8.0 or newer
+ tmp_idyn=
+ case $host_cpu in
+ ia64*) tmp_idyn=' -i_dynamic';;
+ esac
+ archive_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ esac
+ archive_cmds_need_lc_CXX=no
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+ whole_archive_flag_spec_CXX='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ ;;
+ pgCC*)
+ # Portland Group C++ compiler
+ archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+ whole_archive_flag_spec_CXX='${wl}--whole-archive,`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ ;;
+ cxx*)
+ # Compaq C++
+ archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
+
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec_CXX='-rpath $libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ esac
+ ;;
+ lynxos*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ m88k*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds_CXX='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+ wlarc=
+ hardcode_libdir_flag_spec_CXX='-R$libdir'
+ hardcode_direct_CXX=yes
+ hardcode_shlibpath_var_CXX=no
+ fi
+ # Workaround some broken pre-1.5 toolchains
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+ ;;
+ openbsd2*)
+ # C++ shared libraries are fairly broken
+ ld_shlibs_CXX=no
+ ;;
+ openbsd*)
+ hardcode_direct_CXX=yes
+ hardcode_shlibpath_var_CXX=no
+ archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
+ export_dynamic_flag_spec_CXX='${wl}-E'
+ whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ fi
+ output_verbose_link_cmd='echo'
+ ;;
+ osf3*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Archives containing C++ object files must be created using
+ # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+ old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs'
+
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ cxx*)
+ allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && echo ${wl}-set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+ else
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ esac
+ ;;
+ osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Archives containing C++ object files must be created using
+ # the KAI C++ compiler.
+ old_archive_cmds_CXX='$CC -o $oldlib $oldobjs'
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ cxx*)
+ allow_undefined_flag_CXX=' -expect_unresolved \*'
+ archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds_CXX='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+ echo "-hidden">> $lib.exp~
+ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname -Wl,-input -Wl,$lib.exp `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~
+ $rm $lib.exp'
+
+ hardcode_libdir_flag_spec_CXX='-rpath $libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+ else
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ esac
+ ;;
+ psos*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ sco*)
+ archive_cmds_need_lc_CXX=no
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ lcc*)
+ # Lucid
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ no_undefined_flag_CXX=' -zdefs'
+ archive_cmds_CXX='$CC -G${allow_undefined_flag} -nolib -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} -nolib ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+ hardcode_libdir_flag_spec_CXX='-R$libdir'
+ hardcode_shlibpath_var_CXX=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The C++ compiler is used as linker so we must use $wl
+ # flag to pass the commands to the underlying system
+ # linker. We must also pass each convience library through
+ # to the system linker between allextract/defaultextract.
+ # The C++ compiler will combine linker options so we
+ # cannot just pass the convience library names through
+ # without $wl.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ whole_archive_flag_spec_CXX='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract'
+ ;;
+ esac
+ link_all_deplibs_CXX=yes
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep "\-[LR]"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+
+ # Archives containing C++ object files must be created using
+ # "CC -xar", where "CC" is the Sun C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs'
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+
+ # The C++ compiler must be used to create the archive.
+ old_archive_cmds_CXX='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+ ;;
+ *)
+ # GNU C++ compiler with Solaris linker
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ no_undefined_flag_CXX=' ${wl}-z ${wl}defs'
+ if $CC --version | grep -v '^2\.7' > /dev/null; then
+ archive_cmds_CXX='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd="$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
+ else
+ # g++ 2.7 appears to require `-G' NOT `-shared' on this
+ # platform.
+ archive_cmds_CXX='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd="$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
+ fi
+
+ hardcode_libdir_flag_spec_CXX='${wl}-R $wl$libdir'
+ fi
+ ;;
+ esac
+ ;;
+ sysv5OpenUNIX8* | sysv5UnixWare7* | sysv5uw[78]* | unixware7*)
+ archive_cmds_need_lc_CXX=no
+ ;;
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+ vxworks*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+esac
+echo "$as_me:$LINENO: result: $ld_shlibs_CXX" >&5
+echo "${ECHO_T}$ld_shlibs_CXX" >&6
+test "$ld_shlibs_CXX" = no && can_build_shared=no
+
+GCC_CXX="$GXX"
+LD_CXX="$LD"
+
+
+cat > conftest.$ac_ext <<EOF
+class Foo
+{
+public:
+ Foo (void) { a = 0; }
+private:
+ int a;
+};
+EOF
+
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ # Parse the compiler output and extract the necessary
+ # objects, libraries and library flags.
+
+ # Sentinel used to keep track of whether or not we are before
+ # the conftest object file.
+ pre_test_object_deps_done=no
+
+ # The `*' in the case matches for architectures that use `case' in
+ # $output_verbose_cmd can trigger glob expansion during the loop
+ # eval without this substitution.
+ output_verbose_link_cmd="`$echo \"X$output_verbose_link_cmd\" | $Xsed -e \"$no_glob_subst\"`"
+
+ for p in `eval $output_verbose_link_cmd`; do
+ case $p in
+
+ -L* | -R* | -l*)
+ # Some compilers place space between "-{L,R}" and the path.
+ # Remove the space.
+ if test $p = "-L" \
+ || test $p = "-R"; then
+ prev=$p
+ continue
+ else
+ prev=
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ case $p in
+ -L* | -R*)
+ # Internal compiler library paths should come after those
+ # provided the user. The postdeps already come after the
+ # user supplied libs so there is no need to process them.
+ if test -z "$compiler_lib_search_path_CXX"; then
+ compiler_lib_search_path_CXX="${prev}${p}"
+ else
+ compiler_lib_search_path_CXX="${compiler_lib_search_path_CXX} ${prev}${p}"
+ fi
+ ;;
+ # The "-l" case would never come before the object being
+ # linked, so don't bother handling this case.
+ esac
+ else
+ if test -z "$postdeps_CXX"; then
+ postdeps_CXX="${prev}${p}"
+ else
+ postdeps_CXX="${postdeps_CXX} ${prev}${p}"
+ fi
+ fi
+ ;;
+
+ *.$objext)
+ # This assumes that the test object file only shows up
+ # once in the compiler output.
+ if test "$p" = "conftest.$objext"; then
+ pre_test_object_deps_done=yes
+ continue
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ if test -z "$predep_objects_CXX"; then
+ predep_objects_CXX="$p"
+ else
+ predep_objects_CXX="$predep_objects_CXX $p"
+ fi
+ else
+ if test -z "$postdep_objects_CXX"; then
+ postdep_objects_CXX="$p"
+ else
+ postdep_objects_CXX="$postdep_objects_CXX $p"
+ fi
+ fi
+ ;;
+
+ *) ;; # Ignore the rest.
+
+ esac
+ done
+
+ # Clean up.
+ rm -f a.out a.exe
+else
+ echo "libtool.m4: error: problem compiling CXX test program"
+fi
+
+$rm -f confest.$objext
+
+case " $postdeps_CXX " in
+*" -lc "*) archive_cmds_need_lc_CXX=no ;;
+esac
+
+lt_prog_compiler_wl_CXX=
+lt_prog_compiler_pic_CXX=
+lt_prog_compiler_static_CXX=
+
+echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
+echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6
+
+ # C++ specific cases for pic, static, wl, etc.
+ if test "$GXX" = yes; then
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_CXX='-Bstatic'
+ fi
+ ;;
+ amigaos*)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+ mingw* | os2* | pw32*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic_CXX='-DDLL_EXPORT'
+ ;;
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic_CXX='-fno-common'
+ ;;
+ *djgpp*)
+ # DJGPP does not support shared libraries at all
+ lt_prog_compiler_pic_CXX=
+ ;;
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic_CXX=-Kconform_pic
+ fi
+ ;;
+ hpux*)
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX='-fPIC'
+ ;;
+ esac
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX='-fPIC'
+ ;;
+ esac
+ else
+ case $host_os in
+ aix4* | aix5*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_CXX='-Bstatic'
+ else
+ lt_prog_compiler_static_CXX='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ chorus*)
+ case $cc_basename in
+ cxch68*)
+ # Green Hills C++ Compiler
+ # _LT_AC_TAGVAR(lt_prog_compiler_static, CXX)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+ ;;
+ esac
+ ;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ lt_prog_compiler_pic_CXX='-qnocommon'
+ lt_prog_compiler_wl_CXX='-Wl,'
+ ;;
+ esac
+ ;;
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ lt_prog_compiler_pic_CXX='-KPIC'
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ lt_prog_compiler_pic_CXX='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ # FreeBSD uses GNU C++
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ case $cc_basename in
+ CC*)
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX="${ac_cv_prog_cc_wl}-a ${ac_cv_prog_cc_wl}archive"
+ if test "$host_cpu" != ia64; then
+ lt_prog_compiler_pic_CXX='+Z'
+ fi
+ ;;
+ aCC*)
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX="${ac_cv_prog_cc_wl}-a ${ac_cv_prog_cc_wl}archive"
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX='+Z'
+ ;;
+ esac
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ irix5* | irix6* | nonstopux*)
+ case $cc_basename in
+ CC*)
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX='-non_shared'
+ # CC pic flag -KPIC is the default.
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ linux*)
+ case $cc_basename in
+ KCC*)
+ # KAI C++ Compiler
+ lt_prog_compiler_wl_CXX='--backend -Wl,'
+ lt_prog_compiler_pic_CXX='-fPIC'
+ ;;
+ icpc* | ecpc*)
+ # Intel C++
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_pic_CXX='-KPIC'
+ lt_prog_compiler_static_CXX='-static'
+ ;;
+ pgCC*)
+ # Portland Group C++ compiler.
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_pic_CXX='-fpic'
+ lt_prog_compiler_static_CXX='-static'
+ ;;
+ cxx*)
+ # Compaq C++
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ lt_prog_compiler_pic_CXX=
+ lt_prog_compiler_static_CXX='-non_shared'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ lynxos*)
+ ;;
+ m88k*)
+ ;;
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ lt_prog_compiler_pic_CXX='-W c,exportall'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ netbsd*)
+ ;;
+ osf3* | osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ lt_prog_compiler_wl_CXX='--backend -Wl,'
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ lt_prog_compiler_pic_CXX='-pic'
+ ;;
+ cxx*)
+ # Digital/Compaq C++
+ lt_prog_compiler_wl_CXX='-Wl,'
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ lt_prog_compiler_pic_CXX=
+ lt_prog_compiler_static_CXX='-non_shared'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ psos*)
+ ;;
+ sco*)
+ case $cc_basename in
+ CC*)
+ lt_prog_compiler_pic_CXX='-fPIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ lt_prog_compiler_pic_CXX='-KPIC'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ lt_prog_compiler_wl_CXX='-Qoption ld '
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ lt_prog_compiler_pic_CXX='-PIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ lt_prog_compiler_pic_CXX='-pic'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ ;;
+ lcc*)
+ # Lucid
+ lt_prog_compiler_pic_CXX='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ lt_prog_compiler_pic_CXX='-KPIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ unixware*)
+ ;;
+ vxworks*)
+ ;;
+ *)
+ lt_prog_compiler_can_build_shared_CXX=no
+ ;;
+ esac
+ fi
+
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_CXX" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_CXX" >&6
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic_CXX"; then
+
+echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works" >&5
+echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works... $ECHO_C" >&6
+if test "${lt_prog_compiler_pic_works_CXX+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_prog_compiler_pic_works_CXX=no
+ ac_outfile=conftest.$ac_objext
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic_CXX -DPIC"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:11317: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:11321: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed >conftest.exp
+ $SED '/^$/d' conftest.err >conftest.er2
+ if test ! -s conftest.err || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_prog_compiler_pic_works_CXX=yes
+ fi
+ fi
+ $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_CXX" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_works_CXX" >&6
+
+if test x"$lt_prog_compiler_pic_works_CXX" = xyes; then
+ case $lt_prog_compiler_pic_CXX in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic_CXX=" $lt_prog_compiler_pic_CXX" ;;
+ esac
+else
+ lt_prog_compiler_pic_CXX=
+ lt_prog_compiler_can_build_shared_CXX=no
+fi
+
+fi
+case "$host_os" in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic_CXX=
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX="$lt_prog_compiler_pic_CXX -DPIC"
+ ;;
+esac
+
+echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
+echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6
+if test "${lt_cv_prog_compiler_c_o_CXX+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_prog_compiler_c_o_CXX=no
+ $rm -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:11379: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:11383: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $echo "X$_lt_compiler_boilerplate" | $Xsed > out/conftest.exp
+ $SED '/^$/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.err || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o_CXX=yes
+ fi
+ fi
+ chmod u+w .
+ $rm conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+ $rm out/* && rmdir out
+ cd ..
+ rmdir conftest
+ $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_CXX" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_c_o_CXX" >&6
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o_CXX" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
+echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6
+ hard_links=yes
+ $rm conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ echo "$as_me:$LINENO: result: $hard_links" >&5
+echo "${ECHO_T}$hard_links" >&6
+ if test "$hard_links" = no; then
+ { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6
+
+ export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ case $host_os in
+ aix4* | aix5*)
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+ export_symbols_cmds_CXX='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds_CXX='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ fi
+ ;;
+ pw32*)
+ export_symbols_cmds_CXX="$ltdll_cmds"
+ ;;
+ cygwin* | mingw*)
+ export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([^ ]*\) [^ ]*/\1 DATA/;/^I /d;/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ *)
+ export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ esac
+
+echo "$as_me:$LINENO: result: $ld_shlibs_CXX" >&5
+echo "${ECHO_T}$ld_shlibs_CXX" >&6
+test "$ld_shlibs_CXX" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc_CXX" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc_CXX=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $archive_cmds_CXX in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
+echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6
+ $rm conftest*
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl_CXX
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag_CXX
+ allow_undefined_flag_CXX=
+ if { (eval echo "$as_me:$LINENO: \"$archive_cmds_CXX 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
+ (eval $archive_cmds_CXX 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+ then
+ archive_cmds_need_lc_CXX=no
+ else
+ archive_cmds_need_lc_CXX=yes
+ fi
+ allow_undefined_flag_CXX=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $rm conftest*
+ echo "$as_me:$LINENO: result: $archive_cmds_need_lc_CXX" >&5
+echo "${ECHO_T}$archive_cmds_need_lc_CXX" >&6
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
+echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix4* | aix5*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $rm \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='$(test .$module = .yes && echo .so || echo .dylib)'
+ # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+ if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+ else
+ sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+ fi
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+kfreebsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ *) # from 3.2 on
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case "$host_cpu" in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+knetbsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+nto-qnx*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+openbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[89] | openbsd2.[89].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+sco3.2v5*)
+ version_type=osf
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+echo "$as_me:$LINENO: result: $dynamic_linker" >&5
+echo "${ECHO_T}$dynamic_linker" >&6
+test "$dynamic_linker" = no && can_build_shared=no
+
+echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
+echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6
+hardcode_action_CXX=
+if test -n "$hardcode_libdir_flag_spec_CXX" || \
+ test -n "$runpath_var_CXX" || \
+ test "X$hardcode_automatic_CXX" = "Xyes" ; then
+
+ # We can hardcode non-existant directories.
+ if test "$hardcode_direct_CXX" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, CXX)" != no &&
+ test "$hardcode_minus_L_CXX" != no; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action_CXX=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action_CXX=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action_CXX=unsupported
+fi
+echo "$as_me:$LINENO: result: $hardcode_action_CXX" >&5
+echo "${ECHO_T}$hardcode_action_CXX" >&6
+
+if test "$hardcode_action_CXX" = relink; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+striplib=
+old_striplib=
+echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5
+echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6
+if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+ else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+ ;;
+ *)
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+ ;;
+ esac
+fi
+
+if test "x$enable_dlopen" != xyes; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32*)
+ lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen="dlopen"
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
+echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+int
+main ()
+{
+dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dl_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dl_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
+if test $ac_cv_lib_dl_dlopen = yes; then
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+
+ lt_cv_dlopen="dyld"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+
+fi
+
+ ;;
+
+ *)
+ echo "$as_me:$LINENO: checking for shl_load" >&5
+echo $ECHO_N "checking for shl_load... $ECHO_C" >&6
+if test "${ac_cv_func_shl_load+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define shl_load to an innocuous variant, in case <limits.h> declares shl_load.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define shl_load innocuous_shl_load
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char shl_load (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef shl_load
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char shl_load ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_shl_load) || defined (__stub___shl_load)
+choke me
+#else
+char (*f) () = shl_load;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != shl_load;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_shl_load=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_shl_load=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_shl_load" >&5
+echo "${ECHO_T}$ac_cv_func_shl_load" >&6
+if test $ac_cv_func_shl_load = yes; then
+ lt_cv_dlopen="shl_load"
+else
+ echo "$as_me:$LINENO: checking for shl_load in -ldld" >&5
+echo $ECHO_N "checking for shl_load in -ldld... $ECHO_C" >&6
+if test "${ac_cv_lib_dld_shl_load+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char shl_load ();
+int
+main ()
+{
+shl_load ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dld_shl_load=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dld_shl_load=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dld_shl_load" >&5
+echo "${ECHO_T}$ac_cv_lib_dld_shl_load" >&6
+if test $ac_cv_lib_dld_shl_load = yes; then
+ lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"
+else
+ echo "$as_me:$LINENO: checking for dlopen" >&5
+echo $ECHO_N "checking for dlopen... $ECHO_C" >&6
+if test "${ac_cv_func_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define dlopen to an innocuous variant, in case <limits.h> declares dlopen.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define dlopen innocuous_dlopen
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char dlopen (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef dlopen
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_dlopen) || defined (__stub___dlopen)
+choke me
+#else
+char (*f) () = dlopen;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != dlopen;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_dlopen" >&5
+echo "${ECHO_T}$ac_cv_func_dlopen" >&6
+if test $ac_cv_func_dlopen = yes; then
+ lt_cv_dlopen="dlopen"
+else
+ echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
+echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+int
+main ()
+{
+dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dl_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dl_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
+if test $ac_cv_lib_dl_dlopen = yes; then
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+ echo "$as_me:$LINENO: checking for dlopen in -lsvld" >&5
+echo $ECHO_N "checking for dlopen in -lsvld... $ECHO_C" >&6
+if test "${ac_cv_lib_svld_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvld $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+int
+main ()
+{
+dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_svld_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_svld_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_svld_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_svld_dlopen" >&6
+if test $ac_cv_lib_svld_dlopen = yes; then
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
+else
+ echo "$as_me:$LINENO: checking for dld_link in -ldld" >&5
+echo $ECHO_N "checking for dld_link in -ldld... $ECHO_C" >&6
+if test "${ac_cv_lib_dld_dld_link+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dld_link ();
+int
+main ()
+{
+dld_link ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dld_dld_link=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dld_dld_link=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dld_dld_link" >&5
+echo "${ECHO_T}$ac_cv_lib_dld_dld_link" >&6
+if test $ac_cv_lib_dld_dld_link = yes; then
+ lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+ ;;
+ esac
+
+ if test "x$lt_cv_dlopen" != xno; then
+ enable_dlopen=yes
+ else
+ enable_dlopen=no
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS="$CPPFLAGS"
+ test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS="$LDFLAGS"
+ eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS="$LIBS"
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ echo "$as_me:$LINENO: checking whether a program can dlopen itself" >&5
+echo $ECHO_N "checking whether a program can dlopen itself... $ECHO_C" >&6
+if test "${lt_cv_dlopen_self+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+#line 12748 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+
+ exit (status);
+}
+EOF
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_unknown|x*) lt_cv_dlopen_self=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_dlopen_self" >&5
+echo "${ECHO_T}$lt_cv_dlopen_self" >&6
+
+ if test "x$lt_cv_dlopen_self" = xyes; then
+ LDFLAGS="$LDFLAGS $link_static_flag"
+ echo "$as_me:$LINENO: checking whether a statically linked program can dlopen itself" >&5
+echo $ECHO_N "checking whether a statically linked program can dlopen itself... $ECHO_C" >&6
+if test "${lt_cv_dlopen_self_static+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self_static=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+#line 12846 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+
+ exit (status);
+}
+EOF
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_unknown|x*) lt_cv_dlopen_self_static=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self_static=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_dlopen_self_static" >&5
+echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+ # See if we are running on zsh, and set the options which allow our commands through
+ # without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+ # Now quote all the things that may contain metacharacters while being
+ # careful not to overquote the AC_SUBSTed values. We take copies of the
+ # variables and quote the copies for generation of the libtool script.
+ for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC NM \
+ SED SHELL STRIP \
+ libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+ old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+ deplibs_check_method reload_flag reload_cmds need_locks \
+ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+ lt_cv_sys_global_symbol_to_c_name_address \
+ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+ old_postinstall_cmds old_postuninstall_cmds \
+ compiler_CXX \
+ CC_CXX \
+ LD_CXX \
+ lt_prog_compiler_wl_CXX \
+ lt_prog_compiler_pic_CXX \
+ lt_prog_compiler_static_CXX \
+ lt_prog_compiler_no_builtin_flag_CXX \
+ export_dynamic_flag_spec_CXX \
+ thread_safe_flag_spec_CXX \
+ whole_archive_flag_spec_CXX \
+ enable_shared_with_static_runtimes_CXX \
+ old_archive_cmds_CXX \
+ old_archive_from_new_cmds_CXX \
+ predep_objects_CXX \
+ postdep_objects_CXX \
+ predeps_CXX \
+ postdeps_CXX \
+ compiler_lib_search_path_CXX \
+ archive_cmds_CXX \
+ archive_expsym_cmds_CXX \
+ postinstall_cmds_CXX \
+ postuninstall_cmds_CXX \
+ old_archive_from_expsyms_cmds_CXX \
+ allow_undefined_flag_CXX \
+ no_undefined_flag_CXX \
+ export_symbols_cmds_CXX \
+ hardcode_libdir_flag_spec_CXX \
+ hardcode_libdir_flag_spec_ld_CXX \
+ hardcode_libdir_separator_CXX \
+ hardcode_automatic_CXX \
+ module_cmds_CXX \
+ module_expsym_cmds_CXX \
+ lt_cv_prog_compiler_c_o_CXX \
+ exclude_expsyms_CXX \
+ include_expsyms_CXX; do
+
+ case $var in
+ old_archive_cmds_CXX | \
+ old_archive_from_new_cmds_CXX | \
+ archive_cmds_CXX | \
+ archive_expsym_cmds_CXX | \
+ module_cmds_CXX | \
+ module_expsym_cmds_CXX | \
+ old_archive_from_expsyms_cmds_CXX | \
+ export_symbols_cmds_CXX | \
+ extract_expsyms_cmds | reload_cmds | finish_cmds | \
+ postinstall_cmds | postuninstall_cmds | \
+ old_postinstall_cmds | old_postuninstall_cmds | \
+ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+ # Double-quote double-evaled strings.
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+ ;;
+ *)
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+ ;;
+ esac
+ done
+
+ case $lt_echo in
+ *'\$0 --fallback-echo"')
+ lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+ ;;
+ esac
+
+cfgfile="$ofile"
+
+ cat <<__EOF__ >> "$cfgfile"
+# ### BEGIN LIBTOOL TAG CONFIG: $tagname
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_CXX
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# A language-specific compiler.
+CC=$lt_compiler_CXX
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC_CXX
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD_CXX
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_CXX
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_CXX
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_CXX
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec_CXX
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds_CXX
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds_CXX
+archive_expsym_cmds=$lt_archive_expsym_cmds_CXX
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds_CXX
+module_expsym_cmds=$lt_module_expsym_cmds_CXX
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects_CXX
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects_CXX
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps_CXX
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps_CXX
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_CXX
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_CXX
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_CXX
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_CXX
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_CXX
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct_CXX
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L_CXX
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic_CXX
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_CXX
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path_CXX"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols_CXX
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_CXX
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_CXX
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_CXX
+
+# ### END LIBTOOL TAG CONFIG: $tagname
+
+__EOF__
+
+
+else
+ # If there is no Makefile yet, we rely on a make rule to execute
+ # `config.status --recheck' to rerun these tests and create the
+ # libtool script then.
+ ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+ if test -f "$ltmain_in"; then
+ test -f Makefile && make "$ltmain"
+ fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC=$lt_save_CC
+LDCXX=$LD
+LD=$lt_save_LD
+GCC=$lt_save_GCC
+with_gnu_ldcxx=$with_gnu_ld
+with_gnu_ld=$lt_save_with_gnu_ld
+lt_cv_path_LDCXX=$lt_cv_path_LD
+lt_cv_path_LD=$lt_save_path_LD
+lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+
+ else
+ tagname=""
+ fi
+ ;;
+
+ F77)
+ if test -n "$F77" && test "X$F77" != "Xno"; then
+
+ac_ext=f
+ac_compile='$F77 -c $FFLAGS conftest.$ac_ext >&5'
+ac_link='$F77 -o conftest$ac_exeext $FFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_f77_compiler_gnu
+
+
+archive_cmds_need_lc_F77=no
+allow_undefined_flag_F77=
+always_export_symbols_F77=no
+archive_expsym_cmds_F77=
+export_dynamic_flag_spec_F77=
+hardcode_direct_F77=no
+hardcode_libdir_flag_spec_F77=
+hardcode_libdir_flag_spec_ld_F77=
+hardcode_libdir_separator_F77=
+hardcode_minus_L_F77=no
+hardcode_automatic_F77=no
+module_cmds_F77=
+module_expsym_cmds_F77=
+link_all_deplibs_F77=unknown
+old_archive_cmds_F77=$old_archive_cmds
+no_undefined_flag_F77=
+whole_archive_flag_spec_F77=
+enable_shared_with_static_runtimes_F77=no
+
+# Source file extension for f77 test sources.
+ac_ext=f
+
+# Object file extension for compiled f77 test sources.
+objext=o
+objext_F77=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code=" subroutine t\n return\n end\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code=" program t\n end\n"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${F77-"f77"}
+compiler=$CC
+compiler_F77=$CC
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5
+echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6
+echo "$as_me:$LINENO: result: $can_build_shared" >&5
+echo "${ECHO_T}$can_build_shared" >&6
+
+echo "$as_me:$LINENO: checking whether to build shared libraries" >&5
+echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6
+test "$can_build_shared" = "no" && enable_shared=no
+
+# On AIX, shared libraries and static libraries use the same namespace, and
+# are all built from PIC.
+case "$host_os" in
+aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+aix4* | aix5*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+esac
+echo "$as_me:$LINENO: result: $enable_shared" >&5
+echo "${ECHO_T}$enable_shared" >&6
+
+echo "$as_me:$LINENO: checking whether to build static libraries" >&5
+echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6
+# Make sure either enable_shared or enable_static is yes.
+test "$enable_shared" = yes || enable_static=yes
+echo "$as_me:$LINENO: result: $enable_static" >&5
+echo "${ECHO_T}$enable_static" >&6
+
+test "$ld_shlibs_F77" = no && can_build_shared=no
+
+GCC_F77="$G77"
+LD_F77="$LD"
+
+lt_prog_compiler_wl_F77=
+lt_prog_compiler_pic_F77=
+lt_prog_compiler_static_F77=
+
+echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
+echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6
+
+ if test "$GCC" = yes; then
+ lt_prog_compiler_wl_F77='-Wl,'
+ lt_prog_compiler_static_F77='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_F77='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4'
+ ;;
+
+ beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic_F77='-DDLL_EXPORT'
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic_F77='-fno-common'
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ lt_prog_compiler_can_build_shared_F77=no
+ enable_shared=no
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic_F77=-Kconform_pic
+ fi
+ ;;
+
+ hpux*)
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic_F77='-fPIC'
+ ;;
+ esac
+ ;;
+
+ *)
+ lt_prog_compiler_pic_F77='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_F77='-Bstatic'
+ else
+ lt_prog_compiler_static_F77='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ lt_prog_compiler_pic_F77='-qnocommon'
+ lt_prog_compiler_wl_F77='-Wl,'
+ ;;
+ esac
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic_F77='-DDLL_EXPORT'
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic_F77='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ lt_prog_compiler_static_F77='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ # PIC (with -KPIC) is the default.
+ lt_prog_compiler_static_F77='-non_shared'
+ ;;
+
+ newsos6)
+ lt_prog_compiler_pic_F77='-KPIC'
+ lt_prog_compiler_static_F77='-Bstatic'
+ ;;
+
+ linux*)
+ case $cc_basename in
+ icc* | ecc*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ lt_prog_compiler_pic_F77='-KPIC'
+ lt_prog_compiler_static_F77='-static'
+ ;;
+ pgcc* | pgf77* | pgf90*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ lt_prog_compiler_wl_F77='-Wl,'
+ lt_prog_compiler_pic_F77='-fpic'
+ lt_prog_compiler_static_F77='-static'
+ ;;
+ ccc*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ # All Alpha code is PIC.
+ lt_prog_compiler_static_F77='-non_shared'
+ ;;
+ esac
+ ;;
+
+ osf3* | osf4* | osf5*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ # All OSF/1 code is PIC.
+ lt_prog_compiler_static_F77='-non_shared'
+ ;;
+
+ sco3.2v5*)
+ lt_prog_compiler_pic_F77='-Kpic'
+ lt_prog_compiler_static_F77='-dn'
+ ;;
+
+ solaris*)
+ lt_prog_compiler_pic_F77='-KPIC'
+ lt_prog_compiler_static_F77='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ lt_prog_compiler_wl_F77='-Qoption ld ';;
+ *)
+ lt_prog_compiler_wl_F77='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ lt_prog_compiler_wl_F77='-Qoption ld '
+ lt_prog_compiler_pic_F77='-PIC'
+ lt_prog_compiler_static_F77='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ lt_prog_compiler_pic_F77='-KPIC'
+ lt_prog_compiler_static_F77='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ lt_prog_compiler_pic_F77='-Kconform_pic'
+ lt_prog_compiler_static_F77='-Bstatic'
+ fi
+ ;;
+
+ unicos*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ lt_prog_compiler_can_build_shared_F77=no
+ ;;
+
+ uts4*)
+ lt_prog_compiler_pic_F77='-pic'
+ lt_prog_compiler_static_F77='-Bstatic'
+ ;;
+
+ *)
+ lt_prog_compiler_can_build_shared_F77=no
+ ;;
+ esac
+ fi
+
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_F77" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_F77" >&6
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic_F77"; then
+
+echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_F77 works" >&5
+echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_F77 works... $ECHO_C" >&6
+if test "${lt_prog_compiler_pic_works_F77+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_prog_compiler_pic_works_F77=no
+ ac_outfile=conftest.$ac_objext
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic_F77"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:13731: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:13735: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed >conftest.exp
+ $SED '/^$/d' conftest.err >conftest.er2
+ if test ! -s conftest.err || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_prog_compiler_pic_works_F77=yes
+ fi
+ fi
+ $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_F77" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_works_F77" >&6
+
+if test x"$lt_prog_compiler_pic_works_F77" = xyes; then
+ case $lt_prog_compiler_pic_F77 in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic_F77=" $lt_prog_compiler_pic_F77" ;;
+ esac
+else
+ lt_prog_compiler_pic_F77=
+ lt_prog_compiler_can_build_shared_F77=no
+fi
+
+fi
+case "$host_os" in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic_F77=
+ ;;
+ *)
+ lt_prog_compiler_pic_F77="$lt_prog_compiler_pic_F77"
+ ;;
+esac
+
+echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
+echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6
+if test "${lt_cv_prog_compiler_c_o_F77+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_prog_compiler_c_o_F77=no
+ $rm -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:13793: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:13797: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $echo "X$_lt_compiler_boilerplate" | $Xsed > out/conftest.exp
+ $SED '/^$/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.err || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o_F77=yes
+ fi
+ fi
+ chmod u+w .
+ $rm conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+ $rm out/* && rmdir out
+ cd ..
+ rmdir conftest
+ $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_F77" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_c_o_F77" >&6
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o_F77" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
+echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6
+ hard_links=yes
+ $rm conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ echo "$as_me:$LINENO: result: $hard_links" >&5
+echo "${ECHO_T}$hard_links" >&6
+ if test "$hard_links" = no; then
+ { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6
+
+ runpath_var=
+ allow_undefined_flag_F77=
+ enable_shared_with_static_runtimes_F77=no
+ archive_cmds_F77=
+ archive_expsym_cmds_F77=
+ old_archive_From_new_cmds_F77=
+ old_archive_from_expsyms_cmds_F77=
+ export_dynamic_flag_spec_F77=
+ whole_archive_flag_spec_F77=
+ thread_safe_flag_spec_F77=
+ hardcode_libdir_flag_spec_F77=
+ hardcode_libdir_flag_spec_ld_F77=
+ hardcode_libdir_separator_F77=
+ hardcode_direct_F77=no
+ hardcode_minus_L_F77=no
+ hardcode_shlibpath_var_F77=unsupported
+ link_all_deplibs_F77=unknown
+ hardcode_automatic_F77=no
+ module_cmds_F77=
+ module_expsym_cmds_F77=
+ always_export_symbols_F77=no
+ export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ include_expsyms_F77=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ exclude_expsyms_F77="_GLOBAL_OFFSET_TABLE_"
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ extract_expsyms_cmds=
+ # Just being paranoid about ensuring that cc_basename is set.
+ for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+ case $host_os in
+ cygwin* | mingw* | pw32*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ esac
+
+ ld_shlibs_F77=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec_F77='${wl}--rpath ${wl}$libdir'
+ export_dynamic_flag_spec_F77='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec_F77="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec_F77=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>/dev/null` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix3* | aix4* | aix5*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ ld_shlibs_F77=no
+ cat <<EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+EOF
+ fi
+ ;;
+
+ amigaos*)
+ archive_cmds_F77='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ hardcode_minus_L_F77=yes
+
+ # Samuel A. Falvo II <kc5tja at dolphin.openprojects.net> reports
+ # that the semantics of dynamic libraries on AmigaOS, at least up
+ # to version 4, is to share data among multiple programs linked
+ # with the same dynamic library. Since this doesn't match the
+ # behavior of shared libraries on other platforms, we can't use
+ # them.
+ ld_shlibs_F77=no
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ allow_undefined_flag_F77=unsupported
+ # Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ archive_cmds_F77='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ ld_shlibs_F77=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, F77) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ allow_undefined_flag_F77=unsupported
+ always_export_symbols_F77=no
+ enable_shared_with_static_runtimes_F77=yes
+ export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ else
+ ld_shlibs_F77=no
+ fi
+ ;;
+
+ linux*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ tmp_addflag=
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ whole_archive_flag_spec_F77='${wl}--whole-archive,`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* ) # Portland Group f77 and f90 compilers
+ whole_archive_flag_spec_F77='${wl}--whole-archive,`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ esac
+ archive_cmds_F77='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test $supports_anon_versioning = yes; then
+ archive_expsym_cmds_F77='$echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ $echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+ else
+ ld_shlibs_F77=no
+ fi
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds_F77='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris* | sysv5*)
+ if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+ ld_shlibs_F77=no
+ cat <<EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+EOF
+ elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs_F77=no
+ fi
+ ;;
+
+ sunos4*)
+ archive_cmds_F77='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ hardcode_direct_F77=yes
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs_F77=no
+ fi
+ ;;
+ esac
+
+ if test "$ld_shlibs_F77" = no; then
+ runpath_var=
+ hardcode_libdir_flag_spec_F77=
+ export_dynamic_flag_spec_F77=
+ whole_archive_flag_spec_F77=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ allow_undefined_flag_F77=unsupported
+ always_export_symbols_F77=yes
+ archive_expsym_cmds_F77='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ hardcode_minus_L_F77=yes
+ if test "$GCC" = yes && test -z "$link_static_flag"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ hardcode_direct_F77=unsupported
+ fi
+ ;;
+
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+ export_symbols_cmds_F77='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds_F77='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds_F77=''
+ hardcode_direct_F77=yes
+ hardcode_libdir_separator_F77=':'
+ link_all_deplibs_F77=yes
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ hardcode_direct_F77=yes
+ else
+ # We have old collect2
+ hardcode_direct_F77=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L_F77=yes
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ hardcode_libdir_separator_F77=
+ fi
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ always_export_symbols_F77=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag_F77='-berok'
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+ program main
+
+ end
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_f77_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_F77='${wl}-blibpath:$libdir:'"$aix_libpath"
+ archive_expsym_cmds_F77="\$CC"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec_F77='${wl}-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag_F77="-z nodefs"
+ archive_expsym_cmds_F77="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+ program main
+
+ end
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_f77_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_F77='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag_F77=' ${wl}-bernotok'
+ allow_undefined_flag_F77=' ${wl}-berok'
+ # -bexpall does not export symbols beginning with underscore (_)
+ always_export_symbols_F77=yes
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec_F77=' '
+ archive_cmds_need_lc_F77=yes
+ # This is similar to how AIX traditionally builds it's shared libraries.
+ archive_expsym_cmds_F77="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}-bE:$export_symbols ${wl}-bnoentry${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ archive_cmds_F77='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ hardcode_minus_L_F77=yes
+ # see comment about different semantics on the GNU ld section
+ ld_shlibs_F77=no
+ ;;
+
+ bsdi[45]*)
+ export_dynamic_flag_spec_F77=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec_F77=' '
+ allow_undefined_flag_F77=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ archive_cmds_F77='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ old_archive_From_new_cmds_F77='true'
+ # FIXME: Should let the user specify the lib program.
+ old_archive_cmds_F77='lib /OUT:$oldlib$oldobjs$old_deplibs'
+ fix_srcfile_path_F77='`cygpath -w "$srcfile"`'
+ enable_shared_with_static_runtimes_F77=yes
+ ;;
+
+ darwin* | rhapsody*)
+ case "$host_os" in
+ rhapsody* | darwin1.[012])
+ allow_undefined_flag_F77='${wl}-undefined ${wl}suppress'
+ ;;
+ *) # Darwin 1.3 on
+ if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+ allow_undefined_flag_F77='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ else
+ case ${MACOSX_DEPLOYMENT_TARGET} in
+ 10.[012])
+ allow_undefined_flag_F77='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ ;;
+ 10.*)
+ allow_undefined_flag_F77='${wl}-undefined ${wl}dynamic_lookup'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ archive_cmds_need_lc_F77=no
+ hardcode_direct_F77=no
+ hardcode_automatic_F77=yes
+ hardcode_shlibpath_var_F77=unsupported
+ whole_archive_flag_spec_F77=''
+ link_all_deplibs_F77=yes
+ if test "$GCC" = yes ; then
+ output_verbose_link_cmd='echo'
+ archive_cmds_F77='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ module_cmds_F77='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
+ archive_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ case $cc_basename in
+ xlc*)
+ output_verbose_link_cmd='echo'
+ archive_cmds_F77='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+ module_cmds_F77='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
+ archive_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ ;;
+ *)
+ ld_shlibs_F77=no
+ ;;
+ esac
+ fi
+ ;;
+
+ dgux*)
+ archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ freebsd1*)
+ ld_shlibs_F77=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ hardcode_libdir_flag_spec_F77='-R$libdir'
+ hardcode_direct_F77=yes
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_F77=yes
+ hardcode_minus_L_F77=yes
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ archive_cmds_F77='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec_F77='-R$libdir'
+ hardcode_direct_F77=yes
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ archive_cmds_F77='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ archive_cmds_F77='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_F77=:
+ hardcode_direct_F77=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L_F77=yes
+ export_dynamic_flag_spec_F77='${wl}-E'
+ ;;
+
+ hpux10* | hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ archive_cmds_F77='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds_F77='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ archive_cmds_F77='$LD -b +h $soname -o $lib $libobjs $deplibs $linker_flags'
+ ;;
+ *)
+ archive_cmds_F77='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ case "$host_cpu" in
+ hppa*64*)
+ hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir'
+ hardcode_libdir_flag_spec_ld_F77='+b $libdir'
+ hardcode_libdir_separator_F77=:
+ hardcode_direct_F77=no
+ hardcode_shlibpath_var_F77=no
+ ;;
+ ia64*)
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ hardcode_direct_F77=no
+ hardcode_shlibpath_var_F77=no
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L_F77=yes
+ ;;
+ *)
+ hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_F77=:
+ hardcode_direct_F77=yes
+ export_dynamic_flag_spec_F77='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L_F77=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ archive_cmds_F77='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec_ld_F77='-rpath $libdir'
+ fi
+ hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_F77=:
+ link_all_deplibs_F77=yes
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ archive_cmds_F77='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ hardcode_libdir_flag_spec_F77='-R$libdir'
+ hardcode_direct_F77=yes
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ newsos6)
+ archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_F77=yes
+ hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_F77=:
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ openbsd*)
+ hardcode_direct_F77=yes
+ hardcode_shlibpath_var_F77=no
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec_F77='${wl}-E'
+ else
+ case $host_os in
+ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+ archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec_F77='-R$libdir'
+ ;;
+ *)
+ archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ ;;
+
+ os2*)
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ hardcode_minus_L_F77=yes
+ allow_undefined_flag_F77=unsupported
+ archive_cmds_F77='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ old_archive_From_new_cmds_F77='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ allow_undefined_flag_F77=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_F77='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ allow_undefined_flag_F77=' -expect_unresolved \*'
+ archive_cmds_F77='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_F77=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ allow_undefined_flag_F77=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_F77='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
+ else
+ allow_undefined_flag_F77=' -expect_unresolved \*'
+ archive_cmds_F77='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds_F77='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
+ $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ hardcode_libdir_flag_spec_F77='-rpath $libdir'
+ fi
+ hardcode_libdir_separator_F77=:
+ ;;
+
+ sco3.2v5*)
+ archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var_F77=no
+ export_dynamic_flag_spec_F77='${wl}-Bexport'
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ;;
+
+ solaris*)
+ no_undefined_flag_F77=' -z text'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ archive_cmds_F77='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_F77='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
+ else
+ wlarc=''
+ archive_cmds_F77='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds_F77='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ fi
+ hardcode_libdir_flag_spec_F77='-R$libdir'
+ hardcode_shlibpath_var_F77=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The compiler driver will combine linker options so we
+ # cannot just pass the convience library names through
+ # without $wl, iff we do not link with $LD.
+ # Luckily, gcc supports the same syntax we need for Sun Studio.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ case $wlarc in
+ '')
+ whole_archive_flag_spec_F77='-z allextract$convenience -z defaultextract' ;;
+ *)
+ whole_archive_flag_spec_F77='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
+ esac ;;
+ esac
+ link_all_deplibs_F77=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ archive_cmds_F77='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds_F77='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ hardcode_direct_F77=yes
+ hardcode_minus_L_F77=yes
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_F77=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ archive_cmds_F77='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ reload_cmds_F77='$CC -r -o $output$reload_objs'
+ hardcode_direct_F77=no
+ ;;
+ motorola)
+ archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_F77=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ sysv4.3*)
+ archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var_F77=no
+ export_dynamic_flag_spec_F77='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var_F77=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ld_shlibs_F77=yes
+ fi
+ ;;
+
+ sysv4.2uw2*)
+ archive_cmds_F77='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_F77=yes
+ hardcode_minus_L_F77=no
+ hardcode_shlibpath_var_F77=no
+ hardcode_runpath_var=yes
+ runpath_var=LD_RUN_PATH
+ ;;
+
+ sysv5OpenUNIX8* | sysv5UnixWare7* | sysv5uw[78]* | unixware7*)
+ no_undefined_flag_F77='${wl}-z ${wl}text'
+ if test "$GCC" = yes; then
+ archive_cmds_F77='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds_F77='$CC -G ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ sysv5*)
+ no_undefined_flag_F77=' -z text'
+ # $CC -shared without GNU ld will not create a library from C++
+ # object files and a static libstdc++, better avoid it by now
+ archive_cmds_F77='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds_F77='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ hardcode_libdir_flag_spec_F77=
+ hardcode_shlibpath_var_F77=no
+ runpath_var='LD_RUN_PATH'
+ ;;
+
+ uts4*)
+ archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ *)
+ ld_shlibs_F77=no
+ ;;
+ esac
+ fi
+
+echo "$as_me:$LINENO: result: $ld_shlibs_F77" >&5
+echo "${ECHO_T}$ld_shlibs_F77" >&6
+test "$ld_shlibs_F77" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc_F77" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc_F77=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $archive_cmds_F77 in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
+echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6
+ $rm conftest*
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl_F77
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag_F77
+ allow_undefined_flag_F77=
+ if { (eval echo "$as_me:$LINENO: \"$archive_cmds_F77 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
+ (eval $archive_cmds_F77 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+ then
+ archive_cmds_need_lc_F77=no
+ else
+ archive_cmds_need_lc_F77=yes
+ fi
+ allow_undefined_flag_F77=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $rm conftest*
+ echo "$as_me:$LINENO: result: $archive_cmds_need_lc_F77" >&5
+echo "${ECHO_T}$archive_cmds_need_lc_F77" >&6
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
+echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix4* | aix5*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $rm \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='$(test .$module = .yes && echo .so || echo .dylib)'
+ # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+ if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+ else
+ sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+ fi
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+kfreebsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ *) # from 3.2 on
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case "$host_cpu" in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+knetbsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+nto-qnx*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+openbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[89] | openbsd2.[89].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+sco3.2v5*)
+ version_type=osf
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+echo "$as_me:$LINENO: result: $dynamic_linker" >&5
+echo "${ECHO_T}$dynamic_linker" >&6
+test "$dynamic_linker" = no && can_build_shared=no
+
+echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
+echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6
+hardcode_action_F77=
+if test -n "$hardcode_libdir_flag_spec_F77" || \
+ test -n "$runpath_var_F77" || \
+ test "X$hardcode_automatic_F77" = "Xyes" ; then
+
+ # We can hardcode non-existant directories.
+ if test "$hardcode_direct_F77" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, F77)" != no &&
+ test "$hardcode_minus_L_F77" != no; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action_F77=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action_F77=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action_F77=unsupported
+fi
+echo "$as_me:$LINENO: result: $hardcode_action_F77" >&5
+echo "${ECHO_T}$hardcode_action_F77" >&6
+
+if test "$hardcode_action_F77" = relink; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+striplib=
+old_striplib=
+echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5
+echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6
+if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+ else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+ ;;
+ *)
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+ ;;
+ esac
+fi
+
+
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+ # See if we are running on zsh, and set the options which allow our commands through
+ # without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+ # Now quote all the things that may contain metacharacters while being
+ # careful not to overquote the AC_SUBSTed values. We take copies of the
+ # variables and quote the copies for generation of the libtool script.
+ for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC NM \
+ SED SHELL STRIP \
+ libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+ old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+ deplibs_check_method reload_flag reload_cmds need_locks \
+ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+ lt_cv_sys_global_symbol_to_c_name_address \
+ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+ old_postinstall_cmds old_postuninstall_cmds \
+ compiler_F77 \
+ CC_F77 \
+ LD_F77 \
+ lt_prog_compiler_wl_F77 \
+ lt_prog_compiler_pic_F77 \
+ lt_prog_compiler_static_F77 \
+ lt_prog_compiler_no_builtin_flag_F77 \
+ export_dynamic_flag_spec_F77 \
+ thread_safe_flag_spec_F77 \
+ whole_archive_flag_spec_F77 \
+ enable_shared_with_static_runtimes_F77 \
+ old_archive_cmds_F77 \
+ old_archive_from_new_cmds_F77 \
+ predep_objects_F77 \
+ postdep_objects_F77 \
+ predeps_F77 \
+ postdeps_F77 \
+ compiler_lib_search_path_F77 \
+ archive_cmds_F77 \
+ archive_expsym_cmds_F77 \
+ postinstall_cmds_F77 \
+ postuninstall_cmds_F77 \
+ old_archive_from_expsyms_cmds_F77 \
+ allow_undefined_flag_F77 \
+ no_undefined_flag_F77 \
+ export_symbols_cmds_F77 \
+ hardcode_libdir_flag_spec_F77 \
+ hardcode_libdir_flag_spec_ld_F77 \
+ hardcode_libdir_separator_F77 \
+ hardcode_automatic_F77 \
+ module_cmds_F77 \
+ module_expsym_cmds_F77 \
+ lt_cv_prog_compiler_c_o_F77 \
+ exclude_expsyms_F77 \
+ include_expsyms_F77; do
+
+ case $var in
+ old_archive_cmds_F77 | \
+ old_archive_from_new_cmds_F77 | \
+ archive_cmds_F77 | \
+ archive_expsym_cmds_F77 | \
+ module_cmds_F77 | \
+ module_expsym_cmds_F77 | \
+ old_archive_from_expsyms_cmds_F77 | \
+ export_symbols_cmds_F77 | \
+ extract_expsyms_cmds | reload_cmds | finish_cmds | \
+ postinstall_cmds | postuninstall_cmds | \
+ old_postinstall_cmds | old_postuninstall_cmds | \
+ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+ # Double-quote double-evaled strings.
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+ ;;
+ *)
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+ ;;
+ esac
+ done
+
+ case $lt_echo in
+ *'\$0 --fallback-echo"')
+ lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+ ;;
+ esac
+
+cfgfile="$ofile"
+
+ cat <<__EOF__ >> "$cfgfile"
+# ### BEGIN LIBTOOL TAG CONFIG: $tagname
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_F77
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_F77
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# A language-specific compiler.
+CC=$lt_compiler_F77
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC_F77
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD_F77
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_F77
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_F77
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_F77
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_F77
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_F77
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_F77
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_F77
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec_F77
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds_F77
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_F77
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_F77
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds_F77
+archive_expsym_cmds=$lt_archive_expsym_cmds_F77
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds_F77
+module_expsym_cmds=$lt_module_expsym_cmds_F77
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects_F77
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects_F77
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps_F77
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps_F77
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_F77
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_F77
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_F77
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_F77
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_F77
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_F77
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_F77
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct_F77
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L_F77
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_F77
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic_F77
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_F77
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path_F77"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols_F77
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_F77
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_F77
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_F77
+
+# ### END LIBTOOL TAG CONFIG: $tagname
+
+__EOF__
+
+
+else
+ # If there is no Makefile yet, we rely on a make rule to execute
+ # `config.status --recheck' to rerun these tests and create the
+ # libtool script then.
+ ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+ if test -f "$ltmain_in"; then
+ test -f Makefile && make "$ltmain"
+ fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+ else
+ tagname=""
+ fi
+ ;;
+
+ GCJ)
+ if test -n "$GCJ" && test "X$GCJ" != "Xno"; then
+
+
+
+# Source file extension for Java test sources.
+ac_ext=java
+
+# Object file extension for compiled Java test sources.
+objext=o
+objext_GCJ=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="class foo {}\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='public class conftest { public static void main(String[] argv) {}; }\n'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${GCJ-"gcj"}
+compiler=$CC
+compiler_GCJ=$CC
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# GCJ did not exist at the time GCC didn't implicitly link libc in.
+archive_cmds_need_lc_GCJ=no
+
+old_archive_cmds_GCJ=$old_archive_cmds
+
+
+lt_prog_compiler_no_builtin_flag_GCJ=
+
+if test "$GCC" = yes; then
+ lt_prog_compiler_no_builtin_flag_GCJ=' -fno-builtin'
+
+
+echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6
+if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_prog_compiler_rtti_exceptions=no
+ ac_outfile=conftest.$ac_objext
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="-fno-rtti -fno-exceptions"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:15915: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:15919: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed >conftest.exp
+ $SED '/^$/d' conftest.err >conftest.er2
+ if test ! -s conftest.err || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_rtti_exceptions=yes
+ fi
+ fi
+ $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6
+
+if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
+ lt_prog_compiler_no_builtin_flag_GCJ="$lt_prog_compiler_no_builtin_flag_GCJ -fno-rtti -fno-exceptions"
+else
+ :
+fi
+
+fi
+
+lt_prog_compiler_wl_GCJ=
+lt_prog_compiler_pic_GCJ=
+lt_prog_compiler_static_GCJ=
+
+echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
+echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6
+
+ if test "$GCC" = yes; then
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ lt_prog_compiler_static_GCJ='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4'
+ ;;
+
+ beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic_GCJ='-DDLL_EXPORT'
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic_GCJ='-fno-common'
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ lt_prog_compiler_can_build_shared_GCJ=no
+ enable_shared=no
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic_GCJ=-Kconform_pic
+ fi
+ ;;
+
+ hpux*)
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic_GCJ='-fPIC'
+ ;;
+ esac
+ ;;
+
+ *)
+ lt_prog_compiler_pic_GCJ='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ else
+ lt_prog_compiler_static_GCJ='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ lt_prog_compiler_pic_GCJ='-qnocommon'
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ ;;
+ esac
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic_GCJ='-DDLL_EXPORT'
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic_GCJ='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ lt_prog_compiler_static_GCJ='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ # PIC (with -KPIC) is the default.
+ lt_prog_compiler_static_GCJ='-non_shared'
+ ;;
+
+ newsos6)
+ lt_prog_compiler_pic_GCJ='-KPIC'
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ ;;
+
+ linux*)
+ case $cc_basename in
+ icc* | ecc*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ lt_prog_compiler_pic_GCJ='-KPIC'
+ lt_prog_compiler_static_GCJ='-static'
+ ;;
+ pgcc* | pgf77* | pgf90*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ lt_prog_compiler_pic_GCJ='-fpic'
+ lt_prog_compiler_static_GCJ='-static'
+ ;;
+ ccc*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ # All Alpha code is PIC.
+ lt_prog_compiler_static_GCJ='-non_shared'
+ ;;
+ esac
+ ;;
+
+ osf3* | osf4* | osf5*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ # All OSF/1 code is PIC.
+ lt_prog_compiler_static_GCJ='-non_shared'
+ ;;
+
+ sco3.2v5*)
+ lt_prog_compiler_pic_GCJ='-Kpic'
+ lt_prog_compiler_static_GCJ='-dn'
+ ;;
+
+ solaris*)
+ lt_prog_compiler_pic_GCJ='-KPIC'
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ lt_prog_compiler_wl_GCJ='-Qoption ld ';;
+ *)
+ lt_prog_compiler_wl_GCJ='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ lt_prog_compiler_wl_GCJ='-Qoption ld '
+ lt_prog_compiler_pic_GCJ='-PIC'
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ lt_prog_compiler_pic_GCJ='-KPIC'
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ lt_prog_compiler_pic_GCJ='-Kconform_pic'
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ fi
+ ;;
+
+ unicos*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ lt_prog_compiler_can_build_shared_GCJ=no
+ ;;
+
+ uts4*)
+ lt_prog_compiler_pic_GCJ='-pic'
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ ;;
+
+ *)
+ lt_prog_compiler_can_build_shared_GCJ=no
+ ;;
+ esac
+ fi
+
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_GCJ" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_GCJ" >&6
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic_GCJ"; then
+
+echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_GCJ works" >&5
+echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_GCJ works... $ECHO_C" >&6
+if test "${lt_prog_compiler_pic_works_GCJ+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_prog_compiler_pic_works_GCJ=no
+ ac_outfile=conftest.$ac_objext
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic_GCJ"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:16177: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:16181: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed >conftest.exp
+ $SED '/^$/d' conftest.err >conftest.er2
+ if test ! -s conftest.err || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_prog_compiler_pic_works_GCJ=yes
+ fi
+ fi
+ $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_GCJ" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_works_GCJ" >&6
+
+if test x"$lt_prog_compiler_pic_works_GCJ" = xyes; then
+ case $lt_prog_compiler_pic_GCJ in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic_GCJ=" $lt_prog_compiler_pic_GCJ" ;;
+ esac
+else
+ lt_prog_compiler_pic_GCJ=
+ lt_prog_compiler_can_build_shared_GCJ=no
+fi
+
+fi
+case "$host_os" in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic_GCJ=
+ ;;
+ *)
+ lt_prog_compiler_pic_GCJ="$lt_prog_compiler_pic_GCJ"
+ ;;
+esac
+
+echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
+echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6
+if test "${lt_cv_prog_compiler_c_o_GCJ+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_prog_compiler_c_o_GCJ=no
+ $rm -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:16239: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:16243: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $echo "X$_lt_compiler_boilerplate" | $Xsed > out/conftest.exp
+ $SED '/^$/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.err || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o_GCJ=yes
+ fi
+ fi
+ chmod u+w .
+ $rm conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+ $rm out/* && rmdir out
+ cd ..
+ rmdir conftest
+ $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_GCJ" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_c_o_GCJ" >&6
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o_GCJ" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
+echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6
+ hard_links=yes
+ $rm conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ echo "$as_me:$LINENO: result: $hard_links" >&5
+echo "${ECHO_T}$hard_links" >&6
+ if test "$hard_links" = no; then
+ { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6
+
+ runpath_var=
+ allow_undefined_flag_GCJ=
+ enable_shared_with_static_runtimes_GCJ=no
+ archive_cmds_GCJ=
+ archive_expsym_cmds_GCJ=
+ old_archive_From_new_cmds_GCJ=
+ old_archive_from_expsyms_cmds_GCJ=
+ export_dynamic_flag_spec_GCJ=
+ whole_archive_flag_spec_GCJ=
+ thread_safe_flag_spec_GCJ=
+ hardcode_libdir_flag_spec_GCJ=
+ hardcode_libdir_flag_spec_ld_GCJ=
+ hardcode_libdir_separator_GCJ=
+ hardcode_direct_GCJ=no
+ hardcode_minus_L_GCJ=no
+ hardcode_shlibpath_var_GCJ=unsupported
+ link_all_deplibs_GCJ=unknown
+ hardcode_automatic_GCJ=no
+ module_cmds_GCJ=
+ module_expsym_cmds_GCJ=
+ always_export_symbols_GCJ=no
+ export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ include_expsyms_GCJ=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ exclude_expsyms_GCJ="_GLOBAL_OFFSET_TABLE_"
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ extract_expsyms_cmds=
+ # Just being paranoid about ensuring that cc_basename is set.
+ for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+ case $host_os in
+ cygwin* | mingw* | pw32*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ esac
+
+ ld_shlibs_GCJ=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec_GCJ='${wl}--rpath ${wl}$libdir'
+ export_dynamic_flag_spec_GCJ='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec_GCJ="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec_GCJ=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>/dev/null` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix3* | aix4* | aix5*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ ld_shlibs_GCJ=no
+ cat <<EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+EOF
+ fi
+ ;;
+
+ amigaos*)
+ archive_cmds_GCJ='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ hardcode_minus_L_GCJ=yes
+
+ # Samuel A. Falvo II <kc5tja at dolphin.openprojects.net> reports
+ # that the semantics of dynamic libraries on AmigaOS, at least up
+ # to version 4, is to share data among multiple programs linked
+ # with the same dynamic library. Since this doesn't match the
+ # behavior of shared libraries on other platforms, we can't use
+ # them.
+ ld_shlibs_GCJ=no
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ allow_undefined_flag_GCJ=unsupported
+ # Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ archive_cmds_GCJ='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ ld_shlibs_GCJ=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, GCJ) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ allow_undefined_flag_GCJ=unsupported
+ always_export_symbols_GCJ=no
+ enable_shared_with_static_runtimes_GCJ=yes
+ export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
+ else
+ ld_shlibs_GCJ=no
+ fi
+ ;;
+
+ linux*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ tmp_addflag=
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ whole_archive_flag_spec_GCJ='${wl}--whole-archive,`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* ) # Portland Group f77 and f90 compilers
+ whole_archive_flag_spec_GCJ='${wl}--whole-archive,`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ esac
+ archive_cmds_GCJ='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test $supports_anon_versioning = yes; then
+ archive_expsym_cmds_GCJ='$echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ $echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+ else
+ ld_shlibs_GCJ=no
+ fi
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds_GCJ='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris* | sysv5*)
+ if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+ ld_shlibs_GCJ=no
+ cat <<EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+EOF
+ elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs_GCJ=no
+ fi
+ ;;
+
+ sunos4*)
+ archive_cmds_GCJ='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ hardcode_direct_GCJ=yes
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs_GCJ=no
+ fi
+ ;;
+ esac
+
+ if test "$ld_shlibs_GCJ" = no; then
+ runpath_var=
+ hardcode_libdir_flag_spec_GCJ=
+ export_dynamic_flag_spec_GCJ=
+ whole_archive_flag_spec_GCJ=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ allow_undefined_flag_GCJ=unsupported
+ always_export_symbols_GCJ=yes
+ archive_expsym_cmds_GCJ='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ hardcode_minus_L_GCJ=yes
+ if test "$GCC" = yes && test -z "$link_static_flag"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ hardcode_direct_GCJ=unsupported
+ fi
+ ;;
+
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+ export_symbols_cmds_GCJ='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds_GCJ='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds_GCJ=''
+ hardcode_direct_GCJ=yes
+ hardcode_libdir_separator_GCJ=':'
+ link_all_deplibs_GCJ=yes
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ hardcode_direct_GCJ=yes
+ else
+ # We have old collect2
+ hardcode_direct_GCJ=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L_GCJ=yes
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ hardcode_libdir_separator_GCJ=
+ fi
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ always_export_symbols_GCJ=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag_GCJ='-berok'
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_GCJ='${wl}-blibpath:$libdir:'"$aix_libpath"
+ archive_expsym_cmds_GCJ="\$CC"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec_GCJ='${wl}-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag_GCJ="-z nodefs"
+ archive_expsym_cmds_GCJ="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_GCJ='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag_GCJ=' ${wl}-bernotok'
+ allow_undefined_flag_GCJ=' ${wl}-berok'
+ # -bexpall does not export symbols beginning with underscore (_)
+ always_export_symbols_GCJ=yes
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec_GCJ=' '
+ archive_cmds_need_lc_GCJ=yes
+ # This is similar to how AIX traditionally builds it's shared libraries.
+ archive_expsym_cmds_GCJ="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}-bE:$export_symbols ${wl}-bnoentry${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ archive_cmds_GCJ='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ hardcode_minus_L_GCJ=yes
+ # see comment about different semantics on the GNU ld section
+ ld_shlibs_GCJ=no
+ ;;
+
+ bsdi[45]*)
+ export_dynamic_flag_spec_GCJ=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec_GCJ=' '
+ allow_undefined_flag_GCJ=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ archive_cmds_GCJ='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ old_archive_From_new_cmds_GCJ='true'
+ # FIXME: Should let the user specify the lib program.
+ old_archive_cmds_GCJ='lib /OUT:$oldlib$oldobjs$old_deplibs'
+ fix_srcfile_path_GCJ='`cygpath -w "$srcfile"`'
+ enable_shared_with_static_runtimes_GCJ=yes
+ ;;
+
+ darwin* | rhapsody*)
+ case "$host_os" in
+ rhapsody* | darwin1.[012])
+ allow_undefined_flag_GCJ='${wl}-undefined ${wl}suppress'
+ ;;
+ *) # Darwin 1.3 on
+ if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+ allow_undefined_flag_GCJ='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ else
+ case ${MACOSX_DEPLOYMENT_TARGET} in
+ 10.[012])
+ allow_undefined_flag_GCJ='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ ;;
+ 10.*)
+ allow_undefined_flag_GCJ='${wl}-undefined ${wl}dynamic_lookup'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ archive_cmds_need_lc_GCJ=no
+ hardcode_direct_GCJ=no
+ hardcode_automatic_GCJ=yes
+ hardcode_shlibpath_var_GCJ=unsupported
+ whole_archive_flag_spec_GCJ=''
+ link_all_deplibs_GCJ=yes
+ if test "$GCC" = yes ; then
+ output_verbose_link_cmd='echo'
+ archive_cmds_GCJ='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ module_cmds_GCJ='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
+ archive_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ case $cc_basename in
+ xlc*)
+ output_verbose_link_cmd='echo'
+ archive_cmds_GCJ='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+ module_cmds_GCJ='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
+ archive_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ ;;
+ *)
+ ld_shlibs_GCJ=no
+ ;;
+ esac
+ fi
+ ;;
+
+ dgux*)
+ archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ freebsd1*)
+ ld_shlibs_GCJ=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ hardcode_libdir_flag_spec_GCJ='-R$libdir'
+ hardcode_direct_GCJ=yes
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_GCJ=yes
+ hardcode_minus_L_GCJ=yes
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ archive_cmds_GCJ='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec_GCJ='-R$libdir'
+ hardcode_direct_GCJ=yes
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ archive_cmds_GCJ='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ archive_cmds_GCJ='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_GCJ=:
+ hardcode_direct_GCJ=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L_GCJ=yes
+ export_dynamic_flag_spec_GCJ='${wl}-E'
+ ;;
+
+ hpux10* | hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ archive_cmds_GCJ='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds_GCJ='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case "$host_cpu" in
+ hppa*64*|ia64*)
+ archive_cmds_GCJ='$LD -b +h $soname -o $lib $libobjs $deplibs $linker_flags'
+ ;;
+ *)
+ archive_cmds_GCJ='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ case "$host_cpu" in
+ hppa*64*)
+ hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir'
+ hardcode_libdir_flag_spec_ld_GCJ='+b $libdir'
+ hardcode_libdir_separator_GCJ=:
+ hardcode_direct_GCJ=no
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+ ia64*)
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ hardcode_direct_GCJ=no
+ hardcode_shlibpath_var_GCJ=no
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L_GCJ=yes
+ ;;
+ *)
+ hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_GCJ=:
+ hardcode_direct_GCJ=yes
+ export_dynamic_flag_spec_GCJ='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L_GCJ=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ archive_cmds_GCJ='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec_ld_GCJ='-rpath $libdir'
+ fi
+ hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_GCJ=:
+ link_all_deplibs_GCJ=yes
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ archive_cmds_GCJ='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ hardcode_libdir_flag_spec_GCJ='-R$libdir'
+ hardcode_direct_GCJ=yes
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ newsos6)
+ archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_GCJ=yes
+ hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_GCJ=:
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ openbsd*)
+ hardcode_direct_GCJ=yes
+ hardcode_shlibpath_var_GCJ=no
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec_GCJ='${wl}-E'
+ else
+ case $host_os in
+ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+ archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec_GCJ='-R$libdir'
+ ;;
+ *)
+ archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ ;;
+
+ os2*)
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ hardcode_minus_L_GCJ=yes
+ allow_undefined_flag_GCJ=unsupported
+ archive_cmds_GCJ='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ old_archive_From_new_cmds_GCJ='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ allow_undefined_flag_GCJ=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_GCJ='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ allow_undefined_flag_GCJ=' -expect_unresolved \*'
+ archive_cmds_GCJ='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_GCJ=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ allow_undefined_flag_GCJ=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_GCJ='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
+ else
+ allow_undefined_flag_GCJ=' -expect_unresolved \*'
+ archive_cmds_GCJ='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds_GCJ='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
+ $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ hardcode_libdir_flag_spec_GCJ='-rpath $libdir'
+ fi
+ hardcode_libdir_separator_GCJ=:
+ ;;
+
+ sco3.2v5*)
+ archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var_GCJ=no
+ export_dynamic_flag_spec_GCJ='${wl}-Bexport'
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ;;
+
+ solaris*)
+ no_undefined_flag_GCJ=' -z text'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ archive_cmds_GCJ='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_GCJ='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
+ else
+ wlarc=''
+ archive_cmds_GCJ='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds_GCJ='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ fi
+ hardcode_libdir_flag_spec_GCJ='-R$libdir'
+ hardcode_shlibpath_var_GCJ=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The compiler driver will combine linker options so we
+ # cannot just pass the convience library names through
+ # without $wl, iff we do not link with $LD.
+ # Luckily, gcc supports the same syntax we need for Sun Studio.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ case $wlarc in
+ '')
+ whole_archive_flag_spec_GCJ='-z allextract$convenience -z defaultextract' ;;
+ *)
+ whole_archive_flag_spec_GCJ='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
+ esac ;;
+ esac
+ link_all_deplibs_GCJ=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ archive_cmds_GCJ='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds_GCJ='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ hardcode_direct_GCJ=yes
+ hardcode_minus_L_GCJ=yes
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_GCJ=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ archive_cmds_GCJ='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ reload_cmds_GCJ='$CC -r -o $output$reload_objs'
+ hardcode_direct_GCJ=no
+ ;;
+ motorola)
+ archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_GCJ=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ sysv4.3*)
+ archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var_GCJ=no
+ export_dynamic_flag_spec_GCJ='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var_GCJ=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ld_shlibs_GCJ=yes
+ fi
+ ;;
+
+ sysv4.2uw2*)
+ archive_cmds_GCJ='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_GCJ=yes
+ hardcode_minus_L_GCJ=no
+ hardcode_shlibpath_var_GCJ=no
+ hardcode_runpath_var=yes
+ runpath_var=LD_RUN_PATH
+ ;;
+
+ sysv5OpenUNIX8* | sysv5UnixWare7* | sysv5uw[78]* | unixware7*)
+ no_undefined_flag_GCJ='${wl}-z ${wl}text'
+ if test "$GCC" = yes; then
+ archive_cmds_GCJ='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds_GCJ='$CC -G ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ sysv5*)
+ no_undefined_flag_GCJ=' -z text'
+ # $CC -shared without GNU ld will not create a library from C++
+ # object files and a static libstdc++, better avoid it by now
+ archive_cmds_GCJ='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds_GCJ='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ hardcode_libdir_flag_spec_GCJ=
+ hardcode_shlibpath_var_GCJ=no
+ runpath_var='LD_RUN_PATH'
+ ;;
+
+ uts4*)
+ archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ *)
+ ld_shlibs_GCJ=no
+ ;;
+ esac
+ fi
+
+echo "$as_me:$LINENO: result: $ld_shlibs_GCJ" >&5
+echo "${ECHO_T}$ld_shlibs_GCJ" >&6
+test "$ld_shlibs_GCJ" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc_GCJ" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc_GCJ=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $archive_cmds_GCJ in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
+echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6
+ $rm conftest*
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl_GCJ
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag_GCJ
+ allow_undefined_flag_GCJ=
+ if { (eval echo "$as_me:$LINENO: \"$archive_cmds_GCJ 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
+ (eval $archive_cmds_GCJ 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+ then
+ archive_cmds_need_lc_GCJ=no
+ else
+ archive_cmds_need_lc_GCJ=yes
+ fi
+ allow_undefined_flag_GCJ=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $rm conftest*
+ echo "$as_me:$LINENO: result: $archive_cmds_need_lc_GCJ" >&5
+echo "${ECHO_T}$archive_cmds_need_lc_GCJ" >&6
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
+echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix4* | aix5*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $rm \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='$(test .$module = .yes && echo .so || echo .dylib)'
+ # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+ if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+ else
+ sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+ fi
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+kfreebsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ *) # from 3.2 on
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case "$host_cpu" in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+knetbsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+nto-qnx*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+openbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[89] | openbsd2.[89].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+sco3.2v5*)
+ version_type=osf
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+echo "$as_me:$LINENO: result: $dynamic_linker" >&5
+echo "${ECHO_T}$dynamic_linker" >&6
+test "$dynamic_linker" = no && can_build_shared=no
+
+echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
+echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6
+hardcode_action_GCJ=
+if test -n "$hardcode_libdir_flag_spec_GCJ" || \
+ test -n "$runpath_var_GCJ" || \
+ test "X$hardcode_automatic_GCJ" = "Xyes" ; then
+
+ # We can hardcode non-existant directories.
+ if test "$hardcode_direct_GCJ" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, GCJ)" != no &&
+ test "$hardcode_minus_L_GCJ" != no; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action_GCJ=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action_GCJ=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action_GCJ=unsupported
+fi
+echo "$as_me:$LINENO: result: $hardcode_action_GCJ" >&5
+echo "${ECHO_T}$hardcode_action_GCJ" >&6
+
+if test "$hardcode_action_GCJ" = relink; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+striplib=
+old_striplib=
+echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5
+echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6
+if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+ else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+ ;;
+ *)
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+ ;;
+ esac
+fi
+
+if test "x$enable_dlopen" != xyes; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32*)
+ lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen="dlopen"
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
+echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+int
+main ()
+{
+dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dl_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dl_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
+if test $ac_cv_lib_dl_dlopen = yes; then
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+
+ lt_cv_dlopen="dyld"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+
+fi
+
+ ;;
+
+ *)
+ echo "$as_me:$LINENO: checking for shl_load" >&5
+echo $ECHO_N "checking for shl_load... $ECHO_C" >&6
+if test "${ac_cv_func_shl_load+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define shl_load to an innocuous variant, in case <limits.h> declares shl_load.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define shl_load innocuous_shl_load
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char shl_load (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef shl_load
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char shl_load ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_shl_load) || defined (__stub___shl_load)
+choke me
+#else
+char (*f) () = shl_load;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != shl_load;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_shl_load=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_shl_load=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_shl_load" >&5
+echo "${ECHO_T}$ac_cv_func_shl_load" >&6
+if test $ac_cv_func_shl_load = yes; then
+ lt_cv_dlopen="shl_load"
+else
+ echo "$as_me:$LINENO: checking for shl_load in -ldld" >&5
+echo $ECHO_N "checking for shl_load in -ldld... $ECHO_C" >&6
+if test "${ac_cv_lib_dld_shl_load+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char shl_load ();
+int
+main ()
+{
+shl_load ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dld_shl_load=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dld_shl_load=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dld_shl_load" >&5
+echo "${ECHO_T}$ac_cv_lib_dld_shl_load" >&6
+if test $ac_cv_lib_dld_shl_load = yes; then
+ lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"
+else
+ echo "$as_me:$LINENO: checking for dlopen" >&5
+echo $ECHO_N "checking for dlopen... $ECHO_C" >&6
+if test "${ac_cv_func_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define dlopen to an innocuous variant, in case <limits.h> declares dlopen.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define dlopen innocuous_dlopen
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char dlopen (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef dlopen
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_dlopen) || defined (__stub___dlopen)
+choke me
+#else
+char (*f) () = dlopen;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != dlopen;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_dlopen" >&5
+echo "${ECHO_T}$ac_cv_func_dlopen" >&6
+if test $ac_cv_func_dlopen = yes; then
+ lt_cv_dlopen="dlopen"
+else
+ echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
+echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+int
+main ()
+{
+dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dl_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dl_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
+if test $ac_cv_lib_dl_dlopen = yes; then
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+ echo "$as_me:$LINENO: checking for dlopen in -lsvld" >&5
+echo $ECHO_N "checking for dlopen in -lsvld... $ECHO_C" >&6
+if test "${ac_cv_lib_svld_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvld $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+int
+main ()
+{
+dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_svld_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_svld_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_svld_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_svld_dlopen" >&6
+if test $ac_cv_lib_svld_dlopen = yes; then
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
+else
+ echo "$as_me:$LINENO: checking for dld_link in -ldld" >&5
+echo $ECHO_N "checking for dld_link in -ldld... $ECHO_C" >&6
+if test "${ac_cv_lib_dld_dld_link+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dld_link ();
+int
+main ()
+{
+dld_link ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_dld_dld_link=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dld_dld_link=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dld_dld_link" >&5
+echo "${ECHO_T}$ac_cv_lib_dld_dld_link" >&6
+if test $ac_cv_lib_dld_dld_link = yes; then
+ lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+ ;;
+ esac
+
+ if test "x$lt_cv_dlopen" != xno; then
+ enable_dlopen=yes
+ else
+ enable_dlopen=no
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS="$CPPFLAGS"
+ test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS="$LDFLAGS"
+ eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS="$LIBS"
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ echo "$as_me:$LINENO: checking whether a program can dlopen itself" >&5
+echo $ECHO_N "checking whether a program can dlopen itself... $ECHO_C" >&6
+if test "${lt_cv_dlopen_self+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+#line 18479 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+
+ exit (status);
+}
+EOF
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_unknown|x*) lt_cv_dlopen_self=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_dlopen_self" >&5
+echo "${ECHO_T}$lt_cv_dlopen_self" >&6
+
+ if test "x$lt_cv_dlopen_self" = xyes; then
+ LDFLAGS="$LDFLAGS $link_static_flag"
+ echo "$as_me:$LINENO: checking whether a statically linked program can dlopen itself" >&5
+echo $ECHO_N "checking whether a statically linked program can dlopen itself... $ECHO_C" >&6
+if test "${lt_cv_dlopen_self_static+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self_static=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+#line 18577 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+
+ exit (status);
+}
+EOF
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_unknown|x*) lt_cv_dlopen_self_static=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self_static=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_dlopen_self_static" >&5
+echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+ # See if we are running on zsh, and set the options which allow our commands through
+ # without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+ # Now quote all the things that may contain metacharacters while being
+ # careful not to overquote the AC_SUBSTed values. We take copies of the
+ # variables and quote the copies for generation of the libtool script.
+ for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC NM \
+ SED SHELL STRIP \
+ libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+ old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+ deplibs_check_method reload_flag reload_cmds need_locks \
+ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+ lt_cv_sys_global_symbol_to_c_name_address \
+ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+ old_postinstall_cmds old_postuninstall_cmds \
+ compiler_GCJ \
+ CC_GCJ \
+ LD_GCJ \
+ lt_prog_compiler_wl_GCJ \
+ lt_prog_compiler_pic_GCJ \
+ lt_prog_compiler_static_GCJ \
+ lt_prog_compiler_no_builtin_flag_GCJ \
+ export_dynamic_flag_spec_GCJ \
+ thread_safe_flag_spec_GCJ \
+ whole_archive_flag_spec_GCJ \
+ enable_shared_with_static_runtimes_GCJ \
+ old_archive_cmds_GCJ \
+ old_archive_from_new_cmds_GCJ \
+ predep_objects_GCJ \
+ postdep_objects_GCJ \
+ predeps_GCJ \
+ postdeps_GCJ \
+ compiler_lib_search_path_GCJ \
+ archive_cmds_GCJ \
+ archive_expsym_cmds_GCJ \
+ postinstall_cmds_GCJ \
+ postuninstall_cmds_GCJ \
+ old_archive_from_expsyms_cmds_GCJ \
+ allow_undefined_flag_GCJ \
+ no_undefined_flag_GCJ \
+ export_symbols_cmds_GCJ \
+ hardcode_libdir_flag_spec_GCJ \
+ hardcode_libdir_flag_spec_ld_GCJ \
+ hardcode_libdir_separator_GCJ \
+ hardcode_automatic_GCJ \
+ module_cmds_GCJ \
+ module_expsym_cmds_GCJ \
+ lt_cv_prog_compiler_c_o_GCJ \
+ exclude_expsyms_GCJ \
+ include_expsyms_GCJ; do
+
+ case $var in
+ old_archive_cmds_GCJ | \
+ old_archive_from_new_cmds_GCJ | \
+ archive_cmds_GCJ | \
+ archive_expsym_cmds_GCJ | \
+ module_cmds_GCJ | \
+ module_expsym_cmds_GCJ | \
+ old_archive_from_expsyms_cmds_GCJ | \
+ export_symbols_cmds_GCJ | \
+ extract_expsyms_cmds | reload_cmds | finish_cmds | \
+ postinstall_cmds | postuninstall_cmds | \
+ old_postinstall_cmds | old_postuninstall_cmds | \
+ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+ # Double-quote double-evaled strings.
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+ ;;
+ *)
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+ ;;
+ esac
+ done
+
+ case $lt_echo in
+ *'\$0 --fallback-echo"')
+ lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+ ;;
+ esac
+
+cfgfile="$ofile"
+
+ cat <<__EOF__ >> "$cfgfile"
+# ### BEGIN LIBTOOL TAG CONFIG: $tagname
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_GCJ
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_GCJ
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# A language-specific compiler.
+CC=$lt_compiler_GCJ
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC_GCJ
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD_GCJ
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_GCJ
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_GCJ
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_GCJ
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_GCJ
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_GCJ
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_GCJ
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_GCJ
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec_GCJ
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds_GCJ
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_GCJ
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_GCJ
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds_GCJ
+archive_expsym_cmds=$lt_archive_expsym_cmds_GCJ
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds_GCJ
+module_expsym_cmds=$lt_module_expsym_cmds_GCJ
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects_GCJ
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects_GCJ
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps_GCJ
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps_GCJ
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_GCJ
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_GCJ
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_GCJ
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_GCJ
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_GCJ
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_GCJ
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_GCJ
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct_GCJ
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L_GCJ
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_GCJ
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic_GCJ
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_GCJ
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path_GCJ"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols_GCJ
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_GCJ
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_GCJ
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_GCJ
+
+# ### END LIBTOOL TAG CONFIG: $tagname
+
+__EOF__
+
+
+else
+ # If there is no Makefile yet, we rely on a make rule to execute
+ # `config.status --recheck' to rerun these tests and create the
+ # libtool script then.
+ ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+ if test -f "$ltmain_in"; then
+ test -f Makefile && make "$ltmain"
+ fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+ else
+ tagname=""
+ fi
+ ;;
+
+ RC)
+
+
+
+# Source file extension for RC test sources.
+ac_ext=rc
+
+# Object file extension for compiled RC test sources.
+objext=o
+objext_RC=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }\n'
+
+# Code to be used in simple link tests
+lt_simple_link_test_code="$lt_simple_compile_test_code"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${RC-"windres"}
+compiler=$CC
+compiler_RC=$CC
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+lt_cv_prog_compiler_c_o_RC=yes
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+ # See if we are running on zsh, and set the options which allow our commands through
+ # without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+ # Now quote all the things that may contain metacharacters while being
+ # careful not to overquote the AC_SUBSTed values. We take copies of the
+ # variables and quote the copies for generation of the libtool script.
+ for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC NM \
+ SED SHELL STRIP \
+ libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+ old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+ deplibs_check_method reload_flag reload_cmds need_locks \
+ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+ lt_cv_sys_global_symbol_to_c_name_address \
+ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+ old_postinstall_cmds old_postuninstall_cmds \
+ compiler_RC \
+ CC_RC \
+ LD_RC \
+ lt_prog_compiler_wl_RC \
+ lt_prog_compiler_pic_RC \
+ lt_prog_compiler_static_RC \
+ lt_prog_compiler_no_builtin_flag_RC \
+ export_dynamic_flag_spec_RC \
+ thread_safe_flag_spec_RC \
+ whole_archive_flag_spec_RC \
+ enable_shared_with_static_runtimes_RC \
+ old_archive_cmds_RC \
+ old_archive_from_new_cmds_RC \
+ predep_objects_RC \
+ postdep_objects_RC \
+ predeps_RC \
+ postdeps_RC \
+ compiler_lib_search_path_RC \
+ archive_cmds_RC \
+ archive_expsym_cmds_RC \
+ postinstall_cmds_RC \
+ postuninstall_cmds_RC \
+ old_archive_from_expsyms_cmds_RC \
+ allow_undefined_flag_RC \
+ no_undefined_flag_RC \
+ export_symbols_cmds_RC \
+ hardcode_libdir_flag_spec_RC \
+ hardcode_libdir_flag_spec_ld_RC \
+ hardcode_libdir_separator_RC \
+ hardcode_automatic_RC \
+ module_cmds_RC \
+ module_expsym_cmds_RC \
+ lt_cv_prog_compiler_c_o_RC \
+ exclude_expsyms_RC \
+ include_expsyms_RC; do
+
+ case $var in
+ old_archive_cmds_RC | \
+ old_archive_from_new_cmds_RC | \
+ archive_cmds_RC | \
+ archive_expsym_cmds_RC | \
+ module_cmds_RC | \
+ module_expsym_cmds_RC | \
+ old_archive_from_expsyms_cmds_RC | \
+ export_symbols_cmds_RC | \
+ extract_expsyms_cmds | reload_cmds | finish_cmds | \
+ postinstall_cmds | postuninstall_cmds | \
+ old_postinstall_cmds | old_postuninstall_cmds | \
+ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+ # Double-quote double-evaled strings.
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+ ;;
+ *)
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+ ;;
+ esac
+ done
+
+ case $lt_echo in
+ *'\$0 --fallback-echo"')
+ lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+ ;;
+ esac
+
+cfgfile="$ofile"
+
+ cat <<__EOF__ >> "$cfgfile"
+# ### BEGIN LIBTOOL TAG CONFIG: $tagname
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_RC
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_RC
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# A language-specific compiler.
+CC=$lt_compiler_RC
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC_RC
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD_RC
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_RC
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_RC
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_RC
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_RC
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_RC
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_RC
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_RC
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec_RC
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds_RC
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_RC
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_RC
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds_RC
+archive_expsym_cmds=$lt_archive_expsym_cmds_RC
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds_RC
+module_expsym_cmds=$lt_module_expsym_cmds_RC
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects_RC
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects_RC
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps_RC
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps_RC
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_RC
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_RC
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_RC
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_RC
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_RC
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_RC
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_RC
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct_RC
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L_RC
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_RC
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic_RC
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_RC
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path_RC"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols_RC
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_RC
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_RC
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_RC
+
+# ### END LIBTOOL TAG CONFIG: $tagname
+
+__EOF__
+
+
+else
+ # If there is no Makefile yet, we rely on a make rule to execute
+ # `config.status --recheck' to rerun these tests and create the
+ # libtool script then.
+ ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+ if test -f "$ltmain_in"; then
+ test -f Makefile && make "$ltmain"
+ fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+ ;;
+
+ *)
+ { { echo "$as_me:$LINENO: error: Unsupported tag name: $tagname" >&5
+echo "$as_me: error: Unsupported tag name: $tagname" >&2;}
+ { (exit 1); exit 1; }; }
+ ;;
+ esac
+
+ # Append the new tag name to the list of available tags.
+ if test -n "$tagname" ; then
+ available_tags="$available_tags $tagname"
+ fi
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ # Now substitute the updated list of available tags.
+ if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then
+ mv "${ofile}T" "$ofile"
+ chmod +x "$ofile"
+ else
+ rm -f "${ofile}T"
+ { { echo "$as_me:$LINENO: error: unable to update list of available tagged configurations." >&5
+echo "$as_me: error: unable to update list of available tagged configurations." >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+
+
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+
+# Prevent multiple expansion
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --enable-debug or --disable-debug was given.
+if test "${enable_debug+set}" = set; then
+ enableval="$enable_debug"
+
+ CXXFLAGS="-g -O0 -Wall"
+ cat >>confdefs.h <<\_ACEOF
+#define WITH_DEBUG 1
+_ACEOF
+
+
+else
+
+ CXXFLAGS="-O0"
+
+
+fi;
+
+
+# Check whether --with-libldap or --without-libldap was given.
+if test "${with_libldap+set}" = set; then
+ withval="$with_libldap"
+
+ LIBS="-L$with_libldap $LIBS "
+
+else
+
+ LIBS="-L/usr/local/lib $LIBS "
+
+
+fi;
+
+
+# Check whether --with-ldap-includes or --without-ldap-includes was given.
+if test "${with_ldap_includes+set}" = set; then
+ withval="$with_ldap_includes"
+
+ CPPFLAGS="-I$with_ldap_includes $CPPFLAGS "
+
+else
+
+ CPPFLAGS="-I/usr/local/include $CPPFLAGS "
+
+
+fi;
+
+echo "$as_me:$LINENO: checking for main in -lresolv" >&5
+echo $ECHO_N "checking for main in -lresolv... $ECHO_C" >&6
+if test "${ac_cv_lib_resolv_main+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lresolv $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+main ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_resolv_main=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_resolv_main=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_resolv_main" >&5
+echo "${ECHO_T}$ac_cv_lib_resolv_main" >&6
+if test $ac_cv_lib_resolv_main = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBRESOLV 1
+_ACEOF
+
+ LIBS="-lresolv $LIBS"
+
+fi
+
+echo "$as_me:$LINENO: checking for ber_strdup in -llber" >&5
+echo $ECHO_N "checking for ber_strdup in -llber... $ECHO_C" >&6
+if test "${ac_cv_lib_lber_ber_strdup+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-llber $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char ber_strdup ();
+int
+main ()
+{
+ber_strdup ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_lber_ber_strdup=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_lber_ber_strdup=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_lber_ber_strdup" >&5
+echo "${ECHO_T}$ac_cv_lib_lber_ber_strdup" >&6
+if test $ac_cv_lib_lber_ber_strdup = yes; then
+
+ :
+
+else
+
+ echo " didn't find ber_strdup in liblber !";
+ echo " Check for the right version (>= 2.0) of the OpenLDAP libraries";
+ echo " or try the --with-libldap option.";
+ exit
+
+fi
+
+echo "$as_me:$LINENO: checking for ldap_add_ext in -lldap" >&5
+echo $ECHO_N "checking for ldap_add_ext in -lldap... $ECHO_C" >&6
+if test "${ac_cv_lib_ldap_ldap_add_ext+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lldap
+ -llber
+ $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char ldap_add_ext ();
+int
+main ()
+{
+ldap_add_ext ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_ldap_ldap_add_ext=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_ldap_ldap_add_ext=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_ldap_ldap_add_ext" >&5
+echo "${ECHO_T}$ac_cv_lib_ldap_ldap_add_ext" >&6
+if test $ac_cv_lib_ldap_ldap_add_ext = yes; then
+
+ :
+
+else
+
+ echo " didn't find ldap_add_ext in libldap !";
+ echo " Check for the right version (>= 2.0) of the OpenLDAP libraries";
+ echo " or try the --with-libldap option.";
+ exit
+
+fi
+
+echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5
+echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6
+if test "${ac_cv_header_time+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+
+int
+main ()
+{
+if ((struct tm *) 0)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_header_time=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_header_time=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5
+echo "${ECHO_T}$ac_cv_header_time" >&6
+if test $ac_cv_header_time = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define TIME_WITH_SYS_TIME 1
+_ACEOF
+
+fi
+
+if test "${ac_cv_header_ldap_h+set}" = set; then
+ echo "$as_me:$LINENO: checking for ldap.h" >&5
+echo $ECHO_N "checking for ldap.h... $ECHO_C" >&6
+if test "${ac_cv_header_ldap_h+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_ldap_h" >&5
+echo "${ECHO_T}$ac_cv_header_ldap_h" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking ldap.h usability" >&5
+echo $ECHO_N "checking ldap.h usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <ldap.h>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking ldap.h presence" >&5
+echo $ECHO_N "checking ldap.h presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ldap.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: ldap.h: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: ldap.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ldap.h: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: ldap.h: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: ldap.h: present but cannot be compiled" >&5
+echo "$as_me: WARNING: ldap.h: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ldap.h: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: ldap.h: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ldap.h: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: ldap.h: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ldap.h: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: ldap.h: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ldap.h: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: ldap.h: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ldap.h: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: ldap.h: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## ------------------------------------------ ##
+## Report this to the AC_PACKAGE_NAME lists. ##
+## ------------------------------------------ ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for ldap.h" >&5
+echo $ECHO_N "checking for ldap.h... $ECHO_C" >&6
+if test "${ac_cv_header_ldap_h+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_header_ldap_h=$ac_header_preproc
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_ldap_h" >&5
+echo "${ECHO_T}$ac_cv_header_ldap_h" >&6
+
+fi
+
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ldap.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ldap_add_ext" >/dev/null 2>&1; then
+
+ :
+
+else
+
+ echo " didn't find ldap_add_ext in ldap.h!";
+ echo " Check for the right version (>= 2.0) of the OpenLDAP includes";
+ echo " or try --with-ldap-includes option.";
+ exit
+
+fi
+rm -f conftest*
+
+if test "${ac_cv_header_lber_h+set}" = set; then
+ echo "$as_me:$LINENO: checking for lber.h" >&5
+echo $ECHO_N "checking for lber.h... $ECHO_C" >&6
+if test "${ac_cv_header_lber_h+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_lber_h" >&5
+echo "${ECHO_T}$ac_cv_header_lber_h" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking lber.h usability" >&5
+echo $ECHO_N "checking lber.h usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <lber.h>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking lber.h presence" >&5
+echo $ECHO_N "checking lber.h presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <lber.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: lber.h: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: lber.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: lber.h: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: lber.h: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: lber.h: present but cannot be compiled" >&5
+echo "$as_me: WARNING: lber.h: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: lber.h: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: lber.h: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: lber.h: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: lber.h: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: lber.h: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: lber.h: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: lber.h: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: lber.h: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: lber.h: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: lber.h: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## ------------------------------------------ ##
+## Report this to the AC_PACKAGE_NAME lists. ##
+## ------------------------------------------ ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for lber.h" >&5
+echo $ECHO_N "checking for lber.h... $ECHO_C" >&6
+if test "${ac_cv_header_lber_h+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_header_lber_h=$ac_header_preproc
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_lber_h" >&5
+echo "${ECHO_T}$ac_cv_header_lber_h" >&6
+
+fi
+
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <lber.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ber_strdup" >/dev/null 2>&1; then
+
+ :
+
+else
+
+ echo " didn't find ber_strdup in lber.h!";
+ echo " Check for the right version (>= 2.0) of the OpenLDAP includes";
+ echo " or try --with-ldap-includes option.";
+ exit
+
+fi
+rm -f conftest*
+
+
+
+
+ ac_config_files="$ac_config_files Makefile src/Makefile examples/Makefile"
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems. If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, don't put newlines in cache variables' values.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+{
+ (set) 2>&1 |
+ case `(ac_space=' '; set | grep ac_space) 2>&1` in
+ *ac_space=\ *)
+ # `set' does not quote correctly, so add quotes (double-quote
+ # substitution turns \\\\ into \\, and sed turns \\ into \).
+ sed -n \
+ "s/'/'\\\\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+ ;;
+ *)
+ # `set' quotes correctly as required by POSIX, so do not add quotes.
+ sed -n \
+ "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
+ ;;
+ esac;
+} |
+ sed '
+ t clear
+ : clear
+ s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+ t end
+ /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+ : end' >>confcache
+if diff $cache_file confcache >/dev/null 2>&1; then :; else
+ if test -w $cache_file; then
+ test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file"
+ cat confcache >$cache_file
+ else
+ echo "not updating unwritable cache $cache_file"
+ fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+# VPATH may cause trouble with some makes, so we remove $(srcdir),
+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+ ac_vpsub='/^[ ]*VPATH[ ]*=/{
+s/:*\$(srcdir):*/:/;
+s/:*\${srcdir}:*/:/;
+s/:*@srcdir@:*/:/;
+s/^\([^=]*=[ ]*\):*/\1/;
+s/:*$//;
+s/^[^=]*=[ ]*$//;
+}'
+fi
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+ # 1. Remove the extension, and $U if already installed.
+ ac_i=`echo "$ac_i" |
+ sed 's/\$U\././;s/\.o$//;s/\.obj$//'`
+ # 2. Add them.
+ ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext"
+ ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCXX\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"am__fastdepCXX\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+: ${CONFIG_STATUS=./config.status}
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
+echo "$as_me: creating $CONFIG_STATUS" >&6;}
+cat >$CONFIG_STATUS <<_ACEOF
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=\${CONFIG_SHELL-$SHELL}
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+## --------------------- ##
+## M4sh Initialization. ##
+## --------------------- ##
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
+ set -o posix
+fi
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+ as_unset=unset
+else
+ as_unset=false
+fi
+
+
+# Work around bugs in pre-3.0 UWIN ksh.
+$as_unset ENV MAIL MAILPATH
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+for as_var in \
+ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
+ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
+ LC_TELEPHONE LC_TIME
+do
+ if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
+ eval $as_var=C; export $as_var
+ else
+ $as_unset $as_var
+ fi
+done
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)$' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
+ /^X\/\(\/\/\)$/{ s//\1/; q; }
+ /^X\/\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+
+
+# PATH needs CR, and LINENO needs CR and PATH.
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+
+
+ as_lineno_1=$LINENO
+ as_lineno_2=$LINENO
+ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+ test "x$as_lineno_1" != "x$as_lineno_2" &&
+ test "x$as_lineno_3" = "x$as_lineno_2" || {
+ # Find who we are. Look in the path if we contain no path at all
+ # relative or not.
+ case $0 in
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+
+ ;;
+ esac
+ # We did not find ourselves, most probably we were run as `sh COMMAND'
+ # in which case we are not to be found in the path.
+ if test "x$as_myself" = x; then
+ as_myself=$0
+ fi
+ if test ! -f "$as_myself"; then
+ { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5
+echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ case $CONFIG_SHELL in
+ '')
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for as_base in sh bash ksh sh5; do
+ case $as_dir in
+ /*)
+ if ("$as_dir/$as_base" -c '
+ as_lineno_1=$LINENO
+ as_lineno_2=$LINENO
+ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+ test "x$as_lineno_1" != "x$as_lineno_2" &&
+ test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then
+ $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
+ $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
+ CONFIG_SHELL=$as_dir/$as_base
+ export CONFIG_SHELL
+ exec "$CONFIG_SHELL" "$0" ${1+"$@"}
+ fi;;
+ esac
+ done
+done
+;;
+ esac
+
+ # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+ # uniformly replaced by the line number. The first 'sed' inserts a
+ # line-number line before each line; the second 'sed' does the real
+ # work. The second script uses 'N' to pair each line-number line
+ # with the numbered line, and appends trailing '-' during
+ # substitution so that $LINENO is not a special case at line end.
+ # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+ # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-)
+ sed '=' <$as_myself |
+ sed '
+ N
+ s,$,-,
+ : loop
+ s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
+ t loop
+ s,-$,,
+ s,^['$as_cr_digits']*\n,,
+ ' >$as_me.lineno &&
+ chmod +x $as_me.lineno ||
+ { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5
+echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;}
+ { (exit 1); exit 1; }; }
+
+ # Don't try to exec as it changes $[0], causing all sort of problems
+ # (the dirname of $[0] is not the place where we might find the
+ # original and so on. Autoconf is especially sensible to this).
+ . ./$as_me.lineno
+ # Exit status is that of the last command.
+ exit
+}
+
+
+case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
+ *c*,-n*) ECHO_N= ECHO_C='
+' ECHO_T=' ' ;;
+ *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;;
+ *) ECHO_N= ECHO_C='\c' ECHO_T= ;;
+esac
+
+if expr a : '\(a\)' >/dev/null 2>&1; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+echo >conf$$.file
+if ln -s conf$$.file conf$$ 2>/dev/null; then
+ # We could just check for DJGPP; but this test a) works b) is more generic
+ # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
+ if test -f conf$$.exe; then
+ # Don't use ln at all; we don't have any links
+ as_ln_s='cp -p'
+ else
+ as_ln_s='ln -s'
+ fi
+elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.file
+
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p=:
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+as_executable_p="test -f"
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.
+as_nl='
+'
+IFS=" $as_nl"
+
+# CDPATH.
+$as_unset CDPATH
+
+exec 6>&1
+
+# Open the log real soon, to keep \$[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling. Logging --version etc. is OK.
+exec 5>>config.log
+{
+ echo
+ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+} >&5
+cat >&5 <<_CSEOF
+
+This file was extended by $as_me, which was
+generated by GNU Autoconf 2.59. Invocation command line was
+
+ CONFIG_FILES = $CONFIG_FILES
+ CONFIG_HEADERS = $CONFIG_HEADERS
+ CONFIG_LINKS = $CONFIG_LINKS
+ CONFIG_COMMANDS = $CONFIG_COMMANDS
+ $ $0 $@
+
+_CSEOF
+echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5
+echo >&5
+_ACEOF
+
+# Files that config.status was made for.
+if test -n "$ac_config_files"; then
+ echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS
+fi
+
+if test -n "$ac_config_headers"; then
+ echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS
+fi
+
+if test -n "$ac_config_links"; then
+ echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS
+fi
+
+if test -n "$ac_config_commands"; then
+ echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTIONS] [FILE]...
+
+ -h, --help print this help, then exit
+ -V, --version print version number, then exit
+ -q, --quiet do not print progress messages
+ -d, --debug don't remove temporary files
+ --recheck update $as_me by reconfiguring in the same conditions
+ --file=FILE[:TEMPLATE]
+ instantiate the configuration file FILE
+ --header=FILE[:TEMPLATE]
+ instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-autoconf at gnu.org>."
+_ACEOF
+
+cat >>$CONFIG_STATUS <<_ACEOF
+ac_cs_version="\\
+config.status
+configured by $0, generated by GNU Autoconf 2.59,
+ with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
+
+Copyright (C) 2003 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+srcdir=$srcdir
+INSTALL="$INSTALL"
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+# If no file are specified by the user, then we need to provide default
+# value. By we need to know if files were specified by the user.
+ac_need_defaults=:
+while test $# != 0
+do
+ case $1 in
+ --*=*)
+ ac_option=`expr "x$1" : 'x\([^=]*\)='`
+ ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'`
+ ac_shift=:
+ ;;
+ -*)
+ ac_option=$1
+ ac_optarg=$2
+ ac_shift=shift
+ ;;
+ *) # This is not an option, so the user has probably given explicit
+ # arguments.
+ ac_option=$1
+ ac_need_defaults=false;;
+ esac
+
+ case $ac_option in
+ # Handling of the options.
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+ ac_cs_recheck=: ;;
+ --version | --vers* | -V )
+ echo "$ac_cs_version"; exit 0 ;;
+ --he | --h)
+ # Conflict between --help and --header
+ { { echo "$as_me:$LINENO: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&5
+echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2;}
+ { (exit 1); exit 1; }; };;
+ --help | --hel | -h )
+ echo "$ac_cs_usage"; exit 0 ;;
+ --debug | --d* | -d )
+ debug=: ;;
+ --file | --fil | --fi | --f )
+ $ac_shift
+ CONFIG_FILES="$CONFIG_FILES $ac_optarg"
+ ac_need_defaults=false;;
+ --header | --heade | --head | --hea )
+ $ac_shift
+ CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg"
+ ac_need_defaults=false;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil | --si | --s)
+ ac_cs_silent=: ;;
+
+ # This is an error.
+ -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&5
+echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2;}
+ { (exit 1); exit 1; }; } ;;
+
+ *) ac_config_targets="$ac_config_targets $1" ;;
+
+ esac
+ shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+ exec 6>/dev/null
+ ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF
+if \$ac_cs_recheck; then
+ echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6
+ exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+fi
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<_ACEOF
+#
+# INIT-COMMANDS section.
+#
+
+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+
+_ACEOF
+
+
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+for ac_config_target in $ac_config_targets
+do
+ case "$ac_config_target" in
+ # Handling of arguments.
+ "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+ "src/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+ "examples/Makefile" ) CONFIG_FILES="$CONFIG_FILES examples/Makefile" ;;
+ "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+ "src/config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS src/config.h" ;;
+ *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+ { (exit 1); exit 1; }; };;
+ esac
+done
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used. Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+ test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+ test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+ test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience. Make it in the build tree
+# simply because there is no reason to put it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Create a temporary directory, and hook for its removal unless debugging.
+$debug ||
+{
+ trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
+ trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+
+# Create a (secure) tmp directory for tmp files.
+
+{
+ tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` &&
+ test -n "$tmp" && test -d "$tmp"
+} ||
+{
+ tmp=./confstat$$-$RANDOM
+ (umask 077 && mkdir $tmp)
+} ||
+{
+ echo "$me: cannot create a temporary directory in ." >&2
+ { (exit 1); exit 1; }
+}
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<_ACEOF
+
+#
+# CONFIG_FILES section.
+#
+
+# No need to generate the scripts if there are no CONFIG_FILES.
+# This happens for instance when ./config.status config.h
+if test -n "\$CONFIG_FILES"; then
+ # Protect against being on the right side of a sed subst in config.status.
+ sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g;
+ s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF
+s, at SHELL@,$SHELL,;t t
+s, at PATH_SEPARATOR@,$PATH_SEPARATOR,;t t
+s, at PACKAGE_NAME@,$PACKAGE_NAME,;t t
+s, at PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t
+s, at PACKAGE_VERSION@,$PACKAGE_VERSION,;t t
+s, at PACKAGE_STRING@,$PACKAGE_STRING,;t t
+s, at PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t
+s, at exec_prefix@,$exec_prefix,;t t
+s, at prefix@,$prefix,;t t
+s, at program_transform_name@,$program_transform_name,;t t
+s, at bindir@,$bindir,;t t
+s, at sbindir@,$sbindir,;t t
+s, at libexecdir@,$libexecdir,;t t
+s, at datadir@,$datadir,;t t
+s, at sysconfdir@,$sysconfdir,;t t
+s, at sharedstatedir@,$sharedstatedir,;t t
+s, at localstatedir@,$localstatedir,;t t
+s, at libdir@,$libdir,;t t
+s, at includedir@,$includedir,;t t
+s, at oldincludedir@,$oldincludedir,;t t
+s, at infodir@,$infodir,;t t
+s, at mandir@,$mandir,;t t
+s, at build_alias@,$build_alias,;t t
+s, at host_alias@,$host_alias,;t t
+s, at target_alias@,$target_alias,;t t
+s, at DEFS@,$DEFS,;t t
+s, at ECHO_C@,$ECHO_C,;t t
+s, at ECHO_N@,$ECHO_N,;t t
+s, at ECHO_T@,$ECHO_T,;t t
+s, at LIBS@,$LIBS,;t t
+s, at INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t
+s, at INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
+s, at INSTALL_DATA@,$INSTALL_DATA,;t t
+s, at CYGPATH_W@,$CYGPATH_W,;t t
+s, at PACKAGE@,$PACKAGE,;t t
+s, at VERSION@,$VERSION,;t t
+s, at ACLOCAL@,$ACLOCAL,;t t
+s, at AUTOCONF@,$AUTOCONF,;t t
+s, at AUTOMAKE@,$AUTOMAKE,;t t
+s, at AUTOHEADER@,$AUTOHEADER,;t t
+s, at MAKEINFO@,$MAKEINFO,;t t
+s, at install_sh@,$install_sh,;t t
+s, at STRIP@,$STRIP,;t t
+s, at ac_ct_STRIP@,$ac_ct_STRIP,;t t
+s, at INSTALL_STRIP_PROGRAM@,$INSTALL_STRIP_PROGRAM,;t t
+s, at mkdir_p@,$mkdir_p,;t t
+s, at AWK@,$AWK,;t t
+s, at SET_MAKE@,$SET_MAKE,;t t
+s, at am__leading_dot@,$am__leading_dot,;t t
+s, at AMTAR@,$AMTAR,;t t
+s, at am__tar@,$am__tar,;t t
+s, at am__untar@,$am__untar,;t t
+s, at CXX@,$CXX,;t t
+s, at CXXFLAGS@,$CXXFLAGS,;t t
+s, at LDFLAGS@,$LDFLAGS,;t t
+s, at CPPFLAGS@,$CPPFLAGS,;t t
+s, at ac_ct_CXX@,$ac_ct_CXX,;t t
+s, at EXEEXT@,$EXEEXT,;t t
+s, at OBJEXT@,$OBJEXT,;t t
+s, at DEPDIR@,$DEPDIR,;t t
+s, at am__include@,$am__include,;t t
+s, at am__quote@,$am__quote,;t t
+s, at AMDEP_TRUE@,$AMDEP_TRUE,;t t
+s, at AMDEP_FALSE@,$AMDEP_FALSE,;t t
+s, at AMDEPBACKSLASH@,$AMDEPBACKSLASH,;t t
+s, at CXXDEPMODE@,$CXXDEPMODE,;t t
+s, at am__fastdepCXX_TRUE@,$am__fastdepCXX_TRUE,;t t
+s, at am__fastdepCXX_FALSE@,$am__fastdepCXX_FALSE,;t t
+s, at build@,$build,;t t
+s, at build_cpu@,$build_cpu,;t t
+s, at build_vendor@,$build_vendor,;t t
+s, at build_os@,$build_os,;t t
+s, at host@,$host,;t t
+s, at host_cpu@,$host_cpu,;t t
+s, at host_vendor@,$host_vendor,;t t
+s, at host_os@,$host_os,;t t
+s, at CC@,$CC,;t t
+s, at CFLAGS@,$CFLAGS,;t t
+s, at ac_ct_CC@,$ac_ct_CC,;t t
+s, at CCDEPMODE@,$CCDEPMODE,;t t
+s, at am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t
+s, at am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t
+s, at EGREP@,$EGREP,;t t
+s, at LN_S@,$LN_S,;t t
+s, at ECHO@,$ECHO,;t t
+s, at AR@,$AR,;t t
+s, at ac_ct_AR@,$ac_ct_AR,;t t
+s, at RANLIB@,$RANLIB,;t t
+s, at ac_ct_RANLIB@,$ac_ct_RANLIB,;t t
+s, at CPP@,$CPP,;t t
+s, at CXXCPP@,$CXXCPP,;t t
+s, at F77@,$F77,;t t
+s, at FFLAGS@,$FFLAGS,;t t
+s, at ac_ct_F77@,$ac_ct_F77,;t t
+s, at LIBTOOL@,$LIBTOOL,;t t
+s, at LIBOBJS@,$LIBOBJS,;t t
+s, at LTLIBOBJS@,$LTLIBOBJS,;t t
+CEOF
+
+_ACEOF
+
+ cat >>$CONFIG_STATUS <<\_ACEOF
+ # Split the substitutions into bite-sized pieces for seds with
+ # small command number limits, like on Digital OSF/1 and HP-UX.
+ ac_max_sed_lines=48
+ ac_sed_frag=1 # Number of current file.
+ ac_beg=1 # First line for current file.
+ ac_end=$ac_max_sed_lines # Line after last line for current file.
+ ac_more_lines=:
+ ac_sed_cmds=
+ while $ac_more_lines; do
+ if test $ac_beg -gt 1; then
+ sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
+ else
+ sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
+ fi
+ if test ! -s $tmp/subs.frag; then
+ ac_more_lines=false
+ else
+ # The purpose of the label and of the branching condition is to
+ # speed up the sed processing (if there are no `@' at all, there
+ # is no need to browse any of the substitutions).
+ # These are the two extra sed commands mentioned above.
+ (echo ':t
+ /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed
+ if test -z "$ac_sed_cmds"; then
+ ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed"
+ else
+ ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed"
+ fi
+ ac_sed_frag=`expr $ac_sed_frag + 1`
+ ac_beg=$ac_end
+ ac_end=`expr $ac_end + $ac_max_sed_lines`
+ fi
+ done
+ if test -z "$ac_sed_cmds"; then
+ ac_sed_cmds=cat
+ fi
+fi # test -n "$CONFIG_FILES"
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue
+ # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+ case $ac_file in
+ - | *:- | *:-:* ) # input from stdin
+ cat >$tmp/stdin
+ ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+ *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+ * ) ac_file_in=$ac_file.in ;;
+ esac
+
+ # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories.
+ ac_dir=`(dirname "$ac_file") 2>/dev/null ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$ac_file" : 'X\(//\)[^/]' \| \
+ X"$ac_file" : 'X\(//\)$' \| \
+ X"$ac_file" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$ac_file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ { if $as_mkdir_p; then
+ mkdir -p "$ac_dir"
+ else
+ as_dir="$ac_dir"
+ as_dirs=
+ while test ! -d "$as_dir"; do
+ as_dirs="$as_dir $as_dirs"
+ as_dir=`(dirname "$as_dir") 2>/dev/null ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ done
+ test ! -n "$as_dirs" || mkdir $as_dirs
+ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
+ { (exit 1); exit 1; }; }; }
+
+ ac_builddir=.
+
+if test "$ac_dir" != .; then
+ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+ # A "../" for each directory in $ac_dir_suffix.
+ ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
+else
+ ac_dir_suffix= ac_top_builddir=
+fi
+
+case $srcdir in
+ .) # No --srcdir option. We are building in place.
+ ac_srcdir=.
+ if test -z "$ac_top_builddir"; then
+ ac_top_srcdir=.
+ else
+ ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
+ fi ;;
+ [\\/]* | ?:[\\/]* ) # Absolute path.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir ;;
+ *) # Relative path.
+ ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_builddir$srcdir ;;
+esac
+
+# Do not use `cd foo && pwd` to compute absolute paths, because
+# the directories may not exist.
+case `pwd` in
+.) ac_abs_builddir="$ac_dir";;
+*)
+ case "$ac_dir" in
+ .) ac_abs_builddir=`pwd`;;
+ [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
+ *) ac_abs_builddir=`pwd`/"$ac_dir";;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_builddir=${ac_top_builddir}.;;
+*)
+ case ${ac_top_builddir}. in
+ .) ac_abs_top_builddir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
+ *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_srcdir=$ac_srcdir;;
+*)
+ case $ac_srcdir in
+ .) ac_abs_srcdir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
+ *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_srcdir=$ac_top_srcdir;;
+*)
+ case $ac_top_srcdir in
+ .) ac_abs_top_srcdir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
+ *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
+ esac;;
+esac
+
+
+ case $INSTALL in
+ [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+ *) ac_INSTALL=$ac_top_builddir$INSTALL ;;
+ esac
+
+ if test x"$ac_file" != x-; then
+ { echo "$as_me:$LINENO: creating $ac_file" >&5
+echo "$as_me: creating $ac_file" >&6;}
+ rm -f "$ac_file"
+ fi
+ # Let's still pretend it is `configure' which instantiates (i.e., don't
+ # use $as_me), people would be surprised to read:
+ # /* config.h. Generated by config.status. */
+ if test x"$ac_file" = x-; then
+ configure_input=
+ else
+ configure_input="$ac_file. "
+ fi
+ configure_input=$configure_input"Generated from `echo $ac_file_in |
+ sed 's,.*/,,'` by configure."
+
+ # First look for the input files in the build tree, otherwise in the
+ # src tree.
+ ac_file_inputs=`IFS=:
+ for f in $ac_file_in; do
+ case $f in
+ -) echo $tmp/stdin ;;
+ [\\/$]*)
+ # Absolute (can't be DOS-style, as IFS=:)
+ test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+ { (exit 1); exit 1; }; }
+ echo "$f";;
+ *) # Relative
+ if test -f "$f"; then
+ # Build tree
+ echo "$f"
+ elif test -f "$srcdir/$f"; then
+ # Source tree
+ echo "$srcdir/$f"
+ else
+ # /dev/null tree
+ { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+ { (exit 1); exit 1; }; }
+ fi;;
+ esac
+ done` || { (exit 1); exit 1; }
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF
+ sed "$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s, at configure_input@,$configure_input,;t t
+s, at srcdir@,$ac_srcdir,;t t
+s, at abs_srcdir@,$ac_abs_srcdir,;t t
+s, at top_srcdir@,$ac_top_srcdir,;t t
+s, at abs_top_srcdir@,$ac_abs_top_srcdir,;t t
+s, at builddir@,$ac_builddir,;t t
+s, at abs_builddir@,$ac_abs_builddir,;t t
+s, at top_builddir@,$ac_top_builddir,;t t
+s, at abs_top_builddir@,$ac_abs_top_builddir,;t t
+s, at INSTALL@,$ac_INSTALL,;t t
+" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out
+ rm -f $tmp/stdin
+ if test x"$ac_file" != x-; then
+ mv $tmp/out $ac_file
+ else
+ cat $tmp/out
+ rm -f $tmp/out
+ fi
+
+done
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+#
+# CONFIG_HEADER section.
+#
+
+# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
+# NAME is the cpp macro being defined and VALUE is the value it is being given.
+#
+# ac_d sets the value in "#define NAME VALUE" lines.
+ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)'
+ac_dB='[ ].*$,\1#\2'
+ac_dC=' '
+ac_dD=',;t'
+# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
+ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)'
+ac_uB='$,\1#\2define\3'
+ac_uC=' '
+ac_uD=',;t'
+
+for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue
+ # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+ case $ac_file in
+ - | *:- | *:-:* ) # input from stdin
+ cat >$tmp/stdin
+ ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+ *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+ * ) ac_file_in=$ac_file.in ;;
+ esac
+
+ test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5
+echo "$as_me: creating $ac_file" >&6;}
+
+ # First look for the input files in the build tree, otherwise in the
+ # src tree.
+ ac_file_inputs=`IFS=:
+ for f in $ac_file_in; do
+ case $f in
+ -) echo $tmp/stdin ;;
+ [\\/$]*)
+ # Absolute (can't be DOS-style, as IFS=:)
+ test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+ { (exit 1); exit 1; }; }
+ # Do quote $f, to prevent DOS paths from being IFS'd.
+ echo "$f";;
+ *) # Relative
+ if test -f "$f"; then
+ # Build tree
+ echo "$f"
+ elif test -f "$srcdir/$f"; then
+ # Source tree
+ echo "$srcdir/$f"
+ else
+ # /dev/null tree
+ { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+ { (exit 1); exit 1; }; }
+ fi;;
+ esac
+ done` || { (exit 1); exit 1; }
+ # Remove the trailing spaces.
+ sed 's/[ ]*$//' $ac_file_inputs >$tmp/in
+
+_ACEOF
+
+# Transform confdefs.h into two sed scripts, `conftest.defines' and
+# `conftest.undefs', that substitutes the proper values into
+# config.h.in to produce config.h. The first handles `#define'
+# templates, and the second `#undef' templates.
+# And first: Protect against being on the right side of a sed subst in
+# config.status. Protect against being in an unquoted here document
+# in config.status.
+rm -f conftest.defines conftest.undefs
+# Using a here document instead of a string reduces the quoting nightmare.
+# Putting comments in sed scripts is not portable.
+#
+# `end' is used to avoid that the second main sed command (meant for
+# 0-ary CPP macros) applies to n-ary macro definitions.
+# See the Autoconf documentation for `clear'.
+cat >confdef2sed.sed <<\_ACEOF
+s/[\\&,]/\\&/g
+s,[\\$`],\\&,g
+t clear
+: clear
+s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp
+t end
+s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp
+: end
+_ACEOF
+# If some macros were called several times there might be several times
+# the same #defines, which is useless. Nevertheless, we may not want to
+# sort them, since we want the *last* AC-DEFINE to be honored.
+uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines
+sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs
+rm -f confdef2sed.sed
+
+# This sed command replaces #undef with comments. This is necessary, for
+# example, in the case of _POSIX_SOURCE, which is predefined and required
+# on some systems where configure will not decide to define it.
+cat >>conftest.undefs <<\_ACEOF
+s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */,
+_ACEOF
+
+# Break up conftest.defines because some shells have a limit on the size
+# of here documents, and old seds have small limits too (100 cmds).
+echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS
+echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS
+echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS
+echo ' :' >>$CONFIG_STATUS
+rm -f conftest.tail
+while grep . conftest.defines >/dev/null
+do
+ # Write a limited-size here document to $tmp/defines.sed.
+ echo ' cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS
+ # Speed up: don't consider the non `#define' lines.
+ echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS
+ # Work around the forget-to-reset-the-flag bug.
+ echo 't clr' >>$CONFIG_STATUS
+ echo ': clr' >>$CONFIG_STATUS
+ sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS
+ echo 'CEOF
+ sed -f $tmp/defines.sed $tmp/in >$tmp/out
+ rm -f $tmp/in
+ mv $tmp/out $tmp/in
+' >>$CONFIG_STATUS
+ sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail
+ rm -f conftest.defines
+ mv conftest.tail conftest.defines
+done
+rm -f conftest.defines
+echo ' fi # grep' >>$CONFIG_STATUS
+echo >>$CONFIG_STATUS
+
+# Break up conftest.undefs because some shells have a limit on the size
+# of here documents, and old seds have small limits too (100 cmds).
+echo ' # Handle all the #undef templates' >>$CONFIG_STATUS
+rm -f conftest.tail
+while grep . conftest.undefs >/dev/null
+do
+ # Write a limited-size here document to $tmp/undefs.sed.
+ echo ' cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS
+ # Speed up: don't consider the non `#undef'
+ echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS
+ # Work around the forget-to-reset-the-flag bug.
+ echo 't clr' >>$CONFIG_STATUS
+ echo ': clr' >>$CONFIG_STATUS
+ sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS
+ echo 'CEOF
+ sed -f $tmp/undefs.sed $tmp/in >$tmp/out
+ rm -f $tmp/in
+ mv $tmp/out $tmp/in
+' >>$CONFIG_STATUS
+ sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail
+ rm -f conftest.undefs
+ mv conftest.tail conftest.undefs
+done
+rm -f conftest.undefs
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+ # Let's still pretend it is `configure' which instantiates (i.e., don't
+ # use $as_me), people would be surprised to read:
+ # /* config.h. Generated by config.status. */
+ if test x"$ac_file" = x-; then
+ echo "/* Generated by configure. */" >$tmp/config.h
+ else
+ echo "/* $ac_file. Generated by configure. */" >$tmp/config.h
+ fi
+ cat $tmp/in >>$tmp/config.h
+ rm -f $tmp/in
+ if test x"$ac_file" != x-; then
+ if diff $ac_file $tmp/config.h >/dev/null 2>&1; then
+ { echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+echo "$as_me: $ac_file is unchanged" >&6;}
+ else
+ ac_dir=`(dirname "$ac_file") 2>/dev/null ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$ac_file" : 'X\(//\)[^/]' \| \
+ X"$ac_file" : 'X\(//\)$' \| \
+ X"$ac_file" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$ac_file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ { if $as_mkdir_p; then
+ mkdir -p "$ac_dir"
+ else
+ as_dir="$ac_dir"
+ as_dirs=
+ while test ! -d "$as_dir"; do
+ as_dirs="$as_dir $as_dirs"
+ as_dir=`(dirname "$as_dir") 2>/dev/null ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ done
+ test ! -n "$as_dirs" || mkdir $as_dirs
+ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
+ { (exit 1); exit 1; }; }; }
+
+ rm -f $ac_file
+ mv $tmp/config.h $ac_file
+ fi
+ else
+ cat $tmp/config.h
+ rm -f $tmp/config.h
+ fi
+# Compute $ac_file's index in $config_headers.
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+ case $_am_header in
+ $ac_file | $ac_file:* )
+ break ;;
+ * )
+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+ esac
+done
+echo "timestamp for $ac_file" >`(dirname $ac_file) 2>/dev/null ||
+$as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X$ac_file : 'X\(//\)[^/]' \| \
+ X$ac_file : 'X\(//\)$' \| \
+ X$ac_file : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X$ac_file |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`/stamp-h$_am_stamp_count
+done
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+#
+# CONFIG_COMMANDS section.
+#
+for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue
+ ac_dest=`echo "$ac_file" | sed 's,:.*,,'`
+ ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'`
+ ac_dir=`(dirname "$ac_dest") 2>/dev/null ||
+$as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$ac_dest" : 'X\(//\)[^/]' \| \
+ X"$ac_dest" : 'X\(//\)$' \| \
+ X"$ac_dest" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$ac_dest" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ { if $as_mkdir_p; then
+ mkdir -p "$ac_dir"
+ else
+ as_dir="$ac_dir"
+ as_dirs=
+ while test ! -d "$as_dir"; do
+ as_dirs="$as_dir $as_dirs"
+ as_dir=`(dirname "$as_dir") 2>/dev/null ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ done
+ test ! -n "$as_dirs" || mkdir $as_dirs
+ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
+ { (exit 1); exit 1; }; }; }
+
+ ac_builddir=.
+
+if test "$ac_dir" != .; then
+ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+ # A "../" for each directory in $ac_dir_suffix.
+ ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
+else
+ ac_dir_suffix= ac_top_builddir=
+fi
+
+case $srcdir in
+ .) # No --srcdir option. We are building in place.
+ ac_srcdir=.
+ if test -z "$ac_top_builddir"; then
+ ac_top_srcdir=.
+ else
+ ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
+ fi ;;
+ [\\/]* | ?:[\\/]* ) # Absolute path.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir ;;
+ *) # Relative path.
+ ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_builddir$srcdir ;;
+esac
+
+# Do not use `cd foo && pwd` to compute absolute paths, because
+# the directories may not exist.
+case `pwd` in
+.) ac_abs_builddir="$ac_dir";;
+*)
+ case "$ac_dir" in
+ .) ac_abs_builddir=`pwd`;;
+ [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
+ *) ac_abs_builddir=`pwd`/"$ac_dir";;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_builddir=${ac_top_builddir}.;;
+*)
+ case ${ac_top_builddir}. in
+ .) ac_abs_top_builddir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
+ *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_srcdir=$ac_srcdir;;
+*)
+ case $ac_srcdir in
+ .) ac_abs_srcdir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
+ *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
+ esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_srcdir=$ac_top_srcdir;;
+*)
+ case $ac_top_srcdir in
+ .) ac_abs_top_srcdir=$ac_abs_builddir;;
+ [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
+ *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
+ esac;;
+esac
+
+
+ { echo "$as_me:$LINENO: executing $ac_dest commands" >&5
+echo "$as_me: executing $ac_dest commands" >&6;}
+ case $ac_dest in
+ depfiles ) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do
+ # Strip MF so we end up with the name of the file.
+ mf=`echo "$mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile or not.
+ # We used to match only the files named `Makefile.in', but
+ # some people rename them; so instead we look at the file content.
+ # Grep'ing the first line is not enough: some people post-process
+ # each Makefile.in and add a new line on top of each file to say so.
+ # So let's grep whole file.
+ if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then
+ dirpart=`(dirname "$mf") 2>/dev/null ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$mf" : 'X\(//\)[^/]' \| \
+ X"$mf" : 'X\(//\)$' \| \
+ X"$mf" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$mf" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ else
+ continue
+ fi
+ # Extract the definition of DEPDIR, am__include, and am__quote
+ # from the Makefile without running `make'.
+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+ test -z "$DEPDIR" && continue
+ am__include=`sed -n 's/^am__include = //p' < "$mf"`
+ test -z "am__include" && continue
+ am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+ # When using ansi2knr, U may be empty or an underscore; expand it
+ U=`sed -n 's/^U = //p' < "$mf"`
+ # Find all dependency output files, they are included files with
+ # $(DEPDIR) in their names. We invoke sed twice because it is the
+ # simplest approach to changing $(DEPDIR) to its actual value in the
+ # expansion.
+ for file in `sed -n "
+ s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+ # Make sure the directory exists.
+ test -f "$dirpart/$file" && continue
+ fdir=`(dirname "$file") 2>/dev/null ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$file" : 'X\(//\)[^/]' \| \
+ X"$file" : 'X\(//\)$' \| \
+ X"$file" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ { if $as_mkdir_p; then
+ mkdir -p $dirpart/$fdir
+ else
+ as_dir=$dirpart/$fdir
+ as_dirs=
+ while test ! -d "$as_dir"; do
+ as_dirs="$as_dir $as_dirs"
+ as_dir=`(dirname "$as_dir") 2>/dev/null ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| \
+ . : '\(.\)' 2>/dev/null ||
+echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+ /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+ /^X\(\/\/\)$/{ s//\1/; q; }
+ /^X\(\/\).*/{ s//\1/; q; }
+ s/.*/./; q'`
+ done
+ test ! -n "$as_dirs" || mkdir $as_dirs
+ fi || { { echo "$as_me:$LINENO: error: cannot create directory $dirpart/$fdir" >&5
+echo "$as_me: error: cannot create directory $dirpart/$fdir" >&2;}
+ { (exit 1); exit 1; }; }; }
+
+ # echo "creating $dirpart/$file"
+ echo '# dummy' > "$dirpart/$file"
+ done
+done
+ ;;
+ esac
+done
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+{ (exit 0); exit 0; }
+_ACEOF
+chmod +x $CONFIG_STATUS
+ac_clean_files=$ac_clean_files_save
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded. So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status. When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+ ac_cs_success=:
+ ac_config_status_args=
+ test "$silent" = yes &&
+ ac_config_status_args="$ac_config_status_args --quiet"
+ exec 5>/dev/null
+ $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+ exec 5>>config.log
+ # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+ # would make configure fail if this is the last instruction.
+ $ac_cs_success || { (exit 1); exit 1; }
+fi
+
Property changes on: openldap/vendor/openldap-2.3.35/contrib/ldapc++/configure
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/configure.in
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/configure.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/configure.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,94 @@
+dnl Copyright 2000-2003, OpenLDAP Foundation, All Rights Reserved.
+dnl COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+
+
+dnl Process this file with autoconf to produce a configure script.
+
+dnl disable config.cache
+dnl define([AC_CACHE_LOAD], )
+dnl define([AC_CACHE_SAVE], )
+
+AC_INIT(examples/main.cpp)
+AM_INIT_AUTOMAKE(main, 0.0.1)
+AM_CONFIG_HEADER(src/config.h)
+
+
+dnl Checks for programs.
+AC_PROG_INSTALL
+dnl AC_PROG_CC
+AC_PROG_CXX
+dnl AC_PROG_RANLIB
+dnl AM_DISABLE_SHARED
+AC_PROG_LIBTOOL
+dnl AC_PROG_MAKE_SET
+AC_ARG_ENABLE(debug,[ --enable-debug],[
+ CXXFLAGS="-g -O0 -Wall"
+ AC_DEFINE(WITH_DEBUG)
+ ],[
+ CXXFLAGS="-O0"
+ ]
+)
+
+AC_ARG_WITH(libldap,[ --with-libldap=DIR Path to the libldap library [/usr/local/lib]],[
+ LIBS="-L$with_libldap $LIBS "
+ ],[
+ LIBS="-L/usr/local/lib $LIBS "
+ ]
+)
+
+AC_ARG_WITH(ldap-includes,[ --with-ldap-includes=DIR Path to the libldap include files [/usr/local/include]],[
+ CPPFLAGS="-I$with_ldap_includes $CPPFLAGS "
+ ],[
+ CPPFLAGS="-I/usr/local/include $CPPFLAGS "
+ ]
+)
+dnl Checks for libraries.
+AC_CHECK_LIB(resolv,main)
+AC_CHECK_LIB(lber,ber_strdup,[
+dnl NOOP
+ :
+ ],[
+ echo " didn't find ber_strdup in liblber !";
+ echo " Check for the right version (>= 2.0) of the OpenLDAP libraries";
+ echo " or try the --with-libldap option.";
+ exit
+ ])
+AC_CHECK_LIB(ldap,ldap_add_ext,[
+dnl NOOP
+ :
+ ],[
+ echo " didn't find ldap_add_ext in libldap !";
+ echo " Check for the right version (>= 2.0) of the OpenLDAP libraries";
+ echo " or try the --with-libldap option.";
+ exit
+ ],[
+ -llber
+ ])
+dnl Checks for header files.
+AC_HEADER_TIME
+AC_CHECK_HEADER(ldap.h)
+AC_EGREP_HEADER(ldap_add_ext,ldap.h,[
+dnl NOOP
+ :
+ ],[
+ echo " didn't find ldap_add_ext in ldap.h!";
+ echo " Check for the right version (>= 2.0) of the OpenLDAP includes";
+ echo " or try --with-ldap-includes option.";
+ exit
+ ])
+AC_CHECK_HEADER(lber.h)
+AC_EGREP_HEADER(ber_strdup,lber.h,[
+dnl NOOP
+ :
+ ],[
+ echo " didn't find ber_strdup in lber.h!";
+ echo " Check for the right version (>= 2.0) of the OpenLDAP includes";
+ echo " or try --with-ldap-includes option.";
+ exit
+ ])
+
+dnl Checks for typedefs, structures, and compiler characteristics.
+
+dnl Checks for library functions.
+
+AC_OUTPUT(Makefile src/Makefile examples/Makefile)
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/depcomp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/depcomp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/depcomp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,423 @@
+#! /bin/sh
+
+# depcomp - compile a program generating dependencies as side-effects
+# Copyright 1999, 2000 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+# 02111-1307, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva at dcc.unicamp.br>.
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+ echo "depcomp: Variables source, object and depmode must be set" 1>&2
+ exit 1
+fi
+# `libtool' can also be set to `yes' or `no'.
+
+if test -z "$depfile"; then
+ base=`echo "$object" | sed -e 's,^.*/,,' -e 's,\.\([^.]*\)$,.P\1,'`
+ dir=`echo "$object" | sed 's,/.*$,/,'`
+ if test "$dir" = "$object"; then
+ dir=
+ fi
+ # FIXME: should be _deps on DOS.
+ depfile="$dir.deps/$base"
+fi
+
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Some modes work just like other modes, but use different flags. We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write. Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+ # HP compiler uses -M and no extra arg.
+ gccflag=-M
+ depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+ # This is just like dashmstdout with a different argument.
+ dashmflag=-xM
+ depmode=dashmstdout
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want. Yay! Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff. Hmm.
+ "$@" -MT "$object" -MD -MP -MF "$tmpdepfile"
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ mv "$tmpdepfile" "$depfile"
+ ;;
+
+gcc)
+## There are various ways to get dependency output from gcc. Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+## up in a subdir. Having to rename by hand is ugly.
+## (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+## -MM, not -M (despite what the docs say).
+## - Using -M directly means running the compiler twice (even worse
+## than renaming).
+ if test -z "$gccflag"; then
+ gccflag=-MD,
+ fi
+ "$@" -Wp,"$gccflag$tmpdepfile"
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+## The second -e expression handles DOS-style file names with drive letters.
+ sed -e 's/^[^:]*: / /' \
+ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the `deleted header file' problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header). We avoid this by adding
+## dummy dependencies for each header file. Too bad gcc doesn't do
+## this for us directly.
+ tr ' ' '
+' < "$tmpdepfile" |
+## Some versions of gcc put a space before the `:'. On the theory
+## that the space means something, we add a space to the output as
+## well.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly. Breaking it into two sed invocations is a workaround.
+ sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+hp)
+ # This case exists only to let depend.m4 do its work. It works by
+ # looking at the text of this script. This case will never be run,
+ # since it is checked for above.
+ exit 1
+ ;;
+
+sgi)
+ if test "$libtool" = yes; then
+ "$@" "-Wp,-MDupdate,$tmpdepfile"
+ else
+ "$@" -MDupdate "$tmpdepfile"
+ fi
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+
+ if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files
+ echo "$object : \\" > "$depfile"
+
+ # Clip off the initial element (the dependent). Don't try to be
+ # clever and replace this with sed code, as IRIX sed won't handle
+ # lines with more than a fixed number of characters (4096 in
+ # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
+ # the IRIX cc adds comments like `#:fec' to the end of the
+ # dependency line.
+ tr ' ' '
+' < "$tmpdepfile" \
+ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
+ tr '
+' ' ' >> $depfile
+ echo >> $depfile
+
+ # The second pass generates a dummy entry for each header file.
+ tr ' ' '
+' < "$tmpdepfile" \
+ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+ >> $depfile
+ else
+ # The sourcefile does not contain any dependencies, so just
+ # store a dummy comment line, to avoid errors with the Makefile
+ # "include basename.Plo" scheme.
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile"
+ ;;
+
+aix)
+ # The C for AIX Compiler uses -M and outputs the dependencies
+ # in a .u file. This file always lives in the current directory.
+ # Also, the AIX compiler puts `$object:' at the start of each line;
+ # $object doesn't have directory information.
+ stripped=`echo "$object" | sed -e 's,^.*/,,' -e 's/\(.*\)\..*$/\1/'`
+ tmpdepfile="$stripped.u"
+ outname="$stripped.o"
+ if test "$libtool" = yes; then
+ "$@" -Wc,-M
+ else
+ "$@" -M
+ fi
+
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+
+ if test -f "$tmpdepfile"; then
+ # Each line is of the form `foo.o: dependent.h'.
+ # Do two passes, one to just change these to
+ # `$object: dependent.h' and one to simply `dependent.h:'.
+ sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile"
+ sed -e "s,^$outname: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile"
+ else
+ # The sourcefile does not contain any dependencies, so just
+ # store a dummy comment line, to avoid errors with the Makefile
+ # "include basename.Plo" scheme.
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile"
+ ;;
+
+tru64)
+ # The Tru64 compiler uses -MD to generate dependencies as a side
+ # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+ # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+ # dependencies in `foo.d' instead, so we check for that too.
+ # Subdirectories are respected.
+ dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+ test "x$dir" = "x$object" && dir=
+ base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+
+ if test "$libtool" = yes; then
+ tmpdepfile1="$dir.libs/$base.lo.d"
+ tmpdepfile2="$dir.libs/$base.d"
+ "$@" -Wc,-MD
+ else
+ tmpdepfile1="$dir$base.o.d"
+ tmpdepfile2="$dir$base.d"
+ "$@" -MD
+ fi
+
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile1" "$tmpdepfile2"
+ exit $stat
+ fi
+
+ if test -f "$tmpdepfile1"; then
+ tmpdepfile="$tmpdepfile1"
+ else
+ tmpdepfile="$tmpdepfile2"
+ fi
+ if test -f "$tmpdepfile"; then
+ sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+ # That's a space and a tab in the [].
+ sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+ else
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile"
+ ;;
+
+#nosideeffect)
+ # This comment above is used by automake to tell side-effect
+ # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+ # Important note: in order to support this mode, a compiler *must*
+ # always write the proprocessed file to stdout, regardless of -o.
+ "$@" || exit $?
+
+ # Remove the call to Libtool.
+ if test "$libtool" = yes; then
+ while test $1 != '--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+
+ # Remove `-o $object'. We will use -o /dev/null later,
+ # however we can't do the remplacement now because
+ # `-o $object' might simply not be used
+ IFS=" "
+ for arg
+ do
+ case $arg in
+ -o)
+ shift
+ ;;
+ $object)
+ shift
+ ;;
+ *)
+ set fnord "$@" "$arg"
+ shift # fnord
+ shift # $arg
+ ;;
+ esac
+ done
+
+ test -z "$dashmflag" && dashmflag=-M
+ "$@" -o /dev/null $dashmflag | sed 's:^[^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile"
+ rm -f "$depfile"
+ cat < "$tmpdepfile" > "$depfile"
+ tr ' ' '
+' < "$tmpdepfile" | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly. Breaking it into two sed invocations is a workaround.
+ sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+dashXmstdout)
+ # This case only exists to satisfy depend.m4. It is never actually
+ # run, as this mode is specially recognized in the preamble.
+ exit 1
+ ;;
+
+makedepend)
+ "$@" || exit $?
+ # X makedepend
+ shift
+ cleared=no
+ for arg in "$@"; do
+ case $cleared in
+ no)
+ set ""; shift
+ cleared=yes ;;
+ esac
+ case "$arg" in
+ -D*|-I*)
+ set fnord "$@" "$arg"; shift ;;
+ -*)
+ ;;
+ *)
+ set fnord "$@" "$arg"; shift ;;
+ esac
+ done
+ obj_suffix="`echo $object | sed 's/^.*\././'`"
+ touch "$tmpdepfile"
+ ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+ rm -f "$depfile"
+ cat < "$tmpdepfile" > "$depfile"
+ sed '1,2d' "$tmpdepfile" | tr ' ' '
+' | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly. Breaking it into two sed invocations is a workaround.
+ sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile" "$tmpdepfile".bak
+ ;;
+
+cpp)
+ # Important note: in order to support this mode, a compiler *must*
+ # always write the proprocessed file to stdout.
+ "$@" || exit $?
+
+ # Remove the call to Libtool.
+ if test "$libtool" = yes; then
+ while test $1 != '--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+
+ # Remove `-o $object'.
+ IFS=" "
+ for arg
+ do
+ case $arg in
+ -o)
+ shift
+ ;;
+ $object)
+ shift
+ ;;
+ *)
+ set fnord "$@" "$arg"
+ shift # fnord
+ shift # $arg
+ ;;
+ esac
+ done
+
+ "$@" -E |
+ sed -n '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
+ sed '$ s: \\$::' > "$tmpdepfile"
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ cat < "$tmpdepfile" >> "$depfile"
+ sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+msvisualcpp)
+ # Important note: in order to support this mode, a compiler *must*
+ # always write the proprocessed file to stdout, regardless of -o,
+ # because we must use -o when running libtool.
+ "$@" || exit $?
+ IFS=" "
+ for arg
+ do
+ case "$arg" in
+ "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+ set fnord "$@"
+ shift
+ shift
+ ;;
+ *)
+ set fnord "$@" "$arg"
+ shift
+ shift
+ ;;
+ esac
+ done
+ "$@" -E |
+ sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile"
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile"
+ echo " " >> "$depfile"
+ . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+none)
+ exec "$@"
+ ;;
+
+*)
+ echo "Unknown depmode $depmode" 1>&2
+ exit 1
+ ;;
+esac
+
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/contrib/ldapc++/depcomp
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/doxygen.rc
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/doxygen.rc (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/doxygen.rc 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,466 @@
+# Doxyfile 1.0.0
+
+# This file describes the settings to be used by doxygen for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+# TAG = value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+
+#---------------------------------------------------------------------------
+# General configuration options
+#---------------------------------------------------------------------------
+
+# The PROJECT_NAME tag is a single word (or a sequence of word surrounded
+# by quotes) that should identify the project.
+
+PROJECT_NAME = ldapsdk
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number.
+# This could be handy for archiving the generated documentation or
+# if some version control system is used.
+
+PROJECT_NUMBER = 0.0.1
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
+# base path where the generated documentation will be put.
+# If a relative path is entered, it will be relative to the location
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY = srcdoc
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all
+# documentation generated by doxygen is written. Doxygen will use this
+# information to generate all constant output in the proper language.
+# The default language is English, other supported languages are:
+# Dutch, French, Italian, Czech, Swedish, German and Japanese
+
+OUTPUT_LANGUAGE = English
+
+# The QUIET tag can be used to turn on/off the messages that are generated
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are
+# generated by doxygen. Possible values are YES and NO. If left blank
+# NO is used.
+
+WARNINGS = YES
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
+# top of each HTML page. The value NO (the default) enables the index and
+# the value YES disables it.
+
+DISABLE_INDEX = NO
+
+# If the EXTRACT_ALL tag is set to YES all classes and functions will be
+# included in the documentation, even if no documentation was available.
+
+EXTRACT_ALL = YES
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
+# will be included in the documentation.
+
+EXTRACT_PRIVATE = YES
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
+# undocumented members inside documented classes or files.
+
+HIDE_UNDOC_MEMBERS = NO
+
+# If the HIDE_UNDOC_CLASSESS tag is set to YES, Doxygen will hide all
+# undocumented classes.
+
+HIDE_UNDOC_CLASSES = NO
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
+# include brief member descriptions after the members that are listed in
+# the file and class documentation (similar to JavaDoc).
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC = YES
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
+# the brief description of a member or function before the detailed description.
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF = yes
+
+# If the ALWAYS_DETAILS_SEC and REPEAT_BRIEF tags are both set to YES then
+# Doxygen will generate a detailed section even if there is only a brief
+# description.
+
+ALWAYS_DETAILED_SEC = yes
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
+# path before files name in the file list and in the header files. If set
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
+# can be used to strip a user defined part of the path. Stripping is
+# only done if one of the specified strings matches the left-hand part of
+# the path.
+
+STRIP_FROM_PATH =
+
+# The INTERNAL_DOCS tag determines if documentation
+# that is typed after a \internal command is included. If the tag is set
+# to NO (the default) then the documentation will be excluded.
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS = NO
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
+# generate a class diagram (in Html and LaTeX) for classes with base or
+# super classes. Setting the tag to NO turns the diagrams off.
+
+CLASS_DIAGRAMS = YES
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will
+# be generated. Documented entities will be cross-referenced with these sources.
+
+SOURCE_BROWSER = no
+
+# Setting the INLINE_SOURCES tag to YES will include the body
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO (the default) then Doxygen
+# will only generate file names in lower case letters. If set to
+# YES upper case letters are also allowed. This is useful if you have
+# classes or files whose names only differ in case and if your file system
+# supports case sensitive file names.
+
+CASE_SENSE_NAMES = NO
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
+# will generate a verbatim copy of the header file for each class for
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS = YES
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES (the default) then Doxygen
+# will interpret the first line (until the first dot) of a JavaDoc-style
+# comment as the brief description. If set to NO, the Javadoc-style will
+# behave just like the Qt-style comments.
+
+JAVADOC_AUTOBRIEF = YES
+
+# if the INHERIT_DOCS tag is set to YES (the default) then an undocumented
+# member inherits the documentation from any documented member that it
+# reimplements.
+
+INHERIT_DOCS = YES
+
+# if the INLINE_INFO tag is set to YES (the default) then a tag [inline]
+# is inserted in the documentation for inline members.
+
+INLINE_INFO = YES
+
+# the TAB_SIZE tag can be used to set the number of spaces in a tab.
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE = 4
+
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag can be used to specify the files and/or directories that contain
+# documented source files. You may enter file names like "myfile.cpp" or
+# directories like "/usr/src/myproject". Separate the files or directories
+# with spaces.
+
+INPUT = ./src
+
+# If the value of the INPUT tag contains directories, you can use the
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank all files are included.
+
+FILE_PATTERNS = *.cpp *.h
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories
+# should be searched for input files as well. Possible values are YES and NO.
+# If left blank NO is used.
+
+RECURSIVE = yes
+
+# The EXCLUDE tag can be used to specify files and/or directories that should
+# excluded from the INPUT source files. This way you can easily exclude a
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+
+EXCLUDE =
+
+# If the value of the INPUT tag contains directories, you can use the
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
+# certain files from those directories.
+
+EXCLUDE_PATTERNS =
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or
+# directories that contain example code fragments that are included (see
+# the \include command).
+
+EXAMPLE_PATH =
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank all files are included.
+
+EXAMPLE_PATTERNS =
+
+# The IMAGE_PATH tag can be used to specify one or more files or
+# directories that contain image that are included in the documentation (see
+# the \image command).
+
+IMAGE_PATH =
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should
+# invoke to filter for each input file. Doxygen will invoke the filter program
+# by executing (via popen()) the command <filter> <input-file>, where <filter>
+# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
+# input file. Doxygen will then use the output that the filter program writes
+# to standard output.
+
+INPUT_FILTER =
+
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
+# generate HTML output
+
+GENERATE_HTML = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT =
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard header.
+
+HTML_HEADER =
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard footer.
+
+HTML_FOOTER =
+
+# The HTML_STYLESHEET tag can be used to specify a user defined cascading
+# style sheet that is used by each HTML page. It can be used to
+# fine-tune the look of the HTML output. If the tag is left blank doxygen
+# will generate a default style sheet
+
+HTML_STYLESHEET =
+
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
+# files or namespaces will be aligned in HTML using tables. If set to
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS = YES
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files
+# will be generated that can be used as input for tools like the
+# Microsoft HTML help workshop to generate a compressed HTML help file (.chm)
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP = NO
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
+# of all compounds will be generated. Enable this if the project
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX = NO
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX = 5
+
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
+# generate Latex output.
+
+GENERATE_LATEX = no
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT =
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
+# LaTeX documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_LATEX = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used
+# by the printer. Possible values are: a4, a4wide, letter, legal and
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE = a4wide
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES =
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
+# the generated latex document. The header should contain everything until
+# the first chapter. If it is left blank doxygen will generate a
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER =
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will
+# contain links (just like the HTML output) instead of page references
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
+# generate man pages
+
+GENERATE_MAN = no
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT =
+
+# The MAN_EXTENSION tag determines the extension that is added to
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION = .3
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
+# evaluate all C-preprocessor directives found in the sources and include
+# files.
+
+ENABLE_PREPROCESSING = YES
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
+# names in the source code. If set to NO (the default) only conditional
+# compilation will be performed.
+
+MACRO_EXPANSION = NO
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
+# in the INCLUDE_PATH (see below) will be search if a #include is found.
+
+SEARCH_INCLUDES = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that
+# contain include files that are not input files but should be processed by
+# the preprocessor.
+
+INCLUDE_PATH =
+
+# The PREDEFINED tag can be used to specify one or more macro names that
+# are defined before the preprocessor is started (similar to the -D option of
+# gcc). The argument of the tag is a list of macros of the form: name
+# or name=definition (no spaces). If the definition and the = are
+# omitted =1 is assumed.
+
+PREDEFINED =
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
+# then the macro expansion is limited to the macros specified with the
+# PREDEFINED tag.
+
+EXPAND_ONLY_PREDEF = NO
+
+#---------------------------------------------------------------------------
+# Configuration options related to external references
+#---------------------------------------------------------------------------
+
+# The TAGFILES tag can be used to specify one or more tagfiles.
+
+TAGFILES =
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE =
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed
+# in the class index. If set to NO only the inherited external classes
+# will be listed.
+
+ALLEXTERNALS = NO
+
+# The PERL_PATH should be the absolute path and name of the perl script
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the search engine
+#---------------------------------------------------------------------------
+
+# The SEARCHENGINE tag specifies whether or not a search engine should be
+# used. If set to NO the values of all tags below this one will be ignored.
+
+SEARCHENGINE = NO
+
+# The CGI_NAME tag should be the name of the CGI script that
+# starts the search engine (doxysearch) with the correct parameters.
+# A script with this name will be generated by doxygen.
+
+CGI_NAME = search.cgi
+
+# The CGI_URL tag should be the absolute URL to the directory where the
+# cgi binaries are located. See the documentation of your http daemon for
+# details.
+
+CGI_URL =
+
+# The DOC_URL tag should be the absolute URL to the directory where the
+# documentation is located. If left blank the absolute path to the
+# documentation, with file:// prepended to it, will be used.
+
+DOC_URL =
+
+# The DOC_ABSPATH tag should be the absolute path to the directory where the
+# documentation is located. If left blank the directory on the local machine
+# will be used.
+
+DOC_ABSPATH =
+
+# The BIN_ABSPATH tag must point to the directory where the doxysearch binary
+# is installed.
+
+BIN_ABSPATH = /usr/local/bin/
+
+# The EXT_DOC_PATHS tag can be used to specify one or more paths to
+# documentation generated for other projects. This allows doxysearch to search
+# the documentation for these projects as well.
+
+EXT_DOC_PATHS =
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/Makefile.am
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/Makefile.am (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/Makefile.am 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,11 @@
+##
+# Copyright 2003, OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+##
+noinst_PROGRAMS = main readSchema
+
+main_SOURCES = main.cpp
+main_LDADD = ../src/libldapcpp.la
+
+readSchema_SOURCES = readSchema.cpp
+readSchema_LDADD = ../src/libldapcpp.la
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,427 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+noinst_PROGRAMS = main$(EXEEXT) readSchema$(EXEEXT)
+subdir = examples
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/src/config.h
+CONFIG_CLEAN_FILES =
+PROGRAMS = $(noinst_PROGRAMS)
+am_main_OBJECTS = main.$(OBJEXT)
+main_OBJECTS = $(am_main_OBJECTS)
+main_DEPENDENCIES = ../src/libldapcpp.la
+am_readSchema_OBJECTS = readSchema.$(OBJEXT)
+readSchema_OBJECTS = $(am_readSchema_OBJECTS)
+readSchema_DEPENDENCIES = ../src/libldapcpp.la
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/src
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS)
+LTCXXCOMPILE = $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CXXFLAGS) $(CXXFLAGS)
+CXXLD = $(CXX)
+CXXLINK = $(LIBTOOL) --tag=CXX --mode=link $(CXXLD) $(AM_CXXFLAGS) \
+ $(CXXFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(main_SOURCES) $(readSchema_SOURCES)
+DIST_SOURCES = $(main_SOURCES) $(readSchema_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+main_SOURCES = main.cpp
+main_LDADD = ../src/libldapcpp.la
+readSchema_SOURCES = readSchema.cpp
+readSchema_LDADD = ../src/libldapcpp.la
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .cpp .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign examples/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign examples/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+main$(EXEEXT): $(main_OBJECTS) $(main_DEPENDENCIES)
+ @rm -f main$(EXEEXT)
+ $(CXXLINK) $(main_LDFLAGS) $(main_OBJECTS) $(main_LDADD) $(LIBS)
+readSchema$(EXEEXT): $(readSchema_OBJECTS) $(readSchema_DEPENDENCIES)
+ @rm -f readSchema$(EXEEXT)
+ $(CXXLINK) $(readSchema_LDFLAGS) $(readSchema_OBJECTS) $(readSchema_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/main.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/readSchema.Po at am__quote@
+
+.cpp.o:
+ at am__fastdepCXX_TRUE@ if $(CXXCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+ at am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ $<
+
+.cpp.obj:
+ at am__fastdepCXX_TRUE@ if $(CXXCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
+ at am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.cpp.lo:
+ at am__fastdepCXX_TRUE@ if $(LTCXXCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+ at am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(LTCXXCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool
+uninstall-info-am:
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+ list='$(DISTFILES)'; for file in $$list; do \
+ case $$file in \
+ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+ $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+ esac; \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+ dir="/$$dir"; \
+ $(mkdir_p) "$(distdir)$$dir"; \
+ else \
+ dir=''; \
+ fi; \
+ if test -d $$d/$$file; then \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-libtool distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-exec-am:
+
+install-info: install-info-am
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-info-am
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstPROGRAMS ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-exec \
+ install-exec-am install-info install-info-am install-man \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-info-am
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/main.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/main.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/main.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,134 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include<iostream.h>
+#include<strstream>
+#include "LDAPConnection.h"
+#include "LDAPConstraints.h"
+#include "LDAPSearchReference.h"
+#include "LDAPSearchResults.h"
+#include "LDAPAttribute.h"
+#include "LDAPAttributeList.h"
+#include "LDAPEntry.h"
+#include "LDAPException.h"
+#include "LDAPModification.h"
+#include "LDAPReferralException.h"
+
+#include"debug.h"
+
+int main(){
+ LDAPConstraints* cons=new LDAPConstraints;
+ LDAPControlSet* ctrls=new LDAPControlSet;
+ ctrls->add(LDAPCtrl(LDAP_CONTROL_MANAGEDSAIT));
+ cons->setServerControls(ctrls);
+ LDAPConnection *lc=new LDAPConnection("localhost",9009);
+ lc->setConstraints(cons);
+ cout << "----------------------doing bind...." << endl;
+ try{
+ lc->bind("cn=Manager,o=Organisation,c=DE" , "secret",cons);
+ cout << lc->getHost() << endl;
+ bool result = lc->compare("cn=Manager,o=Organisation,c=DE",
+ LDAPAttribute("cn","Manaer"));
+ cout << "Compare: " << result << endl;
+
+ LDAPAttributeList* attrs=new LDAPAttributeList();
+ StringList values;
+ StringList s2;
+ values.add("top");
+ values.add("Person");
+ attrs->addAttribute(LDAPAttribute("objectClass",values));
+ attrs->addAttribute(LDAPAttribute("cn","Peter"));
+ attrs->addAttribute(LDAPAttribute("sn","Peter,hallo"));
+ LDAPEntry* entry=new LDAPEntry(
+ "cn=Peter , o=Organisation, c=DE", attrs);
+// lc->add(entry);
+
+// lc->del("ou=Groups,o=Organisation,c=DE");
+
+ LDAPSearchResults* entries = lc->search("o=Organisation,c=DE",
+ LDAPConnection::SEARCH_ONE);
+ if (entries != 0){
+ LDAPEntry* entry = entries->getNext();
+ if(entry != 0){
+ cout << *(entry) << endl;
+ }
+ while(entry){
+ try{
+ entry = entries->getNext();
+ if(entry != 0){
+ cout << *(entry) << endl;
+ }
+ delete entry;
+ }catch(LDAPReferralException e){
+ cout << "Caught Referral" << endl;
+ }
+ }
+ }
+
+ lc->unbind();
+ delete lc;
+ }catch (LDAPException e){
+ cout << "------------------------- caught Exception ---------"<< endl;
+ cout << e << endl;
+ }
+
+ /*
+ cout << "--------------------starting search" << endl;
+ LDAPAttributeList* attrs=new LDAPAttributeList();
+ StringList values;
+ values.add("top");
+ values.add("organizationalUnit");
+ attrs->addAttribute(LDAPAttribute("objectClass",values));
+ attrs->addAttribute(LDAPAttribute("ou","Groups"));
+ LDAPEntry* entry=new LDAPEntry(
+ "ou=Groups, o=Organisation, c=DE", attrs);
+
+ LDAPAttribute newattr("description");
+ LDAPModification::mod_op op = LDAPModification::OP_DELETE;
+ LDAPModList *mod=new LDAPModList();
+ mod->addModification(LDAPModification(newattr,op));
+ LDAPMessageQueue* q=0;
+ try{
+ q=lc->search("o=Organisation,c=de",LDAPAsynConnection::SEARCH_SUB,
+ "objectClass=*",StringList());
+// q=lc->add(entry);
+// q=lc->modify("cn=Manager,o=Organisation,c=DE",
+// mod);
+ LDAPMsg *res=q->getNext();
+ bool cont=true;
+ while( cont ) {
+ switch(res->getMessageType()){
+ LDAPSearchResult *res2;
+ const LDAPEntry *entry;
+ case LDAP_RES_SEARCH_ENTRY :
+ res2= (LDAPSearchResult*)res;
+ entry= res2->getEntry();
+ cout << "Entry: " << *entry << endl;
+ delete res;
+ res=q->getNext();
+ break;
+ case LDAP_RES_SEARCH_REFERENCE :
+ cout << "Reference: " << endl;
+ delete res;
+ res=q->getNext();
+ break;
+ default :
+ cout << ( *(LDAPResult*) res) << endl;
+ delete res;
+ cout << "-----------------search done" << endl;
+ cont=false;
+ break;
+ }
+ }
+ delete q;
+ }catch (LDAPException e){
+ cout << "----------------error during search" << endl;
+ delete q;
+ cout << e << endl;
+ }
+ lc->unbind();
+ */
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/readSchema.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/readSchema.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/examples/readSchema.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,68 @@
+#include<iostream.h>
+#include<strstream>
+#include "LDAPConnection.h"
+#include "LDAPConstraints.h"
+#include "LDAPSearchReference.h"
+#include "LDAPSearchResults.h"
+#include "LDAPAttribute.h"
+#include "LDAPAttributeList.h"
+#include "LDAPEntry.h"
+#include "LDAPException.h"
+#include "LDAPModification.h"
+#include "LDAPReferralException.h"
+#include "LDAPSchema.h"
+
+#include"debug.h"
+
+int main(){
+ LDAPConnection *lc=new LDAPConnection("192.168.3.128",389);
+ cout << "----------------------doing bind...." << endl;
+ try{
+ lc->bind("uid=admin,dc=home,dc=local" , "secret");
+ cout << lc->getHost() << endl;
+ StringList tmp;
+ tmp.add("subschemasubentry");
+ LDAPSearchResults* entries = lc->search("",
+ LDAPConnection::SEARCH_BASE,
+ "(objectClass=*)",
+ tmp );
+ LDAPEntry* rootDse = entries->getNext();
+ std::string schemabase="cn=subschema";
+
+ if(rootDse){
+ const LDAPAttribute* schemaAttr = rootDse->getAttributes()->getAttributeByName("subschemaSubentry");
+ schemabase = *(schemaAttr->getValues().begin());
+ }
+ StringList attrs;
+ attrs.add("objectClasses");
+ attrs.add("attributeTypes");
+ entries = lc->search(schemabase, LDAPConnection::SEARCH_BASE, "(objectClass=*)",
+ attrs);
+ if (entries != 0){
+ LDAPEntry* entry = entries->getNext();
+ if(entry != 0){
+ const LDAPAttribute* oc = entry->getAttributes()->getAttributeByName("objectClasses");
+ LDAPSchema schema;
+ schema.setObjectClasses((oc->getValues()));
+ LDAPObjClass test = schema.getObjectClassByName("inetOrgPerson");
+ cout << test.getDesc() << endl;
+// StringList mustAttr = test.getMay();
+// for( StringList::const_iterator i = mustAttr.begin(); i != mustAttr.end(); i++ ){
+// cout << *i << endl;
+// }
+ StringList sup = test.getSup();
+ for( StringList::const_iterator i = sup.begin(); i != sup.end(); i++ ){
+ cout << *i << endl;
+ }
+ }
+ }
+
+ lc->unbind();
+ delete lc;
+ }catch (LDAPException e){
+ cout << "------------------------- caught Exception ---------"<< endl;
+ cout << e << endl;
+ }
+
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/install-sh
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/install-sh (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/install-sh 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,251 @@
+#!/bin/sh
+#
+# install - install a program, script, or datafile
+# This comes from X11R5 (mit/util/scripts/install.sh).
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission. M.I.T. makes no representations about the
+# suitability of this software for any purpose. It is provided "as is"
+# without express or implied warranty.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch. It can only install one file at a time, a restriction
+# shared with many OS's install programs.
+
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+transformbasename=""
+transform_arg=""
+instcmd="$mvprog"
+chmodcmd="$chmodprog 0755"
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=""
+dst=""
+dir_arg=""
+
+while [ x"$1" != x ]; do
+ case $1 in
+ -c) instcmd="$cpprog"
+ shift
+ continue;;
+
+ -d) dir_arg=true
+ shift
+ continue;;
+
+ -m) chmodcmd="$chmodprog $2"
+ shift
+ shift
+ continue;;
+
+ -o) chowncmd="$chownprog $2"
+ shift
+ shift
+ continue;;
+
+ -g) chgrpcmd="$chgrpprog $2"
+ shift
+ shift
+ continue;;
+
+ -s) stripcmd="$stripprog"
+ shift
+ continue;;
+
+ -t=*) transformarg=`echo $1 | sed 's/-t=//'`
+ shift
+ continue;;
+
+ -b=*) transformbasename=`echo $1 | sed 's/-b=//'`
+ shift
+ continue;;
+
+ *) if [ x"$src" = x ]
+ then
+ src=$1
+ else
+ # this colon is to work around a 386BSD /bin/sh bug
+ :
+ dst=$1
+ fi
+ shift
+ continue;;
+ esac
+done
+
+if [ x"$src" = x ]
+then
+ echo "install: no input file specified"
+ exit 1
+else
+ true
+fi
+
+if [ x"$dir_arg" != x ]; then
+ dst=$src
+ src=""
+
+ if [ -d $dst ]; then
+ instcmd=:
+ chmodcmd=""
+ else
+ instcmd=mkdir
+ fi
+else
+
+# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
+# might cause directories to be created, which would be especially bad
+# if $src (and thus $dsttmp) contains '*'.
+
+ if [ -f $src -o -d $src ]
+ then
+ true
+ else
+ echo "install: $src does not exist"
+ exit 1
+ fi
+
+ if [ x"$dst" = x ]
+ then
+ echo "install: no destination specified"
+ exit 1
+ else
+ true
+ fi
+
+# If destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+
+ if [ -d $dst ]
+ then
+ dst="$dst"/`basename $src`
+ else
+ true
+ fi
+fi
+
+## this sed command emulates the dirname command
+dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
+
+# Make sure that the destination directory exists.
+# this part is taken from Noah Friedman's mkinstalldirs script
+
+# Skip lots of stat calls in the usual case.
+if [ ! -d "$dstdir" ]; then
+defaultIFS='
+'
+IFS="${IFS-${defaultIFS}}"
+
+oIFS="${IFS}"
+# Some sh's can't handle IFS=/ for some reason.
+IFS='%'
+set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
+IFS="${oIFS}"
+
+pathcomp=''
+
+while [ $# -ne 0 ] ; do
+ pathcomp="${pathcomp}${1}"
+ shift
+
+ if [ ! -d "${pathcomp}" ] ;
+ then
+ $mkdirprog "${pathcomp}"
+ else
+ true
+ fi
+
+ pathcomp="${pathcomp}/"
+done
+fi
+
+if [ x"$dir_arg" != x ]
+then
+ $doit $instcmd $dst &&
+
+ if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
+ if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
+ if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
+ if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
+else
+
+# If we're going to rename the final executable, determine the name now.
+
+ if [ x"$transformarg" = x ]
+ then
+ dstfile=`basename $dst`
+ else
+ dstfile=`basename $dst $transformbasename |
+ sed $transformarg`$transformbasename
+ fi
+
+# don't allow the sed command to completely eliminate the filename
+
+ if [ x"$dstfile" = x ]
+ then
+ dstfile=`basename $dst`
+ else
+ true
+ fi
+
+# Make a temp file name in the proper directory.
+
+ dsttmp=$dstdir/#inst.$$#
+
+# Move or copy the file name to the temp name
+
+ $doit $instcmd $src $dsttmp &&
+
+ trap "rm -f ${dsttmp}" 0 &&
+
+# and set any options; do chmod last to preserve setuid bits
+
+# If any of these fail, we abort the whole thing. If we want to
+# ignore errors from any of these, just make sure not to ignore
+# errors from the above "$doit $instcmd $src $dsttmp" command.
+
+ if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
+ if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
+ if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
+ if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
+
+# Now rename the file to the real destination.
+
+ $doit $rmcmd -f $dstdir/$dstfile &&
+ $doit $mvcmd $dsttmp $dstdir/$dstfile
+
+fi &&
+
+
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/contrib/ldapc++/install-sh
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/ltmain.sh
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/ltmain.sh (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/ltmain.sh 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,6500 @@
+# ltmain.sh - Provide generalized library-building support services.
+# NOTE: Changing this file will not affect anything until you rerun configure.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+# Originally by Gordon Matzigkeit <gord at gnu.ai.mit.edu>, 1996
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+basename="s,^.*/,,g"
+
+# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
+# is ksh but when the shell is invoked as "sh" and the current value of
+# the _XPG environment variable is not equal to 1 (one), the special
+# positional parameter $0, within a function call, is the name of the
+# function.
+progpath="$0"
+
+# The name of this program:
+progname=`echo "$progpath" | $SED $basename`
+modename="$progname"
+
+# Global variables:
+EXIT_SUCCESS=0
+EXIT_FAILURE=1
+
+PROGRAM=ltmain.sh
+PACKAGE=libtool
+VERSION=1.5.18
+TIMESTAMP=" (1.1220.2.245 2005/05/16 08:55:27)"
+
+# See if we are running on zsh, and set the options which allow our
+# commands through without removal of \ escapes.
+if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+
+# Check that we have a working $echo.
+if test "X$1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X$1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then
+ # Yippee, $echo works!
+ :
+else
+ # Restart under the correct shell, and then maybe $echo will work.
+ exec $SHELL "$progpath" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<EOF
+$*
+EOF
+ exit $EXIT_SUCCESS
+fi
+
+default_mode=
+help="Try \`$progname --help' for more information."
+magic="%%%MAGIC variable%%%"
+mkdir="mkdir"
+mv="mv -f"
+rm="rm -f"
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed="${SED}"' -e 1s/^X//'
+sed_quote_subst='s/\([\\`\\"$\\\\]\)/\\\1/g'
+# test EBCDIC or ASCII
+case `echo A|tr A '\301'` in
+ A) # EBCDIC based system
+ SP2NL="tr '\100' '\n'"
+ NL2SP="tr '\r\n' '\100\100'"
+ ;;
+ *) # Assume ASCII based system
+ SP2NL="tr '\040' '\012'"
+ NL2SP="tr '\015\012' '\040\040'"
+ ;;
+esac
+
+# NLS nuisances.
+# Only set LANG and LC_ALL to C if already set.
+# These must not be set unconditionally because not all systems understand
+# e.g. LANG=C (notably SCO).
+# We save the old values to restore during execute mode.
+if test "${LC_ALL+set}" = set; then
+ save_LC_ALL="$LC_ALL"; LC_ALL=C; export LC_ALL
+fi
+if test "${LANG+set}" = set; then
+ save_LANG="$LANG"; LANG=C; export LANG
+fi
+
+# Make sure IFS has a sensible default
+lt_nl='
+'
+IFS=" $lt_nl"
+
+if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
+ $echo "$modename: not configured to build any kind of library" 1>&2
+ $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2
+ exit $EXIT_FAILURE
+fi
+
+# Global variables.
+mode=$default_mode
+nonopt=
+prev=
+prevopt=
+run=
+show="$echo"
+show_help=
+execute_dlfiles=
+lo2o="s/\\.lo\$/.${objext}/"
+o2lo="s/\\.${objext}\$/.lo/"
+quote_scanset='[[~#^*{};<>?'"'"' ]'
+
+#####################################
+# Shell function definitions:
+# This seems to be the best place for them
+
+# func_win32_libid arg
+# return the library type of file 'arg'
+#
+# Need a lot of goo to handle *both* DLLs and import libs
+# Has to be a shell function in order to 'eat' the argument
+# that is supplied when $file_magic_command is called.
+func_win32_libid ()
+{
+ win32_libid_type="unknown"
+ win32_fileres=`file -L $1 2>/dev/null`
+ case $win32_fileres in
+ *ar\ archive\ import\ library*) # definitely import
+ win32_libid_type="x86 archive import"
+ ;;
+ *ar\ archive*) # could be an import, or static
+ if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | \
+ $EGREP -e 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then
+ win32_nmres=`eval $NM -f posix -A $1 | \
+ sed -n -e '1,100{/ I /{x;/import/!{s/^/import/;h;p;};x;};}'`
+ if test "X$win32_nmres" = "Ximport" ; then
+ win32_libid_type="x86 archive import"
+ else
+ win32_libid_type="x86 archive static"
+ fi
+ fi
+ ;;
+ *DLL*)
+ win32_libid_type="x86 DLL"
+ ;;
+ *executable*) # but shell scripts are "executable" too...
+ case $win32_fileres in
+ *MS\ Windows\ PE\ Intel*)
+ win32_libid_type="x86 DLL"
+ ;;
+ esac
+ ;;
+ esac
+ $echo $win32_libid_type
+}
+
+
+# func_infer_tag arg
+# Infer tagged configuration to use if any are available and
+# if one wasn't chosen via the "--tag" command line option.
+# Only attempt this if the compiler in the base compile
+# command doesn't match the default compiler.
+# arg is usually of the form 'gcc ...'
+func_infer_tag ()
+{
+ if test -n "$available_tags" && test -z "$tagname"; then
+ CC_quoted=
+ for arg in $CC; do
+ case $arg in
+ *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
+ arg="\"$arg\""
+ ;;
+ esac
+ CC_quoted="$CC_quoted $arg"
+ done
+ case $@ in
+ # Blanks in the command may have been stripped by the calling shell,
+ # but not from the CC environment variable when configure was run.
+ " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) ;;
+ # Blanks at the start of $base_compile will cause this to fail
+ # if we don't check for them as well.
+ *)
+ for z in $available_tags; do
+ if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
+ # Evaluate the configuration.
+ eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
+ CC_quoted=
+ for arg in $CC; do
+ # Double-quote args containing other shell metacharacters.
+ case $arg in
+ *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
+ arg="\"$arg\""
+ ;;
+ esac
+ CC_quoted="$CC_quoted $arg"
+ done
+ case "$@ " in
+ " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*)
+ # The compiler in the base compile command matches
+ # the one in the tagged configuration.
+ # Assume this is the tagged configuration we want.
+ tagname=$z
+ break
+ ;;
+ esac
+ fi
+ done
+ # If $tagname still isn't set, then no tagged configuration
+ # was found and let the user know that the "--tag" command
+ # line option must be used.
+ if test -z "$tagname"; then
+ $echo "$modename: unable to infer tagged configuration"
+ $echo "$modename: specify a tag with \`--tag'" 1>&2
+ exit $EXIT_FAILURE
+# else
+# $echo "$modename: using $tagname tagged configuration"
+ fi
+ ;;
+ esac
+ fi
+}
+
+
+# func_extract_an_archive dir oldlib
+func_extract_an_archive ()
+{
+ f_ex_an_ar_dir="$1"; shift
+ f_ex_an_ar_oldlib="$1"
+
+ $show "(cd $f_ex_an_ar_dir && $AR x $f_ex_an_ar_oldlib)"
+ $run eval "(cd \$f_ex_an_ar_dir && $AR x \$f_ex_an_ar_oldlib)" || exit $?
+ if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
+ :
+ else
+ $echo "$modename: ERROR: object name conflicts: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" 1>&2
+ exit $EXIT_FAILURE
+ fi
+}
+
+# func_extract_archives gentop oldlib ...
+func_extract_archives ()
+{
+ my_gentop="$1"; shift
+ my_oldlibs=${1+"$@"}
+ my_oldobjs=""
+ my_xlib=""
+ my_xabs=""
+ my_xdir=""
+ my_status=""
+
+ $show "${rm}r $my_gentop"
+ $run ${rm}r "$my_gentop"
+ $show "$mkdir $my_gentop"
+ $run $mkdir "$my_gentop"
+ my_status=$?
+ if test "$my_status" -ne 0 && test ! -d "$my_gentop"; then
+ exit $my_status
+ fi
+
+ for my_xlib in $my_oldlibs; do
+ # Extract the objects.
+ case $my_xlib in
+ [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;;
+ *) my_xabs=`pwd`"/$my_xlib" ;;
+ esac
+ my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'`
+ my_xdir="$my_gentop/$my_xlib"
+
+ $show "${rm}r $my_xdir"
+ $run ${rm}r "$my_xdir"
+ $show "$mkdir $my_xdir"
+ $run $mkdir "$my_xdir"
+ status=$?
+ if test "$status" -ne 0 && test ! -d "$my_xdir"; then
+ exit $status
+ fi
+ case $host in
+ *-darwin*)
+ $show "Extracting $my_xabs"
+ # Do not bother doing anything if just a dry run
+ if test -z "$run"; then
+ darwin_orig_dir=`pwd`
+ cd $my_xdir || exit $?
+ darwin_archive=$my_xabs
+ darwin_curdir=`pwd`
+ darwin_base_archive=`$echo "X$darwin_archive" | $Xsed -e 's%^.*/%%'`
+ darwin_arches=`lipo -info "$darwin_archive" 2>/dev/null | $EGREP Architectures 2>/dev/null`
+ if test -n "$darwin_arches"; then
+ darwin_arches=`echo "$darwin_arches" | $SED -e 's/.*are://'`
+ darwin_arch=
+ $show "$darwin_base_archive has multiple architectures $darwin_arches"
+ for darwin_arch in $darwin_arches ; do
+ mkdir -p "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+ lipo -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}"
+ cd "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+ func_extract_an_archive "`pwd`" "${darwin_base_archive}"
+ cd "$darwin_curdir"
+ $rm "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}"
+ done # $darwin_arches
+ ## Okay now we have a bunch of thin objects, gotta fatten them up :)
+ darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print| xargs basename | sort -u | $NL2SP`
+ darwin_file=
+ darwin_files=
+ for darwin_file in $darwin_filelist; do
+ darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP`
+ lipo -create -output "$darwin_file" $darwin_files
+ done # $darwin_filelist
+ ${rm}r unfat-$$
+ cd "$darwin_orig_dir"
+ else
+ cd "$darwin_orig_dir"
+ func_extract_an_archive "$my_xdir" "$my_xabs"
+ fi # $darwin_arches
+ fi # $run
+ ;;
+ *)
+ func_extract_an_archive "$my_xdir" "$my_xabs"
+ ;;
+ esac
+ my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
+ done
+ func_extract_archives_result="$my_oldobjs"
+}
+# End of Shell function definitions
+#####################################
+
+# Darwin sucks
+eval std_shrext=\"$shrext_cmds\"
+
+# Parse our command line options once, thoroughly.
+while test "$#" -gt 0
+do
+ arg="$1"
+ shift
+
+ case $arg in
+ -*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+ esac
+
+ # If the previous option needs an argument, assign it.
+ if test -n "$prev"; then
+ case $prev in
+ execute_dlfiles)
+ execute_dlfiles="$execute_dlfiles $arg"
+ ;;
+ tag)
+ tagname="$arg"
+ preserve_args="${preserve_args}=$arg"
+
+ # Check whether tagname contains only valid characters
+ case $tagname in
+ *[!-_A-Za-z0-9,/]*)
+ $echo "$progname: invalid tag name: $tagname" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ case $tagname in
+ CC)
+ # Don't test for the "default" C tag, as we know, it's there, but
+ # not specially marked.
+ ;;
+ *)
+ if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "$progpath" > /dev/null; then
+ taglist="$taglist $tagname"
+ # Evaluate the configuration.
+ eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$tagname'$/,/^# ### END LIBTOOL TAG CONFIG: '$tagname'$/p' < $progpath`"
+ else
+ $echo "$progname: ignoring unknown tag $tagname" 1>&2
+ fi
+ ;;
+ esac
+ ;;
+ *)
+ eval "$prev=\$arg"
+ ;;
+ esac
+
+ prev=
+ prevopt=
+ continue
+ fi
+
+ # Have we seen a non-optional argument yet?
+ case $arg in
+ --help)
+ show_help=yes
+ ;;
+
+ --version)
+ $echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP"
+ $echo
+ $echo "Copyright (C) 2005 Free Software Foundation, Inc."
+ $echo "This is free software; see the source for copying conditions. There is NO"
+ $echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+ exit $?
+ ;;
+
+ --config)
+ ${SED} -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $progpath
+ # Now print the configurations for the tags.
+ for tagname in $taglist; do
+ ${SED} -n -e "/^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$/,/^# ### END LIBTOOL TAG CONFIG: $tagname$/p" < "$progpath"
+ done
+ exit $?
+ ;;
+
+ --debug)
+ $echo "$progname: enabling shell trace mode"
+ set -x
+ preserve_args="$preserve_args $arg"
+ ;;
+
+ --dry-run | -n)
+ run=:
+ ;;
+
+ --features)
+ $echo "host: $host"
+ if test "$build_libtool_libs" = yes; then
+ $echo "enable shared libraries"
+ else
+ $echo "disable shared libraries"
+ fi
+ if test "$build_old_libs" = yes; then
+ $echo "enable static libraries"
+ else
+ $echo "disable static libraries"
+ fi
+ exit $?
+ ;;
+
+ --finish) mode="finish" ;;
+
+ --mode) prevopt="--mode" prev=mode ;;
+ --mode=*) mode="$optarg" ;;
+
+ --preserve-dup-deps) duplicate_deps="yes" ;;
+
+ --quiet | --silent)
+ show=:
+ preserve_args="$preserve_args $arg"
+ ;;
+
+ --tag) prevopt="--tag" prev=tag ;;
+ --tag=*)
+ set tag "$optarg" ${1+"$@"}
+ shift
+ prev=tag
+ preserve_args="$preserve_args --tag"
+ ;;
+
+ -dlopen)
+ prevopt="-dlopen"
+ prev=execute_dlfiles
+ ;;
+
+ -*)
+ $echo "$modename: unrecognized option \`$arg'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+
+ *)
+ nonopt="$arg"
+ break
+ ;;
+ esac
+done
+
+if test -n "$prevopt"; then
+ $echo "$modename: option \`$prevopt' requires an argument" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+fi
+
+# If this variable is set in any of the actions, the command in it
+# will be execed at the end. This prevents here-documents from being
+# left over by shells.
+exec_cmd=
+
+if test -z "$show_help"; then
+
+ # Infer the operation mode.
+ if test -z "$mode"; then
+ $echo "*** Warning: inferring the mode of operation is deprecated." 1>&2
+ $echo "*** Future versions of Libtool will require --mode=MODE be specified." 1>&2
+ case $nonopt in
+ *cc | cc* | *++ | gcc* | *-gcc* | g++* | xlc*)
+ mode=link
+ for arg
+ do
+ case $arg in
+ -c)
+ mode=compile
+ break
+ ;;
+ esac
+ done
+ ;;
+ *db | *dbx | *strace | *truss)
+ mode=execute
+ ;;
+ *install*|cp|mv)
+ mode=install
+ ;;
+ *rm)
+ mode=uninstall
+ ;;
+ *)
+ # If we have no mode, but dlfiles were specified, then do execute mode.
+ test -n "$execute_dlfiles" && mode=execute
+
+ # Just use the default operation mode.
+ if test -z "$mode"; then
+ if test -n "$nonopt"; then
+ $echo "$modename: warning: cannot infer operation mode from \`$nonopt'" 1>&2
+ else
+ $echo "$modename: warning: cannot infer operation mode without MODE-ARGS" 1>&2
+ fi
+ fi
+ ;;
+ esac
+ fi
+
+ # Only execute mode is allowed to have -dlopen flags.
+ if test -n "$execute_dlfiles" && test "$mode" != execute; then
+ $echo "$modename: unrecognized option \`-dlopen'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Change the help message to a mode-specific one.
+ generic_help="$help"
+ help="Try \`$modename --help --mode=$mode' for more information."
+
+ # These modes are in order of execution frequency so that they run quickly.
+ case $mode in
+ # libtool compile mode
+ compile)
+ modename="$modename: compile"
+ # Get the compilation command and the source file.
+ base_compile=
+ srcfile="$nonopt" # always keep a non-empty value in "srcfile"
+ suppress_opt=yes
+ suppress_output=
+ arg_mode=normal
+ libobj=
+ later=
+
+ for arg
+ do
+ case "$arg_mode" in
+ arg )
+ # do not "continue". Instead, add this to base_compile
+ lastarg="$arg"
+ arg_mode=normal
+ ;;
+
+ target )
+ libobj="$arg"
+ arg_mode=normal
+ continue
+ ;;
+
+ normal )
+ # Accept any command-line options.
+ case $arg in
+ -o)
+ if test -n "$libobj" ; then
+ $echo "$modename: you cannot specify \`-o' more than once" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ arg_mode=target
+ continue
+ ;;
+
+ -static | -prefer-pic | -prefer-non-pic)
+ later="$later $arg"
+ continue
+ ;;
+
+ -no-suppress)
+ suppress_opt=no
+ continue
+ ;;
+
+ -Xcompiler)
+ arg_mode=arg # the next one goes into the "base_compile" arg list
+ continue # The current "srcfile" will either be retained or
+ ;; # replaced later. I would guess that would be a bug.
+
+ -Wc,*)
+ args=`$echo "X$arg" | $Xsed -e "s/^-Wc,//"`
+ lastarg=
+ save_ifs="$IFS"; IFS=','
+ for arg in $args; do
+ IFS="$save_ifs"
+
+ # Double-quote args containing other shell metacharacters.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, so we specify it separately.
+ case $arg in
+ *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
+ arg="\"$arg\""
+ ;;
+ esac
+ lastarg="$lastarg $arg"
+ done
+ IFS="$save_ifs"
+ lastarg=`$echo "X$lastarg" | $Xsed -e "s/^ //"`
+
+ # Add the arguments to base_compile.
+ base_compile="$base_compile $lastarg"
+ continue
+ ;;
+
+ * )
+ # Accept the current argument as the source file.
+ # The previous "srcfile" becomes the current argument.
+ #
+ lastarg="$srcfile"
+ srcfile="$arg"
+ ;;
+ esac # case $arg
+ ;;
+ esac # case $arg_mode
+
+ # Aesthetically quote the previous argument.
+ lastarg=`$echo "X$lastarg" | $Xsed -e "$sed_quote_subst"`
+
+ case $lastarg in
+ # Double-quote args containing other shell metacharacters.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, and some SunOS ksh mistreat backslash-escaping
+ # in scan sets (worked around with variable expansion),
+ # and furthermore cannot handle '|' '&' '(' ')' in scan sets
+ # at all, so we specify them separately.
+ *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
+ lastarg="\"$lastarg\""
+ ;;
+ esac
+
+ base_compile="$base_compile $lastarg"
+ done # for arg
+
+ case $arg_mode in
+ arg)
+ $echo "$modename: you must specify an argument for -Xcompile"
+ exit $EXIT_FAILURE
+ ;;
+ target)
+ $echo "$modename: you must specify a target with \`-o'" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ *)
+ # Get the name of the library object.
+ [ -z "$libobj" ] && libobj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%'`
+ ;;
+ esac
+
+ # Recognize several different file suffixes.
+ # If the user specifies -o file.o, it is replaced with file.lo
+ xform='[cCFSifmso]'
+ case $libobj in
+ *.ada) xform=ada ;;
+ *.adb) xform=adb ;;
+ *.ads) xform=ads ;;
+ *.asm) xform=asm ;;
+ *.c++) xform=c++ ;;
+ *.cc) xform=cc ;;
+ *.ii) xform=ii ;;
+ *.class) xform=class ;;
+ *.cpp) xform=cpp ;;
+ *.cxx) xform=cxx ;;
+ *.f90) xform=f90 ;;
+ *.for) xform=for ;;
+ *.java) xform=java ;;
+ esac
+
+ libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"`
+
+ case $libobj in
+ *.lo) obj=`$echo "X$libobj" | $Xsed -e "$lo2o"` ;;
+ *)
+ $echo "$modename: cannot determine name of library object from \`$libobj'" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ func_infer_tag $base_compile
+
+ for arg in $later; do
+ case $arg in
+ -static)
+ build_old_libs=yes
+ continue
+ ;;
+
+ -prefer-pic)
+ pic_mode=yes
+ continue
+ ;;
+
+ -prefer-non-pic)
+ pic_mode=no
+ continue
+ ;;
+ esac
+ done
+
+ qlibobj=`$echo "X$libobj" | $Xsed -e "$sed_quote_subst"`
+ case $qlibobj in
+ *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
+ qlibobj="\"$qlibobj\"" ;;
+ esac
+ if test "X$libobj" != "X$qlibobj"; then
+ $echo "$modename: libobj name \`$libobj' may not contain shell special characters."
+ exit $EXIT_FAILURE
+ fi
+ objname=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
+ xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$xdir" = "X$obj"; then
+ xdir=
+ else
+ xdir=$xdir/
+ fi
+ lobj=${xdir}$objdir/$objname
+
+ if test -z "$base_compile"; then
+ $echo "$modename: you must specify a compilation command" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Delete any leftover library objects.
+ if test "$build_old_libs" = yes; then
+ removelist="$obj $lobj $libobj ${libobj}T"
+ else
+ removelist="$lobj $libobj ${libobj}T"
+ fi
+
+ $run $rm $removelist
+ trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15
+
+ # On Cygwin there's no "real" PIC flag so we must build both object types
+ case $host_os in
+ cygwin* | mingw* | pw32* | os2*)
+ pic_mode=default
+ ;;
+ esac
+ if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then
+ # non-PIC code in shared libraries is not supported
+ pic_mode=default
+ fi
+
+ # Calculate the filename of the output object if compiler does
+ # not support -o with -c
+ if test "$compiler_c_o" = no; then
+ output_obj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
+ lockfile="$output_obj.lock"
+ removelist="$removelist $output_obj $lockfile"
+ trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15
+ else
+ output_obj=
+ need_locks=no
+ lockfile=
+ fi
+
+ # Lock this critical section if it is needed
+ # We use this script file to make the link, it avoids creating a new file
+ if test "$need_locks" = yes; then
+ until $run ln "$progpath" "$lockfile" 2>/dev/null; do
+ $show "Waiting for $lockfile to be removed"
+ sleep 2
+ done
+ elif test "$need_locks" = warn; then
+ if test -f "$lockfile"; then
+ $echo "\
+*** ERROR, $lockfile exists and contains:
+`cat $lockfile 2>/dev/null`
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $run $rm $removelist
+ exit $EXIT_FAILURE
+ fi
+ $echo "$srcfile" > "$lockfile"
+ fi
+
+ if test -n "$fix_srcfile_path"; then
+ eval srcfile=\"$fix_srcfile_path\"
+ fi
+ qsrcfile=`$echo "X$srcfile" | $Xsed -e "$sed_quote_subst"`
+ case $qsrcfile in
+ *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
+ qsrcfile="\"$qsrcfile\"" ;;
+ esac
+
+ $run $rm "$libobj" "${libobj}T"
+
+ # Create a libtool object file (analogous to a ".la" file),
+ # but don't create it if we're doing a dry run.
+ test -z "$run" && cat > ${libobj}T <<EOF
+# $libobj - a libtool object file
+# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# Name of the PIC object.
+EOF
+
+ # Only build a PIC object if we are building libtool libraries.
+ if test "$build_libtool_libs" = yes; then
+ # Without this assignment, base_compile gets emptied.
+ fbsd_hideous_sh_bug=$base_compile
+
+ if test "$pic_mode" != no; then
+ command="$base_compile $qsrcfile $pic_flag"
+ else
+ # Don't build PIC code
+ command="$base_compile $qsrcfile"
+ fi
+
+ if test ! -d "${xdir}$objdir"; then
+ $show "$mkdir ${xdir}$objdir"
+ $run $mkdir ${xdir}$objdir
+ status=$?
+ if test "$status" -ne 0 && test ! -d "${xdir}$objdir"; then
+ exit $status
+ fi
+ fi
+
+ if test -z "$output_obj"; then
+ # Place PIC objects in $objdir
+ command="$command -o $lobj"
+ fi
+
+ $run $rm "$lobj" "$output_obj"
+
+ $show "$command"
+ if $run eval "$command"; then :
+ else
+ test -n "$output_obj" && $run $rm $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ if test "$need_locks" = warn &&
+ test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+ $echo "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $run $rm $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ # Just move the object if needed, then go on to compile the next one
+ if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then
+ $show "$mv $output_obj $lobj"
+ if $run $mv $output_obj $lobj; then :
+ else
+ error=$?
+ $run $rm $removelist
+ exit $error
+ fi
+ fi
+
+ # Append the name of the PIC object to the libtool object file.
+ test -z "$run" && cat >> ${libobj}T <<EOF
+pic_object='$objdir/$objname'
+
+EOF
+
+ # Allow error messages only from the first compilation.
+ if test "$suppress_opt" = yes; then
+ suppress_output=' >/dev/null 2>&1'
+ fi
+ else
+ # No PIC object so indicate it doesn't exist in the libtool
+ # object file.
+ test -z "$run" && cat >> ${libobj}T <<EOF
+pic_object=none
+
+EOF
+ fi
+
+ # Only build a position-dependent object if we build old libraries.
+ if test "$build_old_libs" = yes; then
+ if test "$pic_mode" != yes; then
+ # Don't build PIC code
+ command="$base_compile $qsrcfile"
+ else
+ command="$base_compile $qsrcfile $pic_flag"
+ fi
+ if test "$compiler_c_o" = yes; then
+ command="$command -o $obj"
+ fi
+
+ # Suppress compiler output if we already did a PIC compilation.
+ command="$command$suppress_output"
+ $run $rm "$obj" "$output_obj"
+ $show "$command"
+ if $run eval "$command"; then :
+ else
+ $run $rm $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ if test "$need_locks" = warn &&
+ test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+ $echo "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $run $rm $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ # Just move the object if needed
+ if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then
+ $show "$mv $output_obj $obj"
+ if $run $mv $output_obj $obj; then :
+ else
+ error=$?
+ $run $rm $removelist
+ exit $error
+ fi
+ fi
+
+ # Append the name of the non-PIC object the libtool object file.
+ # Only append if the libtool object file exists.
+ test -z "$run" && cat >> ${libobj}T <<EOF
+# Name of the non-PIC object.
+non_pic_object='$objname'
+
+EOF
+ else
+ # Append the name of the non-PIC object the libtool object file.
+ # Only append if the libtool object file exists.
+ test -z "$run" && cat >> ${libobj}T <<EOF
+# Name of the non-PIC object.
+non_pic_object=none
+
+EOF
+ fi
+
+ $run $mv "${libobj}T" "${libobj}"
+
+ # Unlock the critical section if it was locked
+ if test "$need_locks" != no; then
+ $run $rm "$lockfile"
+ fi
+
+ exit $EXIT_SUCCESS
+ ;;
+
+ # libtool link mode
+ link | relink)
+ modename="$modename: link"
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+ # It is impossible to link a dll without this setting, and
+ # we shouldn't force the makefile maintainer to figure out
+ # which system we are compiling for in order to pass an extra
+ # flag for every libtool invocation.
+ # allow_undefined=no
+
+ # FIXME: Unfortunately, there are problems with the above when trying
+ # to make a dll which has undefined symbols, in which case not
+ # even a static library is built. For now, we need to specify
+ # -no-undefined on the libtool link line when we can be certain
+ # that all symbols are satisfied, otherwise we get a static library.
+ allow_undefined=yes
+ ;;
+ *)
+ allow_undefined=yes
+ ;;
+ esac
+ libtool_args="$nonopt"
+ base_compile="$nonopt $@"
+ compile_command="$nonopt"
+ finalize_command="$nonopt"
+
+ compile_rpath=
+ finalize_rpath=
+ compile_shlibpath=
+ finalize_shlibpath=
+ convenience=
+ old_convenience=
+ deplibs=
+ old_deplibs=
+ compiler_flags=
+ linker_flags=
+ dllsearchpath=
+ lib_search_path=`pwd`
+ inst_prefix_dir=
+
+ avoid_version=no
+ dlfiles=
+ dlprefiles=
+ dlself=no
+ export_dynamic=no
+ export_symbols=
+ export_symbols_regex=
+ generated=
+ libobjs=
+ ltlibs=
+ module=no
+ no_install=no
+ objs=
+ non_pic_objects=
+ precious_files_regex=
+ prefer_static_libs=no
+ preload=no
+ prev=
+ prevarg=
+ release=
+ rpath=
+ xrpath=
+ perm_rpath=
+ temp_rpath=
+ thread_safe=no
+ vinfo=
+ vinfo_number=no
+
+ func_infer_tag $base_compile
+
+ # We need to know -static, to get the right output filenames.
+ for arg
+ do
+ case $arg in
+ -all-static | -static)
+ if test "X$arg" = "X-all-static"; then
+ if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
+ $echo "$modename: warning: complete static linking is impossible in this configuration" 1>&2
+ fi
+ if test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ else
+ if test -z "$pic_flag" && test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ fi
+ build_libtool_libs=no
+ build_old_libs=yes
+ prefer_static_libs=yes
+ break
+ ;;
+ esac
+ done
+
+ # See if our shared archives depend on static archives.
+ test -n "$old_archive_from_new_cmds" && build_old_libs=yes
+
+ # Go through the arguments, transforming them on the way.
+ while test "$#" -gt 0; do
+ arg="$1"
+ shift
+ case $arg in
+ *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
+ qarg=\"`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`\" ### testsuite: skip nested quoting test
+ ;;
+ *) qarg=$arg ;;
+ esac
+ libtool_args="$libtool_args $qarg"
+
+ # If the previous option needs an argument, assign it.
+ if test -n "$prev"; then
+ case $prev in
+ output)
+ compile_command="$compile_command @OUTPUT@"
+ finalize_command="$finalize_command @OUTPUT@"
+ ;;
+ esac
+
+ case $prev in
+ dlfiles|dlprefiles)
+ if test "$preload" = no; then
+ # Add the symbol object into the linking commands.
+ compile_command="$compile_command @SYMFILE@"
+ finalize_command="$finalize_command @SYMFILE@"
+ preload=yes
+ fi
+ case $arg in
+ *.la | *.lo) ;; # We handle these cases below.
+ force)
+ if test "$dlself" = no; then
+ dlself=needless
+ export_dynamic=yes
+ fi
+ prev=
+ continue
+ ;;
+ self)
+ if test "$prev" = dlprefiles; then
+ dlself=yes
+ elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then
+ dlself=yes
+ else
+ dlself=needless
+ export_dynamic=yes
+ fi
+ prev=
+ continue
+ ;;
+ *)
+ if test "$prev" = dlfiles; then
+ dlfiles="$dlfiles $arg"
+ else
+ dlprefiles="$dlprefiles $arg"
+ fi
+ prev=
+ continue
+ ;;
+ esac
+ ;;
+ expsyms)
+ export_symbols="$arg"
+ if test ! -f "$arg"; then
+ $echo "$modename: symbol file \`$arg' does not exist"
+ exit $EXIT_FAILURE
+ fi
+ prev=
+ continue
+ ;;
+ expsyms_regex)
+ export_symbols_regex="$arg"
+ prev=
+ continue
+ ;;
+ inst_prefix)
+ inst_prefix_dir="$arg"
+ prev=
+ continue
+ ;;
+ precious_regex)
+ precious_files_regex="$arg"
+ prev=
+ continue
+ ;;
+ release)
+ release="-$arg"
+ prev=
+ continue
+ ;;
+ objectlist)
+ if test -f "$arg"; then
+ save_arg=$arg
+ moreargs=
+ for fil in `cat $save_arg`
+ do
+# moreargs="$moreargs $fil"
+ arg=$fil
+ # A libtool-controlled object.
+
+ # Check to see that this really is a libtool object.
+ if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ pic_object=
+ non_pic_object=
+
+ # Read the .lo file
+ # If there is no directory component, then add one.
+ case $arg in
+ */* | *\\*) . $arg ;;
+ *) . ./$arg ;;
+ esac
+
+ if test -z "$pic_object" || \
+ test -z "$non_pic_object" ||
+ test "$pic_object" = none && \
+ test "$non_pic_object" = none; then
+ $echo "$modename: cannot find name of object for \`$arg'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Extract subdirectory from the argument.
+ xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$xdir" = "X$arg"; then
+ xdir=
+ else
+ xdir="$xdir/"
+ fi
+
+ if test "$pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ pic_object="$xdir$pic_object"
+
+ if test "$prev" = dlfiles; then
+ if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ dlfiles="$dlfiles $pic_object"
+ prev=
+ continue
+ else
+ # If libtool objects are unsupported, then we need to preload.
+ prev=dlprefiles
+ fi
+ fi
+
+ # CHECK ME: I think I busted this. -Ossama
+ if test "$prev" = dlprefiles; then
+ # Preload the old-style object.
+ dlprefiles="$dlprefiles $pic_object"
+ prev=
+ fi
+
+ # A PIC object.
+ libobjs="$libobjs $pic_object"
+ arg="$pic_object"
+ fi
+
+ # Non-PIC object.
+ if test "$non_pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ non_pic_object="$xdir$non_pic_object"
+
+ # A standard non-PIC object
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ if test -z "$pic_object" || test "$pic_object" = none ; then
+ arg="$non_pic_object"
+ fi
+ fi
+ else
+ # Only an error if not doing a dry-run.
+ if test -z "$run"; then
+ $echo "$modename: \`$arg' is not a valid libtool object" 1>&2
+ exit $EXIT_FAILURE
+ else
+ # Dry-run case.
+
+ # Extract subdirectory from the argument.
+ xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$xdir" = "X$arg"; then
+ xdir=
+ else
+ xdir="$xdir/"
+ fi
+
+ pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"`
+ non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"`
+ libobjs="$libobjs $pic_object"
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ fi
+ fi
+ done
+ else
+ $echo "$modename: link input file \`$save_arg' does not exist"
+ exit $EXIT_FAILURE
+ fi
+ arg=$save_arg
+ prev=
+ continue
+ ;;
+ rpath | xrpath)
+ # We need an absolute path.
+ case $arg in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ $echo "$modename: only absolute run-paths are allowed" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+ if test "$prev" = rpath; then
+ case "$rpath " in
+ *" $arg "*) ;;
+ *) rpath="$rpath $arg" ;;
+ esac
+ else
+ case "$xrpath " in
+ *" $arg "*) ;;
+ *) xrpath="$xrpath $arg" ;;
+ esac
+ fi
+ prev=
+ continue
+ ;;
+ xcompiler)
+ compiler_flags="$compiler_flags $qarg"
+ prev=
+ compile_command="$compile_command $qarg"
+ finalize_command="$finalize_command $qarg"
+ continue
+ ;;
+ xlinker)
+ linker_flags="$linker_flags $qarg"
+ compiler_flags="$compiler_flags $wl$qarg"
+ prev=
+ compile_command="$compile_command $wl$qarg"
+ finalize_command="$finalize_command $wl$qarg"
+ continue
+ ;;
+ xcclinker)
+ linker_flags="$linker_flags $qarg"
+ compiler_flags="$compiler_flags $qarg"
+ prev=
+ compile_command="$compile_command $qarg"
+ finalize_command="$finalize_command $qarg"
+ continue
+ ;;
+ shrext)
+ shrext_cmds="$arg"
+ prev=
+ continue
+ ;;
+ darwin_framework)
+ compiler_flags="$compiler_flags $arg"
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ prev=
+ continue
+ ;;
+ *)
+ eval "$prev=\"\$arg\""
+ prev=
+ continue
+ ;;
+ esac
+ fi # test -n "$prev"
+
+ prevarg="$arg"
+
+ case $arg in
+ -all-static)
+ if test -n "$link_static_flag"; then
+ compile_command="$compile_command $link_static_flag"
+ finalize_command="$finalize_command $link_static_flag"
+ fi
+ continue
+ ;;
+
+ -allow-undefined)
+ # FIXME: remove this flag sometime in the future.
+ $echo "$modename: \`-allow-undefined' is deprecated because it is the default" 1>&2
+ continue
+ ;;
+
+ -avoid-version)
+ avoid_version=yes
+ continue
+ ;;
+
+ -dlopen)
+ prev=dlfiles
+ continue
+ ;;
+
+ -dlpreopen)
+ prev=dlprefiles
+ continue
+ ;;
+
+ -export-dynamic)
+ export_dynamic=yes
+ continue
+ ;;
+
+ -export-symbols | -export-symbols-regex)
+ if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
+ $echo "$modename: more than one -exported-symbols argument is not allowed"
+ exit $EXIT_FAILURE
+ fi
+ if test "X$arg" = "X-export-symbols"; then
+ prev=expsyms
+ else
+ prev=expsyms_regex
+ fi
+ continue
+ ;;
+
+ -framework)
+ prev=darwin_framework
+ compiler_flags="$compiler_flags $arg"
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ continue
+ ;;
+
+ -inst-prefix-dir)
+ prev=inst_prefix
+ continue
+ ;;
+
+ # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
+ # so, if we see these flags be careful not to treat them like -L
+ -L[A-Z][A-Z]*:*)
+ case $with_gcc/$host in
+ no/*-*-irix* | /*-*-irix*)
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ ;;
+ esac
+ continue
+ ;;
+
+ -L*)
+ dir=`$echo "X$arg" | $Xsed -e 's/^-L//'`
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ absdir=`cd "$dir" && pwd`
+ if test -z "$absdir"; then
+ $echo "$modename: cannot determine absolute directory name of \`$dir'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ dir="$absdir"
+ ;;
+ esac
+ case "$deplibs " in
+ *" -L$dir "*) ;;
+ *)
+ deplibs="$deplibs -L$dir"
+ lib_search_path="$lib_search_path $dir"
+ ;;
+ esac
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+ case :$dllsearchpath: in
+ *":$dir:"*) ;;
+ *) dllsearchpath="$dllsearchpath:$dir";;
+ esac
+ ;;
+ esac
+ continue
+ ;;
+
+ -l*)
+ if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
+ case $host in
+ *-*-cygwin* | *-*-pw32* | *-*-beos*)
+ # These systems don't actually have a C or math library (as such)
+ continue
+ ;;
+ *-*-mingw* | *-*-os2*)
+ # These systems don't actually have a C library (as such)
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc due to us having libc/libc_r.
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # Rhapsody C and math libraries are in the System framework
+ deplibs="$deplibs -framework System"
+ continue
+ esac
+ elif test "X$arg" = "X-lc_r"; then
+ case $host in
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc_r directly, use -pthread flag.
+ continue
+ ;;
+ esac
+ fi
+ deplibs="$deplibs $arg"
+ continue
+ ;;
+
+ # Tru64 UNIX uses -model [arg] to determine the layout of C++
+ # classes, name mangling, and exception handling.
+ -model)
+ compile_command="$compile_command $arg"
+ compiler_flags="$compiler_flags $arg"
+ finalize_command="$finalize_command $arg"
+ prev=xcompiler
+ continue
+ ;;
+
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe)
+ compiler_flags="$compiler_flags $arg"
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ continue
+ ;;
+
+ -module)
+ module=yes
+ continue
+ ;;
+
+ # -64, -mips[0-9] enable 64-bit mode on the SGI compiler
+ # -r[0-9][0-9]* specifies the processor on the SGI compiler
+ # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler
+ # +DA*, +DD* enable 64-bit mode on the HP compiler
+ # -q* pass through compiler args for the IBM compiler
+ # -m* pass through architecture-specific compiler args for GCC
+ -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*)
+
+ # Unknown arguments in both finalize_command and compile_command need
+ # to be aesthetically quoted because they are evaled later.
+ arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
+ arg="\"$arg\""
+ ;;
+ esac
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ if test "$with_gcc" = "yes" ; then
+ compiler_flags="$compiler_flags $arg"
+ fi
+ continue
+ ;;
+
+ -shrext)
+ prev=shrext
+ continue
+ ;;
+
+ -no-fast-install)
+ fast_install=no
+ continue
+ ;;
+
+ -no-install)
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+ # The PATH hackery in wrapper scripts is required on Windows
+ # in order for the loader to find any dlls it needs.
+ $echo "$modename: warning: \`-no-install' is ignored for $host" 1>&2
+ $echo "$modename: warning: assuming \`-no-fast-install' instead" 1>&2
+ fast_install=no
+ ;;
+ *) no_install=yes ;;
+ esac
+ continue
+ ;;
+
+ -no-undefined)
+ allow_undefined=no
+ continue
+ ;;
+
+ -objectlist)
+ prev=objectlist
+ continue
+ ;;
+
+ -o) prev=output ;;
+
+ -precious-files-regex)
+ prev=precious_regex
+ continue
+ ;;
+
+ -release)
+ prev=release
+ continue
+ ;;
+
+ -rpath)
+ prev=rpath
+ continue
+ ;;
+
+ -R)
+ prev=xrpath
+ continue
+ ;;
+
+ -R*)
+ dir=`$echo "X$arg" | $Xsed -e 's/^-R//'`
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ $echo "$modename: only absolute run-paths are allowed" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+ case "$xrpath " in
+ *" $dir "*) ;;
+ *) xrpath="$xrpath $dir" ;;
+ esac
+ continue
+ ;;
+
+ -static)
+ # The effects of -static are defined in a previous loop.
+ # We used to do the same as -all-static on platforms that
+ # didn't have a PIC flag, but the assumption that the effects
+ # would be equivalent was wrong. It would break on at least
+ # Digital Unix and AIX.
+ continue
+ ;;
+
+ -thread-safe)
+ thread_safe=yes
+ continue
+ ;;
+
+ -version-info)
+ prev=vinfo
+ continue
+ ;;
+ -version-number)
+ prev=vinfo
+ vinfo_number=yes
+ continue
+ ;;
+
+ -Wc,*)
+ args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wc,//'`
+ arg=
+ save_ifs="$IFS"; IFS=','
+ for flag in $args; do
+ IFS="$save_ifs"
+ case $flag in
+ *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
+ flag="\"$flag\""
+ ;;
+ esac
+ arg="$arg $wl$flag"
+ compiler_flags="$compiler_flags $flag"
+ done
+ IFS="$save_ifs"
+ arg=`$echo "X$arg" | $Xsed -e "s/^ //"`
+ ;;
+
+ -Wl,*)
+ args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wl,//'`
+ arg=
+ save_ifs="$IFS"; IFS=','
+ for flag in $args; do
+ IFS="$save_ifs"
+ case $flag in
+ *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
+ flag="\"$flag\""
+ ;;
+ esac
+ arg="$arg $wl$flag"
+ compiler_flags="$compiler_flags $wl$flag"
+ linker_flags="$linker_flags $flag"
+ done
+ IFS="$save_ifs"
+ arg=`$echo "X$arg" | $Xsed -e "s/^ //"`
+ ;;
+
+ -Xcompiler)
+ prev=xcompiler
+ continue
+ ;;
+
+ -Xlinker)
+ prev=xlinker
+ continue
+ ;;
+
+ -XCClinker)
+ prev=xcclinker
+ continue
+ ;;
+
+ # Some other compiler flag.
+ -* | +*)
+ # Unknown arguments in both finalize_command and compile_command need
+ # to be aesthetically quoted because they are evaled later.
+ arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
+ arg="\"$arg\""
+ ;;
+ esac
+ ;;
+
+ *.$objext)
+ # A standard object.
+ objs="$objs $arg"
+ ;;
+
+ *.lo)
+ # A libtool-controlled object.
+
+ # Check to see that this really is a libtool object.
+ if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ pic_object=
+ non_pic_object=
+
+ # Read the .lo file
+ # If there is no directory component, then add one.
+ case $arg in
+ */* | *\\*) . $arg ;;
+ *) . ./$arg ;;
+ esac
+
+ if test -z "$pic_object" || \
+ test -z "$non_pic_object" ||
+ test "$pic_object" = none && \
+ test "$non_pic_object" = none; then
+ $echo "$modename: cannot find name of object for \`$arg'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Extract subdirectory from the argument.
+ xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$xdir" = "X$arg"; then
+ xdir=
+ else
+ xdir="$xdir/"
+ fi
+
+ if test "$pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ pic_object="$xdir$pic_object"
+
+ if test "$prev" = dlfiles; then
+ if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ dlfiles="$dlfiles $pic_object"
+ prev=
+ continue
+ else
+ # If libtool objects are unsupported, then we need to preload.
+ prev=dlprefiles
+ fi
+ fi
+
+ # CHECK ME: I think I busted this. -Ossama
+ if test "$prev" = dlprefiles; then
+ # Preload the old-style object.
+ dlprefiles="$dlprefiles $pic_object"
+ prev=
+ fi
+
+ # A PIC object.
+ libobjs="$libobjs $pic_object"
+ arg="$pic_object"
+ fi
+
+ # Non-PIC object.
+ if test "$non_pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ non_pic_object="$xdir$non_pic_object"
+
+ # A standard non-PIC object
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ if test -z "$pic_object" || test "$pic_object" = none ; then
+ arg="$non_pic_object"
+ fi
+ fi
+ else
+ # Only an error if not doing a dry-run.
+ if test -z "$run"; then
+ $echo "$modename: \`$arg' is not a valid libtool object" 1>&2
+ exit $EXIT_FAILURE
+ else
+ # Dry-run case.
+
+ # Extract subdirectory from the argument.
+ xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$xdir" = "X$arg"; then
+ xdir=
+ else
+ xdir="$xdir/"
+ fi
+
+ pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"`
+ non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"`
+ libobjs="$libobjs $pic_object"
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ fi
+ fi
+ ;;
+
+ *.$libext)
+ # An archive.
+ deplibs="$deplibs $arg"
+ old_deplibs="$old_deplibs $arg"
+ continue
+ ;;
+
+ *.la)
+ # A libtool-controlled library.
+
+ if test "$prev" = dlfiles; then
+ # This library was specified with -dlopen.
+ dlfiles="$dlfiles $arg"
+ prev=
+ elif test "$prev" = dlprefiles; then
+ # The library was specified with -dlpreopen.
+ dlprefiles="$dlprefiles $arg"
+ prev=
+ else
+ deplibs="$deplibs $arg"
+ fi
+ continue
+ ;;
+
+ # Some other compiler argument.
+ *)
+ # Unknown arguments in both finalize_command and compile_command need
+ # to be aesthetically quoted because they are evaled later.
+ arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
+ arg="\"$arg\""
+ ;;
+ esac
+ ;;
+ esac # arg
+
+ # Now actually substitute the argument into the commands.
+ if test -n "$arg"; then
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ fi
+ done # argument parsing loop
+
+ if test -n "$prev"; then
+ $echo "$modename: the \`$prevarg' option requires an argument" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then
+ eval arg=\"$export_dynamic_flag_spec\"
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ fi
+
+ oldlibs=
+ # calculate the name of the file, without its directory
+ outputname=`$echo "X$output" | $Xsed -e 's%^.*/%%'`
+ libobjs_save="$libobjs"
+
+ if test -n "$shlibpath_var"; then
+ # get the directories listed in $shlibpath_var
+ eval shlib_search_path=\`\$echo \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\`
+ else
+ shlib_search_path=
+ fi
+ eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
+ eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
+
+ output_objdir=`$echo "X$output" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$output_objdir" = "X$output"; then
+ output_objdir="$objdir"
+ else
+ output_objdir="$output_objdir/$objdir"
+ fi
+ # Create the object directory.
+ if test ! -d "$output_objdir"; then
+ $show "$mkdir $output_objdir"
+ $run $mkdir $output_objdir
+ status=$?
+ if test "$status" -ne 0 && test ! -d "$output_objdir"; then
+ exit $status
+ fi
+ fi
+
+ # Determine the type of output
+ case $output in
+ "")
+ $echo "$modename: you must specify an output file" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ *.$libext) linkmode=oldlib ;;
+ *.lo | *.$objext) linkmode=obj ;;
+ *.la) linkmode=lib ;;
+ *) linkmode=prog ;; # Anything else should be a program.
+ esac
+
+ case $host in
+ *cygwin* | *mingw* | *pw32*)
+ # don't eliminate duplications in $postdeps and $predeps
+ duplicate_compiler_generated_deps=yes
+ ;;
+ *)
+ duplicate_compiler_generated_deps=$duplicate_deps
+ ;;
+ esac
+ specialdeplibs=
+
+ libs=
+ # Find all interdependent deplibs by searching for libraries
+ # that are linked more than once (e.g. -la -lb -la)
+ for deplib in $deplibs; do
+ if test "X$duplicate_deps" = "Xyes" ; then
+ case "$libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ libs="$libs $deplib"
+ done
+
+ if test "$linkmode" = lib; then
+ libs="$predeps $libs $compiler_lib_search_path $postdeps"
+
+ # Compute libraries that are listed more than once in $predeps
+ # $postdeps and mark them as special (i.e., whose duplicates are
+ # not to be eliminated).
+ pre_post_deps=
+ if test "X$duplicate_compiler_generated_deps" = "Xyes" ; then
+ for pre_post_dep in $predeps $postdeps; do
+ case "$pre_post_deps " in
+ *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;;
+ esac
+ pre_post_deps="$pre_post_deps $pre_post_dep"
+ done
+ fi
+ pre_post_deps=
+ fi
+
+ deplibs=
+ newdependency_libs=
+ newlib_search_path=
+ need_relink=no # whether we're linking any uninstalled libtool libraries
+ notinst_deplibs= # not-installed libtool libraries
+ notinst_path= # paths that contain not-installed libtool libraries
+ case $linkmode in
+ lib)
+ passes="conv link"
+ for file in $dlfiles $dlprefiles; do
+ case $file in
+ *.la) ;;
+ *)
+ $echo "$modename: libraries can \`-dlopen' only libtool libraries: $file" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+ done
+ ;;
+ prog)
+ compile_deplibs=
+ finalize_deplibs=
+ alldeplibs=no
+ newdlfiles=
+ newdlprefiles=
+ passes="conv scan dlopen dlpreopen link"
+ ;;
+ *) passes="conv"
+ ;;
+ esac
+ for pass in $passes; do
+ if test "$linkmode,$pass" = "lib,link" ||
+ test "$linkmode,$pass" = "prog,scan"; then
+ libs="$deplibs"
+ deplibs=
+ fi
+ if test "$linkmode" = prog; then
+ case $pass in
+ dlopen) libs="$dlfiles" ;;
+ dlpreopen) libs="$dlprefiles" ;;
+ link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
+ esac
+ fi
+ if test "$pass" = dlopen; then
+ # Collect dlpreopened libraries
+ save_deplibs="$deplibs"
+ deplibs=
+ fi
+ for deplib in $libs; do
+ lib=
+ found=no
+ case $deplib in
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe)
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ compiler_flags="$compiler_flags $deplib"
+ fi
+ continue
+ ;;
+ -l*)
+ if test "$linkmode" != lib && test "$linkmode" != prog; then
+ $echo "$modename: warning: \`-l' is ignored for archives/objects" 1>&2
+ continue
+ fi
+ name=`$echo "X$deplib" | $Xsed -e 's/^-l//'`
+ for searchdir in $newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path; do
+ for search_ext in .la $std_shrext .so .a; do
+ # Search the libtool library
+ lib="$searchdir/lib${name}${search_ext}"
+ if test -f "$lib"; then
+ if test "$search_ext" = ".la"; then
+ found=yes
+ else
+ found=no
+ fi
+ break 2
+ fi
+ done
+ done
+ if test "$found" != yes; then
+ # deplib doesn't seem to be a libtool library
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+ fi
+ continue
+ else # deplib is a libtool library
+ # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib,
+ # We need to do some special things here, and not later.
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $deplib "*)
+ if (${SED} -e '2q' $lib |
+ grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ library_names=
+ old_library=
+ case $lib in
+ */* | *\\*) . $lib ;;
+ *) . ./$lib ;;
+ esac
+ for l in $old_library $library_names; do
+ ll="$l"
+ done
+ if test "X$ll" = "X$old_library" ; then # only static version available
+ found=no
+ ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$ladir" = "X$lib" && ladir="."
+ lib=$ladir/$old_library
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+ fi
+ continue
+ fi
+ fi
+ ;;
+ *) ;;
+ esac
+ fi
+ fi
+ ;; # -l
+ -L*)
+ case $linkmode in
+ lib)
+ deplibs="$deplib $deplibs"
+ test "$pass" = conv && continue
+ newdependency_libs="$deplib $newdependency_libs"
+ newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
+ ;;
+ prog)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ continue
+ fi
+ if test "$pass" = scan; then
+ deplibs="$deplib $deplibs"
+ else
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ fi
+ newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
+ ;;
+ *)
+ $echo "$modename: warning: \`-L' is ignored for archives/objects" 1>&2
+ ;;
+ esac # linkmode
+ continue
+ ;; # -L
+ -R*)
+ if test "$pass" = link; then
+ dir=`$echo "X$deplib" | $Xsed -e 's/^-R//'`
+ # Make sure the xrpath contains only unique directories.
+ case "$xrpath " in
+ *" $dir "*) ;;
+ *) xrpath="$xrpath $dir" ;;
+ esac
+ fi
+ deplibs="$deplib $deplibs"
+ continue
+ ;;
+ *.la) lib="$deplib" ;;
+ *.$libext)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ continue
+ fi
+ case $linkmode in
+ lib)
+ valid_a_lib=no
+ case $deplibs_check_method in
+ match_pattern*)
+ set dummy $deplibs_check_method
+ match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
+ if eval $echo \"$deplib\" 2>/dev/null \
+ | $SED 10q \
+ | $EGREP "$match_pattern_regex" > /dev/null; then
+ valid_a_lib=yes
+ fi
+ ;;
+ pass_all)
+ valid_a_lib=yes
+ ;;
+ esac
+ if test "$valid_a_lib" != yes; then
+ $echo
+ $echo "*** Warning: Trying to link with static lib archive $deplib."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which you do not appear to have"
+ $echo "*** because the file extensions .$libext of this argument makes me believe"
+ $echo "*** that it is just a static archive that I should not used here."
+ else
+ $echo
+ $echo "*** Warning: Linking the shared library $output against the"
+ $echo "*** static library $deplib is not portable!"
+ deplibs="$deplib $deplibs"
+ fi
+ continue
+ ;;
+ prog)
+ if test "$pass" != link; then
+ deplibs="$deplib $deplibs"
+ else
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ fi
+ continue
+ ;;
+ esac # linkmode
+ ;; # *.$libext
+ *.lo | *.$objext)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ elif test "$linkmode" = prog; then
+ if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
+ # If there is no dlopen support or we're linking statically,
+ # we need to preload.
+ newdlprefiles="$newdlprefiles $deplib"
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ newdlfiles="$newdlfiles $deplib"
+ fi
+ fi
+ continue
+ ;;
+ %DEPLIBS%)
+ alldeplibs=yes
+ continue
+ ;;
+ esac # case $deplib
+ if test "$found" = yes || test -f "$lib"; then :
+ else
+ $echo "$modename: cannot find the library \`$lib'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Check to see that this really is a libtool archive.
+ if (${SED} -e '2q' $lib | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
+ else
+ $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$ladir" = "X$lib" && ladir="."
+
+ dlname=
+ dlopen=
+ dlpreopen=
+ libdir=
+ library_names=
+ old_library=
+ # If the library was installed with an old release of libtool,
+ # it will not redefine variables installed, or shouldnotlink
+ installed=yes
+ shouldnotlink=no
+ avoidtemprpath=
+
+
+ # Read the .la file
+ case $lib in
+ */* | *\\*) . $lib ;;
+ *) . ./$lib ;;
+ esac
+
+ if test "$linkmode,$pass" = "lib,link" ||
+ test "$linkmode,$pass" = "prog,scan" ||
+ { test "$linkmode" != prog && test "$linkmode" != lib; }; then
+ test -n "$dlopen" && dlfiles="$dlfiles $dlopen"
+ test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen"
+ fi
+
+ if test "$pass" = conv; then
+ # Only check for convenience libraries
+ deplibs="$lib $deplibs"
+ if test -z "$libdir"; then
+ if test -z "$old_library"; then
+ $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ # It is a libtool convenience library, so add in its objects.
+ convenience="$convenience $ladir/$objdir/$old_library"
+ old_convenience="$old_convenience $ladir/$objdir/$old_library"
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ deplibs="$deplib $deplibs"
+ if test "X$duplicate_deps" = "Xyes" ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done
+ elif test "$linkmode" != prog && test "$linkmode" != lib; then
+ $echo "$modename: \`$lib' is not a convenience library" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ continue
+ fi # $pass = conv
+
+
+ # Get the name of the library we link against.
+ linklib=
+ for l in $old_library $library_names; do
+ linklib="$l"
+ done
+ if test -z "$linklib"; then
+ $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # This library was specified with -dlopen.
+ if test "$pass" = dlopen; then
+ if test -z "$libdir"; then
+ $echo "$modename: cannot -dlopen a convenience library: \`$lib'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ if test -z "$dlname" ||
+ test "$dlopen_support" != yes ||
+ test "$build_libtool_libs" = no; then
+ # If there is no dlname, no dlopen support or we're linking
+ # statically, we need to preload. We also need to preload any
+ # dependent libraries so libltdl's deplib preloader doesn't
+ # bomb out in the load deplibs phase.
+ dlprefiles="$dlprefiles $lib $dependency_libs"
+ else
+ newdlfiles="$newdlfiles $lib"
+ fi
+ continue
+ fi # $pass = dlopen
+
+ # We need an absolute path.
+ case $ladir in
+ [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;;
+ *)
+ abs_ladir=`cd "$ladir" && pwd`
+ if test -z "$abs_ladir"; then
+ $echo "$modename: warning: cannot determine absolute directory name of \`$ladir'" 1>&2
+ $echo "$modename: passing it literally to the linker, although it might fail" 1>&2
+ abs_ladir="$ladir"
+ fi
+ ;;
+ esac
+ laname=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
+
+ # Find the relevant object directory and library name.
+ if test "X$installed" = Xyes; then
+ if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+ $echo "$modename: warning: library \`$lib' was moved." 1>&2
+ dir="$ladir"
+ absdir="$abs_ladir"
+ libdir="$abs_ladir"
+ else
+ dir="$libdir"
+ absdir="$libdir"
+ fi
+ test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes
+ else
+ if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+ dir="$ladir"
+ absdir="$abs_ladir"
+ # Remove this search path later
+ notinst_path="$notinst_path $abs_ladir"
+ else
+ dir="$ladir/$objdir"
+ absdir="$abs_ladir/$objdir"
+ # Remove this search path later
+ notinst_path="$notinst_path $abs_ladir"
+ fi
+ fi # $installed = yes
+ name=`$echo "X$laname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
+
+ # This library was specified with -dlpreopen.
+ if test "$pass" = dlpreopen; then
+ if test -z "$libdir"; then
+ $echo "$modename: cannot -dlpreopen a convenience library: \`$lib'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ # Prefer using a static library (so that no silly _DYNAMIC symbols
+ # are required to link).
+ if test -n "$old_library"; then
+ newdlprefiles="$newdlprefiles $dir/$old_library"
+ # Otherwise, use the dlname, so that lt_dlopen finds it.
+ elif test -n "$dlname"; then
+ newdlprefiles="$newdlprefiles $dir/$dlname"
+ else
+ newdlprefiles="$newdlprefiles $dir/$linklib"
+ fi
+ fi # $pass = dlpreopen
+
+ if test -z "$libdir"; then
+ # Link the convenience library
+ if test "$linkmode" = lib; then
+ deplibs="$dir/$old_library $deplibs"
+ elif test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$dir/$old_library $compile_deplibs"
+ finalize_deplibs="$dir/$old_library $finalize_deplibs"
+ else
+ deplibs="$lib $deplibs" # used for prog,scan pass
+ fi
+ continue
+ fi
+
+
+ if test "$linkmode" = prog && test "$pass" != link; then
+ newlib_search_path="$newlib_search_path $ladir"
+ deplibs="$lib $deplibs"
+
+ linkalldeplibs=no
+ if test "$link_all_deplibs" != no || test -z "$library_names" ||
+ test "$build_libtool_libs" = no; then
+ linkalldeplibs=yes
+ fi
+
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ case $deplib in
+ -L*) newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`;; ### testsuite: skip nested quoting test
+ esac
+ # Need to link against all dependency_libs?
+ if test "$linkalldeplibs" = yes; then
+ deplibs="$deplib $deplibs"
+ else
+ # Need to hardcode shared library paths
+ # or/and link against static libraries
+ newdependency_libs="$deplib $newdependency_libs"
+ fi
+ if test "X$duplicate_deps" = "Xyes" ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done # for deplib
+ continue
+ fi # $linkmode = prog...
+
+ if test "$linkmode,$pass" = "prog,link"; then
+ if test -n "$library_names" &&
+ { test "$prefer_static_libs" = no || test -z "$old_library"; }; then
+ # We need to hardcode the library path
+ if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then
+ # Make sure the rpath contains only unique directories.
+ case "$temp_rpath " in
+ *" $dir "*) ;;
+ *" $absdir "*) ;;
+ *) temp_rpath="$temp_rpath $dir" ;;
+ esac
+ fi
+
+ # Hardcode the library path.
+ # Skip directories that are in the system default run-time
+ # search path.
+ case " $sys_lib_dlsearch_path " in
+ *" $absdir "*) ;;
+ *)
+ case "$compile_rpath " in
+ *" $absdir "*) ;;
+ *) compile_rpath="$compile_rpath $absdir"
+ esac
+ ;;
+ esac
+ case " $sys_lib_dlsearch_path " in
+ *" $libdir "*) ;;
+ *)
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir"
+ esac
+ ;;
+ esac
+ fi # $linkmode,$pass = prog,link...
+
+ if test "$alldeplibs" = yes &&
+ { test "$deplibs_check_method" = pass_all ||
+ { test "$build_libtool_libs" = yes &&
+ test -n "$library_names"; }; }; then
+ # We only need to search for static libraries
+ continue
+ fi
+ fi
+
+ link_static=no # Whether the deplib will be linked statically
+ if test -n "$library_names" &&
+ { test "$prefer_static_libs" = no || test -z "$old_library"; }; then
+ if test "$installed" = no; then
+ notinst_deplibs="$notinst_deplibs $lib"
+ need_relink=yes
+ fi
+ # This is a shared library
+
+ # Warn about portability, can't link against -module's on
+ # some systems (darwin)
+ if test "$shouldnotlink" = yes && test "$pass" = link ; then
+ $echo
+ if test "$linkmode" = prog; then
+ $echo "*** Warning: Linking the executable $output against the loadable module"
+ else
+ $echo "*** Warning: Linking the shared library $output against the loadable module"
+ fi
+ $echo "*** $linklib is not portable!"
+ fi
+ if test "$linkmode" = lib &&
+ test "$hardcode_into_libs" = yes; then
+ # Hardcode the library path.
+ # Skip directories that are in the system default run-time
+ # search path.
+ case " $sys_lib_dlsearch_path " in
+ *" $absdir "*) ;;
+ *)
+ case "$compile_rpath " in
+ *" $absdir "*) ;;
+ *) compile_rpath="$compile_rpath $absdir"
+ esac
+ ;;
+ esac
+ case " $sys_lib_dlsearch_path " in
+ *" $libdir "*) ;;
+ *)
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir"
+ esac
+ ;;
+ esac
+ fi
+
+ if test -n "$old_archive_from_expsyms_cmds"; then
+ # figure out the soname
+ set dummy $library_names
+ realname="$2"
+ shift; shift
+ libname=`eval \\$echo \"$libname_spec\"`
+ # use dlname if we got it. it's perfectly good, no?
+ if test -n "$dlname"; then
+ soname="$dlname"
+ elif test -n "$soname_spec"; then
+ # bleh windows
+ case $host in
+ *cygwin* | mingw*)
+ major=`expr $current - $age`
+ versuffix="-$major"
+ ;;
+ esac
+ eval soname=\"$soname_spec\"
+ else
+ soname="$realname"
+ fi
+
+ # Make a new name for the extract_expsyms_cmds to use
+ soroot="$soname"
+ soname=`$echo $soroot | ${SED} -e 's/^.*\///'`
+ newlib="libimp-`$echo $soname | ${SED} 's/^lib//;s/\.dll$//'`.a"
+
+ # If the library has no export list, then create one now
+ if test -f "$output_objdir/$soname-def"; then :
+ else
+ $show "extracting exported symbol list from \`$soname'"
+ save_ifs="$IFS"; IFS='~'
+ cmds=$extract_expsyms_cmds
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ fi
+
+ # Create $newlib
+ if test -f "$output_objdir/$newlib"; then :; else
+ $show "generating import library for \`$soname'"
+ save_ifs="$IFS"; IFS='~'
+ cmds=$old_archive_from_expsyms_cmds
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ fi
+ # make sure the library variables are pointing to the new library
+ dir=$output_objdir
+ linklib=$newlib
+ fi # test -n "$old_archive_from_expsyms_cmds"
+
+ if test "$linkmode" = prog || test "$mode" != relink; then
+ add_shlibpath=
+ add_dir=
+ add=
+ lib_linked=yes
+ case $hardcode_action in
+ immediate | unsupported)
+ if test "$hardcode_direct" = no; then
+ add="$dir/$linklib"
+ case $host in
+ *-*-sco3.2v5* ) add_dir="-L$dir" ;;
+ *-*-darwin* )
+ # if the lib is a module then we can not link against
+ # it, someone is ignoring the new warnings I added
+ if /usr/bin/file -L $add 2> /dev/null | $EGREP "bundle" >/dev/null ; then
+ $echo "** Warning, lib $linklib is a module, not a shared library"
+ if test -z "$old_library" ; then
+ $echo
+ $echo "** And there doesn't seem to be a static archive available"
+ $echo "** The link will probably fail, sorry"
+ else
+ add="$dir/$old_library"
+ fi
+ fi
+ esac
+ elif test "$hardcode_minus_L" = no; then
+ case $host in
+ *-*-sunos*) add_shlibpath="$dir" ;;
+ esac
+ add_dir="-L$dir"
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = no; then
+ add_shlibpath="$dir"
+ add="-l$name"
+ else
+ lib_linked=no
+ fi
+ ;;
+ relink)
+ if test "$hardcode_direct" = yes; then
+ add="$dir/$linklib"
+ elif test "$hardcode_minus_L" = yes; then
+ add_dir="-L$dir"
+ # Try looking first in the location we're being installed to.
+ if test -n "$inst_prefix_dir"; then
+ case "$libdir" in
+ [\\/]*)
+ add_dir="$add_dir -L$inst_prefix_dir$libdir"
+ ;;
+ esac
+ fi
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = yes; then
+ add_shlibpath="$dir"
+ add="-l$name"
+ else
+ lib_linked=no
+ fi
+ ;;
+ *) lib_linked=no ;;
+ esac
+
+ if test "$lib_linked" != yes; then
+ $echo "$modename: configuration error: unsupported hardcode properties"
+ exit $EXIT_FAILURE
+ fi
+
+ if test -n "$add_shlibpath"; then
+ case :$compile_shlibpath: in
+ *":$add_shlibpath:"*) ;;
+ *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;;
+ esac
+ fi
+ if test "$linkmode" = prog; then
+ test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
+ test -n "$add" && compile_deplibs="$add $compile_deplibs"
+ else
+ test -n "$add_dir" && deplibs="$add_dir $deplibs"
+ test -n "$add" && deplibs="$add $deplibs"
+ if test "$hardcode_direct" != yes && \
+ test "$hardcode_minus_L" != yes && \
+ test "$hardcode_shlibpath_var" = yes; then
+ case :$finalize_shlibpath: in
+ *":$libdir:"*) ;;
+ *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+ esac
+ fi
+ fi
+ fi
+
+ if test "$linkmode" = prog || test "$mode" = relink; then
+ add_shlibpath=
+ add_dir=
+ add=
+ # Finalize command for both is simple: just hardcode it.
+ if test "$hardcode_direct" = yes; then
+ add="$libdir/$linklib"
+ elif test "$hardcode_minus_L" = yes; then
+ add_dir="-L$libdir"
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = yes; then
+ case :$finalize_shlibpath: in
+ *":$libdir:"*) ;;
+ *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+ esac
+ add="-l$name"
+ elif test "$hardcode_automatic" = yes; then
+ if test -n "$inst_prefix_dir" &&
+ test -f "$inst_prefix_dir$libdir/$linklib" ; then
+ add="$inst_prefix_dir$libdir/$linklib"
+ else
+ add="$libdir/$linklib"
+ fi
+ else
+ # We cannot seem to hardcode it, guess we'll fake it.
+ add_dir="-L$libdir"
+ # Try looking first in the location we're being installed to.
+ if test -n "$inst_prefix_dir"; then
+ case "$libdir" in
+ [\\/]*)
+ add_dir="$add_dir -L$inst_prefix_dir$libdir"
+ ;;
+ esac
+ fi
+ add="-l$name"
+ fi
+
+ if test "$linkmode" = prog; then
+ test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
+ test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
+ else
+ test -n "$add_dir" && deplibs="$add_dir $deplibs"
+ test -n "$add" && deplibs="$add $deplibs"
+ fi
+ fi
+ elif test "$linkmode" = prog; then
+ # Here we assume that one of hardcode_direct or hardcode_minus_L
+ # is not unsupported. This is valid on all known static and
+ # shared platforms.
+ if test "$hardcode_direct" != unsupported; then
+ test -n "$old_library" && linklib="$old_library"
+ compile_deplibs="$dir/$linklib $compile_deplibs"
+ finalize_deplibs="$dir/$linklib $finalize_deplibs"
+ else
+ compile_deplibs="-l$name -L$dir $compile_deplibs"
+ finalize_deplibs="-l$name -L$dir $finalize_deplibs"
+ fi
+ elif test "$build_libtool_libs" = yes; then
+ # Not a shared library
+ if test "$deplibs_check_method" != pass_all; then
+ # We're trying link a shared library against a static one
+ # but the system doesn't support it.
+
+ # Just print a warning and add the library to dependency_libs so
+ # that the program can be linked against the static library.
+ $echo
+ $echo "*** Warning: This system can not link to static lib archive $lib."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which you do not appear to have."
+ if test "$module" = yes; then
+ $echo "*** But as you try to build a module library, libtool will still create "
+ $echo "*** a static module, that should work as long as the dlopening application"
+ $echo "*** is linked with the -dlopen flag to resolve symbols at runtime."
+ if test -z "$global_symbol_pipe"; then
+ $echo
+ $echo "*** However, this would only work if libtool was able to extract symbol"
+ $echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ $echo "*** not find such a program. So, this module is probably useless."
+ $echo "*** \`nm' from GNU binutils and a full rebuild may help."
+ fi
+ if test "$build_old_libs" = no; then
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ fi
+ else
+ convenience="$convenience $dir/$old_library"
+ old_convenience="$old_convenience $dir/$old_library"
+ deplibs="$dir/$old_library $deplibs"
+ link_static=yes
+ fi
+ fi # link shared/static library?
+
+ if test "$linkmode" = lib; then
+ if test -n "$dependency_libs" &&
+ { test "$hardcode_into_libs" != yes ||
+ test "$build_old_libs" = yes ||
+ test "$link_static" = yes; }; then
+ # Extract -R from dependency_libs
+ temp_deplibs=
+ for libdir in $dependency_libs; do
+ case $libdir in
+ -R*) temp_xrpath=`$echo "X$libdir" | $Xsed -e 's/^-R//'`
+ case " $xrpath " in
+ *" $temp_xrpath "*) ;;
+ *) xrpath="$xrpath $temp_xrpath";;
+ esac;;
+ *) temp_deplibs="$temp_deplibs $libdir";;
+ esac
+ done
+ dependency_libs="$temp_deplibs"
+ fi
+
+ newlib_search_path="$newlib_search_path $absdir"
+ # Link against this library
+ test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
+ # ... and its dependency_libs
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ newdependency_libs="$deplib $newdependency_libs"
+ if test "X$duplicate_deps" = "Xyes" ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done
+
+ if test "$link_all_deplibs" != no; then
+ # Add the search paths of all dependency libraries
+ for deplib in $dependency_libs; do
+ case $deplib in
+ -L*) path="$deplib" ;;
+ *.la)
+ dir=`$echo "X$deplib" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$dir" = "X$deplib" && dir="."
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;;
+ *)
+ absdir=`cd "$dir" && pwd`
+ if test -z "$absdir"; then
+ $echo "$modename: warning: cannot determine absolute directory name of \`$dir'" 1>&2
+ absdir="$dir"
+ fi
+ ;;
+ esac
+ if grep "^installed=no" $deplib > /dev/null; then
+ path="$absdir/$objdir"
+ else
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ if test -z "$libdir"; then
+ $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ if test "$absdir" != "$libdir"; then
+ $echo "$modename: warning: \`$deplib' seems to be moved" 1>&2
+ fi
+ path="$absdir"
+ fi
+ depdepl=
+ case $host in
+ *-*-darwin*)
+ # we do not want to link against static libs,
+ # but need to link against shared
+ eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
+ if test -n "$deplibrary_names" ; then
+ for tmp in $deplibrary_names ; do
+ depdepl=$tmp
+ done
+ if test -f "$path/$depdepl" ; then
+ depdepl="$path/$depdepl"
+ fi
+ # do not add paths which are already there
+ case " $newlib_search_path " in
+ *" $path "*) ;;
+ *) newlib_search_path="$newlib_search_path $path";;
+ esac
+ fi
+ path=""
+ ;;
+ *)
+ path="-L$path"
+ ;;
+ esac
+ ;;
+ -l*)
+ case $host in
+ *-*-darwin*)
+ # Again, we only want to link against shared libraries
+ eval tmp_libs=`$echo "X$deplib" | $Xsed -e "s,^\-l,,"`
+ for tmp in $newlib_search_path ; do
+ if test -f "$tmp/lib$tmp_libs.dylib" ; then
+ eval depdepl="$tmp/lib$tmp_libs.dylib"
+ break
+ fi
+ done
+ path=""
+ ;;
+ *) continue ;;
+ esac
+ ;;
+ *) continue ;;
+ esac
+ case " $deplibs " in
+ *" $path "*) ;;
+ *) deplibs="$path $deplibs" ;;
+ esac
+ case " $deplibs " in
+ *" $depdepl "*) ;;
+ *) deplibs="$depdepl $deplibs" ;;
+ esac
+ done
+ fi # link_all_deplibs != no
+ fi # linkmode = lib
+ done # for deplib in $libs
+ dependency_libs="$newdependency_libs"
+ if test "$pass" = dlpreopen; then
+ # Link the dlpreopened libraries before other libraries
+ for deplib in $save_deplibs; do
+ deplibs="$deplib $deplibs"
+ done
+ fi
+ if test "$pass" != dlopen; then
+ if test "$pass" != conv; then
+ # Make sure lib_search_path contains only unique directories.
+ lib_search_path=
+ for dir in $newlib_search_path; do
+ case "$lib_search_path " in
+ *" $dir "*) ;;
+ *) lib_search_path="$lib_search_path $dir" ;;
+ esac
+ done
+ newlib_search_path=
+ fi
+
+ if test "$linkmode,$pass" != "prog,link"; then
+ vars="deplibs"
+ else
+ vars="compile_deplibs finalize_deplibs"
+ fi
+ for var in $vars dependency_libs; do
+ # Add libraries to $var in reverse order
+ eval tmp_libs=\"\$$var\"
+ new_libs=
+ for deplib in $tmp_libs; do
+ # FIXME: Pedantically, this is the right thing to do, so
+ # that some nasty dependency loop isn't accidentally
+ # broken:
+ #new_libs="$deplib $new_libs"
+ # Pragmatically, this seems to cause very few problems in
+ # practice:
+ case $deplib in
+ -L*) new_libs="$deplib $new_libs" ;;
+ -R*) ;;
+ *)
+ # And here is the reason: when a library appears more
+ # than once as an explicit dependence of a library, or
+ # is implicitly linked in more than once by the
+ # compiler, it is considered special, and multiple
+ # occurrences thereof are not removed. Compare this
+ # with having the same library being listed as a
+ # dependency of multiple other libraries: in this case,
+ # we know (pedantically, we assume) the library does not
+ # need to be listed more than once, so we keep only the
+ # last copy. This is not always right, but it is rare
+ # enough that we require users that really mean to play
+ # such unportable linking tricks to link the library
+ # using -Wl,-lname, so that libtool does not consider it
+ # for duplicate removal.
+ case " $specialdeplibs " in
+ *" $deplib "*) new_libs="$deplib $new_libs" ;;
+ *)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$deplib $new_libs" ;;
+ esac
+ ;;
+ esac
+ ;;
+ esac
+ done
+ tmp_libs=
+ for deplib in $new_libs; do
+ case $deplib in
+ -L*)
+ case " $tmp_libs " in
+ *" $deplib "*) ;;
+ *) tmp_libs="$tmp_libs $deplib" ;;
+ esac
+ ;;
+ *) tmp_libs="$tmp_libs $deplib" ;;
+ esac
+ done
+ eval $var=\"$tmp_libs\"
+ done # for var
+ fi
+ # Last step: remove runtime libs from dependency_libs
+ # (they stay in deplibs)
+ tmp_libs=
+ for i in $dependency_libs ; do
+ case " $predeps $postdeps $compiler_lib_search_path " in
+ *" $i "*)
+ i=""
+ ;;
+ esac
+ if test -n "$i" ; then
+ tmp_libs="$tmp_libs $i"
+ fi
+ done
+ dependency_libs=$tmp_libs
+ done # for pass
+ if test "$linkmode" = prog; then
+ dlfiles="$newdlfiles"
+ dlprefiles="$newdlprefiles"
+ fi
+
+ case $linkmode in
+ oldlib)
+ if test -n "$deplibs"; then
+ $echo "$modename: warning: \`-l' and \`-L' are ignored for archives" 1>&2
+ fi
+
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ $echo "$modename: warning: \`-dlopen' is ignored for archives" 1>&2
+ fi
+
+ if test -n "$rpath"; then
+ $echo "$modename: warning: \`-rpath' is ignored for archives" 1>&2
+ fi
+
+ if test -n "$xrpath"; then
+ $echo "$modename: warning: \`-R' is ignored for archives" 1>&2
+ fi
+
+ if test -n "$vinfo"; then
+ $echo "$modename: warning: \`-version-info/-version-number' is ignored for archives" 1>&2
+ fi
+
+ if test -n "$release"; then
+ $echo "$modename: warning: \`-release' is ignored for archives" 1>&2
+ fi
+
+ if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
+ $echo "$modename: warning: \`-export-symbols' is ignored for archives" 1>&2
+ fi
+
+ # Now set the variables for building old libraries.
+ build_libtool_libs=no
+ oldlibs="$output"
+ objs="$objs$old_deplibs"
+ ;;
+
+ lib)
+ # Make sure we only generate libraries of the form `libNAME.la'.
+ case $outputname in
+ lib*)
+ name=`$echo "X$outputname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
+ eval shared_ext=\"$shrext_cmds\"
+ eval libname=\"$libname_spec\"
+ ;;
+ *)
+ if test "$module" = no; then
+ $echo "$modename: libtool library \`$output' must begin with \`lib'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ if test "$need_lib_prefix" != no; then
+ # Add the "lib" prefix for modules if required
+ name=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
+ eval shared_ext=\"$shrext_cmds\"
+ eval libname=\"$libname_spec\"
+ else
+ libname=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
+ fi
+ ;;
+ esac
+
+ if test -n "$objs"; then
+ if test "$deplibs_check_method" != pass_all; then
+ $echo "$modename: cannot build libtool library \`$output' from non-libtool objects on this host:$objs" 2>&1
+ exit $EXIT_FAILURE
+ else
+ $echo
+ $echo "*** Warning: Linking the shared library $output against the non-libtool"
+ $echo "*** objects $objs is not portable!"
+ libobjs="$libobjs $objs"
+ fi
+ fi
+
+ if test "$dlself" != no; then
+ $echo "$modename: warning: \`-dlopen self' is ignored for libtool libraries" 1>&2
+ fi
+
+ set dummy $rpath
+ if test "$#" -gt 2; then
+ $echo "$modename: warning: ignoring multiple \`-rpath's for a libtool library" 1>&2
+ fi
+ install_libdir="$2"
+
+ oldlibs=
+ if test -z "$rpath"; then
+ if test "$build_libtool_libs" = yes; then
+ # Building a libtool convenience library.
+ # Some compilers have problems with a `.al' extension so
+ # convenience libraries should have the same extension an
+ # archive normally would.
+ oldlibs="$output_objdir/$libname.$libext $oldlibs"
+ build_libtool_libs=convenience
+ build_old_libs=yes
+ fi
+
+ if test -n "$vinfo"; then
+ $echo "$modename: warning: \`-version-info/-version-number' is ignored for convenience libraries" 1>&2
+ fi
+
+ if test -n "$release"; then
+ $echo "$modename: warning: \`-release' is ignored for convenience libraries" 1>&2
+ fi
+ else
+
+ # Parse the version information argument.
+ save_ifs="$IFS"; IFS=':'
+ set dummy $vinfo 0 0 0
+ IFS="$save_ifs"
+
+ if test -n "$8"; then
+ $echo "$modename: too many parameters to \`-version-info'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # convert absolute version numbers to libtool ages
+ # this retains compatibility with .la files and attempts
+ # to make the code below a bit more comprehensible
+
+ case $vinfo_number in
+ yes)
+ number_major="$2"
+ number_minor="$3"
+ number_revision="$4"
+ #
+ # There are really only two kinds -- those that
+ # use the current revision as the major version
+ # and those that subtract age and use age as
+ # a minor version. But, then there is irix
+ # which has an extra 1 added just for fun
+ #
+ case $version_type in
+ darwin|linux|osf|windows)
+ current=`expr $number_major + $number_minor`
+ age="$number_minor"
+ revision="$number_revision"
+ ;;
+ freebsd-aout|freebsd-elf|sunos)
+ current="$number_major"
+ revision="$number_minor"
+ age="0"
+ ;;
+ irix|nonstopux)
+ current=`expr $number_major + $number_minor - 1`
+ age="$number_minor"
+ revision="$number_minor"
+ ;;
+ esac
+ ;;
+ no)
+ current="$2"
+ revision="$3"
+ age="$4"
+ ;;
+ esac
+
+ # Check that each of the things are valid numbers.
+ case $current in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ $echo "$modename: CURRENT \`$current' must be a nonnegative integer" 1>&2
+ $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ case $revision in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ $echo "$modename: REVISION \`$revision' must be a nonnegative integer" 1>&2
+ $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ case $age in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ $echo "$modename: AGE \`$age' must be a nonnegative integer" 1>&2
+ $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ if test "$age" -gt "$current"; then
+ $echo "$modename: AGE \`$age' is greater than the current interface number \`$current'" 1>&2
+ $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Calculate the version variables.
+ major=
+ versuffix=
+ verstring=
+ case $version_type in
+ none) ;;
+
+ darwin)
+ # Like Linux, but with the current version available in
+ # verstring for coding it into the library header
+ major=.`expr $current - $age`
+ versuffix="$major.$age.$revision"
+ # Darwin ld doesn't like 0 for these options...
+ minor_current=`expr $current + 1`
+ verstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision"
+ ;;
+
+ freebsd-aout)
+ major=".$current"
+ versuffix=".$current.$revision";
+ ;;
+
+ freebsd-elf)
+ major=".$current"
+ versuffix=".$current";
+ ;;
+
+ irix | nonstopux)
+ major=`expr $current - $age + 1`
+
+ case $version_type in
+ nonstopux) verstring_prefix=nonstopux ;;
+ *) verstring_prefix=sgi ;;
+ esac
+ verstring="$verstring_prefix$major.$revision"
+
+ # Add in all the interfaces that we are compatible with.
+ loop=$revision
+ while test "$loop" -ne 0; do
+ iface=`expr $revision - $loop`
+ loop=`expr $loop - 1`
+ verstring="$verstring_prefix$major.$iface:$verstring"
+ done
+
+ # Before this point, $major must not contain `.'.
+ major=.$major
+ versuffix="$major.$revision"
+ ;;
+
+ linux)
+ major=.`expr $current - $age`
+ versuffix="$major.$age.$revision"
+ ;;
+
+ osf)
+ major=.`expr $current - $age`
+ versuffix=".$current.$age.$revision"
+ verstring="$current.$age.$revision"
+
+ # Add in all the interfaces that we are compatible with.
+ loop=$age
+ while test "$loop" -ne 0; do
+ iface=`expr $current - $loop`
+ loop=`expr $loop - 1`
+ verstring="$verstring:${iface}.0"
+ done
+
+ # Make executables depend on our current version.
+ verstring="$verstring:${current}.0"
+ ;;
+
+ sunos)
+ major=".$current"
+ versuffix=".$current.$revision"
+ ;;
+
+ windows)
+ # Use '-' rather than '.', since we only want one
+ # extension on DOS 8.3 filesystems.
+ major=`expr $current - $age`
+ versuffix="-$major"
+ ;;
+
+ *)
+ $echo "$modename: unknown library version type \`$version_type'" 1>&2
+ $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ # Clear the version info if we defaulted, and they specified a release.
+ if test -z "$vinfo" && test -n "$release"; then
+ major=
+ case $version_type in
+ darwin)
+ # we can't check for "0.0" in archive_cmds due to quoting
+ # problems, so we reset it completely
+ verstring=
+ ;;
+ *)
+ verstring="0.0"
+ ;;
+ esac
+ if test "$need_version" = no; then
+ versuffix=
+ else
+ versuffix=".0.0"
+ fi
+ fi
+
+ # Remove version info from name if versioning should be avoided
+ if test "$avoid_version" = yes && test "$need_version" = no; then
+ major=
+ versuffix=
+ verstring=""
+ fi
+
+ # Check to see if the archive will have undefined symbols.
+ if test "$allow_undefined" = yes; then
+ if test "$allow_undefined_flag" = unsupported; then
+ $echo "$modename: warning: undefined symbols not allowed in $host shared libraries" 1>&2
+ build_libtool_libs=no
+ build_old_libs=yes
+ fi
+ else
+ # Don't allow undefined symbols.
+ allow_undefined_flag="$no_undefined_flag"
+ fi
+ fi
+
+ if test "$mode" != relink; then
+ # Remove our outputs, but don't remove object files since they
+ # may have been created when compiling PIC objects.
+ removelist=
+ tempremovelist=`$echo "$output_objdir/*"`
+ for p in $tempremovelist; do
+ case $p in
+ *.$objext)
+ ;;
+ $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*)
+ if test "X$precious_files_regex" != "X"; then
+ if echo $p | $EGREP -e "$precious_files_regex" >/dev/null 2>&1
+ then
+ continue
+ fi
+ fi
+ removelist="$removelist $p"
+ ;;
+ *) ;;
+ esac
+ done
+ if test -n "$removelist"; then
+ $show "${rm}r $removelist"
+ $run ${rm}r $removelist
+ fi
+ fi
+
+ # Now set the variables for building old libraries.
+ if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then
+ oldlibs="$oldlibs $output_objdir/$libname.$libext"
+
+ # Transform .lo files to .o files.
+ oldobjs="$objs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP`
+ fi
+
+ # Eliminate all temporary directories.
+ for path in $notinst_path; do
+ lib_search_path=`$echo "$lib_search_path " | ${SED} -e 's% $path % %g'`
+ deplibs=`$echo "$deplibs " | ${SED} -e 's% -L$path % %g'`
+ dependency_libs=`$echo "$dependency_libs " | ${SED} -e 's% -L$path % %g'`
+ done
+
+ if test -n "$xrpath"; then
+ # If the user specified any rpath flags, then add them.
+ temp_xrpath=
+ for libdir in $xrpath; do
+ temp_xrpath="$temp_xrpath -R$libdir"
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir" ;;
+ esac
+ done
+ if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
+ dependency_libs="$temp_xrpath $dependency_libs"
+ fi
+ fi
+
+ # Make sure dlfiles contains only unique files that won't be dlpreopened
+ old_dlfiles="$dlfiles"
+ dlfiles=
+ for lib in $old_dlfiles; do
+ case " $dlprefiles $dlfiles " in
+ *" $lib "*) ;;
+ *) dlfiles="$dlfiles $lib" ;;
+ esac
+ done
+
+ # Make sure dlprefiles contains only unique files
+ old_dlprefiles="$dlprefiles"
+ dlprefiles=
+ for lib in $old_dlprefiles; do
+ case "$dlprefiles " in
+ *" $lib "*) ;;
+ *) dlprefiles="$dlprefiles $lib" ;;
+ esac
+ done
+
+ if test "$build_libtool_libs" = yes; then
+ if test -n "$rpath"; then
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos*)
+ # these systems don't actually have a c library (as such)!
+ ;;
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # Rhapsody C library is in the System framework
+ deplibs="$deplibs -framework System"
+ ;;
+ *-*-netbsd*)
+ # Don't link with libc until the a.out ld.so is fixed.
+ ;;
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc due to us having libc/libc_r.
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *)
+ # Add libc to deplibs on all other systems if necessary.
+ if test "$build_libtool_need_lc" = "yes"; then
+ deplibs="$deplibs -lc"
+ fi
+ ;;
+ esac
+ fi
+
+ # Transform deplibs into only deplibs that can be linked in shared.
+ name_save=$name
+ libname_save=$libname
+ release_save=$release
+ versuffix_save=$versuffix
+ major_save=$major
+ # I'm not sure if I'm treating the release correctly. I think
+ # release should show up in the -l (ie -lgmp5) so we don't want to
+ # add it in twice. Is that correct?
+ release=""
+ versuffix=""
+ major=""
+ newdeplibs=
+ droppeddeps=no
+ case $deplibs_check_method in
+ pass_all)
+ # Don't check for shared/static. Everything works.
+ # This might be a little naive. We might want to check
+ # whether the library exists or not. But this is on
+ # osf3 & osf4 and I'm not really sure... Just
+ # implementing what was already the behavior.
+ newdeplibs=$deplibs
+ ;;
+ test_compile)
+ # This code stresses the "libraries are programs" paradigm to its
+ # limits. Maybe even breaks it. We compile a program, linking it
+ # against the deplibs as a proxy for the library. Then we can check
+ # whether they linked in statically or dynamically with ldd.
+ $rm conftest.c
+ cat > conftest.c <<EOF
+ int main() { return 0; }
+EOF
+ $rm conftest
+ $LTCC -o conftest conftest.c $deplibs
+ if test "$?" -eq 0 ; then
+ ldd_output=`ldd conftest`
+ for i in $deplibs; do
+ name="`expr $i : '-l\(.*\)'`"
+ # If $name is empty we are operating on a -L argument.
+ if test "$name" != "" && test "$name" -ne "0"; then
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $i "*)
+ newdeplibs="$newdeplibs $i"
+ i=""
+ ;;
+ esac
+ fi
+ if test -n "$i" ; then
+ libname=`eval \\$echo \"$libname_spec\"`
+ deplib_matches=`eval \\$echo \"$library_names_spec\"`
+ set dummy $deplib_matches
+ deplib_match=$2
+ if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+ newdeplibs="$newdeplibs $i"
+ else
+ droppeddeps=yes
+ $echo
+ $echo "*** Warning: dynamic linker does not accept needed library $i."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which I believe you do not have"
+ $echo "*** because a test_compile did reveal that the linker did not use it for"
+ $echo "*** its dynamic dependency list that programs get resolved with at runtime."
+ fi
+ fi
+ else
+ newdeplibs="$newdeplibs $i"
+ fi
+ done
+ else
+ # Error occurred in the first compile. Let's try to salvage
+ # the situation: Compile a separate program for each library.
+ for i in $deplibs; do
+ name="`expr $i : '-l\(.*\)'`"
+ # If $name is empty we are operating on a -L argument.
+ if test "$name" != "" && test "$name" != "0"; then
+ $rm conftest
+ $LTCC -o conftest conftest.c $i
+ # Did it work?
+ if test "$?" -eq 0 ; then
+ ldd_output=`ldd conftest`
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $i "*)
+ newdeplibs="$newdeplibs $i"
+ i=""
+ ;;
+ esac
+ fi
+ if test -n "$i" ; then
+ libname=`eval \\$echo \"$libname_spec\"`
+ deplib_matches=`eval \\$echo \"$library_names_spec\"`
+ set dummy $deplib_matches
+ deplib_match=$2
+ if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+ newdeplibs="$newdeplibs $i"
+ else
+ droppeddeps=yes
+ $echo
+ $echo "*** Warning: dynamic linker does not accept needed library $i."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which you do not appear to have"
+ $echo "*** because a test_compile did reveal that the linker did not use this one"
+ $echo "*** as a dynamic dependency that programs can get resolved with at runtime."
+ fi
+ fi
+ else
+ droppeddeps=yes
+ $echo
+ $echo "*** Warning! Library $i is needed by this library but I was not able to"
+ $echo "*** make it link in! You will probably need to install it or some"
+ $echo "*** library that it depends on before this library will be fully"
+ $echo "*** functional. Installing it before continuing would be even better."
+ fi
+ else
+ newdeplibs="$newdeplibs $i"
+ fi
+ done
+ fi
+ ;;
+ file_magic*)
+ set dummy $deplibs_check_method
+ file_magic_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
+ for a_deplib in $deplibs; do
+ name="`expr $a_deplib : '-l\(.*\)'`"
+ # If $name is empty we are operating on a -L argument.
+ if test "$name" != "" && test "$name" != "0"; then
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $a_deplib "*)
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ ;;
+ esac
+ fi
+ if test -n "$a_deplib" ; then
+ libname=`eval \\$echo \"$libname_spec\"`
+ for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+ potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+ for potent_lib in $potential_libs; do
+ # Follow soft links.
+ if ls -lLd "$potent_lib" 2>/dev/null \
+ | grep " -> " >/dev/null; then
+ continue
+ fi
+ # The statement above tries to avoid entering an
+ # endless loop below, in case of cyclic links.
+ # We might still enter an endless loop, since a link
+ # loop can be closed while we follow links,
+ # but so what?
+ potlib="$potent_lib"
+ while test -h "$potlib" 2>/dev/null; do
+ potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'`
+ case $potliblink in
+ [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";;
+ *) potlib=`$echo "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";;
+ esac
+ done
+ if eval $file_magic_cmd \"\$potlib\" 2>/dev/null \
+ | ${SED} 10q \
+ | $EGREP "$file_magic_regex" > /dev/null; then
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ break 2
+ fi
+ done
+ done
+ fi
+ if test -n "$a_deplib" ; then
+ droppeddeps=yes
+ $echo
+ $echo "*** Warning: linker path does not have real file for library $a_deplib."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which you do not appear to have"
+ $echo "*** because I did check the linker path looking for a file starting"
+ if test -z "$potlib" ; then
+ $echo "*** with $libname but no candidates were found. (...for file magic test)"
+ else
+ $echo "*** with $libname and none of the candidates passed a file format test"
+ $echo "*** using a file magic. Last file checked: $potlib"
+ fi
+ fi
+ else
+ # Add a -L argument.
+ newdeplibs="$newdeplibs $a_deplib"
+ fi
+ done # Gone through all deplibs.
+ ;;
+ match_pattern*)
+ set dummy $deplibs_check_method
+ match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
+ for a_deplib in $deplibs; do
+ name="`expr $a_deplib : '-l\(.*\)'`"
+ # If $name is empty we are operating on a -L argument.
+ if test -n "$name" && test "$name" != "0"; then
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $a_deplib "*)
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ ;;
+ esac
+ fi
+ if test -n "$a_deplib" ; then
+ libname=`eval \\$echo \"$libname_spec\"`
+ for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+ potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+ for potent_lib in $potential_libs; do
+ potlib="$potent_lib" # see symlink-check above in file_magic test
+ if eval $echo \"$potent_lib\" 2>/dev/null \
+ | ${SED} 10q \
+ | $EGREP "$match_pattern_regex" > /dev/null; then
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ break 2
+ fi
+ done
+ done
+ fi
+ if test -n "$a_deplib" ; then
+ droppeddeps=yes
+ $echo
+ $echo "*** Warning: linker path does not have real file for library $a_deplib."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which you do not appear to have"
+ $echo "*** because I did check the linker path looking for a file starting"
+ if test -z "$potlib" ; then
+ $echo "*** with $libname but no candidates were found. (...for regex pattern test)"
+ else
+ $echo "*** with $libname and none of the candidates passed a file format test"
+ $echo "*** using a regex pattern. Last file checked: $potlib"
+ fi
+ fi
+ else
+ # Add a -L argument.
+ newdeplibs="$newdeplibs $a_deplib"
+ fi
+ done # Gone through all deplibs.
+ ;;
+ none | unknown | *)
+ newdeplibs=""
+ tmp_deplibs=`$echo "X $deplibs" | $Xsed -e 's/ -lc$//' \
+ -e 's/ -[LR][^ ]*//g'`
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ for i in $predeps $postdeps ; do
+ # can't use Xsed below, because $i might contain '/'
+ tmp_deplibs=`$echo "X $tmp_deplibs" | ${SED} -e "1s,^X,," -e "s,$i,,"`
+ done
+ fi
+ if $echo "X $tmp_deplibs" | $Xsed -e 's/[ ]//g' \
+ | grep . >/dev/null; then
+ $echo
+ if test "X$deplibs_check_method" = "Xnone"; then
+ $echo "*** Warning: inter-library dependencies are not supported in this platform."
+ else
+ $echo "*** Warning: inter-library dependencies are not known to be supported."
+ fi
+ $echo "*** All declared inter-library dependencies are being dropped."
+ droppeddeps=yes
+ fi
+ ;;
+ esac
+ versuffix=$versuffix_save
+ major=$major_save
+ release=$release_save
+ libname=$libname_save
+ name=$name_save
+
+ case $host in
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # On Rhapsody replace the C library is the System framework
+ newdeplibs=`$echo "X $newdeplibs" | $Xsed -e 's/ -lc / -framework System /'`
+ ;;
+ esac
+
+ if test "$droppeddeps" = yes; then
+ if test "$module" = yes; then
+ $echo
+ $echo "*** Warning: libtool could not satisfy all declared inter-library"
+ $echo "*** dependencies of module $libname. Therefore, libtool will create"
+ $echo "*** a static module, that should work as long as the dlopening"
+ $echo "*** application is linked with the -dlopen flag."
+ if test -z "$global_symbol_pipe"; then
+ $echo
+ $echo "*** However, this would only work if libtool was able to extract symbol"
+ $echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ $echo "*** not find such a program. So, this module is probably useless."
+ $echo "*** \`nm' from GNU binutils and a full rebuild may help."
+ fi
+ if test "$build_old_libs" = no; then
+ oldlibs="$output_objdir/$libname.$libext"
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ else
+ $echo "*** The inter-library dependencies that have been dropped here will be"
+ $echo "*** automatically added whenever a program is linked with this library"
+ $echo "*** or is declared to -dlopen it."
+
+ if test "$allow_undefined" = no; then
+ $echo
+ $echo "*** Since this library must not contain undefined symbols,"
+ $echo "*** because either the platform does not support them or"
+ $echo "*** it was explicitly requested with -no-undefined,"
+ $echo "*** libtool will only create a static version of it."
+ if test "$build_old_libs" = no; then
+ oldlibs="$output_objdir/$libname.$libext"
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ fi
+ fi
+ fi
+ # Done checking deplibs!
+ deplibs=$newdeplibs
+ fi
+
+ # All the library-specific variables (install_libdir is set above).
+ library_names=
+ old_library=
+ dlname=
+
+ # Test again, we may have decided not to build it any more
+ if test "$build_libtool_libs" = yes; then
+ if test "$hardcode_into_libs" = yes; then
+ # Hardcode the library paths
+ hardcode_libdirs=
+ dep_rpath=
+ rpath="$finalize_rpath"
+ test "$mode" != relink && rpath="$compile_rpath$rpath"
+ for libdir in $rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ dep_rpath="$dep_rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$perm_rpath " in
+ *" $libdir "*) ;;
+ *) perm_rpath="$perm_rpath $libdir" ;;
+ esac
+ fi
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ if test -n "$hardcode_libdir_flag_spec_ld"; then
+ eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
+ else
+ eval dep_rpath=\"$hardcode_libdir_flag_spec\"
+ fi
+ fi
+ if test -n "$runpath_var" && test -n "$perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
+ fi
+ test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
+ fi
+
+ shlibpath="$finalize_shlibpath"
+ test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath"
+ if test -n "$shlibpath"; then
+ eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
+ fi
+
+ # Get the real and link names of the library.
+ eval shared_ext=\"$shrext_cmds\"
+ eval library_names=\"$library_names_spec\"
+ set dummy $library_names
+ realname="$2"
+ shift; shift
+
+ if test -n "$soname_spec"; then
+ eval soname=\"$soname_spec\"
+ else
+ soname="$realname"
+ fi
+ if test -z "$dlname"; then
+ dlname=$soname
+ fi
+
+ lib="$output_objdir/$realname"
+ for link
+ do
+ linknames="$linknames $link"
+ done
+
+ # Use standard objects if they are pic
+ test -z "$pic_flag" && libobjs=`$echo "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+
+ # Prepare the list of exported symbols
+ if test -z "$export_symbols"; then
+ if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then
+ $show "generating symbol list for \`$libname.la'"
+ export_symbols="$output_objdir/$libname.exp"
+ $run $rm $export_symbols
+ cmds=$export_symbols_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ if len=`expr "X$cmd" : ".*"` &&
+ test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ skipped_export=false
+ else
+ # The command line is too long to execute in one step.
+ $show "using reloadable object file for export list..."
+ skipped_export=:
+ fi
+ done
+ IFS="$save_ifs"
+ if test -n "$export_symbols_regex"; then
+ $show "$EGREP -e \"$export_symbols_regex\" \"$export_symbols\" > \"${export_symbols}T\""
+ $run eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+ $show "$mv \"${export_symbols}T\" \"$export_symbols\""
+ $run eval '$mv "${export_symbols}T" "$export_symbols"'
+ fi
+ fi
+ fi
+
+ if test -n "$export_symbols" && test -n "$include_expsyms"; then
+ $run eval '$echo "X$include_expsyms" | $SP2NL >> "$export_symbols"'
+ fi
+
+ tmp_deplibs=
+ for test_deplib in $deplibs; do
+ case " $convenience " in
+ *" $test_deplib "*) ;;
+ *)
+ tmp_deplibs="$tmp_deplibs $test_deplib"
+ ;;
+ esac
+ done
+ deplibs="$tmp_deplibs"
+
+ if test -n "$convenience"; then
+ if test -n "$whole_archive_flag_spec"; then
+ save_libobjs=$libobjs
+ eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+ else
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $convenience
+ libobjs="$libobjs $func_extract_archives_result"
+ fi
+ fi
+
+ if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then
+ eval flag=\"$thread_safe_flag_spec\"
+ linker_flags="$linker_flags $flag"
+ fi
+
+ # Make a backup of the uninstalled library when relinking
+ if test "$mode" = relink; then
+ $run eval '(cd $output_objdir && $rm ${realname}U && $mv $realname ${realname}U)' || exit $?
+ fi
+
+ # Do each of the archive commands.
+ if test "$module" = yes && test -n "$module_cmds" ; then
+ if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+ eval test_cmds=\"$module_expsym_cmds\"
+ cmds=$module_expsym_cmds
+ else
+ eval test_cmds=\"$module_cmds\"
+ cmds=$module_cmds
+ fi
+ else
+ if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+ eval test_cmds=\"$archive_expsym_cmds\"
+ cmds=$archive_expsym_cmds
+ else
+ eval test_cmds=\"$archive_cmds\"
+ cmds=$archive_cmds
+ fi
+ fi
+
+ if test "X$skipped_export" != "X:" && len=`expr "X$test_cmds" : ".*"` &&
+ test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ :
+ else
+ # The command line is too long to link in one step, link piecewise.
+ $echo "creating reloadable object files..."
+
+ # Save the value of $output and $libobjs because we want to
+ # use them later. If we have whole_archive_flag_spec, we
+ # want to use save_libobjs as it was before
+ # whole_archive_flag_spec was expanded, because we can't
+ # assume the linker understands whole_archive_flag_spec.
+ # This may have to be revisited, in case too many
+ # convenience libraries get linked in and end up exceeding
+ # the spec.
+ if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then
+ save_libobjs=$libobjs
+ fi
+ save_output=$output
+ output_la=`$echo "X$output" | $Xsed -e "$basename"`
+
+ # Clear the reloadable object creation command queue and
+ # initialize k to one.
+ test_cmds=
+ concat_cmds=
+ objlist=
+ delfiles=
+ last_robj=
+ k=1
+ output=$output_objdir/$output_la-${k}.$objext
+ # Loop over the list of objects to be linked.
+ for obj in $save_libobjs
+ do
+ eval test_cmds=\"$reload_cmds $objlist $last_robj\"
+ if test "X$objlist" = X ||
+ { len=`expr "X$test_cmds" : ".*"` &&
+ test "$len" -le "$max_cmd_len"; }; then
+ objlist="$objlist $obj"
+ else
+ # The command $test_cmds is almost too long, add a
+ # command to the queue.
+ if test "$k" -eq 1 ; then
+ # The first file doesn't have a previous command to add.
+ eval concat_cmds=\"$reload_cmds $objlist $last_robj\"
+ else
+ # All subsequent reloadable object files will link in
+ # the last one created.
+ eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj\"
+ fi
+ last_robj=$output_objdir/$output_la-${k}.$objext
+ k=`expr $k + 1`
+ output=$output_objdir/$output_la-${k}.$objext
+ objlist=$obj
+ len=1
+ fi
+ done
+ # Handle the remaining objects by creating one last
+ # reloadable object file. All subsequent reloadable object
+ # files will link in the last one created.
+ test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+ eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\"
+
+ if ${skipped_export-false}; then
+ $show "generating symbol list for \`$libname.la'"
+ export_symbols="$output_objdir/$libname.exp"
+ $run $rm $export_symbols
+ libobjs=$output
+ # Append the command to create the export file.
+ eval concat_cmds=\"\$concat_cmds~$export_symbols_cmds\"
+ fi
+
+ # Set up a command to remove the reloadable object files
+ # after they are used.
+ i=0
+ while test "$i" -lt "$k"
+ do
+ i=`expr $i + 1`
+ delfiles="$delfiles $output_objdir/$output_la-${i}.$objext"
+ done
+
+ $echo "creating a temporary reloadable object file: $output"
+
+ # Loop through the commands generated above and execute them.
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $concat_cmds; do
+ IFS="$save_ifs"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+
+ libobjs=$output
+ # Restore the value of output.
+ output=$save_output
+
+ if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then
+ eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+ fi
+ # Expand the library linking commands again to reset the
+ # value of $libobjs for piecewise linking.
+
+ # Do each of the archive commands.
+ if test "$module" = yes && test -n "$module_cmds" ; then
+ if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+ cmds=$module_expsym_cmds
+ else
+ cmds=$module_cmds
+ fi
+ else
+ if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+ cmds=$archive_expsym_cmds
+ else
+ cmds=$archive_cmds
+ fi
+ fi
+
+ # Append the command to remove the reloadable object files
+ # to the just-reset $cmds.
+ eval cmds=\"\$cmds~\$rm $delfiles\"
+ fi
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ $run eval '(cd $output_objdir && $rm ${realname}T && $mv $realname ${realname}T && $mv "$realname"U $realname)' || exit $?
+ exit $EXIT_SUCCESS
+ fi
+
+ # Create links to the real library.
+ for linkname in $linknames; do
+ if test "$realname" != "$linkname"; then
+ $show "(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)"
+ $run eval '(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)' || exit $?
+ fi
+ done
+
+ # If -module or -export-dynamic was specified, set the dlname.
+ if test "$module" = yes || test "$export_dynamic" = yes; then
+ # On all known operating systems, these are identical.
+ dlname="$soname"
+ fi
+ fi
+ ;;
+
+ obj)
+ if test -n "$deplibs"; then
+ $echo "$modename: warning: \`-l' and \`-L' are ignored for objects" 1>&2
+ fi
+
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ $echo "$modename: warning: \`-dlopen' is ignored for objects" 1>&2
+ fi
+
+ if test -n "$rpath"; then
+ $echo "$modename: warning: \`-rpath' is ignored for objects" 1>&2
+ fi
+
+ if test -n "$xrpath"; then
+ $echo "$modename: warning: \`-R' is ignored for objects" 1>&2
+ fi
+
+ if test -n "$vinfo"; then
+ $echo "$modename: warning: \`-version-info' is ignored for objects" 1>&2
+ fi
+
+ if test -n "$release"; then
+ $echo "$modename: warning: \`-release' is ignored for objects" 1>&2
+ fi
+
+ case $output in
+ *.lo)
+ if test -n "$objs$old_deplibs"; then
+ $echo "$modename: cannot build library object \`$output' from non-libtool objects" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ libobj="$output"
+ obj=`$echo "X$output" | $Xsed -e "$lo2o"`
+ ;;
+ *)
+ libobj=
+ obj="$output"
+ ;;
+ esac
+
+ # Delete the old objects.
+ $run $rm $obj $libobj
+
+ # Objects from convenience libraries. This assumes
+ # single-version convenience libraries. Whenever we create
+ # different ones for PIC/non-PIC, this we'll have to duplicate
+ # the extraction.
+ reload_conv_objs=
+ gentop=
+ # reload_cmds runs $LD directly, so let us get rid of
+ # -Wl from whole_archive_flag_spec
+ wl=
+
+ if test -n "$convenience"; then
+ if test -n "$whole_archive_flag_spec"; then
+ eval reload_conv_objs=\"\$reload_objs $whole_archive_flag_spec\"
+ else
+ gentop="$output_objdir/${obj}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $convenience
+ reload_conv_objs="$reload_objs $func_extract_archives_result"
+ fi
+ fi
+
+ # Create the old-style object.
+ reload_objs="$objs$old_deplibs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
+
+ output="$obj"
+ cmds=$reload_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+
+ # Exit if we aren't doing a library object file.
+ if test -z "$libobj"; then
+ if test -n "$gentop"; then
+ $show "${rm}r $gentop"
+ $run ${rm}r $gentop
+ fi
+
+ exit $EXIT_SUCCESS
+ fi
+
+ if test "$build_libtool_libs" != yes; then
+ if test -n "$gentop"; then
+ $show "${rm}r $gentop"
+ $run ${rm}r $gentop
+ fi
+
+ # Create an invalid libtool object if no PIC, so that we don't
+ # accidentally link it into a program.
+ # $show "echo timestamp > $libobj"
+ # $run eval "echo timestamp > $libobj" || exit $?
+ exit $EXIT_SUCCESS
+ fi
+
+ if test -n "$pic_flag" || test "$pic_mode" != default; then
+ # Only do commands if we really have different PIC objects.
+ reload_objs="$libobjs $reload_conv_objs"
+ output="$libobj"
+ cmds=$reload_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ fi
+
+ if test -n "$gentop"; then
+ $show "${rm}r $gentop"
+ $run ${rm}r $gentop
+ fi
+
+ exit $EXIT_SUCCESS
+ ;;
+
+ prog)
+ case $host in
+ *cygwin*) output=`$echo $output | ${SED} -e 's,.exe$,,;s,$,.exe,'` ;;
+ esac
+ if test -n "$vinfo"; then
+ $echo "$modename: warning: \`-version-info' is ignored for programs" 1>&2
+ fi
+
+ if test -n "$release"; then
+ $echo "$modename: warning: \`-release' is ignored for programs" 1>&2
+ fi
+
+ if test "$preload" = yes; then
+ if test "$dlopen_support" = unknown && test "$dlopen_self" = unknown &&
+ test "$dlopen_self_static" = unknown; then
+ $echo "$modename: warning: \`AC_LIBTOOL_DLOPEN' not used. Assuming no dlopen support."
+ fi
+ fi
+
+ case $host in
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # On Rhapsody replace the C library is the System framework
+ compile_deplibs=`$echo "X $compile_deplibs" | $Xsed -e 's/ -lc / -framework System /'`
+ finalize_deplibs=`$echo "X $finalize_deplibs" | $Xsed -e 's/ -lc / -framework System /'`
+ ;;
+ esac
+
+ case $host in
+ *darwin*)
+ # Don't allow lazy linking, it breaks C++ global constructors
+ if test "$tagname" = CXX ; then
+ compile_command="$compile_command ${wl}-bind_at_load"
+ finalize_command="$finalize_command ${wl}-bind_at_load"
+ fi
+ ;;
+ esac
+
+ compile_command="$compile_command $compile_deplibs"
+ finalize_command="$finalize_command $finalize_deplibs"
+
+ if test -n "$rpath$xrpath"; then
+ # If the user specified any rpath flags, then add them.
+ for libdir in $rpath $xrpath; do
+ # This is the magic to use -rpath.
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir" ;;
+ esac
+ done
+ fi
+
+ # Now hardcode the library paths
+ rpath=
+ hardcode_libdirs=
+ for libdir in $compile_rpath $finalize_rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ rpath="$rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$perm_rpath " in
+ *" $libdir "*) ;;
+ *) perm_rpath="$perm_rpath $libdir" ;;
+ esac
+ fi
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+ case :$dllsearchpath: in
+ *":$libdir:"*) ;;
+ *) dllsearchpath="$dllsearchpath:$libdir";;
+ esac
+ ;;
+ esac
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ eval rpath=\" $hardcode_libdir_flag_spec\"
+ fi
+ compile_rpath="$rpath"
+
+ rpath=
+ hardcode_libdirs=
+ for libdir in $finalize_rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ rpath="$rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$finalize_perm_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;;
+ esac
+ fi
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ eval rpath=\" $hardcode_libdir_flag_spec\"
+ fi
+ finalize_rpath="$rpath"
+
+ if test -n "$libobjs" && test "$build_old_libs" = yes; then
+ # Transform all the library objects into standard objects.
+ compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ fi
+
+ dlsyms=
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ if test -n "$NM" && test -n "$global_symbol_pipe"; then
+ dlsyms="${outputname}S.c"
+ else
+ $echo "$modename: not configured to extract global symbols from dlpreopened files" 1>&2
+ fi
+ fi
+
+ if test -n "$dlsyms"; then
+ case $dlsyms in
+ "") ;;
+ *.c)
+ # Discover the nlist of each of the dlfiles.
+ nlist="$output_objdir/${outputname}.nm"
+
+ $show "$rm $nlist ${nlist}S ${nlist}T"
+ $run $rm "$nlist" "${nlist}S" "${nlist}T"
+
+ # Parse the name list into a source file.
+ $show "creating $output_objdir/$dlsyms"
+
+ test -z "$run" && $echo > "$output_objdir/$dlsyms" "\
+/* $dlsyms - symbol resolution table for \`$outputname' dlsym emulation. */
+/* Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP */
+
+#ifdef __cplusplus
+extern \"C\" {
+#endif
+
+/* Prevent the only kind of declaration conflicts we can make. */
+#define lt_preloaded_symbols some_other_symbol
+
+/* External symbol declarations for the compiler. */\
+"
+
+ if test "$dlself" = yes; then
+ $show "generating symbol list for \`$output'"
+
+ test -z "$run" && $echo ': @PROGRAM@ ' > "$nlist"
+
+ # Add our own program objects to the symbol list.
+ progfiles=`$echo "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ for arg in $progfiles; do
+ $show "extracting global C symbols from \`$arg'"
+ $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'"
+ done
+
+ if test -n "$exclude_expsyms"; then
+ $run eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
+ $run eval '$mv "$nlist"T "$nlist"'
+ fi
+
+ if test -n "$export_symbols_regex"; then
+ $run eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T'
+ $run eval '$mv "$nlist"T "$nlist"'
+ fi
+
+ # Prepare the list of exported symbols
+ if test -z "$export_symbols"; then
+ export_symbols="$output_objdir/$outputname.exp"
+ $run $rm $export_symbols
+ $run eval "${SED} -n -e '/^: @PROGRAM@$/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
+ else
+ $run eval "${SED} -e 's/\([ ][.*^$]\)/\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
+ $run eval 'grep -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
+ $run eval 'mv "$nlist"T "$nlist"'
+ fi
+ fi
+
+ for arg in $dlprefiles; do
+ $show "extracting global C symbols from \`$arg'"
+ name=`$echo "$arg" | ${SED} -e 's%^.*/%%'`
+ $run eval '$echo ": $name " >> "$nlist"'
+ $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'"
+ done
+
+ if test -z "$run"; then
+ # Make sure we have at least an empty file.
+ test -f "$nlist" || : > "$nlist"
+
+ if test -n "$exclude_expsyms"; then
+ $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
+ $mv "$nlist"T "$nlist"
+ fi
+
+ # Try sorting and uniquifying the output.
+ if grep -v "^: " < "$nlist" |
+ if sort -k 3 </dev/null >/dev/null 2>&1; then
+ sort -k 3
+ else
+ sort +2
+ fi |
+ uniq > "$nlist"S; then
+ :
+ else
+ grep -v "^: " < "$nlist" > "$nlist"S
+ fi
+
+ if test -f "$nlist"S; then
+ eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$dlsyms"'
+ else
+ $echo '/* NONE */' >> "$output_objdir/$dlsyms"
+ fi
+
+ $echo >> "$output_objdir/$dlsyms" "\
+
+#undef lt_preloaded_symbols
+
+#if defined (__STDC__) && __STDC__
+# define lt_ptr void *
+#else
+# define lt_ptr char *
+# define const
+#endif
+
+/* The mapping between symbol names and symbols. */
+"
+
+ case $host in
+ *cygwin* | *mingw* )
+ $echo >> "$output_objdir/$dlsyms" "\
+/* DATA imports from DLLs on WIN32 can't be const, because
+ runtime relocations are performed -- see ld's documentation
+ on pseudo-relocs */
+struct {
+"
+ ;;
+ * )
+ $echo >> "$output_objdir/$dlsyms" "\
+const struct {
+"
+ ;;
+ esac
+
+
+ $echo >> "$output_objdir/$dlsyms" "\
+ const char *name;
+ lt_ptr address;
+}
+lt_preloaded_symbols[] =
+{\
+"
+
+ eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$dlsyms"
+
+ $echo >> "$output_objdir/$dlsyms" "\
+ {0, (lt_ptr) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+ return lt_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif\
+"
+ fi
+
+ pic_flag_for_symtable=
+ case $host in
+ # compiling the symbol table file with pic_flag works around
+ # a FreeBSD bug that causes programs to crash when -lm is
+ # linked before any other PIC object. But we must not use
+ # pic_flag when linking with -static. The problem exists in
+ # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
+ *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
+ case "$compile_command " in
+ *" -static "*) ;;
+ *) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND";;
+ esac;;
+ *-*-hpux*)
+ case "$compile_command " in
+ *" -static "*) ;;
+ *) pic_flag_for_symtable=" $pic_flag";;
+ esac
+ esac
+
+ # Now compile the dynamic symbol file.
+ $show "(cd $output_objdir && $LTCC -c$no_builtin_flag$pic_flag_for_symtable \"$dlsyms\")"
+ $run eval '(cd $output_objdir && $LTCC -c$no_builtin_flag$pic_flag_for_symtable "$dlsyms")' || exit $?
+
+ # Clean up the generated files.
+ $show "$rm $output_objdir/$dlsyms $nlist ${nlist}S ${nlist}T"
+ $run $rm "$output_objdir/$dlsyms" "$nlist" "${nlist}S" "${nlist}T"
+
+ # Transform the symbol file into the correct name.
+ compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+ finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+ ;;
+ *)
+ $echo "$modename: unknown suffix for \`$dlsyms'" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+ else
+ # We keep going just in case the user didn't refer to
+ # lt_preloaded_symbols. The linker will fail if global_symbol_pipe
+ # really was required.
+
+ # Nullify the symbol file.
+ compile_command=`$echo "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
+ finalize_command=`$echo "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
+ fi
+
+ if test "$need_relink" = no || test "$build_libtool_libs" != yes; then
+ # Replace the output file specification.
+ compile_command=`$echo "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+ link_command="$compile_command$compile_rpath"
+
+ # We have no uninstalled library dependencies, so finalize right now.
+ $show "$link_command"
+ $run eval "$link_command"
+ status=$?
+
+ # Delete the generated files.
+ if test -n "$dlsyms"; then
+ $show "$rm $output_objdir/${outputname}S.${objext}"
+ $run $rm "$output_objdir/${outputname}S.${objext}"
+ fi
+
+ exit $status
+ fi
+
+ if test -n "$shlibpath_var"; then
+ # We should set the shlibpath_var
+ rpath=
+ for dir in $temp_rpath; do
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*)
+ # Absolute path.
+ rpath="$rpath$dir:"
+ ;;
+ *)
+ # Relative path: add a thisdir entry.
+ rpath="$rpath\$thisdir/$dir:"
+ ;;
+ esac
+ done
+ temp_rpath="$rpath"
+ fi
+
+ if test -n "$compile_shlibpath$finalize_shlibpath"; then
+ compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
+ fi
+ if test -n "$finalize_shlibpath"; then
+ finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command"
+ fi
+
+ compile_var=
+ finalize_var=
+ if test -n "$runpath_var"; then
+ if test -n "$perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
+ fi
+ if test -n "$finalize_perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $finalize_perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
+ fi
+ fi
+
+ if test "$no_install" = yes; then
+ # We don't need to create a wrapper script.
+ link_command="$compile_var$compile_command$compile_rpath"
+ # Replace the output file specification.
+ link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+ # Delete the old output file.
+ $run $rm $output
+ # Link the executable and exit
+ $show "$link_command"
+ $run eval "$link_command" || exit $?
+ exit $EXIT_SUCCESS
+ fi
+
+ if test "$hardcode_action" = relink; then
+ # Fast installation is not supported
+ link_command="$compile_var$compile_command$compile_rpath"
+ relink_command="$finalize_var$finalize_command$finalize_rpath"
+
+ $echo "$modename: warning: this platform does not like uninstalled shared libraries" 1>&2
+ $echo "$modename: \`$output' will be relinked during installation" 1>&2
+ else
+ if test "$fast_install" != no; then
+ link_command="$finalize_var$compile_command$finalize_rpath"
+ if test "$fast_install" = yes; then
+ relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'`
+ else
+ # fast_install is set to needless
+ relink_command=
+ fi
+ else
+ link_command="$compile_var$compile_command$compile_rpath"
+ relink_command="$finalize_var$finalize_command$finalize_rpath"
+ fi
+ fi
+
+ # Replace the output file specification.
+ link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
+
+ # Delete the old output files.
+ $run $rm $output $output_objdir/$outputname $output_objdir/lt-$outputname
+
+ $show "$link_command"
+ $run eval "$link_command" || exit $?
+
+ # Now create the wrapper script.
+ $show "creating $output"
+
+ # Quote the relink command for shipping.
+ if test -n "$relink_command"; then
+ # Preserve any variables that may affect compiler behavior
+ for var in $variables_saved_for_relink; do
+ if eval test -z \"\${$var+set}\"; then
+ relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command"
+ elif eval var_value=\$$var; test -z "$var_value"; then
+ relink_command="$var=; export $var; $relink_command"
+ else
+ var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"`
+ relink_command="$var=\"$var_value\"; export $var; $relink_command"
+ fi
+ done
+ relink_command="(cd `pwd`; $relink_command)"
+ relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+ fi
+
+ # Quote $echo for shipping.
+ if test "X$echo" = "X$SHELL $progpath --fallback-echo"; then
+ case $progpath in
+ [\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";;
+ *) qecho="$SHELL `pwd`/$progpath --fallback-echo";;
+ esac
+ qecho=`$echo "X$qecho" | $Xsed -e "$sed_quote_subst"`
+ else
+ qecho=`$echo "X$echo" | $Xsed -e "$sed_quote_subst"`
+ fi
+
+ # Only actually do things if our run command is non-null.
+ if test -z "$run"; then
+ # win32 will think the script is a binary if it has
+ # a .exe suffix, so we strip it off here.
+ case $output in
+ *.exe) output=`$echo $output|${SED} 's,.exe$,,'` ;;
+ esac
+ # test for cygwin because mv fails w/o .exe extensions
+ case $host in
+ *cygwin*)
+ exeext=.exe
+ outputname=`$echo $outputname|${SED} 's,.exe$,,'` ;;
+ *) exeext= ;;
+ esac
+ case $host in
+ *cygwin* | *mingw* )
+ cwrappersource=`$echo ${objdir}/lt-${outputname}.c`
+ cwrapper=`$echo ${output}.exe`
+ $rm $cwrappersource $cwrapper
+ trap "$rm $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15
+
+ cat > $cwrappersource <<EOF
+
+/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
+ Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+
+ The $output program cannot be directly executed until all the libtool
+ libraries that it depends on are installed.
+
+ This wrapper executable should never be moved out of the build directory.
+ If it is, it will not operate correctly.
+
+ Currently, it simply execs the wrapper *script* "/bin/sh $output",
+ but could eventually absorb all of the scripts functionality and
+ exec $objdir/$outputname directly.
+*/
+EOF
+ cat >> $cwrappersource<<"EOF"
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <malloc.h>
+#include <stdarg.h>
+#include <assert.h>
+
+#if defined(PATH_MAX)
+# define LT_PATHMAX PATH_MAX
+#elif defined(MAXPATHLEN)
+# define LT_PATHMAX MAXPATHLEN
+#else
+# define LT_PATHMAX 1024
+#endif
+
+#ifndef DIR_SEPARATOR
+#define DIR_SEPARATOR '/'
+#endif
+
+#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \
+ defined (__OS2__)
+#define HAVE_DOS_BASED_FILE_SYSTEM
+#ifndef DIR_SEPARATOR_2
+#define DIR_SEPARATOR_2 '\\'
+#endif
+#endif
+
+#ifndef DIR_SEPARATOR_2
+# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR)
+#else /* DIR_SEPARATOR_2 */
+# define IS_DIR_SEPARATOR(ch) \
+ (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2))
+#endif /* DIR_SEPARATOR_2 */
+
+#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type)))
+#define XFREE(stale) do { \
+ if (stale) { free ((void *) stale); stale = 0; } \
+} while (0)
+
+const char *program_name = NULL;
+
+void * xmalloc (size_t num);
+char * xstrdup (const char *string);
+char * basename (const char *name);
+char * fnqualify(const char *path);
+char * strendzap(char *str, const char *pat);
+void lt_fatal (const char *message, ...);
+
+int
+main (int argc, char *argv[])
+{
+ char **newargz;
+ int i;
+
+ program_name = (char *) xstrdup ((char *) basename (argv[0]));
+ newargz = XMALLOC(char *, argc+2);
+EOF
+
+ cat >> $cwrappersource <<EOF
+ newargz[0] = "$SHELL";
+EOF
+
+ cat >> $cwrappersource <<"EOF"
+ newargz[1] = fnqualify(argv[0]);
+ /* we know the script has the same name, without the .exe */
+ /* so make sure newargz[1] doesn't end in .exe */
+ strendzap(newargz[1],".exe");
+ for (i = 1; i < argc; i++)
+ newargz[i+1] = xstrdup(argv[i]);
+ newargz[argc+1] = NULL;
+EOF
+
+ cat >> $cwrappersource <<EOF
+ execv("$SHELL",newargz);
+EOF
+
+ cat >> $cwrappersource <<"EOF"
+}
+
+void *
+xmalloc (size_t num)
+{
+ void * p = (void *) malloc (num);
+ if (!p)
+ lt_fatal ("Memory exhausted");
+
+ return p;
+}
+
+char *
+xstrdup (const char *string)
+{
+ return string ? strcpy ((char *) xmalloc (strlen (string) + 1), string) : NULL
+;
+}
+
+char *
+basename (const char *name)
+{
+ const char *base;
+
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ /* Skip over the disk name in MSDOS pathnames. */
+ if (isalpha (name[0]) && name[1] == ':')
+ name += 2;
+#endif
+
+ for (base = name; *name; name++)
+ if (IS_DIR_SEPARATOR (*name))
+ base = name + 1;
+ return (char *) base;
+}
+
+char *
+fnqualify(const char *path)
+{
+ size_t size;
+ char *p;
+ char tmp[LT_PATHMAX + 1];
+
+ assert(path != NULL);
+
+ /* Is it qualified already? */
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ if (isalpha (path[0]) && path[1] == ':')
+ return xstrdup (path);
+#endif
+ if (IS_DIR_SEPARATOR (path[0]))
+ return xstrdup (path);
+
+ /* prepend the current directory */
+ /* doesn't handle '~' */
+ if (getcwd (tmp, LT_PATHMAX) == NULL)
+ lt_fatal ("getcwd failed");
+ size = strlen(tmp) + 1 + strlen(path) + 1; /* +2 for '/' and '\0' */
+ p = XMALLOC(char, size);
+ sprintf(p, "%s%c%s", tmp, DIR_SEPARATOR, path);
+ return p;
+}
+
+char *
+strendzap(char *str, const char *pat)
+{
+ size_t len, patlen;
+
+ assert(str != NULL);
+ assert(pat != NULL);
+
+ len = strlen(str);
+ patlen = strlen(pat);
+
+ if (patlen <= len)
+ {
+ str += len - patlen;
+ if (strcmp(str, pat) == 0)
+ *str = '\0';
+ }
+ return str;
+}
+
+static void
+lt_error_core (int exit_status, const char * mode,
+ const char * message, va_list ap)
+{
+ fprintf (stderr, "%s: %s: ", program_name, mode);
+ vfprintf (stderr, message, ap);
+ fprintf (stderr, ".\n");
+
+ if (exit_status >= 0)
+ exit (exit_status);
+}
+
+void
+lt_fatal (const char *message, ...)
+{
+ va_list ap;
+ va_start (ap, message);
+ lt_error_core (EXIT_FAILURE, "FATAL", message, ap);
+ va_end (ap);
+}
+EOF
+ # we should really use a build-platform specific compiler
+ # here, but OTOH, the wrappers (shell script and this C one)
+ # are only useful if you want to execute the "real" binary.
+ # Since the "real" binary is built for $host, then this
+ # wrapper might as well be built for $host, too.
+ $run $LTCC -s -o $cwrapper $cwrappersource
+ ;;
+ esac
+ $rm $output
+ trap "$rm $output; exit $EXIT_FAILURE" 1 2 15
+
+ $echo > $output "\
+#! $SHELL
+
+# $output - temporary wrapper script for $objdir/$outputname
+# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+#
+# The $output program cannot be directly executed until all the libtool
+# libraries that it depends on are installed.
+#
+# This wrapper script should never be moved out of the build directory.
+# If it is, it will not operate correctly.
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='${SED} -e 1s/^X//'
+sed_quote_subst='$sed_quote_subst'
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+relink_command=\"$relink_command\"
+
+# This environment variable determines our operation mode.
+if test \"\$libtool_install_magic\" = \"$magic\"; then
+ # install mode needs the following variable:
+ notinst_deplibs='$notinst_deplibs'
+else
+ # When we are sourced in execute mode, \$file and \$echo are already set.
+ if test \"\$libtool_execute_magic\" != \"$magic\"; then
+ echo=\"$qecho\"
+ file=\"\$0\"
+ # Make sure echo works.
+ if test \"X\$1\" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+ elif test \"X\`(\$echo '\t') 2>/dev/null\`\" = 'X\t'; then
+ # Yippee, \$echo works!
+ :
+ else
+ # Restart under the correct shell, and then maybe \$echo will work.
+ exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"}
+ fi
+ fi\
+"
+ $echo >> $output "\
+
+ # Find the directory that this script lives in.
+ thisdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\`
+ test \"x\$thisdir\" = \"x\$file\" && thisdir=.
+
+ # Follow symbolic links until we get to the real thisdir.
+ file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\`
+ while test -n \"\$file\"; do
+ destdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\`
+
+ # If there was a directory component, then change thisdir.
+ if test \"x\$destdir\" != \"x\$file\"; then
+ case \"\$destdir\" in
+ [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
+ *) thisdir=\"\$thisdir/\$destdir\" ;;
+ esac
+ fi
+
+ file=\`\$echo \"X\$file\" | \$Xsed -e 's%^.*/%%'\`
+ file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\`
+ done
+
+ # Try to get the absolute directory name.
+ absdir=\`cd \"\$thisdir\" && pwd\`
+ test -n \"\$absdir\" && thisdir=\"\$absdir\"
+"
+
+ if test "$fast_install" = yes; then
+ $echo >> $output "\
+ program=lt-'$outputname'$exeext
+ progdir=\"\$thisdir/$objdir\"
+
+ if test ! -f \"\$progdir/\$program\" || \\
+ { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\
+ test \"X\$file\" != \"X\$progdir/\$program\"; }; then
+
+ file=\"\$\$-\$program\"
+
+ if test ! -d \"\$progdir\"; then
+ $mkdir \"\$progdir\"
+ else
+ $rm \"\$progdir/\$file\"
+ fi"
+
+ $echo >> $output "\
+
+ # relink executable if necessary
+ if test -n \"\$relink_command\"; then
+ if relink_command_output=\`eval \$relink_command 2>&1\`; then :
+ else
+ $echo \"\$relink_command_output\" >&2
+ $rm \"\$progdir/\$file\"
+ exit $EXIT_FAILURE
+ fi
+ fi
+
+ $mv \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
+ { $rm \"\$progdir/\$program\";
+ $mv \"\$progdir/\$file\" \"\$progdir/\$program\"; }
+ $rm \"\$progdir/\$file\"
+ fi"
+ else
+ $echo >> $output "\
+ program='$outputname'
+ progdir=\"\$thisdir/$objdir\"
+"
+ fi
+
+ $echo >> $output "\
+
+ if test -f \"\$progdir/\$program\"; then"
+
+ # Export our shlibpath_var if we have one.
+ if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+ $echo >> $output "\
+ # Add our own library path to $shlibpath_var
+ $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
+
+ # Some systems cannot cope with colon-terminated $shlibpath_var
+ # The second colon is a workaround for a bug in BeOS R4 sed
+ $shlibpath_var=\`\$echo \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\`
+
+ export $shlibpath_var
+"
+ fi
+
+ # fixup the dll searchpath if we need to.
+ if test -n "$dllsearchpath"; then
+ $echo >> $output "\
+ # Add the dll search path components to the executable PATH
+ PATH=$dllsearchpath:\$PATH
+"
+ fi
+
+ $echo >> $output "\
+ if test \"\$libtool_execute_magic\" != \"$magic\"; then
+ # Run the actual program with our arguments.
+"
+ case $host in
+ # Backslashes separate directories on plain windows
+ *-*-mingw | *-*-os2*)
+ $echo >> $output "\
+ exec \$progdir\\\\\$program \${1+\"\$@\"}
+"
+ ;;
+
+ *)
+ $echo >> $output "\
+ exec \$progdir/\$program \${1+\"\$@\"}
+"
+ ;;
+ esac
+ $echo >> $output "\
+ \$echo \"\$0: cannot exec \$program \${1+\"\$@\"}\"
+ exit $EXIT_FAILURE
+ fi
+ else
+ # The program doesn't exist.
+ \$echo \"\$0: error: \$progdir/\$program does not exist\" 1>&2
+ \$echo \"This script is just a wrapper for \$program.\" 1>&2
+ $echo \"See the $PACKAGE documentation for more information.\" 1>&2
+ exit $EXIT_FAILURE
+ fi
+fi\
+"
+ chmod +x $output
+ fi
+ exit $EXIT_SUCCESS
+ ;;
+ esac
+
+ # See if we need to build an old-fashioned archive.
+ for oldlib in $oldlibs; do
+
+ if test "$build_libtool_libs" = convenience; then
+ oldobjs="$libobjs_save"
+ addlibs="$convenience"
+ build_libtool_libs=no
+ else
+ if test "$build_libtool_libs" = module; then
+ oldobjs="$libobjs_save"
+ build_libtool_libs=no
+ else
+ oldobjs="$old_deplibs $non_pic_objects"
+ fi
+ addlibs="$old_convenience"
+ fi
+
+ if test -n "$addlibs"; then
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $addlibs
+ oldobjs="$oldobjs $func_extract_archives_result"
+ fi
+
+ # Do each command in the archive commands.
+ if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then
+ cmds=$old_archive_from_new_cmds
+ else
+ # POSIX demands no paths to be encoded in archives. We have
+ # to avoid creating archives with duplicate basenames if we
+ # might have to extract them afterwards, e.g., when creating a
+ # static archive out of a convenience library, or when linking
+ # the entirety of a libtool archive into another (currently
+ # not supported by libtool).
+ if (for obj in $oldobjs
+ do
+ $echo "X$obj" | $Xsed -e 's%^.*/%%'
+ done | sort | sort -uc >/dev/null 2>&1); then
+ :
+ else
+ $echo "copying selected object files to avoid basename conflicts..."
+
+ if test -z "$gentop"; then
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ $show "${rm}r $gentop"
+ $run ${rm}r "$gentop"
+ $show "$mkdir $gentop"
+ $run $mkdir "$gentop"
+ status=$?
+ if test "$status" -ne 0 && test ! -d "$gentop"; then
+ exit $status
+ fi
+ fi
+
+ save_oldobjs=$oldobjs
+ oldobjs=
+ counter=1
+ for obj in $save_oldobjs
+ do
+ objbase=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
+ case " $oldobjs " in
+ " ") oldobjs=$obj ;;
+ *[\ /]"$objbase "*)
+ while :; do
+ # Make sure we don't pick an alternate name that also
+ # overlaps.
+ newobj=lt$counter-$objbase
+ counter=`expr $counter + 1`
+ case " $oldobjs " in
+ *[\ /]"$newobj "*) ;;
+ *) if test ! -f "$gentop/$newobj"; then break; fi ;;
+ esac
+ done
+ $show "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
+ $run ln "$obj" "$gentop/$newobj" ||
+ $run cp "$obj" "$gentop/$newobj"
+ oldobjs="$oldobjs $gentop/$newobj"
+ ;;
+ *) oldobjs="$oldobjs $obj" ;;
+ esac
+ done
+ fi
+
+ eval cmds=\"$old_archive_cmds\"
+
+ if len=`expr "X$cmds" : ".*"` &&
+ test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ cmds=$old_archive_cmds
+ else
+ # the command line is too long to link in one step, link in parts
+ $echo "using piecewise archive linking..."
+ save_RANLIB=$RANLIB
+ RANLIB=:
+ objlist=
+ concat_cmds=
+ save_oldobjs=$oldobjs
+
+ # Is there a better way of finding the last object in the list?
+ for obj in $save_oldobjs
+ do
+ last_oldobj=$obj
+ done
+ for obj in $save_oldobjs
+ do
+ oldobjs="$objlist $obj"
+ objlist="$objlist $obj"
+ eval test_cmds=\"$old_archive_cmds\"
+ if len=`expr "X$test_cmds" : ".*"` &&
+ test "$len" -le "$max_cmd_len"; then
+ :
+ else
+ # the above command should be used before it gets too long
+ oldobjs=$objlist
+ if test "$obj" = "$last_oldobj" ; then
+ RANLIB=$save_RANLIB
+ fi
+ test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+ eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\"
+ objlist=
+ fi
+ done
+ RANLIB=$save_RANLIB
+ oldobjs=$objlist
+ if test "X$oldobjs" = "X" ; then
+ eval cmds=\"\$concat_cmds\"
+ else
+ eval cmds=\"\$concat_cmds~\$old_archive_cmds\"
+ fi
+ fi
+ fi
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ eval cmd=\"$cmd\"
+ IFS="$save_ifs"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ done
+
+ if test -n "$generated"; then
+ $show "${rm}r$generated"
+ $run ${rm}r$generated
+ fi
+
+ # Now create the libtool archive.
+ case $output in
+ *.la)
+ old_library=
+ test "$build_old_libs" = yes && old_library="$libname.$libext"
+ $show "creating $output"
+
+ # Preserve any variables that may affect compiler behavior
+ for var in $variables_saved_for_relink; do
+ if eval test -z \"\${$var+set}\"; then
+ relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command"
+ elif eval var_value=\$$var; test -z "$var_value"; then
+ relink_command="$var=; export $var; $relink_command"
+ else
+ var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"`
+ relink_command="$var=\"$var_value\"; export $var; $relink_command"
+ fi
+ done
+ # Quote the link command for shipping.
+ relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
+ relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+ if test "$hardcode_automatic" = yes ; then
+ relink_command=
+ fi
+
+
+ # Only create the output if not a dry run.
+ if test -z "$run"; then
+ for installed in no yes; do
+ if test "$installed" = yes; then
+ if test -z "$install_libdir"; then
+ break
+ fi
+ output="$output_objdir/$outputname"i
+ # Replace all uninstalled libtool libraries with the installed ones
+ newdependency_libs=
+ for deplib in $dependency_libs; do
+ case $deplib in
+ *.la)
+ name=`$echo "X$deplib" | $Xsed -e 's%^.*/%%'`
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ if test -z "$libdir"; then
+ $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ newdependency_libs="$newdependency_libs $libdir/$name"
+ ;;
+ *) newdependency_libs="$newdependency_libs $deplib" ;;
+ esac
+ done
+ dependency_libs="$newdependency_libs"
+ newdlfiles=
+ for lib in $dlfiles; do
+ name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+ if test -z "$libdir"; then
+ $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ newdlfiles="$newdlfiles $libdir/$name"
+ done
+ dlfiles="$newdlfiles"
+ newdlprefiles=
+ for lib in $dlprefiles; do
+ name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+ if test -z "$libdir"; then
+ $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ newdlprefiles="$newdlprefiles $libdir/$name"
+ done
+ dlprefiles="$newdlprefiles"
+ else
+ newdlfiles=
+ for lib in $dlfiles; do
+ case $lib in
+ [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+ *) abs=`pwd`"/$lib" ;;
+ esac
+ newdlfiles="$newdlfiles $abs"
+ done
+ dlfiles="$newdlfiles"
+ newdlprefiles=
+ for lib in $dlprefiles; do
+ case $lib in
+ [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+ *) abs=`pwd`"/$lib" ;;
+ esac
+ newdlprefiles="$newdlprefiles $abs"
+ done
+ dlprefiles="$newdlprefiles"
+ fi
+ $rm $output
+ # place dlname in correct position for cygwin
+ tdlname=$dlname
+ case $host,$output,$installed,$module,$dlname in
+ *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;;
+ esac
+ $echo > $output "\
+# $outputname - a libtool library file
+# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname='$tdlname'
+
+# Names of this library.
+library_names='$library_names'
+
+# The name of the static archive.
+old_library='$old_library'
+
+# Libraries that this one depends upon.
+dependency_libs='$dependency_libs'
+
+# Version information for $libname.
+current=$current
+age=$age
+revision=$revision
+
+# Is this an already installed library?
+installed=$installed
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=$module
+
+# Files to dlopen/dlpreopen
+dlopen='$dlfiles'
+dlpreopen='$dlprefiles'
+
+# Directory that this library needs to be installed in:
+libdir='$install_libdir'"
+ if test "$installed" = no && test "$need_relink" = yes; then
+ $echo >> $output "\
+relink_command=\"$relink_command\""
+ fi
+ done
+ fi
+
+ # Do a symbolic link so that the libtool archive can be found in
+ # LD_LIBRARY_PATH before the program is installed.
+ $show "(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)"
+ $run eval '(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)' || exit $?
+ ;;
+ esac
+ exit $EXIT_SUCCESS
+ ;;
+
+ # libtool install mode
+ install)
+ modename="$modename: install"
+
+ # There may be an optional sh(1) argument at the beginning of
+ # install_prog (especially on Windows NT).
+ if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
+ # Allow the use of GNU shtool's install command.
+ $echo "X$nonopt" | $Xsed | grep shtool > /dev/null; then
+ # Aesthetically quote it.
+ arg=`$echo "X$nonopt" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
+ arg="\"$arg\""
+ ;;
+ esac
+ install_prog="$arg "
+ arg="$1"
+ shift
+ else
+ install_prog=
+ arg="$nonopt"
+ fi
+
+ # The real first argument should be the name of the installation program.
+ # Aesthetically quote it.
+ arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
+ arg="\"$arg\""
+ ;;
+ esac
+ install_prog="$install_prog$arg"
+
+ # We need to accept at least all the BSD install flags.
+ dest=
+ files=
+ opts=
+ prev=
+ install_type=
+ isdir=no
+ stripme=
+ for arg
+ do
+ if test -n "$dest"; then
+ files="$files $dest"
+ dest="$arg"
+ continue
+ fi
+
+ case $arg in
+ -d) isdir=yes ;;
+ -f) prev="-f" ;;
+ -g) prev="-g" ;;
+ -m) prev="-m" ;;
+ -o) prev="-o" ;;
+ -s)
+ stripme=" -s"
+ continue
+ ;;
+ -*) ;;
+
+ *)
+ # If the previous option needed an argument, then skip it.
+ if test -n "$prev"; then
+ prev=
+ else
+ dest="$arg"
+ continue
+ fi
+ ;;
+ esac
+
+ # Aesthetically quote the argument.
+ arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
+ arg="\"$arg\""
+ ;;
+ esac
+ install_prog="$install_prog $arg"
+ done
+
+ if test -z "$install_prog"; then
+ $echo "$modename: you must specify an install program" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ if test -n "$prev"; then
+ $echo "$modename: the \`$prev' option requires an argument" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ if test -z "$files"; then
+ if test -z "$dest"; then
+ $echo "$modename: no file or destination specified" 1>&2
+ else
+ $echo "$modename: you must specify a destination" 1>&2
+ fi
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Strip any trailing slash from the destination.
+ dest=`$echo "X$dest" | $Xsed -e 's%/$%%'`
+
+ # Check to see that the destination is a directory.
+ test -d "$dest" && isdir=yes
+ if test "$isdir" = yes; then
+ destdir="$dest"
+ destname=
+ else
+ destdir=`$echo "X$dest" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$destdir" = "X$dest" && destdir=.
+ destname=`$echo "X$dest" | $Xsed -e 's%^.*/%%'`
+
+ # Not a directory, so check to see that there is only one file specified.
+ set dummy $files
+ if test "$#" -gt 2; then
+ $echo "$modename: \`$dest' is not a directory" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ fi
+ case $destdir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ for file in $files; do
+ case $file in
+ *.lo) ;;
+ *)
+ $echo "$modename: \`$destdir' must be an absolute directory name" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+ done
+ ;;
+ esac
+
+ # This variable tells wrapper scripts just to set variables rather
+ # than running their programs.
+ libtool_install_magic="$magic"
+
+ staticlibs=
+ future_libdirs=
+ current_libdirs=
+ for file in $files; do
+
+ # Do each installation.
+ case $file in
+ *.$libext)
+ # Do the static libraries later.
+ staticlibs="$staticlibs $file"
+ ;;
+
+ *.la)
+ # Check to see that this really is a libtool archive.
+ if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
+ else
+ $echo "$modename: \`$file' is not a valid libtool archive" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ library_names=
+ old_library=
+ relink_command=
+ # If there is no directory component, then add one.
+ case $file in
+ */* | *\\*) . $file ;;
+ *) . ./$file ;;
+ esac
+
+ # Add the libdir to current_libdirs if it is the destination.
+ if test "X$destdir" = "X$libdir"; then
+ case "$current_libdirs " in
+ *" $libdir "*) ;;
+ *) current_libdirs="$current_libdirs $libdir" ;;
+ esac
+ else
+ # Note the libdir as a future libdir.
+ case "$future_libdirs " in
+ *" $libdir "*) ;;
+ *) future_libdirs="$future_libdirs $libdir" ;;
+ esac
+ fi
+
+ dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`/
+ test "X$dir" = "X$file/" && dir=
+ dir="$dir$objdir"
+
+ if test -n "$relink_command"; then
+ # Determine the prefix the user has applied to our future dir.
+ inst_prefix_dir=`$echo "$destdir" | $SED "s%$libdir\$%%"`
+
+ # Don't allow the user to place us outside of our expected
+ # location b/c this prevents finding dependent libraries that
+ # are installed to the same prefix.
+ # At present, this check doesn't affect windows .dll's that
+ # are installed into $libdir/../bin (currently, that works fine)
+ # but it's something to keep an eye on.
+ if test "$inst_prefix_dir" = "$destdir"; then
+ $echo "$modename: error: cannot install \`$file' to a directory not ending in $libdir" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ if test -n "$inst_prefix_dir"; then
+ # Stick the inst_prefix_dir data into the link command.
+ relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
+ else
+ relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%%"`
+ fi
+
+ $echo "$modename: warning: relinking \`$file'" 1>&2
+ $show "$relink_command"
+ if $run eval "$relink_command"; then :
+ else
+ $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ fi
+
+ # See the names of the shared library.
+ set dummy $library_names
+ if test -n "$2"; then
+ realname="$2"
+ shift
+ shift
+
+ srcname="$realname"
+ test -n "$relink_command" && srcname="$realname"T
+
+ # Install the shared library and build the symlinks.
+ $show "$install_prog $dir/$srcname $destdir/$realname"
+ $run eval "$install_prog $dir/$srcname $destdir/$realname" || exit $?
+ if test -n "$stripme" && test -n "$striplib"; then
+ $show "$striplib $destdir/$realname"
+ $run eval "$striplib $destdir/$realname" || exit $?
+ fi
+
+ if test "$#" -gt 0; then
+ # Delete the old symlinks, and create new ones.
+ for linkname
+ do
+ if test "$linkname" != "$realname"; then
+ $show "(cd $destdir && $rm $linkname && $LN_S $realname $linkname)"
+ $run eval "(cd $destdir && $rm $linkname && $LN_S $realname $linkname)"
+ fi
+ done
+ fi
+
+ # Do each command in the postinstall commands.
+ lib="$destdir/$realname"
+ cmds=$postinstall_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ fi
+
+ # Install the pseudo-library for information purposes.
+ name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+ instname="$dir/$name"i
+ $show "$install_prog $instname $destdir/$name"
+ $run eval "$install_prog $instname $destdir/$name" || exit $?
+
+ # Maybe install the static library, too.
+ test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library"
+ ;;
+
+ *.lo)
+ # Install (i.e. copy) a libtool object.
+
+ # Figure out destination file name, if it wasn't already specified.
+ if test -n "$destname"; then
+ destfile="$destdir/$destname"
+ else
+ destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+ destfile="$destdir/$destfile"
+ fi
+
+ # Deduce the name of the destination old-style object file.
+ case $destfile in
+ *.lo)
+ staticdest=`$echo "X$destfile" | $Xsed -e "$lo2o"`
+ ;;
+ *.$objext)
+ staticdest="$destfile"
+ destfile=
+ ;;
+ *)
+ $echo "$modename: cannot copy a libtool object to \`$destfile'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ # Install the libtool object if requested.
+ if test -n "$destfile"; then
+ $show "$install_prog $file $destfile"
+ $run eval "$install_prog $file $destfile" || exit $?
+ fi
+
+ # Install the old object if enabled.
+ if test "$build_old_libs" = yes; then
+ # Deduce the name of the old-style object file.
+ staticobj=`$echo "X$file" | $Xsed -e "$lo2o"`
+
+ $show "$install_prog $staticobj $staticdest"
+ $run eval "$install_prog \$staticobj \$staticdest" || exit $?
+ fi
+ exit $EXIT_SUCCESS
+ ;;
+
+ *)
+ # Figure out destination file name, if it wasn't already specified.
+ if test -n "$destname"; then
+ destfile="$destdir/$destname"
+ else
+ destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+ destfile="$destdir/$destfile"
+ fi
+
+ # If the file is missing, and there is a .exe on the end, strip it
+ # because it is most likely a libtool script we actually want to
+ # install
+ stripped_ext=""
+ case $file in
+ *.exe)
+ if test ! -f "$file"; then
+ file=`$echo $file|${SED} 's,.exe$,,'`
+ stripped_ext=".exe"
+ fi
+ ;;
+ esac
+
+ # Do a test to see if this is really a libtool program.
+ case $host in
+ *cygwin*|*mingw*)
+ wrapper=`$echo $file | ${SED} -e 's,.exe$,,'`
+ ;;
+ *)
+ wrapper=$file
+ ;;
+ esac
+ if (${SED} -e '4q' $wrapper | grep "^# Generated by .*$PACKAGE")>/dev/null 2>&1; then
+ notinst_deplibs=
+ relink_command=
+
+ # To insure that "foo" is sourced, and not "foo.exe",
+ # finese the cygwin/MSYS system by explicitly sourcing "foo."
+ # which disallows the automatic-append-.exe behavior.
+ case $build in
+ *cygwin* | *mingw*) wrapperdot=${wrapper}. ;;
+ *) wrapperdot=${wrapper} ;;
+ esac
+ # If there is no directory component, then add one.
+ case $file in
+ */* | *\\*) . ${wrapperdot} ;;
+ *) . ./${wrapperdot} ;;
+ esac
+
+ # Check the variables that should have been set.
+ if test -z "$notinst_deplibs"; then
+ $echo "$modename: invalid libtool wrapper script \`$wrapper'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ finalize=yes
+ for lib in $notinst_deplibs; do
+ # Check to see that each library is installed.
+ libdir=
+ if test -f "$lib"; then
+ # If there is no directory component, then add one.
+ case $lib in
+ */* | *\\*) . $lib ;;
+ *) . ./$lib ;;
+ esac
+ fi
+ libfile="$libdir/"`$echo "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test
+ if test -n "$libdir" && test ! -f "$libfile"; then
+ $echo "$modename: warning: \`$lib' has not been installed in \`$libdir'" 1>&2
+ finalize=no
+ fi
+ done
+
+ relink_command=
+ # To insure that "foo" is sourced, and not "foo.exe",
+ # finese the cygwin/MSYS system by explicitly sourcing "foo."
+ # which disallows the automatic-append-.exe behavior.
+ case $build in
+ *cygwin* | *mingw*) wrapperdot=${wrapper}. ;;
+ *) wrapperdot=${wrapper} ;;
+ esac
+ # If there is no directory component, then add one.
+ case $file in
+ */* | *\\*) . ${wrapperdot} ;;
+ *) . ./${wrapperdot} ;;
+ esac
+
+ outputname=
+ if test "$fast_install" = no && test -n "$relink_command"; then
+ if test "$finalize" = yes && test -z "$run"; then
+ tmpdir="/tmp"
+ test -n "$TMPDIR" && tmpdir="$TMPDIR"
+ tmpdir="$tmpdir/libtool-$$"
+ save_umask=`umask`
+ umask 0077
+ if $mkdir "$tmpdir"; then
+ umask $save_umask
+ else
+ umask $save_umask
+ $echo "$modename: error: cannot create temporary directory \`$tmpdir'" 1>&2
+ continue
+ fi
+ file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'`
+ outputname="$tmpdir/$file"
+ # Replace the output file specification.
+ relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
+
+ $show "$relink_command"
+ if $run eval "$relink_command"; then :
+ else
+ $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2
+ ${rm}r "$tmpdir"
+ continue
+ fi
+ file="$outputname"
+ else
+ $echo "$modename: warning: cannot relink \`$file'" 1>&2
+ fi
+ else
+ # Install the binary that we compiled earlier.
+ file=`$echo "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
+ fi
+ fi
+
+ # remove .exe since cygwin /usr/bin/install will append another
+ # one anyways
+ case $install_prog,$host in
+ */usr/bin/install*,*cygwin*)
+ case $file:$destfile in
+ *.exe:*.exe)
+ # this is ok
+ ;;
+ *.exe:*)
+ destfile=$destfile.exe
+ ;;
+ *:*.exe)
+ destfile=`$echo $destfile | ${SED} -e 's,.exe$,,'`
+ ;;
+ esac
+ ;;
+ esac
+ $show "$install_prog$stripme $file $destfile"
+ $run eval "$install_prog\$stripme \$file \$destfile" || exit $?
+ test -n "$outputname" && ${rm}r "$tmpdir"
+ ;;
+ esac
+ done
+
+ for file in $staticlibs; do
+ name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+
+ # Set up the ranlib parameters.
+ oldlib="$destdir/$name"
+
+ $show "$install_prog $file $oldlib"
+ $run eval "$install_prog \$file \$oldlib" || exit $?
+
+ if test -n "$stripme" && test -n "$old_striplib"; then
+ $show "$old_striplib $oldlib"
+ $run eval "$old_striplib $oldlib" || exit $?
+ fi
+
+ # Do each command in the postinstall commands.
+ cmds=$old_postinstall_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ done
+
+ if test -n "$future_libdirs"; then
+ $echo "$modename: warning: remember to run \`$progname --finish$future_libdirs'" 1>&2
+ fi
+
+ if test -n "$current_libdirs"; then
+ # Maybe just do a dry run.
+ test -n "$run" && current_libdirs=" -n$current_libdirs"
+ exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs'
+ else
+ exit $EXIT_SUCCESS
+ fi
+ ;;
+
+ # libtool finish mode
+ finish)
+ modename="$modename: finish"
+ libdirs="$nonopt"
+ admincmds=
+
+ if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
+ for dir
+ do
+ libdirs="$libdirs $dir"
+ done
+
+ for libdir in $libdirs; do
+ if test -n "$finish_cmds"; then
+ # Do each command in the finish commands.
+ cmds=$finish_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || admincmds="$admincmds
+ $cmd"
+ done
+ IFS="$save_ifs"
+ fi
+ if test -n "$finish_eval"; then
+ # Do the single finish_eval.
+ eval cmds=\"$finish_eval\"
+ $run eval "$cmds" || admincmds="$admincmds
+ $cmds"
+ fi
+ done
+ fi
+
+ # Exit here if they wanted silent mode.
+ test "$show" = : && exit $EXIT_SUCCESS
+
+ $echo "----------------------------------------------------------------------"
+ $echo "Libraries have been installed in:"
+ for libdir in $libdirs; do
+ $echo " $libdir"
+ done
+ $echo
+ $echo "If you ever happen to want to link against installed libraries"
+ $echo "in a given directory, LIBDIR, you must either use libtool, and"
+ $echo "specify the full pathname of the library, or use the \`-LLIBDIR'"
+ $echo "flag during linking and do at least one of the following:"
+ if test -n "$shlibpath_var"; then
+ $echo " - add LIBDIR to the \`$shlibpath_var' environment variable"
+ $echo " during execution"
+ fi
+ if test -n "$runpath_var"; then
+ $echo " - add LIBDIR to the \`$runpath_var' environment variable"
+ $echo " during linking"
+ fi
+ if test -n "$hardcode_libdir_flag_spec"; then
+ libdir=LIBDIR
+ eval flag=\"$hardcode_libdir_flag_spec\"
+
+ $echo " - use the \`$flag' linker flag"
+ fi
+ if test -n "$admincmds"; then
+ $echo " - have your system administrator run these commands:$admincmds"
+ fi
+ if test -f /etc/ld.so.conf; then
+ $echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
+ fi
+ $echo
+ $echo "See any operating system documentation about shared libraries for"
+ $echo "more information, such as the ld(1) and ld.so(8) manual pages."
+ $echo "----------------------------------------------------------------------"
+ exit $EXIT_SUCCESS
+ ;;
+
+ # libtool execute mode
+ execute)
+ modename="$modename: execute"
+
+ # The first argument is the command name.
+ cmd="$nonopt"
+ if test -z "$cmd"; then
+ $echo "$modename: you must specify a COMMAND" 1>&2
+ $echo "$help"
+ exit $EXIT_FAILURE
+ fi
+
+ # Handle -dlopen flags immediately.
+ for file in $execute_dlfiles; do
+ if test ! -f "$file"; then
+ $echo "$modename: \`$file' is not a file" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ dir=
+ case $file in
+ *.la)
+ # Check to see that this really is a libtool archive.
+ if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
+ else
+ $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Read the libtool library.
+ dlname=
+ library_names=
+
+ # If there is no directory component, then add one.
+ case $file in
+ */* | *\\*) . $file ;;
+ *) . ./$file ;;
+ esac
+
+ # Skip this library if it cannot be dlopened.
+ if test -z "$dlname"; then
+ # Warn if it was a shared library.
+ test -n "$library_names" && $echo "$modename: warning: \`$file' was not linked with \`-export-dynamic'"
+ continue
+ fi
+
+ dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$dir" = "X$file" && dir=.
+
+ if test -f "$dir/$objdir/$dlname"; then
+ dir="$dir/$objdir"
+ else
+ $echo "$modename: cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ ;;
+
+ *.lo)
+ # Just add the directory containing the .lo file.
+ dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$dir" = "X$file" && dir=.
+ ;;
+
+ *)
+ $echo "$modename: warning \`-dlopen' is ignored for non-libtool libraries and objects" 1>&2
+ continue
+ ;;
+ esac
+
+ # Get the absolute pathname.
+ absdir=`cd "$dir" && pwd`
+ test -n "$absdir" && dir="$absdir"
+
+ # Now add the directory to shlibpath_var.
+ if eval "test -z \"\$$shlibpath_var\""; then
+ eval "$shlibpath_var=\"\$dir\""
+ else
+ eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
+ fi
+ done
+
+ # This variable tells wrapper scripts just to set shlibpath_var
+ # rather than running their programs.
+ libtool_execute_magic="$magic"
+
+ # Check if any of the arguments is a wrapper script.
+ args=
+ for file
+ do
+ case $file in
+ -*) ;;
+ *)
+ # Do a test to see if this is really a libtool program.
+ if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ # If there is no directory component, then add one.
+ case $file in
+ */* | *\\*) . $file ;;
+ *) . ./$file ;;
+ esac
+
+ # Transform arg to wrapped name.
+ file="$progdir/$program"
+ fi
+ ;;
+ esac
+ # Quote arguments (to preserve shell metacharacters).
+ file=`$echo "X$file" | $Xsed -e "$sed_quote_subst"`
+ args="$args \"$file\""
+ done
+
+ if test -z "$run"; then
+ if test -n "$shlibpath_var"; then
+ # Export the shlibpath_var.
+ eval "export $shlibpath_var"
+ fi
+
+ # Restore saved environment variables
+ if test "${save_LC_ALL+set}" = set; then
+ LC_ALL="$save_LC_ALL"; export LC_ALL
+ fi
+ if test "${save_LANG+set}" = set; then
+ LANG="$save_LANG"; export LANG
+ fi
+
+ # Now prepare to actually exec the command.
+ exec_cmd="\$cmd$args"
+ else
+ # Display what would be done.
+ if test -n "$shlibpath_var"; then
+ eval "\$echo \"\$shlibpath_var=\$$shlibpath_var\""
+ $echo "export $shlibpath_var"
+ fi
+ $echo "$cmd$args"
+ exit $EXIT_SUCCESS
+ fi
+ ;;
+
+ # libtool clean and uninstall mode
+ clean | uninstall)
+ modename="$modename: $mode"
+ rm="$nonopt"
+ files=
+ rmforce=
+ exit_status=0
+
+ # This variable tells wrapper scripts just to set variables rather
+ # than running their programs.
+ libtool_install_magic="$magic"
+
+ for arg
+ do
+ case $arg in
+ -f) rm="$rm $arg"; rmforce=yes ;;
+ -*) rm="$rm $arg" ;;
+ *) files="$files $arg" ;;
+ esac
+ done
+
+ if test -z "$rm"; then
+ $echo "$modename: you must specify an RM program" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ rmdirs=
+
+ origobjdir="$objdir"
+ for file in $files; do
+ dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$dir" = "X$file"; then
+ dir=.
+ objdir="$origobjdir"
+ else
+ objdir="$dir/$origobjdir"
+ fi
+ name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+ test "$mode" = uninstall && objdir="$dir"
+
+ # Remember objdir for removal later, being careful to avoid duplicates
+ if test "$mode" = clean; then
+ case " $rmdirs " in
+ *" $objdir "*) ;;
+ *) rmdirs="$rmdirs $objdir" ;;
+ esac
+ fi
+
+ # Don't error if the file doesn't exist and rm -f was used.
+ if (test -L "$file") >/dev/null 2>&1 \
+ || (test -h "$file") >/dev/null 2>&1 \
+ || test -f "$file"; then
+ :
+ elif test -d "$file"; then
+ exit_status=1
+ continue
+ elif test "$rmforce" = yes; then
+ continue
+ fi
+
+ rmfiles="$file"
+
+ case $name in
+ *.la)
+ # Possibly a libtool archive, so verify it.
+ if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ . $dir/$name
+
+ # Delete the libtool libraries and symlinks.
+ for n in $library_names; do
+ rmfiles="$rmfiles $objdir/$n"
+ done
+ test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library"
+ test "$mode" = clean && rmfiles="$rmfiles $objdir/$name $objdir/${name}i"
+
+ if test "$mode" = uninstall; then
+ if test -n "$library_names"; then
+ # Do each command in the postuninstall commands.
+ cmds=$postuninstall_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd"
+ if test "$?" -ne 0 && test "$rmforce" != yes; then
+ exit_status=1
+ fi
+ done
+ IFS="$save_ifs"
+ fi
+
+ if test -n "$old_library"; then
+ # Do each command in the old_postuninstall commands.
+ cmds=$old_postuninstall_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd"
+ if test "$?" -ne 0 && test "$rmforce" != yes; then
+ exit_status=1
+ fi
+ done
+ IFS="$save_ifs"
+ fi
+ # FIXME: should reinstall the best remaining shared library.
+ fi
+ fi
+ ;;
+
+ *.lo)
+ # Possibly a libtool object, so verify it.
+ if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+
+ # Read the .lo file
+ . $dir/$name
+
+ # Add PIC object to the list of files to remove.
+ if test -n "$pic_object" \
+ && test "$pic_object" != none; then
+ rmfiles="$rmfiles $dir/$pic_object"
+ fi
+
+ # Add non-PIC object to the list of files to remove.
+ if test -n "$non_pic_object" \
+ && test "$non_pic_object" != none; then
+ rmfiles="$rmfiles $dir/$non_pic_object"
+ fi
+ fi
+ ;;
+
+ *)
+ if test "$mode" = clean ; then
+ noexename=$name
+ case $file in
+ *.exe)
+ file=`$echo $file|${SED} 's,.exe$,,'`
+ noexename=`$echo $name|${SED} 's,.exe$,,'`
+ # $file with .exe has already been added to rmfiles,
+ # add $file without .exe
+ rmfiles="$rmfiles $file"
+ ;;
+ esac
+ # Do a test to see if this is a libtool program.
+ if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ relink_command=
+ . $dir/$noexename
+
+ # note $name still contains .exe if it was in $file originally
+ # as does the version of $file that was added into $rmfiles
+ rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}"
+ if test "$fast_install" = yes && test -n "$relink_command"; then
+ rmfiles="$rmfiles $objdir/lt-$name"
+ fi
+ if test "X$noexename" != "X$name" ; then
+ rmfiles="$rmfiles $objdir/lt-${noexename}.c"
+ fi
+ fi
+ fi
+ ;;
+ esac
+ $show "$rm $rmfiles"
+ $run $rm $rmfiles || exit_status=1
+ done
+ objdir="$origobjdir"
+
+ # Try to remove the ${objdir}s in the directories where we deleted files
+ for dir in $rmdirs; do
+ if test -d "$dir"; then
+ $show "rmdir $dir"
+ $run rmdir $dir >/dev/null 2>&1
+ fi
+ done
+
+ exit $exit_status
+ ;;
+
+ "")
+ $echo "$modename: you must specify a MODE" 1>&2
+ $echo "$generic_help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ if test -z "$exec_cmd"; then
+ $echo "$modename: invalid operation mode \`$mode'" 1>&2
+ $echo "$generic_help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+fi # test -z "$show_help"
+
+if test -n "$exec_cmd"; then
+ eval exec $exec_cmd
+ exit $EXIT_FAILURE
+fi
+
+# We need to display help for each of the modes.
+case $mode in
+"") $echo \
+"Usage: $modename [OPTION]... [MODE-ARG]...
+
+Provide generalized library-building support services.
+
+ --config show all configuration variables
+ --debug enable verbose shell tracing
+-n, --dry-run display commands without modifying any files
+ --features display basic configuration information and exit
+ --finish same as \`--mode=finish'
+ --help display this help message and exit
+ --mode=MODE use operation mode MODE [default=inferred from MODE-ARGS]
+ --quiet same as \`--silent'
+ --silent don't print informational messages
+ --tag=TAG use configuration variables from tag TAG
+ --version print version information
+
+MODE must be one of the following:
+
+ clean remove files from the build directory
+ compile compile a source file into a libtool object
+ execute automatically set library path, then run a program
+ finish complete the installation of libtool libraries
+ install install libraries or executables
+ link create a library or an executable
+ uninstall remove libraries from an installed directory
+
+MODE-ARGS vary depending on the MODE. Try \`$modename --help --mode=MODE' for
+a more detailed description of MODE.
+
+Report bugs to <bug-libtool at gnu.org>."
+ exit $EXIT_SUCCESS
+ ;;
+
+clean)
+ $echo \
+"Usage: $modename [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
+
+Remove files from the build directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, object or program, all the files associated
+with it are deleted. Otherwise, only FILE itself is deleted using RM."
+ ;;
+
+compile)
+ $echo \
+"Usage: $modename [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
+
+Compile a source file into a libtool library object.
+
+This mode accepts the following additional options:
+
+ -o OUTPUT-FILE set the output file name to OUTPUT-FILE
+ -prefer-pic try to building PIC objects only
+ -prefer-non-pic try to building non-PIC objects only
+ -static always build a \`.o' file suitable for static linking
+
+COMPILE-COMMAND is a command to be used in creating a \`standard' object file
+from the given SOURCEFILE.
+
+The output file name is determined by removing the directory component from
+SOURCEFILE, then substituting the C source code suffix \`.c' with the
+library object suffix, \`.lo'."
+ ;;
+
+execute)
+ $echo \
+"Usage: $modename [OPTION]... --mode=execute COMMAND [ARGS]...
+
+Automatically set library path, then run a program.
+
+This mode accepts the following additional options:
+
+ -dlopen FILE add the directory containing FILE to the library path
+
+This mode sets the library path environment variable according to \`-dlopen'
+flags.
+
+If any of the ARGS are libtool executable wrappers, then they are translated
+into their corresponding uninstalled binary, and any of their required library
+directories are added to the library path.
+
+Then, COMMAND is executed, with ARGS as arguments."
+ ;;
+
+finish)
+ $echo \
+"Usage: $modename [OPTION]... --mode=finish [LIBDIR]...
+
+Complete the installation of libtool libraries.
+
+Each LIBDIR is a directory that contains libtool libraries.
+
+The commands that this mode executes may require superuser privileges. Use
+the \`--dry-run' option if you just want to see what would be executed."
+ ;;
+
+install)
+ $echo \
+"Usage: $modename [OPTION]... --mode=install INSTALL-COMMAND...
+
+Install executables or libraries.
+
+INSTALL-COMMAND is the installation command. The first component should be
+either the \`install' or \`cp' program.
+
+The rest of the components are interpreted as arguments to that command (only
+BSD-compatible install options are recognized)."
+ ;;
+
+link)
+ $echo \
+"Usage: $modename [OPTION]... --mode=link LINK-COMMAND...
+
+Link object files or libraries together to form another library, or to
+create an executable program.
+
+LINK-COMMAND is a command using the C compiler that you would use to create
+a program from several object files.
+
+The following components of LINK-COMMAND are treated specially:
+
+ -all-static do not do any dynamic linking at all
+ -avoid-version do not add a version suffix if possible
+ -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime
+ -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols
+ -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
+ -export-symbols SYMFILE
+ try to export only the symbols listed in SYMFILE
+ -export-symbols-regex REGEX
+ try to export only the symbols matching REGEX
+ -LLIBDIR search LIBDIR for required installed libraries
+ -lNAME OUTPUT-FILE requires the installed library libNAME
+ -module build a library that can dlopened
+ -no-fast-install disable the fast-install mode
+ -no-install link a not-installable executable
+ -no-undefined declare that a library does not refer to external symbols
+ -o OUTPUT-FILE create OUTPUT-FILE from the specified objects
+ -objectlist FILE Use a list of object files found in FILE to specify objects
+ -precious-files-regex REGEX
+ don't remove output files matching REGEX
+ -release RELEASE specify package release information
+ -rpath LIBDIR the created library will eventually be installed in LIBDIR
+ -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries
+ -static do not do any dynamic linking of libtool libraries
+ -version-info CURRENT[:REVISION[:AGE]]
+ specify library version info [each variable defaults to 0]
+
+All other options (arguments beginning with \`-') are ignored.
+
+Every other argument is treated as a filename. Files ending in \`.la' are
+treated as uninstalled libtool libraries, other files are standard or library
+object files.
+
+If the OUTPUT-FILE ends in \`.la', then a libtool library is created,
+only library objects (\`.lo' files) may be specified, and \`-rpath' is
+required, except when creating a convenience library.
+
+If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created
+using \`ar' and \`ranlib', or on Windows using \`lib'.
+
+If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file
+is created, otherwise an executable program is created."
+ ;;
+
+uninstall)
+ $echo \
+"Usage: $modename [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
+
+Remove libraries from an installation directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, all the files associated with it are deleted.
+Otherwise, only FILE itself is deleted using RM."
+ ;;
+
+*)
+ $echo "$modename: invalid operation mode \`$mode'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+esac
+
+$echo
+$echo "Try \`$modename --help' for more information about other modes."
+
+exit $?
+
+# The TAGs below are defined such that we never get into a situation
+# in which we disable both kinds of libraries. Given conflicting
+# choices, we go for a static library, that is the most portable,
+# since we can't tell whether shared libraries were disabled because
+# the user asked for that or because the platform doesn't support
+# them. This is particularly important on AIX, because we don't
+# support having both static and shared libraries enabled at the same
+# time on that platform, so we default to a shared-only configuration.
+# If a disable-shared tag is given, we'll fallback to a static-only
+# configuration. But we'll never go from static-only to shared-only.
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-shared
+build_libtool_libs=no
+build_old_libs=yes
+# ### END LIBTOOL TAG CONFIG: disable-shared
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-static
+build_old_libs=`case $build_libtool_libs in yes) $echo no;; *) $echo yes;; esac`
+# ### END LIBTOOL TAG CONFIG: disable-static
+
+# Local Variables:
+# mode:shell-script
+# sh-indentation:2
+# End:
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/missing
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/missing (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/missing 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,190 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+# Copyright (C) 1996, 1997 Free Software Foundation, Inc.
+# Franc,ois Pinard <pinard at iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+# 02111-1307, USA.
+
+if test $# -eq 0; then
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+fi
+
+case "$1" in
+
+ -h|--h|--he|--hel|--help)
+ echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+ -h, --help display this help and exit
+ -v, --version output version information and exit
+
+Supported PROGRAM values:
+ aclocal touch file \`aclocal.m4'
+ autoconf touch file \`configure'
+ autoheader touch file \`config.h.in'
+ automake touch all \`Makefile.in' files
+ bison create \`y.tab.[ch]', if possible, from existing .[ch]
+ flex create \`lex.yy.c', if possible, from existing .c
+ lex create \`lex.yy.c', if possible, from existing .c
+ makeinfo touch the output file
+ yacc create \`y.tab.[ch]', if possible, from existing .[ch]"
+ ;;
+
+ -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+ echo "missing - GNU libit 0.0"
+ ;;
+
+ -*)
+ echo 1>&2 "$0: Unknown \`$1' option"
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+ ;;
+
+ aclocal)
+ echo 1>&2 "\
+WARNING: \`$1' is missing on your system. You should only need it if
+ you modified \`acinclude.m4' or \`configure.in'. You might want
+ to install the \`Automake' and \`Perl' packages. Grab them from
+ any GNU archive site."
+ touch aclocal.m4
+ ;;
+
+ autoconf)
+ echo 1>&2 "\
+WARNING: \`$1' is missing on your system. You should only need it if
+ you modified \`configure.in'. You might want to install the
+ \`Autoconf' and \`GNU m4' packages. Grab them from any GNU
+ archive site."
+ touch configure
+ ;;
+
+ autoheader)
+ echo 1>&2 "\
+WARNING: \`$1' is missing on your system. You should only need it if
+ you modified \`acconfig.h' or \`configure.in'. You might want
+ to install the \`Autoconf' and \`GNU m4' packages. Grab them
+ from any GNU archive site."
+ files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' configure.in`
+ test -z "$files" && files="config.h"
+ touch_files=
+ for f in $files; do
+ case "$f" in
+ *:*) touch_files="$touch_files "`echo "$f" |
+ sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+ *) touch_files="$touch_files $f.in";;
+ esac
+ done
+ touch $touch_files
+ ;;
+
+ automake)
+ echo 1>&2 "\
+WARNING: \`$1' is missing on your system. You should only need it if
+ you modified \`Makefile.am', \`acinclude.m4' or \`configure.in'.
+ You might want to install the \`Automake' and \`Perl' packages.
+ Grab them from any GNU archive site."
+ find . -type f -name Makefile.am -print |
+ sed 's/\.am$/.in/' |
+ while read f; do touch "$f"; done
+ ;;
+
+ bison|yacc)
+ echo 1>&2 "\
+WARNING: \`$1' is missing on your system. You should only need it if
+ you modified a \`.y' file. You may need the \`Bison' package
+ in order for those modifications to take effect. You can get
+ \`Bison' from any GNU archive site."
+ rm -f y.tab.c y.tab.h
+ if [ $# -ne 1 ]; then
+ eval LASTARG="\${$#}"
+ case "$LASTARG" in
+ *.y)
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+ if [ -f "$SRCFILE" ]; then
+ cp "$SRCFILE" y.tab.c
+ fi
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+ if [ -f "$SRCFILE" ]; then
+ cp "$SRCFILE" y.tab.h
+ fi
+ ;;
+ esac
+ fi
+ if [ ! -f y.tab.h ]; then
+ echo >y.tab.h
+ fi
+ if [ ! -f y.tab.c ]; then
+ echo 'main() { return 0; }' >y.tab.c
+ fi
+ ;;
+
+ lex|flex)
+ echo 1>&2 "\
+WARNING: \`$1' is missing on your system. You should only need it if
+ you modified a \`.l' file. You may need the \`Flex' package
+ in order for those modifications to take effect. You can get
+ \`Flex' from any GNU archive site."
+ rm -f lex.yy.c
+ if [ $# -ne 1 ]; then
+ eval LASTARG="\${$#}"
+ case "$LASTARG" in
+ *.l)
+ SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+ if [ -f "$SRCFILE" ]; then
+ cp "$SRCFILE" lex.yy.c
+ fi
+ ;;
+ esac
+ fi
+ if [ ! -f lex.yy.c ]; then
+ echo 'main() { return 0; }' >lex.yy.c
+ fi
+ ;;
+
+ makeinfo)
+ echo 1>&2 "\
+WARNING: \`$1' is missing on your system. You should only need it if
+ you modified a \`.texi' or \`.texinfo' file, or any other file
+ indirectly affecting the aspect of the manual. The spurious
+ call might also be the consequence of using a buggy \`make' (AIX,
+ DU, IRIX). You might want to install the \`Texinfo' package or
+ the \`GNU make' package. Grab either from any GNU archive site."
+ file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
+ if test -z "$file"; then
+ file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+ file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file`
+ fi
+ touch $file
+ ;;
+
+ *)
+ echo 1>&2 "\
+WARNING: \`$1' is needed, and you do not seem to have it handy on your
+ system. You might have modified some files without having the
+ proper tools for further handling them. Check the \`README' file,
+ it often tells you about the needed prerequirements for installing
+ this package. You may also peek at any GNU archive site, in case
+ some other package would contain this missing \`$1' program."
+ exit 1
+ ;;
+esac
+
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/contrib/ldapc++/missing
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/mkinstalldirs
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/mkinstalldirs (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/mkinstalldirs 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,39 @@
+#! /bin/sh
+# mkinstalldirs --- make directory hierarchy
+# Author: Noah Friedman <friedman at prep.ai.mit.edu>
+# Created: 1993-05-16
+# Public domain
+
+
+errstatus=0
+
+for file
+do
+ set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
+ shift
+
+ pathcomp=
+ for d
+ do
+ pathcomp="$pathcomp$d"
+ case "$pathcomp" in
+ -* ) pathcomp=./$pathcomp ;;
+ esac
+
+ if test ! -d "$pathcomp"; then
+ echo "mkdir $pathcomp"
+
+ mkdir "$pathcomp" || lasterr=$?
+
+ if test ! -d "$pathcomp"; then
+ errstatus=$lasterr
+ fi
+ fi
+
+ pathcomp="$pathcomp/"
+ done
+done
+
+exit $errstatus
+
+# mkinstalldirs ends here
Property changes on: openldap/vendor/openldap-2.3.35/contrib/ldapc++/mkinstalldirs
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAddRequest.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAddRequest.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAddRequest.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include <ldap.h>
+
+#include "debug.h"
+
+#include "LDAPAddRequest.h"
+#include "LDAPEntry.h"
+#include "LDAPException.h"
+#include "LDAPMessageQueue.h"
+#include "LDAPResult.h"
+
+using namespace std;
+
+LDAPAddRequest::LDAPAddRequest(const LDAPAddRequest& req) :
+ LDAPRequest(req){
+ DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAddRequest::LDAPAddRequest(&)" << endl);
+ m_entry=new LDAPEntry(*(req.m_entry));
+}
+
+LDAPAddRequest::LDAPAddRequest(const LDAPEntry* entry,
+ LDAPAsynConnection *connect, const LDAPConstraints *cons,
+ bool isReferral, const LDAPRequest* parent)
+ : LDAPRequest(connect, cons, isReferral,parent){
+ DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAddRequest::LDAPAddRequest()" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+ " entry:" << entry << endl
+ << " isReferral:" << isReferral << endl);
+ m_requestType = LDAPRequest::ADD;
+ m_entry = new LDAPEntry(*entry);
+}
+
+LDAPAddRequest::~LDAPAddRequest(){
+ DEBUG(LDAP_DEBUG_DESTROY, "LDAPAddRequest::~LDAPAddRequest()" << endl);
+ delete m_entry;
+}
+
+LDAPMessageQueue* LDAPAddRequest::sendRequest(){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPAddRequest::sendRequest()" << endl);
+ int msgID=0;
+ const LDAPAttributeList* list=m_entry->getAttributes();
+ LDAPMod** attrs=list->toLDAPModArray();
+ LDAPControl** tmpSrvCtrls = m_cons->getSrvCtrlsArray();
+ LDAPControl** tmpClCtrls = m_cons->getClCtrlsArray();
+ int err=ldap_add_ext(m_connection->getSessionHandle(),
+ m_entry->getDN().c_str(),attrs,tmpSrvCtrls,tmpClCtrls,&msgID);
+ LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+ LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+ ldap_mods_free(attrs,1);
+ if(err != LDAP_SUCCESS){
+ throw LDAPException(err);
+ }else{
+ m_msgID=msgID;
+ return new LDAPMessageQueue(this);
+ }
+}
+
+LDAPRequest* LDAPAddRequest::followReferral(LDAPMsg* ref){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPAddRequest::followReferral()"<< endl);
+ LDAPUrlList::const_iterator usedUrl;
+ LDAPUrlList urls = ((LDAPResult*)ref)->getReferralUrls();
+ LDAPAsynConnection* con = 0;
+ try {
+ con = getConnection()->referralConnect(urls,usedUrl,m_cons);
+ } catch(LDAPException e){
+ delete con;
+ return 0;
+ }
+ if(con != 0){
+ return new LDAPAddRequest(m_entry, con, m_cons,true,this);
+ }
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAddRequest.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAddRequest.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAddRequest.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_ADD_REQUEST_H
+#define LDAP_ADD_REQUEST_H
+
+#include <LDAPRequest.h>
+#include <LDAPEntry.h>
+
+class LDAPMessageQueue;
+
+class LDAPAddRequest : LDAPRequest {
+ public:
+ LDAPAddRequest(const LDAPAddRequest& req);
+ LDAPAddRequest(const LDAPEntry* entry,
+ LDAPAsynConnection *connect,
+ const LDAPConstraints *cons, bool isReferral=false,
+ const LDAPRequest* parent=0);
+ virtual ~LDAPAddRequest();
+ virtual LDAPMessageQueue* sendRequest();
+ virtual LDAPRequest* followReferral(LDAPMsg* refs);
+ private:
+ LDAPEntry* m_entry;
+
+};
+#endif // LDAP_ADD_REQUEST_H
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAsynConnection.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAsynConnection.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAsynConnection.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,303 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "config.h"
+#include "debug.h"
+#include "LDAPAsynConnection.h"
+
+#include "LDAPAddRequest.h"
+#include "LDAPBindRequest.h"
+#include "LDAPCompareRequest.h"
+#include "LDAPDeleteRequest.h"
+#include "LDAPException.h"
+#include "LDAPExtRequest.h"
+#include "LDAPEntry.h"
+#include "LDAPModDNRequest.h"
+#include "LDAPModifyRequest.h"
+#include "LDAPRequest.h"
+#include "LDAPRebind.h"
+#include "LDAPRebindAuth.h"
+#include "LDAPSearchRequest.h"
+#include <sstream>
+
+using namespace std;
+
+LDAPAsynConnection::LDAPAsynConnection(const string& hostname, int port,
+ LDAPConstraints *cons ){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPAsynConnection::LDAPAsynConnection()"
+ << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+ " host:" << hostname << endl << " port:" << port << endl);
+ cur_session=0;
+ m_constr = 0;
+ this->init(hostname, port);
+ this->setConstraints(cons);
+}
+
+LDAPAsynConnection::~LDAPAsynConnection(){
+ DEBUG(LDAP_DEBUG_DESTROY,
+ "LDAPAsynConnection::~LDAPAsynConnection()" << endl);
+ unbind();
+ //delete m_constr;
+}
+
+void LDAPAsynConnection::init(const string& hostname, int port){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::init" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,
+ " hostname:" << hostname << endl
+ << " port:" << port << endl);
+ std::ostringstream urlstream;
+ urlstream << "ldap://" + hostname << ":" << port;
+ std::string url = urlstream.str();
+ ldap_initialize(&cur_session, url.c_str());
+ m_host=hostname;
+ m_port=port;
+ int opt=3;
+ ldap_set_option(cur_session, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
+ ldap_set_option(cur_session, LDAP_OPT_PROTOCOL_VERSION, &opt);
+}
+
+void LDAPAsynConnection::start_tls(){
+ int resCode;
+ if( ldap_start_tls_s( cur_session, NULL, NULL ) != LDAP_SUCCESS ) {
+ throw LDAPException(this);
+ }
+}
+
+LDAPMessageQueue* LDAPAsynConnection::bind(const string& dn,
+ const string& passwd, const LDAPConstraints *cons){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPAsynConnection::bind()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER, " dn:" << dn << endl
+ << " passwd:" << passwd << endl);
+ LDAPBindRequest *req = new LDAPBindRequest(dn,passwd,this,cons);
+ try{
+ LDAPMessageQueue *ret = req->sendRequest();
+ return ret;
+ }catch(LDAPException e){
+ delete req;
+ throw;
+ }
+}
+
+LDAPMessageQueue* LDAPAsynConnection::search(const string& base,int scope,
+ const string& filter,
+ const StringList& attrs,
+ bool attrsOnly,
+ const LDAPConstraints *cons){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPAsynConnection::search()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER, " base:" << base << endl
+ << " scope:" << scope << endl
+ << " filter:" << filter << endl );
+ LDAPSearchRequest *req = new LDAPSearchRequest(base, scope,filter, attrs,
+ attrsOnly, this, cons);
+ try{
+ LDAPMessageQueue *ret = req->sendRequest();
+ return ret;
+ }catch(LDAPException e){
+ delete req;
+ throw;
+ }
+}
+
+LDAPMessageQueue* LDAPAsynConnection::del(const string& dn,
+ const LDAPConstraints *cons){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::del()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER," dn:" << dn << endl);
+ LDAPDeleteRequest *req = new LDAPDeleteRequest(dn, this, cons);
+ try{
+ LDAPMessageQueue *ret = req->sendRequest();
+ return ret;
+ }catch(LDAPException e){
+ delete req;
+ throw;
+ }
+}
+
+LDAPMessageQueue* LDAPAsynConnection::compare(const string& dn,
+ const LDAPAttribute& attr, const LDAPConstraints *cons){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::compare()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER," dn:" << dn << endl
+ << " attr:" << attr << endl);
+ LDAPCompareRequest *req = new LDAPCompareRequest(dn, attr, this, cons);
+ try{
+ LDAPMessageQueue *ret = req->sendRequest();
+ return ret;
+ }catch(LDAPException e){
+ delete req;
+ throw;
+ }
+}
+
+LDAPMessageQueue* LDAPAsynConnection::add( const LDAPEntry* le,
+ const LDAPConstraints *cons){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::add()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER," entry:" << *le << endl);
+ LDAPAddRequest *req = new LDAPAddRequest(le, this, cons);
+ try{
+ LDAPMessageQueue *ret = req->sendRequest();
+ return ret;
+ }catch(LDAPException e){
+ delete req;
+ throw;
+ }
+}
+
+LDAPMessageQueue* LDAPAsynConnection::modify(const string& dn,
+ const LDAPModList *mod, const LDAPConstraints *cons){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::modify()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER," dn:" << dn << endl);
+ LDAPModifyRequest *req = new LDAPModifyRequest(dn, mod, this, cons);
+ try{
+ LDAPMessageQueue *ret = req->sendRequest();
+ return ret;
+ }catch(LDAPException e){
+ delete req;
+ throw;
+ }
+}
+
+LDAPMessageQueue* LDAPAsynConnection::rename(const string& dn,
+ const string& newRDN, bool delOldRDN, const string& newParentDN,
+ const LDAPConstraints *cons ){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::rename()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER," dn:" << dn << endl
+ << " newRDN:" << newRDN << endl
+ << " newParentDN:" << newParentDN << endl
+ << " delOldRDN:" << delOldRDN << endl);
+ LDAPModDNRequest *req = new LDAPModDNRequest(dn, newRDN, delOldRDN,
+ newParentDN, this, cons );
+ try{
+ LDAPMessageQueue *ret = req->sendRequest();
+ return ret;
+ }catch(LDAPException e){
+ delete req;
+ throw;
+ }
+}
+
+
+LDAPMessageQueue* LDAPAsynConnection::extOperation(const string& oid,
+ const string& value, const LDAPConstraints *cons ){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::extOperation()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER," oid:" << oid << endl);
+ LDAPExtRequest *req = new LDAPExtRequest(oid, value, this,cons);
+ try{
+ LDAPMessageQueue *ret = req->sendRequest();
+ return ret;
+ }catch(LDAPException e){
+ delete req;
+ throw;
+ }
+}
+
+
+void LDAPAsynConnection::abandon(LDAPMessageQueue *q){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::abandon()" << endl);
+ LDAPRequestStack *reqStack=q->getRequestStack();
+ LDAPRequest *req;
+ while(! reqStack->empty()){
+ req=reqStack->top();
+ if (ldap_abandon_ext(cur_session, req->getMsgID(), 0, 0)
+ != LDAP_SUCCESS){
+ throw LDAPException(this);
+ }
+ delete req;
+ reqStack->pop();
+ }
+}
+
+void LDAPAsynConnection::unbind(){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::unbind()" << endl);
+ if(cur_session){
+ LDAPControl** tmpSrvCtrls=m_constr->getSrvCtrlsArray();
+ LDAPControl** tmpClCtrls=m_constr->getClCtrlsArray();
+ int err=ldap_unbind_ext(cur_session, tmpSrvCtrls, tmpClCtrls);
+ cur_session=0;
+ LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+ LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+ if(err != LDAP_SUCCESS){
+ throw LDAPException(err);
+ }
+ }
+}
+
+void LDAPAsynConnection::setConstraints(LDAPConstraints *cons){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::setConstraints()" << endl);
+ m_constr=cons;
+}
+
+const LDAPConstraints* LDAPAsynConnection::getConstraints() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::getConstraints()" << endl);
+ return m_constr;
+}
+
+LDAP* LDAPAsynConnection::getSessionHandle() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::getSessionHandle()" << endl);
+ return cur_session;
+}
+
+const string& LDAPAsynConnection::getHost() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::setHost()" << endl);
+ return m_host;
+}
+
+int LDAPAsynConnection::getPort() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::getPort()" << endl);
+ return m_port;
+}
+
+LDAPAsynConnection* LDAPAsynConnection::referralConnect(
+ const LDAPUrlList& urls, LDAPUrlList::const_iterator& usedUrl,
+ const LDAPConstraints* cons) const {
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPAsynConnection::referralConnect()" << endl)
+ LDAPUrlList::const_iterator conUrl;
+ LDAPAsynConnection* tmpConn=0;
+ const LDAPRebind* rebind = cons->getReferralRebind();
+ LDAPRebindAuth* auth = 0;
+
+ for(conUrl=urls.begin(); conUrl!=urls.end(); conUrl++){
+ string host= conUrl->getHost();
+ int port= conUrl->getPort();
+ DEBUG(LDAP_DEBUG_TRACE," connecting to: " << host << ":" <<
+ port << endl);
+ //Set the new connection's constraints-object ?
+ tmpConn=new LDAPAsynConnection(host.c_str(),port);
+ int err=0;
+
+ if(rebind){
+ auth=rebind->getRebindAuth(host, port);
+ }
+ if(auth){
+ string dn = auth->getDN();
+ string passwd = auth->getPassword();
+ const char* c_dn=0;
+ struct berval c_passwd = { 0, 0 };
+ if(dn != ""){
+ c_dn = dn.c_str();
+ }
+ if(passwd != ""){
+ c_passwd.bv_val = const_cast<char*>(passwd.c_str());
+ c_passwd.bv_len = passwd.size();
+ }
+ err = ldap_sasl_bind_s(tmpConn->getSessionHandle(), c_dn,
+ LDAP_SASL_SIMPLE, &c_passwd, NULL, NULL, NULL);
+ } else {
+ // Do anonymous bind
+ err = ldap_sasl_bind_s(tmpConn->getSessionHandle(),NULL,
+ LDAP_SASL_SIMPLE, NULL, NULL, NULL, NULL);
+ }
+ if( err == LDAP_SUCCESS ){
+ usedUrl=conUrl;
+ return tmpConn;
+ }else{
+ delete tmpConn;
+ tmpConn=0;
+ }
+ auth=0;
+ }
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAsynConnection.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAsynConnection.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAsynConnection.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,327 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_ASYN_CONNECTION_H
+#define LDAP_ASYN_CONNECTION_H
+
+#include<iostream>
+#include<string>
+
+#include<ldap.h>
+#include<lber.h>
+
+#include <LDAPMessageQueue.h>
+#include <LDAPConstraints.h>
+#include <LDAPModification.h>
+#include <LDAPModList.h>
+#include <LDAPUrl.h>
+#include <LDAPUrlList.h>
+
+class LDAPEntry;
+class LDAPAttribute;
+
+//* Main class for an asynchronous LDAP connection
+/**
+ * This class represents an asynchronous connection to an LDAP-Server. It
+ * provides the methods for authentication, and all other LDAP-Operations
+ * (e.g. search, add, delete, etc.)
+ * All of the LDAP-Operations return a pointer to a LDAPMessageQueue-Object,
+ * which can be used to obtain the results of that operation.
+ * A basic example of this class could be like this: <BR>
+ * 1. Create a new LDAPAsynConnection Object: <BR>
+ * 2. Use the init-method to initialize the connection <BR>
+ * 3. Call the bind-method to authenticate to the directory <BR>
+ * 4. Obtain the bind results from the return LDAPMessageQueue-Object <BR>
+ * 5. Perform on of the operations on the directory (add, delete, search, ..)
+ * <BR>
+ * 6. Use the return LDAPMessageQueue to obtain the results of the operation
+ * <BR>
+ * 7. Close the connection (feature not implemented yet :) ) <BR>
+ */
+class LDAPAsynConnection{
+ public :
+ /**
+ * Constant for the Search-Operation to indicate a Base-Level
+ * Search
+ */
+ static const int SEARCH_BASE=0;
+
+ /**
+ * Constant for the Search-Operation to indicate a One-Level
+ * Search
+ */
+ static const int SEARCH_ONE=1;
+
+ /**
+ * Constant for the Search-Operation to indicate a subtree
+ * Search
+ */
+ static const int SEARCH_SUB=2;
+// static const int SEARCH_SUB=LDAP_SCOPE_SUBTREE;
+// static const int SEARCH_ONE=LDAP_SCOPE_ONELEVEL;
+// static const int SEARCH_SUB=LDAP_SCOPE_SUBTREE;
+
+ /** Construtor that initializes a connection to a server
+ * @param hostname Name (or IP-Adress) of the destination host
+ * @param port Port the LDAP server is running on
+ * @param cons Default constraints to use with operations over
+ * this connection
+ */
+ LDAPAsynConnection(const std::string& hostname=std::string("localhost"),
+ int port=389, LDAPConstraints *cons=new LDAPConstraints() );
+
+ //* Destructor
+ virtual ~LDAPAsynConnection();
+
+ /**
+ * Initializes a connection to a server.
+ *
+ * There actually no
+ * communication to the server. Just the object is initialized
+ * (e.g. this method is called within the
+ * LDAPAsynConnection(char*,int,LDAPConstraints) constructor.)
+ * @param hostname The Name or IP-Address of the destination
+ * LDAP-Server
+ * @param port The Network Port the server is running on
+ */
+ void init(const std::string& hostname, int port);
+
+ /**
+ * Start TLS on this connection. This isn't in the constructor,
+ * because it could fail (i.e. server doesn't have SSL cert, client
+ * api wasn't compiled against OpenSSL, etc.).
+ * @throws LDAPException if the TLS Layer could not be setup
+ * correctly
+ */
+ void start_tls();
+
+ /** Simple authentication to a LDAP-Server
+ *
+ * @throws LDAPException If the Request could not be sent to the
+ * destination server, a LDAPException-object contains the
+ * error that occured.
+ * This method does a simple (username, password) bind to the server.
+ * Other, saver, authentcation methods are provided later
+ * @param dn the distiguished name to bind as
+ * @param passwd cleartext password to use
+ */
+ LDAPMessageQueue* bind(const std::string& dn="", const std::string& passwd="",
+ const LDAPConstraints *cons=0);
+
+ /** Performing a search on a directory tree.
+ *
+ * Use the search method to perform a search on the LDAP-Directory
+ * @throws LDAPException If the Request could not be sent to the
+ * destination server, a LDAPException-object contains the
+ * error that occured.
+ * @param base The distinguished name of the starting point for the
+ * search operation
+ * @param scope The scope of the search. Possible values: <BR>
+ * LDAPAsynConnection::SEARCH_BASE, <BR>
+ * LDAPAsynConnection::SEARCH_ONE, <BR>
+ * LDAPAsynConnection::SEARCH_SUB
+ * @param filter The std::string representation of a search filter to
+ * use with this operation
+ * @param attrsOnly true if only the attributes names (no values)
+ * should be returned
+ * @param cons A set of constraints that should be used with this
+ * request
+ */
+ LDAPMessageQueue* search(const std::string& base="", int scope=0,
+ const std::string& filter="objectClass=*",
+ const StringList& attrs=StringList(),
+ bool attrsOnly=false,
+ const LDAPConstraints *cons=0);
+
+ /** Delete an entry from the directory
+ *
+ * This method sends a delete request to the server
+ * @throws LDAPException If the Request could not be sent to the
+ * destination server, a LDAPException-object contains the
+ * error that occured.
+ * @param dn Distinguished name of the entry that should be deleted
+ * @param cons A set of constraints that should be used with this
+ * request
+ */
+ LDAPMessageQueue* del(const std::string& dn, const LDAPConstraints *cons=0);
+
+ /**
+ * Perform the COMPARE-operation on an attribute
+ *
+ * @throws LDAPException If the Request could not be sent to the
+ * destination server, a LDAPException-object contains the
+ * error that occured.
+ * @param dn Distinguished name of the entry for which the compare
+ * should be performed
+ * @param attr An Attribute (one (!) value) to use for the
+ * compare operation
+ * @param cons A set of constraints that should be used with this
+ * request
+ */
+ LDAPMessageQueue* compare(const std::string& dn,
+ const LDAPAttribute& attr,
+ const LDAPConstraints *cons=0);
+
+ /** Add an entry to the directory
+ *
+ * @throws LDAPException If the Request could not be sent to the
+ * destination server, a LDAPException-object contains the
+ * error that occured.
+ * @param le The entry that will be added to the directory
+ */
+ LDAPMessageQueue* add( const LDAPEntry* le,
+ const LDAPConstraints *const=0);
+
+ /** Apply modifications to attributes of an entry
+ *
+ * @throws LDAPException If the Request could not be sent to the
+ * destination server, a LDAPException-object contains the
+ * error that occured.
+ * @param dn Distiguished Name of the Entry to modify
+ * @param modlist A set of modification that should be applied
+ * to the Entry
+ * @param cons A set of constraints that should be used with this
+ * request
+ */
+ LDAPMessageQueue* modify(const std::string& dn,
+ const LDAPModList *modlist,
+ const LDAPConstraints *cons=0);
+
+ /** modify the DN of an entry
+ *
+ * @throws LDAPException If the Request could not be sent to the
+ * destination server, a LDAPException-object contains the
+ * error that occured.
+ * @param dn DN to modify
+ * @param newRDN The new relative DN for the entry
+ * @param delOldRDN true=The old RDN will be removed from the
+ * attributes <BR>
+ * false=The old RDN will still be present in the
+ * attributes of the entry
+ * @param newParentDN The DN of the new parent entry of the entry
+ * 0 to keep the old one
+ */
+ LDAPMessageQueue* rename(const std::string& dn,
+ const std::string& newRDN,
+ bool delOldRDN=false, const std::string& newParentDN="",
+ const LDAPConstraints* cons=0);
+
+ /** Perform a LDAP extended Operation
+ *
+ * @throws LDAPException If the Request could not be sent to the
+ * destination server, a LDAPException-object contains the
+ * error that occured.
+ * @param oid The dotted decimal representation of the extended
+ * Operation that should be performed
+ * @param value The data asociated with this operation
+ * @param cons A set of constraints that should be used with this
+ * request
+ */
+ LDAPMessageQueue* extOperation(const std::string& oid,
+ const std::string& value="", const LDAPConstraints *cons=0);
+
+ /** End an outstanding request
+ *
+ * @param q All outstanding request related to this LDAPMessageQueue
+ * will be abandoned
+ */
+ void abandon(LDAPMessageQueue *q);
+
+ /**
+ * Performs the UNBIND-operation on the destination server
+ *
+ * @throws LDAPException in any case of an error
+ */
+ void unbind();
+
+ /**
+ * @returns The C-APIs LDAP-structure that is associated with the
+ * current connection
+ */
+ LDAP* getSessionHandle() const ;
+
+ /**
+ * @returns The Hostname of the destination server of the
+ * connection.
+ */
+ const std::string& getHost() const;
+
+ /**
+ * @returns The Port to which this connection is connecting to on
+ * the remote server.
+ */
+ int getPort() const;
+
+ /** Change the default constraints of the connection
+ *
+ * @parameter cons cons New LDAPConstraints to use with the connection
+ */
+ void setConstraints(LDAPConstraints *cons);
+
+ /** Get the default constraints of the connection
+ *
+ * @return Pointer to the LDAPConstraints-Object that is currently
+ * used with the Connection
+ */
+ const LDAPConstraints* getConstraints() const;
+
+ /**
+ * This method is used internally for automatic referral chasing.
+ * It tries to bind to a destination server of the URLs of a
+ * referral.
+ *
+ * @throws LDAPException in any case of an error
+ * @param urls Contains a std::list of LDAP-Urls that indicate the
+ * destinations of a referral
+ * @param usedUrl After this method has successfully bind to one of
+ * the Destination URLs this parameter contains the URLs
+ * which was contacted.
+ * @param cons An LDAPConstraints-Object that should be used for
+ * the new connection. If this object contains a
+ * LDAPRebind-object it is used to bind to the new server
+ */
+ LDAPAsynConnection* referralConnect(const LDAPUrlList& urls,
+ LDAPUrlList::const_iterator& usedUrl,
+ const LDAPConstraints* cons) const;
+
+ private :
+ /**
+ * Private copy constructor. So nobody can call it.
+ */
+ LDAPAsynConnection(const LDAPAsynConnection& lc){};
+
+ /**
+ * A pointer to the C-API LDAP-structure that is associated with
+ * this connection
+ */
+ LDAP *cur_session;
+
+ /**
+ * A pointer to the default LDAPConstrains-object that is used when
+ * no LDAPConstraints-parameter is provided with a call for a
+ * LDAP-operation
+ */
+ LDAPConstraints *m_constr;
+
+ /**
+ * The name of the destination host
+ */
+ std::string m_host;
+
+ /**
+ * The port the destination server is running on.
+ */
+ int m_port;
+
+ protected:
+ /**
+ * Is caching enabled?
+ */
+ bool m_cacheEnabled;
+};
+#endif //LDAP_ASYN_CONNECTION_H
+
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttrType.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttrType.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttrType.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2003, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "debug.h"
+#include "LDAPAttrType.h"
+
+
+LDAPAttrType::LDAPAttrType(){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPAttrType::LDAPAttrType( )" << endl);
+
+ oid = string ();
+ desc = string ();
+ names = StringList ();
+ single = false;
+}
+
+LDAPAttrType::LDAPAttrType (const LDAPAttrType &at){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPAttrType::LDAPAttrType( )" << endl);
+
+ oid = at.oid;
+ desc = at.desc;
+ names = at.names;
+ single = at.single;
+}
+
+LDAPAttrType::LDAPAttrType (string at_item) {
+
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPAttrType::LDAPAttrType( )" << endl);
+
+ LDAPAttributeType *a;
+ int ret;
+ const char *errp;
+ a = ldap_str2attributetype (at_item.c_str(), &ret, &errp,SCHEMA_PARSE_FLAG);
+
+ if (a) {
+ this->setNames (a->at_names);
+ this->setDesc (a->at_desc);
+ this->setOid (a->at_oid);
+ this->setSingle (a->at_single_value);
+ }
+ // else? -> error
+}
+
+LDAPAttrType::~LDAPAttrType() {
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPAttrType::~LDAPAttrType()" << endl);
+}
+
+void LDAPAttrType::setSingle (int at_single) {
+ single = (at_single == 1);
+}
+
+void LDAPAttrType::setNames (char **at_names) {
+ names = StringList (at_names);
+}
+
+void LDAPAttrType::setDesc (char *at_desc) {
+ desc = string ();
+ if (at_desc)
+ desc = at_desc;
+}
+
+void LDAPAttrType::setOid (char *at_oid) {
+ oid = string ();
+ if (at_oid)
+ oid = at_oid;
+}
+
+bool LDAPAttrType::isSingle () {
+ return single;
+}
+
+string LDAPAttrType::getOid () {
+ return oid;
+}
+
+string LDAPAttrType::getDesc () {
+ return desc;
+}
+
+StringList LDAPAttrType::getNames () {
+ return names;
+}
+
+string LDAPAttrType::getName () {
+
+ if (names.empty())
+ return "";
+ else
+ return *(names.begin());
+}
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttrType.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttrType.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttrType.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2003, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_ATTRTYPE_H
+#define LDAP_ATTRTYPE_H
+
+#include <ldap_schema.h>
+#include <string>
+
+#include "StringList.h"
+
+#define SCHEMA_PARSE_FLAG 0x03
+
+
+using namespace std;
+
+/**
+ * Represents the Attribute Type (from LDAP schema)
+ */
+class LDAPAttrType{
+ private :
+ StringList names;
+ string desc, oid;
+ bool single;
+
+ public :
+
+ /**
+ * Constructor
+ */
+ LDAPAttrType();
+
+ /**
+ * Copy constructor
+ */
+ LDAPAttrType (const LDAPAttrType& oc);
+
+ /**
+ * Constructs new object and fills the data structure by parsing the
+ * argument.
+ * @param at_item description of attribute type is string returned
+ * by the search command. It is in the form:
+ * "( SuSE.YaST.Attr:19 NAME ( 'skelDir' ) DESC ''
+ * EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )"
+ */
+ LDAPAttrType (string at_item);
+
+ /**
+ * Destructor
+ */
+ virtual ~LDAPAttrType();
+
+
+ /**
+ * Returns attribute description
+ */
+ string getDesc ();
+
+ /**
+ * Returns attribute oid
+ */
+ string getOid ();
+
+ /**
+ * Returns attribute name (first one if there are more of them)
+ */
+ string getName ();
+
+ /**
+ * Returns all attribute names
+ */
+ StringList getNames();
+
+ /**
+ * Returns true if attribute type hllows only single value
+ */
+ bool isSingle();
+
+ void setNames (char **at_names);
+ void setDesc (char *at_desc);
+ void setOid (char *at_oid);
+ void setSingle (int at_single_value);
+
+};
+
+#endif // LDAP_ATTRTYPE_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttribute.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttribute.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttribute.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,198 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+//TODO!!!
+// * some kind of iterator to step through the attribute values
+// * remove values from Attribute
+// * handling of subtypes (;de; and so on)
+// * some documentation
+
+
+#include <ldap.h>
+//#include <ctype.h>
+
+#include "debug.h"
+#include "StringList.h"
+
+#include "LDAPAttribute.h"
+
+using namespace std;
+
+LDAPAttribute::LDAPAttribute(){
+ DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAttribute::LDAPAttribute( )" << endl);
+ m_name=string();
+}
+
+LDAPAttribute::LDAPAttribute(const LDAPAttribute& attr){
+ DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAttribute::LDAPAttribute(&)" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+ " attr:" << attr << endl);
+ m_name=attr.m_name;
+ m_values=StringList(attr.m_values);
+}
+
+LDAPAttribute::LDAPAttribute(const string& name, const string& value){
+ DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAttribute::LDAPAttribute()" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+ " name:" << name << endl << " value:" << value << endl);
+ this->setName(name);
+ if(value != ""){
+ this->addValue(value);
+ }
+}
+
+
+LDAPAttribute::LDAPAttribute(const string& name, const StringList& values){
+ DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAttribute::LDAPAttribute()" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+ " name:" << name << endl);
+ m_name=name;
+ m_values=values;
+}
+
+LDAPAttribute::LDAPAttribute(const char *name, char **values){
+ DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAttribute::LDAPAttribute()" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+ " name:" << name << endl);
+ this->setName(name);
+ this->setValues(values);
+}
+
+LDAPAttribute::LDAPAttribute(const char *name, BerValue **values){
+ DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAttribute::LDAPAttribute()" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+ " name:" << name << endl);
+ this->setName(name);
+ this->setValues(values);
+}
+
+LDAPAttribute::~LDAPAttribute(){
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPAttribute::~LDAPAttribute()" << endl);
+}
+
+void LDAPAttribute::addValue(const string& value){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::addValue()" << endl);
+ m_values.add(value);
+}
+
+int LDAPAttribute::addValue(const BerValue *value){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::addValue()" << endl);
+ if(value!=0){
+ this->addValue(string(value->bv_val, value->bv_len));
+ return 0;
+ }
+ return -1;
+}
+
+int LDAPAttribute::setValues(char **values){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::setValues()" << endl);
+ if(values){
+ m_values.clear();
+ for( char **i=values; *i!=0; i++){
+ this->addValue(*i);
+ }
+ }
+ return 0;
+}
+
+int LDAPAttribute::setValues(BerValue **values){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::setValues()" << endl);
+ if(values){
+ m_values.clear();
+ for( BerValue **i=values; *i!=0; i++){
+ if( this->addValue(*i) ){
+ return -1;
+ }
+ }
+ }
+ return 0;
+}
+
+void LDAPAttribute::setValues(const StringList& values){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::setValues()" << endl);
+ m_values=values;
+}
+
+const StringList& LDAPAttribute::getValues() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::getValues()" << endl);
+ return m_values;
+}
+
+BerValue** LDAPAttribute::getBerValues() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::getBerValues()" << endl);
+ size_t size=m_values.size();
+ if (size == 0){
+ return 0;
+ }else{
+ BerValue **temp = (BerValue**) malloc(sizeof(BerValue*) * (size+1));
+ StringList::const_iterator i;
+ int p=0;
+
+ for(i=m_values.begin(), p=0; i!=m_values.end(); i++,p++){
+ temp[p]=(BerValue*) malloc(sizeof(BerValue));
+ temp[p]->bv_len= i->size();
+ temp[p]->bv_val= (char*) malloc(sizeof(char) * (i->size()+1));
+ i->copy(temp[p]->bv_val,string::npos);
+ }
+ temp[size]=0;
+ return temp;
+ }
+}
+
+int LDAPAttribute::getNumValues() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::getNumValues()" << endl);
+ return m_values.size();
+}
+
+const string& LDAPAttribute::getName() const {
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPAttribute::getName()" << endl);
+ return m_name;
+}
+
+void LDAPAttribute::setName(const string& name){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPAttribute::setName()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER," name:" << name << endl);
+ m_name.erase();
+ m_name=name;
+}
+
+// The bin-FLAG of the mod_op is always set to LDAP_MOD_BVALUES (0x80)
+LDAPMod* LDAPAttribute::toLDAPMod() const {
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPAttribute::toLDAPMod()" << endl);
+ LDAPMod* ret= (LDAPMod*) malloc(sizeof(LDAPMod));
+ ret->mod_op=LDAP_MOD_BVALUES; //always assume binary-Values
+ ret->mod_type= (char*) malloc(sizeof(char) * (m_name.size()+1));
+ m_name.copy(ret->mod_type,string::npos);
+ ret->mod_type[m_name.size()]=0;
+ ret->mod_bvalues=this->getBerValues();
+ return ret;
+}
+
+bool LDAPAttribute::isNotPrintable() const {
+ StringList::const_iterator i;
+ for(i=m_values.begin(); i!=m_values.end(); i++){
+ size_t len = i->size();
+ for(size_t j=0; j<len; j++){
+ if (! isprint( (i->data())[j] ) ){
+ return true;
+ }
+ }
+ }
+ return false;
+}
+
+ostream& operator << (ostream& s, const LDAPAttribute& attr){
+ s << attr.m_name << "=";
+ StringList::const_iterator i;
+ if (attr.isNotPrintable()){
+ s << "NOT_PRINTABLE" ;
+ }else{
+ for(i=attr.m_values.begin(); i!=attr.m_values.end(); i++){
+ s << *i << " ";
+ }
+ }
+ return s;
+}
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttribute.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttribute.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttribute.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,180 @@
+/*
+ * Copyright 2000-2002, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_ATTRIBUTE_H
+#define LDAP_ATTRIBUTE_H
+
+#include<iostream>
+#include<string>
+#include<ldap.h>
+#include<lber.h>
+
+#include <StringList.h>
+
+/**
+ * Represents the name an value(s) of an Attribute
+ */
+class LDAPAttribute{
+ public :
+ /**
+ * Default constructor.
+ * initializes an empty object.
+ */
+ LDAPAttribute();
+
+ /**
+ * Copy constructor.
+ * Copies all values of an Attribute to a new one
+ * @param attr The Attribute that should be copied
+ */
+ LDAPAttribute(const LDAPAttribute& attr);
+
+ /**
+ * Construct an Attribute with a single string value
+ * @param name The attribute's name (type)
+ * @param value The string value of the attribute, if "" the
+ * attribute will have no values, for LDAPv3
+ * this values must be UTF-8 encoded
+ */
+ LDAPAttribute(const std::string& name, const std::string& value="");
+
+ /**
+ * Construct an attribute with multiple string values
+ * @param name The attribute's name (type)
+ * @param values A 0-terminated array of char*. Each char* specifies
+ * one value of the attribute (UTF-8 encoded)
+ */
+ LDAPAttribute(const char* name, char **values);
+
+ /**
+ * Construct an attribute with multiple string values
+ * @param name The attribute's name (type)
+ * @param values A list of strings. Each element specifies
+ * one value of the attribute (UTF-8 or binary
+ * encoded)
+ */
+ LDAPAttribute(const std::string& name, const StringList& values);
+
+ /**
+ * Construct an attribute with multiple binary coded values
+ * @param name The attribute's name (type)
+ * @param values 0-terminated array of binary attribute values
+ * The BerValue struct is declared as:<BR>
+ * struct berval{
+ * unsigned long bv_len;
+ * char *bv_val;
+ * } BerValue;
+ */
+ LDAPAttribute(const char* name, BerValue **values);
+
+ /**
+ * Destructor
+ */
+ ~LDAPAttribute();
+
+ /**
+ * Add a single string value(bin/char) to the Attribute
+ * @param value Value that should be added, it is copied inside the
+ * object
+ */
+ void addValue(const std::string& value);
+
+ /**
+ * Add a single binary value to the Attribute
+ * @param value The binary coded value that should be added to the
+ * Attribute.
+ * @return 0 no problem <BR>
+ * -1 failure (mem. allocation problem)
+ */
+ int addValue(const BerValue *value);
+
+ /**
+ * Set the values of the attribute. If the object contains some values
+ * already, they are deleted
+ * @param values 0-terminated array of char*, each char*
+ * representing a string value to add to the entry
+ *
+ * @return 0 no problem <BR>
+ * -1 failure (mem. allocation problem)
+ */
+ int setValues(char** values);
+
+ /**
+ * Set the values of the attribute. If the object does already contain
+ * some values, they will be deleted
+ * @param values 0-terminated array of BerValue*, each BerValue
+ * representing a binary value to add to the entry
+ *
+ * @return 0 no problem <BR>
+ * -1 failure (mem. allocation problem)
+ */
+ int setValues(BerValue** values);
+
+ /**
+ * Set the values of the attribute. If the object does already contain
+ * some values, they will be deleted
+ * @param values A list of string-Objects. Each string is
+ * representing a string or binary value to add to
+ * the entry
+ */
+ void setValues(const StringList& values);
+
+ /**
+ * For interal use only.
+ * This method is used to translate the values of the Attribute to
+ * 0-terminated Array of BerValue-structs as used by the C-API
+ * @return The Values of the Attribute as an 0-terminated Array of
+ * BerValue* (is dynamically allocated, delete it after usage)
+ * <BR>
+ * 0-pointer in case of error
+ */
+ BerValue** getBerValues() const;
+
+ /**
+ * @return The values of the array as a list of strings
+ */
+ const StringList& getValues() const;
+
+ /**
+ * @return The number of values of the attribute
+ */
+ int getNumValues() const;
+
+ /**
+ * @return The name(type) of the attribute
+ */
+ const std::string& getName() const ;
+
+ /**
+ * Sets the Attribute's name (type)
+ * @param the new name of the object
+ */
+ void setName(const std::string& name);
+
+ /**
+ * For internal use only.
+ *
+ * This method translate the attribute of the object into a
+ * LDAPMod-Structure as used by the C-API
+ */
+ LDAPMod* toLDAPMod() const ;
+
+ /**
+ * @return true If the attribute contains non-printable attributes
+ */
+ bool isNotPrintable() const ;
+
+ private :
+ std::string m_name;
+ StringList m_values;
+
+ /**
+ * This method can be used to dump the data of a LDAPResult-Object.
+ * It is only useful for debugging purposes at the moment
+ */
+ friend std::ostream& operator << (std::ostream& s, const LDAPAttribute& attr);
+};
+#endif //#ifndef LDAP_ATTRIBUTE_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttributeList.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttributeList.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttributeList.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2000-2002, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "debug.h"
+
+#include "LDAPAttributeList.h"
+
+#include "LDAPException.h"
+#include "LDAPAttribute.h"
+#include "LDAPAsynConnection.h"
+#include "LDAPMessage.h"
+
+using namespace std;
+
+// little helper function for doing case insensitve string comparison
+bool nocase_compare(char c1, char c2);
+
+LDAPAttributeList::LDAPAttributeList(){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPAttributeList::LDAPAttributList( )" << endl);
+}
+
+LDAPAttributeList::LDAPAttributeList(const LDAPAttributeList& al){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPAttributeList::LDAPAttributList(&)" << endl);
+ m_attrs=al.m_attrs;
+}
+
+LDAPAttributeList::LDAPAttributeList(const LDAPAsynConnection *ld,
+ LDAPMessage *msg){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPAttributeList::LDAPAttributList()" << endl);
+ BerElement *ptr=0;
+ char *name=ldap_first_attribute(ld->getSessionHandle(), msg, &ptr);
+/*
+ This code was making problems if no attribute were returned
+ How am I supposed to find decoding errors? ldap_first/next_attribute
+ return 0 in case of error or if there are no more attributes. In either
+ case they set the LDAP* error code to 0x54 (Decoding error) ??? Strange..
+
+ There will be some changes in the new version of the C-API so that this
+ code should work in the future.
+ if(name == 0){
+ ber_free(ptr,0);
+ ldap_memfree(name);
+ throw LDAPException(ld);
+ }else{
+*/ BerValue **values;
+ for (;name !=0;
+ name=ldap_next_attribute(ld->getSessionHandle(),msg,ptr) ){
+ values=ldap_get_values_len(ld->getSessionHandle(),
+ msg, name);
+ this->addAttribute(LDAPAttribute(name, values));
+ ldap_memfree(name);
+ ldap_value_free_len(values);
+ }
+ ber_free(ptr,0);
+// }
+}
+
+LDAPAttributeList::~LDAPAttributeList(){
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPAttributeList::~LDAPAttributList()" << endl);
+}
+
+size_t LDAPAttributeList::size() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::size()" << endl);
+ return m_attrs.size();
+}
+
+bool LDAPAttributeList::empty() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::empty()" << endl);
+ return m_attrs.empty();
+}
+
+LDAPAttributeList::const_iterator LDAPAttributeList::begin() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::begin()" << endl);
+ return m_attrs.begin();
+}
+
+LDAPAttributeList::const_iterator LDAPAttributeList::end() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::end()" << endl);
+ return m_attrs.end();
+}
+
+const LDAPAttribute* LDAPAttributeList::getAttributeByName(
+ const string& name) const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::getAttributeByName()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,
+ " name:" << name << endl);
+ LDAPAttributeList::const_iterator i;
+ for( i = m_attrs.begin(); i != m_attrs.end(); i++){
+ const std::string& tmpType = i->getName();
+ if(name.size() == tmpType.size()){
+ if(equal(name.begin(), name.end(), tmpType.begin(),
+ nocase_compare)){
+ return &(*i);
+ DEBUG(LDAP_DEBUG_TRACE," found:" << name << endl);
+ }
+ }
+ }
+ return 0;
+}
+
+void LDAPAttributeList::addAttribute(const LDAPAttribute& attr){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::addAttribute()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,
+ " attr:" << attr << endl);
+ const std::string attrType = attr.getName();
+ const std::string::size_type attrLen = attrType.size();
+ std::string::size_type tmpAttrLen = 0;
+ bool done=false;
+ LDAPAttributeList::iterator i;
+ for( i=m_attrs.begin(); i != m_attrs.end(); i++ ){
+ const std::string tmpAttrType = i->getName();
+ tmpAttrLen = tmpAttrType.size();
+ if(tmpAttrLen == attrLen){
+ if(equal(tmpAttrType.begin(), tmpAttrType.end(), attrType.begin(),
+ nocase_compare)){
+ const StringList& values = attr.getValues();
+ StringList::const_iterator j;
+ for(j = values.begin(); j != values.end(); j++){
+ i->addValue(*j);
+ }
+ DEBUG(LDAP_DEBUG_TRACE,"Attribute" << i->getName()
+ << "already present" << endl);
+ done=true;
+ break; // The AttributeType was already present,
+ // we are done here
+ }
+ }
+ }
+ if(! done){
+ m_attrs.push_back(attr);
+ }
+}
+
+
+LDAPMod** LDAPAttributeList::toLDAPModArray() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::toLDAPModArray()" << endl);
+ LDAPMod **ret = (LDAPMod**) malloc((m_attrs.size()+1) * sizeof(LDAPMod*));
+ LDAPAttributeList::const_iterator i;
+ int j=0;
+ for (i=m_attrs.begin(); i!= m_attrs.end(); i++, j++){
+ ret[j]=i->toLDAPMod();
+ }
+ ret[m_attrs.size()]=0;
+ return ret;
+}
+
+ostream& operator << (ostream& s, const LDAPAttributeList& al){
+ LDAPAttributeList::const_iterator i;
+ for(i=al.m_attrs.begin(); i!=al.m_attrs.end(); i++){
+ s << *i << "; ";
+ }
+ return s;
+}
+
+bool nocase_compare( char c1, char c2){
+ return toupper(c1) == toupper(c2);
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttributeList.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttributeList.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPAttributeList.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2000-2002, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_ATTRIBUTE_LIST_H
+#define LDAP_ATTRIBUTE_LIST_H
+
+#include <ldap.h>
+#include <list>
+#include <string>
+
+class LDAPAttribute;
+class LDAPAsynConnection;
+class LDAPMsg;
+
+/**
+ * This container class is used to store multiple LDAPAttribute-objects.
+ */
+class LDAPAttributeList{
+ typedef std::list<LDAPAttribute> ListType;
+
+ private :
+ ListType m_attrs;
+
+ public :
+ typedef ListType::const_iterator const_iterator;
+ typedef ListType::iterator iterator;
+
+
+ /**
+ * Copy-constructor
+ */
+ LDAPAttributeList(const LDAPAttributeList& al);
+
+ /**
+ * For internal use only
+ *
+ * This constructor is used by the library internally to create a
+ * list of attributes from a LDAPMessage-struct that was return by
+ * the C-API
+ */
+ LDAPAttributeList(const LDAPAsynConnection *ld, LDAPMessage *msg);
+
+ /**
+ * Constructs an empty list.
+ */
+ LDAPAttributeList();
+
+ /**
+ * Destructor
+ */
+ virtual ~LDAPAttributeList();
+
+ /**
+ * @return The number of LDAPAttribute-objects that are currently
+ * stored in this list.
+ */
+ size_t size() const;
+
+ /**
+ * @return true if there are zero LDAPAttribute-objects currently
+ * stored in this list.
+ */
+ bool empty() const;
+
+ /**
+ * @return A iterator that points to the first element of the list.
+ */
+ const_iterator begin() const;
+
+ /**
+ * @return A iterator that points to the element after the last
+ * element of the list.
+ */
+ const_iterator end() const;
+
+ /**
+ * Get an Attribute by its AttributeType
+ * @param name The name of the Attribute to look for
+ * @return a pointer to the LDAPAttribute with the AttributeType
+ * "name" or 0, if there is no Attribute of that Type
+ */
+ const LDAPAttribute* getAttributeByName(const std::string& name) const;
+
+
+ /**
+ * Adds one element to the end of the list.
+ * @param attr The attribute to add to the list.
+ */
+ void addAttribute(const LDAPAttribute& attr);
+
+ /**
+ * Translates the list of Attributes to a 0-terminated array of
+ * LDAPMod-structures as needed by the C-API
+ */
+ LDAPMod** toLDAPModArray() const;
+
+ /**
+ * This method can be used to dump the data of a LDAPResult-Object.
+ * It is only useful for debugging purposes at the moment
+ */
+ friend std::ostream& operator << (std::ostream& s,
+ const LDAPAttributeList& al);
+};
+
+#endif // LDAP_ATTRIBUTE_LIST_H
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPBindRequest.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPBindRequest.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPBindRequest.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <ldap.h>
+
+#include "debug.h"
+
+#include "LDAPBindRequest.h"
+#include "LDAPException.h"
+
+using namespace std;
+
+LDAPBindRequest::LDAPBindRequest(const LDAPBindRequest& req) :
+ LDAPRequest(req){
+ DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPBindRequest::LDAPBindRequest(&)" << endl);
+ m_dn=req.m_dn;
+ m_cred=req.m_cred;
+ m_mech=req.m_mech;
+}
+
+LDAPBindRequest::LDAPBindRequest(const string& dn,const string& passwd,
+ LDAPAsynConnection *connect, const LDAPConstraints *cons,
+ bool isReferral) : LDAPRequest(connect, cons, isReferral){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPBindRequest::LDAPBindRequest()" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER, " dn:" << dn << endl
+ << " passwd:" << passwd << endl);
+ m_dn = dn;
+ m_cred = passwd;
+ m_mech = "";
+}
+
+LDAPBindRequest::~LDAPBindRequest(){
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPBindRequest::~LDAPBindRequest()" << endl);
+}
+
+LDAPMessageQueue* LDAPBindRequest::sendRequest(){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPBindRequest::sendRequest()" << endl);
+ int msgID=0;
+
+ const char* mech = (m_mech == "" ? 0 : m_mech.c_str());
+ BerValue* tmpcred=0;
+ if(m_cred != ""){
+ char* tmppwd = (char*) malloc( (m_cred.size()+1) * sizeof(char));
+ m_cred.copy(tmppwd,string::npos);
+ tmppwd[m_cred.size()]=0;
+ tmpcred=ber_bvstr(tmppwd);
+ }else{
+ tmpcred=(BerValue*) malloc(sizeof(BerValue));
+ tmpcred->bv_len=0;
+ tmpcred->bv_val=0;
+ }
+ const char* dn = 0;
+ if(m_dn != ""){
+ dn = m_dn.c_str();
+ }
+ LDAPControl** tmpSrvCtrls=m_cons->getSrvCtrlsArray();
+ LDAPControl** tmpClCtrls=m_cons->getClCtrlsArray();
+ int err=ldap_sasl_bind(m_connection->getSessionHandle(),dn,
+ mech, tmpcred, tmpSrvCtrls, tmpClCtrls, &msgID);
+ LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+ LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+ ber_bvfree(tmpcred);
+
+ if(err != LDAP_SUCCESS){
+ throw LDAPException(err);
+ }else{
+ m_msgID=msgID;
+ return new LDAPMessageQueue(this);
+ }
+}
+
+LDAPRequest* LDAPBindRequest::followReferral(LDAPMsg* /*urls*/){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPBindRequest::followReferral()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE,
+ "ReferralChasing for bind-operation not implemented yet" << endl);
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPBindRequest.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPBindRequest.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPBindRequest.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_BIND_REQUEST_H
+#define LDAP_BIND_REQUEST_H
+
+#include <LDAPRequest.h>
+
+class LDAPBindRequest : LDAPRequest {
+ private:
+ std::string m_dn;
+ std::string m_cred;
+ std::string m_mech;
+
+ public:
+ LDAPBindRequest(const LDAPBindRequest& req);
+ //just for simple authentication
+ LDAPBindRequest(const std::string&, const std::string& passwd,
+ LDAPAsynConnection *connect, const LDAPConstraints *cons,
+ bool isReferral=false);
+ virtual ~LDAPBindRequest();
+ virtual LDAPMessageQueue *sendRequest();
+ virtual LDAPRequest* followReferral(LDAPMsg* urls);
+};
+#endif //LDAP_BIND_REQUEST_H
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPCompareRequest.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPCompareRequest.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPCompareRequest.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <ldap.h>
+
+#include "debug.h"
+
+#include "LDAPCompareRequest.h"
+#include "LDAPException.h"
+#include "LDAPMessageQueue.h"
+#include "LDAPResult.h"
+
+using namespace std;
+
+LDAPCompareRequest::LDAPCompareRequest(const LDAPCompareRequest& req){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPCompareRequest::LDAPCompareRequest(&)" << endl);
+ m_dn=req.m_dn;
+ m_attr=req.m_attr;
+}
+
+LDAPCompareRequest::LDAPCompareRequest(const string& dn,
+ const LDAPAttribute& attr, LDAPAsynConnection *connect,
+ const LDAPConstraints *cons, bool isReferral,
+ const LDAPRequest* parent) :
+ LDAPRequest(connect, cons, isReferral,parent){
+ DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPCompareRequest::LDAPCompareRequest()"
+ << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER, " dn:" << dn << endl
+ << " attr:" << attr << endl);
+ m_requestType=LDAPRequest::COMPARE;
+ m_dn=dn;
+ m_attr=attr;
+}
+
+LDAPCompareRequest::~LDAPCompareRequest(){
+ DEBUG(LDAP_DEBUG_DESTROY, "LDAPCompareRequest::~LDAPCompareRequest()"
+ << endl);
+}
+
+LDAPMessageQueue* LDAPCompareRequest::sendRequest(){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPCompareRequest::sendRequest()" << endl);
+ int msgID=0;
+ BerValue **val=m_attr.getBerValues();
+ LDAPControl** tmpSrvCtrls=m_cons->getSrvCtrlsArray();
+ LDAPControl** tmpClCtrls=m_cons->getClCtrlsArray();
+ int err=ldap_compare_ext(m_connection->getSessionHandle(),m_dn.c_str(),
+ m_attr.getName().c_str(), val[0], tmpSrvCtrls,
+ tmpClCtrls, &msgID);
+ ber_bvecfree(val);
+ LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+ LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+ if(err != LDAP_SUCCESS){
+ throw LDAPException(err);
+ }else{
+ m_msgID=msgID;
+ return new LDAPMessageQueue(this);
+ }
+}
+
+LDAPRequest* LDAPCompareRequest::followReferral(LDAPMsg* ref){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPCompareRequest::followReferral()" << endl);
+ LDAPUrlList::const_iterator usedUrl;
+ LDAPUrlList urls = ((LDAPResult*)ref)->getReferralUrls();
+ LDAPAsynConnection* con = 0;
+ try{
+ con=getConnection()->referralConnect(urls,usedUrl,m_cons);
+ }catch(LDAPException e){
+ return 0;
+ }
+ if(con != 0){
+ return new LDAPCompareRequest(m_dn, m_attr, con, m_cons, true, this);
+ }
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPCompareRequest.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPCompareRequest.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPCompareRequest.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_COMPARE_REQUEST_H
+#define LDAP_COMPARE_REQUEST_H
+
+#include <LDAPRequest.h>
+
+class LDAPMessageQueue;
+
+class LDAPCompareRequest : public LDAPRequest {
+ public :
+ LDAPCompareRequest(const LDAPCompareRequest& req);
+ LDAPCompareRequest(const std::string& dn, const LDAPAttribute& attr,
+ LDAPAsynConnection *connect, const LDAPConstraints *cons,
+ bool isReferral=false, const LDAPRequest* parent=0);
+ virtual ~LDAPCompareRequest();
+ virtual LDAPMessageQueue* sendRequest();
+ virtual LDAPRequest* followReferral(LDAPMsg* urls);
+
+ private :
+ std::string m_dn;
+ LDAPAttribute m_attr;
+
+};
+#endif //LDAP_COMPARE_REQUEST_H
+
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConnection.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConnection.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConnection.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,344 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "debug.h"
+
+#include "LDAPResult.h"
+#include "LDAPException.h"
+#include "LDAPReferralException.h"
+#include "LDAPUrlList.h"
+
+#include "LDAPConnection.h"
+const int LDAPConnection::SEARCH_BASE = LDAPAsynConnection::SEARCH_BASE;
+const int LDAPConnection::SEARCH_ONE = LDAPAsynConnection::SEARCH_ONE;
+const int LDAPConnection::SEARCH_SUB = LDAPAsynConnection::SEARCH_SUB;
+
+using namespace std;
+
+LDAPConnection::LDAPConnection(const string& hostname, int port,
+ LDAPConstraints* cons) :
+ LDAPAsynConnection(hostname, port, cons){
+}
+
+LDAPConnection::~LDAPConnection(){
+}
+
+void LDAPConnection::start_tls(){
+ LDAPAsynConnection::start_tls();
+}
+
+void LDAPConnection::bind(const string& dn, const string& passwd,
+ LDAPConstraints* cons){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::bind" << endl);
+ LDAPMessageQueue* msg=0;
+ LDAPResult* res=0;
+ try{
+ msg = LDAPAsynConnection::bind(dn,passwd,cons);
+ res = (LDAPResult*)msg->getNext();
+ }catch(LDAPException e){
+ delete msg;
+ delete res;
+ throw;
+ }
+ int resCode=res->getResultCode();
+ if(resCode != LDAPResult::SUCCESS) {
+ if(resCode == LDAPResult::REFERRAL){
+ LDAPUrlList urls = res->getReferralUrls();
+ delete res;
+ delete msg;
+ throw LDAPReferralException(urls);
+ }else{
+ string srvMsg = res->getErrMsg();
+ delete res;
+ delete msg;
+ throw LDAPException(resCode, srvMsg);
+ }
+ }
+ delete res;
+ delete msg; // memcheck
+}
+
+void LDAPConnection::unbind(){
+ LDAPAsynConnection::unbind();
+}
+
+bool LDAPConnection::compare(const string& dn, const LDAPAttribute& attr,
+ LDAPConstraints* cons){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::compare" << endl);
+ LDAPMessageQueue* msg=0;
+ LDAPResult* res=0;
+ try{
+ msg = LDAPAsynConnection::compare(dn,attr,cons);
+ res = (LDAPResult*)msg->getNext();
+ }catch(LDAPException e){
+ delete msg;
+ delete res;
+ throw;
+ }
+ int resCode=res->getResultCode();
+ switch (resCode){
+ case LDAPResult::COMPARE_TRUE :
+ delete res;
+ delete msg;
+ return true;
+ break;
+ case LDAPResult::COMPARE_FALSE :
+ delete res;
+ delete msg;
+ return false;
+ break;
+ case LDAPResult::REFERRAL :
+ {
+ LDAPUrlList urls = res->getReferralUrls();
+ delete res;
+ delete msg;
+ throw LDAPReferralException(urls);
+ }
+ break;
+ default :
+ string srvMsg = res->getErrMsg();
+ delete res;
+ delete msg;
+ throw LDAPException(resCode, srvMsg);
+ }
+}
+
+void LDAPConnection::del(const string& dn, const LDAPConstraints* cons){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::del" << endl);
+ LDAPMessageQueue* msg=0;
+ LDAPResult* res=0;
+ try{
+ msg = LDAPAsynConnection::del(dn,cons);
+ res = (LDAPResult*)msg->getNext();
+ }catch(LDAPException e){
+ delete msg;
+ delete res;
+ throw;
+ }
+ int resCode=res->getResultCode();
+ switch (resCode){
+ case LDAPResult::SUCCESS :
+ delete res;
+ delete msg;
+ break;
+ case LDAPResult::REFERRAL :
+ {
+ LDAPUrlList urls = res->getReferralUrls();
+ delete res;
+ delete msg;
+ throw LDAPReferralException(urls);
+ }
+ break;
+ default :
+ string srvMsg = res->getErrMsg();
+ delete res;
+ delete msg;
+ throw LDAPException(resCode, srvMsg);
+ }
+
+}
+
+void LDAPConnection::add(const LDAPEntry* le, const LDAPConstraints* cons){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::add" << endl);
+ LDAPMessageQueue* msg=0;
+ LDAPResult* res=0;
+ try{
+ msg = LDAPAsynConnection::add(le,cons);
+ res = (LDAPResult*)msg->getNext();
+ }catch(LDAPException e){
+ delete msg;
+ delete res;
+ throw;
+ }
+ int resCode=res->getResultCode();
+ switch (resCode){
+ case LDAPResult::SUCCESS :
+ delete res;
+ delete msg;
+ break;
+ case LDAPResult::REFERRAL :
+ {
+ LDAPUrlList urls = res->getReferralUrls();
+ delete res;
+ delete msg;
+ throw LDAPReferralException(urls);
+ }
+ break;
+ default :
+ string srvMsg = res->getErrMsg();
+ delete res;
+ delete msg;
+ throw LDAPException(resCode, srvMsg);
+ }
+}
+
+void LDAPConnection::modify(const string& dn, const LDAPModList* mods,
+ const LDAPConstraints* cons){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::modify" << endl);
+ LDAPMessageQueue* msg=0;
+ LDAPResult* res=0;
+ try{
+ msg = LDAPAsynConnection::modify(dn,mods,cons);
+ res = (LDAPResult*)msg->getNext();
+ }catch(LDAPException e){
+ delete msg;
+ delete res;
+ throw;
+ }
+ int resCode=res->getResultCode();
+ switch (resCode){
+ case LDAPResult::SUCCESS :
+ delete res;
+ delete msg;
+ break;
+ case LDAPResult::REFERRAL :
+ {
+ LDAPUrlList urls = res->getReferralUrls();
+ delete res;
+ delete msg;
+ throw LDAPReferralException(urls);
+ }
+ break;
+ default :
+ string srvMsg = res->getErrMsg();
+ delete res;
+ delete msg;
+ throw LDAPException(resCode, srvMsg);
+ }
+
+}
+
+void LDAPConnection::rename(const string& dn, const string& newRDN,
+ bool delOldRDN, const string& newParentDN,
+ const LDAPConstraints* cons){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::rename" << endl);
+ LDAPMessageQueue* msg=0;
+ LDAPResult* res=0;
+ try{
+ msg = LDAPAsynConnection::rename(dn,newRDN,delOldRDN, newParentDN,
+ cons);
+ res = (LDAPResult*)msg->getNext();
+ }catch(LDAPException e){
+ delete msg;
+ delete res;
+ throw;
+ }
+ int resCode=res->getResultCode();
+ switch (resCode){
+ case LDAPResult::SUCCESS :
+ delete res;
+ delete msg;
+ break;
+ case LDAPResult::REFERRAL :
+ {
+ LDAPUrlList urls = res->getReferralUrls();
+ delete res;
+ delete msg;
+ throw LDAPReferralException(urls);
+ }
+ break;
+ default :
+ string srvMsg = res->getErrMsg();
+ delete res;
+ delete msg;
+ throw LDAPException(resCode, srvMsg);
+ }
+}
+
+LDAPSearchResults* LDAPConnection::search(const string& base, int scope,
+ const string& filter, const StringList& attrs, bool attrsOnly,
+ const LDAPConstraints* cons){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::search" << endl);
+ LDAPMessageQueue* msgq=0;
+ LDAPResult* res=0;
+ LDAPSearchResults* results= 0;
+
+ try{
+ results = new LDAPSearchResults();
+ msgq = LDAPAsynConnection::search(base,scope, filter, attrs, attrsOnly,
+ cons);
+ res = results->readMessageQueue(msgq);
+ }catch(LDAPException e){
+ delete results; // memcheck
+ delete msgq;
+ throw;
+ }
+ if(res != 0){
+ int resCode=res->getResultCode();
+ switch (resCode){
+ case LDAPResult::SUCCESS :
+ delete res;
+ delete msgq;
+ return results;
+ break;
+ case LDAPResult::REFERRAL :
+ {
+ LDAPUrlList urls = res->getReferralUrls();
+ delete results; // memcheck
+ delete res;
+ delete msgq;
+ throw LDAPReferralException(urls);
+ }
+ break;
+ default :
+ string srvMsg = res->getErrMsg();
+ delete results; // memcheck
+ delete res;
+ delete msgq;
+ throw LDAPException(resCode, srvMsg);
+ }
+ }
+ return 0;
+}
+
+LDAPExtResult* LDAPConnection::extOperation(const string& oid,
+ const string& value, const LDAPConstraints *cons){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::extOperation" << endl);
+ LDAPMessageQueue* msg=0;
+ LDAPExtResult* res=0;
+ try{
+ msg = LDAPAsynConnection::extOperation(oid,value,cons);
+ res = (LDAPExtResult*)msg->getNext();
+ }catch(LDAPException e){
+ delete msg;
+ delete res;
+ throw;
+ }
+ int resCode=res->getResultCode();
+ switch (resCode){
+ case LDAPResult::SUCCESS :
+ delete msg;
+ return res;
+ case LDAPResult::REFERRAL :
+ {
+ LDAPUrlList urls = res->getReferralUrls();
+ delete res;
+ delete msg;
+ throw LDAPReferralException(urls);
+ }
+ break;
+ default :
+ string srvMsg = res->getErrMsg();
+ delete res;
+ delete msg;
+ throw LDAPException(resCode, srvMsg);
+ }
+}
+
+const string& LDAPConnection::getHost() const{
+ return LDAPAsynConnection::getHost();
+}
+
+int LDAPConnection::getPort() const{
+ return LDAPAsynConnection::getPort();
+}
+
+void LDAPConnection::setConstraints(LDAPConstraints* cons){
+ LDAPAsynConnection::setConstraints(cons);
+}
+
+const LDAPConstraints* LDAPConnection::getConstraints() const{
+ return LDAPAsynConnection::getConstraints();
+}
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConnection.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConnection.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConnection.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,235 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_CONNECTION_H
+#define LDAP_CONNECTION_H
+
+#include <LDAPSearchResults.h>
+#include <LDAPExtResult.h>
+#include <LDAPAsynConnection.h>
+
+/** Main class for synchronous LDAP-Communication
+ *
+ * The class represent a LDAP-Connection to perform synchronous
+ * LDAP-Operations. This provides methodes for the different
+ * LDAP-Operations. All the methods for the LDAP-operations block until
+ * all results for the operation are received or until an error occurs
+ */
+class LDAPConnection : private LDAPAsynConnection {
+
+ public :
+ /**
+ * Constant for the Search-Operation to indicate a Base-Level
+ * Search
+ */
+ static const int SEARCH_BASE;
+
+ /**
+ * Constant for the Search-Operation to indicate a One-Level
+ * Search
+ */
+ static const int SEARCH_ONE;
+
+ /**
+ * Constant for the Search-Operation to indicate a Subtree
+ * Search
+ */
+ static const int SEARCH_SUB;
+
+ /** This Constructor initializes synchronous LDAP-Connection
+ *
+ * During execution of this constructor no network communication
+ * is performed. Just some internal data structure are initialized
+ * @param hostname Name (or IP-Adress) of the destination host
+ * @param port Port the LDAP server is running on
+ * @param cons Default constraints to use with operations over
+ * this connection
+ */
+ LDAPConnection(const std::string& hostname="localhost", int port=389,
+ LDAPConstraints* cons=new LDAPConstraints());
+
+ /**
+ * Destructor
+ */
+ ~LDAPConnection();
+
+ /**
+ * Initzializes a synchronous connection to a server.
+ *
+ * There is actually no
+ * communication to the server. Just the object is initialized
+ * (e.g. this method is called within the
+ * LDAPConnection(char*,int,LDAPConstraints) constructor.)
+ * @param hostname The Name or IP-Address of the destination
+ * LDAP-Server
+ * @param port The Network Port the server is running on
+ */
+ void init(const std::string& hostname, int port);
+
+ /**
+ * Start TLS on this connection. This isn't in the constructor,
+ * because it could fail (i.e. server doesn't have SSL cert, client
+ * api wasn't compiled against OpenSSL, etc.).
+ * @throws LDAPException if the TLS Layer could not be setup
+ * correctly
+ */
+ void start_tls();
+
+ /**
+ * Performs a simple authentication with the server
+ *
+ * @throws LDAPReferralException if a referral is received
+ * @throws LDAPException for any other error occuring during the
+ * operation
+ * @param dn The name of the entry to bind as
+ * @param passwd The cleartext password for the entry
+ */
+ void bind(const std::string& dn="", const std::string& passwd="",
+ LDAPConstraints* cons=0);
+
+ /**
+ * Performs the UNBIND-operation on the destination server
+ *
+ * @throws LDAPException in any case of an error
+ */
+ void unbind();
+
+ /**
+ * Performs a COMPARE-operation on an entery of the destination
+ * server.
+ *
+ * @throws LDAPReferralException if a referral is received
+ * @throws LDAPException for any other error occuring during the
+ * operation
+ * @param dn Distinguished name of the entry for which the compare
+ * should be performed
+ * @param attr An Attribute (one (!) value) to use for the
+ * compare operation
+ * @param cons A set of constraints that should be used with this
+ * request
+ * @returns The result of the compare operation. true if the
+ * attr-parameter matched an Attribute of the entry. false if it
+ * did not match
+ */
+ bool compare(const std::string& dn, const LDAPAttribute& attr,
+ LDAPConstraints* cons=0);
+
+ /**
+ * Deletes an entry from the directory
+ *
+ * This method performs the DELETE operation on the server
+ * @throws LDAPReferralException if a referral is received
+ * @throws LDAPException for any other error occuring during the
+ * operation
+ * @param dn Distinguished name of the entry that should be deleted
+ * @param cons A set of constraints that should be used with this
+ * request
+ */
+ void del(const std::string& dn, const LDAPConstraints* cons=0);
+
+ /**
+ * Use this method to perform the ADD-operation
+ *
+ * @throws LDAPReferralException if a referral is received
+ * @throws LDAPException for any other error occuring during the
+ * operation
+ * @param le the entry to add to the directory
+ * @param cons A set of constraints that should be used with this
+ * request
+ */
+ void add(const LDAPEntry* le, const LDAPConstraints* cons=0);
+
+ /**
+ * To modify the attributes of an entry, this method can be used
+ *
+ * @throws LDAPReferralException if a referral is received
+ * @throws LDAPException for any other error occuring during the
+ * operation
+ * @param dn The DN of the entry which should be modified
+ * @param mods A set of modifications for that entry.
+ * @param cons A set of constraints that should be used with this
+ * request
+ */
+ void modify(const std::string& dn, const LDAPModList* mods,
+ const LDAPConstraints* cons=0);
+
+ /**
+ * This method performs the ModDN-operation.
+ *
+ * It can be used to rename or move an entry by modifing its DN.
+ *
+ * @throws LDAPReferralException if a referral is received
+ * @throws LDAPException for any other error occuring during the
+ * operation
+ * @param dn The DN that should be modified
+ * @param newRDN If the RDN of the entry should be modified the
+ * new RDN can be put here.
+ * @param delOldRDN If the old RDN should be removed from the
+ * entry's attribute this parameter has to be
+ * "true"
+ * @param newParentDN If the entry should be moved inside the
+ * DIT, the DN of the new parent of the entry
+ * can be given here.
+ * @param cons A set of constraints that should be used with this
+ * request
+ */
+ void rename(const std::string& dn, const std::string& newRDN,
+ bool delOldRDN=false, const std::string& newParentDN="",
+ const LDAPConstraints* cons=0);
+
+ /**
+ * This method can be used for the sync. SEARCH-operation.
+ *
+ * @throws LDAPReferralException if a referral is received
+ * @throws LDAPException for any other error occuring during the
+ * operation
+ * @param base The distinguished name of the starting point for the
+ * search
+ * @param scope The scope of the search. Possible values: <BR>
+ * LDAPAsynConnection::SEARCH_BASE, <BR>
+ * LDAPAsynConnection::SEARCH_ONE, <BR>
+ * LDAPAsynConnection::SEARCH_SUB
+ * @param filter The std::string representation of a search filter to
+ * use with this operation
+ * @param attrsOnly true if only the attributes names (no values)
+ * should be returned
+ * @param cons A set of constraints that should be used with this
+ * request
+ * @returns A pointer to a LDAPSearchResults-object that can be
+ * used to read the results of the search.
+ */
+ LDAPSearchResults* search(const std::string& base, int scope=0,
+ const std::string& filter="objectClass=*",
+ const StringList& attrs=StringList(), bool attrsOnly=false,
+ const LDAPConstraints* cons=0);
+
+ /**
+ * This method is for extended LDAP-Operations.
+ *
+ * @throws LDAPReferralException if a referral is received
+ * @throws LDAPException for any other error occuring during the
+ * operation
+ * @param oid The Object Identifier of the Extended Operation that
+ * should be performed.
+ * @param strint If the Extended Operation needs some additional
+ * data it can be passed to the server by this parameter.
+ * @param cons A set of constraints that should be used with this
+ * request
+ * @returns The result of the Extended Operation as an
+ * pointer to a LDAPExtResult-object.
+ */
+ LDAPExtResult* extOperation(const std::string& oid, const std::string&
+ value="", const LDAPConstraints *const = 0);
+
+ const std::string& getHost() const;
+
+ int getPort() const;
+
+ void setConstraints(LDAPConstraints *cons);
+
+ const LDAPConstraints* getConstraints() const ;
+};
+
+#endif //LDAP_CONNECTION_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConstraints.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConstraints.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConstraints.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "debug.h"
+#include "config.h"
+#include "ac/time.h"
+#include "LDAPConstraints.h"
+#include "LDAPControlSet.h"
+
+using namespace std;
+
+LDAPConstraints::LDAPConstraints(){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPConstraints::LDAPConstraints()" << endl);
+ m_aliasDeref=LDAPConstraints::DEREF_NEVER;
+ m_maxTime=LDAP_NO_LIMIT;
+ m_maxSize=LDAP_NO_LIMIT;
+ m_referralChase=false;
+ m_HopLimit=7;
+ m_serverControls=0;
+ m_clientControls=0;
+ m_refRebind=0;
+}
+
+LDAPConstraints::LDAPConstraints(const LDAPConstraints& c){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPConstraints::LDAPConstraints(&)" << endl);
+ m_aliasDeref=c.m_aliasDeref;
+ m_maxTime=c.m_maxTime;
+ m_maxSize=c.m_maxSize;
+ m_referralChase=c.m_referralChase;
+ m_HopLimit=c.m_HopLimit;
+ m_deref=c.m_deref;
+ if(c.m_serverControls){
+ m_serverControls=new LDAPControlSet(*c.m_serverControls);
+ }else{
+ m_serverControls=0;
+ }
+ if(c.m_clientControls){
+ m_clientControls=new LDAPControlSet(*c.m_clientControls);
+ }else{
+ m_clientControls=0;
+ }
+ m_refRebind=c.m_refRebind;
+}
+
+LDAPConstraints::~LDAPConstraints(){
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPConstraints::~LDAPConstraints()" << endl);
+ delete m_clientControls;
+ delete m_serverControls;
+}
+
+void LDAPConstraints::setAliasDeref(int deref){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setAliasDeref()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,
+ " deref:" << deref << endl);
+ if( (deref == LDAPConstraints::DEREF_NEVER) ||
+ (deref == LDAPConstraints::DEREF_SEARCHING) ||
+ (deref == LDAPConstraints::DEREF_FINDING) ||
+ (deref == LDAPConstraints::DEREF_ALWAYS)
+ ){
+ m_aliasDeref=deref;
+ }
+}
+
+
+void LDAPConstraints::setMaxTime(int t){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setMaxTime()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER," time:" << t << endl);
+ m_maxTime=t;
+}
+
+void LDAPConstraints::setSizeLimit(int s){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setSizeLimit()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER," size:" << s << endl);
+ m_maxSize=s;
+}
+
+void LDAPConstraints::setReferralChase(bool rc){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setReferralChase()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER," rc:" << rc << endl);
+ m_referralChase=rc;
+}
+
+void LDAPConstraints::setHopLimit(int limit){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setHopLimit()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,
+ " limit:" << limit << endl);
+ m_HopLimit=limit;
+}
+
+void LDAPConstraints::setReferralRebind(const LDAPRebind* rebind){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setReferralRebind()" << endl);
+ m_refRebind = rebind;
+}
+
+void LDAPConstraints::setServerControls(const LDAPControlSet* ctrls){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setServerControls()" << endl);
+ m_serverControls=new LDAPControlSet(*ctrls);
+}
+
+void LDAPConstraints::setClientControls(const LDAPControlSet* ctrls){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setClientControls()" << endl);
+ m_clientControls=new LDAPControlSet(*ctrls);
+}
+
+int LDAPConstraints::getAliasDeref() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getAliasDeref()" << endl);
+ return m_aliasDeref;
+}
+
+int LDAPConstraints::getMaxTime() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getMaxTime()" << endl);
+ return m_maxTime;
+}
+
+int LDAPConstraints::getSizeLimit() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getSizeLimit()" << endl);
+ return m_maxSize;
+}
+
+const LDAPRebind* LDAPConstraints::getReferralRebind() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getReferralRebind()" << endl);
+ return m_refRebind;
+}
+
+const LDAPControlSet* LDAPConstraints::getServerControls() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getServerControls()" << endl);
+ return m_serverControls;
+}
+
+const LDAPControlSet* LDAPConstraints::getClientControls() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getClientControls()" << endl);
+ return m_clientControls;
+}
+
+LDAPControl** LDAPConstraints::getSrvCtrlsArray() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPContstraints::getSrvCtrlsArray()" << endl);
+ if(m_serverControls){
+ return m_serverControls->toLDAPControlArray();
+ }else{
+ return 0;
+ }
+}
+
+LDAPControl** LDAPConstraints::getClCtrlsArray() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPContstraints::getClCtrlsArray()" << endl);
+ if(m_clientControls){
+ return m_clientControls->toLDAPControlArray();
+ }else{
+ return 0;
+ }
+}
+
+timeval* LDAPConstraints::getTimeoutStruct() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPContstraints::getTimeoutStruct()" << endl);
+ if(m_maxTime == LDAP_NO_LIMIT){
+ return 0;
+ }else{
+ timeval *ret = new timeval;
+ ret->tv_sec=m_maxTime;
+ ret->tv_usec=0;
+ return ret;
+ }
+}
+
+bool LDAPConstraints::getReferralChase() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPContstraints::getReferralChase()" << endl);
+ return m_referralChase;
+}
+
+int LDAPConstraints::getHopLimit() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPContstraints::getHopLimit()" << endl);
+ return m_HopLimit;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConstraints.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConstraints.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPConstraints.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_CONSTRAINTS_H
+#define LDAP_CONSTRAINTS_H
+#include <list>
+
+#include <LDAPControl.h>
+#include <LDAPControlSet.h>
+#include <LDAPRebind.h>
+
+//TODO!!
+// * implement the Alias-Handling Option (OPT_DEREF)
+// * the Restart-Option ???
+// * default Server(s)
+
+//* Class for representating the various protocol options
+/** This class represents some options that can be set for a LDAPConnection
+ * operation. Namely these are time and size limits. Options for referral
+ * chasing and a default set of client of server controls to be used with
+ * every request
+ */
+class LDAPConstraints{
+
+ public :
+ static const int DEREF_NEVER = 0x00;
+ static const int DEREF_SEARCHING = 0x01;
+ static const int DEREF_FINDING = 0x02;
+ static const int DEREF_ALWAYS = 0x04;
+
+ //* Constructs a LDAPConstraints object with default values
+ LDAPConstraints();
+
+ //* Copy constructor
+ LDAPConstraints(const LDAPConstraints& c);
+
+ ~LDAPConstraints();
+
+ void setAliasDeref(int deref);
+ void setMaxTime(int t);
+ void setSizeLimit(int s);
+ void setReferralChase(bool rc);
+ void setHopLimit(int hop);
+ void setReferralRebind(const LDAPRebind* rebind);
+ void setServerControls(const LDAPControlSet* ctrls);
+ void setClientControls(const LDAPControlSet* ctrls);
+
+ int getAliasDeref() const;
+ int getMaxTime() const ;
+ int getSizeLimit() const;
+ const LDAPRebind* getReferralRebind() const;
+ const LDAPControlSet* getServerControls() const;
+ const LDAPControlSet* getClientControls() const;
+
+ //*for internal use only
+ LDAPControl** getSrvCtrlsArray() const;
+
+ //*for internal use only
+ LDAPControl** getClCtrlsArray() const;
+
+ //*for internal use only
+ timeval* getTimeoutStruct() const;
+ bool getReferralChase() const ;
+ int getHopLimit() const;
+
+ private :
+ int m_aliasDeref;
+
+ //* max. time the server may spend for a search request
+ int m_maxTime;
+
+ //* max number of entries to return from a search request
+ int m_maxSize;
+
+ //* Flag for enabling automatic referral/reference chasing
+ bool m_referralChase;
+
+ //* HopLimit for referral chasing
+ int m_HopLimit;
+
+ //* Alias dereferencing option
+ int m_deref;
+
+ //* Object used to do bind for Referral chasing
+ const LDAPRebind* m_refRebind;
+
+ //* List of Client Controls that should be used for each request
+ LDAPControlSet* m_clientControls;
+
+ //* List of Server Controls that should be used for each request
+ LDAPControlSet* m_serverControls;
+
+};
+#endif //LDAP_CONSTRAINTS_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControl.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControl.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControl.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPControl.h"
+#include "debug.h"
+
+using namespace std;
+
+LDAPCtrl::LDAPCtrl(const LDAPCtrl& c){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPCtrl::LDAPCtrl(&)" << endl);
+ m_oid=c.m_oid;
+ m_data=c.m_data;
+ m_isCritical=c.m_isCritical;
+}
+
+LDAPCtrl::LDAPCtrl(const char *oid, bool critical, const char* data,
+ int length){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPCtrl::LDAPCtrl()" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+ " oid:" << oid << endl << " critical:" << critical << endl);
+ m_oid = oid;
+ m_isCritical=critical;
+ if (data != 0 && length !=0){
+ m_data.assign(data,length);
+ }else{
+ m_data=string();
+ }
+}
+
+
+LDAPCtrl::LDAPCtrl(const string& oid, bool critical, const string& data){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPCtrl::LDAPCtrl()" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+ " oid:" << oid << endl << " critical:" << critical << endl);
+ m_oid=oid;
+ m_isCritical=critical;
+ m_data=data;
+}
+
+LDAPCtrl::LDAPCtrl(const LDAPControl* ctrl){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPCtrl::LDAPCtrl()" << endl);
+ m_oid = string(ctrl->ldctl_oid);
+ m_oid = ctrl->ldctl_iscritical ? true : false;
+ m_oid = string(ctrl->ldctl_value.bv_val, ctrl->ldctl_value.bv_len );
+}
+
+LDAPCtrl::~LDAPCtrl(){
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPCtrl::~LDAPCtrl" << endl);
+}
+
+string LDAPCtrl::getOID() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPCtrl::getOID()" << endl);
+ return m_oid;
+}
+
+bool LDAPCtrl::isCritical()const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPCtrl::isCritical()" << endl);
+ return m_isCritical;
+}
+
+string LDAPCtrl::getData() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPCtrl::getData()" << endl);
+ return m_data;
+}
+
+LDAPControl* LDAPCtrl::getControlStruct() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPCtrl::getControlStruct()" << endl);
+ LDAPControl* ret = new LDAPControl;
+ ret->ldctl_oid= new char[m_oid.size() + 1];
+ m_oid.copy(ret->ldctl_oid,string::npos);
+ ret->ldctl_oid[m_oid.size()]=0;
+ ret->ldctl_value.bv_len=m_data.size();
+ ret->ldctl_value.bv_val= new char[m_data.size()];
+ m_data.copy(ret->ldctl_value.bv_val,string::npos);
+ ret->ldctl_iscritical = ( m_isCritical ? 1:0);
+ return ret;
+}
+
+void LDAPCtrl::freeLDAPControlStruct(LDAPControl *ctrl){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPCtrl::freeControlStruct()" << endl);
+ delete[] ctrl->ldctl_oid;
+ delete[] ctrl->ldctl_value.bv_val;
+ delete ctrl;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControl.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControl.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControl.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_CONTROL_H
+#define LDAP_CONTROL_H
+#include <string>
+#include <ldap.h>
+
+/**
+ * This class is used to store Controls. Controls are a mechanism to extend
+ * and modify LDAP-Operations.
+ */
+class LDAPCtrl{
+ public :
+ /**
+ * Copy-constructor
+ */
+ LDAPCtrl(const LDAPCtrl& c);
+
+ /**
+ * Constructor.
+ * @param oid: The Object Identifier of the Control
+ * @param critical: "true" if the Control should be handled
+ * critical by the server.
+ * @param data: If there is data for the control, put it here.
+ * @param length: The length of the data field
+ */
+ LDAPCtrl(const char *oid, bool critical, const char *data=0,
+ int length=0);
+
+ /**
+ * Constructor.
+ * @param oid: The Object Identifier of the Control
+ * @param critical: "true" if the Control should be handled
+ * critical by the server.
+ * @param data: If there is data for the control, put it here.
+ */
+ LDAPCtrl(const std::string& oid, bool critical=false,
+ const std::string& data=std::string());
+
+ /**
+ * Creates a copy of the Control that "ctrl is pointing to
+ */
+ LDAPCtrl(const LDAPControl* ctrl);
+
+ /**
+ * Destructor
+ */
+ ~LDAPCtrl();
+
+ /**
+ * @return The OID of the control
+ */
+ std::string getOID() const;
+
+ /**
+ * @return The Data of the control as a std::string-Objekt
+ */
+ std::string getData() const;
+
+ /**
+ * @return "true" if the control is critical
+ */
+ bool isCritical() const;
+
+ /**
+ * For internal use only.
+ *
+ * Translates the control to a LDAPControl-structure as needed by
+ * the C-API
+ */
+ LDAPControl* getControlStruct() const;
+ static void freeLDAPControlStruct(LDAPControl *ctrl);
+
+ private :
+ std::string m_oid;
+ std::string m_data;
+ bool m_isCritical;
+};
+
+#endif //LDAP_CONTROL_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControlSet.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControlSet.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControlSet.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "debug.h"
+#include "LDAPControlSet.h"
+
+using namespace std;
+
+LDAPControlSet::LDAPControlSet(){
+}
+
+LDAPControlSet::LDAPControlSet(const LDAPControlSet& cs){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPControlSet::LDAPControlSet(&)" << endl);
+ data=cs.data;
+}
+
+LDAPControlSet::LDAPControlSet(LDAPControl** controls){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPControlSet::LDAPControlSet()" << endl);
+ if(controls != 0){
+ LDAPControl** i;
+ for( i=controls; *i!=0;i++) {
+ add(LDAPCtrl(*i));
+ }
+ }
+}
+
+LDAPControlSet::~LDAPControlSet(){
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPControlSet::~LDAPControlSet()" << endl);
+}
+
+size_t LDAPControlSet::size() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPControlSet::size()" << endl);
+ return data.size();
+}
+
+bool LDAPControlSet::empty() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPControlSet::empty()" << endl);
+ return data.empty();
+}
+
+LDAPControlSet::const_iterator LDAPControlSet::begin() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPControlSet::begin()" << endl);
+ return data.begin();
+}
+
+
+LDAPControlSet::const_iterator LDAPControlSet::end() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPControlSet::end()" << endl);
+ return data.end ();
+}
+
+void LDAPControlSet::add(const LDAPCtrl& ctrl){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPControlSet::add()" << endl);
+ data.push_back(ctrl);
+}
+
+LDAPControl** LDAPControlSet::toLDAPControlArray() const{
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPControlSet::toLDAPControlArray()" << endl);
+ if(data.empty()){
+ return 0;
+ }else{
+ LDAPControl** ret= new LDAPControl*[data.size()+1];
+ CtrlList::const_iterator i;
+ int j=0;
+ for(i=data.begin(); i!=data.end(); i++,j++){
+ ret[j] = i->getControlStruct();
+ }
+ ret[data.size()]=0;
+ return ret;
+ }
+}
+
+void LDAPControlSet::freeLDAPControlArray(LDAPControl **ctrl){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPControlSet::freeLDAPControlArray()" << endl);
+ if( ctrl ){
+ for( LDAPControl **i = ctrl; *i != 0; ++i ){
+ LDAPCtrl::freeLDAPControlStruct(*i);
+ }
+ }
+ delete[] ctrl;
+}
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControlSet.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControlSet.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPControlSet.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_CONTROL_SET_H
+#define LDAP_CONTROL_SET_H
+
+#include <list>
+#include <ldap.h>
+#include <LDAPControl.h>
+
+typedef std::list<LDAPCtrl> CtrlList;
+
+/**
+ * This container class is used to store multiple LDAPCtrl-objects.
+ */
+class LDAPControlSet {
+ typedef CtrlList::const_iterator const_iterator;
+ public :
+ /**
+ * Constructs an empty std::list
+ */
+ LDAPControlSet();
+
+
+ /**
+ * Copy-constructor
+ */
+ LDAPControlSet(const LDAPControlSet& cs);
+
+ /**
+ * For internal use only
+ *
+ * This constructor creates a new LDAPControlSet for a
+ * 0-terminiated array of LDAPControl-structures as used by the
+ * C-API
+ * @param controls: pointer to a 0-terminated array of pointers to
+ * LDAPControll-structures
+ * @note: untested til now. Due to lack of server that return
+ * Controls
+ */
+ LDAPControlSet(LDAPControl** controls);
+
+ /**
+ * Destructor
+ */
+ ~LDAPControlSet();
+
+ /**
+ * @return The number of LDAPCtrl-objects that are currently
+ * stored in this list.
+ */
+ size_t size() const ;
+
+ /**
+ * @return true if there are zero LDAPCtrl-objects currently
+ * stored in this list.
+ */
+ bool empty() const;
+
+ /**
+ * @return A iterator that points to the first element of the list.
+ */
+ const_iterator begin() const;
+
+ /**
+ * @return A iterator that points to the element after the last
+ * element of the list.
+ */
+ const_iterator end() const;
+
+ /**
+ * Adds one element to the end of the list.
+ * @param ctrl The Control to add to the list.
+ */
+ void add(const LDAPCtrl& ctrl);
+
+ /**
+ * Translates the list to a 0-terminated array of pointers to
+ * LDAPControl-structures as needed by the C-API
+ */
+ LDAPControl** toLDAPControlArray()const ;
+ static void freeLDAPControlArray(LDAPControl **ctrl);
+ private :
+ CtrlList data;
+} ;
+#endif //LDAP_CONTROL_SET_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPDeleteRequest.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPDeleteRequest.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPDeleteRequest.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <ldap.h>
+
+#include "debug.h"
+
+#include "LDAPDeleteRequest.h"
+#include "LDAPException.h"
+#include "LDAPMessageQueue.h"
+#include "LDAPResult.h"
+
+using namespace std;
+
+LDAPDeleteRequest::LDAPDeleteRequest( const LDAPDeleteRequest& req) :
+ LDAPRequest(req){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPDeleteRequest::LDAPDeleteRequest(&)" << endl);
+ m_dn = req.m_dn;
+}
+
+LDAPDeleteRequest::LDAPDeleteRequest(const string& dn,
+ LDAPAsynConnection *connect, const LDAPConstraints *cons,
+ bool isReferral, const LDAPRequest* parent)
+ : LDAPRequest(connect, cons, isReferral, parent) {
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPDeleteRequest::LDAPDeleteRequest()" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER, " dn:" << dn << endl);
+ m_requestType=LDAPRequest::DELETE;
+ m_dn=dn;
+}
+
+LDAPDeleteRequest::~LDAPDeleteRequest(){
+ DEBUG(LDAP_DEBUG_DESTROY,
+ "LDAPDeleteRequest::~LDAPDeleteRequest()" << endl);
+}
+
+LDAPMessageQueue* LDAPDeleteRequest::sendRequest(){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPDeleteRequest::sendRequest()" << endl);
+ int msgID=0;
+ LDAPControl** tmpSrvCtrls=m_cons->getSrvCtrlsArray();
+ LDAPControl** tmpClCtrls=m_cons->getClCtrlsArray();
+ int err=ldap_delete_ext(m_connection->getSessionHandle(),m_dn.c_str(),
+ tmpSrvCtrls, tmpClCtrls ,&msgID);
+ LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+ LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+ if(err != LDAP_SUCCESS){
+ throw LDAPException(err);
+ }else{
+ m_msgID=msgID;
+ return new LDAPMessageQueue(this);
+ }
+}
+
+LDAPRequest* LDAPDeleteRequest::followReferral(LDAPMsg* refs){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPDeleteRequest::followReferral()" << endl);
+ LDAPUrlList::const_iterator usedUrl;
+ LDAPUrlList urls= ((LDAPResult*)refs)->getReferralUrls();
+ LDAPAsynConnection* con=0;
+ try{
+ con = getConnection()->referralConnect(urls,usedUrl,m_cons);
+ }catch (LDAPException e){
+ delete con;
+ return 0;
+ }
+ if(con != 0){
+ return new LDAPDeleteRequest(m_dn, con, m_cons, true, this);
+ }
+ return 0;
+}
+
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPDeleteRequest.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPDeleteRequest.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPDeleteRequest.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_DELETE_REQUEST_H
+#define LDAP_DELETE_REQUEST_H
+
+#include <LDAPRequest.h>
+class LDAPMessageQueue;
+
+class LDAPDeleteRequest : public LDAPRequest{
+ public :
+ LDAPDeleteRequest(const LDAPDeleteRequest& req);
+ LDAPDeleteRequest(const std::string& dn, LDAPAsynConnection *connect,
+ const LDAPConstraints *cons, bool isReferral=false,
+ const LDAPRequest* parent=0);
+ virtual ~LDAPDeleteRequest();
+ virtual LDAPMessageQueue* sendRequest();
+ virtual LDAPRequest* followReferral(LDAPMsg* refs);
+
+ private :
+ std::string m_dn;
+};
+#endif //LDAP_DELETE_REQUEST_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntry.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntry.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntry.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "debug.h"
+#include "LDAPEntry.h"
+
+#include "LDAPException.h"
+
+using namespace std;
+
+LDAPEntry::LDAPEntry(const LDAPEntry& entry){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPEntry::LDAPEntry(&)" << endl);
+ m_dn=entry.m_dn;
+ m_attrs=new LDAPAttributeList( *(entry.m_attrs));
+}
+
+
+LDAPEntry::LDAPEntry(const string& dn, const LDAPAttributeList *attrs){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPEntry::LDAPEntry()" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+ " dn:" << dn << endl << " attrs:" << *attrs << endl);
+ m_attrs=new LDAPAttributeList(*attrs);
+ m_dn=dn;
+}
+
+LDAPEntry::LDAPEntry(const LDAPAsynConnection *ld, LDAPMessage *msg){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPEntry::LDAPEntry()" << endl);
+ char* tmp=ldap_get_dn(ld->getSessionHandle(),msg);
+ m_dn=string(tmp);
+ ldap_memfree(tmp);
+ m_attrs = new LDAPAttributeList(ld, msg);
+}
+
+LDAPEntry::~LDAPEntry(){
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPEntry::~LDAPEntry()" << endl);
+ delete m_attrs;
+}
+
+void LDAPEntry::setDN(const string& dn){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPEntry::setDN()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,
+ " dn:" << dn << endl);
+ m_dn=dn;
+}
+
+void LDAPEntry::setAttributes(LDAPAttributeList *attrs){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPEntry::setAttributes()" << endl);
+ DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,
+ " attrs:" << *attrs << endl);
+ if (m_attrs != 0){
+ delete m_attrs;
+ }
+ m_attrs=attrs;
+}
+
+const string& LDAPEntry::getDN() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPEntry::getDN()" << endl);
+ return m_dn;
+}
+
+const LDAPAttributeList* LDAPEntry::getAttributes() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPEntry::getAttributes()" << endl);
+ return m_attrs;
+}
+
+ostream& operator << (ostream& s, const LDAPEntry& le){
+ s << "DN: " << le.m_dn << ": " << *(le.m_attrs);
+ return s;
+}
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntry.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntry.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntry.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_ENTRY_H
+#define LDAP_ENTRY_H
+#include <ldap.h>
+
+#include <LDAPAsynConnection.h>
+#include <LDAPAttributeList.h>
+
+/**
+ * This class is used to store every kind of LDAP Entry.
+ */
+class LDAPEntry{
+
+ public :
+ /**
+ * Copy-constructor
+ */
+ LDAPEntry(const LDAPEntry& entry);
+
+ /**
+ * Constructs a new entry (also used as standard constructor).
+ *
+ * @param dn The Distinguished Name for the new entry.
+ * @param attrs The attributes for the new entry.
+ */
+ LDAPEntry(const std::string& dn=std::string(),
+ const LDAPAttributeList *attrs=new LDAPAttributeList());
+
+ /**
+ * Used internally only.
+ *
+ * The constructor is used internally to create a LDAPEntry from
+ * the C-API's data structurs.
+ */
+ LDAPEntry(const LDAPAsynConnection *ld, LDAPMessage *msg);
+
+ /**
+ * Destructor
+ */
+ ~LDAPEntry();
+
+ /**
+ * Sets the DN-attribute.
+ * @param dn: The new DN for the entry.
+ */
+ void setDN(const std::string& dn);
+
+ /**
+ * Sets the attributes of the entry.
+ * @param attr: A pointer to a std::list of the new attributes.
+ */
+ void setAttributes(LDAPAttributeList *attrs);
+
+ /**
+ * @returns The current DN of the entry.
+ */
+ const std::string& getDN() const ;
+
+ /**
+ * @returns A const pointer to the attributes of the entry.
+ */
+ const LDAPAttributeList* getAttributes() const;
+
+ /**
+ * This method can be used to dump the data of a LDAPResult-Object.
+ * It is only useful for debugging purposes at the moment
+ */
+ friend std::ostream& operator << (std::ostream& s, const LDAPEntry& le);
+
+ private :
+
+ LDAPAttributeList *m_attrs;
+ std::string m_dn;
+};
+#endif //LDAP_ENTRY_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntryList.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntryList.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntryList.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPEntryList.h"
+#include "LDAPEntry.h"
+
+LDAPEntryList::LDAPEntryList(){
+}
+
+LDAPEntryList::LDAPEntryList(const LDAPEntryList& e){
+ m_entries = e.m_entries;
+}
+
+LDAPEntryList::~LDAPEntryList(){
+}
+
+size_t LDAPEntryList::size() const{
+ return m_entries.size();
+}
+
+bool LDAPEntryList::empty() const{
+ return m_entries.empty();
+}
+
+LDAPEntryList::const_iterator LDAPEntryList::begin() const{
+ return m_entries.begin();
+}
+
+LDAPEntryList::const_iterator LDAPEntryList::end() const{
+ return m_entries.end();
+}
+
+void LDAPEntryList::addEntry(const LDAPEntry& e){
+ m_entries.push_back(e);
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntryList.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntryList.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPEntryList.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_ENTRY_LIST_H
+#define LDAP_ENTRY_LIST_H
+
+#include <list>
+
+class LDAPEntry;
+
+/**
+ * For internal use only.
+ *
+ * This class is used by LDAPSearchResults to store a std::list of
+ * LDAPEntry-Objects
+ */
+class LDAPEntryList{
+ typedef std::list<LDAPEntry> ListType;
+
+ public:
+ typedef ListType::const_iterator const_iterator;
+
+ /**
+ * Copy-Constructor
+ */
+ LDAPEntryList(const LDAPEntryList& el);
+
+ /**
+ * Default-Constructor
+ */
+ LDAPEntryList();
+
+ /**
+ * Destructor
+ */
+ ~LDAPEntryList();
+
+ /**
+ * @return The number of entries currently stored in the list.
+ */
+ size_t size() const;
+
+ /**
+ * @return true if there are zero entries currently stored in the list.
+ */
+ bool empty() const;
+
+ /**
+ * @return An iterator pointing to the first element of the list.
+ */
+ const_iterator begin() const;
+
+ /**
+ * @return An iterator pointing to the end of the list
+ */
+ const_iterator end() const;
+
+ /**
+ * Adds an Entry to the end of the list.
+ */
+ void addEntry(const LDAPEntry& e);
+
+ private:
+ ListType m_entries;
+};
+#endif // LDAP_ENTRY_LIST_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPException.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPException.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPException.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+
+#include <ldap.h>
+#include "config.h"
+#include "LDAPException.h"
+#include "LDAPReferralException.h"
+
+#include "LDAPAsynConnection.h"
+
+using namespace std;
+
+LDAPException::LDAPException(int res_code, const string& err_string){
+ m_res_code=res_code;
+ m_res_string=string(ldap_err2string(res_code));
+ m_err_string=err_string;
+}
+
+LDAPException::LDAPException(const LDAPAsynConnection *lc){
+ LDAP *l = lc->getSessionHandle();
+ ldap_get_option(l,LDAP_OPT_ERROR_NUMBER,&m_res_code);
+ const char *res_cstring = ldap_err2string(m_res_code);
+ if ( res_cstring ) {
+ m_res_string = string(res_cstring);
+ } else {
+ m_res_string = "";
+ }
+ const char* err_string;
+ ldap_get_option(l,LDAP_OPT_ERROR_STRING,&err_string);
+ if ( err_string ) {
+ m_res_string = string(err_string);
+ } else {
+ m_res_string = "";
+ }
+}
+
+LDAPException::~LDAPException(){
+}
+
+int LDAPException::getResultCode() const{
+ return m_res_code;
+}
+
+const string& LDAPException::getResultMsg() const{
+ return m_res_string;
+}
+
+const string& LDAPException::getServerMsg() const{
+ return m_err_string;
+}
+
+ostream& operator << (ostream& s, LDAPException e){
+ s << "Error " << e.m_res_code << ": " << e.m_res_string;
+ if (!e.m_err_string.empty()) {
+ s << endl << "additional info: " << e.m_err_string ;
+ }
+ return s;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPException.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPException.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPException.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_EXCEPTION_H
+#define LDAP_EXCEPTION_H
+
+#include <iostream>
+#include <string>
+
+class LDAPAsynConnection;
+
+/**
+ * This class is only thrown as an Exception and used to signalize error
+ * conditions during LDAP-operations
+ */
+class LDAPException{
+
+ public :
+ /**
+ * Constructs a LDAPException-object from the parameters
+ * @param res_code A valid LDAP result code.
+ * @param err_string An addional error message for the error
+ * that happend (optional)
+ */
+ LDAPException(int res_code, const std::string& err_string=std::string());
+
+ /**
+ * Constructs a LDAPException-object from the error state of a
+ * LDAPAsynConnection-object
+ * @param lc A LDAP-Connection for that an error has happend. The
+ * Constructor tries to read its error state.
+ */
+ LDAPException(const LDAPAsynConnection *lc);
+
+ /**
+ * Destructor
+ */
+ virtual ~LDAPException();
+
+ /**
+ * @return The Result code of the object
+ */
+
+ int getResultCode() const;
+
+ /**
+ * @return The error message that is corresponding to the result
+ * code .
+ */
+ const std::string& getResultMsg() const;
+
+ /**
+ * @return The addional error message of the error (if it was set)
+ */
+ const std::string& getServerMsg() const;
+
+ /**
+ * This method can be used to dump the data of a LDAPResult-Object.
+ * It is only useful for debugging purposes at the moment
+ */
+ friend std::ostream& operator << (std::ostream &s, LDAPException e);
+
+ private :
+ int m_res_code;
+ std::string m_res_string;
+ std::string m_err_string;
+};
+#endif //LDAP_EXCEPTION_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtRequest.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtRequest.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtRequest.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <ldap.h>
+#include <lber.h>
+
+#include "debug.h"
+
+#include "LDAPExtRequest.h"
+#include "LDAPException.h"
+#include "LDAPResult.h"
+
+using namespace std;
+
+LDAPExtRequest::LDAPExtRequest(const LDAPExtRequest& req) :
+ LDAPRequest(req){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPExtRequest::LDAPExtRequest(&)" << endl);
+ m_data=req.m_data;
+ m_oid=req.m_oid;
+}
+
+LDAPExtRequest::LDAPExtRequest(const string& oid, const string& data,
+ LDAPAsynConnection *connect, const LDAPConstraints *cons,
+ bool isReferral, const LDAPRequest* parent)
+ : LDAPRequest(connect, cons, isReferral, parent){
+ DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPExtRequest::LDAPExtRequest()" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+ " oid:" << oid << endl);
+ m_oid=oid;
+ m_data=data;
+}
+
+LDAPExtRequest::~LDAPExtRequest(){
+ DEBUG(LDAP_DEBUG_DESTROY, "LDAPExtRequest::~LDAPExtRequest()" << endl);
+}
+
+LDAPMessageQueue* LDAPExtRequest::sendRequest(){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPExtRequest::sendRequest()" << endl);
+ int msgID=0;
+ BerValue* tmpdata=0;
+ if(m_data != ""){
+ tmpdata=(BerValue*) malloc(sizeof(BerValue));
+ tmpdata->bv_len = m_data.size();
+ tmpdata->bv_val = (char*) malloc(sizeof(char) * (m_data.size()) );
+ m_data.copy(tmpdata->bv_val, string::npos);
+ }
+ LDAPControl** tmpSrvCtrls=m_cons->getSrvCtrlsArray();
+ LDAPControl** tmpClCtrls=m_cons->getClCtrlsArray();
+ int err=ldap_extended_operation(m_connection->getSessionHandle(),
+ m_oid.c_str(), tmpdata, tmpSrvCtrls, tmpClCtrls, &msgID);
+ LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+ LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+ ber_bvfree(tmpdata);
+ if(err != LDAP_SUCCESS){
+ delete this;
+ throw LDAPException(err);
+ }else{
+ m_msgID=msgID;
+ return new LDAPMessageQueue(this);
+ }
+}
+
+LDAPRequest* LDAPExtRequest::followReferral(LDAPMsg* ref){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPExtRequest::followReferral()" << endl);
+ LDAPUrlList::const_iterator usedUrl;
+ LDAPUrlList urls = ((LDAPResult*)ref)->getReferralUrls();
+ LDAPAsynConnection* con = 0;
+ try {
+ con = getConnection()->referralConnect(urls,usedUrl,m_cons);
+ } catch(LDAPException e){
+ delete con;
+ return 0;
+ }
+ if(con != 0){
+ return new LDAPExtRequest(m_oid, m_data, con, m_cons,true,this);
+ }
+ return 0;
+}
+
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtRequest.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtRequest.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtRequest.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_EXT_REQUEST_H
+#define LDAP_EXT_REQUEST_H
+
+#include <LDAPRequest.h>
+
+class LDAPExtRequest : LDAPRequest {
+
+ public:
+ LDAPExtRequest(const LDAPExtRequest& req);
+ LDAPExtRequest(const std::string& oid, const std::string& data,
+ LDAPAsynConnection *connect, const LDAPConstraints *cons,
+ bool isReferral=false, const LDAPRequest* parent=0);
+ virtual ~LDAPExtRequest();
+ virtual LDAPMessageQueue* sendRequest();
+ virtual LDAPRequest* followReferral(LDAPMsg* urls);
+
+ private:
+ std::string m_oid;
+ std::string m_data;
+};
+
+#endif // LDAP_EXT_REQUEST_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtResult.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtResult.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtResult.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "debug.h"
+#include <lber.h>
+#include "LDAPRequest.h"
+#include "LDAPException.h"
+
+#include "LDAPResult.h"
+#include "LDAPExtResult.h"
+
+using namespace std;
+
+LDAPExtResult::LDAPExtResult(const LDAPRequest* req, LDAPMessage* msg) :
+ LDAPResult(req, msg){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPExtResult::LDAPExtResult()" << endl);
+ char* oid = 0;
+ BerValue* data = 0;
+ LDAP* lc = req->getConnection()->getSessionHandle();
+ int err=ldap_parse_extended_result(lc, msg, &oid, &data, 0);
+ if(err != LDAP_SUCCESS){
+ ber_bvfree(data);
+ ldap_memfree(oid);
+ throw LDAPException(err);
+ }else{
+ m_oid=string(oid);
+ ldap_memfree(oid);
+ if(data){
+ m_data=string(data->bv_val, data->bv_len);
+ ber_bvfree(data);
+ }
+ }
+}
+
+LDAPExtResult::~LDAPExtResult(){
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPExtResult::~LDAPExtResult()" << endl);
+}
+
+const string& LDAPExtResult::getResponseOid() const{
+ return m_oid;
+}
+
+const string& LDAPExtResult::getResponse() const{
+ return m_data;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtResult.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtResult.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPExtResult.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_EXT_RESULT_H
+#define LDAP_EXT_RESULT_H
+
+#include <ldap.h>
+
+#include <LDAPResult.h>
+
+class LDAPRequest;
+
+/**
+ * Object of this class are created by the LDAPMsg::create method if
+ * results for an Extended Operation were returned by a LDAP server.
+ */
+class LDAPExtResult : public LDAPResult {
+ public :
+ /**
+ * Constructor that creates an LDAPExtResult-object from the C-API
+ * structures
+ */
+ LDAPExtResult(const LDAPRequest* req, LDAPMessage* msg);
+
+ /**
+ * The Destructor
+ */
+ virtual ~LDAPExtResult();
+
+ /**
+ * @returns The OID of the Extended Operation that has returned
+ * this result.
+ */
+ const std::string& getResponseOid() const;
+
+ /**
+ * @returns If the result contained data this method will return
+ * the data to the caller as a std::string.
+ */
+ const std::string& getResponse() const;
+
+ private:
+ std::string m_oid;
+ std::string m_data;
+};
+
+#endif // LDAP_EXT_RESULT_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessage.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessage.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessage.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPMessage.h"
+
+#include "LDAPResult.h"
+#include "LDAPExtResult.h"
+#include "LDAPRequest.h"
+#include "LDAPSearchResult.h"
+#include "LDAPSearchReference.h"
+#include "debug.h"
+#include <iostream>
+
+using namespace std;
+
+LDAPMsg::LDAPMsg(LDAPMessage *msg){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPMsg::LDAPMsg()" << endl);
+ msgType=ldap_msgtype(msg);
+ m_hasControls=false;
+}
+
+LDAPMsg* LDAPMsg::create(const LDAPRequest *req, LDAPMessage *msg){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPMsg::create()" << endl);
+ switch(ldap_msgtype(msg)){
+ case SEARCH_ENTRY :
+ return new LDAPSearchResult(req,msg);
+ break;
+ case SEARCH_REFERENCE :
+ return new LDAPSearchReference(req, msg);
+ break;
+ case EXTENDED_RESPONSE :
+ return new LDAPExtResult(req,msg);
+ break;
+ default :
+ return new LDAPResult(req, msg);
+ }
+ return 0;
+}
+
+
+int LDAPMsg::getMessageType(){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPMsg::getMessageType()" << endl);
+ return msgType;
+}
+
+int LDAPMsg::getMsgID(){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPMsg::getMsgID()" << endl);
+ return msgID;
+}
+
+bool LDAPMsg::hasControls() const{
+ return m_hasControls;
+}
+
+const LDAPControlSet& LDAPMsg::getSrvControls() const {
+ return m_srvControls;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessage.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessage.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessage.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_MSG_H
+#define LDAP_MSG_H
+#include <ldap.h>
+
+#include <LDAPControlSet.h>
+
+class LDAPRequest;
+/**
+ * This class represents any type of LDAP- Message returned
+ * from the server.
+ *
+ * This class is never not instantiated directly. Only
+ * its subclasses are used. The main feature of this class is the
+ * static method create() (see below)
+ */
+class LDAPMsg{
+ public:
+ //public Constants defining the Message types
+ static const int BIND_RESPONSE=LDAP_RES_BIND;
+ static const int SEARCH_ENTRY=LDAP_RES_SEARCH_ENTRY;
+ static const int SEARCH_DONE=LDAP_RES_SEARCH_RESULT;
+ static const int SEARCH_REFERENCE=LDAP_RES_SEARCH_REFERENCE;
+ static const int MODIFY_RESPONSE=LDAP_RES_MODIFY;
+ static const int ADD_RESPONSE=LDAP_RES_ADD;
+ static const int DEL_RESPONSE=LDAP_RES_DELETE;
+ static const int MODDN_RESPONSE=LDAP_RES_MODDN;
+ static const int COMPARE_RESPONSE=LDAP_RES_COMPARE;
+ static const int EXTENDED_RESPONSE=LDAP_RES_EXTENDED;
+
+ /**
+ * The destructor has no implemenation, because this is an abstract
+ * class.
+ */
+ virtual ~LDAPMsg() {}
+
+ /**
+ * This method is used by the library to parse the results returned
+ * by the C-API.
+ *
+ * Based on msgtype-Value of the *msg-Parameter this method creates
+ * an Object of one of the subtypes of LDAPMsg (e.g. LDAPSearchResult
+ * or LDAPResult) that represents the same Message as the
+ * *msg-Parameter. *msg is e.g. a Message returned by the C-API's
+ * ldap_result call.
+ * @param req The LDAPRequest-object this result message is
+ * associated with.
+ * @param msg The LDAPMessage-structure from the C-API that
+ * contains the LDAP-message to parse.
+ * @return An Object of one of the subtypes of this class. It
+ * contains the parsed LDAP-message.
+ */
+ static LDAPMsg* create(const LDAPRequest *req, LDAPMessage *msg);
+
+ /**
+ * @returns The Type of message that this object contains. Possible
+ * values are: <BR>
+ * BIND_RESPONSE <BR>
+ * SEARCH_ENTRY <BR>
+ * SEARCH_DONE <BR>
+ * SEARCH_REFERENCE <BR>
+ * MODIFY_RESPONSE <BR>
+ * ADD_RESPONSE <BR>
+ * DEL_RESPONSE <BR>
+ * MODDN_RESPONSE <BR>
+ * COMPARE_RESPONSE <BR>
+ * EXTENDED_REPONSE <BR>
+ */
+ int getMessageType();
+
+ /**
+ * @returns The message-ID that the C-API return for the
+ * Result-message.
+ */
+ int getMsgID();
+
+ /**
+ * @returns If any Control was sent back by the server this method
+ * returns true. Otherwise false is returned.
+ */
+ bool hasControls() const;
+
+ /**
+ * @returns Server controls that were sent back by the server.
+ * @note This feature is not test well yet.
+ */
+ const LDAPControlSet& getSrvControls() const;
+
+ protected:
+ /**
+ * This constructor make a copy of a LDAPMsg-pointer. The object
+ * itself (no the pointer) is copied.
+ * Only for internal use.
+ */
+ LDAPMsg(LDAPMessage *msg);
+
+ /**
+ * This attribute stores Server-Control that were returned with the
+ * message.
+ */
+ LDAPControlSet m_srvControls;
+
+ bool m_hasControls;
+
+ private:
+ int msgType;
+ int msgID;
+};
+#endif //ifndef LDAP_MSG_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessageQueue.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessageQueue.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessageQueue.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,181 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "config.h"
+#include "debug.h"
+#include <ldap.h>
+#include "LDAPMessageQueue.h"
+#include "LDAPRequest.h"
+#include "LDAPAsynConnection.h"
+#include "LDAPMessage.h"
+#include "LDAPResult.h"
+#include "LDAPSearchReference.h"
+#include "LDAPSearchRequest.h"
+#include "LDAPUrl.h"
+#include "LDAPUrlList.h"
+#include "LDAPException.h"
+
+using namespace std;
+
+// TODO: How to handle unsolicited notifications, like notice of
+// disconnection
+
+LDAPMessageQueue::LDAPMessageQueue(LDAPRequest *req){
+ DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPMessageQueue::LDAPMessageQueue()" << endl);
+ m_activeReq.push(req);
+ m_issuedReq.push_back(req);
+}
+
+LDAPMessageQueue::~LDAPMessageQueue(){
+ DEBUG(LDAP_DEBUG_DESTROY, "LDAPMessageQueue::~LDAPMessageQueue()" << endl);
+ for(LDAPRequestList::iterator i=m_issuedReq.begin();
+ i != m_issuedReq.end(); i++){
+ delete *i;
+ }
+ m_issuedReq.clear();
+}
+
+
+LDAPMsg *LDAPMessageQueue::getNext(){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPMessageQueue::getNext()" << endl);
+ LDAPMessage *msg;
+ LDAPRequest *req=m_activeReq.top();
+ int msg_id = req->getMsgID();
+ int res;
+ const LDAPAsynConnection *con=req->getConnection();
+ res=ldap_result(con->getSessionHandle(),msg_id,0,0,&msg);
+ if (res <= 0){
+ if(msg != 0){
+ ldap_msgfree(msg);
+ }
+ throw LDAPException(con);
+ }else{
+ const LDAPConstraints *constr=req->getConstraints();
+ LDAPMsg *ret=0;
+ //this can throw an exception (Decoding Error)
+ try{
+ ret = LDAPMsg::create(req,msg);
+ ldap_msgfree(msg);
+ }catch(LDAPException e){
+ //do some clean up
+ delete req;
+ m_activeReq.top();
+ throw;
+ }
+ switch (ret->getMessageType()) {
+ case LDAPMsg::SEARCH_REFERENCE :
+ if (constr->getReferralChase() ){
+ //throws Exception (limit Exceeded)
+ LDAPRequest *refReq=chaseReferral(ret);
+ if(refReq != 0){
+ m_activeReq.push(refReq);
+ m_issuedReq.push_back(refReq);
+ delete ret;
+ return getNext();
+ }
+ }
+ return ret;
+ break;
+ case LDAPMsg::SEARCH_ENTRY :
+ return ret;
+ break;
+ case LDAPMsg::SEARCH_DONE :
+ if(req->isReferral()){
+ req->unbind();
+ }
+ switch ( ((LDAPResult*)ret)->getResultCode()) {
+ case LDAPResult::REFERRAL :
+ if(constr->getReferralChase()){
+ //throws Exception (limit Exceeded)
+ LDAPRequest *refReq=chaseReferral(ret);
+ if(refReq != 0){
+ m_activeReq.pop();
+ m_activeReq.push(refReq);
+ m_issuedReq.push_back(refReq);
+ delete ret;
+ return getNext();
+ }
+ }
+ return ret;
+ break;
+ case LDAPResult::SUCCESS :
+ if(req->isReferral()){
+ delete ret;
+ m_activeReq.pop();
+ return getNext();
+ }else{
+ m_activeReq.pop();
+ return ret;
+ }
+ break;
+ default:
+ m_activeReq.pop();
+ return ret;
+ break;
+ }
+ break;
+ //must be some kind of LDAPResultMessage
+ default:
+ if(req->isReferral()){
+ req->unbind();
+ }
+ LDAPResult* res_p=(LDAPResult*)ret;
+ switch (res_p->getResultCode()) {
+ case LDAPResult::REFERRAL :
+ if(constr->getReferralChase()){
+ //throws Exception (limit Exceeded)
+ LDAPRequest *refReq=chaseReferral(ret);
+ if(refReq != 0){
+ m_activeReq.pop();
+ m_activeReq.push(refReq);
+ m_issuedReq.push_back(refReq);
+ delete ret;
+ return getNext();
+ }
+ }
+ return ret;
+ break;
+ default:
+ m_activeReq.pop();
+ return ret;
+ }
+ break;
+ }
+ }
+}
+
+// TODO Maybe moved to LDAPRequest::followReferral seems more reasonable
+//there
+LDAPRequest* LDAPMessageQueue::chaseReferral(LDAPMsg* ref){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPMessageQueue::chaseReferra()" << endl);
+ LDAPRequest *req=m_activeReq.top();
+ LDAPRequest *refReq=req->followReferral(ref);
+ if(refReq !=0){
+ if(refReq->getConstraints()->getHopLimit() < refReq->getHopCount()){
+ delete(refReq);
+ throw LDAPException(LDAP_REFERRAL_LIMIT_EXCEEDED);
+ }
+ if(refReq->isCycle()){
+ delete(refReq);
+ throw LDAPException(LDAP_CLIENT_LOOP);
+ }
+ try {
+ refReq->sendRequest();
+ return refReq;
+ }catch (LDAPException e){
+ DEBUG(LDAP_DEBUG_TRACE," caught exception" << endl);
+ return 0;
+ }
+ }else{
+ return 0;
+ }
+}
+
+LDAPRequestStack* LDAPMessageQueue::getRequestStack(){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPMessageQueue::getRequestStack()" << endl);
+ return &m_activeReq;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessageQueue.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessageQueue.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPMessageQueue.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_MESSAGE_QUEUE_H
+#define LDAP_MESSAGE_QUEUE_H
+
+#include <stack>
+
+#include <LDAPUrlList.h>
+
+class LDAPAsynConnection;
+class LDAPMsg;
+class LDAPRequest;
+class LDAPSearchRequest;
+class LDAPUrl;
+typedef std::stack<LDAPRequest*> LDAPRequestStack;
+typedef std::list<LDAPRequest*> LDAPRequestList;
+
+/**
+ * This class is created for the asynchronous LDAP-operations. And can be
+ * used by the client to retrieve the results of an operation.
+ */
+class LDAPMessageQueue{
+ public :
+
+ /**
+ * This creates a new LDAPMessageQueue. For a LDAP-request
+ *
+ * @param conn The Request for that is queue can be used to get
+ * the results.
+ */
+ LDAPMessageQueue(LDAPRequest *conn);
+ /**
+ * Destructor
+ */
+ ~LDAPMessageQueue();
+
+ /**
+ * This method reads exactly one Message from the results of a
+ * Request.
+ * @throws LDAPException
+ * @return A pointer to an object of one of the classes that were
+ * derived from LDAPMsg. The user has to cast it to the
+ * correct type (e.g. LDAPResult or LDAPSearchResult)
+ */
+ LDAPMsg* getNext();
+
+ /**
+ * For internat use only.
+ *
+ * The method is used to start the automatic referral chasing
+ */
+ LDAPRequest* chaseReferral(LDAPMsg* ref);
+
+ /**
+ * For internal use only
+ *
+ * The referral chasing algorithm needs this method to see the
+ * currently active requests.
+ */
+ LDAPRequestStack* getRequestStack();
+
+ private :
+ LDAPRequestStack m_activeReq;
+ LDAPRequestList m_issuedReq;
+};
+#endif //ifndef LDAP_MESSAGE_QUEUE_H
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModDNRequest.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModDNRequest.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModDNRequest.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <ldap.h>
+
+#include "debug.h"
+
+#include "LDAPModDNRequest.h"
+#include "LDAPException.h"
+#include "LDAPResult.h"
+#include "LDAPUrlList.h"
+
+using namespace std;
+
+LDAPModDNRequest::LDAPModDNRequest(const LDAPModDNRequest& req) :
+ LDAPRequest(req){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPModDNRequest::LDAPModDNRequest(&)" << endl);
+ m_dn = req.m_dn;
+ m_newRDN = req.m_newRDN;
+ m_newParentDN = req.m_newParentDN;
+ m_deleteOld = req.m_deleteOld;
+}
+
+LDAPModDNRequest::LDAPModDNRequest(const string& dn, const string& newRDN,
+ bool deleteOld, const string& newParentDN,
+ LDAPAsynConnection *connect,
+ const LDAPConstraints *cons, bool isReferral,
+ const LDAPRequest* parent):
+ LDAPRequest(connect, cons, isReferral, parent){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPModDNRequest::LDAPModDNRequest(&)" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+ " dn:" << dn << endl << " newRDN:" << newRDN << endl
+ << " deleteOld:" << deleteOld << endl
+ << " newParent:" << newParentDN << endl);
+ m_dn = dn;
+ m_newRDN = newRDN;
+ m_newParentDN = newParentDN;
+ m_deleteOld=deleteOld;
+}
+
+LDAPModDNRequest::~LDAPModDNRequest(){
+ DEBUG(LDAP_DEBUG_DESTROY, "LDAPModDNRequest::~LDAPModDNRequest()" << endl);
+}
+
+LDAPMessageQueue* LDAPModDNRequest::sendRequest(){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPModDNRequest::sendRequest()" << endl);
+ int msg_id;
+ const char* newRDN = (m_newRDN == "" ? 0 :m_newRDN.c_str());
+ const char* newParentDN = (m_newParentDN == "" ?
+ 0 :
+ m_newParentDN.c_str());
+ LDAPControl** tmpSrvCtrls=m_cons->getSrvCtrlsArray();
+ LDAPControl** tmpClCtrls=m_cons->getClCtrlsArray();
+ int err=ldap_rename(m_connection->getSessionHandle(),m_dn.c_str(),newRDN,
+ newParentDN,m_deleteOld ? 1 : 0, tmpSrvCtrls, tmpClCtrls,&msg_id);
+ LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+ LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+ if(err!=LDAP_SUCCESS){
+ throw LDAPException(err);
+ }else{
+ m_msgID=msg_id;
+ return new LDAPMessageQueue(this);
+ }
+}
+
+LDAPRequest* LDAPModDNRequest::followReferral(LDAPMsg* ref){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPModifyRequest::followReferral()" << endl);
+ LDAPUrlList::const_iterator usedUrl;
+ LDAPUrlList urls = ((LDAPResult*)ref)->getReferralUrls();
+ LDAPAsynConnection* con = 0;
+ try {
+ con = getConnection()->referralConnect(urls,usedUrl,m_cons);
+ } catch(LDAPException e){
+ delete con;
+ return 0;
+ }
+ if(con != 0){
+ return new LDAPModDNRequest(m_dn, m_newRDN, m_deleteOld, m_newParentDN,
+ con, m_cons,true,this);
+ }
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModDNRequest.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModDNRequest.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModDNRequest.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_MOD_DN_REQUEST_H
+#define LDAP_MOD_DN_REQUEST_H
+
+#include <LDAPRequest.h>
+
+class LDAPModDNRequest : LDAPRequest {
+
+ public:
+ LDAPModDNRequest(const LDAPModDNRequest& req);
+ LDAPModDNRequest(const std::string& dn, const std::string& newRDN,
+ bool deleteOld, const std::string& newParentDN,
+ LDAPAsynConnection *connect, const LDAPConstraints *cons,
+ bool isReferral=false, const LDAPRequest* parent=0);
+ virtual ~LDAPModDNRequest();
+
+ virtual LDAPMessageQueue* sendRequest();
+ virtual LDAPRequest* followReferral(LDAPMsg* urls);
+
+ private:
+ std::string m_dn;
+ std::string m_newRDN;
+ std::string m_newParentDN;
+ bool m_deleteOld;
+};
+
+#endif // LDAP_MOD_DN_REQUEST_H
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModList.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModList.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModList.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPModList.h"
+#include "debug.h"
+
+using namespace std;
+
+LDAPModList::LDAPModList(){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPModList::LDAPModList()" << endl);
+}
+
+LDAPModList::LDAPModList(const LDAPModList& ml){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPModList::LDAPModList(&)" << endl);
+ m_modList=ml.m_modList;
+}
+
+void LDAPModList::addModification(const LDAPModification &mod){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPModList::addModification()" << endl);
+ m_modList.push_back(mod);
+}
+
+LDAPMod** LDAPModList::toLDAPModArray(){
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPModList::toLDAPModArray()" << endl);
+ LDAPMod **ret = (LDAPMod**) malloc(
+ (m_modList.size()+1) * sizeof(LDAPMod*));
+ ret[m_modList.size()]=0;
+ LDAPModList::ListType::const_iterator i;
+ int j=0;
+ for (i=m_modList.begin(); i != m_modList.end(); i++ , j++){
+ ret[j]=i->toLDAPMod();
+ }
+ return ret;
+}
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModList.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModList.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModList.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_MOD_LIST_H
+#define LDAP_MOD_LIST_H
+
+#include <ldap.h>
+#include <list>
+#include <LDAPModification.h>
+
+/**
+ * This container class is used to store multiple LDAPModification-objects.
+ */
+class LDAPModList{
+ typedef std::list<LDAPModification> ListType;
+
+ public :
+ /**
+ * Constructs an empty list.
+ */
+ LDAPModList();
+
+ /**
+ * Copy-constructor
+ */
+ LDAPModList(const LDAPModList&);
+
+ /**
+ * Adds one element to the end of the list.
+ * @param mod The LDAPModification to add to the std::list.
+ */
+ void addModification(const LDAPModification &mod);
+
+ /**
+ * Translates the list to a 0-terminated array of
+ * LDAPMod-structures as needed by the C-API
+ */
+ LDAPMod** toLDAPModArray();
+
+ private :
+ ListType m_modList;
+};
+#endif //LDAP_MOD_LIST_H
+
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModification.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModification.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModification.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPModification.h"
+#include "debug.h"
+
+using namespace std;
+
+LDAPModification::LDAPModification(const LDAPAttribute& attr, mod_op op){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPModification::LDAPModification()" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+ " attr:" << attr << endl);
+ m_attr = attr;
+ m_mod_op = op;
+}
+
+LDAPMod* LDAPModification::toLDAPMod() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPModification::toLDAPMod()" << endl);
+ LDAPMod* ret=m_attr.toLDAPMod();
+
+ //The mod_op value of the LDAPMod-struct needs to be ORed with the right
+ // LDAP_MOD_* constant to preserve the BIN-flag (see CAPI-draft for
+ // explanation of the LDAPMod struct)
+ switch (m_mod_op){
+ case OP_ADD :
+ ret->mod_op |= LDAP_MOD_ADD;
+ break;
+ case OP_DELETE :
+ ret->mod_op |= LDAP_MOD_DELETE;
+ break;
+ case OP_REPLACE :
+ ret->mod_op |= LDAP_MOD_REPLACE;
+ break;
+ }
+ return ret;
+}
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModification.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModification.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModification.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_MODIFICATION_H
+#define LDAP_MODIFICATION_H
+
+#include <ldap.h>
+#include <LDAPAttribute.h>
+
+class LDAPModification{
+ public:
+ enum mod_op {OP_ADD, OP_DELETE, OP_REPLACE};
+
+ LDAPModification(const LDAPAttribute& attr, mod_op op);
+ LDAPMod *toLDAPMod() const;
+
+ private:
+ LDAPAttribute m_attr;
+ mod_op m_mod_op;
+
+};
+#endif //LDAP_MODIFICATION_H
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModifyRequest.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModifyRequest.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModifyRequest.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <ldap.h>
+
+#include "debug.h"
+
+#include "LDAPModifyRequest.h"
+#include "LDAPException.h"
+#include "LDAPMessageQueue.h"
+#include "LDAPResult.h"
+
+using namespace std;
+
+LDAPModifyRequest::LDAPModifyRequest(const LDAPModifyRequest& req) :
+ LDAPRequest(req){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPModifyRequest::LDAPModifyRequest(&)" << endl);
+ m_modList = new LDAPModList(*(req.m_modList));
+ m_dn = req.m_dn;
+}
+
+LDAPModifyRequest::LDAPModifyRequest(const string& dn,
+ const LDAPModList *modList, LDAPAsynConnection *connect,
+ const LDAPConstraints *cons, bool isReferral,
+ const LDAPRequest* parent) :
+ LDAPRequest(connect, cons, isReferral, parent){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPModifyRequest::LDAPModifyRequest(&)" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+ " dn:" << dn << endl);
+ m_dn = dn;
+ m_modList = new LDAPModList(*modList);
+}
+
+LDAPModifyRequest::~LDAPModifyRequest(){
+ DEBUG(LDAP_DEBUG_DESTROY,
+ "LDAPModifyRequest::~LDAPModifyRequest()" << endl);
+ delete m_modList;
+}
+
+LDAPMessageQueue* LDAPModifyRequest::sendRequest(){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPModifyRequest::sendRequest()" << endl);
+ int msgID=0;
+ LDAPControl** tmpSrvCtrls=m_cons->getSrvCtrlsArray();
+ LDAPControl** tmpClCtrls=m_cons->getClCtrlsArray();
+ LDAPMod** tmpMods=m_modList->toLDAPModArray();
+ int err=ldap_modify_ext(m_connection->getSessionHandle(),m_dn.c_str(),
+ tmpMods, tmpSrvCtrls, tmpClCtrls,&msgID);
+ LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+ LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+ ldap_mods_free(tmpMods,1);
+ if(err != LDAP_SUCCESS){
+ throw LDAPException(err);
+ }else{
+ m_msgID=msgID;
+ return new LDAPMessageQueue(this);
+ }
+}
+
+LDAPRequest* LDAPModifyRequest::followReferral(LDAPMsg* ref){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPModifyRequest::followReferral()" << endl);
+ LDAPUrlList::const_iterator usedUrl;
+ LDAPUrlList urls = ((LDAPResult*)ref)->getReferralUrls();
+ LDAPAsynConnection* con = 0;
+ try {
+ con = getConnection()->referralConnect(urls,usedUrl,m_cons);
+ } catch(LDAPException e){
+ delete con;
+ return 0;
+ }
+ if(con != 0){
+ return new LDAPModifyRequest(m_dn, m_modList, con, m_cons,true,this);
+ }
+ return 0;
+}
+
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModifyRequest.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModifyRequest.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPModifyRequest.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_MODIFY_REQUEST_H
+#define LDAP_MODIFY_REQUEST_H
+
+#include <LDAPRequest.h>
+
+class LDAPMessageQueue;
+
+class LDAPModifyRequest : LDAPRequest {
+ private :
+ std::string m_dn;
+ LDAPModList *m_modList;
+
+ public:
+ LDAPModifyRequest(const LDAPModifyRequest& mod);
+ LDAPModifyRequest(const std::string& dn, const LDAPModList *modList,
+ LDAPAsynConnection *connect, const LDAPConstraints *cons,
+ bool isReferral=false, const LDAPRequest* req=0);
+ virtual ~LDAPModifyRequest();
+ virtual LDAPMessageQueue* sendRequest();
+ virtual LDAPRequest* followReferral(LDAPMsg* refs);
+};
+
+#endif // LDAP_MODIFY_REQUEST_H
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPObjClass.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPObjClass.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPObjClass.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2003, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "debug.h"
+#include "LDAPObjClass.h"
+
+
+LDAPObjClass::LDAPObjClass(){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPObjClass::LDAPObjClass( )" << endl);
+
+ oid = string ();
+ desc = string ();
+ names = StringList ();
+ must = StringList();
+ may = StringList();
+ sup = StringList();
+}
+
+LDAPObjClass::LDAPObjClass (const LDAPObjClass &oc){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPObjClass::LDAPObjClass( )" << endl);
+
+ oid = oc.oid;
+ desc = oc.desc;
+ names = oc.names;
+ must = oc.must;
+ may = oc.may;
+ kind = oc.kind;
+ sup = oc.sup;
+}
+
+LDAPObjClass::LDAPObjClass (string oc_item) {
+
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPObjClass::LDAPObjClass( )" << endl);
+
+ LDAPObjectClass *o;
+ int ret;
+ const char *errp;
+ o = ldap_str2objectclass ( oc_item.c_str(), &ret, &errp, SCHEMA_PARSE_FLAG);
+
+ if (o) {
+ this->setNames (o->oc_names);
+ this->setDesc (o->oc_desc);
+ this->setOid (o->oc_oid);
+ this->setKind (o->oc_kind);
+ this->setMust (o->oc_at_oids_must);
+ this->setMay (o->oc_at_oids_may);
+ this->setSup (o->oc_sup_oids);
+ }
+ // else? -> error
+}
+
+LDAPObjClass::~LDAPObjClass() {
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPObjClass::~LDAPObjClass()" << endl);
+}
+
+void LDAPObjClass::setKind (int oc_kind) {
+ kind = oc_kind;
+}
+
+void LDAPObjClass::setNames (char **oc_names) {
+ names = StringList (oc_names);
+}
+
+void LDAPObjClass::setMust (char **oc_must) {
+ must = StringList (oc_must);
+}
+
+void LDAPObjClass::setMay (char **oc_may) {
+ may = StringList (oc_may);
+}
+
+void LDAPObjClass::setSup (char **oc_sup) {
+ sup = StringList (oc_sup);
+}
+
+void LDAPObjClass::setDesc (char *oc_desc) {
+ desc = string ();
+ if (oc_desc)
+ desc = oc_desc;
+}
+
+void LDAPObjClass::setOid (char *oc_oid) {
+ oid = string ();
+ if (oc_oid)
+ oid = oc_oid;
+}
+
+string LDAPObjClass::getOid () {
+ return oid;
+}
+
+string LDAPObjClass::getDesc () {
+ return desc;
+}
+
+StringList LDAPObjClass::getNames () {
+ return names;
+}
+
+StringList LDAPObjClass::getMust () {
+ return must;
+}
+
+StringList LDAPObjClass::getMay () {
+ return may;
+}
+
+StringList LDAPObjClass::getSup () {
+ return sup;
+}
+
+string LDAPObjClass::getName () {
+
+ if (names.empty())
+ return "";
+ else
+ return *(names.begin());
+}
+
+int LDAPObjClass::getKind () {
+ return kind;
+}
+
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPObjClass.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPObjClass.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPObjClass.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2003, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_OBJCLASS_H
+#define LDAP_OBJCLASS_H
+
+#include <ldap_schema.h>
+#include <string>
+
+#include "StringList.h"
+
+#define SCHEMA_PARSE_FLAG 0x03
+
+
+using namespace std;
+
+/**
+ * Represents the Object Class (from LDAP schema)
+ */
+class LDAPObjClass{
+ private :
+ StringList names, must, may, sup;
+ string desc, oid;
+ int kind;
+
+ public :
+
+ /**
+ * Constructs an empty object.
+ */
+ LDAPObjClass();
+
+ /**
+ * Copy constructor
+ */
+ LDAPObjClass (const LDAPObjClass& oc);
+
+ /**
+ * Constructs new object and fills the data structure by parsing the
+ * argument.
+ * @param oc_item description of object class is string returned
+ * by the search command. It is in the form:
+ * "( SuSE.YaST.OC:5 NAME 'userTemplate' SUP objectTemplate STRUCTURAL
+ * DESC 'User object template' MUST ( cn ) MAY ( secondaryGroup ))"
+ */
+ LDAPObjClass (string oc_item);
+
+ /**
+ * Destructor
+ */
+ virtual ~LDAPObjClass();
+
+ /**
+ * Returns object class description
+ */
+ string getDesc ();
+
+ /**
+ * Returns object class oid
+ */
+ string getOid ();
+
+ /**
+ * Returns object class name (first one if there are more of them)
+ */
+ string getName ();
+
+ /**
+ * Returns object class kind: 0=ABSTRACT, 1=STRUCTURAL, 2=AUXILIARY
+ */
+ int getKind ();
+
+ /**
+ * Returns all object class names
+ */
+ StringList getNames();
+
+ /**
+ * Returns list of required attributes
+ */
+ StringList getMust();
+
+ /**
+ * Returns list of allowed (and not required) attributes
+ */
+ StringList getMay();
+
+ /**
+ * Returns list of the OIDs of the superior ObjectClasses
+ */
+ StringList getSup();
+
+ void setNames (char **oc_names);
+ void setMay (char **oc_may);
+ void setMust (char **oc_must);
+ void setDesc (char *oc_desc);
+ void setOid (char *oc_oid);
+ void setKind (int oc_kind);
+ void setSup (char **oc_sup);
+
+};
+
+#endif // LDAP_OBJCLASS_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebind.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebind.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebind.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,8 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "LDAPRebind.h"
+
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebind.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebind.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebind.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_REBIND_H
+#define LDAP_REBIND_H
+
+#include <string>
+#include <LDAPRebindAuth.h>
+
+/**
+ * Just an abstract class to provide a mechnism for rebind to another
+ * server when chasing referrals. Clients have to implement a class
+ * derived from this. To use authentication other than anonymous for
+ * referral chasing
+ */
+
+class LDAPRebind{
+ public:
+ virtual ~LDAPRebind() {}
+ virtual LDAPRebindAuth* getRebindAuth(const std::string& hostname,
+ int port) const = 0;
+};
+#endif //LDAP_REBIND_H
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebindAuth.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebindAuth.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebindAuth.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <iostream>
+
+#include "LDAPRebindAuth.h"
+#include "debug.h"
+
+using namespace std;
+
+LDAPRebindAuth::LDAPRebindAuth(const string& dn, const string& pwd){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPRebindAuth::LDAPRebindAuth()" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER," dn:" << dn << endl
+ << " pwd:" << pwd << endl);
+ m_dn=dn;
+ m_password=pwd;
+}
+
+LDAPRebindAuth::LDAPRebindAuth(const LDAPRebindAuth& lra){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPRebindAuth::LDAPRebindAuth(&)" << endl);
+ m_dn=lra.m_dn;
+ m_password=lra.m_password;
+}
+
+LDAPRebindAuth::~LDAPRebindAuth(){
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPRebindAuth::~LDAPRebindAuth()" << endl);
+}
+
+const string& LDAPRebindAuth::getDN() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPRebindAuth::getDN()" << endl);
+ return m_dn;
+}
+
+const string& LDAPRebindAuth::getPassword() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPRebindAuth::getPassword()" << endl);
+ return m_password;
+}
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebindAuth.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebindAuth.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRebindAuth.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_REBIND_AUTH_H
+#define LDAP_REBIND_AUTH_H
+
+#include<string>
+
+/**
+ * This class represent Authenication information for the case that the
+ * library is chasing referrals.
+ *
+ * The LDAPRebind::getRebindAuth() method returns an object of this type.
+ * And the library uses it to authentication to the destination server of a
+ * referral.
+ * @note currently only SIMPLE authentication is supported by the library
+ */
+class LDAPRebindAuth{
+ public:
+ /**
+ * @param dn The DN that should be used for the authentication
+ * @param pwd The password that belongs to the DN
+ */
+ LDAPRebindAuth(const std::string& dn="", const std::string& pwd="");
+
+ /**
+ * Copy-constructor
+ */
+ LDAPRebindAuth(const LDAPRebindAuth& lra);
+
+ /**
+ * Destructor
+ */
+ virtual ~LDAPRebindAuth();
+
+ /**
+ * @return The DN that was set in the constructor
+ */
+ const std::string& getDN() const;
+
+ /**
+ * @return The password that was set in the constructor
+ */
+ const std::string& getPassword() const;
+
+ private:
+ std::string m_dn;
+ std::string m_password;
+};
+
+#endif //LDAP_REBIND_AUTH_H
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferenceList.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferenceList.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferenceList.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPReferenceList.h"
+#include "LDAPSearchReference.h"
+
+LDAPReferenceList::LDAPReferenceList(){
+}
+
+LDAPReferenceList::LDAPReferenceList(const LDAPReferenceList& e){
+ m_refs = e.m_refs;
+}
+
+LDAPReferenceList::~LDAPReferenceList(){
+}
+
+size_t LDAPReferenceList::size() const{
+ return m_refs.size();
+}
+
+bool LDAPReferenceList::empty() const{
+ return m_refs.empty();
+}
+
+LDAPReferenceList::const_iterator LDAPReferenceList::begin() const{
+ return m_refs.begin();
+}
+
+LDAPReferenceList::const_iterator LDAPReferenceList::end() const{
+ return m_refs.end();
+}
+
+void LDAPReferenceList::addReference(const LDAPSearchReference& e){
+ m_refs.push_back(e);
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferenceList.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferenceList.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferenceList.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_REFERENCE_LIST_H
+#define LDAP_REFERENCE_LIST_H
+
+#include <list>
+
+class LDAPSearchReference;
+
+/**
+ * Container class for storing a list of Search References
+ *
+ * Used internally only by LDAPSearchResults
+ */
+class LDAPReferenceList{
+ typedef std::list<LDAPSearchReference> ListType;
+
+ public:
+ typedef ListType::const_iterator const_iterator;
+
+ /**
+ * Constructs an empty list.
+ */
+ LDAPReferenceList();
+
+ /**
+ * Copy-constructor
+ */
+ LDAPReferenceList(const LDAPReferenceList& rl);
+
+ /**
+ * Destructor
+ */
+ ~LDAPReferenceList();
+
+ /**
+ * @return The number of LDAPSearchReference-objects that are
+ * currently stored in this list.
+ */
+ size_t size() const;
+
+ /**
+ * @return true if there are zero LDAPSearchReference-objects
+ * currently stored in this list.
+ */
+ bool empty() const;
+
+ /**
+ * @return A iterator that points to the first element of the list.
+ */
+ const_iterator begin() const;
+
+ /**
+ * @return A iterator that points to the element after the last
+ * element of the list.
+ */
+ const_iterator end() const;
+
+ /**
+ * Adds one element to the end of the list.
+ * @param e The LDAPSearchReference to add to the list.
+ */
+ void addReference(const LDAPSearchReference& e);
+
+ private:
+ ListType m_refs;
+};
+#endif // LDAP_REFERENCE_LIST_H
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferralException.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferralException.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferralException.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include <iostream>
+#include "LDAPException.h"
+#include "LDAPReferralException.h"
+#include "LDAPResult.h"
+#include "LDAPRequest.h"
+#include "LDAPUrl.h"
+
+LDAPReferralException::LDAPReferralException(const LDAPUrlList& urls) :
+ LDAPException(LDAPResult::REFERRAL) , m_urlList(urls){
+}
+
+LDAPReferralException::~LDAPReferralException(){
+}
+
+const LDAPUrlList& LDAPReferralException::getUrls(){
+ return m_urlList;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferralException.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferralException.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPReferralException.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_REFERRAL_EXCEPTION_H
+#define LDAP_REFERRAL_EXCEPTION_H
+
+#include <list>
+#include <LDAPMessage.h>
+#include <LDAPUrlList.h>
+
+class LDAPUrlList;
+
+/**
+ * This class extends LDAPException and is used to signalize Referrals
+ * there were received during synchronous LDAP-operations
+ */
+class LDAPReferralException : public LDAPException{
+
+ public :
+ /**
+ * Creates an object that is initialized with a list of URLs
+ */
+ LDAPReferralException(const LDAPUrlList& urls);
+
+ /**
+ * Destructor
+ */
+ ~LDAPReferralException();
+
+ /**
+ * @return The List of URLs of the Referral/Search Reference
+ */
+ const LDAPUrlList& getUrls();
+
+ private :
+ LDAPUrlList m_urlList;
+};
+
+#endif //LDAP_REFERRAL_EXCEPTION_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRequest.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRequest.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRequest.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "debug.h"
+#include "LDAPRequest.h"
+
+using namespace std;
+
+LDAPRequest::LDAPRequest(){
+ DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPRequest::LDAPRequest()" << endl);
+}
+
+LDAPRequest::LDAPRequest(const LDAPRequest& req){
+ DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPRequest::LDAPRequest(&)" << endl);
+ m_isReferral=req.m_isReferral;
+ m_cons = new LDAPConstraints(*(req.m_cons));
+ m_connection = req.m_connection;
+ m_parent = req.m_parent;
+ m_hopCount = req.m_hopCount;
+ m_msgID = req.m_msgID;
+}
+
+LDAPRequest::LDAPRequest(LDAPAsynConnection* con,
+ const LDAPConstraints* cons,bool isReferral, const LDAPRequest* parent){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPRequest::LDAPRequest()" << endl);
+ m_connection=con;
+ if(cons == 0){
+ m_cons=new LDAPConstraints( *(con->getConstraints()) );
+ }else{
+ m_cons=new LDAPConstraints( *cons);
+ }
+ m_isReferral=isReferral;
+ if(m_isReferral){
+ m_hopCount = (parent->getHopCount()+1);
+ m_parent= parent;
+ }else{
+ m_hopCount=0;
+ m_parent=0;
+ }
+}
+
+LDAPRequest::~LDAPRequest(){
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPRequest::~LDAPRequest()" << endl);
+ delete m_cons;
+}
+
+const LDAPConstraints* LDAPRequest::getConstraints() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::getConstraints()" << endl);
+ return m_cons;
+}
+
+const LDAPAsynConnection* LDAPRequest::getConnection() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::getConnection()" << endl);
+ return m_connection;
+}
+
+int LDAPRequest::getType() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::getType()" << endl);
+ return m_requestType;
+}
+
+int LDAPRequest::getMsgID() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::getMsgId()" << endl);
+ return m_msgID;
+}
+
+int LDAPRequest::getHopCount() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::getHopCount()" << endl);
+ return m_hopCount;
+}
+
+const LDAPRequest* LDAPRequest::getParent() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::getParent()" << endl);
+ return m_parent;
+}
+
+bool LDAPRequest::isReferral() const {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::isReferral()" << endl);
+ return m_isReferral;
+}
+
+bool LDAPRequest::equals(const LDAPRequest* req) const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::equals()" << endl);
+ if( (this->m_requestType == req->getType()) &&
+ (this->m_connection->getHost() == req->m_connection->getHost()) &&
+ (this->m_connection->getPort() == req->m_connection->getPort())
+ ){
+ return true;
+ }return false;
+}
+
+bool LDAPRequest::isCycle() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::isCycle()" << endl);
+ const LDAPRequest* parent=m_parent;
+ if(parent != 0){
+ do{
+ if(this->equals(parent)){
+ return true;
+ }else{
+ parent=parent->getParent();
+ }
+ }
+ while(parent != 0);
+ }
+ return false;
+}
+
+void LDAPRequest::unbind() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::unbind()" << endl);
+ m_connection->unbind();
+}
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRequest.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRequest.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPRequest.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_REQUEST_H
+#define LDAP_REQUEST_H
+
+#include <LDAPConstraints.h>
+#include <LDAPAsynConnection.h>
+#include <LDAPMessageQueue.h>
+
+class LDAPUrl;
+
+/**
+ * For internal use only
+ *
+ * Each request that is sent to a LDAP-server by this library is
+ * represented by a special object that contains the parameters and some
+ * other info of the request. This virtual class is the common base classe
+ * for these specialized request classes.
+ */
+class LDAPRequest{
+
+ public :
+ static const int BIND=0;
+ static const int UNBIND=2;
+ static const int SEARCH=3;
+ static const int MODIFY=7;
+ static const int ADD=8;
+ static const int DELETE=10;
+ static const int COMPARE=14;
+
+ LDAPRequest(const LDAPRequest& req);
+ LDAPRequest(LDAPAsynConnection* conn,
+ const LDAPConstraints* cons, bool isReferral=false,
+ const LDAPRequest* parent=0);
+ virtual ~LDAPRequest();
+
+ const LDAPConstraints* getConstraints() const;
+ const LDAPAsynConnection* getConnection() const;
+ int getType()const;
+ int getMsgID() const;
+ int getHopCount() const;
+
+ /**
+ * @return The LDAPRequest that has created this object. Or 0 if
+ * this object was not created by another request.
+ */
+ const LDAPRequest* getParent() const;
+
+ /**
+ * @return true if this object was created during the automatic
+ * chasing of referrals. Otherwise false
+ */
+ bool isReferral() const;
+
+ void unbind() const;
+
+ /**
+ * This method encodes the request an calls the apprpriate
+ * functions of the C-API to send the Request to a LDAP-Server
+ */
+ virtual LDAPMessageQueue* sendRequest()=0;
+ virtual LDAPRequest* followReferral(LDAPMsg* ref)=0;
+
+ /**
+ * Compare this request with another on. And returns true if they
+ * have the same parameters.
+ */
+ virtual bool equals(const LDAPRequest* req) const;
+
+ bool isCycle() const;
+
+ protected :
+ bool m_isReferral;
+ int m_requestType;
+ LDAPConstraints *m_cons;
+ LDAPAsynConnection *m_connection;
+ const LDAPRequest* m_parent;
+ int m_hopCount;
+ int m_msgID; //the associated C-API Message ID
+ LDAPRequest();
+};
+#endif //LDAP_REQUEST_H
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPResult.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPResult.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPResult.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "debug.h"
+#include"LDAPResult.h"
+#include"LDAPAsynConnection.h"
+#include "LDAPRequest.h"
+#include "LDAPException.h"
+
+using namespace std;
+
+LDAPResult::LDAPResult(const LDAPRequest *req, LDAPMessage *msg) :
+ LDAPMsg(msg){
+ if(msg != 0){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPResult::LDAPResult()" << endl);
+ const LDAPAsynConnection *con=req->getConnection();
+ char **refs=0;
+ LDAPControl** srvctrls=0;
+ char* matchedDN=0;
+ char* errMsg=0;
+ int err=ldap_parse_result(con->getSessionHandle(),msg,&m_resCode,
+ &matchedDN, &errMsg,&refs,&srvctrls,0);
+ if(err != LDAP_SUCCESS){
+ ber_memvfree((void**) refs);
+ ldap_controls_free(srvctrls);
+ throw LDAPException(err);
+ }else{
+ if (refs){
+ m_referrals=LDAPUrlList(refs);
+ ber_memvfree((void**) refs);
+ }
+ if (srvctrls){
+ m_srvControls = LDAPControlSet(srvctrls);
+ m_hasControls = true;
+ ldap_controls_free(srvctrls);
+ }else{
+ m_hasControls = false;
+ }
+ if(matchedDN != 0){
+ m_matchedDN=string(matchedDN);
+ free(matchedDN);
+ }
+ if(errMsg != 0){
+ m_errMsg=string(errMsg);
+ free(errMsg);
+ }
+ }
+ }
+}
+
+LDAPResult::~LDAPResult(){
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPResult::~LDAPResult()" << endl);
+}
+
+int LDAPResult::getResultCode() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPResult::getResultCode()" << endl);
+ return m_resCode;
+}
+
+string LDAPResult::resToString() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPResult::resToString()" << endl);
+ return string(ldap_err2string(m_resCode));
+}
+
+const string& LDAPResult::getErrMsg() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPResult::getErrMsg()" << endl);
+ return m_errMsg;
+}
+
+const string& LDAPResult::getMatchedDN() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPResult::getMatchedDN()" << endl);
+ return m_matchedDN;
+}
+
+const LDAPUrlList& LDAPResult::getReferralUrls() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPResult::getReferralUrl()" << endl);
+ return m_referrals;
+}
+
+ostream& operator<<(ostream &s,LDAPResult &l){
+ return s << "Result: " << l.m_resCode << ": "
+ << ldap_err2string(l.m_resCode) << endl
+ << "Matched: " << l.m_matchedDN << endl << "ErrMsg: " << l.m_errMsg;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPResult.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPResult.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPResult.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,160 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_RESULT_H
+#define LDAP_RESULT_H
+
+#include<iostream>
+#include<ldap.h>
+#include <LDAPMessage.h>
+#include <LDAPControlSet.h>
+#include <LDAPUrlList.h>
+
+class LDAPRequest;
+class LDAPAsynConnection;
+
+/**
+ * This class is for representing LDAP-Result-Messages.
+ *
+ * It represents all Messages that were returned
+ * from LDAP-Operations except for Messages of the Type
+ * LDAPMsg::SEARCH_ENTRY, LDAPMsg::SEARCH_REFERENCE and
+ * LDAPMsg::EXTENDED_RESPONSE. <BR>
+ * It defines a integer constant for every possible result type that can be
+ * returned by the server.
+ */
+class LDAPResult : public LDAPMsg{
+ public :
+ //Error codes from RFC 2251
+ static const int SUCCESS = 0;
+ static const int OPERATIONS_ERROR = 1;
+ static const int PROTOCOL_ERROR = 2;
+ static const int TIME_LIMIT_EXCEEDED = 3;
+ static const int SIZE_LIMIT_EXCEEDED = 4;
+ static const int COMPARE_FALSE = 5;
+ static const int COMPARE_TRUE = 6;
+ static const int AUTH_METHOD_NOT_SUPPORTED = 7;
+ static const int STRONG_AUTH_REQUIRED = 8;
+
+ static const int REFERRAL = 10;
+ static const int ADMIN_LIMIT_EXCEEDED = 11;
+ static const int UNAVAILABLE_CRITICAL_EXTENSION = 12;
+ static const int CONFIDENTIALITY_REQUIRED = 13;
+ static const int SASL_BIND_IN_PROGRESS = 14;
+
+ static const int NO_SUCH_ATTRIBUTE = 16;
+ static const int UNDEFINED_ATTRIBUTE_TYP = 17;
+ static const int INAPPROPRIATE_MATCHING = 18;
+ static const int CONSTRAINT_VIOLATION = 19;
+ static const int ATTRIBUTE_OR_VALUE_EXISTS = 20;
+ static const int INVALID_ATTRIBUTE_SYNTAX = 21;
+
+ static const int NO_SUCH_OBJECT = 32;
+ static const int ALIAS_PROBLEM = 33;
+ static const int INVALID_DN_SYNTAX = 34;
+
+ static const int ALIAS_DEREFERENCING_PROBLEM = 36;
+
+ static const int INAPPROPRIATE_AUTENTICATION = 48;
+ static const int INVALID_CREDENTIALS = 49;
+ static const int INSUFFICIENT_ACCESS = 50;
+ static const int BUSY = 51;
+ static const int UNAVAILABLE = 52;
+ static const int UNWILLING_TO_PERFORM = 53;
+ static const int LOOP_DETECT = 54;
+
+ static const int NAMING_VIOLATION = 64;
+ static const int OBJECT_CLASS_VIOLATION = 65;
+ static const int NOT_ALLOWED_ON_NONLEAF = 66;
+ static const int NOT_ALLOWED_ON_RDN = 67;
+ static const int ENTRY_ALREADY_EXISTS = 68;
+ static const int OBJECT_CLASS_MODS_PROHIBITED = 69;
+
+ static const int AFFECTS_MULTIPLE_DSAS = 71;
+
+ // some Errorcodes defined in the LDAP C API DRAFT
+ static const int OTHER = 80;
+ static const int SERVER_DOWN = 81;
+ static const int LOCAL_ERROR = 82;
+ static const int ENCODING_ERROR = 83;
+ static const int DECODING_ERROR = 84;
+ static const int TIMEOUT = 85;
+ static const int AUTH_UNKNOWN = 86;
+ static const int FILTER_ERROR = 87;
+ static const int USER_CANCELLED = 88;
+ static const int PARAM_ERROR = 89;
+ static const int NO_MEMORY = 90;
+ static const int CONNECT_ERROR = 91;
+ static const int NOT_SUPPORTED = 92;
+ static const int CONTROL_NOT_FOUND = 93;
+ static const int NO_RESULTS_RETURNED = 94;
+ static const int MORE_RESULTS_TO_RETURN = 95;
+ static const int CLIENT_LOOP = 96;
+ static const int REFERRAL_LIMIT_EXCEEDED = 97;
+
+ /**
+ * This constructor is called by the LDAPMsg::create method in
+ * order to parse a LDAPResult-Message
+ * @param req The request the result is associated with.
+ * @param msg The LDAPMessage-structure that contains the
+ * Message.
+ */
+ LDAPResult(const LDAPRequest *req, LDAPMessage *msg);
+
+ /**
+ * The destructor.
+ */
+ virtual ~LDAPResult();
+
+ /**
+ * @returns The result code of the Message. Possible values are the
+ * integer constants defined in this class.
+ */
+ int getResultCode() const;
+
+ /**
+ * This method transforms the result code to a human-readable
+ * result message.
+ * @returns A std::string containing the result message.
+ */
+ std::string resToString() const;
+
+ /**
+ * In some case of error the server may return addional error
+ * messages.
+ * @returns The additional error message returned by the server.
+ */
+ const std::string& getErrMsg() const;
+
+ /**
+ * For messages with a result code of: NO_SUCH_OBJECT,
+ * ALIAS_PROBLEM, ALIAS_DEREFERENCING_PROBLEM or INVALID_DN_SYNTAX
+ * the server returns the DN of deepest entry in the DIT that could
+ * be found for this operation.
+ * @returns The Matched-DN value that was returned by the server.
+ */
+ const std::string& getMatchedDN() const;
+
+ /**
+ * @returns If the result code is REFERRAL this methode returns the
+ * URLs of the referral that was sent by the server.
+ */
+ const LDAPUrlList& getReferralUrls() const;
+
+ private :
+ int m_resCode;
+ std::string m_matchedDN;
+ std::string m_errMsg;
+ LDAPUrlList m_referrals;
+
+ /**
+ * This method can be used to dump the data of a LDAPResult-Object.
+ * It is only useful for debugging purposes at the moment
+ */
+ friend std::ostream& operator<<(std::ostream &s,LDAPResult &l);
+};
+#endif //LDAP_RESULT_H
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSchema.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSchema.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSchema.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2003, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "debug.h"
+#include "StringList.h"
+#include "LDAPSchema.h"
+
+#include <ctype.h>
+
+using namespace std;
+
+LDAPSchema::LDAPSchema(){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPSchema::LDAPSchema( )" << endl);
+}
+
+LDAPSchema::~LDAPSchema() {
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPSchema::~LDAPSchema()" << endl);
+}
+
+void LDAPSchema::setObjectClasses (const StringList &ocs) {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPSchema::setObjectClasses()" << endl);
+
+ // parse the stringlist and save it to global map...
+ StringList::const_iterator i,j;
+ for (i = ocs.begin(); i != ocs.end(); i++) {
+ LDAPObjClass oc ( (*i) );
+ StringList names = oc.getNames();
+ // there could be more names for one object...
+ for (j = names.begin(); j != names.end(); j++) {
+ string lc_name = *j;
+ string::iterator k;
+ for ( k = lc_name.begin(); k != lc_name.end(); k++ ) {
+ (*k) = tolower(*k);
+ }
+ object_classes [lc_name] = LDAPObjClass (oc);
+ }
+ }
+}
+
+void LDAPSchema::setAttributeTypes (const StringList &ats) {
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPSchema::setAttributeTypes()" << endl);
+
+ // parse the stringlist and save it to global map...
+ StringList::const_iterator i,j;
+ for (i = ats.begin(); i != ats.end(); i++) {
+ LDAPAttrType at ( (*i) );
+ StringList names = at.getNames();
+ // there could be more names for one object...
+ for (j = names.begin(); j != names.end(); j++) {
+ string lc_name = *j;
+ string::iterator k;
+ for ( k = lc_name.begin(); k != lc_name.end(); k++ ) {
+ (*k) = tolower(*k);
+ }
+ attr_types [lc_name] = LDAPAttrType (at);
+ }
+ }
+}
+
+LDAPObjClass LDAPSchema::getObjectClassByName (string name) {
+ string lc_name = name;
+ string::iterator k;
+ for ( k = lc_name.begin(); k != lc_name.end(); k++ ) {
+ (*k) = tolower(*k);
+ }
+ return object_classes [lc_name];
+}
+
+LDAPAttrType LDAPSchema::getAttributeTypeByName (string name) {
+ string lc_name = name;
+ string::iterator k;
+ for ( k = lc_name.begin(); k != lc_name.end(); k++ ) {
+ (*k) = tolower(*k);
+ }
+
+ return attr_types [lc_name];
+}
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSchema.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSchema.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSchema.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2003, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_SCHEMA_H
+#define LDAP_SCHEMA_H
+
+#include <ldap.h>
+#include <string>
+#include <map>
+
+#include "LDAPObjClass.h"
+#include "LDAPAttrType.h"
+
+/**
+ * Represents the LDAP schema
+ */
+class LDAPSchema{
+ private :
+ /**
+ * map of object classes: index is name, value is LDAPObjClass object
+ */
+ map <string, LDAPObjClass> object_classes;
+
+ /**
+ * map of attribute types: index is name, value is LDAPAttrType object
+ */
+ map <string, LDAPAttrType> attr_types;
+
+ public :
+
+ /**
+ * Constructs an empty object
+ */
+ LDAPSchema();
+
+ /**
+ * Destructor
+ */
+ virtual ~LDAPSchema();
+
+ /**
+ * Fill the object_classes map
+ * @param oc description of one objectclass (string returned by search
+ * command), in form:
+ * "( SuSE.YaST.OC:5 NAME 'userTemplate' SUP objectTemplate STRUCTURAL
+ * DESC 'User object template' MUST ( cn ) MAY ( secondaryGroup ))"
+ */
+ void setObjectClasses (const StringList &oc);
+
+ /**
+ * Fill the attr_types map
+ * @param at description of one attribute type
+ * (string returned by search command), in form:
+ * "( SuSE.YaST.Attr:19 NAME ( 'skelDir' ) DESC ''
+ * EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )"
+ */
+ void setAttributeTypes (const StringList &at);
+
+ /**
+ * Returns object class object with given name
+ */
+ LDAPObjClass getObjectClassByName (std::string name);
+
+ /**
+ * Returns attribute type object with given name
+ */
+ LDAPAttrType getAttributeTypeByName (string name);
+
+};
+
+#endif // LDAP_SCHEMA_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchReference.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchReference.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchReference.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include <iostream>
+
+#include "debug.h"
+#include "LDAPSearchReference.h"
+#include "LDAPException.h"
+#include "LDAPRequest.h"
+#include "LDAPUrl.h"
+
+using namespace std;
+
+LDAPSearchReference::LDAPSearchReference(const LDAPRequest *req,
+ LDAPMessage *msg) : LDAPMsg(msg){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPSearchReference::LDAPSearchReference()" << endl;)
+ char **ref=0;
+ LDAPControl** srvctrls=0;
+ const LDAPAsynConnection* con=req->getConnection();
+ int err = ldap_parse_reference(con->getSessionHandle(), msg, &ref,
+ &srvctrls,0);
+ if (err != LDAP_SUCCESS){
+ ber_memvfree((void**) ref);
+ ldap_controls_free(srvctrls);
+ throw LDAPException(err);
+ }else{
+ m_urlList=LDAPUrlList(ref);
+ ber_memvfree((void**) ref);
+ if (srvctrls){
+ m_srvControls = LDAPControlSet(srvctrls);
+ m_hasControls = true;
+ ldap_controls_free(srvctrls);
+ }else{
+ m_hasControls = false;
+ }
+ }
+}
+
+LDAPSearchReference::~LDAPSearchReference(){
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPSearchReference::~LDAPSearchReference()"
+ << endl);
+}
+
+const LDAPUrlList& LDAPSearchReference::getUrls() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPSearchReference::getUrls()" << endl);
+ return m_urlList;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchReference.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchReference.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchReference.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_SEARCH_REFERENCE_H
+#define LDAP_SEARCH_REFERENCE_H
+
+#include <LDAPMessage.h>
+#include <LDAPUrlList.h>
+
+class LDAPRequest;
+class LDAPUrl;
+
+/**
+ * This class is used to represent Continuation References that were
+ * returned during a SEARCH-Operation.
+ */
+class LDAPSearchReference : public LDAPMsg{
+
+ public :
+ /**
+ * Constructor that create an object from the C-API structures
+ */
+ LDAPSearchReference(const LDAPRequest* req, LDAPMessage* msg);
+
+ /**
+ * The Destructor
+ */
+ ~LDAPSearchReference();
+
+ /**
+ * @returns The destination URLs that were send with this message
+ */
+ const LDAPUrlList& getUrls() const;
+
+ private :
+ LDAPUrlList m_urlList;
+ LDAPSearchReference();
+};
+
+
+
+#endif //LDAP_SEARCH_REFERENCE_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchRequest.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchRequest.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchRequest.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,134 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "config.h"
+#include "ac/time.h"
+#include "debug.h"
+#include "LDAPSearchRequest.h"
+#include "LDAPException.h"
+#include "LDAPSearchReference.h"
+#include "LDAPResult.h"
+#include "LDAPRequest.h"
+#include "LDAPUrl.h"
+
+using namespace std;
+
+LDAPSearchRequest::LDAPSearchRequest(const LDAPSearchRequest& req ) :
+ LDAPRequest (req){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPSearchRequest::LDAPSearchRequest(&)" << endl);
+ m_base=req.m_base;
+ m_scope=req.m_scope;
+ m_filter=req.m_filter;
+ m_attrs=req.m_attrs;
+ m_attrsOnly=req.m_attrsOnly;
+}
+
+
+LDAPSearchRequest::LDAPSearchRequest(const string& base, int scope,
+ const string& filter, const StringList& attrs, bool attrsOnly,
+ LDAPAsynConnection *connect,
+ const LDAPConstraints* cons, bool isReferral,
+ const LDAPRequest* parent)
+ : LDAPRequest (connect,cons,isReferral,parent) {
+
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPSearchRequest:LDAPSearchRequest()" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT & LDAP_DEBUG_PARAMETER,
+ " base:" << base << endl << " scope:" << scope << endl
+ << " filter:" << filter << endl);
+ m_requestType=LDAPRequest::SEARCH;
+ //insert some validating and copying here
+ m_base=base;
+ m_scope=scope;
+ if(filter == ""){
+ m_filter="objectClass=*";
+ }else{
+ m_filter=filter;
+ }
+ m_attrs=attrs;
+ m_attrsOnly=attrsOnly;
+}
+
+LDAPSearchRequest::~LDAPSearchRequest(){
+ DEBUG(LDAP_DEBUG_DESTROY, "LDAPSearchRequest::~LDAPSearchRequest" << endl);
+}
+
+LDAPMessageQueue* LDAPSearchRequest::sendRequest(){
+ int msgID;
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPSearchRequest::sendRequest()" << endl);
+ timeval* tmptime=m_cons->getTimeoutStruct();
+ char** tmpattrs=m_attrs.toCharArray();
+ LDAPControl** tmpSrvCtrl=m_cons->getSrvCtrlsArray();
+ LDAPControl** tmpClCtrl=m_cons->getClCtrlsArray();
+ int aliasDeref = m_cons->getAliasDeref();
+ ldap_set_option(m_connection->getSessionHandle(), LDAP_OPT_DEREF,
+ &aliasDeref);
+ int err=ldap_search_ext(m_connection->getSessionHandle(), m_base.c_str(),
+ m_scope, m_filter.c_str(), tmpattrs, m_attrsOnly, tmpSrvCtrl,
+ tmpClCtrl, tmptime, m_cons->getSizeLimit(), &msgID );
+ delete tmptime;
+ ber_memvfree((void**)tmpattrs);
+ LDAPControlSet::freeLDAPControlArray(tmpSrvCtrl);
+ LDAPControlSet::freeLDAPControlArray(tmpClCtrl);
+
+ if (err != LDAP_SUCCESS){
+ throw LDAPException(err);
+ } else if (isReferral()){
+ m_msgID=msgID;
+ return 0;
+ }else{
+ m_msgID=msgID;
+ return new LDAPMessageQueue(this);
+ }
+}
+
+LDAPRequest* LDAPSearchRequest::followReferral(LDAPMsg* ref){
+ DEBUG(LDAP_DEBUG_TRACE, "LDAPSearchRequest::followReferral()" << endl);
+ LDAPUrlList urls;
+ LDAPUrlList::const_iterator usedUrl;
+ LDAPAsynConnection* con;
+ string filter;
+ int scope;
+ if(ref->getMessageType() == LDAPMsg::SEARCH_REFERENCE){
+ urls = ((LDAPSearchReference *)ref)->getUrls();
+ }else{
+ urls = ((LDAPResult *)ref)->getReferralUrls();
+ }
+ con = getConnection()->referralConnect(urls,usedUrl,m_cons);
+ if(con != 0){
+ if((usedUrl->getFilter() != "") &&
+ (usedUrl->getFilter() != m_filter)){
+ filter=usedUrl->getFilter();
+ }else{
+ filter=m_filter;
+ }
+ if( (ref->getMessageType() == LDAPMsg::SEARCH_REFERENCE) &&
+ (m_scope == LDAPAsynConnection::SEARCH_ONE)
+ ){
+ scope = LDAPAsynConnection::SEARCH_BASE;
+ DEBUG(LDAP_DEBUG_TRACE," adjusted scope to BASE" << endl);
+ }else{
+ scope = m_scope;
+ }
+ }else{
+ return 0;
+ }
+ return new LDAPSearchRequest(usedUrl->getDN(), scope, filter,
+ m_attrs, m_attrsOnly, con, m_cons,true,this);
+}
+
+bool LDAPSearchRequest::equals(const LDAPRequest* req)const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPSearchRequest::equals()" << endl);
+ if( LDAPRequest::equals(req)){
+ LDAPSearchRequest* sreq = (LDAPSearchRequest*)req;
+ if ( (m_base == sreq->m_base) &&
+ (m_scope == sreq->m_scope)
+ ){
+ return true;
+ }
+ }
+ return false;
+}
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchRequest.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchRequest.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchRequest.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_SEARCH_REQUEST_H
+#define LDAP_SEARCH_REQUEST_H
+
+#include <queue>
+#include <LDAPRequest.h>
+
+class LDAPSearchReference;
+class LDAPReferral;
+class LDAPUrl;
+
+class LDAPSearchRequest : public LDAPRequest{
+
+ public :
+ LDAPSearchRequest(const LDAPSearchRequest& req);
+
+ LDAPSearchRequest(const std::string& base, int scope, const std::string& filter,
+ const StringList& attrs, bool attrsOnly,
+ LDAPAsynConnection *connect,
+ const LDAPConstraints* cons, bool isReferral=false,
+ const LDAPRequest* parent=0);
+ virtual ~LDAPSearchRequest();
+ virtual LDAPMessageQueue* sendRequest();
+ virtual LDAPRequest* followReferral(LDAPMsg* ref);
+ virtual bool equals(const LDAPRequest* req) const;
+
+ private :
+ std::string m_base;
+ int m_scope;
+ std::string m_filter;
+ StringList m_attrs;
+ bool m_attrsOnly;
+
+ //no default constructor
+ LDAPSearchRequest(){};
+};
+
+#endif //LDAP_SEARCH_REQUEST_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResult.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResult.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResult.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include <iostream>
+
+#include "debug.h"
+#include "LDAPSearchResult.h"
+#include "LDAPRequest.h"
+
+using namespace std;
+
+LDAPSearchResult::LDAPSearchResult(const LDAPRequest *req,
+ LDAPMessage *msg) : LDAPMsg(msg){
+ DEBUG(LDAP_DEBUG_CONSTRUCT,
+ "LDAPSearchResult::LDAPSearchResult()" << endl);
+ entry = new LDAPEntry(req->getConnection(), msg);
+ //retrieve the controls here
+ LDAPControl** srvctrls=0;
+ int err = ldap_get_entry_controls(req->getConnection()->getSessionHandle(),
+ msg,&srvctrls);
+ if(err != LDAP_SUCCESS){
+ ldap_controls_free(srvctrls);
+ }else{
+ if (srvctrls){
+ m_srvControls = LDAPControlSet(srvctrls);
+ m_hasControls = true;
+ ldap_controls_free(srvctrls);
+ }else{
+ m_hasControls = false;
+ }
+ }
+}
+
+LDAPSearchResult::LDAPSearchResult(const LDAPSearchResult& res) :
+ LDAPMsg(res){
+ entry = new LDAPEntry(*(res.entry));
+}
+
+LDAPSearchResult::~LDAPSearchResult(){
+ DEBUG(LDAP_DEBUG_DESTROY,"LDAPSearchResult::~LDAPSearchResult()" << endl);
+ delete entry;
+}
+
+const LDAPEntry* LDAPSearchResult::getEntry() const{
+ DEBUG(LDAP_DEBUG_TRACE,"LDAPSearchResult::getEntry()" << endl);
+ return entry;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResult.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResult.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResult.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_SEARCH_RESULT_H
+#define LDAP_SEARCH_RESULT_H
+
+#include <LDAPMessage.h>
+#include <LDAPEntry.h>
+
+class LDAPRequest;
+
+/**
+ * This class is used to represent the result entries of a
+ * SEARCH-operation.
+ */
+class LDAPSearchResult : public LDAPMsg{
+ public:
+ /**
+ * Constructor that create an object from the C-API structures
+ */
+ LDAPSearchResult(const LDAPRequest *req, LDAPMessage *msg);
+
+ /**
+ * Copy-Constructor
+ */
+ LDAPSearchResult(const LDAPSearchResult& res);
+
+ /**
+ * The Destructor
+ */
+ virtual ~LDAPSearchResult();
+
+ /**
+ * @returns The entry that has been sent with this result message.
+ */
+ const LDAPEntry* getEntry() const;
+
+ private:
+ LDAPEntry *entry;
+};
+#endif //LDAP_SEARCH_RESULT_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResults.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResults.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResults.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPException.h"
+#include "LDAPSearchResult.h"
+#include "LDAPResult.h"
+#include "LDAPReferralException.h"
+
+#include "LDAPSearchResults.h"
+
+LDAPSearchResults::LDAPSearchResults(){
+ entryPos = entryList.begin();
+ refPos = refList.begin();
+}
+
+LDAPResult* LDAPSearchResults::readMessageQueue(LDAPMessageQueue* msg){
+ if(msg != 0){
+ LDAPMsg* res=0;
+ for(;;){
+ try{
+ res = msg->getNext();
+ }catch (LDAPException e){
+ throw;
+ }
+ switch(res->getMessageType()){
+ case LDAPMsg::SEARCH_ENTRY :
+ entryList.addEntry(*((LDAPSearchResult*)res)->getEntry());
+ break;
+ case LDAPMsg::SEARCH_REFERENCE :
+ refList.addReference(*((LDAPSearchReference*)res));
+ break;
+ default:
+ entryPos=entryList.begin();
+ refPos=refList.begin();
+ return ((LDAPResult*) res);
+ }
+ delete res;
+ res=0;
+ }
+ }
+ return 0;
+}
+
+LDAPEntry* LDAPSearchResults::getNext(){
+ if( entryPos != entryList.end() ){
+ LDAPEntry* ret= new LDAPEntry(*entryPos);
+ entryPos++;
+ return ret;
+ }
+ if( refPos != refList.end() ){
+ LDAPUrlList urls= refPos->getUrls();
+ refPos++;
+ throw(LDAPReferralException(urls));
+ }
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResults.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResults.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPSearchResults.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_SEARCH_RESULTS_H
+#define LDAP_SEARCH_RESULTS_H
+
+#include <LDAPEntry.h>
+#include <LDAPEntryList.h>
+#include <LDAPMessage.h>
+#include <LDAPMessageQueue.h>
+#include <LDAPReferenceList.h>
+#include <LDAPSearchReference.h>
+
+class LDAPResult;
+
+/**
+ * The class stores the results of a synchronous SEARCH-Operation
+ */
+class LDAPSearchResults{
+ public:
+ /**
+ * Default-Constructor
+ */
+ LDAPSearchResults();
+
+ /**
+ * For internal use only.
+ *
+ * This method read Search result entries from a
+ * LDAPMessageQueue-object.
+ * @param msg The message queue to read
+ */
+ LDAPResult* readMessageQueue(LDAPMessageQueue* msg);
+
+ /**
+ * The methode is used by the client-application to read the
+ * result entries of the SEARCH-Operation. Every call of this
+ * method returns one entry. If all entries were read it return 0.
+ * @throws LDAPReferralException If a Search Reference was
+ * returned by the server
+ * @returns A LDAPEntry-object as a result of a SEARCH-Operation or
+ * 0 if no more entries are there to return.
+ */
+ LDAPEntry* getNext();
+ private :
+ LDAPEntryList entryList;
+ LDAPReferenceList refList;
+ LDAPEntryList::const_iterator entryPos;
+ LDAPReferenceList::const_iterator refPos;
+};
+#endif //LDAP_SEARCH_RESULTS_H
+
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrl.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrl.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrl.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPUrl.h"
+
+#include <ldap.h>
+#include "debug.h"
+
+using namespace std;
+
+LDAPUrl::LDAPUrl(const char *url){
+ DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPUrl::LDAPUrl()" << endl);
+ DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+ " url:" << url << endl);
+ if (ldap_is_ldap_url(url)){
+ LDAPURLDesc *urlDesc;
+ ldap_url_parse(url, &urlDesc);
+ if(urlDesc->lud_host){
+ m_Host = string(urlDesc->lud_host);
+ }
+ m_Port = urlDesc->lud_port;
+ if(urlDesc->lud_dn){
+ m_DN = string(urlDesc->lud_dn);
+ }
+ m_Attrs = StringList(urlDesc->lud_attrs);
+ m_Scope = urlDesc->lud_scope;
+ if(urlDesc->lud_filter){
+ m_Filter = string(urlDesc->lud_filter);
+ }else{
+ m_Filter = "";
+ }
+ m_urlString= string(url);
+ ldap_free_urldesc(urlDesc);
+ }else{
+ DEBUG(LDAP_DEBUG_TRACE," noUrl:" << url << endl);
+ }
+}
+
+LDAPUrl::~LDAPUrl(){
+ DEBUG(LDAP_DEBUG_DESTROY, "LDAPUrl::~LDAPUrl()" << endl);
+ m_Attrs.clear();
+}
+
+int LDAPUrl::getPort() const {
+ return m_Port;
+}
+
+int LDAPUrl::getScope() const {
+ return m_Scope;
+}
+
+const string& LDAPUrl::getURLString() const {
+ return m_urlString;
+}
+
+const string& LDAPUrl::getHost() const {
+ return m_Host;
+}
+
+const string& LDAPUrl::getDN() const {
+ return m_DN;
+}
+
+const string& LDAPUrl::getFilter() const {
+ return m_Filter;
+}
+
+const StringList& LDAPUrl::getAttrs() const {
+ return m_Attrs;
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrl.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrl.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrl.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_URL_H
+#define LDAP_URL_H
+
+#include <ldap.h>
+#include <StringList.h>
+
+/**
+ * This class is used to analyze and store LDAP-Urls as returned by a
+ * LDAP-Server as Referrals and Search References. LDAP-URLs are defined
+ * in RFC1959 and have the following format: <BR>
+ * <code>
+ * ldap://host:port/baseDN[?attr[?scope[?filter]]] <BR>
+ * </code>
+ */
+class LDAPUrl{
+
+ public :
+ /**
+ * Create a new object from a c-string that contains a LDAP-Url
+ */
+ LDAPUrl(const char *url);
+
+ /**
+ * Destructor
+ */
+ ~LDAPUrl();
+
+ /**
+ * @return The part of the URL that is representing the network
+ * port
+ */
+ int getPort() const;
+
+ /**
+ * @return The scope part of the URL is returned.
+ */
+ int getScope() const;
+
+ /**
+ * @return The complete URL as a string
+ */
+ const std::string& getURLString() const;
+
+ /**
+ * @return The hostname or IP-Address of the destination host.
+ */
+ const std::string& getHost() const;
+
+ /**
+ * @return The Base-DN part of the URL
+ */
+ const std::string& getDN() const;
+
+
+ /**
+ * @return The Filter part of the URL
+ */
+ const std::string& getFilter() const;
+
+ /**
+ * @return The List of attributes that was in the URL
+ */
+ const StringList& getAttrs() const;
+
+ protected :
+ int m_Port;
+ int m_Scope;
+ std::string m_Host;
+ std::string m_DN;
+ std::string m_Filter;
+ StringList m_Attrs;
+ LDAPURLDesc *m_urlDesc;
+ std::string m_urlString;
+};
+
+#endif //LDAP_URL_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrlList.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrlList.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrlList.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2000-2002 OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "LDAPUrlList.h"
+#include <assert.h>
+#include "debug.h"
+
+using namespace std;
+
+LDAPUrlList::LDAPUrlList(){
+ DEBUG(LDAP_DEBUG_CONSTRUCT," LDAPUrlList::LDAPUrlList()" << endl);
+ m_urls=LDAPUrlList::ListType();
+}
+
+LDAPUrlList::LDAPUrlList(const LDAPUrlList& urls){
+ DEBUG(LDAP_DEBUG_CONSTRUCT," LDAPUrlList::LDAPUrlList(&)" << endl);
+ m_urls = urls.m_urls;
+}
+
+
+LDAPUrlList::LDAPUrlList(char** url){
+ DEBUG(LDAP_DEBUG_CONSTRUCT," LDAPUrlList::LDAPUrlList()" << endl);
+ char** i;
+ assert(url);
+ for(i = url; *i != 0; i++){
+ add(LDAPUrl(*i));
+ }
+}
+
+LDAPUrlList::~LDAPUrlList(){
+ DEBUG(LDAP_DEBUG_DESTROY," LDAPUrlList::~LDAPUrlList()" << endl);
+ m_urls.clear();
+}
+
+size_t LDAPUrlList::size() const{
+ return m_urls.size();
+}
+
+bool LDAPUrlList::empty() const{
+ return m_urls.empty();
+}
+
+LDAPUrlList::const_iterator LDAPUrlList::begin() const{
+ return m_urls.begin();
+}
+
+LDAPUrlList::const_iterator LDAPUrlList::end() const{
+ return m_urls.end();
+}
+
+void LDAPUrlList::add(const LDAPUrl& url){
+ m_urls.push_back(url);
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrlList.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrlList.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/LDAPUrlList.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_URL_LIST_H
+#define LDAP_URL_LIST_H
+
+#include <list>
+#include <LDAPUrl.h>
+
+/**
+ * This container class is used to store multiple LDAPUrl-objects.
+ */
+class LDAPUrlList{
+ typedef std::list<LDAPUrl> ListType;
+
+ public:
+ typedef ListType::const_iterator const_iterator;
+
+ /**
+ * Constructs an empty list.
+ */
+ LDAPUrlList();
+
+ /**
+ * Copy-constructor
+ */
+ LDAPUrlList(const LDAPUrlList& urls);
+
+ /**
+ * For internal use only
+ *
+ * This constructor is used by the library internally to create a
+ * std::list of URLs from a array of C-strings that was return by
+ * the C-API
+ */
+ LDAPUrlList(char** urls);
+
+ /**
+ * Destructor
+ */
+ ~LDAPUrlList();
+
+ /**
+ * @return The number of LDAPUrl-objects that are currently
+ * stored in this list.
+ */
+ size_t size() const;
+
+ /**
+ * @return true if there are zero LDAPUrl-objects currently
+ * stored in this list.
+ */
+ bool empty() const;
+
+ /**
+ * @return A iterator that points to the first element of the list.
+ */
+ const_iterator begin() const;
+
+ /**
+ * @return A iterator that points to the element after the last
+ * element of the list.
+ */
+ const_iterator end() const;
+
+ /**
+ * Adds one element to the end of the list.
+ * @param attr The attribute to add to the list.
+ */
+ void add(const LDAPUrl& url);
+
+ private :
+ ListType m_urls;
+};
+#endif //LDAP_URL_LIST_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/Makefile.am
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/Makefile.am (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/Makefile.am 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,89 @@
+##
+# Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+##
+
+lib_LTLIBRARIES = libldapcpp.la
+
+libldapcpp_la_SOURCES = LDAPAddRequest.cpp \
+ LDAPAsynConnection.cpp \
+ LDAPAttribute.cpp \
+ LDAPAttributeList.cpp \
+ LDAPAttrType.cpp \
+ LDAPBindRequest.cpp \
+ LDAPCompareRequest.cpp \
+ LDAPConnection.cpp \
+ LDAPConstraints.cpp \
+ LDAPControl.cpp \
+ LDAPControlSet.cpp \
+ LDAPDeleteRequest.cpp \
+ LDAPEntry.cpp \
+ LDAPEntryList.cpp \
+ LDAPException.cpp \
+ LDAPExtRequest.cpp \
+ LDAPExtResult.cpp \
+ LDAPMessage.cpp \
+ LDAPMessageQueue.cpp \
+ LDAPModDNRequest.cpp \
+ LDAPModification.cpp \
+ LDAPModifyRequest.cpp \
+ LDAPModList.cpp \
+ LDAPObjClass.cpp \
+ LDAPRebind.cpp \
+ LDAPRebindAuth.cpp \
+ LDAPReferralException.cpp \
+ LDAPReferenceList.cpp \
+ LDAPRequest.cpp \
+ LDAPResult.cpp \
+ LDAPSchema.cpp \
+ LDAPSearchReference.cpp \
+ LDAPSearchRequest.cpp \
+ LDAPSearchResult.cpp \
+ LDAPSearchResults.cpp \
+ LDAPUrl.cpp \
+ LDAPUrlList.cpp \
+ StringList.cpp
+
+include_HEADERS = LDAPAsynConnection.h \
+ LDAPAttribute.h \
+ LDAPAttributeList.h \
+ LDAPAttrType.h \
+ LDAPConnection.h \
+ LDAPConstraints.h \
+ LDAPControl.h \
+ LDAPControlSet.h \
+ LDAPEntry.h \
+ LDAPEntryList.h \
+ LDAPException.h \
+ LDAPExtResult.h \
+ LDAPMessage.h \
+ LDAPMessageQueue.h \
+ LDAPModification.h \
+ LDAPModList.h \
+ LDAPObjClass.h \
+ LDAPRebind.h \
+ LDAPRebindAuth.h \
+ LDAPReferralException.h \
+ LDAPReferenceList.h \
+ LDAPResult.h \
+ LDAPSchema.h \
+ LDAPSearchReference.h \
+ LDAPSearchResult.h \
+ LDAPSearchResults.h \
+ LDAPUrl.h \
+ LDAPUrlList.h \
+ StringList.h
+
+noinst_HEADERS = LDAPAddRequest.h \
+ LDAPBindRequest.h \
+ LDAPCompareRequest.h \
+ LDAPDeleteRequest.h \
+ LDAPExtRequest.h \
+ LDAPModDNRequest.h \
+ LDAPModifyRequest.h \
+ LDAPRequest.h \
+ LDAPSearchRequest.h
+
+libldapcpp_la_LIBADD = -lldap -llber
+libldapcpp_la_LDFLAGS = -version-info 0:4:0
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,622 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src
+DIST_COMMON = $(include_HEADERS) $(noinst_HEADERS) \
+ $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(srcdir)/config.h.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(lib_LTLIBRARIES)
+libldapcpp_la_DEPENDENCIES =
+am_libldapcpp_la_OBJECTS = LDAPAddRequest.lo LDAPAsynConnection.lo \
+ LDAPAttribute.lo LDAPAttributeList.lo LDAPAttrType.lo \
+ LDAPBindRequest.lo LDAPCompareRequest.lo LDAPConnection.lo \
+ LDAPConstraints.lo LDAPControl.lo LDAPControlSet.lo \
+ LDAPDeleteRequest.lo LDAPEntry.lo LDAPEntryList.lo \
+ LDAPException.lo LDAPExtRequest.lo LDAPExtResult.lo \
+ LDAPMessage.lo LDAPMessageQueue.lo LDAPModDNRequest.lo \
+ LDAPModification.lo LDAPModifyRequest.lo LDAPModList.lo \
+ LDAPObjClass.lo LDAPRebind.lo LDAPRebindAuth.lo \
+ LDAPReferralException.lo LDAPReferenceList.lo LDAPRequest.lo \
+ LDAPResult.lo LDAPSchema.lo LDAPSearchReference.lo \
+ LDAPSearchRequest.lo LDAPSearchResult.lo LDAPSearchResults.lo \
+ LDAPUrl.lo LDAPUrlList.lo StringList.lo
+libldapcpp_la_OBJECTS = $(am_libldapcpp_la_OBJECTS)
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I.
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS)
+LTCXXCOMPILE = $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CXXFLAGS) $(CXXFLAGS)
+CXXLD = $(CXX)
+CXXLINK = $(LIBTOOL) --tag=CXX --mode=link $(CXXLD) $(AM_CXXFLAGS) \
+ $(CXXFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(libldapcpp_la_SOURCES)
+DIST_SOURCES = $(libldapcpp_la_SOURCES)
+includeHEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(include_HEADERS) $(noinst_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+lib_LTLIBRARIES = libldapcpp.la
+libldapcpp_la_SOURCES = LDAPAddRequest.cpp \
+ LDAPAsynConnection.cpp \
+ LDAPAttribute.cpp \
+ LDAPAttributeList.cpp \
+ LDAPAttrType.cpp \
+ LDAPBindRequest.cpp \
+ LDAPCompareRequest.cpp \
+ LDAPConnection.cpp \
+ LDAPConstraints.cpp \
+ LDAPControl.cpp \
+ LDAPControlSet.cpp \
+ LDAPDeleteRequest.cpp \
+ LDAPEntry.cpp \
+ LDAPEntryList.cpp \
+ LDAPException.cpp \
+ LDAPExtRequest.cpp \
+ LDAPExtResult.cpp \
+ LDAPMessage.cpp \
+ LDAPMessageQueue.cpp \
+ LDAPModDNRequest.cpp \
+ LDAPModification.cpp \
+ LDAPModifyRequest.cpp \
+ LDAPModList.cpp \
+ LDAPObjClass.cpp \
+ LDAPRebind.cpp \
+ LDAPRebindAuth.cpp \
+ LDAPReferralException.cpp \
+ LDAPReferenceList.cpp \
+ LDAPRequest.cpp \
+ LDAPResult.cpp \
+ LDAPSchema.cpp \
+ LDAPSearchReference.cpp \
+ LDAPSearchRequest.cpp \
+ LDAPSearchResult.cpp \
+ LDAPSearchResults.cpp \
+ LDAPUrl.cpp \
+ LDAPUrlList.cpp \
+ StringList.cpp
+
+include_HEADERS = LDAPAsynConnection.h \
+ LDAPAttribute.h \
+ LDAPAttributeList.h \
+ LDAPAttrType.h \
+ LDAPConnection.h \
+ LDAPConstraints.h \
+ LDAPControl.h \
+ LDAPControlSet.h \
+ LDAPEntry.h \
+ LDAPEntryList.h \
+ LDAPException.h \
+ LDAPExtResult.h \
+ LDAPMessage.h \
+ LDAPMessageQueue.h \
+ LDAPModification.h \
+ LDAPModList.h \
+ LDAPObjClass.h \
+ LDAPRebind.h \
+ LDAPRebindAuth.h \
+ LDAPReferralException.h \
+ LDAPReferenceList.h \
+ LDAPResult.h \
+ LDAPSchema.h \
+ LDAPSearchReference.h \
+ LDAPSearchResult.h \
+ LDAPSearchResults.h \
+ LDAPUrl.h \
+ LDAPUrlList.h \
+ StringList.h
+
+noinst_HEADERS = LDAPAddRequest.h \
+ LDAPBindRequest.h \
+ LDAPCompareRequest.h \
+ LDAPDeleteRequest.h \
+ LDAPExtRequest.h \
+ LDAPModDNRequest.h \
+ LDAPModifyRequest.h \
+ LDAPRequest.h \
+ LDAPSearchRequest.h
+
+libldapcpp_la_LIBADD = -lldap -llber
+libldapcpp_la_LDFLAGS = -version-info 0:4:0
+all: config.h
+ $(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .cpp .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign src/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+config.h: stamp-h1
+ @if test ! -f $@; then \
+ rm -f stamp-h1; \
+ $(MAKE) stamp-h1; \
+ else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+ @rm -f stamp-h1
+ cd $(top_builddir) && $(SHELL) ./config.status src/config.h
+$(srcdir)/config.h.in: $(am__configure_deps) $(top_srcdir)/acconfig.h
+ cd $(top_srcdir) && $(AUTOHEADER)
+ rm -f stamp-h1
+ touch $@
+
+distclean-hdr:
+ -rm -f config.h stamp-h1
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(mkdir_p) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @set -x; list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libldapcpp.la: $(libldapcpp_la_OBJECTS) $(libldapcpp_la_DEPENDENCIES)
+ $(CXXLINK) -rpath $(libdir) $(libldapcpp_la_LDFLAGS) $(libldapcpp_la_OBJECTS) $(libldapcpp_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPAddRequest.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPAsynConnection.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPAttrType.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPAttribute.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPAttributeList.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPBindRequest.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPCompareRequest.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPConnection.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPConstraints.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPControl.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPControlSet.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPDeleteRequest.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPEntry.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPEntryList.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPException.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPExtRequest.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPExtResult.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPMessage.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPMessageQueue.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPModDNRequest.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPModList.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPModification.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPModifyRequest.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPObjClass.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPRebind.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPRebindAuth.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPReferenceList.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPReferralException.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPRequest.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPResult.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPSchema.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPSearchReference.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPSearchRequest.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPSearchResult.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPSearchResults.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPUrl.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/LDAPUrlList.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/StringList.Plo at am__quote@
+
+.cpp.o:
+ at am__fastdepCXX_TRUE@ if $(CXXCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+ at am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ $<
+
+.cpp.obj:
+ at am__fastdepCXX_TRUE@ if $(CXXCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
+ at am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.cpp.lo:
+ at am__fastdepCXX_TRUE@ if $(LTCXXCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+ at am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(LTCXXCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool
+uninstall-info-am:
+install-includeHEADERS: $(include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(mkdir_p) "$(DESTDIR)$(includedir)"
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+ list='$(DISTFILES)'; for file in $$list; do \
+ case $$file in \
+ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+ $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+ esac; \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+ dir="/$$dir"; \
+ $(mkdir_p) "$(distdir)$$dir"; \
+ else \
+ dir=''; \
+ fi; \
+ if test -d $$d/$$file; then \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(HEADERS) config.h
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"; do \
+ test -z "$$dir" || $(mkdir_p) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-hdr distclean-libtool distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-includeHEADERS
+
+install-exec-am: install-libLTLIBRARIES
+
+install-info: install-info-am
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-includeHEADERS uninstall-info-am \
+ uninstall-libLTLIBRARIES
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libLTLIBRARIES clean-libtool ctags distclean \
+ distclean-compile distclean-generic distclean-hdr \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-exec install-exec-am \
+ install-includeHEADERS install-info install-info-am \
+ install-libLTLIBRARIES install-man install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-includeHEADERS \
+ uninstall-info-am uninstall-libLTLIBRARIES
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/StringList.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/StringList.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/StringList.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "StringList.h"
+#include "debug.h"
+
+using namespace std;
+
+StringList::StringList(){
+}
+
+StringList::StringList(const StringList& sl){
+ m_data= StringList::ListType(sl.m_data);
+}
+
+StringList::StringList(char** values){
+ if(values == 0){
+ m_data=StringList::ListType();
+ }else{
+ char** i;
+ for(i=values; *i != 0; i++){
+ m_data.push_back(string(*i));
+ }
+ }
+}
+
+StringList::~StringList(){
+ DEBUG(LDAP_DEBUG_TRACE,"StringList::~StringList()" << endl);
+}
+
+char** StringList::toCharArray() const{
+ if(!empty()){
+ char** ret = (char**) malloc(sizeof(char*) * (size()+1));
+ StringList::const_iterator i;
+ int j=0;
+ for(i=begin(); i != end(); i++,j++){
+ ret[j]=(char*) malloc(sizeof(char) * (i->size()+1));
+ i->copy(ret[j],string::npos);
+ ret[j][i->size()]=0;
+ }
+ ret[size()]=0;
+ return ret;
+ }else{
+ return 0;
+ }
+}
+
+void StringList::add(const string& value){
+ m_data.push_back(value);
+}
+
+size_t StringList::size() const{
+ return m_data.size();
+}
+
+bool StringList::empty() const{
+ return m_data.empty();
+}
+
+StringList::const_iterator StringList::begin() const{
+ return m_data.begin();
+}
+
+StringList::const_iterator StringList::end() const{
+ return m_data.end();
+}
+
+
+void StringList::clear(){
+ m_data.clear();
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/StringList.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/StringList.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/StringList.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef STRING_LIST_H
+#define STRING_LIST_H
+
+#include <string>
+#include <list>
+/**
+ * Container class to store multiple string-objects
+ */
+class StringList{
+ typedef std::list<std::string> ListType;
+
+ private:
+ ListType m_data;
+
+ public:
+ typedef ListType::const_iterator const_iterator;
+
+ /**
+ * Constructs an empty list.
+ */
+ StringList();
+
+ /**
+ * Copy-constructor
+ */
+ StringList(const StringList& sl);
+
+ /**
+ * For internal use only
+ *
+ * This constructor is used by the library internally to create a
+ * list of string from a array for c-Strings (char*)thar was
+ * returned by the C-API
+ */
+ StringList(char** values);
+
+ /**
+ * Destructor
+ */
+ ~StringList();
+
+ /**
+ * The methods converts the list to a 0-terminated array of
+ * c-Strings.
+ */
+ char** toCharArray() const;
+
+ /**
+ * Adds one element to the end of the list.
+ * @param attr The attribute to add to the list.
+ */
+ void add(const std::string& value);
+
+ /**
+ * @return The number of strings that are currently
+ * stored in this list.
+ */
+ size_t size() const;
+
+ /**
+ * @return true if there are zero strings currently
+ * stored in this list.
+ */
+ bool empty() const;
+
+ /**
+ * @return A iterator that points to the first element of the list.
+ */
+ const_iterator begin() const;
+
+ /**
+ * @return A iterator that points to the element after the last
+ * element of the list.
+ */
+ const_iterator end() const;
+
+ /**
+ * removes all elements from the list
+ */
+ void clear();
+};
+#endif //STRING_LIST_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/ac/time.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/ac/time.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/ac/time.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,28 @@
+/* Generic time.h */
+/* $OpenLDAP: pkg/ldap/contrib/ldapc++/src/ac/time.h,v 1.5.2.3 2007/01/02 21:43:42 kurt Exp $ */
+/*
+ * Copyright 1998-2007 The OpenLDAP Foundation, Redwood City, California, USA
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted only
+ * as authorized by the OpenLDAP Public License. A copy of this
+ * license is available at http://www.OpenLDAP.org/license.html or
+ * in file LICENSE in the top-level directory of the distribution.
+ */
+
+#ifndef _AC_TIME_H
+#define _AC_TIME_H
+
+#if TIME_WITH_SYS_TIME
+# include <sys/time.h>
+# include <time.h>
+#elif HAVE_SYS_TIME_H
+# include <sys/time.h>
+# ifdef HAVE_SYS_TIMEB_H
+# include <sys/timeb.h>
+# endif
+#else
+# include <time.h>
+#endif
+
+#endif /* _AC_TIME_H */
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/config.h.in
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/config.h.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/config.h.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,63 @@
+/* src/config.h.in. Generated from configure.in by autoheader. */
+#undef WITH_DEBUG
+
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the `resolv' library (-lresolv). */
+#undef HAVE_LIBRESOLV
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#undef TIME_WITH_SYS_TIME
+
+/* Version number of package */
+#undef VERSION
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/debug.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/debug.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/debug.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef DEBUG_H
+#define DEBUG_H
+#include <iostream>
+#include "config.h"
+#define LDAP_DEBUG_NONE 0x0000
+#define LDAP_DEBUG_TRACE 0x0001
+#define LDAP_DEBUG_CONSTRUCT 0x0002
+#define LDAP_DEBUG_DESTROY 0x0004
+#define LDAP_DEBUG_PARAMETER 0x0008
+#define LDAP_DEBUG_ANY 0xffff
+
+#define DEBUGLEVEL LDAP_DEBUG_ANY
+
+#define PRINT_FILE \
+ std::cerr << "file: " __FILE__ << " line: " << __LINE__
+
+#ifdef WITH_DEBUG
+#define DEBUG(level, arg) \
+ if((level) & DEBUGLEVEL){ \
+ std::cerr << arg ; \
+ }
+#else
+#undef DEBUG
+#define DEBUG(level,arg)
+#endif //WITH_DEBUG
+
+#endif // DEBUG_H
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/stamp-h.in
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/stamp-h.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/src/stamp-h.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1 @@
+timestamp
Added: openldap/vendor/openldap-2.3.35/contrib/ldapc++/stamp-h.in
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/ldapc++/stamp-h.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/ldapc++/stamp-h.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1 @@
+timestamp
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/acl/README
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/acl/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/acl/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,36 @@
+Copyright 2005-2007 The OpenLDAP Foundation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+This directory contains native slapd plugins that implement access rules.
+
+posixgroup.c contains a simple example that implements access control
+based on posixGroup membership, loosely inspired by ITS#3849. It should
+be made clear that this access control policy does not reflect any
+standard track model of handling access control, and should be
+essentially viewed as an illustration of the use of the dynamic
+extension of access control within slapd.
+
+To use the acl-posixgroup plugin, add:
+
+moduleload acl-posixgroup.so
+
+to your slapd configuration file; it requires "nis.schema" to be loaded.
+It is configured using
+
+access to <what>
+ by dynacl/posixGroup[.{exact,expand}]=<dnpat> {<level>|<priv(s)}
+
+The default is "exact"; in case of "expand", "<dnpat>" results from
+the expansion of submatches in the "<what>" portion. "<level>|<priv(s)>"
+describe the level of privilege this rule can assume.
+
+No Makefile is provided. Use a command line similar to:
+
+gcc -shared -I../../../include -I../../../servers/slapd -Wall -g \
+ -o acl-posixgroup.so posixgroup.c
+
+to compile the posixGroup ACL plugin.
+
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/acl/posixgroup.c
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/acl/posixgroup.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/acl/posixgroup.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,323 @@
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/acl/posixgroup.c,v 1.1.2.5 2007/01/02 21:43:42 kurt Exp $ */
+/*
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include <portable.h>
+
+#include <ac/string.h>
+#include <slap.h>
+#include <lutil.h>
+
+/* Need dynacl... */
+
+#ifdef SLAP_DYNACL
+
+typedef struct pg_t {
+ slap_style_t pg_style;
+ struct berval pg_pat;
+} pg_t;
+
+static ObjectClass *pg_posixGroup;
+static AttributeDescription *pg_memberUid;
+static ObjectClass *pg_posixAccount;
+static AttributeDescription *pg_uidNumber;
+
+static int pg_dynacl_destroy( void *priv );
+
+static int
+pg_dynacl_parse(
+ const char *fname,
+ int lineno,
+ const char *opts,
+ slap_style_t style,
+ const char *pattern,
+ void **privp )
+{
+ pg_t *pg;
+ int rc;
+ const char *text = NULL;
+ struct berval pat;
+
+ ber_str2bv( pattern, 0, 0, &pat );
+
+ pg = ch_calloc( 1, sizeof( pg_t ) );
+
+ pg->pg_style = style;
+
+ switch ( pg->pg_style ) {
+ case ACL_STYLE_BASE:
+ rc = dnNormalize( 0, NULL, NULL, &pat, &pg->pg_pat, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s line %d: posixGroup ACL: "
+ "unable to normalize DN \"%s\".\n",
+ fname, lineno, pattern );
+ goto cleanup;
+ }
+ break;
+
+ case ACL_STYLE_EXPAND:
+ ber_dupbv( &pg->pg_pat, &pat );
+ break;
+
+ default:
+ fprintf( stderr, "%s line %d: posixGroup ACL: "
+ "unsupported style \"%s\".\n",
+ fname, lineno, style_strings[ pg->pg_style ] );
+ goto cleanup;
+ }
+
+ /* TODO: use opts to allow the use of different
+ * group objects and member attributes */
+ if ( pg_posixGroup == NULL ) {
+ pg_posixGroup = oc_find( "posixGroup" );
+ if ( pg_posixGroup == NULL ) {
+ fprintf( stderr, "%s line %d: posixGroup ACL: "
+ "unable to lookup \"posixGroup\" "
+ "objectClass.\n",
+ fname, lineno );
+ goto cleanup;
+ }
+
+ pg_posixAccount = oc_find( "posixAccount" );
+ if ( pg_posixGroup == NULL ) {
+ fprintf( stderr, "%s line %d: posixGroup ACL: "
+ "unable to lookup \"posixAccount\" "
+ "objectClass.\n",
+ fname, lineno );
+ goto cleanup;
+ }
+
+ rc = slap_str2ad( "memberUid", &pg_memberUid, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s line %d: posixGroup ACL: "
+ "unable to lookup \"memberUid\" "
+ "attributeDescription (%d: %s).\n",
+ fname, lineno, rc, text );
+ goto cleanup;
+ }
+
+ rc = slap_str2ad( "uidNumber", &pg_uidNumber, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s line %d: posixGroup ACL: "
+ "unable to lookup \"uidNumber\" "
+ "attributeDescription (%d: %s).\n",
+ fname, lineno, rc, text );
+ goto cleanup;
+ }
+ }
+
+ *privp = (void *)pg;
+ return 0;
+
+cleanup:
+ (void)pg_dynacl_destroy( (void *)pg );
+
+ return 1;
+}
+
+static int
+pg_dynacl_unparse(
+ void *priv,
+ struct berval *bv )
+{
+ pg_t *pg = (pg_t *)priv;
+ char *ptr;
+
+ bv->bv_len = STRLENOF( " dynacl/posixGroup.expand=" ) + pg->pg_pat.bv_len;
+ bv->bv_val = ch_malloc( bv->bv_len + 1 );
+
+ ptr = lutil_strcopy( bv->bv_val, " dynacl/posixGroup" );
+
+ switch ( pg->pg_style ) {
+ case ACL_STYLE_BASE:
+ ptr = lutil_strcopy( ptr, ".exact=" );
+ break;
+
+ case ACL_STYLE_EXPAND:
+ ptr = lutil_strcopy( ptr, ".expand=" );
+ break;
+
+ default:
+ assert( 0 );
+ }
+
+ ptr = lutil_strncopy( ptr, pg->pg_pat.bv_val, pg->pg_pat.bv_len );
+ ptr[ 0 ] = '\0';
+
+ bv->bv_len = ptr - bv->bv_val;
+
+ return 0;
+}
+
+static int
+pg_dynacl_mask(
+ void *priv,
+ struct slap_op *op,
+ Entry *target,
+ AttributeDescription *desc,
+ struct berval *val,
+ int nmatch,
+ regmatch_t *matches,
+ slap_access_t *grant,
+ slap_access_t *deny )
+{
+ pg_t *pg = (pg_t *)priv;
+ Entry *group = NULL,
+ *user = NULL;
+ int rc;
+ Backend *be = op->o_bd,
+ *group_be = NULL,
+ *user_be = NULL;
+ struct berval group_ndn;
+
+ ACL_INVALIDATE( *deny );
+
+ /* get user */
+ if ( target && dn_match( &target->e_nname, &op->o_ndn ) ) {
+ user = target;
+ rc = LDAP_SUCCESS;
+
+ } else {
+ user_be = op->o_bd = select_backend( &op->o_ndn, 0, 0 );
+ if ( op->o_bd == NULL ) {
+ op->o_bd = be;
+ return 0;
+ }
+ rc = be_entry_get_rw( op, &op->o_ndn, pg_posixAccount, pg_uidNumber, 0, &user );
+ }
+
+ if ( rc != LDAP_SUCCESS || user == NULL ) {
+ op->o_bd = be;
+ return 0;
+ }
+
+ /* get target */
+ if ( pg->pg_style == ACL_STYLE_EXPAND ) {
+ char buf[ 1024 ];
+ struct berval bv;
+
+ bv.bv_len = sizeof( buf ) - 1;
+ bv.bv_val = buf;
+
+ if ( acl_string_expand( &bv, &pg->pg_pat,
+ target->e_nname.bv_val,
+ nmatch, matches ) )
+ {
+ goto cleanup;
+ }
+
+ if ( dnNormalize( 0, NULL, NULL, &bv, &group_ndn,
+ op->o_tmpmemctx ) != LDAP_SUCCESS )
+ {
+ /* did not expand to a valid dn */
+ goto cleanup;
+ }
+
+ } else {
+ group_ndn = pg->pg_pat;
+ }
+
+ if ( target && dn_match( &target->e_nname, &group_ndn ) ) {
+ group = target;
+ rc = LDAP_SUCCESS;
+
+ } else {
+ group_be = op->o_bd = select_backend( &group_ndn, 0, 0 );
+ if ( op->o_bd == NULL ) {
+ goto cleanup;
+ }
+ rc = be_entry_get_rw( op, &group_ndn, pg_posixGroup, pg_memberUid, 0, &group );
+ }
+
+ if ( group_ndn.bv_val != pg->pg_pat.bv_val ) {
+ op->o_tmpfree( group_ndn.bv_val, op->o_tmpmemctx );
+ }
+
+ if ( rc == LDAP_SUCCESS && group != NULL ) {
+ Attribute *a_uid,
+ *a_member;
+
+ a_uid = attr_find( user->e_attrs, pg_uidNumber);
+ if ( !a_uid || !BER_BVISNULL( &a_uid->a_nvals[ 1 ] ) ) {
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+
+ } else {
+ a_member = attr_find( group->e_attrs, pg_memberUid );
+ if ( !a_member ) {
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+
+ } else {
+ rc = value_find_ex( pg_memberUid,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ a_member->a_nvals, &a_uid->a_nvals[ 0 ],
+ op->o_tmpmemctx );
+ }
+ }
+
+ } else {
+ rc = LDAP_NO_SUCH_OBJECT;
+ }
+
+
+ if ( rc == LDAP_SUCCESS ) {
+ ACL_LVL_ASSIGN_WRITE( *grant );
+ }
+
+cleanup:;
+ if ( group != NULL && group != target ) {
+ op->o_bd = group_be;
+ be_entry_release_r( op, group );
+ op->o_bd = be;
+ }
+
+ if ( user != NULL && user != target ) {
+ op->o_bd = user_be;
+ be_entry_release_r( op, user );
+ op->o_bd = be;
+ }
+
+ return 0;
+}
+
+static int
+pg_dynacl_destroy(
+ void *priv )
+{
+ pg_t *pg = (pg_t *)priv;
+
+ if ( pg != NULL ) {
+ if ( !BER_BVISNULL( &pg->pg_pat ) ) {
+ ber_memfree( pg->pg_pat.bv_val );
+ }
+ ch_free( pg );
+ }
+
+ return 0;
+}
+
+static struct slap_dynacl_t pg_dynacl = {
+ "posixGroup",
+ pg_dynacl_parse,
+ pg_dynacl_unparse,
+ pg_dynacl_mask,
+ pg_dynacl_destroy
+};
+
+int
+init_module( int argc, char *argv[] )
+{
+ return slap_dynacl_register( &pg_dynacl );
+}
+
+#endif /* SLAP_DYNACL */
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/Makefile
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/Makefile (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/Makefile 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,67 @@
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/comp_match/Makefile,v 1.3.2.6 2007/01/02 21:43:42 kurt Exp $
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 2003-2007 The OpenLDAP Foundation.
+# Portions Copyright 2004 by IBM Corporation.
+# All rights reserved.
+
+# Copyright 2004 Sang Seok Lim, IBM Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+topbuilddir = ../../../../build
+topsrcdir = ../../..
+snaccdir = /usr/local/snacc
+openssldir = /usr/local/include/openssl
+
+LIBTOOL=$(topbuilddir)/libtool
+OPT=-g -O2 -DLDAP_COMPONENT
+CC=gcc
+
+SNACC_INC=-I$(snaccdir) -I$(snaccdir)/c-lib/inc
+LDAP_INC=-I$(topsrcdir)/include -I$(topsrcdir)/servers/slapd -I$(topbuilddir)/include
+OPENSSL_INC=-I$(openssldir)
+INCS=$(LDAP_INC) $(SNACC_INC) $(OPENSSL_INC)
+
+SNACC_LIB=$(snaccdir)/c-lib/libcasn1.a
+SSL_LIB=/usr/local/lib/lcrypto
+
+LIBS=$(LDAP_LIB) $(SNACC_LIB) $(SSL_LIB)
+
+all: compmatch.la
+
+
+componentlib.lo: componentlib.c
+ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(INCS) -c $?
+
+certificate.lo: certificate.c
+ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(INCS) -c $?
+
+crl.lo: crl.c
+ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(INCS) -c $?
+
+authorityKeyIdentifier.lo: authorityKeyIdentifier.c
+ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(INCS) -c $?
+
+asn_to_syn_mr.lo: asn_to_syn_mr.c
+ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(INCS) -c $?
+
+init.lo: init.c
+ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(INCS) -c $?
+
+compmatch.la: componentlib.lo init.lo certificate.lo asn_to_syn_mr.lo authorityKeyIdentifier.lo crl.lo
+ $(LIBTOOL) --mode=link $(CC) $(OPT) $(LIBS) -version-info 0:0:0 \
+ -rpath /usr/local/libexec/openldap -module -o $@ $? $(LIBS)
+
+clean:
+ \rm compmatch.la componentlib.lo certificate.lo asn_to_syn_mr.lo authorityKeyIdentifier.lo crl.lo\
+ init.o init.lo componentlib.o certificate.o asn_to_syn_mr.o authorityKeyIdentifier.o crl.o
+install:
+ cp -r .libs $(topsrcdir)/tests/data/comp_libs
+ cp compmatch.la $(topsrcdir)/tests/data/comp_libs
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/README
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,127 @@
+Copyright 2004 Sang Seok Lim, IBM . All rights reserved.
+
+Redistribution and use in source and binary forms, with
+or without modification, are permitted only as authorized
+by the OpenLDAP Public License.
+
+A copy of this license is available in the file LICENSE in
+the top-level directory of the distribution or, alternatively,
+at <http://www.OpenLDAP.org/license.html>.
+
+This directory contains a Component Matching module and
+a X.509 Certificate example. In order to understand Component
+Matching, see RFC 3687 and
+http://www.openldap.org/conf/odd-sandiego-2004/Sangseok.pdf
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+A) Brief introduction about files in this directory
+%%%%%%%%%%55%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+1) init.c
+module_init() and functions which are dynamically linked
+into the main slapd codes.
+
+2) componentlib.c and componentlib.h
+GSER and BER decoder library of each primitive ASN.1 type.
+They use component representation to store ASN.1 values.
+
+3) certificate.c/.h authorityKeyIdentifier.c/.h
+eSNACC generated BER and GSER decoder routines of the X.509
+certificate specification and one of its extensions,
+authorityKeyIdentifier.
+
+4) asn_to_syn_mr.c asn.h
+An mapping table from ASN.1 types to corresponding Syntaxes,
+matching rules, and component description in slapd.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+B) How to use Component Matching on X.509 certificates
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+1) be sure to configure slapd with enable-modules on.
+2) install the GSER-support eSNACC compiler. You can find
+only in www.openldap.org. At least, you need the library
+(libcasn1.a) and header files for compiling this module.
+3) modify Makefile accordingly. then run make.
+you will get compmatch.la and other necessary files in ./libs
+4) modify slapd.conf to include the following module command
+ moduleload <path to>compmatch.la
+5) run slapd and perform search operations against
+the attribute, userCertificate. You need to read through
+RFC 3687 in order to understand how to compose component
+filters.
+Ex) component search filter examples
+"(userCertificate:componentFilterMatch:=item:{ component
+\"toBeSigned.serialNumber\", rule integerMatch, value 2 })"
+You can find more examples in "test031-component-filter"
+in the OpenLDAP source directory.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+C) How to add a new ASN.1 syntax
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+1) download and install the eSNACC compiler supporting
+Component Matching. You can find the compiler only in
+www.openldap.org. Before compiling, be sure to define
+the "LDAP_COMPONENT" macro to obtain component
+supported version of C library and back-ends of eSNACC.
+Otherwise compiled library will fail to be linked to
+the module.
+2) using eSNACC, compile your ASN.1 specifications and
+copy the generated .c and .h files to this directory
+Ex)
+$ esnacc -E BER_COMP -E GSER -t -d -f example.asn
+For Component Matching, set BOTH BER_COMP and GSER on.
+After compiling, you will get example.c and example.h
+3) modify example.c accordingly, seeing certificate.c
+and certificate.asn as a reference.
+- add init_module_xxx() located in generated .c file
+into init_module() in init.c.
+- modify the arguments of InstallOidDecoderMapping(...)
+accordingly
+- in the generated .c file, you need to write
+"DecComponentxxxTop(...)" function for yourself.
+You can copy BDecComponentCertificateTop in the
+generated .c file and modify it accordingly.
+4) register a new attribute syntax with a new OID
+in a schema file
+5) then goto 3) of B) section.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+D) How to configure Component Indexing
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+You can generate indices on each component of
+a given attribute whose values are in either GSER or
+BER. Currently primitive ASN.1 types, DN, and RDN
+can be indexed for equality matching in BDB.
+In order to generate indices, put following line
+in the slapd configuration file, slapd.conf.
+
+index [attribute name].[component reference] eq
+
+Ex)
+index userCertificate eq
+index userCertificate.toBeSigned.issuer.rdnSequence eq
+index userCertificate.toBeSigned.serialNumber eq
+index userCertificate.toBeSigned.version eq
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+D) How to configure Attribute Alias
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+If your client is unable to use component filters,
+attribute aliasing can be used instead. Attribute
+Alias maps a virtual attribute type to an attribute
+component and a component matching rule.
+You can create your own aliases by following steps.
+
+1) register aliasing attributes in the schema file.
+Sample aliasing attributes are in test.schema.
+2) compose component filters for aliasing attributes
+and put them in "preprocessed_comp_filter" array
+in "init.c".
+3) add "add_aa_entry" function calls in
+"init_attribute_aliasing_table()" in "init.c"
+4) perform searching against the aliasing attribute
+Ex)
+"(x509CertificateIssuer:distinguishedNameMatch=
+cn=ray,L=yorktown,o=ibm,c=us)"
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/asn.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/asn.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/asn.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,57 @@
+/* Copyright 2004 IBM Corporation
+ * All rights reserved.
+ * Redisribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorizd by the OpenLADP
+ * Public License.
+ */
+/* ACKNOWLEDGEMENTS
+ * This work originally developed by Sang Seok Lim
+ * 2004/06/18 03:20:00 slim at OpenLDAP.org
+ */
+#ifndef _H_ASN_MODULE
+#define _H_ASN_MODULE
+
+typedef enum { BER, GSER } EncRulesType;
+
+typedef enum AsnTypeId {
+ BASICTYPE_BOOLEAN = 0,
+ BASICTYPE_INTEGER,
+ BASICTYPE_BITSTRING,
+ BASICTYPE_OCTETSTRING,
+ BASICTYPE_NULL,
+ BASICTYPE_OID,
+ BASICTYPE_REAL,
+ BASICTYPE_ENUMERATED,
+ BASICTYPE_NUMERIC_STR,
+ BASICTYPE_PRINTABLE_STR,
+ BASICTYPE_UNIVERSAL_STR,
+ BASICTYPE_IA5_STR,
+ BASICTYPE_BMP_STR,
+ BASICTYPE_UTF8_STR,
+ BASICTYPE_UTCTIME,
+ BASICTYPE_GENERALIZEDTIME,
+ BASICTYPE_GRAPHIC_STR,
+ BASICTYPE_VISIBLE_STR,
+ BASICTYPE_GENERAL_STR,
+ BASICTYPE_OBJECTDESCRIPTOR,
+ BASICTYPE_VIDEOTEX_STR,
+ BASICTYPE_T61_STR,
+ BASICTYPE_OCTETCONTAINING,
+ BASICTYPE_BITCONTAINING,
+ BASICTYPE_RELATIVE_OID, /* 25 */
+ BASICTYPE_ANY,
+ /* Embedded Composite Types*/
+ COMPOSITE_ASN1_TYPE,
+ /* A New ASN.1 types including type reference */
+ RDNSequence,
+ RelativeDistinguishedName,
+ TelephoneNumber,
+ FacsimileTelephoneNumber__telephoneNumber,
+ DirectoryString,
+ /* Newly Defined ASN.1 Type, Manually registered */
+ ASN_COMP_CERTIFICATE,
+ /* ASN.1 Type End */
+ ASNTYPE_END
+} AsnTypeId;
+
+#endif
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/asn_to_syn_mr.c
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/asn_to_syn_mr.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/asn_to_syn_mr.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,282 @@
+#include <component.h>
+#include "asn.h"
+#include "componentlib.h"
+#include "certificate.h"
+
+AsnTypetoMatchingRuleTable directory_component_matching_table[] = {
+ "1.2.36.79672281.1.13.7",
+{
+ { BASICTYPE_BOOLEAN,NULL,"1.3.6.1.4.1.1466.115.121.1.7", NULL },
+ { BASICTYPE_INTEGER,NULL ,"1.3.6.1.4.1.1466.115.121.1.27", NULL },
+ { BASICTYPE_BITSTRING,NULL ,"1.3.6.1.4.1.1466.115.121.1.6", NULL },
+ { BASICTYPE_OCTETSTRING,NULL , "1.3.6.1.4.1.1466.115.121.1.40", NULL },
+ { BASICTYPE_NULL,NULL , NULL, NULL },
+ { BASICTYPE_OID,NULL ,"1.3.6.1.4.1.1466.115.121.1.38", NULL },
+ { BASICTYPE_REAL,NULL , NULL, NULL },
+ { BASICTYPE_ENUMERATED,NULL , NULL, NULL },
+ { BASICTYPE_NUMERIC_STR, "numericStringMatch", "1.3.6.1.4.1.1466.115.121.1.36", NULL },
+ { BASICTYPE_PRINTABLE_STR, "caseIgnoreMatch", "1.3.6.1.4.1.1466.115.121.1.44", NULL },
+ { BASICTYPE_UNIVERSAL_STR, "caseIgnoreMatch" , NULL, NULL },
+ { BASICTYPE_IA5_STR, "caseIgnoreMatch", "1.3.6.1.4.1.1466.115.121.1.26", NULL },
+ { BASICTYPE_BMP_STR, "caseIgnoreMatch" , NULL, NULL },
+ { BASICTYPE_UTF8_STR, "caseIgnoreMatch" , NULL, NULL },
+ { BASICTYPE_UTCTIME, "uTCTimeMatch" , "1.3.6.1.4.1.1466.115.121.1.53", NULL },
+ { BASICTYPE_GENERALIZEDTIME, "generalizedTimeMatch" ,"1.3.6.1.4.1.1466.115.121.1.24", NULL },
+ { BASICTYPE_GRAPHIC_STR, "caseIgnoreMatch", NULL, NULL },
+ { BASICTYPE_VISIBLE_STR, "caseIgnoreMatch", NULL, NULL },
+ { BASICTYPE_GENERAL_STR, "caseIgnoreMatch", NULL, NULL },
+ { BASICTYPE_OBJECTDESCRIPTOR, NULL , NULL, NULL },
+ { BASICTYPE_VIDEOTEX_STR, "caseIgnoreMatch", NULL, NULL },
+ { BASICTYPE_T61_STR, "caseIgnoreMatch", NULL, NULL },
+ { BASICTYPE_OCTETCONTAINING, NULL , NULL, NULL },
+ { BASICTYPE_BITCONTAINING, NULL , NULL, NULL },
+ { BASICTYPE_RELATIVE_OID, NULL, "1.2.36.79672281.1.5.0", NULL },
+ { RDNSequence, "distinguishedNameMatch" , NULL, NULL },
+ { RelativeDistinguishedName, NULL , NULL, NULL },
+ { TelephoneNumber, "telephoneNumberMatch" , "1.3.6.1.4.1.1466.115.121.1.50", NULL },
+ { FacsimileTelephoneNumber__telephoneNumber, "telephoneNumberMatch","1.3.6.1.4.1.1466.115.121.1.22", NULL },
+ { DirectoryString, "caseIgnoreMatch" ,"1.3.6.1.4.1.1466.115.121.1.15", NULL },
+ { ASN_COMP_CERTIFICATE, NULL , "1.2.36.79672281.1.5.2" , NULL },
+ { ASNTYPE_END , NULL , NULL, NULL }
+},
+ NULL
+};
+
+AsnTypetoSyntax asn_to_syntax_mapping_tbl[] = {
+{ BASICTYPE_BOOLEAN,"Boolean","1.3.6.1.4.1.1466.115.121.1.7", NULL },
+{ BASICTYPE_INTEGER,"Integer","1.3.6.1.4.1.1466.115.121.1.27", NULL },
+{ BASICTYPE_BITSTRING,"Bit String","1.3.6.1.4.1.1466.115.121.1.6", NULL },
+{ BASICTYPE_OCTETSTRING,"Octet String", "1.3.6.1.4.1.1466.115.121.1.40", NULL },
+{ BASICTYPE_NULL,NULL, NULL, NULL },
+{ BASICTYPE_OID,"OID","1.3.6.1.4.1.1466.115.121.1.38", NULL },
+{ BASICTYPE_REAL,NULL, NULL, NULL },
+{ BASICTYPE_ENUMERATED,"Integer", "1.3.6.1.4.1.1466.115.121.1.27", NULL },
+{ BASICTYPE_NUMERIC_STR, "Numeric String", "1.3.6.1.4.1.1466.115.121.1.36", NULL },
+{ BASICTYPE_PRINTABLE_STR, "Printable String", "1.3.6.1.4.1.1466.115.121.1.44", NULL },
+{ BASICTYPE_UNIVERSAL_STR, NULL , NULL, NULL },
+{ BASICTYPE_IA5_STR, "IA5 String", "1.3.6.1.4.1.1466.115.121.1.26", NULL },
+{ BASICTYPE_BMP_STR, NULL , NULL, NULL },
+{ BASICTYPE_UTF8_STR, "Directory String" , "1.3.6.1.4.1.1466.115.121.1.15", NULL },
+{ BASICTYPE_UTCTIME, "UTC Time" , "1.3.6.1.4.1.1466.115.121.1.53", NULL },
+{ BASICTYPE_GENERALIZEDTIME, "Generalized Time" ,"1.3.6.1.4.1.1466.115.121.1.24", NULL },
+{ BASICTYPE_GRAPHIC_STR, NULL, NULL, NULL },
+{ BASICTYPE_VISIBLE_STR, "Directory String", "1.3.6.1.4.1.1466.115.121.1.15", NULL },
+{ BASICTYPE_GENERAL_STR, NULL, NULL, NULL },
+{ BASICTYPE_OBJECTDESCRIPTOR, "Object Class Description", "1.3.6.1.4.1.1466.115.121.1.37", NULL },
+{ BASICTYPE_VIDEOTEX_STR, NULL, NULL, NULL },
+{ BASICTYPE_T61_STR, NULL, NULL, NULL },
+{ BASICTYPE_OCTETCONTAINING, NULL , NULL, NULL },
+{ BASICTYPE_BITCONTAINING, NULL , NULL, NULL },
+{ BASICTYPE_RELATIVE_OID, "OID", "1.3.6.1.4.1.1466.115.121.1.38", NULL },
+{ BASICTYPE_ANY, NULL, NULL, NULL },
+{ COMPOSITE_ASN1_TYPE, NULL , NULL, NULL },
+{ RDNSequence, "Distinguished Name" , "1.3.6.1.4.1.1466.115.121.1.12", NULL },
+{ RelativeDistinguishedName, "RDN", "1.2.36.79672281.1.5.0", NULL },
+{ TelephoneNumber, "Telephone Number" , "1.3.6.1.4.1.1466.115.121.1.50", NULL },
+{ FacsimileTelephoneNumber__telephoneNumber, "Facsimile Telephone Number","1.3.6.1.4.1.1466.115.121.1.22", NULL },
+{ DirectoryString, "Directory String" ,"1.3.6.1.4.1.1466.115.121.1.15", NULL },
+{ ASN_COMP_CERTIFICATE, "componentCertificate", "1.2.36.79672281.1.5.2" , NULL },
+{ ASNTYPE_END , NULL , NULL, NULL }
+};
+
+/*
+ * This table describes relationship between an ASN.1 type and its
+ * potential matching rules such as equality, approx, ordering, and substring
+ * Based on the description of this table, the following ComponentType
+ * table is initialized
+ */
+AsnTypetoCompMatchingRule asntype_to_compMR_mapping_tbl[] = {
+{ BASICTYPE_BOOLEAN, "booleanMatch", NULL, NULL, NULL },
+{ BASICTYPE_INTEGER, "integerMatch", NULL, "integerOrderingMatch", NULL },
+{ BASICTYPE_BITSTRING, "bitStringMatch", NULL, NULL, NULL },
+{ BASICTYPE_OCTETSTRING, "octetStringMatch", NULL, "octetStringOrderingMatch", NULL },
+{ BASICTYPE_NULL, NULL, NULL, NULL, NULL },
+{ BASICTYPE_OID, "objectIdentifierMatch", NULL, NULL, NULL },
+{ BASICTYPE_REAL, NULL, NULL, NULL, NULL },
+{ BASICTYPE_ENUMERATED, "integerMatch", NULL, "integerOrderingMatch", NULL },
+{ BASICTYPE_NUMERIC_STR, "numericStringMatch", NULL, "numericStringOrderingMatch", "numericStringSubstringsMatch"},
+{ BASICTYPE_PRINTABLE_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
+{ BASICTYPE_UNIVERSAL_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
+{ BASICTYPE_IA5_STR, "caseIgnoreMatch", "IA5StringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
+{ BASICTYPE_BMP_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
+{ BASICTYPE_UTF8_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
+{ BASICTYPE_UTCTIME, NULL, NULL, NULL, NULL },
+{ BASICTYPE_GENERALIZEDTIME, NULL, NULL, NULL, NULL },
+{ BASICTYPE_GRAPHIC_STR, NULL, NULL, NULL, NULL },
+{ BASICTYPE_VISIBLE_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
+{ BASICTYPE_GENERAL_STR, NULL, NULL, NULL, NULL },
+{ BASICTYPE_OBJECTDESCRIPTOR, "objectIdentifierFirstComponentMatch", NULL, NULL, NULL },
+{ BASICTYPE_VIDEOTEX_STR, NULL, NULL, NULL, NULL },
+{ BASICTYPE_T61_STR, NULL, NULL, NULL, NULL },
+{ BASICTYPE_OCTETCONTAINING, NULL, NULL, NULL, NULL },
+{ BASICTYPE_BITCONTAINING, NULL, NULL, NULL, NULL },
+{ BASICTYPE_RELATIVE_OID, "objectIdentifierFirstComponentMatch", NULL, NULL, NULL },
+{ BASICTYPE_ANY, NULL, NULL, NULL, NULL },
+{ COMPOSITE_ASN1_TYPE, NULL, NULL, NULL, NULL },
+{ RDNSequence, "distinguishedNameMatch", NULL, NULL, NULL },
+{ RelativeDistinguishedName, "rdnMatch" , NULL, NULL, NULL },
+{ TelephoneNumber, NULL, NULL, NULL, NULL },
+{ FacsimileTelephoneNumber__telephoneNumber, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
+{ DirectoryString, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch"},
+{ ASN_COMP_CERTIFICATE, "componentFilterMatch", NULL, NULL, NULL },
+{ ASNTYPE_END, NULL, NULL, NULL, NULL }
+};
+
+/*
+ * This table mapps an ASN type to a corresponding ComponentType which has
+ * equivalent contents of an existing AttributeType
+ */
+AsnTypetoCompType asntype_to_compType_mapping_tbl[] = {
+{ BASICTYPE_BOOLEAN,{}},
+{ BASICTYPE_INTEGER, {}},
+{ BASICTYPE_BITSTRING, {}},
+{ BASICTYPE_OCTETSTRING, {}},
+{ BASICTYPE_NULL, {}},
+{ BASICTYPE_OID, {}},
+{ BASICTYPE_REAL, {}},
+{ BASICTYPE_ENUMERATED, {}},
+{ BASICTYPE_NUMERIC_STR, {}},
+{ BASICTYPE_PRINTABLE_STR, {}},
+{ BASICTYPE_UNIVERSAL_STR, {}},
+{ BASICTYPE_IA5_STR, {}},
+{ BASICTYPE_BMP_STR, {}},
+{ BASICTYPE_UTF8_STR, {}},
+{ BASICTYPE_UTCTIME, {}},
+{ BASICTYPE_GENERALIZEDTIME, {}},
+{ BASICTYPE_GRAPHIC_STR, {}},
+{ BASICTYPE_VISIBLE_STR, {}},
+{ BASICTYPE_GENERAL_STR,{}},
+{ BASICTYPE_OBJECTDESCRIPTOR, {}},
+{ BASICTYPE_VIDEOTEX_STR, {}},
+{ BASICTYPE_T61_STR, {}},
+{ BASICTYPE_OCTETCONTAINING, {}},
+{ BASICTYPE_BITCONTAINING, {}},
+{ BASICTYPE_RELATIVE_OID, {}},
+{ BASICTYPE_ANY, {}},
+{ COMPOSITE_ASN1_TYPE, {}},
+{ RDNSequence, {}},
+{ RelativeDistinguishedName, {}},
+{ TelephoneNumber, {}},
+{ FacsimileTelephoneNumber__telephoneNumber, {}},
+{ DirectoryString, {}},
+{ ASN_COMP_CERTIFICATE, {}},
+{ ASNTYPE_END , {}}
+};
+
+AsnTypetoCompDesc asntype_to_compdesc_mapping_tbl[] = {
+{ BASICTYPE_BOOLEAN, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_BOOLEAN,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentBool,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentBool,(ber_decoder_func*)BDecComponentBool,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentBool}},
+{ BASICTYPE_INTEGER, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_INTEGER,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentInt,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentInt,(ber_decoder_func*)BDecComponentInt,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentInt}},
+{ BASICTYPE_BITSTRING, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_BITSTRING,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentBits,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentBits,(ber_decoder_func*)BDecComponentBits,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentBits}},
+{ BASICTYPE_OCTETSTRING, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_OCTETSTRING,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentOcts,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentOcts,(ber_decoder_func*)BDecComponentOcts,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentOcts}},
+{ BASICTYPE_NULL, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_NULL,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentNull,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentNull,(ber_decoder_func*)BDecComponentNull,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentNull}},
+{ BASICTYPE_OID, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_OID,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentOid,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentOid,(ber_decoder_func*)BDecComponentOid,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentOid}},
+{ BASICTYPE_REAL, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_REAL,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentReal,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentReal,(ber_decoder_func*)BDecComponentReal,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentReal}},
+{ BASICTYPE_ENUMERATED, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_ENUMERATED,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentEnum,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentEnum,(ber_decoder_func*)BDecComponentEnum,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentEnum}},
+{ BASICTYPE_NUMERIC_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_NUMERIC_STR,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentNumericString,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentNumericString,(ber_decoder_func*)BDecComponentNumericString,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentNumericString}},
+{ BASICTYPE_PRINTABLE_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_PRINTABLE_STR,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentPrintableString,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentPrintableString,(ber_decoder_func*)BDecComponentPrintableString,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentPrintableString}},
+{ BASICTYPE_UNIVERSAL_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_UNIVERSAL_STR,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentUniversalString,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentUniversalString,(ber_decoder_func*)BDecComponentUniversalString,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentUniversalString}},
+{ BASICTYPE_IA5_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_IA5_STR,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentIA5String,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentIA5String,(ber_decoder_func*)BDecComponentIA5String,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentIA5String}},
+{ BASICTYPE_BMP_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_BMP_STR,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentBMPString,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentBMPString,(ber_decoder_func*)BDecComponentBMPString,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentBMPString}},
+{ BASICTYPE_UTF8_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_UTF8_STR,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentUTF8String,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentUTF8String,(ber_decoder_func*)BDecComponentUTF8String,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentUTF8String}},
+{ BASICTYPE_UTCTIME, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_UTCTIME,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentUTCTime,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentUTCTime,(ber_decoder_func*)BDecComponentUTCTime,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentUTCTime}},
+{ BASICTYPE_GENERALIZEDTIME, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_GENERALIZEDTIME,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentUTCTime,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentUTCTime,(ber_decoder_func*)BDecComponentUTCTime,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentUTCTime}},
+{ BASICTYPE_GRAPHIC_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_GRAPHIC_STR,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentPrintableString,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentPrintableString,(ber_decoder_func*)BDecComponentPrintableString,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentPrintableString}},
+{ BASICTYPE_VISIBLE_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_VISIBLE_STR,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentVisibleString,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentVisibleString,(ber_decoder_func*)BDecComponentVisibleString,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentVisibleString}},
+{ BASICTYPE_GENERAL_STR,{ -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_GENERAL_STR,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentUTF8String,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentUTF8String,(ber_decoder_func*)BDecComponentUTF8String,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentUTF8String}},
+{ BASICTYPE_OBJECTDESCRIPTOR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_OBJECTDESCRIPTOR,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentUTF8String,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentUTF8String,(ber_decoder_func*)BDecComponentUTF8String,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentUTF8String}},
+{ BASICTYPE_VIDEOTEX_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_VIDEOTEX_STR,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentTeletexString,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentTeletexString,(ber_decoder_func*)BDecComponentTeletexString,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentTeletexString}},
+{ BASICTYPE_T61_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_T61_STR,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentUTF8String,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentUTF8String,(ber_decoder_func*)BDecComponentUTF8String,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentUTF8String}},
+{ BASICTYPE_OCTETCONTAINING, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_OCTETCONTAINING,
+ (encoder_func*)NULL,(encoder_func*)NULL,(encoder_func*)NULL,
+ (gser_decoder_func*)NULL,(ber_decoder_func*)NULL,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,NULL}},
+{ BASICTYPE_BITCONTAINING, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_BITCONTAINING,
+ (encoder_func*)NULL,(encoder_func*)NULL,(encoder_func*)NULL,
+ (gser_decoder_func*)NULL,(ber_decoder_func*)NULL,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,NULL}},
+{ BASICTYPE_RELATIVE_OID, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_RELATIVE_OID,
+ (encoder_func*)NULL,(encoder_func*)GEncComponentRelativeOid,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentRelativeOid,(ber_decoder_func*)BDecComponentRelativeOid,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentRelativeOid}},
+{ BASICTYPE_ANY, {}},
+{ COMPOSITE_ASN1_TYPE, {}},
+{ RDNSequence, { -1, NULL, {},{},0,ASN_COMPOSITE,RDNSequence,
+ (encoder_func*)ConvertRDNSequence2RFC2253,(encoder_func*)NULL,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentRDNSequence,(ber_decoder_func*)BDecComponentRDNSequence,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentRDNSequence}},
+{ RelativeDistinguishedName, { -1, NULL, {},{},0,ASN_COMPOSITE,RDNSequence,
+ (encoder_func*)ConvertRDNSequence2RFC2253,(encoder_func*)NULL,(encoder_func*)NULL,
+ (gser_decoder_func*)GDecComponentRDNSequence,(ber_decoder_func*)BDecComponentRDNSequence,
+ (comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentRDNSequence}},
+{ TelephoneNumber, {}},
+{ FacsimileTelephoneNumber__telephoneNumber, {}},
+{ DirectoryString, {}},
+{ ASN_COMP_CERTIFICATE, {}},
+{ ASNTYPE_END , {}}
+};
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/authorityKeyIdentifier.asn
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/authorityKeyIdentifier.asn (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/authorityKeyIdentifier.asn 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,65 @@
+AuthorityKeyIdentifierDefinition DEFINITIONS ::=
+BEGIN
+AuthorityKeyIdentifier ::= SEQUENCE {
+ keyIdentifier [0] IMPLICIT KeyIdentifier OPTIONAL,
+ authorityCertIssuer [1] IMPLICIT GeneralNames OPTIONAL,
+ authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL }
+ -- authorityCertIssuer and authorityCertSerialNumber MUST both
+ -- be present or both be absent
+
+KeyIdentifier ::= OCTET STRING
+
+CertificateSerialNumber ::= INTEGER
+
+GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+
+GeneralName ::= CHOICE {
+ otherName [0] OtherName,
+ rfc822Name [1] IA5String,
+ dNSName [2] IA5String,
+ x400Address [3] ORAddress,
+ directoryName [4] Name,
+ ediPartyName [5] EDIPartyName,
+ uniformResourceIdentifier [6] IA5String,
+ iPAddress [7] OCTET STRING,
+ registeredID [8] OBJECT IDENTIFIER }
+
+OtherName ::= SEQUENCE {
+ type-id OBJECT IDENTIFIER,
+ value [0] EXPLICIT ANY DEFINED BY type-id }
+
+EDIPartyName ::= SEQUENCE {
+ nameAssigner [0] DirectoryString OPTIONAL,
+ partyName [1] DirectoryString }
+
+-- following ORAddress may not conform original def. in ASN.1
+ORAddress ::= SEQUENCE {
+-- built-in-standard-attributes BuiltInStandardAttributes,
+ type-id OBJECT IDENTIFIER,
+-- built-in-domain-defined-attributes
+ value ANY DEFINED BY type-id,
+-- BuiltInDomainDefinedAttributes OPTIONAL,
+-- see also teletex-domain-defined-attributes
+--extension-attributes ExtensionAttributes OPTIONAL }
+ extension OCTET STRING OPTIONAL }
+
+
+Name ::= CHOICE {
+ rdnSequence RDNSequence }
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
+
+AttributeTypeAndValue ::= SEQUENCE {
+ type OBJECT IDENTIFIER,
+ value ANY DEFINED BY type}
+
+DirectoryString ::= CHOICE {
+ teletexString TeletexString (SIZE (1..MAX)),
+ printableString PrintableString (SIZE (1..MAX)),
+ universalString UniversalString (SIZE (1..MAX)),
+ utf8String UTF8String (SIZE (1..MAX)),
+ bmpString BMPString (SIZE (1..MAX)) }
+
+END
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/authorityKeyIdentifier.c
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/authorityKeyIdentifier.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/authorityKeyIdentifier.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2058 @@
+/*
+ * authorityKeyIdentifier.c
+ * "AuthorityKeyIdentifierDefinition" ASN.1 module encode/decode/extracting/matching/free C src.
+ * This file was generated by modified eSMACC compiler Wed Dec 8 22:22:49 2004
+ * The generated files are supposed to be compiled as a module for OpenLDAP Software
+ */
+
+#include "authorityKeyIdentifier.h"
+
+BDecComponentAuthorityKeyIdentifierTop( void* mem_op, GenBuf* b, void *v, AsnLen* bytesDecoded,int mode) {
+ AsnTag tag;
+ AsnLen elmtLen;
+
+ tag = BDecTag ( b, bytesDecoded );
+ elmtLen = BDecLen ( b, bytesDecoded );
+ if ( elmtLen <= 0 ) return (-1);
+ if ( tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE) ) {
+ return (-1);
+ }
+
+ return BDecComponentAuthorityKeyIdentifier( mem_op, b, tag, elmtLen, ( ComponentAuthorityKeyIdentifier**)v, (AsnLen*)bytesDecoded, mode );
+}
+
+
+void init_module_AuthorityKeyIdentifierDefinition() {
+ InstallOidDecoderMapping( "2.5.29.35", NULL,
+ GDecComponentAuthorityKeyIdentifier,
+ BDecComponentAuthorityKeyIdentifierTop,
+ ExtractingComponentAuthorityKeyIdentifier,
+ MatchingComponentAuthorityKeyIdentifier );
+}
+
+int
+MatchingComponentOtherName ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ rc = 1;
+ rc = MatchingComponentOid ( oid, (ComponentSyntaxInfo*)&((ComponentOtherName*)csi_attr)->type_id, (ComponentSyntaxInfo*)&((ComponentOtherName*)csi_assert)->type_id );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentOtherName*)csi_attr)->value, (&((ComponentOtherName*)csi_attr)->type_id));
+ rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentOtherName*)csi_attr)->value, (ComponentAny*)&((ComponentOtherName*)csi_assert)->value);
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentOtherName */
+
+void*
+ExtractingComponentOtherName ( void* mem_op, ComponentReference* cr, ComponentOtherName *comp )
+{
+
+ if ( ( comp->type_id.identifier.bv_val && strncmp(comp->type_id.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->type_id.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->type_id;
+ else
+ return NULL;
+ }
+ if ( ( comp->value.identifier.bv_val && strncmp(comp->value.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->value.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->value;
+ else
+ return NULL;
+ }
+ return NULL;
+} /* ExtractingComponentOtherName */
+
+int
+BDecComponentOtherName PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentOtherName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ AsnLen totalElmtsLen2 = 0;
+ AsnLen elmtLen2;
+ AsnTag tagId2;
+ int old_mode = mode;
+ int rc;
+ ComponentOtherName *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentOid (mem_op, b, tagId1, elmtLen1, (&k->type_id), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->type_id)->identifier.bv_val = (&k->type_id)->id_buf;
+ (&k->type_id)->identifier.bv_len = strlen("type_id");
+ strcpy( (&k->type_id)->identifier.bv_val, "type_id");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (CNTX, CONS, 0))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = SetAnyTypeByComponentOid ((&k->value), (&k->type_id));
+ rc = BDecComponentAnyDefinedBy (mem_op,b, (&k->value), &totalElmtsLen1, mode );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->value)->identifier.bv_val = (&k->value)->id_buf;
+ (&k->value)->identifier.bv_len = strlen("value");
+ strcpy( (&k->value)->identifier.bv_val, "value");
+ if (elmtLen1 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ seqDone = TRUE;
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ else if (totalElmtsLen1 != elmtLen0)
+ return -1;
+
+ }
+ else
+ return -1;
+
+
+
+ if (!seqDone)
+ return -1;
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentOtherName*) CompAlloc( mem_op, sizeof(ComponentOtherName) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOtherName ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOtherName ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentOtherName;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentOtherName;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecOtherName*/
+
+int
+GDecComponentOtherName PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentOtherName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentOtherName *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if ( strncmp( peek_head, "type_id", strlen("type_id") ) == 0 ) {
+ rc = GDecComponentOid (mem_op, b, (&k->type_id), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->type_id)->identifier.bv_val = peek_head;
+ (&k->type_id)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "value", strlen("value") ) == 0 ) {
+ rc = SetAnyTypeByComponentOid ((&k->value), (&k->type_id));
+ rc = GDecComponentAnyDefinedBy (mem_op, b, (&k->value), bytesDecoded, mode );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->value)->identifier.bv_val = peek_head;
+ (&k->value)->identifier.bv_len = strLen;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+ Asn1Error("Error during Reading } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '}'){
+ Asn1Error("Missing } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentOtherName*) CompAlloc( mem_op, sizeof(ComponentOtherName) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOtherName ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOtherName ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentOtherName;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentOtherName;
+ return LDAP_SUCCESS;
+} /* GDecOtherName*/
+
+
+int
+MatchingComponentORAddress ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ rc = 1;
+ rc = MatchingComponentOid ( oid, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_attr)->type_id, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_assert)->type_id );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentORAddress*)csi_attr)->value, (&((ComponentORAddress*)csi_attr)->type_id));
+ rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentORAddress*)csi_attr)->value, (ComponentAny*)&((ComponentORAddress*)csi_assert)->value);
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentOcts ( oid, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_attr)->extension, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_assert)->extension );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentORAddress */
+
+void*
+ExtractingComponentORAddress ( void* mem_op, ComponentReference* cr, ComponentORAddress *comp )
+{
+
+ if ( ( comp->type_id.identifier.bv_val && strncmp(comp->type_id.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->type_id.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->type_id;
+ else
+ return NULL;
+ }
+ if ( ( comp->value.identifier.bv_val && strncmp(comp->value.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->value.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->value;
+ else
+ return NULL;
+ }
+ if ( ( comp->extension.identifier.bv_val && strncmp(comp->extension.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->extension.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->extension;
+ else
+ return NULL;
+ }
+ return NULL;
+} /* ExtractingComponentORAddress */
+
+int
+BDecComponentORAddress PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentORAddress **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ int old_mode = mode;
+ int rc;
+ ComponentORAddress *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentOid (mem_op, b, tagId1, elmtLen1, (&k->type_id), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->type_id)->identifier.bv_val = (&k->type_id)->id_buf;
+ (&k->type_id)->identifier.bv_len = strlen("type_id");
+ strcpy( (&k->type_id)->identifier.bv_val, "type_id");
+ }
+ else
+ return -1;
+
+
+
+ {
+ rc = SetAnyTypeByComponentOid ((&k->value), (&k->type_id));
+ rc = BDecComponentAnyDefinedBy (mem_op,b, (&k->value), &totalElmtsLen1, mode );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->value)->identifier.bv_val = (&k->value)->id_buf;
+ (&k->value)->identifier.bv_len = strlen("value");
+ strcpy( (&k->value)->identifier.bv_val, "value");
+ if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+ seqDone = TRUE;
+ else
+ {
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+ {
+ BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+ seqDone = TRUE;
+ }
+ }
+ }
+
+
+ if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentOcts (mem_op, b, tagId1, elmtLen1, (&k->extension), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->extension)->identifier.bv_val = (&k->extension)->id_buf;
+ (&k->extension)->identifier.bv_len = strlen("extension");
+ strcpy( (&k->extension)->identifier.bv_val, "extension");
+ seqDone = TRUE;
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ else if (totalElmtsLen1 != elmtLen0)
+ return -1;
+
+ }
+
+
+ if (!seqDone)
+ return -1;
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentORAddress*) CompAlloc( mem_op, sizeof(ComponentORAddress) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentORAddress ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentORAddress ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentORAddress;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentORAddress;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecORAddress*/
+
+int
+GDecComponentORAddress PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentORAddress **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentORAddress *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if ( strncmp( peek_head, "type_id", strlen("type_id") ) == 0 ) {
+ rc = GDecComponentOid (mem_op, b, (&k->type_id), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->type_id)->identifier.bv_val = peek_head;
+ (&k->type_id)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "value", strlen("value") ) == 0 ) {
+ rc = SetAnyTypeByComponentOid ((&k->value), (&k->type_id));
+ rc = GDecComponentAnyDefinedBy (mem_op, b, (&k->value), bytesDecoded, mode );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->value)->identifier.bv_val = peek_head;
+ (&k->value)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "extension", strlen("extension") ) == 0 ) {
+ rc = GDecComponentOcts (mem_op, b, (&k->extension), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->extension)->identifier.bv_val = peek_head;
+ (&k->extension)->identifier.bv_len = strLen;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+ Asn1Error("Error during Reading } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '}'){
+ Asn1Error("Missing } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentORAddress*) CompAlloc( mem_op, sizeof(ComponentORAddress) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentORAddress ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentORAddress ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentORAddress;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentORAddress;
+ return LDAP_SUCCESS;
+} /* GDecORAddress*/
+
+
+int
+MatchingComponentDirectoryString ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+ ComponentDirectoryString *v1, *v2;
+
+
+ v1 = (ComponentDirectoryString*)csi_attr;
+ v2 = (ComponentDirectoryString*)csi_assert;
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ if( (v1->choiceId != v2->choiceId ) )
+ return LDAP_COMPARE_FALSE;
+ switch( v1->choiceId )
+ {
+ case DIRECTORYSTRING_TELETEXSTRING :
+ rc = MatchingComponentTeletexString ( oid, (ComponentSyntaxInfo*)(v1->a.teletexString), (ComponentSyntaxInfo*)(v2->a.teletexString) );
+ break;
+ case DIRECTORYSTRING_PRINTABLESTRING :
+ rc = MatchingComponentPrintableString ( oid, (ComponentSyntaxInfo*)(v1->a.printableString), (ComponentSyntaxInfo*)(v2->a.printableString) );
+ break;
+ case DIRECTORYSTRING_UNIVERSALSTRING :
+ rc = MatchingComponentUniversalString ( oid, (ComponentSyntaxInfo*)(v1->a.universalString), (ComponentSyntaxInfo*)(v2->a.universalString) );
+ break;
+ case DIRECTORYSTRING_UTF8STRING :
+ rc = MatchingComponentUTF8String ( oid, (ComponentSyntaxInfo*)(v1->a.utf8String), (ComponentSyntaxInfo*)(v2->a.utf8String) );
+ break;
+ case DIRECTORYSTRING_BMPSTRING :
+ rc = MatchingComponentBMPString ( oid, (ComponentSyntaxInfo*)(v1->a.bmpString), (ComponentSyntaxInfo*)(v2->a.bmpString) );
+ break;
+ default :
+ return LDAP_PROTOCOL_ERROR;
+ }
+ return rc;
+} /* BMatchingComponentDirectoryStringContent */
+
+void*
+ExtractingComponentDirectoryString ( void* mem_op, ComponentReference* cr, ComponentDirectoryString *comp )
+{
+
+
+ if( (comp->choiceId) == DIRECTORYSTRING_TELETEXSTRING &&
+ (( comp->a.teletexString->identifier.bv_val && strncmp(comp->a.teletexString->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.teletexString->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.teletexString);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentTeletexString ( mem_op, cr, (comp->a.teletexString) );
+ };
+ }
+ if( (comp->choiceId) == DIRECTORYSTRING_PRINTABLESTRING &&
+ (( comp->a.printableString->identifier.bv_val && strncmp(comp->a.printableString->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.printableString->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.printableString);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentPrintableString ( mem_op, cr, (comp->a.printableString) );
+ };
+ }
+ if( (comp->choiceId) == DIRECTORYSTRING_UNIVERSALSTRING &&
+ (( comp->a.universalString->identifier.bv_val && strncmp(comp->a.universalString->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.universalString->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.universalString);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentUniversalString ( mem_op, cr, (comp->a.universalString) );
+ };
+ }
+ if( (comp->choiceId) == DIRECTORYSTRING_UTF8STRING &&
+ (( comp->a.utf8String->identifier.bv_val && strncmp(comp->a.utf8String->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.utf8String->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.utf8String);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentUTF8String ( mem_op, cr, (comp->a.utf8String) );
+ };
+ }
+ if( (comp->choiceId) == DIRECTORYSTRING_BMPSTRING &&
+ (( comp->a.bmpString->identifier.bv_val && strncmp(comp->a.bmpString->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.bmpString->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.bmpString);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentBMPString ( mem_op, cr, (comp->a.bmpString) );
+ };
+ }
+ return NULL;
+} /* ExtractingComponentDirectoryString */
+
+int
+BDecComponentDirectoryString PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentDirectoryString **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ int old_mode = mode;
+ int rc;
+ ComponentDirectoryString *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ switch (tagId0)
+ {
+ case MAKE_TAG_ID (UNIV, PRIM, TELETEXSTRING_TAG_CODE):
+ case MAKE_TAG_ID (UNIV, CONS, TELETEXSTRING_TAG_CODE):
+ (k->choiceId) = DIRECTORYSTRING_TELETEXSTRING;
+ rc = BDecComponentTeletexString (mem_op, b, tagId0, elmtLen0, (&k->a.teletexString), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.teletexString)->identifier.bv_val = (k->a.teletexString)->id_buf;
+ (k->a.teletexString)->identifier.bv_len = strlen("teletexString");
+ strcpy( (k->a.teletexString)->identifier.bv_val, "teletexString");
+ break;
+
+ case MAKE_TAG_ID (UNIV, PRIM, PRINTABLESTRING_TAG_CODE):
+ case MAKE_TAG_ID (UNIV, CONS, PRINTABLESTRING_TAG_CODE):
+ (k->choiceId) = DIRECTORYSTRING_PRINTABLESTRING;
+ rc = BDecComponentPrintableString (mem_op, b, tagId0, elmtLen0, (&k->a.printableString), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.printableString)->identifier.bv_val = (k->a.printableString)->id_buf;
+ (k->a.printableString)->identifier.bv_len = strlen("printableString");
+ strcpy( (k->a.printableString)->identifier.bv_val, "printableString");
+ break;
+
+ case MAKE_TAG_ID (UNIV, PRIM, UNIVERSALSTRING_TAG_CODE):
+ case MAKE_TAG_ID (UNIV, CONS, UNIVERSALSTRING_TAG_CODE):
+ (k->choiceId) = DIRECTORYSTRING_UNIVERSALSTRING;
+ rc = BDecComponentUniversalString (mem_op, b, tagId0, elmtLen0, (&k->a.universalString), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.universalString)->identifier.bv_val = (k->a.universalString)->id_buf;
+ (k->a.universalString)->identifier.bv_len = strlen("universalString");
+ strcpy( (k->a.universalString)->identifier.bv_val, "universalString");
+ break;
+
+ case MAKE_TAG_ID (UNIV, PRIM, UTF8STRING_TAG_CODE):
+ case MAKE_TAG_ID (UNIV, CONS, UTF8STRING_TAG_CODE):
+ (k->choiceId) = DIRECTORYSTRING_UTF8STRING;
+ rc = BDecComponentUTF8String (mem_op, b, tagId0, elmtLen0, (&k->a.utf8String), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.utf8String)->identifier.bv_val = (k->a.utf8String)->id_buf;
+ (k->a.utf8String)->identifier.bv_len = strlen("utf8String");
+ strcpy( (k->a.utf8String)->identifier.bv_val, "utf8String");
+ break;
+
+ case MAKE_TAG_ID (UNIV, PRIM, BMPSTRING_TAG_CODE):
+ case MAKE_TAG_ID (UNIV, CONS, BMPSTRING_TAG_CODE):
+ (k->choiceId) = DIRECTORYSTRING_BMPSTRING;
+ rc = BDecComponentBMPString (mem_op, b, tagId0, elmtLen0, (&k->a.bmpString), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.bmpString)->identifier.bv_val = (k->a.bmpString)->id_buf;
+ (k->a.bmpString)->identifier.bv_len = strlen("bmpString");
+ strcpy( (k->a.bmpString)->identifier.bv_val, "bmpString");
+ break;
+
+ default:
+ Asn1Error ("ERROR - unexpected tag in CHOICE\n");
+ return -1;
+ break;
+ } /* end switch */
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentDirectoryString*) CompAlloc( mem_op, sizeof(ComponentDirectoryString) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentDirectoryString ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentDirectoryString ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentDirectoryString;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentDirectoryString;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecDirectoryStringContent */
+
+int
+GDecComponentDirectoryString PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentDirectoryString **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentDirectoryString *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen2 = LocateNextGSERToken(mem_op,b,&peek_head2,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head2 != ':'){
+ Asn1Error("Missing : in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( strncmp("teletexString",peek_head, strlen("teletexString")) == 0){
+ (k->choiceId) = DIRECTORYSTRING_TELETEXSTRING;
+ rc = GDecComponentTeletexString (mem_op, b, (&k->a.teletexString), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.teletexString)->identifier.bv_val = peek_head;
+ (k->a.teletexString)->identifier.bv_len = strLen;
+ }
+ else if( strncmp("printableString",peek_head,strlen("printableString")) == 0){
+ (k->choiceId) = DIRECTORYSTRING_PRINTABLESTRING;
+ rc = GDecComponentPrintableString (mem_op, b, (&k->a.printableString), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.printableString)->identifier.bv_val = peek_head;
+ (k->a.printableString)->identifier.bv_len = strLen;
+ }
+ else if( strncmp("universalString",peek_head,strlen("universalString")) == 0){
+ (k->choiceId) = DIRECTORYSTRING_UNIVERSALSTRING;
+ rc = GDecComponentUniversalString (mem_op, b, (&k->a.universalString), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.universalString)->identifier.bv_val = peek_head;
+ (k->a.universalString)->identifier.bv_len = strLen;
+ }
+ else if( strncmp("utf8String",peek_head,strlen("utf8String")) == 0){
+ (k->choiceId) = DIRECTORYSTRING_UTF8STRING;
+ rc = GDecComponentUTF8String (mem_op, b, (&k->a.utf8String), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.utf8String)->identifier.bv_val = peek_head;
+ (k->a.utf8String)->identifier.bv_len = strLen;
+ }
+ else if( strncmp("bmpString",peek_head,strlen("bmpString")) == 0){
+ (k->choiceId) = DIRECTORYSTRING_BMPSTRING;
+ rc = GDecComponentBMPString (mem_op, b, (&k->a.bmpString), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.bmpString)->identifier.bv_val = peek_head;
+ (k->a.bmpString)->identifier.bv_len = strLen;
+ }
+ else {
+ Asn1Error("Undefined Identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentDirectoryString*) CompAlloc( mem_op, sizeof(ComponentDirectoryString) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentDirectoryString ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentDirectoryString ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentDirectoryString;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentDirectoryString;
+ return LDAP_SUCCESS;
+} /* GDecDirectoryStringContent */
+
+
+int
+MatchingComponentEDIPartyName ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ rc = 1;
+ if(COMPONENTNOT_NULL( ((ComponentEDIPartyName*)csi_attr)->nameAssigner ) ) {
+ rc = MatchingComponentDirectoryString ( oid, (ComponentSyntaxInfo*)((ComponentEDIPartyName*)csi_attr)->nameAssigner, (ComponentSyntaxInfo*)((ComponentEDIPartyName*)csi_assert)->nameAssigner );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ }
+ rc = MatchingComponentDirectoryString ( oid, (ComponentSyntaxInfo*)((ComponentEDIPartyName*)csi_attr)->partyName, (ComponentSyntaxInfo*)((ComponentEDIPartyName*)csi_assert)->partyName );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentEDIPartyName */
+
+void*
+ExtractingComponentEDIPartyName ( void* mem_op, ComponentReference* cr, ComponentEDIPartyName *comp )
+{
+
+ if ( ( comp->nameAssigner->identifier.bv_val && strncmp(comp->nameAssigner->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->nameAssigner->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->nameAssigner;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentDirectoryString ( mem_op, cr, comp->nameAssigner );
+ }
+ }
+ if ( ( comp->partyName->identifier.bv_val && strncmp(comp->partyName->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->partyName->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->partyName;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentDirectoryString ( mem_op, cr, comp->partyName );
+ }
+ }
+ return NULL;
+} /* ExtractingComponentEDIPartyName */
+
+int
+BDecComponentEDIPartyName PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentEDIPartyName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ AsnLen totalElmtsLen2 = 0;
+ AsnLen elmtLen2;
+ AsnTag tagId2;
+ AsnLen totalElmtsLen3 = 0;
+ AsnLen elmtLen3;
+ AsnTag tagId3;
+ int old_mode = mode;
+ int rc;
+ ComponentEDIPartyName *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if (((tagId1 == MAKE_TAG_ID (CNTX, CONS, 0))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = tagId2 = BDecTag (b, &totalElmtsLen1 );
+ elmtLen2 = BDecLen (b, &totalElmtsLen1 );
+ BDecComponentDirectoryString (mem_op, b, tagId2, elmtLen2, (&k->nameAssigner), &totalElmtsLen1, mode);
+ if (elmtLen1 == INDEFINITE_LEN)
+ BDecEoc(b, &totalElmtsLen1 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->nameAssigner)->identifier.bv_val = (k->nameAssigner)->id_buf;
+ (k->nameAssigner)->identifier.bv_len = strlen("nameAssigner");
+ strcpy( (k->nameAssigner)->identifier.bv_val, "nameAssigner");
+ if (elmtLen1 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+
+
+ if (((tagId1 == MAKE_TAG_ID (CNTX, CONS, 1))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = tagId2 = BDecTag (b, &totalElmtsLen1 );
+ elmtLen2 = BDecLen (b, &totalElmtsLen1 );
+ BDecComponentDirectoryString (mem_op, b, tagId2, elmtLen2, (&k->partyName), &totalElmtsLen1, mode);
+ if (elmtLen1 == INDEFINITE_LEN)
+ BDecEoc(b, &totalElmtsLen1 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->partyName)->identifier.bv_val = (k->partyName)->id_buf;
+ (k->partyName)->identifier.bv_len = strlen("partyName");
+ strcpy( (k->partyName)->identifier.bv_val, "partyName");
+ if (elmtLen1 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ seqDone = TRUE;
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ else if (totalElmtsLen1 != elmtLen0)
+ return -1;
+
+ }
+ else
+ return -1;
+
+
+
+ if (!seqDone)
+ return -1;
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentEDIPartyName*) CompAlloc( mem_op, sizeof(ComponentEDIPartyName) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentEDIPartyName ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentEDIPartyName ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentEDIPartyName;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentEDIPartyName;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecEDIPartyName*/
+
+int
+GDecComponentEDIPartyName PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentEDIPartyName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentEDIPartyName *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if ( strncmp( peek_head, "nameAssigner", strlen("nameAssigner") ) == 0 ) {
+ rc = GDecComponentDirectoryString (mem_op, b, (&k->nameAssigner), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->nameAssigner)->identifier.bv_val = peek_head;
+ ( k->nameAssigner)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "partyName", strlen("partyName") ) == 0 ) {
+ rc = GDecComponentDirectoryString (mem_op, b, (&k->partyName), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->partyName)->identifier.bv_val = peek_head;
+ ( k->partyName)->identifier.bv_len = strLen;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+ Asn1Error("Error during Reading } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '}'){
+ Asn1Error("Missing } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentEDIPartyName*) CompAlloc( mem_op, sizeof(ComponentEDIPartyName) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentEDIPartyName ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentEDIPartyName ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentEDIPartyName;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentEDIPartyName;
+ return LDAP_SUCCESS;
+} /* GDecEDIPartyName*/
+
+
+
+int
+MatchingComponentGeneralName ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+ ComponentGeneralName *v1, *v2;
+
+
+ v1 = (ComponentGeneralName*)csi_attr;
+ v2 = (ComponentGeneralName*)csi_assert;
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ if( (v1->choiceId != v2->choiceId ) )
+ return LDAP_COMPARE_FALSE;
+ switch( v1->choiceId )
+ {
+ case GENERALNAME_OTHERNAME :
+ rc = MatchingComponentOtherName ( oid, (ComponentSyntaxInfo*)(v1->a.otherName), (ComponentSyntaxInfo*)(v2->a.otherName) );
+ break;
+ case GENERALNAME_RFC822NAME :
+ rc = MatchingComponentIA5String ( oid, (ComponentSyntaxInfo*)(v1->a.rfc822Name), (ComponentSyntaxInfo*)(v2->a.rfc822Name) );
+ break;
+ case GENERALNAME_DNSNAME :
+ rc = MatchingComponentIA5String ( oid, (ComponentSyntaxInfo*)(v1->a.dNSName), (ComponentSyntaxInfo*)(v2->a.dNSName) );
+ break;
+ case GENERALNAME_X400ADDRESS :
+ rc = MatchingComponentORAddress ( oid, (ComponentSyntaxInfo*)(v1->a.x400Address), (ComponentSyntaxInfo*)(v2->a.x400Address) );
+ break;
+ case GENERALNAME_DIRECTORYNAME :
+ rc = MatchingComponentName ( oid, (ComponentSyntaxInfo*)(v1->a.directoryName), (ComponentSyntaxInfo*)(v2->a.directoryName) );
+ break;
+ case GENERALNAME_EDIPARTYNAME :
+ rc = MatchingComponentEDIPartyName ( oid, (ComponentSyntaxInfo*)(v1->a.ediPartyName), (ComponentSyntaxInfo*)(v2->a.ediPartyName) );
+ break;
+ case GENERALNAME_UNIFORMRESOURCEIDENTIFIER :
+ rc = MatchingComponentIA5String ( oid, (ComponentSyntaxInfo*)(v1->a.uniformResourceIdentifier), (ComponentSyntaxInfo*)(v2->a.uniformResourceIdentifier) );
+ break;
+ case GENERALNAME_IPADDRESS :
+ rc = MatchingComponentOcts ( oid, (ComponentSyntaxInfo*)(v1->a.iPAddress), (ComponentSyntaxInfo*)(v2->a.iPAddress) );
+ break;
+ case GENERALNAME_REGISTEREDID :
+ rc = MatchingComponentOid ( oid, (ComponentSyntaxInfo*)(v1->a.registeredID), (ComponentSyntaxInfo*)(v2->a.registeredID) );
+ break;
+ default :
+ return LDAP_PROTOCOL_ERROR;
+ }
+ return rc;
+} /* BMatchingComponentGeneralNameContent */
+
+void*
+ExtractingComponentGeneralName ( void* mem_op, ComponentReference* cr, ComponentGeneralName *comp )
+{
+
+
+ if( (comp->choiceId) == GENERALNAME_OTHERNAME &&
+ (( comp->a.otherName->identifier.bv_val && strncmp(comp->a.otherName->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.otherName->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.otherName);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentOtherName ( mem_op, cr, (comp->a.otherName) );
+ };
+ }
+ if( (comp->choiceId) == GENERALNAME_RFC822NAME &&
+ (( comp->a.rfc822Name->identifier.bv_val && strncmp(comp->a.rfc822Name->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.rfc822Name->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.rfc822Name);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentIA5String ( mem_op, cr, (comp->a.rfc822Name) );
+ };
+ }
+ if( (comp->choiceId) == GENERALNAME_DNSNAME &&
+ (( comp->a.dNSName->identifier.bv_val && strncmp(comp->a.dNSName->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.dNSName->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.dNSName);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentIA5String ( mem_op, cr, (comp->a.dNSName) );
+ };
+ }
+ if( (comp->choiceId) == GENERALNAME_X400ADDRESS &&
+ (( comp->a.x400Address->identifier.bv_val && strncmp(comp->a.x400Address->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.x400Address->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.x400Address);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentORAddress ( mem_op, cr, (comp->a.x400Address) );
+ };
+ }
+ if( (comp->choiceId) == GENERALNAME_DIRECTORYNAME &&
+ (( comp->a.directoryName->identifier.bv_val && strncmp(comp->a.directoryName->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.directoryName->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.directoryName);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentName ( mem_op, cr, (comp->a.directoryName) );
+ };
+ }
+ if( (comp->choiceId) == GENERALNAME_EDIPARTYNAME &&
+ (( comp->a.ediPartyName->identifier.bv_val && strncmp(comp->a.ediPartyName->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.ediPartyName->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.ediPartyName);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentEDIPartyName ( mem_op, cr, (comp->a.ediPartyName) );
+ };
+ }
+ if( (comp->choiceId) == GENERALNAME_UNIFORMRESOURCEIDENTIFIER &&
+ (( comp->a.uniformResourceIdentifier->identifier.bv_val && strncmp(comp->a.uniformResourceIdentifier->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.uniformResourceIdentifier->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.uniformResourceIdentifier);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentIA5String ( mem_op, cr, (comp->a.uniformResourceIdentifier) );
+ };
+ }
+ if( (comp->choiceId) == GENERALNAME_IPADDRESS &&
+ (( comp->a.iPAddress->identifier.bv_val && strncmp(comp->a.iPAddress->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.iPAddress->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.iPAddress);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentOcts ( mem_op, cr, (comp->a.iPAddress) );
+ };
+ }
+ if( (comp->choiceId) == GENERALNAME_REGISTEREDID &&
+ (( comp->a.registeredID->identifier.bv_val && strncmp(comp->a.registeredID->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.registeredID->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.registeredID);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentOid ( mem_op, cr, (comp->a.registeredID) );
+ };
+ }
+ return NULL;
+} /* ExtractingComponentGeneralName */
+
+int
+BDecComponentGeneralName PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentGeneralName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ AsnLen totalElmtsLen2 = 0;
+ AsnLen elmtLen2;
+ AsnTag tagId2;
+ AsnLen totalElmtsLen3 = 0;
+ AsnLen elmtLen3;
+ AsnTag tagId3;
+ int old_mode = mode;
+ int rc;
+ ComponentGeneralName *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ switch (tagId0)
+ {
+ case MAKE_TAG_ID (CNTX, CONS, 0):
+if (BDecTag (b, &totalElmtsLen1 ) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+ {
+ Asn1Error ("Unexpected Tag\n");
+ return -1;
+ }
+
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ (k->choiceId) = GENERALNAME_OTHERNAME;
+ rc = BDecComponentOtherName (mem_op, b, tagId1, elmtLen1, (&k->a.otherName), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.otherName)->identifier.bv_val = (k->a.otherName)->id_buf;
+ (k->a.otherName)->identifier.bv_len = strlen("otherName");
+ strcpy( (k->a.otherName)->identifier.bv_val, "otherName");
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ break;
+
+ case MAKE_TAG_ID (CNTX, CONS, 1):
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+if ((tagId1 != MAKE_TAG_ID (UNIV, PRIM, IA5STRING_TAG_CODE)) &&
+ (tagId1 != MAKE_TAG_ID (UNIV, CONS, IA5STRING_TAG_CODE)))
+ {
+ Asn1Error ("Unexpected Tag\n");
+ return -1;
+ }
+
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ (k->choiceId) = GENERALNAME_RFC822NAME;
+ rc = BDecComponentIA5String (mem_op, b, tagId1, elmtLen1, (&k->a.rfc822Name), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.rfc822Name)->identifier.bv_val = (k->a.rfc822Name)->id_buf;
+ (k->a.rfc822Name)->identifier.bv_len = strlen("rfc822Name");
+ strcpy( (k->a.rfc822Name)->identifier.bv_val, "rfc822Name");
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ break;
+
+ case MAKE_TAG_ID (CNTX, CONS, 2):
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+if ((tagId1 != MAKE_TAG_ID (UNIV, PRIM, IA5STRING_TAG_CODE)) &&
+ (tagId1 != MAKE_TAG_ID (UNIV, CONS, IA5STRING_TAG_CODE)))
+ {
+ Asn1Error ("Unexpected Tag\n");
+ return -1;
+ }
+
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ (k->choiceId) = GENERALNAME_DNSNAME;
+ rc = BDecComponentIA5String (mem_op, b, tagId1, elmtLen1, (&k->a.dNSName), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.dNSName)->identifier.bv_val = (k->a.dNSName)->id_buf;
+ (k->a.dNSName)->identifier.bv_len = strlen("dNSName");
+ strcpy( (k->a.dNSName)->identifier.bv_val, "dNSName");
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ break;
+
+ case MAKE_TAG_ID (CNTX, CONS, 3):
+if (BDecTag (b, &totalElmtsLen1 ) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+ {
+ Asn1Error ("Unexpected Tag\n");
+ return -1;
+ }
+
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ (k->choiceId) = GENERALNAME_X400ADDRESS;
+ rc = BDecComponentORAddress (mem_op, b, tagId1, elmtLen1, (&k->a.x400Address), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.x400Address)->identifier.bv_val = (k->a.x400Address)->id_buf;
+ (k->a.x400Address)->identifier.bv_len = strlen("x400Address");
+ strcpy( (k->a.x400Address)->identifier.bv_val, "x400Address");
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ break;
+
+ case MAKE_TAG_ID (CNTX, CONS, 4):
+ (k->choiceId) = GENERALNAME_DIRECTORYNAME;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentName (mem_op, b, tagId1, elmtLen1, (&k->a.directoryName), &totalElmtsLen1, mode);
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc(b, &totalElmtsLen1 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.directoryName)->identifier.bv_val = (k->a.directoryName)->id_buf;
+ (k->a.directoryName)->identifier.bv_len = strlen("directoryName");
+ strcpy( (k->a.directoryName)->identifier.bv_val, "directoryName");
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ break;
+
+ case MAKE_TAG_ID (CNTX, CONS, 5):
+if (BDecTag (b, &totalElmtsLen1 ) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+ {
+ Asn1Error ("Unexpected Tag\n");
+ return -1;
+ }
+
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ (k->choiceId) = GENERALNAME_EDIPARTYNAME;
+ rc = BDecComponentEDIPartyName (mem_op, b, tagId1, elmtLen1, (&k->a.ediPartyName), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.ediPartyName)->identifier.bv_val = (k->a.ediPartyName)->id_buf;
+ (k->a.ediPartyName)->identifier.bv_len = strlen("ediPartyName");
+ strcpy( (k->a.ediPartyName)->identifier.bv_val, "ediPartyName");
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ break;
+
+ case MAKE_TAG_ID (CNTX, CONS, 6):
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+if ((tagId1 != MAKE_TAG_ID (UNIV, PRIM, IA5STRING_TAG_CODE)) &&
+ (tagId1 != MAKE_TAG_ID (UNIV, CONS, IA5STRING_TAG_CODE)))
+ {
+ Asn1Error ("Unexpected Tag\n");
+ return -1;
+ }
+
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ (k->choiceId) = GENERALNAME_UNIFORMRESOURCEIDENTIFIER;
+ rc = BDecComponentIA5String (mem_op, b, tagId1, elmtLen1, (&k->a.uniformResourceIdentifier), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.uniformResourceIdentifier)->identifier.bv_val = (k->a.uniformResourceIdentifier)->id_buf;
+ (k->a.uniformResourceIdentifier)->identifier.bv_len = strlen("uniformResourceIdentifier");
+ strcpy( (k->a.uniformResourceIdentifier)->identifier.bv_val, "uniformResourceIdentifier");
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ break;
+
+ case MAKE_TAG_ID (CNTX, CONS, 7):
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+if ((tagId1 != MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) &&
+ (tagId1 != MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE)))
+ {
+ Asn1Error ("Unexpected Tag\n");
+ return -1;
+ }
+
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ (k->choiceId) = GENERALNAME_IPADDRESS;
+ rc = BDecComponentOcts (mem_op, b, tagId1, elmtLen1, (&k->a.iPAddress), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.iPAddress)->identifier.bv_val = (k->a.iPAddress)->id_buf;
+ (k->a.iPAddress)->identifier.bv_len = strlen("iPAddress");
+ strcpy( (k->a.iPAddress)->identifier.bv_val, "iPAddress");
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ break;
+
+ case MAKE_TAG_ID (CNTX, CONS, 8):
+if (BDecTag (b, &totalElmtsLen1 ) != MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))
+ {
+ Asn1Error ("Unexpected Tag\n");
+ return -1;
+ }
+
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ (k->choiceId) = GENERALNAME_REGISTEREDID;
+ rc = BDecComponentOid (mem_op, b, tagId1, elmtLen1, (&k->a.registeredID), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.registeredID)->identifier.bv_val = (k->a.registeredID)->id_buf;
+ (k->a.registeredID)->identifier.bv_len = strlen("registeredID");
+ strcpy( (k->a.registeredID)->identifier.bv_val, "registeredID");
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ break;
+
+ default:
+ Asn1Error ("ERROR - unexpected tag in CHOICE\n");
+ return -1;
+ break;
+ } /* end switch */
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentGeneralName*) CompAlloc( mem_op, sizeof(ComponentGeneralName) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentGeneralName ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentGeneralName ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentGeneralName;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentGeneralName;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecGeneralNameContent */
+
+int
+GDecComponentGeneralName PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentGeneralName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentGeneralName *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen2 = LocateNextGSERToken(mem_op,b,&peek_head2,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head2 != ':'){
+ Asn1Error("Missing : in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( strncmp("otherName",peek_head, strlen("otherName")) == 0){
+ (k->choiceId) = GENERALNAME_OTHERNAME;
+ rc = GDecComponentOtherName (mem_op, b, (&k->a.otherName), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.otherName)->identifier.bv_val = peek_head;
+ (k->a.otherName)->identifier.bv_len = strLen;
+ }
+ else if( strncmp("rfc822Name",peek_head,strlen("rfc822Name")) == 0){
+ (k->choiceId) = GENERALNAME_RFC822NAME;
+ rc = GDecComponentIA5String (mem_op, b, (&k->a.rfc822Name), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.rfc822Name)->identifier.bv_val = peek_head;
+ (k->a.rfc822Name)->identifier.bv_len = strLen;
+ }
+ else if( strncmp("dNSName",peek_head,strlen("dNSName")) == 0){
+ (k->choiceId) = GENERALNAME_DNSNAME;
+ rc = GDecComponentIA5String (mem_op, b, (&k->a.dNSName), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.dNSName)->identifier.bv_val = peek_head;
+ (k->a.dNSName)->identifier.bv_len = strLen;
+ }
+ else if( strncmp("x400Address",peek_head,strlen("x400Address")) == 0){
+ (k->choiceId) = GENERALNAME_X400ADDRESS;
+ rc = GDecComponentORAddress (mem_op, b, (&k->a.x400Address), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.x400Address)->identifier.bv_val = peek_head;
+ (k->a.x400Address)->identifier.bv_len = strLen;
+ }
+ else if( strncmp("directoryName",peek_head,strlen("directoryName")) == 0){
+ (k->choiceId) = GENERALNAME_DIRECTORYNAME;
+ rc = GDecComponentName (mem_op, b, (&k->a.directoryName), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.directoryName)->identifier.bv_val = peek_head;
+ (k->a.directoryName)->identifier.bv_len = strLen;
+ }
+ else if( strncmp("ediPartyName",peek_head,strlen("ediPartyName")) == 0){
+ (k->choiceId) = GENERALNAME_EDIPARTYNAME;
+ rc = GDecComponentEDIPartyName (mem_op, b, (&k->a.ediPartyName), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.ediPartyName)->identifier.bv_val = peek_head;
+ (k->a.ediPartyName)->identifier.bv_len = strLen;
+ }
+ else if( strncmp("uniformResourceIdentifier",peek_head,strlen("uniformResourceIdentifier")) == 0){
+ (k->choiceId) = GENERALNAME_UNIFORMRESOURCEIDENTIFIER;
+ rc = GDecComponentIA5String (mem_op, b, (&k->a.uniformResourceIdentifier), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.uniformResourceIdentifier)->identifier.bv_val = peek_head;
+ (k->a.uniformResourceIdentifier)->identifier.bv_len = strLen;
+ }
+ else if( strncmp("iPAddress",peek_head,strlen("iPAddress")) == 0){
+ (k->choiceId) = GENERALNAME_IPADDRESS;
+ rc = GDecComponentOcts (mem_op, b, (&k->a.iPAddress), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.iPAddress)->identifier.bv_val = peek_head;
+ (k->a.iPAddress)->identifier.bv_len = strLen;
+ }
+ else if( strncmp("registeredID",peek_head,strlen("registeredID")) == 0){
+ (k->choiceId) = GENERALNAME_REGISTEREDID;
+ rc = GDecComponentOid (mem_op, b, (&k->a.registeredID), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.registeredID)->identifier.bv_val = peek_head;
+ (k->a.registeredID)->identifier.bv_len = strLen;
+ }
+ else {
+ Asn1Error("Undefined Identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentGeneralName*) CompAlloc( mem_op, sizeof(ComponentGeneralName) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentGeneralName ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentGeneralName ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentGeneralName;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentGeneralName;
+ return LDAP_SUCCESS;
+} /* GDecGeneralNameContent */
+
+
+int
+MatchingComponentGeneralNames ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+ void* component1, *component2;
+ AsnList *v1, *v2, t_list;
+
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ v1 = &((ComponentGeneralNames*)csi_attr)->comp_list;
+ v2 = &((ComponentGeneralNames*)csi_assert)->comp_list;
+ FOR_EACH_LIST_PAIR_ELMT(component1, component2, v1, v2)
+ {
+ if( MatchingComponentGeneralName(oid, (ComponentSyntaxInfo*)component1, (ComponentSyntaxInfo*)component2) == LDAP_COMPARE_FALSE) {
+ return LDAP_COMPARE_FALSE;
+ }
+ } /* end of for */
+
+ AsnListFirst( v1 );
+ AsnListFirst( v2 );
+ if( (!component1 && component2) || (component1 && !component2))
+ return LDAP_COMPARE_FALSE;
+ else
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentGeneralNamesContent */
+
+void*
+ExtractingComponentGeneralNames ( void* mem_op, ComponentReference* cr, ComponentGeneralNames *comp )
+{
+ int count = 0;
+ int total;
+ AsnList *v = &comp->comp_list;
+ ComponentInt *k;
+ ComponentGeneralName *component;
+
+
+ switch ( cr->cr_curr->ci_type ) {
+ case LDAP_COMPREF_FROM_BEGINNING :
+ count = cr->cr_curr->ci_val.ci_from_beginning;
+ FOR_EACH_LIST_ELMT( component , v ) {
+ if( --count == 0 ) {
+ if( cr->cr_curr->ci_next == NULL )
+ return component;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentGeneralName ( mem_op, cr, component );
+ }
+ }
+ }
+ break;
+ case LDAP_COMPREF_FROM_END :
+ total = AsnListCount ( v );
+ count = cr->cr_curr->ci_val.ci_from_end;
+ count = total + count +1;
+ FOR_EACH_LIST_ELMT ( component, v ) {
+ if( --count == 0 ) {
+ if( cr->cr_curr->ci_next == NULL )
+ return component;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentGeneralName ( mem_op, cr, component );
+ }
+ }
+ }
+ break;
+ case LDAP_COMPREF_ALL :
+ return comp;
+ case LDAP_COMPREF_COUNT :
+ k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt));
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ k->comp_desc->cd_tag = (-1);
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
+ k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_type_id = BASICTYPE_INTEGER;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentInt;
+ k->value = AsnListCount(v);
+ return k;
+ default :
+ return NULL;
+ }
+} /* ExtractingComponentGeneralNames */
+
+int
+BDecComponentGeneralNames PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentGeneralNames **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ int old_mode = mode;
+ int rc;
+ ComponentGeneralNames *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ AsnListInit(&k->comp_list,sizeof(ComponentGeneralName));
+ for (totalElmtsLen1 = 0; (totalElmtsLen1 < elmtLen0) || (elmtLen0 == INDEFINITE_LEN);)
+ {
+ ComponentGeneralName **tmpVar;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if ((tagId1 == EOC_TAG_ID) && (elmtLen0 == INDEFINITE_LEN))
+ {
+ BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+ break; /* got EOC so can exit this SET OF/SEQ OF's for loop*/
+ }
+ elmtLen1 = BDecLen (b, &totalElmtsLen1);
+ tmpVar = (ComponentGeneralName**) CompAsnListAppend (mem_op,&k->comp_list);
+ rc = BDecComponentGeneralName (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ } /* end of for */
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentGeneralNames*) CompAlloc( mem_op, sizeof(ComponentGeneralNames) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentGeneralNames ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentGeneralNames ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentGeneralNames;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentGeneralNames;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecGeneralNamesContent */
+
+int
+GDecComponentGeneralNames PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentGeneralNames **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentGeneralNames *k,*t, c_temp;
+
+
+ int ElmtsLen1;
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ AsnListInit( &k->comp_list, sizeof( ComponentGeneralName ) );
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_PEEK)) ){
+ Asn1Error("Error during Reading { in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ for (ElmtsLen1 = 0; ElmtsLen1 >= INDEFINITE_LEN; ElmtsLen1++)
+ {
+ ComponentGeneralName **tmpVar;
+ if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading{ in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head == '}') break;
+ if( !(*peek_head == '{' || *peek_head ==',') ) {
+ return LDAP_PROTOCOL_ERROR;
+ }
+ tmpVar = (ComponentGeneralName**) CompAsnListAppend (mem_op, &k->comp_list);
+ if ( tmpVar == NULL ) {
+ Asn1Error("Error during Reading{ in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ rc = GDecComponentGeneralName (mem_op, b, tmpVar, bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ } /* end of for */
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentGeneralNames*) CompAlloc( mem_op, sizeof(ComponentGeneralNames) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentGeneralNames ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentGeneralNames ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentGeneralNames;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentGeneralNames;
+ return LDAP_SUCCESS;
+} /* GDecGeneralNamesContent */
+
+
+int
+MatchingComponentAuthorityKeyIdentifier ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ rc = 1;
+ rc = MatchingComponentKeyIdentifier ( oid, (ComponentSyntaxInfo*)&((ComponentAuthorityKeyIdentifier*)csi_attr)->keyIdentifier, (ComponentSyntaxInfo*)&((ComponentAuthorityKeyIdentifier*)csi_assert)->keyIdentifier );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ if(COMPONENTNOT_NULL( ((ComponentAuthorityKeyIdentifier*)csi_attr)->authorityCertIssuer ) ) {
+ rc = MatchingComponentGeneralNames ( oid, (ComponentSyntaxInfo*)((ComponentAuthorityKeyIdentifier*)csi_attr)->authorityCertIssuer, (ComponentSyntaxInfo*)((ComponentAuthorityKeyIdentifier*)csi_assert)->authorityCertIssuer );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ }
+ if(COMPONENTNOT_NULL( ((ComponentAuthorityKeyIdentifier*)csi_attr)->authorityCertSerialNumber ) ) {
+ rc = MatchingComponentCertificateSerialNumber ( oid, (ComponentSyntaxInfo*)((ComponentAuthorityKeyIdentifier*)csi_attr)->authorityCertSerialNumber, (ComponentSyntaxInfo*)((ComponentAuthorityKeyIdentifier*)csi_assert)->authorityCertSerialNumber );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ }
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentAuthorityKeyIdentifier */
+
+void*
+ExtractingComponentAuthorityKeyIdentifier ( void* mem_op, ComponentReference* cr, ComponentAuthorityKeyIdentifier *comp )
+{
+
+ if ( ( comp->keyIdentifier.identifier.bv_val && strncmp(comp->keyIdentifier.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->keyIdentifier.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->keyIdentifier;
+ else
+ return NULL;
+ }
+ if ( ( comp->authorityCertIssuer->identifier.bv_val && strncmp(comp->authorityCertIssuer->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->authorityCertIssuer->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->authorityCertIssuer;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentGeneralNames ( mem_op, cr, comp->authorityCertIssuer );
+ }
+ }
+ if ( ( comp->authorityCertSerialNumber->identifier.bv_val && strncmp(comp->authorityCertSerialNumber->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->authorityCertSerialNumber->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->authorityCertSerialNumber;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentCertificateSerialNumber ( mem_op, cr, comp->authorityCertSerialNumber );
+ }
+ }
+ return NULL;
+} /* ExtractingComponentAuthorityKeyIdentifier */
+
+int
+BDecComponentAuthorityKeyIdentifier PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentAuthorityKeyIdentifier **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ AsnLen totalElmtsLen2 = 0;
+ AsnLen elmtLen2;
+ AsnTag tagId2;
+ int old_mode = mode;
+ int rc;
+ ComponentAuthorityKeyIdentifier *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+ seqDone = TRUE;
+ else
+ {
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+ {
+ BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+ seqDone = TRUE;
+ }
+ }
+
+ if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (CNTX, PRIM, 0)) ||
+(tagId1 == MAKE_TAG_ID (CNTX, CONS, 0))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentKeyIdentifier (mem_op, b, tagId1, elmtLen1, (&k->keyIdentifier), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->keyIdentifier)->identifier.bv_val = (&k->keyIdentifier)->id_buf;
+ (&k->keyIdentifier)->identifier.bv_len = strlen("keyIdentifier");
+ strcpy( (&k->keyIdentifier)->identifier.bv_val, "keyIdentifier");
+ if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+ seqDone = TRUE;
+ else
+ {
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+ {
+ BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+ seqDone = TRUE;
+ }
+ }
+ }
+
+ if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (CNTX, CONS, 1))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentGeneralNames (mem_op, b, tagId1, elmtLen1,
+(&k->authorityCertIssuer), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->authorityCertIssuer)->identifier.bv_val = (k->authorityCertIssuer)->id_buf;
+ (k->authorityCertIssuer)->identifier.bv_len = strlen("authorityCertIssuer");
+ strcpy( (k->authorityCertIssuer)->identifier.bv_val, "authorityCertIssuer");
+ if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+ seqDone = TRUE;
+ else
+ {
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+ {
+ BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+ seqDone = TRUE;
+ }
+ }
+ }
+
+ if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (CNTX, PRIM, 2))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentCertificateSerialNumber (mem_op, b, tagId1, elmtLen1, (&k->authorityCertSerialNumber), &totalElmtsLen1, DEC_ALLOC_MODE_0 ); if ( rc != LDAP_SUCCESS ) return rc;
+ (k->authorityCertSerialNumber)->identifier.bv_val = (k->authorityCertSerialNumber)->id_buf;
+ (k->authorityCertSerialNumber)->identifier.bv_len = strlen("authorityCertSerialNumber");
+ strcpy( (k->authorityCertSerialNumber)->identifier.bv_val, "authorityCertSerialNumber");
+ seqDone = TRUE;
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ else if (totalElmtsLen1 != elmtLen0)
+ return -1;
+
+ }
+
+ if (!seqDone)
+ return -1;
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentAuthorityKeyIdentifier*) CompAlloc( mem_op, sizeof(ComponentAuthorityKeyIdentifier) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAuthorityKeyIdentifier ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAuthorityKeyIdentifier ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentAuthorityKeyIdentifier;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAuthorityKeyIdentifier;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecAuthorityKeyIdentifier*/
+
+int
+GDecComponentAuthorityKeyIdentifier PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentAuthorityKeyIdentifier **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentAuthorityKeyIdentifier *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if ( strncmp( peek_head, "keyIdentifier", strlen("keyIdentifier") ) == 0 ) {
+ rc = GDecComponentKeyIdentifier (mem_op, b, (&k->keyIdentifier), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->keyIdentifier)->identifier.bv_val = peek_head;
+ (&k->keyIdentifier)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "authorityCertIssuer", strlen("authorityCertIssuer") ) == 0 ) {
+ rc = GDecComponentGeneralNames (mem_op, b, (&k->authorityCertIssuer), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->authorityCertIssuer)->identifier.bv_val = peek_head;
+ ( k->authorityCertIssuer)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "authorityCertSerialNumber", strlen("authorityCertSerialNumber") ) == 0 ) {
+ rc = GDecComponentCertificateSerialNumber (mem_op, b, (&k->authorityCertSerialNumber), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->authorityCertSerialNumber)->identifier.bv_val = peek_head;
+ ( k->authorityCertSerialNumber)->identifier.bv_len = strLen;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+ Asn1Error("Error during Reading } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '}'){
+ Asn1Error("Missing } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentAuthorityKeyIdentifier*) CompAlloc( mem_op, sizeof(ComponentAuthorityKeyIdentifier) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAuthorityKeyIdentifier ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAuthorityKeyIdentifier ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentAuthorityKeyIdentifier;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAuthorityKeyIdentifier;
+ return LDAP_SUCCESS;
+} /* GDecAuthorityKeyIdentifier*/
+
+
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/authorityKeyIdentifier.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/authorityKeyIdentifier.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/authorityKeyIdentifier.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,327 @@
+
+#include "asn-incl.h"
+/*
+ * authorityKeyIdentifier.h
+ * "AuthorityKeyIdentifierDefinition" ASN.1 module encode/decode/extracting/matching/free C src.
+ * This file was generated by modified eSMACC compiler Sat Dec 11 10:15:39 2004
+ * The generated files are strongly encouraged to be
+ * compiled as a module for OpenLDAP Software
+ */
+
+#ifndef _authorityKeyIdentifier_h_
+#define _authorityKeyIdentifier_h_
+
+
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+#ifdef _WIN32
+#pragma warning( disable : 4101 )
+#endif
+#include "componentlib.h"
+typedef ComponentOcts ComponentKeyIdentifier; /* OCTET STRING */
+
+#define MatchingComponentKeyIdentifier MatchingComponentOcts
+
+#define ExtractingComponentKeyIdentifier ExtractingComponentOcts
+
+#define BDecComponentKeyIdentifier BDecComponentOcts
+
+#define GDecComponentKeyIdentifier GDecComponentOcts
+
+
+typedef ComponentInt ComponentCertificateSerialNumber; /* INTEGER */
+
+#define MatchingComponentCertificateSerialNumber MatchingComponentInt
+
+#define ExtractingComponentCertificateSerialNumber ExtractingComponentInt
+
+#define BDecComponentCertificateSerialNumber BDecComponentInt
+
+#define GDecComponentCertificateSerialNumber GDecComponentInt
+
+
+typedef struct OtherName /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentOid type_id; /* OBJECT IDENTIFIER */
+ ComponentAnyDefinedBy value; /* [0] EXPLICIT ANY DEFINED BY type-id */
+} ComponentOtherName;
+
+int MatchingComponentOtherName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentOtherName PROTO (( void* mem_op, ComponentReference *cr, ComponentOtherName *comp ));
+
+
+int BDecComponentOtherName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentOtherName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentOtherName PROTO (( void* mem_op, GenBuf * b, ComponentOtherName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct ORAddress /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentOid type_id; /* OBJECT IDENTIFIER */
+ ComponentAnyDefinedBy value; /* ANY DEFINED BY type-id */
+ ComponentOcts extension; /* OCTET STRING OPTIONAL */
+} ComponentORAddress;
+
+int MatchingComponentORAddress PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentORAddress PROTO (( void* mem_op, ComponentReference *cr, ComponentORAddress *comp ));
+
+
+int BDecComponentORAddress PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentORAddress **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentORAddress PROTO (( void* mem_op, GenBuf * b, ComponentORAddress **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct AttributeTypeAndValue /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentOid type; /* OBJECT IDENTIFIER */
+ ComponentAnyDefinedBy value; /* ANY DEFINED BY type */
+} ComponentAttributeTypeAndValue;
+
+int MatchingComponentAttributeTypeAndValue PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentAttributeTypeAndValue PROTO (( void* mem_op, ComponentReference *cr, ComponentAttributeTypeAndValue *comp ));
+
+
+int BDecComponentAttributeTypeAndValue PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentAttributeTypeAndValue PROTO (( void* mem_op, GenBuf * b, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct DirectoryString /* CHOICE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ enum DirectoryStringChoiceId
+ {
+ DIRECTORYSTRING_TELETEXSTRING,
+ DIRECTORYSTRING_PRINTABLESTRING,
+ DIRECTORYSTRING_UNIVERSALSTRING,
+ DIRECTORYSTRING_UTF8STRING,
+ DIRECTORYSTRING_BMPSTRING
+ } choiceId;
+ union DirectoryStringChoiceUnion
+ {
+ ComponentTeletexString* teletexString; /* TeletexString SIZE 1..MAX */
+ ComponentPrintableString* printableString; /* PrintableString SIZE 1..MAX */
+ ComponentUniversalString* universalString; /* UniversalString SIZE 1..MAX */
+ ComponentUTF8String* utf8String; /* UTF8String SIZE 1..MAX */
+ ComponentBMPString* bmpString; /* BMPString SIZE 1..MAX */
+ } a;
+} ComponentDirectoryString;
+
+int MatchingComponentDirectoryString PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentDirectoryString PROTO (( void* mem_op, ComponentReference *cr, ComponentDirectoryString *comp ));
+
+
+int BDecComponentDirectoryString PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentDirectoryString **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentDirectoryString PROTO (( void* mem_op, GenBuf * b, ComponentDirectoryString **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct EDIPartyName /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentDirectoryString* nameAssigner; /* [0] DirectoryString OPTIONAL */
+ ComponentDirectoryString* partyName; /* [1] DirectoryString */
+} ComponentEDIPartyName;
+
+int MatchingComponentEDIPartyName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentEDIPartyName PROTO (( void* mem_op, ComponentReference *cr, ComponentEDIPartyName *comp ));
+
+
+int BDecComponentEDIPartyName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentEDIPartyName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentEDIPartyName PROTO (( void* mem_op, GenBuf * b, ComponentEDIPartyName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentRelativeDistinguishedName; /* SET OF AttributeTypeAndValue */
+
+int MatchingComponentRelativeDistinguishedName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentRelativeDistinguishedName PROTO (( void* mem_op, ComponentReference *cr, ComponentRelativeDistinguishedName *comp ));
+
+
+int BDecComponentRelativeDistinguishedName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentRelativeDistinguishedName PROTO (( void* mem_op, GenBuf * b, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentRDNSequence; /* SEQUENCE OF RelativeDistinguishedName */
+
+int MatchingComponentRDNSequence PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentRDNSequence PROTO (( void* mem_op, ComponentReference *cr, ComponentRDNSequence *comp ));
+
+
+int BDecComponentRDNSequence PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentRDNSequence PROTO (( void* mem_op, GenBuf * b, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Name /* CHOICE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ enum NameChoiceId
+ {
+ NAME_RDNSEQUENCE
+ } choiceId;
+ union NameChoiceUnion
+ {
+ ComponentRDNSequence* rdnSequence; /* RDNSequence */
+ } a;
+} ComponentName;
+
+int MatchingComponentName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentName PROTO (( void* mem_op, ComponentReference *cr, ComponentName *comp ));
+
+
+int BDecComponentName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentName PROTO (( void* mem_op, GenBuf * b, ComponentName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct GeneralName /* CHOICE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ enum GeneralNameChoiceId
+ {
+ GENERALNAME_OTHERNAME,
+ GENERALNAME_RFC822NAME,
+ GENERALNAME_DNSNAME,
+ GENERALNAME_X400ADDRESS,
+ GENERALNAME_DIRECTORYNAME,
+ GENERALNAME_EDIPARTYNAME,
+ GENERALNAME_UNIFORMRESOURCEIDENTIFIER,
+ GENERALNAME_IPADDRESS,
+ GENERALNAME_REGISTEREDID
+ } choiceId;
+ union GeneralNameChoiceUnion
+ {
+ ComponentOtherName* otherName; /* [0] OtherName */
+ ComponentIA5String* rfc822Name; /* [1] IA5String */
+ ComponentIA5String* dNSName; /* [2] IA5String */
+ ComponentORAddress* x400Address; /* [3] ORAddress */
+ ComponentName* directoryName; /* [4] Name */
+ ComponentEDIPartyName* ediPartyName; /* [5] EDIPartyName */
+ ComponentIA5String* uniformResourceIdentifier; /* [6] IA5String */
+ ComponentOcts* iPAddress; /* [7] OCTET STRING */
+ ComponentOid* registeredID; /* [8] OBJECT IDENTIFIER */
+ } a;
+} ComponentGeneralName;
+
+int MatchingComponentGeneralName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentGeneralName PROTO (( void* mem_op, ComponentReference *cr, ComponentGeneralName *comp ));
+
+
+int BDecComponentGeneralName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentGeneralName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentGeneralName PROTO (( void* mem_op, GenBuf * b, ComponentGeneralName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentGeneralNames; /* SEQUENCE SIZE 1..MAX OF GeneralName */
+
+int MatchingComponentGeneralNames PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentGeneralNames PROTO (( void* mem_op, ComponentReference *cr, ComponentGeneralNames *comp ));
+
+
+int BDecComponentGeneralNames PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentGeneralNames **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentGeneralNames PROTO (( void* mem_op, GenBuf * b, ComponentGeneralNames **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct AuthorityKeyIdentifier /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentKeyIdentifier keyIdentifier; /* [0] KeyIdentifier OPTIONAL */
+ ComponentGeneralNames* authorityCertIssuer; /* [1] GeneralNames OPTIONAL */
+ ComponentCertificateSerialNumber* authorityCertSerialNumber; /* [2] CertificateSerialNumber OPTIONAL */
+} ComponentAuthorityKeyIdentifier;
+
+int MatchingComponentAuthorityKeyIdentifier PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentAuthorityKeyIdentifier PROTO (( void* mem_op, ComponentReference *cr, ComponentAuthorityKeyIdentifier *comp ));
+
+
+int BDecComponentAuthorityKeyIdentifier PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAuthorityKeyIdentifier **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentAuthorityKeyIdentifier PROTO (( void* mem_op, GenBuf * b, ComponentAuthorityKeyIdentifier **v, AsnLen *bytesDecoded, int mode));
+
+
+
+/* ========== Object Declarations ========== */
+
+
+/* ========== Object Set Declarations ========== */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#endif /* conditional include of authorityKeyIdentifier.h */
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/certificate.asn1
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/certificate.asn1 (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/certificate.asn1 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,175 @@
+AuthenticationFramework {joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 4} DEFINITIONS ::=
+BEGIN
+-- based on RFC 3280 and X.509
+
+Certificate ::= SEQUENCE {
+ toBeSigned TBSCertificate,
+ signatureAlgorithm AlgorithmIdentifier,
+ signature BIT STRING
+}
+
+TBSCertificate ::= SEQUENCE {
+ version [0] Version DEFAULT v1,
+ serialNumber CertificateSerialNumber,
+ signature AlgorithmIdentifier,
+ issuer Name,
+ validity Validity,
+ subject Name,
+ subjectPublicKeyInfo SubjectPublicKeyInfo,
+ issuerUniqueIdentifier [1] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- if present, version shall be v2 or v3
+ subjectUniqueIdentifier [2] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- if present, version shall be v2 or v3
+ extensions [3] Extensions OPTIONAL
+ -- If present, version shall be v3 -- }
+
+Version ::= INTEGER { v1(0), v2(1), v3(2) }
+
+CertificateSerialNumber ::= INTEGER
+
+AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL -- DSA, SHA-1--
+}
+
+Name ::= CHOICE {
+ rdnSequence RDNSequence }
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
+
+AttributeTypeAndValue ::= SEQUENCE {
+ type AttributeType,
+ value ANY DEFINED BY type}
+
+AttributeType ::= OBJECT IDENTIFIER
+
+Validity ::= SEQUENCE {
+ notBefore Time,
+ notAfter Time }
+
+UniqueIdentifier ::= BIT STRING
+
+SubjectPublicKeyInfo ::= SEQUENCE {
+ algorithm AlgorithmIdentifier,
+ subjectPublicKey BIT STRING }
+
+Time ::= CHOICE {
+ utcTime UTCTime,
+ generalizedTime GeneralizedTime }
+
+Extensions ::= SEQUENCE SIZE(1..MAX) OF Extension
+
+Extension ::= SEQUENCE {
+ extnID OBJECT IDENTIFIER,
+ critical BOOLEAN DEFAULT FALSE,
+ extnValue OCTET STRING
+-- contains a DER encoding of a value of type &ExtnType
+-- for the extension object identified by extnId --
+}
+
+nullOid OBJECT-TYPE
+ SYNTAX NULL
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 1 2 840 113549 1 1 4 }
+
+nullOid2 OBJECT-TYPE
+ SYNTAX NULL
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 1 2 840 113549 1 1 1 }
+
+nullOid3 OBJECT-TYPE
+ SYNTAX NULL
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 1 2 840 113549 1 1 5 }
+
+printableStringOid OBJECT-TYPE
+ SYNTAX PrintableString
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 2 5 4 3 }
+
+printableStringOid2 OBJECT-TYPE
+ SYNTAX PrintableString
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 2 5 4 6 }
+
+printableStringOid3 OBJECT-TYPE
+ SYNTAX PrintableString
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 2 5 4 7 }
+
+printableStringOid4 OBJECT-TYPE
+ SYNTAX PrintableString
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 2 5 4 8 }
+
+printableStringOid5 OBJECT-TYPE
+ SYNTAX PrintableString
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 2 5 4 10 }
+
+printableStringOid6 OBJECT-TYPE
+ SYNTAX PrintableString
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 2 5 4 11 }
+
+printableStringOid7 OBJECT-TYPE
+ SYNTAX PrintableString
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 0 9 2342 19200300 100 1 3 }
+
+
+iA5StringOid OBJECT-TYPE
+ SYNTAX IA5String
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 1 2 840 113549 1 9 1 }
+
+octetStringOid OBJECT-TYPE
+ SYNTAX OCTET STRING
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 2 5 29 19 }
+
+octetStringOid2 OBJECT-TYPE
+ SYNTAX OCTET STRING
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 2 16 840 1 113730 1 13 }
+
+octetStringOid3 OBJECT-TYPE
+ SYNTAX OCTET STRING
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 2 5 29 14 }
+
+octetStringOid4 OBJECT-TYPE
+ SYNTAX OCTET STRING
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 2 5 29 21 }
+
+octetStringOid5 OBJECT-TYPE
+ SYNTAX OCTET STRING
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 2 5 29 20 }
+
+octetStringOid7 OBJECT-TYPE
+ SYNTAX OCTET STRING
+ ACCESS read-write
+ STATUS mandatory
+ ::= { 2 5 29 28 }
+
+END
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/certificate.c
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/certificate.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/certificate.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3249 @@
+/*
+ * certificate.c
+ * "AuthenticationFramework" ASN.1 module encode/decode/extracting/matching/free C src.
+ * This file was generated by modified eSMACC compiler Sat Dec 11 11:22:49 2004
+ * The generated files are supposed to be compiled as a module for OpenLDAP Software
+ */
+
+#include "certificate.h"
+
+BDecComponentCertificateTop( void* mem_op, GenBuf* b, void **v, AsnLen* bytesDecoded,int mode) {
+ AsnTag tag;
+ AsnLen elmtLen;
+
+ tag = BDecTag ( b, bytesDecoded );
+ elmtLen = BDecLen ( b, bytesDecoded );
+ if ( elmtLen <= 0 ) return (-1);
+ if ( tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE) ) {
+ return (-1);
+ }
+
+ return BDecComponentCertificate( mem_op, b, tag, elmtLen, (ComponentCertificate**)v,(AsnLen*)bytesDecoded, mode );
+}
+
+void init_module_AuthenticationFramework() {
+ /* Register Certificate OID and its decoder */
+ InstallOidDecoderMapping( "2.5.4.36", NULL,
+ GDecComponentCertificate,
+ BDecComponentCertificateTop,
+ ExtractingComponentCertificate,
+ MatchingComponentCertificate );
+ InitAnyAuthenticationFramework();
+}
+
+void InitAnyAuthenticationFramework()
+{
+ AsnOid oid0 ={ 9, "\52\206\110\206\367\15\1\1\4" };
+ AsnOid oid1 ={ 9, "\52\206\110\206\367\15\1\1\1" };
+ AsnOid oid2 ={ 9, "\52\206\110\206\367\15\1\1\5" };
+ AsnOid oid3 ={ 3, "\125\4\3" };
+ AsnOid oid4 ={ 3, "\125\4\6" };
+ AsnOid oid5 ={ 3, "\125\4\7" };
+ AsnOid oid6 ={ 3, "\125\4\10" };
+ AsnOid oid7 ={ 3, "\125\4\12" };
+ AsnOid oid8 ={ 3, "\125\4\13" };
+ AsnOid oid9 ={ 10, "\11\222\46\211\223\362\54\144\1\3" };
+ AsnOid oid10 ={ 9, "\52\206\110\206\367\15\1\11\1" };
+ AsnOid oid11 ={ 3, "\125\35\23" };
+ AsnOid oid12 ={ 9, "\140\206\110\1\206\370\102\1\15" };
+ AsnOid oid13 ={ 3, "\125\35\16" };
+ AsnOid oid14 ={ 3, "\125\35\25" };
+ AsnOid oid15 ={ 3, "\125\35\24" };
+ AsnOid oid17 ={ 3, "\125\35\34" };
+
+
+ InstallAnyByComponentOid (nullOid_ANY_ID, &oid0, sizeof (ComponentNull), (EncodeFcn)BEncAsnNull, (gser_decoder_func*)GDecComponentNull, (ber_tag_decoder_func*)BDecComponentNullTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentNull,(FreeFcn)FreeComponentNull, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (nullOid2_ANY_ID, &oid1, sizeof (ComponentNull), (EncodeFcn)BEncAsnNull, (gser_decoder_func*)GDecComponentNull, (ber_tag_decoder_func*)BDecComponentNullTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentNull,(FreeFcn)FreeComponentNull, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (nullOid3_ANY_ID, &oid2, sizeof (ComponentNull), (EncodeFcn)BEncAsnNull, (gser_decoder_func*)GDecComponentNull, (ber_tag_decoder_func*)BDecComponentNullTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentNull,(FreeFcn)FreeComponentNull, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (printableStringOid_ANY_ID, &oid3, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (printableStringOid2_ANY_ID, &oid4, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (printableStringOid3_ANY_ID, &oid5, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (printableStringOid4_ANY_ID, &oid6, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (printableStringOid5_ANY_ID, &oid7, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (printableStringOid6_ANY_ID, &oid8, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (printableStringOid7_ANY_ID, &oid9, sizeof (ComponentTeletexString), (EncodeFcn)BEncTeletexString, (gser_decoder_func*)GDecComponentTeletexString, (ber_tag_decoder_func*)BDecComponentTeletexStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentTeletexString,(FreeFcn)FreeComponentTeletexString, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (iA5StringOid_ANY_ID, &oid10, sizeof (ComponentIA5String), (EncodeFcn)BEncIA5String, (gser_decoder_func*)GDecComponentIA5String, (ber_tag_decoder_func*)BDecComponentIA5StringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentIA5String,(FreeFcn)FreeComponentIA5String, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (octetStringOid_ANY_ID, &oid11, sizeof (ComponentOcts), (EncodeFcn)BEncAsnOcts, (gser_decoder_func*)GDecComponentOcts, (ber_tag_decoder_func*)BDecComponentOctsTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentOcts,(FreeFcn)FreeComponentOcts, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (octetStringOid2_ANY_ID, &oid12, sizeof (ComponentOcts), (EncodeFcn)BEncAsnOcts, (gser_decoder_func*)GDecComponentOcts, (ber_tag_decoder_func*)BDecComponentOctsTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentOcts,(FreeFcn)FreeComponentOcts, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (octetStringOid3_ANY_ID, &oid13, sizeof (ComponentOcts), (EncodeFcn)BEncAsnOcts, (gser_decoder_func*)GDecComponentOcts, (ber_tag_decoder_func*)BDecComponentOctsTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentOcts,(FreeFcn)FreeComponentOcts, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (octetStringOid4_ANY_ID, &oid14, sizeof (ComponentOcts), (EncodeFcn)BEncAsnOcts, (gser_decoder_func*)GDecComponentOcts, (ber_tag_decoder_func*)BDecComponentOctsTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentOcts,(FreeFcn)FreeComponentOcts, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (octetStringOid5_ANY_ID, &oid15, sizeof (ComponentOcts), (EncodeFcn)BEncAsnOcts, (gser_decoder_func*)GDecComponentOcts, (ber_tag_decoder_func*)BDecComponentOctsTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentOcts,(FreeFcn)FreeComponentOcts, (PrintFcn)NULL);
+
+ InstallAnyByComponentOid (octetStringOid7_ANY_ID, &oid17, sizeof (ComponentOcts), (EncodeFcn)BEncAsnOcts, (gser_decoder_func*)GDecComponentOcts, (ber_tag_decoder_func*)BDecComponentOctsTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentOcts,(FreeFcn)FreeComponentOcts, (PrintFcn)NULL);
+
+} /* InitAnyAuthenticationFramework */
+
+int
+MatchingComponentAlgorithmIdentifier ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ rc = 1;
+ rc = MatchingComponentOid ( oid, (ComponentSyntaxInfo*)&((ComponentAlgorithmIdentifier*)csi_attr)->algorithm, (ComponentSyntaxInfo*)&((ComponentAlgorithmIdentifier*)csi_assert)->algorithm );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentAlgorithmIdentifier*)csi_attr)->parameters, (&((ComponentAlgorithmIdentifier*)csi_attr)->algorithm));
+ rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentAlgorithmIdentifier*)csi_attr)->parameters, (ComponentAny*)&((ComponentAlgorithmIdentifier*)csi_assert)->parameters);
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentAlgorithmIdentifier */
+
+void*
+ExtractingComponentAlgorithmIdentifier ( void* mem_op, ComponentReference* cr, ComponentAlgorithmIdentifier *comp )
+{
+
+ if ( ( comp->algorithm.identifier.bv_val && strncmp(comp->algorithm.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->algorithm.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->algorithm;
+ else
+ return NULL;
+ }
+ if ( ( comp->parameters.identifier.bv_val && strncmp(comp->parameters.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->parameters.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->parameters;
+ else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return &comp->parameters;
+ } else {
+ return NULL;
+ }
+ }
+ return NULL;
+} /* ExtractingComponentAlgorithmIdentifier */
+
+int
+BDecComponentAlgorithmIdentifier PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentAlgorithmIdentifier **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ int old_mode = mode;
+ int rc;
+ ComponentAlgorithmIdentifier *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentOid (mem_op, b, tagId1, elmtLen1, (&k->algorithm), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->algorithm)->identifier.bv_val = (&k->algorithm)->id_buf;
+ (&k->algorithm)->identifier.bv_len = strlen("algorithm");
+ strcpy( (&k->algorithm)->identifier.bv_val, "algorithm");
+ if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+ seqDone = TRUE;
+ else
+ {
+ tagId1 = BufPeekByte (b);
+ if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+ {
+ BDecEoc (b, &totalElmtsLen1 );
+ seqDone = TRUE;
+ }
+ }
+ }
+ else
+ return -1;
+
+
+
+ if (!seqDone) {
+ rc = SetAnyTypeByComponentOid ((&k->parameters), (&k->algorithm));
+ rc = BDecComponentAnyDefinedBy (mem_op,b, (&k->parameters), &totalElmtsLen1, mode );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->parameters)->identifier.bv_val = (&k->parameters)->id_buf;
+ (&k->parameters)->identifier.bv_len = strlen("parameters");
+ strcpy( (&k->parameters)->identifier.bv_val, "parameters");
+ seqDone = TRUE;
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ else if (totalElmtsLen1 != elmtLen0)
+ return -1;
+
+ }
+
+
+ if (!seqDone)
+ return -1;
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentAlgorithmIdentifier*) CompAlloc( mem_op, sizeof(ComponentAlgorithmIdentifier) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAlgorithmIdentifier ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAlgorithmIdentifier ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentAlgorithmIdentifier;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAlgorithmIdentifier;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecAlgorithmIdentifier*/
+
+int
+GDecComponentAlgorithmIdentifier PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentAlgorithmIdentifier **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentAlgorithmIdentifier *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if ( strncmp( peek_head, "algorithm", strlen("algorithm") ) == 0 ) {
+ rc = GDecComponentOid (mem_op, b, (&k->algorithm), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->algorithm)->identifier.bv_val = peek_head;
+ (&k->algorithm)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "parameters", strlen("parameters") ) == 0 ) {
+ rc = rc = SetAnyTypeByComponentOid ((&k->parameters), (&k->algorithm));
+ rc = GDecComponentAnyDefinedBy (mem_op, b, (&k->parameters), bytesDecoded, mode );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->parameters)->identifier.bv_val = peek_head;
+ (&k->parameters)->identifier.bv_len = strLen;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+ Asn1Error("Error during Reading } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '}'){
+ Asn1Error("Missing } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentAlgorithmIdentifier*) CompAlloc( mem_op, sizeof(ComponentAlgorithmIdentifier) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAlgorithmIdentifier ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAlgorithmIdentifier ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentAlgorithmIdentifier;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAlgorithmIdentifier;
+ return LDAP_SUCCESS;
+} /* GDecAlgorithmIdentifier*/
+
+
+int
+MatchingComponentTime ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+ ComponentTime *v1, *v2;
+
+
+ v1 = (ComponentTime*)csi_attr;
+ v2 = (ComponentTime*)csi_assert;
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ if( (v1->choiceId != v2->choiceId ) )
+ return LDAP_COMPARE_FALSE;
+ switch( v1->choiceId )
+ {
+ case TIME_UTCTIME :
+ rc = MatchingComponentUTCTime ( oid, (ComponentSyntaxInfo*)(v1->a.utcTime), (ComponentSyntaxInfo*)(v2->a.utcTime) );
+ break;
+ case TIME_GENERALIZEDTIME :
+ rc = MatchingComponentGeneralizedTime ( oid, (ComponentSyntaxInfo*)(v1->a.generalizedTime), (ComponentSyntaxInfo*)(v2->a.generalizedTime) );
+ break;
+ default :
+ return LDAP_PROTOCOL_ERROR;
+ }
+ return rc;
+} /* BMatchingComponentTimeContent */
+
+void*
+ExtractingComponentTime ( void* mem_op, ComponentReference* cr, ComponentTime *comp )
+{
+
+
+ if( (comp->choiceId) == TIME_UTCTIME &&
+ (( comp->a.utcTime->identifier.bv_val && strncmp(comp->a.utcTime->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.utcTime->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.utcTime);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentUTCTime ( mem_op, cr, (comp->a.utcTime) );
+ };
+ }
+ if( (comp->choiceId) == TIME_GENERALIZEDTIME &&
+ (( comp->a.generalizedTime->identifier.bv_val && strncmp(comp->a.generalizedTime->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.generalizedTime->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.generalizedTime);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentGeneralizedTime ( mem_op, cr, (comp->a.generalizedTime) );
+ };
+ }
+ return NULL;
+} /* ExtractingComponentTime */
+
+int
+BDecComponentTime PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentTime **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ int old_mode = mode;
+ int rc;
+ ComponentTime *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ switch (tagId0)
+ {
+ case MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE):
+ case MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE):
+ (k->choiceId) = TIME_UTCTIME;
+ rc = BDecComponentUTCTime (mem_op, b, tagId0, elmtLen0, (&k->a.utcTime), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.utcTime)->identifier.bv_val = (k->a.utcTime)->id_buf;
+ (k->a.utcTime)->identifier.bv_len = strlen("utcTime");
+ strcpy( (k->a.utcTime)->identifier.bv_val, "utcTime");
+ break;
+
+ case MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE):
+ case MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE):
+ (k->choiceId) = TIME_GENERALIZEDTIME;
+ rc = BDecComponentGeneralizedTime (mem_op, b, tagId0, elmtLen0, (&k->a.generalizedTime), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.generalizedTime)->identifier.bv_val = (k->a.generalizedTime)->id_buf;
+ (k->a.generalizedTime)->identifier.bv_len = strlen("generalizedTime");
+ strcpy( (k->a.generalizedTime)->identifier.bv_val, "generalizedTime");
+ break;
+
+ default:
+ Asn1Error ("ERROR - unexpected tag in CHOICE\n");
+ return -1;
+ break;
+ } /* end switch */
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentTime*) CompAlloc( mem_op, sizeof(ComponentTime) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTime ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTime ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTime;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTime;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecTimeContent */
+
+int
+GDecComponentTime PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentTime **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentTime *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen2 = LocateNextGSERToken(mem_op,b,&peek_head2,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head2 != ':'){
+ Asn1Error("Missing : in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( strncmp("utcTime",peek_head, strlen("utcTime")) == 0){
+ (k->choiceId) = TIME_UTCTIME;
+ rc = GDecComponentUTCTime (mem_op, b, (&k->a.utcTime), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.utcTime)->identifier.bv_val = peek_head;
+ (k->a.utcTime)->identifier.bv_len = strLen;
+ }
+ else if( strncmp("generalizedTime",peek_head,strlen("generalizedTime")) == 0){
+ (k->choiceId) = TIME_GENERALIZEDTIME;
+ rc = GDecComponentGeneralizedTime (mem_op, b, (&k->a.generalizedTime), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.generalizedTime)->identifier.bv_val = peek_head;
+ (k->a.generalizedTime)->identifier.bv_len = strLen;
+ }
+ else {
+ Asn1Error("Undefined Identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentTime*) CompAlloc( mem_op, sizeof(ComponentTime) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTime ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTime ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTime;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTime;
+ return LDAP_SUCCESS;
+} /* GDecTimeContent */
+
+
+int
+MatchingComponentExtension ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ rc = 1;
+ rc = MatchingComponentOid ( oid, (ComponentSyntaxInfo*)&((ComponentExtension*)csi_attr)->extnID, (ComponentSyntaxInfo*)&((ComponentExtension*)csi_assert)->extnID );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentBool ( oid, (ComponentSyntaxInfo*)((ComponentExtension*)csi_attr)->critical, (ComponentSyntaxInfo*)((ComponentExtension*)csi_assert)->critical );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentOcts ( oid, (ComponentSyntaxInfo*)&((ComponentExtension*)csi_attr)->extnValue, (ComponentSyntaxInfo*)&((ComponentExtension*)csi_assert)->extnValue );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentExtension */
+
+void*
+ExtractingComponentExtension ( void* mem_op, ComponentReference* cr, ComponentExtension *comp )
+{
+
+ if ( ( comp->extnID.identifier.bv_val && strncmp(comp->extnID.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->extnID.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->extnID;
+ else
+ return NULL;
+ }
+ if ( ( comp->critical->identifier.bv_val && strncmp(comp->critical->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->critical->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->critical;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentBool ( mem_op, cr, comp->critical );
+ }
+ }
+ if ( ( comp->extnValue.identifier.bv_val && strncmp(comp->extnValue.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->extnValue.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->extnValue;
+ else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return &comp->extnValue;
+ } else {
+ return NULL;
+ }
+ }
+ return NULL;
+} /* ExtractingComponentExtension */
+
+int
+BDecComponentExtension PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentExtension **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ int old_mode = mode;
+ int rc;
+ ComponentExtension *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentOid (mem_op, b, tagId1, elmtLen1, (&k->extnID), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->extnID)->identifier.bv_val = (&k->extnID)->id_buf;
+ (&k->extnID)->identifier.bv_len = strlen("extnID");
+ strcpy( (&k->extnID)->identifier.bv_val, "extnID");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, BOOLEAN_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentBool (mem_op, b, tagId1, elmtLen1, (&k->critical), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->critical)->identifier.bv_val = (k->critical)->id_buf;
+ (k->critical)->identifier.bv_len = strlen("critical");
+ strcpy( (k->critical)->identifier.bv_val, "critical");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentOcts (mem_op, b, tagId1, elmtLen1, (&k->extnValue), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->extnValue)->identifier.bv_val = (&k->extnValue)->id_buf;
+ (&k->extnValue)->identifier.bv_len = strlen("extnValue");
+ strcpy( (&k->extnValue)->identifier.bv_val, "extnValue");
+ seqDone = TRUE;
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ else if (totalElmtsLen1 != elmtLen0)
+ return -1;
+
+ }
+ else
+ return -1;
+
+
+
+ if (!seqDone)
+ return -1;
+
+ if(!COMPONENTNOT_NULL ((k->critical)))
+ {
+(k->critical) = CompAlloc( mem_op, sizeof(ComponentBool));
+ (k->critical)->identifier.bv_val = (k->critical)->id_buf;
+ (k->critical)->identifier.bv_len = strlen("critical");
+ strcpy( (k->critical)->identifier.bv_val, "critical");
+ (k->critical)->value = 0;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentExtension*) CompAlloc( mem_op, sizeof(ComponentExtension) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentExtension ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentExtension ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentExtension;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentExtension;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecExtension*/
+
+int
+GDecComponentExtension PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentExtension **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentExtension *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if ( strncmp( peek_head, "extnID", strlen("extnID") ) == 0 ) {
+ rc = GDecComponentOid (mem_op, b, (&k->extnID), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->extnID)->identifier.bv_val = peek_head;
+ (&k->extnID)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "critical", strlen("critical") ) == 0 ) {
+ rc = GDecComponentBool (mem_op, b, (&k->critical), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->critical)->identifier.bv_val = peek_head;
+ ( k->critical)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ else {
+(k->critical) = CompAlloc( mem_op, sizeof(ComponentBool));
+ (k->critical)->value = 0;
+ }
+ if ( strncmp( peek_head, "extnValue", strlen("extnValue") ) == 0 ) {
+ rc = GDecComponentOcts (mem_op, b, (&k->extnValue), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->extnValue)->identifier.bv_val = peek_head;
+ (&k->extnValue)->identifier.bv_len = strLen;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+ Asn1Error("Error during Reading } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '}'){
+ Asn1Error("Missing } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentExtension*) CompAlloc( mem_op, sizeof(ComponentExtension) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentExtension ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentExtension ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentExtension;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentExtension;
+ return LDAP_SUCCESS;
+} /* GDecExtension*/
+
+
+int
+MatchingComponentAttributeTypeAndValue ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ rc = 1;
+ rc = MatchingComponentAttributeType ( oid, (ComponentSyntaxInfo*)&((ComponentAttributeTypeAndValue*)csi_attr)->type, (ComponentSyntaxInfo*)&((ComponentAttributeTypeAndValue*)csi_assert)->type );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentAttributeTypeAndValue*)csi_attr)->value, (&((ComponentAttributeTypeAndValue*)csi_attr)->type));
+ rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentAttributeTypeAndValue*)csi_attr)->value, (ComponentAny*)&((ComponentAttributeTypeAndValue*)csi_assert)->value);
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentAttributeTypeAndValue */
+
+void*
+ExtractingComponentAttributeTypeAndValue ( void* mem_op, ComponentReference* cr, ComponentAttributeTypeAndValue *comp )
+{
+
+ if ( ( comp->type.identifier.bv_val && strncmp(comp->type.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->type.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->type;
+ else
+ return NULL;
+ }
+ if ( ( comp->value.identifier.bv_val && strncmp(comp->value.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->value.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->value;
+ else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_SELECT ) {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return &comp->value;
+ } else {
+ return NULL;
+ }
+ }
+ return NULL;
+} /* ExtractingComponentAttributeTypeAndValue */
+
+int
+BDecComponentAttributeTypeAndValue PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentAttributeTypeAndValue **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ int old_mode = mode;
+ int rc;
+ ComponentAttributeTypeAndValue *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentAttributeType (mem_op, b, tagId1, elmtLen1, (&k->type), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->type)->identifier.bv_val = (&k->type)->id_buf;
+ (&k->type)->identifier.bv_len = strlen("type");
+ strcpy( (&k->type)->identifier.bv_val, "type");
+ }
+ else
+ return -1;
+
+
+
+ {
+ rc = SetAnyTypeByComponentOid ((&k->value), (&k->type));
+ rc = BDecComponentAnyDefinedBy (mem_op,b, (&k->value), &totalElmtsLen1, mode );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->value)->identifier.bv_val = (&k->value)->id_buf;
+ (&k->value)->identifier.bv_len = strlen("value");
+ strcpy( (&k->value)->identifier.bv_val, "value");
+ seqDone = TRUE;
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ else if (totalElmtsLen1 != elmtLen0)
+ return -1;
+
+ }
+
+
+ if (!seqDone)
+ return -1;
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentAttributeTypeAndValue*) CompAlloc( mem_op, sizeof(ComponentAttributeTypeAndValue) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAttributeTypeAndValue ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAttributeTypeAndValue ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentAttributeTypeAndValue;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAttributeTypeAndValue;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecAttributeTypeAndValue*/
+
+int
+GDecComponentAttributeTypeAndValue PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentAttributeTypeAndValue **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentAttributeTypeAndValue *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if ( strncmp( peek_head, "type", strlen("type") ) == 0 ) {
+ rc = GDecComponentAttributeType (mem_op, b, (&k->type), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->type)->identifier.bv_val = peek_head;
+ (&k->type)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "value", strlen("value") ) == 0 ) {
+ rc = rc = SetAnyTypeByComponentOid ((&k->value), (&k->type));
+ rc = GDecComponentAnyDefinedBy (mem_op, b, (&k->value), bytesDecoded, mode );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->value)->identifier.bv_val = peek_head;
+ (&k->value)->identifier.bv_len = strLen;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+ Asn1Error("Error during Reading } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '}'){
+ Asn1Error("Missing } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentAttributeTypeAndValue*) CompAlloc( mem_op, sizeof(ComponentAttributeTypeAndValue) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAttributeTypeAndValue ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAttributeTypeAndValue ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentAttributeTypeAndValue;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAttributeTypeAndValue;
+ return LDAP_SUCCESS;
+} /* GDecAttributeTypeAndValue*/
+
+
+int
+MatchingComponentValidity ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ rc = 1;
+ rc = MatchingComponentTime ( oid, (ComponentSyntaxInfo*)((ComponentValidity*)csi_attr)->notBefore, (ComponentSyntaxInfo*)((ComponentValidity*)csi_assert)->notBefore );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentTime ( oid, (ComponentSyntaxInfo*)((ComponentValidity*)csi_attr)->notAfter, (ComponentSyntaxInfo*)((ComponentValidity*)csi_assert)->notAfter );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentValidity */
+
+void*
+ExtractingComponentValidity ( void* mem_op, ComponentReference* cr, ComponentValidity *comp )
+{
+
+ if ( ( comp->notBefore->identifier.bv_val && strncmp(comp->notBefore->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->notBefore->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->notBefore;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentTime ( mem_op, cr, comp->notBefore );
+ }
+ }
+ if ( ( comp->notAfter->identifier.bv_val && strncmp(comp->notAfter->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->notAfter->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->notAfter;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentTime ( mem_op, cr, comp->notAfter );
+ }
+ }
+ return NULL;
+} /* ExtractingComponentValidity */
+
+int
+BDecComponentValidity PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentValidity **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ AsnLen totalElmtsLen2 = 0;
+ AsnLen elmtLen2;
+ AsnTag tagId2;
+ int old_mode = mode;
+ int rc;
+ ComponentValidity *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE)) ||
+ (tagId1 ==MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE))||
+ (tagId1 == MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentTime (mem_op, b, tagId1, elmtLen1, (&k->notBefore), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->notBefore)->identifier.bv_val = (k->notBefore)->id_buf;
+ (k->notBefore)->identifier.bv_len = strlen("notBefore");
+ strcpy( (k->notBefore)->identifier.bv_val, "notBefore");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE)) ||
+ (tagId1 ==MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE))||
+ (tagId1 == MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentTime (mem_op, b, tagId1, elmtLen1, (&k->notAfter), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->notAfter)->identifier.bv_val = (k->notAfter)->id_buf;
+ (k->notAfter)->identifier.bv_len = strlen("notAfter");
+ strcpy( (k->notAfter)->identifier.bv_val, "notAfter");
+ seqDone = TRUE;
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ else if (totalElmtsLen1 != elmtLen0)
+ return -1;
+
+ }
+ else
+ return -1;
+
+
+
+ if (!seqDone)
+ return -1;
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentValidity*) CompAlloc( mem_op, sizeof(ComponentValidity) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentValidity ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentValidity ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentValidity;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentValidity;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecValidity*/
+
+int
+GDecComponentValidity PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentValidity **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentValidity *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if ( strncmp( peek_head, "notBefore", strlen("notBefore") ) == 0 ) {
+ rc = GDecComponentTime (mem_op, b, (&k->notBefore), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->notBefore)->identifier.bv_val = peek_head;
+ ( k->notBefore)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "notAfter", strlen("notAfter") ) == 0 ) {
+ rc = GDecComponentTime (mem_op, b, (&k->notAfter), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->notAfter)->identifier.bv_val = peek_head;
+ ( k->notAfter)->identifier.bv_len = strLen;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+ Asn1Error("Error during Reading } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '}'){
+ Asn1Error("Missing } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentValidity*) CompAlloc( mem_op, sizeof(ComponentValidity) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentValidity ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentValidity ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentValidity;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentValidity;
+ return LDAP_SUCCESS;
+} /* GDecValidity*/
+
+
+int
+MatchingComponentSubjectPublicKeyInfo ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ rc = 1;
+ rc = MatchingComponentAlgorithmIdentifier ( oid, (ComponentSyntaxInfo*)((ComponentSubjectPublicKeyInfo*)csi_attr)->algorithm, (ComponentSyntaxInfo*)((ComponentSubjectPublicKeyInfo*)csi_assert)->algorithm );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentBits ( oid, (ComponentSyntaxInfo*)&((ComponentSubjectPublicKeyInfo*)csi_attr)->subjectPublicKey, (ComponentSyntaxInfo*)&((ComponentSubjectPublicKeyInfo*)csi_assert)->subjectPublicKey );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentSubjectPublicKeyInfo */
+
+void*
+ExtractingComponentSubjectPublicKeyInfo ( void* mem_op, ComponentReference* cr, ComponentSubjectPublicKeyInfo *comp )
+{
+
+ if ( ( comp->algorithm->identifier.bv_val && strncmp(comp->algorithm->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->algorithm->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->algorithm;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentAlgorithmIdentifier ( mem_op, cr, comp->algorithm );
+ }
+ }
+ if ( ( comp->subjectPublicKey.identifier.bv_val && strncmp(comp->subjectPublicKey.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->subjectPublicKey.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->subjectPublicKey;
+ else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return &comp->subjectPublicKey;
+ } else {
+ return NULL;
+ }
+ }
+ return NULL;
+} /* ExtractingComponentSubjectPublicKeyInfo */
+
+int
+BDecComponentSubjectPublicKeyInfo PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentSubjectPublicKeyInfo **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ int old_mode = mode;
+ int rc;
+ ComponentSubjectPublicKeyInfo *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->algorithm), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->algorithm)->identifier.bv_val = (k->algorithm)->id_buf;
+ (k->algorithm)->identifier.bv_len = strlen("algorithm");
+ strcpy( (k->algorithm)->identifier.bv_val, "algorithm");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, BITSTRING_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentBits (mem_op, b, tagId1, elmtLen1, (&k->subjectPublicKey), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->subjectPublicKey)->identifier.bv_val = (&k->subjectPublicKey)->id_buf;
+ (&k->subjectPublicKey)->identifier.bv_len = strlen("subjectPublicKey");
+ strcpy( (&k->subjectPublicKey)->identifier.bv_val, "subjectPublicKey");
+ seqDone = TRUE;
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ else if (totalElmtsLen1 != elmtLen0)
+ return -1;
+
+ }
+ else
+ return -1;
+
+
+
+ if (!seqDone)
+ return -1;
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentSubjectPublicKeyInfo*) CompAlloc( mem_op, sizeof(ComponentSubjectPublicKeyInfo) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentSubjectPublicKeyInfo ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentSubjectPublicKeyInfo ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentSubjectPublicKeyInfo;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentSubjectPublicKeyInfo;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecSubjectPublicKeyInfo*/
+
+int
+GDecComponentSubjectPublicKeyInfo PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentSubjectPublicKeyInfo **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentSubjectPublicKeyInfo *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if ( strncmp( peek_head, "algorithm", strlen("algorithm") ) == 0 ) {
+ rc = GDecComponentAlgorithmIdentifier (mem_op, b, (&k->algorithm), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->algorithm)->identifier.bv_val = peek_head;
+ ( k->algorithm)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "subjectPublicKey", strlen("subjectPublicKey") ) == 0 ) {
+ rc = GDecComponentBits (mem_op, b, (&k->subjectPublicKey), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->subjectPublicKey)->identifier.bv_val = peek_head;
+ (&k->subjectPublicKey)->identifier.bv_len = strLen;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+ Asn1Error("Error during Reading } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '}'){
+ Asn1Error("Missing } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentSubjectPublicKeyInfo*) CompAlloc( mem_op, sizeof(ComponentSubjectPublicKeyInfo) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentSubjectPublicKeyInfo ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentSubjectPublicKeyInfo ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentSubjectPublicKeyInfo;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentSubjectPublicKeyInfo;
+ return LDAP_SUCCESS;
+} /* GDecSubjectPublicKeyInfo*/
+
+
+int
+MatchingComponentExtensions ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+ void* component1, *component2;
+ AsnList *v1, *v2, t_list;
+
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ v1 = &((ComponentExtensions*)csi_attr)->comp_list;
+ v2 = &((ComponentExtensions*)csi_assert)->comp_list;
+ FOR_EACH_LIST_PAIR_ELMT(component1, component2, v1, v2)
+ {
+ if( MatchingComponentExtension(oid, (ComponentSyntaxInfo*)component1, (ComponentSyntaxInfo*)component2) == LDAP_COMPARE_FALSE) {
+ return LDAP_COMPARE_FALSE;
+ }
+ } /* end of for */
+
+ AsnListFirst( v1 );
+ AsnListFirst( v2 );
+ if( (!component1 && component2) || (component1 && !component2))
+ return LDAP_COMPARE_FALSE;
+ else
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentExtensionsContent */
+
+void*
+ExtractingComponentExtensions ( void* mem_op, ComponentReference* cr, ComponentExtensions *comp )
+{
+ int count = 0;
+ int total;
+ AsnList *v = &comp->comp_list;
+ ComponentInt *k;
+ ComponentExtension *component;
+
+
+ switch ( cr->cr_curr->ci_type ) {
+ case LDAP_COMPREF_FROM_BEGINNING :
+ count = cr->cr_curr->ci_val.ci_from_beginning;
+ FOR_EACH_LIST_ELMT( component , v ) {
+ if( --count == 0 ) {
+ if( cr->cr_curr->ci_next == NULL )
+ return component;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentExtension ( mem_op, cr, component );
+ }
+ }
+ }
+ break;
+ case LDAP_COMPREF_FROM_END :
+ total = AsnListCount ( v );
+ count = cr->cr_curr->ci_val.ci_from_end;
+ count = total + count +1;
+ FOR_EACH_LIST_ELMT ( component, v ) {
+ if( --count == 0 ) {
+ if( cr->cr_curr->ci_next == NULL )
+ return component;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentExtension ( mem_op, cr, component );
+ }
+ }
+ }
+ break;
+ case LDAP_COMPREF_ALL :
+ return comp;
+ case LDAP_COMPREF_COUNT :
+ k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt));
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ k->comp_desc->cd_tag = (-1);
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
+ k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_type_id = BASICTYPE_INTEGER;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentInt;
+ k->value = AsnListCount(v);
+ return k;
+ default :
+ return NULL;
+ }
+} /* ExtractingComponentExtensions */
+
+int
+BDecComponentExtensions PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentExtensions **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ int old_mode = mode;
+ int rc;
+ ComponentExtensions *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ AsnListInit(&k->comp_list,sizeof(ComponentExtension));
+ for (totalElmtsLen1 = 0; (totalElmtsLen1 < elmtLen0) || (elmtLen0 == INDEFINITE_LEN);)
+ {
+ ComponentExtension **tmpVar;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if ((tagId1 == EOC_TAG_ID) && (elmtLen0 == INDEFINITE_LEN))
+ {
+ BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+ break; /* got EOC so can exit this SET OF/SEQ OF's for loop*/
+ }
+ if ((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ tmpVar = (ComponentExtension**) CompAsnListAppend (mem_op,&k->comp_list);
+ rc = BDecComponentExtension (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ } /* end of tag check if */
+ else /* wrong tag */
+ {
+ Asn1Error ("Unexpected Tag\n");
+ return -1;
+ }
+ } /* end of for */
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentExtensions*) CompAlloc( mem_op, sizeof(ComponentExtensions) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentExtensions ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentExtensions ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentExtensions;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentExtensions;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecExtensionsContent */
+
+int
+GDecComponentExtensions PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentExtensions **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentExtensions *k,*t, c_temp;
+
+
+ int ElmtsLen1;
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ AsnListInit( &k->comp_list, sizeof( ComponentExtension ) );
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_PEEK)) ){
+ Asn1Error("Error during Reading { in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ for (ElmtsLen1 = 0; ElmtsLen1 >= INDEFINITE_LEN; ElmtsLen1++)
+ {
+ ComponentExtension **tmpVar;
+ if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading{ in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head == '}') break;
+ if( !(*peek_head == '{' || *peek_head ==',') ) {
+ return LDAP_PROTOCOL_ERROR;
+ }
+ tmpVar = (ComponentExtension**) CompAsnListAppend (mem_op, &k->comp_list);
+ if ( tmpVar == NULL ) {
+ Asn1Error("Error during Reading{ in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ rc = GDecComponentExtension (mem_op, b, tmpVar, bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ } /* end of for */
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentExtensions*) CompAlloc( mem_op, sizeof(ComponentExtensions) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentExtensions ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentExtensions ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentExtensions;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentExtensions;
+ return LDAP_SUCCESS;
+} /* GDecExtensionsContent */
+
+
+int
+MatchingComponentRelativeDistinguishedName ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+ void* component1, *component2;
+ AsnList *v1, *v2, t_list;
+
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ v1 = &((ComponentRelativeDistinguishedName*)csi_attr)->comp_list;
+ v2 = &((ComponentRelativeDistinguishedName*)csi_assert)->comp_list;
+ AsnListInit( &t_list, 0 );
+ if( AsnListCount( v1 ) != AsnListCount( v2 ) )
+ return LDAP_COMPARE_FALSE;
+ FOR_EACH_LIST_ELMT (component1, v1)
+ {
+ FOR_EACH_LIST_ELMT(component2, v2)
+ {
+ if( MatchingComponentAttributeTypeAndValue(oid, (ComponentSyntaxInfo*)component1,(ComponentSyntaxInfo*)component2) == LDAP_COMPARE_TRUE ) {
+ AsnElmtMove( v2, &t_list );
+ break;
+ }
+ } /* end of inner for */
+ } /* end of outer for */
+
+ if( AsnListCount( v2 ) == 0 )
+ rc = LDAP_COMPARE_TRUE;
+ else
+ rc = LDAP_COMPARE_FALSE;
+ AsnListMove( &t_list, v2 );
+ AsnListFirst( v1 );
+ AsnListFirst( v2 );
+ return rc;
+} /* BMatchingComponentRelativeDistinguishedNameContent */
+
+void*
+ExtractingComponentRelativeDistinguishedName ( void* mem_op, ComponentReference* cr, ComponentRelativeDistinguishedName *comp )
+{
+ int count = 0;
+ int total;
+ AsnList *v = &comp->comp_list;
+ ComponentInt *k;
+ ComponentAttributeTypeAndValue *component;
+
+
+ switch ( cr->cr_curr->ci_type ) {
+ case LDAP_COMPREF_FROM_BEGINNING :
+ count = cr->cr_curr->ci_val.ci_from_beginning;
+ FOR_EACH_LIST_ELMT( component , v ) {
+ if( --count == 0 ) {
+ if( cr->cr_curr->ci_next == NULL )
+ return component;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentAttributeTypeAndValue ( mem_op, cr, component );
+ }
+ }
+ }
+ break;
+ case LDAP_COMPREF_FROM_END :
+ total = AsnListCount ( v );
+ count = cr->cr_curr->ci_val.ci_from_end;
+ count = total + count +1;
+ FOR_EACH_LIST_ELMT ( component, v ) {
+ if( --count == 0 ) {
+ if( cr->cr_curr->ci_next == NULL )
+ return component;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentAttributeTypeAndValue ( mem_op, cr, component );
+ }
+ }
+ }
+ break;
+ case LDAP_COMPREF_ALL :
+ return comp;
+ case LDAP_COMPREF_COUNT :
+ k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt));
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ k->comp_desc->cd_tag = (-1);
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
+ k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_type_id = BASICTYPE_INTEGER;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentInt;
+ k->value = AsnListCount(v);
+ return k;
+ default :
+ return NULL;
+ }
+} /* ExtractingComponentRelativeDistinguishedName */
+
+int
+BDecComponentRelativeDistinguishedName PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentRelativeDistinguishedName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ int old_mode = mode;
+ int rc;
+ ComponentRelativeDistinguishedName *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ AsnListInit(&k->comp_list,sizeof(ComponentAttributeTypeAndValue));
+ for (totalElmtsLen1 = 0; (totalElmtsLen1 < elmtLen0) || (elmtLen0 == INDEFINITE_LEN);)
+ {
+ ComponentAttributeTypeAndValue **tmpVar;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if ((tagId1 == EOC_TAG_ID) && (elmtLen0 == INDEFINITE_LEN))
+ {
+ BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+ break; /* got EOC so can exit this SET OF/SEQ OF's for loop*/
+ }
+ if ((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ tmpVar = (ComponentAttributeTypeAndValue**) CompAsnListAppend (mem_op,&k->comp_list);
+ rc = BDecComponentAttributeTypeAndValue (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ } /* end of tag check if */
+ else /* wrong tag */
+ {
+ Asn1Error ("Unexpected Tag\n");
+ return -1;
+ }
+ } /* end of for */
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentRelativeDistinguishedName*) CompAlloc( mem_op, sizeof(ComponentRelativeDistinguishedName) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+
+ t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_ldap_encoder = (encoder_func*)ConvertRDN2RFC2253;
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRelativeDistinguishedName ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRelativeDistinguishedName ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentRelativeDistinguishedName;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = RelativeDistinguishedName;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentRelativeDistinguishedName;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecRelativeDistinguishedNameContent */
+
+int
+GDecComponentRelativeDistinguishedName PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentRelativeDistinguishedName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentRelativeDistinguishedName *k,*t, c_temp;
+
+
+ int ElmtsLen1;
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ AsnListInit( &k->comp_list, sizeof( ComponentAttributeTypeAndValue ) );
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_PEEK)) ){
+ Asn1Error("Error during Reading { in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ for (ElmtsLen1 = 0; ElmtsLen1 >= INDEFINITE_LEN; ElmtsLen1++)
+ {
+ ComponentAttributeTypeAndValue **tmpVar;
+ if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading{ in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head == '}') break;
+ if( !(*peek_head == '{' || *peek_head ==',') ) {
+ return LDAP_PROTOCOL_ERROR;
+ }
+ tmpVar = (ComponentAttributeTypeAndValue**) CompAsnListAppend (mem_op, &k->comp_list);
+ if ( tmpVar == NULL ) {
+ Asn1Error("Error during Reading{ in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ rc = GDecComponentAttributeTypeAndValue (mem_op, b, tmpVar, bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ } /* end of for */
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentRelativeDistinguishedName*) CompAlloc( mem_op, sizeof(ComponentRelativeDistinguishedName) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRelativeDistinguishedName ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRelativeDistinguishedName ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentRelativeDistinguishedName;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = RelativeDistinguishedName;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentRelativeDistinguishedName;
+ return LDAP_SUCCESS;
+} /* GDecRelativeDistinguishedNameContent */
+
+
+int
+MatchingComponentRDNSequence ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+ void* component1, *component2;
+ AsnList *v1, *v2, t_list;
+
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ v1 = &((ComponentRDNSequence*)csi_attr)->comp_list;
+ v2 = &((ComponentRDNSequence*)csi_assert)->comp_list;
+ FOR_EACH_LIST_PAIR_ELMT(component1, component2, v1, v2)
+ {
+ if( MatchingComponentRelativeDistinguishedName(oid, (ComponentSyntaxInfo*)component1, (ComponentSyntaxInfo*)component2) == LDAP_COMPARE_FALSE) {
+ return LDAP_COMPARE_FALSE;
+ }
+ } /* end of for */
+
+ AsnListFirst( v1 );
+ AsnListFirst( v2 );
+ if( (!component1 && component2) || (component1 && !component2))
+ return LDAP_COMPARE_FALSE;
+ else
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentRDNSequenceContent */
+
+void*
+ExtractingComponentRDNSequence ( void* mem_op, ComponentReference* cr, ComponentRDNSequence *comp )
+{
+ int count = 0;
+ int total;
+ AsnList *v = &comp->comp_list;
+ ComponentInt *k;
+ ComponentRelativeDistinguishedName *component;
+
+
+ switch ( cr->cr_curr->ci_type ) {
+ case LDAP_COMPREF_FROM_BEGINNING :
+ count = cr->cr_curr->ci_val.ci_from_beginning;
+ FOR_EACH_LIST_ELMT( component , v ) {
+ if( --count == 0 ) {
+ if( cr->cr_curr->ci_next == NULL )
+ return component;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentRelativeDistinguishedName ( mem_op, cr, component );
+ }
+ }
+ }
+ break;
+ case LDAP_COMPREF_FROM_END :
+ total = AsnListCount ( v );
+ count = cr->cr_curr->ci_val.ci_from_end;
+ count = total + count +1;
+ FOR_EACH_LIST_ELMT ( component, v ) {
+ if( --count == 0 ) {
+ if( cr->cr_curr->ci_next == NULL )
+ return component;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentRelativeDistinguishedName ( mem_op, cr, component );
+ }
+ }
+ }
+ break;
+ case LDAP_COMPREF_ALL :
+ return comp;
+ case LDAP_COMPREF_COUNT :
+ k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt));
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ k->comp_desc->cd_tag = (-1);
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
+ k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_type_id = BASICTYPE_INTEGER;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentInt;
+ k->value = AsnListCount(v);
+ return k;
+ default :
+ return NULL;
+ }
+} /* ExtractingComponentRDNSequence */
+
+int
+BDecComponentRDNSequence PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentRDNSequence **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ int old_mode = mode;
+ int rc;
+ ComponentRDNSequence *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ AsnListInit(&k->comp_list,sizeof(ComponentRelativeDistinguishedName));
+ for (totalElmtsLen1 = 0; (totalElmtsLen1 < elmtLen0) || (elmtLen0 == INDEFINITE_LEN);)
+ {
+ ComponentRelativeDistinguishedName **tmpVar;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if ((tagId1 == EOC_TAG_ID) && (elmtLen0 == INDEFINITE_LEN))
+ {
+ BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+ break; /* got EOC so can exit this SET OF/SEQ OF's for loop*/
+ }
+ if ((tagId1 == MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ tmpVar = (ComponentRelativeDistinguishedName**) CompAsnListAppend (mem_op,&k->comp_list);
+ rc = BDecComponentRelativeDistinguishedName (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ } /* end of tag check if */
+ else /* wrong tag */
+ {
+ Asn1Error ("Unexpected Tag\n");
+ return -1;
+ }
+ } /* end of for */
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentRDNSequence*) CompAlloc( mem_op, sizeof(ComponentRDNSequence) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+
+ t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_ldap_encoder = (encoder_func*) ConvertRDNSequence2RFC2253;
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRDNSequence ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRDNSequence ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentRDNSequence;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = RDNSequence;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentRDNSequence;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecRDNSequenceContent */
+
+int
+GDecComponentRDNSequence PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentRDNSequence **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentRDNSequence *k,*t, c_temp;
+
+
+ int ElmtsLen1;
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ AsnListInit( &k->comp_list, sizeof( ComponentRelativeDistinguishedName ) );
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_PEEK)) ){
+ Asn1Error("Error during Reading { in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ for (ElmtsLen1 = 0; ElmtsLen1 >= INDEFINITE_LEN; ElmtsLen1++)
+ {
+ ComponentRelativeDistinguishedName **tmpVar;
+ if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading{ in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head == '}') break;
+ if( !(*peek_head == '{' || *peek_head ==',') ) {
+ return LDAP_PROTOCOL_ERROR;
+ }
+ tmpVar = (ComponentRelativeDistinguishedName**) CompAsnListAppend (mem_op, &k->comp_list);
+ if ( tmpVar == NULL ) {
+ Asn1Error("Error during Reading{ in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ rc = GDecComponentRelativeDistinguishedName (mem_op, b, tmpVar, bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ } /* end of for */
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentRDNSequence*) CompAlloc( mem_op, sizeof(ComponentRDNSequence) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_ldap_encoder = (encoder_func*)ConvertRDNSequence2RFC2253;
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRDNSequence ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRDNSequence ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentRDNSequence;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = RDNSequence ;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentRDNSequence;
+ return LDAP_SUCCESS;
+} /* GDecRDNSequenceContent */
+
+
+int
+MatchingComponentName ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+ ComponentName *v1, *v2;
+
+
+ v1 = (ComponentName*)csi_attr;
+ v2 = (ComponentName*)csi_assert;
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ if( (v1->choiceId != v2->choiceId ) )
+ return LDAP_COMPARE_FALSE;
+ switch( v1->choiceId )
+ {
+ case NAME_RDNSEQUENCE :
+ rc = MatchingComponentRDNSequence ( oid, (ComponentSyntaxInfo*)(v1->a.rdnSequence), (ComponentSyntaxInfo*)(v2->a.rdnSequence) );
+ break;
+ default :
+ return LDAP_PROTOCOL_ERROR;
+ }
+ return rc;
+} /* BMatchingComponentNameContent */
+
+void*
+ExtractingComponentName ( void* mem_op, ComponentReference* cr, ComponentName *comp )
+{
+
+
+ if( (comp->choiceId) == NAME_RDNSEQUENCE &&
+ (( comp->a.rdnSequence->identifier.bv_val && strncmp(comp->a.rdnSequence->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+ ( strncmp(comp->a.rdnSequence->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return (comp->a.rdnSequence);
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentRDNSequence ( mem_op, cr, (comp->a.rdnSequence) );
+ };
+ }
+ return NULL;
+} /* ExtractingComponentName */
+
+int
+BDecComponentName PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ int old_mode = mode;
+ int rc;
+ ComponentName *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ switch (tagId0)
+ {
+ case MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE):
+ (k->choiceId) = NAME_RDNSEQUENCE;
+ rc = BDecComponentRDNSequence (mem_op, b, tagId0, elmtLen0, (&k->a.rdnSequence), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.rdnSequence)->identifier.bv_val = (k->a.rdnSequence)->id_buf;
+ (k->a.rdnSequence)->identifier.bv_len = strlen("rdnSequence");
+ strcpy( (k->a.rdnSequence)->identifier.bv_val, "rdnSequence");
+ break;
+
+ default:
+ Asn1Error ("ERROR - unexpected tag in CHOICE\n");
+ return -1;
+ break;
+ } /* end switch */
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentName*) CompAlloc( mem_op, sizeof(ComponentName) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentName ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentName ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentName;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentName;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecNameContent */
+
+int
+GDecComponentName PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentName *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen2 = LocateNextGSERToken(mem_op,b,&peek_head2,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head2 != ':'){
+ Asn1Error("Missing : in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( strncmp("rdnSequence",peek_head, strlen("rdnSequence")) == 0){
+ (k->choiceId) = NAME_RDNSEQUENCE;
+ rc = GDecComponentRDNSequence (mem_op, b, (&k->a.rdnSequence), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->a.rdnSequence)->identifier.bv_val = peek_head;
+ (k->a.rdnSequence)->identifier.bv_len = strLen;
+ }
+ else {
+ Asn1Error("Undefined Identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentName*) CompAlloc( mem_op, sizeof(ComponentName) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentName ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentName ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentName;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentName;
+ return LDAP_SUCCESS;
+} /* GDecNameContent */
+
+
+int
+MatchingComponentTBSCertificate ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ rc = 1;
+ rc = MatchingComponentVersion ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_attr)->version, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_assert)->version );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentCertificateSerialNumber ( oid, (ComponentSyntaxInfo*)&((ComponentTBSCertificate*)csi_attr)->serialNumber, (ComponentSyntaxInfo*)&((ComponentTBSCertificate*)csi_assert)->serialNumber );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentAlgorithmIdentifier ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_attr)->signature, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_assert)->signature );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentName ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_attr)->issuer, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_assert)->issuer );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentValidity ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_attr)->validity, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_assert)->validity );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentName ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_attr)->subject, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_assert)->subject );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentSubjectPublicKeyInfo ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_attr)->subjectPublicKeyInfo, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_assert)->subjectPublicKeyInfo );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentUniqueIdentifier ( oid, (ComponentSyntaxInfo*)&((ComponentTBSCertificate*)csi_attr)->issuerUniqueIdentifier, (ComponentSyntaxInfo*)&((ComponentTBSCertificate*)csi_assert)->issuerUniqueIdentifier );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentUniqueIdentifier ( oid, (ComponentSyntaxInfo*)&((ComponentTBSCertificate*)csi_attr)->subjectUniqueIdentifier, (ComponentSyntaxInfo*)&((ComponentTBSCertificate*)csi_assert)->subjectUniqueIdentifier );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ if(COMPONENTNOT_NULL( ((ComponentTBSCertificate*)csi_attr)->extensions ) ) {
+ rc = MatchingComponentExtensions ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_attr)->extensions, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_assert)->extensions );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ }
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentTBSCertificate */
+
+void*
+ExtractingComponentTBSCertificate ( void* mem_op, ComponentReference* cr, ComponentTBSCertificate *comp )
+{
+
+ if ( ( comp->version->identifier.bv_val && strncmp(comp->version->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->version->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->version;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentVersion ( mem_op, cr, comp->version );
+ }
+ }
+ if ( ( comp->serialNumber.identifier.bv_val && strncmp(comp->serialNumber.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->serialNumber.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->serialNumber;
+ else
+ return NULL;
+ }
+ if ( ( comp->signature->identifier.bv_val && strncmp(comp->signature->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->signature->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->signature;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentAlgorithmIdentifier ( mem_op, cr, comp->signature );
+ }
+ }
+ if ( ( comp->issuer->identifier.bv_val && strncmp(comp->issuer->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->issuer->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->issuer;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentName ( mem_op, cr, comp->issuer );
+ }
+ }
+ if ( ( comp->validity->identifier.bv_val && strncmp(comp->validity->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->validity->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->validity;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentValidity ( mem_op, cr, comp->validity );
+ }
+ }
+ if ( ( comp->subject->identifier.bv_val && strncmp(comp->subject->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->subject->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->subject;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentName ( mem_op, cr, comp->subject );
+ }
+ }
+ if ( ( comp->subjectPublicKeyInfo->identifier.bv_val && strncmp(comp->subjectPublicKeyInfo->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->subjectPublicKeyInfo->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->subjectPublicKeyInfo;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentSubjectPublicKeyInfo ( mem_op, cr, comp->subjectPublicKeyInfo );
+ }
+ }
+ if ( ( comp->issuerUniqueIdentifier.identifier.bv_val && strncmp(comp->issuerUniqueIdentifier.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->issuerUniqueIdentifier.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->issuerUniqueIdentifier;
+ else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return &comp->issuerUniqueIdentifier;
+ } else {
+ return NULL;
+ }
+ }
+ if ( ( comp->subjectUniqueIdentifier.identifier.bv_val && strncmp(comp->subjectUniqueIdentifier.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->subjectUniqueIdentifier.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->subjectUniqueIdentifier;
+ else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return &comp->subjectUniqueIdentifier;
+ } else {
+ return NULL;
+ }
+ }
+ if ( ( comp->extensions->identifier.bv_val && strncmp(comp->extensions->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->extensions->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->extensions;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentExtensions ( mem_op, cr, comp->extensions );
+ }
+ }
+ return NULL;
+} /* ExtractingComponentTBSCertificate */
+
+int
+BDecComponentTBSCertificate PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentTBSCertificate **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ AsnLen totalElmtsLen2 = 0;
+ AsnLen elmtLen2;
+ AsnTag tagId2;
+ int old_mode = mode;
+ int rc;
+ ComponentTBSCertificate *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if (((tagId1 == MAKE_TAG_ID (CNTX, CONS, 0))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ tagId2 = BDecTag (b, &totalElmtsLen1 );
+
+ if (tagId2 != MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
+ {
+ Asn1Error ("Unexpected Tag\n");
+ return -1;
+ }
+
+ elmtLen2 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentVersion (mem_op, b, tagId2, elmtLen2, (&k->version), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->version)->identifier.bv_val = (k->version)->id_buf;
+ (k->version)->identifier.bv_len = strlen("version");
+ strcpy( (k->version)->identifier.bv_val, "version");
+ if (elmtLen1 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentCertificateSerialNumber (mem_op, b, tagId1, elmtLen1, (&k->serialNumber), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->serialNumber)->identifier.bv_val = (&k->serialNumber)->id_buf;
+ (&k->serialNumber)->identifier.bv_len = strlen("serialNumber");
+ strcpy( (&k->serialNumber)->identifier.bv_val, "serialNumber");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->signature), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->signature)->identifier.bv_val = (k->signature)->id_buf;
+ (k->signature)->identifier.bv_len = strlen("signature");
+ strcpy( (k->signature)->identifier.bv_val, "signature");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentName (mem_op, b, tagId1, elmtLen1, (&k->issuer), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->issuer)->identifier.bv_val = (k->issuer)->id_buf;
+ (k->issuer)->identifier.bv_len = strlen("issuer");
+ strcpy( (k->issuer)->identifier.bv_val, "issuer");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentValidity (mem_op, b, tagId1, elmtLen1, (&k->validity), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->validity)->identifier.bv_val = (k->validity)->id_buf;
+ (k->validity)->identifier.bv_len = strlen("validity");
+ strcpy( (k->validity)->identifier.bv_val, "validity");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentName (mem_op, b, tagId1, elmtLen1, (&k->subject), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->subject)->identifier.bv_val = (k->subject)->id_buf;
+ (k->subject)->identifier.bv_len = strlen("subject");
+ strcpy( (k->subject)->identifier.bv_val, "subject");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentSubjectPublicKeyInfo (mem_op, b, tagId1, elmtLen1, (&k->subjectPublicKeyInfo), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->subjectPublicKeyInfo)->identifier.bv_val = (k->subjectPublicKeyInfo)->id_buf;
+ (k->subjectPublicKeyInfo)->identifier.bv_len = strlen("subjectPublicKeyInfo");
+ strcpy( (k->subjectPublicKeyInfo)->identifier.bv_val, "subjectPublicKeyInfo");
+ if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+ seqDone = TRUE;
+ else
+ {
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+ {
+ BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+ seqDone = TRUE;
+ }
+ }
+ }
+ else
+ return -1;
+
+
+
+ if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (CNTX, PRIM, 1)) ||
+(tagId1 == MAKE_TAG_ID (CNTX, CONS, 1))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentUniqueIdentifier (mem_op, b, tagId1, elmtLen1, (&k->issuerUniqueIdentifier), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->issuerUniqueIdentifier)->identifier.bv_val = (&k->issuerUniqueIdentifier)->id_buf;
+ (&k->issuerUniqueIdentifier)->identifier.bv_len = strlen("issuerUniqueIdentifier");
+ strcpy( (&k->issuerUniqueIdentifier)->identifier.bv_val, "issuerUniqueIdentifier");
+ if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+ seqDone = TRUE;
+ else
+ {
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+ {
+ BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+ seqDone = TRUE;
+ }
+ }
+ }
+
+
+ if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (CNTX, PRIM, 2)) ||
+(tagId1 == MAKE_TAG_ID (CNTX, CONS, 2))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentUniqueIdentifier (mem_op, b, tagId1, elmtLen1, (&k->subjectUniqueIdentifier), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->subjectUniqueIdentifier)->identifier.bv_val = (&k->subjectUniqueIdentifier)->id_buf;
+ (&k->subjectUniqueIdentifier)->identifier.bv_len = strlen("subjectUniqueIdentifier");
+ strcpy( (&k->subjectUniqueIdentifier)->identifier.bv_val, "subjectUniqueIdentifier");
+ if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+ seqDone = TRUE;
+ else
+ {
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+ {
+ BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+ seqDone = TRUE;
+ }
+ }
+ }
+
+
+ if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (CNTX, CONS, 3))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ tagId2 = BDecTag (b, &totalElmtsLen1 );
+
+ if (tagId2 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+ {
+ Asn1Error ("Unexpected Tag\n");
+ return -1;
+ }
+
+ elmtLen2 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentExtensions (mem_op, b, tagId2, elmtLen2, (&k->extensions), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->extensions)->identifier.bv_val = (k->extensions)->id_buf;
+ (k->extensions)->identifier.bv_len = strlen("extensions");
+ strcpy( (k->extensions)->identifier.bv_val, "extensions");
+ if (elmtLen1 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ seqDone = TRUE;
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ else if (totalElmtsLen1 != elmtLen0)
+ return -1;
+
+ }
+
+
+ if (!seqDone)
+ return -1;
+
+ if(!COMPONENTNOT_NULL ((k->version)))
+ {
+(k->version) = CompAlloc( mem_op, sizeof(ComponentVersion));
+ (k->version)->identifier.bv_val = (k->version)->id_buf;
+ (k->version)->identifier.bv_len = strlen("version");
+ strcpy( (k->version)->identifier.bv_val, "version");
+ (k->version)->value = 0;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentTBSCertificate*) CompAlloc( mem_op, sizeof(ComponentTBSCertificate) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertificate ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertificate ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertificate;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertificate;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecTBSCertificate*/
+
+int
+GDecComponentTBSCertificate PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentTBSCertificate **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentTBSCertificate *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if ( strncmp( peek_head, "version", strlen("version") ) == 0 ) {
+ rc = GDecComponentVersion (mem_op, b, (&k->version), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->version)->identifier.bv_val = peek_head;
+ ( k->version)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ else {
+(k->version) = CompAlloc( mem_op, sizeof(ComponentVersion));
+ (k->version)->value = 0;
+ }
+ if ( strncmp( peek_head, "serialNumber", strlen("serialNumber") ) == 0 ) {
+ rc = GDecComponentCertificateSerialNumber (mem_op, b, (&k->serialNumber), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->serialNumber)->identifier.bv_val = peek_head;
+ (&k->serialNumber)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "signature", strlen("signature") ) == 0 ) {
+ rc = GDecComponentAlgorithmIdentifier (mem_op, b, (&k->signature), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->signature)->identifier.bv_val = peek_head;
+ ( k->signature)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "issuer", strlen("issuer") ) == 0 ) {
+ rc = GDecComponentName (mem_op, b, (&k->issuer), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->issuer)->identifier.bv_val = peek_head;
+ ( k->issuer)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "validity", strlen("validity") ) == 0 ) {
+ rc = GDecComponentValidity (mem_op, b, (&k->validity), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->validity)->identifier.bv_val = peek_head;
+ ( k->validity)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "subject", strlen("subject") ) == 0 ) {
+ rc = GDecComponentName (mem_op, b, (&k->subject), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->subject)->identifier.bv_val = peek_head;
+ ( k->subject)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "subjectPublicKeyInfo", strlen("subjectPublicKeyInfo") ) == 0 ) {
+ rc = GDecComponentSubjectPublicKeyInfo (mem_op, b, (&k->subjectPublicKeyInfo), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->subjectPublicKeyInfo)->identifier.bv_val = peek_head;
+ ( k->subjectPublicKeyInfo)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "issuerUniqueIdentifier", strlen("issuerUniqueIdentifier") ) == 0 ) {
+ rc = GDecComponentUniqueIdentifier (mem_op, b, (&k->issuerUniqueIdentifier), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->issuerUniqueIdentifier)->identifier.bv_val = peek_head;
+ (&k->issuerUniqueIdentifier)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "subjectUniqueIdentifier", strlen("subjectUniqueIdentifier") ) == 0 ) {
+ rc = GDecComponentUniqueIdentifier (mem_op, b, (&k->subjectUniqueIdentifier), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->subjectUniqueIdentifier)->identifier.bv_val = peek_head;
+ (&k->subjectUniqueIdentifier)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "extensions", strlen("extensions") ) == 0 ) {
+ rc = GDecComponentExtensions (mem_op, b, (&k->extensions), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->extensions)->identifier.bv_val = peek_head;
+ ( k->extensions)->identifier.bv_len = strLen;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+ Asn1Error("Error during Reading } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '}'){
+ Asn1Error("Missing } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentTBSCertificate*) CompAlloc( mem_op, sizeof(ComponentTBSCertificate) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertificate ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertificate ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertificate;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertificate;
+ return LDAP_SUCCESS;
+} /* GDecTBSCertificate*/
+
+
+int
+MatchingComponentCertificate ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ rc = 1;
+ rc = MatchingComponentTBSCertificate ( oid, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_attr)->toBeSigned, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_assert)->toBeSigned );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentAlgorithmIdentifier ( oid, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_attr)->signatureAlgorithm, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_assert)->signatureAlgorithm );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentBits ( oid, (ComponentSyntaxInfo*)&((ComponentCertificate*)csi_attr)->signature, (ComponentSyntaxInfo*)&((ComponentCertificate*)csi_assert)->signature );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentCertificate */
+
+void*
+ExtractingComponentCertificate ( void* mem_op, ComponentReference* cr, ComponentCertificate *comp )
+{
+
+ if ( ( comp->toBeSigned->identifier.bv_val && strncmp(comp->toBeSigned->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->toBeSigned->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->toBeSigned;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentTBSCertificate ( mem_op, cr, comp->toBeSigned );
+ }
+ }
+ if ( ( comp->signatureAlgorithm->identifier.bv_val && strncmp(comp->signatureAlgorithm->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->signatureAlgorithm->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->signatureAlgorithm;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentAlgorithmIdentifier ( mem_op, cr, comp->signatureAlgorithm );
+ }
+ }
+ if ( ( comp->signature.identifier.bv_val && strncmp(comp->signature.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->signature.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->signature;
+ else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return &comp->signature;
+ } else {
+ return NULL;
+ }
+ }
+ return NULL;
+} /* ExtractingComponentCertificate */
+
+int
+BDecComponentCertificate PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentCertificate **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ int old_mode = mode;
+ int rc;
+ ComponentCertificate *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentTBSCertificate (mem_op, b, tagId1, elmtLen1, (&k->toBeSigned), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->toBeSigned)->identifier.bv_val = (k->toBeSigned)->id_buf;
+ (k->toBeSigned)->identifier.bv_len = strlen("toBeSigned");
+ strcpy( (k->toBeSigned)->identifier.bv_val, "toBeSigned");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->signatureAlgorithm), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->signatureAlgorithm)->identifier.bv_val = (k->signatureAlgorithm)->id_buf;
+ (k->signatureAlgorithm)->identifier.bv_len = strlen("signatureAlgorithm");
+ strcpy( (k->signatureAlgorithm)->identifier.bv_val, "signatureAlgorithm");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, BITSTRING_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentBits (mem_op, b, tagId1, elmtLen1, (&k->signature), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->signature)->identifier.bv_val = (&k->signature)->id_buf;
+ (&k->signature)->identifier.bv_len = strlen("signature");
+ strcpy( (&k->signature)->identifier.bv_val, "signature");
+ seqDone = TRUE;
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ else if (totalElmtsLen1 != elmtLen0)
+ return -1;
+
+ }
+ else
+ return -1;
+
+
+
+ if (!seqDone)
+ return -1;
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentCertificate*) CompAlloc( mem_op, sizeof(ComponentCertificate) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentCertificate ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentCertificate ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentCertificate;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentCertificate;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecCertificate*/
+
+int
+GDecComponentCertificate PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentCertificate **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentCertificate *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if ( strncmp( peek_head, "toBeSigned", strlen("toBeSigned") ) == 0 ) {
+ rc = GDecComponentTBSCertificate (mem_op, b, (&k->toBeSigned), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->toBeSigned)->identifier.bv_val = peek_head;
+ ( k->toBeSigned)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "signatureAlgorithm", strlen("signatureAlgorithm") ) == 0 ) {
+ rc = GDecComponentAlgorithmIdentifier (mem_op, b, (&k->signatureAlgorithm), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->signatureAlgorithm)->identifier.bv_val = peek_head;
+ ( k->signatureAlgorithm)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "signature", strlen("signature") ) == 0 ) {
+ rc = GDecComponentBits (mem_op, b, (&k->signature), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->signature)->identifier.bv_val = peek_head;
+ (&k->signature)->identifier.bv_len = strLen;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+ Asn1Error("Error during Reading } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '}'){
+ Asn1Error("Missing } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentCertificate*) CompAlloc( mem_op, sizeof(ComponentCertificate) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentCertificate ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentCertificate ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentCertificate;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentCertificate;
+ return LDAP_SUCCESS;
+} /* GDecCertificate*/
+
+
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/certificate.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/certificate.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/certificate.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,379 @@
+
+#include "asn-incl.h"
+/*
+ * certificate.h
+ * "AuthenticationFramework" ASN.1 module encode/decode/extracting/matching/free C src.
+ * This file was generated by modified eSMACC compiler Sat Dec 11 11:22:49 2004
+ * The generated files are strongly encouraged to be
+ * compiled as a module for OpenLDAP Software
+ */
+
+#ifndef _certificate_h_
+#define _certificate_h_
+
+
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+#ifdef _WIN32
+#pragma warning( disable : 4101 )
+#endif
+#include "componentlib.h"
+typedef enum AuthenticationFrameworkAnyId
+{
+ nullOid_ANY_ID = 0,
+ nullOid2_ANY_ID = 1,
+ nullOid3_ANY_ID = 2,
+ printableStringOid_ANY_ID = 3,
+ printableStringOid2_ANY_ID = 4,
+ printableStringOid3_ANY_ID = 5,
+ printableStringOid4_ANY_ID = 6,
+ printableStringOid5_ANY_ID = 7,
+ printableStringOid6_ANY_ID = 8,
+ printableStringOid7_ANY_ID = 9,
+ iA5StringOid_ANY_ID = 10,
+ octetStringOid_ANY_ID = 11,
+ octetStringOid2_ANY_ID = 12,
+ octetStringOid3_ANY_ID = 13,
+ octetStringOid4_ANY_ID = 14,
+ octetStringOid5_ANY_ID = 15,
+ octetStringOid7_ANY_ID = 17} AuthenticationFrameworkAnyId;
+
+void InitAnyAuthenticationFramework();
+
+
+#define V1 0
+#define V2 1
+#define V3 2
+
+typedef ComponentInt ComponentVersion; /* INTEGER { V1 (0), V2 (1), V3 (2) } */
+
+#define MatchingComponentVersion MatchingComponentInt
+
+#define ExtractingComponentVersion ExtractingComponentInt
+
+#define BDecComponentVersion BDecComponentInt
+
+#define GDecComponentVersion GDecComponentInt
+
+
+typedef ComponentInt ComponentCertificateSerialNumber; /* INTEGER */
+
+#define MatchingComponentCertificateSerialNumber MatchingComponentInt
+
+#define ExtractingComponentCertificateSerialNumber ExtractingComponentInt
+
+#define BDecComponentCertificateSerialNumber BDecComponentInt
+
+#define GDecComponentCertificateSerialNumber GDecComponentInt
+
+
+typedef ComponentOid ComponentAttributeType; /* OBJECT IDENTIFIER */
+
+#define MatchingComponentAttributeType MatchingComponentOid
+
+#define ExtractingComponentAttributeType ExtractingComponentOid
+
+#define BDecComponentAttributeType BDecComponentOid
+
+#define GDecComponentAttributeType GDecComponentOid
+
+
+typedef ComponentBits ComponentUniqueIdentifier; /* BIT STRING */
+
+#define MatchingComponentUniqueIdentifier MatchingComponentBits
+
+#define ExtractingComponentUniqueIdentifier ExtractingComponentBits
+
+#define BDecComponentUniqueIdentifier BDecComponentBits
+
+#define GDecComponentUniqueIdentifier GDecComponentBits
+
+
+typedef struct AlgorithmIdentifier /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentOid algorithm; /* OBJECT IDENTIFIER */
+ ComponentAnyDefinedBy parameters; /* ANY DEFINED BY algorithm OPTIONAL */
+} ComponentAlgorithmIdentifier;
+
+int MatchingComponentAlgorithmIdentifier PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentAlgorithmIdentifier PROTO (( void* mem_op, ComponentReference *cr, ComponentAlgorithmIdentifier *comp ));
+
+
+int BDecComponentAlgorithmIdentifier PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAlgorithmIdentifier **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentAlgorithmIdentifier PROTO (( void* mem_op, GenBuf * b, ComponentAlgorithmIdentifier **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Time /* CHOICE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ enum TimeChoiceId
+ {
+ TIME_UTCTIME,
+ TIME_GENERALIZEDTIME
+ } choiceId;
+ union TimeChoiceUnion
+ {
+ ComponentUTCTime* utcTime; /* < unknown type id ?! > */
+ ComponentGeneralizedTime* generalizedTime; /* < unknown type id ?! > */
+ } a;
+} ComponentTime;
+
+int MatchingComponentTime PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentTime PROTO (( void* mem_op, ComponentReference *cr, ComponentTime *comp ));
+
+
+int BDecComponentTime PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentTime **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentTime PROTO (( void* mem_op, GenBuf * b, ComponentTime **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Extension /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentOid extnID; /* OBJECT IDENTIFIER */
+ ComponentBool* critical; /* BOOLEAN DEFAULT FALSE */
+ ComponentOcts extnValue; /* OCTET STRING */
+} ComponentExtension;
+
+int MatchingComponentExtension PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentExtension PROTO (( void* mem_op, ComponentReference *cr, ComponentExtension *comp ));
+
+
+int BDecComponentExtension PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentExtension **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentExtension PROTO (( void* mem_op, GenBuf * b, ComponentExtension **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct AttributeTypeAndValue /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentAttributeType type; /* AttributeType */
+ ComponentAnyDefinedBy value; /* ANY DEFINED BY type */
+} ComponentAttributeTypeAndValue;
+
+int MatchingComponentAttributeTypeAndValue PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentAttributeTypeAndValue PROTO (( void* mem_op, ComponentReference *cr, ComponentAttributeTypeAndValue *comp ));
+
+
+int BDecComponentAttributeTypeAndValue PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentAttributeTypeAndValue PROTO (( void* mem_op, GenBuf * b, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Validity /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentTime* notBefore; /* Time */
+ ComponentTime* notAfter; /* Time */
+} ComponentValidity;
+
+int MatchingComponentValidity PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentValidity PROTO (( void* mem_op, ComponentReference *cr, ComponentValidity *comp ));
+
+
+int BDecComponentValidity PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentValidity **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentValidity PROTO (( void* mem_op, GenBuf * b, ComponentValidity **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct SubjectPublicKeyInfo /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentAlgorithmIdentifier* algorithm; /* AlgorithmIdentifier */
+ ComponentBits subjectPublicKey; /* BIT STRING */
+} ComponentSubjectPublicKeyInfo;
+
+int MatchingComponentSubjectPublicKeyInfo PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentSubjectPublicKeyInfo PROTO (( void* mem_op, ComponentReference *cr, ComponentSubjectPublicKeyInfo *comp ));
+
+
+int BDecComponentSubjectPublicKeyInfo PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentSubjectPublicKeyInfo **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentSubjectPublicKeyInfo PROTO (( void* mem_op, GenBuf * b, ComponentSubjectPublicKeyInfo **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentExtensions; /* SEQUENCE SIZE 1..MAX OF Extension */
+
+int MatchingComponentExtensions PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentExtensions PROTO (( void* mem_op, ComponentReference *cr, ComponentExtensions *comp ));
+
+
+int BDecComponentExtensions PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentExtensions **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentExtensions PROTO (( void* mem_op, GenBuf * b, ComponentExtensions **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentRelativeDistinguishedName; /* SET OF AttributeTypeAndValue */
+
+int MatchingComponentRelativeDistinguishedName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentRelativeDistinguishedName PROTO (( void* mem_op, ComponentReference *cr, ComponentRelativeDistinguishedName *comp ));
+
+
+int BDecComponentRelativeDistinguishedName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentRelativeDistinguishedName PROTO (( void* mem_op, GenBuf * b, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentRDNSequence; /* SEQUENCE OF RelativeDistinguishedName */
+
+int MatchingComponentRDNSequence PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentRDNSequence PROTO (( void* mem_op, ComponentReference *cr, ComponentRDNSequence *comp ));
+
+
+int BDecComponentRDNSequence PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentRDNSequence PROTO (( void* mem_op, GenBuf * b, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Name /* CHOICE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ enum NameChoiceId
+ {
+ NAME_RDNSEQUENCE
+ } choiceId;
+ union NameChoiceUnion
+ {
+ ComponentRDNSequence* rdnSequence; /* RDNSequence */
+ } a;
+} ComponentName;
+
+int MatchingComponentName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentName PROTO (( void* mem_op, ComponentReference *cr, ComponentName *comp ));
+
+
+int BDecComponentName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentName PROTO (( void* mem_op, GenBuf * b, ComponentName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct TBSCertificate /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentVersion* version; /* [0] Version DEFAULT v1 */
+ ComponentCertificateSerialNumber serialNumber; /* CertificateSerialNumber */
+ ComponentAlgorithmIdentifier* signature; /* AlgorithmIdentifier */
+ ComponentName* issuer; /* Name */
+ ComponentValidity* validity; /* Validity */
+ ComponentName* subject; /* Name */
+ ComponentSubjectPublicKeyInfo* subjectPublicKeyInfo; /* SubjectPublicKeyInfo */
+ ComponentUniqueIdentifier issuerUniqueIdentifier; /* [1] IMPLICIT UniqueIdentifier OPTIONAL */
+ ComponentUniqueIdentifier subjectUniqueIdentifier; /* [2] IMPLICIT UniqueIdentifier OPTIONAL */
+ ComponentExtensions* extensions; /* [3] Extensions OPTIONAL */
+} ComponentTBSCertificate;
+
+int MatchingComponentTBSCertificate PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentTBSCertificate PROTO (( void* mem_op, ComponentReference *cr, ComponentTBSCertificate *comp ));
+
+
+int BDecComponentTBSCertificate PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentTBSCertificate **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentTBSCertificate PROTO (( void* mem_op, GenBuf * b, ComponentTBSCertificate **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Certificate /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentTBSCertificate* toBeSigned; /* TBSCertificate */
+ ComponentAlgorithmIdentifier* signatureAlgorithm; /* AlgorithmIdentifier */
+ ComponentBits signature; /* BIT STRING */
+} ComponentCertificate;
+
+int MatchingComponentCertificate PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentCertificate PROTO (( void* mem_op, ComponentReference *cr, ComponentCertificate *comp ));
+
+
+int BDecComponentCertificate PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentCertificate **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentCertificate PROTO (( void* mem_op, GenBuf * b, ComponentCertificate **v, AsnLen *bytesDecoded, int mode));
+
+
+
+/* ========== Object Declarations ========== */
+
+
+/* ========== Object Set Declarations ========== */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#endif /* conditional include of certificate.h */
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/componentlib.c
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/componentlib.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/componentlib.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2370 @@
+/* Copyright 2004 IBM Corporation
+ * All rights reserved.
+ * Redisribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorizd by the OpenLADP
+ * Public License.
+ */
+/* ACKNOWLEDGEMENTS
+ * This work originally developed by Sang Seok Lim
+ * 2004/06/18 03:20:00 slim at OpenLDAP.org
+ */
+
+#include "portable.h"
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ldap_pvt.h>
+#include "lutil.h"
+#include <ldap.h>
+#include "slap.h"
+#include "component.h"
+
+#include "componentlib.h"
+#include "asn.h"
+#include <asn-gser.h>
+#include <stdlib.h>
+
+#include <string.h>
+
+#ifndef SLAPD_COMP_MATCH
+#define SLAPD_COMP_MATCH SLAPD_MOD_DYNAMIC
+#endif
+
+#ifdef SLAPD_COMP_MATCH
+/*
+ * Matching function : BIT STRING
+ */
+int
+MatchingComponentBits ( char* oid, ComponentSyntaxInfo *csi_attr,
+ ComponentSyntaxInfo *csi_assert )
+{
+ int rc;
+ MatchingRule* mr;
+ ComponentBits *a, *b;
+
+ if ( oid ) {
+ mr = retrieve_matching_rule(oid, (AsnTypeId)csi_attr->csi_comp_desc->cd_type_id );
+ if ( mr )
+ return component_value_match( mr, csi_attr , csi_assert );
+ }
+ a = ((ComponentBits*)csi_attr);
+ b = ((ComponentBits*)csi_assert);
+ rc = ( a->value.bitLen == b->value.bitLen &&
+ strncmp( a->value.bits,b->value.bits,a->value.bitLen ) == 0 );
+ return rc ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * Free function: BIT STRING
+ */
+void
+FreeComponentBits ( ComponentBits* v ) {
+ FreeAsnBits( &v->value );
+}
+
+/*
+ * GSER Encoder : BIT STRING
+ */
+int
+GEncComponentBits ( GenBuf *b, ComponentBits *in )
+{
+ GAsnBits bits = {0};
+
+ bits.value = in->value;
+ if ( !in )
+ return (-1);
+ return GEncAsnBitsContent ( b, &bits);
+}
+
+
+/*
+ * GSER Decoder : BIT STRING
+ */
+int
+GDecComponentBits ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen;
+ void* component_values;
+ ComponentBits* k, **k2;
+ GAsnBits result;
+
+ k = (ComponentBits*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentBits**) v;
+ *k2 = (ComponentBits*) CompAlloc( mem_op, sizeof( ComponentBits ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( GDecAsnBitsContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+ if ( k ) CompFree( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->value = result.value;
+ k->comp_desc = get_component_description (BASICTYPE_BITSTRING);
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : BIT STRING
+ */
+int
+BDecComponentBitsTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+ return BDecComponentBits ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentBits ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+ AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentBits* k, **k2;
+ AsnBits result;
+
+ k = (ComponentBits*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentBits**) v;
+ *k2 = (ComponentBits*) CompAlloc( mem_op, sizeof( ComponentBits ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ){
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecAsnBits ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecAsnBitsContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+ }
+
+ if ( rc < 0 ) {
+ if ( k ) CompFree( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+
+ k->value = result;
+ k->comp_desc = get_component_description (BASICTYPE_BITSTRING);
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component GSER BMPString Encoder
+ */
+int
+GEncComponentBMPString ( GenBuf *b, ComponentBMPString *in )
+{
+ GBMPString t = {0};
+
+ if ( !in || in->value.octetLen <= 0 )
+ return (-1);
+ t.value = in->value;
+ return GEncBMPStringContent ( b, &t );
+}
+
+/*
+ * Component GSER BMPString Decoder
+ */
+int
+GDecComponentBMPString ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode)
+{
+ char* peek_head;
+ int i, strLen;
+ void* component_values;
+ ComponentBMPString* k, **k2;
+ GBMPString result;
+
+ k = (ComponentBMPString*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentBMPString**) v;
+ *k2 = (ComponentBMPString*) CompAlloc( mem_op, sizeof( ComponentBMPString ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ *bytesDecoded = 0;
+
+ if ( GDecBMPStringContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+ if ( k ) CompFree( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+
+ k->value = result.value;
+ k->comp_desc = get_component_description (BASICTYPE_BMP_STR);
+
+ return LDAP_SUCCESS;
+
+}
+
+/*
+ * Component BER BMPString Decoder
+ */
+int
+BDecComponentBMPStringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+ return BDecComponentBMPString ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentBMPString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+ AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentBMPString* k, **k2;
+ BMPString result;
+
+ k = (ComponentBMPString*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentBMPString**) v;
+ *k2 = (ComponentBMPString*) CompAlloc( mem_op, sizeof( ComponentBMPString ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ){
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecBMPString ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecBMPStringContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+ }
+
+ if ( rc < 0 ) {
+ if ( k ) CompFree( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+
+ k->value = result;
+ k->comp_desc = get_component_description (BASICTYPE_BMP_STR);
+
+ return LDAP_SUCCESS;
+
+}
+
+/*
+ * Component GSER Encoder : UTF8 String
+ */
+int
+GEncComponentUTF8String ( GenBuf *b, ComponentUTF8String *in )
+{
+ GUTF8String t = {0};
+ if ( !in || in->value.octetLen <= 0 )
+ return (-1);
+ t.value = in->value;
+ return GEncUTF8StringContent ( b, &t );
+}
+
+/*
+ * Component GSER Decoder : UTF8 String
+ */
+int
+GDecComponentUTF8String ( void* mem_op, GenBuf *b, void *v,
+ AsnLen *bytesDecoded, int mode) {
+ char* peek_head;
+ int i, strLen;
+ void* component_values;
+ ComponentUTF8String* k, **k2;
+ GUTF8String result;
+
+ k = (ComponentUTF8String*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentUTF8String**) v;
+ *k2 = (ComponentUTF8String*)CompAlloc( mem_op, sizeof( ComponentUTF8String ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ *bytesDecoded = 0;
+
+ if ( GDecUTF8StringContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+ if ( k ) CompFree( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+
+ k->value = result.value;
+ k->comp_desc = get_component_description (BASICTYPE_UTF8_STR);
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : UTF8String
+ */
+int
+BDecComponentUTF8StringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+ return BDecComponentUTF8String ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentUTF8String ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len,
+ void *v, AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentUTF8String* k, **k2;
+ UTF8String result;
+
+ k = (ComponentUTF8String*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentUTF8String**) v;
+ *k2 = (ComponentUTF8String*) CompAlloc( mem_op, sizeof( ComponentUTF8String ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ){
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecUTF8String ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecUTF8StringContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+ }
+ if ( rc < 0 ) {
+ if ( k ) CompFree( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+
+ k->value = result;
+ k->comp_desc = get_component_description (BASICTYPE_UTF8_STR);
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component GSER Encoder : Teletex String
+ */
+int
+GEncComponentTeletexString ( GenBuf *b, ComponentTeletexString *in )
+{
+ GTeletexString t = {0};
+
+ if ( !in || in->value.octetLen <= 0 )
+ return (-1);
+ t.value = in->value;
+ return GEncTeletexStringContent ( b, &t );
+}
+
+/*
+ * Component GSER Decoder : Teletex String
+ */
+int
+GDecComponentTeletexString ( void* mem_op, GenBuf *b, void *v,
+ AsnLen *bytesDecoded, int mode) {
+ char* peek_head;
+ int i, strLen;
+ void* component_values;
+ ComponentTeletexString* k, **k2;
+ GTeletexString result;
+
+ k = (ComponentTeletexString*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentTeletexString**) v;
+ *k2 = (ComponentTeletexString*)CompAlloc( mem_op, sizeof( ComponentTeletexString ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ *bytesDecoded = 0;
+
+ if ( GDecTeletexStringContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+ if ( k ) CompFree( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+
+ k->value = result.value;
+ k->comp_desc = get_component_description (BASICTYPE_VIDEOTEX_STR);
+
+ return LDAP_SUCCESS;
+}
+
+
+/*
+ * Matching function : BOOLEAN
+ */
+int
+MatchingComponentBool(char* oid, ComponentSyntaxInfo* csi_attr,
+ ComponentSyntaxInfo* csi_assert )
+{
+ MatchingRule* mr;
+ ComponentBool *a, *b;
+
+ if( oid ) {
+ mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+ if ( mr )
+ return component_value_match( mr, csi_attr , csi_assert );
+ }
+
+ a = ((ComponentBool*)csi_attr);
+ b = ((ComponentBool*)csi_assert);
+
+ return (a->value == b->value) ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : BOOLEAN
+ */
+int
+GEncComponentBool ( GenBuf *b, ComponentBool *in )
+{
+ GAsnBool t = {0};
+
+ if ( !in )
+ return (-1);
+ t.value = in->value;
+ return GEncAsnBoolContent ( b, &t );
+}
+
+/*
+ * GSER Decoder : BOOLEAN
+ */
+int
+GDecComponentBool ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen;
+ ComponentBool* k, **k2;
+ GAsnBool result;
+
+ k = (ComponentBool*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentBool**) v;
+ *k2 = (ComponentBool*) CompAlloc( mem_op, sizeof( ComponentBool ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( GDecAsnBoolContent( mem_op, b, &result, bytesDecoded ) < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+
+ k->value = result.value;
+ k->comp_desc = get_component_description (BASICTYPE_BOOLEAN);
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : BOOLEAN
+ */
+int
+BDecComponentBoolTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+ return BDecComponentBool ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentBool ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+ AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ ComponentBool* k, **k2;
+ AsnBool result;
+
+ k = (ComponentBool*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentBool**) v;
+ *k2 = (ComponentBool*) CompAlloc( mem_op, sizeof( ComponentBool ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ){
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecAsnBool ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecAsnBoolContent( mem_op, b, tagId, len, &result, bytesDecoded );
+ }
+ if ( rc < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+
+ k->value = result;
+ k->comp_desc = get_component_description (BASICTYPE_BOOLEAN);
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Matching function : ENUMERATE
+ */
+int
+MatchingComponentEnum ( char* oid, ComponentSyntaxInfo *csi_attr,
+ ComponentSyntaxInfo *csi_assert )
+{
+ int rc;
+ MatchingRule* mr;
+ ComponentEnum *a, *b;
+
+ if( oid ) {
+ mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+ if ( mr )
+ return component_value_match( mr, csi_attr , csi_assert );
+ }
+ a = ((ComponentEnum*)csi_attr);
+ b = ((ComponentEnum*)csi_assert);
+ rc = (a->value == b->value);
+
+ return rc ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : ENUMERATE
+ */
+int
+GEncComponentEnum ( GenBuf *b, ComponentEnum *in )
+{
+ GAsnEnum t = {0};
+
+ if ( !in )
+ return (-1);
+ t.value = in->value;
+ return GEncAsnEnumContent ( b, &t );
+}
+
+/*
+ * GSER Decoder : ENUMERATE
+ */
+int
+GDecComponentEnum ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen;
+ void* component_values;
+ ComponentEnum* k, **k2;
+ GAsnEnum result;
+
+ k = (ComponentEnum*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentEnum**) v;
+ *k2 = (ComponentEnum*) CompAlloc( mem_op, sizeof( ComponentEnum ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( GDecAsnEnumContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+
+ k->value_identifier.bv_val = result.value_identifier;
+ k->value_identifier.bv_len = result.len;
+
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !k->comp_desc ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentEnum;
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentEnum;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentEnum;
+ k->comp_desc->cd_free = (comp_free_func*)NULL;
+ k->comp_desc->cd_extract_i = NULL;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_type_id = BASICTYPE_ENUMERATED;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentEnum;
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : ENUMERATE
+ */
+int
+BDecComponentEnumTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+ return BDecComponentEnum ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentEnum ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+ AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentEnum* k, **k2;
+ AsnEnum result;
+
+ k = (ComponentEnum*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentEnum**) v;
+ *k2 = (ComponentEnum*) CompAlloc( mem_op, sizeof( ComponentEnum ) );
+ if ( k ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ){
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecAsnEnum ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecAsnEnumContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+ }
+ if ( rc < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+
+ k->value = result;
+
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !k->comp_desc ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentEnum;
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentEnum;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentEnum;
+ k->comp_desc->cd_free = (comp_free_func*)NULL;
+ k->comp_desc->cd_extract_i = NULL;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_type_id = BASICTYPE_ENUMERATED;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentEnum;
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component GSER Encoder : IA5String
+ */
+int
+GEncComponentIA5Stirng ( GenBuf *b, ComponentIA5String* in )
+{
+ GIA5String t = {0};
+ t.value = in->value;
+ if ( !in || in->value.octetLen <= 0 ) return (-1);
+ return GEncIA5StringContent( b, &t );
+}
+
+/*
+ * Component BER Decoder : IA5String
+ */
+int
+BDecComponentIA5StringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+ return BDecComponentIA5String ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentIA5String ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+ AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentIA5String* k, **k2;
+ IA5String result;
+
+ k = (ComponentIA5String*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentIA5String**) v;
+ *k2 = (ComponentIA5String*) CompAlloc( mem_op, sizeof( ComponentIA5String ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ){
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecIA5String ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecIA5StringContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+ }
+ if ( rc < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+
+ k->value = result;
+
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !k->comp_desc ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentIA5String;
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentIA5String;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentIA5String;
+ k->comp_desc->cd_free = (comp_free_func*)FreeComponentIA5String;
+ k->comp_desc->cd_extract_i = NULL;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_type_id = BASICTYPE_IA5_STR;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentIA5String;
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Matching function : INTEGER
+ */
+int
+MatchingComponentInt(char* oid, ComponentSyntaxInfo* csi_attr,
+ ComponentSyntaxInfo* csi_assert )
+{
+ MatchingRule* mr;
+ ComponentInt *a, *b;
+
+ if( oid ) {
+ /* check if this ASN type's matching rule is overrided */
+ mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+ /* if existing function is overrided, call the overriding
+function*/
+ if ( mr )
+ return component_value_match( mr, csi_attr , csi_assert );
+ }
+ a = ((ComponentInt*)csi_attr);
+ b = ((ComponentInt*)csi_assert);
+
+ return ( a->value == b->value ) ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : INTEGER
+ */
+int
+GEncComponentInt ( GenBuf *b, ComponentInt* in )
+{
+ GAsnInt t = {0};
+
+ if ( !in )
+ return (-1);
+ t.value = in->value;
+ return GEncAsnIntContent ( b, &t );
+}
+
+/*
+ * GSER Decoder : INTEGER
+ */
+int
+GDecComponentInt( void* mem_op, GenBuf * b, void *v, AsnLen *bytesDecoded, int mode)
+{
+ char* peek_head;
+ int i, strLen;
+ void* component_values;
+ ComponentInt* k, **k2;
+ GAsnInt result;
+
+ k = (ComponentInt*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentInt**) v;
+ *k2 = (ComponentInt*) CompAlloc( mem_op, sizeof( ComponentInt ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( GDecAsnIntContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->value = result.value;
+ k->comp_desc = get_component_description (BASICTYPE_INTEGER );
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : INTEGER
+ */
+int
+BDecComponentIntTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+ return BDecComponentInt ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentInt ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+ AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentInt* k, **k2;
+ AsnInt result;
+
+ k = (ComponentInt*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentInt**) v;
+ *k2 = (ComponentInt*) CompAlloc( mem_op, sizeof( ComponentInt ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ){
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecAsnInt ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecAsnIntContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+ }
+ k->value = result;
+
+ k->comp_desc = get_component_description (BASICTYPE_INTEGER );
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Matching function : NULL
+ */
+int
+MatchingComponentNull ( char *oid, ComponentSyntaxInfo *csi_attr,
+ ComponentSyntaxInfo *csi_assert )
+{
+ MatchingRule* mr;
+ ComponentNull *a, *b;
+
+ if( oid ) {
+ mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+ if ( mr )
+ return component_value_match( mr, csi_attr , csi_assert );
+ }
+ a = ((ComponentNull*)csi_attr);
+ b = ((ComponentNull*)csi_assert);
+
+ return (a->value == b->value) ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : NULL
+ */
+int
+GEncComponentNull ( GenBuf *b, ComponentNull *in )
+{
+ GAsnNull t = {0};
+
+ if ( !in )
+ return (-1);
+ t.value = in->value;
+ return GEncAsnNullContent ( b, &t );
+}
+
+/*
+ * GSER Decoder : NULL
+ */
+int
+GDecComponentNull ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen;
+ void* component_values;
+ ComponentNull* k, **k2;
+ GAsnNull result;
+
+ k = (ComponentNull*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentNull**) v;
+ *k2 = (ComponentNull*) CompAlloc( mem_op, sizeof( ComponentNull ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( GDecAsnNullContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->value = result.value;
+
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !k->comp_desc ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentNull;
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentNull;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentNull;
+ k->comp_desc->cd_free = (comp_free_func*)FreeComponentNull;
+ k->comp_desc->cd_extract_i = NULL;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_type_id = BASICTYPE_NULL;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentNull;
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : NULL
+ */
+int
+BDecComponentNullTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+ return BDecComponentNull ( mem_op, b, 0, 0, v,bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentNull ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+ AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentNull* k, **k2;
+ AsnNull result;
+
+ k = (ComponentNull*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentNull**) v;
+ *k2 = (ComponentNull*) CompAlloc( mem_op, sizeof( ComponentNull ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ){
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecAsnNull ( mem_op, b, &result, bytesDecoded );
+ }
+ else {
+ rc = BDecAsnNullContent ( mem_op, b, tagId, len, &result, bytesDecoded);
+ }
+ if ( rc < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->value = result;
+
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !k->comp_desc ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentNull;
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentNull;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentNull;
+ k->comp_desc->cd_free = (comp_free_func*)FreeComponentNull;
+ k->comp_desc->cd_extract_i = NULL;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_type_id = BASICTYPE_NULL;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentNull;
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : NumericString
+ */
+int
+BDecComponentNumericStringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+ return BDecComponentNumericString ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentNumericString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentNumericString* k, **k2;
+ NumericString result;
+
+ k = (ComponentNumericString*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentNumericString**) v;
+ *k2 = (ComponentNumericString*) CompAlloc( mem_op, sizeof( ComponentNumericString ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ){
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecNumericString ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecNumericStringContent ( mem_op, b, tagId, len, &result, bytesDecoded);
+ }
+ if ( rc < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->value = result;
+
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !k->comp_desc ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentNumericString;
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentNumericString;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentNumericString;
+ k->comp_desc->cd_free = (comp_free_func*)FreeComponentNumericString;
+ k->comp_desc->cd_extract_i = NULL;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_type_id = BASICTYPE_NUMERIC_STR;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentNumericString;
+
+ return LDAP_SUCCESS;
+}
+
+
+/*
+ * Free function : OCTET STRING
+ */
+void
+FreeComponentOcts ( ComponentOcts* v) {
+ FreeAsnOcts( &v->value );
+}
+
+/*
+ * Matching function : OCTET STRING
+ */
+int
+MatchingComponentOcts ( char* oid, ComponentSyntaxInfo* csi_attr,
+ ComponentSyntaxInfo* csi_assert )
+{
+ int rc;
+ MatchingRule* mr;
+ ComponentOcts *a, *b;
+
+ if( oid ) {
+ mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+ if ( mr )
+ return component_value_match( mr, csi_attr , csi_assert );
+ }
+ a = (ComponentOcts*) csi_attr;
+ b = (ComponentOcts*) csi_assert;
+ /* Assume that both of OCTET string has end of string character */
+ if ( (a->value.octetLen == b->value.octetLen) &&
+ strncmp ( a->value.octs, b->value.octs, a->value.octetLen ) == 0 )
+ return LDAP_COMPARE_TRUE;
+ else
+ return LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : OCTET STRING
+ */
+int
+GEncComponentOcts ( GenBuf* b, ComponentOcts *in )
+{
+ GAsnOcts t = {0};
+ if ( !in || in->value.octetLen <= 0 )
+ return (-1);
+
+ t.value = in->value;
+ return GEncAsnOctsContent ( b, &t );
+}
+
+/*
+ * GSER Decoder : OCTET STRING
+ */
+int
+GDecComponentOcts ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+ char *peek_head, *data;
+ int i, j, strLen;
+ void* component_values;
+ ComponentOcts* k, **k2;
+ GAsnOcts result;
+
+ k = (ComponentOcts*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentOcts**) v;
+ *k2 = (ComponentOcts*) CompAlloc( mem_op, sizeof( ComponentOcts ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( GDecAsnOctsContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->value = result.value;
+
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !k->comp_desc ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentOcts;
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOcts;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOcts;
+ k->comp_desc->cd_free = (comp_free_func*)FreeComponentOcts;
+ k->comp_desc->cd_extract_i = NULL;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_type_id = BASICTYPE_OCTETSTRING;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentOcts;
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : OCTET STRING
+ */
+int
+BDecComponentOctsTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+ return BDecComponentOcts ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentOcts ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+ AsnLen *bytesDecoded, int mode )
+{
+ char *peek_head, *data;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentOcts* k, **k2;
+ AsnOcts result;
+
+ k = (ComponentOcts*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentOcts**) v;
+ *k2 = (ComponentOcts*) CompAlloc( mem_op, sizeof( ComponentOcts ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ){
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecAsnOcts ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecAsnOctsContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+ }
+ if ( rc < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->value = result;
+
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !k->comp_desc ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentOcts;
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOcts;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOcts;
+ k->comp_desc->cd_free = (comp_free_func*)FreeComponentOcts;
+ k->comp_desc->cd_extract_i = NULL;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_type_id = BASICTYPE_OCTETSTRING;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentOcts;
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Matching function : OBJECT IDENTIFIER
+ */
+int
+MatchingComponentOid ( char *oid, ComponentSyntaxInfo *csi_attr ,
+ ComponentSyntaxInfo *csi_assert )
+{
+ int rc;
+ MatchingRule* mr;
+ ComponentOid *a, *b;
+
+ if( oid ) {
+ mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+ if ( mr )
+ return component_value_match( mr, csi_attr , csi_assert );
+ }
+
+ a = (ComponentOid*)csi_attr;
+ b = (ComponentOid*)csi_assert;
+ if ( a->value.octetLen != b->value.octetLen )
+ return LDAP_COMPARE_FALSE;
+ rc = ( strncmp( a->value.octs, b->value.octs, a->value.octetLen ) == 0 );
+
+ return rc ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : OID
+ */
+GEncComponentOid ( GenBuf *b, ComponentOid *in )
+{
+ GAsnOid t = {0};
+
+ if ( !in || in->value.octetLen <= 0 )
+ return (-1);
+ t.value = in->value;
+ return GEncAsnOidContent( b, (GAsnOcts*)&t );
+}
+
+/*
+ * GSER Decoder : OID
+ */
+int
+GDecAsnDescOidContent ( void* mem_op, GenBuf *b, GAsnOid *result, AsnLen *bytesDecoded ){
+ AttributeType *ad_type;
+ struct berval name;
+ char* peek_head;
+ int strLen;
+
+ strLen = LocateNextGSERToken ( mem_op, b, &peek_head, GSER_NO_COPY );
+ name.bv_val = peek_head;
+ name.bv_len = strLen;
+
+ ad_type = at_bvfind( &name );
+
+ if ( !ad_type )
+ return LDAP_DECODING_ERROR;
+
+ peek_head = ad_type->sat_atype.at_oid;
+ strLen = strlen ( peek_head );
+
+ result->value.octs = (char*)EncodeComponentOid ( mem_op, peek_head , &strLen );
+ result->value.octetLen = strLen;
+ return LDAP_SUCCESS;
+}
+
+int
+IsNumericOid ( char* peek_head , int strLen ) {
+ int i;
+ int num_dot;
+ for ( i = 0, num_dot = 0 ; i < strLen ; i++ ) {
+ if ( peek_head[i] == '.' ) num_dot++;
+ else if ( peek_head[i] > '9' || peek_head[i] < '0' )
+ return (-1);
+ }
+ if ( num_dot )
+ return (1);
+ else
+ return (-1);
+}
+
+int
+GDecComponentOid ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentOid* k, **k2;
+ GAsnOid result;
+
+ k = (ComponentOid*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentOid**) v;
+ *k2 = (ComponentOid*) CompAlloc( mem_op, sizeof( ComponentOid ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ strLen = LocateNextGSERToken ( mem_op, b, &peek_head, GSER_PEEK );
+ if ( IsNumericOid ( peek_head , strLen ) >= 1 ) {
+ /* numeric-oid */
+ if ( GDecAsnOidContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ }
+ else {
+ /*descr*/
+ if ( GDecAsnDescOidContent ( mem_op, b, &result, bytesDecoded ) < 0 ){
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ }
+ k->value = result.value;
+ k->comp_desc = get_component_description (BASICTYPE_OID);
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : OID
+ */
+int
+BDecComponentOidTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+ return BDecComponentOid ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentOid ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+ AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentOid* k, **k2;
+ AsnOid result;
+
+ k = (ComponentOid*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentOid**) v;
+ *k2 = (ComponentOid*) CompAlloc( mem_op, sizeof( ComponentOid ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ){
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecAsnOid ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecAsnOidContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+ }
+ if ( rc < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->value = result;
+
+ k->comp_desc = get_component_description (BASICTYPE_OID);
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : PrintiableString
+ */
+
+int
+BDecComponentPrintableStringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+ return BDecComponentPrintableString ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentPrintableString( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentPrintableString* k, **k2;
+ AsnOid result;
+
+ k = (ComponentPrintableString*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentPrintableString**) v;
+ *k2 = (ComponentPrintableString*) CompAlloc( mem_op, sizeof( ComponentPrintableString ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ) {
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecPrintableString ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecPrintableStringContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+ }
+ if ( rc < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->value = result;
+
+ k->comp_desc = get_component_description (BASICTYPE_PRINTABLE_STR);
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : TeletexString
+ */
+
+int
+BDecComponentTeletexStringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+ return BDecComponentTeletexString ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentTeletexString( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentTeletexString* k, **k2;
+ AsnOid result;
+
+ k = (ComponentTeletexString*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentTeletexString**) v;
+ *k2 = (ComponentTeletexString*) CompAlloc( mem_op, sizeof( ComponentTeletexString ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ) {
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecTeletexString ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecTeletexStringContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+ }
+ if ( rc < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->value = result;
+
+ k->comp_desc = get_component_description (BASICTYPE_T61_STR);
+
+ return LDAP_SUCCESS;
+}
+
+
+/*
+ * Matching function : Real
+ */
+int
+MatchingComponentReal (char* oid, ComponentSyntaxInfo *csi_attr,
+ ComponentSyntaxInfo *csi_assert )
+{
+ int rc;
+ MatchingRule* mr;
+ ComponentReal *a, *b;
+
+ if( oid ) {
+ mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+ if ( mr )
+ return component_value_match( mr, csi_attr , csi_assert );
+ }
+ a = (ComponentReal*)csi_attr;
+ b = (ComponentReal*)csi_assert;
+ rc = (a->value == b->value);
+
+ return rc ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : Real
+ */
+int
+GEncComponentReal ( GenBuf *b, ComponentReal *in )
+{
+ GAsnReal t = {0};
+ if ( !in )
+ return (-1);
+ t.value = in->value;
+ return GEncAsnRealContent ( b, &t );
+}
+
+/*
+ * GSER Decoder : Real
+ */
+int
+GDecComponentReal ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen;
+ void* component_values;
+ ComponentReal* k, **k2;
+ GAsnReal result;
+
+ k = (ComponentReal*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentReal**) v;
+ *k2 = (ComponentReal*) CompAlloc( mem_op, sizeof( ComponentReal ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( GDecAsnRealContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->value = result.value;
+ k->comp_desc = get_component_description (BASICTYPE_REAL);
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : Real
+ */
+int
+BDecComponentRealTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+ return BDecComponentReal ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentReal ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentReal* k, **k2;
+ AsnReal result;
+
+ k = (ComponentReal*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentReal**) v;
+ *k2 = (ComponentReal*) CompAlloc( mem_op, sizeof( ComponentReal ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ){
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecAsnReal ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecAsnRealContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+ }
+ if ( rc < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->value = result;
+ k->comp_desc = get_component_description (BASICTYPE_REAL);
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Matching function : Relative OID
+ */
+int
+MatchingComponentRelativeOid ( char* oid, ComponentSyntaxInfo *csi_attr,
+ ComponentSyntaxInfo *csi_assert )
+{
+ int rc;
+ MatchingRule* mr;
+ ComponentRelativeOid *a, *b;
+
+ if( oid ) {
+ mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+ if ( mr )
+ return component_value_match( mr, csi_attr , csi_assert );
+ }
+
+ a = (ComponentRelativeOid*)csi_attr;
+ b = (ComponentRelativeOid*)csi_assert;
+
+ if ( a->value.octetLen != b->value.octetLen )
+ return LDAP_COMPARE_FALSE;
+ rc = ( strncmp( a->value.octs, b->value.octs, a->value.octetLen ) == 0 );
+
+ return rc ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : RELATIVE_OID.
+ */
+int
+GEncComponentRelativeOid ( GenBuf *b, ComponentRelativeOid *in )
+{
+ GAsnRelativeOid t = {0};
+
+ if ( !in || in->value.octetLen <= 0 )
+ return (-1);
+ t.value = in->value;
+ return GEncAsnRelativeOidContent ( b , (GAsnOcts*)&t );
+}
+
+/*
+ * GSER Decoder : RELATIVE_OID.
+ */
+int
+GDecComponentRelativeOid ( void* mem_op, GenBuf *b,void *v, AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen;
+ void* component_values;
+ ComponentRelativeOid* k, **k2;
+ GAsnRelativeOid result;
+
+ k = (ComponentRelativeOid*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentRelativeOid**) v;
+ *k2 = (ComponentRelativeOid*) CompAlloc( mem_op, sizeof( ComponentRelativeOid ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( GDecAsnRelativeOidContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->value = result.value;
+ k->comp_desc = get_component_description (BASICTYPE_OID);
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : RELATIVE_OID.
+ */
+int
+BDecComponentRelativeOidTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+ return BDecComponentRelativeOid ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentRelativeOid ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentRelativeOid* k, **k2;
+ AsnRelativeOid result;
+
+ k = (ComponentRelativeOid*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentRelativeOid**) v;
+ *k2 = (ComponentRelativeOid*) CompAlloc( mem_op, sizeof( ComponentRelativeOid ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ){
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecAsnRelativeOid ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecAsnRelativeOidContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+ }
+ if ( rc < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->value = result;
+ k->comp_desc = get_component_description (BASICTYPE_OID);
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * GSER Encoder : UniversalString
+ */
+int
+GEncComponentUniversalString ( GenBuf *b, ComponentUniversalString *in )
+{
+ GUniversalString t = {0};
+ if ( !in || in->value.octetLen <= 0 )
+ return (-1);
+ t.value = in->value;
+ return GEncUniversalStringContent( b, &t );
+}
+
+/*
+ * GSER Decoder : UniversalString
+ */
+static int
+UTF8toUniversalString( char* octs, int len){
+ /* Need to be Implemented */
+ return LDAP_SUCCESS;
+}
+
+int
+GDecComponentUniversalString ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+ if ( GDecComponentUTF8String ( mem_op, b, v, bytesDecoded, mode) < 0 )
+ UTF8toUniversalString( ((ComponentUniversalString*)v)->value.octs, ((ComponentUniversalString*)v)->value.octetLen );
+ return LDAP_DECODING_ERROR;
+}
+
+/*
+ * Component BER Decoder : UniverseString
+ */
+int
+BDecComponentUniversalStringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+ return BDecComponentUniversalString ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentUniversalString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentUniversalString* k, **k2;
+ UniversalString result;
+
+ k = (ComponentUniversalString*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentUniversalString**) v;
+ *k2 = (ComponentUniversalString*) CompAlloc( mem_op, sizeof( ComponentUniversalString ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ){
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecUniversalString ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecUniversalStringContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+ }
+ if ( rc < 0 ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->value = result;
+ k->comp_desc = get_component_description (BASICTYPE_UNIVERSAL_STR);
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : VisibleString
+ */
+int
+BDecComponentVisibleStringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+ return BDecComponentVisibleString ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentVisibleString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode )
+{
+ char* peek_head;
+ int i, strLen, rc;
+ void* component_values;
+ ComponentVisibleString* k, **k2;
+ VisibleString result;
+
+ k = (ComponentVisibleString*) v;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentVisibleString**) v;
+ *k2 = (ComponentVisibleString*) CompAlloc( mem_op, sizeof( ComponentVisibleString ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ( mode & CALL_TAG_DECODER ){
+ mode = mode & CALL_CONTENT_DECODER;
+ rc = BDecVisibleString ( mem_op, b, &result, bytesDecoded );
+ } else {
+ rc = BDecVisibleStringContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+ }
+ k->value = result;
+ k->comp_desc = get_component_description (BASICTYPE_VISIBLE_STR);
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Routines for handling an ANY DEFINED Type
+ */
+
+/* Check if the <select> type CR and the OID of the given ANY type */
+int
+CheckSelectTypeCorrect ( void* mem_op, ComponentAnyInfo* cai, struct berval* select ) {
+ int strLen;
+ AttributeType* ad_type;
+ char* oid;
+ char* result;
+
+ if ( IsNumericOid ( select->bv_val , select->bv_len ) ) {
+ oid = select->bv_val;
+ strLen = select->bv_len;
+ } else {
+ ad_type = at_bvfind( select );
+
+ if ( !ad_type )
+ return LDAP_DECODING_ERROR;
+
+ oid = ad_type->sat_atype.at_oid;
+ strLen = strlen ( oid );
+ }
+ result = EncodeComponentOid ( mem_op, oid , &strLen );
+ if ( !result || strLen <= 0 ) return (-1);
+
+ if ( cai->oid.octetLen == strLen &&
+ strncmp ( cai->oid.octs, result, strLen ) == 0 )
+ return (1);
+ else
+ return (-1);
+}
+
+int
+SetAnyTypeByComponentOid ( ComponentAny *v, ComponentOid *id ) {
+ Hash hash;
+ void *anyInfo;
+
+ /* use encoded oid as hash string */
+ hash = MakeHash (id->value.octs, id->value.octetLen);
+ if (CheckForAndReturnValue (anyOidHashTblG, hash, &anyInfo))
+ v->cai = (ComponentAnyInfo*) anyInfo;
+ else
+ v->cai = NULL;
+
+ if ( !v->cai ) {
+ /*
+ * If not found, the data considered as octet chunk
+ * Yet-to-be-Implemented
+ */
+ }
+ return LDAP_SUCCESS;
+}
+
+void
+SetAnyTypeByComponentInt( ComponentAny *v, ComponentInt id) {
+ Hash hash;
+ void *anyInfo;
+
+ hash = MakeHash ((char*)&id, sizeof (id));
+ if (CheckForAndReturnValue (anyIntHashTblG, hash, &anyInfo))
+ v->cai = (ComponentAnyInfo*) anyInfo;
+ else
+ v->cai = NULL;
+}
+
+int
+GEncComponentAny ( GenBuf *b, ComponentAny *in )
+{
+ if ( in->cai != NULL && in->cai->Encode != NULL )
+ return in->cai->Encode(b, &in->value );
+ else
+ return (-1);
+}
+
+int
+BEncComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode)
+{
+ ComponentAny *k, **k2;
+
+ k = (ComponentAny*) result;
+
+ if ( !k ) return (-1);
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentAny**) result;
+ *k2 = (ComponentAny*) CompAlloc( mem_op, sizeof( ComponentAny ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ((result->cai != NULL) && (result->cai->BER_Decode != NULL)) {
+ result->value = (void*) CompAlloc ( mem_op, result->cai->size );
+ if ( !result->value ) return 0;
+ result->cai->BER_Decode ( mem_op, b, result->value, (int*)bytesDecoded, DEC_ALLOC_MODE_1);
+
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !k->comp_desc ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentAny;
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAny;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAny;
+ k->comp_desc->cd_free = (comp_free_func*)FreeComponentAny;
+ k->comp_desc->cd_extract_i = NULL;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_type_id = BASICTYPE_ANY;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAny;
+ return LDAP_SUCCESS;
+ }
+ else {
+ Asn1Error ("ERROR - Component ANY Decode routine is NULL\n");
+ return 0;
+ }
+}
+
+int
+BDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode) {
+ int rc;
+ ComponentAny *k, **k2;
+
+ k = (ComponentAny*) result;
+
+ if ( !k ) return (-1);
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentAny**) result;
+ *k2 = (ComponentAny*) CompAlloc( mem_op, sizeof( ComponentAny ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+
+ if ((result->cai != NULL) && (result->cai->BER_Decode != NULL)) {
+ result->cai->BER_Decode ( mem_op, b, (ComponentSyntaxInfo*)&result->value, (int*)bytesDecoded, DEC_ALLOC_MODE_0 );
+
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !k->comp_desc ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentAny;
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAny;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAny;
+ k->comp_desc->cd_free = (comp_free_func*)FreeComponentAny;
+ k->comp_desc->cd_extract_i = NULL;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_type_id = BASICTYPE_ANY;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAny;
+ return LDAP_SUCCESS;
+ }
+ else {
+ Asn1Error ("ERROR - Component ANY Decode routine is NULL\n");
+ return 0;
+ }
+}
+
+int
+GDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode) {
+ ComponentAny *k, **k2;
+
+ k = (ComponentAny*) result;
+
+ if ( mode & DEC_ALLOC_MODE_0 ) {
+ k2 = (ComponentAny**) result;
+ *k2 = (ComponentAny*) CompAlloc( mem_op, sizeof( ComponentAny ) );
+ if ( !*k2 ) return LDAP_DECODING_ERROR;
+ k = *k2;
+ }
+ if ((result->cai != NULL) && (result->cai->GSER_Decode != NULL)) {
+ result->value = (void*) CompAlloc ( mem_op, result->cai->size );
+ if ( !result->value ) return 0;
+ result->cai->GSER_Decode ( mem_op, b, result->value, (int*)bytesDecoded, DEC_ALLOC_MODE_1);
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !k->comp_desc ) {
+ if ( k ) CompFree ( mem_op, k );
+ return LDAP_DECODING_ERROR;
+ }
+ k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentAny;
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAny;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAny;
+ k->comp_desc->cd_free = (comp_free_func*)FreeComponentAny;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_extract_i = NULL;
+ k->comp_desc->cd_type_id = BASICTYPE_ANY;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAny;
+ return LDAP_SUCCESS;
+ }
+ else {
+ Asn1Error ("ERROR - ANY Decode routine is NULL\n");
+ return 0;
+ }
+}
+
+int
+MatchingComponentAny (char* oid, ComponentAny *result, ComponentAny *result2) {
+ void *comp1, *comp2;
+
+ if ( result->comp_desc->cd_type_id == BASICTYPE_ANY )
+ comp1 = result->value;
+ else
+ comp1 = result;
+
+ if ( result2->comp_desc->cd_type_id == BASICTYPE_ANY )
+ comp2 = result2->value;
+ else
+ comp2 = result2;
+
+ if ((result->cai != NULL) && (result->cai->Match != NULL)) {
+ if ( result->comp_desc->cd_type_id == BASICTYPE_ANY )
+ return result->cai->Match(oid, comp1, comp2 );
+ else if ( result2->comp_desc->cd_type_id == BASICTYPE_ANY )
+ return result2->cai->Match(oid, comp1, comp2);
+ else
+ return LDAP_INVALID_SYNTAX;
+ }
+ else {
+ Asn1Error ("ERROR - ANY Matching routine is NULL\n");
+ return LDAP_INVALID_SYNTAX;
+ }
+}
+
+void*
+ExtractingComponentAny ( void* mem_op, ComponentReference* cr, ComponentAny *result ) {
+ if ((result->cai != NULL) && (result->cai->Extract != NULL)) {
+ return (void*) result->cai->Extract( mem_op, cr , result->value );
+ }
+ else {
+ Asn1Error ("ERROR - ANY Extracting routine is NULL\n");
+ return (void*)NULL;
+ }
+}
+
+void
+FreeComponentAny (ComponentAny* any) {
+ if ( any->cai != NULL && any->cai->Free != NULL ) {
+ any->cai->Free( any->value );
+ free ( ((ComponentSyntaxInfo*)any->value)->csi_comp_desc );
+ free ( any->value );
+ }
+ else
+ Asn1Error ("ERROR - ANY Free routine is NULL\n");
+}
+
+void
+InstallAnyByComponentInt (int anyId, ComponentInt intId, unsigned int size,
+ EncodeFcn encode, gser_decoder_func* G_decode,
+ ber_tag_decoder_func* B_decode, ExtractFcn extract,
+ MatchFcn match, FreeFcn free,
+ PrintFcn print)
+{
+ ComponentAnyInfo *a;
+ Hash h;
+
+ a = (ComponentAnyInfo*) malloc(sizeof (ComponentAnyInfo));
+ a->anyId = anyId;
+ a->oid.octs = NULL;
+ a->oid.octetLen = 0;
+ a->intId = intId;
+ a->size = size;
+ a->Encode = encode;
+ a->GSER_Decode = G_decode;
+ a->BER_Decode = B_decode;
+ a->Match = match;
+ a->Extract = extract;
+ a->Free = free;
+ a->Print = print;
+
+ if (anyIntHashTblG == NULL)
+ anyIntHashTblG = InitHash();
+
+ h = MakeHash ((char*)&intId, sizeof (intId));
+
+ if(anyIntHashTblG != NULL)
+ Insert(anyIntHashTblG, a, h);
+}
+
+
+/*
+ * OID and its corresponding decoder can be registerd with this func.
+ * If contained types constrained by <select> are used,
+ * their OID and decoder MUST be registered, otherwise it will return no entry.
+ * An open type(ANY type) also need be registered.
+ */
+void
+InstallOidDecoderMapping ( char* ch_oid, EncodeFcn encode, gser_decoder_func* G_decode, ber_tag_decoder_func* B_decode, ExtractFcn extract, MatchFcn match ) {
+ AsnOid oid;
+ int strLen;
+ void* mem_op;
+
+ strLen = strlen( ch_oid );
+ if( strLen <= 0 ) return;
+ mem_op = comp_nibble_memory_allocator ( 128, 16 );
+ oid.octs = EncodeComponentOid ( mem_op, ch_oid, &strLen );
+ oid.octetLen = strLen;
+ if( strLen <= 0 ) return;
+
+
+ InstallAnyByComponentOid ( 0, &oid, 0, encode, G_decode, B_decode,
+ extract, match, NULL, NULL);
+ comp_nibble_memory_free(mem_op);
+}
+
+/*
+ * Look up Oid-decoder mapping table by berval have either
+ * oid or description
+ */
+OidDecoderMapping*
+RetrieveOidDecoderMappingbyBV( struct berval* in ) {
+ if ( IsNumericOid ( in->bv_val, in->bv_len ) )
+ return RetrieveOidDecoderMappingbyOid( in->bv_val, in->bv_len );
+ else
+ return RetrieveOidDecoderMappingbyDesc( in->bv_val, in->bv_len );
+}
+
+/*
+ * Look up Oid-decoder mapping table by dotted OID
+ */
+OidDecoderMapping*
+RetrieveOidDecoderMappingbyOid( char* ch_oid, int oid_len ) {
+ Hash hash;
+ void *anyInfo;
+ AsnOid oid;
+ int strLen;
+ void* mem_op;
+
+ mem_op = comp_nibble_memory_allocator ( 128, 16 );
+ oid.octs = EncodeComponentOid ( mem_op, ch_oid, &oid_len);
+ oid.octetLen = oid_len;
+ if( oid_len <= 0 ) {
+ comp_nibble_memory_free( mem_op );
+ return NULL;
+ }
+
+ /* use encoded oid as hash string */
+ hash = MakeHash ( oid.octs, oid.octetLen);
+ comp_nibble_memory_free( mem_op );
+ if (CheckForAndReturnValue (anyOidHashTblG, hash, &anyInfo))
+ return (OidDecoderMapping*) anyInfo;
+ else
+ return (OidDecoderMapping*) NULL;
+
+}
+
+/*
+ * Look up Oid-decoder mapping table by description
+ */
+OidDecoderMapping*
+RetrieveOidDecoderMappingbyDesc( char* desc, int desc_len ) {
+ Hash hash;
+ void *anyInfo;
+ AsnOid oid;
+ AttributeType* ad_type;
+ struct berval bv;
+ void* mem_op;
+
+ bv.bv_val = desc;
+ bv.bv_len = desc_len;
+ ad_type = at_bvfind( &bv );
+
+ oid.octs = ad_type->sat_atype.at_oid;
+ oid.octetLen = strlen ( oid.octs );
+
+ if ( !ad_type )
+ return (OidDecoderMapping*) NULL;
+
+ mem_op = comp_nibble_memory_allocator ( 128, 16 );
+
+ oid.octs = EncodeComponentOid ( mem_op, oid.octs , (int*)&oid.octetLen );
+ if( oid.octetLen <= 0 ) {
+ comp_nibble_memory_free( mem_op );
+ return (OidDecoderMapping*) NULL;
+ }
+
+ /* use encoded oid as hash string */
+ hash = MakeHash ( oid.octs, oid.octetLen);
+ comp_nibble_memory_free( mem_op );
+ if (CheckForAndReturnValue (anyOidHashTblG, hash, &anyInfo))
+ return (OidDecoderMapping*) anyInfo;
+ else
+ return (OidDecoderMapping*) NULL;
+
+}
+void
+InstallAnyByComponentOid (int anyId, AsnOid *oid, unsigned int size,
+ EncodeFcn encode, gser_decoder_func* G_decode,
+ ber_tag_decoder_func* B_decode, ExtractFcn extract,
+ MatchFcn match, FreeFcn free, PrintFcn print)
+{
+ ComponentAnyInfo *a;
+ Hash h;
+
+ a = (ComponentAnyInfo*) malloc (sizeof (ComponentAnyInfo));
+ a->anyId = anyId;
+ if ( oid ) {
+ a->oid.octs = malloc( oid->octetLen );
+ memcpy ( a->oid.octs, oid->octs, oid->octetLen );
+ a->oid.octetLen = oid->octetLen;
+ }
+ a->size = size;
+ a->Encode = encode;
+ a->GSER_Decode = G_decode;
+ a->BER_Decode = B_decode;
+ a->Match = match;
+ a->Extract = extract;
+ a->Free = free;
+ a->Print = print;
+
+ h = MakeHash (oid->octs, oid->octetLen);
+
+ if (anyOidHashTblG == NULL)
+ anyOidHashTblG = InitHash();
+
+ if(anyOidHashTblG != NULL)
+ Insert(anyOidHashTblG, a, h);
+}
+
+int
+BDecComponentTop (
+ber_decoder_func *decoder _AND_
+void* mem_op _AND_
+GenBuf *b _AND_
+AsnTag tag _AND_
+AsnLen elmtLen _AND_
+void **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode) {
+ tag = BDecTag ( b, bytesDecoded );
+ elmtLen = BDecLen ( b, bytesDecoded );
+ if ( elmtLen <= 0 ) return (-1);
+ if ( tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE) ) {
+ return (-1);
+ }
+
+ return (*decoder)( mem_op, b, tag, elmtLen, (ComponentSyntaxInfo*)v,(int*)bytesDecoded, mode );
+}
+
+/*
+ * ASN.1 specification of a distinguished name
+ * DistinguishedName ::= RDNSequence
+ * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+ * RelativeDistinguishedName ::= SET SIZE(1..MAX) OF AttributeTypeandValue
+ * AttributeTypeandValue ::= SEQUENCE {
+ * type AttributeType
+ * value AttributeValue
+ * }
+ * When dnMatch/rdnMatch is used in a component assertion value
+ * the component in DistinguishedName/RelativeDistinguishedName
+ * need to be converted to the LDAP encodings in RFC2253
+ * in order to be matched against the assertion value
+ * If allComponentMatch is used, the assertion value may be
+ * decoded into the Internal Representation(Component Tree)
+ * by the corresponding GSER or BER decoder
+ * Following routine converts a component tree(DistinguishedName) into
+ * LDAP encodings in RFC2253
+ * Example)
+ * IR : ComponentRDNSequence
+ * GSER : { { type cn, value sang },{ type o, value ibm}, {type c, value us} }
+ * LDAP Encodings : cn=sang,o=ibm,c=us
+ */
+
+increment_bv_mem_by_size ( struct berval* in, int size ) {
+ int new_size = in->bv_len + size;
+ in->bv_val = realloc( in->bv_val, new_size );
+ in->bv_len = new_size;
+}
+
+int
+ConvertBER2Desc( char* in, int size, struct berval* out, int* pos ) {
+ int desc_size;
+ char* desc_ptr;
+ unsigned int firstArcNum;
+ unsigned int arcNum;
+ int i, rc, start_pos = *pos;
+ char buf[MAX_OID_LEN];
+ AttributeType *at;
+ struct berval bv_name;
+
+ /*convert BER oid to desc*/
+ for ( i = 0, arcNum = 0; (i < size) && (in[i] & 0x80 ); i++ )
+ arcNum = (arcNum << 7) + (in[i] & 0x7f);
+ arcNum = (arcNum << 7) + (in[i] & 0x7f);
+ i++;
+ firstArcNum = (unsigned short)(arcNum/40);
+ if ( firstArcNum > 2 )
+ firstArcNum = 2;
+
+ arcNum = arcNum - (firstArcNum * 40 );
+
+ rc = intToAscii ( arcNum, buf );
+
+ /*check if the buffer can store the first/second arc and two dots*/
+ if ( out->bv_len < *pos + 2 + 1 + rc )
+ increment_bv_mem_by_size ( out, INCREMENT_SIZE );
+
+ if ( firstArcNum == 1)
+ out->bv_val[*pos] = '1';
+ else
+ out->bv_val[*pos] = '2';
+ (*pos)++;
+ out->bv_val[*pos] = '.';
+ (*pos)++;
+
+ memcpy( out->bv_val + *pos, buf, rc );
+ *pos += rc;
+ out->bv_val[*pos] = '.';
+ (*pos)++;
+
+ for ( ; i < size ; ) {
+ for ( arcNum=0; (i < size) && (in[i] & 0x80) ; i++ )
+ arcNum = (arcNum << 7) + (in[i] & 0x7f);
+ arcNum = (arcNum << 7) + (in[i] & 0x7f);
+ i++;
+
+ rc = intToAscii ( arcNum, buf );
+
+ if ( out->bv_len < *pos + rc + 1 )
+ increment_bv_mem_by_size ( out, INCREMENT_SIZE );
+
+ memcpy( out->bv_val + *pos, buf, rc );
+ *pos += rc;
+ out->bv_val[*pos] = '.';
+ (*pos)++;
+ }
+ (*pos)--;/*remove the last '.'*/
+
+ /*
+ * lookup OID database to locate desc
+ * then overwrite OID with desc in *out
+ * If failed to look up desc, OID form is used
+ */
+ bv_name.bv_val = out->bv_val + start_pos;
+ bv_name.bv_len = *pos - start_pos;
+ at = at_bvfind( &bv_name );
+ if ( !at )
+ return LDAP_SUCCESS;
+ desc_size = at->sat_cname.bv_len;
+ memcpy( out->bv_val + start_pos, at->sat_cname.bv_val, desc_size );
+ *pos = start_pos + desc_size;
+ return LDAP_SUCCESS;
+}
+
+int
+ConvertComponentAttributeTypeAndValue2RFC2253 ( irAttributeTypeAndValue* in, struct berval* out, int *pos ) {
+ int rc;
+ int value_size = ((ComponentUTF8String*)in->value.value)->value.octetLen;
+ char* value_ptr = ((ComponentUTF8String*)in->value.value)->value.octs;
+
+ rc = ConvertBER2Desc( in->type.value.octs, in->type.value.octetLen, out, pos );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ if ( out->bv_len < *pos + 1/*for '='*/ )
+ increment_bv_mem_by_size ( out, INCREMENT_SIZE );
+ /*Between type and value, put '='*/
+ out->bv_val[*pos] = '=';
+ (*pos)++;
+
+ /*Assume it is string*/
+ if ( out->bv_len < *pos + value_size )
+ increment_bv_mem_by_size ( out, INCREMENT_SIZE );
+ memcpy( out->bv_val + *pos, value_ptr, value_size );
+ out->bv_len += value_size;
+ *pos += value_size;
+
+ return LDAP_SUCCESS;
+}
+
+int
+ConvertRelativeDistinguishedName2RFC2253 ( irRelativeDistinguishedName* in, struct berval *out , int* pos) {
+ irAttributeTypeAndValue* attr_typeNvalue;
+ int rc;
+
+
+ FOR_EACH_LIST_ELMT( attr_typeNvalue, &in->comp_list)
+ {
+ rc = ConvertComponentAttributeTypeAndValue2RFC2253( attr_typeNvalue, out, pos );
+ if ( rc != LDAP_SUCCESS ) return LDAP_INVALID_SYNTAX;
+
+ if ( out->bv_len < *pos + 1/*for '+'*/ )
+ increment_bv_mem_by_size ( out, INCREMENT_SIZE );
+ /*between multivalued RDNs, put comma*/
+ out->bv_val[(*pos)++] = '+';
+ }
+ (*pos)--;/*remove the last '+'*/
+ return LDAP_SUCCESS;
+}
+
+int
+ConvertRDN2RFC2253 ( irRelativeDistinguishedName* in, struct berval *out ) {
+ int rc, pos = 0;
+ out->bv_val = (char*)malloc( INITIAL_DN_SIZE );
+ out->bv_len = INITIAL_DN_SIZE;
+
+ rc = ConvertRelativeDistinguishedName2RFC2253 ( in, out , &pos);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ out->bv_val[pos] = '\0';
+ out->bv_len = pos;
+ return LDAP_SUCCESS;
+}
+
+int
+ConvertRDNSequence2RFC2253( irRDNSequence *in, struct berval* out ) {
+ irRelativeDistinguishedName* rdn_seq;
+ AsnList* seq = &in->comp_list;
+ int pos = 0, rc ;
+
+ out->bv_val = (char*)malloc( INITIAL_DN_SIZE );
+ out->bv_len = INITIAL_DN_SIZE;
+
+ FOR_EACH_LIST_ELMT( rdn_seq, seq )
+ {
+ rc = ConvertRelativeDistinguishedName2RFC2253( rdn_seq, out, &pos );
+ if ( rc != LDAP_SUCCESS ) return LDAP_INVALID_SYNTAX;
+
+ if ( out->bv_len < pos + 1/*for ','*/ )
+ increment_bv_mem_by_size ( out, INCREMENT_SIZE );
+ /*Between RDN, put comma*/
+ out->bv_val[pos++] = ',';
+ }
+ pos--;/*remove the last '+'*/
+ out->bv_val[pos] = '\0';
+ out->bv_len =pos;
+ return LDAP_SUCCESS;
+}
+
+#endif
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/componentlib.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/componentlib.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/componentlib.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,593 @@
+/* Copyright 2004 IBM Corporation
+ * All rights reserved.
+ * Redisribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorizd by the OpenLADP
+ * Public License.
+ */
+/* ACKNOWLEDGEMENTS
+ * This work originally developed by Sang Seok Lim
+ * 2004/06/18 03:20:00 slim at OpenLDAP.org
+ */
+
+#ifndef _H_COMPONENT_MODULE
+#define _H_COMPONENT_MODULE
+
+#include "portable.h"
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ldap_pvt.h>
+#include "lutil.h"
+#include <ldap.h>
+#include <slap.h>
+#include <component.h>
+
+#include <asn-incl.h>
+#include "asn.h"
+#include <asn-gser.h>
+#include <string.h>
+
+#define MAX_IDENTIFIER_LEN 32
+#define COMPONENTNOT_NULL(ptr) ((ptr) != NULL)
+
+typedef struct slap_component_type {
+ /*
+ * Don't change the order of following fields
+ * They are identical the first 9 fields of
+ * AttributeType
+ */
+ LDAPAttributeType ct_atype;
+ struct berval ct_cname;
+ struct slap_attribute_type *ct_sup;
+ struct slap_attribute_type **ct_subtypes;
+ MatchingRule *ct_equality;
+ MatchingRule *ct_approx;
+ MatchingRule *ct_ordering;
+ MatchingRule *ct_substr;
+ Syntax *ct_syntax;
+} ComponentType;
+
+
+/*
+ * BIT STRING
+ */
+typedef struct ComponentBits {
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ AsnBits value;
+} ComponentBits;
+
+#define GASNBITS_PRESENT(abits) ((abits)->value.bits != NULL)
+#define COMPONENTBITS_PRESENT(abits) ((abits)->value.bits != NULL)
+int GEncComponentBits (GenBuf *b, ComponentBits* bits);
+int GDecComponentBits (void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentBits (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentBits (char* oid, ComponentSyntaxInfo *bits1 , ComponentSyntaxInfo* bits2);
+#define ExtractingComponentBits( mem_op, cr,data ) NULL
+
+/*
+ * BMP String
+ */
+typedef struct ComponentBMPString {
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ BMPString value;
+} ComponentBMPString;
+
+int GEncComponentBMPString (GenBuf *b, ComponentBMPString* bmp);
+int GDecComponentBMPString (void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentBMPString (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+#define MatchingComponentBMPString MatchingComponentOcts
+#define ExtractingComponentBMPString( mem_op, cr, data ) NULL
+#define FreeComponentBMPString FreeComponentOcts
+
+/*
+ * BOOLEAN
+ */
+typedef struct ComponentBool {
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ AsnBool value;
+} ComponentBool;
+
+int GEncComponentBool (GenBuf *b, ComponentBool * bool );
+int GDecComponentBool ( void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentBool ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentBool (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
+#define ExtractingComponentBool( mem_op, cr, data ) NULL
+#define FreeComponentBool(v) NULL
+
+/*
+ * ENUMERTED
+ */
+typedef struct ComponentEnum {
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ AsnEnum value;
+ struct berval value_identifier;/*Why this value is defined here?*/
+} ComponentEnum;
+
+int GEncComponentEnum (GenBuf *b, ComponentEnum* comp_enum);
+int GDecComponentEnum ( void* mem_op, GenBuf *a, void *result, AsnLen *bytesDecoded,int mode);
+int BDecComponentEnum ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentEnum (char *oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo * b);
+#define ExtractingComponentEnum( mem_op, cr, data ) NULL
+#define FreeComponentEnum FreeComponentInt
+
+/*
+ * IA5 String
+ */
+typedef struct ComponentIA5String {
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ IA5String value;
+} ComponentIA5String;
+
+#define GEncComponentIA5String GEncComponentUTF8String
+#define GDecComponentIA5String GDecComponentUTF8String
+int
+BDecComponentIA5StringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode );
+int BDecComponentIA5String ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+#define MatchingComponentIA5String MatchingComponentOcts
+#define ExtractingComponentIA5String(mem_op, cr,data) NULL
+#define FreeComponentIA5String FreeComponentOcts
+
+
+/*
+ * INTEGER
+ */
+typedef struct ComponentInt {
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ int value;
+} ComponentInt;
+
+#define GNOT_NULL(ptr) ((ptr) != NULL)
+int GEncComponentInt (GenBuf *b, ComponentInt *comp_int);
+int GDecComponentInt ( void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode );
+int BDecComponentInt ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentInt (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
+#define ExtractingComponentInt(mem_op, cr,data) NULL
+#define FreeComponentInt(v) NULL
+
+/*
+ * LIST Data Structure for C_LIST
+ */
+typedef struct ComponentList {
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ AsnList comp_list;
+} ComponentList;
+
+/*
+ * NULL
+ */
+typedef struct ComponentNull {
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ AsnNull value;
+} ComponentNull;
+
+int GEncComponentNull (GenBuf *b, ComponentNull* comp_null);
+int GDecComponentNull ( void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentNull ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentNullTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode );
+int MatchingComponentNull (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
+#define ExtractingComponentNull(mem_op, cr, data) NULL
+#define FreeComponentNull NULL
+
+/*
+ * Numeric String
+ */
+typedef struct ComponentNumericString {
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ NumericString value;
+} ComponentNumericString;
+
+#define GEncComponentNumericString GEncComponentUTF8String
+#define GDecComponentNumericString GDecComponentUTF8String
+int BDecComponentNumericString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+#define MatchingComponentNumericString MatchingComponentOcts
+#define ExtractingComponentNumericString(mem_op, cr,data) NULL
+#define FreeComponentNumericString FreeComponentOcts
+
+/*
+ * OCTETS STRING
+ */
+typedef struct ComponentOcts {
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ AsnOcts value;
+} ComponentOcts;
+
+#define GASNOCTS_PRESENT(aocts) ((aocts)->value.octs != NULL)
+int GEncComponentOcts (GenBuf *b, ComponentOcts *octs);
+int GDecComponentOcts (void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentOctsTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode );
+int BDecComponentOcts (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentOcts (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
+#define ExtractingComponentOcts(mem_op,cr,data) NULL
+void FreeComponentOcts( ComponentOcts* octs );
+
+/*
+ * OID (Object Identifier)
+ */
+typedef struct ComponentOid {
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ AsnOid value;
+} ComponentOid;
+
+#define GASNOID_PRESENT(aoid) ASNOCTS_PRESENT(aoid)
+int GEncComponentOid (GenBuf *b, ComponentOid *oid);
+int GDecComponentOid (void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentOid (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentOid (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
+#define ExtractingComponentOid(mem_op, cr, data) NULL
+#define FreeComponentOid FreeComponentOcts
+
+/*
+ * Printable String
+ */
+typedef struct ComponentPrintableString{
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ PrintableString value;
+} ComponentPrintableString;
+#define GEncComponentPrintableString GEncComponentUTF8String
+#define GDecComponentPrintableString GDecComponentUTF8String
+int BDecComponentPrintableString (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentPrintableStringTag (void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode );
+#define MatchingComponentPrintableString MatchingComponentOcts
+#define ExtractingComponentPrintableString(mem_op, cr, data) NULL
+#define FreeComponentPrintableString FreeComponentOcts
+
+/*
+ * REAL
+ */
+typedef struct ComponentReal{
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ AsnReal value;
+} ComponentReal;
+
+int GEncComponentReal (GenBuf *b, ComponentReal* comp_real);
+int GDecComponentReal (void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentReal (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentReal (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
+#define ExtractingComponentReal( mem_op, cr, data ) NULL
+#define FreeComponentReal(v) NULL
+
+/*
+ * Relative OID
+ */
+
+typedef struct ComponentRelativeOid {
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ AsnRelativeOid value;
+} ComponentRelativeOid;
+
+int GEncComponentRelativeOid (GenBuf *b, ComponentRelativeOid *r_oid);
+int GDecComponentRelativeOid ( void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentRelativeOid ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentRelativeOid (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
+#define ExtractingComponentRelativeOid( mem_op, cr, data ) NULL
+#define FreeComponentRelativeOid FreeComponentOid
+
+/*
+ * Teletex String
+ */
+typedef struct ComponentTeletexString {
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ TeletexString value;
+} ComponentTeletexString;
+
+int GEncComponentTeletexString (GenBuf *b, ComponentTeletexString * tel_str);
+int GDecComponentTeletexString ( void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode );
+int BDecComponentTeletexStringTag (void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode );
+int BDecComponentTeletexString( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode );
+#define MatchingComponentTeletexString MatchingComponentOcts
+#define ExtractingComponentTeletexString(mem_op,cr,data)
+#define FreeComponentTeletexString FreeComponentOcts
+
+
+/*
+ * Universal String
+ */
+typedef struct ComponentUniversalString{
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ UniversalString value;
+} ComponentUniversalString;
+
+int GEncComponentUniversalString (GenBuf *b, ComponentUniversalString* uni_str);
+int GDecComponentUniversalString ( void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentUniversalString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+#define MatchingComponentUniversalString MatchingComponentOcts
+#define ExtractingComponentUniversalString(mem_op,cr,data)
+#define FreeComponentUniversalString FreeComponentOcts
+
+/*
+ * UTF8 String
+ */
+typedef struct ComponentUTF8String{
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ UTF8String value;
+} ComponentUTF8String;
+
+int GEncComponentUTF8String (GenBuf *b, ComponentUTF8String * utf_str);
+int GDecComponentUTF8String (void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentUTF8String (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+#define MatchingComponentUTF8String MatchingComponentOcts
+#define ExtractingComponentUTF8String(mem_op,cr,data)
+#define FreeComponentUTF8String FreeComponentOcts
+
+/*
+ * Visible String
+ */
+typedef struct ComponentVisibleString{
+ void* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ VisibleString value;
+} ComponentVisibleString;
+
+#define GEncComponentVisibleString GEncComponentUTF8String
+#define GDecComponentVisibleString GDecComponentUTF8String
+int BDecComponentVisibleString (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+#define MatchingComponentVisibleString MatchingComponentOcts
+#define ExtractingComponentVisibleString(mem_op,cr,data)
+#define FreeComponentVisibleString FreeComponentOcts
+
+/*
+ * ANY and ANY DEFINED BY
+ */
+
+typedef int (*MatchFcn) (char*, void*, void*);
+typedef void* (*ExtractFcn) (void*, ComponentReference*, void * );
+
+typedef struct ComponentAnyInfo
+{
+ int anyId;
+ AsnOid oid;
+ ComponentInt intId;
+ unsigned int size;
+ EncodeFcn Encode;
+ gser_decoder_func* GSER_Decode;
+ ber_tag_decoder_func* BER_Decode;
+ ExtractFcn Extract;
+ MatchFcn Match;
+ FreeFcn Free;
+ PrintFcn Print;
+} ComponentAnyInfo;
+
+typedef struct ComponentAnyInfo OidDecoderMapping ;
+
+typedef struct ComponentAny{
+ void* syntax;
+ ComponentDesc *comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentAnyInfo *cai;
+ void *value;
+} ComponentAny;
+
+typedef ComponentAny ComponentAnyDefinedBy;
+
+#define BDecComponentAnyDefinedBy BDecComponentAny
+#define GDecComponentAnyDefinedBy GDecComponentAny
+#define MatchingComponentAnyDefinedBy MatchingComponentAny
+#define FreeComponentAnyDefinedBy FreeComponentAny
+
+int GEncComponentAny (GenBuf *b, ComponentAny *comp_any);
+int BDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode);
+int GDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentAny (char* oid, ComponentAny *a, ComponentAny *b);
+void FreeComponentAny ( ComponentAny*);
+
+void InstallAnyByComponentInt (int anyId, ComponentInt intId, unsigned int size, EncodeFcn encode, gser_decoder_func* G_decode, ber_tag_decoder_func B_decode, ExtractFcn extract, MatchFcn match, FreeFcn free, PrintFcn print);
+
+void InstallAnyByComponentOid (int anyId, AsnOid *oid, unsigned int size, EncodeFcn encode, gser_decoder_func* G_decode, ber_tag_decoder_func* B_decode, ExtractFcn extract, MatchFcn match, FreeFcn free, PrintFcn print);
+
+int CheckSelectTypeCorrect ( void* mem_op, ComponentAnyInfo *v, struct berval* select );
+
+OidDecoderMapping* RetrieveOidDecoderMappingbyBV( struct berval* in );
+OidDecoderMapping* RetrieveOidDecoderMappingbyOid( char* ch_oid, int oid_len );
+OidDecoderMapping* RetrieveOidDecoderMappingbyDesc( char* desc, int desc_len );
+/*
+ * UTCTime
+ */
+typedef ComponentVisibleString ComponentUTCTime;
+#define GEncComponentUTCTime GEncComponentUTF8String
+#define GDecComponentUTCTime GDecComponentVisibleString
+#define BDecComponentUTCTime BDecComponentOcts
+#define MatchingComponentUTCTime MatchingComponentOcts
+#define ExtractingComponentUTCTime(mem_op,cr,data) NULL
+#define FreeComponentUTCTime FreeComponentOcts
+
+/*
+ * GeneralizedTime
+ */
+typedef ComponentVisibleString ComponentGeneralizedTime;
+int GEncComponentGeneralizedTime (GenBuf *b, ComponentGeneralizedTime *gen_time);
+#define GDecComponentGeneralizedTime GDecComponentVisibleString
+#define BDecComponentGeneralizedTime BDecComponentOcts
+#define MatchingComponentGeneralizedTime MatchingComponentOcts
+#define ExtractingComponentGeneralizedTime(mem_op,cr,data) NULL
+#define FreeComponentGeneralizedTime FreeComponentOcts
+
+typedef int converter_func LDAP_P ((
+ struct berval* in ));
+
+typedef struct asntype_to_syntax {
+ AsnTypeId ats_typeId;
+ /* Syntax Descriptor */
+ char *ats_syn_name;
+ /* Syntax OID */
+ char *ats_syn_oid;
+ Syntax *ats_syn;
+} AsnTypetoSyntax;
+
+typedef struct asntype_to_comp_matchingrule {
+ AsnTypeId atc_typeId;
+ char* atc_equality;
+ char* atc_approx;
+ char* atc_ordering;
+ char* atc_substr;
+} AsnTypetoCompMatchingRule;
+
+typedef struct asntype_to_comp_desc {
+ AsnTypeId atcd_typeId;
+ ComponentDesc atcd_cd;
+} AsnTypetoCompDesc;
+
+typedef struct asntype_to_comp_type {
+ AsnTypeId ac_asn_id;
+ ComponentType ac_comp_type;
+} AsnTypetoCompType;
+
+/* refined matching purpose */
+typedef struct asntype_to_matchingrule {
+ AsnTypeId atmr_typeId;
+ char* atmr_mr_name;
+ /*Implicitly corresponding LDAP syntax OID*/
+ char* atmr_syn_oid;
+ MatchingRule *atmr_mr;
+} AsnTypetoMatchingRule;
+
+typedef struct asntype_to_matchingrule_table {
+ char* atmr_oid;
+ struct asntype_to_matchingrule atmr_table[ASNTYPE_END];
+ struct asntype_to_matchingrule_table* atmr_table_next;
+} AsnTypetoMatchingRuleTable;
+
+#define MAX_OID_LEN 256
+#define MAX_OD_ENTRY 8
+
+/*
+ * Object Identifier and corresponding Syntax Decoder Table
+ */
+typedef struct OID_Decoder_entry {
+ char oe_oid[MAX_OID_LEN];
+ gser_decoder_func* oe_gser_decoder;
+ ber_decoder_func* oe_ber_decoder;
+ converter_func* oe_converter;
+ struct OID_Decoder_entry* oe_next;
+ struct OID_Decoder_entry* oe_prev;
+} OD_entry;
+
+void
+m_convert_asn_to_ldap ( ComponentSyntaxInfo* csi, struct berval* bv);
+int
+m_convert_assert_to_comp ( gser_decoder_func* decoder, struct berval* bv,
+ ComponentSyntaxInfo** csi, int len, int mode );
+void*
+m_convert_attr_to_comp ( Attribute* a, struct berval* bv );
+
+/*
+ * Decoder Modes
+ * Different operation is required to handle Decoding(2), Extracted Component
+ * decoding(0), ANY DEFINED TYPe(2)
+ * b0 : Component Alloc(yes)
+ * Constructed type : Component Alloc (Yes)
+ * Primitive type : Component Alloc (Yes)
+ * set to mode 2 in inner decoders
+ * b1 : Component Alloc (No)
+ * Constructed type : Component Alloc (No)
+ * Primitive type : Component Alloc (No)
+ * set to mode 2 in inner decoders
+ * b2 : Default Mode
+ * Constructed type : Component Alloc (Yes)
+ * Primitive type : Component Alloc (No)
+ * in addition to above modes, the 4th bit has special meaning,
+ * b4 : if the 4th bit is clear, DecxxxContent is called
+ * b4 : if the 4th bit is set, Decxxx is called, then it is cleared.
+ */
+#define DEC_ALLOC_MODE_0 0x01
+#define DEC_ALLOC_MODE_1 0x02
+#define DEC_ALLOC_MODE_2 0x04
+#define CALL_TAG_DECODER 0x08
+#define CALL_CONTENT_DECODER ~0x08
+
+#define OID_ALL_COMP_MATCH "1.2.36.79672281.1.13.6"
+#define OID_COMP_FILTER_MATCH "1.2.36.79672281.1.13.2"
+#define MAX_LDAP_STR_LEN 128
+
+MatchingRule*
+retrieve_matching_rule( char* mr_oid, AsnTypeId type );
+
+#define INITIAL_DN_SIZE 128
+#define INITIAL_ATTR_SIZE 256
+#define INCREMENT_SIZE 32
+/*
+ * Followings are for conversion from ASN.1 RDN and DN to
+ * LDAP encodings
+ */
+#define MAX_ALIASING_ENTRY 128
+int increment_bv_mem ( struct berval* in );
+int intToAscii ( int value, char* buf );
+typedef ComponentList irRDNSequence;
+typedef ComponentList irRelativeDistinguishedName;
+typedef ComponentOid irAttributeType;
+typedef struct comp_irAttributeTypeAndValue /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ irAttributeType type; /* AttributeType */
+ ComponentAnyDefinedBy value; /* ANY DEFINED BY type */
+} irAttributeTypeAndValue;
+#define RDN_MATCH_OID "1.2.36.79672281.1.13.3"
+#define DN_MATCH_OID "2.5.13.1"
+
+extern AsnTypetoSyntax asn_to_syntax_mapping_tbl[];
+extern AsnTypetoCompMatchingRule asntype_to_compMR_mapping_tbl[];
+extern AsnTypetoCompType asntype_to_compType_mapping_tbl[];
+extern AsnTypetoCompDesc asntype_to_compdesc_mapping_tbl[];
+
+int ConvertRDN2RFC2253 ( irRelativeDistinguishedName* in, struct berval *out );
+int ConvertRDNSequence2RFC2253( irRDNSequence *in, struct berval* out );
+
+void* comp_nibble_memory_allocator ( int init_mem, int inc_mem );
+
+ComponentDesc* get_ComponentDesc( int id );
+#endif
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/crl.c
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/crl.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/crl.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1294 @@
+/*
+ * crl.c
+ * "CertificateRevokationList" ASN.1 module encode/decode/extracting/matching/free C src.
+ * This file was generated by modified eSMACC compiler Fri Jan 21 11:25:24 2005
+ * The generated files are supposed to be compiled as a module for OpenLDAP Software
+ */
+
+#include "crl.h"
+
+BDecComponentCertificateListTop( void* mem_op, GenBuf* b, void *v, AsnLen* bytesDecoded,int mode) {
+ AsnTag tag;
+ AsnLen elmtLen;
+
+ tag = BDecTag ( b, bytesDecoded );
+ elmtLen = BDecLen ( b, bytesDecoded );
+ if ( elmtLen <= 0 ) return (-1);
+ if ( tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE) ) {
+ return (-1);
+ }
+
+ return BDecComponentCertificateList( mem_op, b, tag, elmtLen, ( ComponentCertificateList**)v, (AsnLen*)bytesDecoded, mode );
+}
+
+
+void init_module_CertificateRevokationList() {
+ InstallOidDecoderMapping( "2.5.4.39", NULL,
+ GDecComponentCertificateList,
+ BDecComponentCertificateListTop,
+ ExtractingComponentCertificateList,
+ MatchingComponentCertificateList);
+}
+
+int
+MatchingComponentTBSCertListSeqOfSeq ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ rc = 1;
+ rc = MatchingComponentCertificateSerialNumber ( oid, (ComponentSyntaxInfo*)&((ComponentTBSCertListSeqOfSeq*)csi_attr)->userCertificate, (ComponentSyntaxInfo*)&((ComponentTBSCertListSeqOfSeq*)csi_assert)->userCertificate );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentTime ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertListSeqOfSeq*)csi_attr)->revocationDate, (ComponentSyntaxInfo*)((ComponentTBSCertListSeqOfSeq*)csi_assert)->revocationDate );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ if(COMPONENTNOT_NULL( ((ComponentTBSCertListSeqOfSeq*)csi_attr)->crlEntryExtensions ) ) {
+ rc = MatchingComponentExtensions ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertListSeqOfSeq*)csi_attr)->crlEntryExtensions, (ComponentSyntaxInfo*)((ComponentTBSCertListSeqOfSeq*)csi_assert)->crlEntryExtensions );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ }
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentTBSCertListSeqOfSeq */
+
+void*
+ExtractingComponentTBSCertListSeqOfSeq ( void* mem_op, ComponentReference* cr, ComponentTBSCertListSeqOfSeq *comp )
+{
+
+ if ( ( comp->userCertificate.identifier.bv_val && strncmp(comp->userCertificate.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->userCertificate.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->userCertificate;
+ else
+ return NULL;
+ }
+ if ( ( comp->revocationDate->identifier.bv_val && strncmp(comp->revocationDate->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->revocationDate->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->revocationDate;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentTime ( mem_op, cr, comp->revocationDate );
+ }
+ }
+ if ( ( comp->crlEntryExtensions->identifier.bv_val && strncmp(comp->crlEntryExtensions->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->crlEntryExtensions->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->crlEntryExtensions;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentExtensions ( mem_op, cr, comp->crlEntryExtensions );
+ }
+ }
+ return NULL;
+} /* ExtractingComponentTBSCertListSeqOfSeq */
+
+int
+BDecComponentTBSCertListSeqOfSeq PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentTBSCertListSeqOfSeq **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ AsnLen totalElmtsLen2 = 0;
+ AsnLen elmtLen2;
+ AsnTag tagId2;
+ int old_mode = mode;
+ int rc;
+ ComponentTBSCertListSeqOfSeq *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentCertificateSerialNumber (mem_op, b, tagId1, elmtLen1, (&k->userCertificate), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->userCertificate)->identifier.bv_val = (&k->userCertificate)->id_buf;
+ (&k->userCertificate)->identifier.bv_len = strlen("userCertificate");
+ strcpy( (&k->userCertificate)->identifier.bv_val, "userCertificate");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE)) ||
+ (tagId1 ==MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE))||
+ (tagId1 == MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentTime (mem_op, b, tagId1, elmtLen1, (&k->revocationDate), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->revocationDate)->identifier.bv_val = (k->revocationDate)->id_buf;
+ (k->revocationDate)->identifier.bv_len = strlen("revocationDate");
+ strcpy( (k->revocationDate)->identifier.bv_val, "revocationDate");
+ if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+ seqDone = TRUE;
+ else
+ {
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+ {
+ BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+ seqDone = TRUE;
+ }
+ }
+ }
+ else
+ return -1;
+
+
+
+ if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentExtensions (mem_op, b, tagId1, elmtLen1, (&k->crlEntryExtensions), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->crlEntryExtensions)->identifier.bv_val = (k->crlEntryExtensions)->id_buf;
+ (k->crlEntryExtensions)->identifier.bv_len = strlen("crlEntryExtensions");
+ strcpy( (k->crlEntryExtensions)->identifier.bv_val, "crlEntryExtensions");
+ seqDone = TRUE;
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ else if (totalElmtsLen1 != elmtLen0)
+ return -1;
+
+ }
+
+
+ if (!seqDone)
+ return -1;
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentTBSCertListSeqOfSeq*) CompAlloc( mem_op, sizeof(ComponentTBSCertListSeqOfSeq) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertListSeqOfSeq ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertListSeqOfSeq ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertListSeqOfSeq;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertListSeqOfSeq;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecTBSCertListSeqOfSeq*/
+
+int
+GDecComponentTBSCertListSeqOfSeq PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentTBSCertListSeqOfSeq **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentTBSCertListSeqOfSeq *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if ( strncmp( peek_head, "userCertificate", strlen("userCertificate") ) == 0 ) {
+ rc = GDecComponentCertificateSerialNumber (mem_op, b, (&k->userCertificate), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->userCertificate)->identifier.bv_val = peek_head;
+ (&k->userCertificate)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "revocationDate", strlen("revocationDate") ) == 0 ) {
+ rc = GDecComponentTime (mem_op, b, (&k->revocationDate), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->revocationDate)->identifier.bv_val = peek_head;
+ ( k->revocationDate)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "crlEntryExtensions", strlen("crlEntryExtensions") ) == 0 ) {
+ rc = GDecComponentExtensions (mem_op, b, (&k->crlEntryExtensions), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->crlEntryExtensions)->identifier.bv_val = peek_head;
+ ( k->crlEntryExtensions)->identifier.bv_len = strLen;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+ Asn1Error("Error during Reading } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '}'){
+ Asn1Error("Missing } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentTBSCertListSeqOfSeq*) CompAlloc( mem_op, sizeof(ComponentTBSCertListSeqOfSeq) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertListSeqOfSeq ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertListSeqOfSeq ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertListSeqOfSeq;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertListSeqOfSeq;
+ return LDAP_SUCCESS;
+} /* GDecTBSCertListSeqOfSeq*/
+
+
+int
+MatchingComponentTBSCertListSeqOf ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+ void* component1, *component2;
+ AsnList *v1, *v2, t_list;
+
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ v1 = &((ComponentTBSCertListSeqOf*)csi_attr)->comp_list;
+ v2 = &((ComponentTBSCertListSeqOf*)csi_assert)->comp_list;
+ FOR_EACH_LIST_PAIR_ELMT(component1, component2, v1, v2)
+ {
+ if( MatchingComponentTBSCertListSeqOfSeq(oid, (ComponentSyntaxInfo*)component1, (ComponentSyntaxInfo*)component2) == LDAP_COMPARE_FALSE) {
+ return LDAP_COMPARE_FALSE;
+ }
+ } /* end of for */
+
+ AsnListFirst( v1 );
+ AsnListFirst( v2 );
+ if( (!component1 && component2) || (component1 && !component2))
+ return LDAP_COMPARE_FALSE;
+ else
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentTBSCertListSeqOfContent */
+
+void*
+ExtractingComponentTBSCertListSeqOf ( void* mem_op, ComponentReference* cr, ComponentTBSCertListSeqOf *comp )
+{
+ int count = 0;
+ int total;
+ AsnList *v = &comp->comp_list;
+ ComponentInt *k;
+ ComponentTBSCertListSeqOfSeq *component;
+
+
+ switch ( cr->cr_curr->ci_type ) {
+ case LDAP_COMPREF_FROM_BEGINNING :
+ count = cr->cr_curr->ci_val.ci_from_beginning;
+ FOR_EACH_LIST_ELMT( component , v ) {
+ if( --count == 0 ) {
+ if( cr->cr_curr->ci_next == NULL )
+ return component;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentTBSCertListSeqOfSeq ( mem_op, cr, component );
+ }
+ }
+ }
+ break;
+ case LDAP_COMPREF_FROM_END :
+ total = AsnListCount ( v );
+ count = cr->cr_curr->ci_val.ci_from_end;
+ count = total + count +1;
+ FOR_EACH_LIST_ELMT ( component, v ) {
+ if( --count == 0 ) {
+ if( cr->cr_curr->ci_next == NULL )
+ return component;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentTBSCertListSeqOfSeq ( mem_op, cr, component );
+ }
+ }
+ }
+ break;
+ case LDAP_COMPREF_ALL :
+ return comp;
+ case LDAP_COMPREF_COUNT :
+ k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt));
+ k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ k->comp_desc->cd_tag = (-1);
+ k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
+ k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
+ k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL;
+ k->comp_desc->cd_type = ASN_BASIC;
+ k->comp_desc->cd_type_id = BASICTYPE_INTEGER;
+ k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentInt;
+ k->value = AsnListCount(v);
+ return k;
+ default :
+ return NULL;
+ }
+} /* ExtractingComponentTBSCertListSeqOf */
+
+int
+BDecComponentTBSCertListSeqOf PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentTBSCertListSeqOf **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ int old_mode = mode;
+ int rc;
+ ComponentTBSCertListSeqOf *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ AsnListInit(&k->comp_list,sizeof(ComponentTBSCertListSeqOfSeq));
+ for (totalElmtsLen1 = 0; (totalElmtsLen1 < elmtLen0) || (elmtLen0 == INDEFINITE_LEN);)
+ {
+ ComponentTBSCertListSeqOfSeq **tmpVar;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if ((tagId1 == EOC_TAG_ID) && (elmtLen0 == INDEFINITE_LEN))
+ {
+ BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+ break; /* got EOC so can exit this SET OF/SEQ OF's for loop*/
+ }
+ if ((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ tmpVar = (ComponentTBSCertListSeqOfSeq**) CompAsnListAppend (mem_op,&k->comp_list);
+ rc = BDecComponentTBSCertListSeqOfSeq (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ } /* end of tag check if */
+ else /* wrong tag */
+ {
+ Asn1Error ("Unexpected Tag\n");
+ return -1;
+ }
+ } /* end of for */
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentTBSCertListSeqOf*) CompAlloc( mem_op, sizeof(ComponentTBSCertListSeqOf) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertListSeqOf ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertListSeqOf ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertListSeqOf;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertListSeqOf;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecTBSCertListSeqOfContent */
+
+int
+GDecComponentTBSCertListSeqOf PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentTBSCertListSeqOf **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentTBSCertListSeqOf *k,*t, c_temp;
+
+
+ int ElmtsLen1;
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ AsnListInit( &k->comp_list, sizeof( ComponentTBSCertListSeqOfSeq ) );
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_PEEK)) ){
+ Asn1Error("Error during Reading { in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ for (ElmtsLen1 = 0; ElmtsLen1 >= INDEFINITE_LEN; ElmtsLen1++)
+ {
+ ComponentTBSCertListSeqOfSeq **tmpVar;
+ if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading{ in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head == '}') break;
+ if( !(*peek_head == '{' || *peek_head ==',') ) {
+ return LDAP_PROTOCOL_ERROR;
+ }
+ tmpVar = (ComponentTBSCertListSeqOfSeq**) CompAsnListAppend (mem_op, &k->comp_list);
+ if ( tmpVar == NULL ) {
+ Asn1Error("Error during Reading{ in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ rc = GDecComponentTBSCertListSeqOfSeq (mem_op, b, tmpVar, bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ } /* end of for */
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentTBSCertListSeqOf*) CompAlloc( mem_op, sizeof(ComponentTBSCertListSeqOf) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertListSeqOf ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertListSeqOf ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertListSeqOf;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertListSeqOf;
+ return LDAP_SUCCESS;
+} /* GDecTBSCertListSeqOfContent */
+
+int
+MatchingComponentTBSCertList ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ rc = 1;
+ if(COMPONENTNOT_NULL( ((ComponentTBSCertList*)csi_attr)->version ) ) {
+ rc = MatchingComponentVersion ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_attr)->version, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_assert)->version );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ }
+ rc = MatchingComponentAlgorithmIdentifier ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_attr)->signature, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_assert)->signature );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentName ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_attr)->issuer, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_assert)->issuer );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentTime ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_attr)->thisUpdate, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_assert)->thisUpdate );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ if(COMPONENTNOT_NULL( ((ComponentTBSCertList*)csi_attr)->nextUpdate ) ) {
+ rc = MatchingComponentTime ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_attr)->nextUpdate, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_assert)->nextUpdate );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ }
+ rc = MatchingComponentTBSCertListSeqOf ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_attr)->revokedCertificates, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_assert)->revokedCertificates );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ if(COMPONENTNOT_NULL( ((ComponentTBSCertList*)csi_attr)->crlExtensions ) ) {
+ rc = MatchingComponentExtensions ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_attr)->crlExtensions, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_assert)->crlExtensions );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ }
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentTBSCertList */
+
+void*
+ExtractingComponentTBSCertList ( void* mem_op, ComponentReference* cr, ComponentTBSCertList *comp )
+{
+
+ if ( ( comp->version->identifier.bv_val && strncmp(comp->version->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->version->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->version;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentVersion ( mem_op, cr, comp->version );
+ }
+ }
+ if ( ( comp->signature->identifier.bv_val && strncmp(comp->signature->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->signature->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->signature;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentAlgorithmIdentifier ( mem_op, cr, comp->signature );
+ }
+ }
+ if ( ( comp->issuer->identifier.bv_val && strncmp(comp->issuer->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->issuer->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->issuer;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentName ( mem_op, cr, comp->issuer );
+ }
+ }
+ if ( ( comp->thisUpdate->identifier.bv_val && strncmp(comp->thisUpdate->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->thisUpdate->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->thisUpdate;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentTime ( mem_op, cr, comp->thisUpdate );
+ }
+ }
+ if ( ( comp->nextUpdate->identifier.bv_val && strncmp(comp->nextUpdate->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->nextUpdate->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->nextUpdate;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentTime ( mem_op, cr, comp->nextUpdate );
+ }
+ }
+ if ( ( comp->revokedCertificates->identifier.bv_val && strncmp(comp->revokedCertificates->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->revokedCertificates->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->revokedCertificates;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentTBSCertListSeqOf ( mem_op, cr, comp->revokedCertificates );
+ }
+ }
+ if ( ( comp->crlExtensions->identifier.bv_val && strncmp(comp->crlExtensions->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->crlExtensions->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->crlExtensions;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentExtensions ( mem_op, cr, comp->crlExtensions );
+ }
+ }
+ return NULL;
+} /* ExtractingComponentTBSCertList */
+
+int
+BDecComponentTBSCertList PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentTBSCertList **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ AsnLen totalElmtsLen2 = 0;
+ AsnLen elmtLen2;
+ AsnTag tagId2;
+ int old_mode = mode;
+ int rc;
+ ComponentTBSCertList *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentVersion (mem_op, b, tagId1, elmtLen1, (&k->version), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->version)->identifier.bv_val = (k->version)->id_buf;
+ (k->version)->identifier.bv_len = strlen("version");
+ strcpy( (k->version)->identifier.bv_val, "version");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->signature), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->signature)->identifier.bv_val = (k->signature)->id_buf;
+ (k->signature)->identifier.bv_len = strlen("signature");
+ strcpy( (k->signature)->identifier.bv_val, "signature");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentName (mem_op, b, tagId1, elmtLen1, (&k->issuer), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->issuer)->identifier.bv_val = (k->issuer)->id_buf;
+ (k->issuer)->identifier.bv_len = strlen("issuer");
+ strcpy( (k->issuer)->identifier.bv_val, "issuer");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE)) ||
+ (tagId1 ==MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE))||
+ (tagId1 == MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentTime (mem_op, b, tagId1, elmtLen1, (&k->thisUpdate), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->thisUpdate)->identifier.bv_val = (k->thisUpdate)->id_buf;
+ (k->thisUpdate)->identifier.bv_len = strlen("thisUpdate");
+ strcpy( (k->thisUpdate)->identifier.bv_val, "thisUpdate");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE)) ||
+ (tagId1 ==MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE))||
+ (tagId1 == MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentTime (mem_op, b, tagId1, elmtLen1, (&k->nextUpdate), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->nextUpdate)->identifier.bv_val = (k->nextUpdate)->id_buf;
+ (k->nextUpdate)->identifier.bv_len = strlen("nextUpdate");
+ strcpy( (k->nextUpdate)->identifier.bv_val, "nextUpdate");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentTBSCertListSeqOf (mem_op, b, tagId1, elmtLen1, (&k->revokedCertificates), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->revokedCertificates)->identifier.bv_val = (k->revokedCertificates)->id_buf;
+ (k->revokedCertificates)->identifier.bv_len = strlen("revokedCertificates");
+ strcpy( (k->revokedCertificates)->identifier.bv_val, "revokedCertificates");
+ if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+ seqDone = TRUE;
+ else
+ {
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+ {
+ BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+ seqDone = TRUE;
+ }
+ }
+ }
+ else
+ return -1;
+
+
+
+ if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (CNTX, CONS, 0))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ tagId2 = BDecTag (b, &totalElmtsLen1 );
+
+ if (tagId2 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+ {
+ Asn1Error ("Unexpected Tag\n");
+ return -1;
+ }
+
+ elmtLen2 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentExtensions (mem_op, b, tagId2, elmtLen2, (&k->crlExtensions), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->crlExtensions)->identifier.bv_val = (k->crlExtensions)->id_buf;
+ (k->crlExtensions)->identifier.bv_len = strlen("crlExtensions");
+ strcpy( (k->crlExtensions)->identifier.bv_val, "crlExtensions");
+ if (elmtLen1 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ seqDone = TRUE;
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ else if (totalElmtsLen1 != elmtLen0)
+ return -1;
+
+ }
+
+
+ if (!seqDone)
+ return -1;
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentTBSCertList*) CompAlloc( mem_op, sizeof(ComponentTBSCertList) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertList ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertList ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertList;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertList;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecTBSCertList*/
+
+int
+GDecComponentTBSCertList PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentTBSCertList **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentTBSCertList *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if ( strncmp( peek_head, "version", strlen("version") ) == 0 ) {
+ rc = GDecComponentVersion (mem_op, b, (&k->version), bytesDecoded, DEC_ALLOC_MODE_0 );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->version)->identifier.bv_val = peek_head;
+ ( k->version)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "signature", strlen("signature") ) == 0 ) {
+ rc = GDecComponentAlgorithmIdentifier (mem_op, b, (&k->signature), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->signature)->identifier.bv_val = peek_head;
+ ( k->signature)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "issuer", strlen("issuer") ) == 0 ) {
+ rc = GDecComponentName (mem_op, b, (&k->issuer), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->issuer)->identifier.bv_val = peek_head;
+ ( k->issuer)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "thisUpdate", strlen("thisUpdate") ) == 0 ) {
+ rc = GDecComponentTime (mem_op, b, (&k->thisUpdate), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->thisUpdate)->identifier.bv_val = peek_head;
+ ( k->thisUpdate)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "nextUpdate", strlen("nextUpdate") ) == 0 ) {
+ rc = GDecComponentTime (mem_op, b, (&k->nextUpdate), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->nextUpdate)->identifier.bv_val = peek_head;
+ ( k->nextUpdate)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "revokedCertificates", strlen("revokedCertificates") ) == 0 ) {
+ rc = GDecComponentTBSCertListSeqOf (mem_op, b, (&k->revokedCertificates), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->revokedCertificates)->identifier.bv_val = peek_head;
+ ( k->revokedCertificates)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "crlExtensions", strlen("crlExtensions") ) == 0 ) {
+ rc = GDecComponentExtensions (mem_op, b, (&k->crlExtensions), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->crlExtensions)->identifier.bv_val = peek_head;
+ ( k->crlExtensions)->identifier.bv_len = strLen;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+ Asn1Error("Error during Reading } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '}'){
+ Asn1Error("Missing } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentTBSCertList*) CompAlloc( mem_op, sizeof(ComponentTBSCertList) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertList ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertList ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertList;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertList;
+ return LDAP_SUCCESS;
+} /* GDecTBSCertList*/
+
+
+int
+MatchingComponentCertificateList ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+ int rc;
+ MatchingRule* mr;
+
+ if ( oid ) {
+ mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+ if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+ }
+
+ rc = 1;
+ rc = MatchingComponentTBSCertList ( oid, (ComponentSyntaxInfo*)((ComponentCertificateList*)csi_attr)->tbsCertList, (ComponentSyntaxInfo*)((ComponentCertificateList*)csi_assert)->tbsCertList );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentAlgorithmIdentifier ( oid, (ComponentSyntaxInfo*)((ComponentCertificateList*)csi_attr)->signatureAlgorithm, (ComponentSyntaxInfo*)((ComponentCertificateList*)csi_assert)->signatureAlgorithm );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ rc = MatchingComponentBits ( oid, (ComponentSyntaxInfo*)&((ComponentCertificateList*)csi_attr)->signature, (ComponentSyntaxInfo*)&((ComponentCertificateList*)csi_assert)->signature );
+ if ( rc != LDAP_COMPARE_TRUE )
+ return rc;
+ return LDAP_COMPARE_TRUE;
+} /* BMatchingComponentCertificateList */
+
+void*
+ExtractingComponentCertificateList ( void* mem_op, ComponentReference* cr, ComponentCertificateList *comp )
+{
+
+ if ( ( comp->tbsCertList->identifier.bv_val && strncmp(comp->tbsCertList->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->tbsCertList->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->tbsCertList;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentTBSCertList ( mem_op, cr, comp->tbsCertList );
+ }
+ }
+ if ( ( comp->signatureAlgorithm->identifier.bv_val && strncmp(comp->signatureAlgorithm->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->signatureAlgorithm->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return comp->signatureAlgorithm;
+ else {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return ExtractingComponentAlgorithmIdentifier ( mem_op, cr, comp->signatureAlgorithm );
+ }
+ }
+ if ( ( comp->signature.identifier.bv_val && strncmp(comp->signature.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->signature.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+ if ( cr->cr_curr->ci_next == NULL )
+ return &comp->signature;
+ else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
+ cr->cr_curr = cr->cr_curr->ci_next;
+ return &comp->signature;
+ } else {
+ return NULL;
+ }
+ }
+ return NULL;
+} /* ExtractingComponentCertificateList */
+
+int
+BDecComponentCertificateList PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentCertificateList **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ int seqDone = FALSE;
+ AsnLen totalElmtsLen1 = 0;
+ AsnLen elmtLen1;
+ AsnTag tagId1;
+ int mandatoryElmtCount1 = 0;
+ int old_mode = mode;
+ int rc;
+ ComponentCertificateList *k, *t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentTBSCertList (mem_op, b, tagId1, elmtLen1, (&k->tbsCertList), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->tbsCertList)->identifier.bv_val = (k->tbsCertList)->id_buf;
+ (k->tbsCertList)->identifier.bv_len = strlen("tbsCertList");
+ strcpy( (k->tbsCertList)->identifier.bv_val, "tbsCertList");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->signatureAlgorithm), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (k->signatureAlgorithm)->identifier.bv_val = (k->signatureAlgorithm)->id_buf;
+ (k->signatureAlgorithm)->identifier.bv_len = strlen("signatureAlgorithm");
+ strcpy( (k->signatureAlgorithm)->identifier.bv_val, "signatureAlgorithm");
+ tagId1 = BDecTag (b, &totalElmtsLen1);
+ }
+ else
+ return -1;
+
+
+
+ if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, BITSTRING_TAG_CODE))))
+ {
+ elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+ rc = BDecComponentBits (mem_op, b, tagId1, elmtLen1, (&k->signature), &totalElmtsLen1, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->signature)->identifier.bv_val = (&k->signature)->id_buf;
+ (&k->signature)->identifier.bv_len = strlen("signature");
+ strcpy( (&k->signature)->identifier.bv_val, "signature");
+ seqDone = TRUE;
+ if (elmtLen0 == INDEFINITE_LEN)
+ BDecEoc (b, &totalElmtsLen1 );
+ else if (totalElmtsLen1 != elmtLen0)
+ return -1;
+
+ }
+ else
+ return -1;
+
+
+
+ if (!seqDone)
+ return -1;
+
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentCertificateList*) CompAlloc( mem_op, sizeof(ComponentCertificateList) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentCertificateList ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentCertificateList ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentCertificateList;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentCertificateList;
+ (*bytesDecoded) += totalElmtsLen1;
+ return LDAP_SUCCESS;
+} /* BDecCertificateList*/
+
+int
+GDecComponentCertificateList PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentCertificateList **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+ char* peek_head,*peek_head2;
+ int i, strLen,strLen2, rc, old_mode = mode;
+ ComponentCertificateList *k,*t, c_temp;
+
+
+ if ( !(mode & DEC_ALLOC_MODE_1) ) {
+ memset(&c_temp,0,sizeof(c_temp));
+ k = &c_temp;
+ } else
+ k = t = *v;
+ mode = DEC_ALLOC_MODE_2;
+ *bytesDecoded = 0;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '{'){
+ Asn1Error("Missing { in encoded data");
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if ( strncmp( peek_head, "tbsCertList", strlen("tbsCertList") ) == 0 ) {
+ rc = GDecComponentTBSCertList (mem_op, b, (&k->tbsCertList), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->tbsCertList)->identifier.bv_val = peek_head;
+ ( k->tbsCertList)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "signatureAlgorithm", strlen("signatureAlgorithm") ) == 0 ) {
+ rc = GDecComponentAlgorithmIdentifier (mem_op, b, (&k->signatureAlgorithm), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ ( k->signatureAlgorithm)->identifier.bv_val = peek_head;
+ ( k->signatureAlgorithm)->identifier.bv_len = strLen;
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading , ");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != ','){
+ Asn1Error("Missing , in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+ Asn1Error("Error during Reading identifier");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if ( strncmp( peek_head, "signature", strlen("signature") ) == 0 ) {
+ rc = GDecComponentBits (mem_op, b, (&k->signature), bytesDecoded, mode);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (&k->signature)->identifier.bv_val = peek_head;
+ (&k->signature)->identifier.bv_len = strLen;
+ }
+ if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+ Asn1Error("Error during Reading } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if(*peek_head != '}'){
+ Asn1Error("Missing } in encoding");
+ return LDAP_PROTOCOL_ERROR;
+ }
+ if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+ *v = t = (ComponentCertificateList*) CompAlloc( mem_op, sizeof(ComponentCertificateList) );
+ if ( !t ) return -1;
+ *t = *k;
+ }
+ t->syntax = (Syntax*)NULL;
+ t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+ if ( !t->comp_desc ) {
+ free ( t );
+ return -1;
+ }
+ t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+ t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentCertificateList ;
+ t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentCertificateList ;
+ t->comp_desc->cd_free = (comp_free_func*)NULL;
+ t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentCertificateList;
+ t->comp_desc->cd_type = ASN_COMPOSITE;
+ t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+ t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentCertificateList;
+ return LDAP_SUCCESS;
+} /* GDecCertificateList*/
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/crl.h
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/crl.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/crl.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,359 @@
+
+#include "asn-incl.h"
+/*
+ * crl.h
+ * "CertificateRevokationList" ASN.1 module encode/decode/extracting/matching/free C src.
+ * This file was generated by modified eSMACC compiler Fri Jan 21 11:25:24 2005
+ * The generated files are strongly encouraged to be
+ * compiled as a module for OpenLDAP Software
+ */
+
+#ifndef _crl_h_
+#define _crl_h_
+
+
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+#ifdef _WIN32
+#pragma warning( disable : 4101 )
+#endif
+#include "componentlib.h"
+
+#define V1 0
+#define V2 1
+#define V3 2
+
+typedef ComponentInt ComponentVersion; /* INTEGER { V1 (0), V2 (1), V3 (2) } */
+
+#define MatchingComponentVersion MatchingComponentInt
+
+#define ExtractingComponentVersion ExtractingComponentInt
+
+#define BDecComponentVersion BDecComponentInt
+
+#define GDecComponentVersion GDecComponentInt
+
+
+typedef ComponentInt ComponentCertificateSerialNumber; /* INTEGER */
+
+#define MatchingComponentCertificateSerialNumber MatchingComponentInt
+
+#define ExtractingComponentCertificateSerialNumber ExtractingComponentInt
+
+#define BDecComponentCertificateSerialNumber BDecComponentInt
+
+#define GDecComponentCertificateSerialNumber GDecComponentInt
+
+
+typedef ComponentOid ComponentAttributeType; /* OBJECT IDENTIFIER */
+
+#define MatchingComponentAttributeType MatchingComponentOid
+
+#define ExtractingComponentAttributeType ExtractingComponentOid
+
+#define BDecComponentAttributeType BDecComponentOid
+
+#define GDecComponentAttributeType GDecComponentOid
+
+
+typedef struct AlgorithmIdentifier /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentOid algorithm; /* OBJECT IDENTIFIER */
+ ComponentAnyDefinedBy parameters; /* ANY DEFINED BY algorithm OPTIONAL */
+} ComponentAlgorithmIdentifier;
+
+int MatchingComponentAlgorithmIdentifier PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentAlgorithmIdentifier PROTO (( void* mem_op, ComponentReference *cr, ComponentAlgorithmIdentifier *comp ));
+
+
+int BDecComponentAlgorithmIdentifier PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAlgorithmIdentifier **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentAlgorithmIdentifier PROTO (( void* mem_op, GenBuf * b, ComponentAlgorithmIdentifier **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Time /* CHOICE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ enum TimeChoiceId
+ {
+ TIME_UTCTIME,
+ TIME_GENERALIZEDTIME
+ } choiceId;
+ union TimeChoiceUnion
+ {
+ ComponentUTCTime* utcTime; /* < unknown type id ?! > */
+ ComponentGeneralizedTime* generalizedTime; /* < unknown type id ?! > */
+ } a;
+} ComponentTime;
+
+int MatchingComponentTime PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentTime PROTO (( void* mem_op, ComponentReference *cr, ComponentTime *comp ));
+
+
+int BDecComponentTime PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentTime **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentTime PROTO (( void* mem_op, GenBuf * b, ComponentTime **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Extension /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentOid extnID; /* OBJECT IDENTIFIER */
+ ComponentBool* critical; /* BOOLEAN DEFAULT FALSE */
+ ComponentOcts extnValue; /* OCTET STRING */
+} ComponentExtension;
+
+int MatchingComponentExtension PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentExtension PROTO (( void* mem_op, ComponentReference *cr, ComponentExtension *comp ));
+
+
+int BDecComponentExtension PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentExtension **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentExtension PROTO (( void* mem_op, GenBuf * b, ComponentExtension **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct AttributeTypeAndValue /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentAttributeType type; /* AttributeType */
+ ComponentAnyDefinedBy value; /* ANY DEFINED BY type */
+} ComponentAttributeTypeAndValue;
+
+int MatchingComponentAttributeTypeAndValue PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentAttributeTypeAndValue PROTO (( void* mem_op, ComponentReference *cr, ComponentAttributeTypeAndValue *comp ));
+
+
+int BDecComponentAttributeTypeAndValue PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentAttributeTypeAndValue PROTO (( void* mem_op, GenBuf * b, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentExtensions; /* SEQUENCE SIZE 1..MAX OF Extension */
+
+int MatchingComponentExtensions PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentExtensions PROTO (( void* mem_op, ComponentReference *cr, ComponentExtensions *comp ));
+
+
+int BDecComponentExtensions PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentExtensions **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentExtensions PROTO (( void* mem_op, GenBuf * b, ComponentExtensions **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct TBSCertListSeqOfSeq /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentCertificateSerialNumber userCertificate; /* CertificateSerialNumber */
+ ComponentTime* revocationDate; /* Time */
+ ComponentExtensions* crlEntryExtensions; /* Extensions OPTIONAL */
+} ComponentTBSCertListSeqOfSeq;
+
+int MatchingComponentTBSCertListSeqOfSeq PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentTBSCertListSeqOfSeq PROTO (( void* mem_op, ComponentReference *cr, ComponentTBSCertListSeqOfSeq *comp ));
+
+
+int BDecComponentTBSCertListSeqOfSeq PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentTBSCertListSeqOfSeq **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentTBSCertListSeqOfSeq PROTO (( void* mem_op, GenBuf * b, ComponentTBSCertListSeqOfSeq **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentTBSCertListSeqOf; /* SEQUENCE OF TBSCertListSeqOfSeq */
+
+int MatchingComponentTBSCertListSeqOf PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentTBSCertListSeqOf PROTO (( void* mem_op, ComponentReference *cr, ComponentTBSCertListSeqOf *comp ));
+
+
+int BDecComponentTBSCertListSeqOf PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentTBSCertListSeqOf **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentTBSCertListSeqOf PROTO (( void* mem_op, GenBuf * b, ComponentTBSCertListSeqOf **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentRelativeDistinguishedName; /* SET OF AttributeTypeAndValue */
+
+int MatchingComponentRelativeDistinguishedName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentRelativeDistinguishedName PROTO (( void* mem_op, ComponentReference *cr, ComponentRelativeDistinguishedName *comp ));
+
+
+int BDecComponentRelativeDistinguishedName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentRelativeDistinguishedName PROTO (( void* mem_op, GenBuf * b, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentRDNSequence; /* SEQUENCE OF RelativeDistinguishedName */
+
+int MatchingComponentRDNSequence PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentRDNSequence PROTO (( void* mem_op, ComponentReference *cr, ComponentRDNSequence *comp ));
+
+
+int BDecComponentRDNSequence PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentRDNSequence PROTO (( void* mem_op, GenBuf * b, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Name /* CHOICE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ enum NameChoiceId
+ {
+ NAME_RDNSEQUENCE
+ } choiceId;
+ union NameChoiceUnion
+ {
+ ComponentRDNSequence* rdnSequence; /* RDNSequence */
+ } a;
+} ComponentName;
+
+int MatchingComponentName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentName PROTO (( void* mem_op, ComponentReference *cr, ComponentName *comp ));
+
+
+int BDecComponentName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentName PROTO (( void* mem_op, GenBuf * b, ComponentName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct TBSCertList /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentVersion* version; /* Version OPTIONAL */
+ ComponentAlgorithmIdentifier* signature; /* AlgorithmIdentifier */
+ ComponentName* issuer; /* Name */
+ ComponentTime* thisUpdate; /* Time */
+ ComponentTime* nextUpdate; /* Time OPTIONAL */
+ ComponentTBSCertListSeqOf* revokedCertificates; /* TBSCertListSeqOf */
+ ComponentExtensions* crlExtensions; /* [0] EXPLICIT Extensions OPTIONAL */
+} ComponentTBSCertList;
+
+int MatchingComponentTBSCertList PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentTBSCertList PROTO (( void* mem_op, ComponentReference *cr, ComponentTBSCertList *comp ));
+
+
+int BDecComponentTBSCertList PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentTBSCertList **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentTBSCertList PROTO (( void* mem_op, GenBuf * b, ComponentTBSCertList **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct CertificateList /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentTBSCertList* tbsCertList; /* TBSCertList */
+ ComponentAlgorithmIdentifier* signatureAlgorithm; /* AlgorithmIdentifier */
+ ComponentBits signature; /* BIT STRING */
+} ComponentCertificateList;
+
+int MatchingComponentCertificateList PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentCertificateList PROTO (( void* mem_op, ComponentReference *cr, ComponentCertificateList *comp ));
+
+
+int BDecComponentCertificateList PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentCertificateList **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentCertificateList PROTO (( void* mem_op, GenBuf * b, ComponentCertificateList **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Validity /* SEQUENCE */
+{
+ Syntax* syntax;
+ ComponentDesc* comp_desc;
+ struct berval identifier;
+ char id_buf[MAX_IDENTIFIER_LEN];
+ ComponentTime* notBefore; /* Time */
+ ComponentTime* notAfter; /* Time */
+} ComponentValidity;
+
+int MatchingComponentValidity PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentValidity PROTO (( void* mem_op, ComponentReference *cr, ComponentValidity *comp ));
+
+
+int BDecComponentValidity PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentValidity **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentValidity PROTO (( void* mem_op, GenBuf * b, ComponentValidity **v, AsnLen *bytesDecoded, int mode));
+
+
+
+/* ========== Object Declarations ========== */
+
+
+/* ========== Object Set Declarations ========== */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#endif /* conditional include of crl.h */
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/init.c
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/init.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/comp_match/init.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,839 @@
+/* Copyright 2004 IBM Corporation
+ * All rights reserved.
+ * Redisribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorizd by the OpenLADP
+ * Public License.
+ */
+/* ACKNOWLEDGEMENTS
+ * This work originally developed by Sang Seok Lim
+ * 2004/06/18 03:20:00 slim at OpenLDAP.org
+ */
+
+#include "portable.h"
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ldap_pvt.h>
+#include "lutil.h"
+#include <ldap.h>
+#include "slap.h"
+#include "component.h"
+
+#include "componentlib.h"
+#include "asn.h"
+#include <asn-gser.h>
+
+#include <string.h>
+
+#ifndef SLAPD_COMP_MATCH
+#define SLAPD_COMP_MATCH SLAPD_MOD_DYNAMIC
+#endif
+
+/*
+ * Attribute and MatchingRule aliasing table
+ */
+AttributeAliasing aa_table [ MAX_ALIASING_ENTRY ];
+MatchingRuleAliasing mra_table [ MAX_ALIASING_ENTRY ];
+
+OD_entry* gOD_table = NULL;
+AsnTypetoMatchingRuleTable* gATMR_table = NULL;
+
+int
+load_derived_matching_rule ( char* cfg_path ){
+}
+
+AttributeAliasing*
+comp_is_aliased_attribute( void *in )
+{
+ AttributeAliasing* curr_aa;
+ int i;
+ AttributeDescription *ad = (AttributeDescription*)in;
+
+ for ( i = 0; aa_table[i].aa_aliasing_ad && i < MAX_ALIASING_ENTRY; i++ ) {
+ if ( strncmp(aa_table[i].aa_aliasing_ad->ad_cname.bv_val , ad->ad_cname.bv_val, ad->ad_cname.bv_len) == 0 )
+ return &aa_table[i];
+ }
+ return NULL;
+}
+
+static int
+add_aa_entry( int index, char* aliasing_at_name, char* aliased_at_name, char* mr_name, char* component_filter )
+{
+ char text[1][128];
+ int rc;
+ struct berval type;
+
+ /* get and store aliasing AttributeDescription */
+ type.bv_val = aliasing_at_name;
+ type.bv_len = strlen ( aliasing_at_name );
+ rc = slap_bv2ad ( &type, &aa_table[index].aa_aliasing_ad,(const char**)text );
+ if ( rc != LDAP_SUCCESS ) return rc;
+
+ /* get and store aliased AttributeDescription */
+ type.bv_val = aliased_at_name;
+ type.bv_len = strlen ( aliased_at_name );
+ rc = slap_bv2ad ( &type, &aa_table[index].aa_aliased_ad,(const char**)text );
+ if ( rc != LDAP_SUCCESS ) return rc;
+
+ /* get and store componentFilterMatch */
+ type.bv_val = mr_name;
+ type.bv_len = strlen ( mr_name);
+ aa_table[index].aa_mr = mr_bvfind ( &type );
+
+ /* get and store a component filter */
+ type.bv_val = component_filter;
+ type.bv_len = strlen ( component_filter );
+ rc = get_comp_filter( NULL, &type, &aa_table[index].aa_cf,(const char**)text);
+
+ aa_table[index].aa_cf_str = component_filter;
+
+ return rc;
+}
+
+/*
+ * Initialize attribute aliasing table when this module is loaded
+ * add_aa_entry ( index for the global table,
+ * name of the aliasing attribute,
+ * component filter with filling value parts "xxx"
+ * )
+ * "xxx" will be replaced with effective values later.
+ * See RFC3687 to understand the content of a component filter.
+ */
+char* pre_processed_comp_filter[] = {
+/*1*/"item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value xxx }",
+/*2*/"item:{ component \"toBeSigned.serialNumber\", rule integerMatch, value xxx }",
+/*3*/"and:{ item:{ component \"toBeSigned.serialNumber\", rule integerMatch, value xxx }, item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value xxx } }"
+};
+
+static int
+init_attribute_aliasing_table ()
+{
+ int rc;
+ int index = 0 ;
+
+ rc = add_aa_entry ( index, "x509CertificateIssuer", "userCertificate","componentFilterMatch", pre_processed_comp_filter[index] );
+ if ( rc != LDAP_SUCCESS ) return LDAP_PARAM_ERROR;
+ index++;
+
+ rc = add_aa_entry ( index, "x509CertificateSerial","userCertificate", "componentFilterMatch", pre_processed_comp_filter[index] );
+ if ( rc != LDAP_SUCCESS ) return LDAP_PARAM_ERROR;
+ index++;
+
+ rc = add_aa_entry ( index, "x509CertificateSerialAndIssuer", "userCertificate", "componentFilterMatch", pre_processed_comp_filter[index] );
+ if ( rc != LDAP_SUCCESS ) return LDAP_PARAM_ERROR;
+ index++;
+
+ return LDAP_SUCCESS;
+}
+
+void
+init_component_description_table () {
+ AsnTypeId id;
+ struct berval mr;
+ AsnTypetoSyntax* asn_to_syn;
+ Syntax* syn;
+
+ for ( id = BASICTYPE_BOOLEAN; id != ASNTYPE_END ; id++ ) {
+ asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_subtypes = NULL;
+ asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_syntax = NULL;
+
+ /* Equality Matching Rule */
+ if ( asntype_to_compMR_mapping_tbl[id].atc_equality ) {
+ mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_equality;
+ mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_equality);
+ asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_equality = mr_bvfind( &mr );
+ }
+ /* Approx Matching Rule */
+ if ( asntype_to_compMR_mapping_tbl[id].atc_approx ) {
+ mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_approx;
+ mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_approx);
+ asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_approx = mr_bvfind( &mr );
+ }
+
+ /* Ordering Matching Rule */
+ if ( asntype_to_compMR_mapping_tbl[id].atc_ordering ) {
+ mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_ordering;
+ mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_ordering);
+ asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_ordering= mr_bvfind( &mr );
+ }
+
+ /* Substr Matching Rule */
+ if ( asntype_to_compMR_mapping_tbl[id].atc_substr ) {
+ mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_substr;
+ mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_substr);
+ asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_substr = mr_bvfind( &mr );
+ }
+ /* Syntax */
+
+ asn_to_syn = &asn_to_syntax_mapping_tbl[ id ];
+ if ( asn_to_syn->ats_syn_oid )
+ syn = syn_find ( asn_to_syn->ats_syn_oid );
+ else
+ syn = NULL;
+ asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_syntax = syn;
+
+ /* Initialize Component Descriptions of primitive ASN.1 types */
+ asntype_to_compdesc_mapping_tbl[id].atcd_cd.cd_comp_type = (AttributeType*)&asntype_to_compType_mapping_tbl[id].ac_comp_type;
+ }
+}
+
+MatchingRule*
+retrieve_matching_rule( char* mr_oid, AsnTypeId type ) {
+ char* tmp;
+ struct berval mr_name = BER_BVNULL;
+ AsnTypetoMatchingRuleTable* atmr;
+
+ for ( atmr = gATMR_table ; atmr ; atmr = atmr->atmr_table_next ) {
+ if ( strcmp( atmr->atmr_oid, mr_oid ) == 0 ) {
+ tmp = atmr->atmr_table[type].atmr_mr_name;
+ if ( tmp ) {
+ mr_name.bv_val = tmp;
+ mr_name.bv_len = strlen( tmp );
+ return mr_bvfind ( &mr_name );
+ }
+ }
+ }
+ return (MatchingRule*)NULL;
+}
+
+void*
+comp_convert_attr_to_comp LDAP_P (( Attribute* a, Syntax *syn, struct berval* bv ))
+{
+ char* peek_head;
+ int mode, bytesDecoded, size, rc;
+ void* component;
+ char* oid = a->a_desc->ad_type->sat_atype.at_oid ;
+ GenBuf* b = NULL;
+ ExpBuf* buf = NULL;
+ OidDecoderMapping* odm;
+
+ /* look for the decoder registered for the given attribute */
+ odm = RetrieveOidDecoderMappingbyOid( oid, strlen(oid) );
+
+ if ( !odm || (!odm->BER_Decode && !odm->GSER_Decode) )
+ return (void*)NULL;
+
+ buf = ExpBufAllocBuf();
+ ExpBuftoGenBuf( buf, &b );
+ ExpBufInstallDataInBuf ( buf, bv->bv_val, bv->bv_len );
+ BufResetInReadMode( b );
+
+ mode = DEC_ALLOC_MODE_2;
+ /*
+ * How can we decide which decoder will be called, GSER or BER?
+ * Currently BER decoder is called for a certificate.
+ * The flag of Attribute will say something about it in the future
+ */
+ if ( syn && slap_syntax_is_ber ( syn ) ) {
+#if 0
+ rc =BDecComponentTop(odm->BER_Decode, a->a_comp_data->cd_mem_op, b, 0,0, &component,&bytesDecoded,mode ) ;
+#endif
+ rc = odm->BER_Decode ( a->a_comp_data->cd_mem_op, b, (ComponentSyntaxInfo*)&component, &bytesDecoded, mode );
+ }
+ else {
+ rc = odm->GSER_Decode( a->a_comp_data->cd_mem_op, b, (ComponentSyntaxInfo**)component, &bytesDecoded, mode);
+ }
+
+ ExpBufFreeBuf( buf );
+ GenBufFreeBuf( b );
+ if ( rc == -1 ) {
+#if 0
+ ShutdownNibbleMemLocal ( a->a_comp_data->cd_mem_op );
+ free ( a->a_comp_data );
+ a->a_comp_data = NULL;
+#endif
+ return (void*)NULL;
+ }
+ else {
+ return component;
+ }
+}
+
+#include <nibble-alloc.h>
+void
+comp_free_component ( void* mem_op ) {
+ ShutdownNibbleMemLocal( (NibbleMem*)mem_op );
+ return;
+}
+
+void
+comp_convert_assert_to_comp (
+ void* mem_op,
+ ComponentSyntaxInfo *csi_attr,
+ struct berval* bv,
+ ComponentSyntaxInfo** csi, int* len, int mode )
+{
+ int rc;
+ GenBuf* genBuf;
+ ExpBuf* buf;
+ gser_decoder_func *decoder = csi_attr->csi_comp_desc->cd_gser_decoder;
+
+ buf = ExpBufAllocBuf();
+ ExpBuftoGenBuf( buf, &genBuf );
+ ExpBufInstallDataInBuf ( buf, bv->bv_val, bv->bv_len );
+ BufResetInReadMode( genBuf );
+
+ if ( csi_attr->csi_comp_desc->cd_type_id == BASICTYPE_ANY )
+ decoder = ((ComponentAny*)csi_attr)->cai->GSER_Decode;
+
+ rc = (*decoder)( mem_op, genBuf, csi, len, mode );
+ ExpBufFreeBuf ( buf );
+ GenBufFreeBuf( genBuf );
+}
+
+int intToAscii( int value, char* buf ) {
+ int minus=0,i,temp;
+ int total_num_digits;
+
+ if ( value == 0 ){
+ buf[0] = '0';
+ return 1;
+ }
+
+ if ( value < 0 ){
+ minus = 1;
+ value = value*(-1);
+ buf[0] = '-';
+ }
+
+ /* How many digits */
+ for ( temp = value, total_num_digits=0 ; temp ; total_num_digits++ )
+ temp = temp/10;
+
+ total_num_digits += minus;
+
+ for ( i = minus ; value ; i++ ) {
+ buf[ total_num_digits - i - 1 ]= (char)(value%10 + '0');
+ value = value/10;
+ }
+ return i;
+}
+
+int
+comp_convert_asn_to_ldap ( MatchingRule* mr, ComponentSyntaxInfo* csi, struct berval* bv, int *allocated )
+{
+ int rc;
+ struct berval prettied;
+ Syntax* syn;
+
+ AsnTypetoSyntax* asn_to_syn =
+ &asn_to_syntax_mapping_tbl[csi->csi_comp_desc->cd_type_id];
+ if ( asn_to_syn->ats_syn_oid )
+ csi->csi_syntax = syn_find ( asn_to_syn->ats_syn_oid );
+ else
+ csi->csi_syntax = NULL;
+
+
+ switch ( csi->csi_comp_desc->cd_type_id ) {
+ case BASICTYPE_BOOLEAN :
+ bv->bv_val = (char*)malloc( 5 );
+ *allocated = 1;
+ bv->bv_len = 5;
+ if ( ((ComponentBool*)csi)->value > 0 ) {
+ strcpy ( bv->bv_val , "TRUE" );
+ bv->bv_len = 4;
+ }
+ else {
+ strcpy ( bv->bv_val , "FALSE" );
+ bv->bv_len = 5;
+ }
+ break ;
+ case BASICTYPE_NULL :
+ bv->bv_len = 0;
+ break;
+ case BASICTYPE_INTEGER :
+ bv->bv_val = (char*)malloc( INITIAL_ATTR_SIZE );
+ *allocated = 1;
+ bv->bv_len = INITIAL_ATTR_SIZE;
+ bv->bv_len = intToAscii(((ComponentInt*)csi)->value, bv->bv_val );
+ if ( bv->bv_len <= 0 )
+ return LDAP_INVALID_SYNTAX;
+ break;
+ case BASICTYPE_REAL :
+ return LDAP_INVALID_SYNTAX;
+ case BASICTYPE_ENUMERATED :
+ bv->bv_val = (char*)malloc( INITIAL_ATTR_SIZE );
+ *allocated = 1;
+ bv->bv_len = INITIAL_ATTR_SIZE;
+ bv->bv_len = intToAscii(((ComponentEnum*)csi)->value, bv->bv_val );
+ if ( bv->bv_len <= 0 )
+ return LDAP_INVALID_SYNTAX;
+ break;
+ case BASICTYPE_OID :
+ case BASICTYPE_OCTETSTRING :
+ case BASICTYPE_BITSTRING :
+ case BASICTYPE_NUMERIC_STR :
+ case BASICTYPE_PRINTABLE_STR :
+ case BASICTYPE_UNIVERSAL_STR :
+ case BASICTYPE_IA5_STR :
+ case BASICTYPE_BMP_STR :
+ case BASICTYPE_UTF8_STR :
+ case BASICTYPE_UTCTIME :
+ case BASICTYPE_GENERALIZEDTIME :
+ case BASICTYPE_GRAPHIC_STR :
+ case BASICTYPE_VISIBLE_STR :
+ case BASICTYPE_GENERAL_STR :
+ case BASICTYPE_OBJECTDESCRIPTOR :
+ case BASICTYPE_VIDEOTEX_STR :
+ case BASICTYPE_T61_STR :
+ case BASICTYPE_OCTETCONTAINING :
+ case BASICTYPE_BITCONTAINING :
+ case BASICTYPE_RELATIVE_OID :
+ bv->bv_val = ((ComponentOcts*)csi)->value.octs;
+ bv->bv_len = ((ComponentOcts*)csi)->value.octetLen;
+ break;
+ case BASICTYPE_ANY :
+ csi = ((ComponentAny*)csi)->value;
+ if ( csi->csi_comp_desc->cd_type != ASN_BASIC ||
+ csi->csi_comp_desc->cd_type_id == BASICTYPE_ANY )
+ return LDAP_INVALID_SYNTAX;
+ return comp_convert_asn_to_ldap( mr, csi, bv, allocated );
+ case COMPOSITE_ASN1_TYPE :
+ break;
+ case RDNSequence :
+ /*dnMatch*/
+ if( strncmp( mr->smr_mrule.mr_oid, DN_MATCH_OID, strlen(DN_MATCH_OID) ) != 0 )
+ return LDAP_INVALID_SYNTAX;
+ *allocated = 1;
+ rc = ConvertRDNSequence2RFC2253( (irRDNSequence*)csi, bv );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ break;
+ case RelativeDistinguishedName :
+ /*rdnMatch*/
+ if( strncmp( mr->smr_mrule.mr_oid, RDN_MATCH_OID, strlen(RDN_MATCH_OID) ) != 0 )
+ return LDAP_INVALID_SYNTAX;
+ *allocated = 1;
+ rc = ConvertRDN2RFC2253((irRelativeDistinguishedName*)csi,bv);
+ if ( rc != LDAP_SUCCESS ) return rc;
+ break;
+ case TelephoneNumber :
+ case FacsimileTelephoneNumber__telephoneNumber :
+ break;
+ case DirectoryString :
+ return LDAP_INVALID_SYNTAX;
+ case ASN_COMP_CERTIFICATE :
+ case ASNTYPE_END :
+ break;
+ default :
+ /*Only ASN Basic Type can be converted into LDAP string*/
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if ( csi->csi_syntax ) {
+ if ( csi->csi_syntax->ssyn_validate ) {
+ rc = csi->csi_syntax->ssyn_validate(csi->csi_syntax, bv);
+ if ( rc != LDAP_SUCCESS )
+ return LDAP_INVALID_SYNTAX;
+ }
+ if ( csi->csi_syntax->ssyn_pretty ) {
+ rc = csi->csi_syntax->ssyn_pretty(csi->csi_syntax, bv, &prettied , NULL );
+ if ( rc != LDAP_SUCCESS )
+ return LDAP_INVALID_SYNTAX;
+#if 0
+ free ( bv->bv_val );/*potential memory leak?*/
+#endif
+ bv->bv_val = prettied.bv_val;
+ bv->bv_len = prettied.bv_len;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * If <all> type component referenced is used
+ * more than one component will be tested
+ */
+#define IS_TERMINAL_COMPREF(cr) (cr->cr_curr->ci_next == NULL)
+int
+comp_test_all_components (
+ void* attr_mem_op,
+ void* assert_mem_op,
+ ComponentSyntaxInfo *csi_attr,
+ ComponentAssertion* ca )
+{
+ int rc;
+ ComponentSyntaxInfo *csi_temp = NULL, *csi_assert = NULL, *comp_elmt = NULL;
+ ComponentReference *cr = ca->ca_comp_ref;
+ struct berval *ca_val = &ca->ca_ma_value;
+
+ switch ( cr->cr_curr->ci_type ) {
+ case LDAP_COMPREF_ALL:
+ if ( IS_TERMINAL_COMPREF(cr) ) {
+ FOR_EACH_LIST_ELMT( comp_elmt, &((ComponentList*)csi_attr)->comp_list )
+ {
+ rc = comp_test_one_component( attr_mem_op, assert_mem_op, comp_elmt, ca );
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ break;
+ }
+ }
+ } else {
+ ComponentId *start_compid = ca->ca_comp_ref->cr_curr->ci_next;
+ FOR_EACH_LIST_ELMT( comp_elmt, &((ComponentList*)csi_attr)->comp_list )
+ {
+ cr->cr_curr = start_compid;
+ rc = comp_test_components ( attr_mem_op, assert_mem_op, comp_elmt, ca );
+ if ( rc != LDAP_COMPARE_FALSE ) {
+ break;
+ }
+#if 0
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ break;
+ }
+#endif
+ }
+ }
+ break;
+ case LDAP_COMPREF_CONTENT:
+ case LDAP_COMPREF_SELECT:
+ case LDAP_COMPREF_DEFINED:
+ case LDAP_COMPREF_UNDEFINED:
+ case LDAP_COMPREF_IDENTIFIER:
+ case LDAP_COMPREF_FROM_BEGINNING:
+ case LDAP_COMPREF_FROM_END:
+ case LDAP_COMPREF_COUNT:
+ rc = LDAP_OPERATIONS_ERROR;
+ break;
+ default:
+ rc = LDAP_OPERATIONS_ERROR;
+ }
+ return rc;
+}
+
+void
+eat_bv_whsp ( struct berval* in )
+{
+ char* end = in->bv_val + in->bv_len;
+ for ( ; ( *in->bv_val == ' ' ) && ( in->bv_val < end ) ; ) {
+ in->bv_val++;
+ }
+}
+
+/*
+ * Perform matching one referenced component against assertion
+ * If the matching rule in a component filter is allComponentsMatch
+ * or its derivatives the extracted component's ASN.1 specification
+ * is applied to the assertion value as its syntax
+ * Otherwise, the matching rule's syntax is applied to the assertion value
+ * By RFC 3687
+ */
+int
+comp_test_one_component (
+ void* attr_mem_op,
+ void* assert_mem_op,
+ ComponentSyntaxInfo *csi_attr,
+ ComponentAssertion *ca )
+{
+ int len, rc;
+ ComponentSyntaxInfo *csi_assert = NULL;
+ char* oid = NULL;
+ MatchingRule* mr = ca->ca_ma_rule;
+
+ if ( mr->smr_usage & SLAP_MR_COMPONENT ) {
+ /* If allComponentsMatch or its derivatives */
+ if ( !ca->ca_comp_data.cd_tree ) {
+ comp_convert_assert_to_comp( assert_mem_op, csi_attr, &ca->ca_ma_value, &csi_assert, &len, DEC_ALLOC_MODE_0 );
+ ca->ca_comp_data.cd_tree = (void*)csi_assert;
+ } else {
+ csi_assert = ca->ca_comp_data.cd_tree;
+ }
+
+ if ( !csi_assert )
+ return LDAP_PROTOCOL_ERROR;
+
+ if ( strcmp( mr->smr_mrule.mr_oid, OID_ALL_COMP_MATCH ) != 0 )
+ {
+ /* allComponentMatch's derivatives */
+ oid = mr->smr_mrule.mr_oid;
+ }
+ return csi_attr->csi_comp_desc->cd_all_match(
+ oid, csi_attr, csi_assert );
+
+ } else {
+ /* LDAP existing matching rules */
+ struct berval attr_bv = BER_BVNULL;
+ struct berval n_attr_bv = BER_BVNULL;
+ struct berval* assert_bv = &ca->ca_ma_value;
+ int allocated = 0;
+ /*Attribute is converted to compatible LDAP encodings*/
+ if ( comp_convert_asn_to_ldap( mr, csi_attr, &attr_bv, &allocated ) != LDAP_SUCCESS )
+ return LDAP_INAPPROPRIATE_MATCHING;
+ /* extracted component value is not normalized */
+ if ( ca->ca_ma_rule->smr_normalize ) {
+ rc = ca->ca_ma_rule->smr_normalize (
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ NULL, ca->ca_ma_rule,
+ &attr_bv, &n_attr_bv, NULL );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+ if ( allocated && attr_bv.bv_val )
+ free (attr_bv.bv_val);
+ } else {
+ n_attr_bv = attr_bv;
+ }
+#if 0
+ /*Assertion value is validated by MR's syntax*/
+ if ( !ca->ca_comp_data.cd_tree ) {
+ ca->ca_comp_data.cd_tree = assert_bv;
+ }
+ else {
+ assert_bv = ca->ca_comp_data.cd_tree;
+ }
+#endif
+ if ( !n_attr_bv.bv_val )
+ return LDAP_COMPARE_FALSE;
+ rc = csi_value_match( mr, &n_attr_bv, assert_bv );
+ if ( n_attr_bv.bv_val )
+ free ( n_attr_bv.bv_val );
+ return rc;
+ }
+}
+
+int
+comp_test_components( void* attr_nm, void* assert_nm, ComponentSyntaxInfo* csi_attr, ComponentAssertion* ca) {
+ char* peek_head;
+ int mode, bytesDecoded = 0, rc;
+ GenBuf* b;
+ ExpBuf* buf;
+ OidDecoderMapping* odm;
+ struct berval bv;
+ char oid[MAX_OID_LEN];
+ void* contained_comp, *anytype_comp;
+ ComponentReference* cr = ca->ca_comp_ref;
+
+ if ( !cr )
+ return comp_test_one_component ( attr_nm, assert_nm, csi_attr, ca );
+ /* Extracting the component refrenced by ca->ca_comp_ref */
+ csi_attr = (ComponentSyntaxInfo*)csi_attr->csi_comp_desc->cd_extract_i( attr_nm, cr, csi_attr );
+ if ( !csi_attr ) return LDAP_INVALID_SYNTAX;
+ /* perform matching, considering the type of a Component Reference(CR)*/
+ switch( cr->cr_curr->ci_type ) {
+ case LDAP_COMPREF_IDENTIFIER:
+ case LDAP_COMPREF_FROM_BEGINNING:
+ case LDAP_COMPREF_FROM_END:
+ case LDAP_COMPREF_COUNT:
+ /*
+ * Exactly one component is referenced
+ * Fast Path for matching for this case
+ */
+ rc = comp_test_one_component ( attr_nm, assert_nm, csi_attr, ca );
+ break;
+ case LDAP_COMPREF_ALL:
+ /*
+ * If <all> type CR is used
+ * more than one component will be tested
+ */
+ rc = comp_test_all_components ( attr_nm, assert_nm, csi_attr, ca );
+ break;
+
+ case LDAP_COMPREF_CONTENT:
+ /*
+ * <content> type CR is used
+ * check if it is followed by <select> type CR.
+ * 1) If so, look up the corresponding decoder in the mapping
+ * table(OID to decoder) by <select>
+ * and then decode the OCTET/BIT STRING with the decoder
+ * Finially, extreact the target component with the remaining CR.
+ * 2) If not, just return the current component, It SHOULD not be
+ * extracted further, because the component MUST be BIT/OCTET
+ * string.
+ */
+
+ cr->cr_curr = cr->cr_curr->ci_next;
+ if ( !cr->cr_curr ) {
+ /* case 2) in above description */
+ rc = comp_test_one_component ( attr_nm, assert_nm, csi_attr, ca );
+ break;
+ }
+
+ if ( cr->cr_curr->ci_type == LDAP_COMPREF_SELECT ) {
+ /* Look up OID mapping table */
+ odm = RetrieveOidDecoderMappingbyBV( &cr->cr_curr->ci_val.ci_select_value );
+
+ if ( !odm || !odm->BER_Decode )
+ return LDAP_PROTOCOL_ERROR;
+
+ /* current componet MUST be either BIT or OCTET STRING */
+ if ( csi_attr->csi_comp_desc->cd_type_id != BASICTYPE_BITSTRING ) {
+ bv.bv_val = ((ComponentBits*)csi_attr)->value.bits;
+ bv.bv_len = ((ComponentBits*)csi_attr)->value.bitLen;
+ }
+ else if ( csi_attr->csi_comp_desc->cd_type_id != BASICTYPE_BITSTRING ) {
+ bv.bv_val = ((ComponentOcts*)csi_attr)->value.octs;
+ bv.bv_len = ((ComponentOcts*)csi_attr)->value.octetLen;
+ }
+ else
+ return LDAP_PROTOCOL_ERROR;
+
+ buf = ExpBufAllocBuf();
+ ExpBuftoGenBuf( buf, &b );
+ ExpBufInstallDataInBuf ( buf, bv.bv_val, bv.bv_len );
+ BufResetInReadMode( b );
+ mode = DEC_ALLOC_MODE_2;
+
+ /* Try to decode with BER/DER decoder */
+ rc = odm->BER_Decode ( attr_nm, b, (ComponentSyntaxInfo*)&contained_comp, &bytesDecoded, mode );
+
+ ExpBufFreeBuf( buf );
+ GenBufFreeBuf( b );
+
+ if ( rc != LDAP_SUCCESS ) return LDAP_PROTOCOL_ERROR;
+
+ /* xxx.content.(x.xy.xyz).rfc822Name */
+ /* In the aboe Ex. move CR to the right to (x.xy.xyz)*/
+ cr->cr_curr = cr->cr_curr->ci_next;
+ if (!cr->cr_curr )
+ rc = comp_test_one_component ( attr_nm, assert_nm, csi_attr, ca );
+ else
+ rc = comp_test_components( attr_nm, assert_nm, contained_comp, ca );
+ }
+ else {
+ /* Ivalid Component reference */
+ rc = LDAP_PROTOCOL_ERROR;
+ }
+ break;
+ case LDAP_COMPREF_SELECT:
+ if (csi_attr->csi_comp_desc->cd_type_id != BASICTYPE_ANY )
+ return LDAP_INVALID_SYNTAX;
+ rc = CheckSelectTypeCorrect( attr_nm, ((ComponentAny*)csi_attr)->cai, &cr->cr_curr->ci_val.ci_select_value );
+ if ( rc < 0 ) return LDAP_INVALID_SYNTAX;
+
+ /* point to the real component, not any type component */
+ csi_attr = ((ComponentAny*)csi_attr)->value;
+ cr->cr_curr = cr->cr_curr->ci_next;
+ if ( cr->cr_curr )
+ rc = comp_test_components( attr_nm, assert_nm, csi_attr, ca);
+ else
+ rc = comp_test_one_component( attr_nm, assert_nm, csi_attr, ca);
+ break;
+ default:
+ rc = LDAP_INVALID_SYNTAX;
+ }
+ return rc;
+}
+
+
+void*
+comp_nibble_memory_allocator ( int init_mem, int inc_mem ) {
+ void* nm;
+ nm = (void*)InitNibbleMemLocal( (unsigned long)init_mem, (unsigned long)inc_mem );
+ if ( !nm ) return NULL;
+ else return (void*)nm;
+}
+
+void
+comp_nibble_memory_free ( void* nm ) {
+ ShutdownNibbleMemLocal( nm );
+}
+
+void*
+comp_get_component_description ( int id ) {
+ if ( asntype_to_compdesc_mapping_tbl[id].atcd_typeId == id )
+ return &asntype_to_compdesc_mapping_tbl[id].atcd_cd;
+ else
+ return NULL;
+}
+
+int
+comp_component_encoder ( void* mem_op, ComponentSyntaxInfo* csi , struct berval* nval ) {
+ int size, rc;
+ GenBuf* b;
+ ExpBuf* buf;
+ struct berval bv;
+
+ buf = ExpBufAllocBufAndData();
+ ExpBufResetInWriteRvsMode(buf);
+ ExpBuftoGenBuf( buf, &b );
+
+ if ( !csi->csi_comp_desc->cd_gser_encoder && !csi->csi_comp_desc->cd_ldap_encoder )
+ return (-1);
+
+ /*
+ * if an LDAP specific encoder is provided :
+ * dn and rdn have their LDAP specific encoder
+ */
+ if ( csi->csi_comp_desc->cd_ldap_encoder ) {
+ rc = csi->csi_comp_desc->cd_ldap_encoder( csi, &bv );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+ if ( mem_op )
+ nval->bv_val = CompAlloc( mem_op, bv.bv_len );
+ else
+ nval->bv_val = malloc( size );
+ memcpy( nval->bv_val, bv.bv_val, bv.bv_len );
+ nval->bv_len = bv.bv_len;
+ /*
+ * This free will be eliminated by making ldap_encoder
+ * use nibble memory in it
+ */
+ free ( bv.bv_val );
+ GenBufFreeBuf( b );
+ BufFreeBuf( buf );
+ return LDAP_SUCCESS;
+ }
+
+ rc = csi->csi_comp_desc->cd_gser_encoder( b, csi );
+ if ( rc < 0 ) {
+ GenBufFreeBuf( b );
+ BufFreeBuf( buf );
+ return rc;
+ }
+
+ size = ExpBufDataSize( buf );
+ if ( size > 0 ) {
+ if ( mem_op )
+ nval->bv_val = CompAlloc ( mem_op, size );
+ else
+ nval->bv_val = malloc( size );
+ nval->bv_len = size;
+ BufResetInReadMode(b);
+ BufCopy( nval->bv_val, b, size );
+ }
+ ExpBufFreeBuf( buf );
+ GenBufFreeBuf( b );
+
+ return LDAP_SUCCESS;
+}
+
+#if SLAPD_COMP_MATCH == SLAPD_MOD_DYNAMIC
+
+#include "certificate.h"
+
+extern convert_attr_to_comp_func* attr_converter;
+extern convert_assert_to_comp_func* assert_converter;
+extern convert_asn_to_ldap_func* csi_converter;
+extern free_component_func* component_destructor;
+extern test_component_func* test_components;
+extern alloc_nibble_func* nibble_mem_allocator;
+extern free_nibble_func* nibble_mem_free;
+extern test_membership_func* is_aliased_attribute;
+extern get_component_info_func* get_component_description;
+extern component_encoder_func* component_encoder;
+
+
+int init_module(int argc, char *argv[]) {
+ /*
+ * Initialize function pointers in slapd
+ */
+ attr_converter = (convert_attr_to_comp_func*)comp_convert_attr_to_comp;
+ assert_converter = (convert_assert_to_comp_func*)comp_convert_assert_to_comp;
+ component_destructor = (free_component_func*)comp_free_component;
+ test_components = (test_component_func*)comp_test_components;
+ nibble_mem_allocator = (free_nibble_func*)comp_nibble_memory_allocator;
+ nibble_mem_free = (free_nibble_func*)comp_nibble_memory_free;
+ is_aliased_attribute = (test_membership_func*)comp_is_aliased_attribute;
+ get_component_description = (get_component_info_func*)comp_get_component_description;
+ component_encoder = (component_encoder_func*)comp_component_encoder;
+
+ /* file path needs to be */
+ load_derived_matching_rule ("derived_mr.cfg");
+
+ /* the initialization for example X.509 certificate */
+ init_module_AuthenticationFramework();
+ init_module_AuthorityKeyIdentifierDefinition();
+ init_module_CertificateRevokationList();
+ init_attribute_aliasing_table ();
+ init_component_description_table ();
+ return 0;
+}
+
+#endif /* SLAPD_PASSWD */
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/dsaschema/README
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/dsaschema/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/dsaschema/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,25 @@
+Copyright 2004-2007 The OpenLDAP Foundation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+This directory contains a native slapd plugin, dsaschema, that permits the
+loading of DSA-specific schema from configuration files (including operational
+attributes).
+
+To use the plugin, add:
+
+moduleload libdsaschema-plugin.so
+ /etc/openldap/schema/foo1.schema
+ ...etc...
+ /etc/openldap/schema/fooN.schema
+
+to your slapd configuration file.
+
+No Makefile is provided. Use a command line similar to:
+
+gcc -shared -I../../../include -Wall -g -o libdsaschema-plugin.so dsaschema.c
+
+to compile this plugin.
+
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/dsaschema/dsaschema.c
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/dsaschema/dsaschema.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/dsaschema/dsaschema.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,436 @@
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/dsaschema/dsaschema.c,v 1.3.2.3 2007/01/02 21:43:42 kurt Exp $ */
+/*
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include <portable.h>
+
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/signal.h>
+#include <ac/errno.h>
+#include <ac/stdlib.h>
+#include <ac/ctype.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include <stdio.h>
+
+/*
+ * Schema reader that allows us to define DSA schema (including
+ * operational attributes and non-user object classes)
+ *
+ * A kludge, at best, and in order to avoid including slapd
+ * headers we use fprintf() rather than slapd's native logging,
+ * which may confuse users...
+ *
+ */
+
+#include <ldap.h>
+#include <ldap_schema.h>
+
+extern int at_add(LDAPAttributeType *at, const char **err);
+extern int oc_add(LDAPObjectClass *oc, int user, const char **err);
+extern int cr_add(LDAPContentRule *cr, int user, const char **err);
+
+#define ARGS_STEP 512
+
+static char *fp_getline(FILE *fp, int *lineno);
+static void fp_getline_init(int *lineno);
+static int fp_parse_line(int lineno, char *line);
+static char *strtok_quote( char *line, char *sep );
+
+static char **cargv = NULL;
+static int cargv_size = 0;
+static int cargc = 0;
+static char *strtok_quote_ptr;
+
+int init_module(int argc, char *argv[]);
+
+static int dsaschema_parse_at(const char *fname, int lineno, char *line, char **argv)
+{
+ LDAPAttributeType *at;
+ int code;
+ const char *err;
+
+ at = ldap_str2attributetype(line, &code, &err, LDAP_SCHEMA_ALLOW_ALL);
+ if (!at) {
+ fprintf(stderr, "%s: line %d: %s before %s\n",
+ fname, lineno, ldap_scherr2str(code), err);
+ return 1;
+ }
+
+ if (at->at_oid == NULL) {
+ fprintf(stderr, "%s: line %d: attributeType has no OID\n",
+ fname, lineno);
+ return 1;
+ }
+
+ code = at_add(at, &err);
+ if (code) {
+ fprintf(stderr, "%s: line %d: %s: \"%s\"\n",
+ fname, lineno, ldap_scherr2str(code), err);
+ return 1;
+ }
+
+ ldap_memfree(at);
+
+ return 0;
+}
+
+static int dsaschema_parse_oc(const char *fname, int lineno, char *line, char **argv)
+{
+ LDAPObjectClass *oc;
+ int code;
+ const char *err;
+
+ oc = ldap_str2objectclass(line, &code, &err, LDAP_SCHEMA_ALLOW_ALL);
+ if (!oc) {
+ fprintf(stderr, "%s: line %d: %s before %s\n",
+ fname, lineno, ldap_scherr2str(code), err);
+ return 1;
+ }
+
+ if (oc->oc_oid == NULL) {
+ fprintf(stderr,
+ "%s: line %d: objectclass has no OID\n",
+ fname, lineno);
+ return 1;
+ }
+
+ code = oc_add(oc, 0, &err);
+ if (code) {
+ fprintf(stderr, "%s: line %d: %s: \"%s\"\n",
+ fname, lineno, ldap_scherr2str(code), err);
+ return 1;
+ }
+
+ ldap_memfree(oc);
+ return 0;
+}
+
+static int dsaschema_parse_cr(const char *fname, int lineno, char *line, char **argv)
+{
+ LDAPContentRule *cr;
+ int code;
+ const char *err;
+
+ cr = ldap_str2contentrule(line, &code, &err, LDAP_SCHEMA_ALLOW_ALL);
+ if (!cr) {
+ fprintf(stderr, "%s: line %d: %s before %s\n",
+ fname, lineno, ldap_scherr2str(code), err);
+ return 1;
+ }
+
+ if (cr->cr_oid == NULL) {
+ fprintf(stderr,
+ "%s: line %d: objectclass has no OID\n",
+ fname, lineno);
+ return 1;
+ }
+
+ code = cr_add(cr, 0, &err);
+ if (code) {
+ fprintf(stderr, "%s: line %d: %s: \"%s\"\n",
+ fname, lineno, ldap_scherr2str(code), err);
+ return 1;
+ }
+
+ ldap_memfree(cr);
+ return 0;
+}
+
+static int dsaschema_read_config(const char *fname, int depth)
+{
+ FILE *fp;
+ char *line, *savefname, *saveline;
+ int savelineno, lineno;
+ int rc;
+
+ if (depth == 0) {
+ cargv = calloc(ARGS_STEP + 1, sizeof(*cargv));
+ if (cargv == NULL) {
+ return 1;
+ }
+ cargv_size = ARGS_STEP + 1;
+ }
+
+ fp = fopen(fname, "r");
+ if (fp == NULL) {
+ fprintf(stderr, "could not open config file \"%s\": %s (%d)\n",
+ fname, strerror(errno), errno);
+ return 1;
+ }
+ fp_getline_init(&lineno);
+
+ while ((line = fp_getline(fp, &lineno)) != NULL) {
+ /* skip comments and blank lines */
+ if (line[0] == '#' || line[0] == '\0') {
+ continue;
+ }
+
+ saveline = strdup(line);
+ if (saveline == NULL) {
+ return 1;
+ }
+
+ if (fp_parse_line(lineno, line) != 0) {
+ return 1;
+ }
+
+ if (cargc < 1) {
+ continue;
+ }
+
+ if (strcasecmp(cargv[0], "attributetype") == 0 ||
+ strcasecmp(cargv[0], "attribute") == 0) {
+ if (cargc < 2) {
+ fprintf(stderr, "%s: line %d: illegal attribute type format\n",
+ fname, lineno);
+ return 1;
+ } else if (*cargv[1] == '(' /*')'*/) {
+ char *p;
+
+ p = strchr(saveline, '(' /*')'*/);
+ rc = dsaschema_parse_at(fname, lineno, p, cargv);
+ if (rc != 0)
+ return rc;
+ } else {
+ fprintf(stderr, "%s: line %d: old attribute type format not supported\n",
+ fname, lineno);
+ }
+ } else if (strcasecmp(cargv[0], "ditcontentrule") == 0) {
+ char *p;
+ p = strchr(saveline, '(' /*')'*/);
+ rc = dsaschema_parse_cr(fname, lineno, p, cargv);
+ if (rc != 0)
+ return rc;
+ } else if (strcasecmp(cargv[0], "objectclass") == 0) {
+ if (cargc < 2) {
+ fprintf(stderr, "%s: line %d: illegal objectclass format\n",
+ fname, lineno);
+ return 1;
+ } else if (*cargv[1] == '(' /*')'*/) {
+ char *p;
+
+ p = strchr(saveline, '(' /*')'*/);
+ rc = dsaschema_parse_oc(fname, lineno, p, cargv);
+ if (rc != 0)
+ return rc;
+ } else {
+ fprintf(stderr, "%s: line %d: object class format not supported\n",
+ fname, lineno);
+ }
+ } else if (strcasecmp(cargv[0], "include") == 0) {
+ if (cargc < 2) {
+ fprintf(stderr, "%s: line %d: missing file name in \"include <filename>\" line",
+ fname, lineno);
+ return 1;
+ }
+ savefname = strdup(cargv[1]);
+ if (savefname == NULL) {
+ return 1;
+ }
+ if (dsaschema_read_config(savefname, depth + 1) != 0) {
+ return 1;
+ }
+ free(savefname);
+ lineno = savelineno - 1;
+ } else {
+ fprintf(stderr, "%s: line %d: unknown directive \"%s\" (ignored)\n",
+ fname, lineno, cargv[0]);
+ }
+ }
+
+ fclose(fp);
+
+ if (depth == 0)
+ free(cargv);
+
+ return 0;
+}
+
+int init_module(int argc, char *argv[])
+{
+ int i;
+ int rc;
+
+ for (i = 0; i < argc; i++) {
+ rc = dsaschema_read_config(argv[i], 0);
+ if (rc != 0) {
+ break;
+ }
+ }
+
+ return rc;
+}
+
+
+static int
+fp_parse_line(
+ int lineno,
+ char *line
+)
+{
+ char * token;
+
+ cargc = 0;
+ token = strtok_quote( line, " \t" );
+
+ if ( strtok_quote_ptr ) {
+ *strtok_quote_ptr = ' ';
+ }
+
+ if ( strtok_quote_ptr ) {
+ *strtok_quote_ptr = '\0';
+ }
+
+ for ( ; token != NULL; token = strtok_quote( NULL, " \t" ) ) {
+ if ( cargc == cargv_size - 1 ) {
+ char **tmp;
+ tmp = realloc( cargv, (cargv_size + ARGS_STEP) *
+ sizeof(*cargv) );
+ if ( tmp == NULL ) {
+ return -1;
+ }
+ cargv = tmp;
+ cargv_size += ARGS_STEP;
+ }
+ cargv[cargc++] = token;
+ }
+ cargv[cargc] = NULL;
+ return 0;
+}
+
+static char *
+strtok_quote( char *line, char *sep )
+{
+ int inquote;
+ char *tmp;
+ static char *next;
+
+ strtok_quote_ptr = NULL;
+ if ( line != NULL ) {
+ next = line;
+ }
+ while ( *next && strchr( sep, *next ) ) {
+ next++;
+ }
+
+ if ( *next == '\0' ) {
+ next = NULL;
+ return( NULL );
+ }
+ tmp = next;
+
+ for ( inquote = 0; *next; ) {
+ switch ( *next ) {
+ case '"':
+ if ( inquote ) {
+ inquote = 0;
+ } else {
+ inquote = 1;
+ }
+ AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
+ break;
+
+ case '\\':
+ if ( next[1] )
+ AC_MEMCPY( next,
+ next + 1, strlen( next + 1 ) + 1 );
+ next++; /* dont parse the escaped character */
+ break;
+
+ default:
+ if ( ! inquote ) {
+ if ( strchr( sep, *next ) != NULL ) {
+ strtok_quote_ptr = next;
+ *next++ = '\0';
+ return( tmp );
+ }
+ }
+ next++;
+ break;
+ }
+ }
+
+ return( tmp );
+}
+
+static char buf[BUFSIZ];
+static char *line;
+static size_t lmax, lcur;
+
+#define CATLINE( buf ) \
+ do { \
+ size_t len = strlen( buf ); \
+ while ( lcur + len + 1 > lmax ) { \
+ lmax += BUFSIZ; \
+ line = (char *) realloc( line, lmax ); \
+ } \
+ strcpy( line + lcur, buf ); \
+ lcur += len; \
+ } while( 0 )
+
+static char *
+fp_getline( FILE *fp, int *lineno )
+{
+ char *p;
+
+ lcur = 0;
+ CATLINE( buf );
+ (*lineno)++;
+
+ /* hack attack - keeps us from having to keep a stack of bufs... */
+ if ( strncasecmp( line, "include", 7 ) == 0 ) {
+ buf[0] = '\0';
+ return( line );
+ }
+
+ while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
+ /* trim off \r\n or \n */
+ if ( (p = strchr( buf, '\n' )) != NULL ) {
+ if( p > buf && p[-1] == '\r' ) --p;
+ *p = '\0';
+ }
+
+ /* trim off trailing \ and append the next line */
+ if ( line[ 0 ] != '\0'
+ && (p = line + strlen( line ) - 1)[ 0 ] == '\\'
+ && p[ -1 ] != '\\' ) {
+ p[ 0 ] = '\0';
+ lcur--;
+
+ } else {
+ if ( ! isspace( (unsigned char) buf[0] ) ) {
+ return( line );
+ }
+
+ /* change leading whitespace to a space */
+ buf[0] = ' ';
+ }
+
+ CATLINE( buf );
+ (*lineno)++;
+ }
+ buf[0] = '\0';
+
+ return( line[0] ? line : NULL );
+}
+
+static void
+fp_getline_init( int *lineno )
+{
+ *lineno = -1;
+ buf[0] = '\0';
+}
+
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/passwd/README
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/passwd/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/passwd/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,34 @@
+Copyright 2004-2007 The OpenLDAP Foundation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+This directory contains native slapd plugins for password mechanisms that
+are not actively supported by the project. Currently this includes the
+Kerberos and Netscape MTA-MD5 password mechanisms.
+
+To use the Kerberos plugin, add:
+
+moduleload pw-kerberos.so
+
+to your slapd configuration file.
+
+To use the Netscape plugin, add:
+
+moduleload pw-netscape.so
+
+to your slapd configuration file.
+
+No Makefile is provided. Use a command line similar to:
+
+gcc -shared -I../../../include -Wall -g -DHAVE_KRB5 -o pw-kerberos.so kerberos.c
+
+to compile the Kerberos plugin. Replace HAVE_KRB5 with HAVE_KRB4 if you want
+to use Kerberos IV. If your Kerberos header files are not in the C compiler's
+default path, you will need to add a "-I" directive for that as well.
+
+The corresponding command for the Netscape plugin would be:
+
+gcc -shared -I../../../include -Wall -g -o pw-netscape.so netscape.c
+
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/passwd/kerberos.c
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/passwd/kerberos.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/passwd/kerberos.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,208 @@
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/kerberos.c,v 1.2.2.4 2007/01/02 21:43:42 kurt Exp $ */
+/*
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include <unistd.h>
+
+#include <lber.h>
+#include <lber_pvt.h> /* BER_BVC definition */
+#include "lutil.h"
+#include <ac/string.h>
+
+#ifdef HAVE_KRB5
+#include <krb5.h>
+#elif defined(HAVE_KRB4)
+#include <krb.h>
+#endif
+
+/* From <ldap_pvt.h> */
+LDAP_F( char *) ldap_pvt_get_fqdn LDAP_P(( char * ));
+
+static LUTIL_PASSWD_CHK_FUNC chk_kerberos;
+static const struct berval scheme = BER_BVC("{KERBEROS}");
+
+static int chk_kerberos(
+ const struct berval *sc,
+ const struct berval * passwd,
+ const struct berval * cred,
+ const char **text )
+{
+ unsigned int i;
+ int rtn;
+
+ for( i=0; i<cred->bv_len; i++) {
+ if(cred->bv_val[i] == '\0') {
+ return LUTIL_PASSWD_ERR; /* NUL character in password */
+ }
+ }
+
+ if( cred->bv_val[i] != '\0' ) {
+ return LUTIL_PASSWD_ERR; /* cred must behave like a string */
+ }
+
+ for( i=0; i<passwd->bv_len; i++) {
+ if(passwd->bv_val[i] == '\0') {
+ return LUTIL_PASSWD_ERR; /* NUL character in password */
+ }
+ }
+
+ if( passwd->bv_val[i] != '\0' ) {
+ return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
+ }
+
+ rtn = LUTIL_PASSWD_ERR;
+
+#ifdef HAVE_KRB5 /* HAVE_HEIMDAL_KRB5 */
+ {
+/* Portions:
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H\xf6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_creds creds;
+ krb5_get_init_creds_opt get_options;
+ krb5_verify_init_creds_opt verify_options;
+ krb5_principal client, server;
+#ifdef notdef
+ krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP};
+#endif
+
+ ret = krb5_init_context( &context );
+ if (ret) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+#ifdef notdef
+ krb5_get_init_creds_opt_set_preauth_list(&get_options,
+ pre_auth_types, 1);
+#endif
+
+ krb5_get_init_creds_opt_init( &get_options );
+
+ krb5_verify_init_creds_opt_init( &verify_options );
+
+ ret = krb5_parse_name( context, passwd->bv_val, &client );
+
+ if (ret) {
+ krb5_free_context( context );
+ return LUTIL_PASSWD_ERR;
+ }
+
+ ret = krb5_get_init_creds_password( context,
+ &creds, client, cred->bv_val, NULL,
+ NULL, 0, NULL, &get_options );
+
+ if (ret) {
+ krb5_free_principal( context, client );
+ krb5_free_context( context );
+ return LUTIL_PASSWD_ERR;
+ }
+
+ {
+ char *host = ldap_pvt_get_fqdn( NULL );
+
+ if( host == NULL ) {
+ krb5_free_principal( context, client );
+ krb5_free_context( context );
+ return LUTIL_PASSWD_ERR;
+ }
+
+ ret = krb5_sname_to_principal( context,
+ host, "ldap", KRB5_NT_SRV_HST, &server );
+
+ ber_memfree( host );
+ }
+
+ if (ret) {
+ krb5_free_principal( context, client );
+ krb5_free_context( context );
+ return LUTIL_PASSWD_ERR;
+ }
+
+ ret = krb5_verify_init_creds( context,
+ &creds, server, NULL, NULL, &verify_options );
+
+ krb5_free_principal( context, client );
+ krb5_free_principal( context, server );
+ krb5_free_cred_contents( context, &creds );
+ krb5_free_context( context );
+
+ rtn = ret ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+ }
+#elif defined(HAVE_KRB4)
+ {
+ /* Borrowed from Heimdal kpopper */
+/* Portions:
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved. The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+ int status;
+ char lrealm[REALM_SZ];
+ char tkt[MAXHOSTNAMELEN];
+
+ status = krb_get_lrealm(lrealm,1);
+ if (status == KFAILURE) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ snprintf(tkt, sizeof(tkt), "%s_slapd.%u",
+ TKT_ROOT, (unsigned)getpid());
+ krb_set_tkt_string (tkt);
+
+ status = krb_verify_user( passwd->bv_val, "", lrealm,
+ cred->bv_val, 1, "ldap");
+
+ dest_tkt(); /* no point in keeping the tickets */
+
+ return status == KFAILURE ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+ }
+#endif
+
+ return rtn;
+}
+
+int init_module(int argc, char *argv[]) {
+ return lutil_passwd_add( (struct berval *)&scheme, chk_kerberos, NULL );
+}
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/passwd/netscape.c
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/passwd/netscape.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/passwd/netscape.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,80 @@
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/netscape.c,v 1.2.2.4 2007/01/02 21:43:42 kurt Exp $ */
+/*
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include <unistd.h>
+
+#include <lber.h>
+#include <lber_pvt.h>
+#include "lutil.h"
+#include "lutil_md5.h"
+#include <ac/string.h>
+
+static LUTIL_PASSWD_CHK_FUNC chk_ns_mta_md5;
+static const struct berval scheme = BER_BVC("{NS-MTA-MD5}");
+
+#define NS_MTA_MD5_PASSLEN 64
+static int chk_ns_mta_md5(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ const struct berval *cred,
+ const char **text )
+{
+ lutil_MD5_CTX MD5context;
+ unsigned char MD5digest[LUTIL_MD5_BYTES], c;
+ char buffer[LUTIL_MD5_BYTES*2];
+ int i;
+
+ if( passwd->bv_len != NS_MTA_MD5_PASSLEN ) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ /* hash credentials with salt */
+ lutil_MD5Init(&MD5context);
+ lutil_MD5Update(&MD5context,
+ (const unsigned char *) &passwd->bv_val[32],
+ 32 );
+
+ c = 0x59;
+ lutil_MD5Update(&MD5context,
+ (const unsigned char *) &c,
+ 1 );
+
+ lutil_MD5Update(&MD5context,
+ (const unsigned char *) cred->bv_val,
+ cred->bv_len );
+
+ c = 0xF7;
+ lutil_MD5Update(&MD5context,
+ (const unsigned char *) &c,
+ 1 );
+
+ lutil_MD5Update(&MD5context,
+ (const unsigned char *) &passwd->bv_val[32],
+ 32 );
+
+ lutil_MD5Final(MD5digest, &MD5context);
+
+ for( i=0; i < sizeof( MD5digest ); i++ ) {
+ buffer[i+i] = "0123456789abcdef"[(MD5digest[i]>>4) & 0x0F];
+ buffer[i+i+1] = "0123456789abcdef"[ MD5digest[i] & 0x0F];
+ }
+
+ /* compare */
+ return memcmp((char *)passwd->bv_val,
+ (char *)buffer, sizeof(buffer)) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
+int init_module(int argc, char *argv[]) {
+ return lutil_passwd_add( (struct berval *)&scheme, chk_ns_mta_md5, NULL );
+}
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/smbk5pwd/Makefile
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/smbk5pwd/Makefile (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/smbk5pwd/Makefile 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,37 @@
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/smbk5pwd/Makefile,v 1.1 2004/04/02 11:06:38 hyc Exp $
+# Copyright 2004 Howard Chu, Symas Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LIBTOOL=../../../libtool
+OPT=-g -O2
+CC=gcc
+
+# Omit DO_KRB5 or DO_SAMBA if you don't want to support it.
+DEFS=-DDO_KRB5 -DDO_SAMBA
+
+HEIMDAL_INC=-I/usr/heimdal/include
+SSL_INC=
+LDAP_INC=-I../../../include -I../../../servers/slapd
+INCS=$(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
+
+HEIMDAL_LIB=-L/usr/heimdal/lib -lkrb5 -lkadm5srv
+SSL_LIB=-lcrypto
+LDAP_LIB=-lldap_r -llber
+LIBS=$(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
+
+all: smbk5pwd.la
+
+
+smbk5pwd.lo: smbk5pwd.c
+ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
+
+smbk5pwd.la: smbk5pwd.lo
+ $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
+ -rpath /usr/local/libexec/openldap -module -o $@ $? $(LIBS)
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/smbk5pwd/README
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/smbk5pwd/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/smbk5pwd/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,90 @@
+Copyright 2004-2005 Howard Chu, Symas Corp. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
+This directory contains a slapd overlay, smbk5pwd, that extends the
+PasswordModify Extended Operation to update Kerberos keys and Samba
+password hashes for an LDAP user.
+
+The Kerberos support is written for Heimdal using its hdb-ldap backend.
+If a PasswordModify is performed on an entry that has the krb5KDCEntry
+objectclass, then the krb5Key and krb5KeyVersionNumber will be updated
+using the new password in the PasswordModify request. Additionally, a
+new "{K5KEY}" password hash mechanism is provided. For krb5KDCEntries that
+have this hash specifier in their userPassword attribute, Simple Binds
+will be checked against the Kerberos keys of the Entry. No data is
+needed after the "{K5KEY}" hash specifier in the userPassword, it is
+looked up from the Entry directly.
+
+The Samba support is written using the Samba 3.0 LDAP schema. If a
+PasswordModify is performed on an entry that has the sambaSamAccount
+objectclass, then the sambaLMPassword, sambaNTPassword, and sambaPwdLastSet
+attributes will be updated accordingly.
+
+To use the overlay, add:
+
+ include <path to>/krb5-kdc.schema
+ include <path to>/samba.schema
+
+ moduleload <path to>smbk5pwd.so
+ ...
+
+ database bdb
+ ...
+ overlay smbk5pwd
+
+to your slapd configuration file. (You should obtain the necessary schema
+files from the Heimdal and/or Samba distributions. At this time, there
+are several known errors in these schema files that you will have to
+correct before they will load in slapd. As of Samba 3.0 the schema looks
+fine as shipped.)
+
+All modules compiled in (i.e. krb5 and samba) are enabled; the statement
+
+ smbk5pwd-enable <module>
+
+can be used to enable only the desired one(s); legal values for <module>
+are "krb5" and "samba", if they are respectively enabled by defining
+DO_KRB5 and DO_SAMBA.
+
+The samba module also supports the
+
+ smbk5pwd-must-change <seconds>
+
+which sets the "sambaPwdMustChange" attribute accordingly to force passwd
+expiry. A value of 0 disables this feature.
+
+The overlay now supports table-driven configuration, and thus can be run-time
+loaded and configured via back-config. The layout of the entry is
+
+ # {0}smbk5pwd, {1}bdb, config
+ dn: olcOverlay={0}smbk5pwd,olcDatabase={1}bdb,cn=config
+ objectClass: olcOverlayConfig
+ objectClass: olcSmbK5PwdConfig
+ olcOverlay: {0}smbk5pwd
+ olcSmbK5PwdEnable: krb5
+ olcSmbK5PwdEnable: samba
+ olcSmbK5PwdMustChange: 2592000
+
+which enables both krb5 and samba modules with a password expiry time
+of 30 days.
+
+The provided Makefile builds both Kerberos and Samba support by default.
+You must edit the Makefile to insure that the correct include and library
+paths are used. You can change the DEFS macro if you only want one or the
+other of Kerberos or Samba support.
+
+This overlay is only set up to be built as a dynamically loaded module.
+On most platforms, in order for the module to be usable, all of the
+library dependencies must also be available as shared libraries.
+
+If you need to build the overlay statically, you will have to move it into the
+slapd/overlays directory and edit the Makefile and overlays.c to reference
+it. You will also have to define SLAPD_OVER_SMBK5PWD to SLAPD_MOD_STATIC,
+and add the relevant libraries to the main slapd link command.
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-modules/smbk5pwd/smbk5pwd.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-modules/smbk5pwd/smbk5pwd.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,966 @@
+/* smbk5pwd.c - Overlay for managing Samba and Heimdal passwords */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/smbk5pwd/smbk5pwd.c,v 1.1.2.10 2006/12/15 15:39:35 hyc Exp $ */
+/*
+ * Copyright 2004-2005 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/*
+ * Support for sambaPwdMustChange added by Marco D'Ettorre.
+ * Support for table-driven configuration added by Pierangelo Masarati.
+ *
+ * The conditions of the OpenLDAP Public License apply.
+ */
+
+#include <portable.h>
+
+#ifndef SLAPD_OVER_SMBK5PWD
+#define SLAPD_OVER_SMBK5PWD SLAPD_MOD_DYNAMIC
+#endif
+
+#ifdef SLAPD_OVER_SMBK5PWD
+
+#include <slap.h>
+#include <ac/errno.h>
+#include <ac/string.h>
+
+#include "config.h"
+
+#ifdef DO_KRB5
+#include <lber.h>
+#include <lber_pvt.h>
+#include <lutil.h>
+
+/* make ASN1_MALLOC_ENCODE use our allocator */
+#define malloc ch_malloc
+
+#include <krb5.h>
+#include <kadm5/admin.h>
+#include <hdb.h>
+
+#ifndef HDB_INTERFACE_VERSION
+#define HDB_MASTER_KEY_SET master_key_set
+#else
+#define HDB_MASTER_KEY_SET hdb_master_key_set
+#endif
+
+static krb5_context context;
+static void *kadm_context;
+static kadm5_config_params conf;
+static HDB *db;
+
+static AttributeDescription *ad_krb5Key;
+static AttributeDescription *ad_krb5KeyVersionNumber;
+static AttributeDescription *ad_krb5PrincipalName;
+static ObjectClass *oc_krb5KDCEntry;
+#endif
+
+#ifdef DO_SAMBA
+#include <openssl/des.h>
+#include <openssl/md4.h>
+#include "ldap_utf8.h"
+
+static AttributeDescription *ad_sambaLMPassword;
+static AttributeDescription *ad_sambaNTPassword;
+static AttributeDescription *ad_sambaPwdLastSet;
+static AttributeDescription *ad_sambaPwdMustChange;
+static ObjectClass *oc_sambaSamAccount;
+#endif
+
+/* Per-instance configuration information */
+typedef struct smbk5pwd_t {
+ unsigned mode;
+#define SMBK5PWD_F_KRB5 (0x1U)
+#define SMBK5PWD_F_SAMBA (0x2U)
+
+#define SMBK5PWD_DO_KRB5(pi) ((pi)->mode & SMBK5PWD_F_KRB5)
+#define SMBK5PWD_DO_SAMBA(pi) ((pi)->mode & SMBK5PWD_F_SAMBA)
+
+#ifdef DO_KRB5
+ /* nothing yet */
+#endif
+
+#ifdef DO_SAMBA
+ /* How many seconds before forcing a password change? */
+ time_t smb_must_change;
+#endif
+} smbk5pwd_t;
+
+static const unsigned SMBK5PWD_F_ALL =
+ 0
+#ifdef DO_KRB5
+ | SMBK5PWD_F_KRB5
+#endif
+#ifdef DO_SAMBA
+ | SMBK5PWD_F_SAMBA
+#endif
+;
+
+static int smbk5pwd_modules_init( smbk5pwd_t *pi );
+
+#ifdef DO_SAMBA
+static const char hex[] = "0123456789abcdef";
+
+/* From liblutil/passwd.c... */
+static void lmPasswd_to_key(
+ const char *lmPasswd,
+ des_cblock *key)
+{
+ const unsigned char *lpw = (const unsigned char *)lmPasswd;
+ unsigned char *k = (unsigned char *)key;
+
+ /* make room for parity bits */
+ k[0] = lpw[0];
+ k[1] = ((lpw[0]&0x01)<<7) | (lpw[1]>>1);
+ k[2] = ((lpw[1]&0x03)<<6) | (lpw[2]>>2);
+ k[3] = ((lpw[2]&0x07)<<5) | (lpw[3]>>3);
+ k[4] = ((lpw[3]&0x0F)<<4) | (lpw[4]>>4);
+ k[5] = ((lpw[4]&0x1F)<<3) | (lpw[5]>>5);
+ k[6] = ((lpw[5]&0x3F)<<2) | (lpw[6]>>6);
+ k[7] = ((lpw[6]&0x7F)<<1);
+
+ des_set_odd_parity( key );
+}
+
+#define MAX_PWLEN 256
+#define HASHLEN 16
+
+static void hexify(
+ const char in[HASHLEN],
+ struct berval *out
+)
+{
+ int i;
+ char *a;
+ unsigned char *b;
+
+ out->bv_val = ch_malloc(HASHLEN*2 + 1);
+ out->bv_len = HASHLEN*2;
+
+ a = out->bv_val;
+ b = (unsigned char *)in;
+ for (i=0; i<HASHLEN; i++) {
+ *a++ = hex[*b >> 4];
+ *a++ = hex[*b++ & 0x0f];
+ }
+ *a++ = '\0';
+}
+
+static void lmhash(
+ struct berval *passwd,
+ struct berval *hash
+)
+{
+ char UcasePassword[15];
+ des_cblock key;
+ des_key_schedule schedule;
+ des_cblock StdText = "KGS!@#$%";
+ des_cblock hbuf[2];
+
+ strncpy( UcasePassword, passwd->bv_val, 14 );
+ UcasePassword[14] = '\0';
+ ldap_pvt_str2upper( UcasePassword );
+
+ lmPasswd_to_key( UcasePassword, &key );
+ des_set_key_unchecked( &key, schedule );
+ des_ecb_encrypt( &StdText, &hbuf[0], schedule , DES_ENCRYPT );
+
+ lmPasswd_to_key( &UcasePassword[7], &key );
+ des_set_key_unchecked( &key, schedule );
+ des_ecb_encrypt( &StdText, &hbuf[1], schedule , DES_ENCRYPT );
+
+ hexify( (char *)hbuf, hash );
+}
+
+static void nthash(
+ struct berval *passwd,
+ struct berval *hash
+)
+{
+ /* Windows currently only allows 14 character passwords, but
+ * may support up to 256 in the future. We assume this means
+ * 256 UCS2 characters, not 256 bytes...
+ */
+ char hbuf[HASHLEN];
+ MD4_CTX ctx;
+
+ if (passwd->bv_len > MAX_PWLEN*2)
+ passwd->bv_len = MAX_PWLEN*2;
+
+ MD4_Init( &ctx );
+ MD4_Update( &ctx, passwd->bv_val, passwd->bv_len );
+ MD4_Final( (unsigned char *)hbuf, &ctx );
+
+ hexify( hbuf, hash );
+}
+#endif /* DO_SAMBA */
+
+#ifdef DO_KRB5
+
+static int smbk5pwd_op_cleanup(
+ Operation *op,
+ SlapReply *rs )
+{
+ slap_callback *cb;
+
+ /* clear out the current key */
+ ldap_pvt_thread_pool_setkey( op->o_threadctx, smbk5pwd_op_cleanup,
+ NULL, NULL );
+
+ /* free the callback */
+ cb = op->o_callback;
+ op->o_callback = cb->sc_next;
+ op->o_tmpfree( cb, op->o_tmpmemctx );
+ return 0;
+}
+
+static int smbk5pwd_op_bind(
+ Operation *op,
+ SlapReply *rs )
+{
+ /* If this is a simple Bind, stash the Op pointer so our chk
+ * function can find it. Set a cleanup callback to clear it
+ * out when the Bind completes.
+ */
+ if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE ) {
+ slap_callback *cb;
+ ldap_pvt_thread_pool_setkey( op->o_threadctx, smbk5pwd_op_cleanup, op,
+ NULL );
+ cb = op->o_tmpcalloc( 1, sizeof(slap_callback), op->o_tmpmemctx );
+ cb->sc_cleanup = smbk5pwd_op_cleanup;
+ cb->sc_next = op->o_callback;
+ op->o_callback = cb;
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+static LUTIL_PASSWD_CHK_FUNC k5key_chk;
+static LUTIL_PASSWD_HASH_FUNC k5key_hash;
+static const struct berval k5key_scheme = BER_BVC("{K5KEY}");
+
+/* This password scheme stores no data in the userPassword attribute
+ * other than the scheme name. It assumes the invoking entry is a
+ * krb5KDCentry and compares the passed-in credentials against the
+ * krb5Key attribute. The krb5Key may be multi-valued, but they are
+ * simply multiple keytypes generated from the same input string, so
+ * only the first value needs to be compared here.
+ *
+ * Since the lutil_passwd API doesn't pass the Entry object in, we
+ * have to fetch it ourselves in order to get access to the other
+ * attributes. We accomplish this with the help of the overlay's Bind
+ * function, which stores the current Operation pointer in thread-specific
+ * storage so we can retrieve it here. The Operation provides all
+ * the necessary context for us to get Entry from the database.
+ */
+static int k5key_chk(
+ const struct berval *sc,
+ const struct berval *passwd,
+ const struct berval *cred,
+ const char **text )
+{
+ void *ctx;
+ Operation *op;
+ int rc;
+ Entry *e;
+ Attribute *a;
+ krb5_error_code ret;
+ krb5_keyblock key;
+ krb5_salt salt;
+ hdb_entry ent;
+
+ /* Find our thread context, find our Operation */
+ ctx = ldap_pvt_thread_pool_context();
+
+ if ( ldap_pvt_thread_pool_getkey( ctx, smbk5pwd_op_cleanup, (void **)&op, NULL ) ||
+ !op )
+ return LUTIL_PASSWD_ERR;
+
+ rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
+ if ( rc != LDAP_SUCCESS ) return LUTIL_PASSWD_ERR;
+
+ rc = LUTIL_PASSWD_ERR;
+ do {
+ size_t l;
+ Key ekey = {0};
+
+ a = attr_find( e->e_attrs, ad_krb5PrincipalName );
+ if (!a ) break;
+
+ memset( &ent, 0, sizeof(ent) );
+ ret = krb5_parse_name(context, a->a_vals[0].bv_val, &ent.principal);
+ if ( ret ) break;
+ krb5_get_pw_salt( context, ent.principal, &salt );
+ krb5_free_principal( context, ent.principal );
+
+ a = attr_find( e->e_attrs, ad_krb5Key );
+ if ( !a ) break;
+
+ ent.keys.len = 1;
+ ent.keys.val = &ekey;
+ decode_Key((unsigned char *) a->a_vals[0].bv_val,
+ (size_t) a->a_vals[0].bv_len, &ent.keys.val[0], &l);
+ if ( db->HDB_MASTER_KEY_SET )
+ hdb_unseal_keys( context, db, &ent );
+
+ krb5_string_to_key_salt( context, ekey.key.keytype, cred->bv_val,
+ salt, &key );
+
+ krb5_free_salt( context, salt );
+
+ if ( memcmp( ekey.key.keyvalue.data, key.keyvalue.data,
+ key.keyvalue.length ) == 0 ) rc = LUTIL_PASSWD_OK;
+
+ krb5_free_keyblock_contents( context, &key );
+ krb5_free_keyblock_contents( context, &ekey.key );
+
+ } while(0);
+ be_entry_release_r( op, e );
+ return rc;
+}
+
+static int k5key_hash(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text )
+{
+ ber_dupbv( hash, (struct berval *)&k5key_scheme );
+ return LUTIL_PASSWD_OK;
+}
+#endif /* DO_KRB5 */
+
+static int smbk5pwd_exop_passwd(
+ Operation *op,
+ SlapReply *rs )
+{
+ int rc;
+ req_pwdexop_s *qpw = &op->oq_pwdexop;
+ Entry *e;
+ Modifications *ml;
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ smbk5pwd_t *pi = on->on_bi.bi_private;
+
+ /* Not the operation we expected, pass it on... */
+ if ( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid ) ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
+ if ( rc != LDAP_SUCCESS ) return rc;
+
+#ifdef DO_KRB5
+ /* Kerberos stuff */
+ do {
+ krb5_error_code ret;
+ hdb_entry ent;
+ struct berval *keys;
+ int kvno, i;
+ Attribute *a;
+
+ if ( !SMBK5PWD_DO_KRB5( pi ) ) break;
+
+ if ( !is_entry_objectclass(e, oc_krb5KDCEntry, 0 ) ) break;
+
+ a = attr_find( e->e_attrs, ad_krb5PrincipalName );
+ if ( !a ) break;
+
+ memset( &ent, 0, sizeof(ent) );
+ ret = krb5_parse_name(context, a->a_vals[0].bv_val, &ent.principal);
+ if ( ret ) break;
+
+ a = attr_find( e->e_attrs, ad_krb5KeyVersionNumber );
+ kvno = 0;
+ if ( a ) {
+ if ( lutil_atoi( &kvno, a->a_vals[0].bv_val ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "%s smbk5pwd EXOP: "
+ "dn=\"%s\" unable to parse krb5KeyVersionNumber=\"%s\"\n",
+ op->o_log_prefix, e->e_name.bv_val, a->a_vals[0].bv_val );
+ }
+
+ } else {
+ /* shouldn't happen, this is a required attr */
+ Debug( LDAP_DEBUG_ANY, "%s smbk5pwd EXOP: "
+ "dn=\"%s\" missing krb5KeyVersionNumber\n",
+ op->o_log_prefix, e->e_name.bv_val, 0 );
+ }
+
+ ret = _kadm5_set_keys(kadm_context, &ent, qpw->rs_new.bv_val);
+ hdb_seal_keys(context, db, &ent);
+ krb5_free_principal( context, ent.principal );
+
+ keys = ch_malloc( (ent.keys.len + 1) * sizeof(struct berval));
+
+ for (i = 0; i < ent.keys.len; i++) {
+ unsigned char *buf;
+ size_t len;
+
+ ASN1_MALLOC_ENCODE(Key, buf, len, &ent.keys.val[i], &len, ret);
+ if (ret != 0)
+ break;
+
+ keys[i].bv_val = (char *)buf;
+ keys[i].bv_len = len;
+ }
+ BER_BVZERO( &keys[i] );
+
+ _kadm5_free_keys(kadm_context, ent.keys.len, ent.keys.val);
+
+ if ( i != ent.keys.len ) {
+ ber_bvarray_free( keys );
+ break;
+ }
+
+ ml = ch_malloc(sizeof(Modifications));
+ if (!qpw->rs_modtail) qpw->rs_modtail = &ml->sml_next;
+ ml->sml_next = qpw->rs_mods;
+ qpw->rs_mods = ml;
+
+ ml->sml_desc = ad_krb5Key;
+ ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+ ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
+ ml->sml_values = keys;
+ ml->sml_nvalues = NULL;
+
+ ml = ch_malloc(sizeof(Modifications));
+ ml->sml_next = qpw->rs_mods;
+ qpw->rs_mods = ml;
+
+ ml->sml_desc = ad_krb5KeyVersionNumber;
+ ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+ ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
+ ml->sml_values = ch_malloc( 2 * sizeof(struct berval));
+ ml->sml_values[0].bv_val = ch_malloc( 64 );
+ ml->sml_values[0].bv_len = sprintf(ml->sml_values[0].bv_val,
+ "%d", kvno+1 );
+ BER_BVZERO( &ml->sml_values[1] );
+ ml->sml_nvalues = NULL;
+ } while ( 0 );
+#endif /* DO_KRB5 */
+
+#ifdef DO_SAMBA
+ /* Samba stuff */
+ if ( SMBK5PWD_DO_SAMBA( pi ) && is_entry_objectclass(e, oc_sambaSamAccount, 0 ) ) {
+ struct berval *keys;
+ ber_len_t j,l;
+ wchar_t *wcs, wc;
+ char *c, *d;
+ struct berval pwd;
+
+ /* Expand incoming UTF8 string to UCS4 */
+ l = ldap_utf8_chars(qpw->rs_new.bv_val);
+ wcs = ch_malloc((l+1) * sizeof(wchar_t));
+
+ ldap_x_utf8s_to_wcs( wcs, qpw->rs_new.bv_val, l );
+
+ /* Truncate UCS4 to UCS2 */
+ c = (char *)wcs;
+ for (j=0; j<l; j++) {
+ wc = wcs[j];
+ *c++ = wc & 0xff;
+ *c++ = (wc >> 8) & 0xff;
+ }
+ *c++ = 0;
+ pwd.bv_val = (char *)wcs;
+ pwd.bv_len = l * 2;
+
+ ml = ch_malloc(sizeof(Modifications));
+ if (!qpw->rs_modtail) qpw->rs_modtail = &ml->sml_next;
+ ml->sml_next = qpw->rs_mods;
+ qpw->rs_mods = ml;
+
+ keys = ch_malloc( 2 * sizeof(struct berval) );
+ BER_BVZERO( &keys[1] );
+ nthash( &pwd, keys );
+
+ ml->sml_desc = ad_sambaNTPassword;
+ ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+ ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
+ ml->sml_values = keys;
+ ml->sml_nvalues = NULL;
+
+ /* Truncate UCS2 to 8-bit ASCII */
+ c = pwd.bv_val+1;
+ d = pwd.bv_val+2;
+ for (j=1; j<l; j++) {
+ *c++ = *d++;
+ d++;
+ }
+ pwd.bv_len /= 2;
+ pwd.bv_val[pwd.bv_len] = '\0';
+
+ ml = ch_malloc(sizeof(Modifications));
+ ml->sml_next = qpw->rs_mods;
+ qpw->rs_mods = ml;
+
+ keys = ch_malloc( 2 * sizeof(struct berval) );
+ BER_BVZERO( &keys[1] );
+ lmhash( &pwd, keys );
+
+ ml->sml_desc = ad_sambaLMPassword;
+ ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+ ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
+ ml->sml_values = keys;
+ ml->sml_nvalues = NULL;
+
+ ch_free(wcs);
+
+ ml = ch_malloc(sizeof(Modifications));
+ ml->sml_next = qpw->rs_mods;
+ qpw->rs_mods = ml;
+
+ keys = ch_malloc( 2 * sizeof(struct berval) );
+ keys[0].bv_val = ch_malloc( STRLENOF( "9223372036854775807L" ) + 1 );
+ keys[0].bv_len = snprintf(keys[0].bv_val,
+ STRLENOF( "9223372036854775807L" ) + 1,
+ "%ld", slap_get_time());
+ BER_BVZERO( &keys[1] );
+
+ ml->sml_desc = ad_sambaPwdLastSet;
+ ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+ ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
+ ml->sml_values = keys;
+ ml->sml_nvalues = NULL;
+
+ if (pi->smb_must_change)
+ {
+ ml = ch_malloc(sizeof(Modifications));
+ ml->sml_next = qpw->rs_mods;
+ qpw->rs_mods = ml;
+
+ keys = ch_malloc( 2 * sizeof(struct berval) );
+ keys[0].bv_val = ch_malloc( STRLENOF( "9223372036854775807L" ) + 1 );
+ keys[0].bv_len = snprintf(keys[0].bv_val,
+ STRLENOF( "9223372036854775807L" ) + 1,
+ "%ld", slap_get_time() + pi->smb_must_change);
+ BER_BVZERO( &keys[1] );
+
+ ml->sml_desc = ad_sambaPwdMustChange;
+ ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+ ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
+ ml->sml_values = keys;
+ ml->sml_nvalues = NULL;
+ }
+ }
+#endif /* DO_SAMBA */
+ be_entry_release_r( op, e );
+
+ return SLAP_CB_CONTINUE;
+}
+
+static slap_overinst smbk5pwd;
+
+/* back-config stuff */
+enum {
+ PC_SMB_MUST_CHANGE = 1,
+ PC_SMB_ENABLE
+};
+
+static ConfigDriver smbk5pwd_cf_func;
+
+/*
+ * NOTE: uses OID arcs OLcfgOvAt:6 and OLcfgOvOc:6
+ */
+
+static ConfigTable smbk5pwd_cfats[] = {
+ { "smbk5pwd-enable", "arg",
+ 2, 0, 0, ARG_MAGIC|PC_SMB_ENABLE, smbk5pwd_cf_func,
+ "( OLcfgOvAt:6.1 NAME 'olcSmbK5PwdEnable' "
+ "DESC 'Modules to be enabled' "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "smbk5pwd-must-change", "time",
+ 2, 2, 0, ARG_MAGIC|ARG_INT|PC_SMB_MUST_CHANGE, smbk5pwd_cf_func,
+ "( OLcfgOvAt:6.2 NAME 'olcSmbK5PwdMustChange' "
+ "DESC 'Credentials validity interval' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+
+ { NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs smbk5pwd_cfocs[] = {
+ { "( OLcfgOvOc:6.1 "
+ "NAME 'olcSmbK5PwdConfig' "
+ "DESC 'smbk5pwd overlay configuration' "
+ "SUP olcOverlayConfig "
+ "MAY ( "
+ "olcSmbK5PwdEnable "
+ "$ olcSmbK5PwdMustChange "
+ ") )", Cft_Overlay, smbk5pwd_cfats },
+
+ { NULL, 0, NULL }
+};
+
+/*
+ * add here other functionalities; handle their initialization
+ * as appropriate in smbk5pwd_modules_init().
+ */
+static slap_verbmasks smbk5pwd_modules[] = {
+ { BER_BVC( "krb5" ), SMBK5PWD_F_KRB5 },
+ { BER_BVC( "samba" ), SMBK5PWD_F_SAMBA },
+ { BER_BVNULL, -1 }
+};
+
+static int
+smbk5pwd_cf_func( ConfigArgs *c )
+{
+ slap_overinst *on = (slap_overinst *)c->bi;
+
+ int rc = 0;
+ smbk5pwd_t *pi = on->on_bi.bi_private;
+
+ if ( c->op == SLAP_CONFIG_EMIT ) {
+ switch( c->type ) {
+ case PC_SMB_MUST_CHANGE:
+#ifdef DO_SAMBA
+ c->value_int = pi->smb_must_change;
+#else /* ! DO_SAMBA */
+ c->value_int = 0;
+#endif /* ! DO_SAMBA */
+ break;
+
+ case PC_SMB_ENABLE:
+ c->rvalue_vals = NULL;
+ if ( pi->mode ) {
+ mask_to_verbs( smbk5pwd_modules, pi->mode, &c->rvalue_vals );
+ if ( c->rvalue_vals == NULL ) {
+ rc = 1;
+ }
+ }
+ break;
+
+ default:
+ assert( 0 );
+ rc = 1;
+ }
+ return rc;
+
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ switch( c->type ) {
+ case PC_SMB_MUST_CHANGE:
+ break;
+
+ case PC_SMB_ENABLE:
+ if ( !c->line ) {
+ pi->mode = 0;
+
+ } else {
+ slap_mask_t m;
+
+ m = verb_to_mask( c->line, smbk5pwd_modules );
+ pi->mode &= ~m;
+ }
+ break;
+
+ default:
+ assert( 0 );
+ rc = 1;
+ }
+ return rc;
+ }
+
+ switch( c->type ) {
+ case PC_SMB_MUST_CHANGE:
+#ifdef DO_SAMBA
+ if ( c->value_int < 0 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
+ "<%s> invalid negative value \"%d\".",
+ c->log, c->argv[ 0 ], 0 );
+ return 1;
+ }
+ pi->smb_must_change = c->value_int;
+#else /* ! DO_SAMBA */
+ Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
+ "<%s> only meaningful "
+ "when compiled with -DDO_SAMBA.\n",
+ c->log, c->argv[ 0 ], 0 );
+ return 1;
+#endif /* ! DO_SAMBA */
+ break;
+
+ case PC_SMB_ENABLE: {
+ slap_mask_t mode = pi->mode, m;
+
+ rc = verbs_to_mask( c->argc, c->argv, smbk5pwd_modules, &m );
+ if ( rc > 0 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
+ "<%s> unknown module \"%s\".\n",
+ c->log, c->argv[ 0 ], c->argv[ rc ] );
+ return 1;
+ }
+
+ /* we can hijack the smbk5pwd_t structure because
+ * from within the configuration, this is the only
+ * active thread. */
+ pi->mode |= m;
+
+#ifndef DO_KRB5
+ if ( SMBK5PWD_DO_KRB5( pi ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
+ "<%s> module \"%s\" only allowed when compiled with -DDO_KRB5.\n",
+ c->log, c->argv[ 0 ], c->argv[ rc ] );
+ pi->mode = mode;
+ return 1;
+ }
+#endif /* ! DO_KRB5 */
+
+#ifndef DO_SAMBA
+ if ( SMBK5PWD_DO_SAMBA( pi ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
+ "<%s> module \"%s\" only allowed when compiled with -DDO_SAMBA.\n",
+ c->log, c->argv[ 0 ], c->argv[ rc ] );
+ pi->mode = mode;
+ return 1;
+ }
+#endif /* ! DO_SAMBA */
+
+ {
+ BackendDB db = *c->be;
+
+ /* Re-initialize the module, because
+ * the configuration might have changed */
+ db.bd_info = (BackendInfo *)on;
+ rc = smbk5pwd_modules_init( pi );
+ if ( rc ) {
+ pi->mode = mode;
+ return 1;
+ }
+ }
+
+ } break;
+
+ default:
+ assert( 0 );
+ return 1;
+ }
+ return rc;
+}
+
+static int
+smbk5pwd_modules_init( smbk5pwd_t *pi )
+{
+ static struct {
+ const char *name;
+ AttributeDescription **adp;
+ }
+#ifdef DO_KRB5
+ krb5_ad[] = {
+ { "krb5Key", &ad_krb5Key },
+ { "krb5KeyVersionNumber", &ad_krb5KeyVersionNumber },
+ { "krb5PrincipalName", &ad_krb5PrincipalName },
+ { NULL }
+ },
+#endif /* DO_KRB5 */
+#ifdef DO_SAMBA
+ samba_ad[] = {
+ { "sambaLMPassword", &ad_sambaLMPassword },
+ { "sambaNTPassword", &ad_sambaNTPassword },
+ { "sambaPwdLastSet", &ad_sambaPwdLastSet },
+ { "sambaPwdMustChange", &ad_sambaPwdMustChange },
+ { NULL }
+ },
+#endif /* DO_SAMBA */
+ dummy_ad;
+
+ /* this is to silence the unused var warning */
+ dummy_ad.name = NULL;
+
+#ifdef DO_KRB5
+ if ( SMBK5PWD_DO_KRB5( pi ) && oc_krb5KDCEntry == NULL ) {
+ krb5_error_code ret;
+ extern HDB *_kadm5_s_get_db(void *);
+
+ int i, rc;
+
+ /* Make sure all of our necessary schema items are loaded */
+ oc_krb5KDCEntry = oc_find( "krb5KDCEntry" );
+ if ( !oc_krb5KDCEntry ) {
+ Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+ "unable to find \"krb5KDCEntry\" objectClass.\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ for ( i = 0; krb5_ad[ i ].name != NULL; i++ ) {
+ const char *text;
+
+ *(krb5_ad[ i ].adp) = NULL;
+
+ rc = slap_str2ad( krb5_ad[ i ].name, krb5_ad[ i ].adp, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+ "unable to find \"%s\" attributeType: %s (%d).\n",
+ krb5_ad[ i ].name, text, rc );
+ oc_krb5KDCEntry = NULL;
+ return rc;
+ }
+ }
+
+ /* Initialize Kerberos context */
+ ret = krb5_init_context(&context);
+ if (ret) {
+ Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+ "unable to initialize krb5 context (%d).\n",
+ ret, 0, 0 );
+ oc_krb5KDCEntry = NULL;
+ return -1;
+ }
+
+ ret = kadm5_s_init_with_password_ctx( context,
+ KADM5_ADMIN_SERVICE,
+ NULL,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0, &kadm_context );
+ if (ret) {
+ char *err_str, *err_msg = "<unknown error>";
+ err_str = krb5_get_error_string( context );
+ if (!err_str)
+ err_msg = krb5_get_err_text( context, ret );
+ Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+ "unable to initialize krb5 admin context: %s (%d).\n",
+ err_str ? err_str : err_msg, ret, 0 );
+ if (err_str)
+ krb5_free_error_string( context, err_str );
+ krb5_free_context( context );
+ oc_krb5KDCEntry = NULL;
+ return -1;
+ }
+
+ db = _kadm5_s_get_db( kadm_context );
+ }
+#endif /* DO_KRB5 */
+
+#ifdef DO_SAMBA
+ if ( SMBK5PWD_DO_SAMBA( pi ) && oc_sambaSamAccount == NULL ) {
+ int i, rc;
+
+ oc_sambaSamAccount = oc_find( "sambaSamAccount" );
+ if ( !oc_sambaSamAccount ) {
+ Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+ "unable to find \"sambaSamAccount\" objectClass.\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ for ( i = 0; samba_ad[ i ].name != NULL; i++ ) {
+ const char *text;
+
+ *(samba_ad[ i ].adp) = NULL;
+
+ rc = slap_str2ad( samba_ad[ i ].name, samba_ad[ i ].adp, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+ "unable to find \"%s\" attributeType: %s (%d).\n",
+ samba_ad[ i ].name, text, rc );
+ oc_sambaSamAccount = NULL;
+ return rc;
+ }
+ }
+ }
+#endif /* DO_SAMBA */
+
+ return 0;
+}
+
+static int
+smbk5pwd_db_init(BackendDB *be)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ smbk5pwd_t *pi;
+
+ pi = ch_calloc( 1, sizeof( smbk5pwd_t ) );
+ if ( pi == NULL ) {
+ return 1;
+ }
+ on->on_bi.bi_private = (void *)pi;
+
+ return 0;
+}
+
+static int
+smbk5pwd_db_open(BackendDB *be)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ smbk5pwd_t *pi = (smbk5pwd_t *)on->on_bi.bi_private;
+
+ int rc;
+
+ if ( pi->mode == 0 ) {
+ pi->mode = SMBK5PWD_F_ALL;
+ }
+
+ rc = smbk5pwd_modules_init( pi );
+ if ( rc ) {
+ return rc;
+ }
+
+ return 0;
+}
+
+static int
+smbk5pwd_db_destroy(BackendDB *be)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ smbk5pwd_t *pi = (smbk5pwd_t *)on->on_bi.bi_private;
+
+ if ( pi ) {
+ ch_free( pi );
+ }
+
+ return 0;
+}
+
+int
+smbk5pwd_initialize(void)
+{
+ int rc;
+
+ smbk5pwd.on_bi.bi_type = "smbk5pwd";
+
+ smbk5pwd.on_bi.bi_db_init = smbk5pwd_db_init;
+ smbk5pwd.on_bi.bi_db_open = smbk5pwd_db_open;
+ smbk5pwd.on_bi.bi_db_destroy = smbk5pwd_db_destroy;
+
+ smbk5pwd.on_bi.bi_extended = smbk5pwd_exop_passwd;
+
+#ifdef DO_KRB5
+ smbk5pwd.on_bi.bi_op_bind = smbk5pwd_op_bind;
+
+ lutil_passwd_add( (struct berval *)&k5key_scheme, k5key_chk, k5key_hash );
+#endif
+
+ smbk5pwd.on_bi.bi_cf_ocs = smbk5pwd_cfocs;
+
+ rc = config_register_schema( smbk5pwd_cfats, smbk5pwd_cfocs );
+ if ( rc ) {
+ return rc;
+ }
+
+ return overlay_register( &smbk5pwd );
+}
+
+#if SLAPD_OVER_SMBK5PWD == SLAPD_MOD_DYNAMIC
+int init_module(int argc, char *argv[]) {
+ return smbk5pwd_initialize();
+}
+#endif
+
+#endif /* defined(SLAPD_OVER_SMBK5PWD) */
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-tools/README
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-tools/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-tools/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,12 @@
+Copyright 2004-2007 The OpenLDAP Foundation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+Directory contents:
+
+statslog
+ Program to output selected parts of slapd's statslog output
+ (LDAP request/response log), grouping log lines by LDAP
+ connection. Useful to search and inspect the server log.
Added: openldap/vendor/openldap-2.3.35/contrib/slapd-tools/statslog
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapd-tools/statslog (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapd-tools/statslog 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,169 @@
+#!/usr/bin/perl -w
+# statslog - Rearrange and output selected parts of slapd's statslog output.
+# $OpenLDAP: pkg/ldap/contrib/slapd-tools/statslog,v 1.2 2004/11/02 16:19:17 hallvard Exp $
+#
+# Copyright 2004 Hallvard B. Furuseth.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+sub usage {
+ die join("", @_, <<'EOM');
+Usage: statslog [options] [logfiles; may be .gz or .bz2 files]
+
+ Output selected parts of slapd's statslog output (LDAP request/response
+ log to syslog or stderr; loglevel 256), grouping log lines by LDAP
+ connection. Lines with no connection are excluded by default.
+
+Options:
+ --brief -b Brief output (omit time, host/process name/ID).
+ --exclude=RE -e RE Exclude connections whose output matches REgexp.
+ --include=RE -i RE Only include connections matching REgexp.
+ --EXCLUDE=RE -E RE Case-sensitive '--exclude'.
+ --INCLUDE=RE -I RE Case-sensitive '--include'.
+ --loose -l Include "loose" lines (lines with no connection).
+ --no-loose -L RE Only exclude the "loose" lines that match RE.
+ --join -j Join the inputs as if they were one big log file.
+ Each file must start where the previous left off.
+ --no-join -J Do not --join. (Can be useful with --sort.)
+ --sort -s Sort input files by age. Implies --join.
+ --trace -t Print file names when read. Implies --no-join.
+All --exclude/include options are applied. Note: --exclude/include are
+unreliable without --join/sort for connections spanning several log files.
+EOM
+}
+
+########################################################################
+
+use bytes;
+use strict;
+use Getopt::Long;
+
+# Globals
+my %conns; # Hash (connection number -> output)
+my @loose; # Collected output with no connection number
+
+# Command line options
+my($brief, @filters, @conditions, $no_loose);
+my($join_files, $sort_files, $trace, $getopt_ok);
+
+# Handle --include/INCLUDE/exclude/EXCLUDE options
+sub filter_opt {
+ my($opt, $regexp) = @_;
+ push(@conditions, sprintf('$lines %s /$filters[%d]/om%s',
+ (lc($opt) eq 'include' ? "=~" : "!~"),
+ scalar(@filters),
+ ($opt eq lc($opt) ? "i" : "")));
+ push(@filters, $regexp);
+}
+
+# Parse options at compile time so some can become constants to optimize away
+BEGIN {
+ &Getopt::Long::Configure(qw(bundling no_ignore_case));
+ $getopt_ok = GetOptions("brief|b" => \$brief,
+ "include|i=s" => \&filter_opt,
+ "exclude|e=s" => \&filter_opt,
+ "INCLUDE|I=s" => \&filter_opt,
+ "EXCLUDE|E=s" => \&filter_opt,
+ "join|j" => \$join_files,
+ "no-join|J" => sub { $join_files = 0; },
+ "sort|s" => \$sort_files,
+ "loose|l" => sub { $no_loose = ".^"; },
+ "no-loose|L=s" => \$no_loose,
+ "trace|t" => \$trace);
+}
+usage() unless $getopt_ok;
+usage("--trace is incompatible with --join.\n") if $trace && $join_files;
+
+$join_files = 1 if !defined($join_files) && $sort_files && !$trace;
+use constant BRIEF => !!$brief;
+use constant LOOSE => defined($no_loose) && ($no_loose eq ".^" ? 2 : 1);
+
+# Build sub out(header, connection number) to output one connection's data
+my $out_body = (LOOSE
+ ? ' if (@loose) { print "\n", @loose; @loose = (); } '
+ : '');
+$out_body .= ' print "\n", $_[0], $lines; ';
+$out_body = " if (" . join("\n && ", @conditions) . ") {\n$out_body\n}"
+ if @conditions;
+eval <<EOM;
+sub out {
+ my \$lines = delete(\$conns{\$_[1]});
+ $out_body
+}
+1;
+EOM
+die $@ if $@;
+
+# Read and output log lines from one file
+sub do_file {
+ local(@ARGV) = @_;
+ my($conn, $line, $act);
+ while (<>) {
+ if (BRIEF
+ ? (($conn, $line, $act) = /\bconn=(\d+) (\S+ (\S+).*\n)/)
+ : (($conn, $act) = /\bconn=(\d+) \S+ (\S+)/ )) {
+ $conns{$conn} .= (BRIEF ? $line : $_);
+ out("", $conn) if $act eq 'closed';
+ } elsif (LOOSE && (LOOSE > 1 || !/$no_loose/omi)) {
+ s/^\w{3} [ \d]+:\d\d:\d\d [^:]*: // if BRIEF;
+ push(@loose, $_);
+ }
+ }
+ final() unless $join_files;
+}
+
+# Output log lines for unfinished connections
+sub final {
+ if (%conns) {
+ for my $conn (sort keys %conns) {
+ out("UNFINISHED:\n", $conn);
+ }
+ die if %conns;
+ }
+ if (LOOSE && @loose) { print "\n", @loose; @loose = (); }
+}
+
+# Main program
+if (!@ARGV) {
+ # Read from stdin
+ do_file();
+} else {
+ if ($sort_files && @ARGV > 1) {
+ # Sort files by last modified time; oldest first
+ my @fileinfo;
+ for my $file (@ARGV) {
+ my $age = -M $file;
+ if (defined($age)) {
+ push(@fileinfo, [$age, $file]);
+ } else {
+ print STDERR "File not found: $file\n";
+ }
+ }
+ exit(1) unless @fileinfo;
+ @ARGV = map { $_->[1] } sort { $b->[0] <=> $a->[0] } @fileinfo;
+ }
+
+ # Prepare to pipe .gz, .bz2 and .bz files through gunzip or bunzip2
+ my %type2prog = ("gz" => "gunzip", "bz2" => "bunzip2", "bz" => "bunzip2");
+ for (@ARGV) {
+ if (/\.(gz|bz2?)$/) {
+ my $type = $1;
+ die "Bad filename: $_\n" if /^[+-]|[^\w\/.,:%=+-]|^$/;
+ $_ = "$type2prog{$type} -c $_ |";
+ }
+ }
+
+ # Process the files
+ for my $file (@ARGV) {
+ print "\n$file:\n" if $trace;
+ do_file($file);
+ }
+}
+final();
Property changes on: openldap/vendor/openldap-2.3.35/contrib/slapd-tools/statslog
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/contrib/slapi-plugins/addrdnvalues/README
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapi-plugins/addrdnvalues/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapi-plugins/addrdnvalues/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,22 @@
+Copyright 2003-2007 The OpenLDAP Foundation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+This directory contains a SLAPI plugin, addrdnvalues, which will add to
+an entry any attribute values that appear in the entry's RDN but not in
+the entry. This is necessary for compliance with some "broken" clients.
+
+To use the plugin, add:
+
+plugin preoperation libaddrdnvalues-plugin.so addrdnvalues_preop_init
+
+to your slapd configuration file.
+
+No Makefile is provided. Use a command line similar to:
+
+gcc -shared -I../../../include -Wall -g -o libaddrdnvalues-plugin.so addrdnvalues.c
+
+to compile this plugin.
+
Added: openldap/vendor/openldap-2.3.35/contrib/slapi-plugins/addrdnvalues/addrdnvalues.c
===================================================================
--- openldap/vendor/openldap-2.3.35/contrib/slapi-plugins/addrdnvalues/addrdnvalues.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/contrib/slapi-plugins/addrdnvalues/addrdnvalues.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,68 @@
+/* $OpenLDAP: pkg/ldap/contrib/slapi-plugins/addrdnvalues/addrdnvalues.c,v 1.6 2004/05/23 13:45:32 lukeh Exp $ */
+/*
+ * Copyright 2003-2004 PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include <string.h>
+#include <unistd.h>
+
+#include <ldap.h>
+#include <lber.h>
+
+#include <slapi-plugin.h>
+
+int addrdnvalues_preop_init(Slapi_PBlock *pb);
+
+static Slapi_PluginDesc pluginDescription = {
+ "addrdnvalues-plugin",
+ "PADL",
+ "1.0",
+ "RDN values addition plugin"
+};
+
+static int addrdnvalues_preop_add(Slapi_PBlock *pb)
+{
+ int rc;
+ Slapi_Entry *e;
+
+ if (slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e) != 0) {
+ slapi_log_error(SLAPI_LOG_PLUGIN, "addrdnvalues_preop_add",
+ "Error retrieving target entry\n");
+ return -1;
+ }
+
+ rc = slapi_entry_add_rdn_values(e);
+ if (rc != LDAP_SUCCESS) {
+ slapi_send_ldap_result(pb, LDAP_OTHER, NULL,
+ "Failed to parse distinguished name", 0, NULL);
+ slapi_log_error(SLAPI_LOG_PLUGIN, "addrdnvalues_preop_add",
+ "Failed to parse distinguished name: %s\n",
+ ldap_err2string(rc));
+ return -1;
+ }
+
+ return 0;
+}
+
+int addrdnvalues_preop_init(Slapi_PBlock *pb)
+{
+ if (slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_03) != 0 ||
+ slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, &pluginDescription) != 0 ||
+ slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_ADD_FN, (void *)addrdnvalues_preop_add) != 0) {
+ slapi_log_error(SLAPI_LOG_PLUGIN, "addrdnvalues_preop_init",
+ "Error registering %s\n", pluginDescription.spd_description);
+ return -1;
+ }
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/doc/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,16 @@
+## doc Makefile.in for OpenLDAP
+# $OpenLDAP: pkg/ldap/doc/Makefile.in,v 1.8.2.4 2007/01/02 21:43:43 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SUBDIRS= man
Added: openldap/vendor/openldap-2.3.35/doc/devel/README
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/devel/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/devel/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,8 @@
+The OpenLDAP Developer's FAQ is available at:
+ http://www.openldap.org/faq/index.cgi?file=4
+
+Additional developer pages are at:
+ http://www.openldap.org/devel/
+
+---
+$OpenLDAP: pkg/ldap/doc/devel/README,v 1.7 2004/04/16 16:11:15 kurt Exp $
Added: openldap/vendor/openldap-2.3.35/doc/devel/args
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/devel/args (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/devel/args 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,58 @@
+Tools ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ldapcompare * DE**HI*K M*OPQR UVWXYZ de *h**k *n*p* vwxyz
+ldapdelete *CDE**HI*K M*OPQR UVWXYZ cdef*h**k *n*p* vwxy
+ldapmodify *CDE**HI*K M*OPQRS UVWXYZabcde *h**k *n*p*r t vwxy
+ldapmodrdn *CDE**HI*K M*OPQR UVWXYZ cdef*h**k *n*p*rs vwxy
+ldappasswd A*CDE**HI* *O QRS UVWXYZa def*h** * * * s vwxy
+ldapsearch A*CDE**HI*KLM*OPQRSTUVWXYZab def*h**kl*n*p* stuvwxyz
+ldapwhoami * DE**HI* *O QR UVWXYZ def*h** *n*p* vwxy
+
+
+* reserved
+ BFGJgijmoq01235789
+
+* General flags:
+ -C Chase Referrals
+ -D Bind DN
+ -E Tool-specific Extensions (e.g., -E <[!]oid[=options]>*)
+ -e General Extensions (e.g., -e <[!]oid[=options]>*)
+ -f file
+ -H URI
+ -P protocol version
+ -V version information
+ -W prompt for bind password
+ -d debug
+ -h host
+ -n no-op
+ -N no (SASLprep) normalization of simple bind password
+ -p port
+ -v verbose
+ -V version
+ -x simple bind
+ -y Bind password-file
+ -w Bind password
+ -4 IPv4 only
+ -6 IPv6 only
+
+
+* LDAPv3 Only
+ -M ManageDSAIT
+ -Z StartTLS
+
+ -Y SASL Mechanism (defaults to "best")
+ -R SASL Realm (defaults to empty)
+ -O SASL Security Options (defaults to "noanonymous,noplain")
+ -U SASL Authentication Identity (defaults to USER)
+ -X SASL Authorization Identity (defaults to empty)
+
+ -I SASL interactive mode (default: automatic)
+ -Q SASL quiet mode (default: automatic)
+
+
+* LDAPv2+ Only (DEPRECATED)
+ -K LDAPv2 Kerberos Bind (Step 1 only)
+ -k LDAPv2 Kerberos Bind
+
+
+---
+$OpenLDAP: pkg/ldap/doc/devel/args,v 1.26.4.3 2006/02/12 03:19:48 kurt Exp $
Added: openldap/vendor/openldap-2.3.35/doc/devel/template.c
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/devel/template.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/devel/template.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,26 @@
+/* template.c -- example OpenLDAP source file */
+/* $OpenLDAP: pkg/ldap/doc/devel/template.c,v 1.5 2003/12/07 06:38:07 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright YEAR The OpenLDAP Foundation.
+ * Portions Copyright YEAR Secondary Rights Holder.
+ * Portions Copyright YEAR Another Rights Holder.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Additional (custom) notices (where necessary).
+ * Please consult Kurt Zeilenga <kurt at openldap.org> before adding
+ * additional notices.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Jane Doe for inclusion in
+ * OpenLDAP Software. Additional significant contributors include:
+ * John Doe
+ */
Added: openldap/vendor/openldap-2.3.35/doc/devel/todo
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/devel/todo (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/devel/todo 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,73 @@
+OpenLDAP Software To Do List
+----------------------------
+
+This is a list of projects that need getting done. They are defined
+by scale of the effort as opposed to priority. Contribute to
+projects based upon your personal priorities.
+
+If you would like to work on any of these projects, please coordinate
+by posting to OpenLDAP-devel mailing list:
+ http://www.OpenLDAP.org/lists
+
+If you have a project you'd like added to the list, talk it up on
+Developer's list or just do it.
+
+Please read:
+ http://www.OpenLDAP.org/devel/programming.html
+ http://www.OpenLDAP.org/devel/contributing.html
+
+
+OpenLDAP 2.x Projects
+---------------------
+ SLAPD
+ Complete Unicode Support (ACLs, etc.)
+ client C API update
+ Implement per referral/continuation callback
+ clients (e.g. ldapsearch(1))
+ Implement referral chasing options w/ referral callback
+ Update manual pages
+
+
+Large projects
+--------------
+Implement character string localization
+Implement X.500 administrative models (e.g. subentries (RFC 3672), etc.)
+Implement LDAP sorted search results control (RFC 2891)
+
+
+Medium projects
+---------------
+Add syncrepl "turn" support
+Implement DIT Structure Rules and Name Forms
+Implement LDAPprep
+Implement native support for simple SASL mechanisms
+ (e.g. EXTERNAL and PLAIN)
+Redesign slapd memory allocation fault handling
+Localize tools
+
+
+Small projects
+--------------
+Add BSD kqueue(2) support to slapd(8)
+Add DSML capabilities to command line tools
+Add LDIFv2 (XML) support to command line tools
+Implement authPassword (RFC 3112)
+Implement SASLprep (RFC 4013) for LDAP (draft-ietf-ldapbis-*)
+Implement additional matching rules (RFC 3698)
+Add dumpasn1 logging support
+Add tests to test suite
+Recode linked-list structs to use <ldap_queue.h> macros
+Convert utfconv.txt into man page(s).
+Update manual pages as needed.
+
+
+For additional TODO items, see:
+ http://www.openldap.org/its/index.cgi/Software%20Enhancements
+ http://www.openldap.org/its/index.cgi/Software%20Bugs
+
+
+JLDAP TODO items, see:
+ http://www.openldap.org/devel/cvsweb.cgi/~checkout~/design/todo.txt?rev=1&cvsroot=JLDAP
+
+---
+$OpenLDAP: pkg/ldap/doc/devel/todo,v 1.132.2.5 2006/02/12 03:19:48 kurt Exp $
Added: openldap/vendor/openldap-2.3.35/doc/devel/toolargs
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/devel/toolargs (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/devel/toolargs 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,27 @@
+Tools ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+slapacl D F U X b d f o uv
+slapadd F bcd f l n q tuvw
+slapauth F M R U X d f v
+slapcat F abcd f l n s v
+slapdn F N P d f v
+slapindex F bcd f n q v
+slappasswd T c h s uv
+slaptest F d f uv
+
+* General flags:
+ -F config directory
+ -U authcID
+ -X authzID
+ -b suffix (slapacl: entryDN)
+ -c continue mode
+ -d debug level
+ -f config file
+ -l LDIF file
+ -n database number
+ -q "quick" mode
+ -s subtree
+ -u dryrun (slappasswd: RFC2307 userPassword)
+ -v verbose
+
+---
+$Header$
Added: openldap/vendor/openldap-2.3.35/doc/devel/utfconv.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/devel/utfconv.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/devel/utfconv.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,291 @@
+ Dec 5, 2000
+ Dave Steck
+ Novell, Inc.
+
+ UTF-8 Conversion Functions
+
+
+1. Strings in the LDAP C SDK should be encoded in UTF-8 format.
+ However, most platforms do not provide APIs for converting to
+ this format. If they do, they are platform-specific.
+
+ As a result, most applications (knowingly or not) use local strings
+ with LDAP functions. This works fine for 7-bit ASCII characters,
+ but will fail with 8-bit European characters, Asian characters, etc.
+
+ We propose adding the following platform-independent conversion functions
+ to the OpenLDAP SDK. There are 4 functions for converting between UTF-8
+ and wide characters, and 4 functions for converting between UTF-8 and
+ multibyte characters.
+
+ For multibyte to UTF-8 conversions, charset translation is necessary.
+ While a full charset translator is not practical or appropriate for the
+ LDAP SDK, we can pass the translator function in as an argument.
+ A NULL for this argument will use the ANSI C functions mbtowc, mbstowcs,
+ wctomb, and wcstombs.
+
+2. UTF-8 <--> Wide Character conversions
+
+The following new conversion routines will be added, following the pattern of
+the ANSI C conversion routines (mbtowc, mbstowcs, etc). These routines use
+the wchar_t type. wchar_t is 2 bytes on some systems and 4 bytes on others.
+However the advantage of using wchar_t is that all the standard wide character
+string functions may be used on these strings: wcslen, wcscpy, etc.
+
+ int ldap_x_utf8_to_wc - Convert a single UTF-8 encoded character to a wide character.
+ int ldap_x_utf8s_to_wcs - Convert a UTF-8 string to a wide character string.
+ int ldap_x_wc_to_utf8 - Convert a single wide character to a UTF-8 sequence.
+ int ldap_x_wcs_to_utf8s - Convert a wide character string to a UTF-8 string.
+
+
+2.1 ldap_x_utf8_to_wc - Convert a single UTF-8 encoded character to a wide character.
+
+int ldap_x_utf8_to_wc ( wchar_t *wchar, const char *utf8char )
+
+ wchar (OUT) Points to a wide character code to receive the
+ converted character.
+
+ utf8char (IN) Address of the UTF8 sequence of bytes.
+
+Return Value:
+ If successful, the function returns the length in
+ bytes of the UTF-8 input character.
+
+ If utf8char is NULL or points to an empty string, the
+ function returns 1 and a NULL is written to wchar.
+
+ If utf8char contains an invalid UTF-8 sequence -1 is returned.
+
+
+2.2 ldap_x_utf8s_to_wcs - Convert a UTF-8 string to a wide character string.
+
+int ldap_x_utf8s_to_wcs (wchar_t *wcstr, const char *utf8str, size_t count)
+
+ wcstr (OUT) Points to a wide char buffer to receive the
+ converted wide char string. The output string will be
+ null terminated if there is space for it in the
+ buffer.
+
+ utf8str (IN) Address of the null-terminated UTF-8 string to convert.
+
+ count (IN) The number of UTF-8 characters to convert, or
+ equivalently, the size of the output buffer in wide
+ characters.
+
+Return Value:
+ If successful, the function returns the number of wide
+ characters written to wcstr, excluding the null termination
+ character, if any.
+
+ If wcstr is NULL, the function returns the number of wide
+ characters required to contain the converted string,
+ excluding the null termination character.
+
+ If an invalid UTF-8 sequence is encountered, the
+ function returns -1.
+
+ If the return value equals count, there was not enough space to fit the
+ string and the null terminator in the buffer.
+
+
+2.3 ldap_x_wc_to_utf8 - Convert a single wide character to a UTF-8 sequence.
+
+int ldap_x_wc_to_utf8 ( char *utf8char, wchar_t wchar, count )
+
+ utf8char (OUT) Points to a byte array to receive the converted UTF-8
+ string.
+
+ wchar (IN) The wide character to convert.
+
+ count (IN) The maximum number of bytes to write to the output
+ buffer. Normally set this to LDAP_MAX_UTF8_LEN, which
+ is defined as 3 or 6 depending on the size of wchar_t.
+ A partial character will not be written.
+
+Return Value:
+ If successful, the function returns the length in bytes of
+ the converted UTF-8 output character.
+
+ If wchar is NULL, the function returns 1 and a NULL is
+ written to utf8char.
+
+ If wchar cannot be converted to a UTF-8 character, the
+ function returns -1.
+
+
+2.4 int ldap_x_wcs_to_utf8s - Convert a wide character string to a UTF-8 string.
+
+int ldap_x_wcs_to_utf8s (char *utf8str, const wchar_t *wcstr, size_t count)
+
+ utf8str (OUT) Points to a byte array to receive the converted
+ UTF-8 string. The output string will be null
+ terminated if there is space for it in the
+ buffer.
+
+
+ wcstr (IN) Address of the null-terminated wide char string to convert.
+
+ count (IN) The size of the output buffer in bytes.
+
+Return Value:
+ If successful, the function returns the number of bytes
+ written to utf8str, excluding the null termination
+ character, if any.
+
+ If utf8str is NULL, the function returns the number of
+ bytes required to contain the converted string, excluding
+ the null termination character. The 'count' parameter is ignored.
+
+ If the function encounters a wide character that cannot
+ be mapped to a UTF-8 sequence, the function returns -1.
+
+ If the return value equals count, there was not enough space to fit
+ the string and the null terminator in the buffer.
+
+
+
+3. Multi-byte <--> UTF-8 Conversions
+
+These functions convert the string in a two-step process, from multibyte
+to Wide, then from Wide to UTF8, or vice versa. This conversion requires a
+charset translation routine, which is passed in as an argument.
+
+ ldap_x_mb_to_utf8 - Convert a multi-byte character to a UTF-8 character.
+ ldap_x_mbs_to_utf8s - Convert a multi-byte string to a UTF-8 string.
+ ldap_x_utf8_to_mb - Convert a UTF-8 character to a multi-byte character.
+ ldap_x_utf8s_to_mbs - Convert a UTF-8 string to a multi-byte string.
+
+3.1 ldap_x_mb_to_utf8 - Convert a multi-byte character to a UTF-8 character.
+
+int ldap_x_mb_to_utf8 ( char *utf8char, const char *mbchar, size_t mbsize, int (*f_mbtowc)(wchar_t *wchar, const char *mbchar, size_t count) )
+
+ utf8char (OUT) Points to a byte buffer to receive the converted
+ UTF-8 character. May be NULL. The output is not
+ null-terminated.
+
+ mbchar (IN) Address of a sequence of bytes forming a multibyte character.
+
+ mbsize (IN) The maximum number of bytes of the mbchar argument to
+ check. This should normally be MB_CUR_MAX.
+
+ f_mbtowc (IN) The function to use for converting a multibyte
+ character to a wide character. If NULL, the local
+ ANSI C routine mbtowc is used.
+
+Return Value:
+ If successful, the function returns the length in bytes of
+ the UTF-8 output character.
+
+ If utf8char is NULL, count is ignored and the funtion
+ returns the number of bytes that would be written to the
+ output char.
+
+ If count is zero, 0 is returned and nothing is written to
+ utf8char.
+
+ If mbchar is NULL or points to an empty string, the
+ function returns 1 and a null byte is written to utf8char.
+
+ If mbchar contains an invalid multi-byte character, -1 is returned.
+
+
+3.2 ldap_x_mbs_to_utf8s - Convert a multi-byte string to a UTF-8 string.
+
+int ldap_x_mbs_to_utf8s (char *utf8str, const char *mbstr, size_t count,
+ size_t (*f_mbstowcs)(wchar_t *wcstr, const char *mbstr, size_t count))
+
+utf8str (OUT) Points to a buffer to receive the converted UTF-8 string.
+ May be NULL.
+
+ mbchar (IN) Address of the null-terminated multi-byte input string.
+
+ count (IN) The size of the output buffer in bytes.
+
+ f_mbstowcs (IN) The function to use for converting a multibyte string
+ to a wide character string. If NULL, the local ANSI
+ C routine mbstowcs is used.
+
+Return Value:
+ If successful, the function returns the length in
+ bytes of the UTF-8 output string, excluding the null
+ terminator, if present.
+
+ If utf8str is NULL, count is ignored and the function
+ returns the number of bytes required for the output string,
+ excluding the NULL.
+
+ If count is zero, 0 is returned and nothing is written to utf8str.
+
+ If mbstr is NULL or points to an empty string, the
+ function returns 1 and a null byte is written to utf8str.
+
+ If mbstr contains an invalid multi-byte character, -1 is returned.
+
+ If the returned value is equal to count, the entire null-terminated
+ string would not fit in the output buffer.
+
+
+3.3 ldap_x_utf8_to_mb - Convert a UTF-8 character to a multi-byte character.
+
+int ldap_x_utf8_to_mb ( char *mbchar, const char *utf8char,
+ int (*f_wctomb)(char *mbchar, wchar_t wchar) )
+
+mbchar (OUT) Points to a byte buffer to receive the converted multi-byte
+ character. May be NULL.
+
+ utf8char (IN) Address of the UTF-8 character sequence.
+
+ f_wctomb (IN) The function to use for converting a wide character
+ to a multibyte character. If NULL, the local
+ ANSI C routine wctomb is used.
+
+
+Return Value:
+ If successful, the function returns the length in
+ bytes of the multi-byte output character.
+
+ If utf8char is NULL or points to an empty string, the
+ function returns 1 and a null byte is written to mbchar.
+
+ If utf8char contains an invalid UTF-8 sequence, -1 is returned.
+
+
+3.4 int ldap_x_utf8s_to_mbs - Convert a UTF-8 string to a multi-byte string.
+
+
+int ldap_x_utf8s_to_mbs ( char *mbstr, const char *utf8str, size_t count,
+ size_t (*f_wcstombs)(char *mbstr, const wchar_t *wcstr, size_t count) )
+
+ mbstr (OUT) Points to a byte buffer to receive the converted
+ multi-byte string. May be NULL.
+
+ utf8str (IN) Address of the null-terminated UTF-8 string to convert.
+
+ count (IN) The size of the output buffer in bytes.
+
+ f_wcstombs (IN) The function to use for converting a wide character
+ string to a multibyte string. If NULL, the local
+ ANSI C routine wcstombs is used.
+
+Return Value:
+ If successful, the function returns the number of bytes
+ written to mbstr, excluding the null termination
+ character, if any.
+
+ If mbstr is NULL, count is ignored and the funtion
+ returns the number of bytes required for the output string,
+ excluding the NULL.
+
+ If count is zero, 0 is returned and nothing is written to
+ mbstr.
+
+ If utf8str is NULL or points to an empty string, the
+ function returns 1 and a null byte is written to mbstr.
+
+ If an invalid UTF-8 character is encountered, the
+ function returns -1.
+
+The output string will be null terminated if there is space for it in
+the output buffer.
+
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/README
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,18 @@
+Internet-Drafts (I-Ds) are working documents of the Internet
+Engineering Task Force (IETF), its areas, its working groups, and
+individual contributors.
+
+I-Ds are only valid for a maximum of six months and may be updated,
+replaced, or obsoleted by other documents at any time. It is
+inappropriate to use I-Ds as reference material or to cite them
+other than as "work in progress."
+
+The OpenLDAP Project maintains copies of I-D for which we find
+interesting. Existance here does not necessarily imply any support
+nor any plans to support for the I-D. The I-Ds found in this
+directory may be stale, expired, or otherwise out of date.
+
+Please go to <http://www.ietf.org/> for latest revisions (and
+status).
+
+$OpenLDAP: pkg/ldap/doc/drafts/README,v 1.8 2003/12/07 06:54:38 kurt Exp $
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-behera-ldap-password-policy-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-behera-ldap-password-policy-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-behera-ldap-password-policy-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2298 @@
+
+
+
+
+Network Working Group J. Sermersheim
+Internet-Draft Novell, Inc
+Expires: January 18, 2006 L. Poitou
+ Sun Microsystems
+ July 17, 2005
+
+
+ Password Policy for LDAP Directories
+ draft-behera-ldap-password-policy-09.txt
+
+Status of this Memo
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as Internet-
+ Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt.
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ This Internet-Draft will expire on January 18, 2006.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2005).
+
+Abstract
+
+ Password policy as described in this document is a set of rules that
+ controls how passwords are used and administered in Lightweight
+ Directory Access Protocol (LDAP) based directories. In order to
+ improve the security of LDAP directories and make it difficult for
+ password cracking programs to break into directories, it is desirable
+ to enforce a set of rules on password usage. These rules are made to
+ ensure that users change their passwords periodically, passwords meet
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 1]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+ construction requirements, the re-use of old password is restricted,
+ and users are locked out after a certain number of failed attempts.
+
+Discussion Forum
+
+ Technical discussion of this document will take place on the IETF
+ LDAP Extensions mailing list <ldapext at ietf.org>. Please send
+ editorial comments directly to the authors.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 2]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+Table of Contents
+
+ 1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
+ 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 5
+ 3. Application of password policy . . . . . . . . . . . . . . . . 6
+ 4. Articles of password policy . . . . . . . . . . . . . . . . . 7
+ 4.1 Password Usage Policy . . . . . . . . . . . . . . . . . . . . 7
+ 4.2 Password Modification Policy . . . . . . . . . . . . . . . . . 7
+ 4.3 Restriction of the Password Policy . . . . . . . . . . . . . . 10
+ 5. Schema used for Password Policy . . . . . . . . . . . . . . . 11
+ 5.1 The pwdPolicy Object Class . . . . . . . . . . . . . . . . . . 11
+ 5.2 Attribute Types used in the pwdPolicy ObjectClass . . . . . . 11
+ 5.3 Attribute Types for Password Policy State Information . . . . 16
+ 6. Controls used for Password Policy . . . . . . . . . . . . . . 21
+ 6.1 Request Control . . . . . . . . . . . . . . . . . . . . . . . 21
+ 6.2 Response Control . . . . . . . . . . . . . . . . . . . . . . . 21
+ 7. Policy Decision Points . . . . . . . . . . . . . . . . . . . . 23
+ 7.1 Locked Account Check . . . . . . . . . . . . . . . . . . . . . 23
+ 7.2 Password Must be Changed Now Check . . . . . . . . . . . . . . 23
+ 7.3 Password Expiration Check . . . . . . . . . . . . . . . . . . 23
+ 7.4 Remaining Grace AuthN Check . . . . . . . . . . . . . . . . . 23
+ 7.5 Time Before Expiration Check . . . . . . . . . . . . . . . . . 24
+ 7.6 Intruder Detection Check . . . . . . . . . . . . . . . . . . . 24
+ 7.7 Password Too Young Check . . . . . . . . . . . . . . . . . . . 24
+ 8. Server Policy Enforcement Points . . . . . . . . . . . . . . . 25
+ 8.1 Password-based Authentication . . . . . . . . . . . . . . . . 25
+ 8.2 Password Update Operations . . . . . . . . . . . . . . . . . . 27
+ 8.3 Other Operations . . . . . . . . . . . . . . . . . . . . . . . 30
+ 9. Client Policy Enforcement Points . . . . . . . . . . . . . . . 31
+ 9.1 Bind Operation . . . . . . . . . . . . . . . . . . . . . . . . 31
+ 9.2 Modify Operations . . . . . . . . . . . . . . . . . . . . . . 32
+ 9.3 Add Operation . . . . . . . . . . . . . . . . . . . . . . . . 33
+ 9.4 Compare Operation . . . . . . . . . . . . . . . . . . . . . . 33
+ 9.5 Other Operations . . . . . . . . . . . . . . . . . . . . . . . 34
+ 10. Administration of the Password Policy . . . . . . . . . . . . 35
+ 11. Password Policy and Replication . . . . . . . . . . . . . . . 36
+ 12. Security Considerations . . . . . . . . . . . . . . . . . . . 37
+ 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 38
+ 14. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 39
+ 15. Normative References . . . . . . . . . . . . . . . . . . . . . 39
+ Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 40
+ Intellectual Property and Copyright Statements . . . . . . . . 41
+
+
+
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 3]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+1. Overview
+
+ LDAP-based directory services are currently accepted by many
+ organizations as the access protocol for directories. The ability to
+ ensure the secure read and update access to directory information
+ throughout the network is essential to the successful deployment.
+ Most LDAP implementations support many authentication schemes - the
+ most basic and widely used is the simple authentication i.e., user DN
+ and password. In this case, many LDAP servers have implemented some
+ kind of policy related to the password used to authenticate. Among
+ other things, this policy includes:
+
+ o Whether and when passwords expire.
+
+ o Whether failed bind attempts cause the account to be locked.
+
+ o If and how users are able to change their passwords.
+
+ In order to achieve greater security protection and ensure
+ interoperability in a heterogeneous environment, LDAP needs to
+ standardize on a common password policy model. This is critical to
+ the successful deployment of LDAP directories.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 4]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+2. Conventions
+
+ Imperative keywords defined in [RFC2119] are used in this document,
+ and carry the meanings described there.
+
+ All Basic Encoding Rules (BER) [X690] encodings follow the
+ conventions found in Section 5.1 of [RFC2251].
+
+ The term "password administrator" refers to a user that has
+ sufficient access control privileges to modify users' passwords. The
+ term "password policy administrator" refers to a user that has
+ sufficient access control privileges to modify the pwdPolicy object
+ defined in this document. The access control that is used to
+ determine whether an identity is a password administrator or password
+ policy administrator is beyond the scope of this document, but
+ typically implies that the password administrator has 'write'
+ privileges to the password attribute.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 5]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+3. Application of password policy
+
+ The password policy defined in this document can be applied to any
+ attribute holding a user's password used for an authenticated LDAP
+ bind operation. In this document, the term "user" represents any
+ LDAP client application that has an identity in the directory.
+
+ This policy is typically applied to the userPassword attribute in the
+ case of the LDAP simple authentication method [RFC2251] or the case
+ of password based SASL [RFC2222] authentication such as CRAM-MD5
+ [RFC2195] and DIGEST-MD5 [RFC2831].
+
+ The policy described in this document assumes that the password
+ attribute holds a single value. No considerations are made for
+ directories or systems that allow a user to maintain multi-valued
+ password attributes.
+
+ Server implementations MAY institute internal policy whereby certain
+ identities (such as directory administrators) are not forced to
+ comply with any of password policy. In this case, the password for a
+ directory administrator never expires; the account is never locked,
+ etc.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 6]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+4. Articles of password policy
+
+ The following sections explain in general terms each aspect of the
+ password policy defined in this document as well as the need for
+ each. These policies are subdivided into the general groups of
+ password usage and password modification. Implementation details are
+ presented in Section 8 and Section 9.
+
+4.1 Password Usage Policy
+
+ This section describes policy enforced when a password is used to
+ authenticate. The general focus of this policy is to minimize the
+ threat of intruders once a password is in use.
+
+4.1.1 Password Guessing Limit
+
+ In order to prevent intruders from guessing a user's password, a
+ mechanism exists to track the number of consecutive failed
+ authentication attempts, and take action when a limit is reached.
+ This policy consists of five parts:
+
+ o A configurable limit on failed authentication attempts.
+
+ o A counter to track the number of failed authentication attempts.
+
+ o A timeframe in which the limit of consecutive failed
+ authentication attempts must happen before action is taken.
+
+ o The action to be taken when the limit is reached. The action will
+ either be nothing, or the account will be locked.
+
+ o An amount of time the account is locked (if it is to be locked).
+ This can be indefinite.
+
+
+4.2 Password Modification Policy
+
+ This section describes policy enforced while users are modifying
+ passwords. The general focus of this policy is to ensure that when
+ users add or change their passwords, the security and effectiveness
+ of their passwords is maximized. In this document, the term "modify
+ password operation" refers to any operation that is used to add or
+ modify a password attribute. Often this is done by updating the
+ password attribute during an add or modify operation, but MAY be done
+ by other means such as an extended operation.
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 7]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+4.2.1 Password Expiration, Expiration Warning, and Grace
+ Authentications
+
+ One of the key properties of a password is the fact that it is not
+ well known. If a password is frequently changed, the chances of that
+ user's account being broken into are minimized.
+
+ Password policy administrators may deploy a password policy that
+ causes passwords to expire after a given amount of time - thus
+ forcing users to change their passwords periodically.
+
+ As a side effect, there needs to be a way in which users are made
+ aware of this need to change their password before actually being
+ locked out of their accounts. One or both of the following methods
+ handle this:
+
+ o A warning may be returned to the user sometime before his password
+ is due to expire. If the user fails to heed this warning before
+ the expiration time, his account will be locked.
+
+ o The user may bind to the directory a preset number of times after
+ her password has expired. If she fails to change her password
+ during one of her 'grace' authentications, her account will be
+ locked.
+
+
+4.2.2 Password History
+
+ When the Password Expiration policy is used, an additional mechanism
+ may be employed to prevent users from simply re-using a previous
+ password (as this would effectively circumvent the expiration
+ policy).
+
+ In order to do this; a history of used passwords is kept. The
+ password policy administrator sets the number of passwords to be
+ stored at any given time. Passwords are stored in this history
+ whenever the password is changed. Users aren't allowed to specify
+ any passwords that are in the history list while changing passwords.
+
+4.2.3 Password Minimum Age
+
+ Users may circumvent the Password History mechanism by quickly
+ performing a series of password changes. If they change their
+ password enough times, their 'favorite' password will be pushed out
+ of the history list.
+
+ This process may be made less attractive to users by employing a
+ minimum age for passwords. If users are forced to wait 24 hours
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 8]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+ between password changes, they may be less likely to cycle through a
+ history of 10 passwords.
+
+4.2.4 Password Quality and Minimum length
+
+ In order to prevent users from creating or updating passwords that
+ are easy to guess, a password quality policy may be employed. This
+ policy consists of two general mechanisms - ensuring that passwords
+ conform to a defined quality criterion and ensuring that they are of
+ a minimum length.
+
+ Forcing a password to comply with the quality policy may imply a
+ variety of things including:
+
+ o Disallowing trivial or well-known words make up the password.
+
+ o Forcing a certain number of digits be used.
+
+ o Disallowing anagrams of the user's name.
+
+ The implementation of this policy meets with the following problems:
+
+ o If the password to be added or updated is encrypted by the client
+ before being sent, the server has no way of enforcing this policy.
+ Therefore, the onus of enforcing this policy falls upon client
+ implementations.
+
+ o There are no specific definitions of what 'quality checking'
+ means. This can lead to unexpected behavior in a heterogeneous
+ environment.
+
+
+4.2.5 User Defined Passwords
+
+ In some cases, it is desirable to disallow users from adding and
+ updating their own passwords. This policy makes this functionality
+ possible.
+
+4.2.6 Password Change after Reset
+
+ This policy forces the user to update her password after it has been
+ set for the first time, or has been reset by a password
+ administrator.
+
+ This is needed in scenarios where a password administrator has set or
+ reset the password to a well-known value.
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 9]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+4.2.7 Safe Modification
+
+ As directories become more commonly used, it will not be unusual for
+ clients to connect to a directory and leave the connection open for
+ an extended period. This opens up the possibility for an intruder to
+ make modifications to a user's password while that user's computer is
+ connected but unattended.
+
+ This policy forces the user to prove his identity by specifying the
+ old password during a password modify operation.
+
+ {TODO: This allows a dictionary attack unless we specify that this is
+ also subject to intruder detection. One solution is to require users
+ to authN prior to changing password. Another solution is to perform
+ intruder detection checks when the password for a non-authenticated
+ identity is being updated}
+
+4.3 Restriction of the Password Policy
+
+ The password policy defined in this document can apply to any
+ attribute containing a password. Password policy state information
+ is held in the user's entry, and applies to a password attribute, not
+ a particular password attribute value. Thus the server SHOULD
+ enforce that the password attribute subject to password policy,
+ contains one and only one password value.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 10]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+5. Schema used for Password Policy
+
+ The schema elements defined here fall into two general categories. A
+ password policy object class is defined which contains a set of
+ administrative password policy attributes, and a set of operational
+ attributes are defined that hold general password policy state
+ information for each user.
+
+5.1 The pwdPolicy Object Class
+
+ This object class contains the attributes defining a password policy
+ in effect for a set of users. Section 10 describes the
+ administration of this object, and the relationship between it and
+ particular objects.
+
+ ( 1.3.6.1.4.1.42.2.27.8.2.1
+ NAME 'pwdPolicy'
+ SUP top
+ AUXILIARY
+ MUST ( pwdAttribute )
+ MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
+ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout
+ $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
+ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )
+
+
+5.2 Attribute Types used in the pwdPolicy ObjectClass
+
+ Following are the attribute types used by the pwdPolicy object class.
+
+5.2.1 pwdAttribute
+
+ This holds the name of the attribute to which the password policy is
+ applied. For example, the password policy may be applied to the
+ userPassword attribute.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.1
+ NAME 'pwdAttribute'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+
+5.2.2 pwdMinAge
+
+ This attribute holds the number of seconds that must elapse between
+ modifications to the password. If this attribute is not present, 0
+ seconds is assumed.
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 11]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.2
+ NAME 'pwdMinAge'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+
+5.2.3 pwdMaxAge
+
+ This attribute holds the number of seconds after which a modified
+ password will expire.
+
+ If this attribute is not present, or if the value is 0 the password
+ does not expire. If not 0, the value must be greater than or equal
+ to the value of the pwdMinAge.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.3
+ NAME 'pwdMaxAge'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+
+5.2.4 pwdInHistory
+
+ This attribute specifies the maximum number of used passwords stored
+ in the pwdHistory attribute.
+
+ If this attribute is not present, or if the value is 0, used
+ passwords are not stored in the pwdHistory attribute and thus may be
+ reused.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.4
+ NAME 'pwdInHistory'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+
+5.2.5 pwdCheckQuality
+
+ {TODO: Consider changing the syntax to OID. Each OID will list a
+ quality rule (like min len, # of special characters, etc). These
+ rules can be specified outside this document.}
+
+ {TODO: Note that even though this is meant to be a check that happens
+ during password modification, it may also be allowed to happen during
+ authN. This is useful for situations where the password is encrypted
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 12]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+ when modified, but decrypted when used to authN.}
+
+ This attribute indicates how the password quality will be verified
+ while being modified or added. If this attribute is not present, or
+ if the value is '0', quality checking will not be enforced. A value
+ of '1' indicates that the server will check the quality, and if the
+ server is unable to check it (due to a hashed password or other
+ reasons) it will be accepted. A value of '2' indicates that the
+ server will check the quality, and if the server is unable to verify
+ it, it will return an error refusing the password.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.5
+ NAME 'pwdCheckQuality'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+
+5.2.6 pwdMinLength
+
+ When quality checking is enabled, this attribute holds the minimum
+ number of characters that must be used in a password. If this
+ attribute is not present, no minimum password length will be
+ enforced. If the server is unable to check the length (due to a
+ hashed password or otherwise), the server will, depending on the
+ value of the pwdCheckQuality attribute, either accept the password
+ without checking it ('0' or '1') or refuse it ('2').
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.6
+ NAME 'pwdMinLength'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+
+5.2.7 pwdExpireWarning
+
+ This attribute specifies the maximum number of seconds before a
+ password is due to expire that expiration warning messages will be
+ returned to an authenticating user.
+
+ If this attribute is not present, or if the value is 0 no warnings
+ will be returned. If not 0, the value must be smaller than the value
+ of the pwdMaxAge attribute.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.7
+ NAME 'pwdExpireWarning'
+ EQUALITY integerMatch
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 13]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+
+5.2.8 pwdGraceAuthNLimit
+
+ This attribute specifies the number of times an expired password can
+ be used to authenticate. If this attribute is not present or if the
+ value is 0, authentication will fail.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.8
+ NAME 'pwdGraceAuthNLimit'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+
+5.2.9 pwdLockout
+
+ This attribute indicates, when its value is "TRUE", that the password
+ may not be used to authenticate after a specified number of
+ consecutive failed bind attempts. The maximum number of consecutive
+ failed bind attempts is specified in pwdMaxFailure.
+
+ If this attribute is not present, or if the value is "FALSE", the
+ password may be used to authenticate when the number of failed bind
+ attempts has been reached.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.9
+ NAME 'pwdLockout'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+
+5.2.10 pwdLockoutDuration
+
+ This attribute holds the number of seconds that the password cannot
+ be used to authenticate due to too many failed bind attempts. If
+ this attribute is not present, or if the value is 0 the password
+ cannot be used to authenticate until reset by a password
+ administrator.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.10
+ NAME 'pwdLockoutDuration'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 14]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+5.2.11 pwdMaxFailure
+
+ This attribute specifies the number of consecutive failed bind
+ attempts after which the password may not be used to authenticate.
+ If this attribute is not present, or if the value is 0, this policy
+ is not checked, and the value of pwdLockout will be ignored.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.11
+ NAME 'pwdMaxFailure'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+
+5.2.12 pwdFailureCountInterval
+
+ This attribute holds the number of seconds after which the password
+ failures are purged from the failure counter, even though no
+ successful authentication occurred.
+
+ If this attribute is not present, or if its value is 0, the failure
+ counter is only reset by a successful authentication.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.12
+ NAME 'pwdFailureCountInterval'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+
+5.2.13 pwdMustChange
+
+ This attribute specifies with a value of "TRUE" that users must
+ change their passwords when they first bind to the directory after a
+ password is set or reset by a password administrator. If this
+ attribute is not present, or if the value is "FALSE", users are not
+ required to change their password upon binding after the password
+ administrator sets or resets the password. This attribute is not set
+ due to any actions specified by this document, it is typically set by
+ a password administrator after resetting a user's password.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.13
+ NAME 'pwdMustChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 15]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+5.2.14 pwdAllowUserChange
+
+ This attribute indicates whether users can change their own
+ passwords, although the change operation is still subject to access
+ control. If this attribute is not present, a value of "TRUE" is
+ assumed. This attribute is intended to be used in the absense of an
+ access control mechanism.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.14
+ NAME 'pwdAllowUserChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+
+5.2.15 pwdSafeModify
+
+ This attribute specifies whether or not the existing password must be
+ sent along with the new password when being changed. If this
+ attribute is not present, a "FALSE" value is assumed.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.15
+ NAME 'pwdSafeModify'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+
+5.3 Attribute Types for Password Policy State Information
+
+ Password policy state information must be maintained for each user.
+ The information is located in each user entry as a set of operational
+ attributes. These operational attributes are: pwdChangedTime,
+ pwdAccountLockedTime, pwdFailureTime, pwdHistory, pwdGraceUseTime,
+ pwdReset, pwdPolicySubEntry.
+
+5.3.1 Password Policy State Attribute Option
+
+ Since the password policy could apply to several attributes used to
+ store passwords, each of the above operational attributes must have
+ an option to specify which pwdAttribute it applies to. The password
+ policy option is defined as the following:
+
+ pwd-<passwordAttribute>
+
+ where passwordAttribute a string following the OID syntax
+ (1.3.6.1.4.1.1466.115.121.1.38). The attribute type descriptor
+ (short name) MUST be used.
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 16]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+ For example, if the pwdPolicy object has for pwdAttribute
+ "userPassword" then the pwdChangedTime operational attribute, in a
+ user entry, will be:
+
+ pwdChangedTime;pwd-userPassword: 20000103121520Z
+
+ This attribute option follows sub-typing semantics. If a client
+ requests a password policy state attribute to be returned in a search
+ operation, and does not specify an option, all subtypes of that
+ policy state attribute are returned.
+
+5.3.2 pwdChangedTime
+
+ This attribute specifies the last time the entry's password was
+ changed. This is used by the password expiration policy. If this
+ attribute does not exist, the password will never expire.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.16
+ NAME 'pwdChangedTime'
+ DESC 'The time the password was last changed'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE
+ NO-USER-MODIFICATION
+ USAGE directoryOperation )
+
+
+5.3.3 pwdAccountLockedTime
+
+ This attribute holds the time that the user's account was locked. A
+ locked account means that the password may no longer be used to
+ authenticate. A 000001010000Z value means that the account has been
+ locked permanently, and that only a password administrator can unlock
+ the account.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.17
+ NAME 'pwdAccountLockedTime'
+ DESC 'The time an user account was locked'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE
+ NO-USER-MODIFICATION
+ USAGE directoryOperation )
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 17]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+5.3.4 pwdFailureTime
+
+ This attribute holds the timestamps of the consecutive authentication
+ failures.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.19
+ NAME 'pwdFailureTime'
+ DESC 'The timestamps of the last consecutive authentication
+ failures'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ NO-USER-MODIFICATION
+ USAGE directoryOperation )
+
+
+5.3.5 pwdHistory
+
+ This attribute holds a history of previously used passwords. Values
+ of this attribute are transmitted in string format as given by the
+ following ABNF:
+
+ pwdHistory = time "#" syntaxOID "#" length "#" data
+
+ time = <generalizedTimeString as specified in 6.14
+ of [RFC2252]>
+
+ syntaxOID = numericoid ; the string representation of the
+ ; dotted-decimal OID that defines the
+ ; syntax used to store the password.
+ ; numericoid is described in 4.1
+ ; of [RFC2252].
+
+ length = numericstring ; the number of octets in data.
+ ; numericstring is described in 4.1
+ ; of [RFC2252].
+
+ data = <octets representing the password in the format
+ specified by syntaxOID>.
+
+ This format allows the server to store, and transmit a history of
+ passwords that have been used. In order for equality matching to
+ function properly, the time field needs to adhere to a consistent
+ format. For this purpose, the time field MUST be in GMT format.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.20
+ NAME 'pwdHistory'
+ DESC 'The history of user s passwords'
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 18]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ NO-USER-MODIFICATION
+ USAGE directoryOperation )
+
+
+5.3.6 pwdGraceUseTime
+
+ This attribute holds the timestamps of grace authentications after a
+ password has expired.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.21
+ NAME 'pwdGraceUseTime'
+ DESC 'The timestamps of the grace authentication after the
+ password has expired'
+ EQUALITY generalizedTimeMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ NO-USER-MODIFICATION
+ USAGE directoryOperation )
+
+
+5.3.7 pwdReset
+
+ This attribute holds a flag to indicate (when TRUE) that the password
+ has been updated by the password administrator and must be changed by
+ the user.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.22
+ NAME 'pwdReset'
+ DESC 'The indication that the password has been reset'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE
+ USAGE directoryOperation )
+
+
+5.3.8 pwdPolicySubentry
+
+ This attribute points to the pwdPolicy subentry in effect for this
+ object.
+
+ ( 1.3.6.1.4.1.42.2.27.8.1.23
+ NAME 'pwdPolicySubentry'
+ DESC 'The pwdPolicy subentry in effect for this object'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE
+ NO-USER-MODIFICATION
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 19]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+ USAGE directoryOperation )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 20]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+6. Controls used for Password Policy
+
+ This section details the controls used while enforcing password
+ policy. A request control is defined that is sent by a client with a
+ request operation in order to elicit a response control. The
+ response control contains various warnings and errors associated with
+ password policy.
+
+ {TODO: add a note about advertisement and discovery}
+
+6.1 Request Control
+
+ This control MAY be sent with any LDAP request message in order to
+ convey to the server that this client is aware of, and can process
+ the response control described in this document. When a server
+ receives this control, it will return the response control when
+ appropriate and with the proper data.
+
+ The controlType is 1.3.6.1.4.1.42.2.27.8.5.1 and the criticality may
+ be TRUE or FALSE. There is no controlValue.
+
+6.2 Response Control
+
+ If the client has sent a passwordPolicyRequest control, the server
+ (when solicited by the inclusion of the request control) sends this
+ control with the following operation responses: bindResponse,
+ modifyResponse, addResponse, compareResponse and possibly
+ extendedResponse, to inform of various conditions, and MAY be sent
+ with other operations (in the case of the changeAfterReset error).
+ The controlType is 1.3.6.1.4.1.42.2.27.8.5.1 and the controlValue is
+ the BER encoding of the following type:
+
+ PasswordPolicyResponseValue ::= SEQUENCE {
+ warning [0] CHOICE {
+ timeBeforeExpiration [0] INTEGER (0 .. maxInt),
+ graceAuthNsRemaining [1] INTEGER (0 .. maxInt) } OPTIONAL,
+ error [1] ENUMERATED {
+ passwordExpired (0),
+ accountLocked (1),
+ changeAfterReset (2),
+ passwordModNotAllowed (3),
+ mustSupplyOldPassword (4),
+ insufficientPasswordQuality (5),
+ passwordTooShort (6),
+ passwordTooYoung (7),
+ passwordInHistory (8) } OPTIONAL }
+
+ The timeBeforeExpiration warning specifies the number of seconds
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 21]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+ before a password will expire. The graceAuthNsRemaining warning
+ specifies the remaining number of times a user will be allowed to
+ authenticate with an expired password. The passwordExpired error
+ signifies that the password has expired and must be reset. The
+ changeAfterReset error signifies that the password must be changed
+ before the user will be allowed to perform any operation other than
+ bind and modify. The passwordModNotAllowed error is set when a user
+ is restricted from changing her password. The
+ insufficientPasswordQuality error is set when a password doesn't pass
+ quality checking. The passwordTooYoung error is set if the age of
+ the password to be modified is not yet old enough.
+
+ Typically, only either a warning or an error will be encoded though
+ there may be exceptions. For example, if the user is required to
+ change a password after the password administrator set it, and the
+ password will expire in a short amount of time, the control may
+ include the timeBeforeExpiration warning and the changeAfterReset
+ error.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 22]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+7. Policy Decision Points
+
+ Following are a number of procedures used to make policy decisions.
+ These procedures are typically performed by the server while
+ processing an operation.
+
+ The following sections contain detailed instructions that refer to
+ attributes of the pwdPolicy object class. When doing so, the
+ attribute of the pwdPolicy object that governs the entry being
+ discussed is implied.
+
+7.1 Locked Account Check
+
+ A status of true is returned to indicate that the account is locked
+ if any of these conditions are met:
+
+ o The value of the pwdAccountLockedTime attribute is 000001010000Z.
+
+ o The current time is less than the value of the
+ pwdAccountLockedTime attribute added to the value of the
+ pwdLockoutDuration.
+
+ Otherwise a status of false is returned.
+
+7.2 Password Must be Changed Now Check
+
+ A status of true is returned to indicate that the account is locked
+ if all of these conditions are met:
+
+ The pwdMustChange attribute is set to TRUE.
+
+ The pwdReset attribute is set to TRUE.
+
+ Otherwise a status of false is returned.
+
+7.3 Password Expiration Check
+
+ A status of true is returned indicating that the password has expired
+ if the current time minus the value of pwdChangedTime is greater than
+ the value of the pwdMaxAge.
+
+ Otherwise, a status of false is returned.
+
+7.4 Remaining Grace AuthN Check
+
+ If the pwdGraceUseTime attribute is present, the number of values in
+ that attribute subtracted from the value of pwdGraceAuthNLimit is
+ returned. Otherwise zero is returned. A positive result specifies
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 23]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+ the number of remaining grace authentications.
+
+7.5 Time Before Expiration Check
+
+ If the pwdExpireWarning attribute is not present a zero status is
+ returned. Otherwise the following steps are followed:
+
+ Subtract the time stored in pwdChangedTime from the current time to
+ arrive at the password's age. If the password's age is greater than
+ than the value of the pwdMaxAge attribute, a zero status is returned.
+ Subtract the value of the pwdExpireWarning attribute from the value
+ of the pwdMaxAge attribute to arrive at the warning age. If the
+ password's age is equal to or greater than the warning age, the value
+ of pwdMaxAge minus the password's age is returned.
+
+7.6 Intruder Detection Check
+
+ A status of true indicating that an intruder has been detected is
+ returned if the following conditions are met:
+
+ The pwdLockout attribute is TRUE.
+
+ The number of values in the pwdFailureTime attribute that are
+ younger than pwdFailureCountInterval is greater or equal to the
+ pwdMaxFailure attribute.
+
+ Otherwise a status of false is returned.
+
+ While performing this check, values of pwdFailureTime that are old by
+ more than pwdFailureCountInterval are purged and not counted.
+
+7.7 Password Too Young Check
+
+ A status of true indicating that not enough time has passed since the
+ password was last updated is returned if:
+
+ The value of pwdMinAge is non-zero and pwdChangedTime is present.
+
+ The value of pwdMinAge is greater than the current time minus the
+ value of pwdChangedTime.
+
+ Otherwise a false status is returned.
+
+
+
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 24]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+8. Server Policy Enforcement Points
+
+ The server SHOULD enforce that the password attribute subject to a
+ password policy as defined in this document, contains one and only
+ one password value.
+
+ The scenarios in the following operations assume that the client has
+ attached a passwordPolicyRequest control to the request message of
+ the operation. In the event that the passwordPolicyRequest control
+ was not sent, no passwordPolicyResponse control is returned. All
+ other instructions remain the same.
+
+ For successfuly completed operations, unless otherwise stated, no
+ passwordPolicyResponse control is returned.
+
+8.1 Password-based Authentication
+
+ This section contains the policy enforcement rules and policy data
+ updates used while validating a password. Operations that validate
+ passwords include, but are not limited to, the Bind operation where
+ the simple choice specifies a password, and the compare operation
+ where the attribute being compared holds a password. Note that while
+ the compare operation does not authenticate a user to the LDAP
+ server, it may be used by an external application for purposes of
+ authentication.
+
+8.1.1 Fail if the account is locked
+
+ If the account is locked as specified in Section 7.1, the server
+ fails the operation with an appropriate resultCode (i.e.
+ invalidCredentials (49) in the case of a bind operation, compareFalse
+ (5) in the case of a compare operation, etc.). The server MAY set
+ the error: accountLocked (1) in the passwordPolicyResponse in the
+ controls field of the message.
+
+8.1.2 Validated Password Procedures
+
+ If the validation operation indicates that the password validated,
+ these procedures are followed in order:
+
+8.1.2.1 Policy state updates
+
+ Delete the pwdFailureTime and pwdAccountLockedTime attributes.
+
+8.1.2.2 Password must be changed now
+
+ If the decision in Section 7.2 returns true, the server sends to the
+ client a response with an appropriate successful resultCode (i.e.
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 25]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+ success (0), compareTrue (6), etc.), and includes the
+ passwordPolicyResponse in the controls field of the bindResponse
+ message with the warning: changeAfterReset specified.
+
+ For bind, the server MUST then disallow all operations issued by this
+ user except modify password, bind, unbind, abandon and StartTLS
+ extended operation.
+
+8.1.2.3 Expired password
+
+ If the password has expired as per Section 7.3, the server either
+ returns a success or failure based on the state of grace
+ authentications.
+
+8.1.2.3.1 Remaining Grace Authentications
+
+ If there are remaining grace authentications as per Section 7.4, the
+ server adds a new value with the current time in pwdGraceUseTime.
+ Then it sends to the client a response with an appropriate successful
+ resultCode (i.e. success (0), compareTrue (6), etc.), and includes
+ the passwordPolicyResponse in the controls field of the response
+ message with the warning: graceAuthNsRemaining choice set to the
+ number of grace authentications left.
+
+ Implementor's note: The system time of the host machine may be more
+ granular than is needed to ensure unique values of this attribute.
+ It is recommended that a mechanism is used to ensure unique
+ generalized time values. The fractional seconds field may be used
+ for this purpose.
+
+8.1.2.3.2 No Remaining Grace Authentications
+
+ If there are no remaining grace authentications, the server fails the
+ operation with an appropriate resultCode (invalidCredentials (49),
+ compareFalse (5), etc.), and includes the passwordPolicyResponse in
+ the controls field of the bindResponse message with the error:
+ passwordExpired (0) set.
+
+8.1.2.4 Expiration Warning
+
+ If the result of Section 7.5 is a positive number, the server sends
+ to the client a response with an appropriate successful resultCode
+ (i.e. success (0), compareTrue (6), etc.), and includes the
+ passwordPolicyResponse in the controls field of the bindResponse
+ message with the warning: timeBeforeExiration set to the value as
+ described above. Otherwise, the server sends a successful response,
+ and omits the passwordPolicyResponse.
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 26]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+8.1.2.5 AuthN Failed Procedures
+
+ If the authentication process indicates that the password failed
+ validation due to invalid credentials, these procedures are followed:
+
+8.1.2.5.1 Policy state update
+
+ Add the current time as a value of the pwdFailureTime attribute.
+
+ Implementor's note: The system time of the host machine may be more
+ granular than is needed to ensure unique values of this attribute.
+ It is recommended that a mechanism is used to ensure unique
+ generalized time values. The fractional seconds field may be used
+ for this purpose.
+
+8.1.2.5.2 Lock on intruder detection
+
+ If the check in Section 7.6 returns a true state, the server locks
+ the account by setting the value of the pwdAccountLockedTime
+ attribute to the current time. After locking the account, the server
+ fails the operation with an appropriate resultCode
+ (invalidCredentials (49), compareFalse (5), etc.), and includes the
+ passwordPolicyResponse in the controls field of the message with the
+ error: accountLocked (1).
+
+8.2 Password Update Operations
+
+ Because the password is stored in an attribute, various operations
+ (like add and modify) may be used to create or update a password.
+ But some alternate mechanisms have been defined or may be defined,
+ such as the LDAP Password Modify Extended Operation [RFC3062].
+
+ While processing a password update, the server performs the following
+ steps:
+
+8.2.1 Safe Modification
+
+ If pwdSafeModify is set to TRUE and if there is an existing password
+ value, the server ensures that the password update operation includes
+ the user's existing password.
+
+ When the LDAP modify operation is used to modify a password, this is
+ done by specifying both a delete action and an add or replace action,
+ where the delete action specifies the existing password, and the add
+ or replace action specifies the new password. Other password update
+ operations SHOULD employ a similar mechanism. Otherwise this policy
+ will fail.
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 27]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+ If the existing password is not specified, the server does not
+ process the operation and sends the appropriate response message to
+ the client with the resultCode: insufficientAccessRights (50), and
+ includes the passwordPolicyResponse in the controls field of the
+ response message with the error: mustSupplyOldPassword (4).
+
+8.2.2 Change After Reset
+
+ If the decision in Section 7.2 returns true, the server ensures that
+ the password update operation contains no modifications other than
+ the modification of the password attribute. If other modifications
+ exist, the server sends a response message to the client with the
+ resultCode: insufficientAccessRights (50), and includes the
+ passwordPolicyResponse in the controls field of the response message
+ with the error: changeAfterReset (2).
+
+8.2.3 Rights Check
+
+ Check to see whether the bound identity has sufficient rights to
+ update the password. If the bound identity is a user changing its
+ own password, this MAY be done by checking the pwdAllowUserChange
+ attribute or using an access control mechanism. The determination of
+ this is implementation specific. If the user is not allowed to
+ update her password, the server sends a response message to the
+ client with the resultCode: insufficientAccessRights (50), and
+ includes the passwordPolicyResponse in the controls field of the
+ response message with the error: passwordModNotAllowed (3).
+
+8.2.4 Too Early to Update
+
+ If the check in Section 7.7 results in a true status The server sends
+ a response message to the client with the resultCode:
+ constraintViolation (19), and includes the passwordPolicyResponse in
+ the controls field of the response message with the error:
+ passwordTooYoung (7).
+
+8.2.5 Password Quality
+
+ Check the value of the pwdCheckQuality attribute. If the value is
+ non-zero, the server:
+
+ o Ensure that the password meets the quality criteria enforced by
+ the server. This enforcement is implementation specific.
+ If the server is unable to check the quality (due to a hashed
+ password or otherwise), the value of pwdCheckQuality is evaluated.
+ If the value is 1, operation continues. If the value is 2, the
+ server sends a response message to the client with the resultCode:
+ constraintViolation (19), and includes the passwordPolicyResponse
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 28]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+ in the controls field of the response message with the error:
+ insufficientPasswordQuality (5).
+ If the server is able to check the password quality, and the check
+ fails, the server sends a response message to the client with the
+ resultCode: constraintViolation (19), and includes the
+ passwordPolicyResponse in the controls field of the response
+ message with the error: insufficientPasswordQuality (5).
+
+ o checks the value of the pwdMinLength attribute. If the value is
+ non-zero, it ensures that the new password is of at least the
+ minimum length.
+ If the server is unable to check the length (due to a hashed
+ password or otherwise), the value of pwdCheckQuality is evaluated.
+ If the value is 1, operation continues. If the value is 2, the
+ server sends a response message to the client with the resultCode:
+ constraintViolation (19), and includes the passwordPolicyResponse
+ in the controls field of the response message with the error:
+ passwordTooShort (6).
+ If the server is able to check the password length, and the check
+ fails, the server sends a response message to the client with the
+ resultCode: constraintViolation (19), and includes the
+ passwordPolicyResponse in the controls field of the response
+ message with the error: passwordTooShort (6).
+
+
+8.2.6 Invalid Reuse
+
+ If pwdInHistory is present and its value is non-zero, the server
+ checks whether this password exists in the entry's pwdHistory
+ attribute or in the current password attribute. If the password does
+ exist in the pwdHistory attribute or in the current password
+ attribute, the server sends a response message to the client with the
+ resultCode: constraintViolation (19), and includes the
+ passwordPolicyResponse in the controls field of the response message
+ with the error: passwordInHistory (8).
+
+8.2.7 Policy State Updates
+
+ If the steps have completed without causing an error condition, the
+ server performs the following steps in order to update the necessary
+ password policy state attributes:
+
+ If the value of either pwdMaxAge or pwdMinAge is non-zero, the server
+ updates the pwdChangedTime attribute on the entry to the current
+ time.
+
+ If the value of pwdInHistory is non-zero, the server adds the
+ previous password (if one existed) to the pwdHistory attribute. If
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 29]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+ the number of attributes held in the pwdHistory attribute exceeds the
+ value of pwdInHistory, the server removes the oldest excess
+ passwords.
+
+ If the value the pwdMustChange is TRUE and the modification is
+ performed by a password administrator, then the pwdReset attribute is
+ set to TRUE. Otherwise, the pwdReset is removed from the user's
+ entry if it exists.
+
+ The pwdFailureTime and pwdGraceUseTime attributes is removed from the
+ user's entry if they exist.
+
+8.3 Other Operations
+
+ For operations other than bind, password update, unbind, abandon or
+ StartTLS, if the decision in Section 7.2 returns true, the server
+ sends a response message to the client with the resultCode:
+ insufficientAccessRights (50), and includes the
+ passwordPolicyResponse in the controls field of the response message
+ with the error: changeAfterReset (2).
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 30]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+9. Client Policy Enforcement Points
+
+ These sections illustrate possible scenarios for each LDAP operation
+ and define the types of responses that identify those scenarios.
+
+ The scenarios in the following operations assume that the client
+ attached a passwordPolicyRequest control to the request message of
+ the operation, and thus may receive a passwordPolicyResponse control
+ in the response message. In the event that the passwordPolicyRequest
+ control was not sent, no passwordPolicyResponse control is returned.
+ All other instructions remain the same.
+
+9.1 Bind Operation
+
+ For every bind response received, the client checks the resultCode of
+ the bindResponse and checks for a passwordPolicyResponse control to
+ determine if any of the following conditions are true and MAY prompt
+ the user accordingly.
+
+ o bindResponse.resultCode = insufficientAccessRights (50),
+ passwordPolicyResponse.error = accountLocked (1): The password
+ failure limit has been reached and the account is locked. The
+ user needs to retry later or contact the password administrator to
+ reset the password.
+
+ o bindResponse.resultCode = success (0),
+ passwordPolicyResponse.error = changeAfterReset (2): The user is
+ binding for the first time after the password administrator set
+ the password. In this scenario, the client SHOULD prompt the user
+ to change his password immediately.
+
+ o bindResponse.resultCode = success (0),
+ passwordPolicyResponse.warning = graceAuthNsRemaining: The
+ password has expired but there are remaining grace
+ authentications. The user needs to change it.
+
+ o bindResponse.resultCode = invalidCredentials (49),
+ passwordPolicyResponse.error = passwordExpired (0): The password
+ has expired and there are no more grace authentications. The user
+ contacts the password administrator in order to have its password
+ reset.
+
+ o bindResponse.resultCode = success (0),
+ passwordPolicyResponse.warning = timeBeforeExpiration: The user's
+ password will expire in n number of seconds.
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 31]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+9.2 Modify Operations
+
+9.2.1 Modify Request
+
+ If the application or client encrypts the password prior to sending
+ it in a password modification operation (whether done through
+ modifyRequest or another password modification mechanism), it SHOULD
+ check the values of the pwdMinLength, and pwdCheckQuality attributes
+ and SHOULD enforce these policies.
+
+9.2.2 Modify Response
+
+ If the modifyRequest operation was used to change the password, or if
+ another mechanism is used --such as an extendedRequest-- the
+ modifyResponse or other appropriate response MAY contain information
+ pertinent to password policy. The client checks the resultCode of
+ the response and checks for a passwordPolicyResponse control to
+ determine if any of the following conditions are true and optionally
+ notify the user of the condition.
+
+ o <pwdModResponse>.resultCode = insufficientAccessRights (50),
+ passwordPolicyResponse.error = mustSupplyOldPassword (4): The user
+ attempted to change her password without specifying the old
+ password but the password policy requires this.
+
+ o <pwdModResponse>.resultCode = insufficientAccessRights (50),
+ passwordPolicyResponse.error = changeAfterReset (2): The user must
+ change her password before submitting any other LDAP requests.
+
+ o <pwdModResponse>.resultCode = insufficientAccessRights (50),
+ passwordPolicyResponse.error = passwordModNotAllowed (3): The user
+ doesn't have sufficient rights to change his password.
+
+ o <pwdModResponse>.resultCode = constraintViolation (19),
+ passwordPolicyResponse.error = passwordTooYoung (7): It is too
+ soon after the last password modification to change the password.
+
+ o <pwdModResponse>.resultCode = constraintViolation (19),
+ passwordPolicyResponse.error = insufficientPasswordQuality (5):
+ The password failed quality checking.
+
+ o <pwdModResponse>.resultCode = constraintViolation (19),
+ passwordPolicyResponse.error = passwordTooShort (6): The length of
+ the password is too short.
+
+ o <pwdModResponse>.resultCode = constraintViolation (19),
+ passwordPolicyResponse.error = passwordInHistory (8): The password
+ has already been used; the user must choose a different one.
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 32]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+9.3 Add Operation
+
+ If a password is specified in an addRequest, the client checks the
+ resultCode of the addResponse and checks for a passwordPolicyResponse
+ control to determine if any of the following conditions are true and
+ may prompt the user accordingly.
+
+ o addResponse.resultCode = insufficientAccessRights (50),
+ passwordPolicyResponse.error = passwordModNotAllowed (3): The user
+ doesn't have sufficient rights to add this password.
+
+ o addResponse.resultCode = constraintViolation (19),
+ passwordPolicyResponse.error = insufficientPasswordQuality (5):
+ The password failed quality checking.
+
+ o addResponse.resultCode = constraintViolation (19),
+ passwordPolicyResponse.error = passwordTooShort (6): The length of
+ the password is too short.
+
+
+9.4 Compare Operation
+
+ When a compare operation is used to compare a password, the client
+ checks the resultCode of the compareResponse and checks for a
+ passwordPolicyResponse to determine if any of the following
+ conditions are true and MAY prompt the user accordingly. These
+ conditions assume that the result of the comparison was true.
+
+ o compareResponse.resultCode = compareFalse (5),
+ passwordPolicyResponse.error = accountLocked (1): The password
+ failure limit has been reached and the account is locked. The
+ user needs to retry later or contact the password administrator to
+ reset the password.
+
+ o compareResponse.resultCode = compareTrue (6),
+ passwordPolicyResponse.warning = graceAuthNsRemaining: The
+ password has expired but there are remaining grace
+ authentications. The user needs to change it.
+
+ o compareResponse.resultCode = compareFalse (5),
+ passwordPolicyResponse.error = passwordExpired (0): The password
+ has expired and there are no more grace authentications. The user
+ must contact the password administrator to reset the password.
+
+ o compareResponse.resultCode = compareTrue (6),
+ passwordPolicyResponse.warning = timeBeforeExpiration: The user's
+ password will expire in n number of seconds.
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 33]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+9.5 Other Operations
+
+ For operations other than bind, unbind, abandon or StartTLS, the
+ client checks the following result code and control to determine if
+ the user needs to change the password immediately.
+
+ o <Response>.resultCode = insufficientAccessRights (50),
+ passwordPolicyResponse.error = : changeAfterReset (2)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 34]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+10. Administration of the Password Policy
+
+ {TODO: Need to define an administrativeRole (need OID). Need to
+ describe whether pwdPolicy admin areas can overlap}
+
+ A password policy is defined for a particular subtree of the DIT by
+ adding to an LDAP subentry whose immediate superior is the root of
+ the subtree, the pwdPolicy auxiliary object class. The scope of the
+ password policy is defined by the SubtreeSpecification attribute of
+ the LDAP subentry as specified in [RFC3672].
+
+ It is possible to define password policies for different password
+ attributes within the same pwdPolicy entry, by specifying multiple
+ values of the pwdAttribute. But password policies could also be in
+ separate sub entries as long as they are contained under the same
+ LDAP subentry.
+
+ Modifying the password policy MUST NOT result in any change in users'
+ entries to which the policy applies.
+
+ It SHOULD be possible to overwrite the password policy for one user
+ by defining a new policy in a subentry of the user entry.
+
+ Each object that is controlled by password policy advertises the
+ subentry that is being used to control its policy in its
+ pwdPolicySubentry attribute. Clients wishing to examine or manage
+ password policy for an object may interrogate the pwdPolicySubentry
+ for that object in order to arrive at the proper pwdPolicy subentry.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 35]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+11. Password Policy and Replication
+
+ {TODO: This section needs to be changed to highlight the pitfals of
+ replication, sugest some implementation choices to overcome those
+ pitfals, but remove prescriptive language relating to the update of
+ state information}
+
+ The pwdPolicy object defines the password policy for a portion of the
+ DIT and MUST be replicated on all the replicas of this subtree, as
+ any subentry would be, in order to have a consistent policy among all
+ replicated servers.
+
+ The elements of the password policy that are related to the users are
+ stored in the entry themselves as operational attributes. As these
+ attributes are subject to modifications even on a read-only replica,
+ replicating them must be carefully considered.
+
+ The pwdChangedTime attribute MUST be replicated on all replicas, to
+ allow expiration of the password.
+
+ The pwdReset attribute MUST be replicated on all replicas, to deny
+ access to operations other than bind and modify password.
+
+ The pwdHistory attribute MUST be replicated to writable replicas. It
+ doesn't have to be replicated to a read-only replica, since the
+ password will never be directly modified on this server.
+
+ The pwdAccountLockedTime, pwdFailureTime and pwdGraceUseTime
+ attributes MUST be replicated to writable replicas, making the
+ password policy global for all servers. When the user entry is
+ replicated to a read-only replica, these attributes SHOULD NOT be
+ replicated. This means that the number of failures, of grace
+ authentications and the locking will take place on each replicated
+ server. For example, the effective number of failed attempts on a
+ user password will be N x M (where N is the number of servers and M
+ the value of pwdMaxFailure attribute). Replicating these attributes
+ to a read-only replica MAY reduce the number of tries globally but
+ MAY also introduce some inconstancies in the way the password policy
+ is applied.
+
+ Servers participating in a loosely consistent multi-master
+ replication agreement SHOULD employ a mechanism which ensures
+ uniqueness of values when populating the attributes pwdFailureTime
+ and pwdGraceUseTime. The method of achieving this is a local matter
+ and may consist of using a single authoritative source for the
+ generation of unique time values, or may consist of the use of the
+ fractional seconds part to hold a replica identifier.
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 36]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+12. Security Considerations
+
+ This document defines a set of rules to implement in an LDAP server,
+ in order to mitigate some of the security risks associated with the
+ use of passwords and to make it difficult for password cracking
+ programs to break into directories.
+
+ Authentication with a password MUST follow the recommendations made
+ in [RFC2829].
+
+ Modifications of passwords SHOULD only occur when the connection is
+ protected with confidentiality and secure authentication.
+
+ Access controls SHOULD be used to restrict access to the password
+ policy attributes. The attributes defined to maintain the password
+ policy state information SHOULD only be modifiable by the password
+ administrator or higher authority. The pwdHistory attribute MUST be
+ subject to the same level of access control as the attrbute holding
+ the password.
+
+ As it is possible to define a password policy for one specific user
+ by adding a subentry immediately under the user's entry, Access
+ Controls SHOULD be used to restrict the use of the pwdPolicy object
+ class or the LDAP subentry object class.
+
+ When the intruder detection password policy is enforced, the LDAP
+ directory is subject to a denial of service attack. A malicious user
+ could deliberately lock out one specific user's account (or all of
+ them) by sending bind requests with wrong passwords. There is no way
+ to protect against this kind of attack. The LDAP directory server
+ SHOULD log as much information as it can (such as client IP address)
+ whenever an account is locked, in order to be able to identify the
+ origin of the attack. Denying anonymous access to the LDAP directory
+ is also a way to restrict this kind of attack.
+
+ Returning certain status codes (such as passwordPolicyResponse.error
+ = accountLocked) allows a denial of service attacker to know that it
+ has successfully denied service to an account. Servers SHOULD
+ implement additional checks which return the same status when it is
+ sensed that some number of failed authentication requests has occured
+ on a single connection, or from a client address. Server
+ implementors are encouraged to invent other checks similar to this in
+ order to thwart this type of DoS attack.
+
+
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 37]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+13. IANA Considerations
+
+ <<<TBD>>>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 38]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+14. Acknowledgement
+
+ This document is based in part on prior work done by Valerie Chu from
+ Netscape Communications Corp, published as
+ draft-vchu-ldap-pwd-policy-00.txt (December 1998). Prasanta Behera
+ participated in early revisions of this document.
+
+15. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC2195] Klensin, J., Catoe, R., and P. Krumviede, "IMAP/POP
+ AUTHorize Extension for Simple Challenge/Response",
+ RFC 2195, September 1997.
+
+ [RFC2222] Myers, J., "Simple Authentication and Security Layer
+ (SASL)", RFC 2222, October 1997.
+
+ [RFC2251] Wahl, M., Howes, T., and S. Kille, "Lightweight Directory
+ Access Protocol (v3)", RFC 2251, December 1997.
+
+ [RFC2252] Wahl, M., Coulbeck, A., Howes, T., and S. Kille,
+ "Lightweight Directory Access Protocol (v3): Attribute
+ Syntax Definitions", RFC 2252, December 1997.
+
+ [RFC2829] Wahl, M., Alvestrand, H., Hodges, J., and R. Morgan,
+ "Authentication Methods for LDAP", RFC 2829, May 2000.
+
+ [RFC2831] Leach, P. and C. Newman, "Using Digest Authentication as a
+ SASL Mechanism", RFC 2831, May 2000.
+
+ [RFC3062] Zeilenga, K., "LDAP Password Modify Extended Operation",
+ RFC 3062, February 2001.
+
+ [RFC3383] Zeilenga, K., "Internet Assigned Numbers Authority (IANA)
+ Considerations for the Lightweight Directory Access
+ Protocol (LDAP)", BCP 64, RFC 3383, September 2002.
+
+ [RFC3672] Zeilenga, K., "Subentries in the Lightweight Directory
+ Access Protocol (LDAP)", RFC 3672, December 2003.
+
+ [X680] International Telecommunications Union, "Abstract Syntax
+ Notation One (ASN.1): Specification of basic notation",
+ ITU-T Recommendation X.680, July 2002.
+
+ [X690] International Telecommunications Union, "Information
+ Technology - ASN.1 encoding rules: Specification of Basic
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 39]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+ Encoding Rules (BER), Canonical Encoding Rules (CER) and
+ Distinguished Encoding Rules (DER)", ITU-T Recommendation
+ X.690, July 2002.
+
+
+Authors' Addresses
+
+ Jim Sermersheim
+ Novell, Inc
+ 1800 South Novell Place
+ Provo, Utah 84606
+ USA
+
+ Phone: +1 801 861-3088
+ Email: jimse at novell.com
+
+
+ Ludovic Poitou
+ Sun Microsystems
+ 180, Avenue de l'Europe
+ Zirst de Montbonnot, 38334 Saint Ismier cedex
+ France
+
+ Phone: +33 476 188 212
+ Email: ludovic.poitou at sun.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 40]
+�
+Internet-Draft Password Policy for LDAP Directories July 2005
+
+
+Intellectual Property Statement
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+Disclaimer of Validity
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+Copyright Statement
+
+ Copyright (C) The Internet Society (2005). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+
+Acknowledgment
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+Sermersheim & Poitou Expires January 18, 2006 [Page 41]
+�
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-chu-ldap-csn-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-chu-ldap-csn-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-chu-ldap-csn-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,424 @@
+
+
+
+
+
+
+INTERNET-DRAFT Howard Y. Chu
+Intended Category: Standard Track Symas Corporation
+Expires in six months 1 December 2004
+
+
+ Change Sequence Numbers for LDAP
+ <draft-chu-ldap-csn-00.txt>
+
+
+Status of this Memo
+
+ This document is an Internet-Draft and is in full conformance with all
+ provisions of Section 10 of RFC2026.
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor as an Standard Track document.
+ Distribution of this memo is unlimited. Technical discussion of this
+ document will take place on the IETF LDAP Extensions mailing list
+ <ldapext at ietf.org>. Please send editorial comments directly to the
+ author <Kurt at OpenLDAP.org>.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as ``work in progress.''
+
+ The list of current Internet-Drafts can be accessed at
+ <http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
+ Internet-Draft Shadow Directories can be accessed at
+ <http://www.ietf.org/shadow.html>.
+
+ Copyright (C) The Internet Society (2004). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+Abstract
+
+ This document describes the LDAP/X.500 Change Sequence Number 'CSN'
+ syntax and matching rules and associated attributes. CSNs are used
+ to impose a total ordering upon the sequence of updates applied
+ to a directory.
+
+
+
+
+Chu draft-chu-ldap-csn-00 [Page 1]
+�
+INTERNET-DRAFT LDAP CSN 1 December 2004
+
+
+1. Background and Intended Use
+
+ In X.500 Directory Services [X.501], updates to a directory may need
+ to be distributed to multiple servers. The 'modifyTimeStamp' is already
+ defined for recording the time of an update, but it may be inadequate in
+ an environment where multiple servers with loosely synchronized clocks
+ are interoperating.
+
+ This document describes the 'CSN' syntax which augments a timestamp with
+ additional information to assist in coordinating updates among multiple
+ directory servers. This document describes the 'entryCSN' operational
+ attribute which carries the CSN of the last update applied to an entry
+ and also the 'contextCSN' operational attribute which carries the
+ greatest CSN of all updates applied to a directory context. Directory
+ clients and servers may use these attributes to assist in synchronizing
+ shadowed copies of directory information.
+
+ This document describes the 'csnMatch' and 'csnOrderingMatch' matching
+ rules corresponding to the 'CSN' syntax.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+ Schema definitions are provided using LDAP description formats
+ [RFC2252]. Definitions provided here are formatted (line wrapped) for
+ readability.
+
+
+2. CSN Schema Elements
+
+2.1 CSN Syntax
+
+ Values in this syntax are encoded according to the following BNF:
+
+ CSN = timestamp '#' operation-counter '#' replica-id
+
+ timestamp = <generalizedTimeString as specified in 6.14 of [RFC2252]>
+
+ operation-counter = 6hex-digit
+
+ replica-id = 2hex-digit
+
+ The timestamp SHALL use GMT and SHALL NOT include fractional seconds.
+
+ The operation-counter is set to zero at the start of each second, and
+ incremented by one for each update operation that occurs within that
+ second.
+
+ The replica-id is an identifier that represents a specific Replica in
+ a collection of cooperating servers.
+
+ The following is a LDAP syntax description [RFC2252] suitable for
+ publication in the subschema.
+
+ ( IANA-ASSIGNED-OID.1 DESC 'CSN' )
+
+
+
+
+
+Chu draft-chu-ldap-csn-00 [Page 2]
+�
+INTERNET-DRAFT LDAP CSN 1 December 2004
+
+
+2.2 'csnMatch' Matching Rule
+
+ The 'csnMatch' matching rule compares an asserted CSN with a stored
+ CSN for equality. Its semantics are same as the octetStringMatch
+ [X.520][RFC2252] matching rule.
+
+ The following is a LDAP matching rule description [RFC2252] suitable
+ for publication in the subschema.
+
+ ( IANA-ASSIGNED-OID.2 NAME 'csnMatch'
+ SYNTAX IANA-ASSIGNED-OID.1 )
+
+
+2.3 'csnOrderingMatch' Matching Rule
+
+ The 'csnOrderingMatch' matching rule compares an asserted CSN
+ with a stored CSN for ordering. Its semantics are the same as the
+ octetStringOrderingMatch [X.520][RFC2252] matching rule.
+
+ The following is a LDAP matching rule description [RFC2252] suitable
+ for publication in the subschema.
+
+ ( IANA-ASSIGNED-OID.3 NAME 'csnOrderingMatch'
+ SYNTAX IANA-ASSIGNED-OID.1 )
+
+
+2.4. 'entryCSN' attribute
+
+ The 'entryCSN' operational attribute provides the CSN of the last
+ update applied to the entry.
+
+ The following is a LDAP attribute type description [RFC2252] suitable
+ for publication in the subschema.
+
+ ( IANA-ASSIGNED-OID.4 NAME 'entryCSN'
+ DESC 'CSN of the entry content'
+ EQUALITY csnMatch
+ ORDERING csnOrderingMatch
+
+
+
+Chu draft-chu-ldap-csn-00 [Page 3]
+�
+INTERNET-DRAFT LDAP CSN 1 December 2004
+
+
+ SYNTAX IANA-ASSIGNED-OID.1
+ SINGLE-VALUE
+ NO-USER-MODIFICATION
+ USAGE directoryOperation )
+
+ Servers SHALL assign a CSN to each entry upon its addition to the
+ directory and provide the entry's CSN as the value of the
+ 'entryCSN' operational attribute. The entryCSN attribute SHOULD be
+ updated upon every update of the entry.
+
+2.5. 'contextCSN' attribute
+
+ The 'contextCSN' operational attribute provides the greatest CSN of
+ all the updates applied to a context.
+
+ The following is a LDAP attribute type description [RFC2252] suitable
+ for publication in the subschema.
+
+ ( IANA-ASSIGNED-OID.5 NAME 'contextCSN'
+ DESC 'the largest committed CSN of a context'
+ EQUALITY csnMatch
+ ORDERING csnOrderingMatch
+ SYNTAX IANA-ASSIGNED-OID.1
+ SINGLE-VALUE
+ NO-USER-MODIFICATION
+ USAGE directoryOperation )
+
+ Servers SHALL record the greatest CSN of all updates applied to a
+ context in the root entry of the context.
+
+
+3. Security Considerations
+
+
+ General LDAP security considerations [RFC3377] apply.
+
+
+4. IANA Considerations
+
+4.1. Object Identifier Registration
+
+ It is requested that IANA register upon Standards Action an LDAP
+ Object Identifier for use in this technical specification.
+
+ Subject: Request for LDAP OID Registration
+ Person & email address to contact for further information:
+ Howard Chu <hyc at symas.com>
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+ Identifies the CSN schema elements
+
+
+4.2. Registration of the csnMatch descriptor
+
+ It is requested that IANA register upon Standards Action the LDAP
+ 'csnMatch' descriptor.
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): csnMatch
+ Object Identifier: IANA-ASSIGNED-OID.2
+ Person & email address to contact for further information:
+ Howard Chu <hyc at symas.com>
+ Usage: Matching Rule
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+
+
+
+Chu draft-chu-ldap-csn-00 [Page 4]
+�
+INTERNET-DRAFT LDAP CSN 1 December 2004
+
+
+4.3. Registration of the csnOrderingMatch descriptor
+
+ It is requested that IANA register upon Standards Action the LDAP
+ 'csnOrderingMatch' descriptor.
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): csnOrderingMatch
+ Object Identifier: IANA-ASSIGNED-OID.3
+ Person & email address to contact for further information:
+ Howard Chu <hyc at symas.com>
+ Usage: Matching Rule
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+
+4.4. Registration of the entryCSN descriptor
+
+ It is requested that IANA register upon Standards Action the LDAP
+ 'entryCSN' descriptor.
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): entryCSN
+ Object Identifier: IANA-ASSIGNED-OID.4
+ Person & email address to contact for further information:
+ Howard Chu <hyc at symas.com>
+ Usage: Attribute Type
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+
+4.5. Registration of the contextCSN descriptor
+
+ It is requested that IANA register upon Standards Action the LDAP
+ 'contextCSN' descriptor.
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): contextCSN
+ Object Identifier: IANA-ASSIGNED-OID.5
+ Person & email address to contact for further information:
+ Howard Chu <hyc at symas.com>
+ Usage: Attribute Type
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+
+5. Acknowledgments
+
+ This document is based on prior work from the IETF LDUP working
+ group including the LDAP Replication Architecture [LDUPMODEL]
+ and the LDAP Content Synchronization Operation [LDUPSYNC].
+
+
+6. Author's Addresses
+
+ Howard Y. Chu
+ Symas Corporation
+ <hyc at symas.com>
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+ <Kurt at OpenLDAP.org>
+
+
+7. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+
+
+Chu draft-chu-ldap-csn-00 [Page 5]
+�
+INTERNET-DRAFT LDAP CSN 1 December 2004
+
+
+ [RFC2252] Wahl, M., A. Coulbeck, T. Howes, and S. Kille,
+ "Lightweight Directory Access Protocol (v3): Attribute
+ Syntax Definitions", RFC 2252, December 1997.
+
+ [RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access
+ Protocol (v3): Technical Specification", RFC 3377,
+ September 2002.
+
+ [X.501] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
+
+ [X.520] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The
+ Directory: Selected Attribute Types", X.520(1993) (also
+ ISO/IEC 9594-6:1994).
+
+ [X.680] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Abstract
+ Syntax Notation One (ASN.1) - Specification of Basic
+ Notation", X.680(1997) (also ISO/IEC 8824-1:1998).
+
+ [LDUPSYNC] Zeilenga, K. and Choi, J-H "LDAP Content Synchronization
+ Operation", draft-zeilenga-ldup-sync-05.txt, a work in
+ progress.
+
+
+8. Informative References
+
+ [RFC3383] Zeilenga, K., "IANA Considerations for LDAP", BCP 64
+ (also RFC 3383), September 2002.
+
+ [LDUPMODEL] Merrellls, J., Srinivasan, U., and Reed, E., "LDAP
+ Replication Architecture", draft-ietf-ldup-model-09.txt.
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+
+
+
+Chu draft-chu-ldap-csn-00 [Page 6]
+�
+INTERNET-DRAFT LDAP CSN 1 December 2004
+
+
+ intellectual property or other rights that might be claimed to pertain
+ to the implementation or use of the technology described in this
+ document or the extent to which any license under such rights might or
+ might not be available; neither does it represent that it has made any
+ effort to identify any such rights. Information on the IETF's
+ procedures with respect to rights in standards-track and
+ standards-related documentation can be found in BCP-11. Copies of
+ claims of rights made available for publication and any assurances of
+ licenses to be made available, or the result of an attempt made to
+ obtain a general license or permission for the use of such proprietary
+ rights by implementors or users of this specification can be obtained
+ from the IETF Secretariat.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights which may cover technology that may be required to practice
+ this standard. Please address the information to the IETF Executive
+ Director.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2004). All Rights Reserved.
+
+ This document and translations of it may be copied and furnished to
+ others, and derivative works that comment on or otherwise explain it
+ or assist in its implmentation may be prepared, copied, published and
+ distributed, in whole or in part, without restriction of any kind,
+ provided that the above copyright notice and this paragraph are
+ included on all such copies and derivative works. However, this
+ document itself may not be modified in any way, such as by removing
+ the copyright notice or references to the Internet Society or other
+ Internet organizations, except as needed for the purpose of
+ developing Internet standards in which case the procedures for
+ copyrights defined in the Internet Standards process must be followed,
+ or as required to translate it into languages other than English.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Chu draft-chu-ldap-csn-00 [Page 7]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-authmeth-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-authmeth-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-authmeth-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1937 @@
+
+INTERNET-DRAFT Editor: R. Harrison
+draft-ietf-ldapbis-authmeth-19.txt Novell, Inc.
+Obsoletes: 2251, 2829, 2830 February 2006
+Intended Category: Standards Track
+
+
+
+
+
+
+
+ LDAP: Authentication Methods
+ and
+ Security Mechanisms
+
+Status of this Memo
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor as a Standard Track document.
+ Distribution of this memo is unlimited. Technical discussion of
+ this document will take place on the IETF LDAP Revision Working
+ Group mailing list <ietf-ldapbis at OpenLDAP.org>. Please send
+ editorial comments directly to the author
+ <roger_harrison at novell.com>.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as Internet-
+ Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six
+ months and may be updated, replaced, or obsoleted by other documents
+ at any time. It is inappropriate to use Internet-Drafts as
+ reference material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+Abstract
+
+ This document describes authentication methods and security
+ mechanisms of the Lightweight Directory Access Protocol (LDAP).
+
+
+
+Harrison Expires August 2006 [Page 1]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ This document details establishment of Transport Layer Security
+ (TLS) using the StartTLS operation.
+
+ This document details the simple Bind authentication method
+ including anonymous, unauthenticated, and name/password mechanisms
+ and the Simple Authentication and Security Layer (SASL) Bind
+ authentication method including the EXTERNAL mechanism.
+
+ This document discusses various authentication and authorization
+ states through which a session to an LDAP server may pass and the
+ actions that trigger these state changes.
+
+ This document, together with other documents in the LDAP Technical
+ Specification (see section 1 of [Roadmap]), obsoletes RFC 2251, RFC
+ 2829 and RFC 2830.
+
+Table of Contents
+
+ 1. Introduction.....................................................3
+ 1.1. Relationship to Other Documents................................5
+ 1.2. Conventions....................................................6
+ 2. Implementation Requirements......................................7
+ 3. StartTLS Operation...............................................7
+ 3.1. TLS Establishment Procedures...................................7
+ 3.1.1. StartTLS Request Sequencing..................................8
+ 3.1.2. Client Certificate...........................................8
+ 3.1.3. Server Identity Check........................................8
+ 3.1.3.1. Comparison of DNS Names...................................10
+ 3.1.3.2. Comparison of IP Addresses................................10
+ 3.1.3.3. Comparison of other subjectName types.....................10
+ 3.1.4. Discovery of Resultant Security Level.......................10
+ 3.1.5. Refresh of Server Capabilities Information..................11
+ 3.2. Effect of TLS on Authorization State..........................11
+ 3.3. TLS Ciphersuites..............................................11
+ 4. Authorization State.............................................12
+ 5. Bind Operation..................................................13
+ 5.1. Simple Authentication Method..................................13
+ 5.1.1. Anonymous Authentication Mechanism of Simple Bind...........13
+ 5.1.2. Unauthenticated Authentication Mechanism of Simple Bind.....13
+ 5.1.3. Name/Password Authentication Mechanism of Simple Bind.......14
+ 5.2. SASL Authentication Method....................................15
+ 5.2.1. SASL Protocol Profile.......................................15
+ 5.2.1.1. SASL Service Name for LDAP................................15
+ 5.2.1.2. SASL Authentication Initiation and Protocol Exchange......15
+ 5.2.1.3. Optional Fields...........................................16
+ 5.2.1.4. Octet Where Negotiated Security Layers Take Effect........17
+ 5.2.1.5. Determination of Supported SASL Mechanisms................17
+ 5.2.1.6. Rules for Using SASL Layers...............................17
+ 5.2.1.7. Support for Multiple Authentications......................18
+ 5.2.1.8. SASL Authorization Identities.............................18
+ 5.2.2. SASL Semantics Within LDAP..................................19
+
+Harrison Expires August 2006 [Page 2]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ 5.2.3. SASL EXTERNAL Authentication Mechanism......................19
+ 5.2.3.1. Implicit Assertion........................................19
+ 5.2.3.2. Explicit Assertion........................................20
+ 6. Security Considerations.........................................20
+ 6.1. General LDAP Security Considerations..........................20
+ 6.2. StartTLS Security Considerations..............................21
+ 6.3. Bind Operation Security Considerations........................21
+ 6.3.1. Unauthenticated Mechanism Security Considerations...........21
+ 6.3.2. Name/Password Mechanism Security Considerations.............22
+ 6.3.3. Password-related Security Considerations....................22
+ 6.3.4. Hashed Password Security Considerations.....................23
+ 6.4.SASL Security Considerations...................................23
+ 6.5. Related Security Considerations...............................23
+ 7. IANA Considerations.............................................24
+ 8. Acknowledgments.................................................24
+ 9. Normative References............................................24
+ 10. Informative References.........................................25
+ Author's Address...................................................26
+ Appendix A. Authentication and Authorization Concepts..............26
+ A.1. Access Control Policy.........................................26
+ A.2. Access Control Factors........................................26
+ A.3. Authentication, Credentials, Identity.........................27
+ A.4. Authorization Identity........................................27
+ Appendix B. Summary of Changes.....................................27
+ B.1. Changes Made to RFC 2251......................................28
+ B.1.1. Section 4.2.1 (Sequencing of the Bind Request)..............28
+ B.1.2. Section 4.2.2 (Authentication and Other Security Services)..28
+ B.2. Changes Made to RFC 2829......................................28
+ B.2.1. Section 4 (Required security mechanisms)....................29
+ B.2.2. Section 5.1 (Anonymous authentication procedure)............29
+ B.2.3. Section 6 (Password-based authentication)...................29
+ B.2.4. Section 6.1 (Digest authentication).........................29
+ B.2.5. Section 6.2 ("simple" authentication choice with TLS).......29
+ B.2.6. Section 6.3 (Other authentication choices with TLS).........29
+ B.2.7. Section 7.1 (Certificate-based authentication with TLS).....30
+ B.2.8. Section 8 (Other mechanisms)................................30
+ B.2.9. Section 9 (Authorization identity)..........................30
+ B.2.10. Section 10 (TLS Ciphersuites)..............................30
+ B.3. Changes Made to RFC 2830: ....................................30
+ B.3.1. Section 3.6 (Server Identity Check).........................30
+ B.3.2. Section 3.7 (Refresh of Server Capabilities Information)....31
+ B.3.3. Section 5.2 (Effects of TLS on Authorization Identity)......31
+ B.3.4. Section 5.1.1 (TLS Closure Effects).........................31
+ Appendix C. Changes for draft-ldapbis-authmeth-19..................31
+ Intellectual Property Rights.......................................32
+ Full Copyright Statement...........................................33
+
+
+1. Introduction
+
+
+Harrison Expires August 2006 [Page 3]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ The Lightweight Directory Access Protocol (LDAP) [Roadmap] is a
+ powerful protocol for accessing directories. It offers means of
+ searching, retrieving and manipulating directory content and ways to
+ access a rich set of security functions.
+
+ It is vital that these security functions be interoperable among all
+ LDAP clients and servers on the Internet; therefore there has to be
+ a minimum subset of security functions that is common to all
+ implementations that claim LDAP conformance.
+
+ Basic threats to an LDAP directory service include (but are not
+ limited to):
+
+ (1) Unauthorized access to directory data via data-retrieval
+ operations.
+
+ (2) Unauthorized access to directory data by monitoring access of
+ others.
+
+ (3) Unauthorized access to reusable client authentication
+ information by monitoring access of others.
+
+ (4) Unauthorized modification of directory data.
+
+ (5) Unauthorized modification of configuration information.
+
+ (6) Denial of Service: Use of resources (commonly in excess) in a
+ manner intended to deny service to others.
+
+ (7) Spoofing: Tricking a user or client into believing that
+ information came from the directory when in fact it did not,
+ either by modifying data in transit or misdirecting the client's
+ transport connection. Tricking a user or client into sending
+ privileged information to a hostile entity that appears to be
+ the directory server but is not. Tricking a directory server
+ into believing that information came from a particular client
+ when in fact it came from a hostile entity.
+
+ (8) Hijacking: An attacker seizes control of an established protocol
+ session.
+
+ Threats (1), (4), (5), (6), (7) are (8) are active attacks. Threats
+ (2) and (3) are passive attacks.
+
+ Threats (1), (4), (5) and (6) are due to hostile clients. Threats
+ (2), (3), (7) and (8) are due to hostile agents on the path between
+ client and server or hostile agents posing as a server, e.g., IP
+ spoofing.
+
+ LDAP offers the following security mechanisms:
+
+
+
+
+
+Harrison Expires August 2006 [Page 4]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ (1) Authentication by means of the Bind operation. The Bind
+ operation provides a simple method which supports anonymous,
+ unauthenticated, and name/password mechanisms, and the Simple
+ Authentication and Security Layer (SASL) method which supports a
+ wide variety of authentication mechanisms.
+
+ (2) Mechanisms to support vendor-specific access control facilities
+ (LDAP does not offer a standard access control facility).
+
+ (3) Data integrity service by means of security layers in Transport
+ Layer Security (TLS) or SASL mechanisms.
+
+ (4) Data confidentiality service by means of security layers in TLS
+ or SASL mechanisms.
+
+ (5) Server resource usage limitation by means of administrative
+ limits configured on the server.
+
+ (6) Server authentication by means of the TLS protocol or SASL
+ mechanisms.
+
+ LDAP may also be protected by means outside the LDAP protocol, e.g.,
+ with IP-level security [RFC4301].
+
+ Experience has shown that simply allowing implementations to pick
+ and choose the security mechanisms that will be implemented is not a
+ strategy that leads to interoperability. In the absence of
+ mandates, clients will continue to be written that do not support
+ any security function supported by the server, or worse, they will
+ only support mechanisms that provide inadequate security for most
+ circumstances.
+
+ It is desirable to allow clients to authenticate using a variety of
+ mechanisms including mechanisms where identities are represented as
+ distinguished names [X.501][Models] in string form [LDAPDN] or as
+ used in different systems (e.g., simple user names [RFC4013]).
+ Because some authentication mechanisms transmit credentials in plain
+ text form, and/or do not provide data security services and/or are
+ subject to passive attacks, it is necessary to ensure secure
+ interoperability by identifying a mandatory-to-implement mechanism
+ for establishing transport-layer security services.
+
+ The set of security mechanisms provided in LDAP and described in
+ this document is intended to meet the security needs for a wide
+ range of deployment scenarios and still provide a high degree of
+ interoperability among various LDAP implementations and deployments.
+
+1.1. Relationship to Other Documents
+
+ This document is an integral part of the LDAP Technical
+ Specification [Roadmap].
+
+
+
+
+Harrison Expires August 2006 [Page 5]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ This document, together with [Roadmap], [Protocol], and [Models],
+ obsoletes RFC 2251 in its entirety. Sections 4.2.1 (portions), and
+ 4.2.2 of RFC 2251 are obsoleted by this document. Appendix B.1
+ summarizes the substantive changes made to RFC 2251 by this document.
+
+ This document obsoletes RFC 2829 in its entirety. Appendix B.2
+ summarizes the substantive changes made to RFC 2829 by this document.
+
+ Sections 2 and 4 of RFC 2830 are obsoleted by [Protocol]. The
+ remainder of RFC 2830 is obsoleted by this document. Appendix B.3
+ summarizes the substantive changes made to RFC 2830 by this document.
+
+
+1.2. Conventions
+
+ The key words "MUST", "MUST NOT", "SHALL", "SHOULD", "SHOULD NOT",
+ "MAY", and "OPTIONAL" in this document are to be interpreted as
+ described in RFC 2119 [RFC2119].
+
+ The term "user" represents any human or application entity which is
+ accessing the directory using a directory client. A directory
+ client (or client) is also known as a directory user agent (DUA).
+
+ The term "transport connection" refers to the underlying transport
+ services used to carry the protocol exchange, as well as
+ associations established by these services.
+
+ The term "TLS layer" refers to TLS services used in providing
+ security services, as well as associations established by these
+ services.
+
+ The term "SASL layer" refers to SASL services used in providing
+ security services, as well as associations established by these
+ services.
+
+ The term "LDAP message layer" refers to the LDAP Message (PDU)
+ services used in providing directory services, as well as
+ associations established by these services.
+
+ The term "LDAP session" refers to combined services (transport
+ connection, TLS layer, SASL layer, LDAP message layer) and their
+ associations.
+
+ In general, security terms in this document are used consistently
+ with the definitions provided in [RFC2828]. In addition, several
+ terms and concepts relating to security, authentication, and
+ authorization are presented in Appendix A of this document. While
+ the formal definition of these terms and concepts is outside the
+ scope of this document, an understanding of them is prerequisite to
+ understanding much of the material in this document. Readers who
+ are unfamiliar with security-related concepts are encouraged to
+ review Appendix A before reading the remainder of this document.
+
+
+
+Harrison Expires August 2006 [Page 6]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+2. Implementation Requirements
+
+ LDAP server implementations MUST support the anonymous
+ authentication mechanism of the simple Bind method (section 5.1.1).
+
+ LDAP implementations that support any authentication mechanism other
+ than the anonymous authentication mechanism of the simple Bind
+ method MUST support the name/password authentication mechanism of
+ the simple Bind method (section 5.1.3) and MUST be capable of
+ protecting this name/password authentication using TLS as
+ established by the StartTLS operation (section 3).
+
+ Implementations SHOULD disallow the use of the name/password
+ authentication mechanism by default when suitable data security
+ services are not in place, and MAY provide other suitable data
+ security services for use with this authentication mechanism.
+
+ Implementations MAY support additional authentication mechanisms.
+ Some of these mechanisms are discussed below.
+
+ LDAP server implementations SHOULD support client assertion of
+ authorization identity via the SASL EXTERNAL mechanism (section
+ 5.2.3).
+
+ LDAP server implementations that support no authentication mechanism
+ other than the anonymous mechanism of the simple bind method SHOULD
+ support use of TLS as established by the the StartTLS operation
+ (section 3). (Other servers MUST support TLS per the second
+ paragraph of this section.)
+
+ Implementations supporting TLS MUST support the
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA ciphersuite and SHOULD support the
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA ciphersuite. Support for the
+ latter ciphersuite is recommended to encourage interoperability with
+ implementations conforming to earlier LDAP StartTLS specifications.
+
+
+3. StartTLS Operation
+
+ The Start Transport Layer Security (StartTLS) operation defined in
+ section 4.14 of [Protocol] provides the ability to establish TLS
+ [TLS] in an LDAP session.
+
+ The goals of using the TLS [TLS] protocol with LDAP are to ensure
+ data confidentiality and integrity, and to optionally provide for
+ authentication. TLS expressly provides these capabilities, although
+ the authentication services of TLS are available to LDAP only in
+ combination with the SASL EXTERNAL authentication method (see
+ section 5.2.3), and then only if the SASL EXTERNAL implementation
+ chooses to make use of the TLS credentials.
+
+
+3.1. TLS Establishment Procedures
+
+
+Harrison Expires August 2006 [Page 7]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ This section describes the overall procedures clients and servers
+ must follow for TLS establishment. These procedures take into
+ consideration various aspects of the TLS layer including discovery
+ of resultant security level and assertion of the client's
+ authorization identity.
+
+
+3.1.1. StartTLS Request Sequencing
+
+ A client may send the StartTLS extended request at any time after
+ establishing an LDAP session, except:
+
+ - when TLS is currently established on the session,
+ - when a multi-stage SASL negotiation is in progress on the
+ session, or
+ - when there are outstanding responses for operation requests
+ previously issued on the session.
+
+ As described in [Protocol] Section 4.14.1, a (detected) violation of
+ any of these requirements results in a return of the operationsError
+ resultCode.
+
+ Client implementers should ensure that they strictly follow these
+ operation sequencing requirements to prevent interoperability
+ issues. Operational experience has shown that violating these
+ requirements causes interoperability issues because there are race
+ conditions that prevent servers from detecting some violations of
+ these requirements due to factors such as server hardware speed and
+ network latencies.
+
+ There is no general requirement that the client have or have not
+ already performed a Bind operation (section 5) before sending a
+ StartTLS operation request, however where a client intends to
+ perform both a Bind operation and a StartTLS operation, it SHOULD
+ first perform the StartTLS operation so that the Bind request and
+ response messages are protected by the data security services
+ established by the StartTLS operation.
+
+
+3.1.2. Client Certificate
+
+ If an LDAP server requests or demands that a client provide a user
+ certificate during TLS negotiation and the client does not present a
+ suitable user certificate (e.g., one that can be validated), the
+ server may use a local security policy to determine whether to
+ successfully complete TLS negotiation.
+
+ If a client that has provided a suitable certificate subsequently
+ performs a Bind operation using the SASL EXTERNAL authentication
+ mechanism (section 5.2.3), information in the certificate may be
+ used by the server to identify and authenticate the client.
+
+
+3.1.3. Server Identity Check
+
+Harrison Expires August 2006 [Page 8]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+
+ In order to prevent man-in-the-middle attacks the client MUST verify
+ the server's identity (as presented in the server's Certificate
+ message). In this section, the client's understanding of the
+ server's identity (typically the identity used to establish the
+ transport connection) is called the "reference identity".
+
+ The client determines the type (e.g., DNS name or IP address) of the
+ reference identity and performs a comparison between the reference
+ identity and each subjectAltName value of the corresponding type
+ until a match is produced. Once a match is produced, the server's
+ identity has been verified and the server identity check is
+ complete. Different subjectAltName types are matched in different
+ ways. Sections 3.1.3.1 - 3.1.3.3 explain how to compare values of
+ various subjectAltName types.
+
+ The client may map the reference identity to a different type prior
+ to performing a comparison. Mappings may be performed for all
+ available subjectAltName types to which the reference identity can
+ be mapped, however the reference identity should only be mapped to
+ types for which the mapping is either inherently secure (e.g.,
+ extracting the DNS name from a URI to compare with a subjectAltName
+ of type dNSName) or for which the mapping is performed in a secure
+ manner (e.g., using DNSSec, or using user- (or admin-) configured
+ host-to-address/address-to-host lookup tables).
+
+ The server's identity may also be verified by comparing the
+ reference identity to the Common Name (CN) [Schema] value in the
+ leaf RDN of the subjectName field of the server's certificate. This
+ comparison is performed using the rules for comparison of DNS names
+ in section 3.1.3.1 below, with the exception that no wildcard
+ matching is allowed. Although the use of the Common Name value is
+ existing practice, it is deprecated and Certification Authorities
+ are encouraged to provide subjectAltName values instead. Note that
+ the TLS implementation may represent DNs in certificates according
+ to X.500 or other conventions. For example, some X.500
+ implementations order the RDNs in a DN using a left-to-right (most
+ significant to least significant) convention instead of LDAP's
+ right-to-left convention.
+
+ If the server identity check fails, user-oriented clients SHOULD
+ either notify the user (clients may give the user the opportunity to
+ continue with the LDAP session in this case) or close the transport
+ connection and indicate that the server's identity is suspect.
+ Automated clients SHOULD close the transport connection and then
+ return or log an error indicating that the server's identity is
+ suspect or both.
+
+ Beyond the server identity check described in this section, clients
+ should be prepared to do further checking to ensure that the server
+ is authorized to provide the service it is requested to provide.
+ The client may need to make use of local policy information in
+ making this determination.
+
+
+Harrison Expires August 2006 [Page 9]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+
+3.1.3.1. Comparison of DNS Names
+
+ If the reference identity is an internationalized domain name,
+ conforming implementations MUST convert it to the ASCII Compatible
+ Encoding (ACE) format as specified in section 4 of RFC 3490
+ [RFC3490] before comparison with subjectAltName values of type
+ dNSName. Specifically, conforming implementations MUST perform the
+ conversion operation specified in section 4 of RFC 3490 as follows:
+
+ * in step 1, the domain name SHALL be considered a "stored
+ string";
+ * in step 3, set the flag called "UseSTD3ASCIIRules";
+ * in step 4, process each label with the "ToASCII"
+ operation; and
+ * in step 5, change all label separators to U+002E (full
+ stop).
+
+ After performing the "to-ASCII" conversion, the DNS labels and names
+ MUST be compared for equality according to the rules specified in
+ section 3 of RFC3490.
+
+ The '*' (ASCII 42) wildcard character is allowed in subjectAltName
+ values of type dNSName and then only as the left-most (least
+ significant) DNS label in that value. This wildcard matches any
+ left-most DNS label in the server name. That is, the subject
+ *.example.com matches the server names a.example.com and
+ b.example.com but does not match example.com or a.b.example.com.
+
+
+3.1.3.2. Comparison of IP Addresses
+
+ When the reference identity is an IP address, the identity MUST be
+ converted to the "network byte order" octet string representation
+ [RFC791][RFC2460]. For IP Version 4, as specified in RFC 791, the
+ octet string will contain exactly four octets. For IP Version 6, as
+ specified in RFC 2460, the octet string will contain exactly sixteen
+ octets. This octet string is then compared against subjectAltName
+ values of type iPAddress. A match occurs if the reference identity
+ octet string and value octet strings are identical.
+
+
+3.1.3.3. Comparison of other subjectName types
+
+ Client implementations MAY support matching against subjectAltName
+ values of other types as described in other documents.
+
+
+3.1.4. Discovery of Resultant Security Level
+
+
+
+
+
+
+Harrison Expires August 2006 [Page 10]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ After a TLS layer is established in an LDAP session, both parties
+ are to each independently decide whether or not to continue based on
+ local policy and the security level achieved. If either party
+ decides that the security level is inadequate for it to continue, it
+ SHOULD remove the TLS layer immediately after the TLS
+ (re)negotiation has completed (see [Protocol] section 4.14.3 and
+ section 3.2 below). Implementations may reevaluate the security
+ level at any time and, upon finding it inadequate, should remove the
+ TLS layer.
+
+
+3.1.5. Refresh of Server Capabilities Information
+
+ After a TLS layer is established in an LDAP session, the client
+ SHOULD discard or refresh all information about the server it
+ obtained prior to the initiation of the TLS negotiation and not
+ obtained through secure mechanisms. This protects against man-in-
+ the-middle attacks that may have altered any server capabilities
+ information retrieved prior to TLS layer installation.
+
+ The server may advertise different capabilities after installing a
+ TLS layer. In particular, the value of 'supportedSASLMechanisms'
+ may be different after a TLS layer has been installed (specifically,
+ the EXTERNAL and PLAIN [PLAIN] mechanisms are likely to be listed
+ only after a TLS layer has been installed).
+
+
+3.2. Effect of TLS on Authorization State
+
+ The establishment, change, and/or closure of TLS may cause the
+ authorization state to move to a new state. This is discussed
+ further in Section 4.
+
+
+3.3. TLS Ciphersuites
+
+ Several issues should be considered when selecting TLS ciphersuites
+ that are appropriate for use in a given circumstance. These issues
+ include the following:
+
+ - The ciphersuite's ability to provide adequate confidentiality
+ protection for passwords and other data sent over the transport
+ connection. Client and server implementers should recognize
+ that some TLS ciphersuites provide no confidentiality protection
+ while other ciphersuites that do provide confidentiality
+ protection may be vulnerable to being cracked using brute force
+ methods, especially in light of ever-increasing CPU speeds that
+ reduce the time needed to successfully mount such attacks.
+
+ - Client and server implementers should carefully consider the
+ value of the password or data being protected versus the level
+ of confidentiality protection provided by the ciphersuite to
+ ensure that the level of protection afforded by the ciphersuite
+ is appropriate.
+
+Harrison Expires August 2006 [Page 11]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+
+ - The ciphersuite's vulnerability (or lack thereof) to man-in-the-
+ middle attacks. Ciphersuites vulnerable to man-in-the-middle
+ attacks SHOULD NOT be used to protect passwords or sensitive
+ data, unless the network configuration is such that the danger
+ of a man-in-the-middle attack is negligible.
+
+ - After a TLS negotiation (either initial or subsequent) is
+ completed, both protocol peers should independently verify that
+ the security services provided by the negotiated ciphersuite are
+ adequate for the intended use of the LDAP session. If not, the
+ TLS layer should be closed.
+
+
+4. Authorization State
+
+ Every LDAP session has an associated authorization state. This
+ state is comprised of numerous factors such as what (if any)
+ authorization state has been established, how it was established,
+ and what security services are in place. Some factors may be
+ determined and/or affected by protocol events (e.g., Bind, StartTLS,
+ or TLS closure), and some factors may be determined by external
+ events (e.g., time of day or server load).
+
+ While it is often convenient to view authorization state in
+ simplistic terms (as we often do in this technical specification)
+ such as "an anonymous state", it is noted that authorization systems
+ in LDAP implementations commonly involve many factors which
+ interrelate in complex manners.
+
+ Authorization in LDAP is a local matter. One of the key factors in
+ making authorization decisions is authorization identity. The Bind
+ operation defined in section 4.2 of [Protocol] and discussed further
+ in section 5 below allows information to be exchanged between the
+ client and server to establish an authorization identity for the
+ LDAP session. The Bind operation may also be used to move the LDAP
+ session to an anonymous authorization state (see section 5.1.1).
+
+ Upon initial establishment of the LDAP session, the session has an
+ anonymous authorization identity. Among other things this implies
+ that the client need not send a BindRequest in the first PDU of the
+ LDAP message layer. The client may send any operation request prior
+ to performing a Bind operation, and the server MUST treat it as if
+ it had been performed after an anonymous Bind operation (section
+ 5.1.1).
+
+ Upon receipt of a Bind request, the server immediately moves the
+ session to an anonymous authorization state. If the Bind request is
+ successful, the session is moved to the requested authentication
+ state with its associated authorization state. Otherwise, the
+ session remains in an anonymous state.
+
+
+
+
+Harrison Expires August 2006 [Page 12]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ It is noted that other events both internal and external to LDAP may
+ result in the authentication and authorization states being moved to
+ an anonymous one. For instance, the establishment, change or
+ closure of data security services may result in a move to an
+ anonymous state, or the user's credential information (e.g.,
+ certificate) may have expired. The former is an example of an event
+ internal to LDAP whereas the latter is an example of an event
+ external to LDAP.
+
+
+5. Bind Operation
+
+ The Bind operation ([Protocol] section 4.2) allows authentication
+ information to be exchanged between the client and server to
+ establish a new authorization state.
+
+ The Bind request typically specifies the desired authentication
+ identity. Some Bind mechanisms also allow the client to specify the
+ authorization identity. If the authorization identity is not
+ specified, the server derives it from the authentication identity in
+ an implementation-specific manner.
+
+ If the authorization identity is specified, the server MUST verify
+ that the client's authentication identity is permitted to assume
+ (e.g., proxy for) the asserted authorization identity. The server
+ MUST reject the Bind operation with an invalidCredentials resultCode
+ in the Bind response if the client is not so authorized.
+
+
+5.1. Simple Authentication Method
+
+ The simple authentication method of the Bind Operation provides
+ three authentication mechanisms:
+
+ - An anonymous authentication mechanism (section 5.1.1).
+
+ - An unauthenticated authentication mechanism (section 5.1.2).
+
+ - A name/password authentication mechanism using credentials
+ consisting of a name (in the form of an LDAP distinguished name
+ [LDAPDN]) and a password (section 5.1.3).
+
+
+5.1.1. Anonymous Authentication Mechanism of Simple Bind
+
+ An LDAP client may use the anonymous authentication mechanism of the
+ simple Bind method to explicitly establish an anonymous
+ authorization state by sending a Bind request with a name value of
+ zero length and specifying the simple authentication choice
+ containing a password value of zero length.
+
+
+5.1.2. Unauthenticated Authentication Mechanism of Simple Bind
+
+
+Harrison Expires August 2006 [Page 13]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ An LDAP client may use the unauthenticated authentication mechanism
+ of the simple Bind method to establish an anonymous authorization
+ state by sending a Bind request with a name value (a distinguished
+ name in LDAP string form [LDAPDN] of non-zero length) and specifying
+ the simple authentication choice containing a password value of zero
+ length.
+
+ The distinguished name value provided by the client is intended to
+ be used for trace (e.g., logging) purposes only. The value is not
+ to be authenticated or otherwise validated (including verification
+ that the DN refers to an existing directory object). The value is
+ not to be used (directly or indirectly) for authorization purposes.
+
+ Unauthenticated Bind operations can have significant security issues
+ (see section 6.3.1). In particular, users intending to perform
+ Name/Password Authentication may inadvertently provide an empty
+ password and thus cause poorly implemented clients to request
+ Unauthenticated access. Clients SHOULD be implemented to require
+ user selection of the Unauthenticated Authentication Mechanism by
+ means other than user input of an empty password. Clients SHOULD
+ disallow an empty password input to a Name/Password Authentication
+ user interface. Additionally, Servers SHOULD by default fail
+ Unauthenticated Bind requests with a resultCode of
+ unwillingToPerform.
+
+
+5.1.3. Name/Password Authentication Mechanism of Simple Bind
+
+ An LDAP client may use the name/password authentication mechanism of
+ the simple Bind method to establish an authenticated authorization
+ state by sending a Bind request with a name value (a distinguished
+ name in LDAP string form [LDAPDN] of non-zero length) and specifying
+ the simple authentication choice containing an OCTET STRING password
+ value of non-zero length.
+
+ Servers that map the DN sent in the Bind request to a directory
+ entry with an associated set of one or more passwords used with this
+ mechanism will compare the presented password to that set of
+ passwords. The presented password is considered valid if it matches
+ any member of this set.
+
+ A resultCode of invalidDNSyntax indicates that the DN sent in the
+ name value is syntactically invalid. A resultCode of
+ invalidCredentials indicates that the DN is syntactically correct
+ but not valid for purposes of authentication, or the password is not
+ valid for the DN or the server otherwise considers the credentials
+ to be invalid. A resultCode of success indicates that the
+ credentials are valid and the server is willing to provide service
+ to the entity these credentials identify.
+
+ Server behavior is undefined for Bind requests specifying the
+ name/password authentication mechanism with a zero-length name value
+ and a password value of non-zero length.
+
+
+Harrison Expires August 2006 [Page 14]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ The name/password authentication mechanism of the simple Bind method
+ is not suitable for authentication in environments without
+ confidentiality protection.
+
+
+5.2. SASL Authentication Method
+
+ The sasl authentication method of the Bind Operation provides
+ facilities for using any SASL mechanism including authentication
+ mechanisms and other services (e.g., data security services).
+
+
+5.2.1. SASL Protocol Profile
+
+ LDAP allows authentication via any SASL mechanism [SASL]. As LDAP
+ includes native anonymous and name/password (plain text)
+ authentication methods, the ANONYMOUS [ANONYMOUS] and PLAIN [PLAIN]
+ SASL mechanisms are typically not used with LDAP.
+
+ Each protocol that utilizes SASL services is required to supply
+ certain information profiling the way they are exposed through the
+ protocol ([SASL] section 4). This section explains how each of
+ these profiling requirements are met by LDAP.
+
+
+5.2.1.1. SASL Service Name for LDAP
+
+ The SASL service name for LDAP is "ldap", which has been registered
+ with the IANA as a SASL service name.
+
+
+5.2.1.2. SASL Authentication Initiation and Protocol Exchange
+
+ SASL authentication is initiated via a BindRequest message
+ ([Protocol] section 4.2) with the following parameters:
+
+ - The version is 3.
+ - The AuthenticationChoice is sasl.
+ - The mechanism element of the SaslCredentials sequence contains
+ the value of the desired SASL mechanism.
+ - The optional credentials field of the SaslCredentials sequence
+ MAY be used to provide an initial client response for
+ mechanisms that are defined to have the client send data first
+ (see [SASL] sections 3 and 5 ).
+
+
+
+
+
+
+
+
+
+
+
+Harrison Expires August 2006 [Page 15]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ In general, a SASL authentication protocol exchange consists of a
+ series of server challenges and client responses, the contents of
+ which are specific to and defined by the SASL mechanism. Thus for
+ some SASL authentication mechanisms, it may be necessary for the
+ client to respond to one or more server challenges by sending
+ BindRequest messages multiple times. A challenge is indicated by
+ the server sending a BindResponse message with the resultCode set to
+ saslBindInProgress. This indicates that the server requires the
+ client to send a new BindRequest message with the same SASL
+ mechanism to continue the authentication process.
+
+ To the LDAP message layer, these challenges and responses are opaque
+ binary tokens of arbitrary length. LDAP servers use the
+ serverSaslCreds field (an OCTET STRING) in a BindResponse message to
+ transmit each challenge. LDAP clients use the credentials field
+ (an OCTET STRING) in the SaslCredentials sequence of a BindRequest
+ message to transmit each response. Note that unlike some Internet
+ protocols where SASL is used, LDAP is not text based and does not
+ Base64-transform these challenge and response values.
+
+ Clients sending a BindRequest message with the sasl choice selected
+ SHOULD send a zero-length value in the name field. Servers
+ receiving a BindRequest message with the sasl choice selected SHALL
+ ignore any value in the name field.
+
+ A client may abort a SASL Bind negotiation by sending a BindRequest
+ message with a different value in the mechanism field of
+ SaslCredentials or with an AuthenticationChoice other than sasl.
+
+ If the client sends a BindRequest with the sasl mechanism field as
+ an empty string, the server MUST return a BindResponse with a
+ resultCode of authMethodNotSupported. This will allow the client to
+ abort a negotiation if it wishes to try again with the same SASL
+ mechanism.
+
+ The server indicates completion of the SASL challenge-response
+ exchange by responding with a BindResponse in which the resultCode
+ value is not saslBindInProgress.
+
+ The serverSaslCreds field in the BindResponse can be used to include
+ an optional challenge with a success notification for mechanisms
+ which are defined to have the server send additional data along with
+ the indication of successful completion.
+
+
+5.2.1.3. Optional Fields
+
+ As discussed above, LDAP provides an optional field for carrying an
+ initial response in the message initiating the SASL exchange and
+ provides an optional field for carrying additional data in the
+ message indicating outcome of the authentication exchange. As the
+ mechanism-specific content in these fields may be zero-length, SASL
+ requires protocol specifications to detail how an empty field is
+ distinguished from an absent field.
+
+Harrison Expires August 2006 [Page 16]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+
+ Zero-length initial response data is distinguished from no initial
+ response data in the initiating message, a BindRequest PDU, by the
+ presence of the SaslCredentials.credentials OCTET STRING (of length
+ zero) in that PDU. If the client does not intend to send an
+ initial response with the BindRequest initiating the SASL exchange,
+ it MUST omit the SaslCredentials.credentials OCTET STRING (rather
+ than including an zero-length OCTET STRING).
+
+ Zero-length additional data is distinguished from no additional
+ response data in the outcome message, a BindResponse PDU, by the
+ presence of the serverSaslCreds OCTET STRING (of length zero) in
+ that PDU. If a server does not intend to send additional data in
+ the BindResponse message indicating outcome of the exchange, the
+ server SHALL omit the serverSaslCreds OCTET STRING (rather than
+ including a zero-length OCTET STRING).
+
+
+5.2.1.4. Octet Where Negotiated Security Layers Take Effect
+
+ SASL layers take effect following the transmission by the server and
+ reception by the client of the final BindResponse in the SASL
+ exchange with a resultCode of success.
+
+ Once a SASL layer providing data integrity or confidentiality
+ services takes effect, the layer remains in effect until a new layer
+ is installed (i.e. at the first octet following the final
+ BindResponse of the Bind operation that caused the new layer to take
+ effect). Thus, an established SASL layer is not affected by a
+ failed or non-SASL Bind.
+
+
+5.2.1.5. Determination of Supported SASL Mechanisms
+
+ Clients may determine the SASL mechanisms a server supports by
+ reading the 'supportedSASLMechanisms' attribute from the root DSE
+ (DSA-Specific Entry) ([Models] section 5.1). The values of this
+ attribute, if any, list the mechanisms the server supports in the
+ current LDAP session state. LDAP servers SHOULD allow all clients--
+ even those with an anonymous authorization--to retrieve the
+ 'supportedSASLMechanisms' attribute of the root DSE both before and
+ after the SASL authentication exchange. The purpose of the latter
+ is to allow the client to detect possible downgrade attacks (see
+ section 6.4 and [SASL] section 6.1.2).
+
+ Because SASL mechanisms provide critical security functions, clients
+ and servers should be configurable to specify what mechanisms are
+ acceptable and allow only those mechanisms to be used. Both clients
+ and servers must confirm that the negotiated security level meets
+ their requirements before proceeding to use the session.
+
+
+5.2.1.6. Rules for Using SASL Layers
+
+
+Harrison Expires August 2006 [Page 17]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ Upon installing a SASL layer, the client SHOULD discard or refresh
+ all information about the server it obtained prior to the initiation
+ of the SASL negotiation and not obtained through secure mechanisms.
+
+ If a lower level security layer (such as TLS) is installed, any SASL
+ layer SHALL be layered on top of such security layers regardless of
+ the order of their negotiation. In all other respects, the SASL
+ layer and other security layers act independently, e.g., if both a
+ TLS layer and a SASL layer are in effect then removing the TLS layer
+ does not affect the continuing service of the SASL layer.
+
+
+5.2.1.7. Support for Multiple Authentications
+
+ LDAP supports multiple SASL authentications as defined in [SASL]
+ section 4.
+
+
+5.2.1.8. SASL Authorization Identities
+
+ Some SASL mechanisms allow clients to request a desired
+ authorization identity for the LDAP session ([SASL] section 3.4.
+ The decision to allow or disallow the current authentication
+ identity to have access to the requested authorization identity is a
+ matter of local policy. The authorization identity is a string of
+ UTF-8 [RFC3629] encoded [Unicode] characters corresponding to the
+ following ABNF [RFC2234bis] grammar:
+
+ authzId = dnAuthzId / uAuthzId
+
+ ; distinguished-name-based authz id
+ dnAuthzId = "dn:" distinguishedName
+
+ ; unspecified authorization id, UTF-8 encoded
+ uAuthzId = "u:" userid
+ userid = *UTF8 ; syntax unspecified
+
+ where the distinguishedName rule is defined in section 3 of [LDAPDN]
+ and the UTF8 rule is defined in section 1.4 of [Models].
+
+ The dnAuthzId choice is used to assert authorization identities in
+ the form of a distinguished name to be matched in accordance with
+ the distinguishedNameMatch matching rule [Syntaxes]. There is no
+ requirement that the asserted distinguishedName value be that of an
+ entry in the directory.
+
+
+
+
+
+
+
+
+
+
+Harrison Expires August 2006 [Page 18]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ The uAuthzId choice allows clients to assert an authorization
+ identity that is not in distinguished name form. The format of
+ userid is defined only as a sequence of UTF-8 [RFC3629] encoded
+ [Unicode] characters, and any further interpretation is a local
+ matter. For example, the userid could identify a user of a specific
+ directory service, be a login name or be an email address. A
+ uAuthzId SHOULD NOT be assumed to be globally unique. To compare
+ uAuthzID values, each uAuthzID value MUST be prepared as a "query"
+ string using [RFC4013] and then the two values are compared octet-
+ wise.
+
+ The above grammar is extensible. The authzId production may be
+ extended to support additional forms of identities. Each form is
+ distinguished by its unique prefix (see section 3.12 of [LDAPIANA]
+ for registration requirements).
+
+
+5.2.2. SASL Semantics Within LDAP
+
+ Implementers must take care to maintain the semantics of SASL
+ specifications when handling data that has different semantics in
+ the LDAP protocol.
+
+ For example, the SASL DIGEST-MD5 authentication mechanism [RFC2829]
+ utilizes an authentication identity and a realm which are
+ syntactically simple strings and semantically simple username and
+ realm values ([DIGEST-MD5] section 2.1). These values are not LDAP
+ DNs, and there is no requirement that they be represented or treated
+ as such.
+
+
+5.2.3. SASL EXTERNAL Authentication Mechanism
+
+ A client can use the SASL EXTERNAL [SASL] mechanism to request the
+ LDAP server to authenticate and establish a resulting authorization
+ identity using security credentials exchanged by a lower security
+ layer (such as by TLS authentication). If the client's
+ authentication credentials have not been established at a lower
+ security layer, the SASL EXTERNAL Bind MUST fail with a resultCode
+ of inappropriateAuthentication. Although this situation has the
+ effect of leaving the LDAP session in an anonymous state (section
+ 4), the state of any installed security layer is unaffected.
+
+ A client may either request that its authorization identity be
+ automatically derived from its authentication credentials exchanged
+ at a lower security layer or it may explicitly provide a desired
+ authorization identity. The former is known as an implicit
+ assertion, and the latter as an explicit assertion.
+
+
+5.2.3.1. Implicit Assertion
+
+
+
+
+Harrison Expires August 2006 [Page 19]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ An implicit authorization identity assertion is performed by
+ invoking a Bind request of the SASL form using the EXTERNAL
+ mechanism name that does not include the optional credentials field
+ (found within the SaslCredentials sequence in the BindRequest). The
+ server will derive the client's authorization identity from the
+ authentication identity supplied by a security layer (e.g., a public
+ key certificate used during TLS layer installation) according to
+ local policy. The underlying mechanics of how this is accomplished
+ are implementation specific.
+
+
+5.2.3.2. Explicit Assertion
+
+ An explicit authorization identity assertion is performed by
+ invoking a Bind request of the SASL form using the EXTERNAL
+ mechanism name that includes the credentials field (found within the
+ SaslCredentials sequence in the BindRequest). The value of the
+ credentials field (an OCTET STRING) is the asserted authorization
+ identity and MUST be constructed as documented in section 5.2.1.8.
+
+
+6. Security Considerations
+
+ Security issues are discussed throughout this document. The
+ unsurprising conclusion is that security is an integral and
+ necessary part of LDAP. This section discusses a number of LDAP-
+ related security considerations.
+
+
+6.1. General LDAP Security Considerations
+
+ LDAP itself provides no security or protection from accessing or
+ updating the directory by other means than through the LDAP
+ protocol, e.g., from inspection of server database files by database
+ administrators.
+
+ Sensitive data may be carried in almost any LDAP message and its
+ disclosure may be subject to privacy laws or other legal regulation
+ in many countries. Implementers should take appropriate measures to
+ protect sensitive data from disclosure to unauthorized entities.
+
+ A session on which the client has not established data integrity and
+ privacy services (e.g., via StartTLS, IPsec or a suitable SASL
+ mechanism) is subject to man-in-the-middle attacks to view and
+ modify information in transit. Client and server implementers
+ SHOULD take measures to protect sensitive data in the LDAP session
+ from these attacks by using data protection services as discussed in
+ this document. Clients and servers should provide the ability to be
+ configured to require these protections. A resultCode of
+ confidentialityRequired indicates that the server requires
+ establishment of (stronger) data confidentiality protection in order
+ to perform the requested operation.
+
+
+
+Harrison Expires August 2006 [Page 20]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ Access control should always be applied when reading sensitive
+ information or updating directory information.
+
+ Various security factors, including authentication and authorization
+ information and data security services may change during the course
+ of the LDAP session, or even during the performance of a particular
+ operation. Implementations should be robust in the handling of
+ changing security factors.
+
+
+6.2. StartTLS Security Considerations
+
+ All security gained via use of the StartTLS operation is gained by
+ the use of TLS itself. The StartTLS operation, on its own, does not
+ provide any additional security.
+
+ The level of security provided through the use of TLS depends
+ directly on both the quality of the TLS implementation used and the
+ style of usage of that implementation. Additionally, a man-in-the-
+ middle attacker can remove the StartTLS extended operation from the
+ 'supportedExtension' attribute of the root DSE. Both parties SHOULD
+ independently ascertain and consent to the security level achieved
+ once TLS is established and before beginning use of the TLS-
+ protected session. For example, the security level of the TLS layer
+ might have been negotiated down to plaintext.
+
+ Clients MUST either warn the user when the security level achieved
+ does not provide an acceptable level of data confidentiality and/or
+ data integrity protection, or be configurable to refuse to proceed
+ without an acceptable level of security.
+
+ As stated in section 3.1.2, a server may use a local security policy
+ to determine whether to successfully complete TLS negotiation.
+ Information in the user's certificate that is originated or verified
+ by the certification authority should be used by the policy
+ administrator when configuring the identification and authorization
+ policy.
+
+ Server implementers SHOULD allow server administrators to elect
+ whether and when data confidentiality and integrity are required, as
+ well as elect whether authentication of the client during the TLS
+ handshake is required.
+
+ Implementers should be aware of and understand TLS security
+ considerations as discussed in the TLS specification [TLS].
+
+
+6.3. Bind Operation Security Considerations
+
+ This section discusses several security considerations relevant to
+ LDAP authentication via the Bind operation.
+
+
+6.3.1. Unauthenticated Mechanism Security Considerations
+
+Harrison Expires August 2006 [Page 21]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+
+ Operational experience shows that clients can (and frequently do)
+ misuse the unauthenticated authentication mechanism of the simple
+ Bind method (see section 5.1.2). For example, a client program
+ might make a decision to grant access to non-directory information
+ on the basis of successfully completing a Bind operation. LDAP
+ server implementations may return a success response to an
+ unauthenticated Bind request. This may erroneously leave the client
+ with the impression that the server has successfully authenticated
+ the identity represented by the distinguished name when in reality,
+ an anonymous authorization state has been established. Clients that
+ use the results from a simple Bind operation to make authorization
+ decisions should actively detect unauthenticated Bind requests (by
+ verifying that the supplied password is not empty) and react
+ appropriately.
+
+
+6.3.2. Name/Password Mechanism Security Considerations
+
+ The name/password authentication mechanism of the simple Bind method
+ discloses the password to the server, which is an inherent security
+ risk. There are other mechanisms such as SASL DIGEST-MD5 [RFC2829]
+ that do not disclose the password to the server.
+
+
+6.3.3. Password-related Security Considerations
+
+ LDAP allows multi-valued password attributes. In systems where
+ entries are expected to have one and only one password,
+ administrative controls should be provided to enforce this behavior.
+
+ The use of clear text passwords and other unprotected authentication
+ credentials is strongly discouraged over open networks when the
+ underlying transport service cannot guarantee confidentiality. LDAP
+ implementations SHOULD NOT by default support authentication methods
+ using clear text passwords and other unprotected authentication
+ credentials unless the data on the session is protected using TLS or
+ other data confidentiality and data integrity protection.
+
+ The transmission of passwords in the clear--typically for
+ authentication or modification--poses a significant security risk.
+ This risk can be avoided by using SASL authentication [SASL]
+ mechanisms that do not transmit passwords in the clear or by
+ negotiating transport or session layer data confidentiality services
+ before transmitting password values.
+
+ To mitigate the security risks associated with the transfer of
+ passwords, a server implementation that supports any password-based
+ authentication mechanism that transmits passwords in the clear MUST
+ support a policy mechanism that at the time of authentication or
+ password modification, requires:
+
+ A TLS layer has been successfully installed.
+
+
+Harrison Expires August 2006 [Page 22]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ OR
+
+ Some other data confidentiality mechanism that protects the
+ password value from eavesdropping has been provided.
+
+ OR
+
+ The server returns a resultCode of confidentialityRequired for
+ the operation (i.e. name/password Bind with password value,
+ SASL Bind transmitting a password value in the clear, add or
+ modify including a userPassword value, etc.), even if the
+ password value is correct.
+
+ Server implementations may also want to provide policy mechanisms to
+ invalidate or otherwise protect accounts in situations where a
+ server detects that a password for an account has been transmitted
+ in the clear.
+
+
+6.3.4. Hashed Password Security Considerations
+
+ Some authentication mechanisms (e.g., DIGEST-MD5) transmit a hash of
+ the password value that may be vulnerable to offline dictionary
+ attacks. Implementers should take care to protect such hashed
+ password values during transmission using TLS or other
+ confidentiality mechanisms.
+
+
+6.4.SASL Security Considerations
+
+ Until data integrity service is installed on an LDAP session, an
+ attacker can modify the transmitted values of the
+ 'supportedSASLMechanisms' attribute response and thus downgrade the
+ list of available SASL mechanisms to include only the least secure
+ mechanism. To detect this type of attack, the client may retrieve
+ the SASL mechanisms the server makes available both before and after
+ data integrity service is installed on an LDAP session. If the
+ client finds that the integrity-protected list (the list obtained
+ after data integrity service was installed) contains a stronger
+ mechanism than those in the previously obtained list, the client
+ should assume the previously obtained list was modified by an
+ attacker. In this circumstance it is recommended that the client
+ close the underlying transport connection and then reconnect to
+ reestablish the session.
+
+
+6.5. Related Security Considerations
+
+ Additional security considerations relating to the various
+ authentication methods and mechanisms discussed in this document
+ apply and can be found in [SASL], [RFC4013], [StringPrep] and
+ [RFC3629].
+
+
+
+Harrison Expires August 2006 [Page 23]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+7. IANA Considerations
+
+ It is requested that the IANA update the LDAP Protocol Mechanism
+ registry to indicate that this document and [Protocol] provide the
+ definitive technical specification for the StartTLS
+ (1.3.6.1.4.1.1466.20037) extended operation.
+
+
+8. Acknowledgments
+
+ This document combines information originally contained in RFC 2251,
+ RFC 2829 and RFC 2830 which are products of the LDAP Extensions
+ (LDAPEXT) Working Group.
+
+ This document is a product of the IETF LDAP Revision (LDAPBIS)
+ working group.
+
+
+9. Normative References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn.]]
+
+ [LDAPDN] Zeilenga, Kurt D. (editor), "LDAP: String
+ Representation of Distinguished Names", draft-ietf-
+ ldapbis-dn-xx.txt, a work in progress.
+
+ [LDAPIANA] Zeilenga, K., "IANA Considerations for LDAP", draft-
+ ietf-ldapbis-bcp64-xx.txt, (a work in progress).
+
+ [Matching] Hoffman, Paul and Steve Hanna, "Matching Text Strings
+ in PKIX Certificates", draft-hoffman-pkix-stringmatch-
+ xx.txt, a work in progress.
+
+ [Models] Zeilenga, Kurt D. (editor), "LDAP: Directory
+ Information Models", draft-ietf-ldapbis-models-xx.txt,
+ a work in progress.
+
+ [Protocol] Sermersheim, J., "LDAP: The Protocol", draft-ietf-
+ ldapbis-protocol-xx.txt, a work in progress.
+
+ [RFC791] Information Sciences Institute, "INTERNET PROTOCOL
+ DARPA INTERNET PROGRAM PROTOCOL SPECIFICATION", RFC
+ 791, September 1981.
+
+ [RFC2119] Bradner, S., "Key Words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC2234bis] Crocker, D., Ed. and P. Overell, "Augmented BNF for
+ Syntax Specifications: ABNF", draft-crocker-abnf-
+ rfc2234bis-xx, a work in progress.
+
+ [RFC2460] Deering, S., R. Hinden, "Internet Protocol, Version 6
+ (IPv6)", RFC 2460, December 1998.
+
+Harrison Expires August 2006 [Page 24]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+
+ [RFC3490] Falstrom, P., P. Hoffman, and A. Costello,
+ "Internationalizing Domain Names In Applications
+ (IDNA)", RFC 3490, March 2003.
+
+ [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
+ 10646", RFC 3629, STD 63, November 2003.
+
+ [RFC4013] Zeilenga, K., "SASLprep: Stringprep Profile for User
+ Names and Passwords", RFC 4013, February 2005.
+
+ [Roadmap] K. Zeilenga, "LDAP: Technical Specification Road Map",
+ draft-ietf-ldapbis-roadmap-xx.txt, a work in progress.
+
+ [SASL] Melnikov, A. (editor), "Simple Authentication and
+ Security Layer (SASL)", draft-ietf-sasl-rfc2222bis-
+ xx.txt, a work in progress.
+
+ [Schema] Dally, K. (editor), "LDAP: User Schema", draft-ietf-
+ ldapbis-user-schema-xx.txt, a work in progress.
+
+ [StringPrep] M. Blanchet, "Preparation of Internationalized Strings
+ ('stringprep')", draft-hoffman-rfc3454bis-xx.txt, a
+ work in progress.
+
+ [Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
+ draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.
+
+ [TLS] Dierks, T. and C. Allen. "The TLS Protocol Version
+ 1.1", draft-ietf-tls-rfc2246-bis-xx.txt, a work in
+ progress.
+
+ [Unicode] The Unicode Consortium, "The Unicode Standard, Version
+ 3.2.0" is defined by "The Unicode Standard, Version
+ 3.0" (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-
+ 61633-5), as amended by the "Unicode Standard Annex
+ #27: Unicode 3.1"
+ (http://www.unicode.org/reports/tr27/) and by the
+ "Unicode Standard Annex #28: Unicode 3.2"
+ (http://www.unicode.org/reports/tr28/).
+
+
+10. Informative References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn.]]
+
+ [ANONYMOUS] Zeilenga, K., "Anonymous SASL Mechanism", draft-
+ zeilenga-sasl-anon-xx.txt, a work in progress.
+
+ [DIGEST-MD5] Leach, P. C. Newman, and A. Melnikov, "Using Digest
+ Authentication as a SASL Mechanism", draft-ietf-sasl-
+ rfc2831bis-xx.txt, a work in progress.
+
+
+Harrison Expires August 2006 [Page 25]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ [PLAIN] Zeilenga, K.,"Plain SASL Mechanism", draft-zeilenga-
+ sasl-plain-xx.txt, a work in progress.
+
+ [RFC2828] Shirey, R., "Internet Security Glossary", RFC 2828, May
+ 2000.
+
+ [RFC2829] Wahl, M. et al, "Authentication Methods for LDAP", RFC
+ 2829, May 2000.
+
+ [RFC4301] Kent, S. and K. Seo, "Security Architecture for the
+ Internet Protocol", RFC 4301, December 2005.
+
+Author's Address
+
+ Roger Harrison
+ Novell, Inc.
+ 1800 S. Novell Place
+ Provo, UT 84606
+ USA
+ +1 801 861 2642
+ roger_harrison at novell.com
+
+
+Appendix A. Authentication and Authorization Concepts
+
+ This appendix is non-normative.
+
+ This appendix defines basic terms, concepts, and interrelationships
+ regarding authentication, authorization, credentials, and identity.
+ These concepts are used in describing how various security
+ approaches are utilized in client authentication and authorization.
+
+
+A.1. Access Control Policy
+
+ An access control policy is a set of rules defining the protection
+ of resources, generally in terms of the capabilities of persons or
+ other entities accessing those resources. Security objects and
+ mechanisms, such as those described here, enable the expression of
+ access control policies and their enforcement.
+
+
+A.2. Access Control Factors
+
+ A request, when it is being processed by a server, may be associated
+ with a wide variety of security-related factors ([Protocol] section
+ 4.2). The server uses these factors to determine whether and how to
+ process the request. These are called access control factors
+ (ACFs). They might include source IP address, encryption strength,
+ the type of operation being requested, time of day, etc.. Some
+ factors may be specific to the request itself, others may be
+ associated with the transport connection via which the request is
+ transmitted, others (e.g., time of day) may be "environmental".
+
+
+Harrison Expires August 2006 [Page 26]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ Access control policies are expressed in terms of access control
+ factors. For example, "a request having ACFs i,j,k can perform
+ operation Y on resource Z." The set of ACFs that a server makes
+ available for such expressions is implementation-specific.
+
+A.3. Authentication, Credentials, Identity
+
+ Authentication credentials are the evidence supplied by one party to
+ another, asserting the identity of the supplying party (e.g., a
+ user) who is attempting to establish a new authorization state with
+ the other party (typically a server). Authentication is the process
+ of generating, transmitting, and verifying these credentials and
+ thus the identity they assert. An authentication identity is the
+ name presented in a credential.
+
+ There are many forms of authentication credentials. The form used
+ depends upon the particular authentication mechanism negotiated by
+ the parties. X.509 certificates, Kerberos tickets, and simple
+ identity and password pairs are all examples of authentication
+ credential forms. Note that an authentication mechanism may
+ constrain the form of authentication identities used with it.
+
+
+A.4. Authorization Identity
+
+ An authorization identity is one kind of access control factor. It
+ is the name of the user or other entity that requests that
+ operations be performed. Access control policies are often
+ expressed in terms of authorization identities; for example, "entity
+ X can perform operation Y on resource Z."
+
+ The authorization identity of an LDAP session is often semantically
+ the same as the authentication identity presented by the client, but
+ it may be different. SASL allows clients to specify an
+ authorization identity distinct from the authentication identity
+ asserted by the client's credentials. This permits agents such as
+ proxy servers to authenticate using their own credentials, yet
+ request the access privileges of the identity for which they are
+ proxying [SASL]. Also, the form of authentication identity supplied
+ by a service like TLS may not correspond to the authorization
+ identities used to express a server's access control policy,
+ requiring a server-specific mapping to be done. The method by which
+ a server composes and validates an authorization identity from the
+ authentication credentials supplied by a client is implementation
+ specific.
+
+
+Appendix B. Summary of Changes
+
+ This appendix is non-normative.
+
+
+
+
+
+Harrison Expires August 2006 [Page 27]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ This appendix summarizes substantive changes made to RFC 2251, RFC
+ 2829 and RFC 2830. In addition to the specific changes detailed
+ below, the reader of this document should be aware that numerous
+ general editorial changes have been made to the original content
+ from the source documents. These changes include the following:
+
+ - The material originally found in RFC 2251 sections 4.2.1 and
+ 4.2.2, RFC 2829 (all sections except sections 2 and 4) and RFC
+ 2830 was combined into a single document
+
+ - The combined material was substantially reorganized and edited
+ to group related subjects, improve the document flow and clarify
+ intent.
+
+ - Changes were made throughout the text to align with definitions
+ of LDAP protocol layers and IETF security terminology.
+
+ - Substantial updates and additions were made to security
+ considerations from both documents based on current operational
+ experience.
+
+
+B.1. Changes Made to RFC 2251
+
+ This section summarizes the substantive changes made to sections
+ 4.2.1 and 4.2.2 of RFC 2251 by this document. Additional
+ substantive changes to section 4.2.1 of RFC 2251 are also documented
+ in [Protocol].
+
+
+B.1.1. Section 4.2.1 (Sequencing of the Bind Request)
+
+ - Paragraph 1: Removed the sentence, "If at any stage the client
+ wishes to abort the bind process it MAY unbind and then drop the
+ underlying connection." The Unbind operation still permits this
+ behavior, but it is not documented explicitly.
+
+ - Clarified that the session is moved to an anonymous state upon
+ receipt of the BindRequest PDU and that it is only moved to a
+ non-anonymous state if and when the Bind request is successful.
+
+
+B.1.2. Section 4.2.2 (Authentication and Other Security Services)
+
+ - RFC 2251 states that anonymous authentication MUST be performed
+ using the simple bind method. This specification defines the
+ anonymous authentication mechanism of the simple bind method and
+ requires all conforming implementations to support it. Other
+ authentication mechanisms producing anonymous authentication and
+ authorization state may also be implemented and used by
+ conforming implementations.
+
+
+B.2. Changes Made to RFC 2829
+
+Harrison Expires August 2006 [Page 28]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+
+ This section summarizes the substantive changes made to RFC 2829.
+
+
+B.2.1. Section 4 (Required security mechanisms)
+
+ - The name/password authentication mechanism (see section B.2.5
+ below) protected by TLS replaces the SASL DIGEST-MD5 mechanism
+ as LDAP's mandatory-to-implement password-based authentication
+ mechanism. Implementations are encouraged to continue
+ supporting SASL DIGEST-MD5 [RFC2829].
+
+
+B.2.2. Section 5.1 (Anonymous authentication procedure)
+
+ - Clarified that anonymous authentication involves a name value of
+ zero length and a password value of zero length. The
+ unauthenticated authentication mechanism was added to handle
+ simple Bind requests involving a name value with a non-zero
+ length and a password value of zero length.
+
+
+B.2.3. Section 6 (Password-based authentication)
+
+ - See section B.2.1.
+
+
+B.2.4. Section 6.1 (Digest authentication)
+
+ - As the SASL-DIGEST-MD5 mechanism is no longer mandatory to
+ implement, this section is now historical and was not included
+ in this document. RFC 2829 section 6.1 continues to document the
+ SASL DIGEST-MD5 authentication mechanism.
+
+
+B.2.5. Section 6.2 ("simple" authentication choice with TLS)
+
+ - Renamed the "simple" authentication mechanism to the
+ name/password authentication mechanism to better describe it.
+
+ - The use of TLS was generalized to align with definitions of LDAP
+ protocol layers. TLS establishment is now discussed as an
+ independent subject and is generalized for use with all
+ authentication mechanisms and other security layers.
+
+ - Removed the implication that the userPassword attribute is the
+ sole location for storage of password values to be used in
+ authentication. There is no longer any implied requirement for
+ how or where passwords are stored at the server for use in
+ authentication.
+
+
+B.2.6. Section 6.3 (Other authentication choices with TLS)
+
+
+Harrison Expires August 2006 [Page 29]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ - See section B.2.5.
+
+
+B.2.7. Section 7.1 (Certificate-based authentication with TLS)
+
+ - See section B.2.5.
+
+
+B.2.8. Section 8 (Other mechanisms)
+
+ - All SASL authentication mechanisms are explicitly allowed within
+ LDAP. Specifically, this means the SASL ANONYMOUS and SASL PLAIN
+ mechanisms are no longer precluded from use within LDAP.
+
+
+B.2.9. Section 9 (Authorization identity)
+
+ - Specified matching rules for dnAuthzID and uAuthzID values. In
+ particular, the DN value in the dnAuthzID form must be matched
+ using DN matching rules and the uAuthzID value MUST be prepared
+ using SASLprep rules before being compared octet-wise.
+
+ - Clarified that uAuthzID values should not be assumed to be
+ globally unique.
+
+
+B.2.10. Section 10 (TLS Ciphersuites)
+
+ - TLS Ciphersuite recommendations are no longer included in this
+ specification. Implementations must still support the
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA ciphersuite.
+
+ - Clarified that anonymous authentication involves a name value of
+ zero length and a password value of zero length. The
+ unauthenticated authentication mechanism was added to handle
+ simple Bind requests involving a name value with a non-zero
+ length and a password value of zero length.
+
+
+B.3. Changes Made to RFC 2830:
+
+ This section summarizes the substantive changes made to sections 3
+ and 5 of RFC 2830. Readers should consult [Protocol] for summaries
+ of changes to other sections.
+
+
+B.3.1. Section 3.6 (Server Identity Check)
+
+
+
+
+
+
+
+
+Harrison Expires August 2006 [Page 30]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ - Substantially updated the server identity check algorithm to
+ ensure that it is complete and robust. In particular, the use
+ of all relevant values in the subjectAltName and the subjectName
+ fields are covered by the algorithm and matching rules are
+ specified for each type of value. Mapped (derived) forms of the
+ server identity may now be used when the mapping is performed in
+ a secure fashion.
+
+
+B.3.2. Section 3.7 (Refresh of Server Capabilities Information)
+
+ - Clients are no longer required to always refresh information
+ about server capabilities following TLS establishment to allow
+ for situations where this information was obtained through a
+ secure mechanism.
+
+
+B.3.3. Section 5.2 (Effects of TLS on Authorization Identity)
+
+ - Establishing a TLS layer on an LDAP session may now cause the
+ authorization state of the LDAP session to change.
+
+
+B.3.4. Section 5.1.1 (TLS Closure Effects)
+
+ - Closing a TLS layer on an LDAP session changes the
+ authentication and authorization state of the LDAP session based
+ on local policy. Specifically, this means that implementations
+ are not required to to change the authentication and
+ authorization states to anonymous upon TLS closure.
+
+
+Appendix C. Changes for draft-ldapbis-authmeth-19
+
+ [[Note to RFC Editor: Please remove this appendix upon publication
+ of this Internet-Draft as an RFC.]]
+
+ This appendix is non-normative.
+
+ This appendix summarizes changes made in this revision of the
+ document.
+
+ General
+
+ - This draft has addressed all issues raised for the -18 version.
+
+ - Several minor edits for clarity and to remove typos based on
+ feedback from WG, IETF and IESG reviews.
+
+ Abstract
+ - Added statement regarding RFCs obsoleted by this document.
+
+ Section 2
+
+
+Harrison Expires August 2006 [Page 31]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ - Changed mandatory-to-implement TLS ciphersuite from
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA to
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA based on IESG recommendation and
+ WG consensus.
+
+ Section 5.2.1.5
+ - Clarified that 'supportedSASLMechanisms' should be retrievable
+ by all clients both before and after SASL negotiation to allow
+ detection of mechanism downgrade attacks.
+
+ Section 5.2.1.6
+ - Changed wording to reflect the fact that SASL layers cannot be
+ uninstalled from the session.
+
+ Section 5.2.3
+ - Removed reference to IPsec as a source of authorization identity.
+
+ Section 6.2
+ - When TLS layer does not provide an acceptable level of security
+ client MUST warn the user or refuse to proceed. (This was
+ changed from SHOULD based on IESG recommendation and WG
+ consensus.)
+
+ - Added a security consideration regarding the proper usage of
+ information found in the client certificate.
+
+ Section 6.4
+ - Added a new section on SASL security considerations that
+ discusses SASL mechanism downgrade attacks.
+
+ Section 10
+ - Replaced references to RFC 2401 with RFC 4301.
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed
+ to pertain to the implementation or use of the technology described
+ in this document or the extent to which any license under such
+ rights might or might not be available; nor does it represent that
+ it has made any independent effort to identify any such rights.
+ Information on the procedures with respect to rights in RFC
+ documents can be found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use
+ of such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository
+ at http://www.ietf.org/ipr.
+
+
+
+
+
+Harrison Expires August 2006 [Page 32]
+�
+Internet-Draft LDAP Authentication Methods February 2006
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at ietf-
+ ipr at ietf.org.
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on
+ an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
+ REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
+ INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+ THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Harrison Expires August 2006 [Page 33]
+�
\ No newline at end of file
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-bcp64-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-bcp64-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-bcp64-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1179 @@
+
+
+
+
+
+
+INTERNET-DRAFT Kurt D. Zeilenga
+Intended Category: BCP OpenLDAP Foundation
+Expires in six months 23 January 2006
+Obsoletes: RFC 3383
+
+
+ IANA Considerations for LDAP
+ <draft-ietf-ldapbis-bcp64-06.txt>
+
+
+
+Status of Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor as a Best Current Practice
+ document. This document is intended to replace RFC 3383.
+ Distribution of this memo is unlimited. Technical discussion of this
+ document will take place on the IETF LDAP Revision Working Group
+ (LDAPBIS) mailing list <ietf-ldapbis at openldap.org>. Please send
+ editorial comments directly to the document editor
+ <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2006). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 1]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+Abstract
+
+ This document provides procedures for registering extensible elements
+ of Lightweight Directory Access Protocol (LDAP). The document also
+ provides guidelines to Internet Assigned Numbers Authority (IANA)
+ describing conditions under which new values can be assigned.
+
+
+1. Introduction
+
+ The Lightweight Directory Access Protocol [Roadmap] (LDAP) is an
+ extensible protocol. LDAP supports:
+
+ - addition of new operations,
+ - extension of existing operations, and
+ - extensible schema.
+
+ This document details procedures for registering values of used to
+ unambiguously identify extensible elements of the protocol including:
+
+ - LDAP message types;
+ - LDAP extended operations and controls;
+ - LDAP result codes;
+ - LDAP authentication methods;
+ - LDAP attribute description options; and
+ - Object Identifier descriptors.
+
+ These registries are maintained by the Internet Assigned Numbers
+ Authority (IANA).
+
+ In addition, this document provides guidelines to IANA describing the
+ conditions under which new values can be assigned.
+
+ This document replaces RFC 3383.
+
+
+2. Terminology and Conventions
+
+ This section details terms and conventions used in this document.
+
+
+2.1. Policy Terminology
+
+ The terms "IESG Approval", "Standards Action", "IETF Consensus",
+ "Specification Required", "First Come First Served", "Expert Review",
+ and "Private Use" are used as defined in BCP 26 [RFC2434].
+
+
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 2]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+2.2. Requirement Terminology
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119]. In
+ this case, "the specification" as used by BCP 14 refers to the
+ processing of protocols being submitted to the IETF standards
+ process.
+
+
+2.3. Common ABNF Productions
+
+ A number of syntaxes in this document are described using ABNF
+ [ABNF]. These syntaxes rely on the following common productions:
+
+ ALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"
+ LDIGIT = %x31-39 ; "1"-"9"
+ DIGIT = %x30 / LDIGIT ; "0"-"9"
+ HYPHEN = %x2D ; "-"
+ DOT = %x2E ; "."
+ number = DIGIT / ( LDIGIT 1*DIGIT )
+ keychar = ALPHA / DIGIT / HYPHEN
+ leadkeychar = ALPHA
+ keystring = leadkeychar *keychar
+
+ A keyword is a case-insensitive string of UTF-8 [RFC3629] encoded
+ Unicode [Unicode] restricted to the <keystring> production.
+
+
+3. IANA Considerations for LDAP
+
+ This section details each kind of protocol value which can be
+ registered and provides IANA guidelines on how to assign new values.
+
+ IANA may reject obviously bogus registrations.
+
+ LDAP values specified in RFCs MUST be registered. Other LDAP values,
+ except those in private-use name spaces, SHOULD be registered. RFCs
+ SHOULD NOT reference, use, or otherwise recognize unregistered LDAP
+ values.
+
+
+3.1. Object Identifiers
+
+ Numerous LDAP schema and protocol elements are identified by Object
+ Identifiers (OIDs) [X.680]. Specifications which assign OIDs to
+ elements SHOULD state who delegated the OIDs for its use.
+
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 3]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+ For IETF developed elements, specifications SHOULD use OIDs under
+ "Internet Directory Numbers" (1.3.6.1.1.x). For elements developed
+ by others, any properly delegated OID can be used, including those
+ under "Internet Directory Numbers" (1.3.6.1.1.x) or "Internet Private
+ Enterprise Numbers" (1.3.6.1.4.1.x).
+
+ Internet Directory Numbers (1.3.6.1.1.x) will be assigned upon Expert
+ Review with Specification Required. Only one OID per specification
+ will be assigned. The specification MAY then assign any number of
+ OIDs within this arc without further coordination with IANA.
+
+ Internet Private Enterprise Numbers (1.3.6.1.4.1.x) are assigned by
+ IANA <http://www.iana.org/cgi-bin/enterprise.pl>. Practices for IANA
+ assignment of Internet Private Enterprise Numbers is detailed in RFC
+ 2578 [RFC2578].
+
+ To avoid interoperability problems between early implementations of a
+ "work in progress" and implementations of the published specification
+ (e.g., the RFC), experimental OIDs SHOULD be used in "works in
+ progress" and early implementations. OIDs under the Internet
+ Experimental OID arc (1.3.6.1.3.x) may be used for this purpose.
+ Practices for IANA assignment of these Internet Experimental numbers
+ is detailed in RFC 2578 [RFC2578]
+
+
+3.2 Protocol Mechanisms
+
+ LDAP provides a number of Root DSE attributes for discovery of
+ protocol mechanisms identified by OIDs, including the
+ supportedControl, supportedExtension, and supportedFeatures
+ attributes [Models],
+
+ A registry of OIDs used for discover of protocol mechanisms is
+ provided to allow implementors and others to locate the technical
+ specification for these protocol mechanisms. Future specifications
+ of additional Root DSE attributes holding values identifying protocol
+ mechanisms MAY extend this registry for their values.
+
+ Protocol Mechanisms are registered on a First Come First Served
+ basis.
+
+
+3.3 LDAP Syntaxes
+
+ This registry provides a listing of LDAP syntaxes [Models]. Each
+ LDAP syntax is identified by an object identifier (OID). This
+ registry is provided to allow implementors and others to locate the
+ technical specification describing a particular LDAP Syntax.
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 4]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+ LDAP Syntaxes are registered on a First Come First Served with
+ Specification Required basis.
+
+ Note: unlike object classes, attribute types and various other kinds
+ of schema elements, descriptors are not used in LDAP to identify LDAP
+ Syntaxes.
+
+
+3.4. Object Identifier Descriptors
+
+ LDAP allows short descriptive names (or descriptors) to be used
+ instead of a numeric Object Identifier to identify select protocol
+ extensions [Protocol], schema elements [Models], LDAP URL [LDAPURL]
+ extensions, and other objects.
+
+ While the protocol allows the same descriptor to refer to different
+ object identifiers in certain cases and the registry supports
+ multiple registrations of the same descriptor (each indicating a
+ different kind of schema element and different object identifier),
+ multiple registrations of the same descriptor are to be avoided. All
+ such multiple registration requests require Expert Review.
+
+ Descriptors are restricted to strings of UTF-8 encoded Unicode
+ characters restricted by the following ABNF:
+
+ name = keystring
+
+ Descriptors are case-insensitive.
+
+ Multiple names may be assigned to a given OID. For purposes of
+ registration, an OID is to be represented in numeric OID form (e.g.,
+ 1.1.0.23.40) conforming to the ABNF:
+
+ numericoid = number 1*( DOT number )
+
+ While the protocol places no maximum length restriction upon
+ descriptors, they should be short. Descriptors longer than 48
+ characters may be viewed as too long to register.
+
+ A value ending with a hyphen ("-") reserves all descriptors which
+ start with that value. For example, the registration of the option
+ "descrFamily-" reserves all options which start with "descrFamily-"
+ for some related purpose.
+
+ Descriptors beginning with "x-" are for Private Use and cannot be
+ registered.
+
+ Descriptors beginning with "e-" are reserved for experiments and will
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 5]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+ be registered on a First Come First Served basis.
+
+ All other descriptors require Expert Review to be registered.
+
+ The registrant need not "own" the OID being named.
+
+ The OID name space is managed by The ISO/IEC Joint Technical
+ Committee 1 - Subcommittee 6.
+
+
+3.5. AttributeDescription Options
+
+ An AttributeDescription [Models] can contain zero or more options
+ specifying additional semantics. An option SHALL be restricted to a
+ string UTF-8 encoded Unicode characters limited by the following
+ ABNF:
+
+ option = keystring
+
+ Options are case-insensitive.
+
+ While the protocol places no maximum length restriction upon option
+ strings, they should be short. Options longer than 24 characters may
+ be viewed as too long to register.
+
+ Values ending with a hyphen ("-") reserve all option names which
+ start with the name. For example, the registration of the option
+ "optionFamily-" reserves all options which start with "optionFamily-"
+ for some related purpose.
+
+ Options beginning with "x-" are for Private Use and cannot be
+ registered.
+
+ Options beginning with "e-" are reserved for experiments and will be
+ registered on a First Come First Served basis.
+
+ All other options require Standards Action or Expert Review with
+ Specification Required to be registered.
+
+
+3.6. LDAP Message Types
+
+ Each protocol message is encapsulated in an LDAPMessage envelope
+ [Protocol]. The protocolOp CHOICE indicates the type of message
+ encapsulated. Each message type consists of an ASN.1 identifier in
+ the form of a keyword and a non-negative choice number. The choice
+ number is combined with the class (APPLICATION) and data type
+ (CONSTRUCTED or PRIMITIVE) to construct the BER tag in the message's
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 6]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+ encoding. The choice numbers for existing protocol messages are
+ implicit in the protocol's ASN.1 defined in [Protocol].
+
+ New values will be registered upon Standards Action.
+
+ Note: LDAP provides extensible messages which reduces, but does not
+ eliminate, the need to add new message types.
+
+
+3.7. LDAP Authentication Method
+
+ The LDAP Bind operation supports multiple authentication methods
+ [Protocol]. Each authentication choice consists of an ASN.1
+ identifier in the form of a keyword and a non-negative integer.
+
+ The registrant SHALL classify the authentication method usage using
+ one of the following terms:
+
+ COMMON - method is appropriate for common use on the
+ Internet,
+ LIMITED USE - method is appropriate for limited use,
+ OBSOLETE - method has been deprecated or otherwise found to
+ be inappropriate for any use.
+
+ Methods without publicly available specifications SHALL NOT be
+ classified as COMMON. New registrations of class OBSOLETE cannot be
+ registered.
+
+ New authentication method integers in the range 0-1023 require
+ Standards Action to be registered. New authentication method
+ integers in the range 1024-4095 require Expert Review with
+ Specification Required. New authentication method integers in the
+ range 4096-16383 will be registered on a First Come First Served
+ basis. Keywords associated with integers in the range 0-4095 SHALL
+ NOT start with "e-" or "x-". Keywords associated with integers in
+ the range 4096-16383 SHALL start with "e-". Values greater than or
+ equal to 16384 and keywords starting with "x-" are for Private Use
+ and cannot be registered.
+
+ Note: LDAP supports Simple Authentication and Security Layers [SASL]
+ as an authentication choice. SASL is an extensible
+ authentication framework.
+
+
+3.8. LDAP Result Codes
+
+ LDAP result messages carry an resultCode enumerated value to indicate
+ the outcome of the operation [Protocol]. Each result code consists
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 7]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+ of a ASN.1 identifier in the form of a keyword and a non-negative
+ integer.
+
+ New resultCodes integers in the range 0-1023 require Standards Action
+ to be registered. New resultCode integers in the range 1024-4095
+ require Expert Review with Specification Required. New resultCode
+ integers in the range 4096-16383 will be registered on a First Come
+ First Served basis. Keywords associated with integers in the range
+ 0-4095 SHALL NOT start with "e-" or "x-". Keywords associated with
+ integers in the range 4096-16383 SHALL start with "e-". Values
+ greater than or equal to 16384 and keywords starting with "x-" are
+ for Private Use and cannot be registered.
+
+
+3.9. LDAP Search Scope
+
+ LDAP SearchRequest messages carry a scope enumerated value to
+ indicate the extend of search within the DIT [Protocol] Each search
+ value consists of a ASN.1 identifier in the form of a keyword and a
+ non-negative integer.
+
+ New scope integers in the range 0-1023 require Standards Action to be
+ registered. New scope integers in the range 1024-4095 require Expert
+ Review with Specification Required. New scope integers in the range
+ 4096-16383 will be registered on a First Come First Served basis.
+ Keywords associated with integers in the range 0-4095 SHALL NOT start
+ with "e-" or "x-". Keywords associated with integers in the range
+ 4096-16383 SHALL start with "e-". Values greater than or equal to
+ 16384 and keywords starting with "x-" are for Private Use and cannot
+ be registered.
+
+
+3.10. LDAP Filter Choice
+
+ LDAP filters are used in making assertions against an object
+ represented in the directory [Protocol]. The Filter CHOICE indicates
+ a type of assertion. Each Filter CHOICE consists of an ASN.1
+ identifier in the form of a keyword and a non-negative choice number.
+ The choice number is combined with the class (APPLICATION) and data
+ type (CONSTRUCTED or PRIMITIVE) to construct the BER tag in the
+ message's encoding.
+
+ Note: LDAP provides the extensibleMatching choice which reduces, but
+ does not eliminate, the need to add new filter choices.
+
+
+3.11. LDAP ModifyRequest Operation Type
+
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 8]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+ The LDAP ModifyRequest carries a sequence of modification operations
+ [Protocol]. Each kind (e.g., add, delete, replace) of operation is
+ consists of a ASN.1 identifier in the form of a keyword and a
+ non-negative integer.
+
+ New operation type integers in the range 0-1023 require Standards
+ Action to be registered. New operation type integers in the range
+ 1024-4095 require Expert Review with Specification Required. New
+ operation type integers in the range 4096-16383 will be registered on
+ a First Come First Served basis. Keywords associated with integers
+ in the range 0-4095 SHALL NOT start with "e-" or "x-". Keywords
+ associated with integers in the range 4096-16383 SHALL start with
+ "e-". Values greater than or equal to 16384 and keywords starting
+ with "x-" are for Private Use and cannot be registered.
+
+
+3.12. LDAP authzId Prefixes
+
+ Authorization Identities in LDAP are strings conforming to the
+ <authzId> production [AuthMeth]. This production is extensible.
+ Each new specific authorization form is identified by a prefix string
+ conforming to the following ABNF:
+
+ prefix = keystring COLON
+ COLON = %x3A ; COLON (":" U+003A)
+
+ Prefixes are case-insensitive.
+
+ While the protocol places no maximum length restriction upon prefix
+ strings, they should be short. Prefixes longer than 12 characters
+ may be viewed as too long to register.
+
+ Prefixes beginning with "x-" are for Private Use and cannot be
+ registered.
+
+ Prefixes beginning with "e-" are reserved for experiments and will be
+ registered on a First Come First Served basis.
+
+ All other prefixes require Standards Action or Expert Review with
+ Specification Required to be registered.
+
+
+3.13. Directory Systems Names
+
+ The IANA-maintained "Directory Systems Names" registry [IANADSN] of
+ valid keywords for well known attributes was used in the LDAPv2
+ string representation of a distinguished name [RFC1779]. LDAPv2 is
+ now Historic [RFC3494].
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 9]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+ Directory systems names are not known to be used in any other
+ context. LDAPv3 [LDAPDN] uses Object Identifier Descriptors [Section
+ 3.2] (which have a different syntax than directory system names).
+
+ New Directory System Names will no longer be accepted. For
+ historical purposes, the current list of registered names should
+ remain publicly available.
+
+
+4. Registration Procedure
+
+ The procedure given here MUST be used by anyone who wishes to use a
+ new value of a type described in Section 3 of this document.
+
+ The first step is for the requester to fill out the appropriate form.
+ Templates are provided in Appendix A.
+
+ If the policy is Standards Action, the completed form SHOULD be
+ provided to the IESG with the request for Standards Action. Upon
+ approval of the Standards Action, the IESG SHALL forward the request
+ (possibly revised) to IANA. The IESG SHALL be viewed as the owner of
+ all values requiring Standards Action.
+
+ If the policy is Expert Review, the requester SHALL post the
+ completed form to the <directory at apps.ietf.org> mailing list for
+ public review. The review period is two (2) weeks. If a revised
+ form is later submitted, the review period is restarted. Anyone may
+ subscribe to this list by sending a request to
+ <directory-request at apps.ietf.org>. During the review, objections may
+ be raised by anyone (including the Expert) on the list. After
+ completion of the review, the Expert, based upon public comments,
+ SHALL either approve the request and forward it to the IANA OR deny
+ the request. In either case, the Expert SHALL promptly notify the
+ requester of the action. Actions of the Expert may be appealed
+ [RFC2026]. The Expert is appointed by Applications Area Director(s).
+ The requester is viewed as the owner of values registered under
+ Expert Review.
+
+ If the policy is First Come First Served, the requester SHALL submit
+ the completed form directly to the IANA: <iana at iana.org>. The
+ requester is viewed as the owner of values registered under First
+ Come First Served.
+
+ Neither the Expert nor IANA will take position on the claims of
+ copyright or trademarks issues regarding completed forms.
+
+ Prior to submission of the Internet Draft (I-D) to the RFC Editor but
+ after IESG review and tentative approval, the document editor SHOULD
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 10]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+ revise the I-D to use registered values.
+
+
+5. Registration Maintenance
+
+ This section discusses maintenance of registrations.
+
+
+5.1. Lists of Registered Values
+
+ IANA makes lists of registered values readily available to the
+ Internet community on their web site: <http://www.iana.org/>.
+
+
+5.2. Change Control
+
+ The registration owner MAY update the registration subject to the
+ same constraints and review as with new registrations. In cases
+ where the owner is not unable or unwilling to make necessary updates,
+ the IESG MAY assume ownership in order to update the registration.
+
+
+5.3. Comments
+
+ For cases where others (anyone other than the owner) have significant
+ objections to the claims in a registration and the owner does not
+ agree to change the registration, comments MAY be attached to a
+ registration upon Expert Review. For registrations owned by the
+ IESG, the objections SHOULD be addressed by initiating a request for
+ Expert Review.
+
+ The form to these requests is ad hoc, but MUST include the specific
+ objections to be reviewed and SHOULD contain (directly or by
+ reference) materials supporting the objections.
+
+
+6. Security Considerations
+
+ The security considerations detailed in BCP 26 [RFC2434] are
+ generally applicable to this document. Additional security
+ considerations specific to each name space are discussed in Section 3
+ where appropriate.
+
+ Security considerations for LDAP are discussed in documents
+ comprising the technical specification [Roadmap].
+
+
+7. Acknowledgment
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 11]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+ This document is a product of the IETF LDAP Revision (LDAPBIS)
+ Working Group (WG). This document is a revision of RFC 3383, also a
+ product of the LDAPBIS WG.
+
+ This document includes text borrowed from "Guidelines for Writing an
+ IANA Considerations Section in RFCs" [RFC2434] by Thomas Narten and
+ Harald Alvestrand.
+
+
+8. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+9. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+9.1. Normative References
+
+ [RFC2026] Bradner, S., "The Internet Standards Process -- Revision
+ 3", BCP 9 (also RFC 2026), October 1996.
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
+ IANA Considerations Section in RFCs", BCP 26 (also RFC
+ 2434), October 1998.
+
+ [RFC2578] K. McCloghrie, D. Perkins, J. Schoenwaelder, "Structure
+ of Management Information Version 2 (SMIv2)", RFC 2578
+ (STD: 58), April 1999.
+ [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
+ 10646", RFC 3629 (also STD 63), November 2003.
+
+ [ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax
+ Specifications: ABNF", RFC 4234, October 2005.
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 12]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+ [AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods and
+ Connection Level Security Mechanisms",
+ draft-ietf-ldapbis-authmeth-xx.txt, a work in progress.
+
+ [Models] Zeilenga, K. (editor), "LDAP: Directory Information
+ Models", draft-ietf-ldapbis-models-xx.txt, a work in
+ progress.
+
+ [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+ [LDAPURL] Smith, M. (editor), "LDAP: Uniform Resource Locator",
+ draft-ietf-ldapbis-url-xx.txt, a work in progress.
+
+ [Unicode] The Unicode Consortium, "The Unicode Standard, Version
+ 3.2.0" is defined by "The Unicode Standard, Version 3.0"
+ (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5),
+ as amended by the "Unicode Standard Annex #27: Unicode
+ 3.1" (http://www.unicode.org/reports/tr27/) and by the
+ "Unicode Standard Annex #28: Unicode 3.2"
+ (http://www.unicode.org/reports/tr28/).
+
+ [X.680] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Abstract
+ Syntax Notation One (ASN.1) - Specification of Basic
+ Notation", X.680(2002) (also ISO/IEC 8824-1:2002).
+
+
+9.2. Informative References
+
+ [RFC1779] Kille, S., "A String Representation of Distinguished
+ Names", RFC 1779, March 1995.
+
+ [RFC3494] Zeilenga, K., "Lightweight Directory Access Protocol
+ version 2 (LDAPv2) to Historic Status", RFC 3494, March
+ 2003.
+
+ [Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
+ draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.
+
+ [LDAPDN] Zeilenga, K. (editor), "LDAP: String Representation of
+ Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a
+ work in progress.
+
+ [SASL] Melnikov, A. (Editor), "Simple Authentication and
+ Security Layer (SASL)",
+ draft-ietf-sasl-rfc2222bis-xx.txt, a work in progress.
+
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 13]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+ [IANADSN] IANA, "Directory Systems Names",
+ http://www.iana.org/assignments/directory-system-names.
+
+
+Appendix A. Registration Templates
+
+ This appendix provides registration templates for registering new
+ LDAP values. Note that more than one value may be requested by
+ extending the template by listing multiple values, or through use of
+ tables.
+
+
+A.1. LDAP Object Identifier Registration Template
+
+ Subject: Request for LDAP OID Registration
+
+ Person & email address to contact for further information:
+
+ Specification: (I-D)
+
+ Author/Change Controller:
+
+ Comments:
+
+ (Any comments that the requester deems relevant to the request)
+
+
+A.2. LDAP Protocol Mechanism Registration Template
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+
+ Object Identifier:
+
+ Description:
+
+ Person & email address to contact for further information:
+
+ Usage: (One of Control or Extension or Feature or other)
+
+ Specification: (RFC, I-D, URI)
+
+ Author/Change Controller:
+
+ Comments:
+
+ (Any comments that the requester deems relevant to the request)
+
+
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 14]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+A.3. LDAP Syntax Registration Template
+
+ Subject: Request for LDAP Syntax Registration
+
+ Object Identifier:
+
+ Description:
+
+ Person & email address to contact for further information:
+
+ Specification: (RFC, I-D, URI)
+
+ Author/Change Controller:
+
+ Comments:
+
+ (Any comments that the requester deems relevant to the request)
+
+
+A.4. LDAP Descriptor Registration Template
+
+ Subject: Request for LDAP Descriptor Registration
+
+ Descriptor (short name):
+
+ Object Identifier:
+
+ Person & email address to contact for further information:
+
+ Usage: (One of administrative role, attribute type, matching rule,
+ name form, object class, URL extension, or other)
+
+ Specification: (RFC, I-D, URI)
+
+ Author/Change Controller:
+
+ Comments:
+
+ (Any comments that the requester deems relevant to the request)
+
+
+A.5. LDAP Attribute Description Option Registration Template
+
+ Subject: Request for LDAP Attribute Description Option Registration
+
+ Option Name:
+
+ Family of Options: (YES or NO)
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 15]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+ Person & email address to contact for further information:
+
+ Specification: (RFC, I-D, URI)
+
+ Author/Change Controller:
+
+ Comments:
+
+ (Any comments that the requester deems relevant to the request)
+
+
+A.6. LDAP Message Type Registration Template
+
+ Subject: Request for LDAP Message Type Registration
+
+ LDAP Message Name:
+
+ Person & email address to contact for further information:
+
+ Specification: (Approved I-D)
+
+ Comments:
+
+ (Any comments that the requester deems relevant to the request)
+
+
+A.7. LDAP Authentication Method Registration Template
+
+ Subject: Request for LDAP Authentication Method Registration
+
+ Authentication Method Name:
+
+ Person & email address to contact for further information:
+
+ Specification: (RFC, I-D, URI)
+
+ Intended Usage: (One of COMMON, LIMITED-USE, OBSOLETE)
+
+ Author/Change Controller:
+
+ Comments:
+
+ (Any comments that the requester deems relevant to the request)
+
+
+A.8. LDAP Result Code Registration Template
+
+ Subject: Request for LDAP Result Code Registration
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 16]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+ Result Code Name:
+
+ Person & email address to contact for further information:
+
+ Specification: (RFC, I-D, URI)
+
+ Author/Change Controller:
+
+ Comments:
+
+ (Any comments that the requester deems relevant to the request)
+
+
+A.8. LDAP Search Scope Registration Template
+
+ Subject: Request for LDAP Search Scope Registration
+
+ Search Scope Name:
+
+ Filter Scope String:
+
+ Person & email address to contact for further information:
+
+ Specification: (RFC, I-D, URI)
+
+ Author/Change Controller:
+
+ Comments:
+
+ (Any comments that the requester deems relevant to the request)
+
+
+A.9. LDAP Filter Choice Registration Template
+
+ Subject: Request for LDAP Filter Choice Registration
+
+ Filter Choice Name:
+
+ Person & email address to contact for further information:
+
+ Specification: (RFC, I-D, URI)
+
+ Author/Change Controller:
+
+ Comments:
+
+ (Any comments that the requester deems relevant to the request)
+
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 17]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+A.10. LDAP ModifyRequest Operation Registration Template
+
+ Subject: Request for LDAP ModifyRequest Operation Registration
+
+ ModifyRequest Operation Name:
+
+ Person & email address to contact for further information:
+
+ Specification: (RFC, I-D, URI)
+
+ Author/Change Controller:
+
+ Comments:
+
+ (Any comments that the requester deems relevant to the request)
+
+
+Appendix B. Changes since RFC 3383
+
+ This informative appendix provides a summary of changes made since RFC
+ 3383.
+
+ - Object Identifier Descriptors practices were updated to require
+ all descriptors defined in RFCs to be registered and
+ recommending all other descriptors (excepting those in
+ private-use name space) be registered. Additionally, all
+ requests for multiple registrations of the same descriptor are
+ now subject to Expert Review.
+
+ - Protocol Mechanisms practices were updated to include values of
+ the 'supportedFeatures' attribute type.
+
+ - LDAP Syntax, Search Scope, Filter Choice, ModifyRequest
+ operation, and authzId prefixes registries were added.
+ [[Initial values provided in Appendix C. This Appendix is to be
+ removed by the RFC Editor before publication as an RFC.]]
+
+ - References to RFCs comprising the LDAP technical specifications
+ have been updated to latest revisions.
+
+ - References to ISO 10646 have been replaced with [Unicode].
+
+ - The "Assigned Values" appendix providing initial registry values
+ was removed.
+
+ - Numerous editorial changes were made.
+
+
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 18]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+Appendix C. Initial Values for new registries
+
+ This appendix provides initial values for new registries.
+
+
+C.1. LDAP Syntaxes
+
+ Object Identifier Syntax Owner Reference
+ ----------------------------- -------------------------- ----- ---
+ 1.3.6.1.4.1.1466.115.121.1.3 Attribute Type Description IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.6 Bit String IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.7 Boolean IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.11 Country String IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.12 DN IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.14 Delivery Method IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.15 Directory String IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.16 DIT Content Rule Description IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.17 DIT Structure Rule Description IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.21 Enhanced Guide IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.22 Facsimile Telephone Number IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.23 Fax IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.24 Generalized Time IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.25 Guide IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.26 IA5 String IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.27 Integer IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.28 JPEG IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.30 Matching Rule Description IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.31 Matching Rule Use Description IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.34 Name And Optional UID IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.35 Name Form Description IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.36 Numeric String IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.37 Object Class Description IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.38 OID IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.39 Other Mailbox IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.40 Octet String IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.41 Postal Address IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.44 Printable String IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.50 Telephone Number IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.51 Teletex Terminal Identifier IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.52 Telex Number IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.53 UTC Time IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.54 LDAP Syntax Description IESG [Syntaxes]
+ 1.3.6.1.4.1.1466.115.121.1.58 Substring Assertion IESG [Syntaxes]
+
+
+C.2. LDAP Search Scopes
+
+ Name URLString Value Owner Reference
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 19]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+ ---------------- --------- ----- ----- -------------------
+ baseObject base 0 IESG [Protocol][LDAPURL]
+ singleLevel one 1 IESG [Protocol][LDAPURL]
+ wholeSubtree sub 2 IESG [Protocol][LDAPURL]
+
+
+C.3. LDAP Filter Choices
+
+ Name Value Owner Reference
+ ---------------- ----- ----- ---------
+ and 0 IESG [Protocol]
+ or 1 IESG [Protocol]
+ not 2 IESG [Protocol]
+ equalityMatch 3 IESG [Protocol]
+ substrings 4 IESG [Protocol]
+ greaterOrEqual 5 IESG [Protocol]
+ lessOrEqual 6 IESG [Protocol]
+ present 7 IESG [Protocol]
+ approxMatch 8 IESG [Protocol]
+ extensibleMatch 9 IESG [Protocol]
+
+
+C.4. LDAP ModifyRequest Operations
+
+ Name Value Owner Reference
+ ---------------- ----- ----- ---------
+ add 0 IESG [Protocol]
+ delete 1 IESG [Protocol]
+ replace 2 IESG [Protocol]
+
+
+C.5. LDAP authzId prefixes
+
+ Name Prefix Owner Reference
+ ---------------- ------ ----- ---------
+ dnAuthzId dn: IESG [AuthMeth]
+ uAuthzId u: IESG [AuthMeth]
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 20]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-bcp64-06.txt 23 January 2006
+
+
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga IANA Considerations for LDAP [Page 21]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-dn-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-dn-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-dn-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,843 @@
+
+
+
+
+
+INTERNET-DRAFT Editor: Kurt D. Zeilenga
+Intended Category: Standard Track OpenLDAP Foundation
+Expires in six months 10 February 2005
+Obsoletes: RFC 2253
+
+
+
+ LDAP: String Representation of Distinguished Names
+ <draft-ietf-ldapbis-dn-16.txt>
+
+
+
+Status of Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor as a Standard Track document
+ replacing RFC 2253. Distribution of this memo is unlimited.
+ Technical discussion of this document will take place on the IETF LDAP
+ Revision (LDAPBIS) Working Group mailing list
+ <ietf-ldapbis at openldap.org>. Please send editorial comments directly
+ to the document editor <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, I accept the provisions of Section
+ 4 of RFC 3667. By submitting this Internet-Draft, I certify that any
+ applicable patent or other IPR claims of which I am aware have been
+ disclosed, or will be disclosed, and any of which I become aware will
+ be disclosed, in accordance with RFC 3668.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2005). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 1]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
+Abstract
+
+ The X.500 Directory uses distinguished names (DNs) as primary keys to
+ entries in the directory. This document defines the string
+ representation used in the Lightweight Directory Access Protocol
+ (LDAP) to transfer distinguished names. The string representation is
+ designed to give a clean representation of commonly used distinguished
+ names, while being able to represent any distinguished name.
+
+
+1. Background and Intended Usage
+
+ In X.500-based directory systems [X.500], including those accessed
+ using the Lightweight Directory Access Protocol (LDAP) [Roadmap],
+ distinguished names (DNs) are used to unambiguously refer to directory
+ entries [X.501][Models].
+
+ The structure of a DN [X.501] is described in terms of ASN.1 [X.680].
+ In the X.500 Directory Access Protocol [X.511] (and other ITU-defined
+ directory protocols), DNs are encoded using the Basic Encoding Rules
+ (BER) [X.690]. In LDAP, DNs are represented in the string form
+ described in this document.
+
+ It is important to have a common format to be able to unambiguously
+ represent a distinguished name. The primary goal of this
+ specification is ease of encoding and decoding. A secondary goal is
+ to have names that are human readable. It is not expected that LDAP
+ implementations with a human user interface would display these
+ strings directly to the user, but would most likely be performing
+ translations (such as expressing attribute type names in the local
+ national language).
+
+ This document defines the string representation of Distinguished Names
+ used in LDAP [Protocol][Syntaxes]. Section 2 details the RECOMMENDED
+ algorithm for converting a DN from its ASN.1 structured representation
+ to a string. Section 3 details how to convert a DN from a string to a
+ ASN.1 structured representation.
+
+ While other documents may define other algorithms for converting a DN
+ from its ASN.1 structured representation to a string, all algorithms
+ MUST produce strings which adhere to the requirements of Section 3.
+
+ This document does not define a canonical string representation for
+ DNs. Comparison of DNs for equality is to be performed in accordance
+ with the distinguishedNameMatch matching rule [Syntaxes].
+
+ This document is a integral part of the LDAP technical specification
+ [Roadmap] which obsoletes the previously defined LDAP technical
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 2]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
+ specification, RFC 3377, in its entirety. This document obsoletes RFC
+ 2253. Changes since RFC 2253 are summarized in Appendix B.
+
+ This specification assumes familiarity with X.500 [X.500] and the
+ concept of Distinguished Name [X.501][Models].
+
+
+1.1. Conventions
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+ Character names in this document use the notation for code points and
+ names from the Unicode Standard [Unicode]. For example, the letter
+ "a" may be represented as either <U+0061> or <LATIN SMALL LETTER A>.
+
+ Note: a glossary of terms used in Unicode can be found in [Glossary].
+ Information on the Unicode character encoding model can be found in
+ [CharModel].
+
+
+2. Converting DistinguishedName from ASN.1 to a String
+
+ X.501 [X.501] defines the ASN.1 [X.680] structure of distinguished
+ name. The following is a variant provided for discussion purposes.
+
+ DistinguishedName ::= RDNSequence
+
+ RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+ RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
+ AttributeTypeAndValue
+
+ AttributeTypeAndValue ::= SEQUENCE {
+ type AttributeType,
+ value AttributeValue }
+
+ This section defines the RECOMMENDED algorithm for converting a
+ distinguished name from an ASN.1 structured representation to an UTF-8
+ [RFC3629] encoded Unicode [Unicode] character string representation.
+ Other documents may describe other algorithms for converting a
+ distinguished name to a string, but only strings which conform to the
+ grammar defined in Section 3 SHALL be produced by LDAP
+ implementations.
+
+
+2.1. Converting the RDNSequence
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 3]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
+ If the RDNSequence is an empty sequence, the result is the empty or
+ zero length string.
+
+ Otherwise, the output consists of the string encodings of each
+ RelativeDistinguishedName in the RDNSequence (according to Section
+ 2.2), starting with the last element of the sequence and moving
+ backwards toward the first.
+
+ The encodings of adjoining RelativeDistinguishedNames are separated by
+ a comma (',' U+002C) character.
+
+
+2.2. Converting RelativeDistinguishedName
+
+ When converting from an ASN.1 RelativeDistinguishedName to a string,
+ the output consists of the string encodings of each
+ AttributeTypeAndValue (according to Section 2.3), in any order.
+
+ Where there is a multi-valued RDN, the outputs from adjoining
+ AttributeTypeAndValues are separated by a plus sign ('+' U+002B)
+ character.
+
+
+2.3. Converting AttributeTypeAndValue
+
+ The AttributeTypeAndValue is encoded as the string representation of
+ the AttributeType, followed by an equals sign ('=' U+003D) character,
+ followed by the string representation of the AttributeValue. The
+ encoding of the AttributeValue is given in Section 2.4.
+
+ If the AttributeType is defined to have a short name (descriptor)
+ [Models] and that short name is known to be registered
+ [REGISTRY][BCP64bis] as identifying the AttributeType, that short
+ name, a <descr>, is used. Otherwise the AttributeType is encoded as
+ the dotted-decimal encoding, a <numericoid>, of its OBJECT IDENTIFIER.
+ The <descr> and <numericoid> is defined in [Models].
+
+ Implementations are not expected to dynamically update their knowledge
+ of registered short names. However, implementations SHOULD provide a
+ mechanism to allow its knowledge of registered short names to be
+ updated.
+
+
+2.4. Converting an AttributeValue from ASN.1 to a String
+
+ If the AttributeType is of the dotted-decimal form, the AttributeValue
+ is represented by an number sign ('#' U+0023) character followed by
+ the hexadecimal encoding of each of the octets of the BER encoding of
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 4]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
+ the X.500 AttributeValue. This form is also used when the syntax of
+ the AttributeValue does not have a LDAP-specific [Syntaxes, Section
+ 3.1] string encoding defined for it or the LDAP-specific string
+ encoding is not restricted to UTF-8 encoded Unicode characters. This
+ form may also be used in other cases, such as when a reversible string
+ representation is desired (see Section 5.2).
+
+ Otherwise, if the AttributeValue is of a syntax which has a
+ LDAP-specific string encoding, the value is converted first to a UTF-8
+ encoded Unicode string according to its syntax specification (see
+ [Syntaxes, Section 3.3] for examples). If that UTF-8 encoded Unicode
+ string does not have any of the following characters which need
+ escaping, then that string can be used as the string representation of
+ the value.
+
+ - a space (' ' U+0020) or number sign ('#' U+0023) occurring at
+ the beginning of the string;
+
+ - a space (' ' U+0020) character occurring at the end of the
+ string;
+
+ - one of the characters '"', '+', ',', ';', '<', '>', or '\'
+ (U+0022, U+002B, U+002C, U+003B, U+003C, U+003E, or U+005C
+ respectively);
+
+ - the null (U+0000) character.
+
+ Other characters may be escaped.
+
+ Each octet of the character to be escaped is replaced by a backslash
+ and two hex digits, which form a single octet in the code of the
+ character. Alternatively, if and only if the character to be escaped
+ is one of
+
+ ' ', '"', '#', '+', ',', ';', '<', '=', '>', or '\'
+ (U+0020, U+0022, U+0023, U+002B, U+002C, U+003B,
+ U+003C, U+003D, U+003E, U+005C respectively)
+
+ it can be prefixed by a backslash ('\' U+005C).
+
+ Examples of the escaping mechanism are shown in Section 4.
+
+
+3. Parsing a String back to a Distinguished Name
+
+ The string representation of Distinguished Names is restricted to
+ UTF-8 [RFC3629] encoded Unicode [Unicode] characters. The structure
+ of this string representation is specified using the following
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 5]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
+ Augmented BNF [RFC2234] grammar:
+
+ distinguishedName = [ relativeDistinguishedName
+ *( COMMA relativeDistinguishedName ) ]
+ relativeDistinguishedName = attributeTypeAndValue
+ *( PLUS attributeTypeAndValue )
+ attributeTypeAndValue = attributeType EQUALS attributeValue
+ attributeType = descr / numericoid
+ attributeValue = string / hexstring
+
+ ; The following characters are to be escaped when they appear
+ ; in the value to be encoded: ESC, one of <escaped>, leading
+ ; SHARP or SPACE, trailing SPACE, and NULL.
+ string = [ ( leadchar / pair ) [ *( stringchar / pair )
+ ( trailchar / pair ) ] ]
+
+ leadchar = LUTF1 / UTFMB
+ LUTF1 = %x01-1F / %x21 / %x24-2A / %x2D-3A /
+ %x3D / %x3F-5B / %x5D-7F
+
+ trailchar = TUTF1 / UTFMB
+ TUTF1 = %x01-1F / %x21 / %x23-2A / %x2D-3A /
+ %x3D / %x3F-5B / %x5D-7F
+
+ stringchar = SUTF1 / UTFMB
+ SUTF1 = %x01-21 / %x23-2A / %x2D-3A /
+ %x3D / %x3F-5B / %x5D-7F
+
+ pair = ESC ( ESC / special / hexpair )
+ special = escaped / SPACE / SHARP / EQUALS
+ escaped = DQUOTE / PLUS / COMMA / SEMI / LANGLE / RANGLE
+ hexstring = SHARP 1*hexpair
+ hexpair = HEX HEX
+
+ where the productions <descr>, <numericoid>, <COMMA>, <DQUOTE>,
+ <EQUALS>, <ESC>, <HEX>, <LANGLE>, <NULL>, <PLUS>, <RANGLE>, <SEMI>,
+ <SPACE>, <SHARP>, <UTFMB> are defined in [Models].
+
+ Each <attributeType>, either a <descr> or a <numericoid>, refers to an
+ attribute type of an attribute value assertion (AVA). The
+ <attributeType> is followed by a <EQUALS> and an <attributeValue>.
+ The <attributeValue> is either in <string> or <hexstring> form.
+
+ If in <string> form, a LDAP string representation asserted value can
+ be obtained by replacing (left-to-right, non-recursively) each <pair>
+ appearing in the <string> as follows:
+ replace <ESC><ESC> with <ESC>;
+ replace <ESC><special> with <special>;
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 6]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
+ replace <ESC><hexpair> with the octet indicated by the <hexpair>.
+
+ If in <hexstring> form, a BER representation can be obtained from
+ converting each <hexpair> of the <hexstring> to the octet indicated by
+ the <hexpair>.
+
+ One or more attribute values assertions, separated by <PLUS>, for a
+ relative distinguished name.
+
+ Zero or more relative distinguished names, separated by <COMMA>, for a
+ distinguished name.
+
+ Implementations MUST recognize AttributeType name strings
+ (descriptors) listed in the following table, but MAY recognize other
+ name strings.
+
+ String X.500 AttributeType
+ ------ --------------------------------------------
+ CN commonName (2.5.4.3)
+ L localityName (2.5.4.7)
+ ST stateOrProvinceName (2.5.4.8)
+ O organizationName (2.5.4.10)
+ OU organizationalUnitName (2.5.4.11)
+ C countryName (2.5.4.6)
+ STREET streetAddress (2.5.4.9)
+ DC domainComponent (0.9.2342.19200300.100.1.25)
+ UID userId (0.9.2342.19200300.100.1.1)
+
+ Implementations MAY recognize other DN string representations (such as
+ that described in RFC 1779). However, as there is no requirement that
+ alternative DN string representations to be recognized (and, if so,
+ how), implementations SHOULD only generate DN strings in accordance
+ with Section 2 of this document.
+
+
+4. Examples
+
+ This notation is designed to be convenient for common forms of name.
+ This section gives a few examples of distinguished names written using
+ this notation. First is a name containing three relative
+ distinguished names (RDNs):
+
+ UID=jsmith,DC=example,DC=net
+
+ Here is an example name containing three RDNs, in which the first RDN
+ is multi-valued:
+
+ OU=Sales+CN=J. Smith,DC=example,DC=net
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 7]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
+ This example shows the method of escaping of a special characters
+ appearing in a common name:
+
+ CN=James \"Jim\" Smith\, III,DC=example,DC=net
+
+ The following shows the method for encoding a value which contains a
+ carriage return character:
+
+ CN=Before\0dAfter,DC=example,DC=net
+
+ In this RDN example, the type in the RDN is unrecognized, and the
+ value is the BER encoding of an OCTET STRING containing two octets
+ 0x48 and 0x69.
+
+ 1.3.6.1.4.1.1466.0=#04024869
+
+ Finally, this example shows an RDN whose commonName value consisting
+ of 5 letters:
+
+ Unicode Character Code UTF-8 Escaped
+ ------------------------------- ------ ------ --------
+ LATIN CAPITAL LETTER L U+004C 0x4C L
+ LATIN SMALL LETTER U U+0075 0x75 u
+ LATIN SMALL LETTER C WITH CARON U+010D 0xC48D \C4\8D
+ LATIN SMALL LETTER I U+0069 0x69 i
+ LATIN SMALL LETTER C WITH ACUTE U+0107 0xC487 \C4\87
+
+ could be encoded in printable ASCII (useful for debugging purposes)
+ as:
+
+ CN=Lu\C4\8Di\C4\87
+
+
+5. Security Considerations
+
+ The following security considerations are specific to the handling of
+ distinguished names. LDAP security considerations are discussed in
+ [Protocol] and other documents comprising the LDAP Technical
+ Specification [Roadmap].
+
+
+5.1. Disclosure
+
+ Distinguished Names typically consist of descriptive information about
+ the entries they name, which can be people, organizations, devices or
+ other real-world objects. This frequently includes some of the
+ following kinds of information:
+
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 8]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
+ - the common name of the object (i.e. a person's full name)
+ - an email or TCP/IP address
+ - its physical location (country, locality, city, street address)
+ - organizational attributes (such as department name or affiliation)
+
+ In some cases, such information can be considered sensitive. In many
+ countries, privacy laws exist which prohibit disclosure of certain
+ kinds of descriptive information (e.g., email addresses). Hence,
+ servers implementors are encouraged to support DIT structural rules
+ and name forms [Models] as these provide a mechanism for
+ administrators to select appropriate naming attributes for entries.
+ Administrators are encouraged to use these mechanisms, access
+ controls, and other administrative controls which may be available to
+ restrict use of attributes containing sensitive information in naming
+ of entries. Additionally, use of authentication and data security
+ services in LDAP [AuthMeth][Protocol] should be considered.
+
+
+5.2. Use of Distinguished Names in Security Applications
+
+ The transformations of an AttributeValue value from its X.501 form to
+ an LDAP string representation are not always reversible back to the
+ same BER (Basic Encoding Rules) or DER (Distinguished Encoding rules)
+ form. An example of a situation which requires the DER form of a
+ distinguished name is the verification of an X.509 certificate.
+
+ For example, a distinguished name consisting of one RDN with one AVA,
+ in which the type is commonName and the value is of the TeletexString
+ choice with the letters 'Sam' would be represented in LDAP as the
+ string <CN=Sam>. Another distinguished name in which the value is
+ still 'Sam' but of the PrintableString choice would have the same
+ representation <CN=Sam>.
+
+ Applications which require the reconstruction of the DER form of the
+ value SHOULD NOT use the string representation of attribute syntaxes
+ when converting a distinguished name to the LDAP format. Instead,
+ they SHOULD use the hexadecimal form prefixed by the number sign ('#'
+ U+0023) as described in the first paragraph of Section 2.4.
+
+
+6. Acknowledgment
+
+ This document is an update to RFC 2253, by Mark Wahl, Tim Howes, and
+ Steve Kille. RFC 2253 was a product of the IETF ASID Working Group.
+
+ This document is a product of the IETF LDAPBIS Working Group.
+
+
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 9]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
+7. Document Editor's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+8. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+8.1. Normative References
+
+ [X.501] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
+
+ [X.680] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Abstract
+ Syntax Notation One (ASN.1) - Specification of Basic
+ Notation", X.680(1997) (also ISO/IEC 8824-1:1998).
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [RFC2234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
+ Specifications: ABNF", RFC 2234, November 1997.
+
+ [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
+ 10646", RFC 3629 (also STD 63), November 2003.
+
+ [Unicode] The Unicode Consortium, "The Unicode Standard, Version
+ 3.2.0" is defined by "The Unicode Standard, Version 3.0"
+ (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5),
+ as amended by the "Unicode Standard Annex #27: Unicode
+ 3.1" (http://www.unicode.org/reports/tr27/) and by the
+ "Unicode Standard Annex #28: Unicode 3.2"
+ (http://www.unicode.org/reports/tr28/).
+
+ [Models] Zeilenga, K. (editor), "LDAP: Directory Information
+ Models", draft-ietf-ldapbis-models-xx.txt, a work in
+ progress.
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 10]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+ [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+ [Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
+ draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.
+
+ [Schema] Dally, K. (editor), "LDAP: User Schema",
+ draft-ietf-ldapbis-user-schema-xx.txt, a work in
+ progress.
+
+ [REGISTRY] IANA, Object Identifier Descriptors Registry,
+ <http://www.iana.org/...>.
+
+8.2. Informative References
+
+ [ASCII] Coded Character Set--7-bit American Standard Code for
+ Information Interchange, ANSI X3.4-1986.
+
+ [X.500] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Overview of concepts, models and services,"
+ X.500(1993) (also ISO/IEC 9594-1:1994).
+
+ [X.690] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Specification
+ of ASN.1 encoding rules: Basic Encoding Rules (BER),
+ Canonical Encoding Rules (CER), and Distinguished
+ Encoding Rules (DER)", X.690(1997) (also ISO/IEC
+ 8825-1:1998).
+
+ [RFC2849] Good, G., "The LDAP Data Interchange Format (LDIF) -
+ Technical Specification", RFC 2849, June 2000.
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+ [CharModel] Whistler, K. and M. Davis, "Unicode Technical Report
+ #17, Character Encoding Model", UTR17,
+ <http://www.unicode.org/unicode/reports/tr17/>, August
+ 2000.
+
+ [Glossary] The Unicode Consortium, "Unicode Glossary",
+ <http://www.unicode.org/glossary/>.
+
+
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 11]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
+Appendix A. Presentation Issues
+
+ This appendix is provided for informational purposes only, it is not a
+ normative part of this specification.
+
+ The string representation described in this document is not intended
+ to be presented to humans without translation. However, at times it
+ may be desirable to present non-translated DN strings to users. This
+ section discusses presentation issues associated with non-translated
+ DN strings. Presentation of translated DN strings issues are not
+ discussed in this appendix. Transcoding issues are also not discussed
+ in this appendix.
+
+ This appendix provides guidance for applications presenting DN strings
+ to users. This section is not comprehensive, it does not discuss all
+ presentation issues which implementors may face.
+
+ Not all user interfaces are capable of displaying the full set of
+ Unicode characters. Some Unicode characters are not displayable.
+
+ It is recommended that human interfaces use the optional hex pair
+ escaping mechanism (Section 2.3) to produce a string representation
+ suitable for display to the user. For example, an application can
+ generate a DN string for display which escapes all non-printable
+ characters appearing in the AttributeValue's string representation (as
+ demonstrated in the final example of Section 4).
+
+ When a DN string is displayed in free form text, it is often necessary
+ to distinguish the DN string from surrounding text. While this is
+ often done with white space (as demonstrated in Section 4), it is
+ noted that DN strings may end with white space. Careful readers of
+ Section 3 will note that characters '<' (U+003C) and '>' (U+003E) may
+ only appear in the DN string if escaped. These characters are
+ intended to be used in free form text to distinguish a DN string from
+ surrounding text. For example, <CN=Sam\ > distinguished the string
+ representation of the DN comprised of one RDN consisting of the AVA:
+ the commonName (CN) value 'Sam ' from the surrounding text. It should
+ be noted to the user that the wrapping '<' and '>' characters are not
+ part of the DN string.
+
+ DN strings can be quite long. It is often desirable to line-wrap
+ overly long DN strings in presentations. Line wrapping should be done
+ by inserting white space after the RDN separator character or, if
+ necessary, after the AVA separator character. It should be noted to
+ the user that the inserted white space is not part of the DN string
+ and is to be removed before use in LDAP. For example,
+
+ The following DN string is long:
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 12]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
+ CN=Kurt D. Zeilenga,OU=Engineering,L=Redwood Shores,
+ O=OpenLDAP Foundation,ST=California,C=US
+ so it has been line-wrapped for readability. The extra white
+ space is to be removed before the DN string is used in LDAP.
+
+ It is not advised to insert white space otherwise as it may not be
+ obvious to the user which white space is part of the DN string and
+ which white space was added for readability.
+
+ Another alternative is to use the LDAP Data Interchange Format (LDIF)
+ [RFC2849]. For example,
+
+ # This entry has a long DN...
+ dn: CN=Kurt D. Zeilenga,OU=Engineering,L=Redwood Shores,
+ O=OpenLDAP Foundation,ST=California,C=US
+ CN: Kurt D. Zeilenga
+ SN: Zeilenga
+ objectClass: person
+
+
+Appendix B. Changes made since RFC 2253
+
+ This appendix is provided for informational purposes only, it is not a
+ normative part of this specification.
+
+ The following substantive changes were made to RFC 2253:
+ - Removed IESG Note. The IESG Note has been addressed.
+ - Replaced all references to ISO 10646-1 with [Unicode].
+ - Clarified (in Section 1) that this document does not define a
+ canonical string representation.
+ - Clarified that Section 2 describes the RECOMMENDED encoding
+ algorithm and that alternative algorithms are allowed. Some
+ encoding options described in RFC 2253 are now treated as
+ alternative algorithms in this specification.
+ - Revised specification (in Section 2) to allow short names of any
+ registered attribute type to appear in string representations of
+ DNs instead of being restricted to a "published table". Remove
+ "as an example" language. Added statement (in Section 3) allowing
+ recognition of additional names but require recognization of those
+ names in the published table. The table is now published in
+ Section 3.
+ - Removed specification of additional requirements for LDAPv2
+ implementations which also support LDAPv3 (RFC 2253, Section 4) as
+ LDAPv2 is now Historic.
+ - Allow recognition of alternative string representations.
+ - Updated Section 2.4 to allow hex pair escaping of all characters
+ and clarified escaping for when multiple octet UTF-8 encodings are
+ present. Indicated that null (U+0000) character is to be escaped.
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 13]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
+ Indicated that equals sign ('=' U+003D) character may be escaped
+ as '\='.
+ - Rewrote Section 3 to use ABNF as defined in RFC 2234.
+ - Updated the Section 3 ABNF. Changes include:
+ + allow AttributeType short names of length 1 (e.g., 'L'),
+ + use more restrictive <oid> production in AttributeTypes,
+ + do not require escaping of equals sign ('=' U+003D) characters,
+ + do not require escaping of non-leading number sign ('#' U+0023)
+ characters,
+ + allow space (' ' U+0020) to escaped as '\ ',
+ + require hex escaping of null (U+0000) characters, and
+ + removed LDAPv2-only constructs.
+ - Updated Section 3 to describe how to parse elements of the
+ grammar.
+ - Rewrote examples.
+ - Added reference to documentations containing general LDAP security
+ considerations.
+ - Added discussion of presentation issues (Appendix A).
+ - Added this appendix.
+
+ In addition, numerous editorial changes were made.
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 14]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2005). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 15]
+�
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-filter-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-filter-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-filter-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,724 @@
+Network Working Group M. Smith, Editor
+Request for Comments: DRAFT Pearl Crescent, LLC
+Obsoletes: RFC 2254 T. Howes
+Expires: 16 May 2005 Opsware, Inc.
+ 16 November 2004
+
+
+ LDAP: String Representation of Search Filters
+ <draft-ietf-ldapbis-filter-09.txt>
+
+
+
+Status of this Memo
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she become
+ aware will be disclosed, in accordance with RFC 3668.
+
+ This document is intended to be published as a Standards Track RFC,
+ replacing RFC 2254. Distribution of this memo is unlimited.
+ Technical discussion of this document will take place on the IETF
+ LDAP (v3) Revision (ldapbis) Working Group mailing list
+ <ietf-ldapbis at openldap.org>. Please send editorial comments directly
+ to the editor <mcs at pearlcrescent.com>.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as
+ Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than a "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+ Copyright (C) The Internet Society (2004). All Rights Reserved.
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 1]
+
+INTERNET-DRAFT LDAP: String Repres. of Search Filters 16 November 2004
+
+
+Abstract
+
+ LDAP search filters are transmitted in the LDAP protocol using a
+ binary representation that is appropriate for use on the network.
+ This document defines a human-readable string representation of LDAP
+ search filters that is appropriate for use in LDAP URLs [LDAPURL] and
+ in other applications.
+
+Table of Contents
+
+ Status of this Memo............................................1
+ Abstract.......................................................2
+ Table of Contents..............................................2
+1. Introduction...................................................2
+2. LDAP Search Filter Definition..................................3
+3. String Search Filter Definition................................4
+4. Examples.......................................................6
+5. Security Considerations........................................7
+6. IANA Considerations............................................7
+7. Normative References...........................................7
+8. Informative References.........................................8
+9. Acknowledgments................................................8
+10. Authors' Addresses.............................................9
+11. Appendix A: Changes Since RFC 2254.............................9
+11.1. Technical Changes...........................................9
+11.2. Editorial Changes...........................................10
+12. Appendix B: Changes Since Previous Document Revision...........11
+12.1. Technical Changes...........................................11
+12.2. Editorial Changes...........................................12
+ Intellectual Property Rights...................................12
+ Full Copyright.................................................13
+
+1. Introduction
+
+ The Lightweight Directory Access Protocol (LDAP) [Roadmap] defines a
+ network representation of a search filter transmitted to an LDAP
+ server. Some applications may find it useful to have a common way of
+ representing these search filters in a human-readable form; LDAP URLs
+ are an example of one such application. This document defines a
+ human-readable string format for representing the full range of
+ possible LDAP version 3 search filters, including extended match
+ filters.
+
+ This document is a integral part of the LDAP technical specification
+ [Roadmap] which obsoletes the previously defined LDAP technical
+ specification, RFC 3377, in its entirety.
+
+
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 2]
+
+INTERNET-DRAFT LDAP: String Repres. of Search Filters 16 November 2004
+
+
+ This document replaces RFC 2254. Changes to RFC 2254 are summarized
+ in Appendix A.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+2. LDAP Search Filter Definition
+
+ An LDAP search filter is defined in Section 4.5.1 of [Protocol] as
+ follows:
+
+ Filter ::= CHOICE {
+ and [0] SET SIZE (1..MAX) OF filter Filter,
+ or [1] SET SIZE (1..MAX) OF filter Filter,
+ not [2] Filter,
+ equalityMatch [3] AttributeValueAssertion,
+ substrings [4] SubstringFilter,
+ greaterOrEqual [5] AttributeValueAssertion,
+ lessOrEqual [6] AttributeValueAssertion,
+ present [7] AttributeDescription,
+ approxMatch [8] AttributeValueAssertion,
+ extensibleMatch [9] MatchingRuleAssertion }
+
+ SubstringFilter ::= SEQUENCE {
+ type AttributeDescription,
+ -- initial and final can occur at most once
+ substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE {
+ initial [0] AssertionValue,
+ any [1] AssertionValue,
+ final [2] AssertionValue } }
+
+ AttributeValueAssertion ::= SEQUENCE {
+ attributeDesc AttributeDescription,
+ assertionValue AssertionValue }
+
+ MatchingRuleAssertion ::= SEQUENCE {
+ matchingRule [1] MatchingRuleId OPTIONAL,
+ type [2] AttributeDescription OPTIONAL,
+ matchValue [3] AssertionValue,
+ dnAttributes [4] BOOLEAN DEFAULT FALSE }
+
+ AttributeDescription ::= LDAPString
+ -- Constrained to <attributedescription>
+ -- [Models]
+
+ AttributeValue ::= OCTET STRING
+
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 3]
+
+INTERNET-DRAFT LDAP: String Repres. of Search Filters 16 November 2004
+
+
+ MatchingRuleId ::= LDAPString
+
+ AssertionValue ::= OCTET STRING
+
+ LDAPString ::= OCTET STRING -- UTF-8 encoded,
+ -- [Unicode] characters
+
+ The AttributeDescription, as defined in [Protocol], is a string
+ representation of the attribute description that is discussed in
+ [Models]. The AttributeValue and AssertionValue OCTET STRING have
+ the form defined in [Syntaxes]. The Filter is encoded for
+ transmission over a network using the Basic Encoding Rules (BER)
+ defined in [X.690], with simplifications described in [Protocol].
+
+3. String Search Filter Definition
+
+ The string representation of an LDAP search filter is a string of
+ UTF-8 [RFC3629] encoded Unicode characters [Unicode] that is defined
+ by the following grammar, following the ABNF notation defined in
+ [RFC2234]. The productions used that are not defined here are
+ defined in section 1.4 (Common ABNF Productions) of [Models] unless
+ otherwise noted. The filter format uses a prefix notation.
+
+ filter = LPAREN filtercomp RPAREN
+ filtercomp = and / or / not / item
+ and = AMPERSAND filterlist
+ or = VERTBAR filterlist
+ not = EXCLAMATION filter
+ filterlist = 1*filter
+ item = simple / present / substring / extensible
+ simple = attr filtertype assertionvalue
+ filtertype = equal / approx / greaterorequal / lessorequal
+ equal = EQUALS
+ approx = TILDE EQUALS
+ greaterorequal = RANGLE EQUALS
+ lessorequal = LANGLE EQUALS
+ extensible = ( attr [dnattrs]
+ [matchingrule] COLON EQUALS assertionvalue )
+ / ( [dnattrs]
+ matchingrule COLON EQUALS assertionvalue )
+ present = attr EQUALS ASTERISK
+ substring = attr EQUALS [initial] any [final]
+ initial = assertionvalue
+ any = ASTERISK *(assertionvalue ASTERISK)
+ final = assertionvalue
+ attr = attributedescription
+ ; The attributedescription rule is defined in
+ ; Section 2.5 of [Models].
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 4]
+
+INTERNET-DRAFT LDAP: String Repres. of Search Filters 16 November 2004
+
+
+ dnattrs = COLON "dn"
+ matchingrule = COLON oid
+ assertionvalue = valueencoding
+ ; The <valueencoding> rule is used to encode an <AssertionValue>
+ ; from Section 4.1.6 of [Protocol].
+ valueencoding = 0*(normal / escaped)
+ normal = UTF1SUBSET / UTFMB
+ escaped = ESC HEX HEX
+ UTF1SUBSET = %x01-27 / %x2B-5B / %x5D-7F
+ ; UTF1SUBSET excludes 0x00 (NUL), LPAREN,
+ ; RPAREN, ASTERISK, and ESC.
+ EXCLAMATION = %x21 ; exclamation mark ("!")
+ AMPERSAND = %x26 ; ampersand (or AND symbol) ("&")
+ ASTERISK = %x2A ; asterisk ("*")
+ COLON = %x3A ; colon (":")
+ VERTBAR = %x7C ; vertical bar (or pipe) ("|")
+ TILDE = %x7E ; tilde ("~")
+
+
+ Note that although both the <substring> and <present> productions in
+ the grammar above can produce the "attr=*" construct, this construct
+ is used only to denote a presence filter.
+
+ The <valueencoding> rule ensures that the entire filter string is a
+ valid UTF-8 string and provides that the octets that represent the
+ ASCII characters "*" (ASCII 0x2a), "(" (ASCII 0x28), ")" (ASCII
+ 0x29), "\" (ASCII 0x5c), and NUL (ASCII 0x00) are represented as a
+ backslash "\" (ASCII 0x5c) followed by the two hexadecimal digits
+ representing the value of the encoded octet.
+
+ This simple escaping mechanism eliminates filter-parsing ambiguities
+ and allows any filter that can be represented in LDAP to be
+ represented as a NUL-terminated string. Other octets that are part of
+ the <normal> set may be escaped using this mechanism, for example,
+ non-printing ASCII characters.
+
+ For AssertionValues that contain UTF-8 character data, each octet of
+ the character to be escaped is replaced by a backslash and two hex
+ digits, which form a single octet in the code of the character. For
+ example, the filter checking whether the "cn" attribute contained a
+ value with the character "*" anywhere in it would be represented as
+ "(cn=*\2a*)".
+
+ As indicated by the <valueencoding> rule, implementations MUST escape
+ all octets greater than 0x7F that are not part of a valid UTF-8
+ encoding sequence when they generate a string representation of a
+ search filter. Implementations SHOULD accept as input strings that
+ are not valid UTF-8 strings. This is necessary because RFC 2254 did
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 5]
+
+INTERNET-DRAFT LDAP: String Repres. of Search Filters 16 November 2004
+
+
+ not clearly define the term "string representation" (and in
+ particular did not mention that the string representation of an LDAP
+ search filter is a string of UTF-8 encoded Unicode characters).
+
+4. Examples
+
+ This section gives a few examples of search filters written using
+ this notation.
+
+ (cn=Babs Jensen)
+ (!(cn=Tim Howes))
+ (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))
+ (o=univ*of*mich*)
+ (seeAlso=)
+
+ The following examples illustrate the use of extensible matching.
+
+ (cn:caseExactMatch:=Fred Flintstone)
+ (cn:=Betty Rubble)
+ (sn:dn:2.4.6.8.10:=Barney Rubble)
+ (o:dn:=Ace Industry)
+ (:1.2.3:=Wilma Flintstone)
+ (:DN:2.4.6.8.10:=Dino)
+
+ The first example shows use of the matching rule "caseExactMatch."
+
+ The second example demonstrates use of a MatchingRuleAssertion form
+ without a matchingRule.
+
+ The third example illustrates the use of the ":oid" notation to
+ indicate that matching rule identified by the OID "2.4.6.8.10" should
+ be used when making comparisons, and that the attributes of an
+ entry's distinguished name should be considered part of the entry
+ when evaluating the match (indicated by the use of ":dn").
+
+ The fourth example denotes an equality match, except that DN
+ components should be considered part of the entry when doing the
+ match.
+
+ The fifth example is a filter that should be applied to any attribute
+ supporting the matching rule given (since the <attr> has been
+ omitted).
+
+ The sixth and final example is also a filter that should be applied
+ to any attribute supporting the matching rule given. Attributes
+ supporting the matching rule contained in the DN should also be
+ considered.
+
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 6]
+
+INTERNET-DRAFT LDAP: String Repres. of Search Filters 16 November 2004
+
+
+ The following examples illustrate the use of the escaping mechanism.
+
+ (o=Parens R Us \28for all your parenthetical needs\29)
+ (cn=*\2A*)
+ (filename=C:\5cMyFile)
+ (bin=\00\00\00\04)
+ (sn=Lu\c4\8di\c4\87)
+ (1.3.6.1.4.1.1466.0=\04\02\48\69)
+
+ The first example shows the use of the escaping mechanism to
+ represent parenthesis characters. The second shows how to represent a
+ "*" in an assertion value, preventing it from being interpreted as a
+ substring indicator. The third illustrates the escaping of the
+ backslash character.
+
+ The fourth example shows a filter searching for the four octet value
+ 00 00 00 04 (hex), illustrating the use of the escaping mechanism to
+ represent arbitrary data, including NUL characters.
+
+ The fifth example illustrates the use of the escaping mechanism to
+ represent various non-ASCII UTF-8 characters. Specifically, there are
+ 5 characters in the <assertionvalue> portion of this example: LATIN
+ CAPITAL LETTER L (U+004C), LATIN SMALL LETTER U (U+0075), LATIN SMALL
+ LETTER C WITH CARON (U+010D), LATIN SMALL LETTER I (U+0069), and
+ LATIN SMALL LETTER C WITH ACUTE (U+0107).
+
+ The sixth and final example demonstrates assertion of a BER encoded
+ value.
+
+5. Security Considerations
+
+ This memo describes a string representation of LDAP search filters.
+ While the representation itself has no known security implications,
+ LDAP search filters do. They are interpreted by LDAP servers to
+ select entries from which data is retrieved. LDAP servers should
+ take care to protect the data they maintain from unauthorized access.
+
+ Please refer to the Security Considerations sections of [Protocol]
+ and [AuthMeth] for more information.
+
+6. IANA Considerations
+
+ This document has no actions for IANA.
+
+7. Normative References
+
+[AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods and
+ Connection Level Security Mechanisms",
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 7]
+
+INTERNET-DRAFT LDAP: String Repres. of Search Filters 16 November 2004
+
+
+ draft-ietf-ldapbis-authmeth-xx.txt, a work in progress.
+
+[Models] Zeilenga, K. (editor), "LDAP: Directory Information Models",
+ draft-ietf-ldapbis-models-xx.txt, a work in progress.
+
+[Protocol] draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+[RFC2119] S. Bradner, "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+[RFC2234] Crocker, D., Overell, P., "Augmented BNF for Syntax
+ Specifications: ABNF", RFC 2234, November 1997.
+
+[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
+ RFC 3629, November 2003.
+
+[Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification Road
+ Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in progress.
+
+[Syntaxes] Dally, K. (editor), "LDAP: Syntaxes",
+ draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.
+
+[Unicode] The Unicode Consortium, "The Unicode Standard, Version
+ 3.2.0" is defined by "The Unicode Standard, Version 3.0"
+ (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5), as
+ amended by the "Unicode Standard Annex #27: Unicode 3.1"
+ (http://www.unicode.org/reports/tr27/) and by the "Unicode
+ Standard Annex #28: Unicode 3.2."
+
+8. Informative References
+
+[LDAPURL] Smith, M. (editor), "LDAP: Uniform Resource Locator",
+ draft-ietf-ldapbis-url-xx.txt, a work in progress.
+
+[X.690] Specification of ASN.1 encoding rules: Basic, Canonical, and
+ Distinguished Encoding Rules, ITU-T Recommendation X.690,
+ 1994.
+
+9. Acknowledgments
+
+ This document replaces RFC 2254 by Tim Howes. RFC 2254 was a product
+ of the IETF ASID Working Group.
+
+ Changes included in this revised specification are based upon
+ discussions among the authors, discussions within the LDAP (v3)
+ Revision Working Group (ldapbis), and discussions within other IETF
+ Working Groups. The contributions of individuals in these working
+ groups is gratefully acknowledged.
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 8]
+
+INTERNET-DRAFT LDAP: String Repres. of Search Filters 16 November 2004
+
+
+10. Authors' Addresses
+
+ Mark Smith, Editor
+ Pearl Crescent, LLC
+ 447 Marlpool Dr.
+ Saline, MI 48176
+ USA
+ +1 734 944-2856
+ mcs at pearlcrescent.com
+
+
+ Tim Howes
+ Opsware, Inc.
+ 599 N. Mathilda Ave.
+ Sunnyvale, CA 94085
+ USA
+ +1 408 744-7509
+ howes at opsware.com
+
+11. Appendix A: Changes Since RFC 2254
+
+11.1. Technical Changes
+
+ Replaced [ISO 10646] reference with [Unicode].
+
+ The following technical changes were made to the contents of the
+ "String Search Filter Definition" section:
+
+ Added statement that the string representation is a string of UTF-8
+ encoded Unicode characters.
+
+ Revised all of the ABNF to use common productions from [Models].
+
+ Replaced the "value" rule with a new "assertionvalue" rule within the
+ "simple", "extensible", and "substring" ("initial", "any", and
+ "final") rules. This matches a change made in [Syntaxes].
+
+ Added "(" and ")" around the components of the <extensible>
+ subproductions for clarity.
+
+ Revised the "attr", "matchingrule", and "assertionvalue" ABNF to more
+ precisely reference productions from the [Models] and [Protocol]
+ documents.
+
+ "String Search Filter Definition" section: replaced "greater" and
+ "less" with "greaterorequal" and "lessorequal" to avoid confusion.
+
+
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 9]
+
+INTERNET-DRAFT LDAP: String Repres. of Search Filters 16 November 2004
+
+
+ Introduced the "valueencoding" and associated "normal" and "escaped"
+ rules to reduce the dependence on descriptive text. The "normal"
+ production restricts filter strings to valid UTF-8 sequences.
+
+ Added a statement about expected behavior in light of RFC 2254's lack
+ of a clear definition of "string representation."
+
+
+
+11.2. Editorial Changes
+
+ Changed document title to include "LDAP:" prefix.
+
+ IESG Note: removed note about lack of satisfactory mandatory
+ authentication mechanisms.
+
+ Header and "Authors' Addresses" sections: added Mark Smith as the
+ document editor and updated affiliation and contact information.
+
+ "Table of Contents", "IANA Considerations", and "Intellectual
+ Property Rights" sections: added.
+
+ Copyright: updated per latest IETF guidelines.
+
+ "Abstract" section: separated from introductory material.
+
+ "Introduction" section: new section; separated from the Abstract.
+ Updated second paragraph to indicate that RFC 2254 is replaced by
+ this document (instead of RFC 1960). Added reference to the [Roadmap]
+ document.
+
+ "LDAP Search Filter Definition" section: made corrections to the LDAP
+ search filter ABNF so it matches that used in [Protocol].
+
+ Clarified the definition of 'value' (now 'assertionvalue') to take
+ into account the fact that it is not precisely an AttributeAssertion
+ from [Protocol] section 4.1.6 (special handling is required for some
+ characters). Added a note that each octet of a character to be
+ escaped is replaced by a backslash and two hex digits, which
+ represent a single octet.
+
+ "Examples" section: added four additional examples: (seeAlso=),
+ (cn:=Betty Rubble), (:1.2.3:=Wilma Flintstone), and
+ (1.3.6.1.4.1.1466.0=\04\02\48\69). Replaced one occurrence of "a
+ value" with "an assertion value". Corrected the description of this
+ example: (sn:dn:2.4.6.8.10:=Barney Rubble). Replaced the numeric OID
+ in the first extensible match example with "caseExactMatch" to
+ demonstrate use of the descriptive form. Used "DN" (uppercase) in
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 10]
+
+INTERNET-DRAFT LDAP: String Repres. of Search Filters 16 November 2004
+
+
+ the last extensible match example to remind the reader to treat the
+ <dnattrs> production as case insensitive. Reworded the description
+ of the fourth escaping mechanism example to avoid making assumptions
+ about byte order. Added text to the fifth escaping mechanism example
+ to spell out what the non-ASCII characters are in Unicode terms.
+
+ "Security Considerations" section: added references to [Protocol] and
+ [AuthMeth].
+
+ "Normative References" section: renamed from "References" per new RFC
+ guidelines. Changed from [1] style to [Protocol] style throughout the
+ document. Added entries for [Unicode], [RFC2119], [AuthMeth],
+ [Models], and [Roadmap] and updated the UTF-8 reference. Replaced
+ RFC 822 reference with a reference to RFC 2234.
+
+ "Informative References" section: (new section) moved [X.690] to this
+ section. Added a reference to [LDAPURL].
+
+ "Acknowledgments" section: added.
+
+ "Appendix A: Changes Since RFC 2254" section: added.
+
+ "Appendix B: Changes Since Previous Document Revision" section:
+ added.
+
+ Surrounded the names of all ABNF productions with "<" and ">" where
+ they are used in descriptive text.
+
+ Replaced all occurrences of "LDAPv3" with "LDAP."
+
+
+12. Appendix B: Changes Since Previous Document Revision
+
+ This appendix lists all changes relative to the previously published
+ revision, draft-ietf-ldapbis-filter-08.txt. Note that when
+ appropriate these changes are also included in Appendix A, but are
+ also included here for the benefit of the people who have already
+ reviewed draft-ietf-ldapbis-filter-08.txt. This section will be
+ removed before this document is published as an RFC.
+
+
+12.1. Technical Changes
+
+ Removed the third option from the "extensible" production that
+ allowed creation of a MatchingRuleAssertion that only had a
+ matchValue (disallowed By [Protocol]). Added "(" and ")" around the
+ components of the <extensible> subproductions for clarity.
+
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 11]
+
+INTERNET-DRAFT LDAP: String Repres. of Search Filters 16 November 2004
+
+
+12.2. Editorial Changes
+
+ "Introduction" section: referenced [Roadmap] upon first use of LDAP
+ and expanded the paragraph that begins "This document is an integral
+ part of the LDAP technical specification..." to match the text used
+ in [Protocol].
+
+ "LDAP Search Filter Definition" section: reworded the last paragraph
+ for clarity.
+
+ "Examples" section: Replaced the numeric OID in the first extensible
+ match example with "caseExactMatch" to demonstrate use of the
+ descriptive form. Used "DN" (uppercase) in the last extensible match
+ example to remind the reader to treat the <dnattrs> production as
+ case insensitive. Reworded the description of the fourth escaping
+ mechanism example to avoid making assumptions about byte order.
+ Added text to the fifth escaping mechanism example to spell out what
+ the non-ASCII characters are in Unicode terms.
+
+ References: added [LDAPURL] and moved [X.690] to "Informative
+ References."
+
+ "Acknowledgements" section: added the sentence "RFC 2254 was a
+ product of the IETF ASID Working Group."
+
+ Changed these two sections to unnumbered ones: "Intellectual Property
+ Rights" and "Full Copyright."
+
+ Surrounded the names of all ABNF productions with "<" and ">" where
+ they are used in descriptive text.
+
+ Replaced all occurrences of "LDAPv3" with "LDAP."
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 12]
+
+INTERNET-DRAFT LDAP: String Repres. of Search Filters 16 November 2004
+
+
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2004). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+This Internet Draft expires on 16 May 2005.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 13]
\ No newline at end of file
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-models-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-models-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-models-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2857 @@
+
+
+
+
+INTERNET-DRAFT Editor: Kurt D. Zeilenga
+Intended Category: Standard Track OpenLDAP Foundation
+Expires in six months 21 February 2005
+Obsoletes: RFC 2251, RFC 2252, RFC 2256, RFC 3674
+
+
+
+ LDAP: Directory Information Models
+ <draft-ietf-ldapbis-models-14.txt>
+
+
+
+Status of this Memo
+
+ This document is intended to be published as a Standard Track RFC.
+ Distribution of this memo is unlimited. Technical discussion of this
+ document will take place on the IETF LDAP Revision Working Group
+ mailing list <ietf-ldapbis at openldap.org>. Please send editorial
+ comments directly to the editor <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, I accept the provisions of Section
+ 4 of RFC 3667. By submitting this Internet-Draft, I certify that any
+ applicable patent or other IPR claims of which I am aware have been
+ disclosed, or will be disclosed, and any of which I become aware will
+ be disclosed, in accordance with RFC 3668.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2005). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+
+
+Zeilenga LDAP Models [Page 1]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+Abstract
+
+ The Lightweight Directory Access Protocol (LDAP) is an Internet
+ protocol for accessing distributed directory services which act in
+ accordance with X.500 data and service models. This document
+ describes the X.500 Directory Information Models, as used in LDAP.
+
+Table of Contents
+
+ Status of this Memo 1
+ Abstract 2
+ Table of Contents
+ 1. Introduction 3
+ 1.1. Relationship to Other LDAP Specifications
+ 1.2. Relationship to X.501 4
+ 1.3. Conventions
+ 1.4. Common ABNF Productions
+ 2. Model of Directory User Information 6
+ 2.1. The Directory Information Tree 7
+ 2.2. Structure of an Entry
+ 2.3. Naming of Entries 8
+ 2.4. Object Classes 9
+ 2.5. Attribute Descriptions 12
+ 2.6. Alias Entries 16
+ 3. Directory Administrative and Operational Information 17
+ 3.1. Subtrees
+ 3.2. Subentries 18
+ 3.3. The 'objectClass' attribute
+ 3.4. Operational attributes 19
+ 4. Directory Schema 22
+ 4.1. Schema Definitions 23
+ 4.2. Subschema Subentries 32
+ 4.3. 'extensibleObject' 35
+ 4.4. Subschema Discovery 36
+ 5. DSA (Server) Informational Model
+ 5.1. Server-specific Data Requirements 37
+ 6. Other Considerations 40
+ 6.1. Preservation of User Information 41
+ 6.2. Short Names
+ 6.3. Cache and Shadowing
+ 7. Implementation Guidelines 42
+ 7.1. Server Guidelines
+ 7.2. Client Guidelines
+ 8. Security Considerations 43
+ 9. IANA Considerations
+ 10. Acknowledgments 44
+ 11. Editor's Address
+ 12. References
+
+
+
+Zeilenga LDAP Models [Page 2]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ 12.1. Normative References 45
+ 12.2. Informative References
+ Appendix A. Changes
+ Intellectual Property Rights 51
+ Full Copyright
+
+
+1. Introduction
+
+ This document discusses the X.500 Directory Information Models
+ [X.501], as used by the Lightweight Directory Access Protocol (LDAP)
+ [Roadmap].
+
+ The Directory is "a collection of open systems cooperating to provide
+ directory services" [X.500]. The information held in the Directory is
+ collectively known as the Directory Information Base (DIB). A
+ Directory user, which may be a human or other entity, accesses the
+ Directory through a client (or Directory User Agent (DUA)). The
+ client, on behalf of the directory user, interacts with one or more
+ servers (or Directory System Agents (DSA)). A server holds a fragment
+ of the DIB.
+
+ The DIB contains two classes of information:
+
+ 1) user information (e.g., information provided and administrated
+ by users). Section 2 describes the Model of User Information.
+
+ 2) administrative and operational information (e.g., information
+ used to administer and/or operate the directory). Section 3
+ describes the model of Directory Administrative and Operational
+ Information.
+
+ These two models, referred to as the generic Directory Information
+ Models, describe how information is represented in the Directory.
+ These generic models provide a framework for other information models.
+ Section 4 discusses the subschema information model and subschema
+ discovery. Section 5 discusses the DSA (Server) Informational Model.
+
+ Other X.500 information models, such as access control distribution
+ knowledge, and replication knowledge information models, may be
+ adapted for use in LDAP. Specification of how these models apply to
+ LDAP is left to future documents.
+
+
+1.1. Relationship to Other LDAP Specifications
+
+ This document is a integral part of the LDAP technical specification
+ [Roadmap] which obsoletes the previously defined LDAP technical
+
+
+
+Zeilenga LDAP Models [Page 3]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ specification, RFC 3377, in its entirety.
+
+ This document obsoletes RFC 2251 sections 3.2 and 3.4, as well as
+ portions of sections 4 and 6. Appendix A.1 summarizes changes to
+ these sections. The remainder of RFC 2251 is obsoleted by the
+ [Protocol], [AuthMeth], and [Roadmap] documents.
+
+ This document obsoletes RFC 2252 sections 4, 5 and 7. Appendix A.2
+ summarizes changes to these sections. The remainder of RFC 2252 is
+ obsoleted by [Syntaxes].
+
+ This document obsoletes RFC 2256 sections 5.1, 5.2, 7.1 and 7.2.
+ Appendix A.3 summarizes changes to these sections. The remainder of
+ RFC 2256 is obsoleted by [Schema] and [Syntaxes].
+
+ This document obsoletes RFC 3674 in its entirety. Appendix A.4
+ summarizes changes since RFC 3674.
+
+
+1.2. Relationship to X.501
+
+ This document includes material, with and without adaptation, from
+ [X.501] as necessary to describe this protocol. These adaptations
+ (and any other differences herein) apply to this protocol, and only
+ this protocol.
+
+
+1.3. Conventions
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+ Schema definitions are provided using LDAP description formats (as
+ defined in Section 4.1). Definitions provided here are formatted
+ (line wrapped) for readability. Matching rules and LDAP syntaxes
+ referenced in these definitions are specified in [Syntaxes].
+
+
+1.4. Common ABNF Productions
+
+ A number of syntaxes in this document are described using Augmented
+ Backus-Naur Form (ABNF) [RFC2234]. These syntaxes (as well as a
+ number of syntaxes defined in other documents) rely on the following
+ common productions:
+
+ keystring = leadkeychar *keychar
+ leadkeychar = ALPHA
+
+
+
+Zeilenga LDAP Models [Page 4]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ keychar = ALPHA / DIGIT / HYPHEN
+ number = DIGIT / ( LDIGIT 1*DIGIT )
+
+ ALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"
+ DIGIT = %x30 / LDIGIT ; "0"-"9"
+ LDIGIT = %x31-39 ; "1"-"9"
+ HEX = DIGIT / %x41-46 / %x61-66 ; "0"-"9" / "A"-"F" / "a"-"f"
+
+ SP = 1*SPACE ; one or more " "
+ WSP = 0*SPACE ; zero or more " "
+
+ NULL = %x00 ; null (0)
+ SPACE = %x20 ; space (" ")
+ DQUOTE = %x22 ; quote (""")
+ SHARP = %x23 ; octothorpe (or sharp sign) ("#")
+ DOLLAR = %x24 ; dollar sign ("$")
+ SQUOTE = %x27 ; single quote ("'")
+ LPAREN = %x28 ; left paren ("(")
+ RPAREN = %x29 ; right paren (")")
+ PLUS = %x2B ; plus sign ("+")
+ COMMA = %x2C ; comma (",")
+ HYPHEN = %x2D ; hyphen ("-")
+ DOT = %x2E ; period (".")
+ SEMI = %x3B ; semicolon (";")
+ LANGLE = %x3C ; left angle bracket ("<")
+ EQUALS = %x3D ; equals sign ("=")
+ RANGLE = %x3E ; right angle bracket (">")
+ ESC = %x5C ; backslash ("\")
+ USCORE = %x5F ; underscore ("_")
+ LCURLY = %x7B ; left curly brace "{"
+ RCURLY = %x7D ; right curly brace "}"
+
+ ; Any UTF-8 [UTF-8] encoded Unicode [Unicode] character
+ UTF8 = UTF1 / UTFMB
+ UTFMB = UTF2 / UTF3 / UTF4
+ UTF0 = %x80-BF
+ UTF1 = %x00-7F
+ UTF2 = %xC2-DF UTF0
+ UTF3 = %xE0 %xA0-BF UTF0 / %xE1-EC 2(UTF0) /
+ %xED %x80-9F UTF0 / %xEE-EF 2(UTF0)
+ UTF4 = %xF0 %x90-BF 2(UTF0) / %xF1-F3 3(UTF0) /
+ %xF4 %x80-8F 2(UTF0)
+
+ OCTET = %x00-FF ; Any octet (8-bit data unit)
+
+ Object identifiers (OIDs) [X.680] are represented in LDAP using a
+ dot-decimal format conforming to the ABNF:
+
+
+
+
+Zeilenga LDAP Models [Page 5]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ numericoid = number 1*( DOT number )
+
+ Short names, also known as descriptors, are used as more readable
+ aliases for object identifiers. Short names are case insensitive and
+ conform to the ABNF:
+
+ descr = keystring
+
+ Where either an object identifier or a short name may be specified,
+ the following production is used:
+
+ oid = descr / numericoid
+
+ While the <descr> form is generally preferred when the usage is
+ restricted to short names referring to object identifiers which
+ identify like kinds of objects (e.g., attribute type descriptions,
+ matching rule descriptions, object class descriptions), the
+ <numericoid> form should be used when the object identifiers may
+ identify multiple kinds of objects or when an unambiguous short name
+ (descriptor) is not available.
+
+ Implementations SHOULD treat short names (descriptors) used in an
+ ambiguous manner (as discussed above) as unrecognized.
+
+ Short Names (descriptors) are discussed further in Section 6.2.
+
+
+2. Model of Directory User Information
+
+ As [X.501] states:
+
+ The purpose of the Directory is to hold, and provide access to,
+ information about objects of interest (objects) in some 'world'.
+ An object can be anything which is identifiable (can be named).
+
+ An object class is an identified family of objects, or conceivable
+ objects, which share certain characteristics. Every object belongs
+ to at least one class. An object class may be a subclass of other
+ object classes, in which case the members of the former class, the
+ subclass, are also considered to be members of the latter classes,
+ the superclasses. There may be subclasses of subclasses, etc., to
+ an arbitrary depth.
+
+ A directory entry, a named collection of information, is the basic
+ unit of information held in the Directory. There are multiple kinds
+ of directory entries.
+
+ An object entry represents a particular object. An alias entry
+
+
+
+Zeilenga LDAP Models [Page 6]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ provides alternative naming. A subentry holds administrative and/or
+ operational information.
+
+ The set of entries representing the DIB are organized hierarchically
+ in a tree structure known as the Directory Information Tree (DIT).
+
+ Section 2.1 describes the Directory Information Tree
+ Section 2.2 discusses the structure of entries.
+ Section 2.3 discusses naming of entries.
+ Section 2.4 discusses object classes.
+ Section 2.5 discusses attribute descriptions.
+ Section 2.6 discusses alias entries.
+
+
+2.1. The Directory Information Tree
+
+ As noted above, the DIB is composed of a set of entries organized
+ hierarchically in a tree structure known as the Directory Information
+ Tree (DIT). Specifically, a tree where vertices are the entries.
+
+ The arcs between vertices define relations between entries. If an arc
+ exists from X to Y, then the entry at X is the immediate superior of Y
+ and Y is the immediate subordinate of X. An entry's superiors are the
+ entry's immediate superior and its superiors. An entry's subordinates
+ are all of its immediate subordinates and their subordinates.
+
+ Similarly, the superior/subordinate relationship between object
+ entries can be used to derive a relation between the objects they
+ represent. DIT structure rules can be used to govern relationships
+ between objects.
+
+ Note: An entry's immediate superior is also known as the entry's
+ parent and an entry's immediate subordinate is also known as the
+ entry's child. Entries which have the same parent are known as
+ siblings.
+
+
+2.2. Structure of an Entry
+
+ An entry consists of a set of attributes which hold information about
+ the object which the entry represents. Some attributes represent user
+ information and are called user attributes. Other attributes
+ represent operational and/or administrative information and are called
+ operational attributes.
+
+ An attribute is an attribute description (a type and zero or more
+ options) with one or more associated values. An attribute is often
+ referred to by its attribute description. For example, the
+
+
+
+Zeilenga LDAP Models [Page 7]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ 'givenName' attribute is the attribute which consists of the attribute
+ description 'givenName' (the 'givenName' attribute type [Schema] and
+ zero options) and one or more associated values.
+
+ The attribute type governs whether the attribute can have multiple
+ values, the syntax and matching rules used to construct and compare
+ values of that attribute, and other functions. Options indicate
+ subtypes and other functions.
+
+ Attribute values conform to the defined syntax of the attribute type.
+
+ No two values of an attribute may be equivalent. Two values are
+ considered equivalent if and only if they would match according to the
+ equality matching rule of the attribute type or, if the attribute type
+ is defined with no equality matching rule, two values are equivalent
+ if and only if they are identical. (See 2.5.1 for other
+ restrictions.)
+
+ For example, a 'givenName' attribute can have more than one value,
+ they must be Directory Strings, and they are case insensitive. A
+ 'givenName' attribute cannot hold both "John" and "JOHN" as these are
+ equivalent values per the equality matching rule of the attribute
+ type.
+
+ Additionally, no attribute is to have a value which is not equivalent
+ to itself. For example, the 'givenName' attribute cannot have as a
+ value a directory string which includes the REPLACEMENT CHARACTER
+ (U+FFFD) code point as matching involving that directory string is
+ Undefined per this attribute's equality matching rule.
+
+ When an attribute is used for naming of the entry, one and only one
+ value of the attribute is used in forming the Relative Distinguished
+ Name. This value is known as a distinguished value.
+
+
+2.3. Naming of Entries
+
+2.3.1. Relative Distinguished Names
+
+ Each entry is named relative to its immediate superior. This relative
+ name, known as its Relative Distinguished Name (RDN) [X.501], is
+ composed of an unordered set of one or more attribute value assertions
+ (AVA) consisting of an attribute description with zero options and an
+ attribute value. These AVAs are chosen to match attribute values
+ (each a distinguished value) of the entry.
+
+ An entry's relative distinguished name must be unique among all
+ immediate subordinates of the entry's immediate superior (i.e., all
+
+
+
+Zeilenga LDAP Models [Page 8]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ siblings).
+
+ The following are examples of string representations of RDNs [LDAPDN]:
+
+ UID=12345
+ OU=Engineering
+ CN=Kurt Zeilenga+L=Redwood Shores
+
+ The last is an example of a multi-valued RDN. That is, an RDN
+ composed of multiple AVAs.
+
+
+2.3.2. Distinguished Names
+
+ An entry's fully qualified name, known as its Distinguished Name (DN)
+ [X.501], is the concatenation of its RDN and its immediate superior's
+ DN. A Distinguished Name unambiguously refers to an entry in the
+ tree. The following are examples of string representations of DNs
+ [LDAPDN]:
+
+ UID=nobody at example.com,DC=example,DC=com
+ CN=John Smith,OU=Sales,O=ACME Limited,L=Moab,ST=Utah,C=US
+
+
+2.3.3. Alias Names
+
+ An alias, or alias name, is "an name for an object, provided by the
+ use of alias entries" [X.501]. Alias entries are described in Section
+ 2.6.
+
+
+2.4. Object Classes
+
+ An object class is "an identified family of objects (or conceivable
+ objects) which share certain characteristics" [X.501].
+
+ As defined in [X.501]:
+
+ Object classes are used in the Directory for a number of purposes:
+
+ - describing and categorising objects and the entries that
+ correspond to these objects;
+
+ - where appropriate, controlling the operation of the Directory;
+
+ - regulating, in conjunction with DIT structure rule
+ specifications, the position of entries in the DIT;
+
+
+
+
+Zeilenga LDAP Models [Page 9]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ - regulating, in conjunction with DIT content rule
+ specifications, the attributes that are contained in entries;
+
+ - identifying classes of entry that are to be associated with a
+ particular policy by the appropriate administrative authority.
+
+ An object class (a subclass) may be derived from an object class
+ (its direct superclass) which is itself derived from an even more
+ generic object class. For structural object classes, this process
+ stops at the most generic object class, 'top' (defined in Section
+ 2.4.1). An ordered set of superclasses up to the most superior
+ object class of an object class is its superclass chain.
+
+ An object class may be derived from two or more direct
+ superclasses (superclasses not part of the same superclass chain).
+ This feature of subclassing is termed multiple inheritance.
+
+ Each object class identifies the set of attributes required to be
+ present in entries belonging to the class and the set of attributes
+ allowed to be present in entries belonging to the class. As an entry
+ of a class must meet the requirements of each class it belongs to, it
+ can be said that an object class inherits the sets of allowed and
+ required attributes from its superclasses. A subclass can identify an
+ attribute allowed by its superclass as being required. If an
+ attribute is a member of both sets, it is required to be present.
+
+ Each object class is defined to be one of three kinds of object
+ classes: Abstract, Structural, or Auxiliary.
+
+ Each object class is identified by an object identifier (OID) and,
+ optionally, one or more short names (descriptors).
+
+
+2.4.1. Abstract Object Classes
+
+ An abstract object class, as the name implies, provides a base of
+ characteristics from which other object classes can be defined to
+ inherit from. An entry cannot belong to an abstract object class
+ unless it belongs to a structural or auxiliary class which inherits
+ from that abstract class.
+
+ Abstract object classes can not derive from structural nor auxiliary
+ object classes.
+
+ All structural object classes derive (directly or indirectly) from the
+ 'top' abstract object class. Auxiliary object classes do not
+ necessarily derive from 'top'.
+
+
+
+
+Zeilenga LDAP Models [Page 10]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ The following is the object class definition (see Section 4.1.1) for
+ the 'top' object class:
+
+ ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass )
+
+ All entries belong to the 'top' abstract object class.
+
+
+2.4.2. Structural Object Classes
+
+ As stated in [X.501]:
+
+ An object class defined for use in the structural specification of
+ the DIT is termed a structural object class. Structural object
+ classes are used in the definition of the structure of the names
+ of the objects for compliant entries.
+
+ An object or alias entry is characterised by precisely one
+ structural object class superclass chain which has a single
+ structural object class as the most subordinate object class.
+ This structural object class is referred to as the structural
+ object class of the entry.
+
+ Structural object classes are related to associated entries:
+
+ - an entry conforming to a structural object class shall
+ represent the real-world object constrained by the object
+ class;
+
+ - DIT structure rules only refer to structural object classes;
+ the structural object class of an entry is used to specify the
+ position of the entry in the DIT;
+
+ - the structural object class of an entry is used, along with an
+ associated DIT content rule, to control the content of an
+ entry.
+
+ The structural object class of an entry shall not be changed.
+
+ Each structural object class is a (direct or indirect) subclass of the
+ 'top' abstract object class.
+
+ Structural object classes cannot subclass auxiliary object classes.
+
+ Each entry is said to belong to its structural object class as well as
+ all classes in its structural object class's superclass chain.
+
+
+
+
+
+Zeilenga LDAP Models [Page 11]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+2.4.3. Auxiliary Object Classes
+
+ Auxiliary object classes are used to augment the characteristics of
+ entries. They are commonly used to augment the sets of attributes
+ required and allowed to be present in an entry. They can be used to
+ describe entries or classes of entries.
+
+ Auxiliary object classes cannot subclass structural object classes.
+
+ An entry can belong to any subset of the set of auxiliary object
+ classes allowed by the DIT content rule associated with the structural
+ object class of the entry. If no DIT content rule is associated with
+ the structural object class of the entry, the entry cannot belong to
+ any auxiliary object class.
+
+ The set of auxiliary object classes which an entry belongs to can
+ change over time.
+
+
+2.5. Attribute Descriptions
+
+ An attribute description is composed of an attribute type (see Section
+ 2.5.1) and a set of zero or more attribute options (see Section
+ 2.5.2).
+
+ An attribute description is represented by the ABNF:
+
+ attributedescription = attributetype options
+ attributetype = oid
+ options = *( SEMI option )
+ option = 1*keychar
+
+ where <attributetype> identifies the attribute type and each <option>
+ identifies an attribute option. Both <attributetype> and <option>
+ productions are case insensitive. The order in which <option>s appear
+ is irrelevant. That is, any two <attributedescription>s which consist
+ of the same <attributetype> and same set of <option>s are equivalent.
+
+ Examples of valid attribute descriptions:
+
+ 2.5.4.0
+ cn;lang-de;lang-en
+ owner
+
+ An attribute description with an unrecognized attribute type is to be
+ treated as unrecognized. Servers SHALL treat an attribute description
+ with an unrecognized attribute option as unrecognized. Clients MAY
+ treat an unrecognized attribute option as a tagging option (see
+
+
+
+Zeilenga LDAP Models [Page 12]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ Section 2.5.2.1).
+
+ All attributes of an entry must have distinct attribute descriptions.
+
+
+2.5.1. Attribute Types
+
+ An attribute type governs whether the attribute can have multiple
+ values, the syntax and matching rules used to construct and compare
+ values of that attribute, and other functions.
+
+ If no equality matching is specified for the attribute type:
+ - the attribute (of the type) cannot be used for naming;
+ - when adding the attribute (or replacing all values), no two values
+ may be equivalent (see 2.2);
+ - individual values of a multi-valued attribute are not to be
+ independently added or deleted;
+ - attribute value assertions (such as matching in search filters and
+ comparisons) using values of such a type cannot be performed.
+
+ Otherwise, the specified equality matching rule is to be used for the
+ purposes of evaluating attribute value assertions concerning the
+ attribute type. The specified equality rule is to be transitive and
+ commutative.
+
+ The attribute type indicates whether the attribute is a user attribute
+ or an operational attribute. If operational, the attribute type
+ indicates the operational usage and whether the attribute is
+ modifiable by users or not. Operational attributes are discussed in
+ Section 3.4.
+
+ An attribute type (a subtype) may derive from a more generic attribute
+ type (a direct supertype). The following restrictions apply to
+ subtyping:
+ - a subtype must have the same usage as its direct supertype,
+ - a subtype's syntax must be the same, or a refinement of, its
+ supertype's syntax, and
+ - a subtype must be collective [RFC3671] if its supertype is
+ collective.
+
+ An attribute description consisting of a subtype and no options is
+ said to be the direct description subtype of the attribute description
+ consisting of the subtype's direct supertype and no options.
+
+ Each attribute type is identified by an object identifier (OID) and,
+ optionally, one or more short names (descriptors).
+
+
+
+
+
+Zeilenga LDAP Models [Page 13]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+2.5.2. Attribute Options
+
+ There are multiple kinds of attribute description options. The LDAP
+ technical specification details one kind: tagging options.
+
+ Not all options can be associated with attributes held in the
+ directory. Tagging options can be.
+
+ Not all options can be used in conjunction with all attribute types.
+ In such cases, the attribute description is to be treated as
+ unrecognized.
+
+ An attribute description that contains mutually exclusive options
+ shall be treated as unrecognized. That is, "cn;x-bar;x-foo", where
+ "x-foo" and "x-bar" are mutually exclusive, is to be treated as
+ unrecognized.
+
+ Other kinds of options may be specified in future documents. These
+ documents must detail how new kinds of options they define relate to
+ tagging options. In particular, these documents must detail whether
+ or not new kinds of options can be associated with attributes held in
+ the directory, how new kinds of options affect transfer of attribute
+ values, and how new kinds of options are treated in attribute
+ description hierarchies.
+
+ Options are represented as short case insensitive textual strings
+ conforming to the <option> production defined in Section 2.5 of this
+ document.
+
+ Procedures for registering options are detailed in BCP 64 [BCP64bis].
+
+
+2.5.2.1. Tagging Options
+
+ Attributes held in the directory can have attribute descriptions with
+ any number of tagging options. Tagging options are never mutually
+ exclusive.
+
+ An attribute description with N tagging options is a direct
+ (description) subtype of all attribute descriptions of the same
+ attribute type and all but one of the N options. If the attribute
+ type has a supertype, then the attribute description is also a direct
+ (description) subtype of the attribute description of the supertype
+ and the N tagging options. That is, 'cn;lang-de;lang-en' is a direct
+ (description) subtype of 'cn;lang-de', 'cn;lang-en', and
+ 'name;lang-de;lang-en' ('cn' is a subtype of 'name', both are defined
+ in [Schema]).
+
+
+
+
+Zeilenga LDAP Models [Page 14]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+2.5.3. Attribute Description Hierarchies
+
+ An attribute description can be the direct subtype of zero or more
+ other attribute descriptions as indicated by attribute type subtyping
+ (as described in Section 2.5.1) or attribute tagging option subtyping
+ (as described in Section 2.5.2.1). These subtyping relationships are
+ used to form hierarchies of attribute descriptions and attributes.
+
+ As adapted from [X.501]:
+
+ Attribute hierarchies allow access to the DIB with varying degrees
+ of granularity. This is achieved by allowing the value components
+ of attributes to be accessed by using either their specific
+ attribute description (a direct reference to the attribute) or by
+ a more generic attribute description (an indirect reference).
+
+ Semantically related attributes may be placed in a hierarchical
+ relationship, the more specialized being placed subordinate to the
+ more generalized. Searching for, or retrieving attributes and
+ their values is made easier by quoting the more generalized
+ attribute description; a filter item so specified is evaluated for
+ the more specialized descriptions as well as for the quoted
+ description.
+
+ Where subordinate specialized descriptions are selected to be
+ returned as part of a search result these descriptions shall be
+ returned if available. Where the more general descriptions are
+ selected to be returned as part of a search result both the
+ general and the specialized descriptions shall be returned, if
+ available. An attribute value shall always be returned as a value
+ of its own attribute description.
+
+ All of the attribute descriptions in an attribute hierarchy are
+ treated as distinct and unrelated descriptions for user
+ modification of entry content.
+
+ An attribute value stored in an object or alias entry is of
+ precisely one attribute description. The description is indicated
+ when the value is originally added to the entry.
+
+ For the purpose of subschema administration of the entry, a
+ specification that an attribute is required is fulfilled if the entry
+ contains a value of an attribute description belonging to an attribute
+ hierarchy where the attribute type of that description is the same as
+ the required attribute's type. That is, a "MUST name" specification
+ is fulfilled by 'name' or 'name;x-tag-option', but is not fulfilled by
+ 'CN' nor by 'CN;x-tag-option' (even though 'CN' is a subtype of
+ 'name'). Likewise, an entry may contain a value of an attribute
+
+
+
+Zeilenga LDAP Models [Page 15]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ description belonging to an attribute hierarchy where the attribute
+ type of that description is either explicitly included in the
+ definition of an object class to which the entry belongs or allowed by
+ the DIT content rule applicable to that entry. That is, 'name' and
+ 'name;x-tag-option' are allowed by "MAY name" (or by "MUST name"), but
+ 'CN' and 'CN;x-tag-option' are not allowed by "MAY name" (nor by "MUST
+ name").
+
+ For the purposes of other policy administration, unless stated
+ otherwise in the specification of the particular administrative model,
+ all of the attribute descriptions in an attribute hierarchy are
+ treated as distinct and unrelated descriptions.
+
+
+2.6. Alias Entries
+
+ As adapted from [X.501]:
+
+ An alias, or an alias name, for an object is an alternative name
+ for an object or object entry which is provided by the use of
+ alias entries.
+
+ Each alias entry contains, within the 'aliasedObjectName'
+ attribute (known as the 'aliasedEntryName' attribute in X.500]), a
+ name of some object. The distinguished name of the alias entry is
+ thus also a name for this object.
+
+ NOTE - The name within the 'aliasedObjectName' is said to be
+ pointed to by the alias. It does not have to be the
+ distinguished name of any entry.
+
+ The conversion of an alias name to an object name is termed
+ (alias) dereferencing and comprises the systematic replacement of
+ alias names, where found within a purported name, by the value of
+ the corresponding 'aliasedObjectName' attribute. The process may
+ require the examination of more than one alias entry.
+
+ Any particular entry in the DIT may have zero or more alias names.
+ It therefore follows that several alias entries may point to the
+ same entry. An alias entry may point to an entry that is not a
+ leaf entry and may point to another alias entry.
+
+ An alias entry shall have no subordinates, so that an alias entry
+ is always a leaf entry.
+
+ Every alias entry shall belong to the 'alias' object class.
+
+ An entry with the 'alias' object class must also belong to an object
+
+
+
+Zeilenga LDAP Models [Page 16]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ class (or classes), or be governed by a DIT content rule, which allows
+ suitable naming attributes to be present.
+
+ Example:
+ dn: cn=bar,dc=example,dc=com
+ objectClass: top
+ objectClass: alias
+ objectClass: extensibleObject
+ cn: bar
+ aliasedObjectName: cn=foo,dc=example,dc=com
+
+
+2.6.1. 'alias' object class
+
+ Alias entries belong to the 'alias' object class.
+
+ ( 2.5.6.1 NAME 'alias'
+ SUP top STRUCTURAL
+ MUST aliasedObjectName )
+
+
+2.6.2. 'aliasedObjectName' attribute type
+
+ The 'aliasedObjectName' attribute holds the name of the entry an alias
+ points to. The 'aliasedObjectName' attribute is known as the
+ 'aliasedEntryName' attribute in X.500.
+
+ ( 2.5.4.1 NAME 'aliasedObjectName'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE )
+
+ The 'distinguishedNameMatch' matching rule and the DistinguishedName
+ (1.3.6.1.4.1.1466.115.121.1.12) syntax are defined in [Syntaxes].
+
+
+3. Directory Administrative and Operational Information
+
+ This section discusses select aspects of the X.500 Directory
+ Administrative and Operational Information model [X.501]. LDAP
+ implementations MAY support other aspects of this model.
+
+
+3.1. Subtrees
+
+ As defined in [X.501]:
+
+ A subtree is a collection of object and alias entries situated at
+
+
+
+Zeilenga LDAP Models [Page 17]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ the vertices of a tree. Subtrees do not contain subentries. The
+ prefix sub, in subtree, emphasizes that the base (or root) vertex
+ of this tree is usually subordinate to the root of the DIT.
+
+ A subtree begins at some vertex and extends to some identifiable
+ lower boundary, possibly extending to leaves. A subtree is always
+ defined within a context which implicitly bounds the subtree. For
+ example, the vertex and lower boundaries of a subtree defining a
+ replicated area are bounded by a naming context.
+
+
+3.2. Subentries
+
+ A subentry is a "special sort of entry, known by the Directory, used
+ to hold information associated with a subtree or subtree refinement"
+ [X.501]. Subentries are used in Directory to hold for administrative
+ and operational purposes as defined in [X.501]. Their use in LDAP is
+ detailed in [RFC3672].
+
+ The term "(sub)entry" in this specification indicates that servers
+ implementing X.500(93) models are, in accordance with X.500(93) as
+ described in [RFC3672], to use a subentry and that other servers are
+ to use an object entry belonging to the appropriate auxiliary class
+ normally used with the subentry (e.g., 'subschema' for subschema
+ subentries) to mimic the subentry. This object entry's RDN SHALL be
+ formed from a value of the 'cn' (commonName) attribute [Schema] (as
+ all subentries are named with 'cn').
+
+
+3.3. The 'objectClass' attribute
+
+ Each entry in the DIT has an 'objectClass' attribute.
+
+ ( 2.5.4.0 NAME 'objectClass'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+ The 'objectIdentifierMatch' matching rule and the OBJECT IDENTIFIER
+ (1.3.6.1.4.1.1466.115.121.1.38) syntax are defined in [Syntaxes].
+
+ The 'objectClass' attribute specifies the object classes of an entry,
+ which (among other things) is used in conjunction with the controlling
+ schema to determine the permitted attributes of an entry. Values of
+ this attribute can be modified by clients, but the 'objectClass'
+ attribute cannot be removed.
+
+ Servers which follow X.500(93) models SHALL restrict modifications of
+ this attribute to prevent the basic structural class of the entry from
+
+
+
+Zeilenga LDAP Models [Page 18]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ being changed. That is, one cannot change a 'person' into a
+ 'country'.
+
+ When creating an entry or adding an 'objectClass' value to an entry,
+ all superclasses of the named classes SHALL be implicitly added as
+ well if not already present. That is, if the auxiliary class 'x-a' is
+ a subclass of the class 'x-b', adding 'x-a' to 'objectClass' causes
+ 'x-b' to be implicitly added (if is not already present).
+
+ Servers SHALL restrict modifications of this attribute to prevent
+ superclasses of remaining 'objectClass' values from being deleted.
+ That is, if the auxiliary class 'x-a' is a subclass of the auxiliary
+ class 'x-b' and the 'objectClass' attribute contains 'x-a' and 'x-b',
+ an attempt to delete only 'x-b' from the 'objectClass' attribute is an
+ error.
+
+
+3.4. Operational attributes
+
+ Some attributes, termed operational attributes, are used or maintained
+ by servers for administrative and operational purposes. As stated in
+ [X.501]: "There are three varieties of operational attributes:
+ Directory operational attributes, DSA-shared operational attributes,
+ and DSA-specific operational attributes."
+
+ A directory operational attribute is used to represent operational
+ and/or administrative information in the Directory Information Model.
+ This includes operational attributes maintained by the server (e.g.
+ 'createTimestamp') as well as operational attributes which hold values
+ administrated by the user (e.g. 'ditContentRules').
+
+ A DSA-shared operational attribute is used to represent information of
+ the DSA Information Model which is shared between DSAs.
+
+ A DSA-specific operational attribute is used to represent information
+ of the DSA Information Model which is specific to the DSA (though, in
+ some cases, may be derived from information shared between DSAs)
+ (e.g., 'namingContexts').
+
+ The DSA Information Model operational attributes are detailed in
+ [X.501].
+
+ Operational attributes are not normally visible. They are not
+ returned in search results unless explicitly requested by name.
+
+ Not all operational attributes are user modifiable.
+
+ Entries may contain, among others, the following operational
+
+
+
+Zeilenga LDAP Models [Page 19]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ attributes:
+
+ - creatorsName: the Distinguished Name of the user who added this
+ entry to the directory,
+
+ - createTimestamp: the time this entry was added to the directory,
+
+ - modifiersName: the Distinguished Name of the user who last
+ modified this entry, and
+
+ - modifyTimestamp: the time this entry was last modified.
+
+ Servers SHOULD maintain the 'creatorsName', 'createTimestamp',
+ 'modifiersName', and 'modifyTimestamp' attributes for all entries of
+ the DIT.
+
+
+3.4.1. 'creatorsName'
+
+ This attribute appears in entries which were added using the protocol
+ (e.g., using the Add operation). The value is the distinguished name
+ of the creator.
+
+ ( 2.5.18.3 NAME 'creatorsName'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE NO-USER-MODIFICATION
+ USAGE directoryOperation )
+
+ The 'distinguishedNameMatch' matching rule and the DistinguishedName
+ (1.3.6.1.4.1.1466.115.121.1.12) syntax are defined in [Syntaxes].
+
+
+3.4.2. 'createTimestamp'
+
+ This attribute appears in entries which were added using the protocol
+ (e.g., using the Add operation). The value is the time the entry was
+ added.
+
+ ( 2.5.18.1 NAME 'createTimestamp'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE NO-USER-MODIFICATION
+ USAGE directoryOperation )
+
+ The 'generalizedTimeMatch' and 'generalizedTimeOrderingMatch' matching
+ rules and the GeneralizedTime (1.3.6.1.4.1.1466.115.121.1.24) syntax
+
+
+
+Zeilenga LDAP Models [Page 20]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ are defined in [Syntaxes].
+
+
+3.4.3. 'modifiersName'
+
+ This attribute appears in entries which have been modified using the
+ protocol (e.g., using Modify operation). The value is the
+ distinguished name of the last modifier.
+
+ ( 2.5.18.4 NAME 'modifiersName'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE NO-USER-MODIFICATION
+ USAGE directoryOperation )
+
+ The 'distinguishedNameMatch' matching rule and the DistinguishedName
+ (1.3.6.1.4.1.1466.115.121.1.12) syntax are defined in [Syntaxes].
+
+
+3.4.4. 'modifyTimestamp'
+
+ This attribute appears in entries which have been modified using the
+ protocol (e.g., using the Modify operation). The value is the time
+ the entry was last modified.
+
+ ( 2.5.18.2 NAME 'modifyTimestamp'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE NO-USER-MODIFICATION
+ USAGE directoryOperation )
+
+ The 'generalizedTimeMatch' and 'generalizedTimeOrderingMatch' matching
+ rules and the GeneralizedTime (1.3.6.1.4.1.1466.115.121.1.24) syntax
+ are defined in [Syntaxes].
+
+
+3.4.5. 'structuralObjectClass'
+
+ This attribute indicates the structural object class of the entry.
+
+ ( 2.5.21.9 NAME 'structuralObjectClass'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+ SINGLE-VALUE NO-USER-MODIFICATION
+ USAGE directoryOperation )
+
+ The 'objectIdentifierMatch' matching rule and OBJECT IDENTIFIER
+
+
+
+Zeilenga LDAP Models [Page 21]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ (1.3.6.1.4.1.1466.115.121.1.38) syntax is defined in [Syntaxes].
+
+
+3.4.6. 'governingStructureRule'
+
+ This attribute indicates the structure rule governing the entry.
+
+ ( 2.5.21.10 NAME 'governingStructureRule'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE NO-USER-MODIFICATION
+ USAGE directoryOperation )
+
+ The 'integerMatch' matching rule and INTEGER
+ (1.3.6.1.4.1.1466.115.121.1.27) syntax is defined in [Syntaxes].
+
+
+4. Directory Schema
+
+ As defined in [X.501]:
+
+ The Directory Schema is a set of definitions and constraints
+ concerning the structure of the DIT, the possible ways entries are
+ named, the information that can be held in an entry, the
+ attributes used to represent that information and their
+ organization into hierarchies to facilitate search and retrieval
+ of the information and the ways in which values of attributes may
+ be matched in attribute value and matching rule assertions.
+
+ NOTE 1 - The schema enables the Directory system to, for example:
+
+ - prevent the creation of subordinate entries of the wrong
+ object-class (e.g. a country as a subordinate of a person);
+
+ - prevent the addition of attribute-types to an entry
+ inappropriate to the object-class (e.g. a serial number to a
+ person's entry);
+
+ - prevent the addition of an attribute value of a syntax not
+ matching that defined for the attribute-type (e.g. a printable
+ string to a bit string).
+
+ Formally, the Directory Schema comprises a set of:
+
+ a) Name Form definitions that define primitive naming relations
+ for structural object classes;
+
+ b) DIT Structure Rule definitions that define the names that
+
+
+
+Zeilenga LDAP Models [Page 22]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ entries may have and the ways in which the entries may be
+ related to one another in the DIT;
+
+ c) DIT Content Rule definitions that extend the specification of
+ allowable attributes for entries beyond those indicated by the
+ structural object classes of the entries;
+
+ d) Object Class definitions that define the basic set of mandatory
+ and optional attributes that shall be present, and may be
+ present, respectively, in an entry of a given class, and which
+ indicate the kind of object class that is being defined;
+
+ e) Attribute Type definitions that identify the object identifier
+ by which an attribute is known, its syntax, associated matching
+ rules, whether it is an operational attribute and if so its
+ type, whether it is a collective attribute, whether it is
+ permitted to have multiple values and whether or not it is
+ derived from another attribute type;
+
+ f) Matching Rule definitions that define matching rules.
+
+ And in LDAP:
+
+ g) LDAP Syntax definitions that define encodings used in LDAP.
+
+
+4.1. Schema Definitions
+
+ Schema definitions in this section are described using ABNF and rely
+ on the common productions specified in Section 1.2 as well as these:
+
+ noidlen = numericoid [ LCURLY len RCURLY ]
+ len = number
+
+ oids = oid / ( LPAREN WSP oidlist WSP RPAREN )
+ oidlist = oid *( WSP DOLLAR WSP oid )
+
+ extensions = *( SP xstring SP qdstrings )
+ xstring = "X" HYPHEN 1*( ALPHA / HYPHEN / USCORE )
+
+ qdescrs = qdescr / ( LPAREN WSP qdescrlist WSP RPAREN )
+ qdescrlist = [ qdescr *( SP qdescr ) ]
+ qdescr = SQUOTE descr SQUOTE
+
+ qdstrings = qdstring / ( LPAREN WSP qdstringlist WSP RPAREN )
+ qdstringlist = [ qdstring *( SP qdstring ) ]
+ qdstring = SQUOTE dstring SQUOTE
+ dstring = 1*( QS / QQ / QUTF8 ) ; escaped UTF-8 string
+
+
+
+Zeilenga LDAP Models [Page 23]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ QQ = ESC %x32 %x37 ; "\27"
+ QS = ESC %x35 ( %x43 / %x63 ) ; "\5C" / "\5c"
+
+ ; Any UTF-8 encoded Unicode character
+ ; except %x27 ("'") and %x5C ("\")
+ QUTF8 = QUTF1 / UTFMB
+
+ ; Any ASCII character except %x27 ("'") and %x5C ("\")
+ QUTF1 = %x00-26 / %x28-5B / %x5D-7F
+
+ Schema definitions in this section also share a number of common
+ terms.
+
+ The NAME field provides a set of short names (descriptors) which are
+ to be used as aliases for the OID.
+
+ The DESC field optionally allows a descriptive string to be provided
+ by the directory administrator and/or implementor. While
+ specifications may suggest a descriptive string, there is no
+ requirement that the suggested (or any) descriptive string be used.
+
+ The OBSOLETE field, if present, indicates the element is not active.
+
+ Implementors should note that future versions of this document may
+ expand these definitions to include additional terms. Terms whose
+ identifier begins with "X-" are reserved for private experiments, and
+ are followed by <SP> and <qdstrings> tokens.
+
+
+4.1.1. Object Class Definitions
+
+ Object Class definitions are written according to the ABNF:
+
+ ObjectClassDescription = LPAREN WSP
+ numericoid ; object identifier
+ [ SP "NAME" SP qdescrs ] ; short names (descriptors)
+ [ SP "DESC" SP qdstring ] ; description
+ [ SP "OBSOLETE" ] ; not active
+ [ SP "SUP" SP oids ] ; superior object classes
+ [ SP kind ] ; kind of class
+ [ SP "MUST" SP oids ] ; attribute types
+ [ SP "MAY" SP oids ] ; attribute types
+ extensions WSP RPAREN
+
+ kind = "ABSTRACT" / "STRUCTURAL" / "AUXILIARY"
+
+ where:
+ <numericoid> is object identifier assigned to this object class;
+
+
+
+Zeilenga LDAP Models [Page 24]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ NAME <qdescrs> are short names (descriptors) identifying this object
+ class;
+ DESC <qdstring> is a short descriptive string;
+ OBSOLETE indicates this object class is not active;
+ SUP <oids> specifies the direct superclasses of this object class;
+ the kind of object class is indicated by one of ABSTRACT,
+ STRUCTURAL, or AUXILIARY, default is STRUCTURAL;
+ MUST and MAY specify the sets of required and allowed attribute
+ types, respectively; and
+ <extensions> describe extensions.
+
+
+4.1.2. Attribute Types
+
+ Attribute Type definitions are written according to the ABNF:
+
+ AttributeTypeDescription = LPAREN WSP
+ numericoid ; object identifier
+ [ SP "NAME" SP qdescrs ] ; short names (descriptors)
+ [ SP "DESC" SP qdstring ] ; description
+ [ SP "OBSOLETE" ] ; not active
+ [ SP "SUP" SP oid ] ; supertype
+ [ SP "EQUALITY" SP oid ] ; equality matching rule
+ [ SP "ORDERING" SP oid ] ; ordering matching rule
+ [ SP "SUBSTR" SP oid ] ; substrings matching rule
+ [ SP "SYNTAX" SP noidlen ] ; value syntax
+ [ SP "SINGLE-VALUE" ] ; single-value
+ [ SP "COLLECTIVE" ] ; collective
+ [ SP "NO-USER-MODIFICATION" ] ; not user modifiable
+ [ SP "USAGE" SP usage ] ; usage
+ extensions WSP RPAREN ; extensions
+
+ usage = "userApplications" / ; user
+ "directoryOperation" / ; directory operational
+ "distributedOperation" / ; DSA-shared operational
+ "dSAOperation" ; DSA-specific operational
+
+ where:
+ <numericoid> is object identifier assigned to this attribute type;
+ NAME <qdescrs> are short names (descriptors) identifying this
+ attribute type;
+ DESC <qdstring> is a short descriptive string;
+ OBSOLETE indicates this attribute type is not active;
+ SUP oid specifies the direct supertype of this type;
+ EQUALITY, ORDERING, SUBSTR provide the oid of the equality,
+ ordering, and substrings matching rules, respectively;
+ SYNTAX identifies value syntax by object identifier and may suggest
+ a minimum upper bound;
+
+
+
+Zeilenga LDAP Models [Page 25]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ SINGLE-VALUE indicates attributes of this type are restricted to a
+ single value;
+ COLLECTIVE indicates this attribute type is collective
+ [X.501][RFC3671];
+ NO-USER-MODIFICATION indicates this attribute type is not user
+ modifiable;
+ USAGE indicates the application of this attribute type; and
+ <extensions> describe extensions.
+
+ Each attribute type description must contain at least one of the SUP
+ or SYNTAX fields. If no SYNTAX field is provided, the attribute type
+ description takes its value from the supertype.
+
+ If SUP field is provided, the EQUALITY, ORDERING, and SUBSTRING
+ fields, if not specified, take their value from the supertype.
+
+ Usage of userApplications, the default, indicates that attributes of
+ this type represent user information. That is, they are user
+ attributes.
+
+ A usage of directoryOperation, distributedOperation, or dSAOperation
+ indicates that attributes of this type represent operational and/or
+ administrative information. That is, they are operational attributes.
+
+ directoryOperation usage indicates that the attribute of this type is
+ a directory operational attribute. distributedOperation usage
+ indicates that the attribute of this DSA-shared usage operational
+ attribute. dSAOperation usage indicates that the attribute of this
+ type is a DSA-specific operational attribute.
+
+ COLLECTIVE requires usage userApplications. Use of collective
+ attribute types in LDAP is discussed in [RFC3671].
+
+ NO-USER-MODIFICATION requires an operational usage.
+
+ Note that the <AttributeTypeDescription> does not list the matching
+ rules which can be used with that attribute type in an extensibleMatch
+ search filter [Protocol]. This is done using the 'matchingRuleUse'
+ attribute described in Section 4.1.4.
+
+ This document refines the schema description of X.501 by requiring
+ that the SYNTAX field in an <AttributeTypeDescription> be a string
+ representation of an object identifier for the LDAP string syntax
+ definition with an optional indication of the suggested minimum bound
+ of a value of this attribute.
+
+ A suggested minimum upper bound on the number of characters in a value
+ with a string-based syntax, or the number of bytes in a value for all
+
+
+
+Zeilenga LDAP Models [Page 26]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ other syntaxes, may be indicated by appending this bound count inside
+ of curly braces following the syntax's OBJECT IDENTIFIER in an
+ Attribute Type Description. This bound is not part of the syntax name
+ itself. For instance, "1.3.6.4.1.1466.0{64}" suggests that server
+ implementations should allow a string to be 64 characters long,
+ although they may allow longer strings. Note that a single character
+ of the Directory String syntax may be encoded in more than one octet
+ since UTF-8 [RFC3629] is a variable-length encoding.
+
+
+4.1.3. Matching Rules
+
+ Matching rules are used in performance of attribute value assertions,
+ such as in performance of a Compare operation. They are also used in
+ evaluation of a Search filters, in determining which individual values
+ are be added or deleted during performance of a Modify operation, and
+ used in comparison of distinguished names.
+
+ Each matching rule is identified by an object identifier (OID) and,
+ optionally, one or more short names (descriptors).
+
+ Matching rule definitions are written according to the ABNF:
+
+ MatchingRuleDescription = LPAREN WSP
+ numericoid ; object identifier
+ [ SP "NAME" SP qdescrs ] ; short names (descriptors)
+ [ SP "DESC" SP qdstring ] ; description
+ [ SP "OBSOLETE" ] ; not active
+ SP "SYNTAX" SP numericoid ; assertion syntax
+ extensions WSP RPAREN ; extensions
+
+ where:
+ <numericoid> is object identifier assigned to this matching rule;
+ NAME <qdescrs> are short names (descriptors) identifying this
+ matching rule;
+ DESC <qdstring> is a short descriptive string;
+ OBSOLETE indicates this matching rule is not active;
+ SYNTAX identifies the assertion syntax (the syntax of the assertion
+ value) by object identifier; and
+ <extensions> describe extensions.
+
+
+4.1.4. Matching Rule Uses
+
+ A matching rule use lists the attribute types which are suitable for
+ use with an extensibleMatch search filter.
+
+ Matching rule use descriptions are written according to the following
+
+
+
+Zeilenga LDAP Models [Page 27]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ ABNF:
+
+ MatchingRuleUseDescription = LPAREN WSP
+ numericoid ; object identifier
+ [ SP "NAME" SP qdescrs ] ; short names (descriptors)
+ [ SP "DESC" SP qdstring ] ; description
+ [ SP "OBSOLETE" ] ; not active
+ SP "APPLIES" SP oids ; attribute types
+ extensions WSP RPAREN ; extensions
+
+ where:
+ <numericoid> is the object identifier of the matching rule
+ associated with this matching rule use description;
+ NAME <qdescrs> are short names (descriptors) identifying this
+ matching rule use;
+ DESC <qdstring> is a short descriptive string;
+ OBSOLETE indicates this matching rule use is not active;
+ APPLIES provides a list of attribute types the matching rule applies
+ to; and
+ <extensions> describe extensions.
+
+
+4.1.5. LDAP Syntaxes
+
+ LDAP Syntaxes of (attribute and assertion) values are described in
+ terms of ASN.1 [X.680] and, optionally, have an octet string encoding
+ known as the LDAP-specific encoding. Commonly, the LDAP-specific
+ encoding is constrained to a string of Unicode [Unicode] characters in
+ UTF-8 [RFC3629] form.
+
+ Each LDAP syntax is identified by an object identifier (OID).
+
+ LDAP syntax definitions are written according to the ABNF:
+
+ SyntaxDescription = LPAREN WSP
+ numericoid ; object identifier
+ [ SP "DESC" SP qdstring ] ; description
+ extensions WSP RPAREN ; extensions
+
+ where:
+ <numericoid> is the object identifier assigned to this LDAP syntax;
+ DESC <qdstring> is a short descriptive string; and
+ <extensions> describe extensions.
+
+
+4.1.6. DIT Content Rules
+
+ A DIT content rule is a "rule governing the content of entries of a
+
+
+
+Zeilenga LDAP Models [Page 28]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ particular structural object class" [X.501].
+
+ For DIT entries of a particular structural object class, a DIT content
+ rule specifies which auxiliary object classes the entries are allowed
+ to belong to and which additional attributes (by type) are required,
+ allowed or not allowed to appear in the entries.
+
+ The list of precluded attributes cannot include any attribute listed
+ as mandatory in the rule, the structural object class, or any of the
+ allowed auxiliary object classes.
+
+ Each content rule is identified by the object identifier, as well as
+ any short names (descriptors), of the structural object class it
+ applies to.
+
+ An entry may only belong to auxiliary object classes listed in the
+ governing content rule.
+
+ An entry must contain all attributes required by the object classes
+ the entry belongs to as well as all attributes required by the
+ governing content rule.
+
+ An entry may contain any non-precluded attributes allowed by the
+ object classes the entry belongs to as well as all attributes allowed
+ by the governing content rule.
+
+ An entry cannot include any attribute precluded by the governing
+ content rule.
+
+ An entry is governed by (if present and active in the subschema) the
+ DIT content rule which applies to the structural object class of the
+ entry (see Section 2.4.2). If no active rule is present for the
+ entry's structural object class, the entry's content is governed by
+ the structural object class (and possibly other aspects of user and
+ system schema). DIT content rules for superclasses of the structural
+ object class of an entry are not applicable to that entry.
+
+ DIT content rule descriptions are written according to the ABNF:
+
+ DITContentRuleDescription = LPAREN WSP
+ numericoid ; object identifier
+ [ SP "NAME" SP qdescrs ] ; short names (descriptors)
+ [ SP "DESC" SP qdstring ] ; description
+ [ SP "OBSOLETE" ] ; not active
+ [ SP "AUX" SP oids ] ; auxiliary object classes
+ [ SP "MUST" SP oids ] ; attribute types
+ [ SP "MAY" SP oids ] ; attribute types
+ [ SP "NOT" SP oids ] ; attribute types
+
+
+
+Zeilenga LDAP Models [Page 29]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ extensions WSP RPAREN ; extensions
+
+ where:
+ <numericoid> is the object identifier of the structural object class
+ associated with this DIT content rule;
+ NAME <qdescrs> are short names (descriptors) identifying this DIT
+ content rule;
+ DESC <qdstring> is a short descriptive string;
+ OBSOLETE indicates this DIT content rule use is not active;
+ AUX specifies a list of auxiliary object classes which entries
+ subject to this DIT content rule may belong to;
+ MUST, MAY, and NOT specify lists of attribute types which are
+ required, allowed, or precluded, respectively, from appearing in
+ entries subject to this DIT content rule; and
+ <extensions> describe extensions.
+
+
+4.1.7. DIT Structure Rules and Name Forms
+
+ It is sometimes desirable to regulate where object and alias entries
+ can be placed in the DIT and how they can be named based upon their
+ structural object class.
+
+
+4.1.7.1. DIT Structure Rules
+
+ A DIT structure rule is a "rule governing the structure of the DIT by
+ specifying a permitted superior to subordinate entry relationship. A
+ structure rule relates a name form, and therefore a structural object
+ class, to superior structure rules. This permits entries of the
+ structural object class identified by the name form to exist in the
+ DIT as subordinates to entries governed by the indicated superior
+ structure rules" [X.501].
+
+ DIT structure rule descriptions are written according to the ABNF:
+
+ DITStructureRuleDescription = LPAREN WSP
+ ruleid ; rule identifier
+ [ SP "NAME" SP qdescrs ] ; short names (descriptors)
+ [ SP "DESC" SP qdstring ] ; description
+ [ SP "OBSOLETE" ] ; not active
+ SP "FORM" SP oid ; NameForm
+ [ SP "SUP" ruleids ] ; superior rules
+ extensions WSP RPAREN ; extensions
+
+ ruleids = ruleid / ( LPAREN WSP ruleidlist WSP RPAREN )
+ ruleidlist = ruleid *( SP ruleid )
+ ruleid = number
+
+
+
+Zeilenga LDAP Models [Page 30]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ where:
+ <ruleid> is the rule identifier of this DIT structure rule;
+ NAME <qdescrs> are short names (descriptors) identifying this DIT
+ structure rule;
+ DESC <qdstring> is a short descriptive string;
+ OBSOLETE indicates this DIT structure rule use is not active;
+ FORM is specifies the name form associated with this DIT structure
+ rule;
+ SUP identifies superior rules (by rule id); and
+ <extensions> describe extensions.
+
+ If no superior rules are identified, the DIT structure rule applies
+ to an autonomous administrative point (e.g. the root vertex of the
+ subtree controlled by the subschema) [X.501].
+
+
+4.1.7.2. Name Forms
+
+ A name form "specifies a permissible RDN for entries of a particular
+ structural object class. A name form identifies a named object
+ class and one or more attribute types to be used for naming (i.e.
+ for the RDN). Name forms are primitive pieces of specification
+ used in the definition of DIT structure rules" [X.501].
+
+ Each name form indicates the structural object class to be named,
+ a set of required attribute types, and a set of allowed attribute
+ types. A particular attribute type cannot be in both sets.
+
+ Entries governed by the form must be named using a value from each
+ required attribute type and zero or more values from the allowed
+ attribute types.
+
+ Each name form is identified by an object identifier (OID) and,
+ optionally, one or more short names (descriptors).
+
+ Name form descriptions are written according to the ABNF:
+
+ NameFormDescription = LPAREN WSP
+ numericoid ; object identifier
+ [ SP "NAME" SP qdescrs ] ; short names (descriptors)
+ [ SP "DESC" SP qdstring ] ; description
+ [ SP "OBSOLETE" ] ; not active
+ SP "OC" SP oid ; structural object class
+ SP "MUST" SP oids ; attribute types
+ [ SP "MAY" SP oids ] ; attribute types
+ extensions WSP RPAREN ; extensions
+
+ where:
+
+
+
+Zeilenga LDAP Models [Page 31]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ <numericoid> is object identifier which identifies this name form;
+ NAME <qdescrs> are short names (descriptors) identifying this name
+ form;
+ DESC <qdstring> is a short descriptive string;
+ OBSOLETE indicates this name form is not active;
+ OC identifies the structural object class this rule applies to,
+ MUST and MAY specify the sets of required and allowed, respectively,
+ naming attributes for this name form; and
+ <extensions> describe extensions.
+
+ All attribute types in the required ("MUST") and allowed ("MAY") lists
+ shall be different.
+
+
+4.2. Subschema Subentries
+
+ Subschema (sub)entries are used for administering information about
+ the directory schema. A single subschema (sub)entry contains all
+ schema definitions (see Section 4.1) used by entries in a particular
+ part of the directory tree.
+
+ Servers which follow X.500(93) models SHOULD implement subschema using
+ the X.500 subschema mechanisms (as detailed in Section 12 of [X.501]),
+ and so these are not ordinary object entries but subentries (see
+ Section 3.2). LDAP clients SHOULD NOT assume that servers implement
+ any of the other aspects of X.500 subschema.
+
+ Servers MAY allow subschema modification. Procedures for subschema
+ modification are discussed in Section 14.5 of [X.501].
+
+ A server which masters entries and permits clients to modify these
+ entries SHALL implement and provide access to these subschema
+ (sub)entries including providing a 'subschemaSubentry' attribute in
+ each modifiable entry. This is so clients may discover the attributes
+ and object classes which are permitted to be present. It is strongly
+ RECOMMENDED that all other servers implement this as well.
+
+ The value of the 'subschemaSubentry' attribute is the name of the
+ subschema (sub)entry holding the subschema controlling the entry.
+
+ ( 2.5.18.10 NAME 'subschemaSubentry'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ NO-USER-MODIFICATION SINGLE-VALUE
+ USAGE directoryOperation )
+
+ The 'distinguishedNameMatch' matching rule and the DistinguishedName
+ (1.3.6.1.4.1.1466.115.121.1.12) syntax are defined in [Syntaxes].
+
+
+
+Zeilenga LDAP Models [Page 32]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ Subschema is held in (sub)entries belonging to the subschema auxiliary
+ object class.
+
+ ( 2.5.20.1 NAME 'subschema' AUXILIARY
+ MAY ( dITStructureRules $ nameForms $ ditContentRules $
+ objectClasses $ attributeTypes $ matchingRules $
+ matchingRuleUse ) )
+
+ The 'ldapSyntaxes' operational attribute may also be present in
+ subschema entries.
+
+ Servers MAY provide additional attributes (described in other
+ documents) in subschema (sub)entries.
+
+ Servers SHOULD provide the attributes 'createTimestamp' and
+ 'modifyTimestamp' in subschema (sub)entries, in order to allow clients
+ to maintain their caches of schema information.
+
+ The following subsections provide attribute type definitions for each
+ of schema definition attribute types.
+
+
+4.2.1. 'objectClasses'
+
+ This attribute holds definitions of object classes.
+
+ ( 2.5.21.6 NAME 'objectClasses'
+ EQUALITY objectIdentifierFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.37
+ USAGE directoryOperation )
+
+ The 'objectIdentifierFirstComponentMatch' matching rule and the
+ ObjectClassDescription (1.3.6.1.4.1.1466.115.121.1.37) syntax are
+ defined in [Syntaxes].
+
+
+4.2.2. 'attributeTypes'
+
+ This attribute holds definitions of attribute types.
+
+ ( 2.5.21.5 NAME 'attributeTypes'
+ EQUALITY objectIdentifierFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.3
+ USAGE directoryOperation )
+
+ The 'objectIdentifierFirstComponentMatch' matching rule and the
+ AttributeTypeDescription (1.3.6.1.4.1.1466.115.121.1.3) syntax are
+ defined in [Syntaxes].
+
+
+
+Zeilenga LDAP Models [Page 33]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+4.2.3. 'matchingRules'
+
+ This attribute holds definitions of matching rules.
+
+ ( 2.5.21.4 NAME 'matchingRules'
+ EQUALITY objectIdentifierFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.30
+ USAGE directoryOperation )
+
+ The 'objectIdentifierFirstComponentMatch' matching rule and the
+ MatchingRuleDescription (1.3.6.1.4.1.1466.115.121.1.30) syntax are
+ defined in [Syntaxes].
+
+
+4.2.4 'matchingRuleUse'
+
+ This attribute holds definitions of matching rule uses.
+
+ ( 2.5.21.8 NAME 'matchingRuleUse'
+ EQUALITY objectIdentifierFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.31
+ USAGE directoryOperation )
+
+ The 'objectIdentifierFirstComponentMatch' matching rule and the
+ MatchingRuleUseDescription (1.3.6.1.4.1.1466.115.121.1.31) syntax are
+ defined in [Syntaxes].
+
+
+4.2.5. 'ldapSyntaxes'
+
+ This attribute holds definitions of LDAP syntaxes.
+
+ ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes'
+ EQUALITY objectIdentifierFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.54
+ USAGE directoryOperation )
+
+ The 'objectIdentifierFirstComponentMatch' matching rule and the
+ SyntaxDescription (1.3.6.1.4.1.1466.115.121.1.54) syntax are defined
+ in [Syntaxes].
+
+
+4.2.6. 'dITContentRules'
+
+ This attribute lists DIT Content Rules which are present in the
+ subschema.
+
+ ( 2.5.21.2 NAME 'dITContentRules'
+
+
+
+Zeilenga LDAP Models [Page 34]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ EQUALITY objectIdentifierFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.16
+ USAGE directoryOperation )
+
+ The 'objectIdentifierFirstComponentMatch' matching rule and the
+ DITContentRuleDescription (1.3.6.1.4.1.1466.115.121.1.16) syntax are
+ defined in [Syntaxes].
+
+
+4.2.7. 'dITStructureRules'
+
+ This attribute lists DIT Structure Rules which are present in the
+ subschema.
+
+ ( 2.5.21.1 NAME 'dITStructureRules'
+ EQUALITY integerFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.17
+ USAGE directoryOperation )
+
+ The 'integerFirstComponentMatch' matching rule and the
+ DITStructureRuleDescription (1.3.6.1.4.1.1466.115.121.1.17) syntax are
+ defined in [Syntaxes].
+
+
+4.2.8 'nameForms'
+
+ This attribute lists Name Forms which are in force.
+
+ ( 2.5.21.7 NAME 'nameForms'
+ EQUALITY objectIdentifierFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.35
+ USAGE directoryOperation )
+
+ The 'objectIdentifierFirstComponentMatch' matching rule and the
+ NameFormDescription (1.3.6.1.4.1.1466.115.121.1.35) syntax are defined
+ in [Syntaxes].
+
+
+4.3. 'extensibleObject' object class
+
+ The 'extensibleObject' auxiliary object class allows entries that
+ belong to it to hold any user attribute. The set of allowed attribute
+ types of this object class is implicitly the set of all attribute
+ types of userApplications usage.
+
+ ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject'
+ SUP top AUXILIARY )
+
+
+
+
+Zeilenga LDAP Models [Page 35]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ The mandatory attributes of the other object classes of this entry are
+ still required to be present and any precluded attributes are still
+ not allowed to be present.
+
+
+
+4.4. Subschema Discovery
+
+ To discover the DN of the subschema (sub)entry holding the subschema
+ controlling a particular entry, a client reads that entry's
+ 'subschemaSubentry' operational attribute. To read schema attributes
+ from the subschema (sub)entry, clients MUST issue a Search operation
+ [Protocol] where baseObject is the DN of the subschema (sub)entry,
+ scope is baseObject, filter is "(objectClass=subschema)" [Filters],
+ and attributes field lists the names of the desired schema attributes
+ (as they are operational). Note: the "(objectClass=subschema)" filter
+ allows LDAP servers which gateway to X.500 to detect that subentry
+ information is being requested.
+
+ Clients SHOULD NOT assume a published subschema is complete nor assume
+ the server supports all of the schema elements it publishes nor assume
+ the server does not support an unpublished element.
+
+
+5. DSA (Server) Informational Model
+
+ The LDAP protocol assumes there are one or more servers which jointly
+ provide access to a Directory Information Tree (DIT). The server
+ holding the original information is called the "master" (for that
+ information). Servers which hold copies of the original information
+ are referred to as "shadowing" or "caching" servers.
+
+ As defined in [X.501]:
+
+ context prefix: The sequence of RDNs leading from the Root of the
+ DIT to the initial vertex of a naming context; corresponds to
+ the distinguished name of that vertex.
+
+ and:
+
+ naming context: A subtree of entries held in a single master DSA.
+
+ That is, a naming context is the largest collection of entries,
+ starting at an entry that is mastered by a particular server, and
+ including all its subordinates and their subordinates, down to the
+ entries which are mastered by different servers. The context prefix
+ is the name of the initial entry.
+
+
+
+
+Zeilenga LDAP Models [Page 36]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ The root of the DIT is a DSA-specific Entry (DSE) and not part of any
+ naming context (or any subtree); each server has different attribute
+ values in the root DSE.
+
+
+5.1. Server-specific Data Requirements
+
+ An LDAP server SHALL provide information about itself and other
+ information that is specific to each server. This is represented as a
+ group of attributes located in the root DSE, which is named with the
+ DN with zero RDNs (whose [LDAPDN] representation is as the zero-length
+ string).
+
+ These attributes are retrievable, subject to access control and other
+ restrictions, if a client performs a Search operation [Protocol] with
+ an empty baseObject, scope of baseObject, the filter "(objectClass=*)"
+ [Filters], and with the attributes field listing the names of the
+ desired attributes. It is noted that root DSE attributes are
+ operational, and like other operational attributes, are not returned
+ in search requests unless requested by name.
+
+ The root DSE SHALL NOT be included if the client performs a subtree
+ search starting from the root.
+
+ Servers may allow clients to modify attributes of the root DSE where
+ appropriate.
+
+ The following attributes of the root DSE are defined in [Syntaxes].
+ Additional attributes may be defined in other documents.
+
+ - altServer: alternative servers;
+
+ - namingContexts: naming contexts;
+
+ - supportedControl: recognized LDAP controls;
+
+ - supportedExtension: recognized LDAP extended operations;
+
+ - supportedFeatures: recognized LDAP features;
+
+ - supportedLDAPVersion: LDAP versions supported; and
+
+ - supportedSASLMechanisms: recognized Simple Authentication and
+ Security Layers (SASL) [SASL] mechanisms.
+
+ The values provided for these attributes may depend on
+ session-specific and other factors. For example, a server supporting
+ the SASL EXTERNAL mechanism might only list "EXTERNAL" when the
+
+
+
+Zeilenga LDAP Models [Page 37]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ client's identity has been established by a lower level. See
+ [AuthMeth].
+
+ The root DSE may also include a 'subschemaSubentry' attribute. If so,
+ it refers to the subschema (sub)entry holding the schema controlling
+ the root DSE. Clients SHOULD NOT assume that this subschema
+ (sub)entry controls other entries held by the server. General
+ subschema discovery procedures are provided in Section 4.4.
+
+
+5.1.1. 'altServer'
+
+ The 'altServer' attribute lists URIs referring to alternative servers
+ which may be contacted when this server becomes unavailable. URIs for
+ servers implementing the LDAP are written according to [LDAPURL].
+ Other kinds of URIs may be provided. If the server does not know of
+ any other servers which could be used this attribute will be absent.
+ Clients may cache this information in case their preferred server
+ later becomes unavailable.
+
+ ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ USAGE dSAOperation )
+
+ The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax is defined in
+ [Syntaxes].
+
+
+5.1.2. 'namingContexts'
+
+ The 'namingContexts' attribute lists the context prefixes of the
+ naming contexts the server masters or shadows (in part or in whole).
+ If the server is a first-level DSA [X.501], it should list (in
+ addition) an empty string (indicating the root of the DIT). If the
+ server does not master or shadow any information (e.g. it is an LDAP
+ gateway to a public X.500 directory) this attribute will be absent.
+ If the server believes it masters or shadows the entire directory, the
+ attribute will have a single value, and that value will be the empty
+ string (indicating the root of the DIT).
+
+ This attribute may be used, for example, to select a suitable entry
+ name for subsequent operations with this server.
+
+ ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ USAGE dSAOperation )
+
+ The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax is
+
+
+
+Zeilenga LDAP Models [Page 38]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ defined in [Syntaxes].
+
+
+5.1.3. 'supportedControl'
+
+ The 'supportedControl' attribute lists object identifiers identifying
+ the request controls [Protocol] the server supports. If the server
+ does not support any request controls, this attribute will be absent.
+ Object identifiers identifying response controls need not be listed.
+
+ Procedures for registering object identifiers used to discovery of
+ protocol mechanisms are detailed in BCP 64 [BCP64bis].
+
+ ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+ USAGE dSAOperation )
+
+ The OBJECT IDENTIFIER (1.3.6.1.4.1.1466.115.121.1.38) syntax is
+ defined in [Syntaxes].
+
+
+5.1.4. 'supportedExtension'
+
+ The 'supportedExtension' attribute lists object identifiers
+ identifying the extended operations [Protocol] which the server
+ supports. If the server does not support any extended operations,
+ this attribute will be absent.
+
+ An extended operation generally consists of an extended request and an
+ extended response but may also include other protocol data units (such
+ as intermediate responses). The object identifier assigned to the
+ extended request is used to identify the extended operation. Other
+ object identifiers used in the extended operation need not be listed
+ as values of this attribute.
+
+ Procedures for registering object identifiers used to discovery of
+ protocol mechanisms are detailed in BCP 64 [BCP64bis].
+
+ ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+ USAGE dSAOperation )
+
+ The OBJECT IDENTIFIER (1.3.6.1.4.1.1466.115.121.1.38) syntax is
+ defined in [Syntaxes].
+
+
+5.1.5. 'supportedFeatures'
+
+
+
+
+Zeilenga LDAP Models [Page 39]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ The 'supportedFeatures' attribute lists object identifiers identifying
+ elective features which the server supports. If the server does not
+ support any discoverable elective features, this attribute will be
+ absent.
+
+ ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+ USAGE dSAOperation )
+
+ Procedures for registering object identifiers used to discovery of
+ protocol mechanisms are detailed in BCP 64 [BCP64bis].
+
+ The OBJECT IDENTIFIER (1.3.6.1.4.1.1466.115.121.1.38) syntax and
+ objectIdentifierMatch matching rule are defined in [Syntaxes].
+
+
+5.1.6. 'supportedLDAPVersion'
+
+ The 'supportedLDAPVersion' attribute lists the versions of LDAP which
+ the server supports.
+
+ ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ USAGE dSAOperation )
+
+ The INTEGER (1.3.6.1.4.1.1466.115.121.1.27) syntax are defined in
+ [Syntaxes].
+
+
+5.1.7. 'supportedSASLMechanisms'
+
+ The 'supportedSASLMechanisms' attribute lists the SASL mechanisms
+ [SASL] which the server recognizes and/or supports [AuthMeth]. The
+ contents of this attribute may depend on the current session state.
+ If the server does not support any SASL mechanisms this attribute will
+ not be present.
+
+ ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ USAGE dSAOperation )
+
+ The Directory String (1.3.6.1.4.1.1466.115.121.1.15) syntax is defined
+ in [Syntaxes].
+
+
+6. Other Considerations
+
+
+
+
+Zeilenga LDAP Models [Page 40]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+6.1. Preservation of User Information
+
+ Syntaxes may be defined which have specific value and/or value form
+ (representation) preservation requirements. For example, a syntax
+ containing digitally signed data can mandate the server preserve both
+ the value and form of value presented to ensure signature is not
+ invalidated.
+
+ Where such requirements have not been explicitly stated, servers
+ SHOULD preserve the value of user information but MAY return the value
+ in a different form. And where a server is unable (or unwilling) to
+ preserve the value of user information, the server SHALL ensure that
+ an equivalent value (per Section 2.3) is returned.
+
+
+6.2. Short Names
+
+ Short names, also known as descriptors, are used as more readable
+ aliases for object identifiers and are used to identify various schema
+ elements. However, it is not expected that LDAP implementations with
+ human user interface would display these short names (nor the object
+ identifiers they refer to) to the user, but would most likely be
+ performing translations (such as expressing the short name in one of
+ the local national languages). For example, the short name "st"
+ (stateOrProvinceName) might be displayed to a German-speaking user as
+ "Land".
+
+ The same short name might have different meaning in different
+ subschemas and, within a particular subschema, the same short name
+ might refer to different object identifiers each identifying a
+ different kind of schema element.
+
+ Implementations MUST be prepared that the same short name might be
+ used in a subschema to refer to the different kinds of schema
+ elements. That is, there might be an object class 'x-fubar' and an
+ attribute type 'x-fubar' in a subschema.
+
+ Implementations MUST be prepared that the same short name might be
+ used in the different subschemas to refer to the different schema
+ elements. That is, there might be two matching rules 'x-fubar', each
+ in different subschemas.
+
+ Procedures for registering short names (descriptors) are detailed in
+ BCP 64 [BCP64bis].
+
+
+6.3. Cache and Shadowing
+
+
+
+
+Zeilenga LDAP Models [Page 41]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ Some servers may hold cache or shadow copies of entries, which can be
+ used to answer search and comparison queries, but will return
+ referrals or contact other servers if modification operations are
+ requested. Servers that perform shadowing or caching MUST ensure that
+ they do not violate any access control constraints placed on the data
+ by the originating server.
+
+
+7. Implementation Guidelines
+
+7.1 Server Guidelines
+
+ Servers MUST recognize all names of attribute types and object classes
+ defined in this document but, unless stated otherwise, need not
+ support the associated functionality. Servers SHOULD recognize all
+ the names of attribute types and object classes defined in Section 3
+ and 4, respectively, of [Schema].
+
+ Servers MUST ensure that entries conform to user and system schema
+ rules or other data model constraints.
+
+ Servers MAY support DIT Content Rules. Servers MAY support DIT
+ Structure Rules and Name Forms.
+
+ Servers MAY support alias entries.
+
+ Servers MAY support the 'extensibleObject' object class.
+
+ Servers MAY support subentries. If so, they MUST do so in accordance
+ with [RFC3672]. Servers which do not support subentries SHOULD use
+ object entries to mimic subentries as detailed in Section 3.2.
+
+ Servers MAY implement additional schema elements. Servers SHOULD
+ provide definitions of all schema elements they support in subschema
+ (sub)entries.
+
+
+7.2 Client Guidelines
+
+ In the absence of prior agreements with servers, clients SHOULD NOT
+ assume that servers support any particular schema elements beyond
+ those referenced in Section 7.1. The client can retrieve subschema
+ information as described in Section 4.4.
+
+ Clients MUST NOT display nor attempt to decode as ASN.1, a value if
+ its syntax is not known. Clients MUST NOT assume the LDAP-specific
+ string encoding is restricted to a UTF-8 encoded string of Unicode
+ characters or any particular subset of Unicode (such as a printable
+
+
+
+Zeilenga LDAP Models [Page 42]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ subset) unless such restriction is explicitly stated. Clients SHOULD
+ NOT send attribute values in a request that are not valid according to
+ the syntax defined for the attributes.
+
+
+8. Security Considerations
+
+ Attributes of directory entries are used to provide descriptive
+ information about the real-world objects they represent, which can be
+ people, organizations or devices. Most countries have privacy laws
+ regarding the publication of information about people.
+
+ General security considerations for accessing directory information
+ with LDAP are discussed in [Protocol] and [AuthMeth].
+
+
+9. IANA Considerations
+
+ It is requested that the Internet Assigned Numbers Authority (IANA)
+ update the LDAP descriptors registry as indicated in the following
+ template:
+
+ Subject: Request for LDAP Descriptor Registration Update
+ Descriptor (short name): see comment
+ Object Identifier: see comment
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Usage: see comment
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+
+ The following descriptors (short names) should be added to
+ the registry.
+
+ NAME Type OID
+ ------------------------ ---- -----------------
+ governingStructureRule A 2.5.21.10
+ structuralObjectClass A 2.5.21.9
+
+ The following descriptors (short names) should be updated to
+ refer to this RFC.
+
+ NAME Type OID
+ ------------------------ ---- -----------------
+ alias O 2.5.6.1
+ aliasedObjectName A 2.5.4.1
+ altServer A 1.3.6.1.4.1.1466.101.120.6
+
+
+
+Zeilenga LDAP Models [Page 43]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ attributeTypes A 2.5.21.5
+ createTimestamp A 2.5.18.1
+ creatorsName A 2.5.18.3
+ dITContentRules A 2.5.21.2
+ dITStructureRules A 2.5.21.1
+ extensibleObject O 1.3.6.1.4.1.1466.101.120.111
+ ldapSyntaxes A 1.3.6.1.4.1.1466.101.120.16
+ matchingRuleUse A 2.5.21.8
+ matchingRules A 2.5.21.4
+ modifiersName A 2.5.18.4
+ modifyTimestamp A 2.5.18.2
+ nameForms A 2.5.21.7
+ namingContexts A 1.3.6.1.4.1.1466.101.120.5
+ objectClass A 2.5.4.0
+ objectClasses A 2.5.21.6
+ subschema O 2.5.20.1
+ subschemaSubentry A 2.5.18.10
+ supportedControl A 1.3.6.1.4.1.1466.101.120.13
+ supportedExtension A 1.3.6.1.4.1.1466.101.120.7
+ supportedFeatures A 1.3.6.1.4.1.4203.1.3.5
+ supportedLDAPVersion A 1.3.6.1.4.1.1466.101.120.15
+ supportedSASLMechanisms A 1.3.6.1.4.1.1466.101.120.14
+ top O 2.5.6.0
+
+
+10. Acknowledgments
+
+ This document is based in part on RFC 2251 by M. Wahl, T. Howes, and
+ S. Kille; RFC 2252 by M. Wahl, A. Coulbeck, T. Howes, S. Kille; and
+ RFC 2556 by M. Wahl, all products of the IETF Access, Searching and
+ Indexing of Directories (ASID) Working Group. This document is also
+ based in part on "The Directory: Models" [X.501], a product of the
+ International Telephone Union (ITU). Additional text was borrowed
+ from RFC 2253 by M. Wahl, T. Howes, and S. Kille.
+
+ This document is a product of the IETF LDAP Revision (LDAPBIS) Working
+ Group.
+
+
+11. Editor's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+12. References
+
+
+
+Zeilenga LDAP Models [Page 44]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+12.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [RFC2234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
+ Specifications: ABNF", RFC 2234, November 1997.
+
+ [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
+ 10646", RFC 3629 (also STD 63), November 2003.
+
+ [RFC3671] Zeilenga, K., "Collective Attributes in LDAP", RFC 3671,
+ December 2003.
+
+ [RFC3672] Zeilenga, K. and S. Legg, "Subentries in LDAP", RFC
+ 3672, December 2003.
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+ [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+ [AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods and
+ Connection Level Security Mechanisms",
+ draft-ietf-ldapbis-authmeth-xx.txt, a work in progress.
+
+ [Filters] Smith, M. (editor), LDAPbis WG, "LDAP: String
+ Representation of Search Filters",
+ draft-ietf-ldapbis-filter-xx.txt, a work in progress.
+
+ [LDAPDN] Zeilenga, K. (editor), "LDAP: String Representation of
+ Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a
+ work in progress.
+
+ [LDAPURL] Smith, M. (editor), "LDAP: Uniform Resource Locator",
+ draft-ietf-ldapbis-url-xx.txt, a work in progress.
+
+ [SASL] Melnikov, A. (Editor), "Simple Authentication and
+
+
+
+Zeilenga LDAP Models [Page 45]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ Security Layer (SASL)",
+ draft-ietf-sasl-rfc2222bis-xx.txt, a work in progress.
+
+ [Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
+ draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.
+
+ [Schema] Dally, K. (editor), "LDAP: User Schema",
+ draft-ietf-ldapbis-user-schema-xx.txt, a work in
+ progress.
+
+ [Unicode] The Unicode Consortium, "The Unicode Standard, Version
+ 3.2.0" is defined by "The Unicode Standard, Version 3.0"
+ (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5),
+ as amended by the "Unicode Standard Annex #27: Unicode
+ 3.1" (http://www.unicode.org/reports/tr27/) and by the
+ "Unicode Standard Annex #28: Unicode 3.2"
+ (http://www.unicode.org/reports/tr28/).
+
+ [X.500] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Overview of concepts, models and services,"
+ X.500(1993) (also ISO/IEC 9594-1:1994).
+
+ [X.501] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
+
+ [X.680] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Abstract
+ Syntax Notation One (ASN.1) - Specification of Basic
+ Notation", X.680(2002) (also ISO/IEC 8824-1:2002).
+
+
+12.2. Informative References
+
+ None.
+
+
+Appendix A. Changes
+
+ This appendix is non-normative.
+
+ This document amounts to nearly a complete rewrite of portions of RFC
+ 2251, RFC 2252, and RFC 2256. This rewrite was undertaken to improve
+ overall clarity of technical specification. This appendix provides a
+ summary of substantive changes made to the portions of these documents
+ incorporated into this document. Readers should consult [Roadmap],
+ [Protocol], [Syntaxes], and [Schema] for summaries of remaining
+
+
+
+Zeilenga LDAP Models [Page 46]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ portions of these documents.
+
+
+A.1 Changes to RFC 2251
+
+ This document incorporates from RFC 2251 sections 3.2 and 3.4,
+ portions of Section 4 and 6 as summarized below.
+
+
+A.1.1 Section 3.2 of RFC 2251
+
+ Section 3.2 of RFC 2251 provided a brief introduction to the X.500
+ data model, as used by LDAP. The previous specification relied on
+ [X.501] but lacked clarity in how X.500 models are adapted for use by
+ LDAP. This document describes the X.500 data models, as used by LDAP
+ in greater detail, especially in areas where adaptation is needed.
+
+ Section 3.2.1 of RFC 2251 described an attribute as "a type with one
+ or more associated values." In LDAP, an attribute is better described
+ as an attribute description, a type with zero or more options, and one
+ or more associated values.
+
+ Section 3.2.2 of RFC 2251 mandated that subschema subentries contain
+ objectClasses and attributeTypes attributes, yet X.500(93) treats
+ these attributes as optional. While generally all implementations
+ that support X.500(93) subschema mechanisms will provide both of these
+ attributes, it is not absolutely required for interoperability that
+ all servers do. The mandate was removed for consistency with
+ X.500(93). The subschema discovery mechanism was also clarified to
+ indicate that subschema controlling an entry is obtained by reading
+ the (sub)entry referred to by that entry's 'subschemaSubentry'
+ attribute.
+
+
+A.1.2 Section 3.4 of RFC 2251
+
+ Section 3.4 of RFC 2251 provided "Server-specific Data Requirements".
+ This material, with changes, was incorporated in Section 5.1 of this
+ document.
+
+ Changes:
+
+ - Clarify that attributes of the root DSE are subject to "other
+ restrictions" in addition to access controls.
+
+ - Clarify that only recognized extended requests need to be enumerated
+ 'supportedExtension'.
+
+
+
+
+Zeilenga LDAP Models [Page 47]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ - Clarify that only recognized request controls need to be enumerated
+ 'supportedControl'.
+
+ - Clarify that root DSE attributes are operational and, like other
+ operational attributes, will not be returned in search requests
+ unless requested by name.
+
+ - Clarify that not all root DSE attributes are user modifiable.
+
+ - Remove inconsistent text regarding handling of the
+ 'subschemaSubentry' attribute within the root DSE. The previous
+ specification stated that the 'subschemaSubentry' attribute held in
+ the root DSE referred to "subschema entries (or subentries) known by
+ this server." This is inconsistent with the attribute intended use
+ as well as its formal definition as a single valued attribute
+ [X.501]. It is also noted that a simple (possibly incomplete) list
+ of subschema (sub)entries is not terrible useful. This document (in
+ section 5.1) specifies that the 'subschemaSubentry' attribute of the
+ root DSE refers to the subschema controlling the root DSE. It is
+ noted that the general subschema discovery mechanism remains
+ available (see Section 4.4 of this document).
+
+
+A.1.2 Section 4 of RFC 2251
+
+ Portions of Section 4 of RFC 2251 detailing aspects of the information
+ model used by LDAP were incorporated in this document, including:
+
+ - Restriction of distinguished values to attributes whose descriptions
+ have no options (from Section 4.1.3);
+
+ - Data model aspects of Attribute Types (from Section 4.1.4),
+ Attribute Descriptions (from 4.1.5), Attribute (from 4.1.8),
+ Matching Rule Identifier (from 4.1.9); and
+
+ - User schema requirements (from Section 4.1.6, 4.5.1, and 4.7).
+
+
+Clarifications to these portions include:
+
+ - Subtyping and AttributeDescriptions with options.
+
+
+
+
+
+A.1.3 Section 6 of RFC 2251
+
+
+
+
+Zeilenga LDAP Models [Page 48]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ The Section 6.1 and the second paragraph of Section 6.2 of RFC 2251
+ where incorporated into this document.
+
+
+A.2 Changes to RFC 2252
+
+ This document incorporates Sections 4, 5 and 7 from RFC 2252.
+
+
+A.2.1 Section 4 of RFC 2252
+
+ The specification was updated to use Augmented BNF [RFC2234]. The
+ string representation of an OBJECT IDENTIFIER was tighten to
+ disallow leading zeros as described in RFC 2252 text.
+
+ The <descr> syntax was changed to disallow semicolon (U+003B)
+ characters to appear to be consistent its natural language
+ specification "descr is the syntactic representation of an object
+ descriptor, which consists of letters and digits, starting with a
+ letter." In a related change, the statement "an
+ AttributeDescription can be used as the value in a NAME part of an
+ AttributeTypeDescription" was deleted. RFC 2252 provided no
+ specification of the semantics of attribute options appearing in
+ NAME fields.
+
+ RFC 2252 stated that the <descr> form of <oid> SHOULD be preferred
+ over the <numericoid> form. However, <descr> form can be ambiguous.
+ To address this issue, the imperative was replaced with a statement
+ (in Section 1.4) that while the <descr> form is generally preferred,
+ <numericoid> should be used where an unambiguous <descr> is not
+ available. Additionally, an expanded discussion of descriptor
+ issues is discussed in Section 6.2 (Short Names).
+
+ The ABNF for a quoted string (qdstring) was updated to reflect
+ support for the escaping mechanism described in 4.3 of RFC 2252.
+
+
+A.2.2 Section 5 of RFC 2252
+
+ Definitions of operational attributes provided in Section 5 of RFC
+ 2252 where incorporated into this document.
+
+ The 'namingContexts' description was clarified. A first-level DSA
+ should publish, in addition to other values, "" indicating the root
+ of the DIT.
+
+ The 'altServer' description was clarified. It may hold any URI.
+
+
+
+
+Zeilenga LDAP Models [Page 49]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+ The 'supportedExtension' description was clarified. A server need
+ only list the OBJECT IDENTIFIERs associated with the extended
+ requests of the extended operations it recognizes.
+
+ The 'supportedControl' description was clarified. A server need
+ only list the OBJECT IDENTIFIERs associated with the request
+ controls it recognizes.
+
+ Descriptions for the 'structuralObjectClass' and
+ 'governingStructureRule' operational attribute types were added.
+
+
+A.2.3 Section 7 of RFC 2252
+
+ Section 7 of RFC 2252 provides definitions of the 'subschema' and
+ 'extensibleObject' object classes. These definitions where
+ integrated into Section 4.2 and Section 4.3 of this document,
+ respectively. Section 7 of RFC 2252 also contained the object class
+ implementation requirement. This was incorporated into Section 7 of
+ this document.
+
+ The specification of 'extensibleObject' was clarified of how it
+ interacts with precluded attributes.
+
+
+A.3 Changes to RFC 2256
+
+ This document incorporates Sections 5.1, 5.2, 7.1, and 7.2 of RFC
+ 2256.
+
+ Section 5.1 of RFC 2256 provided the definition of the 'objectClass'
+ attribute type. This was integrated into Section 2.4.1 of this
+ document. The statement "One of the values is either 'top' or
+ 'alias'" was replaced with statement that one of the values is 'top'
+ as entries belonging to 'alias' also belong to 'top'.
+
+ Section 5.2 of RFC 2256 provided the definition of the
+ 'aliasedObjectName' attribute type. This was integrated into
+ Section 2.6.2 of this document.
+
+ Section 7.1 of RFC 2256 provided the definition of the 'top' object
+ class. This was integrated into Section 2.4.1 of this document.
+
+ Section 7.2 of RFC 2256 provided the definition of the 'alias'
+ object class. This was integrated into Section 2.6.1 of this
+ document.
+
+
+
+
+
+Zeilenga LDAP Models [Page 50]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-models-14 21 February 2005
+
+
+A.4 Changes to RFC 3674
+
+ This document made no substantive change to the 'supportedFeatures'
+ technical specification provided in RFC 3674.
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2005). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+Zeilenga LDAP Models [Page 51]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-protocol-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-protocol-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-protocol-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3709 @@
+
+
+Internet-Draft Editor: J. Sermersheim
+Intended Category: Standard Track Novell, Inc
+Document: draft-ietf-ldapbis-protocol-32.txt Oct 2005
+Obsoletes: RFCs 2251, 2830, 3771
+
+
+ LDAP: The Protocol
+
+
+Status of this Memo
+
+ By submitting this Internet-Draft, each
+ author represents that any applicable patent or other IPR claims of
+ which he or she is aware have been or will be disclosed, and any of
+ which he or she becomes aware will be disclosed, in accordance with
+ Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress".
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt.
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ This Internet-Draft will expire in February 2005.
+
+ Technical discussion of this document will take place on the IETF
+ LDAP Revision Working Group (LDAPbis) mailing list <ietf-
+ ldapbis at openldap.org>. Please send editorial comments directly to the
+ editor <jimse at novell.com>.
+
+
+Abstract
+
+ This document describes the protocol elements, along with their
+ semantics and encodings, of the Lightweight Directory Access Protocol
+ (LDAP). LDAP provides access to distributed directory services that
+ act in accordance with X.500 data and service models. These protocol
+ elements are based on those described in the X.500 Directory Access
+ Protocol (DAP).
+
+
+Table of Contents
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 1 �
+ Lightweight Directory Access Protocol Version 3
+
+ 1. Introduction....................................................3
+ 1.1. Relationship to Other LDAP Specifications.....................3
+ 2. Conventions.....................................................3
+ 3. Protocol Model..................................................4
+ 3.1 Operation and LDAP Message Layer Relationship..................5
+ 4. Elements of Protocol............................................5
+ 4.1. Common Elements...............................................5
+ 4.1.1. Message Envelope............................................5
+ 4.1.2. String Types................................................7
+ 4.1.3. Distinguished Name and Relative Distinguished Name..........7
+ 4.1.4. Attribute Descriptions......................................8
+ 4.1.5. Attribute Value.............................................8
+ 4.1.6. Attribute Value Assertion...................................8
+ 4.1.7. Attribute and PartialAttribute..............................9
+ 4.1.8. Matching Rule Identifier....................................9
+ 4.1.9. Result Message..............................................9
+ 4.1.10. Referral..................................................11
+ 4.1.11. Controls..................................................13
+ 4.2. Bind Operation...............................................14
+ 4.3. Unbind Operation.............................................17
+ 4.4. Unsolicited Notification.....................................17
+ 4.5. Search Operation.............................................18
+ 4.6. Modify Operation.............................................29
+ 4.7. Add Operation................................................31
+ 4.8. Delete Operation.............................................31
+ 4.9. Modify DN Operation..........................................32
+ 4.10. Compare Operation...........................................33
+ 4.11. Abandon Operation...........................................34
+ 4.12. Extended Operation..........................................35
+ 4.13. IntermediateResponse Message................................36
+ 4.14. StartTLS Operation..........................................37
+ 5. Protocol Encoding, Connection, and Transfer....................39
+ 5.1. Protocol Encoding............................................39
+ 5.2. Transmission Control Protocol (TCP)..........................40
+ 5.3. Termination of the LDAP session..............................40
+ 6. Security Considerations........................................40
+ 7. Acknowledgements...............................................42
+ 8. Normative References...........................................42
+ 9. Informative References.........................................44
+ 10. IANA Considerations...........................................44
+ 11. Editor's Address..............................................45
+ Appendix A - LDAP Result Codes....................................46
+ A.1 Non-Error Result Codes........................................46
+ A.2 Result Codes..................................................46
+ Appendix B - Complete ASN.1 Definition............................51
+ Appendix C - Changes..............................................57
+ C.1 Changes made to RFC 2251:.....................................57
+ C.2 Changes made to RFC 2830:.....................................62
+ C.3 Changes made to RFC 3771:.....................................63
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 2 �
+ Lightweight Directory Access Protocol Version 3
+
+1. Introduction
+
+ The Directory is "a collection of open systems cooperating to provide
+ directory services" [X.500]. A directory user, which may be a human
+ or other entity, accesses the Directory through a client (or
+ Directory User Agent (DUA)). The client, on behalf of the directory
+ user, interacts with one or more servers (or Directory System Agents
+ (DSA)). Clients interact with servers using a directory access
+ protocol.
+
+ This document details the protocol elements of the Lightweight
+ Directory Access Protocol (LDAP), along with their semantics.
+ Following the description of protocol elements, it describes the way
+ in which the protocol elements are encoded and transferred.
+
+
+1.1. Relationship to Other LDAP Specifications
+
+ This document is an integral part of the LDAP Technical Specification
+ [Roadmap] which obsoletes the previously defined LDAP technical
+ specification, RFC 3377, in its entirety.
+
+ This document, together with [Roadmap], [AuthMeth], and [Models],
+ obsoletes RFC 2251 in its entirety. Section 3.3 is obsoleted by
+ [Roadmap]. Sections 4.2.1 (portions), and 4.2.2 are obsoleted by
+ [AuthMeth]. Sections 3.2, 3.4, 4.1.3 (last paragraph), 4.1.4, 4.1.5,
+ 4.1.5.1, 4.1.9 (last paragraph), 5.1, 6.1, and 6.2 (last paragraph)
+ are obsoleted by [Models]. The remainder of RFC 2251 is obsoleted by
+ this document. Appendix C.1 summarizes substantive changes in the
+ remainder.
+
+ This document obsoletes RFC 2830, Sections 2 and 4. The remainder of
+ RFC 2830 is obsoleted by [AuthMeth]. Appendix C.2 summarizes
+ substantive changes to the remaining sections.
+
+ This document also obsoletes RFC 3771 in entirety.
+
+
+2. Conventions
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", and "MAY" in this document are
+ to be interpreted as described in [Keyword].
+
+ Character names in this document use the notation for code points and
+ names from the Unicode Standard [Unicode]. For example, the letter
+ "a" may be represented as either <U+0061> or <LATIN SMALL LETTER A>.
+
+ Note: a glossary of terms used in Unicode can be found in [Glossary].
+ Information on the Unicode character encoding model can be found in
+ [CharModel].
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 3 �
+ Lightweight Directory Access Protocol Version 3
+
+ The term "transport connection" refers to the underlying transport
+ services used to carry the protocol exchange, as well as associations
+ established by these services.
+
+ The term "TLS layer" refers to TLS services used in providing
+ security services, as well as associations established by these
+ services.
+
+ The term "SASL layer" refers to SASL services used in providing
+ security services, as well as associations established by these
+ services.
+
+ The term "LDAP message layer" refers to the LDAP Message Protocol
+ Data Unit (PDU) services used in providing directory services, as
+ well as associations established by these services.
+
+ The term "LDAP session" refers to combined services (transport
+ connection, TLS layer, SASL layer, LDAP message layer) and their
+ associations.
+
+ See the table in Section 5 for an illustration of these four terms.
+
+
+3. Protocol Model
+
+ The general model adopted by this protocol is one of clients
+ performing protocol operations against servers. In this model, a
+ client transmits a protocol request describing the operation to be
+ performed to a server. The server is then responsible for performing
+ the necessary operation(s) in the Directory. Upon completion of an
+ operation, the server typically returns a response containing
+ appropriate data to the requesting client.
+
+ Protocol operations are generally independent of one another. Each
+ operation is processed as an atomic action, leaving the directory in
+ a consistent state.
+
+ Although servers are required to return responses whenever such
+ responses are defined in the protocol, there is no requirement for
+ synchronous behavior on the part of either clients or servers.
+ Requests and responses for multiple operations generally may be
+ exchanged between a client and server in any order. If required,
+ synchronous behavior may be controlled by client applications.
+
+ The core protocol operations defined in this document can be mapped
+ to a subset of the X.500 (1993) Directory Abstract Service [X.511].
+ However there is not a one-to-one mapping between LDAP operations and
+ X.500 Directory Access Protocol (DAP) operations. Server
+ implementations acting as a gateway to X.500 directories may need to
+ make multiple DAP requests to service a single LDAP request.
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 4 �
+ Lightweight Directory Access Protocol Version 3
+
+
+3.1. Operation and LDAP Message Layer Relationship
+
+ Protocol operations are exchanged at the LDAP message layer. When the
+ transport connection is closed, any uncompleted operations at the
+ LDAP message layer, when possible, are abandoned, and when not
+ possible, are completed without transmission of the response. Also,
+ when the transport connection is closed, the client MUST NOT assume
+ that any uncompleted update operations have succeeded or failed.
+
+
+4. Elements of Protocol
+
+ The protocol is described using Abstract Syntax Notation One
+ ([ASN.1]), and is transferred using a subset of ASN.1 Basic Encoding
+ Rules ([BER]). Section 5 specifies how the protocol elements are
+ encoded and transferred.
+
+ In order to support future extensions to this protocol, extensibility
+ is implied where it is allowed per ASN.1 (i.e. sequence, set, choice,
+ and enumerated types are extensible). In addition, ellipses (...)
+ have been supplied in ASN.1 types that are explicitly extensible as
+ discussed in [LDAPIANA]. Because of the implied extensibility,
+ clients and servers MUST (unless otherwise specified) ignore trailing
+ SEQUENCE components whose tags they do not recognize.
+
+ Changes to the protocol other than through the extension mechanisms
+ described here require a different version number. A client indicates
+ the version it is using as part of the BindRequest, described in
+ Section 4.2. If a client has not sent a Bind, the server MUST assume
+ the client is using version 3 or later.
+
+ Clients may attempt to determine the protocol versions a server
+ supports by reading the 'supportedLDAPVersion' attribute from the
+ root DSE (DSA-Specific Entry) [Models].
+
+
+4.1. Common Elements
+
+ This section describes the LDAPMessage envelope Protocol Data Unit
+ (PDU) format, as well as data type definitions, which are used in the
+ protocol operations.
+
+
+4.1.1. Message Envelope
+
+ For the purposes of protocol exchanges, all protocol operations are
+ encapsulated in a common envelope, the LDAPMessage, which is defined
+ as follows:
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 5 �
+ Lightweight Directory Access Protocol Version 3
+
+ LDAPMessage ::= SEQUENCE {
+ messageID MessageID,
+ protocolOp CHOICE {
+ bindRequest BindRequest,
+ bindResponse BindResponse,
+ unbindRequest UnbindRequest,
+ searchRequest SearchRequest,
+ searchResEntry SearchResultEntry,
+ searchResDone SearchResultDone,
+ searchResRef SearchResultReference,
+ modifyRequest ModifyRequest,
+ modifyResponse ModifyResponse,
+ addRequest AddRequest,
+ addResponse AddResponse,
+ delRequest DelRequest,
+ delResponse DelResponse,
+ modDNRequest ModifyDNRequest,
+ modDNResponse ModifyDNResponse,
+ compareRequest CompareRequest,
+ compareResponse CompareResponse,
+ abandonRequest AbandonRequest,
+ extendedReq ExtendedRequest,
+ extendedResp ExtendedResponse,
+ ...,
+ intermediateResponse IntermediateResponse },
+ controls [0] Controls OPTIONAL }
+
+ MessageID ::= INTEGER (0 .. maxInt)
+
+ maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
+
+ The ASN.1 type Controls is defined in Section 4.1.11.
+
+ The function of the LDAPMessage is to provide an envelope containing
+ common fields required in all protocol exchanges. At this time the
+ only common fields are the messageID and the controls.
+
+ If the server receives an LDAPMessage from the client in which the
+ LDAPMessage SEQUENCE tag cannot be recognized, the messageID cannot
+ be parsed, the tag of the protocolOp is not recognized as a request,
+ or the encoding structures or lengths of data fields are found to be
+ incorrect, then the server SHOULD return the Notice of Disconnection
+ described in Section 4.4.1, with the resultCode set to protocolError,
+ and MUST immediately terminate the LDAP session as described in
+ Section 5.3.
+
+ In other cases where the client or server cannot parse an LDAP PDU,
+ it SHOULD abruptly terminate the LDAP session (Section 5.3) where
+ further communication (including providing notice) would be
+ pernicious. Otherwise, server implementations MUST return an
+ appropriate response to the request, with the resultCode set to
+ protocolError.
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 6 �
+ Lightweight Directory Access Protocol Version 3
+
+4.1.1.1. Message ID
+
+ All LDAPMessage envelopes encapsulating responses contain the
+ messageID value of the corresponding request LDAPMessage.
+
+ The message ID of a request MUST have a non-zero value different from
+ the messageID of any other request in progress in the same LDAP
+ session. The zero value is reserved for the unsolicited notification
+ message.
+
+ Typical clients increment a counter for each request.
+
+ A client MUST NOT send a request with the same message ID as an
+ earlier request in the same LDAP session unless it can be determined
+ that the server is no longer servicing the earlier request (e.g.
+ after the final response is received, or a subsequent Bind
+ completes). Otherwise the behavior is undefined. For this purpose,
+ note that Abandon and successfully abandoned operations do not send
+ responses.
+
+
+4.1.2. String Types
+
+ The LDAPString is a notational convenience to indicate that, although
+ strings of LDAPString type encode as ASN.1 OCTET STRING types, the
+ [ISO10646] character set (a superset of [Unicode]) is used, encoded
+ following the [UTF-8] algorithm. Note that Unicode characters U+0000
+ through U+007F are the same as ASCII 0 through 127, respectively, and
+ have the same single octet UTF-8 encoding. Other Unicode characters
+ have a multiple octet UTF-8 encoding.
+
+ LDAPString ::= OCTET STRING -- UTF-8 encoded,
+ -- [ISO10646] characters
+
+ The LDAPOID is a notational convenience to indicate that the
+ permitted value of this string is a (UTF-8 encoded) dotted-decimal
+ representation of an OBJECT IDENTIFIER. Although an LDAPOID is
+ encoded as an OCTET STRING, values are limited to the definition of
+ <numericoid> given in Section 1.4 of [Models].
+
+ LDAPOID ::= OCTET STRING -- Constrained to <numericoid> [Models]
+
+ For example,
+
+ 1.3.6.1.4.1.1466.1.2.3
+
+
+4.1.3. Distinguished Name and Relative Distinguished Name
+
+ An LDAPDN is defined to be the representation of a Distinguished Name
+ (DN) after encoding according to the specification in [LDAPDN].
+
+ LDAPDN ::= LDAPString
+ -- Constrained to <distinguishedName> [LDAPDN]
+
+Sermersheim Internet-Draft - Expires April 2006 Page 7 �
+ Lightweight Directory Access Protocol Version 3
+
+
+ A RelativeLDAPDN is defined to be the representation of a Relative
+ Distinguished Name (RDN) after encoding according to the
+ specification in [LDAPDN].
+
+ RelativeLDAPDN ::= LDAPString
+ -- Constrained to <name-component> [LDAPDN]
+
+
+4.1.4. Attribute Descriptions
+
+ The definition and encoding rules for attribute descriptions are
+ defined in Section 2.5 of [Models]. Briefly, an attribute description
+ is an attribute type and zero or more options.
+
+ AttributeDescription ::= LDAPString
+ -- Constrained to <attributedescription>
+ -- [Models]
+
+
+4.1.5. Attribute Value
+
+ A field of type AttributeValue is an OCTET STRING containing an
+ encoded attribute value. The attribute value is encoded according to
+ the LDAP-specific encoding definition of its corresponding syntax.
+ The LDAP-specific encoding definitions for different syntaxes and
+ attribute types may be found in other documents and in particular
+ [Syntaxes].
+
+ AttributeValue ::= OCTET STRING
+
+ Note that there is no defined limit on the size of this encoding;
+ thus protocol values may include multi-megabyte attribute values
+ (e.g. photographs).
+
+ Attribute values may be defined which have arbitrary and non-
+ printable syntax. Implementations MUST NOT display nor attempt to
+ decode an attribute value if its syntax is not known. The
+ implementation may attempt to discover the subschema of the source
+ entry, and retrieve the descriptions of 'attributeTypes' from it
+ [Models].
+
+ Clients MUST only send attribute values in a request that are valid
+ according to the syntax defined for the attributes.
+
+
+4.1.6. Attribute Value Assertion
+
+ The AttributeValueAssertion (AVA) type definition is similar to the
+ one in the X.500 Directory standards. It contains an attribute
+ description and a matching rule ([Models] Section 4.1.3) assertion
+ value suitable for that type. Elements of this type are typically
+ used to assert that the value in assertionValue matches a value of an
+ attribute.
+
+Sermersheim Internet-Draft - Expires April 2006 Page 8 �
+ Lightweight Directory Access Protocol Version 3
+
+
+ AttributeValueAssertion ::= SEQUENCE {
+ attributeDesc AttributeDescription,
+ assertionValue AssertionValue }
+
+ AssertionValue ::= OCTET STRING
+
+ The syntax of the AssertionValue depends on the context of the LDAP
+ operation being performed. For example, the syntax of the EQUALITY
+ matching rule for an attribute is used when performing a Compare
+ operation. Often this is the same syntax used for values of the
+ attribute type, but in some cases the assertion syntax differs from
+ the value syntax. See objectIdentiferFirstComponentMatch in
+ [Syntaxes] for an example.
+
+
+4.1.7. Attribute and PartialAttribute
+
+ Attributes and partial attributes consist of an attribute description
+ and attribute values. A PartialAttribute allows zero values, while
+ Attribute requires at least one value.
+
+ PartialAttribute ::= SEQUENCE {
+ type AttributeDescription,
+ vals SET OF value AttributeValue }
+
+ Attribute ::= PartialAttribute(WITH COMPONENTS {
+ ...,
+ vals (SIZE(1..MAX))})
+
+ No two of the attribute values may be equivalent as described by
+ Section 2.3 of [Models]. The set of attribute values is unordered.
+ Implementations MUST NOT rely upon the ordering being repeatable.
+
+
+4.1.8. Matching Rule Identifier
+
+ Matching rules are defined in Section 4.1.3 of [Models]. A matching
+ rule is identified in the protocol by the printable representation of
+ either its <numericoid>, or one of its short name descriptors
+ [Models], e.g. 'caseIgnoreMatch' or '2.5.13.2'.
+
+ MatchingRuleId ::= LDAPString
+
+
+4.1.9. Result Message
+
+ The LDAPResult is the construct used in this protocol to return
+ success or failure indications from servers to clients. To various
+ requests, servers will return responses containing the elements found
+ in LDAPResult to indicate the final status of the protocol operation
+ request.
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 9 �
+ Lightweight Directory Access Protocol Version 3
+
+ LDAPResult ::= SEQUENCE {
+ resultCode ENUMERATED {
+ success (0),
+ operationsError (1),
+ protocolError (2),
+ timeLimitExceeded (3),
+ sizeLimitExceeded (4),
+ compareFalse (5),
+ compareTrue (6),
+ authMethodNotSupported (7),
+ strongerAuthRequired (8),
+ -- 9 reserved --
+ referral (10),
+ adminLimitExceeded (11),
+ unavailableCriticalExtension (12),
+ confidentialityRequired (13),
+ saslBindInProgress (14),
+ noSuchAttribute (16),
+ undefinedAttributeType (17),
+ inappropriateMatching (18),
+ constraintViolation (19),
+ attributeOrValueExists (20),
+ invalidAttributeSyntax (21),
+ -- 22-31 unused --
+ noSuchObject (32),
+ aliasProblem (33),
+ invalidDNSyntax (34),
+ -- 35 reserved for undefined isLeaf --
+ aliasDereferencingProblem (36),
+ -- 37-47 unused --
+ inappropriateAuthentication (48),
+ invalidCredentials (49),
+ insufficientAccessRights (50),
+ busy (51),
+ unavailable (52),
+ unwillingToPerform (53),
+ loopDetect (54),
+ -- 55-63 unused --
+ namingViolation (64),
+ objectClassViolation (65),
+ notAllowedOnNonLeaf (66),
+ notAllowedOnRDN (67),
+ entryAlreadyExists (68),
+ objectClassModsProhibited (69),
+ -- 70 reserved for CLDAP --
+ affectsMultipleDSAs (71),
+ -- 72-79 unused --
+ other (80),
+ ... },
+ matchedDN LDAPDN,
+ diagnosticMessage LDAPString,
+ referral [3] Referral OPTIONAL }
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 10 �
+ Lightweight Directory Access Protocol Version 3
+
+ The resultCode enumeration is extensible as defined in Section 3.6 of
+ [LDAPIANA]. The meanings of the listed result codes are given in
+ Appendix A. If a server detects multiple errors for an operation,
+ only one result code is returned. The server should return the result
+ code that best indicates the nature of the error encountered. Servers
+ may return substituted result codes to prevent unauthorized
+ disclosures.
+
+ The diagnosticMessage field of this construct may, at the server's
+ option, be used to return a string containing a textual, human-
+ readable (terminal control and page formatting characters should be
+ avoided) diagnostic message. As this diagnostic message is not
+ standardized, implementations MUST NOT rely on the values returned.
+ Diagnostic messages typically supplement the resultCode with
+ additional information. If the server chooses not to return a textual
+ diagnostic, the diagnosticMessage field MUST be empty.
+
+ For certain result codes (typically, but not restricted to
+ noSuchObject, aliasProblem, invalidDNSyntax and
+ aliasDereferencingProblem), the matchedDN field is set (subject to
+ access controls) to the name of the last entry (object or alias) used
+ in finding the target (or base) object. This will be a truncated form
+ of the provided name or, if an alias was dereferenced while
+ attempting to locate the entry, of the resulting name. Otherwise the
+ matchedDN field is empty.
+
+
+4.1.10. Referral
+
+ The referral result code indicates that the contacted server cannot
+ or will not perform the operation and that one or more other servers
+ may be able to. Reasons for this include:
+
+ - The target entry of the request is not held locally, but the
+ server has knowledge of its possible existence elsewhere.
+
+ - The operation is restricted on this server -- perhaps due to a
+ read-only copy of an entry to be modified.
+
+ The referral field is present in an LDAPResult if the resultCode is
+ set to referral, and absent with all other result codes. It contains
+ one or more references to one or more servers or services that may be
+ accessed via LDAP or other protocols. Referrals can be returned in
+ response to any operation request (except Unbind and Abandon which do
+ not have responses). At least one URI MUST be present in the
+ Referral.
+
+ During a Search operation, after the baseObject is located, and
+ entries are being evaluated, the referral is not returned. Instead,
+ continuation references, described in Section 4.5.3, are returned
+ when other servers would need to be contacted to complete the
+ operation.
+
+ Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI
+
+Sermersheim Internet-Draft - Expires April 2006 Page 11 �
+ Lightweight Directory Access Protocol Version 3
+
+
+ URI ::= LDAPString -- limited to characters permitted in
+ -- URIs
+
+ If the client wishes to progress the operation, it contacts one of
+ the supported services found in the referral. If multiple URIs are
+ present, the client assumes that any supported URI may be used to
+ progress the operation.
+
+ Clients that follow referrals MUST ensure that they do not loop
+ between servers. They MUST NOT repeatedly contact the same server for
+ the same request with the same parameters. Some clients use a counter
+ that is incremented each time referral handling occurs for an
+ operation, and these kinds of clients MUST be able to handle at least
+ ten nested referrals while progressing the operation.
+
+ A URI for a server implementing LDAP and accessible via [TCP]/[IP]
+ (v4 or v6) is written as an LDAP URL according to [LDAPURL].
+
+ Referral values which are LDAP URLs follow these rules:
+
+ - If an alias was dereferenced, the <dn> part of the LDAP URL MUST
+ be present, with the new target object name.
+
+ - It is RECOMMENDED that the <dn> part be present to avoid
+ ambiguity.
+
+ - If the <dn> part is present, the client uses this name in its next
+ request to progress the operation, and if it is not present the
+ client uses the same name as in the original request.
+
+ - Some servers (e.g. participating in distributed indexing) may
+ provide a different filter in a URL of a referral for a Search
+ operation.
+
+ - If the <filter> part of the LDAP URL is present, the client uses
+ this filter in its next request to progress this Search, and if it
+ is not present the client uses the same filter as it used for that
+ Search.
+
+ - For Search, it is RECOMMENDED that the <scope> part be present to
+ avoid ambiguity.
+
+ - If the <scope> part is missing, the scope of the original Search
+ is used by the client to progress the operation.
+
+ - Other aspects of the new request may be the same as or different
+ from the request which generated the referral.
+
+ Other kinds of URIs may be returned. The syntax and semantics of such
+ URIs is left to future specifications. Clients may ignore URIs that
+ they do not support.
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 12 �
+ Lightweight Directory Access Protocol Version 3
+
+ UTF-8 encoded characters appearing in the string representation of a
+ DN, search filter, or other fields of the referral value may not be
+ legal for URIs (e.g. spaces) and MUST be escaped using the % method
+ in [URI].
+
+
+4.1.11. Controls
+
+ Controls provide a mechanism whereby the semantics and arguments of
+ existing LDAP operations may be extended. One or more controls may be
+ attached to a single LDAP message. A control only affects the
+ semantics of the message it is attached to.
+
+ Controls sent by clients are termed 'request controls' and those sent
+ by servers are termed 'response controls'.
+
+ Controls ::= SEQUENCE OF control Control
+
+ Control ::= SEQUENCE {
+ controlType LDAPOID,
+ criticality BOOLEAN DEFAULT FALSE,
+ controlValue OCTET STRING OPTIONAL }
+
+ The controlType field is the dotted-decimal representation of an
+ OBJECT IDENTIFIER which uniquely identifies the control. This
+ provides unambiguous naming of controls. Often, response control(s)
+ solicited by a request control share controlType values with the
+ request control.
+
+ The criticality field only has meaning in controls attached to
+ request messages (except UnbindRequest). For controls attached to
+ response messages and the UnbindRequest, the criticality field SHOULD
+ be FALSE, and MUST be ignored by the receiving protocol peer. A value
+ of TRUE indicates that it is unacceptable to perform the operation
+ without applying the semantics of the control. Specifically, the
+ criticality field is applied as follows:
+
+ - If the server does not recognize the control type, determines that
+ it is not appropriate for the operation, or is otherwise unwilling
+ to perform the operation with the control, and the criticality
+ field is TRUE, the server MUST NOT perform the operation, and for
+ operations that have a response message, MUST return with the
+ resultCode set to unavailableCriticalExtension.
+
+ - If the server does not recognize the control type, determines that
+ it is not appropriate for the operation, or is otherwise unwilling
+ to perform the operation with the control, and the criticality
+ field is FALSE, the server MUST ignore the control.
+
+ - Regardless of criticality, if a control is applied to an
+ operation, it is applied consistently and impartially to the
+ entire operation.
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 13 �
+ Lightweight Directory Access Protocol Version 3
+
+ The controlValue may contain information associated with the
+ controlType. Its format is defined by the specification of the
+ control. Implementations MUST be prepared to handle arbitrary
+ contents of the controlValue octet string, including zero bytes. It
+ is absent only if there is no value information which is associated
+ with a control of its type. When a controlValue is defined in terms
+ of ASN.1, and BER encoded according to Section 5.1, it also follows
+ the extensibility rules in Section 4.
+
+ Servers list the controlType of request controls they recognize in
+ the 'supportedControl' attribute in the root DSE (Section 5.1 of
+ [Models]).
+
+ Controls SHOULD NOT be combined unless the semantics of the
+ combination has been specified. The semantics of control
+ combinations, if specified, are generally found in the control
+ specification most recently published. When a combination of controls
+ is encountered whose semantics are invalid, not specified (or not
+ known), the message is considered to be not well-formed, thus the
+ operation fails with protocolError. Controls with a criticality of
+ FALSE may be ignored in order to arrive at a valid combination.
+ Additionally, unless order-dependent semantics are given in a
+ specification, the order of a combination of controls in the SEQUENCE
+ is ignored. Where the order is to be ignored but cannot be ignored by
+ the server, the message is considered not well-formed and the
+ operation fails with protocolError. Again, controls with a
+ criticality of FALSE may be ignored in order to arrive at a valid
+ combination.
+
+ This document does not specify any controls. Controls may be
+ specified in other documents. Documents detailing control extensions
+ are to provide for each control:
+
+ - the OBJECT IDENTIFIER assigned to the control,
+
+ - direction as to what value the sender should provide for the
+ criticality field (note: the semantics of the criticality field
+ are defined above should not be altered by the control's
+ specification),
+
+ - whether the controlValue field is present, and if so, the format
+ of its contents,
+
+ - the semantics of the control, and
+
+ - optionally, semantics regarding the combination of the control
+ with other controls.
+
+
+4.2. Bind Operation
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 14 �
+ Lightweight Directory Access Protocol Version 3
+
+ The function of the Bind operation is to allow authentication
+ information to be exchanged between the client and server. The Bind
+ operation should be thought of as the "authenticate" operation.
+ Operational, authentication, and security-related semantics of this
+ operation are given in [AuthMeth].
+
+ The Bind request is defined as follows:
+
+ BindRequest ::= [APPLICATION 0] SEQUENCE {
+ version INTEGER (1 .. 127),
+ name LDAPDN,
+ authentication AuthenticationChoice }
+
+ AuthenticationChoice ::= CHOICE {
+ simple [0] OCTET STRING,
+ -- 1 and 2 reserved
+ sasl [3] SaslCredentials,
+ ... }
+
+ SaslCredentials ::= SEQUENCE {
+ mechanism LDAPString,
+ credentials OCTET STRING OPTIONAL }
+
+ Fields of the BindRequest are:
+
+ - version: A version number indicating the version of the protocol
+ to be used at the LDAP message layer. This document describes
+ version 3 of the protocol. There is no version negotiation. The
+ client sets this field to the version it desires. If the server
+ does not support the specified version, it MUST respond with a
+ BindResponse where the resultCode is set to protocolError.
+
+ - name: If not empty, the name of the Directory object that the
+ client wishes to bind as. This field may take on a null value (a
+ zero length string) for the purposes of anonymous binds
+ ([AuthMeth] Section 5.1) or when using Simple Authentication and
+ Security Layer [SASL] authentication ([AuthMeth] Section 5.2).
+ Where the server attempts to locate the named object, it SHALL NOT
+ perform alias dereferencing.
+
+ - authentication: information used in authentication. This type is
+ extensible as defined in Section 3.7 of [LDAPIANA]. Servers that
+ do not support a choice supplied by a client return a BindResponse
+ with the resultCode set to authMethodNotSupported.
+
+ Textual passwords (consisting of a character sequence with a known
+ character set and encoding) transferred to the server using the
+ simple AuthenticationChoice SHALL be transferred as [UTF-8]
+ encoded [Unicode]. Prior to transfer, clients SHOULD prepare text
+ passwords as "query" strings by applying the [SASLprep] profile of
+ the [Stringprep] algorithm. Passwords consisting of other data
+ (such as random octets) MUST NOT be altered. The determination of
+ whether a password is textual is a local client matter.
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 15 �
+ Lightweight Directory Access Protocol Version 3
+
+
+4.2.1. Processing of the Bind Request
+
+ Before processing a BindRequest, all uncompleted operations MUST
+ either complete or be abandoned. The server may either wait for the
+ uncompleted operations to complete, or abandon them. The server then
+ proceeds to authenticate the client in either a single-step, or
+ multi-step Bind process. Each step requires the server to return a
+ BindResponse to indicate the status of authentication.
+
+ After sending a BindRequest, clients MUST NOT send further LDAP PDUs
+ until receiving the BindResponse. Similarly, servers SHOULD NOT
+ process or respond to requests received while processing a
+ BindRequest.
+
+ If the client did not bind before sending a request and receives an
+ operationsError to that request, it may then send a BindRequest. If
+ this also fails or the client chooses not to bind on the existing
+ LDAP session, it may terminate the LDAP session, re-establish it and
+ begin again by first sending a BindRequest. This will aid in
+ interoperating with servers implementing other versions of LDAP.
+
+ Clients may send multiple Bind requests to change the authentication
+ and/or security associations or to complete a multi-stage Bind
+ process. Authentication from earlier binds is subsequently ignored.
+
+ For some SASL authentication mechanisms, it may be necessary for the
+ client to invoke the BindRequest multiple times ([AuthMeth] Section
+ 5.2). Clients MUST NOT invoke operations between two Bind requests
+ made as part of a multi-stage Bind.
+
+ A client may abort a SASL bind negotiation by sending a BindRequest
+ with a different value in the mechanism field of SaslCredentials, or
+ an AuthenticationChoice other than sasl.
+
+ If the client sends a BindRequest with the sasl mechanism field as an
+ empty string, the server MUST return a BindResponse with the
+ resultCode set to authMethodNotSupported. This will allow clients to
+ abort a negotiation if it wishes to try again with the same SASL
+ mechanism.
+
+
+4.2.2. Bind Response
+
+ The Bind response is defined as follows.
+
+ BindResponse ::= [APPLICATION 1] SEQUENCE {
+ COMPONENTS OF LDAPResult,
+ serverSaslCreds [7] OCTET STRING OPTIONAL }
+
+ BindResponse consists simply of an indication from the server of the
+ status of the client's request for authentication.
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 16 �
+ Lightweight Directory Access Protocol Version 3
+
+ A successful Bind operation is indicated by a BindResponse with a
+ resultCode set to success. Otherwise, an appropriate result code is
+ set in the BindResponse. For BindResponse, the protocolError result
+ code may be used to indicate that the version number supplied by the
+ client is unsupported.
+
+ If the client receives a BindResponse where the resultCode is set to
+ protocolError, it is to assume that the server does not support this
+ version of LDAP. While the client may be able proceed with another
+ version of this protocol (this may or may not require closing and re-
+ establishing the transport connection), how to proceed with another
+ version of this protocol is beyond the scope of this document.
+ Clients which are unable or unwilling to proceed SHOULD terminate the
+ LDAP session.
+
+ The serverSaslCreds field is used as part of a SASL-defined bind
+ mechanism to allow the client to authenticate the server to which it
+ is communicating, or to perform "challenge-response" authentication.
+ If the client bound with the simple choice, or the SASL mechanism
+ does not require the server to return information to the client, then
+ this field SHALL NOT be included in the BindResponse.
+
+
+4.3. Unbind Operation
+
+ The function of the Unbind operation is to terminate an LDAP session.
+ The Unbind operation is not the antithesis of the Bind operation as
+ the name implies. The naming of these operations are historical. The
+ Unbind operation should be thought of as the "quit" operation.
+
+ The Unbind operation is defined as follows:
+
+ UnbindRequest ::= [APPLICATION 2] NULL
+
+ The client, upon transmission of the UnbindRequest, and the server,
+ upon receipt of the UnbindRequest are to gracefully terminate the
+ LDAP session as described in Section 5.3.
+
+ Uncompleted operations are handled as specified in Section 3.1.
+
+
+4.4. Unsolicited Notification
+
+ An unsolicited notification is an LDAPMessage sent from the server to
+ the client which is not in response to any LDAPMessage received by
+ the server. It is used to signal an extraordinary condition in the
+ server or in the LDAP session between the client and the server. The
+ notification is of an advisory nature, and the server will not expect
+ any response to be returned from the client.
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 17 �
+ Lightweight Directory Access Protocol Version 3
+
+ The unsolicited notification is structured as an LDAPMessage in which
+ the messageID is zero and protocolOp is set to the extendedResp
+ choice using the ExtendedResponse type (See Section 4.12). The
+ responseName field of the ExtendedResponse always contains an LDAPOID
+ which is unique for this notification.
+
+ One unsolicited notification (Notice of Disconnection) is defined in
+ this document. The specification of an unsolicited notification
+ consists of:
+
+ - the OBJECT IDENTIFIER assigned to the notification (to be
+ specified in the responseName,
+
+ - the format of the contents of the responseValue (if any),
+
+ - the circumstances which will cause the notification to be sent,
+ and
+
+ - the semantics of the message.
+
+
+4.4.1. Notice of Disconnection
+
+ This notification may be used by the server to advise the client that
+ the server is about to terminate the LDAP session on its own
+ initiative. This notification is intended to assist clients in
+ distinguishing between an exceptional server condition and a
+ transient network failure. Note that this notification is not a
+ response to an Unbind requested by the client. Uncompleted operations
+ are handled as specified in Section 3.1.
+
+ The responseName is 1.3.6.1.4.1.1466.20036, the responseValue field
+ is absent, and the resultCode is used to indicate the reason for the
+ disconnection. When the strongerAuthRequired resultCode is returned
+ with this message, it indicates that the server has detected that an
+ established security association between the client and server has
+ unexpectedly failed or been compromised.
+
+ Upon transmission of the Notice of Disconnection, the server
+ gracefully terminates the LDAP session as described in Section 5.3.
+
+
+4.5. Search Operation
+
+ The Search operation is used to request a server to return, subject
+ to access controls and other restrictions, a set of entries matching
+ a complex search criterion. This can be used to read attributes from
+ a single entry, from entries immediately subordinate to a particular
+ entry, or a whole subtree of entries.
+
+
+4.5.1. Search Request
+
+ The Search request is defined as follows:
+
+Sermersheim Internet-Draft - Expires April 2006 Page 18 �
+ Lightweight Directory Access Protocol Version 3
+
+
+ SearchRequest ::= [APPLICATION 3] SEQUENCE {
+ baseObject LDAPDN,
+ scope ENUMERATED {
+ baseObject (0),
+ singleLevel (1),
+ wholeSubtree (2),
+ ... },
+ derefAliases ENUMERATED {
+ neverDerefAliases (0),
+ derefInSearching (1),
+ derefFindingBaseObj (2),
+ derefAlways (3) },
+ sizeLimit INTEGER (0 .. maxInt),
+ timeLimit INTEGER (0 .. maxInt),
+ typesOnly BOOLEAN,
+ filter Filter,
+ attributes AttributeSelection }
+
+ AttributeSelection ::= SEQUENCE OF selector LDAPString
+ -- The LDAPString is constrained to
+ -- <attributeSelector> in Section 4.5.1.7
+
+ Filter ::= CHOICE {
+ and [0] SET SIZE (1..MAX) OF filter Filter,
+ or [1] SET SIZE (1..MAX) OF filter Filter,
+ not [2] Filter,
+ equalityMatch [3] AttributeValueAssertion,
+ substrings [4] SubstringFilter,
+ greaterOrEqual [5] AttributeValueAssertion,
+ lessOrEqual [6] AttributeValueAssertion,
+ present [7] AttributeDescription,
+ approxMatch [8] AttributeValueAssertion,
+ extensibleMatch [9] MatchingRuleAssertion,
+ ... }
+
+ SubstringFilter ::= SEQUENCE {
+ type AttributeDescription,
+ substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE {
+ initial [0] AssertionValue, -- can occur at most once
+ any [1] AssertionValue,
+ final [2] AssertionValue } -- can occur at most once
+ }
+
+ MatchingRuleAssertion ::= SEQUENCE {
+ matchingRule [1] MatchingRuleId OPTIONAL,
+ type [2] AttributeDescription OPTIONAL,
+ matchValue [3] AssertionValue,
+ dnAttributes [4] BOOLEAN DEFAULT FALSE }
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 19 �
+ Lightweight Directory Access Protocol Version 3
+
+ Note that an X.500 "list"-like operation can be emulated by the
+ client requesting a singleLevel Search operation with a filter
+ checking for the presence of the 'objectClass' attribute, and that an
+ X.500 "read"-like operation can be emulated by a baseObject Search
+ operation with the same filter. A server which provides a gateway to
+ X.500 is not required to use the Read or List operations, although it
+ may choose to do so, and if it does, it must provide the same
+ semantics as the X.500 Search operation.
+
+
+4.5.1.1. SearchRequest.baseObject
+
+ The name of the base object entry (or possibly the root) relative to
+ which the Search is to be performed.
+
+
+4.5.1.2. SearchRequest.scope
+
+ Specifies the scope of the Search to be performed. The semantics (as
+ described in [X.511]) of the defined values of this field are:
+
+ baseObject: The scope is constrained to the entry named by
+ baseObject.
+
+ singleLevel: The scope is constrained to the immediate
+ subordinates of the entry named by baseObject.
+
+ wholeSubtree: the scope is constrained to the entry named by the
+ baseObject, and all its subordinates.
+
+
+4.5.1.3. SearchRequest.derefAliases
+
+ An indicator as to whether or not alias entries (as defined in
+ [Models]) are to be dereferenced during stages of the Search
+ operation.
+
+ The act of dereferencing an alias includes recursively dereferencing
+ aliases which refer to aliases.
+
+ Servers MUST detect looping while dereferencing aliases in order to
+ prevent denial of service attacks of this nature.
+
+ The semantics of the defined values of this field are:
+
+ neverDerefAliases: Do not dereference aliases in searching or in
+ locating the base object of the Search.
+
+
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 20 �
+ Lightweight Directory Access Protocol Version 3
+
+ derefInSearching: While searching subordinates of the base object,
+ dereference any alias within the search scope. Dereferenced
+ objects become the vertices of further search scopes where the
+ Search operation is also applied. If the search scope is
+ wholeSubtree, the Search continues in the subtree(s) of any
+ dereferenced object. If the search scope is singleLevel, the
+ search is applied to any dereferenced objects, and is not applied
+ to their subordinates. Servers SHOULD eliminate duplicate entries
+ that arise due to alias dereferencing while searching.
+
+ derefFindingBaseObj: Dereference aliases in locating the base
+ object of the Search, but not when searching subordinates of the
+ base object.
+
+ derefAlways: Dereference aliases both in searching and in locating
+ the base object of the Search.
+
+
+4.5.1.4. SearchRequest.sizeLimit
+
+ A size limit that restricts the maximum number of entries to be
+ returned as a result of the Search. A value of zero in this field
+ indicates that no client-requested size limit restrictions are in
+ effect for the Search. Servers may also enforce a maximum number of
+ entries to return.
+
+
+4.5.1.5. SearchRequest.timeLimit
+
+ A time limit that restricts the maximum time (in seconds) allowed for
+ a Search. A value of zero in this field indicates that no client-
+ requested time limit restrictions are in effect for the Search.
+ Servers may also enforce a maximum time limit for the Search.
+
+
+4.5.1.6. SearchRequest.typesOnly
+
+ An indicator as to whether Search results are to contain both
+ attribute descriptions and values, or just attribute descriptions.
+ Setting this field to TRUE causes only attribute descriptions (no
+ values) to be returned. Setting this field to FALSE causes both
+ attribute descriptions and values to be returned.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 21 �
+ Lightweight Directory Access Protocol Version 3
+
+4.5.1.7. SearchRequest.filter
+
+ A filter that defines the conditions that must be fulfilled in order
+ for the Search to match a given entry.
+
+ The 'and', 'or' and 'not' choices can be used to form combinations of
+ filters. At least one filter element MUST be present in an 'and' or
+ 'or' choice. The others match against individual attribute values of
+ entries in the scope of the Search. (Implementor's note: the 'not'
+ filter is an example of a tagged choice in an implicitly-tagged
+ module. In BER this is treated as if the tag was explicit.)
+
+ A server MUST evaluate filters according to the three-valued logic of
+ [X.511] (1993) Clause 7.8.1. In summary, a filter is evaluated to
+ either "TRUE", "FALSE" or "Undefined". If the filter evaluates to
+ TRUE for a particular entry, then the attributes of that entry are
+ returned as part of the Search result (subject to any applicable
+ access control restrictions). If the filter evaluates to FALSE or
+ Undefined, then the entry is ignored for the Search.
+
+ A filter of the "and" choice is TRUE if all the filters in the SET OF
+ evaluate to TRUE, FALSE if at least one filter is FALSE, and
+ otherwise Undefined. A filter of the "or" choice is FALSE if all of
+ the filters in the SET OF evaluate to FALSE, TRUE if at least one
+ filter is TRUE, and Undefined otherwise. A filter of the 'not' choice
+ is TRUE if the filter being negated is FALSE, FALSE if it is TRUE,
+ and Undefined if it is Undefined.
+
+ A filter item evaluates to Undefined when the server would not be
+ able to determine whether the assertion value matches an entry.
+ Examples include:
+
+ - An attribute description in an equalityMatch, substrings,
+ greaterOrEqual, lessOrEqual, approxMatch or extensibleMatch
+ filter is not recognized by the server.
+
+ - The attribute type does not define the appropriate matching
+ rule.
+
+ - A MatchingRuleId in the extensibleMatch is not recognized by
+ the server or is not valid for the attribute type.
+
+ - The type of filtering requested is not implemented.
+
+ - The assertion value is invalid.
+
+ For example, if a server did not recognize the attribute type
+ shoeSize, the filters (shoeSize=*), (shoeSize=12), (shoeSize>=12) and
+ (shoeSize<=12) would each evaluate to Undefined.
+
+ Servers MUST NOT return errors if attribute descriptions or matching
+ rule ids are not recognized, assertion values are invalid, or the
+ assertion syntax is not supported. More details of filter processing
+ are given in Clause 7.8 of [X.511].
+
+Sermersheim Internet-Draft - Expires April 2006 Page 22 �
+ Lightweight Directory Access Protocol Version 3
+
+
+
+4.5.1.7.1. SearchRequest.filter.equalityMatch
+
+ The matching rule for an equalityMatch filter is defined by the
+ EQUALITY matching rule for the attribute type or subtype. The filter
+ is TRUE when the EQUALITY rule returns TRUE as applied to the
+ attribute or subtype and the asserted value.
+
+
+4.5.1.7.2. SearchRequest.filter.substrings
+
+ There SHALL be at most one 'initial', and at most one 'final' in the
+ 'substrings' of a SubstringFilter. If 'initial' is present, it SHALL
+ be the first element of 'substrings'. If 'final' is present, it SHALL
+ be the last element of 'substrings'.
+
+ The matching rule for an AssertionValue in a substrings filter item
+ is defined by the SUBSTR matching rule for the attribute type or
+ subtype. The filter is TRUE when the SUBSTR rule returns TRUE as
+ applied to the attribute or subtype and the asserted value.
+
+ Note that the AssertionValue in a substrings filter item conforms to
+ the assertion syntax of the EQUALITY matching rule for the attribute
+ type rather than the assertion syntax of the SUBSTR matching rule for
+ the attribute type. Conceptually, the entire SubstringFilter is
+ converted into an assertion value of the substrings matching rule
+ prior to applying the rule.
+
+
+4.5.1.7.3. SearchRequest.filter.greaterOrEqual
+
+ The matching rule for a greaterOrEqual filter is defined by the
+ ORDERING matching rule for the attribute type or subtype. The filter
+ is TRUE when the ORDERING rule returns FALSE as applied to the
+ attribute or subtype and the asserted value.
+
+
+4.5.1.7.4. SearchRequest.filter.lessOrEqual
+
+ The matching rules for a lessOrEqual filter are defined by the
+ ORDERING and EQUALITY matching rules for the attribute type or
+ subtype. The filter is TRUE when either the ORDERING or EQUALITY rule
+ returns TRUE as applied to the attribute or subtype and the asserted
+ value.
+
+
+4.5.1.7.5. SearchRequest.filter.present
+
+ A present filter is TRUE when there is an attribute or subtype of the
+ specified attribute description present in an entry, FALSE when no
+ attribute or subtype of the specified attribute description is
+ present in an entry, and Undefined otherwise.
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 23 �
+ Lightweight Directory Access Protocol Version 3
+
+
+4.5.1.7.6. SearchRequest.filter.approxMatch
+
+ An approxMatch filter is TRUE when there is a value of the attribute
+ type or subtype for which some locally-defined approximate matching
+ algorithm (e.g. spelling variations, phonetic match, etc.) returns
+ TRUE. If a value matches for equality, it also satisfies an
+ approximate match. If approximate matching is not supported for the
+ attribute, this filter item should be treated as an equalityMatch.
+
+
+4.5.1.7.7. SearchRequest.filter.extensibleMatch
+
+ The fields of the extensibleMatch filter item are evaluated as
+ follows:
+
+ - If the matchingRule field is absent, the type field MUST be
+ present, and an equality match is performed for that type.
+
+ - If the type field is absent and the matchingRule is present, the
+ matchValue is compared against all attributes in an entry which
+ support that matchingRule.
+
+ - If the type field is present and the matchingRule is present, the
+ matchValue is compared against the specified attribute type and
+ its subtypes.
+
+ - If the dnAttributes field is set to TRUE, the match is
+ additionally applied against all the AttributeValueAssertions in
+ an entry's distinguished name, and evaluates to TRUE if there is
+ at least one attribute or subtype in the distinguished name for
+ which the filter item evaluates to TRUE. The dnAttributes field is
+ present to alleviate the need for multiple versions of generic
+ matching rules (such as word matching), where one applies to
+ entries and another applies to entries and DN attributes as well.
+
+ The matchingRule used for evaluation determines the syntax for the
+ assertion value. Once the matchingRule and attribute(s) have been
+ determined, the filter item evaluates to TRUE if it matches at least
+ one attribute type or subtype in the entry, FALSE if it does not
+ match any attribute type or subtype in the entry, and Undefined if
+ the matchingRule is not recognized, the matchingRule is unsuitable
+ for use with the specified type, or the assertionValue is invalid.
+
+
+4.5.1.7. SearchRequest.attributes
+
+ A selection list of the attributes to be returned from each entry
+ which matches the search filter. Attributes which are subtypes of
+ listed attributes are implicitly included. LDAPString values of this
+ field are constrained to the following Augmented Backus-Naur Form
+ ([ABNF]):
+
+ attributeSelector = attributedescription / selectorspecial
+
+Sermersheim Internet-Draft - Expires April 2006 Page 24 �
+ Lightweight Directory Access Protocol Version 3
+
+
+ selectorspecial = noattrs / alluserattrs
+
+ noattrs = %x31.2E.31 ; "1.1"
+
+ alluserattrs = %x2A ; asterisk ("*")
+
+ The <attributedescription> production is defined in Section 2.5 of
+ [Models].
+
+ There are three special cases which may appear in the attributes
+ selection list:
+
+ - an empty list with no attributes,
+
+ - a list containing "*" (with zero or more attribute
+ descriptions), and
+
+ - a list containing only "1.1".
+
+ An empty list requests the return of all user attributes.
+
+ A list containing "*" requests the return of all user attributes
+ in addition to other listed (operational) attributes.
+
+ A list containing only the OID "1.1" indicates that no attributes
+ are to be returned. If "1.1" is provided with other
+ attributeSelector values, the "1.1" attributeSelector is ignored.
+ This OID was chosen because it does not (and can not) correspond
+ to any attribute in use.
+
+ Client implementors should note that even if all user attributes are
+ requested, some attributes and/or attribute values of the entry may
+ not be included in Search results due to access controls or other
+ restrictions. Furthermore, servers will not return operational
+ attributes, such as objectClasses or attributeTypes, unless they are
+ listed by name. Operational attributes are described in [Models].
+
+ Attributes are returned at most once in an entry. If an attribute
+ description is named more than once in the list, the subsequent names
+ are ignored. If an attribute description in the list is not
+ recognized, it is ignored by the server.
+
+
+4.5.2. Search Result
+
+ The results of the Search operation are returned as zero or more
+ SearchResultEntry and/or SearchResultReference messages, followed by
+ a single SearchResultDone message.
+
+ SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
+ objectName LDAPDN,
+ attributes PartialAttributeList }
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 25 �
+ Lightweight Directory Access Protocol Version 3
+
+ PartialAttributeList ::= SEQUENCE OF
+ partialAttribute PartialAttribute
+
+ SearchResultReference ::= [APPLICATION 19] SEQUENCE
+ SIZE (1..MAX) OF uri URI
+
+ SearchResultDone ::= [APPLICATION 5] LDAPResult
+
+ Each SearchResultEntry represents an entry found during the Search.
+ Each SearchResultReference represents an area not yet explored during
+ the Search. The SearchResultEntry and SearchResultReference messages
+ may come in any order. Following all the SearchResultReference and
+ SearchResultEntry responses, the server returns a SearchResultDone
+ response, which contains an indication of success, or detailing any
+ errors that have occurred.
+
+ Each entry returned in a SearchResultEntry will contain all
+ appropriate attributes as specified in the attributes field of the
+ Search Request, subject to access control and other administrative
+ policy. Note that the PartialAttributeList may hold zero elements.
+ This may happen when none of the attributes of an entry were
+ requested, or could be returned. Note also that the partialAttribute
+ vals set may hold zero elements. This may happen when typesOnly is
+ requested, access controls prevent the return of values, or other
+ reasons.
+
+ Some attributes may be constructed by the server and appear in a
+ SearchResultEntry attribute list, although they are not stored
+ attributes of an entry. Clients SHOULD NOT assume that all attributes
+ can be modified, even if permitted by access control.
+
+ If the server's schema defines short names [Models] for an attribute
+ type then the server SHOULD use one of those names in attribute
+ descriptions for that attribute type (in preference to using the
+ <numericoid> [Models] format of the attribute type's object
+ identifier). The server SHOULD NOT use the short name if that name is
+ known by the server to be ambiguous, or otherwise likely to cause
+ interoperability problems.
+
+
+4.5.3. Continuation References in the Search Result
+
+ If the server was able to locate the entry referred to by the
+ baseObject but was unable or unwilling to search one or more non-
+ local entries, the server may return one or more
+ SearchResultReference messages, each containing a reference to
+ another set of servers for continuing the operation. A server MUST
+ NOT return any SearchResultReference messages if it has not located
+ the baseObject and thus has not searched any entries; in this case it
+ would return a SearchResultDone containing either a referral or
+ noSuchObject result code (depending on the server's knowledge of the
+ entry named in the baseObject).
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 26 �
+ Lightweight Directory Access Protocol Version 3
+
+ If a server holds a copy or partial copy of the subordinate naming
+ context (Section 5 of [Models]), it may use the search filter to
+ determine whether or not to return a SearchResultReference response.
+ Otherwise SearchResultReference responses are always returned when in
+ scope.
+
+ The SearchResultReference is of the same data type as the Referral.
+
+ If the client wishes to progress the Search, it issues a new Search
+ operation for each SearchResultReference that is returned. If
+ multiple URIs are present, the client assumes that any supported URI
+ may be used to progress the operation.
+
+ Clients that follow search continuation references MUST ensure that
+ they do not loop between servers. They MUST NOT repeatedly contact
+ the same server for the same request with the same parameters. Some
+ clients use a counter that is incremented each time search result
+ reference handling occurs for an operation, and these kinds of
+ clients MUST be able to handle at least ten nested referrals while
+ progressing the operation.
+
+ Note that the Abandon operation described in Section 4.11 applies
+ only to a particular operation sent at the LDAP message layer between
+ a client and server. The client must abandon subsequent Search
+ operations it wishes to individually.
+
+ A URI for a server implementing LDAP and accessible via [TCP]/[IP]
+ (v4 or v6) is written as an LDAP URL according to [LDAPURL].
+
+ SearchResultReference values which are LDAP URLs follow these rules:
+
+ - The <dn> part of the LDAP URL MUST be present, with the new target
+ object name. The client uses this name when following the
+ reference.
+
+ - Some servers (e.g. participating in distributed indexing) may
+ provide a different filter in the LDAP URL.
+
+ - If the <filter> part of the LDAP URL is present, the client uses
+ this filter in its next request to progress this Search, and if it
+ is not present the client uses the same filter as it used for that
+ Search.
+
+ - If the originating search scope was singleLevel, the <scope> part
+ of the LDAP URL will be "base".
+
+ - It is RECOMMENDED that the <scope> part be present to avoid
+ ambiguity. In the absence of a <scope> part, the scope of the
+ original Search request is assumed.
+
+ - Other aspects of the new Search request may be the same as or
+ different from the Search request which generated the
+ SearchResultReference.
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 27 �
+ Lightweight Directory Access Protocol Version 3
+
+ - The name of an unexplored subtree in a SearchResultReference need
+ not be subordinate to the base object.
+
+ Other kinds of URIs may be returned. The syntax and semantics of such
+ URIs is left to future specifications. Clients may ignore URIs that
+ they do not support.
+
+ UTF-8 encoded characters appearing in the string representation of a
+ DN, search filter, or other fields of the referral value may not be
+ legal for URIs (e.g. spaces) and MUST be escaped using the % method
+ in [URI].
+
+
+
+4.5.3.1. Examples
+
+ For example, suppose the contacted server (hosta) holds the entry
+ <DC=Example,DC=NET> and the entry <CN=Manager,DC=Example,DC=NET>. It
+ knows that both LDAP servers (hostb) and (hostc) hold
+ <OU=People,DC=Example,DC=NET> (one is the master and the other server
+ a shadow), and that LDAP-capable server (hostd) holds the subtree
+ <OU=Roles,DC=Example,DC=NET>. If a wholeSubtree Search of
+ <DC=Example,DC=NET> is requested to the contacted server, it may
+ return the following:
+
+ SearchResultEntry for DC=Example,DC=NET
+ SearchResultEntry for CN=Manager,DC=Example,DC=NET
+ SearchResultReference {
+ ldap://hostb/OU=People,DC=Example,DC=NET??sub
+ ldap://hostc/OU=People,DC=Example,DC=NET??sub }
+ SearchResultReference {
+ ldap://hostd/OU=Roles,DC=Example,DC=NET??sub }
+ SearchResultDone (success)
+
+ Client implementors should note that when following a
+ SearchResultReference, additional SearchResultReference may be
+ generated. Continuing the example, if the client contacted the server
+ (hostb) and issued the Search request for the subtree
+ <OU=People,DC=Example,DC=NET>, the server might respond as follows:
+
+ SearchResultEntry for OU=People,DC=Example,DC=NET
+ SearchResultReference {
+ ldap://hoste/OU=Managers,OU=People,DC=Example,DC=NET??sub }
+ SearchResultReference {
+ ldap://hostf/OU=Consultants,OU=People,DC=Example,DC=NET??sub }
+ SearchResultDone (success)
+
+ Similarly, if a singleLevel Search of <DC=Example,DC=NET> is
+ requested to the contacted server, it may return the following:
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 28 �
+ Lightweight Directory Access Protocol Version 3
+
+ SearchResultEntry for CN=Manager,DC=Example,DC=NET
+ SearchResultReference {
+ ldap://hostb/OU=People,DC=Example,DC=NET??base
+ ldap://hostc/OU=People,DC=Example,DC=NET??base }
+ SearchResultReference {
+ ldap://hostd/OU=Roles,DC=Example,DC=NET??base }
+ SearchResultDone (success)
+
+ If the contacted server does not hold the base object for the Search,
+ but has knowledge of its possible location, then it may return a
+ referral to the client. In this case, if the client requests a
+ subtree Search of <DC=Example,DC=ORG> to hosta, the server returns a
+ SearchResultDone containing a referral.
+
+ SearchResultDone (referral) {
+ ldap://hostg/DC=Example,DC=ORG??sub }
+
+
+4.6. Modify Operation
+
+ The Modify operation allows a client to request that a modification
+ of an entry be performed on its behalf by a server. The Modify
+ Request is defined as follows:
+
+ ModifyRequest ::= [APPLICATION 6] SEQUENCE {
+ object LDAPDN,
+ changes SEQUENCE OF change SEQUENCE {
+ operation ENUMERATED {
+ add (0),
+ delete (1),
+ replace (2),
+ ... },
+ modification PartialAttribute } }
+
+ Fields of the Modify Request are:
+
+ - object: The value of this field contains the name of the entry to
+ be modified. The server SHALL NOT perform any alias dereferencing
+ in determining the object to be modified.
+
+ - changes: A list of modifications to be performed on the entry. The
+ entire list of modifications MUST be performed in the order they
+ are listed as a single atomic operation. While individual
+ modifications may violate certain aspects of the directory schema
+ (such as the object class definition and DIT content rule), the
+ resulting entry after the entire list of modifications is
+ performed MUST conform to the requirements of the directory model
+ and controlling schema [Models].
+
+ - operation: Used to specify the type of modification being
+ performed. Each operation type acts on the following
+ modification. The values of this field have the following
+ semantics respectively:
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 29 �
+ Lightweight Directory Access Protocol Version 3
+
+ add: add values listed to the modification attribute,
+ creating the attribute if necessary;
+
+ delete: delete values listed from the modification attribute.
+ If no values are listed, or if all current values of the
+ attribute are listed, the entire attribute is removed;
+
+ replace: replace all existing values of the modification
+ attribute with the new values listed, creating the attribute
+ if it did not already exist. A replace with no value will
+ delete the entire attribute if it exists, and is ignored if
+ the attribute does not exist.
+
+ - modification: A PartialAttribute (which may have an empty SET
+ of vals) used to hold the attribute type or attribute type and
+ values being modified.
+
+ Upon receipt of a Modify Request, the server attempts to perform the
+ necessary modifications to the DIT and returns the result in a Modify
+ Response, defined as follows:
+
+ ModifyResponse ::= [APPLICATION 7] LDAPResult
+
+ The server will return to the client a single Modify Response
+ indicating either the successful completion of the DIT modification,
+ or the reason that the modification failed. Due to the requirement
+ for atomicity in applying the list of modifications in the Modify
+ Request, the client may expect that no modifications of the DIT have
+ been performed if the Modify Response received indicates any sort of
+ error, and that all requested modifications have been performed if
+ the Modify Response indicates successful completion of the Modify
+ operation. Whether the modification was applied or not cannot be
+ determined by the client if the Modify Response was not received
+ (e.g. the LDAP session was terminated or the Modify operation was
+ abandoned).
+
+ Servers MUST ensure that entries conform to user and system schema
+ rules or other data model constraints. The Modify operation cannot be
+ used to remove from an entry any of its distinguished values, i.e.
+ those values which form the entry's relative distinguished name. An
+ attempt to do so will result in the server returning the
+ notAllowedOnRDN result code. The Modify DN operation described in
+ Section 4.9 is used to rename an entry.
+
+ For attribute types which specify no equality matching, the rules in
+ Section 2.5.1 of [Models] are followed.
+
+ Note that due to the simplifications made in LDAP, there is not a
+ direct mapping of the changes in an LDAP ModifyRequest onto the
+ changes of a DAP ModifyEntry operation, and different implementations
+ of LDAP-DAP gateways may use different means of representing the
+ change. If successful, the final effect of the operations on the
+ entry MUST be identical.
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 30 �
+ Lightweight Directory Access Protocol Version 3
+
+
+4.7. Add Operation
+
+ The Add operation allows a client to request the addition of an entry
+ into the Directory. The Add Request is defined as follows:
+
+ AddRequest ::= [APPLICATION 8] SEQUENCE {
+ entry LDAPDN,
+ attributes AttributeList }
+
+ AttributeList ::= SEQUENCE OF attribute Attribute
+
+ Fields of the Add Request are:
+
+ - entry: the name of the entry to be added. The server SHALL NOT
+ dereference any aliases in locating the entry to be added.
+
+ - attributes: the list of attributes that, along with those from the
+ RDN, make up the content of the entry being added. Clients MAY or
+ MAY NOT include the RDN attribute(s) in this list. Clients MUST
+ NOT supply NO-USER-MODIFICATION attributes such as the
+ createTimestamp or creatorsName attributes, since the server
+ maintains these automatically.
+
+ Servers MUST ensure that entries conform to user and system schema
+ rules or other data model constraints. For attribute types which
+ specify no equality matching, the rules in Section 2.5.1 of [Models]
+ are followed (this applies to the naming attribute in addition to any
+ multi-valued attributes being added).
+
+ The entry named in the entry field of the AddRequest MUST NOT exist
+ for the AddRequest to succeed. The immediate superior (parent) of an
+ object or alias entry to be added MUST exist. For example, if the
+ client attempted to add <CN=JS,DC=Example,DC=NET>, the
+ <DC=Example,DC=NET> entry did not exist, and the <DC=NET> entry did
+ exist, then the server would return the noSuchObject result code with
+ the matchedDN field containing <DC=NET>.
+
+ Upon receipt of an Add Request, a server will attempt to add the
+ requested entry. The result of the Add attempt will be returned to
+ the client in the Add Response, defined as follows:
+
+ AddResponse ::= [APPLICATION 9] LDAPResult
+
+ A response of success indicates that the new entry has been added to
+ the Directory.
+
+
+4.8. Delete Operation
+
+ The Delete operation allows a client to request the removal of an
+ entry from the Directory. The Delete Request is defined as follows:
+
+ DelRequest ::= [APPLICATION 10] LDAPDN
+
+Sermersheim Internet-Draft - Expires April 2006 Page 31 �
+ Lightweight Directory Access Protocol Version 3
+
+
+ The Delete Request consists of the name of the entry to be deleted.
+ The server SHALL NOT dereference aliases while resolving the name of
+ the target entry to be removed.
+
+ Only leaf entries (those with no subordinate entries) can be deleted
+ with this operation.
+
+ Upon receipt of a Delete Request, a server will attempt to perform
+ the entry removal requested and return the result in the Delete
+ Response defined as follows:
+
+ DelResponse ::= [APPLICATION 11] LDAPResult
+
+
+4.9. Modify DN Operation
+
+ The Modify DN operation allows a client to change the Relative
+ Distinguished Name (RDN) of an entry in the Directory, and/or to move
+ a subtree of entries to a new location in the Directory. The Modify
+ DN Request is defined as follows:
+
+ ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
+ entry LDAPDN,
+ newrdn RelativeLDAPDN,
+ deleteoldrdn BOOLEAN,
+ newSuperior [0] LDAPDN OPTIONAL }
+
+ Fields of the Modify DN Request are:
+
+ - entry: the name of the entry to be changed. This entry may or may
+ not have subordinate entries.
+
+ - newrdn: the new RDN of the entry. The value of the old RDN is
+ supplied when moving the entry to a new superior without changing
+ its RDN. Attribute values of the new RDN not matching any
+ attribute value of the entry are added to the entry and an
+ appropriate error is returned if this fails.
+
+ - deleteoldrdn: a boolean field that controls whether the old RDN
+ attribute values are to be retained as attributes of the entry, or
+ deleted from the entry.
+
+ - newSuperior: if present, this is the name of an existing object
+ entry which becomes the immediate superior (parent) of the
+ existing entry.
+
+ The server SHALL NOT dereference any aliases in locating the objects
+ named in entry or newSuperior.
+
+ Upon receipt of a ModifyDNRequest, a server will attempt to perform
+ the name change and return the result in the Modify DN Response,
+ defined as follows:
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 32 �
+ Lightweight Directory Access Protocol Version 3
+
+ ModifyDNResponse ::= [APPLICATION 13] LDAPResult
+
+ For example, if the entry named in the entry field was <cn=John
+ Smith,c=US>, the newrdn field was <cn=John Cougar Smith>, and the
+ newSuperior field was absent, then this operation would attempt to
+ rename the entry to be <cn=John Cougar Smith,c=US>. If there was
+ already an entry with that name, the operation would fail with the
+ entryAlreadyExists result code.
+
+ Servers MUST ensure that entries conform to user and system schema
+ rules or other data model constraints. For attribute types which
+ specify no equality matching, the rules in Section 2.5.1 of [Models]
+ are followed (this pertains to newrdn and deleteoldrdn).
+
+ The object named in newSuperior MUST exist. For example, if the
+ client attempted to add <CN=JS,DC=Example,DC=NET>, the
+ <DC=Example,DC=NET> entry did not exist, and the <DC=NET> entry did
+ exist, then the server would return the noSuchObject result code with
+ the matchedDN field containing <DC=NET>.
+
+ If the deleteoldrdn field is TRUE, the attribute values forming the
+ old RDN but not the new RDN are deleted from the entry. If the
+ deleteoldrdn field is FALSE, the attribute values forming the old RDN
+ will be retained as non-distinguished attribute values of the entry.
+
+ Note that X.500 restricts the ModifyDN operation to only affect
+ entries that are contained within a single server. If the LDAP server
+ is mapped onto DAP, then this restriction will apply, and the
+ affectsMultipleDSAs result code will be returned if this error
+ occurred. In general, clients MUST NOT expect to be able to perform
+ arbitrary movements of entries and subtrees between servers or
+ between naming contexts.
+
+
+4.10. Compare Operation
+
+ The Compare operation allows a client to compare an assertion value
+ with the values of a particular attribute in a particular entry in
+ the Directory. The Compare Request is defined as follows:
+
+ CompareRequest ::= [APPLICATION 14] SEQUENCE {
+ entry LDAPDN,
+ ava AttributeValueAssertion }
+
+ Fields of the Compare Request are:
+
+ - entry: the name of the entry to be compared. The server SHALL NOT
+ dereference any aliases in locating the entry to be compared.
+
+ - ava: holds the attribute value assertion to be compared.
+
+ Upon receipt of a Compare Request, a server will attempt to perform
+ the requested comparison and return the result in the Compare
+ Response, defined as follows:
+
+Sermersheim Internet-Draft - Expires April 2006 Page 33 �
+ Lightweight Directory Access Protocol Version 3
+
+
+ CompareResponse ::= [APPLICATION 15] LDAPResult
+
+ The resultCode is set to compareTrue, compareFalse, or an appropriate
+ error. compareTrue indicates that the assertion value in the ava
+ field matches a value of the attribute or subtype according to the
+ attribute's EQUALITY matching rule. compareFalse indicates that the
+ assertion value in the ava field and the values of the attribute or
+ subtype did not match. Other result codes indicate either that the
+ result of the comparison was Undefined (Section 4.5.1), or that some
+ error occurred.
+
+ Note that some directory systems may establish access controls which
+ permit the values of certain attributes (such as userPassword) to be
+ compared but not interrogated by other means.
+
+
+4.11. Abandon Operation
+
+ The function of the Abandon operation is to allow a client to request
+ that the server abandon an uncompleted operation. The Abandon Request
+ is defined as follows:
+
+ AbandonRequest ::= [APPLICATION 16] MessageID
+
+ The MessageID is that of an operation which was requested earlier at
+ this LDAP message layer. The Abandon request itself has its own
+ MessageID. This is distinct from the MessageID of the earlier
+ operation being abandoned.
+
+ There is no response defined in the Abandon operation. Upon receipt
+ of an AbandonRequest, the server MAY abandon the operation identified
+ by the MessageID. Since the client cannot tell the difference between
+ a successfully abandoned operation and an uncompleted operation, the
+ application of the Abandon operation is limited to uses where the
+ client does not require an indication of its outcome.
+
+ Abandon, Bind, Unbind, and StartTLS operations cannot be abandoned.
+
+ In the event that a server receives an Abandon Request on a Search
+ operation in the midst of transmitting responses to the Search, that
+ server MUST cease transmitting entry responses to the abandoned
+ request immediately, and MUST NOT send the SearchResultDone. Of
+ course, the server MUST ensure that only properly encoded LDAPMessage
+ PDUs are transmitted.
+
+ The ability to abandon other (particularly update) operations is at
+ the discretion of the server.
+
+ Clients should not send Abandon requests for the same operation
+ multiple times, and MUST also be prepared to receive results from
+ operations it has abandoned (since these may have been in transit
+ when the Abandon was requested, or are not able to be abandoned).
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 34 �
+ Lightweight Directory Access Protocol Version 3
+
+ Servers MUST discard Abandon requests for message IDs they do not
+ recognize, for operations which cannot be abandoned, and for
+ operations which have already been abandoned.
+
+
+4.12. Extended Operation
+
+ The Extended operation allows additional operations to be defined for
+ services not already available in the protocol. For example, to Add
+ operations to install transport layer security (see Section 4.14).
+
+ The Extended operation allows clients to make requests and receive
+ responses with predefined syntaxes and semantics. These may be
+ defined in RFCs or be private to particular implementations.
+
+ Each Extended operation consists of an Extended request and an
+ Extended response.
+
+ ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
+ requestName [0] LDAPOID,
+ requestValue [1] OCTET STRING OPTIONAL }
+
+ The requestName is a dotted-decimal representation of the unique
+ OBJECT IDENTIFIER corresponding to the request. The requestValue is
+ information in a form defined by that request, encapsulated inside an
+ OCTET STRING.
+
+ The server will respond to this with an LDAPMessage containing an
+ ExtendedResponse.
+
+ ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
+ COMPONENTS OF LDAPResult,
+ responseName [10] LDAPOID OPTIONAL,
+ responseValue [11] OCTET STRING OPTIONAL }
+
+ The responseName field, when present, contains an LDAPOID which is
+ unique for this extended operation or response. This field is
+ optional (even when the extension specification specifies an LDAPOID
+ to be returned in the field). The field will be absent whenever the
+ server is unable or unwilling to determine the appropriate LDAPOID to
+ return, for instance when the requestName cannot be parsed or its
+ value is not recognized.
+
+ Where the requestName is not recognized, the server returns
+ protocolError (The server may return protocolError in other cases).
+
+ The requestValue and responseValue fields contain information
+ associated with the operation. The format of these fields is defined
+ by the specification of the Extended operation. Implementations MUST
+ be prepared to handle arbitrary contents of these fields, including
+ zero bytes. Values that are defined in terms of ASN.1 and BER encoded
+ according to Section 5.1, also follow the extensibility rules in
+ Section 4.
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 35 �
+ Lightweight Directory Access Protocol Version 3
+
+ Servers list the requestName of Extended Requests they recognize in
+ the 'supportedExtension' attribute in the root DSE (Section 5.1 of
+ [Models]).
+
+ Extended operations may be specified in other documents. The
+ specification of an Extended operation consists of:
+
+ - the OBJECT IDENTIFIER assigned to the requestName,
+
+ - the OBJECT IDENTIFIER (if any) assigned to the responseName (note
+ that the same OBJECT IDENTIFIER may be used for both the
+ requestName and responseName),
+
+ - the format of the contents of the requestValue and responseValue
+ (if any), and
+
+ - the semantics of the operation.
+
+
+4.13. IntermediateResponse Message
+
+ While the Search operation provides a mechanism to return multiple
+ response messages for a single Search request, other operations, by
+ nature, do not provide for multiple response messages.
+
+ The IntermediateResponse message provides a general mechanism for
+ defining single-request/multiple-response operations in LDAP. This
+ message is intended to be used in conjunction with the Extended
+ operation to define new single-request/multiple-response operations
+ or in conjunction with a control when extending existing LDAP
+ operations in a way that requires them to return Intermediate
+ response information.
+
+ It is intended that the definitions and descriptions of Extended
+ operations and controls that make use of the IntermediateResponse
+ message will define the circumstances when an IntermediateResponse
+ message can be sent by a server and the associated meaning of an
+ IntermediateResponse message sent in a particular circumstance.
+
+ IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
+ responseName [0] LDAPOID OPTIONAL,
+ responseValue [1] OCTET STRING OPTIONAL }
+
+ IntermediateResponse messages SHALL NOT be returned to the client
+ unless the client issues a request that specifically solicits their
+ return. This document defines two forms of solicitation: Extended
+ operation and request control. IntermediateResponse messages are
+ specified in documents describing the manner in which they are
+ solicited (i.e. in the Extended operation or request control
+ specification that uses them). These specifications include:
+
+ - the OBJECT IDENTIFIER (if any) assigned to the responseName,
+
+ - the format of the contents of the responseValue (if any), and
+
+Sermersheim Internet-Draft - Expires April 2006 Page 36 �
+ Lightweight Directory Access Protocol Version 3
+
+
+ - the semantics associated with the IntermediateResponse message.
+
+ Extensions that allow the return of multiple types of
+ IntermediateResponse messages SHALL identify those types using unique
+ responseName values (note that one of these may specify no value).
+
+ Sections 4.13.1 and 4.13.2 describe additional requirements on the
+ inclusion of responseName and responseValue in IntermediateResponse
+ messages.
+
+
+4.13.1. Usage with LDAP ExtendedRequest and ExtendedResponse
+
+ A single-request/multiple-response operation may be defined using a
+ single ExtendedRequest message to solicit zero or more
+ IntermediateResponse messages of one or more kinds followed by an
+ ExtendedResponse message.
+
+
+4.13.2. Usage with LDAP Request Controls
+
+ A control's semantics may include the return of zero or more
+ IntermediateResponse messages prior to returning the final result
+ code for the operation. One or more kinds of IntermediateResponse
+ messages may be sent in response to a request control.
+
+ All IntermediateResponse messages associated with request controls
+ SHALL include a responseName. This requirement ensures that the
+ client can correctly identify the source of IntermediateResponse
+ messages when:
+
+ - two or more controls using IntermediateResponse messages are
+ included in a request for any LDAP operation or
+
+ - one or more controls using IntermediateResponse messages are
+ included in a request with an LDAP Extended operation that uses
+ IntermediateResponse messages.
+
+
+4.14. StartTLS Operation
+
+ The Start Transport Layer Security (StartTLS) operation's purpose is
+ to initiate installation of a TLS layer. The StartTLS operation is
+ defined using the Extended operation mechanism described in Section
+ 4.12.
+
+
+
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 37 �
+ Lightweight Directory Access Protocol Version 3
+
+4.14.1. StartTLS Request
+
+ A client requests TLS establishment by transmitting a StartTLS
+ request message to the server. The StartTLS request is defined in
+ terms of an ExtendedRequest. The requestName is
+ "1.3.6.1.4.1.1466.20037", and the requestValue field is always
+ absent.
+
+ The client MUST NOT send any LDAP PDUs at this LDAP message layer
+ following this request until it receives a StartTLS Extended response
+ and, in the case of a successful response, completes TLS
+ negotiations.
+
+ Detected sequencing problems (particularly those detailed in Section
+ 3.1.1 of [AuthMeth]) result in the resultCode being set to
+ operationsError.
+
+ If the server does not support TLS (whether by design or by current
+ configuration), it returns with the resultCode set to protocolError
+ as described in Section 4.12.
+
+
+4.14.2. StartTLS Response
+
+ When a StartTLS request is received, servers supporting the operation
+ MUST return a StartTLS response message to the requestor. The
+ responseName is "1.3.6.1.4.1.1466.20037" when provided (See 4.12).
+ The responseValue is always absent.
+
+ If the server is willing and able to negotiate TLS, it returns the
+ StartTLS response with the resultCode set to success. Upon client
+ receipt of a successful StartTLS response, protocol peers may
+ commence with TLS negotiation as discussed in Section 3 of
+ [AuthMeth].
+
+ If the server is otherwise unwilling or unable to perform this
+ operation, the server is to return an appropriate result code
+ indicating the nature of the problem. For example, if the TLS
+ subsystem is not presently available, the server may indicate so by
+ returning with the resultCode set to unavailable. In cases where a
+ non-success result code is returned, the LDAP session is left without
+ a TLS layer.
+
+
+4.14.3. Removal of the TLS Layer
+
+ Either the client or server MAY remove the TLS layer and leave the
+ LDAP message layer intact by sending and receiving a TLS closure
+ alert.
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 38 �
+ Lightweight Directory Access Protocol Version 3
+
+ The initiating protocol peer sends the TLS closure alert and MUST
+ wait until it receives a TLS closure alert from the other peer before
+ sending further LDAP PDUs.
+
+ When a protocol peer receives the initial TLS closure alert, it may
+ choose to allow the LDAP message layer to remain intact. In this
+ case, it MUST immediately transmit a TLS closure alert. Following
+ this, it MAY send and receive LDAP PDUs.
+
+ Protocol peers MAY terminate the LDAP session after sending or
+ receiving a TLS closure alert.
+
+
+5. Protocol Encoding, Connection, and Transfer
+
+ This protocol is designed to run over connection-oriented, reliable
+ transports, where the data stream is divided into octets (8-bit
+ units), with each octet and each bit being significant.
+
+ One underlying service, LDAP over TCP, is defined in Section
+ 5.2. This service is generally applicable to applications providing
+ or consuming X.500-based directory services on the Internet. This
+ specification was generally written with the TCP mapping in mind.
+ Specifications detailing other mappings may encounter various
+ obstacles.
+
+ Implementations of LDAP over TCP MUST implement the mapping as
+ described in Section 5.2.
+
+ This table illustrates the relationship between the different layers
+ involved in an exchange between two protocol peers:
+
+ +----------------------+
+ | LDAP message layer |
+ +----------------------+ > LDAP PDUs
+ +----------------------+ < data
+ | SASL layer |
+ +----------------------+ > SASL-protected data
+ +----------------------+ < data
+ | TLS layer |
+ Application +----------------------+ > TLS-protected data
+ ------------+----------------------+ < data
+ Transport | transport connection |
+ +----------------------+
+
+
+5.1. Protocol Encoding
+
+ The protocol elements of LDAP SHALL be encoded for exchange using the
+ Basic Encoding Rules [BER] of [ASN.1] with the following
+ restrictions:
+
+ - Only the definite form of length encoding is used.
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 39 �
+ Lightweight Directory Access Protocol Version 3
+
+
+ - OCTET STRING values are encoded in the primitive form only.
+
+ - If the value of a BOOLEAN type is true, the encoding of the value
+ octet is set to hex "FF".
+
+ - If a value of a type is its default value, it is absent. Only some
+ BOOLEAN and INTEGER types have default values in this protocol
+ definition.
+
+ These restrictions are meant to ease the overhead of encoding and
+ decoding certain elements in BER.
+
+ These restrictions do not apply to ASN.1 types encapsulated inside of
+ OCTET STRING values, such as attribute values, unless otherwise
+ stated.
+
+
+5.2. Transmission Control Protocol (TCP)
+
+ The encoded LDAPMessage PDUs are mapped directly onto the [TCP]
+ bytestream using the BER-based encoding described in Section 5.1. It
+ is recommended that server implementations running over the TCP
+ provide a protocol listener on the Internet Assigned Numbers
+ Authority (IANA)-assigned LDAP port, 389 [PortReg]. Servers may
+ instead provide a listener on a different port number. Clients MUST
+ support contacting servers on any valid TCP port.
+
+
+5.3. Termination of the LDAP session
+
+ Termination of the LDAP session is typically initiated by the client
+ sending an UnbindRequest (Section 4.3), or by the server sending a
+ Notice of Disconnection (Section 4.4.1). In these cases each protocol
+ peer gracefully terminates the LDAP session by ceasing exchanges at
+ the LDAP message layer, tearing down any SASL layer, tearing down any
+ TLS layer, and closing the transport connection.
+
+ A protocol peer may determine that the continuation of any
+ communication would be pernicious, and in this case may abruptly
+ terminate the session by ceasing communication and closing the
+ transport connection.
+
+ In either case, when the LDAP session is terminated, uncompleted
+ operations are handled as specified in Section 3.1.
+
+
+6. Security Considerations
+
+ This version of the protocol provides facilities for simple
+ authentication using a cleartext password, as well as any [SASL]
+ mechanism. Installing SASL and/or TLS layers can provide integrity
+ and other data security services.
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 40 �
+ Lightweight Directory Access Protocol Version 3
+
+ It is also permitted that the server can return its credentials to
+ the client, if it chooses to do so.
+
+ Use of cleartext password is strongly discouraged where the
+ underlying transport service cannot guarantee confidentiality and may
+ result in disclosure of the password to unauthorized parties.
+
+ Servers are encouraged to prevent directory modifications by clients
+ that have authenticated anonymously [AuthMeth].
+
+ Security considerations for authentication methods, SASL mechanisms,
+ and TLS are described in [AuthMeth].
+
+ It should be noted that SASL authentication exchanges do not provide
+ data confidentiality nor integrity protection for the version or name
+ fields of the BindRequest nor the resultCode, diagnosticMessage, or
+ referral fields of the BindResponse nor of any information contained
+ in controls attached to Bind requests or responses. Thus information
+ contained in these fields SHOULD NOT be relied on unless otherwise
+ protected (such as by establishing protections at the transport
+ layer).
+
+ Implementors should note that various security factors, including
+ authentication and authorization information and data security
+ services may change during the course of the LDAP session, or even
+ during the performance of a particular operation. For instance,
+ credentials could expire, authorization identities or access controls
+ could change, or the underlying security layer(s) could be replaced
+ or terminated. Implementations should be robust in the handling of
+ changing security factors.
+ In some cases, it may be appropriate to continue the operation even
+ in light of security factor changes. For instance, it may be
+ appropriate to continue an Abandon operation regardless of the
+ change, or to continue an operation when the change upgraded (or
+ maintained) the security factor. In other cases, it may be
+ appropriate to fail, or alter the processing of the operation. For
+ instance, if confidential protections were removed, it would be
+ appropriate to either fail a request to return sensitive data, or
+ minimally, to exclude the return of sensitive data.
+
+ Implementations which cache attributes and entries obtained via LDAP
+ MUST ensure that access controls are maintained if that information
+ is to be provided to multiple clients, since servers may have access
+ control policies which prevent the return of entries or attributes in
+ Search results except to particular authenticated clients. For
+ example, caches could serve result information only to the client
+ whose request caused it to be in the cache.
+
+
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 41 �
+ Lightweight Directory Access Protocol Version 3
+
+ Servers may return referrals or Search result references which
+ redirect clients to peer servers. It is possible for a rogue
+ application to inject such referrals into the data stream in an
+ attempt to redirect a client to a rogue server. Clients are advised
+ to be aware of this, and possibly reject referrals when
+ confidentiality measures are not in place. Clients are advised to
+ reject referrals from the StartTLS operation.
+
+ The matchedDN and diagnosticMessage fields, as well as some
+ resultCode values (e.g., attributeOrValueExists and
+ entryAlreadyExists), could disclose the presence or absence of
+ specific data in the directory which is subject to access and other
+ administrative controls. Server implementations should restrict
+ access to protected information equally under both normal and error
+ conditions.
+
+ Protocol peers MUST be prepared to handle invalid and arbitrary
+ length protocol encodings. Invalid protocol encodings include: BER
+ encoding exceptions, format string and UTF-8 encoding exceptions,
+ overflow exceptions, integer value exceptions, and binary mode on/off
+ flag exceptions. The LDAPv3 PROTOS [PROTOS-LDAP] test suite provides
+ excellent examples of these exceptions and test cases used to
+ discover flaws.
+
+ In the event that a protocol peer senses an attack which in its
+ nature could cause damage due to further communication at any layer
+ in the LDAP session, the protocol peer should abruptly terminate the
+ LDAP session as described in Section 5.3.
+
+
+7. Acknowledgements
+
+ This document is based on RFC 2251 by Mark Wahl, Tim Howes, and Steve
+ Kille. RFC 2251 was a product of the IETF ASID Working Group.
+
+ It is also based on RFC 2830 by Jeff Hodges, RL "Bob" Morgan, and
+ Mark Wahl. RFC 2830 was a product of the IETF LDAPEXT Working Group.
+
+ It is also based on RFC 3771 by Roger Harrison, and Kurt Zeilenga.
+ RFC 3771 was an individual submission to the IETF.
+
+ This document is a product of the IETF LDAPBIS Working Group.
+ Significant contributors of technical review and content include Kurt
+ Zeilenga, Steven Legg, and Hallvard Furuseth.
+
+
+8. Normative References
+
+ [ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax
+ Specifications: ABNF", draft-crocker-abnf-rfc2234bis-
+ xx.txt, (a work in progress).
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 42 �
+ Lightweight Directory Access Protocol Version 3
+
+ [ASN.1] ITU-T Recommendation X.680 (07/2002) | ISO/IEC 8824-1:2002
+ "Information Technology - Abstract Syntax Notation One
+ (ASN.1): Specification of basic notation"
+
+ [AuthMeth] Harrison, R., "LDAP: Authentication Methods and Connection
+ Level Security Mechanisms", draft-ietf-ldapbis-authmeth-
+ xx.txt, (a work in progress).
+
+ [BER] ITU-T Rec. X.690 (07/2002) | ISO/IEC 8825-1:2002,
+ "Information technology - ASN.1 encoding rules:
+ Specification of Basic Encoding Rules (BER), Canonical
+ Encoding Rules (CER) and Distinguished Encoding Rules
+ (DER)", 2002.
+
+ [IP] Postel, J., "Internet Protocol", STD5 and RFC 791,
+ September 1981
+
+ [ISO10646] Universal Multiple-Octet Coded Character Set (UCS) -
+ Architecture and Basic Multilingual Plane, ISO/IEC 10646-1
+ : 1993.
+
+ [Keyword] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", RFC 2119, March 1997.
+
+ [LDAPDN] Zeilenga, K., "LDAP: String Representation of
+ Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, (a
+ work in progress).
+
+ [LDAPIANA] Zeilenga, K., "IANA Considerations for LDAP", draft-ietf-
+ ldapbis-bcp64-xx.txt, (a work in progress).
+
+ [LDAPURL] Smith, M., "LDAP: Uniform Resource Locator", draft-ietf-
+ ldapbis-url-xx.txt, (a work in progress).
+
+ [Models] Zeilenga, K., "LDAP: Directory Information Models", draft-
+ ietf-ldapbis-models-xx.txt (a work in progress).
+
+ [Roadmap] Zeilenga, K., "LDAP: Technical Specification Road Map",
+ draft-ietf-ldapbis-roadmap-xx.txt (a work in progress).
+
+ [SASL] Melnikov, A., "Simple Authentication and Security Layer",
+ draft-ietf-sasl-rfc2222bis-xx.txt (a work in progress).
+
+ [SASLPrep] Zeilenga, K., "Stringprep profile for user names and
+ passwords", draft-ietf-sasl-saslprep-xx.txt, (a work in
+ progress).
+
+ [StringPrep] Hoffman P. and M. Blanchet, "Preparation of
+ Internationalized Strings ('stringprep')", draft-hoffman-
+ rfc3454bis-xx.txt, a work in progress.
+
+ [Syntaxes] Legg, S., and K. Dally, "LDAP: Syntaxes and Matching
+ Rules", draft-ietf-ldapbis-syntaxes-xx.txt, (a work in
+ progress).
+
+Sermersheim Internet-Draft - Expires April 2006 Page 43 �
+ Lightweight Directory Access Protocol Version 3
+
+
+ [TCP] Postel, J., "Transmission Control Protocol", STD7 and RFC
+ 793, September 1981
+
+ [TLS] Dierks, T. and C. Allen. "The TLS Protocol Version 1.1",
+ draft-ietf-tls-rfc2246-bis-xx.txt, a work in progress.
+
+ [Unicode] The Unicode Consortium, "The Unicode Standard, Version
+ 3.2.0" is defined by "The Unicode Standard, Version 3.0"
+ (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5),
+ as amended by the "Unicode Standard Annex #27: Unicode
+ 3.1" (http://www.unicode.org/reports/tr27/) and by the
+ "Unicode Standard Annex #28: Unicode 3.2"
+ (http://www.unicode.org/reports/tr28/).
+
+ [URI] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
+ Resource Identifiers (URI): Generic Syntax", RFC 2396,
+ August 1998.
+
+ [UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO
+ 10646", STD63 and RFC3629, November 2003.
+
+ [X.500] ITU-T Rec. X.500, "The Directory: Overview of Concepts,
+ Models and Service", 1993.
+
+ [X.501] ITU-T Rec. X.501, "The Directory: Models", 1993.
+
+ [X.511] ITU-T Rec. X.511, "The Directory: Abstract Service
+ Definition", 1993.
+
+
+9. Informative References
+
+ [Glossary] The Unicode Consortium, "Unicode Glossary",
+ <http://www.unicode.org/glossary/>.
+
+ [CharModel] Whistler, K. and M. Davis, "Unicode Technical Report
+ #17, Character Encoding Model", UTR17,
+ <http://www.unicode.org/unicode/reports/tr17/>, August
+ 2000.
+
+ [PROTOS-LDAP] University of Oulu, "PROTOS Test-Suite: c06-ldapv3"
+ <http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/l
+ dapv3/>
+
+ [PortReg] IANA, "Port Numbers",
+ http://www.iana.org/assignments/port-numbers
+
+
+10. IANA Considerations
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 44 �
+ Lightweight Directory Access Protocol Version 3
+
+ It is requested that the Internet Assigned Numbers Authority (IANA)
+ update the LDAP result code registry to indicate that this document
+ provides the definitive technical specification for result codes 0-
+ 36, 48-54, 64-70, 80-90. It is also noted that one resultCode value
+ (strongAuthRequired) has been renamed (to strongerAuthRequired).
+
+ It is requested that the IANA update the LDAP Protocol Mechanism
+ registry to indicate that this document and [AuthMeth] provides the
+ definitive technical specification for the StartTLS
+ (1.3.6.1.4.1.1466.20037) Extended operation.
+
+ It is requested that the IANA update the occurrence of "RFC XXXX" in
+ this section and Appendix B with this RFC number at publication.
+
+ It is requested that IANA assign upon Standards Action an LDAP Object
+ Identifier [LDAPIANA] to identify the ASN.1 module defined in this
+ document.
+
+ Subject: Request for LDAP Object Identifier Registration
+ Person & email address to contact for further information:
+ Jim Sermersheim <jimse at novell.com>
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+ Identifies the LDAP ASN.1 module
+
+ [[Note to RFC Editor: please replace the occurrence of <IANA-
+ ASSIGNED-DIRECTORY-NUMBER> in Appendix B with the IANA assigned
+ OID.]]
+
+
+11. Editor's Address
+
+ Jim Sermersheim
+ Novell, Inc.
+ 1800 South Novell Place
+ Provo, Utah 84606, USA
+ jimse at novell.com
+ +1 801 861-3088
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 45 �
+ Lightweight Directory Access Protocol Version 3
+
+Appendix A. LDAP Result Codes
+
+ This normative appendix details additional considerations regarding
+ LDAP result codes and provides a brief, general description of each
+ LDAP result code enumerated in Section 4.1.9.
+
+ Additional result codes MAY be defined for use with extensions
+ [LDAPIANA]. Client implementations SHALL treat any result code which
+ they do not recognize as an unknown error condition.
+
+ The descriptions provided here do not fully account for result code
+ substitutions used to prevent unauthorized disclosures (such as
+ substitution of noSuchObject for insufficientAccessRights, or
+ invalidCredentials for insufficientAccessRights).
+
+
+A.1. Non-Error Result Codes
+
+ These result codes (called "non-error" result codes) do not indicate
+ an error condition:
+ success (0),
+ compareFalse (5),
+ compareTrue (6),
+ referral (10), and
+ saslBindInProgress (14).
+
+ The success, compareTrue, and compareFalse result codes indicate
+ successful completion (and, hence, are referred to as "successful"
+ result codes).
+
+ The referral and saslBindInProgress result codes indicate the client
+ needs to take additional action to complete the operation.
+
+
+A.2. Result Codes
+
+ Existing LDAP result codes are described as follows:
+
+ success (0)
+ Indicates the successful completion of an operation. Note:
+ this code is not used with the Compare operation. See
+ compareFalse (5) and compareTrue (6).
+
+ operationsError (1)
+ Indicates that the operation is not properly sequenced with
+ relation to other operations (of same or different type).
+
+ For example, this code is returned if the client attempts to
+ StartTLS [TLS] while there are other uncompleted operations
+ or if a TLS layer was already installed.
+
+ protocolError (2)
+ Indicates the server received data which is not well-formed.
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 46 �
+ Lightweight Directory Access Protocol Version 3
+
+ For Bind operation only, this code is also used to indicate
+ that the server does not support the requested protocol
+ version.
+
+ For Extended operations only, this code is also used to
+ indicate that the server does not support (by design or
+ configuration) the Extended operation associated with the
+ requestName.
+
+ For request operations specifying multiple controls, this may
+ be used to indicate that the server cannot ignore the order
+ of the controls as specified, or that the combination of the
+ specified controls is invalid or unspecified.
+
+ timeLimitExceeded (3)
+ Indicates that the time limit specified by the client was
+ exceeded before the operation could be completed.
+
+ sizeLimitExceeded (4)
+ Indicates that the size limit specified by the client was
+ exceeded before the operation could be completed.
+
+ compareFalse (5)
+ Indicates that the Compare operation has successfully
+ completed and the assertion has evaluated to FALSE or
+ Undefined.
+
+ compareTrue (6)
+ Indicates that the Compare operation has successfully
+ completed and the assertion has evaluated to TRUE.
+
+ authMethodNotSupported (7)
+ Indicates that the authentication method or mechanism is not
+ supported.
+
+ strongerAuthRequired (8)
+ Indicates the server requires strong(er) authentication in
+ order to complete the operation.
+
+ When used with the Notice of Disconnection operation, this
+ code indicates that the server has detected that an
+ established security association between the client and
+ server has unexpectedly failed or been compromised.
+
+ referral (10)
+ Indicates that a referral needs to be chased to complete the
+ operation (see Section 4.1.10).
+
+ adminLimitExceeded (11)
+ Indicates that an administrative limit has been exceeded.
+
+ unavailableCriticalExtension (12)
+ Indicates a critical control is unrecognized (see Section
+ 4.1.11).
+
+Sermersheim Internet-Draft - Expires April 2006 Page 47 �
+ Lightweight Directory Access Protocol Version 3
+
+
+ confidentialityRequired (13)
+ Indicates that data confidentiality protections are required.
+
+ saslBindInProgress (14)
+ Indicates the server requires the client to send a new bind
+ request, with the same SASL mechanism, to continue the
+ authentication process (see Section 4.2).
+
+ noSuchAttribute (16)
+ Indicates that the named entry does not contain the specified
+ attribute or attribute value.
+
+ undefinedAttributeType (17)
+ Indicates that a request field contains an unrecognized
+ attribute description.
+
+ inappropriateMatching (18)
+ Indicates that an attempt was made (e.g. in an assertion) to
+ use a matching rule not defined for the attribute type
+ concerned.
+
+ constraintViolation (19)
+ Indicates that the client supplied an attribute value which
+ does not conform to the constraints placed upon it by the
+ data model.
+
+ For example, this code is returned when multiple values are
+ supplied to an attribute which has a SINGLE-VALUE constraint.
+
+ attributeOrValueExists (20)
+ Indicates that the client supplied an attribute or value to
+ be added to an entry, but the attribute or value already
+ exists.
+
+ invalidAttributeSyntax (21)
+ Indicates that a purported attribute value does not conform
+ to the syntax of the attribute.
+
+ noSuchObject (32)
+ Indicates that the object does not exist in the DIT.
+
+ aliasProblem (33)
+ Indicates that an alias problem has occurred. For example,
+ the code may used to indicate an alias has been dereferenced
+ which names no object.
+
+ invalidDNSyntax (34)
+ Indicates that an LDAPDN or RelativeLDAPDN field (e.g. search
+ base, target entry, ModifyDN newrdn, etc.) of a request does
+ not conform to the required syntax or contains attribute
+ values which do not conform to the syntax of the attribute's
+ type.
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 48 �
+ Lightweight Directory Access Protocol Version 3
+
+
+ aliasDereferencingProblem (36)
+ Indicates that a problem occurred while dereferencing an
+ alias. Typically an alias was encountered in a situation
+ where it was not allowed or where access was denied.
+
+ inappropriateAuthentication (48)
+ Indicates the server requires the client which had attempted
+ to bind anonymously or without supplying credentials to
+ provide some form of credentials.
+
+ invalidCredentials (49)
+ Indicates that the provided credentials (e.g. the user's name
+ and password) are invalid.
+
+ insufficientAccessRights (50)
+ Indicates that the client does not have sufficient access
+ rights to perform the operation.
+
+ busy (51)
+ Indicates that the server is too busy to service the
+ operation.
+
+ unavailable (52)
+ Indicates that the server is shutting down or a subsystem
+ necessary to complete the operation is offline.
+
+ unwillingToPerform (53)
+ Indicates that the server is unwilling to perform the
+ operation.
+
+ loopDetect (54)
+ Indicates that the server has detected an internal loop (e.g.
+ while dereferencing aliases or chaining an operation).
+
+ namingViolation (64)
+ Indicates that the entry's name violates naming restrictions.
+
+ objectClassViolation (65)
+ Indicates that the entry violates object class restrictions.
+
+ notAllowedOnNonLeaf (66)
+ Indicates that the operation is inappropriately acting upon a
+ non-leaf entry.
+
+ notAllowedOnRDN (67)
+ Indicates that the operation is inappropriately attempting to
+ remove a value which forms the entry's relative distinguished
+ name.
+
+ entryAlreadyExists (68)
+ Indicates that the request cannot be fulfilled (added, moved,
+ or renamed) as the target entry already exists.
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 49 �
+ Lightweight Directory Access Protocol Version 3
+
+
+ objectClassModsProhibited (69)
+ Indicates that an attempt to modify the object class(es) of
+ an entry's 'objectClass' attribute is prohibited.
+
+ For example, this code is returned when a client attempts to
+ modify the structural object class of an entry.
+
+ affectsMultipleDSAs (71)
+ Indicates that the operation cannot be performed as it would
+ affect multiple servers (DSAs).
+
+ other (80)
+ Indicates the server has encountered an internal error.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 50 �
+ Lightweight Directory Access Protocol Version 3
+
+Appendix B. Complete ASN.1 Definition
+
+ This appendix is normative.
+
+ Lightweight-Directory-Access-Protocol-V3 {1 3 6 1 1 <IANA-
+ ASSIGNED-DIRECTORY-NUMBER>}
+ -- Copyright (C) The Internet Society (2005). This version of
+ -- this ASN.1 module is part of RFC XXXX; see the RFC itself
+ -- for full legal notices.
+ DEFINITIONS
+ IMPLICIT TAGS
+ EXTENSIBILITY IMPLIED ::=
+
+ BEGIN
+
+ LDAPMessage ::= SEQUENCE {
+ messageID MessageID,
+ protocolOp CHOICE {
+ bindRequest BindRequest,
+ bindResponse BindResponse,
+ unbindRequest UnbindRequest,
+ searchRequest SearchRequest,
+ searchResEntry SearchResultEntry,
+ searchResDone SearchResultDone,
+ searchResRef SearchResultReference,
+ modifyRequest ModifyRequest,
+ modifyResponse ModifyResponse,
+ addRequest AddRequest,
+ addResponse AddResponse,
+ delRequest DelRequest,
+ delResponse DelResponse,
+ modDNRequest ModifyDNRequest,
+ modDNResponse ModifyDNResponse,
+ compareRequest CompareRequest,
+ compareResponse CompareResponse,
+ abandonRequest AbandonRequest,
+ extendedReq ExtendedRequest,
+ extendedResp ExtendedResponse,
+ ...,
+ intermediateResponse IntermediateResponse },
+ controls [0] Controls OPTIONAL }
+
+ MessageID ::= INTEGER (0 .. maxInt)
+
+ maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
+
+ LDAPString ::= OCTET STRING -- UTF-8 encoded,
+ -- [ISO10646] characters
+
+ LDAPOID ::= OCTET STRING -- Constrained to <numericoid> [Models]
+
+ LDAPDN ::= LDAPString -- Constrained to <distinguishedName>
+ -- [LDAPDN]
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 51 �
+ Lightweight Directory Access Protocol Version 3
+
+ RelativeLDAPDN ::= LDAPString -- Constrained to <name-component>
+ -- [LDAPDN]
+
+ AttributeDescription ::= LDAPString
+ -- Constrained to <attributedescription>
+ -- [Models]
+
+ AttributeValue ::= OCTET STRING
+
+ AttributeValueAssertion ::= SEQUENCE {
+ attributeDesc AttributeDescription,
+ assertionValue AssertionValue }
+
+ AssertionValue ::= OCTET STRING
+
+ PartialAttribute ::= SEQUENCE {
+ type AttributeDescription,
+ vals SET OF value AttributeValue }
+
+ Attribute ::= PartialAttribute(WITH COMPONENTS {
+ ...,
+ vals (SIZE(1..MAX))})
+
+ MatchingRuleId ::= LDAPString
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 52 �
+ Lightweight Directory Access Protocol Version 3
+
+ LDAPResult ::= SEQUENCE {
+ resultCode ENUMERATED {
+ success (0),
+ operationsError (1),
+ protocolError (2),
+ timeLimitExceeded (3),
+ sizeLimitExceeded (4),
+ compareFalse (5),
+ compareTrue (6),
+ authMethodNotSupported (7),
+ strongerAuthRequired (8),
+ -- 9 reserved --
+ referral (10),
+ adminLimitExceeded (11),
+ unavailableCriticalExtension (12),
+ confidentialityRequired (13),
+ saslBindInProgress (14),
+ noSuchAttribute (16),
+ undefinedAttributeType (17),
+ inappropriateMatching (18),
+ constraintViolation (19),
+ attributeOrValueExists (20),
+ invalidAttributeSyntax (21),
+ -- 22-31 unused --
+ noSuchObject (32),
+ aliasProblem (33),
+ invalidDNSyntax (34),
+ -- 35 reserved for undefined isLeaf --
+ aliasDereferencingProblem (36),
+ -- 37-47 unused --
+ inappropriateAuthentication (48),
+ invalidCredentials (49),
+ insufficientAccessRights (50),
+ busy (51),
+ unavailable (52),
+ unwillingToPerform (53),
+ loopDetect (54),
+ -- 55-63 unused --
+ namingViolation (64),
+ objectClassViolation (65),
+ notAllowedOnNonLeaf (66),
+ notAllowedOnRDN (67),
+ entryAlreadyExists (68),
+ objectClassModsProhibited (69),
+ -- 70 reserved for CLDAP --
+ affectsMultipleDSAs (71),
+ -- 72-79 unused --
+ other (80),
+ ... },
+ matchedDN LDAPDN,
+ diagnosticMessage LDAPString,
+ referral [3] Referral OPTIONAL }
+
+ Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI
+
+Sermersheim Internet-Draft - Expires April 2006 Page 53 �
+ Lightweight Directory Access Protocol Version 3
+
+
+ URI ::= LDAPString -- limited to characters permitted in
+ -- URIs
+
+ Controls ::= SEQUENCE OF control Control
+
+ Control ::= SEQUENCE {
+ controlType LDAPOID,
+ criticality BOOLEAN DEFAULT FALSE,
+ controlValue OCTET STRING OPTIONAL }
+
+ BindRequest ::= [APPLICATION 0] SEQUENCE {
+ version INTEGER (1 .. 127),
+ name LDAPDN,
+ authentication AuthenticationChoice }
+
+ AuthenticationChoice ::= CHOICE {
+ simple [0] OCTET STRING,
+ -- 1 and 2 reserved
+ sasl [3] SaslCredentials,
+ ... }
+
+ SaslCredentials ::= SEQUENCE {
+ mechanism LDAPString,
+ credentials OCTET STRING OPTIONAL }
+
+ BindResponse ::= [APPLICATION 1] SEQUENCE {
+ COMPONENTS OF LDAPResult,
+ serverSaslCreds [7] OCTET STRING OPTIONAL }
+
+ UnbindRequest ::= [APPLICATION 2] NULL
+
+ SearchRequest ::= [APPLICATION 3] SEQUENCE {
+ baseObject LDAPDN,
+ scope ENUMERATED {
+ baseObject (0),
+ singleLevel (1),
+ wholeSubtree (2),
+ ... },
+ derefAliases ENUMERATED {
+ neverDerefAliases (0),
+ derefInSearching (1),
+ derefFindingBaseObj (2),
+ derefAlways (3) },
+ sizeLimit INTEGER (0 .. maxInt),
+ timeLimit INTEGER (0 .. maxInt),
+ typesOnly BOOLEAN,
+ filter Filter,
+ attributes AttributeSelection }
+
+ AttributeSelection ::= SEQUENCE OF selector LDAPString
+ -- The LDAPString is constrained to
+ -- <attributeSelector> in Section 4.5.1.7
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 54 �
+ Lightweight Directory Access Protocol Version 3
+
+ Filter ::= CHOICE {
+ and [0] SET SIZE (1..MAX) OF filter Filter,
+ or [1] SET SIZE (1..MAX) OF filter Filter,
+ not [2] Filter,
+ equalityMatch [3] AttributeValueAssertion,
+ substrings [4] SubstringFilter,
+ greaterOrEqual [5] AttributeValueAssertion,
+ lessOrEqual [6] AttributeValueAssertion,
+ present [7] AttributeDescription,
+ approxMatch [8] AttributeValueAssertion,
+ extensibleMatch [9] MatchingRuleAssertion,
+ ... }
+
+ SubstringFilter ::= SEQUENCE {
+ type AttributeDescription,
+ substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE {
+ initial [0] AssertionValue, -- can occur at most once
+ any [1] AssertionValue,
+ final [2] AssertionValue } -- can occur at most once
+ }
+
+ MatchingRuleAssertion ::= SEQUENCE {
+ matchingRule [1] MatchingRuleId OPTIONAL,
+ type [2] AttributeDescription OPTIONAL,
+ matchValue [3] AssertionValue,
+ dnAttributes [4] BOOLEAN DEFAULT FALSE }
+
+ SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
+ objectName LDAPDN,
+ attributes PartialAttributeList }
+
+ PartialAttributeList ::= SEQUENCE OF
+ partialAttribute PartialAttribute
+
+ SearchResultReference ::= [APPLICATION 19] SEQUENCE
+ SIZE (1..MAX) OF uri URI
+
+ SearchResultDone ::= [APPLICATION 5] LDAPResult
+
+ ModifyRequest ::= [APPLICATION 6] SEQUENCE {
+ object LDAPDN,
+ changes SEQUENCE OF change SEQUENCE {
+ operation ENUMERATED {
+ add (0),
+ delete (1),
+ replace (2),
+ ... },
+ modification PartialAttribute } }
+
+ ModifyResponse ::= [APPLICATION 7] LDAPResult
+
+ AddRequest ::= [APPLICATION 8] SEQUENCE {
+ entry LDAPDN,
+ attributes AttributeList }
+
+Sermersheim Internet-Draft - Expires April 2006 Page 55 �
+ Lightweight Directory Access Protocol Version 3
+
+
+ AttributeList ::= SEQUENCE OF attribute Attribute
+
+ AddResponse ::= [APPLICATION 9] LDAPResult
+
+ DelRequest ::= [APPLICATION 10] LDAPDN
+
+ DelResponse ::= [APPLICATION 11] LDAPResult
+
+ ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
+ entry LDAPDN,
+ newrdn RelativeLDAPDN,
+ deleteoldrdn BOOLEAN,
+ newSuperior [0] LDAPDN OPTIONAL }
+
+ ModifyDNResponse ::= [APPLICATION 13] LDAPResult
+
+ CompareRequest ::= [APPLICATION 14] SEQUENCE {
+ entry LDAPDN,
+ ava AttributeValueAssertion }
+
+ CompareResponse ::= [APPLICATION 15] LDAPResult
+
+ AbandonRequest ::= [APPLICATION 16] MessageID
+
+ ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
+ requestName [0] LDAPOID,
+ requestValue [1] OCTET STRING OPTIONAL }
+
+ ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
+ COMPONENTS OF LDAPResult,
+ responseName [10] LDAPOID OPTIONAL,
+ responseValue [11] OCTET STRING OPTIONAL }
+
+ IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
+ responseName [0] LDAPOID OPTIONAL,
+ responseValue [1] OCTET STRING OPTIONAL }
+
+ END
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 56 �
+ Lightweight Directory Access Protocol Version 3
+
+Appendix C. Changes
+
+ This appendix is non-normative.
+
+ This appendix summarizes substantive changes made to RFC 2251, RFC
+ 2830, and RFC 3771.
+
+
+C.1. Changes made to RFC 2251:
+
+ This section summarizes the substantive changes made to Sections 1,
+ 2, 3.1, and 4 through the remainder of RFC 2251. Readers should
+ consult [Models] and [AuthMeth] for summaries of changes to other
+ sections.
+
+
+C.1.1. Section 1 (Status of this Memo)
+
+ - Removed IESG note. Post publication of RFC 2251, mandatory LDAP
+ authentication mechanisms have been standardized which are
+ sufficient to remove this note. See [AuthMeth] for authentication
+ mechanisms.
+
+
+C.1.2. Section 3.1 (Protocol Model) and others
+
+ - Removed notes giving history between LDAP v1, v2 and v3. Instead,
+ added sufficient language so that this document can stand on its
+ own.
+
+
+C.1.3. Section 4 (Elements of Protocol)
+
+ - Clarified where the extensibility features of ASN.1 apply to the
+ protocol. This change affected various ASN.1 types by the
+ inclusion of ellipses (...) to certain elements.
+ - Removed the requirement that servers which implement version 3 or
+ later MUST provide the 'supportedLDAPVersion' attribute. This
+ statement provided no interoperability advantages.
+
+
+C.1.4. Section 4.1.1 (Message Envelope)
+
+ - There was a mandatory requirement for the server to return a
+ Notice of Disconnection and drop the transport connection when a
+ PDU is malformed in a certain way. This has been updated such that
+ the server SHOULD return the Notice of Disconnection, and MUST
+ terminate the LDAP Session.
+
+
+C.1.5. Section 4.1.1.1 (Message ID)
+
+ - Required that the messageID of requests MUST be non-zero as the
+ zero is reserved for Notice of Disconnection.
+
+Sermersheim Internet-Draft - Expires April 2006 Page 57 �
+ Lightweight Directory Access Protocol Version 3
+
+ - Specified when it is and isn't appropriate to return an already
+ used message id. RFC 2251 accidentally imposed synchronous server
+ behavior in its wording of this.
+
+
+C.1.6. Section 4.1.2 (String Types)
+
+ - Stated that LDAPOID is constrained to <numericoid> from [Models].
+
+
+C.1.7. Section 4.1.5.1 (Binary Option) and others
+
+ - Removed the Binary Option from the specification. There are
+ numerous interoperability problems associated with this method of
+ alternate attribute type encoding. Work to specify a suitable
+ replacement is ongoing.
+
+
+C.1.8. Section 4.1.8 (Attribute)
+
+ - Combined the definitions of PartialAttribute and Attribute here,
+ and defined Attribute in terms of PartialAttribute.
+
+
+C.1.9. Section 4.1.10 (Result Message)
+
+ - Renamed "errorMessage" to "diagnosticMessage" as it is allowed to
+ be sent for non-error results.
+ - Moved some language into Appendix A, and refer the reader there.
+ - Allowed matchedDN to be present for other result codes than those
+ listed in RFC 2251.
+ - renamed the code "strongAuthRequired" to "strongerAuthRequired" to
+ clarify that this code may often be returned to indicate that a
+ stronger authentication is needed to perform a given operation.
+
+
+C.1.10. Section 4.1.11 (Referral)
+
+ - Defined referrals in terms of URIs rather than URLs.
+ - Removed the requirement that all referral URIs MUST be equally
+ capable of progressing the operation. The statement was ambiguous
+ and provided no instructions on how to carry it out.
+ - Added the requirement that clients MUST NOT loop between servers.
+ - Clarified the instructions for using LDAPURLs in referrals, and in
+ doing so added a recommendation that the scope part be present.
+ - Removed imperatives which required clients to use URLs in specific
+ ways to progress an operation. These did nothing for
+ interoperability.
+
+
+C.1.11. Section 4.1.12 (Controls)
+
+ - Specified how control values defined in terms of ASN.1 are to be
+ encoded.
+
+Sermersheim Internet-Draft - Expires April 2006 Page 58 �
+ Lightweight Directory Access Protocol Version 3
+
+ - Noted that the criticality field is only applied to request
+ messages (except UnbindRequest), and must be ignored when present
+ on response messages and UnbindRequest.
+ - Specified that non-critical controls may be ignored at the
+ server's discretion. There was confusion in the original wording
+ which led some to believe that recognized controls may not be
+ ignored as long as they were associated with a proper request.
+ - Added language regarding combinations of controls and the ordering
+ of controls on a message.
+ - Specified that when the semantics of the combination of controls
+ is undefined or unknown, it results in a protocolError.
+ - Changed "The server MUST be prepared" to "Implementations MUST be
+ prepared" in the eighth paragraph to reflect that both client and
+ server implementations must be able to handle this (as both parse
+ controls).
+
+
+C.1.12. Section 4.2 (Bind Operation)
+
+ - Mandated that servers return protocolError when the version is not
+ supported.
+ - Disambiguated behavior when the simple authentication is used, the
+ name is empty and the password is non-empty.
+ - Required servers to not dereference aliases for Bind. This was
+ added for consistency with other operations and to help ensure
+ data consistency.
+ - Required that textual passwords be transferred as UTF-8 encoded
+ Unicode, and added recommendations on string preparation. This was
+ to help ensure interoperability of passwords being sent from
+ different clients.
+
+
+C.1.13. Section 4.2.1 (Sequencing of the Bind Request)
+
+ - This section was largely reorganized for readability and language
+ was added to clarify the authentication state of failed and
+ abandoned Bind operations.
+ - Removed: "If a SASL transfer encryption or integrity mechanism has
+ been negotiated, that mechanism does not support the changing of
+ credentials from one identity to another, then the client MUST
+ instead establish a new connection."
+ If there are dependencies between multiple negotiations of a
+ particular SASL mechanism, the technical specification for that
+ SASL mechanism details how applications are to deal with them.
+ LDAP should not require any special handling.
+ - Dropped MUST imperative in paragraph 3 to align with [Keywords].
+ - Mandated that clients not send non-Bind operations while a Bind is
+ in progress, and suggested that servers not process them if they
+ are received. This is needed to ensure proper sequencing of the
+ Bind in relationship to other operations.
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 59 �
+ Lightweight Directory Access Protocol Version 3
+
+C.1.14. Section 4.2.3 (Bind Response)
+
+ - Moved most error-related text to Appendix A, and added text
+ regarding certain errors used in conjunction with the Bind
+ operation.
+ - Prohibited the server from specifying serverSaslCreds when not
+ appropriate.
+
+
+C.1.15. Section 4.3 (Unbind Operation)
+
+ - Specified that both peers are to cease transmission and terminate
+ the LDAP session for the Unbind operation.
+
+
+C.1.16. Section 4.4 (Unsolicited Notification)
+
+ - Added instructions for future specifications of Unsolicited
+ Notifications.
+
+
+C.1.17. Section 4.5.1 (Search Request)
+
+ - SearchRequest attributes is now defined as an AttributeSelection
+ type rather than AttributeDescriptionList, and an ABNF is
+ provided.
+ - SearchRequest attributes may contain duplicate attribute
+ descriptions. This was previously prohibited. Now servers are
+ instructed to ignore subsequent names when they are duplicated.
+ This was relaxed in order to allow different short names and also
+ OIDs to be requested for an attribute.
+ - The present search filter now evaluates to Undefined when the
+ specified attribute is not known to the server. It used to
+ evaluate to FALSE, which caused behavior inconsistent with what
+ most would expect, especially when the not operator was used.
+ - The Filter choice SubstringFilter substrings type is now defined
+ with a lower bound of 1.
+ - The SubstringFilter substrings 'initial, 'any', and 'final' types
+ are now AssertionValue rather than LDAPString. Also, added
+ imperatives stating that 'initial' (if present) must be listed
+ first, and 'final' (if present) must be listed last.
+ - Disambiguated the semantics of the derefAliases choices. There was
+ question as to whether derefInSearching applied to the base object
+ in a wholeSubtree Search.
+ - Added instructions for equalityMatch, substrings, greaterOrEqual,
+ lessOrEqual, and approxMatch.
+
+
+C.1.18. Section 4.5.2 (Search Result)
+
+ - Recommended that servers not use attribute short names when it
+ knows they are ambiguous or may cause interoperability problems.
+ - Removed all mention of ExtendedResponse due to lack of
+ implementation.
+
+Sermersheim Internet-Draft - Expires April 2006 Page 60 �
+ Lightweight Directory Access Protocol Version 3
+
+
+
+C.1.19. Section 4.5.3 (Continuation References in the Search Result)
+
+ - Made changes similar to those made to Section 4.1.11.
+
+
+C.1.20. Section 4.5.3.1 (Example)
+
+ - Fixed examples to adhere to changes made to Section 4.5.3.
+
+
+C.1.21. Section 4.6 (Modify Operation)
+
+ - Replaced AttributeTypeAndValues with Attribute as they are
+ equivalent.
+ - Specified the types of modification changes which might
+ temporarily violate schema. Some readers were under the impression
+ that any temporary schema violation was allowed.
+
+
+C.1.22. Section 4.7 (Add Operation)
+
+ - Aligned Add operation with X.511 in that the attributes of the RDN
+ are used in conjunction with the listed attributes to create the
+ entry. Previously, Add required that the distinguished values be
+ present in the listed attributes.
+ - Removed requirement that the objectClass attribute MUST be
+ specified as some DSE types do not require this attribute.
+ Instead, generic wording was added, requiring the added entry to
+ adhere to the data model.
+ - Removed recommendation regarding placement of objects. This is
+ covered in the data model document.
+
+
+C.1.23. Section 4.9 (Modify DN Operation)
+
+ - Required servers to not dereference aliases for Modify DN. This
+ was added for consistency with other operations and to help ensure
+ data consistency.
+ - Allow Modify DN to fail when moving between naming contexts.
+ - Specified what happens when the attributes of the newrdn are not
+ present on the entry.
+
+
+C.1.24. Section 4.10 (Compare Operation)
+
+ - Specified that compareFalse means that the Compare took place and
+ the result is false. There was confusion which lead people to
+ believe that an Undefined match resulted in compareFalse.
+ - Required servers to not dereference aliases for Compare. This was
+ added for consistency with other operations and to help ensure
+ data consistency.
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 61 �
+ Lightweight Directory Access Protocol Version 3
+
+
+C.1.25. Section 4.11 (Abandon Operation)
+
+ - Explained that since Abandon returns no response, clients should
+ not use it if they need to know the outcome.
+ - Specified that Abandon and Unbind cannot be abandoned.
+
+
+C.1.26. Section 4.12 (Extended Operation)
+
+ - Specified how values of Extended operations defined in terms of
+ ASN.1 are to be encoded.
+ - Added instructions on what Extended operation specifications
+ consist of.
+ - Added a recommendation that servers advertise supported Extended
+ operations.
+
+
+C.1.27. Section 5.2 (Transfer Protocols)
+
+ - Moved referral-specific instructions into referral-related
+ sections.
+
+
+C.1.28. Section 7 (Security Considerations)
+
+ - Reworded notes regarding SASL not protecting certain aspects of
+ the LDAP Bind messages.
+ - Noted that Servers are encouraged to prevent directory
+ modifications by clients that have authenticated anonymously
+ [AuthMeth].
+ - Added a note regarding the possibility of changes to security
+ factors (authentication, authorization, data confidentiality).
+ - Warned against following referrals that may have been injected in
+ the data stream.
+ - Noted that servers should protect information equally, whether in
+ an error condition or not, and mentioned specifically; matchedDN,
+ diagnosticMessage, and resultCodes.
+ - Added a note regarding malformed and long encodings.
+
+
+C.1.29. Appendix A (Complete ASN.1 Definition)
+
+ - Added "EXTENSIBILITY IMPLIED" to ASN.1 definition.
+ - Removed AttributeType. It is not used.
+
+
+C.2. Changes made to RFC 2830:
+
+ This section summarizes the substantive changes made to Sections of
+ RFC 2830. Readers should consult [AuthMeth] for summaries of changes
+ to other sections.
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 62 �
+ Lightweight Directory Access Protocol Version 3
+
+C.2.1. Section 2.3 (Response other than "success")
+
+ - Removed wording indicating that referrals can be returned from
+ StartTLS.
+ - Removed requirement that only a narrow set of result codes can be
+ returned. Some result codes are required in certain scenarios, but
+ any other may be returned if appropriate.
+ - Removed requirement that the ExtendedResponse.responseName MUST be
+ present. There are circumstances where this is impossible, and
+ requiring this is at odds with language in Section 4.12.
+
+
+C.2.1. Section 4 (Closing a TLS Connection)
+
+ - Reworded most of this section to align with definitions of the
+ LDAP protocol layers.
+ - Removed instructions on abrupt closure as this is covered in other
+ areas of the document (specifically, Section 5.3)
+
+
+C.3. Changes made to RFC 3771:
+
+ - Rewrote to fit into this document. In general, semantics were
+ preserved. Supporting and background language seen as redundant
+ due to its presence in this document was omitted.
+ - Specified that Intermediate responses to a request may be of
+ different types, and one of the response types may be specified to
+ have no response value.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 63 �
+ Lightweight Directory Access Protocol Version 3
+
+
+
+
+Intellectual Property Statement
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at ietf-
+ ipr at ietf.org.
+
+Disclaimer of Validity
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Copyright Statement
+
+ Copyright (C) The Internet Society (2005).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires April 2006 Page 64
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-roadmap-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-roadmap-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-roadmap-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,396 @@
+
+
+
+
+
+INTERNET-DRAFT Editor: Kurt D. Zeilenga
+Intended Category: Standard Track OpenLDAP Foundation
+Expires in six months 10 February 2005
+Obsoletes: RFC 2251-2256, 2829-2830, 3377, 3771
+
+
+
+ Lightweight Directory Access Protocol (LDAP):
+ Technical Specification Road Map
+ <draft-ietf-ldapbis-roadmap-07.txt>
+
+
+
+Status of this Memo
+
+ This document is intended to be published as a Standard Track RFC.
+ Distribution of this memo is unlimited. Technical discussion of this
+ document will take place on the IETF LDAP Revision Working Group
+ mailing list <ietf-ldapbis at openldap.org>. Please send editorial
+ comments directly to the author <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, I accept the provisions of Section
+ 4 of RFC 3667. By submitting this Internet-Draft, I certify that any
+ applicable patent or other IPR claims of which I am aware have been
+ disclosed, or will be disclosed, and any of which I become aware will
+ be disclosed, in accordance with RFC 3668.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2005). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+
+Zeilenga LDAP: TS Road Map [Page 1]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-roadmap-07 10 February 2005
+
+
+Abstract
+
+ The Lightweight Directory Access Protocol (LDAP) is an Internet
+ protocol for accessing distributed directory services which act in
+ accordance with X.500 data and service models. This document provides
+ a roadmap of the LDAP Technical Specification.
+
+
+Conventions
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+
+1. The LDAP Technical Specification
+
+ The technical specification detailing version 3 of the Lightweight
+ Directory Access Protocol (LDAP), an Internet Protocol, consists of
+ this document and the following documents:
+
+ LDAP: The Protocol [Protocol],
+ LDAP: Directory Information Models [Models],
+ LDAP: Authentication Methods and Connection Level Security
+ Mechanisms [AuthMeth],
+ LDAP: String Representation of Distinguished Names [LDAPDN],
+ LDAP: String Representation of Search Filters [Filters],
+ LDAP: Uniform Resource Locator [LDAPURL],
+ LDAP: Syntaxes and Matching Rules [Syntaxes],
+ LDAP: Internationalized String Preparation [LDAPprep], and
+ LDAP: User Schema [Schema].
+
+ The terms "LDAP" and "LDAPv3" are commonly used to informally refer to
+ the protocol specified by this technical specification. The LDAP
+ suite, as defined here, should be formally identified in other
+ documents by a normative reference to this document.
+
+ LDAP is an extensible protocol. Extensions to LDAP may be specified
+ in other documents. Nomenclature denoting such combinations of
+ LDAP-plus-extension(s) is not defined by this document but may be
+ defined in some future document(s). Extensions are expected to be
+ truly optional.
+
+ IANA (Internet Assigned Numbers Authority) considerations for LDAP
+ described in BCP 64 [BCP64bis] apply fully to this revision of the
+ LDAP technical specification.
+
+
+
+
+
+Zeilenga LDAP: TS Road Map [Page 2]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-roadmap-07 10 February 2005
+
+
+2. Relationship to X.500
+
+ This technical specification defines LDAP in terms of [X.500] as an
+ X.500 access mechanism. An LDAP server MUST act in accordance with
+ X.500(1993) series of International Telecommunication Union - Telecom
+ Standardization (ITU-T) Recommendations when providing the service.
+ However, it is not required that an LDAP server make use of any X.500
+ protocols in providing this service, e.g. LDAP can be mapped onto any
+ other directory system so long as the X.500 data and service models
+ [X.501][X.511] as used in LDAP is not violated in the LDAP interface.
+
+ This technical specification explicitly incorporates portions of
+ X.500(93). Later revisions of X.500 do not automatically apply to
+ this technical specification.
+
+
+3. Security Considerations
+
+ LDAP security considerations are discussed in each document comprising
+ the technical specification.
+
+
+4. Relationship to Obsolete Specifications
+
+ This technical specification, as defined in Section 1, obsoletes
+ entirely the previously defined LDAP technical specification [RFC3377]
+ (which consists of RFC 2251-2256, RFC 2829-2830, RFC 3771, and RFC
+ 3377 itself). The technical specification was significantly
+ reorganized.
+
+ This document replaces RFC 3377 as well as Section 3.3 of RFC 2251.
+ [Models] replaces portions of RFC 2251, RFC 2252 and RFC 2256.
+ [Protocol] replaces the majority RFC 2251, portions of RFC 2252, and
+ all of RFC 3771. [AuthMeth] replaces RFC 2829, RFC 2830, and portions
+ of RFC 2251. [Syntaxes] replaces the majority of RFC 2252 and
+ portions of RFC 2256. [Schema] replaces the majority of RFC 2256.
+ [LDAPDN] replaces RFC 2253. [Filters] replaces RFC 2254. [LDAPURL]
+ replaces RFC 2255.
+
+ [LDAPprep] is new to this revision of the LDAP technical
+ specification.
+
+ Each document of this specification contains appendices summarizing
+ changes to all sections of the specifications they replace. Appendix
+ A.1 of this document details changes made to RFC 3377. Appendix A.2
+ of this document details changes made to Section 3.3 of RFC 2251.
+
+ Additionally, portions of this technical specification update and/or
+
+
+
+Zeilenga LDAP: TS Road Map [Page 3]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-roadmap-07 10 February 2005
+
+
+ replace a number of other documents not listed above. These
+ relationships are discussed in the documents detailings these portions
+ of this technical specification.
+
+
+5. Acknowledgments
+
+ This document is based largely on RFC 3377 by J. Hodges and R.
+ Morgan, a product of the LDAPBIS and LDAPEXT Working Groups. The
+ document also borrows from RFC 2251 by M. Wahl, T. Howes, and S.
+ Kille, a product of the ASID Working Group.
+
+ This document is a product of the IETF LDAPBIS Working Group.
+
+
+6. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+7. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+7.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+ [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+ [Models] Zeilenga, K. (editor), "LDAP: Directory Information
+ Models", draft-ietf-ldapbis-models-xx.txt, a work in
+ progress.
+
+ [AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods and
+ Connection Level Security Mechanisms",
+ draft-ietf-ldapbis-authmeth-xx.txt, a work in progress.
+
+
+
+Zeilenga LDAP: TS Road Map [Page 4]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-roadmap-07 10 February 2005
+
+
+ [LDAPDN] Zeilenga, K. (editor), "LDAP: String Representation of
+ Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a
+ work in progress.
+
+ [Filters] Smith, M. (editor), LDAPbis WG, "LDAP: String
+ Representation of Search Filters",
+ draft-ietf-ldapbis-filter-xx.txt, a work in progress.
+
+ [LDAPURL] Smith, M. (editor), "LDAP: Uniform Resource Locator",
+ draft-ietf-ldapbis-url-xx.txt, a work in progress.
+
+ [Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
+ draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.
+
+ [LDAPprep] Zeilenga, K., "LDAP: Internationalized String
+ Preparation", draft-ietf-ldapbis-strprep-xx.txt, a work
+ in progress.
+
+ [Schema] Dally, K. (editor), "LDAP: User Schema",
+ draft-ietf-ldapbis-user-schema-xx.txt, a work in
+ progress.
+
+ [X.500] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Overview of concepts, models and services,"
+ X.500(1993) (also ISO/IEC 9594-1:1994).
+
+ [X.501] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
+
+ [X.511] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The
+ Directory: Abstract Service Definition", X.511(1993)
+ (also ISO/IEC 9594-3:1993).
+
+
+7.2. Informative References
+
+ None.
+
+
+Appendix A. Changes to Previous Documents
+
+ This appendix outlines changes this document makes relative to the
+ documents it replaces (in whole or in part).
+
+
+
+
+
+Zeilenga LDAP: TS Road Map [Page 5]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-roadmap-07 10 February 2005
+
+
+Appendix A.1. Changes to RFC 3377
+
+ This document is nearly a complete rewrite of RFC 3377 as much of the
+ material of RFC 3377 is no longer applicable. The changes include
+ redefining the terms "LDAP" and "LDAPv3" to refer to this revision of
+ the technical specification.
+
+
+Appendix A.2. Changes to Section 3.3 of RFC 2251
+
+ The section was modified slightly (the word "document" was replaced
+ with "technical specification") to clarify that it applies to the
+ entire LDAP technical specification.
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2005). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+
+
+
+Zeilenga LDAP: TS Road Map [Page 6]
+�
+INTERNET-DRAFT draft-ietf-ldapbis-roadmap-07 10 February 2005
+
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga LDAP: TS Road Map [Page 7]
+�
+
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-strprep-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-strprep-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-strprep-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,787 @@
+
+
+
+
+
+
+Internet-Draft Kurt D. Zeilenga
+Intended Category: Standard Track OpenLDAP Foundation
+Expires in six months 23 January 2006
+
+
+
+ LDAP: Internationalized String Preparation
+ <draft-ietf-ldapbis-strprep-07.txt>
+
+
+
+Status of this Memo
+
+ This document is intended to be published as a Standard Track RFC.
+ Distribution of this memo is unlimited. Technical discussion of this
+ document will take place on the IETF LDAP Revision Working Group
+ mailing list <ietf-ldapbis at openldap.org>. Please send editorial
+ comments directly to the editor <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware have
+ been or will be disclosed, and any of which he or she becomes aware
+ will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2006). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+
+
+
+
+Zeilenga LDAPprep [Page 1]
+�
+Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
+
+
+Abstract
+
+ The previous Lightweight Directory Access Protocol (LDAP) technical
+ specifications did not precisely define how character string matching
+ is to be performed. This led to a number of usability and
+ interoperability problems. This document defines string preparation
+ algorithms for character-based matching rules defined for use in LDAP.
+
+
+Conventions and Terms
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+ Character names in this document use the notation for code points and
+ names from the Unicode Standard [Unicode]. For example, the letter
+ "a" may be represented as either <U+0061> or <LATIN SMALL LETTER A>.
+ In the lists of mappings and the prohibited characters, the "U+" is
+ left off to make the lists easier to read. The comments for character
+ ranges are shown in square brackets (such as "[CONTROL CHARACTERS]")
+ and do not come from the standard.
+
+ Note: a glossary of terms used in Unicode can be found in [Glossary].
+ Information on the Unicode character encoding model can be found in
+ [CharModel].
+
+ The term "combining mark", as used in this specification, refers to
+ any Unicode [Unicode] code point which has a mark property (Mn, Mc,
+ Me). Appendix A provides a definitive list of combining marks.
+
+
+1. Introduction
+
+1.1. Background
+
+ A Lightweight Directory Access Protocol (LDAP) [Roadmap] matching rule
+ [Syntaxes] defines an algorithm for determining whether a presented
+ value matches an attribute value in accordance with the criteria
+ defined for the rule. The proposition may be evaluated to True,
+ False, or Undefined.
+
+ True - the attribute contains a matching value,
+
+ False - the attribute contains no matching value,
+
+ Undefined - it cannot be determined whether the attribute contains
+ a matching value or not.
+
+
+
+Zeilenga LDAPprep [Page 2]
+�
+Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
+
+
+ For instance, the caseIgnoreMatch matching rule may be used to compare
+ whether the commonName attribute contains a particular value without
+ regard for case and insignificant spaces.
+
+
+1.2. X.500 String Matching Rules
+
+ "X.520: Selected attribute types" [X.520] provides (amongst other
+ things) value syntaxes and matching rules for comparing values
+ commonly used in the Directory. These specifications are inadequate
+ for strings composed of Unicode [Unicode] characters.
+
+ The caseIgnoreMatch matching rule [X.520], for example, is simply
+ defined as being a case insensitive comparison where insignificant
+ spaces are ignored. For printableString, there is only one space
+ character and case mapping is bijective, hence this definition is
+ sufficient. However, for Unicode string types such as
+ universalString, this is not sufficient. For example, a case
+ insensitive matching implementation which folded lower case characters
+ to upper case would yield different different results than an
+ implementation which used upper case to lower case folding. Or one
+ implementation may view space as referring to only SPACE (U+0020), a
+ second implementation may view any character with the space separator
+ (Zs) property as a space, and another implementation may view any
+ character with the whitespace (WS) category as a space.
+
+ The lack of precise specification for character string matching has
+ led to significant interoperability problems. When used in
+ certificate chain validation, security vulnerabilities can arise. To
+ address these problems, this document defines precise algorithms for
+ preparing character strings for matching.
+
+
+1.3. Relationship to "stringprep"
+
+ The character string preparation algorithms described in this document
+ are based upon the "stringprep" approach [RFC3454]. In "stringprep",
+ presented and stored values are first prepared for comparison and so
+ that a character-by-character comparison yields the "correct" result.
+
+ The approach used here is a refinement of the "stringprep" [RFC3454]
+ approach. Each algorithm involves two additional preparation steps.
+
+ a) prior to applying the Unicode string preparation steps outlined in
+ "stringprep", the string is transcoded to Unicode;
+
+ b) after applying the Unicode string preparation steps outlined in
+ "stringprep", the string is modified to appropriately handle
+
+
+
+Zeilenga LDAPprep [Page 3]
+�
+Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
+
+
+ characters insignificant to the matching rule.
+
+ Hence, preparation of character strings for X.500 matching involves
+ the following steps:
+
+ 1) Transcode
+ 2) Map
+ 3) Normalize
+ 4) Prohibit
+ 5) Check Bidi (Bidirectional)
+ 6) Insignificant Character Handling
+
+ These steps are described in Section 2.
+
+ It is noted that while various tables of Unicode characters included
+ or referenced by this specification are derived from Unicode [UNICODE]
+ data, these tables are to be considered definitive for the purpose of
+ implementing this specification.
+
+
+1.4. Relationship to the LDAP Technical Specification
+
+ This document is a integral part of the LDAP technical specification
+ [Roadmap] which obsoletes the previously defined LDAP technical
+ specification [RFC3377] in its entirety.
+
+ This document details new LDAP internationalized character string
+ preparation algorithms used by [Syntaxes] and possible other technical
+ specifications defining LDAP syntaxes and/or matching rules.
+
+
+1.5. Relationship to X.500
+
+ LDAP is defined [Roadmap] in X.500 terms as an X.500 access mechanism.
+ As such, there is a strong desire for alignment between LDAP and X.500
+ syntax and semantics. The character string preparation algorithms
+ described in this document are based upon "Internationalized String
+ Matching Rules for X.500" [XMATCH] proposal to ITU/ISO Joint Study
+ Group 2.
+
+
+2. String Preparation
+
+ The following six-step process SHALL be applied to each presented and
+ attribute value in preparation for character string matching rule
+ evaluation.
+
+ 1) Transcode
+
+
+
+Zeilenga LDAPprep [Page 4]
+�
+Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
+
+
+ 2) Map
+ 3) Normalize
+ 4) Prohibit
+ 5) Check bidi
+ 6) Insignificant Character Handling
+
+ Failure in any step causes the assertion to evaluate to Undefined.
+
+ The character repertoire of this process is Unicode 3.2 [Unicode].
+
+ Note that this six-step process specification is intended to described
+ expected matching behavior. Implementations are free use alternative
+ processes so long as the matching rule evaluation behavior provided is
+ consistent with the behavior described by this specification.
+
+
+2.1. Transcode
+
+ Each non-Unicode string value is transcoded to Unicode.
+
+ PrintableString [X.680] value are transcoded directly to Unicode.
+
+ UniversalString, UTF8String, and bmpString [X.680] values need not be
+ transcoded as they are Unicode-based strings (in the case of
+ bmpString, a subset of Unicode).
+
+ TeletexString [X.680] values are transcoded to Unicode. As there is
+ no standard for mapping TeletexString values to Unicode, the mapping
+ is left a local matter.
+
+ For these and other reasons, use of TeletexString is NOT RECOMMENDED.
+
+ The output is the transcoded string.
+
+
+2.2. Map
+
+ SOFT HYPHEN (U+00AD) and MONGOLIAN TODO SOFT HYPHEN (U+1806) code
+ points are mapped to nothing. COMBINING GRAPHEME JOINER (U+034F) and
+ VARIATION SELECTORs (U+180B-180D, FF00-FE0F) code points are also
+ mapped to nothing. The OBJECT REPLACEMENT CHARACTER (U+FFFC) is
+ mapped to nothing.
+
+ CHARACTER TABULATION (U+0009), LINE FEED (LF) (U+000A), LINE
+ TABULATION (U+000B), FORM FEED (FF) (U+000C), CARRIAGE RETURN (CR)
+ (U+000D), and NEXT LINE (NEL) (U+0085) are mapped to SPACE (U+0020).
+
+ All other control code (e.g., Cc) points or code points with a control
+
+
+
+Zeilenga LDAPprep [Page 5]
+�
+Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
+
+
+ function (e.g., Cf) are mapped to nothing. The following is a
+ complete list of these code points: U+0000-0008, 000E-001F, 007F-0084,
+ 0086-009F, 06DD, 070F, 180E, 200C-200F, 202A-202E, 2060-2063,
+ 206A-206F, FEFF, FFF9-FFFB, 1D173-1D17A, E0001, E0020-E007F.
+
+ ZERO WIDTH SPACE (U+200B) is mapped to nothing. All other code points
+ with Separator (space, line, or paragraph) property (e.g, Zs, Zl, or
+ Zp) are mapped to SPACE (U+0020). The following is a complete list of
+ these code points: U+0020, 00A0, 1680, 2000-200A, 2028-2029, 202F,
+ 205F, 3000.
+
+ For case ignore, numeric, and stored prefix string matching rules,
+ characters are case folded per B.2 of [RFC3454].
+
+ The output is the mapped string.
+
+
+2.3. Normalize
+
+ The input string is be normalized to Unicode Form KC (compatibility
+ composed) as described in [UAX15]. The output is the normalized
+ string.
+
+
+2.4. Prohibit
+
+ All Unassigned code points are prohibited. Unassigned code points are
+ listed in Table A.1 of [RFC3454].
+
+ Characters which, per Section 5.8 of [Stringprep], change display
+ properties or are deprecated are prohibited. These characters are are
+ listed in Table C.8 of [RFC3454].
+
+ Private Use code points are prohibited. These characters are listed
+ in Table C.3 of [RFC3454].
+
+ All non-character code points are prohibited. These code points are
+ listed in Table C.4 of [RFC3454].
+
+ Surrogate codes are prohibited. These characters are listed in Table
+ C.5 of [RFC3454].
+
+ The REPLACEMENT CHARACTER (U+FFFD) code point is prohibited.
+
+ The step fails if the input string contains any prohibited code point.
+ Otherwise, the output is the input string.
+
+
+
+
+
+Zeilenga LDAPprep [Page 6]
+�
+Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
+
+
+2.5. Check bidi
+
+ Bidirectional characters are ignored.
+
+
+2.6. Insignificant Character Handling
+
+ In this step, the string is modified to ensure proper handling of
+ characters insignificant to the matching rule. This modification
+ differs from matching rule to matching rule.
+
+ Section 2.6.1 applies to case ignore and exact string matching.
+ Section 2.6.2 applies to numericString matching.
+ Section 2.6.3 applies to telephoneNumber matching.
+
+
+2.6.1. Insignificant Space Handling
+
+ For the purposes of this section, a space is defined to be the SPACE
+ (U+0020) code point followed by no combining marks.
+
+ NOTE - The previous steps ensure that the string cannot contain any
+ code points in the separator class, other than SPACE (U+0020).
+
+ If the input string contains at least one non-space character, then
+ the string is modified such that the string starts with exactly one
+ space character, ends with exactly one SPACE character, and that any
+ inner (non-empty) sequence of space characters is replaced with
+ exactly two SPACE characters. For instance, the input strings
+ "foo<SPACE>bar<SPACE><SPACE>", results in the output
+ "<SPACE>foo<SPACE><SPACE>bar<SPACE>".
+
+ Otherwise, if the string being prepared is an initial, any, or final
+ substring, then the output string is exactly one SPACE character, else
+ the output string is exactly two SPACEs.
+
+ Appendix B discusses the rationale for the behavior.
+
+
+2.6.2. numericString Insignificant Character Handling
+
+ For the purposes of this section, a space is defined to be the SPACE
+ (U+0020) code point followed by no combining marks.
+
+ All spaces are regarded as insignificant and are to be removed.
+
+ For example, removal of spaces from the Form KC string:
+ "<SPACE><SPACE>123<SPACE><SPACE>456<SPACE><SPACE>"
+
+
+
+Zeilenga LDAPprep [Page 7]
+�
+Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
+
+
+ would result in the output string:
+ "123456"
+ and the Form KC string:
+ "<SPACE><SPACE><SPACE>"
+ would result in the output string:
+ "" (an empty string).
+
+
+2.6.3. telephoneNumber Insignificant Character Handling
+
+ For the purposes of this section, a hyphen is defined to be
+ HYPHEN-MINUS (U+002D), ARMENIAN HYPHEN (U+058A), HYPHEN (U+2010),
+ NON-BREAKING HYPHEN (U+2011), MINUS SIGN (U+2212), SMALL HYPHEN-MINUS
+ (U+FE63), or FULLWIDTH HYPHEN-MINUS (U+FF0D) code point followed by no
+ combining marks and a space is defined to be the SPACE (U+0020) code
+ point followed by no combining marks.
+
+ All hyphens and spaces are considered insignificant and are to be
+ removed.
+
+ For example, removal of hyphens and spaces from the Form KC string:
+ "<SPACE><HYPHEN>123<SPACE><SPACE>456<SPACE><HYPHEN>"
+ would result in the output string:
+ "123456"
+ and the Form KC string:
+ "<HYPHEN><HYPHEN><HYPHEN>"
+ would result in the (empty) output string:
+ "".
+
+
+3. Security Considerations
+
+ "Preparation for International Strings ('stringprep')" [RFC3454]
+ security considerations generally apply to the algorithms described
+ here.
+
+
+4. Acknowledgments
+
+ The approach used in this document is based upon design principles and
+ algorithms described in "Preparation of Internationalized Strings
+ ('stringprep')" [RFC3454] by Paul Hoffman and Marc Blanchet. Some
+ additional guidance was drawn from Unicode Technical Standards,
+ Technical Reports, and Notes.
+
+ This document is a product of the IETF LDAP Revision (LDAPBIS) Working
+ Group.
+
+
+
+
+Zeilenga LDAPprep [Page 8]
+�
+Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
+
+
+5. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+6. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+6.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [RFC3454] Hoffman, P. and M. Blanchet, "Preparation of
+ Internationalized Strings ('stringprep')", RFC 3454,
+ December 2002.
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+ [Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
+ draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.
+
+ [Unicode] The Unicode Consortium, "The Unicode Standard, Version
+ 3.2.0" is defined by "The Unicode Standard, Version 3.0"
+ (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5),
+ as amended by the "Unicode Standard Annex #27: Unicode
+ 3.1" (http://www.unicode.org/reports/tr27/) and by the
+ "Unicode Standard Annex #28: Unicode 3.2"
+ (http://www.unicode.org/reports/tr28/).
+
+ [UAX15] Davis, M. and M. Duerst, "Unicode Standard Annex #15:
+ Unicode Normalization Forms, Version 3.2.0".
+ <http://www.unicode.org/unicode/reports/tr15/tr15-22.html>,
+ March 2002.
+
+ [X.680] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Abstract
+ Syntax Notation One (ASN.1) - Specification of Basic
+ Notation", X.680(2002) (also ISO/IEC 8824-1:2002).
+
+
+
+Zeilenga LDAPprep [Page 9]
+�
+Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
+
+
+6.2. Informative References
+
+ [X.500] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Overview of concepts, models and services,"
+ X.500(1993) (also ISO/IEC 9594-1:1994).
+
+ [X.501] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
+
+ [X.520] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The
+ Directory: Selected Attribute Types", X.520(1993) (also
+ ISO/IEC 9594-6:1994).
+
+ [Glossary] The Unicode Consortium, "Unicode Glossary",
+ <http://www.unicode.org/glossary/>.
+
+ [CharModel] Whistler, K. and M. Davis, "Unicode Technical Report
+ #17, Character Encoding Model", UTR17,
+ <http://www.unicode.org/unicode/reports/tr17/>, August
+ 2000.
+
+ [Filters] Smith, M. (editor), LDAPbis WG, "LDAP: String
+ Representation of Search Filters",
+ draft-ietf-ldapbis-filter-xx.txt, a work in progress.
+
+ [XMATCH] Zeilenga, K., "Internationalized String Matching Rules
+ for X.500", draft-zeilenga-ldapbis-strmatch-xx.txt, a
+ work in progress.
+
+
+Appendix A. Combining Marks
+
+ This appendix is normative.
+
+ This table was derived from Unicode [Unicode] data
+ files, it lists all code points with the Mn, Mc, or Me
+ properties. This table is to be considered definitive
+ for the purposes of implementation of this
+ specification.
+
+
+ 0300-034F 0360-036F 0483-0486 0488-0489 0591-05A1
+ 05A3-05B9 05BB-05BC 05BF 05C1-05C2 05C4 064B-0655 0670
+ 06D6-06DC 06DE-06E4 06E7-06E8 06EA-06ED 0711 0730-074A
+ 07A6-07B0 0901-0903 093C 093E-094F 0951-0954 0962-0963
+
+
+
+Zeilenga LDAPprep [Page 10]
+�
+Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
+
+
+ 0981-0983 09BC 09BE-09C4 09C7-09C8 09CB-09CD 09D7
+ 09E2-09E3 0A02 0A3C 0A3E-0A42 0A47-0A48 0A4B-0A4D
+ 0A70-0A71 0A81-0A83 0ABC 0ABE-0AC5 0AC7-0AC9 0ACB-0ACD
+ 0B01-0B03 0B3C 0B3E-0B43 0B47-0B48 0B4B-0B4D 0B56-0B57
+ 0B82 0BBE-0BC2 0BC6-0BC8 0BCA-0BCD 0BD7 0C01-0C03
+ 0C3E-0C44 0C46-0C48 0C4A-0C4D 0C55-0C56 0C82-0C83
+ 0CBE-0CC4 0CC6-0CC8 0CCA-0CCD 0CD5-0CD6 0D02-0D03
+ 0D3E-0D43 0D46-0D48 0D4A-0D4D 0D57 0D82-0D83 0DCA
+ 0DCF-0DD4 0DD6 0DD8-0DDF 0DF2-0DF3 0E31 0E34-0E3A
+ 0E47-0E4E 0EB1 0EB4-0EB9 0EBB-0EBC 0EC8-0ECD 0F18-0F19
+ 0F35 0F37 0F39 0F3E-0F3F 0F71-0F84 0F86-0F87 0F90-0F97
+ 0F99-0FBC 0FC6 102C-1032 1036-1039 1056-1059 1712-1714
+ 1732-1734 1752-1753 1772-1773 17B4-17D3 180B-180D 18A9
+ 20D0-20EA 302A-302F 3099-309A FB1E FE00-FE0F FE20-FE23
+ 1D165-1D169 1D16D-1D172 1D17B-1D182 1D185-1D18B
+ 1D1AA-1D1AD
+
+
+
+Appendix B. Substrings Matching
+
+ This appendix is non-normative.
+
+ In absence of substrings matching, the insignificant
+ space handling for case ignore/exact matching could be
+ simplified. Specifically, the handling could be as
+ require all sequences of one or more spaces be replaced
+ with one space and, if string contains non-space
+ characters, removal of all all leading spaces and
+ trailing spaces.
+
+ In the presence of substrings matching, this simplified
+ space handling would lead to unexpected and undesirable
+ matching behavior. For instance:
+ 1) (CN=foo\20*\20bar) would match the CN value "foobar" but not
+ "foo<SPACE>bar" nor "foo<SPACE><SPACE>bar";
+ 2) (CN=*\20foobar\20*) would match "foobar", but (CN=*\20*foobar*\20*)
+ would not;
+ 3) (CN=foo\20*\20bar) would match "foo<SPACE>X<SPACE>bar" but not
+ "foo<SPACE><SPACE>bar".
+
+ Note to readers not familiar with LDAP substrings matching: the LDAP
+ filter [Filters] assertion (CN=A*B*C) says "match any value (of the
+ attribute CN) which begins with A, contains B after A, ends with C
+ where C is also after B."
+
+ The first case illustrates that this simplified space handling would
+ cause leading and trailing spaces in substrings of the string to be
+
+
+
+Zeilenga LDAPprep [Page 11]
+�
+Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
+
+
+ regarded as insignificant. However, only leading and trailing (as
+ well as multiple consecutive spaces) of the string (as a whole) are
+ insignificant.
+
+ The second case illustrates that this simplified space handling would
+ cause sub-partitioning failures. That is, if a prepared any substring
+ matches a partition of the attribute value, then an assertion
+ constructed by subdividing that substring into multiple substrings
+ should also match.
+
+ The third case illustrates that this simplified space handling causes
+ another partitioning failure. Though both the initial or final
+ strings match different portions of "foo<SPACE>X<SPACE>bar" with
+ neither matching the X portion, they don't match a string consisting
+ of the two matched portions less the unmatched X portion.
+
+ In designing an appropriate approach for space handling for substrings
+ matching, one must study key aspects of X.500 case exact/ignore
+ matching. X.520 [X.520] says:
+ The [substrings] rule returns TRUE if there is a partitioning of
+ the attribute value (into portions) such that:
+ - the specified substrings (initial, any, final) match different
+ portions of the value in the order of the strings sequence;
+ - initial, if present, matches the first portion of the value;
+ - final, if present, matches the last portion of the value;
+ - any, if present, matches some arbitrary portion of the value.
+
+ That is, the substrings assertion (CN=foo\20*\20bar) matches the
+ attribute value "foo<SPACE><SPACE>bar" as the value can be partitioned
+ into the portions "foo<SPACE>" and "<SPACE>bar" meeting the above
+ requirements.
+
+ X.520 also says:
+ [T]he following spaces are regarded as not significant:
+ - leading spaces (i.e. those preceding the first character that is
+ not a space);
+ - trailing spaces (i.e. those following the last character that is
+ not a space);
+ - multiple consecutive spaces (these are taken as equivalent to a
+ single space character).
+
+ This statement applies to the assertion values and attribute values
+ as whole strings, and not individually to substrings of an assertion
+ value. In particular, the statements should be taken to mean that
+ if an assertion value and attribute value match without any
+ consideration to insignificant characters, then that assertion value
+ should also match any attribute value which differs only by inclusion
+ or removal of insignificant characters.
+
+
+
+Zeilenga LDAPprep [Page 12]
+�
+Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
+
+
+ Hence, the assertion (CN=foo\20*\20bar) matches
+ "foo<SPACE><SPACE><SPACE>bar" and "foo<SPACE>bar" as these values
+ only differ from "foo<SPACE><SPACE>bar" by the inclusion or removal
+ of insignificant spaces.
+
+ Astute readers of this text will also note that there are special
+ cases where the specified space handling does not ignore spaces
+ which could be considered insignificant. For instance, the assertion
+ (CN=\20*\20*\20) does not match "<SPACE><SPACE><SPACE>"
+ (insignificant spaces present in value) nor " " (insignificant
+ spaces not present in value). However, as these cases have no
+ practical application that cannot be met by simple assertions, e.g.
+ (cn=\20), and this minor anomaly can only be fully addressed by a
+ preparation algorithm to be used in conjunction with
+ character-by-character partitioning and matching, the anomaly is
+ considered acceptable.
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed
+ to pertain to the implementation or use of the technology described
+ in this document or the extent to which any license under such
+ rights might or might not be available; nor does it represent that
+ it has made any independent effort to identify any such rights.
+ Information on the procedures with respect to rights in RFC documents
+ can be found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use
+ of such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository
+ at http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2006).
+
+
+
+Zeilenga LDAPprep [Page 13]
+�
+Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
+
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
+ REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
+ INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+ THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga LDAPprep [Page 14]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-syntaxes-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-syntaxes-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-syntaxes-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3027 @@
+
+
+
+
+
+
+INTERNET-DRAFT S. Legg
+draft-ietf-ldapbis-syntaxes-11.txt eB2Bcom
+Intended Category: Standards Track 23 June 2005
+Obsoletes: RFC 2252, RFC 2256 Updates: RFC 3698
+
+
+ Lightweight Directory Access Protocol (LDAP):
+ Syntaxes and Matching Rules
+
+ Copyright (C) The Internet Society (2005). All Rights Reserved.
+
+ Status of this Memo
+
+ By submitting this Internet-draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+ By submitting this Internet-draft, I accept the provisions of Section
+ 3 of BCP 78.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as
+ Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress".
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor as a Standard Track document.
+ Distribution of this document is unlimited. Technical discussion of
+ this document should take place on the IETF LDAP Revision Working
+ Group (LDAPbis) mailing list <ietf-ldapbis at openldap.org>. Please
+ send editorial comments directly to the editor
+ <steven.legg at eb2bcom.com>.
+
+ This Internet-Draft expires on 23 December 2005.
+
+Abstract
+
+
+
+Legg Expires 23 December 2005 [Page 1]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ Each attribute stored in a Lightweight Directory Access Protocol
+ (LDAP) directory, and whose values may be transfered in the LDAP
+ protocol, has a defined syntax which constrains the structure and
+ format of its values. The comparison semantics for values of a
+ syntax are not part of the syntax definition but are instead provided
+ through separately defined matching rules. Matching rules specify an
+ argument, an assertion value, which also has a defined syntax. This
+ document defines a base set of syntaxes and matching rules for use in
+ defining attributes for LDAP directories.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Legg Expires 23 December 2005 [Page 2]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
+ 2. Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . 5
+ 3. Syntaxes . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
+ 3.1. General Considerations . . . . . . . . . . . . . . . . . 6
+ 3.2. Common Definitions . . . . . . . . . . . . . . . . . . . 7
+ 3.3. Syntax Definitions . . . . . . . . . . . . . . . . . . . 7
+ 3.3.1. Attribute Type Description . . . . . . . . . . . 7
+ 3.3.2. Bit String . . . . . . . . . . . . . . . . . . . 8
+ 3.3.3. Boolean. . . . . . . . . . . . . . . . . . . . . 8
+ 3.3.4. Country String . . . . . . . . . . . . . . . . . 8
+ 3.3.5. Delivery Method. . . . . . . . . . . . . . . . . 9
+ 3.3.6. Directory String . . . . . . . . . . . . . . . . 9
+ 3.3.7. DIT Content Rule Description . . . . . . . . . . 10
+ 3.3.8. DIT Structure Rule Description . . . . . . . . . 11
+ 3.3.9. DN . . . . . . . . . . . . . . . . . . . . . . . 11
+ 3.3.10. Enhanced Guide . . . . . . . . . . . . . . . . . 12
+ 3.3.11. Facsimile Telephone Number . . . . . . . . . . . 13
+ 3.3.12. Fax. . . . . . . . . . . . . . . . . . . . . . . 13
+ 3.3.13. Generalized Time . . . . . . . . . . . . . . . . 14
+ 3.3.14. Guide. . . . . . . . . . . . . . . . . . . . . . 15
+ 3.3.15. IA5 String . . . . . . . . . . . . . . . . . . . 16
+ 3.3.16. Integer. . . . . . . . . . . . . . . . . . . . . 16
+ 3.3.17. JPEG . . . . . . . . . . . . . . . . . . . . . . 16
+ 3.3.18. LDAP Syntax Description. . . . . . . . . . . . . 17
+ 3.3.19. Matching Rule Description. . . . . . . . . . . . 17
+ 3.3.20. Matching Rule Use Description. . . . . . . . . . 18
+ 3.3.21. Name and Optional UID. . . . . . . . . . . . . . 18
+ 3.3.22. Name Form Description. . . . . . . . . . . . . . 19
+ 3.3.23. Numeric String . . . . . . . . . . . . . . . . . 19
+ 3.3.24. Object Class Description . . . . . . . . . . . . 19
+ 3.3.25. Octet String . . . . . . . . . . . . . . . . . . 20
+ 3.3.26. OID. . . . . . . . . . . . . . . . . . . . . . . 20
+ 3.3.27. Other Mailbox. . . . . . . . . . . . . . . . . . 21
+ 3.3.28. Postal Address . . . . . . . . . . . . . . . . . 21
+ 3.3.29. Printable String . . . . . . . . . . . . . . . . 22
+ 3.3.30. Substring Assertion. . . . . . . . . . . . . . . 23
+ 3.3.31. Telephone Number . . . . . . . . . . . . . . . . 23
+ 3.3.32. Teletex Terminal Identifier. . . . . . . . . . . 24
+ 3.3.33. Telex Number . . . . . . . . . . . . . . . . . . 25
+ 3.3.34. UTC Time . . . . . . . . . . . . . . . . . . . . 25
+ 4. Matching Rules . . . . . . . . . . . . . . . . . . . . . . . . 26
+ 4.1. General Considerations . . . . . . . . . . . . . . . . . 26
+ 4.2. Matching Rule Definitions. . . . . . . . . . . . . . . . 28
+ 4.2.1. bitStringMatch . . . . . . . . . . . . . . . . . 28
+ 4.2.2. booleanMatch . . . . . . . . . . . . . . . . . . 29
+ 4.2.3. caseExactIA5Match. . . . . . . . . . . . . . . . 29
+
+
+
+Legg Expires 23 December 2005 [Page 3]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ 4.2.4. caseExactMatch . . . . . . . . . . . . . . . . . 30
+ 4.2.5. caseExactOrderingMatch . . . . . . . . . . . . . 30
+ 4.2.6. caseExactSubstringsMatch . . . . . . . . . . . . 31
+ 4.2.7. caseIgnoreIA5Match . . . . . . . . . . . . . . . 31
+ 4.2.8. caseIgnoreIA5SubstringsMatch . . . . . . . . . . 32
+ 4.2.9. caseIgnoreListMatch. . . . . . . . . . . . . . . 32
+ 4.2.10. caseIgnoreListSubstringsMatch. . . . . . . . . . 33
+ 4.2.11. caseIgnoreMatch. . . . . . . . . . . . . . . . . 33
+ 4.2.12. caseIgnoreOrderingMatch. . . . . . . . . . . . . 34
+ 4.2.13. caseIgnoreSubstringsMatch. . . . . . . . . . . . 34
+ 4.2.14. directoryStringFirstComponentMatch . . . . . . . 35
+ 4.2.15. distinguishedNameMatch . . . . . . . . . . . . . 36
+ 4.2.16. generalizedTimeMatch . . . . . . . . . . . . . . 36
+ 4.2.17. generalizedTimeOrderingMatch . . . . . . . . . . 37
+ 4.2.18. integerFirstComponentMatch . . . . . . . . . . . 37
+ 4.2.19. integerMatch . . . . . . . . . . . . . . . . . . 38
+ 4.2.20. integerOrderingMatch . . . . . . . . . . . . . . 38
+ 4.2.21. keywordMatch . . . . . . . . . . . . . . . . . . 38
+ 4.2.22. numericStringMatch . . . . . . . . . . . . . . . 39
+ 4.2.23. numericStringOrderingMatch . . . . . . . . . . . 39
+ 4.2.24. numericStringSubstringsMatch . . . . . . . . . . 40
+ 4.2.25. objectIdentifierFirstComponentMatch. . . . . . . 40
+ 4.2.26. objectIdentifierMatch. . . . . . . . . . . . . . 41
+ 4.2.27. octetStringMatch . . . . . . . . . . . . . . . . 41
+ 4.2.28. octetStringOrderingMatch . . . . . . . . . . . . 42
+ 4.2.29. telephoneNumberMatch . . . . . . . . . . . . . . 42
+ 4.2.30. telephoneNumberSubstringsMatch . . . . . . . . . 43
+ 4.2.31. uniqueMemberMatch. . . . . . . . . . . . . . . . 44
+ 4.2.32. wordMatch. . . . . . . . . . . . . . . . . . . . 44
+ 5. Security Considerations. . . . . . . . . . . . . . . . . . . . 44
+ 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 45
+ 7. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 45
+ Appendix A. Summary of Syntax Object Identifiers . . . . . . . . . 47
+ Appendix B. Changes from RFC 2252. . . . . . . . . . . . . . . . . 48
+ Normative References . . . . . . . . . . . . . . . . . . . . . . . 50
+ Informative References . . . . . . . . . . . . . . . . . . . . . . 52
+ Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 53
+ Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 53
+
+1. Introduction
+
+ Each attribute stored in a Lightweight Directory Access Protocol
+ (LDAP) directory [ROADMAP], and whose values may be transfered in the
+ LDAP protocol [PROT], has a defined syntax (i.e., data type) which
+ constrains the structure and format of its values. The comparison
+ semantics for values of a syntax are not part of the syntax
+ definition but are instead provided through separately defined
+ matching rules. Matching rules specify an argument, an assertion
+
+
+
+Legg Expires 23 December 2005 [Page 4]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ value, which also has a defined syntax. This document defines a base
+ set of syntaxes and matching rules for use in defining attributes for
+ LDAP directories.
+
+ Readers are advised to familiarize themselves with the Directory
+ Information Models [MODELS] before reading the rest of this document.
+ Section 3 provides definitions for the base set of LDAP syntaxes.
+ Section 4 provides definitions for the base set of matching rules for
+ LDAP.
+
+ This document is a integral part of the LDAP technical specification
+ [ROADMAP] which obsoletes the previously defined LDAP technical
+ specification [RFC3377] in its entirety.
+
+ Sections 4, 5 and 7 of RFC 2252 [RFC2252] are obsoleted by [MODELS].
+ The remainder of RFC 2252 is obsoleted by this document. Sections 6
+ and 8 of RFC 2256 [RFC2256] are obsoleted by this document. The
+ remainder of RFC 2256 is obsoleted by [SCHEMA] and [MODELS]. All but
+ Section 2.11 of RFC 3698 [RFC3698] is obsoleted by this document.
+
+ A number of schema elements which were included in the previous
+ revision of the LDAP technical specification are not included in this
+ revision of LDAP. Public Key Infrastructure schema elements are now
+ specified in [LDAP-PKI]. Unless reintroduced in future technical
+ specifications, the remainder are to be considered Historic.
+
+ The changes with respect to RFC 2252 are described in Appendix B of
+ this document.
+
+2. Conventions
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14, RFC 2119
+ [KEYWORD].
+
+ Syntax definitions are written according to the <SyntaxDescription>
+ ABNF [ABNF] rule specified in [MODELS], and matching rule definitions
+ are written according to the <MatchingRuleDescription> ABNF rule
+ specified in [MODELS], except that the syntax and matching rule
+ definitions provided in this document are line-wrapped for
+ readability. When such definitions are transfered as attribute
+ values in the LDAP protocol (e.g., as values of the ldapSyntaxes and
+ matchingRules attributes [MODELS] respectively) then those values
+ would not contain line breaks.
+
+3. Syntaxes
+
+
+
+
+Legg Expires 23 December 2005 [Page 5]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ Syntax definitions constrain the structure of attribute values stored
+ in an LDAP directory, and determine the representation of attribute
+ and assertion values transfered in the LDAP protocol.
+
+ Syntaxes that are required for directory operation, or that are in
+ common use, are specified in this section. Servers SHOULD recognize
+ all the syntaxes listed in this document, but are not required to
+ otherwise support them, and MAY recognise or support other syntaxes.
+ However, the definition of additional arbitrary syntaxes is
+ discouraged since it will hinder interoperability. Client and server
+ implementations typically do not have the ability to dynamically
+ recognize new syntaxes.
+
+3.1. General Considerations
+
+ The description of each syntax specifies how attribute or assertion
+ values conforming to the syntax are to be represented when transfered
+ in the LDAP protocol [PROT]. This representation is referred to as
+ the LDAP-specific encoding to distinguish it from other methods of
+ encoding attribute values (e.g., the Basic Encoding Rules (BER)
+ encoding [BER] used by X.500 [X.500] directories).
+
+ The LDAP-specific encoding of a given attribute syntax always
+ produces octet-aligned values. To the greatest extent possible,
+ encoding rules for LDAP syntaxes should produce character strings
+ that can be displayed with little or no translation by clients
+ implementing LDAP. However, clients MUST NOT assume that the
+ LDAP-specific encoding of a value of an unrecognized syntax is a
+ human-readable character string. There are a few cases (e.g., the
+ JPEG syntax) when it is not reasonable to produce a human-readable
+ representation.
+
+ Each LDAP syntax is uniquely identified with an object identifier
+ [ASN.1] represented in the dotted-decimal format (short descriptive
+ names are not defined for syntaxes). These object identifiers are
+ not intended to be displayed to users. The object identifiers for
+ the syntaxes defined in this document are summarized in Appendix A.
+
+ A suggested minimum upper bound on the number of characters in an
+ attribute value with a string-based syntax, or the number of octets
+ in a value for all other syntaxes, MAY be indicated by appending the
+ bound inside of curly braces following the syntax's OBJECT IDENTIFIER
+ in an attribute type definition (see the <noidlen> rule in [MODELS]).
+ Such a bound is not considered part of the syntax identifier.
+
+ For example, "1.3.6.1.4.1.1466.115.121.1.15{64}" in an attribute
+ definition suggests that the directory server will allow a value of
+ the attribute to be up to 64 characters long, although it may allow
+
+
+
+Legg Expires 23 December 2005 [Page 6]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ longer character strings. Note that a single character of the
+ Directory String syntax can be encoded in more than one octet since
+ UTF-8 [UTF8] is a variable-length encoding. Therefore a 64 character
+ string may be more than 64 octets in length.
+
+3.2. Common Definitions
+
+ The following ABNF rules are used in a number of the syntax
+ definitions in Section 3.3.
+
+ PrintableCharacter = ALPHA / DIGIT / SQUOTE / LPAREN / RPAREN /
+ PLUS / COMMA / HYPHEN / DOT / EQUALS /
+ SLASH / COLON / QUESTION / SPACE
+ PrintableString = 1*PrintableCharacter
+ IA5String = *(%x00-7F)
+ SLASH = %x2F ; forward slash ("/")
+ COLON = %x3A ; colon (":")
+ QUESTION = %x3F ; question mark ("?")
+
+ The <ALPHA>, <DIGIT>, <SQUOTE>, <LPAREN>, <RPAREN>, <PLUS>, <COMMA>,
+ <HYPHEN>, <DOT>, <EQUALS> and <SPACE> rules are defined in [MODELS].
+
+3.3. Syntax Definitions
+
+3.3.1. Attribute Type Description
+
+ A value of the Attribute Type Description syntax is the definition of
+ an attribute type. The LDAP-specific encoding of a value of this
+ syntax is defined by the <AttributeTypeDescription> rule in [MODELS].
+
+ For example, the following definition of the createTimestamp
+ attribute type from [MODELS] is also a value of the Attribute Type
+ Description syntax (note: line breaks have been added for
+ readability - they are not part of the value when transfered in
+ protocol).
+
+ ( 2.5.18.1 NAME 'createTimestamp'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE NO-USER-MODIFICATION
+ USAGE directoryOperation )
+
+ The LDAP definition for the Attribute Type Description syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'Attribute Type Description' )
+
+ This syntax corresponds to the AttributeTypeDescription ASN.1 type
+
+
+
+Legg Expires 23 December 2005 [Page 7]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ from [X.501].
+
+3.3.2. Bit String
+
+ A value of the Bit String syntax is a sequence of binary digits. The
+ LDAP-specific encoding of a value of this syntax is defined by the
+ following ABNF:
+
+ BitString = SQUOTE *binary-digit SQUOTE "B"
+ binary-digit = "0" / "1"
+
+ The <SQUOTE> rule is defined in [MODELS].
+
+ Example:
+ '0101111101'B
+
+ The LDAP definition for the Bit String syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )
+
+ This syntax corresponds to the BIT STRING ASN.1 type from [ASN.1].
+
+3.3.3. Boolean
+
+ A value of the Boolean syntax is one of the Boolean values, true or
+ false. The LDAP-specific encoding of a value of this syntax is
+ defined by the following ABNF:
+
+ Boolean = "TRUE" / "FALSE"
+
+ The LDAP definition for the Boolean syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )
+
+ This syntax corresponds to the BOOLEAN ASN.1 type from [ASN.1].
+
+3.3.4. Country String
+
+ A value of the Country String syntax is one of the two-character
+ codes from ISO 3166 [ISO3166] for representing a country. The
+ LDAP-specific encoding of a value of this syntax is defined by the
+ following ABNF:
+
+ CountryString = 2(PrintableCharacter)
+
+ The <PrintableCharacter> rule is defined in Section 3.2.
+
+ Examples:
+
+
+
+Legg Expires 23 December 2005 [Page 8]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ US
+ AU
+
+ The LDAP definition for the Country String syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )
+
+ This syntax corresponds to the following ASN.1 type from [X.520]:
+
+ PrintableString (SIZE (2)) -- ISO 3166 codes only
+
+3.3.5. Delivery Method
+
+ A value of the Delivery Method syntax is a sequence of items that
+ indicate, in preference order, the service(s) by which an entity is
+ willing and/or capable of receiving messages. The LDAP-specific
+ encoding of a value of this syntax is defined by the following ABNF:
+
+ DeliveryMethod = pdm *( WSP DOLLAR WSP pdm )
+
+ pdm = "any" / "mhs" / "physical" / "telex" / "teletex" /
+ "g3fax" / "g4fax" / "ia5" / "videotex" / "telephone"
+
+ The <WSP> and <DOLLAR> rules are defined in [MODELS].
+
+ Example:
+ telephone $ videotex
+
+ The LDAP definition for the Delivery Method syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )
+
+ This syntax corresponds to the following ASN.1 type from [X.520]:
+
+ SEQUENCE OF INTEGER {
+ any-delivery-method (0),
+ mhs-delivery (1),
+ physical-delivery (2),
+ telex-delivery (3),
+ teletex-delivery (4),
+ g3-facsimile-delivery (5),
+ g4-facsimile-delivery (6),
+ ia5-terminal-delivery (7),
+ videotex-delivery (8),
+ telephone-delivery (9) }
+
+3.3.6. Directory String
+
+
+
+
+Legg Expires 23 December 2005 [Page 9]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ A value of the Directory String syntax is a string of one or more
+ arbitrary characters from the Universal Character Set (UCS) [UCS]. A
+ zero length character string is not permitted. The LDAP-specific
+ encoding of a value of this syntax is the UTF-8 encoding [UTF8] of
+ the character string. Such encodings conform to the following ABNF:
+
+ DirectoryString = 1*UTF8
+
+ The <UTF8> rule is defined in [MODELS].
+
+ Example:
+ This is a value of Directory String containing #!%#@.
+
+ Servers and clients MUST be prepared to receive arbitrary UCS code
+ points, including code points outside the range of printable ASCII
+ and code points not presently assigned to any character.
+
+ Attribute type definitions using the Directory String syntax should
+ not restrict the format of Directory String values, e.g., by
+ requiring that the character string conforms to specific patterns
+ described by ABNF. A new syntax should be defined in such cases.
+
+ The LDAP definition for the Directory String syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )
+
+ This syntax corresponds to the DirectoryString parameterized ASN.1
+ type from [X.520].
+
+ The DirectoryString ASN.1 type allows a choice between the
+ TeletexString, PrintableString or UniversalString ASN.1 types from
+ [ASN.1]. However, note that the chosen alternative is not indicated
+ in the LDAP-specific encoding of a Directory String value.
+
+ Implementations which convert Directory String values from the
+ LDAP-specific encoding to the BER encoding used by X.500 must choose
+ an alternative that permits the particular characters in the string,
+ and must convert the characters from the UTF-8 encoding into the
+ character encoding of the chosen alternative. When converting
+ Directory String values from the BER encoding to the LDAP-specific
+ encoding the characters must be converted from the character encoding
+ of the chosen alternative into the UTF-8 encoding. These conversions
+ SHOULD be done in a manner consistent with the Transcode step of the
+ string preparation algorithms [PREP] for LDAP.
+
+3.3.7. DIT Content Rule Description
+
+ A value of the DIT Content Rule Description syntax is the definition
+
+
+
+Legg Expires 23 December 2005 [Page 10]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ of a DIT (Directory Information Tree) content rule. The
+ LDAP-specific encoding of a value of this syntax is defined by the
+ <DITContentRuleDescription> rule in [MODELS].
+
+ Example:
+ ( 2.5.6.4 DESC 'content rule for organization'
+ NOT ( x121Address $ telexNumber ) )
+
+ Note: a line break has been added for readability - it is not part
+ of the value.
+
+ The LDAP definition for the DIT Content Rule Description syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.16
+ DESC 'DIT Content Rule Description' )
+
+ This syntax corresponds to the DITContentRuleDescription ASN.1 type
+ from [X.501].
+
+3.3.8. DIT Structure Rule Description
+
+ A value of the DIT Structure Rule Description syntax is the
+ definition of a DIT structure rule. The LDAP-specific encoding of a
+ value of this syntax is defined by the <DITStructureRuleDescription>
+ rule in [MODELS].
+
+ Example:
+ ( 2 DESC 'organization structure rule' FORM 2.5.15.3 )
+
+ The LDAP definition for the DIT Structure Rule Description syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.17
+ DESC 'DIT Structure Rule Description' )
+
+ This syntax corresponds to the DITStructureRuleDescription ASN.1 type
+ from [X.501].
+
+3.3.9. DN
+
+ A value of the DN syntax is the (purported) distinguished name (DN)
+ of an entry [MODELS]. The LDAP-specific encoding of a value of this
+ syntax is defined by the <distinguishedName> rule from the string
+ representation of distinguished names [LDAPDN].
+
+ Examples (from [LDAPDN]):
+ UID=jsmith,DC=example,DC=net
+ OU=Sales+CN=J. Smith,DC=example,DC=net
+ CN=John Smith\, III,DC=example,DC=net
+
+
+
+Legg Expires 23 December 2005 [Page 11]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ CN=Before\0dAfter,DC=example,DC=net
+ 1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com
+ CN=Lu\C4\8Di\C4\87
+
+ The LDAP definition for the DN syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' )
+
+ The DN syntax corresponds to the DistinguishedName ASN.1 type from
+ [X.501]. Note that a BER encoded distinguished name (as used by
+ X.500) re-encoded into the LDAP-specific encoding is not necessarily
+ reversible to the original BER encoding since the chosen string type
+ in any DirectoryString components of the distinguished name is not
+ indicated in the LDAP-specific encoding of the distinguished name
+ (see Section 3.3.6).
+
+3.3.10. Enhanced Guide
+
+ A value of the Enhanced Guide syntax suggests criteria, which consist
+ of combinations of attribute types and filter operators, to be used
+ in constructing filters to search for entries of particular object
+ classes. The Enhanced Guide syntax improves upon the Guide syntax by
+ allowing the recommended depth of the search to be specified.
+
+ The LDAP-specific encoding of a value of this syntax is defined by
+ the following ABNF:
+
+ EnhancedGuide = object-class SHARP WSP criteria WSP
+ SHARP WSP subset
+ object-class = WSP oid WSP
+ subset = "baseobject" / "oneLevel" / "wholeSubtree"
+
+ criteria = and-term *( BAR and-term )
+ and-term = term *( AMPERSAND term )
+ term = EXCLAIM term /
+ attributetype DOLLAR match-type /
+ LPAREN criteria RPAREN /
+ true /
+ false
+ match-type = "EQ" / "SUBSTR" / "GE" / "LE" / "APPROX"
+ true = "?true"
+ false = "?false"
+ BAR = %x7C ; vertical bar ("|")
+ AMPERSAND = %x26 ; ampersand ("&")
+ EXCLAIM = %x21 ; exclamation mark ("!")
+
+ The <SHARP>, <WSP>, <oid>, <LPAREN>, <RPAREN>, <attributetype> and
+ <DOLLAR> rules are defined in [MODELS].
+
+
+
+Legg Expires 23 December 2005 [Page 12]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The LDAP definition for the Enhanced Guide syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )
+
+
+ Example:
+ person#(sn$EQ)#oneLevel
+
+ The Enhanced Guide syntax corresponds to the EnhancedGuide ASN.1 type
+ from [X.520]. The EnhancedGuide type references the Criteria ASN.1
+ type, also from [X.520]. The <true> rule above represents an empty
+ "and" expression in a value of the Criteria type. The <false> rule
+ above represents an empty "or" expression in a value of the Criteria
+ type.
+
+3.3.11. Facsimile Telephone Number
+
+ A value of the Facsimile Telephone Number syntax is a subscriber
+ number of a facsimile device on the public switched telephone
+ network. The LDAP-specific encoding of a value of this syntax is
+ defined by the following ABNF:
+
+ fax-number = telephone-number *( DOLLAR fax-parameter )
+ telephone-number = PrintableString
+ fax-parameter = "twoDimensional" /
+ "fineResolution" /
+ "unlimitedLength" /
+ "b4Length" /
+ "a3Width" /
+ "b4Width" /
+ "uncompressed"
+
+ The <telephone-number> is a string of printable characters that
+ complies with the internationally agreed format for representing
+ international telephone numbers [E.123]. The <PrintableString> rule
+ is defined in Section 3.2. The <DOLLAR> rule is defined in [MODELS].
+
+ The LDAP definition for the Facsimile Telephone Number syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Number')
+
+ The Facsimile Telephone Number syntax corresponds to the
+ FacsimileTelephoneNumber ASN.1 type from [X.520].
+
+3.3.12. Fax
+
+ A value of the Fax syntax is an image which is produced using the
+ Group 3 facsimile process [FAX] to duplicate an object, such as a
+
+
+
+Legg Expires 23 December 2005 [Page 13]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ memo. The LDAP-specific encoding of a value of this syntax is the
+ string of octets for a Group 3 Fax image as defined in [FAX].
+
+ The LDAP definition for the Fax syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' )
+
+ The ASN.1 type corresponding to the Fax syntax is defined as follows,
+ assuming EXPLICIT TAGS:
+
+ Fax ::= CHOICE {
+ g3-facsimile [3] G3FacsimileBodyPart
+ }
+
+ The G3FacsimileBodyPart ASN.1 type is defined in [X.420].
+
+3.3.13. Generalized Time
+
+ A value of the Generalized Time syntax is a character string
+ representing a date and time. The LDAP-specific encoding of a value
+ of this syntax is a restriction of the format defined in [ISO8601],
+ and is described by the following ABNF:
+
+ GeneralizedTime = century year month day hour
+ [ minute [ second / leap-second ] ]
+ [ fraction ]
+ g-time-zone
+
+ century = 2(%x30-39) ; "00" to "99"
+ year = 2(%x30-39) ; "00" to "99"
+ month = ( %x30 %x31-39 ) ; "01" (January) to "09"
+ / ( %x31 %x30-32 ) ; "10" to "12"
+ day = ( %x30 %x31-39 ) ; "01" to "09"
+ / ( %x31-32 %x30-39 ) ; "10" to "29"
+ / ( %x33 %x30-31 ) ; "30" to "31"
+ hour = ( %x30-31 %x30-39 ) / ( %x32 %x30-33 ) ; "00" to "23"
+ minute = %x30-35 %x30-39 ; "00" to "59"
+
+ second = ( %x30-35 %x30-39 ) ; "00" to "59"
+ leap-second = ( %x36 %x30 ) ; "60"
+
+ fraction = ( DOT / COMMA ) 1*(%x30-39)
+ g-time-zone = %x5A ; "Z"
+ / g-differential
+ g-differential = ( MINUS / PLUS ) hour [ minute ]
+ MINUS = %x2D ; minus sign ("-")
+
+ The <DOT>, <COMMA> and <PLUS> rules are defined in [MODELS].
+
+
+
+Legg Expires 23 December 2005 [Page 14]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The above ABNF allows character strings which do not represent valid
+ dates (in the Gregorian calendar) and/or valid times (e.g., February
+ 31, 1994). Such character strings SHOULD be considered invalid for
+ this syntax.
+
+ The time value represents coordinated universal time (equivalent to
+ Greenwich Mean Time) if the "Z" form of <g-time-zone> is used,
+ otherwise the value represents a local time in the time zone
+ indicated by <g-differential>. In the latter case, coordinated
+ universal time can be calculated by subtracting the differential from
+ the local time. The "Z" form of <g-time-zone> SHOULD be used in
+ preference to <g-differential>.
+
+ If <minute> is omitted then <fraction> represents a fraction of an
+ hour, otherwise if <second> and <leap-second> are omitted then
+ <fraction> represents a fraction of a minute, otherwise <fraction>
+ represents a fraction of a second.
+
+ Examples:
+ 199412161032Z
+ 199412160532-0500
+
+ Both example values represent the same coordinated universal time:
+ 10:32 AM, December 16, 1994.
+
+ The LDAP definition for the Generalized Time syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'Generalized Time' )
+
+ This syntax corresponds to the GeneralizedTime ASN.1 type from
+ [ASN.1], with the constraint that local time without a differential
+ SHALL NOT be used.
+
+3.3.14. Guide
+
+ A value of the Guide syntax suggests criteria, which consist of
+ combinations of attribute types and filter operators, to be used in
+ constructing filters to search for entries of particular object
+ classes. The Guide syntax is obsolete and should not be used for
+ defining new attribute types.
+
+ The LDAP-specific encoding of a value of this syntax is defined by
+ the following ABNF:
+
+ Guide = [ object-class SHARP ] criteria
+
+ The <object-class> and <criteria> rules are defined in Section
+ 3.3.10. The <SHARP> rule is defined in [MODELS].
+
+
+
+Legg Expires 23 December 2005 [Page 15]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The LDAP definition for the Guide syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )
+
+ The Guide syntax corresponds to the Guide ASN.1 type from [X.520].
+
+3.3.15. IA5 String
+
+ A value of the IA5 String syntax is a string of zero, one or more
+ characters from International Alphabet 5 (IA5) [T.50], the
+ international version of the ASCII character set. The LDAP-specific
+ encoding of a value of this syntax is the unconverted string of
+ characters, which conforms to the <IA5String> rule in Section 3.2.
+
+ The LDAP definition for the IA5 String syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' )
+
+ This syntax corresponds to the IA5String ASN.1 type from [ASN.1].
+
+3.3.16. Integer
+
+ A value of the Integer syntax is a whole number of unlimited
+ magnitude. The LDAP-specific encoding of a value of this syntax is
+ the optionally signed decimal digit character string representation
+ of the number (so, for example, the number 1321 is represented by the
+ character string "1321"). The encoding is defined by the following
+ ABNF:
+
+ Integer = ( HYPHEN LDIGIT *DIGIT ) / number
+
+ The <HYPHEN>, <LDIGIT>, <DIGIT> and <number> rules are defined in
+ [MODELS].
+
+ The LDAP definition for the Integer syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'INTEGER' )
+
+ This syntax corresponds to the INTEGER ASN.1 type from [ASN.1].
+
+3.3.17. JPEG
+
+ A value of the JPEG syntax is an image in the JPEG File Interchange
+ Format (JFIF), as described in [JPEG]. The LDAP-specific encoding of
+ a value of this syntax is the sequence of octets of the JFIF encoding
+ of the image.
+
+ The LDAP definition for the JPEG syntax is:
+
+
+
+Legg Expires 23 December 2005 [Page 16]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ ( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' )
+
+ The JPEG syntax corresponds to the following ASN.1 type:
+
+ JPEG ::= OCTET STRING (CONSTRAINED BY
+ { -- contents octets are an image in the --
+ -- JPEG File Interchange Format -- })
+
+3.3.18. LDAP Syntax Description
+
+ A value of the LDAP Syntax Description syntax is the description of
+ an LDAP syntax. The LDAP-specific encoding of a value of this syntax
+ is defined by the <SyntaxDescription> rule in [MODELS].
+
+ The LDAP definition for the LDAP Syntax Description syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAP Syntax Description' )
+
+ The above LDAP definition for the LDAP Syntax Description syntax is
+ itself a legal value of the LDAP Syntax Description syntax.
+
+ The ASN.1 type corresponding to the LDAP Syntax Description syntax is
+ defined as follows, assuming EXPLICIT TAGS:
+
+ LDAPSyntaxDescription ::= SEQUENCE {
+ identifier OBJECT IDENTIFIER,
+ description DirectoryString { ub-schema } OPTIONAL }
+
+ The DirectoryString parameterized ASN.1 type is defined in [X.520].
+
+ The value of ub-schema (an integer) is implementation defined. A
+ non-normative definition appears in [X.520].
+
+3.3.19. Matching Rule Description
+
+ A value of the Matching Rule Description syntax is the definition of
+ a matching rule. The LDAP-specific encoding of a value of this
+ syntax is defined by the <MatchingRuleDescription> rule in [MODELS].
+
+ Example:
+ ( 2.5.13.2 NAME 'caseIgnoreMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ Note: a line break has been added for readability - it is not part of
+ the syntax.
+
+ The LDAP definition for the Matching Rule Description syntax is:
+
+
+
+
+Legg Expires 23 December 2005 [Page 17]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ ( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'Matching Rule Description' )
+
+ This syntax corresponds to the MatchingRuleDescription ASN.1 type
+ from [X.501].
+
+3.3.20. Matching Rule Use Description
+
+ A value of the Matching Rule Use Description syntax indicates the
+ attribute types to which a matching rule may be applied in an
+ extensibleMatch search filter [PROT]. The LDAP-specific encoding of
+ a value of this syntax is defined by the <MatchingRuleUseDescription>
+ rule in [MODELS].
+
+ Example:
+ ( 2.5.13.16 APPLIES ( givenName $ surname ) )
+
+ The LDAP definition for the Matching Rule Use Description syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.31
+ DESC 'Matching Rule Use Description' )
+
+ This syntax corresponds to the MatchingRuleUseDescription ASN.1 type
+ from [X.501].
+
+3.3.21. Name and Optional UID
+
+ A value of the Name and Optional UID syntax is the distinguished name
+ [MODELS] of an entity optionally accompanied by a unique identifier
+ that serves to differentiate the entity from others with an identical
+ distinguished name.
+
+ The LDAP-specific encoding of a value of this syntax is defined by
+ the following ABNF:
+
+ NameAndOptionalUID = distinguishedName [ SHARP BitString ]
+
+ The <BitString> rule is defined in Section 3.3.2. The
+ <distinguishedName> rule is defined in [LDAPDN]. The <SHARP> rule is
+ defined in [MODELS].
+
+ Note that although the '#' character may occur in the string
+ representation of a distinguished name, no additional escaping of
+ this character is performed when a <distinguishedName> is encoded in
+ a <NameAndOptionalUID>.
+
+ Example:
+ 1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB#'0101'B
+
+
+
+
+Legg Expires 23 December 2005 [Page 18]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The LDAP definition for the Name and Optional UID syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' )
+
+ This syntax corresponds to the NameAndOptionalUID ASN.1 type from
+ [X.520].
+
+3.3.22. Name Form Description
+
+ A value of the Name Form Description syntax is the definition of a
+ name form, which regulates how entries may be named. The
+ LDAP-specific encoding of a value of this syntax is defined by the
+ <NameFormDescription> rule in [MODELS].
+
+ Example:
+ ( 2.5.15.3 NAME 'orgNameForm' OC organization MUST o )
+
+ The LDAP definition for the Name Form Description syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'Name Form Description' )
+
+ This syntax corresponds to the NameFormDescription ASN.1 type from
+ [X.501].
+
+3.3.23. Numeric String
+
+ A value of the Numeric String syntax is a sequence of one or more
+ numerals and spaces. The LDAP-specific encoding of a value of this
+ syntax is the unconverted string of characters, which conforms to the
+ following ABNF:
+
+ NumericString = 1*(DIGIT / SPACE)
+
+ The <DIGIT> and <SPACE> rules are defined in [MODELS].
+
+ Example:
+ 15 079 672 281
+
+ The LDAP definition for the Numeric String syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )
+
+ This syntax corresponds to the NumericString ASN.1 type from [ASN.1].
+
+3.3.24. Object Class Description
+
+ A value of the Object Class Description syntax is the definition of
+ an object class. The LDAP-specific encoding of a value of this
+
+
+
+Legg Expires 23 December 2005 [Page 19]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ syntax is defined by the <ObjectClassDescription> rule in [MODELS].
+
+ Example:
+ ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c
+ MAY ( searchGuide $ description ) )
+
+ Note: a line break has been added for readability - it is not part of
+ the syntax.
+
+ The LDAP definition for the Object Class Description syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'Object Class Description' )
+
+ This syntax corresponds to the ObjectClassDescription ASN.1 type from
+ [X.501].
+
+3.3.25. Octet String
+
+ A value of the Octet String syntax is a sequence of zero, one or more
+ arbitrary octets. The LDAP-specific encoding of a value of this
+ syntax is the unconverted sequence of octets, which conforms to the
+ following ABNF:
+
+ OctetString = *OCTET
+
+ The <OCTET> rule is defined in [MODELS]. Values of this syntax are
+ not generally human-readable.
+
+ The LDAP definition for the Octet String syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )
+
+ This syntax corresponds to the OCTET STRING ASN.1 type from [ASN.1].
+
+3.3.26. OID
+
+ A value of the OID syntax is an object identifier; a sequence of two
+ or more non-negative integers that uniquely identify some object or
+ item of specification. Many of the object identifiers used in LDAP
+ also have IANA registered names [RFC3383].
+
+ The LDAP-specific encoding of a value of this syntax is defined by
+ the <oid> rule in [MODELS].
+
+ Examples:
+ 1.2.3.4
+ cn
+
+
+
+
+Legg Expires 23 December 2005 [Page 20]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The LDAP definition for the OID syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )
+
+ This syntax corresponds to the OBJECT IDENTIFIER ASN.1 type from
+ [ASN.1].
+
+3.3.27. Other Mailbox
+
+ A value of the Other Mailbox syntax identifies an electronic mailbox,
+ in a particular named mail system. The LDAP-specific encoding of a
+ value of this syntax is defined by the following ABNF:
+
+ OtherMailbox = mailbox-type DOLLAR mailbox
+ mailbox-type = PrintableString
+ mailbox = IA5String
+
+ The <mailbox-type> rule represents the type of mail system in which
+ the mailbox resides, for example "MCIMail", and <mailbox> is the
+ actual mailbox in the mail system described by <mailbox-type>. The
+ <PrintableString> and <IA5String> rules are defined in Section 3.2.
+ The <DOLLAR> rule is defined in [MODELS].
+
+ The LDAP definition for the Other Mailbox syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'Other Mailbox' )
+
+ The ASN.1 type corresponding to the Other Mailbox syntax is defined
+ as follows, assuming EXPLICIT TAGS:
+
+ OtherMailbox ::= SEQUENCE {
+ mailboxType PrintableString,
+ mailbox IA5String
+ }
+
+3.3.28. Postal Address
+
+ A value of the Postal Address syntax is a sequence of strings of one
+ or more arbitrary UCS characters, which form an address in a physical
+ mail system.
+
+ The LDAP-specific encoding of a value of this syntax is defined by
+ the following ABNF:
+
+ PostalAddress = line *( DOLLAR line )
+ line = 1*line-char
+ line-char = %x00-23
+ / (%x5C "24") ; escaped "$"
+
+
+
+Legg Expires 23 December 2005 [Page 21]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ / %x25-5B
+ / (%x5C "5C") ; escaped "\"
+ / %x5D-7F
+ / UTFMB
+
+ Each character string (i.e., <line>) of a postal address value is
+ encoded as a UTF-8 [UTF8] string except that "\" and "$" characters,
+ if they occur in the string, are escaped by a "\" character followed
+ by the two hexadecimal digit code for the character. The <DOLLAR>
+ and <UTFMB> rules are defined in [MODELS].
+
+ Many servers limit the postal address to no more than six lines of no
+ more than thirty characters each.
+
+ Example:
+ 1234 Main St.$Anytown, CA 12345$USA
+ \241,000,000 Sweepstakes$PO Box 1000000$Anytown, CA 12345$USA
+
+ The LDAP definition for the Postal Address syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )
+
+ This syntax corresponds to the PostalAddress ASN.1 type from [X.520],
+ i.e.,
+
+ PostalAddress ::= SEQUENCE SIZE(1..ub-postal-line) OF
+ DirectoryString { ub-postal-string }
+
+ The values of ub-postal-line and ub-postal-string (both integers) are
+ implementation defined. Non-normative definitions appear in [X.520].
+
+3.3.29. Printable String
+
+ A value of the Printable String syntax is a string of one or more
+ latin alphabetic, numeric, and selected punctuation characters as
+ specified by the <PrintableCharacter> rule in Section 3.2.
+
+ The LDAP-specific encoding of a value of this syntax is the
+ unconverted string of characters, which conforms to the
+ <PrintableString> rule in Section 3.2.
+
+ Example:
+ This is a PrintableString.
+
+ The LDAP definition for the PrintableString syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )
+
+
+
+
+Legg Expires 23 December 2005 [Page 22]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ This syntax corresponds to the PrintableString ASN.1 type from
+ [ASN.1].
+
+3.3.30. Substring Assertion
+
+ A value of the Substring Assertion syntax is a sequence of zero, one
+ or more character substrings used as an argument for substring
+ extensible matching of character string attribute values, i.e., as
+ the matchValue of a MatchingRuleAssertion [PROT]. Each substring is
+ a string of one or more arbitrary characters from the Universal
+ Character Set (UCS) [UCS]. A zero length substring is not permitted.
+
+ The LDAP-specific encoding of a value of this syntax is defined by
+ the following ABNF:
+
+ SubstringAssertion = [ initial ] any [ final ]
+
+ initial = substring
+ any = ASTERISK *(substring ASTERISK)
+ final = substring
+ ASTERISK = %x2A ; asterisk ("*")
+
+ substring = 1*substring-character
+ substring-character = %x00-29
+ / (%x5C "2A") ; escaped "*"
+ / %x2B-5B
+ / (%x5C "5C") ; escaped "\"
+ / %x5D-7F
+ / UTFMB
+
+ Each <substring> of a Substring Assertion value is encoded as a UTF-8
+ [UTF8] string, except that "\" and "*" characters, if they occur in
+ the substring, are escaped by a "\" character followed by the two
+ hexadecimal digit code for the character.
+
+ The Substring Assertion syntax is used only as the syntax of
+ assertion values in the extensible match. It is not used as an
+ attribute syntax, or in the SubstringFilter [PROT].
+
+ The LDAP definition for the Substring Assertion syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.58 DESC 'Substring Assertion' )
+
+ This syntax corresponds to the SubstringAssertion ASN.1 type from
+ [X.520].
+
+3.3.31. Telephone Number
+
+
+
+
+Legg Expires 23 December 2005 [Page 23]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ A value of the Telephone Number syntax is a string of printable
+ characters that complies with the internationally agreed format for
+ representing international telephone numbers [E.123].
+
+ The LDAP-specific encoding of a value of this syntax is the
+ unconverted string of characters, which conforms to the
+ <PrintableString> rule in Section 3.2.
+
+ Examples:
+ +1 512 315 0280
+ +1-512-315-0280
+ +61 3 9896 7830
+
+ The LDAP definition for the Telephone Number syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )
+
+ The Telephone Number syntax corresponds to the following ASN.1 type
+ from [X.520]:
+
+ PrintableString (SIZE(1..ub-telephone-number))
+
+ The value of ub-telephone-number (an integer) is implementation
+ defined. A non-normative definition appears in [X.520].
+
+3.3.32. Teletex Terminal Identifier
+
+ A value of this syntax specifies the identifier and (optionally)
+ parameters of a teletex terminal.
+
+ The LDAP-specific encoding of a value of this syntax is defined by
+ the following ABNF:
+
+ teletex-id = ttx-term *(DOLLAR ttx-param)
+ ttx-term = PrintableString ; terminal identifier
+ ttx-param = ttx-key COLON ttx-value ; parameter
+ ttx-key = "graphic" / "control" / "misc" / "page" / "private"
+ ttx-value = *ttx-value-octet
+
+ ttx-value-octet = %x00-23
+ / (%x5C "24") ; escaped "$"
+ / %x25-5B
+ / (%x5C "5C") ; escaped "\"
+ / %x5D-FF
+
+ The <PrintableString> and <COLON> rules are defined in Section 3.2.
+ The <DOLLAR> rule is defined in [MODELS].
+
+
+
+
+Legg Expires 23 December 2005 [Page 24]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The LDAP definition for the Teletex Terminal Identifier syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.51
+ DESC 'Teletex Terminal Identifier' )
+
+ This syntax corresponds to the TeletexTerminalIdentifier ASN.1 type
+ from [X.520].
+
+3.3.33. Telex Number
+
+ A value of the Telex Number syntax specifies the telex number,
+ country code and answerback code of a telex terminal.
+
+ The LDAP-specific encoding of a value of this syntax is defined by
+ the following ABNF:
+
+ telex-number = actual-number DOLLAR country-code
+ DOLLAR answerback
+ actual-number = PrintableString
+ country-code = PrintableString
+ answerback = PrintableString
+
+ The <PrintableString> rule is defined in Section 3.2. The <DOLLAR>
+ rule is defined in [MODELS].
+
+ The LDAP definition for the Telex Number syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )
+
+ This syntax corresponds to the TelexNumber ASN.1 type from [X.520].
+
+3.3.34. UTC Time
+
+ A value of the UTC Time syntax is a character string representing a
+ date and time to a precision of one minute or one second. The year
+ is given as a two-digit number. The LDAP-specific encoding of a
+ value of this syntax follows the format defined in [ASN.1] for the
+ UTCTime type and is described by the following ABNF:
+
+ UTCTime = year month day hour minute [ second ]
+ [ u-time-zone ]
+ u-time-zone = %x5A ; "Z"
+ / u-differential
+ u-differential = ( MINUS / PLUS ) hour minute
+
+ The <year>, <month>, <day>, <hour>, <minute>, <second> and <MINUS>
+ rules are defined in Section 3.3.13. The <PLUS> rule is defined in
+ [MODELS].
+
+
+
+Legg Expires 23 December 2005 [Page 25]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The above ABNF allows character strings which do not represent valid
+ dates (in the Gregorian calendar) and/or valid times. Such character
+ strings SHOULD be considered invalid for this syntax.
+
+ The time value represents coordinated universal time if the "Z" form
+ of <u-time-zone> is used, otherwise the value represents a local
+ time. In the latter case, if <u-differential> is provided then
+ coordinated universal time can be calculated by subtracting the
+ differential from the local time. The <u-time-zone> SHOULD be
+ present in time values and the "Z" form of <u-time-zone> SHOULD be
+ used in preference to <u-differential>.
+
+ The LDAP definition for the UTC Time syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.53 DESC 'UTC Time' )
+
+ Note: This syntax is deprecated in favor of the Generalized Time
+ syntax.
+
+ The UTC Time syntax corresponds to the UTCTime ASN.1 type from
+ [ASN.1].
+
+4. Matching Rules
+
+ Matching rules are used by directory implementations to compare
+ attribute values against assertion values when performing Search and
+ Compare operations [PROT]. They are also used when comparing a
+ purported distinguished name [MODELS] with the name of an entry.
+ When modifying entries, matching rules are used to identify values to
+ be deleted and to prevent an attribute from containing two equal
+ values.
+
+ Matching rules that are required for directory operation, or that are
+ in common use, are specified in this section.
+
+4.1. General Considerations
+
+ A matching rule is applied to attribute values through an
+ AttributeValueAssertion or MatchingRuleAssertion [PROT]. The
+ conditions under which an AttributeValueAssertion or
+ MatchingRuleAssertion evaluates to Undefined are specified elsewhere
+ [PROT]. If an assertion is not Undefined then the result of the
+ assertion is the result of applying the selected matching rule. A
+ matching rule evaluates to TRUE, and in some cases Undefined, as
+ specified in the description of the matching rule, otherwise it
+ evaluates to FALSE.
+
+ Each assertion contains an assertion value. The definition of each
+
+
+
+Legg Expires 23 December 2005 [Page 26]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ matching rule specifies the syntax for the assertion value. The
+ syntax of the assertion value is typically, but not necessarily, the
+ same as the syntax of the attribute values to which the matching rule
+ may be applied. Note that an AssertionValue in a SubstringFilter
+ [PROT] conforms to the assertion syntax of the equality matching rule
+ for the attribute type rather than the assertion syntax of the
+ substrings matching rule for the attribute type. Conceptually, the
+ entire SubstringFilter is converted into an assertion value of the
+ substrings matching rule prior to applying the rule.
+
+ The definition of each matching rule indicates the attribute syntaxes
+ to which the rule may be applied, by specifying conditions the
+ corresponding ASN.1 type of a candidate attribute syntax must
+ satisfy. These conditions are also satisfied if the corresponding
+ ASN.1 type is a tagged or constrained derivative of the ASN.1 type
+ explicitly mentioned in the rule description (i.e., ASN.1 tags and
+ constraints are ignored in checking applicability), or an alternative
+ reference notation for the explicitly mentioned type. Each rule
+ description lists as examples of applicable attribute syntaxes, the
+ complete list of the syntaxes defined in this document to which the
+ matching rule applies. A matching rule may be applicable to
+ additional syntaxes defined in other documents if those syntaxes
+ satisfy the conditions on the corresponding ASN.1 type.
+
+ The description of each matching rule indicates whether the rule is
+ suitable for use as the equality matching rule (EQUALITY), ordering
+ matching rule (ORDERING) or substrings matching rule (SUBSTR) in an
+ attribute type definition [MODELS].
+
+ Each matching rule is uniquely identified with an object identifier.
+ The definition of a matching rule should not be subsequently changed.
+ If a change is desirable then a new matching rule with a different
+ object identifier should be defined instead.
+
+ Servers MAY implement the wordMatch and keywordMatch matching rules,
+ but SHOULD implement the other matching rules in Section 4.2.
+ Servers MAY implement additional matching rules.
+
+ Servers which implement the extensibleMatch filter SHOULD allow the
+ matching rules listed in Section 4.2 to be used in the
+ extensibleMatch filter and SHOULD allow matching rules to be used
+ with all attribute types known to the server, where the assertion
+ syntax of the matching rule is the same as the value syntax of the
+ attribute.
+
+ Servers MUST publish in the matchingRules attribute, the definitions
+ of matching rules referenced by values of the attributeTypes and
+ matchingRuleUse attributes in the same subschema entry. Other
+
+
+
+Legg Expires 23 December 2005 [Page 27]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ unreferenced matching rules MAY be published in the matchingRules
+ attribute.
+
+ If the server supports the extensibleMatch filter, then the server
+ MAY use the matchingRuleUse attribute to indicate the applicability
+ (in an extensibleMatch filter) of selected matching rules to
+ nominated attribute types.
+
+4.2. Matching Rule Definitions
+
+ Nominated character strings in assertion and attribute values are
+ prepared according to the string preparation algorithms [PREP] for
+ LDAP when evaluating the following matching rules:
+
+ numericStringMatch,
+ numericStringSubstringsMatch,
+ caseExactMatch,
+ caseExactOrderingMatch,
+ caseExactSubstringsMatch,
+ caseExactIA5Match,
+ caseIgnoreIA5Match,
+ caseIgnoreIA5SubstringsMatch,
+ caseIgnoreListMatch,
+ caseIgnoreListSubstringsMatch,
+ caseIgnoreMatch,
+ caseIgnoreOrderingMatch,
+ caseIgnoreSubstringsMatch,
+ directoryStringFirstComponentMatch,
+ telephoneNumberMatch,
+ telephoneNumberSubstringsMatch and
+ wordMatch.
+
+ The Transcode, Normalize, Prohibit and Check bidi steps are the same
+ for each of the matching rules. However, the Map and Insignificant
+ Character Handling steps depends on the specific rule, as detailed in
+ the description of these matching rules in the sections that follow.
+
+4.2.1. bitStringMatch
+
+ The bitStringMatch rule compares an assertion value of the Bit String
+ syntax to an attribute value of a syntax (e.g., the Bit String
+ syntax) whose corresponding ASN.1 type is BIT STRING.
+
+ If the corresponding ASN.1 type of the attribute syntax does not have
+ a named bit list [ASN.1] (which is the case for the Bit String
+ syntax) then the rule evaluates to TRUE if and only if the attribute
+ value has the same number of bits as the assertion value and the bits
+ match on a bitwise basis.
+
+
+
+Legg Expires 23 December 2005 [Page 28]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ If the corresponding ASN.1 type does have a named bit list then
+ bitStringMatch operates as above except that trailing zero bits in
+ the attribute and assertion values are treated as absent.
+
+ The LDAP definition for the bitStringMatch rule is:
+
+ ( 2.5.13.16 NAME 'bitStringMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+
+ The bitStringMatch rule is an equality matching rule.
+
+4.2.2. booleanMatch
+
+ The booleanMatch rule compares an assertion value of the Boolean
+ syntax to an attribute value of a syntax (e.g., the Boolean syntax)
+ whose corresponding ASN.1 type is BOOLEAN.
+
+ The rule evaluates to TRUE if and only if the attribute value and the
+ assertion value are both TRUE or both FALSE.
+
+ The LDAP definition for the booleanMatch rule is:
+
+ ( 2.5.13.13 NAME 'booleanMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+ The booleanMatch rule is an equality matching rule.
+
+4.2.3. caseExactIA5Match
+
+ The caseExactIA5Match rule compares an assertion value of the IA5
+ String syntax to an attribute value of a syntax (e.g the IA5 String
+ syntax) whose corresponding ASN.1 type is IA5String.
+
+ The rule evaluates to TRUE if and only if the prepared attribute
+ value character string and the prepared assertion value character
+ string have the same number of characters and corresponding
+ characters have the same code point.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are not case folded in the Map preparation step, and only
+ Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
+
+ The LDAP definition for the caseExactIA5Match rule is:
+
+ ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+
+
+
+Legg Expires 23 December 2005 [Page 29]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The caseExactIA5Match rule is an equality matching rule.
+
+4.2.4. caseExactMatch
+
+ The caseExactMatch rule compares an assertion value of the Directory
+ String syntax to an attribute value of a syntax (e.g., the Directory
+ String, Printable String, Country String or Telephone Number syntax)
+ whose corresponding ASN.1 type is DirectoryString or one of the
+ alternative string types of DirectoryString, e.g., PrintableString
+ (the other alternatives do not correspond to any syntax defined in
+ this document).
+
+ The rule evaluates to TRUE if and only if the prepared attribute
+ value character string and the prepared assertion value character
+ string have the same number of characters and corresponding
+ characters have the same code point.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are not case folded in the Map preparation step, and only
+ Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
+
+ The LDAP definition for the caseExactMatch rule is:
+
+ ( 2.5.13.5 NAME 'caseExactMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ The caseExactMatch rule is an equality matching rule.
+
+4.2.5. caseExactOrderingMatch
+
+ The caseExactOrderingMatch rule compares an assertion value of the
+ Directory String syntax to an attribute value of a syntax (e.g., the
+ Directory String, Printable String, Country String or Telephone
+ Number syntax) whose corresponding ASN.1 type is DirectoryString or
+ one of its alternative string types.
+
+ The rule evaluates to TRUE if, and only if, in the code point
+ collation order, the prepared attribute value character string
+ appears earlier than the prepared assertion value character string,
+ i.e., the attribute value is "less than" the assertion value.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are not case folded in the Map preparation step, and only
+ Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
+
+ The LDAP definition for the caseExactOrderingMatch rule is:
+
+
+
+Legg Expires 23 December 2005 [Page 30]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ ( 2.5.13.6 NAME 'caseExactOrderingMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ The caseExactOrderingMatch rule is an ordering matching rule.
+
+4.2.6. caseExactSubstringsMatch
+
+ The caseExactSubstringsMatch rule compares an assertion value of the
+ Substring Assertion syntax to an attribute value of a syntax (e.g.,
+ the Directory String, Printable String, Country String or Telephone
+ Number syntax) whose corresponding ASN.1 type is DirectoryString or
+ one of its alternative string types.
+
+ The rule evaluates to TRUE if and only if the prepared substrings of
+ the assertion value match disjoint portions of the prepared attribute
+ value character string in the order of the substrings in the
+ assertion value, and an <initial> substring, if present, matches the
+ beginning of the prepared attribute value character string, and a
+ <final> substring, if present, matches the end of the prepared
+ attribute value character string. A prepared substring matches a
+ portion of the prepared attribute value character string if
+ corresponding characters have the same code point.
+
+ In preparing the attribute value and assertion value substrings for
+ comparison, characters are not case folded in the Map preparation
+ step, and only Insignificant Space Handling is applied in the
+ Insignificant Character Handling step.
+
+ The LDAP definition for the caseExactSubstringsMatch rule is:
+
+ ( 2.5.13.7 NAME 'caseExactSubstringsMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
+
+ The caseExactSubstringsMatch rule is a substrings matching rule.
+
+4.2.7. caseIgnoreIA5Match
+
+ The caseIgnoreIA5Match rule compares an assertion value of the IA5
+ String syntax to an attribute value of a syntax (e.g the IA5 String
+ syntax) whose corresponding ASN.1 type is IA5String.
+
+ The rule evaluates to TRUE if and only if the prepared attribute
+ value character string and the prepared assertion value character
+ string have the same number of characters and corresponding
+ characters have the same code point.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are case folded in the Map preparation step, and only
+
+
+
+Legg Expires 23 December 2005 [Page 31]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
+
+ The LDAP definition for the caseIgnoreIA5Match rule is:
+
+ ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+ The caseIgnoreIA5Match rule is an equality matching rule.
+
+4.2.8. caseIgnoreIA5SubstringsMatch
+
+ The caseIgnoreIA5SubstringsMatch rule compares an assertion value of
+ the Substring Assertion syntax to an attribute value of a syntax (e.g
+ the IA5 String syntax) whose corresponding ASN.1 type is IA5String.
+
+ The rule evaluates to TRUE if and only if the prepared substrings of
+ the assertion value match disjoint portions of the prepared attribute
+ value character string in the order of the substrings in the
+ assertion value, and an <initial> substring, if present, matches the
+ beginning of the prepared attribute value character string, and a
+ <final> substring, if present, matches the end of the prepared
+ attribute value character string. A prepared substring matches a
+ portion of the prepared attribute value character string if
+ corresponding characters have the same code point.
+
+ In preparing the attribute value and assertion value substrings for
+ comparison, characters are case folded in the Map preparation step,
+ and only Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
+
+ ( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
+
+ The caseIgnoreIA5SubstringsMatch rule is a substrings matching rule.
+
+4.2.9. caseIgnoreListMatch
+
+ The caseIgnoreListMatch rule compares an assertion value that is a
+ sequence of strings to an attribute value of a syntax (e.g., the
+ Postal Address syntax) whose corresponding ASN.1 type is a SEQUENCE
+ OF the DirectoryString ASN.1 type.
+
+ The rule evaluates to TRUE if and only if the attribute value and the
+ assertion value have the same number of strings and corresponding
+ strings (by position) match according to the caseIgnoreMatch matching
+ rule.
+
+
+
+
+Legg Expires 23 December 2005 [Page 32]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ In [X.520] the assertion syntax for this matching rule is defined to
+ be:
+
+ SEQUENCE OF DirectoryString {ub-match}
+
+ i.e., different from the corresponding type for the Postal Address
+ syntax. The choice of the Postal Address syntax for the assertion
+ syntax of the caseIgnoreListMatch in LDAP should not be seen as
+ limiting the matching rule to only apply to attributes with the
+ Postal Address syntax.
+
+ The LDAP definition for the caseIgnoreListMatch rule is:
+
+ ( 2.5.13.11 NAME 'caseIgnoreListMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+ The caseIgnoreListMatch rule is an equality matching rule.
+
+4.2.10. caseIgnoreListSubstringsMatch
+
+ The caseIgnoreListSubstringsMatch rule compares an assertion value of
+ the Substring Assertion syntax to an attribute value of a syntax
+ (e.g., the Postal Address syntax) whose corresponding ASN.1 type is a
+ SEQUENCE OF the DirectoryString ASN.1 type.
+
+ The rule evaluates to TRUE if and only if the assertion value
+ matches, per the caseIgnoreSubstringsMatch rule, the character string
+ formed by concatenating the strings of the attribute value, except
+ that none of the <initial>, <any>, or <final> substrings of the
+ assertion value are considered to match a substring of the
+ concatenated string which spans more than one of the original strings
+ of the attribute value.
+
+ Note that, in terms of the LDAP-specific encoding of the Postal
+ Address syntax, the concatenated string omits the <DOLLAR> line
+ separator and the escaping of "\" and "$" characters.
+
+ The LDAP definition for the caseIgnoreListSubstringsMatch rule is:
+
+ ( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
+
+ The caseIgnoreListSubstringsMatch rule is a substrings matching rule.
+
+4.2.11. caseIgnoreMatch
+
+ The caseIgnoreMatch rule compares an assertion value of the Directory
+ String syntax to an attribute value of a syntax (e.g., the Directory
+
+
+
+Legg Expires 23 December 2005 [Page 33]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ String, Printable String, Country String or Telephone Number syntax)
+ whose corresponding ASN.1 type is DirectoryString or one of its
+ alternative string types.
+
+ The rule evaluates to TRUE if and only if the prepared attribute
+ value character string and the prepared assertion value character
+ string have the same number of characters and corresponding
+ characters have the same code point.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are case folded in the Map preparation step, and only
+ Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
+
+ The LDAP definition for the caseIgnoreMatch rule is:
+
+ ( 2.5.13.2 NAME 'caseIgnoreMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ The caseIgnoreMatch rule is an equality matching rule.
+
+4.2.12. caseIgnoreOrderingMatch
+
+ The caseIgnoreOrderingMatch rule compares an assertion value of the
+ Directory String syntax to an attribute value of a syntax (e.g., the
+ Directory String, Printable String, Country String or Telephone
+ Number syntax) whose corresponding ASN.1 type is DirectoryString or
+ one of its alternative string types.
+
+ The rule evaluates to TRUE if, and only if, in the code point
+ collation order, the prepared attribute value character string
+ appears earlier than the prepared assertion value character string,
+ i.e., the attribute value is "less than" the assertion value.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are case folded in the Map preparation step, and only
+ Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
+
+ The LDAP definition for the caseIgnoreOrderingMatch rule is:
+
+ ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ The caseIgnoreOrderingMatch rule is an ordering matching rule.
+
+4.2.13. caseIgnoreSubstringsMatch
+
+
+
+
+Legg Expires 23 December 2005 [Page 34]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The caseIgnoreSubstringsMatch rule compares an assertion value of the
+ Substring Assertion syntax to an attribute value of a syntax (e.g.,
+ the Directory String, Printable String, Country String or Telephone
+ Number syntax) whose corresponding ASN.1 type is DirectoryString or
+ one of its alternative string types.
+
+ The rule evaluates to TRUE if and only if the prepared substrings of
+ the assertion value match disjoint portions of the prepared attribute
+ value character string in the order of the substrings in the
+ assertion value, and an <initial> substring, if present, matches the
+ beginning of the prepared attribute value character string, and a
+ <final> substring, if present, matches the end of the prepared
+ attribute value character string. A prepared substring matches a
+ portion of the prepared attribute value character string if
+ corresponding characters have the same code point.
+
+ In preparing the attribute value and assertion value substrings for
+ comparison, characters are case folded in the Map preparation step,
+ and only Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
+
+ The LDAP definition for the caseIgnoreSubstringsMatch rule is:
+
+ ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
+
+ The caseIgnoreSubstringsMatch rule is a substrings matching rule.
+
+4.2.14. directoryStringFirstComponentMatch
+
+ The directoryStringFirstComponentMatch rule compares an assertion
+ value of the Directory String syntax to an attribute value of a
+ syntax whose corresponding ASN.1 type is a SEQUENCE with a mandatory
+ first component of the DirectoryString ASN.1 type.
+
+ Note that the assertion syntax of this matching rule differs from the
+ attribute syntax of attributes for which this is the equality
+ matching rule.
+
+ The rule evaluates to TRUE if and only if the assertion value matches
+ the first component of the attribute value using the rules of
+ caseIgnoreMatch.
+
+ The LDAP definition for the directoryStringFirstComponentMatch
+ matching rule is:
+
+ ( 2.5.13.31 NAME 'directoryStringFirstComponentMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+
+
+Legg Expires 23 December 2005 [Page 35]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The directoryStringFirstComponentMatch rule is an equality matching
+ rule. When using directoryStringFirstComponentMatch to compare two
+ attribute values (of an applicable syntax), an assertion value must
+ first be derived from one of the attribute values. An assertion
+ value can be derived from an attribute value by taking the first
+ component of that attribute value.
+
+4.2.15. distinguishedNameMatch
+
+ The distinguishedNameMatch rule compares an assertion value of the DN
+ syntax to an attribute value of a syntax (e.g., the DN syntax) whose
+ corresponding ASN.1 type is DistinguishedName.
+
+ The rule evaluates to TRUE if and only if the attribute value and the
+ assertion value have the same number of relative distinguished names
+ and corresponding relative distinguished names (by position) are the
+ same. A relative distinguished name (RDN) of the assertion value is
+ the same as an RDN of the attribute value if and only if they have
+ the same number of attribute value assertions and each attribute
+ value assertion (AVA) of the first RDN is the same as the AVA of the
+ second RDN with the same attribute type. The order of the AVAs is
+ not significant. Also note that a particular attribute type may
+ appear in at most one AVA in an RDN. Two AVAs with the same
+ attribute type are the same if their values are equal according to
+ the equality matching rule of the attribute type. If one or more of
+ the AVA comparisons evaluate to Undefined and the remaining AVA
+ comparisons return TRUE then the distinguishedNameMatch rule
+ evaluates to Undefined.
+
+ The LDAP definition for the distinguishedNameMatch rule is:
+
+ ( 2.5.13.1 NAME 'distinguishedNameMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+ The distinguishedNameMatch rule is an equality matching rule.
+
+4.2.16. generalizedTimeMatch
+
+ The generalizedTimeMatch rule compares an assertion value of the
+ Generalized Time syntax to an attribute value of a syntax (e.g the
+ Generalized Time syntax) whose corresponding ASN.1 type is
+ GeneralizedTime.
+
+ The rule evaluates to TRUE if and only if the attribute value
+ represents the same universal coordinated time as the assertion
+ value. If a time is specified with the minutes or seconds absent
+ then the number of minutes or seconds (respectively) is assumed to be
+ zero.
+
+
+
+Legg Expires 23 December 2005 [Page 36]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The LDAP definition for the generalizedTimeMatch rule is:
+
+ ( 2.5.13.27 NAME 'generalizedTimeMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
+
+ The generalizedTimeMatch rule is an equality matching rule.
+
+4.2.17. generalizedTimeOrderingMatch
+
+ The generalizedTimeOrderingMatch rule compares the time ordering of
+ an assertion value of the Generalized Time syntax to an attribute
+ value of a syntax (e.g the Generalized Time syntax) whose
+ corresponding ASN.1 type is GeneralizedTime.
+
+ The rule evaluates to TRUE if and only if the attribute value
+ represents a universal coordinated time which is earlier than the
+ universal coordinated time represented by the assertion value.
+
+ The LDAP definition for the generalizedTimeOrderingMatch rule is:
+
+ ( 2.5.13.28 NAME 'generalizedTimeOrderingMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
+
+ The generalizedTimeOrderingMatch rule is an ordering matching rule.
+
+4.2.18. integerFirstComponentMatch
+
+ The integerFirstComponentMatch rule compares an assertion value of
+ the Integer syntax to an attribute value of a syntax (e.g the DIT
+ Structure Rule Description syntax) whose corresponding ASN.1 type is
+ a SEQUENCE with a mandatory first component of the INTEGER ASN.1
+ type.
+
+ Note that the assertion syntax of this matching rule differs from the
+ attribute syntax of attributes for which this is the equality
+ matching rule.
+
+ The rule evaluates to TRUE if and only if the assertion value and the
+ first component of the attribute value are the same integer value.
+
+ The LDAP definition for the integerFirstComponentMatch matching rule
+ is:
+
+ ( 2.5.13.29 NAME 'integerFirstComponentMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+ The integerFirstComponentMatch rule is an equality matching rule.
+ When using integerFirstComponentMatch to compare two attribute values
+
+
+
+Legg Expires 23 December 2005 [Page 37]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ (of an applicable syntax), an assertion value must first be derived
+ from one of the attribute values. An assertion value can be derived
+ from an attribute value by taking the first component of that
+ attribute value.
+
+4.2.19. integerMatch
+
+ The integerMatch rule compares an assertion value of the Integer
+ syntax to an attribute value of a syntax (e.g the Integer syntax)
+ whose corresponding ASN.1 type is INTEGER.
+
+ The rule evaluates to TRUE if and only if the attribute value and the
+ assertion value are the same integer value.
+
+ The LDAP definition for the integerMatch matching rule is:
+
+ ( 2.5.13.14 NAME 'integerMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+ The integerMatch rule is an equality matching rule.
+
+4.2.20. integerOrderingMatch
+
+ The integerOrderingMatch rule compares an assertion value of the
+ Integer syntax to an attribute value of a syntax (e.g the Integer
+ syntax) whose corresponding ASN.1 type is INTEGER.
+
+ The rule evaluates to TRUE if and only if the integer value of the
+ attribute value is less than the integer value the assertion value.
+
+ The LDAP definition for the integerOrderingMatch matching rule is:
+
+ ( 2.5.13.15 NAME 'integerOrderingMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+ The integerOrderingMatch rule is an ordering matching rule.
+
+4.2.21. keywordMatch
+
+ The keywordMatch rule compares an assertion value of the Directory
+ String syntax to an attribute value of a syntax (e.g., the Directory
+ String syntax) whose corresponding ASN.1 type is DirectoryString.
+
+ The rule evaluates to TRUE if and only if the assertion value
+ character string matches any keyword in the attribute value. The
+ identification of keywords in the attribute value and the exactness
+ of the match are both implementation specific.
+
+
+
+
+Legg Expires 23 December 2005 [Page 38]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The LDAP definition for the keywordMatch rule is:
+
+ ( 2.5.13.33 NAME 'keywordMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+4.2.22. numericStringMatch
+
+ The numericStringMatch rule compares an assertion value of the
+ Numeric String syntax to an attribute value of a syntax (e.g the
+ Numeric String syntax) whose corresponding ASN.1 type is
+ NumericString.
+
+ The rule evaluates to TRUE if and only if the prepared attribute
+ value character string and the prepared assertion value character
+ string have the same number of characters and corresponding
+ characters have the same code point.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are not case folded in the Map preparation step, and only
+ numericString Insignificant Character Handling is applied in the
+ Insignificant Character Handling step.
+
+ The LDAP definition for the numericStringMatch matching rule is:
+
+ ( 2.5.13.8 NAME 'numericStringMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
+
+ The numericStringMatch rule is an equality matching rule.
+
+4.2.23. numericStringOrderingMatch
+
+ The numericStringOrderingMatch rule compares an assertion value of
+ the Numeric String syntax to an attribute value of a syntax (e.g the
+ Numeric String syntax) whose corresponding ASN.1 type is
+ NumericString.
+
+ The rule evaluates to TRUE if, and only if, in the code point
+ collation order, the prepared attribute value character string
+ appears earlier than the prepared assertion value character string,
+ i.e., the attribute value is "less than" the assertion value.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are not case folded in the Map preparation step, and only
+ numericString Insignificant Character Handling is applied in the
+ Insignificant Character Handling step.
+
+ The rule is identical to the caseIgnoreOrderingMatch rule except that
+ all space characters are skipped during comparison (case is
+
+
+
+Legg Expires 23 December 2005 [Page 39]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ irrelevant as characters are numeric).
+
+ The LDAP definition for the numericStringOrderingMatch matching rule
+ is:
+
+ ( 2.5.13.9 NAME 'numericStringOrderingMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
+
+ The numericStringOrderingMatch rule is an ordering matching rule.
+
+4.2.24. numericStringSubstringsMatch
+
+ The numericStringSubstringsMatch rule compares an assertion value of
+ the Substring Assertion syntax to an attribute value of a syntax (e.g
+ the Numeric String syntax) whose corresponding ASN.1 type is
+ NumericString.
+
+ The rule evaluates to TRUE if and only if the prepared substrings of
+ the assertion value match disjoint portions of the prepared attribute
+ value character string in the order of the substrings in the
+ assertion value, and an <initial> substring, if present, matches the
+ beginning of the prepared attribute value character string, and a
+ <final> substring, if present, matches the end of the prepared
+ attribute value character string. A prepared substring matches a
+ portion of the prepared attribute value character string if
+ corresponding characters have the same code point.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are not case folded in the Map preparation step, and only
+ numericString Insignificant Character Handling is applied in the
+ Insignificant Character Handling step.
+
+ The LDAP definition for the numericStringSubstringsMatch matching
+ rule is:
+
+ ( 2.5.13.10 NAME 'numericStringSubstringsMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
+
+ The numericStringSubstringsMatch rule is a substrings matching rule.
+
+4.2.25. objectIdentifierFirstComponentMatch
+
+ The objectIdentifierFirstComponentMatch rule compares an assertion
+ value of the OID syntax to an attribute value of a syntax (e.g the
+ Attribute Type Description, DIT Content Rule Description, LDAP Syntax
+ Description, Matching Rule Description, Matching Rule Use
+ Description, Name Form Description or Object Class Description
+ syntax) whose corresponding ASN.1 type is a SEQUENCE with a mandatory
+
+
+
+Legg Expires 23 December 2005 [Page 40]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ first component of the OBJECT IDENTIFIER ASN.1 type.
+
+ Note that the assertion syntax of this matching rule differs from the
+ attribute syntax of attributes for which this is the equality
+ matching rule.
+
+ The rule evaluates to TRUE if and only if the assertion value matches
+ the first component of the attribute value using the rules of
+ objectIdentifierMatch.
+
+ The LDAP definition for the objectIdentifierFirstComponentMatch
+ matching rule is:
+
+ ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+ The objectIdentifierFirstComponentMatch rule is an equality matching
+ rule. When using objectIdentifierFirstComponentMatch to compare two
+ attribute values (of an applicable syntax), an assertion value must
+ first be derived from one of the attribute values. An assertion
+ value can be derived from an attribute value by taking the first
+ component of that attribute value.
+
+4.2.26. objectIdentifierMatch
+
+ The objectIdentifierMatch rule compares an assertion value of the OID
+ syntax to an attribute value of a syntax (e.g the OID syntax) whose
+ corresponding ASN.1 type is OBJECT IDENTIFIER.
+
+ The rule evaluates to TRUE if and only if the assertion value and the
+ attribute value represent the same object identifier, that is, the
+ same sequence of integers, whether represented explicitly in the
+ <numericoid> form of <oid> or implicitly in the <descr> form (see
+ [MODELS]).
+
+ If an LDAP client supplies an assertion value in the <descr> form,
+ and the chosen descriptor is not recognized by the server, then the
+ objectIdentifierMatch rule evaluates to Undefined.
+
+ The LDAP definition for the objectIdentifierMatch matching rule is:
+
+ ( 2.5.13.0 NAME 'objectIdentifierMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+ The objectIdentifierMatch rule is an equality matching rule.
+
+4.2.27. octetStringMatch
+
+
+
+
+Legg Expires 23 December 2005 [Page 41]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The octetStringMatch rule compares an assertion value of the Octet
+ String syntax to an attribute value of a syntax (e.g the Octet String
+ or JPEG syntax) whose corresponding ASN.1 type is the OCTET STRING
+ ASN.1 type.
+
+ The rule evaluates to TRUE if and only if the attribute value and the
+ assertion value are the same length and corresponding octets (by
+ position) are the same.
+
+ The LDAP definition for the octetStringMatch matching rule is:
+
+ ( 2.5.13.17 NAME 'octetStringMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+ The octetStringMatch rule is an equality matching rule.
+
+4.2.28. octetStringOrderingMatch
+
+ The octetStringOrderingMatch rule compares an assertion value of the
+ Octet String syntax to an attribute value of a syntax (e.g the Octet
+ String or JPEG syntax) whose corresponding ASN.1 type is the OCTET
+ STRING ASN.1 type.
+
+ The rule evaluates to TRUE if and only if the attribute value appears
+ earlier in the collation order than the assertion value. The rule
+ compares octet strings from the first octet to the last octet, and
+ from the most significant bit to the least significant bit within the
+ octet. The first occurrence of a different bit determines the
+ ordering of the strings. A zero bit precedes a one bit. If the
+ strings contain different numbers of octets but the longer string is
+ identical to the shorter string up to the length of the shorter
+ string then the shorter string precedes the longer string.
+
+ The LDAP definition for the octetStringOrderingMatch matching rule
+ is:
+
+ ( 2.5.13.18 NAME 'octetStringOrderingMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+ The octetStringOrderingMatch rule is an ordering matching rule.
+
+4.2.29. telephoneNumberMatch
+
+ The telephoneNumberMatch rule compares an assertion value of the
+ Telephone Number syntax to an attribute value of a syntax (e.g the
+ Telephone Number syntax) whose corresponding ASN.1 type is a
+ PrintableString representing a telephone number.
+
+
+
+
+Legg Expires 23 December 2005 [Page 42]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The rule evaluates to TRUE if and only if the prepared attribute
+ value character string and the prepared assertion value character
+ string have the same number of characters and corresponding
+ characters have the same code point.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are case folded in the Map preparation step, and only
+ telephoneNumber Insignificant Character Handling is applied in the
+ Insignificant Character Handling step.
+
+ The LDAP definition for the telephoneNumberMatch matching rule is:
+
+ ( 2.5.13.20 NAME 'telephoneNumberMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+ The telephoneNumberMatch rule is an equality matching rule.
+
+4.2.30. telephoneNumberSubstringsMatch
+
+ The telephoneNumberSubstringsMatch rule compares an assertion value
+ of the Substring Assertion syntax to an attribute value of a syntax
+ (e.g the Telephone Number syntax) whose corresponding ASN.1 type is a
+ PrintableString representing a telephone number.
+
+ The rule evaluates to TRUE if and only if the prepared substrings of
+ the assertion value match disjoint portions of the prepared attribute
+ value character string in the order of the substrings in the
+ assertion value, and an <initial> substring, if present, matches the
+ beginning of the prepared attribute value character string, and a
+ <final> substring, if present, matches the end of the prepared
+ attribute value character string. A prepared substring matches a
+ portion of the prepared attribute value character string if
+ corresponding characters have the same code point.
+
+ In preparing the attribute value and assertion value substrings for
+ comparison, characters are case folded in the Map preparation step,
+ and only telephoneNumber Insignificant Character Handling is applied
+ in the Insignificant Character Handling step.
+
+ The LDAP definition for the telephoneNumberSubstringsMatch matching
+ rule is:
+
+ ( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
+
+ The telephoneNumberSubstringsMatch rule is a substrings matching
+ rule.
+
+
+
+
+Legg Expires 23 December 2005 [Page 43]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+4.2.31. uniqueMemberMatch
+
+ The uniqueMemberMatch rule compares an assertion value of the Name
+ And Optional UID syntax to an attribute value of a syntax (e.g the
+ Name And Optional UID syntax) whose corresponding ASN.1 type is
+ NameAndOptionalUID.
+
+ The rule evaluates to TRUE if and only if the <distinguishedName>
+ components of the assertion value and attribute value match according
+ to the distinguishedNameMatch rule and either, the <BitString>
+ component is absent from both the attribute value and assertion
+ value, or the <BitString> component is present in both the attribute
+ value and the assertion value and the <BitString> component of the
+ assertion value matches the <BitString> component of the attribute
+ value according to the bitStringMatch rule.
+
+ Note that this matching rule has been altered from its description in
+ X.520 [X.520] in order to make the matching rule commutative. Server
+ implementors should consider using the original X.520 semantics
+ (where the matching was less exact) for approximate matching of
+ attributes with uniqueMemberMatch as the equality matching rule.
+
+ The LDAP definition for the uniqueMemberMatch matching rule is:
+
+ ( 2.5.13.23 NAME 'uniqueMemberMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+
+ The uniqueMemberMatch rule is an equality matching rule.
+
+4.2.32. wordMatch
+
+ The wordMatch rule compares an assertion value of the Directory
+ String syntax to an attribute value of a syntax (e.g., the Directory
+ String syntax) whose corresponding ASN.1 type is DirectoryString.
+
+ The rule evaluates to TRUE if and only if the assertion value word
+ matches, according to the semantics of caseIgnoreMatch, any word in
+ the attribute value. The precise definition of a word is
+ implementation specific.
+
+ The LDAP definition for the wordMatch rule is:
+
+ ( 2.5.13.32 NAME 'wordMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+5. Security Considerations
+
+ In general, the LDAP-specific encodings for syntaxes defined in this
+
+
+
+Legg Expires 23 December 2005 [Page 44]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ document do not define canonical encodings. That is, a
+ transformation from an LDAP-specific encoding into some other
+ encoding (e.g., BER) and back into the LDAP-specific encoding will
+ not necessarily reproduce exactly the original octets of the
+ LDAP-specific encoding. Therefore an LDAP-specific encoding should
+ not be used where a canonical encoding is required.
+
+ Furthermore, the LDAP-specific encodings do not necessarily enable an
+ alternative encoding of values of the Directory String and DN
+ syntaxes to be reconstructed, e.g., a transformation from a
+ Distinguished Encoding Rules (DER) [BER] encoding to an LDAP-specific
+ encoding and back to a DER encoding may not reproduce the original
+ DER encoding. Therefore LDAP-specific encodings should not be used
+ where reversibility to DER is needed, e.g., for the verification of
+ digital signatures. Instead, DER or a DER-reversible encoding should
+ be used.
+
+ When interpreting security-sensitive fields, and in particular fields
+ used to grant or deny access, implementations MUST ensure that any
+ matching rule comparisons are done on the underlying abstract value,
+ regardless of the particular encoding used.
+
+6. Acknowledgements
+
+ This document is primarily a revision of RFC 2252 by M. Wahl, A.
+ Coulbeck, T. Howes, and S. Kille. RFC 2252 was a product of the IETF
+ ASID Working Group.
+
+ This document is based upon input of the IETF LDAPBIS working group.
+ The author would like to thank Kathy Dally for editing the early
+ drafts of this revision, and Jim Sermersheim and Kurt Zeilenga for
+ their significant contributions to this revision.
+
+7. IANA Considerations
+
+ The Internet Assigned Numbers Authority (IANA) is requested to update
+ the LDAP descriptors registry [BCP64] as indicated by the following
+ templates:
+
+ Subject: Request for LDAP Descriptor Registration Update
+ Descriptor (short name): see comment
+ Object Identifier: see comment
+ Person & email address to contact for further information:
+ Steven Legg <steven.legg at eb2bcom.com>
+ Usage: see comment
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+
+
+
+Legg Expires 23 December 2005 [Page 45]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The following descriptors (short names) should be updated to refer
+ to RFC XXXX.
+
+ NAME Type OID
+ ------------------------------------------------------------------
+ bitStringMatch M 2.5.13.16
+ booleanMatch M 2.5.13.13
+ caseExactIA5Match M 1.3.6.1.4.1.1466.109.114.1
+ caseExactMatch M 2.5.13.5
+ caseExactOrderingMatch M 2.5.13.6
+ caseExactSubstringsMatch M 2.5.13.7
+ caseIgnoreIA5Match M 1.3.6.1.4.1.1466.109.114.2
+ caseIgnoreListMatch M 2.5.13.11
+ caseIgnoreListSubstringsMatch M 2.5.13.12
+ caseIgnoreMatch M 2.5.13.2
+ caseIgnoreOrderingMatch M 2.5.13.3
+ caseIgnoreSubstringsMatch M 2.5.13.4
+ directoryStringFirstComponentMatch M 2.5.13.31
+ distinguishedNameMatch M 2.5.13.1
+ generalizedTimeMatch M 2.5.13.27
+ generalizedTimeOrderingMatch M 2.5.13.28
+ integerFirstComponentMatch M 2.5.13.29
+ integerMatch M 2.5.13.14
+ integerOrderingMatch M 2.5.13.15
+ keywordMatch M 2.5.13.33
+ numericStringMatch M 2.5.13.8
+ numericStringOrderingMatch M 2.5.13.9
+ numericStringSubstringsMatch M 2.5.13.10
+ objectIdentifierFirstComponentMatch M 2.5.13.30
+ octetStringMatch M 2.5.13.17
+ octetStringOrderingMatch M 2.5.13.18
+ telephoneNumberMatch M 2.5.13.20
+ telephoneNumberSubstringsMatch M 2.5.13.21
+ uniqueMemberMatch M 2.5.13.23
+ wordMatch M 2.5.13.32
+
+ The descriptor for the object identifier 2.5.13.0 was incorrectly
+ registered as objectIdentifiersMatch (extraneous `s') in BCP 64.
+ It should be changed to the following with a reference to
+ RFC XXXX.
+
+ NAME Type OID
+ ------------------------------------------------------------------
+ objectIdentifierMatch M 2.5.13.0
+
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): caseIgnoreIA5SubstringsMatch
+
+
+
+Legg Expires 23 December 2005 [Page 46]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ Object Identifier: 1.3.6.1.4.1.1466.109.114.3
+ Person & email address to contact for further information:
+ Steven Legg <steven.legg at eb2bcom.com>
+ Usage: other (M)
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+Appendix A. Summary of Syntax Object Identifiers
+
+ The following list summarizes the object identifiers assigned to the
+ syntaxes defined in this document.
+
+ Syntax OBJECT IDENTIFIER
+ ==============================================================
+ Attribute Type Description 1.3.6.1.4.1.1466.115.121.1.3
+ Bit String 1.3.6.1.4.1.1466.115.121.1.6
+ Boolean 1.3.6.1.4.1.1466.115.121.1.7
+ Country String 1.3.6.1.4.1.1466.115.121.1.11
+ Delivery Method 1.3.6.1.4.1.1466.115.121.1.14
+ Directory String 1.3.6.1.4.1.1466.115.121.1.15
+ DIT Content Rule Description 1.3.6.1.4.1.1466.115.121.1.16
+ DIT Structure Rule Description 1.3.6.1.4.1.1466.115.121.1.17
+ DN 1.3.6.1.4.1.1466.115.121.1.12
+ Enhanced Guide 1.3.6.1.4.1.1466.115.121.1.21
+ Facsimile Telephone Number 1.3.6.1.4.1.1466.115.121.1.22
+ Fax 1.3.6.1.4.1.1466.115.121.1.23
+ Generalized Time 1.3.6.1.4.1.1466.115.121.1.24
+ Guide 1.3.6.1.4.1.1466.115.121.1.25
+ IA5 String 1.3.6.1.4.1.1466.115.121.1.26
+ Integer 1.3.6.1.4.1.1466.115.121.1.27
+ JPEG 1.3.6.1.4.1.1466.115.121.1.28
+ LDAP Syntax Description 1.3.6.1.4.1.1466.115.121.1.54
+ Matching Rule Description 1.3.6.1.4.1.1466.115.121.1.30
+ Matching Rule Use Description 1.3.6.1.4.1.1466.115.121.1.31
+ Name And Optional UID 1.3.6.1.4.1.1466.115.121.1.34
+ Name Form Description 1.3.6.1.4.1.1466.115.121.1.35
+ Numeric String 1.3.6.1.4.1.1466.115.121.1.36
+ Object Class Description 1.3.6.1.4.1.1466.115.121.1.37
+ Octet String 1.3.6.1.4.1.1466.115.121.1.40
+ OID 1.3.6.1.4.1.1466.115.121.1.38
+ Other Mailbox 1.3.6.1.4.1.1466.115.121.1.39
+ Postal Address 1.3.6.1.4.1.1466.115.121.1.41
+ Printable String 1.3.6.1.4.1.1466.115.121.1.44
+ Substring Assertion 1.3.6.1.4.1.1466.115.121.1.58
+ Telephone Number 1.3.6.1.4.1.1466.115.121.1.50
+ Teletex Terminal Identifier 1.3.6.1.4.1.1466.115.121.1.51
+ Telex Number 1.3.6.1.4.1.1466.115.121.1.52
+ UTC Time 1.3.6.1.4.1.1466.115.121.1.53
+
+
+
+Legg Expires 23 December 2005 [Page 47]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+Appendix B. Changes from RFC 2252
+
+ This annex lists the significant differences between this
+ specification and RFC 2252.
+
+ This annex is provided for informational purposes only. It is not a
+ normative part of this specification.
+
+ 1. The IESG Note has been removed.
+
+ 2. The major part of Sections 4, 5 and 7 has been moved to [MODELS]
+ and revised. Changes to the parts of these sections moved to
+ [MODELS] are detailed in [MODELS].
+
+ 3. BNF descriptions of syntax formats have been replaced by ABNF
+ [ABNF] specifications.
+
+ 4. The ambiguous statement in RFC 2252, Section 4.3 regarding the
+ use of a backslash quoting mechanism to escape separator symbols
+ has been removed. The escaping mechanism is now explicitly
+ represented in the ABNF for the syntaxes where this provision
+ applies.
+
+ 5. The description of each of the LDAP syntaxes has been expanded so
+ that they are less dependent on knowledge of X.500 for
+ interpretation.
+
+ 6. The relationship of LDAP syntaxes to corresponding ASN.1 type
+ definitions has been made explicit.
+
+ 7. The set of characters allowed in a <PrintableString> (formerly
+ <printablestring>) has been corrected to align with the
+ PrintableString ASN.1 type in [ASN.1]. Specifically, the double
+ quote character has been removed and the single quote character
+ and equals sign have been added.
+
+ 8. Values of the Directory String, Printable String and Telephone
+ Number syntaxes are now required to have at least one character.
+
+ 9. The <DITContentRuleDescription>, <NameFormDescription> and
+ <DITStructureRuleDescription> rules have been moved to [MODELS].
+
+ 10. The corresponding ASN.1 type for the Other Mailbox syntax has
+ been incorporated from RFC 1274.
+
+ 11. A corresponding ASN.1 type for the LDAP Syntax Description syntax
+ has been invented.
+
+
+
+
+Legg Expires 23 December 2005 [Page 48]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ 12. The Binary syntax has been removed because it was not adequately
+ specified, implementations with different incompatible
+ interpretations exist, and it was confused with the ;binary
+ transfer encoding.
+
+ 13. All discussion of transfer options, including the ";binary"
+ option, has been removed. All imperatives regarding binary
+ transfer of values have been removed.
+
+ 14. The Delivery Method, Enhanced Guide, Guide, Octet String, Teletex
+ Terminal Identifier and Telex Number syntaxes from RFC 2256 have
+ been incorporated.
+
+ 15. The <criteria> rule for the Enhanced Guide and Guide syntaxes has
+ been extended to accommodate empty "and" and "or" expressions.
+
+ 16. An encoding for the <ttx-value> rule in the Teletex Terminal
+ Identifier syntax has been defined.
+
+ 17. The PKI-related syntaxes (Certificate, Certificate List and
+ Certificate Pair) have been removed. They are reintroduced in
+ [LDAP-PKI] (as is the Supported Algorithm syntax from RFC 2256).
+
+ 18. The MHS OR Address syntax has been removed since its
+ specification (in RFC 2156) is not at draft standard maturity.
+
+ 19. The DL Submit Permission syntax has been removed as it depends on
+ the MHS OR Address syntax.
+
+ 20. The Presentation Address syntax has been removed since its
+ specification (in RFC 1278) is not at draft standard maturity.
+
+ 21. The ACI Item, Access Point, Audio, Data Quality, DSA Quality, DSE
+ Type, LDAP Schema Description, Master And Shadow Access Points,
+ Modify Rights, Protocol Information, Subtree Specification,
+ Supplier Information, Supplier Or Consumer and Supplier And
+ Consumer syntaxes have been removed. These syntaxes are
+ referenced in RFC 2252, but not defined.
+
+ 22. The LDAP Schema Definition syntax (defined in RFC 2927) and the
+ Mail Preference syntax have been removed on the grounds that they
+ are out of scope for the core specification.
+
+ 23. The description of each of the matching rules has been expanded
+ so that they are less dependent on knowledge of X.500 for
+ interpretation.
+
+ 24. The caseIgnoreIA5SubstringsMatch matching rule from RFC 2798 has
+
+
+
+Legg Expires 23 December 2005 [Page 49]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ been added.
+
+ 25. The caseIgnoreListSubstringsMatch, caseIgnoreOrderingMatch and
+ caseIgnoreSubstringsMatch matching rules have been added to the
+ list of matching rules for which the provisions for handling
+ leading, trailing and multiple adjoining whitespace characters
+ apply (now through string preparation). This is consistent with
+ the definitions of these matching rules in X.500. The
+ caseIgnoreIA5SubstringsMatch rule has also been added to the
+ list.
+
+ 26. The specification of the octetStringMatch matching rule from
+ RFC 2256 has been added to this document.
+
+ 27. The presentationAddressMatch matching rule has been removed as it
+ depends on an assertion syntax (Presentation Address) that is not
+ at draft standard maturity.
+
+ 28. The protocolInformationMatch matching rule has been removed as it
+ depends on an undefined assertion syntax (Protocol Information).
+
+ 29. The definitive reference for ASN.1 has been changed from X.208 to
+ X.680 since X.680 is the version of ASN.1 referred to by X.500.
+
+ 30. The specification of the caseIgnoreListSubstringsMatch matching
+ rule from RFC 2798 & X.520 has been added.
+
+ 31. String preparation algorithms have been applied to the character
+ string matching rules.
+
+ 32. The specifications of the booleanMatch, caseExactMatch,
+ caseExactOrderingMatch, caseExactSubstringsMatch,
+ directoryStringFirstComponentMatch, integerOrderingMatch,
+ keywordMatch, numericStringOrderingMatch,
+ octetStringOrderingMatch and wordMatch matching rules from
+ RFC 3698 & X.520 have been added.
+
+Normative References
+
+ [KEYWORD] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [UTF8] Yergeau, F., "UTF-8, a transformation format of ISO
+ 10646", RFC 3629, November 2003.
+
+ [BCP64] Zeilenga, K., "Internet Assigned Numbers Authority (IANA)
+ Considerations for the Lightweight Directory Access
+ Protocol (LDAP)", BCP 64, RFC 3383, September 2002.
+
+
+
+Legg Expires 23 December 2005 [Page 50]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ [ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax
+ Specifications: ABNF", draft-crocker-abnf-rfc2234bis-
+ xx.txt, a work in progress, March 2005.
+
+ [ROADMAP] Zeilenga, K., "Lightweight Directory Access Protocol
+ (LDAP): Technical Specification Road Map", draft-ietf-
+ ldapbis-roadmap-xx.txt, a work in progress, February 2005.
+
+ [MODELS] Zeilenga, K., "LDAP: Directory Information Models", draft-
+ ietf-ldapbis-models-xx.txt, a work in progress, February
+ 2005.
+
+ [PROT] Sermersheim, J., "LDAP: The Protocol", draft-ietf-ldapbis-
+ protocol-xx.txt, a work in progress, May 2005.
+
+ [LDAPDN] Zeilenga, K., "LDAP: String Representation of
+ Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a work
+ in progress, February 2005.
+
+ [PREP] Zeilenga, K., "LDAP: Internationalized String
+ Preparation", draft-ietf-ldapbis-strprep-xx.txt, a work in
+ progress, February 2005.
+
+ [E.123] Notation for national and international telephone numbers,
+ ITU-T Recommendation E.123, 1988.
+
+ [FAX] Standardization of Group 3 facsimile apparatus for
+ document transmission - Terminal Equipment and Protocols
+ for Telematic Services, ITU-T Recommendation T.4, 1993
+
+ [T.50] International Reference Alphabet (IRA) (Formerly
+ International Alphabet No. 5 or IA5) Information
+ Technology - 7-Bit Coded Character Set for Information
+ Interchange, ITU-T Recommendation T.50, 1992
+
+ [X.420] ITU-T Recommendation X.420 (1996) | ISO/IEC 10021-7:1997,
+ Information Technology - Message Handling Systems (MHS):
+ Interpersonal messaging system
+
+ [X.501] ITU-T Recommendation X.501 (1993) | ISO/IEC 9594-2:1994,
+ Information Technology - Open Systems Interconnection -
+ The Directory: Models
+
+ [X.520] ITU-T Recommendation X.520 (1993) | ISO/IEC 9594-6:1994,
+ Information Technology - Open Systems Interconnection -
+ The Directory: Selected attribute types
+
+ [ASN.1] ITU-T Recommendation X.680 (07/02) | ISO/IEC 8824-1:2002,
+
+
+
+Legg Expires 23 December 2005 [Page 51]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ Information technology - Abstract Syntax Notation One
+ (ASN.1): Specification of basic notation
+
+ [ISO3166] ISO 3166, "Codes for the representation of names of
+ countries".
+
+ [ISO8601] ISO 8601:2004, "Data elements and interchange formats --
+ Information interchange -- Representation of dates and
+ times".
+
+ [UCS] Universal Multiple-Octet Coded Character Set (UCS) -
+ Architecture and Basic Multilingual Plane, ISO/IEC
+ 10646-1: 1993 (with amendments).
+
+ [JPEG] JPEG File Interchange Format (Version 1.02). Eric
+ Hamilton, C-Cube Microsystems, Milpitas, CA, September 1,
+ 1992.
+
+Informative References
+
+ [RFC2252] Wahl, M., Coulbeck, A., Howes, T. and S. Kille,
+ "Lightweight Directory Access Protocol (v3): Attribute
+ Syntax Definitions", RFC 2252, December 1997.
+
+ [RFC2256] Wahl, M., "A Summary of the X.500(96) User Schema for use
+ with LDAPv3", RFC 2256, December 1997.
+
+ [RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access
+ Protocol (v3): Technical Specification", RFC 3377,
+ September 2002.
+
+ [RFC3698] Zeilenga, K., "Lightweight Directory Access Protocol
+ (LDAP): Additional Matching Rules", RFC 3698, February
+ 2004.
+
+ [SCHEMA] Sciberras, A., "LDAP: Schema for User Applications",
+ draft-ietf-ldapbis-user-schema-xx.txt, a work in progress,
+ April 2005.
+
+ [LDAP-PKI] Zeilenga, K. D., "Lightweight Directory Access Protocol
+ (LDAP) schema definitions for X.509 Certificates", draft-
+ zeilenga-ldap-x509-xx.txt, a work in progress, February
+ 2005.
+
+ [X.500] ITU-T Recommendation X.500 (1993) | ISO/IEC 9594-1:1994,
+ Information Technology - Open Systems Interconnection -
+ The Directory: Overview of concepts, models and services
+
+
+
+
+Legg Expires 23 December 2005 [Page 52]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ [BER] ITU-T Recommendation X.690 (07/02) | ISO/IEC 8825-1:2002,
+ Information technology - ASN.1 encoding rules:
+ Specification of Basic Encoding Rules (BER), Canonical
+ Encoding Rules (CER) and Distinguished Encoding Rules
+ (DER)
+
+Author's Address
+
+ Steven Legg
+ eB2Bcom
+ Suite3, Woodhouse Corporate Centre
+ 935 Station Street
+ Box Hill North, Victoria 3129
+ AUSTRALIA
+
+ Phone: +61 3 9896 7830
+ Fax: +61 3 9896 7801
+ EMail: steven.legg at eb2bcom.com
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2005).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+
+
+
+Legg Expires 23 December 2005 [Page 53]
+�
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Legg Expires 23 December 2005 [Page 54]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-url-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-url-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-url-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,841 @@
+
+
+
+Network Working Group Mark Smith, Editor
+Request for Comments: DRAFT Pearl Crescent, LLC
+Obsoletes: RFC 2255 Tim Howes
+Expires: 4 July 2005 Opsware, Inc.
+
+ 4 January 2005
+
+
+ LDAP: Uniform Resource Locator
+ <draft-ietf-ldapbis-url-09.txt>
+
+
+
+Status of this Memo
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she become
+ aware will be disclosed, in accordance with RFC 3668.
+
+ This document is intended to be published as a Standards Track RFC,
+ replacing RFC 2255. Distribution of this memo is unlimited.
+ Technical discussion of this document will take place on the IETF
+ LDAP (v3) Revision (ldapbis) Working Group mailing list
+ <ietf-ldapbis at openldap.org>. Please send editorial comments directly
+ to the editor <mcs at pearlcrescent.com>.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as
+ Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than a "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+ Copyright (C) The Internet Society (2004). All Rights Reserved.
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 1]
+�
+INTERNET-DRAFT LDAP: Uniform Resource Locator 4 January 2005
+
+
+Abstract
+
+ This document describes a format for a Lightweight Directory Access
+ Protocol (LDAP) Uniform Resource Locator (URL). An LDAP URL
+ describes an LDAP search operation that is used to retrieve
+ information from an LDAP directory, or, in the context of an LDAP
+ referral or reference, an LDAP URL describes a service where an LDAP
+ operation may be progressed.
+
+Table of Contents
+
+ Status of this Memo............................................1
+ Abstract.......................................................2
+ Table of Contents..............................................2
+1. Introduction...................................................2
+2. URL Definition.................................................3
+2.1. Percent-Encoding............................................5
+3. Defaults for Fields of the LDAP URL............................5
+4. Examples.......................................................6
+5. Security Considerations........................................8
+6. IANA Considerations............................................9
+7. Normative References...........................................9
+8. Informative References.........................................10
+9. Acknowledgements...............................................10
+10. Authors' Addresses.............................................11
+11. Appendix A: Changes Since RFC 2255.............................11
+11.1. Technical Changes...........................................11
+11.2. Editorial Changes...........................................12
+12. Appendix B: Changes Since Previous Document Revision...........14
+12.1. Technical Changes...........................................14
+12.2. Editorial Changes...........................................14
+ Intellectual Property Rights...................................14
+ Full Copyright.................................................15
+
+1. Introduction
+
+ LDAP is the Lightweight Directory Access Protocol [Roadmap]. This
+ document specifies the LDAP URL format for version 3 of LDAP and
+ clarifies how LDAP URLs are resolved. This document also defines an
+ extension mechanism for LDAP URLs. This mechanism may be used to
+ provide access to new LDAP extensions.
+
+ Note that not all of the parameters of the LDAP search operation
+ described in [Protocol] can be expressed using the format defined in
+ this document. Note also that URLs may be used to represent reference
+ knowledge, including for non-search operations.
+
+
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 2]
+�
+INTERNET-DRAFT LDAP: Uniform Resource Locator 4 January 2005
+
+
+ This document is a integral part of the LDAP technical specification
+ [Roadmap] which obsoletes the previously defined LDAP technical
+ specification, RFC 3377, in its entirety.
+
+ This document replaces RFC 2255. See Appendix A for a list of changes
+ relative to RFC 2255.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+2. URL Definition
+
+ An LDAP URL begins with the protocol prefix "ldap" and is defined by
+ the following grammar, following the ABNF notation defined in
+ [RFC2234].
+
+ ldapurl = scheme COLON SLASH SLASH [host [COLON port]]
+ [SLASH dn [QUESTION [attributes]
+ [QUESTION [scope] [QUESTION [filter]
+ [QUESTION extensions]]]]]
+ ; <host> and <port> are defined
+ ; in Sections 3.2.2 and 3.2.3
+ ; of [RFC2396bis].
+ ; <filter> is from Section 3 of
+ ; [Filters], subject to the
+ ; provisions of the
+ ; "Percent-Encoding" section
+ ; below.
+
+ scheme = "ldap"
+
+ dn = distinguishedName ; From Section 3 of [LDAPDN],
+ ; subject to the provisions of
+ ; the "Percent-Encoding"
+ ; section below.
+
+ attributes = attrdesc *(COMMA attrdesc)
+ attrdesc = selector *(COMMA selector)
+ selector = attributeSelector ; From Section 4.5.1 of
+ ; [Protocol], subject to the
+ ; provisions of the
+ ; "Percent-Encoding" section
+ ; below.
+
+ scope = "base" / "one" / "sub"
+ extensions = extension *(COMMA extension)
+ extension = [EXCLAMATION] extype [EQUALS exvalue]
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 3]
+�
+INTERNET-DRAFT LDAP: Uniform Resource Locator 4 January 2005
+
+
+ extype = oid ; From section 1.4 of [Models].
+
+ exvalue = LDAPString ; From section 4.1.2 of
+ ; [Protocol], subject to the
+ ; provisions of the
+ ; "Percent-Encoding" section
+ ; below.
+
+ EXCLAMATION = %x21 ; exclamation mark ("!")
+ SLASH = %x2F ; forward slash ("/")
+ COLON = %x3A ; colon (":")
+ QUESTION = %x3F ; question mark ("?")
+
+
+ The "ldap" prefix indicates an entry or entries accessible from the
+ LDAP server running on the given hostname at the given portnumber.
+ Note that the <host> may contain literal IPv6 addresses as specified
+ in Section 3.2.2 of [RFC2396bis].
+
+ The <dn> is an LDAP Distinguished Name using the string format
+ described in [LDAPDN]. It identifies the base object of the LDAP
+ search or the target of a non-search operation.
+
+ The <attributes> construct is used to indicate which attributes
+ should be returned from the entry or entries.
+
+ The <scope> construct is used to specify the scope of the search to
+ perform in the given LDAP server. The allowable scopes are "base"
+ for a base object search, "one" for a one-level search, or "sub" for
+ a subtree search.
+
+ The <filter> is used to specify the search filter to apply to entries
+ within the specified scope during the search. It has the format
+ specified in [Filters].
+
+ The <extensions> construct provides the LDAP URL with an
+ extensibility mechanism, allowing the capabilities of the URL to be
+ extended in the future. Extensions are a simple comma-separated list
+ of type=value pairs, where the =value portion MAY be omitted for
+ options not requiring it. Each type=value pair is a separate
+ extension. These LDAP URL extensions are not necessarily related to
+ any of the LDAP extension mechanisms. Extensions may be supported or
+ unsupported by the client resolving the URL. An extension prefixed
+ with a '!' character (ASCII 0x21) is critical. An extension not
+ prefixed with a '!' character is non-critical.
+
+ If an LDAP URL extension is implemented (that is, if the
+ implementation understands it and is able to use it), the
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 4]
+�
+INTERNET-DRAFT LDAP: Uniform Resource Locator 4 January 2005
+
+
+ implementation MUST make use of it. If an extension is not
+ implemented and is marked critical, the implementation MUST NOT
+ process the URL. If an extension is not implemented and it not
+ marked critical, the implementation MUST ignore the extension.
+
+ The extension type (<extype>) MAY be specified using the numeric OID
+ <numericoid> form (e.g., 1.2.3.4) or the descriptor <descr> form
+ (e.g., myLDAPURLExtension). Use of the <descr> form SHOULD be
+ restricted to registered object identifier descriptive names. See
+ [LDAPIANA] for registration details and usage guidelines for
+ descriptive names.
+
+ No LDAP URL extensions are defined in this document. Other documents
+ or a future version of this document MAY define one or more
+ extensions.
+
+2.1. Percent-Encoding
+
+ A generated LDAP URL MUST consist only of the restricted set of
+ characters included in one of the following three productions defined
+ in [RFC2396bis]:
+
+ <reserved>
+ <unreserved>
+ <pct-encoded>
+
+ Implementations SHOULD accept other valid UTF-8 strings [RFC3629] as
+ input. An octet MUST be encoded using the percent-encoding mechanism
+ described in section 2.1 of [RFC2396bis] in any of these situations:
+
+ The octet is not in the reserved set defined in section 2.2 of
+ [RFC2396bis] or in the unreserved set defined in section 2.3 of
+ [RFC2396bis].
+
+ It is the single Reserved character '?' and occurs inside a <dn>,
+ <filter>, or other element of an LDAP URL.
+
+ It is a comma character ',' that occurs inside an <exvalue>.
+
+ Note that before the percent-encoding mechanism is applied, the
+ extensions component of the LDAP URL may contain one or more null
+ (zero) bytes. No other component may.
+
+3. Defaults for Fields of the LDAP URL
+
+ Some fields of the LDAP URL are optional, as described above. In the
+ absence of any other specification, the following general defaults
+ SHOULD be used when a field is absent. Note that other documents MAY
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 5]
+�
+INTERNET-DRAFT LDAP: Uniform Resource Locator 4 January 2005
+
+
+ specify different defaulting rules; for example, section 4.1.10 of
+ [Protocol] specifies a different rule for determining the correct DN
+ to use when it is absent in an LDAP URL that is returned as a
+ referral.
+
+ <host>
+ If no <host> is given, the client must have some apriori knowledge
+ of an appropriate LDAP server to contact.
+
+ <port>
+ The default LDAP port is TCP port 389.
+
+ <dn>
+ If no <dn> is given, the default is the zero-length DN, "".
+
+ <attributes>
+ If the <attributes> part is omitted, all user attributes of the
+ entry or entries should be requested (e.g., by setting the
+ attributes field AttributeDescriptionList in the LDAP search
+ request to a NULL list, or by using the special <alluserattrs>
+ selector "*").
+
+ <scope>
+ If <scope> is omitted, a <scope> of "base" is assumed.
+
+ <filter>
+ If <filter> is omitted, a filter of "(objectClass=*)" is assumed.
+
+ <extensions>
+ If <extensions> is omitted, no extensions are assumed.
+
+
+4. Examples
+
+ The following are some example LDAP URLs using the format defined
+ above. The first example is an LDAP URL referring to the University
+ of Michigan entry, available from an LDAP server of the client's
+ choosing:
+
+ ldap:///o=University%20of%20Michigan,c=US
+
+ The next example is an LDAP URL referring to the University of
+ Michigan entry in a particular ldap server:
+
+ ldap://ldap1.example.net/o=University%20of%20Michigan,c=US
+
+ Both of these URLs correspond to a base object search of the
+ "o=University of Michigan,c=US" entry using a filter of
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 6]
+�
+INTERNET-DRAFT LDAP: Uniform Resource Locator 4 January 2005
+
+
+ "(objectclass=*)", requesting all attributes.
+
+ The next example is an LDAP URL referring to only the postalAddress
+ attribute of the University of Michigan entry:
+
+ ldap://ldap1.example.net/o=University%20of%20Michigan,
+ c=US?postalAddress
+
+ The corresponding LDAP search operation is the same as in the
+ previous example, except that only the postalAddress attribute is
+ requested.
+
+ The next example is an LDAP URL referring to the set of entries found
+ by querying the given LDAP server on port 6666 and doing a subtree
+ search of the University of Michigan for any entry with a common name
+ of "Babs Jensen", retrieving all attributes:
+
+ ldap://ldap1.example.net:6666/o=University%20of%20Michigan,
+ c=US??sub?(cn=Babs%20Jensen)
+
+ The next example is an LDAP URL referring to all children of the c=GB
+ entry:
+
+ LDAP://ldap1.example.com/c=GB?objectClass?ONE
+
+ The objectClass attribute is requested to be returned along with the
+ entries, and the default filter of "(objectclass=*)" is used.
+
+ The next example is an LDAP URL to retrieve the mail attribute for
+ the LDAP entry named "o=Question?,c=US" is given below, illustrating
+ the use of the percent-encoding mechanism on the reserved character
+ '?'.
+
+ ldap://ldap2.example.com/o=Question%3f,c=US?mail
+
+ The next example (which is broken into two lines for readability)
+ illustrates the interaction between the LDAP string representation of
+ filters quoting mechanism and URL quoting mechanisms.
+
+ ldap://ldap3.example.com/o=Babsco,c=US
+ ???(four-octet=%5c00%5c00%5c00%5c04)
+
+ The filter in this example uses the LDAP escaping mechanism of \ to
+ encode three zero or null bytes in the value. In LDAP, the filter
+ would be written as (four-octet=\00\00\00\04). Because the \
+ character must be escaped in a URL, the \'s are percent-encoded as
+ %5c (or %5C) in the URL encoding.
+
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 7]
+�
+INTERNET-DRAFT LDAP: Uniform Resource Locator 4 January 2005
+
+
+ The next example illustrates the interaction between the LDAP string
+ representation of DNs quoting mechanism and URL quoting mechanisms.
+
+ ldap://ldap.example.com/o=An%20Example%5C2C%20Inc.,c=US
+
+ The DN encoded in the above URL is:
+
+ o=An Example\2C Inc.,c=US
+
+ That is, the left-most RDN value is:
+
+ An Example, Inc.
+
+ The following three URLs that are equivalent, assuming that the
+ defaulting rules specified in section 4 of this document are used:
+
+ ldap://ldap.example.net
+ ldap://ldap.example.net/
+ ldap://ldap.example.net/?
+
+ These three URLs all point to the root DSE on the ldap.example.net
+ server.
+
+The final two examples show use of a hypothetical, experimental bind
+name extension (the value associated with the extension is an LDAP DN).
+
+ ldap:///??sub??e-bindname=cn=Manager%2cdc=example%2cdc=com
+ ldap:///??sub??!e-bindname=cn=Manager%2cdc=example%2cdc=com
+
+ The two URLs are the same, except that the second one marks the
+ e-bindname extension as critical. Notice the use of the
+ percent-encoding mechanism to encode the commas within the
+ distinguished name value in the e-bindname extension.
+
+
+5. Security Considerations
+
+ General URL security considerations discussed in [RFC2396bis] are
+ relevant for LDAP URLs.
+
+ The use of security mechanisms when processing LDAP URLs requires
+ particular care, since clients may encounter many different servers
+ via URLs, and since URLs are likely to be processed automatically,
+ without user intervention. A client SHOULD have a user-configurable
+ policy that controls which servers the client will establish LDAP
+ sessions with using which security mechanisms, and SHOULD NOT
+ establish LDAP sessions that are inconsistent with this policy. If a
+ client chooses to reuse an existing LDAP session when resolving one
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 8]
+�
+INTERNET-DRAFT LDAP: Uniform Resource Locator 4 January 2005
+
+
+ or more LDAP URLs, it MUST ensure that the session is compatible with
+ the URL and that no security policies are violated.
+
+ Sending authentication information, no matter the mechanism, may
+ violate a user's privacy requirements. In the absence of specific
+ policy permitting authentication information to be sent to a server,
+ a client should use an anonymous LDAP session. (Note that clients
+ conforming to previous LDAP URL specifications, where all LDAP
+ sessions are anonymous and unprotected, are consistent with this
+ specification; they simply have the default security policy.) Simply
+ opening a transport connection to another server may violate some
+ users' privacy requirements, so clients should provide the user with
+ a way to control URL processing.
+
+ Some authentication methods, in particular reusable passwords sent to
+ the server, may reveal easily-abused information to the remote server
+ or to eavesdroppers in transit, and should not be used in URL
+ processing unless explicitly permitted by policy. Confirmation by
+ the human user of the use of authentication information is
+ appropriate in many circumstances. Use of strong authentication
+ methods that do not reveal sensitive information is much preferred.
+ If the URL represents a referral for an update operation, strong
+ authentication methods SHOULD be used. Please refer to the Security
+ Considerations section of [AuthMeth] for more information.
+
+ The LDAP URL format allows the specification of an arbitrary LDAP
+ search operation to be performed when evaluating the LDAP URL.
+ Following an LDAP URL may cause unexpected results, for example, the
+ retrieval of large amounts of data, the initiation of a long-lived
+ search, etc. The security implications of resolving an LDAP URL are
+ the same as those of resolving an LDAP search query.
+
+6. IANA Considerations
+
+ This document has no actions for IANA.
+
+7. Normative References
+
+[AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods",
+ draft-ietf-ldapbis-authmeth-xx.txt, a work in progress. a
+ work in progress.
+
+[LDAPDN] Zeilenga, K. (editor), "LDAP: String Representation of
+ Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a work
+ in progress.
+
+[Filters] Smith, M. and Howes, T., "LDAP: String Representation of
+ Search Filters", draft-ietf-ldapbis-filter-xx.txt, a work in
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 9]
+�
+INTERNET-DRAFT LDAP: Uniform Resource Locator 4 January 2005
+
+
+ progress.
+
+[RFC2119] Bradner, S., "Key Words for use in RFCs to Indicate
+ Requirement Levels," RFC 2119, BCP 14, March 1997.
+
+[Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+[RFC2234] Crocker, D., Overell, P., "Augmented BNF for Syntax
+ Specifications: ABNF", RFC 2234, November 1997.
+
+[RFC2396bis]
+ Berners-Lee, T., Fielding, R. and Masinter, L., "Uniform
+ Resource Identifiers (URI): Generic Syntax",
+ draft-fielding-uri-rfc2396bis-xx.txt, a work in progress.
+
+[Roadmap] K. Zeilenga (editor), "LDAP: Technical Specification Road
+ Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in progress.
+
+[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
+ RFC 3629, November 2003.
+
+8. Informative References
+
+[LDAPIANA] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress. None.
+
+9. Acknowledgements
+
+ The LDAP URL format was originally defined at the University of
+ Michigan. This material is based upon work supported by the National
+ Science Foundation under Grant No. NCR-9416667. The support of both
+ the University of Michigan and the National Science Foundation is
+ gratefully acknowledged.
+
+ This document is an update to RFC 2255 by Tim Howes and Mark Smith.
+ Changes included in this revised specification are based upon
+ discussions among the authors, discussions within the LDAP (v3)
+ Revision Working Group (ldapbis), and discussions within other IETF
+ Working Groups. The contributions of individuals in these working
+ groups is gratefully acknowledged. Several people in particular have
+ made valuable comments on this document; RL "Bob" Morgan, Mark Wahl,
+ Kurt Zeilenga, Jim Sermersheim, and Hallvard Furuseth deserve special
+ thanks for their contributions.
+
+
+
+
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 10]
+�
+INTERNET-DRAFT LDAP: Uniform Resource Locator 4 January 2005
+
+
+10. Authors' Addresses
+
+ Mark Smith, Editor
+ Pearl Crescent, LLC
+ 447 Marlpool Dr.
+ Saline, MI 48176
+ USA
+ +1 734 944-2856
+ mcs at pearlcrescent.com
+
+ Tim Howes
+ Opsware, Inc.
+ 599 N. Mathilda Ave.
+ Sunnyvale, CA 94085
+ USA
+ +1 408 744-7509
+ howes at opsware.com
+
+11. Appendix A: Changes Since RFC 2255
+
+11.1. Technical Changes
+
+ The following technical changes were made to the contents of the "URL
+ Definition" section:
+
+ Revised all of the ABNF to use common productions from [Models].
+
+ Replaced references to [RFC2396] with a reference to [RFC2396bis]
+ (this allows literal IPv6 addresses to be used inside the <host>
+ portion of the URL, and a note was added to remind the reader of this
+ enhancement). Referencing [RFC2396bis] required changes to the ABNF
+ and text so that productions that are no longer defined by
+ [RFC2396bis] are not used. For example, <hostport> is not defined by
+ [RFC2396bis] so it has been replaced with host [COLON port]. Note:
+ [RFC2396bis] includes new definitions for the "Reserved" and
+ "Unreserved" sets of characters, and the net result is that the
+ following two additional characters should be percent-encoded when
+ they appear anywhere in the data used to construct an LDAP URL: "["
+ and "]" (these two characters were first added to the Reserved set by
+ RFC 2732).
+
+ Changed the definition of <attrdesc> to refer to <attributeSelector>
+ from [Protocol]. This allows use of "*" in the <attrdesc> part of
+ the URL. It is believed that existing implementations of RFC 2255
+ already support this.
+
+ Avoided use of <prose-val> (bracketed-string) productions in the
+ <dn>, <host>, <attrdesc>, and <exvalue> rules.
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 11]
+�
+INTERNET-DRAFT LDAP: Uniform Resource Locator 4 January 2005
+
+
+ Changed the ABNF for <ldapurl> to group the <dn> component with the
+ preceding <SLASH>.
+
+ Changed the <extype> rule to be an <oid> from [Models].
+
+ Changed the text about extension types so it references [LDAPIANA].
+ Reordered rules to more closely follow the order the elements appear
+ in the URL.
+
+ "Bindname Extension": removed due to lack of known implementations.
+
+
+11.2. Editorial Changes
+
+ Changed document title to include "LDAP:" prefix.
+
+ IESG Note: removed note about lack of satisfactory mandatory
+ authentication mechanisms.
+
+ "Status of this Memo" section: updated boilerplate to match current
+ I-D guidelines.
+
+ "Abstract" section: separated from introductory material.
+
+ "Table of Contents" and "IANA Considerations" sections: added.
+
+ "Introduction" section: new section; separated from the Abstract.
+ Changed the text indicate that RFC 2255 is replaced by this document
+ (instead of RFC 1959). Added text to indicate that LDAP URLs are
+ used for references and referrals. Fixed typo (replaced the nonsense
+ phrase "to perform to retrieve" with "used to retrieve"). Added a
+ note to let the reader know that not all of the parameters of the
+ LDAP search operation described in [Protocol] can be expressed using
+ this format.
+
+ "URL Definition" section: removed second copy of <ldapurl> grammar
+ and following two paragraphs (editorial error in RFC 2255). Fixed
+ line break within '!' sequence. Reformatted the ABNF to improve
+ readability by aligning comments and adding some blank lines.
+ Replaced "residing in the LDAP server" with "accessible from the LDAP
+ server" in the sentence immediately following the ABNF. Removed the
+ sentence "Individual attrdesc names are as defined for
+ AttributeDescription in [Protocol]." because [Protocol]'s
+ <attributeSelector> is now used directly in the ABNF. Reworded last
+ paragraph to clarify which characters must be percent-encoded. Added
+ text to indicate that LDAP URLs are used for references and
+ referrals. Added text that refers to the ABNF from RFC 2234.
+ Clarified and strengthened the requirements with respect to
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 12]
+�
+INTERNET-DRAFT LDAP: Uniform Resource Locator 4 January 2005
+
+
+ processing of URLs that contain implements and not implemented
+ extensions (the approach now closely matches that specified in
+ [Protocol] for LDAP controls).
+
+ "Defaults for Fields of the LDAP URL" section: added; formed by
+ moving text about defaults out of the "URL Definition" section.
+ Replaced direct reference to the attribute name "*" with a reference
+ to the special <alluserattrs> selector "*" defined in [Protocol].
+
+ "URL Processing" section: removed.
+
+ "Examples" section: Modified examples to use example.com and
+ example.net hostnames. Added missing '?' to the LDAP URL example
+ whose filter contains three null bytes. Removed space after one
+ comma within a DN. Revised the bindname example to use e-bindname.
+ Changed the name of an attribute used in one example from "int" to
+ "four-octet" to avoid potential confusion. Added an example that
+ demonstrates the interaction between DN escaping and URL
+ percent-encoding. Added some examples to show URL equivalence with
+ respect to the <dn> portion of the URL. Used uppercase in some
+ examples to remind the reader that some tokens are case-insensitive.
+
+ "Security Considerations" section: Added a note about connection
+ reuse. Added a note about using strong authentication methods for
+ updates. Added a reference to [AuthMeth]. Added note that simply
+ opening a connection may violate some users' privacy requirements.
+ Adopted the working group's revised LDAP terminology specification by
+ replacing the word "connection" with "LDAP session" or "LDAP
+ connection" as appropriate.
+
+ "Acknowledgements" section: added statement about this being an
+ update to RFC 2255. Added Kurt Zeilenga, Jim Sermersheim, and
+ Hallvard Furuseth.
+
+ "Normative References" section: renamed from "References" per new RFC
+ guidelines. Changed from [1] style to [Protocol] style throughout the
+ document. Added references to RFC 2234 and RFC 3629. Updated all
+ RFC 1738 references to point to the appropriate sections within
+ [RFC2396bis]. Updated the LDAP references to refer to LDAPBis WG
+ documents. Removed the reference to the LDAP Attribute Syntaxes
+ document and added references to the [AuthMeth], [LDAPIANA], and
+ [Roadmap] documents.
+
+ "Informative References" section: added.
+
+ Header and "Authors' Addresses" sections: added "editor" next to Mark
+ Smith's name. Updated affiliation and contact information.
+
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 13]
+�
+INTERNET-DRAFT LDAP: Uniform Resource Locator 4 January 2005
+
+
+ Copyright: updated the year.
+
+ Throughout the document: surrounded the names of all ABNF productions
+ with "<" and ">" where they are used in descriptive text.
+
+
+
+12. Appendix B: Changes Since Previous Document Revision
+
+ This appendix lists all changes relative to the previously published
+ revision, draft-ietf-ldapbis-url-08.txt. Note that when appropriate
+ these changes are also included in Appendix A, but are also included
+ here for the benefit of the people who have already reviewed
+ draft-ietf-ldapbis-url-08.txt. This section will be removed before
+ this document is published as an RFC.
+
+12.1. Technical Changes
+
+ Throughout the document: Replaced references to [RFC2396] and
+ [RFC2732] with references to [RFC2396bis]. This required changes to
+ the ABNF and text so that productions that are no longer defined by
+ [RFC2396bis] are not used. For example, <hostport> is not defined by
+ [RFC2396bis] so it has been replaced with host [COLON port]. Note:
+ [RFC2396bis] includes new definitions for the "Reserved" and
+ "Unreserved" sets of characters, and the net result is that the
+ following two additional characters should be percent-encoded when
+ they appear anywhere in the data used to construct an LDAP URL: "["
+ and "]" (these two characters were first added to the Reserved set by
+ RFC 2732).
+
+12.2. Editorial Changes
+
+ Throughout the document: Replaced phrases like "Escaping using the %
+ method" with "Percent-encoding" to be consistent with the terminology
+ used in [RFC2396bis].
+
+ "URL Definition" section: For consistency, replaced all occurrences
+ of the phrase 'see the "Percent-Encoding" section below' with
+ 'subject to the provisions of the "Percent-Encoding" section below.'
+
+ Updated the copyright year to 2005.
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 14]
+�
+INTERNET-DRAFT LDAP: Uniform Resource Locator 4 January 2005
+
+
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2005). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+This Internet Draft expires on 4 July 2005.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Smith & Howes Intended Category: Standards Track [Page 15]
+�
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-user-schema-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-user-schema-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapbis-user-schema-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1963 @@
+
+
+
+
+
+
+INTERNET-DRAFT Editor: A. Sciberras
+Intended Category: Standard Track eB2Bcom
+Updates: RFC 2247, RFC 2798, RFC 2377 January 30, 2006
+Obsoletes: RFC 2256
+
+ LDAP: Schema for User Applications
+ draft-ietf-ldapbis-user-schema-11.txt
+
+ Copyright (C) The Internet Society (2006). All Rights Reserved.
+
+ Status of this Memo
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+ By submitting this Internet-Draft, I accept the provisions of Section
+ 3 of BCP 78.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as
+ Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress".
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor as a Standard Track document.
+ Distribution of this document is unlimited. Technical discussion of
+ this document should take place on the IETF LDAP Revision Working
+ Group (LDAPbis) mailing list <ietf-ldapbis at openldap.org>. Please
+ send editorial comments directly to the editor
+ <andrew.sciberras at eb2bcom.com>.
+
+ This Internet-Draft expires on 30 July 2006.
+
+
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 1]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+Abstract
+
+ This document is an integral part of the Lightweight Directory Access
+ Protocol (LDAP) technical specification [Roadmap]. It provides a
+ technical specification of attribute types and object classes
+ intended for use by LDAP directory clients for many directory
+ services, such as, White Pages. These objects are widely used as a
+ basis for the schema in many LDAP directories. This document does
+ not cover attributes used for the administration of directory
+ servers, nor does it include directory objects defined for specific
+ uses in other documents.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 2]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+Table of Contents
+
+ Status of this Memo . . . . . . . . . . . . . . . . . . . . . . . 1
+ Copyright Notice. . . . . . . . . . . . . . . . . . . . . . . . . 1
+ Abstract. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
+ Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 5
+ 1.1 Relationship with other specifications . . . . . . . . . 5
+ 1.2 Conventions. . . . . . . . . . . . . . . . . . . . . . . 5
+ 1.3 General Issues . . . . . . . . . . . . . . . . . . . . . 5
+
+ 2. Attribute Types . . . . . . . . . . . . . . . . . . . . . . . 6
+ 2.1 'businessCategory' . . . . . . . . . . . . . . . . . . . 6
+ 2.2 'c'. . . . . . . . . . . . . . . . . . . . . . . . . . . 6
+ 2.3 'cn' . . . . . . . . . . . . . . . . . . . . . . . . . . 7
+ 2.4 'dc' . . . . . . . . . . . . . . . . . . . . . . . . . . 7
+ 2.5 'description'. . . . . . . . . . . . . . . . . . . . . . 8
+ 2.6 'destinationIndicator' . . . . . . . . . . . . . . . . . 8
+ 2.7 'distinguishedName'. . . . . . . . . . . . . . . . . . . 8
+ 2.8 'dnQualifier'. . . . . . . . . . . . . . . . . . . . . . 9
+ 2.9 'enhancedSearchGuide'. . . . . . . . . . . . . . . . . . 9
+ 2.10 'facsimileTelephoneNumber' . . . . . . . . . . . . . . . 10
+ 2.11 'generationQualifier'. . . . . . . . . . . . . . . . . . 10
+ 2.12 'givenName'. . . . . . . . . . . . . . . . . . . . . . . 10
+ 2.13 'houseIdentifier'. . . . . . . . . . . . . . . . . . . . 11
+ 2.14 'initials' . . . . . . . . . . . . . . . . . . . . . . . 11
+ 2.15 'internationalISDNNumber'. . . . . . . . . . . . . . . . 11
+ 2.16 'l'. . . . . . . . . . . . . . . . . . . . . . . . . . . 12
+ 2.17 'member' . . . . . . . . . . . . . . . . . . . . . . . . 12
+ 2.18 'name' . . . . . . . . . . . . . . . . . . . . . . . . . 12
+ 2.19 'o'. . . . . . . . . . . . . . . . . . . . . . . . . . . 13
+ 2.20 'ou' . . . . . . . . . . . . . . . . . . . . . . . . . . 13
+ 2.21 'owner'. . . . . . . . . . . . . . . . . . . . . . . . . 13
+ 2.22 'physicalDeliveryOfficeName' . . . . . . . . . . . . . . 13
+ 2.23 'postalAddress'. . . . . . . . . . . . . . . . . . . . . 14
+ 2.24 'postalCode' . . . . . . . . . . . . . . . . . . . . . . 14
+ 2.25 'postOfficeBox'. . . . . . . . . . . . . . . . . . . . . 14
+ 2.26 'preferredDeliveryMethod'. . . . . . . . . . . . . . . . 15
+ 2.27 'registeredAddress'. . . . . . . . . . . . . . . . . . . 15
+ 2.28 'roleOccupant' . . . . . . . . . . . . . . . . . . . . . 16
+ 2.29 'searchGuide'. . . . . . . . . . . . . . . . . . . . . . 16
+ 2.30 'seeAlso'. . . . . . . . . . . . . . . . . . . . . . . . 16
+ 2.31 'serialNumber' . . . . . . . . . . . . . . . . . . . . . 17
+ 2.32 'sn' . . . . . . . . . . . . . . . . . . . . . . . . . . 17
+ 2.33 'st' . . . . . . . . . . . . . . . . . . . . . . . . . . 17
+ 2.34 'street' . . . . . . . . . . . . . . . . . . . . . . . . 18
+ 2.35 'telephoneNumber'. . . . . . . . . . . . . . . . . . . . 18
+ 2.36 'teletexTerminalIdentifier'. . . . . . . . . . . . . . . 18
+
+
+
+Sciberras Expires 30 July 2006 [Page 3]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ 2.37 'telexNumber'. . . . . . . . . . . . . . . . . . . . . . 19
+ 2.38 'title'. . . . . . . . . . . . . . . . . . . . . . . . . 19
+ 2.39 'uid'. . . . . . . . . . . . . . . . . . . . . . . . . . 19
+ 2.40 'uniqueMember' . . . . . . . . . . . . . . . . . . . . . 19
+ 2.41 'userPassword' . . . . . . . . . . . . . . . . . . . . . 20
+ 2.42 'x121Address'. . . . . . . . . . . . . . . . . . . . . . 21
+ 2.43 'x500UniqueIdentifier' . . . . . . . . . . . . . . . . . 21
+
+ 3. Object Classes. . . . . . . . . . . . . . . . . . . . . . . . 22
+ 3.1 'applicationProcess' . . . . . . . . . . . . . . . . . . 22
+ 3.2 'country'. . . . . . . . . . . . . . . . . . . . . . . . 22
+ 3.3 'dcObject' . . . . . . . . . . . . . . . . . . . . . . . 22
+ 3.4 'device' . . . . . . . . . . . . . . . . . . . . . . . . 23
+ 3.5 'groupOfNames' . . . . . . . . . . . . . . . . . . . . . 23
+ 3.6 'groupOfUniqueNames' . . . . . . . . . . . . . . . . . . 23
+ 3.7 'locality' . . . . . . . . . . . . . . . . . . . . . . . 24
+ 3.8 'organization' . . . . . . . . . . . . . . . . . . . . . 24
+ 3.9 'organizationalPerson' . . . . . . . . . . . . . . . . . 24
+ 3.10 'organizationalRole' . . . . . . . . . . . . . . . . . . 25
+ 3.11 'organizationalUnit' . . . . . . . . . . . . . . . . . . 25
+ 3.12 'person' . . . . . . . . . . . . . . . . . . . . . . . . 26
+ 3.13 'residentialPerson'. . . . . . . . . . . . . . . . . . . 26
+ 3.14 'uidObject'. . . . . . . . . . . . . . . . . . . . . . . 26
+
+ 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27
+
+ 5. Security Considerations . . . . . . . . . . . . . . . . . . . 28
+
+ 6. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . 29
+
+ 7. References. . . . . . . . . . . . . . . . . . . . . . . . . . 30
+ 7.1 Normative. . . . . . . . . . . . . . . . . . . . . . . . 30
+ 7.2 Informative. . . . . . . . . . . . . . . . . . . . . . . 31
+
+ 8. Author's Address. . . . . . . . . . . . . . . . . . . . . . . 31
+
+ 9. Intellectual Property Statement . . . . . . . . . . . . . . . 32
+
+ 10. Full Copyright Statement. . . . . . . . . . . . . . . . . . . 32
+
+
+
+
+
+
+
+
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 4]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+1. Introduction
+
+ This document provides an overview of attribute types and object
+ classes intended for use by Lightweight Directory Access Protocol
+ (LDAP) directory clients for many directory services, such as, White
+ Pages. Originally specified in the X.500 [X.500] documents, these
+ objects are widely used as a basis for the schema in many LDAP
+ directories. This document does not cover attributes used for the
+ administration of directory servers, nor does it include directory
+ objects defined for specific uses in other documents.
+
+1.1 Relationship with other specifications
+
+ This document is an integral part of the LDAP technical specification
+ [Roadmap] which obsoletes the previously defined LDAP technical
+ specification, RFC 3377, in its entirety. In terms of RFC 2256,
+ Sections 6 and 8 of RFC 2256 are obsoleted by [Syntaxes]. Sections
+ 5.1, 5.2, 7.1 and 7.2 of RFC 2256 are obsoleted by [Models]. The
+ remainder of RFC 2256 is obsoleted by this document. Section 2.4 of
+ this document supersedes the technical specification for the 'dc'
+ attribute type and 'dcObject' object class found in RFC 2247. The
+ remainder of RFC 2247 remains in force.
+
+ This document updates RFC 2798 by replacing the informative
+ description of the 'uid' attribute type, with the definitive
+ description provided in Section 2.39 of this document.
+
+ A number of schema elements which were included in the previous
+ revision of the LDAP Technical Specification are not included in this
+ revision of LDAP. PKI-related schema elements are now specified in
+ [LDAP-PKI]. Unless reintroduced in future technical specifications,
+ the remainder are to be considered Historic.
+
+ The descriptions in this document SHALL be considered definitive for
+ use in LDAP.
+
+1.2 Conventions
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in RFC 2119 [RFC2119].
+
+1.3 General Issues
+
+ This document references Syntaxes defined in Section 3 of [Syntaxes]
+ and Matching Rules defined in Section 4 of [Syntaxes].
+
+ The definitions of Attribute Types and Object Classes are written
+
+
+
+Sciberras Expires 30 July 2006 [Page 5]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ using the Augmented Backus-Naur Form (ABNF) [RFC4234] of
+ AttributeTypeDescription and ObjectClassDescription given in
+ [Models]. Lines have been folded for readability. When such values
+ are transferred as attribute values in the LDAP Protocol the values
+ will not contain line breaks.
+
+2. Attribute Types
+
+ The Attribute Types contained in this section hold user information.
+
+ There is no requirement that servers implement the 'searchGuide' and
+ 'teletexTerminalIdentifier' attribute types. In fact, their use is
+ greatly discouraged.
+
+ An LDAP server implementation SHOULD recognize the rest of the
+ attribute types described in this section.
+
+2.1 'businessCategory'
+
+ The 'businessCategory' attribute type describes the kinds of business
+ performed by an organization. Each kind is one value of this
+ multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.15 NAME 'businessCategory'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
+ [Syntaxes].
+
+ Examples: "banking", "transportation" and "real estate".
+
+2.2 'c'
+
+ The 'c' ('countryName' in X.500) attribute type contains a two-letter
+ ISO 3166 [ISO3166] country code.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.6 NAME 'c'
+ SUP name
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+ SINGLE-VALUE )
+
+ 1.3.6.1.4.1.1466.115.121.1.11 refers to the Country String syntax
+ [Syntaxes].
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 6]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ Examples: "DE", "AU" and "FR".
+
+2.3 'cn'
+
+ The 'cn' ('commonName' in X.500) attribute type contains names of an
+ object. Each name is one value of this multi-valued attribute. If
+ the object corresponds to a person, it is typically the person's full
+ name.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.3 NAME 'cn'
+ SUP name )
+
+ Examples: "Martin K Smith", "Marty Smith" and "printer12".
+
+2.4 'dc'
+
+ The 'dc' ('domainComponent' in RFC 2247) attribute type is a string
+ holding one component, a label, of a DNS domain name [RFC1034]. The
+ encoding of IA5String for use in LDAP is simply the characters of the
+ ASCII label. The equality matching rule is case insensitive, as is
+ today's DNS.
+ (Source: RFC 2247 [RFC2247])
+
+ ( 0.9.2342.19200300.100.1.25 NAME 'dc'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+ 1.3.6.1.4.1.1466.115.121.1.26 refers to the IA5 String syntax
+ [Syntaxes].
+
+ Examples: Valid values include "example" and "com". The value
+ "example.com" is invalid, because it contains two label
+ components.
+
+ Directory applications supporting International Domain Names SHALL
+ use the ToASCII method [RFC3490] to produce the domain name component
+ label. The special considerations discussed in section 4 of RFC 3490
+ [RFC3490] should be taken, depending on whether the domain component
+ is used for "stored" or "query" purposes.
+
+
+
+
+
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 7]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+2.5 'description'
+
+ The 'description' attribute type contains human-readable descriptive
+ phrases about the object. Each description is one value of this
+ multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.13 NAME 'description'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
+ [Syntaxes].
+
+ Examples: "a color printer", "Maintenance is done every Monday, at
+ 1pm." and "distribution list for all technical staff".
+
+2.6 'destinationIndicator'
+
+ The 'destinationIndicator' attribute type contains country and city
+ strings, associated with the object (the addressee), needed to
+ provide the Public Telegram Service. The strings are composed in
+ accordance with CCITT Recommendations F.1 [F.1] and F.31 [F.31].
+ Each string is one value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.27 NAME 'destinationIndicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+ 1.3.6.1.4.1.1466.115.121.1.44 refers to the Printable String syntax
+ [Syntaxes].
+
+ Examples: "AASD" as a destination indicator for Sydney, Australia.
+ "GBLD" as a destination indicator for London, United
+ Kingdom.
+
+ It is noted that the directory will not ensure that values of this
+ attribute conform to the F.1 and F.30 CCITT Recommendations. It is
+ the application's responsibility to ensure destination indicators
+ that it stores in this attribute are appropriately constructed.
+
+2.7 'distinguishedName'
+
+ The 'distinguishedName' attribute type is not used as the name of the
+ object itself, but it is instead a base type from which some user
+
+
+
+Sciberras Expires 30 July 2006 [Page 8]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ attribute types with a DN syntax can inherit.
+
+ It is unlikely that values of this type itself will occur in an
+ entry. LDAP server implementations which do not support attribute
+ subtyping need not recognize this attribute in requests. Client
+ implementations MUST NOT assume that LDAP servers are capable of
+ performing attribute subtyping.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.49 NAME 'distinguishedName'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+ 1.3.6.1.4.1.1466.115.121.1.12 refers to the DN syntax [Syntaxes].
+
+2.8 'dnQualifier'
+
+ The 'dnQualifier' attribute type contains disambiguating information
+ strings to add to the relative distinguished name of an entry. The
+ information is intended for use when merging data from multiple
+ sources in order to prevent conflicts between entries which would
+ otherwise have the same name. Each string is one value of this
+ multi-valued attribute. It is recommended that a value of the
+ 'dnQualifier' attribute be the same for all entries from a particular
+ source.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.46 NAME 'dnQualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+ 1.3.6.1.4.1.1466.115.121.1.44 refers to the Printable String syntax
+ [Syntaxes].
+
+ Examples: "20050322123345Z" - timestamps can be used to disambiguate
+ information.
+ "123456A" - serial numbers can be used to disambiguate
+ information.
+
+2.9 'enhancedSearchGuide'
+
+ The 'enhancedSearchGuide' attribute type contains sets of information
+ for use by directory clients in constructing search filters. Each
+ set is one value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 9]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+
+ 1.3.6.1.4.1.1466.115.121.1.21 refers to the Enhanced Guide syntax
+ [Syntaxes].
+
+ Examples: "person#(sn$APPROX)#wholeSubtree" and
+ "organizationalUnit#(ou$SUBSTR)#oneLevel".
+
+2.10 'facsimileTelephoneNumber'
+
+ The 'facsimileTelephoneNumber' attribute type contains telephone
+ numbers (and, optionally, the parameters) for facsimile terminals.
+ Each telephone number is one value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.23 NAME 'facsimileTelephoneNumber'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+
+ 1.3.6.1.4.1.1466.115.121.1.22 refers to the Facsimile Telephone
+ Number syntax [Syntaxes].
+
+ Examples: "+61 3 9896 7801" and "+81 3 347 7418$fineResolution".
+
+2.11 'generationQualifier'
+
+ The 'generationQualifier' attribute type contains name strings that
+ are the part of a person's name which typically is the suffix. Each
+ string is one value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.44 NAME 'generationQualifier'
+ SUP name )
+
+ Examples: "III", "3rd" and "Jr.".
+
+2.12 'givenName'
+
+ The 'givenName' attribute type contains name strings that are the
+ part of a person's name which is not their surname. Each string is
+ one value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.42 NAME 'givenName'
+ SUP name )
+
+ Examples: "Andrew", "Charles" and "Joanne".
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 10]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+2.13 'houseIdentifier'
+
+ The 'houseIdentifier' attribute type contains identifiers for a
+ building within a location. Each identifier is one value of this
+ multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.51 NAME 'houseIdentifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
+ [Syntaxes].
+
+ Examples: "20" to represent the house number 20.
+
+2.14 'initials'
+
+ The 'initials' attribute type contains strings of initials of some or
+ all of an individual's names, except the surname(s). Each string is
+ one value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.43 NAME 'initials'
+ SUP name )
+
+ Examples: "K. A." and "K".
+
+2.15 'internationalISDNNumber'
+
+ The 'internationalISDNNumber' attribute type contains Integrated
+ Services Digital Network (ISDN) addresses, as defined in the
+ International Telecommunication Union (ITU) Recommendation E.164
+ [E.164]. Each address is one value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.25 NAME 'internationalISDNNumber'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
+
+ 1.3.6.1.4.1.1466.115.121.1.36 refers to the Numeric String syntax
+ [Syntaxes].
+
+ Example: "0198 333 333".
+
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 11]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+2.16 'l'
+
+ The 'l' ('localityName' in X.500) attribute type contains names of a
+ locality or place, such as a city, county or other geographic region.
+ Each name is one value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.7 NAME 'l'
+ SUP name )
+
+ Examples: "Geneva", "Paris" and "Edinburgh".
+
+2.17 'member'
+
+ The 'member' attribute type contains the Distinguished Names of
+ objects that are on a list or in a group. Each name is one value of
+ this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.31 NAME 'member'
+ SUP distinguishedName )
+
+ Examples: "cn=James Clarke,ou=Finance,o=Widget\, Inc." and
+ "cn=John Xerri,ou=Finance,o=Widget\, Inc." may
+ be two members of the financial team (group) at Widget,
+ Inc. In which case, both of these distinguished names would
+ be present as individual values of the member attribute.
+
+2.18 'name'
+
+ The 'name' attribute type is the attribute supertype from which user
+ attribute types with the name syntax inherit. Such attribute types
+ are typically used for naming. The attribute type is multi-valued.
+
+ It is unlikely that values of this type itself will occur in an
+ entry. LDAP server implementations which do not support attribute
+ subtyping need not recognize this attribute in requests. Client
+ implementations MUST NOT assume that LDAP servers are capable of
+ performing attribute subtyping.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.41 NAME 'name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
+ [Syntaxes].
+
+
+
+Sciberras Expires 30 July 2006 [Page 12]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+2.19 'o'
+
+ The 'o' ('organizationName' in X.500) attribute type contains the
+ names of an organization. Each name is one value of this
+ multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.10 NAME 'o'
+ SUP name )
+
+ Examples: "Widget", "Widget, Inc." and "Widget, Incorporated.".
+
+2.20 'ou'
+
+ The 'ou' ('organizationalUnitName' in X.500) attribute type contains
+ the names of an organizational unit. Each name is one value of this
+ multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.11 NAME 'ou'
+ SUP name )
+
+ Examples: "Finance", "Human Resources" and "Research and
+ Development".
+
+2.21 'owner'
+
+ The 'owner' attribute type contains the Distinguished Names of
+ objects that have an ownership responsibility for the object that is
+ owned. Each owner's name is one value of this multi-valued
+ attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.32 NAME 'owner'
+ SUP distinguishedName )
+
+ Example: The mailing list object, whose DN is "cn=All Employees,
+ ou=Mailing List,o=Widget\, Inc.", is owned by the Human
+ Resources Director.
+ Therefore, the value of the 'owner' attribute within the
+ mailing list object, would be the DN of the director (role):
+ "cn=Human Resources Director,ou=employee,o=Widget\, Inc.".
+
+2.22 'physicalDeliveryOfficeName'
+
+ The 'physicalDeliveryOfficeName' attribute type contains names that a
+ Postal Service uses to identify a post office.
+ (Source: X.520 [X.520])
+
+
+
+Sciberras Expires 30 July 2006 [Page 13]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
+ [Syntaxes].
+
+ Examples: "Bremerhaven, Main" and "Bremerhaven, Bonnstrasse".
+
+2.23 'postalAddress'
+
+ The 'postalAddress' attribute type contains addresses used by a
+ Postal Service to perform services for the object. Each address is
+ one value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.16 NAME 'postalAddress'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+ 1.3.6.1.4.1.1466.115.121.1.41 refers to the Postal Address syntax
+ [Syntaxes].
+
+ Example: "15 Main St.$Ottawa$Canada".
+
+2.24 'postalCode'
+
+ The 'postalCode' attribute type contains codes used by a Postal
+ Service to identify postal service zones. Each code is one value of
+ this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.17 NAME 'postalCode'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
+ [Syntaxes].
+
+ Example: "22180", to identify Vienna, VA in the USA.
+
+2.25 'postOfficeBox'
+
+ The 'postOfficeBox' attribute type contains postal box identifiers
+ that a Postal Service uses when a customer arranges to receive mail
+
+
+
+Sciberras Expires 30 July 2006 [Page 14]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ at a box on premises of the Postal Service. Each postal box
+ identifier is a single value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.18 NAME 'postOfficeBox'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
+ [Syntaxes].
+
+ Example: "Box 45".
+
+2.26 'preferredDeliveryMethod'
+
+ The 'preferredDeliveryMethod' attribute type contains an indication
+ of the preferred method of getting a message to the object.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+
+ 1.3.6.1.4.1.1466.115.121.1.14 refers to the Delivery Method syntax
+ [Syntaxes].
+
+ Example: If the mhs-delivery Delivery Method is preferred over
+ telephone-delivery, which is preferred over all other
+ methods, the value would be: "mhs $ telephone".
+
+2.27 'registeredAddress'
+
+ The 'registeredAddress' attribute type contains postal addresses
+ suitable for reception of telegrams or expedited documents, where it
+ is necessary to have the recipient accept delivery. Each address is
+ one value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.26 NAME 'registeredAddress'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+ 1.3.6.1.4.1.1466.115.121.1.41 refers to the Postal Address syntax
+ [Syntaxes].
+
+ Example: "Receptionist$Widget, Inc.$15 Main St.$Ottawa$Canada".
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 15]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+2.28 'roleOccupant'
+
+ The 'roleOccupant' attribute type contains the Distinguished Names of
+ objects (normally people) that fulfill the responsibilities of a role
+ object. Each distinguished name is one value of this multi-valued
+ attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.33 NAME 'roleOccupant'
+ SUP distinguishedName )
+
+ Example: The role object, "cn=Human Resources
+ Director,ou=Position,o=Widget\, Inc.", is fulfilled by two
+ people whose object names are "cn=Mary
+ Smith,ou=employee,o=Widget\, Inc." and "cn=James
+ Brown,ou=employee,o=Widget\, Inc.". The 'roleOccupant'
+ attribute will contain both of these distinguished names,
+ since they are the occupants of this role.
+
+2.29 'searchGuide'
+
+ The 'searchGuide' attribute type contains sets of information for use
+ by clients in constructing search filters. It is superseded by
+ 'enhancedSearchGuide', described above in section 2.9. Each set is
+ one value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.14 NAME 'searchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+
+ 1.3.6.1.4.1.1466.115.121.1.25 refers to the Guide syntax [Syntaxes].
+
+ Example: "person#sn$EQ".
+
+2.30 'seeAlso'
+
+ The 'seeAlso' attribute type contains Distinguished Names of objects
+ that are related to the subject object. Each related object name is
+ one value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.34 NAME 'seeAlso'
+ SUP distinguishedName )
+
+ Example: The person object, "cn=James Brown,ou=employee,o=Widget\,
+ Inc." is related to the role objects, "cn=Football Team
+ Captain,ou=sponsored activities,o=Widget\, Inc." and
+ "cn=Chess Team,ou=sponsored activities,o=Widget\, Inc.".
+
+
+
+Sciberras Expires 30 July 2006 [Page 16]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ Since the role objects are related to the person object, the
+ 'seeAlso' attribute will contain the distinguished name of
+ each role object as separate values.
+
+2.31 'serialNumber'
+
+ The 'serialNumber' attribute type contains the serial numbers of
+ devices. Each serial number is one value of this multi-valued
+ attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.5 NAME 'serialNumber'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+ 1.3.6.1.4.1.1466.115.121.1.44 refers to the Printable String syntax
+ [Syntaxes].
+
+ Examples: "WI-3005" and "XF551426".
+
+2.32 'sn'
+
+ The 'sn' ('surname' in X.500) attribute type contains name strings
+ for the family names of a person. Each string is one value of this
+ multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.4 NAME 'sn'
+ SUP name )
+
+ Example: "Smith".
+
+2.33 'st'
+
+ The 'st' ('stateOrProvinceName' in X.500) attribute type contains the
+ full names of states or provinces. Each name is one value of this
+ multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.8 NAME 'st'
+ SUP name )
+
+ Example: "California".
+
+
+
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 17]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+2.34 'street'
+
+ The 'street' ('streetAddress' in X.500) attribute type contains site
+ information from a postal address (i.e., the street name, place,
+ avenue, and the house number.). Each street is one value of this
+ multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.9 NAME 'street'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
+ [Syntaxes].
+
+ Example: "15 Main St.".
+
+2.35 'telephoneNumber'
+
+ The 'telephoneNumber' attribute type contains telephone numbers that
+ comply with the ITU Recommendation E.123 [E.123]. Each number is one
+ value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.20 NAME 'telephoneNumber'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+ 1.3.6.1.4.1.1466.115.121.1.50 refers to the Telephone Number syntax
+ [Syntaxes].
+
+ Example: "+1 234 567 8901".
+
+2.36 'teletexTerminalIdentifier'
+
+ The withdrawal of Rec. F.200 has resulted in the withdrawal of this
+ attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+
+ 1.3.6.1.4.1.1466.115.121.1.51 refers to the Teletex Terminal
+ Identifier syntax [Syntaxes].
+
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 18]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+2.37 'telexNumber'
+
+ The 'telexNumber' attribute type contains sets of strings which are a
+ telex number, country code, and answerback code of a telex terminal.
+ Each set is one value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.21 NAME 'telexNumber'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+
+ 1.3.6.1.4.1.1466.115.121.1.52 refers to the Telex Number syntax
+ [Syntaxes].
+
+ Example: "12345$023$ABCDE".
+
+2.38 'title'
+
+ The 'title' attribute type contains the title of a person in their
+ organizational context. Each title is one value of this multi-valued
+ attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.12 NAME 'title'
+ SUP name )
+ Examples: "Vice President", "Software Engineer" and "CEO".
+
+2.39 'uid'
+
+ The 'uid' ('userid' in RFC 1274) attribute type contains computer
+ system login names associated with the object. Each name is one
+ value of this multi-valued attribute.
+ (Source: RFC 2798 [RFC2798] and RFC 1274 [RFC1274])
+
+ ( 0.9.2342.19200300.100.1.1 NAME 'uid'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
+ [Syntaxes].
+
+ Examples: "s9709015", "admin" and "Administrator".
+
+2.40 'uniqueMember'
+
+ The 'uniqueMember' attribute type contains the Distinguished Names of
+ an object that is on a list or in a group, where the Relative
+ Distinguished Names of the object include a value that distinguishes
+
+
+
+Sciberras Expires 30 July 2006 [Page 19]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ between objects when a distinguished name has been reused. Each
+ distinguished name is one value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.50 NAME 'uniqueMember'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+
+ 1.3.6.1.4.1.1466.115.121.1.34 refers to the Name and Optional UID
+ syntax [Syntaxes].
+
+ Example: If "ou=1st Battalion,o=Defense,c=US" is a battalion that was
+ disbanded, establishing a new battalion with the "same" name
+ would have a unique identifier value added, resulting in
+ "ou=1st Battalion, o=Defense,c=US#'010101'B".
+
+2.41 'userPassword'
+
+ The 'userPassword' attribute contains octet strings that are known
+ only to the user and the system to which the user has access. Each
+ string is one value of this multi-valued attribute.
+
+ The application SHOULD prepare textual strings used as passwords by
+ transcoding them to Unicode, applying SASLprep [RFC4013], and
+ encoding as UTF-8. The determination of whether a password is
+ textual is a local client matter.
+ (Source: X.509 [X.509])
+
+ ( 2.5.4.35 NAME 'userPassword'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+ 1.3.6.1.4.1.1466.115.121.1.40 refers to the Octet String syntax
+ [Syntaxes].
+
+ Passwords are stored using an Octet String syntax and are not
+ encrypted. Transfer of cleartext passwords is strongly discouraged
+ where the underlying transport service cannot guarantee
+ confidentiality and may result in disclosure of the password to
+ unauthorized parties.
+
+ An example of a need for multiple values in the 'userPassword'
+ attribute is an environment where every month the user was expected
+ to use a different password generated by some automated system.
+ During transitional periods, like the last and first day of the
+ periods, it may be necessary to allow two passwords for the two
+ consecutive periods to be valid in the system.
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 20]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+2.42 'x121Address'
+
+ The 'x121Address' attribute type contains data network addresses as
+ defined by ITU Recommendation X.121 [X.121]. Each address is one
+ value of this multi-valued attribute.
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.24 NAME 'x121Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
+
+ 1.3.6.1.4.1.1466.115.121.1.36 refers to the Numeric String syntax
+ [Syntaxes].
+
+ Example: "36111222333444555".
+
+2.43 'x500UniqueIdentifier'
+
+ The 'x500UniqueIdentifier' attribute type contains binary strings
+ that are used to distinguish between objects when a distinguished
+ name has been reused. Each string is one value of this multi-valued
+ attribute.
+ In X.520 [X.520], this attribute type is called 'uniqueIdentifier'.
+ This is a different attribute type from both the 'uid' and
+ 'uniqueIdentifier' LDAP attribute types. The 'uniqueIdentifier'
+ attribute type is defined in [RFC1274].
+ (Source: X.520 [X.520])
+
+ ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+
+ 1.3.6.1.4.1.1466.115.121.1.6 refers to the Bit String syntax
+ [Syntaxes].
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 21]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+3. Object Classes
+
+ LDAP servers SHOULD recognize all the Object Classes listed here as
+ values of the 'objectClass' attribute (see [Models]).
+
+3.1 'applicationProcess'
+
+ The 'applicationProcess' object class definition is the basis of an
+ entry which represents an application executing in a computer system.
+ (Source: X.521 [X.521])
+
+ ( 2.5.6.11 NAME 'applicationProcess'
+ SUP top
+ STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $
+ ou $
+ l $
+ description ) )
+
+3.2 'country'
+
+ The 'country' object class definition is the basis of an entry which
+ represents a country.
+ (Source: X.521 [X.521])
+
+ ( 2.5.6.2 NAME 'country'
+ SUP top
+ STRUCTURAL
+ MUST c
+ MAY ( searchGuide $
+ description ) )
+
+3.3 'dcObject'
+
+ The 'dcObject' object class permits an entry to contains domain
+ component information. This object class is defined as auxiliary,
+ because it will be used in conjunction with an existing structural
+ object class.
+ (Source: RFC 2247 [RFC2247])
+
+ ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ SUP top
+ AUXILIARY
+ MUST dc )
+
+
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 22]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+3.4 'device'
+
+ The 'device' object class is the basis of an entry which represents
+ an appliance, computer or network element.
+ (Source: X.521 [X.521])
+
+ ( 2.5.6.14 NAME 'device'
+ SUP top
+ STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $
+ seeAlso $
+ owner $
+ ou $
+ o $
+ l $
+ description ) )
+
+3.5 'groupOfNames'
+
+ The 'groupOfNames' object class is the basis of an entry which
+ represents a set of named objects including information related to
+ the purpose or maintenance of the set.
+ (Source: X.521 [X.521])
+
+ ( 2.5.6.9 NAME 'groupOfNames'
+ SUP top
+ STRUCTURAL
+ MUST ( member $
+ cn )
+ MAY ( businessCategory $
+ seeAlso $
+ owner $
+ ou $
+ o $
+ description ) )
+
+3.6 'groupOfUniqueNames'
+
+ The 'groupOfUniqueNames' object class is the same as the
+ 'groupOfNames' object class except that the object names are not
+ repeated or reassigned within a set scope.
+ (Source: X.521 [X.521])
+
+ ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ SUP top
+ STRUCTURAL
+ MUST ( uniqueMember $
+
+
+
+Sciberras Expires 30 July 2006 [Page 23]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ cn )
+ MAY ( businessCategory $
+ seeAlso $
+ owner $
+ ou $
+ o $
+ description ) )
+
+3.7 'locality'
+
+ The 'locality' object class is the basis of an entry which represents
+ a place in the physical world.
+ (Source: X.521 [X.521])
+
+ ( 2.5.6.3 NAME 'locality'
+ SUP top
+ STRUCTURAL
+ MAY ( street $
+ seeAlso $
+ searchGuide $
+ st $
+ l $
+ description ) )
+
+3.8 'organization'
+
+ The 'organization' object class is the basis of an entry which
+ represents a structured group of people.
+ (Source: X.521 [X.521])
+
+ ( 2.5.6.4 NAME 'organization'
+ SUP top
+ STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $
+ businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $
+ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $
+ postalCode $ postalAddress $ physicalDeliveryOfficeName $
+ st $ l $ description ) )
+
+3.9 'organizationalPerson'
+
+ The 'organizationalPerson' object class is the basis of an entry
+ which represents a person in relation to an organization.
+ (Source: X.521 [X.521])
+
+
+
+Sciberras Expires 30 July 2006 [Page 24]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ ( 2.5.6.7 NAME 'organizationalPerson'
+ SUP person
+ STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $
+ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $
+ postalCode $ postalAddress $ physicalDeliveryOfficeName $
+ ou $ st $ l ) )
+
+3.10 'organizationalRole'
+
+ The 'organizationalRole' object class is the basis of an entry which
+ represents a job, function or position in an organization.
+ (Source: X.521 [X.521])
+
+ ( 2.5.6.8 NAME 'organizationalRole'
+ SUP top
+ STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $
+ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $
+ description ) )
+
+3.11 'organizationalUnit'
+
+ The 'organizationalUnit' object class is the basis of an entry which
+ represents a piece of an organization.
+ (Source: X.521 [X.521])
+
+ ( 2.5.6.5 NAME 'organizationalUnit'
+ SUP top
+ STRUCTURAL
+ MUST ou
+ MAY ( businessCategory $ description $ destinationIndicator $
+ facsimileTelephoneNumber $ internationaliSDNNumber $ l $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ preferredDeliveryMethod $
+ registeredAddress $ searchGuide $ seeAlso $ st $ street $
+ telephoneNumber $ teletexTerminalIdentifier $
+ telexNumber $ userPassword $ x121Address ) )
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 25]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+3.12 'person'
+
+ The 'person' object class is the basis of an entry which represents a
+ human being.
+ (Source: X.521 [X.521])
+
+ ( 2.5.6.6 NAME 'person'
+ SUP top
+ STRUCTURAL
+ MUST ( sn $
+ cn )
+ MAY ( userPassword $
+ telephoneNumber $
+ seeAlso $ description ) )
+
+3.13 'residentialPerson'
+
+ The 'residentialPerson' object class is the basis of an entry which
+ includes a person's residence in the representation of the person.
+ (Source: X.521 [X.521])
+
+ ( 2.5.6.10 NAME 'residentialPerson'
+ SUP person
+ STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $
+ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+
+3.14 'uidObject'
+
+ The 'uidObject' object class permits an entry to contains user
+ identification information. This object class is defined as
+ auxiliary, because it will be used in conjunction with an existing
+ structural object class.
+ (Source: RFC 2377 [RFC2377])
+
+ ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ SUP top
+ AUXILIARY
+ MUST uid )
+
+
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 26]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+4. IANA Considerations
+
+ It is requested that the Internet Assigned Numbers Authority (IANA)
+ update the LDAP descriptors registry as indicated in the following
+ template:
+
+ Subject: Request for LDAP Descriptor Registration Update
+ Descriptor (short name): see comment
+ Object Identifier: see comment
+ Person & email address to contact for further information:
+ Andrew Sciberras <andrew.sciberras at eb2bcom.com>
+ Usage: (A = attribute type, O = Object Class) see comment
+ Specification: RFC XXXX [editor's note: The RFC number will be
+ the one assigned to this document.]
+ Author/Change Controller: IESG
+ Comments
+ In the LDAP descriptors registry, the following descriptors (short
+ names) should be updated to refer to RFC XXXX [editor's note: This
+ document]. Names that need to be reserved, rather than assigned to
+ an Object Identifier, will contain an Object Identifier value of
+ RESERVED.
+
+ NAME Type OID
+ ------------------------ ---- ----------------------------
+ applicationProcess O 2.5.6.11
+ businessCategory A 2.5.4.15
+ c A 2.5.4.6
+ cn A 2.5.4.3
+ commonName A 2.5.4.3
+ country O 2.5.6.2
+ countryName A 2.5.4.6
+ DC A 0.9.2342.19200300.100.1.25
+ dcObject O 1.3.6.1.4.1.1466.344
+ description A 2.5.4.13
+ destinationIndicator A 2.5.4.27
+ device O 2.5.6.14
+ distinguishedName A 2.5.4.49
+ dnQualifier A 2.5.4.46
+ domainComponent A 0.9.2342.19200300.100.1.25
+ enhancedSearchGuide A 2.5.4.47
+ facsimileTelephoneNumber A 2.5.4.23
+ generationQualifier A 2.5.4.44
+ givenName A 2.5.4.42
+ GN A RESERVED
+ groupOfNames O 2.5.6.9
+ groupOfUniqueNames O 2.5.6.17
+ houseIdentifier A 2.5.4.51
+ initials A 2.5.4.43
+
+
+
+Sciberras Expires 30 July 2006 [Page 27]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ internationalISDNNumber A 2.5.4.25
+ L A 2.5.4.7
+ locality O 2.5.6.3
+ localityName A 2.5.4.7
+ member A 2.5.4.31
+ name A 2.5.4.41
+ o A 2.5.4.10
+ organization O 2.5.6.4
+ organizationName A 2.5.4.10
+ organizationalPerson O 2.5.6.7
+ organizationalRole O 2.5.6.8
+ organizationalUnit O 2.5.6.5
+ organizationalUnitName A 2.5.4.11
+ ou A 2.5.4.11
+ owner A 2.5.4.32
+ person O 2.5.6.6
+ physicalDeliveryOfficeName A 2.5.4.19
+ postalAddress A 2.5.4.16
+ postalCode A 2.5.4.17
+ postOfficeBox A 2.5.4.18
+ preferredDeliveryMethod A 2.5.4.28
+ registeredAddress A 2.5.4.26
+ residentialPerson O 2.5.6.10
+ roleOccupant A 2.5.4.33
+ searchGuide A 2.5.4.14
+ seeAlso A 2.5.4.34
+ serialNumber A 2.5.4.5
+ sn A 2.5.4.4
+ st A 2.5.4.8
+ street A 2.5.4.9
+ surname A 2.5.4.4
+ telephoneNumber A 2.5.4.20
+ teletexTerminalIdentifier A 2.5.4.22
+ telexNumber A 2.5.4.21
+ title A 2.5.4.12
+ uid A 0.9.2342.19200300.100.1.1
+ uidObject O 1.3.6.1.1.3.1
+ uniqueMember A 2.5.4.50
+ userId A 0.9.2342.19200300.100.1.1
+ userPassword A 2.5.4.35
+ x121Address A 2.5.4.24
+ x500UniqueIdentifier A 2.5.4.45
+
+5. Security Considerations
+
+ Attributes of directory entries are used to provide descriptive
+ information about the real-world objects they represent, which can be
+ people, organizations or devices. Most countries have privacy laws
+
+
+
+Sciberras Expires 30 July 2006 [Page 28]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ regarding the publication of information about people.
+
+ Transfer of cleartext passwords is strongly discouraged where the
+ underlying transport service cannot guarantee confidentiality and
+ integrity, since this may result in disclosure of the password to
+ unauthorized parties.
+
+ Multiple attribute values for the 'userPassword' attribute need to be
+ used with care. Especially reset/deletion of a password by an admin
+ without knowing the old user password gets tricky or impossible if
+ multiple values for different applications are present.
+
+ Certainly, applications which intend to replace the 'userPassword'
+ value(s) with new value(s) should use modify/replaceValues (or
+ modify/deleteAttribute+addAttribute). Additionally, server
+ implementations are encouraged to provide administrative controls
+ which, if enabled, restrict the 'userPassword' attribute to one
+ value.
+
+ Note that when used for authentication purposes [AuthMeth], the user
+ need only prove knowledge of one of the values, not all of the
+ values.
+
+
+6. Acknowledgements
+
+ The definitions, on which this document is based, have been developed
+ by committees for telecommunications and international standards.
+
+ This document is an update of RFC 2256 by Mark Wahl. RFC 2256 was a
+ product of the IETF ASID Working Group.
+
+ The 'dc' attribute type definition and the 'dcObject' object class
+ definition in this document supersede the specification in RFC 2247
+ by S. Kille, M. Wahl, A. Grimstad, R. Huber, and S. Sataluri.
+
+ The 'uid' attribute type definition in this document supersedes the
+ specification of the 'userid' in RFC 1274 by P. Barker and S. Kille
+ and of the uid in RFC 2798 by M. Smith.
+
+ The 'uidObject' object class definition in this document supersedes
+ the specification of the 'uidObject' in RFC 2377 by A. Grimstad, R.
+ Huber, S. Sataluri and M. Smith.
+
+ This document is based upon input of the IETF LDAPBIS working group.
+ The author wishes to thank S. Legg and K. Zeilenga for their
+ significant contribution to this update. The author would also like
+ to thank Kathy Dally who edited early drafts of this document.
+
+
+
+Sciberras Expires 30 July 2006 [Page 29]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+7. References
+
+7.1 Normative
+
+ [E.123] Notation for national and international telephone
+ numbers, ITU-T Recommendation E.123, 1988
+
+ [E.164] The international public telecommunication numbering
+ plan, ITU-T Recommendation E.164, 1997
+
+ [F.1] Operational Provisions For The International Public
+ Telegram Service Transmission System, CCITT
+ Recommendation F.1, 1992
+
+ [F.31] Telegram Retransmission System, CCITT Recommendation
+ F.31, 1988
+
+ [ISO3166] ISO 3166, "Codes for the representation of names of
+ countries".
+
+ [Models] K. Zeilenga, "LDAP: The Models", draft-ietf-ldapbis-
+ models-xx (a work in progress)
+
+ [RFC1034] P. Mockapetris, " DOMAIN NAMES - CONCEPTS AND
+ FACILITIES", RFC 1034, January 1987
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", RFC 2119, March 1997
+
+ [RFC3490] Faltstrom P., Hoffman P., Costello A.,
+ "Internationalizing Domain Names in Applications
+ (IDNA)", RFC 3490, March 2003
+
+ [RFC4013] Zeilenga K., "SASLprep: Stringprep profile for User
+ Names and Passwords", RFC 4013, February 2005.
+
+ [RFC4234] Crocker, D., Overell P., "Augmented BNF for Syntax
+ Specifications: ABNF", RFC 4234, October 2005
+
+ [Roadmap] Zeilenga, K., "LDAP: Technical Specification Road
+ Map", draft-ietf-ldapbis-roadmap-xx (a work in
+ progress)
+
+ [Syntaxes] S. Legg (editor), "LDAP: Syntaxes", draft-ietf-ldapbis-
+ syntaxes-xx (a work in progress)
+
+ [X.121] International numbering plan for public data networks,
+ ITU-T Recommendation X.121, 1996
+
+
+
+Sciberras Expires 30 July 2006 [Page 30]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ [X.509] The Directory: Authentication Framework, ITU-T
+ Recommendation X.509, 1993
+
+ [X.520] The Directory: Selected Attribute Types, ITU-T
+ Recommendation X.520, 1993
+
+ [X.521] The Directory: Selected Object Classes. ITU-T
+ Recommendation X.521, 1993
+
+7.2 Informative
+
+ [AuthMeth] Harrison R., "LDAP: Authentication Methods and
+ Connection Level Security Mechanisms", draft-ietf-
+ ldapbis-authmeth-xx (a work in progress)
+
+ [LDAP-PKI] Zeilenga, K., "Lightweight Directory Access Protocol
+ (LDAP) schema definitions for X.509 Certificates",
+ draft-zeilenga-ldap-x509-xx (a work in progress)
+
+ [RFC1274] Barker, P., Kille, S.,"The COSINE and Internet X.500
+ Schema", RFC 1274, November 1991
+
+ [RFC2247] Kille, S., Wahl, M., Grimstad, A., Huber, R., and
+ Sataluri, S., "Using Domains in LDAP/X.500
+ Distinguished Names", RFC 2247, January 1998
+
+ [RFC2377] Grimstad, A., Huber, R., Sataluri, S., and Wahl, M.,
+ "Naming Plan for Internet-Enabled Applications", RFC
+ 2377, September 1998.
+
+ [RFC2798] Smith, M., "Definition of the inetOrgPerson LDAP Object
+ Class", RFC 2798, April 2000
+
+ [X.500] ITU-T Recommendations X.500 (1993) | ISO/IEC
+ 9594-1:1994, Information Technology - Open Systems
+ Interconnection - The Directory: Overview of concepts,
+ models and services.
+
+8. Author's Address
+
+ Andrew Sciberras
+ eB2Bcom
+ Suite 3, Woodhouse Corporate Centre,
+ 935 Station Street,
+ Box Hill North, Victoria 3129
+ AUSTRALIA
+
+ Phone: +61 3 9896 7833
+
+
+
+Sciberras Expires 30 July 2006 [Page 31]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ Email: andrew.sciberras at eb2bcom.com
+
+9. Intellectual Property Statement
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+10. Full Copyright Statement
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 32]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ Appendix A Changes Made Since RFC 2256
+
+ This appendix lists the changes that have been made from RFC 2256 to
+ this I-D.
+
+ This appendix is not a normative part of this specification, which
+ has been provided for informational purposes only.
+
+ 1. Replaced the document title.
+
+ 2. Removed the IESG Note.
+
+ 3. Dependencies on RFC 1274 have been eliminated.
+
+ 4. Added a Security Considerations section and an IANA
+ considerations section.
+
+ 5. Deleted the conformance requirement for subschema object
+ classes in favor of a statement in [Syntaxes].
+
+ 6. Added explanation to attribute types and to each object class.
+
+ 7. Removed Section 4, Syntaxes, and Section 6, Matching Rules,
+ (moved to [Syntaxes]).
+
+ 8. Removed the certificate-related attribute types:
+ authorityRevocationList, cACertificate,
+ certificateRevocationList, crossCertificatePair,
+ deltaRevocationList, supportedAlgorithms, and userCertificate.
+
+ Removed the certificate-related Object Classes:
+ certificationAuthority, certificationAuthority-V2,
+ cRLDistributionPoint, strongAuthenticationUser, and
+ userSecurityInformation
+
+ LDAP PKI is now discussed in [LDAP-CRL] and [LDAP-CERT].
+
+ 9. Removed the dmdName, knowledgeInformation,
+ presentationAddress, protocolInformation, and
+ supportedApplicationContext attribute types and the dmd,
+ applicationEntity, and dSA object classes.
+
+ 10. Deleted the aliasedObjectName and objectClass attribute type
+ definitions. Deleted the alias and top object class
+ definitions. They are included in [Models].
+
+ 11. Added the 'dc' attribute type from RFC 2247.
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 33]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ 12. Numerous edititorial changes.
+
+ 13. Removed upper bound after the SYNTAX oid in all attribute
+ definitions where it appeared.
+
+ 14. Added text about Unicode, SASLprep and UTF-8 for userPassword.
+
+ changes since 07:
+
+ 15. Corrected examples in preferredDeliveryMethod, uniqueMember,
+ postalAddress, and registeredAddress attribute types.
+
+ 16. Clarified and corrected examples in owner and roleOccupant
+ attribute types.
+
+ 17. Added RFC 2234 to normative references.
+
+ 18. Added RFC 1274 and RFC 2798 to informative references.
+
+ 19. Removed the statement about RFC 2026 conformance.
+
+ 20. Added the IPR Disclosure and Notice
+
+ 21. Updated the Copyright text.
+
+ changes since 08:
+
+ 22. Included RFC 2377 into Updates header and Informative
+ References
+
+ 23. Changed Editor information to Andrew Sciberras.
+
+ 24. Updated I-D Template information.
+
+ 25. References made consistent with other LDAPbis ID's. [ROADMAP]
+ -> [RoadMap] and [AUTHMETH] -> [AuthMeth].
+
+ 26. Changed Introduction to include an (LDAP) acronym after the
+ first usage.
+
+ 27. Renamed section 1.1 to "Relationship with other
+ specifications" from "Situation".
+
+ 28. Included definitions, comments and references for 'dcObject'
+ and 'uidObject'.
+
+ 29. Replaced PKI schema references to use draft-zeilenga-ldap-
+ x509-xx
+
+
+
+Sciberras Expires 30 July 2006 [Page 34]
+�
+INTERNET-DRAFT LDAP: Schema for User Applications January 30, 2006
+
+
+ 30. Spelt out and referenced ABNF on first usage.
+
+ 31. Removed Section 2.4 (Source). Replaced the source table with
+ explicit references for each definition.
+
+ 32. All references to an attribute type or object class are
+ enclosed in single quotes.
+
+ 33. The layout of attribute type definitions has been changed to
+ provide consistency throughout the document:
+ > Section Heading
+ > Description of Attribute type
+ > Multivalued description
+ > Source Information
+ > Definition
+ > Example
+ > Additional Comments
+
+ Adding this consistent output included the addition of
+ examples to some definitions.
+
+ 34. References to alternate names for attributes types are
+ provided with a reference to where they were originally
+ specified.
+
+ 35. Clarification of the description of 'distinguishedName' and
+ 'name', in regards to these attribute types being supertypes.
+
+ 36. Spelt out ISDN on first usage.
+
+ 37. Inserted a reference to [Syntaxes] for the
+ 'teletexTerminalIdentifier' definition's SYNTAX OID.
+
+ 38. Additional names were added to the IANA Considerations. Names
+ include 'commonName', 'dcObject', 'domainComponent', 'GN',
+ 'localityName', 'organizationName', 'organizationUnitName',
+ 'surname', 'uidObject' and 'userid'.
+
+ 39. Renamed all instances of supercede to supersede.
+
+ 40. Moved [F.1], [F.30] and [SASLprep] from informative to
+ normative references.
+
+ 41. Changed the 'c' definition to be consistent with X.500.
+
+ 42. Added text to 'dc', making the distinction between 'stored'
+ and 'query' values when preparing IDN strings.
+
+
+
+
+Sciberras Expires 30 July 2006 [Page 35]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-acl-model-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-acl-model-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-acl-model-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2886 @@
+
+
+
+
+
+
+
+Internet-Draft E. Stokes
+LDAP Extensions WG B. Blakley
+Intended Category: Standards Track Tivoli Systems
+Expires: 14 January 2001 D. Rinkevich
+ IBM
+ R. Byrne
+ Sun Microsystems
+ 14 July 2000
+
+ Access Control Model for LDAPv3
+ <draft-ietf-ldapext-acl-model-06.txt>
+
+STATUS OF THIS MEMO
+
+This document is an Internet-Draft and is in full
+conformance with all provisions of Section 10 of RFC2026.
+
+Internet-Drafts are working documents of the Internet
+Engineering Task Force (IETF), its areas, and its working
+groups. Note that other groups may also distribute working
+documents as Internet-Drafts. Internet-Drafts are draft
+documents valid for a maximum of six months and may be
+updated, replaced, or obsoleted by other documents at any
+time. It is inappropriate to use Internet-Drafts as
+reference material or to cite them other than as "work in
+progress."
+
+The list of current Internet-Drafts can be accessed at
+http://www.ietf.org/ietf/1id-abstracts.txt
+
+The list of Internet-Draft Shadow Directories can be
+accessed at http://www.ietf.org/shadow.html.
+
+Comments and suggestions on this document are encouraged.
+Comments on this document should be sent to the LDAPEXT
+working group discussion list:
+
+ ietf-ldapext at netscape.com
+
+COPYRIGHT NOTICE
+
+Copyright (C) The Internet Society (2000). All Rights
+Reserved.
+
+ABSTRACT
+
+This document describes the access control model for the
+Lightweight Directory Application Protocol V3 (LDAPv3)
+directory service. It includes a description of the model,
+the LDAP controls, and the extended operations to the LDAP
+protocol. The current LDAP APIs are sufficient for most
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 1]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+access control operations. An API (in a separate document)
+is needed for the extended operation getEffectiveAccess. A
+separate requirements document for access control exists
+[REQTS]. The access control model used the requirements
+documents as a guideline for the development of this
+specification and are reflected in this specification to the
+extent that the working group could agree on an access
+control model.
+
+
+The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
+"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", and
+"MAY" used in this document are to be interpreted as
+described in [Bradner97].
+
+
+
+1. Introduction
+
+The ability to securely access (replicate and distribute)
+directory information throughout the network is necessary
+for successful deployment. LDAP's acceptance as an access
+protocol for directory information is driving the need to
+provide an access control model definition for LDAP
+directory content among servers within an enterprise and the
+Internet. Currently LDAP does not define an access control
+model, but one is needed to ensure consistent secure access,
+replication, and management across heterogeneous LDAP
+implementations. The major objective is to provide a simple,
+usable, and implementable, but secure and efficient access
+control model for LDAP while also providing the appropriate
+flexibility to meet the needs of both the Internet and
+enterprise environments and policies. This document defines
+the model and the protocol extensions (controls and extended
+operations).
+
+This draft does not (and cannot) fully specify the behavior
+of the Access Control Model in a distributed environment
+(e.g. propagating access control information across servers
+and ACI administration) because there is no LDAP standard
+defining how to distribute directory data between LDAP
+servers. The behavior of the Access Control Model in
+distributed environments is beyond the scope of this draft.
+
+
+
+2. The LDAPv3 Access Control Model
+
+Access Control mechanisms evaluate requests for access to
+protected resources and make decisions about whether those
+requests should be granted or denied. In order to make a
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 2]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+grant/deny decision about a request for access to a
+protected resource, an access control mechanism needs to
+evaluate policy data. This policy data describes security-
+relevant characteristics of the requesting subject and the
+rules which govern the use of the target object.
+
+No mechanism is defined in this document for storage of
+access control information at the server beyond indicating
+that the attribute holding access control information is an
+operational attribute.
+
+The access control mechanisms specified in this document are
+neutral with respect to policy inheritance mechanisms,
+explicit vs. implicit denial, and group nesting.
+
+The access control model defines
+
+ - What flows on the wire for interoperability
+
+ The existing LDAP protocol flows for ldap operations
+ are used to manipulate access control information. A
+ set of permissions and their semantics with respect to
+ ldap operations is defined. The permissions parallel
+ the types of ldap operations defined. What is
+ transmitted is exactly what is read back. Encoding of
+ access control information on the wire is per the
+ LDAPv3 specifications.
+
+ There is an additional LDAP control and extended
+ protocol operation defined, getEffectiveRights. LDAP
+ clients use the control and extended operation to
+ manage and administer access control policy enforced by
+ LDAP servers.
+
+ Servers may store access control information in any way
+ they choose. In particular, servers may use the access
+ control mechanisms of their datastores to store and
+ enforce LDAP access control, or they may implement
+ access control managers external to their datastores.
+ Datastores and external access control managers MAY
+ implement any access control rule syntax and semantics
+ they choose, but the semantics MUST be compatible with
+ those defined in the section titled "Operational
+ Semantics of Access Control Operations".
+
+ - Attributes and classes for application portability of
+ access control information
+
+ An access control information attribute (ldapACI) for
+ application portability: This attribute is used as
+ input to the LDAP APIs so access control information
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 3]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ can be addressed uniformly independent of how that
+ information is addressed and stored at the server.
+ This same attribute appears in LDIF output for
+ interchange of access control information.
+
+ An access control information subentry class
+ (ldapACISubEntry) and a set of attributes
+ (supportedAccessControlSchemes which is used in the
+ rootDSE and accessControlSchemes which is used in the
+ subentry ldapACISubEntry) to identity the access
+ control mechanisms supported by a server and in a given
+ part of the namespace, respectively.
+
+ - An attribute in the rootDSE, discloseOnError, to
+ control whether it is permissible for the server to
+ return the name of an entry or attribute in an error
+ (or empty set) operation result. This closes a hole on
+ the ability to discover information you are not
+ authorized to discover.
+
+ - A mechanism to control access to access control
+ information: The access control information attribute,
+ ldapACI, is used to control access to access control
+ information (controls access to itself). How to get an
+ initial ldapACI in the directory is server specific and
+ beyond the scope of this model.
+
+Servers can support multiple access control mechanisms, but
+MUST be capable of supporting the LDAP Mechanism in the DIT
+scoped by the rootDSE (entire server's DIT) for that server
+and SHOULD be capable of supporting the LDAP mechanism in an
+arbitrary part (subtree) of the DIT.
+
+The accessControlSchemes attribute in the ldapACISubEntry
+indicates which access control mechanism is in effect for
+the scope of that ldapACISubEntry. The
+supportedAccessControlSchemes attribute in the rootDSE
+indicates which acess control mechanisms are supported by
+the server; those mechanisms are in effect in that server's
+DIT unless overridden by a mechanism defined in a
+ldapACISubEntry elsewhere in that DIT.
+
+Changing the value(s) of either the
+supportedAccessControlSchemes or accessControlSchemes
+attributes changes the mechanism(s) in effect for the scope
+of those attributes (where scope is either that of the
+rootDSE or ldapACISubEntry).
+
+Through the use of the mechanism rootDSE attribute and
+ldapACI subentry, it is possible to run multiple mechanisms
+in either the same subtree or separate subtrees. If two
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 4]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+mechanisms are run in the same subtree, it is desirable that
+the result be the same independent of mechanism, but
+definition and discussion of this is beyond the scope of
+this model.
+
+
+
+3. Access Control Mechanism Attributes
+
+Two attributes are defined to identify which access control
+mechanisms are supported by a given server and by a given
+subtree: supportedAccessControlSchemes and
+accessControlSchemes. (We chose these names based on the
+X.500 attribute, AccessControlScheme which is single-valued
+and defined in X.501).
+
+
+3.1 Root DSE Attribute for Access Control Mechanism
+
+The server advertises which access control mechanisms it
+supports by inclusion of the 'supportedAccessControlSchemes'
+attribute in the root DSE. This attribute is a list of
+OIDs, each of which identify an access control mechanism
+supported by the server. By default, these are also the
+mechanisms in effect in subtrees beneath the root in that
+server unless overridden by a ldapACISubEntry (see section
+"Subentry Class Access Control Mechanism").
+
+ (<OID to be assigned>
+ NAME 'supportedAccessControlSchemes'
+ DESC list of access control mechanisms supported
+ by this directory server
+ SYNTAX LDAPOID
+ USAGE dSAOperation
+ )
+
+The access control mechanism defined is:
+ LDAPv3 <OID to be assigned>
+
+Other vendor access control mechanisms MAY be defined (by
+OID) and are the responsibility of those vendors to provide
+the definition and OID.
+
+
+3.2 Root DSE Attribute for Control of Disclosing Errors
+
+The server specifies whether it is permissible for the name
+of an entry or attribute to be disclosed in an error (or
+empty) operation result. This rootDSE attribute is
+discloseOnError. The default for discloseOnError is false
+(0) or not to disclose on error. The lack of this attribute
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 5]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+in the rootDSE is interpreted as the default.
+
+ (<OID to be assigned>
+ NAME 'discloseOnError'
+ DESC specify whether to return the name of an
+ entry or attribute in an error (or
+ empty) operation result; 0=do not
+ disclose (default); 1=disclose
+ SYNTAX LDAPString
+ USAGE dSAOperation
+
+
+3.3 Subentry Class Access Control Mechanism
+
+A given naming context MUST provide information about which
+access control mechanisms are in effect for that portion of
+the namespace. This information is contained in a subentry
+(ldapACISubEntry class), derived from [SUBENTRY].
+ldapACISubEntry MAY be used to define the scope of an access
+control mechanism. The value(s) held in the rootDSE
+attribute, supportedAccessControlSchemes, are the mechanisms
+in effect in subtrees beneath the root in that server unless
+overridden in a ldapACISubEntry further down the tree held
+by that server. The scope of that ldapACISubEntry is to the
+end of the subtree held by that server or until another
+ldapACISubEntry is encountered in that subtree held by that
+server. The ldapACISubEntry class is defined as:
+
+
+ ( <OID to be assigned>
+ NAME 'ldapACISubEntry'
+ DESC 'LDAP ACI Subentry class'
+ SUP ldapSubEntry STRUCTURAL
+ MUST ( accessControlSchemes )
+ )
+
+The accessControlSchemes attribute MUST be in each ldap
+access control subentry entry associated with a naming
+context whose access control mechanism is different from
+adjacent naming contexts supported by that directory server.
+accessControlSchemes lists the values (list of OIDs) that
+define the access control mechanisms in effect for the scope
+of that ldap access control subentry. Although, in general,
+this attribute will define only a single mechanism (single
+value), more than one mechanism MAY be in effect for the
+scope of that subentry.
+
+ (<OID to be assigned>
+ NAME 'accessControlSchemes'
+ DESC list of access control mechanisms supported
+ in this subtree
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 6]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ SYNTAX LDAPOID
+ USAGE dSAOperation
+ )
+
+
+
+4. The Access Control Information Attribute (ldapACI)
+
+The access control information attribute, ldapACI, is
+defined as:
+
+ (<OID to be assigned>
+ NAME 'ldapACI'
+ DESC 'ldap access control information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX directoryString
+ USAGE directoryOperation
+ )
+
+The intent of the attribute definition is to design a common
+interchange format. Any given LDAP server should be able to
+translate the below defined attribute into meaningful
+operation requests. Each server should be able to understand
+the attribute; there should not be any ambiguity into what
+any part of the syntax means.
+
+While the end goal is to have a common behavior model
+between different LDAP server implementations, the attribute
+definition alone will not ensure identical ACL processing
+behavior between servers. The semantics of how a server
+interprets the ACI syntax are defined in the "Operational
+Semantics of Access Control" section of this document.
+Additionally, while the server must recognize and act on the
+attribute when received over the wire, there are no
+requirements for the server to physically store this
+attribute.
+
+The attribute definition maintains an assumption that the
+receiving server supports inheritance within the security
+model. If the server does not support inheritance, the
+receiving server must expand any inherited information based
+on the scope flag. If the server does not support partial
+inheritance and both the entry and subtree scope are used,
+then entry is the prevailing scope. (It is possible for two
+values in the ldapACI attribute to have different scopes
+given the syntax of ldapACI; one might contain 'entry' and
+another might contain 'subtree'. This implies that some
+ldapACI values inherit down the DIT and othersdo not - hence
+partial inheritance of the ldapACI attribute.)
+
+The attribute is defined so access control information (ACI)
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 7]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+can be addressed in a server independent of server
+implementation. This attribute is used in typical LDAP APIs
+and in LDIF output of ACI. This attribute may be queried or
+set on all directory objects. The BNF and definitions are
+given below.
+
+
+4.1 The BNF
+
+
+4.1.1 ACI String Representation
+
+ Values of this syntax are encoded according to the
+ following BNF which follows the BNF encoding
+ conventions described in [ABNF]:
+
+ ldapACI = scope "#" rights "#" attr "#" subject
+
+ scope = "entry" / "subtree"
+
+ rights = (("grant:" / "deny:") permissions) /
+ ("grant:" permissions ";deny:" permissions)
+
+ permissions = [permission *("," permission)]
+
+ permission = "a" / ; add
+ "d" / ; delete
+ "e" / ; export
+ "i" / ; import
+ "n" / ; renameDN
+ "b" / ; browseDN
+ "t" / ; returnDN
+ "r" / ; read
+ "s" / ; search
+ "w" / ; write (mod-add)
+ "o" / ; obliterate (mod-del)
+ "c" / ; compare
+ "m" / ; make
+
+ attr = "[all]" / "[entry]" / (attribute *("," attribute))
+
+ attribute = ; OID syntax (1.3.6.1.4.1.1466.115.121.1.38)
+ ; from [ATTR]
+
+ subject = ["authnLevel:" authnLevel ":"]
+ (("authzID-" authzID) /
+ ("role:" dn) /
+ ("group:" dn) /
+ ("subtree:" dn) /
+ ("ipAddress:" ipAddress) /
+ "public:" /
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 8]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ "this:")
+
+ authnLevel = "any" /
+ "simple" /
+ sasl
+
+ sasl = "sasl:"
+ ("any" /
+ mechanism)
+
+ mechanism = ; sasl mechanism from 4.2 of [LDAPv3]
+
+ authzID = ; authzID from [AuthMeth] repeated below
+ ; for convenience
+
+ authzId = dnAuthzId / uAuthzId
+
+ ; distinguished-name-based authz id.
+ dnAuthzId = "dn:" dn
+
+ dn = utf8string ; with syntax defined in [UTF]
+
+ ; unspecified userid, UTF-8 encoded.
+ uAuthzId = "u:" userid
+ userid = utf8string ; syntax unspecified
+
+ ipAddress = printableString
+ ; dotted decimal form (e.g. 10.0.0.6)
+ ; or use wildcards such as 12.3.45.* to
+ ; specify a specific subnetwork
+ ; or 123.45.6.*+255.255.255.115 to
+ ; specify a subnetmask
+ ; or use a wildcard domain name such as
+ ; *.airius.com to specify a specific
+ ; DNS domain
+
+ printableString ; printableString syntax from [ATTR]
+
+
+Note that the colon following the "public" and "this"
+subject options exist only to simplify string parsing.
+
+Note also that per [AuthMeth], authzID may be expanded in
+the future.
+
+See section titled 'ACI Examples' for examples of the string
+representation.
+
+
+
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 9]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+4.1.2 ACI Binary Representation
+
+ The following ASN.1 data type is used to represent this
+ syntax when transferred in binary form:
+
+ ldapACI ::= SEQUENCE {
+ scope ENUMERATED {
+ entry (0),
+ subtree (1) },
+ rights SEQUENCE OF CHOICE {
+ grant [0] Permissions,
+ deny [1] Permissions },
+ attr CHOICE {
+ all [0] NULL,
+ entry [1] NULL,
+ attributes [2] SEQUENCE OF Attribute },
+ subject SEQUENCE {
+ authnLevel CHOICE {
+ any [0] NULL,
+ simple [1] NULL,
+ sasl [2] CHOICE {
+ any [0] NULL,
+ mechanism [1] LDAPString -- from [LDAPv3]
+ }
+ },
+ subject CHOICE {
+ dn [0] DN,
+ user [1] utf8String
+ role [1] DN,
+ group [2] DN,
+ subtree [3] DN,
+ ipAddress [4] IPAddress,
+ public [6] NULL,
+ this [7] NULL }, } -- may be expanded
+ per [AuthMeth]
+
+ Permissions ::= SEQUENCE OF ENUMERATED {
+ add (0),
+ delete (1),
+ export (2),
+ import (3),
+ renameDN (4),
+ browseDN (5),
+ returnDN (6),
+ read (7),
+ search (8),
+ write (9),
+ obliterate (10),
+ compare (11),
+ make (12) }
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 10]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ Attribute ::= AttributeType -- from [LDAPv3]
+
+ IPAddress ::= PrintableString -- (e.g. 10.0.0.6)
+
+
+
+4.2 The Components of ldapACI Attribute
+
+This section defines components that comprise the access
+control information attribute, ldapACI.
+
+
+4.2.1 Scope
+
+Two scopes for access control information are defined:
+
+ - entry - the access control information in the ldapACI
+ attribute applies only to the entry in which it is
+ contained
+
+ - subtree - the access control information in the ldapACI
+ attribute applies to each entry down the subtree unless
+ it is overridden by an entry-specific ldapACI whose
+ values are more specific.
+
+Use of prescriptive ACIs and scoping via use of a
+ldapACISubEntry is outside the scope of this document.
+
+
+4.2.2 Access Rights and Permissions
+
+Access rights can apply to an entire object or to attributes
+of the object. Access can be granted or denied. Either or
+both of the actions "grant" | "deny" may be used when
+creating or updating ldapACI.
+
+Each of the LDAP access permissions are discrete. One
+permission does not imply another permission. The
+permissions which apply to attributes and the entry parallel
+the type of ldap operations that can be performed.
+
+Permissions which apply to attributes:
+
+ r Read Read attribute values
+ w Write Modify-add values
+ o Obliterate Modify-delete values
+ s Search Search entries with specified attributes
+ c Compare Compare attributes
+ m Make Make attributes on a new entry below
+ this entry
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 11]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ 1. r Read
+
+ If granted, permits attributes and values to be
+ returned in a read or search operation.
+
+ 2. w Write
+
+ If granted, permits attributes and values to be added
+ in a modify operation.
+
+ 3. o Obliterate
+
+ If granted, permits attributes and values to be
+ deleted in a modify operation.
+
+ 4. s Search
+
+ If granted, permits attributes and values to be
+ included in a search operation.
+
+ 5. c Compare
+
+ If granted, permites attributes and value to be used
+ in a compare operation.
+
+ 6. m Make
+
+ The attribute permission "m" is required for all
+ attributes that are placed on an object when it is
+ created. Just as the "w" and "o" permissions are used
+ in the Modify operation, the "m" permission is used in
+ the Add operation. Additionally, note that "w" and "o"
+ have no bearing on the Add operation and "m" has no
+ bearing on the Modify operation. Since a new object
+ does not yet exist, the "a" and "m" permissions needed
+ to create it must be granted on the new object's
+ parent. This differs from "w" and "o" which must be
+ granted on the object being modified. The "m"
+ permission is distinct and separate from the "w" and
+ "o" permissions so that there is no conflict between
+ the permissions needed to add new children to an entry
+ and the permissions needed to modify existing children
+ of the same entry.
+
+Note: Modify-replace values of an attribute requires "w"
+and "o" permission.
+
+Permissions that apply to an entire entry:
+
+
+ a Add Add an entry below this entry
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 12]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ d Delete Delete this entry
+ e Export Export entry & subordinates to new
+ location
+ i Import Import entry & subordinates from some
+ location
+ n RenameDN Rename an entry's DN
+ b BrowseDN Browse an entry's DN
+ t ReturnDN Allows DN of entry to be disclosed in
+ an operation result
+
+
+ 1. a Add
+
+ If granted, permits creation of an entry in the DIT
+ subject to control on all attributes and values to be
+ placed in the new entry at time of creation. In order
+ to add an entry, permission must also be granted to
+ add at least the mandatory attributes.
+
+ 2. d Delete
+
+ If granted, permits the entry to be removed from the
+ DIT regardless of controls on attributes within the
+ entry.
+
+ 3. e Export
+
+ If granted, permits an entry and its subordinates (if
+ any) to be exported; that is, removed from the current
+ location and placed in a new location subject to the
+ granting of suitable permission at the destination.
+ If the last RDN is changed, Rename is also required at
+ the current location. In order to export an entry or
+ its subordinates, there are no prerequisite
+ permissions to contained attributed, including the RDN
+ attributes; this is true even when the operation
+ causes new attribute values to be added or removed as
+ the result of the changes of RDN.
+
+ 4. i Import
+
+ If granted, permits an entry and its suordinates (if
+ any) to be imported; that is, removed from some other
+ location and placed a t the location to which the
+ permission applies subject to the granting of suitable
+ permissions at the source location. In order to
+ import an entry or its subordinates, there are no
+ prerequisite permissions to contained attributed,
+ including the RDN attributes; this is true even when
+ the operation causes new attribute values to be added
+ or removed as the result of the changes of RDN.
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 13]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ 5. n RenameDN
+
+ Granting Rename is necessary for an entry to be
+ renamed with a new RDN, taking into account
+ consequential changes to the distinguished names of
+ subordinate entries, if any; if the name of the
+ superior is unchanged, the grant is sufficient. In
+ order to rename an entry, there are no prerequisite
+ permissions to contained attributed, including the RDN
+ attributes; this is true even when the operation
+ causes new attribute values to be added or removed as
+ the result of the changes of RDN.
+
+ 6. b BrowseDN
+
+ If granted, permits entries to be accessed using
+ directory operations which do not explicitly provide
+ the name of the entry.
+
+ 7. t ReturnDN
+
+ If granted, allows the distinguished name of the entry
+ to be disclosed in the operation result.
+
+All permissions (for grant and deny) for an attribute/entry
+and a given subject MUST be contained within one ldapACI
+value, i.e. (in abbreviated form)
+
+ ldapACI: ...grant OID.attr1 subjectA
+ ldapACI: ...deny OID.attr1 subjectA
+
+must be ldapACI: ...grant ... deny... OID.attr1 subjectA
+
+Using the defined BNF it is possible for the permission
+string to be empty. The ACI
+
+ ldapACI: subtree#grant#OID.attr1#group:cn=Dept XYZ,c=US
+
+ ldapACI: subtree#grant:r,s#[all]#group:cn=Dept XYZ,c=US
+
+means that this group (Dept XYZ) is granted permission to
+read and search all attributes except OID.attr1 because
+OID.attr1 is more specific than "[all]".
+
+
+4.2.3 Attributes
+
+Attribute describes an attribute name in the form of a
+dotted decimal OID for that <attr>. If the string (OID)
+refers to an attribute not defined in the given server's
+schema, the server SHOULD report an error. "[entry]" means
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 14]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+the permissions apply to the entire object. This could mean
+actions such as delete the object, or add a child object.
+"[all]" means the permission set apply to all attributes of
+the entry.
+
+If the keyword "[all]" and another attribute are both
+specified within an ACI, the more specific permission set
+for the attribute overrides the less specific permission set
+for "[all]".
+
+
+4.2.4 Subjects and Associated Authentication
+
+The following subjects are defined and MUST be supported:
+
+ - authzID, defined per [authmeth]
+
+ - group, defined as the distinguished name of a
+ groupOfNames or groupOfUniqueNames entry
+
+ - role
+
+ - subtree, defined as the distinguished name of a non-
+ leaf node in the DIT
+
+ - ipAddress,
+
+ - public, defined as public access
+
+ - this, defined as the user whose name matches that of
+ the entry being accessed
+
+Other parties MAY define other subjects. It is the
+responsibility of those parties to provide the definition.
+
+A subject may be qualified by the type of authentication
+required for access to a given attribute(s) or entry. If no
+authnLevel is present, then no specific type of
+authentication is additionally required for access. If
+authnLevel is specified, then that type of authentication is
+additionally required for access. The authnLevels parallel
+the authentication mechanisms specified for LDAPv3: simple,
+SASL (any type of SASL mechanism), and a SASL-specific
+mechanism. The authnLevel of is not an acceptable mechanism
+for this case) as part of obtaining access.
+
+
+4.3 Grant/Deny Evaluation Rules
+
+The decision whether to grant or deny a client access to a
+particular piece of information is based on several pieces
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 15]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+of information found within the ldapaci value. Throughout
+the decision making process, there are guiding principals.
+
+ - Specificity: More specific policies MUST override less
+ specific ones (e.g. individual user entry in ACI takes
+ precedence over group entry).
+
+ - Deny takes precedence over Grant.
+
+ - When there are conflicting ACI values, deny takes
+ precedence over grant.
+
+ - Deny is the default when there is no access control
+ information.
+
+Precendence of Scope Types (highest to lowest)
+
+ - entry
+
+ - subtree
+
+Precedence of Subjects within a Scope (highest to lowest):
+
+ - ipAddress
+
+ - authzID, this
+
+ - group, role, this, public
+
+ - subtree, public
+
+Although other types MAY be defined given the BNF, use of
+the well-known types aids in interoperability and
+operational consistency.
+
+Access Decision algorithm:
+
+ 1. Determine all the ldapACI values which could apply to
+ the target DN which is being accessed. This is the DN
+ of the entry which is being queried in a search,
+ modified, deleted, etc. When determining all the
+ ldapACI values, the scope field should be used. All
+ ldapACI values with a scope of 'entry' take precedence
+ over ldapACI values with a scope of 'subtree'.
+
+ 2. Determine which ldapACI (of the set determined in step
+ 1) apply to the bound DN. This is determined by
+ looking at the subject (combination of subject type
+ and subject value) and bind type. If no bind is in
+ effect (this is possible in ldapv3), then treat this
+ lack of bind as if bound as anonymous. Start with the
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 16]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ most specific subject type. If at any time, at least
+ one ldapACI value exists for a specificity level, then
+ processing stops; the exception here is 'this' because
+ this may also be combined with group to use power of
+ 'this'. Evaluation should take place on set of
+ ldapACI values which are all of the same specificity
+ level. Subjects of the same precedence are combined
+ using union semantics.
+
+ 3. Evaluate the remaining ldapACI values and determine a
+ grant/deny decision. If conflicting ldapACI value
+ exists for the same attribute, or attributes (i.e. one
+ ldapACI grants permission and another denies
+ permission), then deny takes precedence over grant.
+ For example, if one is granted permission to
+ "objectclass" in one ldapACI value by being a member
+ of group cn=Admin, and denied permission by being a
+ member of cn = NontrustedAdmins, then the bound user
+ would not receive permission to objectclass.
+
+ The rule of specificity also applies to the
+ attributes. If one is denied permission to "[ all ]"
+ attributes, but granted permission to "objectclass"
+ then the more specific value of "objectclass" takes
+ precedence over the less specific value of "[ all ] ".
+ In this case the user would be granted permission to
+ "objectclass" but denied permission to all other
+ attributes.
+
+
+
+5. Required Permissions for each LDAP Operation
+
+This section defines the required permissions for each LDAP
+operation but even if these requirements are satisfied the
+server MAY refuse to carry out the operation due to other
+implementation specific security considerations. For
+example, a server may refuse to modify an entry because the
+database where that entry resides is in read only mode.
+Another example might be that although the access control is
+available to the userPassword attribute a server may refuse
+modifications due to some server specific policy governing
+access to passwords.
+
+Here, we specify the rights required by a user when
+performing an LDAP operation in terms of the LDAP
+permissions specified in section 6.1. Recall that "a, d,
+e, i, n, b,t" are permissions that apply to entries as a
+whole while permissions "r, s, w, o, c, m" apply to
+attributes within entries.
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 17]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+Required permissions for LDAP extended operations and LDAP
+controls are beyond the scope of this draft.
+
+There is a requirement that a user should not be able to
+infer the existence of data in the Directory, if the user
+does not have the required access rights to that data. An
+example of this requirement would be in a hosting
+environment where you would not want any users from the coke
+subtree to be able to even discover that the pepsi tree was
+hosted on the same server. This "discloseOnError" feature
+will be set once for server in the rootDSE advertised by the
+attribute discloseOnError. The default for discloseOnError
+is false (0). The lack of this attribute in the rootDSE is
+interpreted as the default. The details of its effects are
+addressed below, operation by operation.
+
+For the following, assume that the authorization identity of
+the user doing the operation is authzID.
+
+
+5.1 Bind Operation
+
+This draft does not require any permissions to allow a bind
+operation to proceed.
+
+
+5.2 Search Operation
+
+Recall that the parameters of the Search operation per RFC
+2251 [LDAPv3] Section 4.5 are:
+
+ SearchRequest ::= [APPLICATION 3] SEQUENCE {
+ baseObject LDAPDN,
+ scope ENUMERATED {
+ baseObject (0),
+ singleLevel (1),
+ wholeSubtree (2) },
+ derefAliases ENUMERATED {
+ neverDerefAliases (0),
+ derefInSearching (1),
+ derefFindingBaseObj (2),
+ derefAlways (3) },
+ sizeLimit INTEGER (0 .. maxInt),
+ timeLimit INTEGER (0 .. maxInt),
+ typesOnly BOOLEAN,
+ filter Filter,
+ attributes AttributeDescriptionList }
+
+Suppose a server is processing a search request from user
+authzID with parameters as above and is processing the entry
+with dn candidateDN to decide if it may be returned or not.
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 18]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+Then the permissions required by authzID that need to be
+evaluated are as follows:
+
+
+ 1. permission "b" to the entry candidateDN
+
+ If this permission is not granted then the dn
+ candidateDN MUST not be returned nor any attribute
+ type nor attribute value from this entry.
+
+ If this permission is granted then the dn candidateDN
+ MAY be returned.
+
+ Note: The idea of the "b" permission is to say "a user
+ has discovery rights" at a certain entry in the
+ directory. Assuming that the further required
+ permissions below are satisfied then having "b" right
+ is enough to allow the server to return candidateDN.
+ Of course candidateDN contains in it's components,
+ attributes and attribute values for all the ancestors
+ of candidateDN. This can lead to the slightly odd
+ situation that we can discover the naming attribute of
+ an entry and that attribute's value by virtue of
+ having the required searching permissions to it's
+ child but not by searching the entry directly.
+
+ 2. permission "s" to each attribute appearing in a
+ presence test during the evaluation of the search
+ filter. permission "r" to each attribute appearing in
+ non-presence tests (see rfc1960, section 3:
+ equalityMatch, substrings, greaterOrEquial,
+ lessOrEqual, present, approxMatch, extensibleMatch)
+ during the evaluation of the search filter.
+
+ The above statement covers the case where the
+ attributes are being evaluated as part of an
+ extensibleMatch (RFC 2251 section 4.5.1) which appears
+ in the filter. In the case where the dnAttributes
+ field of the extensibleMatch is true then we do not
+ require any access checks to the attributes of the dn
+ candidateDN as access to these is taken to be granted
+ by the "b" permission, which has already been required
+ above.
+
+ If there is an attribute in a filter element to which
+ the required permission is not granted then that
+ filter element evaluates to "Undefined" of the three-
+ valued-logic of X.511(93).
+
+ Note A: Although both "r" and "s" permissions will
+ typically be granted to attributes we keep both
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 19]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ permissions as there are cases where the distinction
+ is useful. For example, the ability to grant the
+ right to discover that a user entry contains a
+ userPassword attribute, but not to read it's value
+ ("s" but not "r"). The converse, granting "r" but not
+ "s" permission is less easy to motivate.
+
+ Note B: There is an unusual behaviour with respect to
+ naming attributes illustrated in the following
+ example:
+
+ Suppose I have "b" rights to cn=fred,o=sun.com and "r"
+ rights to attribute objectclass but not "r" rights to
+ cn then with search filter (objectclass=*) I get back
+ the dn and objectclass (and so can see the value of
+ cn), but with a search filter of (cn=fred) I do not
+ get anything.
+
+ 3. permission "r" to each attribute in the attribute list
+
+ AttributeDescriptionList (or all attributes in the
+ entry candidateDN if AttributeDescriptionList is *)
+ whose type and/or value will be returned.
+
+ Note: The presence of an attribute in an entry is only
+ ever volunteered by the server if "r" permission is
+ granted to it, though a user may infer the presence of
+ an attribute with "s" permission by using a presence
+ test on that attribute in the search filter.
+
+ 4. permission "t" to the entry candidateDN
+
+ If this permission is not granted then the dn
+ candidateDN MUST NOT be returned. If the server knows
+ of an alias for the entry, this alias may be returned
+ instead. If no alias name is available then the entry
+ candidateDN MUST be omitted from the search results.
+
+
+ 5. Disclose on error for the Search operation
+
+ If every entry in the scope of the search fails to
+ satisfy item 1 (browse right on the candidate entry)
+ or item 2 (right to use the filter on that entry) and
+ if discloseOnError is not granted to the baseObject
+ entry then the operation MUST fail with a "no such
+ object error" and the matchedDN of the LDAPResult MUST
+ be set to "". If every entry in the scope of the
+ search fails to satisfy items 1 or 2 above and
+ discloseOnError is granted to the baseObject then the
+ empty set of results is returned.
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 20]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+5.3 Modify Operation
+
+Recall that the parameters of the Modify operation per
+RFC2251 [LDAPv3] Section 4.6 are:
+
+ ModifyRequest ::= [APPLICATION 6] SEQUENCE {
+ object LDAPDN,
+ modification SEQUENCE OF SEQUENCE {
+ operation ENUMERATED {
+ add (0),
+ delete (1),
+ replace (2) },
+ modification AttributeTypeAndValues } }
+
+
+ AttributeTypeAndValues ::= SEQUENCE {
+ type AttributeDescription,
+ vals SET OF AttributeValue }
+
+Then the permissions required by authzID that need to be
+evaluated are as follows:
+
+
+ 1. permission "w" to each attribute being added to object
+
+ If this permission is not granted to such an
+ attribute, then the operation MUST fail. In this
+ case, if discloseOnError is not granted to the entry
+ then "no such object" error is returned; if
+ discloseOnError is granted to the entry and a
+ duplicate attribute value is being added then
+ "attribute value already exists" error is returned; if
+ discloseOnError is granted to the entry and no
+ duplicate value is being added then an "insufficient
+ access" error is returned.
+
+ 2. permission "o" to each attribute for which a value is
+ being deleted from object
+
+ If this permission is not granted to such an attribute
+ then the operation MUST fail. In this case, if
+ discloseOnError is not granted to the entry then "no
+ such object" error is returned; if discloseOnError is
+ granted to the entry and the attribute or one of the
+ values to be deleted does not exist then a "no such
+ attribute or value" error is returned; if
+ discloseOnError is granted to the entry and the
+ attribute and all values specified to be deleted exist
+ then an "insufficient access" error is returned.
+
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 21]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ 3. permissions "o" and "w" to each attribute being
+ replaced in object
+
+ If one of these these permissions is not granted to
+ such an attribute then the operation MUST fail. In
+ this case, if discloseOnError is not granted to the
+ entry then a "no such object" error is returned; if
+ discloseOnError is granted to the entry then
+ "insufficient access" error is returned.
+
+
+5.4 Add Operation
+
+Recall that the parameters of the Add operation per RFC2251
+[LDAPv3] Section 4.7 are:
+
+ AddRequest ::= [APPLICATION 8] SEQUENCE {
+ entry LDAPDN,
+ attributes AttributeList }
+
+
+ AttributeList ::= SEQUENCE OF SEQUENCE {
+ type AttributeDescription,
+ vals SET OF AttributeValue }
+
+Then the permissions required by authzID that need to be
+evaluated are as follows:
+
+ permission "a" to the parent of entry
+
+ The access rights required for the creation of a root
+ entry in the Directory are beyond the scope of this
+ document. They will be vendor specific.
+
+ 1. permission "m" to the parent of entry for each
+ attribute being added to entry
+
+If any of these permissions are not granted then the
+operation MUST fail. In this case if discloseOnError is on
+and the entry to be added does not already exist then
+"insufficient access" is returned. If it does exist then
+"Entry already exists" is returned. If discloseOnError is
+off then "No such object" is returned (meaning the parent
+object).
+
+If they are all granted then the operation MAY proceed.
+
+Note: We require "m" permission to each attribute to prevent
+an entry from aquiring "unintended" rights (via group or
+role membership), to stop a "rogue" ACI being added that
+would prevent even admins deleting the entry and general
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 22]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+consistency with the MODIFY operation.
+
+Note: The access rights required for the creation of the
+first entry in the directory are beyond the scope of this
+document.
+
+
+5.5 Delete Operation
+
+Recall that the parameters of the Delete operation per
+RFC2251 [LDAPv3] Section 4.10 are:
+
+ DelRequest ::= [APPLICATION 10] LDAPDN
+
+Then the permissions required by authzID that need to be
+evaluated are as follows:
+
+
+ 1. permission "d" to the entry in the Delete request
+
+If this permission is not granted, then the operation MUST
+fail. In this case if discloseOnError is on and the entry
+to be deleted exists then "insufficient access" is returned.
+If it does not exist then "No such Object" is returned. If
+discloseOnError is off then "No such object" is returned
+(meaning the parent object).
+
+If this permission is granted, then the operation MAY
+proceed.
+
+Note: One could also require the "o" permission to be
+granted to allow the operation to proceed, but customer
+experience has shown that the requirement of the additional
+permission is not useful nor expected, and X.500 requires
+only the "d" permission.
+
+
+5.6 Modify DN Operation
+
+Recall that the parameters of the Modify DN operation per
+RFC2251 [LDAPv3] Section 4.6 are:
+
+ ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
+ entry LDAPDN,
+ newrdn RelativeLDAPDN,
+ deleteoldrdn BOOLEAN,
+ newSuperior [0] LDAPDN OPTIONAL }
+
+Then the permissions required by authzID that need to be
+evaluated are as follows:
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 23]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ 1. If newSuperior is not present (ie. only the RDN is
+ being renamed) then permission "n" to entry is
+ required.
+
+ 2. If newSuperior is present then permission "e" to entry
+ and permission "i" to newSuperior are required.
+
+If any of these permissions are not granted then the
+operation MUST fail. In this case, if discloseOnError is on
+then an "insufficient access error" is returned. Otherwise,
+"No such object" is returned.
+
+If they are all granted then the operation MAY proceed.
+
+Note A: We do not require any additional permissions in the
+case where deleteoldrdn is TRUE.
+
+Note B: These permissions allow the naming attribute of an
+entry (or entries) to be changed even though "o" and "w"
+permissions are not available on the entry. Distinguishing
+the permissions like this allows us to grant permissions for
+the ModifyDN operation, but not the Modify operation and
+vice versa.
+
+
+5.7 Compare Operation
+
+Recall that the parameters of the Compare operation per
+RFC2251 [LDAPv3] Section 4.10 are:
+
+ CompareRequest ::= [APPLICATION 14] SEQUENCE {
+ entry LDAPDN,
+ ava AttributeValueAssertion }
+
+Then the permissions required by authzID that need to be
+evaluated are as follows:
+
+
+ 1. permission "c" to the attribute in entry on which the
+ comparison is being made.
+
+If any of these permissions are not granted then the
+operation MUST fail. In this case, if discloseOnError is on
+then an "insufficient access error" is returned. Otherwise,
+"No such object" is returned.
+
+If they are all granted then the operation MAY proceed.
+
+
+
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 24]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+5.8 Abandon Operation
+
+Recall that the parameters of the Abandon operation per
+RFC2251 [LDAPv3] Section 4.6 are:
+
+ AbandonRequest ::= [APPLICATION 16] MessageID
+
+authzID always has the right to send an Abandon Operation
+for an operation he previously initiated.
+
+
+5.9 Extended Operation
+
+Recall that the parameters of the Extended operation per
+RFC2251 [LDA{v3] Section 4.12 are:
+
+ ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
+ requestName [0] LDAPOID,
+ requestValue [1] OCTET STRING OPTIONAL }
+
+The access required for an Extended Operation is beyond the
+scope of this document. The required access will normally
+be defined by the implementor of the extended request.
+
+
+
+6. Required Permissions for Handling Aliases and References
+
+
+Use of aliases and referrals are part of LDAPv3. However,
+neither is particularly well-defined. Alias
+objects/attributes are defined in RFC 2256 as derived from
+X.500, but LDAPv3 does not explicitly define its semantics
+or behavior. X.500 does define alias semantics and behavior
+with respect to access control; we define its behavior in
+LDAPv3 based on the X.511, section 7.11.1. Referrals and
+knowledge information are still under design in LDAPv3; they
+are defined in X.500, however, X.500 punts on their
+semantics and behavior with respect to access control. We
+define their semantics and behavior in LDAPv3 in terms that
+should be independent of the future LDAPv3 definition of
+referrals and knowledge information.
+
+
+6.1 ACI Distribution
+
+Currently there is no LDAP standard defining how to
+distribute directory data between LDAP servers. Consequently
+this draft cannot fully specify the behavior of the Access
+Control Model in a distributed environment. The case of
+distribution via referrals is treated in the "Referrals"
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 25]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+section below. In the case of chaining (where one LDAP
+server forwards a request to another on behalf of a client)
+then it is server specific how the access control model
+behaves in this environment. Similarly it is server specific
+how the server determines whether the chaining of an
+operation is permitted in the first place. For example, the
+implementation may choose to regard the local naming context
+and the remote subordinate naming context as seperate Access
+Control Specific Areas, or it may regard the DIT as one
+Access Control Specific Area and implement mechanisms to
+propagate access control information between the two
+servers. The behavior of the Access Control Model in
+distributed environments such as these is beyond the scope
+of this draft.
+
+
+6.2 Aliases
+
+There are two things to protect with respect to aliases:
+the real name of the aliased object and the location of the
+server holding it.
+
+If alias de-referencing is required in the process of
+locating a target entry, no specifc permissions are
+necessary for alias de-referencing to take place. Access
+control is enforced at the object pointed to by the alias.
+
+If alias de-referencing would result in a
+continuationReference (e.g. from a search operation), then
+browse permission is required to the alias entry and read
+permission is required to the 'aliasedObjectName' attribute.
+Requiring these permission closes the hole of discovery.
+
+
+6.3 Referrals
+
+If a referral is to be followed, no specifc permissions are
+necessary for the ldap client to follow the referral. Access
+control is enforced at the referenced object. If a referral
+is returned, then browse is required on the entry and read
+permission is required to the attribute containing the
+referral (we cannot name this attribute exactly today
+because there are no RFCs on this - only drafts). If the
+server implements a default referral, then no special
+permissions are required to read and return that referral.
+Requiring these permissions closes the hole of discovery.
+In the default case, it is assumed that a default referral
+is public.
+
+
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 26]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+7. Controlling Access to Access Control Information
+
+The ldapACI attribute is used to specify control for who has
+permission to set/change access control information
+(ldapACI). The ldapACI attribute/OID is just another
+attribute described with a scope, set of rights and
+permissions, and subject as a value of the ldapACI
+attribute. (See the example in the "ACI Examples" section).
+
+If the policy for controlling the ldapACI attribute is not
+specified for any object in the tree, behavior is
+implementation defined. For instance, if no object anywhere
+in the tree defines the access for ldapACI within the
+ldapACI attribute, then the server could simply assert that
+the 'root DN' is considered the policy owner (controller for
+controlling access control) for all objects.
+
+
+
+8. ACI Examples
+
+Note that in the examples, the form "OID.<attrname>" refers
+to the OID in dotted decimal form for the attribute
+<attrname>. This shorthand notation is used only for the
+examples. In implementation, the dotted decimal form of the
+OID is used.
+
+
+8.1 Attribute Definition
+
+The following examples show the access required to control
+access to the ldapACI attribute. The first example shows
+controlling the access control on an individual entry and
+its attributes. The second example shows controlling the
+access control on a subtree.
+
+ ldapACI: entry#grant:r,w#
+ OID.ldapACI#authnLevel:any:role:cn=aciAdmin
+
+ ldapACI: subtree#grant:r,w#
+ OID.ldapACI#authnLevel:any:role:cn=aciAdmin
+
+The next example shows a ldapACI attribute where a group
+"cn=Dept XYZ, c=US" is being given permissions to read,
+search, and compare attribute attr1. The permission applies
+to the entire subtree below the node containing this ACI.
+Authentication of a specified type is not required.
+
+ ldapACI:subtree#grant;r,s,c#
+ OID.attr1#group:cn=Dept XYZ,c=US
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 27]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+The next example shows an ACI attribute where a role
+"cn=SysAdmins,o=Company" is being given permissions to add
+objects below this node and read, search, and compare
+attributes attr2 and attr3. The permission applies to the
+entire subtree below the node containing this ACI.
+
+ ldapACI: subtree#grant:a#
+ [entry]#role:cn=SysAdmins,o=Company
+
+ ldapACI: subtree#grant:r,s,c#
+ OID.attr2#role:cn=SysAdmins,o=Company
+
+ ldapACI: subtree#grant:r,s,c#
+ OID.attr3#role:cn=SysAdmins,o=Company
+
+
+8.2 Modifying the ldapACI Values
+
+Modify-Replace works as defined in the ldap operation
+modify. If the attribute value does not exist, create the
+value. If the attribute does exist, replace the value. If
+the ldapACI value is replaced, all ldapACI values are
+replaced.
+
+A given ldapACI for an entry:
+
+ ldapACI: subtree#deny:r,w#[all]#group:cn=Dept ABC
+
+ ldapACI: subtree#grant:r#OID.attr1#group:cn=Dept XYZ
+
+perform the following change:
+
+ dn: cn=someEntry
+ changetype: modify
+ replace: ldapACI
+ ldapACI: subtree#grant:r,w#[all]#group:cn=Dept LMN
+
+The resulting ACI is:
+
+ldapACI: subtree#grant:r,w#[all]#group:cn=Dept LMN
+
+( ldapACI values for Dept XYZ and ABC are lost through the
+replace )
+
+During an ldapmodify-add, if the ACI does not exist, the
+create the ACI with the specific ldapACI value(s). If the
+ACI does exist, then add the specified values to the given
+ldapACI. For example a given ACI:
+
+ldapACI: subtree#grant:r,w#[all]#group:cn=Dept XYZ
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 28]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+with a modification:
+
+ dn: cn=someEntry
+ changetype: modify
+ add: ldapACI
+ ldapACI: subtree#grant:r#OID.attr1#group:cn=Dept XYZ
+
+would yield an multi-valued ACI of:
+
+ ldapACI: subtree#grant:r,w#[all]#group:cn=Dept XYZ
+
+ ldapACI: subtree#grant:r#OID.attr1#group:cn=Dept XYZ
+
+To delete a particular ACI value, use the regular ldapmodify
+- delete syntax
+
+Given an ACI of:
+
+ ldapACI: subtree#grant:r,w#[all]#group:cn=Dept XYZ
+ ldapACI: subtree#grant:r#OID.attr1#group:cn=Dept XYZ
+
+ dn: cn = some Entry
+ changetype: modify
+ delete: ldapACI
+ ldapACI: subtree#grant:r#OID.attr1#group:cn=Dept XYZ
+
+would yield a remaining ACI on the server of
+
+ldapACI: subtree#grant:r,w#[all]#group:cn=Dept XYZ
+
+The attributes which are defined for access control
+interchange may be used in all LDAP operations.
+
+Within the ldapmodify-delete operation, the entire acl may
+be deleted by specifying
+
+ dn: cn = some Entry
+ changetype: modify
+ delete: ldapACI
+
+In this case, the entry would then inherit its ACI from some
+other node in the tree depending on the server inheritance
+model.
+
+Similarly, if all values of ldapACI are deleted, then the
+access control information for that entry is defined by that
+implementation's inheritance model.
+
+
+
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 29]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+8.3 Evaluation
+
+These examples assume that the ldapACI entries listed in
+each example are the only ACI which applies to the entry in
+question; if backing-store ACI also exists, the effective
+policy may be different from that listed in each example.
+See section 10 for a discussion of the semantics of ldapACI
+entries when backing-store ACI administration is also used.
+
+Assume cn=jsmith is a member of group cn=G1. Assume
+cn=jsmith is a member of group cn=G2.
+
+ Example #1
+ dn: o=XYZ, c=US
+ ldapACI: subtree#grant:r#attr1
+ #authzID-dn:cn=jsmith,ou=ABC,o=XYZ,c=US
+ ldapACI: subtree#grant:w#attr1
+ #group:cn=G1,ou=ABC,o=XYZ,c=US
+
+ What rights does cn=jsmith have to attr1 of o=XYZ,c=US?
+ Read (r) access; authzID is higher precedence than
+ group.
+
+
+ Example #2
+ dn: o=XYZ, c=US
+ ldapACI: subtree#grant:r#attr2
+ #group:cn=G1,ou=ABC,o=XYZ,c=US
+ ldapACI: subtree#grant:w#attr2
+ #group:cn=G2,ou=ABC,o=XYZ,c=US
+
+ What rights does cn=jsmith have to attr2 of o=XYZ,c=US?
+ Read-write (r,w) access; ACI is combined because both
+ subjects (group) have same precedence.
+
+
+ Example #3
+ dn: o=XYZ, c=US
+ ldapACI: subtree#grant:r,w#attr3
+ #group:cn=G1,ou=ABC,o=XYZ,c=US
+ ldapACI: subtree#deny:w#attr3#group:cn=G2,ou=ABC,o=XYZ,c=US
+
+ What rights does cn=jsmith have to attr3 of o=XYZ, c=US?
+ Read access; write is denied (deny has precedence over
+ grant).
+
+
+ Example #4
+ dn: o=XYZ, c=US
+ ldapACI: subtree#grant:w#attr4
+ #authzID-dn:cn=jsmith,ou=ABC,o=XYZ,c=US
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 30]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ ldapACI: subtree#grant:r#attr4#subtree:ou=ABC,ou=XYZ,c=US
+
+ What rights does cn=jsmith have to attr4 of o=XYZ, c=US?
+ Write (w); rights given to an authzID take precedence
+ over those given to a subtree.
+
+
+ Example #5
+ dn: o=XYZ, c=US
+ ldapACI: subtree#grant:m#OID.attr5
+ #authzID-dn:cn=jsmith,o=ABC,c=US
+ ldapACI: subtree#grant:m#OID.cn
+ #authzID-dn:cn=jsmith,o=ABC,c=US
+ ldapACI: subtree#grant:m#OID.sn
+ #authzID-dn:cn=jsmith,o=ABC,c=US
+ ldapACI: subtree#grant:a#[entry]
+ #authzID-dn:#cn=jsmith,o=ABC,c=US
+
+ What rights does cn=jsmith have to o=XYZ, c=US?
+ Make(m) on attributes attr5, cn, and sn and Add(a)
+ on the entry. These are the minimal yet sufficient
+ permissions to create a new object,
+ cn=New, o=XYZ, c=US with values for the attr5, cn,
+ and sn attributes. This example illustrates how the
+ "m" permission can be used to limit the attributes
+ that can be created on a new entry.
+
+ Example #6
+ dn: c=US
+ ldapACI: subtree#grant:m#[all]#subtree:c=US
+ dn: o=XYZ, c=US
+ ldapACI: subtree#grant:a#[entry]#
+ authzID-dn:cn=jsmith,o=ABC,c=US
+
+ What rights does cn=jsmith have to o=XYZ, c=US?
+ Make(m) on attributes all attributes and Add(a) on the
+ entry. These are sufficient permissions to create a new
+ object, cn=New, o=XYZ, c=US with values any desired
+ attributes. For administrators who do not wish to limit
+ the attributes that can be created on new entries, this
+ example shows how a single ldapACI at the top of the
+ domain solves the problem.
+
+
+
+9. Operational Semantics of Access Control Operations
+
+The semantics of access control operations described in this
+document are defined operationally in terms of "histories".
+A history is a sequence of actions (x1, x2, ..., xN).
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 31]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+9.1 Types of actions
+
+We consider five types of actions:
+
+ - LDAP Access Control Policy Update actions: invocations
+ of ldap modify when used to add, delete, or replace the
+ aci attribute; invocations of ldap add when used to add
+ an entry with an aci attribute. A LDAP Access Control
+ Policy Update action may replace the policy (by
+ completely replacing the aci attribute with new policy
+ information) or it may grant or deny specific rights
+ while leaving others unaffected.
+
+ - LDAP Access Control Policy Query operations:
+ invocations of ldap search when used to retrieve the
+ aci attribute; invocations of ldap search with the
+ getEffectiveRightsRequest control; invocations of the
+ ldapGetEffectiveRightsRequest extended operation.
+
+ - Datastore Access Control Policy Update Actions: any
+ operation implemented by the server which LDAP is using
+ as its datastore which changes the access policy
+ enforced with respect to attempts to access LDAP
+ directory entries and their attributes.
+
+ - LDAP Access Request operations: invocations of LDAP
+ entry or attribute access operations (Read, Update,
+ Search, Compare, etc...).
+
+ - Other operations: anything else, including Datastore
+ operations which do not change the access policy
+ enforced by the server.
+
+
+9.2 Semantics of Histories
+
+The semantics of histories are defined as follows:
+
+ - LDAP Update (Replace), LDAP Query
+
+ The Query will show that the subject has all rights
+ granted by the Update operation, and no rights not
+ granted by the Update operation.
+
+ - LDAP Update (Grant), LDAP Query
+
+ The Query will show that the subject has all rights
+ granted by the Update operation. The Query may show
+ that the subject also has other rights not granted by
+ the Update operation, depending on the policy in force
+ before the Update operation.
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 32]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ - LDAP Update (Deny), LDAP Query
+
+ The Query will show that the subject does not have any
+ right denied by the Update operation. The Query may
+ show that the subject has rights not denied by the
+ Update operation, depending on the policy in force
+ before the Update operation.
+
+ - LDAP Update (Replace), LDAP Access Request
+
+ The Request will succeed if it requires only rights
+ granted to the requesting subject by the Update
+ operation. The Request will fail if it requires any
+ right not granted by the Update operation.
+
+ - LDAP Update (Grant), LDAP Access Request
+
+ The Request will succeed if it requires only rights
+ granted to the requesting subject by the Update
+ operation. The Request may succeed if it requires
+ rights not granted by the Update operation, depending
+ on the policy in force before the Update operation.
+
+ - LDAP Update (Deny), LDAP Access Request
+
+ The Request will fail if it requires any right denied
+ to the requesting subject by the Update operation. If
+ the Request requires only rights which were not denied
+ by the Update operation, it may succeed, depending on
+ the policy in force before the Update operation.
+
+ - LDAP Update (Replace), Other, LDAP Query
+
+ The Query will show that the subject has all rights
+ granted by the Update operation, and no rights not
+ granted by the Update operation.
+
+ - LDAP Update (Grant), Other, LDAP Query
+
+ The Query will show that the subject has all rights
+ granted by the Update operation. The Query may show
+ that the subject also has other rights not granted by
+ the Update operation, depending on the policy in force
+ before the Update operation.
+
+ - LDAP Update (Deny), Other, LDAP Query
+
+ The Query will show that the subject does not have any
+ right denied by the Update operation. The Query may
+ show that the subject has rights not denied by the
+ Update operation, depending on the policy in force
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 33]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ before the Update operation.
+
+ - LDAP Update (Replace), Other, LDAP Access Request
+
+ The Request will succeed if it requires only rights
+ granted to the requesting subject by the Update
+ operation. The Request will fail if it requires any
+ right not granted by the Update operation.
+
+ - LDAP Update (Grant), Other, LDAP Access Request
+
+ The Request will succeed if it requires only rights
+ granted to the requesting subject by the Update
+ operation. The Request may succeed if it requires
+ rights not granted by the Update operation, depending
+ on the policy in force before the Update operation.
+
+ - LDAP Update (Deny), Other, LDAP Access Request
+
+ The Request will fail if it requires any right denied
+ to the requesting subject by the Update operation. If
+ the Request requires only rights which were not denied
+ by the Update operation, it may succeed, depending on
+ the policy in force before the Update operation.
+
+ - LDAP Update (Replace), Datastore Policy Update, LDAP
+ Query
+
+ The result of the Query is not defined.
+
+ - LDAP Update (Grant), Datastore Policy Update, LDAP
+ Query
+
+ The result of the Query is not defined.
+
+ - LDAP Update (Deny), Datastore Policy Update, LDAP Query
+
+ The result of the Query is not defined.
+
+ - LDAP Update (Replace), Datastore Policy Update, LDAP
+ Access Request
+
+ The result of the Access Request is not defined.
+
+ - LDAP Update (Grant), Datastore Policy Update, LDAP
+ Access Request
+
+ The result of the Access Request is not defined.
+
+ - LDAP Update (Deny), Datastore Policy Update, LDAP
+ Access Request
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 34]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ The result of the Access Request is not defined.
+
+
+
+10. Access Control Parameters for LDAP Controls & Extended
+Operations
+
+This section defines the parameters used in the access
+control LDAP controls and extended operations in this
+document.
+
+targetDN specifies the initial directory entry in DN syntax
+on which the control or extended operation is performed.
+
+whichObject specifies whether the access control information
+(in the get effective rights control) which is retrieved is
+for the target directory entry (ENTRY) or the target
+directory entry and its subtree (SUBTREE).
+
+rights in the get effective rights control or extended
+operation response is of the form specified in the BNF for
+<rights>.
+
+subject is a LDAP string that defines the subject. Access
+control is get/set on a subject. The syntax of the subject
+is the same as the subject field in the BNF.
+
+
+
+11. Access Control Information (ACI) Controls
+
+The access control information controls provide a way to
+manipulate access control information in conjunction with a
+LDAP operation. One LDAP control is defined. This control
+allows access control information to be retrieved while
+manipulating other directory information for that entry.
+The control is:
+
+ - getEffectiveRights to obtain the effective rights for a
+ given directory entry(s) for a given subject during a
+ ldap_search operation
+
+11.1 getEffectiveRights Control
+
+
+11.1.1 Request Control
+
+This control may only be included in the ldap_search
+message as part of the controls field of the
+LDAPMessage, as defined in Section 4.1.12 of [LDAPv3].
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 35]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+The controlType is set to <OID to be assigned>. The
+criticality MAY be either TRUE or FALSE (where absent is
+also equivalent to FALSE) at the client's option. The
+controlValue is an OCTET STRING, whose value is the BER
+encoding of a value of the following SEQUENCE:
+
+ getEffectiveRightsRequest ::= SEQUENCE {
+ effectiveRightsRequest SEQUENCE OF SEQUENCE {
+ whichObject ENUMERATED {
+ LDAP_ENTRY (1),
+ LDAP_SUBTREE (2)
+ },
+ subject <see <subject > in BNF> | "*"
+ }
+ }
+
+The effectiveRightsRequest is a set of sequences that state
+the whichObject (entry or entry plus subtree) and specifics
+of the control request to be performed. A "*" in the subject
+field specifies that all DN types are to be used in
+returning the effective rights. This control is applied to
+the filter and scope set by the ldap_search operation, i.e.
+base, one-level, subtree. So the attributes/values returned
+are defined by the ldap_search operation.
+
+11.1.2 Response Control
+
+This control is included in the ldap_search_response message
+as part of the controls field of the LDAPMessage, as defined
+in Section 4.1.12 of [LDAPv3].
+
+The controlType is set to <OID to be assigned>. There is no
+need to set the criticality on the response. The
+controlValue is an OCTET STRING, whose value is the BER
+encoding of a value of the following SEQUENCE:
+
+ getEffectiveRightsResponse ::= {
+ result ENUMERATED {
+ success (0),
+ operationsError (1),
+ unavailableCriticalExtension (12),
+ noSuchAttribute (16),
+ undefinedAttributeType (17),
+ invalidAttributeSyntax (21),
+ insufficientRights (50),
+ unavailable (52),
+ unwillingToPerform (53),
+ other (80)
+ }
+ }
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 36]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+The effective rights returned are returned with each entry
+returned by the search result. The control response for
+ldap_search is:
+
+ PartialEffectiveRightsList ::= SEQUENCE OF SEQUENCE {
+ rights <see <rights> in BNF>,
+ whichObject ENUMERATED {
+ LDAP_ENTRY (1),
+ LDAP_SUBTREE (2)
+ },
+ subject < see <subject> in BNF >
+ }
+
+Although this extends the search operation, there are no
+incompatibilities between versions. LDAPv2 cannot send a
+control, hence the above structure cannot be returned to a
+LDAPv2 client. A LDAPv3 client cannot send this request to
+a LDAPv2 server. A LDAPv3 server not supporting this
+control cannot return the additional data.
+
+11.1.3 Client-Server Interaction
+
+The getEffectiveRightsRequest control requests the rights
+that MUST be in effect for requested directory
+entry/attribute based on the subject DN. The server that
+consumes the search operation looks up the rights for the
+returned directory information based on the subject DN and
+returns that rights information.
+
+There are six possible scenarios that may occur as a result
+of the getEffectiveRights control being included on the
+search request:
+
+
+ 1. If the server does not support this control and the
+ client specified TRUE for the control's criticality
+ field, then the server MUST return
+ unavailableCriticalExtension as a return code in the
+ searchResponse message and not send back any other
+ results. This behavior is specified in section 4.1.12
+ of [LDAPv3].
+
+ 2. If the server does not support this control and the
+ client specified FALSE for the control's criticality
+ field, then the server MUST ignore the control and
+ process the request as if it were not present. This
+ behavior is specified in section 4.1.12 of [LDAPv3].
+
+ 3. If the server supports this control but for some
+ reason such as cannot process specified family and the
+ client specified TRUE for the control's criticality
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 37]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ field, then the server SHOULD do the following: return
+ unavailableCriticalExtension as a return code in the
+ searchResult message.
+
+ 4. If the server supports this control but for some
+ reason such as cannot process specified family and the
+ client specified FALSE for the control's criticality
+ field, then the server should process as 'no rights
+ returned for that family' and include the result
+ Unavailable in the getEffectiveRightsResponse control
+ in the searchResult message.
+
+ 5. If the server supports this control and can return the
+ rights per the family information, then it should
+ include the getEffectiveRightsResponse control in the
+ searchResult message with a result of success.
+
+ 6. If the search request failed for any other reason,
+ then the server SHOULD omit the
+ getEffectiveRightsResponse control from the
+ searchResult message.
+
+The client application is assured that the correct rights
+are returned for scope of the search operation if and only
+if the getEffectiveRightsResponse control returns the
+rights. If the server omits the getEffectiveRightsResponse
+control from the searchResult message, the client SHOULD
+assume that the control was ignored by the server.
+
+The getEffectiveRightsResponse control, if included by the
+server in the searchResponse message, should have the
+getEffectiveRightsResult set to either success if the rights
+are returned or set to the appropriate error code as to why
+the rights could not be returned.
+
+The server may not be able to return a right because it may
+not exist in that directory object's attribute; in this
+case, the rights request is ignored with success.
+
+
+12. Access Control Extended Operation
+
+An extended operation, get effective rights, is defined to
+obtain the effective rights for a given directory entry for
+a given subject. This operation may help with the
+management of access control information independent of
+manipulating other directory information.
+
+
+
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 38]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+12.1 LDAP Get Effective Rights Operation
+
+ldapGetEffectiveRightsRequest ::= [APPLICATION 23] SEQUENCE
+{
+ requestName [0] <OID to be assigned>,
+ requestValue [1] OCTET STRING OPTIONAL }
+
+ where
+
+ requestValue ::= SEQUENCE {
+ targetDN LDAPDN,
+ updates SEQUENCE OF SEQUENCE {
+ whichObject ENUMERATED {
+ LDAP_ENTRY (1),
+ LDAP_SUBTREE (2)
+ },
+ attr SEQUENCE {
+ attr <see <attr> in BNF >
+ },
+ subject < see <subject> in BNF > | "*"
+ }
+ }
+
+
+The requestName is a dotted-decimal representation of the
+OBJECT IDENTIFIER corresponding to the request. The
+requestValue is information in a form defined by that
+request, encapsulated inside an OCTET STRING.
+
+The server will respond to this with an LDAPMessage
+containing the ExtendedResponse which is a rights list.
+
+ldapGetEffectiveRightsResponse ::= [APPLICATION 24] SEQUENCE
+{
+ COMPONENTS OF LDAPResult,
+ responseName [10] <OID to be assigned> OPTIONAL,
+ effectiveRights [11] OCTET STRING OPTIONAL }
+
+ where
+
+ effectiveRights ::= SEQUENCE OF SEQUENCE {
+ rights <see <rights> in BNF>,
+ whichObject ENUMERATED {
+ LDAP_ENTRY (1),
+ LDAP_SUBTREE (2)
+ },
+ subject < see <subject> in BNF >
+ }
+
+If the server does not recognize the request name, it MUST
+return only the response fields from LDAPResult, containing
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 39]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+the protocolError result code.
+
+
+
+13. Security Considerations
+
+This document proposes protocol elements for transmission of
+security policy information. Security considerations are
+discussed throughout this draft. Because subject security
+attribute information is used to evaluate decision requests,
+it is security-sensitive information and must be protected
+against unauthorized modification whenever it is stored or
+transmitted.
+
+Interaction of access control with other directory functions
+(other than the ones defined in this document) are not
+defined in this document, but instead in the documents where
+those directory functions are defined. For example, the
+directory replication documents should address the
+interaction of access control with the replication function.
+
+
+
+14. References
+
+[LDAPv3] M. Wahl, T. Howes, S. Kille, "Lightweight Directory
+Access Protocol (v3)", RFC 2251, December 1997.
+
+[ECMA] ECMA, "Security in Open Systems: A Security
+Framework" ECMA TR/46, July 1988.
+
+[REQTS] Stokes, Byrne, Blakley, "Access Control Requirements
+for LDAP", RFC 2820, May 2000.
+
+[ATTR] M.Wahl, A, Coulbeck, T. Howes, S. Kille, "Lightweight
+Directory Access Protocol (v3)": Attribute Syntax
+Definitions, RFC 2252, December 1997.
+
+[UTF] M. Wahl, S. Kille, "Lightweight Directory Access
+Protocol (v3)": A UTF-8 String Representation of
+Distinguished Names", RFC 2253, December 1997.
+
+[Bradner97] Bradner, Scott, "Key Words for use in RFCs to
+Indicate Requirement Levels", RFC 2119.
+
+[AuthMeth] Wahl, M., Alvestrand, H., Hodges, J. and R.
+Morgan, "Authentication Methods for LDAP", RFC 2829, May
+2000.
+
+[ABNF] D. Crocker, P. Overell, "Augmented BNF for Syntax
+Specifications: ABNF", RFC 2234, November 1997.
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 40]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+ACKNOWLEDGEMENT
+
+This is to acknowledge the numerous companies and individuals who have
+contributed their valuable help and insights to the development of this
+specification.
+
+
+AUTHOR(S) ADDRESS
+
+ Ellen Stokes Bob Blakley
+ Tivoli Systems Tivoli Systems
+ 6300 Bridgepoint Parkway 6300 Bridgepoint Parkway
+ Austin, TX 78731 Austin, TX 78731
+ USA USA
+ mail-to: estokes at tivoli.com mail-to: blakley at tivoli.com
+ phone: +1 512 436 9098 phone: +1 512 436 1564
+ fax: +1 512 436 1199 fax: +1 512 436 1199
+
+
+ Debbie Rinkevich Robert Byrne
+ IBM Sun Microsystems
+ 11400 Burnet Rd 29 Chemin du Vieux Chene
+ Austin, TX 78758 Meylan ZIRST 38240
+ USA France
+ mail-to: djbrink at us.ibm.com mail-to: rbyrne at france.sun.com
+ phone: +1 512 838 1960 phone: +33 (0)4 76 41 42 05
+ fax: +1 512 838 8597
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 41]
+�
+
+
+
+
+Internet-Draft Access Control Model 14 July 2000
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Stokes, et al Expires 14 January 2001 [Page 42]
+�
+
+
+
+
+
+
+
+
+ CONTENTS
+
+
+ 1. Introduction....................................... 2
+
+ 2. The LDAPv3 Access Control Model.................... 2
+
+ 3. Access Control Mechanism Attributes................ 5
+ 3.1 Root DSE Attribute for Access Control
+ Mechanism.................................... 5
+ 3.2 Root DSE Attribute for Control of Disclosing
+ Errors....................................... 5
+ 3.3 Subentry Class Access Control Mechanism...... 6
+
+ 4. The Access Control Information Attribute
+ (ldapACI).......................................... 7
+ 4.1 The BNF...................................... 8
+ 4.1.1 ACI String Representation 8
+ 4.1.2 ACI Binary Representation 10
+ 4.2 The Components of ldapACI Attribute.......... 11
+ 4.2.1 Scope 11
+ 4.2.2 Access Rights and Permissions 11
+ 4.2.3 Attributes 14
+ 4.2.4 Subjects and Associated
+ Authentication 15
+ 4.3 Grant/Deny Evaluation Rules.................. 15
+
+ 5. Required Permissions for each LDAP Operation....... 17
+ 5.1 Bind Operation............................... 18
+ 5.2 Search Operation............................. 18
+ 5.3 Modify Operation............................. 21
+ 5.4 Add Operation................................ 22
+ 5.5 Delete Operation............................. 23
+ 5.6 Modify DN Operation.......................... 23
+ 5.7 Compare Operation............................ 24
+ 5.8 Abandon Operation............................ 25
+ 5.9 Extended Operation........................... 25
+
+ 6. Required Permissions for Handling Aliases and
+ References......................................... 25
+ 6.1 ACI Distribution............................. 25
+ 6.2 Aliases...................................... 26
+ 6.3 Referrals.................................... 26
+
+ 7. Controlling Access to Access Control
+ Information........................................ 27
+
+ 8. ACI Examples....................................... 27
+ 8.1 Attribute Definition......................... 27
+ 8.2 Modifying the ldapACI Values................. 28
+ 8.3 Evaluation................................... 30
+
+
+
+ - i -
+
+
+
+
+
+
+
+
+
+
+
+ 9. Operational Semantics of Access Control
+ Operations......................................... 31
+ 9.1 Types of actions............................. 32
+ 9.2 Semantics of Histories....................... 32
+
+10. Access Control Parameters for LDAP Controls &
+ Extended Operations................................ 35
+
+11. Access Control Information (ACI) Controls.......... 35
+ 11.1 getEffectiveRights Control................... 35
+ 11.1.1 Request Control 35
+ 11.1.2 Response Control 36
+ 11.1.3 Client-Server Interaction 37
+
+12. Access Control Extended Operation.................. 38
+ 12.1 LDAP Get Effective Rights Operation.......... 39
+
+13. Security Considerations............................ 40
+
+14. References......................................... 40
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ - ii -
+
+
+
+
+
+
+
+
+
+
+
+Full Copyright Statement
+
+Copyright (C) The Internet Society (2000).á All Rights
+Reserved.
+
+This document and translations of it may be copied and
+furnished to others, and derivative works that comment on or
+otherwise explain it or assist in its implementation may be
+prepared, copied, published and distributed, in whole or in
+part, without restriction of any kind, provided that the
+above copyright notice and this paragraph are included on
+all such copies and derivative works.á However, this
+document itself may not be modified in any way, such as by
+removing the copyright notice or references to the Internet
+Society or other Internet organizations, except as needed
+for the purpose of developing Internet standards in which
+case the procedures for copyrights defined in the Internet
+Standards process must be followed, or as required to
+translate it into languages other than English.
+
+The limited permissions granted above are perpetual and will
+not be revoked by the Internet Society or its successors or
+assigns.
+
+This document and the information contained herein is
+provided on an "AS IS" basis and THE INTERNET SOCIETY AND
+THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL
+WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
+INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ - iii -
+
+
+
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,4647 @@
+
+
+Network Working Group M. Smith, Editor
+INTERNET-DRAFT Netscape Communications Corp.
+Intended Category: Standards Track T. Howes
+Obsoletes: RFC 1823 Loudcloud, Inc.
+Expires: May 2001 A. Herron
+ Microsoft Corp.
+ M. Wahl
+ Sun Microsystems, Inc.
+ A. Anantha
+ Microsoft Corp.
+
+
+ 17 November 2000
+
+ The C LDAP Application Program Interface
+ <draft-ietf-ldapext-ldap-c-api-05.txt>
+
+
+1. Status of this Memo
+
+This document is an Internet-Draft and is in full conformance with all
+provisions of Section 10 of RFC2026. Internet-Drafts are working docu-
+ments of the Internet Engineering Task Force (IETF), its areas, and its
+working groups. Note that other groups may also distribute working
+documents as Internet-Drafts.
+
+Internet-Drafts are draft documents valid for a maximum of six months
+and may be updated, replaced, or obsoleted by other documents at any
+time. It is inappropriate to use Internet-Drafts as reference material
+or to cite them other than as "work in progress."
+
+The list of current Internet-Drafts can be accessed at
+http://www.ietf.org/ietf/1id-abstracts.txt.
+
+The list of Internet-Draft Shadow Directories can be accessed at
+http://www.ietf.org/shadow.html.
+
+This draft document will be submitted to the RFC Editor as a Standards
+Track document. Distribution of this memo is unlimited. Technical dis-
+cussion of this document will take place on the IETF LDAP Extension
+Working Group mailing list <ietf-ldapext at netscape.com>. Please send
+editorial comments directly to the authors.
+
+Copyright (C) The Internet Society (1997-1999). All Rights Reserved.
+
+Please see the Copyright section near the end of this document for more
+information.
+
+
+
+
+Expires: May 2001 [Page 1]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+2. Introduction
+
+This document defines a C language application program interface (API)
+to the Lightweight Directory Access Protocol (LDAP). This document
+replaces the previous definition of this API, defined in RFC 1823,
+updating it to include support for features found in version 3 of the
+LDAP protocol. New extended operation functions were added to support
+LDAPv3 features such as controls. In addition, other LDAP API changes
+were made to support information hiding and thread safety.
+
+The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+document are to be interpreted as described in RFC 2119[1].
+
+The C LDAP API is designed to be powerful, yet simple to use. It defines
+compatible synchronous and asynchronous interfaces to LDAP to suit a
+wide variety of applications. This document gives a brief overview of
+the LDAP model, then an overview of how the API is used by an applica-
+tion program to obtain LDAP information. The API calls are described in
+detail, followed by appendices that provide example code demonstrating
+use of the API, the namespace consumed by the API, a summary of require-
+ments for API extensions, known incompatibilities with RFC 1823, and a
+list of changes made since the last revision of this document.
+
+
+3. Table of Contents
+
+1. Status of this Memo............................................1
+2. Introduction...................................................2
+3. Table of Contents..............................................2
+4. Overview of the LDAP Model.....................................4
+5. Overview of LDAP API Use and General Requirements..............4
+6. Header Requirements............................................6
+7. Common Data Structures and Types...............................7
+8. Memory Handling Overview.......................................9
+9. Retrieving Information About the API Implementation............9
+9.1. Retrieving Information at Compile Time......................10
+9.2. Retrieving Information During Execution.....................11
+10. Result Codes...................................................14
+11. Performing LDAP Operations.....................................16
+11.1. Initializing an LDAP Session................................16
+11.2. LDAP Session Handle Options.................................17
+11.3. Working With Controls.......................................23
+11.3.1. A Client Control That Governs Referral Processing........24
+11.4. Authenticating to the directory.............................25
+11.5. Closing the session.........................................27
+11.6. Searching...................................................28
+11.7. Reading an Entry............................................32
+
+
+
+Expires: May 2001 [Page 2]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+
+11.8. Listing the Children of an Entry............................32
+11.9. Comparing a Value Against an Entry..........................33
+11.10. Modifying an entry..........................................35
+11.11. Modifying the Name of an Entry..............................37
+11.12. Adding an entry.............................................39
+11.13. Deleting an entry...........................................41
+11.14. Extended Operations.........................................43
+12. Abandoning An Operation........................................44
+13. Obtaining Results and Peeking Inside LDAP Messages.............45
+14. Handling Errors and Parsing Results............................47
+15. Stepping Through a List of Results.............................51
+16. Parsing Search Results.........................................51
+16.1. Stepping Through a List of Entries or References............52
+16.2. Stepping Through the Attributes of an Entry.................53
+16.3. Retrieving the Values of an Attribute.......................54
+16.4. Retrieving the name of an entry.............................55
+16.5. Retrieving controls from an entry...........................56
+16.6. Parsing References..........................................57
+17. Encoded ASN.1 Value Manipulation...............................58
+17.1. BER Data Structures and Types...............................58
+17.2. Memory Disposal and Utility Functions.......................60
+17.3. Encoding....................................................60
+17.4. Encoding Example............................................63
+17.5. Decoding....................................................64
+17.6. Decoding Example............................................67
+18. Security Considerations........................................70
+19. Acknowledgements...............................................70
+20. Copyright......................................................70
+21. Bibliography...................................................71
+22. Authors' Addresses.............................................72
+23. Appendix A - Sample C LDAP API Code............................73
+24. Appendix B - Namespace Consumed By This Specification..........74
+25. Appendix C - Summary of Requirements for API Extensions........75
+25.1. Compatibility...............................................75
+25.2. Style.......................................................75
+25.3. Dependence on Externally Defined Types......................75
+25.4. Compile Time Information....................................76
+25.5. Runtime Information.........................................76
+25.6. Values Used for Session Handle Options......................76
+26. Appendix D - Known Incompatibilities with RFC 1823.............76
+26.1. Opaque LDAP Structure.......................................76
+26.2. Additional Result Codes.....................................77
+26.3. Freeing of String Data with ldap_memfree()..................77
+26.4. Changes to ldap_result()....................................77
+26.5. Changes to ldap_first_attribute() and ldap_next_attribute...77
+26.6. Changes to ldap_modrdn() and ldap_modrdn_s() Functions......78
+26.7. Changes to the berval structure.............................78
+26.8. API Specification Clarified.................................78
+
+
+Expires: May 2001 [Page 3]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+26.9. Deprecated Functions........................................78
+27. Appendix E - Data Types and Legacy Implementations.............79
+28. Appendix F - Changes Made Since Last Document Revision.........80
+28.1. API Changes.................................................80
+28.2. Editorial Changes and Clarifications........................81
+
+
+4. Overview of the LDAP Model
+
+LDAP is the lightweight directory access protocol, described in [2] and
+[3]. It can provide a lightweight frontend to the X.500 directory [4],
+or a stand-alone service. In either mode, LDAP is based on a client-
+server model in which a client makes a TCP connection to an LDAP server,
+over which it sends requests and receives responses.
+
+The LDAP information model is based on the entry, which contains infor-
+mation about some object (e.g., a person). Entries are composed of
+attributes, which have a type and one or more values. Each attribute has
+a syntax that determines what kinds of values are allowed in the attri-
+bute (e.g., ASCII characters, a jpeg photograph, etc.) and how those
+values behave during directory operations (e.g., is case significant
+during comparisons).
+
+Entries may be organized in a tree structure, usually based on politi-
+cal, geographical, and organizational boundaries. Each entry is uniquely
+named relative to its sibling entries by its relative distinguished name
+(RDN) consisting of one or more distinguished attribute values from the
+entry. At most one value from each attribute may be used in the RDN.
+For example, the entry for the person Babs Jensen might be named with
+the "Barbara Jensen" value from the commonName attribute.
+
+A globally unique name for an entry, called a distinguished name or DN,
+is constructed by concatenating the sequence of RDNs from the entry up
+to the root of the tree. For example, if Babs worked for the University
+of Michigan, the DN of her U-M entry might be "cn=Barbara Jensen,
+o=University of Michigan, c=US". The DN format used by LDAP is defined
+in [5].
+
+Operations are provided to authenticate, search for and retrieve infor-
+mation, modify information, and add and delete entries from the tree.
+The next sections give an overview of how the API is used and detailed
+descriptions of the LDAP API calls that implement all of these func-
+tions.
+
+
+5. Overview of LDAP API Use and General Requirements
+
+An application generally uses the C LDAP API in four simple steps.
+
+
+
+Expires: May 2001 [Page 4]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ 1. Initialize an LDAP session with a primary LDAP server. The
+ ldap_init() function returns a handle to the session, allowing
+ multiple connections to be open at once.
+
+ 2. Authenticate to the LDAP server. The ldap_sasl_bind() function
+ and friends support a variety of authentication methods.
+
+ 3. Perform some LDAP operations and obtain some results.
+ ldap_search() and friends return results which can be parsed by
+ ldap_parse_result(), ldap_first_entry(), ldap_next_entry(), etc.
+
+ 4. Close the session. The ldap_unbind() function closes the connec-
+ tion.
+
+Operations can be performed either synchronously or asynchronously. The
+names of the synchronous functions end in _s. For example, a synchronous
+search can be completed by calling ldap_search_s(). An asynchronous
+search can be initiated by calling ldap_search(). All synchronous rou-
+tines return an indication of the outcome of the operation (e.g, the
+constant LDAP_SUCCESS or some other result code). The asynchronous rou-
+tines make available to the caller the message id of the operation ini-
+tiated. This id can be used in subsequent calls to ldap_result() to
+obtain the result(s) of the operation. An asynchronous operation can be
+abandoned by calling ldap_abandon() or ldap_abandon_ext(). Note that
+there is no requirement that an LDAP API implementation not block when
+handling asynchronous API functions; the term "asynchronous" as used in
+this document refers to the fact that the sending of LDAP requests can
+be separated from the receiving of LDAP responses.
+
+Results and errors are returned in an opaque structure called LDAPMes-
+sage. Routines are provided to parse this structure, step through
+entries and attributes returned, etc. Routines are also provided to
+interpret errors. Later sections of this document describe these rou-
+tines in more detail.
+
+LDAP version 3 servers can return referrals and references to other
+servers. By default, implementations of this API will attempt to follow
+referrals automatically for the application. This behavior can be dis-
+abled globally (using the ldap_set_option() call) or on a per-request
+basis through the use of a client control.
+
+All DN and string attribute values passed into or produced by this C
+LDAP API are represented using the character set of the underlying LDAP
+protocol version in use. When this API is used with LDAPv3, DN and
+string values are represented as UTF-8[6] characters. When this API is
+used with LDAPv2, the US-ASCII[7] or T.61[7] character set are used.
+Future documents MAY specify additional APIs supporting other character
+sets.
+
+
+
+Expires: May 2001 [Page 5]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+For compatibility with existing applications, implementations of this
+API will by default use version 2 of the LDAP protocol. Applications
+that intend to take advantage of LDAP version 3 features will need to
+use the ldap_set_option() call with a LDAP_OPT_PROTOCOL_VERSION to
+switch to version 3.
+
+Unless otherwise indicated, conformant implementations of this specifi-
+cation MUST implement all of the C LDAP API functions as described in
+this document, and they MUST use the function prototypes, macro defini-
+tions, and types defined in this document.
+
+Note that this API is designed for use in environments where the 'int'
+type is at least 32 bits in size.
+
+
+6. Header Requirements
+
+To promote portability of applications, the following requirements are
+imposed on the headers used by applications to access the services of
+this API:
+
+Name and Inclusion
+ Applications only need to include a single header named ldap.h
+ to access all of the API services described in this document.
+ Therefore, the following C source program MUST compile and exe-
+ cute without errors:
+
+ #include <ldap.h>
+
+ int
+ main()
+ {
+ return 0;
+ }
+
+ The ldap.h header MAY include other implementation-specific
+ headers.
+
+Implementations SHOULD also provide a header named lber.h to facilitate
+development of applications desiring compatibility with older LDAP
+implementations. The lber.h header MAY be empty. Old applications that
+include lber.h in order to use BER facilities will need to include
+ldap.h.
+
+
+Idempotence
+ All headers SHOULD be idempotent; that is, if they are included
+ more than once the effect is as if they had only been included
+
+
+
+Expires: May 2001 [Page 6]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ once.
+
+Must Be Included Before API Is Used
+ An application MUST include the ldap.h header before referencing
+ any of the function or type definitions described in this API
+ specification.
+
+Mutual Independence
+ Headers SHOULD be mutually independent with minimal dependence
+ on system or any other headers.
+
+Use of the 'const' Keyword
+ This API specification is defined in terms of ISO C[8]. It
+ makes use of function prototypes and the 'const' keyword. The
+ use of 'const' in this specification is limited to simple, non-
+ array function parameters to avoid forcing applications to
+ declare parameters and variables that accept return values from
+ LDAP API functions as 'const.' Implementations specifically
+ designed to be used with non-ISO C translators SHOULD provide
+ function declarations without prototypes or function prototypes
+ without specification of 'const' arguments.
+
+Definition of 'struct timeval'
+ This API specification uses the 'struct timeval' type. Imple-
+ mentations of this API MUST ensure that the struct timeval type
+ is by default defined as a consequence of including the ldap.h
+ header. Because struct timeval is usually defined in one or
+ more system headers, it is possible for header conflicts to
+ occur if ldap.h also defines it or arranges for it to be defined
+ by including another header. Therefore, applications MAY want
+ to arrange for struct timeval to be defined before they include
+ ldap.h. To support this, the ldap.h header MUST NOT itself
+ define struct timeval if the preprocessor symbol
+ LDAP_TYPE_TIMEVAL_DEFINED is defined before ldap.h is included.
+
+
+7. Common Data Structures and Types
+
+Data structures and types that are common to several LDAP API functions
+are defined here:
+
+ typedef struct ldap LDAP;
+
+ typedef struct ldapmsg LDAPMessage;
+
+ typedef struct berelement BerElement;
+
+ typedef <impl_len_t> ber_len_t;
+
+
+
+Expires: May 2001 [Page 7]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ typedef struct berval {
+ ber_len_t bv_len;
+ char *bv_val;
+ } BerValue;
+
+ struct timeval {
+ <impl_sec_t> tv_sec;
+ <impl_usec_t> tv_usec;
+ };
+
+The LDAP structure is an opaque data type that represents an LDAP ses-
+sion Typically this corresponds to a connection to a single server, but
+it MAY encompass several server connections in the face of LDAPv3 refer-
+rals.
+
+The LDAPMessage structure is an opaque data type that is used to return
+entry, reference, result, and error information. An LDAPMessage struc-
+ture can represent the beginning of a list, or chain of messages that
+consists of a series of entries, references, and result messages as
+returned by LDAP operations such as search. LDAP API functions such as
+ldap_parse_result() that operate on message chains that can contain more
+than one result message always operate on the first result message in
+the chain. See the "Obtaining Results and Peeking Inside LDAP Messages"
+section of this document for more information.
+
+The BerElement structure is an opaque data type that is used to hold
+data and state information about encoded data. It is described in more
+detail in the section "Encoded ASN.1 Value Manipulation" later in this
+document.
+
+The `ber_len_t' type is an unsigned integral data type that is large
+enough to contain the length of the largest piece of data supported by
+the API implementation. The `<impl_len_t>' in the `ber_len_t' typedef
+MUST be replaced with an appropriate type. The width (number of signi-
+ficant bits) of `ber_len_t' MUST be at least 32 and no larger than that
+of `unsigned long'. See the appendix "Data Types and Legacy Implementa-
+tions" for additional considerations.
+
+The BerValue structure is used to represent arbitrary binary data and
+its fields have the following meanings:
+
+bv_len Length of data in bytes.
+
+bv_val A pointer to the data itself.
+
+
+The timeval structure is used to represent an interval of time and its
+fields have the following meanings:
+
+
+
+Expires: May 2001 [Page 8]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+tv_sec Seconds component of time interval.
+
+tv_usec Microseconds component of time interval.
+
+Note that because the struct timeval definition typically is derived
+from a system header, the types used for the tv_sec and tv_usec com-
+ponents are implementation-specific integral types. Therefore,
+`<impl_sec_t>' and `<impl_usec_t>' in the struct timeval definition MUST
+be replaced with appropriate types. See the earlier section "Header
+Requirements" for more information on struct timeval.
+
+
+8. Memory Handling Overview
+
+All memory that is allocated by a function in this C LDAP API and
+returned to the caller SHOULD be disposed of by calling the appropriate
+"free" function provided by this API. The correct "free" function to
+call is documented in each section of this document where a function
+that allocates memory is described.
+
+Memory that is allocated through means outside of the C LDAP API MUST
+NOT be disposed of using a function provided by this API.
+
+If a pointer value passed to one of the C LDAP API "free" functions is
+NULL, graceful failure (i.e, ignoring of the NULL pointer) MUST occur.
+
+The complete list of "free" functions that are used to dispose of allo-
+cated memory is:
+
+ ber_bvecfree()
+ ber_bvfree()
+ ber_free()
+ ldap_control_free()
+ ldap_controls_free()
+ ldap_memfree()
+ ldap_msgfree()
+ ldap_value_free()
+ ldap_value_free_len()
+
+
+9. Retrieving Information About the API Implementation
+
+Applications developed to this specification need to be able to deter-
+mine information about the particular API implementation they are using
+both at compile time and during execution.
+
+
+
+
+
+
+Expires: May 2001 [Page 9]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+9.1. Retrieving Information at Compile Time
+
+All conformant implementations MUST include the following five defini-
+tions in a header so compile time tests can be done by LDAP software
+developers:
+
+ #define LDAP_API_VERSION level
+ #define LDAP_VERSION_MIN min-version
+ #define LDAP_VERSION_MAX max-version
+ #define LDAP_VENDOR_NAME "vend-name"
+ #define LDAP_VENDOR_VERSION vend-version
+
+where:
+
+ "level" is replaced with the RFC number given to this C LDAP API
+ specification when it is published as a standards track RFC.
+
+ min-version is replaced with the lowest LDAP protocol version sup-
+ ported by the implementation.
+
+ max-version is replaced with the highest LDAP protocol version sup-
+ ported by the implementation. This SHOULD be 3.
+
+ "vend-name" is replaced with a text string that identifies the
+ party that supplies the API implementation.
+
+ "vend-version" is a supplier-specific version number multiplied
+ times 100.
+
+Note that the LDAP_VENDOR_NAME macro SHOULD be defined as "" if no ven-
+dor name is available and the LDAP_VENDOR_VERSION macro SHOULD be
+defined as 0 if no vendor-specific version information is available.
+
+For example, if this specification is published as RFC 88888, Netscape
+Communication's version 4.0 implementation that supports LDAPv2 and v3
+might include macro definitions like these:
+
+ #define LDAP_API_VERSION 88888 /* RFC 88888 compliant */
+ #define LDAP_VERSION_MIN 2
+ #define LDAP_VERSION_MAX 3
+ #define LDAP_VENDOR_NAME "Netscape Communications Corp."
+ #define LDAP_VENDOR_VERSION 400 /* version 4.0 */
+
+and application code can test the C LDAP API version level using a
+construct such as this one:
+
+ #if (LDAP_API_VERSION >= 88888)
+ /* use features supported in RFC 88888 or later */
+
+
+
+Expires: May 2001 [Page 10]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ #endif
+
+Until such time as this document is published as an RFC, implementations
+SHOULD use the value 2000 plus the revision number of this draft for
+LDAP_API_VERSION. For example, the correct value for LDAP_API_VERSION
+for revision 05 of this draft is 2005.
+
+Documents that extend this specification SHOULD define a macro of the
+form:
+
+ #define LDAP_API_FEATURE_x level
+
+where "x" is replaced with a name (textual identifier) for the feature
+and "level" is replaced with the number of the RFC that specifies the
+API extension. The name SHOULD NOT begin with the string "X_".
+
+For example, if C LDAP API extensions for Transport Layer Security [9]
+were published in RFC 99999, that RFC might require conformant implemen-
+tations to define a macro like this:
+
+ #define LDAP_API_FEATURE_TLS 99999
+
+
+Private or experimental API extensions SHOULD be indicated by defining a
+macro of this same form where "x" (the extension's name) begins with the
+string "X_" and "level" is replaced with a integer number that is
+specific to the extension.
+
+It is RECOMMENDED that private or experimental API extensions use only
+the following prefixes for macros, types, and function names:
+ LDAP_X_
+ LBER_X_
+ ldap_x_
+ ber_x_
+and that these prefixes not be used by standard extensions.
+
+
+9.2. Retrieving Information During Execution
+
+The ldap_get_option() call (described in greater detail later in this
+document) can be used during execution in conjunction with an option
+parameter value of LDAP_OPT_API_INFO (0x00) to retrieve some basic
+information about the API and about the specific implementation being
+used. The ld parameter to ldap_get_option() can be either NULL or a
+valid LDAP session handle which was obtained by calling ldap_init().
+The optdata parameter to ldap_get_option() SHOULD be the address of an
+LDAPAPIInfo structure which is defined as follows:
+
+
+
+
+Expires: May 2001 [Page 11]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ typedef struct ldapapiinfo {
+ int ldapai_info_version; /* version of this struct (1) */
+ int ldapai_api_version; /* revision of API supported */
+ int ldapai_protocol_version; /* highest LDAP version supported */
+ char **ldapai_extensions; /* names of API extensions */
+ char *ldapai_vendor_name; /* name of supplier */
+ int ldapai_vendor_version; /* supplier-specific version times 100 */
+ } LDAPAPIInfo;
+
+In addition, API implementations MUST include the following macro defin-
+ition:
+
+ #define LDAP_API_INFO_VERSION 1
+
+Note that the ldapai_info_version field of the LDAPAPIInfo structure
+SHOULD be set to the value LDAP_API_INFO_VERSION (1) before calling
+ldap_get_option() so that it can be checked for consistency. All other
+fields are set by the ldap_get_option() function.
+
+The members of the LDAPAPIInfo structure are:
+
+ldapai_info_version
+ A number that identifies the version of the LDAPAPIInfo struc-
+ ture. This SHOULD be set to the value LDAP_API_INFO_VERSION
+ (1) before calling ldap_get_option(). If the value received
+ is not recognized by the API implementation, the
+ ldap_get_option() function sets ldapai_info_version to a valid
+ value that would be recognized, sets the ldapai_api_version to
+ the correct value, and returns an error without filling in any
+ of the other fields in the LDAPAPIInfo structure.
+
+ldapai_api_version
+ A number that matches that assigned to the C LDAP API RFC sup-
+ ported by the API implementation. This SHOULD match the value
+ of the LDAP_API_VERSION macro defined earlier.
+
+ldapai_protocol_version
+ The highest LDAP protocol version supported by the implementa-
+ tion. For example, if LDAPv3 is the highest version supported
+ then this field will be set to 3.
+
+ldapai_vendor_name
+ A zero-terminated string that contains the name of the party
+ that produced the LDAP API implementation. This field may be
+ set to NULL if no name is available. If non-NULL, the caller
+ is responsible for disposing of the memory occupied by passing
+ this pointer to ldap_memfree() which is described later in
+ this document. This value SHOULD match the value of the
+
+
+
+Expires: May 2001 [Page 12]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ LDAP_VENDOR_NAME macro described earlier in this document.
+
+ldapai_vendor_version
+ An implementation-specific version number multiplied by 100.
+ For example, if the implementation version is 4.0 then this
+ field will be set to 400. If no version information is avail-
+ able, this field will be set to 0. This value SHOULD match
+ the value of the LDAP_VENDOR_VERSION macro described earlier
+ in this document.
+
+ldapai_extensions
+ A NULL-terminated array of character strings that lists the
+ names of the API extensions supported by the LDAP API imple-
+ mentation. These names will typically match the textual iden-
+ tifiers that appear in the "x" portion of the
+ LDAP_API_FEATURE_x macros described above, although the pre-
+ cise value MUST be defined by documents that specify C LDAP
+ API extensions. If no API extensions are supported, this
+ field will be set to NULL. The caller is responsible for
+ disposing of the memory occupied by this array by passing it
+ to ldap_value_free() which is described later in this docu-
+ ment. To retrieve more information about a particular exten-
+ sion, the ldap_get_option() call can be used with an option
+ parameter value of LDAP_OPT_API_FEATURE_INFO (0x15). The opt-
+ data parameter to the ldap_get_option() SHOULD be the address
+ of an LDAPAPIFeatureInfo structure which is defined as fol-
+ lows:
+
+ typedef struct ldap_apifeature_info {
+ int ldapaif_info_version; /* version of this struct (1) */
+ char *ldapaif_name; /* name of supported feature */
+ int ldapaif_version; /* revision of supported feature */
+ } LDAPAPIFeatureInfo;
+
+ In addition, API implementations MUST include the following
+ macro definition:
+
+ #define LDAP_FEATURE_INFO_VERSION 1
+
+ Note that the ldapaif_info_version field of the LDAPAPI-
+ FeatureInfo structure SHOULD be set to the value
+ LDAP_FEATURE_INFO_VERSION (1) and the ldapaif_name field
+ SHOULD be set to the extension name string as described below
+ before ldap_get_option() is called. The call will fill in the
+ ldapaif_version field of the LDAPAPIFeatureInfo structure.
+
+ The members of the LDAPAPIFeatureInfo structure are:
+
+
+
+
+Expires: May 2001 [Page 13]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ ldapaif_info_version
+ A number that identifies the version of the LDAPAPI-
+ FeatureInfo structure. This SHOULD be set to the value
+ LDAP_FEATURE_INFO_VERSION (1) before calling
+ ldap_get_option(). If the value received is not recognized
+ by the API implementation, the ldap_get_option() function
+ sets ldapaif_info_version to a valid value that would be
+ recognized and returns an error without filling in the
+ ldapaif_version field in the LDAPAPIFeatureInfo structure.
+
+ ldapaif_name
+ The name of an extension, as returned in the
+ ldapai_extensions array of the LDAPAPIInfo structure and as
+ specified in the document that describes the extension.
+
+ ldapaif_version
+ This field will be set as a result of calling
+ ldap_get_option(). It is a number that matches that
+ assigned to the C LDAP API extension RFC supported for this
+ extension. For private or experimental API extensions, the
+ value is extension-specific. In either case, the value of
+ ldapaxi_ext_version SHOULD be identical to the value of the
+ LDAP_API_FEATURE_x macro defined for the extension
+ (described above).
+
+
+10. Result Codes
+
+Many of the LDAP API routines return result codes, some of which indi-
+cate local API errors and some of which are LDAP resultCodes that are
+returned by servers. All of the result codes are non-negative integers.
+Supported result codes are as follows (hexadecimal values are given in
+parentheses after the constant):
+
+ LDAP_SUCCESS (0x00)
+ LDAP_OPERATIONS_ERROR (0x01)
+ LDAP_PROTOCOL_ERROR (0x02)
+ LDAP_TIMELIMIT_EXCEEDED (0x03)
+ LDAP_SIZELIMIT_EXCEEDED (0x04)
+ LDAP_COMPARE_FALSE (0x05)
+ LDAP_COMPARE_TRUE (0x06)
+ LDAP_STRONG_AUTH_NOT_SUPPORTED (0x07)
+ LDAP_STRONG_AUTH_REQUIRED (0x08)
+ LDAP_REFERRAL (0x0a) -- new in LDAPv3
+ LDAP_ADMINLIMIT_EXCEEDED (0x0b) -- new in LDAPv3
+ LDAP_UNAVAILABLE_CRITICAL_EXTENSION (0x0c) -- new in LDAPv3
+ LDAP_CONFIDENTIALITY_REQUIRED (0x0d) -- new in LDAPv3
+ LDAP_SASL_BIND_IN_PROGRESS (0x0e) -- new in LDAPv3
+
+
+
+Expires: May 2001 [Page 14]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ LDAP_NO_SUCH_ATTRIBUTE (0x10)
+ LDAP_UNDEFINED_TYPE (0x11)
+ LDAP_INAPPROPRIATE_MATCHING (0x12)
+ LDAP_CONSTRAINT_VIOLATION (0x13)
+ LDAP_TYPE_OR_VALUE_EXISTS (0x14)
+ LDAP_INVALID_SYNTAX (0x15)
+ LDAP_NO_SUCH_OBJECT (0x20)
+ LDAP_ALIAS_PROBLEM (0x21)
+ LDAP_INVALID_DN_SYNTAX (0x22)
+ LDAP_IS_LEAF (0x23) -- not used in LDAPv3
+ LDAP_ALIAS_DEREF_PROBLEM (0x24)
+ LDAP_INAPPROPRIATE_AUTH (0x30)
+ LDAP_INVALID_CREDENTIALS (0x31)
+ LDAP_INSUFFICIENT_ACCESS (0x32)
+ LDAP_BUSY (0x33)
+ LDAP_UNAVAILABLE (0x34)
+ LDAP_UNWILLING_TO_PERFORM (0x35)
+ LDAP_LOOP_DETECT (0x36)
+ LDAP_NAMING_VIOLATION (0x40)
+ LDAP_OBJECT_CLASS_VIOLATION (0x41)
+ LDAP_NOT_ALLOWED_ON_NONLEAF (0x42)
+ LDAP_NOT_ALLOWED_ON_RDN (0x43)
+ LDAP_ALREADY_EXISTS (0x44)
+ LDAP_NO_OBJECT_CLASS_MODS (0x45)
+ LDAP_RESULTS_TOO_LARGE (0x46) -- reserved for CLDAP
+ LDAP_AFFECTS_MULTIPLE_DSAS (0x47) -- new in LDAPv3
+ LDAP_OTHER (0x50)
+ LDAP_SERVER_DOWN (0x51)
+ LDAP_LOCAL_ERROR (0x52)
+ LDAP_ENCODING_ERROR (0x53)
+ LDAP_DECODING_ERROR (0x54)
+ LDAP_TIMEOUT (0x55)
+ LDAP_AUTH_UNKNOWN (0x56)
+ LDAP_FILTER_ERROR (0x57)
+ LDAP_USER_CANCELLED (0x58)
+ LDAP_PARAM_ERROR (0x59)
+ LDAP_NO_MEMORY (0x5a)
+ LDAP_CONNECT_ERROR (0x5b)
+ LDAP_NOT_SUPPORTED (0x5c)
+ LDAP_CONTROL_NOT_FOUND (0x5d)
+ LDAP_NO_RESULTS_RETURNED (0x5e)
+ LDAP_MORE_RESULTS_TO_RETURN (0x5f)
+ LDAP_CLIENT_LOOP (0x60)
+ LDAP_REFERRAL_LIMIT_EXCEEDED (0x61)
+
+
+
+
+
+
+
+Expires: May 2001 [Page 15]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+11. Performing LDAP Operations
+
+This section describes each LDAP operation API call in detail. Most
+functions take a "session handle," a pointer to an LDAP structure con-
+taining per-connection information. Many routines return results in an
+LDAPMessage structure. These structures and others are described as
+needed below.
+
+
+11.1. Initializing an LDAP Session
+
+ldap_init() initializes a session with an LDAP server. The server is not
+actually contacted until an operation is performed that requires it,
+allowing various options to be set after initialization.
+
+ LDAP *ldap_init(
+ const char *hostname,
+ int portno
+ );
+
+Use of the following routine is deprecated:
+
+ LDAP *ldap_open(
+ const char *hostname,
+ int portno
+ );
+
+Unlike ldap_init(), ldap_open() attempts to make a server connection
+before returning to the caller. A more complete description can be
+found in RFC 1823.
+
+Parameters are:
+
+hostname Contains a space-separated list of hostnames or dotted strings
+ representing the IP address of hosts running an LDAP server to
+ connect to. Each hostname in the list MAY include a port number
+ which is separated from the host itself with a colon (:) char-
+ acter. The hosts will be tried in the order listed, stopping
+ with the first one to which a successful connection is made.
+
+ Note: A suitable representation for including a literal IPv6[10]
+ address in the hostname parameter is desired, but has not yet been
+ determined or implemented in practice.
+
+portno Contains the TCP port number to connect to. The default LDAP
+ port of 389 can be obtained by supplying the value zero (0) or
+ the macro LDAP_PORT (389). If a host includes a port number
+ then this parameter is ignored.
+
+
+
+Expires: May 2001 [Page 16]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ldap_init() and ldap_open() both return a "session handle," a pointer to
+an opaque structure that MUST be passed to subsequent calls pertaining
+to the session. These routines return NULL if the session cannot be ini-
+tialized in which case the operating system error reporting mechanism
+can be checked to see why the call failed.
+
+Note that if you connect to an LDAPv2 server, one of the LDAP bind calls
+described below SHOULD be completed before other operations can be per-
+formed on the session. LDAPv3 does not require that a bind operation be
+completed before other operations can be performed.
+
+The calling program can set various attributes of the session by calling
+the routines described in the next section.
+
+
+11.2. LDAP Session Handle Options
+
+The LDAP session handle returned by ldap_init() is a pointer to an
+opaque data type representing an LDAP session. In RFC 1823 this data
+type was a structure exposed to the caller, and various fields in the
+structure could be set to control aspects of the session, such as size
+and time limits on searches.
+
+In the interest of insulating callers from inevitable changes to this
+structure, these aspects of the session are now accessed through a pair
+of accessor functions, described below.
+
+ldap_get_option() is used to access the current value of various
+session-wide parameters. ldap_set_option() is used to set the value of
+these parameters. Note that some options are READ-ONLY and cannot be
+set; it is an error to call ldap_set_option() and attempt to set a
+READ-ONLY option.
+
+Note that if automatic referral following is enabled (the default), any
+connections created during the course of following referrals will
+inherit the options associated with the session that sent the original
+request that caused the referrals to be returned.
+
+ int ldap_get_option(
+ LDAP *ld,
+ int option,
+ void *outvalue
+ );
+
+ int ldap_set_option(
+ LDAP *ld,
+ int option,
+ const void *invalue
+
+
+
+Expires: May 2001 [Page 17]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ );
+
+ #define LDAP_OPT_ON (<impl_void_star_value>)
+ #define LDAP_OPT_OFF ((void *)0)
+
+ LDAP_OPT_ON MUST be defined as a non-null pointer to void; that is,
+ <impl_void_star_value> MUST be replaced with a non-null pointer to
+ void, e.g., one could use:
+ #define LDAP_OPT_ON ((void *)1)
+ if that value is safe to use on the architecture where the API is
+ implemented.
+
+Parameters are:
+
+ld The session handle. If this is NULL, a set of global defaults is
+ accessed. New LDAP session handles created with ldap_init() or
+ ldap_open() inherit their characteristics from these global
+ defaults.
+
+option The name of the option being accessed or set. This parameter
+ SHOULD be one of the following constants, which have the indi-
+ cated meanings. After the constant the actual hexadecimal value
+ of the constant is listed in parentheses.
+
+
+ LDAP_OPT_API_INFO (0x00)
+ Type for invalue parameter: not applicable (option is READ-ONLY)
+
+ Type for outvalue parameter: LDAPAPIInfo *
+
+ Description:
+ Used to retrieve some basic information about the LDAP API
+ implementation at execution time. See the section "Retriev-
+ ing Information About the API Implementation" above for more
+ information. This option is READ-ONLY and cannot be set.
+
+ LDAP_OPT_DEREF (0x02)
+ Type for invalue parameter: int *
+
+ Type for outvalue parameter: int *
+
+ Description:
+ Determines how aliases are handled during search. It SHOULD
+ have one of the following values: LDAP_DEREF_NEVER (0x00),
+ LDAP_DEREF_SEARCHING (0x01), LDAP_DEREF_FINDING (0x02), or
+ LDAP_DEREF_ALWAYS (0x03). The LDAP_DEREF_SEARCHING value
+ means aliases are dereferenced during the search but not when
+ locating the base object of the search. The
+
+
+
+Expires: May 2001 [Page 18]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ LDAP_DEREF_FINDING value means aliases are dereferenced when
+ locating the base object but not during the search. The
+ default value for this option is LDAP_DEREF_NEVER.
+
+ LDAP_OPT_SIZELIMIT (0x03)
+ Type for invalue parameter: int *
+
+ Type for outvalue parameter: int *
+
+ Description:
+ A limit on the number of entries to return from a search. A
+ value of LDAP_NO_LIMIT (0) means no limit. The default value
+ for this option is LDAP_NO_LIMIT.
+
+ LDAP_OPT_TIMELIMIT (0x04)
+ Type for invalue parameter: int *
+
+ Type for outvalue parameter: int *
+
+ Description:
+ A limit on the number of seconds to spend on a search. A
+ value of LDAP_NO_LIMIT (0) means no limit. The default value
+ for this option is LDAP_NO_LIMIT. This value is passed to
+ the server in the search request only; it does not affect how
+ long the C LDAP API implementation itself will wait locally
+ for search results. Note that the timeout parameter passed
+ to the ldap_search_ext_s() or ldap_result() functions can be
+ used to specify a limit on how long the API implementation
+ will wait for results.
+
+ LDAP_OPT_REFERRALS (0x08)
+ Type for invalue parameter: void * (LDAP_OPT_ON or LDAP_OPT_OFF)
+
+ Type for outvalue parameter: int *
+
+ Description:
+ Determines whether the LDAP library automatically follows
+ referrals returned by LDAP servers or not. It MAY be set to
+ one of the constants LDAP_OPT_ON or LDAP_OPT_OFF; any non-
+ NULL pointer value passed to ldap_set_option() enables this
+ option. When reading the current setting using
+ ldap_get_option(), a zero value means OFF and any non-zero
+ value means ON. By default, this option is ON.
+
+ LDAP_OPT_RESTART (0x09)
+ Type for invalue parameter: void * (LDAP_OPT_ON or LDAP_OPT_OFF)
+
+ Type for outvalue parameter: int *
+
+
+
+Expires: May 2001 [Page 19]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ Description:
+ Determines whether LDAP I/O operations are automatically res-
+ tarted if they abort prematurely. It MAY be set to one of the
+ constants LDAP_OPT_ON or LDAP_OPT_OFF; any non-NULL pointer
+ value passed to ldap_set_option() enables this option. When
+ reading the current setting using ldap_get_option(), a zero
+ value means OFF and any non-zero value means ON. This option
+ is useful if an LDAP I/O operation can be interrupted prema-
+ turely, for example by a timer going off, or other interrupt.
+ By default, this option is OFF.
+
+ LDAP_OPT_PROTOCOL_VERSION (0x11)
+ Type for invalue parameter: int *
+
+ Type for outvalue parameter: int *
+
+ Description:
+ This option indicates the version of the LDAP protocol used
+ when communicating with the primary LDAP server. It SHOULD be
+ one of the constants LDAP_VERSION2 (2) or LDAP_VERSION3 (3).
+ If no version is set the default is LDAP_VERSION2 (2).
+
+ LDAP_OPT_SERVER_CONTROLS (0x12)
+ Type for invalue parameter: LDAPControl **
+
+ Type for outvalue parameter: LDAPControl ***
+
+ Description:
+ A default list of LDAP server controls to be sent with each
+ request. See the Working With Controls section below.
+
+ LDAP_OPT_CLIENT_CONTROLS (0x13)
+ Type for invalue parameter: LDAPControl **
+
+ Type for outvalue parameter: LDAPControl ***
+
+ Description:
+ A default list of client controls that affect the LDAP ses-
+ sion. See the Working With Controls section below.
+
+ LDAP_OPT_API_FEATURE_INFO (0x15)
+ Type for invalue parameter: not applicable (option is READ-ONLY)
+
+ Type for outvalue parameter: LDAPAPIFeatureInfo *
+
+ Description:
+ Used to retrieve version information about LDAP API extended
+ features at execution time. See the section "Retrieving
+
+
+
+Expires: May 2001 [Page 20]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ Information About the API Implementation" above for more
+ information. This option is READ-ONLY and cannot be set.
+
+ LDAP_OPT_HOST_NAME (0x30)
+ Type for invalue parameter: char *
+
+ Type for outvalue parameter: char **
+
+ Description:
+ The host name (or list of hosts) for the primary LDAP server.
+ See the definition of the hostname parameter to ldap_init()
+ for the allowed syntax. Note that if the portno parameter
+ passed to ldap_init() is a value other than 0 or 389
+ (LDAP_PORT), this value SHOULD include a string like
+ ":portno" after each hostname or IP address that did not have
+ one in the original hostname parameter that was passed to
+ ldap_init(). For example, if this hostname value was passed
+ to ldap_init():
+
+ "ldap.example.com:389 ldap2.example.com"
+
+ and the portno parameter passed to ldap_init() was 6389, then
+ the value returned for the LDAP_OPT_HOST_NAME option SHOULD
+ be:
+
+ "ldap.example.com:389 ldap2.example.com:6389"
+
+
+ LDAP_OPT_RESULT_CODE (0x31)
+ Type for invalue parameter: int *
+
+ Type for outvalue parameter: int *
+
+ Description:
+ The most recent local (API generated) or server returned LDAP
+ result code that occurred for this session.
+
+ LDAP_OPT_ERROR_STRING (0x32)
+ Type for invalue parameter: char *
+
+ Type for outvalue parameter: char **
+
+ Description:
+ The message returned with the most recent LDAP error that
+ occurred for this session.
+
+ LDAP_OPT_MATCHED_DN (0x33)
+ Type for invalue parameter: char *
+
+
+
+Expires: May 2001 [Page 21]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ Type for outvalue parameter: char **
+
+ Description:
+ The matched DN value returned with the most recent LDAP error
+ that occurred for this session.
+
+
+outvalue The address of a place to put the value of the option. The
+ actual type of this parameter depends on the setting of the
+ option parameter. For outvalues of type char ** and LDAPCon-
+ trol **, a copy of the data that is associated with the LDAP
+ session ld is returned; callers should dispose of the memory by
+ calling ldap_memfree() or ldap_controls_free(), depending on
+ the type of data returned.
+
+invalue A pointer to the value the option is to be given. The actual
+ type of this parameter depends on the setting of the option
+ parameter. The data associated with invalue is copied by the
+ API implementation to allow callers of the API to dispose of or
+ otherwise change their copy of the data after a successful call
+ to ldap_set_option(). If a value passed for invalue is invalid
+ or cannot be accepted by the implementation, ldap_set_option()
+ should return -1 to indicate an error.
+
+Both ldap_get_option() and ldap_set_option() return 0 if successful and
+-1 if an error occurs. If -1 is returned by either function, a specific
+result code MAY be retrieved by calling ldap_get_option() with an option
+value of LDAP_OPT_RESULT_CODE. Note that there is no way to retrieve a
+more specific result code if a call to ldap_get_option() with an option
+value of LDAP_OPT_RESULT_CODE fails.
+
+When a call to ldap_get_option() succeeds, the API implementation MUST
+NOT change the state of the LDAP session handle or the state of the
+underlying implementation in a way that affects the behavior of future
+LDAP API calls. When a call to ldap_get_option() fails, the only ses-
+sion handle change permitted is setting the LDAP result code (as
+returned by the LDAP_OPT_RESULT_CODE option).
+
+When a call to ldap_set_option() fails, it MUST NOT change the state of
+the LDAP session handle or the state of the underlying implementation in
+a way that affects the behavior of future LDAP API calls.
+
+Standards track documents that extend this specification and specify new
+options SHOULD use values for option macros that are between 0x1000 and
+0x3FFF inclusive. Private and experimental extensions SHOULD use values
+for the option macros that are between 0x4000 and 0x7FFF inclusive. All
+values below 0x1000 and above 0x7FFF that are not defined in this docu-
+ment are reserved and SHOULD NOT be used. The following macro MUST be
+
+
+
+Expires: May 2001 [Page 22]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+defined by C LDAP API implementations to aid extension implementors:
+ #define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x4000 /* to 0x7FFF inclusive */
+
+
+
+11.3. Working With Controls
+
+LDAPv3 operations can be extended through the use of controls. Controls
+can be sent to a server or returned to the client with any LDAP message.
+These controls are referred to as server controls.
+
+The LDAP API also supports a client-side extension mechanism through the
+use of client controls. These controls affect the behavior of the LDAP
+API only and are never sent to a server. A common data structure is
+used to represent both types of controls:
+
+ typedef struct ldapcontrol {
+ char *ldctl_oid;
+ struct berval ldctl_value;
+ char ldctl_iscritical;
+ } LDAPControl;
+
+The fields in the ldapcontrol structure have the following meanings:
+
+ldctl_oid The control type, represented as a string.
+
+ldctl_value The data associated with the control (if any). To
+ specify a zero-length value, set ldctl_value.bv_len to
+ zero and ldctl_value.bv_val to a zero-length string.
+ To indicate that no data is associated with the con-
+ trol, set ldctl_value.bv_val to NULL.
+
+ldctl_iscritical Indicates whether the control is critical of not. If
+ this field is non-zero, the operation will only be car-
+ ried out if the control is recognized by the server
+ and/or client. Note that the LDAP unbind and abandon
+ operations have no server response, so clients SHOULD
+ NOT mark server controls critical when used with these
+ two operations.
+
+Some LDAP API calls allocate an ldapcontrol structure or a NULL-
+terminated array of ldapcontrol structures. The following routines can
+be used to dispose of a single control or an array of controls:
+
+ void ldap_control_free( LDAPControl *ctrl );
+ void ldap_controls_free( LDAPControl **ctrls );
+If the ctrl or ctrls parameter is NULL, these calls do nothing.
+
+
+
+
+Expires: May 2001 [Page 23]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+A set of controls that affect the entire session can be set using the
+ldap_set_option() function (see above). A list of controls can also be
+passed directly to some LDAP API calls such as ldap_search_ext(), in
+which case any controls set for the session through the use of
+ldap_set_option() are ignored. Control lists are represented as a NULL-
+terminated array of pointers to ldapcontrol structures.
+
+Server controls are defined by LDAPv3 protocol extension documents; for
+example, a control has been proposed to support server-side sorting of
+search results [11].
+
+One client control is defined in this document (described in the follow-
+ing section). Other client controls MAY be defined in future revisions
+of this document or in documents that extend this API.
+
+
+11.3.1. A Client Control That Governs Referral Processing
+
+As described previously in the section "LDAP Session Handle Options,"
+applications can enable and disable automatic chasing of referrals on a
+session-wide basic by using the ldap_set_option() function with the
+LDAP_OPT_REFERRALS option. It is also useful to govern automatic refer-
+ral chasing on per-request basis. A client control with an OID of
+1.2.840.113556.1.4.616 exists to provide this functionality.
+
+ /* OID for referrals client control */
+ #define LDAP_CONTROL_REFERRALS "1.2.840.113556.1.4.616"
+
+ /* Flags for referrals client control value */
+ #define LDAP_CHASE_SUBORDINATE_REFERRALS 0x00000020U
+ #define LDAP_CHASE_EXTERNAL_REFERRALS 0x00000040U
+
+To create a referrals client control, the ldctl_oid field of an LDAPCon-
+trol structure MUST be set to LDAP_CONTROL_REFERRALS
+("1.2.840.113556.1.4.616") and the ldctl_value field MUST be set to a
+value that contains a set of flags. The ldctl_value.bv_len field MUST
+be set to sizeof(ber_uint_t), and the ldctl_value.bv_val field MUST
+point to a ber_uint_t which contains the flags value." The ber_uint_t
+type is define in the section "BER Data Structures and Types" below.
+
+The flags value can be set to zero to disable automatic chasing of
+referrals and LDAPv3 references altogether. Alternatively, the flags
+value can be set to the value LDAP_CHASE_SUBORDINATE_REFERRALS
+(0x00000020U) to indicate that only LDAPv3 search continuation refer-
+ences are to be automatically chased by the API implementation, to the
+value LDAP_CHASE_EXTERNAL_REFERRALS (0x00000040U) to indicate that only
+LDAPv3 referrals are to be automatically chased, or the logical OR of
+the two flag values (0x00000060U) to indicate that both referrals and
+
+
+
+Expires: May 2001 [Page 24]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+references are to be automatically chased.
+
+
+11.4. Authenticating to the directory
+
+The following functions are used to authenticate an LDAP client to an
+LDAP directory server.
+
+The ldap_sasl_bind() and ldap_sasl_bind_s() functions can be used to do
+general and extensible authentication over LDAP through the use of the
+Simple Authentication Security Layer [12]. The routines both take the
+dn to bind as, the method to use, as a dotted-string representation of
+an OID identifying the method, and a struct berval holding the creden-
+tials. The special constant value LDAP_SASL_SIMPLE (NULL) can be passed
+to request simple authentication, or the simplified routines
+ldap_simple_bind() or ldap_simple_bind_s() can be used.
+
+ int ldap_sasl_bind(
+ LDAP *ld,
+ const char *dn,
+ const char *mechanism,
+ const struct berval *cred,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp
+ );
+
+ int ldap_sasl_bind_s(
+ LDAP *ld,
+ const char *dn,
+ const char *mechanism,
+ const struct berval *cred,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ struct berval **servercredp
+ );
+
+ int ldap_simple_bind(
+ LDAP *ld,
+ const char *dn,
+ const char *passwd
+ );
+
+ int ldap_simple_bind_s(
+ LDAP *ld,
+ const char *dn,
+ const char *passwd
+ );
+
+
+
+Expires: May 2001 [Page 25]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ The use of the following routines is deprecated and more complete
+ descriptions can be found in RFC 1823:
+
+ int ldap_bind( LDAP *ld, const char *dn, const char *cred,
+ int method );
+
+ int ldap_bind_s( LDAP *ld, const char *dn, const char *cred,
+ int method );
+
+ int ldap_kerberos_bind( LDAP *ld, const char *dn );
+
+ int ldap_kerberos_bind_s( LDAP *ld, const char *dn );
+
+Parameters are:
+
+ld The session handle.
+
+dn The name of the entry to bind as. If NULL, a zero length
+ DN is sent to the server.
+
+mechanism Either LDAP_SASL_SIMPLE (NULL) to get simple authentica-
+ tion, or a text string identifying the SASL method.
+
+cred The credentials with which to authenticate. Arbitrary
+ credentials can be passed using this parameter. The format
+ and content of the credentials depends on the setting of
+ the mechanism parameter. If the cred parameter is NULL and
+ the mechanism is LDAP_SASL_SIMPLE, a zero-length octet
+ string is sent to the server in the simple credentials
+ field of the bind request. If the cred parameter is NULL
+ and the mechanism is anything else, no credentials are sent
+ to the server in the bind request.
+
+passwd For ldap_simple_bind(), the password that is sent to the
+ server in the simple credentials field of the bind request.
+ If NULL, a zero length password is sent to the server.
+
+serverctrls List of LDAP server controls, or NULL if no server controls
+ are used.
+
+clientctrls List of client controls, or NULL if no client controls are
+ used.
+
+msgidp This result parameter will be set to the message id of the
+ request if the ldap_sasl_bind() call succeeds. The value
+ is undefined if a value other than LDAP_SUCCESS is
+ returned.
+
+
+
+
+Expires: May 2001 [Page 26]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+servercredp This result parameter will be filled in with the creden-
+ tials passed back by the server for mutual authentication,
+ if given. An allocated berval structure is returned that
+ SHOULD be disposed of by calling ber_bvfree(). NULL SHOULD
+ be passed to ignore this field. If an API error occurs or
+ the server did not return any credentials, *servercredp is
+ set to NULL.
+
+Additional parameters for the deprecated routines are not described.
+Interested readers are referred to RFC 1823.
+
+The ldap_sasl_bind() function initiates an asynchronous bind operation
+and returns the constant LDAP_SUCCESS if the request was successfully
+sent, or another LDAP result code if not. See the section below on
+error handling for more information about possible errors and how to
+interpret them. If successful, ldap_sasl_bind() places the message id
+of the request in *msgidp. A subsequent call to ldap_result(), described
+below, can be used to obtain the result of the bind.
+
+The ldap_simple_bind() function initiates a simple asynchronous bind
+operation and returns the message id of the operation initiated. A sub-
+sequent call to ldap_result(), described below, can be used to obtain
+the result of the bind. In case of error, ldap_simple_bind() will return
+-1, setting the session error parameters in the LDAP structure appropri-
+ately.
+
+The synchronous ldap_sasl_bind_s() and ldap_simple_bind_s() functions
+both return the result of the operation, either the constant
+LDAP_SUCCESS if the operation was successful, or another LDAP result
+code if it was not. See the section below on error handling for more
+information about possible errors and how to interpret them.
+
+Note that if an LDAPv2 server is contacted, no other operations over the
+connection can be attempted before a bind call has successfully com-
+pleted.
+
+Subsequent bind calls can be used to re-authenticate over the same con-
+nection, and multistep SASL sequences can be accomplished through a
+sequence of calls to ldap_sasl_bind() or ldap_sasl_bind_s().
+
+
+11.5. Closing the session
+
+The following functions are used to unbind from the directory, close
+open connections, and dispose of the session handle.
+
+ int ldap_unbind_ext( LDAP *ld, LDAPControl **serverctrls,
+ LDAPControl **clientctrls );
+
+
+
+Expires: May 2001 [Page 27]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ int ldap_unbind( LDAP *ld );
+
+ int ldap_unbind_s( LDAP *ld );
+
+Parameters are:
+
+ld The session handle.
+
+serverctrls List of LDAP server controls, or NULL if no server controls
+ are to be used.
+
+clientctrls List of client controls, or NULL if no client controls are
+ to be used.
+
+The ldap_unbind_ext(), ldap_unbind() and ldap_unbind_s() all work syn-
+chronously in the sense that they send an unbind request to the server,
+close all open connections associated with the LDAP session handle, and
+dispose of all resources associated with the session handle before
+returning. Note, however, that there is no server response to an LDAP
+unbind operation. All three of the unbind functions return LDAP_SUCCESS
+(or another LDAP result code if the request cannot be sent to the LDAP
+server). After a call to one of the unbind functions, the session han-
+dle ld is invalid and it is illegal to make any further LDAP API calls
+using ld.
+
+The ldap_unbind() and ldap_unbind_s() functions behave identically. The
+ldap_unbind_ext() function allows server and client controls to be
+included explicitly, but note that since there is no server response to
+an unbind request there is no way to receive a response to a server con-
+trol sent with an unbind request.
+
+
+
+11.6. Searching
+
+The following functions are used to search the LDAP directory, returning
+a requested set of attributes for each entry matched. There are five
+variations.
+
+ int ldap_search_ext(
+ LDAP *ld,
+ const char *base,
+ int scope,
+ const char *filter,
+ char **attrs,
+ int attrsonly,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+
+
+
+Expires: May 2001 [Page 28]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ struct timeval *timeout,
+ int sizelimit,
+ int *msgidp
+ );
+
+ int ldap_search_ext_s(
+ LDAP *ld,
+ const char *base,
+ int scope,
+ const char *filter,
+ char **attrs,
+ int attrsonly,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ struct timeval *timeout,
+ int sizelimit,
+ LDAPMessage **res
+ );
+
+ int ldap_search(
+ LDAP *ld,
+ const char *base,
+ int scope,
+ const char *filter,
+ char **attrs,
+ int attrsonly
+ );
+
+ int ldap_search_s(
+ LDAP *ld,
+ const char *base,
+ int scope,
+ const char *filter,
+ char **attrs,
+ int attrsonly,
+ LDAPMessage **res
+ );
+
+ int ldap_search_st(
+ LDAP *ld,
+ const char *base,
+ int scope,
+ const char *filter,
+ char **attrs,
+ int attrsonly,
+ struct timeval *timeout,
+ LDAPMessage **res
+ );
+
+
+
+Expires: May 2001 [Page 29]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+Parameters are:
+
+ld The session handle.
+
+base The dn of the entry at which to start the search. If NULL,
+ a zero length DN is sent to the server.
+
+scope One of LDAP_SCOPE_BASE (0x00), LDAP_SCOPE_ONELEVEL (0x01),
+ or LDAP_SCOPE_SUBTREE (0x02), indicating the scope of the
+ search.
+
+filter A character string as described in [13], representing the
+ search filter. The value NULL can be passed to indicate
+ that the filter "(objectclass=*)" which matches all entries
+ is to be used. Note that if the caller of the API is using
+ LDAPv2, only a subset of the filter functionality described
+ in [13] can be successfully used.
+
+attrs A NULL-terminated array of strings indicating which attri-
+ butes to return for each matching entry. Passing NULL for
+ this parameter causes all available user attributes to be
+ retrieved. The special constant string LDAP_NO_ATTRS
+ ("1.1") MAY be used as the only string in the array to
+ indicate that no attribute types are to be returned by the
+ server. The special constant string LDAP_ALL_USER_ATTRS
+ ("*") can be used in the attrs array along with the names
+ of some operational attributes to indicate that all user
+ attributes plus the listed operational attributes are to be
+ returned.
+
+attrsonly A boolean value that MUST be zero if both attribute types
+ and values are to be returned, and non-zero if only types
+ are wanted.
+
+timeout For the ldap_search_st() function, this specifies the local
+ search timeout value (if it is NULL, the timeout is infin-
+ ite). If a zero timeout (where tv_sec and tv_usec are both
+ zero) is passed, API implementations SHOULD return
+ LDAP_PARAM_ERROR.
+
+ For the ldap_search_ext() and ldap_search_ext_s() func-
+ tions, the timeout parameter specifies both the local
+ search timeout value and the operation time limit that is
+ sent to the server within the search request. Passing a
+ NULL value for timeout causes the default timeout stored in
+ the LDAP session handle (set by using ldap_set_option()
+ with the LDAP_OPT_TIMELIMIT parameter) to be sent to the
+ server with the request but an infinite local search
+
+
+
+Expires: May 2001 [Page 30]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ timeout to be used. If a zero timeout (where tv_sec and
+ tv_usec are both zero) is passed in, API implementations
+ SHOULD return LDAP_PARAM_ERROR. If a zero value for tv_sec
+ is used but tv_usec is non-zero, an operation time limit of
+ 1 SHOULD be passed to the LDAP server as the operation time
+ limit. For other values of tv_sec, the tv_sec value itself
+ SHOULD be passed to the LDAP server.
+
+sizelimit For the ldap_search_ext() and ldap_search_ext_s() calls,
+ this is a limit on the number of entries to return from the
+ search. A value of LDAP_NO_LIMIT (0) means no limit. A
+ value of LDAP_DEFAULT_SIZELIMIT (-1) means use the default
+ timeout from the LDAP session handle (which is set by cal-
+ ling ldap_set_option() with the LDAP_OPT_SIZELIMIT parame-
+ ter).
+
+res For the synchronous calls, this is a result parameter which
+ will contain the results of the search upon completion of
+ the call. If an API error occurs or no results are
+ returned, *res is set to NULL.
+
+serverctrls List of LDAP server controls, or NULL if no server controls
+ are to be used.
+
+clientctrls List of client controls, or NULL if no client controls are
+ to be used.
+
+msgidp This result parameter will be set to the message id of the
+ request if the ldap_search_ext() call succeeds. The value
+ is undefined if a value other than LDAP_SUCCESS is
+ returned.
+
+There are three options in the session handle ld which potentially
+affect how the search is performed. They are:
+
+ LDAP_OPT_SIZELIMIT
+ LDAP_OPT_TIMELIMIT
+ LDAP_OPT_DEREF
+
+These options are fully described in the earlier section "LDAP Session
+Handle Options."
+
+The ldap_search_ext() function initiates an asynchronous search opera-
+tion and returns the constant LDAP_SUCCESS if the request was success-
+fully sent, or another LDAP result code if not. See the section below
+on error handling for more information about possible errors and how to
+interpret them. If successful, ldap_search_ext() places the message id
+of the request in *msgidp. A subsequent call to ldap_result(), described
+
+
+
+Expires: May 2001 [Page 31]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+below, can be used to obtain the results from the search. These results
+can be parsed using the result parsing routines described in detail
+later.
+
+Similar to ldap_search_ext(), the ldap_search() function initiates an
+asynchronous search operation and returns the message id of the opera-
+tion initiated. As for ldap_search_ext(), a subsequent call to
+ldap_result(), described below, can be used to obtain the result of the
+bind. In case of error, ldap_search() will return -1, setting the ses-
+sion error parameters in the LDAP structure appropriately.
+
+The synchronous ldap_search_ext_s(), ldap_search_s(), and
+ldap_search_st() functions all return the result of the operation,
+either the constant LDAP_SUCCESS if the operation was successful, or
+another LDAP result code if it was not. See the section below on error
+handling for more information about possible errors and how to interpret
+them. Entries returned from the search (if any) are contained in the
+res parameter. This parameter is opaque to the caller. Entries, attri-
+butes, values, etc., can be extracted by calling the parsing routines
+described below. The results contained in res SHOULD be freed when no
+longer in use by calling ldap_msgfree(), described later.
+
+The ldap_search_ext() and ldap_search_ext_s() functions support LDAPv3
+server controls, client controls, and allow varying size and time limits
+to be easily specified for each search operation. The ldap_search_st()
+function is identical to ldap_search_s() except that it takes an addi-
+tional parameter specifying a local timeout for the search. The local
+search timeout is used to limit the amount of time the API implementa-
+tion will wait for a search to complete. After the local search timeout
+expires, the API implementation will send an abandon operation to abort
+the search operation.
+
+11.7. Reading an Entry
+
+LDAP does not support a read operation directly. Instead, this operation
+is emulated by a search with base set to the DN of the entry to read,
+scope set to LDAP_SCOPE_BASE, and filter set to "(objectclass=*)" or
+NULL. attrs contains the list of attributes to return.
+
+
+11.8. Listing the Children of an Entry
+
+LDAP does not support a list operation directly. Instead, this operation
+is emulated by a search with base set to the DN of the entry to list,
+scope set to LDAP_SCOPE_ONELEVEL, and filter set to "(objectclass=*)" or
+NULL. attrs contains the list of attributes to return for each child
+entry.
+
+
+
+
+Expires: May 2001 [Page 32]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+11.9. Comparing a Value Against an Entry
+
+The following routines are used to compare a given attribute value
+assertion against an LDAP entry. There are four variations:
+
+ int ldap_compare_ext(
+ LDAP *ld,
+ const char *dn,
+ const char *attr,
+ const struct berval *bvalue,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp
+ );
+
+ int ldap_compare_ext_s(
+ LDAP *ld,
+ const char *dn,
+ const char *attr,
+ const struct berval *bvalue,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls
+ );
+
+ int ldap_compare(
+ LDAP *ld,
+ const char *dn,
+ const char *attr,
+ const char *value
+ );
+
+ int ldap_compare_s(
+ LDAP *ld,
+ const char *dn,
+ const char *attr,
+ const char *value
+ );
+
+Parameters are:
+
+ld The session handle.
+
+dn The name of the entry to compare against. If NULL, a zero
+ length DN is sent to the server.
+
+attr The attribute to compare against.
+
+bvalue The attribute value to compare against those found in the
+
+
+
+Expires: May 2001 [Page 33]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ given entry. This parameter is used in the extended rou-
+ tines and is a pointer to a struct berval so it is possible
+ to compare binary values.
+
+value A string attribute value to compare against, used by the
+ ldap_compare() and ldap_compare_s() functions. Use
+ ldap_compare_ext() or ldap_compare_ext_s() if you need to
+ compare binary values.
+
+serverctrls List of LDAP server controls, or NULL if no server controls
+ are to be used.
+
+clientctrls List of client controls, or NULL if no client controls are
+ to be used.
+
+msgidp This result parameter will be set to the message id of the
+ request if the ldap_compare_ext() call succeeds. The value
+ is undefined if a value other than LDAP_SUCCESS is
+ returned.
+
+The ldap_compare_ext() function initiates an asynchronous compare opera-
+tion and returns the constant LDAP_SUCCESS if the request was success-
+fully sent, or another LDAP result code if not. See the section below
+on error handling for more information about possible errors and how to
+interpret them. If successful, ldap_compare_ext() places the message id
+of the request in *msgidp. A subsequent call to ldap_result(), described
+below, can be used to obtain the result of the compare.
+
+Similar to ldap_compare_ext(), the ldap_compare() function initiates an
+asynchronous compare operation and returns the message id of the opera-
+tion initiated. As for ldap_compare_ext(), a subsequent call to
+ldap_result(), described below, can be used to obtain the result of the
+bind. In case of error, ldap_compare() will return -1, setting the ses-
+sion error parameters in the LDAP structure appropriately.
+
+The synchronous ldap_compare_ext_s() and ldap_compare_s() functions both
+return the result of the operation: one of the constants
+LDAP_COMPARE_TRUE or LDAP_COMPARE_FALSE if the operation was successful,
+or another LDAP result code if it was not. See the section below on
+error handling for more information about possible errors and how to
+interpret them.
+
+The ldap_compare_ext() and ldap_compare_ext_s() functions support LDAPv3
+server controls and client controls.
+
+
+
+
+
+
+
+Expires: May 2001 [Page 34]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+11.10. Modifying an entry
+
+The following routines are used to modify an existing LDAP entry. There
+are four variations:
+
+ typedef union mod_vals_u {
+ char **modv_strvals;
+ struct berval **modv_bvals;
+ } mod_vals_u_t;
+
+ typedef struct ldapmod {
+ int mod_op;
+ char *mod_type;
+ mod_vals_u_t mod_vals;
+ } LDAPMod;
+ #define mod_values mod_vals.modv_strvals
+ #define mod_bvalues mod_vals.modv_bvals
+
+ int ldap_modify_ext(
+ LDAP *ld,
+ const char *dn,
+ LDAPMod **mods,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp
+ );
+
+ int ldap_modify_ext_s(
+ LDAP *ld,
+ const char *dn,
+ LDAPMod **mods,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls
+ );
+
+ int ldap_modify(
+ LDAP *ld,
+ const char *dn,
+ LDAPMod **mods
+ );
+
+ int ldap_modify_s(
+ LDAP *ld,
+ const char *dn,
+ LDAPMod **mods
+ );
+
+Parameters are:
+
+
+
+Expires: May 2001 [Page 35]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ld The session handle.
+
+dn The name of the entry to modify. If NULL, a zero length DN
+ is sent to the server.
+
+mods A NULL-terminated array of modifications to make to the
+ entry.
+
+serverctrls List of LDAP server controls, or NULL if no server controls
+ are to be used.
+
+clientctrls List of client controls, or NULL if no client controls are
+ to be used.
+
+msgidp This result parameter will be set to the message id of the
+ request if the ldap_modify_ext() call succeeds. The value
+ is undefined if a value other than LDAP_SUCCESS is
+ returned.
+
+The fields in the LDAPMod structure have the following meanings:
+
+mod_op The modification operation to perform. It MUST be one of
+ LDAP_MOD_ADD (0x00), LDAP_MOD_DELETE (0x01), or
+ LDAP_MOD_REPLACE (0x02). This field also indicates the
+ type of values included in the mod_vals union. It is logi-
+ cally ORed with LDAP_MOD_BVALUES (0x80) to select the
+ mod_bvalues form. Otherwise, the mod_values form is used.
+
+mod_type The type of the attribute to modify.
+
+mod_vals The values (if any) to add, delete, or replace. Only one of
+ the mod_values or mod_bvalues variants can be used,
+ selected by ORing the mod_op field with the constant
+ LDAP_MOD_BVALUES. mod_values is a NULL-terminated array of
+ zero-terminated strings and mod_bvalues is a NULL-
+ terminated array of berval structures that can be used to
+ pass binary values such as images.
+
+For LDAP_MOD_ADD modifications, the given values are added to the
+entry, creating the attribute if necessary.
+
+For LDAP_MOD_DELETE modifications, the given values are deleted from the
+entry, removing the attribute if no values remain. If the entire attri-
+bute is to be deleted, the mod_vals field can be set to NULL.
+
+For LDAP_MOD_REPLACE modifications, the attribute will have the listed
+values after the modification, having been created if necessary, or
+removed if the mod_vals field is NULL. All modifications are performed
+
+
+
+Expires: May 2001 [Page 36]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+in the order in which they are listed.
+
+The ldap_modify_ext() function initiates an asynchronous modify opera-
+tion and returns the constant LDAP_SUCCESS if the request was success-
+fully sent, or another LDAP result code if not. See the section below
+on error handling for more information about possible errors and how to
+interpret them. If successful, ldap_modify_ext() places the message id
+of the request in *msgidp. A subsequent call to ldap_result(), described
+below, can be used to obtain the result of the modify.
+
+Similar to ldap_modify_ext(), the ldap_modify() function initiates an
+asynchronous modify operation and returns the message id of the opera-
+tion initiated. As for ldap_modify_ext(), a subsequent call to
+ldap_result(), described below, can be used to obtain the result of the
+modify. In case of error, ldap_modify() will return -1, setting the ses-
+sion error parameters in the LDAP structure appropriately.
+
+The synchronous ldap_modify_ext_s() and ldap_modify_s() functions both
+return the result of the operation, either the constant LDAP_SUCCESS if
+the operation was successful, or another LDAP result code if it was not.
+See the section below on error handling for more information about pos-
+sible errors and how to interpret them.
+
+The ldap_modify_ext() and ldap_modify_ext_s() functions support LDAPv3
+server controls and client controls.
+
+
+11.11. Modifying the Name of an Entry
+
+In LDAPv2, the ldap_modrdn(), ldap_modrdn_s(), ldap_modrdn2(), and
+ldap_modrdn2_s() routines were used to change the name of an LDAP entry.
+They could only be used to change the least significant component of a
+name (the RDN or relative distinguished name). LDAPv3 provides the
+Modify DN protocol operation that allows more general name change
+access. The ldap_rename() and ldap_rename_s() routines are used to
+change the name of an entry, and the use of the ldap_modrdn(),
+ldap_modrdn_s(), ldap_modrdn2(), and ldap_modrdn2_s() routines is depre-
+cated.
+
+ int ldap_rename(
+ LDAP *ld,
+ const char *dn,
+ const char *newrdn,
+ const char *newparent,
+ int deleteoldrdn,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp
+
+
+
+Expires: May 2001 [Page 37]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ );
+ int ldap_rename_s(
+ LDAP *ld,
+ const char *dn,
+ const char *newrdn,
+ const char *newparent,
+ int deleteoldrdn,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls
+ );
+
+ The use of the following routines is deprecated and more complete
+ descriptions can be found in RFC 1823:
+
+ int ldap_modrdn(
+ LDAP *ld,
+ const char *dn,
+ const char *newrdn
+ );
+ int ldap_modrdn_s(
+ LDAP *ld,
+ const char *dn,
+ const char *newrdn
+ );
+ int ldap_modrdn2(
+ LDAP *ld,
+ const char *dn,
+ const char *newrdn,
+ int deleteoldrdn
+ );
+ int ldap_modrdn2_s(
+ LDAP *ld,
+ const char *dn,
+ const char *newrdn,
+ int deleteoldrdn
+ );
+
+Parameters are:
+
+ld The session handle.
+
+dn The name of the entry whose DN is to be changed. If NULL,
+ a zero length DN is sent to the server.
+
+newrdn The new RDN to give the entry.
+
+newparent The new parent, or superior entry. If this parameter is
+ NULL, only the RDN of the entry is changed. The root DN
+
+
+
+Expires: May 2001 [Page 38]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ SHOULD be specified by passing a zero length string, "".
+ The newparent parameter SHOULD always be NULL when using
+ version 2 of the LDAP protocol; otherwise the server's
+ behavior is undefined.
+
+deleteoldrdn This parameter only has meaning on the rename routines if
+ newrdn is different than the old RDN. It is a boolean
+ value, if non-zero indicating that the old RDN value(s) is
+ to be removed, if zero indicating that the old RDN value(s)
+ is to be retained as non-distinguished values of the entry.
+
+serverctrls List of LDAP server controls, or NULL if no server controls
+ are to be used.
+
+clientctrls List of client controls, or NULL if no client controls are
+ to be used.
+
+msgidp This result parameter will be set to the message id of the
+ request if the ldap_rename() call succeeds. The value is
+ undefined if a value other than LDAP_SUCCESS is returned.
+
+The ldap_rename() function initiates an asynchronous modify DN operation
+and returns the constant LDAP_SUCCESS if the request was successfully
+sent, or another LDAP result code if not. See the section below on
+error handling for more information about possible errors and how to
+interpret them. If successful, ldap_rename() places the DN message id
+of the request in *msgidp. A subsequent call to ldap_result(), described
+below, can be used to obtain the result of the rename.
+
+The synchronous ldap_rename_s() returns the result of the operation,
+either the constant LDAP_SUCCESS if the operation was successful, or
+another LDAP result code if it was not. See the section below on error
+handling for more information about possible errors and how to interpret
+them.
+
+The ldap_rename() and ldap_rename_s() functions both support LDAPv3
+server controls and client controls.
+
+
+11.12. Adding an entry
+
+The following functions are used to add entries to the LDAP directory.
+There are four variations:
+
+ int ldap_add_ext(
+ LDAP *ld,
+ const char *dn,
+ LDAPMod **attrs,
+
+
+
+Expires: May 2001 [Page 39]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp
+ );
+
+ int ldap_add_ext_s(
+ LDAP *ld,
+ const char *dn,
+ LDAPMod **attrs,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls
+ );
+
+ int ldap_add(
+ LDAP *ld,
+ const char *dn,
+ LDAPMod **attrs
+ );
+
+ int ldap_add_s(
+ LDAP *ld,
+ const char *dn,
+ LDAPMod **attrs
+ );
+
+Parameters are:
+
+ld The session handle.
+
+dn The name of the entry to add. If NULL, a zero length DN is
+ sent to the server.
+
+attrs The entry's attributes, specified using the LDAPMod struc-
+ ture defined for ldap_modify(). The mod_type and mod_vals
+ fields MUST be filled in. The mod_op field is ignored
+ unless ORed with the constant LDAP_MOD_BVALUES, used to
+ select the mod_bvalues case of the mod_vals union.
+
+serverctrls List of LDAP server controls, or NULL if no server controls
+ are to be used.
+
+clientctrls List of client controls, or NULL if no client controls are
+ to be used.
+
+msgidp This result parameter will be set to the message id of the
+ request if the ldap_add_ext() call succeeds. The value is
+ undefined if a value other than LDAP_SUCCESS is returned.
+
+
+
+
+Expires: May 2001 [Page 40]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+Note that the parent of the entry being added must already exist or the
+parent must be empty (i.e., equal to the root DN) for an add to succeed.
+
+The ldap_add_ext() function initiates an asynchronous add operation and
+returns the constant LDAP_SUCCESS if the request was successfully sent,
+or another LDAP result code if not. See the section below on error han-
+dling for more information about possible errors and how to interpret
+them. If successful, ldap_add_ext() places the message id of the
+request in *msgidp. A subsequent call to ldap_result(), described below,
+can be used to obtain the result of the add.
+
+Similar to ldap_add_ext(), the ldap_add() function initiates an asyn-
+chronous add operation and returns the message id of the operation ini-
+tiated. As for ldap_add_ext(), a subsequent call to ldap_result(),
+described below, can be used to obtain the result of the add. In case of
+error, ldap_add() will return -1, setting the session error parameters
+in the LDAP structure appropriately.
+
+The synchronous ldap_add_ext_s() and ldap_add_s() functions both return
+the result of the operation, either the constant LDAP_SUCCESS if the
+operation was successful, or another LDAP result code if it was not.
+See the section below on error handling for more information about pos-
+sible errors and how to interpret them.
+
+The ldap_add_ext() and ldap_add_ext_s() functions support LDAPv3 server
+controls and client controls.
+
+
+
+11.13. Deleting an entry
+
+The following functions are used to delete a leaf entry from the LDAP
+directory. There are four variations:
+
+ int ldap_delete_ext(
+ LDAP *ld,
+ const char *dn,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp
+ );
+
+ int ldap_delete_ext_s(
+ LDAP *ld,
+ const char *dn,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls
+ );
+
+
+
+Expires: May 2001 [Page 41]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+
+ int ldap_delete(
+ LDAP *ld,
+ const char *dn
+ );
+
+ int ldap_delete_s(
+ LDAP *ld,
+ const char *dn
+ );
+
+Parameters are:
+
+ld The session handle.
+
+dn The name of the entry to delete. If NULL, a zero length DN
+ is sent to the server.
+
+serverctrls List of LDAP server controls, or NULL if no server controls
+ are to be used.
+
+clientctrls List of client controls, or NULL if no client controls are
+ to be used.
+
+msgidp This result parameter will be set to the message id of the
+ request if the ldap_delete_ext() call succeeds. The value
+ is undefined if a value other than LDAP_SUCCESS is
+ returned.
+
+Note that the entry to delete must be a leaf entry (i.e., it must have
+no children). Deletion of entire subtrees in a single operation is not
+supported by LDAP.
+
+The ldap_delete_ext() function initiates an asynchronous delete opera-
+tion and returns the constant LDAP_SUCCESS if the request was success-
+fully sent, or another LDAP result code if not. See the section below
+on error handling for more information about possible errors and how to
+interpret them. If successful, ldap_delete_ext() places the message id
+of the request in *msgidp. A subsequent call to ldap_result(), described
+below, can be used to obtain the result of the delete.
+
+Similar to ldap_delete_ext(), the ldap_delete() function initiates an
+asynchronous delete operation and returns the message id of the opera-
+tion initiated. As for ldap_delete_ext(), a subsequent call to
+ldap_result(), described below, can be used to obtain the result of the
+delete. In case of error, ldap_delete() will return -1, setting the ses-
+sion error parameters in the LDAP structure appropriately.
+
+
+
+
+Expires: May 2001 [Page 42]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+The synchronous ldap_delete_ext_s() and ldap_delete_s() functions both
+return the result of the operation, either the constant LDAP_SUCCESS if
+the operation was successful, or another LDAP result code if it was not.
+See the section below on error handling for more information about pos-
+sible errors and how to interpret them.
+
+The ldap_delete_ext() and ldap_delete_ext_s() functions support LDAPv3
+server controls and client controls.
+
+
+11.14. Extended Operations
+
+The ldap_extended_operation() and ldap_extended_operation_s() routines
+allow extended LDAP operations to be passed to the server, providing a
+general protocol extensibility mechanism.
+
+ int ldap_extended_operation(
+ LDAP *ld,
+ const char *requestoid,
+ const struct berval *requestdata,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp
+ );
+
+ int ldap_extended_operation_s(
+ LDAP *ld,
+ const char *requestoid,
+ const struct berval *requestdata,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ char **retoidp,
+ struct berval **retdatap
+ );
+
+Parameters are:
+
+ld The session handle.
+
+requestoid The dotted-OID text string naming the request.
+
+requestdata The arbitrary data needed by the operation (if NULL, no
+ data is sent to the server).
+
+serverctrls List of LDAP server controls, or NULL if no server controls
+ are to be used.
+
+clientctrls List of client controls, or NULL if no client controls are
+
+
+
+Expires: May 2001 [Page 43]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ to be used.
+
+msgidp This result parameter will be set to the message id of the
+ request if the ldap_extended_operation() call succeeds. The
+ value is undefined if a value other than LDAP_SUCCESS is
+ returned.
+
+retoidp Pointer to a character string that will be set to an allo-
+ cated, dotted-OID text string returned by the server. This
+ string SHOULD be disposed of using the ldap_memfree() func-
+ tion. If an API error occurs or no OID is returned by the
+ server, *retoidp is set to NULL.
+
+retdatap Pointer to a berval structure pointer that will be set an
+ allocated copy of the data returned by the server. This
+ struct berval SHOULD be disposed of using ber_bvfree(). If
+ an API error occurs or no data is returned by the server,
+ *retdatap is set to NULL.
+
+The ldap_extended_operation() function initiates an asynchronous
+extended operation and returns the constant LDAP_SUCCESS if the request
+was successfully sent, or another LDAP result code if not. See the sec-
+tion below on error handling for more information about possible errors
+and how to interpret them. If successful, ldap_extended_operation()
+places the message id of the request in *msgidp. A subsequent call to
+ldap_result(), described below, can be used to obtain the result of the
+extended operation which can be passed to ldap_parse_extended_result()
+to obtain the OID and data contained in the response.
+
+The synchronous ldap_extended_operation_s() function returns the result
+of the operation, either the constant LDAP_SUCCESS if the operation was
+successful, or another LDAP result code if it was not. See the section
+below on error handling for more information about possible errors and
+how to interpret them. The retoid and retdata parameters are filled in
+with the OID and data from the response.
+
+The ldap_extended_operation() and ldap_extended_operation_s() functions
+both support LDAPv3 server controls and client controls.
+
+
+12. Abandoning An Operation
+
+The following calls are used to abandon an operation in progress:
+
+ int ldap_abandon_ext(
+ LDAP *ld,
+ int msgid,
+ LDAPControl **serverctrls,
+
+
+
+Expires: May 2001 [Page 44]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ LDAPControl **clientctrls
+ );
+
+ int ldap_abandon(
+ LDAP *ld,
+ int msgid
+ );
+
+
+ld The session handle.
+
+msgid The message id of the request to be abandoned.
+
+serverctrls List of LDAP server controls, or NULL if no server controls
+ are to be used.
+
+clientctrls List of client controls, or NULL if no client controls are
+ to be used.
+
+ldap_abandon_ext() abandons the operation with message id msgid and
+returns the constant LDAP_SUCCESS if the abandon was successful or
+another LDAP result code if not. See the section below on error han-
+dling for more information about possible errors and how to interpret
+them.
+
+ldap_abandon() is identical to ldap_abandon_ext() except that it does
+not accept client or server controls and it returns zero if the abandon
+was successful, -1 otherwise.
+
+After a successful call to ldap_abandon() or ldap_abandon_ext(), results
+with the given message id are never returned from a subsequent call to
+ldap_result(). There is no server response to LDAP abandon operations.
+
+
+13. Obtaining Results and Peeking Inside LDAP Messages
+
+ldap_result() is used to obtain the result of a previous asynchronously
+initiated operation. Note that depending on how it is called,
+ldap_result() can actually return a list or "chain" of result messages.
+The ldap_result() function only returns messages for a single request,
+so for all LDAP operations other than search only one result message is
+expected; that is, the only time the "result chain" can contain more
+than one message is if results from a search operation are returned.
+Once a chain of messages has been returned to the caller, it is no
+longer tied in any caller-visible way to the LDAP request that produced
+it. However, it MAY be tied to the session handle. Therefore, a chain
+of messages returned by calling ldap_result() or by calling a synchro-
+nous search routine will never be affected by subsequent LDAP API calls
+
+
+
+Expires: May 2001 [Page 45]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+except for ldap_msgfree() (which is used to dispose of a chain of mes-
+sages) and the unbind calls (which dispose of a session handle):
+ldap_unbind(), ldap_unbind_s(), or ldap_unbind_ext(), or functions
+defined by extensions of this API.
+
+ldap_msgfree() frees the result messages (possibly an entire chain of
+messages) obtained from a previous call to ldap_result() or from a call
+to a synchronous search routine.
+
+ldap_msgtype() returns the type of an LDAP message.
+
+ldap_msgid() returns the message ID of an LDAP message.
+
+ int ldap_result(
+ LDAP *ld,
+ int msgid,
+ int all,
+ struct timeval *timeout,
+ LDAPMessage **res
+ );
+
+ int ldap_msgfree( LDAPMessage *res );
+
+ int ldap_msgtype( LDAPMessage *res );
+
+ int ldap_msgid( LDAPMessage *res );
+
+Parameters are:
+
+ld The session handle.
+
+msgid The message id of the operation whose results are to be
+ returned, the constant LDAP_RES_UNSOLICITED (0) if an unsoli-
+ cited result is desired, or or the constant LDAP_RES_ANY (-1)
+ if any result is desired.
+
+all Specifies how many messages will be retrieved in a single call
+ to ldap_result(). This parameter only has meaning for search
+ results. Pass the constant LDAP_MSG_ONE (0x00) to retrieve one
+ message at a time. Pass LDAP_MSG_ALL (0x01) to request that
+ all results of a search be received before returning all
+ results in a single chain. Pass LDAP_MSG_RECEIVED (0x02) to
+ indicate that all messages retrieved so far are to be returned
+ in the result chain.
+
+timeout A timeout specifying how long to wait for results to be
+ returned. A NULL value causes ldap_result() to block until
+ results are available. A timeout value of zero seconds
+
+
+
+Expires: May 2001 [Page 46]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ specifies a polling behavior.
+
+res For ldap_result(), a result parameter that will contain the
+ result(s) of the operation. If an API error occurs or no
+ results are returned, *res is set to NULL. For ldap_msgfree(),
+ the result chain to be freed, obtained from a previous call to
+ ldap_result(), ldap_search_s(), or ldap_search_st(). If res is
+ NULL, nothing is done and ldap_msgfree() returns zero.
+
+Upon successful completion, ldap_result() returns the type of the first
+result returned in the res parameter. This will be one of the following
+constants.
+
+ LDAP_RES_BIND (0x61)
+ LDAP_RES_SEARCH_ENTRY (0x64)
+ LDAP_RES_SEARCH_REFERENCE (0x73) -- new in LDAPv3
+ LDAP_RES_SEARCH_RESULT (0x65)
+ LDAP_RES_MODIFY (0x67)
+ LDAP_RES_ADD (0x69)
+ LDAP_RES_DELETE (0x6B)
+ LDAP_RES_MODDN (0x6D)
+ LDAP_RES_COMPARE (0x6F)
+ LDAP_RES_EXTENDED (0x78) -- new in LDAPv3
+
+ldap_result() returns 0 if the timeout expired and -1 if an error
+occurs, in which case the error parameters of the LDAP session handle
+will be set accordingly.
+
+ldap_msgfree() frees each message in the result chain pointed to by res
+and returns the type of the last message in the chain. If res is NULL,
+nothing is done and the value zero is returned.
+
+ldap_msgtype() returns the type of the LDAP message it is passed as a
+parameter. The type will be one of the types listed above, or -1 on
+error.
+
+ldap_msgid() returns the message ID associated with the LDAP message
+passed as a parameter, or -1 on error.
+
+
+14. Handling Errors and Parsing Results
+
+The following calls are used to extract information from results and
+handle errors returned by other LDAP API routines. Note that
+ldap_parse_sasl_bind_result() and ldap_parse_extended_result() must typ-
+ically be used in addition to ldap_parse_result() to retrieve all the
+result information from SASL Bind and Extended Operations respectively.
+
+
+
+
+Expires: May 2001 [Page 47]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ int ldap_parse_result(
+ LDAP *ld,
+ LDAPMessage *res,
+ int *errcodep,
+ char **matcheddnp,
+ char **errmsgp,
+ char ***referralsp,
+ LDAPControl ***serverctrlsp,
+ int freeit
+ );
+
+ int ldap_parse_sasl_bind_result(
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval **servercredp,
+ int freeit
+ );
+
+ int ldap_parse_extended_result(
+ LDAP *ld,
+ LDAPMessage *res,
+ char **retoidp,
+ struct berval **retdatap,
+ int freeit
+ );
+
+ #define LDAP_NOTICE_OF_DISCONNECTION "1.3.6.1.4.1.1466.20036"
+
+ char *ldap_err2string( int err );
+
+ The use of the following routines is deprecated and more complete
+ descriptions can be found in RFC 1823:
+
+ int ldap_result2error(
+ LDAP *ld,
+ LDAPMessage *res,
+ int freeit
+ );
+
+ void ldap_perror( LDAP *ld, const char *msg );
+
+Parameters are:
+
+ld The session handle.
+
+res The result of an LDAP operation as returned by
+ ldap_result() or one of the synchronous API operation
+ calls.
+
+
+
+Expires: May 2001 [Page 48]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+errcodep This result parameter will be filled in with the LDAP
+ resultCode field from the LDAPMessage message. This is the
+ indication from the server of the outcome of the operation.
+ NULL SHOULD be passed to ignore this field.
+
+matcheddnp If the server returned a matchedDN string to indicate how
+ much of a name passed in a request was recognized, this
+ result parameter will be filled in with that matchedDN
+ string. Otherwise, this field will be set to NULL. NULL
+ SHOULD be passed to ignore this field. The matched DN
+ string SHOULD be freed by calling ldap_memfree() which is
+ described later in this document. Note that the server may
+ return a zero length matchedDN (in which case *matchednp is
+ set to an allocated copy of "") which is different than not
+ returning a value at all (in which case *matcheddnp is set
+ to NULL).
+
+errmsgp This result parameter will be filled in with the contents
+ of the error message field from the LDAPMessage message.
+ The error message string SHOULD be freed by calling
+ ldap_memfree() which is described later in this document.
+ NULL SHOULD be passed to ignore this field.
+
+referralsp This result parameter will be filled in with the contents
+ of the referrals field from the LDAPMessage message, indi-
+ cating zero or more alternate LDAP servers where the
+ request is to be retried. The referrals array SHOULD be
+ freed by calling ldap_value_free() which is described later
+ in this document. NULL SHOULD be passed to ignore this
+ field. If no referrals were returned, *referralsp is set
+ to NULL.
+
+serverctrlsp This result parameter will be filled in with an allocated
+ array of controls copied out of the LDAPMessage message.
+ If serverctrlsp is NULL, no controls are returned. The
+ control array SHOULD be freed by calling
+ ldap_controls_free() which was described earlier. If no
+ controls were returned, *serverctrlsp is set to NULL.
+
+freeit A boolean that determines whether the res parameter is
+ disposed of or not. Pass any non-zero value to have these
+ routines free res after extracting the requested informa-
+ tion. This is provided as a convenience; you can also use
+ ldap_msgfree() to free the result later. If freeit is
+ non-zero, the entire chain of messages represented by res
+ is disposed of.
+
+servercredp For SASL bind results, this result parameter will be filled
+
+
+
+Expires: May 2001 [Page 49]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ in with the credentials passed back by the server for
+ mutual authentication, if given. An allocated berval struc-
+ ture is returned that SHOULD be disposed of by calling
+ ber_bvfree(). NULL SHOULD be passed to ignore this field.
+
+retoidp For extended results, this result parameter will be filled
+ in with the dotted-OID text representation of the name of
+ the extended operation response. This string SHOULD be
+ disposed of by calling ldap_memfree(). NULL SHOULD be
+ passed to ignore this field. If no OID was returned,
+ *retoidp is set to NULL. The LDAP_NOTICE_OF_DISCONNECTION
+ macro is defined as a convenience for clients that wish to
+ check an OID to see if it matches the one used for the
+ unsolicited Notice of Disconnection (defined in RFC 2251[2]
+ section 4.4.1).
+
+retdatap For extended results, this result parameter will be filled
+ in with a pointer to a struct berval containing the data in
+ the extended operation response. It SHOULD be disposed of
+ by calling ber_bvfree(). NULL SHOULD be passed to ignore
+ this field. If no data is returned, *retdatap is set to
+ NULL.
+
+err For ldap_err2string(), an LDAP result code, as returned by
+ ldap_parse_result() or another LDAP API call.
+
+Additional parameters for the deprecated routines are not described.
+Interested readers are referred to RFC 1823.
+
+The ldap_parse_result(), ldap_parse_sasl_bind_result(), and
+ldap_parse_extended_result() functions all skip over messages of type
+LDAP_RES_SEARCH_ENTRY and LDAP_RES_SEARCH_REFERENCE when looking for a
+result message to parse. They return the constant LDAP_SUCCESS if the
+result was successfully parsed and another LDAP API result code if not.
+If a value other than LDAP_SUCCESS is returned, the values of all the
+result parameters are undefined. Note that the LDAP result code that
+indicates the outcome of the operation performed by the server is placed
+in the errcodep ldap_parse_result() parameter. If a chain of messages
+that contains more than one result message is passed to these routines
+they always operate on the first result in the chain.
+
+ldap_err2string() is used to convert a numeric LDAP result code, as
+returned by ldap_parse_result(), ldap_parse_sasl_bind_result(),
+ldap_parse_extended_result() or one of the synchronous API operation
+calls, into an informative zero-terminated character string message
+describing the error. It returns a pointer to static data and it MUST
+NOT return NULL; the value returned is always a valid null-terminated
+"C" string.
+
+
+
+Expires: May 2001 [Page 50]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+15. Stepping Through a List of Results
+
+The ldap_first_message() and ldap_next_message() routines are used to
+step through the list of messages in a result chain returned by
+ldap_result(). For search operations, the result chain can actually
+include referral messages, entry messages, and result messages.
+ldap_count_messages() is used to count the number of messages returned.
+The ldap_msgtype() function, described above, can be used to distinguish
+between the different message types.
+
+ LDAPMessage *ldap_first_message( LDAP *ld, LDAPMessage *res );
+
+ LDAPMessage *ldap_next_message( LDAP *ld, LDAPMessage *msg );
+
+ int ldap_count_messages( LDAP *ld, LDAPMessage *res );
+
+Parameters are:
+
+ld The session handle.
+
+res The result chain, as obtained by a call to one of the synchronous
+ search routines or ldap_result().
+
+msg The message returned by a previous call to ldap_first_message()
+ or ldap_next_message().
+
+ldap_first_message() and ldap_next_message() will return NULL when no
+more messages exist in the result set to be returned. NULL is also
+returned if an error occurs while stepping through the entries, in which
+case the error parameters in the session handle ld will be set to indi-
+cate the error.
+
+If successful, ldap_count_messages() returns the number of messages con-
+tained in a chain of results; if an error occurs such as the res parame-
+ter being invalid, -1 is returned. The ldap_count_messages() call can
+also be used to count the number of messages that remain in a chain if
+called with a message, entry, or reference returned by
+ldap_first_message(), ldap_next_message(), ldap_first_entry(),
+ldap_next_entry(), ldap_first_reference(), ldap_next_reference().
+
+
+16. Parsing Search Results
+
+The following calls are used to parse the entries and references
+returned by ldap_search() and friends. These results are returned in an
+opaque structure that MAY be accessed by calling the routines described
+below. Routines are provided to step through the entries and references
+returned, step through the attributes of an entry, retrieve the name of
+
+
+
+Expires: May 2001 [Page 51]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+an entry, and retrieve the values associated with a given attribute in
+an entry.
+
+
+16.1. Stepping Through a List of Entries or References
+
+The ldap_first_entry() and ldap_next_entry() routines are used to step
+through and retrieve the list of entries from a search result chain.
+The ldap_first_reference() and ldap_next_reference() routines are used
+to step through and retrieve the list of continuation references from a
+search result chain. ldap_count_entries() is used to count the number
+of entries returned. ldap_count_references() is used to count the number
+of references returned.
+
+ LDAPMessage *ldap_first_entry( LDAP *ld, LDAPMessage *res );
+
+ LDAPMessage *ldap_next_entry( LDAP *ld, LDAPMessage *entry );
+
+ LDAPMessage *ldap_first_reference( LDAP *ld, LDAPMessage *res );
+
+ LDAPMessage *ldap_next_reference( LDAP *ld, LDAPMessage *ref );
+
+ int ldap_count_entries( LDAP *ld, LDAPMessage *res );
+
+ int ldap_count_references( LDAP *ld, LDAPMessage *res );
+
+Parameters are:
+
+ld The session handle.
+
+res The search result, as obtained by a call to one of the synchro-
+ nous search routines or ldap_result().
+
+entry The entry returned by a previous call to ldap_first_entry() or
+ ldap_next_entry().
+
+ref The reference returned by a previous call to
+ ldap_first_reference() or ldap_next_reference().
+
+ldap_first_entry(), ldap_next_entry(), ldap_first_reference() and
+ldap_next_reference() all return NULL when no more entries or references
+exist in the result set to be returned. NULL is also returned if an
+error occurs while stepping through the entries or references, in which
+case the error parameters in the session handle ld will be set to indi-
+cate the error.
+
+ldap_count_entries() returns the number of entries contained in a chain
+of entries; if an error occurs such as the res parameter being invalid,
+
+
+
+Expires: May 2001 [Page 52]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+-1 is returned. The ldap_count_entries() call can also be used to count
+the number of entries that remain in a chain if called with a message,
+entry or reference returned by ldap_first_message(),
+ldap_next_message(), ldap_first_entry(), ldap_next_entry(),
+ldap_first_reference(), ldap_next_reference().
+
+ldap_count_references() returns the number of references contained in a
+chain of search results; if an error occurs such as the res parameter
+being invalid, -1 is returned. The ldap_count_references() call can
+also be used to count the number of references that remain in a chain.
+
+
+16.2. Stepping Through the Attributes of an Entry
+
+The ldap_first_attribute() and ldap_next_attribute() calls are used to
+step through the list of attribute types returned with an entry.
+
+ char *ldap_first_attribute(
+ LDAP *ld,
+ LDAPMessage *entry,
+ BerElement **ptr
+ );
+
+ char *ldap_next_attribute(
+ LDAP *ld,
+ LDAPMessage *entry,
+ BerElement *ptr
+ );
+
+ void ldap_memfree( char *mem );
+
+Parameters are:
+
+ld The session handle.
+
+entry The entry whose attributes are to be stepped through, as returned
+ by ldap_first_entry() or ldap_next_entry().
+
+ptr In ldap_first_attribute(), the address of a pointer used inter-
+ nally to keep track of the current position in the entry. In
+ ldap_next_attribute(), the pointer returned by a previous call to
+ ldap_first_attribute(). The BerElement type itself is an opaque
+ structure that is described in more detail later in this document
+ in the section "Encoded ASN.1 Value Manipulation".
+
+mem A pointer to memory allocated by the LDAP library, such as the
+ attribute type names returned by ldap_first_attribute() and
+ ldap_next_attribute, or the DN returned by ldap_get_dn(). If mem
+
+
+
+Expires: May 2001 [Page 53]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ is NULL, the ldap_memfree() call does nothing.
+
+ldap_first_attribute() and ldap_next_attribute() will return NULL when
+the end of the attributes is reached, or if there is an error, in which
+case the error parameters in the session handle ld will be set to indi-
+cate the error.
+
+Both routines return a pointer to an allocated buffer containing the
+current attribute name. This SHOULD be freed when no longer in use by
+calling ldap_memfree().
+
+ldap_first_attribute() will allocate and return in ptr a pointer to a
+BerElement used to keep track of the current position. This pointer MAY
+be passed in subsequent calls to ldap_next_attribute() to step through
+the entry's attributes. After a set of calls to ldap_first_attribute()
+and ldap_next_attribute(), if ptr is non-NULL, it SHOULD be freed by
+calling ber_free( ptr, 0 ). Note that it is very important to pass the
+second parameter as 0 (zero) in this call, since the buffer associated
+with the BerElement does not point to separately allocated memory.
+
+The attribute type names returned are suitable for passing in a call to
+ldap_get_values() and friends to retrieve the associated values.
+
+
+16.3. Retrieving the Values of an Attribute
+
+ldap_get_values() and ldap_get_values_len() are used to retrieve the
+values of a given attribute from an entry. ldap_count_values() and
+ldap_count_values_len() are used to count the returned values.
+ldap_value_free() and ldap_value_free_len() are used to free the values.
+
+ char **ldap_get_values(
+ LDAP *ld,
+ LDAPMessage *entry,
+ const char *attr
+ );
+
+ struct berval **ldap_get_values_len(
+ LDAP *ld,
+ LDAPMessage *entry,
+ const char *attr
+ );
+
+ int ldap_count_values( char **vals );
+
+ int ldap_count_values_len( struct berval **vals );
+
+ void ldap_value_free( char **vals );
+
+
+
+Expires: May 2001 [Page 54]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ void ldap_value_free_len( struct berval **vals );
+
+Parameters are:
+
+ld The session handle.
+
+entry The entry from which to retrieve values, as returned by
+ ldap_first_entry() or ldap_next_entry().
+
+attr The attribute whose values are to be retrieved, as returned by
+ ldap_first_attribute() or ldap_next_attribute(), or a caller-
+ supplied string (e.g., "mail").
+
+vals The values returned by a previous call to ldap_get_values() or
+ ldap_get_values_len().
+
+Two forms of the various calls are provided. The first form is only
+suitable for use with non-binary character string data. The second _len
+form is used with any kind of data.
+
+ldap_get_values() and ldap_get_values_len() return NULL if no values are
+found for attr or if an error occurs.
+
+ldap_count_values() and ldap_count_values_len() return -1 if an error
+occurs such as the vals parameter being invalid.
+
+If a NULL vals parameter is passed to ldap_value_free() or
+ldap_value_free_len(), nothing is done.
+
+Note that the values returned are dynamically allocated and SHOULD be
+freed by calling either ldap_value_free() or ldap_value_free_len() when
+no longer in use.
+
+
+16.4. Retrieving the name of an entry
+
+ldap_get_dn() is used to retrieve the name of an entry.
+ldap_explode_dn() and ldap_explode_rdn() are used to break up a name
+into its component parts. ldap_dn2ufn() is used to convert the name into
+a more "user friendly" format.
+
+ char *ldap_get_dn( LDAP *ld, LDAPMessage *entry );
+
+ char **ldap_explode_dn( const char *dn, int notypes );
+
+ char **ldap_explode_rdn( const char *rdn, int notypes );
+
+ char *ldap_dn2ufn( const char *dn );
+
+
+
+Expires: May 2001 [Page 55]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+Parameters are:
+
+ld The session handle.
+
+entry The entry whose name is to be retrieved, as returned by
+ ldap_first_entry() or ldap_next_entry().
+
+dn The dn to explode, such as returned by ldap_get_dn(). If NULL,
+ a zero length DN is used.
+
+rdn The rdn to explode, such as returned in the components of the
+ array returned by ldap_explode_dn(). If NULL, a zero length DN
+ is used.
+
+notypes A boolean parameter, if non-zero indicating that the dn or rdn
+ components are to have their type information stripped off
+ (i.e., "cn=Babs" would become "Babs").
+
+ldap_get_dn() will return NULL if there is some error parsing the dn,
+setting error parameters in the session handle ld to indicate the error.
+It returns a pointer to newly allocated space that the caller SHOULD
+free by calling ldap_memfree() when it is no longer in use. Note the
+format of the DNs returned is given by [5]. The root DN is returned as
+a zero length string ("").
+
+ldap_explode_dn() returns a NULL-terminated char * array containing the
+RDN components of the DN supplied, with or without types as indicated by
+the notypes parameter. The components are returned in the order they
+appear in the dn. The array returned SHOULD be freed when it is no
+longer in use by calling ldap_value_free().
+
+ldap_explode_rdn() returns a NULL-terminated char * array containing the
+components of the RDN supplied, with or without types as indicated by
+the notypes parameter. The components are returned in the order they
+appear in the rdn. The array returned SHOULD be freed when it is no
+longer in use by calling ldap_value_free().
+
+ldap_dn2ufn() converts the DN into the user friendly format described in
+[14]. The UFN returned is newly allocated space that SHOULD be freed by
+a call to ldap_memfree() when no longer in use.
+
+
+16.5. Retrieving controls from an entry
+
+ldap_get_entry_controls() is used to extract LDAP controls from an
+entry.
+
+
+
+
+
+Expires: May 2001 [Page 56]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ int ldap_get_entry_controls(
+ LDAP *ld,
+ LDAPMessage *entry,
+ LDAPControl ***serverctrlsp
+ );
+
+Parameters are:
+
+ld The session handle.
+
+entry The entry to extract controls from, as returned by
+ ldap_first_entry() or ldap_next_entry().
+
+serverctrlsp This result parameter will be filled in with an allocated
+ array of controls copied out of entry. The control array
+ SHOULD be freed by calling ldap_controls_free(). If ser-
+ verctrlsp is NULL, no controls are returned. If no con-
+ trols were returned, *serverctrlsp is set to NULL.
+
+ldap_get_entry_controls() returns an LDAP result code that indicates
+whether the reference could be successfully parsed (LDAP_SUCCESS if all
+goes well). If ldap_get_entry_controls() returns a value other than
+LDAP_SUCCESS, the value of the serverctrlsp output parameter is unde-
+fined.
+
+
+
+16.6. Parsing References
+
+ldap_parse_reference() is used to extract referrals and controls from a
+SearchResultReference message.
+
+
+ int ldap_parse_reference(
+ LDAP *ld,
+ LDAPMessage *ref,
+ char ***referralsp,
+ LDAPControl ***serverctrlsp,
+ int freeit
+ );
+
+Parameters are:
+
+ld The session handle.
+
+ref The reference to parse, as returned by ldap_result(),
+ ldap_first_reference(), or ldap_next_reference().
+
+
+
+
+Expires: May 2001 [Page 57]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+referralsp This result parameter will be filled in with an allocated
+ array of character strings. The elements of the array are
+ the referrals (typically LDAP URLs) contained in ref. The
+ array SHOULD be freed when no longer in used by calling
+ ldap_value_free(). If referralsp is NULL, the referral
+ URLs are not returned. If no referrals were returned,
+ *referralsp is set to NULL.
+
+serverctrlsp This result parameter will be filled in with an allocated
+ array of controls copied out of ref. The control array
+ SHOULD be freed by calling ldap_controls_free(). If ser-
+ verctrlsp is NULL, no controls are returned. If no con-
+ trols were returned, *serverctrlsp is set to NULL.
+
+freeit A boolean that determines whether the ref parameter is
+ disposed of or not. Pass any non-zero value to have this
+ routine free ref after extracting the requested informa-
+ tion. This is provided as a convenience; you can also use
+ ldap_msgfree() to free the result later.
+
+ldap_parse_reference() returns an LDAP result code that indicates
+whether the reference could be successfully parsed (LDAP_SUCCESS if all
+goes well). If a value other than LDAP_SUCCESS is returned, the value
+of the referralsp and serverctrlsp result parameters are undefined.
+
+
+
+17. Encoded ASN.1 Value Manipulation
+
+This section describes routines which MAY be used to encode and decode
+BER-encoded ASN.1 values, which are often used inside of control and
+extension values.
+
+With the exceptions of two new functions ber_flatten() and ber_init(),
+these functions are compatible with the University of Michigan LDAP 3.3
+implementation of BER.
+
+Note that the functions defined in this section all provide a method for
+determining success or failure but generally do not provide access to
+specific error codes. Therefore, applications that require precise
+error information when encoding or decoding ASN.1 values SHOULD NOT use
+these functions.
+
+
+17.1. BER Data Structures and Types
+
+The following additional integral types are defined for use in manipula-
+tion of BER encoded ASN.1 values:
+
+
+
+Expires: May 2001 [Page 58]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ typedef <impl_tag_t> ber_tag_t; /* for BER tags */
+
+ typedef <impl_int_t> ber_int_t; /* for BER ints, enums, and Booleans */
+
+ typedef <impl_unit_t> ber_uint_t; /* unsigned equivalent of ber_uint_t */
+
+ typedef <impl_slen_t> ber_slen_t; /* signed equivalent of ber_len_t */
+
+Note that the actual definition for these four integral types is imple-
+mentation specific; that is, `<impl_tag_t>', `<impl_int_t>',
+`<impl_uint_t>', and `<impl_slen_t>' MUST each be replaced with an
+appropriate implementation-specific type.
+
+The `ber_tag_t' type is an unsigned integral data type that is large
+enough to hold the largest BER tag supported by the API implementation.
+The width (number of significant bits) of `ber_tag_t' MUST be at least
+32, greater than or equal to that of `unsigned int' (so that integer
+promotions won't promote it to `int'), and no wider than that of
+`unsigned long'.
+
+The `ber_int_t' and `ber_uint_t' types are the signed and unsigned vari-
+ants of an integral type that is large enough to hold integers for pur-
+poses of BER encoding and decoding. The width of `ber_int_t' MUST be at
+least 32 and no larger than that of `long'.
+
+The `ber_slen_t' type is the signed variant of the `ber_len_t' integral
+type, i.e. if `ber_len_t' is unsigned long, then `ber_slen_t' is signed
+long. The `<impl_slen_t>' in the `ber_len_t' typedef MUST be replaced
+with an appropriate type. Note that `ber_slen_t' is not used directly
+in the C LDAP API but is provided for the convenience of application
+developers and for use by extensions to the API.
+
+ typedef struct berval {
+ ber_len_t bv_len;
+ char *bv_val;
+ } BerValue;
+
+As defined earlier in the section "Common Data Structures", a berval
+structure contains an arbitrary sequence of bytes and an indication of
+its length. The bv_len element is an unsigned integer. The bv_val is
+not necessarily zero-terminated. Applications MAY allocate their own
+berval structures.
+
+As defined earlier in the section "Common Data Structures", the BerEle-
+ment structure is an opaque structure:
+
+ typedef struct berelement BerElement;
+
+
+
+
+Expires: May 2001 [Page 59]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+It contains not only a copy of the encoded value, but also state infor-
+mation used in encoding or decoding. Applications cannot allocate their
+own BerElement structures. The internal state is neither thread-
+specific nor locked, so two threads SHOULD NOT manipulate the same
+BerElement value simultaneously.
+
+A single BerElement value cannot be used for both encoding and decoding.
+
+17.2. Memory Disposal and Utility Functions
+
+ void ber_bvfree( struct berval *bv );
+
+ber_bvfree() frees a berval structure returned from this API. Both the
+bv->bv_val string and the berval structure itself are freed. If bv is
+NULL, this call does nothing.
+
+ void ber_bvecfree( struct berval **bv );
+
+ber_bvecfree() frees an array of berval structures returned from this
+API. Each of the berval structures in the array are freed using
+ber_bvfree(), then the array itself is freed. If bv is NULL, this call
+does nothing.
+
+ struct berval *ber_bvdup( const struct berval *bv );
+
+ber_bvdup() returns a copy of a berval structure. The bv_val field in
+the returned berval structure points to a different area of memory than
+the bv_val field in the bv argument. The NULL pointer is returned on
+error (e.g. out of memory).
+
+ void ber_free( BerElement *ber, int fbuf );
+
+ber_free() frees a BerElement which is returned from the API calls
+ber_alloc_t() or ber_init(). Each BerElement SHOULD be freed by the
+caller. The second argument fbuf SHOULD always be set to 1 to ensure
+that the internal buffer used by the BER functions is freed as well as
+the BerElement container itself. If ber is NULL, this call does noth-
+ing.
+
+
+17.3. Encoding
+
+ BerElement *ber_alloc_t( int options );
+
+ber_alloc_t() constructs and returns BerElement. The NULL pointer is
+returned on error. The options field contains a bitwise-or of options
+which are to be used when generating the encoding of this BerElement.
+One option is defined and SHOULD always be supplied:
+
+
+
+Expires: May 2001 [Page 60]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ #define LBER_USE_DER 0x01
+
+When this option is present, lengths will always be encoded in the
+minimum number of octets. Note that this option does not cause values
+of sets to be rearranged in tag and byte order or default values to be
+removed, so these functions are not sufficient for generating DER output
+as defined in X.509 and X.680. If the caller takes responsibility for
+ordering values of sets correctly and removing default values, DER out-
+put as defined in X.509 and X.680 can be produced.
+
+Unrecognized option bits are ignored.
+
+The BerElement returned by ber_alloc_t() is initially empty. Calls to
+ber_printf() will append bytes to the end of the ber_alloc_t().
+
+ int ber_printf( BerElement *ber, const char *fmt, ... );
+
+The ber_printf() routine is used to encode a BER element in much the
+same way that sprintf() works. One important difference, though, is
+that state information is kept in the ber argument so that multiple
+calls can be made to ber_printf() to append to the end of the BER ele-
+ment. ber MUST be a pointer to a BerElement returned by ber_alloc_t().
+ber_printf() interprets and formats its arguments according to the for-
+mat string fmt. ber_printf() returns -1 if there is an error during
+encoding and a non-negative number if successful. As with sprintf(),
+each character in fmt refers to an argument to ber_printf().
+
+The format string can contain the following format characters:
+
+'t' Tag. The next argument is a ber_tag_t specifying the tag to
+ override the next element to be written to the ber. This works
+ across calls. The integer tag value SHOULD contain the tag
+ class, constructed bit, and tag value. For example, a tag of
+ "[3]" for a constructed type is 0xA3U. All implementations MUST
+ support tags that fit in a single octet (i.e., where the tag
+ value is less than 32) and they MAY support larger tags.
+
+'b' Boolean. The next argument is an ber_int_t, containing either 0
+ for FALSE or 0xff for TRUE. A boolean element is output. If
+ this format character is not preceded by the 't' format modif-
+ ier, the tag 0x01U is used for the element.
+
+'e' Enumerated. The next argument is a ber_int_t, containing the
+ enumerated value in the host's byte order. An enumerated ele-
+ ment is output. If this format character is not preceded by the
+ 't' format modifier, the tag 0x0AU is used for the element.
+
+'i' Integer. The next argument is a ber_int_t, containing the
+
+
+
+Expires: May 2001 [Page 61]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ integer in the host's byte order. An integer element is output.
+ If this format character is not preceded by the 't' format
+ modifier, the tag 0x02U is used for the element.
+
+'B' Bitstring. The next two arguments are a char * pointer to the
+ start of the bitstring, followed by a ber_len_t containing the
+ number of bits in the bitstring. A bitstring element is output,
+ in primitive form. If this format character is not preceded by
+ the 't' format modifier, the tag 0x03U is used for the element.
+
+'X' Reserved and not to be used. In older revisions of this specif-
+ ication,
+
+'n' Null. No argument is needed. An ASN.1 NULL element is output.
+ If this format character is not preceded by the 't' format
+ modifier, the tag 0x05U is used for the element.
+
+'o' Octet string. The next two arguments are a char *, followed by
+ a ber_len_t with the length of the string. The string MAY con-
+ tain null bytes and are do not have to be zero-terminated. An
+ octet string element is output, in primitive form. If this for-
+ mat character is not preceded by the 't' format modifier, the
+ tag 0x04U is used for the element.
+
+'s' Octet string. The next argument is a char * pointing to a
+ zero-terminated string. An octet string element in primitive
+ form is output, which does not include the trailing '\0' (null)
+ byte. If this format character is not preceded by the 't' format
+ modifier, the tag 0x04U is used for the element.
+
+'v' Several octet strings. The next argument is a char **, an array
+ of char * pointers to zero-terminated strings. The last element
+ in the array MUST be a NULL pointer. The octet strings do not
+ include the trailing '\0' (null) byte. Note that a construct
+ like '{v}' is used to get an actual SEQUENCE OF octet strings.
+ The 't' format modifier cannot be used with this format charac-
+ ter.
+
+'V' Several octet strings. A NULL-terminated array of struct berval
+ *'s is supplied. Note that a construct like '{V}' is used to
+ get an actual SEQUENCE OF octet strings. The 't' format modifier
+ cannot be used with this format character.
+
+'{' Begin sequence. No argument is needed. If this format charac-
+ ter is not preceded by the 't' format modifier, the tag 0x30U is
+ used.
+
+'}' End sequence. No argument is needed. The 't' format modifier
+
+
+
+Expires: May 2001 [Page 62]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ cannot be used with this format character.
+
+'[' Begin set. No argument is needed. If this format character is
+ not preceded by the 't' format modifier, the tag 0x31U is used.
+
+']' End set. No argument is needed. The 't' format modifier cannot
+ be used with this format character.
+
+Each use of a '{' format character SHOULD be matched by a '}' character,
+either later in the format string, or in the format string of a subse-
+quent call to ber_printf() for that BerElement. The same applies to the
+'[' and ']' format characters.
+
+Sequences and sets nest, and implementations of this API MUST maintain
+internal state to be able to properly calculate the lengths.
+
+ int ber_flatten( BerElement *ber, struct berval **bvPtr );
+
+The ber_flatten routine allocates a struct berval whose contents are a
+BER encoding taken from the ber argument. The bvPtr pointer points to
+the returned berval structure, which SHOULD be freed using ber_bvfree().
+This routine returns 0 on success and -1 on error.
+
+The ber_flatten API call is not present in U-M LDAP 3.3.
+
+The use of ber_flatten on a BerElement in which all '{' and '}' format
+modifiers have not been properly matched is an error (i.e., -1 will be
+returned by ber_flatten() if this situation is exists).
+
+
+17.4. Encoding Example
+
+The following is an example of encoding the following ASN.1 data type:
+
+ Example1Request ::= SEQUENCE {
+ s OCTET STRING, -- must be printable
+ val1 INTEGER,
+ val2 [0] INTEGER DEFAULT 0
+ }
+
+
+ int encode_example1(const char *s, ber_int_t val1, ber_int_t val2,
+ struct berval **bvPtr)
+ {
+ BerElement *ber;
+ int rc = -1;
+
+ *bvPtr = NULL; /* in case of error */
+
+
+
+Expires: May 2001 [Page 63]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ ber = ber_alloc_t(LBER_USE_DER);
+
+ if (ber == NULL) return -1;
+
+ if (ber_printf(ber,"{si",s,val1) == -1) {
+ goto done;
+ }
+
+ if (val2 != 0) {
+ if (ber_printf(ber,"ti",(ber_tag_t)0x80,val2) == -1) {
+ goto done;
+ }
+ }
+
+ if (ber_printf(ber,"}") == -1) {
+ goto done;
+ }
+
+ rc = ber_flatten(ber,bvPtr);
+
+ done:
+ ber_free(ber,1);
+ return rc;
+ }
+
+
+17.5. Decoding
+
+The following two macros are available to applications: LBER_ERROR and
+LBER_DEFAULT. Both of these macros MUST be #define'd as ber_tag_t
+integral values that are treated as invalid tags by the API implementa-
+tion. It is RECOMMENDED that the values of LBER_ERROR and LBER_DEFAULT
+be the same and that they be defined as values where all octets have the
+value 0xFF. ISO C guarantees that these definitions will work:
+
+ #define LBER_ERROR ((ber_tag_t)-1)
+ #define LBER_DEFAULT ((ber_tag_t)-1)
+
+The intent is that LBER_ERROR and LBER_DEFAULT are both defined as the
+integer value that has all octets set to 0xFF, as such a value is not a
+valid BER tag.
+
+ BerElement *ber_init( const struct berval *bv );
+
+The ber_init function constructs a BerElement and returns a new BerEle-
+ment containing a copy of the data in the bv argument. ber_init returns
+the NULL pointer on error.
+
+
+
+
+Expires: May 2001 [Page 64]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ ber_tag_t ber_scanf( BerElement *ber, const char *fmt, ... );
+
+The ber_scanf() routine is used to decode a BER element in much the same
+way that sscanf() works. One important difference, though, is that some
+state information is kept with the ber argument so that multiple calls
+can be made to ber_scanf() to sequentially read from the BER element.
+The ber argument SHOULD be a pointer to a BerElement returned by
+ber_init(). ber_scanf interprets the bytes according to the format
+string fmt, and stores the results in its additional arguments.
+ber_scanf() returns LBER_ERROR on error, and a different value on suc-
+cess. If an error occurred, the values of all the result parameters are
+undefined.
+
+The format string contains conversion specifications which are used to
+direct the interpretation of the BER element. The format string can
+contain the following characters:
+
+'a' Octet string. A char ** argument MUST be supplied. Memory is
+ allocated, filled with the contents of the octet string, zero-
+ terminated, and the pointer to the string is stored in the argu-
+ ment. The returned value SHOULD be freed using ldap_memfree.
+ The tag of the element MUST indicate the primitive form (con-
+ structed strings are not supported) but is otherwise ignored and
+ discarded during the decoding. This format cannot be used with
+ octet strings which could contain null bytes.
+
+'O' Octet string. A struct berval ** argument MUST be supplied,
+ which upon return points to an allocated struct berval contain-
+ ing the octet string and its length. ber_bvfree() SHOULD be
+ called to free the allocated memory. The tag of the element
+ MUST indicate the primitive form (constructed strings are not
+ supported) but is otherwise ignored during the decoding.
+
+'b' Boolean. A pointer to a ber_int_t MUST be supplied. The
+ ber_int_t value stored will be 0 for FALSE or nonzero for TRUE.
+ The tag of the element MUST indicate the primitive form but is
+ otherwise ignored during the decoding.
+
+'e' Enumerated. A pointer to a ber_int_t MUST be supplied. The
+ enumerated value stored will be in host byte order. The tag of
+ the element MUST indicate the primitive form but is otherwise
+ ignored during the decoding. ber_scanf() will return an error
+ if the value of the enumerated value cannot be stored in a
+ ber_int_t.
+
+'i' Integer. A pointer to a ber_int_t MUST be supplied. The
+ ber_int_t value stored will be in host byte order. The tag of
+ the element MUST indicate the primitive form but is otherwise
+
+
+
+Expires: May 2001 [Page 65]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ ignored during the decoding. ber_scanf() will return an error
+ if the integer cannot be stored in a ber_int_t.
+
+'B' Bitstring. A char ** argument MUST be supplied which will point
+ to the allocated bits, followed by a ber_len_t * argument, which
+ will point to the length (in bits) of the bitstring returned.
+ ldap_memfree SHOULD be called to free the bitstring. The tag of
+ the element MUST indicate the primitive form (constructed bit-
+ strings are not supported) but is otherwise ignored during the
+ decoding.
+
+'n' Null. No argument is needed. The element is verified to have a
+ zero-length value and is skipped. The tag is ignored.
+
+'t' Tag. A pointer to a ber_tag_t MUST be supplied. The ber_tag_t
+ value stored will be the tag of the next element in the BerEle-
+ ment ber, represented so it can be written using the 't' format
+ of ber_printf(). The decoding position within the ber argument
+ is unchanged by this; that is, the fact that the tag has been
+ retrieved does not affect future use of ber.
+
+'v' Several octet strings. A char *** argument MUST be supplied,
+ which upon return points to an allocated NULL-terminated array
+ of char *'s containing the octet strings. NULL is stored if the
+ sequence is empty. ldap_memfree SHOULD be called to free each
+ element of the array and the array itself. The tag of the
+ sequence and of the octet strings are ignored.
+
+'V' Several octet strings (which could contain null bytes). A
+ struct berval *** MUST be supplied, which upon return points to
+ a allocated NULL-terminated array of struct berval *'s contain-
+ ing the octet strings and their lengths. NULL is stored if the
+ sequence is empty. ber_bvecfree() can be called to free the
+ allocated memory. The tag of the sequence and of the octet
+ strings are ignored.
+
+'x' Skip element. The next element is skipped. No argument is
+ needed.
+
+'{' Begin sequence. No argument is needed. The initial sequence
+ tag and length are skipped.
+
+'}' End sequence. No argument is needed.
+
+'[' Begin set. No argument is needed. The initial set tag and
+ length are skipped.
+
+']' End set. No argument is needed.
+
+
+
+Expires: May 2001 [Page 66]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ ber_tag_t ber_peek_tag( BerElement *ber,
+ ber_len_t *lenPtr );
+
+ber_peek_tag() returns the tag of the next element to be parsed in the
+BerElement argument. The length of this element is stored in the
+*lenPtr argument. LBER_DEFAULT is returned if there is no further data
+to be read. The decoding position within the ber argument is unchanged
+by this call; that is, the fact that ber_peek_tag() has been called does
+not affect future use of ber.
+
+ ber_tag_t ber_skip_tag( BerElement *ber, ber_len_t *lenPtr );
+
+ber_skip_tag() is similar to ber_peek_tag(), except that the state
+pointer in the BerElement argument is advanced past the first tag and
+length, and is pointed to the value part of the next element. This rou-
+tine SHOULD only be used with constructed types and situations when a
+BER encoding is used as the value of an OCTET STRING. The length of the
+value is stored in *lenPtr.
+
+ ber_tag_t ber_first_element( BerElement *ber,
+ ber_len_t *lenPtr, char **opaquePtr );
+
+ ber_tag_t ber_next_element( BerElement *ber,
+ ber_len_t *lenPtr, char *opaque );
+
+ber_first_element() and ber_next_element() are used to traverse a SET,
+SET OF, SEQUENCE or SEQUENCE OF data value. ber_first_element() calls
+ber_skip_tag(), stores internal information in *lenPtr and *opaquePtr,
+and calls ber_peek_tag() for the first element inside the constructed
+value. LBER_DEFAULT is returned if the constructed value is empty.
+ber_next_element() positions the state at the start of the next element
+in the constructed type. LBER_DEFAULT is returned if there are no
+further values.
+
+The len and opaque values SHOULD NOT be used by applications other than
+as arguments to ber_next_element(), as shown in the example below.
+
+
+17.6. Decoding Example
+
+The following is an example of decoding an ASN.1 data type:
+
+ Example2Request ::= SEQUENCE {
+ dn OCTET STRING, -- must be printable
+ scope ENUMERATED { b (0), s (1), w (2) },
+ ali ENUMERATED { n (0), s (1), f (2), a (3) },
+ size INTEGER,
+ time INTEGER,
+
+
+
+Expires: May 2001 [Page 67]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ tonly BOOLEAN,
+ attrs SEQUENCE OF OCTET STRING, -- must be printable
+ [0] SEQUENCE OF SEQUENCE {
+ type OCTET STRING -- must be printable,
+ crit BOOLEAN DEFAULT FALSE,
+ value OCTET STRING
+ } OPTIONAL }
+
+ #define TAG_CONTROL_LIST 0xA0U /* context specific cons 0 */
+
+ int decode_example2(struct berval *bv)
+ {
+ BerElement *ber;
+ ber_len_t len;
+ ber_tag_t res;
+ ber_int_t scope, ali, size, time, tonly;
+ char *dn = NULL, **attrs = NULL;
+ int i,rc = 0;
+
+ ber = ber_init(bv);
+ if (ber == NULL) {
+ fputs("ERROR ber_init failed\n", stderr);
+ return -1;
+ }
+
+ res = ber_scanf(ber,"{aiiiib{v}",&dn,&scope,&ali,
+ &size,&time,&tonly,&attrs);
+
+ if (res == LBER_ERROR) {
+ fputs("ERROR ber_scanf failed\n", stderr);
+ ber_free(ber,1);
+ return -1;
+ }
+
+ /* *** use dn */
+ ldap_memfree(dn);
+
+ for (i = 0; attrs != NULL && attrs[i] != NULL; i++) {
+ /* *** use attrs[i] */
+ ldap_memfree(attrs[i]);
+ }
+ ldap_memfree((char *)attrs);
+
+ if (ber_peek_tag(ber,&len) == TAG_CONTROL_LIST) {
+ char *opaque;
+ ber_tag_t tag;
+
+ for (tag = ber_first_element(ber,&len,&opaque);
+
+
+
+Expires: May 2001 [Page 68]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ tag != LBER_DEFAULT;
+ tag = ber_next_element (ber,&len,opaque)) {
+
+ ber_len_t tlen;
+ ber_tag_t ttag;
+ char *type;
+ ber_int_t crit;
+ struct berval *value;
+
+ if (ber_scanf(ber,"{a",&type) == LBER_ERROR) {
+ fputs("ERROR cannot parse type\n", stderr);
+ break;
+ }
+ /* *** use type */
+ ldap_memfree(type);
+
+ ttag = ber_peek_tag(ber,&tlen);
+ if (ttag == 0x01U) { /* boolean */
+ if (ber_scanf(ber,"b",
+ &crit) == LBER_ERROR) {
+ fputs("ERROR cannot parse crit\n",
+ stderr);
+ rc = -1;
+ break;
+ }
+ } else if (ttag == 0x04U) { /* octet string */
+ crit = 0;
+ } else {
+ fputs("ERROR extra field in controls\n",
+ stderr );
+ break;
+ }
+
+ if (ber_scanf(ber,"O}",&value) == LBER_ERROR) {
+ fputs("ERROR cannot parse value\n", stderr);
+ rc = -1;
+ break;
+ }
+ /* *** use value */
+ ber_bvfree(value);
+ }
+ }
+
+ if ( rc == 0 ) { /* no errors so far */
+ if (ber_scanf(ber,"}") == LBER_ERROR) {
+ rc = -1;
+ }
+ }
+
+
+
+Expires: May 2001 [Page 69]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ ber_free(ber,1);
+
+ return rc;
+ }
+
+
+
+18. Security Considerations
+
+LDAPv2 supports security through protocol-level authentication using
+clear-text passwords. LDAPv3 adds support for SASL [12] (Simple Authen-
+tication Security Layer) methods. LDAPv3 also supports operation over a
+secure transport layer using Transport Layer Security TLS [9]. Readers
+are referred to the protocol documents for discussion of related secu-
+rity considerations.
+
+Implementations of this API SHOULD be cautious when handling authentica-
+tion credentials. In particular, keeping long-lived copies of creden-
+tials without the application's knowledge is discouraged.
+
+
+19. Acknowledgements
+
+Many members of the IETF ASID and LDAPEXT working groups as well as
+members of the Internet at large have provided useful comments and
+suggestions that have been incorporated into this document. Chris
+Weider deserves special mention for his contributions as co-author of
+earlier revisions of this document.
+
+The original material upon which this specification is based was sup-
+ported by the National Science Foundation under Grant No. NCR-9416667.
+
+
+20. Copyright
+
+Copyright (C) The Internet Society (1997-2000). All Rights Reserved.
+
+This document and translations of it may be copied and furnished to oth-
+ers, and derivative works that comment on or otherwise explain it or
+assist in its implementation may be prepared, copied, published and dis-
+tributed, in whole or in part, without restriction of any kind, provided
+that the above copyright notice and this paragraph are included on all
+such copies and derivative works. However, this document itself may not
+be modified in any way, such as by removing the copyright notice or
+references to the Internet Society or other Internet organizations,
+except as needed for the purpose of developing Internet standards in
+which case the procedures for copyrights defined in the Internet Stan-
+dards process must be followed, or as required to translate it into
+
+
+
+Expires: May 2001 [Page 70]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+languages other than English.
+
+The limited permissions granted above are perpetual and will not be
+revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on an "AS
+IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
+FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
+INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FIT-
+NESS FOR A PARTICULAR PURPOSE.
+
+
+21. Bibliography
+
+[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", RFC 2119, March 1997.
+
+[2] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access Protocol
+ (v3)", RFC 2251, December 1997.
+
+[3] M. Wahl, A. Coulbeck, T. Howes, S. Kille, W. Yeong, C. Robbins,
+ "Lightweight Directory Access Protocol (v3): Attribute Syntax
+ Definitions", RFC 2252, December 1997.
+
+[4] The Directory: Selected Attribute Syntaxes. CCITT, Recommendation
+ X.520.
+
+[5] M. Wahl, S. Kille, T. Howes, "Lightweight Directory Access Protocol
+ (v3): A UTF-8 String Representation of Distinguished Names", RFC
+ 2253, December 1997.
+
+[6] F. Yergeau, "UTF-8, a transformation format of Unicode and ISO
+ 10646", RFC 2044, October 1996.
+
+[7] K. Simonsen, "Character Mnemonics and Character Sets," RFC 1345,
+ June 1992.
+
+[8] "Programming Languages - C", ANSI/ISO Standard 9899, revised 1997.
+
+[9] J. Hodges, R. Morgan, M. Wahl, "Lightweight Directory Access Proto-
+ col (v3): Extension for Transport Layer Security", INTERNET-DRAFT
+ (work in progress) <draft-ietf-ldapext-ldapv3-tls-05.txt>, June
+ 1999.
+
+[10] R. Hinden, S. Deering, "IP Version 6 Addressing Architecture," RFC
+ 1884, December 1995.
+
+
+
+
+Expires: May 2001 [Page 71]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+[11] A. Herron, T. Howes, M. Wahl, A. Anantha, "LDAP Control Extension
+ for Server Side Sorting of Search Results", INTERNET-DRAFT (work in
+ progress) <draft-ietf-ldapext-sorting-02.txt>, 5 April 1999.
+
+[12] J. Meyers, "Simple Authentication and Security Layer (SASL)", RFC
+ 2222, October 1997.
+
+[13] T. Howes, "The String Representation of LDAP Search Filters," RFC
+ 2254, December 1997.
+
+[14] S. Kille, "Using the OSI Directory to Achieve User Friendly Nam-
+ ing," RFC 1781, March 1995.
+
+
+22. Authors' Addresses
+
+ Mark Smith (document editor)
+ Netscape Communications Corp.
+ 901 San Antonio Rd.
+ Palo Alto, CA 94303-4900
+ Mail Stop SCA17 - 201
+ USA
+ +1 650 937-3477
+ mcs at netscape.com
+
+ Tim Howes
+ Loudcloud, Inc.
+ 599 N. Mathilda Avenue
+ Sunnyvale, CA 94085
+ USA
+ +1 408 744-7300
+ howes at loudcloud.com
+
+ Andy Herron
+ Microsoft Corp.
+ 1 Microsoft Way
+ Redmond, WA 98052
+ USA
+ +1 425 882-8080
+ andyhe at microsoft.com
+
+ Mark Wahl
+ Sun Microsystems, Inc.
+ 8911 Capital of Texas Hwy, Suite 4140
+ Austin, TX 78759
+ USA
+ +1 626 919 3600
+ Mark.Wahl at sun.com
+
+
+
+Expires: May 2001 [Page 72]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ Anoop Anantha
+ Microsoft Corp.
+ 1 Microsoft Way
+ Redmond, WA 98052
+ USA
+ +1 425 882-8080
+ anoopa at microsoft.com
+
+
+23. Appendix A - Sample C LDAP API Code
+
+ #include <stdio.h>
+ #include <ldap.h>
+
+ main()
+ {
+ LDAP *ld;
+ LDAPMessage *res, *e;
+ int i, rc;
+ char *a, *dn;
+ BerElement *ptr;
+ char **vals;
+
+ /* open an LDAP session */
+ if ( (ld = ldap_init( "dotted.host.name", LDAP_PORT )) == NULL )
+ return 1;
+
+ /* authenticate as nobody */
+ if (( rc = ldap_simple_bind_s( ld, NULL, NULL )) != LDAP_SUCCESS ) {
+ fprintf( stderr, "ldap_simple_bind_s: %s\n",
+ ldap_err2string( rc ));
+ ldap_unbind( ld );
+ return 1;
+ }
+
+ /* search for entries with cn of "Babs Jensen", return all attrs */
+ if (( rc = ldap_search_s( ld, "o=University of Michigan, c=US",
+ LDAP_SCOPE_SUBTREE, "(cn=Babs Jensen)", NULL, 0, &res ))
+ != LDAP_SUCCESS ) {
+ fprintf( stderr, "ldap_search_s: %s\n",
+ ldap_err2string( rc ));
+ if ( res == NULL ) {
+ ldap_unbind( ld );
+ return 1;
+ }
+ }
+
+ /* step through each entry returned */
+
+
+
+Expires: May 2001 [Page 73]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ for ( e = ldap_first_entry( ld, res ); e != NULL;
+ e = ldap_next_entry( ld, e ) ) {
+ /* print its name */
+ dn = ldap_get_dn( ld, e );
+ printf( "dn: %s\n", dn );
+ ldap_memfree( dn );
+
+ /* print each attribute */
+ for ( a = ldap_first_attribute( ld, e, &ptr ); a != NULL;
+ a = ldap_next_attribute( ld, e, ptr ) ) {
+ printf( "\tattribute: %s\n", a );
+
+ /* print each value */
+ vals = ldap_get_values( ld, e, a );
+ for ( i = 0; vals[i] != NULL; i++ ) {
+ printf( "\t\tvalue: %s\n", vals[i] );
+ }
+ ldap_value_free( vals );
+ ldap_memfree( a );
+ }
+ if ( ptr != NULL ) {
+ ber_free( ptr, 0 );
+ }
+ }
+ /* free the search results */
+ ldap_msgfree( res );
+
+ /* close and free connection resources */
+ ldap_unbind( ld );
+
+ return 0;
+ }
+
+
+24. Appendix B - Namespace Consumed By This Specification
+
+The following 2 prefixes are used in this specification to name func-
+tions:
+ ldap_
+ ber_
+
+The following 6 prefixes are used in this specification to name struc-
+tures, unions, and typedefs:
+ ldap
+ LDAP
+ mod_vals_u
+ ber
+ Ber
+
+
+
+Expires: May 2001 [Page 74]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ timeval
+
+The following 3 prefixes are used in this specification to name #defined
+macros:
+ LDAP
+ LBER_
+ mod_
+
+
+25. Appendix C - Summary of Requirements for API Extensions
+
+As the LDAP protocol is extended, this C LDAP API will need to be
+extended as well. For example, an LDAPv3 control extension has already
+been defined for server-side sorting of search results [7]. This appen-
+dix summarizes the requirements for extending this API.
+
+25.1. Compatibility
+
+Extensions to this document SHOULD NOT, by default, alter the behavior
+of any of the APIs specified in this document. If an extension option-
+ally changes the behavior of any existing C LDAP API function calls, the
+behavior change MUST be well documented. If an extension that operates
+on an LDAP session affects a chain of messages that was previously
+obtained by a call to ldap_result() or by calling a synchronous search
+routine, this MUST be well documented.
+
+25.2. Style
+
+Extensions to this API SHOULD follow the general style and naming con-
+ventions used in this document. For example, function names SHOULD
+start with "ldap_" or "ber_" and consist entirely of lowercase letters,
+digits, and underscore ('_') characters. It is RECOMMENDED that private
+and experimental extensions use only the following prefixes for macros,
+types, and function names:
+ LDAP_X_
+ LBER_X_
+ ldap_x_
+ ber_x_
+and that these prefixes not be used by standard extensions.
+
+25.3. Dependence on Externally Defined Types
+
+Extensions to this API SHOULD minimize dependencies on types and macros
+that are defined in system headers and generally use only intrinsic
+types that are part of the C language, types defined in this specifica-
+tion, or types defined in the extension document itself.
+
+
+
+
+
+Expires: May 2001 [Page 75]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+25.4. Compile Time Information
+
+Extensions to this API SHOULD conform to the requirements contained in
+the "Retrieving Information at Compile Time" section of this document.
+That is, extensions SHOULD define a macro of the form:
+
+ #define LDAP_API_FEATURE_x level
+
+so that applications can detect the presence or absence of the extension
+at compile time and also test the version or level of the extension pro-
+vided by an API implementation.
+
+25.5. Runtime Information
+
+Extensions to this API SHOULD conform to the requirements contained in
+the "Retrieving Information During Execution" section of this document.
+That is, each extension SHOULD be given a character string name and that
+name SHOULD appear in the ldapai_extensions array field of the LDAPAPI-
+Info structure following a successful call to ldap_get_option() with an
+option parameter value of LDAP_OPT_API_INFO. In addition, information
+about the extension SHOULD be available via a call to ldap_get_option()
+with an option parameter value of LDAP_OPT_API_FEATURE_INFO.
+
+25.6. Values Used for Session Handle Options
+
+Extensions to this API that add new session options (for use with the
+ldap_get_option() and ldap_set_option() functions) SHOULD meet the
+requirements contained in the last paragraph of the "LDAP Session Handle
+Options" section of this document. Specifically, standards track docu-
+ments MUST use values for option macros that are between 0x1000 and
+0x3FFF inclusive and private and experimental extensions MUST use values
+for the option macros that are between 0x4000 and 0x7FFF inclusive.
+
+
+26. Appendix D - Known Incompatibilities with RFC 1823
+
+This appendix lists known incompatibilities between this API specifica-
+tion and the one contained in RFC 1823, beyond the additional API func-
+tions added in support of LDAPv3.
+
+
+26.1. Opaque LDAP Structure
+
+In RFC 1823, some fields in the LDAP structure were exposed to applica-
+tion programmers. To provide a cleaner interface and to make it easier
+for implementations to evolve over time without sacrificing binary com-
+patibility with older applications, the LDAP structure is now entirely
+opaque. The new ldap_set_option() and ldap_get_option() calls can be
+
+
+
+Expires: May 2001 [Page 76]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+used to manipulate per-session and global options.
+
+
+26.2. Additional Result Codes
+
+The following new result code macros were introduced to support LDAPv3:
+ LDAP_REFERRAL
+ LDAP_ADMINLIMIT_EXCEEDED
+ LDAP_UNAVAILABLE_CRITICAL_EXTENSION
+ LDAP_CONFIDENTIALITY_REQUIRED
+ LDAP_SASL_BIND_IN_PROGRESS
+ LDAP_AFFECTS_MULTIPLE_DSAS
+ LDAP_CONNECT_ERROR
+ LDAP_NOT_SUPPORTED
+ LDAP_CONTROL_NOT_FOUND
+ LDAP_NO_RESULTS_RETURNED
+ LDAP_MORE_RESULTS_TO_RETURN
+ LDAP_CLIENT_LOOP
+ LDAP_REFERRAL_LIMIT_EXCEEDED
+
+
+26.3. Freeing of String Data with ldap_memfree()
+
+All strings received from the API (e.g., those returned by the
+ldap_get_dn() or ldap_dn2ufn() functions) SHOULD be freed by calling
+ldap_memfree() not free(). RFC 1823 did not define an ldap_memfree()
+function.
+
+
+26.4. Changes to ldap_result()
+
+The meaning of the all parameter to ldap_result has changed slightly.
+Nonzero values from RFC 1823 correspond to LDAP_MSG_ALL (0x01). There
+is also a new possible value, LDAP_MSG_RECEIVED (0x02).
+
+The result type LDAP_RES_MODDN is now returned where RFC 1823 returned
+LDAP_RES_MODRDN. The actual value for these two macros is the same
+(0x6D).
+
+
+26.5. Changes to ldap_first_attribute() and ldap_next_attribute
+
+Each non-NULL return value SHOULD be freed by calling ldap_memfree()
+after use. In RFC 1823, these two functions returned a pointer to a
+per-session buffer, which was not very thread-friendly.
+
+After the last call to ldap_first_attribute() or ldap_next_attribute(),
+the value set in the ptr parameter SHOULD be freed by calling ber_free(
+
+
+
+Expires: May 2001 [Page 77]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ptr, 0 ). RFC 1823 did not mention that the ptr value SHOULD be freed.
+
+The type of the ptr parameter was changed from void * to BerElement *.
+
+
+26.6. Changes to ldap_modrdn() and ldap_modrdn_s() Functions
+
+In RFC 1823, the ldap_modrdn() and ldap_modrdn_s() functions include a
+parameter called deleteoldrdn. This does not match the great majority
+of implementations, so in this specification the deleteoldrdn parameter
+was removed from ldap_modrdn() and ldap_modrdn_s(). Two additional
+functions that support deleteoldrdn and are widely implemented as well
+were added to this specification: ldap_modrdn2() and ldap_modrdn2_s().
+
+
+26.7. Changes to the berval structure
+
+In RFC 1823, the bv_len element of the berval structure was defined as
+an `unsigned long'. In this specification, the type is implementation-
+specific, although it MUST be an unsigned integral type that is at least
+32 bits in size. See the appendix "Data Types and Legacy Implementa-
+tions" for additional considerations.
+
+
+26.8. API Specification Clarified
+
+RFC 1823 left many things unspecified, including behavior of various
+memory disposal functions when a NULL pointer is presented, requirements
+for headers, values of many macros, and so on. This specification is
+more complete and generally tighter than the one in RFC 1823.
+
+
+26.9. Deprecated Functions
+
+A number of functions that are in RFC 1823 are labeled as "deprecated"
+in this specification. In most cases, a replacement that provides
+equivalent functionality has been defined. The deprecated functions
+are:
+
+ ldap_bind()
+ Use ldap_simple_bind() or ldap_sasl_bind() instead.
+
+ ldap_bind_s()
+ Use ldap_simple_bind_s() or ldap_sasl_bind_s() instead.
+
+ ldap_kerberos_bind() and ldap_kerberos_bind_s()
+ No equivalent functions are provided.
+
+
+
+
+Expires: May 2001 [Page 78]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ ldap_modrdn() and ldap_modrdn2()
+ Use ldap_rename() instead.
+
+ ldap_modrdn_s() and ldap_modrdn2_s()
+ Use ldap_rename_s() instead.
+
+ ldap_open()
+ Use ldap_init() instead.
+
+ ldap_perror()
+ Use ldap_get_option( ld, LDAP_OPT_RESULT_CODE, &rc ) followed
+ by fprintf( stderr, "%s: %s", msg, ldap_err2string( rc ))
+ instead.
+
+ ldap_result2error()
+ Use ldap_parse_result() instead.
+
+
+27. Appendix E - Data Types and Legacy Implementations
+
+The data types associated with the length of a ber value (ber_len_t),
+and the tag (ber_tag_t) have been defined in this specification as
+unsigned integral types of implementation-specific size. The data type
+used for encoding and decoding ber integer, enumerated, and boolean
+values has been defined in this specification as a signed integral type
+of implementation-specific size. This was done so that source and
+binary compatibility of the C LDAP API can be maintained across ILP32
+environments (where int, long, and pointers are all 32 bits in size) and
+LP64 environments (where ints remain 32 bits but longs and pointers grow
+to 64 bits).
+
+In older implementations of the C LDAP API, such as those based on RFC
+1823, implementors may have chosen to use an `unsigned long' for length
+and tag values. If a long data type was used for either of these items,
+a port of an application to a 64-bit operating system using the LP64
+data model would find the size of the types used by the C LDAP API to
+increase. Also, if the legacy implementation had chosen to implement
+the tag and types as an unsigned int, adoption of a specification that
+mandated use of unsigned longs would cause a source incompatibility in
+an LP64 application. By using implementation-specific data types, the C
+LDAP API implementation is free to choose the correct data type and the
+ability to maintain source compatibility.
+
+For example, suppose a legacy implementation chose to define the return
+value of ber_skip_tag() as an unsigned long but wishes to have the
+library return a 32-bit quantity in both ILP32 and LP64 data models.
+The following typedefs for ber_tag_t will provide a fixed sized data
+structure while preserving existing ILP32 source -- all without
+
+
+
+Expires: May 2001 [Page 79]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+generating compiler warnings:
+ #include <limits.h> /* provides UINT_MAX in ISO C */
+ #if UINT_MAX >= 0xffffffffU
+ typedef unsigned int ber_tag_t;
+ #else
+ typedef unsigned long ber_tag_t;
+ #endif
+
+Similar code can be used to define appropriate ber_len_t, ber_int_t,
+ber_slen_t and ber_uint_t types.
+
+
+28. Appendix F - Changes Made Since Last Document Revision
+
+The previous version of this document was draft-ietf-ldapext-ldap-c-
+api-04.txt, dated 8 October 1999. This appendix lists all of the
+changes made to that document to produce this one.
+
+28.1. API Changes
+
+ "Header Requirements" section: added requirement that the simple pro-
+ gram provided must execute as well as compile without errors.
+
+ "LDAP Session Handle Options" section: changed the name of the
+ LDAP_OPT_ERROR_NUMBER option to LDAP_OPT_RESULT_CODE. Allow
+ LDAP_OPT_ON to be defined as an implementation specific value (to
+ avoid problems on architectures where the value ((void *)1) is not
+ usable).
+
+ "Initializing an LDAP Session" section: allow use of the value zero
+ for the `portno' parameter to mean "use port 389."
+
+ "Searching" section: added LDAP_DEFAULT_SIZELIMIT (-1) to allow
+ application programmers to use the sizelimit from the LDAP session
+ handle with ldap_search_ext() and ldap_search_ext_s().
+
+ "Modifying an entry" section: moved mod_vals union out of LDAPMod and
+ added mod_vals_u_t typedef so users of the API can declare variables
+ using the union type. "Handling Errors and Parsing Results" section:
+ added text to require that ldap_err2string() MUST NOT return NULL.
+
+ "A Client Control That Governs Referral Processing" section: modified
+ the text to specify that a ber_uint_t value should be used to hold
+ the flags.
+
+
+
+
+
+
+
+Expires: May 2001 [Page 80]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+28.2. Editorial Changes and Clarifications
+
+ "Overview of LDAP API Use and General Requirements" section: added
+ text to clarify our use of the term "asynchronous."
+
+ "Retrieving Information During Execution" section: added text
+ describing the `ldapai_vendor_name' and `ldapai_vendor_version'
+ fields (text was accidently deleted during a previous round of
+ edits).
+
+ "LDAP Session Handle Options" section: improved the text that
+ describes the LDAP_OPT_TIMELIMIT, LDAP_OPT_SIZELIMIT, and
+ LDAP_OPT_RESULT_CODE options. Provided details and an example of the
+ correct LDAP_OPT_HOST_NAME string to return when the `portno' passed
+ to ldap_init() is not zero or 389.
+
+ "Result Codes" section: renamed section (was "LDAP Error Codes").
+
+ "Authenticating to the directory" section: clarified that the `dn',
+ `cred', and `passwd' parameters can be NULL. Added text indicate
+ that the `servercredp' is set to NULL if an API error occurs.
+
+ "Performing LDAP Operations" section: replaced "All functions take a
+ session handle" with "Most functions...."
+
+ "Search" section: removed the detailed discussion of the session han-
+ dle options (already covered in the "Retrieving Information During
+ Execution" section). Also removed the word "global" when discussing
+ the session default value for the `timeout' parameter. Also clari-
+ fied that a NULL `base' parameter means use a zero-length string for
+ the base DN.
+
+ "Comparing a Value Against an Entry" section: corrected the "success-
+ ful" return codes for ldap_compare_ext_s() and ldap_compare_s() (was
+ LDAP_SUCCESS; changed to LDAP_COMPARE_TRUE or LDAP_COMPARE_FALSE).
+
+ "Extended Operations" section: added text to indicate that the
+ `retoidp' and `retdatap' result parameters are set to NULL if an API
+ error occurs in ldap_extended_operation_s().
+
+ "Handling Errors and Parsing Results" section: added text to say that
+ the `matcheddnp' result parameter will be set to NULL if the server
+ does not return a matched DN string. Added text to indicate that
+ serverctrlsp can be NULL. Added text to indicate that *retoidpp,
+ *retdatap, *referralsp, and *serverctrlsp will be set to NULL if no
+ items of that type are returned. Removed specific reference to
+ LDAP_NO_SUCH_OBJECT result code when discussing the `matcheddnp'
+ result parameter and added clarifying note about "" vs. NULL.
+
+
+
+Expires: May 2001 [Page 81]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ "Parsing References" section: added text to indicate that *refer-
+ ralsp, and *serverctrlsp will be set to NULL if no items of that type
+ are returned.
+
+ "Obtaining Results and Peeking Inside LDAP Messages" section: added
+ text to say that LDAPMessage chains MAY be tied to a session handle.
+
+ "BER Data Structures and Types" section: removed note about
+ ber_uint_t not being used in this document (it is now). Changed text
+ to simplify the description of ber_slen_t. Removed misleading sen-
+ tence about the width of ber_uint_t.
+
+ "Encoded ASN.1 Value Manipulation / Encoding" section: added note
+ that 'X' is reserved. Also fixed a few small bugs in the example
+ code.
+
+ "Encoded ASN.1 Value Manipulation / Decoding" section: clarified the
+ requirements for LBER_ERROR and LBER_DEFAULT (expressed using octets
+ instead of bits). Also fixed a few small bugs in the example code.
+
+ Added the following text to all descriptions of the `serverctrls' and
+ `clientctrls' parameters: ", or NULL if no <server/client> controls
+ are to be used."
+
+ Added the following text to the description of all `dn' and `rdn'
+ parameters: "If NULL, a zero length DN is sent to the server."
+
+ Replaced many occurrences of the phrase "error code" with "result
+ code" throughout the document.
+
+ Added text to indicate that the value of the `msgidp' result parame-
+ ter is undefined if an error occurs in the following functions:
+ ldap_sasl_bind(), ldap_search_ext(), ldap_compare_ext(),
+ ldap_modify_ext(), ldap_add_ext(), ldap_delete_ext(),
+ ldap_extended_operation().
+
+ Added text to indicate that the `res' result parameter is set to NULL
+ if an API error occurs in the following functions: ldap_result(),
+ ldap_search_s(), ldap_search_st().
+
+ Added text to indicate that all result parameters have undefined
+ values if an API error is returned by the following functions:
+ ldap_parse_result(), ldap_parse_sasl_bind_result(),
+ ldap_parse_extended_result(), ldap_parse_reference(), ber_scanf().
+
+ Added angle brackets around ficticious impl_XXX_t types to make it
+ more obvious that these are not real "C" types, e.g., typedef
+ <impl_len_t> ber_len_t'.
+
+
+
+Expires: May 2001 [Page 82]
+�
+C LDAP API C LDAP Application Program Interface 17 November 2000
+
+
+ Appendix B: Added mod_vals_u and removed PLDAP from the struct,
+ unions, and typedefs prefix list.
+
+ Appendix C: Added note in "Compatibility" section about extensions
+ possible affecting chains of messages and the fact that that must be
+ well documented. Appendix D: Improved text for ldap_perror() (what
+ to use instead).
+
+ "Authors" section: updated contact information for Mark Smith, Tim
+ Howes, and Mark Wahl.
+
+ Fixed a few obvious typos, improved indentation, added missing blank
+ lines, and so on.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Expires: May 2001 [Page 83]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-ldapv3-dupent-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-ldapv3-dupent-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-ldapv3-dupent-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,522 @@
+
+
+LDAPEXT Working Group J. Sermersheim
+Internet Draft Novell, Inc
+Document: draft-ietf-ldapext-ldapv3-dupent-08.txt Sept 2002
+Intended Category: Standard Track
+
+
+ LDAP Control for a Duplicate Entry Representation of Search Results
+
+
+1. Status of this Memo
+
+ This document is an Internet-Draft and is in full conformance with
+ all provisions of Section 10 of RFC2026 [1].
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as Internet-
+ Drafts. Internet-Drafts are draft documents valid for a maximum of
+ six months and may be updated, replaced, or obsoleted by other
+ documents at any time. It is inappropriate to use Internet- Drafts
+ as reference material or to cite them other than as "work in
+ progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+2. Abstract
+
+ This document describes a Duplicate Entry Representation control
+ extension for the LDAP Search operation. By using the control with
+ an LDAP search, a client requests that the server return separate
+ entries for each value held in the specified attribute(s). For
+ instance, if a specified attribute of an entry holds multiple
+ values, the search operation will return multiple instances of that
+ entry, each instance holding a separate single value in that
+ attribute.
+
+3. Introduction
+
+ This document describes controls, which allow duplicate entries to
+ be returned in the result set of search operation. Each duplicated
+ entry represents a distinct value (or combination of values) of the
+ set of specified multi-valued attributes.
+
+ For example, an application may need to produce an ordered list of
+ entries, sorted by a multi-valued attribute, where each attribute
+ value is represented in the list. The Server-Side Sorting control
+ [RFC2891] allows the server to order search result entries based on
+ attribute values (sort keys). But it does not allow one to specify
+ behavior when an attribute contains multiple values. The default
+
+
+Sermersheim Internet-Draft - Expires Mar 2003 Page 1 �
+LDAP Control for a Duplicate Entry Representation of Search Results
+
+
+ behavior, as outlined in 7.9 of [X.511], is to use the smallest
+ order value as the sort key.
+
+ In order to produce an ordered list, where each value of a multi-
+ valued attribute is sorted into the list, a separate control is
+ needed which causes the set of entries to be expanded sufficiently
+ to represent each attribute value prior to sorting.
+
+
+
+ An example of this would be a sorted list of all telephone numbers
+ in an organization. Because any entry may have multiple telephone
+ numbers, and the list is to be sorted by telephone number, the list
+ must be able to contain duplicate entries, each with its own unique
+ telephone number.
+
+ Another example would be an application that needs to display an
+ ordered list of all members of a group. It would use this control
+ to create a result set of duplicate groupOfNames entries, each with
+ a single, unique value in its member attribute.
+
+4. Conventions
+
+ The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY"
+ used in this document carry the meanings described in [RFC2119].
+
+ All controlValue data is represented as ASN.1 in this document, and
+ is to be BER encoded as stated in Section 5.1 of [RFC2251].
+
+5. The Controls
+
+ Support for the controls is advertised by the presence of their OID
+ in the supportedControl attribute of a server's root DSE. The OID
+ for the request control is "2.16.840.1.113719.1.27.101.1" and the
+ OIDs for the response controls are "2.16.840.1.113719.1.27.101.2"
+ and "2.16.840.1.113719.1.27.101.3".
+
+5.1 Request Control
+
+ This control is included in the searchRequest message as part of the
+ controls field of the LDAPMessage, as defined in Section 4.1.12 of
+ [RFC2251].
+
+ The controlType is set to "2.16.840.1.113719.1.27.101.1". The
+ criticality MAY be set to either TRUE or FALSE. The controlValue is
+ defined as the following DuplicateEntryRequest:
+
+ DuplicateEntryRequest ::= SEQUENCE {
+ AttributeDescriptionList, -- from [RFC2251]
+ PartialApplicationAllowed BOOLEAN DEFAULT TRUE }
+
+
+5.1.1 AttributeDescriptionList Semantics
+
+Sermersheim Internet-Draft - Expires Mar 2003 Page 2 �
+LDAP Control for a Duplicate Entry Representation of Search Results
+
+
+
+ The AttributeDescriptionList data type is described in 4.1.5 of
+ [RFC2251] and describes a list of zero or more AttributeDescription
+ types as also described in 4.1.5 of [RFC2251]. Both definitions are
+ repeated here for convenience:
+
+ AttributeDescriptionList ::= SEQUENCE OF
+ AttributeDescription
+
+ AttributeDescription ::= LDAPString
+
+ A value of AttributeDescription is based on the following BNF:
+
+ attributeDescription = AttributeType [ ";" <options> ]
+
+ While processing a search request, a server implementation examines
+ this list. If a specified attribute or attribute subtype exists in
+ an entry to be returned by the search operation, and that attribute
+ holds multiple values, the server treats the entry as if it were
+ multiple, duplicate entries -- the specified attributes each holding
+ a single, unique value from the original set of values of that
+ attribute. Note that this may result in search result entries that
+ no longer match the search filter.
+
+ Specifying an attribute supertype has the effect of treating all
+ values of that attribute's subtypes as if they were values of the
+ specified attribute supertype. See Section 6.2 for an example of
+ this.
+
+ When attribute descriptions contain subtyping options, they are
+ treated in the same manner as is described in Section 4.1.5 of
+ [RFC2251]. Semantics are undefined if an attribute description
+ contains a non-subtyping option, and SHOULD NOT be specified by
+ clients.
+
+ When two or more attributes are specified by this control, the
+ number of duplicate entries is the combination of all values in each
+ attribute. Because of the potential complexity involved in servicing
+ multiple attributes, server implementations MAY choose to support a
+ limited number of attributes in the control.
+
+ There is a special case where either no attributes are specified, or
+ an attribute description value of "*" is specified. In this case,
+ all attributes are used. (The "*" allows the client to request all
+ user attributes in addition to specific operational attributes).
+
+ If an attribute is unrecognized, that attribute is ignored when
+ processing the control.
+
+5.1.2 PartialApplicationAllowed Semantics
+
+ The PartialApplicationAllowed field is used to specify whether the
+ client will allow the server to apply this control to a subset of
+
+Sermersheim Internet-Draft - Expires Mar 2003 Page 3 �
+LDAP Control for a Duplicate Entry Representation of Search Results
+
+
+ the search result set. If TRUE, the server is free to arbitrarily
+ apply this control to no, any, or all search results. If FALSE, the
+ server MUST either apply the control to all search results or fail
+ to support the control at all.
+
+ Client implementations use the DuplicateSearchResult control to
+ discover which search results have been affected by this control.
+
+5.2 Response Controls
+
+ Two response controls are defined to provide feedback while the
+ search results are being processed; DuplicateSearchResult and
+ DuplicateEntryResponseDone.
+
+ The DuplicateSearchResult control is sent with all SearchResultEntry
+ operations that contain search results which have been modified by
+ the DuplicateEntryRequest control.
+
+ The DuplicateEntryResponseDone control is sent with the
+ SearchResultDone operation in order to convey completion
+ information.
+
+5.2.1 The DuplicateSearchResult control
+
+ This control is included in the SearchResultEntry message of any
+ search result that holds an entry that has been modified by the
+ DuplicateEntryRequest control as part of the controls field of the
+ LDAPMessage, as defined in Section 4.1.12 of [RFC2251]. This control
+ is absent on search results that are unaffected by
+ DuplicateEntryRequest control.
+
+ The controlType is set to "2.16.840.1.113719.1.27.101.2". The
+ controlValue is not included.
+
+5.2.2 The DuplicateEntryResponseDone control
+
+ This control is included in the searchResultDone message as part of
+ the controls field of the LDAPMessage, as defined in Section 4.1.12
+ of [RFC2251].
+
+ The controlType is set to "2.16.840.1.113719.1.27.101.3". The
+ controlValue is defined as the following DuplicateEntryResponseDone:
+
+ DuplicateEntryResponseDone ::= SEQUENCE {
+ resultCode, -- From [RFC2251]
+ errorMessage [0] LDAPString OPTIONAL,
+ attribute [1] AttributeDescription OPTIONAL }
+
+ A resultCode field is provided here to allow the server to convey to
+ the client that an error resulted due to the control being serviced.
+ For example, a search that would ordinarily complete successfully
+ may fail with a sizeLimitExceeded error due to this control being
+
+
+Sermersheim Internet-Draft - Expires Mar 2003 Page 4 �
+LDAP Control for a Duplicate Entry Representation of Search Results
+
+
+ processed. If the operation is successfull, the value will be
+ success (0).
+
+ The errorMessage field MAY be populated with a human-readable string
+ in the event of an erroneous result code.
+
+ The attribute field MAY be set to the value of the first attribute
+ specified by the DuplicateEntryRequest that was in error. The
+ client MUST ignore the attribute field if the result is success.
+
+6. Protocol Examples
+
+6.1 Simple example
+
+ This example will show this control being used to produce a list of
+ all telephone numbers in the dc=example,dc=net container. Let's say
+ the following three entries exist in this container;
+
+ dn: cn=User1,dc=example,dc=net
+ telephoneNumber: 555-0123
+
+ dn: cn=User2,dc=example,dc=net
+ telephoneNumber: 555-8854
+ telephoneNumber: 555-4588
+ telephoneNumber: 555-5884
+
+ dn: cn=User3,dc=example,dc=net
+ telephoneNumber: 555-9425
+ telephoneNumber: 555-7992
+
+ First an LDAP search is specified with a baseDN of
+ "dc=example,dc=net", subtree scope, filter set to
+ "(telephoneNumber=*)". A DuplicateEntryRequest control is attached
+ to the search, specifying "telephoneNumber" as the attribute
+ description, and the search request is sent to the server.
+
+ The set of search results returned by the server would then consist
+ of the following entries:
+
+ dn: cn=User1,dc=example,dc=net
+ telephoneNumber: 555-0123
+ <no DuplicateSearchResult control sent with search result>
+
+ dn: cn=User2,dc=example,dc=net
+ telephoneNumber: 555-8854
+ control: 2.16.840.1.113719.1.27.101.2
+
+ dn: cn=User2,dc=example,dc=net
+ telephoneNumber: 555-4588
+ control: 2.16.840.1.113719.1.27.101.2
+
+ dn: cn=User2,dc=example,dc=net
+ telephoneNumber: 555-5884
+
+Sermersheim Internet-Draft - Expires Mar 2003 Page 5 �
+LDAP Control for a Duplicate Entry Representation of Search Results
+
+
+ control: 2.16.840.1.113719.1.27.101.2
+
+ dn: cn=User3,dc=example,dc=net
+ telephoneNumber: 555-9425
+ control: 2.16.840.1.113719.1.27.101.2
+
+ dn: cn=User3,dc=example,dc=net
+ telephoneNumber: 555-7992
+ control: 2.16.840.1.113719.1.27.101.2
+
+ All but the first entry are accompanied by the DuplicateSearchResult
+ control when sent from the server.
+
+ Note that it is not necessary to use an attribute in this control
+ that is specified in the search filter. This example only does so,
+ because the result was to obtain a list of telephone numbers.
+
+6.2 Specifying multiple attributes
+
+ A more complicated example involving multiple attributes will result
+ in more entries. If we assume these entries in the directory:
+
+ dn: cn=User1,dc=example,dc=net
+ cn: User1
+ givenName: User One
+ mail: user1 at example.net
+
+ dn: cn=User2,dc=example,dc=net
+ cn: User2
+ givenName: User Two
+ mail: user2 at example.net
+ mail: usertwo at example.net
+
+ In this example, we specify mail and name in the attribute list. By
+ specifying name, all attribute subtypes of name will also be
+ considered. Following is the resulting set of entries:
+
+ dn: cn=User1,dc=example,dc=net
+ cn: User1
+ mail: user1 at example.net
+ control: 2.16.840.1.113719.1.27.101.2
+
+ dn: cn=User1,dc=example,dc=net
+ givenName: User One
+ mail: user1 at example.net
+ control: 2.16.840.1.113719.1.27.101.2
+
+ dn: cn=User2,dc=example,dc=net
+ cn: User2
+ mail: user2 at example.net
+ control: 2.16.840.1.113719.1.27.101.2
+
+ dn: cn=User2,dc=example,dc=net
+
+Sermersheim Internet-Draft - Expires Mar 2003 Page 6 �
+LDAP Control for a Duplicate Entry Representation of Search Results
+
+
+ cn: User2
+ mail: usertwo at example.net
+ control: 2.16.840.1.113719.1.27.101.2
+
+ dn: cn=User2,dc=example,dc=net
+ givenName: User Two
+ mail: user2 at example.net
+ control: 2.16.840.1.113719.1.27.101.2
+
+ dn: cn=User2,dc=example,dc=net
+ givenName: User Two
+ mail: usertwo at example.net
+ control: 2.16.840.1.113719.1.27.101.2
+
+6.3 Listing the members of a groupOfNames
+
+ This example shows how the controls can be used to turn a single
+ groupOfNames entry into multiple duplicate entries. Let's say this
+ is our groupOfNames entry:
+
+ dn: cn=Administrators,dc=example,dc=net
+ cn: Administrators
+ member: cn=aBaker,dc=example,dc=net
+ member: cn=cDavis,dc=example,dc=net
+ member: cn=bChilds,dc=example,dc=net
+ member: cn=dEvans,dc=example,dc=net
+
+ We could set our search base to "cn=Administrators,dc=example,dc=net
+ ", filter to "(objectClass=*)", use an object scope (to restrict it
+ to this entry) and send the duplicateEntryRequest control with
+ "member" as its attribute value. The resulting set would look like
+ this:
+
+ dn: cn=Administrators,dc=example,dc=net
+ member: cn=aBaker,dc=example,dc=net
+ control: 2.16.840.1.113719.1.27.101.2
+
+ dn: cn=Administrators,dc=example,dc=net
+ member: cn=cDavis,dc=example,dc=net
+ control: 2.16.840.1.113719.1.27.101.2
+
+ dn: cn=Administrators,dc=example,dc=net
+ member: cn=bChilds,dc=example,dc=net
+ control: 2.16.840.1.113719.1.27.101.2
+
+ dn: cn=Administrators,dc=example,dc=net
+ member: cn=dEvans,dc=example,dc=net
+ control: 2.16.840.1.113719.1.27.101.2
+
+ This list can then be sorted by member and displayed (also by
+ member) in a list.
+
+7. Relationship to other controls
+
+Sermersheim Internet-Draft - Expires Mar 2003 Page 7 �
+LDAP Control for a Duplicate Entry Representation of Search Results
+
+
+
+ This control is intended (but not limited) to be used with the
+ Server Side Sorting control [RFC2891]. By pairing this control with
+ the Server Side Sorting control, One can produce a set of entries,
+ sorted by attribute values, where each attribute value is
+ represented in the sorted set. Server implementations MUST ensure
+ that this control is processed before sorting the result of a
+ search, as this control alters the result set of search.
+
+ This control MAY also be used with the Virtual List View [VLV]
+ control (which has a dependency on the Server Side Sort control).
+ The nature of the dependency between the VLV control and the Sort
+ control is such that the Sorting takes place first. Because the sort
+ happens first, and because this control is processed before the sort
+ control, the impact of this control on the VLV control is minimal.
+ Some server implementations may need to carefully consider how to
+ handle the typedown functionality of the VLV control when paired
+ with this control. The details of this are heavily implementation
+ dependent and are beyond the scope of this document.
+
+8. Notes for Implementers
+
+ Both client and server implementations MUST be aware that using this
+ control could potentially result in a very large set of search
+ results. Servers MAY return an adminLimitExceeded result in the
+ response control due to inordinate consumption of resources. This
+ may be due to some a priori knowledge such as a server restriction
+ of the number of attributes in the request control that it's willing
+ to service, or it may be due to the server attempting to service the
+ control and running out of resources.
+
+ Client implementations MUST be aware that when using this control,
+ search entries returned will contain a subset of the values of any
+ specified attribute.
+
+ If this control is used in a chained environment, servers SHOULD NOT
+ pass this control to other servers. Instead they SHOULD gather
+ results and apply this control themselves.
+
+9. Security Considerations
+
+ This control allows finer control of the result set returned by an
+ LDAP search operation and as such may be used in a denial of service
+ attack. See Section 8 for more information on how this is detected
+ and handled.
+
+10. Acknowledgments
+
+ The author gratefully thanks the input and support of participants
+ of the LDAP-EXT working group.
+
+11. References
+
+
+Sermersheim Internet-Draft - Expires Mar 2003 Page 8 �
+LDAP Control for a Duplicate Entry Representation of Search Results
+
+
+ [RFC2251]
+ Wahl, M, S. Kille and T. Howes, "Lightweight Directory Access
+ Protocol (v3)", Internet RFC, December, 1997.
+ Available as RFC 2251.
+
+ [RFC2891]
+ Wahl, M, A. Herron and T. Howes, "LDAP Control Extension for Server
+ Side Sorting of Search Results", Internet RFC, August, 2000.
+ Available as RFC 2891.
+
+ [VLV]
+ Boreham, D, Sermersheim, J, Anantha, A, Armijo, M, "LDAP Extensions
+ for Scrolling View Browsing of Search Results", Internet Draft,
+ April, 2000.
+ Available as draft-ietf-ldapext-ldapv3-vlv-xx.txt.
+
+ [X.511]
+ ITU-T Rec. X.511, "The Directory: Abstract Service Definition",
+ 1993.
+
+ [RFC2119]
+ Bradner, Scott, "Key Words for use in RFCs to Indicate Requirement
+ Levels", Internet Draft, March, 1997.
+ Available as RFC 2119.
+
+12. Author's Address
+
+ Jim Sermersheim
+ Novell, Inc.
+ 1800 South Novell Place
+ Provo, Utah 84606, USA
+ jimse at novell.com
+ +1 801 861-3088
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim Internet-Draft - Expires Mar 2003 Page 9 �
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-ldapv3-vlv-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-ldapv3-vlv-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-ldapv3-vlv-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,625 @@
+
+Internet-Draft D. Boreham, Bozeman Pass
+LDAPext Working Group J. Sermersheim, Novell
+Intended Category: Standards Track A. Kashi, Microsoft
+<draft-ietf-ldapext-ldapv3-vlv-06.txt>
+Expires: Nov 2002 May 2002
+
+
+ LDAP Extensions for Scrolling View Browsing of Search Results
+
+
+1. Status of this Memo
+
+ This document is an Internet-Draft and is in full conformance with
+ all provisions of Section 10 of RFC2026.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ This document is intended to be submitted, after review and revision,
+ as a Standards Track document. Distribution of this memo is
+ unlimited.
+ Please send comments to the authors.
+
+
+2. Abstract
+
+ This document describes a Virtual List View control extension for the
+ Lightweight Directory Access Protocol (LDAP) Search operation. This
+ control is designed to allow the "virtual list box" feature, common
+ in existing commercial e-mail address book applications, to be
+ supported efficiently by LDAP servers. LDAP servers' inability to
+ support this client feature is a significant impediment to LDAP
+ replacing proprietary protocols in commercial e-mail systems.
+
+ The control allows a client to specify that the server return, for a
+ given LDAP search with associated sort keys, a contiguous subset of
+ the search result set. This subset is specified in terms of offsets
+ into the ordered list, or in terms of a greater than or equal
+ comparison value.
+
+
+ Boreham et al Internet-Draft 1
+�
+ LDAP Extensions for Scrolling View May 2002
+ Browsing of Search Results
+
+3. Conventions used in this document
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", and "MAY" in this document are
+ to be interpreted as described in RFC 2119 [Bradner97].
+
+
+4. Background
+
+ A Virtual List is a graphical user interface technique employed where
+ ordered lists containing a large number of entries need to be
+ displayed. A window containing a small number of visible list entries
+ is drawn. The visible portion of the list may be relocated to
+ different points within the list by means of user input. This input
+ can be to a scroll bar slider; from cursor keys; from page up/down
+ keys; from alphanumeric keys for "typedown". The user is given the
+ impression that they may browse the complete list at will, even
+ though it may contain millions of entries. It is the fact that the
+ complete list contents are never required at any one time that
+ characterizes Virtual List View. Rather than fetch the complete list
+ from wherever it is stored (typically from disk or a remote server),
+ only that information which is required to display the part of the
+ list currently in view is fetched. The subject of this document is
+ the interaction between client and server required to implement this
+ functionality in the context of the results from a sorted LDAP search
+ request.
+
+ For example, suppose an e-mail address book application displays a
+ list view onto the list containing the names of all the holders of e-
+ mail accounts at a large university. The list is sorted
+ alphabetically. While there may be tens of thousands of entries in
+ this list, the address book list view displays only 20 such accounts
+ at any one time. The list has an accompanying scroll bar and text
+ input window for type-down. When first displayed, the list view shows
+ the first 20 entries in the list, and the scroll bar slider is
+ positioned at the top of its range. Should the user drag the slider
+ to the bottom of its range, the displayed contents of the list view
+ should be updated to show the last 20 entries in the list. Similarly,
+ if the slider is positioned somewhere in the middle of its travel,
+ the displayed contents of the list view should be updated to contain
+ the 20 entries located at that relative position within the complete
+ list. Starting from any display point, if the user uses the cursor
+ keys or clicks on the scroll bar to request that the list be scrolled
+ up or down by one entry, the displayed contents should be updated to
+ reflect this. Similarly the list should be displayed correctly when
+ the user requests a page scroll up or down. Finally, when the user
+ types characters in the type-down window, the displayed contents of
+ the list should "jump" or "seek" to the appropriate point within the
+ list. For example, if the user types "B", the displayed list could
+ center around the first user with a name beginning with the letter
+ "B". When this happens, the scroll bar slider should also be updated
+ to reflect the new relative location within the list.
+
+ Boreham et al Internet-Draft 2
+�
+ LDAP Extensions for Scrolling View May 2002
+ Browsing of Search Results
+
+
+ This document defines a request control which extends the LDAP search
+ operation. Always used in conjunction with the server side sorting
+ control [SSS], this allows a client to retrieve selected portions of
+ large search result set in a fashion suitable for the implementation
+ of a virtual list view.
+
+
+5. Client-Server Interaction
+
+ The Virtual List View control extends a regular LDAP Search operation
+ which must also include a server-side sorting control [SSS]. Rather
+ than returning the complete set of appropriate SearchResultEntry
+ messages, the server is instructed to return a contiguous subset of
+ those entries, taken from the sorted result set, centered around a
+ particular target entry. Henceforth, in the interests of brevity, the
+ sorted search result set will be referred to as "the list".
+
+ The sort control MAY contain any sort specification valid for the
+ server. The attributeType field in the first SortKeyList sequence
+ element has special significance for "typedown".
+
+ The desired target entry and the number of entries to be returned,
+ both before and after that target entry in the list, are determined
+ by the client's VirtualListViewRequest control.
+
+ When the server returns the set of entries to the client, it attaches
+ a VirtualListViewResponse control to the SearchResultDone message.
+ The server returns in this control: its current estimate for the list
+ content count, the location within the list corresponding to the
+ target entry, any error codes, and optionally a context identifier.
+
+ The target entry is specified in the VirtualListViewRequest control
+ by one of two methods. The first method is for the client to indicate
+ the target entry's offset within the list. The second way is for the
+ client to supply an attribute assertion value. The value is compared
+ against the values of the attribute specified as the primary sort key
+ in the sort control attached to the search operation. The first sort
+ key in the SortKeyList is the primary sort key. The target entry is
+ the first entry in the list with value greater than or equal to (in
+ the primary sort order), the presented value. The order is determined
+ by rules defined in [SSS]. Selection of the target entry by this
+ means is designed to implement "typedown". Note that it is possible
+ that no entry satisfies these conditions, in which case there is no
+ target entry. This condition is indicated by the server returning the
+ special value contentCount + 1 in the target position field.
+
+ Because the server may not have an accurate estimate of the number of
+ entries in the list, and to take account of cases where the list size
+ is changing during the time the user browses the list, and because
+ the client needs a way to indicate specific list targets "beginning"
+
+ Boreham et al Internet-Draft 3
+�
+ LDAP Extensions for Scrolling View May 2002
+ Browsing of Search Results
+
+ and "end", offsets within the list are transmitted between client and
+ server as ratios---offset to content count. The server sends its
+ latest estimate as to the number of entries in the list (content
+ count) to the client in every response control. The client sends its
+ assumed value for the content count in every request control. The
+ server examines the content count and offsets presented by the client
+ and computes the corresponding offsets within the list, based on its
+ own idea of the content count.
+
+ Si = Sc * (Ci / Cc)
+
+ Where:
+ Si is the actual list offset used by the server
+ Sc is the server's estimate for content count
+ Ci is the client's submitted offset
+ Cc is the client's submitted content count
+ The result is rounded to the nearest integer.
+
+ If the content count is stable, and the client returns to the server
+ the content count most recently received, Cc = Sc and the offsets
+ transmitted become the actual server list offsets.
+
+ The following special cases exist when the client is specifying the
+ offset and content count:
+ - an offset of one and a content count of non-one (Ci = 1, Cc != 1)
+ indicates that the target is the first entry in the list.
+ - equivalent values (Ci = Cc) indicate that the target is the last
+ entry in the list.
+ - a content count of zero, and a non-zero offset (Cc = 0, Ci != 0)
+ means the client has no idea what the content count is, the server
+ MUST use its own content count estimate in place of the client's.
+
+ Because the server always returns contentCount and targetPosition,
+ the client can always determine which of the returned entries is the
+ target entry. Where the number of entries returned is the same as the
+ number requested, the client is able to identify the target by simple
+ arithmetic. Where the number of entries returned is not the same as
+ the number requested (because the requested range crosses the
+ beginning or end of the list, or both), the client must use the
+ target position and content count values returned by the server to
+ identify the target entry. For example, suppose that 10 entries
+ before and 10 after the target were requested, but the server returns
+ 13 entries, a content count of 100 and a target position of 3. The
+ client can determine that the first entry must be entry number 1 in
+ the list, therefore the 13 entries returned are the first 13 entries
+ in the list, and the target is the third one.
+
+ A server-generated context identifier MAY be returned to clients. A
+ client receiving a context identifier SHOULD return it unchanged in a
+ subsequent request which relates to the same list. The purpose of
+
+
+ Boreham et al Internet-Draft 4
+�
+ LDAP Extensions for Scrolling View May 2002
+ Browsing of Search Results
+
+ this interaction is to enhance the performance and effectiveness of
+ servers which employ approximate positioning.
+
+
+6. The Controls
+
+ Support for the virtual list view control extension is indicated by
+ the presence of the OID "2.16.840.1.113730.3.4.9" in the
+ supportedControl attribute of a server's root DSE.
+
+6.1. Request Control
+
+ This control is included in the SearchRequest message as part of the
+ controls field of the LDAPMessage, as defined in Section 4.1.12 of
+ [LDAPv3]. The controlType is set to "2.16.840.1.113730.3.4.9". The
+ criticality SHOULD be set to TRUE. If this control is included in a
+ SearchRequest message, a Server Side Sorting request control [SSS]
+ MUST also be present in the message. The controlValue is an OCTET
+ STRING whose value is the BER-encoding of the following SEQUENCE:
+
+ VirtualListViewRequest ::= SEQUENCE {
+ beforeCount INTEGER (0..maxInt),
+ afterCount INTEGER (0..maxInt),
+ CHOICE {
+ byoffset [0] SEQUENCE {
+ offset INTEGER (0 .. maxInt),
+ contentCount INTEGER (0 .. maxInt) },
+ greaterThanOrEqual [1] AssertionValue },
+ contextID OCTET STRING OPTIONAL }
+
+ beforeCount indicates how many entries before the target entry the
+ client wants the server to send. afterCount indicates the number of
+ entries after the target entry the client wants the server to send.
+ offset and contentCount identify the target entry as detailed in
+ section 4. greaterThanOrEqual is an attribute assertion value defined
+ in [LDAPv3]. If present, the value supplied in greaterThanOrEqual is
+ used to determine the target entry by comparison with the values of
+ the attribute specified as the primary sort key. The first list entry
+ who's value is no less than (less than or equal to when the sort
+ order is reversed) the supplied value is the target entry. If
+ present, the contextID field contains the value of the most recently
+ received contextID field from a VirtualListViewResponse control. The
+ type AssertionValue and value maxInt are defined in [LDAPv3].
+ contextID values have no validity outwith the connection on which
+ they were received. That is, a client should not submit a contextID
+ which it received from another connection, a connection now closed,
+ or a different server.
+
+
+6.2. Response Control
+
+
+ Boreham et al Internet-Draft 5
+�
+ LDAP Extensions for Scrolling View May 2002
+ Browsing of Search Results
+
+ This control is included in the SearchResultDone message as part of
+ the controls field of the LDAPMessage, as defined in Section 4.1.12
+ of [LDAPv3].
+
+ The controlType is set to "2.16.840.1.113730.3.4.10". The criticality
+ is FALSE (MAY be absent). The controlValue is an OCTET STRING, whose
+ value is the BER encoding of a value of the following SEQUENCE:
+
+ VirtualListViewResponse ::= SEQUENCE {
+ targetPosition INTEGER (0 .. maxInt),
+ contentCount INTEGER (0 .. maxInt),
+ virtualListViewResult ENUMERATED {
+ success (0),
+ operationsError (1),
+ unwillingToPerform (53),
+ insufficientAccessRights (50),
+ busy (51),
+ timeLimitExceeded (3),
+ adminLimitExceeded (11),
+ sortControlMissing (60),
+ offsetRangeError (61),
+ other (80) },
+ contextID OCTET STRING OPTIONAL }
+
+ targetPosition gives the list offset for the target entry.
+ contentCount gives the server's estimate of the current number of
+ entries in the list. Together these give sufficient information for
+ the client to update a list box slider position to match the newly
+ retrieved entries and identify the target entry. The contentCount
+ value returned SHOULD be used in a subsequent VirtualListViewRequest
+ control. contextID is a server-defined octet string. If present, the
+ contents of the contextID field SHOULD be returned to the server by a
+ client in a subsequent VirtualListViewRequest control.
+
+ The virtualListViewResult codes which are common to the LDAP
+ searchResponse (adminLimitExceeded, timeLimitExceeded, busy,
+ operationsError, unwillingToPerform, insufficientAccessRights) have
+ the same meanings as defined in [LDAPv3], but they pertain
+ specifically to the VLV operation. For example, the server could
+ exceed an administration limit processing a SearchRequest with a
+ VirtualListViewRequest control. However, the same administration
+ limit would not be exceeded should the same SearchRequest be
+ submitted by the client without the VirtualListViewRequest control.
+ In this case, the client can determine that an administration limit
+ has been exceeded in servicing the VLV request, and can if it chooses
+ resubmit the SearchRequest without the VirtualListViewRequest
+ control.
+
+ insufficientAccessRights means that the server denied the client
+ permission to perform the VLV operation.
+
+
+ Boreham et al Internet-Draft 6
+�
+ LDAP Extensions for Scrolling View May 2002
+ Browsing of Search Results
+
+ If the server determines that the results of the search presented
+ exceed the range specified in INTEGER values, it MUST return
+ offsetRangeError.
+
+6.2.1 virtualListViewError
+
+ A new LDAP error is introduced called virtualListViewError. Its value
+ is 76.
+ [Note to the IESG/IANA/RFC Editor: the value 76 has been suggested by
+ experts, had expert review, and is currently being used by some
+ implementations. The intent is to have this number designated as an
+ official IANA assigned LDAP Result Code (see draft-ietf-ldapbis-iana-
+ xx.txt, Section 3.5)]
+
+ If the server returns any code other than success (0) for
+ virtualListViewResult, then the server SHOULD return
+ virtualListViewError as the resultCode of the SearchResultDone
+ message.
+
+
+7. Protocol Example
+
+ Here we walk through the client-server interaction for a specific
+ virtual list view example: The task is to display a list of all 78564
+ people in the US company "Ace Industry". This will be done by
+ creating a graphical user interface object to display the list
+ contents, and by repeatedly sending different versions of the same
+ virtual list view search request to the server. The list view
+ displays 20 entries on the screen at a time.
+
+ We form a search with baseDN "o=Ace Industry, c=us"; search scope
+ subtree; filter "objectClass=inetOrgPerson". We attach a server sort
+ order control to the search, specifying ascending sort on attribute
+ "cn". To this base search, we attach a virtual list view request
+ control with contents determined by the user activity and send the
+ search to the server. We display the results from each search in the
+ list window and update the slider position.
+
+ When the list view is first displayed, we want to initialize the
+ contents showing the beginning of the list. Therefore, we set
+ beforeCount = 0, afterCount = 19, contentCount = 0, offset = 1 and
+ send the request to the server. The server duly returns the first 20
+ entries in the list, plus the content count = 78564 and
+ targetPosition = 1. We therefore leave the scroll bar slider at its
+ current location (the top of its range).
+
+ Say that next the user drags the scroll bar slider down to the bottom
+ of its range. We now wish to display the last 20 entries in the list,
+ so we set beforeCount = 19, afterCount = 0, contentCount = 78564,
+ offset = 78564 and send the request to the server. The server returns
+
+
+ Boreham et al Internet-Draft 7
+�
+ LDAP Extensions for Scrolling View May 2002
+ Browsing of Search Results
+
+ the last 20 entries in the list, plus the content count = 78564 and
+ targetPosition = 78564.
+
+ Next the user presses a page up key. Our page size is 20, so we set
+ beforeCount = 0, afterCount = 19, contentCount = 78564, offset =
+ 78564-19-20 and send the request to the server. The server returns
+ the preceding 20 entries in the list, plus the content count = 78564
+ and targetPosition = 78525.
+
+ Now the user grabs the scroll bar slider and drags it to 68% of the
+ way down its travel. 68% of 78564 is 53424 so we set beforeCount = 9,
+ afterCount = 10, contentCount = 78564, offset = 53424 and send the
+ request to the server. The server returns the preceding 20 entries in
+ the list, plus the content count = 78564 and targetPosition = 53424.
+
+ Lastly, the user types the letter "B". We set beforeCount = 9,
+ afterCount = 10 and greaterThanOrEqual = "B". The server finds the
+ first entry in the list not less than "B", let's say "Babs Jensen",
+ and returns the nine preceding entries, the target entry, and the
+ proceeding 10 entries. The server returns content count = 78564 and
+ targetPosition = 5234 and so the client updates its scroll bar slider
+ to 6.7% of full scale.
+
+
+8. Notes for Implementers
+
+ While the feature is expected to be generally useful for arbitrary
+ search and sort specifications, it is specifically designed for those
+ cases where the result set is very large. The intention is that this
+ feature be implemented efficiently by means of pre-computed indices
+ pertaining to a set of specific cases. For example, an offset
+ relating to "all the employees in the local organization, sorted by
+ surname" would be a common case.
+
+ The intention for client software is that the feature should fit
+ easily with the host platform's graphical user interface facilities
+ for the display of scrolling lists. Thus the task of the client
+ implementers should be one of reformatting up the requests for
+ information received from the list view code to match the format of
+ the virtual list view request and response controls.
+
+ Client implementers should note that any offset value returned by the
+ server may be approximate. Do not design clients > which only operate
+ correctly when offsets are exact.
+
+ Server implementers using indexing technology which features
+ approximate positioning should consider returning context identifiers
+ to clients. The use of a context identifier will allow the server to
+ distinguish between client requests which relate to different
+ displayed lists on the client. Consequently the server can decide
+ more intelligently whether to reposition an existing database cursor
+
+ Boreham et al Internet-Draft 8
+�
+ LDAP Extensions for Scrolling View May 2002
+ Browsing of Search Results
+
+ accurately to within a short distance of its current position, or to
+ reposition to an approximate position. Thus the client will see
+ precise offsets for "short" repositioning (e.g. paging up or down),
+ but approximate offsets for a "long" reposition (e.g. a slider
+ movement).
+
+ Server implementers are free to return status code unwillingToPerform
+ should their server be unable to service any particular VLV search.
+ This might be because the resolution of the search is computationally
+ infeasible, or because excessive server resources would be required
+ to service the search.
+
+ Client implementers should note that this control is only defined on
+ a client interaction with a single server. If a server returns
+ referrals as a part of its response to the search request, the client
+ is responsible for deciding when and how to apply this control to the
+ referred-to servers, and how to collate the results from multiple
+ servers.
+
+
+9. Relationship to "Simple Paged Results"
+
+ These controls are designed to support the virtual list view, which
+ has proved hard to implement with the Simple Paged Results mechanism
+ [SPaged]. However, the controls described here support any operation
+ possible with the Simple Paged Results mechanism. The two mechanisms
+ are not complementary; rather one has a superset of the other's
+ features. One area where the mechanism presented here is not a strict
+ superset of the Simple Paged Results scheme is that here we require a
+ sort order to be specified. No such requirement is made for paged
+ results.
+
+
+10. Security Considerations
+
+ Server implementers may wish to consider whether clients are able to
+ consume excessive server resources in requesting virtual list
+ operations. Access control to the feature itself; configuration
+ options limiting the featureÆs use to certain predetermined search
+ base DNs and filters; throttling mechanisms designed to limit the
+ ability for one client to soak up server resources, may be
+ appropriate.
+
+ Consideration should be given as to whether a client will be able to
+ retrieve the complete contents, or a significant subset of the
+ complete contents of the directory using this feature. This may be
+ undesirable in some circumstances and consequently it may be
+ necessary to enforce some access control.
+
+
+
+
+ Boreham et al Internet-Draft 9
+�
+ LDAP Extensions for Scrolling View May 2002
+ Browsing of Search Results
+
+ Clients can, using this control, determine how many entries are
+ contained within a portion of the DIT. This may constitute a security
+ hazard. Again, access controls may be appropriate.
+
+ Server implementers SHOULD exercise caution concerning the content of
+ the contextID. Should the contextID contain internal server state, it
+ may be possible for a malicious client to use that information to
+ gain unauthorized access to information.
+
+
+11. Acknowledgements
+
+ Chris Weider, Anoop Anantha, and Michael Armijo of Microsoft co-
+ authored previous versions of this document.
+
+
+12. References
+
+
+ [LDAPv3] Wahl, M., Kille, S. and T. Howes, "Lightweight Directory
+ Access Protocol (v3)", Internet Standard, RFC 2251,
+ December, 1997.
+
+ [SPaged] Weider, C., Herron, A., Anantha, A. and T. Howes, "LDAP
+ Control Extension for Simple Paged Results Manipulation",
+ RFC2696, September 1999.
+
+ [SSS] Wahl, M., Herron, A. and T. Howes, "LDAP Control
+ Extension for Server Side Sorting of Search Results",
+ RFC 2891, August, 2000.
+
+ [Bradner97] Bradner, S., "Key Words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Boreham et al Internet-Draft 10
+�
+ LDAP Extensions for Scrolling View May 2002
+ Browsing of Search Results
+
+13. Authors' Addresses
+
+ David Boreham
+ Bozeman Pass, Inc
+ +1 406 222 7093
+ david at bozemanpass.com
+
+ Jim Sermersheim
+ Novell, Inc
+ 1800 South Novell Place
+ Provo, Utah 84606, USA
+ jimse at novell.com
+
+ Asaf Kashi
+ Microsoft Corporation
+ 1 Microsoft Way
+ Redmond, WA 98052, USA
+ +1 425 882-8080
+ asafk at microsoft.com
+
+
+14. Full Copyright Statement
+
+ Copyright (C) The Internet Society (2002). All Rights Reserved.
+ This document and translations of it may be copied and furnished to
+ others, and derivative works that comment on or otherwise explain it
+ or assist in its implementation may be prepared, copied, published
+ and distributed, in whole or in part, without restriction of any
+ kind, provided that the above copyright notice and this paragraph are
+ included on all such copies and derivative works. However, this
+ document itself may not be modified in any way, such as by removing
+ the copyright notice or references to the Internet Society or other
+ Internet organizations, except as needed for the purpose of
+ developing Internet standards in which case the procedures for
+ copyrights defined in the Internet Standards process must be
+ followed, or as required to translate it into languages other than
+ English. The limited permissions granted above are perpetual and will
+ not be revoked by the Internet Society or its successors or assigns.
+ This document and the information contained herein is provided on an
+ "AS IS" basis and THE INTERNET SOCIETY AND THE
+ INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+ THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
+
+
+
+
+
+
+
+
+ Boreham et al Internet-Draft 11
\ No newline at end of file
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-locate-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-locate-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-ietf-ldapext-locate-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,362 @@
+
+
+INTERNET-DRAFT Michael P. Armijo
+<draft-ietf-ldapext-locate-08.txt> Levon Esibov
+June 5, 2002 Paul Leach
+Expires: December 5, 2002 Microsoft Corporation
+ R.L. Morgan
+ University of Washington
+
+ Discovering LDAP Services with DNS
+
+Status of this Memo
+
+ This document is an Internet-Draft and is in full conformance with
+ all provisions of Section 10 of RFC2026.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as Internet-
+ Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet- Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ Distribution of this memo is unlimited. It is filed as <draft-
+ ietf-ldapext-locate-08.txt>, and expires on December 5, 2002.
+ Please send comments to the authors.
+
+ Copyright Notice
+
+ Copyright (C) The Internet Society (2001). All Rights Reserved.
+
+
+Abstract
+
+ A Lightweight Directory Access Protocol (LDAP) request must be
+ directed to an appropriate server for processing. This document
+ specifies a method for discovering such servers using information in
+ the Domain Name System.
+
+
+
+
+
+
+
+
+
+Armijo, Esibov, Leach and Morgan [Page 1]
+
+INTERNET-DRAFT Discovering LDAP Services with DNS June 5, 2002
+
+
+
+1. Introduction
+
+ The LDAPv3 protocol [1] is designed to be a lightweight access
+ protocol for directory services supporting X.500 models. As a
+ distributed directory service, the complete set of directory
+ information (known as the Directory Information Base) is spread
+ across many different servers. Hence there is the need to
+ determine, when initiating or processing a request, which servers
+ hold the relevant information. In LDAP, the Search, Modify, Add,
+ Delete, ModifyDN, and Compare operations all specify a Distinguished
+ Name (DN) [2] on which the operation is performed. A client, or a
+ server acting on behalf of a client, must be able to determine the
+ server(s) that hold the naming context containing that DN, since
+ that server (or one of that set of servers) must receive and process
+ the request. This determination process is called "server
+ location". To support dynamic distributed operation, the
+ information needed to support server location must be available via
+ lookups done at request processing time, rather than, for example,
+ as static data configured into each client or server.
+
+ It is possible to maintain the information needed to support server
+ location in the directory itself, and X.500 directory deployments
+ typically do so. In practice, however, this only permits location
+ of servers within a limited X.500-connected set. LDAP-specific
+ methods of maintaining server location information in the directory
+ have not yet been standardized. This document defines an
+ alternative method of managing server location information using the
+ Domain Name System. This method takes advantage of the global
+ deployment of the DNS, by allowing LDAP server location information
+ for any existing DNS domain to be published by creating the records
+ described below. A full discussion of the benefits and drawbacks of
+ the various directory location and naming methods is beyond the
+ scope of this document.
+
+ RFC 2247[3] defines an algorithm for mapping DNS domain names into
+ DNs. This document defines the inverse mapping, from DNs to DNS
+ domain names, based on the conventions in [3], for use in this
+ server location method. The server location method described in
+ this document is only defined for DNs that can be so mapped, i.e.,
+ those DNs that are based on domain names. In practice this is
+ reasonable because many objects of interest are named with domain
+ names, and use of domain-name-based DNs is becoming common.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in RFC 2119 [9].
+
+
+
+
+
+
+Armijo, Esibov, Leach and Morgan [Page 2]
+
+INTERNET-DRAFT Discovering LDAP Services with DNS June 5, 2002
+
+
+2. Mapping Distinguished Names into Domain Names
+
+ This section defines a method of converting a DN into a DNS domain
+ name for use in the server location method described below. Some
+ DNs cannot be converted into a domain name. Converted DNs result
+ in a fully qualified domain name.
+
+
+ The output domain name is initially empty. The DN is processed in
+ right-to-left order (i.e., beginning with the first RDN in the
+ sequence of RDNs). An RDN is able to be converted if it (1)
+ consists of a single AttributeTypeAndValue; (2) the attribute type
+ is "DC"; and (3) the attribute value is non-null. If it can be
+ converted, the attribute value is used as a domain name component
+ (label). The first such value becomes the rightmost (i.e., most
+ significant) domain name component, and successive converted RDN
+ values extend to the left. If an RDN cannot be converted,
+ processing stops. If the output domain name is empty when
+ processing stops, the DN cannot be converted into a domain name.
+
+ For DN:
+
+ cn=John Doe,ou=accounting,dc=example,dc=net
+
+ The client would convert the DC components as defined above into
+ DNS name:
+
+ example.net
+
+ The determined DNS name will be submitted as a DNS query using the
+ algorithm defined in section 3.
+
+
+
+3. Locating LDAPv3 servers through DNS
+
+ LDAPv3 server location information is to be stored using DNS Service
+ Location Record (SRV)[5]. The data in a SRV record contains the DNS
+ name of the server that provides the LDAP service, corresponding
+ Port number, and parameters that enable the client to choose an
+ appropriate server from multiple servers according to the algorithm
+ described in [5]. The name of this record has the following format:
+
+ _<Service>._<Proto>.<Domain>.
+
+ where <Service> is "ldap", and <Proto> is "tcp". <Domain> is the
+ domain name formed by converting the DN of a naming context mastered
+ by the LDAP Server into a domain name using the algorithm in
+ Section 2. Note that "ldap" is the symbolic name for the LDAP
+ service in Assigned Numbers[6], as required by [5].
+
+
+
+Armijo, Esibov, Leach and Morgan [Page 3]
+
+INTERNET-DRAFT Discovering LDAP Services with DNS June 5, 2002
+
+
+ Presence of such records enables clients to find the LDAP servers
+ using standard DNS query [4]. A client (or server) seeking an LDAP
+ server for a particular DN converts that DN to a domain name using
+ the algorithm of Section 2, does a SRV record query using the DNS
+ name formed as described in the preceding paragraph, and interprets
+ the response as described in [5] to determine a host (or hosts) to
+ contact. As an example, a client that searches for an LDAP server
+ for the DN "ou=foo,dc=example,dc=net" that supports the TCP protocol
+ will submit a DNS query for a set of SRV records with owner name:
+
+ _ldap._tcp.example.net.
+
+ The client will receive the list of SRV records published in DNS
+ that satisfy the requested criteria. The following is an example of
+ such a record:
+
+ _ldap._tcp.example.net. IN SRV 0 0 389 phoenix.example.net.
+
+ The set of returned records may contain multiple records in the case
+ where multiple LDAP servers serve the same domain. If there are no
+ matching SRV records available for the converted DN the client SHOULD
+ NOT attempt to 'walk the tree' by removing the least significant
+ portion of the constructed fully qualified domain name.
+
+
+4. IANA Considerations
+
+ This document does not require any IANA actions.
+
+
+5. Security Considerations
+
+ DNS responses can typically be easily spoofed. Clients using this
+ location method SHOULD ensure, via use of strong security
+ mechanisms, that the LDAP server they contact is the one they
+ intended to contact. See [7] for more information on security
+ threats and security mechanisms.
+
+ When using LDAP with TLS the client MUST check the server's name,
+ as described in section 3.6 of [RFC 2830]. As specified there, the
+ name the client checks for is the server's name before any
+ potentially insecure transformations, including the SRV record
+ lookup specified in this memo. Thus the name the client MUST check
+ for is the name obtained by doing the mapping step defined in
+ section 2 above. For example, if the DN "cn=John
+ Doe,ou=accounting,dc=example,dc=net" is converted to the DNS name
+ "example.net", the server's name MUST match "example.net".
+
+ This document describes a method that uses DNS SRV records to
+ discover LDAP servers. All security considerations related to DNS
+ SRV records are inherited by this document. See the security
+ considerations section in [5] for more details.
+
+Armijo, Esibov, Leach and Morgan [Page 4]
+
+INTERNET-DRAFT Discovering LDAP Services with DNS June 5, 2002
+
+
+6. References
+
+ [1] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory Access
+ Protocol(v3)", RFC 2251, December 1997.
+
+ [2] Wahl, M., Kille, S. and T. Howes, "Lightweight Directory Access
+ Protocol (v3): UTF-8 String Representation of Distinguished
+ Names", RFC 2253, December 1997.
+
+ [3] Kille, S. and M. Wahl, "Using Domains in LDAP/X.500
+ Distinguished Names", RFC 2247, January 1998.
+
+ [4] Mockapetris, P., "DOMAIN NAMES - CONCEPTS AND FACILITIES", RFC
+ 1034, STD 13, November 1987.
+
+ [5] Gulbrandsen, A., Vixie, P. and L. Esibov, "A DNS RR for
+ specifying the location of services (DNS SRV)", RFC 2782,
+ February 2000.
+
+ [6] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC
+ 1700, October 1994.
+
+ [7] Wahl, M., Alvestrand, H., Hodges, J. and Morgan, R.,
+ "Authentication Methods for LDAP", RFC 2829, May 2000.
+
+ [8] Hodges, J., Morgan, R., Wahl, M., "Lightweight Directory Access
+ Protocol (v3): Extension for Transport Layer Security",
+ RFC 2830, May 2000.
+
+ [9] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March 1997.
+
+
+
+
+7. Authors' Addresses
+
+ Michael P. Armijo
+ One Microsoft Way
+ Redmond, WA 98052
+ micharm at microsoft.com
+
+ Paul Leach
+ One Microsoft Way
+ Redmond, WA 98052
+ paulle at microsoft.com
+
+ Levon Esibov
+ One Microsoft Way
+ Redmond, WA 98052
+ levone at microsoft.com
+
+
+Armijo, Esibov, Leach and Morgan [Page 5]
+
+INTERNET-DRAFT Discovering LDAP Services with DNS June 5, 2002
+
+ RL "Bob" Morgan
+ University of Washington
+ 4545 15th Ave NE
+ Seattle, WA 98105
+ US
+
+ Phone: +1 206 221 3307
+ EMail: rlmorgan at washington.edu
+ URI: http://staff.washington.edu/rlmorgan/
+
+
+8. Intellectual Property Statement
+
+The IETF takes no position regarding the validity or scope of any
+intellectual property or other rights that might be claimed to pertain
+to the implementation or use of the technology described in this
+document or the extent to which any license under such rights might or
+might not be available; neither does it represent that it has made any
+effort to identify any such rights. Information on the IETF's
+procedures with respect to rights in standards-track and standards-
+related documentation can be found in BCP-11. Copies of claims of
+rights made available for publication and any assurances of licenses to
+be made available, or the result of an attempt made to obtain a general
+license or permission for the use of such proprietary rights by
+implementors or users of this specification can be obtained from the
+IETF Secretariat.
+
+The IETF invites any interested party to bring to its attention any
+copyrights, patents or patent applications, or other proprietary rights
+which may cover technology that may be required to practice this
+standard. Please address the information to the IETF Executive
+Director.
+
+
+9. Full Copyright Statement
+
+Copyright (C) The Internet Society (2001). All Rights Reserved.
+This document and translations of it may be copied and furnished to
+others, and derivative works that comment on or otherwise explain it or
+assist in its implementation may be prepared, copied, published and
+distributed, in whole or in part, without restriction of any kind,
+provided that the above copyright notice and this paragraph are included
+on all such copies and derivative works. However, this document itself
+may not be modified in any way, such as by removing the copyright notice
+or references to the Internet Society or other Internet organizations,
+except as needed for the purpose of developing Internet standards in
+which case the procedures for copyrights defined in the Internet
+Standards process must be followed, or as required to translate it into
+languages other than English. The limited permissions granted above are
+perpetual and will not be revoked by the Internet Society or its
+successors or assigns. This document and the information contained
+herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE
+
+
+Armijo, Esibov, Leach and Morgan [Page 6]
+
+INTERNET-DRAFT Discovering LDAP Services with DNS June 5, 2002
+
+INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
+
+
+10. Expiration Date
+
+ This document is filed as <draft-ietf-ldapext-locate-08.txt>, and
+ expires December 5, 2002.
+
+Armijo, Esibov, Leach and Morgan [Page 7]
\ No newline at end of file
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-joslin-config-schema-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-joslin-config-schema-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-joslin-config-schema-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1790 @@
+
+INTERNET-DRAFT M. Ansari
+draft-joslin-config-schema-10.txt Infoblox
+Category: Informational L. Howard
+Expires: September 2005 PADL Software Pty. Ltd.
+ B. Neal-Joslin, Editor
+ Hewlett-Packard Company
+ 4 March, 2005
+
+
+ A Configuration Schema for LDAP Based
+ Directory User Agents
+
+
+Status of this Memo
+
+ Copyright (C) The Internet Society (2005). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+ This document and the information contained herein are provided on
+ an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
+ REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND
+ THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT
+ THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR
+ ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
+ PARTICULAR PURPOSE.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as Internet-
+ Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six
+ months and may be updated, replaced, or obsoleted by other
+ documents at any time. It is inappropriate to use Internet-Drafts
+ as reference material or to cite them other than as "work in
+ progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+IPR Statement
+
+ By submitting this Internet-Draft, I certify that any applicable
+
+
+
+Neal-Joslin [Page 1]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ patent or other IPR claims of which I am aware have been disclosed,
+ or will be disclosed, and any of which I become aware will be
+ disclosed, in accordance with RFC 3668.
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed
+ to pertain to the implementation or use of the technology described
+ in this document or the extent to which any license under such
+ rights might or might not be available; nor does it represent that
+ it has made any independent effort to identify any such rights.
+ Information on the procedures with respect to rights in RFC
+ documents can be found in BCP 78 and BCP 79.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use
+ of such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository
+ at http://www.ietf.org/ipr.
+
+
+
+
+
+Abstract
+
+ This document describes a mechanism for distributed configuration
+ of similar directory user agents. This document defines a schema
+ for configuration of these DUAs that may be discovered using the
+ Lightweight Directory Access Protocol in RFC 2251[1]. A set of
+ attribute types and an objectclass are proposed, along with
+ specific guidelines for interpreting them. A proposal of using
+ attribute and objectclass mapping allows DUAs to re-configure their
+ schema to that of the end user's environment. This document is
+ intended to be a skeleton for future documents that describe
+ configuration of specific DUA services.
+
+
+
+
+
+
+
+
+
+Neal-Joslin [Page 2]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ Table of Contents
+
+ 1. Background & Motivation ...................................... 4
+ 2. General Issues ............................................... 5
+ 2.1 Terminology .................................................. 5
+ 2.2 Attributes ................................................... 5
+ 2.3 Object Classes ............................................... 6
+ 2.4 Syntax Definitions ........................................... 6
+ 3. Attribute Definitions ........................................ 6
+ 4. Class Definition ............................................. 8
+ 5. Implementation Details ....................................... 9
+ 5.1.1 Interpreting the preferredServerList attribute ............. 9
+ 5.1.2 Interpreting the defaultServerList attribute ............... 10
+ 5.1.3 Interpreting the defaultSearchBase attribute ............... 11
+ 5.1.4 Interpreting the authenticationMethod attribute ............ 12
+ 5.1.5 Interpreting the credentialLevel attribute ................. 13
+ 5.1.6 Interpreting the serviceSearchDescriptor attribute ......... 14
+ 5.1.7 Interpreting the attributeMap attribute .................... 17
+ 5.1.8 Interpreting the searchTimeLimit attribute ................. 20
+ 5.1.9 Interpreting the bindTimeLimit attribute ................... 20
+ 5.1.10 Interpreting the followReferrals attribute ................ 21
+ 5.1.11 Interpreting the dereferenceAliases attribute ............. 21
+ 5.1.12 Interpreting the profileTTL attribute ..................... 21
+ 5.1.13 Interpreting the objectclassMap attribute ................. 22
+ 5.1.14 Interpreting the defaultSearchScope attribute ............. 24
+ 5.1.15 Interpreting the serviceAuthenticationMethod attribute .... 24
+ 5.1.16 Interpreting the serviceCredentialLevel attribute ......... 25
+ 5.2 Binding to the Directory Server .............................. 26
+ 6. Security Considerations ...................................... 26
+ 7. Acknowledgments .............................................. 27
+ 8. References ................................................... 27
+ 8.1 Normative References ......................................... 27
+ 8.2 Informative References ....................................... 28
+ 9. Examples ..................................................... 29
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Neal-Joslin [Page 3]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+1. Background & Motivation
+
+ The LDAP protocol has brought about a new and nearly ubiquitous
+ acceptance of the directory server. Many new client applications
+ (DUAs) are being created that use LDAP directories for many
+ different services. And although the LDAP protocol has eased the
+ development of these applications, some challenges still exist for
+ both developers and directory administrators.
+
+ The authors of this document are implementers of DUAs described by
+ RFC 2307 [2]. In developing these agents, we felt there are
+ several issues that still need to be addressed to ease the
+ deployment and configuration of a large network of these DUAs.
+
+ One of these challenges stems from the lack of a utopian schema. A
+ utopian schema would be one that every application developer could
+ agree upon and that would support every application. Unfortunately
+ today, many DUAs define their own schema (like RFC 2307 vs.
+ Microsoft's Services for Unix [3]) containing similar attributes,
+ but with different attribute names. This can lead to data
+ redundancy within directory entries and give directory
+ administrators unwanted challenges, updating schemas and
+ synchronizing data.
+
+ So, one goal of this document is to eliminate data redundancy by
+ having DUAs configure themselves to the schema of the deployed
+ directory, instead of forcing its own schema on the directory.
+
+ Another goal of this document is to provide the DUA with enough
+ configuration information so that it can discover how to retrieve
+ its data in the directory, such as what locations to search in the
+ directory tree.
+
+ Finally, this document intends to describe a configuration method
+ for DUAs that can be shared among many DUAs, on various platforms,
+ providing as such, a configuration profile, the purpose is to
+ centralize and simplify management of DUAs.
+
+ This document is intended to provide the skeleton framework for
+ future drafts, which will describe the individual implementation
+ details for the particular services provided by that DUA. The
+ authors of this document plan to develop such a document for the
+ Network Information Service DUA, described by RFC 2307 or its
+ successor.
+
+ We expect that as DUAs take advantage of this configuration scheme,
+ each DUA will require additional configuration parameters, not
+ specified by this document. Thus, we would expect that new
+
+
+
+Neal-Joslin [Page 4]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ auxiliary object classes, containing new configuration attributes
+ will be created, and then joined with the structural class defined
+ by this document to create a configuration profile for a particular
+ DUA service. And that by joining various auxiliary objectclasses
+ for different DUA services, that configuration of various DUA
+ services can be controlled by a single configuration profile entry.
+
+
+2. General Issues
+
+ The schema defined by this document is defined under the "DUA
+ Configuration Schema." This schema is derived from the OID: iso
+ (1) org (3) dod (6) internet (1) private (4) enterprises (1)
+ Hewlett-Packard Company (11) directory (1) LDAP-UX Integration
+ Project (3) DUA Configuration Schema (1). This OID is represented
+ in this document by the keystring "DUAConfSchemaOID"
+ (1.3.6.1.4.1.11.1.3.1).
+
+2.1 Terminology
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
+ this document are to be interpreted as described in BCP 14 (RFC
+ 2119) [4].
+
+2.2 Attributes
+
+ The attributes and classes defined in this document are summarized
+ below.
+
+ The following attributes are defined in this document:
+
+ preferredServerList
+ defaultServerList
+ defaultSearchBase
+ defaultSearchScope
+ authenticationMethod
+ credentialLevel
+ serviceSearchDescriptor
+ serviceCredentialLevel
+ serviceAuthenticationMethod
+ attributeMap
+ objectclassMap
+ searchTimeLimit
+ bindTimeLimit
+ followReferrals
+ dereferenceAliases
+ profileTTL
+
+
+
+Neal-Joslin [Page 5]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+2.3 Object Classes
+
+ The following object class is defined in this document:
+
+ DUAConfigProfile
+
+2.4 Syntax Definitions
+
+ The following syntax definitions are used throughout this document.
+ This document does not define new syntaxes that must be supported
+ by the directory server. The string encoding used by the
+ attributes defined in this document can be found section 5.
+
+ keystring as defined by RFC 2252 [5]
+ descr as defined by RFC 2252 section 4.1
+ a as defined by RFC 2252 section 4.1
+ d as defined by RFC 2252 section 4.1
+ space as defined by RFC 2252 section 4.1
+ whsp as defined by RFC 2252 section 4.1
+ base as defined by RFC 2253 [6]
+ DistinguishedName as defined by RFC 2253 section 2
+ RelativeDistinguishedName as defined by RFC 2253 section 2
+ scope as defined by RFC 2255 [7]
+ host as defined by RFC 3986
+ section 3.2.2 [8]
+ hostport host [":" port ]
+ port as defined by RFC 3986
+ section 3.2.3 [8]
+ serviceID = keystring
+
+
+3. Attribute Definitions
+
+ This section contains attribute definitions to be used by DUAs when
+ discovering their configuration.
+
+ ( DUAConfSchemaOID.1.0 NAME 'defaultServerList'
+ DESC 'Default LDAP server host addresses used by a DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+ ( DUAConfSchemaOID.1.1 NAME 'defaultSearchBase'
+ DESC 'Default LDAP base DN used by a DUA'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE )
+
+
+
+
+Neal-Joslin [Page 6]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ ( DUAConfSchemaOID.1.2 NAME 'preferredServerList'
+ DESC 'Preferred LDAP server host addresses to be used by a
+ DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+ ( DUAConfSchemaOID.1.3 NAME 'searchTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for a
+ search to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+ ( DUAConfSchemaOID.1.4 NAME 'bindTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for the
+ bind operation to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+ ( DUAConfSchemaOID.1.5 NAME 'followReferrals'
+ DESC 'Tells DUA if it should follow referrals
+ returned by a DSA result'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+ ( DUAConfSchemaOID.1.6 NAME 'authenticationMethod'
+ DESC 'A keystring which identifies the type of
+ authentication methods used to contact the DSA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+ ( DUAConfSchemaOID.1.7 NAME 'profileTTL'
+ DESC 'Time to live, in seconds, before a client DUA
+ should re-read this configuration profile'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+ ( DUAConfSchemaOID.1.9 NAME 'attributeMap'
+ DESC 'Attribute mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+ ( DUAConfSchemaOID.1.10 NAME 'credentialLevel'
+
+
+
+Neal-Joslin [Page 7]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ DESC 'Identifies type of credentials a DUA should
+ use when binding to the LDAP server'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+ ( DUAConfSchemaOID.1.11 NAME 'objectclassMap'
+ DESC 'Objectclass mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+ ( DUAConfSchemaOID.1.12 NAME 'defaultSearchScope'
+ DESC 'Default search scope used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+ ( DUAConfSchemaOID.1.13 NAME 'serviceCredentialLevel'
+ DESC 'Identifies type of credentials a DUA
+ should use when binding to the LDAP server for a
+ specific service'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+ ( DUAConfSchemaOID.1.14 NAME 'serviceSearchDescriptor'
+ DESC 'LDAP search descriptor list used by a DUA'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ ( DUAConfSchemaOID.1.15 NAME 'serviceAuthenticationMethod'
+ DESC 'Identifies type of authentication method a DUA
+ should use when binding to the LDAP server for a
+ specific service'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ ( DUAConfSchemaOID.1.16 NAME 'dereferenceAliases'
+ DESC 'Tells DUA if it should dereference aliases'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+
+4. Class Definition
+
+ The objectclass below is constructed from the attributes defined in
+ 3, with the exception of the cn attribute, which is defined in RFC
+ 2256 [9]. cn is used to represent the name of the DUA
+
+
+
+Neal-Joslin [Page 8]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ configuration profile.
+
+ ( DUAConfSchemaOID.2.5 NAME 'DUAConfigProfile'
+ SUP top STRUCTURAL
+ DESC 'Abstraction of a base configuration for a DUA'
+ MUST ( cn )
+ MAY ( defaultServerList $ preferredServerList $
+ defaultSearchBase $ defaultSearchScope $
+ searchTimeLimit $ bindTimeLimit $
+ credentialLevel $ authenticationMethod $
+ followReferrals $ dereferenceAliases $
+ serviceSearchDescriptor $ serviceCredentialLevel $
+ serviceAuthenticationMethod $ objectclassMap $
+ attributeMap $ profileTTL ) )
+
+
+5. Implementation Details
+
+5.1.1 Interpreting the preferredServerList attribute
+
+ Interpretation:
+
+ As described by the syntax, the preferredServerList parameter
+ is a white-space separated list of server addresses and
+ associated port numbers. When the DUA needs to contact a DSA,
+ the DUA MUST first attempt to contact one of the servers
+ listed in the preferredServerList attribute. The DUA MUST
+ contact the DSA specified by the first server address in the
+ list. If that DSA is unavailable, the remaining DSAs MUST be
+ queried in the order provided (left to right) until a
+ connection is established with a DSA. Once a connection with
+ a DSA is established, the DUA SHOULD NOT attempt to establish
+ a connection with the remaining DSAs. The purpose of
+ enumerating multiple DSAs is not for supplemental data, but
+ for high availability of replicated data. This is also the
+ main reason why an LDAP URL[10] syntax was not selected for
+ this document.
+
+ If the DUA is unable to contact any of the DSAs specified by
+ the preferredServerList, the defaultServerList attribute MUST
+ be examined, as described in 5.1.2. The servers identified by
+ the preferredServerList MUST be contacted before attempting to
+ contact any of the servers specified by the defaultServerList.
+
+ Syntax:
+
+ serverList = hostport *(space [hostport])
+
+
+
+
+Neal-Joslin [Page 9]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ Default Value:
+
+ The preferredServerList attribute does not have a default
+ value. Instead a DUA MUST examine the defaultServerList
+ attribute.
+
+ Other attribute notes:
+
+ This attribute is used in conjunction with the
+ defaultServerList attribute. Please see section 5.1.2 for
+ additional implementation notes. Determining how the DUA
+ should query the DSAs also depends on the additional
+ configuration attributes, credentialLevel,
+ serviceCredentialLevel, bindTimeLimit,
+ serviceAuthenticationMethod and authenticationMethod. Please
+ review section 5.2 for details on how a DUA should properly
+ bind to a DSA.
+
+ Example:
+
+ preferredServerList: 192.168.169.170 ldap1.mycorp.com
+ ldap2:1389 [1080::8:800:200C:417A]:389
+
+5.1.2 Interpreting the defaultServerList attribute
+
+ Interpretation:
+
+ The defaultServerList attribute MUST only be examined if the
+ preferredServerList attribute is not provided, or the DUA is
+ unable to establish a connection with one of the DSAs
+ specified by the preferredServerList.
+
+ If more than one address is provided, the DUA may choose to
+ either accept the order provided, or choose to create its own
+ order, based on what the DUA determines is the "best" order of
+ servers to query. For example, the DUA may choose to examine
+ the server list and choose to query the DSAs in order based on
+ the "closest" server or the server with the least amount of
+ "load." Interpretation of the "best" server order is entirely
+ up to the DUA, and not part of this document.
+
+ Once the order of server addresses is determined, the DUA
+ contacts the DSA specified by the first server address in the
+ list. If that DSA is unavailable, the remaining DSAs SHOULD
+ be queried until an available DSA is found or no more DSAs are
+ available. If a server address or port is invalid, the DUA
+ SHOULD proceed to the next server address as described just
+ above.
+
+
+
+Neal-Joslin [Page 10]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ Syntax:
+
+ serverList = hostport *(space [hostport])
+
+ Default Value:
+
+ If a defaultServerList attribute is not provided, the DUA MAY
+ attempt to contact the same DSA that provided the
+ configuration profile entry itself. The default DSA is
+ contacted only if the preferredServerList attribute is also
+ not provided.
+
+ Other attribute notes:
+
+ This attribute is used in conjunction with the
+ preferredServerList attribute. Please see section 5.1.1 for
+ additional implementation notes. Determining how the DUA
+ should query the DSAs also depends on the additional
+ configuration attributes, credentialLevel,
+ serviceCredentialLevel, bindTimeLimit,
+ serviceAuthenticationMethod and authenticationMethod. Please
+ review section 5.2 for details on how a DUA should properly
+ contact a DSA.
+
+ Example:
+
+ defaultServerList: 192.168.169.170 ldap1.mycorp.com
+ ldap2:1389 [1080::8:800:200C:417A]:5912
+
+5.1.3 Interpreting the defaultSearchBase attribute
+
+ Interpretation:
+
+ When a DUA needs to search the DSA for information, this
+ attribute provides the base for the search. This parameter
+ can be overridden or appended by the serviceSearchDescriptor
+ attribute. See section 5.1.6.
+
+ Syntax:
+
+ Defined by OID 1.3.6.1.4.1.1466.115.121.1.12 [5]
+
+ Default Value:
+
+ There is no default value for the defaultSearchBase. A DUA
+ MAY define its own method for determining the search base, if
+ the defaultSearchBase is not provided.
+
+
+
+
+Neal-Joslin [Page 11]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ Other attribute notes:
+
+ This attribute is used in conjunction with the
+ serviceSearchDescriptor attribute. See section 5.1.6.
+
+ Example:
+
+ defaultSearchBase: dc=mycompany,dc=com
+
+5.1.4 Interpreting the authenticationMethod attribute
+
+ Interpretation:
+
+ The authenticationMethod attribute defines an ordered list of
+ LDAP bind methods to be used when attempting to contact a
+ DSA[11]. The serviceAuthenticationMethod overrides this
+ value for a particular service (see 5.1.15.) Each method MUST
+ be attempted in the order provided by the attribute, until a
+ successful LDAP bind is performed ("none" is assumed to always
+ be successful.) However the DUA MAY skip over one or more
+ methods. See section 5.2 for more information.
+
+ none - The DUA does not perform an LDAP bind.
+ simple - The DUA performs an LDAP simple bind.
+ sasl - The DUA performs an LDAP SASL[12] bind using the
+ specified SASL mechanism and options.
+ tls - The DUA performs an LDAP StartTLS operation
+ followed by the specified bind method (for more
+ information refer to section 5.1 of RFC 2830 [13]).
+
+ Syntax:
+
+ authMethod = method *(";" method)
+ method = none | simple | sasl | tls
+ none = "none"
+ simple = "simple"
+ sasl = "sasl/" saslmech [ ":" sasloption ]
+ sasloption = "auth-conf" | "auth-int"
+ tls = "tls:" (none | simple | sasl)
+ saslmech = SASL mechanism name as defined in [18]
+
+ Note: Although multiple authentication methods may be
+ specified in the syntax, at most one of each type is allowed.
+ I.E. "simple;simple" is invalid.
+
+ Default Value:
+
+ If the authenticationMethod or serviceAuthenticationMethod
+
+
+
+Neal-Joslin [Page 12]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ (for that particular service) attributes are not provided, the
+ DUA MAY choose to bind to the DSA using any method defined by
+ the DUA. However, if either authenticationMethod or
+ serviceAuthenticationMethod are provided, the DUA MUST only
+ use the methods specified.
+
+ Other attribute notes:
+
+ When using TLS, the string "tls:sasl/EXTERNAL" implies that
+ two way (DSA and DUA) authentication is to be performed. Any
+ other TLS authentication method implies one way (DSA side
+ credential) authentication.
+
+ Determining how the DUA should bind to the DSAs also depends
+ on the additional configuration attributes, credentialLevel,
+ serviceCredentialLevel, serviceAuthenticationMethod and
+ bindTimeLimit. Please review section 5.2 for details on how
+ to properly bind to a DSA.
+
+ Example:
+
+ authenticationMethod: tls:simple;sasl/DIGEST-MD5
+ (see [14])
+
+5.1.5 Interpreting the credentialLevel attribute
+
+ Interpretation:
+
+ The credentialLevel attribute defines what type(s) of
+ credential(s) the DUA MUST use when contacting the DSA. The
+ serviceCredentialLevel overrides this value for a particular
+ service (5.1.16.) The credentialLevel can contain more than
+ one credential type, separated by white space.
+
+ anonymous - The DUA SHOULD NOT use a credential when binding
+ to the DSA.
+
+ proxy - The DUA SHOULD use a known proxy identity when binding
+ to the DSA. A proxy identity is a specific credential that
+ was created to represent the DUA. This document does not
+ define how the proxy user should be created, or how the DUA
+ should determine what the proxy user's credential is. This
+ functionality is up to each implementation.
+
+ self - When the DUA is acting on behalf of a known identity,
+ the DUA MUST attempt to bind to the DSA as that identity. The
+ DUA should contain methods to determine the identity of the
+ user such that that identity can be authenticated by the
+
+
+
+Neal-Joslin [Page 13]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ directory server using the defined authentication methods.
+
+ If the credentialLevel contains more than one credential type,
+ the DUA MUST use the credential types in the order specified.
+ However, the DUA MAY skip over one or more credential types.
+ As soon as the DUA is able to successfully bind to the DSA,
+ the DUA SHOULD NOT attempt to bind using the remaining
+ credential types.
+
+ Syntax:
+
+ credentialLevel = level *(space level)
+ level = self | proxy | anonymous
+ self = "self"
+ proxy = "proxy"
+ anonymous = "anonymous"
+
+ Note: Although multiple credential levels may be specified in
+ the syntax, at most one of each type is allowed. Refer to
+ implementation notes in section 5.2 for additional syntax
+ requirements for the credentialLevel attribute.
+
+ Default Value:
+
+ If the credentialLevel attribute is not defined, the DUA
+ SHOULD NOT use a credential when binding to the DSA (also
+ known as anonymous.)
+
+ Other attribute notes:
+
+ Determining how the DUA should bind to the DSAs also depends
+ on the additional configuration attributes,
+ authenticationMethod, serviceAuthenticationMethod,
+ serviceCredentialLevel and bindTimeLimit. Please review
+ section 5.2 for details on how to properly bind to a DSA.
+
+ Example:
+
+ credentialLevel: proxy anonymous
+
+5.1.6 Interpreting the serviceSearchDescriptor attribute
+
+ Interpretation:
+
+ The serviceSearchDescriptor attribute defines how and where a
+ DUA SHOULD search for information for a particular service.
+ The serviceSearchDescriptor contains a serviceID, followed by
+ one or more base-scope-filter triples. These base-scope-
+
+
+
+Neal-Joslin [Page 14]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ filter triples are used to define searches only for the
+ specific service. Multiple base-scope-filters allow the DUA
+ to search for data in multiple locations of the DIT. Although
+ this syntax is very similar to the LDAP URL[8], this draft
+ requires the ability to supply multiple hosts as part of the
+ configuration of the DSA. In addition, an ordered list of
+ search descriptors is required, which can not be specified by
+ the LDAP URL.
+
+ In addition to the triples, serviceSearchDescriptor might also
+ contain the DN of an entry that will contain an alternate
+ profile. The DSA SHOULD re-evaluate the alternate profile and
+ perform searches as specified by that profile.
+
+ If the base, as defined in the serviceSearchDescriptor, is
+ followed by the "," (ASCII 0x2C) character, this base is known
+ as a relative base. This relative base may be constructed of
+ one or more RDN components. The DUA MUST define the search
+ base by appending the relative base with the
+ defaultSearchBase.
+
+ Syntax:
+
+ serviceSearchList = serviceID ":" serviceSearchDesc
+ *(";" serviceSearchDesc)
+ serviceSearchDesc = confReferral | searchDescriptor
+ searchDescriptor = [base] ["?" [scope] ["?" [filter]]]
+ confReferral = "ref:" DistinguishedName
+ base = DistinguishedName |
+ RelativeBaseName
+ RelativeBaseName = 1*(RelativeDistinguishedName ",")
+ filter = UTF-8 encoded string
+
+ If the base or filter contains the ";" (ASCII 0x3B) "?" (ASCII
+ 0x3F) """ (ASCII 0x22) or "\" (ASCII 0x5C) characters, those
+ characters MUST be escaped (preceded with the "\" character.)
+ Alternately the DN may be surrounded by quotes (ASCII 0x22.)
+ Refer to RFC 2253, section 4. If the base or filter are
+ surrounded by quotes, only the """ character needs to be
+ escaped. Any character that is preceded by the "\" character,
+ which does not need to be escaped results in both "\"
+ character and the character itself.
+
+ The usage and syntax of the filter string MUST be defined by
+ the DUA service. A suggested syntax would be that as defined
+ by RFC 2254.
+
+ If a DUA is performing a search for a particular service,
+
+
+
+Neal-Joslin [Page 15]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ which has a serviceSearchDescriptor defined, the DUA MUST set
+ the base, scope and filter as defined. Each base-scope-filter
+ triple represents a single LDAP search operation. If multiple
+ base-scope-filter triples are provided in the
+ serviceSearchDescriptor, the DUA SHOULD perform multiple
+ search requests and in that case it MUST be in the order
+ specified by the serviceSearchDescriptor.
+
+ FYI: Service search descriptors do not exactly follow the LDAP
+ URL syntax [7]. The reasoning for this difference is to
+ separate the host name(s) from the filter. This allows the
+ DUA to have a more flexible solution in choosing its DSA.
+
+ Default Values:
+
+ If a serviceSearchDescriptor, or an element their-of, is not
+ defined for a particular service, the DUA SHOULD create the
+ base, scope and filter as follows:
+
+ base - Same as the defaultSearchBase or as
+ defined by the DUA service.
+ scope - Same as the defaultSearchScope or as
+ defined by the DUA service.
+ filter - Use defaults as defined by DUAs service.
+
+ If the defaultSearchBase or defaultSearchScope are not
+ defined, then the DUA service may use its own default.
+
+
+ Other attribute notes:
+
+ If a serviceSearchDescriptor exists for a given service, the
+ service MUST use at least one base-scope-filter triple in
+ performing searches. It SHOULD perform multiple searches per
+ service if multiple base-scope-filter triples are defined for
+ that service.
+
+ The details of how the "filter" is interpreted by each DUA's
+ service is defined by that service. This means the filter is
+ NOT REQUIRED to be a legal LDAP filter [15]. Furthermore,
+ determining how attribute and objectclass mapping affects that
+ search filter MUST be defined by the service. I.E. The DUA
+ SHOULD specify if the attributes in the filter have assumed to
+ already have been mapped, or if it is expected that attribute
+ mapping (see 5.1.7) would be applied to the filter. In
+ general practice, implementation and usability suggests that
+ attribute and objectclass mapping (sections 5.1.7 and 5.1.13)
+ SHOULD NOT be applied to the filter defined in the
+
+
+
+Neal-Joslin [Page 16]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ serviceSearchDescriptor.
+
+ It is assumed the serviceID is unique to a given service
+ within the scope of any DUA that might use the given profile.
+
+ Example:
+
+ defaultSearchBase: dc=mycompany,dc=com
+
+ serviceSearchDescriptor: email:ou=people,ou=org1,?
+ one;ou=contractor,?one;
+ ref:cn=profile,dc=mycompany,dc=com
+
+ In this example, the DUA MUST search in
+ "ou=people,ou=org1,dc=mycompany,dc=com" first. The DUA then
+ SHOULD search in "ou=contractor,dc=mycompany,dc=com", and
+ finally it SHOULD search other locations as specified in the
+ profile described at "cn=profile,dc=mycompany,dc=com". For
+ more examples, see section 9.
+
+
+5.1.7 Interpreting the attributeMap attribute
+
+ Interpretation:
+
+ A DUA SHOULD perform attribute mapping for all LDAP operations
+ performed for a service that has an attributeMap entry.
+ Because attribute mapping is specific to each service within
+ the DUA, a "serviceID" is required as part of the attributeMap
+ syntax. I.E. not all DUA services should necessarily perform
+ the same attribute mapping.
+
+ Attribute mapping in general is expected be used to map
+ attributes of similar syntaxes as specified by the service
+ supported by the DUA. However, a DUA is NOT REQUIRED to
+ verify syntaxes of mapped attributes. If the DUA does
+ discover that the syntax of the mapped attribute does not
+ match that of the original attribute, the DUA MAY perform
+ translation between the original syntax and the new syntax.
+ When DUAs do support attribute value translation, the list of
+ capable translations SHOULD be documented in a description of
+ the DUA service.
+
+ Syntax:
+
+ attributeMap = serviceID ":" origAttribute "="
+ attributes
+ origAttribute = attribute
+
+
+
+Neal-Joslin [Page 17]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ attributes = wattribute *( space wattribute )
+ wattribute = whsp newAttribute whsp
+ newAttribute = descr | "*NULL*"
+ attribute = descr
+
+ Values of the origAttribute are defined by and SHOULD be
+ documented for the DUA service, as a list of known supported
+ attributes.
+
+ Default Value:
+
+ By default, attributes that are used by a DUA service are not
+ mapped unless mapped by the attributeMap attributes. The DUA
+ MUST NOT map an attribute unless it is explicitly defined by
+ an attributeMap attribute.
+
+ Other attribute notes:
+
+ When an attribute is mapped to the special keystring "*NULL*",
+ the DUA SHOULD NOT request that attribute from the DSA, when
+ performing a search or compare request. If the DUA is also
+ capable of performing modification on the DSA, the DUA SHOULD
+ NOT attempt to modify any attribute which has been mapped to
+ "*NULL*".
+
+ It is assumed the serviceID is unique to a given service
+ within the scope of the DSA.
+
+ A DUA SHOULD support attribute mapping. If it does, the
+ following additional rules apply:
+
+ 1) The list of attributes that are allowed to be mapped SHOULD
+ defined by and documented for the service.
+
+ 2) Any supported translation of mapping from attributes of
+ dissimilar syntax SHOULD also be defined and documented.
+
+ 3) If an attribute may be mapped to multiple attributes the
+ DSA SHOULD define a syntax or usage statement for how the new
+ attribute value will be constructed. Furthermore, the
+ resulting translated syntax of the combined attributes MUST be
+ the same as the attribute being mapped.
+
+ 4) A DUA MUST support mapping of attributes using the
+ attribute OID. It SHOULD support attribute mapping based on
+ the attribute name.
+
+ 5) It is recommended that attribute mapping not be applied to
+
+
+
+Neal-Joslin [Page 18]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ parents of the target entries.
+
+ 6) Attribute mapping is not recursive. In other words, if an
+ attribute has been mapped to a target attribute, that new
+ target attribute MUST NOT be mapped to a third attribute.
+
+ 7) A given attribute MUST only be mapped once for a given
+ service.
+
+
+ Example:
+
+ Suppose a DUA is acting on behalf of an email service. By
+ default the "email" service uses the "mail", "cn" and "sn"
+ attributes to discover mail addresses. However, the email
+ service has been deployed in an environment that uses
+ "employeeName" instead of "cn." And also instead of using the
+ "mail" attribute for email addresses, the "email" attribute is
+ used for that purpose. In this case, the attribute "cn" can
+ be mapped to "employeeName," allowing the DUA to perform
+ searches using the "employeeName" attribute as part of the
+ search filter, instead of "cn". And "mail" can be mapped to
+ "email" when attempting to retrieve the email address. This
+ mapping is performed by adding the attributeMap attributes to
+ the configuration profile entry as follows (represented in
+ LDIF[16]):
+
+ attributeMap: email:cn=employeeName
+ attributeMap: email:mail=email
+
+ As described above, the DUA MAY also map a single attribute to
+ multiple attributes. When mapping a single attribute to more
+ than one attribute, the new syntax or usage of the mapped
+ attribute must be intrinsically defined by the DUAs service.
+
+ attributeMap: email:cn=firstName lastName
+
+ In the above example, the DUA creates the new value by
+ generating space separated string using the values of the
+ mapped attributes. In this case, a special mapping must be
+ defined so that a proper search filter can be created. For
+ further information on this example, please refer to section
+ 9.
+
+ Another possibility for multiple attribute mapping might come
+ in when constructing returned attributes. For example,
+ perhaps all email addresses are of a guaranteed syntax of
+ "uid at domain". And in this example, the uid and domain are
+
+
+
+Neal-Joslin [Page 19]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ separate attributes in the directory. The email service may
+ define that if the "mail" attribute is mapped to two different
+ attributes, it will construct the email address as a
+ concatenation of the uid and domain attributes, placing the
+ "@" character between them.
+
+ attributeMap: email:mail=uid domain
+
+
+5.1.8 Interpreting the searchTimeLimit attribute
+
+ Interpretation:
+
+ The searchTimeLimit attribute defines the maximum time, in
+ seconds, that a DUA SHOULD allow to perform a search request.
+
+ Syntax:
+
+ Defined by OID 1.3.6.1.4.1.1466.115.121.1.27. [5]
+
+ Default Value:
+
+ If the searchTimeLimit attribute is not defined or is zero,
+ the search time limit is not enforced by the DUA.
+
+ Other attribute notes:
+
+ This time limit only includes the amount of time required to
+ perform the LDAP search operation. If other operations are
+ required, those operations do not need to be considered part
+ of the search time. See bindTimeLimit for the LDAP bind
+ operation.
+
+5.1.9 Interpreting the bindTimeLimit attribute
+
+ Interpretation:
+
+ The bindTimeLimit attribute defines the maximum time, in
+ seconds, that a DUA SHOULD allow to perform an LDAP bind
+ request against each server on the preferredServerList or
+ defaultServerList.
+
+ Syntax:
+
+ Defined by OID 1.3.6.1.4.1.1466.115.121.1.27.
+
+ Default Value:
+
+
+
+
+Neal-Joslin [Page 20]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ If the bindTimeLimit attribute is not defined or is zero, the
+ bind time limit is not enforced by the DUA.
+
+ Other attribute notes:
+
+ This time limit only includes the amount of time required to
+ perform the LDAP bind operation. If other operations are
+ required, those operations do not need to be considered part
+ of the bind time. See searchTimeLimit for the LDAP search
+ operation.
+
+5.1.10 Interpreting the followReferrals attribute
+
+ Interpretation:
+
+ If set to TRUE, the DUA SHOULD follow any referrals if
+ discovered.
+
+ If set to FALSE, the DUA MUST NOT follow referrals.
+
+ Syntax:
+
+ Defined by OID 1.3.6.1.4.1.1466.115.121.1.7. [5]
+
+ Default Value:
+
+ If the followReferrals attribute is not set or set to an
+ invalid value the default value is TRUE.
+
+5.1.11 Interpreting the dereferenceAliases attribute
+
+ Interpretation:
+
+ If set to TRUE, the DUA SHOULD enable alias dereferencing.
+
+ If set to FALSE, the DUA MUST NOT enable alias dereferencing.
+
+ Syntax:
+
+ Defined by OID 1.3.6.1.4.1.1466.115.121.1.7.
+
+ Default Value:
+
+ If the dereferenceAliases attribute is not set or set to an
+ invalid value the default value is TRUE.
+
+5.1.12 Interpreting the profileTTL attribute
+
+
+
+
+Neal-Joslin [Page 21]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ Interpretation:
+
+ The profileTTL attribute defines how often the DUA SHOULD re-
+ load and reconfigure itself using the corresponding
+ configuration profile entry. The value is represented in
+ seconds. Once a DUA reloads the profile entry, it SHOULD re-
+ configure itself with the new values.
+
+ Syntax:
+
+ Defined by OID 1.3.6.1.4.1.1466.115.121.1.27.
+
+ Default Value:
+
+ If not specified the DUA MAY use its own reconfiguration
+ policy.
+
+ Other attribute notes:
+
+ If the profileTTL value is zero, the DUA SHOULD NOT
+ automatically re-load the configuration profile.
+
+5.1.13 Interpreting the objectclassMap attribute
+
+ Interpretation:
+
+ A DUA MAY perform objectclass mapping for all LDAP operations
+ performed for a service that has an objectclassMap entry.
+ Because objectclass mapping is specific for each service
+ within the DUA, a "serviceID" is required as part of the
+ objectclassMap syntax. I.E. Not all DUA services should
+ necessarily perform the same objectclass mapping.
+
+ Objectclass mapping SHOULD be used in conjunction with
+ attribute mapping to map the required schema by the service to
+ an equivalent schema that is available in the directory.
+
+ Objectclass mapping may or may not be required by a DUA.
+ Often, the objectclass attribute is used in search filters.
+ If a service search descriptor is provided, it is expected
+ that the search filter contains a "correct" search filter
+ (though this is not a requirement,) which does not need to be
+ re-mapped. However, when the service search descriptor is not
+ provided, and the default search filter for that service
+ contains the objectclass attribute, that search filter SHOULD
+ be re-defined by objectclass mapping. If a default search
+ filter is not used, it SHOULD be re-defined through the
+ serviceSearchDescriptor. If a serviceSearchDescriptor is
+
+
+
+Neal-Joslin [Page 22]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ defined for a particular service, it SHOULD NOT be re-mapped
+ by either the objectclassMap or attributeMap values.
+
+ One condition where the objectclassMap SHOULD be used is when
+ the DUA is providing gateway functionality. In this case, the
+ DUA is acting on behalf of another service, which may pass in
+ a search filter itself. In this type of DUA, the DUA may
+ alter the search filter according to the appropriate
+ attributeMap and objectclassMap values. And in this case, it
+ is also assumed that a serviceSearchDescriptor is not defined.
+
+ Syntax:
+
+ objectclassMap = serviceID ":" origObjectclass "="
+ objectclass
+ origObjectclass = objectclass
+ objectclass = keystring
+
+ Values of the origObjectclass depend on the type of DUA
+ Service using the objectclass mapping feature.
+
+ Default Value:
+
+ The DUA MUST NOT remap an objectclass unless it is explicitly
+ defined by an objectclassMap attribute.
+
+ Other attribute notes:
+
+ A DUA SHOULD support objectclass mapping. If it does, the DUA
+ MUST support mapping of objectclasses using the objectclass
+ OID. It SHOULD support objectclass mapping based on the
+ objectclass name.
+
+ It is assumed the serviceID is unique to a given service
+ within the scope of the DSA.
+
+ Example:
+
+ Suppose a DUA is acting on behalf of an email service. By
+ default the "email" service uses the "mail", "cn" and "sn"
+ attributes to discover mail addresses in entries created using
+ inetOrgPerson objectclass[17]. However, the email service has
+ been deployed in an environment that uses entries created
+ using "employee" objectclass. In this case, the attribute
+ "cn" can be mapped to "employeeName", and "inetOrgPerson" can
+ be mapped to "employee", allowing the DUA to perform LDAP
+ operations using the entries that exist in the directory.
+ This mapping is performed by adding attributeMap and
+
+
+
+Neal-Joslin [Page 23]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ objectclassMap attributes to the configuration profile entry
+ as follows (represented in LDIF[16]):
+
+ attributeMap: email:cn=employeeName
+ objectclassMap: email:inetOrgPerson=employee
+
+
+5.1.14 Interpreting the defaultSearchScope attribute
+
+ Interpretation:
+
+ When a DUA needs to search the DSA for information, this
+ attribute provides the "scope" for the search. This parameter
+ can be overridden by the serviceSearchDescriptor attribute.
+ See section 5.1.6.
+
+ Syntax:
+
+ scopeSyntax = "base" | "one" | "sub"
+
+ Default Value:
+
+ The default value for the defaultSearchScope SHOULD be defined
+ by the DUA service. If the default search scope for a service
+ is not defined then the scope SHOULD be for the DUA to perform
+ a subtree search.
+
+
+5.1.15 Interpreting the serviceAuthenticationMethod attribute
+
+ Interpretation:
+
+ The serviceAuthenticationMethod attribute defines an ordered
+ list of LDAP bind methods to be used when attempting to
+ contact a DSA for a particular service. Interpretation and
+ use of this attribute is the same as 5.1.4, but specific for
+ each service.
+
+ Syntax:
+
+ svAuthMethod = service ":" method *(";" method)
+
+ Note: Although multiple authentication methods may be
+ specified in the syntax, at most one of each type is allowed.
+
+ Default Value:
+
+ If the serviceAuthenticationMethod attribute is not provided,
+
+
+
+Neal-Joslin [Page 24]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ the authenticationMethod SHOULD be followed, or its default.
+
+ Other attribute notes:
+
+ Determining how the DUA should bind to the DSAs also depends
+ on the additional configuration attributes, credentialLevel,
+ serviceCredentialLevel and bindTimeLimit. Please review
+ section 5.2 for details on how to properly bind to a DSA.
+
+ Example:
+
+ serviceAuthenticationMethod: email:tls:simple;sasl/DIGEST-MD5
+
+
+5.1.16 Interpreting the serviceCredentialLevel attribute
+
+ Interpretation:
+
+ The serviceCredentialLevel attribute defines what type(s) of
+ credential(s) the DUA SHOULD use when contacting the DSA for a
+ particular service. Interpretation and used of this attribute
+ are the same as 5.1.5.
+
+ Syntax:
+
+ svCredentialLevel = service ":" level *(space level)
+
+ Refer to implementation notes in section 5.2 for additional
+ syntax requirements for the credentialLevel attribute.
+
+ Note: Although multiple credential levels may be specified in
+ the syntax, at most one of each type is allowed.
+
+ Default Value:
+
+ If the serviceCredentialLevel attribute is not defined, the
+ DUA MUST examine the credentialLevel attribute, or follow its
+ default if not provided.
+
+ Other attribute notes:
+
+ Determining how the DUA should bind to the DSAs also depends
+ on the additional configuration attributes,
+ serviceAuthenticationMethod, authenticationMethod and
+ bindTimeLimit. Please review section 5.2 for details on how
+ to properly bind to a DSA.
+
+ Example:
+
+
+
+Neal-Joslin [Page 25]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ serviceCredentialLevel: email:proxy anonymous
+
+
+5.2 Binding to the Directory Server
+
+ The DUA SHOULD use the following algorithm when binding to the
+ server:
+
+ for (clevel in credLevel) [see note 1]
+ if (clevel is "anonymous")
+ for (host in hostnames) [see note 2]
+ if (server is responding)
+ return success
+ return failure
+ else
+ for (amethod in authMethod) [see note 3]
+ if (amethod is none)
+ for (host in hostnames)
+ if (server is responding)
+ return success
+ return failure
+ else
+ for (host in hostnames)
+ authenticate using amethod and clevel
+ if (authentication passed)
+ return success
+ return failure
+
+ Note 1: The credLevel is a list of credential levels as defined
+ in serviceCredentialLevel (section 5.1.16) for a given
+ service. If the serviceCredentialLevel is not defined,
+ the DUA MUST examine the credentialLevel attribute.
+
+ Note 2: hostnames is the list of servers to contact as defined
+ in 5.1.1 & 5.1.2.
+
+ Note 3: The authMethod a list of authentication methods as defined
+ in serviceAuthenticationMethod (section 5.1.15) for a
+ given service. If the serviceAuthenticationMethod is not
+ defined, the DUA MUST examine the authenticationMethod
+ attribute.
+
+
+
+6. Security Considerations
+
+ The profile entries MUST be protected against unauthorized
+ modification. Each service needs to consider implications of
+
+
+
+Neal-Joslin [Page 26]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ providing its service configuration as part of this profile and
+ limit access to the profile entries accordingly.
+
+ The management of the authentication credentials for the DUA is
+ outside the scope of this document and needs to be handled by the
+ DUA.
+
+ Since the DUA needs to know how to properly bind to the directory
+ server, the access control configuration of the DSA MUST assure
+ that the DSA can view all the elements of the DUAConfigProfile
+ attributes. For example, if the credentialLevel attribute contains
+ "Self" but the DSA is unable to access the credentialLevel
+ attribute, the DUA will instead attempt an anonymous connection to
+ the directory server.
+
+ The algorithm described by section 5.2 also has security
+ considerations. Altering that design will alter the security
+ aspects of the configuration profile.
+
+
+7. Acknowledgments
+
+ There were several additional authors of this document. However we
+ chose to represent only one author per company in the heading.
+ From Sun we also would like to acknowledge Roberto Tam for his
+ design work on Sun's first LDAP name service product and his input
+ for this document. From Hewlett-Packard we'd like to acknowledge
+ Dave Binder for his work architecting Hewlett-Packard's LDAP name
+ service product as well as his design guidance on this document.
+ We'd also like to acknowledge Grace Lu from HP, for her input and
+ implementation of HP's configuration profile manager code.
+
+
+8. References
+
+8.1 Normative References
+
+
+[4] S. Bradner, "Key Words for use in RFCs to Indicate Requirement
+ Levels", RFC 2119, March 1997.
+
+
+[5] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight Directory
+ Access Protocol (v3): Attribute Syntax Definitions", RFC 2252,
+ December 1997.
+
+
+[6] M. Wahl, S. Kille, T. Howes, "Lightweight Directory Access Protocol
+
+
+
+Neal-Joslin [Page 27]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ (v3): UTF-8 String Representation of Distinguished Names", RFC
+ 2253, December 1997.
+
+
+[7] T. Howes, M. Smith, "The LDAP URL Format", RFC 2255, December 1997.
+
+
+[8] R. Hinden, B. Carpenter, L. Masinter, "Uniform Resource Identifier
+ (URI): Generic Syntax", RFC 3986, January 2005.
+
+
+[9] M. Wahl, "A Summary of the X.500(96) User Schema for use with
+ LDAPv3", RFC 2256, December 1997.
+
+
+[11] M. Wahl, H. Alvestrand, J. Hodges, R. Morgan, "Authentication
+ Methods for LDAP", RFC 2828, May 2000
+
+
+[13] J. Hodges, R. Morgan, M. Wahl, "Lightweight Directory Access
+ Protocol [v3]: Extension for Transport Layer Security", RFC 2830,
+ May 2000
+
+
+[18] IANA, "SIMPLE AUTHENTICATION AND SECURITY LAYER (SASL) MECHANISMS",
+ http://www.iana.org/assignments/sasl-mechanisms, April 2004
+
+
+8.2 Informative References
+
+
+[1] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access Protocol
+ (v3)", RFC 2251, December 1997.
+
+
+[2] L. Howard, "An Approach for Using LDAP as a Network Information
+ Service", RFC 2307, March 1998.
+
+
+[3] Microsoft Corporation, "Windows Services for Unix 3.5",
+ http://www.microsoft.com/windows/sfu/default.asp
+
+
+[12] J. Meyers, "Simple Authentication and Security Layer [SASL]", RFC
+ 2222, October 1997
+
+
+[14] P. Leach, C. Newman, "Using Digest Authentication as a SASL
+
+
+
+Neal-Joslin [Page 28]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ Mechanism", RFC 2831, May 2000
+
+
+[15] T. Howes, "The String Representation of LDAP Search Filters", RFC
+ 2254, December 1997.
+
+
+[16] G. Good, "The LDAP Data Interchange Format (LDIF) - Technical
+ Specification", RFC 2849, June 2000.
+
+
+[17] M. Smith, "Definition of the inetOrgPerson LDAP Object Class", RFC
+ 2789, April 2000
+
+
+9. Examples
+
+ In this section we will describe a fictional DUA which provides one
+ service, called the "email" service. This service would be similar
+ to an email client that uses an LDAP directory to discover email
+ addresses based on a textual representation of the recipient's
+ colloquial name.
+
+ This email service is defined by default to expect that users with
+ email addresses will be of the "inetOrgPerson" objectclass type
+ [17]. And by default, the "email" service expects the colloquial
+ name to be stored in the "cn" attribute, while it expects the email
+ address to be stored in the "mail" attribute (as one would expect
+ as defined by the inetOrgPerson objectclass.)
+
+ As a special feature, the "email" service will perform a special
+ type of attribute mapping, when performing searches. If the "cn"
+ attribute has been mapped to two or more attributes, the "email"
+ service will parse the requested search string and map each white-
+ space separated token into the mapped attributes, respectively.
+
+ The default search filter for the "email" service is
+ "(objectclass=inetOrgPerson)". The email service also defines that
+ when it performs a name to address discovery, it will wrap the
+ search filter inside a complex search filter as follows:
+
+ (&(<filter>)(cn~=<name string>)
+
+ or if "cn" has been mapped to multiple attributes, that wrapping
+ would appear as follows:
+
+ (&(<filter>)(attr1~=<token1>)(attr2~=<token2>)...)
+
+
+
+
+Neal-Joslin [Page 29]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ The below examples show how the "email" service builds it search
+ requests, based on the defined profile. In all cases, the
+ defaultSearchBase is "o=airius.com" and the defaultSearchScope is
+ undefined.
+
+ In addition, for all examples, we assume that the "email" service
+ has been requested to discover the email address for "Jane
+ Hernandez."
+
+
+ Example 1:
+
+ serviceSearchDescriptor: email:"ou=marketing,"
+
+ base: ou=marketing,o=airius.com
+ scope: sub
+ filter: (&(objectclass=inetOrgPerson)(cn~=Jane Hernandez))
+
+ Example 2:
+
+ serviceSearchDescriptor: email:"ou=marketing,"?one?
+ (&(objectclass=inetOrgPerson)(c=us))
+ attributeMap: email:cn=2.5.4.42 sn
+
+ Note: 2.5.4.42 is the OID that represents the "givenName"
+ attribute.
+
+ In this example, the email service performs <name string> parsing
+ as described above to generate a complex search filter. The above
+ example results in one search.
+
+ base: ou=marketing,o=airius.com
+ scope: one
+ filter: (&(&(objectclass=inetOrgPerson)(c=us))
+ (2.5.4.42~=Jane)(sn~=Hernandez))
+
+ Example 3:
+
+ serviceSearchDescriptor: email:ou=marketing,"?base
+ attributeMap: email:cn=name
+
+ This example is invalid, because either the quote should have been
+ escaped, or there should have been a leading quote.
+
+ Example 4:
+
+ serviceSearchDescriptor: email:ou=\mar\\keting,\"?base
+ attributeMap: email:cn=name
+
+
+
+Neal-Joslin [Page 30]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ base: ou=\mar\keting,"
+ scope: base
+ filter (&(objectclass=inetOrgPerson)(name~=Jane Hernandez))
+
+ Example 5:
+
+ serviceSearchDescriptor: email:ou="marketing",o=supercom
+
+ This example is invalid, since the quote was not a leading quote,
+ and thus should have been escaped.
+
+ Example 6:
+
+ serviceSearchDescriptor: email:??(&(objectclass=person)
+ (ou=Org1 \\(temporary\\)))
+
+ base: o=airius.com
+ scope: sub
+ filter: (&((&(objectclass=person)(ou=Org1 \(Temporary\)))
+ (cn~=Jane Henderson)))
+
+ Example 7:
+
+ serviceSearchDescriptor: email:"ou=funny?org,"
+
+ base: ou=funny?org,o=airius.com
+ scope: sub
+ filter (&(objectclass=inetOrgPerson)(cn~=Jane Hernandez))
+
+
+Author's Addresses
+
+ Luke Howard
+ PADL Software Pty. Ltd.
+ PO Box 59
+ Central Park Vic 3145
+ Australia
+
+ EMail: lukeh at padl.com
+
+
+ Bob Neal-Joslin
+ Hewlett-Packard Company
+ 19420 Homestead RD MS43-LF
+ Cupertino, CA 95014
+ USA
+
+ Phone: +1 408 447-3044
+
+
+
+Neal-Joslin [Page 31]
+�
+Internet-Draft DUA Configuration Schema March 2005
+
+
+ EMail: bob_joslin at hp.com
+
+
+ Morteza Ansari
+ Infoblox
+ 475 Potrero Avenue
+ Sunnyvale, CA 94085
+ USA
+
+ Phone: +1 408-716-4300
+ EMail: morteza at infoblox.com
+
+ Expires September 2005
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Neal-Joslin [Page 32]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-lachman-laser-ldap-mail-routing-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-lachman-laser-ldap-mail-routing-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-lachman-laser-ldap-mail-routing-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,661 @@
+INTERNET-DRAFT H. Lachman
+Intended Category: Informational Netscape Communications Corp.
+Filename: draft-lachman-laser-ldap-mail-routing-02.txt G. Shapiro
+ Sendmail, Inc.
+Expires: July 2001 January 2001
+
+ LDAP Schema for Intranet Mail Routing
+
+Status of this Memo
+
+ This document is an Internet-Draft and is in full conformance with
+ all provisions of Section 10 of RFC2026.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as Internet-
+ Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ This draft is being discussed on the Laser mailing list at
+ <laser at sunroof.eng.sun.com>. Subscription requests can be sent to
+ <laser-request at sunroof.eng.sun.com> (send an email message with the
+ word "subscribe" in the body). More information on the mailing list
+ along with an archive of back messages is available at
+ <http://playground.sun.com/laser/>.
+
+ [[Section X will be removed before the document is submitted to the
+ IESG.]]
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (1999-2001). All Rights Reserved.
+
+Abstract
+
+ This document defines an LDAP [1] object class called
+ 'inetLocalMailRecipient' and associated attributes that provide a way
+ to designate an LDAP entry as one that represents a local (intra-
+ organizational) email recipient, to specify the recipient's email
+ address(es), and to provide routing information pertinent to the
+ recipient. This is intended to support SMTP [2] message transfer
+ agents in routing RFC 822-based email [3] within a private enterprise
+ only, and is not to be used in the process of routing email across
+ the public Internet.
+
+Lachman, et. al. [Page 1]
+
+INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
+
+1. Conventions Used in this Document
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this
+ document are to be interpreted as described in [9].
+
+2. Background and Motivation
+
+ LDAP-based directory services are currently being used in many
+ organizations as a repository of information about users and other
+ network entities (such as groups of users, network resources, etc.).
+ In cases where LDAP entries are used to represent entities that are
+ email recipients (e.g., a mail user or a mailing list), the LDAP
+ entries provide a convenient place to store per-recipient data, such
+ as a recipient's email address.
+
+ In many organizations, an email recipient may have an email address
+ (e.g., "joe at example.com") that does not specify the host that
+ receives mail for that recipient (e.g., "host42.example.com"). A
+ message transfer agent (MTA) responsible for routing mail within the
+ organization needs some way to determine the appropriate target host
+ for such a recipient. A common solution is the sendmail "aliases"
+ database which may contain a record that provides the necessary per-
+ recipient routing information (e.g., "joe: joe at host42"). A drawback
+ of this solution is that if the organization hosts more than one DNS
+ domain (e.g., "example.com" and "example.org", with "joe" in each
+ domain being different recipients), a more explicit mapping is
+ desirable. The schema defined in this document provides a way to
+ represent such mappings in LDAP and X.500 [4] directory services.
+
+ An LDAP entry that represents an email recipient could conceivably
+ contain a variety of attributes related to email, such as disk quota
+ and delivery preferences. We consider here only attributes that
+ specify address information and routing information; these attributes
+ may be useful to multiple MTAs within the organization since one or
+ more MTAs may be responsible for intra-organizational routing. The
+ various MTAs in an organization may have been developed by different
+ implementors, so a common schema is desirable for such attributes.
+
+3. Overview
+
+ Email systems deployed in large organizations must scale to support
+ large numbers of users and email servers. This means using email
+ addresses that are independent of particular mailbox server hosts;
+ thus an "email routing server" that receives mail sent to the
+ host-independent (or high-level or top-level or domain ...) address
+ and routes it to the appropriate mailbox server. For scalability
+ there should be many routing servers providing identical service.
+ A set of such servers and the mailbox servers they route to form an
+ "email domain".
+
+Lachman, et. al. [Page 2]
+
+INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
+
+ This specification describes the basic function of the routing
+ server, including data elements to support per-recipient routing
+ info, and use of LDAP-based directory service to support multiple
+ servers sharing the routing info data. The routing function is
+ distinguished from other MTA-transfer operations.
+
+ The 'inetLocalMailRecipient' object class and associated attributes
+ identify an LDAP entry as representing an SMTP mail recipient (in the
+ sense "recipient" is used in [2]). A recipient may be a mail user, a
+ mailing list, an auto-responder of some kind (e.g., a mailing list
+ subscription program), a network device such as a printer or fax
+ machine, or other recipient type. Address attributes and routing
+ attributes are provided to aid SMTP MTAs in routing mail within an
+ organization to the appropriate target MTA for each recipient.
+
+ Once on the target MTA, a message is handled according to local
+ conventions (which may be specified using other auxiliary object
+ classes and is outside the scope of this document). For example, the
+ message may be delivered to a user mailbox, or to a program or
+ network device, and/or forwarded to another recipient. Or, the
+ target MTA may be a gateway to a non-SMTP mail routing and delivery
+ system including non-SMTP MTAs. Note that, in this discussion,
+ "target MTA" refers to the final SMTP destination of messages for the
+ recipient in question, as we are considering routing of mail only
+ among the SMTP MTAs within an organization.
+
+ Any domain that uses LDAP-based routing MUST support LDAP-based
+ routing at all MTAs responsible for the domain. All other MTAs that
+ do not support LDAP-based routing MUST forward mail for that domain
+ to MTAs that do, using MX records or other local conventions.
+
+ The target MTA checks to see if the destination domain of the
+ recipient address is one that it is responsible for and that uses
+ LDAP-based routing. If so, the MTA checks for matching e-mail
+ addresses in LDAP by looking up the envelope recipient address in
+ LDAP using the object class described in section 4.1 and the
+ attribute discussed in section 4.2. If an unambiguous match is
+ returned, the MTA interprets the routing attributes as described in
+ section 4.3.
+
+ Routing of mail between different organizations across the public
+ Internet is outside the scope of this document, as the mechanism for
+ this is already standardized [5,6]. An 'inetLocalMailRecipient'
+ entry represents a mail recipient that is local to the organization
+ in question, not recipients in other organizations. This means that
+ the domain names that appear within the 'mailLocalAddress' and
+ 'mailHost' attribute values in an 'inetLocalMailRecipient' entry must
+ be DNS domain names that are local to the organization. (e.g.,
+ within the organization's Intranet or by deemed local by other local
+ conventions outside the scope of this standard). An MTA should not
+ look for or use 'inetLocalMailRecipient' entries or attributes if
+ that MTA is not authoritative for the right-hand side of the
+ recipient address in question.
+
+Lachman, et. al. [Page 3]
+
+INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
+
+ LDAP entries that are not 'inetLocalMailRecipient' entries should be
+ ignored by MTAs for the purpose of routing. An example is a
+ conference room whose LDAP entry contains contact information (e.g.,
+ email address and telephone number) for the person who books
+ reservations for the room; the conference room is not a mail
+ recipient, and can safely be ignored by MTAs doing route
+ determination based on recipient address.
+
+4. Object Class and Attribute Definitions
+
+ The 'inetLocalMailRecipient' object class and associated attributes
+ are defined (using syntaxes given in [7]) as follows.
+
+ 4.1 The inetLocalMailRecipient Object Class
+
+ ( 2.16.840.1.113730.3.2.[[TBD]]
+ NAME 'inetLocalMailRecipient'
+ SUP top
+ AUXILIARY
+ MAY ( mailLocalAddress $
+ mailHost $ mailRoutingAddress
+ )
+ )
+
+ The 'inetLocalMailRecipient' object class signifies that the entry
+ represents an entity within the organization that can receive SMTP
+ mail, such as a mail user or a mailing list. In any case of an entry
+ containing the 'inetLocalMailRecipient' object class, attributes
+ defined in this document MUST be interpreted as specified in this
+ document.
+
+ 4.2 Address Attribute
+
+ ( 2.16.840.1.113730.3.1.13
+ NAME 'mailLocalAddress'
+ DESC 'RFC 822 email address of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.26{256}'
+ )
+
+ The 'mailLocalAddress' attribute is used to specify email addresses,
+ for the recipient; for example, "nickname at example.com". The address
+ conforms to the syntax of an 'addr-spec' as defined in [3].
+
+ The 'mailLocalAddress' attribute MUST contain all local addresses
+ that represent each recipient of the target MTA. Commonly, the value
+ of the 'mail' attribute should also be among the addresses listed in
+ the 'mailLocalAddress' attribute if it is expected to be used for
+ LDAP mail routing.
+
+Lachman, et. al. [Page 4]
+
+INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
+
+ When determining the disposition of a given message, MTAs using LDAP
+ (directly or indirectly) to route mail MUST search for an entry with
+ object class 'inetLocalMailRecipient' and a 'mailLocalAddress'
+ attribute matching the message's recipient address. If exactly one
+ matching entry is found, MTAs MUST regard the message as being
+ addressed to the entity that is represented by the directory entry.
+
+ If multiple entries are found, the results of the lookup MUST be
+ treated as unsuccessful and should be handled by the MTA in some
+ locally-appropriate way, such as returning a DSN [10] to the sender.
+
+ If there is no match found by the above, MTAs SHOULD have the
+ capability of searching for the recipient domain against the
+ 'mailLocalAddress' attribute using the "wildcard domain" address
+ "@<full-local-domain>" , e.g., "@example.org". In other words, if
+ mail arrives for "someone at example.org", and there is no recipient
+ with that address specified as 'mailLocalAddress', then the recipient
+ with the wildcard domain address should receive the mail.
+
+ MTAs MAY do other searches but only after the above are done.
+
+ In short, the address attribute 'mailLocalAddress' may be used by an
+ LDAP entry to answer the question "what is/are this account's email
+ address(es)?"
+
+ 4.3 Routing Attributes
+
+ ( 2.16.840.1.113730.3.1.18
+ NAME 'mailHost'
+ DESC 'fully-qualified hostname of the MTA that is the final
+ SMTP destination of messages to this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.26{256}'
+ SINGLE-VALUE
+ )
+
+ The 'mailHost' attribute indicates which SMTP MTA considers the
+ recipient's mail to be locally handleable. This information can be
+ used for routing, in that an intermediary MTA may take it to be the
+ destination for messages addressed to this recipient. Normal mail
+ routing requirements (i.e., use of MX records [5]) apply to the
+ specified hostname unless overridden by local conventions. In other
+ words, the mail should be sent to the specified host without changing
+ the recipient address. The hostname is specified as a
+ fully-qualified DNS hostname with no trailing dot (e.g.,
+ "host42.example.com").
+
+ If the 'inetLocalMailRecipient' object class is present, the
+ 'mailHost' attribute for each entry MAY contain a value. If it does,
+ that value MUST be the fully qualified name of the server containing
+ the host MTA for this person. If 'mailHost' is present then it MUST
+ be taken as the host for this user, and all mail to this user MUST be
+ routed to this machine.
+
+Lachman, et. al. [Page 5]
+
+INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
+
+ ( 2.16.840.1.113730.3.1.47
+ NAME 'mailRoutingAddress'
+ DESC 'RFC 822 address to use when routing messages to
+ the SMTP MTA of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.26{256}'
+ SINGLE-VALUE
+ )
+
+ The 'mailRoutingAddress' attribute indicates a routing address for
+ the recipient. The address MUST conform to the syntax of an
+ 'addr-spec' in [3]. An intermediary MTA MUST use this information to
+ route the message to the MTA that handles mail for this recipient,
+ e.g., the envelope address MUST be rewritten to this value. This is
+ useful in cases where, for a given recipient, the target MTA prefers
+ a particular address to appear as the recipient address in the SMTP
+ envelope. 'mailRoutingAddress' MAY be used as an alternative to
+ 'mailHost', and is intended to have the same effect as 'mailHost'
+ except that 'mailRoutingAddress' is an address for rewriting the
+ envelope. With 'mailHost', the envelope address either is not
+ rewritten, or is rewritten according to implementation-specific rules
+ and/or configuration.
+
+ If both 'mailHost' and 'mailRoutingAddress' are present, MTAs MUST
+ interpret it to mean that messages are to be routed to the host
+ indicated by 'mailHost', while rewriting the envelope as per
+ 'mailRoutingAddress'. In theory, there could be peculiar cases where
+ this is necessary, but this is not normally expected.
+
+ Absence of both 'mailHost' and 'mailRoutingAddress' MAY be considered
+ an error, unless "location-independent" recipient types are supported
+ by the various MTAs within the organization. This would allow any
+ MTA in the organization to handle the processing of mail for, say, a
+ mailing list. This presumes that the various MTAs all recognize the
+ recipient type in question, suggesting a need to standardize
+ recipient types that could be "location-independent".
+
+ In short, routing attributes may be used by an LDAP entry to answer
+ the question "how should MTAs route mail to this account?"
+ (analogous to using the sendmail "aliases" database for per-user
+ routing within an organization). This is in contrast with
+ "forwarding"; forwarding and delivery options may be specified in an
+ LDAP entry to answer the question "what happens to mail once it
+ arrives at this account?", which may include forwarding to some other
+ account within or outside the organization (analogous to using the
+ sendmail ".forward" file). Such options are outside the scope of the
+ 'inetLocalMailRecipient' schema definition.
+
+Lachman, et. al. [Page 6]
+
+INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
+
+ The following possibilities exist as a result of an LDAP lookup on an
+ address:
+
+ mailHost is mailRoutingAddress is Results in
+ ----------- --------------------- ----------
+ set to a set mail routed to
+ "local" host mailRoutingAddress
+
+ set to a not set delivered to
+ "local" host original address
+
+ set to a set relay to mailHost
+ remote host using mailRoutingAddress
+
+ set to a not set original address
+ remote host relayed to mailHost
+
+ not set set mail routed to
+ mailRoutingAddress
+
+ not set not set error or
+ "location-independent"
+
+ The term "local" host above means the host specified is one that the
+ local (target) MTA considers to be a local delivery. The local MTA
+ MAY rewrite the original address when mailRoutingAddress is not set
+ if local conventions warrant the change.
+
+5. Examples
+
+ The following examples illustrate possible uses of the
+ 'inetLocalMailRecipient' object class. Note that the examples
+ include attributes defined outside of this document to demonstrate a
+ complete record. The existence of these attributes in the example is
+ not an indication that these attributes are used for LDAP-based mail
+ routing (e.g., the 'mail' is not used for mail routing).
+
+ Here is an example of an LDAP entry representing a mail user:
+
+ dn: uid=joe,o=Example Corp,c=US
+ objectClass: top
+ objectClass: person
+ objectClass: organizationalPerson
+ objectClass: inetOrgPerson
+ objectClass: inetLocalMailRecipient
+ objectClass: nsMessagingServerUser
+ cn: Joe User
+ sn: User
+ uid: joe
+ userPassword: {crypt}y2KxtbzMYnApU
+ mail: joe at example.com
+
+Lachman, et. al. [Page 7]
+
+INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
+
+ mailLocalAddress: joe at example.com
+ mailLocalAddress: joe at another.example.com
+ mailHost: nsmail1.example.com
+ mailDeliveryOption: mailbox
+ mailQuota: 1000000
+ mailForwardingAddress: mary at example.com
+
+ Joe User is a user of a hypothetical mail system called NS Messaging.
+ Let's say mail arrives on an MTA called "mx.example.com", addressed
+ to "joe at example.com". That MTA searches the directory for a mail
+ recipient with that address, using an LDAP search filter [8] such as:
+
+ (&(objectClass=inetLocalMailRecipient)
+ (mailLocalAddress=joe at example.com))
+
+ It finds Joe's LDAP entry, and routes the message to the target MTA
+ "nsmail1.example.com", while not rewriting the SMTP envelope
+ recipient address. Then, "nsmail1.example.com" receives the message,
+ searches for and finds the recipient in the directory, ascertains
+ that it is the recipient's target MTA, and handles the message as per
+ other attributes in the recipient's entry and/or the MTA
+ configuration (in this case, the message is delivered to a mailbox,
+ and forwarded to another recipient).
+
+ Note that this document does not specify the rules an MTA is to use
+ to ascertain whether or not it is the target MTA for a given
+ recipient (it could check the recipient's 'mailHost' value against
+ its own hostname, or check the recipient's 'mailRoutingAddress', or
+ check the MTA configuration, or some combination of these).
+
+ Here is another example of an LDAP entry representing a mail user:
+
+ dn: uid=john,o=Example Corp,c=US
+ objectClass: top
+ objectClass: person
+ objectClass: organizationalPerson
+ objectClass: inetOrgPerson
+ objectClass: inetLocalMailRecipient
+ objectClass: xyzMailUser
+ cn: John Doe
+ sn: Doe
+ uid: john
+ userPassword: {crypt}y2KxtbzMYnApU
+ mail: john at example.com
+ mailLocalAddress: john at example.com
+ mailRoutingAddress: John_Doe at xyz-gw.example.com
+ xyzPostOfficeName: PO_1
+ xyzClusterNumber: 3
+ xyzMessageStoreId: 9
+
+Lachman, et. al. [Page 8]
+
+INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
+
+ John Doe is a user of a hypothetical mail system called XYZ Mail.
+ Let's say mail arrives on an MTA called "mx.example.com", addressed
+ to "john at example.com". That MTA searches the directory for a mail
+ recipient with that address, and routes the message to "xyz-
+ gw.example.com", rewriting the SMTP envelope recipient address to
+ "John_Doe at xyz-gw.example.com", as per the 'mailRoutingAddress'. On
+ "xyz-gw.example.com", the message is gatewayed into the XYZ Mail
+ system and then dealt with as per other attributes.
+
+ Here is an example of an LDAP entry representing a mailing list:
+
+ dn: cn=Scuba Group,o=Example Corp,c=US
+ objectClass: top
+ objectClass: groupOfUniqueNames
+ objectClass: inetLocalMailRecipient
+ objectClass: mailGroup
+ cn: Scuba Group
+ mail: scuba at example.com
+ mailLocalAddress: scuba at example.com
+ mailHost: host42.example.com
+ mgrpRFC822MailMember: joe at example.com
+ mgrpRFC822MailMember: john at example.com
+
+ The Scuba Group is a mail group (mailing list) that includes two
+ members. A message addressed to "scuba at example.com" is routed to
+ "host42.example.com" where it is then resent to the mailing list
+ members.
+
+ Here is an example of an LDAP entry representing a forwarding alias:
+
+ dn: cn=Jane Roe Forwarding Alias,o=Example,c=US
+ objectClass: top
+ objectClass: inetLocalMailRecipient
+ objectClass: mailForwardingAlias
+ mail: janeroe at example.org
+ mailLocalAddress: janeroe at example.org
+ mailHost: mail.example.org
+ mailForwardingAddress: janeroe at elsewhere.example.com
+ cn: Jane Roe Forwarding Alias
+
+ This entry uses a hypothetical object class 'mailForwardingAlias'
+ that is not specified here, but is used as an example of how an LDAP
+ entry might represent such a recipient type. A message addressed to
+ "janeroe at example.org" is routed to "mail.example.org" where it is
+ then forwarded. In this case, Jane Roe may be a former member of the
+ Example Organization, and they are forwarding her mail to her new
+ address elsewhere.
+
+Lachman, et. al. [Page 9]
+
+INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
+
+6. Security Considerations
+
+ As in all cases where account information is stored in an LDAP-based
+ directory service, network administrators must be careful to ensure
+ that their directory service controls users' access to the entries
+ and attributes stored therein, according to site policy. In
+ particular, mail routing information should not be accessible from
+ outside the organization, since it is intended for use only by MTAs
+ within the organization.
+
+7. Acknowledgments
+
+ The 'inetLocalMailRecipient' object class is based on an earlier
+ design done by the Netscape Messaging and Directory Server teams,
+ which was implemented and deployed to customers as part of Netscape
+ Messaging Server. Various team members contributed to the design,
+ including Bill Fitler, Bruce Steinback, Prabhat Keni, Mike Macgirvin,
+ John Myers, John Kristian, Tim Howes, Mark Smith, and Leif Hedstrom.
+ Thanks also to Jeff Hodges of Stanford for contributing to the early
+ design discussions, and to the other participants in the IETF LASER
+ BOF, including, from Sun Microsystems, John Beck, Anil Srivastava,
+ and Darryl Huff.
+
+8. References
+
+ [1] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access
+ Protocol (v3)", RFC 2251, December 1997.
+
+ [2] J. Postel, "Simple Mail Transfer Protocol", STD 10, RFC 821,
+ August 1982.
+
+ [3] D. Crocker, "Standard for the Format of ARPA Internet Text
+ Messages", STD 11, RFC 822, August 1982.
+
+ [4] "Information Processing Systems - Open Systems Interconnection -
+ The Directory: Overview of Concepts, Models and Service", ISO/IEC JTC
+ 1/SC21, International Standard 9594-1, 1988.
+
+ [5] C. Partridge, "Mail routing and the domain system", STD 14, RFC
+ 974, January 1986.
+
+ [6] R. Braden, "Requirements for Internet hosts - application and
+ support", STD 3, RFC 1123, October 1989.
+
+ [7] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight X.500
+ Directory Access Protocol (v3): Attribute Syntax Definitions", RFC
+ 2252, December 1997.
+
+ [8] T. Howes, "The String Representation of LDAP Search Filters",
+ RFC 2254, December 1997.
+
+Lachman, et. al. [Page 10]
+
+INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
+
+ [9] S. Bradner, "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March 1997.
+
+ [10] K. Moore, "SMTP Service Extension for Delivery Status
+ Notifications", RCP 1891, January 1996.
+
+9. Authors' Addresses
+
+ Hans Lachman
+ Netscape Communications Corp.
+ 501 East Middlefield Road
+ Mountain View, CA 94043
+ Phone: (650) 254-1900
+ EMail: lachman at netscape.com
+
+ Gregory Neil Shapiro
+ Sendmail, Inc.
+ 6603 Shellmound Street
+ Emeryville, CA 94608-1042
+ Phone: +1 510-594-5522
+ Fax: +1 510-594-5411
+ EMail: gshapiro at sendmail.org
+
+X. Change Summary
+
+X.1.1 Substantive changes between
+ draft-lachman-laser-ldap-mail-routing-00.txt and
+ draft-lachman-laser-ldap-mail-routing-01.txt
+
+ (i) Added Gregory Neil Shapiro as another author.
+ (ii) Changed Draft heaer.
+ (iii) Added "Conventions Used in this Document" section.
+ (iv) Replaced RFC mentions with reference numbers.
+ (v) Add new MUST/SHOULD/MAY sections to bring more in line with
+ RFC documents.
+ (vi) Clarify job of MTA in Overview by adding third paragraph.
+ (vii) mailRoutingAddress can be outside of administrative control.
+ (viii) Eliminated use of 'mail' attribute for mail routing.
+ (ix) Changed name of 'mailAlternateAddress' to 'mailLocalAddress'.
+ (x) Remove "routable" from 'mailLocalAddress' description.
+ (xi) Clarify which addresses MUST be in 'mailLocalAddress'.
+ (xii) Allow for multiple responses if they all have the same
+ routing attribute values.
+ (xiii) Clarify use of MX records on routing attributes.
+ (xiv) Add a table to clarify use of 'mailHost' and
+ 'mailRoutingAddress'.
+ (xv) Remove document weakening statements from section 5.
+ (xvi) Only use reserved domains (example.com, example.org) in
+ examples.
+ (xvii) Clean up references
+ (xviii) Added section X to list the changes between draft versions.
+
+Lachman, et. al. [Page 11]
+
+INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
+
+X.1.2 Substantive changes between
+ draft-lachman-laser-ldap-mail-routing-01.txt and
+ draft-lachman-laser-ldap-mail-routing-02.txt
+
+ (i) Changed Intended Category from Standard Track to Informational.
+ (ii) Removed references to mailGroup document which has expired.
+ (iii) Add additional Overview text from RL 'Bob' Morgan.
+ (iv) If a domain uses LDAP-based routing, require all MTAs in that
+ domain to either use LDAP for routing or forward mail to an
+ MTA which uses LDAP for routing.
+ (v) Add more text regarding "local" domain.
+ (vi) Tighten rules for better interoperability. Multiple,
+ matching results is now treated as an unsuccessful lookup.
+ (vii) Tighten rules for better interoperability. Change the action
+ for a lookup which returns both a 'mailHost' and
+ 'mailRoutingAddress' to a MUST (from a MAY).
+ (viii) Point out that examples contain attributes which are not part of
+ this spec and should not be used for mail routing
+ (specifically, 'mail').
+ (ix) Clean up text.
+ (x) NOTE: Still need vendor-neutral OIDs for the objectClass and
+ attributes.
+
+10. Full Copyright Statement
+
+ Copyright (C) The Internet Society (1999-2001). All Rights Reserved.
+
+ This document and translations of it may be copied and furnished
+ to others, and derivative works that comment on or otherwise
+ explain it or assist in its implementation may be prepared, copied,
+ published and distributed, in whole or in part, without
+ restriction of any kind, provided that the above copyright notice
+ and this paragraph are included on all such copies and derivative
+ works. However, this document itself may not be modified in any
+ way, such as by removing the copyright notice or references to the
+ Internet Society or other Internet organizations, except as needed
+ for the purpose of developing Internet standards in which case the
+ procedures for copyrights defined in the Internet Standards
+ process must be followed, or as required to translate it into
+ languages other than English.
+
+ The limited permissions granted above are perpetual and will not
+ be revoked by the Internet Society or its successors or assigns.
+
+ This document and the information contained herein is provided on
+ an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+ THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Lachman, et. al. [Page 12]
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-acm-admin-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-acm-admin-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-acm-admin-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,502 @@
+INTERNET-DRAFT S. Legg
+draft-legg-ldap-acm-admin-03.txt Adacel Technologies
+Intended Category: Standards Track June 16, 2004
+
+
+ Lightweight Directory Access Protocol (LDAP):
+ Access Control Administration
+
+ Copyright (C) The Internet Society (2004). All Rights Reserved.
+
+ Status of this Memo
+
+
+ This document is an Internet-Draft and is in full conformance with
+ all provisions of Section 10 of RFC2026.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as
+ Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress".
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ Distribution of this document is unlimited. Comments should be sent
+ to the author.
+
+ This Internet-Draft expires on 16 December 2004.
+
+
+Abstract
+
+ This document adapts the X.500 directory administrative model, as it
+ pertains to access control administration, for use by the Lightweight
+ Directory Access Protocol. The administrative model partitions the
+ Directory Information Tree for various aspects of directory data
+ administration, e.g., subschema, access control and collective
+ attributes. This document provides the particular definitions that
+ support access control administration, but does not define a
+ particular access control scheme.
+
+
+
+Legg Expires 16 December 2004 [Page 1]
+�
+INTERNET-DRAFT Access Control Administration June 16, 2004
+
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
+ 2. Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . 2
+ 3. Access Control Administrative Areas. . . . . . . . . . . . . . 3
+ 4. Access Control Scheme Indication . . . . . . . . . . . . . . . 3
+ 5. Access Control Information . . . . . . . . . . . . . . . . . . 4
+ 6. Access Control Subentries. . . . . . . . . . . . . . . . . . . 4
+ 7. Applicable Access Control Information. . . . . . . . . . . . . 5
+ 8. Security Considerations. . . . . . . . . . . . . . . . . . . . 5
+ 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6
+ 10. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 6
+ 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6
+ 11.1. Normative References. . . . . . . . . . . . . . . . . . 6
+ 11.2. Informative References. . . . . . . . . . . . . . . . . 7
+ Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 7
+ Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 7
+
+1. Introduction
+
+ This document adapts the X.500 directory administrative model [X501],
+ as it pertains to access control administration, for use by the
+ Lightweight Directory Access Protocol (LDAP) [RFC3377].
+
+ The administrative model [ADMIN] partitions the Directory Information
+ Tree (DIT) for various aspects of directory data administration,
+ e.g., subschema, access control and collective attributes. The parts
+ of the administrative model that apply to every aspect of directory
+ data administration are described in [ADMIN]. This document
+ describes the administrative framework for access control.
+
+ An access control scheme describes the means by which access to
+ directory information, and potentially to access rights themselves,
+ may be controlled. This document describes the framework for
+ employing access control schemes but does not define a particular
+ access control scheme. Two access control schemes known as Basic
+ Access Control and Simplified Access Control are defined by [BAC].
+ Other access control schemes may be defined by other documents.
+
+ This document is derived from, and duplicates substantial portions
+ of, Sections 4 and 8 of X.501 [X501].
+
+2. Conventions
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14, RFC 2119
+ [RFC2119].
+
+
+
+Legg Expires 16 December 2004 [Page 2]
+�
+INTERNET-DRAFT Access Control Administration June 16, 2004
+
+
+ Schema definitions are provided using LDAP description formats
+ [RFC2252]. Note that the LDAP descriptions have been rendered with
+ additional white-space and line breaks for the sake of readability.
+
+3. Access Control Administrative Areas
+
+ The specific administrative area [ADMIN] for access control is termed
+ an Access Control Specific Area (ACSA). The root of the ACSA is
+ termed an Access Control Specific Point (ACSP) and is represented in
+ the DIT by an administrative entry [ADMIN] which includes
+ accessControlSpecificArea as a value of its administrativeRole
+ operational attribute [SUBENTRY].
+
+ An ACSA MAY be partitioned into subtrees termed inner administrative
+ areas [ADMIN]. Each such inner area is termed an Access Control
+ Inner Area (ACIA). The root of the ACIA is termed an Access Control
+ Inner Point (ACIP) and is represented in the DIT by an administrative
+ entry which includes accessControlInnerArea as a value of its
+ administrativeRole operational attribute.
+
+ An administrative entry can never be both an ACSP and an ACIP. The
+ corresponding values can therefore never be present simultaneously in
+ the administrativeRole attribute.
+
+ Each entry necessarily falls within one and only one ACSA. Each such
+ entry may also fall within one or more ACIAs nested inside the ACSA
+ containing the entry.
+
+ An ACSP or ACIP has zero, one or more subentries that contain Access
+ Control Information (ACI).
+
+4. Access Control Scheme Indication
+
+ The access control scheme (e.g., Basic Access Control [BAC]) in force
+ in an ACSA is indicated by the accessControlScheme operational
+ attribute contained in the administrative entry for the relevant
+ ACSP.
+
+ The LDAP description [RFC2252] for the accessControlScheme
+ operational attribute is:
+
+ ( 2.5.24.1 NAME 'accessControlScheme'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+ SINGLE-VALUE USAGE directoryOperation )
+
+ An access control scheme conforming to the access control framework
+ described in this document MUST define a distinct OBJECT IDENTIFIER
+
+
+
+Legg Expires 16 December 2004 [Page 3]
+�
+INTERNET-DRAFT Access Control Administration June 16, 2004
+
+
+ value to identify it through the accessControlScheme attribute.
+ Object Identifier Descriptors for access control scheme identifiers
+ may be registered with IANA [BCP64].
+
+ Only administrative entries for ACSPs are permitted to contain an
+ accessControlScheme attribute. If the accessControlScheme attribute
+ is absent from a given ACSP, the access control scheme in force in
+ the corresponding ACSA, and its effect on operations, results and
+ errors, is implementation defined.
+
+ Any entry or subentry in an ACSA is permitted to contain ACI if and
+ only if such ACI is permitted by, and consistent with, the access
+ control scheme identified by the value of the accessControlScheme
+ attribute of the ACSP.
+
+5. Access Control Information
+
+ There are three categories of Access Control Information (ACI):
+ entry, subentry and prescriptive.
+
+ Entry ACI applies to only the entry or subentry in which it appears,
+ and the contents thereof. Subject to the access control scheme, any
+ entry or subentry MAY hold entry ACI.
+
+ Subentry ACI applies to only the subentries of the administrative
+ entry in which it appears. Subject to the access control scheme, any
+ administrative entry, for any aspect of administration, MAY hold
+ subentry ACI.
+
+ Prescriptive ACI applies to all the entries within a subtree or
+ subtree refinement of an administrative area (either an ACSA or an
+ ACIA), as defined by the subtreeSpecification attribute of the
+ subentry in which it appears. Prescriptive ACI is only permitted in
+ subentries of an ACSP or ACIP. Prescriptive ACI in the subentries of
+ a particular administrative point never applies to the same or any
+ other subentry of that administrative point, but does apply to the
+ subentries of subordinate administrative points, where those
+ subentries are within the subtree or subtree refinement.
+
+6. Access Control Subentries
+
+ Each subentry which contains prescriptive ACI MUST have
+ accessControlSubentry as a value of its objectClass attribute. Such
+ a subentry is called an access control subentry.
+
+ The LDAP description [RFC2252] for the accessControlSubentry
+ auxiliary object class is:
+
+
+
+
+Legg Expires 16 December 2004 [Page 4]
+�
+INTERNET-DRAFT Access Control Administration June 16, 2004
+
+
+ ( 2.5.17.1 NAME 'accessControlSubentry' AUXILIARY )
+
+ A subentry of this object class MUST contain at least one
+ prescriptive ACI attribute of a type consistent with the value of the
+ accessControlScheme attribute of the corresponding ACSP.
+
+ The subtree or subtree refinement for an access control subentry is
+ termed a Directory Access Control Domain (DACD). A DACD can contain
+ zero entries, and can encompass entries that have not yet been added
+ to the DIT, but does not extend beyond the scope of the ACSA or ACIA
+ with which it is associated.
+
+ Since a subtreeSpecification may define a subtree refinement, DACDs
+ within a given ACSA may arbitrarily overlap.
+
+7. Applicable Access Control Information
+
+ Although particular items of ACI may specify attributes or values as
+ the protected items, ACI is logically associated with entries.
+
+ The ACI that is considered in access control decisions regarding an
+ entry includes:
+
+ (1) Entry ACI from that particular entry.
+
+ (2) Prescriptive ACI from access control subentries whose DACDs
+ contain the entry. Each of these access control subentries is
+ necessarily either a subordinate of the ACSP for the ACSA
+ containing the entry, or a subordinate of the ACIP for an ACIA
+ that contains the entry.
+
+ The ACI that is considered in access control decisions regarding a
+ subentry includes:
+
+ (1) Entry ACI from that particular subentry.
+
+ (2) Prescriptive ACI from access control subentries whose DACDs
+ contain the subentry, excluding those belonging to the same
+ administrative point as the subentry for which the decision is
+ being made.
+
+ (3) Subentry ACI from the administrative point associated with the
+ subentry.
+
+8. Security Considerations
+
+ This document defines a framework for employing an access control
+ scheme, i.e., the means by which access to directory information and
+
+
+
+Legg Expires 16 December 2004 [Page 5]
+�
+INTERNET-DRAFT Access Control Administration June 16, 2004
+
+
+ potentially to access rights themselves may be controlled, but does
+ not itself define any particular access control scheme. The degree
+ of protection provided, and any security risks, are determined by the
+ provisions of the access control schemes (defined elsewhere) making
+ use of this framework.
+
+ Security considerations that apply to directory administration in
+ general [ADMIN] also apply to access control administration.
+
+9. Acknowledgements
+
+ This document is derived from, and duplicates substantial portions
+ of, Sections 4 and 8 of X.501 [X501].
+
+10. IANA Considerations
+
+ The Internet Assigned Numbers Authority (IANA) is requested to update
+ the LDAP descriptors registry [BCP64] as indicated by the following
+ templates:
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): accessControlScheme
+ Object Identifier: 2.5.24.1
+ Person & email address to contact for further information:
+ Steven Legg <steven.legg at adacel.com.au>
+ Usage: attribute type
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): accessControlSubentry
+ Object Identifier: 2.5.17.1
+ Person & email address to contact for further information:
+ Steven Legg <steven.legg at adacel.com.au>
+ Usage: object class
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+11. References
+
+11.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC2252] Wahl, M., Coulbeck, A., Howes, T. and S. Kille,
+ "Lightweight Directory Access Protocol (v3): Attribute
+ Syntax Definitions", RFC 2252, December 1997.
+
+
+
+Legg Expires 16 December 2004 [Page 6]
+�
+INTERNET-DRAFT Access Control Administration June 16, 2004
+
+
+ [RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access
+ Protocol (v3): Technical Specification", RFC 3377,
+ September 2002.
+
+ [BCP64] Zeilenga, K., "Internet Assigned Numbers Authority (IANA
+ Considerations for the Lightweight Directory Access
+ Protocol (LDAP)", BCP 64, RFC 3383, September 2002.
+
+ [SUBENTRY] Zeilenga, K. and S. Legg, "Subentries in the Lightweight
+ Directory Access Protocol (LDAP)", RFC 3672, December
+ 2003.
+
+ [ADMIN] Legg, S., "Lightweight Directory Access Protocol (LDAP):
+ Directory Administrative Model",
+ draft-legg-ldap-admin-xx.txt, a work in progress, June
+ 2004.
+
+11.2. Informative References
+
+ [COLLECT] Zeilenga, K., "Collective Attributes in the Lightweight
+ Directory Access Protocol (LDAP)", RFC 3671, December
+ 2003.
+
+ [BAC] Legg, S., "Lightweight Directory Access Protocol (LDAP):
+ Basic and Simplified Access Control",
+ draft-legg-ldap-acm-bac-xx.txt, a work in progress, June
+ 2004.
+
+ [X501] ITU-T Recommendation X.501 (02/01) | ISO/IEC 9594-2:2001,
+ Information technology - Open Systems Interconnection -
+ The Directory: Models
+
+Author's Address
+
+ Steven Legg
+ Adacel Technologies Ltd.
+ 250 Bay Street
+ Brighton, Victoria 3186
+ AUSTRALIA
+
+ Phone: +61 3 8530 7710
+ Fax: +61 3 8530 7888
+ EMail: steven.legg at adacel.com.au
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2004). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+
+
+
+Legg Expires 16 December 2004 [Page 7]
+�
+INTERNET-DRAFT Access Control Administration June 16, 2004
+
+
+ except as set forth therein, the authors retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+Changes in Draft 01
+
+ Section 4 has been extracted to become a separate Internet draft,
+ draft-legg-ldap-admin-00.txt. The subsections of Section 5 have
+ become the new Sections 3 to 7. Editorial changes have been made to
+ accommodate this split. No technical changes have been introduced.
+
+Changes in Draft 02
+
+ RFC 3377 replaces RFC 2251 as the reference for LDAP.
+
+ An IANA Considerations section has been added.
+
+Changes in Draft 03
+
+
+
+Legg Expires 16 December 2004 [Page 8]
+�
+INTERNET-DRAFT Access Control Administration June 16, 2004
+
+
+ The document has been reformatted in line with current practice.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Legg Expires 16 December 2004 [Page 9]
+�
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-acm-bac-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-acm-bac-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-acm-bac-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2351 @@
+
+INTERNET-DRAFT S. Legg
+draft-legg-ldap-acm-bac-03.txt Adacel Technologies
+Intended Category: Standards Track June 16, 2004
+Updates: RFC 2252
+
+
+ Lightweight Directory Access Protocol (LDAP):
+ Basic and Simplified Access Control
+
+ Copyright (C) The Internet Society (2004). All Rights Reserved.
+
+ Status of this Memo
+
+
+ This document is an Internet-Draft and is in full conformance with
+ all provisions of Section 10 of RFC2026.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as
+ Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress".
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ Distribution of this document is unlimited. Comments should be sent
+ to the author.
+
+ This Internet-Draft expires on 16 December 2004.
+
+
+Abstract
+
+ An access control scheme describes the means by which access to
+ directory information and potentially to access rights themselves may
+ be controlled. This document adapts the X.500 directory Basic Access
+ Control and Simplied Access Control schemes for use by the
+ Lightweight Directory Access Protocol.
+
+
+
+
+
+Legg Expires 16 December 2004 [Page 1]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 2. Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 3. Basic Access Control . . . . . . . . . . . . . . . . . . . . . 4
+ 3.1. Permissions. . . . . . . . . . . . . . . . . . . . . . . 5
+ 3.1.1. Read . . . . . . . . . . . . . . . . . . . . . . 5
+ 3.1.2. Compare. . . . . . . . . . . . . . . . . . . . . 6
+ 3.1.3. Browse . . . . . . . . . . . . . . . . . . . . . 6
+ 3.1.4. ReturnDN . . . . . . . . . . . . . . . . . . . . 6
+ 3.1.5. FilterMatch. . . . . . . . . . . . . . . . . . . 6
+ 3.1.6. Modify . . . . . . . . . . . . . . . . . . . . . 6
+ 3.1.7. Add. . . . . . . . . . . . . . . . . . . . . . . 6
+ 3.1.8. Remove . . . . . . . . . . . . . . . . . . . . . 7
+ 3.1.9. DiscloseOnError. . . . . . . . . . . . . . . . . 7
+ 3.1.10. Rename . . . . . . . . . . . . . . . . . . . . . 7
+ 3.1.11. Export . . . . . . . . . . . . . . . . . . . . . 7
+ 3.1.12. Import . . . . . . . . . . . . . . . . . . . . . 8
+ 3.1.13. Invoke . . . . . . . . . . . . . . . . . . . . . 8
+ 3.2. Representation of Access Control Information . . . . . . 8
+ 3.2.1. Identification Tag . . . . . . . . . . . . . . . 11
+ 3.2.2. Precedence . . . . . . . . . . . . . . . . . . . 11
+ 3.2.3. Authentication Level . . . . . . . . . . . . . . 11
+ 3.2.4. itemFirst and userFirst Components . . . . . . . 12
+ 3.2.5. Determining Group Membership . . . . . . . . . . 16
+ 3.3. ACI Operational Attributes . . . . . . . . . . . . . . . 17
+ 3.3.1. Prescriptive ACI . . . . . . . . . . . . . . . . 17
+ 3.3.2. Entry ACI. . . . . . . . . . . . . . . . . . . . 17
+ 3.3.3. Subentry ACI . . . . . . . . . . . . . . . . . . 18
+ 3.3.4. Protecting the ACI . . . . . . . . . . . . . . . 18
+ 3.4. Access Control Decision Points for LDAP Operations . . . 18
+ 3.4.1. Common Elements of Procedure . . . . . . . . . . 19
+ 3.4.1.1. Alias Dereferencing. . . . . . . . . . 19
+ 3.4.1.2. Return of Names in Errors. . . . . . . 19
+ 3.4.1.3. Non-disclosure of Entry Existence. . . 20
+ 3.4.2. Compare Operation Decision Points. . . . . . . . 20
+ 3.4.3. Search Operation Decision Points . . . . . . . . 20
+ 3.4.4. Add Operation Decision Points. . . . . . . . . . 23
+ 3.4.5. Delete Operation Decision Points . . . . . . . . 24
+ 3.4.6. Modify Operation Decision Points . . . . . . . . 24
+ 3.4.7. Modify DN Operation Decision Points. . . . . . . 25
+ 3.5. Access Control Decision Function . . . . . . . . . . . . 26
+ 3.5.1. Inputs . . . . . . . . . . . . . . . . . . . . . 26
+ 3.5.2. Tuples . . . . . . . . . . . . . . . . . . . . . 26
+ 3.5.3. Discarding Irrelevant Tuples . . . . . . . . . . 27
+ 3.5.4. Highest Precedence and Specificity . . . . . . . 28
+ 4. Simplified Access Control. . . . . . . . . . . . . . . . . . . 28
+ 5. Security Considerations. . . . . . . . . . . . . . . . . . . . 29
+
+
+
+Legg Expires 16 December 2004 [Page 2]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 29
+ 7. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 29
+ Appendix A. LDAP Specific Encoding for the ACI Item Syntax . . . . 30
+ Normative References . . . . . . . . . . . . . . . . . . . . . . . 39
+ Informative References . . . . . . . . . . . . . . . . . . . . . . 40
+ Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 40
+ Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 40
+
+1. Introduction
+
+ An access control scheme describes the means by which access to
+ directory information and potentially to access rights themselves may
+ be controlled. Control of access to information means the prevention
+ of unauthorized detection, disclosure, or modification of that
+ information. The definition of an access control scheme in the
+ context of a Lightweight Directory Access Protocol (LDAP) [RFC3371]
+ directory includes methods to specify Access Control Information
+ (ACI), and to enforce access rights defined by that ACI.
+
+ This document adapts the X.500 Basic Access Control and Simplied
+ Access Control schemes [X501] for use in LDAP. Both schemes conform
+ to, and make use of, the access control administrative framework for
+ LDAP [ACA].
+
+ Section 3 describes the Basic Access Control scheme and defines how
+ it applies to LDAP operations [RFC2251].
+
+ Simplified Access Control is a functional subset of the Basic Access
+ Control scheme. This subset is described in Section 4.
+
+ As a matter of security policy, an implementation supporting Basic
+ Access Control or Simplified Access Control is permitted to grant or
+ deny any form of access to particular attributes (e.g., password
+ attributes) irrespective of access controls which may otherwise
+ apply. However, since such security policy has no standardized
+ representation, it cannot be propagated in replicated information.
+
+ This document is derived from, and duplicates substantial portions
+ of, Section 8 of X.501 [X501], and selected extracts from X.511
+ [X511].
+
+2. Conventions
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14, RFC 2119
+ [RFC2119].
+
+
+
+
+Legg Expires 16 December 2004 [Page 3]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ Schema definitions are provided using LDAP description formats
+ [RFC2252]. Note that the LDAP descriptions have been rendered with
+ additional white-space and line breaks for the sake of readability.
+
+3. Basic Access Control
+
+ This section describes the functionality of the Basic Access Control
+ scheme.
+
+ When Basic Access Control is used, the accessControlScheme
+ operational attribute [ACA] SHALL have the value basic-access-control
+ (2.5.28.1).
+
+ This LDAP profile for Basic Access Control defines, for every LDAP
+ operation, one or more points at which access control decisions take
+ place. An access control decision will involve a requestor,
+ protected items, and permissions.
+
+ A requestor is the user requesting the operation. Basic Access
+ Control requires a user's authorization identity to be represented as
+ a distinguished name (with an optional unique identifier). The
+ mapping of the authentication identity to an authorization identity,
+ and the mapping of the authorization identity to a distinguished name
+ and optional unique identifier, are outside the scope of this
+ document.
+
+ A protected item is the element of directory information being
+ accessed. The protected items are entries, attributes, attribute
+ values and distinguished names. Access to each protected item can be
+ separately controlled through ACI.
+
+ A permission is a particular right necessary to complete a portion of
+ the operation.
+
+ The Access Control Information, which is used to make access control
+ decisions, associates protected items and user classes with
+ permissions. ACI is represented in the directory as values of
+ operational attributes with the ACI Item syntax [RFC2252]. Each such
+ value is referred to as an ACI item.
+
+ The scope of access controls can be a single entry or a collection of
+ entries that are logically related by being within the scope of an
+ access control subentry of an administrative point (see [ACA]).
+
+ The Access Control Decision Function (ACDF) (Section 3.5) is used to
+ decide whether a particular requestor has a particular access right
+ by virtue of applicable ACI items.
+
+
+
+
+Legg Expires 16 December 2004 [Page 4]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ Access to DSEs and operational attributes is controlled in the same
+ way as for entries and user attributes.
+
+ For query purposes, collective attributes [COLLECT] that are
+ associated with an entry are protected precisely as if they were
+ attributes actually stored in that entry.
+
+ For the purposes of modification, collective attributes are
+ associated with the subentry that holds them, not with entries within
+ the scope of the subentry. Modify-related access controls are
+ therefore not relevant to collective attributes, except when they
+ apply to the collective attribute and its values within the subentry.
+
+3.1. Permissions
+
+ Access is controlled by granting or denying permissions. Access is
+ allowed only when there is an explicitly provided grant present in
+ the ACI used to make the access control decision. The only default
+ access decision provided in the model is to deny access in the
+ absence of explicit ACI that grants access. All other factors being
+ equal, a denial specified in ACI always overrides a grant.
+
+ Certain combinations of grants or denials are illogical, but it is
+ the responsibility of directory clients, rather than the directory
+ server, to ensure that such combinations are absent.
+
+ The decision whether or not to permit access to an entry or its
+ contents is strictly determined by the position of the entry in the
+ Directory Information Tree (DIT), in terms of its distinguished name,
+ and is independent of how the directory server locates that entry.
+
+ The following sections introduce the permissions by indicating the
+ intent associated with the granting of each. The actual influence of
+ a particular granted permission on access control decisions are,
+ however, determined by the ACDF and the access control decision
+ points for each LDAP operation, described in detail in Section 3.4.
+
+3.1.1. Read
+
+ If granted for an entry, Read permits the entry to be accessed using
+ LDAP Compare and baseObject Search operations, but does not imply
+ access to all the attributes and values.
+
+ If granted for an attribute type, Read permits the attribute type to
+ be returned as entry information in a Search result. Read or Browse
+ permission for the entry is a prerequisite.
+
+ If granted for an attribute value, Read permits the attribute value
+
+
+
+Legg Expires 16 December 2004 [Page 5]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ to be returned as entry information in a Search result. Read or
+ Browse permission for the entry and Read permission for the attribute
+ type are prerequisites.
+
+3.1.2. Compare
+
+ If granted for an attribute type, Compare permits the attribute type
+ to be tested by the assertion in an LDAP Compare operation. Read
+ permission for the entry is a prerequisite.
+
+ If granted for an attribute value, Compare permits the value to be
+ tested by the assertion in an LDAP Compare operation. Read
+ permission for the entry and Compare permission for the attribute
+ type are prerequisites.
+
+3.1.3. Browse
+
+ If granted for an entry, Browse permits the entry to be accessed by
+ the LDAP Search operation, including baseObject searches, but does
+ not imply access to all the attributes and values.
+
+3.1.4. ReturnDN
+
+ If granted for an entry, ReturnDN allows the distinguished name of
+ the entry to be disclosed in a search result.
+
+3.1.5. FilterMatch
+
+ If granted for an attribute type, Filtermatch permits the attribute
+ type to satisfy a Filter item.
+
+ If granted for an attribute value, Filtermatch permits the attribute
+ value to satisfy a Filter item. FilterMatch permission for the
+ attribute type is a prerequisite.
+
+3.1.6. Modify
+
+ If granted for an entry, Modify permits the information contained
+ within an entry to be modified by the LDAP Modify operation, subject
+ to controls on the attribute types and values.
+
+3.1.7. Add
+
+ If granted for an entry, Add permits creation of an entry in the DIT,
+ subject to being able to add all specified attributes and attribute
+ values. Add permission granted for an entry is ineffective if Add
+ permission is not also granted for at least the mandatory attributes
+ and their values. There is no specific "add subordinate permission".
+
+
+
+Legg Expires 16 December 2004 [Page 6]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ Permission to add an entry is controlled using prescriptive ACI.
+
+ If granted for an attribute type, Add permits adding a new attribute,
+ subject to being able to add all specified attribute values. Add or
+ Modify permission for the entry is a prerequisite.
+
+ If granted for an attribute value, Add permits adding that value to
+ an existing attribute. Add or Modify permission for the entry is a
+ prerequisite.
+
+3.1.8. Remove
+
+ If granted for an entry, Remove permits the entry to be removed from
+ the DIT regardless of controls on attributes or attribute values
+ within the entry.
+
+ If granted for an attribute, Remove permits removing an attribute,
+ subject to being able to remove any explicitly specified attribute
+ values. Remove permission for values not explicitly specified is not
+ required.
+
+ If granted for an attribute value, Remove permits the attribute value
+ to be removed from an existing attribute.
+
+3.1.9. DiscloseOnError
+
+ If granted for an entry, DiscloseOnError permits the name of an entry
+ to be disclosed in an error result.
+
+ If granted for an attribute, DiscloseOnError permits the presence of
+ the attribute to be disclosed by an error.
+
+ If granted for an attribute value, DiscloseOnError permits the
+ presence of the attribute value to be disclosed by an error.
+
+3.1.10. Rename
+
+ If granted for an entry, Rename permits an entry to be renamed with a
+ new RDN. No permissions are required for the attributes and values
+ altered by the operation, even if they are added or removed as a
+ result of the changes to the RDN.
+
+3.1.11. Export
+
+ If granted for an entry, Export permits the entry and its
+ subordinates, if any, to be removed from the current location and
+ placed in a new location, subject to the granting of Import
+ permission at the destination.
+
+
+
+Legg Expires 16 December 2004 [Page 7]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ If the last RDN is changed, Rename permission at the current location
+ is also required
+
+3.1.12. Import
+
+ If granted for an entry, Import permits an entry and its
+ subordinates, if any, to be placed at the location to which the
+ permission applies, subject to the granting of Export permission at
+ the source location.
+
+3.1.13. Invoke
+
+ Invoke, if granted for an operational attribute, or value thereof,
+ permits the directory server to carry out some function associated
+ with the operational attribute on behalf of the user. The specific
+ function carried out by invocation depends on the attribute. No
+ other permissions are required by user for the operational attribute,
+ or on the entry/subentry that holds it, in order for it to be
+ "invoked".
+
+3.2. Representation of Access Control Information
+
+ Access Control Information is represented as a set of ACI items,
+ where each ACI item grants or denies permissions in regard to certain
+ specified users and protected items.
+
+ An ACI item is represented as a value of an operational attribute
+ with the ACI Item syntax (1.3.6.1.4.1.1466.115.121.1.1) [RFC2252].
+
+ This document updates [RFC2252] by specifying a human-readable
+ LDAP-specific encoding for ACI items. The LDAP-specific encoding of
+ values of the ACI Item syntax is defined by the Generic String
+ Encoding Rules [GSER]. Appendix A provides an equivalent ABNF for
+ this syntax.
+
+ For convenience in specifying access control policies, the ACI Item
+ syntax provides the means to identify collections of related items,
+ such as attributes in an entry or all attribute values of a given
+ attribute, and to specify a common protection for them.
+
+ The ACI Item syntax corresponds to the ACIItem ASN.1 [ASN1] type
+ defined in X.501 [X501]. It is reproduced here for convenience:
+
+ ACIItem ::= SEQUENCE {
+ identificationTag DirectoryString { ub-tag },
+ precedence Precedence,
+ authenticationLevel AuthenticationLevel,
+ itemOrUserFirst CHOICE {
+
+
+
+Legg Expires 16 December 2004 [Page 8]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ itemFirst [0] SEQUENCE {
+ protectedItems ProtectedItems,
+ itemPermissions SET OF ItemPermission },
+ userFirst [1] SEQUENCE {
+ userClasses UserClasses,
+ userPermissions SET OF UserPermission } } }
+
+ Precedence ::= INTEGER (0..255)
+
+ ProtectedItems ::= SEQUENCE {
+ entry [0] NULL OPTIONAL,
+ allUserAttributeTypes [1] NULL OPTIONAL,
+ attributeType [2] SET SIZE (1..MAX) OF
+ AttributeType OPTIONAL,
+ allAttributeValues [3] SET SIZE (1..MAX) OF
+ AttributeType OPTIONAL,
+ allUserAttributeTypesAndValues [4] NULL OPTIONAL,
+ attributeValue [5] SET SIZE (1..MAX) OF
+ AttributeTypeAndValue OPTIONAL,
+ selfValue [6] SET SIZE (1..MAX) OF
+ AttributeType OPTIONAL,
+ rangeOfValues [7] Filter OPTIONAL,
+ maxValueCount [8] SET SIZE (1..MAX) OF
+ MaxValueCount OPTIONAL,
+ maxImmSub [9] INTEGER OPTIONAL,
+ restrictedBy [10] SET SIZE (1..MAX) OF
+ RestrictedValue OPTIONAL,
+ contexts [11] SET SIZE (1..MAX) OF
+ ContextAssertion OPTIONAL,
+ classes [12] Refinement OPTIONAL }
+
+ MaxValueCount ::= SEQUENCE {
+ type AttributeType,
+ maxCount INTEGER }
+
+ RestrictedValue ::= SEQUENCE {
+ type AttributeType,
+ valuesIn AttributeType }
+
+ UserClasses ::= SEQUENCE {
+ allUsers [0] NULL OPTIONAL,
+ thisEntry [1] NULL OPTIONAL,
+ name [2] SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL,
+ userGroup [3] SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL,
+ -- dn component shall be the name of an
+ -- entry of GroupOfUniqueNames
+ subtree [4] SET SIZE (1..MAX) OF
+ SubtreeSpecification OPTIONAL }
+
+
+
+Legg Expires 16 December 2004 [Page 9]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ NameAndOptionalUID ::= SEQUENCE {
+ dn DistinguishedName,
+ uid UniqueIdentifier OPTIONAL }
+
+ UniqueIdentifier ::= BIT STRING
+
+ ItemPermission ::= SEQUENCE {
+ precedence Precedence OPTIONAL,
+ -- defaults to precedence in ACIItem
+ userClasses UserClasses,
+ grantsAndDenials GrantsAndDenials }
+
+ UserPermission ::= SEQUENCE {
+ precedence Precedence OPTIONAL,
+ -- defaults to precedence in ACIItem
+ protectedItems ProtectedItems,
+ grantsAndDenials GrantsAndDenials }
+
+ AuthenticationLevel ::= CHOICE {
+ basicLevels SEQUENCE {
+ level ENUMERATED { none(0), simple(1), strong(2) },
+ localQualifier INTEGER OPTIONAL,
+ signed BOOLEAN DEFAULT FALSE },
+ other EXTERNAL }
+
+ GrantsAndDenials ::= BIT STRING {
+ -- permissions that may be used in conjunction
+ -- with any component of ProtectedItems
+ grantAdd (0),
+ denyAdd (1),
+ grantDiscloseOnError (2),
+ denyDiscloseOnError (3),
+ grantRead (4),
+ denyRead (5),
+ grantRemove (6),
+ denyRemove (7),
+ -- permissions that may be used only in conjunction
+ -- with the entry component
+ grantBrowse (8),
+ denyBrowse (9),
+ grantExport (10),
+ denyExport (11),
+ grantImport (12),
+ denyImport (13),
+ grantModify (14),
+ denyModify (15),
+ grantRename (16),
+ denyRename (17),
+
+
+
+Legg Expires 16 December 2004 [Page 10]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ grantReturnDN (18),
+ denyReturnDN (19),
+ -- permissions that may be used in conjunction
+ -- with any component, except entry, of ProtectedItems
+ grantCompare (20),
+ denyCompare (21),
+ grantFilterMatch (22),
+ denyFilterMatch (23),
+ grantInvoke (24),
+ denyInvoke (25) }
+
+ AttributeTypeAndValue ::= SEQUENCE {
+ type ATTRIBUTE.&id ({SupportedAttributes}),
+ value ATTRIBUTE.&Type ({SupportedAttributes}{@type}) }
+
+ The SubtreeSpecification and Refinement ASN.1 types are defined in
+ X.501 [X501], and separately described for LDAP [SUBENTRY].
+
+ The following sections describe the components of ACIItem.
+
+3.2.1. Identification Tag
+
+ identificationTag is used to identify a particular ACI item. This is
+ used to discriminate among individual ACI items for the purposes of
+ protection and administration.
+
+3.2.2. Precedence
+
+ Precedence is used to control the relative order in which ACI items
+ are considered during the course of making an access control decision
+ using the ACDF. ACI items having higher precedence values prevail
+ over others with lower precedence values, other factors being equal.
+ Precedence values are integers and are compared as such.
+
+3.2.3. Authentication Level
+
+ AuthenticationLevel defines the minimum requestor authentication
+ level required for this ACI item. It has two forms:
+
+ 1) basicLevels: which indicates the level of authentication,
+ optionally qualified by positive or negative integer
+ localQualifier.
+
+ 2) other: an externally defined measure.
+
+ When basicLevels is used, an AuthenticationLevel consisting of a
+ level and optional localQualifier SHALL be assigned to the requestor
+ by the directory server according to local policy. For a requestor's
+
+
+
+Legg Expires 16 December 2004 [Page 11]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ authentication level to meet or exceed the minimum requirement, the
+ requestor's level must meet or exceed that specified in the ACI item,
+ and in addition the requestor's localQualifier must be arithmetically
+ greater than or equal to that of the ACI item. Strong authentication
+ of the requestor is considered to exceed a requirement for simple or
+ no authentication, and simple authentication exceeds a requirement
+ for no authentication. For access control purposes, the "simple"
+ authentication level requires at least a password; the case of
+ identification only, with no password supplied, is considered "none".
+ If a localQualifier is not specified in the ACI item, then the
+ requestor need not have a corresponding value (if such a value is
+ present it is ignored).
+
+ The signed component of basicLevels is ignored for LDAP.
+
+ When other is used, an appropriate AuthenticationLevel shall be
+ assigned to the requestor by the directory server according to local
+ policy. The form of this AuthenticationLevel and the method by which
+ it is compared with the AuthenticationLevel in the ACI is a local
+ matter.
+
+ An authentication level associated with an explicit grant indicates
+ the minimum level to which a requestor shall be authenticated in
+ order to be granted access.
+
+ An authentication level associated with an explicit deny indicates
+ the minimum level to which a requestor shall be authenticated in
+ order not to be denied access. For example, an ACI item that denies
+ access to a particular user class and requires strong authentication
+ will deny access to all requestors who cannot prove, by means of a
+ strongly authenticated identity, that they are not in that user
+ class.
+
+ The directory server may base authentication level on factors other
+ than values received in protocol exchanges.
+
+3.2.4. itemFirst and userFirst Components
+
+ Each ACI item contains a choice of itemFirst or userFirst. The
+ choice allows grouping of permissions depending on whether they are
+ most conveniently grouped by user classes or by protected items. The
+ itemFirst and userFirst components are equivalent in the sense that
+ they capture the same access control information; however, they
+ organize that information differently. The choice between them is
+ based on administrative convenience. The subcomponents of itemFirst
+ and userFirst are described below.
+
+ a) ProtectedItems defines the items to which the specified access
+
+
+
+Legg Expires 16 December 2004 [Page 12]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ controls apply. It is defined as a set selected from the
+ following:
+
+ - entry means the entry contents as a whole. It does not
+ necessarily include the information in these entries. This
+ element SHALL be ignored if the classes component is present,
+ since this latter element selects protected entries on the basis
+ of their object class.
+
+ - allUserAttributeTypes means all user attribute type information
+ associated with the entry, but not values associated with those
+ attributes.
+
+ - allUserAttributeTypesAndValues means all user attribute
+ information associated with the entry, including all values of
+ all user attributes.
+
+ The allUserAttributeTypes and allUserAttributeTypesAndValues
+ components do not include operational attributes, which MUST be
+ specified on a per attribute basis, using attributeType,
+ allAttributeValues or attributeValue.
+
+ - attributeType means attribute type information pertaining to
+ specific attributes but not values associated with the type.
+
+ - allAttributeValues means all attribute value information
+ pertaining to specific attributes.
+
+ - attributeValue means specific values of specific attribute
+ types.
+
+ - selfValue means the attribute values of the specified attribute
+ types that match the distinguished name (and unique identifier)
+ of the requestor. It can only apply in the specific case where
+ the attribute specified is of DN syntax
+ (1.3.6.1.4.1.1466.115.121.1.12) or Name And Optional UID syntax
+ (1.3.6.1.4.1.1466.115.121.1.34) [RFC2252].
+
+ - rangeOfValues means any attribute value which matches the
+ specified filter, i.e., for which the specified filter evaluated
+ on that attribute value would return TRUE. The filter is not
+ evaluated on any entries in the DIB, rather it is evaluated
+ using the semantics defined in 7.8 of [X511], operating on a
+ fictitious entry that contains only the single attribute value
+ which is the protected item. Note that the filter is an X.500
+ search Filter. It has a different syntax from the LDAP search
+ Filter, but the same semantics.
+
+
+
+
+Legg Expires 16 December 2004 [Page 13]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ The following items provide constraints that may disable the
+ granting of certain permissions to protected items in the same
+ value of ProtectedItems:
+
+ - maxValueCount restricts the maximum number of attribute values
+ allowed for a specified attribute type. It is examined if the
+ protected item is an attribute value of the specified type and
+ the permission sought is Add. Values of that attribute in the
+ entry are counted, without regard to attribute options and
+ access control, as though the operation which is attempting to
+ add the values is successful. If the number of values in the
+ attribute exceeds maxCount, the ACI item is treated as not
+ granting Add permission.
+
+ - maxImmSub restricts the maximum number of immediate subordinates
+ of the superior entry to an entry being added or imported. It
+ is examined if the protected item is an entry, the permission
+ sought is Add or Import, and the immediate superior entry is in
+ the same server as the entry being added or imported. Immediate
+ subordinates of the superior entry are counted, without regard
+ to access control, as though the entry addition or importing is
+ successful. If the number of subordinates exceeds maxImmSub,
+ the ACI item is treated as not granting Add or Import
+ permission.
+
+ - restrictedBy restricts values added to the attribute type to
+ being values that are already present in the same entry as
+ values of the attribute identified by the valuesIn component.
+ It is examined if the protected item is an attribute value of
+ the specified type and the permission sought is Add. Values of
+ the valuesIn attribute are checked, without regard to attribute
+ options and access control, as though the operation which adds
+ the values is successful. If the value to be added is not
+ present in valuesIn the ACI item is treated as not granting Add
+ permission.
+
+ - contexts is not used in this version of the LDAP profile for
+ Basic Access Control.
+
+ - classes means the contents of entries that have object class
+ values that satisfy the predicate defined by Refinement (see
+ [SUBENTRY]).
+
+ b) UserClasses defines a set of zero or more users the permissions
+ apply to. The set of users is selected from the following:
+
+ - allUsers means every directory user (with possible requirements
+ for AuthenticationLevel).
+
+
+
+Legg Expires 16 December 2004 [Page 14]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ - thisEntry means the user with the same distinguished name as the
+ entry being accessed.
+
+ - name is the set of users with the specified distinguished names
+ (each with an optional unique identifier).
+
+ - userGroup is the set of users who are members of the groups
+ (i.e., groupOfNames or groupOfUniqueNames entries [RFC2256])
+ identified by the specified distinguished names (each with an
+ optional unique identifier). Members of a group of unique names
+ are treated as individual user distinguished names, and not as
+ the names of other groups of unique names. How group membership
+ is determined is described in 5.2.5.
+
+ - subtree is the set of users whose distinguished names fall
+ within the scope of the unrefined subtrees (specificationFilter
+ components SHOULD NOT be used - they SHALL be ignored if
+ present).
+
+ c) SubtreeSpecification is used to specify a subtree relative to the
+ root DSE, and is not constrained by administrative areas. The
+ specificationFilter component SHOULD NOT be used. It SHALL be
+ ignored if present.
+
+ A subtree refinement is not allowed because membership in a
+ subtree whose specification includes only base and/or a
+ ChopSpecification can be evaluated in isolation, whereas
+ membership in a subtree definition using specificationFilter can
+ only be evaluated by obtaining information from the user's entry,
+ which is potentially in another directory server. Basic Access
+ Control is designed to avoid remote operations in the course of
+ making an access control decision.
+
+ d) ItemPermission contains a collection of users and their
+ permissions with respect to ProtectedItems within an itemFirst
+ specification. The permissions are specified in grantsAndDenials
+ as discussed in item f). Each of the permissions specified in
+ grantsAndDenials is considered to have the precedence level
+ specified in precedence for the purpose of the ACDF. If
+ precedence is omitted within ItemPermission, then precedence is
+ taken from the precedence specified for ACIItem.
+
+ e) UserPermission contains a collection of protected items and the
+ associated permissions with respect to userClasses within a
+ userFirst specification. The associated permissions are specified
+ in grantsAndDenials as discussed in item f). Each of the
+ permissions specified in grantsAndDenials is considered to have
+ the precedence level specified in precedence for the purpose of
+
+
+
+Legg Expires 16 December 2004 [Page 15]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ the ACDF. If precedence is omitted within UserPermission, the
+ precedence is taken from the precedence specified for ACIItem.
+
+ f) GrantsAndDenials specify the access rights that are granted or
+ denied by the ACI item.
+
+ g) UniqueIdentifier may be used by the authentication mechanism to
+ distinguish between instances of distinguished name reuse. If
+ this component is present, then for a requestor's name to match
+ the UserClasses of an ACIItem that grants permissions, in addition
+ to the requirement that the requestor's distinguished name match
+ the specified distinguished name, the authentication of the
+ requestor shall yield an associated unique identifier, and that
+ value shall match for equality with the specified value.
+
+3.2.5. Determining Group Membership
+
+ Determining whether a given requestor is a group member requires
+ checking two criteria. The determination may also be constrained if
+ the group definition is not known locally. The criteria for
+ membership and the treatment of non-local groups are discussed below.
+
+ a) A directory server is not required to perform a remote operation
+ to determine whether the requestor belongs to a particular group
+ for the purposes of Basic Access Control. If membership in the
+ group cannot be evaluated, the server shall assume that the
+ requestor does not belong to the group if the ACI item grants the
+ permission sought, and does belong to the group if it denies the
+ permission sought.
+
+ Access control administrators should beware of basing access
+ controls on membership of non-locally available groups or groups
+ which are available only through replication (and which may,
+ therefore, be out of date).
+
+ b) In order to determine whether the requestor is a member of a
+ userGroup user class, the following criteria apply:
+
+ - The entry named by the userGroup specification is an instance of
+ the object class groupOfNames or groupOfUniqueNames.
+
+ - The name of the requestor is a value of the member or
+ uniqueMember attribute of that entry.
+
+ Values of the member or uniqueMember attribute that do not match
+ the name of the requestor are ignored, even if they represent the
+ names of groups of which the originator could be found to be a
+ member. Hence, nested groups are not supported when evaluating
+
+
+
+Legg Expires 16 December 2004 [Page 16]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ access controls.
+
+3.3. ACI Operational Attributes
+
+ ACI is stored as values of operational attributes of entries and
+ subentries. The operational attributes are multi-valued, which
+ allows ACI to be represented as a set of ACI items.
+
+3.3.1. Prescriptive ACI
+
+ The prescriptiveACI attribute is defined as an operational attribute
+ of an access control subentry. It contains prescriptive ACI
+ applicable to entries within that subentry's scope.
+
+ The LDAP description [RFC2252] for the prescriptiveACI operational
+ attribute is:
+
+ ( 2.5.24.4 NAME 'prescriptiveACI'
+ EQUALITY directoryStringFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.1
+ USAGE directoryOperation )
+
+ The directoryStringFirstComponentMatch matching rule is described in
+ [SCHEMA].
+
+ Prescriptive ACI within the subentries of a particular administrative
+ point never applies to the same or any other subentry of that
+ administrative point, but can be applicable to the subentries of
+ subordinate administrative points.
+
+ Note that prescriptiveACI attributes are not collective attributes.
+ Although the values of a prescriptiveACI attribute contribute to
+ access control decisions for each entry within the scope of the
+ subentry that holds the attribute, the prescriptiveACI attribute does
+ not appear as part of those entries.
+
+3.3.2. Entry ACI
+
+ The entryACI attribute is defined as an operational attribute of an
+ entry or subentry (not just access control subentries). It contains
+ entry ACI applicable to the entry or subentry in which it appears,
+ and that (sub)entry's contents.
+
+ The LDAP description [RFC2252] for the entryACI operational attribute
+ is:
+
+ ( 2.5.24.5 NAME 'entryACI'
+ EQUALITY directoryStringFirstComponentMatch
+
+
+
+Legg Expires 16 December 2004 [Page 17]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.1
+ USAGE directoryOperation )
+
+3.3.3. Subentry ACI
+
+ The subentryACI attribute is defined as an operational attribute of
+ administrative entries [ADMIN] (for any aspect of administration).
+ It contains subentry ACI that applies to each of the subentries of
+ the administrative entry in which it appears. Only administrative
+ entries are permitted to contain a subentryACI attribute.
+
+ The LDAP description [RFC2252] for the subentryACI operational
+ attribute is:
+
+ ( 2.5.24.6 NAME 'subentryACI'
+ EQUALITY directoryStringFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.1
+ USAGE directoryOperation )
+
+3.3.4. Protecting the ACI
+
+ ACI operational attributes are subject to the same protection
+ mechanisms as other attributes.
+
+ The identificationTag provides an identifier for each ACI item. This
+ tag can be used to remove a specific ACI item value, or to protect it
+ by prescriptive ACI, entry ACI or subentry ACI. Directory rules
+ ensure that only one ACI item per access control operational
+ attribute possesses any specific identificationTag value.
+
+ The creation of subentries for an administrative entry may be
+ controlled by means of the subentryACI operational attribute in the
+ administrative entry. The right to create prescriptive access
+ controls may also be governed directly by security policy; this
+ provision is required to create access controls in new autonomous
+ administrative areas [ADMIN].
+
+3.4. Access Control Decision Points for LDAP Operations
+
+ Each LDAP operation involves making a series of access control
+ decisions on the various protected items that the operation accesses.
+
+ For some operations (e.g., the Modify operation), each such access
+ control decision must grant access for the operation to succeed; if
+ access is denied to any protected item, the whole operation fails.
+ For other operations (e.g., the Search operation), protected items to
+ which access is denied are simply omitted from the operation result
+ and processing continues.
+
+
+
+Legg Expires 16 December 2004 [Page 18]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ If the requested access is denied, further access control decisions
+ may be needed to determine if the user has DiscloseOnError
+ permissions to the protected item. Only if DiscloseOnError
+ permission is granted may the server respond with an error that
+ reveals the existence of the protected item. In all other cases, the
+ server MUST act so as to conceal the existence of the protected item.
+
+ The permissions required to access each protected item, are specified
+ for each operation in the following sections. The algorithm by which
+ a permission is determined to be granted or not granted is specified
+ in Section 3.5.
+
+3.4.1. Common Elements of Procedure
+
+ This section defines the elements of procedure that are common to all
+ LDAP operations when Basic Access Control is in effect.
+
+3.4.1.1. Alias Dereferencing
+
+ If, in the process of locating a target object entry (nominated in an
+ LDAP request), alias dereferencing is required, no specific
+ permissions are necessary for alias dereferencing to take place.
+ However, if alias dereferencing would result in a referral being
+ returned, the following sequence of access controls applies.
+
+ 1) Read permission is required to the alias entry. If permission is
+ not granted, the operation fails in accordance to the procedure
+ described in 5.4.1.3.
+
+ 2) Read permission is required to the aliasedEntryName attribute and
+ to the single value that it contains. If permission is not
+ granted, the operation fails and the resultCode
+ aliasDereferencingProblem SHALL be returned. The matchedDN field
+ of the LDAPResult SHALL contain the name of the alias entry.
+
+ In addition to the access controls described above, security policy
+ may prevent the disclosure of knowledge of other servers which would
+ otherwise be conveyed in a referral. If such a policy is in effect
+ the resultCode insufficientAccessRights SHALL be returned.
+
+3.4.1.2. Return of Names in Errors
+
+ Certain LDAP result codes, i.e., noSuchObject, aliasProblem,
+ invalidDNSyntax and aliasDereferencingProblem, provide the name of an
+ entry in the matchedDN field of an LDAPResult. The DN of an entry
+ SHALL only be provided in the matchedDN field if DiscloseOnError
+ permission is granted to that entry, otherwise, the matchedDN field
+ of the LDAPResult SHALL either contain the name of the next superior
+
+
+
+Legg Expires 16 December 2004 [Page 19]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ entry to which DiscloseOnError permission is granted, or, if
+ DiscloseOnError permission is not granted to any superior entry, the
+ name of the root DSE (i.e., a zero-length LDAPDN).
+
+3.4.1.3. Non-disclosure of Entry Existence
+
+ If, while performing an LDAP operation, the necessary entry level
+ permission is not granted to the specified target object entry -
+ e.g., the entry to be modified - the operation fails; if
+ DiscloseOnError permission is granted to the target entry, the
+ resultCode insufficientAccessRights SHALL be returned, otherwise, the
+ resultCode noSuchObject SHALL be returned. The matchedDN field of
+ the LDAPResult SHALL either contain the name of the next superior
+ entry to which DiscloseOnError permission is granted, or, if
+ DiscloseOnError permission is not granted to any superior entry, the
+ name of the root DSE (i.e., a zero-length LDAPDN).
+
+ Additionally, whenever the server detects an operational error
+ (including a referral resultCode), it shall ensure that in returning
+ that error it does not compromise the existence of the named target
+ entry and any of its superiors. For example, before returning a
+ resultCode of timeLimitExceeded or notAllowedOnNonLeaf, the server
+ verifies that DiscloseOnError permission is granted to the target
+ entry. If it is not, the procedure described in the paragraph above
+ SHALL be followed.
+
+3.4.2. Compare Operation Decision Points
+
+ The following sequence of access controls applies for an entry being
+ compared.
+
+ 1) Read permission for the entry to be compared is required. If
+ permission is not granted, the operation fails in accordance with
+ 5.4.1.3.
+
+ 2) Compare permission for the attribute to be compared is required.
+ If permission is not granted, the operation fails: if
+ DiscloseOnError permission is granted to the attribute being
+ compared, a resultCode of insufficientAccessRight SHALL be
+ returned, otherwise, the resultCode noSuchAttribute SHALL be
+ returned.
+
+ 3) If there exists a value within the attribute being compared that
+ matches the purported argument and for which Compare permission is
+ granted, the operation returns the resultCode compareTrue,
+ otherwise the operation returns the resultCode compareFalse.
+
+3.4.3. Search Operation Decision Points
+
+
+
+Legg Expires 16 December 2004 [Page 20]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ The following sequence of access controls applies for a portion of
+ the DIT being searched.
+
+ 1) No specific permission is required to the entry identified by the
+ baseObject argument in order to initiate a search. However, if
+ the baseObject is within the scope of the SearchArgument (i.e.,
+ when the subset argument specifies baseObject or wholeSubtree) the
+ access controls specified in 2) through 5) will apply.
+
+ 2) Browse or Read permission is required for the single entry within
+ the scope of a baseObject search. An entry for which neither of
+ these permissions is granted is ignored.
+
+ This differs from the X.500 DAP Search operation where the Browse
+ permission alone is required. An entry with Read permission but
+ not Browse permission cannot be searched but can still be examined
+ with an X.500 DAP Read operation. LDAP relies on baseObject
+ search operations to provide the functionality of the DAP Read
+ operation. Accepting Read permission for the target entry in a
+ baseObject search gives an LDAP baseObject search the same access
+ rights to the entry as the DAP Read operation.
+
+ 3) Browse permission is required for an entry within the scope of a
+ singleLevel or wholeSubtree search to be a candidate for
+ consideration. Entries for which this permission is not granted
+ are ignored.
+
+ 4) The filter argument is applied to each entry left to be considered
+ after taking 2) and 3) into account, in accordance with the
+ following:
+
+ a) For a present Filter item, if there exists an attribute value
+ such that the attribute type of the value (possibly a subtype
+ of the attribute type in the FilterItem) satisfies the Filter
+ item and FilterMatch permission is granted for the value and
+ for the attribute type then the FilterItem evaluates to TRUE,
+ otherwise, it evaluates to FALSE.
+
+ If a directory server does not support True/False filters
+ [FILTER] on LDAP searches, or if directory clients do not
+ exploit this capability, then access control administrators
+ SHOULD grant FilterMatch permission for the objectClass
+ attribute over entries where Read permission is also granted so
+ that an LDAP baseObject search with a filter testing for the
+ presence of the objectClass attribute will have the same access
+ rights to the target entry as the DAP Read operation. An LDAP
+ baseObject search with a True filter does not require
+ FilterMatch permission for any particular attribute type.
+
+
+
+Legg Expires 16 December 2004 [Page 21]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ b) For an equalityMatch, substrings, greaterOrEqual, lessOrEqual,
+ approxMatch or extensibleMatch Filter item, if there exists an
+ attribute value such that the value satisfies the Filter item
+ and FilterMatch permission is granted for the value and for its
+ attribute type (possibly a subtype of the attribute type in the
+ FilterItem) then the FilterItem evaluates to TRUE, otherwise,
+ it evaluates to FALSE.
+
+ Once the access controls defined in 2) through 4) have been applied,
+ an entry is either selected or discarded.
+
+ 5) For each selected entry the information returned is as follows:
+
+ a) ReturnDN permission for an entry is required in order to return
+ its distinguished name in a SearchResultEntry response. If
+ this permission is not granted, the server SHALL either, return
+ the name of a valid alias to the entry, or, omit the entry from
+ the search result.
+
+ If the base entry of the search was located using an alias,
+ then that alias is known to be a valid alias. Otherwise, how
+ it is ensured that the alias is valid is outside the scope of
+ this specification.
+
+ Where a server has a choice of alias names available to it for
+ return, it is RECOMMENDED that where possible it choose the
+ same alias name for repeated requests by the same client, in
+ order to provide a consistent service.
+
+ b) If the typesOnly field of the SearchRequest is TRUE then, for
+ each attribute type that is to be returned, Read permission for
+ the attribute type and Read permission for at least one value
+ of the attribute is required. If permission is not granted,
+ the attribute type is omitted from the attribute list in the
+ SearchResultEntry. If as a consequence of applying these
+ controls no attribute type information is selected, the
+ SearchResultEntry is returned but no attribute type information
+ is conveyed with it (i.e., the attribute list is empty).
+
+ c) If the typesOnly field of the SearchRequest is FALSE then Read
+ permission is required for each attribute type and for each
+ attribute value that is to be returned. If permission to an
+ attribute type is not granted, the attribute is omitted from
+ the SearchResultEntry. If permission to an attribute value is
+ not granted, the value is omitted from its corresponding
+ attribute. If all values of an attribute are omitted then the
+ attribute type is omitted from the attribute list in the
+ SearchResultEntry. If as a consequence of applying these
+
+
+
+Legg Expires 16 December 2004 [Page 22]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ controls no attribute information is selected, the
+ SearchResultEntry is returned but no attribute information is
+ conveyed with it (i.e., the attribute list is empty).
+
+ 6) If as a consequence of applying the above controls to the entire
+ scoped subtree the search result contains no entries (excluding
+ any SearchResultReferences) and if DiscloseOnError permission is
+ not granted to the entry identified by the baseObject argument,
+ the operation fails and the resultCode noSuchObject SHALL be
+ returned. The matchedDN field of the LDAPResult SHALL either
+ contain the name of the next superior entry to which
+ DiscloseOnError permission is granted, or the name of the root DSE
+ (i.e., a zero-length LDAPDN). Otherwise, the operation succeeds
+ but no subordinate information is conveyed with it.
+
+ Security policy may prevent the disclosure of knowledge of other
+ servers which would otherwise be conveyed as SearchResultReferences.
+ If such a policy is in effect SearchResultReferences are omitted from
+ the search result.
+
+ No specific permissions are necessary to allow alias dereferencing to
+ take place in the course of a search operation. However, for each
+ alias entry encountered, if alias dereferencing would result in a
+ SearchResultReference being returned, the following access controls
+ apply: Read permission is required to the alias entry, the
+ aliasedEntryName attribute and to the single value that it contains.
+ If any of these permissions is not granted, the SearchResultReference
+ SHALL be omitted from the search result.
+
+3.4.4. Add Operation Decision Points
+
+ The following sequence of access controls apply for an entry being
+ added.
+
+ 1) No specific permission is required for the immediate superior of
+ the entry identified by the entry field of the AddRequest.
+
+ 2) If an entry already exists with a distinguished name equal to the
+ entry field the operation fails; if DiscloseOnError or Add
+ permission is granted to the existing entry, the resultCode
+ entryAlreadyExists SHALL be returned, otherwise, the procedure
+ described in 5.4.1.3 is followed with respect to the entry being
+ added.
+
+ 3) Add permission is required for the new entry being added. If this
+ permission is not granted, the operation fails; the procedure
+ described in 5.4.1.3 is followed with respect to the entry being
+ added.
+
+
+
+Legg Expires 16 December 2004 [Page 23]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ The Add permission is provided as prescriptive ACI when attempting
+ to add an entry and as prescriptive ACI or subentry ACI when
+ attempting to add a subentry. Any values of the entryACI
+ attribute in the entry being added SHALL be ignored.
+
+ 4) Add permission is required for each attribute type and for each
+ value that is to be added. If any permission is absent, the
+ operation fails and the resultCode insufficientAccessRights SHALL
+ be returned.
+
+3.4.5. Delete Operation Decision Points
+
+ The following sequence of access controls apply for an entry being
+ removed.
+
+ 1) Remove permission is required for the entry being removed. If
+ this permission is not granted, the operation fails in accordance
+ with 5.4.1.3.
+
+ 2) No specific permissions are required for any of the attributes and
+ attribute values present within the entry being removed.
+
+3.4.6. Modify Operation Decision Points
+
+ The following sequence of access controls apply for an entry being
+ modified.
+
+ 1) Modify permission is required for the entry being modified. If
+ this permission is not granted, the operation fails in accordance
+ with 5.4.1.3.
+
+ 2) For each of the specified modification arguments applied in
+ sequence, the following permissions are required:
+
+ a) Add permission is required for each of the attribute values
+ specified in an add modification. If the attribute does not
+ currently exist then Add permission for the attribute type is
+ also required. If these permissions are not granted, or any of
+ the attribute values already exist, the operation fails; if an
+ attribute value already exists and DiscloseOnError or Add is
+ granted to that attribute value, the resultCode
+ attributeOrValueExists SHALL be returned, otherwise, the
+ resultCode insufficientAccessRights SHALL be returned.
+
+ b) Remove permission is required for the attribute type specified
+ in a delete modification with no listed attribute values. If
+ this permission is not granted, the operation fails; if
+ DiscloseOnError permission is granted to the attribute being
+
+
+
+Legg Expires 16 December 2004 [Page 24]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ removed and the attribute exists, the resultCode
+ insufficientAccessRights SHALL be returned, otherwise, the
+ resultCode noSuchAttribute SHALL be returned.
+
+ No specific permissions are required for any of the attribute
+ values present within the attribute being removed.
+
+ c) Remove permission is required for each of the values in a
+ delete modification with listed attribute values. If all
+ current values of the attribute are specified to be removed
+ (which causes the attribute itself to be removed), then Remove
+ permission for the attribute type is also required. If these
+ permissions are not granted, the operation fails; if
+ DiscloseOnError permission is granted to any of the attribute
+ values being removed, the resultCode insufficientAccessRights
+ SHALL be returned, otherwise, the resultCode noSuchAttribute
+ SHALL be returned.
+
+ d) Remove and Add permission is required for the attribute type,
+ and Add permission is required for each of the specified
+ attribute values, in a replace modification. If these
+ permissions are not granted the operation fails and the
+ resultCode insufficientAccessRights SHALL be returned.
+
+ No specific permissions are required to remove any existing
+ attribute values of the attribute being replaced.
+
+3.4.7. Modify DN Operation Decision Points
+
+ The following sequence of access controls apply for an entry having
+ its DN modified.
+
+ 1) If the effect of the operation is to change the RDN of the entry
+ then Rename permission (determined with respect to its original
+ name) is required for the entry. If this permission is not
+ granted, the operation fails; the procedure described in 5.4.1.3
+ is followed with respect to the entry being renamed (considered
+ with its original name).
+
+ No additional permissions are required even if, as a result of
+ modifying the RDN of the entry, a new distinguished value needs to
+ be added, or an old one removed. No specific permissions are
+ required for the subordinates of the renamed entry.
+
+ 2) If the effect of the operation is to move an entry to a new
+ superior in the DIT then Export permission (determined with
+ respect to its original name) and Import permission (determined
+ with respect to its new name) are required for the entry. If
+
+
+
+Legg Expires 16 December 2004 [Page 25]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ either of these permissions is not granted, the operation fails;
+ the procedure described in 5.4.1.3 is followed with respect to the
+ entry being moved (considered with its original name).
+
+ The Import permission is provided as prescriptive ACI when
+ attempting to move an entry and as prescriptive ACI or subentry
+ ACI when attempting to move a subentry. Any values of the
+ entryACI attribute in the entry or subentry being moved SHALL be
+ ignored.
+
+ No specific permissions are required for the subordinates of the
+ moved entry.
+
+ Note that a single Modify DN Operation may simultaneously rename and
+ move an entry.
+
+3.5. Access Control Decision Function
+
+ This section describes how ACI items are processed in order to decide
+ whether to grant or deny a particular requestor a specified
+ permission to a given protected item.
+
+ Section 3.5.1 describes the inputs to the ACDF. Sections 3.5.2
+ through 3.5.4 describe the steps in the ACDF. The output is a
+ decision to grant or deny access to the protected item.
+
+3.5.1. Inputs
+
+ For each invocation of the ACDF, the inputs are:
+
+ a) the requestor's Distinguished Name, unique identifier, and
+ authentication level, or as many of these as are available;
+
+ b) the protected item (an entry, an attribute, or an attribute value)
+ being considered at the current decision point for which the ACDF
+ was invoked;
+
+ c) the requested permission specified for the current decision point;
+
+ d) the ACI items applicable to the entry containing (or which is) the
+ protected item.
+
+ In addition, if the ACI items include any of the protected item
+ constraints described in 5.2.1.4, the whole entry and the number of
+ immediate subordinates of its superior entry may also be required as
+ inputs.
+
+3.5.2. Tuples
+
+
+
+Legg Expires 16 December 2004 [Page 26]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ For each ACI item, expand the item into a set of tuples, one tuple
+ for each element of the itemPermissions and userPermissions sets,
+ containing the following elements:
+
+ ( userClasses, authenticationLevel, protectedItems,
+ grantsAndDenials, precedence )
+
+ Collect all tuples from all ACI items into a single set.
+
+ For any tuple whose grantsAndDenials specify both grants and denials,
+ replace the tuple with two tuples - one specifying only grants and
+ the other specifying only denials.
+
+3.5.3. Discarding Irrelevant Tuples
+
+ Perform the following steps to discard all irrelevant tuples:
+
+ 1) Discard all tuples that do not include the requestor in the
+ tuple's userClasses as follows:
+
+ a) For tuples that grant access, discard all tuples that do not
+ include the requestor's identity in the tuples's userClasses
+ element, taking into account UniqueIdentifier elements if
+ relevant. Where a tuple's userClasses specifies a
+ UniqueIdentifier, a matching value shall be present in the
+ requestor's identity if the tuple is not to be discarded.
+ Discard tuples that specify an authentication level higher than
+ that associated with the requestor.
+
+ b) For tuples that deny access, retain all tuples that include the
+ requestor in the tuple's userClasses element, taking into
+ account uniqueIdentifier elements if relevant. Also retain all
+ tuples that deny access and which specify an authentication
+ level higher than that associated with the requestor. This
+ reflects the fact that the requestor has not adequately proved
+ non-membership in the user class for which the denial is
+ specified. All other tuples that deny access are discarded.
+
+ 2) Discard all tuples that do not include the protected item in
+ protectedItems.
+
+ 3) Examine all tuples that include maxValueCount, maxImmSub or
+ restrictedBy. Discard all such tuples which grant access and
+ which do not satisfy any of these constraints.
+
+ 4) Discard all tuples that do not include the requested permission as
+ one of the set bits in grantsAndDenials.
+
+
+
+
+Legg Expires 16 December 2004 [Page 27]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ The order in which tuples are discarded does not change the output of
+ the ACDF.
+
+3.5.4. Highest Precedence and Specificity
+
+ Perform the following steps to select those tuples of highest
+ precedence and specificity:
+
+ 1) Discard all tuples having a precedence less than the highest
+ precedence among the remaining tuples.
+
+ 2) If more than one tuple remains, choose the tuples with the most
+ specific user class. If there are any tuples matching the
+ requestor with UserClasses element name or thisEntry, discard all
+ other tuples. Otherwise if there are any tuples matching
+ UserGroup, discard all other tuples. Otherwise if there are any
+ tuples matching subtree, discard all other tuples.
+
+ 3) If more than one tuple remains, choose the tuples with the most
+ specific protected item. If the protected item is an attribute
+ and there are tuples that specify the attribute type explicitly,
+ discard all other tuples. If the protected item is an attribute
+ value, and there are tuples that specify the attribute value
+ explicitly, discard all other tuples. A protected item which is a
+ rangeOfValues is to be treated as specifying an attribute value
+ explicitly.
+
+ Grant access if and only if one or more tuples remain and all grant
+ access. Otherwise deny access.
+
+4. Simplified Access Control
+
+ This section describes the functionality of the Simplified Access
+ Control scheme. It provides a subset of the functionality found in
+ Basic Access Control.
+
+ When Simplified Access Control is used, the accessControlScheme
+ operational attribute [ACA] SHALL have the value
+ simplified-access-control (2.5.28.2).
+
+ The functionality of Simplified Access Control is the same as Basic
+ Access Control except that:
+
+ 1) Access control decisions shall be made only on the basis of values
+ of prescriptiveACI and subentryACI operational attributes. Values
+ of the entryACI attribute, if present, SHALL NOT be used to make
+ access control decisions.
+
+
+
+
+Legg Expires 16 December 2004 [Page 28]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ 2) Access Control Inner Areas are not used. Values of
+ prescriptiveACI attributes appearing in subentries of ACIPs SHALL
+ NOT be used to make access control decisions.
+
+ All other provisions SHALL be as defined for Basic Access Control.
+
+5. Security Considerations
+
+ Access control administrators should beware of basing access controls
+ on membership of non-locally available groups or groups which are
+ available only through replication (and which may, therefore, be out
+ of date).
+
+ A particular DSA might not have the ACI governing any data that it
+ caches. Administrators should be aware that a directory server with
+ the capability of caching may pose a significant security risk to
+ other directory servers, in that it may reveal information to
+ unauthorized users.
+
+6. Acknowledgements
+
+ This document is derived from, and duplicates substantial portions
+ of, Section 8 of X.501 [X501], and selected extracts from X.511
+ [X511].
+
+7. IANA Considerations
+
+ The Internet Assigned Numbers Authority (IANA) is requested to update
+ the LDAP descriptors registry [BCP64] as indicated by the following
+ templates:
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): basic-access-control
+ Object Identifier: 2.5.28.1
+ Person & email address to contact for further information:
+ Steven Legg <steven.legg at adacel.com.au>
+ Usage: other (access control scheme)
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): simplified-access-control
+ Object Identifier: 2.5.28.2
+ Person & email address to contact for further information:
+ Steven Legg <steven.legg at adacel.com.au>
+ Usage: other (access control scheme)
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+
+
+Legg Expires 16 December 2004 [Page 29]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): prescriptiveACI
+ Object Identifier: 2.5.24.4
+ Person & email address to contact for further information:
+ Steven Legg <steven.legg at adacel.com.au>
+ Usage: attribute type
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): entryACI
+ Object Identifier: 2.5.24.5
+ Person & email address to contact for further information:
+ Steven Legg <steven.legg at adacel.com.au>
+ Usage: attribute type
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): subentryACI
+ Object Identifier: 2.5.24.6
+ Person & email address to contact for further information:
+ Steven Legg <steven.legg at adacel.com.au>
+ Usage: attribute type
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+Appendix A. LDAP Specific Encoding for the ACI Item Syntax
+
+ This appendix is non-normative.
+
+ The LDAP-specific encoding for the ACI Item syntax is specified by
+ the Generic String Encoding Rules [GSER]. The ABNF [RFC2234] in this
+ appendix for this syntax is provided only as a convenience and is
+ equivalent to the encoding specified by the application of GSER.
+ Since the ACI Item ASN.1 type may be extended in future editions of
+ X.501 [X501], the provided ABNF should be regarded as a snapshot in
+ time. The LDAP-specific encoding for any extension to the ACI Item
+ ASN.1 type can be determined from the rules of GSER.
+
+ In the event that there is a discrepancy between this ABNF and the
+ encoding determined by GSER, then GSER is to be taken as definitive.
+
+ ACIItem = "{" sp aci-identificationTag ","
+ sp aci-precedence ","
+ sp aci-authenticationLevel ","
+ sp aci-itemOrUserFirst
+ sp "}"
+
+
+
+Legg Expires 16 December 2004 [Page 30]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ aci-identificationTag = id-identificationTag msp
+ DirectoryString
+ aci-precedence = id-precedence msp Precedence
+ aci-authenticationLevel = id-authenticationLevel msp
+ AuthenticationLevel
+ aci-itemOrUserFirst = id-itemOrUserFirst msp
+ ItemOrUserFirst
+ id-identificationTag = %x69.64.65.6E.74.69.66.69.63.61.74.69.6F
+ %x6E.54.61.67 ; "identificationTag"
+ id-precedence = %x70.72.65.63.65.64.65.6E.63.65
+ ; "precedence"
+ id-authenticationLevel = %x61.75.74.68.65.6E.74.69.63.61.74.69.6F
+ %x6E.4C.65.76.65.6C
+ ; "authenticationLevel"
+ id-itemOrUserFirst = %x69.74.65.6D.4F.72.55.73.65.72.46.69.72
+ %x73.74 ; "itemOrUserFirst"
+
+ Precedence = INTEGER-0-MAX ; MUST be less than 256
+
+ AuthenticationLevel = al-basicLevels / al-other
+ al-basicLevels = id-basicLevels ":" BasicLevels
+ al-other = id-other ":" EXTERNAL
+ id-basicLevels = %x62.61.73.69.63.4C.65.76.65.6C.73
+ ; "basicLevels"
+ id-other = %x6F.74.68.65.72 ; "other"
+
+ BasicLevels = "{" sp bl-level
+ [ "," sp bl-localQualifier ]
+ [ "," sp bl-signed ]
+ sp "}"
+
+ bl-level = id-level msp Level
+ bl-localQualifier = id-localQualifier msp INTEGER
+ bl-signed = id-signed msp BOOLEAN
+ Level = id-none / id-simple / id-strong
+ id-level = %x6C.65.76.65.6C ; "level"
+ id-localQualifier = %x6C.6F.63.61.6C.51.75.61.6C.69.66.69.65.72
+ ; "localQualifier"
+ id-signed = %x73.69.67.6E.65.64 ; "signed"
+ id-none = %x6E.6F.6E.65 ; "none"
+ id-simple = %x73.69.6D.70.6C.65 ; "simple"
+ id-strong = %x73.74.72.6F.6E.67 ; "strong"
+
+ ItemOrUserFirst = ( id-itemFirst ":" ItemFirst ) /
+ ( id-userFirst ":" UserFirst )
+ id-itemFirst = %x69.74.65.6D.46.69.72.73.74 ; "itemFirst"
+ id-userFirst = %x75.73.65.72.46.69.72.73.74 ; "userFirst"
+
+
+
+
+Legg Expires 16 December 2004 [Page 31]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ ItemFirst = "{" sp if-protectedItems ","
+ sp if-itemPermissions
+ sp "}"
+ if-protectedItems = id-protectedItems msp ProtectedItems
+ if-itemPermissions = id-itemPermissions msp ItemPermissions
+ id-protectedItems = %x70.72.6F.74.65.63.74.65.64.49.74.65.6D.73
+ ; "protectedItems"
+ id-itemPermissions = %x69.74.65.6D.50.65.72.6D.69.73.73.69.6F.6E
+ %x73 ; "itemPermissions"
+
+ UserFirst = "{" sp uf-userClasses ","
+ sp uf-userPermissions
+ sp "}"
+ uf-userClasses = id-userClasses msp UserClasses
+ uf-userPermissions = id-userPermissions msp UserPermissions
+ id-userClasses = %x75.73.65.72.43.6C.61.73.73.65.73
+ ; "userClasses"
+ id-userPermissions = %x75.73.65.72.50.65.72.6D.69.73.73.69.6F.6E
+ %x73 ; "userPermissions"
+
+ ItemPermissions = "{" [ sp ItemPermission
+ *( "," sp ItemPermission ) ] sp "}"
+ ItemPermission = "{" [ sp ip-precedence "," ]
+ sp ip-userClasses ","
+ sp ip-grantsAndDenials
+ sp "}"
+ ip-precedence = id-precedence msp Precedence
+ ip-userClasses = id-userClasses msp UserClasses
+ ip-grantsAndDenials = id-grantsAndDenials msp GrantsAndDenials
+ id-grantsAndDenials = %x67.72.61.6E.74.73.41.6E.64.44.65.6E.69.61
+ %x6C.73 ; "grantsAndDenials"
+
+ UserClasses = "{" [ sp uc-allUsers ]
+ [ sep sp uc-thisEntry ]
+ [ sep sp uc-name ]
+ [ sep sp uc-userGroup ]
+ [ sep sp uc-subtree ]
+ sp "}"
+ uc-allUsers = id-allUsers msp NULL
+ uc-thisEntry = id-thisEntry msp NULL
+ uc-name = id-name msp NameAndOptionalUIDs
+ uc-userGroup = id-userGroup msp NameAndOptionalUIDs
+ uc-subtree = id-subtree msp SubtreeSpecifications
+ id-allUsers = %x61.6C.6C.55.73.65.72.73 ; "allUsers"
+ id-thisEntry = %x74.68.69.73.45.6E.74.72.79 ; "thisEntry"
+ id-name = %x6E.61.6D.65 ; "name"
+ id-userGroup = %x75.73.65.72.47.72.6F.75.70 ; "userGroup"
+ id-subtree = %x73.75.62.74.72.65.65 ; "subtree"
+
+
+
+Legg Expires 16 December 2004 [Page 32]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ NameAndOptionalUIDs = "{" sp NameAndOptionalUID
+ *( "," sp NameAndOptionalUID ) sp "}"
+ NameAndOptionalUID = "{" sp nu-dn
+ [ "," sp nu-uid ]
+ sp "}"
+ nu-dn = id-dn msp DistinguishedName
+ nu-uid = id-uid msp UniqueIdentifier
+ UniqueIdentifier = BIT-STRING
+ id-dn = %x64.6E ; "dn"
+ id-uid = %x75.69.64 ; "uid"
+
+ SubtreeSpecifications = "{" sp SubtreeSpecification
+ *( "," sp SubtreeSpecification ) sp "}"
+
+ UserPermissions = "{" [ sp UserPermission
+ *( "," sp UserPermission ) ] sp "}"
+ UserPermission = "{" [ sp up-precedence "," ]
+ sp up-protectedItems ","
+ sp up-grantsAndDenials
+ sp "}"
+ up-precedence = id-precedence msp Precedence
+ up-protectedItems = id-protectedItems msp ProtectedItems
+ up-grantsAndDenials = id-grantsAndDenials msp GrantsAndDenials
+
+ ProtectedItems = "{" [ sp pi-entry ]
+ [ sep sp pi-allUserAttributeTypes ]
+ [ sep sp pi-attributeType ]
+ [ sep sp pi-allAttributeValues ]
+ [ sep sp pi-allUserTypesAndValues ]
+ [ sep sp pi-attributeValue ]
+ [ sep sp pi-selfValue ]
+ [ sep sp pi-rangeOfValues ]
+ [ sep sp pi-maxValueCount ]
+ [ sep sp pi-maxImmSub ]
+ [ sep sp pi-restrictedBy ]
+ ; contexts omitted
+ [ sep sp pi-classes ]
+ sp "}"
+
+ pi-entry = id-entry msp NULL
+ pi-allUserAttributeTypes = id-allUserAttributeTypes msp NULL
+ pi-attributeType = id-attributeType msp AttributeTypes
+ pi-allAttributeValues = id-allAttributeValues msp
+ AttributeTypes
+ pi-allUserTypesAndValues = id-allUserAttributeTypesAndValues msp
+ NULL
+ pi-attributeValue = id-attributeValue msp
+ AttributeTypeAndValues
+
+
+
+Legg Expires 16 December 2004 [Page 33]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ pi-selfValue = id-selfValue msp AttributeTypes
+ pi-rangeOfValues = id-rangeOfValues msp Filter
+ pi-maxValueCount = id-maxValueCount msp MaxValueCounts
+ pi-maxImmSub = id-maxImmSub msp INTEGER
+ pi-restrictedBy = id-restrictedBy msp RestrictedValues
+ pi-classes = id-classes msp Refinement
+ id-entry = %x65.6E.74.72.79 ; "entry"
+ id-allUserAttributeTypes = %x61.6C.6C.55.73.65.72.41.74.74.72.69
+ %x62.75.74.65.54.79.70.65.73
+ ; "allUserAttributeTypes"
+ id-attributeType = %x61.74.74.72.69.62.75.74.65.54.79.70
+ %x65 ; "attributeType"
+ id-allAttributeValues = %x61.6C.6C.41.74.74.72.69.62.75.74.65
+ %x56.61.6C.75.65.73
+ ; "allAttributeValues"
+ id-attributeValue = %x61.74.74.72.69.62.75.74.65.56.61.6C
+ %x75.65 ; "attributeValue"
+ id-selfValue = %x73.65.6C.66.56.61.6C.75.65
+ ; "selfValue"
+ id-rangeOfValues = %x72.61.6E.67.65.4F.66.56.61.6C.75.65
+ %x73 ; "rangeOfValues"
+ id-maxValueCount = %x6D.61.78.56.61.6C.75.65.43.6F.75.6E
+ %x74 ; "maxValueCount"
+ id-maxImmSub = %x6D.61.78.49.6D.6D.53.75.62
+ ; "maxImmSub"
+ id-restrictedBy = %x72.65.73.74.72.69.63.74.65.64.42.79
+ ; "restrictedBy"
+ id-classes = %x63.6C.61.73.73.65.73 ; "classes"
+
+ id-allUserAttributeTypesAndValues = %x61.6C.6C.55.73.65.72.41.74
+ %x74.72.69.62.75.74.65.54.79.70.65.73
+ %x41.6E.64.56.61.6C.75.65.73
+ ; "allUserAttributeTypesAndValues"
+
+ AttributeTypes = "{" sp AttributeType
+ *( "," sp AttributeType ) sp "}"
+
+ AttributeTypeAndValues = "{" sp AttributeTypeAndValue
+ *( "," sp AttributeTypeAndValue )
+ sp "}"
+
+ AttributeTypeAndValue = "{" sp atav-type ","
+ sp atav-value
+ sp "}"
+ atav-type = id-type msp AttributeType
+ atav-value = id-value msp Value
+ id-type = %x74.79.70.65 ; "type"
+ id-value = %x76.61.6C.75.65 ; "value"
+
+
+
+Legg Expires 16 December 2004 [Page 34]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ MaxValueCounts = "{" sp MaxValueCount
+ *( "," sp MaxValueCount ) sp "}"
+ MaxValueCount = "{" sp mvc-type ","
+ sp mvc-maxCount
+ sp "}"
+ mvc-type = id-type msp AttributeType
+ mvc-maxCount = id-maxCount msp INTEGER
+ id-maxCount = %x6D.61.78.43.6F.75.6E.74 ; "maxCount"
+
+ RestrictedValues = "{" sp RestrictedValue
+ *( "," sp RestrictedValue ) sp "}"
+ RestrictedValue = "{" sp rv-type ","
+ sp rv-valuesin
+ sp "}"
+ rv-type = id-type msp AttributeType
+ rv-valuesin = id-valuesin msp AttributeType
+ id-valuesin = %x76.61.6C.75.65.73.69.6E ; "valuesin"
+
+ GrantsAndDenials = "{" [ sp grantOrDeny
+ *( "," sp grantOrDeny ) ] sp "}"
+ grantOrDeny = id-grantAdd
+ / id-denyAdd
+ / id-grantDiscloseOnError
+ / id-denyDiscloseOnError
+ / id-grantRead
+ / id-denyRead
+ / id-grantRemove
+ / id-denyRemove
+ / id-grantBrowse
+ / id-denyBrowse
+ / id-grantExport
+ / id-denyExport
+ / id-grantImport
+ / id-denyImport
+ / id-grantModify
+ / id-denyModify
+ / id-grantRename
+ / id-denyRename
+ / id-grantReturnDN
+ / id-denyReturnDN
+ / id-grantCompare
+ / id-denyCompare
+ / id-grantFilterMatch
+ / id-denyFilterMatch
+ ; grantInvoke omitted
+ ; denyInvoke omitted
+
+ id-grantAdd = %x67.72.61.6E.74.41.64.64 ; "grantAdd"
+
+
+
+Legg Expires 16 December 2004 [Page 35]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ id-denyAdd = %x64.65.6E.79.41.64.64 ; "denyAdd"
+ id-grantBrowse = %x67.72.61.6E.74.42.72.6F.77.73.65
+ ; "grantBrowse"
+ id-denyBrowse = %x64.65.6E.79.42.72.6F.77.73.65 ; "denyBrowse"
+ id-grantCompare = %x67.72.61.6E.74.43.6F.6D.70.61.72.65
+ ; "grantCompare"
+ id-denyCompare = %x64.65.6E.79.43.6F.6D.70.61.72.65
+ ; "denyCompare"
+
+ id-grantDiscloseOnError = %x67.72.61.6E.74.44.69.73.63.6C.6F.73.65
+ %x4F.6E.45.72.72.6F.72
+ ; "grantDiscloseOnError"
+ id-denyDiscloseOnError = %x64.65.6E.79.44.69.73.63.6C.6F.73.65.4F
+ %x6E.45.72.72.6F.72
+ ; "denyDiscloseOnError"
+
+ id-grantExport = %x67.72.61.6E.74.45.78.70.6F.72.74
+ ; "grantExport"
+ id-denyExport = %x64.65.6E.79.45.78.70.6F.72.74
+ ; "denyExport"
+ id-grantFilterMatch = %x67.72.61.6E.74.46.69.6C.74.65.72.4D.61.74
+ %x63.68 ; "grantFilterMatch"
+ id-denyFilterMatch = %x64.65.6E.79.46.69.6C.74.65.72.4D.61.74.63
+ %x68 ; "denyFilterMatch"
+ id-grantImport = %x67.72.61.6E.74.49.6D.70.6F.72.74
+ ; "grantImport"
+ id-denyImport = %x64.65.6E.79.49.6D.70.6F.72.74
+ ; "denyImport"
+ id-grantModify = %x67.72.61.6E.74.4D.6F.64.69.66.79
+ ; "grantModify"
+ id-denyModify = %x64.65.6E.79.4D.6F.64.69.66.79
+ ; "denyModify"
+ id-grantRead = %x67.72.61.6E.74.52.65.61.64 ; "grantRead"
+ id-denyRead = %x64.65.6E.79.52.65.61.64 ; "denyRead"
+ id-grantRemove = %x67.72.61.6E.74.52.65.6D.6F.76.65
+ ; "grantRemove"
+ id-denyRemove = %x64.65.6E.79.52.65.6D.6F.76.65
+ ; "denyRemove"
+ id-grantRename = %x67.72.61.6E.74.52.65.6E.61.6D.65
+ ; "grantRename"
+ id-denyRename = %x64.65.6E.79.52.65.6E.61.6D.65
+ ; "denyRename"
+ id-grantReturnDN = %x67.72.61.6E.74.52.65.74.75.72.6E.44.4E
+ ; "grantReturnDN"
+ id-denyReturnDN = %x64.65.6E.79.52.65.74.75.72.6E.44.4E
+ ; "denyReturnDN"
+
+ The <sp>, <msp>, <sep>, <AttributeType>, <BIT-STRING>, <BOOLEAN>,
+
+
+
+Legg Expires 16 December 2004 [Page 36]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ <DirectoryString>, <DistinguishedName>, <EXTERNAL>, <INTEGER>,
+ <INTEGER-0-MAX> and <NULL> rules are described in [GCE].
+
+ The <SubtreeSpecification> and <Refinement> rules are described in
+ [SUBENTRY].
+
+ The <Value> rule is described in [GSER].
+
+ Filter = filter-item / filter-and / filter-or / filter-not
+ filter-item = id-item ":" FilterItem
+ filter-and = id-and ":" SetOfFilter
+ filter-or = id-or ":" SetOfFilter
+ filter-not = id-not ":" Filter
+ id-and = %x61.6E.64 ; "and"
+ id-item = %x69.74.65.6D ; "item"
+ id-not = %x6E.6F.74 ; "not"
+ id-or = %x6F.72 ; "or"
+
+ SetOfFilter = "{" [ sp Filter *( "," sp Filter ) ] sp "}"
+
+ FilterItem = fi-equality
+ / fi-substrings
+ / fi-greaterOrEqual
+ / fi-lessOrEqual
+ / fi-present
+ / fi-approximateMatch
+ / fi-extensibleMatch
+ ; contextPresent omitted
+
+ fi-equality = id-equality ":" AttributeValueAssertion
+ fi-substrings = id-substrings ":" SubstringsAssertion
+ fi-greaterOrEqual = id-greaterOrEqual ":"
+ AttributeValueAssertion
+ fi-lessOrEqual = id-lessOrEqual ":" AttributeValueAssertion
+ fi-present = id-present ":" AttributeType
+ fi-approximateMatch = id-approximateMatch ":"
+ AttributeValueAssertion
+ fi-extensibleMatch = id-extensibleMatch ":" MatchingRuleAssertion
+ id-equality = %x65.71.75.61.6C.69.74.79 ; "equality"
+ id-substrings = %x73.75.62.73.74.72.69.6E.67.73
+ ; "substrings"
+ id-greaterOrEqual = %x67.72.65.61.74.65.72.4F.72.45.71.75.61.6C
+ ; "greaterOrEqual"
+ id-lessOrEqual = %x6C.65.73.73.4F.72.45.71.75.61.6C
+ ; "lessOrEqual"
+ id-present = %x70.72.65.73.65.6E.74 ; "present"
+ id-approximateMatch = %x61.70.70.72.6F.78.69.6D.61.74.65.4D.61.74
+ %x63.68 ; "approximateMatch"
+
+
+
+Legg Expires 16 December 2004 [Page 37]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ id-extensibleMatch = %x65.78.74.65.6E.73.69.62.6C.65.4D.61.74.63
+ %x68 ; "extensibleMatch"
+
+ AttributeValueAssertion = "{" sp ava-type ","
+ sp ava-assertion
+ ; assertedContexts omitted
+ sp "}"
+
+ ava-type = id-type msp AttributeType
+ ava-assertion = id-assertion msp Value
+ id-assertion = %x61.73.73.65.72.74.69.6F.6E ; "assertion"
+
+ SubstringsAssertion = "{" sp sa-type ","
+ sp sa-strings
+ sp "}"
+
+ sa-type = id-type msp AttributeType
+ sa-strings = id-strings msp Substrings
+ id-strings = %x73.74.72.69.6E.67.73 ; "strings"
+
+ Substrings = "{" [ sp Substring *( "," sp Substring ) ] sp "}"
+ Substring = ss-initial
+ / ss-any
+ / ss-final
+ ; control omitted
+ ss-initial = id-initial ":" Value
+ ss-any = id-any ":" Value
+ ss-final = id-final ":" Value
+ id-initial = %x69.6E.69.74.69.61.6C ; "initial"
+ id-any = %x61.6E.79 ; "any"
+ id-final = %x66.69.6E.61.6C ; "final"
+
+ MatchingRuleAssertion = "{" sp mra-matchingRule
+ [ "," sp mra-type ]
+ "," sp mra-matchValue
+ [ "," sp mra-dnAttributes ]
+ sp "}"
+
+ mra-matchingRule = id-matchingRule msp MatchingRuleIds
+ mra-type = id-type msp AttributeType
+ mra-matchValue = id-matchValue msp Value
+ mra-dnAttributes = id-dnAttributes msp BOOLEAN
+ id-matchingRule = %x6D.61.74.63.68.69.6E.67.52.75.6C.65
+ ; "matchingRule"
+ id-matchValue = %x6D.61.74.63.68.56.61.6C.75.65 ; "matchValue"
+ id-dnAttributes = %x64.6E.41.74.74.72.69.62.75.74.65.73
+ ; "dnAttributes"
+
+
+
+
+Legg Expires 16 December 2004 [Page 38]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ MatchingRuleIds = "{" sp MatchingRuleId *( "," sp MatchingRuleId ) sp "}"
+ MatchingRuleId = OBJECT-IDENTIFIER
+
+ The <OBJECT-IDENTIFIER> rule is described in [GCE].
+
+Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC2251] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory
+ Access Protocol (v3)", RFC 2251, December 1997.
+
+ [RFC2252] Wahl, M., Coulbeck, A., Howes, T. and S. Kille,
+ "Lightweight Directory Access Protocol (v3): Attribute
+ Syntax Definitions", RFC 2252, December 1997.
+
+ [RFC2256] Wahl, M., "A Summary of the X.500(96) User Schema for use
+ with LDAPv3", RFC 2256, December 1997.
+
+ [RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access
+ Protocol (v3): Technical Specification", RFC 3377,
+ September 2002.
+
+ [BCP64] Zeilenga, K., "Internet Assigned Numbers
+ Authority (IANA) Considerations for the Lightweight
+ Directory Access Protcol (LDAP)", BCP 64, RFC 3383,
+ September 2002.
+
+ [GSER] Legg, S., "Generic String Encoding Rules for ASN.1 Types",
+ RFC 3641, October 2003.
+
+ [COLLECT] Zeilenga, K., "Collective Attributes in the Lightweight
+ Directory Access Protocol (LDAP)", RFC 3671, December
+ 2003.
+
+ [SUBENTRY] Zeilenga, K. and S. Legg, "Subentries in the Lightweight
+ Directory Access Protocol (LDAP)", RFC 3672, December
+ 2003.
+
+ [SCHEMA] Zeilenga, K., "Lightweight Directory Access Protocol
+ (LDAP): Additional Matching Rules", RFC 3698, February
+ 2004.
+
+ [ADMIN] Legg, S., "Lightweight Directory Access Protocol (LDAP):
+ Directory Administrative Model",
+ draft-legg-ldap-admin-xx.txt, a work in progress, June
+ 2004.
+
+
+
+Legg Expires 16 December 2004 [Page 39]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ [ACA] Legg, S., "Lightweight Directory Access Protocol (LDAP):
+ Access Control Administration",
+ draft-legg-ldap-acm-admin-xx.txt, a work in progress, June
+ 2004.
+
+ [FILTER] Zeilenga, K., "LDAP Absolute True and False Filters",
+ draft-zeilenga-ldap-t-f-xx.txt, a work in progress,
+ February 2004.
+
+ [ASN1] ITU-T Recommendation X.680 (07/02) | ISO/IEC 8824-1,
+ Information technology - Abstract Syntax Notation One
+ (ASN.1): Specification of basic notation
+
+Informative References
+
+ [RFC2234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
+ Specifications: ABNF", RFC 2234, November 1997.
+
+ [GCE] Legg, S., "Common Elements of Generic String Encoding
+ Rules (GSER) Encodings", RFC 3642, October 2003.
+
+ [X501] ITU-T Recommendation X.501 (02/01) | ISO/IEC 9594-2:2001,
+ Information technology - Open Systems Interconnection -
+ The Directory: Models
+
+ [X511] ITU-T Recommendation X.511 (02/01) | ISO/IEC 9594-3:2001,
+ Information technology - Open Systems Interconnection -
+ The Directory: Abstract service definition
+
+Author's Address
+
+ Steven Legg
+ Adacel Technologies Ltd.
+ 250 Bay Street
+ Brighton, Victoria 3186
+ AUSTRALIA
+
+ Phone: +61 3 8530 7710
+ Fax: +61 3 8530 7888
+ EMail: steven.legg at adacel.com.au
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2004). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+ This document and the information contained herein are provided on an
+
+
+
+Legg Expires 16 December 2004 [Page 40]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+Changes in Draft 01
+
+ The Internet draft draft-legg-ldap-acm-admin-00.txt has been split
+ into two drafts, draft-legg-ldap-admin-00.txt and
+ draft-legg-ldap-acm-admin-01.txt. Section 8 of
+ draft-legg-ldapext-component-matching-06.txt has been extracted to
+ become a separate Internet draft, draft-legg-ldap-gser-xx.txt. The
+ references in this document have been updated accordingly.
+
+ The term "native LDAP encoding" has been replaced by the term
+ "LDAP-specific encoding" to align with terminology anticipated to be
+ used in the revision of RFC 2252.
+
+ Changes have been made to the Search Operation Decision Points
+ (Section 3.4.3):
+
+ In 4) a), the assumed FilterMatch permission for a present match of
+
+
+
+Legg Expires 16 December 2004 [Page 41]
+�
+INTERNET-DRAFT Basic and Simplified Access Control June 16, 2004
+
+
+ the objectClass attribute has been removed. An LDAP search with a
+ True filter [FILTER] is the best analogue of the DAP read operation.
+ A True filter does not filter any attribute type and therefore does
+ not require FilterMatch permissions to succeed.
+
+ In 5) b) and c), there is an additional requirement for Read
+ permission for at least one attribute value before an attribute type
+ can be returned in a search result. Without this change a search
+ result could, in some circumstances, disclose the existence of
+ particular hidden attribute values.
+
+Changes in Draft 02
+
+ RFC 3377 replaces RFC 2251 as the reference for LDAP.
+
+ An IANA Considerations section has been added.
+
+Changes in Draft 03
+
+ The document has been reformatted in line with current practice.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Legg Expires 16 December 2004 [Page 42]
+�
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-admin-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-admin-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-admin-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,390 @@
+INTERNET-DRAFT S. Legg
+draft-legg-ldap-admin-02.txt Adacel Technologies
+Intended Category: Standards Track June 16, 2004
+
+
+ Lightweight Directory Access Protocol (LDAP):
+ Directory Administrative Model
+
+ Copyright (C) The Internet Society (2004). All Rights Reserved.
+
+ Status of this Memo
+
+
+ This document is an Internet-Draft and is in full conformance with
+ all provisions of Section 10 of RFC2026.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as
+ Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress".
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ Distribution of this document is unlimited. Comments should be sent
+ to the author.
+
+ This Internet-Draft expires on 16 December 2004.
+
+
+Abstract
+
+ This document adapts the X.500 directory administrative model for use
+ by the Lightweight Directory Access Protocol. The administrative
+ model partitions the Directory Information Tree for various aspects
+ of directory data administration, e.g., subschema, access control and
+ collective attributes. The generic framework that applies to every
+ aspect of administration is described in this document. The
+ definitions that apply for a specific aspect of administration, e.g.,
+ access control administration, are described in other documents.
+
+
+
+Legg Expires 16 December 2004 [Page 1]
+�
+INTERNET-DRAFT Directory Administrative Model June 16, 2004
+
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
+ 2. Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . 2
+ 3. Administrative Areas . . . . . . . . . . . . . . . . . . . . . 2
+ 4. Autonomous Administrative Areas. . . . . . . . . . . . . . . . 3
+ 5. Specific Administrative Areas. . . . . . . . . . . . . . . . . 3
+ 6. Inner Administrative Areas . . . . . . . . . . . . . . . . . . 4
+ 7. Administrative Entries . . . . . . . . . . . . . . . . . . . . 4
+ 8. Security Considerations. . . . . . . . . . . . . . . . . . . . 5
+ 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5
+ 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5
+ 10.1. Normative References. . . . . . . . . . . . . . . . . . 5
+ 10.2. Informative References. . . . . . . . . . . . . . . . . 5
+ 11. Author's Address . . . . . . . . . . . . . . . . . . . . . . . 6
+ Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 6
+
+1. Introduction
+
+ This document adapts the X.500 directory administrative model [X501]
+ for use by the Lightweight Directory Access Protocol (LDAP) [LDAP].
+ The administrative model partitions the Directory Information Tree
+ (DIT) for various aspects of directory data administration, e.g.,
+ subschema, access control and collective attributes. This document
+ provides the definitions for the generic parts of the administrative
+ model that apply to every aspect of directory data administration.
+
+ Sections 3 to 7, in conjunction with [SUBENTRY], describe the means
+ by which administrative authority is aportioned and exercised in the
+ DIT.
+
+ Aspects of administration that conform to the administrative model
+ described in this document are detailed elsewhere, e.g., access
+ control administration is described in [ACA] and collective attribute
+ administration is described in [COLLECT].
+
+ This document is derived from, and duplicates substantial portions
+ of, Sections 4 and 8 of X.501 [X501].
+
+2. Conventions
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14, RFC 2119
+ [RFC2119].
+
+3. Administrative Areas
+
+
+
+
+Legg Expires 16 December 2004 [Page 2]
+�
+INTERNET-DRAFT Directory Administrative Model June 16, 2004
+
+
+ An administrative area is a subtree of the DIT considered from the
+ perspective of administration. The root entry of the subtree is an
+ administrative point. An administrative point is represented by an
+ entry holding an administrativeRole attribute [SUBENTRY]. The values
+ of this attribute identify the kind of administrative point.
+
+4. Autonomous Administrative Areas
+
+ The DIT may be partitioned into one or more non-overlapping subtrees
+ termed autonomous administrative areas. It is expected that the
+ entries in an autonomous administrative area are all administered by
+ the same administrative authority.
+
+ An administrative authority may be responsible for several autonomous
+ administrative areas in separated parts of the DIT but it SHOULD NOT
+ arbitrarily partition the collection of entries under its control
+ into autonomous administrative areas (thus creating adjacent
+ autonomous areas administered by the same authority).
+
+ The root entry of an autonomous administrative area's subtree is
+ called an autonomous administrative point. An autonomous
+ administrative area extends from its autonomous administrative point
+ downwards until another autonomous administrative point is
+ encountered, at which point another autonomous administrative area
+ begins.
+
+5. Specific Administrative Areas
+
+ Entries in an administrative area may be considered in terms of a
+ specific administrative function. When viewed in this context, an
+ administrative area is termed a specific administrative area.
+
+ Examples of specific administrative areas are subschema specific
+ administrative areas, access control specific areas and collective
+ attribute specific areas.
+
+ An autonomous administrative area may be considered as implicitly
+ defining a single specific administrative area for each specific
+ aspect of administration. In this case, there is a precise
+ correspondence between each such specific administrative area and the
+ autonomous administrative area.
+
+ Alternatively, for each specific aspect of administration, the
+ autonomous administrative area may be partitioned into
+ non-overlapping specific administrative areas.
+
+ If so partitioned for a particular aspect of administration, each
+ entry of the autonomous administrative area is contained in one and
+
+
+
+Legg Expires 16 December 2004 [Page 3]
+�
+INTERNET-DRAFT Directory Administrative Model June 16, 2004
+
+
+ only one specific administrative area for that aspect, i.e., specific
+ administrative areas do not overlap.
+
+ The root entry of a specific administrative area's subtree is called
+ a specific administrative point. A specific administrative area
+ extends from its specific administrative point downwards until
+ another specific administrative point of the same administrative
+ aspect is encountered, at which point another specific administrative
+ area begins. Specific administrative areas are always bounded by the
+ autonomous administrative area they partition.
+
+ Where an autonomous administrative area is not partitioned for a
+ specific aspect of administration, the specific administrative area
+ for that aspect coincides with the autonomous administrative area.
+ In this case, the autonomous administrative point is also the
+ specific administrative point for this aspect of administration. A
+ particular administrative point may be the root of an autonomous
+ administrative area and may be the root of one or more specific
+ administrative areas for different aspects of administration.
+
+ It is not necessary for an administrative point to represent each
+ specific aspect of administrative authority. For example, there
+ might be an administrative point, subordinate to the root of the
+ autonomous administrative area, which is used for access control
+ purposes only.
+
+6. Inner Administrative Areas
+
+ For some aspects of administration, e.g., access control or
+ collective attributes, inner administrative areas may be defined
+ within the specific administrative areas, to allow a limited form of
+ delegation, or for administrative or operational convenience.
+
+ An inner administrative area may be nested within another inner
+ administrative area. The rules for nested inner areas are defined as
+ part of the definition of the specific administrative aspect for
+ which they are allowed.
+
+ The root entry of an inner administrative area's subtree is called an
+ inner administrative point. An inner administrative area (within a
+ specific administrative area) extends from its inner administrative
+ point downwards until a specific administrative point of the same
+ administrative aspect is encountered. An inner administrative area
+ is bounded by the specific administrative area within which it is
+ defined.
+
+7. Administrative Entries
+
+
+
+
+Legg Expires 16 December 2004 [Page 4]
+�
+INTERNET-DRAFT Directory Administrative Model June 16, 2004
+
+
+ An entry located at an administrative point is an administrative
+ entry. Administrative entries MAY have subentries [SUBENTRY] as
+ immediate subordinates. The administrative entry and its associated
+ subentries are used to control the entries encompassed by the
+ associated administrative area. Where inner administrative areas are
+ used, the scopes of these areas may overlap. Therefore, for each
+ specific aspect of administrative authority, a definition is required
+ of the method of combination of administrative information when it is
+ possible for entries to be included in more than one subtree or
+ subtree refinement associated with an inner area defined for that
+ aspect.
+
+8. Security Considerations
+
+ This document defines a generic framework for employing policy of
+ various kinds, e.g., access controls, to entries in the DIT. Such
+ policy can only be correctly enforced at a directory server holding a
+ replica of a portion of the DIT if the administrative entries for
+ administrative areas that overlap the portion of the DIT being
+ replicated, and the subentries of those administrative entries
+ relevant to any aspect of policy that is required to be enforced at
+ the replica, are included in the replicated information.
+
+ Administrative entries and subentries SHOULD be protected from
+ unauthorized examination or changes by appropriate access controls.
+
+9. Acknowledgements
+
+ This document is derived from, and duplicates substantial portions
+ of, Sections 4 and 8 of X.501 [X501].
+
+10. References
+
+10.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [LDAP] Hodges, J. and R. Morgan, "Lightweight Directory Access
+ Protocol (v3): Technical Specification", RFC 3377,
+ September 2002.
+
+ [SUBENTRY] Zeilenga, K. and S. Legg, "Subentries in the Lightweight
+ Directory Access Protocol (LDAP)", RFC 3672, December
+ 2003.
+
+10.2. Informative References
+
+
+
+
+Legg Expires 16 December 2004 [Page 5]
+�
+INTERNET-DRAFT Directory Administrative Model June 16, 2004
+
+
+ [COLLECT] Zeilenga, K., "Collective Attributes in the Lightweight
+ Directory Access Protocol (LDAP)", RFC 3671, December
+ 2003.
+
+ [ACA] Legg, S., "Lightweight Directory Access Protocol (LDAP):
+ Access Control Administration",
+ draft-legg-ldap-acm-admin-xx.txt, a work in progress, June
+ 2004.
+
+ [X501] ITU-T Recommendation X.501 (02/01) | ISO/IEC 9594-2:2001,
+ Information technology - Open Systems Interconnection -
+ The Directory: Models
+
+11. Author's Address
+
+ Steven Legg
+ Adacel Technologies Ltd.
+ 250 Bay Street
+ Brighton, Victoria 3186
+ AUSTRALIA
+
+ Phone: +61 3 8530 7710
+ Fax: +61 3 8530 7888
+ EMail: steven.legg at adacel.com.au
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2004). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+
+
+
+Legg Expires 16 December 2004 [Page 6]
+�
+INTERNET-DRAFT Directory Administrative Model June 16, 2004
+
+
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+Changes in Draft 00
+
+ This document reproduces Section 4 from
+ draft-legg-ldap-acm-admin-00.txt as a standalone document. All
+ changes made are purely editorial. No technical changes have been
+ introduced.
+
+Changes in Draft 01
+
+ RFC 3377 replaces RFC 2251 as the reference for LDAP.
+
+Changes in Draft 02
+
+ The document has been reformatted in line with current practice.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Legg Expires 16 December 2004 [Page 7]
+�
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-binary-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-binary-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-binary-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,507 @@
+
+
+
+
+
+
+INTERNET-DRAFT S. Legg
+draft-legg-ldap-binary-04.txt eB2Bcom
+Intended Category: Standards Track 30 January 2006
+
+
+ Lightweight Directory Access Protocol (LDAP):
+ The Binary Encoding Option
+
+ Copyright (C) The Internet Society (2006).
+
+ Status of this Memo
+
+ By submitting this Internet-draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as
+ Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress".
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+ Technical discussion of this document should take place on the IETF
+ LDAP Revision Working Group (LDAPbis) mailing list
+ <ietf-ldapbis at openldap.org>. Please send editorial comments directly
+ to the editor <steven.legg at eb2bcom.com>.
+
+ This Internet-Draft expires on 30 July 2006.
+
+Abstract
+
+ Each attribute stored in a Lightweight Directory Access Protocol
+ (LDAP) directory has a defined syntax (i.e., data type). A syntax
+ definition specifies how attribute values conforming to the syntax
+ are normally represented when transferred in LDAP operations. This
+ representation is referred to as the LDAP-specific encoding to
+ distinguish it from other methods of encoding attribute values. This
+
+
+
+Legg Expires 30 July 2006 [Page 1]
+�
+INTERNET-DRAFT LDAP: The Binary Encoding Option January 30, 2006
+
+
+ document defines an attribute option, the binary option, which can be
+ used to specify that the associated attribute values are instead
+ encoded according to the Basic Encoding Rules (BER) used by X.500
+ directories.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Legg Expires 30 July 2006 [Page 2]
+�
+INTERNET-DRAFT LDAP: The Binary Encoding Option January 30, 2006
+
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 2. Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . 4
+ 3. The binary Option. . . . . . . . . . . . . . . . . . . . . . . 4
+ 4. Syntaxes Requiring Binary Transfer . . . . . . . . . . . . . . 4
+ 5. Attributes Returned in a Search. . . . . . . . . . . . . . . . 5
+ 6. All User Attributes. . . . . . . . . . . . . . . . . . . . . . 6
+ 7. Conflicting Requests . . . . . . . . . . . . . . . . . . . . . 6
+ 8. Security Considerations. . . . . . . . . . . . . . . . . . . . 6
+ 9. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 6
+ 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
+ 10.1. Normative References. . . . . . . . . . . . . . . . . . 7
+ 10.2. Informative References. . . . . . . . . . . . . . . . . 7
+ Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8
+ Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 8
+
+1. Introduction
+
+ Each attribute stored in a Lightweight Directory Access Protocol
+ (LDAP) directory [ROADMAP] has a defined syntax (i.e., data type)
+ which constrains the structure and format of its values.
+
+ The description of each syntax [SYNTAX] specifies how attribute or
+ assertion values [MODELS] conforming to the syntax are normally
+ represented when transferred in LDAP operations [PROT]. This
+ representation is referred to as the LDAP-specific encoding to
+ distinguish it from other methods of encoding attribute values.
+
+ This document defines an attribute option, the binary option, which
+ can be used in an attribute description [MODELS] in an LDAP operation
+ to specify that the associated attribute values or assertion values
+ are, or are requested to be, encoded according to the Basic Encoding
+ Rules (BER) [BER] as used by X.500 [X.500] directories, instead of
+ the usual LDAP-specific encoding.
+
+ The binary option was originally defined in RFC 2251 [RFC2251]. The
+ LDAP technical specification [ROADMAP] has obsoleted the previously
+ defined LDAP technical specification [RFC3377], which included RFC
+ 2251. The binary option was not included in the revised LDAP
+ technical specification for a variety of reasons including
+ implementation inconsistencies. No attempt is made here to resolve
+ the known inconsistencies.
+
+ This document reintroduces the binary option for use with certain
+ attribute syntaxes, such as certificate syntax [PKI], which
+ specifically require it. No attempt has been made to address use of
+ the binary option with attributes of syntaxes which do not require
+
+
+
+Legg Expires 30 July 2006 [Page 3]
+�
+INTERNET-DRAFT LDAP: The Binary Encoding Option January 30, 2006
+
+
+ its use. Unless addressed in a future specification, this use is to
+ be avoided.
+
+
+2. Conventions
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14, RFC 2119
+ [BCP14].
+
+3. The binary Option
+
+ The binary option is indicated with the attribute option string
+ "binary" in an attribute description. Note that, like all attribute
+ options, the string representing the binary option is case
+ insensitive.
+
+ Where the binary option is present in an attribute description the
+ associated attribute values or assertion values MUST be BER encoded
+ (otherwise the values are encoded according to the LDAP-specific
+ encoding [SYNTAX] for the attribute's syntax). Note that it is
+ possible for a syntax to be defined such that its LDAP-specific
+ encoding is exactly the same as its BER encoding.
+
+ In terms of the protocol [PROT], the binary option specifies that the
+ contents octets of the associated AttributeValue or AssertionValue
+ OCTET STRING are a complete BER encoding of the relevant value.
+
+ The binary option is not a tagging option [MODELS] so the presence of
+ the binary option does not specify an attribute subtype. An
+ attribute description containing the binary option references exactly
+ the same attribute as the attribute description without the binary
+ option. The supertype/subtype relationships of attributes with
+ tagging options are not altered in any way by the presence or absence
+ of the binary option.
+
+ An attribute description SHALL be treated as unrecognized if it
+ contains the binary option and the syntax of the attribute does not
+ have an associated ASN.1 type [SYNTAX], or the BER encoding of values
+ of that type is not supported.
+
+ The presence or absence of the binary option only affects the
+ transfer of attribute and assertion values in protocol; servers store
+ any particular attribute value in a format of their choosing.
+
+4. Syntaxes Requiring Binary Transfer
+
+
+
+
+Legg Expires 30 July 2006 [Page 4]
+�
+INTERNET-DRAFT LDAP: The Binary Encoding Option January 30, 2006
+
+
+ The attribute values of certain attribute syntaxes are defined
+ without an LDAP-specific encoding and are required to be transferred
+ in the BER encoded form. For the purposes of this document, these
+ syntaxes are said to have a binary transfer requirement. The
+ Certificate, Certificate List, Certificate Pair and Supported
+ Algorithm syntaxes [PKI] are examples of syntaxes with a binary
+ transfer requirement. These syntaxes also have an additional
+ requirement that the exact BER encoding must be preserved. Note that
+ this is a property of the syntaxes themselves, and not a property of
+ the binary option. In the absence of this requirement, LDAP clients
+ would need to re-encode values using the Distinguished Encoding Rules
+ (DER).
+
+5. Attributes Returned in a Search
+
+ An LDAP search request [PROT] contains a list of the attributes (the
+ requested attributes list) to be returned from each entry matching
+ the search filter. An attribute description in the requested
+ attributes list also implicitly requests all subtypes of the
+ attribute type in the attribute description, whether through
+ attribute subtyping or attribute tagging option subtyping [MODELS].
+
+ The requested attributes list MAY contain attribute descriptions with
+ the binary option, but MUST NOT contain two attribute descriptions
+ with the same attribute type and the same tagging options (even if
+ only one of them has the binary option). The binary option in an
+ attribute description in the requested attributes list implicitly
+ applies to all the subtypes of the attribute type in the attribute
+ description (however, see Section 7).
+
+ Attributes of a syntax with the binary transfer requirement, if
+ returned, SHALL be returned in the binary form, i.e., with the binary
+ option in the attribute description and the associated attribute
+ values BER encoded, regardless of whether the binary option was
+ present in the request (for the attribute or for one of its
+ supertypes).
+
+ Attributes of a syntax without the binary transfer requirement, if
+ returned, SHOULD be returned in the form explicitly requested. That
+ is, if the attribute description in the requested attributes list
+ contains the binary option then the corresponding attribute in the
+ result SHOULD be in the binary form. If the attribute description in
+ the request does not contain the binary option then the corresponding
+ attribute in the result SHOULD NOT be in the binary form. A server
+ MAY omit an attribute from the result if it does not support the
+ requested encoding.
+
+ Regardless of the encoding chosen, a particular attribute value is
+
+
+
+Legg Expires 30 July 2006 [Page 5]
+�
+INTERNET-DRAFT LDAP: The Binary Encoding Option January 30, 2006
+
+
+ returned at most once.
+
+6. All User Attributes
+
+ If the list of attributes in a search request is empty, or contains
+ the special attribute description string "*", then all user
+ attributes are requested to be returned.
+
+ Attributes of a syntax with the binary transfer requirement, if
+ returned, SHALL be returned in the binary form.
+
+ Attributes of a syntax without the binary transfer requirement and
+ having a defined LDAP-specific encoding SHOULD NOT be returned in the
+ binary form.
+
+ Attributes of a syntax without the binary transfer requirement and
+ without a defined LDAP-specific encoding may be returned in the
+ binary form or omitted from the result.
+
+7. Conflicting Requests
+
+ A particular attribute could be explicitly requested by an attribute
+ description and/or implicitly requested by the attribute descriptions
+ of one or more of its supertypes, or by the special attribute
+ description string "*". If the binary option is not present in all
+ these attribute descriptions, nor absent in all these attribute
+ descriptions, then the effect of the request with respect to binary
+ transfer is implementation defined.
+
+8. Security Considerations
+
+ When interpreting security-sensitive fields, and in particular fields
+ used to grant or deny access, implementations MUST ensure that any
+ matching rule comparisons are done on the underlying abstract value,
+ regardless of the particular encoding used.
+
+9. IANA Considerations
+
+ The Internet Assigned Numbers Authority (IANA) is requested to update
+ the LDAP attribute description option registry [BCP64] as indicated
+ by the following template:
+
+ Subject:
+ Request for LDAP Attribute Description Option Registration
+ Option Name: binary
+ Family of Options: NO
+ Person & email address to contact for further information:
+ Steven Legg <steven.legg at eb2bcom.com>
+
+
+
+Legg Expires 30 July 2006 [Page 6]
+�
+INTERNET-DRAFT LDAP: The Binary Encoding Option January 30, 2006
+
+
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments: The existing registration for "binary"
+ should be updated to refer to RFC XXXX.
+
+10. References
+
+10.1. Normative References
+
+ [BCP14] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [BCP64] Zeilenga, K., "Internet Assigned Numbers Authority (IANA)
+ Considerations for the Lightweight Directory Access
+ Protocol (LDAP)", BCP 64, RFC 3383, September 2002.
+
+ [ROADMAP] Zeilenga, K., "Lightweight Directory Access Protocol
+ (LDAP): Technical Specification Road Map",
+ draft-ietf-ldapbis-roadmap-xx.txt, a work in progress,
+ February 2005.
+
+ [MODELS] Zeilenga, K., "LDAP: Directory Information Models",
+ draft-ietf-ldapbis-models-xx.txt, a work in progress,
+ February 2005.
+
+ [PROT] Sermersheim, J., "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress,
+ October 2005.
+
+ [SYNTAX] Legg, S., "Lightweight Directory Access Protocol (LDAP):
+ Syntaxes and Matching Rules",
+ draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress,
+ June 2005.
+
+ [PKI] Zeilenga, Kurt D., "Lightweight Directory Access Protocol
+ (LDAP) schema definitions for X.509 Certificates",
+ draft-zeilenga-ldap-x509-xx.txt, a work in progress, July
+ 2005.
+
+ [BER] ITU-T Recommendation X.690 (07/02) | ISO/IEC 8825-1,
+ Information Technology - ASN.1 encoding rules:
+ Specification of Basic Encoding Rules (BER), Canonical
+ Encoding Rules (CER) and Distinguished Encoding Rules
+ (DER).
+
+10.2. Informative References
+
+ [RFC2251] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory
+
+
+
+Legg Expires 30 July 2006 [Page 7]
+�
+INTERNET-DRAFT LDAP: The Binary Encoding Option January 30, 2006
+
+
+ Access Protocol (v3)", RFC 2251, December 1997.
+
+ [RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access
+ Protocol (v3): Technical Specification", RFC 3377,
+ September 2002.
+
+ [X.500] ITU-T Recommendation X.500 (02/01) | ISO/IEC 9594-1:2001,
+ Information technology - Open Systems Interconnection -
+ The Directory: Overview of concepts, models and services
+
+Author's Address
+
+ Dr. Steven Legg
+ eB2Bcom
+ Suite 3, Woodhouse Corporate Centre
+ 935 Station Street
+ Box Hill North, Victoria 3129
+ AUSTRALIA
+
+ Phone: +61 3 9896 7830
+ Fax: +61 3 9896 7801
+ EMail: steven.legg at eb2bcom.com
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+
+
+
+Legg Expires 30 July 2006 [Page 8]
+�
+INTERNET-DRAFT LDAP: The Binary Encoding Option January 30, 2006
+
+
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Legg Expires 30 July 2006 [Page 9]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-transfer-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-transfer-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-legg-ldap-transfer-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,614 @@
+INTERNET-DRAFT S. Legg
+draft-legg-ldap-transfer-03.txt Adacel Technologies
+Intended Category: Standards Track 16 June 2004
+Updates: RFC 2252bis
+
+
+ Lightweight Directory Access Protocol (LDAP):
+ Transfer Encoding Options
+
+ Copyright (C) The Internet Society (2004). All Rights Reserved.
+
+ Status of this Memo
+
+
+ This document is an Internet-Draft and is in full conformance with
+ all provisions of Section 10 of RFC2026.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as
+ Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress".
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor as a Standard Track document.
+ Distribution of this document is unlimited. Technical discussion of
+ this document should take place on the IETF LDAP Revision Working
+ Group (LDAPbis) mailing list <ietf-ldapbis at openldap.org>. Please
+ send editorial comments directly to the editor
+ <steven.legg at adacel.com.au>.
+
+ This Internet-Draft expires on 16 December 2004.
+
+
+Abstract
+
+ Each attribute stored in a Lightweight Directory Access Protocol
+ (LDAP) directory has a defined syntax (i.e., data type). A syntax
+
+
+
+Legg Expires 16 December 2004 [Page 1]
+�
+INTERNET-DRAFT LDAP: Transfer Encoding Options June 16, 2004
+
+
+ definition specifies how attribute values conforming to the syntax
+ are normally represented when transferred in LDAP operations. This
+ representation is referred to as the LDAP-specific encoding to
+ distinguish it from other methods of encoding attribute values. This
+ document introduces a new category of attribute options, called
+ transfer encoding options, which can be used to specify that the
+ associated attribute values are encoded according to one of these
+ other methods.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Legg Expires 16 December 2004 [Page 2]
+�
+INTERNET-DRAFT LDAP: Transfer Encoding Options June 16, 2004
+
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 2. Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 3. Transfer Encoding Options. . . . . . . . . . . . . . . . . . . 4
+ 4. Defined Transfer Encoding Options. . . . . . . . . . . . . . . 5
+ 5. Attributes Returned in a Search. . . . . . . . . . . . . . . . 6
+ 6. Syntaxes Requiring Binary Transfer . . . . . . . . . . . . . . 7
+ 7. Security Considerations. . . . . . . . . . . . . . . . . . . . 7
+ 8. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 8
+ 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
+ 9.1. Normative References . . . . . . . . . . . . . . . . . . 9
+ 9.2. Informative References . . . . . . . . . . . . . . . . . 10
+ Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 10
+ Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 10
+
+1. Introduction
+
+ Each attribute stored in a Lightweight Directory Access Protocol
+ (LDAP) directory [ROADMAP] has a defined syntax (i.e., data type)
+ which constrains the structure and format of its values.
+
+ The description of each syntax [SYNTAX] specifies how attribute or
+ assertion values [MODELS] conforming to the syntax are normally
+ represented when transferred in LDAP operations [PROT]. This
+ representation is referred to as the LDAP-specific encoding to
+ distinguish it from other methods of encoding attribute values.
+
+ This document introduces a new category of attribute options
+ [MODELS], called transfer encoding options, that allow attribute and
+ assertion values to be transferred using an alternative method of
+ encoding. This document defines several transfer encoding options
+ which can be used in an attribute description [MODELS] in an LDAP
+ operation to specify that the associated attribute values or
+ assertion value are, or are requested to be, encoded according to
+ specific Abstract Syntax Notation One (ASN.1) [X680] encoding rules,
+ instead of the usual LDAP-specific encoding. One option in
+ particular allows Extensible Markup Language (XML) [XML] encodings.
+
+2. Conventions
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14, RFC 2119
+ [KEYWORD].
+
+ This specification makes use of definitions from the XML Information
+ Set (Infoset) [ISET]. In particular, information item property names
+
+
+
+Legg Expires 16 December 2004 [Page 3]
+�
+INTERNET-DRAFT LDAP: Transfer Encoding Options June 16, 2004
+
+
+ are presented per the Infoset, e.g., [local name].
+
+3. Transfer Encoding Options
+
+ Transfer encoding options enable attribute and assertion values to be
+ transferred using an alternative method of encoding to the default
+ LDAP-specific encoding. In fact, some attribute and assertion
+ syntaxes do not have a defined LDAP-specific encoding in which case
+ the only way values of those syntaxes can be transferred is by using
+ an alternative encoding.
+
+ The binary option [BINARY] is not formally regarded as a transfer
+ encoding option, though it has much in common with transfer encoding
+ options. The requirements governing the use of transfer encoding
+ options do not apply to the binary option. The requirements
+ governing the use of the binary option are described elsewhere
+ [BINARY].
+
+ In terms of the protocol [PROT], a transfer encoding option specifies
+ that the contents octets of an associated AttributeValue or
+ AssertionValue OCTET STRING are a complete encoding of the relevant
+ value according to the encoding method specified by the option.
+
+ Where a transfer encoding option is present in an attribute
+ description the associated attribute values or assertion value MUST
+ be encoded according to the encoding method corresponding to the
+ option. Note that it is possible for a syntax to be defined such
+ that its LDAP-specific encoding is exactly the same as its encoding
+ according to some transfer encoding option (e.g., the LDAP-specific
+ encoding might be defined to be the same as the BER encoding).
+
+ Transfer encoding options are mutually exclusive. An attribute
+ description SHALL NOT contain more than one transfer encoding option,
+ and SHALL NOT contain both a transfer encoding option and the binary
+ option.
+
+ Transfer encoding options are not tagging options [MODELS] so the
+ presence of a transfer encoding option does not specify an attribute
+ subtype. An attribute description containing a transfer encoding
+ option references exactly the same attribute as the same attribute
+ description without the transfer encoding option. The
+ supertype/subtype relationships of attributes with tagging options
+ are not altered in any way by the presence or absence of transfer
+ encoding options.
+
+ An attribute description SHALL be treated as unrecognized if it
+ contains a transfer encoding option and the syntax of the attribute
+ does not have an associated ASN.1 type [SYNTAX], or if the nominated
+
+
+
+Legg Expires 16 December 2004 [Page 4]
+�
+INTERNET-DRAFT LDAP: Transfer Encoding Options June 16, 2004
+
+
+ encoding is not supported for that type.
+
+ The presence or absence of a transfer encoding option only affects
+ the transfer of attribute and assertion values in protocol; servers
+ store any particular attribute value in a single format of their
+ choosing.
+
+4. Defined Transfer Encoding Options
+
+ The attribute option string "transfer-ber" specifies that the
+ associated attribute values or assertion value are (to be) encoded
+ according to the Basic Encoding Rules [X690] of ASN.1. This option
+ is similar to the binary option [BINARY], however servers are more
+ restricted in when they can use "transfer-ber" which leads to more
+ predictability in the results returned to clients who request
+ "transfer-ber".
+
+ The attribute option string "transfer-der" specifies that the
+ associated attribute values or assertion value are (to be) encoded
+ according to the Distinguished Encoding Rules [X690] of ASN.1.
+
+ The attribute option string "transfer-gser" specifies that the
+ associated attribute values or assertion value are (to be) encoded
+ according to the Generic String Encoding Rules (GSER) [RFC3641].
+
+ The attribute option string "transfer-rxer" specifies that the
+ associated attribute values or assertion value are (to be) encoded as
+ an XML document [XML]. The [local name] of the [document element] of
+ the document information item representing the associated value SHALL
+ be the identifier of the NamedType [X680] in the LDAP ASN.1
+ specification [PROT] defining the associated attribute value or
+ assertion value, or "item" if the associated value isn't in a
+ NamedType. This means:
+
+ - for an AttributeValue the identifier is "value" in every case,
+
+ - for an AssertionValue in an AttributeValueAssertion the identifier
+ is "assertionValue",
+
+ - for an AssertionValue in a SubstringFilter the identifier is
+ "initial", "any" or "final", as appropriate,
+
+ - for an AssertionValue in a MatchingRuleAssertion the identifier is
+ "matchValue".
+
+ The [namespace name] of the [document element] SHALL have no value.
+ The content of the [document element] is the Robust XML Encoding
+ Rules (RXER) [RXER] encoding of the associated attribute or assertion
+
+
+
+Legg Expires 16 December 2004 [Page 5]
+�
+INTERNET-DRAFT LDAP: Transfer Encoding Options June 16, 2004
+
+
+ value. Note that the enclosing element for the RXER encoding has the
+ form it would take in an XLDAP operation [XLDAP].
+
+ Note that, like all attribute options, the strings representing
+ transfer encoding options are case insensitive.
+
+ All future registrations of option strings for transfer encoding
+ options should use the "transfer-" prefix so that LDAP clients and
+ servers can recognize that an option is a transfer encoding option
+ even though the particular encoding rules may be unrecognized.
+
+5. Attributes Returned in a Search
+
+ An LDAP search request [PROT] contains a list of the attributes (the
+ requested attributes list) to be returned from each entry matching
+ the search filter. An attribute description in the requested
+ attributes list also implicitly requests all subtypes of the
+ attribute type in the attribute description, whether through
+ attribute subtyping or attribute tagging option subtyping [MODELS].
+
+ The requested attributes list MAY contain attribute descriptions with
+ a transfer encoding option, but MUST NOT contain two attribute
+ descriptions with the same attribute type and the same tagging
+ options (even if only one of them has a transfer encoding option). A
+ transfer encoding option in an attribute description in the requested
+ attributes list implicitly applies to the subtypes of the attribute
+ type in the attribute description.
+
+ If the list of attributes in a search request is empty, or contains
+ the special attribute description string "*", then all user
+ attributes are requested to be returned.
+
+ In general, it is possible for a particular attribute to be
+ explicitly requested by an attribute description and/or implicitly
+ requested by the attribute descriptions of one or more of its
+ supertypes. In such cases the effective transfer encoding being
+ requested for a particular attribute is determined by the transfer
+ encoding option (or lack thereof) in the most specific attribute
+ description in the requested attributes list that applies to the
+ attribute.
+
+ An applicable attribute description with an actual attribute type is
+ more specific than the special attribute description string "*".
+
+ If the attribute type of one applicable attribute description is a
+ direct or indirect subtype of the attribute type in another
+ applicable attribute description then the former attribute
+ description is more specific than the latter attribute description.
+
+
+
+Legg Expires 16 December 2004 [Page 6]
+�
+INTERNET-DRAFT LDAP: Transfer Encoding Options June 16, 2004
+
+
+ If two applicable attribute descriptions have the same attribute type
+ and the tagging options of one attribute description are a superset
+ of the tagging options of the other attribute description then the
+ former attribute description is more specific than the latter
+ attribute description.
+
+ Attributes MUST either be returned in the effective transfer encoding
+ requested, be returned with no attribute values, or be omitted from
+ the results. An attribute SHALL NOT be returned using an encoding
+ other than the effective transfer encoding requested.
+
+ Regardless of the encoding chosen, a particular attribute value is
+ returned at most once.
+
+6. Syntaxes Requiring Binary Transfer
+
+ Certain syntaxes are required to be transferred in the BER encoded
+ form. These syntaxes are said to have a binary transfer requirement.
+ The Certificate, Certificate List, Certificate Pair and Supported
+ Algorithm syntaxes [PKI] are examples of syntaxes with a binary
+ transfer requirement. These syntaxes also have an additional
+ requirement that the exact BER encoding must be preserved. Note that
+ this is a property of the syntaxes themselves, and not a property of
+ the binary option or any of the transfer encoding options.
+
+ Transfer encoding options SHALL take precedence over the requirement
+ for binary transfer. For example, if the effective transfer encoding
+ requested is say "transfer-gser", then attribute values of a syntax
+ with a binary transfer requirement will be GSER encoded. In the
+ absence of a transfer encoding option the normal rules on binary
+ transfer and the use of the binary option SHALL apply.
+
+7. Security Considerations
+
+ There is a requirement on some attribute syntaxes that the exact BER
+ encoding of values of that syntax be preserved. In general, a
+ transformation from the BER encoding into some other encoding (e.g.,
+ GSER) and back into the BER encoding will not necessarily reproduce
+ exactly the octets of the original BER encoding.
+
+ Applications needing the original BER encoding to be preserved, e.g.,
+ for the verification of digital signatures, MUST NOT request
+ attributes with such a requirement using a transfer encoding option.
+ These attributes MUST be requested explicitly or implicitly with the
+ binary option, or implicitly without the binary option (or any
+ transfer encoding option).
+
+ When interpreting security-sensitive fields, and in particular fields
+
+
+
+Legg Expires 16 December 2004 [Page 7]
+�
+INTERNET-DRAFT LDAP: Transfer Encoding Options June 16, 2004
+
+
+ used to grant or deny access, implementations MUST ensure that any
+ matching rule comparisons are done on the underlying abstract value,
+ regardless of the particular encoding used.
+
+8. IANA Considerations
+
+ The Internet Assigned Numbers Authority (IANA) is requested to update
+ the LDAP attribute description option registry [BCP64] as indicated
+ by the following templates:
+
+ Subject: Request for
+ LDAP Attribute Description Option Registration
+ Option Name: transfer-ber
+ Family of Options: NO
+ Person & email address to contact for further information:
+ Steven Legg <steven.legg at adacel.com.au>
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+
+ Subject: Request for
+ LDAP Attribute Description Option Registration
+ Option Name: transfer-der
+ Family of Options: NO
+ Person & email address to contact for further information:
+ Steven Legg <steven.legg at adacel.com.au>
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+
+ Subject: Request for
+ LDAP Attribute Description Option Registration
+ Option Name: transfer-gser
+ Family of Options: NO
+ Person & email address to contact for further information:
+ Steven Legg <steven.legg at adacel.com.au>
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+
+ Subject: Request for
+ LDAP Attribute Description Option Registration
+ Option Name: transfer-rxer
+ Family of Options: NO
+ Person & email address to contact for further information:
+ Steven Legg <steven.legg at adacel.com.au>
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+
+
+Legg Expires 16 December 2004 [Page 8]
+�
+INTERNET-DRAFT LDAP: Transfer Encoding Options June 16, 2004
+
+
+ Comments:
+
+9. References
+
+9.1. Normative References
+
+ [KEYWORD] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [BCP64] Zeilenga, K., "Internet Assigned Numbers Authority (IANA)
+ Considerations for the Lightweight Directory Access
+ Protcol (LDAP)", BCP 64, RFC 3383, September 2002.
+
+ [ROADMAP] Zeilenga, K., "Lightweight Directory Access Protocol
+ (LDAP): Technical Specification Road Map",
+ draft-ietf-ldapbis-roadmap-xx.txt, a work in progress,
+ June 2004.
+
+ [MODELS] Zeilenga, K., "LDAP: Directory Information Models",
+ draft-ietf-ldapbis-models-xx.txt, a work in progress, June
+ 2004.
+
+ [PROT] Sermersheim, J., "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress,
+ May 2004.
+
+ [SYNTAX] Legg, S. and K. Dally, "Lightweight Directory Access
+ Protocol (LDAP): Syntaxes and Matching Rules",
+ draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress,
+ May 2004.
+
+ [RFC3641] Legg, S., "Generic String Encoding Rules (GSER) for ASN.1
+ Types", RFC 3641, October 2003.
+
+ [BINARY] Legg, S., "Lightweight Directory Access Protocol (LDAP):
+ The Binary Encoding Option",
+ draft-legg-ldap-binary-xx.txt, a work in progress, June
+ 2004.
+
+ [RXER] Legg, S. and D. Prager, "Robust XML Encoding Rules for
+ ASN.1 Types", draft-legg-xed-rxer-00.txt, a work in
+ progress, June 2004.
+
+ [X680] ITU-T Recommendation X.680 (07/02) | ISO/IEC 8824-1,
+ Information technology - Abstract Syntax Notation One
+ (ASN.1): Specification of basic notation.
+
+ [X690] ITU-T Recommendation X.690 (07/02) | ISO/IEC 8825-1,
+
+
+
+Legg Expires 16 December 2004 [Page 9]
+�
+INTERNET-DRAFT LDAP: Transfer Encoding Options June 16, 2004
+
+
+ Information Technology - ASN.1 encoding rules:
+ Specification of Basic Encoding Rules (BER), Canonical
+ Encoding Rules (CER) and Distinguished Encoding Rules
+ (DER).
+
+ [XML] Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E. and
+ F. Yergeau, "Extensible Markup Language (XML) 1.0 (Third
+ Edition)", W3C Recommendation,
+ http://www.w3.org/TR/2004/REC-xml-20040204, February 2004.
+
+ [ISET] Cowan, J. and R. Tobin, "XML Information Set",
+ http://www.w3.org/TR/2001/REC-xml-infoset-20011024,
+ October 2001.
+
+9.2. Informative References
+
+ [XLDAP] Legg, S. and D. Prager, "The XML Enabled Directory:
+ Protocols", draft-legg-xed-protocols-xx.txt, a work in
+ progress, May 2004.
+
+Author's Address
+
+ Steven Legg
+ Adacel Technologies Ltd.
+ 250 Bay Street
+ Brighton, Victoria 3186
+ AUSTRALIA
+
+ Phone: +61 3 8530 7710
+ Fax: +61 3 8530 7888
+ Email: steven.legg at adacel.com.au
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2004). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+
+
+
+Legg Expires 16 December 2004 [Page 10]
+�
+INTERNET-DRAFT LDAP: Transfer Encoding Options June 16, 2004
+
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+Changes in Draft 01
+
+ A transfer encoding option for RXER has been added.
+
+Changes in Draft 02
+
+ The local name of the root element of the XML document representing
+ an attribute value encoded according to the transfer-rxer encoding
+ option has been changed from "item" to "value" to align with
+ revisions to the LDAP protocol specification [PROT].
+
+ The Directory XML Encoding Rules (DXER) have been renamed to the
+ Robust XML Encoding Rules (RXER).
+
+Changes in Draft 03
+
+ The special attribute description strings that consist of the
+ asterisk character followed by a transfer encoding option, e.g.,
+ "*;transfer-ber", "*;transfer-gser", have been removed from this
+ specification. An LDAP control will be defined in a separate
+ document to provide equivalent functionality.
+
+
+
+
+
+
+
+
+Legg Expires 16 December 2004 [Page 11]
+�
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-chaining-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-chaining-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-chaining-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,406 @@
+
+Internet Draft J. Sermersheim
+Personal Submission R. Harrison
+Intended Category: Standard Track Novell, Inc
+Document: draft-sermersheim-ldap-chaining-02.txt Feb 2004
+
+
+
+ LDAP Control to Specify Chaining Behavior
+
+
+Status of this Memo
+
+ This document is an Internet-Draft and is in full conformance with
+ all provisions of Section 10 of RFC2026.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ Distribution of this memo is unlimited. Technical discussion of this
+ document will take place on the IETF LDAP Extensions Working Group
+ mailing list <ldapext at ietf.org>. Editorial comments may be sent to
+ the author <jimse at novell.com>.
+
+
+Abstract
+
+ This document describes a Lightweight Directory Access Protocol
+ (LDAP) request control that allows specification of chaining behavior
+ for LDAP operations. By using the control with various LDAP
+ operations, a directory client (DUA), or directory server (DSA)
+ specifies whether or not a DSA or secondary DSA chains operations to
+ other DSAs or returns referrals and/or search result references to
+ the client.
+
+
+1. Introduction
+
+ Many directory servers have the ability through the use of various
+ mechanisms to participate in a distributed directory model. A
+ distributed directory is one where the DIT is distributed over
+ multiple DSAs. One operation completion mechanism used by DSAs in a
+ distributed directory is chaining. Chaining is defined in [X.518],
+ and is the act of one DSA communicating a directory operation that
+
+Sermersheim, Harrison Internet-Draft - Exp. Aug 2004 Page 1 �
+ LDAP Control to Specify Chaining Behavior
+
+ originated from a DUA to another DSA in a distributed directory.
+ Contrast this with the act of passing referrals (4.1.11 of [RFC2251])
+ and SearchResultReferences (4.5.2 of [RFC2251]) back to the client.
+ Chaining may happen during the name resolution part of an operation
+ or during other parts of operations like search which apply to a
+ number of entries in a subtree.
+
+ This document does not attempt to define the distributed directory
+ model, nor does it attempt to define the manner in which DSAs chain
+ requests. This document defines a request control that the client can
+ use to specify whether parts of an operation should or should not be
+ chained.
+
+
+2. Conventions
+
+ The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY"
+ used in this document carry the meanings described in [RFC2119].
+
+ The term chaining may apply to uni-chaining as well as multi-chaining
+ (see [X.518]) depending on the capabilities and configuration of the
+ DSAs.
+
+
+3. The Control
+
+ Support for the control is advertised by the presence of its
+ controlType in the supportedControl attribute of a server's root DSE.
+
+ This control MAY be included in any LDAP request operation except
+ abandon, unbind, and StartTLS as part of the controls field of the
+ LDAPMessage, as defined in Section 4.1.12 of [RFC2251]:
+
+ The controlType is set to <IANA-ASSIGNED-OID.1>. The criticality MAY
+ be set to either TRUE or FALSE. The controlValue is an OCTET STRING,
+ whose value is the following ChainingBehavior type, BER encoded
+ following the rules in Section 5.1 of [RFC2251]:
+
+ ChainingBehavior ::= SEQUENCE {
+ resolveBehavior Behavior OPTIONAL,
+ continuationBehavior Behavior OPTIONAL }
+
+ Behavior :: = ENUMERATED {
+ chainingPreferred (0),
+ chainingRequired (1),
+ referralsPreferred (2),
+ referralsRequired (3) }
+
+ resolveBehavior instructs the DSA what to do when a referral is
+ encountered during the local name resolution part of an operation. If
+ this field is not specified, other policy dictates the DSA's
+ behavior.
+
+
+
+Sermersheim, Harrison Internet-Draft - Exp. Aug 2004 Page 2 �
+ LDAP Control to Specify Chaining Behavior
+
+ continuationBehavior instructs the DSA what to do when a referral is
+ encountered after the name resolution part of an operation has
+ completed. This scenario occurs during search operations, and may
+ occur during yet to be defined future operations. If this field is
+ not specified, other policy dictates the DSA's behavior.
+
+ Behavior specifies whether the DSA should chain the operation or
+ return referrals when a target object is held by a remote service.
+
+ chainingPreferred indicates that the preference is that
+ chaining, rather than referrals, be used to provide the service.
+ When this value is set, the server attempts to chain the request
+ but if it can't it returns referrals.
+
+ chainingRequired indicates that chaining is to be used rather
+ than referrals to service the request. When this value is set,
+ the server MUST NOT return referrals. It either chains the
+ request or fails.
+
+ referralsPreferred indicates that the client wishes to receive
+ referrals rather than allow the server to chain the operation.
+ When this value is set, the server return referrals and search
+ references when possible, but may chain the operation otherwise.
+
+ referralsRequired indicates that chaining is prohibited. When
+ this value is set, the server MUST NOT chain the request to
+ other DSAs. Instead it returns referrals as necessary, or fails.
+
+ The following list assigns meanings to some of the result codes that
+ may occur due to this control being present:
+
+ - chainingRequired (IANA-ASSIGNED-1) Unable to process without
+ chaining.
+ - cannotChain (IANA-ASSIGNED-2) Unable to chain the request.
+
+
+4. Notes to Implementors
+
+ <todo: add some>
+
+
+4.1 Unbind and Abandon
+
+ Clients MUST NOT include the ChainingBehavior control with an Abandon
+ operation or an Unbind operation. Servers MUST ignore any chaining
+ control on the abandon and unbind requests. Servers that chain
+ operation are responsible to keep track of where an operation was
+ chained to for the purposes of unbind and abandon.
+
+
+4.2 StartTLS
+
+ This operation cannot be chained because the TLS handshake protocol
+ does not allow man-in-the-middle attacks.
+
+Sermersheim, Harrison Internet-Draft - Exp. Aug 2004 Page 3 �
+ LDAP Control to Specify Chaining Behavior
+
+
+
+5. Relationship with other Extensions
+
+ This control MAY be used with other controls or with extended
+ operations. When it is used with other controls or with extended
+ operations not listed here, server behavior is undefined unless
+ otherwise specified.
+
+
+5.1 Relationship with ManageDsaIT
+
+ When this control is used along with the ManageDsaIT control, the
+ resolveBehavior value is evaluated. If resolveBehavior is such that
+ chaining is allowed, the DSA is allowed to chain the operation as
+ necessary until the last RDN is found.
+
+ For example: DSA1 holds the naming context <dc=net> and a subordinate
+ reference to <dc=example,dc=net>, DSA2 holds the naming context
+ <dc=example,dc=net> and a subordinate reference to
+ <dc=hostc,dc=example,dc=net>.
+
+ A modify operation accompanied by the ManageDsaIT control alone is
+ sent to DSA1. The base object of the modify operation is set to
+ <dc=hostc,dc=example,dc=net>. Since DSA1 does not hold the
+ <dc=hostc,dc=example,dc=net> IT DSE, a referral is returned for
+ <dc=example,dc=net>.
+
+ Next, the same modify operation is accompanied by both the
+ ManageDsaIT and the ChainingBehavior control where the
+ ChainingBehavior.resolveBehavior is set to chainingPreferred. In this
+ case, DSA1 chains to DSA2 when it encounters <dc=example,dc=net> and
+ DSA2 continues the operation. Since DSA2 holds the IT DSE
+ <dc=hostc,dc=example,dc=net>, the resolve portion completes, and the
+ rest of the operation proceeds.
+
+
+6. Security Considerations
+
+ Because this control directs a DSA to chain requests to other DSAs,
+ it may be used in a denial of service attack. Implementers should be
+ cognizant of this possibility.
+
+ This control may be used to allow access to hosts and portions of the
+ DIT not normally available to clients. Servers supporting this
+ control should provide sufficient policy to prevent unwanted
+ occurrences of this.
+
+
+7. IANA Considerations
+
+ Registration of the following values is requested [RFC3383].
+
+
+
+Sermersheim, Harrison Internet-Draft - Exp. Aug 2004 Page 4 �
+ LDAP Control to Specify Chaining Behavior
+
+7.1. Object Identifiers
+
+ It is requested that IANA register upon Standards Action an LDAP
+ Object Identifier in identifying the protocol elements defined in
+ this technical specification. The following registration template is
+ suggested:
+
+ Subject: Request for LDAP OID Registration
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments:
+ One delegation will be made under the assigned OID:
+
+ IANA-ASSIGNED-OID.1 Chaining Behavior Request Control
+
+
+7.2. LDAP Protocol Mechanism
+
+ It is requested that IANA register upon Standards Action the LDAP
+ protocol mechanism described in this document. The following
+ registration template is suggested:
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID.1
+ Description: Chaining Behavior Request Control
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Usage: Control
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+7.3. LDAP Result Codes
+
+ It is requested that IANA register upon Standards Action the LDAP
+ result codes:
+
+ chainingRequired (IANA-ASSIGNED-1)
+ cannotChain (IANA-ASSIGNED-2)
+
+ The following registration template is suggested:
+
+ Subject: LDAP Result Code Registration
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Result Code Name: chainingRequired
+ Result Code Name: cannotChain
+ Specification: RFCXXXX
+
+Sermersheim, Harrison Internet-Draft - Exp. Aug 2004 Page 5 �
+ LDAP Control to Specify Chaining Behavior
+
+ Author/Change Controller: IESG
+ Comments: request consecutive result codes be assigned
+
+
+8. Normative References
+
+ [X.518]
+ ITU-T Rec. X.511, "The Directory: Abstract Service Definition", 1993.
+
+ [RFC2119]
+ Bradner, Scott, "Key Words for use in RFCs to Indicate Requirement
+ Levels", Internet Draft, March 1997.
+ Available as RFC2119.
+
+ [RFC2251]
+ Wahl, M, S. Kille and T. Howes, "Lightweight Directory Access
+ Protocol (v3)", Internet Standard, December, 1997.
+ Available as RFC2251.
+
+
+9. Authors' Addresses
+
+ Jim Sermersheim
+ Novell, Inc.
+ 1800 South Novell Place
+ Provo, Utah 84606, USA
+ jimse at novell.com
+ +1 801 861-3088
+
+ Roger Harrison
+ Novell, Inc.
+ 1800 South Novell Place
+ Provo, Utah 84606, USA
+ rharrison at novell.com
+ +1 801 861-2642
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim, Harrison Internet-Draft - Exp. Aug 2004 Page 6 �
+ LDAP Control to Specify Chaining Behavior
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ intellectual property or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; neither does it represent that it
+ has made any effort to identify any such rights. Information on the
+ IETF's procedures with respect to rights in standards-track and
+ standards-related documentation can be found in BCP-11. Copies of
+ claims of rights made available for publication and any assurances
+ of licenses to be made available, or the result of an attempt made
+ to obtain a general license or permission for the use of such
+ proprietary rights by implementors or users of this specification
+ can be obtained from the IETF Secretariat.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights which may cover technology that may be required to practice
+ this standard. Please address the information to the IETF Executive
+ Director.
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2004). All Rights Reserved.
+
+ This document and translations of it may be copied and furnished to
+ others, and derivative works that comment on or otherwise explain
+ it or assist in its implementation may be prepared, copied,
+ published and distributed, in whole or in part, without restriction
+ of any kind, provided that the above copyright notice and this
+ paragraph are included on all such copies and derivative works.
+ However, this document itself may not be modified in any way, such
+ as by removing the copyright notice or references to the Internet
+ Society or other Internet organizations, except as needed for the
+ purpose of developing Internet standards in which case the
+ procedures for copyrights defined in the Internet Standards process
+ must be followed, or as required to translate it into languages
+ other than English.
+
+ The limited permissions granted above are perpetual and will not be
+ revoked by the Internet Society or its successors or assigns.
+
+ This document and the information contained herein is provided on
+ an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+ THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+Sermersheim, Harrison Internet-Draft - Exp. Aug 2004 Page 7 �
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-csn-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-csn-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-csn-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,898 @@
+
+
+
+
+Network Working Group J. Sermersheim
+Internet-Draft Novell, Inc
+Expires: August 5, 2005 H. Chu
+ Symas Corp.
+ February 2005
+
+
+ The LDAP Change Sequence Number
+ draft-sermersheim-ldap-csn-02.txt
+
+Status of this Memo
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as Internet-
+ Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt.
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ This Internet-Draft will expire on August 5, 2005.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2005).
+
+Abstract
+
+ This document defines a syntax schema element for the Lightweight
+ Directory Access Protocol (LDAP) which is used to hold a Change
+ Sequence Number (CSN). In general, a change sequence number
+ represents the place and time that a directory entity was changed.
+ It may be used by various attributes for various LDAP replication,
+ and synchronization applications.
+
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 1]
+�
+Internet-Draft LDAP CSN February 2005
+
+
+Discussion Forum
+
+ Technical discussion of this document will take place on the IETF
+ LDAP Extensions mailing list <ldapext at ietf.org>. Please send
+ editorial comments directly to the author(s).
+
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . 3
+ 2. Conventions . . . . . . . . . . . . . . . . . . . . . 4
+ 3. Syntaxes . . . . . . . . . . . . . . . . . . . . . . . 5
+ 3.1. ChangeSequenceNumber Syntax . . . . . . . . . . . . . 5
+ 3.2. UTF8String . . . . . . . . . . . . . . . . . . . . . . 6
+ 4. Matching Rules . . . . . . . . . . . . . . . . . . . . 7
+ 4.1. changeSequenceNumberMatch Matching Rule . . . . . . . 7
+ 4.2. utf8CodePointMatch Matching Rule . . . . . . . . . . . 7
+ 4.3. changeSequenceNumberOrderingMatch Matching Rule . . . 7
+ 4.4. utf8CodePointOrderingMatch Matching Rule . . . . . . . 8
+ 5. Attributes . . . . . . . . . . . . . . . . . . . . . . 9
+ 5.1. entryCSN Attribute . . . . . . . . . . . . . . . . . . 9
+ 6. Security Considerations . . . . . . . . . . . . . . . 10
+ 7. Normative References . . . . . . . . . . . . . . . . . 10
+ Appendix A. IANA Considerations . . . . . . . . . . . . . . . . . 11
+ A.1. LDAP Object Identifier Registrations . . . . . . . . . 11
+ A.2. LDAP Descriptor Registrations . . . . . . . . . . . . 11
+ Authors' Addresses . . . . . . . . . . . . . . . . . . 15
+ Intellectual Property and Copyright Statements . . . . 16
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 2]
+�
+Internet-Draft LDAP CSN February 2005
+
+
+1. Introduction
+
+ A number of technologies have been documented, implemented and
+ experimented with which in one way or another seek to replicate, or
+ synchronize directory data. A common need among these technologies
+ is to determine which of two copies of an element represents the
+ latest or most authoritative data. Part of meeting this need
+ involves associating a change sequence number to an element copy at
+ the time of an update to that element. When replication or
+ synchronization occurs, the change sequence numbers associated with
+ directory elements can be used to decide which element's data will be
+ copied to the other element(s).
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 3]
+�
+Internet-Draft LDAP CSN February 2005
+
+
+2. Conventions
+
+ Imperative keywords defined in [RFC2119] are used in this document,
+ and carry the meanings described there.
+
+ The General Considerations of [I-D.ietf-ldapbis-syntaxes] apply to
+ the syntax definition in this document.
+
+ The terms "directory element" and "element" refer to data held in a
+ directory and may apply to an attribute value, attribute, entry, or
+ any other identifiable directory entity.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 4]
+�
+Internet-Draft LDAP CSN February 2005
+
+
+3. Syntaxes
+
+3.1. ChangeSequenceNumber Syntax
+
+ A value of the ChangeSequenceNumber syntax is the time of a change
+ along with a replicaID which represents the Directory System Agent
+ (DSA) holding the element when it was changed. There are also two
+ sequence numbers used to disambiguate directory entities that are
+ changed at the same time and place.
+
+ The Abstract Syntax Notation One (ASN.1)[X680] type corresponding to
+ this syntax is defined as follows:
+
+ ChangeSequenceNumber ::= SEQUENCE {
+
+ time GeneralizedTime,
+
+ timeCount INTEGER (0 .. MaxInt),
+
+ replicaID UTF8String,
+
+ changeCount INTEGER (0 .. MaxInt)}
+
+ MaxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
+
+ GeneralizedTime is defined in [X680]. Local time without a
+ differential SHALL NOT be used.
+
+ UTF8String is defined below.
+
+ The LDAP-specific encoding of a value of this syntax is the Generic
+ String Encoding Rules (GSER)[RFC3641] encoding of the ASN.1 type.
+
+ Example:
+
+ { time "196701160315-0700",
+
+ timeCount 0,
+
+ replicaID "DSA666",
+
+ changeCount 1 }
+
+ The following is an LDAP syntax description [RFC2252] suitable for
+ publication in the subschema.
+
+ ( IANA-ASSIGNED-OID.1 DESC 'ChangeSequenceNumber' )
+
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 5]
+�
+Internet-Draft LDAP CSN February 2005
+
+
+3.2. UTF8String
+
+ The UTF8String syntax is used to express a string of characters from
+ the [ISO.10646-1.1993] character set (a superset of [Unicode]),
+ encoded following the [UTF-8] algorithm. Note that Unicode
+ characters U+0000 through U+007F are the same as ASCII 0 through 127,
+ respectively, and have the same single octet UTF-8 encoding. Other
+ Unicode characters have a multiple octet UTF-8 encoding.
+
+ UTF8String::= OCTET STRING -- UTF-8 encoded,
+
+ -- [ISO10646] characters
+
+ The LDAP-specific encoding of a value of this syntax are the UTF-8
+ encoded characters themselves.
+
+ The following is an LDAP syntax description [RFC2252] suitable for
+ publication in the subschema.
+
+ ( IANA-ASSIGNED-OID.2 DESC 'UTF8String' )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 6]
+�
+Internet-Draft LDAP CSN February 2005
+
+
+4. Matching Rules
+
+4.1. changeSequenceNumberMatch Matching Rule
+
+ The changeSequenceNumberMatch rule compares an assertion value of the
+ ChangeSequenceNumber syntax to a value of a syntax (e.g the
+ ChangeSequenceNumber syntax) whose corresponding ASN.1 type is
+ ChangeSequenceNumber.
+
+ The rule evaluates to TRUE if and only if each of the components of
+ the two values evaluate to TRUE using the following rules:
+
+ o The time component uses generalizedTimeMatch.
+
+ o The timeCount and changeCount components use integerMatch.
+
+ o The replicaID component uses utf8CodePointMatch.
+
+ The following is a LDAP matching rule description [RFC2252] suitable
+ for publication in the subschema.
+
+ ( IANA-ASSIGNED-OID.3 NAME changeSequenceNumberMatch SYNTAX IANA-
+ ASSIGNED-OID.1 )
+
+4.2. utf8CodePointMatch Matching Rule
+
+ The utf8CodePointMatch rule compares an assertion value of the
+ UTF8String syntax to a value of a syntax (e.g the UTF8String syntax)
+ whose corresponding ASN.1 type is UTF8String. The rule evaluates to
+ TRUE if and only if the code points [Unicode] of each of the
+ characters is equal.
+
+ The following is a LDAP matching rule description [RFC2252] suitable
+ for publication in the subschema.
+
+ ( IANA-ASSIGNED-OID.4 NAME utf8CodePointMatch SYNTAX IANA-ASSIGNED-
+ OID.2 )
+
+4.3. changeSequenceNumberOrderingMatch Matching Rule
+
+ The changeSequenceNumberOrderingMatch rule compares the
+ ChangeSequenceNumber ordering of an assertion value of the
+ ChangeSequenceNumber syntax to a value of a syntax (e.g the
+ ChangeSequenceNumber syntax) whose corresponding ASN.1 type is
+ ChangeSequenceNumber.
+
+ When evaluating ChangeSequenceNumber values for ordering, the
+ components are evaluated in this order: time, timeCount, replicaID,
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 7]
+�
+Internet-Draft LDAP CSN February 2005
+
+
+ changeCount. If a component evaluates to TRUE using the appropriate
+ ordering matching rule specified below, then the rule evaluates to
+ TRUE. Otherwise if the component evaluates to TRUE using the
+ equality matching rule specified below, the next component is
+ evaluated. Otherwise the changeSequenceNumberOrderingMatch rule
+ evaluates to FALSE or Undefined as appropriate.
+
+ o The time components of the two values are evaluated for ordering
+ using GeneralizedTimeOrderingMatch, and evaluated for equality
+ using GeneralizedTimeMatch.
+
+ o The timeCount and changeCount components of the two values are
+ evaluated for ordering using integerOrderingMatch, and evaluated
+ for equality using integerMatch.
+
+ o The replicaID components of the two values are evaluated for
+ ordering using utf8CodePointOrderingMatch and evaluated for
+ equality using utf8CodePointMatch.
+
+ The following is a LDAP matching rule description [RFC2252] suitable
+ for publication in the subschema.
+
+ ( IANA-ASSIGNED-OID.5 NAME changeSequenceNumberOrderingMatch SYNTAX
+ SYNTAX IANA-ASSIGNED-OID.1 )
+
+4.4. utf8CodePointOrderingMatch Matching Rule
+
+ The utf8CodePointOrderingMatch rule compares the ordering of an
+ assertion value of the UTF8String syntax to a stored value of a
+ syntax (e.g. the UTF8String syntax) whose corresponding ASN.1 type is
+ UTF8String.
+
+ The rule evaluates to TRUE if, and only if, in the code point
+ collation order, the stored value character string appears earlier
+ than the assertion value character string, i.e., the stored value is
+ "less than" the assertion value.
+
+ The following is a LDAP matching rule description [RFC2252] suitable
+ for publication in the subschema.
+
+ ( IANA-ASSIGNED-OID.6 NAME utf8CodePointOrderingMatch SYNTAX IANA-
+ ASSIGNED-OID.2 )
+
+
+
+
+
+
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 8]
+�
+Internet-Draft LDAP CSN February 2005
+
+
+5. Attributes
+
+5.1. entryCSN Attribute
+
+ The entryCSN operational attribute provides the CSN of the last
+ update applied to the entry.
+
+ The following is a LDAP attribute type description [RFC2252] suitable
+ for publication in the subschema.
+
+ ( IANA-ASSIGNED-OID.7 NAME entryCSN DESC 'CSN of the entry content'
+ EQUALITY changeSequenceNumberMatch ORDERING
+ changeSequenceNumberOrderingMatch SYNTAX IANA-ASSIGNED-OID.1 SINGLE-
+ VALUE NO-USER-MODIFICATION USAGE directoryOperation )
+
+ Servers MAY assign a CSN to each entry upon its addition to the
+ directory and provide the entry's CSN as the value of the entryCSN
+ operational attribute. If the entryCSN attribute is assigned, the
+ attribute SHOULD be updated upon every update of the entry.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 9]
+�
+Internet-Draft LDAP CSN February 2005
+
+
+6. Security Considerations
+
+7. Normative References
+
+ [I-D.ietf-ldapbis-syntaxes]
+ Legg, S., "Lightweight Directory Access Protocol (LDAP):
+ Syntaxes and Matching Rules",
+ draft-ietf-ldapbis-syntaxes-11 (work in progress),
+ June 2005.
+
+ [ISO.10646-1.1993]
+ International Organization for Standardization,
+ "Information Technology - Universal Multiple-octet coded
+ Character Set (UCS) - Part 1: Architecture and Basic
+ Multilingual Plane", ISO Standard 10646-1, May 1993.
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC2252] Wahl, M., Coulbeck, A., Howes, T., and S. Kille,
+ "Lightweight Directory Access Protocol (v3): Attribute
+ Syntax Definitions", RFC 2252, December 1997.
+
+ [RFC3383] Zeilenga, K., "Internet Assigned Numbers Authority (IANA)
+ Considerations for the Lightweight Directory Access
+ Protocol (LDAP)", BCP 64, RFC 3383, September 2002.
+
+ [RFC3641] Legg, S., "Generic String Encoding Rules (GSER) for ASN.1
+ Types", RFC 3641, October 2003.
+
+ [UTF-8] International Organization for Standardization,
+ "Information Technology - Universal Multiple-octet coded
+ Character Set (UCS) - Amendment 2: UCS Transformation
+ Format 8 (UTF-8)", ISO Standard 10646-1 Addendum 2,
+ October 1996.
+
+ [Unicode] The Unicode Consortium, "The Unicode Standard", 2004.
+
+ [X680] International Telecommunications Union, "Abstract Syntax
+ Notation One (ASN.1): Specification of basic notation",
+ ITU-T Recommendation X.680, July 2002.
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 10]
+�
+Internet-Draft LDAP CSN February 2005
+
+
+Appendix A. IANA Considerations
+
+ Registration of the following values is requested [RFC3383].
+
+A.1. LDAP Object Identifier Registrations
+
+ It is requested that IANA register upon Standards Action an LDAP
+ Object Identifier in identifying the protocol elements defined in
+ this technical specification. The following registration template is
+ provided:
+
+ Subject: Request for LDAP OID Registration
+
+ Person & email address to contact for further information:
+
+ Jim Sermersheim
+
+ jimse at novell.com
+
+ Specification: RFCXXXX
+
+ Author/Change Controller: IESG
+
+ Comments:
+
+ Seven delegations will be made under the assigned OID:
+
+ IANA-ASSIGNED-OID.1 ChangeSequenceNumber: LDAP Syntax
+
+ IANA-ASSIGNED-OID.2 UTF8String: LDAP Syntax
+
+ IANA-ASSIGNED-OID.3 changeSequenceNumberMatch: LDAP Matching Rule
+
+ IANA-ASSIGNED-OID.4 utf8CodePointMatch: LDAP Matching Rule
+
+ IANA-ASSIGNED-OID.5 changeSequenceNumberOrderingMatch: LDAP
+ Matching Rule
+
+ IANA-ASSIGNED-OID.6 utf8CodePointOrderingMatch: LDAP Matching Rule
+
+ IANA-ASSIGNED-OID.7 entryCSN: LDAP Attribute Type
+
+A.2. LDAP Descriptor Registrations
+
+ It is requested that IANA register upon Standards Action the LDAP
+ descriptors described in this document. The following registration
+ templates are given:
+
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 11]
+�
+Internet-Draft LDAP CSN February 2005
+
+
+ Subject: Request for LDAP Descriptor Registration
+
+ Descriptor (short name): ChangeSequenceNumber
+
+ Object Identifier: IANA-ASSIGNED-OID.1
+
+ Person & email address to contact for further information:
+
+ Jim Sermersheim
+
+ jimse at novell.com
+
+ Usage: other
+
+ Specification: RFCXXXX
+
+ Author/Change Controller: IESG
+
+ Comments: LDAP Syntax
+
+ Subject: Request for LDAP Descriptor Registration
+
+ Descriptor (short name): UTF8String
+
+ Object Identifier: IANA-ASSIGNED-OID.2
+
+ Person & email address to contact for further information:
+
+ Jim Sermersheim
+
+ jimse at novell.com
+
+ Usage: other
+
+ Specification: RFCXXXX
+
+ Author/Change Controller: IESG
+
+ Comments: LDAP Syntax
+
+ Subject: Request for LDAP Descriptor Registration
+
+ Descriptor (short name): changeSequenceNumberMatch
+
+ Object Identifier: IANA-ASSIGNED-OID.3
+
+ Person & email address to contact for further information:
+
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 12]
+�
+Internet-Draft LDAP CSN February 2005
+
+
+ Jim Sermersheim
+
+ jimse at novell.com
+
+ Usage: other
+
+ Specification: RFCXXXX
+
+ Author/Change Controller: IESG
+
+ Comments: LDAP Matching Rule
+
+ Subject: Request for LDAP Descriptor Registration
+
+ Descriptor (short name): utf8CodePointMatch
+
+ Object Identifier: IANA-ASSIGNED-OID.4
+
+ Person & email address to contact for further information:
+
+ Jim Sermersheim
+
+ jimse at novell.com
+
+ Usage: other
+
+ Specification: RFCXXXX
+
+ Author/Change Controller: IESG
+
+ Comments: LDAP Matching Rule
+
+ Subject: Request for LDAP Descriptor Registration
+
+ Descriptor (short name): changeSequenceNumberOrderingMatch
+
+ Object Identifier: IANA-ASSIGNED-OID.5
+
+ Person & email address to contact for further information:
+
+ Jim Sermersheim
+
+ jimse at novell.com
+
+ Usage: other
+
+ Specification: RFCXXXX
+
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 13]
+�
+Internet-Draft LDAP CSN February 2005
+
+
+ Author/Change Controller: IESG
+
+ Comments: LDAP Matching Rule
+
+ Subject: Request for LDAP Descriptor Registration
+
+ Descriptor (short name): utf8CodePointOrderingMatch
+
+ Object Identifier: IANA-ASSIGNED-OID.6
+
+ Person & email address to contact for further information:
+
+ Jim Sermersheim
+
+ jimse at novell.com
+
+ Usage: other
+
+ Specification: RFCXXXX
+
+ Author/Change Controller: IESG
+
+ Comments: LDAP Matching Rule
+
+ Subject: Request for LDAP Descriptor Registration
+
+ Descriptor (short name): entryCSN
+
+ Object Identifier: IANA-ASSIGNED-OID.7
+
+ Person & email address to contact for further information:
+
+ Jim Sermersheim
+
+ jimse at novell.com
+
+ Usage: Attribute Type
+
+ Specification: RFCXXXX
+
+ Author/Change Controller: IESG
+
+ Comments: LDAP Attribute Type
+
+
+
+
+
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 14]
+�
+Internet-Draft LDAP CSN February 2005
+
+
+Authors' Addresses
+
+ Jim Sermersheim
+ Novell, Inc
+ 1800 South Novell Place
+ Provo, Utah 84606
+ USA
+
+ Phone: +1 801 861-3088
+ Email: jimse at novell.com
+
+
+ Howard Chu
+ Symas Corp.
+ 18740 Oxnard Street, Suite 313A
+ Tarzana, California 91356
+ USA
+
+ Phone: +1 818 757-7087
+ Email: hyc at symas.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 15]
+�
+Internet-Draft LDAP CSN February 2005
+
+
+Intellectual Property Statement
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+Disclaimer of Validity
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+Copyright Statement
+
+ Copyright (C) The Internet Society (2005). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+
+Acknowledgment
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+Sermersheim & Chu Expires August 5, 2005 [Page 16]
+�
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-distproc-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-distproc-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-distproc-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2541 @@
+
+Network Working Group J. Sermersheim
+Internet-Draft Novell, Inc
+Expires: August 26, 2005 February 22, 2005
+
+
+
+ Distributed Procedures for LDAP Operations
+ draft-sermersheim-ldap-distproc-02.txt
+
+
+Status of this Memo
+
+
+ This document is an Internet-Draft and is subject to all provisions
+ of Section 3 of RFC 3667. By submitting this Internet-Draft, each
+ author represents that any applicable patent or other IPR claims of
+ which he or she is aware have been or will be disclosed, and any of
+ which he or she become aware will be disclosed, in accordance with
+ RFC 3668.
+
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as
+ Internet-Drafts.
+
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt.
+
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+
+ This Internet-Draft will expire on August 26, 2005.
+
+
+Copyright Notice
+
+
+ Copyright (C) The Internet Society (2005).
+
+
+Abstract
+
+
+ This document provides the data types and procedures used while
+ servicing Lightweight Directory Access Protocol (LDAP) user
+ operations in order to participate in a distributed directory. In
+ particular, it describes the way in which an LDAP user operation in a
+ distributed directory environment finds its way to the proper DSA(s)
+ for servicing.
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 1]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+Discussion Forum
+
+
+ Technical discussion of this document will take place on the IETF
+ LDAP Extensions mailing list <ldapext at ietf.org>. Please send
+ editorial comments directly to the author.
+
+
+Table of Contents
+
+
+ 1. Distributed Operations Overview . . . . . . . . . . . . . . 3
+ 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . 4
+ 3. Distributed Operation Data Types . . . . . . . . . . . . . . 5
+ 3.1 ContinuationReference . . . . . . . . . . . . . . . . . . . 5
+ 3.2 ChainedRequest . . . . . . . . . . . . . . . . . . . . . . . 9
+ 3.3 Chained Response . . . . . . . . . . . . . . . . . . . . . . 11
+ 4. Distributed Procedures . . . . . . . . . . . . . . . . . . . 14
+ 4.1 Name resolution . . . . . . . . . . . . . . . . . . . . . . 14
+ 4.2 Operation Evaluation . . . . . . . . . . . . . . . . . . . . 16
+ 4.3 Populating the ContinuationReference . . . . . . . . . . . . 19
+ 4.4 Sending a ChainedRequest . . . . . . . . . . . . . . . . . . 21
+ 4.5 Emulating the Sending of a ChainedRequest . . . . . . . . . 23
+ 4.6 Receiving a ChainedRequest . . . . . . . . . . . . . . . . . 24
+ 4.7 Returning a Chained Response . . . . . . . . . . . . . . . . 25
+ 4.8 Receiving a Chained Response . . . . . . . . . . . . . . . . 26
+ 4.9 Returning a Referral or Intermediate Referral . . . . . . . 27
+ 4.10 Acting on a Referral or Intermediate Referral . . . . . . . 30
+ 4.11 Ensuring non-existence of an entry under an nssr . . . . . . 31
+ 4.12 Mapping a referralURI to an LDAP URI . . . . . . . . . . . . 31
+ 4.13 Using the ManageDsaIT control . . . . . . . . . . . . . . . 32
+ 5. Security Considerations . . . . . . . . . . . . . . . . . . 33
+ 6. Normative References . . . . . . . . . . . . . . . . . . . . 33
+ Author's Address . . . . . . . . . . . . . . . . . . . . . . 34
+ A. IANA Considerations . . . . . . . . . . . . . . . . . . . . 35
+ A.1 LDAP Object Identifier Registrations . . . . . . . . . . . . 35
+ A.2 LDAP Protocol Mechanism Registrations . . . . . . . . . . . 35
+ A.3 LDAP Descriptor Registrations . . . . . . . . . . . . . . . 37
+ A.4 LDAP Result Code Registrations . . . . . . . . . . . . . . . 38
+ Intellectual Property and Copyright Statements . . . . . . . 39
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 2]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+1. Distributed Operations Overview
+
+
+ One characteristic of X.500-based directory systems [X500] is that,
+ given a distributed Directory Information Tree (DIT), a user should
+ potentially be able to have any service request satisfied (subject to
+ security, access control, and administrative policies) irrespective
+ of the Directory Service Agent (DSA) to which the request was sent.
+ To accommodate this requirement, it is necessary that any DSA
+ involved in satisfying a particular service request have some
+ knowledge (as specified in {TODO: Link to future Distributed Data
+ Model doc}) of where the requested information is located and either
+ return this knowledge to the requester or attempt to satisfy the
+ request satisfied on the behalf of the requester (the requester may
+ either be a Directory User Agent (DUA) or another DSA).
+
+
+ Two modes of operation distribution are defined to meet these
+ requirements, namely "chaining" and "returning referrals".
+ "Chaining" refers to the attempt by a DSA to satisfy a request by
+ sending one or more chained operations to other DSAs. "Returning
+ referrals", is the act of returning distributed knowledge information
+ to the requester, which may then itself interact with the DSA(s)
+ identified by the distributed knowledge information. It is a goal of
+ this document to provide the same level of service whether the
+ chaining or referral mechanism is used to distribute an operation.
+
+
+ The processing of an operation is talked about in two major phases,
+ namely "name resolution", and "operation evaluation". Name
+ resolution is the act of locating a local DSE held on a DSA given a
+ distinguished name (DN). Operation evaluation is the act of
+ performing the operation after the name resolution phase is complete.
+
+
+ While distributing an operation, a request operation may be
+ decomposed into several sub-operations.
+
+
+ The distributed directory operation procedures described in this
+ document assume the absense of the ManageDsaIT control defined in
+ [RFC3296] and described in Section 4.13.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 3]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+2. Conventions
+
+
+ Imperative keywords defined in [RFC2119] are used in this document,
+ and carry the meanings described there.
+
+
+ All Basic Encoding Rules (BER) [X690] encodings follow the
+ conventions found in Section 5.1 of [RFC2251].
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 4]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+3. Distributed Operation Data Types
+
+
+ The data types in this section are used by the chaining and referral
+ distributed operation mechanisms described in Section 4
+
+
+3.1 ContinuationReference
+
+
+ As an operation is being processed by a DSA, it is useful to group
+ the information passed between various procedures as a collection of
+ data. The ContinuationReference data type is introduced for this
+ purpose. This data type is populated and consumed by various
+ procedures discussed in various sections of this document. In
+ general, a ContinuationReference is used when indicating that
+ directory information being acted on is not present locally, but may
+ be present elsewhere.
+
+
+ A ContinuationReference consists of one or more addresses which
+ identify remote DSAs along with other information pertaining both to
+ the distributed knowledge information held on the local DSA as well
+ as information relevant to the operation. This data type is
+ expressed here in Abstract Syntax Notation One (ASN.1) [X680].
+
+
+ ContinuationReference ::= SET {
+ referralURI [0] SET SIZE (1..MAX) OF URI,
+ localReference [2] LDAPDN,
+ referenceType [3] ReferenceType,
+ remainingName [4] RelativeLDAPDN OPTIONAL,
+ searchScope [5] SearchScope OPTIONAL,
+ searchedSubtrees [6] SearchedSubtrees OPTIONAL,
+ failedName [7] LDAPDN OPTIONAL,
+ ... }
+
+
+ <Editor's Note: Planned for addition is a searchCriteria field which
+ is used both for assuring that the remote object is in fact the
+ object originally pointed to (this mechanism provides a security
+ measure), and also to allow moved or renamed remote entries to be
+ found. Typically the search criteria would have a filter value of
+ (entryUUID=<something>)>
+
+
+ URI ::= LDAPString -- limited to characters permitted in URIs
+ [RFC2396].
+
+
+ ReferenceType ::= ENUMERATED {
+ superior (0),
+ subordinate (1),
+ cross (2),
+ nonSpecificSubordinate (3),
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 5]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ suplier (4),
+ master (5),
+ immediateSuperior (6),
+ self (7),
+ ... }
+ SearchScope ::= ENUMERATED {
+ baseObject (0),
+ singleLevel (1),
+ wholeSubtree (2),
+ subordinateSubtree (3),
+ ... }
+
+
+ SearchedSubtrees ::= SET OF RelativeLDAPDN
+
+
+ LDAPDN, RelativeLDAPDN, and LDAPString, are defined in [RFC2251].
+
+
+ The following subsections introduce the fields of the
+ ContinuationReference data type, but do not provide in-depth
+ semantics or instructions on the population and consumption of the
+ fields. These topics are discussed as part of the procedural
+ instructions.
+
+
+3.1.1 ContinuationReference.referralURI
+
+
+ The list of referralURI values is used by the receiver to progress
+ the operation. Each value specifies (at minimum) the protocol and
+ address of one or more remote DSA(s) holding the data sought after.
+ URI values which are placed in ContinuationReference.referralURI must
+ allow for certain elements of data to be conveyed. Section 3.1.1.1
+ describes these data elements. Furthermore, a mapping must exist
+ which relates the parts of a specified URI to these data elements.
+ This document provides such a mapping for the LDAP URL [RFC2255] in
+ Section 4.12.
+
+
+ In some cases, a referralURI will contain data which has a
+ counterpart in the fields of the ContinuationReference (an example is
+ where the referralURI is an LDAP URL, holds a <scope> value, and the
+ ContinuationReference.searchScope field is also present). In these
+ cases, the data held on the referralURI overrides the field in the
+ ContinuationReference. Specific examples of this are highlighted in
+ other sections. Providing a means for these values to exist as
+ fields of the ContinuationReference allows one value to be applied to
+ all values of referralURI (as opposed to populating duplicate data on
+ all referralURI values).
+
+
+ If a referralURI value identifies an LDAP-enabled DSA [RFC3377], the
+ LDAP URL form is used.
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 6]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+3.1.1.1 Elements of referralURI Values
+
+
+ The following data elements must be allowed and identified for a
+ specified URI type to be used to convey referral information. Each
+ element is given a name which begins with 'referralURI.' for clarity
+ when referencing the elements conceptually in other parts of this
+ document.
+
+
+ o referralURI.protocolIdentifier. There must be an indication of
+ the protocol to be used to contact the DSA identified by the URI.
+ o referralURI.accessPoint. The URI must identify a DSA in a manner
+ that can be used to contact it using the protocol specified in
+ protocolIdentifier.
+ o referralURI.targetObject. Holds the name to be used as the base
+ DN of the operation being progressed. This field must be allowed
+ by the URI specification, but may be omitted in URI instances for
+ various reasons.
+ o referralURI.localReference. See Section 3.1.2. This field must
+ be allowed by the URI specification, but may be omitted in URI
+ instances for various reasons.
+ o referralURI.searchScope. See Section 3.1.5. This field must be
+ allowed by the URI specification, but may be omitted in URI
+ instances for various reasons.
+ o referralURI.searchedSubtrees. See Section 3.1.6. This field must
+ be allowed by the URI specification, but may be omitted in URI
+ instances for various reasons.
+ o referralURI.failedName. See Section 3.1.7. This field must be
+ allowed by the URI specification, but may be omitted in URI
+ instances for various reasons.
+
+
+3.1.2 ContinuationReference.localReference
+
+
+ This names the DSE which was found to hold distributed knowledge
+ information, and thus which caused the ContinuationReference to be
+ formed. This field is primarily used to help convey the new target
+ object name, but may also be used for purposes referential integrity
+ (not discussed here). In the event that the root object holds the
+ distributed knowledge information, this field is present and is
+ populated with an empty DN.
+
+
+3.1.3 ContinuationReference.referenceType
+
+
+ Indicates the DSE Type of the ContinuationReference.localReference.
+ This field may be used to determine how to progress an operations
+ (i.e. if the value is nonSpecificSubordinate, a search continuation
+ will exclude the ContinuationReference.referenceType).
+
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 7]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+3.1.4 ContinuationReference.remainingName
+
+
+ In certain scenarios, the localReference does not completely name the
+ DSE to be used as the new target object name. In these cases,
+ remainingName is populated with the RDNSequence relative to the
+ localReference of the target object name being resolved. Some
+ examples of these scenarios include (but are not restricted to):
+
+
+ o During name resolution, the name is not fully resolved, but a DSE
+ holding distributed knowledge information is found, causing a
+ ContinuationReference to be generated.
+ o While searching, an alias is dereferenced. The aliasedObjectName
+ points to a DSE of type glue which is subordinate to a DSE holding
+ distributed knowledge information.
+
+
+3.1.5 ContinuationReference.searchScope
+
+
+ Under certain circumstances, when progressing a search operation, a
+ search scope different than that of the original search request must
+ be used. This field facilitates the conveyance of the proper search
+ scope to be used when progressing the distributed operation.
+
+
+ The scope of subordinateSubtree has been added to the values allowed
+ by the LDAP SearchRequest.scope field. This scope includes the
+ subtree of entries below the base DN, but does not include the base
+ DN itself. This is used here when progressing distributed search
+ operations caused by the existence of a DSE of type nssr.
+
+
+ If a referralURI.searchScope is present, it overrides this field
+ while that referralURI is being operated upon.
+
+
+3.1.6 ContinuationReference.searchedSubtrees
+
+
+ For ContinuationReferences generated while processing a search
+ operation with a scope of wholeSubtree, each value of this field
+ indicates that a particular subtree below the target object has
+ already been searched. Consumers of this data use it to cause the
+ progression of the search operation to exclude these subtrees as a
+ mechanism to avoid receiving duplicate entries.
+
+
+ If a referralURI.searchedSubtrees is present, it overrides this field
+ while that referralURI is being operated upon.
+
+
+3.1.7 ContinuationReference.failedName
+
+
+ When an operation requires that multiple names be resolved (as is the
+ case with the ModifyDN operation), this field is used to specify
+ which name was found to be non-local.
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 8]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ If a referralURI.failedName is present, it overrides this field while
+ that referralURI is being operated upon.
+
+
+3.2 ChainedRequest
+
+
+ The Chained Request is sent as an LDAP extended operation. The
+ requestName is IANA-ASSIGNED-OID.1. The requestValue is the BER
+ encoding of the following ChainedRequestValue ASN.1 definition:
+
+
+ ChainedRequestValue ::= SEQUENCE {
+
+
+ chainingArguments ChainingArguments,
+ operationRequest OperationRequest }
+
+
+ ChainingArguments ::= SEQUENCE {
+
+
+ targetObject [0] LDAPDN OPTIONAL,
+ referenceType [1] ReferenceType,
+ traceInformation [2] ChainingTraceInformation,
+ searchScope [3] SearchScope OPTIONAL,
+ searchedSubtrees [4] SearchedSubtrees OPTIONAL}
+
+
+ ChainingTraceInformation ::= SET OF LDAPURL
+
+
+ OperationRequest ::= SEQUENCE {
+
+
+ Request ::= CHOICE {
+
+
+ bindRequest BindRequest,
+ searchRequest SearchRequest,
+ modifyRequest ModifyRequest,
+ addRequest AddRequest,
+ delRequest DelRequest,
+ modDNRequest ModifyDNRequest,
+ compareRequest CompareRequest,
+ extendedReq ExtendedRequest,
+ ... },
+ controls [0] Controls COPTIONAL }
+
+
+ BindRequest, SearchRequest, ModifyRequest, AddRequest, DelRequest,
+ ModifyDNRequest, CompareRequest, ExtendedRequest and Controls are
+ defined in [RFC2251].
+
+
+3.2.1 ChainedRequestValue.chainingArguments
+
+
+ In general, these fields assist in refining the original operation as
+ it is to be executed on the receiving DSA.
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 9]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+3.2.1.1 ChainedRequestValue.chainingArguments.targetObject
+
+
+ This field contains the new target (or base) DN for the operation.
+
+
+ The sending DSA populates this under different scenarios including
+ the case where an alias has been dereferenced while resolving the DN,
+ and also the case where a referral carries a target name different
+ from the reference object that caused the referral.
+
+
+ This field can be omitted only if it would be the the same value as
+ the object or base object parameter in the
+ ChainedRequestValue.operationRequest, in which case its implied value
+ is that value.
+
+
+ The receiving DSA examines this field and (if present) uses it rather
+ than the base DN held in the ChainedRequestValue.operationRequest.
+
+
+3.2.1.2 ChainedRequestValue.chainingArguments.referenceType
+
+
+ See Section 3.1.3.
+
+
+ If the receiver encounters a value of nonSpecificSubordinate in this
+ field, it indicates that the operation is being chained due to DSE of
+ type nssr. In this case, the receiver allows (and expects) the base
+ DN to name the immediate superior of a context prefix.
+
+
+3.2.1.3 ChainedRequestValue.chainingArguments.traceInformation
+
+
+ This contains a set of URIs. Each value represents the address of a
+ DSA and DN that has already been contacted while attempting to
+ service the operation. This field is used to detect looping while
+ servicing a distributed operation.
+
+
+ The sending DSA populates this with its own URI, and also the URIs of
+ any DSAs that have already been chained to. The receiving DSA
+ examines this list of URIs and returns a loopDetect error if it finds
+ that any of the addresses and DNs in the listed URI's represent it's
+ own.
+
+
+3.2.1.4 ChainedRequestValue.chainingArguments.searchScope
+
+
+ See Section 3.1.5.
+
+
+3.2.1.5 ChainedRequestValue.chainingArguments.searchedSubtrees
+
+
+ See Section 3.1.6.
+
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 10]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+3.2.2 ChainedRequestValue.operationRequest
+
+
+ This holds the original LDAP operation request. This is restricted
+ to a subset of all LDAP operations. Namely, the following LDAP
+ operation types are not allowed:
+
+
+ o Abandon/Cancel operations. When an abandon or cancel operation
+ needs to be chained, it is sent to the remote DSA as-is. This is
+ because there is no need to track it for loop detection or pass on
+ any other information normally found in ChainingArguments.
+ o Unbind. Again, there is no need to send chaining-related
+ information to a DSA to perform an unbind. DSAs which chain
+ operations maintain connections as they see fit.
+ o Chained Operation. When a DSA receives a chained operation, and
+ must again chain that operation to a remote DSA, it sends a
+ ChainedRequest where the ChainedRequestValue.operationRequest is
+ that of the incoming ChainedRequestValue.operationRequest.
+
+
+3.3 Chained Response
+
+
+ The Chained Response is sent as an LDAP IntermediateResponse
+ [RFC3771], or LDAP ExtendedResponse [RFC2251], depending on whether
+ the operation is complete or not. In either case, the responseName
+ is omitted. For intermediate responses, the
+ IntermediateResponse.responseValue is the BER encoding of the
+ ChainedIntermediateResponseValue ASN.1 definition. For completed
+ operations, the ExtendedResponse.value is the BER encoding of the
+ ChainedFinalResponseValue ASN.1 definition.
+
+
+ ChainedIntermediateResponseValue ::= SEQUENCE {
+
+
+ chainedResults ChainingResults,
+ operationResponse IntermediateResponse }
+
+
+ ChainedFinalResponseValue ::= SEQUENCE {
+
+
+ chainedResults ChainingResults,
+ operationResponse FinalResponse }
+
+
+ ChainingResults ::= SEQUENCE {
+
+
+ searchedSubtrees [0] SearchedSubtrees OPTIONAL,
+ ... }
+
+
+ IntermediateResponse ::= SEQUENCE {
+
+
+ Response ::= CHOICE {
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 11]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+
+ searchResEntry SearchResultEntry,
+ searchResRef SearchResultReference,
+ intermediateResponse IntermediateResponse
+ ... },
+ controls [0] Controls COPTIONAL }
+
+
+ FinalResponse ::= SEQUENCE {
+
+
+ Response ::= CHOICE {
+
+
+ bindResponse BindResponse,
+ searchResDone SearchResultDone,
+ modifyResponse ModifyResponse,
+ addResponse AddResponse,
+ delResponse DelResponse,
+ modDNResponse ModifyDNResponse,
+ compareResponse CompareResponse,
+ extendedResp ExtendedResponse,
+ ... },
+ controls [0] Controls COPTIONAL }
+
+
+ BindResponse, SearchResultEntry, SearchResultDone,
+ SearchResultReference, ModifyResponse, AddResponse, DelResponse,
+ ModifyDNResponse, CompareResponse, ExtendedResponse, and Controls are
+ defined in [RFC2251]. IntermediateResponse is defined in [RFC3771].
+
+
+3.3.1 ChainingResults
+
+
+ In general, this is used to convey additional information that may
+ needed in the event that the operation needs to be progressed
+ further.
+
+
+3.3.1.1 ChainingResults.searchedSubtrees
+
+
+ Each value of this field indicates that a particular subtree below
+ the target object has already been searched. This is particularly
+ useful while chaining search operations during operation evaluation
+ caused by the presence of a DSA of type nssr. Each DSA referenced by
+ the nssr holds one or more naming contexts subordinate to the nssr
+ DSE. The ChainingResults.searchedSubtrees field allows the DSA being
+ chained to, to inform the sending DSA which subordinate naming
+ contexts have been searched. This information may be passed to
+ further DSAs listed on the nssr in order to reduce the possibility of
+ duplicate entries being returned.
+
+
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 12]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+3.3.2 ChainedIntermediateResponseValue.intermediateResponse and
+ ChainedFinalResponseValue.finalResponse
+
+
+ This holds the directory operation response message tied to the
+ ChainedRequestValue.operationRequest.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 13]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+4. Distributed Procedures
+
+
+ For the purposes of describing a distributed operation, operations
+ are said to consist of two major phases -- name resolution and
+ operation evaluation. These terms are adopted from [X518]. Name
+ resolution is the act of locating a DSE said to be held locally by a
+ DSA given a distinguished name (DN). Operation evaluation is the act
+ of performing the operation after the name resolution phase is
+ complete.
+
+
+ Furthermore, there are two modes of distributing an operation --
+ chaining, and returning referrals. Chaining is the act of forwarding
+ an unfinished operation to another DSA for completion (this may
+ happen during name resolution or operation evaluation). In this
+ case, the forwarding DSA sends a chained operation to a receiving
+ DSA, which attempts to complete the operation. Alternately, the DSA
+ may return a referral (or intermediate referral), and the client may
+ use that referral in order to forward the unfinished operation to
+ another DSA. Whether the operation is distributed via chaining or
+ referrals is a decision left to the DSA and or DUA.
+
+
+ The term 'intermediate referral' describes a referral returned during
+ the operation evaluation phase of an operation. These include
+ searchResultReferences, referrals returned with an
+ intermediateResponse [RFC3771], or future referrals which indicate
+ that they are intermediate referrals.
+
+
+ An operation which is distributed while in the operation evaluation
+ phase is termed a 'sub-operation'.
+
+
+ This document inserts a step between the two distributed operation
+ phases in order to commonize the data and processes followed prior to
+ chaining an operation or returning a referral. This step consists of
+ populating a ContinuationReference data type.
+
+
+4.1 Name resolution
+
+
+ Before evaluating (enacting) most directory operations, the DSE named
+ by the target (often called the base DN) of the operation must be
+ located . This is done by evaluating the RDNs of the target DN one
+ at a time, starting at the rootmost RDN. Each RDN is compared to the
+ DSEs held by the DSA until the set of RDNs is exhausted, or an RDN
+ cannot be found.
+
+
+ If the DSE named by the target is found to be local, the name
+ resolution phase of the operation completes and the operation
+ evaluation phase begins.
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 14]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ If it is found that the target does not name a local DSE nor a DSE
+ that may held by another DSA, it is said that the target does not
+ exist, and the operation fails with noSuchObject (subject to local
+ policy).
+
+
+ If it is found that the DSE named by the target is non-local to the
+ DSA, but may reside elsewhere, name resolution is said to be
+ incomplete. In this case, the operation may be distributed by
+ creating a ContinuationReference (Section 4.3) and either chaining
+ the operation (Section 4.4 and Section 4.5)or returning a referral
+ (Section 4.9).
+
+
+4.1.1 Determining that a named DSE is local to a DSA
+
+
+ If a DSE held by a DSA falls within a naming context held by the DSA,
+ or is the root DSE on a first-level DSA, it is said to be local to
+ that DSA
+
+
+4.1.2 Determining that a named DSE does not exist
+
+
+ A named DSE is said to not exist if, during name resolution the DSE
+ is not found, but if found it would fall within a naming context held
+ by the DSA.
+
+
+4.1.3 Determining that a named DSE is non-local
+
+
+ If a named DSE is niether found to be local to the DSA, nor found to
+ not exist, it is said to be non-local to a DSA. In this case, it is
+ indeterminate whether the named DSE exists.
+
+
+ When a named DSE is found to be non-local, there should be
+ distributed knowledge information available to be used to either
+ return a referral or chain the operation.
+
+
+4.1.3.1 Locating distributed knowledge information for a non-local
+ target
+
+
+ If it has been determined that a target names a non-local DSE,
+ distributed knowledge information may be found by first examining the
+ DSE named by the target, and subsequently all superior DSEs beginning
+ with the immediate superior and ending with the root, until an
+ examined DSE is one of types:
+
+
+ {TODO: should DSE types be all caps? It would be easier to read.}
+ o subr
+ o supr
+ o immsupr
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 15]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ o xr
+ o nssr
+
+
+ The examined DSE which is of one of these types holds the distributed
+ knowledge information for the non-local named target. This DSE is
+ said to be the found distributed knowledge information of the
+ non-local target. This found distributed knowledge information may
+ then be used to distribute the operation.
+
+
+ If no examined DSEs are of any of these types, the distributed
+ knowledge information is mis-configured, and the error
+ invalidReference is returned.
+
+
+4.1.4 Special case for the Add operation
+
+
+ During the name resolution phase of the Add operation, the immediate
+ parent of the base DN is resolved.
+
+
+ If the immediate parent of the entry to be added is a DSE of type
+ nssr, then further interrogation is needed to ensure that the entry
+ to be added does not exist. Methods for doing this are found in
+ Section 4.11. {TODO: don't make this mandatory. Also, it doesn't
+ work without transaction semantics. Same prob in the mod dn below.}.
+
+
+4.1.5 Special case for the ModifyDN operation
+
+
+ When the modifyDN operation includes a newSuperior name, it must be
+ resolved as well as the base DN being modified. If either of these
+ result in a non-local name, the name causing the operation to be
+ distributed should be conveyed (Section 4.3.5). {TODO: also mention
+ access control problems, and mention (impl detail) that
+ affectsmultidsa can be used.}
+
+
+ If during operation evaluation of a ModifyDN operation, the
+ newSuperior names a DSE type of nssr, then further interrogation is
+ needed to ensure that the entry to be added does not exist. Methods
+ for doing this are found in Section 4.11.
+
+
+4.2 Operation Evaluation
+
+
+ Once name resolution has completed. The DSE named in the target has
+ been found to be local to a DSA. At this point the operation can be
+ carried out. During operation evaluation distributed knowledge
+ information may be found that may cause the DSA to distribute the
+ operation. When this happens, the operation may be distributed by
+ creating a ContinuationReference (Section 4.3) and either chaining
+ the operation (Section 4.4 and Section 4.5)or returning a referral
+ (Section 4.9).
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 16]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ If, during the location of the distributed knowledge information, the
+ distributed knowledge information is found to be mis-configured,
+ operation semantics are followed (some operations may call for an
+ error to be returned, while others call for the error to be ignored).
+ {TODO: either make this more specific, or less specific, or just toss
+ it out.}
+
+
+4.2.1 Search operation
+
+
+ During operation evaluation of a search operation, the DSA must
+ determine whether there is distributed knowledge information in the
+ scope of the search. Any DSE in the search scope which is of the
+ following types is considered to be 'found distributed knowledge
+ information' {TODO: use a better term than found distributed
+ knowledge information} in the search scope:
+
+
+ o subr
+ o nssr (see nssr note)
+ o xr {TODO: I think xr only qualifies when an alias is dereferenced
+ to an xr. Otherwisw, there should always be a subr above the xr
+ if it falls in the search scope.}
+
+
+ Note that due to alias dereferencing, the search scope may expand to
+ include entries outside of the scope originally specified in the
+ search operation. {TODO: note that an aliased object may be glue
+ which needs to result in any subr or xr above it to be found}
+
+
+ Nssr Note: A DSE of type nssr is only considered to be found
+ distributed knowledge information when the scope of the search
+ includes entries below it. For example, when the search scope is
+ wholeSubtree or subordinateSubtree and a DSE of type nssr is found in
+ the scope, or if the search scope is singleLevel and the target
+ object names a DSE of type nsssr.
+
+
+ {TODO: The following sections are talking about how the continuation
+ reference is to be populated. Move to next secion. Can probably
+ just say that whole subtree or subordinare subtree encountering nssr,
+ and single level rooted at nssr result in a continuation reference.
+ base at, and single level above do not result in a continuation
+ reference.}
+
+
+4.2.1.1 Search operation with singleLevel scope
+
+
+ If distributed knowledge information is found during operation
+ evaluation of a search with a singleLevel scope, it will cause the
+ resulting ContinuationReference.searchScope to be set to baseObject.
+
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 17]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+4.2.1.2 Search operation encountering nssr knowledge reference
+
+
+ When a search operation encounters distributed knowledge information
+ which is a DSE type of nssr during operation evaluation, the
+ following instructions are followed:
+
+
+ Note that when a search operation is being progressed due to nssr
+ knowledge information, the subsequent distributed progression of the
+ search is caused to be applied to each DSA listed as non-specific
+ knowledge information (This is talked about in Section 4.3.2). In
+ the event that multiple DSAs listed in the knowledge information hold
+ copies of the same directory entries, the 'already searched' and
+ 'duplicate elimination' mechanisms SHOULD be used to prevent
+ duplicate search result entries from ultimately being returned.
+
+
+4.2.1.2.1 wholeSubtree search scope
+
+
+ When the search scope is wholeSubtree, the
+ ContinuationReference.searchScope is set to subordinateSubtree.
+ Because the ContinuationReference.referrenceType is set to
+ nonSpecificSubordinate, the receiving protocol peer allows (and
+ expects) name resolution to stop at an immsupr DSE type which is
+ treated as a local DSE. The subordinateSubtree scope instructs the
+ receiving protocol peer to exclude the target object from the
+ sub-search.
+
+
+4.2.1.2.2 singleLevel search scope
+
+
+ When the search scope is singleLevel, and the base DN is resolved to
+ a DSE of type nssr, subsequent distributed progressions of the search
+ are caused to use the same base DN, and a scope of singleLevel.
+ Receiving protocol peers will only apply the search to entries below
+ the target object.
+
+
+ When the search scope is singleLevel and an evaluated DSE is of type
+ nssr, no special handling is required. The search is applied to that
+ DSE if it is of type entry.
+
+
+4.2.1.2.3 baseObject search scope
+
+
+ No special handling is needed when the search scope is baseObject and
+ the base DN is an nssr DSEType. The search is applied to that DSE if
+ it is of type entry.
+
+
+4.2.1.3 Search operation rooted at an nssr DSE type
+
+
+ (TODO: a subordinateSubtree scope needs to change to wholeSubtree if
+ references are found.)
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 18]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+4.3 Populating the ContinuationReference
+
+
+ When an entry is found to be non-local to a DSA (whether during name
+ resolution or operation evaluation), the DSA prepares for operation
+ distribution by generating a ContinuationReference. This is a
+ conceptual step, given to help explain the interactions that occur
+ between discovering that an operation must be distributing, and
+ actually invoking the operation distribution mechanism.
+ Implementations are not required to perform this step, but will
+ effectively work with the same information.
+
+
+ After the ContinuationReference has been created, the DSA may choose
+ to chain the operation or return a referral (or intermediate
+ referral(s)).
+
+
+ the ContinuationReference is made up of data held on the found
+ distributed knowledge information, as well as state information
+ gained during name resolution or operation evaluation.
+
+
+4.3.1 Conveying the Target Object
+
+
+ The consumer of the ContinuationReference will examine various fields
+ in order to determine the target object name of the operation being
+ progressed. The fields examined are the localReference and
+ remainingName.
+
+
+ If name resolution did not complete, and the found distributed
+ knowledge information names the same DSE as the base DN of the
+ operation, the ContinuationReference MAY omit the localReference
+ and/or remainingName fields.
+
+
+ localReference is populated with the name of the found distributed
+ knowledge information DSE. In the event that the root object holds
+ the distributed knowledge information, this field will be populated
+ with an empty DN. Contrast this with the omission of this field.
+
+
+ referenceType is populated with a value reflecting the reference type
+ of the localReference DSE.
+
+
+ remainingName is populated with the RDNSequence which has not yet
+ been resolved. This is the difference between the localReference
+ value and the name of the DSE to be resolved.
+
+
+ In cases where the DSE named by the {TODO, use a dash or different
+ term to make 'found distributed knowledge' more like a single term}
+ found distributed knowledge is not the same as the base DN of the
+ operation, the ContinuationReference must contain the localReference
+ and/or remainingName fields. Such cases include but are not limited
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 19]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ to:
+
+
+ o Distributed knowledge information is found during operation
+ evaluation.
+ o Aliases were dereferenced during name resolution.
+ o Name resolution did not complete and there were remaining RDNs to
+ be resolved.
+
+
+4.3.2 Conveying the Remote DSA
+
+
+ The referralURI field must contain at least one value. Each
+ referralURI value must hold a referralURI.accessPoint. Other
+ requirements on this field as noted may also apply.
+
+
+ Note for nssr DSE types: During operation evaluation, if a DSE of
+ type nssr causes the operation to be distributed (the scenarios in
+ Section 4.2.1.2 are an example), then an intermediate referral {TODO:
+ this is talking about referral/intermediate referral, but this
+ section is only dealing with populating continuation reference} is
+ returned for each value of the ref attribute, where each intermediate
+ referral only holds a single referralURI value.
+
+
+4.3.3 Conveying new search scope
+
+
+ During the evaluation of the search operation, the instructions in
+ Section 4.2.1.2.1 and Section 4.2.1.2.2 are followed and the
+ searchScope field is updated with the new search scope.
+
+
+4.3.4 Preventing duplicates
+
+
+ In order to prevent duplicate entries from being evaluated while
+ progressing a search operation, the searchedSubtrees field is
+ populated with any naming context below the
+ ContinuationReference.targetObject which have been fully searched.
+
+
+ During the evaluation of the search operation, if the scope is
+ wholeSubtree, it is possible that the DSA may search the contents of
+ a naming context which is subordinate to another naming context which
+ is subordinate to the search base (See figure).
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 20]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ O X
+ / \
+ / \
+ / \
+ / \
+ \_______O Y
+ /|\
+ / | \
+ / | \
+ / | \
+ A B O C
+ / \
+ / \
+ / \
+ / \
+ \_______/
+
+
+ In this figure, the DSA holds the naming context X and C,Y,X, but not
+ Y,X. If the search base was X, an intermediate referral would be
+ returned for Y,X. The DSA holding Y,X may also hold a copy of C,Y,X.
+ In this case, the receiver of the ContinuationReference benefits by
+ knowing that the DSA already searched C,Y,X so that it can prevent
+ other DSAs from returning those entries again.
+
+
+ Data already searched is in the form of an RDNSequence, consisting of
+ the RDNs relative to the target object.
+
+
+4.3.5 Conveying the Failed Name
+
+
+ At least one DS operation (modifyDN) requires that multiple DNs be
+ resolved (the entry being modified and the newSuperior entry). In
+ this case, the failedName field will be populated with the DN being
+ resolved which failed name resolution. This may aid in the
+ determination of how the operation is to be progressed. If both
+ names are found to be non-local, this field is omitted.
+
+
+4.4 Sending a ChainedRequest
+
+
+ When an entry is found to be non-local to a DSA (whether during name
+ resolution or operation evaluation), the DSA may progress the
+ operation by sending a chained operation to another DSA (or DSAs).
+ The instructions in this section assume that a ContinuationReference
+ has been generated which will be used to form the ChainedRequest. It
+ is also assumed that it can be determined whether the operation is
+ being progressed due to name resolution or due to operation
+ evaluation.
+
+
+ A DSA which is able to chain operations may advertise this by
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 21]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ returning a value of IANA-ASSIGNED-OID.2; in the supportedFeatures
+ attribute on the root DSE. {TODO: does this and discovery of the
+ extended op belong in a new 'discovery mechanisms' sections.}
+
+
+4.4.1 Forming a ChainedRequest
+
+
+ The following fields are populated as instructed:
+
+
+4.4.1.1 ChainedRequestValue.chainingArguments.targetObject
+
+
+ The ContinuationReference may convey a new target object. If
+ present, the ContinuationReference.localReference field becomes the
+ candidate target object. Otherwise the candidate target object is
+ assumed to be that of the original directory operation. Note that an
+ empty value in the ContinuationReference.localReference field denotes
+ the root object.
+
+
+ After performing the above determination as to the candidate target
+ object, any RDNSequence in ContinuationReference.remainingName is
+ prepended to the determined candidate target object. This value
+ becomes the ChainedRequestValue.chainingArguments.targetObject. If
+ this value matches the value of the original operation, this field
+ may be omitted.
+
+
+4.4.1.2 ChainedRequestValue.chainingArguments.referenceType
+
+
+ This is populated with the
+ ContinuationReference.referralURI.referenceType.
+
+
+4.4.1.3 ChainedRequestValue.chainingArguments.traceInformation
+
+
+ This is populated as specified in Section 3.2.1.3.
+
+
+4.4.1.4 ChainedRequestValue.chainingArguments.searchScope
+
+
+ This is populated with the
+ ContinuationReference.referralURI.searchScope if present, otherwise
+ by the ContinuationReference.searchScope if present, and not
+ populated otherwise.
+
+
+4.4.1.5 ChainedRequestValue.chainingArguments.searchedSubtrees
+
+
+ This is populated with ContinuationReference.searchedSubtrees, as
+ well as any previously received values of
+ ChainedFinalResponseValue.chainingResults.searchedSubtrees or
+ ChainedIntermediateResponseValue.chainingResults.searchedSubtrees
+ which are subordinate, relative to the target object. (If thsi is
+ relative to the target object, it can't contain non-relative
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 22]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ subtrees)
+
+
+4.4.1.6 ChainedRequestValue.operationRequest
+
+
+ This is populated with the original directory operation request.
+
+
+4.4.2 Attempting Each Referral URI
+
+
+ A ContinuationReference consists of one or more referralURIs which
+ represent(s a) remote DSA(s). The chaining DSA attempts to chain to
+ each of these DSAs until one succeeds in completing the operation.
+ An operation is considered to be completed if it reaches the remote
+ DSA and a response is sent back that indicates that the operation was
+ executed. Operations which are sent to the remote DSA, but don't
+ complete are indicated by a result code of unavailable or busy. A
+ result code of protocolError may indicate that the DSA does not
+ support the chained operation, and in this case, it is also treated
+ as an uncompleted operation. Other errors may in the future specify
+ that they also indicate non-completion. Note that the response may
+ itself contain referral(s), these are still considered completed
+ operations and thus would subsequently be handled and chained.
+ {TODO: could use soft/hard, or transient/permanent
+ referral/non-referral error terms here.}
+
+
+4.4.3 Loop Prevention
+
+
+ Prior to sending a ChainedRequest, the DSA may attempt to prevent
+ looping scenarios by comparing {TODO: what matching rule is used?
+ Suggest we don't convert dns names to ip addresses due to NATs} the
+ address of the remote DSA and target object to the values of
+ ChainedRequestValue.chainingArguments.traceInformation. If a match
+ is found, the DSA returns a loopDetect error. Note that while this
+ type of loop prevention aids in detecting loops prior to sending data
+ to a remote DSA, it is not a substitute for loop detection (Section
+ Section 4.6.2). This is because the sending DSA is only aware of a
+ single address on which the receiving DSA accepts connections.
+
+
+4.5 Emulating the Sending of a ChainedRequest
+
+
+ When it is determined that the operation cannot be distributed by
+ means of the ChainedRequest, the chaining DSA may instead emulate the
+ steps involved in chaining the operation. These steps consist of
+ performing loop prevention, forming a new directory operation request
+ from the original request and possibly updating the base DN, search
+ scope, and search filter(in order to emulate searchedSubtrees), and,
+ similar to the steps in Section 4.4.2, attempting to send the
+ operation request to each DSA listed in the
+ ContinuationReference.referralURI until one succeeds in completing
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 23]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ the operation.
+
+
+ {TODO: We need a way (control) to tell the receiver to allow name
+ resolution to end on the parent of a cp (typically an immsupr). This
+ would be sent when the ContinuationReference.referenceType is
+ nonSpecificSubordinate}
+
+
+4.5.1 Emulated Loop Detection
+
+
+ For this step, the loop prevention instructions in Section 4.4.3 are
+ followed. Note that this method of loop detection may actually allow
+ some looping to occur before the loop is detected.
+
+
+4.5.2 Forming the New Request
+
+
+ The new directory operation request is formed from the fields of the
+ original request, and the following fields may be updated:
+
+
+ o The base DN is formed from the new target object as determined by
+ following the instructions in Section 4.4.1.1 and using the value
+ which would have been placed in
+ ChainedRequestValue.chainingArguments.targetObject.
+ o For the search operation, the scope is populated with
+ ContinuationReference.searchScope if present, otherwise the scope
+ of the original operation request is used.
+ o For the search operation, if the
+ ContinuationReference.searchedSubtrees field is present, causes
+ the search filter to be augmented by adding a filter item of the
+ 'and' CHOICE. The filter consists of {TODO: weasel Kurt into
+ finishing his entryDN draft and reference the appropriate section
+ there. See
+ <http://www.openldap.org/lists/ietf-ldapext/200407/msg00000.html>
+ for context}
+ o Other fields (such as the messageID, and non-critical controls)
+ may also need to be updated or excluded.
+
+
+ If the service being chained to does not support directory
+ operations, other operations may be used as long as they provide the
+ same level as service as those provided by the analogous directory
+ operation.
+
+
+4.6 Receiving a ChainedRequest
+
+
+ A DSA which is able to receive and service a ChainedRequest may
+ advertise this feature by returning a value of IANA-ASSIGNED-OID.1 in
+ the supportedExtension attribute of the root DSE. {TODO: move?}
+
+
+ The ChainedRequestValue data type is the requestValue of an
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 24]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ extendedRequest.
+
+
+ In general, receiving and servicing a ChainedRequest consists of
+ performing loop detection and, using components of the
+ ChainedRequestType.chainingArguments along with the
+ ChainedRequestType.operationRequest, service the request.
+
+
+4.6.1 Target Object determination
+
+
+ Prior to checking for a loop condition, the target object must be
+ determined. If the ChainedRequestType.chainingArguments.targetObject
+ field is present, its value becomes the target object. Otherwise,
+ the base DN found in the ChainedRequestType.operationRequest becomes
+ the target object.
+
+
+4.6.2 Loop Detection
+
+
+ The loop detection check happens when a DSA receives a chained
+ operation, prior to acting on the operation. The DSA compares {TODO:
+ matching rule? DNS expansion?} each value of
+ ChainedRequestValue.traceInformation to the list of addresses at
+ which it accepts directory communications. A value of
+ ChainedRequestValue.traceInformation matches when the DSA accepts
+ directory communications on the address found in the
+ ChainedRequestValue.traceInformation value, and the target object (as
+ determined in Section 4.6.1 matches the DN {TODO: using DN matching?}
+ value found in the ChainedRequestValue.traceInformation value. If a
+ match is found the DSA returns a loopDetect result.
+
+
+4.6.3 Processing the ChainedRequestValue.operationRequest
+
+
+ In processing the operationRequest, the DSA uses the target object
+ determined in Section 4.6.1. For search operations, it uses the
+ scope found in ChainedRequestValue.chainingArguments.searchScope, and
+ excludes any subtrees relative to the target object indicated in
+ ChainedRequestValue.chainingArguments.searchedSubtrees.
+
+
+ Responses are returned in the form of a Chained Response.
+
+
+4.7 Returning a Chained Response
+
+
+ When returning responses to a ChainedRequest, the Chained Response as
+ documented in Section 3.3 is used. If the
+ ChainedFinalResponseValue.operationResponse is a searchResultDone,
+ the ChainedFinalResponseValue.chainingResults.searchedSubtrees field
+ is populated with values consisting of the RDNSequence relative to
+ the target object of naming contexts that the DSA searched. See
+ Section 3.3.1.1 for details on why this is done.
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 25]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+4.7.1 Chained Response resultCode
+
+
+ The resultCode for the Chained Response is distinct from the result
+ code of the ChainedIntermediateResponseValue.intermediateResponse or
+ ChainedFinalResponseValue.finalResponse. If the act of chaining the
+ operation completed, then this value will be success. Other result
+ codes refer to the chained operation itself, and not the result of
+ the embedded operation.
+
+
+4.7.2 Returning referrals in the Chained Response
+
+
+ {TODO: it would be less complicated if rather than using the simple
+ LDAP URL, we used the ContinuationReference type to return referrals
+ and intermediate referrals.} {TODO: We need an example of why we
+ should allow referrals on a chained response. Why not just use the
+ referral field in the operation?}
+
+
+4.8 Receiving a Chained Response
+
+
+ Processing a received Chained Response is generally straight forward
+ -- typically the response is simply extracted and returned, but there
+ are some extra steps to be taken when chaining sub-operations.
+
+
+4.8.1 Handling Sub-operation controls and result codes
+
+
+ When sub-operations are chained, there is the possibility that
+ different result codes will be encountered. Similarly, if controls
+ which elicit response controls were attached to the operation, it's
+ possible that multiple response controls will be encountered. Both
+ of these possibilities require that the chaining DSA take appropriate
+ steps to ensure that the response being returned is correct.
+
+
+ In general, when a result code indicating an error is received, the
+ operation will terminate and the error will be returned. In cases
+ where multiple sub-operations are being concurrently serviced, the
+ operation will terminate and the most relevant, or first received
+ result code is returned -- determining the result code to be returned
+ in this case is a local matter.
+
+
+ A DSA which chains an operation having a control (or controls)
+ attached must ensure that a properly formed response is returned.
+ This requires that the DSA understand and know how to aggrigate the
+ results of all controls which it allows to remain attached to an
+ operation being chained. If the DSA does not understand or support a
+ control which is marked non-critical, it removes the control prior to
+ chaining the operation. The DSA may return
+ unavailableCriticalExtension for critical controls that it cannot or
+ will not chain. {TODO: give SSS as an example?}
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 26]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+4.8.1.1 Handling referrals during sub-operations
+
+
+ If a referral is returned in response to a sub-operation, the sending
+ DSA may attempt to further chain the operation. In the event that
+ the DSA does not further chain the sub-operation, it will use the
+ referral to construct an intermediate referral, and return it
+ appropriately. When using a referral to construct an intermediate
+ referral, certain transformations may have to happen. For example,
+ when using a referral to construct a searchResultReference, it must
+ be assured that the <dn> field is present, and that the <scope> field
+ is properly updated.
+
+
+4.8.2 Duplicate Elimination
+
+
+ When search result references cause the DSA to chain a search, it is
+ possible that duplicate objects will be returned by different remote
+ DSAs. These duplicate objects must be sensed and not returned.
+
+
+ {TODO: Even though there are costs associated with returning
+ duplicates, is it a worthy exercise to build in an allowance for them
+ to be returned? In other words, do we want to add a way for a client
+ (or administrator) to say "it's ok, return the duplicates, let the
+ client deal with them"? Allowing is seen as a cost benefit to the
+ DSA.}
+
+
+4.9 Returning a Referral or Intermediate Referral
+
+
+ There are two ways in which the fields of the ContinuationReference
+ may be conveyed in a response containing or consisting of referral or
+ intermediate referral. A paired control is introduced for the
+ purpose of soliciting and returning a ContinuationReference. In
+ absence of this control, a referral or intermediate referral may be
+ returned which conveys the information present in the
+ ContinuationReference. A method of converting a
+ ContinuationReference to an LDAP URL is provided for referrals and
+ intermediate referrals which identify LDAP-enabled DSAs. Methods for
+ converting a ContinuationReference to URIs which identify non-LDAP
+ servers is not provided here, but may be specified in future
+ documents, as long as they can represent the data needed to provide
+ the same level of service.
+
+
+4.9.1 ReturnContinuationReference controls
+
+
+ This control is sent when a client wishes to receive a
+ ContinuationReference in the event that a referral or intermediate
+ referral is being returned. If returned, the ContinuationReference
+ will hold all data but the referralURI field. the referralURI values
+ will be held in the referral or intermediate referral (Referral,
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 27]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ SearchResultReference, etc.).
+
+
+4.9.1.1 ReturnContinuationReference request control
+
+
+ Solicits the return of a ReturnContinuationReference response control
+ on messages consisting of (or carrying) a referral or intermediate
+ referral. The controlType is IANA-ASSIGNED-OID.3, the criticality is
+ set at the sender's discretion, the controlValue is omitted.
+
+
+4.9.1.2 ReturnContinuationReference response control
+
+
+ In response to the ReturnContinuationReference request control, this
+ holds a ContinuationReference for messages consisting of (or
+ carrying) a referral or intermediate referral. The controlType is
+ IANA-ASSIGNED-OID.3, the controlValue is the BER-encoding of a
+ ContinuationReference. Note that the referralURI field is optionally
+ omitted when the ContinuationReference is sent in this control value.
+ In this event, the URI(s) found in the referral or intermediate
+ referral (Referral, SearchContinuationReference, etc.) are to be used
+ in its stead. {TODO: is returining the referralURI outside an
+ unneeded complication?}
+
+
+4.9.2 Converting a ContinuationReference to an LDAP URL
+
+
+ This section details the way in which an LDAP URL (from the referral
+ or intermediate referral) is used to convey the fields of a
+ ContinuationReference. Where existing LDAP URL fields are
+ insufficient, extensions are introduced. Note that further
+ extensions to the ContinuationReference type require further
+ specifications here. {TODO: explain that each ldap url in the
+ continuation refrerence is examined and converted}
+
+
+ These instructions must be applied to each LDAP URL value within the
+ referral or intermediate referral.
+
+
+4.9.2.1 Conveying the target name
+
+
+ If the <dn> part of the LDAP URL is already present, it is determined
+ to be the candidate target object. Otherwise, the candidate target
+ object comes from the ContinuationReference.localReference. Once the
+ candidate target object is determined, the value of
+ ContinuationReference.remainingName is prepended to the candidate
+ target object. This new value becomes the target object and its
+ string value (as specified by <distinguishedName> in [RFC2253]) is
+ placed in the <dn> part of the LDAP URL.
+
+
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 28]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+4.9.2.2 ContinuationReference.localReference
+
+
+ This is conveyed as an extension. The extype is IANA-ASSIGNED-OID.4
+ or the descriptor 'localReference', and the exvalue is the string DN
+ encoding (as specified by <distinguishedName> in [RFC2253]) of the
+ ContinuationReference.localReference value.
+
+
+4.9.2.3 ContinuationReference.referenceType
+
+
+ This is conveyed as an extension. The extype is IANA-ASSIGNED-OID.5
+ or the descriptor 'referenceType'. If the
+ ContinuationReference.referenceType is one of superior, subordinate,
+ cross, nonSpecificSubordinate, suplier, master, immediateSuperior, or
+ self, the exvalue 'superior', 'subordinate', 'cross',
+ 'nonSpecificSubordinate', 'suplier', 'master', 'immediateSuperior',
+ or 'self' respectively.
+
+
+4.9.2.4 ContinuationReference.searchScope
+
+
+ If the search scope is one of baseObject, singleLevel, or
+ wholeSubtree, then it may be conveyed in the 'scope' part of the LDAP
+ URL as 'base', 'one', or 'sub' respectively. If the search scope is
+ subordinateSubtree, then it may be conveyed in the <extension> form
+ as documented in [LDAP-SUBORD]. If this extension is present, it
+ MUST be marked critical. This ensures that a receiver which is
+ unaware of this extension uses the proper search scope, or fails to
+ progress the operation.
+
+
+4.9.2.5 ContinuationReference.searchedSubtrees
+
+
+ This field is conveyed as an extension. The extype is
+ IANA-ASSIGNED-OID.6 or the descriptor 'searchedSubtrees', and the
+ exvalue is the ContinuationReference.searchedSubtree value encoded
+ according to the following searchedSubtrees ABNF:
+
+
+ searchedSubtrees = 1*(LANGLE searchedSubtree RANGLE)
+ searchedSubtree = <distinguishedName> from [RFC2253]
+ LANGLE = %x3C ; left angle bracket ("<")
+ RANGLE = %x3E ; right angle bracket (">")
+
+
+ Each searchedSubtree represents one RDNSequence value in the
+ ContinuationReference.searchedSubtree field. An example of a
+ searchedSubtrees value containing two searched subtrees is:
+ <dc=example,dc=com><cn=ralph,dc=users,dc=example,dc=com>.
+
+
+4.9.2.6 ContinuationReference.failedName
+
+
+ This field is conveyed as an extension. The extype is
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 29]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ IANA-ASSIGNED-OID.7 or the descriptor 'failedName', and the exvalue
+ is the string DN encoding (as specified in [RFC2253]) of the
+ ContinuationReference.failedName value.
+
+
+4.10 Acting on a Referral or Intermediate Referral
+
+
+ When a protocol peer receives a referral or intermediate referral, it
+ may distribute the operation either by sending a ChainedRequest, or
+ by emulating the ChainedRequest. Prior to taking these steps, the
+ protocol peer effectively converts the referral or intermediate
+ referral into a ContinuationReference. Then, acting in the same
+ manner as a DSA would, follows the directions in Section 4.4 if
+ sending a ChainedRequest, or Section 4.5 otherwise.
+
+
+4.10.1 Converting a Referral or Intermediate Referral to a
+ ContinuationReference
+
+
+ A referral or intermediate referral may be converted (or conceptually
+ converted) to a ContinuationReference type in order to follow the
+ distributed operation procedures in Section 4.4, or Section 4.5. The
+ following steps may only be used to convert a referral or
+ intermediate referral containing LDAP URL values. Converting other
+ types of URIs may be specified in future documents as long as the
+ conversion provides the same level of service found here.
+
+
+ o The ContinuationReference.referralURI is populated with all LDAP
+ URL values in the referral or intermediate referral.
+ o The ContinuationReference.localReference populate with the value
+ of the localReference extension value (Section 4.9.2.2) if one
+ exists. Otherwise it is omitted.
+ o The ContinuationReference.referenceType populate with the value of
+ the referenceType extension value (Section 4.9.2.3) if one exists.
+ Otherwise it is omitted.
+ o The ContinuationReference.remainingName is omitted.
+ o The ContinuationReference.searchScope is populated with
+ subordinateSubtree if the subordScope LDAP URL extension
+ [LDAP-SUBORD] is present. If the <scope> field contains te value
+ 'base', 'one', 'sub', or 'subordinates', this filed is populated
+ with baseObject, singleLevel, wholeSubtree, or subordinateSubtree
+ respectively. Otherwise this field is omitted.
+ o The ContinuationReference.searchedSubtrees is populated with any
+ searchedSubtrees LDAP URI extension Section 4.9.2.5 value found on
+ an LDAP URI in the referral or intermediate referral. If none
+ exist, this field is omitted.
+ o The ContinuationReference.failedName is populated with any
+ failedName LDAP URI extension Section 4.9.2.6 value found on an
+ LDAP URI in the referral or intermediate referral. If none exist,
+ this field is omitted.
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 30]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ Note that many fields are simply omitted. This is either because
+ they are conveyed within the LDAP URL values themselves, and
+ subsequent instructions will check for their presence, or because
+ they are not needed (they are redundant or not used in further
+ instructions).
+
+
+4.11 Ensuring non-existence of an entry under an nssr
+
+
+ {TODO: add a huge disclaimer here that says without transactional
+ semantics, you can never be sure that the entry didn't get added.
+ Maybe we should just punt on this and say it's a local matter} In
+ order to ensure there are no entries matching the name of the entry
+ to be added or renamed immediately subordinate to an nssr, these
+ steps may be followed.
+
+
+ If the DSA is able and allowed to chain operations, it may contact
+ each of the DSAs listed as access points in the nssr (in the ref
+ attribute) and using a base-level search operation it will determine
+ whether or not the object to be added exists. Note that access
+ control or other policies may hide the entry from the sending DSA.
+ If the entry does not exist on any of the DSAs listed in the nssr,
+ the operation may progress on the local DSA.
+
+
+ If the DSA cannot make this determination, the operation fails with
+ affectsMultipleDSAs.
+
+
+4.12 Mapping a referralURI to an LDAP URI
+
+
+ As with any URI specification which is intended to be used as a URI
+ which conveys referral information, the LDAP URI specification is
+ given a mapping to the elements of a referralURI as specified in.
+ Section 3.1.1.1. These mappings are given here using the ABNF
+ identifiers given in [RFC2255].
+
+
+ referralURI to LDAP URI mapping:
+
+
+ +---------------------------------+---------------------------------+
+ | referralURI element | LDAP URL element |
+ +---------------------------------+---------------------------------+
+ | protocolIdentifier | <scheme> |
+ | | |
+ | accessPoint | <hostport> |
+ | | |
+ | targetObject | <dn>. This must be encoded as a |
+ | | <distinguishedName> as |
+ | | specified in [RFC2253] |
+ | | |
+ | localReference | LDAP URL localReference |
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 31]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ | | extension as specified in |
+ | | Section 4.9.2.2 |
+ | | |
+ | referenceType | LDAP URL referenceType |
+ | | extension as specified in |
+ | | Section 4.9.2.3 |
+ | | |
+ | searchScope | <scope> or LDAP URL subordScope |
+ | | extension as specified in |
+ | | Section 4.9.2.4 |
+ | | |
+ | searchedSubtrees | LDAP URL searchedSubtrees |
+ | | extension as specified in |
+ | | Section 4.9.2.5 |
+ | | |
+ | failedName | LDAP URL failedName extension |
+ | | as specified in Section 4.9.2.6 |
+ +---------------------------------+---------------------------------+
+
+
+
+ 4.13 Using the ManageDsaIT control
+
+
+ This control, defined in [RFC3296], allows the management of the
+ distributed knowledge information held by a DSA, and thus overrides
+ the determinations made during name resolution and operation
+ evaluation. When this control is attached to an operation, all
+ resolved and acted upon DSEs are treated as being local to the DSA.
+ This is true regardless of the phase the operation is in. Thus
+ referrals are never returned and chaining never occurs.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 32]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+5. Security Considerations
+
+
+ This document introduces a mechanism (chaining) which can be used to
+ propagate directory operation requests to servers which may be
+ inaccessible otherwise. Implementers and deployers of this
+ technology should be aware of this and take appropriate steps such
+ that firewall mechanisms are not compromised.
+
+
+ This document introduces the ability to return auxiliary data when
+ returning referrals. Measures should be taken to ensure proper
+ protection of his data.
+
+
+ Implementers must ensure that any specified time, size, and
+ administrative limits are not circumvented due to the mechanisms
+ introduced here.
+
+
+6. Normative References
+
+
+ [LDAP-SUBORD]
+ Sermersheim, J., "Subordinate Subtree Search Scope for
+ LDAP",
+ Internet-Draft draft-sermersheim-ldap-subordinate-scope,
+ July 2004.
+
+
+ [RFC2079] Smith, M., "Definition of an X.500 Attribute Type and an
+ Object Class to Hold Uniform Resource Identifiers (URIs)",
+ RFC 2079, January 1997.
+
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+
+ [RFC2251] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory
+ Access Protocol (v3)", RFC 2251, December 1997.
+
+
+ [RFC2253] Wahl, M., Kille, S. and T. Howes, "Lightweight Directory
+ Access Protocol (v3): UTF-8 String Representation of
+ Distinguished Names", RFC 2253, December 1997.
+
+
+ [RFC2255] Howes, T. and M. Smith, "The LDAP URL Format", RFC 2255,
+ December 1997.
+
+
+ [RFC2396] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform
+ Resource Identifiers (URI): Generic Syntax", RFC 2396,
+ August 1998.
+
+
+ [RFC3296] Zeilenga, K., "Named Subordinate References in Lightweight
+ Directory Access Protocol (LDAP) Directories", RFC 3296,
+ July 2002.
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 33]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ [RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access
+ Protocol (v3): Technical Specification", RFC 3377,
+ September 2002.
+
+
+ [RFC3383] Zeilenga, K., "Internet Assigned Numbers Authority (IANA)
+ Considerations for the Lightweight Directory Access
+ Protocol (LDAP)", BCP 64, RFC 3383, September 2002.
+
+
+ [RFC3771] Harrison, R. and K. Zeilenga, "The Lightweight Directory
+ Access Protocol (LDAP) Intermediate Response Message",
+ RFC 3771, April 2004.
+
+
+ [X500] International Telephone and Telegraph Consultative
+ Committee, "The Directory - overview of concepts, models
+ and services", ITU-T Recommendation X.500, November 1993.
+
+
+ [X518] International Telephone and Telegraph Consultative
+ Committee, "The Directory - The Directory: Procedures for
+ distributed operation", ITU-T Recommendation X.518,
+ November 1993.
+
+
+ [X680] International Telecommunications Union, "Abstract Syntax
+ Notation One (ASN.1): Specification of basic notation",
+ ITU-T Recommendation X.680, July 2002.
+
+
+ [X690] International Telecommunications Union, "Information
+ Technology - ASN.1 encoding rules: Specification of Basic
+ Encoding Rules (BER), Canonical Encoding Rules (CER) and
+ Distinguished Encoding Rules (DER)", ITU-T Recommendation
+ X.690, July 2002.
+
+
+
+Author's Address
+
+
+ Jim Sermersheim
+ Novell, Inc
+ 1800 South Novell Place
+ Provo, Utah 84606
+ USA
+
+
+ Phone: +1 801 861-3088
+ Email: jimse at novell.com
+
+
+
+
+
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 34]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+Appendix A. IANA Considerations
+
+
+ Registration of the following values is requested [RFC3383].
+
+
+A.1 LDAP Object Identifier Registrations
+
+
+ It is requested that IANA register upon Standards Action an LDAP
+ Object Identifier in identifying the protocol elements defined in
+ this technical specification. The following registration template is
+ provided:
+
+
+ Subject: Request for LDAP OID Registration
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments:
+ Seven delegations will be made under the assigned OID:
+ IANA-ASSIGNED-OID.1 ChainedRequest LDAP Extended Operation
+ IANA-ASSIGNED-OID.2 Supported Feature: Can Chain Operations
+ IANA-ASSIGNED-OID.3 ReturnContinuationReference LDAP Controls
+ IANA-ASSIGNED-OID.4 localReference: LDAP URL Extension
+ IANA-ASSIGNED-OID.6 searchedSubtree: LDAP URL Extension
+ IANA-ASSIGNED-OID.7 failedName: LDAP URL Extension
+
+
+A.2 LDAP Protocol Mechanism Registrations
+
+
+ It is requested that IANA register upon Standards Action the LDAP
+ protocol mechanism described in this document. The following
+ registration templates are given:
+
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID.1
+ Description: ChainedRequest LDAP Extended Operation
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Usage: Extension
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID.2
+ Description: Can Chain Operations Supported Feature
+ Person & email address to contact for further information:
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 35]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ Jim Sermersheim
+ jimse at novell.com
+ Usage: Feature
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID.3
+ Description: ReturnContinuationReference LDAP Controls
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Usage: Control
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID.4
+ Description: localReference LDAP URL Extension
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Usage: Extension
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID.5
+ Description: referenceType LDAP URL Extension
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Usage: Extension
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID.6
+ Description: searchedSubtree LDAP URL Extension
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Usage: Extension
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 36]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID.7
+ Description: failedName LDAP URL Extension
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Usage: Extension
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+A.3 LDAP Descriptor Registrations
+
+
+ It is requested that IANA register upon Standards Action the LDAP
+ descriptors described in this document. The following registration
+ templates are given:
+
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): localReference
+ Object Identifier: IANA-ASSIGNED-OID.4
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Usage: URL Extension
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): referenceType
+ Object Identifier: IANA-ASSIGNED-OID.5
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Usage: URL Extension
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): searchedSubtree
+ Object Identifier: IANA-ASSIGNED-OID.6
+ Person & email address to contact for further information:
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 37]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+ Jim Sermersheim
+ jimse at novell.com
+ Usage: URL Extension
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): failedName
+ Object Identifier: IANA-ASSIGNED-OID.7
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Usage: URL Extension
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+A.4 LDAP Result Code Registrations
+
+
+ It is requested that IANA register upon Standards Action the LDAP
+ result codes described in this document. The following registration
+ templates are given:
+
+
+ Subject: Request for LDAP Result Code Registration
+ Result Code Name: invalidReference
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Usage: URL Extension
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 38]
+Internet-Draft Distributed Procedures for LDAP Operations February 2005
+
+
+
+Intellectual Property Statement
+
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Disclaimer of Validity
+
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+Copyright Statement
+
+
+ Copyright (C) The Internet Society (2005). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+
+
+Acknowledgment
+
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+
+Sermersheim Expires August 26, 2005 [Page 39]
\ No newline at end of file
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-subordinate-scope-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-subordinate-scope-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-sermersheim-ldap-subordinate-scope-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,335 @@
+
+Network Working Group J;. Sermersheim
+Internet-Draft Novell, Inc
+Updates: 2251 (if approved) July 2004
+Expires: December 30, 2004
+
+
+ Subordinate Subtree Search Scope for LDAP
+ draft-sermersheim-ldap-subordinate-scope-00.txt
+
+Status of this Memo
+
+ This document is an Internet-Draft and is subject to all provisions
+ of section 3 of RFC 3667. By submitting this Internet-Draft, each
+ author represents that any applicable patent or other IPR claims of
+ which he or she is aware have been or will be disclosed, and any of
+ which he or she become aware will be disclosed, in accordance with
+ RFC 3668.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as
+ Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt.
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ This Internet-Draft will expire on December 30, 2004.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2004).
+
+Abstract
+
+ The Lightweight Directory Application Protocol (LDAP) specification
+ supports three scope values for the search operation -- namely:
+ baseObject, singleLevel, and wholeSubtree. This document introduces
+ a subordinateSubtree scope which constrains the search scope to all
+ subordinates of the named base object.
+
+Discussion Forum
+
+
+
+Sermersheim Expires December 30, 2004 [Page 1]
+�
+Internet-Draft Subordinate Subtree Search Scope for LDAP July 2004
+
+
+ Technical discussion of this document will take place on the IETF
+ LDAP Extensions mailing list <ldapext at ietf.org>. Please send
+ editorial comments directly to the author.
+
+1. Overview
+
+ There are a number of reasons which have surfaced for introducing a
+ Lightweight Directory Application Protocol (LDAP) [RFC3377]
+ SearchRequest.scope [RFC2251] which constrains the search scope to
+ all subordinates of the named base object, and does not include the
+ base object (as wholeSubtree does). These reasons range from the
+ obvious utility of allowing an LDAP client application the ability to
+ exclude the base object from a wholeSubtree search scope, to
+ distributed operation applications which require this scope for
+ progressing search sub-operations resulting from an nssr DSE type
+ reference.
+
+ To meet these needs, the subordinateSubtree scope value is
+ introduced.
+
+ The subordinateSubtrees cope is applied to the SearchRequest.scope
+ field, the <scope> type and alternately the <extension> type of the
+ LDAP URL [RFC2255] and may be applied to other specifications which
+ include an LDAP search scope. A mechanism is also given which allows
+ LDAP Directory Server Agents (DSA)s to advertise support of this
+ search scope.
+
+2. Application to SearchRequest.scope
+
+ A new item is added to this ENUMERATED type. The identifier is
+ subordinateSubtree and the number is 4.
+
+ A DSA which receives and supports the subordinateSubtree
+ SearchRequest.scope constrains the search scope to all subordinate
+ objects.
+
+ A DSA which receives but does not support the subordinateSubtree
+ SearchRequest.scope returns a protocolError resultCode in the
+ SearchResultDone.
+
+3. LDAP URL applications
+
+ The LDAP URL [RFC2255] specification allows the conveyance of a
+ search scope. This section intoduces two ways in which the
+ subordinateScope search scope may be conveyed in an LDAP URL. One
+ way is by allowing a new "subord" scope in the <scope> part. Another
+ way is through the introduction of an LDAP URL extension. The LDAP
+ URL extension method is preferred for its criticality semantics.
+
+
+
+Sermersheim Expires December 30, 2004 [Page 2]
+�
+Internet-Draft Subordinate Subtree Search Scope for LDAP July 2004
+
+
+3.1 Application to LDAP URL <scope>
+
+ A new <scope> value of "subord" is added. Using the <scope> type
+ from LDAP URL [RFC2255], the ABNF is as follows:
+
+ scope /= "subord"
+
+ Implementations processing but which do not understand or support the
+ "subord" <scope> of an LDAP URL raise an appropriate error.
+
+3.2 Application to LDAP URL <extension>
+
+ An LDAP URL <extension> mechanism is introduced here. The <extype>
+ is IANA-ASSIGNED-OID.1 or the descriptor 'subordScope', and the
+ exvalue is omitted. The extension may be marked as either critical
+ or non-critical.
+
+ If supported, the subordScope extension overrides any value set in
+ the <scope> field.
+
+4. DSA Advertisement of support
+
+ A DSA may advertise its support of the subordinateSubtree item in the
+ SearchRequest.scope by inclusion of IANA-ASSIGNED-OID.2 in the
+ 'supportedFeatures' attribute of the root DSE.
+
+5. Security Considerations
+
+ This specification introduces no security concerns above any
+ associated with the existing wholeSubtree search scope value.
+
+ As with the wholeSubtree search scope, this scope specifies that a
+ search be applied to an entire subtree hierarchy. Implementations
+ should be aware of the relative cost of using or allowing this scope.
+
+6 Normative References
+
+ [RFC2251] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory
+ Access Protocol (v3)", RFC 2251, December 1997.
+
+ [RFC2255] Howes, T. and M. Smith, "The LDAP URL Format", RFC 2255,
+ December 1997.
+
+ [RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access
+ Protocol (v3): Technical Specification", RFC 3377,
+ September 2002.
+
+ [RFC3383] Zeilenga, K., "Internet Assigned Numbers Authority (IANA)
+
+
+
+Sermersheim Expires December 30, 2004 [Page 3]
+�
+Internet-Draft Subordinate Subtree Search Scope for LDAP July 2004
+
+
+ Considerations for the Lightweight Directory Access
+ Protocol (LDAP)", BCP 64, RFC 3383, September 2002.
+
+
+Author's Address
+
+ Jim Sermersheim
+ Novell, Inc
+ 1800 South Novell Place
+ Provo, Utah 84606
+ USA
+
+ Phone: +1 801 861-3088
+ EMail: jimse at novell.com
+
+Appendix A. IANA Considerations
+
+ Registration of the following values is requested [RFC3383].
+
+A.1 LDAP Object Identifier Registrations
+
+ It is requested that IANA register upon Standards Action an LDAP
+ Object Identifier in identifying the protocol elements defined in
+ this technical specification. The following registration template is
+ provided:
+
+ Subject: Request for LDAP OID Registration
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments:
+ 2 delegations will be made under the assigned OID:
+ IANA-ASSIGNED-OID.1 subordScope LDAP URL extension
+ IANA-ASSIGNED-OID.2 subordinateScope Supported Feature
+
+A.2 LDAP Protocol Mechanism Registrations
+
+ It is requested that IANA register upon Standards Action the LDAP
+ protocol mechanism described in this document. The following
+ registration templates are given:
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID.1
+ Description: subordScope LDAP URL extension
+ Person & email address to contact for further information:
+
+
+
+
+Sermersheim Expires December 30, 2004 [Page 4]
+�
+Internet-Draft Subordinate Subtree Search Scope for LDAP July 2004
+
+
+ Jim Sermersheim
+ jimse at novell.com
+ Usage: Extension
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+A.3 LDAP Descriptor Registrations
+
+ It is requested that IANA register upon Standards Action the LDAP
+ descriptors described in this document. The following registration
+ templates are given:
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): subordScope
+ Object Identifier: IANA-ASSIGNED-OID.1
+ Person & email address to contact for further information:
+ Jim Sermersheim
+ jimse at novell.com
+ Usage: URL Extension
+ Specification: RFCXXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sermersheim Expires December 30, 2004 [Page 5]
+�
+Internet-Draft Subordinate Subtree Search Scope for LDAP July 2004
+
+
+Intellectual Property Statement
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+Disclaimer of Validity
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+Copyright Statement
+
+ Copyright (C) The Internet Society (2004). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+
+Acknowledgment
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+Sermersheim Expires December 30, 2004 [Page 6]
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-adlist-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-adlist-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-adlist-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,339 @@
+
+
+
+
+
+
+INTERNET-DRAFT Kurt D. Zeilenga
+Intended Category: Informational OpenLDAP Foundation
+Expires in six months 18 July 2005
+
+
+
+ Requesting Attributes by Object Class in the
+ Lightweight Directory Access Protocol
+ <draft-zeilenga-ldap-adlist-11.txt>
+
+
+Status of this Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor as an Informational document.
+ Distribution of this memo is unlimited. Technical discussion of this
+ document will take place on the IETF LDAP Extensions mailing list
+ <ldapext at ietf.org>. Please send editorial comments directly to the
+ author <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware have
+ been or will be disclosed, and any of which he or she becomes aware
+ will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2005). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+
+
+
+Zeilenga Requesting Attributes by Object Class [Page 1]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-adlist-11 18 July 2005
+
+
+Abstract
+
+ The Lightweight Directory Access Protocol (LDAP) search operation
+ provides mechanisms for clients to request all user application
+ attributes, all operational attributes, and/or attributes selected by
+ their description. This document extends LDAP to support a mechanism
+ that LDAP clients may use to request the return of all attributes of
+ an object class.
+
+
+1. Background and Intended Use
+
+ In the Lightweight Directory Access Protocol (LDAP) [Roadmap], the
+ search operation [Protocol] support requesting the return of a set of
+ attributes. This set is determined by a list of attribute
+ descriptions. Two special descriptors are defined to request all user
+ attributes ("*") [Protocol] and all operational attributes ("+")
+ [RFC3673]. However, there is no convenient mechanism for requesting
+ pre-defined sets of attributes such as the set of attributes used to
+ represent a particular class of object.
+
+ This document extends LDAP to allow an object class identifier to be
+ specified in attributes lists, such as in Search requests, to request
+ the return all attributes belonging to an object class. The
+ COMMERCIAL AT ("@", U+0040) character is used to distinguish an object
+ class identifier from an attribute descriptions.
+
+ For example, the attribute list of "@country" is equivalent to the
+ attribute list of 'c', 'searchGuide', 'description', and
+ 'objectClass'. This object class is described in [Schema].
+
+ This extension is intended primarily to be used where the user is in
+ direct control of the parameters of the LDAP search operation, for
+ instance when entering a LDAP URL [LDAPURL] into a web browser. For
+ example, <ldap:///dc=example,dc=com?@organization?base>.
+
+2. Terminology
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+ DSA stands for Directory System Agent (or server).
+ DSE stands for DSA-specific Entry.
+
+
+3. Return of all Attributes of an Object Class
+
+
+
+
+Zeilenga Requesting Attributes by Object Class [Page 2]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-adlist-11 18 July 2005
+
+
+ This extension allows object class identifiers is to be provided in
+ the attributes field of the LDAP SearchRequest [Protocol] or other
+ request values of the AttributeSelection data type (e.g., attributes
+ field in pre/post read controls [ReadEntry]) and/or
+ <attributeSelector> production (e.g., attributes of an LDAP URL
+ [LDAPURL]). For each object class identified in the attributes field,
+ the request is to be treated as if each attribute allowed by that
+ class (by "MUST" or "MAY", directly or by "SUP"erior) [Models] was
+ itself listed.
+
+ This extension extends attributeSelector [Protocol] production as
+ indicated by the following ABNF [ABNF]:
+
+ attributeSelector /= objectclassdescription
+ objectclassdescription = ATSIGN oid options
+ ATSIGN = %x40 ; COMMERCIAL AT ("@" U+0040)
+
+ where <oid> and <options> productions are as defined in [Models].
+
+ The <oid> component of an <objectclassdescription> production
+ identifies the object class by short name (descr) or object identifier
+ (numericoid). If the value of the <oid> component is unrecognized or
+ does not refer to an object class, the object class description is be
+ treated an an unrecognized attribute description.
+
+ The <options> production is included in the grammar for extensibility
+ purposes. An object class description with an unrecognized or
+ inappropriate option is to be treated as an unrecognized.
+
+ While object class description options and attribute description
+ options share the same syntax, they are not semantically related.
+ This document does not define any object description option.
+
+ Servers supporting this feature SHOULD publish the object identifier
+ (OID) 1.3.6.1.4.1.4203.1.5.2 as a value of the 'supportedFeatures'
+ [Models] attribute in the root DSE. Clients supporting this feature
+ SHOULD NOT use the feature unless they have knowledge the server
+ supports it.
+
+
+3. Security Considerations
+
+ This extension provides a shorthand for requesting all attributes of
+ an object class. As these attributes which could have been listed
+ individually, introduction of this shorthand is not believed to raise
+ additional security considerations.
+
+ Implementors of this LDAP extension should be familiar with security
+
+
+
+Zeilenga Requesting Attributes by Object Class [Page 3]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-adlist-11 18 July 2005
+
+
+ considerations applicable to the LDAP search operation [Protocol], as
+ well as general LDAP security considerations [Roadmap].
+
+
+4. IANA Considerations
+
+ Registration of the LDAP Protocol Mechanism [BCP64bis] defined in
+ document is requested.
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: 1.3.6.1.4.1.4203.1.5.2
+ Description: OC AD Lists
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at openldap.org>
+ Usage: Feature
+ Specification: RFC XXXX
+ Author/Change Controller: Kurt Zeilenga <kurt at openldap.org>
+ Comments: none
+
+ This OID was assigned [ASSIGN] by OpenLDAP Foundation, under its
+ IANA-assigned private enterprise allocation [PRIVATE], for use in this
+ specification.
+
+
+5. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+6. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+6.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax
+ Specifications: ABNF", draft-crocker-abnf-rfc2234bis, a
+ work in progress.
+
+
+
+
+Zeilenga Requesting Attributes by Object Class [Page 4]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-adlist-11 18 July 2005
+
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+ [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+ [Models] Zeilenga, K. (editor), "LDAP: Directory Information
+ Models", draft-ietf-ldapbis-models-xx.txt, a work in
+ progress.
+
+ [LDAPURL] Smith, M. (editor), "LDAP: Uniform Resource Locator",
+ draft-ietf-ldapbis-url-xx.txt, a work in progress.
+
+ [X.680] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Abstract
+ Syntax Notation One (ASN.1) - Specification of Basic
+ Notation", X.680(2002) (also ISO/IEC 8824-1:2002).
+
+
+6.2. Informative References
+
+ [RFC3673] Zeilenga, K., "LDAPv3: All Operational Attributes", RFC
+ 3673, December 2003.
+
+ [Schema] Dally, K. (editor), "LDAP: User Schema",
+ draft-ietf-ldapbis-user-schema-xx.txt, a work in
+ progress.
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+ [ReadEntry] Zeilenga, K., "LDAP Read Entry Controls",
+ draft-zeilenga-ldap-readentry-xx.txt, a work in
+ progress.
+
+ [ASSIGN] OpenLDAP Foundation, "OpenLDAP OID Delegations",
+ http://www.openldap.org/foundation/oid-delegate.txt.
+
+ [PRIVATE] IANA, "Private Enterprise Numbers",
+ http://www.iana.org/assignments/enterprise-numbers.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2005).
+
+
+
+
+Zeilenga Requesting Attributes by Object Class [Page 5]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-adlist-11 18 July 2005
+
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga Requesting Attributes by Object Class [Page 6]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-assert-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-assert-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-assert-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,340 @@
+
+
+
+
+
+INTERNET-DRAFT Kurt D. Zeilenga
+Intended Category: Standard Track OpenLDAP Foundation
+Expires in six months 10 February 2005
+
+
+
+ The LDAP Assertion Control
+ <draft-zeilenga-ldap-assert-05.txt>
+
+
+Status of this Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the IESG for consideration as a Standard Track
+ document. Distribution of this memo is unlimited. Technical
+ discussion of this document will take place on the IETF LDAP
+ Extensions mailing list <ldapext at ietf.org>. Please send editorial
+ comments directly to the author <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, I accept the provisions of Section
+ 4 of RFC 3667. By submitting this Internet-Draft, I certify that any
+ applicable patent or other IPR claims of which I am aware have been
+ disclosed, or will be disclosed, and any of which I become aware will
+ be disclosed, in accordance with RFC 3668.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2005). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+
+
+
+Zeilenga LDAP Assertion Control [Page 1]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-assert-05 10 February 2005
+
+
+Abstract
+
+ This document defines the Lightweight Directory Access Protocol (LDAP)
+ Assertion Control which allows a client to specify that a directory
+ operation should only be processed if an assertion applied to the
+ target entry of the operation is true. It can be used to construct
+ "test and set" and "test and clear" and other conditional operations.
+
+
+1. Overview
+
+ This document defines the Lightweight Directory Access Protocol (LDAP)
+ [Roadmap] assertion control. The assertion control allows the client
+ to specify a condition which must be true for the operation to be
+ processed normally. Otherwise the operation fails. For instance, the
+ control can be used with the Modify operation [Protocol] to perform
+ atomic "test and set" and "test and clear" operations.
+
+ The control may be attached to any update operation to support
+ conditional addition, deletion, modification, and renaming of the
+ target object. The asserted condition is evaluated as an integral
+ part the operation.
+
+ The control may also be used with the search operation. Here the
+ assertion is applied to the base object of the search before searching
+ for objects matching the search scope and filter.
+
+ The control may also be used with the compare operation. Here it
+ extends the compare operation to allow a more complex assertion.
+
+
+2. Terminology
+
+ Protocol elements are described using ASN.1 [X.680] with implicit
+ tags. The term "BER-encoded" means the element is to be encoded using
+ the Basic Encoding Rules [X.690] under the restrictions detailed in
+ Section 5.2 of [Protocol].
+
+ DSA stands for Directory System Agent (or server).
+ DSE stands for DSA-specific Entry.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+
+3. The Assertion Control
+
+
+
+
+Zeilenga LDAP Assertion Control [Page 2]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-assert-05 10 February 2005
+
+
+ The assertion control is an LDAP Control [Protocol] whose controlType
+ is IANA-ASSIGNED-OID and controlValue is a BER-encoded Filter
+ [Protocol, Section 4.5.1]. The criticality may be TRUE or FALSE.
+ There is no corresponding response control.
+
+ The control is appropriate for both LDAP interrogation and update
+ operations [Protocol] including Add, Compare, Delete, Modify, ModifyDN
+ (rename), and Search. It is inappropriate for Abandon, Bind nor
+ Unbind, and Start TLS operations.
+
+ When the control is attached to an LDAP request, the processing of the
+ request is conditional on the evaluation of the Filter as applied
+ against the target of the operation. If the Filter evaluates to TRUE,
+ then the request is processed normally. If the Filter evaluates to
+ FALSE or Undefined, then assertionFailed (IANA-ASSIGNED-CODE)
+ resultCode is returned and no further processing is performed.
+
+ For Add, Compare, and ModifyDN the target is indicated by the entry
+ field in the request. For Modify, the target is indicated by the
+ object field. For Delete, the target is indicated by the DelRequest
+ type. For the Compare operation and all update operations, the
+ evaluation of the assertion MUST be performed as an integral part of
+ the operation. That is, the evaluation of the assertion and the
+ normal processing of the operation SHALL be done as one atomic action.
+
+ For search operation, the target is indicated by the baseObject field
+ and the evaluation is done after "finding" but before "searching"
+ [Protocol]. Hence, no entries or continuations references are
+ returned if the assertion fails.
+
+ Servers implementing this technical specification SHOULD publish the
+ object identifier IANA-ASSIGNED-OID as a value of the
+ 'supportedControl' attribute [Models] in their root DSE. A server MAY
+ choose to advertise this extension only when the client is authorized
+ to use it.
+
+ Other documents may specify how this control applies to other LDAP
+ operations. In doing so, they must state how the target entry is
+ determined.
+
+
+4. Security Considerations
+
+ The filter may, like other components of the request, contain
+ sensitive information. When so, this information should be
+ appropriately protected.
+
+ As with any general assertion mechanism, the mechanism can be used to
+
+
+
+Zeilenga LDAP Assertion Control [Page 3]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-assert-05 10 February 2005
+
+
+ determine directory content. Hence, this mechanism SHOULD be subject
+ to appropriate access controls.
+
+ Some assertions may be very complex, requiring significant time and
+ resources to evaluate. Hence, this mechanism SHOULD be subject to
+ appropriate administrative controls.
+
+ Security considerations for the base operations [Protocol] extended by
+ this control, as well as general LDAP security considerations
+ [Roadmap], generally apply to implementation and use of this
+ extension.
+
+
+5. IANA Considerations
+
+5.1. Object Identifier
+
+ It is requested that IANA assign upon Standards Action an LDAP Object
+ Identifier [BCP64bis] to identify the LDAP Assertion Control defined
+ in this document.
+
+ Subject: Request for LDAP Object Identifier Registration
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+ Identifies the LDAP Assertion Control
+
+5.2 LDAP Protocol Mechanism
+
+ Registration of this protocol mechanism [BCP64bis] is requested.
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID
+ Description: Assertion Control
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at openldap.org>
+ Usage: Control
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+5.3 LDAP Result Code
+
+ Assignment of an LDAP Result Code [BCP64bis] called 'assertionFailed'
+ is requested.
+
+
+
+Zeilenga LDAP Assertion Control [Page 4]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-assert-05 10 February 2005
+
+
+ Subject: LDAP Result Code Registration
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Result Code Name: assertionFailed
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+6. Acknowledgments
+
+ The assertion control concept is attributed to Morteza Ansari.
+
+
+7. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+8. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+8.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+ [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+ [Models] Zeilenga, K. (editor), "LDAP: Directory Information
+ Models", draft-ietf-ldapbis-models-xx.txt, a work in
+ progress.
+
+
+8.2. Informative References
+
+
+
+
+Zeilenga LDAP Assertion Control [Page 5]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-assert-05 10 February 2005
+
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2005). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+Zeilenga LDAP Assertion Control [Page 6]
+�
+
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-authzid-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-authzid-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-authzid-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,445 @@
+INTERNET-DRAFT Kurt D. Zeilenga
+Intended Category: Standard Track OpenLDAP Foundation
+Expires in six months 19 November 2004
+
+
+
+ LDAP "Who am I?" Operation
+ <draft-zeilenga-ldap-authzid-10.txt>
+
+
+Status of this Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor as a Standard Track document.
+ Distribution of this memo is unlimited. Technical discussion of this
+ document will take place on the IETF LDAP Extensions mailing list
+ <ldapext at ietf.org>. Please send editorial comments directly to the
+ author <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, I accept the provisions of Section
+ 4 of RFC 3667. By submitting this Internet-Draft, I certify that any
+ applicable patent or other IPR claims of which I am aware have been
+ disclosed, or will be disclosed, and any of which I become aware will
+ be disclosed, in accordance with RFC 3668.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ <http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
+ Internet-Draft Shadow Directories can be accessed at
+ <http://www.ietf.org/shadow.html>.
+
+ Copyright (C) The Internet Society (2004). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+Abstract
+
+ This specification provides a mechanism for Lightweight Directory
+
+
+
+Zeilenga LDAP "Who am I?" [Page 1]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-authzid-10 19 November 2004
+
+
+ Access Protocol (LDAP) clients to obtain the authorization identity
+ which the server has associated with the user or application entity.
+ This mechanism is specified as an LDAP extended operation called the
+ LDAP "Who am I?" operation.
+
+
+Conventions
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+
+1. Background and Intent of Use
+
+ This specification describes a Lightweight Directory Access Protocol
+ (LDAP) [RFC3377] operation which clients can use to obtain the primary
+ authorization identity in its primary form which the server has
+ associated with the user or application entity. The operation is
+ called the "Who am I?" operation.
+
+ This specification is intended to replace the existing [AUTHRESP]
+ mechanism which uses Bind request and response controls to request and
+ return the authorization identity. Bind controls are not protected by
+ the security layers established by the Bind operation which includes
+ them. While it is possible to establish security layers using Start
+ TLS [RFC2830] prior to the Bind operation, it is often desirable to
+ use security layers established by the Bind operation. An extended
+ operation sent after a Bind operation is protected by the security
+ layers established by the Bind operation.
+
+ There are other cases where it is desirable to request the
+ authorization identity which the server associated with the client
+ separately from the Bind operation. For example, the "Who am I?"
+ operation can be augmented with a Proxied Authorization Control
+ [PROXYAUTH] to determine the authorization identity which the server
+ associates with the identity asserted in the Proxied Authorization
+ Control. The "Who am I?" operation can also be used prior to the Bind
+ operation.
+
+ Servers often associate multiple authorization identities with the
+ client and each authorization identity may be represented by multiple
+ authzId [RFC2829] strings. This operation requests and returns the
+ authzId the server considers to be primary. In the specification, the
+ term "the authorization identity" and "the authzId" are generally to
+ be read as "the primary authorization identity" and the "the primary
+ authzId", respectively.
+
+
+
+
+Zeilenga LDAP "Who am I?" [Page 2]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-authzid-10 19 November 2004
+
+
+2. The "Who am I?" Operation
+
+ The "Who am I?" operation is defined as an LDAP Extended Operation
+ [RFC2251, Section 4.12] identified by the whoamiOID Object Identifier
+ (OID). This section details the syntax of the operation's whoami
+ request and response messages.
+
+ whoamiOID ::= "1.3.6.1.4.1.4203.1.11.3"
+
+
+2.1. The whoami Request
+
+ The whoami request is an ExtendedRequest with the requestName field
+ containing the whoamiOID OID and an absent requestValue field. For
+ example, a whoami request could be encoded as the sequence of octets
+ (in hex):
+
+ 30 1e 02 01 02 77 19 80 17 31 2e 33 2e 36 2e 31
+ 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 31 31 2e 33
+
+
+2.2. The whoami Response
+
+ The whoami response is an ExtendedResponse where the responseName
+ field is absent and the response field, if present, is empty or an
+ authzId [RFC2829]. For example, a whoami response returning the
+ authzId "u:xxyyz at EXAMPLE.NET" (in response to the example request)
+ would be encoded as the sequence of octets (in hex):
+
+ 30 21 02 01 02 78 1c 0a 01 00 04 00 04 00 8b 13
+ 75 3a 78 78 79 79 7a 40 45 58 41 4d 50 4c 45 2e
+ 4e 45 54
+
+
+3. Operational Semantics
+
+ The "Who am I?" operation provides a mechanism, a whoami Request, for
+ the client to request that the server returns the authorization
+ identity it currently associates with the client and provides a
+ mechanism, a whoami Response, for the server to respond to that
+ request.
+
+ Servers indicate their support for this extended operation by
+ providing whoamiOID object identifier as a value of the
+ 'supportedExtension' attribute type in their root DSE. Server SHOULD
+ advertise this extension only when the client is willing and able to
+ perform this operation.
+
+
+
+
+Zeilenga LDAP "Who am I?" [Page 3]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-authzid-10 19 November 2004
+
+
+ If the server is willing and able to provide the authorization
+ identity it associates with the client, the server SHALL return a
+ whoami Response with a success resultCode. If the server is treating
+ the client as an anonymous entity, the response field is present but
+ empty. Otherwise the server provides the authzId [RFC2829]
+ representing the authorization identity it currently associates with
+ the client in the response field.
+
+ If the server is unwilling or unable to provide the authorization
+ identity it associates with the client, the server SHALL return a
+ whoami Response with an appropriate non-success resultCode (such as
+ operationsError, protocolError, confidentialityRequired,
+ insufficientAccessRights, busy, unavailable, unwillingToPerform, or
+ other) and an absent response field.
+
+ As described in [RFC2251] and [RFC2829], an LDAP session has an
+ "anonymous" association until the client has been successfully
+ authenticated using the Bind operation. Clients MUST NOT invoke the
+ "Who Am I?" operation while any Bind operation is in progress,
+ including between two Bind requests made as part of a multi-stage Bind
+ operation. Where a whoami Request is received in violation of this
+ absolute prohibition, the server should return a whoami Response with
+ an operationsError resultCode.
+
+
+4. Extending the "Who am I?" operation with controls
+
+ Future specifications may extend the "Who am I?" operation using the
+ control mechanism [RFC2251]. When extended by controls, the "Who am
+ I?" operation requests and returns the authorization identity the
+ server associates with the client in a particular context indicated by
+ the controls.
+
+
+4.1. Proxied Authorization Control
+
+ The Proxied Authorization Control [PROXYAUTH] is used by clients to
+ request that the operation it is attached to operates under the
+ authorization of an assumed identity. The client provides the
+ identity to assume in the Proxied Authorization request control. If
+ the client is authorized to assume the requested identity, the server
+ executes the operation as if the requested identity had issued the
+ operation.
+
+ As servers often map the asserted authzId to another identity
+ [RFC2829], it is desirable to request the server provide the authzId
+ it associates with the assumed identity.
+
+
+
+
+Zeilenga LDAP "Who am I?" [Page 4]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-authzid-10 19 November 2004
+
+
+ When a Proxied Authorization Control is be attached to the "Who Am I?"
+ operation, the operation requests the return of the authzId the server
+ associates with the identity asserted in the Proxied Authorization
+ Control. The TBD result code is used to indicate that the server does
+ not allow the client to assume the asserted identity. [[Note to RFC
+ Editor: TBD is to be replaced with the name/code assigned by IANA for
+ [PROXYAUTH] use.]]
+
+
+5. Security Considerations
+
+ Identities associated with users may be sensitive information. When
+ so, security layers [RFC2829][RFC2830] should be established to
+ protect this information. This mechanism is specifically designed to
+ allow security layers established by a Bind operation to protect the
+ integrity and/or confidentiality of the authorization identity.
+
+ Servers may place access control or other restrictions upon the use of
+ this operation. As stated in Section 3, the server SHOULD advertise
+ this extension when it is willing and able to perform the operation.
+
+ As with any other extended operations, general LDAP security
+ considerations [RFC3377] apply.
+
+
+6. IANA Considerations
+
+ The OID 1.3.6.1.4.1.4203.1.11.3 is used to identify the LDAP "Who Am
+ I?" extended operation. This OID was assigned [ASSIGN] by OpenLDAP
+ Foundation, under its IANA-assigned private enterprise allocation
+ [PRIVATE], for use in this specification.
+
+ Registration of this protocol mechanism [RFC3383] is requested.
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: 1.3.6.1.4.1.4203.1.11.3
+ Description: Who am I?
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at openldap.org>
+ Usage: Extended Operation
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+7. Acknowledgment
+
+ This document borrows from prior work in this area including
+
+
+
+Zeilenga LDAP "Who am I?" [Page 5]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-authzid-10 19 November 2004
+
+
+ "Authentication Response Control" [AUTHRESP] by Rob Weltman, Mark
+ Smith and Mark Wahl.
+
+ The LDAP "Who am I?" operation takes it name from the UNIX whoami(1)
+ command. The whoami(1) command displays the effective user id.
+
+
+8. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+9. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+9.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [RFC2251] Wahl, M., T. Howes and S. Kille, "Lightweight Directory
+ Access Protocol (v3)", RFC 2251, December 1997.
+
+ [RFC2829] Wahl, M., H. Alvestrand, and J. Hodges, RL "Bob" Morgan,
+ "Authentication Methods for LDAP", RFC 2829, June 2000.
+
+ [RFC2830] Hodges, J., R. Morgan, and M. Wahl, "Lightweight
+ Directory Access Protocol (v3): Extension for Transport
+ Layer Security", RFC 2830, May 2000.
+
+ [RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access
+ Protocol (v3): Technical Specification", RFC 3377,
+ September 2002.
+
+ [PROXYAUTH] Weltman, R., "LDAP Proxy Authentication Control",
+ draft-weltman-ldapv3-proxy-xx.txt, a work in progress.
+
+
+9.2. Informative References
+
+ [RFC3383] Zeilenga, K., "IANA Considerations for LDAP", BCP 64
+
+
+
+Zeilenga LDAP "Who am I?" [Page 6]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-authzid-10 19 November 2004
+
+
+ (also RFC 3383), September 2002.
+
+ [AUTHRESP] Weltman, R., M. Smith and M. Wahl, "LDAP Authorization
+ Identity Response and Request Controls",
+ draft-weltman-ldapv3-auth-response-xx.txt, a work in
+ progress.
+
+ [ASSIGN] OpenLDAP Foundation, "OpenLDAP OID Delegations",
+ http://www.openldap.org/foundation/oid-delegate.txt.
+
+ [PRIVATE] IANA, "Private Enterprise Numbers",
+ http://www.iana.org/assignments/enterprise-numbers.
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2004). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+ This document and the information contained herein are provided on an
+
+
+
+Zeilenga LDAP "Who am I?" [Page 7]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-authzid-10 19 November 2004
+
+
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga LDAP "Who am I?" [Page 8]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-cosine-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-cosine-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-cosine-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1403 @@
+
+
+
+
+
+
+INTERNET-DRAFT Editor: Kurt D. Zeilenga
+Intended Category: Standard Track OpenLDAP Foundation
+Expires in six months 23 October 2005
+Obsoletes: RFC 1274, RFC 2247
+Updates: RFC 2798
+
+
+ COSINE LDAP/X.500 Schema
+ <draft-zeilenga-ldap-cosine-01.txt>
+
+
+Status of this Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor as a Standard Track document.
+ Distribution of this memo is unlimited. Technical discussion of this
+ document will take place on the IETF LDAPEXT mailing list
+ <ldapext at ietf.org>. Please send editorial comments directly to the
+ author <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware have
+ been or will be disclosed, and any of which he or she becomes aware
+ will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2005). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+Abstract
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 1]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ This document provides a collection of schema elements for use with
+ the Lightweight Directory Access Protocol (LDAP) from the COSINE and
+ Internet X.500 pilot projects.
+
+ This document obsoletes RFC 1274 and RFC 2247.
+
+
+Table of Contents
+
+ Status of this Memo 1
+ Abstract 2
+ Table of Contents
+ 1. Background and Intended Use 3
+ 1.1. Relationship with Other Documents
+ 1.2. Terminology and Conventions
+ 2. COSINE Attribute Types 4
+ 2.1. associatedDomain
+ 2.2. associatedName
+ 2.3. buildingName
+ 2.3. co
+ 2.5. documentAuthor
+ 2.6. documentIdentifier
+ 2.7. documentLocation
+ 2.8. documentPublisher
+ 2.9. documentTitle
+ 2.10. documentVersion
+ 2.11. drink
+ 2.12. homePhone
+ 2.13. homePostalAddress
+ 2.14. host
+ 2.16. info
+ 2.17. mail
+ 2.18. manager
+ 2.19. mobile
+ 2.20. organizationalStatus
+ 2.21. pager
+ 2.22. personalTitle
+ 2.23. roomNumber
+ 2.24. secretary
+ 2.26. uniqueIdentifier
+ 2.27. userClass
+ 3. COSINE Object Classes 14
+ 3.1. account
+ 3.2. document
+ 3.3. documentSeries
+ 3.4. domain
+ 3.5. domainRelatedObject
+ 3.6. friendlyCountry
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 2]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ 3.7. rFC822LocalPart
+ 3.8. room
+ 3.9. simpleSecurityObject
+ 4. Security Considerations 19
+ 5. IANA Considerations 20
+ 6. Acknowledgments 21
+ 7. Editor's Address
+ 8. References
+ A. Changes Since RFC 1274 23
+ Intellectual Property Rights 24
+ Full Copyright
+
+
+1. Background and Intended Use
+
+ In the late 1980s, X.500 Directory Services were standardised by the
+ CCITT (Commite' Consultatif International de Telegraphique et
+ Telephonique), now a part of the ITU (International Telephone Union).
+ This lead to Directory Service piloting activities in the early 1990s,
+ including the COSINE (Co-operation and Open Systems Interconnection in
+ Europe) PARADISE Project pilot [COSINEpilot] in Europe. Motivated by
+ needs large scale directory pilots, RFC 1274 was published to
+ standardize directory schema and naming architecture for use in the
+ COSINE and other Internet X.500 pilots [RFC1274].
+
+ In the years that followed, X.500 Directory Services have evolved to
+ incorporate new capabilities and even new protocols. In particular,
+ the Lightweight Directory Access Protocol (LDAP) [Roadmap] was
+ introduced in the early 1990s [RFC1487], with Version 3 of LDAP
+ introduced in the late 1990s [RFC2251] and subsequently revised in the
+ 2005 [Roadmap].
+
+ While much of the material in RFC 1274 has been superceed by
+ subsequently published ITU-T Recommendations and IETF RFCs, many of
+ the schema elements lack standardized schema descriptions for use in
+ modern X.500 and LDAP directory services despite the fact that these
+ schema elements are in wide use today. As the old schema descriptions
+ cannot be used without adaptation, interoperabilty issues may arise
+ due to lack of standardized modern schema descriptions.
+
+ This document addresses these issues by offering standardized schema
+ descriptions, where needed, for widely-used COSINE schema elements.
+
+1.1. Relationship to Other Documents
+
+ This document, together with [Schema] and [Syntaxes], obsoletes RFC
+ 1274 in its entirety. [Schema] replaces Sections 9.3.1 (Userid) and
+ Section 9.3.21 (Domain Component) of RFC 1274. [Syntaxes] replaces
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 3]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ section 9.4 (Generally useful syntaxes) of RFC 1274.
+
+ This document replaces the remainder of RFC 1274. Appendix A.
+ discusses changes since RFC 1274, as well as why certain schema
+ elements were not brought forward in this revision of the COSINE
+ schema. All elements not brought are to be regarded as Historic.
+
+ This document, together with [NamingPlan] and [Schema], obsoletes RFC
+ 2247 in its entirety. [Schema] replaces Section 4 (Attribute Type
+ Definition) and Section 5.1 (The dcObject object class) of RFC 2247.
+ This document replaces Section 5.2 (The domain object class) of RFC
+ 2247. The remainder of RFC 2247 is replaced by [NamingPlan].
+
+ Some of these items were described in RFC 2798 (inetOrgPerson schema).
+ This document supersedes these descriptions. This document, together
+ with [Schema], replaces section 9.1.3 of RFC 2798.
+
+
+1.2. Terminology and Conventions
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+ DIT stands for Directory Information Tree.
+ DN stands for Distinguished Name.
+ DSA stands for Directory System Agent, a server.
+ DSE stands for DSA-Specific Entry.
+ DUA stands for Directory User Agent, a client.
+
+ These terms are discussed in [Models].
+
+ Schema definitions are provided using LDAP description formats
+ [Models]. Definitions provided here are formatted (line wrapped) for
+ readability.
+
+
+2. COSINE Attribute Types
+
+ This section details COSINE attribute types for use in LDAP.
+
+
+2.1. associatedDomain
+
+ The 'associatedDomain' attribute specifies DNS domains [RFC1034] which
+ are associated with an object. For example, the entry in the DIT with
+ a DN <DC=example,DC=com> might have an associated domain of
+ "example.com".
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 4]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+ The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the
+ 'caseIgnoreIA5Match' and 'caseIgnoreIA5SubstringsMatch' rules are
+ described in [Syntaxes].
+
+ It is noted that the directory will not ensure that values of this
+ attribute conform to the <domain> production [RFC1034]. It is the
+ application responsibility to ensure domains it stores in this
+ attribute are appropriately represented.
+
+ It is also noted that applications supporting Internationalized Domain
+ Names SHALL use the ToASCII method [RFC3490] to produce <label>
+ components of the <domain> production.
+
+
+2.2. associatedName
+
+ The 'associatedName' attribute specifies names of entries in the
+ organizational DIT associated with a DNS domain [RFC1034].
+
+ ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+ The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
+ 'distinguishedNameMatch' rule are described in [Syntaxes].
+
+
+2.3. buildingName
+
+ The 'buildingName' attribute specifies names of the buildings where an
+ organization or organizational unit is based. For example, "The White
+ House".
+
+ ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+ The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
+ 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
+ in [Syntaxes].
+
+
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 5]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+2.3. co
+
+ The 'co' (Friendly Country Name) attribute specifies names of
+ countries in human-readable format. For example, "Germany" and
+ "Federal Republic of Germany". It is commonly used in conjunction
+ with the 'c' (Country Name) [Schema] attribute (whose values are
+ restricted to the two-letter codes defined in [ISO3166]).
+
+ ( 0.9.2342.19200300.100.1.43 NAME 'co'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
+ 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
+ in [Syntaxes].
+
+
+2.5. documentAuthor
+
+ The 'documentAuthor' attribute specifies the distinguished name of
+ authors (or editors) of a document. For example,
+
+ ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+ The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
+ 'distinguishedNameMatch' rule are described in [Syntaxes].
+
+
+2.6. documentIdentifier
+
+ The 'documentIdentifier' attribute specifies unique identifiers for a
+ document. A document may be identified by more than one unique
+ identifier. For example, RFC 3383 and BCP 64 are unique identifers
+ which (presently) refer to the same document.
+
+ ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+ The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
+ 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
+ in [Syntaxes].
+
+
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 6]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+2.7. documentLocation
+
+ The 'documentLocation' attribute specifies locations of the document
+ original.
+
+ ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+ The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
+ 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
+ in [Syntaxes].
+
+
+2.8. documentPublisher
+
+ The 'documentPublisher' attribute is the persons and/or organizations
+ that published the document. Documents which are jointly published
+ have one value for each publisher.
+
+ ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
+ 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
+ in [Syntaxes].
+
+
+2.9. documentTitle
+
+ The 'documentTitle' attribute specifies the titles of a document.
+ Multiple values are allowed to accomadate both long and short titles,
+ or other situations where a document has multiple titles. For
+ example, "The Lightweight Directory Access Protocol Technical
+ Specification" and "The LDAP Technical Specification".
+
+ ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+ The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
+ 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
+ in [Syntaxes].
+
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 7]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+2.10. documentVersion
+
+ The 'documentVersion' attribute specifies the version information of a
+ document.
+
+ ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+ The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
+ 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
+ in [Syntaxes].
+
+
+2.11. drink
+
+ The 'drink' (favoriteDrink) attribute specifies favorite drinks of an
+ object (or person). For instance, "cola" and "beer".
+
+ ( 0.9.2342.19200300.100.1.5 NAME 'drink'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+ The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
+ 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
+ in [Syntaxes].
+
+
+2.12. homePhone
+
+ The 'homePhone' (Home Telephone Number) attribute specifies home
+ telephone numbers (e.g., "+1 775 555 1234") associated with a person.
+
+ ( 0.9.2342.19200300.100.1.20 NAME 'homePhone'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+ The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
+ 'telephoneNumberMatch' and 'telephoneNumberSubstringsMatch' rules are
+ described in [Syntaxes].
+
+
+2.13. homePostalAddress
+
+ The 'homePostalAddress' attribute specifies home postal addresses for
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 8]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ an object. Each value should be limited to up to 6 directory strings
+ of 30 characters each. (Note: it is not intended that the directory
+ service enforce these limits.)
+
+
+ ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+ The PostalAddress (1.3.6.1.4.1.1466.115.121.1.41) syntax and the
+ 'caseIgnoreListMatch' and 'caseIgnoreListSubstringsMatch' rules are
+ described in [Syntaxes].
+
+
+2.14. host
+
+ The 'host' attribute specifies host computers, generally by their
+ primary fully-qualified domain name (e.g., my-host.example.com).
+
+ ( 0.9.2342.19200300.100.1.9 NAME 'host'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+ The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
+ 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
+ in [Syntaxes].
+
+
+2.16. info
+
+ The 'info' attribute specifies any general information pertinent to an
+ object. This information is not necessarily descriptive of the
+ object.
+
+ Applications should not attach specific semantics to values of this
+ attribute. The 'description' attribute [Schema] is available for
+ specifying descriptive information pertinent to an object.
+
+ ( 0.9.2342.19200300.100.1.4 NAME 'info'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+
+ The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
+ 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
+ in [Syntaxes].
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 9]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+2.17. mail
+
+ The 'mail' (rfc822mailbox) attribute type holds Internet mail
+ addresses in Mailbox [RFC2821] form (e.g.: user at example.com).
+
+ ( 0.9.2342.19200300.100.1.3 NAME 'mail'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+ The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the
+ 'caseIgnoreIA5Match' and 'caseIgnoreIA5SubstringsMatch' rules are
+ described in [Syntaxes].
+
+ It is noted that the directory will not ensure that values of this
+ attribute conform to the <Mailbox> production [RFC2821]. It is the
+ application responsibility to ensure domains it stores in this
+ attribute are appropriately represented.
+
+ Additionally, the directory will compare values per the matching rules
+ named in the above attribute type description. As these rules differ
+ from rules which normally apply to <Mailbox> comparisons, operational
+ issues may arise. For example, the assertion (mail=joe at example.com)
+ will match "JOE at example.com" even though the <local-parts> differ.
+ Also, where a user has two <Mailbox>es which whose addresses differ
+ only by case of the <local-part>, both cannot be listed as values of
+ the user's mail attribute (as they are considered by the
+ 'caseIgnoreIA5Match' rule to be equal).
+
+ It is also noted that applications supporting internationalized domain
+ names SHALL use the ToASCII method [RFC3490] to produce <sub-domain>
+ components of the <Mailbox> production.
+
+
+2.18. manager
+
+ The 'manager' attribute specifies managers, by distinguished name, of
+ the person (or entity).
+
+ ( 0.9.2342.19200300.100.1.10 NAME 'manager'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+ The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
+ 'distinguishedNameMatch' rule are described in [Syntaxes].
+
+
+2.19. mobile
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 10]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ The 'mobile' (mobileTelephoneNumber) attribute specifies mobile
+ telephone numbers (e.g., "+1 775 555 6789") associated with a person
+ (or entity).
+
+ ( 0.9.2342.19200300.100.1.41 NAME 'mobile'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+ The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
+ 'telephoneNumberMatch' and 'telephoneNumberSubstringsMatch' rules are
+ described in [Syntaxes].
+
+
+2.20. organizationalStatus
+
+ The 'organizationalStatus' attribute specifies categories by which a
+ person is often referred to in an organization. Examples of usage in
+ academia might include "undergraduate student", "researcher",
+ "professor", "staff", etc.. Multiple values are allowed were the
+ person is in multiple categories.
+
+ Directory administrators and application designers SHOULD consider
+ carefully the distinctions between this and the 'title' and
+ 'userClass' attributes.
+
+ ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+ The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
+ 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
+ in [Syntaxes].
+
+
+2.21. pager
+
+ The 'pager' (pagerTelephoneNumber) attribute specifies pager telephone
+ numbers (e.g., "+1 775 555 5555") for an object.
+
+ ( 0.9.2342.19200300.100.1.42 NAME 'pager'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+ The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
+ 'telephoneNumberMatch' and 'telephoneNumberSubstringsMatch' rules are
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 11]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ described in [Syntaxes].
+
+
+2.22. personalTitle
+
+ The 'personalTitle' attribute specifies personal titles for a person.
+ Examples of personal titles are "Frau", "Dr.", "Herr", and
+ "Professor".
+
+ ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+ The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
+ 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
+ in [Syntaxes].
+
+
+2.23. roomNumber
+
+ The 'roomNumber' attribute specifies the room number of an object.
+ During periods of renumbering or in other circumstances where a room
+ has multiple valid room numbers associated with it, multiple values
+ may be provided. Note that the 'cn' (commonName) attribute type
+ SHOULD be used for naming room objects.
+
+ ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+ The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
+ 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
+ in [Syntaxes].
+
+
+2.24. secretary
+
+ The 'secretary' attribute specifies secretaries and/or administrative
+ assistants, by distinguish name, of a person.
+
+ ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+ The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
+ 'distinguishedNameMatch' rule are described in [Syntaxes].
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 12]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+2.26. uniqueIdentifier
+
+ The 'uniqueIdentifier' attribute specifies a unique identifier for an
+ object represented in the Directory. The domain within which the
+ identifier is unique, and the exact semantics of the identifier, are
+ for local definition. For a person, this might be an institution-wide
+ payroll number. For an organizational unit, it might be a department
+ code.
+
+ ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+ The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
+ 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
+ in [Syntaxes].
+
+ Note: X.520 also describes an attribute called 'uniqueIdentifier'
+ (2.5.4.45) which is called 'x500UniqueIdentifier' in LDAP
+ [Schema]. The attribute detailed here ought not be confused
+ with 'x500UniqueIdentifier'.
+
+
+2.27. userClass
+
+ The 'userClass' attribute specifies categories of computer or
+ application user. The semantics placed on this attribute are for
+ local interpretation. Examples of current usage of this attribute in
+ academia are "student", "staff", "faculty", etc.. Note that the
+ 'organizationalStatus' attribute type is now often be preferred as it
+ makes no distinction between persons as opposed to users.
+
+ ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+ The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
+ 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
+ in [Syntaxes].
+
+
+3. COSINE Object Classes
+
+ This section details COSINE object classes for use in LDAP.
+
+
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 13]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+3.1. account
+
+ The 'account' object class is used to define entries representing
+ computer accounts. The 'uid' attribute SHOULD be used for naming
+ entries of this object class.
+
+ ( 0.9.2342.19200300.100.4.5 NAME 'account'
+ SUP top STRUCTURAL
+ MUST uid
+ MAY ( description $ seeAlso $ l $ o $ ou $ host ) )
+
+ The 'top' object class is described in [Models]. The 'description',
+ 'seeAlso', 'l', 'o', 'ou', and 'uid' attribute types are described in
+ [Schema]. The 'host' attribute type is described in Section 2 of this
+ document.
+
+ Example:
+
+ dn: uid=kdz,cn=Accounts,dc=Example,dc=COM
+ objectClass: account
+ uid: kdz
+ seeAlso: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM
+
+
+3.2. document
+
+ The 'document' object class is used to define entries which represent
+ documents.
+
+ ( 0.9.2342.19200300.100.4.6 NAME 'document'
+ SUP top STRUCTURAL
+ MUST documentIdentifier
+ MAY ( cn $ description $ seeAlso $ l $ o $ ou $
+ documentTitle $ documentVersion $ documentAuthor $
+ documentLocation $ documentPublisher ) )
+
+ The 'top' object class is described in [Models]. The 'cn',
+ 'description', 'seeAlso', 'l', 'o', and 'ou' attribute types are
+ described in [Schema]. The 'documentIdentifier', 'documentTitle',
+ 'documentVersion', 'documentAuthor', 'documentLocation', and
+ 'documentPublisher' attribute types are described in Section 2 of this
+ document.
+
+ Example:
+
+ dn: documentIdentifier=RFCXXXX,cn=RFC,dc=Example,dc=COM
+ objectClass: document
+ documentIdentifier: RFC XXXXX
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 14]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ documentTitle: COSINE LDAP/X.500 Schema
+ documentAuthor: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM
+ documentLocation: http://www.rfc-editor.org/rfc/rfcXXXX.txt
+ documentPublisher: Internet Engineering Task Force
+ description: A collection of schema elements for use in LDAP
+ description: Obsoletes RFC 1274
+ seeAlso: documentIdentifier=[Roadmap],cn=RFC,dc=Example,dc=COM
+ seeAlso: documentIdentifier=RFC 1274,cn=RFC,dc=Example,dc=COM
+
+
+3.3. documentSeries
+
+ The documentSeries object class is used to define an entry which
+ represents a series of documents (e.g., The Request For Comments
+ memos).
+
+ ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( description $ l $ o $ ou $ seeAlso $
+ telephonenumber ) )
+
+ The 'top' object class is described in [Models]. The 'description',
+ 'l', 'o', 'ou', 'seeAlso', and 'telephoneNumber' attribute types are
+ described in [Schema].
+
+ Example:
+
+ dn: cn=RFC,dc=Example,dc=COM
+ objectClass: documentSeries
+ cn: Request for Comments
+ cn: RFC
+ description: a series of memos about the Internet
+
+
+3.4. domain
+
+ The 'domain' object class is used to define entries which represent
+ DNS domains for objects which are not organizations, organizational
+ units, or other kinds of objects more approproiately defined using an
+ object class specific to the kind of object being defined (e.g.,
+ 'organization', 'organizationUnit', etc.).
+
+ The 'dc' attribute should be used for naming entries of 'domain'
+ object class.
+
+ ( 0.9.2342.19200300.100.4.13 NAME 'domain'
+ SUP top STRUCTURAL
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 15]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ MUST dc
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $
+ internationaliSDNNumber $ facsimileTelephoneNumber $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description $ o $
+ associatedName ) )
+
+ The 'top' object class and the 'dc', 'userPassword', 'searchGuide
+ 'seeAlso', 'businessCategory', 'x121Address', 'registeredAddress
+ 'destinationIndicator', 'preferredDeliveryMethod', 'telexNumber',
+ 'teletexTerminalIdentifier', 'telephoneNumber',
+ 'internationaliSDNNumber', 'facsimileTelephoneNumber', 'street',
+ 'postOfficeBox', 'postalCode', 'postalAddress',
+ 'physicalDeliveryOfficeName', 'st', 'l', 'description', 'o', types are
+ described in [Schema]. The 'associatedName' attribute type is
+ described in Section 2 of this document.
+
+ Example:
+ dn: dc=com
+ objectClass: domain
+ dc: com
+ description: the .COM TLD
+
+
+3.5. domainRelatedObject
+
+ The 'domainRelatedObject' object class is used to define entries which
+ represent DNS domains which are "equivalent" to an X.500 domain: e.g.,
+ an organization or organizational unit.
+
+ ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+ SUP top AUXILIARY
+ MUST associatedDomain )
+
+ The 'top' object class is described in [Models]. The
+ 'associatedDomain' attribute type is described in Section 2 of this
+ document.
+
+ Example:
+
+ dn: dc=example,dc=com
+ objectClass: organization
+ objectClass: dcObject
+ objectClass: domainRelatedObject
+ dc: example
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 16]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ associatedDomain: example.com
+ o: Example Organization
+
+ The 'organization' and 'dcObject' object classes and the 'dc' and 'o'
+ attribute types are described in [Schema].
+
+
+3.5. friendlyCountry
+
+ The 'friendlyCountry' object class is used to define entries
+ representing countries in the DIT. The object class is used to allow
+ friendlier naming of countries than that allowed by the object class
+ 'country' [Schema].
+
+ ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
+ SUP country STRUCTURAL
+ MUST co )
+
+ The 'country' object class is described in [Schema]. The 'co'
+ attribute type is described in Section 2 of this document.
+
+ Example:
+
+ dn: c=DE
+ objectClass: country
+ objectClass: friendlyCountry
+ c: DE
+ co: Deutschland
+ co: Germany
+ co: Federal Republic of Germany
+ co: FRG
+
+ The 'c' attribute type is described in [Schema].
+
+
+3.6. rFC822LocalPart
+
+ The 'rFC822LocalPart' object class is used to define entries which
+ represent the local part of Internet mail addresses [RFC2822]. This
+ treats the local part of the address as a 'domain' object.
+
+ ( 0.9.2342.19200300.100.4.14 NAME 'rFC822localPart'
+ SUP domain STRUCTURAL
+ MAY ( cn $ description $ destinationIndicator $
+ facsimileTelephoneNumber $ internationaliSDNNumber $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ preferredDeliveryMethod $ registeredAddress $
+ seeAlso $ sn $ street $ telephoneNumber $
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 17]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ teletexTerminalIdentifier $ telexNumber $ x121Address ) )
+
+ The 'domain' object class is described in Section 3.4 of this
+ document. The 'cn', 'description', 'destinationIndicator',
+ 'facsimileTelephoneNumber', 'internationaliSDNNumber,
+ 'physicalDeliveryOfficeName', 'postalAddress', 'postalCode',
+ 'postOfficeBox', 'preferredDeliveryMethod', 'registeredAddress',
+ 'seeAlso', 'sn, 'street', 'telephoneNumber',
+ 'teletexTerminalIdentifier', 'telexNumber' and 'x121Address' attribute
+ types are described in [Schema].
+
+
+ Example:
+
+ dn: dc=kdz,dc=example,dc=com
+ objectClass: domain
+ objectClass: rFC822LocalPart
+ dc: kdz
+ associatedName: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM
+
+ The 'dc' attribute type is described in [Schema].
+
+
+3.7. room
+
+ The 'room' object class is used to define entries representing rooms.
+ The 'cn' (commonName) attribute SHOULD be used for naming entries of
+ this object class.
+
+ ( 0.9.2342.19200300.100.4.7 NAME 'room'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) )
+
+ The 'top' object class is described in [Models]. The 'cn',
+ 'description', 'seeAlso' and 'telephoneNumber' attribute types are
+ described in [Schema]. The 'roomNumber' attribute type is described
+ in Section 2 of this document.
+
+ dn: cn=conference room,dc=example,dc=com
+ objectClass: room
+ cn: conference room
+ telephoneNumber: +1 755 555 1111
+
+
+3.8. simpleSecurityObject
+
+ The 'simpleSecurityObject' object class is used to require an entry to
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 18]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ have an 'userPassword' attribute when the entry's structural object
+ class does not require (or allow) the 'userPassword attribute'.
+
+ ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ SUP top AUXILIARY
+ MUST userPassword )
+
+ The 'top' object class is described in [Models]. The 'userPassword'
+ attribute type is described in [Schema].
+
+ dn: dc=kdz,dc=Example,dc=COM
+ objectClass: account
+ objectClass: simpleSecurityObject
+ uid: kdz
+ userPassword: My Password
+ seeAlso: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM
+
+
+4. Security Considerations
+
+ General LDAP security considerations [Roadmap] is applicable to the
+ use of this schema. Additional considerations are noted above where
+ appropriate.
+
+ Directories administrators should ensure that access to sensitive
+ information is restricted to authorized entities, but ensure that
+ appropriate data security services, including data integrity and data
+ confidentiality, are used to protect against eavesdropping.
+
+ Simple authentication (e.g., plain text passwords) mechanisms should
+ only be used when adequate data security services are in place. LDAP
+ offers reasonable strong authentication and data security services
+ [AuthMeth].
+
+
+
+5. IANA Considerations
+
+ It is requested that the Internet Assigned Numbers Authority (IANA)
+ update upon Standard Action the LDAP descriptors registry [BCP64bis]
+ as indicated the following template:
+
+ Subject: Request for LDAP Descriptor Registration Update
+ Descriptor (short name): see comment
+ Object Identifier: see comments
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Usage: see comments
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 19]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+
+ The following descriptors should be updated to refer to RFC XXXX.
+
+ NAME Type OID
+ ------------------------ ---- --------------------------
+ account O 0.9.2342.19200300.100.4.5
+ associatedDomain A 0.9.2342.19200300.100.1.37
+ associatedName A 0.9.2342.19200300.100.1.38
+ buildingName A 0.9.2342.19200300.100.1.48
+ co A 0.9.2342.19200300.100.1.43
+ document O 0.9.2342.19200300.100.4.6
+ documentAuthor A 0.9.2342.19200300.100.1.14
+ documentIdentifier A 0.9.2342.19200300.100.1.11
+ documentLocation A 0.9.2342.19200300.100.1.15
+ documentPublisher A 0.9.2342.19200300.100.1.56
+ documentSeries O 0.9.2342.19200300.100.4.8
+ documentTitle A 0.9.2342.19200300.100.1.12
+ documentVersion A 0.9.2342.19200300.100.1.13
+ domain O 0.9.2342.19200300.100.4.13
+ domainRelatedObject O 0.9.2342.19200300.100.4.17
+ drink A 0.9.2342.19200300.100.1.5
+ favouriteDrink A* 0.9.2342.19200300.100.1.5
+ friendlyCountry O 0.9.2342.19200300.100.4.18
+ friendlyCountryName A* 0.9.2342.19200300.100.1.43
+ homePhone A 0.9.2342.19200300.100.1.20
+ homePostalAddress A 0.9.2342.19200300.100.1.39
+ homeTelephone A* 0.9.2342.19200300.100.1.20
+ host A 0.9.2342.19200300.100.1.9
+ info A 0.9.2342.19200300.100.1.4
+ mail A 0.9.2342.19200300.100.1.3
+ manager A 0.9.2342.19200300.100.1.10
+ mobile A 0.9.2342.19200300.100.1.41
+ mobileTelephoneNumber A* 0.9.2342.19200300.100.1.41
+ organizationalStatus A 0.9.2342.19200300.100.1.45
+ pager A 0.9.2342.19200300.100.1.42
+ pagerTelephoneNumber A* 0.9.2342.19200300.100.1.42
+ personalTitle A 0.9.2342.19200300.100.1.40
+ rFC822LocalPart O 0.9.2342.19200300.100.4.14
+ rfc822Mailbox A* 0.9.2342.19200300.100.1.3
+ room O 0.9.2342.19200300.100.4.7
+ roomNumber A 0.9.2342.19200300.100.1.6
+ secretary A 0.9.2342.19200300.100.1.21
+ simpleSecurityObject O 0.9.2342.19200300.100.4.19
+ singleLevelQuality A 0.9.2342.19200300.100.1.50
+ uniqueIdentifier A 0.9.2342.19200300.100.1.44
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 20]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ userClass A 0.9.2342.19200300.100.1.8
+
+ where Type A is Attribute and Type O is ObjectClass, and *
+ indicates the registration is historic in nature.
+
+
+6. Acknowledgments
+
+ This document is based upon RFC 1274 by Paul Barker and Steve Kille,
+ as well as RFC 2247 by Steve Kill, Mark Wahl, Al Grimstad, Rick Huber,
+ and Sri Satulari.
+
+
+7. Editor's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+8. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+8.1. Normative References
+
+ [RFC1034] Mockapetris, P., "Domain names - concepts
+ and facilities", STD 13 (also RFC 1034), November 1987.
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [RFC2247] Kille, S., M. Wahl, A. Grimstad, R. Huber and S.
+ Sataluri, "Using Domains in LDAP/X.500 Distinguished
+ Names", January 1998.
+
+ [RFC2821] Klensin, J. (editor), "Simple Mail Transfer Protocol",
+ RFC 2822, April 2001.
+
+ [RFC3490] Faltstrom, P., P. Hoffman, and A. Costello,
+ "Internationalizing Domain Names in Applications
+ (INDA)", RFC 3490, March 2003.
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 21]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ progress.
+
+ [Models] Zeilenga, K. (editor), "LDAP: Directory Information
+ Models", draft-ietf-ldapbis-models-xx.txt, a work in
+ progress.
+
+ [Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
+ draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.
+
+ [Schema] Dally, K. (editor), "LDAP: User Schema",
+ draft-ietf-ldapbis-user-schema-xx.txt, a work in
+ progress.
+
+ [AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods and
+ Connection Level Security Mechanisms",
+ draft-ietf-ldapbis-authmeth-xx.txt, a work in progress.
+
+
+8.2. Informative References
+
+ [COSINEpilot]
+
+ [NamingPlan] Zeilenga, K., "The Internet Naming Plan for LDAP/X.500
+ Directories", draft-zeilenga-ldap-namingplan-xx.txt, a
+ work in progress.
+
+ [ISO3166] International Organization for Standardization, "Codes
+ for the representation of names of countries", ISO 3166.
+
+ [RFC1274] Barker, P. and S. Kille, "The COSINE and Internet X.500
+ Schema", November 1991.
+
+ [RFC2798] Smith, M., "The LDAP inetOrgPerson Object Class", RFC
+ 2798, April 2000.
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+
+Appendix A. Changes since RFC 1274
+
+ This document represents a substantial rewrite of RFC 1274. The
+ following sections summarize the substantive changes.
+
+A.1. LDAP Short Names
+
+ A number of COSINE attribute types have short names in LDAP.
+
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 22]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ X.500 Name LDAP Short Name
+ ------------- ---------------
+ domainComponent dc
+ favoriteDrink drink
+ friendCountryName co
+ homeTelephoneNumber homePhone
+ mobileTelephoneNumber mobile
+ pagerTelephoneNumber pager
+ rfc822Mailbox mail
+ userid uid
+
+ While the LDAP short names are generally used in LDAP, some
+ implementations may (for legacy reasons [Historic]) recognize the
+ attribute type by its X.500 name. Hence, the X.500 names have been
+ reserved solely for this purpose.
+
+ Note: 'uid' and 'dc' are described in [Schema].
+
+
+A.2. pilotObject
+
+ The 'pilotObject' object class was not brought forward as its function
+ is largely replaced by operational attributes introduced in X.500(93)
+ [X.501] and version 3 of LDAP [Models]. For instance, the function
+ of the 'lastModifiedBy' and 'lastModifiedTime' attribute types is now
+ served by the 'creatorsName', 'createTimestamp', 'modifiersName', and
+ 'modifyTimestamp' operational attributes [Models].
+
+
+A.3. pilotPerson
+
+ The 'pilotPerson' object class was not brought forward as its function
+ is largely replaced by the 'organizationalPerson' [Models] object
+ class and its subclasses, such as 'inetOrgPerson' [RFC2798].
+
+ Most of the related attribute types (e.g., 'mail', 'manager', etc.)
+ were brought forward as they are used in other object classes.
+
+
+A.4. dNSDomain
+
+ The 'dNSDomain' object class and related attribute types were not
+ brought forward as its use is primarily experimental [RFC1279].
+
+
+A.5. pilotDSA and qualityLabelledData
+
+ The 'pilotDSA' and 'qualityLabelledData' object classes, as well as
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 23]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ related attribute types, were not brought forward as it as its use is
+ primarily experimental [QoS].
+
+
+A.6. Attribute syntaxes
+
+ RFC 1274 defined and used caseIgnoreIA5StringSyntax attribute syntax.
+ This has been replaced with the IA5String syntax and approrpiate
+ matching rules in 'mail' and 'associatedDomain'.
+
+ RFC 1274 restricted 'mail' to have non-zero length values. This
+ restriction is not reflected in the IA5String syntax used in the
+ definitions provided in this specification. However, as values are
+ to conform to the <Mailbox> production, the 'mail' should not contain
+ zero-length values. Unfornuately, the directory service will not
+ enforce this restriction.
+
+
+Appendix B. Changes since RFC 2247
+
+ The 'domainNameForm' name form was not brought forward as
+ specification of name forms used in LDAP is left to a future
+ specification.
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 24]
+�
+INTERNET-DRAFT COSINE Schema 23 October 2005
+
+
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2005).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga draft-zeilenga-ldap-cosine-01 [Page 25]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-dontusecopy-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-dontusecopy-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-dontusecopy-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,283 @@
+
+
+
+
+
+
+INTERNET-DRAFT Kurt D. Zeilenga
+Intended Category: Standard Track OpenLDAP Foundation
+Expires in six months 5 March 2006
+
+
+
+ The LDAP Don't Use Copy Control
+ <draft-zeilenga-ldap-dontusecopy-02.txt>
+
+
+Status of this Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the IESG for consideration as a Standard Track
+ document. Distribution of this memo is unlimited. Technical
+ discussion of this document will take place on the IETF LDAP
+ Extensions mailing list <ldapext at ietf.org>. Please send editorial
+ comments directly to the author <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware have
+ been or will be disclosed, and any of which he or she becomes aware
+ will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2006). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+
+
+
+
+Zeilenga LDAP Don't Use Copy Control [Page 1]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-dontusecopy-02 5 March 2006
+
+
+Abstract
+
+ This document defines the Lightweight Directory Access Protocol (LDAP)
+ Don't Use Copy control extension which allows a client to specify that
+ copied information should not be used in providing service. This
+ control is based upon the X.511 dontUseCopy service control option.
+
+
+1. Background and Intended Usage
+
+ This document defines the Lightweight Directory Access Protocol (LDAP)
+ [Roadmap] Don't Use Copy control extension. The control may be
+ attached to request messages to indicate that copied (replicated or
+ cached) information [X.500] should not be used in providing service.
+ This control is based upon the X.511 [X.511] dontUseCopy service
+ control option.
+
+ The Don't Use Copy control is intended to be used where the client
+ requires the service be provided using original (master) information
+ [X.500].
+
+
+2. Terminology
+
+ DSA stands for Directory System Agent (or server).
+ DSE stands for DSA-specific Entry.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+
+3. The Don't Use Copy Control
+
+ The Don't Use Copy control is an LDAP Control [Protocol] whose
+ controlType is IANA-ASSIGNED-OID and controlValue is absent. The
+ criticality MUST be TRUE. There is no corresponding response control.
+
+ The control is appropriate for both LDAP interrogation operations,
+ including Compare and Search operations [Protocol]. It is
+ inappropriate for all other operations, including Abandon, Bind,
+ Delete, Modify, ModifyDN, StartTLS, and Unbind operations [Protocol].
+
+ When the control is attached to an LDAP request, the requested
+ operation MUST NOT be performed on copied information. That is, the
+ requested operation MUST be performed on original information.
+
+ If original information for the target or base object of the operation
+
+
+
+Zeilenga LDAP Don't Use Copy Control [Page 2]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-dontusecopy-02 5 March 2006
+
+
+ is not available (either locally or through chaining), the server MUST
+ either return a referral directing the client to a server believed to
+ be better able to service the request or return an appropriate result
+ code (e.g., unwillingToPerform).
+
+
+4. Security Considerations
+
+ This control is intended to be provided where providing service using
+ copied information might lead to unexpected application behavior.
+ Designers of directory applications should consider where it is
+ appropriate for clients to provide this control. Designers should
+ consider whether use of copied information, in particular security and
+ policy information, may result insecure behavior.
+
+ Security considerations for the base operations [Protocol] extended by
+ this control, as well as general LDAP security considerations
+ [Roadmap], generally apply to implementation and use of this
+ extension.
+
+
+5. IANA Considerations
+
+5.1. Object Identifier
+
+ It is requested that IANA assign upon Standards Action an LDAP Object
+ Identifier [BCP64bis] to identify the LDAP Don't Use Copy Control
+ defined in this document.
+
+ Subject: Request for LDAP Object Identifier Registration
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+ Identifies the LDAP Don't Use Copy Control
+
+5.2 LDAP Protocol Mechanism
+
+ Registration of this protocol mechanism [BCP64bis] is requested.
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID
+ Description: Don't Use Copy Control
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at openldap.org>
+ Usage: Control
+ Specification: RFC XXXX
+
+
+
+Zeilenga LDAP Don't Use Copy Control [Page 3]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-dontusecopy-02 5 March 2006
+
+
+ Author/Change Controller: IESG
+ Comments: none
+
+
+
+6. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+7. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+7.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+ [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+
+7.2. Informative References
+
+ [X.500] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Overview of concepts, models and services,"
+ X.500(1993) (also ISO/IEC 9594-1:1994).
+
+ [X.511] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The
+ Directory: Abstract Service Definition", X.511(1993)
+ (also ISO/IEC 9594-3:1993).
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+
+
+
+Zeilenga LDAP Don't Use Copy Control [Page 4]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-dontusecopy-02 5 March 2006
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+Zeilenga LDAP Don't Use Copy Control [Page 5]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-incr.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-incr.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-incr.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,340 @@
+
+
+
+
+
+INTERNET-DRAFT Kurt D. Zeilenga
+Intended Category: Experimental OpenLDAP Foundation
+Expires in six months 10 February 2005
+
+
+
+ LDAP Modify-Increment Extension
+ <draft-zeilenga-ldap-incr-01.txt>
+
+
+Status of this Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor as an Experimental document.
+ Distribution of this memo is unlimited. Technical discussion of this
+ document will take place on the IETF LDAP Extensions mailing list
+ <ldapext at ietf.org>. Please send editorial comments directly to the
+ author <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, I accept the provisions of Section
+ 4 of RFC 3667. By submitting this Internet-Draft, I certify that any
+ applicable patent or other IPR claims of which I am aware have been
+ disclosed, or will be disclosed, and any of which I become aware will
+ be disclosed, in accordance with RFC 3668.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2005). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+
+
+
+Zeilenga LDAP Modify-Increment Extension [Page 1]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-incr-01.txt 10 February 2005
+
+
+Abstract
+
+ This document describes an extension to the Lightweight Directory
+ Access Protocol (LDAP) Modify operation to support an increment
+ capability. This extension is useful in provisioning applications,
+ especially when combined with the assertion control and/or the
+ pre-read or post-read control extension.
+
+
+1. Background and Intended Use
+
+ The Lightweight Directory Access Protocol [Roadmap] does not currently
+ provide an operation to increment values of an attribute. A client
+ must read the values of the attribute, then modify those values to
+ increment them by the desired amount. As the values may be updated by
+ other clients between this add and modify, the client must be careful
+ to construct the modify request so that it fails in this case, and
+ upon failure, re-read the values and construct a new modify request.
+
+ This document extends the LDAP Modify Operation [Protocol] to support
+ an increment values capability. This feature is intended to be used
+ with either the LDAP pre-read or post-read control extension
+ [ReadEntry]. This feature may also be used with the LDAP assertion
+ control [Assertion] to provide test-and-increment functionality.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+
+2. The Modify-Increment Extension
+
+ This document extends the LDAP Modify request to support a increment
+ values capability. Implementations of this extension SHALL support an
+ additional ModifyRequest operation enumeration value increment (IANA-
+ ASSIGNED-TYPE) as described herein. Implementations not supporting
+ this extension will treat this value as they would an unlisted value,
+ e.g., as a protocol error.
+
+ The increment (IANA-ASSIGNED-TYPE) operation value specifies that an
+ increment values modification is requested. All existing values of
+ the modification attribute are to be incremented by the listed value.
+ The modification attribute must be appropriate for request, e.g., must
+ have INTEGER or other increment-able values, and the modification must
+ provide one and only value. If the attribute is not appropriate for
+ the request, a constraintViolation or other appropriate error is to be
+ returned. If multiple values are provided, a protocolError is to be
+ returned.
+
+
+
+Zeilenga LDAP Modify-Increment Extension [Page 2]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-incr-01.txt 10 February 2005
+
+
+ Servers supporting this feature SHOULD publish the object identifier
+ (OID) IANA-ASSIGNED-OID as a value of the 'supportedFeatures'
+ [RFC3674] attribute in the root DSE. Clients supporting this feature
+ SHOULD NOT use the feature unless they have knowledge the server
+ supports it.
+
+
+ 3. LDIF Support
+
+ To represent Modify-Increment requests in LDAP Data Interchange Format
+ [RFC2849], the ABNF [RFC2234] production <mod-spec> is extended as
+ follows:
+
+ mod-spec /= "increment:" FILL AttributeDescription SEP
+ attrval-spec "-" SEP
+
+ For example,
+
+ # Increment uidNumber
+ dn: cn=max-assigned uidNumber,dc=example,dc=com
+ changetype: modify
+ increment: uidNumber
+ uidNumber: 1
+ -
+
+ This LDIF fragment represents a Modify request to increment the
+ value(s) of uidNumber by 1.
+
+
+4. Security Considerations
+
+ General LDAP security considerations [Roadmap], as well as those
+ specific to the LDAP Modify [Protocol], apply to this Modify-Increment
+ extension. Beyond these considerations, it is noted that introduction
+ of this extension should reduce application complexity (by provide one
+ operation what presently requires multiple operation) and, hence, may
+ aide in the production of correct and secure implementations.
+
+
+5. IANA Considerations
+
+ Registration of the following values [BCP64bis] is requested.
+
+
+5.1. Object Identifier
+
+ It is requested that IANA assign an LDAP Object Identifier to identify
+ the LDAP Modify-Increment feature as defined in this document.
+
+
+
+Zeilenga LDAP Modify-Increment Extension [Page 3]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-incr-01.txt 10 February 2005
+
+
+ Subject: Request for LDAP Object Identifier Registration
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Specification: RFC XXXX
+ Author/Change Controller: Author
+ Comments:
+ Identifies the LDAP Modify-Increment feature
+
+
+
+5.2. LDAP Protocol Mechanism
+
+ It is requested that the following LDAP Protocol Mechanism be
+ registered.
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID
+ Description: Modify-Increment
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at openldap.org>
+ Usage: Feature
+ Specification: RFC XXXX
+ Author/Change Controller: Kurt Zeilenga <kurt at openldap.org>
+ Comments: none
+
+
+5.3. LDAP Protocol Mechanism
+
+ It is requested that IANA assign an LDAP ModifyRequest Operation Type
+ [BCP64bis] for use in this document.
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ ModifyRequest Operation Name: increment
+ Description: Modify-Increment
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at openldap.org>
+ Usage: Feature
+ Specification: RFC XXXX
+ Author/Change Controller: Kurt Zeilenga <kurt at openldap.org>
+ Comments: none
+
+
+6. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+ <Kurt at OpenLDAP.org>
+
+
+
+
+Zeilenga LDAP Modify-Increment Extension [Page 4]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-incr-01.txt 10 February 2005
+
+
+7. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+7.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [RFC2234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
+ Specifications: ABNF", RFC 2234, November 1997.
+
+ [RFC2849] Good, G., "The LDAP Data Interchange Format (LDIF) -
+ Technical Specification", RFC 2849, June 2000.
+
+ [Features] Zeilenga, K., "Feature Discovery in LDAP", RFC 3674,
+ December 2003.
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+ [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+
+7.2. Informative References
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+ [ReadEntry] Zeilenga, K., "LDAP Read Entry Controls",
+ draft-zeilenga-ldap-readentry-xx.txt, a work in
+ progress.
+
+ [Assertion] Zeilenga, K., "LDAP Assertion Control",
+ draft-zeilenga-ldap-assert-xx.txt, a work in progress.
+
+ [ASSIGN] OpenLDAP Foundation, "OpenLDAP OID Delegations",
+ http://www.openldap.org/foundation/oid-delegate.txt.
+
+ [PRIVATE] IANA, "Private Enterprise Numbers",
+ http://www.iana.org/assignments/enterprise-numbers.
+
+
+
+
+
+Zeilenga LDAP Modify-Increment Extension [Page 5]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-incr-01.txt 10 February 2005
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2005). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga LDAP Modify-Increment Extension [Page 6]
+�
+
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-managedit-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-managedit-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-managedit-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,675 @@
+
+
+
+
+
+
+INTERNET-DRAFT Kurt D. Zeilenga
+Intended Category: Experimental OpenLDAP Foundation
+Expires in six months 27 February 2006
+
+
+
+ The LDAP Manage Directory Information Tree Control
+ <draft-zeilenga-ldap-managedit-00.txt>
+
+
+Status of this Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor for publication as an
+ Experimental document. Distribution of this memo is unlimited.
+ Technical discussion of this document will take place on the IETF LDAP
+ Extensions mailing list <ldapext at ietf.org>. Please send editorial
+ comments directly to the author <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware have
+ been or will be disclosed, and any of which he or she becomes aware
+ will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2006). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+
+
+
+
+Zeilenga LDAP Manage DIT Control [Page 1]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
+
+
+Abstract
+
+ This document defines the Lightweight Directory Access Protocol (LDAP)
+ Manage Directory Information Tree (DIT) Control which allows a
+ directory user agent (a client) to request the directory service
+ temporarily relax enforcement of constraints of the X.500 models.
+
+
+1. Background and Intended Use
+
+ Directory servers accessible via Lightweight Directory Access Protocol
+ (LDAP) [Roadmap] are expected to act in accordance with the X.500
+ series of ITU-T Recommendations. In particular, servers are expected
+ to ensure the X.500 data and service models are not violated.
+
+ An LDAP server is expected to prevent modification of the structural
+ object class of an object [Models]. That is, the X.500 models do not
+ allow a 'person' object to be transformed into an
+ 'organizationalPerson' object through modification of the object.
+ Instead, the 'person' object must be deleted and then a new
+ 'organizationalPerson' object created in its place. This approach,
+ aside from being inconvient, is problematic for a number reasons.
+ First, as LDAP does not have a standardized method for performing the
+ two operations in a single transaction, the intermediate directory
+ state (after the delete, before the add) is visible to other clients,
+ which may lead to undesirable client behavior. Second, attributes
+ such as entryUUID [entryUUID] will reflect the object was replaced,
+ not transformed.
+
+ An LDAP server is expected to prevent clients from modifying values of
+ NO-USER-MODIFICATION attributes [Models]. For instance, an entry is
+ not allowed to assign or modify the value of the entryUUID attribute.
+ However, where an administrator is restoring a previously existing
+ object, for instance when repartitioning data between directory
+ servers or when migrating from one vendor server product to another,
+ it may be desirable to allow the client to assign or modify the value
+ of the entryUUID attribute.
+
+ This document specifies the Manage Directory Information Tree (DIT)
+ control. The Manage DIT control may be attached to LDAP requests to
+ update the DIT to request DIT restrictions be temporarily relaxed
+ during the performance of the requested DIT update. The server is
+ however to ensure the resulting directory state is valid.
+
+ Use of this control is expected that use of this extension will be
+ restricted by administrative and/or access controls. It is intended
+ to be used by directory administrators.
+
+
+
+
+Zeilenga LDAP Manage DIT Control [Page 2]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
+
+
+ This extension is considered experimental as it is not yet clear
+ whether it adequately addresses directory administrators' needs for
+ flexible mechanisms for managing directory objects. It is hoped that
+ after suitable amount of time, either this extension or a suitable
+ replacement will be standardization.
+
+
+1.1. Terminology
+
+ Protocol elements are described using ASN.1 [X.680] with implicit
+ tags. The term "BER-encoded" means the element is to be encoded using
+ the Basic Encoding Rules [X.690] under the restrictions detailed in
+ Section 5.2 of [Protocol].
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+ DSA stands for Directory System Agent, a server. DSE stands for DSA-
+ specific Entry.
+
+
+2. The Manage DIT Control
+
+ The Manage DIT control is an LDAP Control [Protocol] whose controlType
+ is IANA-ASSIGNED-OID, controlValue is empty, and the criticality of
+ TRUE.
+
+ There is no corresponding response control.
+
+ The control is appropriate for all LDAP update requests, including
+ add, delete, modify, and modifyDN (rename) [Protocol].
+
+ The presence of the Manage DIT control in an LDAP update request
+ indicates the server temporarily relax X.500 model contraints during
+ performance of the directory update.
+
+ The server may restrict use of this control and/or limit the extent of
+ the relaxation provided based upon local policy or factors.
+
+ The server is obligated to ensure the resulting directory state is
+ consistent with the X.500 models. For instance, the server ensure
+ that values of attributes conform to the value syntax.
+
+ It is noted that while this extension may be used to add or modify
+ objects in a manner which violate the controlling subschema, the
+ presence of objects in the DIT is not inconsistent with the X.500
+ models. For instance, an object created prior to establshment of a
+
+
+
+Zeilenga LDAP Manage DIT Control [Page 3]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
+
+
+ DIT content rule may contain an attribute now precluded by the current
+ controlling DIT Content Rule.
+
+ Servers implementing this technical specification SHOULD publish the
+ object identifier IANA-ASSIGNED-OID as a value of the
+ 'supportedControl' attribute [Models] in their root DSE. A server MAY
+ choose to advertise this extension only when the client is authorized
+ to use it.
+
+
+3. Use Cases
+
+3.1. Object metamorphism
+
+ In absence of this control, an attempt to modify an object's
+ 'objectClass' in a manner which cause a change in the structural
+ object class of the object would normally lead to an
+ objectClassModsProhibited error [Protocol]. The presence of the
+ Manage DIT control in the modify request requests the change be
+ allowed. If the server is willing and able to allow the change in the
+ structural object class of the object.
+
+ For instance, to change an 'organization' object into an
+ 'organizationalUnit' object, a client could issue the following LDAP
+ request:
+
+ dn: o=Unit,dc=example,dc=net
+ control: IANA-ASSIGNED-OID
+ changetype: modify
+ delete: objectClass
+ objectClass: organization
+ -
+ add: objectClass
+ objectClass: organizationalUnit
+ -
+
+ In this case, the server is expected to either effect the requested
+ change in the structural object class, including updating of the value
+ of the structural object class, or fail the operation.
+
+
+3.2. Inactive Attribute Types
+
+ In absence of the Manage DIT control, an attempt to add or modify
+ values to an attribute whose type has been marked inactive in the
+ controlling subschema (its attribute type description contains the
+ OBSOLETE field) [Models] normally results in a failure.
+
+
+
+
+Zeilenga LDAP Manage DIT Control [Page 4]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
+
+
+ In the presence of the Manage DIT control, the server performs the
+ update operation as if the attribute's type is marked active in the
+ controlling subschema (its attribute type description does not contain
+ the OBSOLETE field).
+
+
+3.3. DIT Content Rules
+
+ In absence of the Manage DIT control, an attempt to include the name
+ (or OID) of an auxiliary class to an object's 'objectClass' which is
+ not allowed by the controlling DIT Content Rule would be disallowed
+ [Models]. Additionally, an attempt to add values of an attribute not
+ allowed (or explicitly precluded) by the DIT Content Rule would fail.
+
+ In presence of the Manage DIT control, the server performs the update
+ operation as if the controlling DIT Content Rule allowed any and all
+ known auxiliary classses to be present and allowed any and all known
+ attributes to be present (and precluded no attributes).
+
+
+3.4. DIT Structure Rules and Name Forms
+
+ In absence of the Manage DIT control, the service enforces DIT
+ structure rules and name form requirements of the controlling
+ subschema [Models].
+
+ In the presence of the Manage DIT control, the server performs the
+ update operation ignoring all DIT structure rules and name forms in
+ the controlling subschema.
+
+
+3.5. Modification of Nonconformant Objects
+
+ It is also noted that in absense of this control, modification of an
+ object which presently violates the controlling subschema will fail
+ unless the modification would result in the object conforming to the
+ controlling subschema. That is, modifications of an non-conformant
+ object should result in a conformant object.
+
+ In the presence of this control, modifications of a non-conformant
+ object need not result in a conformant object.
+
+
+3.6. NO-USER-MODIFICATION attribute modification
+
+ In absence of this control, an attempt to modify values of a
+ NO-USER-MODIFICATION attribute would normally lead to a
+ constraintViolation or other appropriate error [Protocol]. In the
+
+
+
+Zeilenga LDAP Manage DIT Control [Page 5]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
+
+
+ presence of the Manage DIT control in the update request requests the
+ modification be allowed.
+
+ Relaxation of the NO-USER-MODIFICATION constraint is not appropriate
+ for some operational attribute types. For instance, as the value of
+ the 'structuralObjectClass' is derived by the values of the
+ 'objectClass' attribute, the 'structuralObjectClass' attribute type's
+ NO-USER-MODIFICATION contraint MUST NOT be relaxed. To effect a
+ change in the structuralObjectClass class, values of objectClass
+ should be changed as discussed in Section 3.1. Other attributes for
+ which the NO-USER-MODIFICATION constraint should not be relaxed
+ include 'entryDN' [EntryDN], 'subschemaSubentry' [Models], and
+ 'collectiveAttributeSubentries' [RFC3671].
+
+ The subsections of this section discuss modification of various
+ operational attributes where their NO-USER-MODIFICATION constraint may
+ be relaxed. Future documents may specify where NO-USER-MODIFICATION
+ constraints on other operational attribute may be relaxed. In absence
+ of a document detailing that the NO-USER-MODIFICATION constraint on a
+ particular operational attribute may be relaxed, implementors SHOULD
+ assume relaxation of the constraint is not appropriate for that
+ attribute.
+
+
+3.1.1. entryUUID
+
+ To provide a value for the 'entryUUID' attribute on entry creation,
+ the client should issue an LDAP Add request with a Manage DIT control
+ providing the desired value. For instance:
+
+ dn: ou=Unit,dc=example,dc=net
+ control: IANA-ASSIGNED-OID
+ changetype: add
+ objectClass: organizationalUnit
+ ou: Unit
+ entryUUID: 597ae2f6-16a6-1027-98f4-d28b5365dc14
+
+ In this case, the server is either to add the entry using the
+ provided 'entryUUID' value or fail the request.
+
+ To provide a replacement value for the 'entryUUID' after entry
+ creation, the client should issue an LDAP Modify request with a
+ Manage DIT control including an approrpiate change. For instance:
+
+ dn: ou=Unit,dc=example,dc=net
+ control: IANA-ASSIGNED-OID
+ changetype: modify
+ replace: entryUUID
+
+
+
+Zeilenga LDAP Manage DIT Control [Page 6]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
+
+
+ entryUUID: 597ae2f6-16a6-1027-98f4-d28b5365dc14
+ -
+
+ In this case, the server is either to replace the 'entryUUID' value
+ as requested or fail the request.
+
+
+3.2.2. createTimestamp
+
+ To provide a value for the 'createTimestamp' attribute on entry
+ creation, the client should issue an LDAP Add request with a Manage
+ DIT control providing the desired 'createTimestamp' value. For
+ instance:
+
+ dn: ou=Unit,dc=example,dc=net
+ control: IANA-ASSIGNED-OID
+ changetype: add
+ objectClass: organizationalUnit
+ ou: Unit
+ createTimestamp: 20060101000000Z
+
+ In this case, the server is either to add the entry using the
+ provided 'createTimestamp' value or fail the request.
+
+ To provide a replacement value for the 'createTimestamp' after
+ entry creation, the client should issue an LDAP Modify request with
+ a Manage DIT control including an approrpiate change. For instance:
+
+ dn: ou=Unit,dc=example,dc=net
+ control: IANA-ASSIGNED-OID
+ changetype: modify
+ replace: createTimestamp
+ createTimestamp: 20060101000000Z
+ -
+
+ In this case, the server is either to replace the 'createTimestamp'
+ value as requested or fail the request.
+
+ The server should ensure the requested 'createTimestamp' value is
+ appropriate. In particular, it should fail the request if the
+ requested 'createTimestamp' value is in the future or is greater
+ than the value of the 'modifyTimestamp' attribute.
+
+
+3.2.3. modifyTimestamp
+
+ To provide a value for the 'modifyTimestamp' attribute on entry
+ creation, the client should issue an LDAP Add request with a Manage
+
+
+
+Zeilenga LDAP Manage DIT Control [Page 7]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
+
+
+ DIT control providing the desired 'modifyTimestamp' value. For
+ instance:
+
+ dn: ou=Unit,dc=example,dc=net
+ control: IANA-ASSIGNED-OID
+ changetype: add
+ objectClass: organizationalUnit
+ ou: Unit
+ modifyTimestamp: 20060101000000Z
+
+ In this case, the server is either to add the entry using
+ the provided 'modifyTimestamp' value or fail the request.
+
+ To provide a replacement value for the 'modifyTimestamp' after
+ entry creation, the client should issue an LDAP Modify
+ request with a Manage DIT control including an approrpiate
+ change. For instance:
+
+ dn: ou=Unit,dc=example,dc=net
+ control: IANA-ASSIGNED-OID
+ changetype: modify
+ replace: modifyTimestamp
+ modifyTimestamp: 20060101000000Z
+ -
+
+ In this case, the server is either to replace the 'modifyTimestamp'
+ value as requested or fail the request.
+
+ The server should ensure the requested 'modifyTimestamp' value is
+ appropriate. In particular, it should fail the request if the
+ requested 'modifyTimestamp' value is in the future or is less than
+ the value of the 'createTimestamp' attribute.
+
+
+ 3.2.3. creatorsName and modifiersName
+
+ To provide a value for the 'creatorsName' and/or 'modifiersName'
+ attribute on entry creation, the client should issue an LDAP Add
+ request with a Manage DIT control providing the desired values.
+ For instance:
+
+ dn: ou=Unit,dc=example,dc=net
+ control: IANA-ASSIGNED-OID
+ changetype: add
+ objectClass: organizationalUnit
+ ou: Unit
+ creatorsName: cn=Jane Doe,dc=example,net
+ modifiersName: cn=Jane Doe,dc=example,net
+
+
+
+Zeilenga LDAP Manage DIT Control [Page 8]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
+
+
+ In this case, the server is either to add the entry using
+ the provided values or fail the request.
+
+ To provide a replacement values after entry creation for either of
+ the 'creatorsName' or 'modifiersName' attributes or both, the
+ client should issue an LDAP Modify request with a Manage DIT control
+ including the approrpiate changes. For instance:
+
+ dn: ou=Unit,dc=example,dc=net
+ control: IANA-ASSIGNED-OID
+ changetype: modify
+ replace: creatorsName
+ creatorsName: cn=Jane Doe,dc=example,net
+ -
+ replace: modifiersName
+ modifiersName: cn=Jane Doe,dc=example,net
+ -
+
+ In this case, the server is either to replace the provided
+ values as requested or fail the request.
+
+
+4. Security Considerations
+
+ Use of this extension should be subject to appropriate administrative
+ and access controls. Use of this mechanism is intended to be
+ restricted to directory administrators.
+
+ Security considerations for the base operations [Protocol] extended
+ by this control, as well as general LDAP security considerations
+ [Roadmap], generally apply to implementation and use of this
+ extension.
+
+
+5. IANA Considerations
+
+5.1. Object Identifier
+
+ It is requested that IANA assign a LDAP Object Identifier [BCP64bis]
+ to identify the LDAP Assertion Control defined in this document.
+
+ Subject: Request for LDAP Object Identifier Registration
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Specification: RFC XXXX
+ Author/Change Controller: Kurt Zeilenga <kurt at openldap.org>
+ Comments: Identifies the LDAP Manage DIT Control
+
+
+
+
+Zeilenga LDAP Manage DIT Control [Page 9]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
+
+
+5.2 LDAP Protocol Mechanism
+
+ Registration of this protocol mechanism [BCP64bis] is requested.
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID
+ Description: Manage DIT Control
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at openldap.org>
+ Usage: Control
+ Specification: RFC XXXX
+ Author/Change Controller: Kurt Zeilenga <kurt at openldap.org>
+ Comments: none
+
+
+6. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+7. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+7.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+ [Models] Zeilenga, K. (editor), "LDAP: Directory Information
+ Models", draft-ietf-ldapbis-models-xx.txt, a work in
+ progress.
+
+
+
+7.2. Informative References
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+
+
+
+Zeilenga LDAP Manage DIT Control [Page 10]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
+
+
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+ [EntryUUID] Zeilenga, K., "The LDAP EntryUUID Operational
+ Attribute", draft-zeilenga-ldap-uuid-xx.txt, a work in
+ progress.
+
+ [RFC2849] Good, G., "The LDAP Data Interchange Format (LDIF) -
+ Technical Specification", RFC 2849, June 2000.
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+
+
+
+Zeilenga LDAP Manage DIT Control [Page 11]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
+
+
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga LDAP Manage DIT Control [Page 12]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-noop-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-noop-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-noop-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,339 @@
+
+
+
+
+
+
+INTERNET-DRAFT Kurt D. Zeilenga
+Intended Category: Standard Track OpenLDAP Foundation
+Expires in six months 5 March 2006
+
+
+
+ The LDAP No-Op Control
+ <draft-zeilenga-ldap-noop-08.txt>
+
+
+Status of this Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the IESG for consideration as a Standard Track
+ document. Distribution of this memo is unlimited. Technical
+ discussion of this document will take place on the IETF LDAP
+ Extensions mailing list <ldapext at ietf.org>. Please send editorial
+ comments directly to the author <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware have
+ been or will be disclosed, and any of which he or she becomes aware
+ will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2006). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+
+
+
+
+Zeilenga LDAP No-Op Control [Page 1]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-noop-08 5 March 2006
+
+
+Abstract
+
+ This document defines the Lightweight Directory Access Protocol (LDAP)
+ No-Op control which can be used to disable the normal effect of an
+ operation. The control can be used to discover how a server might
+ react to a particular update request without updating the directory.
+
+
+1. Overview
+
+ It is often desirable to be able to determine if a directory operation
+ [Protocol] would successful complete or not without having the normal
+ effect of the operation take place. For example, an administrative
+ client might want to verify that new user could update their entry
+ (and not other entries) without the directory actually being updated.
+ The mechanism could be used to build more sophisticated security
+ auditing tools.
+
+ This document defines the Lightweight Directory Access Protocol (LDAP)
+ [Roadmap] No-Op control extension. The presence of the No-Op control
+ in an operation request message disables its normal effect upon the
+ directory which operation would otherwise have. Instead of updating
+ the directory and returning the normal indication of success, the
+ server does not update the directory and indicates so by returning the
+ noOperation resultCode (introduced below).
+
+ For example, when the No-Op control is present in a LDAP modify
+ operation [Protocol], the server is do all processing necessary to
+ perform the operation without actually updating the directory. If it
+ detects an error during this processing, it returns a non-success
+ (other than noOperation) resultCode as it normally would. Otherwise,
+ it returns the noOperation. In either case, the directory is left
+ unchanged.
+
+ This No-Op control is not intended to be to an "effective access"
+ mechanism [RFC2820, U12].
+
+
+1.1. Terminology
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+ DN stands for Distinguished Name.
+ DSA stands for Directory System Agent.
+ DSE stands for DSA-specific entry.
+
+
+
+
+Zeilenga LDAP No-Op Control [Page 2]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-noop-08 5 March 2006
+
+
+2. No-Op Control
+
+ The No-Op control is an LDAP Control [Protocol] whose controlType is
+ IANA-ASSIGNED-OID and controlValue is absent. Clients MUST provide a
+ criticality value of TRUE to prevent unintended modification of the
+ directory.
+
+ The control is appropriate for request messages of LDAP Add, Delete,
+ Modify and ModifyDN operations [Protocol]. The control is also
+ appropriate for requests of extended operations which update the
+ directory (or other data stores), such as Password Modify Extended
+ Operation [RFC3062]. There is no corresponding response control.
+
+ When the control is attached to an LDAP request, the server does all
+ normal processing possible for the operation without modification of
+ the directory. That is, when the control is attached to an LDAP
+ request, the directory SHALL NOT be updated and the response SHALL NOT
+ have a resultCode of success (0).
+
+ A result code other than noOperation (IANA-ASSIGNED-CODE) means that
+ the server is unable or unwilling to complete the processing for the
+ reason indicated by the result code. A result code of noOperation
+ (IANA-ASSIGNED-CODE) indicates that the server discovered no reason
+ why the operation would fail if submitted without the No-Op control.
+ It is noted that there may be reasons why the operation may fail which
+ are only discoverable when submitting without the No-Op control.
+
+ Servers SHOULD indicate their support for this control by providing
+ IANA-ASSIGNED-OID as a value of the 'supportedControl' attribute type
+ [Models] in their root DSE entry. A server MAY choose to advertise
+ this extension only when the client is authorized to use this
+ operation.
+
+
+3. Security Considerations
+
+ The No-Op control mechanism allows directory administrators and users
+ to verify that access control and other administrative policy controls
+ are properly configured. The mechanism may also lead to the
+ development (and deployment) of more effective security auditing
+ tools.
+
+ Implementors of this LDAP extension should be familiar with security
+ considerations applicable to the LDAP operations [Protocol] extended
+ by this control, as well as general LDAP security considerations
+ [Roadmap].
+
+
+
+
+
+Zeilenga LDAP No-Op Control [Page 3]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-noop-08 5 March 2006
+
+
+4. IANA Considerations
+
+4.1. Object Identifier
+
+ It is requested that IANA assign an LDAP Object Identifier [BCP64bis]
+ to identify the LDAP No-Op Control defined in this document.
+
+ Subject: Request for LDAP Object Identifier Registration
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+ Identifies the LDAP No-Op Control
+
+
+4.2 LDAP Protocol Mechanism
+
+ Registration of this protocol mechanism is requested [RFC3383].
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID
+ Description: No-Op Control
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at openldap.org>
+ Usage: Control
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+4.3 LDAP Result Code
+
+ Assignment of an LDAP Result Code called 'noOperation' is requested.
+
+ Subject: LDAP Result Code Registration
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Result Code Name: noOperation
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+5. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+
+
+Zeilenga LDAP No-Op Control [Page 4]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-noop-08 5 March 2006
+
+
+ Email: Kurt at OpenLDAP.org
+
+
+6. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+6.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+ [Models] Zeilenga, K. (editor), "LDAP: Directory Information
+ Models", draft-ietf-ldapbis-models-xx.txt, a work in
+ progress.
+
+
+6.2. Informative References
+
+ [X.500] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Overview of concepts, models and services,"
+ X.500(1993) (also ISO/IEC 9594-1:1994).
+
+ [RFC2820] Stokes, E., et. al., "Access Control Requirements for
+ LDAP", RFC 2820, May 2000.
+
+ [RFC3062] Zeilenga, K., "LDAP Password Modify Extended Operation",
+ RFC 3062, February 2000.
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+
+
+
+Zeilenga LDAP No-Op Control [Page 5]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-noop-08 5 March 2006
+
+
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga LDAP No-Op Control [Page 6]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-readentry-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-readentry-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-readentry-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,452 @@
+
+
+
+
+
+INTERNET-DRAFT Kurt D. Zeilenga
+Intended Category: Standard Track OpenLDAP Foundation
+Expires in six months 10 February 2005
+
+
+
+ LDAP Read Entry Controls
+ <draft-zeilenga-ldap-readentry-04.txt>
+
+
+1. Status of this Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor as a Standard Track document.
+ Distribution of this memo is unlimited. Technical discussion of this
+ document will take place on the IETF LDAP Extensions mailing list
+ <ldapext at ietf.org>. Please send editorial comments directly to the
+ author <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, I accept the provisions of Section
+ 4 of RFC 3667. By submitting this Internet-Draft, I certify that any
+ applicable patent or other IPR claims of which I am aware have been
+ disclosed, or will be disclosed, and any of which I become aware will
+ be disclosed, in accordance with RFC 3668.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2005). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+
+
+
+Zeilenga LDAP Read Entry Controls [Page 1]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-readentry-04 10 February 2005
+
+
+Abstract
+
+ This document specifies an extension to the Lightweight Directory
+ Access Protocol (LDAP) to allow the client to read the target entry of
+ an update operation. The client may request to read the entry before
+ and/or after the modifications are applied. These reads are done as
+ an atomic part of the update operation.
+
+
+1. Background and Intent of Use
+
+ This document specifies an extension to the Lightweight Directory
+ Access Protocol (LDAP) [Roadmap] to allow the client to read the
+ target entry of an update operation (e.g., Add, Delete, Modify,
+ ModifyDN). The extension utilizes controls [Protocol] attached to
+ update requests to request and return copies of the target entry. One
+ request control, called the Pre-Read request control, indicates that a
+ copy of the entry before application of update is to be returned.
+ Another control, called the Post-Read request control, indicates that
+ a copy of the entry after application of the update is to be returned.
+ Each request control has a corresponding response control used to
+ return the entry.
+
+ To ensure proper isolation, the controls are processed as an atomic
+ part of the update operation.
+
+ The functionality offered by these controls is based upon similar
+ functionality in the X.500 Directory Access Protocol (DAP) [X.511].
+
+ The Pre-Read controls may be used to obtain replaced or deleted values
+ of modified attributes or a copy of the entry being deleted.
+
+ The Post-Read controls may be used to obtain values of operational
+ attributes, such as the 'entryUUID' [EntryUUID] and 'modifyTimestamp'
+ [Models] attributes, updated by the server as part of the update
+ operation.
+
+
+2. Terminology
+
+ Protocol elements are described using ASN.1 [X.680] with implicit
+ tags. The term "BER-encoded" means the element is to be encoded using
+ the Basic Encoding Rules [X.690] under the restrictions detailed in
+ Section 5.2 of [Protocol].
+
+ DN stands for Distinguished Name.
+ DSA stands for Directory System Agent (i.e., a directory server).
+ DSE stands for DSA-specific Entry.
+
+
+
+Zeilenga LDAP Read Entry Controls [Page 2]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-readentry-04 10 February 2005
+
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+
+3. Read Entry Controls
+
+3.1. The Pre-Read Controls
+
+ The Pre-Read request and response controls are identified by the
+ IANA-ASSIGNED-OID.1 object identifier. Servers implementing these
+ controls SHOULD publish IANA-ASSIGNED-OID.1 as a value of the
+ 'supportedControl' [Models] in their root DSE.
+
+ The Pre-Read request control is an LDAP Control [Protocol] whose
+ controlType is IANA-ASSIGNED-OID.1 and whose controlValue is a
+ BER-encoded AttributeSelection [Protocol], as extended by [RFC3673].
+ The criticality may be TRUE or FALSE. This control is appropriate for
+ the modifyRequest, delRequest, and modDNRequest LDAP messages.
+
+ The corresponding response control is a LDAP Control whose controlType
+ is IANA-ASSIGNED-OID.1 and whose the controlValue, an OCTET STRING,
+ contains a BER-encoded SearchResultEntry. The criticality may be TRUE
+ or FALSE. This control is appropriate for the modifyResponse,
+ delResponse, and modDNResponse LDAP messages with a resultCode of
+ success (0).
+
+ When the request control is attached to an appropriate update LDAP
+ request, the control requests the return of a copy of target entry
+ prior to the application of the update. The AttributeSelection
+ indicates, as discussed in [Protocol][RFC3673] which attributes are
+ requested to appear in the copy. The server is to return a
+ SearchResultEntry containing, subject to access controls and other
+ constraints, values of the requested attributes.
+
+ The normal processing of the update operation and the processing of
+ this control MUST be performed as one atomic action isolated from
+ other update operations.
+
+ If the update operation fails (in either normal or control
+ processing), no response control is provided.
+
+
+3.2. The Post-Read Controls
+
+ The Post-Read request and response controls are identified by the
+ IANA-ASSIGNED-OID.2 object identifier. Servers implementing these
+ controls SHOULD publish IANA-ASSIGNED-OID.2 as a value of the
+
+
+
+Zeilenga LDAP Read Entry Controls [Page 3]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-readentry-04 10 February 2005
+
+
+ 'supportedControl' [Models] in their root DSE.
+
+ The Post-Read request control is an LDAP Control [Protocol] whose
+ controlType is IANA-ASSIGNED-OID.2 and whose controlValue, an OCTET
+ STRING, contains a BER-encoded AttributeSelection [Protocol], as
+ extended by [RFC3673]. The criticality may be TRUE or FALSE. This
+ control is appropriate for the addRequest, modifyRequest, and
+ modDNRequest LDAP messages.
+
+ The corresponding response control is a LDAP Control whose controlType
+ is IANA-ASSIGNED-OID.2 and whose controlValue is a BER-encoded
+ SearchResultEntry. The criticality may be TRUE or FALSE. This
+ control is appropriate for the addResponse, modifyResponse, and
+ modDNResponse LDAP messages with a resultCode of success (0).
+
+ When the request control is attached to an appropriate update LDAP
+ request, the control requests the return of a copy of target entry
+ after the application of the update. The AttributeSelection
+ indicates, as discussed in [Protocol][RFC3673], which attributes are
+ requested to appear in the copy. The server is to return a
+ SearchResultEntry containing, subject to access controls and other
+ constraints, values of the requested attributes.
+
+ The normal processing of the update operation and the processing of
+ this control MUST be performed as one atomic action isolated from
+ other update operations.
+
+ If the update operation fails (in either normal or control
+ processing), no response control is provided.
+
+
+4. Interaction with other controls
+
+ The Pre-Read and Post-Read controls may be combined with each other
+ and/or with a variety of other controls. When combined with the
+ assertion control [Assertion] and/or the manageDsaIT control
+ [RFC3296], the semantics of each control included in the combination
+ apply. The Pre-Read and Post-Read controls may be combined with other
+ controls as detailed in other technical specifications.
+
+
+5. Security Considerations
+
+ The controls defined in this document extend update operations to
+ support read capabilities. Servers MUST ensure that the client is
+ authorized both for reading of the information provided in this
+ control in addition to ensuring the client is authorized to perform
+ the requested directory update.
+
+
+
+Zeilenga LDAP Read Entry Controls [Page 4]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-readentry-04 10 February 2005
+
+
+ Security considerations for the update operations [Protocol] extended
+ by this control, as well as general LDAP security considerations
+ [Roadmap], generally apply to implementation and use of this extension
+
+
+6. IANA Considerations
+
+ Registration of the following protocol values [BCP64bis] is requested.
+
+
+6.1. Object Identifier
+
+ It is requested that IANA register an LDAP Object Identifier to
+ identify LDAP protocol elements defined in this document.
+
+ Subject: Request for LDAP Object Identifier Registration
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+ Identifies the LDAP Read Entry Controls
+
+
+6.2. LDAP Protocol Mechanisms
+
+ It is requested that IANA register the LDAP Protocol Mechanism
+ described in this document.
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID.1
+ Description: LDAP Pre-read Control
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at openldap.org>
+ Usage: Control
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments: none
+ in 2
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID.2
+ Description: LDAP Post-read Control
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at openldap.org>
+ Usage: Control
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+
+
+Zeilenga LDAP Read Entry Controls [Page 5]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-readentry-04 10 February 2005
+
+
+ Comments: none
+
+
+7. Acknowledgment
+
+ The LDAP Pre-Read and Post-Read controls are modeled after similar
+ capabilities offered in the DAP [X.511].
+
+
+8. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+8.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+ [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+ [Models] Zeilenga, K. (editor), "LDAP: Directory Information
+ Models", draft-ietf-ldapbis-models-xx.txt, a work in
+ progress.
+
+ [RFC3296] Zeilenga, K., "Named Subordinate References in
+ Lightweight Directory Access Protocol (LDAP)
+ Directories", RFC 3296, July 2002.
+
+ [RFC3673] Zeilenga, K., "LDAPv3: All Operational Attributes", RFC
+ 3673, December 2003.
+
+ [Assertion] Zeilenga, K., "LDAP Assertion Control",
+ draft-zeilenga-ldap-assert-xx.txt, a work in progress.
+
+ [X.680] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Abstract
+ Syntax Notation One (ASN.1) - Specification of Basic
+ Notation", X.680(1997) (also ISO/IEC 8824-1:1998).
+
+ [X.690] International Telecommunication Union -
+
+
+
+Zeilenga LDAP Read Entry Controls [Page 6]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-readentry-04 10 February 2005
+
+
+ Telecommunication Standardization Sector, "Specification
+ of ASN.1 encoding rules: Basic Encoding Rules (BER),
+ Canonical Encoding Rules (CER), and Distinguished
+ Encoding Rules (DER)", X.690(1997) (also ISO/IEC
+ 8825-1:1998).
+
+
+8.2. Informative References
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+ [EntryUUID] Zeilenga, K., "The LDAP EntryUUID Operational
+ Attribute", draft-zeilenga-ldap-uuid-xx.txt, a work in
+ progress.
+
+ [X.511] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The
+ Directory: Abstract Service Definition", X.511(1993)
+ (also ISO/IEC 9594-3:1993).
+
+
+10. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+
+
+Zeilenga LDAP Read Entry Controls [Page 7]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-readentry-04 10 February 2005
+
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2005). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga LDAP Read Entry Controls [Page 8]
+�
+
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-t-f-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-t-f-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-t-f-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,340 @@
+
+
+
+
+
+INTERNET-DRAFT Kurt D. Zeilenga
+Intended Category: Standard Track OpenLDAP Foundation
+Expires in six months 10 February 2005
+
+
+
+ LDAP Absolute True and False Filters
+ <draft-zeilenga-ldap-t-f-10.txt>
+
+
+Status of this Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor as a Standard Track document.
+ Distribution of this memo is unlimited. Technical discussion of this
+ document will take place on the IETF LDAP Extensions mailing list
+ <ldapext at ietf.org>. Please send editorial comments directly to the
+ author <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, I accept the provisions of Section
+ 4 of RFC 3667. By submitting this Internet-Draft, I certify that any
+ applicable patent or other IPR claims of which I am aware have been
+ disclosed, or will be disclosed, and any of which I become aware will
+ be disclosed, in accordance with RFC 3668.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2005). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+
+
+
+Zeilenga LDAP True & False Filters [Page 1]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-t-f-10.txt 10 February 2005
+
+
+Abstract
+
+ This document extends the Lightweight Directory Access Protocol (LDAP)
+ to support absolute True and False filters based upon similar
+ capabilities found in X.500 directory systems. The document also
+ extends the String Representation of LDAP Search Filters to support
+ these filters.
+
+
+1. Background
+
+ The X.500 Directory Access Protocol (DAP) [X.511] supports absolute
+ True and False assertions. An 'and' filter with zero elements always
+ evaluates to True. An 'or' filter with zero elements always evaluates
+ to False. These filters are commonly used when requesting DSA-
+ specific Entries (DSEs) which do not necessarily have 'objectClass'
+ attributes. That is, where "(objectClass=*)" may evaluate to False.
+
+ While LDAPv2 [RFC1777][RFC3494] placed no restriction on the number of
+ elements in 'and' and 'or' filter sets, the LDAPv2 string
+ representation [RFC1960][RFC3494] could not represent empty 'and' and
+ 'or' filter sets. Due to this, absolute True or False filters were
+ (unfortunately) eliminated from LDAPv3 [Roadmap].
+
+ This documents extends LDAPv3 to support absolute True and False
+ assertions by allowing empty 'and' and 'or' in Search filters
+ [Protocol] and extends the filter string representation [Filters] to
+ allow empty filter lists.
+
+ It is noted that certain search operations, such as those used to
+ retrieve subschema information [Models], require use of particular
+ filters. This document does not change these requirements.
+
+ This feature is intended to allow a more direct mapping between DAP
+ and LDAP (as needed to implement DAP-to-LDAP gateways).
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+
+2. Absolute True and False Filters
+
+ Implementations of this extension SHALL allow 'and' and 'or' choices
+ with zero filter elements.
+
+ An 'and' filter consisting of an empty set of filters SHALL evaluate
+ to True. This filter is represented by the string "(&)".
+
+
+
+Zeilenga LDAP True & False Filters [Page 2]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-t-f-10.txt 10 February 2005
+
+
+ An 'or' filter consisting of an empty set of filters SHALL evaluate to
+ False. This filter is represented by the string "(|)".
+
+ Servers supporting this feature SHOULD publish the Object Identifier
+ 1.3.6.1.4.1.4203.1.5.3 as a value of the 'supportedFeatures' [RFC3674]
+ attribute in the root DSE.
+
+ Clients supporting this feature SHOULD NOT use the feature unless they
+ have knowledge the server supports it.
+
+
+3. Security Considerations
+
+ The (re)introduction of absolute True and False filters is not
+ believed to raise any new security considerations.
+
+ Implementors of this (or any) LDAPv3 extension should be familiar with
+ general LDAPv3 security considerations [Roadmap].
+
+
+4. IANA Considerations
+
+ Registration of this feature is requested [BCP64bis].
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: 1.3.6.1.4.1.4203.1.5.3
+ Description: True/False filters
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at openldap.org>
+ Usage: Feature
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+ This OID was assigned [ASSIGN] by OpenLDAP Foundation, under its
+ IANA-assigned private enterprise allocation [PRIVATE], for use in this
+ specification.
+
+
+5. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+ <Kurt at OpenLDAP.org>
+
+
+6. References
+
+
+
+
+Zeilenga LDAP True & False Filters [Page 3]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-t-f-10.txt 10 February 2005
+
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+6.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+ [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+ [Models] Zeilenga, K. (editor), "LDAP: Directory Information
+ Models", draft-ietf-ldapbis-models-xx.txt, a work in
+ progress.
+
+ [Filters] Smith, M. (editor), LDAPbis WG, "LDAP: String
+ Representation of Search Filters",
+ draft-ietf-ldapbis-filter-xx.txt, a work in progress.
+
+ [Features] Zeilenga, K., "Feature Discovery in LDAP", RFC 3674,
+ December 2003.
+
+
+6.2. Informative References
+
+ [RFC1777] Yeong, W., Howes, T., and S. Kille, "Lightweight
+ Directory Access Protocol", RFC 1777, March 1995.
+
+ [RFC1960] Howes, T., "A String Representation of LDAP Search
+ Filters", RFC 1960, June 1996.
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+ [RFC3494] Zeilenga, K., "Lightweight Directory Access Protocol
+ version 2 (LDAPv2) to Historic Status", RFC 3494, March
+ 2003.
+
+ [X.500] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Overview of concepts, models and services,"
+ X.500(1993) (also ISO/IEC 9594-1:1994).
+
+
+
+Zeilenga LDAP True & False Filters [Page 4]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-t-f-10.txt 10 February 2005
+
+
+ [X.501] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
+
+ [X.511] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The
+ Directory: Abstract Service Definition", X.511(1993)
+ (also ISO/IEC 9594-3:1993).
+
+ [ASSIGN] OpenLDAP Foundation, "OpenLDAP OID Delegations",
+ http://www.openldap.org/foundation/oid-delegate.txt.
+
+ [PRIVATE] IANA, "Private Enterprise Numbers",
+ http://www.iana.org/assignments/enterprise-numbers.
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2005). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+
+
+
+Zeilenga LDAP True & False Filters [Page 5]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-t-f-10.txt 10 February 2005
+
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga LDAP True & False Filters [Page 6]
+�
+
+
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-turn-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-turn-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-turn-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,507 @@
+
+
+
+
+
+
+INTERNET-DRAFT Kurt D. Zeilenga
+Intended Category: Experimental OpenLDAP Foundation
+Expires in six months 28 October 2005
+
+
+
+ LDAP Turn Operation
+ <draft-zeilenga-ldap-turn-03.txt>
+
+
+1. Status of this Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor for publication as an
+ Experimental document. Distribution of this memo is unlimited.
+ Technical discussion of this document will take place on the IETF LDAP
+ Extensions mailing list <ldapext at ietf.org>. Please send editorial
+ comments directly to the author <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware have
+ been or will be disclosed, and any of which he or she becomes aware
+ will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2005). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+Abstract
+
+
+
+
+Zeilenga LDAP Turn Op [Page 1]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-turn-03 28 October 2005
+
+
+ This specification describes a Lightweight Directory Access Protocol
+ (LDAP) extended operation to reverse (or "turn") the roles of client
+ and server for subsequent protocol exchanges in the session, or to
+ enable each peer to act as both client and server with respect to the
+ other.
+
+
+1. Background and Intent of Use
+
+ The Lightweight Directory Access Protocol (LDAP) [Roadmap][Protocol]
+ is a client-server protocol which typically operates over reliable
+ octet-stream transports such as the Transport Control Protocol (TCP).
+ Generally, the client initiates the stream by connecting to the
+ server's listener at some well-known address.
+
+ There are cases where it is desirable for the server to initiate the
+ stream. While it certainly is possible to write a technical
+ specification detailing how to implement server-initiated LDAP
+ sessions, this would require the design of new authentication and
+ other security mechanisms to support server-initiated LDAP sessions.
+
+ Instead, this document introduces an operation, the Turn operation,
+ which may be used to reverse the client-servers roles of the protocol
+ peers. This allows the initiating protocol peer to become server
+ (after the reversal).
+
+ As an additional feature, the Turn operation may be used to allow both
+ peers to act in both roles. This is useful where both peers are
+ directory servers that desire to request, as LDAP clients, operations
+ be performed by the other. This may be useful in replicated and/or
+ distributed environments.
+
+ This operation is intended to be used between protocol peers which
+ have established a mutual agreement, by means outside of the protocol,
+ which requires reversal of client-server roles, or allows both peers
+ to act both as client and server.
+
+
+1.1 Terminology
+
+ Protocol elements are described using ASN.1 [X.680] with implicit
+ tags. The term "BER-encoded" means the element is to be encoded using
+ the Basic Encoding Rules [X.690] under the restrictions detailed in
+ Section 5.2 of [Protocol].
+
+
+2. Turn Operation
+
+
+
+
+Zeilenga LDAP Turn Op [Page 2]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-turn-03 28 October 2005
+
+
+ The Turn operation is defined as a LDAP Extended Operation [Protocol,
+ Section 4.12] identified by the IANA-ASSIGNED-OID. The function of
+ the Turn Operation is to request that the client-server roles be
+ reversed, or, optionally to request that both protocol peers to be
+ able to act both as client and server in respect to the other.
+
+
+2.1. Turn Request
+
+ The Turn request is an ExtendedRequest with the requestName field
+ containing the IANA-ASSIGNED-OID and a requestValue field is a
+ BER-encoded turnValue:
+
+ turnValue ::= SEQUENCE {
+ mutual BOOLEAN DEFAULT FALSE,
+ identifier LDAPString
+ }
+
+ A TRUE mutual field value indicates a request to allow both peers to
+ act both as client and server. A FALSE mutual field value indicates a
+ request to reserve the client and server roles.
+
+ The value of the identifier field is a locally-defined policy
+ identifier (typically associated with a mutual agreement for which
+ this turn is be executed as part of).
+
+
+2.2. Turn Response
+
+ A Turn response is an ExtendedResponse where the responseName and
+ responseValue fields are absent. A resultCode of success is returned
+ if and only if the responder is willing and able to turn the session
+ as requested. Otherwise, a different resultCode is returned.
+
+
+3. Authentication
+
+ This extension's authentication model assumes separate authentication
+ of the peers in each of their roles. A separate Bind exchange is
+ expected between the peers in their new roles to establish identities
+ in these roles.
+
+ Upon completion of the Turn, the responding peer in its new client
+ role has an anonymous association at the initiating peer in its new
+ server role. If the turn was mutual, the authentication association
+ of the initiating peer in its pre-existing client role is left intact
+ at the responding peer in its pre-existing server role. If the turn
+ was not mutual, this association is void.
+
+
+
+Zeilenga LDAP Turn Op [Page 3]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-turn-03 28 October 2005
+
+
+ The responding peer may establish its identity in its client role by
+ requesting and successfully completing a Bind operation.
+
+ The remainder of this section discuss some authentication scenarios.
+ In the protocol exchange illustrations, A refers to the initiating
+ peer (the original client) and B refers to the responding peer (the
+ original server).
+
+3.1. Use with TLS and Simple Authentication
+
+ A->B: StartTLS Request
+ B->A: StartTLS(success) Response
+ A->B: Bind(Simple(cn=B,dc=example,dc=net,B's secret)) Request
+ B->A: Bind(success) Response
+ A->B: Turn(TRUE,"XXYYZ") Request
+ B->A: Turn(success) Response
+ A->B: Bind(Simple(DN/Password)) Request
+ B->A: Bind(Simple(cn=A,dc=example,dc=net,A's secret)) Request
+ A->B: Bind(success) Response
+
+ In this scenario, TLS (Transport Layer Security) [TLS] is started and
+ the initiating peer (the original client) establishes its identity
+ with the responding peer prior to the Turn using the the DN/password
+ mechanism of the Simple method of the Bind operation. After the turn,
+ the responding peer in its new client role establishes its identity
+ with the initiating peer in its new server role.
+
+
+3.2. Use with TLS and SASL EXTERNAL
+
+ A->B: StartTLS Request
+ B->A: StartTLS(success) Response
+ A->B: Bind(SASL(EXTERNAL)) Request
+ B->A: Bind(success) Response
+ A->B: Turn(TRUE,"XXYYZ") Request
+ B->A: Turn(success) Response
+ B->A: Bind(SASL(EXTERNAL)) Request
+ A->B: Bind(success) Response
+
+ In this scenario, TLS is started prior with each peer providing a
+ valid certificate and the initiating peer (the original client)
+ establishes its identity through the use of the EXTERNAL mechanism of
+ the SASL (Simple Authentication and Security Layer) [SASL] method of
+ the Bind operation prior to the Turn. After the turn, the responding
+ peer in its new client role establishes its identity with the
+ initiating peer in its new server role.
+
+
+
+
+
+Zeilenga LDAP Turn Op [Page 4]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-turn-03 28 October 2005
+
+
+3.3. Use of mutual authentication and SASL EXTERNAL
+
+ A number of SASL mechanisms, such as GSSAPI [GSSAPI] and DIGEST-MD5
+ [DIGEST-MD5], support mutual authentication. The initiating peer, it
+ its new server role, may use the identity of the responding peer
+ established by a prior authentication exchange, as its source for
+ "external" identity in subsequent EXTERNAL exchange.
+
+ A->B: Bind(SASL(GSSAPI)) Request
+ <intermediate messages>
+ B->A: Bind(success) Response
+ A->B: Turn(TRUE,"XXYYZ") Request
+ B->A: Turn(success) Response
+ B->A: Bind(SASL(EXTERNAL)) Request
+ A->B: Bind(success) Response
+
+ In this scenario, a GSSAPI mutual-authentication exchange is completed
+ between the initiating peer (the original client) and the the
+ responding server (the original server) prior to the turn. After the
+ turn, the responding peer in its new client role requests the
+ initiating peer utilize an "external" identity to establish its LDAP
+ authorization identity.
+
+
+4. TLS and SASL security layers
+
+ As described in [Protocol], LDAP supports both Transport Layer
+ Security (TLS) [TLS] and Simple Authentication and Security Layer
+ (SASL) [SASL] security frameworks. The following table illustrates
+ the relationship between the LDAP message layer, SASL layer, TLS
+ layer, and transport connection within an LDAP session.
+
+ +----------------------+
+ | LDAP message layer |
+ +----------------------+ > LDAP PDUs
+ +----------------------+ < data
+ | SASL layer |
+ +----------------------+ > SASL-protected data
+ +----------------------+ < data
+ | TLS layer |
+ Application +----------------------+ > TLS-protected data
+ ------------+----------------------+ < data
+ Transport | transport connection |
+ +----------------------+
+
+ This extension does not alter this relationship, nor does it remove
+ the general restriction against multiple TLS layers, nor does it
+ remove the general restriction against multiple SASL layers.
+
+
+
+Zeilenga LDAP Turn Op [Page 5]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-turn-03 28 October 2005
+
+
+ As specified in [Protocol], the StartTLS operation is used to initiate
+ negotiation of a TLS layer. If a TLS is already installed, the
+ StartTLS operation must fail. Upon establishment of the TLS layer,
+ regardless of which peer issued the request to start TLS, the peer
+ which initiated the LDAP session (the original client) performs the
+ "server identity check" as described in Section 3.1.5 of [AuthMeth]
+ treating itself as the "client" and its peer as the "server".
+
+ As specified in [SASL], newly negotiated SASL security layer replace
+ the installed SASL security layer. Though the client/server roles in
+ LDAP, and hence SASL, may be reversed in subsequent exchanges, only
+ one SASL security layer may be installed at any instance.
+
+
+5. Security Considerations
+
+ Implementors should be aware that the reversing of client/server roles
+ and/or allowing both peers to act as client and server likely
+ introduces security considerations not foreseen by the authors of this
+ document. In particular, the security implications of the design
+ choices made in the authentication and data security models for this
+ extension (discussed in sections 3 and 4, respectively) are not fully
+ studied. It is hoped that experimentation with this extension will
+ lead to better understanding of the security implications of these
+ models and other aspects of this extension, and that appropriate
+ considerations will be documented in a future document. The following
+ security considerations are apparent at this time.
+
+ Implementors should take special care to process LDAP, SASL, TLS, and
+ other events the appropriate roles for the peers. It is noted that
+ while the Turn reverses the client/server roles with LDAP, and in SASL
+ authentication exchanges, it does not reverse the roles within the TLS
+ layer or the transport connection.
+
+ The responding server (the original server) should restrict use of
+ this operation to authorized clients. Client knowledge of a valid
+ identifier should not be the sole factor in determining authorization
+ to turn.
+
+ Where the peers except to establish TLS, TLS should be started prior
+ to the Turn and any request to authenticate via the Bind operation.
+
+ LDAP security considerations [Protocol][AuthMeth] generally apply to
+ this extension.
+
+
+6. IANA Considerations
+
+
+
+
+Zeilenga LDAP Turn Op [Page 6]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-turn-03 28 October 2005
+
+
+ Registration of the following values [BCP64bis] is requested.
+
+
+6.1. Object Identifier
+
+ It is requested that IANA assign an LDAP Object Identifier to identify
+ the LDAP Turn Operation as defined in this document.
+
+ Subject: Request for LDAP Object Identifier Registration
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Specification: RFC XXXX
+ Author/Change Controller: Author
+ Comments:
+ Identifies the LDAP Turn Operation
+
+
+6.2. LDAP Protocol Mechanism
+
+ It is requested that IANA register the LDAP Protocol Mechanism
+ described in this document.
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: IANA-ASSIGNED-OID
+ Description: LDAP Turn Operation
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at openldap.org>
+ Usage: Extended Operation
+ Specification: RFC XXXX
+ Author/Change Controller: Author
+ Comments: none
+
+
+7. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+8. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+
+
+
+Zeilenga LDAP Turn Op [Page 7]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-turn-03 28 October 2005
+
+
+8.1. Normative References
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+ [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+ [AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods and
+ Connection Level Security Mechanisms",
+ draft-ietf-ldapbis-authmeth-xx.txt, a work in progress.
+
+ [SASL] Melnikov, A. (Editor), "Simple Authentication and
+ Security Layer (SASL)",
+ draft-ietf-sasl-rfc2222bis-xx.txt, a work in progress.
+
+ [TLS] Dierks, T. and, E. Rescorla, "The TLS Protocol Version
+ 1.1", draft-ietf-tls-rfc2246-bis-xx.txt, a work in
+ progress.
+
+ [X.680] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Abstract
+ Syntax Notation One (ASN.1) - Specification of Basic
+ Notation", X.680(2002) (also ISO/IEC 8824-1:2002).
+
+ [X.690] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Specification
+ of ASN.1 encoding rules: Basic Encoding Rules (BER),
+ Canonical Encoding Rules (CER), and Distinguished
+ Encoding Rules (DER)", X.690(2002) (also ISO/IEC
+ 8825-1:2002).
+
+
+8.2. Informative References
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+ [GSSAPI] Linn, J., "Generic Security Service
+ Application Program Interface, Version 2, Update 1", RFC
+ 2743, January 2000.
+
+ [DIGEST-MD5] Leach, P., C. Newman, and A. Melnikov, "Using Digest
+ Authentication as a SASL Mechanism",
+ draft-ietf-sasl-rfc2831bis-xx.txt, a work in progress.
+
+
+
+
+
+Zeilenga LDAP Turn Op [Page 8]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-turn-03 28 October 2005
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2005).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+Zeilenga LDAP Turn Op [Page 9]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-txn-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-txn-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-txn-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,507 @@
+
+
+
+
+
+
+INTERNET-DRAFT Kurt D. Zeilenga
+Intended Category: Standard Track OpenLDAP Foundation
+Expires in six months 5 March 2006
+
+
+ LDAP Transactions
+ <draft-zeilenga-ldap-txn-07.txt>
+
+
+Status of Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the IESG for consideration as a Proposed
+ Standard. Distribution of this memo is unlimited. Technical
+ discussion of this document will take place on the IETF LDAP
+ Extensions mailing list <ldapext at ietf.org>. Please send editorial
+ comments directly to the author <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware have
+ been or will be disclosed, and any of which he or she becomes aware
+ will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2006). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+Abstract
+
+ Lightweight Directory Access Protocol (LDAP) update operations, such
+
+
+
+Zeilenga LDAP Transactions [Page 1]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-txn-07 5 March 2006
+
+
+ as Add, Delete, and Modify operations, have atomic, consistency,
+ isolation, durability (ACID) properties. Each of these update
+ operations act upon an entry. However, It is often desirable to
+ update two or more entries in a single unit of interaction, a
+ transaction. Transactions are necessary to support a number of
+ applications including resource provisioning and information
+ replication. This document defines an LDAP extension to support
+ transactions.
+
+
+1. Overview
+
+ This document extends the Lightweight Directory Access Protocol (LDAP)
+ [Roadmap] to allow clients to group a number of related update
+ operations [Protocol] and have them preformed as one unit of
+ interaction, a transaction. As with distinct update operations, each
+ transaction has atomic, consistency, isolation, and durability
+ ([ACID]) properties.
+
+ This extension consists of two extended operations, one control, and
+ one unsolicited notification message. The Start Transaction operation
+ is used to obtain a transaction identifier. This identifier is then
+ attached to multiple update operations to indicate that they belong to
+ transaction using the Transaction Specification control. The End
+ Transaction is used to settle (commit or abort) the transaction. The
+ Aborted Tranaction Notice is used notify the client the server is no
+ longer willing or able to process an outstanding transaction.
+
+
+1.1. Conventions and Terminology
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+ Protocol elements are described using ASN.1 [X.680] with implicit
+ tags. The term "BER-encoded" means the element is to be encoded using
+ the Basic Encoding Rules [X.690] under the restrictions detailed in
+ Section 5.2 of [Protocol].
+
+ DSA stands for "Directory System Agent" (a server). DSE stands for
+ "DSA-specific entry".
+
+
+2. Elements of an LDAP Transaction
+
+2.1. Start Transaction Request and Response
+
+
+
+
+Zeilenga LDAP Transactions [Page 2]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-txn-07 5 March 2006
+
+
+ A Start Transaction Request is an LDAPMessage of CHOICE extendedReq
+ where the requestName is IANA-ASSIGNED-OID.1 and the requestValue is
+ absent.
+
+ A Start Transaction Response is an LDAPMessage of CHOICE extendedRes
+ sent in response to a Start Transaction Request. Its responesName is
+ absent. When the resultCode is success, responseValue is present and
+ contains a transaction identifier. Otherwise, the responseValue is
+ absent.
+
+
+2.2. Transaction Specification Control
+
+ A Transaction Specification Control is an LDAPControl where the
+ controlType is IANA-ASSIGNED-OID.2, the criticality is TRUE, and the
+ controlValue is a transaction identifer. The control is appropriate
+ for update requests including Add, Delete, Modify, and ModifyDN
+ requests [Protocol].
+
+2.3. End Transactions Request and Response
+
+ An End Transaction Request is an LDAPMessage of CHOICE extendedReq
+ where the requestName is IANA-ASSIGNED-OID.3 and the requestValue is
+ present and contains a BER-encoded settlementValue.
+
+ settlementValue ::= SEQUENCE {
+ commit BOOLEAN DEFAULT TRUE,
+ identifier OCTET STRING }
+
+ A commit value of TRUE indicates a request to commit the transaction
+ identified by the identifier. A commit value of FALSE indicates a
+ request to abort the identified transaction.
+
+ An End Transaction Response is an LDAPMessage sent in response to a
+ End Transaction Request. Its response name is absent. The
+ responseValue when present contains a BER-encoded MessageID.
+
+
+2.5. Aborted Transaction Notice
+
+ The Aborted Transaction Notice is an Unsolicited Notification message
+ where the responseName is IANA-ASSIGNED-OID.4 and responseValue is
+ present and contains a transaction identifier.
+
+
+3. An LDAP Transaction
+
+3.1. Extension Discovery
+
+
+
+Zeilenga LDAP Transactions [Page 3]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-txn-07 5 March 2006
+
+
+ To allow clients to discover support for this extension, servers
+ implementing this specification SHOULD publish IANA-ASSIGNED-OID.1 and
+ IANA-ASSIGNED-OID.3 as values of the 'supportedExtension' attribute
+ [Models] within the Root DSE, and publish the IANA-ASSIGNED-OID.2 as a
+ value of the 'supportedControl' attribute [Models] of the Root DSE.
+
+ A server MAY choose to advertise this extension only when the client
+ is authorized to use it.
+
+
+3.2. Starting an Transactions
+
+ A client wishing to preform a sequence of directory updates as an
+ transaction issues a Start Transaction Request. A server which is
+ willing and able to support transactions responds to this request with
+ a Start Transaction Response providing a transaction identifier and
+ with a resultCode of success. Otherwise, the server responds with a
+ Start Transaction Response wth a result code other than success
+ indicating the nature of the failure.
+
+ The transaction identifier provided upon successful start of a
+ transaction is used in subseqent protocol messages to identify this
+ transaction.
+
+
+3.3. Specification of a Transaction
+
+ The client then may issue may issue one or more update (add, delete,
+ modify, modifyDN) requests, each with a Transaction Specification
+ control containing the transaction identifier indicating the updates
+ are to processed as part of the transaction. Each of these update
+ request MUST have a different MessageId value. If the server is
+ unwilling or unable to attempt to process the requested update
+ operation as part of the transaction, the server immediately returns
+ the approrpiate response to the request with a resultCode indicating
+ the nature of the failure. Otherwise, the server immediately returns
+ success and the defers further processing of the operation is then
+ deferred until settlement.
+
+ If the server becomes unwilling or unable to continue the
+ specification of a transaction, the server issues an Aborted
+ Transaction Notice with a non-success resultCode indicating the nature
+ of the failure. All operations that were to be processed as part of
+ the transaction are implicitly abandoned. Upon receipt of an Aborted
+ Transaction Notice, the client is to discontinue all use of the
+ transaction identifier as the transaction is null and void. Any
+ future use of identifier by the client will result in a response
+ containing a non-success resultCode.
+
+
+
+Zeilenga LDAP Transactions [Page 4]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-txn-07 5 March 2006
+
+
+3.4. Transaction Settlement
+
+ A client requests settlement of transaction by issuing an End
+ Transaction request for the transaction indicating whether it desires
+ the transaction to be committed or aborted.
+
+ Upon receipt of a request to abort the transaction, the server is to
+ abort the identified transaction (abandoning all operations which are
+ part of the transaction) and indicate that it has done so by returning
+ an End Transaction response with a resultCode of success.
+
+ Upon receipt of a request to commit the transaction, the server
+ processes all update operations of the transaction as one atomic,
+ isolated action with each requested update being processed in turn.
+ Either all of the requested updates are to be successfully applied or
+ none of the requested are to be applied. The server returns an End
+ Transaction Response with a resultCode of success and no responseValue
+ to indicate all the requested updates were applied. Otherwise, the
+ server returns an End Transaction with an non-success resultCode
+ indicating the nature of the failure. If the failure is associated
+ with a particular update request, a responseValue containing its
+ MessageID is returned. If the failure was not associated with any
+ particular update request, no responseValue is returned.
+
+ There is no requirement that a server serialize transactions, or
+ updates requested outside of a transaction. That is, a server MAY
+ process multiple commit requests (from one or more clients) acting
+ upon different sets of entries concurrently. A server MUST avoid
+ deadlock.
+
+
+4. Distributed Directory Considerations
+
+ The LDAP/X.500 models provide for distributed directory operations
+ including server-side chaining and client-side chasing of operations.
+
+ This document does not preclude servers from chaining operations which
+ are part of a transaction. However, if a server does allow such
+ chaining, it MUST ensure that transaction semantics are provided.
+
+ This mechanism defined by this document does not support client-side
+ chasing. Grouping cookies used to identify the transaction are
+ specific to a particular client/server session.
+
+ The LDAP/X.500 models provide for a single-master/multiple-shadow
+ replication architecture. This document states no requirement that
+ changes made to the directory based upon processing a transaction be
+ replicated as one atomic action. That is, the client SHOULD NOT
+
+
+
+Zeilenga LDAP Transactions [Page 5]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-txn-07 5 March 2006
+
+
+ assume tight data consistency nor fast data convergence at shadow
+ servers unless they have prior knowledge that such service is
+ provided. Though this mechanism could be used to support replication,
+ use in replication is not described in this document.
+
+ The LDAP/X.500 models do not currently support a multi-master
+ replication architecture and, hence, not considered by this
+ specification.
+
+
+5. Security Considerations
+
+ Transactions mechanisms may be the target of denial of service
+ attacks. Implementors should provide safeguards to ensure these
+ mechanisms are not abused.
+
+ General security considerations [Roadmap], especially associated with
+ update operations [Protocol], apply to this extension.
+
+
+6. IANA Considerations
+
+ In accordance with [BCP64bis], it is requested that Internet Assigned
+ Numbers Authority (IANA) make the following assignments.
+
+
+6.1. Object Identifier
+
+ Assignment of an LDAP Object Identifier to identify the protocol
+ elements specified in this document this document is requested.
+
+ Subject: Request for LDAP Object Identifier Registration
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments: Identifies protocol elements for LDAP Transactions
+
+
+6.2. LDAP Protocol Mechanism
+
+ Registration of the protocol mechanisms specified in this document is
+ requested.
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: see table
+ Description: see table
+ Person & email address to contact for further information:
+
+
+
+Zeilenga LDAP Transactions [Page 6]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-txn-07 5 March 2006
+
+
+ Kurt Zeilenga <kurt at openldap.org>
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+
+ Object Identifier Type Description
+ ------------------- ---- -----------------------------------------
+ IANA-ASSIGNED-OID.1 E Start Transaction Extended Request
+ IANA-ASSIGNED-OID.2 C Transaction Specification Control
+ IANA-ASSIGNED-OID.3 E End Transaction Extended Request
+
+
+7. Acknowledgments
+
+ The author gratefully acknowledges the contributions made by members
+ of the Internet Engineering Task Force.
+
+
+8. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+9. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+9.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+ [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+ [Models] Zeilenga, K. (editor), "LDAP: Directory Information
+ Models", draft-ietf-ldapbis-models-xx.txt, a work in
+ progress.
+
+
+
+Zeilenga LDAP Transactions [Page 7]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-txn-07 5 March 2006
+
+
+ [X.680] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Abstract
+ Syntax Notation One (ASN.1) - Specification of Basic
+ Notation", X.680(2002) (also ISO/IEC 8824-1:2002).
+
+ [X.690] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Specification
+ of ASN.1 encoding rules: Basic Encoding Rules (BER),
+ Canonical Encoding Rules (CER), and Distinguished
+ Encoding Rules (DER)", X.690(2002) (also ISO/IEC
+ 8825-1:2002).
+
+
+9.2. Informative References
+
+ [ACID] Section 4 of ISO/IEC 10026-1:1992.
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+ [X.500] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Overview of concepts, models and services,"
+ X.500(1993) (also ISO/IEC 9594-1:1994).
+
+ [X.501] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+
+
+Zeilenga LDAP Transactions [Page 8]
+�
+INTERNET-DRAFT draft-zeilenga-ldap-txn-07 5 March 2006
+
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga LDAP Transactions [Page 9]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-uuid-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-uuid-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-uuid-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,451 @@
+
+
+
+
+
+
+INTERNET-DRAFT Kurt D. Zeilenga
+Intended Category: Standard Track OpenLDAP Foundation
+Expires in six months 18 July 2005
+
+
+
+ The LDAP entryUUID operational attribute
+ <draft-zeilenga-ldap-uuid-06.txt>
+
+
+
+Status of this Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor as an Standard Track document.
+ Distribution of this memo is unlimited. Technical discussion of this
+ document will take place on the IETF LDAP Extensions mailing list
+ <ldapext at ietf.org>. Please send editorial comments directly to the
+ author <Kurt at OpenLDAP.org>.
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware have
+ been or will be disclosed, and any of which he or she becomes aware
+ will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2005). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+Abstract
+
+
+
+Zeilenga draft-zeilenga-ldap-uuid-06 [Page 1]
+�
+INTERNET-DRAFT LDAP entryUUID 18 July 2005
+
+
+ This document describes the LDAP/X.500 'entryUUID' operational
+ attribute and associated matching rules and syntax. The attribute
+ holds a server-assigned Universally Unique Identifier (UUID) for the
+ object. Directory clients may use this attribute to distinguish
+ objects identified by a distinguished name or to locate an object
+ after renaming.
+
+
+1. Background and Intended Use
+
+ In X.500 Directory Services [X.501], such as those accessible using
+ the Lightweight Directory Access Protocol (LDAP) [Roadmap], an object
+ is identified by its distinguished name (DN). However, DNs are not
+ stable identifiers. That is, a new object may be identified by a DN
+ which previously identified another (now renamed or deleted) object.
+
+ A Universally Unique Identifier (UUID) is "an identifier unique across
+ both space and time, with respect to the space of all UUIDs"
+ [UUIDURN]. UUIDs are used in a wide range of systems.
+
+ This document describes the 'entryUUID' operational attribute which
+ holds the UUID assigned to the object by the server. Clients may use
+ this attribute to distinguish objects identified by a particular
+ distinguished name or to locate a particular object after renaming.
+
+ This document defines the UUID syntax, the 'uuidMatch' and
+ 'uuidOrderingMatch' matching rules, and the 'entryUUID' attribute
+ type.
+
+ Schema definitions are provided using LDAP description formats
+ [Models]. Definitions provided here are formatted (line wrapped) for
+ readability.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+
+2. UUID Schema Elements
+
+2.1 UUID Syntax
+
+ A Universally Unique Identifier (UUID) [UUIDURN] is a 16-octet
+ (128-bit) value which identifies an object. The ASN.1 [X.680] type
+ UUID is defined to represent UUIDs as follows:
+
+ UUID ::= OCTET STRING (SIZE(16))
+ -- constrained to an UUID [UUIDURN]
+
+
+
+Zeilenga draft-zeilenga-ldap-uuid-06 [Page 2]
+�
+INTERNET-DRAFT LDAP entryUUID 18 July 2005
+
+
+ In LDAP, UUID values are encoded using the [ASCII] character string
+ representation described in [UUIDURN]. For example,
+ "597ae2f6-16a6-1027-98f4-d28b5365dc14".
+
+ The following is a LDAP syntax description suitable for publication in
+ subschema subentries.
+
+ ( IANA-ASSIGNED-OID.1 DESC 'UUID' )
+
+
+2.2 'uuidMatch' Matching Rule
+
+ The 'uuidMatch' matching rule compares an asserted UUID with a stored
+ UUID for equality. Its semantics are same as the 'octetStringMatch'
+ [X.520][Syntaxes] matching rule. The rule differs from
+ 'octetStringMatch' in that the assertion value is encoded using the
+ UUID string representation instead of the normal OCTET STRING string
+ representation.
+
+ The following is a LDAP matching rule description suitable for
+ publication in subschema subentries.
+
+ ( IANA-ASSIGNED-OID.2 NAME 'uuidMatch'
+ SYNTAX IANA-ASSIGNED-OID.1 )
+
+
+2.3 'uuidOrderingMatch' Matching Rule
+
+ The 'uuidOrderingMatch' matching rule compares an asserted UUID
+ with a stored UUID for ordering. Its semantics are the same as the
+ 'octetStringOrderingMatch' [X.520][Syntaxes] matching rule. The
+ rule differs from 'octetStringOrderingMatch' in that the assertion
+ value is encoded using the UUID string representation instead of
+ the normal OCTET STRING string representation.
+
+ The following is a LDAP matching rule description suitable for
+ publication in subschema subentries.
+
+ ( IANA-ASSIGNED-OID.3 NAME 'uuidOrderingMatch'
+ SYNTAX IANA-ASSIGNED-OID.1 )
+
+ It is noted that not all UUID variants have a defined ordering and,
+ even where so, servers are not obligated to assign UUIDs in any
+ particular order. This matching rule is provided for completeness.
+
+
+2.4. 'entryUUID' attribute
+
+
+
+
+Zeilenga draft-zeilenga-ldap-uuid-06 [Page 3]
+�
+INTERNET-DRAFT LDAP entryUUID 18 July 2005
+
+
+ The 'entryUUID' operational attribute provides the Universally Unique
+ Identifier (UUID) assigned to the entry.
+
+ The following is a LDAP attribute type description suitable for
+ publication in subschema subentries.
+
+ ( IANA-ASSIGNED-OID.4 NAME 'entryUUID'
+ DESC 'UUID of the entry'
+ EQUALITY uuidMatch
+ ORDERING uuidOrderingMatch
+ SYNTAX IANA-ASSIGNED-OID.1
+ SINGLE-VALUE
+ NO-USER-MODIFICATION
+ USAGE directoryOperation )
+
+ Servers SHALL generate and assign a new UUID to each entry upon its
+ addition to the directory and provide that UUID as the value of the
+ 'entryUUID' operational attribute. An entry's UUID is immutable.
+
+ UUID are to be generated in accordance with Section 4 of [UUIDURN].
+ In particular, servers MUST ensure that each generated UUID is unique
+ in space and time.
+
+
+3. Security Considerations
+
+ An entry's relative distinguish name (RDN) is composed from attribute
+ values of the entry, values which are commonly descriptive of the
+ object the entry represents. While deployers are encouraged to use
+ naming attributes whose values are widely disclosable [LDAPDN],
+ entries are often named using information which cannot be disclosed to
+ all parties. As UUIDs do not contain any descriptive information of
+ the object they identify, UUIDs may be used to identify a particular
+ entry without disclosure of its contents.
+
+ General UUID security considerations [UUIDURN] apply.
+
+ General LDAP security considerations [RFC3377] apply.
+
+
+4. IANA Considerations
+
+ It is requested that IANA register upon Standards Action the LDAP
+ values specified in this document.
+
+
+4.1. Object Identifier Registration
+
+
+
+
+Zeilenga draft-zeilenga-ldap-uuid-06 [Page 4]
+�
+INTERNET-DRAFT LDAP entryUUID 18 July 2005
+
+
+ Subject: Request for LDAP OID Registration
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+ Identifies the UUID schema elements
+
+
+4.2. UUID Syntax Registration
+
+ Subject: Request for LDAP Syntax Registration
+ Object Identifier: IANA-ASSIGNED-OID.1
+ Description: UUID
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+ Identifies the UUID syntax
+
+
+4.3. 'uuidMatch' Descriptor Registration
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): uuidMatch
+ Object Identifier: IANA-ASSIGNED-OID.2
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Usage: Matching Rule
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+
+4.3. 'uuidOrderingMatch' Descriptor Registration
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): uuidOrderingMatch
+ Object Identifier: IANA-ASSIGNED-OID.3
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Usage: Matching Rule
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+
+5.4. 'entryUUID' Descriptor Registration
+
+
+
+
+Zeilenga draft-zeilenga-ldap-uuid-06 [Page 5]
+�
+INTERNET-DRAFT LDAP entryUUID 18 July 2005
+
+
+ It is requested that IANA register upon Standards Action the LDAP
+ 'entryUUID' descriptor.
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): entryUUID
+ Object Identifier: IANA-ASSIGNED-OID.4
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Usage: Attribute Type
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+
+6. Acknowledgments
+
+ This document is based upon discussions in the LDAP Update and
+ Duplication Protocols (LDUP) WG. Members of the LDAP Directorate
+ provided review.
+
+
+7. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+8. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+8.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+ [UUIDURN] Leach, P, M. Mealling, R. Salz, "A UUID URN Namespace",
+ a work in progress.
+
+ [Models] Zeilenga, K. (editor), "LDAP: Directory Information
+
+
+
+Zeilenga draft-zeilenga-ldap-uuid-06 [Page 6]
+�
+INTERNET-DRAFT LDAP entryUUID 18 July 2005
+
+
+ Models", draft-ietf-ldapbis-models-xx.txt, a work in
+ progress.
+
+ [Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
+ draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.
+
+ [ASCII] Coded Character Set--7-bit American Standard Code for
+ Information Interchange, ANSI X3.4-1986.
+
+ [X.501] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
+
+ [X.520] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The
+ Directory: Selected Attribute Types", X.520(1993) (also
+ ISO/IEC 9594-6:1994).
+
+ [X.680] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Abstract
+ Syntax Notation One (ASN.1) - Specification of Basic
+ Notation", X.680(2002) (also ISO/IEC 8824-1:2002).
+
+
+
+8.2. Informative References
+
+ [LDAPDN] Zeilenga, K. (editor), "LDAP: String Representation of
+ Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a
+ work in progress.
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+
+
+
+Zeilenga draft-zeilenga-ldap-uuid-06 [Page 7]
+�
+INTERNET-DRAFT LDAP entryUUID 18 July 2005
+
+
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2005).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga draft-zeilenga-ldap-uuid-06 [Page 8]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-x509-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-x509-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldap-x509-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1403 @@
+
+
+
+
+
+
+INTERNET-DRAFT Kurt D. Zeilenga
+Intended Category: Standard Track OpenLDAP Foundation
+Expires in six months 18 July 2005
+Obsoletes: RFC 2252, RFC 2256, RFC 2587
+
+
+ Lightweight Directory Access Protocol (LDAP) schema
+ definitions for X.509 Certificates
+ <draft-zeilenga-ldap-x509-02.txt>
+
+
+Status of this Memo
+
+ This document is intended to be, after appropriate review and
+ revision, submitted to the RFC Editor as an Standard Track document.
+ Distribution of this memo is unlimited. Technical discussion of this
+ document will take place on the IETF LDAP Extensions mailing list
+ <ldapext at ietf.org>. Please send editorial comments directly to the
+ author <Kurt at OpenLDAP.org>.
+
+ This document is intended to be published in conjunction to the
+ revised LDAP TS [Roadmap]. Together, this document and the revised
+ LDAP TS obsoletes RFC 2252 and RFC 2256 in their entirety.
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware have
+ been or will be disclosed, and any of which he or she becomes aware
+ will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+ Copyright (C) The Internet Society (2005). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 1]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ for more information.
+
+
+Abstract
+
+ This document describes schema for representing X.509 certificates,
+ X.521 security information, and related elements in directories
+ accessible using the Lightweight Directory Access Protocol (LDAP).
+ The LDAP definitions for these X.509 and X.521 schema elements
+ replaces those provided in RFC 2252 and RFC 2256.
+
+
+1. Background and Intended Use
+
+ This document provides LDAP [Roadmap] schema definitions [Models] for
+ a subset of elements specified in X.509 [X.509] and X.521 [X.521],
+ including attribute types for certificates, cross certificate pairs,
+ and certificate revocation lists; matching rules to be used with these
+ attribute types; and related object classes. LDAP syntax definitions
+ are also provided for associated assertion and attribute values.
+
+ As the semantics of these elements are as defined in X.509 and X.521,
+ knowledge of X.509 and X.521 is necessary to make use of the LDAP
+ schema definitions provided herein.
+
+ This document, together with [Roadmap], obsoletes RFC 2252 and RFC
+ 2256 in their entirety. The changes (in this document) made since RFC
+ 2252 and RFC 2256 include:
+ - addition of pkiUser, pkiCA, and deltaCRL classes;
+ - update of attribute types to include equality matching rules in
+ accordance with their X.500 specifications;
+ - addition of certificate, certificate pair, certificate list, and
+ algorithm identifer matching rules; and
+ - addition of LDAP syntax for assertion syntaxes for these matching
+ rules.
+
+ This document obsoletes RFC 2587. The X.509 schema descriptions for
+ LDAPv2 [RFC1777] are Historic, as is LDAPv2 [RFC3494].
+
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+ Schema definitions are provided using LDAP description formats
+ [Models]. Definitions provided here are formatted (line wrapped) for
+ readability.
+
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 2]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+2. Syntaxes
+
+ This section describes various syntaxes used in LDAP to transfer
+ certificates and related data types.
+
+
+2.1. Certificate
+
+ ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'X.509 Certificate' )
+
+ A value of this syntax is an X.509 Certificate [X.509, clause 7].
+
+ Due to changes made to the definition of a Certificate made through
+ time, no LDAP-specific encoding is defined for this syntax. Values of
+ this syntax SHOULD be encoded using Distinguished Encoding Rules (DER)
+ [X.690] and MUST only be transferred using the ;binary transfer option
+ [Binary]. That is, by requesting and returning values using attribute
+ descriptions such as "userCertificate;binary".
+
+ As values of this syntax contain digitally-signed data, values of this
+ syntax, and the form of the value, MUST be preserved as presented.
+
+
+2.2. CertificateList
+
+ ( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'X.509 Certificate List' )
+
+ A value of this syntax is an X.509 CertificateList [X.509, clause
+ 7.3].
+
+ Due to changes made to the definition of a CertificateList made
+ through time, no LDAP-specific encoding is defined for this syntax.
+ Values of this syntax SHOULD be encoded using DER [X.690] and MUST
+ only be transferred using the ;binary transfer option [Binary]. That
+ is, by requesting and returning values using attribute descriptions
+ such as "certificateRevocationList;binary".
+
+ As values of this syntax contain digitally-signed data, values of this
+ syntax, and the form of the value, MUST be preserved as presented.
+
+
+2.3. CertificatePair
+
+ ( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'X.509 Certificate Pair' )
+
+ A value of this syntax is an X.509 CertificatePair [X.509, clause
+ 11.2.3].
+
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 3]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ Due to changes made to the definition of an X.509 CertificatePair made
+ through time, no LDAP-specific encoding is defined for this syntax.
+ Values of this syntax SHOULD be encoded using DER [X.690] and MUST
+ only be transferred using the ;binary transfer option [Binary]. That
+ is, by requesting and returning values using attribute descriptions
+ such as "crossCertificatePair;binary".
+
+ As values of this syntax contain digitally-signed data, values of this
+ syntax, and the form of the value, MUST be preserved as presented.
+
+2.4 SupportedAlgorithm
+
+ ( 1.3.6.1.4.1.1466.115.121.1.49
+ DESC 'X.509 Supported Algorithm' )
+
+ A value of this syntax is an X.509 SupportedAlgorithm [X.509, clause
+ 11.2.7].
+
+ Due to changes made to the definition of an X.509 SupportedAlgorithm
+ made through time, no LDAP-specific encoding is defined for this
+ syntax. Values of this syntax SHOULD be encoded using DER [X.690] and
+ MUST only be transferred using the ;binary transfer option [Binary].
+ That is, by requesting and returning values using attribute
+ descriptions such as "supportedAlgorithms;binary".
+
+ As values of this syntax contain digitally-signed data, values of this
+ syntax, and the form of the value, MUST be preserved as presented.
+
+
+2.5. CertificateExactAssertion
+
+ ( IANA-ASSIGNED-OID.1 DESC 'X.509 Certificate Exact Assertion' )
+
+ A value of this syntax is an X.509 CertificateExactAssertion [X.509,
+ clause 11.3.1]. Values of this syntax MUST be encoded using the
+ Generic String Encoding Rules (GSER) [RFC3641]. Appendix A.1 provides
+ an equivalent Augmented Backus-Naur Form (ABNF) [ABNF] grammar for
+ this syntax.
+
+
+2.6. CertificateAssertion
+
+ ( IANA-ASSIGNED-OID.2 DESC 'X.509 Certificate Assertion' )
+
+ A value of this syntax is an X.509 CertificateAssertion [X.509, clause
+ 11.3.2]. Values of this syntax MUST be encoded using GSER [RFC3641].
+ Appendix A.2 provides an equivalent ABNF [ABNF] grammar for this
+ syntax.
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 4]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+2.7. CertificatePairExactAssertion
+
+ ( IANA-ASSIGNED-OID.3
+ DESC 'X.509 Certificate Pair Exact Assertion' )
+
+ A value of this syntax is an X.509 CertificatePairExactAssertion
+ [X.509, clause 11.3.3]. Values of this syntax MUST be encoded using
+ GSER [RFC3641]. Appendix A.3 provides an equivalent ABNF [ABNF]
+ grammar for this syntax.
+
+
+2.8. CertificatePairAssertion
+
+ ( IANA-ASSIGNED-OID.4 DESC 'X.509 Certificate Pair Assertion' )
+
+ A value of this syntax is an X.509 CertificatePairAssertion [X.509,
+ clause 11.3.4]. Values of this syntax MUST be encoded using GSER
+ [RFC3641]. Appendix A.4 provides an equivalent ABNF [ABNF] grammar
+ for this syntax.
+
+
+2.9. CertificateListExactAssertion
+
+ ( IANA-ASSIGNED-OID.5
+ DESC 'X.509 Certificate List Exact Assertion' )
+
+ A value of this syntax is an X.509 CertificateListExactAssertion
+ [X.509, clause 11.3.5]. Values of this syntax MUST be encoded using
+ GSER [RFC3641]. Appendix A.5 provides an equivalent ABNF grammar for
+ this syntax.
+
+
+2.10. CertificateListAssertion
+
+ ( IANA-ASSIGNED-OID.6 DESC 'X.509 Certificate List Assertion' )
+
+ A value of this syntax is an X.509 CertificateListAssertion [X.509,
+ clause 11.3.6]. Values of this syntax MUST be encoded using GSER
+ [RFC3641]. Appendix A.6 provides an equivalent ABNF [ABNF] grammar
+ for this syntax.
+
+
+2.11 AlgorithmIdentifier
+
+ ( IANA-ASSIGNED-OID.7 DESC 'X.509 Algorithm Identifier' )
+
+ A value of this syntax is an X.509 AlgorithmIdentifier [X.509, Clause
+ 7]. Values of this syntax MUST be encoded using GSER [RFC3641].
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 5]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ Appendix A.7 provides an equivalent ABNF [ABNF] grammar for this
+ syntax.
+
+
+3. Matching Rules
+
+ This section introduces a set of certificate and related matching
+ rules for use in LDAP. These rules are intended to act in accordance
+ with their X.500 counterparts.
+
+
+3.1. certificateExactMatch
+
+ The certificateExactMatch matching rule compares the presented
+ certificate exact assertion value with an attribute value of the
+ certificate syntax as described in clause 11.3.1 of [X.509].
+
+ ( 2.5.13.34 NAME 'certificateExactMatch'
+ DESC 'X.509 Certificate Exact Match'
+ SYNTAX IANA-ASSIGNED-OID.1 )
+
+
+3.2. certificateMatch
+
+ The certificateMatch matching rule compares the presented certificate
+ assertion value with an attribute value of the certificate syntax as
+ described in clause 11.3.2 of [X.509].
+
+ ( 2.5.13.35 NAME 'certificateMatch'
+ DESC 'X.509 Certificate Match'
+ SYNTAX IANA-ASSIGNED-OID.2 )
+
+
+3.3. certificatePairExactMatch
+
+ The certificatePairExactMatch matching rule compares the presented
+ certificate pair exact assertion value with an attribute value of the
+ certificate pair syntax as described in clause 11.3.3 of [X.509].
+
+ ( 2.5.13.36 NAME 'certificatePairExactMatch'
+ DESC 'X.509 Certificate Pair Exact Match'
+ SYNTAX IANA-ASSIGNED-OID.3 )
+
+
+3.4. certificatePairMatch
+
+ The certificatePairMatch matching rule compares the presented
+ certificate pair assertion value with an attribute value of the
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 6]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ certificate pair syntax as described in clause 11.3.4 of [X.509].
+
+ ( 2.5.13.37 NAME 'certificatePairMatch'
+ DESC 'X.509 Certificate Pair Match'
+ SYNTAX IANA-ASSIGNED-OID.4 )
+
+
+3.5. certificateListExactMatch
+
+ The certificateListExactMatch matching rule compares the presented
+ certificate list exact assertion value with an attribute value of the
+ certificate pair syntax as described in clause 11.3.5 of [X.509].
+
+ ( 2.5.13.38 NAME 'certificateListExactMatch'
+ DESC 'X.509 Certificate List Exact Match'
+ SYNTAX IANA-ASSIGNED-OID.5 )
+
+
+3.6. certificateListMatch
+
+ The certificateListMatch matching rule compares the presented
+ certificate list assertion value with an attribute value of the
+ certificate pair syntax as described in clause 11.3.6 of [X.509].
+
+ ( 2.5.13.39 NAME 'certificateListMatch'
+ DESC 'X.509 Certificate List Match'
+ SYNTAX IANA-ASSIGNED-OID.6 )
+
+
+3.7. algorithmIdentifierMatch
+
+ The algorithmIdentifierMatch mating rule compares a presented
+ algorithm identifier with an attribute value of supported algorithm as
+ described in clause 11.3.7 of [X.509].
+
+ ( 2.5.13.40 NAME 'algorithmIdentifier'
+ DESC 'X.509 Algorithm Identifier Match'
+ SYNTAX IANA-ASSIGNED-OID.7 )
+
+
+4. Attribute Types
+
+ This section details a set of certificate and related attribute types
+ for use in LDAP.
+
+
+4.1. userCertificate
+
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 7]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ The userCertificate attribute holds the X.509 certificates issued to
+ the user by one or more certificate authorities, as discussed in
+ clause 11.2.1 of [X.509].
+
+ ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'X.509 user certificate'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+ As required by this attribute type's syntax, values of this attribute
+ are requested and transferred using the attribute description
+ "userCertificate;binary".
+
+
+4.2. cACertificate
+
+ The cACertificate attribute holds the X.509 certificates issued to the
+ certificate authority (CA), as discussed in clause 11.2.2 of [X.509].
+
+ ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'X.509 CA certificate'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+ As required by this attribute type's syntax, values of this attribute
+ are requested and transferred using the attribute description
+ "cACertificate;binary".
+
+
+4.3. crossCertificatePair
+
+ The crossCertificatePair attribute holds an X.509 certificate pair, as
+ discussed in clause 11.2.3 of [X.509].
+
+ ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'X.509 cross certificate pair'
+ EQUALITY certificatePairExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+
+ As required by this attribute type's syntax, values of this attribute
+ are requested and transferred using the attribute description
+ "crossCertificatePair;binary".
+
+
+4.4. certificateRevocationList
+
+ The certificateRevocationList attribute holds certificate lists, as
+ discussed in 11.2.4 of [X.509].
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 8]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'X.509 certificate revocation list'
+ EQUALITY certificateListExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+ As required by this attribute type's syntax, values of this attribute
+ are requested and transferred using the attribute description
+ "certificateRevocationList;binary".
+
+
+4.5. authorityRevocationList
+
+ The authorityRevocationList attribute holds certificate lists, as
+ discussed in 11.2.5 of [X.509].
+
+ ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'X.509 authority revocation list'
+ EQUALITY certificateListExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+ As required by this attribute type's syntax, values of this attribute
+ are requested and transferred using the attribute description
+ "authorityRevocationList;binary".
+
+
+4.6. deltaRevocationList
+
+ The deltaRevocationList attribute holds certificate lists, as
+ discussed in 11.2.6 of [X.509].
+
+ ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'X.509 delta revocation list'
+ EQUALITY certificateListExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+ As required by this attribute type's syntax, values of this attribute
+ MUST be requested and transferred using the attribute description
+ "deltaRevocationList;binary".
+
+
+4.7. supportedAlgorithms
+
+ The supportedAlgorithms attribute holds supported algorithms, as
+ discussed in 11.2.7 of [X.509].
+
+ ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'X.509 supported algorithms'
+ EQUALITY algorithmIdentifierMatch
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 9]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+
+ As required by this attribute type's syntax, values of this attribute
+ MUST be requested and transferred using the attribute description
+ "supportedAlgorithms;binary".
+
+
+5. Object Classes
+
+ This section details a set of certificate-related object classes for
+ use in LDAP.
+
+
+5.1. pkiUser
+
+ This object class is used in augment entries for objects that may be
+ subject to certificates, as defined in clause 11.1.1 of [X.509].
+
+ ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'X.509 PKI User'
+ SUP top AUXILIARY
+ MAY userCertificate )
+
+
+5.2. pkiCA
+
+ This object class is used to augment entries for objects which act as
+ certificate authorities, as defined in clause 11.1.2 of [X.509]
+
+ ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'X.509 PKI Certificate Authority'
+ SUP top AUXILIARY
+ MAY ( cACertificate $ certificateRevocationList $
+ authorityRevocationList $ crossCertificatePair ) )
+
+
+5.3. cRLDistributionPoint
+
+ This class is used to represent objects which act as CRL distribution
+ points, as discussed in clause 11.1.3 of [X.509].
+
+ ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ DESC 'X.509 CRL distribution point'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( certificateRevocationList $
+ authorityRevocationList $ deltaRevocationList ) )
+
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 10]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+5.4 deltaCRL
+
+ The deltaCRL object class is used to augment entries to hold delta
+ revocation lists, as discussed in clause 11.1.4 of [X.509].
+
+ ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'X.509 delta CRL'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+
+
+5.5. strongAuthenticationUser
+
+ This object class is used to augment entries for objects participating
+ in certificate-based authentication, as defined in clause 6.15 of
+ [X.521]. This object class is deprecated in favor of pkiUser.
+
+ ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'X.521 strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+
+
+5.6. userSecurityInformation
+
+ This object class is used to augment entries with needed additional
+ associated security information, as defined in clause 6.16 of [X.521].
+
+ ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'X.521 user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+
+
+5.7. certificationAuthority
+
+ This object class is used to augment entries for objects which act as
+ certificate authorities, as defined in clause 6.17 of [X.521]. This
+ object class is deprecated in favor of pkiCA.
+
+ ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'X.509 certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $
+ certificateRevocationList $ cACertificate )
+ MAY crossCertificatePair )
+
+
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 11]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+5.8. certificationAuthority-V2
+
+ This object class is used to augment entries for objects which act as
+ certificate authorities, as defined in clause 6.18 of [X.521]. This
+ object class is deprecated in favor of pkiCA.
+
+ ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ DESC 'X.509 certificate authority, version 2'
+ SUP certificationAuthority AUXILIARY
+ MAY deltaRevocationList )
+
+
+6. Security Considerations
+
+ General certificate considerations [RFC3280] apply to LDAP-aware
+ certificate applications. General LDAP security considerations
+ [Roadmap] apply as well.
+
+ While elements of certificate information are commonly signed, these
+ signatures only protect the integrity of the signed information. In
+ the absence of a data integrity protections in LDAP (or lower layer,
+ e.g. IPsec), a server is not assured that client certificate request
+ (or other request) was unaltered in transit. Likewise, a client
+ cannot be assured that the results of the query were unaltered in
+ transit. Hence, it is generally recommended implementations make use
+ of authentication and data integrity services in LDAP
+ [AuthMeth][Protocol].
+
+
+7. IANA Considerations
+
+7.1. Object Identifier Registration
+
+ It is requested that IANA register upon Standards Action an LDAP
+ Object Identifier for use in this technical specification.
+
+ Subject: Request for LDAP OID Registration
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments:
+ Identifies the LDAP X.509 Certificate schema elements
+ introduced in this document.
+
+
+7.2. Registration of the descriptor
+
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 12]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ It is requested that IANA update upon Standards Action the LDAP
+ Descriptor registry as indicated below.
+
+ Subject: Request for LDAP Descriptor Registration
+ Descriptor (short name): see table
+ Object Identifier: see table
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Usage: see table
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+
+ algorithmIdentifierMatch R 2.5.13.40
+ authorityRevocationList A 2.5.4.38 *
+ cACertificate A 2.5.4.37 *
+ cRLDistributionPoint O 2.5.6.19 *
+ certificateExactMatch R 2.5.13.34
+ certificateListExactMatch R 2.5.13.38
+ certificateListMatch R 2.5.13.39
+ certificateMatch R 2.5.13.35
+ certificatePairExactMatch R 2.5.13.36
+ certificatePairMatch R 2.5.13.37
+ certificateRevocationList A 2.5.4.39 *
+ certificationAuthority O 2.5.6.16 *
+ certificationAuthority-V2 O 2.5.6.16.2 *
+ crossCertificatePair A 2.5.4.40 *
+ deltaCRL O 2.5.6.23 *
+ deltaRevocationList A 2.5.4.53 *
+ pkiCA O 2.5.6.22 *
+ pkiUser O 2.5.6.21 *
+ strongAuthenticationUser O 2.5.6.15 *
+ supportedAlgorithms A 2.5.4.52 *
+ userCertificate A 2.5.4.36 *
+ userSecurityInformation O 2.5.6.18 *
+
+ * Updates previous registration
+
+
+8. Acknowledgments
+
+ This document is based upon X.509, a product of the ITU-T. A number
+ of LDAP schema definitions were based on those found in RFC 2252 and
+ RFC 2256, both products of the IETF ASID WG. The ABNF productions in
+ Appendix A were provided by Steven Legg. Additional material was
+ borrowed from prior works by David Chadwick and Steven Legg to refine
+ the LDAP X.509 schema.
+
+
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 13]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+9. Author's Address
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+
+ Email: Kurt at OpenLDAP.org
+
+
+10. References
+
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
+
+
+10.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [RFC3641] Legg, S., "Generic String Encoding Rules for ASN.1
+ Types", RFC 3641, October 2003.
+
+ [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+ Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
+ progress.
+
+ [Models] Zeilenga, K. (editor), "LDAP: Directory Information
+ Models", draft-ietf-ldapbis-models-xx.txt, a work in
+ progress.
+
+ [Binary] Legg, S., "Lightweight Directory Access Protocol (LDAP):
+ The Binary Encoding Option",
+ draft-legg-ldap-binary-xx.txt, a work in progress.
+
+ [X.509] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The
+ Directory: Authentication Framework", X.509(2000).
+
+ [X.521] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The
+ Directory: Selected Object Classes", X.521(2000).
+
+ [X.680] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Abstract
+ Syntax Notation One (ASN.1) - Specification of Basic
+ Notation", X.680(2002) (also ISO/IEC 8824-1:2002).
+
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 14]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ [X.690] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Specification
+ of ASN.1 encoding rules: Basic Encoding Rules (BER),
+ Canonical Encoding Rules (CER), and Distinguished
+ Encoding Rules (DER)", X.690(2002) (also ISO/IEC
+ 8825-1:2002).
+
+
+11.2. Informative References
+
+ [ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax
+ Specifications: ABNF", draft-crocker-abnf-rfc2234bis, a
+ work in progress.
+
+ [AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods and
+ Connection Level Security Mechanisms",
+ draft-ietf-ldapbis-authmeth-xx.txt, a work in progress.
+
+ [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
+ draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
+
+ [RFC2156] Kille, S., "MIXER (Mime Internet X.400 Enhanced Relay):
+ Mapping between X.400 and RFC 822/MIME", RFC 2156,
+ January 1998.
+
+ [RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet
+ X.509 Public Key Infrastructure Certificate and
+ Certificate Revocation List (CRL) Profile", RFC 3280,
+ April 2002.
+
+ [RFC3383] Zeilenga, K., "IANA Considerations for LDAP", BCP 64
+ (also RFC 3383), September 2002.
+
+ [RFC3642] Legg, S., "Common Elements of GSER Encodings", RFC 3642,
+ October 2003.
+
+ [RFC3687] Legg, S., "Lightweight Directory Access Protocol (LDAP)
+ and X.500 Component Matching Rules", RFC 3687, February
+ 2004.
+
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+
+Appendix A.
+
+ This appendix is informative.
+
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 15]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ This appendix provides ABNF [ABNF] grammars for GSER-based [RFC3687]
+ LDAP-specific encodings specified in this document. These grammars
+ where produced using, and relying on, Common Elements for GSER
+ Encodings [RFC3342].
+
+
+A.1. CertificateExactAssertion
+
+ CertificateExactAssertion = "{" sp cea-serialNumber ","
+ sp cea-issuer sp "}"
+
+ cea-serialNumber = id-serialNumber msp CertificateSerialNumber
+ cea-issuer = id-issuer msp Name
+
+ id-serialNumber =
+ %x73.65.72.69.61.6C.4E.75.6D.62.65.72 ; 'serialNumber'
+ id-issuer = %x69.73.73.75.65.72 ; 'issuer'
+
+ Name = id-rdnSequence ":" RDNSequence
+ id-rdnSequence = %x72.64.6E.53.65.71.75.65.6E.63.65 ; 'rdnSequence'
+
+ CertificateSerialNumber = INTEGER
+
+
+A.2. CertificateAssertion
+
+ CertificateAssertion = "{" [ sp ca-serialNumber ]
+ [ sep sp ca-issuer ]
+ [ sep sp ca-subjectKeyIdentifier ]
+ [ sep sp ca-authorityKeyIdentifier ]
+ [ sep sp ca-certificateValid ]
+ [ sep sp ca-privateKeyValid ]
+ [ sep sp ca-subjectPublicKeyAlgID ]
+ [ sep sp ca-keyUsage ]
+ [ sep sp ca-subjectAltName ]
+ [ sep sp ca-policy ]
+ [ sep sp ca-pathToName ]
+ [ sep sp ca-subject ]
+ [ sep sp ca-nameConstraints ] sp "}"
+
+ ca-serialNumber = id-serialNumber msp CertificateSerialNumber
+ ca-issuer = id-issuer msp Name
+ ca-subjectKeyIdentifier = id-subjectKeyIdentifier msp
+ SubjectKeyIdentifier
+ ca-authorityKeyIdentifier = id-authorityKeyIdentifier msp
+ AuthorityKeyIdentifier
+ ca-certificateValid = certificateValid msp Time
+ ca-privateKeyValid = id-privateKeyValid msp GeneralizedTime
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 16]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ ca-subjectPublicKeyAlgID = id-subjectPublicKeyAlgID msp
+ OBJECT-IDENTIFIER
+ ca-keyUsage = id-keyUsage msp KeyUsage
+ ca-subjectAltName = id-subjectAltName msp AltNameType
+ ca-policy = id-policy msp CertPolicySet
+ ca-pathToName = id-pathToName msp Name
+ ca-subject = id-subject msp Name
+ ca-nameConstraints = id-nameConstraints msp NameConstraintsSyntax
+
+ id-subjectKeyIdentifier =
+ %x73.75.62.6A.65.63.74.4B.65.79.49.64.65.6E.74.69.66.69.65.72
+ ; 'subjectKeyIdentifier'
+ id-authorityKeyIdentifier =
+ %x61.75.74.68.6F.72.69.74.79.4B.65.79.49.64.65.6E.74.69.66.69.65.72
+ ; 'authorityKeyIdentifier'
+ id-certificateValid = %x63.65.72.74.69.66.69.63.61.74.65.56.61.6C.69.64
+ ; 'certificateValid'
+ id-privateKeyValid = %x70.72.69.76.61.74.65.4B.65.79.56.61.6C.69.64
+ ; 'privateKeyValid'
+ id-subjectPublicKeyAlgID =
+ %x73.75.62.6A.65.63.74.50.75.62.6C.69.63.4B.65.79.41.6C.67.49.44
+ ; 'subjectPublicKeyAlgID'
+ id-keyUsage = %x6B.65.79.55.73.61.67.65 ; 'keyUsage'
+ id-subjectAltName = %x73.75.62.6A.65.63.74.41.6C.74.4E.61.6D.65
+ ; 'subjectAltName'
+ id-policy = %x70.6F.6C.69.63.79 ; 'policy'
+ id-pathToName = %x70.61.74.68.54.6F.4E.61.6D.65 ; 'pathToName'
+ id-subject = %x73.75.62.6A.65.63.74 ; 'subject'
+ id-nameConstraints = %x6E.61.6D.65.43.6F.6E.73.74.72.61.69.6E.74.73
+ ; 'nameConstraints'
+
+ SubjectKeyIdentifier = KeyIdentifier
+
+ KeyIdentifier = OCTET-STRING
+
+ AuthorityKeyIdentifier = "{" [ sp aki-keyIdentifier ]
+ [ sep sp aki-authorityCertIssuer ]
+ [ sep sp aki-authorityCertSerialNumber ] sp "}"
+
+ aki-keyIdentifier = id-keyIdentifier msp KeyIdentifier
+ aki-authorityCertIssuer = id-authorityCertIssuer msp GeneralNames
+
+ GeneralNames = "{" sp GeneralName *( "," sp GeneralName ) sp "}"
+ GeneralName = gn-otherName
+ / gn-rfc822Name
+ / gn-dNSName
+ / gn-x400Address
+ / gn-directoryName
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 17]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ / gn-ediPartyName
+ / gn-uniformResourceIdentifier
+ / gn-iPAddress
+ / gn-registeredID
+
+ gn-otherName = id-otherName ":" OtherName
+ gn-rfc822Name = id-rfc822Name ":" IA5String
+ gn-dNSName = id-dNSName ":" IA5String
+ gn-x400Address = id-x400Address ":" ORAddress
+ gn-directoryName = id-directoryName ":" Name
+ gn-ediPartyName = id-ediPartyName ":" EDIPartyName
+ gn-iPAddress = id-iPAddress ":" OCTET-STRING
+ gn-registeredID = gn-id-registeredID ":" OBJECT-IDENTIFIER
+
+ gn-uniformResourceIdentifier = id-uniformResourceIdentifier
+ ":" IA5String
+
+ id-otherName = %x6F.74.68.65.72.4E.61.6D.65 ; 'otherName'
+ gn-id-registeredID = %x72.65.67.69.73.74.65.72.65.64.49.44
+ ; 'registeredID'
+
+ OtherName = "{" sp on-type-id "," sp on-value sp "}"
+ on-type-id = id-type-id msp OBJECT-IDENTIFIER
+ on-value = id-value msp Value
+ ;; <Value> as defined in Section 8 of [RFC3786]
+
+ id-type-id = %x74.79.70.65.2D.69.64 ; 'type-id'
+ id-value = %x76.61.6C.75.65 ; 'value'
+
+ ORAddress = dquote *SafeIA5Character dquote
+ SafeIA5Character = %x01-21 / %x23-7F / ; ASCII minus dquote
+ dquote dquote ; escaped double quote
+ dquote = %x22 ; '"' (double quote)
+
+ ;; Note: The <ORAddress> rule encodes the x400Address component
+ ;; of a GeneralName as a character string between double quotes.
+ ;; The character string is first derived according to Section 4.1
+ ;; of [RFC2156], and then any embedded double quotes are escaped
+ ;; by being repeated. This resulting string is output between
+ ;; double quotes.
+
+ EDIPartyName = "{" [ sp nameAssigner "," ] sp partyName sp "}"
+ nameAssigner = id-nameAssigner msp DirectoryString
+ partyName = id-partyName msp DirectoryString
+ id-nameAssigner = %x6E.61.6D.65.41.73.73.69.67.6E.65.72
+ ; 'nameAssigner'
+ id-partyName = %x70.61.72.74.79.4E.61.6D.65 ; 'partyName'
+
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 18]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ aki-authorityCertSerialNumber = id-authorityCertSerialNumber
+ msp CertificateSerialNumber
+
+ id-keyIdentifier = %x6B.65.79.49.64.65.6E.74.69.66.69.65.72
+ ; 'keyIdentifier'
+ id-authorityCertIssuer =
+ %x61.75.74.68.6F.72.69.74.79.43.65.72.74.49.73.73.75.65.72
+ ; 'authorityCertIssuer'
+
+ id-authorityCertSerialNumber = %x61.75.74.68.6F.72.69.74.79.43
+ %x65.72.74.53.65.72.69.61.6C.4E.75.6D.62.65.72
+ ; 'authorityCertSerialNumber'
+
+ Time = time-utcTime / time-generalizedTime
+ time-utcTime = id-utcTime ":" UTCTime
+ time-generalizedTime = id-generalizedTime ":" GeneralizedTime
+ id-utcTime = %x75.74.63.54.69.6D.65 ; 'utcTime'
+ id-generalizedTime = %x67.65.6E.65.72.61.6C.69.7A.65.64.54.69.6D.65
+ ; 'generalizedTime'
+
+ KeyUsage = BIT-STRING / key-usage-bit-list
+ key-usage-bit-list = "{" [ sp key-usage *( "," sp key-usage ) ] sp "}"
+
+ ;; Note: The <key-usage-bit-list> rule encodes the one bits in
+ ;; a KeyUsage value as a comma separated list of identifiers.
+
+ key-usage = id-digitalSignature
+ / id-nonRepudiation
+ / id-keyEncipherment
+ / id-dataEncipherment
+ / id-keyAgreement
+ / id-keyCertSign
+ / id-cRLSign
+ / id-encipherOnly
+ / id-decipherOnly
+
+ id-digitalSignature = %x64.69.67.69.74.61.6C.53.69.67.6E.61.74
+ %x75.72.65 ; 'digitalSignature'
+ id-nonRepudiation = %x6E.6F.6E.52.65.70.75.64.69.61.74.69.6F.6E
+ ; 'nonRepudiation'
+ id-keyEncipherment = %x6B.65.79.45.6E.63.69.70.68.65.72.6D.65.6E.74
+ ; 'keyEncipherment'
+ id-dataEncipherment = %x64.61.74.61.45.6E.63.69.70.68.65.72.6D.65.6E
+ %x74 ; "dataEncipherment'
+ id-keyAgreement = %x6B.65.79.41.67.72.65.65.6D.65.6E.74
+ ; 'keyAgreement'
+ id-keyCertSign = %x6B.65.79.43.65.72.74.53.69.67.6E
+ ; 'keyCertSign'
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 19]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ id-cRLSign = %x63.52.4C.53.69.67.6E ; "cRLSign"
+ id-encipherOnly = %x65.6E.63.69.70.68.65.72.4F.6E.6C.79
+ ; 'encipherOnly'
+ id-decipherOnly = %x64.65.63.69.70.68.65.72.4F.6E.6C.79
+ ; 'decipherOnly'
+
+ AltNameType = ant-builtinNameForm / ant-otherNameForm
+
+ ant-builtinNameForm = id-builtinNameForm ":" BuiltinNameForm
+ ant-otherNameForm = id-otherNameForm ":" OBJECT-IDENTIFIER
+
+ id-builtinNameForm = %x62.75.69.6C.74.69.6E.4E.61.6D.65.46.6F.72.6D
+ ; 'builtinNameForm'
+ id-otherNameForm = %x6F.74.68.65.72.4E.61.6D.65.46.6F.72.6D
+ ; 'otherNameForm'
+
+ BuiltinNameForm = id-rfc822Name
+ / id-dNSName
+ / id-x400Address
+ / id-directoryName
+ / id-ediPartyName
+ / id-uniformResourceIdentifier
+ / id-iPAddress
+ / id-registeredId
+
+ id-rfc822Name = %x72.66.63.38.32.32.4E.61.6D.65 ; 'rfc822Name'
+ id-dNSName = %x64.4E.53.4E.61.6D.65 ; 'dNSName'
+ id-x400Address = %x78.34.30.30.41.64.64.72.65.73.73 ; 'x400Address'
+ id-directoryName = %x64.69.72.65.63.74.6F.72.79.4E.61.6D.65
+ ; 'directoryName'
+ id-ediPartyName = %x65.64.69.50.61.72.74.79.4E.61.6D.65
+ ; 'ediPartyName'
+ id-iPAddress = %x69.50.41.64.64.72.65.73.73 ; 'iPAddress'
+ id-registeredId = %x72.65.67.69.73.74.65.72.65.64.49.64
+ ; 'registeredId'
+
+ id-uniformResourceIdentifier = %x75.6E.69.66.6F.72.6D.52.65.73.6F.75
+ %x72.63.65.49.64.65.6E.74.69.66.69.65.72
+ ; 'uniformResourceIdentifier'
+
+ CertPolicySet = "{" sp CertPolicyId *( "," sp CertPolicyId ) sp "}"
+ CertPolicyId = OBJECT-IDENTIFIER
+
+ NameConstraintsSyntax = "{" [ sp ncs-permittedSubtrees ]
+ [ sep sp ncs-excludedSubtrees ] sp "}"
+
+ ncs-permittedSubtrees = id-permittedSubtrees msp GeneralSubtrees
+ ncs-excludedSubtrees = id-excludedSubtrees msp GeneralSubtrees
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 20]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ id-permittedSubtrees =
+ %x70.65.72.6D.69.74.74.65.64.53.75.62.74.72.65.65.73
+ ; 'permittedSubtrees'
+ id-excludedSubtrees =
+ %x65.78.63.6C.75.64.65.64.53.75.62.74.72.65.65.73
+ ; 'excludedSubtrees'
+
+ GeneralSubtrees = "{" sp GeneralSubtree
+ *( "," sp GeneralSubtree ) sp "}"
+ GeneralSubtree = "{" sp gs-base
+ [ "," sp gs-minimum ]
+ [ "," sp gs-maximum ] sp "}"
+
+ gs-base = id-base msp GeneralName
+ gs-minimum = id-minimum msp BaseDistance
+ gs-maximum = id-maximum msp BaseDistance
+
+ id-base = %x62.61.73.65 ; 'base'
+ id-minimum = %x6D.69.6E.69.6D.75.6D ; 'minimum'
+ id-maximum = %x6D.61.78.69.6D.75.6D ; 'maximum'
+
+ BaseDistance = INTEGER-0-MAX
+
+
+A.3. CertificatePairExactAssertion
+
+ CertificatePairExactAssertion = "{" [ sp cpea-issuedTo ]
+ [sep sp cpea-issuedBy ] sp "}"
+ ;; At least one of <cpea-issuedTo> or <cpea-issuedBy> MUST be present.
+
+ cpea-issuedTo = id-issuedToThisCAAssertion msp
+ CertificateExactAssertion
+ cpea-issuedBy = id-issuedByThisCAAssertion msp
+ CertificateExactAssertion
+
+ id-issuedToThisCAAssertion = %x69.73.73.75.65.64.54.6F.54.68.69.73
+ %x43.41.41.73.73.65.72.74.69.6F.6E ; 'issuedToThisCAAssertion'
+ id-issuedByThisCAAssertion = %x69.73.73.75.65.64.42.79.54.68.69.73
+ %x43.41.41.73.73.65.72.74.69.6F.6E ; 'issuedByThisCAAssertion'
+
+
+A.4. CertificatePairAssertion
+
+ CertificatePairAssertion = "{" [ sp cpa-issuedTo ]
+ [sep sp cpa-issuedBy ] sp "}"
+ ;; At least one of <cpa-issuedTo> and <cpa-issuedBy> MUST be present.
+
+ cpa-issuedTo = id-issuedToThisCAAssertion msp CertificateAssertion
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 21]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ cpa-issuedBy = id-issuedByThisCAAssertion msp CertificateAssertion
+
+
+A.5. CertificateListExactAssertion
+
+ CertificateListExactAssertion = "{" sp clea-issuer ","
+ sp clea-thisUpdate
+ [ "," sp clea-distributionPoint ] sp "}"
+
+ clea-issuer = id-issuer msp Name
+ clea-thisUpdate = id-thisUpdate msp Time
+ clea-distributionPoint = id-distributionPoint msp
+ DistributionPointName
+
+ id-thisUpdate = %x74.68.69.73.55.70.64.61.74.65 ; 'thisUpdate'
+ id-distributionPoint =
+ %x64.69.73.74.72.69.62.75.74.69.6F.6E.50.6F.69.6E.74
+ ; 'distributionPoint'
+
+ DistributionPointName = dpn-fullName / dpn-nameRelativeToCRLIssuer
+
+ dpn-fullName = id-fullName ":" GeneralNames
+ dpn-nameRelativeToCRLIssuer = id-nameRelativeToCRLIssuer ":"
+ RelativeDistinguishedName
+
+ id-fullName = %x66.75.6C.6C.4E.61.6D.65 ; 'fullName'
+ id-nameRelativeToCRLIssuer = %x6E.61.6D.65.52.65.6C.61.74.69.76.65
+ %x54.6F.43.52.4C.49.73.73.75.65.72 ; 'nameRelativeToCRLIssuer'
+
+
+A.6. CertificateListAssertion
+
+ CertificateListAssertion = "{" [ sp cla-issuer ]
+ [ sep sp cla-minCRLNumber ]
+ [ sep sp cla-maxCRLNumber ]
+ [ sep sp cla-reasonFlags ]
+ [ sep sp cla-dateAndTime ]
+ [ sep sp cla-distributionPoint ]
+ [ sep sp cla-authorityKeyIdentifier ] sp "}"
+
+ cla-issuer = id-issuer msp Name
+ cla-minCRLNumber = id-minCRLNumber msp CRLNumber
+ cla-maxCRLNumber = id-maxCRLNumber msp CRLNumber
+ cla-reasonFlags = id-reasonFlags msp ReasonFlags
+ cla-dateAndTime = id-dateAndTime msp Time
+
+ cla-distributionPoint = id-distributionPoint msp
+ DistributionPointName
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 22]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ cla-authorityKeyIdentifier = id-authorityKeyIdentifier msp
+ AuthorityKeyIdentifier
+
+ id-minCRLNumber = %x6D.69.6E.43.52.4C.4E.75.6D.62.65.72
+ ; 'minCRLNumber'
+ id-maxCRLNumber = %x6D.61.78.43.52.4C.4E.75.6D.62.65.72
+ ; 'maxCRLNumber'
+ id-reasonFlags = %x72.65.61.73.6F.6E.46.6C.61.67.73 ; 'reasonFlags'
+ id-dateAndTime = %x64.61.74.65.41.6E.64.54.69.6D.65 ; 'dateAndTime'
+
+ CRLNumber = INTEGER-0-MAX
+
+ ReasonFlags = BIT-STRING
+ / "{" [ sp reason-flag *( "," sp reason-flag ) ] sp "}"
+
+ reason-flag = id-unused
+ / id-keyCompromise
+ / id-cACompromise
+ / id-affiliationChanged
+ / id-superseded
+ / id-cessationOfOperation
+ / id-certificateHold
+ / id-privilegeWithdrawn
+ / id-aACompromise
+
+ id-unused = %x75.6E.75.73.65.64 ; 'unused'
+ id-keyCompromise = %x6B.65.79.43.6F.6D.70.72.6F.6D.69.73.65
+ ; 'keyCompromise'
+ id-cACompromise = %x63.41.43.6F.6D.70.72.6F.6D.69.73.65
+ ; 'cACompromise'
+ id-affiliationChanged =
+ %x61.66.66.69.6C.69.61.74.69.6F.6E.43.68.61.6E.67.65.64
+ ; 'affiliationChanged'
+ id-superseded = %x73.75.70.65.72.73.65.64.65.64 ; 'superseded'
+ id-cessationOfOperation =
+ %x63.65.73.73.61.74.69.6F.6E.4F.66.4F.70.65.72.61.74.69.6F.6E
+ ; 'cessationOfOperation'
+ id-certificateHold = %x63.65.72.74.69.66.69.63.61.74.65.48.6F.6C.64
+ ; 'certificateHold'
+ id-privilegeWithdrawn =
+ %x70.72.69.76.69.6C.65.67.65.57.69.74.68.64.72.61.77.6E
+ ; 'privilegeWithdrawn'
+ id-aACompromise = %x61.41.43.6F.6D.70.72.6F.6D.69.73.65
+ ; 'aACompromise'
+
+
+A.7. AlgorithmIdentifier
+
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 23]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ AlgorithmIdentifier = "{" sp ai-algorithm
+ [ "," sp ai-parameters ] sp "}"
+
+ ai-algorithm = id-algorithm msp OBJECT-IDENTIFIER
+ ai-parameters = id-parameters msp Value
+ id-algorithm = %x61.6C.67.6F.72.69.74.68.6D ; 'algorithm'
+ id-parameters = %x70.61.72.61.6D.65.74.65.72.73 ; 'parameters'
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr at ietf.org.
+
+
+
+Full Copyright
+
+ Copyright (C) The Internet Society (2005).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 24]
+�
+INTERNET-DRAFT LDAP X.509 Schema 18 July 2005
+
+
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga draft-zeilenga-ldap-x509-02 [Page 25]
+�
Added: openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldup-sync-xx.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldup-sync-xx.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/drafts/draft-zeilenga-ldup-sync-xx.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1792 @@
+
+
+INTERNET-DRAFT Kurt D. Zeilenga
+Intended Category: Experimental OpenLDAP Foundation
+Expires in six months Jong Hyuk Choi
+ IBM Corporation
+
+ 3 February 2004
+
+
+
+
+ The LDAP Content Synchronization Operation
+ <draft-zeilenga-ldup-sync-05.txt>
+
+
+
+
+Status of this Memo
+
+ This document is an Internet-Draft and is in full conformance with all
+ provisions of Section 10 of RFC2026.
+
+ Distribution of this memo is unlimited. Technical discussion of this
+ document will take place on the IETF LDUP Working Group mailing list
+ at <ietf-ldup at imc.org>. Please send editorial comments directly to
+ the document editor at <Kurt at OpenLDAP.org>.
+
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as ``work in progress.''
+
+ The list of current Internet-Drafts can be accessed at
+ <http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
+ Internet-Draft Shadow Directories can be accessed at
+ <http://www.ietf.org/shadow.html>.
+
+ Copyright (C) The Internet Society (2004). All Rights Reserved.
+
+ Please see the Full Copyright section near the end of this document
+ for more information.
+
+
+
+
+
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 1]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+Abstract
+
+ This specification describes the LDAP (Lightweight Directory Access
+ Protocol) Content Synchronization Operation. The operation allows a
+ client to maintain a copy of a fragment of directory information tree.
+ It supports both polling for changes and listening for changes. The
+ operation is defined as an extension of the LDAP Search Operation.
+
+
+Table of Contents
+
+ Status of this Memo 1
+ Abstract 2
+ Table of Contents
+ 1. Introduction 3
+ 1.1. Background
+ 1.2. Intended Usage 4
+ 1.3. Overview 5
+ 1.4. Conventions
+ 2. Elements of the Sync Operation 8
+ 2.1. Common ASN.1 Elements 9
+ 2.2. Sync Request Control
+ 2.3. Sync State Control
+ 2.4. Sync Done Control 10
+ 2.5. Sync Info Message
+ 2.6. Sync Result Codes 11
+ 3. Content Synchronization
+ 3.1. Synchronization Session
+ 3.2. Content Determination 12
+ 3.3. refreshOnly Mode 13
+ 3.4. refreshAndPersist Mode 16
+ 3.5. Search Request Parameters 17
+ 3.6. objectName Issues 18
+ 3.7. Canceling the Sync Operation 19
+ 3.8. Refresh Required
+ 3.9. Chattiness Considerations 20
+ 3.10. Operation Multiplexing 21
+ 4. Meta Information Considerations 22
+ 4.1. Entry DN
+ 4.2. Operational Attributes
+ 4.3. Collective Attributes 23
+ 4.4. Access and Other Administrative Controls
+ 5. Interaction with Other Controls
+ 5.1. ManageDsaIT Control 24
+ 5.2. Subentries Control
+ 6. Shadowing Considerations
+ 7. Security Considerations 25
+ 8. IANA Considerations
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 2]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ 8.1. Object Identifier 26
+ 8.2. LDAP Protocol Mechanism
+ 8.3. LDAP Result Codes
+ 9. Acknowledgments
+ 10. Normative References 27
+ 11. Informative References 28
+ 12. Authors' Addresses 29
+ Appendix A. CSN-based Implementation Considerations
+ Intellectual Property Rights 31
+ Full Copyright
+
+
+1. Introduction
+
+ The Lightweight Directory Access Protocol (LDAP) [RFC3377] provides a
+ mechanism, the search operation [RFC2251], which allows a client to
+ request directory content matching a complex set of assertions and for
+ the server to return this content, subject to access control and other
+ restrictions, to the client. However, LDAP does not provide (despite
+ the introduction of numerous extensions in this area) an effective and
+ efficient mechanism for maintaining synchronized copies of directory
+ content. This document introduces a new mechanism specifically
+ designed to met the content synchronization requirements of
+ sophisticated directory applications.
+
+ This document defines the LDAP Content Synchronization Operation, or
+ Sync Operation for short, which allows a client to maintain a
+ synchronized copy of a fragment of a Directory Information Tree (DIT).
+ The Sync Operation is defined as a set of controls and other protocol
+ elements which extend the Search Operation.
+
+
+1.1. Background
+
+ Over the years, a number of content synchronization approaches have
+ been suggested for use in LDAP directory services. These approaches
+ are inadequate for one or more of the following reasons:
+
+ - fail to ensure a reasonable level of convergence;
+ - fail to detect that convergence cannot be achieved (without
+ reload);
+ - require pre-arranged synchronization agreements;
+ - require the server to maintain histories of past changes to DIT
+ content and/or meta information;
+ - require the server to maintain synchronization state on a per
+ client basis; and/or
+ - are overly chatty.
+
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 3]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ The Sync Operation provides eventual convergence of synchronized
+ content when possible and, when not, notification that a full reload
+ is required.
+
+ The Sync Operation does not require pre-arranged synchronization
+ agreements.
+
+ The Sync Operation does not require servers to maintain nor to use any
+ history of past changes to the DIT or to meta information. However,
+ servers may maintain and use histories (e.g., change logs, tombstones,
+ DIT snapshots) to reduce the number of messages generated and to
+ reduce their size. As it is not always feasible to maintain and use
+ histories, the operation may be implemented using purely (current)
+ state-based approaches. The Sync Operation allows use of either the
+ state-based approach or the history-based approach in an operation by
+ operation basis to balance the size of history and the amount of
+ traffic. The Sync Operation also allows the combined use of the
+ state-based and the history-based approaches.
+
+ The Sync Operation does not require servers to maintain
+ synchronization state on a per client basis. However, servers may
+ maintain and use per client state information to reduce the number of
+ messages generated and the size of such messages.
+
+ A synchronization mechanism can be considered overly chatty when
+ synchronization traffic is not reasonably bounded. The Sync Operation
+ traffic is bounded by the size of updated (or new) entries and the
+ number of unchanged entries in the content. The operation is designed
+ to avoid full content exchanges even in the case that the history
+ information available to the server is insufficient to determine the
+ client's state. The operation is also designed to avoid transmission
+ of out-of-content history information, as its size is not bounded by
+ the content and it is not always feasible to transmit such history
+ information due to security reasons.
+
+ This document includes a number of non-normative appendices providing
+ additional information to server implementors.
+
+
+1.2. Intended Usage
+
+ The Sync Operation is intended to be used in applications requiring
+ eventually-convergent content synchronization. Upon completion of
+ each synchronization stage of the operation, all information to
+ construct a synchronized client copy of the content has been provided
+ to the client or the client has been notified that a complete content
+ reload is necessary. Except for transient inconsistencies due to
+ concurrent operation (or other) processing at the server, the client
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 4]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ copy is an accurate reflection of the content held by the server.
+ Transient inconsistencies will be resolved by subsequent
+ synchronization operations.
+
+ Possible uses include:
+ - White page service applications may use the Sync Operation to
+ maintain current copy of a DIT fragment. For example, a mail user
+ agent which uses the sync operation to maintain a local copy of an
+ enterprise address book.
+
+ - Meta-information engines may use the Sync Operation to maintain a
+ copy of a DIT fragment.
+
+ - Caching proxy services may use the Sync Operation to maintain a
+ coherent content cache.
+
+ - Lightweight master-slave replication between heterogeneous
+ directory servers. For example, the Sync Operation can be used by
+ a slave server to maintain a shadow copy of a DIT fragment.
+ (Note: The International Telephone Union (ITU) has defined the
+ X.500 Directory [X.500] Information Shadowing Protocol (DISP)
+ [X.525] which may be used for master-slave replication between
+ directory servers. Other experimental LDAP replication protocols
+ also exist.)
+
+ This protocol is not intended to be used in applications requiring
+ transactional data consistency.
+
+ As this protocol transfers all visible values of entries belonging to
+ the content upon change instead of change deltas, this protocol is not
+ appropriate for bandwidth-challenged applications or deployments.
+
+
+1.3. Overview
+
+ This section provides an overview of basic ways the Sync Operation can
+ be used to maintain a synchronized client copy of a DIT fragment.
+
+ - Polling for Changes: refreshOnly mode
+ - Listening for Changes: refreshAndPersist mode
+
+
+1.3.1. Polling for Changes (refreshOnly)
+
+ To obtain its initial client copy, the client issues a Sync request: a
+ search request with the Sync Request Control with mode set to
+ refreshOnly. The server, much like it would with a normal search
+ operation, returns (subject to access controls and other restrictions)
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 5]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ the content matching the search criteria (baseObject, scope, filter,
+ attributes). Additionally, with each entry returned, the server
+ provides a Sync State Control indicating state add. This control
+ contains the Universally Unique Identifier (UUID) [UUID] of the entry
+ [EntryUUID]. Unlike the Distinguished Name (DN), which may change
+ over time, an entry's UUID is stable. The initial content is followed
+ by a SearchResultDone with a Sync Done Control. The Sync Done Control
+ provides a syncCookie. The syncCookie represents session state.
+
+ To poll for updates to the client copy, the client reissues the Sync
+ Operation with the syncCookie previously returned. The server, much
+ as it would with a normal search operation, determines which content
+ would be returned as if the operation was a normal search operation.
+ However, using the syncCookie as an indicator of what content the
+ client was sent previously, the server sends copies of entries which
+ have changed with a Sync State Control indicating state add. For each
+ changed entry, all (modified or unmodified) attributes belonging to
+ the content are sent.
+
+ The server may perform either or both of the two distinct
+ synchronization phases which are distinguished by how to synchronize
+ entries deleted from the content: the present and the delete phases.
+ When the server uses a single phase for the refresh stage, each phase
+ is marked as ended by a SearchResultDone with a Sync Done Control. A
+ present phase is identified by a FALSE refreshDeletes value in the
+ Sync Done Control. A delete phase is identified by a TRUE
+ refreshDeletes value. The present phase may be followed by a delete
+ phase. The two phases are delimited by a refreshPresent Sync Info
+ Message having a FALSE refreshDone value. In the case that both the
+ phases are used, the present phase is used to bring the client copy up
+ to the state at which the subsequent delete phase can begin.
+
+ In the present phase, the server sends an empty entry (i.e., no
+ attributes) with a Sync State Control indicating state present for
+ each unchanged entry.
+
+ The delete phase may be used when the server can reliably determine
+ which entries in the prior client copy are no longer present in the
+ content and the number of such entries is less than or equal to the
+ number of unchanged entries. In the delete mode, the server sends an
+ empty entry with a Sync State Control indicating state delete for each
+ entry which is no longer in the content, instead of returning an empty
+ entry with state present for each present entry.
+
+ The server may send syncIdSet Sync Info Messages containing the set of
+ UUIDs of either unchanged present entries or deleted entries, instead
+ of sending multiple individual messages. If refreshDeletes of
+ syncIdSet is set to FALSE, the UUIDs of unchanged present entries are
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 6]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ contained in the syncUUIDs set; if refreshDeletes of syncIdSet is set
+ to TRUE, the UUIDs of the entries no longer present in the content are
+ contained in the syncUUIDs set. An optional cookie can be included in
+ the syncIdSet to represent the state of the content after
+ synchronizing the presence or the absence of the entries contained in
+ the syncUUIDs set.
+
+ The synchronized copy of the DIT fragment is constructed by the
+ client.
+
+ If refreshDeletes of syncDoneValue is FALSE, the new copy includes all
+ changed entries returned by the reissued Sync Operation as well as all
+ unchanged entries identified as being present by the reissued Sync
+ Operation, but whose content is provided by the previous Sync
+ Operation. The unchanged entries not identified as being present are
+ deleted from the client content. They had been either deleted, moved,
+ or otherwise scoped-out from the content.
+
+ If refreshDeletes of syncDoneValue is TRUE, the new copy includes all
+ changed entries returned by the reissued Sync Operation as well as all
+ other entries of the previous copy except for those which are
+ identified as having been deleted from the content.
+
+ The client can, at some later time, re-poll for changes to this
+ synchronized client copy.
+
+
+1.3.2. Listening for Changes (refreshAndPersist)
+
+ Polling for changes can be expensive in terms of server, client, and
+ network resources. The refreshAndPersist mode allows for active
+ updates of changed entries in the content.
+
+ By selecting the refreshAndPersist mode, the client requests the
+ server to send updates of entries that are changed after the initial
+ refresh content is determined. Instead of sending a SearchResultDone
+ Message as in polling, the server sends a Sync Info Message to the
+ client indicating that the refresh stage is complete and then enters
+ the persist stage. After receipt of this Sync Info Message, the
+ client will construct a synchronized copy as described in Section
+ 1.3.1.
+
+ The server may then send change notifications as the result of the
+ original Sync search request which now remains persistent in the
+ server. For entries to be added to the returned content, the server
+ sends a SearchResultEntry (with attributes) with a Sync State Control
+ indicating state add. For entries to be deleted from the content, the
+ server sends a SearchResultEntry containing no attributes and a Sync
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 7]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ State Control indicating state delete. For entries to be modified in
+ the return content, the server sends a SearchResultEntry (with
+ attributes) with a Sync State Control indicating state modify. Upon
+ modification of an entry, all (modified or unmodified) attributes
+ belonging to the content are sent.
+
+ Note that renaming an entry of the DIT may cause an add state change
+ where the entry is renamed into the content, a delete state change
+ where the entry is renamed out of the content, and a modify state
+ change where the entry remains in the content. Also note that a
+ modification of an entry of the DIT may cause an add, delete, or
+ modify state change to the content.
+
+ Upon receipt of a change notification, the client updates its copy of
+ the content.
+
+ If the server desires to update the syncCookie during the persist
+ stage, it may include the syncCookie in any Sync State Control or Sync
+ Info Message returned.
+
+ The operation persists until canceled [CANCEL] by the client or
+ terminated by the server. A Sync Done Control shall be attached to
+ SearchResultDone Message to provide a new syncCookie.
+
+
+1.4. Conventions
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+ Protocol elements are described using ASN.1 [X.680] with implicit
+ tags. The term "BER-encoded" means the element is to be encoded using
+ the Basic Encoding Rules [X.690] under the restrictions detailed in
+ Section 5.1 of [RFC2251].
+
+
+2. Elements of the Sync Operation
+
+ The Sync Operation is defined as an extension to the LDAP Search
+ Operation [RFC2251] where the directory user agent (DUA or client)
+ submits a SearchRequest Message with a Sync Request Control and the
+ directory system agent (DSA or server) responses with zero or more
+ SearchResultEntry Messages, each with a Sync State Control; zero or
+ more SearchResultReference Messages, each with a Sync State Control;
+ zero or more Sync Info Intermediate Response Messages; and a
+ SearchResultDone Message with a Sync Done Control.
+
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 8]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ To allow clients to discover support for this operation, servers
+ implementing this operation SHOULD publish the
+ 1.3.6.1.4.1.4203.1.9.1.1 as a value of 'supportedControl' attribute
+ [RFC2252] of the root DSA-specific entry (DSE). A server MAY choose
+ to advertise this extension only when the client is authorized to use
+ it.
+
+
+2.1 Common ASN.1 Elements
+
+2.1.1 syncUUID
+
+ The syncUUID data type is an OCTET STRING holding a 128-bit (16-octet)
+ Universally Unique Identifier (UUID) [UUID].
+
+ syncUUID ::= OCTET STRING (SIZE(16))
+ -- constrained to UUID
+
+
+2.1.2 syncCookie
+
+ The syncCookie is a notational convenience to indicate that, while the
+ syncCookie type is encoded as an OCTET STRING, its value is an opaque
+ value containing information about the synchronization session and its
+ state. Generally, the session information would include a hash of the
+ operation parameters which the server requires not be changed and the
+ synchronization state information would include a commit (log)
+ sequence number, a change sequence number, or a time stamp. For
+ convenience of description, the term no cookie refers either to null
+ cookie or to a cookie with pre-initialized synchronization state.
+
+ syncCookie ::= OCTET STRING
+
+
+2.2 Sync Request Control
+
+ The Sync Request Control is an LDAP Control [RFC2251, Section 4.1.2]
+ where the controlType is the object identifier
+ 1.3.6.1.4.1.4203.1.9.1.1 and the controlValue, an OCTET STRING,
+ contains a BER-encoded syncRequestValue. The criticality field is
+ either TRUE or FALSE.
+
+ syncRequestValue ::= SEQUENCE {
+ mode ENUMERATED {
+ -- 0 unused
+ refreshOnly (1),
+ -- 2 reserved
+ refreshAndPersist (3)
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 9]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ },
+ cookie syncCookie OPTIONAL,
+ reloadHint BOOLEAN DEFAULT FALSE
+ }
+
+ The Sync Request Control is only applicable to the SearchRequest
+ Message.
+
+
+2.3 Sync State Control
+
+ The Sync State Control is an LDAP Control [RFC2251, Section 4.1.2]
+ where the controlType is the object identifier
+ 1.3.6.1.4.1.4203.1.9.1.2 and the controlValue, an OCTET STRING,
+ contains a BER-encoded syncStateValue. The criticality is FALSE.
+
+ syncStateValue ::= SEQUENCE {
+ state ENUMERATED {
+ present (0),
+ add (1),
+ modify (2),
+ delete (3)
+ },
+ entryUUID syncUUID,
+ cookie syncCookie OPTIONAL
+ }
+
+ The Sync State Control is only applicable to SearchResultEntry and
+ SearchResultReference Messages.
+
+
+2.4 Sync Done Control
+
+ The Sync Done Control is an LDAP Control [RFC2251, Section 4.1.2]
+ where the controlType is the object identifier
+ 1.3.6.1.4.1.4203.1.9.1.3 and the controlValue contains a BER-encoded
+ syncDoneValue. The criticality is FALSE (and hence absent).
+
+ syncDoneValue ::= SEQUENCE {
+ cookie syncCookie OPTIONAL,
+ refreshDeletes BOOLEAN DEFAULT FALSE
+ }
+
+ The Sync Done Control is only applicable to SearchResultDone Message.
+
+
+2.5 Sync Info Message
+
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 10]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ The Sync Info Message is an LDAP Intermediate Response Message
+ [LDAPIRM] where responseName is the object identifier
+ 1.3.6.1.4.1.4203.1.9.1.4 and responseValue contains a BER-encoded
+ syncInfoValue. The criticality is FALSE (and hence absent).
+
+ syncInfoValue ::= CHOICE {
+ newcookie [0] syncCookie,
+ refreshDelete [1] SEQUENCE {
+ cookie syncCookie OPTIONAL,
+ refreshDone BOOLEAN DEFAULT TRUE
+ },
+ refreshPresent [2] SEQUENCE {
+ cookie syncCookie OPTIONAL,
+ refreshDone BOOLEAN DEFAULT TRUE
+ },
+ syncIdSet [3] SEQUENCE {
+ cookie syncCookie OPTIONAL,
+ refreshDeletes BOOLEAN DEFAULT FALSE,
+ syncUUIDs SET OF syncUUID
+ }
+ }
+
+
+2.6 Sync Result Codes
+
+ The following LDAP resultCode [RFC2251] is defined:
+
+ e-syncRefreshRequired (IANA-ASSIGNED-CODE)
+
+
+3. Content Synchronization
+
+ The Sync Operation is invoked by the client sending a SearchRequest
+ Message with a Sync Request Control.
+
+ The absence of a cookie or an initialized synchronization state in a
+ cookie indicates a request for initial content while the presence of a
+ cookie representing a state of a client copy indicates a request for
+ content update. Synchronization Sessions are discussed in Section
+ 3.1. Content Determination is discussed in Section 3.2.
+
+ The mode is either refreshOnly or refreshAndPersist. The refreshOnly
+ and refreshAndPersist modes are discussed in Section 3.3 and Section
+ 3.4, respectively. The refreshOnly mode consists only of a refresh
+ stage, while the refreshAndPersist mode consists of a refresh stage
+ and a subsequent persist stage.
+
+
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 11]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+3.1. Synchronization Session
+
+ A sequence of Sync Operations where the last cookie returned by the
+ server for one operation is provided by the client in the next
+ operation are said to belong to the same Synchronization Session.
+
+ The client MUST specify the same content controlling parameters (see
+ Section 3.5) in each Search Request of the session. The client SHOULD
+ also issue each Sync request of a session under the same
+ authentication and authorization associations with equivalent
+ integrity and protections. If the server does not recognize the
+ request cookie or the request is made under different associations or
+ non-equivalent protections, the server SHALL return the initial
+ content as if no cookie had been provided or return an empty content
+ with the e-syncRefreshRequired LDAP result code. The decision between
+ the return of the initial content and the return of the empty content
+ with the e-syncRefreshRequired result code MAY be based on reloadHint
+ in the Sync Request Control from the client. If the server recognizes
+ the request cookie as representing empty or initial synchronization
+ state of the client copy, the server SHALL return the initial content.
+
+ A Synchronization Session may span multiple LDAP sessions between the
+ client and the server. The client SHOULD issue each Sync request of a
+ session to the same server. (Note: Shadowing considerations are
+ discussed in Section 6.)
+
+
+3.2. Content Determination
+
+ The content to be provided is determined by parameters of the Search
+ Request, as described in [RFC2251], and possibly other controls. The
+ same content parameters SHOULD be used in each Sync request of a
+ session. If different content is requested and the server is
+ unwilling or unable to process the request, the server SHALL return
+ the initial content as if no cookie had been provided or return an
+ empty content with the e-syncRefreshRequired LDAP result code. The
+ decision between the return of the initial content and the return of
+ the empty content with the e-syncRefreshRequired result code MAY be
+ based on reloadHint in the Sync Request Control from the client.
+
+ The content may not necessarily include all entries or references
+ which would be returned by a normal search operation nor, for those
+ entries included, not all attributes returned by a normal search.
+ When the server is unwilling or unable to provide synchronization for
+ any attribute for a set of entries, the server MUST treat all filter
+ components matching against these attributes as Undefined and MUST NOT
+ return these attributes in SearchResultEntry responses.
+
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 12]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ Servers SHOULD support synchronization for all non-collective
+ user-application attributes for all entries.
+
+ The server may also return continuation references to other servers or
+ to itself. The latter is allowed as the server may partition the
+ entries it holds into separate synchronization contexts.
+
+ The client may chase all or some of these continuations, each as a
+ separate content synchronization session.
+
+
+3.3. refreshOnly Mode
+
+ A Sync request with mode refreshOnly and with no cookie is a poll for
+ initial content. A Sync request with mode refreshOnly and with a
+ cookie representing a synchronization state is a poll for content
+ update.
+
+
+3.3.1. Initial Content Poll
+
+ Upon receipt of the request, the server provides the initial content
+ using a set of zero or more SearchResultEntry and
+ SearchResultReference Messages followed by a SearchResultDone Message.
+
+ Each SearchResultEntry Message SHALL include a Sync State Control of
+ state add, entryUUID containing the entry's UUID, and no cookie. Each
+ SearchResultReference Message SHALL include a Sync State Control of
+ state add, entryUUID containing the UUID associated with the reference
+ (normally the UUID of the associated named referral [RFC3296] object),
+ and no cookie. The SearchResultDone Message SHALL include a Sync Done
+ Control having refreshDeletes set to FALSE.
+
+ A resultCode value of success indicates the operation successfully
+ completed. Otherwise, the result code indicates the nature of
+ failure. The server may return e-syncRefreshRequired result code on
+ the initial content poll if it is safe to do so when it is unable to
+ perform the operation due to various reasons. reloadHint is set to
+ FALSE in the SearchRequest Message requesting the initial content
+ poll.
+
+ If the operation is successful, a cookie representing the
+ synchronization state of the current client copy SHOULD be returned
+ for use in subsequent Sync Operations.
+
+
+3.3.2. Content Update Poll
+
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 13]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ Upon receipt of the request the server provides the content refresh
+ using a set of zero or more SearchResultEntry and
+ SearchResultReference Messages followed by a SearchResultDone Message.
+
+ The server is REQUIRED to either:
+ a) provide the sequence of messages necessary for eventual
+ convergence of the client's copy of the content to the server's
+ copy,
+
+ b) treat the request as an initial content request (e.g., ignore
+ the cookie or the synchronization state represented in the
+ cookie),
+
+ c) indicate that the incremental convergence is not possible by
+ returning e-syncRefreshRequired,
+
+ d) return a resultCode other than success or
+ e-syncRefreshRequired.
+
+ A Sync Operation may consist of a single present phase, a single
+ delete phase, or a present phase followed by a delete phase.
+
+ In each phase, for each entry or reference which has been added to the
+ content or been changed since the previous Sync Operation indicated by
+ the cookie, the server returns a SearchResultEntry or
+ SearchResultReference Message, respectively, each with a Sync State
+ Control consisting of state add, entryUUID containing the UUID of the
+ entry or reference, and no cookie. Each SearchResultEntry Message
+ represents the current state of a changed entry. Each
+ SearchResultReference Message represents the current state of a
+ changed reference.
+
+ In the present phase, for each entry which has not been changed since
+ the previous Sync Operation, an empty SearchResultEntry is returned
+ whose objectName reflects the entry's current DN, the attributes field
+ is empty, and a Sync State Control consisting of state present,
+ entryUUID containing the UUID of the entry, and no cookie. For each
+ reference which has not been changed since the previous Sync
+ Operation, an empty SearchResultReference containing an empty SEQUENCE
+ OF LDAPURL is returned with a Sync State Control consisting of state
+ present, entryUUID containing the UUID of the entry, and no cookie.
+ No messages are sent for entries or references which are no longer in
+ the content.
+
+ Multiple empty entries with a Sync State Control of state present
+ SHOULD be coalesced into one or more Sync Info Messages of syncIdSet
+ value with refreshDeletes set to FALSE. syncUUIDs contain a set of
+ UUIDs of the entries and references unchanged since the last Sync
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 14]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ Operation. syncUUIDs may be empty. The Sync Info Message of
+ syncIdSet may contain cookie to represent the state of the content
+ after performing the synchronization of the entries in the set.
+
+ In the delete phase, for each entry no longer in the content, the
+ server returns a SearchResultEntry whose objectName reflects a past DN
+ of the entry or is empty, the attributes field is empty, and a Sync
+ State Control consisting of state delete, entryUUID containing the
+ UUID of the deleted entry, and no cookie. For each reference no
+ longer in the content, a SearchResultReference containing an empty
+ SEQUENCE OF LDAPURL is returned with a Sync State Control consisting
+ of state delete, entryUUID containing the UUID of the deleted
+ reference, and no cookie.
+
+ Multiple empty entries with a Sync State Control of state delete
+ SHOULD be coalesced into one or more Sync Info Messages of syncIdSet
+ value with refreshDeletes set to TRUE. syncUUIDs contain a set of
+ UUIDs of the entries and references which has been deleted from the
+ content since the last Sync Operation. syncUUIDs may be empty. The
+ Sync Info Message of syncIdSet may contain cookie to represent the
+ state of the content after performing the synchronization of the
+ entries in the set.
+
+ When a present phase is followed by a delete phase, the two phases are
+ delimited by a Sync Info Message containing syncInfoValue of
+ refreshPresent, which may contain cookie representing the state after
+ completing the present phase. The refreshPresent contains refreshDone
+ which is always FALSE in the refreshOnly mode of Sync Operation
+ because it is followed by a delete phase.
+
+ If a Sync Operation consists of a single phase, each phase and hence
+ the Sync Operation are marked ended by a SearchResultDone Message with
+ Sync Done Control which SHOULD contain cookie representing the state
+ of the content after completing the Sync Operation. The Sync Done
+ Control contains refreshDeletes which is set to FALSE for the present
+ phase and set to TRUE for the delete phase.
+
+ If a Sync Operation consists of a present phase followed by a delete
+ phase, the Sync Operation are marked ended at the end of the delete
+ phase by a SearchResultDone Message with Sync Done Control which
+ SHOULD contain cookie representing the state of the content after
+ completing the Sync Operation. The Sync Done Control contains
+ refreshDeletes which is set to TRUE.
+
+ The client can specify whether it prefers to receive an initial
+ content by supplying reloadHint of TRUE or to receive a
+ e-syncRefreshRequired resultCode by supplying reloadHint of FALSE
+ (hence absent), in the case that the server determines that it is
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 15]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ impossible or inefficient to achieve the eventual convergence by
+ continuing the current incremental synchronization thread.
+
+ A resultCode value of success indicates the operation is successfully
+ completed. A resultCode value of e-syncRefreshRequired indicates that
+ a full or partial refresh is needed. Otherwise, the result code
+ indicates the nature of failure. A cookie is provided in the Sync
+ Done Control for use in subsequent Sync Operations for incremental
+ synchronization.
+
+
+3.4. refreshAndPersist Mode
+
+ A Sync request with mode refreshAndPersist asks for initial content or
+ content update (during the refresh stage) followed by change
+ notifications (during the persist stage).
+
+
+3.4.1. refresh Stage
+
+ The content refresh is provided as described in Section 3.3 excepting
+ that the successful completion of content refresh is indicated by
+ sending a Sync Info Message of refreshDelete or refreshPresent with a
+ refreshDone value set to TRUE instead of a SearchResultDone Message
+ with resultCode success. A cookie SHOULD be returned in the Sync Info
+ Message to represent the state of the content after finishing the
+ refresh stage of the Sync Operation.
+
+
+3.4.2. persist Stage
+
+ Change notifications are provided during the persist stage.
+
+ As updates are made to the DIT the server notifies the client of
+ changes to the content. DIT updates may cause entries and references
+ to be added to the content, deleted from the content, or modified
+ within the content. DIT updates may also cause references to be
+ added, deleted, or modified within the content.
+
+ Where DIT updates cause an entry to be added to the content, the
+ server provides a SearchResultEntry Message which represents the entry
+ as it appears in the content. The message SHALL include a Sync State
+ Control with state of add, entryUUID containing the entry's UUID, and
+ an optional cookie.
+
+ Where DIT updates cause a reference to be added to the content, the
+ server provides a SearchResultReference Message which represents the
+ reference in the content. The message SHALL include a Sync State
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 16]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ Control with state of add, entryUUID containing the UUID associated
+ with the reference, and an optional cookie.
+
+ Where DIT updates cause an entry to be modified within the content,
+ the server provides a SearchResultEntry Message which represents the
+ entry as it appears in the content. The message SHALL include a Sync
+ State Control with state of modify, entryUUID containing the entry's
+ UUID, and an optional cookie.
+
+ Where DIT updates cause a reference to be modified within the content,
+ the server provides a SearchResultEntry Message which represents the
+ reference in the content. The message SHALL include a Sync State
+ Control with state of modify, entryUUID containing the UUID associated
+ with the reference, and an optional cookie.
+
+ Where DIT updates cause an entry to be deleted from the content, the
+ server provides a SearchResultReference Message with an empty SEQUENCE
+ OF LDAPURL. The message SHALL include a Sync State Control with state
+ of delete, entryUUID containing the UUID associated with the
+ reference, and an optional cookie.
+
+ Where DIT updates cause a reference to be deleted from the content,
+ the server provides a SearchResultEntry Message with no attributes.
+ The message SHALL include a Sync State Control with state of delete,
+ entryUUID containing the entry's UUID, and an optional cookie.
+
+ Multiple empty entries with a Sync State Control of state delete
+ SHOULD be coalesced into one or more Sync Info Messages of syncIdSet
+ value with refreshDeletes set to TRUE. syncUUIDs contain a set of
+ UUIDs of the entries and references which has been deleted from the
+ content. The Sync Info Message of syncIdSet may contain cookie to
+ represent the state of the content after performing the
+ synchronization of the entries in the set.
+
+ With each of these messages, the server may provide a new cookie to be
+ used in subsequent Sync Operations. Additionally, the server may also
+ return Sync Info Messages of choice newCookie to provide a new cookie.
+ The client SHOULD use the newest (last) cookie it received from the
+ server in subsequent Sync Operations.
+
+
+3.5. Search Request Parameters
+
+ As stated in Section 3.1, the client SHOULD specify the same content
+ controlling parameters in each Search Request of the session. All
+ fields of the SearchRequest Message are considered content controlling
+ parameters except for sizeLimit and timeLimit.
+
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 17]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+3.5.1. baseObject
+
+ As with the normal search operation, the refresh and persist stages
+ are not isolated from DIT changes. It is possible that the entry
+ referred to by the baseObject is deleted, renamed, or moved. It is
+ also possible that alias object used in finding the entry referred to
+ by the baseObject is changed such that the baseObject refers to a
+ different entry.
+
+ If the DIT is updated during processing of the Sync Operation in a
+ manner that causes the baseObject to no longer refer to any entry or
+ in a manner that changes the entry the baseObject refers to, the
+ server SHALL return an appropriate non-success result code such as
+ noSuchObject, aliasProblem, aliasDereferencingProblem, referral, or
+ e-syncRefreshRequired.
+
+
+3.5.2. derefAliases
+
+ This operation does not support alias dereferencing during searching.
+ The client SHALL specify neverDerefAliases or derefFindingBaseObj for
+ the SearchRequest derefAliases parameter. The server SHALL treat
+ other values (e.g., derefInSearching, derefAlways) as protocol errors.
+
+
+3.5.3. sizeLimit
+
+ The sizeLimit applies only to entries (regardless of their state in
+ Sync State Control) returned during the refreshOnly operation or the
+ refresh stage of the refreshAndPersist operation.
+
+
+3.5.4. timeLimit
+
+ For a refreshOnly Sync Operation, the timeLimit applies to the whole
+ operation. For a refreshAndPersist operation, the timeLimit applies
+ only to the refresh stage including the generation of the Sync Info
+ Message with a refreshDone value of TRUE.
+
+
+3.5.5. filter
+
+ The client SHOULD avoid filter assertions which apply to the values of
+ the attributes likely to be considered by the server as ones holding
+ meta-information. See Section 4.
+
+
+3.6. objectName
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 18]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ The Sync Operation uses entryUUID values provided in the Sync State
+ Control as the primary keys to entries. The client MUST use these
+ entryUUIDs to correlate synchronization messages.
+
+ In some circumstances the DN returned may not reflect the entry's
+ current DN. In particular, when the entry is being deleted from the
+ content, the server may provide an empty DN if the server does not
+ wish to disclose the entry's current DN (or, if deleted from the DIT,
+ the entry's last DN).
+
+ It should also be noted that the entry's DN may be viewed as meta
+ information (see Section 4.1).
+
+
+3.7. Canceling the Sync Operation
+
+ Servers MUST implement the LDAP Cancel [CANCEL] Operation and support
+ cancellation of outstanding Sync Operations as described here.
+
+ To cancel an outstanding Sync Operation, the client issues an LDAP
+ Cancel [CANCEL] Operation.
+
+ If at any time the server becomes unwilling or unable to continue
+ processing a Sync Operation, the server SHALL return a
+ SearchResultDone with a non-success resultCode indicating the reason
+ for the termination of the operation.
+
+ Whether the client or the server initiated the termination, the server
+ may provide a cookie in the Sync Done Control for use in subsequent
+ Sync Operations.
+
+
+3.8. Refresh Required
+
+ In order to achieve the eventually-convergent synchronization, the
+ server may terminate the Sync Operation in the refresh or the persist
+ stage by returning a e-syncRefreshRequired resultCode to the client.
+ If no cookie is provided, a full refresh is needed. If a cookie
+ representing a synchronization state is provided in this response, an
+ incremental refresh is needed.
+
+ To obtain a full refresh, the client then issues a new synchronization
+ request with no cookie. To obtain an incremental reload, the client
+ issues a new synchronization with the provided cookie.
+
+ The server may choose to provide a full copy in the refresh stage
+ (e.g., ignore the cookie or the synchronization state represented in
+ the cookie) instead of providing an incremental refresh in order to
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 19]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ achieve the eventual convergence.
+
+ The decision between the return of the initial content and the return
+ of the e-syncRefreshRequired result code may be based on reloadHint in
+ the Sync Request Control from the client.
+
+ In the case of persist stage Sync, the server returns the resultCode
+ of e-syncRefreshRequired to the client to indicate that the client
+ needs to issue a new Sync Operation in order to obtain a synchronized
+ copy of the content. If no cookie is provided, a full refresh is
+ needed. If a cookie representing a synchronization state is provided,
+ an incremental refresh is needed.
+
+ The server may also return e-syncRefreshRequired if it determines that
+ a refresh would be more efficient than sending all the messages
+ required for convergence.
+
+ It is noted that the client may receive one or more of
+ SearchResultEntry, SearchResultReference, and/or Sync Info Messages
+ before it receives SearchResultDone Message with the
+ e-syncRefreshRequired result code.
+
+
+3.9. Chattiness Considerations
+
+ The server MUST ensure that the number of entry messages generated to
+ refresh the client content does not exceed the number of entries
+ presently in the content. While there is no requirement for servers
+ to maintain history information, if the server has sufficient history
+ to allow it to reliably determine which entries in the prior client
+ copy are no longer present in the content and the number of such
+ entries is less than or equal to the number of unchanged entries, the
+ server SHOULD generate delete entry messages instead of present entry
+ messages (see Section 3.3.2).
+
+ When the amount of history information maintained in the server is not
+ enough for the clients to perform infrequent refreshOnly Sync
+ Operations, it is likely that the server has incomplete history
+ information (e.g. due to truncation) by the time those clients connect
+ again.
+
+ The server SHOULD NOT resort to full reload when the history
+ information is not enough to generate delete entry messages. The
+ server SHOULD generate either present entry messages only or present
+ entry messages followed by delete entry messages to bring the client
+ copy to the current state. In the latter case, the present entry
+ messages bring the client copy to a state covered by the history
+ information maintained in the server.
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 20]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ The server SHOULD maintain enough (current or historical) state
+ information (such as a context-wide last modify time stamp) to
+ determine if no changes were made in the context since the content
+ refresh was provided and, and when no changes were made, generate zero
+ delete entry messages instead of present messages.
+
+ The server SHOULD NOT use the history information when its use does
+ not reduce the synchronization traffic or when its use can expose
+ sensitive information not allowed to be received by the client.
+
+ The server implementor should also consider chattiness issues which
+ span multiple Sync Operations of a session. As noted in Section 3.8,
+ the server may return e-syncRefreshRequired if it determines that a
+ reload would be more efficient than continuing under the current
+ operation. If reloadHint in the Sync Request is TRUE, the server may
+ initiate a reload without directing the client to request a reload.
+
+ The server SHOULD transfer a new cookie frequently to avoid having to
+ transfer information already provided to the client. Even where DIT
+ changes do not cause content synchronization changes to be
+ transferred, it may be advantageous to provide a new cookie using a
+ Sync Info Message. However, the server SHOULD avoid overloading the
+ client or network with Sync Info Messages.
+
+ During persist mode, the server SHOULD coalesce multiple outstanding
+ messages updating the same entry. The server MAY delay generation of
+ an entry update in anticipation of subsequent changes to that entry
+ which could be coalesced. The length of the delay should be long
+ enough to allow coalescing of update requests issued back to back but
+ short enough that the transient inconsistency induced by the delay is
+ corrected in a timely manner.
+
+ The server SHOULD use syncIdSet Sync Info Message when there are
+ multiple delete or present messages to reduce the amount of
+ synchronization traffic.
+
+ It is also noted that there may be many clients interested in a
+ particular directory change, and servers attempting to service all of
+ these at once may cause congestion on the network. The congestion
+ issues are magnified when the change requires a large transfer to each
+ interested client. Implementors and deployers of servers should take
+ steps to prevent and manage network congestion.
+
+
+3.10. Operation Multiplexing
+
+ The LDAP protocol model [RFC2251] allows operations to be multiplexed
+ over a single LDAP session. Clients SHOULD NOT maintain multiple LDAP
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 21]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ sessions with the same server. Servers SHOULD ensure that responses
+ from concurrently processed operations are interleaved fairly.
+
+ Clients SHOULD combine Sync Operations whose result set is largely
+ overlapping. This avoids having to return multiple messages, once for
+ each overlapping session, for changes to entries in the overlap.
+
+ Clients SHOULD NOT combine Sync Operations whose result sets are
+ largely non-overlapping with each other. This ensures that an event
+ requiring a e-syncRefreshRequired response can be limited to as few
+ result sets as possible.
+
+
+4. Meta Information Considerations
+
+4.1. Entry DN
+
+ As an entry's DN is constructed from its relative DN (RDN) and the
+ entry's parent's DN, it is often viewed as meta information.
+
+ While renaming or moving to a new superior causes the entry's DN to
+ change, that change SHOULD NOT, by itself, cause synchronization
+ messages to be sent for that entry. However, if the renaming or the
+ moving could cause the entry to be added or deleted from the content,
+ appropriate synchronization messages should be generated to indicate
+ this to the client.
+
+ When a server treats the entry's DN as meta information, the server
+ SHALL either
+
+ - evaluate all MatchingRuleAssertions [RFC2251] to TRUE if
+ matching a value of an attribute of the entry and otherwise
+ Undefined, or
+ - evaluate all MatchingRuleAssertion with dnAttributes of TRUE as
+ Undefined.
+
+ The latter choice is offered for ease of server implementation.
+
+
+4.2. Operational Attributes
+
+ Where values of an operational attribute is determined by values not
+ held as part of the entry it appears in, the operational attribute
+ SHOULD NOT support synchronization of that operational attribute.
+
+ For example, in servers which implement X.501 subschema model [X.501],
+ servers should not support synchronization of the subschemaSubentry
+ attribute as its value is determined by values held and administrated
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 22]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ in subschema subentries.
+
+ As a counter example, servers which implement aliases [RFC2256][X.501]
+ can support synchronization of the aliasedObjectName attribute as its
+ values are held and administrated as part of the alias entries.
+
+ Servers SHOULD support synchronization of the following operational
+ attributes: createTimestamp, modifyTimestamp, creatorsName,
+ modifiersName [RFC2252]. Servers MAY support synchronization of other
+ operational attributes.
+
+
+4.3. Collective Attributes
+
+ A collective attribute is "a user attribute whose values are the same
+ for each member of an entry collection" [X.501]. Use of collective
+ attributes in LDAP is discussed in [RFC3371].
+
+ Modification of a collective attribute generally affects the content
+ of multiple entries, which are the members of the collection. It is
+ inefficient to include values of collective attributes visible in
+ entries of the collection, as a single modification of a collective
+ attribute requires transmission of multiple SearchResultEntry (one for
+ each entry of the collection which the modification affected) to be
+ transmitted.
+
+ Servers SHOULD NOT synchronize collective attributes appearing in
+ entries of any collection. Servers MAY support synchronization of
+ collective attributes appearing in collective attribute subentries.
+
+
+4.4. Access and Other Administrative Controls
+
+ Entries are commonly subject to access and other administrative
+ Controls. While portions of the policy information governing a
+ particular entry may be held in the entry, policy information is often
+ held elsewhere (in superior entries, in subentries, in the root DSE,
+ in configuration files etc.). Because of this, changes to policy
+ information make it difficult to ensure eventual convergence during
+ incremental synchronization.
+
+ Where it is impractical or infeasible to generate content changes
+ resulting from a change to policy information, servers may opt to
+ return e-syncRefreshRequired or treat the Sync Operation as an initial
+ content request (e.g., ignore the cookie or the synchronization state
+ represented in the cookie).
+
+
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 23]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+5. Interaction with Other Controls
+
+ The Sync Operation may be used with:
+
+ - ManageDsaIT Control [RFC3296]
+ - Subentries Control [RFC3672]
+
+ as described below. The Sync Operation may be used with other LDAP
+ extensions as detailed in other documents.
+
+
+5.1. ManageDsaIT Control
+
+ The ManageDsaIT Control [RFC3296] indicates that the operation acts
+ upon the DSA Information Tree and causes referral and other special
+ entries to be treated as object entries with respect to the operation.
+
+
+5.2. Subentries Control
+
+ The Subentries Control is used with the search operation "to control
+ the visibility of entries and subentries which are within scope"
+ [RFC3672]. When used with the Sync Operation, the subentries control
+ and other factors (search scope, filter, etc.) are used to determine
+ whether an entry or subentry appear in the content or not.
+
+
+6. Shadowing Considerations
+
+ As noted in [RFC2251], some servers may hold shadow copies of entries
+ which can be used to answer search and comparison queries. Such
+ servers may also support content synchronization requests. This
+ section discusses considerations for implementors and deployers for
+ the implementation and deployment of the Sync operation in shadowed
+ directories.
+
+ While a client may know of multiple servers which are equally capable
+ of being used to obtain particular directory content from, a client
+ SHOULD NOT assume that each of these server is equally capable of
+ continuing a content synchronization session. As stated in Section
+ 3.1, the client SHOULD issue each Sync request of a Sync session to
+ the same server.
+
+ However, through domain naming or IP address redirection or other
+ techniques, multiple physical servers can be made to appear as one
+ logical server to a client. Only servers which are equally capable in
+ regards to their support for the Sync operation and which hold equally
+ complete copies of the entries should be made to appear as one logical
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 24]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ server. In particular, each physical server acting as one logical
+ server SHOULD be equally capable of continuing a content
+ synchronization based upon cookies provided by any of the other
+ physical servers without requiring a full reload. Because there is no
+ standard LDAP shadowing mechanism, the specification of how to
+ independently implement equally capable servers (as well as the
+ precise definition of "equally capable") is left to future documents.
+
+ It is noted that it may be difficult for the server to reliably
+ determine what content was provided to the client by another server,
+ especially in the shadowing environments which allow shadowing events
+ to be coalesced. Where so, the use of the delete phase discussed in
+ Section 3.3.2 may not be applicable.
+
+
+7. Security Considerations
+
+ In order to maintain a synchronized copy of the content, a client is
+ to delete information from its copy of the content as described above.
+ However, the client may maintain knowledge of information disclosed to
+ it by the server separate from its copy of the content used for
+ synchronization. Management of this knowledge is beyond the scope of
+ this document. Servers should be careful not to disclose information
+ for content which the client is not authorized to have knowledge of
+ and/or about.
+
+ While the information provided by a series of refreshOnly Sync
+ Operations is similar to that provided by a series of Search
+ Operations, persist stage may disclose additional information. A
+ client may be able to discern information about the particular
+ sequence of update operations which caused content change.
+
+ Implementors should take precautions against malicious cookie content,
+ including malformed cookies or valid cookies used with different
+ security associations and/or protections in attempt to obtain
+ unauthorized access to information. Servers may include a digital
+ signature in the cookie to detect tampering.
+
+ The operation may be the target of direct denial of service attacks.
+ Implementors should provide safeguards to ensure the operation is not
+ abused. Servers may place access control or other restrictions upon
+ the use of this operation.
+
+ It is noted that even small updates to the directory may cause
+ significant amount of traffic to be generated to clients using this
+ operation. A user could abuse its update privileges to mount an
+ indirect denial of service to these clients, other clients, and/or
+ portions of the network. Servers should provide safeguards to ensure
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 25]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ update operations are not abused.
+
+ Implementors of this (or any) LDAP extension should be familiar with
+ general LDAP security considerations [RFC3377].
+
+
+8. IANA Considerations
+
+ Registration of the following values is requested.
+
+ The OID arc 1.3.6.1.4.1.4203.1.9.1 was assigned [ASSIGN] by OpenLDAP
+ Foundation, under its IANA-assigned private enterprise allocation
+ [PRIVATE], for use in this specification.
+
+
+8.2. LDAP Protocol Mechanism
+
+ It is requested that IANA register the LDAP Protocol Mechanism
+ described in this document.
+
+ Subject: Request for LDAP Protocol Mechanism Registration
+ Object Identifier: 1.3.6.1.4.1.4203.1.9.1.1
+ Description: LDAP Content Synchronization Control
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at openldap.org>
+ Usage: Control
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+8.3. LDAP Result Codes
+
+ It is requested that IANA register the LDAP Result Code described in
+ this document.
+
+ Subject: LDAP Result Code Registration
+ Person & email address to contact for further information:
+ Kurt Zeilenga <kurt at OpenLDAP.org>
+ Result Code Name: e-syncRefreshRequired (IANA-ASSIGNED-CODE)
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
+ Comments: none
+
+
+9. Acknowledgments
+
+ This document borrows significantly from the LDAP Client Update
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 26]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ Protocol [LCUP], a product of the IETF LDUP working group. This
+ document also benefited from Persistent Search [PSEARCH], Triggered
+ Search [TSEARCH], and Directory Synchronization [DIRSYNC] works. This
+ document also borrows from "Lightweight Directory Access Protocol
+ (v3)" [RFC2251].
+
+
+10. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14 (also RFC 2119), March 1997.
+
+ [RFC2251] Wahl, M., T. Howes and S. Kille, "Lightweight Directory
+ Access Protocol (v3)", RFC 2251, December 1997.
+
+ [RFC2252] Wahl, M., A. Coulbeck, T. Howes, and S. Kille,
+ "Lightweight Directory Access Protocol (v3): Attribute
+ Syntax Definitions", RFC 2252, December 1997.
+
+ [RFC3296] Zeilenga, K., "Named Subordinate References in
+ Lightweight Directory Access Protocol (LDAP)
+ Directories", RFC 3296, July 2002.
+
+ [RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access
+ Protocol (v3): Technical Specification", RFC 3377,
+ September 2002.
+
+ [RFC3671] Zeilenga, K., "Collective Attributes in LDAP", RFC 3671,
+ December 2003.
+
+ [RFC3672] Zeilenga, K. and S. Legg, "Subentries in LDAP", RFC
+ 3672, December 2003.
+
+ [CANCEL] Zeilenga, K., "LDAP Cancel Extended Operation",
+ draft-zeilenga-ldap-cancel-xx.txt, a work in progress.
+ [EntryUUID] Zeilenga, K., "The LDAP EntryUUID Operational
+ Attribute", draft-zeilenga-ldap-uuid-xx.txt, a work in
+ progress.
+
+ [LDAPIRM] Harrison, R. and Zeilenga, K., "LDAP Intermediate
+ Response",
+ draft-rharrison-ldap-intermediate-resp-00.txt, a work in
+ progress.
+
+ [UUID] International Organization for Standardization (ISO),
+ "Information technology - Open Systems Interconnection -
+ Remote Procedure Call", ISO/IEC 11578:1996
+
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 27]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ [X.680] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Abstract
+ Syntax Notation One (ASN.1) - Specification of Basic
+ Notation", X.680(1997) (also ISO/IEC 8824-1:1998).
+
+ [X.690] International Telecommunication Union -
+ Telecommunication Standardization Sector, "Specification
+ of ASN.1 encoding rules: Basic Encoding Rules (BER),
+ Canonical Encoding Rules (CER), and Distinguished
+ Encoding Rules (DER)", X.690(1997) (also ISO/IEC
+ 8825-1:1998).
+
+
+11. Informative References
+
+ [RFC2256] Wahl, M., "A Summary of the X.500(96) User Schema for
+ use with LDAPv3", RFC 2256, December 1997.
+
+ [RFC3383] Zeilenga, K., "IANA Considerations for LDAP", BCP 64
+ (also RFC 3383), September 2002.
+
+ [PRIVATE] IANA, "Private Enterprise Numbers",
+ http://www.iana.org/assignments/enterprise-numbers.
+
+ [ASSIGN] OpenLDAP Foundation, "OpenLDAP OID Delegations",
+ http://www.openldap.org/foundation/oid-delegate.txt.
+
+ [X.500] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
+ -- Overview of concepts, models and services,"
+ X.500(1993) (also ISO/IEC 9594-1:1994).
+
+ [X.511] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The
+ Directory: Abstract Service Definition", X.511(1993).
+
+ [X.525] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The
+ Directory: Replication", X.525(1993).
+
+ [UUIDinfo] The Open Group, "Universally Unique Identifier" appendix
+ of the CAE Specification "DCE 1.1: Remote Procedure
+ Calls", Document Number C706,
+ <http://www.opengroup.org/products/publications/
+ catalog/c706.htm> (appendix available at:
+ <http://www.opengroup.org/onlinepubs/9629399/
+ apdxa.htm>), August 1997.
+
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 28]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ [DIRSYNC] Armijo, M., "Microsoft LDAP Control for Directory
+ Synchronization", draft-armijo-ldap-dirsync-xx.txt, a
+ work in progress.
+
+ [LCUP] Megginson, R., et. al., "LDAP Client Update Protocol",
+ draft-ietf-ldup-lcup-xx.txt, a work in progress.
+
+ [PSEARCH] Smith, M., et. al., "Persistent Search: A Simple LDAP
+ Change Notification Mechanism",
+ draft-ietf-ldapext-psearch-xx.txt, a work in progress.
+
+ [TSEARCH] Wahl, M., "LDAPv3 Triggered Search Control",
+ draft-ietf-ldapext-trigger-xx.txt, a work in progress.
+
+
+12. Authors' Addresses
+
+ Kurt D. Zeilenga
+ OpenLDAP Foundation
+ <Kurt at OpenLDAP.org>
+
+ Jong Hyuk Choi
+ IBM Corporation
+ <jongchoi at us.ibm.com>
+
+
+
+Appendix A. CSN-based Implementation Considerations
+
+ This appendix is provided for informational purposes only, it is not a
+ normative part of the LDAP Content Synchronization Operation's
+ technical specification.
+
+ This appendix discusses LDAP Content Synchronization Operation server
+ implementation considerations associated with a Change Sequence Number
+ based approaches.
+
+ Change Sequence Number based approaches are targeted for use in
+ servers which do not maintain history information (e.g., change logs,
+ state snapshots, etc.) about changes made to the Directory and hence,
+ must rely on current directory state and minimal synchronization state
+ information embedded in Sync Cookie. Servers which maintain history
+ information should consider other approaches which exploit the history
+ information.
+
+ A Change Sequence Number is effectively a time stamp which has
+ sufficient granularity to ensure that the precedence relationship in
+ time of two updates to the same object can be determined. Change
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 29]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ Sequence Numbers are not to be confused with Commit Sequence Numbers
+ or Commit Log Record Numbers. A Commit Sequence Number allows one to
+ determine how two commits (to the same object or different objects)
+ relate to each other in time. Change Sequence Number associated with
+ different entries may be committed out of order. In the remainder of
+ this Appendix, the term CSN refers to a Change Sequence Number.
+
+ In these approaches, the server not only maintains a CSN for each
+ directory entry (the entry CSN), but also maintains a value which we
+ will call the context CSN. The context CSN is the greatest committed
+ entry CSN which is not greater than any outstanding (uncommitted)
+ entry CSNs for all entries in a directory context. The values of
+ context CSN are used in syncCookie values as synchronization state
+ indicators.
+
+ As search operations are not isolated from individual directory update
+ operations and individual update operations cannot be assumed to be
+ serialized, one cannot assume that the returned content incorporates
+ all relevant changes whose change sequence number is less than or
+ equal to the greatest entry CSN in the content. The content
+ incorporates all the relevant changes whose change sequence number is
+ less than or equal to context CSN before search processing. The
+ content may also incorporate any subset of the changes whose change
+ sequence number is greater than context CSN before search processing
+ but less than or equal to the context CSN after search processing.
+ The content does not incorporate any of the changes whose CSN is
+ greater than the context CSN after search processing.
+
+ A simple server implementation could use value of the context CSN
+ before search processing to indicate state. Such an implementation
+ would embed this value into each SyncCookie returned. We'll call this
+ the cookie CSN. When a refresh was requested, the server would simply
+ generate "update" messages for all entries in the content whose CSN is
+ greater than the supplied cookie CSN and generate "present" messages
+ for all other entries in the content. However, if the current context
+ CSN is the same as the cookie CSN, the server should instead generate
+ zero "updates" and zero "delete" messages, and indicate refreshDeletes
+ of TRUE as the directory has not changed.
+
+ The implementation should also consider the impact of changes to meta
+ information, such as access controls, which affects content
+ determination. One approach is for the server to maintain a context
+ wide meta information CSN or meta CSN. This meta CSN would be updated
+ whenever meta information affecting content determination was changed.
+ If the value of the meta CSN is greater than cookie CSN, the server
+ should ignore the cookie and treat the request as an initial request
+ for content.
+
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 30]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ Additionally, servers may want to consider maintaining some
+ per-session history information to reduce the number of messages
+ needed to be transferred during incremental refreshes. Specifically,
+ a server could record information about entries as they leave the
+ scope of a disconnected sync session and later use this information to
+ generate delete messages instead of present messages.
+
+ When the history information is truncated, the CSN of the latest
+ truncated history information entry may be recorded as the truncated
+ CSN of the history information. The truncated CSN may be used to
+ determine whether a client copy can be covered by the history
+ information by comparing it to the synchronization state contained in
+ the cookie supplied by the client.
+
+ When there are a large number of sessions, it may make sense to
+ maintain such history only for the selected clients. Also, servers
+ taking this approach need to consider resource consumption issues to
+ ensure reasonable server operation and to protect against abuse. It
+ may be appropriate to restrict this mode of operation by policy.
+
+
+
+
+Intellectual Property Rights
+
+ The IETF takes no position regarding the validity or scope of any
+ intellectual property or other rights that might be claimed to pertain
+ to the implementation or use of the technology described in this
+ document or the extent to which any license under such rights might or
+ might not be available; neither does it represent that it has made any
+ effort to identify any such rights. Information on the IETF's
+ procedures with respect to rights in standards-track and
+ standards-related documentation can be found in BCP-11. Copies of
+ claims of rights made available for publication and any assurances of
+ licenses to be made available, or the result of an attempt made to
+ obtain a general license or permission for the use of such proprietary
+ rights by implementors or users of this specification can be obtained
+ from the IETF Secretariat.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights which may cover technology that may be required to practice
+ this standard. Please address the information to the IETF Executive
+ Director.
+
+
+
+Full Copyright
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 31]
+�
+INTERNET-DRAFT draft-zeilenga-ldup-sync-05 3 February 2004
+
+
+ Copyright (C) The Internet Society (2004). All Rights Reserved.
+
+ This document and translations of it may be copied and furnished to
+ others, and derivative works that comment on or otherwise explain it
+ or assist in its implementation may be prepared, copied, published and
+ distributed, in whole or in part, without restriction of any kind,
+ provided that the above copyright notice and this paragraph are
+ included on all such copies and derivative works. However, this
+ document itself may not be modified in any way, such as by removing
+ the copyright notice or references to the Internet Society or other
+ Internet organizations, except as needed for the purpose of
+ developing Internet standards in which case the procedures for
+ copyrights defined in the Internet Standards process must be followed,
+ or as required to translate it into languages other than English.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zeilenga LDAP Content Sync Operation [Page 32]
+�
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/COPYRIGHT
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/COPYRIGHT (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/COPYRIGHT 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,62 @@
+Copyright 1998-2007 The OpenLDAP Foundation
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
+OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+Individual files and/or contributed packages may be copyright by
+other parties and subject to additional restrictions.
+
+This work is derived from the University of Michigan LDAP v3.3
+distribution. Information concerning this software is available
+at <http://www.umich.edu/~dirsvcs/ldap/>.
+
+This work also contains materials derived from public sources.
+
+Additional information about OpenLDAP can be obtained at
+<http://www.openldap.org/>.
+
+---
+
+Portions Copyright 1998-2005 Kurt D. Zeilenga.
+Portions Copyright 1998-2005 Net Boolean Incorporated.
+Portions Copyright 2001-2005 IBM Corporation.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+---
+
+Portions Copyright 1999-2005 Howard Y.H. Chu.
+Portions Copyright 1999-2005 Symas Corporation.
+Portions Copyright 1998-2003 Hallvard B. Furuseth.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that this notice is preserved.
+The names of the copyright holders may not be used to endorse or
+promote products derived from this software without their specific
+prior written permission. This software is provided ``as is''
+without express or implied warranty.
+
+---
+
+Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+All rights reserved.
+
+Redistribution and use in source and binary forms are permitted
+provided that this notice is preserved and that due credit is given
+to the University of Michigan at Ann Arbor. The name of the
+University may not be used to endorse or promote products derived
+from this software without specific prior written permission. This
+software is provided ``as is'' without express or implied warranty.
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/LICENSE
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/LICENSE (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/LICENSE 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,47 @@
+The OpenLDAP Public License
+ Version 2.8, 17 August 2003
+
+Redistribution and use of this software and associated documentation
+("Software"), with or without modification, are permitted provided
+that the following conditions are met:
+
+1. Redistributions in source form must retain copyright statements
+ and notices,
+
+2. Redistributions in binary form must reproduce applicable copyright
+ statements and notices, this list of conditions, and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution, and
+
+3. Redistributions must contain a verbatim copy of this document.
+
+The OpenLDAP Foundation may revise this license from time to time.
+Each revision is distinguished by a version number. You may use
+this Software under terms of this license revision or under the
+terms of any subsequent revision of the license.
+
+THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
+CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S)
+OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+The names of the authors and copyright holders must not be used in
+advertising or otherwise to promote the sale, use or other dealing
+in this Software without specific, written prior permission. Title
+to copyright in this Software shall at all times remain with copyright
+holders.
+
+OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+Copyright 1999-2003 The OpenLDAP Foundation, Redwood City,
+California, USA. All Rights Reserved. Permission to copy and
+distribute verbatim copies of this document is granted.
Added: openldap/vendor/openldap-2.3.35/doc/guide/README
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,17 @@
+This module contains OpenLDAP guides in Simple Document Format (SDF).
+
+SDF is a freely available documentation system. Based on a
+simple, readable markup language, SDF generates high quality
+output in multiple formats.
+
+ cd admin # OpenLDAP Administrator's Guide
+ sdf -2topics index.sdf # generate HTML for WWW publishing
+ sdf -2html guide.sdf # generate HTML for release
+ sdf -2txt guide.sdf # generate TXT for release
+
+More information about STF can be obtained from the CPAN at:
+ http://search.cpan.org/src/IANC/sdf-2.001/doc/catalog.html
+
+SDF itself can be obtained at:
+ http://search.cpan.org/~ianc/sdf-2.001/
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/Makefile
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/Makefile (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/Makefile 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,66 @@
+## Makefile for OpenLDAP Administrator's Guide
+# $OpenLDAP: pkg/openldap-guide/admin/Makefile,v 1.4.2.3 2007/01/02 21:43:43 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2005-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+all: guide.html index.html
+
+sdf-src: \
+ ../plain.sdf \
+ ../preamble.sdf \
+ abstract.sdf \
+ config.sdf \
+ dbtools.sdf \
+ guide.sdf \
+ install.sdf \
+ intro.sdf \
+ master.sdf \
+ monitoringslapd.sdf \
+ preface.sdf \
+ proxycache.sdf \
+ quickstart.sdf \
+ referrals.sdf \
+ replication.sdf \
+ runningslapd.sdf \
+ sasl.sdf \
+ schema.sdf \
+ security.sdf \
+ slapdconfig.sdf \
+ syncrepl.sdf \
+ title.sdf \
+ tls.sdf \
+ tuning.sdf
+
+sdf-img: \
+ ../images/LDAPlogo.gif \
+ config_local.gif \
+ config_ref.gif \
+ config_repl.gif \
+ config_x500fe.gif \
+ config_x500ref.gif \
+ intro_dctree.gif \
+ intro_tree.gif \
+ replication.gif
+
+guide.html: guide.sdf sdf-src sdf-img
+ sdf -2html guide.sdf
+
+index.html: index.sdf sdf-src sdf-img
+ sdf -2topics index.sdf
+
+admin.html: admin.sdf sdf-src sdf-img
+ sdf -DPDF -2html admin.sdf
+
+guide.pdf: admin.html
+ htmldoc --book --duplex --bottom 36 --top 36 \
+ --toclevels 2 \
+ -f guide.pdf admin.html
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/abstract.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/abstract.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/abstract.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,7 @@
+# $OpenLDAP: pkg/openldap-guide/admin/abstract.sdf,v 1.6.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+#
+# OpenLDAP Administrator's Guide: Abstract
+
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/admin.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/admin.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/admin.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,13 @@
+# $OpenLDAP: pkg/openldap-guide/admin/admin.sdf,v 1.1.2.3 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+#
+# guide.sdf
+#
+
+!define DOC_TOC 0
+
+!macro build_html_cover
+!endmacro
+
+!include "master.sdf"
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/config.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/config.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/config.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,64 @@
+# $OpenLDAP: pkg/openldap-guide/admin/config.sdf,v 1.13.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+H1: The Big Picture - Configuration Choices
+
+This section gives a brief overview of various {{TERM:LDAP}} directory
+configurations, and how your stand-alone LDAP server {{slapd}}(8)
+fits in with the rest of the world.
+
+
+H2: Local Directory Service
+
+In this configuration, you run a {{slapd}} which provides directory
+service for your local domain only. It does not interact with other
+directory servers in any way. This configuration is shown in Figure 3.1.
+
+!import "config_local.gif"; align="center"; title="Local service via slapd configuration"
+FT[align="Center"] Figure 3.1: Local service configuration.
+
+Use this configuration if you are just starting out (it's the one the
+quick-start guide makes for you) or if you want to provide a local
+service and are not interested in connecting to the rest of the world.
+It's easy to upgrade to another configuration later if you want.
+
+
+H2: Local Directory Service with Referrals
+
+In this configuration, you run a slapd which provides directory service
+for your local domain and configure it to return referrals to a
+{{superior}} service capable of handling requests outside your local domain.
+You may run this service yourself or use one provided to you.
+This configuration is shown in Figure 3.2.
+
+!import "config_ref.gif"; align="center"; title="Local service with referrals"
+FT[align="Center"] Figure 3.2: Local service with referrals
+
+Use this configuration if you want to provide local service and
+participate in the Global Directory.
+
+
+H2: Replicated Directory Service
+
+The slurpd daemon is used to propagate changes from a master slapd
+to one or more slave slapds. An example master-slave configuration
+is shown in figure 3.3.
+
+!import "config_repl.gif"; align="center"; title="Replicated Directory Services"
+FT[align="Center"] Figure 3.3: Replicated Directory Services
+
+This configuration can be used in conjunction with either of the first
+two configurations in situations where a single slapd does not
+provide the required reliability or availability.
+
+H2: Distributed Local Directory Service
+
+In this configuration, the local service is partitioned into smaller
+services, each of which may be replicated, and {{glued}} together with
+{{superior}} and {{subordinate}} referrals.
+!if 0
+An example of this configuration is shown in Figure 3.4.
+
+!import "config_dist.gif"; align="center"; title="Distributed Local Directory Services"
+FT[align="Center"] Figure 3.4: Distributed Local Directory Services
+!endif
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/config_dit.gif
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-2.3.35/doc/guide/admin/config_dit.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/config_local.gif
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-2.3.35/doc/guide/admin/config_local.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/config_ref.gif
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-2.3.35/doc/guide/admin/config_ref.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/config_repl.gif
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-2.3.35/doc/guide/admin/config_repl.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/config_x500fe.gif
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-2.3.35/doc/guide/admin/config_x500fe.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/config_x500ref.gif
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-2.3.35/doc/guide/admin/config_x500ref.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/dbtools.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/dbtools.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/dbtools.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,364 @@
+# $OpenLDAP: pkg/openldap-guide/admin/dbtools.sdf,v 1.23.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: Database Creation and Maintenance Tools
+
+This section tells you how to create a slapd database from scratch,
+and how to do trouble shooting if you run into problems. There are
+two ways to create a database. First, you can create the database
+on-line using LDAP. With this method, you simply start up slapd
+and add entries using the LDAP client of your choice. This method
+is fine for relatively small databases (a few hundred or thousand
+entries, depending on your requirements). This method works for
+database types which support updates.
+
+The second method of database creation is to do it off-line using
+special utilities provided with slapd. This method is best if you
+have many thousands of entries to create, which would take an
+unacceptably long time using the LDAP method, or if you want to
+ensure the database is not accessed while it is being created. Note
+that not all database types support these utilitites.
+
+
+H2: Creating a database over LDAP
+
+With this method, you use the LDAP client of your choice (e.g.,
+the {{ldapadd}}(1)) to add entries, just like you would once the
+database is created. You should be sure to set the following
+options in the configuration file before starting {{slapd}}(8).
+
+> suffix <dn>
+
+As described in the {{SECT:General Database Directives}} section,
+this option defines which entries are to be held by this database.
+You should set this to the DN of the root of the subtree you are
+trying to create. For example:
+
+> suffix "dc=example,dc=com"
+
+You should be sure to specify a directory where the index files
+should be created:
+
+> directory <directory>
+
+For example:
+
+> directory /usr/local/var/openldap-data
+
+You need to create this directory with appropriate permissions such
+that slapd can write to it.
+
+You need to configure slapd so that you can connect to it as a
+directory user with permission to add entries. You can configure
+the directory to support a special {{super-user}} or {{root}} user
+just for this purpose. This is done through the following two
+options in the database definition:
+
+> rootdn <dn>
+> rootpw <passwd>
+
+For example:
+
+> rootdn "cn=Manager,dc=example,dc=com"
+> rootpw secret
+
+These options specify a DN and password that can be used to
+authenticate as the {{super-user}} entry of the database (i.e.,
+the entry allowed to do anything). The DN and password specified
+here will always work, regardless of whether the entry named actually
+exists or has the password given. This solves the chicken-and-egg
+problem of how to authenticate and add entries before any entries
+yet exist.
+
+Finally, you should make sure that the database definition contains
+the index definitions you want:
+
+> index {<attrlist> | default} [pres,eq,approx,sub,none]
+
+For example, to index the {{EX:cn}}, {{EX:sn}}, {{EX:uid}} and
+{{EX:objectclass}} attributes, the following {{EX:index}} directives
+could be used:
+
+> index cn,sn,uid pres,eq,approx,sub
+> index objectClass eq
+
+This would create presence, equality, approximate, and substring
+indices for the {{EX:cn}}, {{EX:sn}}, and {{EX:uid}} attributes and
+an equality index for the {{EX:objectClass}} attribute. Note that
+not all index types are available with all attribute types. See
+{{SECT:The slapd Configuration File}} section for more information
+on this option.
+
+Once you have configured things to your liking, start up slapd,
+connect with your LDAP client, and start adding entries. For
+example, to add an organization entry and an organizational role
+entry using the {{I:ldapadd}} tool, you could create an {{TERM:LDIF}}
+file called {{EX:entries.ldif}} with the contents:
+
+> # Organization for Example Corporation
+> dn: dc=example,dc=com
+> objectClass: dcObject
+> objectClass: organization
+> dc: example
+> o: Example Corporation
+> description: The Example Corporation
+>
+> # Organizational Role for Directory Manager
+> dn: cn=Manager,dc=example,dc=com
+> objectClass: organizationalRole
+> cn: Manager
+> description: Directory Manager
+
+and then use a command like this to actually create the entry:
+
+> ldapadd -f entries.ldif -x -D "cn=Manager,dc=example,dc=com" -w secret
+
+The above command assumes settings provided in the above examples.
+
+
+H2: Creating a database off-line
+
+The second method of database creation is to do it off-line, using
+the slapd database tools described below. This method is best if
+you have many thousands of entries to create, which would take an
+unacceptably long time to add using the LDAP method described above.
+These tools read the slapd configuration file and an input file
+containing a text representation of the entries to add. For database
+types which support the tools, they produce the database files
+directly (otherwise you must use the on-line method above). There
+are several important configuration options you will want to be
+sure and set in the config file database definition first:
+
+> suffix <dn>
+
+As described in the {{SECT:General Database Directives}} section,
+this option defines which entries are to be held by this database.
+You should set this to the DN of the root of the subtree you are
+trying to create. For example:
+
+> suffix "dc=example,dc=com"
+
+You should be sure to specify a directory where the index files
+should be created:
+
+> directory <directory>
+
+For example:
+
+> directory /usr/local/var/openldap-data
+
+Finally, you need to specify which indices you want to build. This
+is done by one or more index options.
+
+> index {<attrlist> | default} [pres,eq,approx,sub,none]
+
+For example:
+
+> index cn,sn,uid pres,eq,approx,sub
+> index objectClass eq
+
+This would create presence, equality, approximate, and substring
+indices for the {{EX:cn}}, {{EX:sn}}, and {{EX:uid}} attributes and
+an equality index for the {{EX:objectClass}} attribute. Note that
+not all index types are available with all attribute types. See
+{{SECT:The slapd Configuration File}} section for more information
+on this option.
+
+H3: The {{EX:slapadd}} program
+
+Once you've configured things to your liking, you create the primary
+database and associated indices by running the {{slapadd}}(8)
+program:
+
+> slapadd -l <inputfile> -f <slapdconfigfile>
+> [-d <debuglevel>] [-n <integer>|-b <suffix>]
+
+The arguments have the following meanings:
+
+> -l <inputfile>
+
+Specifies the {{TERM:LDIF}} input file containing the entries to
+add in text form (described below in the {{SECT:The LDIF text entry
+format}} section).
+
+> -f <slapdconfigfile>
+
+Specifies the slapd configuration file that tells where to create
+the indices, what indices to create, etc.
+
+> -d <debuglevel>
+
+Turn on debugging, as specified by {{EX:<debuglevel>}}. The debug
+levels are the same as for slapd. See the {{SECT:Command-Line
+Options}} section in {{SECT:Running slapd}}.
+
+> -n <databasenumber>
+
+An optional argument that specifies which database to modify. The
+first database listed in the configuration file is {{EX:1}}, the
+second {{EX:2}}, etc. By default, the first database in the
+configuration file is used. Should not be used in conjunction with
+{{EX:-b}}.
+
+> -b <suffix>
+
+An optional argument that specifies which database to modify. The
+provided suffix is matched against a database {{EX:suffix}} directive
+to determine the database number. Should not be used in conjunction
+with {{EX:-n}}.
+
+
+H3: The {{EX:slapindex}} program
+
+Sometimes it may be necessary to regenerate indices (such as after
+modifying {{slapd.conf}}(5)). This is possible using the {{slapindex}}(8)
+program. {{slapindex}} is invoked like this
+
+> slapindex -f <slapdconfigfile>
+> [-d <debuglevel>] [-n <databasenumber>|-b <suffix>]
+
+Where the {{EX:-f}}, {{EX:-d}}, {{EX:-n}} and {{EX:-b}} options
+are the same as for the {{slapadd}}(1) program. {{slapindex}}
+rebuilds all indices based upon the current database contents.
+
+
+H3: The {{EX:slapcat}} program
+
+The {{EX:slapcat}} program is used to dump the database to an
+{{TERM:LDIF}} file. This can be useful when you want to make a
+human-readable backup of your database or when you want to edit
+your database off-line. The program is invoked like this:
+
+> slapcat -l <filename> -f <slapdconfigfile>
+> [-d <debuglevel>] [-n <databasenumber>|-b <suffix>]
+
+where {{EX:-n}} or {{EX:-b}} is used to select the database in the
+{{slapd.conf}}(5) specified using {{EX:-f}}. The corresponding
+{{TERM:LDIF}} output is written to standard output or to the file
+specified using the {{EX:-l}} option.
+
+
+!if 0
+H3: The {{EX:ldif}} program
+
+The {{ldif}}(1) program is used to convert arbitrary data values
+to {{TERM:LDIF}} format. This can be useful when writing a program
+or script to create the LDIF file you will feed into the {{slapadd}}(8)
+or {{ldapadd}}(1) program, or when writing a SHELL backend.
+{{ldif}}(1) takes an attribute description as an argument and reads
+the attribute value(s) from standard input. It produces the LDIF
+formatted attribute line(s) on standard output. The usage is:
+
+> ldif [-b] <attrdesc>
+
+where {{EX:<attrdesc>}} is an attribute description. Without the
+{{EX-b}} option, the {{ldif}} program will consider each line of
+standard input to be a separate value of the attribute.
+
+> ldif description << EOF
+> leading space
+> # leading hash mark
+> EOF
+
+The {{EX:-b}} option can be used to force the {{ldif}} program to
+interpret its input as a single raw binary value. This option is
+useful when converting binary data such as a {{EX:jpegPhoto}} or
+{{EX:audio}} attribute. For example:
+
+> ldif -b jpegPhoto < photo.jpeg
+!endif
+
+
+H2: The LDIF text entry format
+
+The {{TERM[expand]LDIF}} (LDIF) is used to represent LDAP entries
+in a simple text format. This section provides a brief description
+of the LDIF entry format which complements {{ldif}}(5) and the
+technical specification {{REF:RFC2849}}.
+
+The basic form of an entry is:
+
+> # comment
+> dn: <distinguished name>
+> <attrdesc>: <attrvalue>
+> <attrdesc>: <attrvalue>
+>
+> ...
+
+Lines starting with a '{{EX:#}}' character are comments. An
+attribute description may be a simple attribute type like {{EX:cn}}
+or {{EX:objectClass}} or {{EX:1.2.3}} (an {{TERM:OID}} associated
+with an attribute type) or may include options such as {{EX:cn;lang_en_US}}
+or {{EX:userCertificate;binary}}.
+
+A line may be continued by starting the next line with a {{single}}
+space or tab character. For example:
+
+> dn: cn=Barbara J Jensen,dc=example,dc=
+> com
+> cn: Barbara J
+> Jensen
+
+is equivalent to:
+
+> dn: cn=Barbara J Jensen,dc=example,dc=com
+> cn: Barbara J Jensen
+
+Multiple attribute values are specified on separate lines. e.g.,
+
+> cn: Barbara J Jensen
+> cn: Babs Jensen
+
+If an {{EX:<attrvalue>}} contains non-printing characters or begins
+with a space, a colon ('{{EX::}}'), or a less than ('{{EX:<}}'),
+the {{EX:<attrdesc>}} is followed by a double colon and the base64
+encoding of the value. For example, the value "{{EX: begins with
+a space}}" would be encoded like this:
+
+> cn:: IGJlZ2lucyB3aXRoIGEgc3BhY2U=
+
+You can also specify a {{TERM:URL}} containing the attribute value.
+For example, the following specifies the {{EX:jpegPhoto}} value
+should be obtained from the file {{F:/path/to/file.jpeg}}.
+
+> cn:< file:///path/to/file.jpeg
+
+Multiple entries within the same LDIF file are separated by blank
+lines. Here's an example of an LDIF file containing three entries.
+
+> # Barbara's Entry
+> dn: cn=Barbara J Jensen,dc=example,dc=com
+> cn: Barbara J Jensen
+> cn: Babs Jensen
+> objectClass: person
+> sn: Jensen
+>
+> # Bjorn's Entry
+> dn: cn=Bjorn J Jensen,dc=example,dc=com
+> cn: Bjorn J Jensen
+> cn: Bjorn Jensen
+> objectClass: person
+> sn: Jensen
+> # Base64 encoded JPEG photo
+> jpegPhoto:: /9j/4AAQSkZJRgABAAAAAQABAAD/2wBDABALD
+> A4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQ
+> ERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVG
+>
+> # Jennifer's Entry
+> dn: cn=Jennifer J Jensen,dc=example,dc=com
+> cn: Jennifer J Jensen
+> cn: Jennifer Jensen
+> objectClass: person
+> sn: Jensen
+> # JPEG photo from file
+> jpegPhoto:< file:///path/to/file.jpeg
+
+Notice that the {{EX:jpegPhoto}} in Bjorn's entry is base 64 encoded
+and the {{EX:jpegPhoto}} in Jennifer's entry is obtained from the
+location indicated by the URL.
+
+Note: Trailing spaces are not trimmed from values in an LDIF file.
+Nor are multiple internal spaces compressed. If you don't want them
+in your data, don't put them there.
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/guide.html
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/guide.html (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/guide.html 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,4666 @@
+<!doctype html public "-//W30//DTD W3 HTML 2.0//EN">
+
+<HTML>
+
+<!-- This file was generated using SDF 2.001 by
+ Ian Clatworthy (ianc at mincom.com). SDF is freely
+ available from http://www.mincom.com/mtr/sdf. -->
+
+<HEAD>
+<TITLE>OpenLDAP Software 2.3 Administrator's Guide</TITLE>
+</HEAD>
+<BODY>
+
+<DIV CLASS="header">
+<A HREF="http://www.OpenLDAP.org/">
+<P><IMG SRC="../images/LDAPlogo.gif" ALIGN="Left" BORDER=0></P>
+</A>
+<DIV CLASS="navigate">
+<P ALIGN="Center"><A HREF="http://www.openldap.org/">Home</A> | <A HREF="../index.html">Catalog</A></P>
+</DIV>
+<BR CLEAR="Left">
+</DIV>
+<DIV CLASS="title">
+<H1 CLASS="doc-title">OpenLDAP Software 2.3 Administrator's Guide</H1>
+<ADDRESS CLASS="doc-author">The OpenLDAP Project <<A HREF="http://www.openldap.org/">http://www.openldap.org/</A>></ADDRESS>
+<ADDRESS CLASS="doc-modified">9 April 2007</ADDRESS>
+<BR CLEAR="All">
+</DIV>
+<DIV CLASS="contents">
+<HR>
+<H2>Table of Contents</H2>
+<UL>
+<A HREF="#Preface">Preface</A>
+<BR>
+<A HREF="#Introduction to OpenLDAP Directory Services">1. Introduction to OpenLDAP Directory Services</A><UL>
+<A HREF="#What is a directory service">1.1. What is a directory service?</A>
+<BR>
+<A HREF="#What is LDAP">1.2. What is LDAP?</A>
+<BR>
+<A HREF="#How does LDAP work">1.3. How does LDAP work?</A>
+<BR>
+<A HREF="#What about X.500">1.4. What about X.500?</A>
+<BR>
+<A HREF="#What is the difference between LDAPv2 and LDAPv3">1.5. What is the difference between LDAPv2 and LDAPv3?</A>
+<BR>
+<A HREF="#What is slapd and what can it do">1.6. What is slapd and what can it do?</A>
+<BR>
+<A HREF="#What is slurpd and what can it do">1.7. What is slurpd and what can it do?</A></UL>
+<BR>
+<A HREF="#A Quick-Start Guide">2. A Quick-Start Guide</A>
+<BR>
+<A HREF="#The Big Picture - Configuration Choices">3. The Big Picture - Configuration Choices</A><UL>
+<A HREF="#Local Directory Service">3.1. Local Directory Service</A>
+<BR>
+<A HREF="#Local Directory Service with Referrals">3.2. Local Directory Service with Referrals</A>
+<BR>
+<A HREF="#Replicated Directory Service">3.3. Replicated Directory Service</A>
+<BR>
+<A HREF="#Distributed Local Directory Service">3.4. Distributed Local Directory Service</A></UL>
+<BR>
+<A HREF="#Building and Installing OpenLDAP Software">4. Building and Installing OpenLDAP Software</A><UL>
+<A HREF="#Obtaining and Extracting the Software">4.1. Obtaining and Extracting the Software</A>
+<BR>
+<A HREF="#Prerequisite software">4.2. Prerequisite software</A>
+<BR>
+<A HREF="#Running configure">4.3. Running configure</A>
+<BR>
+<A HREF="#Building the Software">4.4. Building the Software</A>
+<BR>
+<A HREF="#Testing the Software">4.5. Testing the Software</A>
+<BR>
+<A HREF="#Installing the Software">4.6. Installing the Software</A></UL>
+<BR>
+<A HREF="#Configuring slapd">5. Configuring slapd</A><UL>
+<A HREF="#Configuration Layout">5.1. Configuration Layout</A>
+<BR>
+<A HREF="#Configuration Directives">5.2. Configuration Directives</A>
+<BR>
+<A HREF="#Access Control">5.3. Access Control</A>
+<BR>
+<A HREF="#Configuration Example">5.4. Configuration Example</A></UL>
+<BR>
+<A HREF="#The slapd Configuration File">6. The slapd Configuration File</A><UL>
+<A HREF="#Configuration File Format">6.1. Configuration File Format</A>
+<BR>
+<A HREF="#Configuration File Directives">6.2. Configuration File Directives</A>
+<BR>
+<A HREF="#Access Control">6.3. Access Control</A>
+<BR>
+<A HREF="#Configuration File Example">6.4. Configuration File Example</A></UL>
+<BR>
+<A HREF="#Running slapd">7. Running slapd</A><UL>
+<A HREF="#Command-Line Options">7.1. Command-Line Options</A>
+<BR>
+<A HREF="#Starting slapd">7.2. Starting slapd</A>
+<BR>
+<A HREF="#Stopping slapd">7.3. Stopping slapd</A></UL>
+<BR>
+<A HREF="#Database Creation and Maintenance Tools">8. Database Creation and Maintenance Tools</A><UL>
+<A HREF="#Creating a database over LDAP">8.1. Creating a database over LDAP</A>
+<BR>
+<A HREF="#Creating a database off-line">8.2. Creating a database off-line</A>
+<BR>
+<A HREF="#The LDIF text entry format">8.3. The LDIF text entry format</A></UL>
+<BR>
+<A HREF="#Schema Specification">9. Schema Specification</A><UL>
+<A HREF="#Distributed Schema Files">9.1. Distributed Schema Files</A>
+<BR>
+<A HREF="#Extending Schema">9.2. Extending Schema</A></UL>
+<BR>
+<A HREF="#Security Considerations">10. Security Considerations</A><UL>
+<A HREF="#Network Security">10.1. Network Security</A>
+<BR>
+<A HREF="#Data Integrity and Confidentiality Protection">10.2. Data Integrity and Confidentiality Protection</A>
+<BR>
+<A HREF="#Authentication Methods">10.3. Authentication Methods</A></UL>
+<BR>
+<A HREF="#Using SASL">11. Using SASL</A><UL>
+<A HREF="#SASL Security Considerations">11.1. SASL Security Considerations</A>
+<BR>
+<A HREF="#SASL Authentication">11.2. SASL Authentication</A>
+<BR>
+<A HREF="#SASL Proxy Authorization">11.3. SASL Proxy Authorization</A></UL>
+<BR>
+<A HREF="#Using TLS">12. Using TLS</A><UL>
+<A HREF="#TLS Certificates">12.1. TLS Certificates</A>
+<BR>
+<A HREF="#TLS Configuration">12.2. TLS Configuration</A></UL>
+<BR>
+<A HREF="#Constructing a Distributed Directory Service">13. Constructing a Distributed Directory Service</A><UL>
+<A HREF="#Subordinate Knowledge Information">13.1. Subordinate Knowledge Information</A>
+<BR>
+<A HREF="#Superior Knowledge Information">13.2. Superior Knowledge Information</A>
+<BR>
+<A HREF="#The ManageDsaIT Control">13.3. The ManageDsaIT Control</A></UL>
+<BR>
+<A HREF="#Replication with slurpd">14. Replication with slurpd</A><UL>
+<A HREF="#Overview">14.1. Overview</A>
+<BR>
+<A HREF="#Replication Logs">14.2. Replication Logs</A>
+<BR>
+<A HREF="#Command-Line Options">14.3. Command-Line Options</A>
+<BR>
+<A HREF="#Configuring slurpd and a slave slapd instance">14.4. Configuring slurpd and a slave slapd instance</A>
+<BR>
+<A HREF="#Advanced slurpd Operation">14.5. Advanced slurpd Operation</A></UL>
+<BR>
+<A HREF="#LDAP Sync Replication">15. LDAP Sync Replication</A><UL>
+<A HREF="#The LDAP Content Synchronization Protocol">15.1. The LDAP Content Synchronization Protocol</A>
+<BR>
+<A HREF="#Syncrepl Details">15.2. Syncrepl Details</A>
+<BR>
+<A HREF="#Configuring Syncrepl">15.3. Configuring Syncrepl</A></UL>
+<BR>
+<A HREF="#The Proxy Cache Engine">16. The Proxy Cache Engine</A><UL>
+<A HREF="#Overview">16.1. Overview</A>
+<BR>
+<A HREF="#Proxy Cache Configuration">16.2. Proxy Cache Configuration</A></UL>
+<BR>
+<A HREF="#Generic configure Instructions">A. Generic configure Instructions</A>
+<BR>
+<A HREF="#OpenLDAP Software Copyright Notices">B. OpenLDAP Software Copyright Notices</A><UL>
+<A HREF="#OpenLDAP Copyright Notice">B.1. OpenLDAP Copyright Notice</A>
+<BR>
+<A HREF="#Additional Copyright Notice">B.2. Additional Copyright Notice</A>
+<BR>
+<A HREF="#University of Michigan Copyright Notice">B.3. University of Michigan Copyright Notice</A></UL>
+<BR>
+<A HREF="#OpenLDAP Public License">C. OpenLDAP Public License</A></UL>
+</DIV>
+<DIV CLASS="main">
+<P></P>
+<HR>
+<H1><A NAME="Preface">Preface</A></H1>
+<H2>Copyright</H2>
+<P>Copyright 1998-2005, The <A HREF="http://www.openldap.org/foundation/">OpenLDAP Foundation</A>, <EM>All Rights Reserved</EM>.</P>
+<P>Copyright 1992-1996, Regents of the <A HREF="http://www.umich.edu/">University of Michigan</A>, <EM>All Rights Reserved</EM>.</P>
+<P>This document is considered a part of OpenLDAP Software. This document is subject to terms of conditions set forth in <A HREF="#OpenLDAP Software Copyright Notices">OpenLDAP Software Copyright Notices</A> and the <A HREF="#OpenLDAP Public License">OpenLDAP Public License</A>. Complete copies of the notices and associated license can be found in Appendix B and C, respectively.</P>
+<H2>Scope of this Document</H2>
+<P>This document provides a guide for installing OpenLDAP Software 2.3 (<A HREF="http://www.openldap.org/software/">http://www.openldap.org/software/</A>) on <TERM>UNIX</TERM> (and UNIX-like) systems. The document is aimed at experienced system administrators but who may not have prior experience operating <TERM>LDAP</TERM>-based directory software.</P>
+<P>This document is meant to be used in conjunction with other OpenLDAP information resources provided with the software package and on the project's extensive site (<A HREF="http://www.OpenLDAP.org/">http://www.OpenLDAP.org/</A>) on the World Wide Web. The site makes available a number of resources.</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>OpenLDAP Resources</CAPTION>
+<TR CLASS="heading">
+<TD>
+<STRONG>Resource</STRONG>
+</TD>
+<TD>
+<STRONG>URL</STRONG>
+</TD>
+</TR>
+<TR>
+<TD>
+Document Catalog
+</TD>
+<TD>
+<A HREF="http://www.OpenLDAP.org/doc/">http://www.OpenLDAP.org/doc/</A>
+</TD>
+</TR>
+<TR>
+<TD>
+Frequently Asked Questions
+</TD>
+<TD>
+<A HREF="http://www.OpenLDAP.org/faq/">http://www.OpenLDAP.org/faq/</A>
+</TD>
+</TR>
+<TR>
+<TD>
+Issue Tracking System
+</TD>
+<TD>
+<A HREF="http://www.OpenLDAP.org/its/">http://www.OpenLDAP.org/its/</A>
+</TD>
+</TR>
+<TR>
+<TD>
+Mailing Lists
+</TD>
+<TD>
+<A HREF="http://www.OpenLDAP.org/lists/">http://www.OpenLDAP.org/lists/</A>
+</TD>
+</TR>
+<TR>
+<TD>
+Software Pages
+</TD>
+<TD>
+<A HREF="http://www.OpenLDAP.org/software/">http://www.OpenLDAP.org/software/</A>
+</TD>
+</TR>
+<TR>
+<TD>
+Support Pages
+</TD>
+<TD>
+<A HREF="http://www.OpenLDAP.org/support/">http://www.OpenLDAP.org/support/</A>
+</TD>
+</TR>
+</TABLE>
+
+<H2>Acknowledgments</H2>
+<P>The <A HREF="http://www.openldap.org/project/">OpenLDAP Project</A> is comprised of a team of volunteers. This document would not be possible without their contribution of time and energy.</P>
+<P>The OpenLDAP Project would also like to thank the <A HREF="http://www.umich.edu/~dirsvcs/ldap/ldap.html">University of Michigan LDAP</A> for building the foundation of LDAP software and information to which OpenLDAP Software is built upon. This document is based upon U-Mich LDAP document: <EM>The SLAPD and SLURPD Administrators Guide</EM>.</P>
+<H2>Amendments</H2>
+<P>Suggested enhancements and corrections to this document should be submitted using the <A HREF="http://www.openldap.org/">OpenLDAP</A> <EM><TERM>Issue Tracking System</TERM></EM> (<A HREF="http://www.openldap.org/its/">http://www.openldap.org/its/</A>).</P>
+<H2>About this document</H2>
+<P>This document was produced using the <EM>Simple Document Format</EM> (<A HREF="http://search.cpan.org/src/IANC/sdf-2.001/doc/">http://search.cpan.org/src/IANC/sdf-2.001/doc/</A>) documentation system developed by <EM>Ian Clatworthy</EM>. Tools for <EM>SDF</EM> are available from CPAN (<A HREF="http://search.cpan.org/search?query=SDF">http://search.cpan.org/search?query=SDF</A>).</P>
+<P></P>
+<HR>
+<H1><A NAME="Introduction to OpenLDAP Directory Services">1. Introduction to OpenLDAP Directory Services</A></H1>
+<P>This document describes how to build, configure, and operate OpenLDAP software to provide directory services. This includes details on how to configure and run the stand-alone <TERM>LDAP</TERM> daemon, <EM>slapd</EM>(8) and the stand-alone LDAP update replication daemon, <EM>slurpd</EM>(8). It is intended for newcomers and experienced administrators alike. This section provides a basic introduction to directory services and, in particular, the directory services provided by <EM>slapd</EM>(8).</P>
+<H2><A NAME="What is a directory service">1.1. What is a directory service?</A></H2>
+<P>A directory is a specialized database optimized for reading, browsing and searching. Directories tend to contain descriptive, attribute-based information and support sophisticated filtering capabilities. Directories generally do not support complicated transaction or roll-back schemes found in database management systems designed for handling high-volume complex updates. Directory updates are typically simple all-or-nothing changes, if they are allowed at all. Directories are tuned to give quick response to high-volume lookup or search operations. They may have the ability to replicate information widely in order to increase availability and reliability, while reducing response time. When directory information is replicated, temporary inconsistencies between the replicas may be okay, as long as they get in sync eventually.</P>
+<P>There are many different ways to provide a directory service. Different methods allow different kinds of information to be stored in the directory, place different requirements on how that information can be referenced, queried and updated, how it is protected from unauthorized access, etc. Some directory services are <EM>local</EM>, providing service to a restricted context (e.g., the finger service on a single machine). Other services are global, providing service to a much broader context (e.g., the entire Internet). Global services are usually <EM>distributed</EM>, meaning that the data they contain is spread across many machines, all of which cooperate to provide the directory service. Typically a global service defines a uniform <EM>namespace</EM> which gives the same view of the data no matter where you are in relation to the data itself. The Internet <TERM>Domain Name System</TERM> (DNS) is an example of a globally distributed directory service.</P>
+<H2><A NAME="What is LDAP">1.2. What is LDAP?</A></H2>
+<P><TERM>LDAP</TERM> stands for <TERM>Lightweight Directory Access Protocol</TERM>. As the name suggests, it is a lightweight protocol for accessing directory services, specifically <TERM>X.500</TERM>-based directory services. LDAP runs over <TERM>TCP</TERM>/<TERM>IP</TERM> or other connection oriented transfer services. The nitty-gritty details of LDAP are defined in <A HREF="http://www.rfc-editor.org/rfc/rfc2251.txt">RFC2251</A> "The Lightweight Directory Access Protocol (v3)" and other documents comprising the technical specification <A HREF="http://www.rfc-editor.org/rfc/rfc3377.txt">RFC3377</A>. This section gives an overview of LDAP from a user's perspective.</P>
+<P><EM>What kind of information can be stored in the directory?</EM> The LDAP information model is based on <EM>entries</EM>. An entry is a collection of attributes that has a globally-unique <TERM>Distinguished Name</TERM> (DN). The DN is used to refer to the entry unambiguously. Each of the entry's attributes has a <EM>type</EM> and one or more <EM>values</EM>. The types are typically mnemonic strings, like "<TT>cn</TT>" for common name, or "<TT>mail</TT>" for email address. The syntax of values depend on the attribute type. For example, a <TT>cn</TT> attribute might contain the value <TT>Babs Jensen</TT>. A <TT>mail</TT> attribute might contain the value "<TT>babs at example.com</TT>". A <TT>jpegPhoto</TT> attribute would contain a photograph in the JPEG (binary) format.</P>
+<P><EM>How is the information arranged?</EM> In LDAP, directory entries are arranged in a hierarchical tree-like structure. Traditionally, this structure reflected the geographic and/or organizational boundaries. Entries representing countries appear at the top of the tree. Below them are entries representing states and national organizations. Below them might be entries representing organizational units, people, printers, documents, or just about anything else you can think of. Figure 1.1 shows an example LDAP directory tree using traditional naming.</P>
+<P><CENTER><IMG SRC="intro_tree.gif" ALIGN="center"></CENTER></P>
+<P ALIGN="Center">Figure 1.1: LDAP directory tree (traditional naming)</P>
+<P>The tree may also be arranged based upon Internet domain names. This naming approach is becoming increasing popular as it allows for directory services to be located using the <EM>DNS</EM>. Figure 1.2 shows an example LDAP directory tree using domain-based naming.</P>
+<P><CENTER><IMG SRC="intro_dctree.gif" ALIGN="center"></CENTER></P>
+<P ALIGN="Center">Figure 1.2: LDAP directory tree (Internet naming)</P>
+<P>In addition, LDAP allows you to control which attributes are required and allowed in an entry through the use of a special attribute called <TT>objectClass</TT>. The values of the <TT>objectClass</TT> attribute determine the <EM>schema</EM> rules the entry must obey.</P>
+<P><EM>How is the information referenced?</EM> An entry is referenced by its distinguished name, which is constructed by taking the name of the entry itself (called the <TERM>Relative Distinguished Name</TERM> or RDN) and concatenating the names of its ancestor entries. For example, the entry for Barbara Jensen in the Internet naming example above has an RDN of <TT>uid=babs</TT> and a DN of <TT>uid=babs,ou=People,dc=example,dc=com</TT>. The full DN format is described in <A HREF="http://www.rfc-editor.org/rfc/rfc2253.txt">RFC2253</A>, "Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names."</P>
+<P><EM>How is the information accessed?</EM> LDAP defines operations for interrogating and updating the directory. Operations are provided for adding and deleting an entry from the directory, changing an existing entry, and changing the name of an entry. Most of the time, though, LDAP is used to search for information in the directory. The LDAP search operation allows some portion of the directory to be searched for entries that match some criteria specified by a search filter. Information can be requested from each entry that matches the criteria.</P>
+<P>For example, you might want to search the entire directory subtree at and below <TT>dc=example,dc=com</TT> for people with the name <TT>Barbara Jensen</TT>, retrieving the email address of each entry found. LDAP lets you do this easily. Or you might want to search the entries directly below the <TT>st=California,c=US</TT> entry for organizations with the string <TT>Acme</TT> in their name, and that have a fax number. LDAP lets you do this too. The next section describes in more detail what you can do with LDAP and how it might be useful to you.</P>
+<P><EM>How is the information protected from unauthorized access?</EM> Some directory services provide no protection, allowing anyone to see the information. LDAP provides a mechanism for a client to authenticate, or prove its identity to a directory server, paving the way for rich access control to protect the information the server contains. LDAP also supports data security (integrity and confidentiality) services.</P>
+<H2><A NAME="How does LDAP work">1.3. How does LDAP work?</A></H2>
+<P>LDAP directory service is based on a <EM>client-server</EM> model. One or more LDAP servers contain the data making up the directory information tree (DIT). The client connects to servers and asks it a question. The server responds with an answer and/or with a pointer to where the client can get additional information (typically, another LDAP server). No matter which LDAP server a client connects to, it sees the same view of the directory; a name presented to one LDAP server references the same entry it would at another LDAP server. This is an important feature of a global directory service, like LDAP.</P>
+<H2><A NAME="What about X.500">1.4. What about X.500?</A></H2>
+<P>Technically, <TERM>LDAP</TERM> is a directory access protocol to an <TERM>X.500</TERM> directory service, the <TERM>OSI</TERM> directory service. Initially, LDAP clients accessed gateways to the X.500 directory service. This gateway ran LDAP between the client and gateway and X.500's <TERM>Directory Access Protocol</TERM> (<TERM>DAP</TERM>) between the gateway and the X.500 server. DAP is a heavyweight protocol that operates over a full OSI protocol stack and requires a significant amount of computing resources. LDAP is designed to operate over <TERM>TCP</TERM>/<TERM>IP</TERM> and provides most of the functionality of DAP at a much lower cost.</P>
+<P>While LDAP is still used to access X.500 directory service via gateways, LDAP is now more commonly directly implemented in X.500 servers.</P>
+<P>The stand-alone LDAP daemon, or <EM>slapd</EM>(8), can be viewed as a <EM>lightweight</EM> X.500 directory server. That is, it does not implement the X.500's DAP nor does it support the complete X.500 models.</P>
+<P>If you are already running a X.500 DAP service and you want to continue to do so, you can probably stop reading this guide. This guide is all about running LDAP via <EM>slapd</EM>(8), without running X.500 DAP. If you are not running X.500 DAP, want to stop running X.500 DAP, or have no immediate plans to run X.500 DAP, read on.</P>
+<P>It is possible to replicate data from an LDAP directory server to a X.500 DAP <TERM>DSA</TERM>. This requires an LDAP/DAP gateway. OpenLDAP does not provide such a gateway, but our replication daemon can be used to replicate to such a gateway. See the <A HREF="#Replication with slurpd">Replication with slurpd</A> chapter of this document for information regarding replication.</P>
+<H2><A NAME="What is the difference between LDAPv2 and LDAPv3">1.5. What is the difference between LDAPv2 and LDAPv3?</A></H2>
+<P>LDAPv3 was developed in the late 1990's to replace LDAPv2. LDAPv3 adds the following features to LDAP:</P>
+<UL><UL>
+<LI>Strong authentication and data security services via <TERM>SASL</TERM>
+<LI>Certificate authentication and data security services via <TERM>TLS</TERM> (SSL)
+<LI>Internationalization through the use of Unicode
+<LI>Referrals and Continuations
+<LI>Schema Discovery
+<LI>Extensibility (controls, extended operations, and more)</UL></UL>
+<P>LDAPv2 is historic (<A HREF="http://www.rfc-editor.org/rfc/rfc3494.txt">RFC3494</A>). As most <EM>so-called</EM> LDAPv2 implementations (including <EM>slapd</EM>(8)) do not conform to the LDAPv2 technical specification, interoperatibility amongst implementations claiming LDAPv2 support is limited. As LDAPv2 differs significantly from LDAPv3, deploying both LDAPv2 and LDAPv3 simultaneously is quite problematic. LDAPv2 should be avoided. LDAPv2 is disabled by default.</P>
+<H2><A NAME="What is slapd and what can it do">1.6. What is slapd and what can it do?</A></H2>
+<P><EM>slapd</EM>(8) is an LDAP directory server that runs on many different platforms. You can use it to provide a directory service of your very own. Your directory can contain pretty much anything you want to put in it. You can connect it to the global LDAP directory service, or run a service all by yourself. Some of slapd's more interesting features and capabilities include:</P>
+<P><B>LDAPv3</B>: <EM>slapd</EM> implements version 3 of <TERM>Lightweight Directory Access Protocol</TERM>. <EM>slapd</EM> supports LDAP over both IPv4 and IPv6 and Unix IPC.</P>
+<P><B><TERM>Simple Authentication and Security Layer</TERM></B>: <EM>slapd</EM> supports strong authentication and data security (integrity and confidentiality) services through the use of SASL. <EM>slapd</EM>'s SASL implementation utilizes <A HREF="http://asg.web.cmu.edu/cyrus/">Cyrus</A> <A HREF="http://asg.web.cmu.edu/sasl/sasl-library.html">SASL</A> software which supports a number of mechanisms including DIGEST-MD5, EXTERNAL, and GSSAPI.</P>
+<P><B><TERM>Transport Layer Security</TERM></B>: <EM>slapd</EM> supports certificate-based authentication and data security (integrity and confidentiality) services through the use of TLS (or SSL). <EM>slapd</EM>'s TLS implementation utilizes <A HREF="http://www.openssl.org/">OpenSSL</A> software.</P>
+<P><B>Topology control</B>: <EM>slapd</EM> can be configured to restrict access at the socket layer based upon network topology information. This feature utilizes <EM>TCP wrappers</EM>.</P>
+<P><B>Access control</B>: <EM>slapd</EM> provides a rich and powerful access control facility, allowing you to control access to the information in your database(s). You can control access to entries based on LDAP authorization information, <TERM>IP</TERM> address, domain name and other criteria. <EM>slapd</EM> supports both <EM>static</EM> and <EM>dynamic</EM> access control information.</P>
+<P><B>Internationalization</B>: <EM>slapd</EM> supports Unicode and language tags.</P>
+<P><B>Choice of database backends</B>: <EM>slapd</EM> comes with a variety of different database backends you can choose from. They include <TERM>BDB</TERM>, a high-performance transactional database backend; <TERM>HDB</TERM>, a hierarchical high-performance transactional backend; <TERM>LDBM</TERM>, a lightweight DBM based backend; <EM>SHELL</EM>, a backend interface to arbitrary shell scripts; and PASSWD, a simple backend interface to the <EM>passwd</EM>(5) file. The BDB and HDB backends utilize <A HREF="http://www.sleepycat.com/">Sleepycat</A> <A HREF="http://www.sleepycat.com/products/transactional.shtml">Berkeley DB</A>. The LDBM utilizes either <A HREF="http://www.sleepycat.com/products/transactional.shtml">Berkeley DB</A> or <A HREF="http://www.gnu.org/software/gdbm/">GDBM</A>.</P>
+<P><B>Multiple database instances</B>: <EM>slapd</EM> can be configured to serve multiple databases at the same time. This means that a single <EM>slapd</EM> server can respond to requests for many logically different portions of the LDAP tree, using the same or different database backends.</P>
+<P><B>Generic modules API</B>: If you require even more customization, <EM>slapd</EM> lets you write your own modules easily. <EM>slapd</EM> consists of two distinct parts: a front end that handles protocol communication with LDAP clients; and modules which handle specific tasks such as database operations. Because these two pieces communicate via a well-defined <TERM>C</TERM> <TERM>API</TERM>, you can write your own customized modules which extend <EM>slapd</EM> in numerous ways. Also, a number of <EM>programmable database</EM> modules are provided. These allow you to expose external data sources to <EM>slapd</EM> using popular programming languages (<A HREF="http://www.perl.org/">Perl</A>, <EM>shell</EM>, <A HREF="http://www.jcc.com/SQLPages/jccs_sql.htm">SQL</A>, and <A HREF="http://www.tcl.tk/">TCL</A>).</P>
+<P><B>Threads</B>: <EM>slapd</EM> is threaded for high performance. A single multi-threaded <EM>slapd</EM> process handles all incoming requests using a pool of threads. This reduces the amount of system overhead required while providing high performance.</P>
+<P><B>Replication</B>: <EM>slapd</EM> can be configured to maintain shadow copies of directory information. This <EM>single-master/multiple-slave</EM> replication scheme is vital in high-volume environments where a single <EM>slapd</EM> just doesn't provide the necessary availability or reliability. <EM>slapd</EM> supports two replication methods: <EM>LDAP Sync</EM>-based and <EM>slurpd</EM>(8)-based replication.</P>
+<P><B>Proxy Cache</B>: <EM>slapd</EM> can be configured as a caching LDAP proxy service.</P>
+<P><B>Configuration</B>: <EM>slapd</EM> is highly configurable through a single configuration file which allows you to change just about everything you'd ever want to change. Configuration options have reasonable defaults, making your job much easier.</P>
+<H2><A NAME="What is slurpd and what can it do">1.7. What is slurpd and what can it do?</A></H2>
+<P><EM>slurpd</EM>(8) is a daemon that, with <EM>slapd</EM> help, provides replicated service. It is responsible for distributing changes made to the master <EM>slapd</EM> database out to the various <EM>slapd</EM> replicas. It frees <EM>slapd</EM> from having to worry that some replicas might be down or unreachable when a change comes through; <EM>slurpd</EM> handles retrying failed requests automatically. <EM>slapd</EM> and <EM>slurpd</EM> communicate through a simple text file that is used to log changes.</P>
+<P>See the <A HREF="#Replication with slurpd">Replication with slurpd</A> chapter for information about how to configure and run <EM>slurpd</EM>(8).</P>
+<P>Alternatively, <EM>LDAP-Sync</EM>-based replication may be used to provide a replicated service. See the <A HREF="#LDAP Sync Replication">LDAP Sync Replication</A> chapter for details.</P>
+<P></P>
+<HR>
+<H1><A NAME="A Quick-Start Guide">2. A Quick-Start Guide</A></H1>
+<P>The following is a quick start guide to OpenLDAP Software 2.3, including the stand-alone LDAP daemon, <EM>slapd</EM>(8).</P>
+<P>It is meant to walk you through the basic steps needed to install and configure OpenLDAP Software. It should be used in conjunction with the other chapters of this document, manual pages, and other materials provided with the distribution (e.g. the <TT>INSTALL</TT> document) or on the OpenLDAP web site (in particular, the OpenLDAP Software <TERM>FAQ</TERM>).</P>
+<P>If you intend to run OpenLDAP Software seriously, you should review all of this document before attempting to install the software.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>This quick start guide does not use strong authentication nor any integrity or confidential protection services. These services are described in other chapters of the OpenLDAP Administrator's Guide.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<UL>
+ </UL><OL>
+<LI><B>Get the software</B>
+<BR>
+You can obtain a copy of the software by following the instructions on the OpenLDAP download page (<A HREF="http://www.openldap.org/software/download/">http://www.openldap.org/software/download/</A>). It is recommended that new users start with the latest <EM>release</EM>.
+<BR>
+
+<LI><B>Unpack the distribution</B>
+<BR>
+Pick a directory for the source to live under, change directory to there, and unpack the distribution using the following commands:<UL>
+<TT>gunzip -c openldap-VERSION.tgz | tar xvfB -</TT></UL>
+<BR>
+then relocate yourself into the distribution directory:<UL>
+<TT>cd openldap-VERSION</TT></UL>
+<BR>
+You'll have to replace <TT>VERSION</TT> with the version name of the release.
+<BR>
+
+<LI><B>Review documentation</B>
+<BR>
+You should now review the <TT>COPYRIGHT</TT>, <TT>LICENSE</TT>, <TT>README</TT> and <TT>INSTALL</TT> documents provided with the distribution. The <TT>COPYRIGHT</TT> and <TT>LICENSE</TT> provide information on acceptable use, copying, and limitation of warranty of OpenLDAP software.
+<BR>
+
+<BR>
+You should also review other chapters of this document. In particular, the <A HREF="#Building and Installing OpenLDAP Software">Building and Installing OpenLDAP Software</A> chapter of this document provides detailed information on prerequisite software and installation procedures.
+<BR>
+
+<LI><B>Run <TT>configure</TT></B>
+<BR>
+You will need to run the provided <TT>configure</TT> script to <EM>configure</EM> the distribution for building on your system. The <TT>configure</TT> script accepts many command line options that enable or disable optional software features. Usually the defaults are okay, but you may want to change them. To get a complete list of options that <TT>configure</TT> accepts, use the <TT>--help</TT> option:<UL>
+<TT>./configure --help</TT></UL>
+<BR>
+However, given that you are using this guide, we'll assume you are brave enough to just let <TT>configure</TT> determine what's best:<UL>
+<TT>./configure</TT></UL>
+<BR>
+Assuming <TT>configure</TT> doesn't dislike your system, you can proceed with building the software. If <TT>configure</TT> did complain, well, you'll likely need to go to the FAQ Installation Section (<A HREF="http://www.openldap.org/faq/">http://www.openldap.org/faq/</A> and/or actually read the <A HREF="#Building and Installing OpenLDAP Software">Building and Installing OpenLDAP Software</A> chapter of this document.
+<BR>
+
+<LI><B>Build the software</B>.
+<BR>
+The next step is to build the software. This step has two parts, first we construct dependencies and then we compile the software:<UL>
+<TT>make depend</TT>
+<BR>
+<TT>make</TT></UL>
+<BR>
+Both makes should complete without error.
+<BR>
+
+<LI><B>Test the build</B>.
+<BR>
+To ensure a correct build, you should run the test suite (it only takes a few minutes):<UL>
+<TT>make test</TT></UL>
+<BR>
+Tests which apply to your configuration will run and they should pass. Some tests, such as the replication test, may be skipped.
+<BR>
+
+<LI><B>Install the software</B>.
+<BR>
+You are now ready to install the software; this usually requires <EM>super-user</EM> privileges:<UL>
+<TT>su root -c 'make install'</TT></UL>
+<BR>
+Everything should now be installed under <TT>/usr/local</TT> (or whatever installation prefix was used by <TT>configure</TT>).
+<BR>
+
+<LI><B>Edit the configuration file</B>.
+<BR>
+Use your favorite editor to edit the provided <EM>slapd.conf</EM>(5) example (usually installed as <TT>/usr/local/etc/openldap/slapd.conf</TT>) to contain a BDB database definition of the form:<UL>
+<TT>database bdb</TT>
+<BR>
+<TT>suffix "dc=<MY-DOMAIN>,dc=<COM>"</TT>
+<BR>
+<TT>rootdn "cn=Manager,dc=<MY-DOMAIN>,dc=<COM>"</TT>
+<BR>
+<TT>rootpw secret</TT>
+<BR>
+<TT>directory /usr/local/var/openldap-data</TT></UL>
+<BR>
+Be sure to replace <TT><MY-DOMAIN></TT> and <TT><COM></TT> with the appropriate domain components of your domain name. For example, for <TT>example.com</TT>, use:<UL>
+<TT>database bdb</TT>
+<BR>
+<TT>suffix "dc=example,dc=com"</TT>
+<BR>
+<TT>rootdn "cn=Manager,dc=example,dc=com"</TT>
+<BR>
+<TT>rootpw secret</TT>
+<BR>
+<TT>directory /usr/local/var/openldap-data</TT></UL>
+<BR>
+If your domain contains additional components, such as <TT>eng.uni.edu.eu</TT>, use:<UL>
+<TT>database bdb</TT>
+<BR>
+<TT>suffix "dc=eng,dc=uni,dc=edu,dc=eu"</TT>
+<BR>
+<TT>rootdn "cn=Manager,dc=eng,dc=uni,dc=edu,dc=eu"</TT>
+<BR>
+<TT>rootpw secret</TT>
+<BR>
+<TT>directory /usr/local/var/openldap-data</TT></UL>
+<BR>
+Details regarding configuring <EM>slapd</EM>(8) can be found in the <EM>slapd.conf</EM>(5) manual page and the <A HREF="#The slapd Configuration File">The slapd Configuration File</A> chapter of this document. Note that the specified directory must exist prior to starting <EM>slapd</EM>(8).
+<BR>
+
+<LI><B>Start SLAPD</B>.
+<BR>
+You are now ready to start the stand-alone LDAP server, <EM>slapd</EM>(8), by running the command:<UL>
+<TT>su root -c /usr/local/libexec/slapd</TT></UL>
+<BR>
+To check to see if the server is running and configured correctly, you can run a search against it with <EM>ldapsearch</EM>(1). By default, ldapsearch is installed as <TT>/usr/local/bin/ldapsearch</TT>:<UL>
+<TT>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</TT></UL>
+<BR>
+Note the use of single quotes around command parameters to prevent special characters from being interpreted by the shell. This should return:<UL>
+<TT>dn:</TT>
+<BR>
+<TT>namingContexts: dc=example,dc=com</TT></UL>
+<BR>
+Details regarding running <EM>slapd</EM>(8) can be found in the <EM>slapd</EM>(8) manual page and the <A HREF="#Running slapd">Running slapd</A> chapter of this document.
+<BR>
+
+<LI><B>Add initial entries to your directory</B>.
+<BR>
+You can use <EM>ldapadd</EM>(1) to add entries to your LDAP directory. <EM>ldapadd</EM> expects input in LDIF form. We'll do it in two steps:<OL>
+<LI>create an LDIF file
+<LI>run ldapadd</OL>
+<BR>
+Use your favorite editor and create an LDIF file that contains:<UL>
+<TT>dn: dc=<MY-DOMAIN>,dc=<COM></TT>
+<BR>
+<TT>objectclass: dcObject</TT>
+<BR>
+<TT>objectclass: organization</TT>
+<BR>
+<TT>o: <MY ORGANIZATION></TT>
+<BR>
+<TT>dc: <MY-DOMAIN></TT>
+<BR>
+<TT></TT>
+<BR>
+<TT>dn: cn=Manager,dc=<MY-DOMAIN>,dc=<COM></TT>
+<BR>
+<TT>objectclass: organizationalRole</TT>
+<BR>
+<TT>cn: Manager</TT></UL>
+<BR>
+Be sure to replace <TT><MY-DOMAIN></TT> and <TT><COM></TT> with the appropriate domain components of your domain name. <TT><MY ORGANIZATION></TT> should be replaced with the name of your organization. When you cut and paste, be sure to trim any leading and trailing whitespace from the example.<UL>
+<TT>dn: dc=example,dc=com</TT>
+<BR>
+<TT>objectclass: dcObject</TT>
+<BR>
+<TT>objectclass: organization</TT>
+<BR>
+<TT>o: Example Company</TT>
+<BR>
+<TT>dc: example</TT>
+<BR>
+<TT></TT>
+<BR>
+<TT>dn: cn=Manager,dc=example,dc=com</TT>
+<BR>
+<TT>objectclass: organizationalRole</TT>
+<BR>
+<TT>cn: Manager</TT></UL>
+<BR>
+Now, you may run <EM>ldapadd</EM>(1) to insert these entries into your directory.<UL>
+<TT>ldapadd -x -D "cn=Manager,dc=<MY-DOMAIN>,dc=<COM>" -W -f example.ldif</TT></UL>
+<BR>
+Be sure to replace <TT><MY-DOMAIN></TT> and <TT><COM></TT> with the appropriate domain components of your domain name. You will be prompted for the "<TT>secret</TT>" specified in <TT>slapd.conf</TT>. For example, for <TT>example.com</TT>, use:<UL>
+<TT>ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif</TT></UL>
+<BR>
+where <TT>example.ldif</TT> is the file you created above.<UL>
+<TT> </TT></UL>
+<BR>
+Additional information regarding directory creation can be found in the <A HREF="#Database Creation and Maintenance Tools">Database Creation and Maintenance Tools</A> chapter of this document.
+<BR>
+
+<LI><B>See if it works</B>.
+<BR>
+Now we're ready to verify the added entries are in your directory. You can use any LDAP client to do this, but our example uses the <EM>ldapsearch</EM>(1) tool. Remember to replace <TT>dc=example,dc=com</TT> with the correct values for your site:<UL>
+<TT>ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'</TT></UL>
+<BR>
+This command will search for and retrieve every entry in the database.</OL>
+<P>You are now ready to add more entries using <EM>ldapadd</EM>(1) or another LDAP client, experiment with various configuration options, backend arrangements, etc..</P>
+<P>Note that by default, the <EM>slapd</EM>(8) database grants <EM>read access to everybody</EM> excepting the <EM>super-user</EM> (as specified by the <TT>rootdn</TT> configuration directive). It is highly recommended that you establish controls to restrict access to authorized users. Access controls are discussed in the <A HREF="#Access Control">Access Control</A> section of <A HREF="#The slapd Configuration File">The slapd Configuration File</A> chapter. You are also encouraged to read the <A HREF="#Security Considerations">Security Considerations</A>, <A HREF="#Using SASL">Using SASL</A> and <A HREF="#Using TLS">Using TLS</A> sections.</P>
+<P>The following chapters provide more detailed information on making, installing, and running <EM>slapd</EM>(8).</P>
+<P></P>
+<HR>
+<H1><A NAME="The Big Picture - Configuration Choices">3. The Big Picture - Configuration Choices</A></H1>
+<P>This section gives a brief overview of various <TERM>LDAP</TERM> directory configurations, and how your stand-alone LDAP server <EM>slapd</EM>(8) fits in with the rest of the world.</P>
+<H2><A NAME="Local Directory Service">3.1. Local Directory Service</A></H2>
+<P>In this configuration, you run a <EM>slapd</EM> which provides directory service for your local domain only. It does not interact with other directory servers in any way. This configuration is shown in Figure 3.1.</P>
+<P><CENTER><IMG SRC="config_local.gif" ALIGN="center"></CENTER></P>
+<P ALIGN="Center">Figure 3.1: Local service configuration.</P>
+<P>Use this configuration if you are just starting out (it's the one the quick-start guide makes for you) or if you want to provide a local service and are not interested in connecting to the rest of the world. It's easy to upgrade to another configuration later if you want.</P>
+<H2><A NAME="Local Directory Service with Referrals">3.2. Local Directory Service with Referrals</A></H2>
+<P>In this configuration, you run a slapd which provides directory service for your local domain and configure it to return referrals to a <EM>superior</EM> service capable of handling requests outside your local domain. You may run this service yourself or use one provided to you. This configuration is shown in Figure 3.2.</P>
+<P><CENTER><IMG SRC="config_ref.gif" ALIGN="center"></CENTER></P>
+<P ALIGN="Center">Figure 3.2: Local service with referrals</P>
+<P>Use this configuration if you want to provide local service and participate in the Global Directory.</P>
+<H2><A NAME="Replicated Directory Service">3.3. Replicated Directory Service</A></H2>
+<P>The slurpd daemon is used to propagate changes from a master slapd to one or more slave slapds. An example master-slave configuration is shown in figure 3.3.</P>
+<P><CENTER><IMG SRC="config_repl.gif" ALIGN="center"></CENTER></P>
+<P ALIGN="Center">Figure 3.3: Replicated Directory Services</P>
+<P>This configuration can be used in conjunction with either of the first two configurations in situations where a single slapd does not provide the required reliability or availability.</P>
+<H2><A NAME="Distributed Local Directory Service">3.4. Distributed Local Directory Service</A></H2>
+<P>In this configuration, the local service is partitioned into smaller services, each of which may be replicated, and <EM>glued</EM> together with <EM>superior</EM> and <EM>subordinate</EM> referrals.</P>
+<P></P>
+<HR>
+<H1><A NAME="Building and Installing OpenLDAP Software">4. Building and Installing OpenLDAP Software</A></H1>
+<P>This chapter details how to build and install the <A HREF="http://www.openldap.org/">OpenLDAP</A> Software package including <EM>slapd</EM>(8), the stand-alone LDAP daemon and <EM>slurpd</EM>(8), the stand-alone update replication daemon. Building and installing OpenLDAP Software requires several steps: installing prerequisite software, configuring OpenLDAP Software itself, making, and finally installing. The following sections describe this process in detail.</P>
+<H2><A NAME="Obtaining and Extracting the Software">4.1. Obtaining and Extracting the Software</A></H2>
+<P>You can obtain OpenLDAP Software from the project's download page at <A HREF="http://www.openldap.org/software/download/">http://www.openldap.org/software/download/</A> or directly from the project's <TERM>FTP</TERM> service at <A HREF="ftp://ftp.openldap.org/pub/OpenLDAP/">ftp://ftp.openldap.org/pub/OpenLDAP/</A>.</P>
+<P>The project makes available two series of packages for <EM>general use</EM>. The project makes <EM>releases</EM> as new features and bug fixes come available. Though the project takes steps to improve stablity of these releases, it is common for problems to arise only after <EM>release</EM>. The <EM>stable</EM> release is the latest <EM>release</EM> which has demonstrated stability through general use.</P>
+<P>Users of OpenLDAP Software can choose, depending on their desire for the <EM>latest features</EM> versus <EM>demonstrated stability</EM>, the most appropriate series to install.</P>
+<P>After downloading OpenLDAP Software, you need to extract the distribution from the compressed archive file and change your working directory to the top directory of the distribution:</P>
+<UL>
+<TT>gunzip -c openldap-VERSION.tgz | tar xf -</TT>
+<BR>
+<TT>cd openldap-VERSION</TT></UL>
+<P>You'll have to replace <TT>VERSION</TT> with the version name of the release.</P>
+<P>You should now review the <TT>COPYRIGHT</TT>, <TT>LICENSE</TT>, <TT>README</TT> and <TT>INSTALL</TT> documents provided with the distribution. The <TT>COPYRIGHT</TT> and <TT>LICENSE</TT> provide information on acceptable use, copying, and limitation of warranty of OpenLDAP Software. The <TT>README</TT> and <TT>INSTALL</TT> documents provide detailed information on prerequisite software and installation procedures.</P>
+<H2><A NAME="Prerequisite software">4.2. Prerequisite software</A></H2>
+<P>OpenLDAP Software relies upon a number of software packages distributed by third parties. Depending on the features you intend to use, you may have to download and install a number of additional software packages. This section details commonly needed third party software packages you might have to install. However, for an up-to-date prerequisite information, the <TT>README</TT> document should be consulted. Note that some of these third party packages may depend on additional software packages. Install each package per the installation instructions provided with it.</P>
+<H3><A NAME="{{TERM[expand]TLS}}">4.2.1. <TERM>Transport Layer Security</TERM></A></H3>
+<P>OpenLDAP clients and servers require installation of <A HREF="http://www.openssl.org/">OpenSSL</A> <TERM>TLS</TERM> libraries to provide <TERM>Transport Layer Security</TERM> services. Though some operating systems may provide these libraries as part of the base system or as an optional software component, OpenSSL often requires separate installation.</P>
+<P>OpenSSL is available from <A HREF="http://www.openssl.org/">http://www.openssl.org/</A>.</P>
+<P>OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's <TT>configure</TT> detects a usable OpenSSL installation.</P>
+<H3><A NAME="Kerberos Authentication Services">4.2.2. Kerberos Authentication Services</A></H3>
+<P>OpenLDAP clients and servers support Kerberos-based authentication services. In particular, OpenLDAP supports the <TERM>SASL</TERM>/<TERM>GSSAPI</TERM> authentication mechanism using either <A HREF="http://www.pdc.kth.se/heimdal/">Heimdal</A> or <A HREF="http://web.mit.edu/kerberos/www/">MIT Kerberos</A> V packages. If you desire to use Kerberos-based SASL/GSSAPI authentication, you should install either Heimdal or MIT Kerberos V.</P>
+<P>Heimdal Kerberos is available from <A HREF="http://www.pdc.kth.se/heimdal/">http://www.pdc.kth.se/heimdal/</A>. MIT Kerberos is available from <A HREF="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</A>.</P>
+<P>Use of strong authentication services, such as those provided by Kerberos, is highly recommended.</P>
+<H3><A NAME="{{TERM[expand]SASL}}">4.2.3. <TERM>Simple Authentication and Security Layer</TERM></A></H3>
+<P>OpenLDAP clients and servers require installation of <A HREF="http://asg.web.cmu.edu/cyrus/">Cyrus</A>'s <A HREF="http://asg.web.cmu.edu/sasl/sasl-library.html">SASL</A> libraries to provide <TERM>Simple Authentication and Security Layer</TERM> services. Though some operating systems may provide this library as part of the base system or as an optional software component, Cyrus SASL often requires separate installation.</P>
+<P>Cyrus SASL is available from <A HREF="http://asg.web.cmu.edu/sasl/sasl-library.html">http://asg.web.cmu.edu/sasl/sasl-library.html</A>. Cyrus SASL will make use of OpenSSL and Kerberos/GSSAPI libraries if preinstalled.</P>
+<P>OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's configure detects a usable Cyrus SASL installation.</P>
+<H3><A NAME="Database Software">4.2.4. Database Software</A></H3>
+<P>OpenLDAP's <EM>slapd</EM>(8) <TERM>BDB</TERM> and <TERM>HDB</TERM> primary database backends require <A HREF="http://www.sleepycat.com/">Sleepycat Software</A> <A HREF="http://www.sleepycat.com/products/transactional.shtml">Berkeley DB</A>. If not available at configure time, you will not be able build <EM>slapd</EM>(8) with these primary database backends.</P>
+<P>Your operating system may provide a supported version of <A HREF="http://www.sleepycat.com/products/transactional.shtml">Berkeley DB</A> in the base system or as an optional software component. If not, you'll have to obtain and install it yourself.</P>
+<P><A HREF="http://www.sleepycat.com/products/transactional.shtml">Berkeley DB</A> is available from <A HREF="http://www.sleepycat.com/">Sleepycat Software</A>'s download page <A HREF="http://www.sleepycat.com/download/">http://www.sleepycat.com/download/</A>. There are several versions available. Generally, the most recent release (with published patches) is recommended. This package is required if you wish to use the <TERM>BDB</TERM> or <TERM>HDB</TERM> database backends.</P>
+<P>OpenLDAP's <EM>slapd</EM>(8) LDBM backend supports a variety of data base managers including <A HREF="http://www.sleepycat.com/products/transactional.shtml">Berkeley DB</A> and <A HREF="http://www.gnu.org/software/gdbm/">GDBM</A>. <A HREF="http://www.gnu.org/software/gdbm/">GDBM</A> is available from <A HREF="http://www.fsf.org/">FSF</A>'s download site <A HREF="ftp://ftp.gnu.org/pub/gnu/gdbm/">ftp://ftp.gnu.org/pub/gnu/gdbm/</A>.</P>
+<H3><A NAME="Threads">4.2.5. Threads</A></H3>
+<P>OpenLDAP is designed to take advantage of threads. OpenLDAP supports POSIX <EM>pthreads</EM>, Mach <EM>CThreads</EM>, and a number of other varieties. <TT>configure</TT> will complain if it cannot find a suitable thread subsystem. If this occurs, please consult the <TT>Software|Installation|Platform Hints</TT> section of the OpenLDAP FAQ <A HREF="http://www.openldap.org/faq/">http://www.openldap.org/faq/</A>.</P>
+<H3><A NAME="TCP Wrappers">4.2.6. TCP Wrappers</A></H3>
+<P><EM>slapd</EM>(8) supports TCP Wrappers (IP level access control filters) if preinstalled. Use of TCP Wrappers or other IP-level access filters (such as those provided by an IP-level firewall) is recommended for servers containing non-public information.</P>
+<H2><A NAME="Running configure">4.3. Running configure</A></H2>
+<P>Now you should probably run the <TT>configure</TT> script with the <TT>--help</TT> option. This will give you a list of options that you can change when building OpenLDAP. Many of the features of OpenLDAP can be enabled or disabled using this method.</P>
+<PRE>
+ ./configure --help
+</PRE>
+<P>The <TT>configure</TT> script will also look at various environment variables for certain settings. These environment variables include:</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 4.1: Environment Variables</CAPTION>
+<TR CLASS="heading">
+<TD>
+<STRONG>Variable</STRONG>
+</TD>
+<TD>
+<STRONG>Description</STRONG>
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>CC</TT>
+</TD>
+<TD>
+Specify alternative C Compiler
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>CFLAGS</TT>
+</TD>
+<TD>
+Specify additional compiler flags
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>CPPFLAGS</TT>
+</TD>
+<TD>
+Specify C Preprocessor flags
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>LDFLAGS</TT>
+</TD>
+<TD>
+Specify linker flags
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>LIBS</TT>
+</TD>
+<TD>
+Specify additional libraries
+</TD>
+</TR>
+</TABLE>
+
+<P>Now run the configure script with any desired configuration options or environment variables.</P>
+<PRE>
+ [[env] settings] ./configure [options]
+</PRE>
+<P>As an example, let's assume that we want to install OpenLDAP with BDB backend and TCP Wrappers support. By default, BDB is enabled and TCP Wrappers is not. So, we just need to specify <TT>--with-wrappers</TT> to include TCP Wrappers support:</P>
+<PRE>
+ ./configure --with-wrappers
+</PRE>
+<P>However, this will fail to locate dependent software not installed in system directories. For example, if TCP Wrappers headers and libraries are installed in <TT>/usr/local/include</TT> and <TT>/usr/local/lib</TT> respectively, the <TT>configure</TT> script should be called as follows:</P>
+<PRE>
+ env CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" \
+ ./configure --with-wrappers
+</PRE>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>Some shells, such as those derived from the Bourne <EM>sh</EM>(1), do not require use of the <EM>env</EM>(1) command. In some cases, environmental variables have to be specified using alternative syntaxes.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<P>The <TT>configure</TT> script will normally auto-detect appropriate settings. If you have problems at this stage, consult any platform specific hints and check your <TT>configure</TT> options, if any.</P>
+<H2><A NAME="Building the Software">4.4. Building the Software</A></H2>
+<P>Once you have run the <TT>configure</TT> script the last line of output should be:</P>
+<PRE>
+ Please "make depend" to build dependencies
+</PRE>
+<P>If the last line of output does not match, <TT>configure</TT> has failed, and you will need to review its output to determine what went wrong. You should not proceed until <TT>configure</TT> completes successfully.</P>
+<P>To build dependencies, run:</P>
+<PRE>
+ make depend
+</PRE>
+<P>Now build the software, this step will actually compile OpenLDAP.</P>
+<PRE>
+ make
+</PRE>
+<P>You should examine the output of this command carefully to make sure everything is built correctly. Note that this command builds the LDAP libraries and associated clients as well as <EM>slapd</EM>(8) and <EM>slurpd</EM>(8).</P>
+<H2><A NAME="Testing the Software">4.5. Testing the Software</A></H2>
+<P>Once the software has been properly configured and successfully made, you should run the test suite to verify the build.</P>
+<PRE>
+ make test
+</PRE>
+<P>Tests which apply to your configuration will run and they should pass. Some tests, such as the replication test, may be skipped if not supported by your configuration.</P>
+<H2><A NAME="Installing the Software">4.6. Installing the Software</A></H2>
+<P>Once you have successfully tested the software, you are ready to install it. You will need to have write permission to the installation directories you specified when you ran configure. By default OpenLDAP Software is installed in <TT>/usr/local</TT>. If you changed this setting with the <TT>--prefix</TT> configure option, it will be installed in the location you provided.</P>
+<P>Typically, the installation requires <EM>super-user</EM> privileges. From the top level OpenLDAP source directory, type:</P>
+<PRE>
+ su root -c 'make install'
+</PRE>
+<P>and enter the appropriate password when requested.</P>
+<P>You should examine the output of this command carefully to make sure everything is installed correctly. You will find the configuration files for <EM>slapd</EM>(8) in <TT>/usr/local/etc/openldap</TT> by default. See the chapter <A HREF="#Configuring slapd">Configuring slapd</A> for additional information.</P>
+<P></P>
+<HR>
+<H1><A NAME="Configuring slapd">5. Configuring slapd</A></H1>
+<P>Once the software has been built and installed, you are ready to configure <EM>slapd</EM>(8) for use at your site. Unlike previous OpenLDAP releases, the slapd runtime configuration in 2.3 is fully LDAP-enabled and can be managed using the standard LDAP operations with data in <TERM>LDIF</TERM>. The LDAP configuration engine allows all of slapd's configuration options to be changed on the fly, generally without requiring a server restart for the changes to take effect. The old style <EM>slapd.conf</EM>(5) file is still supported, but must be converted to the new <EM>slapd.d</EM>(5) format to allow runtime changes to be saved. While the old style configuration uses a single file, normally installed as <TT>/usr/local/etc/openldap/slapd.conf</TT>, the new style uses a slapd backend database to store the configuration. The configuration database normally resides in the <TT>/usr/local/etc/openldap/slapd.d</TT> directory.</P>
+<P>An alternate configuration directory (or file) can be specified via a command-line option to <EM>slapd</EM>(8) or <EM>slurpd</EM>(8). This chapter describes the general format of the configuration system, followed by a detailed description of commonly used config settings.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>some of the backends and of the distributed overlays do not support runtime configuration yet. In those cases, the old style <EM>slapd.conf</EM>(5) file must be used.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>the current version of <EM>slurpd</EM> has not been updated for compatibility with this new configuration engine. If you must use slurpd for replication at your site, you will have to maintain an old-style <EM>slapd.conf</EM> file for slurpd to use.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H2><A NAME="Configuration Layout">5.1. Configuration Layout</A></H2>
+<P>The slapd configuration is stored as a special LDAP directory with a predefined schema and DIT. There are specific objectClasses used to carry global configuration options, schema definitions, backend and database definitions, and assorted other items. A sample config tree is shown in Figure 5.1.</P>
+<P><CENTER><IMG SRC="config_dit.gif" ALIGN="center"></CENTER></P>
+<P ALIGN="Center">Figure 5.1: Sample configuration tree.</P>
+<P>Other objects may be part of the configuration but were omitted from the illustration for clarity.</P>
+<P>The <EM>slapd.d</EM> configuration tree has a very specific structure. The root of the tree is named <TT>cn=config</TT> and contains global configuration settings. Additional settings are contained in separate child entries:</P>
+<UL>
+<LI>Include files<UL>
+Usually these are just pathnames left over from a converted <TT>slapd.conf</TT> file.
+<BR>
+Otherwise use of Include files is deprecated.</UL>
+<LI>Dynamically loaded modules<UL>
+These may only be used if the <TT>--enable-modules</TT> option was used to configure the software.</UL>
+<LI>Schema definitions<UL>
+The <TT>cn=schema,cn=config</TT> entry contains the system schema (all the schema that is hard-coded in slapd).
+<BR>
+Child entries of <TT>cn=schema,cn=config</TT> contain user schema as loaded from config files or added at runtime.</UL>
+<LI>Backend-specific configuration
+<LI>Database-specific configuration<UL>
+Overlays are defined in children of the Database entry.
+<BR>
+Databases and Overlays may also have other miscellaneous children.</UL></UL>
+<P>The usual rules for LDIF files apply to the configuration information: Comment lines beginning with a '<TT>#</TT>' character are ignored. If a line begins with a single space, it is considered a continuation of the previous line (even if the previous line is a comment) and the single leading space is removed. Entries are separated by blank lines.</P>
+<P>The general layout of the config LDIF is as follows:</P>
+<PRE>
+ # global configuration settings
+ dn: cn=config
+ objectClass: olcGlobal
+ cn: config
+ <global config settings>
+
+ # schema definitions
+ dn: cn=schema,cn=config
+ objectClass: olcSchemaConfig
+ cn: schema
+ <system schema>
+
+ dn: cn={X}core,cn=schema,cn=config
+ objectClass: olcSchemaConfig
+ cn: {X}core
+ <core schema>
+
+ # additional user-specified schema
+ ...
+
+ # backend definitions
+ dn: olcBackend=<typeA>,cn=config
+ objectClass: olcBackendConfig
+ olcBackend: <typeA>
+ <backend-specific settings>
+
+ # database definitions
+ dn: olcDatabase={X}<typeA>,cn=config
+ objectClass: olcDatabaseConfig
+ olcDatabase: {X}<typeA>
+ <database-specific settings>
+
+ # subsequent definitions and settings
+ ...
+</PRE>
+<P>Some of the entries listed above have a numeric index <TT>"{X}"</TT> in their names. While most configuration settings have an inherent ordering dependency (i.e., one setting must take effect before a subsequent one may be set), LDAP databases are inherently unordered. The numeric index is used to enforce a consistent ordering in the configuration database, so that all ordering dependencies are preserved. In most cases the index does not have to be provided; it will be automatically generated based on the order in which entries are created.</P>
+<P>Configuration directives are specified as values of individual attributes. Most of the attributes and objectClasses used in the slapd configuration have a prefix of <TT>"olc"</TT> (OpenLDAP Configuration) in their names. Generally there is a one-to-one correspondence between the attributes and the old-style <TT>slapd.conf</TT> configuration keywords, using the keyword as the attribute name, with the "olc" prefix attached.</P>
+<P>A configuration directive may take arguments. If so, the arguments are separated by white space. If an argument contains white space, the argument should be enclosed in double quotes <TT>"like this"</TT>. In the descriptions that follow, arguments that should be replaced by actual text are shown in brackets <TT><></TT>.</P>
+<P>The distribution contains an example configuration file that will be installed in the <TT>/usr/local/etc/openldap</TT> directory. A number of files containing schema definitions (attribute types and object classes) are also provided in the <TT>/usr/local/etc/openldap/schema</TT> directory.</P>
+<H2><A NAME="Configuration Directives">5.2. Configuration Directives</A></H2>
+<P>This section details commonly used configuration directives. For a complete list, see the <EM>slapd.d</EM>(5) manual page. This section will treat the configuration directives in a top-down order, starting with the global directives in the <TT>cn=config</TT> entry. Each directive will be described along with its default value (if any) and an example of its use.</P>
+<H3><A NAME="cn=config">5.2.1. cn=config</A></H3>
+<P>Directives contained in this entry generally apply to the server as a whole. Most of them are system or connection oriented, not database related. This entry must have the <TT>olcGlobal</TT> objectClass.</P>
+<H4><A NAME="olcIdleTimeout: <integer>">5.2.1.1. olcIdleTimeout: <integer></A></H4>
+<P>Specify the number of seconds to wait before forcibly closing an idle client connection. A value of 0, the default, disables this feature.</P>
+<H4><A NAME="olcLogLevel: <level>">5.2.1.2. olcLogLevel: <level></A></H4>
+<P>This directive specifies the level at which debugging statements and operation statistics should be syslogged (currently logged to the <EM>syslogd</EM>(8) <TT>LOG_LOCAL4</TT> facility). You must have configured OpenLDAP <TT>--enable-debug</TT> (the default) for this to work (except for the two statistics levels, which are always enabled). Log levels may be specified as integers or by keyword. Multiple log levels may be used and the levels are additive. To display what levels correspond to what kind of debugging, invoke slapd with <TT>-?</TT> or consult the table below. The possible values for <level> are:</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 5.1: Debugging Levels</CAPTION>
+<TR CLASS="heading">
+<TD ALIGN='Right'>
+<STRONG>Level</STRONG>
+</TD>
+<TD ALIGN='Left'>
+<STRONG>Keyword</STRONG>
+</TD>
+<TD>
+<STRONG>Description</STRONG>
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+-1
+</TD>
+<TD ALIGN='Left'>
+Any
+</TD>
+<TD>
+enable all debugging
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+0
+</TD>
+<TD ALIGN='Left'>
+
+</TD>
+<TD>
+no debugging
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+1
+</TD>
+<TD ALIGN='Left'>
+Trace
+</TD>
+<TD>
+trace function calls
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+2
+</TD>
+<TD ALIGN='Left'>
+Packets
+</TD>
+<TD>
+debug packet handling
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+4
+</TD>
+<TD ALIGN='Left'>
+Args
+</TD>
+<TD>
+heavy trace debugging
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+8
+</TD>
+<TD ALIGN='Left'>
+Conns
+</TD>
+<TD>
+connection management
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+16
+</TD>
+<TD ALIGN='Left'>
+BER
+</TD>
+<TD>
+print out packets sent and received
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+32
+</TD>
+<TD ALIGN='Left'>
+Filter
+</TD>
+<TD>
+search filter processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+64
+</TD>
+<TD ALIGN='Left'>
+Config
+</TD>
+<TD>
+configuration processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+128
+</TD>
+<TD ALIGN='Left'>
+ACL
+</TD>
+<TD>
+access control list processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+256
+</TD>
+<TD ALIGN='Left'>
+Stats
+</TD>
+<TD>
+stats log connections/operations/results
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+512
+</TD>
+<TD ALIGN='Left'>
+Stats2
+</TD>
+<TD>
+stats log entries sent
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+1024
+</TD>
+<TD ALIGN='Left'>
+Shell
+</TD>
+<TD>
+print communication with shell backends
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+2048
+</TD>
+<TD ALIGN='Left'>
+Parse
+</TD>
+<TD>
+print entry parsing debugging
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+4096
+</TD>
+<TD ALIGN='Left'>
+Cache
+</TD>
+<TD>
+database cache processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+8192
+</TD>
+<TD ALIGN='Left'>
+Index
+</TD>
+<TD>
+database indexing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+16384
+</TD>
+<TD ALIGN='Left'>
+Sync
+</TD>
+<TD>
+syncrepl consumer processing
+</TD>
+</TR>
+</TABLE>
+
+<P>Example:</P>
+<PRE>
+ olcLogLevel: -1
+</PRE>
+<P>This will cause lots and lots of debugging information to be logged.</P>
+<PRE>
+ olcLogLevel: Conns Filter
+</PRE>
+<P>Just log the connection and search filter processing.</P>
+<P>Default:</P>
+<PRE>
+ olcLogLevel: Stats
+</PRE>
+<H4><A NAME="olcReferral <URI>">5.2.1.3. olcReferral <URI></A></H4>
+<P>This directive specifies the referral to pass back when slapd cannot find a local database to handle a request.</P>
+<P>Example:</P>
+<PRE>
+ olcReferral: ldap://root.openldap.org
+</PRE>
+<P>This will refer non-local queries to the global root LDAP server at the OpenLDAP Project. Smart LDAP clients can re-ask their query at that server, but note that most of these clients are only going to know how to handle simple LDAP URLs that contain a host part and optionally a distinguished name part.</P>
+<H4><A NAME="Sample Entry">5.2.1.4. Sample Entry</A></H4>
+<PRE>
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcIdleTimeout: 30
+olcLogLevel: Stats
+olcReferral: ldap://root.openldap.org
+</PRE>
+<H3><A NAME="cn=include">5.2.2. cn=include</A></H3>
+<P>An include entry holds the pathname of one include file. Include files are part of the old style slapd.conf configuration system and must be in slapd.conf format. Include files were commonly used to load schema specifications. While they are still supported, their use is deprecated. Include entries must have the <TT>olcIncludeFile</TT> objectClass.</P>
+<H4><A NAME="olcInclude: <filename>">5.2.2.1. olcInclude: <filename></A></H4>
+<P>This directive specifies that slapd should read additional configuration information from the given file.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>You should be careful when using this directive - there is no small limit on the number of nested include directives, and no loop detection is done.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H4><A NAME="Sample Entries">5.2.2.2. Sample Entries</A></H4>
+<PRE>
+dn: cn=include{0},cn=config
+objectClass: olcIncludeFile
+cn: include{0}
+olcInclude: ./schema/core.schema
+
+dn: cn=include{1},cn=config
+objectClass: olcIncludeFile
+cn: include{1}
+olcInclude: ./schema/cosine.schema
+</PRE>
+<H3><A NAME="cn=module">5.2.3. cn=module</A></H3>
+<P>If support for dynamically loaded modules was enabled when configuring slapd, <TT>cn=module</TT> entries may be used to specify sets of modules to load. Module entries must have the <TT>olcModuleList</TT> objectClass.</P>
+<H4><A NAME="olcModuleLoad: <filename>">5.2.3.1. olcModuleLoad: <filename></A></H4>
+<P>Specify the name of a dynamically loadable module to load. The filename may be an absolute path name or a simple filename. Non-absolute names are searched for in the directories specified by the <TT>olcModulePath</TT> directive.</P>
+<H4><A NAME="olcModulePath: <pathspec>">5.2.3.2. olcModulePath: <pathspec></A></H4>
+<P>Specify a list of directories to search for loadable modules. Typically the path is colon-separated but this depends on the operating system.</P>
+<H4><A NAME="Sample Entries">5.2.3.3. Sample Entries</A></H4>
+<PRE>
+dn: cn=module{0},cn=config
+objectClass: olcModuleList
+cn: module{0}
+olcModuleLoad: /usr/local/lib/smbk5pwd.la
+
+dn: cn=module{1},cn=config
+objectClass: olcModuleList
+cn: module{1}
+olcModulePath: /usr/local/lib:/usr/local/lib/slapd
+olcModuleLoad: accesslog.la
+olcModuleLoad: pcache.la
+</PRE>
+<H3><A NAME="cn=schema">5.2.4. cn=schema</A></H3>
+<P>The cn=schema entry holds all of the schema definitions that are hard-coded in slapd. As such, the values in this entry are generated by slapd so no schema values need to be provided in the config file. The entry must still be defined though, to serve as a base for the user-defined schema to add in underneath. Schema entries must have the <TT>olcSchemaConfig</TT> objectClass.</P>
+<H4><A NAME="olcAttributeTypes: <{{REF:RFC2252}} Attribute Type Description>"> </A>5.2.4.1. olcAttributeTypes: <<A HREF="http://www.rfc-editor.org/rfc/rfc2252.txt">RFC2252</A> Attribute Type Description></H4>
+<P>This directive defines an attribute type. Please see the <A HREF="#Schema Specification">Schema Specification</A> chapter for information regarding how to use this directive.</P>
+<H4><A NAME="olcObjectClasses: <{{REF:RFC2252}} Object Class Description>"> </A>5.2.4.2. olcObjectClasses: <<A HREF="http://www.rfc-editor.org/rfc/rfc2252.txt">RFC2252</A> Object Class Description></H4>
+<P>This directive defines an object class. Please see the <A HREF="#Schema Specification">Schema Specification</A> chapter for information regarding how to use this directive.</P>
+<H4><A NAME="Sample Entries">5.2.4.3. Sample Entries</A></H4>
+<PRE>
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+dn: cn=test,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: test
+olcAttributeTypes: ( 1.1.1
+ NAME 'testAttr'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+olcAttributeTypes: ( 1.1.2 NAME 'testTwo' EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+olcObjectClasses: ( 1.1.3 NAME 'testObject'
+ MAY ( testAttr $ testTwo ) AUXILIARY )
+</PRE>
+<H3><A NAME="Backend-specific Directives">5.2.5. Backend-specific Directives</A></H3>
+<P>Backend directives apply to all database instances of the same type and, depending on the directive, may be overridden by database directives. Backend entries must have the <TT>olcBackendConfig</TT> objectClass.</P>
+<H4><A NAME="olcBackend: <type>">5.2.5.1. olcBackend: <type></A></H4>
+<P>This directive names a backend-specific configuration entry. <TT><type></TT> should be one of the supported backend types listed in Table 5.2.</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 5.2: Database Backends</CAPTION>
+<TR CLASS="heading">
+<TD>
+<STRONG>Types</STRONG>
+</TD>
+<TD>
+<STRONG>Description</STRONG>
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>bdb</TT>
+</TD>
+<TD>
+Berkeley DB transactional backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>config</TT>
+</TD>
+<TD>
+Slapd configuration backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>dnssrv</TT>
+</TD>
+<TD>
+DNS SRV backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>hdb</TT>
+</TD>
+<TD>
+Hierarchical variant of bdb backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>ldap</TT>
+</TD>
+<TD>
+Lightweight Directory Access Protocol (Proxy) backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>ldbm</TT>
+</TD>
+<TD>
+Lightweight DBM backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>ldif</TT>
+</TD>
+<TD>
+Lightweight Data Interchange Format backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>meta</TT>
+</TD>
+<TD>
+Meta Directory backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>monitor</TT>
+</TD>
+<TD>
+Monitor backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>passwd</TT>
+</TD>
+<TD>
+Provides read-only access to <EM>passwd</EM>(5)
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>perl</TT>
+</TD>
+<TD>
+Perl Programmable backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>shell</TT>
+</TD>
+<TD>
+Shell (extern program) backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>sql</TT>
+</TD>
+<TD>
+SQL Programmable backend
+</TD>
+</TR>
+</TABLE>
+
+<P>Example:</P>
+<PRE>
+ olcBackend: bdb
+</PRE>
+<P>There are no other directives defined for this entry. Specific backend types may define additional attributes for their particular use but so far none have ever been defined. As such, these directives usually do not appear in any actual configurations.</P>
+<H4><A NAME="Sample Entry">5.2.5.2. Sample Entry</A></H4>
+<PRE>
+ dn: olcBackend=bdb,cn=config
+ objectClass: olcBackendConfig
+ olcBackend: bdb
+</PRE>
+<H3><A NAME="Database-specific Directives">5.2.6. Database-specific Directives</A></H3>
+<P>Directives in this section are supported by every type of database. Database entries must have the <TT>olcDatabaseConfig</TT> objectClass.</P>
+<H4><A NAME="olcDatabase: [{<index>}]<type>">5.2.6.1. olcDatabase: [{<index>}]<type></A></H4>
+<P>This directive names a specific database instance. The numeric {<index>} may be provided to distinguish multiple databases of the same type. Usually the index can be omitted, and slapd will generate it automatically. <TT><type></TT> should be one of the supported backend types listed in Table 5.2 or the <TT>frontend</TT> type.</P>
+<P>The <TT>frontend</TT> is a special database that is used to hold database-level options that should be applied to all the other databases. Subsequent database definitions may also override some frontend settings.</P>
+<P>The <TT>config</TT> database is also special; both the <TT>config</TT> and the <TT>frontend</TT> databases are always created implicitly even if they are not explicitly configured, and they are created before any other databases.</P>
+<P>Example:</P>
+<PRE>
+ olcDatabase: bdb
+</PRE>
+<P>This marks the beginning of a new <TERM>BDB</TERM> database instance.</P>
+<H4><A NAME="olcAccess: to <what> [ by <who> <accesslevel> <control> ]+">5.2.6.2. olcAccess: to <what> [ by <who> <accesslevel> <control> ]+</A></H4>
+<P>This directive grants access (specified by <accesslevel>) to a set of entries and/or attributes (specified by <what>) by one or more requesters (specified by <who>). See the <A HREF="#Access Control">Access Control</A> section of this chapter for a summary of basic usage.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>If no <TT>olcAccess</TT> directives are specified, the default access control policy, <TT>to * by * read</TT>, allows all users (both authenticated and anonymous) read access.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>Access controls defined in the frontend are appended to all other databases' controls.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H4><A NAME="olcReadonly { TRUE | FALSE }">5.2.6.3. olcReadonly { TRUE | FALSE }</A></H4>
+<P>This directive puts the database into "read-only" mode. Any attempts to modify the database will return an "unwilling to perform" error.</P>
+<P>Default:</P>
+<PRE>
+ olcReadonly: FALSE
+</PRE>
+<H4><A NAME="olcReplica">5.2.6.4. olcReplica</A></H4>
+<PRE>
+ olcReplica: uri=ldap[s]://<hostname>[:<port>] | host=<hostname>[:<port>]
+ [bindmethod={simple|sasl}]
+ ["binddn=<DN>"]
+ [saslmech=<mech>]
+ [authcid=<identity>]
+ [authzid=<identity>]
+ [credentials=<password>]
+</PRE>
+<P>This directive specifies a replication site for this database for use with slurpd. The <TT>uri=</TT> parameter specifies a scheme, a host and optionally a port where the slave slapd instance can be found. Either a domain name or IP address may be used for <hostname>. If <port> is not given, the standard LDAP port number (389 or 636) is used.</P>
+<P><TT>host</TT> is deprecated in favor of the <TT>uri</TT> parameter.</P>
+<P><TT>uri</TT> allows the replica LDAP server to be specified as an LDAP URI such as <TT>ldap://slave.example.com:389</TT> or <TT>ldaps://slave.example.com:636</TT>.</P>
+<P>The <TT>binddn=</TT> parameter gives the DN to bind as for updates to the slave slapd. It should be a DN which has read/write access to the slave slapd's database. It must also match the <TT>updatedn</TT> directive in the slave slapd's config file. Generally, this DN <EM>should not</EM> be the same as the <TT>rootdn</TT> of the master database. Since DNs are likely to contain embedded spaces, the entire <TT>"binddn=<DN>"</TT> string should be enclosed in double quotes.</P>
+<P>The <TT>bindmethod</TT> is <TT>simple</TT> or <TT>sasl</TT>, depending on whether simple password-based authentication or <TERM>SASL</TERM> authentication is to be used when connecting to the slave slapd.</P>
+<P>Simple authentication should not be used unless adequate data integrity and confidentiality protections are in place (e.g. TLS or IPSEC). Simple authentication requires specification of <TT>binddn</TT> and <TT>credentials</TT> parameters.</P>
+<P>SASL authentication is generally recommended. SASL authentication requires specification of a mechanism using the <TT>saslmech</TT> parameter. Depending on the mechanism, an authentication identity and/or credentials can be specified using <TT>authcid</TT> and <TT>credentials</TT> respectively. The <TT>authzid</TT> parameter may be used to specify an authorization identity.</P>
+<P>See the chapter entitled <A HREF="#Replication with slurpd">Replication with slurpd</A> for more information on how to use this directive.</P>
+<H4><A NAME="olcReplogfile: <filename>">5.2.6.5. olcReplogfile: <filename></A></H4>
+<P>This directive specifies the name of the replication log file to which slapd will log changes. The replication log is typically written by slapd and read by slurpd. Normally, this directive is only used if slurpd is being used to replicate the database. However, you can also use it to generate a transaction log, if slurpd is not running. In this case, you will need to periodically truncate the file, since it will grow indefinitely otherwise.</P>
+<P>See the chapter entitled <A HREF="#Replication with slurpd">Replication with slurpd</A> for more information on how to use this directive.</P>
+<H4><A NAME="olcRootDN: <DN>">5.2.6.6. olcRootDN: <DN></A></H4>
+<P>This directive specifies the DN that is not subject to access control or administrative limit restrictions for operations on this database. The DN need not refer to an entry in this database or even in the directory. The DN may refer to a SASL identity.</P>
+<P>Entry-based Example:</P>
+<PRE>
+ olcRootDN: "cn=Manager,dc=example,dc=com"
+</PRE>
+<P>SASL-based Example:</P>
+<PRE>
+ olcRootDN: "uid=root,cn=example.com,cn=digest-md5,cn=auth"
+</PRE>
+<P>See the <A HREF="#SASL Authentication">SASL Authentication</A> section for information on SASL authentication identities.</P>
+<H4><A NAME="olcRootPW: <password>">5.2.6.7. olcRootPW: <password></A></H4>
+<P>This directive can be used to specify a password for the DN for the rootdn (when the rootdn is set to a DN within the database).</P>
+<P>Example:</P>
+<PRE>
+ olcRootPW: secret
+</PRE>
+<P>It is also permissible to provide a hash of the password in RFC 2307 form. <EM>slappasswd</EM>(8) may be used to generate the password hash.</P>
+<P>Example:</P>
+<PRE>
+ olcRootPW: {SSHA}ZKKuqbEKJfKSXhUbHG3fG8MDn9j1v4QN
+</PRE>
+<P>The hash was generated using the command <TT>slappasswd -s secret</TT>.</P>
+<H4><A NAME="olcSizeLimit: <integer>">5.2.6.8. olcSizeLimit: <integer></A></H4>
+<P>This directive specifies the maximum number of entries to return from a search operation.</P>
+<P>Default:</P>
+<PRE>
+ olcSizeLimit: 500
+</PRE>
+<H4><A NAME="olcSuffix: <dn suffix>">5.2.6.9. olcSuffix: <dn suffix></A></H4>
+<P>This directive specifies the DN suffix of queries that will be passed to this backend database. Multiple suffix lines can be given, and usually at least one is required for each database definition. (Some backend types, such as <TT>frontend</TT> and <TT>monitor</TT> use a hard-coded suffix which may not be overridden in the configuration.)</P>
+<P>Example:</P>
+<PRE>
+ olcSuffix: "dc=example,dc=com"
+</PRE>
+<P>Queries with a DN ending in "dc=example,dc=com" will be passed to this backend.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>When the backend to pass a query to is selected, slapd looks at the suffix value(s) in each database definition in the order in which they were configured. Thus, if one database suffix is a prefix of another, it must appear after it in the configuration.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H4><A NAME="olcSyncrepl">5.2.6.10. olcSyncrepl</A></H4>
+<PRE>
+ olcSyncrepl: rid=<replica ID>
+ provider=ldap[s]://<hostname>[:port]
+ [starttls=yes|critical]
+ [type=refreshOnly|refreshAndPersist]
+ [interval=dd:hh:mm:ss]
+ [retry=[<retry interval> <# of retries>]+]
+ searchbase=<base DN>
+ [filter=<filter str>]
+ [scope=sub|one|base]
+ [attrs=<attr list>]
+ [attrsonly]
+ [sizelimit=<limit>]
+ [timelimit=<limit>]
+ [schemachecking=on|off]
+ [bindmethod=simple|sasl]
+ [binddn=<DN>]
+ [saslmech=<mech>]
+ [authcid=<identity>]
+ [authzid=<identity>]
+ [credentials=<passwd>]
+ [realm=<realm>]
+ [secprops=<properties>]
+</PRE>
+<P>This directive specifies the current database as a replica of the master content by establishing the current <EM>slapd</EM>(8) as a replication consumer site running a syncrepl replication engine. The master database is located at the replication provider site specified by the <TT>provider</TT> parameter. The replica database is kept up-to-date with the master content using the LDAP Content Synchronization protocol. See <TT>draft-zeilenga-ldup-sync-xx.txt</TT> (<EM>a work in progress</EM>) for more information on the protocol.</P>
+<P>The <TT>rid</TT> parameter is used for identification of the current <TT>syncrepl</TT> directive within the replication consumer server, where <TT><replica ID></TT> uniquely identifies the syncrepl specification described by the current <TT>syncrepl</TT> directive. <TT><replica ID></TT> is non-negative and is no more than three decimal digits in length.</P>
+<P>The <TT>provider</TT> parameter specifies the replication provider site containing the master content as an LDAP URI. The <TT>provider</TT> parameter specifies a scheme, a host and optionally a port where the provider slapd instance can be found. Either a domain name or IP address may be used for <hostname>. Examples are <TT>ldap://provider.example.com:389</TT> or <TT>ldaps://192.168.1.1:636</TT>. If <port> is not given, the standard LDAP port number (389 or 636) is used. Note that the syncrepl uses a consumer-initiated protocol, and hence its specification is located at the consumer site, whereas the <TT>replica</TT> specification is located at the provider site. <TT>syncrepl</TT> and <TT>replica</TT> directives define two independent replication mechanisms. They do not represent the replication peers of each other.</P>
+<P>The <TT>starttls</TT> parameter specifies use of the StartTLS extended operation to establish a TLS session before Binding to the provider. If the StartTLS request fails and the <TT>critical</TT> argument was used, the session will be aborted. Otherwise the syncrepl session continues without TLS.</P>
+<P>The content of the syncrepl replica is defined using a search specification as its result set. The consumer slapd will send search requests to the provider slapd according to the search specification. The search specification includes <TT>searchbase</TT>, <TT>scope</TT>, <TT>filter</TT>, <TT>attrs</TT>, <TT>attrsonly</TT>, <TT>sizelimit</TT>, and <TT>timelimit</TT> parameters as in the normal search specification. The <TT>searchbase</TT> parameter has no default value and must always be specified. The <TT>scope</TT> defaults to <TT>sub</TT>, the <TT>filter</TT> defaults to <TT>(objectclass=*)</TT>, <TT>attrs</TT> defaults to <TT>"*,+"</TT> to replicate all user and operational attributes, and <TT>attrsonly</TT> is unset by default. Both <TT>sizelimit</TT> and <TT>timelimit</TT> default to "unlimited", and only positive integers or "unlimited" may be specified.</P>
+<P>The LDAP Content Synchronization protocol has two operation types: <TT>refreshOnly</TT> and <TT>refreshAndPersist</TT>. The operation type is specified by the <TT>type</TT> parameter. In the <TT>refreshOnly</TT> operation, the next synchronization search operation is periodically rescheduled at an interval time after each synchronization operation finishes. The interval is specified by the <TT>interval</TT> parameter. It is set to one day by default. In the <TT>refreshAndPersist</TT> operation, a synchronization search remains persistent in the provider slapd. Further updates to the master replica will generate <TT>searchResultEntry</TT> to the consumer slapd as the search responses to the persistent synchronization search.</P>
+<P>If an error occurs during replication, the consumer will attempt to reconnect according to the retry parameter which is a list of the <retry interval> and <# of retries> pairs. For example, retry="60 10 300 3" lets the consumer retry every 60 seconds for the first 10 times and then retry every 300 seconds for the next three times before stop retrying. + in <# of retries> means indefinite number of retries until success.</P>
+<P>The schema checking can be enforced at the LDAP Sync consumer site by turning on the <TT>schemachecking</TT> parameter. If it is turned on, every replicated entry will be checked for its schema as the entry is stored into the replica content. Every entry in the replica should contain those attributes required by the schema definition. If it is turned off, entries will be stored without checking schema conformance. The default is off.</P>
+<P>The <TT>binddn</TT> parameter gives the DN to bind as for the syncrepl searches to the provider slapd. It should be a DN which has read access to the replication content in the master database.</P>
+<P>The <TT>bindmethod</TT> is <TT>simple</TT> or <TT>sasl</TT>, depending on whether simple password-based authentication or <TERM>SASL</TERM> authentication is to be used when connecting to the provider slapd.</P>
+<P>Simple authentication should not be used unless adequate data integrity and confidentiality protections are in place (e.g. TLS or IPSEC). Simple authentication requires specification of <TT>binddn</TT> and <TT>credentials</TT> parameters.</P>
+<P>SASL authentication is generally recommended. SASL authentication requires specification of a mechanism using the <TT>saslmech</TT> parameter. Depending on the mechanism, an authentication identity and/or credentials can be specified using <TT>authcid</TT> and <TT>credentials</TT>, respectively. The <TT>authzid</TT> parameter may be used to specify an authorization identity.</P>
+<P>The <TT>realm</TT> parameter specifies a realm which a certain mechanisms authenticate the identity within. The <TT>secprops</TT> parameter specifies Cyrus SASL security properties.</P>
+<P>The syncrepl replication mechanism is supported by the three native backends: back-bdb, back-hdb, and back-ldbm.</P>
+<P>See the <A HREF="#LDAP Sync Replication">LDAP Sync Replication</A> chapter of the admin guide for more information on how to use this directive.</P>
+<H4><A NAME="olcTimeLimit: <integer>">5.2.6.11. olcTimeLimit: <integer></A></H4>
+<P>This directive specifies the maximum number of seconds (in real time) slapd will spend answering a search request. If a request is not finished in this time, a result indicating an exceeded timelimit will be returned.</P>
+<P>Default:</P>
+<PRE>
+ olcTimeLimit: 3600
+</PRE>
+<H4><A NAME="olcUpdateDN: <DN>">5.2.6.12. olcUpdateDN: <DN></A></H4>
+<P>This directive is only applicable in a slave slapd. It specifies the DN allowed to make changes to the replica. This may be the DN <EM>slurpd</EM>(8) binds as when making changes to the replica or the DN associated with a SASL identity.</P>
+<P>Entry-based Example:</P>
+<PRE>
+ olcUpdateDN: "cn=Update Daemon,dc=example,dc=com"
+</PRE>
+<P>SASL-based Example:</P>
+<PRE>
+ olcUpdateDN: "uid=slurpd,cn=example.com,cn=digest-md5,cn=auth"
+</PRE>
+<P>See the <A HREF="#Replication with slurpd">Replication with slurpd</A> chapter for more information on how to use this directive.</P>
+<H4><A NAME="olcUpdateref: <URL>">5.2.6.13. olcUpdateref: <URL></A></H4>
+<P>This directive is only applicable in a slave slapd. It specifies the URL to return to clients which submit update requests upon the replica. If specified multiple times, each <TERM>URL</TERM> is provided.</P>
+<P>Example:</P>
+<PRE>
+ olcUpdateref: ldap://master.example.net
+</PRE>
+<H4><A NAME="Sample Entries">5.2.6.14. Sample Entries</A></H4>
+<PRE>
+dn: olcDatabase=frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: frontend
+olcReadOnly: FALSE
+
+dn: olcDatabase=config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: config
+olcRootDN: cn=Manager,dc=example,dc=com
+</PRE>
+<H3><A NAME="BDB and HDB Database Directives">5.2.7. BDB and HDB Database Directives</A></H3>
+<P>Directives in this category apply to both the <TERM>BDB</TERM> and the <TERM>HDB</TERM> database. They are used in an olcDatabase entry in addition to the generic database directives defined above. For a complete reference of BDB/HDB configuration directives, see <EM>slapd-bdb</EM>(5). In addition to the <TT>olcDatabaseConfig</TT> objectClass, BDB and HDB database entries must have the <TT>olcBdbConfig</TT> and <TT>olcHdbConfig</TT> objectClass, respectively.</P>
+<H4><A NAME="olcDbDirectory: <directory>">5.2.7.1. olcDbDirectory: <directory></A></H4>
+<P>This directive specifies the directory where the BDB files containing the database and associated indices live.</P>
+<P>Default:</P>
+<PRE>
+ olcDbDirectory: /usr/local/var/openldap-data
+</PRE>
+<H4><A NAME="olcDbCachesize: <integer>">5.2.7.2. olcDbCachesize: <integer></A></H4>
+<P>This directive specifies the size in entries of the in-memory cache maintained by the BDB backend database instance.</P>
+<P>Default:</P>
+<PRE>
+ olcDbCachesize: 1000
+</PRE>
+<H4><A NAME="olcDbCheckpoint: <kbyte> <min>">5.2.7.3. olcDbCheckpoint: <kbyte> <min></A></H4>
+<P>This directive specifies how often to checkpoint the BDB transaction log. A checkpoint operation flushes the database buffers to disk and writes a checkpoint record in the log. The checkpoint will occur if either <kbyte> data has been written or <min> minutes have passed since the last checkpont. Both arguments default to zero, in which case they are ignored. When the <min> argument is non-zero, an internal task will run every <min> minutes to perform the checkpoint. See the Berkeley DB reference guide for more details.</P>
+<P>Example:</P>
+<PRE>
+ olcDbCheckpoint: 1024 10
+</PRE>
+<H4><A NAME="olcDbConfig: <DB_CONFIG setting>">5.2.7.4. olcDbConfig: <DB_CONFIG setting></A></H4>
+<P>This attribute specifies a configuration directive to be placed in the <TT>DB_CONFIG</TT> file of the database directory. At server startup time, if no such file exists yet, the <TT>DB_CONFIG</TT> file will be created and the settings in this attribute will be written to it. If the file exists, its contents will be read and displayed in this attribute. The attribute is multi-valued, to accomodate multiple configuration directives. No default is provided, but it is essential to use proper settings here to get the best server performance.</P>
+<P>Example:</P>
+<PRE>
+ olcDbConfig: set_cachesize 0 10485760 0
+ olcDbConfig: set_lg_bsize 2097512
+ olcDbConfig: set_lg_dir /var/tmp/bdb-log
+ olcDbConfig: set_flags DB_LOG_AUTOREMOVE
+</PRE>
+<P>In this example, the BDB cache is set to 10MB, the BDB transaction log buffer size is set to 2MB, and the transaction log files are to be stored in the /var/tmp/bdb-log directory. Also a flag is set to tell BDB to delete transaction log files as soon as their contents have been checkpointed and they are no longer needed. Without this setting the transaction log files will continue to accumulate until some other cleanup procedure removes them. See the SleepyCat documentation for the <TT>db_archive</TT> command for details.</P>
+<P>Ideally the BDB cache must be at least as large as the working set of the database, the log buffer size should be large enough to accomodate most transactions without overflowing, and the log directory must be on a separate physical disk from the main database files. And both the database directory and the log directory should be separate from disks used for regular system activities such as the root, boot, or swap filesystems. See the FAQ-o-Matic and the SleepyCat documentation for more details.</P>
+<H4><A NAME="olcDbNosync: { TRUE | FALSE }">5.2.7.5. olcDbNosync: { TRUE | FALSE }</A></H4>
+<P>This option causes on-disk database contents to not be immediately synchronized with in memory changes upon change. Setting this option to <TT>TRUE</TT> may improve performance at the expense of data integrity. This directive has the same effect as using</P>
+<PRE>
+ olcDbConfig: set_flags DB_TXN_NOSYNC
+</PRE>
+<H4><A NAME="olcDbIDLcacheSize: <integer>">5.2.7.6. olcDbIDLcacheSize: <integer></A></H4>
+<P>Specify the size of the in-memory index cache, in index slots. The default is zero. A larger value will speed up frequent searches of indexed entries. The optimal size will depend on the data and search characteristics of the database, but using a number three times the entry cache size is a good starting point.</P>
+<P>Example:</P>
+<PRE>
+ olcDbIDLcacheSize: 3000
+</PRE>
+<H4><A NAME="olcDbIndex: {<attrlist> | default} [pres,eq,approx,sub,none]">5.2.7.7. olcDbIndex: {<attrlist> | default} [pres,eq,approx,sub,none]</A></H4>
+<P>This directive specifies the indices to maintain for the given attribute. If only an <TT><attrlist></TT> is given, the default indices are maintained.</P>
+<P>Example:</P>
+<PRE>
+ olcDbIndex: default pres,eq
+ olcDbIndex: uid
+ olcDbIndex: cn,sn pres,eq,sub
+ olcDbIndex: objectClass eq
+</PRE>
+<P>The first line sets the default set of indices to maintain to present and equality. The second line causes the default (pres,eq) set of indices to be maintained for the <TT>uid</TT> attribute type. The third line causes present, equality, and substring indices to be maintained for <TT>cn</TT> and <TT>sn</TT> attribute types. The fourth line causes an equality index for the <TT>objectClass</TT> attribute type.</P>
+<P>By default, no indices are maintained. It is generally advised that minimally an equality index upon objectClass be maintained.</P>
+<PRE>
+ olcDbindex: objectClass eq
+</PRE>
+<P>If this setting is changed while slapd is running, an internal task will be run to generate the changed index data. All server operations can continue as normal while the indexer does its work. If slapd is stopped before the index task completes, indexing will have to be manually completed using the slapindex tool.</P>
+<H4><A NAME="olcDbLinearIndex: { TRUE | FALSE }">5.2.7.8. olcDbLinearIndex: { TRUE | FALSE }</A></H4>
+<P>If this setting is <TT>TRUE</TT> slapindex will index one attribute at a time. The default settings is <TT>FALSE</TT> in which case all indexed attributes of an entry are processed at the same time. When enabled, each indexed attribute is processed individually, using multiple passes through the entire database. This option improves slapindex performance when the database size exceeds the BDB cache size. When the BDB cache is large enough, this option is not needed and will decrease performance. Also by default, slapadd performs full indexing and so a separate slapindex run is not needed. With this option, slapadd does no indexing and slapindex must be used.</P>
+<H4><A NAME="olcDbMode: <integer>">5.2.7.9. olcDbMode: <integer></A></H4>
+<P>This directive specifies the file protection mode that newly created database index files should have.</P>
+<P>Default:</P>
+<PRE>
+ olcDbMode: 0600
+</PRE>
+<H4><A NAME="olcDbSearchStack: <integer>">5.2.7.10. olcDbSearchStack: <integer></A></H4>
+<P>Specify the depth of the stack used for search filter evaluation. Search filters are evaluated on a stack to accomodate nested <TT>AND</TT> / <TT>OR</TT> clauses. An individual stack is allocated for each server thread. The depth of the stack determines how complex a filter can be evaluated without requiring any additional memory allocation. Filters that are nested deeper than the search stack depth will cause a separate stack to be allocated for that particular search operation. These separate allocations can have a major negative impact on server performance, but specifying too much stack will also consume a great deal of memory. Each search uses 512K bytes per level on a 32-bit machine, or 1024K bytes per level on a 64-bit machine. The default stack depth is 16, thus 8MB or 16MB per thread is used on 32 and 64 bit machines, respectively. Also the 512KB size of a single stack slot is set by a compile-time constant which may be changed if needed; the code must be recompiled for the change to take effect.</P>
+<P>Default:</P>
+<PRE>
+ olcDbSearchStack: 16
+</PRE>
+<H4><A NAME="olcDbShmKey: <integer>">5.2.7.11. olcDbShmKey: <integer></A></H4>
+<P>Specify a key for a shared memory BDB environment. By default the BDB environment uses memory mapped files. If a non-zero value is specified, it will be used as the key to identify a shared memory region that will house the environment.</P>
+<P>Example:</P>
+<PRE>
+ olcDbShmKey: 42
+</PRE>
+<H4><A NAME="Sample Entry">5.2.7.12. Sample Entry</A></H4>
+<PRE>
+dn: olcDatabase=hdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcHdbConfig
+olcDatabase: hdb
+olcSuffix: "dc=example,dc=com"
+olcDbDirectory: /usr/local/var/openldap-data
+olcDbCacheSize: 1000
+olcDbCheckpoint: 1024 10
+olcDbConfig: set_cachesize 0 10485760 0
+olcDbConfig: set_lg_bsize 2097152
+olcDbConfig: set_lg_dir /var/tmp/bdb-log
+olcDbConfig: set_flags DB_LOG_AUTOREMOVE
+olcDbIDLcacheSize: 3000
+olcDbIndex: objectClass eq
+</PRE>
+<H2><A NAME="Access Control">5.3. Access Control</A></H2>
+<P>Access to slapd entries and attributes is controlled by the olcAccess attribute, whose values are a sequence of access directives. The general form of the olcAccess configuration is:</P>
+<PRE>
+ olcAccess: <access directive>
+ <access directive> ::= to <what>
+ [by <who> <access> <control>]+
+ <what> ::= * |
+ [dn[.<basic-style>]=<regex> | dn.<scope-style>=<DN>]
+ [filter=<ldapfilter>] [attrs=<attrlist>]
+ <basic-style> ::= regex | exact
+ <scope-style> ::= base | one | subtree | children
+ <attrlist> ::= <attr> [val[.<basic-style>]=<regex>] | <attr> , <attrlist>
+ <attr> ::= <attrname> | entry | children
+ <who> ::= * | [anonymous | users | self
+ | dn[.<basic-style>]=<regex> | dn.<scope-style>=<DN>]
+ [dnattr=<attrname>]
+ [group[/<objectclass>[/<attrname>][.<basic-style>]]=<regex>]
+ [peername[.<basic-style>]=<regex>]
+ [sockname[.<basic-style>]=<regex>]
+ [domain[.<basic-style>]=<regex>]
+ [sockurl[.<basic-style>]=<regex>]
+ [set=<setspec>]
+ [aci=<attrname>]
+ <access> ::= [self]{<level>|<priv>}
+ <level> ::= none | auth | compare | search | read | write
+ <priv> ::= {=|+|-}{w|r|s|c|x|0}+
+ <control> ::= [stop | continue | break]
+</PRE>
+<P>where the <what> part selects the entries and/or attributes to which the access applies, the <TT><who></TT> part specifies which entities are granted access, and the <TT><access></TT> part specifies the access granted. Multiple <TT><who> <access> <control></TT> triplets are supported, allowing many entities to be granted different access to the same set of entries and attributes. Not all of these access control options are described here; for more details see the <EM>slapd.access</EM>(5) man page.</P>
+<H3><A NAME="What to control access to">5.3.1. What to control access to</A></H3>
+<P>The <what> part of an access specification determines the entries and attributes to which the access control applies. Entries are commonly selected in two ways: by DN and by filter. The following qualifiers select entries by DN:</P>
+<PRE>
+ to *
+ to dn[.<basic-style>]=<regex>
+ to dn.<scope-style>=<DN>
+</PRE>
+<P>The first form is used to select all entries. The second form may be used to select entries by matching a regular expression against the target entry's <EM>normalized DN</EM>. (The second form is not discussed further in this document.) The third form is used to select entries which are within the requested scope of DN. The <DN> is a string representation of the Distinguished Name, as described in <A HREF="http://www.rfc-editor.org/rfc/rfc2253.txt">RFC2253</A>.</P>
+<P>The scope can be either <TT>base</TT>, <TT>one</TT>, <TT>subtree</TT>, or <TT>children</TT>. Where <TT>base</TT> matches only the entry with provided DN, <TT>one</TT> matches the entries whose parent is the provided DN, <TT>subtree</TT> matches all entries in the subtree whose root is the provided DN, and <TT>children</TT> matches all entries under the DN (but not the entry named by the DN).</P>
+<P>For example, if the directory contained entries named:</P>
+<PRE>
+ 0: o=suffix
+ 1: cn=Manager,o=suffix
+ 2: ou=people,o=suffix
+ 3: uid=kdz,ou=people,o=suffix
+ 4: cn=addresses,uid=kdz,ou=people,o=suffix
+ 5: uid=hyc,ou=people,o=suffix
+</PRE>
+<P>Then:</P>
+<UL>
+<TT>dn.base="ou=people,o=suffix"</TT> match 2;
+<BR>
+<TT>dn.one="ou=people,o=suffix"</TT> match 3, and 5;
+<BR>
+<TT>dn.subtree="ou=people,o=suffix"</TT> match 2, 3, 4, and 5; and
+<BR>
+<TT>dn.children="ou=people,o=suffix"</TT> match 3, 4, and 5.</UL>
+<P>Entries may also be selected using a filter:</P>
+<PRE>
+ to filter=<ldap filter>
+</PRE>
+<P>where <ldap filter> is a string representation of an LDAP search filter, as described in <A HREF="http://www.rfc-editor.org/rfc/rfc2254.txt">RFC2254</A>. For example:</P>
+<PRE>
+ to filter=(objectClass=person)
+</PRE>
+<P>Note that entries may be selected by both DN and filter by including both qualifiers in the <what> clause.</P>
+<PRE>
+ to dn.one="ou=people,o=suffix" filter=(objectClass=person)
+</PRE>
+<P>Attributes within an entry are selected by including a comma-separated list of attribute names in the <what> selector:</P>
+<PRE>
+ attrs=<attribute list>
+</PRE>
+<P>A specific value of an attribute is selected by using a single attribute name and also using a value selector:</P>
+<PRE>
+ attrs=<attribute> val[.<style>]=<regex>
+</PRE>
+<P>There are two special <EM>pseudo</EM> attributes <TT>entry</TT> and <TT>children</TT>. To read (and hence return) a target entry, the subject must have <TT>read</TT> access to the target's <EM>entry</EM> attribute. To add or delete an entry, the subject must have <TT>write</TT> access to the entry's <TT>entry</TT> attribute AND must have <TT>write</TT> access to the entry's parent's <TT>children</TT> attribute. To rename an entry, the subject must have <TT>write</TT> access to entry's <TT>entry</TT> attribute AND have <TT>write</TT> access to both the old parent's and new parent's <TT>children</TT> attributes. The complete examples at the end of this section should help clear things up.</P>
+<P>Lastly, there is a special entry selector <TT>"*"</TT> that is used to select any entry. It is used when no other <TT><what></TT> selector has been provided. It's equivalent to "<TT>dn=.*</TT>"</P>
+<H3><A NAME="Who to grant access to">5.3.2. Who to grant access to</A></H3>
+<P>The <who> part identifies the entity or entities being granted access. Note that access is granted to "entities" not "entries." The following table summarizes entity specifiers:</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 5.3: Access Entity Specifiers</CAPTION>
+<TR CLASS="heading">
+<TD>
+<STRONG>Specifier</STRONG>
+</TD>
+<TD>
+<STRONG>Entities</STRONG>
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>*</TT>
+</TD>
+<TD>
+All, including anonymous and authenticated users
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>anonymous</TT>
+</TD>
+<TD>
+Anonymous (non-authenticated) users
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>users</TT>
+</TD>
+<TD>
+Authenticated users
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>self</TT>
+</TD>
+<TD>
+User associated with target entry
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>dn[.<basic-style>]=<regex></TT>
+</TD>
+<TD>
+Users matching a regular expression
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>dn.<scope-style>=<DN></TT>
+</TD>
+<TD>
+Users within scope of a DN
+</TD>
+</TR>
+</TABLE>
+
+<P>The DN specifier behaves much like <what> clause DN specifiers.</P>
+<P>Other control factors are also supported. For example, a <TT><who></TT> can be restricted by an entry listed in a DN-valued attribute in the entry to which the access applies:</P>
+<PRE>
+ dnattr=<dn-valued attribute name>
+</PRE>
+<P>The dnattr specification is used to give access to an entry whose DN is listed in an attribute of the entry (e.g., give access to a group entry to whoever is listed as the owner of the group entry).</P>
+<P>Some factors may not be appropriate in all environments (or any). For example, the domain factor relies on IP to domain name lookups. As these can easily spoofed, the domain factor should not be avoided.</P>
+<H3><A NAME="The access to grant">5.3.3. The access to grant</A></H3>
+<P>The kind of <access> granted can be one of the following:</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 5.4: Access Levels</CAPTION>
+<TR CLASS="heading">
+<TD ALIGN='Left'>
+<STRONG>Level</STRONG>
+</TD>
+<TD ALIGN='Right'>
+<STRONG>Privileges</STRONG>
+</TD>
+<TD ALIGN='Left'>
+<STRONG>Description</STRONG>
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>none</TT>
+</TD>
+<TD ALIGN='Right'>
+<TT>=0</TT>
+</TD>
+<TD ALIGN='Left'>
+no access
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>auth</TT>
+</TD>
+<TD ALIGN='Right'>
+<TT>=x</TT>
+</TD>
+<TD ALIGN='Left'>
+needed to bind
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>compare</TT>
+</TD>
+<TD ALIGN='Right'>
+<TT>=cx</TT>
+</TD>
+<TD ALIGN='Left'>
+needed to compare
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>search</TT>
+</TD>
+<TD ALIGN='Right'>
+<TT>=scx</TT>
+</TD>
+<TD ALIGN='Left'>
+needed to apply search filters
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>read</TT>
+</TD>
+<TD ALIGN='Right'>
+<TT>=rscx</TT>
+</TD>
+<TD ALIGN='Left'>
+needed to read search results
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>write</TT>
+</TD>
+<TD ALIGN='Right'>
+<TT>=wrscx</TT>
+</TD>
+<TD ALIGN='Left'>
+needed to modify/rename
+</TD>
+</TR>
+</TABLE>
+
+<P>Each level implies all lower levels of access. So, for example, granting someone <TT>write</TT> access to an entry also grants them <TT>read</TT>, <TT>search</TT>, <TT>compare</TT>, and <TT>auth</TT> access. However, one may use the privileges specifier to grant specific permissions.</P>
+<H3><A NAME="Access Control Evaluation">5.3.4. Access Control Evaluation</A></H3>
+<P>When evaluating whether some requester should be given access to an entry and/or attribute, slapd compares the entry and/or attribute to the <TT><what></TT> selectors given in the configuration. For each entry, access controls provided in the database which holds the entry (or the first database if not held in any database) apply first, followed by the global access directives (which are held in the <TT>frontend</TT> database definition). Within this priority, access directives are examined in the order in which they appear in the configuration attribute. Slapd stops with the first <TT><what></TT> selector that matches the entry and/or attribute. The corresponding access directive is the one slapd will use to evaluate access.</P>
+<P>Next, slapd compares the entity requesting access to the <TT><who></TT> selectors within the access directive selected above in the order in which they appear. It stops with the first <TT><who></TT> selector that matches the requester. This determines the access the entity requesting access has to the entry and/or attribute.</P>
+<P>Finally, slapd compares the access granted in the selected <TT><access></TT> clause to the access requested by the client. If it allows greater or equal access, access is granted. Otherwise, access is denied.</P>
+<P>The order of evaluation of access directives makes their placement in the configuration file important. If one access directive is more specific than another in terms of the entries it selects, it should appear first in the configuration. Similarly, if one <TT><who></TT> selector is more specific than another it should come first in the access directive. The access control examples given below should help make this clear.</P>
+<H3><A NAME="Access Control Examples">5.3.5. Access Control Examples</A></H3>
+<P>The access control facility described above is quite powerful. This section shows some examples of its use for descriptive purposes.</P>
+<P>A simple example:</P>
+<PRE>
+ olcAccess: to * by * read
+</PRE>
+<P>This access directive grants read access to everyone.</P>
+<PRE>
+ olcAccess: to *
+ by self write
+ by anonymous auth
+ by * read
+</PRE>
+<P>This directive allows the user to modify their entry, allows anonymous to authenticate against these entries, and allows all others to read these entries. Note that only the first <TT>by <who></TT> clause which matches applies. Hence, the anonymous users are granted <TT>auth</TT>, not <TT>read</TT>. The last clause could just as well have been "<TT>by users read</TT>".</P>
+<P>It is often desirable to restrict operations based upon the level of protection in place. The following shows how security strength factors (SSF) can be used.</P>
+<PRE>
+ olcAccess: to *
+ by ssf=128 self write
+ by ssf=64 anonymous auth
+ by ssf=64 users read
+</PRE>
+<P>This directive allows users to modify their own entries if security protections of strength 128 or better have been established, allows authentication access to anonymous users, and read access when strength 64 or better security protections have been established. If the client has not establish sufficient security protections, the implicit <TT>by * none</TT> clause would be applied.</P>
+<P>The following example shows the use of style specifiers to select the entries by DN in two access directives where ordering is significant.</P>
+<PRE>
+ olcAccess: to dn.children="dc=example,dc=com"
+ by * search
+ olcAccess: to dn.children="dc=com"
+ by * read
+</PRE>
+<P>Read access is granted to entries under the <TT>dc=com</TT> subtree, except for those entries under the <TT>dc=example,dc=com</TT> subtree, to which search access is granted. No access is granted to <TT>dc=com</TT> as neither access directive matches this DN. If the order of these access directives was reversed, the trailing directive would never be reached, since all entries under <TT>dc=example,dc=com</TT> are also under <TT>dc=com</TT> entries.</P>
+<P>Also note that if no <TT>olcAccess: to</TT> directive matches or no <TT>by <who></TT> clause, <B>access is denied</B>. That is, every <TT>olcAccess: to</TT> directive ends with an implicit <TT>by * none</TT> clause and every access list ends with an implicit <TT>olcAccess: to * by * none</TT> directive.</P>
+<P>The next example again shows the importance of ordering, both of the access directives and the <TT>by <who></TT> clauses. It also shows the use of an attribute selector to grant access to a specific attribute and various <TT><who></TT> selectors.</P>
+<PRE>
+ olcAccess: to dn.subtree="dc=example,dc=com" attrs=homePhone
+ by self write
+ by dn.children=dc=example,dc=com" search
+ by peername.regex=IP:10\..+ read
+ olcAccess: to dn.subtree="dc=example,dc=com"
+ by self write
+ by dn.children="dc=example,dc=com" search
+ by anonymous auth
+</PRE>
+<P>This example applies to entries in the "<TT>dc=example,dc=com</TT>" subtree. To all attributes except <TT>homePhone</TT>, an entry can write to itself, entries under <TT>example.com</TT> entries can search by them, anybody else has no access (implicit <TT>by * none</TT>) excepting for authentication/authorization (which is always done anonymously). The <TT>homePhone</TT> attribute is writable by the entry, searchable by entries under <TT>example.com</TT>, readable by clients connecting from network 10, and otherwise not readable (implicit <TT>by * none</TT>). All other access is denied by the implicit <TT>access to * by * none</TT>.</P>
+<P>Sometimes it is useful to permit a particular DN to add or remove itself from an attribute. For example, if you would like to create a group and allow people to add and remove only their own DN from the member attribute, you could accomplish it with an access directive like this:</P>
+<PRE>
+ olcAccess: to attrs=member,entry
+ by dnattr=member selfwrite
+</PRE>
+<P>The dnattr <TT><who></TT> selector says that the access applies to entries listed in the <TT>member</TT> attribute. The <TT>selfwrite</TT> access selector says that such members can only add or delete their own DN from the attribute, not other values. The addition of the entry attribute is required because access to the entry is required to access any of the entry's attributes.</P>
+<H3><A NAME="Access Control Ordering">5.3.6. Access Control Ordering</A></H3>
+<P>Since the ordering of <TT>olcAccess</TT> directives is essential to their proper evaluation, but LDAP attributes normally do not preserve the ordering of their values, OpenLDAP uses a custom schema extension to maintain a fixed ordering of these values. This ordering is maintained by prepending a <TT>"{X}"</TT> numeric index to each value, similarly to the approach used for ordering the configuration entries. These index tags are maintained automatically by slapd and do not need to be specified when originally defining the values. For example, when you create the settings</P>
+<PRE>
+ olcAccess: to attrs=member,entry
+ by dnattr=member selfwrite
+ olcAccess: to dn.children="dc=example,dc=com"
+ by * search
+ olcAccess: to dn.children="dc=com"
+ by * read
+</PRE>
+<P>when you read them back using slapcat or ldapsearch they will contain</P>
+<PRE>
+ olcAccess: {0}to attrs=member,entry
+ by dnattr=member selfwrite
+ olcAccess: {1}to dn.children="dc=example,dc=com"
+ by * search
+ olcAccess: {2}to dn.children="dc=com"
+ by * read
+</PRE>
+<P>The numeric index may be used to specify a particular value to change when using ldapmodify to edit the access rules. This index can be used instead of (or in addition to) the actual access value. Using this numeric index is very helpful when multiple access rules are being managed.</P>
+<P>For example, if we needed to change the second rule above to grant write access instead of search, we could try this LDIF:</P>
+<PRE>
+ changetype: modify
+ delete: olcAccess
+ olcAccess: to dn.children="dc=example,dc=com" by * search
+ -
+ add: olcAccess
+ olcAccess: to dn.children="dc=example,dc=com" by * write
+ -
+</PRE>
+<P>But this example <B>will not</B> guarantee that the existing values remain in their original order, so it will most likely yield a broken security configuration. Instead, the numeric index should be used:</P>
+<PRE>
+ changetype: modify
+ delete: olcAccess
+ olcAccess: {1}
+ -
+ add: olcAccess
+ olcAccess: {1}to dn.children="dc=example,dc=com" by * write
+ -
+</PRE>
+<P>This example deletes whatever rule is in value #1 of the <TT>olcAccess</TT> attribute (regardless of its value) and adds a new value that is explicitly inserted as value #1. The result will be</P>
+<PRE>
+ olcAccess: {0}to attrs=member,entry
+ by dnattr=member selfwrite
+ olcAccess: {1}to dn.children="dc=example,dc=com"
+ by * write
+ olcAccess: {2}to dn.children="dc=com"
+ by * read
+</PRE>
+<P>which is exactly what was intended.</P>
+<H2><A NAME="Configuration Example">5.4. Configuration Example</A></H2>
+<P>The following is an example configuration, interspersed with explanatory text. It defines two databases to handle different parts of the <TERM>X.500</TERM> tree; both are <TERM>BDB</TERM> database instances. The line numbers shown are provided for reference only and are not included in the actual file. First, the global configuration section:</P>
+<PRE>
+ 1. # example config file - global configuration entry
+ 2. dn: cn=config
+ 3. objectClass: olcGlobal
+ 4. cn: config
+ 5. olcReferral: ldap://root.openldap.org
+ 6.
+</PRE>
+<P>Line 1 is a comment. Lines 2-4 identify this as the global configuration entry. The <TT>olcReferral:</TT> directive on line 5 means that queries not local to one of the databases defined below will be referred to the LDAP server running on the standard port (389) at the host <TT>root.openldap.org</TT>. Line 6 is a blank line, indicating the end of this entry.</P>
+<PRE>
+ 7. # internal schema
+ 8. dn: cn=schema,cn=config
+ 9. objectClass: olcSchemaConfig
+ 10. cn: schema
+ 11.
+</PRE>
+<P>Line 7 is a comment. Lines 8-10 identify this as the root of the schema subtree. The actual schema definitions in this entry are hardcoded into slapd so no additional attributes are specified here. Line 11 is a blank line, indicating the end of this entry.</P>
+<PRE>
+ 12. # include the core schema
+ 13. include: file:///usr/local/etc/openldap/schema/core.ldif
+ 14.
+</PRE>
+<P>Line 12 is a comment. Line 13 is an LDIF include directive which accesses the <EM>core</EM> schema definitions in LDIF format. Line 14 is a blank line.</P>
+<P>Next comes the database definitions. The first database is the special <TT>frontend</TT> database whose settings are applied globally to all the other databases.</P>
+<PRE>
+ 15. # global database parameters
+ 16. dn: olcDatabase=frontend,cn=config
+ 17. objectClass: olcDatabaseConfig
+ 18. olcDatabase: frontend
+ 19. olcAccess: to * by * read
+ 20.
+</PRE>
+<P>Line 15 is a comment. Lines 16-18 identify this entry as the global database entry. Line 19 is a global access control. It applies to all entries (after any applicable database-specific access controls).</P>
+<P>The next entry defines a BDB backend that will handle queries for things in the "dc=example,dc=com" portion of the tree. Indices are to be maintained for several attributes, and the <TT>userPassword</TT> attribute is to be protected from unauthorized access.</P>
+<PRE>
+ 21. # BDB definition for example.com
+ 22. dn: olcDatabase=bdb,cn=config
+ 23. objectClass: olcDatabaseConfig
+ 24. objectClass: olcBdbConfig
+ 25. olcDatabase: bdb
+ 26. olcSuffix: "dc=example,dc=com"
+ 27. olcDbDirectory: /usr/local/var/openldap-data
+ 28. olcRootDN: "cn=Manager,dc=example,dc=com"
+ 29. olcRootPW: secret
+ 30. olcDbIndex: uid pres,eq
+ 31. olcDbIndex: cn,sn,uid pres,eq,approx,sub
+ 32. olcDbIndex: objectClass eq
+ 33. olcAccess: to attrs=userPassword
+ 34. by self write
+ 35. by anonymous auth
+ 36. by dn.base="cn=Admin,dc=example,dc=com" write
+ 37. by * none
+ 38. olcAccess: to *
+ 39. by self write
+ 40. by dn.base="cn=Admin,dc=example,dc=com" write
+ 41. by * read
+ 42.
+</PRE>
+<P>Line 21 is a comment. Lines 22-25 identify this entry as a BDB database configuration entry. Line 26 specifies the DN suffix for queries to pass to this database. Line 27 specifies the directory in which the database files will live.</P>
+<P>Lines 28 and 29 identify the database <EM>super-user</EM> entry and associated password. This entry is not subject to access control or size or time limit restrictions.</P>
+<P>Lines 30 through 32 indicate the indices to maintain for various attributes.</P>
+<P>Lines 33 through 41 specify access control for entries in this database. As this is the first database, the controls also apply to entries not held in any database (such as the Root DSE). For all applicable entries, the <TT>userPassword</TT> attribute is writable by the entry itself and by the "admin" entry. It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the "admin" entry, but may be read by all users (authenticated or not).</P>
+<P>Line 42 is a blank line, indicating the end of this entry.</P>
+<P>The next section of the example configuration file defines another BDB database. This one handles queries involving the <TT>dc=example,dc=net</TT> subtree but is managed by the same entity as the first database. Note that without line 51, the read access would be allowed due to the global access rule at line 19.</P>
+<PRE>
+ 42. # BDB definition for example.net
+ 43. dn: olcDatabase=bdb,cn=config
+ 44. objectClass: olcDatabaseConfig
+ 45. objectClass: olcBdbConfig
+ 46. olcDatabase: bdb
+ 47. olcSuffix: "dc=example,dc=net"
+ 48. olcDbDirectory: /usr/local/var/openldap-data-net
+ 49. olcRootDN: "cn=Manager,dc=example,dc=com"
+ 50. olcDbIndex: objectClass eq
+ 51. olcAccess: to * by users read
+</PRE>
+<P></P>
+<HR>
+<H1><A NAME="The slapd Configuration File">6. The slapd Configuration File</A></H1>
+<P>Once the software has been built and installed, you are ready to configure <EM>slapd</EM>(8) for use at your site. The slapd runtime configuration is primarily accomplished through the <EM>slapd.conf</EM>(5) file, normally installed in the <TT>/usr/local/etc/openldap</TT> directory.</P>
+<P>An alternate configuration file can be specified via a command-line option to <EM>slapd</EM>(8) or <EM>slurpd</EM>(8). This chapter describes the general format of the config file, followed by a detailed description of commonly used config file directives.</P>
+<H2><A NAME="Configuration File Format">6.1. Configuration File Format</A></H2>
+<P>The <EM>slapd.conf</EM>(5) file consists of three types of configuration information: global, backend specific, and database specific. Global information is specified first, followed by information associated with a particular backend type, which is then followed by information associated with a particular database instance. Global directives can be overridden in backend and/or database directives, and backend directives can be overridden by database directives.</P>
+<P>Blank lines and comment lines beginning with a '<TT>#</TT>' character are ignored. If a line begins with white space, it is considered a continuation of the previous line (even if the previous line is a comment).</P>
+<P>The general format of slapd.conf is as follows:</P>
+<PRE>
+ # global configuration directives
+ <global config directives>
+
+ # backend definition
+ backend <typeA>
+ <backend-specific directives>
+
+ # first database definition & config directives
+ database <typeA>
+ <database-specific directives>
+
+ # second database definition & config directives
+ database <typeB>
+ <database-specific directives>
+
+ # second database definition & config directives
+ database <typeA>
+ <database-specific directives>
+
+ # subsequent backend & database definitions & config directives
+ ...
+</PRE>
+<P>A configuration directive may take arguments. If so, they are separated by white space. If an argument contains white space, the argument should be enclosed in double quotes <TT>"like this"</TT>. If an argument contains a double quote or a backslash character `<TT>\</TT>', the character should be preceded by a backslash character `<TT>\</TT>'.</P>
+<P>The distribution contains an example configuration file that will be installed in the <TT>/usr/local/etc/openldap</TT> directory. A number of files containing schema definitions (attribute types and object classes) are also provided in the <TT>/usr/local/etc/openldap/schema</TT> directory.</P>
+<H2><A NAME="Configuration File Directives">6.2. Configuration File Directives</A></H2>
+<P>This section details commonly used configuration directives. For a complete list, see the <EM>slapd.conf</EM>(5) manual page. This section separates the configuration file directives into global, backend-specific and data-specific categories, describing each directive and its default value (if any), and giving an example of its use.</P>
+<H3><A NAME="Global Directives">6.2.1. Global Directives</A></H3>
+<P>Directives described in this section apply to all backends and databases unless specifically overridden in a backend or database definition. Arguments that should be replaced by actual text are shown in brackets <TT><></TT>.</P>
+<H4><A NAME="access to <what> [ by <who> <accesslevel> <control> ]+">6.2.1.1. access to <what> [ by <who> <accesslevel> <control> ]+</A></H4>
+<P>This directive grants access (specified by <accesslevel>) to a set of entries and/or attributes (specified by <what>) by one or more requesters (specified by <who>). See the <A HREF="#Access Control">Access Control</A> section of this chapter for a summary of basic usage.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>If no <TT>access</TT> directives are specified, the default access control policy, <TT>access to * by * read</TT>, allows all both authenticated and anonymous users read access.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H4><A NAME="attributetype <{{REF:RFC2252}} Attribute Type Description>"> </A>6.2.1.2. attributetype <<A HREF="http://www.rfc-editor.org/rfc/rfc2252.txt">RFC2252</A> Attribute Type Description></H4>
+<P>This directive defines an attribute type. Please see the <A HREF="#Schema Specification">Schema Specification</A> chapter for information regarding how to use this directive.</P>
+<H4><A NAME="idletimeout <integer>">6.2.1.3. idletimeout <integer></A></H4>
+<P>Specify the number of seconds to wait before forcibly closing an idle client connection. An idletimeout of 0, the default, disables this feature.</P>
+<H4><A NAME="include <filename>">6.2.1.4. include <filename></A></H4>
+<P>This directive specifies that slapd should read additional configuration information from the given file before continuing with the next line of the current file. The included file should follow the normal slapd config file format. The file is commonly used to include files containing schema specifications.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>You should be careful when using this directive - there is no small limit on the number of nested include directives, and no loop detection is done.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H4><A NAME="loglevel <integer>">6.2.1.5. loglevel <integer></A></H4>
+<P>This directive specifies the level at which debugging statements and operation statistics should be syslogged (currently logged to the <EM>syslogd</EM>(8) <TT>LOG_LOCAL4</TT> facility). You must have configured OpenLDAP <TT>--enable-debug</TT> (the default) for this to work (except for the two statistics levels, which are always enabled). Log levels are additive. To display what numbers correspond to what kind of debugging, invoke slapd with <TT>-?</TT> or consult the table below. The possible values for <integer> are:</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 5.1: Debugging Levels</CAPTION>
+<TR CLASS="heading">
+<TD ALIGN='Right'>
+<STRONG>Level</STRONG>
+</TD>
+<TD ALIGN='Left'>
+<STRONG>Description</STRONG>
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+-1
+</TD>
+<TD ALIGN='Left'>
+enable all debugging
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+0
+</TD>
+<TD ALIGN='Left'>
+no debugging
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+1
+</TD>
+<TD ALIGN='Left'>
+trace function calls
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+2
+</TD>
+<TD ALIGN='Left'>
+debug packet handling
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+4
+</TD>
+<TD ALIGN='Left'>
+heavy trace debugging
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+8
+</TD>
+<TD ALIGN='Left'>
+connection management
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+16
+</TD>
+<TD ALIGN='Left'>
+print out packets sent and received
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+32
+</TD>
+<TD ALIGN='Left'>
+search filter processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+64
+</TD>
+<TD ALIGN='Left'>
+configuration file processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+128
+</TD>
+<TD ALIGN='Left'>
+access control list processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+256
+</TD>
+<TD ALIGN='Left'>
+stats log connections/operations/results
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+512
+</TD>
+<TD ALIGN='Left'>
+stats log entries sent
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+1024
+</TD>
+<TD ALIGN='Left'>
+print communication with shell backends
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+2048
+</TD>
+<TD ALIGN='Left'>
+print entry parsing debugging
+</TD>
+</TR>
+</TABLE>
+
+<P>Example:</P>
+<PRE>
+ loglevel -1
+</PRE>
+<P>This will cause lots and lots of debugging information to be logged.</P>
+<P>Default:</P>
+<PRE>
+ loglevel 256
+</PRE>
+<H4><A NAME="objectclass <{{REF:RFC2252}} Object Class Description>"> </A>6.2.1.6. objectclass <<A HREF="http://www.rfc-editor.org/rfc/rfc2252.txt">RFC2252</A> Object Class Description></H4>
+<P>This directive defines an object class. Please see the <A HREF="#Schema Specification">Schema Specification</A> chapter for information regarding how to use this directive.</P>
+<H4><A NAME="referral <URI>">6.2.1.7. referral <URI></A></H4>
+<P>This directive specifies the referral to pass back when slapd cannot find a local database to handle a request.</P>
+<P>Example:</P>
+<PRE>
+ referral ldap://root.openldap.org
+</PRE>
+<P>This will refer non-local queries to the global root LDAP server at the OpenLDAP Project. Smart LDAP clients can re-ask their query at that server, but note that most of these clients are only going to know how to handle simple LDAP URLs that contain a host part and optionally a distinguished name part.</P>
+<H4><A NAME="sizelimit <integer>">6.2.1.8. sizelimit <integer></A></H4>
+<P>This directive specifies the maximum number of entries to return from a search operation.</P>
+<P>Default:</P>
+<PRE>
+ sizelimit 500
+</PRE>
+<H4><A NAME="timelimit <integer>">6.2.1.9. timelimit <integer></A></H4>
+<P>This directive specifies the maximum number of seconds (in real time) slapd will spend answering a search request. If a request is not finished in this time, a result indicating an exceeded timelimit will be returned.</P>
+<P>Default:</P>
+<PRE>
+ timelimit 3600
+</PRE>
+<H3><A NAME="General Backend Directives">6.2.2. General Backend Directives</A></H3>
+<P>Directives in this section apply only to the backend in which they are defined. They are supported by every type of backend. Backend directives apply to all databases instances of the same type and, depending on the directive, may be overridden by database directives.</P>
+<H4><A NAME="backend <type>">6.2.2.1. backend <type></A></H4>
+<P>This directive marks the beginning of a backend declaration. <TT><type></TT> should be one of the supported backend types listed in Table 5.2.</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 5.2: Database Backends</CAPTION>
+<TR CLASS="heading">
+<TD>
+<STRONG>Types</STRONG>
+</TD>
+<TD>
+<STRONG>Description</STRONG>
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>bdb</TT>
+</TD>
+<TD>
+Berkeley DB transactional backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>dnssrv</TT>
+</TD>
+<TD>
+DNS SRV backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>hdb</TT>
+</TD>
+<TD>
+Hierarchical variant of bdb backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>ldap</TT>
+</TD>
+<TD>
+Lightweight Directory Access Protocol (Proxy) backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>ldbm</TT>
+</TD>
+<TD>
+Lightweight DBM backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>meta</TT>
+</TD>
+<TD>
+Meta Directory backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>monitor</TT>
+</TD>
+<TD>
+Monitor backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>passwd</TT>
+</TD>
+<TD>
+Provides read-only access to <EM>passwd</EM>(5)
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>perl</TT>
+</TD>
+<TD>
+Perl Programmable backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>shell</TT>
+</TD>
+<TD>
+Shell (extern program) backend
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>sql</TT>
+</TD>
+<TD>
+SQL Programmable backend
+</TD>
+</TR>
+</TABLE>
+
+<P>Example:</P>
+<PRE>
+ backend bdb
+</PRE>
+<P>This marks the beginning of a new <TERM>BDB</TERM> backend definition.</P>
+<H3><A NAME="General Database Directives">6.2.3. General Database Directives</A></H3>
+<P>Directives in this section apply only to the database in which they are defined. They are supported by every type of database.</P>
+<H4><A NAME="database <type>">6.2.3.1. database <type></A></H4>
+<P>This directive marks the beginning of a database instance declaration. <TT><type></TT> should be one of the supported backend types listed in Table 5.2.</P>
+<P>Example:</P>
+<PRE>
+ database bdb
+</PRE>
+<P>This marks the beginning of a new <TERM>BDB</TERM> database instance declaration.</P>
+<H4><A NAME="readonly { on | off }">6.2.3.2. readonly { on | off }</A></H4>
+<P>This directive puts the database into "read-only" mode. Any attempts to modify the database will return an "unwilling to perform" error.</P>
+<P>Default:</P>
+<PRE>
+ readonly off
+</PRE>
+<H4><A NAME="replica">6.2.3.3. replica</A></H4>
+<PRE>
+ replica uri=ldap[s]://<hostname>[:<port>] | host=<hostname>[:<port>]
+ [bindmethod={simple|sasl}]
+ ["binddn=<DN>"]
+ [saslmech=<mech>]
+ [authcid=<identity>]
+ [authzid=<identity>]
+ [credentials=<password>]
+</PRE>
+<P>This directive specifies a replication site for this database. The <TT>uri=</TT> parameter specifies a scheme, a host and optionally a port where the slave slapd instance can be found. Either a domain name or IP address may be used for <hostname>. If <port> is not given, the standard LDAP port number (389 or 636) is used.</P>
+<P><TT>host</TT> is deprecated in favor of the <TT>uri</TT> parameter.</P>
+<P><TT>uri</TT> allows the replica LDAP server to be specified as an LDAP URI such as <TT>ldap://slave.example.com:389</TT> or <TT>ldaps://slave.example.com:636</TT>.</P>
+<P>The <TT>binddn=</TT> parameter gives the DN to bind as for updates to the slave slapd. It should be a DN which has read/write access to the slave slapd's database. It must also match the <TT>updatedn</TT> directive in the slave slapd's config file. Generally, this DN <EM>should not</EM> be the same as the <TT>rootdn</TT> of the master database. Since DNs are likely to contain embedded spaces, the entire <TT>"binddn=<DN>"</TT> string should be enclosed in double quotes.</P>
+<P>The <TT>bindmethod</TT> is <TT>simple</TT> or <TT>sasl</TT>, depending on whether simple password-based authentication or <TERM>SASL</TERM> authentication is to be used when connecting to the slave slapd.</P>
+<P>Simple authentication should not be used unless adequate data integrity and confidentiality protections are in place (e.g. TLS or IPSEC). Simple authentication requires specification of <TT>binddn</TT> and <TT>credentials</TT> parameters.</P>
+<P>SASL authentication is generally recommended. SASL authentication requires specification of a mechanism using the <TT>saslmech</TT> parameter. Depending on the mechanism, an authentication identity and/or credentials can be specified using <TT>authcid</TT> and <TT>credentials</TT> respectively. The <TT>authzid</TT> parameter may be used to specify an authorization identity.</P>
+<P>See the chapter entitled <A HREF="#Replication with slurpd">Replication with slurpd</A> for more information on how to use this directive.</P>
+<H4><A NAME="replogfile <filename>">6.2.3.4. replogfile <filename></A></H4>
+<P>This directive specifies the name of the replication log file to which slapd will log changes. The replication log is typically written by slapd and read by slurpd. Normally, this directive is only used if slurpd is being used to replicate the database. However, you can also use it to generate a transaction log, if slurpd is not running. In this case, you will need to periodically truncate the file, since it will grow indefinitely otherwise.</P>
+<P>See the chapter entitled <A HREF="#Replication with slurpd">Replication with slurpd</A> for more information on how to use this directive.</P>
+<H4><A NAME="rootdn <DN>">6.2.3.5. rootdn <DN></A></H4>
+<P>This directive specifies the DN that is not subject to access control or administrative limit restrictions for operations on this database. The DN need not refer to an entry in this database or even in the directory. The DN may refer to a SASL identity.</P>
+<P>Entry-based Example:</P>
+<PRE>
+ rootdn "cn=Manager,dc=example,dc=com"
+</PRE>
+<P>SASL-based Example:</P>
+<PRE>
+ rootdn "uid=root,cn=example.com,cn=digest-md5,cn=auth"
+</PRE>
+<P>See the <A HREF="#SASL Authentication">SASL Authentication</A> section for information on SASL authentication identities.</P>
+<H4><A NAME="rootpw <password>">6.2.3.6. rootpw <password></A></H4>
+<P>This directive can be used to specifies a password for the DN for the rootdn (when the rootdn is set to a DN within the database).</P>
+<P>Example:</P>
+<PRE>
+ rootpw secret
+</PRE>
+<P>It is also permissible to provide hash of the password in RFC 2307 form. <EM>slappasswd</EM>(8) may be used to generate the password hash.</P>
+<P>Example:</P>
+<PRE>
+ rootpw {SSHA}ZKKuqbEKJfKSXhUbHG3fG8MDn9j1v4QN
+</PRE>
+<P>The hash was generated using the command <TT>slappasswd -s secret</TT>.</P>
+<H4><A NAME="suffix <dn suffix>">6.2.3.7. suffix <dn suffix></A></H4>
+<P>This directive specifies the DN suffix of queries that will be passed to this backend database. Multiple suffix lines can be given, and at least one is required for each database definition.</P>
+<P>Example:</P>
+<PRE>
+ suffix "dc=example,dc=com"
+</PRE>
+<P>Queries with a DN ending in "dc=example,dc=com" will be passed to this backend.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>When the backend to pass a query to is selected, slapd looks at the suffix line(s) in each database definition in the order they appear in the file. Thus, if one database suffix is a prefix of another, it must appear after it in the config file.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H4><A NAME="syncrepl">6.2.3.8. syncrepl</A></H4>
+<PRE>
+ syncrepl rid=<replica ID>
+ provider=ldap[s]://<hostname>[:port]
+ [type=refreshOnly|refreshAndPersist]
+ [interval=dd:hh:mm:ss]
+ [retry=[<retry interval> <# of retries>]+]
+ [searchbase=<base DN>]
+ [filter=<filter str>]
+ [scope=sub|one|base]
+ [attrs=<attr list>]
+ [attrsonly]
+ [sizelimit=<limit>]
+ [timelimit=<limit>]
+ [schemachecking=on|off]
+ [bindmethod=simple|sasl]
+ [binddn=<DN>]
+ [saslmech=<mech>]
+ [authcid=<identity>]
+ [authzid=<identity>]
+ [credentials=<passwd>]
+ [realm=<realm>]
+ [secprops=<properties>]
+</PRE>
+<P>This directive specifies the current database as a replica of the master content by establishing the current <EM>slapd</EM>(8) as a replication consumer site running a syncrepl replication engine. The master database is located at the replication provider site specified by the <TT>provider</TT> parameter. The replica database is kept up-to-date with the master content using the LDAP Content Synchronization protocol. See <TT>draft-zeilenga-ldup-sync-xx.txt</TT> (<EM>a work in progress</EM>) for more information on the protocol.</P>
+<P>The <TT>rid</TT> parameter is used for identification of the current <TT>syncrepl</TT> directive within the replication consumer server, where <TT><replica ID></TT> uniquely identifies the syncrepl specification described by the current <TT>syncrepl</TT> directive. <TT><replica ID></TT> is non-negative and is no more than three decimal digits in length.</P>
+<P>The <TT>provider</TT> parameter specifies the replication provider site containing the master content as an LDAP URI. The <TT>provider</TT> parameter specifies a scheme, a host and optionally a port where the provider slapd instance can be found. Either a domain name or IP address may be used for <hostname>. Examples are <TT>ldap://provider.example.com:389</TT> or <TT>ldaps://192.168.1.1:636</TT>. If <port> is not given, the standard LDAP port number (389 or 636) is used. Note that the syncrepl uses a consumer-initiated protocol, and hence its specification is located at the consumer site, whereas the <TT>replica</TT> specification is located at the provider site. <TT>syncrepl</TT> and <TT>replica</TT> directives define two independent replication mechanisms. They do not represent the replication peers of each other.</P>
+<P>The content of the syncrepl replica is defined using a search specification as its result set. The consumer slapd will send search requests to the provider slapd according to the search specification. The search specification includes <TT>searchbase</TT>, <TT>scope</TT>, <TT>filter</TT>, <TT>attrs</TT>, <TT>attrsonly</TT>, <TT>sizelimit</TT>, and <TT>timelimit</TT> parameters as in the normal search specification. The <TT>searchbase</TT> parameter has no default value and must always be specified. The <TT>scope</TT> defaults to <TT>sub</TT>, the <TT>filter</TT> defaults to <TT>(objectclass=*)</TT>, <TT>attrs</TT> defaults to <TT>"*,+"</TT> to replicate all user and operational attributes, and <TT>attrsonly</TT> is unset by default. Both <TT>sizelimit</TT> and <TT>timelimit</TT> default to "unlimited", and only integers or "unlimited" may be specified.</P>
+<P>The LDAP Content Synchronization protocol has two operation types: <TT>refreshOnly</TT> and <TT>refreshAndPersist</TT>. The operation type is specified by the <TT>type</TT> parameter. In the <TT>refreshOnly</TT> operation, the next synchronization search operation is periodically rescheduled at an interval time after each synchronization operation finishes. The interval is specified by the <TT>interval</TT> parameter. It is set to one day by default. In the <TT>refreshAndPersist</TT> operation, a synchronization search remains persistent in the provider slapd. Further updates to the master replica will generate <TT>searchResultEntry</TT> to the consumer slapd as the search responses to the persistent synchronization search.</P>
+<P>If an error occurs during replication, the consumer will attempt to reconnect according to the retry parameter which is a list of the <retry interval> and <# of retries> pairs. For example, retry="60 10 300 3" lets the consumer retry every 60 seconds for the first 10 times and then retry every 300 seconds for the next three times before stop retrying. + in <# of retries> means indefinite number of retries until success.</P>
+<P>The schema checking can be enforced at the LDAP Sync consumer site by turning on the <TT>schemachecking</TT> parameter. If it is turned on, every replicated entry will be checked for its schema as the entry is stored into the replica content. Every entry in the replica should contain those attributes required by the schema definition. If it is turned off, entries will be stored without checking schema conformance. The default is off.</P>
+<P>The <TT>binddn</TT> parameter gives the DN to bind as for the syncrepl searches to the provider slapd. It should be a DN which has read access to the replication content in the master database.</P>
+<P>The <TT>bindmethod</TT> is <TT>simple</TT> or <TT>sasl</TT>, depending on whether simple password-based authentication or <TERM>SASL</TERM> authentication is to be used when connecting to the provider slapd.</P>
+<P>Simple authentication should not be used unless adequate data integrity and confidentiality protections are in place (e.g. TLS or IPSEC). Simple authentication requires specification of <TT>binddn</TT> and <TT>credentials</TT> parameters.</P>
+<P>SASL authentication is generally recommended. SASL authentication requires specification of a mechanism using the <TT>saslmech</TT> parameter. Depending on the mechanism, an authentication identity and/or credentials can be specified using <TT>authcid</TT> and <TT>credentials</TT>, respectively. The <TT>authzid</TT> parameter may be used to specify an authorization identity.</P>
+<P>The <TT>realm</TT> parameter specifies a realm which a certain mechanisms authenticate the identity within. The <TT>secprops</TT> parameter specifies Cyrus SASL security properties.</P>
+<P>The syncrepl replication mechanism is supported by the three native backends: back-bdb, back-hdb, and back-ldbm.</P>
+<P>See the <A HREF="#LDAP Sync Replication">LDAP Sync Replication</A> chapter of the admin guide for more information on how to use this directive.</P>
+<H4><A NAME="updatedn <DN>">6.2.3.9. updatedn <DN></A></H4>
+<P>This directive is only applicable in a slave slapd. It specifies the DN allowed to make changes to the replica. This may be the DN <EM>slurpd</EM>(8) binds as when making changes to the replica or the DN associated with a SASL identity.</P>
+<P>Entry-based Example:</P>
+<PRE>
+ updatedn "cn=Update Daemon,dc=example,dc=com"
+</PRE>
+<P>SASL-based Example:</P>
+<PRE>
+ updatedn "uid=slurpd,cn=example.com,cn=digest-md5,cn=auth"
+</PRE>
+<P>See the <A HREF="#Replication with slurpd">Replication with slurpd</A> chapter for more information on how to use this directive.</P>
+<H4><A NAME="updateref <URL>">6.2.3.10. updateref <URL></A></H4>
+<P>This directive is only applicable in a slave slapd. It specifies the URL to return to clients which submit update requests upon the replica. If specified multiple times, each <TERM>URL</TERM> is provided.</P>
+<P>Example:</P>
+<PRE>
+ updateref ldap://master.example.net
+</PRE>
+<H3><A NAME="BDB and HDB Database Directives">6.2.4. BDB and HDB Database Directives</A></H3>
+<P>Directives in this category only apply to both the <TERM>BDB</TERM> and the <TERM>HDB</TERM> database. That is, they must follow a "database bdb" or "database hdb" line and come before any subsequent "backend" or "database" line. For a complete reference of BDB/HDB configuration directives, see <EM>slapd-bdb</EM>(5).</P>
+<H4><A NAME="directory <directory>">6.2.4.1. directory <directory></A></H4>
+<P>This directive specifies the directory where the BDB files containing the database and associated indices live.</P>
+<P>Default:</P>
+<PRE>
+ directory /usr/local/var/openldap-data
+</PRE>
+<H3><A NAME="LDBM Database Directives">6.2.5. LDBM Database Directives</A></H3>
+<P>Directives in this category only apply to a <TERM>LDBM</TERM> database. That is, they must follow a "database ldbm" line and come before any subsequent "backend" or "database" line. For a complete reference of LDBM configuration directives, see <EM>slapd-ldbm</EM>(5).</P>
+<H4><A NAME="cachesize <integer>">6.2.5.1. cachesize <integer></A></H4>
+<P>This directive specifies the size in entries of the in-memory cache maintained by the LDBM backend database instance.</P>
+<P>Default:</P>
+<PRE>
+ cachesize 1000
+</PRE>
+<H4><A NAME="dbcachesize <integer>">6.2.5.2. dbcachesize <integer></A></H4>
+<P>This directive specifies the size in bytes of the in-memory cache associated with each open index file. If not supported by the underlying database method, this directive is ignored without comment. Increasing this number uses more memory but can cause a dramatic performance increase, especially during modifies or when building indices.</P>
+<P>Default:</P>
+<PRE>
+ dbcachesize 100000
+</PRE>
+<H4><A NAME="dbnolocking">6.2.5.3. dbnolocking</A></H4>
+<P>This option, if present, disables database locking. Enabling this option may improve performance at the expense of data security.</P>
+<H4><A NAME="dbnosync">6.2.5.4. dbnosync</A></H4>
+<P>This option causes on-disk database contents to not be immediately synchronized with in memory changes upon change. Enabling this option may improve performance at the expense of data integrity.</P>
+<H4><A NAME="directory <directory>">6.2.5.5. directory <directory></A></H4>
+<P>This directive specifies the directory where the LDBM files containing the database and associated indices live.</P>
+<P>Default:</P>
+<PRE>
+ directory /usr/local/var/openldap-data
+</PRE>
+<H4><A NAME="index {<attrlist> | default} [pres,eq,approx,sub,none]">6.2.5.6. index {<attrlist> | default} [pres,eq,approx,sub,none]</A></H4>
+<P>This directive specifies the indices to maintain for the given attribute. If only an <TT><attrlist></TT> is given, the default indices are maintained.</P>
+<P>Example:</P>
+<PRE>
+ index default pres,eq
+ index uid
+ index cn,sn pres,eq,sub
+ index objectClass eq
+</PRE>
+<P>The first line sets the default set of indices to maintain to present and equality. The second line causes the default (pres,eq) set of indices to be maintained for the <TT>uid</TT> attribute type. The third line causes present, equality, and substring indices to be maintained for <TT>cn</TT> and <TT>sn</TT> attribute types. The fourth line causes an equality index for the <TT>objectClass</TT> attribute type.</P>
+<P>By default, no indices are maintained. It is generally advised that minimally an equality index upon objectClass be maintained.</P>
+<PRE>
+ index objectClass eq
+</PRE>
+<H4><A NAME="mode <integer>">6.2.5.7. mode <integer></A></H4>
+<P>This directive specifies the file protection mode that newly created database index files should have.</P>
+<P>Default:</P>
+<PRE>
+ mode 0600
+</PRE>
+<H2><A NAME="Access Control">6.3. Access Control</A></H2>
+<P>Access to slapd entries and attributes is controlled by the access configuration file directive. The general form of an access line is:</P>
+<PRE>
+ <access directive> ::= access to <what>
+ [by <who> <access> <control>]+
+ <what> ::= * |
+ [dn[.<basic-style>]=<regex> | dn.<scope-style>=<DN>]
+ [filter=<ldapfilter>] [attrs=<attrlist>]
+ <basic-style> ::= regex | exact
+ <scope-style> ::= base | one | subtree | children
+ <attrlist> ::= <attr> [val[.<basic-style>]=<regex>] | <attr> , <attrlist>
+ <attr> ::= <attrname> | entry | children
+ <who> ::= * | [anonymous | users | self
+ | dn[.<basic-style>]=<regex> | dn.<scope-style>=<DN>]
+ [dnattr=<attrname>]
+ [group[/<objectclass>[/<attrname>][.<basic-style>]]=<regex>]
+ [peername[.<basic-style>]=<regex>]
+ [sockname[.<basic-style>]=<regex>]
+ [domain[.<basic-style>]=<regex>]
+ [sockurl[.<basic-style>]=<regex>]
+ [set=<setspec>]
+ [aci=<attrname>]
+ <access> ::= [self]{<level>|<priv>}
+ <level> ::= none | auth | compare | search | read | write
+ <priv> ::= {=|+|-}{w|r|s|c|x|0}+
+ <control> ::= [stop | continue | break]
+</PRE>
+<P>where the <what> part selects the entries and/or attributes to which the access applies, the <TT><who></TT> part specifies which entities are granted access, and the <TT><access></TT> part specifies the access granted. Multiple <TT><who> <access> <control></TT> triplets are supported, allowing many entities to be granted different access to the same set of entries and attributes. Not all of these access control options are described here; for more details see the <EM>slapd.access</EM>(5) man page.</P>
+<H3><A NAME="What to control access to">6.3.1. What to control access to</A></H3>
+<P>The <what> part of an access specification determines the entries and attributes to which the access control applies. Entries are commonly selected in two ways: by DN and by filter. The following qualifiers select entries by DN:</P>
+<PRE>
+ to *
+ to dn[.<basic-style>]=<regex>
+ to dn.<scope-style>=<DN>
+</PRE>
+<P>The first form is used to select all entries. The second form may be used to select entries by matching a regular expression against the target entry's <EM>normalized DN</EM>. (The second form is not discussed further in this document.) The third form is used to select entries which are within the requested scope of DN. The <DN> is a string representation of the Distinguished Name, as described in <A HREF="http://www.rfc-editor.org/rfc/rfc2253.txt">RFC2253</A>.</P>
+<P>The scope can be either <TT>base</TT>, <TT>one</TT>, <TT>subtree</TT>, or <TT>children</TT>. Where <TT>base</TT> matches only the entry with provided DN, <TT>one</TT> matches the entries whose parent is the provided DN, <TT>subtree</TT> matches all entries in the subtree whose root is the provided DN, and <TT>children</TT> matches all entries under the DN (but not the entry named by the DN).</P>
+<P>For example, if the directory contained entries named:</P>
+<PRE>
+ 0: o=suffix
+ 1: cn=Manager,o=suffix
+ 2: ou=people,o=suffix
+ 3: uid=kdz,ou=people,o=suffix
+ 4: cn=addresses,uid=kdz,ou=people,o=suffix
+ 5: uid=hyc,ou=people,o=suffix
+</PRE>
+<P>Then:</P>
+<UL>
+<TT>dn.base="ou=people,o=suffix"</TT> match 2;
+<BR>
+<TT>dn.one="ou=people,o=suffix"</TT> match 3, and 5;
+<BR>
+<TT>dn.subtree="ou=people,o=suffix"</TT> match 2, 3, 4, and 5; and
+<BR>
+<TT>dn.children="ou=people,o=suffix"</TT> match 3, 4, and 5.</UL>
+<P>Entries may also be selected using a filter:</P>
+<PRE>
+ to filter=<ldap filter>
+</PRE>
+<P>where <ldap filter> is a string representation of an LDAP search filter, as described in <A HREF="http://www.rfc-editor.org/rfc/rfc2254.txt">RFC2254</A>. For example:</P>
+<PRE>
+ to filter=(objectClass=person)
+</PRE>
+<P>Note that entries may be selected by both DN and filter by including both qualifiers in the <what> clause.</P>
+<PRE>
+ to dn.one="ou=people,o=suffix" filter=(objectClass=person)
+</PRE>
+<P>Attributes within an entry are selected by including a comma-separated list of attribute names in the <what> selector:</P>
+<PRE>
+ attrs=<attribute list>
+</PRE>
+<P>A specific value of an attribute is selected by using a single attribute name and also using a value selector:</P>
+<PRE>
+ attrs=<attribute> val[.<style>]=<regex>
+</PRE>
+<P>There are two special <EM>pseudo</EM> attributes <TT>entry</TT> and <TT>children</TT>. To read (and hence return) a target entry, the subject must have <TT>read</TT> access to the target's <EM>entry</EM> attribute. To add or delete an entry, the subject must have <TT>write</TT> access to the entry's <TT>entry</TT> attribute AND must have <TT>write</TT> access to the entry's parent's <TT>children</TT> attribute. To rename an entry, the subject must have <TT>write</TT> access to entry's <TT>entry</TT> attribute AND have <TT>write</TT> access to both the old parent's and new parent's <TT>children</TT> attributes. The complete examples at the end of this section should help clear things up.</P>
+<P>Lastly, there is a special entry selector <TT>"*"</TT> that is used to select any entry. It is used when no other <TT><what></TT> selector has been provided. It's equivalent to "<TT>dn=.*</TT>"</P>
+<H3><A NAME="Who to grant access to">6.3.2. Who to grant access to</A></H3>
+<P>The <who> part identifies the entity or entities being granted access. Note that access is granted to "entities" not "entries." The following table summarizes entity specifiers:</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 5.3: Access Entity Specifiers</CAPTION>
+<TR CLASS="heading">
+<TD>
+<STRONG>Specifier</STRONG>
+</TD>
+<TD>
+<STRONG>Entities</STRONG>
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>*</TT>
+</TD>
+<TD>
+All, including anonymous and authenticated users
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>anonymous</TT>
+</TD>
+<TD>
+Anonymous (non-authenticated) users
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>users</TT>
+</TD>
+<TD>
+Authenticated users
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>self</TT>
+</TD>
+<TD>
+User associated with target entry
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>dn[.<basic-style>]=<regex></TT>
+</TD>
+<TD>
+Users matching a regular expression
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>dn.<scope-style>=<DN></TT>
+</TD>
+<TD>
+Users within scope of a DN
+</TD>
+</TR>
+</TABLE>
+
+<P>The DN specifier behaves much like <what> clause DN specifiers.</P>
+<P>Other control factors are also supported. For example, a <TT><who></TT> can be restricted by an entry listed in a DN-valued attribute in the entry to which the access applies:</P>
+<PRE>
+ dnattr=<dn-valued attribute name>
+</PRE>
+<P>The dnattr specification is used to give access to an entry whose DN is listed in an attribute of the entry (e.g., give access to a group entry to whoever is listed as the owner of the group entry).</P>
+<P>Some factors may not be appropriate in all environments (or any). For example, the domain factor relies on IP to domain name lookups. As these can easily spoofed, the domain factor should not be avoided.</P>
+<H3><A NAME="The access to grant">6.3.3. The access to grant</A></H3>
+<P>The kind of <access> granted can be one of the following:</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 5.4: Access Levels</CAPTION>
+<TR CLASS="heading">
+<TD ALIGN='Left'>
+<STRONG>Level</STRONG>
+</TD>
+<TD ALIGN='Right'>
+<STRONG>Privileges</STRONG>
+</TD>
+<TD ALIGN='Left'>
+<STRONG>Description</STRONG>
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>none</TT>
+</TD>
+<TD ALIGN='Right'>
+<TT>=0</TT>
+</TD>
+<TD ALIGN='Left'>
+no access
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>auth</TT>
+</TD>
+<TD ALIGN='Right'>
+<TT>=x</TT>
+</TD>
+<TD ALIGN='Left'>
+needed to bind
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>compare</TT>
+</TD>
+<TD ALIGN='Right'>
+<TT>=cx</TT>
+</TD>
+<TD ALIGN='Left'>
+needed to compare
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>search</TT>
+</TD>
+<TD ALIGN='Right'>
+<TT>=scx</TT>
+</TD>
+<TD ALIGN='Left'>
+needed to apply search filters
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>read</TT>
+</TD>
+<TD ALIGN='Right'>
+<TT>=rscx</TT>
+</TD>
+<TD ALIGN='Left'>
+needed to read search results
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>write</TT>
+</TD>
+<TD ALIGN='Right'>
+<TT>=wrscx</TT>
+</TD>
+<TD ALIGN='Left'>
+needed to modify/rename
+</TD>
+</TR>
+</TABLE>
+
+<P>Each level implies all lower levels of access. So, for example, granting someone <TT>write</TT> access to an entry also grants them <TT>read</TT>, <TT>search</TT>, <TT>compare</TT>, and <TT>auth</TT> access. However, one may use the privileges specifier to grant specific permissions.</P>
+<H3><A NAME="Access Control Evaluation">6.3.4. Access Control Evaluation</A></H3>
+<P>When evaluating whether some requester should be given access to an entry and/or attribute, slapd compares the entry and/or attribute to the <TT><what></TT> selectors given in the configuration file. For each entry, access controls provided in the database which holds the entry (or the first database if not held in any database) apply first, followed by the global access directives. Within this priority, access directives are examined in the order in which they appear in the config file. Slapd stops with the first <TT><what></TT> selector that matches the entry and/or attribute. The corresponding access directive is the one slapd will use to evaluate access.</P>
+<P>Next, slapd compares the entity requesting access to the <TT><who></TT> selectors within the access directive selected above in the order in which they appear. It stops with the first <TT><who></TT> selector that matches the requester. This determines the access the entity requesting access has to the entry and/or attribute.</P>
+<P>Finally, slapd compares the access granted in the selected <TT><access></TT> clause to the access requested by the client. If it allows greater or equal access, access is granted. Otherwise, access is denied.</P>
+<P>The order of evaluation of access directives makes their placement in the configuration file important. If one access directive is more specific than another in terms of the entries it selects, it should appear first in the config file. Similarly, if one <TT><who></TT> selector is more specific than another it should come first in the access directive. The access control examples given below should help make this clear.</P>
+<H3><A NAME="Access Control Examples">6.3.5. Access Control Examples</A></H3>
+<P>The access control facility described above is quite powerful. This section shows some examples of its use for descriptive purposes.</P>
+<P>A simple example:</P>
+<PRE>
+ access to * by * read
+</PRE>
+<P>This access directive grants read access to everyone.</P>
+<PRE>
+ access to *
+ by self write
+ by anonymous auth
+ by * read
+</PRE>
+<P>This directive allows the user to modify their entry, allows anonymous to authentication against these entries, and allows all others to read these entries. Note that only the first <TT>by <who></TT> clause which matches applies. Hence, the anonymous users are granted <TT>auth</TT>, not <TT>read</TT>. The last clause could just as well have been "<TT>by users read</TT>".</P>
+<P>It is often desirable to restrict operations based upon the level of protection in place. The following shows how security strength factors (SSF) can be used.</P>
+<PRE>
+ access to *
+ by ssf=128 self write
+ by ssf=64 anonymous auth
+ by ssf=64 users read
+</PRE>
+<P>This directive allows users to modify their own entries if security protections have of strength 128 or better have been established, allows authentication access to anonymous users, and read access when 64 or better security protections have been established. If client has not establish sufficient security protections, the implicit <TT>by * none</TT> clause would be applied.</P>
+<P>The following example shows the use of a style specifiers to select the entries by DN in two access directives where ordering is significant.</P>
+<PRE>
+ access to dn.children="dc=example,dc=com"
+ by * search
+ access to dn.children="dc=com"
+ by * read
+</PRE>
+<P>Read access is granted to entries under the <TT>dc=com</TT> subtree, except for those entries under the <TT>dc=example,dc=com</TT> subtree, to which search access is granted. No access is granted to <TT>dc=com</TT> as neither access directive matches this DN. If the order of these access directives was reversed, the trailing directive would never be reached, since all entries under <TT>dc=example,dc=com</TT> are also under <TT>dc=com</TT> entries.</P>
+<P>Also note that if no <TT>access to</TT> directive matches or no <TT>by <who></TT> clause, <B>access is denied</B>. That is, every <TT>access to</TT> directive ends with an implicit <TT>by * none</TT> clause and every access list ends with an implicit <TT>access to * by * none</TT> directive.</P>
+<P>The next example again shows the importance of ordering, both of the access directives and the <TT>by <who></TT> clauses. It also shows the use of an attribute selector to grant access to a specific attribute and various <TT><who></TT> selectors.</P>
+<PRE>
+ access to dn.subtree="dc=example,dc=com" attrs=homePhone
+ by self write
+ by dn.children="dc=example,dc=com" search
+ by peername.regex=IP:10\..+ read
+ access to dn.subtree="dc=example,dc=com"
+ by self write
+ by dn.children="dc=example,dc=com" search
+ by anonymous auth
+</PRE>
+<P>This example applies to entries in the "<TT>dc=example,dc=com</TT>" subtree. To all attributes except <TT>homePhone</TT>, an entry can write to itself, entries under <TT>example.com</TT> entries can search by them, anybody else has no access (implicit <TT>by * none</TT>) excepting for authentication/authorization (which is always done anonymously). The <TT>homePhone</TT> attribute is writable by the entry, searchable by entries under <TT>example.com</TT>, readable by clients connecting from network 10, and otherwise not readable (implicit <TT>by * none</TT>). All other access is denied by the implicit <TT>access to * by * none</TT>.</P>
+<P>Sometimes it is useful to permit a particular DN to add or remove itself from an attribute. For example, if you would like to create a group and allow people to add and remove only their own DN from the member attribute, you could accomplish it with an access directive like this:</P>
+<PRE>
+ access to attrs=member,entry
+ by dnattr=member selfwrite
+</PRE>
+<P>The dnattr <TT><who></TT> selector says that the access applies to entries listed in the <TT>member</TT> attribute. The <TT>selfwrite</TT> access selector says that such members can only add or delete their own DN from the attribute, not other values. The addition of the entry attribute is required because access to the entry is required to access any of the entry's attributes.</P>
+<H2><A NAME="Configuration File Example">6.4. Configuration File Example</A></H2>
+<P>The following is an example configuration file, interspersed with explanatory text. It defines two databases to handle different parts of the <TERM>X.500</TERM> tree; both are <TERM>BDB</TERM> database instances. The line numbers shown are provided for reference only and are not included in the actual file. First, the global configuration section:</P>
+<PRE>
+ 1. # example config file - global configuration section
+ 2. include /usr/local/etc/schema/core.schema
+ 3. referral ldap://root.openldap.org
+ 4. access to * by * read
+</PRE>
+<P>Line 1 is a comment. Line 2 includes another config file which contains <EM>core</EM> schema definitions. The <TT>referral</TT> directive on line 3 means that queries not local to one of the databases defined below will be referred to the LDAP server running on the standard port (389) at the host <TT>root.openldap.org</TT>.</P>
+<P>Line 4 is a global access control. It applies to all entries (after any applicable database-specific access controls).</P>
+<P>The next section of the configuration file defines a BDB backend that will handle queries for things in the "dc=example,dc=com" portion of the tree. The database is to be replicated to two slave slapds, one on truelies, the other on judgmentday. Indices are to be maintained for several attributes, and the <TT>userPassword</TT> attribute is to be protected from unauthorized access.</P>
+<PRE>
+ 5. # BDB definition for the example.com
+ 6. database bdb
+ 7. suffix "dc=example,dc=com"
+ 8. directory /usr/local/var/openldap-data
+ 9. rootdn "cn=Manager,dc=example,dc=com"
+ 10. rootpw secret
+ 11. # replication directives
+ 12. replogfile /usr/local/var/openldap/slapd.replog
+ 13. replica uri=ldap://slave1.example.com:389
+ 14. binddn="cn=Replicator,dc=example,dc=com"
+ 15. bindmethod=simple credentials=secret
+ 16. replica uri=ldaps://slave2.example.com:636
+ 17. binddn="cn=Replicator,dc=example,dc=com"
+ 18. bindmethod=simple credentials=secret
+ 19. # indexed attribute definitions
+ 20. index uid pres,eq
+ 21. index cn,sn,uid pres,eq,approx,sub
+ 22. index objectClass eq
+ 23. # database access control definitions
+ 24. access to attrs=userPassword
+ 25. by self write
+ 26. by anonymous auth
+ 27. by dn.base="cn=Admin,dc=example,dc=com" write
+ 28. by * none
+ 29. access to *
+ 30. by self write
+ 31. by dn.base="cn=Admin,dc=example,dc=com" write
+ 32. by * read
+</PRE>
+<P>Line 5 is a comment. The start of the database definition is marked by the database keyword on line 6. Line 7 specifies the DN suffix for queries to pass to this database. Line 8 specifies the directory in which the database files will live.</P>
+<P>Lines 9 and 10 identify the database <EM>super-user</EM> entry and associated password. This entry is not subject to access control or size or time limit restrictions.</P>
+<P>Lines 11 through 18 are for replication. Line 12 specifies the replication log file (where changes to the database are logged - this file is written by slapd and read by slurpd). Lines 13 through 15 specify the hostname and port for a replicated host, the DN to bind as when performing updates, the bind method (simple) and the credentials (password) for the binddn. Lines 16 through 18 specify a second replication site. See the <A HREF="#Replication with slurpd">Replication with slurpd</A> chapter for more information on these directives.</P>
+<P>Lines 20 through 22 indicate the indices to maintain for various attributes.</P>
+<P>Lines 24 through 32 specify access control for entries in this database. As this is the first database, the controls also apply to entries not held in any database (such as the Root DSE). For all applicable entries, the <TT>userPassword</TT> attribute is writable by the entry itself and by the "admin" entry. It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the "admin" entry, but may be read by all users (authenticated or not).</P>
+<P>The next section of the example configuration file defines another BDB database. This one handles queries involving the <TT>dc=example,dc=net</TT> subtree but is managed by the same entity as the first database. Note that without line 39, the read access would be allowed due to the global access rule at line 4.</P>
+<PRE>
+ 33. # BDB definition for example.net
+ 34. database bdb
+ 35. suffix "dc=example,dc=net"
+ 36. directory /usr/local/var/openldap-data-net
+ 37. rootdn "cn=Manager,dc=example,dc=com"
+ 38. index objectClass eq
+ 39. access to * by users read
+</PRE>
+<P></P>
+<HR>
+<H1><A NAME="Running slapd">7. Running slapd</A></H1>
+<P><EM>slapd</EM>(8) is designed to be run as a stand-alone server. This allows the server to take advantage of caching, manage concurrency issues with underlying databases, and conserve system resources. Running from <EM>inetd</EM>(8) is <EM>NOT</EM> an option.</P>
+<H2><A NAME="Command-Line Options">7.1. Command-Line Options</A></H2>
+<P><EM>slapd</EM>(8) supports a number of command-line options as detailed in the manual page. This section details a few commonly used options.</P>
+<PRE>
+ -f <filename>
+</PRE>
+<P>This option specifies an alternate configuration file for slapd. The default is normally <TT>/usr/local/etc/openldap/slapd.conf</TT>.</P>
+<PRE>
+ -h <URLs>
+</PRE>
+<P>This option specifies alternative listener configurations. The default is <TT>ldap:///</TT> which implies LDAP over TCP on all interfaces on the default LDAP port 389. You can specify specific host-port pairs or other protocol schemes (such as ldaps:// or ldapi://). For example, <TT>-h "ldaps:// ldap://127.0.0.1:666"</TT> will create two listeners: one for LDAP over SSL on all interfaces on the default LDAP/SSL port 636, and one for LDAP over TCP on the <TT>localhost</TT> (<EM>loopback</EM>) interface on port 666. Hosts may be specified using IPv4 dotted-decimal form or using host names. Port values must be numeric.</P>
+<PRE>
+ -n <service-name>
+</PRE>
+<P>This option specifies the service name used for logging and other purposes. The default service name is <TT>slapd</TT>.</P>
+<PRE>
+ -l <syslog-local-user>
+</PRE>
+<P>This option specifies the local user for the <EM>syslog</EM>(8) facility. Values can be <TT>LOCAL0</TT>, <TT>LOCAL1</TT>, <TT>LOCAL2</TT>, ..., and <TT>LOCAL7</TT>. The default is <TT>LOCAL4</TT>. This option may not be supported on all systems.</P>
+<PRE>
+ -u user -g group
+</PRE>
+<P>These options specify the user and group, respectively, to run as. <TT>user</TT> can be either a user name or uid. <TT>group</TT> can be either a group name or gid.</P>
+<PRE>
+ -r directory
+</PRE>
+<P>This option specifies a run-time directory. slapd will <EM>chroot</EM>(2) to this directory after opening listeners but before reading any configuration files or initializing any backends.</P>
+<UL>
+</UL>
+<PRE>
+ -d <level> | ?
+</PRE>
+<P>This option sets the slapd debug level to <level>. When level is a `?' character, the various debugging levels are printed and slapd exits, regardless of any other options you give it. Current debugging levels are</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 6.1: Debugging Levels</CAPTION>
+<TR CLASS="heading">
+<TD ALIGN='Right'>
+<STRONG>Level</STRONG>
+</TD>
+<TD ALIGN='Left'>
+<STRONG>Description</STRONG>
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+-1
+</TD>
+<TD ALIGN='Left'>
+enable all debugging
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+0
+</TD>
+<TD ALIGN='Left'>
+no debugging
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+1
+</TD>
+<TD ALIGN='Left'>
+trace function calls
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+2
+</TD>
+<TD ALIGN='Left'>
+debug packet handling
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+4
+</TD>
+<TD ALIGN='Left'>
+heavy trace debugging
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+8
+</TD>
+<TD ALIGN='Left'>
+connection management
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+16
+</TD>
+<TD ALIGN='Left'>
+print out packets sent and received
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+32
+</TD>
+<TD ALIGN='Left'>
+search filter processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+64
+</TD>
+<TD ALIGN='Left'>
+configuration file processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+128
+</TD>
+<TD ALIGN='Left'>
+access control list processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+256
+</TD>
+<TD ALIGN='Left'>
+stats log connections/operations/results
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+512
+</TD>
+<TD ALIGN='Left'>
+stats log entries sent
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+1024
+</TD>
+<TD ALIGN='Left'>
+print communication with shell backends
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+2048
+</TD>
+<TD ALIGN='Left'>
+print entry parsing debugging
+</TD>
+</TR>
+</TABLE>
+
+<P>You may enable multiple levels by specifying the debug option once for each desired level. Or, since debugging levels are additive, you can do the math yourself. That is, if you want to trace function calls and watch the config file being processed, you could set level to the sum of those two levels (in this case, <TT> -d 65</TT>). Or, you can let slapd do the math, (e.g. <TT> -d 1 -d 64</TT>). Consult <TT><ldap_log.h></TT> for more details.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>slapd must have been compiled with <TT>-DLDAP_DEBUG</TT> defined for any debugging information beyond the two stats levels to be available.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H2><A NAME="Starting slapd">7.2. Starting slapd</A></H2>
+<P>In general, slapd is run like this:</P>
+<PRE>
+ /usr/local/etc/libexec/slapd [<option>]*
+</PRE>
+<P>where <TT>/usr/local/etc/libexec</TT> is determined by <TT>configure</TT> and <option> is one of the options described above (or in <EM>slapd</EM>(8)). Unless you have specified a debugging level (including level <TT>0</TT>), slapd will automatically fork and detach itself from its controlling terminal and run in the background.</P>
+<H2><A NAME="Stopping slapd">7.3. Stopping slapd</A></H2>
+<P>To kill off slapd safely, you should give a command like this</P>
+<PRE>
+ kill -INT `cat /usr/local/var/slapd.pid`
+</PRE>
+<P>where <TT>/usr/local/var</TT> is determined by <TT>configure</TT>.</P>
+<P>Killing slapd by a more drastic method may cause information loss or database corruption.</P>
+<P></P>
+<HR>
+<H1><A NAME="Database Creation and Maintenance Tools">8. Database Creation and Maintenance Tools</A></H1>
+<P>This section tells you how to create a slapd database from scratch, and how to do trouble shooting if you run into problems. There are two ways to create a database. First, you can create the database on-line using LDAP. With this method, you simply start up slapd and add entries using the LDAP client of your choice. This method is fine for relatively small databases (a few hundred or thousand entries, depending on your requirements). This method works for database types which support updates.</P>
+<P>The second method of database creation is to do it off-line using special utilities provided with slapd. This method is best if you have many thousands of entries to create, which would take an unacceptably long time using the LDAP method, or if you want to ensure the database is not accessed while it is being created. Note that not all database types support these utilitites.</P>
+<H2><A NAME="Creating a database over LDAP">8.1. Creating a database over LDAP</A></H2>
+<P>With this method, you use the LDAP client of your choice (e.g., the <EM>ldapadd</EM>(1)) to add entries, just like you would once the database is created. You should be sure to set the following options in the configuration file before starting <EM>slapd</EM>(8).</P>
+<PRE>
+ suffix <dn>
+</PRE>
+<P>As described in the <A HREF="#General Database Directives">General Database Directives</A> section, this option defines which entries are to be held by this database. You should set this to the DN of the root of the subtree you are trying to create. For example:</P>
+<PRE>
+ suffix "dc=example,dc=com"
+</PRE>
+<P>You should be sure to specify a directory where the index files should be created:</P>
+<PRE>
+ directory <directory>
+</PRE>
+<P>For example:</P>
+<PRE>
+ directory /usr/local/var/openldap-data
+</PRE>
+<P>You need to create this directory with appropriate permissions such that slapd can write to it.</P>
+<P>You need to configure slapd so that you can connect to it as a directory user with permission to add entries. You can configure the directory to support a special <EM>super-user</EM> or <EM>root</EM> user just for this purpose. This is done through the following two options in the database definition:</P>
+<PRE>
+ rootdn <dn>
+ rootpw <passwd>
+</PRE>
+<P>For example:</P>
+<PRE>
+ rootdn "cn=Manager,dc=example,dc=com"
+ rootpw secret
+</PRE>
+<P>These options specify a DN and password that can be used to authenticate as the <EM>super-user</EM> entry of the database (i.e., the entry allowed to do anything). The DN and password specified here will always work, regardless of whether the entry named actually exists or has the password given. This solves the chicken-and-egg problem of how to authenticate and add entries before any entries yet exist.</P>
+<P>Finally, you should make sure that the database definition contains the index definitions you want:</P>
+<PRE>
+ index {<attrlist> | default} [pres,eq,approx,sub,none]
+</PRE>
+<P>For example, to index the <TT>cn</TT>, <TT>sn</TT>, <TT>uid</TT> and <TT>objectclass</TT> attributes, the following <TT>index</TT> directives could be used:</P>
+<PRE>
+ index cn,sn,uid pres,eq,approx,sub
+ index objectClass eq
+</PRE>
+<P>This would create presence, equality, approximate, and substring indices for the <TT>cn</TT>, <TT>sn</TT>, and <TT>uid</TT> attributes and an equality index for the <TT>objectClass</TT> attribute. Note that not all index types are available with all attribute types. See <A HREF="#The slapd Configuration File">The slapd Configuration File</A> section for more information on this option.</P>
+<P>Once you have configured things to your liking, start up slapd, connect with your LDAP client, and start adding entries. For example, to add an organization entry and an organizational role entry using the <I>ldapadd</I> tool, you could create an <TERM>LDIF</TERM> file called <TT>entries.ldif</TT> with the contents:</P>
+<PRE>
+ # Organization for Example Corporation
+ dn: dc=example,dc=com
+ objectClass: dcObject
+ objectClass: organization
+ dc: example
+ o: Example Corporation
+ description: The Example Corporation
+
+ # Organizational Role for Directory Manager
+ dn: cn=Manager,dc=example,dc=com
+ objectClass: organizationalRole
+ cn: Manager
+ description: Directory Manager
+</PRE>
+<P>and then use a command like this to actually create the entry:</P>
+<PRE>
+ ldapadd -f entries.ldif -x -D "cn=Manager,dc=example,dc=com" -w secret
+</PRE>
+<P>The above command assumes settings provided in the above examples.</P>
+<H2><A NAME="Creating a database off-line">8.2. Creating a database off-line</A></H2>
+<P>The second method of database creation is to do it off-line, using the slapd database tools described below. This method is best if you have many thousands of entries to create, which would take an unacceptably long time to add using the LDAP method described above. These tools read the slapd configuration file and an input file containing a text representation of the entries to add. For database types which support the tools, they produce the database files directly (otherwise you must use the on-line method above). There are several important configuration options you will want to be sure and set in the config file database definition first:</P>
+<PRE>
+ suffix <dn>
+</PRE>
+<P>As described in the <A HREF="#General Database Directives">General Database Directives</A> section, this option defines which entries are to be held by this database. You should set this to the DN of the root of the subtree you are trying to create. For example:</P>
+<PRE>
+ suffix "dc=example,dc=com"
+</PRE>
+<P>You should be sure to specify a directory where the index files should be created:</P>
+<PRE>
+ directory <directory>
+</PRE>
+<P>For example:</P>
+<PRE>
+ directory /usr/local/var/openldap-data
+</PRE>
+<P>Finally, you need to specify which indices you want to build. This is done by one or more index options.</P>
+<PRE>
+ index {<attrlist> | default} [pres,eq,approx,sub,none]
+</PRE>
+<P>For example:</P>
+<PRE>
+ index cn,sn,uid pres,eq,approx,sub
+ index objectClass eq
+</PRE>
+<P>This would create presence, equality, approximate, and substring indices for the <TT>cn</TT>, <TT>sn</TT>, and <TT>uid</TT> attributes and an equality index for the <TT>objectClass</TT> attribute. Note that not all index types are available with all attribute types. See <A HREF="#The slapd Configuration File">The slapd Configuration File</A> section for more information on this option.</P>
+<H3><A NAME="The {{EX:slapadd}} program">8.2.1. The <TT>slapadd</TT> program</A></H3>
+<P>Once you've configured things to your liking, you create the primary database and associated indices by running the <EM>slapadd</EM>(8) program:</P>
+<PRE>
+ slapadd -l <inputfile> -f <slapdconfigfile>
+ [-d <debuglevel>] [-n <integer>|-b <suffix>]
+</PRE>
+<P>The arguments have the following meanings:</P>
+<PRE>
+ -l <inputfile>
+</PRE>
+<P>Specifies the <TERM>LDIF</TERM> input file containing the entries to add in text form (described below in the <A HREF="#The LDIF text entry format">The LDIF text entry format</A> section).</P>
+<PRE>
+ -f <slapdconfigfile>
+</PRE>
+<P>Specifies the slapd configuration file that tells where to create the indices, what indices to create, etc.</P>
+<PRE>
+ -d <debuglevel>
+</PRE>
+<P>Turn on debugging, as specified by <TT><debuglevel></TT>. The debug levels are the same as for slapd. See the <A HREF="#Command-Line Options">Command-Line Options</A> section in <A HREF="#Running slapd">Running slapd</A>.</P>
+<PRE>
+ -n <databasenumber>
+</PRE>
+<P>An optional argument that specifies which database to modify. The first database listed in the configuration file is <TT>1</TT>, the second <TT>2</TT>, etc. By default, the first database in the configuration file is used. Should not be used in conjunction with <TT>-b</TT>.</P>
+<PRE>
+ -b <suffix>
+</PRE>
+<P>An optional argument that specifies which database to modify. The provided suffix is matched against a database <TT>suffix</TT> directive to determine the database number. Should not be used in conjunction with <TT>-n</TT>.</P>
+<H3><A NAME="The {{EX:slapindex}} program">8.2.2. The <TT>slapindex</TT> program</A></H3>
+<P>Sometimes it may be necessary to regenerate indices (such as after modifying <EM>slapd.conf</EM>(5)). This is possible using the <EM>slapindex</EM>(8) program. <EM>slapindex</EM> is invoked like this</P>
+<PRE>
+ slapindex -f <slapdconfigfile>
+ [-d <debuglevel>] [-n <databasenumber>|-b <suffix>]
+</PRE>
+<P>Where the <TT>-f</TT>, <TT>-d</TT>, <TT>-n</TT> and <TT>-b</TT> options are the same as for the <EM>slapadd</EM>(1) program. <EM>slapindex</EM> rebuilds all indices based upon the current database contents.</P>
+<H3><A NAME="The {{EX:slapcat}} program">8.2.3. The <TT>slapcat</TT> program</A></H3>
+<P>The <TT>slapcat</TT> program is used to dump the database to an <TERM>LDIF</TERM> file. This can be useful when you want to make a human-readable backup of your database or when you want to edit your database off-line. The program is invoked like this:</P>
+<PRE>
+ slapcat -l <filename> -f <slapdconfigfile>
+ [-d <debuglevel>] [-n <databasenumber>|-b <suffix>]
+</PRE>
+<P>where <TT>-n</TT> or <TT>-b</TT> is used to select the database in the <EM>slapd.conf</EM>(5) specified using <TT>-f</TT>. The corresponding <TERM>LDIF</TERM> output is written to standard output or to the file specified using the <TT>-l</TT> option.</P>
+<H2><A NAME="The LDIF text entry format">8.3. The LDIF text entry format</A></H2>
+<P>The <TERM>LDAP Data Interchange Format</TERM> (LDIF) is used to represent LDAP entries in a simple text format. This section provides a brief description of the LDIF entry format which complements <EM>ldif</EM>(5) and the technical specification <A HREF="http://www.rfc-editor.org/rfc/rfc2849.txt">RFC2849</A>.</P>
+<P>The basic form of an entry is:</P>
+<PRE>
+ # comment
+ dn: <distinguished name>
+ <attrdesc>: <attrvalue>
+ <attrdesc>: <attrvalue>
+
+ ...
+</PRE>
+<P>Lines starting with a '<TT>#</TT>' character are comments. An attribute description may be a simple attribute type like <TT>cn</TT> or <TT>objectClass</TT> or <TT>1.2.3</TT> (an <TERM>OID</TERM> associated with an attribute type) or may include options such as <TT>cn;lang_en_US</TT> or <TT>userCertificate;binary</TT>.</P>
+<P>A line may be continued by starting the next line with a <EM>single</EM> space or tab character. For example:</P>
+<PRE>
+ dn: cn=Barbara J Jensen,dc=example,dc=
+ com
+ cn: Barbara J
+ Jensen
+</PRE>
+<P>is equivalent to:</P>
+<PRE>
+ dn: cn=Barbara J Jensen,dc=example,dc=com
+ cn: Barbara J Jensen
+</PRE>
+<P>Multiple attribute values are specified on separate lines. e.g.,</P>
+<PRE>
+ cn: Barbara J Jensen
+ cn: Babs Jensen
+</PRE>
+<P>If an <TT><attrvalue></TT> contains non-printing characters or begins with a space, a colon ('<TT>:</TT>'), or a less than ('<TT><</TT>'), the <TT><attrdesc></TT> is followed by a double colon and the base64 encoding of the value. For example, the value "<TT> begins with a space</TT>" would be encoded like this:</P>
+<PRE>
+ cn:: IGJlZ2lucyB3aXRoIGEgc3BhY2U=
+</PRE>
+<P>You can also specify a <TERM>URL</TERM> containing the attribute value. For example, the following specifies the <TT>jpegPhoto</TT> value should be obtained from the file <TT>/path/to/file.jpeg</TT>.</P>
+<PRE>
+ cn:< file:///path/to/file.jpeg
+</PRE>
+<P>Multiple entries within the same LDIF file are separated by blank lines. Here's an example of an LDIF file containing three entries.</P>
+<PRE>
+ # Barbara's Entry
+ dn: cn=Barbara J Jensen,dc=example,dc=com
+ cn: Barbara J Jensen
+ cn: Babs Jensen
+ objectClass: person
+ sn: Jensen
+
+ # Bjorn's Entry
+ dn: cn=Bjorn J Jensen,dc=example,dc=com
+ cn: Bjorn J Jensen
+ cn: Bjorn Jensen
+ objectClass: person
+ sn: Jensen
+ # Base64 encoded JPEG photo
+ jpegPhoto:: /9j/4AAQSkZJRgABAAAAAQABAAD/2wBDABALD
+ A4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQ
+ ERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVG
+
+ # Jennifer's Entry
+ dn: cn=Jennifer J Jensen,dc=example,dc=com
+ cn: Jennifer J Jensen
+ cn: Jennifer Jensen
+ objectClass: person
+ sn: Jensen
+ # JPEG photo from file
+ jpegPhoto:< file:///path/to/file.jpeg
+</PRE>
+<P>Notice that the <TT>jpegPhoto</TT> in Bjorn's entry is base 64 encoded and the <TT>jpegPhoto</TT> in Jennifer's entry is obtained from the location indicated by the URL.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>Trailing spaces are not trimmed from values in an LDIF file. Nor are multiple internal spaces compressed. If you don't want them in your data, don't put them there.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<P></P>
+<HR>
+<H1><A NAME="Schema Specification">9. Schema Specification</A></H1>
+<P>This chapter describes how to extend the user schema used by <EM>slapd</EM>(8). The chapter assumes the reader is familar with the <TERM>LDAP</TERM>/<TERM>X.500</TERM> information model.</P>
+<P>The first section, <A HREF="#Distributed Schema Files">Distributed Schema Files</A> details optional schema definitions provided in the distribution and where to obtain other definitions. The second section, <A HREF="#Extending Schema">Extending Schema</A>, details how to define new schema items.</P>
+<P>This chapter does not discuss how to extend system schema used by <EM>slapd</EM>(8) as this requires source code modification. System schema includes all operational attribute types or any object class which allows or requires an operational attribute (directly or indirectly).</P>
+<H2><A NAME="Distributed Schema Files">9.1. Distributed Schema Files</A></H2>
+<P>OpenLDAP is distributed with a set of schema specifications for your use. Each set is defined in a file suitable for inclusion (using the <TT>include</TT> directive) in your <EM>slapd.conf</EM>(5) file. These schema files are normally installed in the <TT>/usr/local/etc/openldap/schema</TT> directory.</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 8.1: Provided Schema Specifications</CAPTION>
+<TR CLASS="heading">
+<TD ALIGN='Left'>
+<STRONG>File</STRONG>
+</TD>
+<TD ALIGN='Right'>
+<STRONG>Description</STRONG>
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>core.schema</TT>
+</TD>
+<TD ALIGN='Right'>
+OpenLDAP <EM>core</EM> (required)
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>cosine.schema</TT>
+</TD>
+<TD ALIGN='Right'>
+Cosine and Internet X.500 (useful)
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>inetorgperson.schema</TT>
+</TD>
+<TD ALIGN='Right'>
+InetOrgPerson (useful)
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>misc.schema</TT>
+</TD>
+<TD ALIGN='Right'>
+Assorted (experimental)
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>nis.schema</TT>
+</TD>
+<TD ALIGN='Right'>
+Network Information Services (FYI)
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>openldap.schema</TT>
+</TD>
+<TD ALIGN='Right'>
+OpenLDAP Project (experimental)
+</TD>
+</TR>
+</TABLE>
+
+<P>To use any of these schema files, you only need to include the desired file in the global definitions portion of your <EM>slapd.conf</EM>(5) file. For example:</P>
+<PRE>
+ # include schema
+ include /usr/local/etc/openldap/schema/core.schema
+ include /usr/local/etc/openldap/schema/cosine.schema
+ include /usr/local/etc/openldap/schema/inetorgperson.schema
+</PRE>
+<P>Additional files may be available. Please consult the OpenLDAP FAQ (<A HREF="http://www.openldap.org/faq/">http://www.openldap.org/faq/</A>).</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>You should not modify any of the schema items defined in provided files.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H2><A NAME="Extending Schema">9.2. Extending Schema</A></H2>
+<P>Schema used by <EM>slapd</EM>(8) may be extended to support additional syntaxes, matching rules, attribute types, and object classes. This chapter details how to add user application attribute types and object classes using the syntaxes and matching rules already supported by slapd. slapd can also be extended to support additional syntaxes, matching rules and system schema, but this requires some programming and hence is not discussed here.</P>
+<P>There are five steps to defining new schema:</P>
+<OL>
+<LI>obtain Object Identifer
+<LI>choose a name prefix
+<LI>create local schema file
+<LI>define custom attribute types (if necessary)
+<LI>define custom object classes</OL>
+<H3><A NAME="Object Identifiers">9.2.1. Object Identifiers</A></H3>
+<P>Each schema element is identified by a globally unique <TERM>Object Identifier</TERM> (OID). OIDs are also used to identify other objects. They are commonly found in protocols described by <TERM>ASN.1</TERM>. In particular, they are heavily used by the <TERM>Simple Network Management Protocol</TERM> (SNMP). As OIDs are hierarchical, your organization can obtain one OID and branch it as needed. For example, if your organization were assigned OID <TT>1.1</TT>, you could branch the tree as follows:</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 8.2: Example OID hierarchy</CAPTION>
+<TR CLASS="heading">
+<TD ALIGN='Left'>
+<STRONG>OID</STRONG>
+</TD>
+<TD ALIGN='Right'>
+<STRONG>Assignment</STRONG>
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>1.1</TT>
+</TD>
+<TD ALIGN='Right'>
+Organization's OID
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>1.1.1</TT>
+</TD>
+<TD ALIGN='Right'>
+SNMP Elements
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>1.1.2</TT>
+</TD>
+<TD ALIGN='Right'>
+LDAP Elements
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>1.1.2.1</TT>
+</TD>
+<TD ALIGN='Right'>
+AttributeTypes
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>1.1.2.1.1</TT>
+</TD>
+<TD ALIGN='Right'>
+myAttribute
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>1.1.2.2</TT>
+</TD>
+<TD ALIGN='Right'>
+ObjectClasses
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Left'>
+<TT>1.1.2.2.1</TT>
+</TD>
+<TD ALIGN='Right'>
+myObjectClass
+</TD>
+</TR>
+</TABLE>
+
+<P>You are, of course, free to design a hierarchy suitable to your organizational needs under your organization's OID. No matter what hierarchy you choose, you should maintain a registry of assignments you make. This can be a simple flat file or something more sophisticated such as the <EM>OpenLDAP OID Registry</EM> (<A HREF="http://www.openldap.org/faq/index.cgi?file=197">http://www.openldap.org/faq/index.cgi?file=197</A>).</P>
+<P>For more information about Object Identifers (and a listing service) see <A HREF="http://www.alvestrand.no/harald/objectid/">http://www.alvestrand.no/harald/objectid/</A>.</P>
+<UL>
+<EM>Under no circumstances should you hijack OID namespace!</EM></UL>
+<P>To obtain a registered OID at <EM>no cost</EM>, apply for an OID under the <A HREF="http://www.iana.org/">Internet Assigned Numbers Authority</A> (IANA) maintained <EM>Private Enterprise</EM> arc. Any private enterprise (organization) may request an OID to be assigned under this arc. Just fill out the <A HREF="http://www.iana.org/">IANA</A> form at <A HREF="http://www.iana.org/cgi-bin/enterprise.pl">http://www.iana.org/cgi-bin/enterprise.pl</A> and your official OID will be sent to you usually within a few days. Your base OID will be something like <TT>1.3.6.1.4.1.X</TT> where <TT>X</TT> is an integer.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>Don't let the "MIB/SNMP" statement on the IANA page confuse you. OIDs obtained using this form may be used for any purpose including identifying LDAP schema elements.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<P>Alternatively, OID name space may be available from a national authority (e.g., <A HREF="http://www.ansi.org/">ANSI</A>, <A HREF="http://www.bsa-global.com/">BSI</A>).</P>
+<H3><A NAME="Name Prefix">9.2.2. Name Prefix</A></H3>
+<P>In addition to assigning a unique object identifier to each schema element, you should provide a least one textual name for each element. The name should be both descriptive and not likely to clash with names of other schema elements. In particular, any name you choose should not clash with present or future Standard Track names.</P>
+<P>To reduce (but not eliminate) the potential for name clashes, the convention is to prefix names of non-Standard Track with a few letters to localize the changes to your organization. The smaller the organization, the longer your prefix should be.</P>
+<P>In the examples below, we have chosen a short prefix '<TT>my</TT>' (to save space). Such a short prefix would only be suitable for a very large, global organization. In general, we recommend something like '<TT>deFirm</TT>' (German company) or '<TT>comExample</TT>' (elements associated with organization associated with <TT>example.com</TT>).</P>
+<H3><A NAME="Local schema file">9.2.3. Local schema file</A></H3>
+<P>The <TT>objectclass</TT> and <TT>attributeTypes</TT> configuration file directives can be used to define schema rules on entries in the directory. It is customary to create a file to contain definitions of your custom schema items. We recommend you create a file <TT>local.schema</TT> in <TT>/usr/local/etc/openldap/schema/local.schema</TT> and then include this file in your <EM>slapd.conf</EM>(5) file immediately after other schema <TT>include</TT> directives.</P>
+<PRE>
+ # include schema
+ include /usr/local/etc/openldap/schema/core.schema
+ include /usr/local/etc/openldap/schema/cosine.schema
+ include /usr/local/etc/openldap/schema/inetorgperson.schema
+ # include local schema
+ include /usr/local/etc/openldap/schema/local.schema
+</PRE>
+<H3><A NAME="Attribute Type Specification">9.2.4. Attribute Type Specification</A></H3>
+<P>The <EM>attributetype</EM> directive is used to define a new attribute type. The directive uses the same Attribute Type Description (as defined in <A HREF="http://www.rfc-editor.org/rfc/rfc2252.txt">RFC2252</A>) used by the attributeTypes attribute found in the subschema subentry, e.g.:</P>
+<PRE>
+ attributetype <<A HREF="http://www.rfc-editor.org/rfc/rfc2252.txt">RFC2252</A> Attribute Type Description>
+</PRE>
+<P>where Attribute Type Description is defined by the following <TERM>BNF</TERM>:</P>
+<PRE>
+ AttributeTypeDescription = "(" whsp
+ numericoid whsp ; AttributeType identifier
+ [ "NAME" qdescrs ] ; name used in AttributeType
+ [ "DESC" qdstring ] ; description
+ [ "OBSOLETE" whsp ]
+ [ "SUP" woid ] ; derived from this other
+ ; AttributeType
+ [ "EQUALITY" woid ; Matching Rule name
+ [ "ORDERING" woid ; Matching Rule name
+ [ "SUBSTR" woid ] ; Matching Rule name
+ [ "SYNTAX" whsp noidlen whsp ] ; Syntax OID
+ [ "SINGLE-VALUE" whsp ] ; default multi-valued
+ [ "COLLECTIVE" whsp ] ; default not collective
+ [ "NO-USER-MODIFICATION" whsp ]; default user modifiable
+ [ "USAGE" whsp AttributeUsage ]; default userApplications
+ whsp ")"
+
+ AttributeUsage =
+ "userApplications" /
+ "directoryOperation" /
+ "distributedOperation" / ; DSA-shared
+ "dSAOperation" ; DSA-specific, value depends on server
+
+</PRE>
+<P>where whsp is a space ('<TT> </TT>'), numericoid is a globally unique OID in dotted-decimal form (e.g. <TT>1.1.0</TT>), qdescrs is one or more names, woid is either the name or OID optionally followed by a length specifier (e.g <TT>{10</TT>}).</P>
+<P>For example, the attribute types <TT>name</TT> and <TT>cn</TT> are defined in <TT>core.schema</TT> as:</P>
+<PRE>
+ attributeType ( 2.5.4.41 NAME 'name'
+ DESC 'name(s) associated with the object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+ attributeType ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+ DESC 'common name(s) assciated with the object'
+ SUP name )
+</PRE>
+<P>Notice that each defines the attribute's OID, provides a short name, and a brief description. Each name is an alias for the OID. <EM>slapd</EM>(8) returns the first listed name when returning results.</P>
+<P>The first attribute, <TT>name</TT>, holds values of <TT>directoryString</TT> (UTF-8 encoded Unicode) syntax. The syntax is specified by OID (1.3.6.1.4.1.1466.115.121.1.15 identifies the directoryString syntax). A length recommendation of 32768 is specified. Servers should support values of this length, but may support longer values The field does NOT specify a size constraint, so is ignored on servers (such as slapd) which don't impose such size limits. In addition, the equality and substring matching uses case ignore rules. Below are tables listing commonly used syntax and matching rules (OpenLDAP supports these and many more).</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 8.3: Commonly Used Syntaxes</CAPTION>
+<TR CLASS="heading">
+<TD>
+<STRONG>Name</STRONG>
+</TD>
+<TD>
+<STRONG>OID</STRONG>
+</TD>
+<TD>
+<STRONG>Description</STRONG>
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>boolean</TT>
+</TD>
+<TD>
+<TT>1.3.6.1.4.1.1466.115.121.1.7</TT>
+</TD>
+<TD>
+boolean value
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>directoryString</TT>
+</TD>
+<TD>
+<TT>1.3.6.1.4.1.1466.115.121.1.15</TT>
+</TD>
+<TD>
+Unicode (UTF-8) string
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>distinguishedName</TT>
+</TD>
+<TD>
+<TT>1.3.6.1.4.1.1466.115.121.1.12</TT>
+</TD>
+<TD>
+LDAP DN
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>integer</TT>
+</TD>
+<TD>
+<TT>1.3.6.1.4.1.1466.115.121.1.27</TT>
+</TD>
+<TD>
+integer
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>numericString</TT>
+</TD>
+<TD>
+<TT>1.3.6.1.4.1.1466.115.121.1.36</TT>
+</TD>
+<TD>
+numeric string
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>OID</TT>
+</TD>
+<TD>
+<TT>1.3.6.1.4.1.1466.115.121.1.38</TT>
+</TD>
+<TD>
+object identifier
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>octetString</TT>
+</TD>
+<TD>
+<TT>1.3.6.1.4.1.1466.115.121.1.40</TT>
+</TD>
+<TD>
+arbitary octets
+</TD>
+</TR>
+</TABLE>
+
+<PRE>
+
+</PRE>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 8.4: Commonly Used Matching Rules</CAPTION>
+<TR CLASS="heading">
+<TD>
+<STRONG>Name</STRONG>
+</TD>
+<TD>
+<STRONG>Type</STRONG>
+</TD>
+<TD>
+<STRONG>Description</STRONG>
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>booleanMatch</TT>
+</TD>
+<TD>
+equality
+</TD>
+<TD>
+boolean
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>caseIgnoreMatch</TT>
+</TD>
+<TD>
+equality
+</TD>
+<TD>
+case insensitive, space insensitive
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>caseIgnoreOrderingMatch</TT>
+</TD>
+<TD>
+ordering
+</TD>
+<TD>
+case insensitive, space insensitive
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>caseIgnoreSubstringsMatch</TT>
+</TD>
+<TD>
+substrings
+</TD>
+<TD>
+case insensitive, space insensitive
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>caseExactMatch</TT>
+</TD>
+<TD>
+equality
+</TD>
+<TD>
+case sensitive, space insensitive
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>caseExactOrderingMatch</TT>
+</TD>
+<TD>
+ordering
+</TD>
+<TD>
+case sensitive, space insensitive
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>caseExactSubstringsMatch</TT>
+</TD>
+<TD>
+substrings
+</TD>
+<TD>
+case sensitive, space insensitive
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>distinguishedNameMatch</TT>
+</TD>
+<TD>
+equality
+</TD>
+<TD>
+distinguished name
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>integerMatch</TT>
+</TD>
+<TD>
+equality
+</TD>
+<TD>
+integer
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>integerOrderingMatch</TT>
+</TD>
+<TD>
+ordering
+</TD>
+<TD>
+integer
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>numericStringMatch</TT>
+</TD>
+<TD>
+equality
+</TD>
+<TD>
+numerical
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>numericStringOrderingMatch</TT>
+</TD>
+<TD>
+ordering
+</TD>
+<TD>
+numerical
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>numericStringSubstringsMatch</TT>
+</TD>
+<TD>
+substrings
+</TD>
+<TD>
+numerical
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>octetStringMatch</TT>
+</TD>
+<TD>
+equality
+</TD>
+<TD>
+octet string
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>octetStringOrderingStringMatch</TT>
+</TD>
+<TD>
+ordering
+</TD>
+<TD>
+octet string
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>octetStringSubstringsStringMatch</TT>
+</TD>
+<TD>
+ordering
+</TD>
+<TD>
+octet string
+</TD>
+</TR>
+<TR>
+<TD>
+<TT>objectIdentiferMatch</TT>
+</TD>
+<TD>
+equality
+</TD>
+<TD>
+object identifier
+</TD>
+</TR>
+</TABLE>
+
+<P>The second attribute, <TT>cn</TT>, is a subtype of <TT>name</TT> hence it inherits the syntax, matching rules, and usage of <TT>name</TT>. <TT>commonName</TT> is an alternative name.</P>
+<P>Neither attribute is restricted to a single value. Both are meant for usage by user applications. Neither is obsolete nor collective.</P>
+<P>The following subsections provide a couple of examples.</P>
+<H4><A NAME="myUniqueName">9.2.4.1. myUniqueName</A></H4>
+<P>Many organizations maintain a single unique name for each user. Though one could use <TT>displayName</TT> (<A HREF="http://www.rfc-editor.org/rfc/rfc2798.txt">RFC2798</A>), this attribute is really meant to be controlled by the user, not the organization. We could just copy the definition of <TT>displayName</TT> from <TT>inetorgperson.schema</TT> and replace the OID, name, and description, e.g:</P>
+<PRE>
+ attributetype ( 1.1.2.1.1 NAME 'myUniqueName'
+ DESC 'unique name with my organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+</PRE>
+<P>However, if we want this name to be included in <TT>name</TT> assertions [e.g. <TT>(name=*Jane*)</TT>], the attribute could alternatively be defined as a subtype of <TT>name</TT>, e.g.:</P>
+<PRE>
+ attributetype ( 1.1.2.1.1 NAME 'myUniqueName'
+ DESC 'unique name with my organization'
+ SUP name )
+</PRE>
+<H4><A NAME="myPhoto">9.2.4.2. myPhoto</A></H4>
+<P>Many organizations maintain a photo of each each user. A <TT>myPhoto</TT> attribute type could be defined to hold a photo. Of course, one could use just use <TT>jpegPhoto</TT> (<A HREF="http://www.rfc-editor.org/rfc/rfc2798.txt">RFC2798</A>) (or a subtype) to hold the photo. However, you can only do this if the photo is in <EM>JPEG File Interchange Format</EM>. Alternatively, an attribute type which uses the <EM>Octet String</EM> syntax can be defined, e.g.:</P>
+<PRE>
+ attributetype ( 1.1.2.1.2 NAME 'myPhoto'
+ DESC 'a photo (application defined format)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE )
+</PRE>
+<P>In this case, the syntax doesn't specify the format of the photo. It's assumed (maybe incorrectly) that all applications accessing this attribute agree on the handling of values.</P>
+<P>If you wanted to support multiple photo formats, you could define a separate attribute type for each format, prefix the photo with some typing information, or describe the value using <TERM>ASN.1</TERM> and use the <TT>;binary</TT> transfer option.</P>
+<P>Another alternative is for the attribute to hold a <TERM>URI</TERM> pointing to the photo. You can model such an attribute after <TT>labeledURI</TT> (<A HREF="http://www.rfc-editor.org/rfc/rfc2079.txt">RFC2079</A>) or simply create a subtype, e.g.:</P>
+<PRE>
+ attributetype ( 1.1.2.1.3 NAME 'myPhotoURI'
+ DESC 'URI and optional label referring to a photo'
+ SUP labeledURI )
+</PRE>
+<H3><A NAME="Object Class Specification">9.2.5. Object Class Specification</A></H3>
+<P>The <EM>objectclasses</EM> directive is used to define a new object class. The directive uses the same Object Class Description (as defined in <A HREF="http://www.rfc-editor.org/rfc/rfc2252.txt">RFC2252</A>) used by the objectClasses attribute found in the subschema subentry, e.g.:</P>
+<PRE>
+ objectclass <<A HREF="http://www.rfc-editor.org/rfc/rfc2252.txt">RFC2252</A> Object Class Description>
+</PRE>
+<P>where Object Class Description is defined by the following <TERM>BNF</TERM>:</P>
+<PRE>
+ ObjectClassDescription = "(" whsp
+ numericoid whsp ; ObjectClass identifier
+ [ "NAME" qdescrs ]
+ [ "DESC" qdstring ]
+ [ "OBSOLETE" whsp ]
+ [ "SUP" oids ] ; Superior ObjectClasses
+ [ ( "ABSTRACT" / "STRUCTURAL" / "AUXILIARY" ) whsp ]
+ ; default structural
+ [ "MUST" oids ] ; AttributeTypes
+ [ "MAY" oids ] ; AttributeTypes
+ whsp ")"
+</PRE>
+<P>where whsp is a space ('<TT> </TT>'), numericoid is a globally unique OID in numeric form (e.g. <TT>1.1.0</TT>), qdescrs is one or more names, and oids is one or more names and/or OIDs.</P>
+<H4><A NAME="myPhotoObject">9.2.5.1. myPhotoObject</A></H4>
+<P>To define an <EM>auxiliary</EM> object class which allows myPhoto to be added to any existing entry.</P>
+<PRE>
+ objectclass ( 1.1.2.2.1 NAME 'myPhotoObject'
+ DESC 'mixin myPhoto'
+ AUXILIARY
+ MAY myPhoto )
+</PRE>
+<H4><A NAME="myPerson">9.2.5.2. myPerson</A></H4>
+<P>If your organization would like have a private <EM>structural</EM> object class to instantiate users, you can subclass one of the existing person classes, such as <TT>inetOrgPerson</TT> (<A HREF="http://www.rfc-editor.org/rfc/rfc2798.txt">RFC2798</A>), and add any additional attributes which you desire.</P>
+<PRE>
+ objectclass ( 1.1.2.2.2 NAME 'myPerson'
+ DESC 'my person'
+ SUP inetOrgPerson
+ MUST ( myUniqueName $ givenName )
+ MAY myPhoto )
+</PRE>
+<P>The object class inherits the required/allowed attribute types of <TT>inetOrgPerson</TT> but requires <TT>myUniqueName</TT> and <TT>givenName</TT> and allows <TT>myPhoto</TT>.</P>
+<H3><A NAME="OID Macros">9.2.6. OID Macros</A></H3>
+<P>To ease the management and use of OIDs, <EM>slapd</EM>(8) supports <EM>Object Identifier</EM> macros. The <TT>objectIdentifier</TT> directive is used to equate a macro (name) with a OID. The OID may possibly be derived from a previously defined OID macro. The <EM>slapd.conf</EM>(5) syntax is:</P>
+<PRE>
+ objectIdentifier <name> { <oid> | <name>[:<suffix>] }
+</PRE>
+<P>The following demonstrates definition of a set of OID macros and their use in defining schema elements:</P>
+<PRE>
+ objectIdentifier myOID 1.1
+ objectIdentifier mySNMP myOID:1
+ objectIdentifier myLDAP myOID:2
+ objectIdentifier myAttributeType myLDAP:1
+ objectIdentifier myObjectClass myLDAP:2
+ attributetype ( myAttributeType:3 NAME 'myPhotoURI'
+ DESC 'URI and optional label referring to a photo'
+ SUP labeledURI )
+ objectclass ( myObjectClass:1 NAME 'myPhotoObject'
+ DESC 'mixin myPhoto'
+ AUXILIARY
+ MAY myPhoto )
+</PRE>
+<P></P>
+<HR>
+<H1><A NAME="Security Considerations">10. Security Considerations</A></H1>
+<P>OpenLDAP Software is designed to run in a wide variety of computing environments from tightly-controlled closed networks to the global Internet. Hence, OpenLDAP Software supports many different security mechanisms. This chapter describes these mechanisms and discusses security considerations for using OpenLDAP Software.</P>
+<H2><A NAME="Network Security">10.1. Network Security</A></H2>
+<H3><A NAME="Selective Listening">10.1.1. Selective Listening</A></H3>
+<P>By default, <EM>slapd</EM>(8) will listen on both the IPv4 and IPv6 "any" addresses. It is often desirable to have <EM>slapd</EM> listen on select address/port pairs. For example, listening only on the IPv4 address <TT>127.0.0.1</TT> will disallow remote access to the directory server. E.g.:</P>
+<PRE>
+ slapd -h ldap://127.0.0.1
+</PRE>
+<P>While the server can be configured to listen on a particular interface address, this doesn't necessarily restrict access to the server to only those networks accessible via that interface. To selective restrict remote access, it is recommend that an <A HREF="#IP Firewall">IP Firewall</A> be used to restrict access.</P>
+<P>See <A HREF="#Command-line Options">Command-line Options</A> and <EM>slapd</EM>(8) for more information.</P>
+<H3><A NAME="IP Firewall">10.1.2. IP Firewall</A></H3>
+<P><TERM>IP</TERM> firewall capabilities of the server system can be used to restrict access based upon the client's IP address and/or network interface used to communicate with the client.</P>
+<P>Generally, <EM>slapd</EM>(8) listens on port 389/tcp for <A HREF="ldap://">ldap://</A> sessions and port 636/tcp for <A HREF="ldaps://">ldaps://</A>) sessions. <EM>slapd</EM>(8) may be configured to listen on other ports.</P>
+<P>As specifics of how to configure IP firewall are dependent on the particular kind of IP firewall used, no examples are provided here. See the document associated with your IP firewall.</P>
+<H3><A NAME="TCP Wrappers">10.1.3. TCP Wrappers</A></H3>
+<P><EM>slapd</EM>(8) supports <TERM>TCP</TERM> Wrappers. TCP Wrappers provide a rule-based access control system for controlling TCP/IP access to the server. For example, the <EM>host_options</EM>(5) rule:</P>
+<PRE>
+ slapd: 10.0.0.0/255.0.0.0 127.0.0.1 : ALLOW
+ slapd: ALL : DENY
+</PRE>
+<P>allows only incoming connections from the private network <TT>10.0.0.0</TT> and localhost (<TT>127.0.0.1</TT>) to access the directory service. Note that IP addresses are used as <EM>slapd</EM>(8) is not normally configured to perform reverse lookups.</P>
+<P>It is noted that TCP wrappers require the connection to be accepted. As significant processing is required just to deny a connection, it is generally advised that IP firewall protection be used instead of TCP wrappers.</P>
+<P>See <EM>hosts_access</EM>(5) for more information on TCP wrapper rules.</P>
+<H2><A NAME="Data Integrity and Confidentiality Protection">10.2. Data Integrity and Confidentiality Protection</A></H2>
+<P><TERM>Transport Layer Security</TERM> (TLS) can be used to provide data integrity and confidentiality protection. OpenLDAP supports negotiation of <TERM>TLS</TERM> (<TERM>SSL</TERM>) via both StartTLS and <A HREF="ldaps://">ldaps://</A>. See the <A HREF="#Using TLS">Using TLS</A> chapter for more information. StartTLS is the standard track mechanism.</P>
+<P>A number of <TERM>Simple Authentication and Security Layer</TERM> (SASL) mechanisms, such as DIGEST-MD5 and <TERM>GSSAPI</TERM>, also provide data integrity and confidentiality protection. See the <A HREF="#Using SASL">Using SASL</A> chapter for more information.</P>
+<H3><A NAME="Security Strength Factors">10.2.1. Security Strength Factors</A></H3>
+<P>The server uses <TERM>Security Strength Factor</TERM>s (SSF) to indicate the relative strength of protection. A SSF of zero (0) indicates no protections are in place. A SSF of one (1) indicates integrity protection are in place. A SSF greater than one (>1) roughly correlates to the effective encryption key length. For example, <TERM>DES</TERM> is 56, <TERM>3DES</TERM> is 112, and <TERM>AES</TERM> 128, 192, or 256.</P>
+<P>A number of administrative controls rely on SSFs associated with TLS and SASL protection in place on an LDAP session.</P>
+<P><TT>security</TT> controls disallow operations when appropriate protections are not in place. For example:</P>
+<PRE>
+ security ssf=1 update_ssf=112
+</PRE>
+<P>requires integrity protection for all operations and encryption protection, 3DES equivalent, for update operations (e.g. add, delete, modify, etc.). See <EM>slapd.conf</EM>(5) for details.</P>
+<P>For fine-grained control, SSFs may be used in access controls. See <A HREF="#Access Control">Access Control</A> section of the <A HREF="#The slapd Configuration File">The slapd Configuration File</A> for more information.</P>
+<H2><A NAME="Authentication Methods">10.3. Authentication Methods</A></H2>
+<H3><A NAME=""simple" method">10.3.1. "simple" method</A></H3>
+<P>The LDAP "simple" method has three modes of operation:</P>
+<UL>
+<LI>anonymous,
+<LI>unauthenticated, and
+<LI>user/password authenticated.</UL>
+<P>Anonymous access is requested by providing no name and no password to the "simple" bind operation. Unauthenticated access is requested by providing a name but no password. Authenticated access is requested by providing a valid name and password.</P>
+<P>An anonymous bind results in an <EM>anonymous</EM> authorization association. Anonymous bind mechanism is enabled by default, but can be disabled by specifying "<TT>disallow bind_anon</TT>" in <EM>slapd.conf</EM>(5). Note that disabling the anonymous bind mechanism does not prevent anonymous access to the directory. To require authentication to access the directory, one should instead specify "<TT>require authc</TT>".</P>
+<P>An unauthenticated bind also results in an <EM>anonymous</EM> authorization association. Unauthenticated bind mechanism is disabled by default, but can be enabled by specifying "<TT>allow bind_anon_cred</TT>" in <EM>slapd.conf</EM>(5). As a number of LDAP applications mistakenly generate unauthenticated bind request when authenticated access was intended (that is, they do not ensure a password was provided), this mechanism should generally remain disabled.</P>
+<P>A successful user/password authenticated bind results in a user authorization identity, the provided name, being associated with the session. User/password authenticated bind is enabled by default. However, as this mechanism itself offers no evesdropping protection (e.g., the password is set in the clear), it is recommended that it be used only in tightly controlled systems or when the LDAP session is protected by other means (e.g., TLS, <TERM>IPSEC</TERM>). Where the administrator relies on TLS to protect the password, it is recommended that unprotected authentication be disabled. This is done using the <TT>security</TT> directive's <TT>simple_bind</TT> option, which provides fine grain control over the level of confidential protection to require for <EM>simple</EM> user/password authentication. E.g., using <TT>security simple_bind=56</TT> would require <EM>simple</EM> binds to use encryption of DES equivalent or better.</P>
+<P>The user/password authenticated bind mechanism can be completely disabled by setting "<TT>disallow bind_simple</TT>".</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>An unsuccessful bind always results in the session having an <EM>anonymous</EM> authorization association.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H3><A NAME="SASL method">10.3.2. SASL method</A></H3>
+<P>The LDAP <TERM>SASL</TERM> method allows use of any SASL authentication mechanism. The <A HREF="#Using SASL">Using SASL</A> discusses use of SASL.</P>
+<P></P>
+<HR>
+<H1><A NAME="Using SASL">11. Using SASL</A></H1>
+<P>OpenLDAP clients and servers are capable of authenticating via the <TERM>Simple Authentication and Security Layer</TERM> (<TERM>SASL</TERM>) framework, which is detailed in <A HREF="http://www.rfc-editor.org/rfc/rfc2222.txt">RFC2222</A>. This chapter describes how to make use of SASL in OpenLDAP.</P>
+<P>There are several industry standard authentication mechanisms that can be used with SASL, including <TERM>GSSAPI</TERM> for <TERM>Kerberos</TERM> V, DIGEST-MD5, and PLAIN and EXTERNAL for use with <TERM>Transport Layer Security</TERM> (TLS).</P>
+<P>The standard client tools provided with OpenLDAP Software, such as <EM>ldapsearch</EM>(1) and <EM>ldapmodify</EM>(1), will by default attempt to authenticate the user to the <EM>slapd</EM>(8) server using SASL. Basic authentication service can be set up by the LDAP administrator with a few steps, allowing users to be authenticated to the slapd server as their LDAP entry. With a few extra steps, some users and services can be allowed to exploit SASL's proxy authorization feature, allowing them to authenticate themselves and then switch their identity to that of another user or service.</P>
+<P>This chapter assumes you have read <EM>Cyrus SASL for System Administrators</EM>, provided with the <A HREF="http://asg.web.cmu.edu/cyrus/">Cyrus</A> <A HREF="http://asg.web.cmu.edu/sasl/sasl-library.html">SASL</A> package (in <TT>doc/sysadmin.html</TT>) and have a working Cyrus SASL installation. You should use the Cyrus SASL <TT>sample_client</TT> and <TT>sample_server</TT> to test your SASL installation before attempting to make use of it with OpenLDAP Software.</P>
+<P>Note that in the following text the term <EM>user</EM> is used to describe a person or application entity who is connecting to the LDAP server via an LDAP client, such as <EM>ldapsearch</EM>(1). That is, the term <EM>user</EM> not only applies to both an individual using an LDAP client, but to an application entity which issues LDAP client operations without direct user control. For example, an e-mail server which uses LDAP operations to access information held in an LDAP server is an application entity.</P>
+<H2><A NAME="SASL Security Considerations">11.1. SASL Security Considerations</A></H2>
+<P>SASL offers many different authentication mechanisms. This section briefly outlines security considerations.</P>
+<P>Some mechanisms, such as PLAIN and LOGIN, offer no greater security over LDAP <EM>simple</EM> authentication. Like LDAP <EM>simple</EM> authentication, such mechanisms should not be used unless you have adequate security protections in place. It is recommended that these mechanisms be used only in conjunction with <TERM>Transport Layer Security</TERM> (TLS). Use of PLAIN and LOGIN are not discussed further in this document.</P>
+<P>The DIGEST-MD5 mechanism is the mandatory-to-implement authentication mechanism for LDAPv3. Though DIGEST-MD5 is not a strong authentication mechanism in comparison with trusted third party authentication systems (such as Kerberos or public key systems), it does offer significant protections against a number of attacks. Unlike the CRAM-MD5 mechanism, it prevents chosen plaintext attacks. DIGEST-MD5 is favored over the use of plaintext password mechanisms. The CRAM-MD5 mechanism is deprecated in favor of DIGEST-MD5. Use of <A HREF="#DIGEST-MD5">DIGEST-MD5</A> is discussed below.</P>
+<P>The GSSAPI mechanism utilizes Kerberos V to provide secure authentication services. The KERBEROS_V4 mechanism is available for those using Kerberos IV. Kerberos is viewed as a secure, distributed authentication system suitable for both small and large enterprises. Use of <A HREF="#GSSAPI">GSSAPI</A> and <A HREF="#KERBEROS_V4">KERBEROS_V4</A> are discussed below.</P>
+<P>The EXTERNAL mechanism utilizes authentication services provided by lower level network services such as <TERM>TLS</TERM> (TLS). When used in conjunction with <TERM>TLS</TERM> <TERM>X.509</TERM>-based public key technology, EXTERNAL offers strong authentication. Use of EXTERNAL is discussed in the <A HREF="#Using TLS">Using TLS</A> chapter.</P>
+<P>There are other strong authentication mechanisms to choose from, including <TERM>OTP</TERM> (one time passwords) and <TERM>SRP</TERM> (secure remote passwords). These mechanisms are not discussed in this document.</P>
+<H2><A NAME="SASL Authentication">11.2. SASL Authentication</A></H2>
+<P>Getting basic SASL authentication running involves a few steps. The first step configures your slapd server environment so that it can communicate with client programs using the security system in place at your site. This usually involves setting up a service key, a public key, or other form of secret. The second step concerns mapping authentication identities to LDAP DN's, which depends on how entries are laid out in your directory. An explanation of the first step will be given in the next section using Kerberos V4 as an example mechanism. The steps necessary for your site's authentication mechanism will be similar, but a guide to every mechanism available under SASL is beyond the scope of this chapter. The second step is described in the section <A HREF="#Mapping Authentication Identities">Mapping Authentication Identities</A>.</P>
+<H3><A NAME="GSSAPI">11.2.1. GSSAPI</A></H3>
+<P>This section describes the use of the SASL GSSAPI mechanism and Kerberos V with OpenLDAP. It will be assumed that you have Kerberos V deployed, you are familiar with the operation of the system, and that your users are trained in its use. This section also assumes you have familiarized yourself with the use of the GSSAPI mechanism by reading <EM>Configuring GSSAPI and Cyrus SASL</EM> (provided with Cyrus SASL in the <TT>doc/gssapi</TT> file) and successfully experimented with the Cyrus provided <TT>sample_server</TT> and <TT>sample_client</TT> applications. General information about Kerberos is available at <A HREF="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</A>.</P>
+<P>To use the GSSAPI mechanism with <EM>slapd</EM>(8) one must create a service key with a principal for <EM>ldap</EM> service within the realm for the host on which the service runs. For example, if you run <EM>slapd</EM> on <TT>directory.example.com</TT> and your realm is <TT>EXAMPLE.COM</TT>, you need to create a service key with the principal:</P>
+<PRE>
+ ldap/directory.example.com at EXAMPLE.COM
+</PRE>
+<P>When <EM>slapd</EM>(8) runs, it must have access to this key. This is generally done by placing the key into a keytab file, <TT>/etc/krb5.keytab</TT>. See your Kerberos and Cyrus SASL documentation for information regarding keytab location settings.</P>
+<P>To use the GSSAPI mechanism to authenticate to the directory, the user obtains a Ticket Granting Ticket (TGT) prior to running the LDAP client. When using OpenLDAP client tools, the user may mandate use of the GSSAPI mechanism by specifying <TT>-Y GSSAPI</TT> as a command option.</P>
+<P>For the purposes of authentication and authorization, <EM>slapd</EM>(8) associates an authentication request DN of the form:</P>
+<PRE>
+ uid=<primary[/instance]>,cn=<realm>,cn=gssapi,cn=auth
+</PRE>
+<P>Continuing our example, a user with the Kerberos principal <TT>kurt at EXAMPLE.COM</TT> would have the associated DN:</P>
+<PRE>
+ uid=kurt,cn=example.com,cn=gssapi,cn=auth
+</PRE>
+<P>and the principal <TT>ursula/admin at FOREIGN.REALM</TT> would have the associated DN:</P>
+<PRE>
+ uid=ursula/admin,cn=foreign.realm,cn=gssapi,cn=auth
+</PRE>
+<P>The authentication request DN can be used directly ACLs and <TT>groupOfNames</TT> "member" attributes, since it is of legitimate LDAP DN format. Or alternatively, the authentication DN could be mapped before use. See the section <A HREF="#Mapping Authentication Identities">Mapping Authentication Identities</A> for details.</P>
+<H3><A NAME="KERBEROS_V4">11.2.2. KERBEROS_V4</A></H3>
+<P>This section describes the use of the SASL KERBEROS_V4 mechanism with OpenLDAP. It will be assumed that you are familiar with the workings of the Kerberos IV security system, and that your site has Kerberos IV deployed. Your users should be familiar with authentication policy, how to receive credentials in a Kerberos ticket cache, and how to refresh expired credentials.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>KERBEROS_V4 and Kerberos IV are deprecated in favor of GSSAPI and Kerberos V.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<P>Client programs will need to be able to obtain a session key for use when connecting to your LDAP server. This allows the LDAP server to know the identity of the user, and allows the client to know it is connecting to a legitimate server. If encryption layers are to be used, the session key can also be used to help negotiate that option.</P>
+<P>The slapd server runs the service called "<EM>ldap</EM>", and the server will require a srvtab file with a service key. SASL aware client programs will be obtaining an "ldap" service ticket with the user's ticket granting ticket (TGT), with the instance of the ticket matching the hostname of the OpenLDAP server. For example, if your realm is named <TT>EXAMPLE.COM</TT> and the slapd server is running on the host named <TT>directory.example.com</TT>, the <TT>/etc/srvtab</TT> file on the server will have a service key</P>
+<PRE>
+ ldap.directory at EXAMPLE.COM
+</PRE>
+<P>When an LDAP client is authenticating a user to the directory using the KERBEROS_IV mechanism, it will request a session key for that same principal, either from the ticket cache or by obtaining a new one from the Kerberos server. This will require the TGT to be available and valid in the cache as well. If it is not present or has expired, the client may print out the message:</P>
+<PRE>
+ ldap_sasl_interactive_bind_s: Local error
+</PRE>
+<P>When the service ticket is obtained, it will be passed to the LDAP server as proof of the user's identity. The server will extract the identity and realm out of the service ticket using SASL library calls, and convert them into an <EM>authentication request DN</EM> of the form</P>
+<PRE>
+ uid=<username>,cn=<realm>,cn=<mechanism>,cn=auth
+</PRE>
+<P>So in our above example, if the user's name were "adamson", the authentication request DN would be:</P>
+<PRE>
+ uid=adamsom,cn=example.com,cn=kerberos_v4,cn=auth
+</PRE>
+<P>This authentication request DN can be used directly ACLs or, alternatively, mapped prior to use. See the section <A HREF="#Mapping Authentication Identities">Mapping Authentication Identities</A> for details.</P>
+<H3><A NAME="DIGEST-MD5">11.2.3. DIGEST-MD5</A></H3>
+<P>This section describes the use of the SASL DIGEST-MD5 mechanism using secrets stored either in the directory itself or in Cyrus SASL's own database. DIGEST-MD5 relies on the client and the server sharing a "secret", usually a password. The server generates a challenge and the client a response proving that it knows the shared secret. This is much more secure than simply sending the secret over the wire.</P>
+<P>Cyrus SASL supports several shared-secret mechanisms. To do this, it needs access to the plaintext password (unlike mechanisms which pass plaintext passwords over the wire, where the server can store a hashed version of the password).</P>
+<P>The server's copy of the shared-secret may be stored in Cyrus SASL's own <EM>sasldb</EM> database, in an external system accessed via <EM>saslauthd</EM>, or in LDAP database itself. In either case it is very important to apply file access controls and LDAP access controls to prevent exposure of the passwords. The configuration and commands discussed in this section assume the use of Cyrus SASL 2.1.</P>
+<P>To use secrets stored in <EM>sasldb</EM>, simply add users with the <EM>saslpasswd2</EM> command:</P>
+<PRE>
+ saslpasswd2 -c <username>
+</PRE>
+<P>The passwords for such users must be managed with the <EM>saslpasswd2</EM> command.</P>
+<P>To use secrets stored in the LDAP directory, place plaintext passwords in the <TT>userPassword</TT> attribute. It will be necessary to add an option to <TT>slapd.conf</TT> to make sure that passwords set using the LDAP Password Modify Operation are stored in plaintext:</P>
+<PRE>
+ password-hash {CLEARTEXT}
+</PRE>
+<P>Passwords stored in this way can be managed either with <EM>ldappasswd</EM>(1) or by simply modifying the <TT>userPassword</TT> attribute. Regardless of where the passwords are stored, a mapping will be needed from authentication request DN to user's DN.</P>
+<P>The DIGEST-MD5 mechanism produces authentication IDs of the form:</P>
+<PRE>
+ uid=<username>,cn=<realm>,cn=digest-md5,cn=auth
+</PRE>
+<P>If the default realm is used, the realm name is omitted from the ID, giving:</P>
+<PRE>
+ uid=<username>,cn=digest-md5,cn=auth
+</PRE>
+<P>See <A HREF="#Mapping Authentication Identities">Mapping Authentication Identities</A> below for information on optional mapping of identities.</P>
+<P>With suitable mappings in place, users can specify SASL IDs when performing LDAP operations and sldb}} and the directory itself will be used to verify the authentication. For example, the user identified by the directory entry:</P>
+<PRE>
+ dn: cn=Andrew Findlay+uid=u000997,dc=example,dc=com
+ objectclass: inetOrgPerson
+ objectclass: person
+ sn: Findlay
+ uid: u000997
+ userPassword: secret
+</PRE>
+<P>can issue commands of the form:</P>
+<PRE>
+ ldapsearch -Y DIGEST-MD5 -U u000997 ...
+</PRE>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>in each of the above cases, no authorization identity (e.g. <TT>-X</TT>) was provided. Unless you are attempting <A HREF="#SASL Proxy Authorization">SASL Proxy Authorization</A>, no authorization identity should be specified. The server will infer an authorization identity from authentication identity (as described below).
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H3><A NAME="Mapping Authentication Identities">11.2.4. Mapping Authentication Identities</A></H3>
+<P>The authentication mechanism in the slapd server will use SASL library calls to obtain the authenticated user's "username", based on whatever underlying authentication mechanism was used. This username is in the namespace of the authentication mechanism, and not in the normal LDAP namespace. As stated in the sections above, that username is reformatted into an authentication request DN of the form</P>
+<PRE>
+ uid=<username>,cn=<realm>,cn=<mechanism>,cn=auth
+</PRE>
+<P>or</P>
+<PRE>
+ uid=<username>,cn=<mechanism>,cn=auth
+</PRE>
+<P>depending on whether or not <mechanism> employs the concept of "realms". Note also that the realm part will be omitted if the default realm was used in the authentication.</P>
+<P>The <EM>ldapwhoami</EM>(1) command may be used to determine the identity associated with the user. It is very useful for determining proper function of mappings.</P>
+<P>It is not intended that you should add LDAP entries of the above form to your LDAP database. Chances are you have an LDAP entry for each of the persons that will be authenticating to LDAP, laid out in your directory tree, and the tree does not start at cn=auth. But if your site has a clear mapping between the "username" and an LDAP entry for the person, you will be able to configure your LDAP server to automatically map a authentication request DN to the user's <EM>authentication DN</EM>.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>it is not required that the authentication request DN nor the user's authentication DN resulting from the mapping refer to an entry held in the directory. However, additional capabilities become available (see below).
+<HR WIDTH="80%" ALIGN="Left"></P>
+<P>The LDAP administrator will need to tell the slapd server how to map an authentication request DN to a user's authentication DN. This is done by adding one or more <TT>authz-regexp</TT> directives to the <EM>slapd.conf</EM>(5) file. This directive takes two arguments:</P>
+<PRE>
+ authz-regexp <search pattern> <replacement pattern>
+</PRE>
+<P>The authentication request DN is compared to the search pattern using the regular expression functions <EM>regcomp</EM>() and <EM>regexec</EM>(), and if it matches, it is rewritten as the replacement pattern. If there are multiple <TT>authz-regexp</TT> directives, only the first whose search pattern matches the authentication identity is used. The string that is output from the replacement pattern should be the authentication DN of the user or an LDAP URL. If replacement string produces a DN, the entry named by this DN need not be held by this server. If the replace string produces an LDAP URL, that LDAP URL must evaluate to one and only one entry held by this server.</P>
+<P>The search pattern can contain any of the regular expression characters listed in <EM>regexec</EM>(3C). The main characters of note are dot ".", asterisk "*", and the open and close parenthesis "(" and ")". Essentially, the dot matches any character, the asterisk allows zero or more repeats of the immediately preceding character or pattern, and terms in parenthesis are remembered for the replacement pattern.</P>
+<P>The replacement pattern will produce either a DN or URL refering to the user. Anything from the authentication request DN that matched a string in parenthesis in the search pattern is stored in the variable "$1". That variable "$1" can appear in the replacement pattern, and will be replaced by the string from the authentication request DN. If there were multiple sets of parentheses in the search pattern, the variables $2, $3, etc are used.</P>
+<H3><A NAME="Direct Mapping">11.2.5. Direct Mapping</A></H3>
+<P>Where possible, direct mapping of the authentication request DN to the user's DN is generally recommended. Aside from avoiding the expense of searching for the user's DN, it allows mapping to DNs which refer to entries not held by this server.</P>
+<P>Suppose the authentication request DN is written as:</P>
+<PRE>
+ uid=adamson,cn=example.com,cn=gssapi,cn=auth
+</PRE>
+<P>and the user's actual LDAP entry is:</P>
+<PRE>
+ uid=adamson,ou=people,dc=example,dc=com
+</PRE>
+<P>then the following <TT>authz-regexp</TT> directive in <EM>slapd.conf</EM>(5) would provide for direct mapping.</P>
+<PRE>
+ authz-regexp
+ uid=([^,]*),cn=example.com,cn=gssapi,cn=auth
+ uid=$1,ou=people,dc=example,dc=com
+</PRE>
+<P>An even more lenient rule could be written as</P>
+<PRE>
+ authz-regexp
+ uid=([^,]*),cn=[^,]*,cn=auth
+ uid=$1,ou=people,dc=example,dc=com
+</PRE>
+<P>Be careful about setting the search pattern too leniently, however, since it may mistakenly allow persons to become authenticated as a DN to which they should not have access. It is better to write several strict directives than one lenient directive which has security holes. If there is only one authentication mechanism in place at your site, and zero or one realms in use, you might be able to map between authentication identities and LDAP DN's with a single <TT>authz-regexp</TT> directive.</P>
+<P>Don't forget to allow for the case where the realm is omitted as well as the case with an explicitly specified realm. This may well require a separate <TT>authz-regexp</TT> directive for each case, with the explicit-realm entry being listed first.</P>
+<H3><A NAME="Search-based mappings">11.2.6. Search-based mappings</A></H3>
+<P>There are a number of cases where mapping to a LDAP URL may be appropriate. For instance, some sites may have person objects located in multiple areas of the LDAP tree, such as if there were an <TT>ou=accounting</TT> tree and an <TT>ou=engineering</TT> tree, with persons interspersed between them. Or, maybe the desired mapping must be based upon information in the user's information. Consider the need to map the above authentication request DN to user whose entry is as follows:</P>
+<PRE>
+ dn: cn=Mark Adamson,ou=People,dc=Example,dc=COM
+ objectclass: person
+ cn: Mark Adamson
+ uid: adamson
+</PRE>
+<P>The information in the authentication request DN is insufficient to allow the user's DN to be directly derived, instead the user's DN must be searched for. For these situations, a replacement pattern which produces a LDAP URL can be used in the <TT>authz-regexp</TT> directives. This URL will then be used to perform an internal search of the LDAP database to find the person's authentication DN.</P>
+<P>An LDAP URL, similar to other URL's, is of the form</P>
+<PRE>
+ ldap://<host>/<base>?<attrs>?<scope>?<filter>
+</PRE>
+<P>This contains all of the elements necessary to perform an LDAP search: the name of the server <host>, the LDAP DN search base <base>, the LDAP attributes to retrieve <attrs>, the search scope <scope> which is one of the three options "base", "one", or "sub", and lastly an LDAP search filter <filter>. Since the search is for an LDAP DN within the current server, the <host> portion should be empty. The <attrs> field is also ignored since only the DN is of concern. These two elements are left in the format of the URL to maintain the clarity of what information goes where in the string.</P>
+<P>Suppose that the person in the example from above did in fact have an authentication username of "adamson" and that information was kept in the attribute "uid" in their LDAP entry. The <TT>authz-regexp</TT> directive might be written as</P>
+<PRE>
+ authz-regexp
+ uid=([^,]*),cn=example.com,cn=gssapi,cn=auth
+ ldap:///ou=people,dc=example,dc=com??one?(uid=$1)
+</PRE>
+<P>This will initiate an internal search of the LDAP database inside the slapd server. If the search returns exactly one entry, it is accepted as being the DN of the user. If there are more than one entries returned, or if there are zero entries returned, the authentication fails and the user's connection is left bound as the authentication request DN.</P>
+<P>The attributes that are used in the search filter <filter> in the URL should be indexed to allow faster searching. If they are not, the authentication step alone can take uncomfortably long periods, and users may assume the server is down.</P>
+<P>A more complex site might have several realms in use, each mapping to a different subtree in the directory. These can be handled with statements of the form:</P>
+<PRE>
+ # Match Engineering realm
+ authz-regexp
+ uid=([^,]*),cn=engineering.example.com,cn=digest-md5,cn=auth
+ ldap:///dc=eng,dc=example,dc=com??one?(&(uid=$1)(objectClass=person))
+
+ # Match Accounting realm
+ authz-regexp
+ uid=([^,].*),cn=accounting.example.com,cn=digest-md5,cn=auth
+ ldap:///dc=accounting,dc=example,dc=com??one?(&(uid=$1)(objectClass=person))
+
+ # Default realm is customers.example.com
+ authz-regexp
+ uid=([^,]*),cn=digest-md5,cn=auth
+ ldap:///dc=customers,dc=example,dc=com??one?(&(uid=$1)(objectClass=person))
+</PRE>
+<P>Note that the explicitly-named realms are handled first, to avoid the realm name becoming part of the UID. Also note the use of scope and filters to limit matching to desirable entries.</P>
+<P>See <EM>slapd.conf</EM>(5) for more detailed information.</P>
+<H2><A NAME="SASL Proxy Authorization">11.3. SASL Proxy Authorization</A></H2>
+<P>The SASL offers a feature known as <EM>proxy authorization</EM>, which allows an authenticated user to request that they act on the behalf of another user. This step occurs after the user has obtained an authentication DN, and involves sending an authorization identity to the server. The server will then make a decision on whether or not to allow the authorization to occur. If it is allowed, the user's LDAP connection is switched to have a binding DN derived from the authorization identity, and the LDAP session proceeds with the access of the new authorization DN.</P>
+<P>The decision to allow an authorization to proceed depends on the rules and policies of the site where LDAP is running, and thus cannot be made by SASL alone. The SASL library leaves it up to the server to make the decision. The LDAP administrator sets the guidelines of who can authorize to what identity by adding information into the LDAP database entries. By default, the authorization features are disabled, and must be explicitly configured by the LDAP administrator before use.</P>
+<H3><A NAME="Uses of Proxy Authorization">11.3.1. Uses of Proxy Authorization</A></H3>
+<P>This sort of service is useful when one entity needs to act on the behalf of many other users. For example, users may be directed to a web page to make changes to their personal information in their LDAP entry. The users authenticate to the web server to establish their identity, but the web server CGI cannot authenticate to the LDAP server as that user to make changes for them. Instead, the web server authenticates itself to the LDAP server as a service identity, say,</P>
+<PRE>
+ cn=WebUpdate,dc=example,dc=com
+</PRE>
+<P>and then it will SASL authorize to the DN of the user. Once so authorized, the CGI makes changes to the LDAP entry of the user, and as far as the slapd server can tell for its ACLs, it is the user themself on the other end of the connection. The user could have connected to the LDAP server directly and authenticated as themself, but that would require the user to have more knowledge of LDAP clients, knowledge which the web page provides in an easier format.</P>
+<P>Proxy authorization can also be used to limit access to an account that has greater access to the database. Such an account, perhaps even the root DN specified in <EM>slapd.conf</EM>(5), can have a strict list of people who can authorize to that DN. Changes to the LDAP database could then be only allowed by that DN, and in order to become that DN, users must first authenticate as one of the persons on the list. This allows for better auditing of who made changes to the LDAP database. If people were allowed to authenticate directly to the priviliged account, possibly through the <TT>rootpw</TT> <EM>slapd.conf</EM>(5) directive or through a <TT>userPassword</TT> attribute, then auditing becomes more difficult.</P>
+<P>Note that after a successful proxy authorization, the original authentication DN of the LDAP connection is overwritten by the new DN from the authorization request. If a service program is able to authenticate itself as its own authentication DN and then authorize to other DN's, and it is planning on switching to several different identities during one LDAP session, it will need to authenticate itself each time before authorizing to another DN (or use a different proxy authorization mechanism). The slapd server does not keep record of the service program's ability to switch to other DN's. On authentication mechanisms like Kerberos this will not require multiple connections being made to the Kerberos server, since the user's TGT and "ldap" session key are valid for multiple uses for the several hours of the ticket lifetime.</P>
+<H3><A NAME="SASL Authorization Identities">11.3.2. SASL Authorization Identities</A></H3>
+<P>The SASL authorization identity is sent to the LDAP server via the <TT>-X</TT> switch for <EM>ldapsearch</EM>(1) and other tools, or in the <TT>*authzid</TT> parameter to the <EM>lutil_sasl_defaults</EM>() call. The identity can be in one of two forms, either</P>
+<PRE>
+ u:<username>
+</PRE>
+<P>or</P>
+<PRE>
+ dn:<dn>
+</PRE>
+<P>In the first form, the <username> is from the same namespace as the authentication identities above. It is the user's username as it is refered to by the underlying authentication mechanism. Authorization identities of this form are converted into a DN format by the same function that the authentication process used, producing an <EM>authorization request DN</EM> of the form</P>
+<PRE>
+ uid=<username>,cn=<realm>,cn=<mechanism>,cn=auth
+</PRE>
+<P>That authorization request DN is then run through the same <TT>authz-regexp</TT> process to convert it into a legitimate authorization DN from the database. If it cannot be converted due to a failed search from an LDAP URL, the authorization request fails with "inappropriate access". Otherwise, the DN string is now a legitimate authorization DN ready to undergo approval.</P>
+<P>If the authorization identity was provided in the second form, with a <TT>"dn:"</TT> prefix, the string after the prefix is already in authorization DN form, ready to undergo approval.</P>
+<H3><A NAME="Proxy Authorization Rules">11.3.3. Proxy Authorization Rules</A></H3>
+<P>Once slapd has the authorization DN, the actual approval process begins. There are two attributes that the LDAP administrator can put into LDAP entries to allow authorization:</P>
+<PRE>
+ authzTo
+ authzFrom
+</PRE>
+<P>Both can be multivalued. The <TT>authzTo</TT> attribute is a source rule, and it is placed into the entry associated with the authentication DN to tell what authorization DNs the authenticated DN is allowed to assume. The second attribute is a destination rule, and it is placed into the entry associated with the requested authorization DN to tell which authenticated DNs may assume it.</P>
+<P>The choice of which authorization policy attribute to use is up to the administrator. Source rules are checked first in the person's authentication DN entry, and if none of the <TT>authzTo</TT> rules specify the authorization is permitted, the <TT>authzFrom</TT> rules in the authorization DN entry are then checked. If neither case specifies that the request be honored, the request is denied. Since the default behaviour is to deny authorization requests, rules only specify that a request be allowed; there are no negative rules telling what authorizations to deny.</P>
+<P>The value(s) in the two attributes are of the same form as the output of the replacement pattern of a <TT>authz-regexp</TT> directive: either a DN or an LDAP URL. For example, if a <TT>authzTo</TT> value is a DN, that DN is one the authenticated user can authorize to. On the other hand, if the <TT>authzTo</TT> value is an LDAP URL, the URL is used as an internal search of the LDAP database, and the authenticated user can become ANY DN returned by the search. If an LDAP entry looked like:</P>
+<PRE>
+ dn: cn=WebUpdate,dc=example,dc=com
+ authzTo: ldap:///dc=example,dc=com??sub?(objectclass=person)
+</PRE>
+<P>then any user who authenticated as <TT>cn=WebUpdate,dc=example,dc=com</TT> could authorize to any other LDAP entry under the search base <TT>dc=example,dc=com</TT> which has an objectClass of <TT>Person</TT>.</P>
+<H4><A NAME="Notes on Proxy Authorization Rules">11.3.3.1. Notes on Proxy Authorization Rules</A></H4>
+<P>An LDAP URL in a <TT>authzTo</TT> or <TT>authzFrom</TT> attribute will return a set of DNs. Each DN returned will be checked. Searches which return a large set can cause the authorization process to take an uncomfortably long time. Also, searches should be performed on attributes that have been indexed by slapd.</P>
+<P>To help produce more sweeping rules for <TT>authzFrom</TT> and <TT>authzTo</TT>, the values of these attributes are allowed to be DNs with regular expression characters in them. This means a source rule like</P>
+<PRE>
+ authzTo: uid=[^,]*,dc=example,dc=com
+</PRE>
+<P>would allow that authenticated user to authorize to any DN that matches the regular expression pattern given. This regular expression comparison can be evaluated much faster than an LDAP search for <TT>(uid=*)</TT>.</P>
+<P>Also note that the values in an authorization rule must be one of the two forms: an LDAP URL or a DN (with or without regular expression characters). Anything that does not begin with "<TT>ldap://</TT>" is taken as a DN. It is not permissable to enter another authorization identity of the form "<TT>u:<username></TT>" as an authorization rule.</P>
+<H4><A NAME="Policy Configuration">11.3.3.2. Policy Configuration</A></H4>
+<P>The decision of which type of rules to use, <TT>authzFrom</TT> or <TT>authzTo</TT>, will depend on the site's situation. For example, if the set of people who may become a given identity can easily be written as a search filter, then a single destination rule could be written. If the set of people is not easily defined by a search filter, and the set of people is small, it may be better to write a source rule in the entries of each of those people who should be allowed to perform the proxy authorization.</P>
+<P>By default, processing of proxy authorization rules is disabled. The <TT>authz-policy</TT> directive must be set in the <EM>slapd.conf</EM>(5) file to enable authorization. This directive can be set to <TT>none</TT> for no rules (the default), <TT>to</TT> for source rules, <TT>from</TT> for destination rules, or <TT>both</TT> for both source and destination rules.</P>
+<P>Destination rules are extremely powerful. If ordinary users have access to write the <TT>authzTo</TT> attribute in their own entries, then they can write rules that would allow them to authorize as anyone else. As such, when using destination rules, the <TT>authzTo</TT> attribute should be protected with an ACL that only allows privileged users to set its values.</P>
+<P></P>
+<HR>
+<H1><A NAME="Using TLS">12. Using TLS</A></H1>
+<P>OpenLDAP clients and servers are capable of using the <TERM>Transport Layer Security</TERM> (<TERM>TLS</TERM>) framework to provide integrity and confidentiality protections and to support LDAP authentication using the <TERM>SASL</TERM> EXTERNAL mechanism.</P>
+<H2><A NAME="TLS Certificates">12.1. TLS Certificates</A></H2>
+<P>TLS uses <TERM>X.509</TERM> certificates to carry client and server identities. All servers are required to have valid certificates, whereas client certificates are optional. Clients must have a valid certificate in order to authenticate via SASL EXTERNAL. For more information on creating and managing certificates, see the <A HREF="http://www.openssl.org/">OpenSSL</A> documentation.</P>
+<H3><A NAME="Server Certificates">12.1.1. Server Certificates</A></H3>
+<P>The DN of a server certificate must use the CN attribute to name the server, and the <TT>CN</TT> must carry the server's fully qualified domain name. Additional alias names and wildcards may be present in the <TT>subjectAltName</TT> certificate extension. More details on server certificate names are in <A HREF="http://www.rfc-editor.org/rfc/rfc2830.txt">RFC2830</A>.</P>
+<H3><A NAME="Client Certificates">12.1.2. Client Certificates</A></H3>
+<P>The DN of a client certificate can be used directly as an authentication DN. Since X.509 is a part of the <TERM>X.500</TERM> standard and LDAP is also based on X.500, both use the same DN formats and generally the DN in a user's X.509 certificate should be identical to the DN of their LDAP entry. However, sometimes the DNs may not be exactly the same, and so the mapping facility described in <A HREF="#Mapping Authentication identities to LDAP entries">Mapping Authentication identities to LDAP entries</A> can be applied to these DNs as well.</P>
+<H2><A NAME="TLS Configuration">12.2. TLS Configuration</A></H2>
+<P>After obtaining the required certificates, a number of options must be configured on both the client and the server to enable TLS and make use of the certificates. At a minimum, the clients must be configured with the filename containing all of the <TERM>Certificate Authority</TERM> (CA) certificates it will trust. The server must be configured with the <TERM>CA</TERM> certificates and also its own server certificate and private key.</P>
+<P>Typically a single CA will have issued the server certificate and all of the trusted client certificates, so the server only needs to trust that one signing CA. However, a client may wish to connect to a variety of secure servers managed by different organizations, with server certificates generated by many different CAs. As such, a client is likely to need a list of many different trusted CAs in its configuration.</P>
+<H3><A NAME="Server Configuration">12.2.1. Server Configuration</A></H3>
+<P>The configuration directives for slapd belong in the global directives section of <EM>slapd.conf</EM>(5).</P>
+<H4><A NAME="TLSCACertificateFile <filename>">12.2.1.1. TLSCACertificateFile <filename></A></H4>
+<P>This directive specifies the <TERM>PEM</TERM>-format file containing certificates for the CA's that slapd will trust. The certificate for the CA that signed the server certificate must be included among these certificates. If the signing CA was not a top-level (root) CA, certificates for the entire sequence of CA's from the signing CA to the top-level CA should be present. Multiple certificates are simply appended to the file; the order is not significant.</P>
+<H4><A NAME="TLSCACertificatePath <path>">12.2.1.2. TLSCACertificatePath <path></A></H4>
+<P>This directive specifies the path of a directory that contains individual <TERM>CA</TERM> certificates in separate files. In addition, this directory must be specially managed using the OpenSSL <EM>c_rehash</EM> utility. When using this feature, the OpenSSL library will attempt to locate certificate files based on a hash of their name and serial number. The <EM>c_rehash</EM> utility is used to generate symbolic links with the hashed names that point to the actual certificate files. As such, this option can only be used with a filesystem that actually supports symbolic links. In general, it is simpler to use the <TT>TLSCACertificateFile</TT> directive instead.</P>
+<H4><A NAME="TLSCertificateFile <filename>">12.2.1.3. TLSCertificateFile <filename></A></H4>
+<P>This directive specifies the file that contains the slapd server certificate. Certificates are generally public information and require no special protection.</P>
+<H4><A NAME="TLSCertificateKeyFile <filename>">12.2.1.4. TLSCertificateKeyFile <filename></A></H4>
+<P>This directive specifies the file that contains the private key that matches the certificate stored in the <TT>TLSCertificateFile</TT> file. Private keys themselves are sensitive data and are usually password encrypted for protection. However, the current implementation doesn't support encrypted keys so the key must not be encrypted and the file itself must be protected carefully.</P>
+<H4><A NAME="TLSCipherSuite <cipher-suite-spec>">12.2.1.5. TLSCipherSuite <cipher-suite-spec></A></H4>
+<P>This directive configures what ciphers will be accepted and the preference order. <TT><cipher-suite-spec></TT> should be a cipher specification for OpenSSL. You can use the command</P>
+<PRE>
+ openssl ciphers -v ALL
+</PRE>
+<P>to obtain a verbose list of available cipher specifications. Besides the individual cipher names, the specifiers <TT>HIGH</TT>, <TT>MEDIUM</TT>, <TT>LOW</TT>, <TT>EXPORT</TT>, and <TT>EXPORT40</TT> may be helpful, along with <TT>TLSv1</TT>, <TT>SSLv3</TT>, and <TT>SSLv2</TT>.</P>
+<H4><A NAME="TLSRandFile <filename>">12.2.1.6. TLSRandFile <filename></A></H4>
+<P>This directive specifies the file to obtain random bits from when <TT>/dev/urandom</TT> is not available. If the system provides <TT>/dev/urandom</TT> then this option is not needed, otherwise a source of random data must be configured. Some systems (e.g. Linux) provide <TT>/dev/urandom</TT> by default, while others (e.g. Solaris) require the installation of a patch to provide it, and others may not support it at all. In the latter case, EGD or PRNGD should be installed, and this directive should specify the name of the EGD/PRNGD socket. The environment variable <TT>RANDFILE</TT> can also be used to specify the filename. Also, in the absence of these options, the <TT>.rnd</TT> file in the slapd user's home directory may be used if it exists. To use the <TT>.rnd</TT> file, just create the file and copy a few hundred bytes of arbitrary data into the file. The file is only used to provide a seed for the pseudo-random number generator, and it doesn't need very much data to work.</P>
+<H4><A NAME="TLSEphemeralDHParamFile <filename>">12.2.1.7. TLSEphemeralDHParamFile <filename></A></H4>
+<P>This directive specifies the file that contains parameters for Diffie-Hellman ephemeral key exchange. This is required in order to use a DSA certificate on the server side (i.e. <TT>TLSCertificateKeyFile</TT> points to a DSA key). Multiple sets of parameters can be included in the file; all of them will be processed. Parameters can be generated using the following command</P>
+<PRE>
+ openssl dhparam [-dsaparam] -out <filename> <numbits>
+</PRE>
+<H4><A NAME="TLSVerifyClient { never | allow | try | demand }">12.2.1.8. TLSVerifyClient { never | allow | try | demand }</A></H4>
+<P>This directive specifies what checks to perform on client certificates in an incoming TLS session, if any. This option is set to <TT>never</TT> by default, in which case the server never asks the client for a certificate. With a setting of <TT>allow</TT> the server will ask for a client certificate; if none is provided the session proceeds normally. If a certificate is provided but the server is unable to verify it, the certificate is ignored and the session proceeds normally, as if no certificate had been provided. With a setting of <TT>try</TT> the certificate is requested, and if none is provided, the session proceeds normally. If a certificate is provided and it cannot be verified, the session is immediately terminated. With a setting of <TT>demand</TT> the certificate is requested and a valid certificate must be provided, otherwise the session is immediately terminated.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>The server must request a client certificate in order to use the SASL EXTERNAL authentication mechanism with a TLS session. As such, a non-default <TT>TLSVerifyClient</TT> setting must be configured before SASL EXTERNAL authentication may be attempted, and the SASL EXTERNAL mechanism will only be offered to the client if a valid client certificate was received.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H3><A NAME="Client Configuration">12.2.2. Client Configuration</A></H3>
+<P>Most of the client configuration directives parallel the server directives. The names of the directives are different, and they go into <EM>ldap.conf</EM>(5) instead of <EM>slapd.conf</EM>(5), but their functionality is mostly the same. Also, while most of these options may be configured on a system-wide basis, they may all be overridden by individual users in their <EM>.ldaprc</EM> files.</P>
+<P>The LDAP Start TLS operation is used in LDAP to initiate TLS negotatation. All OpenLDAP command line tools support a <E>-Z</E> and <E>-ZZ</E> flag to indicate whether a Start TLS operation is to be issued. The latter flag indicates that the tool is to cease processing if TLS cannot be started while the former allows the command to continue.</P>
+<P>In LDAPv2 environments, TLS is normally started using the LDAP Secure URI scheme (<TT>ldaps://</TT>) instead of the normal LDAP URI scheme (<TT>ldap://</TT>). OpenLDAP command line tools allow either scheme to used with the <TT>-U</TT> flag and with the <TT>URI</TT> <EM>ldap.conf</EM>(5) option.</P>
+<H4><A NAME="TLS_CACERT <filename>">12.2.2.1. TLS_CACERT <filename></A></H4>
+<P>This is equivalent to the server's <TT>TLSCACertificateFile</TT> option. As noted in the <A HREF="#TLS Configuration">TLS Configuration</A> section, a client typically may need to know about more CAs than a server, but otherwise the same considerations apply.</P>
+<H4><A NAME="TLS_CACERTDIR <path>">12.2.2.2. TLS_CACERTDIR <path></A></H4>
+<P>This is equivalent to the server's <TT>TLSCACertificatePath</TT> option. The specified directory must be managed with the OpenSSL <EM>c_rehash</EM> utility as well.</P>
+<H4><A NAME="TLS_CERT <filename>">12.2.2.3. TLS_CERT <filename></A></H4>
+<P>This directive specifies the file that contains the client certificate. This is a user-only directive and can only be specified in a user's <EM>.ldaprc</EM> file.</P>
+<H4><A NAME="TLS_KEY <filename>">12.2.2.4. TLS_KEY <filename></A></H4>
+<P>This directive specifies the file that contains the private key that matches the certificate stored in the <TT>TLS_CERT</TT> file. The same constraints mentioned for <TT>TLSCertificateKeyFile</TT> apply here. This is also a user-only directive.</P>
+<H4><A NAME="TLS_RANDFILE <filename>">12.2.2.5. TLS_RANDFILE <filename></A></H4>
+<P>This directive is the same as the server's <TT>TLSRandFile</TT> option.</P>
+<H4><A NAME="TLS_REQCERT { never | allow | try | demand }">12.2.2.6. TLS_REQCERT { never | allow | try | demand }</A></H4>
+<P>This directive is equivalent to the server's <TT>TLSVerifyClient</TT> option. However, for clients the default value is <TT>demand</TT> and there generally is no good reason to change this setting.</P>
+<P></P>
+<HR>
+<H1><A NAME="Constructing a Distributed Directory Service">13. Constructing a Distributed Directory Service</A></H1>
+<P>For many sites, running one or more <EM>slapd</EM>(8) that hold an entire subtree of data is sufficient. But often it is desirable to have one <EM>slapd</EM> refer to other directory services for a certain part of the tree (which may or may not be running <EM>slapd</EM>).</P>
+<P><EM>slapd</EM> supports <EM>subordinate</EM> and <EM>superior</EM> knowledge information. Subordinate knowledge information is held in <TT>referral</TT> objects (<A HREF="http://www.rfc-editor.org/rfc/rfc3296.txt">RFC3296</A>).</P>
+<H2><A NAME="Subordinate Knowledge Information">13.1. Subordinate Knowledge Information</A></H2>
+<P>Subordinate knowledge information may be provided to delegate a subtree. Subordinate knowledge information is maintained in the directory as a special <EM>referral</EM> object at the delegate point. The referral object acts as a delegation point, gluing two services together. This mechanism allows for hierarchical directory services to be constructed.</P>
+<P>A referral object has a structural object class of <TT>referral</TT> and has the same <TERM>Distinguished Name</TERM> as the delegated subtree. Generally, the referral object will also provide the auxiliary object class <TT>extensibleObject</TT>. This allows the entry to contain appropriate <TERM>Relative Distinguished Name</TERM> values. This is best demonstrated by example.</P>
+<P>If the server <TT>a.example.net</TT> holds <TT>dc=example,dc=net</TT> and wished to delegate the subtree <TT>ou=subtree,dc=example,dc=net</TT> to another server <TT>b.example.net</TT>, the following named referral object would be added to <TT>a.example.net</TT>:</P>
+<PRE>
+ dn: dc=subtree,dc=example,dc=net
+ objectClass: referral
+ objectClass: extensibleObject
+ dc: subtree
+ ref: ldap://b.example.net/dc=subtree,dc=example,dc=net
+</PRE>
+<P>The server uses this information to generate referrals and search continuations to subordinate servers.</P>
+<P>For those familiar with X.500, a <EM>named referral</EM> object is similar to an X.500 knowledge reference held in a <EM>subr</EM> <TERM>DSE</TERM>.</P>
+<H2><A NAME="Superior Knowledge Information">13.2. Superior Knowledge Information</A></H2>
+<P>Superior knowledge information may be specified using the <TT>referral</TT> directive. The value is a list of <TERM>URI</TERM>s referring to superior directory services. For servers without immediate superiors, such as for <TT>a.example.net</TT> in the example above, the server can be configured to use a directory service with <EM>global knowledge</EM>, such as the <EM>OpenLDAP Root Service</EM> (<A HREF="http://www.openldap.org/faq/index.cgi?file=393">http://www.openldap.org/faq/index.cgi?file=393</A>).</P>
+<PRE>
+ referral ldap://root.openldap.org/
+</PRE>
+<P>However, as <TT>a.example.net</TT> is the <EM>immediate superior</EM> to <TT>b.example.net</TT>, <EM>b.example.net</EM> would be configured as follows:</P>
+<PRE>
+ referral ldap://a.example.net/
+</PRE>
+<P>The server uses this information to generate referrals for operations acting upon entries not within or subordinate to any of the naming contexts held by the server.</P>
+<P>For those familiar with X.500, this use of the <TT>ref</TT> attribute is similar to an X.500 knowledge reference held in a <EM>Supr</EM> <TERM>DSE</TERM>.</P>
+<H2><A NAME="The ManageDsaIT Control">13.3. The ManageDsaIT Control</A></H2>
+<P>Adding, modifying, and deleting referral objects is generally done using <EM>ldapmodify</EM>(1) or similar tools which support the ManageDsaIT control. The ManageDsaIT control informs the server that you intend to manage the referral object as a regular entry. This keeps the server from sending a referral result for requests which interrogate or update referral objects.</P>
+<P>The ManageDsaIT control should not be specified when managing regular entries.</P>
+<P>The <TT>-M</TT> option of <EM>ldapmodify</EM>(1) (and other tools) enables ManageDsaIT. For example:</P>
+<PRE>
+ ldapmodify -M -f referral.ldif -x -D "cn=Manager,dc=example,dc=net" -W
+</PRE>
+<P>or with <EM>ldapsearch</EM>(1):</P>
+<PRE>
+ ldapsearch -M -b "dc=example,dc=net" -x "(objectclass=referral)" '*' ref
+</PRE>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>the <TT>ref</TT> attribute is operational and must be explicitly requested when desired in search results.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<P></P>
+<HR>
+<H1><A NAME="Replication with slurpd">14. Replication with slurpd</A></H1>
+<P>In certain configurations, a single <EM>slapd</EM>(8) instance may be insufficient to handle the number of clients requiring directory service via LDAP. It may become necessary to run more than one slapd instance. At many sites, for instance, there are multiple slapd servers: one master and one or more slaves. <TERM>DNS</TERM> can be setup such that a lookup of <TT>ldap.example.com</TT> returns the <TERM>IP</TERM> addresses of these servers, distributing the load among them (or just the slaves). This master/slave arrangement provides a simple and effective way to increase capacity, availability and reliability.</P>
+<P><EM>slurpd</EM>(8) provides the capability for a master slapd to propagate changes to slave slapd instances, implementing the master/slave replication scheme described above. slurpd runs on the same host as the master slapd instance.</P>
+<H2><A NAME="Overview">14.1. Overview</A></H2>
+<P><EM>slurpd</EM>(8) provides replication services "in band". That is, it uses the LDAP protocol to update a slave database from the master. Perhaps the easiest way to illustrate this is with an example. In this example, we trace the propagation of an LDAP modify operation from its initiation by the LDAP client to its distribution to the slave slapd instance.</P>
+<P><B>Sample replication scenario:</B></P>
+<OL>
+<LI>The LDAP client submits an LDAP modify operation to the slave slapd.
+<LI>The slave slapd returns a referral to the LDAP client referring the client to the master slapd.
+<LI>The LDAP client submits the LDAP modify operation to the master slapd.
+<LI>The master slapd performs the modify operation, writes out the change to its replication log file and returns a success code to the client.
+<LI>The slurpd process notices that a new entry has been appended to the replication log file, reads the replication log entry, and sends the change to the slave slapd via LDAP.
+<LI>The slave slapd performs the modify operation and returns a success code to the slurpd process.</OL>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG><EM>ldapmodify</EM>(1) and other clients distributed as part of OpenLDAP Software do not support automatic referral chasing (for security reasons).
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H2><A NAME="Replication Logs">14.2. Replication Logs</A></H2>
+<P>When slapd is configured to generate a replication logfile, it writes out a file containing <TERM>LDIF</TERM> change records. The replication log gives the replication site(s), a timestamp, the DN of the entry being modified, and a series of lines which specify the changes to make. In the example below, Barbara (<TT>uid=bjensen</TT>) has replaced the <TT>description</TT> value. The change is to be propagated to the slapd instance running on <TT>slave.example.net</TT> Changes to various operational attributes, such as <TT>modifiersName</TT> and <TT>modifyTimestamp</TT>, are included in the change record and will be propagated to the slave slapd.</P>
+<PRE>
+ replica: slave.example.com:389
+ time: 809618633
+ dn: uid=bjensen,dc=example,dc=com
+ changetype: modify
+ replace: multiLineDescription
+ description: A dreamer...
+ -
+ replace: modifiersName
+ modifiersName: uid=bjensen,dc=example,dc=com
+ -
+ replace: modifyTimestamp
+ modifyTimestamp: 20000805073308Z
+ -
+</PRE>
+<P>The modifications to <TT>modifiersName</TT> and <TT>modifyTimestamp</TT> operational attributes were added by the master <EM>slapd</EM>.</P>
+<H2><A NAME="Command-Line Options">14.3. Command-Line Options</A></H2>
+<P>This section details commonly used <EM>slurpd</EM>(8) command-line options.</P>
+<PRE>
+ -d <level> | ?
+</PRE>
+<P>This option sets the slurpd debug level to <TT> <level></TT>. When level is a `?' character, the various debugging levels are printed and slurpd exits, regardless of any other options you give it. Current debugging levels (a subset of slapd's debugging levels) are</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 13.1: Debugging Levels</CAPTION>
+<TR CLASS="heading">
+<TD ALIGN='Right'>
+<STRONG>Level</STRONG>
+</TD>
+<TD ALIGN='Left'>
+<STRONG>Description</STRONG>
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+4
+</TD>
+<TD ALIGN='Left'>
+heavy trace debugging
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+64
+</TD>
+<TD ALIGN='Left'>
+configuration file processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+65535
+</TD>
+<TD ALIGN='Left'>
+enable all debugging
+</TD>
+</TR>
+</TABLE>
+
+<P>Debugging levels are additive. That is, if you want heavy trace debugging and want to watch the config file being processed, you would set level to the sum of those two levels (in this case, 68).</P>
+<PRE>
+ -f <filename>
+</PRE>
+<P>This option specifies an alternate slapd configuration file. Slurpd does not have its own configuration file. Instead, all configuration information is read from the slapd configuration file.</P>
+<PRE>
+ -r <filename>
+</PRE>
+<P>This option specifies an alternate slapd replication log file. Under normal circumstances, slurpd reads the name of the slapd replication log file from the slapd configuration file. However, you can override this with the -r flag, to cause slurpd to process a different replication log file. See the <A HREF="#Advanced slurpd Operation">Advanced slurpd Operation</A> section for a discussion of how you might use this option.</P>
+<PRE>
+ -o
+</PRE>
+<P>Operate in "one-shot" mode. Under normal circumstances, when slurpd finishes processing a replication log, it remains active and periodically checks to see if new entries have been added to the replication log. In one-shot mode, by comparison, slurpd processes a replication log and exits immediately. If the -o option is given, the replication log file must be explicitly specified with the -r option. See the <A HREF="#One-shot mode and reject files">One-shot mode and reject files</A> section for a discussion of this mode.</P>
+<PRE>
+ -t <directory>
+</PRE>
+<P>Specify an alternate directory for slurpd's temporary copies of replication logs. The default location is <TT>/usr/tmp</TT>.</P>
+<H2><A NAME="Configuring slurpd and a slave slapd instance">14.4. Configuring slurpd and a slave slapd instance</A></H2>
+<P>To bring up a replica slapd instance, you must configure the master and slave slapd instances for replication, then shut down the master slapd so you can copy the database. Finally, you bring up the master slapd instance, the slave slapd instance, and the slurpd instance. These steps are detailed in the following sections. You can set up as many slave slapd instances as you wish.</P>
+<H3><A NAME="Set up the master {{slapd}}">14.4.1. Set up the master <EM>slapd</EM></A></H3>
+<P>The following section assumes you have a properly working <EM>slapd</EM>(8) instance. To configure your working <EM>slapd</EM>(8) server as a replication master, you need to make the following changes to your <EM>slapd.conf</EM>(5).</P>
+<OL>
+<LI>Add a <TT>replica</TT> directive for each replica. The <TT>binddn=</TT> parameter should match the <TT>updatedn</TT> option in the corresponding slave slapd configuration file, and should name an entry with write permission to the slave database (e.g., an entry allowed access via <TT>access</TT> directives in the slave slapd configuration file). This DN generally <EM>should not</EM> be the same as the master's <TT>rootdn</TT>.
+<LI>Add a <TT>replogfile</TT> directive, which tells slapd where to log changes. This file will be read by slurpd.</OL>
+<H3><A NAME="Set up the slave {{slapd}}">14.4.2. Set up the slave <EM>slapd</EM></A></H3>
+<P>Install the slapd software on the host which is to be the slave slapd server. The configuration of the slave server should be identical to that of the master, with the following exceptions:</P>
+<OL>
+<LI>Do not include a <TT>replica</TT> directive. While it is possible to create "chains" of replicas, in most cases this is inappropriate.
+<LI>Do not include a <TT>replogfile</TT> directive.
+<LI>Do include an <TT>updatedn</TT> line. The DN given should match the DN given in the <TT>binddn=</TT> parameter of the corresponding <TT>replica=</TT> directive in the master slapd config file. The <TT>updatedn</TT> generally <EM>should not</EM> be the same as the <TT>rootdn</TT> of the master database.
+<LI>Make sure the DN given in the <TT>updatedn</TT> directive has permission to write the database (e.g., it is is allowed <TT>access</TT> by one or more access directives).
+<LI>Use the <TT>updateref</TT> directive to define the URL the slave should return if an update request is received.</OL>
+<H3><A NAME="Shut down the master server">14.4.3. Shut down the master server</A></H3>
+<P>In order to ensure that the slave starts with an exact copy of the master's data, you must shut down the master slapd. Do this by sending the master slapd process an interrupt signal with <TT>kill -INT <pid></TT>, where <TT><pid></TT> is the process-id of the master slapd process.</P>
+<P>If you like, you may restart the master slapd in read-only mode while you are replicating the database. During this time, the master slapd will return an "unwilling to perform" error to clients that attempt to modify data.</P>
+<H3><A NAME="Copy the master slapd\'s database to the slave">14.4.4. Copy the master slapd's database to the slave</A></H3>
+<P>Copy the master's database(s) to the slave. For an <TERM>BDB</TERM> and <TERM>LDBM</TERM> databases, you must copy all database files located in the database <TT>directory</TT> specified in <EM>slapd.conf</EM>(5). In general, you should copy each file found in the database <TT> directory</TT> unless you know it is not used by <EM>slapd</EM>(8).</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>This copy process assumes homogeneous servers with identically configured OpenLDAP installations. Alternatively, you may use <EM>slapcat</EM> to output the master's database in LDIF format and use the LDIF with <EM>slapadd</EM> to populate the slave. Using LDIF avoids any potential incompatibilities due to differing server architectures or software configurations. See the <A HREF="#Database Creation and Maintenance Tools">Database Creation and Maintenance Tools</A> chapter for details on these tools.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H3><A NAME="Configure the master slapd for replication">14.4.5. Configure the master slapd for replication</A></H3>
+<P>To configure slapd to generate a replication logfile, you add a "<TT> replica</TT>" configuration option to the master slapd's config file. For example, if we wish to propagate changes to the slapd instance running on host <TT>slave.example.com</TT>:</P>
+<PRE>
+ replica uri=ldap://slave.example.com:389
+ binddn="cn=Replicator,dc=example,dc=com"
+ bindmethod=simple credentials=secret
+</PRE>
+<P>In this example, changes will be sent to port 389 (the standard LDAP port) on host slave.example.com. The slurpd process will bind to the slave slapd as "<TT>cn=Replicator,dc=example,dc=com</TT>" using simple authentication with password "<TT>secret</TT>".</P>
+<P>If we wish to perform the same replication using ldaps on port 636:</P>
+<PRE>
+ replica uri=ldaps://slave.example.com:636
+ binddn="cn=Replicator,dc=example,dc=com"
+ bindmethod=simple credentials=secret
+</PRE>
+<P>The host option is deprecated in favor of uri, but the following replica configuration is still supported:</P>
+<PRE>
+ replica host=slave.example.com:389
+ binddn="cn=Replicator,dc=example,dc=com"
+ bindmethod=simple credentials=secret
+</PRE>
+<P>Note that the DN given by the <TT>binddn=</TT> directive must exist in the slave slapd's database (or be the rootdn specified in the slapd config file) in order for the bind operation to succeed. The DN should also be listed as the <TT>updatedn</TT> for the database in the slave's slapd.conf(5). It is generally recommended that this DN be different than the <TT>rootdn</TT> of the master database.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>The use of strong authentication and transport security is highly recommended.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H3><A NAME="Restart the master slapd and start the slave slapd">14.4.6. Restart the master slapd and start the slave slapd</A></H3>
+<P>Restart the master slapd process. To check that it is generating replication logs, perform a modification of any entry in the database, and check that data has been written to the log file.</P>
+<H3><A NAME="Start slurpd">14.4.7. Start slurpd</A></H3>
+<P>Start the slurpd process. Slurpd should immediately send the test modification you made to the slave slapd. Watch the slave slapd's logfile to be sure that the modification was sent.</P>
+<PRE>
+ slurpd -f <masterslapdconfigfile>
+</PRE>
+<H2><A NAME="Advanced slurpd Operation">14.5. Advanced slurpd Operation</A></H2>
+<H3><A NAME="Replication errors">14.5.1. Replication errors</A></H3>
+<P>When slurpd propagates a change to a slave slapd and receives an error return code, it writes the reason for the error and the replication record to a reject file. The reject file is located in the same directory as the per-replica replication logfile, and has the same name, but with the string "<TT>.rej</TT>" appended. For example, for a replica running on host <TT>slave.example.com</TT>, port 389, the reject file, if it exists, will be named</P>
+<PRE>
+ /usr/local/var/openldap/replog.slave.example.com:389.rej
+</PRE>
+<P>A sample rejection log entry follows:</P>
+<PRE>
+ ERROR: No such attribute
+ replica: slave.example.com:389
+ time: 809618633
+ dn: uid=bjensen,dc=example,dc=com
+ changetype: modify
+ replace: description
+ description: A dreamer...
+ -
+ replace: modifiersName
+ modifiersName: uid=bjensen,dc=example,dc=com
+ -
+ replace: modifyTimestamp
+ modifyTimestamp: 20000805073308Z
+ -
+</PRE>
+<P>Note that this is precisely the same format as the original replication log entry, but with an <TT>ERROR</TT> line prepended to the entry.</P>
+<H3><A NAME="One-shot mode and reject files">14.5.2. One-shot mode and reject files</A></H3>
+<P>It is possible to use slurpd to process a rejection log with its "one-shot mode." In normal operation, slurpd watches for more replication records to be appended to the replication log file. In one-shot mode, by contrast, slurpd processes a single log file and exits. Slurpd ignores <TT>ERROR</TT> lines at the beginning of replication log entries, so it's not necessary to edit them out before feeding it the rejection log.</P>
+<P>To use one-shot mode, specify the name of the rejection log on the command line as the argument to the -r flag, and specify one-shot mode with the -o flag. For example, to process the rejection log file <TT>/usr/local/var/openldap/replog.slave.example.com:389</TT> and exit, use the command</P>
+<PRE>
+ slurpd -r /usr/tmp/replog.slave.example.com:389 -o
+</PRE>
+<P></P>
+<HR>
+<H1><A NAME="LDAP Sync Replication">15. LDAP Sync Replication</A></H1>
+<P>The LDAP Sync replication engine, syncrepl for short, is a consumer-side replication engine that enables the consumer LDAP server to maintain a shadow copy of a DIT fragment. A syncrepl engine resides at the consumer-side as one of the <EM>slapd</EM> (8) threads. It creates and maintains a consumer replica by connecting to the replication provider to perform the initial DIT content load followed either by periodic content polling or by timely updates upon content changes.</P>
+<P>Syncrepl uses the LDAP Content Synchronization (or LDAP Sync for short) protocol as the replica synchronization protocol. It provides a stateful replication which supports both pull-based and push-based synchronization and does not mandate the use of a history store.</P>
+<P>Syncrepl keeps track of the status of the replication content by maintaining and exchanging synchronization cookies. Because the syncrepl consumer and provider maintain their content status, the consumer can poll the provider content to perform incremental synchronization by asking for the entries required to make the consumer replica up-to-date with the provider content. Syncrepl also enables convenient management of replicas by maintaining replica status. The consumer replica can be constructed from a consumer-side or a provider-side backup at any synchronization status. Syncrepl can automatically resynchronize the consumer replica up-to-date with the current provider content.</P>
+<P>Syncrepl supports both pull-based and push-based synchronization. In its basic refreshOnly synchronization mode, the provider uses pull-based synchronization where the consumer servers need not be tracked and no history information is maintained. The information required for the provider to process periodic polling requests is contained in the synchronization cookie of the request itself. To optimize the pull-based synchronization, syncrepl utilizes the present phase of the LDAP Sync protocol as well as its delete phase, instead of falling back on frequent full reloads. To further optimize the pull-based synchronization, the provider can maintain a per-scope session log as a history store. In its refreshAndPersist mode of synchronization, the provider uses a push-based synchronization. The provider keeps track of the consumer servers that have requested a persistent search and sends them necessary updates as the provider replication content gets modified.</P>
+<P>With syncrepl, a consumer server can create a replica without changing the provider's configurations and without restarting the provider server, if the consumer server has appropriate access privileges for the DIT fragment to be replicated. The consumer server can stop the replication also without the need for provider-side changes and restart.</P>
+<P>Syncrepl supports both partial and sparse replications. The shadow DIT fragment is defined by a general search criteria consisting of base, scope, filter, and attribute list. The replica content is also subject to the access privileges of the bind identity of the syncrepl replication connection.</P>
+<H2><A NAME="The LDAP Content Synchronization Protocol">15.1. The LDAP Content Synchronization Protocol</A></H2>
+<P>The LDAP Sync protocol allows a client to maintain a synchronized copy of a DIT fragment. The LDAP Sync operation is defined as a set of controls and other protocol elements which extend the LDAP search operation. This section introduces the LDAP Content Sync protocol only briefly. For more information, refer to the Internet Draft <EM>The LDAP Content Synchronization Operation <draft-zeilenga-ldup-sync-05.txt></EM>.</P>
+<P>The LDAP Sync protocol supports both polling and listening for changes by defining two respective synchronization operations: <EM>refreshOnly</EM> and <EM>refreshAndPersist</EM>. Polling is implemented by the <EM>refreshOnly</EM> operation. The client copy is synchronized to the server copy at the time of polling. The server finishes the search operation by returning <EM>SearchResultDone</EM> at the end of the search operation as in the normal search. The listening is implemented by the <EM>refreshAndPersist</EM> operation. Instead of finishing the search after returning all entries currently matching the search criteria, the synchronization search remains persistent in the server. Subsequent updates to the synchronization content in the server cause additional entry updates to be sent to the client.</P>
+<P>The <EM>refreshOnly</EM> operation and the refresh stage of the <EM>refreshAndPersist</EM> operation can be performed with a present phase or a delete phase.</P>
+<P>In the present phase, the server sends the client the entries updated within the search scope since the last synchronization. The server sends all requested attributes, be it changed or not, of the updated entries. For each unchanged entry which remains in the scope, the server sends a present message consisting only of the name of the entry and the synchronization control representing state present. The present message does not contain any attributes of the entry. After the client receives all update and present entries, it can reliably determine the new client copy by adding the entries added to the server, by replacing the entries modified at the server, and by deleting entries in the client copy which have not been updated nor specified as being present at the server.</P>
+<P>The transmission of the updated entries in the delete phase is the same as in the present phase. The server sends all the requested attributes of the entries updated within the search scope since the last synchronization to the client. In the delete phase, however, the server sends a delete message for each entry deleted from the search scope, instead of sending present messages. The delete message consists only of the name of the entry and the synchronization control representing state delete. The new client copy can be determined by adding, modifying, and removing entries according to the synchronization control attached to the <EM>SearchResultEntry</EM> message.</P>
+<P>In the case that the LDAP Sync server maintains a history store and can determine which entries are scoped out of the client copy since the last synchronization time, the server can use the delete phase. If the server does not maintain any history store, cannot determine the scoped-out entries from the history store, or the history store does not cover the outdated synchronization state of the client, the server should use the present phase. The use of the present phase is much more efficient than a full content reload in terms of the synchronization traffic. To reduce the synchronization traffic further, the LDAP Sync protocol also provides several optimizations such as the transmission of the normalized <TT>entryUUID</TT>s and the transmission of multiple <TT>entryUUIDs</TT> in a single <EM>syncIdSet</EM> message.</P>
+<P>At the end of the <EM>refreshOnly</EM> synchronization, the server sends a synchronization cookie to the client as a state indicator of the client copy after the synchronization is completed. The client will present the received cookie when it requests the next incremental synchronization to the server.</P>
+<P>When <EM>refreshAndPersist</EM> synchronization is used, the server sends a synchronization cookie at the end of the refresh stage by sending a Sync Info message with TRUE refreshDone. It also sends a synchronization cookie by attaching it to <EM>SearchResultEntry</EM> generated in the persist stage of the synchronization search. During the persist stage, the server can also send a Sync Info message containing the synchronization cookie at any time the server wants to update the client-side state indicator. The server also updates a synchronization indicator of the client at the end of the persist stage.</P>
+<P>In the LDAP Sync protocol, entries are uniquely identified by the <TT>entryUUID</TT> attribute value. It can function as a reliable identifier of the entry. The DN of the entry, on the other hand, can be changed over time and hence cannot be considered as the reliable identifier. The <TT>entryUUID</TT> is attached to each <EM>SearchResultEntry</EM> or <EM>SearchResultReference</EM> as a part of the synchronization control.</P>
+<H2><A NAME="Syncrepl Details">15.2. Syncrepl Details</A></H2>
+<P>The syncrepl engine utilizes both the <EM>refreshOnly</EM> and the <EM>refreshAndPersist</EM> operations of the LDAP Sync protocol. If a syncrepl specification is included in a database definition, <EM>slapd</EM> (8) launches a syncrepl engine as a <EM>slapd</EM> (8) thread and schedules its execution. If the <EM>refreshOnly</EM> operation is specified, the syncrepl engine will be rescheduled at the interval time after a synchronization operation is completed. If the <EM>refreshAndPersist</EM> operation is specified, the engine will remain active and process the persistent synchronization messages from the provider.</P>
+<P>The syncrepl engine utilizes both the present phase and the delete phase of the refresh synchronization. It is possible to configure a per-scope session log in the provider server which stores the <TT>entryUUID</TT>s of a finite number of entries deleted from a replication content. Multiple replicas of single provider content share the same per-scope session log. The syncrepl engine uses the delete phase if the session log is present and the state of the consumer server is recent enough that no session log entries are truncated after the last synchronization of the client. The syncrepl engine uses the present phase if no session log is configured for the replication content or if the consumer replica is too outdated to be covered by the session log. The current design of the session log store is memory based, so the information contained in the session log is not persistent over multiple provider invocations. It is not currently supported to access the session log store by using LDAP operations. It is also not currently supported to impose access control to the session log.</P>
+<P>As a further optimization, even in the case the synchronization search is not associated with any session log, no entries will be transmitted to the consumer server when there has been no update in the replication context.</P>
+<P>The syncrepl engine, which is a consumer-side replication engine, can work with any backends. The LDAP Sync provider can be configured as an overlay on any backend, but works best with the <EM>back-bdb</EM> or <EM>back-hdb</EM> backend. The provider can not support refreshAndPersist mode on <EM>back-ldbm</EM> due to limits in that backend's locking architecture.</P>
+<P>The LDAP Sync provider maintains a <TT>contextCSN</TT> for each database as the current synchronization state indicator of the provider content. It is the largest <TT>entryCSN</TT> in the provider context such that no transactions for an entry having smaller <TT>entryCSN</TT> value remains outstanding. The <TT>contextCSN</TT> could not just be set to the largest issued <TT>entryCSN</TT> because <TT>entryCSN</TT> is obtained before a transaction starts and transactions are not committed in the issue order.</P>
+<P>The provider stores the <TT>contextCSN</TT> of a context in the <TT>contextCSN</TT> attribute of the context suffix entry. The attribute is not written to the database after every update operation though; instead it is maintained primarily in memory. At database start time the provider reads the last saved <TT>contextCSN</TT> into memory and uses the in-memory copy exclusively thereafter. By default, changes to the <TT>contextCSN</TT> as a result of database updates will not be written to the database until the server is cleanly shut down. A checkpoint facility exists to cause the contextCSN to be written out more frequently if desired.</P>
+<P>Note that at startup time, if the provider is unable to read a <TT>contextCSN</TT> from the suffix entry, it will scan the entire database to determine the value, and this scan may take quite a long time on a large database. When a <TT>contextCSN</TT> value is read, the database will still be scanned for any <TT>entryCSN</TT> values greater than it, to make sure the <TT>contextCSN</TT> value truly reflects the greatest committed <TT>entryCSN</TT> in the database. On databases which support inequality indexing, setting an eq index on the <TT>entryCSN</TT> attribute and configuring <EM>contextCSN</EM> checkpoints will greatly speed up this scanning step.</P>
+<P>If no <TT>contextCSN</TT> can be determined by reading and scanning the database, a new value will be generated. Also, if scanning the database yielded a greater <TT>entryCSN</TT> than was previously recorded in the suffix entry's <TT>contextCSN</TT> attribute, a checkpoint will be immediately written with the new value.</P>
+<P>The consumer also stores its replica state, which is the provider's <TT>contextCSN</TT> received as a synchronization cookie, in the <TT>contextCSN</TT> attribute of the suffix entry. The replica state maintained by a consumer server is used as the synchronization state indicator when it performs subsequent incremental synchronization with the provider server. It is also used as a provider-side synchronization state indicator when it functions as a secondary provider server in a cascading replication configuration. Since the consumer and provider state information are maintained in the same location within their respective databases, any consumer can be promoted to a provider (and vice versa) without any special actions.</P>
+<P>Because a general search filter can be used in the syncrepl specification, some entries in the context may be omitted from the synchronization content. The syncrepl engine creates a glue entry to fill in the holes in the replica context if any part of the replica content is subordinate to the holes. The glue entries will not be returned in the search result unless <EM>ManageDsaIT</EM> control is provided.</P>
+<P>Also as a consequence of the search filter used in the syncrepl specification, it is possible for a modification to remove an entry from the replication scope even though the entry has not been deleted on the provider. Logically the entry must be deleted on the consumer but in <EM>refreshOnly</EM> mode the provider cannot detect and propagate this change without the use of the session log.</P>
+<H2><A NAME="Configuring Syncrepl">15.3. Configuring Syncrepl</A></H2>
+<P>Because syncrepl is a consumer-side replication engine, the syncrepl specification is defined in <EM>slapd.conf</EM> (5) of the consumer server, not in the provider server's configuration file. The initial loading of the replica content can be performed either by starting the syncrepl engine with no synchronization cookie or by populating the consumer replica by adding an <TERM>LDIF</TERM> file dumped as a backup at the provider.</P>
+<P>When loading from a backup, it is not required to perform the initial loading from the up-to-date backup of the provider content. The syncrepl engine will automatically synchronize the initial consumer replica to the current provider content. As a result, it is not required to stop the provider server in order to avoid the replica inconsistency caused by the updates to the provider content during the content backup and loading process.</P>
+<P>When replicating a large scale directory, especially in a bandwidth constrained environment, it is advised to load the consumer replica from a backup instead of performing a full initial load using syncrepl.</P>
+<H3><A NAME="Set up the provider slapd">15.3.1. Set up the provider slapd</A></H3>
+<P>The provider is implemented as an overlay, so the overlay itself must first be configured in <EM>slapd.conf</EM> (5) before it can be used. The provider has only two configuration directives, for setting checkpoints on the <TT>contextCSN</TT> and for configuring the session log. Because the LDAP Sync search is subject to access control, proper access control privileges should be set up for the replicated content.</P>
+<P>The <TT>contextCSN</TT> checkpoint is configured by the</P>
+<PRE>
+ syncprov-checkpoint <ops> <minutes>
+</PRE>
+<P>directive. Checkpoints are only tested after successful write operations. If <EM><ops></EM> operations or more than <EM><minutes></EM> time has passed since the last checkpoint, a new checkpoint is performed.</P>
+<P>The session log is configured by the</P>
+<PRE>
+ syncprov-sessionlog <size>
+</PRE>
+<P>directive, where <EM><size></EM> is the maximum number of session log entries the session log can record. When a session log is configured, it is automatically used for all LDAP Sync searches within the database.</P>
+<P>Note that using the session log requires searching on the <EM>entryUUID</EM> attribute. Setting an eq index on this attribute will greatly benefit the performance of the session log on the provider.</P>
+<P>A more complete example of the <EM>slapd.conf</EM> content is thus:</P>
+<PRE>
+ database bdb
+ suffix dc=Example,dc=com
+ rootdn dc=Example,dc=com
+ directory /var/ldap/db
+ index objectclass,entryCSN,entryUUID eq
+
+ overlay syncprov
+ syncprov-checkpoint 100 10
+ syncprov-sessionlog 100
+</PRE>
+<H3><A NAME="Set up the consumer slapd">15.3.2. Set up the consumer slapd</A></H3>
+<P>The syncrepl replication is specified in the database section of <EM>slapd.conf</EM> (5) for the replica context. The syncrepl engine is backend independent and the directive can be defined with any database type.</P>
+<PRE>
+ database hdb
+ suffix dc=Example,dc=com
+ rootdn dc=Example,dc=com
+ directory /var/ldap/db
+ index objectclass,entryCSN,entryUUID eq
+
+ syncrepl rid=123
+ provider=ldap://provider.example.com:389
+ type=refreshOnly
+ interval=01:00:00:00
+ searchbase="dc=example,dc=com"
+ filter="(objectClass=organizationalPerson)"
+ scope=sub
+ attrs="cn,sn,ou,telephoneNumber,title,l"
+ schemachecking=off
+ bindmethod=simple
+ binddn="cn=syncuser,dc=example,dc=com"
+ credentials=secret
+</PRE>
+<P>In this example, the consumer will connect to the provider slapd at port 389 of <A HREF="ldap://provider.example.com">ldap://provider.example.com</A> to perform a polling (<EM>refreshOnly</EM>) mode of synchronization once a day. It will bind as <TT>cn=syncuser,dc=example,dc=com</TT> using simple authentication with password "secret". Note that the access control privilege of <TT>cn=syncuser,dc=example,dc=com</TT> should be set appropriately in the provider to retrieve the desired replication content. Also the search limits must be high enough on the provider to allow the syncuser to retrieve a complete copy of the requested content. The consumer uses the rootdn to write to its database so it always has full permissions to write all content.</P>
+<P>The synchronization search in the above example will search for the entries whose objectClass is organizationalPerson in the entire subtree rooted at <TT>dc=example,dc=com</TT>. The requested attributes are <TT>cn</TT>, <TT>sn</TT>, <TT>ou</TT>, <TT>telephoneNumber</TT>, <TT>title</TT>, and <TT>l</TT>. The schema checking is turned off, so that the consumer <EM>slapd</EM> (8) will not enforce entry schema checking when it process updates from the provider <EM>slapd</EM> (8).</P>
+<P>For more detailed information on the syncrepl directive, see the <A HREF="#syncrepl">syncrepl</A> section of <A HREF="#The slapd Configuration File">The slapd Configuration File</A> chapter of this admin guide.</P>
+<H3><A NAME="Start the provider and the consumer slapd">15.3.3. Start the provider and the consumer slapd</A></H3>
+<P>The provider <EM>slapd</EM> (8) is not required to be restarted. <EM>contextCSN</EM> is automatically generated as needed: it might be originally contained in the <TERM>LDIF</TERM> file, generated by <EM>slapadd</EM> (8), generated upon changes in the context, or generated when the first LDAP Sync search arrives at the provider. If an LDIF file is being loaded which did not previously contain the <EM>contextCSN</EM>, the <EM>-w</EM> option should be used with <EM>slapadd</EM> (8) to cause it to be generated. This will allow the server to startup a little quicker the first time it runs.</P>
+<P>When starting a consumer <EM>slapd</EM> (8), it is possible to provide a synchronization cookie as the <EM>-c cookie</EM> command line option in order to start the synchronization from a specific state. The cookie is a comma separated list of name=value pairs. Currently supported syncrepl cookie fields are <EM>csn=<csn></EM> and <EM>rid=<rid></EM>. <EM><csn></EM> represents the current synchronization state of the consumer replica. <EM><rid></EM> identifies a consumer replica locally within the consumer server. It is used to relate the cookie to the syncrepl definition in <EM>slapd.conf</EM> (5) which has the matching replica identifier. The <EM><rid></EM> must have no more than 3 decimal digits. The command line cookie overrides the synchronization cookie stored in the consumer replica database.</P>
+<P></P>
+<HR>
+<H1><A NAME="The Proxy Cache Engine">16. The Proxy Cache Engine</A></H1>
+<P>LDAP servers typically hold one or more subtrees of a DIT. Replica (or shadow) servers hold shadow copies of entries held by one or more master servers. Changes are propagated from the master server to replica (slave) servers using LDAP Sync or <EM>slurpd</EM>(8). An LDAP cache is a special type of replica which holds entries corresponding to search filters instead of subtrees.</P>
+<H2><A NAME="Overview">16.1. Overview</A></H2>
+<P>The proxy cache extension of slapd is designed to improve the responseiveness of the ldap and meta backends. It handles a search request (query) by first determining whether it is contained in any cached search filter. Contained requests are answered from the proxy cache's local database. Other requests are passed on to the underlying ldap or meta backend and processed as usual.</P>
+<P>E.g. <TT>(shoesize>=9)</TT> is contained in <TT>(shoesize>=8)</TT> and <TT>(sn=Richardson)</TT> is contained in <TT>(sn=Richards*)</TT></P>
+<P>Correct matching rules and syntaxes are used while comparing assertions for query containment. To simplify the query containment problem, a list of cacheable "templates" (defined below) is specified at configuration time. A query is cached or answered only if it belongs to one of these templates. The entries corresponding to cached queries are stored in the proxy cache local database while its associated meta information (filter, scope, base, attributes) is stored in main memory.</P>
+<P>A template is a prototype for generating LDAP search requests. Templates are described by a prototype search filter and a list of attributes which are required in queries generated from the template. The representation for prototype filter is similar to RFC 2254, except that the assertion values are missing. Examples of prototype filters are: (sn=),(&(sn=)(givenname=)) which are instantiated by search filters (sn=Doe) and (&(sn=Doe)(givenname=John)) respectively.</P>
+<P>The cache replacement policy removes the least recently used (LRU) query and entries belonging to only that query. Queries are allowed a maximum time to live (TTL) in the cache thus providing weak consistency. A background task periodically checks the cache for expired queries and removes them.</P>
+<P>The Proxy Cache paper (<A HREF="http://www.openldap.org/pub/kapurva/proxycaching.pdf">http://www.openldap.org/pub/kapurva/proxycaching.pdf</A>) provides design and implementation details.</P>
+<H2><A NAME="Proxy Cache Configuration">16.2. Proxy Cache Configuration</A></H2>
+<P>The cache configuration specific directives described below must appear after a <TT>overlay proxycache</TT> directive within a <TT>"database meta"</TT> or <TT>database ldap</TT> section of the server's <EM>slapd.conf</EM>(5) file.</P>
+<H3><A NAME="Setting cache parameters">16.2.1. Setting cache parameters</A></H3>
+<PRE>
+ proxyCache <DB> <maxentries> <nattrsets> <entrylimit> <period>
+</PRE>
+<P>This directive enables proxy caching and sets general cache parameters. The <DB> parameter specifies which underlying database is to be used to hold cached entries. It should be set to <TT>bdb</TT>, <TT>hdb</TT>, or <TT>ldbm</TT>. The <maxentries> parameter specifies the total number of entries which may be held in the cache. The <nattrsets> parameter specifies the total number of attribute sets (as specified by the <TT>proxyAttrSet</TT> directive) that may be defined. The <entrylimit> parameter specifies the maximum number of entries in a cachable query. The <period> specifies the consistency check period (in seconds). In each period, queries with expired TTLs are removed.</P>
+<H3><A NAME="Defining attribute sets">16.2.2. Defining attribute sets</A></H3>
+<PRE>
+ proxyAttrset <index> <attrs...>
+</PRE>
+<P>Used to associate a set of attributes to an index. Each attribute set is associated with an index number from 0 to <numattrsets>-1. These indices are used by the proxyTemplate directive to define cacheable templates.</P>
+<H3><A NAME="Specifying cacheable templates">16.2.3. Specifying cacheable templates</A></H3>
+<PRE>
+ proxyTemplate <prototype_string> <attrset_index> <TTL>
+</PRE>
+<P>Specifies a cacheable template and the "time to live" (in sec) <TTL> for queries belonging to the template. A template is described by its prototype filter string and set of required attributes identified by <attrset_index>.</P>
+<H3><A NAME="Example">16.2.4. Example</A></H3>
+<P>An example <EM>slapd.conf</EM>(5) database section for a caching server which proxies for the <TT>"dc=example,dc=com"</TT> subtree held at server <TT>ldap.example.com</TT>.</P>
+<PRE>
+ database ldap
+ suffix "dc=example,dc=com"
+ rootdn "dc=example,dc=com"
+ uri ldap://ldap.example.com/dc=example%2cdc=com
+ overlay proxycache
+ proxycache bdb 100000 1 1000 100
+ proxyAttrset 0 mail postaladdress telephonenumber
+ proxyTemplate (sn=) 0 3600
+ proxyTemplate (&(sn=)(givenName=)) 0 3600
+ proxyTemplate (&(departmentNumber=)(secretary=*)) 0 3600
+
+ cachesize 20
+ directory ./testrun/db.2.a
+ index objectClass eq
+ index cn,sn,uid,mail pres,eq,sub
+</PRE>
+<H4><A NAME="Cacheable Queries">16.2.4.1. Cacheable Queries</A></H4>
+<P>A LDAP search query is cacheable when its filter matches one of the templates as defined in the "proxyTemplate" statements and when it references only the attributes specified in the corresponding attribute set. In the example above the attribute set number 0 defines that only the attributes: <TT>mail postaladdress telephonenumber</TT> are cached for the following proxyTemplates.</P>
+<H4><A NAME="Examples:">16.2.4.2. Examples:</A></H4>
+<PRE>
+ Filter: (&(sn=Richard*)(givenName=jack))
+ Attrs: mail telephoneNumber
+</PRE>
+<P>is cacheable, because it matches the template <TT>(&(sn=)(givenName=))</TT> and its attributes are contained in proxyAttrset 0.</P>
+<PRE>
+ Filter: (&(sn=Richard*)(telephoneNumber))
+ Attrs: givenName
+</PRE>
+<P>is not cacheable, because the filter does not match the template, nor is the attribute givenName stored in the cache</P>
+<PRE>
+ Filter: (|(sn=Richard*)(givenName=jack))
+ Attrs: mail telephoneNumber
+</PRE>
+<P>is not cacheable, because the filter does not match the template ( logical OR "|" condition instead of logical AND "&" )</P>
+<P></P>
+<HR>
+<H1><A NAME="Generic configure Instructions">A. Generic configure Instructions</A></H1>
+<PRE>
+Basic Installation
+==================
+
+ These are generic installation instructions.
+
+ The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation. It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions. Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, a file
+`config.cache' that saves the results of its tests to speed up
+reconfiguring, and a file `config.log' containing compiler output
+(useful mainly for debugging `configure').
+
+ If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release. If at some point `config.cache'
+contains results you don't want to keep, you may remove or edit it.
+
+ The file `configure.in' is used to create `configure' by a program
+called `autoconf'. You only need `configure.in' if you want to change
+it or regenerate `configure' using a newer version of `autoconf'.
+
+The simplest way to compile this package is:
+
+ 1. `cd' to the directory containing the package's source code and type
+ `./configure' to configure the package for your system. If you're
+ using `csh' on an old version of System V, you might need to type
+ `sh ./configure' instead to prevent `csh' from trying to execute
+ `configure' itself.
+
+ Running `configure' takes awhile. While running, it prints some
+ messages telling which features it is checking for.
+
+ 2. Type `make' to compile the package.
+
+ 3. Optionally, type `make check' to run any self-tests that come with
+ the package.
+
+ 4. Type `make install' to install the programs and any data files and
+ documentation.
+
+ 5. You can remove the program binaries and object files from the
+ source code directory by typing `make clean'. To also remove the
+ files that `configure' created (so you can compile the package for
+ a different kind of computer), type `make distclean'. There is
+ also a `make maintainer-clean' target, but that is intended mainly
+ for the package's developers. If you use it, you may have to get
+ all sorts of other programs in order to regenerate files that came
+ with the distribution.
+
+Compilers and Options
+=====================
+
+ Some systems require unusual options for compilation or linking that
+the `configure' script does not know about. You can give `configure'
+initial values for variables by setting them in the environment. Using
+a Bourne-compatible shell, you can do that on the command line like
+this:
+ CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
+
+Or on systems that have the `env' program, you can do it like this:
+ env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
+
+Compiling For Multiple Architectures
+====================================
+
+ You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory. To do this, you must use a version of `make' that
+supports the `VPATH' variable, such as GNU `make'. `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script. `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+ If you have to use a `make' that does not supports the `VPATH'
+variable, you have to compile the package for one architecture at a time
+in the source code directory. After you have installed the package for
+one architecture, use `make distclean' before reconfiguring for another
+architecture.
+
+Installation Names
+==================
+
+ By default, `make install' will install the package's files in
+`/usr/local/bin', `/usr/local/man', etc. You can specify an
+installation prefix other than `/usr/local' by giving `configure' the
+option `--prefix=PATH'.
+
+ You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files. If you
+give `configure' the option `--exec-prefix=PATH', the package will use
+PATH as the prefix for installing programs and libraries.
+Documentation and other data files will still use the regular prefix.
+
+ In addition, if you use an unusual directory layout you can give
+options like `--bindir=PATH' to specify different values for particular
+kinds of files. Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+ If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+ Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System). The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+ For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Specifying the System Type
+==========================
+
+ There may be some features `configure' can not figure out
+automatically, but needs to determine by the type of host the package
+will run on. Usually `configure' can figure that out, but if it prints
+a message saying it can not guess the host type, give it the
+`--host=TYPE' option. TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name with three fields:
+ CPU-COMPANY-SYSTEM
+
+See the file `config.sub' for the possible values of each field. If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the host type.
+
+ If you are building compiler tools for cross-compiling, you can also
+use the `--target=TYPE' option to select the type of system they will
+produce code for and the `--build=TYPE' option to select the type of
+system on which you are compiling the package.
+
+Sharing Defaults
+================
+
+ If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists. Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Operation Controls
+==================
+
+ `configure' recognizes the following options to control how it
+operates.
+
+`--cache-file=FILE'
+ Use and save the results of the tests in FILE instead of
+ `./config.cache'. Set FILE to `/dev/null' to disable caching, for
+ debugging `configure'.
+
+`--help'
+ Print a summary of the options to `configure', and exit.
+
+`--quiet'
+`--silent'
+`-q'
+ Do not print messages saying which checks are being made. To
+ suppress all normal output, redirect it to `/dev/null' (any error
+ messages will still be shown).
+
+`--srcdir=DIR'
+ Look for the package's source code in directory DIR. Usually
+ `configure' can determine that directory automatically.
+
+`--version'
+ Print the version of Autoconf used to generate the `configure'
+ script, and exit.
+
+`configure' also accepts some other, not widely useful, options.
+
+</PRE>
+<P></P>
+<HR>
+<H1><A NAME="OpenLDAP Software Copyright Notices">B. OpenLDAP Software Copyright Notices</A></H1>
+<H2><A NAME="OpenLDAP Copyright Notice">B.1. OpenLDAP Copyright Notice</A></H2>
+<P>Copyright 1998-2007 The OpenLDAP Foundation.<BR><EM>All rights reserved.</EM></P>
+<P>Redistribution and use in source and binary forms, with or without modification, are permitted <EM>only as authorized</EM> by the <A HREF="#OpenLDAP Public License">OpenLDAP Public License</A>.</P>
+<P>A copy of this license is available in file <TT>LICENSE</TT> in the top-level directory of the distribution or, alternatively, at <<A HREF="http://www.OpenLDAP.org/license.html">http://www.OpenLDAP.org/license.html</A>>.</P>
+<P>OpenLDAP is a registered trademark of the OpenLDAP Foundation.</P>
+<P>Individual files and/or contributed packages may be copyright by other parties and their use subject to additional restrictions.</P>
+<P>This work is derived from the University of Michigan LDAP v3.3 distribution. Information concerning this software is available at <<A HREF="http://www.umich.edu/~dirsvcs/ldap/ldap.html">http://www.umich.edu/~dirsvcs/ldap/ldap.html</A>>.</P>
+<P>This work also contains materials derived from public sources.</P>
+<P>Additional information about OpenLDAP software can be obtained at <<A HREF="http://www.OpenLDAP.org/">http://www.OpenLDAP.org/</A>>.</P>
+<H2><A NAME="Additional Copyright Notice">B.2. Additional Copyright Notice</A></H2>
+<P>Portions Copyright 1998-2006 Kurt D. Zeilenga.<BR>Portions Copyright 1998-2006 Net Boolean Incorporated.<BR>Portions Copyright 2001-2006 IBM Corporation.<BR><EM>All rights reserved.</EM></P>
+<P>Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the <A HREF="#OpenLDAP Public License">OpenLDAP Public License</A>.</P>
+<P>Portions Copyright 1999-2005 Howard Y.H. Chu.<BR>Portions Copyright 1999-2005 Symas Corporation.<BR>Portions Copyright 1998-2003 Hallvard B. Furuseth.<BR><EM>All rights reserved.</EM></P>
+<P>Redistribution and use in source and binary forms, with or without modification, are permitted provided that this notice is preserved. The names of the copyright holders may not be used to endorse or promote products derived from this software without their specific prior written permission. This software is provided ``as is'' without express or implied warranty.</P>
+<H2><A NAME="University of Michigan Copyright Notice">B.3. University of Michigan Copyright Notice</A></H2>
+<P>Portions Copyright 1992-1996 Regents of the University of Michigan.<BR><EM>All rights reserved.</EM></P>
+<P>Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. This software is provided ``as is'' without express or implied warranty.</P>
+<P></P>
+<HR>
+<H1><A NAME="OpenLDAP Public License">C. OpenLDAP Public License</A></H1>
+<PRE>
+The OpenLDAP Public License
+ Version 2.8, 17 August 2003
+
+Redistribution and use of this software and associated documentation
+("Software"), with or without modification, are permitted provided
+that the following conditions are met:
+
+1. Redistributions in source form must retain copyright statements
+ and notices,
+
+2. Redistributions in binary form must reproduce applicable copyright
+ statements and notices, this list of conditions, and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution, and
+
+3. Redistributions must contain a verbatim copy of this document.
+
+The OpenLDAP Foundation may revise this license from time to time.
+Each revision is distinguished by a version number. You may use
+this Software under terms of this license revision or under the
+terms of any subsequent revision of the license.
+
+THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
+CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S)
+OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+The names of the authors and copyright holders must not be used in
+advertising or otherwise to promote the sale, use or other dealing
+in this Software without specific, written prior permission. Title
+to copyright in this Software shall at all times remain with copyright
+holders.
+
+OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+Copyright 1999-2003 The OpenLDAP Foundation, Redwood City,
+California, USA. All Rights Reserved. Permission to copy and
+distribute verbatim copies of this document is granted.
+</PRE>
+</DIV>
+<DIV CLASS="footer">
+<HR>
+<DIV CLASS="navigate">
+<P ALIGN="Center"><A HREF="http://www.openldap.org/">Home</A> | <A HREF="../index.html">Catalog</A></P>
+</DIV>
+<P>
+<FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
+________________<BR>
+<SMALL>© Copyright 2006, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info at OpenLDAP.org">info at OpenLDAP.org</A></SMALL></B></FONT>
+
+</DIV>
+
+</BODY>
+</HTML>
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/guide.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/guide.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/guide.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,8 @@
+# $OpenLDAP: pkg/openldap-guide/admin/guide.sdf,v 1.6.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+#
+# guide.sdf
+#
+
+!include "master.sdf"
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/index.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/index.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/index.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,8 @@
+# $OpenLDAP: pkg/openldap-guide/admin/index.sdf,v 1.6.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+#
+# index.sdf
+#
+
+!include "master.sdf"
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/install.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/install.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/install.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,263 @@
+# $OpenLDAP: pkg/openldap-guide/admin/install.sdf,v 1.34.2.5 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: Building and Installing OpenLDAP Software
+
+This chapter details how to build and install the {{ORG:OpenLDAP}}
+Software package including {{slapd}}(8), the stand-alone LDAP daemon
+and {{slurpd}}(8), the stand-alone update replication daemon.
+Building and installing OpenLDAP Software requires several steps:
+installing prerequisite software, configuring OpenLDAP Software
+itself, making, and finally installing. The following sections
+describe this process in detail.
+
+
+H2: Obtaining and Extracting the Software
+
+You can obtain OpenLDAP Software from the project's download
+page at {{URL: http://www.openldap.org/software/download/}} or
+directly from the project's {{TERM:FTP}} service at
+{{URL: ftp://ftp.openldap.org/pub/OpenLDAP/}}.
+
+The project makes available two series of packages for {{general
+use}}. The project makes {{releases}} as new features and bug fixes
+come available. Though the project takes steps to improve stablity
+of these releases, it is common for problems to arise only after
+{{release}}. The {{stable}} release is the latest {{release}} which
+has demonstrated stability through general use.
+
+Users of OpenLDAP Software can choose, depending on their desire
+for the {{latest features}} versus {{demonstrated stability}}, the
+most appropriate series to install.
+
+After downloading OpenLDAP Software, you need to extract the
+distribution from the compressed archive file and change your working
+directory to the top directory of the distribution:
+
+.{{EX:gunzip -c openldap-VERSION.tgz | tar xf -}}
+.{{EX:cd openldap-VERSION}}
+
+You'll have to replace {{EX:VERSION}} with the version name of
+the release.
+
+You should now review the {{F:COPYRIGHT}}, {{F:LICENSE}}, {{F:README}}
+and {{F:INSTALL}} documents provided with the distribution. The
+{{F:COPYRIGHT}} and {{F:LICENSE}} provide information on acceptable
+use, copying, and limitation of warranty of OpenLDAP Software. The
+{{F:README}} and {{F:INSTALL}} documents provide detailed information
+on prerequisite software and installation procedures.
+
+
+H2: Prerequisite software
+
+OpenLDAP Software relies upon a number of software packages distributed
+by third parties. Depending on the features you intend to use, you
+may have to download and install a number of additional software
+packages. This section details commonly needed third party software
+packages you might have to install. However, for an up-to-date
+prerequisite information, the {{F:README}} document should be
+consulted. Note that some of these third party packages may depend
+on additional software packages. Install each package per the
+installation instructions provided with it.
+
+
+H3: {{TERM[expand]TLS}}
+
+OpenLDAP clients and servers require installation of {{PRD:OpenSSL}}
+{{TERM:TLS}} libraries to provide {{TERM[expand]TLS}} services. Though
+some operating systems may provide these libraries as part of the
+base system or as an optional software component, OpenSSL often
+requires separate installation.
+
+OpenSSL is available from {{URL: http://www.openssl.org/}}.
+
+OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's
+{{EX:configure}} detects a usable OpenSSL installation.
+
+
+H3: Kerberos Authentication Services
+
+OpenLDAP clients and servers support Kerberos-based authentication
+services.
+In particular, OpenLDAP supports the {{TERM:SASL}}/{{TERM:GSSAPI}}
+authentication mechanism using either {{PRD:Heimdal}} or
+{{PRD:MIT Kerberos}} V packages.
+If you desire to use Kerberos-based SASL/GSSAPI authentication,
+you should install either Heimdal or MIT Kerberos V.
+
+Heimdal Kerberos is available from {{URL:http://www.pdc.kth.se/heimdal/}}.
+MIT Kerberos is available from {{URL:http://web.mit.edu/kerberos/www/}}.
+
+Use of strong authentication services, such as those provided by
+Kerberos, is highly recommended.
+
+
+H3: {{TERM[expand]SASL}}
+
+OpenLDAP clients and servers require installation of {{PRD:Cyrus}}'s
+{{PRD:SASL}} libraries to provide {{TERM[expand]SASL}} services. Though
+some operating systems may provide this library as part of the
+base system or as an optional software component, Cyrus SASL
+often requires separate installation.
+
+Cyrus SASL is available from
+{{URL:http://asg.web.cmu.edu/sasl/sasl-library.html}}.
+Cyrus SASL will make use of OpenSSL and Kerberos/GSSAPI libraries
+if preinstalled.
+
+OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's
+configure detects a usable Cyrus SASL installation.
+
+
+H3: Database Software
+
+OpenLDAP's {{slapd}}(8) {{TERM:BDB}} and {{TERM:HDB}} primary database backends
+require {{ORG[expand]Sleepycat}} {{PRD:Berkeley DB}}.
+If not available at configure time, you will not be able build
+{{slapd}}(8) with these primary database backends.
+
+Your operating system may provide a supported version of
+{{PRD:Berkeley DB}} in the base system or as an optional
+software component. If not, you'll have to obtain and
+install it yourself.
+
+{{PRD:Berkeley DB}} is available from {{ORG[expand]Sleepycat}}'s
+download page {{URL: http://www.sleepycat.com/download/}}. There
+are several versions available. Generally, the most recent release
+(with published patches) is recommended. This package is required
+if you wish to use the {{TERM:BDB}} or {{TERM:HDB}} database backends.
+
+OpenLDAP's {{slapd}}(8) LDBM backend supports a variety of data
+base managers including {{PRD:Berkeley DB}} and {{PRD:GDBM}}.
+{{PRD:GDBM}} is available from {{ORG:FSF}}'s download site {{URL:
+ftp://ftp.gnu.org/pub/gnu/gdbm/}}.
+
+
+H3: Threads
+
+OpenLDAP is designed to take advantage of threads. OpenLDAP
+supports POSIX {{pthreads}}, Mach {{CThreads}}, and a number of
+other varieties. {{EX:configure}} will complain if it cannot
+find a suitable thread subsystem. If this occurs, please
+consult the {{F:Software|Installation|Platform Hints}} section
+of the OpenLDAP FAQ {{URL: http://www.openldap.org/faq/}}.
+
+
+H3: TCP Wrappers
+
+{{slapd}}(8) supports TCP Wrappers (IP level access control filters)
+if preinstalled. Use of TCP Wrappers or other IP-level access
+filters (such as those provided by an IP-level firewall) is recommended
+for servers containing non-public information.
+
+
+H2: Running configure
+
+Now you should probably run the {{EX:configure}} script with the
+{{EX:--help}} option.
+This will give you a list of options that you can change when building
+OpenLDAP. Many of the features of OpenLDAP can be enabled or disabled
+using this method.
+!if 0
+Please see the appendix for a more detailed list of configure options,
+and their usage.
+!endif
+> ./configure --help
+
+The {{EX:configure}} script will also look at various environment variables
+for certain settings. These environment variables include:
+
+!block table; align=Center; coltags="EX,N"; title="Table 4.1: Environment Variables"
+Variable Description
+CC Specify alternative C Compiler
+CFLAGS Specify additional compiler flags
+CPPFLAGS Specify C Preprocessor flags
+LDFLAGS Specify linker flags
+LIBS Specify additional libraries
+!endblock
+
+Now run the configure script with any desired configuration options or
+environment variables.
+
+> [[env] settings] ./configure [options]
+
+As an example, let's assume that we want to install OpenLDAP with
+BDB backend and TCP Wrappers support. By default, BDB
+is enabled and TCP Wrappers is not. So, we just need to specify
+{{EX:--with-wrappers}} to include TCP Wrappers support:
+
+> ./configure --with-wrappers
+
+However, this will fail to locate dependent software not
+installed in system directories. For example, if TCP Wrappers
+headers and libraries are installed in {{F:/usr/local/include}}
+and {{F:/usr/local/lib}} respectively, the {{EX:configure}}
+script should be called as follows:
+
+> env CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" \
+> ./configure --with-wrappers
+
+Note: Some shells, such as those derived from the Bourne {{sh}}(1),
+do not require use of the {{env}}(1) command. In some cases, environmental
+variables have to be specified using alternative syntaxes.
+
+The {{EX:configure}} script will normally auto-detect appropriate
+settings. If you have problems at this stage, consult any platform
+specific hints and check your {{EX:configure}} options, if any.
+
+
+H2: Building the Software
+
+Once you have run the {{EX:configure}} script the last line of output
+should be:
+> Please "make depend" to build dependencies
+
+If the last line of output does not match, {{EX:configure}} has failed,
+and you will need to review its output to determine what went wrong.
+You should not proceed until {{EX:configure}} completes successfully.
+
+To build dependencies, run:
+> make depend
+
+Now build the software, this step will actually compile OpenLDAP.
+> make
+
+You should examine the output of this command carefully to make sure
+everything is built correctly. Note that this command builds the LDAP
+libraries and associated clients as well as {{slapd}}(8) and {{slurpd}}(8).
+
+
+H2: Testing the Software
+
+Once the software has been properly configured and successfully
+made, you should run the test suite to verify the build.
+
+> make test
+
+Tests which apply to your configuration will run and they should pass.
+Some tests, such as the replication test, may be skipped if not supported
+by your configuration.
+
+
+H2: Installing the Software
+
+Once you have successfully tested the software, you are ready to
+install it. You will need to have write permission to the installation
+directories you specified when you ran configure. By default
+OpenLDAP Software is installed in {{F:/usr/local}}. If you changed
+this setting with the {{EX:--prefix}} configure option, it will be
+installed in the location you provided.
+
+Typically, the installation requires {{super-user}} privileges.
+From the top level OpenLDAP source directory, type:
+
+> su root -c 'make install'
+
+and enter the appropriate password when requested.
+
+You should examine the output of this command carefully to make sure
+everything is installed correctly. You will find the configuration files
+for {{slapd}}(8) in {{F:/usr/local/etc/openldap}} by default. See the
+chapter {{SECT:Configuring slapd}} for additional information.
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/intro.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/intro.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/intro.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,316 @@
+# $OpenLDAP: pkg/openldap-guide/admin/intro.sdf,v 1.40.2.4 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+H1: Introduction to OpenLDAP Directory Services
+
+This document describes how to build, configure, and operate OpenLDAP
+software to provide directory services. This includes details on
+how to configure and run the stand-alone {{TERM:LDAP}} daemon,
+{{slapd}}(8) and the stand-alone LDAP update replication daemon,
+{{slurpd}}(8). It is intended for newcomers and experienced
+administrators alike. This section provides a basic introduction
+to directory services and, in particular, the directory services
+provided by {{slapd}}(8).
+
+
+H2: What is a directory service?
+
+A directory is a specialized database optimized for reading, browsing
+and searching. Directories tend to contain descriptive, attribute-based
+information and support sophisticated filtering capabilities.
+Directories generally do not support complicated transaction or
+roll-back schemes found in database management systems designed
+for handling high-volume complex updates. Directory updates are
+typically simple all-or-nothing changes, if they are allowed at
+all. Directories are tuned to give quick response to high-volume
+lookup or search operations. They may have the ability to replicate
+information widely in order to increase availability and reliability,
+while reducing response time. When directory information is
+replicated, temporary inconsistencies between the replicas may be
+okay, as long as they get in sync eventually.
+
+There are many different ways to provide a directory service.
+Different methods allow different kinds of information to be stored
+in the directory, place different requirements on how that information
+can be referenced, queried and updated, how it is protected from
+unauthorized access, etc. Some directory services are {{local}},
+providing service to a restricted context (e.g., the finger service
+on a single machine). Other services are global, providing service
+to a much broader context (e.g., the entire Internet). Global
+services are usually {{distributed}}, meaning that the data they
+contain is spread across many machines, all of which cooperate to
+provide the directory service. Typically a global service defines
+a uniform {{namespace}} which gives the same view of the data no
+matter where you are in relation to the data itself. The Internet
+{{TERM[expand]DNS}} (DNS) is an example of a globally distributed
+directory service.
+
+
+H2: What is LDAP?
+
+{{TERM:LDAP}} stands for {{TERM[expand]LDAP}}. As the name suggests,
+it is a lightweight protocol for accessing directory services,
+specifically {{TERM:X.500}}-based directory services. LDAP runs
+over {{TERM:TCP}}/{{TERM:IP}} or other connection oriented transfer
+services. The nitty-gritty details of LDAP are defined in
+{{REF:RFC2251}} "The Lightweight Directory Access Protocol (v3)"
+and other documents comprising the technical specification
+{{REF:RFC3377}}. This section gives an overview of LDAP from a
+user's perspective.
+
+{{What kind of information can be stored in the directory?}} The
+LDAP information model is based on {{entries}}. An entry is a
+collection of attributes that has a globally-unique {{TERM[expand]DN}}
+(DN). The DN is used to refer to the entry unambiguously. Each of
+the entry's attributes has a {{type}} and one or more {{values}}.
+The types are typically mnemonic strings, like "{{EX:cn}}" for
+common name, or "{{EX:mail}}" for email address. The syntax of
+values depend on the attribute type. For example, a {{EX:cn}}
+attribute might contain the value {{EX:Babs Jensen}}. A {{EX:mail}}
+attribute might contain the value "{{EX:babs at example.com}}". A
+{{EX:jpegPhoto}} attribute would contain a photograph in the JPEG
+(binary) format.
+
+{{How is the information arranged?}} In LDAP, directory entries
+are arranged in a hierarchical tree-like structure. Traditionally,
+this structure reflected the geographic and/or organizational
+boundaries. Entries representing countries appear at the top of
+the tree. Below them are entries representing states and national
+organizations. Below them might be entries representing organizational
+units, people, printers, documents, or just about anything else
+you can think of. Figure 1.1 shows an example LDAP directory tree
+using traditional naming.
+
+!import "intro_tree.gif"; align="center"; \
+ title="LDAP directory tree (traditional naming)"
+FT[align="Center"] Figure 1.1: LDAP directory tree (traditional naming)
+
+The tree may also be arranged based upon Internet domain names.
+This naming approach is becoming increasing popular as it allows
+for directory services to be located using the {{DNS}}.
+Figure 1.2 shows an example LDAP directory tree using domain-based
+naming.
+
+!import "intro_dctree.gif"; align="center"; \
+ title="LDAP directory tree (Internet naming)"
+FT[align="Center"] Figure 1.2: LDAP directory tree (Internet naming)
+
+In addition, LDAP allows you to control which attributes are required
+and allowed in an entry through the use of a special attribute
+called {{EX:objectClass}}. The values of the {{EX:objectClass}}
+attribute determine the {{schema}} rules the entry must obey.
+
+{{How is the information referenced?}} An entry is referenced by
+its distinguished name, which is constructed by taking the name of
+the entry itself (called the {{TERM[expand]RDN}} or RDN) and
+concatenating the names of its ancestor entries. For example, the
+entry for Barbara Jensen in the Internet naming example above has
+an RDN of {{EX:uid=babs}} and a DN of
+{{EX:uid=babs,ou=People,dc=example,dc=com}}. The full DN format
+is described in {{REF:RFC2253}}, "Lightweight Directory Access
+Protocol (v3): UTF-8 String Representation of Distinguished Names."
+
+{{How is the information accessed?}} LDAP defines operations for
+interrogating and updating the directory. Operations are provided
+for adding and deleting an entry from the directory, changing an
+existing entry, and changing the name of an entry. Most of the
+time, though, LDAP is used to search for information in the directory.
+The LDAP search operation allows some portion of the directory to
+be searched for entries that match some criteria specified by a
+search filter. Information can be requested from each entry that
+matches the criteria.
+
+For example, you might want to search the entire directory subtree
+at and below {{EX:dc=example,dc=com}} for people with the name
+{{EX:Barbara Jensen}}, retrieving the email address of each entry
+found. LDAP lets you do this easily. Or you might want to search
+the entries directly below the {{EX:st=California,c=US}} entry for
+organizations with the string {{EX:Acme}} in their name, and that
+have a fax number. LDAP lets you do this too. The next section
+describes in more detail what you can do with LDAP and how it might
+be useful to you.
+
+{{How is the information protected from unauthorized access?}} Some
+directory services provide no protection, allowing anyone to see
+the information. LDAP provides a mechanism for a client to authenticate,
+or prove its identity to a directory server, paving the way for
+rich access control to protect the information the server contains.
+LDAP also supports data security (integrity and confidentiality)
+services.
+
+
+H2: How does LDAP work?
+
+LDAP directory service is based on a {{client-server}} model. One
+or more LDAP servers contain the data making up the directory
+information tree (DIT). The client connects to servers and
+asks it a question. The server responds with an answer and/or
+with a pointer to where the client can get additional information
+(typically, another LDAP server). No matter which LDAP server a
+client connects to, it sees the same view of the directory; a name
+presented to one LDAP server references the same entry it would at
+another LDAP server. This is an important feature of a global
+directory service, like LDAP.
+
+
+H2: What about X.500?
+
+Technically, {{TERM:LDAP}} is a directory access protocol to an
+{{TERM:X.500}} directory service, the {{TERM:OSI}} directory service.
+Initially, LDAP clients accessed gateways to the X.500 directory service.
+This gateway ran LDAP between the client and gateway and X.500's
+{{TERM[expand]DAP}} ({{TERM:DAP}}) between the gateway and the
+X.500 server. DAP is a heavyweight protocol that operates over a
+full OSI protocol stack and requires a significant amount of
+computing resources. LDAP is designed to operate over
+{{TERM:TCP}}/{{TERM:IP}} and provides most of the functionality of
+DAP at a much lower cost.
+
+While LDAP is still used to access X.500 directory service via
+gateways, LDAP is now more commonly directly implemented in X.500
+servers.
+
+The stand-alone LDAP daemon, or {{slapd}}(8), can be viewed as a
+{{lightweight}} X.500 directory server. That is, it does not
+implement the X.500's DAP nor does it support the complete X.500
+models.
+
+If you are already running a X.500 DAP service and you want to
+continue to do so, you can probably stop reading this guide. This
+guide is all about running LDAP via {{slapd}}(8), without running
+X.500 DAP. If you are not running X.500 DAP, want to stop running
+X.500 DAP, or have no immediate plans to run X.500 DAP, read on.
+
+It is possible to replicate data from an LDAP directory server to
+a X.500 DAP {{TERM:DSA}}. This requires an LDAP/DAP gateway.
+OpenLDAP does not provide such a gateway, but our replication daemon
+can be used to replicate to such a gateway. See the {{SECT:Replication
+with slurpd}} chapter of this document for information regarding
+replication.
+
+
+H2: What is the difference between LDAPv2 and LDAPv3?
+
+LDAPv3 was developed in the late 1990's to replace LDAPv2.
+LDAPv3 adds the following features to LDAP:
+
+ - Strong authentication and data security services via {{TERM:SASL}}
+ - Certificate authentication and data security services via {{TERM:TLS}} (SSL)
+ - Internationalization through the use of Unicode
+ - Referrals and Continuations
+ - Schema Discovery
+ - Extensibility (controls, extended operations, and more)
+
+LDAPv2 is historic ({{REF:RFC3494}}). As most {{so-called}} LDAPv2
+implementations (including {{slapd}}(8)) do not conform to the
+LDAPv2 technical specification, interoperatibility amongst
+implementations claiming LDAPv2 support is limited. As LDAPv2
+differs significantly from LDAPv3, deploying both LDAPv2 and LDAPv3
+simultaneously is quite problematic. LDAPv2 should be avoided.
+LDAPv2 is disabled by default.
+
+
+H2: What is slapd and what can it do?
+
+{{slapd}}(8) is an LDAP directory server that runs on many different
+platforms. You can use it to provide a directory service of your
+very own. Your directory can contain pretty much anything you want
+to put in it. You can connect it to the global LDAP directory
+service, or run a service all by yourself. Some of slapd's more
+interesting features and capabilities include:
+
+{{B:LDAPv3}}: {{slapd}} implements version 3 of {{TERM[expand]LDAP}}.
+{{slapd}} supports LDAP over both IPv4 and IPv6 and Unix IPC.
+
+{{B:{{TERM[expand]SASL}}}}: {{slapd}} supports strong authentication
+and data security (integrity and confidentiality) services through
+the use of SASL. {{slapd}}'s SASL implementation utilizes {{PRD:Cyrus}}
+{{PRD:SASL}} software which supports a number of mechanisms including
+DIGEST-MD5, EXTERNAL, and GSSAPI.
+
+{{B:{{TERM[expand]TLS}}}}: {{slapd}} supports certificate-based
+authentication and data security (integrity and confidentiality)
+services through the use of TLS (or SSL). {{slapd}}'s TLS
+implementation utilizes {{PRD:OpenSSL}} software.
+
+{{B:Topology control}}: {{slapd}} can be configured to restrict
+access at the socket layer based upon network topology information.
+This feature utilizes {{TCP wrappers}}.
+
+{{B:Access control}}: {{slapd}} provides a rich and powerful access
+control facility, allowing you to control access to the information
+in your database(s). You can control access to entries based on
+LDAP authorization information, {{TERM:IP}} address, domain name
+and other criteria. {{slapd}} supports both {{static}} and {{dynamic}}
+access control information.
+
+{{B:Internationalization}}: {{slapd}} supports Unicode and language
+tags.
+
+{{B:Choice of database backends}}: {{slapd}} comes with a variety
+of different database backends you can choose from. They include
+{{TERM:BDB}}, a high-performance transactional database backend;
+{{TERM:HDB}}, a hierarchical high-performance transactional backend;
+{{TERM:LDBM}}, a lightweight DBM based backend; {{SHELL}}, a backend
+interface to arbitrary shell scripts; and PASSWD, a simple backend
+interface to the {{passwd}}(5) file. The BDB and HDB backends
+utilize {{ORG:Sleepycat}} {{PRD:Berkeley DB}}. The LDBM utilizes
+either {{PRD:Berkeley DB}} or {{PRD:GDBM}}.
+
+{{B:Multiple database instances}}: {{slapd}} can be configured to
+serve multiple databases at the same time. This means that a single
+{{slapd}} server can respond to requests for many logically different
+portions of the LDAP tree, using the same or different database
+backends.
+
+{{B:Generic modules API}}: If you require even more customization,
+{{slapd}} lets you write your own modules easily. {{slapd}} consists
+of two distinct parts: a front end that handles protocol communication
+with LDAP clients; and modules which handle specific tasks such as
+database operations. Because these two pieces communicate via a
+well-defined {{TERM:C}} {{TERM:API}}, you can write your own
+customized modules which extend {{slapd}} in numerous ways. Also,
+a number of {{programmable database}} modules are provided. These
+allow you to expose external data sources to {{slapd}} using popular
+programming languages ({{PRD:Perl}}, {{shell}}, {{PRD:SQL}}, and
+{{PRD:TCL}}).
+
+{{B:Threads}}: {{slapd}} is threaded for high performance. A single
+multi-threaded {{slapd}} process handles all incoming requests using
+a pool of threads. This reduces the amount of system overhead
+required while providing high performance.
+
+{{B:Replication}}: {{slapd}} can be configured to maintain shadow
+copies of directory information. This {{single-master/multiple-slave}}
+replication scheme is vital in high-volume environments where a
+single {{slapd}} just doesn't provide the necessary availability
+or reliability. {{slapd}} supports two replication methods: {{LDAP
+Sync}}-based and {{slurpd}}(8)-based replication.
+
+{{B:Proxy Cache}}: {{slapd}} can be configured as a caching
+LDAP proxy service.
+
+{{B:Configuration}}: {{slapd}} is highly configurable through a
+single configuration file which allows you to change just about
+everything you'd ever want to change. Configuration options have
+reasonable defaults, making your job much easier.
+
+
+H2: What is slurpd and what can it do?
+
+{{slurpd}}(8) is a daemon that, with {{slapd}} help, provides
+replicated service. It is responsible for distributing changes
+made to the master {{slapd}} database out to the various {{slapd}}
+replicas. It frees {{slapd}} from having to worry that some replicas
+might be down or unreachable when a change comes through; {{slurpd}}
+handles retrying failed requests automatically. {{slapd}} and
+{{slurpd}} communicate through a simple text file that is used to
+log changes.
+
+See the {{SECT:Replication with slurpd}} chapter for information
+about how to configure and run {{slurpd}}(8).
+
+Alternatively, {{LDAP-Sync}}-based replication may be used to provide
+a replicated service. See the {{SECT:LDAP Sync Replication}} chapter
+for details.
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/intro_dctree.gif
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-2.3.35/doc/guide/admin/intro_dctree.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/intro_tree.gif
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-2.3.35/doc/guide/admin/intro_tree.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/master.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/master.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/master.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,89 @@
+# $OpenLDAP: pkg/openldap-guide/admin/master.sdf,v 1.16.2.3 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+#
+# master file for the OpenLDAP Administrator's Guide
+#
+#
+# To generate guide for distribution:
+# sdf -2html guide.sdf
+# sdf -2txt guide.sdf
+# cp guide.{html,txt} $distribution/doc/guide
+#
+# To generate pages for web
+# sdf -2topics index.sdf
+#
+!include "../preamble.sdf"; plain
+
+# title information
+!include "title.sdf"
+PB:
+
+# Document copyright, publishing info, acknowledgements, preface
+!include "preface.sdf"; about
+PB:
+
+# Chapters
+!include "intro.sdf"; chapter
+PB:
+
+!include "quickstart.sdf"; chapter
+PB:
+
+!include "config.sdf"; chapter
+PB:
+
+!include "install.sdf"; chapter
+PB:
+
+!include "slapdconf2.sdf"; chapter
+PB:
+
+!include "slapdconfig.sdf"; chapter
+PB:
+
+!include "runningslapd.sdf"; chapter
+PB:
+
+!include "dbtools.sdf"; chapter
+PB:
+
+!include "schema.sdf"; chapter
+PB:
+
+!include "security.sdf"; chapter
+PB:
+
+!include "sasl.sdf"; chapter
+PB:
+
+!include "tls.sdf"; chapter
+PB:
+
+#!include "monitoringslapd.sdf"; chapter
+#PB:
+
+#!include "tuning.sdf"; chapter
+#PB:
+
+!include "referrals.sdf"; chapter
+PB:
+
+!include "replication.sdf"; chapter
+PB:
+
+!include "syncrepl.sdf"; chapter
+PB:
+
+!include "proxycache.sdf"; chapter
+PB:
+
+# Appendices
+!include "../release/autoconf.sdf"; appendix
+PB:
+
+# Software Copyright/License
+!include "../release/copyright.sdf"; appendix
+PB:
+
+!include "../release/license.sdf"; appendix
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/monitoringslapd.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/monitoringslapd.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/monitoringslapd.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,111 @@
+# $OpenLDAP: pkg/openldap-guide/admin/monitoringslapd.sdf,v 1.8.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+H1: Monitoring Slapd
+
+Slapd supports a monitoring interface you can use to find out
+many useful bits of information about what slapd is currently
+doing, how many connections it has, how many threads are
+working, etc. You can access the monitor feature by doing a
+base object search of the SLAPD_MONITOR_DN from
+include/ldapconfig.h with any kind of valid filter (e.g.,
+"(objectclass=*)"). By default, this DN is set to "cn=monitor".
+You will get one entry returned to you, with the following
+attributes:
+
+E: version: slapd <version> (<date>)
+
+This attribute identifies the slapd server software by name,
+version, and build date, e.g., {{EX: slapd 3.3 (Thu May 21 14:19:03
+EDT 1996)}}
+
+E: threads: <integer>
+
+This attribute indicates the number of threads (operations)
+currently outstanding in slapd.
+
+E: connection: <fd> : <opentime> : <opsinitiated> :
+E: <opscompleted> : <binddn> : [ <rw> ]
+
+This multi-valued attribute summarizes information for each
+open connection. The information given is {{EX: <fd>}}, the file
+descriptor; {{EX: <opentime>}}, the time the connection was opened
+in UTC format; {{EX: <opsinitiated>}}, the number of operations
+initiated over the connection; {{EX: <opscompleted>}}, the number
+of operations completed over the connection; {{EX: <binddn>}}, the
+DN currently bound to the connection; and optionally {{EX: <rw>}},
+indicating whether the connection is currently blocked for
+read or write..
+
+E: currentconnections: <integer>
+
+The current number of connections.
+
+E: totalconnections: <integer>
+
+The total number of connections handled by slapd since it
+started.
+
+E: dtablesize: <integer>
+
+The size of slapd's file descriptor table.
+
+E: writewaiters: <integer>
+
+The number of threads blocked waiting to write data to a
+client.
+
+E: readwaiters: <integer>
+
+The number of threads blocked waiting to read data from a
+client.
+
+E: opsinitiated: <integer>
+
+The total number of operations initiated by slapd since it
+started.
+
+E: opscompleted: <integer>
+
+The total number of operations completed by slapd since it
+started.
+
+E: entriessent: <integer>
+
+The total number of entries sent to clients by slapd since it
+started.
+
+E: bytessent: <integer>
+
+The total number of bytes sent to clients by slapd since it
+started.
+
+E: currenttime: <UTC time>
+
+Slapd's idea of the current time.
+
+E: starttime: <integer>
+
+The time slapd was started.
+
+E: nbackends: <integer>
+
+The number of backends currently being served by slapd.
+
+E: concurrency: <integer>
+
+Under Solaris 2.x only, an indication of the current level of
+thread concurrency.
+
+Note that slapd takes a snapshot of this information and
+returns it to you. No attempt is made to ensure that the
+information is consistent (i.e., if an operation thread is
+modifying one of these things when the monitor thread is
+reading it, strange results could be returned).
+
+You should be able to use any LDAP client to retrieve this
+information. Here's how you might do it using the
+{{I: ldapsearch}}(1) client:
+
+E: ldapsearch -x -s base -b cn=monitor 'objectclass=*'
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/preface.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/preface.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/preface.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,72 @@
+# $OpenLDAP: pkg/openldap-guide/admin/preface.sdf,v 1.24.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+#
+
+P1: Preface
+
+
+# document's copyright
+P2[notoc] Copyright
+
+Copyright 1998-2005, The {{ORG[expand]OLF}}, {{All Rights Reserved}}.
+
+Copyright 1992-1996, Regents of the {{ORG[expand]UM}}, {{All Rights Reserved}}.
+
+This document is considered a part of OpenLDAP Software. This
+document is subject to terms of conditions set forth in {{SECT:OpenLDAP
+Software Copyright Notices}} and the {{SECT:OpenLDAP Public License}}.
+Complete copies of the notices and associated license can be found
+in Appendix B and C, respectively.
+
+
+P2[notoc] Scope of this Document
+
+This document provides a guide for installing [[DOC_NAME]]
+({{URL:http://www.openldap.org/software/}})
+on {{TERM:UNIX}} (and UNIX-like) systems. The document is aimed at
+experienced system administrators but who may not have prior experience
+operating {{TERM:LDAP}}-based directory software.
+
+This document is meant to be used in conjunction with other OpenLDAP
+information resources provided with the software package and on
+the project's extensive site ({{URL:http://www.OpenLDAP.org/}}) on
+the World Wide Web. The site makes available a number of resources.
+
+!block table; align=Center; coltags="N,URL"; \
+ title="OpenLDAP Resources"
+Resource|URL
+Document Catalog|http://www.OpenLDAP.org/doc/
+Frequently Asked Questions|http://www.OpenLDAP.org/faq/
+Issue Tracking System|http://www.OpenLDAP.org/its/
+Mailing Lists|http://www.OpenLDAP.org/lists/
+Software Pages|http://www.OpenLDAP.org/software/
+Support Pages|http://www.OpenLDAP.org/support/
+!endblock
+
+
+P2[notoc] Acknowledgments
+
+The {{ORG[expand]OLP}} is comprised of a team of volunteers. This document
+would not be possible without their contribution of time and energy.
+
+The OpenLDAP Project would also like to thank the {{ORG[expand]UMLDAP}}
+for building the foundation of LDAP software and information to
+which OpenLDAP Software is built upon. This document is based upon
+U-Mich LDAP document: {{The SLAPD and SLURPD Administrators Guide}}.
+
+
+P2[notoc] Amendments
+
+Suggested enhancements and corrections to this document should
+be submitted using the {{ORG:OpenLDAP}}
+{{{{TERM[expand]ITS}}}} ({{URL: http://www.openldap.org/its/}}).
+
+
+P2[notoc] About this document
+
+This document was produced using the {{Simple Document Format}}
+({{URL:http://search.cpan.org/src/IANC/sdf-2.001/doc/}}) documentation
+system developed by {{Ian Clatworthy}}. Tools for {{SDF}} are
+available from CPAN ({{URL:http://search.cpan.org/search?query=SDF}}).
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/proxycache.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/proxycache.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/proxycache.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,148 @@
+# $OpenLDAP: pkg/openldap-guide/admin/proxycache.sdf,v 1.8.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 2003-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: The Proxy Cache Engine
+
+LDAP servers typically hold one or more subtrees of a DIT. Replica
+(or shadow) servers hold shadow copies of entries held by one or
+more master servers. Changes are propagated from the master server
+to replica (slave) servers using LDAP Sync or {{slurpd}}(8). An
+LDAP cache is a special type of replica which holds entries
+corresponding to search filters instead of subtrees.
+
+H2: Overview
+
+The proxy cache extension of slapd is designed to improve the
+responseiveness of the ldap and meta backends. It handles a search
+request (query)
+by first determining whether it is contained in any cached search
+filter. Contained requests are answered from the proxy cache's local
+database. Other requests are passed on to the underlying ldap or
+meta backend and processed as usual.
+
+E.g. {{EX:(shoesize>=9)}} is contained in {{EX:(shoesize>=8)}} and
+{{EX:(sn=Richardson)}} is contained in {{EX:(sn=Richards*)}}
+
+Correct matching rules and syntaxes are used while comparing
+assertions for query containment. To simplify the query containment
+problem, a list of cacheable "templates" (defined below) is specified
+at configuration time. A query is cached or answered only if it
+belongs to one of these templates. The entries corresponding to
+cached queries are stored in the proxy cache local database while
+its associated meta information (filter, scope, base, attributes)
+is stored in main memory.
+
+A template is a prototype for generating LDAP search requests.
+Templates are described by a prototype search filter and a list of
+attributes which are required in queries generated from the template.
+The representation for prototype filter is similar to RFC 2254,
+except that the assertion values are missing. Examples of prototype
+filters are: (sn=),(&(sn=)(givenname=)) which are instantiated by
+search filters (sn=Doe) and (&(sn=Doe)(givenname=John)) respectively.
+
+The cache replacement policy removes the least recently used (LRU)
+query and entries belonging to only that query. Queries are allowed
+a maximum time to live (TTL) in the cache thus providing weak
+consistency. A background task periodically checks the cache for
+expired queries and removes them.
+
+The Proxy Cache paper
+({{URL:http://www.openldap.org/pub/kapurva/proxycaching.pdf}}) provides
+design and implementation details.
+
+
+H2: Proxy Cache Configuration
+
+The cache configuration specific directives described below must
+appear after a {{EX:overlay proxycache}} directive within a
+{{EX:"database meta"}} or {{EX:database ldap}} section of
+the server's {{slapd.conf}}(5) file.
+
+H3: Setting cache parameters
+
+> proxyCache <DB> <maxentries> <nattrsets> <entrylimit> <period>
+
+This directive enables proxy caching and sets general cache parameters.
+The <DB> parameter specifies which underlying database is to be
+used to hold cached entries. It should be set to {{EX:bdb}},
+{{EX:hdb}}, or {{EX:ldbm}}. The <maxentries> parameter specifies
+the total number of entries which may be held in the cache. The
+<nattrsets> parameter specifies the total number of attribute sets
+(as specified by the {{EX:proxyAttrSet}} directive) that may be defined.
+The <entrylimit> parameter specifies the maximum number of entries
+in a cachable query. The <period> specifies the consistency
+check period (in seconds). In each period, queries with expired
+TTLs are removed.
+
+H3: Defining attribute sets
+
+> proxyAttrset <index> <attrs...>
+
+Used to associate a set of attributes to an index. Each attribute
+set is associated with an index number from 0 to <numattrsets>-1.
+These indices are used by the proxyTemplate directive to define
+cacheable templates.
+
+H3: Specifying cacheable templates
+
+> proxyTemplate <prototype_string> <attrset_index> <TTL>
+
+Specifies a cacheable template and the "time to live" (in sec) <TTL>
+for queries belonging to the template. A template is described by
+its prototype filter string and set of required attributes identified
+by <attrset_index>.
+
+
+H3: Example
+
+An example {{slapd.conf}}(5) database section for a caching server
+which proxies for the {{EX:"dc=example,dc=com"}} subtree held
+at server {{EX:ldap.example.com}}.
+
+> database ldap
+> suffix "dc=example,dc=com"
+> rootdn "dc=example,dc=com"
+> uri ldap://ldap.example.com/dc=example%2cdc=com
+> overlay proxycache
+> proxycache bdb 100000 1 1000 100
+> proxyAttrset 0 mail postaladdress telephonenumber
+> proxyTemplate (sn=) 0 3600
+> proxyTemplate (&(sn=)(givenName=)) 0 3600
+> proxyTemplate (&(departmentNumber=)(secretary=*)) 0 3600
+>
+> cachesize 20
+> directory ./testrun/db.2.a
+> index objectClass eq
+> index cn,sn,uid,mail pres,eq,sub
+
+
+H4: Cacheable Queries
+
+A LDAP search query is cacheable when its filter matches one of the
+templates as defined in the "proxyTemplate" statements and when it references
+only the attributes specified in the corresponding attribute set.
+In the example above the attribute set number 0 defines that only the
+attributes: {{EX:mail postaladdress telephonenumber}} are cached for the following
+proxyTemplates.
+
+H4: Examples:
+
+> Filter: (&(sn=Richard*)(givenName=jack))
+> Attrs: mail telephoneNumber
+
+ is cacheable, because it matches the template {{EX:(&(sn=)(givenName=))}} and its
+ attributes are contained in proxyAttrset 0.
+
+> Filter: (&(sn=Richard*)(telephoneNumber))
+> Attrs: givenName
+
+ is not cacheable, because the filter does not match the template,
+ nor is the attribute givenName stored in the cache
+
+> Filter: (|(sn=Richard*)(givenName=jack))
+> Attrs: mail telephoneNumber
+
+ is not cacheable, because the filter does not match the template ( logical
+ OR "|" condition instead of logical AND "&" )
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/quickstart.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/quickstart.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/quickstart.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,278 @@
+# $OpenLDAP: pkg/openldap-guide/admin/quickstart.sdf,v 1.43.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: A Quick-Start Guide
+
+The following is a quick start guide to [[DOC_NAME]],
+including the stand-alone LDAP daemon, {{slapd}}(8).
+
+It is meant to walk you through the basic steps needed to install
+and configure OpenLDAP Software. It should be used in conjunction
+with the other chapters of this document, manual pages, and other
+materials provided with the distribution (e.g. the {{F:INSTALL}}
+document) or on the OpenLDAP web site (in particular, the OpenLDAP
+Software {{TERM:FAQ}}).
+
+If you intend to run OpenLDAP Software seriously, you should review
+all of this document before attempting to install the software.
+
+Note: This quick start guide does not use strong authentication
+nor any integrity or confidential protection services. These
+services are described in other chapters of the OpenLDAP Administrator's
+Guide.
+
+
+.{{S: }}
+^{{B: Get the software}}
+
+. You can obtain a copy of the software by following the
+instructions on the OpenLDAP download page
+({{URL: http://www.openldap.org/software/download/}}). It is
+recommended that new users start with the latest {{release}}.
+
+
+.{{S: }}
++{{B: Unpack the distribution}}
+
+.Pick a directory for the source to live under, change
+directory to there, and unpack the distribution using the
+following commands:
+
+..{{EX:gunzip -c openldap-VERSION.tgz | tar xvfB -}}
+
+. then relocate yourself into the distribution directory:
+
+..{{EX:cd openldap-VERSION}}
+
+. You'll have to replace {{F:VERSION}} with the version
+name of the release.
+
+
+.{{S: }}
++{{B: Review documentation}}
+
+. You should now review the {{F:COPYRIGHT}}, {{F:LICENSE}},
+{{F:README}} and {{F:INSTALL}} documents provided with the distribution.
+The {{F:COPYRIGHT}} and {{F:LICENSE}} provide information on
+acceptable use, copying, and limitation of warranty of OpenLDAP
+software.
+
+.{{S: }}
+. You should also review other chapters of this document.
+In particular, the {{SECT:Building and Installing OpenLDAP Software}}
+chapter of this document provides detailed information on prerequisite
+software and installation procedures.
+
+
+.{{S: }}
++{{B: Run {{EX:configure}}}}
+
+. You will need to run the provided {{EX:configure}} script to
+{{configure}} the distribution for building on your system. The
+{{EX:configure}} script accepts many command line options that enable or
+disable optional software features. Usually the defaults are okay,
+but you may want to change them. To get a complete list of options
+that {{EX:configure}} accepts, use the {{EX:--help}} option:
+
+..{{EX:./configure --help}}
+
+. However, given that you are using this guide, we'll assume you
+are brave enough to just let {{EX:configure}} determine
+what's best:
+
+..{{EX:./configure}}
+
+. Assuming {{EX:configure}} doesn't dislike your system, you can
+proceed with building the software. If {{EX:configure}} did
+complain, well, you'll likely need to go to the FAQ Installation
+Section ({{URL:http://www.openldap.org/faq/}} and/or actually
+read the {{SECT:Building and Installing OpenLDAP Software}}
+chapter of this document.
+
+
+.{{S: }}
++{{B:Build the software}}.
+
+. The next step is to build the software. This step has two
+parts, first we construct dependencies and then we compile the
+software:
+
+..{{EX:make depend}}
+..{{EX:make}}
+
+
+. Both makes should complete without error.
+
+
+.{{S: }}
++{{B:Test the build}}.
+
+. To ensure a correct build, you should run the test suite
+(it only takes a few minutes):
+
+..{{EX:make test}}
+
+. Tests which apply to your configuration will run and they
+should pass. Some tests, such as the replication test, may
+be skipped.
+
+
+.{{S: }}
++{{B:Install the software}}.
+
+. You are now ready to install the software; this usually requires
+{{super-user}} privileges:
+
+..{{EX:su root -c 'make install'}}
+
+. Everything should now be installed under {{F:/usr/local}} (or
+whatever installation prefix was used by {{EX:configure}}).
+
+
+.{{S: }}
++{{B:Edit the configuration file}}.
+
+. Use your favorite editor to edit the provided {{slapd.conf}}(5)
+example (usually installed as {{F:/usr/local/etc/openldap/slapd.conf}})
+to contain a BDB database definition of the form:
+
+..{{EX:database bdb}}
+..{{EX:suffix "dc=<MY-DOMAIN>,dc=<COM>"}}
+..{{EX:rootdn "cn=Manager,dc=<MY-DOMAIN>,dc=<COM>"}}
+..{{EX:rootpw secret}}
+..{{EX:directory /usr/local/var/openldap-data}}
+
+. Be sure to replace {{EX:<MY-DOMAIN>}} and {{EX:<COM>}} with
+the appropriate domain components of your domain name. For
+example, for {{EX:example.com}}, use:
+
+..{{EX:database bdb}}
+..{{EX:suffix "dc=example,dc=com"}}
+..{{EX:rootdn "cn=Manager,dc=example,dc=com"}}
+..{{EX:rootpw secret}}
+..{{EX:directory /usr/local/var/openldap-data}}
+
+.If your domain contains additional components, such as
+{{EX:eng.uni.edu.eu}}, use:
+
+..{{EX:database bdb}}
+..{{EX:suffix "dc=eng,dc=uni,dc=edu,dc=eu"}}
+..{{EX:rootdn "cn=Manager,dc=eng,dc=uni,dc=edu,dc=eu"}}
+..{{EX:rootpw secret}}
+..{{EX:directory /usr/local/var/openldap-data}}
+
+. Details regarding configuring {{slapd}}(8) can be found
+in the {{slapd.conf}}(5) manual page and the {{SECT:The slapd
+Configuration File}} chapter of this document. Note that the
+specified directory must exist prior to starting {{slapd}}(8).
+
+
+.{{S: }}
++{{B:Start SLAPD}}.
+
+. You are now ready to start the stand-alone LDAP server, {{slapd}}(8),
+by running the command:
+
+..{{EX:su root -c /usr/local/libexec/slapd}}
+
+
+. To check to see if the server is running and configured correctly,
+you can run a search against it with {{ldapsearch}}(1). By default,
+ldapsearch is installed as {{F:/usr/local/bin/ldapsearch}}:
+
+..{{EX:ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts}}
+
+. Note the use of single quotes around command parameters to prevent
+special characters from being interpreted by the shell. This should return:
+
+..{{EX:dn:}}
+..{{EX:namingContexts: dc=example,dc=com}}
+
+. Details regarding running {{slapd}}(8) can be found
+in the {{slapd}}(8) manual page and the
+{{SECT:Running slapd}} chapter of this document.
+
+
+.{{S: }}
++{{B:Add initial entries to your directory}}.
+
+. You can use {{ldapadd}}(1) to add entries to your LDAP directory.
+{{ldapadd}} expects input in LDIF form. We'll do it in two steps:
+
+^^ create an LDIF file
+++ run ldapadd
+
+. Use your favorite editor and create an LDIF file that contains:
+
+..{{EX:dn: dc=<MY-DOMAIN>,dc=<COM>}}
+..{{EX:objectclass: dcObject}}
+..{{EX:objectclass: organization}}
+..{{EX:o: <MY ORGANIZATION>}}
+..{{EX:dc: <MY-DOMAIN>}}
+..{{EX:}}
+..{{EX:dn: cn=Manager,dc=<MY-DOMAIN>,dc=<COM>}}
+..{{EX:objectclass: organizationalRole}}
+..{{EX:cn: Manager}}
+
+. Be sure to replace {{EX:<MY-DOMAIN>}} and {{EX:<COM>}} with the
+appropriate domain components of your domain name. {{EX:<MY
+ORGANIZATION>}} should be replaced with the name of your organization.
+When you cut and paste, be sure to trim any leading and trailing
+whitespace from the example.
+
+..{{EX:dn: dc=example,dc=com}}
+..{{EX:objectclass: dcObject}}
+..{{EX:objectclass: organization}}
+..{{EX:o: Example Company}}
+..{{EX:dc: example}}
+..{{EX:}}
+..{{EX:dn: cn=Manager,dc=example,dc=com}}
+..{{EX:objectclass: organizationalRole}}
+..{{EX:cn: Manager}}
+
+. Now, you may run {{ldapadd}}(1) to insert these entries into
+your directory.
+
+..{{EX:ldapadd -x -D "cn=Manager,dc=<MY-DOMAIN>,dc=<COM>" -W -f example.ldif}}
+
+. Be sure to replace {{EX:<MY-DOMAIN>}} and {{EX:<COM>}} with the
+appropriate domain components of your domain name. You will be
+prompted for the "{{EX:secret}}" specified in {{F:slapd.conf}}.
+For example, for {{EX:example.com}}, use:
+
+..{{EX:ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif}}
+
+. where {{F:example.ldif}} is the file you created above.
+..{{EX: }}
+. Additional information regarding directory creation can be found
+in the {{SECT:Database Creation and Maintenance Tools}} chapter of
+this document.
+
+.{{S: }}
++{{B:See if it works}}.
+
+. Now we're ready to verify the added entries are in your directory.
+You can use any LDAP client to do this, but our example uses the
+{{ldapsearch}}(1) tool. Remember to replace {{EX:dc=example,dc=com}}
+with the correct values for your site:
+
+..{{EX:ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'}}
+
+. This command will search for and retrieve every entry in the database.
+
+You are now ready to add more entries using {{ldapadd}}(1) or
+another LDAP client, experiment with various configuration options,
+backend arrangements, etc..
+
+Note that by default, the {{slapd}}(8) database grants {{read access
+to everybody}} excepting the {{super-user}} (as specified by the
+{{EX:rootdn}} configuration directive). It is highly recommended
+that you establish controls to restrict access to authorized users.
+Access controls are discussed in the {{SECT:Access Control}} section
+of {{SECT:The slapd Configuration File}} chapter. You are also
+encouraged to read the {{SECT:Security Considerations}}, {{SECT:Using
+SASL}} and {{SECT:Using TLS}} sections.
+
+The following chapters provide more detailed information on making,
+installing, and running {{slapd}}(8).
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/referrals.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/referrals.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/referrals.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,134 @@
+# $OpenLDAP: pkg/openldap-guide/admin/referrals.sdf,v 1.24.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: Constructing a Distributed Directory Service
+
+For many sites, running one or more {{slapd}}(8) that hold an
+entire subtree of data is sufficient. But often it is desirable
+to have one {{slapd}} refer to other directory services for a
+certain part of the tree (which may or may not be running {{slapd}}).
+
+!if 0
+{{slapd}} supports {{subordinate}}, {{immediate superior}},
+and {{superior}} knowledge information.
+!else
+{{slapd}} supports {{subordinate}} and {{superior}} knowledge information.
+Subordinate knowledge information is held in {{EX:referral}}
+objects ({{REF:RFC3296}}).
+!endif
+
+
+H2: Subordinate Knowledge Information
+
+Subordinate knowledge information may be provided to delegate
+a subtree.
+Subordinate knowledge information is maintained in the directory
+as a special {{referral}} object at the delegate point.
+The referral object acts as a delegation point, gluing two services
+together.
+This mechanism allows for hierarchical directory services to be
+constructed.
+
+A referral object has a structural object class of
+{{EX:referral}} and has the same {{TERM[expand]DN}} as the
+delegated subtree. Generally, the referral object will also
+provide the auxiliary object class {{EX:extensibleObject}}.
+This allows the entry to contain appropriate {{TERM[expand]RDN}}
+values. This is best demonstrated by example.
+
+If the server {{EX:a.example.net}} holds {{EX:dc=example,dc=net}}
+and wished to delegate the subtree {{EX:ou=subtree,dc=example,dc=net}}
+to another server {{EX:b.example.net}}, the following named referral
+object would be added to {{EX:a.example.net}}:
+
+> dn: dc=subtree,dc=example,dc=net
+> objectClass: referral
+> objectClass: extensibleObject
+> dc: subtree
+> ref: ldap://b.example.net/dc=subtree,dc=example,dc=net
+
+The server uses this information to generate referrals and
+search continuations to subordinate servers.
+
+For those familiar with X.500, a {{named referral}} object is
+similar to an X.500 knowledge reference held in a {{subr}}
+{{TERM:DSE}}.
+
+
+!if 0
+H2: Immediate Superior Knowledge Information
+
+Immediate superior knowledge information may be provided in the
+entry at the root of a delegated subtree. The knowledge information
+is contained with {{EX:ref}} operational attribute.
+
+Extending the example above, a {{ref}} attribute can be added
+to the entry {{EX:dc=subtree,dc=example,dc=net}} in server B indicating
+that A holds the immediate superior naming context.
+
+> dn: dc=subtree,dc=example,dc=net
+> changetype: modify
+> add: ref
+> ref: ldap://a.example.net/
+
+The server uses this information to generate referrals to
+management operations.
+
+For those familiar with X.500, this use of the {{EX:ref}} attribute
+is similar to an X.500 knowledge reference held in a
+{{immSupr}} {{TERM:DSE}}.
+!endif
+
+
+H2: Superior Knowledge Information
+
+Superior knowledge information may be specified using the {{EX:referral}}
+directive. The value is a list of {{TERM:URI}}s referring to
+superior directory services. For servers without immediate superiors,
+such as for {{EX:a.example.net}} in the example above, the server
+can be configured to use a directory service with {{global knowledge}},
+such as the {{OpenLDAP Root Service}}
+({{URL:http://www.openldap.org/faq/index.cgi?file=393}}).
+
+> referral ldap://root.openldap.org/
+
+However, as {{EX:a.example.net}} is the {{immediate superior}}
+to {{EX:b.example.net}}, {{b.example.net}} would be configured
+as follows:
+
+> referral ldap://a.example.net/
+
+The server uses this information to generate referrals for
+operations acting upon entries not within or subordinate
+to any of the naming contexts held by the server.
+
+For those familiar with X.500, this use of the {{EX:ref}} attribute
+is similar to an X.500 knowledge reference held in a
+{{Supr}} {{TERM:DSE}}.
+
+
+H2: The ManageDsaIT Control
+
+Adding, modifying, and deleting referral objects is generally done
+using {{ldapmodify}}(1) or similar tools which support the ManageDsaIT
+control. The ManageDsaIT control informs the server that you intend
+to manage the referral object as a regular entry. This keeps the
+server from sending a referral result for requests which interrogate
+or update referral objects.
+
+The ManageDsaIT control should not be specified when managing regular
+entries.
+
+The {{EX:-M}} option of {{ldapmodify}}(1) (and other tools) enables
+ManageDsaIT. For example:
+
+> ldapmodify -M -f referral.ldif -x -D "cn=Manager,dc=example,dc=net" -W
+
+or with {{ldapsearch}}(1):
+
+> ldapsearch -M -b "dc=example,dc=net" -x "(objectclass=referral)" '*' ref
+
+Note: the {{EX:ref}} attribute is operational and must be explicitly
+requested when desired in search results.
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/replication.gif
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-2.3.35/doc/guide/admin/replication.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/replication.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/replication.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/replication.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,351 @@
+# $OpenLDAP: pkg/openldap-guide/admin/replication.sdf,v 1.30.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+H1: Replication with slurpd
+
+In certain configurations, a single {{slapd}}(8) instance may be
+insufficient to handle the number of clients requiring
+directory service via LDAP. It may become necessary to
+run more than one slapd instance. At many sites,
+for instance, there are multiple slapd servers: one
+master and one or more slaves. {{TERM:DNS}} can be setup such that
+a lookup of {{EX:ldap.example.com}} returns the {{TERM:IP}} addresses
+of these servers, distributing the load among them (or
+just the slaves). This master/slave arrangement provides
+a simple and effective way to increase capacity, availability
+and reliability.
+
+{{slurpd}}(8) provides the capability for a master slapd to
+propagate changes to slave slapd instances,
+implementing the master/slave replication scheme
+described above. slurpd runs on the same host as the
+master slapd instance.
+
+
+
+H2: Overview
+
+{{slurpd}}(8) provides replication services "in band". That is, it
+uses the LDAP protocol to update a slave database from
+the master. Perhaps the easiest way to illustrate this is
+with an example. In this example, we trace the propagation
+of an LDAP modify operation from its initiation by the LDAP
+client to its distribution to the slave slapd instance.
+
+
+{{B: Sample replication scenario:}}
+
+^ The LDAP client submits an LDAP modify operation to
+the slave slapd.
+
++ The slave slapd returns a referral to the LDAP
+client referring the client to the master slapd.
+
++ The LDAP client submits the LDAP modify operation to
+the master slapd.
+
++ The master slapd performs the modify operation,
+writes out the change to its replication log file and returns
+a success code to the client.
+
++ The slurpd process notices that a new entry has
+been appended to the replication log file, reads the
+replication log entry, and sends the change to the slave
+slapd via LDAP.
+
++ The slave slapd performs the modify operation and
+returns a success code to the slurpd process.
+
+
+Note: {{ldapmodify}}(1) and other clients distributed as part of
+OpenLDAP Software do not support automatic referral chasing
+(for security reasons).
+
+
+
+H2: Replication Logs
+
+When slapd is configured to generate a replication logfile, it
+writes out a file containing {{TERM:LDIF}} change records. The
+replication log gives the replication site(s), a timestamp, the DN
+of the entry being modified, and a series of lines which specify
+the changes to make. In the example below, Barbara ({{EX:uid=bjensen}})
+has replaced the {{EX:description}} value. The change is to be
+propagated to the slapd instance running on {{EX:slave.example.net}}
+Changes to various operational attributes, such as {{EX:modifiersName}}
+and {{EX:modifyTimestamp}}, are included in the change record and
+will be propagated to the slave slapd.
+
+> replica: slave.example.com:389
+> time: 809618633
+> dn: uid=bjensen,dc=example,dc=com
+> changetype: modify
+> replace: multiLineDescription
+> description: A dreamer...
+> -
+> replace: modifiersName
+> modifiersName: uid=bjensen,dc=example,dc=com
+> -
+> replace: modifyTimestamp
+> modifyTimestamp: 20000805073308Z
+> -
+
+The modifications to {{EX:modifiersName}} and {{EX:modifyTimestamp}}
+operational attributes were added by the master {{slapd}}.
+
+
+
+H2: Command-Line Options
+
+This section details commonly used {{slurpd}}(8) command-line options.
+
+> -d <level> | ?
+
+This option sets the slurpd debug level to {{EX: <level>}}. When
+level is a `?' character, the various debugging levels are printed
+and slurpd exits, regardless of any other options you give it.
+Current debugging levels (a subset of slapd's debugging levels) are
+
+!block table; colaligns="RL"; align=Center; \
+ title="Table 13.1: Debugging Levels"
+Level Description
+4 heavy trace debugging
+64 configuration file processing
+65535 enable all debugging
+!endblock
+
+Debugging levels are additive. That is, if you want heavy trace
+debugging and want to watch the config file being processed, you
+would set level to the sum of those two levels (in this case, 68).
+
+> -f <filename>
+
+This option specifies an alternate slapd configuration file. Slurpd
+does not have its own configuration file. Instead, all configuration
+information is read from the slapd configuration file.
+
+> -r <filename>
+
+This option specifies an alternate slapd replication log file.
+Under normal circumstances, slurpd reads the name of the slapd
+replication log file from the slapd configuration file. However,
+you can override this with the -r flag, to cause slurpd to process
+a different replication log file. See the {{SECT:Advanced slurpd
+Operation}} section for a discussion of how you might use this
+option.
+
+> -o
+
+Operate in "one-shot" mode. Under normal circumstances, when slurpd
+finishes processing a replication log, it remains active and
+periodically checks to see if new entries have been added to the
+replication log. In one-shot mode, by comparison, slurpd processes
+a replication log and exits immediately. If the -o option is given,
+the replication log file must be explicitly specified with the -r
+option. See the {{SECT:One-shot mode and reject files}} section
+for a discussion of this mode.
+
+> -t <directory>
+
+Specify an alternate directory for slurpd's temporary copies of
+replication logs. The default location is {{F:/usr/tmp}}.
+
+
+H2: Configuring slurpd and a slave slapd instance
+
+To bring up a replica slapd instance, you must configure the master
+and slave slapd instances for replication, then shut down the master
+slapd so you can copy the database. Finally, you bring up the master
+slapd instance, the slave slapd instance, and the slurpd instance.
+These steps are detailed in the following sections. You can set up
+as many slave slapd instances as you wish.
+
+
+H3: Set up the master {{slapd}}
+
+The following section assumes you have a properly working {{slapd}}(8)
+instance. To configure your working {{slapd}}(8) server as a
+replication master, you need to make the following changes to your
+{{slapd.conf}}(5).
+
+^ Add a {{EX:replica}} directive for each replica. The {{EX:binddn=}}
+parameter should match the {{EX:updatedn}} option in the corresponding
+slave slapd configuration file, and should name an entry with write
+permission to the slave database (e.g., an entry allowed access via
+{{EX:access}} directives in the slave slapd configuration file).
+This DN generally {{should not}} be the same as the master's
+{{EX:rootdn}}.
+
++ Add a {{EX:replogfile}} directive, which tells slapd where to log
+changes. This file will be read by slurpd.
+
+
+H3: Set up the slave {{slapd}}
+
+Install the slapd software on the host which is to be the slave
+slapd server. The configuration of the slave server should be
+identical to that of the master, with the following exceptions:
+
+^ Do not include a {{EX:replica}} directive. While it is possible
+to create "chains" of replicas, in most cases this is inappropriate.
+
++ Do not include a {{EX:replogfile}} directive.
+
++ Do include an {{EX:updatedn}} line. The DN given should match the
+DN given in the {{EX:binddn=}} parameter of the corresponding
+{{EX:replica=}} directive in the master slapd config file. The
+{{EX:updatedn}} generally {{should not}} be the same as the
+{{EX:rootdn}} of the master database.
+
++ Make sure the DN given in the {{EX:updatedn}} directive has
+permission to write the database (e.g., it is is allowed {{EX:access}}
+by one or more access directives).
+
++ Use the {{EX:updateref}} directive to define the URL the slave
+should return if an update request is received.
+
+
+H3: Shut down the master server
+
+In order to ensure that the slave starts with an exact copy of the
+master's data, you must shut down the master slapd. Do this by
+sending the master slapd process an interrupt signal with
+{{EX:kill -INT <pid>}}, where {{EX:<pid>}} is the process-id of the master
+slapd process.
+
+If you like, you may restart the master slapd in read-only mode
+while you are replicating the database. During this time, the master
+slapd will return an "unwilling to perform" error to clients that
+attempt to modify data.
+
+
+H3: Copy the master slapd's database to the slave
+
+Copy the master's database(s) to the slave. For an {{TERM:BDB}} and
+{{TERM:LDBM}} databases, you must copy all database files located
+in the database {{EX:directory}} specified in {{slapd.conf}}(5).
+In general, you should copy each file found in the database {{EX:
+directory}} unless you know it is not used by {{slapd}}(8).
+
+Note: This copy process assumes homogeneous servers with identically
+configured OpenLDAP installations. Alternatively, you may use
+{{slapcat}} to output the master's database in LDIF format and use
+the LDIF with {{slapadd}} to populate the slave. Using LDIF avoids
+any potential incompatibilities due to differing server architectures
+or software configurations. See the {{SECT:Database Creation and
+Maintenance Tools}} chapter for details on these tools.
+
+
+H3: Configure the master slapd for replication
+
+To configure slapd to generate a replication logfile, you add a
+"{{EX: replica}}" configuration option to the master slapd's config
+file. For example, if we wish to propagate changes to the slapd
+instance running on host {{EX:slave.example.com}}:
+
+> replica uri=ldap://slave.example.com:389
+> binddn="cn=Replicator,dc=example,dc=com"
+> bindmethod=simple credentials=secret
+
+In this example, changes will be sent to port 389 (the standard
+LDAP port) on host slave.example.com. The slurpd process will bind
+to the slave slapd as "{{EX:cn=Replicator,dc=example,dc=com}}" using
+simple authentication with password "{{EX:secret}}".
+
+If we wish to perform the same replication using ldaps on port 636:
+
+> replica uri=ldaps://slave.example.com:636
+> binddn="cn=Replicator,dc=example,dc=com"
+> bindmethod=simple credentials=secret
+
+The host option is deprecated in favor of uri, but the following
+replica configuration is still supported:
+
+> replica host=slave.example.com:389
+> binddn="cn=Replicator,dc=example,dc=com"
+> bindmethod=simple credentials=secret
+
+Note that the DN given by the {{EX:binddn=}} directive must exist
+in the slave slapd's database (or be the rootdn specified in the
+slapd config file) in order for the bind operation to succeed. The
+DN should also be listed as the {{EX:updatedn}} for the database
+in the slave's slapd.conf(5). It is generally recommended that
+this DN be different than the {{EX:rootdn}} of the master database.
+
+Note: The use of strong authentication and transport security is
+highly recommended.
+
+
+H3: Restart the master slapd and start the slave slapd
+
+Restart the master slapd process. To check that it is
+generating replication logs, perform a modification of any
+entry in the database, and check that data has been
+written to the log file.
+
+
+H3: Start slurpd
+
+Start the slurpd process. Slurpd should immediately send
+the test modification you made to the slave slapd. Watch
+the slave slapd's logfile to be sure that the modification
+was sent.
+
+> slurpd -f <masterslapdconfigfile>
+
+
+
+H2: Advanced slurpd Operation
+
+H3: Replication errors
+
+When slurpd propagates a change to a slave slapd and receives an
+error return code, it writes the reason for the error and the
+replication record to a reject file. The reject file is located in
+the same directory as the per-replica replication logfile, and has
+the same name, but with the string "{{F:.rej}}" appended. For
+example, for a replica running on host {{EX:slave.example.com}},
+port 389, the reject file, if it exists, will be named
+
+> /usr/local/var/openldap/replog.slave.example.com:389.rej
+
+A sample rejection log entry follows:
+
+> ERROR: No such attribute
+> replica: slave.example.com:389
+> time: 809618633
+> dn: uid=bjensen,dc=example,dc=com
+> changetype: modify
+> replace: description
+> description: A dreamer...
+> -
+> replace: modifiersName
+> modifiersName: uid=bjensen,dc=example,dc=com
+> -
+> replace: modifyTimestamp
+> modifyTimestamp: 20000805073308Z
+> -
+
+Note that this is precisely the same format as the original replication
+log entry, but with an {{EX:ERROR}} line prepended to the entry.
+
+
+
+H3: One-shot mode and reject files
+
+It is possible to use slurpd to process a rejection log with its
+"one-shot mode." In normal operation, slurpd watches for more
+replication records to be appended to the replication log file. In
+one-shot mode, by contrast, slurpd processes a single log file and
+exits. Slurpd ignores {{EX:ERROR}} lines at the beginning of
+replication log entries, so it's not necessary to edit them out
+before feeding it the rejection log.
+
+To use one-shot mode, specify the name of the rejection log on the
+command line as the argument to the -r flag, and specify one-shot
+mode with the -o flag. For example, to process the rejection log
+file {{F:/usr/local/var/openldap/replog.slave.example.com:389}} and
+exit, use the command
+
+> slurpd -r /usr/tmp/replog.slave.example.com:389 -o
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/runningslapd.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/runningslapd.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/runningslapd.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,123 @@
+# $OpenLDAP: pkg/openldap-guide/admin/runningslapd.sdf,v 1.15.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+H1: Running slapd
+
+{{slapd}}(8) is designed to be run as a stand-alone server. This allows
+the server to take advantage of caching, manage concurrency issues
+with underlying databases, and conserve system resources. Running
+from {{inetd}}(8) is {{NOT}} an option.
+
+
+H2: Command-Line Options
+
+{{slapd}}(8) supports a number of command-line options as detailed
+in the manual page. This section details a few commonly used options.
+
+> -f <filename>
+
+This option specifies an alternate configuration file for slapd.
+The default is normally {{F:/usr/local/etc/openldap/slapd.conf}}.
+
+> -h <URLs>
+
+This option specifies alternative listener configurations. The
+default is {{EX:ldap:///}} which implies LDAP over TCP on all
+interfaces on the default LDAP port 389. You can specify
+specific host-port pairs or other protocol schemes (such as
+ldaps:// or ldapi://). For example,
+{{EX:-h "ldaps:// ldap://127.0.0.1:666"}} will create
+two listeners: one for LDAP over SSL on all interfaces on
+the default LDAP/SSL port 636, and one for LDAP over TCP on
+the {{EX:localhost}} ({{loopback}}) interface on port 666.
+Hosts may be specified using IPv4 dotted-decimal form or
+using host names. Port values must be numeric.
+
+> -n <service-name>
+
+This option specifies the service name used for logging and
+other purposes. The default service name is {{EX:slapd}}.
+
+> -l <syslog-local-user>
+
+This option specifies the local user for the {{syslog}}(8)
+facility. Values can be {{EX:LOCAL0}}, {{EX:LOCAL1}}, {{EX:LOCAL2}}, ...,
+and {{EX:LOCAL7}}. The default is {{EX:LOCAL4}}. This option
+may not be supported on all systems.
+
+> -u user -g group
+
+These options specify the user and group, respectively, to run
+as. {{EX:user}} can be either a user name or uid. {{EX:group}}
+can be either a group name or gid.
+
+> -r directory
+
+This option specifies a run-time directory. slapd will
+{{chroot}}(2) to this directory after opening listeners but
+before reading any configuration files or initializing
+any backends.
+.
+
+> -d <level> | ?
+
+This option sets the slapd debug level to <level>. When level is a
+`?' character, the various debugging levels are printed and slapd
+exits, regardless of any other options you give it. Current
+debugging levels are
+
+!block table; colaligns="RL"; align=Center; \
+ title="Table 6.1: Debugging Levels"
+Level Description
+-1 enable all debugging
+0 no debugging
+1 trace function calls
+2 debug packet handling
+4 heavy trace debugging
+8 connection management
+16 print out packets sent and received
+32 search filter processing
+64 configuration file processing
+128 access control list processing
+256 stats log connections/operations/results
+512 stats log entries sent
+1024 print communication with shell backends
+2048 print entry parsing debugging
+!endblock
+
+You may enable multiple levels by specifying the debug option
+once for each desired level. Or, since debugging levels are
+additive, you can do the math yourself. That is, if you want
+to trace function calls and watch the config file being
+processed, you could set level to the sum of those two levels
+(in this case, {{EX: -d 65}}). Or, you can let slapd do the
+math, (e.g. {{EX: -d 1 -d 64}}). Consult {{F: <ldap_log.h>}} for
+more details.
+
+Note: slapd must have been compiled with {{EX:-DLDAP_DEBUG}}
+defined for any debugging information beyond the two stats levels
+to be available.
+
+
+H2: Starting slapd
+
+In general, slapd is run like this:
+
+> /usr/local/etc/libexec/slapd [<option>]*
+
+where {{F:/usr/local/etc/libexec}} is determined by {{EX:configure}}
+and <option> is one of the options described above (or in {{slapd}}(8)).
+Unless you have specified a debugging level (including level {{EX:0}}),
+slapd will automatically fork and detach itself from its controlling
+terminal and run in the background.
+
+H2: Stopping slapd
+
+To kill off slapd safely, you should give a command like this
+
+> kill -INT `cat /usr/local/var/slapd.pid`
+
+where {{F:/usr/local/var}} is determined by {{EX:configure}}.
+
+Killing slapd by a more drastic method may cause information
+loss or database corruption.
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/sasl.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/sasl.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/sasl.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,688 @@
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: Using SASL
+
+OpenLDAP clients and servers are capable of authenticating via the
+{{TERM[expand]SASL}} ({{TERM:SASL}}) framework, which is detailed
+in {{REF:RFC2222}}. This chapter describes how to make use of
+SASL in OpenLDAP.
+
+There are several industry standard authentication mechanisms that
+can be used with SASL, including {{TERM:GSSAPI}} for {{TERM:Kerberos}}
+V, DIGEST-MD5, and PLAIN and EXTERNAL for use with {{TERM[expand]TLS}}
+(TLS).
+
+The standard client tools provided with OpenLDAP Software, such as
+{{ldapsearch}}(1) and {{ldapmodify}}(1), will by default attempt
+to authenticate the user to the {{slapd}}(8) server using SASL.
+Basic authentication service can be set up by the LDAP administrator
+with a few steps, allowing users to be authenticated to the slapd
+server as their LDAP entry. With a few extra steps, some users and
+services can be allowed to exploit SASL's proxy authorization
+feature, allowing them to authenticate themselves and then switch
+their identity to that of another user or service.
+
+This chapter assumes you have read {{Cyrus SASL for System
+Administrators}}, provided with the {{PRD:Cyrus}} {{PRD:SASL}}
+package (in {{FILE:doc/sysadmin.html}}) and have a working Cyrus
+SASL installation. You should use the Cyrus SASL {{EX:sample_client}}
+and {{EX:sample_server}} to test your SASL installation before
+attempting to make use of it with OpenLDAP Software.
+
+Note that in the following text the term {{user}} is used to describe
+a person or application entity who is connecting to the LDAP server
+via an LDAP client, such as {{ldapsearch}}(1). That is, the term
+{{user}} not only applies to both an individual using an LDAP client,
+but to an application entity which issues LDAP client operations
+without direct user control. For example, an e-mail server which
+uses LDAP operations to access information held in an LDAP server
+is an application entity.
+
+
+H2: SASL Security Considerations
+
+SASL offers many different authentication mechanisms. This section
+briefly outlines security considerations.
+
+Some mechanisms, such as PLAIN and LOGIN, offer no greater security
+over LDAP {{simple}} authentication. Like LDAP {{simple}}
+authentication, such mechanisms should not be used unless you have
+adequate security protections in place. It is recommended that
+these mechanisms be used only in conjunction with {{TERM[expand]TLS}}
+(TLS). Use of PLAIN and LOGIN are not discussed further in this
+document.
+
+The DIGEST-MD5 mechanism is the mandatory-to-implement authentication
+mechanism for LDAPv3. Though DIGEST-MD5 is not a strong authentication
+mechanism in comparison with trusted third party authentication
+systems (such as Kerberos or public key systems), it does offer
+significant protections against a number of attacks. Unlike the
+CRAM-MD5 mechanism, it prevents chosen plaintext attacks. DIGEST-MD5
+is favored over the use of plaintext password mechanisms. The
+CRAM-MD5 mechanism is deprecated in favor of DIGEST-MD5. Use of
+{{SECT:DIGEST-MD5}} is discussed below.
+
+The GSSAPI mechanism utilizes Kerberos V to provide secure
+authentication services. The KERBEROS_V4 mechanism is available
+for those using Kerberos IV. Kerberos is viewed as a secure,
+distributed authentication system suitable for both small and large
+enterprises. Use of {{SECT:GSSAPI}} and {{SECT:KERBEROS_V4}} are
+discussed below.
+
+The EXTERNAL mechanism utilizes authentication services provided
+by lower level network services such as {{TERM:TLS}} (TLS). When
+used in conjunction with {{TERM:TLS}} {{TERM:X.509}}-based public
+key technology, EXTERNAL offers strong authentication. Use of
+EXTERNAL is discussed in the {{SECT:Using TLS}} chapter.
+
+There are other strong authentication mechanisms to choose from,
+including {{TERM:OTP}} (one time passwords) and {{TERM:SRP}} (secure
+remote passwords). These mechanisms are not discussed in this
+document.
+
+
+H2: SASL Authentication
+
+Getting basic SASL authentication running involves a few steps.
+The first step configures your slapd server environment so
+that it can communicate with client programs using the security
+system in place at your site. This usually involves setting up a
+service key, a public key, or other form of secret. The second step
+concerns mapping authentication identities to LDAP DN's, which
+depends on how entries are laid out in your directory. An explanation
+of the first step will be given in the next section using Kerberos
+V4 as an example mechanism. The steps necessary for your site's
+authentication mechanism will be similar, but a guide to every
+mechanism available under SASL is beyond the scope of this chapter.
+The second step is described in the section
+{{SECT:Mapping Authentication Identities}}.
+
+
+H3: GSSAPI
+
+This section describes the use of the SASL GSSAPI mechanism and
+Kerberos V with OpenLDAP. It will be assumed that you have Kerberos
+V deployed, you are familiar with the operation of the system, and
+that your users are trained in its use. This section also assumes
+you have familiarized yourself with the use of the GSSAPI mechanism
+by reading {{Configuring GSSAPI and Cyrus SASL}} (provided with
+Cyrus SASL in the {{FILE:doc/gssapi}} file) and successfully
+experimented with the Cyrus provided {{EX:sample_server}} and
+{{EX:sample_client}} applications. General information about
+Kerberos is available at {{URL:http://web.mit.edu/kerberos/www/}}.
+
+To use the GSSAPI mechanism with {{slapd}}(8) one must create a service
+key with a principal for {{ldap}} service within the realm for the host
+on which the service runs. For example, if you run {{slapd}} on
+{{EX:directory.example.com}} and your realm is {{EX:EXAMPLE.COM}},
+you need to create a service key with the principal:
+
+> ldap/directory.example.com at EXAMPLE.COM
+
+When {{slapd}}(8) runs, it must have access to this key. This is
+generally done by placing the key into a keytab file,
+{{FILE:/etc/krb5.keytab}}. See your Kerberos and Cyrus SASL
+documentation for information regarding keytab location settings.
+
+To use the GSSAPI mechanism to authenticate to the directory, the
+user obtains a Ticket Granting Ticket (TGT) prior to running the
+LDAP client. When using OpenLDAP client tools, the user may mandate
+use of the GSSAPI mechanism by specifying {{EX:-Y GSSAPI}} as a
+command option.
+
+For the purposes of authentication and authorization, {{slapd}}(8)
+associates an authentication request DN of the form:
+
+> uid=<primary[/instance]>,cn=<realm>,cn=gssapi,cn=auth
+
+Continuing our example, a user with the Kerberos principal
+{{EX:kurt at EXAMPLE.COM}} would have the associated DN:
+
+> uid=kurt,cn=example.com,cn=gssapi,cn=auth
+
+and the principal {{EX:ursula/admin at FOREIGN.REALM}} would have the
+associated DN:
+
+> uid=ursula/admin,cn=foreign.realm,cn=gssapi,cn=auth
+
+
+The authentication request DN can be used directly ACLs and
+{{EX:groupOfNames}} "member" attributes, since it is of legitimate
+LDAP DN format. Or alternatively, the authentication DN could be
+mapped before use. See the section {{SECT:Mapping Authentication
+Identities}} for details.
+
+
+H3: KERBEROS_V4
+
+This section describes the use of the SASL KERBEROS_V4 mechanism
+with OpenLDAP. It will be assumed that you are familiar with the
+workings of the Kerberos IV security system, and that your site has
+Kerberos IV deployed. Your users should be familiar with
+authentication policy, how to receive credentials in
+a Kerberos ticket cache, and how to refresh expired credentials.
+
+Note: KERBEROS_V4 and Kerberos IV are deprecated in favor of GSSAPI
+and Kerberos V.
+
+Client programs will need to be able to obtain a session key for
+use when connecting to your LDAP server. This allows the LDAP server
+to know the identity of the user, and allows the client to know it
+is connecting to a legitimate server. If encryption layers are to
+be used, the session key can also be used to help negotiate that
+option.
+
+The slapd server runs the service called "{{ldap}}", and the server
+will require a srvtab file with a service key. SASL aware client
+programs will be obtaining an "ldap" service ticket with the user's
+ticket granting ticket (TGT), with the instance of the ticket
+matching the hostname of the OpenLDAP server. For example, if your
+realm is named {{EX:EXAMPLE.COM}} and the slapd server is running
+on the host named {{EX:directory.example.com}}, the {{FILE:/etc/srvtab}}
+file on the server will have a service key
+
+> ldap.directory at EXAMPLE.COM
+
+When an LDAP client is authenticating a user to the directory using
+the KERBEROS_IV mechanism, it will request a session key for that
+same principal, either from the ticket cache or by obtaining a new
+one from the Kerberos server. This will require the TGT to be
+available and valid in the cache as well. If it is not present or
+has expired, the client may print out the message:
+
+> ldap_sasl_interactive_bind_s: Local error
+
+When the service ticket is obtained, it will be passed to the LDAP
+server as proof of the user's identity. The server will extract
+the identity and realm out of the service ticket using SASL
+library calls, and convert them into an {{authentication request
+DN}} of the form
+
+> uid=<username>,cn=<realm>,cn=<mechanism>,cn=auth
+
+So in our above example, if the user's name were "adamson", the
+authentication request DN would be:
+
+> uid=adamsom,cn=example.com,cn=kerberos_v4,cn=auth
+
+This authentication request DN can be used directly ACLs or,
+alternatively, mapped prior to use. See the section {{SECT:Mapping
+Authentication Identities}} for details.
+
+
+H3: DIGEST-MD5
+
+This section describes the use of the SASL DIGEST-MD5 mechanism
+using secrets stored either in the directory itself or in Cyrus
+SASL's own database. DIGEST-MD5 relies on the client and the server
+sharing a "secret", usually a password. The server generates a
+challenge and the client a response proving that it knows the shared
+secret. This is much more secure than simply sending the secret
+over the wire.
+
+Cyrus SASL supports several shared-secret mechanisms. To do this,
+it needs access to the plaintext password (unlike mechanisms which
+pass plaintext passwords over the wire, where the server can store
+a hashed version of the password).
+
+The server's copy of the shared-secret may be stored in Cyrus SASL's
+own {{sasldb}} database, in an external system accessed via
+{{saslauthd}}, or in LDAP database itself. In either case it is
+very important to apply file access controls and LDAP access controls
+to prevent exposure of the passwords. The configuration and commands
+discussed in this section assume the use of Cyrus SASL 2.1.
+
+To use secrets stored in {{sasldb}}, simply add users with the
+{{saslpasswd2}} command:
+
+> saslpasswd2 -c <username>
+
+The passwords for such users must be managed with the {{saslpasswd2}}
+command.
+
+To use secrets stored in the LDAP directory, place plaintext passwords
+in the {{EX:userPassword}} attribute. It will be necessary to add
+an option to {{EX:slapd.conf}} to make sure that passwords set using
+the LDAP Password Modify Operation are stored in plaintext:
+
+> password-hash {CLEARTEXT}
+
+Passwords stored in this way can be managed either with {{ldappasswd}}(1)
+or by simply modifying the {{EX:userPassword}} attribute. Regardless of
+where the passwords are stored, a mapping will be needed from
+authentication request DN to user's DN.
+
+The DIGEST-MD5 mechanism produces authentication IDs of the form:
+
+> uid=<username>,cn=<realm>,cn=digest-md5,cn=auth
+
+If the default realm is used, the realm name is omitted from the ID,
+giving:
+
+> uid=<username>,cn=digest-md5,cn=auth
+
+See {{SECT: Mapping Authentication Identities}} below for information
+on optional mapping of identities.
+
+With suitable mappings in place, users can specify SASL IDs when
+performing LDAP operations and sldb}} and the directory itself will
+be used to verify the authentication. For example, the user
+identified by the directory entry:
+
+> dn: cn=Andrew Findlay+uid=u000997,dc=example,dc=com
+> objectclass: inetOrgPerson
+> objectclass: person
+> sn: Findlay
+> uid: u000997
+> userPassword: secret
+
+can issue commands of the form:
+
+> ldapsearch -Y DIGEST-MD5 -U u000997 ...
+
+Note: in each of the above cases, no authorization identity (e.g.
+{{EX:-X}}) was provided. Unless you are attempting {{SECT:SASL
+Proxy Authorization}}, no authorization identity should be specified.
+The server will infer an authorization identity from authentication
+identity (as described below).
+
+
+H3: Mapping Authentication Identities
+
+The authentication mechanism in the slapd server will use SASL
+library calls to obtain the authenticated user's "username", based
+on whatever underlying authentication mechanism was used. This
+username is in the namespace of the authentication mechanism, and
+not in the normal LDAP namespace. As stated in the sections above,
+that username is reformatted into an authentication request DN of
+the form
+
+> uid=<username>,cn=<realm>,cn=<mechanism>,cn=auth
+
+or
+
+> uid=<username>,cn=<mechanism>,cn=auth
+
+depending on whether or not <mechanism> employs the concept of
+"realms". Note also that the realm part will be omitted if the
+default realm was used in the authentication.
+
+The {{ldapwhoami}}(1) command may be used to determine the identity
+associated with the user. It is very useful for determining proper
+function of mappings.
+
+It is not intended that you should add LDAP entries of the above
+form to your LDAP database. Chances are you have an LDAP entry for
+each of the persons that will be authenticating to LDAP, laid out
+in your directory tree, and the tree does not start at cn=auth.
+But if your site has a clear mapping between the "username" and an
+LDAP entry for the person, you will be able to configure your LDAP
+server to automatically map a authentication request DN to the
+user's {{authentication DN}}.
+
+Note: it is not required that the authentication request DN nor the
+user's authentication DN resulting from the mapping refer to an
+entry held in the directory. However, additional capabilities
+become available (see below).
+
+The LDAP administrator will need to tell the slapd server how to
+map an authentication request DN to a user's authentication DN.
+This is done by adding one or more {{EX:authz-regexp}} directives to
+the {{slapd.conf}}(5) file. This directive takes two arguments:
+
+> authz-regexp <search pattern> <replacement pattern>
+
+The authentication request DN is compared to the search pattern
+using the regular expression functions {{regcomp}}() and {{regexec}}(),
+and if it matches, it is rewritten as the replacement pattern. If
+there are multiple {{EX:authz-regexp}} directives, only the first
+whose search pattern matches the authentication identity is used.
+The string that is output from the replacement pattern should be
+the authentication DN of the user or an LDAP URL. If replacement
+string produces a DN, the entry named by this DN need not be held
+by this server. If the replace string produces an LDAP URL, that
+LDAP URL must evaluate to one and only one entry held by this server.
+
+The search pattern can contain any of the regular expression
+characters listed in {{regexec}}(3C). The main characters of note
+are dot ".", asterisk "*", and the open and close parenthesis "("
+and ")". Essentially, the dot matches any character, the asterisk
+allows zero or more repeats of the immediately preceding character
+or pattern, and terms in parenthesis are remembered for the replacement
+pattern.
+
+The replacement pattern will produce either a DN or URL refering
+to the user. Anything from the authentication request DN that
+matched a string in parenthesis in the search pattern is stored in
+the variable "$1". That variable "$1" can appear in the replacement
+pattern, and will be replaced by the string from the authentication
+request DN. If there were multiple sets of parentheses in the search
+pattern, the variables $2, $3, etc are used.
+
+H3: Direct Mapping
+
+Where possible, direct mapping of the authentication request DN to
+the user's DN is generally recommended. Aside from avoiding the
+expense of searching for the user's DN, it allows mapping to
+DNs which refer to entries not held by this server.
+
+Suppose the authentication request DN is written as:
+
+> uid=adamson,cn=example.com,cn=gssapi,cn=auth
+
+and the user's actual LDAP entry is:
+
+> uid=adamson,ou=people,dc=example,dc=com
+
+then the following {{EX:authz-regexp}} directive in {{slapd.conf}}(5)
+would provide for direct mapping.
+
+> authz-regexp
+> uid=([^,]*),cn=example.com,cn=gssapi,cn=auth
+> uid=$1,ou=people,dc=example,dc=com
+
+An even more lenient rule could be written as
+
+> authz-regexp
+> uid=([^,]*),cn=[^,]*,cn=auth
+> uid=$1,ou=people,dc=example,dc=com
+
+Be careful about setting the search pattern too leniently, however,
+since it may mistakenly allow persons to become authenticated as a
+DN to which they should not have access. It is better to write
+several strict directives than one lenient directive which has
+security holes. If there is only one authentication mechanism in
+place at your site, and zero or one realms in use, you might be
+able to map between authentication identities and LDAP DN's with a
+single {{EX:authz-regexp}} directive.
+
+Don't forget to allow for the case where the realm is omitted as
+well as the case with an explicitly specified realm. This may well
+require a separate {{EX:authz-regexp}} directive for each case, with
+the explicit-realm entry being listed first.
+
+H3: Search-based mappings
+
+There are a number of cases where mapping to a LDAP URL may be
+appropriate. For instance, some sites may have person objects
+located in multiple areas of the LDAP tree, such as if there were
+an {{EX:ou=accounting}} tree and an {{EX:ou=engineering}} tree,
+with persons interspersed between them. Or, maybe the desired
+mapping must be based upon information in the user's information.
+Consider the need to map the above authentication request DN to
+user whose entry is as follows:
+
+> dn: cn=Mark Adamson,ou=People,dc=Example,dc=COM
+> objectclass: person
+> cn: Mark Adamson
+> uid: adamson
+
+The information in the authentication request DN is insufficient
+to allow the user's DN to be directly derived, instead the user's
+DN must be searched for. For these situations, a replacement pattern
+which produces a LDAP URL can be used in the {{EX:authz-regexp}}
+directives. This URL will then be used to perform an internal
+search of the LDAP database to find the person's authentication DN.
+
+An LDAP URL, similar to other URL's, is of the form
+
+> ldap://<host>/<base>?<attrs>?<scope>?<filter>
+
+This contains all of the elements necessary to perform an LDAP
+search: the name of the server <host>, the LDAP DN search base
+<base>, the LDAP attributes to retrieve <attrs>, the search scope
+<scope> which is one of the three options "base", "one", or "sub",
+and lastly an LDAP search filter <filter>. Since the search is for
+an LDAP DN within the current server, the <host> portion should be
+empty. The <attrs> field is also ignored since only the DN is of
+concern. These two elements are left in the format of the URL to
+maintain the clarity of what information goes where in the string.
+
+Suppose that the person in the example from above did in fact have
+an authentication username of "adamson" and that information was
+kept in the attribute "uid" in their LDAP entry. The {{EX:authz-regexp}}
+directive might be written as
+
+> authz-regexp
+> uid=([^,]*),cn=example.com,cn=gssapi,cn=auth
+> ldap:///ou=people,dc=example,dc=com??one?(uid=$1)
+
+This will initiate an internal search of the LDAP database inside
+the slapd server. If the search returns exactly one entry, it is
+accepted as being the DN of the user. If there are more than one
+entries returned, or if there are zero entries returned, the
+authentication fails and the user's connection is left bound as the
+authentication request DN.
+
+The attributes that are used in the search filter <filter> in the
+URL should be indexed to allow faster searching. If they are not,
+the authentication step alone can take uncomfortably long periods,
+and users may assume the server is down.
+
+A more complex site might have several realms in use, each mapping
+to a different subtree in the directory. These can be handled with
+statements of the form:
+
+> # Match Engineering realm
+> authz-regexp
+> uid=([^,]*),cn=engineering.example.com,cn=digest-md5,cn=auth
+> ldap:///dc=eng,dc=example,dc=com??one?(&(uid=$1)(objectClass=person))
+>
+> # Match Accounting realm
+> authz-regexp
+> uid=([^,].*),cn=accounting.example.com,cn=digest-md5,cn=auth
+> ldap:///dc=accounting,dc=example,dc=com??one?(&(uid=$1)(objectClass=person))
+>
+> # Default realm is customers.example.com
+> authz-regexp
+> uid=([^,]*),cn=digest-md5,cn=auth
+> ldap:///dc=customers,dc=example,dc=com??one?(&(uid=$1)(objectClass=person))
+
+Note that the explicitly-named realms are handled first, to avoid
+the realm name becoming part of the UID. Also note the use of scope
+and filters to limit matching to desirable entries.
+
+See {{slapd.conf}}(5) for more detailed information.
+
+
+H2: SASL Proxy Authorization
+
+The SASL offers a feature known as {{proxy authorization}}, which
+allows an authenticated user to request that they act on the behalf
+of another user. This step occurs after the user has obtained an
+authentication DN, and involves sending an authorization identity
+to the server. The server will then make a decision on whether or
+not to allow the authorization to occur. If it is allowed, the
+user's LDAP connection is switched to have a binding DN derived
+from the authorization identity, and the LDAP session proceeds with
+the access of the new authorization DN.
+
+The decision to allow an authorization to proceed depends on the
+rules and policies of the site where LDAP is running, and thus
+cannot be made by SASL alone. The SASL library leaves it up to the
+server to make the decision. The LDAP administrator sets the
+guidelines of who can authorize to what identity by adding information
+into the LDAP database entries. By default, the authorization
+features are disabled, and must be explicitly configured by the
+LDAP administrator before use.
+
+
+H3: Uses of Proxy Authorization
+
+This sort of service is useful when one entity needs to act on the
+behalf of many other users. For example, users may be directed to
+a web page to make changes to their personal information in their
+LDAP entry. The users authenticate to the web server to establish
+their identity, but the web server CGI cannot authenticate to the
+LDAP server as that user to make changes for them. Instead, the
+web server authenticates itself to the LDAP server as a service
+identity, say,
+
+> cn=WebUpdate,dc=example,dc=com
+
+and then it will SASL authorize to the DN of the user. Once so
+authorized, the CGI makes changes to the LDAP entry of the user,
+and as far as the slapd server can tell for its ACLs, it is the
+user themself on the other end of the connection. The user could
+have connected to the LDAP server directly and authenticated as
+themself, but that would require the user to have more knowledge
+of LDAP clients, knowledge which the web page provides in an easier
+format.
+
+Proxy authorization can also be used to limit access to an account
+that has greater access to the database. Such an account, perhaps
+even the root DN specified in {{slapd.conf}}(5), can have a strict
+list of people who can authorize to that DN. Changes to the LDAP
+database could then be only allowed by that DN, and in order to
+become that DN, users must first authenticate as one of the persons
+on the list. This allows for better auditing of who made changes
+to the LDAP database. If people were allowed to authenticate
+directly to the priviliged account, possibly through the {{EX:rootpw}}
+{{slapd.conf}}(5) directive or through a {{EX:userPassword}}
+attribute, then auditing becomes more difficult.
+
+Note that after a successful proxy authorization, the original
+authentication DN of the LDAP connection is overwritten by the new
+DN from the authorization request. If a service program is able to
+authenticate itself as its own authentication DN and then authorize
+to other DN's, and it is planning on switching to several different
+identities during one LDAP session, it will need to authenticate
+itself each time before authorizing to another DN (or use a different
+proxy authorization mechanism). The slapd server does not keep
+record of the service program's ability to switch to other DN's.
+On authentication mechanisms like Kerberos this will not require
+multiple connections being made to the Kerberos server, since the
+user's TGT and "ldap" session key are valid for multiple uses for
+the several hours of the ticket lifetime.
+
+
+H3: SASL Authorization Identities
+
+The SASL authorization identity is sent to the LDAP server via the
+{{EX:-X}} switch for {{ldapsearch}}(1) and other tools, or in the
+{{EX:*authzid}} parameter to the {{lutil_sasl_defaults}}() call.
+The identity can be in one of two forms, either
+
+> u:<username>
+
+or
+
+> dn:<dn>
+
+In the first form, the <username> is from the same namespace as
+the authentication identities above. It is the user's username as
+it is refered to by the underlying authentication mechanism.
+Authorization identities of this form are converted into a DN format
+by the same function that the authentication process used, producing
+an {{authorization request DN}} of the form
+
+> uid=<username>,cn=<realm>,cn=<mechanism>,cn=auth
+
+That authorization request DN is then run through the same
+{{EX:authz-regexp}} process to convert it into a legitimate authorization
+DN from the database. If it cannot be converted due to a failed
+search from an LDAP URL, the authorization request fails with
+"inappropriate access". Otherwise, the DN string is now a legitimate
+authorization DN ready to undergo approval.
+
+If the authorization identity was provided in the second form, with
+a {{EX:"dn:"}} prefix, the string after the prefix is already in
+authorization DN form, ready to undergo approval.
+
+
+H3: Proxy Authorization Rules
+
+Once slapd has the authorization DN, the actual approval process
+begins. There are two attributes that the LDAP administrator can
+put into LDAP entries to allow authorization:
+
+> authzTo
+> authzFrom
+
+Both can be multivalued. The {{EX:authzTo}} attribute is a
+source rule, and it is placed into the entry associated with the
+authentication DN to tell what authorization DNs the authenticated
+DN is allowed to assume. The second attribute is a destination
+rule, and it is placed into the entry associated with the requested
+authorization DN to tell which authenticated DNs may assume it.
+
+The choice of which authorization policy attribute to use is up to
+the administrator. Source rules are checked first in the person's
+authentication DN entry, and if none of the {{EX:authzTo}} rules
+specify the authorization is permitted, the {{EX:authzFrom}}
+rules in the authorization DN entry are then checked. If neither
+case specifies that the request be honored, the request is denied.
+Since the default behaviour is to deny authorization requests, rules
+only specify that a request be allowed; there are no negative rules
+telling what authorizations to deny.
+
+The value(s) in the two attributes are of the same form as the
+output of the replacement pattern of a {{EX:authz-regexp}} directive:
+either a DN or an LDAP URL. For example, if a {{EX:authzTo}}
+value is a DN, that DN is one the authenticated user can authorize
+to. On the other hand, if the {{EX:authzTo}} value is an LDAP
+URL, the URL is used as an internal search of the LDAP database,
+and the authenticated user can become ANY DN returned by the search.
+If an LDAP entry looked like:
+
+> dn: cn=WebUpdate,dc=example,dc=com
+> authzTo: ldap:///dc=example,dc=com??sub?(objectclass=person)
+
+then any user who authenticated as {{EX:cn=WebUpdate,dc=example,dc=com}}
+could authorize to any other LDAP entry under the search base
+{{EX:dc=example,dc=com}} which has an objectClass of {{EX:Person}}.
+
+
+H4: Notes on Proxy Authorization Rules
+
+An LDAP URL in a {{EX:authzTo}} or {{EX:authzFrom}} attribute
+will return a set of DNs. Each DN returned will be checked. Searches
+which return a large set can cause the authorization process to
+take an uncomfortably long time. Also, searches should be performed
+on attributes that have been indexed by slapd.
+
+To help produce more sweeping rules for {{EX:authzFrom}} and
+{{EX:authzTo}}, the values of these attributes are allowed to
+be DNs with regular expression characters in them. This means a
+source rule like
+
+> authzTo: uid=[^,]*,dc=example,dc=com
+
+would allow that authenticated user to authorize to any DN that
+matches the regular expression pattern given. This regular expression
+comparison can be evaluated much faster than an LDAP search for
+{{EX:(uid=*)}}.
+
+Also note that the values in an authorization rule must be one of
+the two forms: an LDAP URL or a DN (with or without regular expression
+characters). Anything that does not begin with "{{EX:ldap://}}" is
+taken as a DN. It is not permissable to enter another authorization
+identity of the form "{{EX:u:<username>}}" as an authorization rule.
+
+
+H4: Policy Configuration
+
+The decision of which type of rules to use, {{EX:authzFrom}}
+or {{EX:authzTo}}, will depend on the site's situation. For
+example, if the set of people who may become a given identity can
+easily be written as a search filter, then a single destination
+rule could be written. If the set of people is not easily defined
+by a search filter, and the set of people is small, it may be better
+to write a source rule in the entries of each of those people who
+should be allowed to perform the proxy authorization.
+
+By default, processing of proxy authorization rules is disabled.
+The {{EX:authz-policy}} directive must be set in the
+{{slapd.conf}}(5) file to enable authorization. This directive can
+be set to {{EX:none}} for no rules (the default), {{EX:to}} for
+source rules, {{EX:from}} for destination rules, or {{EX:both}} for
+both source and destination rules.
+
+Destination rules are extremely powerful. If ordinary users have
+access to write the {{EX:authzTo}} attribute in their own
+entries, then they can write rules that would allow them to authorize
+as anyone else. As such, when using destination rules, the
+{{EX:authzTo}} attribute should be protected with an ACL that
+only allows privileged users to set its values.
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/schema.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/schema.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/schema.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,499 @@
+# $OpenLDAP: pkg/openldap-guide/admin/schema.sdf,v 1.39.2.3 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: Schema Specification
+
+This chapter describes how to extend the user schema used by
+{{slapd}}(8). The chapter assumes the reader is familar with the
+{{TERM:LDAP}}/{{TERM:X.500}} information model.
+
+The first section, {{SECT:Distributed Schema Files}} details optional
+schema definitions provided in the distribution and where to obtain
+other definitions.
+The second section, {{SECT:Extending Schema}}, details how to define
+new schema items.
+!if 0
+The third section, {{SECT:Transferring Schema}} details how you can
+export schema definitions from an LDAPv3 server and transform it
+to {{slapd.conf}}(5) format.
+!endif
+
+This chapter does not discuss how to extend system schema used by
+{{slapd}}(8) as this requires source code modification. System
+schema includes all operational attribute types or any object class
+which allows or requires an operational attribute (directly or
+indirectly).
+
+
+H2: Distributed Schema Files
+
+OpenLDAP is distributed with a set of schema specifications for
+your use. Each set is defined in a file suitable for inclusion
+(using the {{EX:include}} directive) in your {{slapd.conf}}(5)
+file. These schema files are normally installed in the
+{{F:/usr/local/etc/openldap/schema}} directory.
+
+!block table; colaligns="LR"; coltags="F,N"; align=Center; \
+ title="Table 8.1: Provided Schema Specifications"
+File Description
+core.schema OpenLDAP {{core}} (required)
+cosine.schema Cosine and Internet X.500 (useful)
+inetorgperson.schema InetOrgPerson (useful)
+misc.schema Assorted (experimental)
+nis.schema Network Information Services (FYI)
+openldap.schema OpenLDAP Project (experimental)
+!endblock
+
+To use any of these schema files, you only need to include the
+desired file in the global definitions portion of your
+{{slapd.conf}}(5) file. For example:
+
+> # include schema
+> include /usr/local/etc/openldap/schema/core.schema
+> include /usr/local/etc/openldap/schema/cosine.schema
+> include /usr/local/etc/openldap/schema/inetorgperson.schema
+
+Additional files may be available. Please consult the OpenLDAP
+FAQ ({{URL:http://www.openldap.org/faq/}}).
+
+Note: You should not modify any of the schema items defined
+in provided files.
+
+
+H2: Extending Schema
+
+Schema used by {{slapd}}(8) may be extended to support additional
+syntaxes, matching rules, attribute types, and object classes. This
+chapter details how to add user application attribute types and
+object classes using the syntaxes and matching rules already supported
+by slapd. slapd can also be extended to support additional syntaxes,
+matching rules and system schema, but this requires some programming
+and hence is not discussed here.
+
+There are five steps to defining new schema:
+^ obtain Object Identifer
++ choose a name prefix
++ create local schema file
++ define custom attribute types (if necessary)
++ define custom object classes
+
+
+H3: Object Identifiers
+
+Each schema element is identified by a globally unique {{TERM[expand]OID}}
+(OID). OIDs are also used to identify other objects. They are
+commonly found in protocols described by {{TERM:ASN.1}}. In
+particular, they are heavily used by the {{TERM[expand]SNMP}} (SNMP).
+As OIDs are hierarchical, your organization can obtain one OID and
+branch it as needed. For example, if your organization were assigned
+OID {{EX:1.1}}, you could branch the tree as follows:
+
+!block table; colaligns="LR"; coltags="EX,N"; align=Center; \
+ title="Table 8.2: Example OID hierarchy"
+OID Assignment
+1.1 Organization's OID
+1.1.1 SNMP Elements
+1.1.2 LDAP Elements
+1.1.2.1 AttributeTypes
+1.1.2.1.1 myAttribute
+1.1.2.2 ObjectClasses
+1.1.2.2.1 myObjectClass
+!endblock
+
+You are, of course, free to design a hierarchy suitable to your
+organizational needs under your organization's OID. No matter what
+hierarchy you choose, you should maintain a registry of assignments
+you make. This can be a simple flat file or something more
+sophisticated such as the {{OpenLDAP OID Registry}}
+({{URL:http://www.openldap.org/faq/index.cgi?file=197}}).
+
+For more information about Object Identifers (and a listing service)
+see {{URL:http://www.alvestrand.no/harald/objectid/}}.
+
+.{{Under no circumstances should you hijack OID namespace!}}
+
+To obtain a registered OID at {{no cost}}, apply for an OID under
+the {{ORG[expand]IANA}} (IANA) maintained {{Private Enterprise}}
+arc. Any private enterprise (organization) may request an OID to
+be assigned under this arc. Just fill out the {{ORG:IANA}} form
+at {{URL: http://www.iana.org/cgi-bin/enterprise.pl}} and your
+official OID will be sent to you usually within a few days. Your
+base OID will be something like {{EX:1.3.6.1.4.1.X}} where {{EX:X}}
+is an integer.
+
+Note: Don't let the "MIB/SNMP" statement on the IANA page confuse
+you. OIDs obtained using this form may be used for any purpose
+including identifying LDAP schema elements.
+
+Alternatively, OID name space may be available from a national
+authority (e.g., {{ORG:ANSI}}, {{ORG:BSI}}).
+
+
+H3: Name Prefix
+
+In addition to assigning a unique object identifier to each schema
+element, you should provide a least one textual name for each
+element. The name should be both descriptive and not likely to
+clash with names of other schema elements. In particular, any name
+you choose should not clash with present or future Standard Track
+names.
+
+To reduce (but not eliminate) the potential for name clashes, the
+convention is to prefix names of non-Standard Track with a few
+letters to localize the changes to your organization. The smaller
+the organization, the longer your prefix should be.
+
+In the examples below, we have chosen a short prefix '{{EX:my}}'
+(to save space). Such a short prefix would only be suitable for a
+very large, global organization. In general, we recommend something
+like '{{EX:deFirm}}' (German company) or '{{EX:comExample}}' (elements
+associated with organization associated with {{EX:example.com}}).
+
+
+H3: Local schema file
+
+The {{EX:objectclass}} and {{EX:attributeTypes}} configuration file
+directives can be used to define schema rules on entries in the
+directory. It is customary to create a file to contain definitions
+of your custom schema items. We recommend you create a file
+{{F:local.schema}} in {{F:/usr/local/etc/openldap/schema/local.schema}}
+and then include this file in your {{slapd.conf}}(5) file immediately
+after other schema {{EX:include}} directives.
+
+> # include schema
+> include /usr/local/etc/openldap/schema/core.schema
+> include /usr/local/etc/openldap/schema/cosine.schema
+> include /usr/local/etc/openldap/schema/inetorgperson.schema
+> # include local schema
+> include /usr/local/etc/openldap/schema/local.schema
+
+
+H3: Attribute Type Specification
+
+The {{attributetype}} directive is used to define a new attribute
+type. The directive uses the same Attribute Type Description
+(as defined in {{REF:RFC2252}}) used by the attributeTypes
+attribute found in the subschema subentry, e.g.:
+
+E: attributetype <{{REF:RFC2252}} Attribute Type Description>
+
+where Attribute Type Description is defined by the following
+{{TERM:BNF}}:
+
+> AttributeTypeDescription = "(" whsp
+> numericoid whsp ; AttributeType identifier
+> [ "NAME" qdescrs ] ; name used in AttributeType
+> [ "DESC" qdstring ] ; description
+> [ "OBSOLETE" whsp ]
+> [ "SUP" woid ] ; derived from this other
+> ; AttributeType
+> [ "EQUALITY" woid ; Matching Rule name
+> [ "ORDERING" woid ; Matching Rule name
+> [ "SUBSTR" woid ] ; Matching Rule name
+> [ "SYNTAX" whsp noidlen whsp ] ; Syntax OID
+> [ "SINGLE-VALUE" whsp ] ; default multi-valued
+> [ "COLLECTIVE" whsp ] ; default not collective
+> [ "NO-USER-MODIFICATION" whsp ]; default user modifiable
+> [ "USAGE" whsp AttributeUsage ]; default userApplications
+> whsp ")"
+>
+> AttributeUsage =
+> "userApplications" /
+> "directoryOperation" /
+> "distributedOperation" / ; DSA-shared
+> "dSAOperation" ; DSA-specific, value depends on server
+>
+
+where whsp is a space ('{{EX: }}'), numericoid is a globally unique
+OID in dotted-decimal form (e.g. {{EX:1.1.0}}), qdescrs is one or
+more names, woid is either the name or OID optionally followed
+by a length specifier (e.g {{EX:{10}}}).
+
+For example, the attribute types {{EX:name}} and {{EX:cn}} are defined
+in {{F:core.schema}} as:
+
+> attributeType ( 2.5.4.41 NAME 'name'
+> DESC 'name(s) associated with the object'
+> EQUALITY caseIgnoreMatch
+> SUBSTR caseIgnoreSubstringsMatch
+> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+> attributeType ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+> DESC 'common name(s) assciated with the object'
+> SUP name )
+
+Notice that each defines the attribute's OID, provides a short name,
+and a brief description. Each name is an alias for the OID.
+{{slapd}}(8) returns the first listed name when returning results.
+
+The first attribute, {{EX:name}}, holds values of {{EX:directoryString}}
+(UTF-8 encoded Unicode) syntax. The syntax is specified by OID
+(1.3.6.1.4.1.1466.115.121.1.15 identifies the directoryString
+syntax). A length recommendation of 32768 is specified. Servers
+should support values of this length, but may support longer values
+The field does NOT specify a size constraint, so is ignored on
+servers (such as slapd) which don't impose such size limits. In
+addition, the equality and substring matching uses case ignore
+rules. Below are tables listing commonly used syntax and
+matching rules (OpenLDAP supports these and many more).
+
+!block table; align=Center; coltags="EX,EX,N"; \
+ title="Table 8.3: Commonly Used Syntaxes"
+Name OID Description
+boolean 1.3.6.1.4.1.1466.115.121.1.7 boolean value
+directoryString 1.3.6.1.4.1.1466.115.121.1.15 Unicode (UTF-8) string
+distinguishedName 1.3.6.1.4.1.1466.115.121.1.12 LDAP DN
+integer 1.3.6.1.4.1.1466.115.121.1.27 integer
+numericString 1.3.6.1.4.1.1466.115.121.1.36 numeric string
+OID 1.3.6.1.4.1.1466.115.121.1.38 object identifier
+octetString 1.3.6.1.4.1.1466.115.121.1.40 arbitary octets
+!endblock
+
+>
+
+!block table; align=Center; coltags="EX,N"; \
+ title="Table 8.4: Commonly Used Matching Rules"
+Name Type Description
+booleanMatch equality boolean
+caseIgnoreMatch equality case insensitive, space insensitive
+caseIgnoreOrderingMatch ordering case insensitive, space insensitive
+caseIgnoreSubstringsMatch substrings case insensitive, space insensitive
+caseExactMatch equality case sensitive, space insensitive
+caseExactOrderingMatch ordering case sensitive, space insensitive
+caseExactSubstringsMatch substrings case sensitive, space insensitive
+distinguishedNameMatch equality distinguished name
+integerMatch equality integer
+integerOrderingMatch ordering integer
+numericStringMatch equality numerical
+numericStringOrderingMatch ordering numerical
+numericStringSubstringsMatch substrings numerical
+octetStringMatch equality octet string
+octetStringOrderingStringMatch ordering octet string
+octetStringSubstringsStringMatch ordering octet string
+objectIdentiferMatch equality object identifier
+!endblock
+
+The second attribute, {{EX:cn}}, is a subtype of {{EX:name}} hence
+it inherits the syntax, matching rules, and usage of {{EX:name}}.
+{{EX:commonName}} is an alternative name.
+
+Neither attribute is restricted to a single value. Both are meant
+for usage by user applications. Neither is obsolete nor collective.
+
+The following subsections provide a couple of examples.
+
+
+H4: myUniqueName
+
+Many organizations maintain a single unique name for each user.
+Though one could use {{EX:displayName}} ({{REF:RFC2798}}), this
+attribute is really meant to be controlled by the user, not the
+organization. We could just copy the definition of {{EX:displayName}}
+from {{F:inetorgperson.schema}} and replace the OID, name, and
+description, e.g:
+
+> attributetype ( 1.1.2.1.1 NAME 'myUniqueName'
+> DESC 'unique name with my organization'
+> EQUALITY caseIgnoreMatch
+> SUBSTR caseIgnoreSubstringsMatch
+> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+> SINGLE-VALUE )
+
+However, if we want this name to be included in
+{{EX:name}} assertions [e.g. {{EX:(name=*Jane*)}}], the attribute
+could alternatively be defined as a subtype of {{EX:name}}, e.g.:
+
+> attributetype ( 1.1.2.1.1 NAME 'myUniqueName'
+> DESC 'unique name with my organization'
+> SUP name )
+
+
+H4: myPhoto
+
+Many organizations maintain a photo of each each user. A
+{{EX:myPhoto}} attribute type could be defined to hold a photo.
+Of course, one could use just use {{EX:jpegPhoto}} ({{REF:RFC2798}})
+(or a subtype) to hold the photo. However, you can only do
+this if the photo is in {{JPEG File Interchange Format}}.
+Alternatively, an attribute type which uses the {{Octet String}}
+syntax can be defined, e.g.:
+
+> attributetype ( 1.1.2.1.2 NAME 'myPhoto'
+> DESC 'a photo (application defined format)'
+> SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+> SINGLE-VALUE )
+
+In this case, the syntax doesn't specify the format of the photo.
+It's assumed (maybe incorrectly) that all applications accessing
+this attribute agree on the handling of values.
+
+If you wanted to support multiple photo formats, you could define
+a separate attribute type for each format, prefix the photo
+with some typing information, or describe the value using
+{{TERM:ASN.1}} and use the {{EX:;binary}} transfer option.
+
+Another alternative is for the attribute to hold a {{TERM:URI}}
+pointing to the photo. You can model such an attribute after
+{{EX:labeledURI}} ({{REF:RFC2079}}) or simply create a subtype,
+e.g.:
+
+> attributetype ( 1.1.2.1.3 NAME 'myPhotoURI'
+> DESC 'URI and optional label referring to a photo'
+> SUP labeledURI )
+
+
+H3: Object Class Specification
+
+The {{objectclasses}} directive is used to define a new object
+class. The directive uses the same Object Class Description
+(as defined in {{REF:RFC2252}}) used by the objectClasses
+attribute found in the subschema subentry, e.g.:
+
+E: objectclass <{{REF:RFC2252}} Object Class Description>
+
+where Object Class Description is defined by the following
+{{TERM:BNF}}:
+
+> ObjectClassDescription = "(" whsp
+> numericoid whsp ; ObjectClass identifier
+> [ "NAME" qdescrs ]
+> [ "DESC" qdstring ]
+> [ "OBSOLETE" whsp ]
+> [ "SUP" oids ] ; Superior ObjectClasses
+> [ ( "ABSTRACT" / "STRUCTURAL" / "AUXILIARY" ) whsp ]
+> ; default structural
+> [ "MUST" oids ] ; AttributeTypes
+> [ "MAY" oids ] ; AttributeTypes
+> whsp ")"
+
+where whsp is a space ('{{EX: }}'), numericoid is a globally unique
+OID in numeric form (e.g. {{EX:1.1.0}}), qdescrs is one or more
+names, and oids is one or more names and/or OIDs.
+
+
+H4: myPhotoObject
+
+To define an {{auxiliary}} object class which allows
+myPhoto to be added to any existing entry.
+
+> objectclass ( 1.1.2.2.1 NAME 'myPhotoObject'
+> DESC 'mixin myPhoto'
+> AUXILIARY
+> MAY myPhoto )
+
+
+H4: myPerson
+
+If your organization would like have a private {{structural}}
+object class to instantiate users, you can subclass one of
+the existing person classes, such as {{EX:inetOrgPerson}}
+({{REF:RFC2798}}), and add any additional attributes which
+you desire.
+
+> objectclass ( 1.1.2.2.2 NAME 'myPerson'
+> DESC 'my person'
+> SUP inetOrgPerson
+> MUST ( myUniqueName $ givenName )
+> MAY myPhoto )
+
+The object class inherits the required/allowed attribute
+types of {{EX:inetOrgPerson}} but requires {{EX:myUniqueName}}
+and {{EX:givenName}} and allows {{EX:myPhoto}}.
+
+!if 0
+H2: Transferring Schema
+
+Since the {{slapd.conf}}(5) schema directives use {{REF:RFC2252}}
+format values, you can extract schema elements published by
+any LDAPv3 server and easily construct directives for use with
+{{slapd}}(8).
+
+LDAPv3 servers publish schema elements in special {{subschema}}
+entries (or subentries). While {{slapd}}(8) publishes a single
+subschema subentry normally named {{EX:cn=Subschema}}, this behavior
+cannot be expected from other servers. The subschema subentry
+controlling a particular entry can be obtained by examining the
+{{EX:subschemaSubentry}} attribute contained in the entry at the
+root of each administrative context. For example,
+
+> ldapsearch -LLL -x -b "dc=example,dc=com" -s base "(objectclass=*)" subschemaSubentry
+
+To obtain the schema from a subschema subentry, you can use
+ldapsearch(1) as follows (replace the search base as needed):
+
+> ldapsearch -LLL -x -b "cn=Subschema" -s base "(objectclass=subschema)" attributeTypes objectClasses
+
+where "cn=Subschema" is the value of subschemaSubentry returned in
+the prior search.
+
+This will return {{TERM:LDIF}} output containing many type/value
+pairs. The following is an abbreviated example:
+
+> dn: cn=Subschema
+> objectClasses: ( 1.1.2.2.2 NAME 'myPerson' DESC 'my person' SUP inet
+> OrgPerson MUST ( myUniqueName $ givenName ) MAY myPhoto )
+> attributeTypes: ( 1.1.2.1.1 NAME 'myUniqueName' DESC 'unique name wi
+> th my organization' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst
+> ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+> attributeTypes: ( 1.1.2.1.2 NAME 'myPhoto' DESC 'a photo (applicatio
+> n defined format)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+
+Capture the output of the search in a file and then edit the file:
+
++ to contain only desired type/value pairs
+^ join LDIF continuation lines
+^ replace attribute type with directive name
+(e.g. {{EX:s/attributeTypes:/attributeType /}} and
+{{EX:s/objectClasses:/objectClass /}}).
+^ reorder lines so each element is defined before first use
+^ continue long directives over multiple lines
+
+For the three type/value pairs in our example, the edit should
+result in a file with contains of:
+
+> attributetype ( 1.1.2.1.1 NAME 'myUniqueName'
+> DESC 'unique name with my organization'
+> EQUALITY caseIgnoreMatch
+> SUBSTR caseIgnoreSubstringsMatch
+> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+> SINGLE-VALUE )
+> attributeType ( 1.1.2.1.2 NAME 'myPhoto'
+> DESC 'a photo (application defined format)'
+> SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+> objectClass ( 1.1.2.2.2 NAME 'myPerson'
+> DESC 'my person'
+> SUP inetOrgPerson
+> MUST ( myUniqueName $ givenName )
+> MAY myPhoto )
+
+Save in an appropriately named file (e.g. {{F:local.schema}}).
+You may now include this file in your {{slapd.conf}}(5) file.
+!endif
+
+
+H3: OID Macros
+
+To ease the management and use of OIDs, {{slapd}}(8) supports
+{{Object Identifier}} macros. The {{EX:objectIdentifier}} directive
+is used to equate a macro (name) with a OID. The OID may possibly
+be derived from a previously defined OID macro. The {{slapd.conf}}(5)
+syntax is:
+
+E: objectIdentifier <name> { <oid> | <name>[:<suffix>] }
+
+The following demonstrates definition of a set of OID macros
+and their use in defining schema elements:
+
+> objectIdentifier myOID 1.1
+> objectIdentifier mySNMP myOID:1
+> objectIdentifier myLDAP myOID:2
+> objectIdentifier myAttributeType myLDAP:1
+> objectIdentifier myObjectClass myLDAP:2
+> attributetype ( myAttributeType:3 NAME 'myPhotoURI'
+> DESC 'URI and optional label referring to a photo'
+> SUP labeledURI )
+> objectclass ( myObjectClass:1 NAME 'myPhotoObject'
+> DESC 'mixin myPhoto'
+> AUXILIARY
+> MAY myPhoto )
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/security.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/security.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/security.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,167 @@
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: Security Considerations
+
+OpenLDAP Software is designed to run in a wide variety of computing
+environments from tightly-controlled closed networks to the global
+Internet. Hence, OpenLDAP Software supports many different security
+mechanisms. This chapter describes these mechanisms and discusses
+security considerations for using OpenLDAP Software.
+
+H2: Network Security
+
+H3: Selective Listening
+
+By default, {{slapd}}(8) will listen on both the IPv4 and IPv6 "any"
+addresses. It is often desirable to have {{slapd}} listen on select
+address/port pairs. For example, listening only on the IPv4 address
+{{EX:127.0.0.1}} will disallow remote access to the directory server.
+E.g.:
+
+> slapd -h ldap://127.0.0.1
+
+While the server can be configured to listen on a particular interface
+address, this doesn't necessarily restrict access to the server to
+only those networks accessible via that interface. To selective
+restrict remote access, it is recommend that an {{SECT:IP Firewall}}
+be used to restrict access.
+
+See {{SECT:Command-line Options}} and {{slapd}}(8) for more
+information.
+
+
+H3: IP Firewall
+
+{{TERM:IP}} firewall capabilities of the server system can be used
+to restrict access based upon the client's IP address and/or network
+interface used to communicate with the client.
+
+Generally, {{slapd}}(8) listens on port 389/tcp for {{F:ldap://}}
+sessions and port 636/tcp for {{F:ldaps://}}) sessions. {{slapd}}(8)
+may be configured to listen on other ports.
+
+As specifics of how to configure IP firewall are dependent on the
+particular kind of IP firewall used, no examples are provided here.
+See the document associated with your IP firewall.
+
+
+H3: TCP Wrappers
+
+{{slapd}}(8) supports {{TERM:TCP}} Wrappers. TCP Wrappers provide
+a rule-based access control system for controlling TCP/IP access
+to the server. For example, the {{host_options}}(5) rule:
+
+> slapd: 10.0.0.0/255.0.0.0 127.0.0.1 : ALLOW
+> slapd: ALL : DENY
+
+allows only incoming connections from the private network {{F:10.0.0.0}}
+and localhost ({{F:127.0.0.1}}) to access the directory service.
+Note that IP addresses are used as {{slapd}}(8) is not normally
+configured to perform reverse lookups.
+
+It is noted that TCP wrappers require the connection to be accepted.
+As significant processing is required just to deny a connection,
+it is generally advised that IP firewall protection be used instead
+of TCP wrappers.
+
+See {{hosts_access}}(5) for more information on TCP wrapper rules.
+
+
+H2: Data Integrity and Confidentiality Protection
+
+{{TERM[expand]TLS}} (TLS) can be used to provide data integrity and
+confidentiality protection. OpenLDAP supports negotiation of
+{{TERM:TLS}} ({{TERM:SSL}}) via both StartTLS and {{F:ldaps://}}.
+See the {{SECT:Using TLS}} chapter for more information. StartTLS
+is the standard track mechanism.
+
+A number of {{TERM[expand]SASL}} (SASL) mechanisms, such as DIGEST-MD5
+and {{TERM:GSSAPI}}, also provide data integrity and confidentiality
+protection. See the {{SECT:Using SASL}} chapter for more information.
+
+
+H3: Security Strength Factors
+
+The server uses {{TERM[expand]SSF}}s (SSF) to indicate the relative
+strength of protection. A SSF of zero (0) indicates no protections
+are in place. A SSF of one (1) indicates integrity protection are
+in place. A SSF greater than one (>1) roughly correlates to the
+effective encryption key length. For example, {{TERM:DES}} is 56,
+{{TERM:3DES}} is 112, and {{TERM:AES}} 128, 192, or 256.
+
+A number of administrative controls rely on SSFs associated with
+TLS and SASL protection in place on an LDAP session.
+
+{{EX:security}} controls disallow operations when appropriate
+protections are not in place. For example:
+
+> security ssf=1 update_ssf=112
+
+requires integrity protection for all operations and encryption
+protection, 3DES equivalent, for update operations (e.g. add, delete,
+modify, etc.). See {{slapd.conf}}(5) for details.
+
+For fine-grained control, SSFs may be used in access controls. See
+{{SECT:Access Control}} section of the {{SECT:The slapd Configuration
+File}} for more information.
+
+
+H2: Authentication Methods
+
+H3: "simple" method
+
+The LDAP "simple" method has three modes of operation:
+
+* anonymous,
+* unauthenticated, and
+* user/password authenticated.
+
+Anonymous access is requested by providing no name and no password
+to the "simple" bind operation. Unauthenticated access is requested
+by providing a name but no password. Authenticated access is
+requested by providing a valid name and password.
+
+An anonymous bind results in an {{anonymous}} authorization
+association. Anonymous bind mechanism is enabled by default, but
+can be disabled by specifying "{{EX:disallow bind_anon}}" in
+{{slapd.conf}}(5). Note that disabling the anonymous bind mechanism
+does not prevent anonymous access to the directory. To require
+authentication to access the directory, one should instead
+specify "{{EX:require authc}}".
+
+An unauthenticated bind also results in an {{anonymous}} authorization
+association. Unauthenticated bind mechanism is disabled by default,
+but can be enabled by specifying "{{EX:allow bind_anon_cred}}" in
+{{slapd.conf}}(5). As a number of LDAP applications mistakenly
+generate unauthenticated bind request when authenticated access was
+intended (that is, they do not ensure a password was provided),
+this mechanism should generally remain disabled.
+
+A successful user/password authenticated bind results in a user
+authorization identity, the provided name, being associated with
+the session. User/password authenticated bind is enabled by default.
+However, as this mechanism itself offers no evesdropping protection
+(e.g., the password is set in the clear), it is recommended that
+it be used only in tightly controlled systems or when the LDAP
+session is protected by other means (e.g., TLS, {{TERM:IPSEC}}).
+Where the administrator relies on TLS to protect the password, it
+is recommended that unprotected authentication be disabled. This
+is done using the {{EX:security}} directive's {{EX:simple_bind}}
+option, which provides fine grain control over the level of confidential
+protection to require for {{simple}} user/password authentication.
+E.g., using {{EX:security simple_bind=56}} would require {{simple}}
+binds to use encryption of DES equivalent or better.
+
+The user/password authenticated bind mechanism can be completely
+disabled by setting "{{EX:disallow bind_simple}}".
+
+Note: An unsuccessful bind always results in the session having
+an {{anonymous}} authorization association.
+
+
+H3: SASL method
+
+The LDAP {{TERM:SASL}} method allows use of any SASL authentication
+mechanism. The {{SECT:Using SASL}} discusses use of SASL.
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/slapdconf2.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/slapdconf2.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/slapdconf2.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1538 @@
+# $OpenLDAP: pkg/openldap-guide/admin/slapdconf2.sdf,v 1.1.2.14 2007/04/06 03:59:58 quanah Exp $
+# Copyright 2005-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: Configuring slapd
+
+Once the software has been built and installed, you are ready
+to configure {{slapd}}(8) for use at your site. Unlike previous
+OpenLDAP releases, the slapd runtime configuration in 2.3 is
+fully LDAP-enabled and can be managed using the standard LDAP
+operations with data in {{TERM:LDIF}}. The LDAP configuration engine
+allows all of slapd's configuration options to be changed on the fly,
+generally without requiring a server restart for the changes
+to take effect. The old style {{slapd.conf}}(5) file is still
+supported, but must be converted to the new {{slapd.d}}(5) format
+to allow runtime changes to be saved. While the old style
+configuration uses a single file, normally installed as
+{{F:/usr/local/etc/openldap/slapd.conf}}, the new style
+uses a slapd backend database to store the configuration. The
+configuration database normally resides in the
+{{F:/usr/local/etc/openldap/slapd.d}} directory.
+
+An alternate configuration directory (or file) can be specified via a
+command-line option to {{slapd}}(8) or {{slurpd}}(8). This chapter
+describes the general format of the configuration system, followed by a
+detailed description of commonly used config settings.
+
+Note: some of the backends and of the distributed overlays
+do not support runtime configuration yet. In those cases,
+the old style {{slapd.conf}}(5) file must be used.
+
+Note: the current version of {{slurpd}} has not been updated for
+compatibility with this new configuration engine. If you must use
+slurpd for replication at your site, you will have to maintain an
+old-style {{slapd.conf}} file for slurpd to use.
+
+
+H2: Configuration Layout
+
+The slapd configuration is stored as a special LDAP directory with
+a predefined schema and DIT. There are specific objectClasses used to
+carry global configuration options, schema definitions, backend and
+database definitions, and assorted other items. A sample config tree
+is shown in Figure 5.1.
+
+!import "config_dit.gif"; align="center"; title="Sample configuration tree"
+FT[align="Center"] Figure 5.1: Sample configuration tree.
+
+Other objects may be part of the configuration but were omitted from
+the illustration for clarity.
+
+The {{slapd.d}} configuration tree has a very specific structure. The
+root of the tree is named {{EX:cn=config}} and contains global configuration
+settings. Additional settings are contained in separate child entries:
+* Include files
+.. Usually these are just pathnames left over from a converted
+{{EX:slapd.conf}} file.
+.. Otherwise use of Include files is deprecated.
+* Dynamically loaded modules
+.. These may only be used if the {{EX:--enable-modules}} option was
+used to configure the software.
+* Schema definitions
+.. The {{EX:cn=schema,cn=config}} entry contains the system schema (all
+the schema that is hard-coded in slapd).
+.. Child entries of {{EX:cn=schema,cn=config}} contain user schema as
+loaded from config files or added at runtime.
+* Backend-specific configuration
+* Database-specific configuration
+.. Overlays are defined in children of the Database entry.
+.. Databases and Overlays may also have other miscellaneous children.
+
+The usual rules for LDIF files apply to the configuration information:
+Comment lines beginning with a '{{EX:#}}' character
+are ignored. If a line begins with a single space, it is considered a
+continuation of the previous line (even if the previous line is a
+comment) and the single leading space is removed. Entries are separated by blank lines.
+
+The general layout of the config LDIF is as follows:
+
+> # global configuration settings
+> dn: cn=config
+> objectClass: olcGlobal
+> cn: config
+> <global config settings>
+>
+> # schema definitions
+> dn: cn=schema,cn=config
+> objectClass: olcSchemaConfig
+> cn: schema
+> <system schema>
+>
+> dn: cn={X}core,cn=schema,cn=config
+> objectClass: olcSchemaConfig
+> cn: {X}core
+> <core schema>
+>
+> # additional user-specified schema
+> ...
+>
+> # backend definitions
+> dn: olcBackend=<typeA>,cn=config
+> objectClass: olcBackendConfig
+> olcBackend: <typeA>
+> <backend-specific settings>
+>
+> # database definitions
+> dn: olcDatabase={X}<typeA>,cn=config
+> objectClass: olcDatabaseConfig
+> olcDatabase: {X}<typeA>
+> <database-specific settings>
+>
+> # subsequent definitions and settings
+> ...
+
+Some of the entries listed above have a numeric index {{EX:"{X}"}} in
+their names. While most configuration settings have an inherent ordering
+dependency (i.e., one setting must take effect before a subsequent one
+may be set), LDAP databases are inherently unordered. The numeric index
+is used to enforce a consistent ordering in the configuration database,
+so that all ordering dependencies are preserved. In most cases the index
+does not have to be provided; it will be automatically generated based
+on the order in which entries are created.
+
+Configuration directives are specified as values of individual
+attributes.
+Most of the attributes and objectClasses used in the slapd
+configuration have a prefix of {{EX:"olc"}} (OpenLDAP Configuration)
+in their names. Generally there is a one-to-one correspondence
+between the attributes and the old-style {{EX:slapd.conf}} configuration
+keywords, using the keyword as the attribute name, with the "olc"
+prefix attached.
+
+A configuration directive may take arguments. If so, the arguments are
+separated by white space. If an argument contains white space,
+the argument should be enclosed in double quotes {{EX:"like this"}}.
+In the descriptions that follow, arguments that should be replaced
+by actual text are shown in brackets {{EX:<>}}.
+
+The distribution contains an example configuration file that will
+be installed in the {{F: /usr/local/etc/openldap}} directory.
+A number of files containing schema definitions (attribute types
+and object classes) are also provided in the
+{{F: /usr/local/etc/openldap/schema}} directory.
+
+
+H2: Configuration Directives
+
+This section details commonly used configuration directives. For
+a complete list, see the {{slapd.d}}(5) manual page. This section
+will treat the configuration directives in a top-down order, starting
+with the global directives in the {{EX:cn=config}} entry. Each
+directive will be described along with its default value (if any) and
+an example of its use.
+
+
+H3: cn=config
+
+Directives contained in this entry generally apply to the server as a whole.
+Most of them are system or connection oriented, not database related. This
+entry must have the {{EX:olcGlobal}} objectClass.
+
+
+H4: olcIdleTimeout: <integer>
+
+Specify the number of seconds to wait before forcibly closing
+an idle client connection. A value of 0, the default,
+disables this feature.
+
+
+H4: olcLogLevel: <level>
+
+This directive specifies the level at which debugging statements
+and operation statistics should be syslogged (currently logged to
+the {{syslogd}}(8) {{EX:LOG_LOCAL4}} facility). You must have
+configured OpenLDAP {{EX:--enable-debug}} (the default) for this
+to work (except for the two statistics levels, which are always
+enabled). Log levels may be specified as integers or by keyword.
+Multiple log levels may be used and the levels are additive.
+To display what levels
+correspond to what kind of debugging, invoke slapd with {{EX:-?}}
+or consult the table below. The possible values for <level> are:
+
+!block table; colaligns="RL"; align=Center; \
+ title="Table 5.1: Debugging Levels"
+Level Keyword Description
+-1 Any enable all debugging
+0 no debugging
+1 Trace trace function calls
+2 Packets debug packet handling
+4 Args heavy trace debugging
+8 Conns connection management
+16 BER print out packets sent and received
+32 Filter search filter processing
+64 Config configuration processing
+128 ACL access control list processing
+256 Stats stats log connections/operations/results
+512 Stats2 stats log entries sent
+1024 Shell print communication with shell backends
+2048 Parse print entry parsing debugging
+4096 Cache database cache processing
+8192 Index database indexing
+16384 Sync syncrepl consumer processing
+!endblock
+
+\Example:
+
+E: olcLogLevel: -1
+
+This will cause lots and lots of debugging information to be
+logged.
+
+E: olcLogLevel: Conns Filter
+
+Just log the connection and search filter processing.
+
+\Default:
+
+E: olcLogLevel: Stats
+
+
+H4: olcReferral <URI>
+
+This directive specifies the referral to pass back when slapd
+cannot find a local database to handle a request.
+
+\Example:
+
+> olcReferral: ldap://root.openldap.org
+
+This will refer non-local queries to the global root LDAP server
+at the OpenLDAP Project. Smart LDAP clients can re-ask their
+query at that server, but note that most of these clients are
+only going to know how to handle simple LDAP URLs that
+contain a host part and optionally a distinguished name part.
+
+
+H4: Sample Entry
+
+>dn: cn=config
+>objectClass: olcGlobal
+>cn: config
+>olcIdleTimeout: 30
+>olcLogLevel: Stats
+>olcReferral: ldap://root.openldap.org
+
+
+
+H3: cn=include
+
+An include entry holds the pathname of one include file. Include files
+are part of the old style slapd.conf configuration system and must be in
+slapd.conf format. Include files were commonly used to load schema
+specifications. While they are still supported, their use is deprecated.
+Include entries must have the {{EX:olcIncludeFile}} objectClass.
+
+
+H4: olcInclude: <filename>
+
+This directive specifies that slapd should read additional
+configuration information from the given file.
+
+Note: You should be careful when using this directive - there is
+no small limit on the number of nested include directives, and no
+loop detection is done.
+
+
+H4: Sample Entries
+
+>dn: cn=include{0},cn=config
+>objectClass: olcIncludeFile
+>cn: include{0}
+>olcInclude: ./schema/core.schema
+>
+>dn: cn=include{1},cn=config
+>objectClass: olcIncludeFile
+>cn: include{1}
+>olcInclude: ./schema/cosine.schema
+
+
+H3: cn=module
+
+If support for dynamically loaded modules was enabled when configuring
+slapd, {{EX:cn=module}} entries may be used to specify sets of modules to load.
+Module entries must have the {{EX:olcModuleList}} objectClass.
+
+
+H4: olcModuleLoad: <filename>
+
+Specify the name of a dynamically loadable module to load. The filename
+may be an absolute path name or a simple filename. Non-absolute names
+are searched for in the directories specified by the {{EX:olcModulePath}}
+directive.
+
+
+H4: olcModulePath: <pathspec>
+
+Specify a list of directories to search for loadable modules. Typically the
+path is colon-separated but this depends on the operating system.
+
+
+H4: Sample Entries
+
+>dn: cn=module{0},cn=config
+>objectClass: olcModuleList
+>cn: module{0}
+>olcModuleLoad: /usr/local/lib/smbk5pwd.la
+>
+>dn: cn=module{1},cn=config
+>objectClass: olcModuleList
+>cn: module{1}
+>olcModulePath: /usr/local/lib:/usr/local/lib/slapd
+>olcModuleLoad: accesslog.la
+>olcModuleLoad: pcache.la
+
+
+H3: cn=schema
+
+The cn=schema entry holds all of the schema definitions that are hard-coded
+in slapd. As such, the values in this entry are generated by slapd so no
+schema values need to be provided in the config file. The entry must still
+be defined though, to serve as a base for the user-defined schema to add
+in underneath. Schema entries must have the {{EX:olcSchemaConfig}}
+objectClass.
+
+
+H4: olcAttributeTypes: <{{REF:RFC2252}} Attribute Type Description>
+
+This directive defines an attribute type.
+Please see the {{SECT:Schema Specification}} chapter
+for information regarding how to use this directive.
+
+
+H4: olcObjectClasses: <{{REF:RFC2252}} Object Class Description>
+
+This directive defines an object class.
+Please see the {{SECT:Schema Specification}} chapter for
+information regarding how to use this directive.
+
+
+H4: Sample Entries
+
+>dn: cn=schema,cn=config
+>objectClass: olcSchemaConfig
+>cn: schema
+>
+>dn: cn=test,cn=schema,cn=config
+>objectClass: olcSchemaConfig
+>cn: test
+>olcAttributeTypes: ( 1.1.1
+> NAME 'testAttr'
+> EQUALITY integerMatch
+> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+>olcAttributeTypes: ( 1.1.2 NAME 'testTwo' EQUALITY caseIgnoreMatch
+> SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+>olcObjectClasses: ( 1.1.3 NAME 'testObject'
+> MAY ( testAttr $ testTwo ) AUXILIARY )
+
+
+H3: Backend-specific Directives
+
+Backend directives apply to all database instances of the
+same type and, depending on the directive, may be overridden
+by database directives. Backend entries must have the
+{{EX:olcBackendConfig}} objectClass.
+
+H4: olcBackend: <type>
+
+This directive names a backend-specific configuration entry.
+{{EX:<type>}} should be one of the
+supported backend types listed in Table 5.2.
+
+!block table; align=Center; coltags="EX,N"; \
+ title="Table 5.2: Database Backends"
+Types Description
+bdb Berkeley DB transactional backend
+config Slapd configuration backend
+dnssrv DNS SRV backend
+hdb Hierarchical variant of bdb backend
+ldap Lightweight Directory Access Protocol (Proxy) backend
+ldbm Lightweight DBM backend
+ldif Lightweight Data Interchange Format backend
+meta Meta Directory backend
+monitor Monitor backend
+passwd Provides read-only access to {{passwd}}(5)
+perl Perl Programmable backend
+shell Shell (extern program) backend
+sql SQL Programmable backend
+!endblock
+
+\Example:
+
+> olcBackend: bdb
+
+There are no other directives defined for this entry. Specific backend
+types may define additional attributes for their particular use but so
+far none have ever been defined. As such, these directives usually do
+not appear in any actual configurations.
+
+
+H4: Sample Entry
+
+> dn: olcBackend=bdb,cn=config
+> objectClass: olcBackendConfig
+> olcBackend: bdb
+
+
+H3: Database-specific Directives
+
+Directives in this section are supported by every type of database.
+Database entries must have the {{EX:olcDatabaseConfig}} objectClass.
+
+H4: olcDatabase: [{<index>}]<type>
+
+This directive names a specific database instance. The numeric {<index>} may
+be provided to distinguish multiple databases of the same type. Usually the
+index can be omitted, and slapd will generate it automatically.
+{{EX:<type>}} should be one of the
+supported backend types listed in Table 5.2 or the {{EX:frontend}} type.
+
+The {{EX:frontend}} is a special database that is used to hold
+database-level options that should be applied to all the other
+databases. Subsequent database definitions may also override some
+frontend settings.
+
+The {{EX:config}} database is also special; both the {{EX:config}} and
+the {{EX:frontend}} databases are always created implicitly even if they
+are not explicitly configured, and they are created before any other
+databases.
+
+\Example:
+
+> olcDatabase: bdb
+
+This marks the beginning of a new {{TERM:BDB}} database instance.
+
+
+H4: olcAccess: to <what> [ by <who> <accesslevel> <control> ]+
+
+This directive grants access (specified by <accesslevel>) to a
+set of entries and/or attributes (specified by <what>) by one or
+more requesters (specified by <who>).
+See the {{SECT:Access Control}} section of this chapter for a
+summary of basic usage.
+
+!if 0
+More detailed discussion of this directive can be found in the
+{{SECT:Advanced Access Control}} chapter.
+!endif
+
+Note: If no {{EX:olcAccess}} directives are specified, the default
+access control policy, {{EX:to * by * read}}, allows all
+users (both authenticated and anonymous) read access.
+
+Note: Access controls defined in the frontend are appended to all
+other databases' controls.
+
+
+H4: olcReadonly { TRUE | FALSE }
+
+This directive puts the database into "read-only" mode. Any
+attempts to modify the database will return an "unwilling to
+perform" error.
+
+\Default:
+
+> olcReadonly: FALSE
+
+
+H4: olcReplica
+
+> olcReplica: uri=ldap[s]://<hostname>[:<port>] | host=<hostname>[:<port>]
+> [bindmethod={simple|sasl}]
+> ["binddn=<DN>"]
+> [saslmech=<mech>]
+> [authcid=<identity>]
+> [authzid=<identity>]
+> [credentials=<password>]
+
+This directive specifies a replication site for this database for
+use with slurpd. The
+{{EX:uri=}} parameter specifies a scheme, a host and optionally a port where
+the slave slapd instance can be found. Either a domain name
+or IP address may be used for <hostname>. If <port> is not
+given, the standard LDAP port number (389 or 636) is used.
+
+{{EX:host}} is deprecated in favor of the {{EX:uri}} parameter.
+
+{{EX:uri}} allows the replica LDAP server to be specified as an LDAP
+URI such as {{EX:ldap://slave.example.com:389}} or
+{{EX:ldaps://slave.example.com:636}}.
+
+The {{EX:binddn=}} parameter gives the DN to bind as for updates
+to the slave slapd. It should be a DN which has read/write access
+to the slave slapd's database. It must also match the {{EX:updatedn}}
+directive in the slave slapd's config file. Generally, this DN
+{{should not}} be the same as the {{EX:rootdn}} of the master
+database. Since DNs are likely to contain embedded spaces, the
+entire {{EX:"binddn=<DN>"}} string should be enclosed in double
+quotes.
+
+The {{EX:bindmethod}} is {{EX:simple}} or {{EX:sasl}},
+depending on whether simple password-based authentication
+or {{TERM:SASL}} authentication is to be used when connecting
+to the slave slapd.
+
+Simple authentication should not be used unless adequate data
+integrity and confidentiality protections are in place (e.g. TLS
+or IPSEC). Simple authentication requires specification of
+{{EX:binddn}} and {{EX:credentials}} parameters.
+
+SASL authentication is generally recommended. SASL authentication
+requires specification of a mechanism using the {{EX:saslmech}} parameter.
+Depending on the mechanism, an authentication identity and/or
+credentials can be specified using {{EX:authcid}} and {{EX:credentials}}
+respectively. The {{EX:authzid}} parameter may be used to specify
+an authorization identity.
+
+See the chapter entitled {{SECT:Replication with slurpd}} for more
+information on how to use this directive.
+
+
+H4: olcReplogfile: <filename>
+
+This directive specifies the name of the replication log file to
+which slapd will log changes. The replication log is typically
+written by slapd and read by slurpd. Normally, this directive is
+only used if slurpd is being used to replicate the database.
+However, you can also use it to generate a transaction log, if
+slurpd is not running. In this case, you will need to periodically
+truncate the file, since it will grow indefinitely otherwise.
+
+See the chapter entitled {{SECT:Replication with slurpd}} for more
+information on how to use this directive.
+
+
+H4: olcRootDN: <DN>
+
+This directive specifies the DN that is not subject to
+access control or administrative limit restrictions for
+operations on this database. The DN need not refer to
+an entry in this database or even in the directory. The
+DN may refer to a SASL identity.
+
+Entry-based Example:
+
+> olcRootDN: "cn=Manager,dc=example,dc=com"
+
+SASL-based Example:
+
+> olcRootDN: "uid=root,cn=example.com,cn=digest-md5,cn=auth"
+
+See the {{SECT:SASL Authentication}} section for information on
+SASL authentication identities.
+
+
+H4: olcRootPW: <password>
+
+This directive can be used to specify a password for the DN for
+the rootdn (when the rootdn is set to a DN within the database).
+
+\Example:
+
+> olcRootPW: secret
+
+It is also permissible to provide a hash of the password in RFC 2307
+form. {{slappasswd}}(8) may be used to generate the password hash.
+
+\Example:
+
+> olcRootPW: {SSHA}ZKKuqbEKJfKSXhUbHG3fG8MDn9j1v4QN
+
+The hash was generated using the command {{EX:slappasswd -s secret}}.
+
+
+H4: olcSizeLimit: <integer>
+
+This directive specifies the maximum number of entries to return
+from a search operation.
+
+\Default:
+
+> olcSizeLimit: 500
+
+
+
+H4: olcSuffix: <dn suffix>
+
+This directive specifies the DN suffix of queries that will be
+passed to this backend database. Multiple suffix lines can be
+given, and usually at least one is required for each database
+definition. (Some backend types, such as {{EX:frontend}} and
+{{EX:monitor}} use a hard-coded suffix which may not be overridden
+in the configuration.)
+
+\Example:
+
+> olcSuffix: "dc=example,dc=com"
+
+Queries with a DN ending in "dc=example,dc=com"
+will be passed to this backend.
+
+Note: When the backend to pass a query to is selected, slapd
+looks at the suffix value(s) in each database definition in the
+order in which they were configured. Thus, if one database suffix is a
+prefix of another, it must appear after it in the configuration.
+
+
+H4: olcSyncrepl
+
+> olcSyncrepl: rid=<replica ID>
+> provider=ldap[s]://<hostname>[:port]
+> [starttls=yes|critical]
+> [type=refreshOnly|refreshAndPersist]
+> [interval=dd:hh:mm:ss]
+> [retry=[<retry interval> <# of retries>]+]
+> searchbase=<base DN>
+> [filter=<filter str>]
+> [scope=sub|one|base]
+> [attrs=<attr list>]
+> [attrsonly]
+> [sizelimit=<limit>]
+> [timelimit=<limit>]
+> [schemachecking=on|off]
+> [bindmethod=simple|sasl]
+> [binddn=<DN>]
+> [saslmech=<mech>]
+> [authcid=<identity>]
+> [authzid=<identity>]
+> [credentials=<passwd>]
+> [realm=<realm>]
+> [secprops=<properties>]
+
+
+This directive specifies the current database as a replica of the
+master content by establishing the current {{slapd}}(8) as a
+replication consumer site running a syncrepl replication engine.
+The master database is located at the replication provider site
+specified by the {{EX:provider}} parameter. The replica database is
+kept up-to-date with the master content using the LDAP Content
+Synchronization protocol. See {{EX:draft-zeilenga-ldup-sync-xx.txt}}
+({{a work in progress}}) for more information on the protocol.
+
+The {{EX:rid}} parameter is used for identification of the current
+{{EX:syncrepl}} directive within the replication consumer server,
+where {{EX:<replica ID>}} uniquely identifies the syncrepl specification
+described by the current {{EX:syncrepl}} directive. {{EX:<replica ID>}}
+is non-negative and is no more than three decimal digits in length.
+
+The {{EX:provider}} parameter specifies the replication provider site
+containing the master content as an LDAP URI. The {{EX:provider}}
+parameter specifies a scheme, a host and optionally a port where the
+provider slapd instance can be found. Either a domain name or IP
+address may be used for <hostname>. Examples are
+{{EX:ldap://provider.example.com:389}} or {{EX:ldaps://192.168.1.1:636}}.
+If <port> is not given, the standard LDAP port number (389 or 636) is used.
+Note that the syncrepl uses a consumer-initiated protocol, and hence its
+specification is located at the consumer site, whereas the {{EX:replica}}
+specification is located at the provider site. {{EX:syncrepl}} and
+{{EX:replica}} directives define two independent replication
+mechanisms. They do not represent the replication peers of each other.
+
+The {{EX:starttls}} parameter specifies use of the StartTLS extended
+operation to establish a TLS session before Binding to the provider. If the
+StartTLS request fails and the {{EX:critical}} argument was used, the
+session will be aborted. Otherwise the syncrepl session continues without
+TLS.
+
+The content of the syncrepl replica is defined using a search
+specification as its result set. The consumer slapd will
+send search requests to the provider slapd according to the search
+specification. The search specification includes {{EX:searchbase}},
+{{EX:scope}}, {{EX:filter}}, {{EX:attrs}}, {{EX:attrsonly}},
+{{EX:sizelimit}}, and {{EX:timelimit}} parameters as in the normal
+search specification. The {{EX:searchbase}} parameter has no
+default value and must always be specified. The {{EX:scope}} defaults
+to {{EX:sub}}, the {{EX:filter}} defaults to {{EX:(objectclass=*)}},
+{{EX:attrs}} defaults to {{EX:"*,+"}} to replicate all user and operational
+attributes, and {{EX:attrsonly}} is unset by default. Both {{EX:sizelimit}}
+and {{EX:timelimit}} default to "unlimited", and only positive integers
+or "unlimited" may be specified.
+
+The LDAP Content Synchronization protocol has two operation
+types: {{EX:refreshOnly}} and {{EX:refreshAndPersist}}.
+The operation type is specified by the {{EX:type}} parameter.
+In the {{EX:refreshOnly}} operation, the next synchronization search operation
+is periodically rescheduled at an interval time after each
+synchronization operation finishes. The interval is specified
+by the {{EX:interval}} parameter. It is set to one day by default.
+In the {{EX:refreshAndPersist}} operation, a synchronization search
+remains persistent in the provider slapd. Further updates to the
+master replica will generate {{EX:searchResultEntry}} to the consumer slapd
+as the search responses to the persistent synchronization search.
+
+If an error occurs during replication, the consumer will attempt to reconnect
+according to the retry parameter which is a list of the <retry interval>
+and <# of retries> pairs. For example, retry="60 10 300 3" lets the consumer
+retry every 60 seconds for the first 10 times and then retry every 300 seconds
+for the next three times before stop retrying. + in <# of retries> means
+indefinite number of retries until success.
+
+The schema checking can be enforced at the LDAP Sync consumer site
+by turning on the {{EX:schemachecking}} parameter.
+If it is turned on, every replicated entry will be checked for its
+schema as the entry is stored into the replica content.
+Every entry in the replica should contain those attributes
+required by the schema definition.
+If it is turned off, entries will be stored without checking
+schema conformance. The default is off.
+
+The {{EX:binddn}} parameter gives the DN to bind as for the
+syncrepl searches to the provider slapd. It should be a DN
+which has read access to the replication content in the
+master database.
+
+The {{EX:bindmethod}} is {{EX:simple}} or {{EX:sasl}},
+depending on whether simple password-based authentication or
+{{TERM:SASL}} authentication is to be used when connecting
+to the provider slapd.
+
+Simple authentication should not be used unless adequate data
+integrity and confidentiality protections are in place (e.g. TLS
+or IPSEC). Simple authentication requires specification of {{EX:binddn}}
+and {{EX:credentials}} parameters.
+
+SASL authentication is generally recommended. SASL authentication
+requires specification of a mechanism using the {{EX:saslmech}} parameter.
+Depending on the mechanism, an authentication identity and/or
+credentials can be specified using {{EX:authcid}} and {{EX:credentials}},
+respectively. The {{EX:authzid}} parameter may be used to specify
+an authorization identity.
+
+The {{EX:realm}} parameter specifies a realm which a certain
+mechanisms authenticate the identity within. The {{EX:secprops}}
+parameter specifies Cyrus SASL security properties.
+
+The syncrepl replication mechanism is supported by the
+three native backends: back-bdb, back-hdb, and back-ldbm.
+
+See the {{SECT:LDAP Sync Replication}} chapter of the admin guide
+for more information on how to use this directive.
+
+
+H4: olcTimeLimit: <integer>
+
+This directive specifies the maximum number of seconds (in real
+time) slapd will spend answering a search request. If a
+request is not finished in this time, a result indicating an
+exceeded timelimit will be returned.
+
+\Default:
+
+> olcTimeLimit: 3600
+
+
+H4: olcUpdateDN: <DN>
+
+This directive is only applicable in a slave slapd. It specifies
+the DN allowed to make changes to the replica. This may be the DN
+{{slurpd}}(8) binds as when making changes to the replica or the DN
+associated with a SASL identity.
+
+Entry-based Example:
+
+> olcUpdateDN: "cn=Update Daemon,dc=example,dc=com"
+
+SASL-based Example:
+
+> olcUpdateDN: "uid=slurpd,cn=example.com,cn=digest-md5,cn=auth"
+
+See the {{SECT:Replication with slurpd}} chapter for more information
+on how to use this directive.
+
+H4: olcUpdateref: <URL>
+
+This directive is only applicable in a slave slapd. It
+specifies the URL to return to clients which submit update
+requests upon the replica.
+If specified multiple times, each {{TERM:URL}} is provided.
+
+\Example:
+
+> olcUpdateref: ldap://master.example.net
+
+
+H4: Sample Entries
+
+>dn: olcDatabase=frontend,cn=config
+>objectClass: olcDatabaseConfig
+>objectClass: olcFrontendConfig
+>olcDatabase: frontend
+>olcReadOnly: FALSE
+>
+>dn: olcDatabase=config,cn=config
+>objectClass: olcDatabaseConfig
+>olcDatabase: config
+>olcRootDN: cn=Manager,dc=example,dc=com
+
+
+H3: BDB and HDB Database Directives
+
+Directives in this category apply to both the {{TERM:BDB}}
+and the {{TERM:HDB}} database.
+They are used in an olcDatabase entry in addition to the generic
+database directives defined above. For a complete reference
+of BDB/HDB configuration directives, see {{slapd-bdb}}(5). In
+addition to the {{EX:olcDatabaseConfig}} objectClass, BDB and HDB
+database entries must have the {{EX:olcBdbConfig}} and
+{{EX:olcHdbConfig}} objectClass, respectively.
+
+
+H4: olcDbDirectory: <directory>
+
+This directive specifies the directory where the BDB files
+containing the database and associated indices live.
+
+\Default:
+
+> olcDbDirectory: /usr/local/var/openldap-data
+
+
+H4: olcDbCachesize: <integer>
+
+This directive specifies the size in entries of the in-memory
+cache maintained by the BDB backend database instance.
+
+\Default:
+
+> olcDbCachesize: 1000
+
+
+H4: olcDbCheckpoint: <kbyte> <min>
+
+This directive specifies how often to checkpoint the BDB transaction log.
+A checkpoint operation flushes the database buffers to disk and writes a
+checkpoint record in the log.
+The checkpoint will occur if either <kbyte> data has been written or
+<min> minutes have passed since the last checkpont. Both arguments default
+to zero, in which case they are ignored. When the <min> argument is
+non-zero, an internal task will run every <min> minutes to perform the
+checkpoint. See the Berkeley DB reference guide for more details.
+
+\Example:
+
+> olcDbCheckpoint: 1024 10
+
+
+H4: olcDbConfig: <DB_CONFIG setting>
+
+This attribute specifies a configuration directive to be placed in the
+{{EX:DB_CONFIG}} file of the database directory. At server startup time, if
+no such file exists yet, the {{EX:DB_CONFIG}} file will be created and the
+settings in this attribute will be written to it. If the file exists,
+its contents will be read and displayed in this attribute. The attribute
+is multi-valued, to accomodate multiple configuration directives. No default
+is provided, but it is essential to use proper settings here to get the
+best server performance.
+
+\Example:
+
+> olcDbConfig: set_cachesize 0 10485760 0
+> olcDbConfig: set_lg_bsize 2097512
+> olcDbConfig: set_lg_dir /var/tmp/bdb-log
+> olcDbConfig: set_flags DB_LOG_AUTOREMOVE
+
+In this example, the BDB cache is set to 10MB, the BDB transaction log
+buffer size is set to 2MB, and the transaction log files are to be stored
+in the /var/tmp/bdb-log directory. Also a flag is set to tell BDB to
+delete transaction log files as soon as their contents have been
+checkpointed and they are no longer needed. Without this setting the
+transaction log files will continue to accumulate until some other
+cleanup procedure removes them. See the SleepyCat documentation for the
+{{EX:db_archive}} command for details.
+
+Ideally the BDB cache must be
+at least as large as the working set of the database, the log buffer size
+should be large enough to accomodate most transactions without overflowing,
+and the log directory must be on a separate physical disk from the main
+database files. And both the database directory and the log directory
+should be separate from disks used for regular system activities such as
+the root, boot, or swap filesystems. See the FAQ-o-Matic and the SleepyCat
+documentation for more details.
+
+
+H4: olcDbNosync: { TRUE | FALSE }
+
+This option causes on-disk database contents to not be immediately
+synchronized with in memory changes upon change. Setting this option
+to {{EX:TRUE}} may improve performance at the expense of data integrity. This
+directive has the same effect as using
+> olcDbConfig: set_flags DB_TXN_NOSYNC
+
+
+H4: olcDbIDLcacheSize: <integer>
+
+Specify the size of the in-memory index cache, in index slots. The
+default is zero. A larger value will speed up frequent searches of
+indexed entries. The optimal size will depend on the data and search
+characteristics of the database, but using a number three times
+the entry cache size is a good starting point.
+
+\Example:
+
+> olcDbIDLcacheSize: 3000
+
+
+H4: olcDbIndex: {<attrlist> | default} [pres,eq,approx,sub,none]
+
+This directive specifies the indices to maintain for the given
+attribute. If only an {{EX:<attrlist>}} is given, the default
+indices are maintained.
+
+\Example:
+
+> olcDbIndex: default pres,eq
+> olcDbIndex: uid
+> olcDbIndex: cn,sn pres,eq,sub
+> olcDbIndex: objectClass eq
+
+The first line sets the default set of indices to maintain to
+present and equality. The second line causes the default (pres,eq)
+set of indices to be maintained for the {{EX:uid}} attribute type.
+The third line causes present, equality, and substring indices to
+be maintained for {{EX:cn}} and {{EX:sn}} attribute types. The
+fourth line causes an equality index for the {{EX:objectClass}}
+attribute type.
+
+By default, no indices are maintained. It is generally advised
+that minimally an equality index upon objectClass be maintained.
+
+> olcDbindex: objectClass eq
+
+If this setting is changed while slapd is running, an internal task
+will be run to generate the changed index data. All server operations
+can continue as normal while the indexer does its work. If slapd is
+stopped before the index task completes, indexing will have to be
+manually completed using the slapindex tool.
+
+
+H4: olcDbLinearIndex: { TRUE | FALSE }
+
+If this setting is {{EX:TRUE}} slapindex will index one attribute
+at a time. The default settings is {{EX:FALSE}} in which case all
+indexed attributes of an entry are processed at the same time. When
+enabled, each indexed attribute is processed individually, using
+multiple passes through the entire database. This option improves
+slapindex performance when the database size exceeds the BDB cache
+size. When the BDB cache is large enough, this option is not needed
+and will decrease performance. Also by default, slapadd performs
+full indexing and so a separate slapindex run is not needed. With
+this option, slapadd does no indexing and slapindex must be used.
+
+
+H4: olcDbMode: <integer>
+
+This directive specifies the file protection mode that newly
+created database index files should have.
+
+\Default:
+
+> olcDbMode: 0600
+
+
+H4: olcDbSearchStack: <integer>
+
+Specify the depth of the stack used for search filter evaluation.
+Search filters are evaluated on a stack to accomodate nested {{EX:AND}} /
+{{EX:OR}} clauses. An individual stack is allocated for each server thread.
+The depth of the stack determines how complex a filter can be evaluated
+without requiring any additional memory allocation. Filters that are
+nested deeper than the search stack depth will cause a separate stack to
+be allocated for that particular search operation. These separate allocations
+can have a major negative impact on server performance, but specifying
+too much stack will also consume a great deal of memory. Each search
+uses 512K bytes per level on a 32-bit machine, or 1024K bytes per level
+on a 64-bit machine. The default stack depth is 16, thus 8MB or 16MB
+per thread is used on 32 and 64 bit machines, respectively. Also the
+512KB size of a single stack slot is set by a compile-time constant which
+may be changed if needed; the code must be recompiled for the change
+to take effect.
+
+\Default:
+
+> olcDbSearchStack: 16
+
+
+H4: olcDbShmKey: <integer>
+
+Specify a key for a shared memory BDB environment. By default the BDB
+environment uses memory mapped files. If a non-zero value is specified,
+it will be used as the key to identify a shared memory region that will
+house the environment.
+
+\Example:
+
+> olcDbShmKey: 42
+
+
+H4: Sample Entry
+
+>dn: olcDatabase=hdb,cn=config
+>objectClass: olcDatabaseConfig
+>objectClass: olcHdbConfig
+>olcDatabase: hdb
+>olcSuffix: "dc=example,dc=com"
+>olcDbDirectory: /usr/local/var/openldap-data
+>olcDbCacheSize: 1000
+>olcDbCheckpoint: 1024 10
+>olcDbConfig: set_cachesize 0 10485760 0
+>olcDbConfig: set_lg_bsize 2097152
+>olcDbConfig: set_lg_dir /var/tmp/bdb-log
+>olcDbConfig: set_flags DB_LOG_AUTOREMOVE
+>olcDbIDLcacheSize: 3000
+>olcDbIndex: objectClass eq
+
+
+H2: Access Control
+
+Access to slapd entries and attributes is controlled by the
+olcAccess attribute, whose values are a sequence of access directives.
+The general form of the olcAccess configuration is:
+
+> olcAccess: <access directive>
+> <access directive> ::= to <what>
+> [by <who> <access> <control>]+
+> <what> ::= * |
+> [dn[.<basic-style>]=<regex> | dn.<scope-style>=<DN>]
+> [filter=<ldapfilter>] [attrs=<attrlist>]
+> <basic-style> ::= regex | exact
+> <scope-style> ::= base | one | subtree | children
+> <attrlist> ::= <attr> [val[.<basic-style>]=<regex>] | <attr> , <attrlist>
+> <attr> ::= <attrname> | entry | children
+> <who> ::= * | [anonymous | users | self
+> | dn[.<basic-style>]=<regex> | dn.<scope-style>=<DN>]
+> [dnattr=<attrname>]
+> [group[/<objectclass>[/<attrname>][.<basic-style>]]=<regex>]
+> [peername[.<basic-style>]=<regex>]
+> [sockname[.<basic-style>]=<regex>]
+> [domain[.<basic-style>]=<regex>]
+> [sockurl[.<basic-style>]=<regex>]
+> [set=<setspec>]
+> [aci=<attrname>]
+> <access> ::= [self]{<level>|<priv>}
+> <level> ::= none | auth | compare | search | read | write
+> <priv> ::= {=|+|-}{w|r|s|c|x|0}+
+> <control> ::= [stop | continue | break]
+
+where the <what> part selects the entries and/or attributes to which
+the access applies, the {{EX:<who>}} part specifies which entities
+are granted access, and the {{EX:<access>}} part specifies the
+access granted. Multiple {{EX:<who> <access> <control>}} triplets
+are supported, allowing many entities to be granted different access
+to the same set of entries and attributes. Not all of these access
+control options are described here; for more details see the
+{{slapd.access}}(5) man page.
+
+
+H3: What to control access to
+
+The <what> part of an access specification determines the entries
+and attributes to which the access control applies. Entries are
+commonly selected in two ways: by DN and by filter. The following
+qualifiers select entries by DN:
+
+> to *
+> to dn[.<basic-style>]=<regex>
+> to dn.<scope-style>=<DN>
+
+The first form is used to select all entries. The second form may
+be used to select entries by matching a regular expression against
+the target entry's {{normalized DN}}. (The second form is not
+discussed further in this document.) The third form is used to
+select entries which are within the requested scope of DN. The
+<DN> is a string representation of the Distinguished Name, as
+described in {{REF:RFC2253}}.
+
+The scope can be either {{EX:base}}, {{EX:one}}, {{EX:subtree}},
+or {{EX:children}}. Where {{EX:base}} matches only the entry with
+provided DN, {{EX:one}} matches the entries whose parent is the
+provided DN, {{EX:subtree}} matches all entries in the subtree whose
+root is the provided DN, and {{EX:children}} matches all entries
+under the DN (but not the entry named by the DN).
+
+For example, if the directory contained entries named:
+
+> 0: o=suffix
+> 1: cn=Manager,o=suffix
+> 2: ou=people,o=suffix
+> 3: uid=kdz,ou=people,o=suffix
+> 4: cn=addresses,uid=kdz,ou=people,o=suffix
+> 5: uid=hyc,ou=people,o=suffix
+
+\Then:
+. {{EX:dn.base="ou=people,o=suffix"}} match 2;
+. {{EX:dn.one="ou=people,o=suffix"}} match 3, and 5;
+. {{EX:dn.subtree="ou=people,o=suffix"}} match 2, 3, 4, and 5; and
+. {{EX:dn.children="ou=people,o=suffix"}} match 3, 4, and 5.
+
+
+Entries may also be selected using a filter:
+
+> to filter=<ldap filter>
+
+where <ldap filter> is a string representation of an LDAP
+search filter, as described in {{REF:RFC2254}}. For example:
+
+> to filter=(objectClass=person)
+
+Note that entries may be selected by both DN and filter by
+including both qualifiers in the <what> clause.
+
+> to dn.one="ou=people,o=suffix" filter=(objectClass=person)
+
+Attributes within an entry are selected by including a comma-separated
+list of attribute names in the <what> selector:
+
+> attrs=<attribute list>
+
+A specific value of an attribute is selected by using a single
+attribute name and also using a value selector:
+
+> attrs=<attribute> val[.<style>]=<regex>
+
+There are two special {{pseudo}} attributes {{EX:entry}} and
+{{EX:children}}. To read (and hence return) a target entry, the
+subject must have {{EX:read}} access to the target's {{entry}}
+attribute. To add or delete an entry, the subject must have
+{{EX:write}} access to the entry's {{EX:entry}} attribute AND must
+have {{EX:write}} access to the entry's parent's {{EX:children}}
+attribute. To rename an entry, the subject must have {{EX:write}}
+access to entry's {{EX:entry}} attribute AND have {{EX:write}}
+access to both the old parent's and new parent's {{EX:children}}
+attributes. The complete examples at the end of this section should
+help clear things up.
+
+Lastly, there is a special entry selector {{EX:"*"}} that is used to
+select any entry. It is used when no other {{EX:<what>}}
+selector has been provided. It's equivalent to "{{EX:dn=.*}}"
+
+
+H3: Who to grant access to
+
+The <who> part identifies the entity or entities being granted
+access. Note that access is granted to "entities" not "entries."
+The following table summarizes entity specifiers:
+
+!block table; align=Center; coltags="EX,N"; \
+ title="Table 5.3: Access Entity Specifiers"
+Specifier|Entities
+*|All, including anonymous and authenticated users
+anonymous|Anonymous (non-authenticated) users
+users|Authenticated users
+self|User associated with target entry
+dn[.<basic-style>]=<regex>|Users matching a regular expression
+dn.<scope-style>=<DN>|Users within scope of a DN
+!endblock
+
+The DN specifier behaves much like <what> clause DN specifiers.
+
+Other control factors are also supported. For example, a {{EX:<who>}}
+can be restricted by an entry listed in a DN-valued attribute in
+the entry to which the access applies:
+
+> dnattr=<dn-valued attribute name>
+
+The dnattr specification is used to give access to an entry
+whose DN is listed in an attribute of the entry (e.g., give
+access to a group entry to whoever is listed as the owner of
+the group entry).
+
+Some factors may not be appropriate in all environments (or any).
+For example, the domain factor relies on IP to domain name lookups.
+As these can easily spoofed, the domain factor should not be avoided.
+
+
+H3: The access to grant
+
+
+The kind of <access> granted can be one of the following:
+
+
+!block table; colaligns="LRL"; coltags="EX,EX,N"; align=Center; \
+ title="Table 5.4: Access Levels"
+Level Privileges Description
+none =0 no access
+auth =x needed to bind
+compare =cx needed to compare
+search =scx needed to apply search filters
+read =rscx needed to read search results
+write =wrscx needed to modify/rename
+!endblock
+
+Each level implies all lower levels of access. So, for
+example, granting someone {{EX:write}} access to an entry also
+grants them {{EX:read}}, {{EX:search}}, {{EX:compare}}, and
+{{EX:auth}} access. However, one may use the privileges specifier
+to grant specific permissions.
+
+
+H3: Access Control Evaluation
+
+When evaluating whether some requester should be given access to
+an entry and/or attribute, slapd compares the entry and/or attribute
+to the {{EX:<what>}} selectors given in the configuration.
+For each entry, access controls provided in the database which holds
+the entry (or the first database if not held in any database) apply
+first, followed by the global access directives (which are held in
+the {{EX:frontend}} database definition). Within this
+priority, access directives are examined in the order in which they
+appear in the configuration attribute. Slapd stops with the first {{EX:<what>}}
+selector that matches the entry and/or attribute. The corresponding
+access directive is the one slapd will use to evaluate access.
+
+Next, slapd compares the entity requesting access to the {{EX:<who>}}
+selectors within the access directive selected above in the order
+in which they appear. It stops with the first {{EX:<who>}} selector
+that matches the requester. This determines the access the entity
+requesting access has to the entry and/or attribute.
+
+Finally, slapd compares the access granted in the selected
+{{EX:<access>}} clause to the access requested by the client. If
+it allows greater or equal access, access is granted. Otherwise,
+access is denied.
+
+The order of evaluation of access directives makes their placement
+in the configuration file important. If one access directive is
+more specific than another in terms of the entries it selects, it
+should appear first in the configuration. Similarly, if one {{EX:<who>}}
+selector is more specific than another it should come first in the
+access directive. The access control examples given below should
+help make this clear.
+
+
+
+H3: Access Control Examples
+
+The access control facility described above is quite powerful. This
+section shows some examples of its use for descriptive purposes.
+
+A simple example:
+
+> olcAccess: to * by * read
+
+This access directive grants read access to everyone.
+
+> olcAccess: to *
+> by self write
+> by anonymous auth
+> by * read
+
+This directive allows the user to modify their entry, allows anonymous
+to authenticate against these entries, and allows all others to
+read these entries. Note that only the first {{EX:by <who>}} clause
+which matches applies. Hence, the anonymous users are granted
+{{EX:auth}}, not {{EX:read}}. The last clause could just as well
+have been "{{EX:by users read}}".
+
+It is often desirable to restrict operations based upon the level
+of protection in place. The following shows how security strength
+factors (SSF) can be used.
+
+> olcAccess: to *
+> by ssf=128 self write
+> by ssf=64 anonymous auth
+> by ssf=64 users read
+
+This directive allows users to modify their own entries if security
+protections of strength 128 or better have been established,
+allows authentication access to anonymous users, and read access
+when strength 64 or better security protections have been established. If
+the client has not establish sufficient security protections, the
+implicit {{EX:by * none}} clause would be applied.
+
+The following example shows the use of style specifiers to select
+the entries by DN in two access directives where ordering is
+significant.
+
+> olcAccess: to dn.children="dc=example,dc=com"
+> by * search
+> olcAccess: to dn.children="dc=com"
+> by * read
+
+Read access is granted to entries under the {{EX:dc=com}} subtree,
+except for those entries under the {{EX:dc=example,dc=com}} subtree,
+to which search access is granted. No access is granted to
+{{EX:dc=com}} as neither access directive matches this DN. If the
+order of these access directives was reversed, the trailing directive
+would never be reached, since all entries under {{EX:dc=example,dc=com}}
+are also under {{EX:dc=com}} entries.
+
+Also note that if no {{EX:olcAccess: to}} directive matches or no {{EX:by
+<who>}} clause, {{B:access is denied}}. That is, every {{EX:olcAccess:
+to}} directive ends with an implicit {{EX:by * none}} clause and
+every access list ends with an implicit {{EX:olcAccess: to * by * none}}
+directive.
+
+The next example again shows the importance of ordering, both of
+the access directives and the {{EX:by <who>}} clauses. It also
+shows the use of an attribute selector to grant access to a specific
+attribute and various {{EX:<who>}} selectors.
+
+> olcAccess: to dn.subtree="dc=example,dc=com" attrs=homePhone
+> by self write
+> by dn.children=dc=example,dc=com" search
+> by peername.regex=IP:10\..+ read
+> olcAccess: to dn.subtree="dc=example,dc=com"
+> by self write
+> by dn.children="dc=example,dc=com" search
+> by anonymous auth
+
+This example applies to entries in the "{{EX:dc=example,dc=com}}"
+subtree. To all attributes except {{EX:homePhone}}, an entry can
+write to itself, entries under {{EX:example.com}} entries can search
+by them, anybody else has no access (implicit {{EX:by * none}})
+excepting for authentication/authorization (which is always done
+anonymously). The {{EX:homePhone}} attribute is writable by the
+entry, searchable by entries under {{EX:example.com}}, readable by
+clients connecting from network 10, and otherwise not readable
+(implicit {{EX:by * none}}). All other access is denied by the
+implicit {{EX:access to * by * none}}.
+
+Sometimes it is useful to permit a particular DN to add or
+remove itself from an attribute. For example, if you would like to
+create a group and allow people to add and remove only
+their own DN from the member attribute, you could accomplish
+it with an access directive like this:
+
+> olcAccess: to attrs=member,entry
+> by dnattr=member selfwrite
+
+The dnattr {{EX:<who>}} selector says that the access applies to
+entries listed in the {{EX:member}} attribute. The {{EX:selfwrite}} access
+selector says that such members can only add or delete their
+own DN from the attribute, not other values. The addition of
+the entry attribute is required because access to the entry is
+required to access any of the entry's attributes.
+
+
+
+H3: Access Control Ordering
+
+Since the ordering of {{EX:olcAccess}} directives is essential to their
+proper evaluation, but LDAP attributes normally do not preserve the
+ordering of their values, OpenLDAP uses a custom schema extension to
+maintain a fixed ordering of these values. This ordering is maintained
+by prepending a {{EX:"{X}"}} numeric index to each value, similarly to
+the approach used for ordering the configuration entries. These index
+tags are maintained automatically by slapd and do not need to be specified
+when originally defining the values. For example, when you create the
+settings
+
+> olcAccess: to attrs=member,entry
+> by dnattr=member selfwrite
+> olcAccess: to dn.children="dc=example,dc=com"
+> by * search
+> olcAccess: to dn.children="dc=com"
+> by * read
+
+when you read them back using slapcat or ldapsearch they will contain
+
+> olcAccess: {0}to attrs=member,entry
+> by dnattr=member selfwrite
+> olcAccess: {1}to dn.children="dc=example,dc=com"
+> by * search
+> olcAccess: {2}to dn.children="dc=com"
+> by * read
+
+The numeric index may be used to specify a particular value to change
+when using ldapmodify to edit the access rules. This index can be used
+instead of (or in addition to) the actual access value. Using this
+numeric index is very helpful when multiple access rules are being managed.
+
+For example, if we needed to change the second rule above to grant
+write access instead of search, we could try this LDIF:
+
+> changetype: modify
+> delete: olcAccess
+> olcAccess: to dn.children="dc=example,dc=com" by * search
+> -
+> add: olcAccess
+> olcAccess: to dn.children="dc=example,dc=com" by * write
+> -
+
+But this example {{B:will not}} guarantee that the existing values remain in
+their original order, so it will most likely yield a broken security
+configuration. Instead, the numeric index should be used:
+
+> changetype: modify
+> delete: olcAccess
+> olcAccess: {1}
+> -
+> add: olcAccess
+> olcAccess: {1}to dn.children="dc=example,dc=com" by * write
+> -
+
+This example deletes whatever rule is in value #1 of the {{EX:olcAccess}}
+attribute (regardless of its value) and adds a new value that is
+explicitly inserted as value #1. The result will be
+
+> olcAccess: {0}to attrs=member,entry
+> by dnattr=member selfwrite
+> olcAccess: {1}to dn.children="dc=example,dc=com"
+> by * write
+> olcAccess: {2}to dn.children="dc=com"
+> by * read
+
+which is exactly what was intended.
+
+!if 0
+For more details on how to use the {{EX:access}} directive,
+consult the {{Advanced Access Control}} chapter.
+!endif
+
+
+H2: Configuration Example
+
+The following is an example configuration, interspersed
+with explanatory text. It defines two databases to handle
+different parts of the {{TERM:X.500}} tree; both are {{TERM:BDB}}
+database instances. The line numbers shown are provided for
+reference only and are not included in the actual file. First, the
+global configuration section:
+
+E: 1. # example config file - global configuration entry
+E: 2. dn: cn=config
+E: 3. objectClass: olcGlobal
+E: 4. cn: config
+E: 5. olcReferral: ldap://root.openldap.org
+E: 6.
+
+Line 1 is a comment. Lines 2-4 identify this as the global
+configuration entry.
+The {{EX:olcReferral:}} directive on line 5
+means that queries not local to one of the databases defined
+below will be referred to the LDAP server running on the
+standard port (389) at the host {{EX:root.openldap.org}}.
+Line 6 is a blank line, indicating the end of this entry.
+
+E: 7. # internal schema
+E: 8. dn: cn=schema,cn=config
+E: 9. objectClass: olcSchemaConfig
+E: 10. cn: schema
+E: 11.
+
+Line 7 is a comment. Lines 8-10 identify this as the root of
+the schema subtree. The actual schema definitions in this entry
+are hardcoded into slapd so no additional attributes are specified here.
+Line 11 is a blank line, indicating the end of this entry.
+
+E: 12. # include the core schema
+E: 13. include: file:///usr/local/etc/openldap/schema/core.ldif
+E: 14.
+
+Line 12 is a comment. Line 13 is an LDIF include directive which
+accesses the {{core}} schema definitions in LDIF format. Line 14
+is a blank line.
+
+Next comes the database definitions. The first database is the
+special {{EX:frontend}} database whose settings are applied globally
+to all the other databases.
+
+E: 15. # global database parameters
+E: 16. dn: olcDatabase=frontend,cn=config
+E: 17. objectClass: olcDatabaseConfig
+E: 18. olcDatabase: frontend
+E: 19. olcAccess: to * by * read
+E: 20.
+
+Line 15 is a comment. Lines 16-18 identify this entry as the global
+database entry. Line 19 is a global access control. It applies to all
+entries (after any applicable database-specific access controls).
+
+The next entry defines a BDB backend that will handle queries for things
+in the "dc=example,dc=com" portion of the tree. Indices are to be maintained
+for several attributes, and the {{EX:userPassword}} attribute is to be
+protected from unauthorized access.
+
+E: 21. # BDB definition for example.com
+E: 22. dn: olcDatabase=bdb,cn=config
+E: 23. objectClass: olcDatabaseConfig
+E: 24. objectClass: olcBdbConfig
+E: 25. olcDatabase: bdb
+E: 26. olcSuffix: "dc=example,dc=com"
+E: 27. olcDbDirectory: /usr/local/var/openldap-data
+E: 28. olcRootDN: "cn=Manager,dc=example,dc=com"
+E: 29. olcRootPW: secret
+E: 30. olcDbIndex: uid pres,eq
+E: 31. olcDbIndex: cn,sn,uid pres,eq,approx,sub
+E: 32. olcDbIndex: objectClass eq
+E: 33. olcAccess: to attrs=userPassword
+E: 34. by self write
+E: 35. by anonymous auth
+E: 36. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 37. by * none
+E: 38. olcAccess: to *
+E: 39. by self write
+E: 40. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 41. by * read
+E: 42.
+
+Line 21 is a comment. Lines 22-25 identify this entry as a BDB database
+configuration entry. Line 26 specifies the DN suffix
+for queries to pass to this database. Line 27 specifies the directory
+in which the database files will live.
+
+Lines 28 and 29 identify the database {{super-user}} entry and associated
+password. This entry is not subject to access control or size or
+time limit restrictions.
+
+Lines 30 through 32 indicate the indices to maintain for various
+attributes.
+
+Lines 33 through 41 specify access control for entries in this
+database. As this is the first database, the controls also apply
+to entries not held in any database (such as the Root DSE). For
+all applicable entries, the {{EX:userPassword}} attribute is writable
+by the entry itself and by the "admin" entry. It may be used for
+authentication/authorization purposes, but is otherwise not readable.
+All other attributes are writable by the entry and the "admin"
+entry, but may be read by all users (authenticated or not).
+
+Line 42 is a blank line, indicating the end of this entry.
+
+The next section of the example configuration file defines another
+BDB database. This one handles queries involving the
+{{EX:dc=example,dc=net}} subtree but is managed by the same entity
+as the first database. Note that without line 51, the read access
+would be allowed due to the global access rule at line 19.
+
+E: 42. # BDB definition for example.net
+E: 43. dn: olcDatabase=bdb,cn=config
+E: 44. objectClass: olcDatabaseConfig
+E: 45. objectClass: olcBdbConfig
+E: 46. olcDatabase: bdb
+E: 47. olcSuffix: "dc=example,dc=net"
+E: 48. olcDbDirectory: /usr/local/var/openldap-data-net
+E: 49. olcRootDN: "cn=Manager,dc=example,dc=com"
+E: 50. olcDbIndex: objectClass eq
+E: 51. olcAccess: to * by users read
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/slapdconfig.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/slapdconfig.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/slapdconfig.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1112 @@
+# $OpenLDAP: pkg/openldap-guide/admin/slapdconfig.sdf,v 1.79.2.8 2007/04/06 04:00:41 quanah Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: The slapd Configuration File
+
+Once the software has been built and installed, you are ready
+to configure {{slapd}}(8) for use at your site. The slapd
+runtime configuration is primarily accomplished through the
+{{slapd.conf}}(5) file, normally installed in the
+{{EX:/usr/local/etc/openldap}} directory.
+
+An alternate configuration file can be specified via a
+command-line option to {{slapd}}(8) or {{slurpd}}(8). This chapter
+describes the general format of the config file, followed by a
+detailed description of commonly used config file directives.
+
+
+H2: Configuration File Format
+
+The {{slapd.conf}}(5) file consists of three types of configuration
+information: global, backend specific, and database specific. Global
+information is specified first, followed by information associated
+with a particular backend type, which is then followed by information
+associated with a particular database instance. Global directives can
+be overridden in backend and/or database directives, and backend directives
+can be overridden by database directives.
+
+Blank lines and comment lines beginning with a '{{EX:#}}' character
+are ignored. If a line begins with white space, it is considered a
+continuation of the previous line (even if the previous line is a
+comment).
+
+The general format of slapd.conf is as follows:
+
+> # global configuration directives
+> <global config directives>
+>
+> # backend definition
+> backend <typeA>
+> <backend-specific directives>
+>
+> # first database definition & config directives
+> database <typeA>
+> <database-specific directives>
+>
+> # second database definition & config directives
+> database <typeB>
+> <database-specific directives>
+>
+> # second database definition & config directives
+> database <typeA>
+> <database-specific directives>
+>
+> # subsequent backend & database definitions & config directives
+> ...
+
+A configuration directive may take arguments. If so, they are
+separated by white space. If an argument contains white space,
+the argument should be enclosed in double quotes {{EX:"like this"}}. If
+an argument contains a double quote or a backslash character `{{EX:\}}',
+the character should be preceded by a backslash character `{{EX:\}}'.
+
+The distribution contains an example configuration file that will
+be installed in the {{F: /usr/local/etc/openldap}} directory.
+A number of files containing schema definitions (attribute types
+and object classes) are also provided in the
+{{F: /usr/local/etc/openldap/schema}} directory.
+
+
+H2: Configuration File Directives
+
+This section details commonly used configuration directives. For
+a complete list, see the {{slapd.conf}}(5) manual page. This section
+separates the configuration file directives into global,
+backend-specific and data-specific categories, describing each
+directive and its default value (if any), and giving an example of
+its use.
+
+
+
+H3: Global Directives
+
+Directives described in this section apply to all backends
+and databases unless specifically overridden in a backend or
+database definition. Arguments that should be replaced
+by actual text are shown in brackets {{EX:<>}}.
+
+
+H4: access to <what> [ by <who> <accesslevel> <control> ]+
+
+This directive grants access (specified by <accesslevel>) to a
+set of entries and/or attributes (specified by <what>) by one or
+more requesters (specified by <who>).
+See the {{SECT:Access Control}} section of this chapter for a
+summary of basic usage.
+
+!if 0
+More details discussion of this directive can be found in the
+{{SECT:Advanced Access Control}} chapter.
+!endif
+
+Note: If no {{EX:access}} directives are specified, the default
+access control policy, {{EX:access to * by * read}}, allows all
+both authenticated and anonymous users read access.
+
+
+H4: attributetype <{{REF:RFC2252}} Attribute Type Description>
+
+This directive defines an attribute type.
+Please see the {{SECT:Schema Specification}} chapter
+for information regarding how to use this directive.
+
+H4: idletimeout <integer>
+
+Specify the number of seconds to wait before forcibly closing
+an idle client connection. An idletimeout of 0, the default,
+disables this feature.
+
+
+H4: include <filename>
+
+This directive specifies that slapd should read additional
+configuration information from the given file before continuing
+with the next line of the current file. The included file should
+follow the normal slapd config file format. The file is commonly
+used to include files containing schema specifications.
+
+Note: You should be careful when using this directive - there is
+no small limit on the number of nested include directives, and no
+loop detection is done.
+
+H4: loglevel <integer>
+
+This directive specifies the level at which debugging statements
+and operation statistics should be syslogged (currently logged to
+the {{syslogd}}(8) {{EX:LOG_LOCAL4}} facility). You must have
+configured OpenLDAP {{EX:--enable-debug}} (the default) for this
+to work (except for the two statistics levels, which are always
+enabled). Log levels are additive. To display what numbers
+correspond to what kind of debugging, invoke slapd with {{EX:-?}}
+or consult the table below. The possible values for <integer> are:
+
+!block table; colaligns="RL"; align=Center; \
+ title="Table 5.1: Debugging Levels"
+Level Description
+-1 enable all debugging
+0 no debugging
+1 trace function calls
+2 debug packet handling
+4 heavy trace debugging
+8 connection management
+16 print out packets sent and received
+32 search filter processing
+64 configuration file processing
+128 access control list processing
+256 stats log connections/operations/results
+512 stats log entries sent
+1024 print communication with shell backends
+2048 print entry parsing debugging
+!endblock
+
+\Example:
+
+E: loglevel -1
+
+This will cause lots and lots of debugging information to be
+logged.
+
+\Default:
+
+E: loglevel 256
+
+
+H4: objectclass <{{REF:RFC2252}} Object Class Description>
+
+This directive defines an object class.
+Please see the {{SECT:Schema Specification}} chapter for
+information regarding how to use this directive.
+
+
+H4: referral <URI>
+
+This directive specifies the referral to pass back when slapd
+cannot find a local database to handle a request.
+
+\Example:
+
+> referral ldap://root.openldap.org
+
+This will refer non-local queries to the global root LDAP server
+at the OpenLDAP Project. Smart LDAP clients can re-ask their
+query at that server, but note that most of these clients are
+only going to know how to handle simple LDAP URLs that
+contain a host part and optionally a distinguished name part.
+
+
+H4: sizelimit <integer>
+
+This directive specifies the maximum number of entries to return
+from a search operation.
+
+\Default:
+
+> sizelimit 500
+
+
+H4: timelimit <integer>
+
+This directive specifies the maximum number of seconds (in real
+time) slapd will spend answering a search request. If a
+request is not finished in this time, a result indicating an
+exceeded timelimit will be returned.
+
+\Default:
+
+> timelimit 3600
+
+
+H3: General Backend Directives
+
+Directives in this section apply only to the backend in which
+they are defined. They are supported by every type of backend.
+Backend directives apply to all databases instances of the
+same type and, depending on the directive, may be overridden
+by database directives.
+
+H4: backend <type>
+
+This directive marks the beginning of a backend declaration.
+{{EX:<type>}} should be one of the
+supported backend types listed in Table 5.2.
+
+!block table; align=Center; coltags="EX,N"; \
+ title="Table 5.2: Database Backends"
+Types Description
+bdb Berkeley DB transactional backend
+dnssrv DNS SRV backend
+hdb Hierarchical variant of bdb backend
+ldap Lightweight Directory Access Protocol (Proxy) backend
+ldbm Lightweight DBM backend
+meta Meta Directory backend
+monitor Monitor backend
+passwd Provides read-only access to {{passwd}}(5)
+perl Perl Programmable backend
+shell Shell (extern program) backend
+sql SQL Programmable backend
+!endblock
+
+\Example:
+
+> backend bdb
+
+This marks the beginning of a new {{TERM:BDB}} backend
+definition.
+
+
+H3: General Database Directives
+
+Directives in this section apply only to the database in which
+they are defined. They are supported by every type of database.
+
+H4: database <type>
+
+This directive marks the beginning of a database instance
+declaration.
+{{EX:<type>}} should be one of the
+supported backend types listed in Table 5.2.
+
+\Example:
+
+> database bdb
+
+This marks the beginning of a new {{TERM:BDB}} database instance
+declaration.
+
+
+H4: readonly { on | off }
+
+This directive puts the database into "read-only" mode. Any
+attempts to modify the database will return an "unwilling to
+perform" error.
+
+\Default:
+
+> readonly off
+
+H4: replica
+
+> replica uri=ldap[s]://<hostname>[:<port>] | host=<hostname>[:<port>]
+> [bindmethod={simple|sasl}]
+> ["binddn=<DN>"]
+> [saslmech=<mech>]
+> [authcid=<identity>]
+> [authzid=<identity>]
+> [credentials=<password>]
+
+This directive specifies a replication site for this database. The
+{{EX:uri=}} parameter specifies a scheme, a host and optionally a port where
+the slave slapd instance can be found. Either a domain name
+or IP address may be used for <hostname>. If <port> is not
+given, the standard LDAP port number (389 or 636) is used.
+
+{{EX:host}} is deprecated in favor of the {{EX:uri}} parameter.
+
+{{EX:uri}} allows the replica LDAP server to be specified as an LDAP
+URI such as {{EX:ldap://slave.example.com:389}} or
+{{EX:ldaps://slave.example.com:636}}.
+
+The {{EX:binddn=}} parameter gives the DN to bind as for updates
+to the slave slapd. It should be a DN which has read/write access
+to the slave slapd's database. It must also match the {{EX:updatedn}}
+directive in the slave slapd's config file. Generally, this DN
+{{should not}} be the same as the {{EX:rootdn}} of the master
+database. Since DNs are likely to contain embedded spaces, the
+entire {{EX:"binddn=<DN>"}} string should be enclosed in double
+quotes.
+
+The {{EX:bindmethod}} is {{EX:simple}} or {{EX:sasl}}, depending
+on whether simple password-based authentication or {{TERM:SASL}}
+authentication is to be used when connecting to the slave slapd.
+
+Simple authentication should not be used unless adequate data
+integrity and confidentiality protections are in place (e.g. TLS
+or IPSEC). Simple authentication requires specification of
+{{EX:binddn}} and {{EX:credentials}} parameters.
+
+SASL authentication is generally recommended. SASL authentication
+requires specification of a mechanism using the {{EX:saslmech}} parameter.
+Depending on the mechanism, an authentication identity and/or
+credentials can be specified using {{EX:authcid}} and {{EX:credentials}}
+respectively. The {{EX:authzid}} parameter may be used to specify
+an authorization identity.
+
+See the chapter entitled {{SECT:Replication with slurpd}} for more
+information on how to use this directive.
+
+
+H4: replogfile <filename>
+
+This directive specifies the name of the replication log file to
+which slapd will log changes. The replication log is typically
+written by slapd and read by slurpd. Normally, this directive is
+only used if slurpd is being used to replicate the database.
+However, you can also use it to generate a transaction log, if
+slurpd is not running. In this case, you will need to periodically
+truncate the file, since it will grow indefinitely otherwise.
+
+See the chapter entitled {{SECT:Replication with slurpd}} for more
+information on how to use this directive.
+
+
+H4: rootdn <DN>
+
+This directive specifies the DN that is not subject to
+access control or administrative limit restrictions for
+operations on this database. The DN need not refer to
+an entry in this database or even in the directory. The
+DN may refer to a SASL identity.
+
+Entry-based Example:
+
+> rootdn "cn=Manager,dc=example,dc=com"
+
+SASL-based Example:
+
+> rootdn "uid=root,cn=example.com,cn=digest-md5,cn=auth"
+
+See the {{SECT:SASL Authentication}} section for information on
+SASL authentication identities.
+
+
+H4: rootpw <password>
+
+This directive can be used to specifies a password for the DN for
+the rootdn (when the rootdn is set to a DN within the database).
+
+\Example:
+
+> rootpw secret
+
+It is also permissible to provide hash of the password in RFC 2307
+form. {{slappasswd}}(8) may be used to generate the password hash.
+
+\Example:
+
+> rootpw {SSHA}ZKKuqbEKJfKSXhUbHG3fG8MDn9j1v4QN
+
+The hash was generated using the command {{EX:slappasswd -s secret}}.
+
+
+H4: suffix <dn suffix>
+
+This directive specifies the DN suffix of queries that will be
+passed to this backend database. Multiple suffix lines can be
+given, and at least one is required for each database
+definition.
+
+\Example:
+
+> suffix "dc=example,dc=com"
+
+Queries with a DN ending in "dc=example,dc=com"
+will be passed to this backend.
+
+Note: When the backend to pass a query to is selected, slapd
+looks at the suffix line(s) in each database definition in the
+order they appear in the file. Thus, if one database suffix is a
+prefix of another, it must appear after it in the config file.
+
+
+H4: syncrepl
+
+> syncrepl rid=<replica ID>
+> provider=ldap[s]://<hostname>[:port]
+> [type=refreshOnly|refreshAndPersist]
+> [interval=dd:hh:mm:ss]
+> [retry=[<retry interval> <# of retries>]+]
+> [searchbase=<base DN>]
+> [filter=<filter str>]
+> [scope=sub|one|base]
+> [attrs=<attr list>]
+> [attrsonly]
+> [sizelimit=<limit>]
+> [timelimit=<limit>]
+> [schemachecking=on|off]
+> [bindmethod=simple|sasl]
+> [binddn=<DN>]
+> [saslmech=<mech>]
+> [authcid=<identity>]
+> [authzid=<identity>]
+> [credentials=<passwd>]
+> [realm=<realm>]
+> [secprops=<properties>]
+
+
+This directive specifies the current database as a replica of the
+master content by establishing the current {{slapd}}(8) as a
+replication consumer site running a syncrepl replication engine.
+The master database is located at the replication provider site
+specified by the {{EX:provider}} parameter. The replica database is
+kept up-to-date with the master content using the LDAP Content
+Synchronization protocol. See {{EX:draft-zeilenga-ldup-sync-xx.txt}}
+({{a work in progress}}) for more information on the protocol.
+
+The {{EX:rid}} parameter is used for identification of the current
+{{EX:syncrepl}} directive within the replication consumer server,
+where {{EX:<replica ID>}} uniquely identifies the syncrepl specification
+described by the current {{EX:syncrepl}} directive. {{EX:<replica ID>}}
+is non-negative and is no more than three decimal digits in length.
+
+The {{EX:provider}} parameter specifies the replication provider site
+containing the master content as an LDAP URI. The {{EX:provider}}
+parameter specifies a scheme, a host and optionally a port where the
+provider slapd instance can be found. Either a domain name or IP
+address may be used for <hostname>. Examples are
+{{EX:ldap://provider.example.com:389}} or {{EX:ldaps://192.168.1.1:636}}.
+If <port> is not given, the standard LDAP port number (389 or 636) is used.
+Note that the syncrepl uses a consumer-initiated protocol, and hence its
+specification is located at the consumer site, whereas the {{EX:replica}}
+specification is located at the provider site. {{EX:syncrepl}} and
+{{EX:replica}} directives define two independent replication
+mechanisms. They do not represent the replication peers of each other.
+
+The content of the syncrepl replica is defined using a search
+specification as its result set. The consumer slapd will
+send search requests to the provider slapd according to the search
+specification. The search specification includes {{EX:searchbase}},
+{{EX:scope}}, {{EX:filter}}, {{EX:attrs}}, {{EX:attrsonly}},
+{{EX:sizelimit}}, and {{EX:timelimit}} parameters as in the normal
+search specification. The {{EX:searchbase}} parameter has no
+default value and must always be specified. The {{EX:scope}} defaults
+to {{EX:sub}}, the {{EX:filter}} defaults to {{EX:(objectclass=*)}},
+{{EX:attrs}} defaults to {{EX:"*,+"}} to replicate all user and operational
+attributes, and {{EX:attrsonly}} is unset by default. Both {{EX:sizelimit}}
+and {{EX:timelimit}} default to "unlimited", and only integers
+or "unlimited" may be specified.
+
+The LDAP Content Synchronization protocol has two operation
+types: {{EX:refreshOnly}} and {{EX:refreshAndPersist}}.
+The operation type is specified by the {{EX:type}} parameter.
+In the {{EX:refreshOnly}} operation, the next synchronization search operation
+is periodically rescheduled at an interval time after each
+synchronization operation finishes. The interval is specified
+by the {{EX:interval}} parameter. It is set to one day by default.
+In the {{EX:refreshAndPersist}} operation, a synchronization search
+remains persistent in the provider slapd. Further updates to the
+master replica will generate {{EX:searchResultEntry}} to the consumer slapd
+as the search responses to the persistent synchronization search.
+
+If an error occurs during replication, the consumer will attempt to reconnect
+according to the retry parameter which is a list of the <retry interval>
+and <# of retries> pairs. For example, retry="60 10 300 3" lets the consumer
+retry every 60 seconds for the first 10 times and then retry every 300 seconds
+for the next three times before stop retrying. + in <# of retries> means
+indefinite number of retries until success.
+
+The schema checking can be enforced at the LDAP Sync consumer site
+by turning on the {{EX:schemachecking}} parameter.
+If it is turned on, every replicated entry will be checked for its
+schema as the entry is stored into the replica content.
+Every entry in the replica should contain those attributes
+required by the schema definition.
+If it is turned off, entries will be stored without checking
+schema conformance. The default is off.
+
+The {{EX:binddn}} parameter gives the DN to bind as for the
+syncrepl searches to the provider slapd. It should be a DN
+which has read access to the replication content in the
+master database.
+
+The {{EX:bindmethod}} is {{EX:simple}} or {{EX:sasl}},
+depending on whether simple password-based authentication or
+{{TERM:SASL}} authentication is to be used when connecting
+to the provider slapd.
+
+Simple authentication should not be used unless adequate data
+integrity and confidentiality protections are in place (e.g. TLS
+or IPSEC). Simple authentication requires specification of {{EX:binddn}}
+and {{EX:credentials}} parameters.
+
+SASL authentication is generally recommended. SASL authentication
+requires specification of a mechanism using the {{EX:saslmech}} parameter.
+Depending on the mechanism, an authentication identity and/or
+credentials can be specified using {{EX:authcid}} and {{EX:credentials}},
+respectively. The {{EX:authzid}} parameter may be used to specify
+an authorization identity.
+
+The {{EX:realm}} parameter specifies a realm which a certain
+mechanisms authenticate the identity within. The {{EX:secprops}}
+parameter specifies Cyrus SASL security properties.
+
+The syncrepl replication mechanism is supported by the
+three native backends: back-bdb, back-hdb, and back-ldbm.
+
+See the {{SECT:LDAP Sync Replication}} chapter of the admin guide
+for more information on how to use this directive.
+
+
+H4: updatedn <DN>
+
+This directive is only applicable in a slave slapd. It specifies
+the DN allowed to make changes to the replica. This may be the DN
+{{slurpd}}(8) binds as when making changes to the replica or the DN
+associated with a SASL identity.
+
+Entry-based Example:
+
+> updatedn "cn=Update Daemon,dc=example,dc=com"
+
+SASL-based Example:
+
+> updatedn "uid=slurpd,cn=example.com,cn=digest-md5,cn=auth"
+
+See the {{SECT:Replication with slurpd}} chapter for more information
+on how to use this directive.
+
+H4: updateref <URL>
+
+This directive is only applicable in a slave slapd. It
+specifies the URL to return to clients which submit update
+requests upon the replica.
+If specified multiple times, each {{TERM:URL}} is provided.
+
+\Example:
+
+> updateref ldap://master.example.net
+
+
+H3: BDB and HDB Database Directives
+
+Directives in this category only apply to both the {{TERM:BDB}}
+and the {{TERM:HDB}} database.
+That is, they must follow a "database bdb" or "database hdb" line
+and come before any
+subsequent "backend" or "database" line. For a complete reference
+of BDB/HDB configuration directives, see {{slapd-bdb}}(5).
+
+
+H4: directory <directory>
+
+This directive specifies the directory where the BDB files
+containing the database and associated indices live.
+
+\Default:
+
+> directory /usr/local/var/openldap-data
+
+
+H3: LDBM Database Directives
+
+Directives in this category only apply to a {{TERM:LDBM}} database.
+That is, they must follow a "database ldbm" line and come before
+any subsequent "backend" or "database" line. For a complete reference
+of LDBM configuration directives, see {{slapd-ldbm}}(5).
+
+H4: cachesize <integer>
+
+This directive specifies the size in entries of the in-memory
+cache maintained by the LDBM backend database instance.
+
+\Default:
+
+> cachesize 1000
+
+
+H4: dbcachesize <integer>
+
+This directive specifies the size in bytes of the in-memory cache
+associated with each open index file. If not supported by the
+underlying database method, this directive is ignored without
+comment. Increasing this number uses more memory but can
+cause a dramatic performance increase, especially during
+modifies or when building indices.
+
+\Default:
+
+> dbcachesize 100000
+
+
+H4: dbnolocking
+
+This option, if present, disables database locking.
+Enabling this option may improve performance at the expense
+of data security.
+
+
+H4: dbnosync
+
+This option causes on-disk database contents to not be immediately
+synchronized with in memory changes upon change. Enabling this option
+may improve performance at the expense of data integrity.
+
+
+H4: directory <directory>
+
+This directive specifies the directory where the LDBM files
+containing the database and associated indices live.
+
+\Default:
+
+> directory /usr/local/var/openldap-data
+
+
+H4: index {<attrlist> | default} [pres,eq,approx,sub,none]
+
+This directive specifies the indices to maintain for the given
+attribute. If only an {{EX:<attrlist>}} is given, the default
+indices are maintained.
+
+\Example:
+
+> index default pres,eq
+> index uid
+> index cn,sn pres,eq,sub
+> index objectClass eq
+
+The first line sets the default set of indices to maintain to
+present and equality. The second line causes the default (pres,eq)
+set of indices to be maintained for the {{EX:uid}} attribute type.
+The third line causes present, equality, and substring indices to
+be maintained for {{EX:cn}} and {{EX:sn}} attribute types. The
+fourth line causes an equality index for the {{EX:objectClass}}
+attribute type.
+
+By default, no indices are maintained. It is generally advised
+that minimally an equality index upon objectClass be maintained.
+
+> index objectClass eq
+
+
+
+H4: mode <integer>
+
+This directive specifies the file protection mode that newly
+created database index files should have.
+
+\Default:
+
+> mode 0600
+
+
+H2: Access Control
+
+Access to slapd entries and attributes is controlled by the
+access configuration file directive. The general form of an
+access line is:
+
+> <access directive> ::= access to <what>
+> [by <who> <access> <control>]+
+> <what> ::= * |
+> [dn[.<basic-style>]=<regex> | dn.<scope-style>=<DN>]
+> [filter=<ldapfilter>] [attrs=<attrlist>]
+> <basic-style> ::= regex | exact
+> <scope-style> ::= base | one | subtree | children
+> <attrlist> ::= <attr> [val[.<basic-style>]=<regex>] | <attr> , <attrlist>
+> <attr> ::= <attrname> | entry | children
+> <who> ::= * | [anonymous | users | self
+> | dn[.<basic-style>]=<regex> | dn.<scope-style>=<DN>]
+> [dnattr=<attrname>]
+> [group[/<objectclass>[/<attrname>][.<basic-style>]]=<regex>]
+> [peername[.<basic-style>]=<regex>]
+> [sockname[.<basic-style>]=<regex>]
+> [domain[.<basic-style>]=<regex>]
+> [sockurl[.<basic-style>]=<regex>]
+> [set=<setspec>]
+> [aci=<attrname>]
+> <access> ::= [self]{<level>|<priv>}
+> <level> ::= none | auth | compare | search | read | write
+> <priv> ::= {=|+|-}{w|r|s|c|x|0}+
+> <control> ::= [stop | continue | break]
+
+where the <what> part selects the entries and/or attributes to which
+the access applies, the {{EX:<who>}} part specifies which entities
+are granted access, and the {{EX:<access>}} part specifies the
+access granted. Multiple {{EX:<who> <access> <control>}} triplets
+are supported, allowing many entities to be granted different access
+to the same set of entries and attributes. Not all of these access
+control options are described here; for more details see the
+{{slapd.access}}(5) man page.
+
+
+H3: What to control access to
+
+The <what> part of an access specification determines the entries
+and attributes to which the access control applies. Entries are
+commonly selected in two ways: by DN and by filter. The following
+qualifiers select entries by DN:
+
+> to *
+> to dn[.<basic-style>]=<regex>
+> to dn.<scope-style>=<DN>
+
+The first form is used to select all entries. The second form may
+be used to select entries by matching a regular expression against
+the target entry's {{normalized DN}}. (The second form is not
+discussed further in this document.) The third form is used to
+select entries which are within the requested scope of DN. The
+<DN> is a string representation of the Distinguished Name, as
+described in {{REF:RFC2253}}.
+
+The scope can be either {{EX:base}}, {{EX:one}}, {{EX:subtree}},
+or {{EX:children}}. Where {{EX:base}} matches only the entry with
+provided DN, {{EX:one}} matches the entries whose parent is the
+provided DN, {{EX:subtree}} matches all entries in the subtree whose
+root is the provided DN, and {{EX:children}} matches all entries
+under the DN (but not the entry named by the DN).
+
+For example, if the directory contained entries named:
+
+> 0: o=suffix
+> 1: cn=Manager,o=suffix
+> 2: ou=people,o=suffix
+> 3: uid=kdz,ou=people,o=suffix
+> 4: cn=addresses,uid=kdz,ou=people,o=suffix
+> 5: uid=hyc,ou=people,o=suffix
+
+\Then:
+. {{EX:dn.base="ou=people,o=suffix"}} match 2;
+. {{EX:dn.one="ou=people,o=suffix"}} match 3, and 5;
+. {{EX:dn.subtree="ou=people,o=suffix"}} match 2, 3, 4, and 5; and
+. {{EX:dn.children="ou=people,o=suffix"}} match 3, 4, and 5.
+
+
+Entries may also be selected using a filter:
+
+> to filter=<ldap filter>
+
+where <ldap filter> is a string representation of an LDAP
+search filter, as described in {{REF:RFC2254}}. For example:
+
+> to filter=(objectClass=person)
+
+Note that entries may be selected by both DN and filter by
+including both qualifiers in the <what> clause.
+
+> to dn.one="ou=people,o=suffix" filter=(objectClass=person)
+
+Attributes within an entry are selected by including a comma-separated
+list of attribute names in the <what> selector:
+
+> attrs=<attribute list>
+
+A specific value of an attribute is selected by using a single
+attribute name and also using a value selector:
+
+> attrs=<attribute> val[.<style>]=<regex>
+
+There are two special {{pseudo}} attributes {{EX:entry}} and
+{{EX:children}}. To read (and hence return) a target entry, the
+subject must have {{EX:read}} access to the target's {{entry}}
+attribute. To add or delete an entry, the subject must have
+{{EX:write}} access to the entry's {{EX:entry}} attribute AND must
+have {{EX:write}} access to the entry's parent's {{EX:children}}
+attribute. To rename an entry, the subject must have {{EX:write}}
+access to entry's {{EX:entry}} attribute AND have {{EX:write}}
+access to both the old parent's and new parent's {{EX:children}}
+attributes. The complete examples at the end of this section should
+help clear things up.
+
+Lastly, there is a special entry selector {{EX:"*"}} that is used to
+select any entry. It is used when no other {{EX:<what>}}
+selector has been provided. It's equivalent to "{{EX:dn=.*}}"
+
+
+H3: Who to grant access to
+
+The <who> part identifies the entity or entities being granted
+access. Note that access is granted to "entities" not "entries."
+The following table summarizes entity specifiers:
+
+!block table; align=Center; coltags="EX,N"; \
+ title="Table 5.3: Access Entity Specifiers"
+Specifier|Entities
+*|All, including anonymous and authenticated users
+anonymous|Anonymous (non-authenticated) users
+users|Authenticated users
+self|User associated with target entry
+dn[.<basic-style>]=<regex>|Users matching a regular expression
+dn.<scope-style>=<DN>|Users within scope of a DN
+!endblock
+
+The DN specifier behaves much like <what> clause DN specifiers.
+
+Other control factors are also supported. For example, a {{EX:<who>}}
+can be restricted by an entry listed in a DN-valued attribute in
+the entry to which the access applies:
+
+> dnattr=<dn-valued attribute name>
+
+The dnattr specification is used to give access to an entry
+whose DN is listed in an attribute of the entry (e.g., give
+access to a group entry to whoever is listed as the owner of
+the group entry).
+
+Some factors may not be appropriate in all environments (or any).
+For example, the domain factor relies on IP to domain name lookups.
+As these can easily spoofed, the domain factor should not be avoided.
+
+
+H3: The access to grant
+
+
+The kind of <access> granted can be one of the following:
+
+
+!block table; colaligns="LRL"; coltags="EX,EX,N"; align=Center; \
+ title="Table 5.4: Access Levels"
+Level Privileges Description
+none =0 no access
+auth =x needed to bind
+compare =cx needed to compare
+search =scx needed to apply search filters
+read =rscx needed to read search results
+write =wrscx needed to modify/rename
+!endblock
+
+Each level implies all lower levels of access. So, for
+example, granting someone {{EX:write}} access to an entry also
+grants them {{EX:read}}, {{EX:search}}, {{EX:compare}}, and
+{{EX:auth}} access. However, one may use the privileges specifier
+to grant specific permissions.
+
+
+H3: Access Control Evaluation
+
+When evaluating whether some requester should be given access to
+an entry and/or attribute, slapd compares the entry and/or attribute
+to the {{EX:<what>}} selectors given in the configuration file.
+For each entry, access controls provided in the database which holds
+the entry (or the first database if not held in any database) apply
+first, followed by the global access directives. Within this
+priority, access directives are examined in the order in which they
+appear in the config file. Slapd stops with the first {{EX:<what>}}
+selector that matches the entry and/or attribute. The corresponding
+access directive is the one slapd will use to evaluate access.
+
+Next, slapd compares the entity requesting access to the {{EX:<who>}}
+selectors within the access directive selected above in the order
+in which they appear. It stops with the first {{EX:<who>}} selector
+that matches the requester. This determines the access the entity
+requesting access has to the entry and/or attribute.
+
+Finally, slapd compares the access granted in the selected
+{{EX:<access>}} clause to the access requested by the client. If
+it allows greater or equal access, access is granted. Otherwise,
+access is denied.
+
+The order of evaluation of access directives makes their placement
+in the configuration file important. If one access directive is
+more specific than another in terms of the entries it selects, it
+should appear first in the config file. Similarly, if one {{EX:<who>}}
+selector is more specific than another it should come first in the
+access directive. The access control examples given below should
+help make this clear.
+
+
+
+H3: Access Control Examples
+
+The access control facility described above is quite powerful. This
+section shows some examples of its use for descriptive purposes.
+
+A simple example:
+
+> access to * by * read
+
+This access directive grants read access to everyone.
+
+> access to *
+> by self write
+> by anonymous auth
+> by * read
+
+This directive allows the user to modify their entry, allows anonymous
+to authentication against these entries, and allows all others to
+read these entries. Note that only the first {{EX:by <who>}} clause
+which matches applies. Hence, the anonymous users are granted
+{{EX:auth}}, not {{EX:read}}. The last clause could just as well
+have been "{{EX:by users read}}".
+
+It is often desirable to restrict operations based upon the level
+of protection in place. The following shows how security strength
+factors (SSF) can be used.
+
+> access to *
+> by ssf=128 self write
+> by ssf=64 anonymous auth
+> by ssf=64 users read
+
+This directive allows users to modify their own entries if security
+protections have of strength 128 or better have been established,
+allows authentication access to anonymous users, and read access
+when 64 or better security protections have been established. If
+client has not establish sufficient security protections, the
+implicit {{EX:by * none}} clause would be applied.
+
+The following example shows the use of a style specifiers to select
+the entries by DN in two access directives where ordering is
+significant.
+
+> access to dn.children="dc=example,dc=com"
+> by * search
+> access to dn.children="dc=com"
+> by * read
+
+Read access is granted to entries under the {{EX:dc=com}} subtree,
+except for those entries under the {{EX:dc=example,dc=com}} subtree,
+to which search access is granted. No access is granted to
+{{EX:dc=com}} as neither access directive matches this DN. If the
+order of these access directives was reversed, the trailing directive
+would never be reached, since all entries under {{EX:dc=example,dc=com}}
+are also under {{EX:dc=com}} entries.
+
+Also note that if no {{EX:access to}} directive matches or no {{EX:by
+<who>}} clause, {{B:access is denied}}. That is, every {{EX:access
+to}} directive ends with an implicit {{EX:by * none}} clause and
+every access list ends with an implicit {{EX:access to * by * none}}
+directive.
+
+The next example again shows the importance of ordering, both of
+the access directives and the {{EX:by <who>}} clauses. It also
+shows the use of an attribute selector to grant access to a specific
+attribute and various {{EX:<who>}} selectors.
+
+> access to dn.subtree="dc=example,dc=com" attrs=homePhone
+> by self write
+> by dn.children="dc=example,dc=com" search
+> by peername.regex=IP:10\..+ read
+> access to dn.subtree="dc=example,dc=com"
+> by self write
+> by dn.children="dc=example,dc=com" search
+> by anonymous auth
+
+This example applies to entries in the "{{EX:dc=example,dc=com}}"
+subtree. To all attributes except {{EX:homePhone}}, an entry can
+write to itself, entries under {{EX:example.com}} entries can search
+by them, anybody else has no access (implicit {{EX:by * none}})
+excepting for authentication/authorization (which is always done
+anonymously). The {{EX:homePhone}} attribute is writable by the
+entry, searchable by entries under {{EX:example.com}}, readable by
+clients connecting from network 10, and otherwise not readable
+(implicit {{EX:by * none}}). All other access is denied by the
+implicit {{EX:access to * by * none}}.
+
+Sometimes it is useful to permit a particular DN to add or
+remove itself from an attribute. For example, if you would like to
+create a group and allow people to add and remove only
+their own DN from the member attribute, you could accomplish
+it with an access directive like this:
+
+> access to attrs=member,entry
+> by dnattr=member selfwrite
+
+The dnattr {{EX:<who>}} selector says that the access applies to
+entries listed in the {{EX:member}} attribute. The {{EX:selfwrite}} access
+selector says that such members can only add or delete their
+own DN from the attribute, not other values. The addition of
+the entry attribute is required because access to the entry is
+required to access any of the entry's attributes.
+
+!if 0
+For more details on how to use the {{EX:access}} directive,
+consult the {{Advanced Access Control}} chapter.
+!endif
+
+
+H2: Configuration File Example
+
+The following is an example configuration file, interspersed
+with explanatory text. It defines two databases to handle
+different parts of the {{TERM:X.500}} tree; both are {{TERM:BDB}}
+database instances. The line numbers shown are provided for
+reference only and are not included in the actual file. First, the
+global configuration section:
+
+E: 1. # example config file - global configuration section
+E: 2. include /usr/local/etc/schema/core.schema
+E: 3. referral ldap://root.openldap.org
+E: 4. access to * by * read
+
+Line 1 is a comment. Line 2 includes another config file
+which contains {{core}} schema definitions.
+The {{EX:referral}} directive on line 3
+means that queries not local to one of the databases defined
+below will be referred to the LDAP server running on the
+standard port (389) at the host {{EX:root.openldap.org}}.
+
+Line 4 is a global access control. It applies to all
+entries (after any applicable database-specific access
+controls).
+
+The next section of the configuration file defines a BDB
+backend that will handle queries for things in the
+"dc=example,dc=com" portion of the tree. The
+database is to be replicated to two slave slapds, one on
+truelies, the other on judgmentday. Indices are to be
+maintained for several attributes, and the {{EX:userPassword}}
+attribute is to be protected from unauthorized access.
+
+E: 5. # BDB definition for the example.com
+E: 6. database bdb
+E: 7. suffix "dc=example,dc=com"
+E: 8. directory /usr/local/var/openldap-data
+E: 9. rootdn "cn=Manager,dc=example,dc=com"
+E: 10. rootpw secret
+E: 11. # replication directives
+E: 12. replogfile /usr/local/var/openldap/slapd.replog
+E: 13. replica uri=ldap://slave1.example.com:389
+E: 14. binddn="cn=Replicator,dc=example,dc=com"
+E: 15. bindmethod=simple credentials=secret
+E: 16. replica uri=ldaps://slave2.example.com:636
+E: 17. binddn="cn=Replicator,dc=example,dc=com"
+E: 18. bindmethod=simple credentials=secret
+E: 19. # indexed attribute definitions
+E: 20. index uid pres,eq
+E: 21. index cn,sn,uid pres,eq,approx,sub
+E: 22. index objectClass eq
+E: 23. # database access control definitions
+E: 24. access to attrs=userPassword
+E: 25. by self write
+E: 26. by anonymous auth
+E: 27. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 28. by * none
+E: 29. access to *
+E: 30. by self write
+E: 31. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 32. by * read
+
+Line 5 is a comment. The start of the database definition is marked
+by the database keyword on line 6. Line 7 specifies the DN suffix
+for queries to pass to this database. Line 8 specifies the directory
+in which the database files will live.
+
+Lines 9 and 10 identify the database {{super-user}} entry and associated
+password. This entry is not subject to access control or size or
+time limit restrictions.
+
+Lines 11 through 18 are for replication. Line 12 specifies the
+replication log file (where changes to the database are logged -
+this file is written by slapd and read by slurpd). Lines 13 through
+15 specify the hostname and port for a replicated host, the DN to
+bind as when performing updates, the bind method (simple) and the
+credentials (password) for the binddn. Lines 16 through 18 specify
+a second replication site. See the {{SECT:Replication with slurpd}}
+chapter for more information on these directives.
+
+Lines 20 through 22 indicate the indices to maintain for various
+attributes.
+
+Lines 24 through 32 specify access control for entries in this
+database. As this is the first database, the controls also apply
+to entries not held in any database (such as the Root DSE). For
+all applicable entries, the {{EX:userPassword}} attribute is writable
+by the entry itself and by the "admin" entry. It may be used for
+authentication/authorization purposes, but is otherwise not readable.
+All other attributes are writable by the entry and the "admin"
+entry, but may be read by all users (authenticated or not).
+
+The next section of the example configuration file defines another
+BDB database. This one handles queries involving the
+{{EX:dc=example,dc=net}} subtree but is managed by the same entity
+as the first database. Note that without line 39, the read access
+would be allowed due to the global access rule at line 4.
+
+E: 33. # BDB definition for example.net
+E: 34. database bdb
+E: 35. suffix "dc=example,dc=net"
+E: 36. directory /usr/local/var/openldap-data-net
+E: 37. rootdn "cn=Manager,dc=example,dc=com"
+E: 38. index objectClass eq
+E: 39. access to * by users read
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/syncrepl.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/syncrepl.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/syncrepl.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,407 @@
+# $OpenLDAP: pkg/openldap-guide/admin/syncrepl.sdf,v 1.14.2.3 2007/01/02 21:43:43 kurt Exp $
+# Copyright 2003-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: LDAP Sync Replication
+
+The LDAP Sync replication engine, syncrepl for short, is a consumer-side
+replication engine that enables the consumer LDAP server to maintain
+a shadow copy of a DIT fragment. A syncrepl engine resides at the
+consumer-side as one of the {{slapd}} (8) threads. It creates and
+maintains a consumer replica by connecting to the replication
+provider to perform the initial DIT content load followed either
+by periodic content polling or by timely updates upon content
+changes.
+
+Syncrepl uses the LDAP Content Synchronization (or LDAP Sync for
+short) protocol as the replica synchronization protocol. It provides
+a stateful replication which supports both pull-based and push-based
+synchronization and does not mandate the use of a history store.
+
+Syncrepl keeps track of the status of the replication content by
+maintaining and exchanging synchronization cookies. Because the
+syncrepl consumer and provider maintain their content status, the
+consumer can poll the provider content to perform incremental
+synchronization by asking for the entries required to make the
+consumer replica up-to-date with the provider content. Syncrepl
+also enables convenient management of replicas by maintaining replica
+status. The consumer replica can be constructed from a consumer-side
+or a provider-side backup at any synchronization status. Syncrepl
+can automatically resynchronize the consumer replica up-to-date
+with the current provider content.
+
+Syncrepl supports both pull-based and push-based synchronization.
+In its basic refreshOnly synchronization mode, the provider uses
+pull-based synchronization where the consumer servers need not be
+tracked and no history information is maintained. The information
+required for the provider to process periodic polling requests is
+contained in the synchronization cookie of the request itself. To
+optimize the pull-based synchronization, syncrepl utilizes the
+present phase of the LDAP Sync protocol as well as its delete phase,
+instead of falling back on frequent full reloads. To further optimize
+the pull-based synchronization, the provider can maintain a per-scope
+session log as a history store. In its refreshAndPersist mode of
+synchronization, the provider uses a push-based synchronization.
+The provider keeps track of the consumer servers that have requested
+a persistent search and sends them necessary updates as the provider
+replication content gets modified.
+
+With syncrepl, a consumer server can create a replica without
+changing the provider's configurations and without restarting the
+provider server, if the consumer server has appropriate access
+privileges for the DIT fragment to be replicated. The consumer
+server can stop the replication also without the need for provider-side
+changes and restart.
+
+Syncrepl supports both partial and sparse replications. The shadow
+DIT fragment is defined by a general search criteria consisting of
+base, scope, filter, and attribute list. The replica content is
+also subject to the access privileges of the bind identity of the
+syncrepl replication connection.
+
+
+H2: The LDAP Content Synchronization Protocol
+
+The LDAP Sync protocol allows a client to maintain a synchronized
+copy of a DIT fragment. The LDAP Sync operation is defined as a set
+of controls and other protocol elements which extend the LDAP search
+operation. This section introduces the LDAP Content Sync protocol
+only briefly. For more information, refer to the Internet Draft
+{{The LDAP Content Synchronization Operation
+<draft-zeilenga-ldup-sync-05.txt>}}.
+
+The LDAP Sync protocol supports both polling and listening for
+changes by defining two respective synchronization operations:
+{{refreshOnly}} and {{refreshAndPersist}}. Polling is implemented
+by the {{refreshOnly}} operation. The client copy is synchronized
+to the server copy at the time of polling. The server finishes the
+search operation by returning {{SearchResultDone}} at the end of
+the search operation as in the normal search. The listening is
+implemented by the {{refreshAndPersist}} operation. Instead of
+finishing the search after returning all entries currently matching
+the search criteria, the synchronization search remains persistent
+in the server. Subsequent updates to the synchronization content
+in the server cause additional entry updates to be sent to the
+client.
+
+The {{refreshOnly}} operation and the refresh stage of the
+{{refreshAndPersist}} operation can be performed with a present
+phase or a delete phase.
+
+In the present phase, the server sends the client the entries updated
+within the search scope since the last synchronization. The server
+sends all requested attributes, be it changed or not, of the updated
+entries. For each unchanged entry which remains in the scope, the
+server sends a present message consisting only of the name of the
+entry and the synchronization control representing state present.
+The present message does not contain any attributes of the entry.
+After the client receives all update and present entries, it can
+reliably determine the new client copy by adding the entries added
+to the server, by replacing the entries modified at the server, and
+by deleting entries in the client copy which have not been updated
+nor specified as being present at the server.
+
+The transmission of the updated entries in the delete phase is the
+same as in the present phase. The server sends all the requested
+attributes of the entries updated within the search scope since the
+last synchronization to the client. In the delete phase, however,
+the server sends a delete message for each entry deleted from the
+search scope, instead of sending present messages. The delete
+message consists only of the name of the entry and the synchronization
+control representing state delete. The new client copy can be
+determined by adding, modifying, and removing entries according to
+the synchronization control attached to the {{SearchResultEntry}}
+message.
+
+In the case that the LDAP Sync server maintains a history store and
+can determine which entries are scoped out of the client copy since
+the last synchronization time, the server can use the delete phase.
+If the server does not maintain any history store, cannot determine
+the scoped-out entries from the history store, or the history store
+does not cover the outdated synchronization state of the client,
+the server should use the present phase. The use of the present
+phase is much more efficient than a full content reload in terms
+of the synchronization traffic. To reduce the synchronization
+traffic further, the LDAP Sync protocol also provides several
+optimizations such as the transmission of the normalized {{EX:entryUUID}}s
+and the transmission of multiple {{EX:entryUUIDs}} in a single
+{{syncIdSet}} message.
+
+At the end of the {{refreshOnly}} synchronization, the server sends
+a synchronization cookie to the client as a state indicator of the
+client copy after the synchronization is completed. The client
+will present the received cookie when it requests the next incremental
+synchronization to the server.
+
+When {{refreshAndPersist}} synchronization is used, the server sends
+a synchronization cookie at the end of the refresh stage by sending
+a Sync Info message with TRUE refreshDone. It also sends a
+synchronization cookie by attaching it to {{SearchResultEntry}}
+generated in the persist stage of the synchronization search. During
+the persist stage, the server can also send a Sync Info message
+containing the synchronization cookie at any time the server wants
+to update the client-side state indicator. The server also updates
+a synchronization indicator of the client at the end of the persist
+stage.
+
+In the LDAP Sync protocol, entries are uniquely identified by the
+{{EX:entryUUID}} attribute value. It can function as a reliable
+identifier of the entry. The DN of the entry, on the other hand,
+can be changed over time and hence cannot be considered as the
+reliable identifier. The {{EX:entryUUID}} is attached to each
+{{SearchResultEntry}} or {{SearchResultReference}} as a part of the
+synchronization control.
+
+
+H2: Syncrepl Details
+
+The syncrepl engine utilizes both the {{refreshOnly}} and the
+{{refreshAndPersist}} operations of the LDAP Sync protocol. If a
+syncrepl specification is included in a database definition, {{slapd}}
+(8) launches a syncrepl engine as a {{slapd}} (8) thread and schedules
+its execution. If the {{refreshOnly}} operation is specified, the
+syncrepl engine will be rescheduled at the interval time after a
+synchronization operation is completed. If the {{refreshAndPersist}}
+operation is specified, the engine will remain active and process
+the persistent synchronization messages from the provider.
+
+The syncrepl engine utilizes both the present phase and the delete
+phase of the refresh synchronization. It is possible to configure
+a per-scope session log in the provider server which stores the
+{{EX:entryUUID}}s of a finite number of entries deleted from a
+replication content. Multiple replicas of single provider content
+share the same per-scope session log. The syncrepl engine uses the
+delete phase if the session log is present and the state of the
+consumer server is recent enough that no session log entries are
+truncated after the last synchronization of the client. The syncrepl
+engine uses the present phase if no session log is configured for
+the replication content or if the consumer replica is too outdated
+to be covered by the session log. The current design of the session
+log store is memory based, so the information contained in the
+session log is not persistent over multiple provider invocations.
+It is not currently supported to access the session log store by
+using LDAP operations. It is also not currently supported to impose
+access control to the session log.
+
+As a further optimization, even in the case the synchronization
+search is not associated with any session log, no entries will be
+transmitted to the consumer server when there has been no update
+in the replication context.
+
+The syncrepl engine, which is a consumer-side replication engine,
+can work with any backends. The LDAP Sync provider can be configured
+as an overlay on any backend, but works best with the {{back-bdb}}
+or {{back-hdb}} backend. The provider can not support refreshAndPersist
+mode on {{back-ldbm}} due to limits in that backend's locking
+architecture.
+
+The LDAP Sync provider maintains a {{EX:contextCSN}} for each
+database as the current synchronization state indicator of the
+provider content. It is the largest {{EX:entryCSN}} in the provider
+context such that no transactions for an entry having smaller
+{{EX:entryCSN}} value remains outstanding. The {{EX:contextCSN}}
+could not just be set to the largest issued {{EX:entryCSN}} because
+{{EX:entryCSN}} is obtained before a transaction starts and
+transactions are not committed in the issue order.
+
+The provider stores the {{EX:contextCSN}} of a context in the
+{{EX:contextCSN}} attribute of the context suffix entry. The attribute
+is not written to the database after every update operation though;
+instead it is maintained primarily in memory. At database start
+time the provider reads the last saved {{EX:contextCSN}} into memory
+and uses the in-memory copy exclusively thereafter. By default,
+changes to the {{EX:contextCSN}} as a result of database updates
+will not be written to the database until the server is cleanly
+shut down. A checkpoint facility exists to cause the contextCSN to
+be written out more frequently if desired.
+
+Note that at startup time, if the provider is unable to read a
+{{EX:contextCSN}} from the suffix entry, it will scan the entire
+database to determine the value, and this scan may take quite a
+long time on a large database. When a {{EX:contextCSN}} value is
+read, the database will still be scanned for any {{EX:entryCSN}}
+values greater than it, to make sure the {{EX:contextCSN}} value
+truly reflects the greatest committed {{EX:entryCSN}} in the database.
+On databases which support inequality indexing, setting an eq index
+on the {{EX:entryCSN}} attribute and configuring {{contextCSN}}
+checkpoints will greatly speed up this scanning step.
+
+If no {{EX:contextCSN}} can be determined by reading and scanning
+the database, a new value will be generated. Also, if scanning the
+database yielded a greater {{EX:entryCSN}} than was previously
+recorded in the suffix entry's {{EX:contextCSN}} attribute, a
+checkpoint will be immediately written with the new value.
+
+The consumer also stores its replica state, which is the provider's
+{{EX:contextCSN}} received as a synchronization cookie, in the
+{{EX:contextCSN}} attribute of the suffix entry. The replica state
+maintained by a consumer server is used as the synchronization state
+indicator when it performs subsequent incremental synchronization
+with the provider server. It is also used as a provider-side
+synchronization state indicator when it functions as a secondary
+provider server in a cascading replication configuration. Since
+the consumer and provider state information are maintained in the
+same location within their respective databases, any consumer can
+be promoted to a provider (and vice versa) without any special
+actions.
+
+Because a general search filter can be used in the syncrepl
+specification, some entries in the context may be omitted from the
+synchronization content. The syncrepl engine creates a glue entry
+to fill in the holes in the replica context if any part of the
+replica content is subordinate to the holes. The glue entries will
+not be returned in the search result unless {{ManageDsaIT}} control
+is provided.
+
+Also as a consequence of the search filter used in the syncrepl
+specification, it is possible for a modification to remove an entry
+from the replication scope even though the entry has not been deleted
+on the provider. Logically the entry must be deleted on the consumer
+but in {{refreshOnly}} mode the provider cannot detect and propagate
+this change without the use of the session log.
+
+
+H2: Configuring Syncrepl
+
+Because syncrepl is a consumer-side replication engine, the syncrepl
+specification is defined in {{slapd.conf}} (5) of the consumer
+server, not in the provider server's configuration file. The initial
+loading of the replica content can be performed either by starting
+the syncrepl engine with no synchronization cookie or by populating
+the consumer replica by adding an {{TERM:LDIF}} file dumped as a
+backup at the provider.
+
+When loading from a backup, it is not required to perform the initial
+loading from the up-to-date backup of the provider content. The
+syncrepl engine will automatically synchronize the initial consumer
+replica to the current provider content. As a result, it is not
+required to stop the provider server in order to avoid the replica
+inconsistency caused by the updates to the provider content during
+the content backup and loading process.
+
+When replicating a large scale directory, especially in a bandwidth
+constrained environment, it is advised to load the consumer replica
+from a backup instead of performing a full initial load using
+syncrepl.
+
+
+H3: Set up the provider slapd
+
+The provider is implemented as an overlay, so the overlay itself
+must first be configured in {{slapd.conf}} (5) before it can be
+used. The provider has only two configuration directives, for setting
+checkpoints on the {{EX:contextCSN}} and for configuring the session
+log. Because the LDAP Sync search is subject to access control,
+proper access control privileges should be set up for the replicated
+content.
+
+The {{EX:contextCSN}} checkpoint is configured by the
+
+> syncprov-checkpoint <ops> <minutes>
+
+directive. Checkpoints are only tested after successful write
+operations. If {{<ops>}} operations or more than {{<minutes>}}
+time has passed since the last checkpoint, a new checkpoint is
+performed.
+
+The session log is configured by the
+
+> syncprov-sessionlog <size>
+
+directive, where {{<size>}} is the maximum number of session log
+entries the session log can record. When a session log is configured,
+it is automatically used for all LDAP Sync searches within the
+database.
+
+Note that using the session log requires searching on the {{entryUUID}}
+attribute. Setting an eq index on this attribute will greatly benefit
+the performance of the session log on the provider.
+
+A more complete example of the {{slapd.conf}} content is thus:
+
+> database bdb
+> suffix dc=Example,dc=com
+> rootdn dc=Example,dc=com
+> directory /var/ldap/db
+> index objectclass,entryCSN,entryUUID eq
+>
+> overlay syncprov
+> syncprov-checkpoint 100 10
+> syncprov-sessionlog 100
+
+
+H3: Set up the consumer slapd
+
+The syncrepl replication is specified in the database section of
+{{slapd.conf}} (5) for the replica context. The syncrepl engine
+is backend independent and the directive can be defined with any
+database type.
+
+> database hdb
+> suffix dc=Example,dc=com
+> rootdn dc=Example,dc=com
+> directory /var/ldap/db
+> index objectclass,entryCSN,entryUUID eq
+>
+> syncrepl rid=123
+> provider=ldap://provider.example.com:389
+> type=refreshOnly
+> interval=01:00:00:00
+> searchbase="dc=example,dc=com"
+> filter="(objectClass=organizationalPerson)"
+> scope=sub
+> attrs="cn,sn,ou,telephoneNumber,title,l"
+> schemachecking=off
+> bindmethod=simple
+> binddn="cn=syncuser,dc=example,dc=com"
+> credentials=secret
+
+In this example, the consumer will connect to the provider slapd
+at port 389 of {{FILE:ldap://provider.example.com}} to perform a
+polling ({{refreshOnly}}) mode of synchronization once a day. It
+will bind as {{EX:cn=syncuser,dc=example,dc=com}} using simple
+authentication with password "secret". Note that the access control
+privilege of {{EX:cn=syncuser,dc=example,dc=com}} should be set
+appropriately in the provider to retrieve the desired replication
+content. Also the search limits must be high enough on the provider
+to allow the syncuser to retrieve a complete copy of the requested
+content. The consumer uses the rootdn to write to its database so
+it always has full permissions to write all content.
+
+The synchronization search in the above example will search for the
+entries whose objectClass is organizationalPerson in the entire
+subtree rooted at {{EX:dc=example,dc=com}}. The requested attributes
+are {{EX:cn}}, {{EX:sn}}, {{EX:ou}}, {{EX:telephoneNumber}},
+{{EX:title}}, and {{EX:l}}. The schema checking is turned off, so
+that the consumer {{slapd}} (8) will not enforce entry schema
+checking when it process updates from the provider {{slapd}} (8).
+
+For more detailed information on the syncrepl directive, see the
+{{SECT:syncrepl}} section of {{SECT:The slapd Configuration File}}
+chapter of this admin guide.
+
+
+H3: Start the provider and the consumer slapd
+
+The provider {{slapd}} (8) is not required to be restarted.
+{{contextCSN}} is automatically generated as needed: it might be
+originally contained in the {{TERM:LDIF}} file, generated by
+{{slapadd}} (8), generated upon changes in the context, or generated
+when the first LDAP Sync search arrives at the provider. If an
+LDIF file is being loaded which did not previously contain the
+{{contextCSN}}, the {{-w}} option should be used with {{slapadd}}
+(8) to cause it to be generated. This will allow the server to
+startup a little quicker the first time it runs.
+
+When starting a consumer {{slapd}} (8), it is possible to provide
+a synchronization cookie as the {{-c cookie}} command line option
+in order to start the synchronization from a specific state. The
+cookie is a comma separated list of name=value pairs. Currently
+supported syncrepl cookie fields are {{csn=<csn>}} and {{rid=<rid>}}.
+{{<csn>}} represents the current synchronization state of the
+consumer replica. {{<rid>}} identifies a consumer replica locally
+within the consumer server. It is used to relate the cookie to the
+syncrepl definition in {{slapd.conf}} (5) which has the matching
+replica identifier. The {{<rid>}} must have no more than 3 decimal
+digits. The command line cookie overrides the synchronization
+cookie stored in the consumer replica database.
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/title.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/title.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/title.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,12 @@
+# $OpenLDAP: pkg/openldap-guide/admin/title.sdf,v 1.9 2005/03/23 16:21:00 kurt Exp $
+# Copyright 1999--2005, The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+#
+# Document: OpenLDAP Administrator's Guide
+# Master: master.sdf
+#
+
+!define DOC_TYPE "Administrator's Guide"
+
+!build_title
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/tls.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/tls.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/tls.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,228 @@
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: Using TLS
+
+OpenLDAP clients and servers are capable of using the
+{{TERM[expand]TLS}} ({{TERM:TLS}}) framework to provide
+integrity and confidentiality protections and to support
+LDAP authentication using the {{TERM:SASL}} EXTERNAL mechanism.
+
+H2: TLS Certificates
+
+TLS uses {{TERM:X.509}} certificates to carry client and server
+identities. All servers are required to have valid certificates,
+whereas client certificates are optional. Clients must have a
+valid certificate in order to authenticate via SASL EXTERNAL.
+For more information on creating and managing certificates,
+see the {{PRD:OpenSSL}} documentation.
+
+H3: Server Certificates
+
+The DN of a server certificate must use the CN attribute
+to name the server, and the {{EX:CN}} must carry the server's
+fully qualified domain name. Additional alias names and wildcards
+may be present in the {{EX:subjectAltName}} certificate extension.
+More details on server certificate names are in {{REF:RFC2830}}.
+
+H3: Client Certificates
+
+The DN of a client certificate can be used directly as an
+authentication DN.
+Since X.509 is a part of the {{TERM:X.500}} standard and LDAP
+is also based on X.500, both use the same DN formats and
+generally the DN in a user's X.509 certificate should be
+identical to the DN of their LDAP entry. However, sometimes
+the DNs may not be exactly the same, and so the mapping
+facility described in
+{{SECT:Mapping Authentication identities to LDAP entries}}
+can be applied to these DNs as well.
+
+H2: TLS Configuration
+
+After obtaining the required certificates, a
+number of options must be configured on both the client
+and the server to enable TLS and make use of the certificates.
+At a minimum, the clients must be configured with the filename
+containing all of the {{TERM[expand]CA}} (CA) certificates it
+will trust. The server must be configured with the {{TERM:CA}}
+certificates and also its own server certificate and private key.
+
+Typically a single CA will have issued the server certificate
+and all of the trusted client certificates, so the server only
+needs to trust that one signing CA. However, a client may wish
+to connect to a variety of secure servers managed by different
+organizations, with server certificates generated by many
+different CAs. As such, a client is likely to need a list of
+many different trusted CAs in its configuration.
+
+H3: Server Configuration
+
+The configuration directives for slapd belong in the global directives
+section of {{slapd.conf}}(5).
+
+H4: TLSCACertificateFile <filename>
+
+This directive specifies the {{TERM:PEM}}-format file containing
+certificates for the CA's that slapd will trust. The certificate for
+the CA that signed the server certificate must be included among
+these certificates. If the signing CA was not a top-level (root) CA,
+certificates for the entire sequence of CA's from the signing CA to
+the top-level CA should be present. Multiple certificates are simply
+appended to the file; the order is not significant.
+
+H4: TLSCACertificatePath <path>
+
+This directive specifies the path of a directory that contains
+individual {{TERM:CA}} certificates in separate files. In addition,
+this directory must be specially managed using the OpenSSL {{c_rehash}}
+utility. When using this feature, the OpenSSL library will attempt to
+locate certificate files based on a hash of their name and serial number.
+The {{c_rehash}} utility is used to generate symbolic links with the
+hashed names that point to the actual certificate files. As such,
+this option can only be used with a filesystem that actually supports
+symbolic links. In general, it is simpler to use the
+{{EX:TLSCACertificateFile}} directive instead.
+
+H4: TLSCertificateFile <filename>
+
+This directive specifies the file that contains the slapd server
+certificate. Certificates are generally public information and
+require no special protection.
+
+H4: TLSCertificateKeyFile <filename>
+
+This directive specifies the file that contains the private key
+that matches the certificate stored in the {{EX:TLSCertificateFile}}
+file. Private keys themselves are sensitive data and are usually
+password encrypted for protection. However, the current implementation
+doesn't support encrypted keys so the key must not be encrypted
+and the file itself must be protected carefully.
+
+H4: TLSCipherSuite <cipher-suite-spec>
+
+This directive configures what ciphers will be accepted and the
+preference order. {{EX:<cipher-suite-spec>}} should be a cipher
+specification for OpenSSL. You can use the command
+
+> openssl ciphers -v ALL
+
+to obtain a verbose list of available cipher specifications.
+Besides the individual cipher names, the specifiers {{EX:HIGH}},
+{{EX:MEDIUM}}, {{EX:LOW}}, {{EX:EXPORT}}, and {{EX:EXPORT40}}
+may be helpful, along with {{EX:TLSv1}}, {{EX:SSLv3}},
+and {{EX:SSLv2}}.
+
+H4: TLSRandFile <filename>
+
+This directive specifies the file to obtain random bits from when
+{{EX:/dev/urandom}} is not available. If the
+system provides {{EX:/dev/urandom}} then this option is not needed,
+otherwise a source of random data must be configured.
+Some systems (e.g. Linux)
+provide {{EX:/dev/urandom}} by default, while others (e.g. Solaris)
+require the installation of a patch to provide it, and others may
+not support it at all. In the latter case, EGD or PRNGD should be
+installed, and this directive should specify the name of the EGD/PRNGD
+socket. The environment variable {{EX:RANDFILE}} can also be used to specify
+the filename. Also, in the absence of these options, the {{EX:.rnd}}
+file in the slapd user's home directory may be used if it exists. To
+use the {{EX:.rnd}} file, just create the file and copy a few hundred
+bytes of arbitrary data into the file. The file is only used to
+provide a seed for the pseudo-random number generator, and it doesn't
+need very much data to work.
+
+H4: TLSEphemeralDHParamFile <filename>
+
+This directive specifies the file that contains parameters for Diffie-Hellman
+ephemeral key exchange. This is required in order to use a DSA certificate on
+the server side (i.e. {{EX:TLSCertificateKeyFile}} points to a DSA key).
+Multiple sets of parameters can be included in the file; all of them will
+be processed. Parameters can be generated using the following command
+
+> openssl dhparam [-dsaparam] -out <filename> <numbits>
+
+H4: TLSVerifyClient { never | allow | try | demand }
+
+This directive specifies what checks to perform on client certificates
+in an incoming TLS session, if any. This option is set to {{EX:never}}
+by default, in which case the server never asks the client for a
+certificate. With a setting of {{EX:allow}} the server will ask
+for a client certificate; if none is provided the session proceeds
+normally. If a certificate is provided but the server is unable to
+verify it, the certificate is ignored and the session proceeds
+normally, as if no certificate had been provided. With a setting of
+{{EX:try}} the certificate is requested, and if none is provided,
+the session proceeds normally. If a certificate is provided and it
+cannot be verified, the session is immediately terminated. With a
+setting of {{EX:demand}} the certificate is requested and a valid
+certificate must be provided, otherwise the session is immediately
+terminated.
+
+Note: The server must request a client certificate in order to
+use the SASL EXTERNAL authentication mechanism with a TLS session.
+As such, a non-default {{EX:TLSVerifyClient}} setting must be configured
+before SASL EXTERNAL authentication may be attempted, and the
+SASL EXTERNAL mechanism will only be offered to the client if a valid
+client certificate was received.
+
+H3: Client Configuration
+
+Most of the client configuration directives parallel the server
+directives. The names of the directives are different, and they go
+into {{ldap.conf}}(5) instead of {{slapd.conf}}(5), but their
+functionality is mostly the same. Also, while most of these options may
+be configured on a system-wide basis, they may all be overridden by
+individual users in their {{.ldaprc}} files.
+
+The LDAP Start TLS operation is used in LDAP to initiate TLS
+negotatation. All OpenLDAP command line tools support a {{E:-Z}}
+and {{E:-ZZ}} flag to indicate whether a Start TLS operation is to
+be issued. The latter flag indicates that the tool is to cease
+processing if TLS cannot be started while the former allows the
+command to continue.
+
+In LDAPv2 environments, TLS is normally started using the LDAP
+Secure URI scheme ({{EX:ldaps://}}) instead of the normal LDAP URI
+scheme ({{EX:ldap://}}). OpenLDAP command line tools allow either
+scheme to used with the {{EX:-U}} flag and with the {{EX:URI}}
+{{ldap.conf}}(5) option.
+
+
+H4: TLS_CACERT <filename>
+
+This is equivalent to the server's {{EX:TLSCACertificateFile}} option. As
+noted in the {{SECT:TLS Configuration}} section, a client typically
+may need to know about more CAs than a server, but otherwise the
+same considerations apply.
+
+H4: TLS_CACERTDIR <path>
+
+This is equivalent to the server's {{EX:TLSCACertificatePath}} option. The
+specified directory must be managed with the OpenSSL {{c_rehash}}
+utility as well.
+
+H4: TLS_CERT <filename>
+
+This directive specifies the file that contains the client certificate.
+This is a user-only directive and can only be specified in a user's
+{{.ldaprc}} file.
+
+H4: TLS_KEY <filename>
+
+This directive specifies the file that contains the private key
+that matches the certificate stored in the {{EX:TLS_CERT}}
+file. The same constraints mentioned for {{EX:TLSCertificateKeyFile}}
+apply here. This is also a user-only directive.
+
+H4: TLS_RANDFILE <filename>
+
+This directive is the same as the server's {{EX:TLSRandFile}}
+option.
+
+H4: TLS_REQCERT { never | allow | try | demand }
+
+This directive is equivalent to the server's {{EX:TLSVerifyClient}}
+option. However, for clients the default value is {{EX:demand}}
+and there generally is no good reason to change this setting.
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/admin/tuning.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/admin/tuning.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/admin/tuning.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,90 @@
+# $OpenLDAP: pkg/openldap-guide/admin/tuning.sdf,v 1.8.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: Performance Tuning
+
+Note: this chapter needs to be updated to discuss BDB tuning.
+
+There are several things you can do to tune the performance of
+slapd for your system. Most of them have to do with the LDBM
+backend. LDBM uses an index mechanism to store and retrieve
+information in slapd. Each entry is assigned a unique ID, used to
+refer to the entry in the indexes. A search for entries with a
+surname of "Jensen", for example, would look up the index entry
+"=JENSEN" in the surname index. The data returned is a list of
+IDs of entries having that value for the surname attribute. We
+have found several things to be useful in improving the
+performance of this indexing scheme, especially on modify
+operations.
+
+
+
+H2: The allIDs threshold
+
+Some index entries become so large as to be useless. For
+example, if every entry in your database is a person entry, the
+"=PERSON" index entry in the objectclass index contains every
+entry. This returns very little useful information, and can cause
+significant delays, especially on updates. To alleviate this
+problem, we have introduced the idea of an allIDs index entry.
+
+The allIDs entry stands for a real index entry containing the IDs
+of every entry in the database, but it takes up very little space,
+never needs updating, and can be manipulated quickly and
+efficiently. The trade-off is that it does not prune the set of
+candidate entries at all during a search. This must be done
+using other, more "high-powered" index entries.
+
+You can set the minimum number of IDs that an index entry may
+contain before it turns into an allIDs block by changing the
+{{EX: SLAPD_LDBM_MIN_MAXIDS}} variable in the
+{{EX: include/ldapconfig.h}} file. The actual number is determined at
+runtime by the LDBM backend, depending on the block size of
+the underlying device (i.e., the number you provide is rounded up
+to the nearest multiple of a block size).
+
+
+
+H2: The entry cache
+
+The LDBM backend can be configured to keep a cache of
+entries in memory. Since the LDBM database spends much of its
+time reading entries from the id2entry file into memory, this cache
+can greatly speed performance. The trade-off is that the cache
+uses some extra memory. The default cache size is 1000
+entries. See the discussion of the cachesize option in Section
+5.2.3 on LDBM configuration.
+
+
+
+H2: The DB cache
+
+The LDBM backend uses a number of disk-based index files. If
+the underlying hash or B-tree package supports in-memory
+caching of these files, performance can be greatly improved,
+especially on modifies. The size of this in-memory file cache is
+given by the dbcachesize option, discussed in more detail in
+section 5.2.3 on LDBM configuration. The default {{EX: dbcachesize}} is
+100K.
+
+
+
+H2: Maintain the right indices
+
+Finally, one of the best performance tune-ups you can do is to
+make sure you are maintaining the right indices. Too few indices
+can lead to poor search performance. Too many indices can
+lead to poor update performance. For example, the LDBM
+backend would be perfectly happy to maintain substring and
+approximate indices for the {{EX: objectclass attribute}}, but this would
+not be useful and would just slow down update operations. If
+your database has many entries and is handling queries for
+substring equality on the surname attribute, you should make
+sure to maintain a surname substring index so these queries are
+answered quickly.
+
+So, take a look at the index lines in your slapd configuration file to
+ensure that only those indices that make sense and are needed
+are being maintained.
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/images/LDAPlogo.gif
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-2.3.35/doc/guide/images/LDAPlogo.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-2.3.35/doc/guide/images/LDAPwww.gif
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-2.3.35/doc/guide/images/LDAPwww.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-2.3.35/doc/guide/plain.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/plain.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/plain.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,20 @@
+# $OpenLDAP: pkg/openldap-guide/plain.sdf,v 1.10.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+# template for plain documents
+!macro HTML_PRE_SECTION
+!endmacro
+!macro HTML_POST_SECTION
+!endmacro
+
+!macro HTML_HEADER
+!endmacro
+!macro HTML_FOOTER
+{{INLINE:<FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1">}}
+{{INLINE:<B>________________<BR><SMALL>}}
+[[c]] Copyright 2005,
+{{INLINE:<A HREF="/foundation/">OpenLDAP Foundation</A>}},
+{{EMAIL: info at OpenLDAP.org}}
+{{INLINE:</SMALL><BR></B></FONT>}}
+!endmacro
Added: openldap/vendor/openldap-2.3.35/doc/guide/preamble.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/preamble.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/preamble.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,231 @@
+# $OpenLDAP: pkg/openldap-guide/preamble.sdf,v 1.63.2.5 2007/01/02 21:46:44 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+#
+# Preamble for all OpenLDAP SDF documents
+#
+
+!default VERSION 2.3
+
+#
+# Paths are relative to the main subdirectories
+#
+
+!define DOC_AUTHOR "The OpenLDAP Project <{{URL:http://www.openldap.org/}}>"
+!define DOC_NAME "OpenLDAP Software 2.3"
+!define DOC_TYPE "Guide"
+
+!define DOC_LOGO "../images/LDAPlogo.gif"
+!define DOC_LOGO_BASE "../images/"
+!define DOC_HTML_LOGO ""
+
+!define DOC_LOF_TITLE "Figures"
+!define DOC_LOF
+
+!define HTML_URL_HOME "http://www.openldap.org/"
+!define HTML_URL_CATALOG "../index.html"
+
+!macro HTML_HEADER
+# !block inline
+#<FONT FACE="Arial,Verdana,Helvetica">
+# !endblock
+ !if DOC_LOGO
+ !block inline
+<A HREF="http://www.OpenLDAP.org/">
+ !endblock
+ !import DOC_LOGO; align="Left"; border="0"; base=$var{'DOC_LOGO_BASE'}
+ !block inline
+</A>
+ !endblock
+ !HTML_NAVIGATE
+ !clear "Left"
+ !else
+ !HTML_NAVIGATE
+ !endif
+!endmacro
+
+!macro HTML_FOOTER
+ !HTML_PRE_SECTION
+ !HTML_NAVIGATE
+# !block inline; expand
+#</FONT>
+# !endblock
+ !block inline; expand
+<P>
+<FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
+________________<BR>
+<SMALL>© Copyright 2006, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info at OpenLDAP.org">info at OpenLDAP.org</A></SMALL></B></FONT>
+
+ !endblock
+!endmacro
+
+!macro HTML_TOPIC_HEADER
+# !block inline; expand
+#<FONT FACE="Arial,Verdana,Helvetica">
+# !endblock
+ !define DOC_TOPIC_LOGO $var{'DOC_LOGO'}
+ !if DOC_TOPIC_LOGO
+ !default DOC_TOPIC_LOGO_BASE $var{'DOC_LOGO_BASE'}
+ !block inline
+<A HREF="http://www.OpenLDAP.org/">
+ !endblock
+ !import DOC_TOPIC_LOGO; align="Left"; border="0"; base=$var{'DOC_TOPIC_LOGO_BASE'}
+ !block inline
+</A>
+ !endblock
+ !HTML_TOPIC_NAVIGATE
+ !clear "Left"
+ !else
+ !HTML_TOPIC_NAVIGATE
+ !endif
+!endmacro
+
+!macro HTML_TOPIC_FOOTER
+ !HTML_PRE_SECTION
+ !HTML_TOPIC_NAVIGATE
+# !block inline; expand
+#</FONT>
+# !endblock
+ !block inline; expand
+<P>
+<FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
+________________<BR>
+<SMALL>© Copyright 2006, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info at OpenLDAP.org">info at OpenLDAP.org</A></SMALL></B></FONT>
+
+ !endblock
+!endmacro
+
+
+# OpenLDAP related organization
+!block organisations; data
+Name|Long|Jump
+ANSI|American National Standards Institute|http://www.ansi.org/
+BSI|British Standards Institute|http://www.bsa-global.com/
+OpenLDAP|OpenLDAP|http://www.openldap.org/
+OLF|OpenLDAP Foundation|http://www.openldap.org/foundation/
+OLP|OpenLDAP Project|http://www.openldap.org/project/
+UM|University of Michigan|http://www.umich.edu/
+UMLDAP|University of Michigan LDAP|http://www.umich.edu/~dirsvcs/ldap/ldap.html
+IANA|Internet Assigned Numbers Authority|http://www.iana.org/
+IAB|Internet Architecture Board|http://www.iab.org/
+IETF|Internet Engineering Task Force|http://www.ietf.org/
+IESG|Internet Engineering Steering Group|http://www.ietf.org/iesg/
+IRTF|Internet Research Task Force|http://www.irtf.org/
+ISO|International Standards Organisation|http://www.iso.org/
+ITU|International Telephone Union|http://www.itu.int/
+RFC|RFC Editor|http://www.rfc-editor.org/
+OpenSSL|OpenSSL|http://www.openssl.org/
+Cyrus|Cyrus Electronic Mail Project|http://asg.web.cmu.edu/cyrus/
+Sleepycat|Sleepycat Software|http://www.sleepycat.com/
+FSF|Free Software Foundation|http://www.fsf.org/
+GNU|GNU Not Unix|http://www.gnu.org/
+!endblock
+
+!block products; data
+Name|Jump
+Berkeley DB|http://www.sleepycat.com/products/transactional.shtml
+CVS|http://www.cvshome.org/
+Cyrus|http://asg.web.cmu.edu/cyrus/
+GNU|http://www.gnu.org/software/
+GDBM|http://www.gnu.org/software/gdbm/
+Heimdal|http://www.pdc.kth.se/heimdal/
+MIT Kerberos|http://web.mit.edu/kerberos/www/
+OpenLDAP|http://www.openldap.org/software/
+OpenSSL|http://www.openssl.org/
+Perl|http://www.perl.org/
+SASL|http://asg.web.cmu.edu/sasl/sasl-library.html
+SQL|http://www.jcc.com/SQLPages/jccs_sql.htm
+TCL|http://www.tcl.tk/
+!endblock
+
+# Internet and X.500 terms
+!block terms; data
+Term|Definition
+AES|Advance Encryption Standard
+API|Application Program Interface
+ASN|Abstract Syntax Notation
+ASN.1|Abstract Syntax Notation 1
+BCP|Best Common Practice
+BDB|Berkeley DB
+BER|Basic Encoding Rules
+BNF|BNF
+C|The C Programming Language
+CA|Certificate Authority
+CLDAP|Connection-less LDAP
+DAP|Directory Access Protocol
+DER|Distinguished Encoding Rules
+DES|Data Encryption Standard
+3DES|Triple DES
+DIT|Directory Information Tree
+DN|Distinguished Name
+DNS|Domain Name System
+DS|Draft Standard
+DSA|Directory Service Agent
+DSE|DSA-specific Entry
+DUA|Directory User Agent
+FAQ|Frequently Asked Questions
+FTP|File Transfer Protocol
+FYI|For Your Information
+GSSAPI|Generic Security Services Application Program Interface
+HDB|Heirarchial Database
+I-D|Internet Draft
+IP|Internet Protocol
+IPSEC|Internet Protocol Security
+ITS|Issue Tracking System
+Kerberos|Kerberos Authentication Service
+LBER|Lightweight BER
+LDAP|Lightweight Directory Access Protocol
+LDIF|LDAP Data Interchange Format
+LDBM|LDAP Database Manager
+MIB|Management Information Base
+OID|Object Identifier
+OSI|Open Systems Interconnect
+OTP|One Time Password
+PEM|Privacy Enhanced eMail
+PS|Proposed Standard
+RDN|Relative Distinguished Name
+RFC|Request for Comments
+SRP|Secure Remote Password
+SSF|Security Strength Factor
+SSL|Secure Socket Layer
+STD|Internet Standard
+TCP|Transmission Control Protocol
+TLS|Transport Layer Security
+SASL|Simple Authentication and Security Layer
+SMTP|Simple Mail Transfer Protocol
+SNMP|Simple Network Management Protocol
+STD|Internet Standard
+UDP|User Datagram Protocol
+UNIX|UNIX
+URI|Uniform Resource Identifier
+URL|Uniform Resource Locator
+WWW|World Wide Web
+X.500|X.500 Directory Services
+X.509|X.509 Public Key and Attribute Certificate Frameworks
+!endblock
+
+!block references; data
+Reference|Status|Document|Jump
+RFC2079|PS|Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifers|http://www.rfc-editor.org/rfc/rfc2079.txt
+RFC2222|PS|Simple Authentication and Security Layer|http://www.rfc-editor.org/rfc/rfc2222.txt
+RFC2251|PS|Lightweight Directory Access Protocol (v3)|http://www.rfc-editor.org/rfc/rfc2251.txt
+RFC2252|PS|LDAPv3: Attribute Syntax Definitions|http://www.rfc-editor.org/rfc/rfc2252.txt
+RFC2253|PS|LDAPv3: UTF-8 String Representation of Distinguished Names|http://www.rfc-editor.org/rfc/rfc2253.txt
+RFC2254|PS|The String Representation of LDAP Search Filters|http://www.rfc-editor.org/rfc/rfc2254.txt
+RFC2255|PS|The LDAP URL Format|http://www.rfc-editor.org/rfc/rfc2255.txt
+RFC2256|PS|A Summary of the X.500(96) User Schema for use with LDAPv3|http://www.rfc-editor.org/rfc/rfc2256.txt
+RFC2296|PS|Use of Language Codes in LDAP|http://www.rfc-editor.org/rfc/rfc2296.txt
+RFC2798|INFO|Definition of the inetOrgPerson LDAP Object Class|http://www.rfc-editor.org/rfc/rfc2798.txt
+RFC2829|PS|Authentication Methods for LDAP|http://www.rfc-editor.org/rfc/rfc2829.txt
+RFC2830|PS|LDAPv3: Extension for Transport Layer Security|http://www.rfc-editor.org/rfc/rfc2830.txt
+RFC2831|PS|Using Digest Authentication as a SASL Mechanism|http://www.rfc-editor.org/rfc/rfc2831.txt
+RFC2849|PS|The LDAP Data Interchange Format|http://www.rfc-editor.org/rfc/rfc2849.txt
+RFC3088|X|OpenLDAP Root Service|http://www.rfc-editor.org/rfc/rfc3088.txt
+RFC3296|PS|Named Subordinate References in LDAP|http://www.rfc-editor.org/rfc/rfc3296.txt
+RFC3377|PS|Lightweight Directory Access Protocol (v3): Technical Specification|http://www.rfc-editor.org/rfc/rfc3377.txt
+RFC3383|BCP|Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)|http://www.rfc-editor.org/rfc/rfc3383.txt
+RFC3384|INFO|Lightweight Directory Access Protocol (version 3) Replication Requirements|http://www.rfc-editor.org/rfc/rfc3384.txt
+RFC3494|INFO|Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic Status|http://www.rfc-editor.org/rfc/rfc3494.txt
+RFC4013|PS|SASLprep: Stringprep Profile for User Names and Passwords
+!endblock
Added: openldap/vendor/openldap-2.3.35/doc/guide/release/autoconf-install.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/release/autoconf-install.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/release/autoconf-install.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,183 @@
+Basic Installation
+==================
+
+ These are generic installation instructions.
+
+ The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation. It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions. Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, a file
+`config.cache' that saves the results of its tests to speed up
+reconfiguring, and a file `config.log' containing compiler output
+(useful mainly for debugging `configure').
+
+ If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release. If at some point `config.cache'
+contains results you don't want to keep, you may remove or edit it.
+
+ The file `configure.in' is used to create `configure' by a program
+called `autoconf'. You only need `configure.in' if you want to change
+it or regenerate `configure' using a newer version of `autoconf'.
+
+The simplest way to compile this package is:
+
+ 1. `cd' to the directory containing the package's source code and type
+ `./configure' to configure the package for your system. If you're
+ using `csh' on an old version of System V, you might need to type
+ `sh ./configure' instead to prevent `csh' from trying to execute
+ `configure' itself.
+
+ Running `configure' takes awhile. While running, it prints some
+ messages telling which features it is checking for.
+
+ 2. Type `make' to compile the package.
+
+ 3. Optionally, type `make check' to run any self-tests that come with
+ the package.
+
+ 4. Type `make install' to install the programs and any data files and
+ documentation.
+
+ 5. You can remove the program binaries and object files from the
+ source code directory by typing `make clean'. To also remove the
+ files that `configure' created (so you can compile the package for
+ a different kind of computer), type `make distclean'. There is
+ also a `make maintainer-clean' target, but that is intended mainly
+ for the package's developers. If you use it, you may have to get
+ all sorts of other programs in order to regenerate files that came
+ with the distribution.
+
+Compilers and Options
+=====================
+
+ Some systems require unusual options for compilation or linking that
+the `configure' script does not know about. You can give `configure'
+initial values for variables by setting them in the environment. Using
+a Bourne-compatible shell, you can do that on the command line like
+this:
+ CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
+
+Or on systems that have the `env' program, you can do it like this:
+ env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
+
+Compiling For Multiple Architectures
+====================================
+
+ You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory. To do this, you must use a version of `make' that
+supports the `VPATH' variable, such as GNU `make'. `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script. `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+ If you have to use a `make' that does not supports the `VPATH'
+variable, you have to compile the package for one architecture at a time
+in the source code directory. After you have installed the package for
+one architecture, use `make distclean' before reconfiguring for another
+architecture.
+
+Installation Names
+==================
+
+ By default, `make install' will install the package's files in
+`/usr/local/bin', `/usr/local/man', etc. You can specify an
+installation prefix other than `/usr/local' by giving `configure' the
+option `--prefix=PATH'.
+
+ You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files. If you
+give `configure' the option `--exec-prefix=PATH', the package will use
+PATH as the prefix for installing programs and libraries.
+Documentation and other data files will still use the regular prefix.
+
+ In addition, if you use an unusual directory layout you can give
+options like `--bindir=PATH' to specify different values for particular
+kinds of files. Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+ If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+ Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System). The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+ For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Specifying the System Type
+==========================
+
+ There may be some features `configure' can not figure out
+automatically, but needs to determine by the type of host the package
+will run on. Usually `configure' can figure that out, but if it prints
+a message saying it can not guess the host type, give it the
+`--host=TYPE' option. TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name with three fields:
+ CPU-COMPANY-SYSTEM
+
+See the file `config.sub' for the possible values of each field. If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the host type.
+
+ If you are building compiler tools for cross-compiling, you can also
+use the `--target=TYPE' option to select the type of system they will
+produce code for and the `--build=TYPE' option to select the type of
+system on which you are compiling the package.
+
+Sharing Defaults
+================
+
+ If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists. Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Operation Controls
+==================
+
+ `configure' recognizes the following options to control how it
+operates.
+
+`--cache-file=FILE'
+ Use and save the results of the tests in FILE instead of
+ `./config.cache'. Set FILE to `/dev/null' to disable caching, for
+ debugging `configure'.
+
+`--help'
+ Print a summary of the options to `configure', and exit.
+
+`--quiet'
+`--silent'
+`-q'
+ Do not print messages saying which checks are being made. To
+ suppress all normal output, redirect it to `/dev/null' (any error
+ messages will still be shown).
+
+`--srcdir=DIR'
+ Look for the package's source code in directory DIR. Usually
+ `configure' can determine that directory automatically.
+
+`--version'
+ Print the version of Autoconf used to generate the `configure'
+ script, and exit.
+
+`configure' also accepts some other, not widely useful, options.
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/release/autoconf.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/release/autoconf.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/release/autoconf.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,16 @@
+# $OpenLDAP: pkg/openldap-guide/release/autoconf.sdf,v 1.6 2000/08/31 03:52:55 kurt Exp $
+#
+# Generic Autoconf INSTALL
+#
+
+H1: Generic configure Instructions
+
+#!block inline
+#<FONT FACE="Courier">
+#!endblock
+
+!include "../release/autoconf-install.txt" ; verbatim
+
+#!block inline
+#</FONT>
+#!endblock
Added: openldap/vendor/openldap-2.3.35/doc/guide/release/copyright-plain.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/release/copyright-plain.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/release/copyright-plain.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,10 @@
+# $OpenLDAP: pkg/openldap-guide/release/copyright-plain.sdf,v 1.9.4.2 2007/01/02 21:43:44 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+#
+# Plain Copyright for Software Distribution
+#
+!define HTML_TITLE "OpenLDAP Copyright Notices"
+!include "../plain.sdf"
+!include "copyright.sdf"; plain
Added: openldap/vendor/openldap-2.3.35/doc/guide/release/copyright.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/release/copyright.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/release/copyright.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,85 @@
+# $OpenLDAP: pkg/openldap-guide/release/copyright.sdf,v 1.20.2.4 2007/01/02 21:48:19 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+!if OPT_PP_HTML
+!define copyright '[[c]] Copyright'
+!else
+!define copyright 'Copyright'
+!endif
+
+H1: OpenLDAP Software Copyright Notices
+
+H2: OpenLDAP Copyright Notice
+
+!block nofill
+[[copyright]] 1998-2007 The OpenLDAP Foundation.
+{{All rights reserved.}}
+!endblock
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted {{only as authorized}} by the {{SECT:OpenLDAP
+Public License}}.
+
+A copy of this license is available in file {{F:LICENSE}} in the
+top-level directory of the distribution or, alternatively, at
+<{{URL:http://www.OpenLDAP.org/license.html}}>.
+
+OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+Individual files and/or contributed packages may be copyright by
+other parties and their use subject to additional restrictions.
+
+This work is derived from the University of Michigan LDAP v3.3
+distribution. Information concerning this software is available
+at <{{URL:http://www.umich.edu/~dirsvcs/ldap/ldap.html}}>.
+
+This work also contains materials derived from public sources.
+
+Additional information about OpenLDAP software can be obtained at
+<{{URL:http://www.OpenLDAP.org/}}>.
+
+
+H2: Additional Copyright Notice
+
+!block nofill
+Portions [[copyright]] 1998-2006 Kurt D. Zeilenga.
+Portions [[copyright]] 1998-2006 Net Boolean Incorporated.
+Portions [[copyright]] 2001-2006 IBM Corporation.
+{{All rights reserved.}}
+!endblock
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the {{SECT:OpenLDAP
+Public License}}.
+
+
+!block nofill
+Portions [[copyright]] 1999-2005 Howard Y.H. Chu.
+Portions [[copyright]] 1999-2005 Symas Corporation.
+Portions [[copyright]] 1998-2003 Hallvard B. Furuseth.
+{{All rights reserved.}}
+!endblock
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that this notice is preserved.
+The names of the copyright holders may not be used to endorse or
+promote products derived from this software without their specific
+prior written permission. This software is provided ``as is''
+without express or implied warranty.
+
+
+H2: University of Michigan Copyright Notice
+
+!block nofill
+Portions [[copyright]] 1992-1996 Regents of the University of Michigan.
+{{All rights reserved.}}
+!endblock
+
+Redistribution and use in source and binary forms are permitted
+provided that this notice is preserved and that due credit is given
+to the University of Michigan at Ann Arbor. The name of the University
+may not be used to endorse or promote products derived from this
+software without specific prior written permission. This software
+is provided ``as is'' without express or implied warranty.
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/release/install.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/release/install.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/release/install.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,110 @@
+# $OpenLDAP: pkg/openldap-guide/release/install.sdf,v 1.21.2.2 2007/01/02 21:43:44 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+P1: Making and Installing the OpenLDAP Distribution
+
+This file provides brief instructions on how to build and install
+OpenLDAP on UNIX (and UNIX-{{like}}) systems. More detailed
+information and instructions can be found in
+{{The OpenLDAP Administrator's Guide}}
+(available from {{URL:http://www.openldap.org/doc/}}).
+
+It is recommended that you read, or at least skim through, ALL of
+the instructions in this file before attempting to build the
+software.
+
+It is also recommended you review
+the {{Frequently Asked Questions}} ({{URL:http://www.openldap.org/faq/}})
+pages, in particular the
+{{Installation section}} ({{URL:http://www.openldap.org/faq/index.cgi?file=8}})
+and
+{{Platform Hints}} ({{URL:http://www.openldap.org/faq/index.cgi?file=9}})
+should be examined.
+
+
+P2: Making and Installing the OpenLDAP Distribution
+
+^ Unpack the distribution and change directory:
+
+E: % tar xfz openldap-VERSION.tgz
+E: % cd openldap-VERSION
+
+.(replacing {{EX:VERSION}} with the appropriate version string). If
+you are reading this file, you probably have already done this!
+
+
++ Type:
+
+E: % ./configure --help
+
+.to list available configuration options.
+
+.The {{EX:configure}} script uses environment variables for
+determining compiler/linker options including:
+
+> Variable Description Example
+> CC C compiler gcc
+> CFLAGS C flags -O -g
+> CPPFLAGS cpp flags -I/path/include -D__FOO__=42
+> LDFLAGS ld flags -L/usr/local/lib
+> LIBS libraries -llib
+> PATH command path /usr/local/bin:/usr/bin:/bin
+
++ Configure the build system
+
+E: % [env settings] ./configure [options]
+
+.If all goes well, the {{EX:configure}} script will automatically detect
+the appropriate settings. If the {{EX:configure}} script fails, you should
+read the {{FILE:config.log}} file that it generated to see what it was trying
+to do and exactly what failed. You may need to specify additional
+options and/or environment variables besides those listed above to
+obtain desired results, depending on your operating system. The
+{{Platform Hints}} section of the {{FAQ}} provides help for operating system
+related problems.
+
++ Build dependencies
+
+E: % make depend
+
++ Build the system
+
+E: % make
+
+.If all goes well, the system will build as configured. If not,
+return to step 3 after reviewing the configuration settings. You
+may want to consult the {{Platform Hints}} subsection of the {{FAQ}}
+if you have not done so already.
+
++ Test the standalone system
+
+.This step requires the standalone LDAP server, {{slapd}}(8),
+with {{HDB}}, {{BDB}}, and/or {{LDBM}} support.
+
+E: % make test
+
+.If all goes well, the system has been built as configured. If not,
+return to step 4 after reviewing your configuration settings. You
+may want to consult the {{Installation}} section of the {{FAQ}}
+if you have not done so already.
+
++ Install the binaries and man pages. You may need to become the
+{{super-user}} (e.g. {{EX:root}}) to do this (depending on where you
+are installing things):
+
+E: % su root -c 'make install'
+
++ That's it!
+
+See the {{OpenLDAP Administrator's Guide}} and the manual pages
+for the individual applications for configuration and use information.
+You may also want to edit the configuration files used by the
+various components. These configuration files are located in
+the OpenLDAP configuration directory (normally
+{{FILE:/usr/local/etc/openldap}}).
+
+> ldap.conf client defaults
+> slapd.conf Standalone LDAP daemon
+> schema/*.schema Schema Definitions
+
Added: openldap/vendor/openldap-2.3.35/doc/guide/release/license-plain.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/release/license-plain.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/release/license-plain.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,10 @@
+# $OpenLDAP: pkg/openldap-guide/release/license-plain.sdf,v 1.9.4.2 2007/01/02 21:43:44 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+#
+# Plain Copyright for Software Distribution
+#
+!define HTML_TITLE "OpenLDAP Public License"
+!include "../plain.sdf"
+!include "license.sdf"; plain
Added: openldap/vendor/openldap-2.3.35/doc/guide/release/license.sdf
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/guide/release/license.sdf (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/guide/release/license.sdf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,15 @@
+# $OpenLDAP: pkg/openldap-guide/release/license.sdf,v 1.11.4.2 2007/01/02 21:43:44 kurt Exp $
+# Copyright 2000-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: OpenLDAP Public License
+
+#!block inline
+#<FONT FACE="Courier">
+#!endblock
+
+!include "../LICENSE" ; verbatim
+
+#!block inline
+#</FONT>
+#!endblock
Added: openldap/vendor/openldap-2.3.35/doc/install/configure
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/install/configure (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/install/configure 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,187 @@
+The following is a verbatim copy of the of Autoconf 2.12 generic
+INSTALL document.
+
+
+Basic Installation
+==================
+
+ These are generic installation instructions.
+
+ The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation. It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions. Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, a file
+`config.cache' that saves the results of its tests to speed up
+reconfiguring, and a file `config.log' containing compiler output
+(useful mainly for debugging `configure').
+
+ If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release. If at some point `config.cache'
+contains results you don't want to keep, you may remove or edit it.
+
+ The file `configure.in' is used to create `configure' by a program
+called `autoconf'. You only need `configure.in' if you want to change
+it or regenerate `configure' using a newer version of `autoconf'.
+
+The simplest way to compile this package is:
+
+ 1. `cd' to the directory containing the package's source code and type
+ `./configure' to configure the package for your system. If you're
+ using `csh' on an old version of System V, you might need to type
+ `sh ./configure' instead to prevent `csh' from trying to execute
+ `configure' itself.
+
+ Running `configure' takes awhile. While running, it prints some
+ messages telling which features it is checking for.
+
+ 2. Type `make' to compile the package.
+
+ 3. Optionally, type `make check' to run any self-tests that come with
+ the package.
+
+ 4. Type `make install' to install the programs and any data files and
+ documentation.
+
+ 5. You can remove the program binaries and object files from the
+ source code directory by typing `make clean'. To also remove the
+ files that `configure' created (so you can compile the package for
+ a different kind of computer), type `make distclean'. There is
+ also a `make maintainer-clean' target, but that is intended mainly
+ for the package's developers. If you use it, you may have to get
+ all sorts of other programs in order to regenerate files that came
+ with the distribution.
+
+Compilers and Options
+=====================
+
+ Some systems require unusual options for compilation or linking that
+the `configure' script does not know about. You can give `configure'
+initial values for variables by setting them in the environment. Using
+a Bourne-compatible shell, you can do that on the command line like
+this:
+ CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
+
+Or on systems that have the `env' program, you can do it like this:
+ env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
+
+Compiling For Multiple Architectures
+====================================
+
+ You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory. To do this, you must use a version of `make' that
+supports the `VPATH' variable, such as GNU `make'. `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script. `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+ If you have to use a `make' that does not supports the `VPATH'
+variable, you have to compile the package for one architecture at a time
+in the source code directory. After you have installed the package for
+one architecture, use `make distclean' before reconfiguring for another
+architecture.
+
+Installation Names
+==================
+
+ By default, `make install' will install the package's files in
+`/usr/local/bin', `/usr/local/man', etc. You can specify an
+installation prefix other than `/usr/local' by giving `configure' the
+option `--prefix=PATH'.
+
+ You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files. If you
+give `configure' the option `--exec-prefix=PATH', the package will use
+PATH as the prefix for installing programs and libraries.
+Documentation and other data files will still use the regular prefix.
+
+ In addition, if you use an unusual directory layout you can give
+options like `--bindir=PATH' to specify different values for particular
+kinds of files. Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+ If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+ Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System). The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+ For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Specifying the System Type
+==========================
+
+ There may be some features `configure' can not figure out
+automatically, but needs to determine by the type of host the package
+will run on. Usually `configure' can figure that out, but if it prints
+a message saying it can not guess the host type, give it the
+`--host=TYPE' option. TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name with three fields:
+ CPU-COMPANY-SYSTEM
+
+See the file `config.sub' for the possible values of each field. If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the host type.
+
+ If you are building compiler tools for cross-compiling, you can also
+use the `--target=TYPE' option to select the type of system they will
+produce code for and the `--build=TYPE' option to select the type of
+system on which you are compiling the package.
+
+Sharing Defaults
+================
+
+ If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists. Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Operation Controls
+==================
+
+ `configure' recognizes the following options to control how it
+operates.
+
+`--cache-file=FILE'
+ Use and save the results of the tests in FILE instead of
+ `./config.cache'. Set FILE to `/dev/null' to disable caching, for
+ debugging `configure'.
+
+`--help'
+ Print a summary of the options to `configure', and exit.
+
+`--quiet'
+`--silent'
+`-q'
+ Do not print messages saying which checks are being made. To
+ suppress all normal output, redirect it to `/dev/null' (any error
+ messages will still be shown).
+
+`--srcdir=DIR'
+ Look for the package's source code in directory DIR. Usually
+ `configure' can determine that directory automatically.
+
+`--version'
+ Print the version of Autoconf used to generate the `configure'
+ script, and exit.
+
+`configure' also accepts some other, not widely useful, options.
+
Added: openldap/vendor/openldap-2.3.35/doc/man/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,16 @@
+# man Makefile.in for OpenLDAP
+# $OpenLDAP: pkg/ldap/doc/man/Makefile.in,v 1.8.2.4 2007/01/02 21:43:44 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SUBDIRS= man1 man3 man5 man8
Added: openldap/vendor/openldap-2.3.35/doc/man/man1/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man1/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man1/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,16 @@
+# man1 Makefile.in for OpenLDAP
+# $OpenLDAP: pkg/ldap/doc/man/man1/Makefile.in,v 1.8.2.4 2007/01/02 21:43:44 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+MANSECT=1
Added: openldap/vendor/openldap-2.3.35/doc/man/man1/ldapcompare.1
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man1/ldapcompare.1 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man1/ldapcompare.1 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,186 @@
+.TH LDAPCOMPARE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapcompare.1,v 1.8.2.5 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldapcompare \- LDAP compare tool
+.SH SYNOPSIS
+.B ldapcompare
+[\c
+.BR \-n ]
+[\c
+.BR \-v ]
+[\c
+.BR \-z ]
+[\c
+.BR \-M[M] ]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BR \-W ]
+[\c
+.BI \-w \ passwd\fR]
+[\c
+.BI \-y \ passwdfile\fR]
+[\c
+.BI \-H \ ldapuri\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BI \-P \ 2\fR\||\|\fI3\fR]
+[\c
+.BR \-O \ security-properties ]
+[\c
+.BR \-I ]
+[\c
+.BR \-Q ]
+[\c
+.BI \-U \ authcid\fR]
+[\c
+.BI \-R \ realm\fR]
+[\c
+.BR \-x ]
+[\c
+.BI \-X \ authzid\fR]
+[\c
+.BI \-Y \ mech\fR]
+[\c
+.BR \-Z[Z] ]
+.IR DN \ <
+.BR attr:value \ |
+.BR attr::b64value \ >
+.SH DESCRIPTION
+.I ldapcompare
+is a shell-accessible interface to the
+.BR ldap_compare (3)
+library call.
+.LP
+.B ldapcompare
+opens a connection to an LDAP server, binds, and performs a compare
+using specified parameters. The \fIDN\fP should be a distinguished
+name in the directory. \fIAttr\fP should be a known attribute. If
+followed by one colon, the assertion \fIvalue\fP should be provided
+as a string. If followed by two colons, the base64 encoding of the
+value is provided. The result code of the compare is provided as
+the exit code and, unless ran with -z, the program prints
+TRUE, FALSE, or UNDEFINED on standard output.
+.LP
+.SH OPTIONS
+.TP
+.B \-n
+Show what would be done, but don't actually perform the compare. Useful for
+debugging in conjunction with -v.
+.TP
+.B \-v
+Run in verbose mode, with many diagnostics written to standard output.
+.TP
+.B \-z
+Run in quiet mode, no output is written. You must check the return
+status. Useful in shell scripts.
+.TP
+.B \-M[M]
+Enable manage DSA IT control.
+.B \-MM
+makes control critical.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldapcompare
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
+.B \-x
+Use simple authentication instead of SASL.
+.TP
+.BI \-D \ binddn
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+.TP
+.B \-W
+Prompt for simple authentication.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-w \ passwd
+Use \fIpasswd\fP as the password for simple authentication.
+.TP
+.BI \-y \ passwdfile
+Use complete contents of \fIpasswdfile\fP as the password for
+simple authentication.
+.TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s); only the protocol/host/port
+fields are allowed; a list of URI, separated by whitespace or commas
+is expected.
+.TP
+.BI \-h \ ldaphost
+Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
+.TP
+.BI \-p \ ldapport
+Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
+.TP
+.BI \-P \ 2\fR\||\|\fI3
+Specify the LDAP protocol version to use.
+.TP
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
+.B \-I
+Enable SASL Interactive mode. Always prompt. Default is to prompt
+only as needed.
+.TP
+.B \-Q
+Enable SASL Quiet mode. Never prompt.
+.TP
+.BI \-U \ authcid
+Specify the authentication ID for SASL bind. The form of the ID
+depends on the actual SASL mechanism used.
+.TP
+.BI \-R \ realm
+Specify the realm of authentication ID for SASL bind. The form of the realm
+depends on the actual SASL mechanism used.
+.TP
+.BI \-X \ authzid
+Specify the requested authorization ID for SASL bind.
+.I authzid
+must be one of the following formats:
+.B dn:\c
+.I <distinguished name>
+or
+.B u:\c
+.I <username>
+.TP
+.BI \-Y \ mech
+Specify the SASL mechanism to be used for authentication. If it's not
+specified, the program will choose the best mechanism the server knows.
+.TP
+.B \-Z[Z]
+Issue StartTLS (Transport Layer Security) extended operation. If you use
+.B \-ZZ\c
+, the command will require the operation to be successful.
+.SH EXAMPLES
+.nf
+ ldapcompare "uid=babs,dc=example,dc=com" sn:Jensen
+ ldapcompare "uid=babs,dc=example,dc=com" sn::SmVuc2Vu
+.fi
+are all equivalent.
+.SH LIMITATIONS
+Requiring the value be passed on the command line is limiting
+and introduces some security concerns. The command should support
+a mechanism to specify the location (file name or URL) to read
+the value from.
+.SH "SEE ALSO"
+.BR ldap.conf (5),
+.BR ldif (5),
+.BR ldap (3),
+.BR ldap_compare (3)
+.SH AUTHOR
+The OpenLDAP Project <http://www.openldap.org/>
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man1/ldapdelete.1
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man1/ldapdelete.1 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man1/ldapdelete.1 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,204 @@
+.TH LDAPDELETE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapdelete.1,v 1.38.2.5 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldapdelete \- LDAP delete entry tool
+.SH SYNOPSIS
+.B ldapdelete
+[\c
+.BR \-n ]
+[\c
+.BR \-v ]
+[\c
+.BR \-c ]
+[\c
+.BR \-M[M] ]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
+.BI \-f \ file\fR]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BR \-W ]
+[\c
+.BI \-w \ passwd\fR]
+[\c
+.BI \-y \ passwdfile\fR]
+[\c
+.BI \-H \ ldapuri\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-P \ 2\fR\||\|\fI3\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BR \-O \ security-properties ]
+[\c
+.BI \-U \ authcid\fR]
+[\c
+.BI \-R \ realm\fR]
+[\c
+.BR \-r ]
+[\c
+.BR \-x ]
+[\c
+.BR \-I ]
+[\c
+.BR \-Q ]
+[\c
+.BI \-X \ authzid\fR]
+[\c
+.BI \-Y \ mech\fR]
+[\c
+.BR \-Z[Z] ]
+[\c
+.IR dn ]...
+.SH DESCRIPTION
+.I ldapdelete
+is a shell-accessible interface to the
+.BR ldap_delete (3)
+library call.
+.LP
+.B ldapdelete
+opens a connection to an LDAP server, binds, and deletes one or more
+entries. If one or more \fIDN\fP arguments are provided, entries with
+those Distinguished Names are deleted. Each \fIDN\fP should be provided
+using the LDAPv3 string representation as defined in RFC 2253.
+If no \fIdn\fP arguments
+are provided, a list of DNs is read from standard input (or from
+\fIfile\fP if the -f flag is used).
+.SH OPTIONS
+.TP
+.B \-n
+Show what would be done, but don't actually delete entries. Useful for
+debugging in conjunction with -v.
+.TP
+.B \-v
+Use verbose mode, with many diagnostics written to standard output.
+.TP
+.B \-c
+Continuous operation mode. Errors are reported, but
+.B ldapdelete
+will continue with deletions. The default is to exit after
+reporting an error.
+.TP
+.B \-M[M]
+Enable manage DSA IT control.
+.B \-MM
+makes control critical.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldapdelete
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
+.BI \-f \ file
+Read a series of DNs from \fIfile\fP, one per line, performing an
+LDAP delete for each.
+.TP
+.B \-x
+Use simple authentication instead of SASL.
+.TP
+.BI \-D \ binddn
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+.TP
+.B \-W
+Prompt for simple authentication.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-w \ passwd
+Use \fIpasswd\fP as the password for simple authentication.
+.TP
+.BI \-y \ passwdfile
+Use complete contents of \fIpasswdfile\fP as the password for
+simple authentication.
+.TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s); only the protocol/host/port
+fields are allowed; a list of URI, separated by whitespace or commas
+is expected.
+.TP
+.BI \-h \ ldaphost
+Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
+.TP
+.BI \-p \ ldapport
+Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
+.TP
+.BI \-P \ 2\fR\||\|\fI3
+Specify the LDAP protocol version to use.
+.TP
+.B \-r
+Do a recursive delete. If the DN specified isn't a leaf, its
+children, and all their children are deleted down the tree. No
+verification is done, so if you add this switch, ldapdelete will
+happily delete large portions of your tree. Use with care.
+.TP
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
+.B \-I
+Enable SASL Interactive mode. Always prompt. Default is to prompt
+only as needed.
+.TP
+.B \-Q
+Enable SASL Quiet mode. Never prompt.
+.TP
+.BI \-U \ authcid
+Specify the authentication ID for SASL bind. The form of the identity depends on the
+actual SASL mechanism used.
+.TP
+.BI \-R \ realm
+Specify the realm of authentication ID for SASL bind. The form of the realm
+depends on the actual SASL mechanism used.
+.TP
+.BI \-X \ authzid
+Specify the requested authorization ID for SASL bind.
+.I authzid
+must be one of the following formats:
+.B dn:\c
+.I <distinguished name>
+or
+.B u:\c
+.I <username>
+.TP
+.BI \-Y \ mech
+Specify the SASL mechanism to be used for authentication. If it's not
+specified, the program will choose the best mechanism the server knows.
+.TP
+.B \-Z[Z]
+Issue StartTLS (Transport Layer Security) extended operation. If you use
+.B \-ZZ\c
+, the command will require the operation to be successful.
+.SH EXAMPLE
+The following command:
+.LP
+.nf
+ ldapdelete "cn=Delete Me,dc=example,dc=com"
+.fi
+.LP
+will attempt to delete the entry named "cn=Delete Me,dc=example,dc=com".
+Of course it would probably be necessary to supply authentication
+credentials.
+.SH DIAGNOSTICS
+Exit status is 0 if no errors occur. Errors result in a non-zero exit
+status and a diagnostic message being written to standard error.
+.SH "SEE ALSO"
+.BR ldap.conf (5),
+.BR ldapadd (1),
+.BR ldapmodify (1),
+.BR ldapmodrdn (1),
+.BR ldapsearch (1),
+.BR ldap (3),
+.BR ldap_delete (3)
+.SH AUTHOR
+The OpenLDAP Project <http://www.openldap.org/>
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man1/ldapmodify.1
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man1/ldapmodify.1 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man1/ldapmodify.1 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,375 @@
+.TH LDAPMODIFY 1 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodify.1,v 1.44.2.6 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
+.SH SYNOPSIS
+.B ldapmodify
+[\c
+.BR \-a ]
+[\c
+.BR \-c ]
+[\c
+.BI \-S \ file\fR]
+[\c
+.BR \-n ]
+[\c
+.BR \-v ]
+[\c
+.BR \-M[M] ]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BR \-W ]
+[\c
+.BI \-w \ passwd\fR]
+[\c
+.BI \-y \ passwdfile\fR]
+[\c
+.BI \-H \ ldapuri\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BI \-P \ 2\fR\||\|\fI3\fR]
+[\c
+.BR \-O \ security-properties ]
+[\c
+.BR \-I ]
+[\c
+.BR \-Q ]
+[\c
+.BI \-U \ authcid\fR]
+[\c
+.BI \-R \ realm\fR]
+[\c
+.BR \-x ]
+[\c
+.BI \-X \ authzid\fR]
+[\c
+.BI \-Y \ mech\fR]
+[\c
+.BR \-Z[Z] ]
+[\c
+.BI \-f \ file\fR]
+.LP
+.B ldapadd
+[\c
+.BR \-c ]
+[\c
+.BI \-S \ file\fR]
+[\c
+.BR \-n ]
+[\c
+.BR \-v ]
+[\c
+.BR \-M[M] ]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BR \-W ]
+[\c
+.BI \-w \ passwd\fR]
+[\c
+.BI \-y \ passwdfile\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BI \-P \ 2\fR\||\|\fI3\fR]
+[\c
+.BR \-O \ security-properties ]
+[\c
+.BR \-I ]
+[\c
+.BR \-Q ]
+[\c
+.BI \-U \ authcid\fR]
+[\c
+.BI \-R \ realm\fR]
+[\c
+.BR \-x ]
+[\c
+.BI \-X \ authzid\fR]
+[\c
+.BI \-Y \ mech\fR]
+[\c
+.BR \-Z[Z] ]
+[\c
+.BI \-f \ file\fR]
+.SH DESCRIPTION
+.B ldapmodify
+is a shell-accessible interface to the
+.BR ldap_modify (3)
+and
+.BR ldap_add (3)
+library calls.
+.B ldapadd
+is implemented as a hard link to the ldapmodify tool. When invoked as
+.B ldapadd
+the -a (add new entry) flag is turned on automatically.
+.LP
+.B ldapmodify
+opens a connection to an LDAP server, binds, and modifies or adds entries.
+The entry information is read from standard input or from \fIfile\fP through
+the use of the -f option.
+.SH OPTIONS
+.TP
+.B \-a
+Add new entries. The default for
+.B ldapmodify
+is to modify existing entries. If invoked as
+.BR ldapadd ,
+this flag is always set.
+.TP
+.B \-c
+Continuous operation mode. Errors are reported, but
+.B ldapmodify
+will continue with modifications. The default is to exit after
+reporting an error.
+.TP
+.BI \-S \ file
+Add or change records which where skipped due to an error are written to \fIfile\fP
+and the error message returned by the server is added as a comment. Most useful in
+conjunction with -c.
+.TP
+.B \-n
+Show what would be done, but don't actually modify entries. Useful for
+debugging in conjunction with -v.
+.TP
+.B \-v
+Use verbose mode, with many diagnostics written to standard output.
+.TP
+.B \-F
+Force application of all changes regardless of the contents of input
+lines that begin with
+.I replica:
+(by default, replica: lines are compared against the LDAP server host
+and port in use to decide if a replog record should actually be applied).
+.TP
+.B \-M[M]
+Enable manage DSA IT control.
+.B \-MM
+makes control critical.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldapmodify
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
+.BI \-f \ file
+Read the entry modification information from \fIfile\fP instead of from
+standard input.
+.TP
+.B \-x
+Use simple authentication instead of SASL.
+.TP
+.BI \-D \ binddn
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+.TP
+.B \-W
+Prompt for simple authentication.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-w \ passwd
+Use \fIpasswd\fP as the password for simple authentication.
+.TP
+.BI \-y \ passwdfile
+Use complete contents of \fIpasswdfile\fP as the password for
+simple authentication.
+.TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s); only the protocol/host/port
+fields are allowed; a list of URI, separated by whitespace or commas
+is expected.
+.TP
+.BI \-h \ ldaphost
+Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
+.TP
+.BI \-p \ ldapport
+Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
+.TP
+.BI \-P \ 2\fR\||\|\fI3
+Specify the LDAP protocol version to use.
+.TP
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
+.B \-I
+Enable SASL Interactive mode. Always prompt. Default is to prompt
+only as needed.
+.TP
+.B \-Q
+Enable SASL Quiet mode. Never prompt.
+.TP
+.BI \-U \ authcid
+Specify the authentication ID for SASL bind. The form of the ID
+depends on the actual SASL mechanism used.
+.TP
+.BI \-R \ realm
+Specify the realm of authentication ID for SASL bind. The form of the realm
+depends on the actual SASL mechanism used.
+.TP
+.BI \-X \ authzid
+Specify the requested authorization ID for SASL bind.
+.I authzid
+must be one of the following formats:
+.B dn:\c
+.I <distinguished name>
+or
+.B u:\c
+.I <username>
+.TP
+.BI \-Y \ mech
+Specify the SASL mechanism to be used for authentication. If it's not
+specified, the program will choose the best mechanism the server knows.
+.TP
+.B \-Z[Z]
+Issue StartTLS (Transport Layer Security) extended operation. If you use
+.B \-ZZ\c
+, the command will require the operation to be successful.
+.SH INPUT FORMAT
+The contents of \fIfile\fP (or standard input if no \-f flag is given on
+the command line) should conform to the format defined in
+.BR ldif (1)
+(LDIF as defined RFC 2849), or
+.BR slapd.replog (5)
+(an extended form of LDIF)
+with the exceptions noted below.
+.LP
+Lines that begin with "replica:" are matched against the LDAP server host
+and port in use to decide if a particular replog record should be applied.
+Any other lines that precede the "dn:" line are ignored.
+The -F flag can be used to force
+.I ldapmodify
+to apply all of the replog changes, regardless of the presence or
+absence of any "replica:" lines.
+.LP
+If no "changetype:" line is present, the default is "add" if the -a
+flag is set (or if the program was invoked as
+.I ldapadd)
+and "modify" otherwise.
+.LP
+If changetype is "modify" and no "add:", "replace:", or "delete:" lines
+appear, the default is "replace" for
+.BR ldapmodify (1)
+and "add" for
+.BR ldapadd (1).
+.LP
+Note that the above exceptions to the
+.BR slapd.replog (5)
+format allow
+.BR ldif (5)
+entries to be used as input to
+.I ldapmodify
+or
+.I ldapadd.
+.SH EXAMPLES
+Assuming that the file
+.B /tmp/entrymods
+exists and has the contents:
+.LP
+.nf
+ dn: cn=Modify Me,dc=example,dc=com
+ changetype: modify
+ replace: mail
+ mail: modme at example.com
+ -
+ add: title
+ title: Grand Poobah
+ -
+ add: jpegPhoto
+ jpegPhoto:< file:///tmp/modme.jpeg
+ -
+ delete: description
+ -
+.fi
+.LP
+the command:
+.LP
+.nf
+ ldapmodify -f /tmp/entrymods
+.fi
+.LP
+will replace the contents of the "Modify Me" entry's
+.I mail
+attribute with the value "modme at example.com", add a
+.I title
+of "Grand Poobah", and the contents of the file "/tmp/modme.jpeg"
+as a
+.IR jpegPhoto ,
+and completely remove the
+.I description
+attribute.
+.LP
+Assuming that the file
+.B /tmp/newentry
+exists and has the contents:
+.LP
+.nf
+ dn: cn=Barbara Jensen,dc=example,dc=com
+ objectClass: person
+ cn: Barbara Jensen
+ cn: Babs Jensen
+ sn: Jensen
+ title: the world's most famous mythical manager
+ mail: bjensen at example.com
+ uid: bjensen
+.LP
+the command:
+.LP
+.nf
+ ldapadd -f /tmp/newentry
+.fi
+.LP
+will add a new entry for Babs Jensen, using the values from the
+file
+.B /tmp/newentry.
+.LP
+Assuming that the file
+.B /tmp/entrymods
+exists and has the contents:
+.LP
+.nf
+ dn: cn=Barbara Jensen,dc=example,dc=com
+ changetype: delete
+.LP
+the command:
+.LP
+.nf
+ ldapmodify -f /tmp/entrymods
+.fi
+.LP
+will remove Babs Jensen's entry.
+.SH DIAGNOSTICS
+Exit status is zero if no errors occur. Errors result in a non-zero
+exit status and a diagnostic message being written to standard error.
+.SH "SEE ALSO"
+.BR ldapadd (1),
+.BR ldapdelete (1),
+.BR ldapmodrdn (1),
+.BR ldapsearch (1),
+.BR ldap.conf (5),
+.BR ldap (3),
+.BR ldap_add (3),
+.BR ldap_delete (3),
+.BR ldap_modify (3),
+.BR ldap_modrdn (3),
+.BR ldif (5),
+.BR slapd.replog (5)
+.SH AUTHOR
+The OpenLDAP Project <http://www.openldap.org/>
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man1/ldapmodify.1.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man1/ldapmodify.1.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man1/ldapmodify.1.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1 @@
+ldapadd.1
Added: openldap/vendor/openldap-2.3.35/doc/man/man1/ldapmodrdn.1
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man1/ldapmodrdn.1 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man1/ldapmodrdn.1 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,230 @@
+.TH LDAPMODRDN 1 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodrdn.1,v 1.34.2.6 2007/04/06 04:31:49 quanah Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldapmodrdn \- LDAP rename entry tool
+.SH SYNOPSIS
+.B ldapmodrdn
+[\c
+.BR \-r ]
+[\c
+.BI \-s \ newsup\fR]
+[\c
+.BR \-n ]
+[\c
+.BR \-v ]
+[\c
+.BR \-c ]
+[\c
+.BR \-M[M] ]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BR \-W ]
+[\c
+.BI \-w \ passwd\fR]
+[\c
+.BI \-y \ passwdfile\fR]
+[\c
+.BI \-H \ ldapuri\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BI \-P \ 2\fR\||\|\fI3\fR]
+[\c
+.BR \-O \ security-properties ]
+[\c
+.BR \-I ]
+[\c
+.BR \-Q ]
+[\c
+.BI \-U \ authcid\fR]
+[\c
+.BI \-R \ realm\fR]
+[\c
+.BR \-x ]
+[\c
+.BI \-X \ authzid\fR]
+[\c
+.BI \-Y \ mech\fR]
+[\c
+.BR \-Z[Z] ]
+[\c
+.BI \-f \ file\fR]
+[\c
+.I dn rdn\fR]
+.SH DESCRIPTION
+.B ldapmodrdn
+is a shell-accessible interface to the
+.BR ldap_modrdn2 (3)
+library call.
+.LP
+.B ldapmodrdn
+opens a connection to an LDAP server, binds, and modifies the RDN of entries.
+The entry information is read from standard input, from \fIfile\fP through
+the use of the
+.RI \- f
+option, or from the command-line pair \fIdn\fP and
+\fIrdn\fP.
+.SH OPTIONS
+.TP
+.B \-r
+Remove old RDN values from the entry. Default is to keep old values.
+.TP
+.BI \-s \ newsup
+Specify a new superior entry. (I.e., move the target entry and make it a
+child of the new superior.) This option is not supported in LDAPv2.
+.TP
+.B \-n
+Show what would be done, but don't actually change entries. Useful for
+debugging in conjunction with -v.
+.TP
+.B \-v
+Use verbose mode, with many diagnostics written to standard output.
+.TP
+.B \-c
+Continuous operation mode. Errors are reported, but ldapmodrdn
+will continue with modifications. The default is to exit after
+reporting an error.
+.TP
+.B \-M[M]
+Enable manage DSA IT control.
+.B \-MM
+makes control critical.
+.TP
+.B \-d debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldapmodrdn
+must be
+compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
+.B \-f file
+Read the entry modification information from \fIfile\fP instead of from
+standard input or the command-line.
+.TP
+.B \-x
+Use simple authentication instead of SASL.
+.TP
+.B \-D binddn
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+.TP
+.B \-W
+Prompt for simple authentication.
+This is used instead of specifying the password on the command line.
+.TP
+.B \-w passwd
+Use \fIpasswd\fP as the password for simple authentication.
+.TP
+.BI \-y \ passwdfile
+Use complete contents of \fIpasswdfile\fP as the password for
+simple authentication.
+.TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s); only the protocol/host/port
+fields are allowed; a list of URI, separated by whitespace or commas
+is expected.
+.TP
+.BI \-h \ ldaphost
+Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
+.TP
+.BI \-p \ ldapport
+Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
+.TP
+.BI \-P \ 2\fR\||\|\fI3
+Specify the LDAP protocol version to use.
+.TP
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
+.B \-I
+Enable SASL Interactive mode. Always prompt. Default is to prompt
+only as needed.
+.TP
+.B \-Q
+Enable SASL Quiet mode. Never prompt.
+.TP
+.BI \-U \ authcid
+Specify the authentication ID for SASL bind. The form of the ID
+depends on the actual SASL mechanism used.
+.TP
+.BI \-R \ realm
+Specify the realm of authentication ID for SASL bind. The form of the realm
+depends on the actual SASL mechanism used.
+.TP
+.BI \-X \ authzid
+Specify the requested authorization ID for SASL bind.
+.I authzid
+must be one of the following formats:
+.B dn:\c
+.I <distinguished name>
+or
+.B u:\c
+.I <username>
+.TP
+.BI \-Y \ mech
+Specify the SASL mechanism to be used for authentication. If it's not
+specified, the program will choose the best mechanism the server knows.
+.TP
+.B \-Z[Z]
+Issue StartTLS (Transport Layer Security) extended operation. If you use
+.B \-ZZ\c
+, the command will require the operation to be successful.
+.SH INPUT FORMAT
+If the command-line arguments \fIdn\fP and \fIrdn\fP are given, \fIrdn\fP
+will replace the RDN of the entry specified by the DN, \fIdn\fP.
+.LP
+Otherwise, the contents of \fIfile\fP (or standard input if
+no
+.RI \- f
+flag is given) should consist of one or more entries.
+.LP
+.nf
+ Distinguished Name (DN)
+ Relative Distinguished Name (RDN)
+.fi
+.LP
+One or more blank lines may be used to separate each DN/RDN pair.
+.SH EXAMPLE
+Assuming that the file
+.B /tmp/entrymods
+exists and has the contents:
+.LP
+.nf
+ cn=Modify Me,dc=example,dc=com
+ cn=The New Me
+.fi
+.LP
+the command:
+.LP
+.nf
+ ldapmodrdn -r -f /tmp/entrymods
+.fi
+.LP
+will change the RDN of the "Modify Me" entry from "Modify Me" to
+"The New Me" and the old cn, "Modify Me" will be removed.
+.LP
+.SH DIAGNOSTICS
+Exit status is 0 if no errors occur. Errors result in a non-zero exit
+status and a diagnostic message being written to standard error.
+.SH "SEE ALSO"
+.BR ldapadd (1),
+.BR ldapdelete (1),
+.BR ldapmodify (1),
+.BR ldapsearch (1),
+.BR ldap.conf (5),
+.BR ldap (3),
+.BR ldap_modrdn2 (3)
+.SH AUTHOR
+The OpenLDAP Project <http://www.openldap.org/>
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man1/ldappasswd.1
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man1/ldappasswd.1 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man1/ldappasswd.1 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,191 @@
+.TH LDAPPASSWD 1 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldappasswd.1,v 1.36.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldappasswd \- change the password of an LDAP entry
+.SH SYNOPSIS
+.B ldappasswd
+[\c
+.BR \-A ]
+[\c
+.BI \-a \ oldPasswd\fR]
+[\c
+.BI \-t \ oldpasswdfile\fR]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
+.BI \-H \ ldapuri\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BR \-n ]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BR \-S ]
+[\c
+.BI \-s \ newPasswd\fR]
+[\c
+.BI \-T \ newpasswdfile\fR]
+[\c
+.BR \-v ]
+[\c
+.BR \-W ]
+[\c
+.BI \-w \ passwd\fR]
+[\c
+.BI \-y \ passwdfile\fR]
+[\c
+.BR \-O \ security-properties ]
+[\c
+.BR \-I ]
+[\c
+.BR \-Q ]
+[\c
+.BI \-U \ authcid\fR]
+[\c
+.BI \-R \ authcid\fR]
+[\c
+.BR \-x ]
+[\c
+.BI \-X \ authzid\fR]
+[\c
+.BI \-R \ realm\fR]
+[\c
+.BI \-Y \ mech\fR]
+[\c
+.BR \-Z[Z] ]
+[\c
+.IR user ]
+.SH DESCRIPTION
+.B ldappasswd
+is a tool to set the password of an LDAP user.
+.B ldappasswd
+uses the LDAPv3 Password Modify (RFC 3062) extended operation.
+.LP
+.B ldappasswd
+sets the password of associated with the user [or an optionally
+specified
+.IR user ].
+If the new
+password is not specified on the command line and the user
+doesn't enable prompting, the server will be asked to generate
+a password for the user.
+.LP
+.B ldappasswd
+is neither designed nor intended to be a replacement for
+.BR passwd (1)
+and should not be installed as such.
+.SH OPTIONS
+.TP
+.BI \-A
+Prompt for old password.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-a \ oldPasswd
+Set the old password to \fIoldPasswd\fP.
+.TP
+.BI \-t \ oldPasswdFile
+Set the old password to the contents of \fIoldPasswdFile\fP.
+.TP
+.B \-x
+Use simple authentication instead of SASL.
+.TP
+.BI \-D \ binddn
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldappasswd
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s); only the protocol/host/port
+fields are allowed; a list of URI, separated by whitespace or commas
+is expected.
+.TP
+.BI \-h \ ldaphost
+Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
+.TP
+.BI \-p \ ldapport
+Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
+.TP
+.B \-n
+Do not set password. (Can be useful when used in conjunction with
+.BR \-v \ or
+.BR \-d )
+.TP
+.BI \-S
+Prompt for new password.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-s \ newPasswd
+Set the new password to \fInewPasswd\fP.
+.TP
+.BI \-T \ newPasswdFile
+Set the new password to the contents of \fInewPasswdFile\fP.
+.TP
+.B \-v
+Increase the verbosity of output. Can be specified multiple times.
+.TP
+.BI \-W
+Prompt for bind password.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-w \ passwd
+Use \fIpasswd\fP as the password to bind with.
+.TP
+.BI \-y \ passwdfile
+Use complete contents of \fIpasswdfile\fP as the password for
+simple authentication.
+.TP
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
+.B \-I
+Enable SASL Interactive mode. Always prompt. Default is to prompt
+only as needed.
+.TP
+.B \-Q
+Enable SASL Quiet mode. Never prompt.
+.TP
+.BI \-U \ authcid
+Specify the authentication ID for SASL bind. The form of the ID
+depends on the actual SASL mechanism used.
+.TP
+.BI \-R \ realm
+Specify the realm of authentication ID for SASL bind. The form of the realm
+depends on the actual SASL mechanism used.
+.TP
+.BI \-X \ authzid
+Specify the requested authorization ID for SASL bind.
+.I authzid
+must be one of the following formats:
+.BI dn: <distinguished name>
+or
+.BI u: <username>\fP.
+.TP
+.BI \-Y \ mech
+Specify the SASL mechanism to be used for authentication. If it's not
+specified, the program will choose the best mechanism the server knows.
+.TP
+.B \-Z[Z]
+Issue StartTLS (Transport Layer Security) extended operation. If you use
+.BR \-ZZ ,
+the command will require the operation to be successful
+.SH SEE ALSO
+.BR ldap_sasl_bind (3),
+.BR ldap_extended_operation (3),
+.BR ldap_start_tls_s (3)
+.SH AUTHOR
+The OpenLDAP Project <http://www.openldap.org/>
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man1/ldapsearch.1
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man1/ldapsearch.1 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man1/ldapsearch.1 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,459 @@
+.TH LDAPSEARCH 1 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapsearch.1,v 1.49.2.11 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldapsearch \- LDAP search tool
+.SH SYNOPSIS
+.B ldapsearch
+[\c
+.BR \-n ]
+[\c
+.BR \-u ]
+[\c
+.BR \-v ]
+[\c
+.BR \-t[t] ]
+[\c
+.BI \-T \ path\fR]
+[\c
+.BI \-F \ prefix\fR]
+[\c
+.BR \-A ]
+[\c
+.BR \-L[L[L]] ]
+[\c
+.BR \-M[M] ]
+[\c
+.BI \-S \ attribute\fR]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
+.BI \-f \ file\fR]
+[\c
+.BR \-x ]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BR \-W ]
+[\c
+.BI \-w \ passwd\fR]
+[\c
+.BI \-y \ passwdfile\fR]
+[\c
+.BI \-H \ ldapuri\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BI \-b \ searchbase\fR]
+[\c
+.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren\fR]
+[\c
+.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind\fR]
+[\c
+.BI \-P \ 2\fR\||\|\fI3\fR]
+[\c
+.BR \-e \ [!]ext[=extparam]]
+[\c
+.BR \-E \ [!]ext[=extparam]]
+[\c
+.BI \-l \ timelimit\fR]
+[\c
+.BI \-z \ sizelimit\fR]
+[\c
+.BR \-O \ security-properties ]
+[\c
+.BR \-I ]
+[\c
+.BR \-Q ]
+[\c
+.BI \-U \ authcid\fR]
+[\c
+.BI \-R \ realm\fR]
+[\c
+.BI \-X \ authzid\fR]
+[\c
+.BI \-Y \ mech\fR]
+[\c
+.BR \-Z[Z] ]
+.I filter
+[\c
+.IR attrs... ]
+.SH DESCRIPTION
+.I ldapsearch
+is a shell-accessible interface to the
+.BR ldap_search_ext (3)
+library call.
+.LP
+.B ldapsearch
+opens a connection to an LDAP server, binds, and performs a search
+using specified parameters. The \fIfilter\fP should conform to
+the string representation for search filters as defined in RFC 4515.
+If not provided, the default filter, (objectClass=*), is used.
+.LP
+If
+.B ldapsearch
+finds one or more entries, the attributes specified by
+\fIattrs\fP are returned. If * is listed, all user attributes are
+returned. If + is listed, all operational attributes are returned.
+If no \fIattrs\fP are listed, all user attributes are returned. If only
+1.1 is listed, no attributes will be returned.
+.SH OPTIONS
+.TP
+.B \-n
+Show what would be done, but don't actually perform the search. Useful for
+debugging in conjunction with -v.
+.TP
+.B \-u
+Include the User Friendly Name form of the Distinguished Name (DN)
+in the output.
+.TP
+.B \-v
+Run in verbose mode, with many diagnostics written to standard output.
+.TP
+.B \-t[t]
+A single -t writes retrieved non-printable values to a set of temporary
+files. This is useful for dealing with values containing non-character
+data such as jpegPhoto or audio. A second -t writes all retrieved values to
+files.
+.TP
+.BI \-T \ path
+Write temporary files to directory specified by \fIpath\fP (default:
+/var/tmp/)
+.TP
+.BI \-F \ prefix
+URL prefix for temporary files. Default is file://\fIpath\fP/ where
+\fIpath\fP is /var/tmp/ or specified with -T.
+.TP
+.B \-A
+Retrieve attributes only (no values). This is useful when you just want to
+see if an attribute is present in an entry and are not interested in the
+specific values.
+.TP
+.B \-L
+Search results are display in LDAP Data Interchange Format detailed in
+.BR ldif (5).
+A single -L restricts the output to LDIFv1.
+A second -L disables comments.
+A third -L disables printing of the LDIF version.
+The default is to use an extended version of LDIF.
+.TP
+.B \-M[M]
+Enable manage DSA IT control.
+.B \-MM
+makes control critical.
+.TP
+.BI \-S \ attribute
+Sort the entries returned based on \fIattribute\fP. The default is not
+to sort entries returned. If \fIattribute\fP is a zero-length string (""),
+the entries are sorted by the components of their Distinguished Name. See
+.BR ldap_sort (3)
+for more details. Note that
+.B ldapsearch
+normally prints out entries as it receives them. The use of the
+.B \-S
+option defeats this behavior, causing all entries to be retrieved,
+then sorted, then printed.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldapsearch
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
+.BI \-f \ file
+Read a series of lines from \fIfile\fP, performing one LDAP search for
+each line. In this case, the \fIfilter\fP given on the command line
+is treated as a pattern where the first and only occurrence of \fB%s\fP
+is replaced with a line from \fIfile\fP. Any other occurence of the
+the \fB%\fP character in the pattern will be regarded as an error.
+Where it is desired that the search filter include a \fB%\fP character,
+the character should be encoded as \fB\\25\fP (see RFC 4515).
+If \fIfile\fP is a single
+\fI-\fP character, then the lines are read from standard input.
+.TP
+.B \-x
+Use simple authentication instead of SASL.
+.TP
+.BI \-D \ binddn
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+.TP
+.B \-W
+Prompt for simple authentication.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-w \ passwd
+Use \fIpasswd\fP as the password for simple authentication.
+.TP
+.BI \-y \ passwdfile
+Use complete contents of \fIpasswdfile\fP as the password for
+simple authentication.
+.TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s); only the protocol/host/port
+fields are allowed; a list of URI, separated by whitespace or commas
+is expected.
+.TP
+.BI \-h \ ldaphost
+Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
+.TP
+.BI \-p \ ldapport
+Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
+.TP
+.BI \-b \ searchbase
+Use \fIsearchbase\fP as the starting point for the search instead of
+the default.
+.TP
+.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren
+Specify the scope of the search to be one of
+.IR base ,
+.IR one ,
+.IR sub ,
+or
+.I children
+to specify a base object, one-level, subtree, or children search.
+The default is
+.IR sub .
+Note:
+.I children
+scope requires LDAPv3 subordinate feature extension.
+.TP
+.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind
+Specify how aliases dereferencing is done. Should be one of
+.IR never ,
+.IR always ,
+.IR search ,
+or
+.I find
+to specify that aliases are never dereferenced, always dereferenced,
+dereferenced when searching, or dereferenced only when locating the
+base object for the search. The default is to never dereference aliases.
+.TP
+.BI \-P \ 2\fR\||\|\fI3
+Specify the LDAP protocol version to use.
+.TP
+.B \-e \fI[!]ext[=extparam]\fP
+.TP
+.B \-E \fI[!]ext[=extparam]\fP
+
+Specify general extensions with -e and search extensions with -E.
+\'!\' indicates criticality.
+
+General extensions:
+.nf
+ [!]assert=<filter> (an RFC 4515 Filter)
+ [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+ [!]manageDSAit
+ [!]noop
+ ppolicy
+ [!]postread[=<attrs>] (a comma-separated attribute list)
+ [!]preread[=<attrs>] (a comma-separated attribute list)
+ abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+.fi
+
+Search extensions:
+.nf
+ [!]domainScope (domain scope)
+ [!]mv=<filter> (matched values filter)
+ [!]pr=<size>[/prompt|noprompt] (paged results/prompt)
+ [!]subentries[=true|false] (subentries)
+ [!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
+ rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
+.fi
+.TP
+.BI \-l \ timelimit
+wait at most \fItimelimit\fP seconds for a search to complete.
+A timelimit of
+.I 0
+(zero) or
+.I none
+means no limit.
+A timelimit of
+.I max
+means the maximum integer allowable by the protocol.
+A server may impose a maximal timelimit which only
+the root user may override.
+.TP
+.BI \-z \ sizelimit
+retrieve at most \fIsizelimit\fP entries for a search.
+A sizelimit of
+.I 0
+(zero) or
+.I none
+means no limit.
+A sizelimit of
+.I max
+means the maximum integer allowable by the protocol.
+A server may impose a maximal sizelimit which only
+the root user may override.
+.TP
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
+.B \-I
+Enable SASL Interactive mode. Always prompt. Default is to prompt
+only as needed.
+.TP
+.B \-Q
+Enable SASL Quiet mode. Never prompt.
+.TP
+.BI \-U \ authcid
+Specify the authentication ID for SASL bind. The form of the ID
+depends on the actual SASL mechanism used.
+.TP
+.BI \-R \ realm
+Specify the realm of authentication ID for SASL bind. The form of the realm
+depends on the actual SASL mechanism used.
+.TP
+.BI \-X \ authzid
+Specify the requested authorization ID for SASL bind.
+.I authzid
+must be one of the following formats:
+.B dn:\c
+.I <distinguished name>
+or
+.B u:\c
+.I <username>
+.TP
+.BI \-Y \ mech
+Specify the SASL mechanism to be used for authentication. If it's not
+specified, the program will choose the best mechanism the server knows.
+.TP
+.B \-Z[Z]
+Issue StartTLS (Transport Layer Security) extended operation. If you use
+.B \-ZZ\c
+, the command will require the operation to be successful.
+.SH OUTPUT FORMAT
+If one or more entries are found, each entry is written to standard
+output in LDAP Data Interchange Format or
+.BR ldif (5):
+.LP
+.nf
+ version: 1
+
+ # bjensen, example, net
+ dn: uid=bjensen,dc=example,dc=net
+ objectClass: person
+ objectClass: dcObject
+ uid: bjensen
+ cn: Barbara Jensen
+ sn: Jensen
+ ...
+.fi
+.LP
+If the -t option is used, the URI of a temporary file
+is used in place of the actual value. If the -A option
+is given, only the "attributename" part is written.
+.SH EXAMPLE
+The following command:
+.LP
+.nf
+ ldapsearch -LLL "(sn=smith)" cn sn telephoneNumber
+.fi
+.LP
+will perform a subtree search (using the default search base and
+other parameters defined in
+.BR ldap.conf (5))
+for entries with a surname (sn) of smith. The common name (cn), surname
+(sn) and telephoneNumber values will be retrieved and printed to
+standard output.
+The output might look something like this if two entries are found:
+.LP
+.nf
+ dn: uid=jts,dc=example,dc=com
+ cn: John Smith
+ cn: John T. Smith
+ sn: Smith
+ sn;lang-en: Smith
+ sn;lang-de: Schmidt
+ telephoneNumber: 1 555 123-4567
+
+ dn: uid=sss,dc=example,dc=com
+ cn: Steve Smith
+ cn: Steve S. Smith
+ sn: Smith
+ sn;lang-en: Smith
+ sn;lang-de: Schmidt
+ telephoneNumber: 1 555 765-4321
+.fi
+.LP
+The command:
+.LP
+.nf
+ ldapsearch -LLL -u -t "(uid=xyz)" jpegPhoto audio
+.fi
+.LP
+will perform a subtree search using the default search base for entries
+with user id of "xyz". The user friendly form of the entry's DN will be
+output after the line that contains the DN itself, and the jpegPhoto
+and audio values will be retrieved and written to temporary files. The
+output might look like this if one entry with one value for each of the
+requested attributes is found:
+.LP
+.nf
+ dn: uid=xyz,dc=example,dc=com
+ ufn: xyz, example, com
+ audio:< file:///tmp/ldapsearch-audio-a19924
+ jpegPhoto:< file:///tmp/ldapsearch-jpegPhoto-a19924
+.fi
+.LP
+This command:
+.LP
+.nf
+ ldapsearch -LLL -s one -b "c=US" "(o=University*)" o description
+.fi
+.LP
+will perform a one-level search at the c=US level for all entries
+whose organization name (o) begins begins with \fBUniversity\fP.
+The organization name and description attribute values will be retrieved
+and printed to standard output, resulting in output similar to this:
+.LP
+.nf
+ dn: o=University of Alaska Fairbanks,c=US
+ o: University of Alaska Fairbanks
+ description: Preparing Alaska for a brave new yesterday
+ description: leaf node only
+
+ dn: o=University of Colorado at Boulder,c=US
+ o: University of Colorado at Boulder
+ description: No personnel information
+ description: Institution of education and research
+
+ dn: o=University of Colorado at Denver,c=US
+ o: University of Colorado at Denver
+ o: UCD
+ o: CU/Denver
+ o: CU-Denver
+ description: Institute for Higher Learning and Research
+
+ dn: o=University of Florida,c=US
+ o: University of Florida
+ o: UFl
+ description: Warper of young minds
+
+ ...
+.fi
+.SH DIAGNOSTICS
+Exit status is zero if no errors occur.
+Errors result in a non-zero exit status and
+a diagnostic message being written to standard error.
+.SH "SEE ALSO"
+.BR ldapadd (1),
+.BR ldapdelete (1),
+.BR ldapmodify (1),
+.BR ldapmodrdn (1),
+.BR ldap.conf (5),
+.BR ldif (5),
+.BR ldap (3),
+.BR ldap_search_ext (3),
+.BR ldap_sort (3)
+.SH AUTHOR
+The OpenLDAP Project <http://www.openldap.org/>
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man1/ldapwhoami.1
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man1/ldapwhoami.1 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man1/ldapwhoami.1 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,154 @@
+.TH LDAPWHOAMI 1 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapwhoami.1,v 1.6.2.5 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldapwhoami \- LDAP who am i? tool
+.SH SYNOPSIS
+.B ldapwhoami
+[\c
+.BR \-n ]
+[\c
+.BR \-v ]
+[\c
+.BR \-z ]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BR \-W ]
+[\c
+.BI \-w \ passwd\fR]
+[\c
+.BI \-y \ passwdfile\fR]
+[\c
+.BI \-H \ ldapuri\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BI \-O \ security-properties\fR]
+[\c
+.BR \-I ]
+[\c
+.BR \-Q ]
+[\c
+.BI \-U \ authcid\fR]
+[\c
+.BI \-R \ realm\fR]
+[\c
+.BR \-x ]
+[\c
+.BI \-X \ authzid\fR]
+[\c
+.BI \-Y \ mech\fR]
+[\c
+.BR \-Z[Z] ]
+.SH DESCRIPTION
+.I ldapwhoami
+implements the LDAP "Who Am I?" extended operation.
+.LP
+.B ldapwhoami
+opens a connection to an LDAP server, binds, and performs a whoami
+operation.
+.SH OPTIONS
+.TP
+.B \-n
+Show what would be done, but don't actually perform the whoami operation.
+Useful for
+debugging in conjunction with -v.
+.TP
+.B \-v
+Run in verbose mode, with many diagnostics written to standard output.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldapwhoami
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
+.B \-x
+Use simple authentication instead of SASL.
+.TP
+.BI \-D \ binddn
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+.TP
+.B \-W
+Prompt for simple authentication.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-w \ passwd
+Use \fIpasswd\fP as the password for simple authentication.
+.TP
+.BI \-y \ passwdfile
+Use complete contents of \fIpasswdfile\fP as the password for
+simple authentication.
+.TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s); only the protocol/host/port
+fields are allowed; a list of URI, separated by whitespace or commas
+is expected.
+.TP
+.BI \-h \ ldaphost
+Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
+.TP
+.BI \-p \ ldapport
+Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
+.TP
+.BI \-P \ 2\fR\||\|\fI3
+Specify the LDAP protocol version to use.
+.TP
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
+.B \-I
+Enable SASL Interactive mode. Always prompt. Default is to prompt
+only as needed.
+.TP
+.B \-Q
+Enable SASL Quiet mode. Never prompt.
+.TP
+.BI \-U \ authcid
+Specify the authentication ID for SASL bind. The form of the ID
+depends on the actual SASL mechanism used.
+.TP
+.BI \-R \ realm
+Specify the realm of authentication ID for SASL bind. The form of the realm
+depends on the actual SASL mechanism used.
+.TP
+.BI \-X \ authzid
+Specify the requested authorization ID for SASL bind.
+.I authzid
+must be one of the following formats:
+.B dn:\c
+.I <distinguished name>
+or
+.B u:\c
+.I <username>
+.TP
+.BI \-Y \ mech
+Specify the SASL mechanism to be used for authentication. If it's not
+specified, the program will choose the best mechanism the server knows.
+.TP
+.B \-Z[Z]
+Issue StartTLS (Transport Layer Security) extended operation. If you use
+.B \-ZZ\c
+, the command will require the operation to be successful.
+.SH EXAMPLE
+.nf
+ ldapwhoami -x -D "cn=Manager,dc=example,dc=com" -W
+.fi
+.SH "SEE ALSO"
+.BR ldap.conf (5),
+.BR ldap (3),
+.BR ldap_extended_operation (3)
+.SH AUTHOR
+The OpenLDAP Project <http://www.openldap.org/>
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,16 @@
+# man3 Makefile.in for OpenLDAP
+# $OpenLDAP: pkg/ldap/doc/man/man3/Makefile.in,v 1.8.2.5 2007/01/02 21:43:44 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+MANSECT=3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/lber-decode.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/lber-decode.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/lber-decode.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,356 @@
+.TH LBER_DECODE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-decode.3,v 1.21.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int,
+ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal,
+ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring,
+ber_first_element, ber_next_element
+\- LBER simplified Basic Encoding Rules library routines for decoding
+.SH LIBRARY
+OpenLDAP LBER (liblber, -llber)
+.SH SYNOPSIS
+.B #include <lber.h>
+.LP
+.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
+.LP
+.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
+.LP
+.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
+.LP
+.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
+.LP
+.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
+.LP
+.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
+.LP
+.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
+.LP
+.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
+.LP
+.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
+.LP
+.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
+.LP
+.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
+.LP
+.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
+.LP
+.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
+.LP
+.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
+.LP
+.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
+.SH DESCRIPTION
+.LP
+These routines provide a subroutine interface to a simplified
+implementation of the Basic Encoding Rules of ASN.1. The version
+of BER these routines support is the one defined for the LDAP
+protocol. The encoding rules are the same as BER, except that
+only definite form lengths are used, and bitstrings and octet strings
+are always encoded in primitive form. This man page
+describes the decoding routines in the lber library. See
+.BR lber-encode (3)
+for details on the corresponding encoding routines.
+Consult
+.BR lber-types (3)
+for information about types, allocators, and deallocators.
+.LP
+Normally, the only routines that need to be called by an application
+are
+.BR ber_get_next ()
+to get the next BER element and
+.BR ber_scanf ()
+to do the actual decoding. In some cases,
+.BR ber_peek_tag ()
+may also need to be called in normal usage. The other routines are
+provided for those applications that need more control than
+.BR ber_scanf ()
+provides. In
+general, these routines return the tag of the element decoded, or
+LBER_ERROR if an error occurred.
+.LP
+The
+.BR ber_get_next ()
+routine is used to read the next BER element from the given Sockbuf,
+\fIsb\fP. It strips off and returns the leading tag, strips off and
+returns the length of the entire element in \fIlen\fP, and sets up
+\fIber\fP for subsequent calls to
+.BR ber_scanf ()
+et al to decode the element. See
+.BR lber-sockbuf (3)
+for details of the Sockbuf implementation of the \fIsb\fP parameter.
+.LP
+The
+.BR ber_scanf ()
+routine is used to decode a BER element in much the same way that
+.BR scanf (3)
+works. It reads from \fIber\fP, a pointer to a BerElement
+such as returned by
+.BR ber_get_next (),
+interprets the bytes according to the format string \fIfmt\fP, and stores the
+results in its additional arguments. The format string contains
+conversion specifications which are used to direct the interpretation
+of the BER element. The format string can contain the following
+characters.
+.RS
+.LP
+.TP 3
+.B a
+Octet string. A char ** should be supplied. Memory is allocated,
+filled with the contents of the octet string, null-terminated, and
+returned in the parameter. The caller should free the returned
+string using
+.BR ber_memfree ().
+.TP
+.B s
+Octet string. A char * buffer should be supplied, followed by a pointer to a
+ber_len_t initialized to the size of the buffer. Upon return, the
+null-terminated octet string is put into the buffer, and the
+ber_len_t is set to the actual size of the octet string.
+.TP
+.B O
+Octet string. A struct ber_val ** should be supplied, which upon
+return points to a dynamically allocated struct berval
+containing the octet string and its length.
+The caller should free the returned structure using
+.BR ber_bvfree ().
+.TP
+.B o
+Octet string. A struct ber_val * should be supplied, which upon
+return contains the dynamically allocated
+octet string and its length. The caller should free the returned octet
+string using
+.BR ber_memfree ().
+.TP
+.B m
+Octet string. A struct ber_val * should be supplied, which upon return
+contains the octet string and its length. The string resides in memory
+assigned to the BerElement, and must not be freed by the caller.
+.TP
+.B b
+Boolean. A pointer to a ber_int_t should be supplied.
+.TP
+.B e
+Enumeration. A pointer to a ber_int_t should be supplied.
+.TP
+.B i
+Integer. A pointer to a ber_int_t should be supplied.
+.TP
+.B B
+Bitstring. A char ** should be supplied which will point to the
+dynamically allocated
+bits, followed by a ber_len_t *, which will point to the length
+(in bits) of the bitstring returned.
+.TP
+.B n
+Null. No parameter is required. The element is simply skipped if
+it is recognized.
+.TP
+.B v
+Sequence of octet strings. A char *** should be supplied, which upon
+return points to a dynamically allocated null-terminated array of char *'s
+containing the octet strings. NULL is returned if the sequence is empty.
+The caller should free the returned array and octet strings using
+.BR ber_memvfree ().
+.TP
+.B V
+Sequence of octet strings with lengths.
+A struct berval *** should be supplied, which upon
+return points to a dynamically allocated null-terminated array of
+struct berval *'s
+containing the octet strings and their lengths.
+NULL is returned if the sequence is empty.
+The caller should free the returned structures using
+.BR ber_bvecfree ().
+.TP
+.B W
+Sequence of octet strings with lengths.
+A BerVarray * should be supplied, which upon
+return points to a dynamically allocated array of
+struct berval's
+containing the octet strings and their lengths. The array is terminated
+by a struct berval with a NULL bv_val string pointer.
+NULL is returned if the sequence is empty.
+The caller should free the returned structures using
+.BR ber_bvarray_free ().
+.TP
+.B M
+Sequence of octet strings with lengths. This is a generalized form
+of the previous three formats.
+A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
+and a ber_len_t (off).
+Upon return (ptr) will point to a dynamically allocated array
+whose elements are all of size (*len). A struct berval will be filled
+starting at offset (off) in each element. The strings in each struct
+berval reside in memory assigned to the BerElement and must not be
+freed by the caller. The array is terminated by a struct berval
+with a NULL bv_val string pointer. NULL is returned if the sequence
+is empty. The number of elements in the array is also stored
+in (*len) on return. The caller should free the returned array using
+.BR ber_memfree ().
+.TP
+.B l
+Length of the next element. A pointer to a ber_len_t should be supplied.
+.TP
+.B t
+Tag of the next element. A pointer to a ber_tag_t should be supplied.
+.TP
+.B T
+Skip element and return its tag. A pointer to a ber_tag_t should be supplied.
+.TP
+.B x
+Skip element. The next element is skipped.
+.TP
+.B {
+Begin sequence. No parameter is required. The initial sequence tag
+and length are skipped.
+.TP
+.B }
+End sequence. No parameter is required and no action is taken.
+.TP
+.B [
+Begin set. No parameter is required. The initial set tag
+and length are skipped.
+.TP
+.B ]
+End set. No parameter is required and no action is taken.
+.RE
+.LP
+The
+.BR ber_get_int ()
+routine tries to interpret the next element as an integer,
+returning the result in \fInum\fP. The tag of whatever it finds is returned
+on success, LBER_ERROR (\-1) on failure.
+.LP
+The
+.BR ber_get_stringb ()
+routine is used to read an octet string into a
+preallocated buffer. The \fIlen\fP parameter should be initialized to
+the size of the buffer, and will contain the length of the octet string
+read upon return. The buffer should be big enough to take the octet
+string value plus a terminating NULL byte.
+.LP
+The
+.BR ber_get_stringa ()
+routine is used to dynamically allocate space into
+which an octet string is read.
+The caller should free the returned string using
+.BR ber_memfree().
+.LP
+The
+.BR ber_get_stringal ()
+routine is used to dynamically allocate space
+into which an octet string and its length are read. It takes a
+struct berval **, and returns the result in this parameter.
+The caller should free the returned structure using
+.BR ber_bvfree().
+.LP
+The
+.BR ber_get_stringbv ()
+routine is used to read an octet string and its length into the
+provided struct berval *. If the \fIalloc\fP parameter is zero, the string
+will reside in memory assigned to the BerElement, and must not be freed
+by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
+copied into dynamically allocated space which should be returned using
+.BR ber_memfree ().
+.LP
+The
+.BR ber_get_null ()
+routine is used to read a NULL element. It returns
+the tag of the element it skips over.
+.LP
+The
+.BR ber_get_boolean ()
+routine is used to read a boolean value. It is called the same way that
+.BR ber_get_int ()
+is called.
+.LP
+The
+.BR ber_get_enum ()
+routine is used to read a enumeration value. It is called the same way that
+.BR ber_get_int ()
+is called.
+.LP
+The
+.BR ber_get_bitstringa ()
+routine is used to read a bitstring value. It
+takes a char ** which will hold the dynamically allocated bits, followed by an
+ber_len_t *, which will point to the length (in bits) of the bitstring returned.
+The caller should free the returned string using
+.BR ber_memfree ().
+.LP
+The
+.BR ber_first_element ()
+routine is used to return the tag and length
+of the first element in a set or sequence. It also returns in \fIcookie\fP
+a magic cookie parameter that should be passed to subsequent calls to
+ber_next_element(), which returns similar information.
+.SH EXAMPLES
+Assume the variable \fIber\fP contains a lightweight BER encoding of
+the following ASN.1 object:
+.LP
+.nf
+ AlmostASearchRequest := SEQUENCE {
+ baseObject DistinguishedName,
+ scope ENUMERATED {
+ baseObject (0),
+ singleLevel (1),
+ wholeSubtree (2)
+ },
+ derefAliases ENUMERATED {
+ neverDerefaliases (0),
+ derefInSearching (1),
+ derefFindingBaseObj (2),
+ alwaysDerefAliases (3)
+ },
+ sizelimit INTEGER (0 .. 65535),
+ timelimit INTEGER (0 .. 65535),
+ attrsOnly BOOLEAN,
+ attributes SEQUENCE OF AttributeType
+ }
+.fi
+.LP
+The element can be decoded using
+.BR ber_scanf ()
+as follows.
+.LP
+.nf
+ ber_int_t scope, deref, size, time, attrsonly;
+ char *dn, **attrs;
+ ber_tag_t tag;
+
+ tag = ber_scanf( ber, "{aeeiib{v}}",
+ &dn, &scope, &deref,
+ &size, &time, &attrsonly, &attrs );
+
+ if( tag == LBER_ERROR ) {
+ /* error */
+ } else {
+ /* success */
+ }
+
+ ber_memfree( dn );
+ ber_memvfree( attrs );
+.fi
+.SH ERRORS
+If an error occurs during decoding, generally these routines return
+LBER_ERROR ((ber_tag_t)\-1).
+.LP
+.SH NOTES
+.LP
+The return values for all of these functions are declared in the
+.B <lber.h>
+header file. Some routines may dynamically allocate memory
+which must be freed by the caller using supplied deallocation routines.
+.SH SEE ALSO
+.BR lber-encode (3),
+.BR lber-memory (3),
+.BR lber-sockbuf (3),
+.BR lber-types (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/lber-decode.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/lber-decode.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/lber-decode.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,13 @@
+ber_get_next.3
+ber_skip_tag.3
+ber_peek_tag.3
+ber_scanf.3
+ber_get_int.3
+ber_get_stringa.3
+ber_get_stringb.3
+ber_get_null.3
+ber_get_enum.3
+ber_get_boolean.3
+ber_get_bitstring.3
+ber_first_element.3
+ber_next_element.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/lber-encode.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/lber-encode.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/lber-encode.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,275 @@
+.TH LBER_ENCODE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-encode.3,v 1.19.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ber_alloc_t, ber_flush, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- LBER simplified Basic Encoding Rules library routines for encoding
+.SH LIBRARY
+OpenLDAP LBER (liblber, -llber)
+.SH SYNOPSIS
+.B #include <lber.h>
+.LP
+.BI "BerElement *ber_alloc_t(int " options ");"
+.LP
+.BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
+.LP
+.BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);"
+.LP
+.BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
+.LP
+.BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
+.LP
+.BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");"
+.LP
+.BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");"
+.LP
+.BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");"
+.LP
+.BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");"
+.LP
+.BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");"
+.LP
+.BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");"
+.LP
+.BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");"
+.LP
+.BI "int ber_put_seq(BerElement *" ber ");"
+.LP
+.BI "int ber_put_set(BerElement *" ber ");"
+.SH DESCRIPTION
+.LP
+These routines provide a subroutine interface to a simplified
+implementation of the Basic Encoding Rules of ASN.1. The version
+of BER these routines support is the one defined for the LDAP
+protocol. The encoding rules are the same as BER, except that
+only definite form lengths are used, and bitstrings and octet strings
+are always encoded in primitive form. This
+man page describes the encoding routines in the lber library. See
+.BR lber-decode (3)
+for details on the corresponding decoding routines. Consult
+.BR lber-types (3)
+for information about types, allocators, and deallocators.
+.LP
+Normally, the only routines that need to be called by an application
+are
+.BR ber_alloc_t ()
+to allocate a BER element for encoding,
+.BR ber_printf ()
+to do the actual encoding, and
+.BR ber_flush ()
+to actually write the element. The other routines are provided for those
+applications that need more control than
+.BR ber_printf ()
+provides. In
+general, these routines return the length of the element encoded, or
+-1 if an error occurred.
+.LP
+The
+.BR ber_alloc_t ()
+routine is used to allocate a new BER element. It
+should be called with an argument of LBER_USE_DER.
+.LP
+The
+.BR ber_flush ()
+routine is used to actually write the element to a socket
+(or file) descriptor, once it has been fully encoded (using
+.BR ber_printf ()
+and friends). See
+.BR lber-sockbuf (3)
+for more details on the Sockbuf implementation of the \fIsb\fP parameter.
+If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will
+be freed after its contents have been flushed.
+.LP
+The
+.BR ber_printf ()
+routine is used to encode a BER element in much the same way that
+.BR sprintf (3)
+works. One important difference, though, is
+that some state information is kept with the \fIber\fP parameter so
+that multiple calls can be made to
+.BR ber_printf ()
+to append things to the end of the BER element.
+.BR Ber_printf ()
+writes to \fIber\fP, a pointer to a BerElement such as returned by
+.BR ber_alloc_t ().
+It interprets and
+formats its arguments according to the format string \fIfmt\fP.
+The format string can contain the following characters:
+.RS
+.LP
+.TP 3
+.B b
+Boolean. An ber_int_t parameter should be supplied. A boolean element
+is output.
+.TP
+.B e
+Enumeration. An ber_int_t parameter should be supplied. An
+enumeration element is output.
+.TP
+.B i
+Integer. An ber_int_t parameter should be supplied. An integer element
+is output.
+.TP
+.B B
+Bitstring. A char * pointer to the start of the bitstring is supplied,
+followed by the number of bits in the bitstring. A bitstring element
+is output.
+.TP
+.B n
+Null. No parameter is required. A null element is output.
+.TP
+.B o
+Octet string. A char * is supplied, followed by the length of the
+string pointed to. An octet string element is output.
+.TP
+.B O
+Octet string. A struct berval * is supplied.
+An octet string element is output.
+.TP
+.B s
+Octet string. A null-terminated string is supplied. An octet string
+element is output, not including the trailing NULL octet.
+.TP
+.B t
+Tag. A ber_tag_t specifying the tag to give the next element
+is provided. This works across calls.
+.TP
+.B v
+Several octet strings. A null-terminated array of char *'s is
+supplied. Note that a construct like '{v}' is required to get
+an actual SEQUENCE OF octet strings.
+.TP
+.B V
+Several octet strings. A null-terminated array of struct berval *'s
+is supplied. Note that a construct like '{V}' is required to get
+an actual SEQUENCE OF octet strings.
+.TP
+.B W
+Several octet strings. An array of struct berval's is supplied. The
+array is terminated by a struct berval with a NULL bv_val.
+Note that a construct like '{W}' is required to get
+an actual SEQUENCE OF octet strings.
+.TP
+.B {
+Begin sequence. No parameter is required.
+.TP
+.B }
+End sequence. No parameter is required.
+.TP
+.B [
+Begin set. No parameter is required.
+.TP
+.B ]
+End set. No parameter is required.
+.RE
+.LP
+The
+.BR ber_put_int ()
+routine writes the integer element \fInum\fP to the BER element \fIber\fP.
+.LP
+The
+.BR ber_put_enum ()
+routine writes the enumeration element \fInum\fP to the BER element \fIber\fP.
+.LP
+The
+.BR ber_put_boolean ()
+routine writes the boolean value given by \fIbool\fP to the BER element.
+.LP
+The
+.BR ber_put_bitstring ()
+routine writes \fIblen\fP bits starting
+at \fIstr\fP as a bitstring value to the given BER element. Note
+that \fIblen\fP is the length \fIin bits\fP of the bitstring.
+.LP
+The
+.BR ber_put_ostring ()
+routine writes \fIlen\fP bytes starting at
+\fIstr\fP to the BER element as an octet string.
+.LP
+The
+.BR ber_put_string ()
+routine writes the null-terminated string (minus
+the terminating '\0') to the BER element as an octet string.
+.LP
+The
+.BR ber_put_null ()
+routine writes a NULL element to the BER element.
+.LP
+The
+.BR ber_start_seq ()
+routine is used to start a sequence in the BER element. The
+.BR ber_start_set ()
+routine works similarly.
+The end of the sequence or set is marked by the nearest matching call to
+.BR ber_put_seq ()
+or
+.BR ber_put_set (),
+respectively.
+.SH EXAMPLES
+Assuming the following variable declarations, and that the variables
+have been assigned appropriately, an lber encoding of
+the following ASN.1 object:
+.LP
+.nf
+ AlmostASearchRequest := SEQUENCE {
+ baseObject DistinguishedName,
+ scope ENUMERATED {
+ baseObject (0),
+ singleLevel (1),
+ wholeSubtree (2)
+ },
+ derefAliases ENUMERATED {
+ neverDerefaliases (0),
+ derefInSearching (1),
+ derefFindingBaseObj (2),
+ alwaysDerefAliases (3)
+ },
+ sizelimit INTEGER (0 .. 65535),
+ timelimit INTEGER (0 .. 65535),
+ attrsOnly BOOLEAN,
+ attributes SEQUENCE OF AttributeType
+ }
+.fi
+.LP
+can be achieved like so:
+.LP
+.nf
+ int rc;
+ ber_int_t scope, ali, size, time, attrsonly;
+ char *dn, **attrs;
+ BerElement *ber;
+
+ /* ... fill in values ... */
+
+ ber = ber_alloc_t( LBER_USE_DER );
+
+ if ( ber == NULL ) {
+ /* error */
+ }
+
+ rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
+ size, time, attrsonly, attrs );
+
+ if( rc == -1 ) {
+ /* error */
+ } else {
+ /* success */
+ }
+.fi
+.SH ERRORS
+If an error occurs during encoding, generally these routines return -1.
+.LP
+.SH NOTES
+.LP
+The return values for all of these functions are declared in the
+<lber.h> header file.
+.SH SEE ALSO
+.BR lber-decode (3),
+.BR lber-memory (3),
+.BR lber-sockbuf (3),
+.BR lber-types (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/lber-encode.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/lber-encode.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/lber-encode.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,11 @@
+ber_alloc_t.3
+ber_flush.3
+ber_printf.3
+ber_put_int.3
+ber_put_ostring.3
+ber_put_string.3
+ber_put_null.3
+ber_put_enum.3
+ber_start_set.3
+ber_put_seq.3
+ber_put_set.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/lber-memory.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/lber-memory.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/lber-memory.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,52 @@
+.TH LBER_MEMORY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-memory.3,v 1.12.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ber_memalloc, ber_memcalloc, ber_memrealloc, ber_memfree, ber_memvfree \- LBER memory allocators
+.SH LIBRARY
+OpenLDAP LBER (liblber, -llber)
+.SH SYNOPSIS
+.B #include <lber.h>
+.LP
+.BI "void *ber_memalloc(ber_len_t " bytes ");"
+.LP
+.BI "void *ber_memcalloc(ber_len_t " nelems ", ber_len_t " bytes ");"
+.LP
+.BI "void *ber_memrealloc(void *" ptr ", ber_len_t " bytes ");"
+.LP
+.BI "void ber_memfree(void *" ptr ");"
+.LP
+.BI "void ber_memvfree(void **" vec ");"
+.SH DESCRIPTION
+.LP
+These routines are used to allocate/deallocate memory used/returned
+by the Lightweight BER library as required by
+.BR lber-encode (3)
+and
+.BR lber-decode (3).
+.BR ber_memalloc (),
+.BR ber_memcalloc (),
+.BR ber_memrealloc (),
+and
+.BR ber_memfree ()
+are used exactly like the standard
+.BR malloc (3),
+.BR calloc (3),
+.BR realloc (3),
+and
+.BR free (3)
+routines, respectively. The
+.BR ber_memvfree ()
+routine is used to free a dynamically allocated array of pointers to
+arbitrary dynamically allocated objects.
+.SH SEE ALSO
+.BR lber-decode (3),
+.BR lber-encode (3),
+.BR lber-types (3)
+.LP
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/lber-types.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/lber-types.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/lber-types.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,170 @@
+.TH LBER_TYPES 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-types.3,v 1.16.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t,
+struct berval, BerValue, BerVarray, BerElement,
+ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add,
+ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_free
+\- LBER types and allocation functions
+.SH LIBRARY
+OpenLDAP LBER (liblber, -llber)
+.SH SYNOPSIS
+.B #include <lber.h>
+.LP
+.nf
+.ft B
+typedef impl_tag_t ber_tag_t;
+typedef impl_int_t ber_int_t;
+typedef impl_uint_t ber_uint_t;
+typedef impl_len_t ber_len_t;
+typedef impl_slen_t ber_slen_t;
+
+typedef struct berval {
+ ber_len_t bv_len;
+ char *bv_val;
+} BerValue, *BerVarray;
+
+typedef struct berelement BerElement;
+.ft
+.fi
+.LP
+.BI "void ber_bvfree(struct berval *" bv ");"
+.LP
+.BI "void ber_bvecfree(struct berval **" bvec ");"
+.LP
+.BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");"
+.LP
+.BI "void ber_bvarray_free(struct berval *" bvarray ");"
+.LP
+.BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");"
+.LP
+.BI "struct berval *ber_bvdup(const struct berval *" bv ");"
+.LP
+.BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");"
+.LP
+.BI "struct berval *ber_bvstr(const char *" str ");"
+.LP
+.BI "struct berval *ber_bvstrdup(const char *" str ");"
+.LP
+.BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");"
+.LP
+.BI "void ber_free(BerElement *" ber ", int " freebuf ");"
+.SH DESCRIPTION
+.LP
+The following are the basic types and structures defined for use
+with the Lightweight BER library.
+.LP
+.B ber_int_t
+is a signed integer of at least 32 bits. It is commonly equivalent to
+.BR int .
+.B ber_uint_t
+is the unsigned variant of
+.BR ber_int_t .
+.LP
+.B ber_len_t
+is an unsigned integer of at least 32 bits used to represent a length.
+It is commonly equivalent to a
+.BR size_t .
+.B ber_slen_t
+is the signed variant to
+.BR ber_len_t .
+.LP
+.B ber_tag_t
+is an unsigned integer of at least 32 bits used to represent a
+BER tag. It is commonly equivalent to a
+.BR unsigned\ long .
+.LP
+The actual definitions of the integral impl_TYPE_t types are platform
+specific.
+.LP
+.BR BerValue ,
+commonly used as
+.BR struct\ berval ,
+is used to hold an arbitrary sequence of octets.
+.B bv_val
+points to
+.B bv_len
+octets.
+.B bv_val
+is not necessarily terminated by a NUL (zero) octet.
+.BR ber_bvfree ()
+frees a BerValue, pointed to by \fIbv\fP, returned from this API. If \fIbv\fP
+is NULL, the routine does nothing.
+.LP
+.BR ber_bvecfree ()
+frees an array of BerValues (and the array), pointed to by \fIbvec\fP,
+returned from this API. If \fIbvec\fP is NULL, the routine does nothing.
+.BR ber_bvecadd ()
+appends the \fIbv\fP pointer to the \fIbvec\fP array. Space for the array
+is allocated as needed. The end of the array is marked by a NULL pointer.
+.LP
+.BR ber_bvarray_free ()
+frees an array of BerValues (and the array), pointed to by \fIbvarray\fP,
+returned from this API. If \fIbvarray\fP is NULL, the routine does nothing.
+.BR ber_bvarray_add ()
+appends the contents of the BerValue pointed to by \fIbv\fP to the
+\fIbvarray\fP array. Space for the new element is allocated as needed.
+The end of the array is marked by a BerValue with a NULL bv_val field.
+.LP
+.BR ber_bvdup ()
+returns a copy of a BerValue. The routine returns NULL upon error
+(e.g. out of memory). The caller should use
+.BR ber_bvfree ()
+to deallocate the resulting BerValue.
+.BR ber_dupbv ()
+copies a BerValue from \fIsrc\fP to \fIdst\fP. If \fIdst\fP is NULL a
+new BerValue will be allocated to hold the copy. The routine returns NULL
+upon error, otherwise it returns a pointer to the copy. If \fIdst\fP is
+NULL the caller should use
+.BR ber_bvfree ()
+to deallocate the resulting BerValue, otherwise
+.BR ber_memfree ()
+should be used to deallocate the \fIdst->bv_val\fP. (The
+.BR ber_bvdup ()
+function is internally implemented as ber_dupbv(NULL, bv).
+.BR ber_bvdup ()
+is provided only for compatibility with an expired draft of the LDAP C API;
+.BR ber_dupbv ()
+is the preferred interface.)
+.LP
+.BR ber_bvstr ()
+returns a BerValue containing the string pointed to by \fIstr\fP.
+.BR ber_bvstrdup ()
+returns a BerValue containing a copy of the string pointed to by \fIstr\fP.
+.BR ber_str2bv ()
+returns a BerValue containing the string pointed to by \fIstr\fP, whose
+length may be optionally specified in \fIlen\fP. If \fIdup\fP is non-zero,
+the BerValue will contain a copy of \fIstr\fP. If \fIlen\fP is zero, the
+number of bytes to copy will be determined by
+.BR strlen (3),
+otherwise \fIlen\fP bytes will be copied. If \fIbv\fP is non-NULL, the result
+will be stored in the given BerValue, otherwise a new BerValue will be
+allocated to store the result. NOTE: Both
+.BR ber_bvstr ()
+and
+.BR ber_bvstrdup ()
+are implemented as macros using
+.BR ber_str2bv ()
+in this version of the library.
+.LP
+.B BerElement
+is an opaque structure used to maintain state information used in
+encoding and decoding. BerElement structures are created using
+.BR ber_alloc_t (3)
+and
+.BR ber_init (3).
+.BR ber_free ()
+frees a BerElement pointed to by \fIber\fP. If \fIber\fP is NULL, the routine
+does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed.
+.SH SEE ALSO
+.BR lber-encode (3),
+.BR lber-decode (3),
+.BR lber-memory (3)
+.LP
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/lber-types.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/lber-types.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/lber-types.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,11 @@
+ber_bvarray_add.3
+ber_bvarray_free.3
+ber_bvdup.3
+ber_bvecadd.3
+ber_bvecfree.3
+ber_bvfree.3
+ber_bvstr.3
+ber_bvstrdup.3
+ber_dupbv.3
+ber_free.3
+ber_str2bv.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,262 @@
+.TH LDAP 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap.3,v 1.34.2.6 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap - OpenLDAP Lightweight Directory Access Protocol API
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.ft
+.fi
+.SH DESCRIPTION
+.LP
+The Lightweight Directory Access Protocol (LDAP) (RFC 3377) provides
+access to X.500 directory services. These services may be stand\-alone
+or part of a distributed directory service. This client API supports
+LDAP over TCP (RFC2251), LDAP over TLS/SSL, and LDAP over IPC (UNIX
+domain sockets). This API supports SASL (RFC2829) and Start TLS
+(RFC2830) as well as a number of protocol extensions. This API is
+loosely based upon IETF/LDAPEXT C LDAP API draft specification, a (orphaned)
+work in progress.
+.LP
+The OpenLDAP Software package includes a stand\-alone server in
+.BR slapd (8),
+various LDAP clients, and an LDAP client library used to provide
+programmatic access to the LDAP protocol. This man page gives an
+overview of the LDAP library routines.
+.LP
+Both synchronous and asynchronous APIs are provided. Also included are
+various routines to parse the results returned from these routines.
+These routines are found in the \-lldap library.
+.LP
+The basic interaction is as follows. A session handle is
+created using
+.BR ldap_initialize (3)
+and set the protocol version to 3 by calling
+.BR ldap_set_option (3).
+The underlying session is established first operation is
+issued. This would generally be a Start TLS or Bind operation.
+A Start TLS operation is performed by calling
+.BR ldap_start_tls_s (3).
+A LDAP bind operation is performed by calling
+.BR ldap_sasl_bind (3)
+or one of its friends. Subsequently, other operations are performed
+by calling one of the synchronous or asynchronous routines (e.g.,
+.BR ldap_search_ext_s (3)
+or
+.BR ldap_search_ext (3)
+followed by
+.BR ldap_result (3)).
+Results returned from these routines are interpreted by calling the
+LDAP parsing routines such as
+.BR ldap_parse_result (3).
+The LDAP association and underlying connection is terminated by calling
+.BR ldap_unbind_ext (3).
+Errors can be interpreted by calling
+.BR ldap_err2string (3).
+.SH LDAP versions
+This library supports version 3 of the Lightweight Directory Access
+Protocol (LDAPv3) as defined in RFC 3377. It also supports a variant
+of version 2 of LDAP as defined by U-Mich LDAP and, to some degree,
+RFC 1777. Version 2 (all variants) should be viewed as obsolete.
+Version 3 should be used instead.
+.LP
+For backwards compatibility reasons, the library defaults to version 2.
+Hence, all new applications (and all actively maintained applications)
+should use
+.BR ldap_set_option (3)
+to select version 3. The library manual pages assume version 3
+has been selected.
+.SH INPUT and OUTPUT PARAMETERS
+All character string input/output is expected to be/is UTF\-8
+encoded Unicode (version 3.2).
+.LP
+Distinguished names (DN) (and relative distinguished names (RDN) to
+be passed to the LDAP routines should conform to RFC 2253 UTF\-8
+string representation.
+.LP
+Search filters to be passed to the search routines are to be
+constructed by hand and should conform to RFC 2254 UTF\-8
+string representation.
+.LP
+LDAP URL are to be passed to routines are expected to conform
+to RFC 2255 syntax. The
+.BR ldap_url (3)
+routines can be used to work with LDAP URLs.
+.SH DISPLAYING RESULTS
+Results obtained from the search routines can be output by hand,
+by calling
+.BR ldap_first_entry (3)
+and
+.BR ldap_next_entry (3)
+to step through
+the entries returned,
+.BR ldap_first_attribute (3)
+and
+.BR ldap_next_attribute (3)
+to step through an entry's attributes, and
+.BR ldap_get_values (3)
+to retrieve a given attribute's values. Attribute values
+may or may not be displayable.
+.SH UTILITY ROUTINES
+Also provided are various utility routines. The
+.BR ldap_sort (3)
+routines are used to sort the entries and values returned via
+the ldap search routines.
+.SH BER LIBRARY
+Also included in the distribution is a set of lightweight Basic
+Encoding Rules routines. These routines are used by the LDAP library
+routines to encode and decode LDAP protocol elements using the
+(slightly simplified) Basic Encoding Rules defined by LDAP. They are
+not normally used directly by an LDAP application program except
+in the handling of controls and extended operations. The
+routines provide a printf and scanf\-like interface, as well as
+lower\-level access. These routines are discussed in
+.BR lber\-decode (3),
+.BR lber\-encode (3),
+.BR lber\-memory (3),
+and
+.BR lber\-types (3).
+.SH INDEX
+.TP 20
+.SM ldap_initialize(3)
+initialize the LDAP library without opening a connection to a server
+.TP
+.SM ldap_result(3)
+wait for the result from an asynchronous operation
+.TP
+.SM ldap_abandon_ext(3)
+abandon (abort) an asynchronous operation
+.TP
+.SM ldap_add_ext(3)
+asynchronously add an entry
+.TP
+.SM ldap_add_ext_s(3)
+synchronously add an entry
+.TP
+.SM ldap_sasl_bind(3)
+asynchronously bind to the directory
+.TP
+.SM ldap_sasl_bind_s(3)
+synchronously bind to the directory
+.TP
+.SM ldap_unbind_ext(3)
+synchronously unbind from the LDAP server and close the connection
+.TP
+.SM ldap_unbind(3) and ldap_unbind_s(3) are
+equivalent to
+.BR ldap_unbind_ext (3)
+.TP
+.SM ldap_memfree(3)
+dispose of memory allocated by LDAP routines.
+.TP
+.SM ldap_compare_ext(3)
+asynchronously compare to a directory entry
+.TP
+.SM ldap_compare_ext_s(3)
+synchronously compare to a directory entry
+.TP
+.SM ldap_delete_ext(3)
+asynchronously delete an entry
+.TP
+.SM ldap_delete_ext_s(3)
+synchronously delete an entry
+.TP
+.SM ld_errno(3)
+LDAP error indication
+.TP
+.SM ldap_errlist(3)
+list of LDAP errors and their meanings
+.TP
+.SM ldap_err2string(3)
+convert LDAP error indication to a string
+.TP
+.SM ldap_first_attribute(3)
+return first attribute name in an entry
+.TP
+.SM ldap_next_attribute(3)
+return next attribute name in an entry
+.TP
+.SM ldap_first_entry(3)
+return first entry in a chain of search results
+.TP
+.SM ldap_next_entry(3)
+return next entry in a chain of search results
+.TP
+.SM ldap_count_entries(3)
+return number of entries in a search result
+.TP
+.SM ldap_get_dn(3)
+extract the DN from an entry
+.TP
+.SM ldap_get_values_len(3)
+return an attribute's values with lengths
+.TP
+.SM ldap_value_free_len(3)
+free memory allocated by ldap_get_values_len(3)
+.TP
+.SM ldap_count_values_len(3)
+return number of values
+.TP
+.SM ldap_modify_ext(3)
+asynchronously modify an entry
+.TP
+.SM ldap_modify_ext_s(3)
+synchronously modify an entry
+.TP
+.SM ldap_mods_free(3)
+free array of pointers to mod structures used by ldap_modify_ext(3)
+.TP
+.SM ldap_rename(3)
+asynchronously rename an entry
+.TP
+.SM ldap_rename_s(3)
+synchronously rename an entry
+.TP
+.SM ldap_msgfree(3)
+free results allocated by ldap_result(3)
+.TP
+.SM ldap_msgtype(3)
+return the message type of a message from ldap_result(3)
+.TP
+.SM ldap_msgid(3)
+return the message id of a message from ldap_result(3)
+.TP
+.SM ldap_search_ext(3)
+asynchronously search the directory
+.TP
+.SM ldap_search_ext_s(3)
+synchronously search the directory
+.TP
+.SM ldap_is_ldap_url(3)
+check a URL string to see if it is an LDAP URL
+.TP
+.SM ldap_url_parse(3)
+break up an LDAP URL string into its components
+.TP
+.SM ldap_sort_entries(3)
+sort a list of search results
+.TP
+.SM ldap_sort_values(3)
+sort a list of attribute values
+.TP
+.SM ldap_sort_strcasecmp(3)
+case insensitive string comparison
+.SH SEE ALSO
+.BR ldap.conf (5),
+.BR slapd (8),
+.BR draft-ietf-ldapext-ldap-c-api-xx.txt \ <http://www.ietf.org>
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
+.LP
+These API manual pages are loosely based upon descriptions provided
+in the IETF/LDAPEXT C LDAP API Internet Draft, a (orphaned) work
+in progress.
+
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_abandon.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_abandon.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_abandon.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,68 @@
+.TH LDAP_ABANDON 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_abandon.3,v 1.15.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_abandon, ldap_abandon_ext \- Abandon an LDAP operation in progress
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.B #include <ldap.h>
+.sp
+.BI "int ldap_abandon(LDAP *" ld ", int " msgid ");"
+.sp
+.BI "int ldap_abandon_ext(LDAP *" ld ", int " msgid ","
+.RS
+.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]);"
+.RE
+.fi
+.SH DESCRIPTION
+The
+.B ldap_abandon()
+routine is used to abandon or cancel an LDAP
+operation in progress. The \fImsgid\fP passed should be the
+message id of an outstanding LDAP operation, as returned by
+.BR ldap_search (3),
+.BR ldap_modify (3),
+etc.
+.LP
+.BR ldap_abandon ()
+checks to see if the result of the operation has already come in. If it
+has, it deletes it from the queue of pending messages. If not,
+it sends an LDAP abandon operation to the the LDAP server.
+.LP
+The caller can expect that the result of an abandoned operation
+will not be returned from a future call to
+.BR ldap_result (3).
+.LP
+.B ldap_abandon_ext()
+is equivalent to
+.B ldap_abandon()
+except that it allows server and client controls to be passed
+in
+.I sctrls
+and
+.IR cctrls ,
+respectively.
+.SH ERRORS
+.B ldap_abandon()
+returns 0 if everything goes ok, -1 otherwise,
+setting \fIld_errno\fP with an appropriate LDAP error code.
+.LP
+.B ldap_abandon_ext()
+directly returns an LDAP error code indicating success or failure of the
+operation.
+.LP
+See
+.BR ldap_error (3)
+for details.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_result (3),
+.BR ldap_error (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_abandon.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_abandon.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_abandon.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1 @@
+ldap_abandon_ext.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_add.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_add.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_add.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,90 @@
+.TH LDAP_ADD 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_add.3,v 1.15.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_add, ldap_add_s, ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.B #include <ldap.h>
+.sp
+.BI "int ldap_add(LDAP *" ld ", const char *" dn ", LDAPMod *" attrs "[]);"
+.sp
+.BI "int ldap_add_s(LDAP *" ld ", const char *" dn ", LDAPMod *" attrs "[]);"
+.sp
+.BI "int ldap_add_ext(LDAP *" ld ", const char *" dn ", LDAPMod *" attrs "[],"
+.RS
+.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[], int *" msgidp ");"
+.RE
+.sp
+.BI "int ldap_add_ext_s(LDAP *" ld ", const char *" dn ", LDAPMod *" attrs "[],"
+.RS
+.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]);"
+.RE
+.fi
+.SH DESCRIPTION
+The
+.B ldap_add_s()
+routine is used to perform an LDAP add operation.
+It takes \fIdn\fP, the DN of the entry to add, and \fIattrs\fP, a
+null-terminated array of the entry's attributes. The LDAPMod structure
+is used to represent attributes, with the \fImod_type\fP and
+\fImod_values\fP fields being used as described under
+.BR ldap_modify (3),
+and the \fIldap_op\fP field being used only if you need to specify
+the LDAP_MOD_BVALUES option. Otherwise, it should be set to zero.
+.LP
+Note that all entries except that
+specified by the last component in the given DN must already exist.
+.B ldap_add_s()
+returns an LDAP error code indicating success or failure
+of the operation. See
+.BR ldap_error (3)
+for more details.
+.LP
+The
+.B ldap_add()
+routine works just like
+.BR ldap_add_s() ,
+but it is asynchronous. It returns the message id of the request it
+initiated. The result of this operation can be obtained by calling
+.BR ldap_result (3).
+.LP
+The
+.B ldap_add_ext()
+routine allows server and client controls to be specified to extend
+the add request. This routine is asynchronous like
+.BR ldap_add() ,
+but its return value is an LDAP error code. It stores the message id
+of the request in the integer pointed to
+by
+.IR msgidp .
+.LP
+The
+.B ldap_add_ext_s()
+routine is the synchronous version of
+.BR ldap_add_ext() .
+It also returns an LDAP error code indicating success or failure
+of the operation.
+.SH ERRORS
+.B ldap_add()
+returns -1 in case of error initiating the request, and
+will set the \fIld_errno\fP field in the \fIld\fP parameter
+to indicate the error.
+.B ldap_add_s()
+will return an LDAP error code
+directly (LDAP_SUCCESS if everything went ok, some error otherwise).
+.B ldap_add_ext()
+and
+.B ldap_add_ext_s()
+also directly return LDAP error codes.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_modify (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_add.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_add.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_add.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3 @@
+ldap_add_s.3
+ldap_add_ext.3
+ldap_add_ext_s.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_bind.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_bind.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_bind.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,175 @@
+.TH LDAP_BIND 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.16.2.5 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s \- LDAP bind routines
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.B #include <ldap.h>
+.LP
+.BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred ","
+.RS
+.BI "int " method ");"
+.RE
+.LP
+.BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred ","
+.RS
+.BI "int " method ");"
+.RE
+.LP
+.BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");"
+.LP
+.BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");"
+.LP
+.BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
+.RS
+.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
+.BI "LDAPControl *" cctrls "[], int *" msgidp ");"
+.RE
+.LP
+.BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
+.RS
+.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
+.BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");"
+.RE
+.LP
+.BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res ","
+.RS
+.BI "struct berval **" servercredp ", int " freeit ");"
+.RE
+.LP
+.BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn ","
+.RS
+.BI "const char *" mechs ","
+.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
+.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
+.BI "void *" defaults ");"
+.RE
+.LP
+.BI "int ldap_unbind(LDAP *" ld ");"
+.LP
+.BI "int ldap_unbind_s(LDAP *" ld ");"
+.\" .LP
+.\" .ft B
+.\" void ldap_set_rebind_proc( ld, rebindproc )
+.\" .ft
+.\" LDAP *ld;
+.\" int (*rebindproc)();
+.SH DESCRIPTION
+.LP
+These routines provide various interfaces to the LDAP bind operation.
+After an association with an LDAP server is made using
+.BR ldap_init (3),
+an LDAP bind operation should be performed before other operations are
+attempted over the connection. An LDAP bind is required when using
+Version 2 of the LDAP protocol; it is optional for Version 3 but is
+usually needed due to security considerations.
+.LP
+There are three types of bind calls, ones providing simple authentication,
+ones providing SASL authentication, and general routines capable of doing
+either simple or SASL authentication.
+.LP
+.B SASL
+(Simple Authentication and Security Layer)
+that can negotiate one of many different kinds of authentication.
+Both synchronous and asynchronous versions of each variant of the bind
+call are provided. All routines
+take \fIld\fP as their first parameter, as returned from
+.BR ldap_init (3).
+.LP
+.SH SIMPLE AUTHENTICATION
+The simplest form of the bind call is
+.BR ldap_simple_bind_s() .
+It takes the DN to bind as in \fIwho\fP, and the userPassword associated
+with the entry in \fIpasswd\fP. It returns an LDAP error indication
+(see
+.BR ldap_error (3)).
+The
+.B ldap_simple_bind()
+call is asynchronous,
+taking the same parameters but only initiating the bind operation and
+returning the message id of the request it sent. The result of the
+operation can be obtained by a subsequent call to
+.BR ldap_result (3).
+.SH GENERAL AUTHENTICATION
+The
+.B ldap_bind()
+and
+.B ldap_bind_s()
+routines can be used when the
+authentication method to use needs to be selected at runtime. They
+both take an extra \fImethod\fP parameter selecting the authentication
+method to use. It should be set to LDAP_AUTH_SIMPLE
+to select simple authentication.
+.B ldap_bind()
+returns the message id of the request it initiates.
+.B ldap_bind_s()
+returns an LDAP error indication.
+.SH SASL AUTHENTICATION
+Description still under construction...
+.SH UNBINDING
+The
+.B ldap_unbind()
+call is used to unbind from the directory,
+terminate the current association, and free the resources contained
+in the \fIld\fP structure. Once it is called, the connection to
+the LDAP server is closed, and the \fIld\fP structure is invalid.
+The
+.B ldap_unbind_s()
+call is just another name for
+.BR ldap_unbind() ;
+both of these calls are synchronous in nature.
+.\" .SH RE-BINDING WHILE FOLLOWING REFERRALS
+.\" The
+.\" .B ldap_set_rebind_proc()
+.\" call is used to set a routine that will be called back to obtain bind
+.\" credentials used when a new server is contacted during the following of
+.\" an LDAP referral. Note that this function is only available when the
+.\" LDAP libraries are compiled with LDAP_REFERRALS defined and is only
+.\" used when the ld_options field in the LDAP structure has
+.\" LDAP_OPT_REFERRALS set (this is the default). If
+.\" .B ldap_set_rebind_proc()
+.\" is never called, or if it is called with a NULL \fIrebindproc\fP
+.\" parameter, an unauthenticated simple LDAP bind will always be done
+.\" when chasing referrals.
+.\" .LP
+.\" \fIrebindproc\fP should be a function that is declared like this:
+.\" .LP
+.\" .nf
+.\" int rebindproc( LDAP *ld, char **whop, char **credp,
+.\" int *methodp, int freeit );
+.\" .fi
+.\" .LP
+.\" The LDAP library will first call the rebindproc to obtain the
+.\" referral bind credentials, and the \fIfreeit\fP parameter will be
+.\" zero. The \fIwhop\fP, \fIcredp\fP, and \fImethodp\fP should be
+.\" set as appropriate. If the rebindproc returns LDAP_SUCCESS, referral
+.\" processing continues, and the rebindproc will be called a second
+.\" time with \fIfreeit\fP non-zero to give your application a chance to
+.\" free any memory allocated in the previous call.
+.\" .LP
+.\" If anything but LDAP_SUCCESS is returned by the first call to
+.\" the rebindproc, then referral processing is stopped and that error code
+.\" is returned for the original LDAP operation.
+.SH ERRORS
+Asynchronous routines will return -1 in case of error, setting the
+\fIld_errno\fP parameter of the \fIld\fP structure. Synchronous
+routines return whatever \fIld_errno\fP is set to. See
+.BR ldap_error (3)
+for more information.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_error (3),
+.BR ldap_open (3),
+.B RFC 2222
+(http://www.ietf.org),
+.B Cyrus SASL
+(http://asg.web.cmu.edu/sasl/)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_bind.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_bind.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_bind.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,9 @@
+ldap_bind_s.3
+ldap_simple_bind.3
+ldap_simple_bind_s.3
+ldap_sasl_bind.3
+ldap_sasl_bind_s.3
+ldap_unbind.3
+ldap_unbind_ext.3
+ldap_unbind_s.3
+ldap_unbind_ext_s.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_compare.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_compare.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_compare.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,60 @@
+.TH LDAP_COMPARE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.13.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_compare, ldap_compare_s \- Perform an LDAP compare operation
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_compare_s(ld, dn, attr, value)
+.ft
+LDAP *ld;
+char *dn, *attr, *value;
+.LP
+.ft B
+int ldap_compare(ld, dn, attr, value)
+.ft
+LDAP *ld;
+char *dn, *attr, *value;
+.SH DESCRIPTION
+The
+.B ldap_compare_s()
+routine is used to perform an LDAP compare operation
+synchronously. It takes \fIdn\fP, the DN of the entry upon which to perform
+the compare, and \fIattr\fP and \fIvalue\fP, the attribute type and value to
+compare to those found in the entry. It returns an LDAP error code, which
+will be LDAP_COMPARE_TRUE if the entry contains the attribute value and
+LDAP_COMPARE_FALSE if it does not. Otherwise, some error code is returned.
+.LP
+The
+.B ldap_compare()
+routine is used to perform an LDAP compare operation
+asynchronously. It takes the same parameters as
+.BR ldap_compare_s() ,
+but returns the message id of the request it initiated. The result of
+the compare can be obtained by a subsequent call to
+.BR ldap_result (3).
+.SH ERRORS
+.B ldap_compare_s()
+returns an LDAP error code which can be interpreted
+by calling one of
+.BR ldap_perror (3)
+and friends. ldap_compare() returns
+-1 if something went wrong initiating the request. It returns the
+non-negative message id of the request if things went ok.
+.SH BUGS
+There is no way to compare binary values, but there should be.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_error (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_compare.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_compare.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_compare.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3 @@
+ldap_compare_s.3
+ldap_compare_ext.3
+ldap_compare_ext_s.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_delete.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_delete.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_delete.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,57 @@
+.TH LDAP_DELETE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.13.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_delete, ldap_delete_s \- Perform an LDAP delete operation
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_delete_s(ld, dn)
+.ft
+LDAP *ld;
+char *dn;
+.LP
+.ft B
+int ldap_delete(ld, dn)
+.ft
+LDAP *ld;
+char *dn;
+.SH DESCRIPTION
+The
+.B ldap_delete_s()
+routine is used to perform an LDAP delete operation
+synchronously. It takes \fIdn\fP, the DN of the entry to be deleted.
+It returns an LDAP error code, indicating the success or failure of the
+operation.
+.LP
+The
+.B ldap_delete()
+routine is used to perform an LDAP delete operation
+asynchronously. It takes the same parameters as
+.BR ldap_delete_s() ,
+but returns the message id of the request it initiated. The result of
+the delete can be obtained by a subsequent call to
+.BR ldap_result (3).
+.SH ERRORS
+.B ldap_delete_s()
+returns an LDAP error code which can be interpreted
+by calling one of
+.BR ldap_perror (3)
+and friends.
+.B ldap_delete()
+returns -1 if something went wrong initiating the request. It returns the
+non-negative message id of the request if things went ok.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_error (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_delete.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_delete.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_delete.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3 @@
+ldap_delete_s.3
+ldap_delete_ext.3
+ldap_delete_ext_s.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_error.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_error.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_error.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,212 @@
+.TH LDAP_ERROR 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_error.3,v 1.19.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+char *ldap_err2string( int err );
+.LP
+.ft B
+void ldap_perror( LDAP *ld, const char *s )
+.LP
+.ft B
+int ldap_result2error( LDAP *ld, LDAPMessage *res, int freeit )
+.SH DESCRIPTION
+These routines provide interpretation of the various error codes
+returned by the LDAP protocol and LDAP library routines or associated
+with an LDAP session. The error code associated with an LDAP session
+is accessible using
+.BR ldap_get_option (3)
+and
+.BR ldap_set_option (3)
+with the
+.B LDAP_OPT_RESULT_CODE
+option (previously called
+.BR LDAP_OPT_ERROR_NUMBER ).
+.LP
+The
+.B ldap_result2error()
+routine takes \fIres\fP, a result as produced by
+.BR ldap_result (3)
+or
+.BR ldap_search_s (3),
+and returns
+the corresponding error code. Possible error codes are listed
+below. If the \fIfreeit\fP parameter is non zero it indicates that the
+\fIres\fP parameter should be freed by a call to
+.BR ldap_msgfree (3)
+after the error code has been extracted. The
+.B ld_errno
+field in \fIld\fP is set and returned.
+.LP
+The returned value can be passed to
+.B ldap_err2string()
+to get a text description of the message. The string
+returned from
+.B ldap_err2string()
+is a pointer to a static area that
+should not be modified.
+.LP
+The
+.B ldap_perror()
+routine can be called to print an indication of
+the error on standard error, similar to the way
+.BR perror (3)
+works.
+.SH ERRORS
+The possible values for an ldap error code are:
+.LP
+.TP 20
+.SM LDAP_SUCCESS
+The request was successful.
+.TP
+.SM LDAP_OPERATIONS_ERROR
+An operations error occurred.
+.TP
+.SM LDAP_PROTOCOL_ERROR
+A protocol violation was detected.
+.TP
+.SM LDAP_TIMELIMIT_EXCEEDED
+An LDAP time limit was exceeded.
+.TP
+.SM LDAP_SIZELIMIT_EXCEEDED
+An LDAP size limit was exceeded.
+.TP
+.SM LDAP_COMPARE_FALSE
+A compare operation returned false.
+.TP
+.SM LDAP_COMPARE_TRUE
+A compare operation returned true.
+.TP
+.SM LDAP_STRONG_AUTH_NOT_SUPPORTED
+The LDAP server does not support strong authentication.
+.TP
+.SM LDAP_STRONG_AUTH_REQUIRED
+Strong authentication is required for the operation.
+.TP
+.SM LDAP_PARTIAL_RESULTS
+Partial results only returned.
+.TP
+.SM LDAP_NO_SUCH_ATTRIBUTE
+The attribute type specified does not exist in the entry.
+.TP
+.SM LDAP_UNDEFINED_TYPE
+The attribute type specified is invalid.
+.TP
+.SM LDAP_INAPPROPRIATE_MATCHING
+Filter type not supported for the specified attribute.
+.TP
+.SM LDAP_CONSTRAINT_VIOLATION
+An attribute value specified violates some constraint (e.g., a postalAddress
+has too many lines, or a line that is too long).
+.TP
+.SM LDAP_TYPE_OR_VALUE_EXISTS
+An attribute type or attribute value specified already exists in the entry.
+.TP
+.SM LDAP_INVALID_SYNTAX
+An invalid attribute value was specified.
+.TP
+.SM LDAP_NO_SUCH_OBJECT
+The specified object does not exist in The Directory.
+.TP
+.SM LDAP_ALIAS_PROBLEM
+An alias in The Directory points to a nonexistent entry.
+.TP
+.SM LDAP_INVALID_DN_SYNTAX
+A syntactically invalid DN was specified.
+.TP
+.SM LDAP_IS_LEAF
+The object specified is a leaf.
+.TP
+.SM LDAP_ALIAS_DEREF_PROBLEM
+A problem was encountered when dereferencing an alias.
+.TP
+.SM LDAP_INAPPROPRIATE_AUTH
+Inappropriate authentication was specified (e.g., LDAP_AUTH_SIMPLE was
+specified and the entry does not have a userPassword attribute).
+.TP
+.SM LDAP_INVALID_CREDENTIALS
+Invalid credentials were presented (e.g., the wrong password).
+.TP
+.SM LDAP_INSUFFICIENT_ACCESS
+The user has insufficient access to perform the operation.
+.TP
+.SM LDAP_BUSY
+The DSA is busy.
+.TP
+.SM LDAP_UNAVAILABLE
+The DSA is unavailable.
+.TP
+.SM LDAP_UNWILLING_TO_PERFORM
+The DSA is unwilling to perform the operation.
+.TP
+.SM LDAP_LOOP_DETECT
+A loop was detected.
+.TP
+.SM LDAP_NAMING_VIOLATION
+A naming violation occurred.
+.TP
+.SM LDAP_OBJECT_CLASS_VIOLATION
+An object class violation occurred (e.g., a "must" attribute was missing
+from the entry).
+.TP
+.SM LDAP_NOT_ALLOWED_ON_NONLEAF
+The operation is not allowed on a nonleaf object.
+.TP
+.SM LDAP_NOT_ALLOWED_ON_RDN
+The operation is not allowed on an RDN.
+.TP
+.SM LDAP_ALREADY_EXISTS
+The entry already exists.
+.TP
+.SM LDAP_NO_OBJECT_CLASS_MODS
+Object class modifications are not allowed.
+.TP
+.SM LDAP_OTHER
+An unknown error occurred.
+.TP
+.SM LDAP_SERVER_DOWN
+The LDAP library can't contact the LDAP server.
+.TP
+.SM LDAP_LOCAL_ERROR
+Some local error occurred. This is usually a failed dynamic memory allocation.
+.TP
+.SM LDAP_ENCODING_ERROR
+An error was encountered encoding parameters to send to the LDAP server.
+.TP
+.SM LDAP_DECODING_ERROR
+An error was encountered decoding a result from the LDAP server.
+.TP
+.SM LDAP_TIMEOUT
+A timelimit was exceeded while waiting for a result.
+.TP
+.SM LDAP_AUTH_UNKNOWN
+The authentication method specified to ldap_bind() is not known.
+.TP
+.SM LDAP_FILTER_ERROR
+An invalid filter was supplied to ldap_search() (e.g., unbalanced
+parentheses).
+.TP
+.SM LDAP_PARAM_ERROR
+An ldap routine was called with a bad parameter.
+.TP
+.SM LDAP_NO_MEMORY
+An memory allocation (e.g., malloc(3) or other dynamic memory
+allocator) call failed in an ldap
+library routine.
+.SH SEE ALSO
+.BR ldap (3),
+.BR perror (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_error.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_error.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_error.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,5 @@
+ldap_perror.3
+ld_errno.3
+ldap_result2error.3
+ldap_errlist.3
+ldap_err2string.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_attribute.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_attribute.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_attribute.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,76 @@
+.TH LDAP_FIRST_ATTRIBUTE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_attribute.3,v 1.18.2.6 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_first_attribute, ldap_next_attribute \- step through LDAP entry attributes
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+char *ldap_first_attribute(
+ LDAP *ld, LDAPMessage *entry, BerElement **berptr )
+.LP
+.ft B
+char *ldap_next_attribute(
+ LDAP *ld, LDAPMessage *entry, BerElement *ber )
+.SH DESCRIPTION
+The
+.B ldap_first_attribute()
+and
+.B ldap_next_attribute()
+routines are used
+to step through the attributes in an LDAP entry.
+.B ldap_first_attribute()
+takes an \fIentry\fP as returned by
+.BR ldap_first_entry (3)
+or
+.BR ldap_next_entry (3)
+and returns a pointer to character string
+containing the first attribute description in the entry.
+.B ldap_next_attribute()
+returns the next attribute description in the entry.
+.LP
+It also returns, in \fIberptr\fP, a pointer to a BerElement it has
+allocated to keep track of its current position. This pointer should
+be passed to subsequent calls to
+.B ldap_next_attribute()
+and is used used
+to effectively step through the entry's attributes. The caller is
+solely responsible for freeing the BerElement pointed to by \fIberptr\fP
+when it is no longer needed by calling
+.BR ber_free (3).
+When calling
+.BR ber_free (3)
+in this instance, be sure the second argument is 0.
+.LP
+The attribute names returned are suitable for inclusion in a call
+to
+.BR ldap_get_values (3)
+to retrieve the attribute's values.
+.SH ERRORS
+If an error occurs, NULL is returned and the ld_errno field in the
+\fIld\fP parameter is set to indicate the error. See
+.BR ldap_error (3)
+for a description of possible error codes.
+.SH NOTES
+The
+.B ldap_first_attribute()
+and
+.B ldap_next_attribute()
+return dynamically allocated memory that must be freed by the caller via
+.BR ldap_memfree (3).
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_first_entry (3),
+.BR ldap_get_values (3),
+.BR ldap_error (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_attribute.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_attribute.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_attribute.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1 @@
+ldap_next_attribute.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_entry.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_entry.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_entry.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,83 @@
+.TH LDAP_FIRST_ENTRY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_entry.3,v 1.14.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_first_entry, ldap_next_entry, ldap_count_entries \- LDAP result entry parsing and counting routines
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_count_entries( LDAP *ld, LDAPMessage *result )
+.LP
+.ft B
+LDAPMessage *ldap_first_entry( LDAP *ld, LDAPMessage *result )
+.LP
+.ft B
+LDAPMessage *ldap_next_entry( LDAP *ld, LDAPMessage *entry )
+.SH DESCRIPTION
+.LP
+These routines are used to parse results received from
+.BR ldap_result (3)
+or the synchronous LDAP search operation routines
+.BR ldap_search_s (3)
+and
+.BR ldap_search_st (3).
+.LP
+The
+.B ldap_first_entry()
+routine is used to retrieve the first entry in a chain
+of search results. It takes the \fIresult\fP as returned by a call to
+.BR ldap_result (3)
+or
+.BR ldap_search_s (3)
+or
+.BR ldap_search_st (3)
+and returns a pointer to the first entry in the result.
+.LP
+This pointer should be supplied on a subsequent call to
+.B ldap_next_entry()
+to get the next entry, the result of which should be
+supplied to the next call to
+.BR ldap_next_entry() ,
+etc.
+.B ldap_next_entry()
+will return NULL when there are no more entries. The entries returned
+from these calls are used in calls to the routines described in
+.BR ldap_get_dn (3),
+.BR ldap_first_attribute (3),
+.BR ldap_get_values (3),
+etc.
+.LP
+A count of the number of entries in the search result can be obtained
+by calling
+.BR ldap_count_entries() .
+.SH ERRORS
+If an error occurs in
+.B ldap_first_entry()
+or
+.BR ldap_next_entry() ,
+NULL is returned and the ld_errno field in the \fIld\fP parameter
+is set to indicate the error. If an error occurs in
+.BR ldap_count_entries() ,
+-1 is returned, and
+.B ld_errno
+is set appropriately. See
+.BR ldap_error (3)
+for a description of possible error codes.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_result (3),
+.BR ldap_search (3),
+.BR ldap_first_attribute (3),
+.BR ldap_get_values (3),
+.BR ldap_get_dn (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_entry.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_entry.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_entry.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2 @@
+ldap_next_entry.3
+ldap_count_entries.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_message.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_message.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_message.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,86 @@
+.TH LDAP_FIRST_MESSAGE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_message.3,v 1.9.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_first_message, ldap_next_message, ldap_count_messages \- Stepping
+through messages in a result chain
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_count_messages( LDAP *ld, LDAPMessage *result )
+.LP
+.ft B
+LDAPMessage *ldap_first_message( LDAP *ld, LDAPMessage *result )
+.LP
+.ft B
+LDAPMessage *ldap_next_message( LDAP *ld, LDAPMessage *message )
+.SH DESCRIPTION
+.LP
+These routines are used to step through the messages in a result chain
+received from
+.BR ldap_result (3) .
+For search operations, the result chain can contain referral, entry
+and result messages. The
+.BR ldap_msgtype (3)
+function can be used to distinguish between the different message types.
+.LP
+The
+.B ldap_first_message()
+routine is used to retrieve the first message in a result chain.
+It takes the \fIresult\fP as returned by a call to
+.BR ldap_result (3) ,
+.BR ldap_search_s (3)
+or
+.BR ldap_search_st (3)
+and returns a pointer to the first message in the result chain.
+.LP
+This pointer should be supplied on a subsequent call to
+.B ldap_next_message()
+to get the next message, the result of which should be
+supplied to the next call to
+.BR ldap_next_message() ,
+etc.
+.B ldap_next_message()
+will return NULL when there are no more messages.
+.LP
+These functions are useful when using routines like
+.BR ldap_parse_result (3)
+that only operate on the first result in the chain.
+.LP
+A count of the number of messages in the result chain can be obtained
+by calling
+.BR ldap_count_messages() .
+It can also be used to count the number of remaining messages in a chain
+if called with a message, entry or reference returned by
+.B ldap_first_message() ,
+.B ldap_next_message() ,
+.BR ldap_first_entry (3) ,
+.BR ldap_next_entry (3) ,
+.BR ldap_first_reference (3) ,
+.BR ldap_next_reference (3) .
+.SH ERRORS
+If an error occurs in
+.B ldap_first_message()
+or
+.BR ldap_next_message() ,
+NULL is returned. If an error occurs in
+.BR ldap_count_messages() ,
+-1 is returned.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_search (3),
+.BR ldap_result (3),
+.BR ldap_parse_result (3),
+.BR ldap_first_entry (3),
+.BR ldap_first_reference (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_message.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_message.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_message.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2 @@
+ldap_next_message.3
+ldap_count_messages.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_reference.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_reference.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_reference.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,75 @@
+.TH LDAP_FIRST_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_reference.3,v 1.9.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_first_reference, ldap_next_reference, ldap_count_references \- Stepping
+through continuation references in a result chain
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_count_references( LDAP *ld, LDAPMessage *result )
+.LP
+.ft B
+LDAPMessage *ldap_first_reference( LDAP *ld, LDAPMessage *result )
+.LP
+.ft B
+LDAPMessage *ldap_next_reference( LDAP *ld, LDAPMessage *reference )
+.SH DESCRIPTION
+.LP
+These routines are used to step through the continuation references in a
+result chain received from
+.BR ldap_result (3)
+or the synchronous LDAP search operation routines.
+.LP
+The
+.B ldap_first_reference()
+routine is used to retrieve the first reference message in a
+result chain. It takes the \fIresult\fP as returned by a call to
+.BR ldap_result (3) ,
+.BR ldap_search_s (3)
+or
+.BR ldap_search_st (3)
+and returns a pointer to the first reference message in the
+result chain.
+.LP
+This pointer should be supplied on a subsequent call to
+.B ldap_next_reference()
+to get the next reference message, the result of which should be
+supplied to the next call to
+.BR ldap_next_reference() ,
+etc.
+.B ldap_next_reference()
+will return NULL when there are no more reference messages.
+The reference messages returned from these calls are used by
+.BR ldap_parse_reference (3)
+to extract referrals and controls.
+.LP
+A count of the number of reference messages in the search result can be
+obtained by calling
+.BR ldap_count_references() .
+It can also be used to count the number of reference messages remaining
+in a result chain.
+.SH ERRORS
+If an error occurs in
+.B ldap_first_reference()
+or
+.BR ldap_next_reference() ,
+NULL is returned. If an error occurs in
+.BR ldap_count_references() ,
+-1 is returned.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_result (3),
+.BR ldap_search (3),
+.BR ldap_parse_reference (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_reference.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_reference.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_first_reference.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2 @@
+ldap_next_reference.3
+ldap_count_references.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_dn.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_dn.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_dn.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,240 @@
+.TH LDAP_GET_DN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_dn.3,v 1.25.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+char *ldap_get_dn( LDAP *ld, LDAPMessage *entry )
+.LP
+.ft B
+int ldap_str2dn( const char *str, LDAPDN **dn, unsigned flags )
+.LP
+.ft B
+int ldap_dn2str( LDAPDN *dn, char **str, unsigned flags )
+.LP
+.ft B
+char **ldap_explode_dn( const char *dn, int notypes )
+.LP
+.ft B
+char **ldap_explode_rdn( const char *rdn, int notypes )
+.LP
+.ft B
+char *ldap_dn2ufn( const char * dn )
+.LP
+.ft B
+char *ldap_dn2dcedn( const char * dn )
+.LP
+.ft B
+char *ldap_dcedn2dn( const char * dn )
+.LP
+.ft B
+char *ldap_dn2ad_canonical( const char * dn )
+.SH DESCRIPTION
+These routines allow LDAP entry names (Distinguished Names, or DNs)
+to be obtained, parsed, converted to a user-friendly form, and tested.
+A DN has the form described in
+RFC 2253 "Lightweight Directory Access Protocol (v3):
+UTF-8 String Representation of Distinguished Names".
+.LP
+The
+.B ldap_get_dn()
+routine takes an \fIentry\fP as returned by
+.BR ldap_first_entry (3)
+or
+.BR ldap_next_entry (3)
+and returns a copy of
+the entry's DN. Space for the DN will be obtained dynamically
+and should be freed by the caller using
+.BR ldap_memfree (3).
+.LP
+.B ldap_str2dn()
+parses a string representation of a distinguished name contained in
+.B str
+into its components,
+which are stored in
+.B dn
+as
+.B ldap_ava
+structures, arranged in
+.B LDAPAVA,
+.B LDAPRDN,
+and
+.B LDAPDN
+terms, defined as:
+.nf
+.ft B
+
+typedef struct ldap_ava {
+ char *la_attr;
+ struct berval *la_value;
+ unsigned la_flags;
+} LDAPAVA;
+
+typedef LDAPAVA** LDAPRDN;
+typedef LDAPRDN** LDAPDN;
+
+.ft
+.fi
+The attribute types and the attribute values are not normalized.
+The
+.B la_flags
+can be either
+.B LDAP_AVA_STRING
+or
+.B LDAP_AVA_BINARY,
+the latter meaning that the value is BER/DER encoded and thus must
+be represented as, quoting from RFC 2253, " ... an
+octothorpe character ('#' ASCII 35) followed by the hexadecimal
+representation of each of the bytes of the BER encoding of the X.500
+AttributeValue."
+The
+.B flags
+parameter to
+.B ldap_str2dn()
+can be
+.LP
+.nf
+ LDAP_DN_FORMAT_LDAPV3
+ LDAP_DN_FORMAT_LDAPV2
+ LDAP_DN_FORMAT_DCE
+
+.fi
+which defines what DN syntax is expected (according to RFC 2253,
+RFC 1779 and DCE, respectively).
+The format can be \fIOR\fPed to the flags
+.LP
+.nf
+ LDAP_DN_P_NO_SPACES
+ LDAP_DN_P_NO_SPACE_AFTER_RDN
+ ...
+ LDAP_DN_PEDANTIC
+
+.fi
+The latter is a shortcut for all the previous limitations.
+.LP
+.B LDAP_DN_P_NO_SPACES
+does not allow extra spaces in the dn; the default is to silently
+eliminate spaces around AVA separators ('='), RDN component separators
+('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators
+(',' LDAPv3/LDAPv2 or '/' for DCE).
+.LP
+.B LDAP_DN_P_NO_SPACE_AFTER_RDN
+does not allow a single space after RDN separators.
+.LP
+.B ldap_dn2str()
+performs the inverse operation, yielding in
+.B str
+a string representation of
+.B dn.
+It allows the same values for
+.B flags
+as
+.B ldap_str2dn(),
+plus
+.LP
+.nf
+ LDAP_DN_FORMAT_UFN
+ LDAP_DN_FORMAT_AD_CANONICAL
+
+.fi
+for user-friendly naming (RFC 1781) and AD canonical.
+.LP
+The following routines are viewed as deprecated in favor of
+.B ldap_str2dn()
+and
+.BR ldap_dn2str().
+They are provided to support legacy applications.
+.LP
+The
+.B ldap_explode_dn()
+routine takes a DN as returned by
+.B ldap_get_dn()
+and breaks it up into its component parts. Each part is known as a
+Relative Distinguished Name, or RDN.
+.B ldap_explode_dn()
+returns a
+NULL-terminated array, each component of which contains an RDN from the
+DN. The \fInotypes\fP parameter is used to request that only the RDN
+values be returned, not their types. For example, the DN "cn=Bob,
+c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob",
+"US", NULL }, depending on whether notypes was 0 or 1, respectively.
+Assertion values in RDN strings may included escaped characters.
+The result can be freed by calling
+.BR ldap_value_free (3).
+.LP
+Similarly, the
+.B ldap_explode_rdn()
+routine takes an RDN as returned by
+.B ldap_explode_dn(dn,0)
+and breaks it up into its "type=value" component parts (or just "value",
+if the \fInotypes\fP parameter is set). Note the value is not
+unescaped. The result can be freed by calling
+.BR ldap_value_free (3).
+.LP
+.B ldap_dn2ufn()
+is used to turn a DN as returned by
+.BR ldap_get_dn (3)
+into a more user-friendly form, stripping off all type names. See
+"Using the Directory to Achieve User Friendly Naming" (RFC 1781)
+for more details on the UFN format. Due to the ambiguous nature
+of the format, it is generally only used for display purposes.
+The space for the UFN returned is obtained dynamically and the user
+is responsible for freeing it via a call to
+.BR ldap_memfree (3).
+.LP
+.B ldap_dn2dcedn()
+is used to turn a DN as returned by
+.BR ldap_get_dn (3)
+into a DCE-style DN, e.g. a string with most-significant to least
+significant rdns separated by slashes ('/'); rdn components
+are separated by commas (',').
+Only printable chars (e.g. LDAPv2 printable string) are allowed,
+at least in this implementation.
+.B ldap_dcedn2dn()
+performs the opposite operation.
+.B ldap_dn2ad_canonical()
+turns a DN into a AD canonical name, which is basically a DCE dn
+with attribute types omitted.
+The trailing domain, if present, is turned in a DNS-like domain.
+The space for the returned value is obtained dynamically and the user
+is responsible for freeing it via a call to
+.BR ldap_memfree (3).
+.SH ERRORS
+If an error occurs in
+.BR ldap_get_dn() ,
+NULL is returned and the
+.B ld_errno
+field in the \fIld\fP parameter is set to indicate the error. See
+.BR ldap_error (3)
+for a description of possible error codes.
+.BR ldap_explode_dn() ,
+.BR ldap_explode_rdn() ,
+.B ldap_dn2ufn(),
+.B ldap_dn2dcedn(),
+.B ldap_dcedn2dn(),
+and
+.B ldap_dn2ad_canonical()
+will return NULL with
+.BR errno (3)
+set appropriately in case of trouble.
+.SH NOTES
+These routines dynamically allocate memory that the caller must free.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_error (3),
+.BR ldap_first_entry (3),
+.BR ldap_memfree (3),
+.BR ldap_value_free (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_dn.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_dn.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_dn.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,8 @@
+ldap_explode_dn.3
+ldap_explode_rdn.3
+ldap_dn2ufn.3
+ldap_str2dn.3
+ldap_dn2str.3
+ldap_dn2dcedn.3
+ldap_dcedn2dn.3
+ldap_dn2ad_canonical.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_values.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_values.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_values.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,105 @@
+.TH LDAP_GET_VALUES 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_values.3,v 1.15.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+
+.LP
+.ft B
+char **ldap_get_values(ld, entry, attr)
+.ft
+LDAP *ld;
+LDAPMessage *entry;
+char *attr
+.LP
+.ft B
+struct berval **ldap_get_values_len(ld, entry, attr)
+.ft
+LDAP *ld;
+LDAPMessage *entry;
+char *attr
+.LP
+.ft B
+ldap_count_values(vals)
+.ft
+char **vals;
+.LP
+.ft B
+ldap_count_values_len(vals)
+.ft
+struct berval **vals;
+.LP
+.ft B
+ldap_value_free(vals)
+.ft
+char **vals;
+.LP
+.ft B
+ldap_value_free_len(vals)
+.ft
+struct berval **vals;
+.SH DESCRIPTION
+These routines are used to retrieve and manipulate attribute values
+from an LDAP entry as returned by
+.BR ldap_first_entry (3)
+or
+.BR ldap_next_entry (3).
+.B ldap_get_values()
+takes the \fIentry\fP and the attribute \fIattr\fP
+whose values are desired and returns a NULL-terminated array of the
+attribute's values. \fIattr\fP may be an attribute type as returned
+from
+.BR ldap_first_attribute (3)
+or
+.BR ldap_next_attribute (3),
+or if the attribute type is known it can simply be given.
+.LP
+The number of values in the array can be counted by calling
+.BR ldap_count_values() .
+The array of values returned can be freed by calling
+.BR ldap_value_free() .
+.LP
+If the attribute values are binary in nature, and thus not suitable
+to be returned as an array of char *'s, the
+.B ldap_get_values_len()
+routine can be used instead. It takes the same parameters as
+.BR ldap_get_values() ,
+but returns a NULL-terminated array of pointers
+to berval structures, each containing the length of and a pointer
+to a value.
+.LP
+The number of values in the array can be counted by calling
+.BR ldap_count_values_len() .
+The array of values returned can be freed by calling
+.BR ldap_value_free_len() .
+.SH ERRORS
+If an error occurs in
+.B ldap_get_values()
+or
+.BR ldap_get_values_len() ,
+NULL is returned and the
+.B ld_errno
+field in the \fIld\fP parameter is set to
+indicate the error. See
+.BR ldap_error (3)
+for a description of possible error codes.
+.SH NOTES
+These routines dynamically allocate memory which the caller must free
+using the supplied routines.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_first_entry (3),
+.BR ldap_first_attribute (3),
+.BR ldap_error (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_values.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_values.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_get_values.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,5 @@
+ldap_get_values_len.3
+ldap_value_free.3
+ldap_value_free_len.3
+ldap_count_values.3
+ldap_count_values_len.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modify.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modify.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modify.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,122 @@
+.TH LDAP_MODIFY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modify.3,v 1.12.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_modify, ldap_modify_s \- Perform an LDAP modify operation
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+.nf
+int ldap_modify(ld, dn, mods)
+.ft
+LDAP *ld;
+char *dn;
+LDAPMod *mods[];
+.LP
+.ft B
+.nf
+int ldap_modify_s(ld, dn, mods)
+.ft
+LDAP *ld;
+char *dn;
+LDAPMod *mods[];
+.LP
+.ft B
+.nf
+void ldap_mods_free( mods, freemods )
+.ft
+LDAPMod **mods;
+int freemods;
+.SH DESCRIPTION
+The routine
+.B ldap_modify_s()
+is used to perform an LDAP modify operation.
+\fIdn\fP is the DN of the entry to modify, and \fImods\fP is a
+null-terminated array of modifications to make to the entry. Each element
+of the \fImods\fP array is a pointer to an LDAPMod structure, which is
+defined below.
+.LP
+.nf
+.ft B
+ typedef struct ldapmod {
+ int mod_op;
+ char *mod_type;
+ union {
+ char **modv_strvals;
+ struct berval **modv_bvals;
+ } mod_vals;
+ struct ldapmod *mod_next;
+ } LDAPMod;
+ #define mod_values mod_vals.modv_strvals
+ #define mod_bvalues mod_vals.modv_bvals
+.ft
+.fi
+.LP
+The \fImod_op\fP field is used to specify the type of modification to
+perform and should be one of LDAP_MOD_ADD, LDAP_MOD_DELETE, or
+LDAP_MOD_REPLACE. The \fImod_type\fP and \fImod_values\fP fields
+specify the attribute type to modify and a null-terminated array of
+values to add, delete, or replace respectively. The \fImod_next\fP
+field is used only by the LDAP server and may be ignored by the
+client.
+.LP
+If you need to specify a non-string value (e.g., to add a
+photo or audio attribute value), you should set \fImod_op\fP to the
+logical OR of the operation as above (e.g., LDAP_MOD_REPLACE)
+and the constant LDAP_MOD_BVALUES. In this case, \fImod_bvalues\fP
+should be used instead of \fImod_values\fP, and it should point to
+a null-terminated array of struct bervals, as defined in <lber.h>.
+.LP
+For LDAP_MOD_ADD modifications, the given values are added to the
+entry, creating the attribute if necessary. For LDAP_MOD_DELETE
+modifications, the given values are deleted from the entry, removing
+the attribute if no values remain. If the entire attribute is to be deleted,
+the \fImod_values\fP field should be set to NULL. For LDAP_MOD_REPLACE
+modifications, the attribute will have the listed values after the
+modification, having been created if necessary. All modifications are
+performed in the order in which they are listed.
+.LP
+.B
+ldap_modify_s()
+returns the LDAP error code resulting from the
+modify operation. This code can be interpreted by
+.BR ldap_perror (3)
+and friends.
+.LP
+The
+.B ldap_modify()
+operation works the same way as
+.BR ldap_modify_s() ,
+except that it is asynchronous, returning the message id of the
+request it initiates, or -1 on error. The result of the operation
+can be obtained by calling
+.BR ldap_result (3).
+.LP
+.B ldap_mods_free()
+can be used to free each element of a NULL-terminated
+array of mod structures. If \fIfreemods\fP is non-zero, the
+\fImods\fP pointer itself is freed as well.
+.SH ERRORS
+.B ldap_modify_s()
+returns an ldap error code, either LDAP_SUCCESS or
+an error if there was trouble.
+.B ldap_modify()
+returns -1 in case
+of trouble, setting the
+.B ld_errno
+field of \fIld\fP.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_error (3),
+.BR ldap_add (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modify.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modify.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modify.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,4 @@
+ldap_modify_s.3
+ldap_modify_ext.3
+ldap_modify_ext_s.3
+ldap_mods_free.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modrdn.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modrdn.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modrdn.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,84 @@
+.TH LDAP_MODRDN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modrdn.3,v 1.12.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_modrdn(ld, dn, newrdn)
+.ft
+LDAP \(**ld;
+char \(**dn, \(**newrdn;
+.LP
+.ft B
+.LP
+.ft B
+int ldap_modrdn_s(ld, dn, newrdn)
+.ft
+LDAP \(**ld;
+char \(**dn, \(**newrdn;
+.LP
+.ft B
+int ldap_modrdn2(ld, dn, newrdn, deleteoldrdn)
+.ft
+LDAP \(**ld;
+char \(**dn, \(**newrdn;
+int deleteoldrdn;
+.LP
+.ft B
+int ldap_modrdn2_s(ld, dn, newrdn, deleteoldrdn)
+.ft
+LDAP \(**ld;
+char \(**dn, \(**newrdn;
+int deleteoldrdn;
+.SH DESCRIPTION
+The
+.B ldap_modrdn()
+and
+.B ldap_modrdn_s()
+routines perform an LDAP modify
+RDN operation. They both take \fIdn\fP, the DN of the entry whose
+RDN is to be changed, and \fInewrdn\fP, the new RDN to give the entry.
+The old RDN of the entry is never kept as an attribute of the entry.
+.B ldap_modrdn()
+is asynchronous, returning the message id of the operation
+it initiates.
+.B ldap_modrdn_s()
+is synchronous, returning the LDAP error
+code indicating the success or failure of the operation. Use of
+these routines is deprecated. Use the versions described below
+instead.
+.LP
+The
+.B ldap_modrdn2()
+and
+.B ldap_modrdn2_s()
+routines also perform an LDAP
+modify RDN operation, taking the same parameters as above. In addition,
+they both take the \fIdeleteoldrdn\fP parameter which is used as a boolean
+value to indicate whether the old RDN values should be deleted from
+the entry or not.
+.SH ERRORS
+The synchronous (_s) versions of these routines return an LDAP error
+code, either LDAP_SUCCESS or an error if there was trouble.
+The asynchronous versions return -1 in case
+of trouble, setting the
+.B ld_errno
+field of \fIld\fP. See
+.BR ldap_error (3)
+for more details.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_error (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modrdn.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modrdn.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_modrdn.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3 @@
+ldap_modrdn_s.3
+ldap_modrdn2.3
+ldap_modrdn2_s.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_open.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_open.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_open.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,122 @@
+.TH LDAP_OPEN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_open.3,v 1.13.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_init, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+LDAP *ldap_open(host, port)
+.ft
+char *host;
+int port;
+.LP
+.ft B
+LDAP *ldap_init(host, port)
+.ft
+char *host;
+int port;
+.SH DESCRIPTION
+.LP
+.B ldap_open()
+opens a connection to an LDAP server and allocates an LDAP
+structure which is used to identify
+the connection and to maintain per-connection information.
+.B ldap_init()
+allocates an LDAP structure but does not open an initial connection. One
+of these two routines must be called before any operations are attempted.
+.LP
+.B ldap_open()
+takes \fIhost\fP, the hostname on which the LDAP server is
+running, and \fIport\fP, the port number to which to connect. If the default
+IANA-assigned port of 389 is desired, LDAP_PORT should be specified for
+\fIport\fP. The \fIhost\fP parameter may contain a blank-separated list
+of hosts to try to connect to, and each host may optionally by of the form
+\fIhost:port\fP. If present, the \fI:port\fP overrides the \fIport\fP
+parameter to
+.BR ldap_open() .
+Upon successfully making a connection to an
+LDAP server,
+.B ldap_open()
+returns a pointer to an LDAP structure (defined below), which
+should be passed to subsequent calls to
+.BR ldap_bind() ,
+.BR ldap_search() ,
+etc. Certain fields in the LDAP structure can be set to indicate size limit,
+time limit, and how aliases are handled during operations. See <ldap.h>
+for more details.
+.LP
+.nf
+.ft tt
+ typedef struct ldap {
+ /* ... other stuff you should not mess with ... */
+ char ld_lberoptions;
+ int ld_deref;
+ #define LDAP_DEREF_NEVER 0
+ #define LDAP_DEREF_SEARCHING 1
+ #define LDAP_DEREF_FINDING 2
+ #define LDAP_DEREF_ALWAYS 3
+ int ld_timelimit;
+ int ld_sizelimit;
+ #define LDAP_NO_LIMIT 0
+ int ld_errno;
+ char *ld_error;
+ char *ld_matched;
+ int ld_refhoplimit;
+ unsigned long ld_options;
+ #define LDAP_OPT_REFERRALS 0x00000002 /* set by default */
+ #define LDAP_OPT_RESTART 0x00000004
+ /* ... other stuff you should not mess with ... */
+ } LDAP;
+.ft
+.fi
+.LP
+.B
+ldap_init()
+acts just like
+.BR ldap_open() ,
+but does not open a connection
+to the LDAP server. The actual connection open will occur when the
+first operation is attempted. At this time,
+.B ldap_init()
+is preferred.
+.B ldap_open() will be depreciated in a later release.
+.SH ERRORS
+If an error occurs, these routines will return NULL and errno should be
+set appropriately.
+.SH OPTIONS
+Options that affect a particular LDAP instance may be set by modifying
+the \fIld_options\fP field in the LDAP structure. This field is set
+to \fILDAP_OPT_REFERRALS\fP in
+.B ldap_open() and
+.B ldap_init(),
+which causes the library to automatically follow referrals
+to other servers that may be returned in response to an LDAP operation.
+.LP
+The other supported option is \fILDAP_OPT_RESTART\fP, which if set will
+cause the LDAP library to restart the
+.BR select (2)
+system call when it is interrupted by the system (i.e., errno is set to
+EINTR). This option is not supported on the Macintosh and under MS-DOS.
+.LP
+An option can be turned off by clearing the appropriate bit in the
+\fIld_options\fP field.
+.SH NOTES
+There are other elements in the LDAP structure that you should not
+change. You should not make any assumptions about the order of elements
+in the LDAP structure.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_bind (3),
+.BR errno (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_open.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_open.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_open.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1 @@
+ldap_init.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_parse_reference.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_parse_reference.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_parse_reference.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,64 @@
+.TH LDAP_PARSE_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_reference.3,v 1.10.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_parse_reference \- Extract referrals and controls from a reference message
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_parse_reference( LDAP *ld, LDAPMessage *reference,
+ char ***referralsp, LDAPControl ***serverctrlsp,
+ int freeit )
+.SH DESCRIPTION
+.LP
+The
+.B ldap_parse_reference()
+routine is used to extract referrals and controls from a reference message.
+The \fIreference\fP parameter is a reference message as returned by a
+call to
+.BR ldap_first_reference (3) ,
+.BR ldap_next_reference (3) ,
+.BR ldap_first_message (3) ,
+.BR ldap_next_message (3) ,
+or
+.BR ldap_result (3) .
+.LP
+The \fIreferralsp\fP parameter will be filled in with an allocated array of
+character strings. The strings are copies of the referrals contained in
+the parsed message. The array should be freed by calling
+.BR ldap_value_free (3) .
+If \fIreferralsp\fP is NULL, no referrals are returned.
+If no referrals were returned, \fI*referralsp\fP is set to NULL.
+.LP
+The \fIserverctrlsp\fP parameter will be filled in with an allocated array of
+controls copied from the parsed message. The array should be freed by calling
+.BR ldap_controls_free (3).
+If \fIserverctrlsp\fP is NULL, no controls are returned.
+If no controls were returned, \fI*serverctrlsp\fP is set to NULL.
+.LP
+The \fIfreeit\fP parameter determines whether the parsed message is
+freed or not after the extraction. Any non-zero value will make it
+free the message. The
+.BR ldap_msgfree (3)
+routine can also be used to free the message later.
+.SH ERRORS
+Upon success LDAP_SUCCESS is returned. Otherwise the values of the
+\fIreferralsp\fP and \fIserverctrlsp\fP parameters are undefined.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_first_reference (3),
+.BR ldap_first_message (3),
+.BR ldap_result (3),
+.BR ldap_get_values (3),
+.BR ldap_controls_free (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_parse_result.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_parse_result.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_parse_result.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,109 @@
+.TH LDAP_PARSE_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_result.3,v 1.9.2.5 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_parse_result \- Parsing results
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_parse_result( LDAP *ld, LDAPMessage *result,
+ int *errcodep, char **matcheddnp, char **errmsgp,
+ char ***referralsp, LDAPControl ***serverctrlsp,
+ int freeit )
+.LP
+.ft B
+int ldap_parse_sasl_bind_result( LDAP *ld, LDAPMessage *result,
+ struct berval **servercredp, int freeit )
+.LP
+.ft B
+int ldap_parse_extended_result( LDAP *ld, LDAPMessage *result,
+ char **retoidp, struct berval **retdatap, int freeit )
+.SH DESCRIPTION
+.LP
+These routines are used to extract information from a result message.
+They will operate on the first result message in a chain of search
+results (skipping past other message types). They take the \fIresult\fP
+as returned by a call to
+.BR ldap_result (3),
+.BR ldap_search_s (3)
+or
+.BR ldap_search_st (3).
+In addition to
+.BR ldap_parse_result() ,
+the routines
+.B ldap_parse_sasl_bind_result()
+and
+.B ldap_parse_extended_result()
+are used to get all the result information from SASL bind and extended
+operations.
+.LP
+The \fIerrcodep\fP parameter will be filled in with the result code from
+the result message.
+.LP
+The server might supply a matched DN string in the message indicating
+how much of a name in a request was recognized. The \fImatcheddnp\fP
+parameter will be filled in with this string if supplied, else it will
+be NULL. If a string is returned, it should be freed using
+.BR ldap_memfree (3).
+.LP
+The \fIerrmsgp\fP parameter will be filled in with the error message
+field from the parsed message. This string should be freed using
+.BR ldap_memfree (3).
+.LP
+The \fIreferralsp\fP parameter will be filled in with an allocated array of
+referral strings from the parsed message. This array should be freed using
+.BR ldap_memvfree (3).
+If no referrals were returned, \fI*referralsp\fP is set to NULL.
+.LP
+The \fIserverctrlsp\fP parameter will be filled in with an allocated array of
+controls copied from the parsed message. The array should be freed using
+.BR ldap_controls_free (3).
+If no controls were returned, \fI*serverctrlsp\fP is set to NULL.
+.LP
+The \fIfreeit\fP parameter determines whether the parsed message is
+freed or not after the extraction. Any non-zero value will make it
+free the message. The
+.BR ldap_msgfree (3)
+routine can also be used to free the message later.
+.LP
+For SASL bind results, the \fIservercredp\fP parameter will be filled in
+with an allocated berval structure containing the credentials from the
+server if present. The structure should be freed using
+.BR ber_bvfree (3).
+.LP
+For extended results, the \fIretoidp\fP parameter will be filled in
+with the dotted-OID text representation of the name of the extended
+operation response. The string should be freed using
+.BR ldap_memfree (3).
+If no OID was returned, \fI*retoidp\fP is set to NULL.
+.LP
+For extended results, the \fIretdatap\fP parameter will be filled in
+with a pointer to a berval structure containing the data from the
+extended operation response. The structure should be freed using
+.BR ber_bvfree (3).
+If no data were returned, \fI*retdatap\fP is set to NULL.
+.LP
+For all the above result parameters, NULL values can be used in calls
+in order to ignore certain fields.
+.SH ERRORS
+Upon success LDAP_SUCCESS is returned. Otherwise the values of the
+result parameters are undefined.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_result (3),
+.BR ldap_search (3),
+.BR ldap_memfree (3),
+.BR ldap_get_values (3),
+.BR ldap_controls_free (3),
+.BR lber-types (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_parse_result.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_parse_result.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_parse_result.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2 @@
+ldap_parse_sasl_bind_result.3
+ldap_parse_extended_result.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_result.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_result.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_result.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,132 @@
+.TH LDAP_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_result.3,v 1.16.2.5 2007/04/06 04:35:09 quanah Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_result \- Wait for the result of an LDAP operation
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_result( LDAP *ld, int msgid, int all,
+ struct timeval *timeout, LDAPMessage **result );
+
+int ldap_msgfree( LDAPMessage *msg );
+
+int ldap_msgtype( LDAPMessage *msg );
+
+int ldap_msgid( LDAPMessage *msg );
+.ft
+.SH DESCRIPTION
+The
+.B ldap_result()
+routine is used to wait for and return the result of
+an operation previously initiated by one of the LDAP asynchronous
+operation routines (e.g.,
+.BR ldap_search (3),
+.BR ldap_modify (3),
+etc.). Those routines all return -1 in case of error, and an
+invocation identifier upon successful initiation of the operation. The
+invocation identifier is picked by the library and is guaranteed to be
+unique across the LDAP session. It can be used to request the result
+of a specific operation from
+.B ldap_result()
+through the \fImsgid\fP parameter.
+.LP
+The
+.B ldap_result()
+routine will block or not, depending upon the setting
+of the \fItimeout\fP parameter.
+If timeout is not a NULL pointer, it specifies a maximum
+interval to wait for the selection to complete. If timeout
+is a NULL pointer, the select blocks indefinitely. To
+effect a poll, the timeout argument should be a non-NULL
+pointer, pointing to a zero-valued timeval structure. See
+.BR select (2)
+for further details.
+.LP
+If the result of a specific operation is required, \fImsgid\fP should
+be set to the invocation identifier returned when the operation was
+initiated, otherwise LDAP_RES_ANY or LDAP_RES_UNSOLICITED should be
+supplied to wait for any or unsolicited response.
+.LP
+The \fIall\fP parameter, if non-zero, causes
+.B ldap_result()
+to return all responses with msgid, otherwise only the
+next response is returned. This is commonly used to obtain all
+the responses of a search operation.
+.LP
+A search response is made up of zero or
+more search entries, zero or more search references, and zero or
+more extended partial responses followed by a search result. If
+\fIall\fP is set to 0, search entries will be returned one at a
+time as they come in, via separate calls to
+.BR ldap_result() .
+If it's set to 1, the search
+response will only be returned in its entirety, i.e., after all entries,
+all references, all extended partial responses, and the final search
+result have been received.
+.LP
+Upon success, the type of the result received is returned and the
+\fIresult\fP parameter will contain the result of the operation. This
+result should be passed to the LDAP parsing routines,
+.BR ldap_first_message (3)
+and friends, for interpretation.
+.LP
+The possible result types returned are:
+.LP
+.nf
+ LDAP_RES_BIND (0x61)
+ LDAP_RES_SEARCH_ENTRY (0x64)
+ LDAP_RES_SEARCH_REFERENCE (0x73)
+ LDAP_RES_SEARCH_RESULT (0x65)
+ LDAP_RES_MODIFY (0x67)
+ LDAP_RES_ADD (0x69)
+ LDAP_RES_DELETE (0x6b)
+ LDAP_RES_MODDN (0x6d)
+ LDAP_RES_COMPARE (0x6f)
+ LDAP_RES_EXTENDED (0x78)
+ LDAP_RES_INTERMEDIATE (0x79)
+.fi
+.LP
+The
+.B ldap_msgfree()
+routine is used to free the memory allocated for
+result(s) by
+.B ldap_result()
+or
+.BR ldap_search_s (3)
+and friends.
+It takes a pointer to the result or result chain to be freed and returns
+the type of the last message in the chain.
+If the parameter is NULL, the function does nothing and returns zero.
+.LP
+The
+.B ldap_msgtype()
+routine returns the type of a message.
+.LP
+The
+.B ldap_msgid()
+routine returns the message id of a message.
+.SH ERRORS
+.B ldap_result()
+returns -1 if something bad happens, and zero if the
+timeout specified was exceeded.
+.B ldap_msgtype()
+and
+.B ldap_msgid()
+return -1 on error.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_search (3),
+.BR ldap_first_message (3),
+.BR select (2)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_result.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_result.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_result.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3 @@
+ldap_msgfree.3
+ldap_msgtype.3
+ldap_msgid.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_schema.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_schema.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_schema.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,331 @@
+.TH LDAP_SCHEMA 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_schema.3,v 1.12.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 2000-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free,
+ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name,
+ldap_matchingrule_free,
+ldap_str2attributetype, ldap_attributetype2str,
+ldap_attributetype2name, ldap_attributetype_free,
+ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name,
+ldap_objectclass_free,
+ldap_scherr2str \- Schema definition handling routines
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+#include <ldap_schema.h>
+.LP
+.ft B
+LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
+.ft
+const char * s;
+int * code;
+const char ** errp;
+const int flags;
+.LP
+.ft B
+char * ldap_syntax2str(syn)
+.ft
+const LDAPSyntax * syn;
+.LP
+.ft B
+const char * ldap_syntax2name(syn)
+.ft
+LDAPSyntax * syn;
+.LP
+.ft B
+ldap_syntax_free(syn)
+.ft
+LDAPSyntax * syn;
+.LP
+.ft B
+LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
+.ft
+const char * s;
+int * code;
+const char ** errp;
+const int flags;
+.LP
+.ft B
+char * ldap_matchingrule2str(mr);
+.ft
+const LDAPMatchingRule * mr;
+.LP
+.ft B
+const char * ldap_matchingrule2name(mr)
+.ft
+LDAPMatchingRule * mr;
+.LP
+.ft B
+ldap_matchingrule_free(mr)
+.ft
+LDAPMatchingRule * mr;
+.LP
+.ft B
+LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
+.ft
+const char * s;
+int * code;
+const char ** errp;
+const int flags;
+.LP
+.ft B
+char * ldap_attributetype2str(at)
+.ft
+const LDAPAttributeType * at;
+.LP
+.ft B
+const char * ldap_attributetype2name(at)
+.ft
+LDAPAttributeType * at;
+.LP
+.ft B
+ldap_attributetype_free(at)
+.ft
+LDAPAttributeType * at;
+.LP
+.ft B
+LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
+.ft
+const char * s;
+int * code;
+const char ** errp;
+const int flags;
+.LP
+.ft B
+char * ldap_objectclass2str(oc)
+.ft
+const LDAPObjectClass * oc;
+.LP
+.ft B
+const char * ldap_objectclass2name(oc)
+.ft
+LDAPObjectClass * oc;
+.LP
+.ft B
+ldap_objectclass_free(oc)
+.ft
+LDAPObjectClass * oc;
+.LP
+.ft B
+char * ldap_scherr2str(code)
+.ft
+int code;
+.SH DESCRIPTION
+These routines are used to parse schema definitions in the syntax
+defined in RFC 2252 into structs and handle these structs. These
+routines handle four kinds of definitions: syntaxes, matching rules,
+attribute types and object classes. For each definition kind, four
+routines are provided.
+.LP
+.B ldap_str2xxx()
+takes a definition in RFC 2252 format in argument
+.IR s
+as a NUL-terminated string and returns, if possible, a pointer to a
+newly allocated struct of the appropriate kind. The caller is
+responsible for freeing the struct by calling
+.B ldap_xxx_free()
+when not needed any longer. The routine returns NULL if some problem
+happened. In this case, the integer pointed at by argument
+.IR code
+will receive an error code (see below the description of
+.B ldap_scherr2str()
+for an explanation of the values) and a pointer to a NUL-terminated
+string will be placed where requested by argument
+.IR errp
+, indicating where in argument
+.IR s
+the error happened, so it must not be freed by the caller. Argument
+.IR flags
+is a bit mask of parsing options controlling the relaxation of the
+syntax recognized. The following values are defined:
+.TP
+.B LDAP_SCHEMA_ALLOW_NONE
+strict parsing according to RFC 2252.
+.TP
+.B LDAP_SCHEMA_ALLOW_NO_OID
+permit definitions that do not contain an initial OID.
+.TP
+.B LDAP_SCHEMA_ALLOW_QUOTED
+permit quotes around some items that should not have them.
+.TP
+.B LDAP_SCHEMA_ALLOW_DESCR
+permit a
+.B descr
+instead of a numeric OID in places where the syntax expect the latter.
+.TP
+.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
+permit that the initial numeric OID contains a prefix in
+.B descr
+format.
+.TP
+.B LDAP_SCHEMA_ALLOW_ALL
+be very liberal, include all options.
+.LP
+The structures returned are as follows:
+.sp
+.RS
+.nf
+.ne 7
+.ta 8n 16n 32n
+typedef struct ldap_schema_extension_item {
+ char *lsei_name; /* Extension name */
+ char **lsei_values; /* Extension values */
+} LDAPSchemaExtensionItem;
+
+typedef struct ldap_syntax {
+ char *syn_oid; /* OID */
+ char **syn_names; /* Names */
+ char *syn_desc; /* Description */
+ LDAPSchemaExtensionItem **syn_extensions; /* Extension */
+} LDAPSyntax;
+
+typedef struct ldap_matchingrule {
+ char *mr_oid; /* OID */
+ char **mr_names; /* Names */
+ char *mr_desc; /* Description */
+ int mr_obsolete; /* Is obsolete? */
+ char *mr_syntax_oid; /* Syntax of asserted values */
+ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
+} LDAPMatchingRule;
+
+typedef struct ldap_attributetype {
+ char *at_oid; /* OID */
+ char **at_names; /* Names */
+ char *at_desc; /* Description */
+ int at_obsolete; /* Is obsolete? */
+ char *at_sup_oid; /* OID of superior type */
+ char *at_equality_oid; /* OID of equality matching rule */
+ char *at_ordering_oid; /* OID of ordering matching rule */
+ char *at_substr_oid; /* OID of substrings matching rule */
+ char *at_syntax_oid; /* OID of syntax of values */
+ int at_syntax_len; /* Suggested minimum maximum length */
+ int at_single_value; /* Is single-valued? */
+ int at_collective; /* Is collective? */
+ int at_no_user_mod; /* Are changes forbidden through LDAP? */
+ int at_usage; /* Usage, see below */
+ LDAPSchemaExtensionItem **at_extensions; /* Extensions */
+} LDAPAttributeType;
+
+typedef struct ldap_objectclass {
+ char *oc_oid; /* OID */
+ char **oc_names; /* Names */
+ char *oc_desc; /* Description */
+ int oc_obsolete; /* Is obsolete? */
+ char **oc_sup_oids; /* OIDs of superior classes */
+ int oc_kind; /* Kind, see below */
+ char **oc_at_oids_must; /* OIDs of required attribute types */
+ char **oc_at_oids_may; /* OIDs of optional attribute types */
+ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
+} LDAPObjectClass;
+.ta
+.fi
+.RE
+.PP
+Some integer fields (those described with a question mark) have a
+truth value, for these fields the possible values are:
+.TP
+.B LDAP_SCHEMA_NO
+The answer to the question is no.
+.TP
+.B LDAP_SCHEMA_YES
+The answer to the question is yes.
+.LP
+For attribute types, the following usages are possible:
+.TP
+.B LDAP_SCHEMA_USER_APPLICATIONS
+the attribute type is non-operational.
+.TP
+.B LDAP_SCHEMA_DIRECTORY_OPERATION
+the attribute type is operational and is pertinent to the directory
+itself, i.e. it has the same value on all servers that master the
+entry containing this attribute type.
+.TP
+.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
+the attribute type is operational and is pertinent to replication,
+shadowing or other distributed directory aspect. TBC.
+.TP
+.B LDAP_SCHEMA_DSA_OPERATION
+the attribute type is operational and is pertinent to the directory
+server itself, i.e. it may have different values for the same entry
+when retrieved from different servers that master the entry.
+.LP
+Object classes can be of three kinds:
+.TP
+.B LDAP_SCHEMA_ABSTRACT
+the object class is abstract, i.e. there cannot be entries of this
+class alone.
+.TP
+.B LDAP_SCHEMA_STRUCTURAL
+the object class is structural, i.e. it describes the main role of the
+entry. On some servers, once the entry is created the set of
+structural object classes assigned cannot be changed: none of those
+present can be removed and none other can be added.
+.TP
+.B LDAP_SCHEMA_AUXILIARY
+the object class is auxiliary, i.e. it is intended to go with other,
+structural, object classes. These can be added or removed at any time
+if attribute types are added or removed at the same time as needed by
+the set of object classes resulting from the operation.
+.LP
+Routines
+.B ldap_xxx2name()
+return a canonical name for the definition.
+.LP
+Routines
+.B ldap_xxx2str()
+return a string representation in the format described by RFC 2252 of
+the struct passed in the argument. The string is a newly allocated
+string that must be freed by the caller. These routines may return
+NULL if no memory can be allocated for the string.
+.LP
+.B ldap_scherr2str()
+returns a NUL-terminated string with a text description of the error
+found. This is a pointer to a static area, so it must not be freed by
+the caller. The argument
+.IR code
+comes from one of the parsing routines and can adopt the following
+values:
+.TP
+.B LDAP_SCHERR_OUTOFMEM
+Out of memory.
+.TP
+.B LDAP_SCHERR_UNEXPTOKEN
+Unexpected token.
+.TP
+.B LDAP_SCHERR_NOLEFTPAREN
+Missing opening parenthesis.
+.TP
+.B LDAP_SCHERR_NORIGHTPAREN
+Missing closing parenthesis.
+.TP
+.B LDAP_SCHERR_NODIGIT
+Expecting digit.
+.TP
+.B LDAP_SCHERR_BADNAME
+Expecting a name.
+.TP
+.B LDAP_SCHERR_BADDESC
+Bad description.
+.TP
+.B LDAP_SCHERR_BADSUP
+Bad superiors.
+.TP
+.B LDAP_SCHERR_DUPOPT
+Duplicate option.
+.TP
+.B LDAP_SCHERR_EMPTY
+Unexpected end of data.
+
+.SH SEE ALSO
+.BR ldap (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
+
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_schema.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_schema.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_schema.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,17 @@
+ldap_str2syntax.3
+ldap_syntax2str.3
+ldap_syntax2name.3
+ldap_syntax_free.3
+ldap_str2matchingrule.3
+ldap_matchingrule2str.3
+ldap_matchingrule2name.3
+ldap_matchingrule_free.3
+ldap_str2attributetype.3
+ldap_attributetype2str.3
+ldap_attributetype2name.3
+ldap_attributetype_free.3
+ldap_str2objectclass.3
+ldap_objectclass2str.3
+ldap_objectclass2name.3
+ldap_objectclass_free.3
+ldap_scherr2str.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_search.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_search.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_search.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,131 @@
+.TH LDAP_SEARCH 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.17.2.6 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_search, ldap_search_s, ldap_search_st \- Perform an LDAP search operation
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <sys/time.h> /* for struct timeval definition */
+#include <ldap.h>
+.LP
+.ft B
+int ldap_search(ld, base, scope, filter, attrs, attrsonly)
+.ft
+LDAP *ld;
+char *base;
+int scope;
+char *filter, *attrs[];
+int attrsonly;
+.LP
+.ft B
+int ldap_search_s(ld, base, scope, filter, attrs, attrsonly, res)
+.ft
+LDAP *ld;
+char *base;
+int scope;
+char *filter, *attrs[]
+int attrsonly;
+LDAPMessage **res;
+.LP
+.ft B
+int ldap_search_st(ld, base, scope, filter, attrs, attrsonly, timeout, res)
+.ft
+LDAP *ld;
+char *base;
+int scope;
+char *filter, *attrs[]
+int attrsonly;
+struct timeval *timeout;
+LDAPMessage **res;
+.SH DESCRIPTION
+These routines are used to perform LDAP search operations.
+.B ldap_search_s()
+does the search synchronously (i.e., not
+returning until the operation completes).
+.B ldap_search_st()
+does
+the same, but allows a \fItimeout\fP to be specified.
+.B ldap_search()
+is the asynchronous version, initiating the search and returning
+the message id of the operation it initiated.
+\fIBase\fP is the DN of the entry at which to start the search.
+\fIScope\fP is the scope of the search and should be one of LDAP_SCOPE_BASE,
+to search the object itself,
+LDAP_SCOPE_ONELEVEL, to search the object's immediate children,
+or LDAP_SCOPE_SUBTREE, to search the object and all its descendants.
+.LP
+\fIFilter\fP is a string
+representation of the filter to apply in the search. Simple filters
+can be specified as \fI(attributetype=attributevalue)\fP. More complex
+filters are specified using a prefix notation according to the following
+BNF:
+.LP
+.nf
+ <filter> ::= '(' <filtercomp> ')'
+ <filtercomp> ::= <and> | <or> | <not> | <simple>
+ <and> ::= '&' <filterlist>
+ <or> ::= '|' <filterlist>
+ <not> ::= '!' <filter>
+ <filterlist> ::= <filter> | <filter> <filterlist>
+ <simple> ::= <attributetype> <filtertype> <attributevalue>
+ <filtertype> ::= '=' | '~=' | '<=' | '>='
+.fi
+.LP
+The '~=' construct is used to specify approximate matching. The
+representation for <attributetype> and <attributevalue> are as
+described in RFC 2254. In addition, <attributevalue> can be a single *
+to achieve an attribute existence test, or can contain text and *'s
+interspersed to achieve substring matching.
+.LP
+For example, the filter "(mail=*)" will find any entries that have a mail
+attribute. The filter "(mail=*@terminator.rs.itd.umich.edu)" will find
+any entries that have a mail attribute ending in the specified string.
+To put parentheses in a filter, escape them with a backslash '\\'
+character. See RFC 2254 for a more complete description of allowable
+filters.
+.LP
+\fIAttrs\fP is a null-terminated array of attribute types to return
+from entries that match \fIfilter\fP.
+If NULL is specified, the return of all user attributes is requested.
+The type "*" (LDAP_ALL_USER_ATTRIBUTES) may be used to request
+all user attributes to be returned.
+The type "+"(LDAP_ALL_OPERATIONAL_ATTRIBUTES) may be used to request
+all operational attributes to be returned.
+To request no attributes, the type "1.1" (LDAP_NO_ATTRS)
+should be listed by itself.
+.LP
+\fIAttrsonly\fP should be set to 1 if
+only attribute types are wanted. It should be set to 0 if both
+attributes types and attribute values are wanted.
+.SH ERRORS
+.B ldap_search_s()
+and
+.B ldap_search_st()
+will return the LDAP error code resulting from the search operation.
+See
+.BR ldap_error (3)
+for details.
+.B ldap_search()
+returns -1 in case of trouble.
+.SH NOTES
+Note that both read
+and list functionality are subsumed by these routines,
+by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to
+emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list).
+.LP
+These routines may dynamically allocate memory. The caller is
+responsible for freeing such memory using supplied deallocation
+routines. Return values are contained in <ldap.h>.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_result (3),
+.BR ldap_error (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_search.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_search.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_search.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,4 @@
+ldap_search_s.3
+ldap_search_st.3
+ldap_search_ext.3
+ldap_search_ext_s.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_sort.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_sort.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_sort.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,116 @@
+.TH LDAP_SORT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sort.3,v 1.13.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+ldap_sort_entries(ld, chain, attr, cmp)
+.ft
+LDAP *ld;
+LDAPMessage **chain;
+char *attr;
+int (*cmp)();
+.LP
+.ft B
+ldap_sort_values(ld, vals, cmp)
+.ft
+LDAP *ld;
+char **vals;
+int (*cmp)();
+.LP
+.ft B
+ldap_sort_strcasecmp(a, b)
+.ft
+char *a;
+char *b;
+.SH DESCRIPTION
+These routines are used to sort lists of entries and values retrieved
+from an LDAP server.
+.B ldap_sort_entries()
+is used to sort a chain
+of entries retrieved from an LDAP search call either by DN or by some
+arbitrary attribute in the entries. It takes \fIld\fP, the LDAP
+structure, which is only used for error reporting, \fIchain\fP, the
+list of entries as returned by
+.BR ldap_search_s (3)
+or
+.BR ldap_result (3).
+\fIattr\fP is the attribute to use as a key in the sort
+or NULL to sort by DN, and \fIcmp\fP is the comparison function to use
+when comparing values (or individual DN components if sorting by DN).
+In this case, \fIcmp\fP should be a function taking two single values
+of the \fIattr\fP to sort by, and returning a value less than zero,
+equal to zero, or greater than zero, depending on whether the first
+argument is less than, equal to, or greater than the second argument.
+The convention is the same as used by
+.BR qsort (3),
+which is called to do the actual sorting.
+.LP
+.B ldap_sort_values()
+is used to sort an array of values from an entry,
+as returned by
+.BR ldap_get_values (3).
+It takes the LDAP connection
+structure \fIld\fP, the array of values
+to sort \fIvals\fP, and \fIcmp\fP, the comparison
+function to use during the sort.
+Note that \fIcmp\fP will be passed a pointer to each element in the
+\fIvals\fP array, so if you pass the normal char ** for this parameter,
+\fIcmp\fP should take two char **'s as arguments (i.e., you cannot
+pass \fIstrcasecmp\fP or its friends for \fIcmp\fP). You can, however,
+pass the function
+.B ldap_sort_strcasecmp()
+for this purpose.
+.LP
+For example:
+.LP
+.nf
+.ft tt
+ LDAP *ld;
+ LDAPMessage *res;
+
+ /*
+ * ... call to ldap_search_s(), fill in res,
+ * retrieve sn attr ...
+ */
+
+ /* now sort the entries on surname attribute */
+ if ( ldap_sort_entries( ld, &res, "sn",
+ ldap_sort_strcasecmp ) != 0 )
+ ldap_perror( ld, "ldap_sort_entries" );
+.ft
+.fi
+.SH NOTES
+.LP
+The
+.B ldap_sort_entries()
+routine applies the comparison function to
+each value of the attribute in the array as returned by a call to
+.BR ldap_get_values (3),
+until a mismatch is found.
+This works fine for single-valued attributes, but
+may produce unexpected results for multi-valued attributes.
+When sorting by DN, the comparison function is
+applied to an exploded version of the DN, without types.
+The return values for all of these functions are declared in the
+<ldap.h> header file. Some routines may dynamically allocate memory.
+Callers are responsible for freeing such memory using the supplied
+deallocation routines.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_search (3),
+.BR ldap_result (3),
+.BR qsort (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_sort.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_sort.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_sort.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3 @@
+ldap_sort_entries.3
+ldap_sort_values.3
+ldap_sort_strcasecmp.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_url.3
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_url.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_url.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,89 @@
+.TH LDAP_URL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_url.3,v 1.16.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_is_ldap_url,
+ldap_url_parse,
+ldap_free_urldesc \- LDAP Uniform Resource Locator routines
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.ft
+.LP
+.ft B
+int ldap_is_ldap_url( const char *url )
+.LP
+.ft B
+int ldap_url_parse( const char *url, LDAPURLDesc **ludpp )
+.LP
+typedef struct ldap_url_desc {
+ char * lud_scheme; /* URI scheme */
+ char * lud_host; /* LDAP host to contact */
+ int lud_port; /* port on host */
+ char * lud_dn; /* base for search */
+ char ** lud_attrs; /* list of attributes */
+ int lud_scope; /* a LDAP_SCOPE_... value */
+ char * lud_filter; /* LDAP search filter */
+ char ** lud_exts; /* LDAP extensions */
+ int lud_crit_exts; /* true if any extension is critical */
+ /* may contain additional fields for internal use */
+} LDAPURLDesc;
+.LP
+.ft B
+ldap_free_urldesc( LDAPURLDesc *ludp )
+.SH DESCRIPTION
+These routines support the use of LDAP URLs (Uniform Resource Locators)
+as detailed in RFC 2255. LDAP URLs look like this:
+.nf
+
+ \fBldap://\fP\fIhostport\fP\fB/\fP\fIdn\fP[\fB?\fP\fIattrs\fP[\fB?\fP\fIscope\fP[\fB?\fP\fIfilter\fP[\fB?\fP\fIexts\fP]]]]
+
+where:
+ \fIhostport\fP is a host name with an optional ":portnumber"
+ \fIdn\fP is the search base
+ \fIattrs\fP is a comma separated list of attributes to request
+ \fIscope\fP is one of these three strings:
+ base one sub (default=base)
+ \fIfilter\fP is filter
+ \fIexts\fP are recognized set of LDAP and/or API extensions.
+
+Example:
+ ldap://ldap.example.net/dc=example,dc=net?cn,sn?sub?(cn=*)
+
+.fi
+.LP
+URLs that are wrapped in angle-brackets and/or preceded by "URL:" are also
+tolerated. Alternative schemes such as ldaps:// and ldapi:// may be
+parsed using the below routines as well.
+.LP
+.B ldap_is_ldap_url()
+returns a non-zero value if \fIurl\fP looks like an LDAP URL (as
+opposed to some other kind of URL). It can be used as a quick check
+for an LDAP URL; the
+.B ldap_url_parse()
+routine should be used if a more thorough check is needed.
+.LP
+.B ldap_url_parse()
+breaks down an LDAP URL passed in \fIurl\fP into its component pieces.
+If successful, zero is returned, an LDAP URL description is
+allocated, filled in, and \fIludpp\fP is set to point to it. If an
+error occurs, a non-zero URL error code is returned.
+.LP
+.B ldap_free_urldesc()
+should be called to free an LDAP URL description that was obtained from
+a call to
+.B ldap_url_parse().
+.SH SEE ALSO
+.BR ldap (3)
+.LP
+.B The LDAP URL Format, RFC 2255,
+Tim Howes and Mark Smith, December 1997.
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_url.3.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_url.3.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man3/ldap_url.3.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3 @@
+ldap_is_ldap_url.3
+ldap_url_parse.3
+ldap_free_urldesc.3
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,16 @@
+# man5 Makefile.in for OpenLDAP
+# $OpenLDAP: pkg/ldap/doc/man/man5/Makefile.in,v 1.8.2.5 2007/01/02 21:43:45 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+MANSECT=5
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/ldap.conf.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/ldap.conf.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/ldap.conf.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,322 @@
+.TH LDAP.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/ldap.conf.5,v 1.28.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.UC 6
+.SH NAME
+ldap.conf, .ldaprc \- ldap configuration file
+.SH SYNOPSIS
+ETCDIR/ldap.conf, .ldaprc
+.SH DESCRIPTION
+If the environment variable \fBLDAPNOINIT\fP is defined, all
+defaulting is disabled.
+.LP
+The
+.I ldap.conf
+configuration file is used to set system-wide defaults to be applied when
+running
+.I ldap
+clients.
+.LP
+Users may create an optional configuration file,
+.I ldaprc
+or
+.IR .ldaprc ,
+in their home directory which will be used to override the system-wide
+defaults file.
+The file
+.I ldaprc
+in the current working directory is also used.
+.LP
+.LP
+Additional configuration files can be specified using
+the \fBLDAPCONF\fP and \fBLDAPRC\fP environment variables.
+\fBLDAPCONF\fP may be set to the path of a configuration file. This
+path can be absolute or relative to the current working directory.
+The \fBLDAPRC\fP, if defined, should be the basename of a file
+in the current working directory or in the user's home directory.
+.LP
+Environmental variables may also be used to augment the file based defaults.
+The name of the variable is the option name with an added prefix of \fBLDAP\fP.
+For example, to define \fBBASE\fP via the environment, set the variable
+\fBLDAPBASE\fP to the desired value.
+.LP
+Some options are user\-only. Such options are ignored if present
+in the
+.I ldap.conf
+(or file specified by
+.BR LDAPCONF ).
+.SH OPTIONS
+The configuration options are case-insensitive;
+their value, on a case by case basis, may be case-sensitive.
+The different configuration options are:
+.TP
+.B URI <ldap[s]://[name[:port]] ...>
+Specifies the URI(s) of an LDAP server(s) to which the
+.I LDAP
+library should connect. The URI scheme may be either
+.B ldap
+or
+.B ldaps
+which refer to LDAP over TCP and LDAP over SSL (TLS) respectively.
+Each server's name can be specified as a
+domain-style name or an IP address literal. Optionally, the
+server's name can followed by a ':' and the port number the LDAP
+server is listening on. If no port number is provided, the default
+port for the scheme is used (389 for ldap://, 636 for ldaps://).
+A space separated list of URIs may be provided.
+.TP
+.B BASE <base>
+Specifies the default base DN to use when performing ldap operations.
+The base must be specified as a Distinguished Name in LDAP format.
+.TP
+.B BINDDN <dn>
+Specifies the default bind DN to use when performing ldap operations.
+The bind DN must be specified as a Distinguished Name in LDAP format.
+This is a user\-only option.
+.TP
+.B HOST <name[:port] ...>
+Specifies the name(s) of an LDAP server(s) to which the
+.I LDAP
+library should connect. Each server's name can be specified as a
+domain-style name or an IP address and optionally followed by a ':' and
+the port number the ldap server is listening on. A space separated
+list of hosts may be provided.
+.B HOST
+is deprecated in favor of
+.BR URI .
+.TP
+.B PORT <port>
+Specifies the default port used when connecting to LDAP servers(s).
+The port may be specified as a number.
+.B PORT
+is deprecated in favor of
+.BR URI.
+.TP
+.B REFERRALS <on/true/yes/off/false/no>
+Specifies if the client should automatically follow referrals returned
+by LDAP servers.
+The default is on.
+Note that the command line tools
+.BR ldapsearch (1)
+&co always override this option.
+.TP
+.B SIZELIMIT <integer>
+Specifies a size limit to use when performing searches. The
+number should be a non-negative integer. \fISIZELIMIT\fP of zero (0)
+specifies unlimited search size.
+.TP
+.B TIMELIMIT <integer>
+Specifies a time limit to use when performing searches. The
+number should be a non-negative integer. \fITIMELIMIT\fP of zero (0)
+specifies unlimited search time to be used.
+.TP
+.B DEREF <when>
+Specifies how alias dereferencing is done when performing a search. The
+.B <when>
+can be specified as one of the following keywords:
+.RS
+.TP
+.B never
+Aliases are never dereferenced. This is the default.
+.TP
+.B searching
+Aliases are dereferenced in subordinates of the base object, but
+not in locating the base object of the search.
+.TP
+.B finding
+Aliases are only dereferenced when locating the base object of the search.
+.TP
+.B always
+Aliases are dereferenced both in searching and in locating the base object
+of the search.
+.RE
+.SH SASL OPTIONS
+If OpenLDAP is built with Simple Authentication and Security Layer support,
+there are more options you can specify.
+.TP
+.B SASL_MECH <mechanism>
+Specifies the SASL mechanism to use.
+This is a user\-only option.
+.TP
+.B SASL_REALM <realm>
+Specifies the SASL realm.
+This is a user\-only option.
+.TP
+.B SASL_AUTHCID <authcid>
+Specifies the authentication identity.
+This is a user\-only option.
+.TP
+.B SASL_AUTHZID <authcid>
+Specifies the proxy authorization identity.
+This is a user\-only option.
+.TP
+.B SASL_SECPROPS <properties>
+Specifies Cyrus SASL security properties. The
+.B <properties>
+can be specified as a comma-separated list of the following:
+.RS
+.TP
+.B none
+(without any other properties) causes the properties
+defaults ("noanonymous,noplain") to be cleared.
+.TP
+.B noplain
+disables mechanisms susceptible to simple passive attacks.
+.TP
+.B noactive
+disables mechanisms susceptible to active attacks.
+.TP
+.B nodict
+disables mechanisms susceptible to passive dictionary attacks.
+.TP
+.B noanonymous
+disables mechanisms which support anonymous login.
+.TP
+.B forwardsec
+requires forward secrecy between sessions.
+.TP
+.B passcred
+requires mechanisms which pass client credentials (and allows
+mechanisms which can pass credentials to do so).
+.TP
+.B minssf=<factor>
+specifies the minimum acceptable
+.I security strength factor
+as an integer approximating the effective key length used for
+encryption. 0 (zero) implies no protection, 1 implies integrity
+protection only, 56 allows DES or other weak ciphers, 112
+allows triple DES and other strong ciphers, 128 allows RC4,
+Blowfish and other modern strong ciphers. The default is 0.
+.TP
+.B maxssf=<factor>
+specifies the maximum acceptable
+.I security strength factor
+as an integer (see
+.B minssf
+description). The default is
+.BR INT_MAX .
+.TP
+.B maxbufsize=<factor>
+specifies the maximum security layer receive buffer
+size allowed. 0 disables security layers. The default is 65536.
+.RE
+.SH TLS OPTIONS
+If OpenLDAP is built with Transport Layer Security support, there
+are more options you can specify. These options are used when an
+.B ldaps:// URI
+is selected (by default or otherwise) or when the application
+negotiates TLS by issuing the LDAP Start TLS operation.
+.TP
+.B TLS_CACERT <filename>
+Specifies the file that contains certificates for all of the Certificate
+Authorities the client will recognize.
+.TP
+.B TLS_CACERTDIR <path>
+Specifies the path of a directory that contains Certificate Authority
+certificates in separate individual files. The
+.B TLS_CACERT
+is always used before
+.B TLS_CACERTDIR.
+.TP
+.B TLS_CERT <filename>
+Specifies the file that contains the client certificate.
+This is a user\-only option.
+.TP
+.B TLS_KEY <filename>
+Specifies the file that contains the private key that matches the certificate
+stored in the
+.B TLS_CERT
+file. Currently, the private key must not be protected with a password, so
+it is of critical importance that the key file is protected carefully. This
+is a user\-only option.
+.TP
+.B TLS_CIPHER_SUITE <cipher-suite-spec>
+Specifies acceptable cipher suite and preference order.
+<cipher-suite-spec> should be a cipher specification for OpenSSL,
+e.g., HIGH:MEDIUM:+SSLv2.
+.TP
+.B TLS_RANDFILE <filename>
+Specifies the file to obtain random bits from when /dev/[u]random is
+not available. Generally set to the name of the EGD/PRNGD socket.
+The environment variable RANDFILE can also be used to specify the filename.
+.TP
+.B TLS_REQCERT <level>
+Specifies what checks to perform on server certificates in a TLS session,
+if any. The
+.B <level>
+can be specified as one of the following keywords:
+.RS
+.TP
+.B never
+The client will not request or check any server certificate.
+.TP
+.B allow
+The server certificate is requested. If no certificate is provided,
+the session proceeds normally. If a bad certificate is provided, it will
+be ignored and the session proceeds normally.
+.TP
+.B try
+The server certificate is requested. If no certificate is provided,
+the session proceeds normally. If a bad certificate is provided,
+the session is immediately terminated.
+.TP
+.B demand | hard
+These keywords are equivalent. The server certificate is requested. If no
+certificate is provided, or a bad certificate is provided, the session
+is immediately terminated. This is the default setting.
+.RE
+.TP
+.B TLS_CRLCHECK <level>
+Specifies if the Certificate Revocation List (CRL) of the CA should be
+used to verify if the server certificates have not been revoked. This
+requires
+.B TLS_CACERTDIR
+parameter to be set.
+.B <level>
+can be specified as one of the following keywords:
+.RS
+.TP
+.B none
+No CRL checks are performed
+.TP
+.B peer
+Check the CRL of the peer certificate
+.TP
+.B all
+Check the CRL for a whole certificate chain
+.RE
+.SH "ENVIRONMENT VARIABLES"
+.TP
+LDAPNOINIT
+disable all defaulting
+.TP
+LDAPCONF
+path of a configuration file
+.TP
+LDAPRC
+basename of ldaprc file in $HOME or $CWD
+.TP
+LDAP<option-name>
+Set <option-name> as from ldap.conf
+.SH FILES
+.TP
+.I ETCDIR/ldap.conf
+system-wide ldap configuration file
+.TP
+.I $HOME/ldaprc, $HOME/.ldaprc
+user ldap configuration file
+.TP
+.I $CWD/ldaprc
+local ldap configuration file
+.SH "SEE ALSO"
+.BR ldap (3),
+.BR openssl (1),
+.BR sasl (3)
+.SH AUTHOR
+Kurt Zeilenga, The OpenLDAP Project
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/ldif.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/ldif.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/ldif.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,243 @@
+.TH LDIF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/ldif.5,v 1.18.2.5 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldif \- LDAP Data Interchange Format
+.SH DESCRIPTION
+The LDAP Data Interchange Format (LDIF) is used to represent LDAP
+entries and change records in text form. LDAP tools, such as
+.BR ldapadd (1) and .BR ldapsearch (1), read and write LDIF entry
+records. ldapmodify(1) reads LDIF change records.
+.LP
+This manual page provides a basic description of LDIF. A
+formal specification of LDIF is published in RFC 2849.
+.SH ENTRY RECORDS
+.LP
+LDIF entry records are used to represent directory entries. The basic
+form of an entry record is:
+.LP
+.nf
+.ft tt
+ dn: <distinguished name>
+ <attrdesc>: <attrvalue>
+ <attrdesc>: <attrvalue>
+ <attrdesc>:: <base64-encoded-value>
+ <attrdesc>:< <URL>
+ ...
+.ft
+.fi
+.LP
+The value may be specified as UTF-8 text or as base64 encoded data,
+or a URI may be provided to the location of the attribute value.
+.LP
+A line may be continued by starting the next line with a single space
+or tab, e.g.,
+.LP
+.nf
+.ft tt
+ dn: cn=Barbara J Jensen,dc=exam
+ ple,dc=com
+.ft
+.fi
+.LP
+Lines beginning with a sharp sign ('#') are ignored.
+.LP
+Multiple attribute values are specified on separate lines, e.g.,
+.LP
+.nf
+.ft tt
+ cn: Barbara J Jensen
+ cn: Babs Jensen
+.ft
+.fi
+.LP
+If an value contains a non-printing character, or begins
+with a space or a colon ':', the <attrtype> is followed by a
+double colon and the value is encoded in base 64 notation. e.g.,
+the value " begins with a space" would be encoded like this:
+.LP
+.nf
+.ft tt
+ cn:: IGJlZ2lucyB3aXRoIGEgc3BhY2U=
+.ft
+.fi
+.LP
+If the attribute value is located in a file, the <attrtype> is
+followed by a ':<' and a file: URI. e.g., the value contained
+in the file /tmp/value would be listed like this:
+.LP
+.nf
+.ft tt
+ cn:< file:///tmp/value
+.ft
+.fi
+Other URI schemes (ftp,http) may be supported as well.
+.LP
+Multiple entries within the same LDIF file are separated by blank
+lines.
+.SH ENTRY RECORD EXAMPLE
+Here is an example of an LDIF file containing three entries.
+.LP
+.nf
+.ft tt
+ dn: cn=Barbara J Jensen,dc=example,dc=com
+ cn: Barbara J Jensen
+ cn: Babs Jensen
+ objectclass: person
+ description:< file:///tmp/babs
+ sn: Jensen
+
+ dn: cn=Bjorn J Jensen,dc=example,dc=com
+ cn: Bjorn J Jensen
+ cn: Bjorn Jensen
+ objectclass: person
+ sn: Jensen
+
+ dn: cn=Jennifer J Jensen,dc=example,dc=com
+ cn: Jennifer J Jensen
+ cn: Jennifer Jensen
+ objectclass: person
+ sn: Jensen
+ jpegPhoto:: /9j/4AAQSkZJRgABAAAAAQABAAD/2wBDABALD
+ A4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQ
+ ERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVG
+ ...
+.ft
+.fi
+.LP
+Note that the description in Barbara Jensen's entry is
+read from file:///tmp/babs and the jpegPhoto in Jennifer
+Jensen's entry is encoded using base 64.
+.SH CHANGE RECORDS
+LDIF change records are used to represent directory change requests.
+Each change record starts with line indicating the distinguished
+name of the entry being changed:
+.LP
+.nf
+ dn: <distinguishedname>
+.fi
+.LP
+.nf
+ changetype: <[modify|add|delete|modrdn]>
+.fi
+.LP
+Finally, the change information itself is given, the format of which
+depends on what kind of change was specified above. For a \fIchangetype\fP
+of \fImodify\fP, the format is one or more of the following:
+.LP
+.nf
+ add: <attributetype>
+ <attrdesc>: <value1>
+ <attrdesc>: <value2>
+ ...
+ -
+.fi
+.LP
+Or, for a replace modification:
+.LP
+.nf
+ replace: <attributetype>
+ <attrdesc>: <value1>
+ <attrdesc>: <value2>
+ ...
+ -
+.fi
+.LP
+If no \fIattributetype\fP lines are given to replace,
+the entire attribute is to be deleted (if present).
+.LP
+Or, for a delete modification:
+.LP
+.nf
+ delete: <attributetype>
+ <attrdesc>: <value1>
+ <attrdesc>: <value2>
+ ...
+ -
+.fi
+.LP
+If no \fIattributetype\fP lines are given to delete,
+the entire attribute is to be deleted.
+.LP
+For a \fIchangetype\fP of \fIadd\fP, the format is:
+.LP
+.nf
+ <attrdesc1>: <value1>
+ <attrdesc1>: <value2>
+ ...
+ <attrdescN>: <value1>
+ <attrdescN>: <value2>
+.fi
+.LP
+For a \fIchangetype\fP of \fImodrdn\fP or \fImoddn\fP,
+the format is:
+.LP
+.nf
+ newrdn: <newrdn>
+ deleteoldrdn: 0 | 1
+ newsuperior: <DN>
+.fi
+.LP
+where a value of 1 for deleteoldrdn means to delete the values
+forming the old rdn from the entry, and a value of 0 means to
+leave the values as non-distinguished attributes in the entry.
+The newsuperior line is optional and, if present, specifies the
+new superior to move the entry to.
+.LP
+For a \fIchangetype\fP of \fIdelete\fP, no additional information
+is needed in the record.
+.LP
+Note that attribute values may be presented using base64 or in
+files as described for entry records. Lines in change records
+may be continued in the manner described for entry records as
+well.
+.SH CHANGE RECORD EXAMPLE
+The following sample LDIF file contains a change record
+of each type of change.
+.LP
+.nf
+ dn: cn=Babs Jensen,dc=example,dc=com
+ changetype: add
+ objectclass: person
+ objectclass: extensibleObject
+ cn: babs
+ cn: babs jensen
+ sn: jensen
+
+ dn: cn=Babs Jensen,dc=example,dc=com
+ changetype: modify
+ add: givenName
+ givenName: Barbara
+ givenName: babs
+ -
+ replace: description
+ description: the fabulous babs
+ -
+ delete: sn
+ sn: jensen
+ -
+
+ dn: cn=Babs Jensen,dc=example,dc=com
+ changetype: modrdn
+ newrdn: cn=Barbara J Jensen
+ deleteoldrdn: 0
+ newsuperior: ou=People,dc=example,dc=com
+
+ dn: cn=Barbara J Jensen,ou=People,dc=example,dc=com
+ changetype: delete
+.fi
+
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldapsearch (1),
+.BR ldapadd (1),
+.BR ldapmodify (1),
+.BR slapd.replog (5).
+.LP
+"LDAP Data Interchange Format," Good, G., RFC 2849.
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-bdb.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-bdb.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-bdb.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,225 @@
+.TH SLAPD-BDB 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-bdb.5,v 1.20.2.10 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+\fBslapd-bdb\fP, \fBslapd-hdb\fP \- Berkeley DB backends to \fBslapd\fP
+.SH SYNOPSIS
+.B ETCDIR/slapd.conf
+.SH DESCRIPTION
+The \fBbdb\fP backend to
+.BR slapd (8)
+is the recommended primary backend for a normal
+.B slapd
+database.
+It uses the Sleepycat Berkeley DB (BDB) package to store data.
+It makes extensive use of indexing and caching to speed data access.
+.LP
+\fBhdb\fP is a variant of the \fBbdb\fP backend that uses a
+hierarchical database
+layout which supports subtree renames. It is otherwise identical to
+the \fBbdb\fP behavior, and all the same configuration options apply.
+.LP
+It is noted that these options are intended to complement
+Berkeley DB configuration options set in the environment's
+.B DB_CONFIG
+file. See Berkeley DB documentation for details on
+.B DB_CONFIG
+configuration options.
+Where there is overlap, settings in
+.B DB_CONFIG
+take precedence.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the \fBbdb\fP and \fBhdb\fP backend database.
+That is, they must follow a "database bdb" or "database hdb" line and
+come before any subsequent "backend" or "database" lines.
+Other database options are described in the
+.BR slapd.conf (5)
+manual page.
+.TP
+.BI cachesize \ <integer>
+Specify the size in entries of the in-memory entry cache maintained
+by the \fBbdb\fP or \fBhdb\fP backend database instance.
+The default is 1000 entries.
+.TP
+.BI cachefree \ <integer>
+Specify the number of entries to free from the entry cache when the
+cache reaches the \fBcachesize\fP limit.
+The default is 1 entry.
+.TP
+.BI checkpoint \ <kbyte>\ <min>
+Specify the frequency for checkpointing the database transaction log.
+A checkpoint operation flushes the database buffers to disk and writes
+a checkpoint record in the log.
+The checkpoint will occur if either \fI<kbyte>\fP data has been written or
+\fI<min>\fP minutes have passed since the last checkpoint.
+Both arguments default to zero, in which case they are ignored. When
+the \fI<min>\fP argument is non-zero, an internal task will run every
+\fI<min>\fP minutes to perform the checkpoint.
+See the Berkeley DB reference guide for more details.
+.TP
+.BI dbconfig \ <Berkeley\-DB\-setting>
+Specify a configuration directive to be placed in the
+.B DB_CONFIG
+file of the database directory. The
+.B dbconfig
+directive is just a convenience
+to allow all necessary configuration to be set in the
+.B slapd.conf
+file.
+The options set using this directive will only be written to the
+.B DB_CONFIG
+file if no such file existed at server startup time. This allows one
+to set initial values without overwriting/destroying a
+.B DB_CONFIG
+file that was already customized through other means.
+This directive may be specified multiple times, as needed.
+For example:
+.RS
+.nf
+ dbconfig set_cachesize 0 1048576 0
+ dbconfig set_lg_bsize 2097152
+.fi
+.RE
+.TP
+.B dbnosync
+Specify that on-disk database contents should not be immediately
+synchronized with in memory changes.
+Enabling this option may improve performance at the expense of data
+security.
+See the Berkeley DB reference guide for more details.
+.TP
+.BI directory \ <directory>
+Specify the directory where the BDB files containing this database and
+associated indexes live.
+A separate directory must be specified for each database.
+The default is
+.BR LOCALSTATEDIR/openldap-data .
+.TP
+.B dirtyread
+Allow reads of modified but not yet committed data.
+Usually transactions are isolated to prevent other operations from
+accessing uncommitted data.
+This option may improve performance, but may also return inconsistent
+results if the data comes from a transaction that is later aborted.
+In this case, the modified data is discarded and a subsequent search
+will return a different result.
+.TP
+.BI idlcachesize \ <integer>
+Specify the size of the in-memory index cache, in index slots. The
+default is zero. A larger value will speed up frequent searches of
+indexed entries. An \fBhdb\fP database needs a large \fBidlcachesize\fP
+for good search performance, typically three times the
+.B cachesize
+(entry cache size)
+or larger.
+.TP
+\fBindex \fR{\fI<attrlist>\fR|\fBdefault\fR} [\fBpres\fR,\fBeq\fR,\fBapprox\fR,\fBsub\fR,\fI<special>\fR]
+Specify the indexes to maintain for the given attribute (or
+list of attributes).
+Some attributes only support a subset of indexes.
+If only an \fI<attr>\fP is given, the indices specified for \fBdefault\fR
+are maintained.
+Note that setting a default does not imply that all attributes will be
+indexed. Also, for best performance, an
+.B eq
+index should always be configured for the
+.B objectClass
+attribute.
+
+A number of special index parameters may be specified.
+The index type
+.B sub
+can be decomposed into
+.BR subinitial ,
+.BR subany ,\ and
+.B subfinal
+indices.
+The special type
+.B nolang
+may be specified to disallow use of this index by language subtypes.
+The special type
+.B nosubtypes
+may be specified to disallow use of this index by named subtypes.
+Note: changing \fBindex\fP settings in
+.BR slapd.conf (5)
+requires rebuilding indices, see
+.BR slapindex (8);
+changing \fBindex\fP settings
+dynamically by LDAPModifying "cn=config" automatically causes rebuilding
+of the indices online in a background task.
+.TP
+.B linearindex
+Tell
+.B slapindex
+to index one attribute at a time. By default, all indexed
+attributes in an entry are processed at the same time. With this option,
+each indexed attribute is processed individually, using multiple passes
+through the entire database. This option improves
+.B slapindex
+performance
+when the database size exceeds the \fBdbcache\fP size. When the \fBdbcache\fP is
+large enough, this option is not needed and will decrease performance.
+Also by default,
+.B slapadd
+performs full indexing and so a separate
+.B slapindex
+run is not needed. With this option,
+.B slapadd
+does no indexing and
+.B slapindex
+must be used.
+.TP
+.BR lockdetect \ { oldest | youngest | fewest | random | default }
+Specify which transaction to abort when a deadlock is detected.
+The default is
+.BR random .
+.TP
+.BI mode \ <integer>
+Specify the file protection mode that newly created database
+index files should have.
+The default is 0600.
+.TP
+.BI searchstack \ <depth>
+Specify the depth of the stack used for search filter evaluation.
+Search filters are evaluated on a stack to accommodate nested AND / OR
+clauses. An individual stack is assigned to each server thread.
+The depth of the stack determines how complex a filter can be
+evaluated without requiring any additional memory allocation. Filters that
+are nested deeper than the search stack depth will cause a separate
+stack to be allocated for that particular search operation. These
+allocations can have a major negative impact on server performance,
+but specifying too much stack will also consume a great deal of memory.
+Each search stack uses 512K bytes per level. The default stack depth
+is 16, thus 8MB per thread is used.
+.TP
+.BI shm_key \ <integer>
+Specify a key for a shared memory BDB environment. By default the
+BDB environment uses memory mapped files. If a non-zero value is
+specified, it will be used as the key to identify a shared memory
+region that will house the environment.
+.SH ACCESS CONTROL
+The
+.B bdb
+and
+.B hdb
+backends honor access control semantics as indicated in
+.BR slapd.access (5).
+.SH FILES
+.TP
+.B ETCDIR/slapd.conf
+default
+.B slapd
+configuration file
+.TP
+.B DB_CONFIG
+Berkeley DB configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8),
+.BR slapadd (8),
+.BR slapcat (8),
+.BR slapindex (8),
+Berkeley DB documentation.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-bdb.5.links
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-bdb.5.links (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-bdb.5.links 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1 @@
+slapd-hdb.5
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-dnssrv.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-dnssrv.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-dnssrv.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,49 @@
+.TH SLAPD-DNSSRV 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-dnssrv.5,v 1.7.2.5 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapd-dnssrv \- DNS SRV referral backend to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The DNSSRV backend to
+.BR slapd (8)
+serves up referrals based upon SRV resource records held in
+the Domain Name System.
+.LP
+This backend is experimental.
+.SH CONFIGURATION
+The DNSSRV backend has no backend nor database specific options.
+It is configured simply by "database dnssrv" followed a suffix
+directive, e.g. suffix "".
+.SH ACCESS CONTROL
+The
+.B dnssrv
+backend does not honor all ACL semantics as described in
+.BR slapd.access (5).
+In fact, this backend only implements the
+.B search
+operation when the
+.B manageDSAit
+control (RFC3296) is used, otherwise for every operation a referral,
+whenever appropriate, or an error is returned.
+Currently, there is no means to condition the returning of the referral
+by means of ACLs; no access control is implemented, except for
+.B read (=r)
+access to the returned entries, which is actually provided by the frontend.
+Note, however, that the information returned by this backend is collected
+through the DNS, so it is public by definition.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.br
+.SH SEE ALSO
+\fB"OpenLDAP Root Service - An experimental LDAP referral
+service"\fR [RFC 3088],
+.br
+\fB"OpenLDAP LDAP Root Service"\fR <http://www.openldap.org/faq/?file=393)>,
+.br
+.BR slapd.conf (5),
+.BR slapd (8)
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-ldap.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-ldap.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-ldap.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,537 @@
+.TH SLAPD-LDAP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldap.5,v 1.24.2.17 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapd-ldap \- LDAP backend to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The LDAP backend to
+.BR slapd (8)
+is not an actual database; instead it acts as a proxy to forward incoming
+requests to another LDAP server. While processing requests it will also
+chase referrals, so that referrals are fully processed instead of being
+returned to the slapd client.
+
+Sessions that explicitly Bind to the back-ldap database always create their
+own private connection to the remote LDAP server. Anonymous sessions will
+share a single anonymous connection to the remote server. For sessions bound
+through other mechanisms, all sessions with the same DN will share the
+same connection. This connection pooling strategy can enhance the proxy's
+efficiency by reducing the overhead of repeatedly making/breaking multiple
+connections.
+
+The ldap database can also act as an information service, i.e. the identity
+of locally authenticated clients is asserted to the remote server, possibly
+in some modified form.
+For this purpose, the proxy binds to the remote server with some
+administrative identity, and, if required, authorizes the asserted identity.
+See the
+.IR idassert- *
+rules below.
+The administrative identity of the proxy, on the remote server, must be
+allowed to authorize by means of appropriate
+.B authzTo
+rules; see
+.BR slapd.conf (5)
+for details.
+
+.LP
+Note: When looping back to the same instance of \fBslapd\fP(8),
+each connection requires a new thread; as a consequence, \fBslapd\fP(8)
+must be compiled with thread support, and the \fBthreads\fP parameter
+may need some tuning; in those cases, one may consider using
+\fBslapd-relay\fP(5) instead, which performs the relayed operation
+internally and thus reuses the same connection.
+
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the LDAP backend database.
+That is, they must follow a "database ldap" line and come before any
+subsequent "backend" or "database" lines.
+Other database options are described in the
+.BR slapd.conf (5)
+manual page.
+
+.LP
+Note: In early versions of back-ldap it was recommended to always set
+.LP
+.RS
+.nf
+lastmod off
+.fi
+.RE
+.LP
+for every
+.B ldap
+and
+.B meta
+database.
+This is because operational attributes related to entry creation and
+modification should not be proxied, as they could be mistakenly written
+to the target server(s), generating an error.
+The current implementation automatically sets lastmod to off, so its use
+is redundant and should be omitted, because the lastmod directive will
+be deprecated in the future.
+
+.TP
+.B uri <ldapurl>
+LDAP server to use. Multiple URIs can be set in in a single
+.B ldapurl
+argument, resulting in the underlying library automatically
+call the first server of the list that responds, e.g.
+
+\fBuri "ldap://host/ ldap://backup-host/"\fP
+
+The URI list is space- or comma-separated.
+.\"This statement is mandatory.
+.\".TP
+.\".B server <hostport>
+.\"Obsolete option; same as `uri ldap://<hostport>/'.
+.HP
+.hy 0
+.B acl-bind
+.B bindmethod=simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
+.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
+.B [authcId=<authentication ID>] [authzId=<authorization ID>]
+.RS
+Allows to define the parameters of the authentication method that is
+internally used by the proxy to collect info related to access control.
+The identity defined by this directive, according to the properties
+associated to the authentication method, is supposed to have read access
+on the target server to attributes used on the proxy for ACL checking.
+There is no risk of giving away such values; they are only used to
+check permissions.
+The default is to use
+.BR simple
+bind, with empty \fIbinddn\fP and \fIcredentials\fP,
+which means that the related operations will be performed anonymously.
+
+.B This identity is by no means implicitly used by the proxy
+.B when the client connects anonymously.
+The
+.B idassert-bind
+feature, instead, in some cases can be crafted to implement that behavior,
+which is \fIintrinsically unsafe and should be used with extreme care\fP.
+This directive obsoletes
+.BR acl-authcDN ,
+and
+.BR acl-passwd .
+.RE
+
+.TP
+.B chase-referrals {YES|no}
+enable/disable automatic referral chasing, which is delegated to the
+underlying libldap, with rebinding eventually performed if the
+\fBrebind-as-user\fP directive is used. The default is to chase referrals.
+
+.TP
+.B conn-ttl <time>
+This directive causes a cached connection to be dropped an recreated
+after a given ttl, regardless of being idle or not.
+
+.TP
+.B idassert-authzFrom <authz-regexp>
+if defined, selects what
+.I local
+identities are authorized to exploit the identity assertion feature.
+The string
+.B <authz-regexp>
+follows the rules defined for the
+.I authzFrom
+attribute.
+See
+.BR slapd.conf (5),
+section related to
+.BR authz-policy ,
+for details on the syntax of this field.
+
+.HP
+.hy 0
+.B idassert-bind
+.B bindmethod=none|simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
+.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
+.B [authcId=<authentication ID>] [authzId=<authorization ID>]
+.B [authz={native|proxyauthz}] [mode=<mode>] [flags=<flags>]
+.RS
+Allows to define the parameters of the authentication method that is
+internally used by the proxy to authorize connections that are
+authenticated by other databases.
+The identity defined by this directive, according to the properties
+associated to the authentication method, is supposed to have auth access
+on the target server to attributes used on the proxy for authentication
+and authorization, and to be allowed to authorize the users.
+This requires to have
+.B proxyAuthz
+privileges on a wide set of DNs, e.g.
+.BR authzTo=dn.subtree:"" ,
+and the remote server to have
+.B authz-policy
+set to
+.B to
+or
+.BR both .
+See
+.BR slapd.conf (5)
+for details on these statements and for remarks and drawbacks about
+their usage.
+The supported bindmethods are
+
+\fBnone|simple|sasl\fP
+
+where
+.B none
+is the default, i.e. no \fIidentity assertion\fP is performed.
+
+The authz parameter is used to instruct the SASL bind to exploit
+.B native
+SASL authorization, if available; since connections are cached,
+this should only be used when authorizing with a fixed identity
+(e.g. by means of the
+.B authzDN
+or
+.B authzID
+parameters).
+Otherwise, the default
+.B proxyauthz
+is used, i.e. the proxyAuthz control is added to all operations.
+
+The supported modes are:
+
+\fB<mode> := {legacy|anonymous|none|self}\fP
+
+If
+.B <mode>
+is not present, and
+.B authzId
+is given, the proxy always authorizes that identity.
+.B <authorization ID>
+can be
+
+\fBu:<user>\fP
+
+\fB[dn:]<DN>\fP
+
+The former is supposed to be expanded by the remote server according
+to the authz rules; see
+.BR slapd.conf (5)
+for details.
+In the latter case, whether or not the
+.B dn:
+prefix is present, the string must pass DN validation and normalization.
+
+The default mode is
+.BR legacy ,
+which implies that the proxy will either perform a simple bind as the
+.I authcDN
+or a SASL bind as the
+.I authcID
+and assert the client's identity when it is not anonymous.
+Direct binds are always proxied.
+The other modes imply that the proxy will always either perform a simple bind
+as the
+.IR authcDN
+or a SASL bind as the
+.IR authcID ,
+unless restricted by
+.BR idassert-authzFrom
+rules (see below), in which case the operation will fail;
+eventually, it will assert some other identity according to
+.BR <mode> .
+Other identity assertion modes are
+.BR anonymous
+and
+.BR self ,
+which respectively mean that the
+.I empty
+or the
+.IR client 's
+identity
+will be asserted;
+.BR none ,
+which means that no proxyAuthz control will be used, so the
+.I authcDN
+or the
+.I authcID
+identity will be asserted.
+For all modes that require the use of the
+.I proxyAuthz
+control, on the remote server the proxy identity must have appropriate
+.I authzTo
+permissions, or the asserted identities must have appropriate
+.I authzFrom
+permissions. Note, however, that the ID assertion feature is mostly
+useful when the asserted identities do not exist on the remote server.
+
+Flags can be
+
+\fBoverride,{prescriptive|non-prescriptive}\fP
+
+When the
+.B override
+flag is used, identity assertion takes place even when the database
+is authorizing for the identity of the client, i.e. after binding
+with the provided identity, and thus authenticating it, the proxy
+performs the identity assertion using the configured identity and
+authentication method.
+
+When the
+.B prescriptive
+flag is used (the default), operations fail with
+\fIinappropriateAuthentication\fP
+for those identities whose assertion is not allowed by the
+.B idassert-authzFrom
+patterns.
+If the
+.B non-prescriptive
+flag is used, operations are performed anonymously for those identities
+whose assertion is not allowed by the
+.B idassert-authzFrom
+patterns.
+
+This directive obsoletes
+.BR idassert-authcDN ,
+.BR idassert-passwd ,
+.BR idassert-mode ,
+and
+.BR idassert-method .
+.RE
+
+.TP
+.B idle-timeout <time>
+This directive causes a cached connection to be dropped an recreated
+after it has been idle for the specified time.
+
+.TP
+.B network-timeout <time>
+Sets the network timeout value after which
+.BR poll (2)/ select (2)
+following a
+.BR connect (2)
+returns in case of no activity.
+The value is in seconds, and it can be specified as for
+.BR idle-timeout .
+
+.TP
+.B protocol\-version {0,2,3}
+This directive indicates what protocol version must be used to contact
+the remote server.
+If set to 0 (the default), the proxy uses the same protocol version
+used by the client, otherwise the requested protocol is used.
+The proxy returns \fIunwillingToPerform\fP if an operation that is
+incompatible with the requested protocol is attempted.
+
+.TP
+.B proxy\-whoami {NO|yes}
+Turns on proxying of the WhoAmI extended operation. If this option is
+given, back-ldap will replace slapd's original WhoAmI routine with its
+own. On slapd sessions that were authenticated by back-ldap, the WhoAmI
+request will be forwarded to the remote LDAP server. Other sessions will
+be handled by the local slapd, as before. This option is mainly useful
+in conjunction with Proxy Authorization.
+
+.TP
+.B rebind-as-user {NO|yes}
+If this option is given, the client's bind credentials are remembered
+for rebinds, when trying to re-establish a broken connection,
+or when chasing a referral, if
+.B chase-referrals
+is set to
+.IR yes .
+
+.TP
+.B t-f-support {NO|yes|discover}
+enable if the remote server supports absolute filters
+(see \fIdraft-zeilenga-ldap-t-f\fP for details).
+If set to
+.BR discover ,
+support is detected by reading the remote server's root DSE.
+
+.TP
+.B timeout [{add|delete|modify|modrdn}=]<val> [...]
+This directive allows to set per-operation timeouts.
+If no operation is specified, it affects all.
+Currently, only write operations are addressed, because searches
+can already be limited by means of the
+.B limits
+directive (see
+.BR slapd.conf (5)
+for details), and other operations are not supposed to incur into the
+need for timeouts.
+Note: if the timelimit is exceeded, the operation is abandoned;
+the protocol does not provide any means to rollback the operation,
+so the client will not know if the operation eventually succeeded or not.
+
+.TP
+.B tls {[try-]start|[try-]propagate}
+execute the StartTLS extended operation when the connection is initialized;
+only works if the URI directive protocol scheme is not \fBldaps://\fP.
+\fBpropagate\fP issues the StartTLS operation only if the original
+connection did.
+The \fBtry-\fP prefix instructs the proxy to continue operations
+if the StartTLS operation failed; its use is highly deprecated.
+
+.SH BACKWARD COMPATIBILITY
+The LDAP backend has been heavily reworked between releases 2.2 and 2.3;
+as a side-effect, some of the traditional directives have been
+deprecated and should be no longer used, as they might disappear
+in future releases.
+
+.TP
+.B server <hostname[:port]>
+this directive is no longer supported. Use the
+.B uri
+directive as described above.
+
+.TP
+.B acl-authcDN "<administrative DN for access control purposes>"
+DN which is used to query the target server for acl checking; it
+is supposed to have read access on the target server to attributes used
+on the proxy for acl checking.
+There is no risk of giving away such values; they are only used to
+check permissions.
+.B The acl-authcDN identity is by no means implicitly used by the proxy
+.B when the client connects anonymously.
+See the
+.B idassert-*
+feature instead.
+This directive is obsoleted by the
+.B binddn
+arg of
+.B acl-bind
+when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
+
+.TP
+.B acl-passwd <password>
+Password used with the above
+.B acl-authcDN
+directive.
+This directive is obsoleted by the
+.B binddn
+arg of
+.B acl-bind
+when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
+
+.TP
+.B idassert-authcDN "<administrative DN for proxyAuthz purposes>"
+DN which is used to propagate the client's identity to the target
+by means of the proxyAuthz control when the client does not
+belong to the DIT fragment that is being proxied by back-ldap.
+This directive is obsoleted by the
+.B binddn
+arg of
+.BR idassert-bind
+when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
+
+.TP
+.B idassert-passwd <password>
+Password used with the
+.B idassert-authcDN
+above.
+This directive is obsoleted by the
+.B crendentials
+of
+.B idassert-bind
+when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
+
+.TP
+.B idassert-mode <mode> [<flags>]
+defines what type of
+.I identity assertion
+is used.
+This directive is obsoleted by the
+.B mode
+arg of
+.BR idassert-bind ,
+and will be dismissed in the future.
+
+.TP
+.B idassert-method <method> [<saslargs>]
+This directive is obsoleted by the
+.B bindmethod
+arg of
+.BR idassert-bind ,
+and will be dismissed in the future.
+
+.TP
+.B suffixmassage, map, rewrite*
+These directives are no longer supported by back-ldap; their
+functionality is now delegated to the
+.B rwm
+overlay. Essentially, add a statement
+
+.B overlay rwm
+
+first, and prefix all rewrite/map statements with
+.B rwm-
+to obtain the original behavior.
+See
+.BR slapo-rwm (5)
+for details.
+.\" However, to ease update from existing configurations, back-ldap still
+.\" recognizes them and automatically instantiates the
+.\" .B rwm
+.\" overlay if available and not instantiated yet.
+.\" This behavior may change in the future.
+
+.SH ACCESS CONTROL
+The
+.B ldap
+backend does not honor all ACL semantics as described in
+.BR slapd.access (5).
+In general, access checking is delegated to the remote server(s).
+Only
+.B read (=r)
+access to the
+.B entry
+pseudo-attribute and to the other attribute values of the entries
+returned by the
+.B search
+operation is honored, which is performed by the frontend.
+
+.SH OVERLAYS
+The LDAP backend provides basic proxying functionalities to many overlays.
+The
+.B chain
+overlay, described in
+.BR slapo\-chain (5),
+and the
+.B translucent
+overlay, described in
+.BR slapo\-translucent (5),
+deserve a special mention.
+
+Conversely, there are many overlays that are best used in conjunction
+with the LDAP backend.
+The
+.B proxycache
+overlay allows caching of LDAP search requests (queries)
+in a local database.
+See
+.BR slapo\-pcache (5)
+for details.
+The
+.B rwm
+overlay provides DN rewrite and attribute/objectClass mapping
+capabilities to the underlying database.
+See
+.BR slapo\-rwm (5)
+for details.
+
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd\-meta (5),
+.BR slapo\-chain (5),
+.BR slapo\-pcache (5),
+.BR slapo\-rwm (5),
+.BR slapo\-translucent (5),
+.BR slapd (8),
+.BR ldap (3).
+.SH AUTHOR
+Howard Chu, with enhancements by Pierangelo Masarati
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-ldbm.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-ldbm.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-ldbm.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,141 @@
+.TH SLAPD-LDBM 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldbm.5,v 1.8.2.6 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapd-ldbm \- LDBM backend to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The LDBM backend to
+.BR slapd (8)
+is an easy\-to\-configure but obsolete database backend. It does not
+offer the data durability features of the BDB and HDB backends and
+hence is considered deprecated in favor of these robust backends.
+LDBM uses lightweight non\-transactional data interfaces, such as those
+provided by GDBM or Berkeley DB, to store data. It makes extensive
+use of indexing and caching to speed data access.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the LDBM backend database.
+That is, they must follow a "database ldbm" line and come before any
+subsequent "backend" or "database" lines.
+Other database options are described in the
+.BR slapd.conf (5)
+manual page.
+.TP
+.B cachesize <integer>
+Specify the size in entries of the in-memory cache maintained
+by the LDBM backend database instance.
+The default is 1000 entries.
+.TP
+.B dbcachesize <integer>
+Specify the size in bytes of the in-memory cache associated with each
+open index file.
+If not supported by the underlying database method, this option is
+ignored without comment.
+The default is 100000 bytes.
+.TP
+.B dbnolocking
+Specify that no database locking should be performed.
+Enabling this option may improve performance at the expense of data security.
+Do NOT run any slap tools while slapd is running.
+.TP
+.B dbnosync
+Specify that on-disk database contents should not be immediately
+synchronized with in memory changes.
+Enabling this option may improve performance at the expense of data
+security.
+.TP
+.B dbsync <frequency> <maxdelays> <delayinterval>
+Flush dirty database buffers to disk every
+.B <seconds>
+seconds.
+Implies
+.B dbnosync
+(ie. individual updates are no longer written to disk).
+It attempts to avoid syncs during periods of peak activity by waiting
+.B <delayinterval>
+seconds if the server is busy, repeating this delay up to
+.B <maxdelays>
+times before proceeding.
+It is an attempt to provide higher write performance with some amount
+of data security.
+Note that it may still be possible to get an inconsistent database if
+the underlying engine fills its cache and writes out individual pages
+and slapd crashes or is killed before the next sync.
+.B <maxdelays>
+and
+.B <delayinterval>
+are optional and default to
+.B 12
+and
+.B 5
+respectively, giving a total elapsed delay of 60 seconds before a sync
+will occur.
+.B <maxdelays>
+may be zero, and
+.B <delayinterval>
+must be 1 or greater.
+.TP
+.B directory <directory>
+Specify the directory where the LDBM files containing this database and
+associated indexes live.
+A separate directory must be specified for each database.
+The default is
+.BR LOCALSTATEDIR/openldap-data .
+.TP
+.B
+index {<attrlist>|default} [pres,eq,approx,sub,<special>]
+Specify the indexes to maintain for the given attribute (or
+list of attributes).
+Some attributes only support a subset of indexes.
+If only an <attr> is given, the indices specified for \fBdefault\fR
+are maintained.
+Note that setting a default does not imply that all attributes will be
+indexed. Also, for best performance, an
+.B eq
+index should always be configured for the
+.B objectClass
+attribute.
+
+A number of special index parameters may be specified.
+The index type
+.B sub
+can be decomposed into
+.BR subinitial ,
+.BR subany ,\ and
+.B subfinal
+indices.
+The special type
+.B notags
+(or
+.BR nolang )
+may be specified to disallow use of this index by subtypes with tagging
+options (such as language options).
+The special type
+.B nosubtypes
+may be specified to disallow use of this index by named subtypes.
+Note: changing index settings requires rebuilding indices, see
+.BR slapindex (8).
+.TP
+.B mode <integer>
+Specify the file protection mode that newly created database
+index files should have.
+The default is 0600.
+.SH ACCESS CONTROL
+The
+.B ldbm
+backend honors access control semantics as indicated in
+.BR slapd.access (5).
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8),
+.BR slapadd (8),
+.BR slapcat (8),
+.BR slapindex (8).
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-ldif.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-ldif.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-ldif.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,53 @@
+.TH SLAPD-LDIF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldif.5,v 1.1.2.4 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapd-ldif \- LDIF backend to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The LDIF backend to
+.BR slapd (8)
+is a basic storage backend that stores entries in text files in LDIF format,
+and exploits the filesystem to create the tree structure of the database.
+It is intended as a cheap, low performance easy to use backend, and it is
+exploited by higher-level internal structures to provide a permanent
+storage.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the LDIF backend database.
+That is, they must follow a "database ldif" line and come before
+any subsequent "backend" or "database" lines.
+Other database options are described in the
+.BR slapd.conf (5)
+manual page.
+.TP
+.B directory <dir>
+Specify the directory where the database tree starts. The directory
+must exist and grant appropriate permissions (rwx) to the identity slapd
+is running with.
+.SH ACCESS CONTROL
+The
+.B LDIF
+backend does not honor any of the access control semantics described in
+.BR slapd.access (5).
+Only
+.B read (=r)
+access to the
+.B entry
+pseudo-attribute and to the other attribute values of the entries
+returned by the
+.B search
+operation is honored, which is performed by the frontend.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8),
+.BR ldif (5).
+.SH AUTHOR
+Eric Stokes
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-meta.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-meta.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-meta.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,953 @@
+.TH SLAPD-META 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copying restrictions apply. See the COPYRIGHT file.
+.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-meta.5,v 1.29.2.16 2007/04/06 03:57:19 quanah Exp $
+.\"
+.\" Portions of this document should probably be moved to slapd-ldap(5)
+.\" and maybe manual pages for librewrite.
+.\"
+.SH NAME
+slapd-meta \- metadirectory backend
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.B meta
+backend to
+.BR slapd (8)
+performs basic LDAP proxying with respect to a set of remote LDAP
+servers, called "targets".
+The information contained in these servers can be presented as
+belonging to a single Directory Information Tree (DIT).
+.LP
+A basic knowledge of the functionality of the
+.BR slapd\-ldap (5)
+backend is recommended.
+This backend has been designed as an enhancement of the ldap backend.
+The two backends share many features (actually they also share
+portions of code).
+While the
+.B ldap
+backend is intended to proxy operations directed to a single server, the
+.B meta
+backend is mainly intended for proxying of multiple servers and possibly
+naming context masquerading.
+These features, although useful in many scenarios, may result in
+excessive overhead for some applications, so its use should be
+carefully considered.
+In the examples section, some typical scenarios will be discussed.
+
+.LP
+Note: When looping back to the same instance of \fBslapd\fP(8),
+each connection requires a new thread; as a consequence, \fBslapd\fP(8)
+must be compiled with thread support, and the \fBthreads\fP parameter
+may need some tuning; in those cases, unless the multiple target feature
+is required, one may consider using \fBslapd-relay\fP(5) instead,
+which performs the relayed operation internally and thus reuses
+the same connection.
+
+.SH EXAMPLES
+There are examples in various places in this document, as well as in the
+slapd/back-meta/data/ directory in the OpenLDAP source tree.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the META backend database.
+That is, they must follow a "database meta" line and come before any
+subsequent "backend" or "database" lines.
+Other database options are described in the
+.BR slapd.conf (5)
+manual page.
+.LP
+Note: In early versions of back-ldap and back-meta it was recommended to always set
+.LP
+.RS
+.nf
+lastmod off
+.fi
+.RE
+.LP
+for every
+.B ldap
+and
+.B meta
+database.
+This is because operational attributes related to entry creation and
+modification should not be proxied, as they could be mistakenly written
+to the target server(s), generating an error.
+The current implementation automatically sets lastmod to off, so its use
+is redundant and should be omitted, because the lastmod directive will
+be deprecated in the future.
+
+.SH SPECIAL CONFIGURATION DIRECTIVES
+Target configuration starts with the "uri" directive.
+All the configuration directives that are not specific to targets
+should be defined first for clarity, including those that are common
+to all backends.
+They are:
+
+.TP
+.B default-target none
+This directive forces the backend to reject all those operations
+that must resolve to a single target in case none or multiple
+targets are selected.
+They include: add, delete, modify, modrdn; compare is not included, as
+well as bind since, as they don't alter entries, in case of multiple
+matches an attempt is made to perform the operation on any candidate
+target, with the constraint that at most one must succeed.
+This directive can also be used when processing targets to mark a
+specific target as default.
+
+.TP
+.B dncache-ttl {DISABLED|forever|<ttl>}
+This directive sets the time-to-live of the DN cache.
+This caches the target that holds a given DN to speed up target
+selection in case multiple targets would result from an uncached
+search; forever means cache never expires; disabled means no DN
+caching; otherwise a valid ( > 0 ) ttl is required, in the format
+illustrated for the
+.B idle-timeout
+directive.
+
+.TP
+.B conn-ttl <time>
+This directive causes a cached connection to be dropped an recreated
+after a given ttl, regardless of being idle or not.
+
+.TP
+.B onerr {CONTINUE|stop}
+This directive allows to select the behavior in case an error is returned
+by one target during a search.
+The default, \fBcontinue\fP, consists in continuing the operation,
+trying to return as much data as possible.
+If this statement is set to \fBstop\fP, the search is terminated as soon
+as an error is returned by one target, and the error is immediately
+propagated to the client.
+
+.TP
+.B protocol\-version {0,2,3}
+This directive indicates what protocol version must be used to contact
+the remote server.
+If set to 0 (the default), the proxy uses the same protocol version
+used by the client, otherwise the requested protocol is used.
+The proxy returns \fIunwillingToPerform\fP if an operation that is
+incompatible with the requested protocol is attempted.
+If set before any target specification, it affects all targets, unless
+overridden by any per-target directive.
+
+.TP
+.B pseudoroot-bind-defer {NO|yes}
+This directive, when set to
+.BR yes ,
+causes the authentication to the remote servers with the pseudo-root
+identity to be deferred until actually needed by subsequent operations.
+
+.TP
+.B rebind-as-user {NO|yes}
+If this option is given, the client's bind credentials are remembered
+for rebinds, when trying to re-establish a broken connection,
+or when chasing a referral, if
+.B chase-referrals
+is set to
+.IR yes .
+
+.SH TARGET SPECIFICATION
+Target specification starts with a "uri" directive:
+
+.TP
+.B uri <protocol>://[<host>[:<port>]]/<naming context>
+The "server" directive that was allowed in the LDAP backend (although
+deprecated) has been completely discarded in the Meta backend.
+The <protocol> part can be anything
+.BR ldap_initialize (3)
+accepts ({ldap|ldaps|ldapi} and variants); <host> and <port> may be
+omitted, defaulting to whatever is set in
+.BR ldap.conf (5).
+The <naming context> part is mandatory.
+It must end with one of the naming contexts defined for the backend,
+e.g.:
+.LP
+.RS
+.nf
+suffix "\fBdc=foo,dc=com\fP"
+uri "ldap://x.foo.com/dc=x,\fBdc=foo,dc=com\fP"
+.fi
+
+.RE
+.RS
+The <naming context> part doesn't need to be unique across the targets;
+it may also match one of the values of the "suffix" directive.
+Multiple URIs may be defined in a single argument. The URIs must
+be separated by TABs (e.g. '\\t'; commas or spaces, unlike back-ldap,
+will not work,
+because they are legal in the <naming context>, and we don't want to use
+URL-encoded <naming context>s), and the additional URIs must have
+no <naming context> part. This causes the underlying library
+to contact the first server of the list that responds.
+For example, if \fIl1.foo.com\fP and \fIl2.foo.com\fP are shadows
+of the same server, the directive
+.LP
+.nf
+suffix "\fBdc=foo,dc=com\fP"
+uri "ldap://l1.foo.com/\fBdc=foo,dc=com\fP ldap://l2.foo.com/"
+.fi
+
+.RE
+.RS
+causes \fIl2.foo.com\fP to be contacted whenever \fIl1.foo.com\fP
+does not respond.
+.RE
+
+.TP
+.B acl-authcDN "<administrative DN for access control purposes>"
+DN which is used to query the target server for acl checking,
+as in the LDAP backend; it is supposed to have read access
+on the target server to attributes used on the proxy for acl checking.
+There is no risk of giving away such values; they are only used to
+check permissions.
+.B The acl-authcDN identity is by no means implicitly used by the proxy
+.B when the client connects anonymously.
+
+.TP
+.B acl-passwd <password>
+Password used with the
+.B
+acl-authcDN
+above.
+
+.TP
+.B bind-timeout <microseconds>
+This directive defines the timeout, in microseconds, used when polling
+for response after an asynchronous bind connection. The initial call
+to ldap_result(3) is performed with a trade-off timeout of 100000 us;
+if that results in a timeout exceeded, subsequent calls use the value
+provided with
+.BR bind-timeout .
+The default value is used also for subsequent calls if
+.B bind-timeout
+is not specified.
+If set before any target specification, it affects all targets, unless
+overridden by any per-target directive.
+
+.TP
+.B chase-referrals {YES|no}
+enable/disable automatic referral chasing, which is delegated to the
+underlying libldap, with rebinding eventually performed if the
+\fBrebind-as-user\fP directive is used. The default is to chase referrals.
+If set before any target specification, it affects all targets, unless
+overridden by any per-target directive.
+
+.TP
+.B default-target [<target>]
+The "default-target" directive can also be used during target specification.
+With no arguments it marks the current target as the default.
+The optional number marks target <target> as the default one, starting
+from 1.
+Target <target> must be defined.
+
+.TP
+.B idle-timeout <time>
+This directive causes a cached connection to be dropped an recreated
+after it has been idle for the specified time.
+The value can be specified as
+
+[<d>d][<h>h][<m>m][<s>[s]]
+
+where <d>, <h>, <m> and <s> are respectively treated as days, hours,
+minutes and seconds.
+If set before any target specification, it affects all targets, unless
+overridden by any per-target directive.
+
+.TP
+.B map "{attribute|objectclass} [<local name>|*] {<foreign name>|*}"
+This maps object classes and attributes as in the LDAP backend.
+See
+.BR slapd-ldap (5).
+
+.TP
+.B network-timeout <time>
+Sets the network timeout value after which
+.BR poll (2)/ select (2)
+following a
+.BR connect (2)
+returns in case of no activity.
+The value is in seconds, and it can be specified as for
+.BR idle-timeout .
+If set before any target specification, it affects all targets, unless
+overridden by any per-target directive.
+
+.TP
+.B nretries {forever|never|<nretries>}
+This directive defines how many times a bind should be retried
+in case of temporary failure in contacting a target. If defined
+before any target specification, it applies to all targets (by default,
+.BR 3
+times);
+the global value can be overridden by redefinitions inside each target
+specification.
+
+.TP
+.B pseudorootdn "<substitute DN in case of rootdn bind>"
+This directive, if present, sets the DN that will be substituted to
+the bind DN if a bind with the backend's "rootdn" succeeds.
+The true "rootdn" of the target server ought not be used; an arbitrary
+administrative DN should used instead.
+
+.TP
+.B pseudorootpw "<substitute password in case of rootdn bind>"
+This directive sets the credential that will be used in case a bind
+with the backend's "rootdn" succeeds, and the bind is propagated to
+the target using the "pseudorootdn" DN.
+
+Note: cleartext credentials must be supplied here; as a consequence,
+using the pseudorootdn/pseudorootpw directives is inherently unsafe.
+
+.TP
+.B rewrite* ...
+The rewrite options are described in the "REWRITING" section.
+
+.TP
+.B subtree-exclude "<DN>"
+This directive instructs back-meta to ignore the current target
+for operations whose requestDN is subordinate to
+.BR DN .
+There may be multiple occurrences of the
+.B subtree-exclude
+directive for each of the targets.
+
+.TP
+.B suffixmassage "<virtual naming context>" "<real naming context>"
+All the directives starting with "rewrite" refer to the rewrite engine
+that has been added to slapd.
+The "suffixmassage" directive was introduced in the LDAP backend to
+allow suffix massaging while proxying.
+It has been obsoleted by the rewriting tools.
+However, both for backward compatibility and for ease of configuration
+when simple suffix massage is required, it has been preserved.
+It wraps the basic rewriting instructions that perform suffix
+massaging. See the "REWRITING" section for a detailed list
+of the rewrite rules it implies.
+
+.TP
+.B t-f-support {NO|yes|discover}
+enable if the remote server supports absolute filters
+(see \fIdraft-zeilenga-ldap-t-f\fP for details).
+If set to
+.BR discover ,
+support is detected by reading the remote server's root DSE.
+If set before any target specification, it affects all targets, unless
+overridden by any per-target directive.
+
+.TP
+.B timeout [{add|delete|modify|modrdn}=]<seconds> [...]
+This directive allows to set per-database, per-target and per-operation
+timeouts.
+If no operation is specified, it affects all.
+Currently, only write operations are addressed, because searches
+can already be limited by means of the
+.B limits
+directive (see
+.BR slapd.conf (5)
+for details), and other operations are not supposed to incur into the
+need for timeouts.
+Note: if the timelimit is exceeded, the operation is abandoned;
+the protocol does not provide any means to rollback the operation,
+so the client will not know if the operation eventually succeeded or not.
+If set before any target specification, it affects all targets, unless
+overridden by any per-target directive.
+
+.TP
+.B tls {[try-]start|[try-]propagate}
+execute the StartTLS extended operation when the connection is initialized;
+only works if the URI directive protocol scheme is not \fBldaps://\fP.
+\fBpropagate\fP issues the StartTLS operation only if the original
+connection did.
+The \fBtry-\fP prefix instructs the proxy to continue operations
+if the StartTLS operation failed; its use is highly deprecated.
+If set before any target specification, it affects all targets, unless
+overridden by any per-target directive.
+
+.SH SCENARIOS
+A powerful (and in some sense dangerous) rewrite engine has been added
+to both the LDAP and Meta backends.
+While the former can gain limited beneficial effects from rewriting
+stuff, the latter can become an amazingly powerful tool.
+.LP
+Consider a couple of scenarios first.
+.LP
+1) Two directory servers share two levels of naming context;
+say "dc=a,dc=foo,dc=com" and "dc=b,dc=foo,dc=com".
+Then, an unambiguous Meta database can be configured as:
+.LP
+.RS
+.nf
+database meta
+suffix "\fBdc=foo,dc=com\fP"
+uri "ldap://a.foo.com/dc=a,\fBdc=foo,dc=com\fP"
+uri "ldap://b.foo.com/dc=b,\fBdc=foo,dc=com\fP"
+.fi
+.RE
+.LP
+Operations directed to a specific target can be easily resolved
+because there are no ambiguities.
+The only operation that may resolve to multiple targets is a search
+with base "dc=foo,dc=com" and scope at least "one", which results in
+spawning two searches to the targets.
+.LP
+2a) Two directory servers don't share any portion of naming context,
+but they'd present as a single DIT
+[Caveat: uniqueness of (massaged) entries among the two servers is
+assumed; integrity checks risk to incur in excessive overhead and have
+not been implemented].
+Say we have "dc=bar,dc=org" and "o=Foo,c=US",
+and we'd like them to appear as branches of "dc=foo,dc=com", say
+"dc=a,dc=foo,dc=com" and "dc=b,dc=foo,dc=com".
+Then we need to configure our Meta backend as:
+.LP
+.RS
+.nf
+database meta
+suffix "dc=foo,dc=com"
+
+uri "ldap://a.bar.com/\fBdc=a,dc=foo,dc=com\fP"
+suffixmassage "\fBdc=a,dc=foo,dc=com\fP" "dc=bar,dc=org"
+
+uri "ldap://b.foo.com/\fBdc=b,dc=foo,dc=com\fP"
+suffixmassage "\fBdc=b,dc=foo,dc=com\fP" "o=Foo,c=US"
+.fi
+.RE
+.LP
+Again, operations can be resolved without ambiguity, although
+some rewriting is required.
+Notice that the virtual naming context of each target is a branch of
+the database's naming context; it is rewritten back and forth when
+operations are performed towards the target servers.
+What "back and forth" means will be clarified later.
+.LP
+When a search with base "dc=foo,dc=com" is attempted, if the
+scope is "base" it fails with "no such object"; in fact, the
+common root of the two targets (prior to massaging) does not
+exist.
+If the scope is "one", both targets are contacted with the base
+replaced by each target's base; the scope is derated to "base".
+In general, a scope "one" search is honored, and the scope is derated,
+only when the incoming base is at most one level lower of a target's
+naming context (prior to massaging).
+.LP
+Finally, if the scope is "sub" the incoming base is replaced
+by each target's unmassaged naming context, and the scope
+is not altered.
+.LP
+2b) Consider the above reported scenario with the two servers
+sharing the same naming context:
+.LP
+.RS
+.nf
+database meta
+suffix "\fBdc=foo,dc=com\fP"
+
+uri "ldap://a.bar.com/\fBdc=foo,dc=com\fP"
+suffixmassage "\fBdc=foo,dc=com\fP" "dc=bar,dc=org"
+
+uri "ldap://b.foo.com/\fBdc=foo,dc=com\fP"
+suffixmassage "\fBdc=foo,dc=com\fP" "o=Foo,c=US"
+.fi
+.RE
+.LP
+All the previous considerations hold, except that now there is
+no way to unambiguously resolve a DN.
+In this case, all the operations that require an unambiguous target
+selection will fail unless the DN is already cached or a default
+target has been set.
+Practical configurations may result as a combination of all the
+above scenarios.
+.SH ACLs
+Note on ACLs: at present you may add whatever ACL rule you desire
+to to the Meta (and LDAP) backends.
+However, the meaning of an ACL on a proxy may require some
+considerations.
+Two philosophies may be considered:
+.LP
+a) the remote server dictates the permissions; the proxy simply passes
+back what it gets from the remote server.
+.LP
+b) the remote server unveils "everything"; the proxy is responsible
+for protecting data from unauthorized access.
+.LP
+Of course the latter sounds unreasonable, but it is not.
+It is possible to imagine scenarios in which a remote host discloses
+data that can be considered "public" inside an intranet, and a proxy
+that connects it to the internet may impose additional constraints.
+To this purpose, the proxy should be able to comply with all the ACL
+matching criteria that the server supports.
+This has been achieved with regard to all the criteria supported by
+slapd except a special subtle case (please drop me a note if you can
+find other exceptions: <ando at openldap.org>).
+The rule
+.LP
+.RS
+.nf
+access to dn="<dn>" attrs=<attr>
+ by dnattr=<dnattr> read
+ by * none
+.fi
+.RE
+.LP
+cannot be matched iff the attribute that is being requested, <attr>,
+is NOT <dnattr>, and the attribute that determines membership,
+<dnattr>, has not been requested (e.g. in a search)
+.LP
+In fact this ACL is resolved by slapd using the portion of entry it
+retrieved from the remote server without requiring any further
+intervention of the backend, so, if the <dnattr> attribute has not
+been fetched, the match cannot be assessed because the attribute is
+not present, not because no value matches the requirement!
+.LP
+Note on ACLs and attribute mapping: ACLs are applied to the mapped
+attributes; for instance, if the attribute locally known as "foo" is
+mapped to "bar" on a remote server, then local ACLs apply to attribute
+"foo" and are totally unaware of its remote name.
+The remote server will check permissions for "bar", and the local
+server will possibly enforce additional restrictions to "foo".
+.\"
+.\" If this section is moved, also update the reference in
+.\" libraries/librewrite/RATIONALE.
+.\"
+.SH REWRITING
+A string is rewritten according to a set of rules, called a `rewrite
+context'.
+The rules are based on POSIX (''extended'') regular expressions (regex)
+with substring matching; basic variable substitution and map resolution
+of substrings is allowed by specific mechanisms detailed in the following.
+The behavior of pattern matching/substitution can be altered by a set
+of flags.
+.LP
+The underlying concept is to build a lightweight rewrite module
+for the slapd server (initially dedicated to the LDAP backend).
+.SH Passes
+An incoming string is matched against a set of rules.
+Rules are made of a regex match pattern, a substitution pattern
+and a set of actions, described by a set of flags.
+In case of match a string rewriting is performed according to the
+substitution pattern that allows to refer to substrings matched in the
+incoming string.
+The actions, if any, are finally performed.
+The substitution pattern allows map resolution of substrings.
+A map is a generic object that maps a substitution pattern to a value.
+The flags are divided in "Pattern matching Flags" and "Action Flags";
+the former alter the regex match pattern behavior while the latter
+alter the action that is taken after substitution.
+.SH "Pattern Matching Flags"
+.TP
+.B `C'
+honors case in matching (default is case insensitive)
+.TP
+.B `R'
+use POSIX ''basic'' regular expressions (default is ''extended'')
+.TP
+.B `M{n}'
+allow no more than
+.B n
+recursive passes for a specific rule; does not alter the max total count
+of passes, so it can only enforce a stricter limit for a specific rule.
+.SH "Action Flags"
+.TP
+.B `:'
+apply the rule once only (default is recursive)
+.TP
+.B `@'
+stop applying rules in case of match; the current rule is still applied
+recursively; combine with `:' to apply the current rule only once
+and then stop.
+.TP
+.B `#'
+stop current operation if the rule matches, and issue an `unwilling to
+perform' error.
+.TP
+.B `G{n}'
+jump
+.B n
+rules back and forth (watch for loops!).
+Note that `G{1}' is implicit in every rule.
+.TP
+.B `I'
+ignores errors in rule; this means, in case of error, e.g. issued by a
+map, the error is treated as a missed match.
+The `unwilling to perform' is not overridden.
+.TP
+.B `U{n}'
+uses
+.B
+n
+as return code if the rule matches; the flag does not alter the recursive
+behavior of the rule, so, to have it performed only once, it must be used
+in combination with `:', e.g.
+.B `:U{16}'
+returns the value `16' after exactly one execution of the rule, if the
+pattern matches.
+As a consequence, its behavior is equivalent to `@', with the return
+code set to
+.BR n ;
+or, in other words, `@' is equivalent to `U{0}'.
+By convention, the freely available codes are above 16 included;
+the others are reserved.
+.LP
+The ordering of the flags can be significant.
+For instance: `IG{2}' means ignore errors and jump two lines ahead
+both in case of match and in case of error, while `G{2}I' means ignore
+errors, but jump two lines ahead only in case of match.
+.LP
+More flags (mainly Action Flags) will be added as needed.
+.SH "Pattern matching:"
+See
+.BR regex (7)
+and/or
+.BR re_format (7).
+.SH "Substitution Pattern Syntax:"
+Everything starting with `%' requires substitution;
+.LP
+the only obvious exception is `%%', which is left as is;
+.LP
+the basic substitution is `%d', where `d' is a digit;
+0 means the whole string, while 1-9 is a submatch;
+.LP
+a `%' followed by a `{' invokes an advanced substitution.
+The pattern is:
+.LP
+.RS
+`%' `{' [ <op> ] <name> `(' <substitution> `)' `}'
+.RE
+.LP
+where <name> must be a legal name for the map, i.e.
+.LP
+.RS
+.nf
+<name> ::= [a-z][a-z0-9]* (case insensitive)
+<op> ::= `>' `|' `&' `&&' `*' `**' `$'
+.fi
+.RE
+.LP
+and <substitution> must be a legal substitution
+pattern, with no limits on the nesting level.
+.LP
+The operators are:
+.TP
+.B >
+sub context invocation; <name> must be a legal, already defined
+rewrite context name
+.TP
+.B |
+external command invocation; <name> must refer to a legal, already
+defined command name (NOT IMPL.)
+.TP
+.B &
+variable assignment; <name> defines a variable in the running
+operation structure which can be dereferenced later; operator
+.B &
+assigns a variable in the rewrite context scope; operator
+.B &&
+assigns a variable that scopes the entire session, e.g. its value
+can be dereferenced later by other rewrite contexts
+.TP
+.B *
+variable dereferencing; <name> must refer to a variable that is
+defined and assigned for the running operation; operator
+.B *
+dereferences a variable scoping the rewrite context; operator
+.B **
+dereferences a variable scoping the whole session, e.g. the value
+is passed across rewrite contexts
+.TP
+.B $
+parameter dereferencing; <name> must refer to an existing parameter;
+the idea is to make some run-time parameters set by the system
+available to the rewrite engine, as the client host name, the bind DN
+if any, constant parameters initialized at config time, and so on;
+no parameter is currently set by either
+.B back\-ldap
+or
+.BR back\-meta ,
+but constant parameters can be defined in the configuration file
+by using the
+.B rewriteParam
+directive.
+.LP
+Substitution escaping has been delegated to the `%' symbol,
+which is used instead of `\e' in string substitution patterns
+because `\e' is already escaped by slapd's low level parsing routines;
+as a consequence, regex escaping requires two `\e' symbols,
+e.g. `\fB.*\e.foo\e.bar\fP' must be written as `\fB.*\e\e.foo\e\e.bar\fP'.
+.\"
+.\" The symbol can be altered at will by redefining the related macro in
+.\" "rewrite-int.h".
+.\"
+.SH "Rewrite context:"
+A rewrite context is a set of rules which are applied in sequence.
+The basic idea is to have an application initialize a rewrite
+engine (think of Apache's mod_rewrite ...) with a set of rewrite
+contexts; when string rewriting is required, one invokes the
+appropriate rewrite context with the input string and obtains the
+newly rewritten one if no errors occur.
+.LP
+Each basic server operation is associated to a rewrite context;
+they are divided in two main groups: client \-> server and
+server \-> client rewriting.
+.LP
+client -> server:
+.LP
+.RS
+.nf
+(default) if defined and no specific context
+ is available
+bindDN bind
+searchBase search
+searchFilter search
+searchFilterAttrDN search
+compareDN compare
+compareAttrDN compare AVA
+addDN add
+addAttrDN add AVA
+modifyDN modify
+modifyAttrDN modify AVA
+modrDN modrdn
+newSuperiorDN modrdn
+deleteDN delete
+exopPasswdDN password modify extended operation DN if proxy
+.fi
+.RE
+.LP
+server -> client:
+.LP
+.RS
+.nf
+searchResult search (only if defined; no default;
+ acts on DN and DN-syntax attributes
+ of search results)
+searchAttrDN search AVA
+matchedDN all ops (only if applicable)
+.fi
+.RE
+.LP
+.SH "Basic configuration syntax"
+.TP
+.B rewriteEngine { on | off }
+If `on', the requested rewriting is performed; if `off', no
+rewriting takes place (an easy way to stop rewriting without
+altering too much the configuration file).
+.TP
+.B rewriteContext <context name> "[ alias <aliased context name> ]"
+<Context name> is the name that identifies the context, i.e. the name
+used by the application to refer to the set of rules it contains.
+It is used also to reference sub contexts in string rewriting.
+A context may alias another one.
+In this case the alias context contains no rule, and any reference to
+it will result in accessing the aliased one.
+.TP
+.B rewriteRule "<regex match pattern>" "<substitution pattern>" "[ <flags> ]"
+Determines how a string can be rewritten if a pattern is matched.
+Examples are reported below.
+.SH "Additional configuration syntax:"
+.TP
+.B rewriteMap "<map type>" "<map name>" "[ <map attrs> ]"
+Allows to define a map that transforms substring rewriting into
+something else.
+The map is referenced inside the substitution pattern of a rule.
+.TP
+.B rewriteParam <param name> <param value>
+Sets a value with global scope, that can be dereferenced by the
+command `%{$paramName}'.
+.TP
+.B rewriteMaxPasses <number of passes> [<number of passes per rule>]
+Sets the maximum number of total rewriting passes that can be
+performed in a single rewrite operation (to avoid loops).
+A safe default is set to 100; note that reaching this limit is still
+treated as a success; recursive invocation of rules is simply
+interrupted.
+The count applies to the rewriting operation as a whole, not
+to any single rule; an optional per-rule limit can be set.
+This limit is overridden by setting specific per-rule limits
+with the `M{n}' flag.
+.SH "Configuration examples:"
+.nf
+# set to `off' to disable rewriting
+rewriteEngine on
+
+# the rules the "suffixmassage" directive implies
+rewriteEngine on
+# all dataflow from client to server referring to DNs
+rewriteContext default
+rewriteRule "(.*)<virtualnamingcontext>$" "%1<realnamingcontext>" ":"
+# empty filter rule
+rewriteContext searchFilter
+# all dataflow from server to client
+rewriteContext searchResult
+rewriteRule "(.*)<realnamingcontext>$" "%1<virtualnamingcontext>" ":"
+rewriteContext searchAttrDN alias searchResult
+rewriteContext matchedDN alias searchResult
+
+# Everything defined here goes into the `default' context.
+# This rule changes the naming context of anything sent
+# to `dc=home,dc=net' to `dc=OpenLDAP, dc=org'
+
+rewriteRule "(.*)dc=home,[ ]?dc=net"
+ "%1dc=OpenLDAP, dc=org" ":"
+
+# since a pretty/normalized DN does not include spaces
+# after rdn separators, e.g. `,', this rule suffices:
+
+rewriteRule "(.*)dc=home,dc=net"
+ "%1dc=OpenLDAP,dc=org" ":"
+
+# Start a new context (ends input of the previous one).
+# This rule adds blanks between DN parts if not present.
+rewriteContext addBlanks
+rewriteRule "(.*),([^ ].*)" "%1, %2"
+
+# This one eats blanks
+rewriteContext eatBlanks
+rewriteRule "(.*),[ ](.*)" "%1,%2"
+
+# Here control goes back to the default rewrite
+# context; rules are appended to the existing ones.
+# anything that gets here is piped into rule `addBlanks'
+rewriteContext default
+rewriteRule ".*" "%{>addBlanks(%0)}" ":"
+
+.\" # Anything with `uid=username' is looked up in
+.\" # /etc/passwd for gecos (I know it's nearly useless,
+.\" # but it is there just as a guideline to implementing
+.\" # custom maps).
+.\" # Note the `I' flag that leaves `uid=username' in place
+.\" # if `username' does not have a valid account, and the
+.\" # `:' that forces the rule to be processed exactly once.
+.\" rewriteContext uid2Gecos
+.\" rewriteRule "(.*)uid=([a-z0-9]+),(.+)"
+.\" "%1cn=%2{xpasswd},%3" "I:"
+.\"
+.\" # Finally, in a bind, if one uses a `uid=username' DN,
+.\" # it is rewritten in `cn=name surname' if possible.
+.\" rewriteContext bindDN
+.\" rewriteRule ".*" "%{>addBlanks(%{>uid2Gecos(%0)})}" ":"
+.\"
+# Rewrite the search base according to `default' rules.
+rewriteContext searchBase alias default
+
+# Search results with OpenLDAP DN are rewritten back with
+# `dc=home,dc=net' naming context, with spaces eaten.
+rewriteContext searchResult
+rewriteRule "(.*[^ ]?)[ ]?dc=OpenLDAP,[ ]?dc=org"
+ "%{>eatBlanks(%1)}dc=home,dc=net" ":"
+
+# Bind with email instead of full DN: we first need
+# an ldap map that turns attributes into a DN (the
+# argument used when invoking the map is appended to
+# the URI and acts as the filter portion)
+rewriteMap ldap attr2dn "ldap://host/dc=my,dc=org?dn?sub"
+
+# Then we need to detect DN made up of a single email,
+# e.g. `mail=someone at example.com'; note that the rule
+# in case of match stops rewriting; in case of error,
+# it is ignored. In case we are mapping virtual
+# to real naming contexts, we also need to rewrite
+# regular DNs, because the definition of a bindDn
+# rewrite context overrides the default definition.
+rewriteContext bindDN
+rewriteRule "^mail=[^,]+@[^,]+$" "%{attr2dn(%0)}" ":@I"
+
+# This is a rather sophisticated example. It massages a
+# search filter in case who performs the search has
+# administrative privileges. First we need to keep
+# track of the bind DN of the incoming request, which is
+# stored in a variable called `binddn' with session scope,
+# and left in place to allow regular binding:
+rewriteContext bindDN
+rewriteRule ".+" "%{&&binddn(%0)}%0" ":"
+
+# A search filter containing `uid=' is rewritten only
+# if an appropriate DN is bound.
+# To do this, in the first rule the bound DN is
+# dereferenced, while the filter is decomposed in a
+# prefix, in the value of the `uid=<arg>' AVA, and
+# in a suffix. A tag `<>' is appended to the DN.
+# If the DN refers to an entry in the `ou=admin' subtree,
+# the filter is rewritten OR-ing the `uid=<arg>' with
+# `cn=<arg>'; otherwise it is left as is. This could be
+# useful, for instance, to allow apache's auth_ldap-1.4
+# module to authenticate users with both `uid' and
+# `cn', but only if the request comes from a possible
+# `cn=Web auth,ou=admin,dc=home,dc=net' user.
+rewriteContext searchFilter
+rewriteRule "(.*\e\e()uid=([a-z0-9_]+)(\e\e).*)"
+ "%{**binddn}<>%{&prefix(%1)}%{&arg(%2)}%{&suffix(%3)}"
+ ":I"
+rewriteRule "[^,]+,ou=admin,dc=home,dc=net"
+ "%{*prefix}|(uid=%{*arg})(cn=%{*arg})%{*suffix}" ":@I"
+rewriteRule ".*<>" "%{*prefix}uid=%{*arg}%{*suffix}" ":"
+
+# This example shows how to strip unwanted DN-valued
+# attribute values from a search result; the first rule
+# matches DN values below "ou=People,dc=example,dc=com";
+# in case of match the rewriting exits successfully.
+# The second rule matches everything else and causes
+# the value to be rejected.
+rewriteContext searchResult
+rewriteRule ".*,ou=People,dc=example,dc=com" "%0" ":@"
+rewriteRule ".*" "" "#"
+.fi
+.SH "LDAP Proxy resolution (a possible evolution of slapd\-ldap(5)):"
+In case the rewritten DN is an LDAP URI, the operation is initiated
+towards the host[:port] indicated in the uri, if it does not refer
+to the local server.
+E.g.:
+.LP
+.nf
+ rewriteRule '^cn=root,.*' '%0' 'G{3}'
+ rewriteRule '^cn=[a-l].*' 'ldap://ldap1.my.org/%0' ':@'
+ rewriteRule '^cn=[m-z].*' 'ldap://ldap2.my.org/%0' ':@'
+ rewriteRule '.*' 'ldap://ldap3.my.org/%0' ':@'
+.fi
+.LP
+(Rule 1 is simply there to illustrate the `G{n}' action; it could have
+been written:
+.LP
+.nf
+ rewriteRule '^cn=root,.*' 'ldap://ldap3.my.org/%0' ':@'
+.fi
+.LP
+with the advantage of saving one rewrite pass ...)
+
+.SH ACCESS CONTROL
+The
+.B meta
+backend does not honor all ACL semantics as described in
+.BR slapd.access (5).
+In general, access checking is delegated to the remote server(s).
+Only
+.B read (=r)
+access to the
+.B entry
+pseudo-attribute and to the other attribute values of the entries
+returned by the
+.B search
+operation is honored, which is performed by the frontend.
+
+.SH PROXY CACHE OVERLAY
+The proxy cache overlay
+allows caching of LDAP search requests (queries) in a local database.
+See
+.BR slapo-pcache (5)
+for details.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd\-ldap (5),
+.BR slapo\-pcache (5),
+.BR slapd (8),
+.BR regex (7),
+.BR re_format (7).
+.SH AUTHOR
+Pierangelo Masarati, based on back-ldap by Howard Chu
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-monitor.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-monitor.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-monitor.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,125 @@
+.TH SLAPD-MONITOR 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-monitor.5,v 1.4.2.6 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+.B slapd-monitor
+\- Monitor backend to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.B monitor
+backend to
+.BR slapd (8)
+is not an actual database; if enabled, it is automatically generated
+and dynamically maintained by
+.B slapd
+with information about the running status of the daemon.
+.LP
+To inspect all monitor information, issue a subtree search with base
+cn=Monitor, requesting that attributes "+" and "*" are returned.
+The monitor backend produces mostly operational attributes, and LDAP
+only returns operational attributes that are explicitly requested.
+Requesting attribute "+" is an extension which requests all operational
+attributes.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the
+.B monitor
+backend database.
+That is, they must follow a "database monitor" line and come before any
+subsequent "backend" or "database" lines.
+.LP
+As opposed to most databases, the
+.B monitor
+database can be instantiated only once, i.e. only one occurrence
+of "database monitor" can occur in the
+.BR slapd.conf (5)
+file.
+Moreover, the suffix of the database cannot be explicitly set by means
+of the
+.B suffix
+directive.
+The suffix is automatically set
+to "\fIcn=Monitor\fP".
+.LP
+The
+.B monitor
+database honors the
+.B rootdn
+and the
+.B rootpw
+directives, and the usual ACL directives, e.g. the
+.B access
+directive.
+.\".LP
+.\"The following directives can be used:
+.\".TP
+.\".BI l \ <locality>
+.\"The additional argument \fI<locality>\fP,
+.\"a string, is added to the "\fIcn=Monitor\fP" entry as value of the
+.\".B l
+.\"attribute (Note: this may be subjected to changes).
+.LP
+Other database options are described in the
+.BR slapd.conf (5)
+manual page.
+.SH USAGE
+The usage is:
+.TP
+1) enable the \fBmonitor\fP backend at configure:
+.LP
+.RS
+.nf
+configure --enable-monitor
+.fi
+.RE
+.TP
+2) activate the \fBmonitor\fP database in the \fBslapd.conf\fP(5) file:
+.LP
+.RS
+.nf
+database monitor
+.fi
+.RE
+.TP
+3) add ACLs as detailed in \fBslapd.access\fP(5) to control access to the database, e.g.:
+.LP
+.RS
+.nf
+access to dn.subtree="cn=Monitor"
+ by dn.exact="uid=Admin,dc=my,dc=org" write
+ by users read
+ by * none
+.fi
+.RE
+.TP
+4) ensure that the \fBcore.schema\fP file is loaded.
+The
+.B monitor
+backend relies on some standard track attributeTypes
+that must be already defined when the backend is started.
+.SH ACCESS CONTROL
+The
+.B monitor
+backend honors access control semantics as indicated in
+.BR slapd.access (5),
+including the
+.B disclose
+access privilege, on all currently implemented operations.
+.SH KNOWN LIMITATIONS
+The
+.B monitor
+backend does not honor size/time limits in search operations.
+.SH FILES
+.TP
+.B ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd.access (5),
+.BR slapd (8),
+.BR ldap (3).
+
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-null.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-null.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-null.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,66 @@
+.TH SLAPD-NULL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2002-2007 The OpenLDAP Foundation. All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-null.5,v 1.5.4.5 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapd-null \- Null backend to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The Null backend to
+.BR slapd (8)
+is surely the most useful part of
+.BR slapd :
+.br
+- Searches return success but no entries.
+.br
+- Compares return compareFalse.
+.br
+- Updates return success (unless readonly is on) but do nothing.
+.br
+- Binds fail unless the database option "bind on" is given.
+.br
+- The
+.BR slapadd (8)
+and
+.BR slapcat (8)
+tools are equally exciting.
+.br
+Inspired by the /dev/null device.
+.SH CONFIGURATION
+This
+.B slapd.conf
+option applies to the NULL backend database.
+That is, it must follow a "database null" line and come before
+any subsequent "database" lines.
+Other database options are described in the
+.BR slapd.conf (5)
+manual page.
+.TP
+.B bind <on/off>
+Allow binds as DNs in this backend's suffix.
+The default is "off".
+.SH EXAMPLE
+Here is a possible slapd.conf extract using the Null backend:
+.LP
+.RS
+.nf
+database null
+suffix "cn=Nothing"
+bind on
+.fi
+.RE
+.SH ACCESS CONTROL
+The
+.B null
+backend does not honor any of the access control semantics described in
+.BR slapd.access (5).
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8),
+.BR slapadd (8),
+.BR slapcat (8).
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-passwd.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-passwd.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-passwd.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,56 @@
+.TH SLAPD-PASSWD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-passwd.5,v 1.8.2.5 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapd-passwd \- /etc/passwd backend to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The PASSWD backend to
+.BR slapd (8)
+serves up the user account information listed in the system
+.BR passwd (5)
+file. This backend is provided for demonstration purposes only.
+The DN of each entry is "uid=<username>,<suffix>".
+Note that non-base searches scan the the entire passwd file, and
+are best suited for hosts with small passwd files.
+.SH CONFIGURATION
+This
+.B slapd.conf
+option applies to the PASSWD backend database.
+That is, it must follow a "database passwd" line and come before any
+subsequent "backend" or "database" lines.
+Other database options are described in the
+.BR slapd.conf (5)
+manual page.
+.TP
+.B file <filename>
+Specifies an alternate passwd file to use.
+The default is
+.BR /etc/passwd .
+.SH ACCESS CONTROL
+The
+.B passwd
+backend does not honor any of the access control semantics described in
+.BR slapd.access (5).
+Only
+.B read (=r)
+access to the
+.B entry
+pseudo-attribute and to the other attribute values of the entries
+returned by the
+.B search
+operation is honored, which is performed by the frontend.
+
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.TP
+/etc/passwd
+user account information
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8),
+.BR passwd (5).
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-perl.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-perl.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-perl.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,189 @@
+.TH SLAPD-PERL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-perl.5,v 1.5.4.2 2005/07/10 04:36:40 kurt Exp $
+.SH NAME
+slapd-perl \- Perl backend to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The Perl backend to
+.BR slapd (8)
+works by embedding a
+.BR perl (1)
+interpreter into
+.BR slapd (8).
+Any perl database section of the configuration file
+.BR slapd.conf (5)
+must then specify what Perl module to use.
+.B Slapd
+then creates a new Perl object that handles all the requests for that
+particular instance of the backend.
+.LP
+You will need to create a method for each one of the
+following actions:
+.LP
+.nf
+ * new # creates a new object,
+ * search # performs the ldap search,
+ * compare # does a compare,
+ * modify # modifies an entry,
+ * add # adds an entry to backend,
+ * modrdn # modifies an entry's rdn,
+ * delete # deletes an ldap entry,
+ * config # process unknown config file lines,
+ * init # called after backend is initialized.
+.fi
+.LP
+Unless otherwise specified, the methods return the result code
+which will be returned to the client. Unimplemented actions
+can just return unwillingToPerform (53).
+.TP
+.B new
+This method is called when the configuration file encounters a
+.B perlmod
+line.
+The module in that line is then effectively `use'd into the perl
+interpreter, then the \fBnew\fR method is called to create a new
+object.
+Note that multiple instances of that object may be instantiated, as
+with any perl object.
+.\" .LP
+The
+.B new
+method receives the class name as argument.
+.TP
+.B search
+This method is called when a search request comes from a client.
+It arguments are as follows:
+.nf
+ * object reference
+ * base DN
+ * scope
+ * alias dereferencing policy
+ * size limit
+ * time limit
+ * filter string
+ * attributes only flag (1 for yes)
+ * list of attributes to return (may be empty)
+.fi
+.LP
+Return value: (resultcode, ldif-entry, ldif-entry, ...)
+.TP
+.B compare
+This method is called when a compare request comes from a client.
+Its arguments are as follows.
+.nf
+ * object reference
+ * dn
+ * attribute assertion string
+.fi
+.LP
+.TP
+.B modify
+This method is called when a modify request comes from a client.
+Its arguments are as follows.
+.nf
+ * object reference
+ * dn
+ * a list formatted as follows
+ ({ "ADD" | "DELETE" | "REPLACE" },
+ attributetype, value...)...
+.fi
+.LP
+.TP
+.B add
+This method is called when a add request comes from a client.
+Its arguments are as follows.
+.nf
+ * object reference
+ * entry in string format
+.fi
+.LP
+.TP
+.B modrdn
+This method is called when a modrdn request comes from a client.
+Its arguments are as follows.
+.nf
+ * object reference
+ * dn
+ * new rdn
+ * delete old dn flag (1 means yes)
+.fi
+.LP
+.TP
+.B delete
+This method is called when a delete request comes from a client.
+Its arguments are as follows.
+.nf
+ * object reference
+ * dn
+.fi
+.LP
+.TP
+.B config
+This method is called with unknown
+.BR slapd.conf (5)
+configuration file lines.
+Its arguments are as follows.
+.nf
+ * object reference
+ * array of arguments on line
+.fi
+.LP
+Return value: nonzero if this is not a valid option.
+.TP
+.B init
+This method is called after backend is initialized.
+Its argument is as follows.
+.nf
+ * object reference
+.fi
+.LP
+Return value: nonzero if initialization failed.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the PERL backend database.
+That is, they must follow a "database perl" line and come before any
+subsequent "backend" or "database" lines.
+Other database options are described in the
+.BR slapd.conf (5)
+manual page.
+.TP
+.B perlModulePath /path/to/libs
+Add the path to the @INC variable.
+.TP
+.B perlModule ModName
+`Use' the module name ModName from ModName.pm
+.TP
+.B filterSearchResults
+Search results are candidates that need to be filtered (with the
+filter in the search request), rather than search results to be
+returned directly to the client.
+.SH EXAMPLE
+There is an example Perl module `SampleLDAP' in the slapd/back-perl/
+directory in the OpenLDAP source tree.
+.SH ACCESS CONTROL
+The
+.B passwd
+backend does not honor any of the access control semantics described in
+.BR slapd.access (5);
+all access control is delegated to the underlying PERL scripting.
+Only
+.B read (=r)
+access to the
+.B entry
+pseudo-attribute and to the other attribute values of the entries
+returned by the
+.B search
+operation is honored, which is performed by the frontend.
+.SH WARNING
+The interface of this backend to the perl module MAY change.
+Any suggestions would greatly be appreciated.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8),
+.BR perl (1).
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-relay.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-relay.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-relay.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,199 @@
+.TH SLAPD-RELAY 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.SH NAME
+slapd-relay \- relay backend to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The primary purpose of this
+.BR slapd (8)
+backend is to map a naming context defined in a database
+running in the same
+.BR slapd (8)
+instance into a virtual naming context, with attributeType
+and objectClass manipulation, if required.
+It requires the
+.B rwm
+.BR overlay .
+.LP
+This backend and the above mentioned overlay are experimental.
+.SH CONFIGURATION
+The following
+.B slapd.conf
+directives apply to the relay backend database.
+That is, they must follow a "database relay" line and come before any
+subsequent "backend" or "database" lines.
+Other database options are described in the
+.BR slapd.conf (5)
+manual page; only the
+.B suffix
+directive is required by the
+.I relay
+backend.
+.TP
+.B relay <real naming context> [massage]
+The naming context of the database that is presented
+under a virtual naming context.
+The presence of this directive implies that one specific database,
+i.e. the one serving the
+.BR "real naming context" ,
+will be presented under a virtual naming context.
+This directive automatically instantiates the
+.IR "rwm overlay" .
+If the optional
+.B massage
+keyword is present, the suffix massaging is automatically
+configured as well; otherwise, specific massaging instructions
+are required by means of the
+.I rewrite
+directives described in
+.BR slapo-rwm (5).
+
+.SH ACCESS RULES
+One important issue is that access rules are based on the identity
+that issued the operation.
+After massaging from the virtual to the real naming context, the
+frontend sees the operation as performed by the identity in the
+real naming context.
+Moreover, since
+.B back-relay
+bypasses the real database frontend operations by short-circuiting
+operations thru the internal backend API, the original database
+access rules do not apply but in selected cases, i.e. when the
+backend itself applies access control.
+As a consequence, the instances of the relay database must provide
+own access rules that are consistent with those of the original
+database, possibly adding further specific restrictions.
+So, access rules in the
+.B relay
+database must refer to identities in the real naming context.
+Examples are reported in the EXAMPLES section.
+
+.SH SCENARIOS
+.LP
+If no
+.B relay
+directive is given, the
+.I relay
+database does not refer to any specific database, but the most
+appropriate one is looked-up after rewriting the request DN
+for the operation that is being handled.
+.LP
+This allows to write carefully crafted rewrite rules that
+cause some of the requests to be directed to one database, and
+some to another; e.g., authentication can be mapped to one
+database, and searches to another, or different target databases
+can be selected based on the DN of the request, and so.
+.LP
+Another possibility is to map the same operation to different
+databases based on details of the virtual naming context,
+e.g. groups on one database and persons on another.
+.LP
+.SH Caveats
+The
+.B rwm overlay
+is experimental.
+.LP
+.SH EXAMPLES
+To implement a plain virtual naming context mapping
+that refers to a single database, use
+.LP
+.nf
+ database relay
+ suffix "dc=virtual,dc=naming,dc=context"
+ relay "dc=real,dc=naming,dc=context" massage
+.fi
+.LP
+To implement a plain virtual naming context mapping
+that looks up the real naming context for each operation, use
+.LP
+.nf
+ database relay
+ suffix "dc=virtual,dc=naming,dc=context"
+ overlay rwm
+ suffixmassage "dc=real,dc=naming,dc=context"
+.fi
+.LP
+This is useful, for instance, to relay different databases that
+share the terminal portion of the naming context (the one that
+is rewritten).
+.LP
+To implement the old-fashioned suffixalias, e.g. mapping
+the virtual to the real naming context, but not the results
+back from the real to the virtual naming context, use
+.LP
+.nf
+ database relay
+ suffix "dc=virtual,dc=naming,dc=context"
+ relay "dc=real,dc=naming,dc=context"
+ rewriteEngine on
+ rewriteContext default
+ rewriteRule "dc=virtual,dc=naming,dc=context"
+ "dc=real,dc=naming,dc=context" ":@"
+ rewriteContext searchFilter
+ rewriteContext searchEntryDN
+ rewriteContext searchAttrDN
+ rewriteContext matchedDN
+.fi
+.LP
+Note that the virtual database is bound to a single real database,
+so the
+.B rwm overlay
+is automatically instantiated, but the rewrite rules
+are written explicitly to map all the virtual to real
+naming context data flow, but none of the real to virtual.
+.LP
+Access rules:
+.LP
+.nf
+ database bdb
+ suffix "dc=example,dc=com"
+ # skip...
+ access to dn.subtree="dc=example,dc=com"
+ by dn.exact="cn=Supervisor,dc=example,dc=com" write
+ by * read
+
+ database relay
+ suffix "o=Example,c=US"
+ relay "dc=example,dc=com" massage
+ # skip ...
+ access to dn.subtree="o=Example,c=US"
+ by dn.exact="cn=Supervisor,dc=example,dc=com" write
+ by dn.exact="cn=Relay Supervisor,dc=example,dc=com" write
+ by * read
+.fi
+.LP
+Note that, in both databases, the identities (the
+.B <who>
+clause) are in the
+.BR "real naming context" ,
+i.e.
+.BR "`dc=example,dc=com'" ,
+while the targets (the
+.B <what>
+clause) are in the
+.B real
+and in the
+.BR "virtual naming context" ,
+respectively.
+.SH ACCESS CONTROL
+The
+.B relay
+backend does not honor any of the access control semantics described in
+.BR slapd.access (5);
+all access control is delegated to the relayed database(s).
+Only
+.B read (=r)
+access to the
+.B entry
+pseudo-attribute and to the other attribute values of the entries
+returned by the
+.B search
+operation is honored, which is performed by the frontend.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapo-rwm (5),
+.BR slapd (8).
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-shell.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-shell.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-shell.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,237 @@
+.TH SLAPD-SHELL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-shell.5,v 1.13.2.6 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapd-shell \- Shell backend to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The Shell backend to
+.BR slapd (8)
+executes external programs to implement operations, and is designed to
+make it easy to tie an existing database to the
+.B slapd
+front-end.
+.LP
+This backend is is primarily intended to be used in prototypes.
+.SH WARNING
+The
+.B abandon
+shell command has been removed since OpenLDAP 2.1.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the SHELL backend database.
+That is, they must follow a "database shell" line and come before any
+subsequent "backend" or "database" lines.
+Other database options are described in the
+.BR slapd.conf (5)
+manual page.
+.LP
+These options specify the pathname and arguments of the program to
+execute in response to the given LDAP operation.
+Each option is followed by the input lines that the program receives:
+.TP
+.B add <pathname> <argument>...
+.nf
+ADD
+msgid: <message id>
+<repeat { "suffix:" <database suffix DN> }>
+<entry in LDIF format>
+.fi
+.TP
+.B bind <pathname> <argument>...
+.nf
+BIND
+msgid: <message id>
+<repeat { "suffix:" <database suffix DN> }>
+dn: <DN>
+method: <method number>
+credlen: <length of <credentials>>
+cred: <credentials>
+.fi
+.TP
+.B compare <pathname> <argument>...
+.nf
+COMPARE
+msgid: <message id>
+<repeat { "suffix:" <database suffix DN> }>
+dn: <DN>
+<attribute>: <value>
+.fi
+.TP
+.B delete <pathname> <argument>...
+.nf
+DELETE
+msgid: <message id>
+<repeat { "suffix:" <database suffix DN> }>
+dn: <DN>
+.fi
+.TP
+.B modify <pathname> <argument>...
+.nf
+MODIFY
+msgid: <message id>
+<repeat { "suffix:" <database suffix DN> }>
+dn: <DN>
+<repeat {
+ <"add"/"delete"/"replace">: <attribute>
+ <repeat { <attribute>: <value> }>
+ -
+}>
+.fi
+.TP
+.B modrdn <pathname> <argument>...
+.nf
+MODRDN
+msgid: <message id>
+<repeat { "suffix:" <database suffix DN> }>
+dn: <DN>
+newrdn: <new RDN>
+deleteoldrdn: <0 or 1>
+<if new superior is specified: "newSuperior: <DN>">
+.fi
+.TP
+.B search <pathname> <argument>...
+.nf
+SEARCH
+msgid: <message id>
+<repeat { "suffix:" <database suffix DN> }>
+base: <base DN>
+scope: <0-2, see ldap.h>
+deref: <0-3, see ldap.h>
+sizelimit: <size limit>
+timelimit: <time limit>
+filter: <filter>
+attrsonly: <0 or 1>
+attrs: <"all" or space-separated attribute list>
+.fi
+.TP
+.B unbind <pathname> <argument>...
+.nf
+UNBIND
+msgid: <message id>
+<repeat { "suffix:" <database suffix DN> }>
+dn: <bound DN>
+.fi
+.LP
+Note that you need only supply configuration lines for those commands you
+want the backend to handle.
+Operations for which a command is not supplied will be refused with an
+"unwilling to perform" error.
+.LP
+The \fBsearch\fP command should output the entries in LDIF format,
+each entry followed by a blank line, and after these the RESULT below.
+.LP
+All commands except \fBunbind\fP should then output:
+.RS
+.nf
+RESULT
+code: <integer>
+matched: <matched DN>
+info: <text>
+.fi
+.RE
+where only the RESULT line is mandatory.
+Lines starting with `#' or `DEBUG:' are ignored.
+.SH ACCESS CONTROL
+The
+.B shell
+backend does not honor all ACL semantics as described in
+.BR slapd.access (5).
+In general, access to objects is checked by using a dummy object
+that contains only the DN, so access rules that rely on the contents
+of the object are not honored.
+In detail:
+.LP
+The
+.B add
+operation does not require
+.B write (=w)
+access to the
+.B children
+pseudo-attribute of the parent entry.
+.LP
+The
+.B bind
+operation requires
+.B auth (=x)
+access to the
+.B entry
+pseudo-attribute of the entry whose identity is being assessed;
+.B auth (=x)
+access to the credentials is not checked, but rather delegated
+to the underlying shell script.
+.LP
+The
+.B compare
+operation requires
+.B read (=r)
+access (FIXME: wouldn't
+.B compare (=c)
+be a more appropriate choice?)
+to the
+.B entry
+pseudo-attribute
+of the object whose value is being asserted;
+.B compare (=c)
+access to the attribute whose value is being asserted is not checked.
+.LP
+The
+.B delete
+operation does not require
+.B write (=w)
+access to the
+.B children
+pseudo-attribute of the parent entry.
+.LP
+The
+.B modify
+operation requires
+.B write (=w)
+access to the
+.B entry
+pseudo-attribute;
+.B write (=w)
+access to the specific attributes that are modified is not checked.
+.LP
+The
+.B modrdn
+operation does not require
+.B write (=w)
+access to the
+.B children
+pseudo-attribute of the parent entry, nor to that of the new parent,
+if different;
+.B write (=w)
+access to the distinguished values of the naming attributes
+is not checked.
+.LP
+The
+.B search
+operation does not require
+.B search (=s)
+access to the
+.B entry
+pseudo_attribute of the searchBase;
+.B search (=s)
+access to the attributes and values used in the filter is not checked.
+
+.SH EXAMPLE
+There is an example search script in the slapd/back-shell/ directory
+in the OpenLDAP source tree.
+.SH LIMITATIONS
+The shell backend does not support threaded environments.
+When using the shell backend,
+.BR slapd (8)
+should be built
+.IR --without-threads .
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8),
+.BR sh (1).
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-sql.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-sql.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-sql.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,685 @@
+.TH SLAPD-SQL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-sql.5,v 1.16.2.7 2007/03/05 18:39:51 ando Exp $
+.SH NAME
+slapd-sql \- SQL backend to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The primary purpose of this
+.BR slapd (8)
+backend is to PRESENT information stored in some RDBMS as an LDAP subtree
+without any programming (some SQL and maybe stored procedures can't be
+considered programming, anyway ;).
+.LP
+That is, for example, when you (some ISP) have account information you
+use in an RDBMS, and want to use modern solutions that expect such
+information in LDAP (to authenticate users, make email lookups etc.).
+Or you want to synchronize or distribute information between different
+sites/applications that use RDBMSes and/or LDAP.
+Or whatever else...
+.LP
+It is NOT designed as a general-purpose backend that uses RDBMS instead
+of BerkeleyDB (as the standard BDB backend does), though it can be
+used as such with several limitations.
+You can take a look at
+.B http://www.openldap.org/faq/index.cgi?file=378
+(OpenLDAP FAQ-O-Matic/General LDAP FAQ/Directories vs. conventional
+databases) to find out more on this point.
+.LP
+The idea (detailed below) is to use some metainformation to translate
+LDAP queries to SQL queries, leaving relational schema untouched, so
+that old applications can continue using it without any
+modifications.
+This allows SQL and LDAP applications to inter-operate without
+replication, and exchange data as needed.
+.LP
+The SQL backend is designed to be tunable to virtually any relational
+schema without having to change source (through that metainformation
+mentioned).
+Also, it uses ODBC to connect to RDBMSes, and is highly configurable
+for SQL dialects RDBMSes may use, so it may be used for integration
+and distribution of data on different RDBMSes, OSes, hosts etc., in
+other words, in highly heterogeneous environment.
+.LP
+This backend is \fIexperimental\fP.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the SQL backend database, which means that
+they must follow a "database sql" line and come before any
+subsequent "backend" or "database" lines.
+Other database options not specific to this backend are described
+in the
+.BR slapd.conf (5)
+manual page.
+.SH DATA SOURCE CONFIGURATION
+
+.TP
+.B dbname <datasource name>
+The name of the ODBC datasource to use.
+.LP
+.B dbhost <hostname>
+.br
+.B dbpasswd <password>
+.br
+.B dbuser <username>
+.RS
+The three above options are generally unneeded, because this information
+is taken from the datasource specified by the
+.B dbname
+directive.
+They allow to override datasource settings.
+Also, several RDBMS' drivers tend to require explicit passing of user/password,
+even if those are given in datasource (Note:
+.B dbhost
+is currently ignored).
+.RE
+.SH SCOPING CONFIGURATION
+These options specify SQL query templates for scoping searches.
+
+.TP
+.B subtree_cond <SQL expression>
+Specifies a where-clause template used to form a subtree search condition
+(dn="(.+,)?<dn>$").
+It may differ from one SQL dialect to another (see samples).
+By default, it is constructed based on the knowledge about
+how to normalize DN values (e.g.
+\fB"<upper_func>(ldap_entries.dn) LIKE CONCAT('%',?)"\fP);
+see \fBupper_func\fP, \fBupper_needs_cast\fP, \fBconcat_pattern\fP
+and \fBstrcast_func\fP in "HELPER CONFIGURATION" for details.
+
+.TP
+.B children_cond <SQL expression>
+Specifies a where-clause template used to form a children search condition
+(dn=".+,<dn>$").
+It may differ from one SQL dialect to another (see samples).
+By default, it is constructed based on the knowledge about
+how to normalize DN values (e.g.
+\fB"<upper_func>(ldap_entries.dn) LIKE CONCAT('%,',?)"\fP);
+see \fBupper_func\fP, \fBupper_needs_cast\fP, \fBconcat_pattern\fP
+and \fBstrcast_func\fP in "HELPER CONFIGURATION" for details.
+
+.TP
+.B use_subtree_shortcut { YES | no }
+Do not use the subtree condition when the searchBase is the database
+suffix, and the scope is subtree; rather collect all entries.
+
+.RE
+.SH STATEMENT CONFIGURATION
+These options specify SQL query templates for loading schema mapping
+metainformation, adding and deleting entries to ldap_entries, etc.
+All these and subtree_cond should have the given default values.
+For the current value it is recommended to look at the sources,
+or in the log output when slapd starts with "-d 5" or greater.
+Note that the parameter number and order must not be changed.
+
+.TP
+.B oc_query <SQL expression>
+The query that is used to collect the objectClass mapping data
+from table \fIldap_oc_mappings\fP; see "METAINFORMATION USED" for details.
+The default is
+\fB"SELECT id, name, keytbl, keycol, create_proc, delete_proc, expect_return
+FROM ldap_oc_mappings"\fP.
+
+.TP
+.B at_query <SQL expression>
+The query that is used to collect the attributeType mapping data
+from table \fIldap_attr_mappings\fP; see "METAINFORMATION USED" for details.
+The default is
+\fB"SELECT name, sel_expr, from_tbls, join_where, add_proc, delete_proc,
+param_order, expect_return FROM ldap_attr_mappings WHERE oc_map_id=?"\fP.
+
+.TP
+.B id_query <SQL expression>
+The query that is used to map a DN to an entry
+in table \fIldap_entries\fP; see "METAINFORMATION USED" for details.
+The default is
+\fB"SELECT id,keyval,oc_map_id,dn FROM ldap_entries WHERE <DN match expr>"\fP,
+where \fB<DN match expr>\fP is constructed based on the knowledge about
+how to normalize DN values (e.g. \fB"dn=?"\fP if no means to uppercase
+strings are available; typically, \fB"<upper_func>(dn)=?"\fP is used);
+see \fBupper_func\fP, \fBupper_needs_cast\fP, \fBconcat_pattern\fP
+and \fBstrcast_func\fP in "HELPER CONFIGURATION" for details.
+
+.TP
+.B insentry_stmt <SQL expression>
+The statement that is used to insert a new entry
+in table \fIldap_entries\fP; see "METAINFORMATION USED" for details.
+The default is
+\fB"INSERT INTO ldap_entries (dn, oc_map_id, parent, keyval) VALUES
+(?, ?, ?, ?)"\fP.
+
+.TP
+.B delentry_stmt <SQL expression>
+The statement that is used to delete an existing entry
+from table \fIldap_entries\fP; see "METAINFORMATION USED" for details.
+The default is
+\fB"DELETE FROM ldap_entries WHERE id=?"\fP.
+
+.TP
+.B delobjclasses_stmt <SQL expression>
+The statement that is used to delete an existing entry's ID
+from table \fIldap_objclasses\fP; see "METAINFORMATION USED" for details.
+The default is
+\fB"DELETE FROM ldap_entry_objclasses WHERE entry_id=?"\fP.
+
+.RE
+.SH HELPER CONFIGURATION
+These statements are used to modify the default behavior of the backend
+according to issues of the dialect of the RDBMS.
+The first options essentially refer to string and DN normalization
+when building filters.
+LDAP normalization is more than upper- (or lower-)casing everything;
+however, as a reasonable trade-off, for case-sensitive RDBMSes the backend
+can be instructed to uppercase strings and DNs by providing
+the \fBupper_func\fP directive.
+Some RDBMSes, to use functions on arbitrary data types, e.g. string
+constants, requires a cast, which is triggered
+by the \fBupper_needs_cast\fP directive.
+If required, a string cast function can be provided as well,
+by using the \fBstrcast_func\fP directive.
+Finally, a custom string concatenation pattern may be required;
+it is provided by the \fBconcat_pattern\fP directive.
+
+.TP
+.B upper_func <SQL function name>
+Specifies the name of a function that converts a given value to uppercase.
+This is used for case insensitive matching when the RDBMS is case sensitive.
+It may differ from one SQL dialect to another (e.g. \fBUCASE\fP, \fBUPPER\fP
+or whatever; see samples). By default, none is used, i.e. strings are not
+uppercased, so matches may be case sensitive.
+
+.TP
+.B upper_needs_cast { NO | yes }
+Set this directive to
+.B yes
+if
+.B upper_func
+needs an explicit cast when applied to literal strings.
+A cast in the form
+.B CAST (<arg> AS VARCHAR(<max DN length>))
+is used, where
+.B <max DN length>
+is builtin in back-sql; see macro
+.B BACKSQL_MAX_DN_LEN
+(currently 255; note that slapd's builtin limit, in macro
+.BR SLAP_LDAPDN_MAXLEN ,
+is set to 8192).
+This is \fIexperimental\fP and may change in future releases.
+
+.TP
+.B strcast_func <SQL function name>
+Specifies the name of a function that converts a given value to a string
+for appropriate ordering. This is used in "SELECT DISTINCT" statements
+for strongly typed RDBMSes with little implicit casting (like PostgreSQL),
+when a literal string is specified.
+This is \fIexperimental\fP and may change in future releases.
+
+.TP
+.B concat_pattern <pattern>
+This statement defines the
+.B pattern
+that is used to concatenate strings. The
+.B pattern
+MUST contain two question marks, '?', that will be replaced
+by the two strings that must be concatenated. The default value is
+.BR "CONCAT(?,?)";
+a form that is known to be highly portable (IBM db2, PostgreSQL) is
+.BR "?||?",
+but an explicit cast may be required when operating on literal strings:
+.BR "CAST(?||? AS VARCHAR(<length>))".
+On some RDBMSes (IBM db2, MSSQL) the form
+.B "?+?"
+is known to work as well.
+Carefully check the documentation of your RDBMS or stay with the examples
+for supported ones.
+This is \fIexperimental\fP and may change in future releases.
+
+.TP
+.B aliasing_keyword <string>
+Define the aliasing keyword. Some RDBMSes use the word "\fIAS\fP"
+(the default), others don't use any.
+
+.TP
+.B aliasing_quote <string>
+Define the quoting char of the aliasing keyword. Some RDBMSes
+don't require any (the default), others may require single
+or double quotes.
+
+.TP
+.B has_ldapinfo_dn_ru { NO | yes }
+Explicitly inform the backend whether the dn_ru column
+(DN in reverse uppercased form) is present in table \fIldap_entries\fP.
+Overrides automatic check (this is required, for instance,
+by PostgreSQL/unixODBC).
+This is \fIexperimental\fP and may change in future releases.
+
+.TP
+.B fail_if_no_mapping { NO | yes }
+When set to
+.B yes
+it forces \fIattribute\fP write operations to fail if no appropriate
+mapping between LDAP attributes and SQL data is available.
+The default behavior is to ignore those changes that cannot be mapped.
+It has no impact on objectClass mapping, i.e. if the
+.I structuralObjectClass
+of an entry cannot be mapped to SQL by looking up its name
+in ldap_oc_mappings, an
+.I add
+operation will fail regardless of the
+.B fail_if_no_mapping
+switch; see section "METAINFORMATION USED" for details.
+This is \fIexperimental\fP and may change in future releases.
+
+.TP
+.B allow_orphans { NO | yes }
+When set to
+.B yes
+orphaned entries (i.e. without the parent entry in the database)
+can be added. This option should be used with care, possibly
+in conjunction with some special rule on the RDBMS side that
+dynamically creates the missing parent.
+
+.TP
+.B baseObject [ <filename> ]
+Instructs the database to create and manage an in-memory baseObject
+entry instead of looking for one in the RDBMS.
+If the (optional)
+.B <filename>
+argument is given, the entry is read from that file in
+.BR LDIF (5)
+format; otherwise, an entry with objectClass \fBextensibleObject\fP
+is created based on the contents of the RDN of the \fIbaseObject\fP.
+This is particularly useful when \fIldap_entries\fP
+information is stored in a view rather than in a table, and
+.B union
+is not supported for views, so that the view can only specify
+one rule to compute the entry structure for one objectClass.
+This topic is discussed further in section "METAINFORMATION USED".
+This is \fIexperimental\fP and may change in future releases.
+
+.TP
+.B create_needs_select { NO | yes }
+Instructs the database whether or not entry creation
+in table \fIldap_entries\fP needs a subsequent select to collect
+the automatically assigned ID, instead of being returned
+by a stored procedure.
+
+.LP
+.B fetch_attrs <attrlist>
+.br
+.B fetch_all_attrs { NO | yes }
+.RS
+The first statement allows to provide a list of attributes that
+must always be fetched in addition to those requested by any specific
+operation, because they are required for the proper usage of the
+backend. For instance, all attributes used in ACLs should be listed
+here. The second statement is a shortcut to require all attributes
+to be always loaded. Note that the dynamically generated attributes,
+e.g. \fIhasSubordinates\fP, \fIentryDN\fP and other implementation
+dependent attributes are \fBNOT\fP generated at this point, for
+consistency with the rest of slapd. This may change in the future.
+.RE
+
+.TP
+.B check_schema { YES | no }
+Instructs the database to check schema adherence of entries after
+modifications, and structural objectClass chain when entries are built.
+By default it is set to
+.BR yes .
+
+.TP
+.B sqllayer <name> [...]
+Loads the layer \fB<name>\fP onto a stack of helpers that are used
+to map DNs from LDAP to SQL representation and vice-versa.
+Subsequent args are passed to the layer configuration routine.
+This is \fIhighly experimental\fP and should be used with extreme care.
+The API of the layers is not frozen yet, so it is unpublished.
+
+.SH METAINFORMATION USED
+.LP
+Almost everything mentioned later is illustrated in examples located
+in the
+.B servers/slapd/back-sql/rdbms_depend/
+directory in the OpenLDAP source tree, and contains scripts for
+generating sample database for Oracle, MS SQL Server, mySQL and more
+(including PostgreSQL and IBM db2).
+.LP
+The first thing that one must arrange is what set of LDAP
+object classes can present your RDBMS information.
+.LP
+The easiest way is to create an objectClass for each entity you had in
+ER-diagram when designing your relational schema.
+Any relational schema, no matter how normalized it is, was designed
+after some model of your application's domain (for instance, accounts,
+services etc. in ISP), and is used in terms of its entities, not just
+tables of normalized schema.
+It means that for every attribute of every such instance there is an
+effective SQL query that loads its values.
+.LP
+Also you might want your object classes to conform to some of the standard
+schemas like inetOrgPerson etc.
+.LP
+Nevertheless, when you think it out, we must define a way to translate
+LDAP operation requests to (a series of) SQL queries.
+Let us deal with the SEARCH operation.
+.LP
+Example:
+Let's suppose that we store information about persons working in our
+organization in two tables:
+.LP
+.nf
+ PERSONS PHONES
+ ---------- -------------
+ id integer id integer
+ first_name varchar pers_id integer references persons(id)
+ last_name varchar phone
+ middle_name varchar
+ ...
+.fi
+.LP
+(PHONES contains telephone numbers associated with persons).
+A person can have several numbers, then PHONES contains several
+records with corresponding pers_id, or no numbers (and no records in
+PHONES with such pers_id).
+An LDAP objectclass to present such information could look like this:
+.LP
+.nf
+ person
+ -------
+ MUST cn
+ MAY telephoneNumber $ firstName $ lastName
+ ...
+.fi
+.LP
+To fetch all values for cn attribute given person ID, we construct the
+query:
+.LP
+.nf
+ SELECT CONCAT(persons.first_name,' ',persons.last_name)
+ AS cn FROM persons WHERE persons.id=?
+.fi
+.LP
+for telephoneNumber we can use:
+.LP
+.nf
+ SELECT phones.phone AS telephoneNumber FROM persons,phones
+ WHERE persons.id=phones.pers_id AND persons.id=?
+.fi
+.LP
+If we wanted to service LDAP requests with filters like
+(telephoneNumber=123*), we would construct something like:
+.LP
+.nf
+ SELECT ... FROM persons,phones
+ WHERE persons.id=phones.pers_id
+ AND persons.id=?
+ AND phones.phone like '%1%2%3%'
+.fi
+.LP
+(note how the telephoneNumber match is expanded in multiple wildcards
+to account for interspersed ininfluential chars like spaces, dashes
+and so; this occurs by design because telephoneNumber is defined after
+a specially recognized syntax).
+So, if we had information about what tables contain values for each
+attribute, how to join these tables and arrange these values, we could
+try to automatically generate such statements, and translate search
+filters to SQL WHERE clauses.
+.LP
+To store such information, we add three more tables to our schema
+and fill it with data (see samples):
+.LP
+.nf
+ ldap_oc_mappings (some columns are not listed for clarity)
+ ---------------
+ id=1
+ name="person"
+ keytbl="persons"
+ keycol="id"
+.fi
+.LP
+This table defines a mapping between objectclass (its name held in the
+"name" column), and a table that holds the primary key for corresponding
+entities.
+For instance, in our example, the person entity, which we are trying
+to present as "person" objectclass, resides in two tables (persons and
+phones), and is identified by the persons.id column (that we will call
+the primary key for this entity).
+Keytbl and keycol thus contain "persons" (name of the table), and "id"
+(name of the column).
+.LP
+.nf
+ ldap_attr_mappings (some columns are not listed for clarity)
+ -----------
+ id=1
+ oc_map_id=1
+ name="cn"
+ sel_expr="CONCAT(persons.first_name,' ',persons.last_name)"
+ from_tbls="persons"
+ join_where=NULL
+ ************
+ id=<n>
+ oc_map_id=1
+ name="telephoneNumber"
+ sel_expr="phones.phone"
+ from_tbls="persons,phones"
+ join_where="phones.pers_id=persons.id"
+.fi
+.LP
+This table defines mappings between LDAP attributes and SQL queries
+that load their values.
+Note that, unlike LDAP schema, these are not
+.B attribute types
+- the attribute "cn" for "person" objectclass can
+have its values in different tables than "cn" for some other objectclass,
+so attribute mappings depend on objectclass mappings (unlike attribute
+types in LDAP schema, which are indifferent to objectclasses).
+Thus, we have oc_map_id column with link to oc_mappings table.
+.LP
+Now we cut the SQL query that loads values for a given attribute into 3 parts.
+First goes into sel_expr column - this is the expression we had
+between SELECT and FROM keywords, which defines WHAT to load.
+Next is table list - text between FROM and WHERE keywords.
+It may contain aliases for convenience (see examples).
+The last is part of the where clause, which (if it exists at all) expresses the
+condition for joining the table containing values with the table
+containing the primary key (foreign key equality and such).
+If values are in the same table as the primary key, then this column is
+left NULL (as for cn attribute above).
+.LP
+Having this information in parts, we are able to not only construct
+queries that load attribute values by id of entry (for this we could
+store SQL query as a whole), but to construct queries that load id's
+of objects that correspond to a given search filter (or at least part of
+it).
+See below for examples.
+.LP
+.nf
+ ldap_entries
+ ------------
+ id=1
+ dn=<dn you choose>
+ oc_map_id=...
+ parent=<parent record id>
+ keyval=<value of primary key>
+.fi
+.LP
+This table defines mappings between DNs of entries in your LDAP tree,
+and values of primary keys for corresponding relational data.
+It has recursive structure (parent column references id column of the
+same table), which allows you to add any tree structure(s) to your
+flat relational data.
+Having id of objectclass mapping, we can determine table and column
+for primary key, and keyval stores value of it, thus defining the exact
+tuple corresponding to the LDAP entry with this DN.
+.LP
+Note that such design (see exact SQL table creation query) implies one
+important constraint - the key must be an integer.
+But all that I know about well-designed schemas makes me think that it's
+not very narrow ;) If anyone needs support for different types for
+keys - he may want to write a patch, and submit it to OpenLDAP ITS,
+then I'll include it.
+.LP
+Also, several people complained that they don't really need very
+structured trees, and they don't want to update one more table every
+time they add or delete an instance in the relational schema.
+Those people can use a view instead of a real table for ldap_entries, something
+like this (by Robin Elfrink):
+.LP
+.nf
+ CREATE VIEW ldap_entries (id, dn, oc_map_id, parent, keyval)
+ AS
+ SELECT 0, UPPER('o=MyCompany,c=NL'),
+ 3, 0, 'baseObject' FROM unixusers WHERE userid='root'
+ UNION
+ SELECT (1000000000+userid),
+ UPPER(CONCAT(CONCAT('cn=',gecos),',o=MyCompany,c=NL')),
+ 1, 0, userid FROM unixusers
+ UNION
+ SELECT (2000000000+groupnummer),
+ UPPER(CONCAT(CONCAT('cn=',groupnaam),',o=MyCompany,c=NL')),
+ 2, 0, groupnummer FROM groups;
+.fi
+
+.LP
+If your RDBMS does not support
+.B unions
+in views, only one objectClass can be mapped in
+.BR ldap_entries ,
+and the baseObject cannot be created; in this case, see the
+.B baseObject
+directive for a possible workaround.
+
+.LP
+.SH Typical SQL backend operation
+Having metainformation loaded, the SQL backend uses these tables to
+determine a set of primary keys of candidates (depending on search
+scope and filter).
+It tries to do it for each objectclass registered in ldap_objclasses.
+.LP
+Example:
+for our query with filter (telephoneNumber=123*) we would get the following
+query generated (which loads candidate IDs)
+.LP
+.nf
+ SELECT ldap_entries.id,persons.id, 'person' AS objectClass,
+ ldap_entries.dn AS dn
+ FROM ldap_entries,persons,phones
+ WHERE persons.id=ldap_entries.keyval
+ AND ldap_entries.objclass=?
+ AND ldap_entries.parent=?
+ AND phones.pers_id=persons.id
+ AND (phones.phone LIKE '%1%2%3%')
+.fi
+.LP
+(for ONELEVEL search)
+or "... AND dn=?" (for BASE search)
+or "... AND dn LIKE '%?'" (for SUBTREE)
+.LP
+Then, for each candidate, we load the requested attributes using
+per-attribute queries like
+.LP
+.nf
+ SELECT phones.phone AS telephoneNumber
+ FROM persons,phones
+ WHERE persons.id=? AND phones.pers_id=persons.id
+.fi
+.LP
+Then, we use test_filter() from the frontend API to test the entry for a full
+LDAP search filter match (since we cannot effectively make sense of
+SYNTAX of corresponding LDAP schema attribute, we translate the filter
+into the most relaxed SQL condition to filter candidates), and send it to
+the user.
+.LP
+ADD, DELETE, MODIFY and MODRDN operations are also performed on per-attribute
+metainformation (add_proc etc.).
+In those fields one can specify an SQL statement or stored procedure
+call which can add, or delete given values of a given attribute, using
+the given entry keyval (see examples -- mostly PostgreSQL, ORACLE and MSSQL
+- since as of this writing there are no stored procs in MySQL).
+.LP
+We just add more columns to ldap_oc_mappings and ldap_attr_mappings, holding
+statements to execute (like create_proc, add_proc, del_proc etc.), and
+flags governing the order of parameters passed to those statements.
+Please see samples to find out what are the parameters passed, and other
+information on this matter - they are self-explanatory for those familiar
+with the concepts expressed above.
+.LP
+.SH Common techniques (referrals, multiclassing etc.)
+First of all, let's remember that among other major differences to the
+complete LDAP data model, the concept above does not directly support
+such things as multiple objectclasses per entry, and referrals.
+Fortunately, they are easy to adopt in this scheme.
+The SQL backend suggests one more table being added to the schema:
+ldap_entry_objectclasses(entry_id,oc_name).
+.LP
+The first contains any number of objectclass names that corresponding
+entries will be found by, in addition to that mentioned in
+mapping.
+The SQL backend automatically adds attribute mapping for the "objectclass"
+attribute to each objectclass mapping that loads values from this table.
+So, you may, for instance, have a mapping for inetOrgPerson, and use it
+for queries for "person" objectclass...
+.LP
+Referrals used to be implemented in a loose manner by adding an extra
+table that allowed any entry to host a "ref" attribute, along with
+a "referral" extra objectClass in table ldap_entry_objclasses.
+In the current implementation, referrals are treated like any other
+user-defined schema, since "referral" is a structural objectclass.
+The suggested practice is to define a "referral" entry in ldap_oc_mappings,
+holding a naming attribute, e.g. "ou" or "cn", a "ref" attribute,
+containing the url; in case multiple referrals per entry are needed,
+a separate table for urls can be created, where urls are mapped
+to the respective entries.
+The use of the naming attribute usually requires to add
+an "extensibleObject" value to ldap_entry_objclasses.
+
+.LP
+.SH Caveats
+As previously stated, this backend should not be considered
+a replacement of other data storage backends, but rather a gateway
+to existing RDBMS storages that need to be published in LDAP form.
+.LP
+The \fBhasSubordintes\fP operational attribute is honored by back-sql
+in search results and in compare operations; it is partially honored
+also in filtering. Owing to design limitations, a (brain-dead?) filter
+of the form
+\fB(!(hasSubordinates=TRUE))\fP
+will give no results instead of returning all the leaf entries, because
+it actually expands into \fB... AND NOT (1=1)\fP.
+If you need to find all the leaf entries, please use
+\fB(hasSubordinates=FALSE)\fP
+instead.
+.LP
+A directoryString value of the form "__First___Last_"
+(where underscores should be replaced by spaces) corresponds
+to its prettified counterpart "First_Last"; this is not currently
+honored by back-sql if non-prettified data is written via RDBMS;
+when non-prettified data is written thru back-sql, the prettified
+values are actually used instead.
+.LP
+.SH PROXY CACHE OVERLAY
+The proxy cache overlay
+allows caching of LDAP search requests (queries) in a local database.
+See
+.BR slapo-pcache (5)
+for details.
+.SH EXAMPLES
+There are example SQL modules in the slapd/back-sql/rdbms_depend/
+directory in the OpenLDAP source tree.
+.SH ACCESS CONTROL
+The
+.B sql
+backend honors access control semantics as indicated in
+.BR slapd.access (5)
+(including the
+.B disclose
+access privilege when enabled at compile time).
+.SH FILES
+
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8).
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-tcl.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-tcl.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd-tcl.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,271 @@
+.TH SLAPD-TCL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-tcl.5,v 1.7 2003/01/09 11:07:14 kurt Exp $
+.SH NAME
+slapd-tcl \- Tcl backend to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The Tcl backend to
+.BR slapd (8)
+works by embedding a
+.BR Tcl (3tcl)
+interpreter into
+.BR slapd (8).
+Any tcl database section of the configuration file
+.BR slapd.conf (5)
+must then specify what Tcl script to use.
+.LP
+This backend is experimental.
+.SH WARNING
+.B "This backend's calling conventions have changed since OpenLDAP 2.0."
+Previously, the 2nd argument to the procs was a message ID.
+Now they are an "operation ID" string.
+Also, proc abandon now gets a new
+.B abandonid
+argument.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the TCL backend database.
+That is, they must follow a "database tcl" line and come before any
+subsequent "backend" or "database" lines.
+Other database options are described in the
+.BR slapd.conf (5)
+manual page.
+.TP
+.B scriptpath <filename.tcl>
+The full path to the tcl script used for this database.
+.LP
+.B search <proc>
+.br
+.B add <proc>
+.br
+.B delete <proc>
+.br
+.B modify <proc>
+.br
+.B bind <proc>
+.br
+.B unbind <proc>
+.br
+.B modrdn <proc>
+.br
+.B compare <proc>
+.br
+.B abandon <proc>
+.RS
+The procs for each ldap function.
+They refer to the tcl procs in the `scriptpath' script that handles them.
+.RE
+.TP
+.B tclrealm <interpreter name>
+This is one of the biggest pluses of using the tcl backend.
+The realm lets you group several databases to the same interpreter.
+This basically means they share the same global variables and proc space.
+So global variables, as well as all the procs, are callable between databases.
+If no tclrealm is specified, it is put into the "default" realm.
+.SH Variables passed to the procs
+.TP
+.B abandon { action opid suffix abandonid }
+.nf
+action - Always equal to ABANDON.
+opid - The opid of this ldap operation.
+suffix - List of suffix(es) associated with the
+ call. Each one is an entry in a tcl
+ formatted list (surrounded by {}'s).
+abandonid - The opid of the operation to abandon.
+.fi
+.TP
+.B add "{ action opid suffix entry }"
+.nf
+action - Always equal to ADD.
+opid - The opid of this ldap operation.
+suffix - List of suffix(es), as above.
+entry - Full entry to add. Each "type: val" is
+ an element in a tcl formatted list.
+.fi
+.TP
+.B bind "{ action opid suffix dn method cred_len cred }"
+.nf
+action - Always equal to BIND.
+opid - The opid of this ldap operation.
+suffix - List of suffix(es), as above.
+dn - DN being bound to.
+method - One of the ldap authentication methods.
+cred_len - Length of cred.
+cred - Credentials being used to authenticate,
+ according to RFC. If this value is empty,
+ then it should be considered an anonymous
+ bind (??)
+.fi
+.TP
+.B compare "{ action opid suffix dn ava_type ava_value }"
+.nf
+action - Always equal to COMPARE.
+opid - The opid of this ldap operation.
+suffix - List of suffix(es), as above.
+dn - DN for compare.
+ava_type - Type for comparison.
+ava_value - Value to compare.
+.fi
+.TP
+.B delete "{ action opid suffix dn }"
+.nf
+action - Always equal to DELETE.
+opid - The opid of this ldap operation.
+suffix - List of suffix(es), as above.
+dn - DN to delete.
+.fi
+.TP
+.B modify "{ action opid suffix dn mods }"
+.nf
+action - Always equal to MODIFY.
+opid - The opid of this ldap operation.
+suffix - List of suffix(es), as above.
+dn - DN to modify.
+mods - Tcl list of modifications.
+ The list is formatted in this way:
+
+ {
+ { {op: type} {type: val} }
+ { {op: type} {type: val} {type: val} }
+ ...
+ }
+
+ Newlines are not present in the actual var,
+ they are present here for clarification.
+ "op" is the type of modification
+ (ADD, DELETE, REPLACE).
+.fi
+.TP
+.B modrdn "{ action opid suffix dn newrdn deleteoldrdn }"
+.nf
+action - Always equal to MODRDN.
+opid - The opid of this ldap operation.
+suffix - List of suffix(es), as above.
+dn - DN whose RDN is being renamed.
+newrdn - New RDN.
+deleteoldrdn - Boolean stating whether or not the
+ old RDN should be removed after being renamed.
+.fi
+.TP
+.B
+search { action opid suffix base scope deref \
+sizelimit timelimit filterstr attrsonly attrlist }
+.nf
+action - Always equal to SEARCH.
+opid - The opid of this ldap operation.
+suffix - List of suffix(es), as above.
+base - Base for this search.
+scope - Scope of search, ( 0 | 1 | 2 ).
+deref - Alias dereferencing ( 0 | 1 | 2 | 3 ).
+sizelimit - Maximum number of entries to return.
+timelimit - Time limit for search.
+filterstr - Filter string as sent by the requester.
+attrsonly - Boolean for whether to list only the
+ attributes, and not values as well.
+attrlist - Tcl list if to retrieve.
+.fi
+.TP
+.B unbind "{ action opid suffix dn }"
+.nf
+action - Always equal to UNBIND.
+opid - The opid of this ldap operation.
+suffix - List of suffix(es), as above.
+dn - DN to unbind.
+.fi
+.LP
+An
+.I opid
+(operation ID) is a "connection ID/message ID" string identifying an
+operation.
+.LP
+.SH Return Method and Syntax
+There are only 2 return types.
+All procs must return a result to show status of the operation.
+The result is in this form:
+.LP
+.RS
+.nf
+{ RESULT {code: <integer>} {matched: <partialdn>}
+ {info: <string>} {} }
+.fi
+.RE
+.LP
+This is best accomplished with this type of tcl code
+.LP
+.RS
+.nf
+ lappend ret_val "RESULT"
+ lappend ret_val "code: 0"
+ lappend ret_val ""
+ return $ret_val
+.fi
+.RE
+.LP
+The final empty string (item in list) is necessary to point to the end
+of list.
+The `code', `matched', and `info' values are not necessary, and
+default values are given if not specified.
+The `code' value is usually an LDAP error in decimal notation from
+ldap.h.
+The `info', may be sent back to the client, depending on the
+function.
+In the bind proc, LDAP uses the value of `code' to indicate whether or
+not the authentication is acceptable.
+.LP
+The other type of return is for searches.
+It is similar format to the shell backend return (as is most of the
+syntax here).
+Its format follows:
+.LP
+.RS
+.nf
+{dn: o=Company, c=US} {attr: val} {objectclass: val} {}
+{dn: o=CompanyB, c=US} {attr: val} {objectclass: val} {}
+.fi
+.RE
+.LP
+Again, newlines are for visual purposes here.
+Also note the {} marking the end of the entry (same effect as a
+newline in ldif format).
+Here is some example code again, showing a full search proc example.
+.LP
+.RS
+.nf
+# Note that `args' lets you lump all possible args
+# into one var, used here for simplicity of example
+proc ldap:search { args } {
+ # ...perform some operations...
+
+ lappend ret_val "dn: $rdn,$base"
+ lappend ret_val "objectclass: $objcl"
+ lappend ret_val "sn: $rdn"
+ lappend ret_val "mail: $email"
+ lappend ret_val ""
+ # Now setup the result
+ lappend ret_val "RESULT"
+ lappend ret_val "code: 0"
+ lappend ret_val ""
+ return $ret_val
+}
+.fi
+.RE
+.LP
+NOTE: Newlines in the return value is acceptable in search entries
+(i.e. when returning base64 encoded binary entries).
+.LP
+.SH Builtin Commands and Variables
+.TP
+.B ldap:debug <msg>
+Allows you to send debug messages through OpenLDAP's native debugging
+system, this is sent as a LDAP_DEBUG_ANY and will be logged.
+Useful for debugging scripts or logging bind failures.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8),
+.BR Tcl (3tcl).
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.access.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.access.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.access.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1058 @@
+.TH SLAPD.ACCESS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.access.5,v 1.55.2.10 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapd.access \- access configuration for slapd, the stand-alone LDAP daemon
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.BR slapd.conf (5)
+file contains configuration information for the
+.BR slapd (8)
+daemon. This configuration file is also used by the
+.BR slurpd (8)
+replication daemon and by the SLAPD tools
+.BR slapacl (8),
+.BR slapadd (8),
+.BR slapauth (8),
+.BR slapcat (8),
+.BR slapdn (8),
+.BR slapindex (8),
+and
+.BR slaptest (8).
+.LP
+The
+.B slapd.conf
+file consists of a series of global configuration options that apply to
+.B slapd
+as a whole (including all backends), followed by zero or more database
+backend definitions that contain information specific to a backend
+instance.
+.LP
+The general format of
+.B slapd.conf
+is as follows:
+.LP
+.nf
+ # comment - these options apply to every database
+ <global configuration options>
+ # first database definition & configuration options
+ database <backend 1 type>
+ <configuration options specific to backend 1>
+ # subsequent database definitions & configuration options
+ ...
+.fi
+.LP
+Both the global configuration and each backend-specific section can
+contain access information. Backend-specific access control
+directives are used for those entries that belong to the backend,
+according to their naming context. In case no access control
+directives are defined for a backend or those which are defined are
+not applicable, the directives from the global configuration section
+are then used.
+.LP
+If no access controls are present, the default policy
+allows anyone and everyone to read anything but restricts
+updates to rootdn. (e.g., "access to * by * read").
+The rootdn can always read and write EVERYTHING!
+.LP
+For entries not held in any backend (such as a root DSE), the
+directives of the first backend (and any global directives) are
+used.
+.LP
+Arguments that should be replaced by actual text are shown in
+brackets <>.
+.SH THE ACCESS DIRECTIVE
+The structure of the access control directives is
+.TP
+.B access to <what> "[ by <who> [ <access> ] [ <control> ] ]+"
+Grant access (specified by
+.BR <access> )
+to a set of entries and/or attributes (specified by
+.BR <what> )
+by one or more requestors (specified by
+.BR <who> ).
+.SH THE <WHAT> FIELD
+The field
+.BR <what>
+specifies the entity the access control directive applies to.
+It can have the forms
+.LP
+.nf
+ dn[.<dnstyle>]=<dnpattern>
+ filter=<ldapfilter>
+ attrs=<attrlist>[ val[/matchingRule][.<attrstyle>]=<attrval>]
+.fi
+.LP
+with
+.LP
+.nf
+ <dnstyle>={{exact|base(object)}|regex
+ |one(level)|sub(tree)|children}
+ <attrlist>={<attr>|[{!|@}]<objectClass>}[,<attrlist>]
+ <attrstyle>={{exact|base(object)}|regex
+ |one(level)|sub(tree)|children}
+.fi
+.LP
+The statement
+.B dn=<dnpattern>
+selects the entries based on their naming context.
+The
+.B <dnpattern>
+is a string representation of the entry's DN.
+The wildcard
+.B *
+stands for all the entries, and it is implied if no
+.B dn
+form is given.
+.LP
+The
+.B <dnstyle>
+is optional; however, it is recommended to specify it to avoid ambiguities.
+.B Base
+(synonym of
+.BR baseObject ),
+the default,
+or
+.B exact
+(an alias of
+.BR base )
+indicates the entry whose DN is equal to the
+.BR <dnpattern> ;
+.B one
+(synonym of
+.BR onelevel )
+indicates all the entries immediately below the
+.BR <dnpattern> ,
+.B sub
+(synonym of
+.BR subtree )
+indicates all entries in the subtree at the
+.BR <dnpattern> ,
+.B children
+indicates all the entries below (subordinate to) the
+.BR <dnpattern> .
+.LP
+If the
+.B <dnstyle>
+qualifier is
+.BR regex ,
+then
+.B <dnpattern>
+is a POSIX (''extended'') regular expression pattern,
+as detailed in
+.BR regex (7)
+and/or
+.BR re_format (7),
+matching a normalized string representation of the entry's DN.
+The regex form of the pattern does not (yet) support UTF\-8.
+.LP
+The statement
+.B filter=<ldapfilter>
+selects the entries based on a valid LDAP filter as described in RFC 2254.
+A filter of
+.B (objectClass=*)
+is implied if no
+.B filter
+form is given.
+.LP
+The statement
+.B attrs=<attrlist>
+selects the attributes the access control rule applies to.
+It is a comma-separated list of attribute types, plus the special names
+.BR entry ,
+indicating access to the entry itself, and
+.BR children ,
+indicating access to the entry's children. ObjectClass names may also
+be specified in this list, which will affect all the attributes that
+are required and/or allowed by that objectClass.
+Actually, names in
+.B <attrlist>
+that are prefixed by
+.B @
+are directly treated as objectClass names. A name prefixed by
+.B !
+is also treated as an objectClass, but in this case the access rule
+affects the attributes that are not required nor allowed
+by that objectClass.
+If no
+.B attrs
+form is given,
+.B attrs=@extensibleObject
+is implied, i.e. all attributes are addressed.
+.LP
+Using the form
+.B attrs=<attr> val[/matchingRule][.<attrstyle>]=<attrval>
+specifies access to a particular value of a single attribute.
+In this case, only a single attribute type may be given. The
+.B <attrstyle>
+.B exact
+(the default) uses the attribute's equality matching rule to compare the
+value, unless a different (and compatible) matching rule is specified. If the
+.B <attrstyle>
+is
+.BR regex ,
+the provided value is used as a POSIX (''extended'') regular
+expression pattern. If the attribute has DN syntax, the
+.B <attrstyle>
+can be any of
+.BR base ,
+.BR onelevel ,
+.B subtree
+or
+.BR children ,
+resulting in base, onelevel, subtree or children match, respectively.
+.LP
+The dn, filter, and attrs statements are additive; they can be used in sequence
+to select entities the access rule applies to based on naming context,
+value and attribute type simultaneously.
+.SH THE <WHO> FIELD
+The field
+.B <who>
+indicates whom the access rules apply to.
+Multiple
+.B <who>
+statements can appear in an access control statement, indicating the
+different access privileges to the same resource that apply to different
+accessee.
+It can have the forms
+.LP
+.nf
+ *
+ anonymous
+ users
+ self[.<selfstyle>]
+
+ dn[.<dnstyle>[,<modifier>]]=<DN>
+ dnattr=<attrname>
+
+ realanonymous
+ realusers
+ realself[.<selfstyle>]
+
+ realdn[.<dnstyle>[,<modifier>]]=<DN>
+ realdnattr=<attrname>
+
+ group[/<objectclass>[/<attrname>]]
+ [.<groupstyle>]=<group>
+ peername[.<peernamestyle>]=<peername>
+ sockname[.<style>]=<sockname>
+ domain[.<domainstyle>[,<modifier>]]=<domain>
+ sockurl[.<style>]=<sockurl>
+ set[.<setstyle>]=<pattern>
+
+ ssf=<n>
+ transport_ssf=<n>
+ tls_ssf=<n>
+ sasl_ssf=<n>
+
+ aci[=<attrname>]
+ dynacl/name[/<options>][.<dynstyle>][=<pattern>]
+.fi
+.LP
+with
+.LP
+.nf
+ <style>={exact|regex|expand}
+ <selfstyle>={level{<n>}}
+ <dnstyle>={{exact|base(object)}|regex
+ |one(level)|sub(tree)|children|level{<n>}}
+ <groupstyle>={exact|expand}
+ <peernamestyle>={<style>|ip|path}
+ <domainstyle>={exact|regex|sub(tree)}
+ <setstyle>={exact|regex}
+ <modifier>={expand}
+.fi
+.LP
+They may be specified in combination.
+.LP
+.nf
+.fi
+.LP
+The wildcard
+.B *
+refers to everybody.
+.LP
+The keywords prefixed by
+.B real
+act as their counterparts without prefix; the checking respectively occurs
+with the \fIauthentication\fP DN and the \fIauthorization\fP DN.
+.LP
+The keyword
+.B anonymous
+means access is granted to unauthenticated clients; it is mostly used
+to limit access to authentication resources (e.g. the
+.B userPassword
+attribute) to unauthenticated clients for authentication purposes.
+.LP
+The keyword
+.B users
+means access is granted to authenticated clients.
+.LP
+The keyword
+.B self
+means access to an entry is allowed to the entry itself (e.g. the entry
+being accessed and the requesting entry must be the same).
+It allows the
+.B level{<n>}
+style, where \fI<n>\fP indicates what ancestor of the DN
+is to be used in matches.
+A positive value indicates that the <n>-th ancestor of the user's DN
+is to be considered; a negative value indicates that the <n>-th ancestor
+of the target is to be considered.
+For example, a "\fIby self.level{1} ...\fP" clause would match
+when the object "\fIdc=example,dc=com\fP" is accessed
+by "\fIcn=User,dc=example,dc=com\fP".
+A "\fIby self.level{-1} ...\fP" clause would match when the same user
+accesses the object "\fIou=Address Book,cn=User,dc=example,dc=com\fP".
+.LP
+The statement
+.B dn=<DN>
+means that access is granted to the matching DN.
+The optional style qualifier
+.B dnstyle
+allows the same choices of the dn form of the
+.B <what>
+field. In addition, the
+.B regex
+style can exploit substring substitution of submatches in the
+.B <what>
+dn.regex clause by using the form
+.BR $<digit> ,
+with
+.B digit
+ranging from 0 to 9 (where 0 matches the entire string),
+or the form
+.BR ${<digit>+} ,
+for submatches higher than 9.
+Since the dollar character is used to indicate a substring replacement,
+the dollar character that is used to indicate match up to the end of
+the string must be escaped by a second dollar character, e.g.
+.LP
+.nf
+ access to dn.regex="^(.+,)?uid=([^,]+),dc=[^,]+,dc=com$"
+ by dn.regex="^uid=$2,dc=[^,]+,dc=com$$" write
+.fi
+.LP
+The style qualifier
+allows an optional
+.BR modifier .
+At present, the only type allowed is
+.BR expand ,
+which causes substring substitution of submatches to take place
+even if
+.B dnstyle
+is not
+.BR regex .
+Note that the
+.B regex
+dnstyle in the above example may be of use only if the
+.B <by>
+clause needs to be a regex; otherwise, if the
+value of the second (from the right)
+.B dc=
+portion of the DN in the above example were fixed, the form
+.LP
+.nf
+ access to dn.regex="^(.+,)?uid=([^,]+),dc=example,dc=com$"
+ by dn.exact,expand="uid=$2,dc=example,dc=com" write
+.fi
+.LP
+could be used; if it had to match the value in the
+.B <what>
+clause, the form
+.LP
+.nf
+ access to dn.regex="^(.+,)?uid=([^,]+),dc=([^,]+),dc=com$"
+ by dn.exact,expand="uid=$2,dc=$3,dc=com" write
+.fi
+.LP
+could be used.
+.LP
+Forms of the
+.B <what>
+clause other than regex may provide submatches as well.
+The
+.BR base(object) ,
+the
+.BR sub(tree) ,
+the
+.BR one(level) ,
+and the
+.BR children
+forms provide
+.B $0
+as the match of the entire string.
+The
+.BR sub(tree) ,
+the
+.BR one(level) ,
+and the
+.BR children
+forms also provide
+.B $1
+as the match of the rightmost part of the DN as defined in the
+.B <what>
+clause.
+This may be useful, for instance, to provide access to all the
+ancestors of a user by defining
+.LP
+.nf
+ access to dn.subtree="dc=com"
+ by dn.subtree,expand="$1" read
+.fi
+.LP
+which means that only access to entries that appear in the DN of the
+.B <by>
+clause is allowed.
+.LP
+The
+.BR level{<n>}
+form is an extension and a generalization of the
+.BR onelevel
+form, which matches all DNs whose <n>-th ancestor is the pattern.
+So, \fIlevel{1}\fP is equivalent to \fIonelevel\fP,
+and \fIlevel{0}\fP is equivalent to \fIbase\fP.
+.LP
+It is perfectly useless to give any access privileges to a DN
+that exactly matches the
+.B rootdn
+of the database the ACLs apply to, because it implicitly
+possesses write privileges for the entire tree of that database.
+Actually, access control is bypassed for the
+.BR rootdn ,
+to solve the intrinsic chicken-and-egg problem.
+.LP
+The statement
+.B dnattr=<attrname>
+means that access is granted to requests whose DN is listed in the
+entry being accessed under the
+.B <attrname>
+attribute.
+.LP
+The statement
+.B group=<group>
+means that access is granted to requests whose DN is listed
+in the group entry whose DN is given by
+.BR <group> .
+The optional parameters
+.B <objectclass>
+and
+.B <attrname>
+define the objectClass and the member attributeType of the group entry.
+The defaults are
+.B groupOfNames
+and
+.BR member ,
+respectively.
+The optional style qualifier
+.B <style>
+can be
+.BR expand ,
+which means that
+.B <group>
+will be expanded as a replacement string (but not as a regular expression)
+according to
+.BR regex (7)
+and/or
+.BR re_format (7),
+and
+.BR exact ,
+which means that exact match will be used.
+If the style of the DN portion of the
+.B <what>
+clause is regex, the submatches are made available according to
+.BR regex (7)
+and/or
+.BR re_format (7);
+other styles provide limited submatches as discussed above about
+the DN form of the
+.B <by>
+clause.
+.LP
+For static groups, the specified attributeType must have
+.B DistinguishedName
+or
+.B NameAndOptionalUID
+syntax. For dynamic groups the attributeType must
+be a subtype of the
+.B labeledURI
+attributeType. Only LDAP URIs of the form
+.B ldap:///<base>??<scope>?<filter>
+will be evaluated in a dynamic group, by searching the local server only.
+.LP
+The statements
+.BR peername=<peername> ,
+.BR sockname=<sockname> ,
+.BR domain=<domain> ,
+and
+.BR sockurl=<sockurl>
+mean that the contacting host IP (in the form
+.BR "IP=<ip>:<port>" )
+or the contacting host named pipe file name (in the form
+.B "PATH=<path>"
+if connecting through a named pipe) for
+.BR peername ,
+the named pipe file name for
+.BR sockname ,
+the contacting host name for
+.BR domain ,
+and the contacting URL for
+.BR sockurl
+are compared against
+.B pattern
+to determine access.
+The same
+.B style
+rules for pattern match described for the
+.B group
+case apply, plus the
+.B regex
+style, which implies submatch
+.B expand
+and regex match of the corresponding connection parameters.
+The
+.B exact
+style of the
+.BR <peername>
+clause (the default) implies a case-exact match on the client's
+.BR IP ,
+including the
+.B "IP="
+prefix and the trailing
+.BR ":<port>" ,
+or the client's
+.BR path ,
+including the
+.B "PATH="
+prefix if connecting through a named pipe.
+The special
+.B ip
+style interprets the pattern as
+.BR <peername>=<ip>[%<mask>][{<n>}] ,
+where
+.B <ip>
+and
+.B <mask>
+are dotted digit representations of the IP and the mask, while
+.BR <n> ,
+delimited by curly brackets, is an optional port.
+When checking access privileges, the IP portion of the
+.BR peername
+is extracted, eliminating the
+.B "IP="
+prefix and the
+.B ":<port>"
+part, and it is compared against the
+.B <ip>
+portion of the pattern after masking with
+.BR <mask> .
+As an example,
+.B peername.ip=127.0.0.1
+allows connections only from localhost,
+.B peername.ip=192.168.1.0%255.255.255.0
+allows connections from any IP in the 192.168.1 class C domain, and
+.B peername.ip=192.168.1.16%255.255.255.240{9009}
+allows connections from any IP in the 192.168.1.[16-31] range
+of the same domain, only if port 9009 is used.
+The special
+.B path
+style eliminates the
+.B "PATH="
+prefix from the
+.B peername
+when connecting through a named pipe, and performs an exact match
+on the given pattern.
+The
+.BR <domain>
+clause also allows the
+.B subtree
+style, which succeeds when a fully qualified name exactly matches the
+.BR domain
+pattern, or its trailing part, after a
+.BR dot ,
+exactly matches the
+.BR domain
+pattern.
+The
+.B expand
+style is allowed, implying an
+.B exact
+match with submatch expansion; the use of
+.B expand
+as a style modifier is considered more appropriate.
+As an example,
+.B domain.subtree=example.com
+will match www.example.com, but will not match www.anotherexample.com.
+The
+.B domain
+of the contacting host is determined by performing a DNS reverse lookup.
+As this lookup can easily be spoofed, use of the
+.B domain
+statement is strongly discouraged. By default, reverse lookups are disabled.
+The optional
+.B domainstyle
+qualifier of the
+.B <domain>
+clause allows a
+.B modifier
+option; the only value currently supported is
+.BR expand ,
+which causes substring substitution of submatches to take place even if
+the
+.B domainstyle
+is not
+.BR regex ,
+much like the analogous usage in
+.B <dn>
+clause.
+.LP
+The statement
+.B set=<pattern>
+is undocumented yet.
+.LP
+The statement
+.B aci[=<attrname>]
+means that the access control is determined by the values in the
+.B attrname
+of the entry itself.
+The optional
+.B <attrname>
+indicates what attributeType holds the ACI information in the entry.
+By default, the
+.B OpenLDAPaci
+operational attribute is used.
+ACIs are experimental; they must be enabled at compile time.
+.LP
+The statement
+.B dynacl/<name>[/<options>][.<dynstyle>][=<pattern>]
+means that access checking is delegated to the admin-defined method
+indicated by
+.BR <name> ,
+which can be registered at run-time by means of the
+.B moduleload
+statement.
+The fields
+.BR <options> ,
+.B <dynstyle>
+and
+.B <pattern>
+are optional, and are directly passed to the registered parsing routine.
+Dynacl is experimental; it must be enabled at compile time.
+If dynacl and ACIs are both enabled, ACIs are cast into the dynacl scheme,
+where
+.B <name>=aci
+and, optionally,
+.BR <patten>=<attrname> .
+However, the original ACI syntax is preserved for backward compatibility.
+.LP
+The statements
+.BR ssf=<n> ,
+.BR transport_ssf=<n> ,
+.BR tls_ssf=<n> ,
+and
+.BR sasl_ssf=<n>
+set the minimum required Security Strength Factor (ssf) needed
+to grant access. The value should be positive integer.
+.SH THE <ACCESS> FIELD
+The field
+.B <access> ::= [[real]self]{<level>|<priv>}
+determines the access level or the specific access privileges the
+.B who
+field will have.
+Its component are defined as
+.LP
+.nf
+ <level> ::= none|disclose|auth|compare|search|read|write
+ <priv> ::= {=|+|-}{w|r|s|c|x|d|0}+
+.fi
+.LP
+The modifier
+.B self
+allows special operations like having a certain access level or privilege
+only in case the operation involves the name of the user that's requesting
+the access.
+It implies the user that requests access is authorized.
+The modifier
+.B realself
+refers to the authenticated DN as opposed to the authorized DN of the
+.B self
+modifier.
+An example is the
+.B selfwrite
+access to the member attribute of a group, which allows one to add/delete
+its own DN from the member list of a group, without affecting other members.
+.LP
+The
+.B level
+access model relies on an incremental interpretation of the access
+privileges.
+The possible levels are
+.BR none ,
+.BR disclose ,
+.BR auth ,
+.BR compare ,
+.BR search ,
+.BR read ,
+and
+.BR write .
+Each access level implies all the preceding ones, thus
+.B write
+access will imply all accesses.
+.LP
+The
+.B none
+access level disallows all access including disclosure on error.
+.LP
+The
+.B disclose
+access level allows disclosure of information on error.
+.LP
+The
+.B auth
+access level means that one is allowed access to an attribute to perform
+authentication/authorization operations (e.g.
+.BR bind )
+with no other access.
+This is useful to grant unauthenticated clients the least possible
+access level to critical resources, like passwords.
+.LP
+The
+.B priv
+access model relies on the explicit setting of access privileges
+for each clause.
+The
+.B =
+sign resets previously defined accesses; as a consequence, the final
+access privileges will be only those defined by the clause.
+The
+.B +
+and
+.B -
+signs add/remove access privileges to the existing ones.
+The privileges are
+.B w
+for write,
+.B r
+for read,
+.B s
+for search,
+.B c
+for compare,
+.B x
+for authentication, and
+.B d
+for disclose.
+More than one of the above privileges can be added in one statement.
+.B 0
+indicates no privileges and is used only by itself (e.g., +0).
+If no access is given, it defaults to
+.BR +0 .
+.SH THE <CONTROL> FIELD
+The optional field
+.B <control>
+controls the flow of access rule application.
+It can have the forms
+.LP
+.nf
+ stop
+ continue
+ break
+.fi
+.LP
+where
+.BR stop ,
+the default, means access checking stops in case of match.
+The other two forms are used to keep on processing access clauses.
+In detail, the
+.B continue
+form allows for other
+.B <who>
+clauses in the same
+.B <access>
+clause to be considered, so that they may result in incrementally altering
+the privileges, while the
+.B break
+form allows for other
+.B <access>
+clauses that match the same target to be processed.
+Consider the (silly) example
+.LP
+.nf
+ access to dn.subtree="dc=example,dc=com" attrs=cn
+ by * =cs break
+
+ access to dn.subtree="ou=People,dc=example,dc=com"
+ by * +r
+.fi
+.LP
+which allows search and compare privileges to everybody under
+the "dc=example,dc=com" tree, with the second rule allowing
+also read in the "ou=People" subtree,
+or the (even more silly) example
+.LP
+.nf
+ access to dn.subtree="dc=example,dc=com" attrs=cn
+ by * =cs continue
+ by users +r
+.fi
+.LP
+which grants everybody search and compare privileges, and adds read
+privileges to authenticated clients.
+.LP
+One useful application is to easily grant write privileges to an
+.B updatedn
+that is different from the
+.BR rootdn .
+In this case, since the
+.B updatedn
+needs write access to (almost) all data, one can use
+.LP
+.nf
+ access to *
+ by dn.exact="cn=The Update DN,dc=example,dc=com" write
+ by * break
+.fi
+.LP
+as the first access rule.
+As a consequence, unless the operation is performed with the
+.B updatedn
+identity, control is passed straight to the subsequent rules.
+
+.SH OPERATION REQUIREMENTS
+Operations require different privileges on different portions of entries.
+The following summary applies to primary database backends such as
+the BDB and HDB backends. Requirements for other backends may
+(and often do) differ.
+
+.LP
+The
+.B add
+operation requires
+.B write (=w)
+privileges on the pseudo-attribute
+.B entry
+of the entry being added, and
+.B write (=w)
+privileges on the pseudo-attribute
+.B children
+of the entry's parent.
+When adding the suffix entry of a database, write access to
+.B children
+of the empty DN ("") is required.
+
+.LP
+The
+.B bind
+operation, when credentials are stored in the directory, requires
+.B auth (=x)
+privileges on the attribute the credentials are stored in (usually
+.BR userPassword ).
+
+.LP
+The
+.B compare
+operation requires
+.B compare (=c)
+privileges on the attribute that is being compared.
+
+.LP
+The
+.B delete
+operation requires
+.B write (=w)
+privileges on the pseudo-attribute
+.B entry
+of the entry being deleted, and
+.B write (=w)
+privileges on the
+.B children
+pseudo-attribute of the entry's parent.
+
+.LP
+The
+.B modify
+operation requires
+.B write (=w)
+privileges on the attributes being modified.
+
+.LP
+The
+.B modrdn
+operation requires
+.B write (=w)
+privileges on the pseudo-attribute
+.B entry
+of the entry whose relative DN is being modified,
+.B write (=w)
+privileges on the pseudo-attribute
+.B children
+of the old and new entry's parents, and
+.B write (=w)
+privileges on the attributes that are present in the new relative DN.
+.B Write (=w)
+privileges are also required on the attributes that are present
+in the old relative DN if
+.B deleteoldrdn
+is set to 1.
+
+.LP
+The
+.B search
+operation, requires
+.B search (=s)
+privileges on the
+.B entry
+pseudo-attribute of the searchBase (NOTE: this was introduced with 2.3).
+Then, for each entry, it requires
+.B search (=s)
+privileges on the attributes that are defined in the filter.
+The resulting entries are finally tested for
+.B read (=r)
+privileges on the pseudo-attribute
+.B entry
+(for read access to the entry itself)
+and for
+.B read (=r)
+access on each value of each attribute that is requested.
+Also, for each
+.B referral
+object used in generating continuation references, the operation requires
+.B read (=r)
+access on the pseudo-attribute
+.B entry
+(for read access to the referral object itself),
+as well as
+.B read (=r)
+access to the attribute holding the referral information
+(generally the
+.B ref
+attribute).
+
+.LP
+Some internal operations and some
+.B controls
+require specific access privileges.
+The
+.B authzID
+mapping and the
+.B proxyAuthz
+control require
+.B auth (=x)
+privileges on all the attributes that are present in the search filter
+of the URI regexp maps (the right-hand side of the
+.B authz-regexp
+directives).
+.B Auth (=x)
+privileges are also required on the
+.B authzTo
+attribute of the authorizing identity and/or on the
+.B authzFrom
+attribute of the authorized identity.
+
+.LP
+Access control to search entries is checked by the frontend,
+so it is fully honored by all backends; for all other operations
+and for the discovery phase of the search operation,
+full ACL semantics is only supported by the primary backends, i.e.
+.BR back-bdb (5),
+and
+.BR back-hdb (5).
+
+Some other backend, like
+.BR back-sql (5),
+may fully support them; others may only support a portion of the
+described semantics, or even differ in some aspects.
+The relevant details are described in the backend-specific man pages.
+
+.SH CAVEATS
+It is strongly recommended to explicitly use the most appropriate
+.B <dnstyle>
+in
+.B <what>
+and
+.B <who>
+clauses, to avoid possible incorrect specifications of the access rules
+as well as for performance (avoid unnecessary regex matching when an exact
+match suffices) reasons.
+.LP
+An administrator might create a rule of the form:
+.LP
+.nf
+ access to dn.regex="dc=example,dc=com"
+ by ...
+.fi
+.LP
+expecting it to match all entries in the subtree "dc=example,dc=com".
+However, this rule actually matches any DN which contains anywhere
+the substring "dc=example,dc=com". That is, the rule matches both
+"uid=joe,dc=example,dc=com" and "dc=example,dc=com,uid=joe".
+.LP
+To match the desired subtree, the rule would be more precisely
+written:
+.LP
+.nf
+ access to dn.regex="^(.+,)?dc=example,dc=com$"
+ by ...
+.fi
+.LP
+For performance reasons, it would be better to use the subtree style.
+.LP
+.nf
+ access to dn.subtree="dc=example,dc=com"
+ by ...
+.fi
+.LP
+When writing submatch rules, it may be convenient to avoid unnecessary
+.B regex
+.B <dnstyle>
+use; for instance, to allow access to the subtree of the user
+that matches the
+.B <what>
+clause, one could use
+.LP
+.nf
+ access to dn.regex="^(.+,)?uid=([^,]+),dc=example,dc=com$"
+ by dn.regex="^uid=$2,dc=example,dc=com$$" write
+ by ...
+.fi
+.LP
+However, since all that is required in the
+.B <by>
+clause is substring expansion, a more efficient solution is
+.LP
+.nf
+ access to dn.regex="^(.+,)?uid=([^,]+),dc=example,dc=com$"
+ by dn.exact,expand="uid=$2,dc=example,dc=com" write
+ by ...
+.fi
+.LP
+In fact, while a
+.B <dnstyle>
+of
+.B regex
+implies substring expansion,
+.BR exact ,
+as well as all the other DN specific
+.B <dnstyle>
+values, does not, so it must be explicitly requested.
+.LP
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd (8),
+.BR slapd-* (5),
+.BR slapacl (8),
+.BR regex (7),
+.BR re_format (7)
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.conf.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.conf.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.conf.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1947 @@
+.TH SLAPD.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.conf.5,v 1.191.2.28 2007/04/02 20:33:57 hyc Exp $
+.SH NAME
+slapd.conf \- configuration file for slapd, the stand-alone LDAP daemon
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The file
+.B ETCDIR/slapd.conf
+contains configuration information for the
+.BR slapd (8)
+daemon. This configuration file is also used by the
+.BR slurpd (8)
+replication daemon and by the SLAPD tools
+.BR slapacl (8),
+.BR slapadd (8),
+.BR slapauth (8),
+.BR slapcat (8),
+.BR slapdn (8),
+.BR slapindex (8),
+and
+.BR slaptest (8).
+.LP
+The
+.B slapd.conf
+file consists of a series of global configuration options that apply to
+.B slapd
+as a whole (including all backends), followed by zero or more database
+backend definitions that contain information specific to a backend
+instance.
+The configuration options are case-insensitive;
+their value, on a case by case basis, may be case-sensitive.
+.LP
+The general format of
+.B slapd.conf
+is as follows:
+.LP
+.nf
+ # comment - these options apply to every database
+ <global configuration options>
+ # first database definition & configuration options
+ database <backend 1 type>
+ <configuration options specific to backend 1>
+ # subsequent database definitions & configuration options
+ ...
+.fi
+.LP
+As many backend-specific sections as desired may be included. Global
+options can be overridden in a backend (for options that appear more
+than once, the last appearance in the
+.B slapd.conf
+file is used).
+.LP
+If a line begins with white space, it is considered a continuation
+of the previous line. Blank lines and comment lines beginning with
+a `#' character are ignored. Note: continuation lines are unwrapped
+before comment processing is applied.
+.LP
+Arguments on configuration lines are separated by white space. If an
+argument contains white space, the argument should be enclosed in
+double quotes. If an argument contains a double quote (`"') or a
+backslash character (`\\'), the character should be preceded by a
+backslash character.
+.LP
+The specific configuration options available are discussed below in the
+Global Configuration Options, General Backend Options, and General Database
+Options. Backend-specific options are discussed in the
+.B slapd-<backend>(5)
+manual pages. Refer to the "OpenLDAP Administrator's Guide" for more
+details on the slapd configuration file.
+.SH GLOBAL CONFIGURATION OPTIONS
+Options described in this section apply to all backends, unless specifically
+overridden in a backend definition. Arguments that should be replaced by
+actual text are shown in brackets <>.
+.TP
+.B access to <what> "[ by <who> <access> <control> ]+"
+Grant access (specified by <access>) to a set of entries and/or
+attributes (specified by <what>) by one or more requestors (specified
+by <who>).
+If no access controls are present, the default policy
+allows anyone and everyone to read anything but restricts
+updates to rootdn. (e.g., "access to * by * read").
+The rootdn can always read and write EVERYTHING!
+See
+.BR slapd.access (5)
+and the "OpenLDAP's Administrator's Guide" for details.
+.TP
+.B allow <features>
+Specify a set of features (separated by white space) to
+allow (default none).
+.B bind_v2
+allows acceptance of LDAPv2 bind requests. Note that
+.BR slapd (8)
+does not truly implement LDAPv2 (RFC 1777), now Historic (RFC 3494).
+.B bind_anon_cred
+allows anonymous bind when credentials are not empty (e.g.
+when DN is empty).
+.B bind_anon_dn
+allows unauthenticated (anonymous) bind when DN is not empty.
+.B update_anon
+allows unauthenticated (anonymous) update operations to be processed
+(subject to access controls and other administrative limits).
+.TP
+.B argsfile <filename>
+The ( absolute ) name of a file that will hold the
+.B slapd
+server's command line options
+if started without the debugging command line option.
+.TP
+.B attributeoptions [option-name]...
+Define tagging attribute options or option tag/range prefixes.
+Options must not end with `-', prefixes must end with `-'.
+The `lang-' prefix is predefined.
+If you use the
+.B attributeoptions
+directive, `lang-' will no longer be defined and you must specify it
+explicitly if you want it defined.
+
+An attribute description with a tagging option is a subtype of that
+attribute description without the option.
+Except for that, options defined this way have no special semantics.
+Prefixes defined this way work like the `lang-' options:
+They define a prefix for tagging options starting with the prefix.
+That is, if you define the prefix `x-foo-', you can use the option
+`x-foo-bar'.
+Furthermore, in a search or compare, a prefix or range name (with
+a trailing `-') matches all options starting with that name, as well
+as the option with the range name sans the trailing `-'.
+That is, `x-foo-bar-' matches `x-foo-bar' and `x-foo-bar-baz'.
+
+RFC 4520 reserves options beginning with `x-' for private experiments.
+Other options should be registered with IANA, see RFC 4520 section 3.5.
+OpenLDAP also has the `binary' option built in, but this is a transfer
+option, not a tagging option.
+.HP
+.hy 0
+.B attributetype "(\ <oid>\
+ [NAME\ <name>]\
+ [DESC\ <description>]\
+ [OBSOLETE]\
+ [SUP\ <oid>]\
+ [EQUALITY\ <oid>]\
+ [ORDERING\ <oid>]\
+ [SUBSTR\ <oid>]\
+ [SYNTAX\ <oidlen>]\
+ [SINGLE\-VALUE]\
+ [COLLECTIVE]\
+ [NO\-USER\-MODIFICATION]\
+ [USAGE\ <attributeUsage>]\ )"
+.RS
+Specify an attribute type using the LDAPv3 syntax defined in RFC 4512.
+The slapd parser extends the RFC 4512 definition by allowing string
+forms as well as numeric OIDs to be used for the attribute OID and
+attribute syntax OID.
+(See the
+.B objectidentifier
+description.)
+.RE
+.TP
+.B authz-policy <policy>
+Used to specify which rules to use for Proxy Authorization. Proxy
+authorization allows a client to authenticate to the server using one
+user's credentials, but specify a different identity to use for authorization
+and access control purposes. It essentially allows user A to login as user
+B, using user A's password.
+The
+.B none
+flag disables proxy authorization. This is the default setting.
+The
+.B from
+flag will use rules in the
+.I authzFrom
+attribute of the authorization DN.
+The
+.B to
+flag will use rules in the
+.I authzTo
+attribute of the authentication DN.
+The
+.B any
+flag, an alias for the deprecated value of
+.BR both ,
+will allow any of the above, whatever succeeds first (checked in
+.BR to ,
+.B from
+sequence.
+The
+.B all
+flag requires both authorizations to succeed.
+.LP
+.RS
+The rules are mechanisms to specify which identities are allowed
+to perform proxy authorization.
+The
+.I authzFrom
+attribute in an entry specifies which other users
+are allowed to proxy login to this entry. The
+.I authzTo
+attribute in
+an entry specifies which other users this user can authorize as. Use of
+.I authzTo
+rules can be easily
+abused if users are allowed to write arbitrary values to this attribute.
+In general the
+.I authzTo
+attribute must be protected with ACLs such that
+only privileged users can modify it.
+The value of
+.I authzFrom
+and
+.I authzTo
+describes an
+.B identity
+or a set of identities; it can take five forms:
+.RS
+.TP
+.B ldap:///<base>??[<scope>]?<filter>
+.RE
+.RS
+.B dn[.<dnstyle>]:<pattern>
+.RE
+.RS
+.B u[<mech>[<realm>]]:<pattern>
+.RE
+.RS
+.B group[/objectClass[/attributeType]]:<pattern>
+.RE
+.RS
+.B <pattern>
+.RE
+.RS
+
+.B <dnstyle>:={exact|onelevel|children|subtree|regex}
+
+.RE
+The first form is a valid LDAP
+.B URI
+where the
+.IR <host>:<port> ,
+the
+.I <attrs>
+and the
+.I <extensions>
+portions must be absent, so that the search occurs locally on either
+.I authzFrom
+or
+.IR authzTo .
+The second form is a
+.BR DN ,
+with the optional style modifiers
+.IR exact ,
+.IR onelevel ,
+.IR children ,
+and
+.I subtree
+for exact, onelevel, children and subtree matches, which cause
+.I <pattern>
+to be normalized according to the DN normalization rules, or the special
+.I regex
+style, which causes the
+.I <pattern>
+to be treated as a POSIX (''extended'') regular expression, as
+discussed in
+.BR regex (7)
+and/or
+.BR re_format (7).
+A pattern of
+.I *
+means any non-anonymous DN.
+The third form is a SASL
+.BR id ,
+with the optional fields
+.I <mech>
+and
+.I <realm>
+that allow to specify a SASL
+.BR mechanism ,
+and eventually a SASL
+.BR realm ,
+for those mechanisms that support one.
+The need to allow the specification of a mechanism is still debated,
+and users are strongly discouraged to rely on this possibility.
+The fourth form is a group specification, consisting of the keyword
+.BR group ,
+optionally followed by the specification of the group
+.B objectClass
+and member
+.BR attributeType .
+The group with DN
+.B <pattern>
+is searched with base scope, and in case of match, the values of the
+member
+.B attributeType
+are searched for the asserted DN.
+For backwards compatibility, if no identity type is provided, i.e. only
+.B <pattern>
+is present, an
+.I exact DN
+is assumed; as a consequence,
+.B <pattern>
+is subjected to DN normalization.
+Since the interpretation of
+.I authzFrom
+and
+.I authzTo
+can impact security, users are strongly encouraged
+to explicitly set the type of identity specification that is being used.
+A subset of these rules can be used as third arg in the
+.B authz-regexp
+statement (see below); significantly, the
+.I URI
+and the
+.I dn.exact:<dn>
+forms.
+.RE
+.TP
+.B authz-regexp <match> <replace>
+Used by the authentication framework to convert simple user names,
+such as provided by SASL subsystem, to an LDAP DN used for
+authorization purposes. Note that the resultant DN need not refer
+to an existing entry to be considered valid. When an authorization
+request is received from the SASL subsystem, the SASL
+.BR USERNAME ,
+.BR REALM ,
+and
+.B MECHANISM
+are taken, when available, and combined into a name of the form
+.RS
+.RS
+.TP
+.B UID=<username>[[,CN=<realm>],CN=<mechanism>],CN=auth
+
+.RE
+This name is then compared against the
+.B match
+POSIX (''extended'') regular expression, and if the match is successful,
+the name is replaced with the
+.B replace
+string. If there are wildcard strings in the
+.B match
+regular expression that are enclosed in parenthesis, e.g.
+.RS
+.TP
+.B UID=([^,]*),CN=.*
+
+.RE
+then the portion of the name that matched the wildcard will be stored
+in the numbered placeholder variable $1. If there are other wildcard strings
+in parenthesis, the matching strings will be in $2, $3, etc. up to $9. The
+placeholders can then be used in the
+.B replace
+string, e.g.
+.RS
+.TP
+.B UID=$1,OU=Accounts,DC=example,DC=com
+
+.RE
+The replaced name can be either a DN, i.e. a string prefixed by "dn:",
+or an LDAP URI.
+If the latter, the server will use the URI to search its own database(s)
+and, if the search returns exactly one entry, the name is
+replaced by the DN of that entry. The LDAP URI must have no
+hostport, attrs, or extensions components, but the filter is mandatory,
+e.g.
+.RS
+.TP
+.B ldap:///OU=Accounts,DC=example,DC=com??one?(UID=$1)
+
+.RE
+The protocol portion of the URI must be strictly
+.BR ldap .
+Note that this search is subject to access controls. Specifically,
+the authentication identity must have "auth" access in the subject.
+
+Multiple
+.B authz-regexp
+options can be given in the configuration file to allow for multiple matching
+and replacement patterns. The matching patterns are checked in the order they
+appear in the file, stopping at the first successful match.
+
+.\".B Caution:
+.\"Because the plus sign + is a character recognized by the regular expression engine,
+.\"and it will appear in names that include a REALM, be careful to escape the
+.\"plus sign with a backslash \\+ to remove the character's special meaning.
+.RE
+.TP
+.B concurrency <integer>
+Specify a desired level of concurrency. Provided to the underlying
+thread system as a hint. The default is not to provide any hint.
+.TP
+.B conn_max_pending <integer>
+Specify the maximum number of pending requests for an anonymous session.
+If requests are submitted faster than the server can process them, they
+will be queued up to this limit. If the limit is exceeded, the session
+is closed. The default is 100.
+.TP
+.B conn_max_pending_auth <integer>
+Specify the maximum number of pending requests for an authenticated session.
+The default is 1000.
+.TP
+.B defaultsearchbase <dn>
+Specify a default search base to use when client submits a
+non-base search request with an empty base DN.
+Base scoped search requests with an empty base DN are not affected.
+.TP
+.B disallow <features>
+Specify a set of features (separated by white space) to
+disallow (default none).
+.B bind_anon
+disables acceptance of anonymous bind requests. Note that this setting
+does not prohibit anonymous directory access (See "require authc").
+.B bind_simple
+disables simple (bind) authentication.
+.B tls_2_anon
+disables forcing session to anonymous status (see also
+.BR tls_authc ) upon StartTLS operation receipt.
+.B tls_authc
+dissallow the StartTLS operation if authenticated (see also
+.BR tls_2_anon ).
+.HP
+.hy 0
+.B ditcontentrule "(\ <oid>\
+ [NAME\ <name>]\
+ [DESC\ <description>]\
+ [OBSOLETE]\
+ [AUX\ <oids>]\
+ [MUST\ <oids>]\
+ [MAY\ <oids>]\
+ [NOT\ <oids>]\ )"
+.RS
+Specify an DIT Content Rule using the LDAPv3 syntax defined in RFC 4512.
+The slapd parser extends the RFC 4512 definition by allowing string
+forms as well as numeric OIDs to be used for the attribute OID and
+attribute syntax OID.
+(See the
+.B objectidentifier
+description.)
+.RE
+.TP
+.B gentlehup { on | off }
+A SIGHUP signal will only cause a 'gentle' shutdown-attempt:
+.B Slapd
+will stop listening for new connections, but will not close the
+connections to the current clients. Future write operations return
+unwilling-to-perform, though. Slapd terminates when all clients
+have closed their connections (if they ever do), or \- as before \-
+if it receives a SIGTERM signal. This can be useful if you wish to
+terminate the server and start a new
+.B slapd
+server
+.B with another database,
+without disrupting the currently active clients.
+The default is off. You may wish to use
+.B idletimeout
+along with this option.
+.TP
+.B idletimeout <integer>
+Specify the number of seconds to wait before forcibly closing
+an idle client connection. A idletimeout of 0 disables this
+feature. The default is 0.
+.TP
+.B include <filename>
+Read additional configuration information from the given file before
+continuing with the next line of the current file.
+.TP
+.B index_substr_if_minlen <integer>
+Specify the minimum length for subinitial and subfinal indices. An
+attribute value must have at least this many characters in order to be
+processed by the indexing functions. The default is 2.
+.TP
+.B index_substr_if_maxlen <integer>
+Specify the maximum length for subinitial and subfinal indices. Only
+this many characters of an attribute value will be processed by the
+indexing functions; any excess characters are ignored. The default is 4.
+.TP
+.B index_substr_any_len <integer>
+Specify the length used for subany indices. An attribute value must have
+at least this many characters in order to be processed. Attribute values
+longer than this length will be processed in segments of this length. The
+default is 4. The subany index will also be used in subinitial and
+subfinal index lookups when the filter string is longer than the
+.I index_substr_if_maxlen
+value.
+.TP
+.B index_substr_any_step <integer>
+Specify the steps used in subany index lookups. This value sets the offset
+for the segments of a filter string that are processed for a subany index
+lookup. The default is 2. For example, with the default values, a search
+using this filter "cn=*abcdefgh*" would generate index lookups for
+"abcd", "cdef", and "efgh".
+
+.\"-- NEW_LOGGING option --
+.\".TP
+.\".B logfile <filename>
+.\"Specify a file for recording debug log messages. By default these messages
+.\"only go to stderr and are not recorded anywhere else. Specifying a logfile
+.\"copies messages to both stderr and the logfile.
+.TP
+.B localSSF <SSF>
+Specifies the Security Strength Factor (SSF) to be given local LDAP sessions,
+such as those to the ldapi:// listener. For a description of SSF values,
+see
+.BR sasl-secprops 's
+.B minssf
+option description. The default is 71.
+.TP
+.B loglevel <integer> [...]
+Specify the level at which debugging statements and operation
+statistics should be syslogged (currently logged to the
+.BR syslogd (8)
+LOG_LOCAL4 facility).
+They must be considered subsystems rather than increasingly verbose
+log levels.
+Some messages with higher priority are logged regardless
+of the configured loglevel as soon as some logging is configured,
+otherwise anything is logged at all.
+Log levels are additive, and available levels are:
+.RS
+.RS
+.PD 0
+.TP
+.B 1
+.B (0x1 trace)
+trace function calls
+.TP
+.B 2
+.B (0x2 packet)
+debug packet handling
+.TP
+.B 4
+.B (0x4 args)
+heavy trace debugging (function args)
+.TP
+.B 8
+.B (0x8 conns)
+connection management
+.TP
+.B 16
+.B (0x10 BER)
+print out packets sent and received
+.TP
+.B 32
+.B (0x20 filter)
+search filter processing
+.TP
+.B 64
+.B (0x40 config)
+configuration file processing
+.TP
+.B 128
+.B (0x80 ACL)
+access control list processing
+.TP
+.B 256
+.B (0x100 stats)
+stats log connections/operations/results
+.TP
+.B 512
+.B (0x200 stats2)
+stats log entries sent
+.TP
+.B 1024
+.B (0x400 shell)
+print communication with shell backends
+.TP
+.B 2048
+.B (0x800 parse)
+entry parsing
+.TP
+.B 4096
+.B (0x1000 cache)
+caching (unused)
+.TP
+.B 8192
+.B (0x2000 index)
+data indexing (unused)
+.TP
+.B 16384
+.B (0x4000 sync)
+LDAPSync replication
+.TP
+.B 32768
+.B (0x8000 none)
+only messages that get logged whatever log level is set
+.PD
+.RE
+The desired log level can be input as a single integer that combines
+the (ORed) desired levels, both in decimal or in hexadecimal notation,
+as a list of integers (that are ORed internally),
+or as a list of the names that are shown between brackets, such that
+.LP
+.nf
+ loglevel 129
+ loglevel 0x81
+ loglevel 128 1
+ loglevel 0x80 0x1
+ loglevel acl trace
+.fi
+.LP
+are equivalent.
+The keyword
+.B any
+can be used as a shortcut to enable logging at all levels (equivalent to -1).
+The keyword
+.BR none ,
+or the equivalent integer representation, causes those messages
+that are logged regardless of the configured loglevel to be logged.
+In fact, if no loglevel (or a 0 level) is defined, no logging occurs,
+so at least the
+.B none
+level is required to have high priority messages logged.
+.RE
+.TP
+.B moduleload <filename>
+Specify the name of a dynamically loadable module to load. The filename
+may be an absolute path name or a simple filename. Non-absolute names
+are searched for in the directories specified by the
+.B modulepath
+option. This option and the
+.B modulepath
+option are only usable if slapd was compiled with --enable-modules.
+.TP
+.B modulepath <pathspec>
+Specify a list of directories to search for loadable modules. Typically
+the path is colon-separated but this depends on the operating system.
+.HP
+.hy 0
+.B objectclass "(\ <oid>\
+ [NAME\ <name>]\
+ [DESC\ <description>]\
+ [OBSOLETE]\
+ [SUP\ <oids>]\
+ [{ ABSTRACT | STRUCTURAL | AUXILIARY }]\
+ [MUST\ <oids>] [MAY\ <oids>] )"
+.RS
+Specify an objectclass using the LDAPv3 syntax defined in RFC 4512.
+The slapd parser extends the RFC 4512 definition by allowing string
+forms as well as numeric OIDs to be used for the object class OID.
+(See the
+.B
+objectidentifier
+description.) Object classes are "STRUCTURAL" by default.
+.RE
+.TP
+.B objectidentifier <name> "{ <oid> | <name>[:<suffix>] }"
+Define a string name that equates to the given OID. The string can be used
+in place of the numeric OID in objectclass and attribute definitions. The
+name can also be used with a suffix of the form ":xx" in which case the
+value "oid.xx" will be used.
+.TP
+.B password-hash <hash> [<hash>...]
+This option configures one or more hashes to be used in generation of user
+passwords stored in the userPassword attribute during processing of
+LDAP Password Modify Extended Operations (RFC 3062).
+The <hash> must be one of
+.BR {SSHA} ,
+.BR {SHA} ,
+.BR {SMD5} ,
+.BR {MD5} ,
+.BR {CRYPT} ,
+and
+.BR {CLEARTEXT} .
+The default is
+.BR {SSHA} .
+
+.B {SHA}
+and
+.B {SSHA}
+use the SHA-1 algorithm (FIPS 160-1), the latter with a seed.
+
+.B {MD5}
+and
+.B {SMD5}
+use the MD5 algorithm (RFC 1321), the latter with a seed.
+
+.B {CRYPT}
+uses the
+.BR crypt (3).
+
+.B {CLEARTEXT}
+indicates that the new password should be
+added to userPassword as clear text.
+
+Note that this option does not alter the normal user applications
+handling of userPassword during LDAP Add, Modify, or other LDAP operations.
+.TP
+.B password\-crypt\-salt\-format <format>
+Specify the format of the salt passed to
+.BR crypt (3)
+when generating {CRYPT} passwords (see
+.BR password\-hash )
+during processing of LDAP Password Modify Extended Operations (RFC 3062).
+
+This string needs to be in
+.BR sprintf (3)
+format and may include one (and only one) %s conversion.
+This conversion will be substituted with a string of random
+characters from [A\-Za\-z0\-9./]. For example, "%.2s"
+provides a two character salt and "$1$%.8s" tells some
+versions of crypt(3) to use an MD5 algorithm and provides
+8 random characters of salt. The default is "%s", which
+provides 31 characters of salt.
+.TP
+.B pidfile <filename>
+The ( absolute ) name of a file that will hold the
+.B slapd
+server's process ID ( see
+.BR getpid (2)
+) if started without the debugging command line option.
+.TP
+.B referral <url>
+Specify the referral to pass back when
+.BR slapd (8)
+cannot find a local database to handle a request.
+If specified multiple times, each url is provided.
+.TP
+.B replica-argsfile
+The ( absolute ) name of a file that will hold the
+.B slurpd
+server's command line options
+if started without the debugging command line option.
+.TP
+.B replica-pidfile
+The ( absolute ) name of a file that will hold the
+.B slurpd
+server's process ID ( see
+.BR getpid (2)
+) if started without the debugging command line option.
+.TP
+.B replicationinterval
+The number of seconds
+.B slurpd
+waits before checking the replogfile for changes.
+.TP
+.B require <conditions>
+Specify a set of conditions (separated by white space) to
+require (default none).
+The directive may be specified globally and/or per-database;
+databases inherit global conditions, so per-database specifications
+are additive.
+.B bind
+requires bind operation prior to directory operations.
+.B LDAPv3
+requires session to be using LDAP version 3.
+.B authc
+requires authentication prior to directory operations.
+.B SASL
+requires SASL authentication prior to directory operations.
+.B strong
+requires strong authentication prior to directory operations.
+The strong keyword allows protected "simple" authentication
+as well as SASL authentication.
+.B none
+may be used to require no conditions (useful to clear out globally
+set conditions within a particular database); it must occur first
+in the list of conditions.
+.TP
+.B reverse-lookup on | off
+Enable/disable client name unverified reverse lookup (default is
+.BR off
+if compiled with --enable-rlookups).
+.TP
+.B rootDSE <file>
+Specify the name of an LDIF(5) file containing user defined attributes
+for the root DSE. These attributes are returned in addition to the
+attributes normally produced by slapd.
+.TP
+.B sasl-host <fqdn>
+Used to specify the fully qualified domain name used for SASL processing.
+.TP
+.B sasl-realm <realm>
+Specify SASL realm. Default is empty.
+.TP
+.B sasl-secprops <properties>
+Used to specify Cyrus SASL security properties.
+The
+.B none
+flag (without any other properties) causes the flag properties
+default, "noanonymous,noplain", to be cleared.
+The
+.B noplain
+flag disables mechanisms susceptible to simple passive attacks.
+The
+.B noactive
+flag disables mechanisms susceptible to active attacks.
+The
+.B nodict
+flag disables mechanisms susceptible to passive dictionary attacks.
+The
+.B noanonymous
+flag disables mechanisms which support anonymous login.
+The
+.B forwardsec
+flag require forward secrecy between sessions.
+The
+.B passcred
+require mechanisms which pass client credentials (and allow
+mechanisms which can pass credentials to do so).
+The
+.B minssf=<factor>
+property specifies the minimum acceptable
+.I security strength factor
+as an integer approximate to effective key length used for
+encryption. 0 (zero) implies no protection, 1 implies integrity
+protection only, 56 allows DES or other weak ciphers, 112
+allows triple DES and other strong ciphers, 128 allows RC4,
+Blowfish and other modern strong ciphers. The default is 0.
+The
+.B maxssf=<factor>
+property specifies the maximum acceptable
+.I security strength factor
+as an integer (see minssf description). The default is INT_MAX.
+The
+.B maxbufsize=<size>
+property specifies the maximum security layer receive buffer
+size allowed. 0 disables security layers. The default is 65536.
+.TP
+.B schemadn <dn>
+Specify the distinguished name for the subschema subentry that
+controls the entries on this server. The default is "cn=Subschema".
+.TP
+.B security <factors>
+Specify a set of security strength factors (separated by white space)
+to require (see
+.BR sasl-secprops 's
+.B minssf
+option for a description of security strength factors).
+The directive may be specified globally and/or per-database.
+.B ssf=<n>
+specifies the overall security strength factor.
+.B transport=<n>
+specifies the transport security strength factor.
+.B tls=<n>
+specifies the TLS security strength factor.
+.B sasl=<n>
+specifies the SASL security strength factor.
+.B update_ssf=<n>
+specifies the overall security strength factor to require for
+directory updates.
+.B update_transport=<n>
+specifies the transport security strength factor to require for
+directory updates.
+.B update_tls=<n>
+specifies the TLS security strength factor to require for
+directory updates.
+.B update_sasl=<n>
+specifies the SASL security strength factor to require for
+directory updates.
+.B simple_bind=<n>
+specifies the security strength factor required for
+.I simple
+username/password authentication.
+Note that the
+.B transport
+factor is measure of security provided by the underlying transport,
+e.g. ldapi:// (and eventually IPSEC). It is not normally used.
+.TP
+.B sizelimit {<integer>|unlimited}
+.TP
+.B sizelimit size[.{soft|hard|unchecked}]=<integer> [...]
+Specify the maximum number of entries to return from a search operation.
+The default size limit is 500.
+Use
+.B unlimited
+to specify no limits.
+The second format allows a fine grain setting of the size limits.
+Extra args can be added on the same line.
+See
+.BR limits
+for an explanation of the different flags.
+.TP
+.B sockbuf_max_incoming <integer>
+Specify the maximum incoming LDAP PDU size for anonymous sessions.
+The default is 262143.
+.TP
+.B sockbuf_max_incoming_auth <integer>
+Specify the maximum incoming LDAP PDU size for authenticated sessions.
+The default is 4194303.
+.TP
+.B threads <integer>
+Specify the maximum size of the primary thread pool.
+The default is 16; the minimum value is 2.
+.TP
+.B timelimit {<integer>|unlimited}
+.TP
+.B timelimit time[.{soft|hard}]=<integer> [...]
+Specify the maximum number of seconds (in real time)
+.B slapd
+will spend answering a search request. The default time limit is 3600.
+Use
+.B unlimited
+to specify no limits.
+The second format allows a fine grain setting of the time limits.
+Extra args can be added on the same line.
+See
+.BR limits
+for an explanation of the different flags.
+.TP
+.B tool-threads <integer>
+Specify the maximum number of threads to use in tool mode.
+This should not be greater than the number of CPUs in the system.
+The default is 1.
+.\"ucdata-path is obsolete / ignored...
+.\".TP
+.\".B ucdata-path <path>
+.\"Specify the path to the directory containing the Unicode character
+.\"tables. The default path is DATADIR/ucdata.
+.SH TLS OPTIONS
+If
+.B slapd
+is built with support for Transport Layer Security, there are more options
+you can specify.
+.TP
+.B TLSCipherSuite <cipher-suite-spec>
+Permits configuring what ciphers will be accepted and the preference order.
+<cipher-suite-spec> should be a cipher specification for OpenSSL. Example:
+
+TLSCipherSuite HIGH:MEDIUM:+SSLv2
+
+To check what ciphers a given spec selects, use:
+
+openssl ciphers -v <cipher-suite-spec>
+.TP
+.B TLSCACertificateFile <filename>
+Specifies the file that contains certificates for all of the Certificate
+Authorities that
+.B slapd
+will recognize.
+.TP
+.B TLSCACertificatePath <path>
+Specifies the path of a directory that contains Certificate Authority
+certificates in separate individual files. Usually only one of this
+or the TLSCACertificateFile is used.
+.TP
+.B TLSCertificateFile <filename>
+Specifies the file that contains the
+.B slapd
+server certificate.
+.TP
+.B TLSCertificateKeyFile <filename>
+Specifies the file that contains the
+.B slapd
+server private key that matches the certificate stored in the
+.B TLSCertificateFile
+file. Currently, the private key must not be protected with a password, so
+it is of critical importance that it is protected carefully.
+.TP
+.B TLSDHParamFile <filename>
+This directive specifies the file that contains parameters for Diffie-Hellman
+ephemeral key exchange. This is required in order to use a DSA certificate on
+the server. If multiple sets of parameters are present in the file, all of
+them will be processed. Note that setting this option may also enable
+Anonymous Diffie-Hellman key exchanges in certain non-default cipher suites.
+You should append "!ADH" to your cipher suites if you have changed them
+from the default, otherwise no certificate exchanges or verification will
+be done.
+.TP
+.B TLSRandFile <filename>
+Specifies the file to obtain random bits from when /dev/[u]random
+is not available. Generally set to the name of the EGD/PRNGD socket.
+The environment variable RANDFILE can also be used to specify the filename.
+.TP
+.B TLSVerifyClient <level>
+Specifies what checks to perform on client certificates in an
+incoming TLS session, if any.
+The
+.B <level>
+can be specified as one of the following keywords:
+.RS
+.TP
+.B never
+This is the default.
+.B slapd
+will not ask the client for a certificate.
+.TP
+.B allow
+The client certificate is requested. If no certificate is provided,
+the session proceeds normally. If a bad certificate is provided,
+it will be ignored and the session proceeds normally.
+.TP
+.B try
+The client certificate is requested. If no certificate is provided,
+the session proceeds normally. If a bad certificate is provided,
+the session is immediately terminated.
+.TP
+.B demand | hard | true
+These keywords are all equivalent, for compatibility reasons.
+The client certificate is requested. If no certificate is provided,
+or a bad certificate is provided, the session is immediately terminated.
+
+Note that a valid client certificate is required in order to use the
+SASL EXTERNAL authentication mechanism with a TLS session. As such,
+a non-default
+.B TLSVerifyClient
+setting must be chosen to enable SASL EXTERNAL authentication.
+.RE
+.TP
+.B TLSCRLCheck <level>
+Specifies if the Certificate Revocation List (CRL) of the CA should be
+used to verify if the client certificates have not been revoked. This
+requires
+.B TLSCACertificatePath
+parameter to be set.
+.B <level>
+can be specified as one of the following keywords:
+.RS
+.TP
+.B none
+No CRL checks are performed
+.TP
+.B peer
+Check the CRL of the peer certificate
+.TP
+.B all
+Check the CRL for a whole certificate chain
+.RE
+.SH GENERAL BACKEND OPTIONS
+Options in this section only apply to the configuration file section
+for the specified backend. They are supported by every
+type of backend.
+.TP
+.B backend <databasetype>
+Mark the beginning of a backend definition. <databasetype>
+should be one of
+.BR bdb ,
+.BR config ,
+.BR dnssrv ,
+.BR hdb ,
+.BR ldap ,
+.BR ldbm ,
+.BR ldif ,
+.BR meta ,
+.BR monitor ,
+.BR null ,
+.BR passwd ,
+.BR perl ,
+.BR relay ,
+.BR shell ,
+or
+.BR sql ,
+depending on which backend will serve the database.
+
+.SH GENERAL DATABASE OPTIONS
+Options in this section only apply to the configuration file section
+for the database in which they are defined. They are supported by every
+type of backend. Note that the
+.B database
+and at least one
+.B suffix
+option are mandatory for each database.
+.TP
+.B database <databasetype>
+Mark the beginning of a new database instance definition. <databasetype>
+should be one of
+.BR bdb ,
+.BR config ,
+.BR dnssrv ,
+.BR hdb ,
+.BR ldap ,
+.BR ldbm ,
+.BR ldif ,
+.BR meta ,
+.BR monitor ,
+.BR null ,
+.BR passwd ,
+.BR perl ,
+.BR relay ,
+.BR shell ,
+or
+.BR sql ,
+depending on which backend will serve the database.
+.TP
+.B lastmod on | off
+Controls whether
+.B slapd
+will automatically maintain the
+modifiersName, modifyTimestamp, creatorsName, and
+createTimestamp attributes for entries. It also controls
+the entryCSN and entryUUID attributes, which are needed
+by the syncrepl provider. By default, lastmod is on.
+.TP
+.B limits <who> <limit> [<limit> [...]]
+Specify time and size limits based on who initiated an operation.
+The argument
+.B who
+can be any of
+.RS
+.RS
+.TP
+anonymous | users | [dn[.<style>]=]<pattern> | group[/oc[/at]]=<pattern>
+
+.RE
+with
+.RS
+.TP
+<style> ::= exact | base | onelevel | subtree | children | regex | anonymous
+
+.RE
+The term
+.B anonymous
+matches all unauthenticated clients.
+The term
+.B users
+matches all authenticated clients;
+otherwise an
+.B exact
+dn pattern is assumed unless otherwise specified by qualifying
+the (optional) key string
+.B dn
+with
+.B exact
+or
+.B base
+(which are synonyms), to require an exact match; with
+.BR onelevel ,
+to require exactly one level of depth match; with
+.BR subtree ,
+to allow any level of depth match, including the exact match; with
+.BR children ,
+to allow any level of depth match, not including the exact match;
+.BR regex
+explicitly requires the (default) match based on POSIX (''extended'')
+regular expression pattern.
+Finally,
+.B anonymous
+matches unbound operations; the
+.B pattern
+field is ignored.
+The same behavior is obtained by using the
+.B anonymous
+form of the
+.B who
+clause.
+The term
+.BR group ,
+with the optional objectClass
+.B oc
+and attributeType
+.B at
+fields, followed by
+.BR pattern ,
+sets the limits for any DN listed in the values of the
+.B at
+attribute (default
+.BR member )
+of the
+.B oc
+group objectClass (default
+.BR groupOfNames )
+whose DN exactly matches
+.BR pattern .
+
+The currently supported limits are
+.B size
+and
+.BR time .
+
+The syntax for time limits is
+.BR time[.{soft|hard}]=<integer> ,
+where
+.I integer
+is the number of seconds slapd will spend answering a search request.
+If no time limit is explicitly requested by the client, the
+.BR soft
+limit is used; if the requested time limit exceeds the
+.BR hard
+.\"limit, an
+.\".I "Administrative limit exceeded"
+.\"error is returned.
+limit, the value of the limit is used instead.
+If the
+.BR hard
+limit is set to the keyword
+.IR soft ,
+the soft limit is used in either case; if it is set to the keyword
+.IR unlimited ,
+no hard limit is enforced.
+Explicit requests for time limits smaller or equal to the
+.BR hard
+limit are honored.
+If no limit specifier is set, the value is assigned to the
+.BR soft
+limit, and the
+.BR hard
+limit is set to
+.IR soft ,
+to preserve the original behavior.
+
+The syntax for size limits is
+.BR size[.{soft|hard|unchecked}]=<integer> ,
+where
+.I integer
+is the maximum number of entries slapd will return answering a search
+request.
+If no size limit is explicitly requested by the client, the
+.BR soft
+limit is used; if the requested size limit exceeds the
+.BR hard
+.\"limit, an
+.\".I "Administrative limit exceeded"
+.\"error is returned.
+limit, the value of the limit is used instead.
+If the
+.BR hard
+limit is set to the keyword
+.IR soft ,
+the soft limit is used in either case; if it is set to the keyword
+.IR unlimited ,
+no hard limit is enforced.
+Explicit requests for size limits smaller or equal to the
+.BR hard
+limit are honored.
+The
+.BR unchecked
+specifier sets a limit on the number of candidates a search request is allowed
+to examine.
+The rationale behind it is that searches for non-properly indexed
+attributes may result in large sets of candidates, which must be
+examined by
+.BR slapd (8)
+to determine whether they match the search filter or not.
+The
+.B unchecked
+limit provides a means to drop such operations before they are even
+started.
+If the selected candidates exceed the
+.BR unchecked
+limit, the search will abort with
+.IR "Unwilling to perform" .
+If it is set to the keyword
+.IR unlimited ,
+no limit is applied (the default).
+If it is set to
+.IR disable ,
+the search is not even performed; this can be used to disallow searches
+for a specific set of users.
+If no limit specifier is set, the value is assigned to the
+.BR soft
+limit, and the
+.BR hard
+limit is set to
+.IR soft ,
+to preserve the original behavior.
+
+In case of no match, the global limits are used.
+The default values are the same of
+.B sizelimit
+and
+.BR timelimit ;
+no limit is set on
+.BR unchecked .
+
+If
+.B pagedResults
+control is requested, the
+.B hard
+size limit is used by default, because the request of a specific page size
+is considered an explicit request for a limitation on the number
+of entries to be returned.
+However, the size limit applies to the total count of entries returned within
+the search, and not to a single page.
+Additional size limits may be enforced; the syntax is
+.BR size.pr={<integer>|noEstimate|unlimited} ,
+where
+.I integer
+is the max page size if no explicit limit is set; the keyword
+.I noEstimate
+inhibits the server from returning an estimate of the total number
+of entries that might be returned
+(note: the current implementation does not return any estimate).
+The keyword
+.I unlimited
+indicates that no limit is applied to the pagedResults control page size.
+The syntax
+.B size.prtotal={<integer>|unlimited|disabled}
+allows to set a limit on the total number of entries that a pagedResults
+control allows to return.
+By default it is set to the
+.B hard
+limit.
+When set,
+.I integer
+is the max number of entries that the whole search with pagedResults control
+can return.
+Use
+.I unlimited
+to allow unlimited number of entries to be returned, e.g. to allow
+the use of the pagedResults control as a means to circumvent size
+limitations on regular searches; the keyword
+.I disabled
+disables the control, i.e. no paged results can be returned.
+Note that the total number of entries returned when the pagedResults control
+is requested cannot exceed the
+.B hard
+size limit of regular searches unless extended by the
+.B prtotal
+switch.
+.RE
+.TP
+.B maxderefdepth <depth>
+Specifies the maximum number of aliases to dereference when trying to
+resolve an entry, used to avoid infinite alias loops. The default is 1.
+.TP
+.B overlay <overlay-name>
+Add the specified overlay to this database. An overlay is a piece of
+code that intercepts database operations in order to extend or change
+them. Overlays are pushed onto
+a stack over the database, and so they will execute in the reverse
+of the order in which they were configured and the database itself
+will receive control last of all. Note that all of the database's
+regular settings should be configured before any overlay settings.
+.TP
+.B readonly on | off
+This option puts the database into "read-only" mode. Any attempts to
+modify the database will return an "unwilling to perform" error. By
+default, readonly is off.
+.HP
+.hy 0
+.B replica uri=ldap[s]://<hostname>[:port]|host=<hostname>[:port]
+.B [starttls=yes|critical]
+.B [suffix=<suffix> [...]]
+.B bindmethod=simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
+.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
+.B [authcId=<authentication ID>] [authzId=<authorization ID>]
+.B [attr[!]=<attr list>]
+.RS
+Specify a replication site for this database. Refer to the "OpenLDAP
+Administrator's Guide" for detailed information on setting up a replicated
+.B slapd
+directory service. Zero or more
+.B suffix
+instances can be used to select the subtrees that will be replicated
+(defaults to all the database).
+.B host
+is deprecated in favor of the
+.B uri
+option.
+.B uri
+allows the replica LDAP server to be specified as an LDAP URI.
+A
+.B bindmethod
+of
+.B simple
+requires the options
+.B binddn
+and
+.B credentials
+and should only be used when adequate security services
+(e.g TLS or IPSEC) are in place. A
+.B bindmethod
+of
+.B sasl
+requires the option
+.B saslmech.
+Specific security properties (as with the
+.B sasl-secprops
+keyword above) for a SASL bind can be set with the
+.B secprops
+option. A non-default SASL realm can be set with the
+.B realm
+option.
+If the
+.B mechanism
+will use Kerberos, a kerberos instance should be given in
+.B authcId.
+An
+.B attr list
+can be given after the
+.B attr
+keyword to allow the selective replication of the listed attributes only;
+if the optional
+.B !
+mark is used, the list is considered exclusive, i.e. the listed attributes
+are not replicated.
+If an objectClass is listed, all the related attributes
+are (are not) replicated.
+.RE
+.TP
+.B replogfile <filename>
+Specify the name of the replication log file to log changes to.
+The replication log is typically written by
+.BR slapd (8)
+and read by
+.BR slurpd (8).
+See
+.BR slapd.replog (5)
+for more information. The specified file should be located
+in a directory with limited read/write/execute access as the replication
+logs may contain sensitive information.
+.TP
+.B restrict <oplist>
+Specify a whitespace separated list of operations that are restricted.
+If defined inside a database specification, restrictions apply only
+to that database, otherwise they are global.
+Operations can be any of
+.BR add ,
+.BR bind ,
+.BR compare ,
+.BR delete ,
+.BR extended[=<OID>] ,
+.BR modify ,
+.BR rename ,
+.BR search ,
+or the special pseudo-operations
+.B read
+and
+.BR write ,
+which respectively summarize read and write operations.
+The use of
+.I restrict write
+is equivalent to
+.I readonly on
+(see above).
+The
+.B extended
+keyword allows to indicate the OID of the specific operation
+to be restricted.
+.TP
+.B rootdn <dn>
+Specify the distinguished name that is not subject to access control
+or administrative limit restrictions for operations on this database.
+This DN may or may not be associated with an entry. An empty root
+DN (the default) specifies no root access is to be granted. It is
+recommended that the rootdn only be specified when needed (such as
+when initially populating a database). If the rootdn is within
+a namingContext (suffix) of the database, a simple bind password
+may also be provided using the
+.B rootpw
+directive. Note that the rootdn is always needed when using syncrepl.
+.TP
+.B rootpw <password>
+Specify a password (or hash of the password) for the rootdn. The
+password can only be set if the rootdn is within the namingContext
+(suffix) of the database.
+This option accepts all RFC 2307 userPassword formats known to
+the server (see
+.B password-hash
+description) as well as cleartext.
+.BR slappasswd (8)
+may be used to generate a hash of a password. Cleartext
+and \fB{CRYPT}\fP passwords are not recommended. If empty
+(the default), authentication of the root DN is by other means
+(e.g. SASL). Use of SASL is encouraged.
+.TP
+.B suffix <dn suffix>
+Specify the DN suffix of queries that will be passed to this
+backend database. Multiple suffix lines can be given and at least one is
+required for each database definition.
+If the suffix of one database is "inside" that of another, the database
+with the inner suffix must come first in the configuration file.
+.TP
+.B subordinate [advertise]
+Specify that the current backend database is a subordinate of another
+backend database. A subordinate database may have only one suffix. This
+option may be used to glue multiple databases into a single namingContext.
+If the suffix of the current database is within the namingContext of a
+superior database, searches against the superior database will be
+propagated to the subordinate as well. All of the databases
+associated with a single namingContext should have identical rootdns.
+Behavior of other LDAP operations is unaffected by this setting. In
+particular, it is not possible to use moddn to move an entry from
+one subordinate to another subordinate within the namingContext.
+
+If the optional \fBadvertise\fP flag is supplied, the naming context of
+this database is advertised in the root DSE. The default is to hide this
+database context, so that only the superior context is visible.
+
+If the slap tools
+.BR slapcat (8),
+.BR slapadd (8),
+or
+.BR slapindex (8)
+are used on the superior database, any glued subordinates that support
+these tools are opened as well.
+
+Databases that are glued together should usually be configured with the
+same indices (assuming they support indexing), even for attributes that
+only exist in some of these databases. In general, all of the glued
+databases should be configured as similarly as possible, since the intent
+is to provide the appearance of a single directory.
+
+Note that the \fIsubordinate\fP functionality is implemented internally
+by the \fIglue\fP overlay and as such its behavior will interact with other
+overlays in use. By default, the glue overlay is automatically configured as
+the last overlay on the superior backend. Its position on the backend
+can be explicitly configured by setting an \fBoverlay glue\fP directive
+at the desired position. This explicit configuration is necessary e.g.
+when using the \fIsyncprov\fP overlay, which needs to follow \fIglue\fP
+in order to work over all of the glued databases. E.g.
+.RS
+.nf
+ database bdb
+ suffix dc=example,dc=com
+ ...
+ overlay glue
+ overlay syncprov
+.fi
+.RE
+.HP
+.hy 0
+.B syncrepl rid=<replica ID>
+.B provider=ldap[s]://<hostname>[:port]
+.B [type=refreshOnly|refreshAndPersist]
+.B [interval=dd:hh:mm:ss]
+.B [retry=[<retry interval> <# of retries>]+]
+.B searchbase=<base DN>
+.B [filter=<filter str>]
+.B [scope=sub|one|base]
+.B [attrs=<attr list>]
+.B [attrsonly]
+.B [sizelimit=<limit>]
+.B [timelimit=<limit>]
+.B [schemachecking=on|off]
+.B [starttls=yes|critical]
+.B [bindmethod=simple|sasl]
+.B [binddn=<dn>]
+.B [saslmech=<mech>]
+.B [authcid=<identity>]
+.B [authzid=<identity>]
+.B [credentials=<passwd>]
+.B [realm=<realm>]
+.B [secprops=<properties>]
+.B [logbase=<base DN>]
+.B [logfilter=<filter str>]
+.B [syncdata=default|accesslog|changelog]
+.RS
+Specify the current database as a replica which is kept up-to-date with the
+master content by establishing the current
+.BR slapd (8)
+as a replication consumer site running a
+.B syncrepl
+replication engine.
+The replica content is kept synchronized to the master content using
+the LDAP Content Synchronization protocol. Refer to the
+"OpenLDAP Administrator's Guide" for detailed information on
+setting up a replicated
+.B slapd
+directory service using the
+.B syncrepl
+replication engine.
+.B rid
+identifies the current
+.B syncrepl
+directive within the replication consumer site.
+It is a non-negative integer having no more than three digits.
+.B provider
+specifies the replication provider site containing the master content
+as an LDAP URI. If <port> is not given, the standard LDAP port number
+(389 or 636) is used. The content of the
+.B syncrepl
+replica is defined using a search
+specification as its result set. The consumer
+.B slapd
+will send search requests to the provider
+.B slapd
+according to the search specification. The search specification includes
+.B searchbase, scope, filter, attrs, attrsonly, sizelimit,
+and
+.B timelimit
+parameters as in the normal search specification.
+The \fBscope\fP defaults to \fBsub\fP, the \fBfilter\fP defaults to
+\fB(objectclass=*)\fP, and there is no default \fBsearchbase\fP. The
+\fBattrs\fP list defaults to \fB"*,+"\fP to return all user and operational
+attributes, and \fBattrsonly\fP is unset by default.
+The \fBsizelimit\fP and \fBtimelimit\fP only
+accept "unlimited" and positive integers, and both default to "unlimited".
+The LDAP Content Synchronization protocol has two operation types.
+In the
+.B refreshOnly
+operation, the next synchronization search operation
+is periodically rescheduled at an interval time (specified by
+.B interval
+parameter; 1 day by default)
+after each synchronization operation finishes.
+In the
+.B refreshAndPersist
+operation, a synchronization search remains persistent in the provider slapd.
+Further updates to the master replica will generate
+.B searchResultEntry
+to the consumer slapd as the search responses to the persistent
+synchronization search.
+If an error occurs during replication, the consumer will attempt to
+reconnect according to the
+.B retry
+parameter which is a list of the <retry interval> and <# of retries> pairs.
+For example, retry="60 10 300 3" lets the consumer retry every 60 seconds
+for the first 10 times and then retry every 300 seconds for the next 3
+times before stop retrying. The `+' in <# of retries> means indefinite
+number of retries until success.
+The schema checking can be enforced at the LDAP Sync
+consumer site by turning on the
+.B schemachecking
+parameter. The default is off.
+The
+.B starttls
+parameter specifies use of the StartTLS extended operation
+to establish a TLS session before Binding to the provider. If the
+StartTLS request fails and the
+.B critical
+argument was used, the session will be aborted. Otherwise the syncrepl
+session continues without TLS.
+A
+.B bindmethod
+of
+.B simple
+requires the options
+.B binddn
+and
+.B credentials
+and should only be used when adequate security services
+(e.g. TLS or IPSEC) are in place.
+.B REMEMBER: simple bind credentials must be in cleartext!
+A
+.B bindmethod
+of
+.B sasl
+requires the option
+.B saslmech.
+Depending on the mechanism, an authentication identity and/or
+credentials can be specified using
+.B authcid
+and
+.B credentials.
+The
+.B authzid
+parameter may be used to specify an authorization identity.
+Specific security properties (as with the
+.B sasl-secprops
+keyword above) for a SASL bind can be set with the
+.B secprops
+option. A non default SASL realm can be set with the
+.B realm
+option.
+
+Rather than replicating whole entries, the consumer can query logs of
+data modifications. This mode of operation is referred to as \fIdelta
+syncrepl\fP. In addition to the above parameters, the
+.B logbase
+and
+.B logfilter
+parameters must be set appropriately for the log that will be used. The
+.B syncdata
+parameter must be set to either "accesslog" if the log conforms to the
+.BR slapo-accesslog (5)
+log format, or "changelog" if the log conforms
+to the obsolete \fIchangelog\fP format. If the
+.B syncdata
+parameter is omitted or set to "default" then the log parameters are
+ignored.
+.RE
+.TP
+.B updatedn <dn>
+This option is only applicable in a slave
+database updated using
+.BR slurpd(8).
+It specifies the DN permitted to update (subject to access controls)
+the replica (typically, this is the DN
+.BR slurpd (8)
+binds to update the replica). Generally, this DN
+.I should not
+be the same as the
+.B rootdn
+used at the master.
+.TP
+.B updateref <url>
+Specify the referral to pass back when
+.BR slapd (8)
+is asked to modify a replicated local database.
+If specified multiple times, each url is provided.
+
+.SH DATABASE-SPECIFIC OPTIONS
+Each database may allow specific configuration options; they are
+documented separately in the backends' manual pages.
+.SH BACKENDS
+The following backends can be compiled into slapd.
+They are documented in the
+.BR slapd-<backend> (5)
+manual pages.
+.TP
+.B bdb
+This is the recommended primary backend for a normal slapd database.
+It takes care to configure it properly.
+It uses the transactional database interface of the Sleepycat Berkeley
+DB (BDB) package to store data.
+.TP
+.B config
+This backend is used to manage the configuration of slapd run-time.
+.TP
+.B dnssrv
+This backend is experimental.
+It serves up referrals based upon SRV resource records held in the
+Domain Name System.
+.TP
+.B hdb
+This is a variant of the BDB backend that uses a hierarchical database
+layout which supports subtree renames.
+.TP
+.B ldap
+This backend acts as a proxy to forward incoming requests to another
+LDAP server.
+.TP
+.B ldbm
+This is an easy-to-configure but obsolete database backend. It
+does not offer the data durability features of the BDB and HDB
+backends and hence is deprecated in favor of these robust backends.
+LDBM uses lightweight non-transactional DB interfaces,
+such as those providing by GDBM or Berkeley DB, to store data.
+.TP
+.B ldif
+This database uses the filesystem to build the tree structure
+of the database, using plain ascii files to store data.
+Its usage should be limited to very simple databases, where performance
+is not a requirement.
+.TP
+.B meta
+This backend performs basic LDAP proxying with respect to a set of
+remote LDAP servers. It is an enhancement of the ldap backend.
+.TP
+.B monitor
+This backend provides information about the running status of the slapd
+daemon.
+.TP
+.B null
+Operations in this backend succeed but do nothing.
+.TP
+.B passwd
+This backend is provided for demonstration purposes only.
+It serves up user account information from the system
+.BR passwd (5)
+file.
+.TP
+.B perl
+This backend embeds a
+.BR perl (1)
+interpreter into slapd.
+It runs Perl subroutines to implement LDAP operations.
+.TP
+.B relay
+This backend is experimental.
+It redirects LDAP operations to another database
+in the same server, based on the naming context of the request.
+Its use requires the
+.B rwm
+overlay (see
+.BR slapo-rwm (5)
+for details) to rewrite the naming context of the request.
+It is primarily intended to implement virtual views on databases
+that actually store data.
+.TP
+.B shell
+This backend executes external programs to implement LDAP operations.
+It is primarily intended to be used in prototypes.
+.TP
+.B sql
+This backend is experimental.
+It services LDAP requests from an SQL database.
+.SH OVERLAYS
+The following overlays can be compiled into slapd.
+They are documented in the
+.BR slapo-<overlay> (5)
+manual pages.
+.TP
+.B accesslog
+Access Logging.
+This overlay can record accesses to a given backend database on another
+database.
+.TP
+.B auditlog
+Audit Logging.
+This overlay records changes on a given backend database to an LDIF log
+file.
+By default it is not built.
+.TP
+.B chain
+Chaining.
+This overlay allows automatic referral chasing when a referral would
+have been returned, either when configured by the server or when
+requested by the client.
+.TP
+.B denyop
+Deny Operation.
+This overlay allows selected operations to be denied, similar to the
+\fBrestrict\fP option.
+.TP
+.B dyngroup
+Dynamic Group.
+This is a demo overlay which extends the Compare operation to detect
+members of a dynamic group.
+It has no effect on any other operations.
+.TP
+.B dynlist
+Dynamic List.
+This overlay allows expansion of dynamic groups and more.
+.TP
+.B lastmod
+Last Modification.
+This overlay maintains a service entry in the database with the DN,
+modification type, modifiersName and modifyTimestamp of the last write
+operation performed on that database.
+.TP
+.B pcache
+Proxycache.
+This overlay allows caching of LDAP search requests in a local database.
+It is most often used with the ldap or meta backends.
+.TP
+.B ppolicy
+Password Policy.
+This overlay provides a variety of password control mechanisms,
+e.g. password aging, password reuse and duplication control, mandatory
+password resets, etc.
+.TP
+.B refint
+Referential Integrity.
+This overlay can be used with a backend database such as
+.BR slapd-bdb (5)
+to maintain the cohesiveness of a schema which utilizes reference
+attributes.
+.TP
+.B retcode
+Return Code.
+This overlay is useful to test the behavior of clients when
+server-generated erroneous and/or unusual responses occur.
+.TP
+.B rwm
+Rewrite/remap.
+This overlay is experimental.
+It performs basic DN/data rewrite and
+objectClass/attributeType mapping.
+.TP
+.B syncprov
+Syncrepl Provider.
+This overlay implements the provider-side support for
+.B syncrepl
+replication, including persistent search functionality.
+.TP
+.B translucent
+Translucent Proxy.
+This overlay can be used with a backend database such as
+.BR slapd-bdb (5)
+to create a "translucent proxy".
+Content of entries retrieved from a remote LDAP server can be partially
+overridden by the database.
+.TP
+.B unique
+Attribute Uniqueness.
+This overlay can be used with a backend database such as
+.BR slapd-bdb (5)
+to enforce the uniqueness of some or all attributes within a subtree.
+.SH EXAMPLES
+.LP
+Here is a short example of a configuration file:
+.LP
+.RS
+.nf
+include SYSCONFDIR/schema/core.schema
+pidfile LOCALSTATEDIR/slapd.pid
+
+# Subtypes of "name" (e.g. "cn" and "ou") with the
+# option ";x-hidden" can be searched for/compared,
+# but are not shown. See \fBslapd.access\fP(5).
+attributeoptions x-hidden lang-
+access to attr=name;x-hidden by * =cs
+
+# Protect passwords. See \fBslapd.access\fP(5).
+access to attrs=userPassword by * auth
+# Read access to other attributes and entries.
+access to * by * read
+
+database bdb
+suffix "dc=our-domain,dc=com"
+# The database directory MUST exist prior to
+# running slapd AND should only be accessible
+# by the slapd/tools. Mode 0700 recommended.
+directory LOCALSTATEDIR/openldap-data
+# Indices to maintain
+index objectClass eq
+index cn,sn,mail pres,eq,approx,sub
+
+# We serve small clients that do not handle referrals,
+# so handle remote lookups on their behalf.
+database ldap
+suffix ""
+uri ldap://ldap.some-server.com/
+lastmod off
+.fi
+.RE
+.LP
+"OpenLDAP Administrator's Guide" contains a longer annotated
+example of a configuration file.
+The original ETCDIR/slapd.conf is another example.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR ldap (3),
+.BR slapd\-bdb (5),
+.BR slapd\-dnssrv (5),
+.BR slapd\-hdb (5),
+.BR slapd\-ldap (5),
+.BR slapd\-ldbm (5),
+.BR slapd\-ldif (5),
+.BR slapd\-meta (5),
+.BR slapd\-monitor (5),
+.BR slapd\-null (5),
+.BR slapd\-passwd (5),
+.BR slapd\-perl (5),
+.BR slapd\-relay (5),
+.BR slapd\-shell (5),
+.BR slapd\-sql (5),
+.BR slapd.access (5),
+.BR slapd.plugin (5),
+.BR slapd.replog (5),
+.BR slapd (8),
+.BR slapacl (8),
+.BR slapadd (8),
+.BR slapauth (8),
+.BR slapcat (8),
+.BR slapdn (8),
+.BR slapindex (8),
+.BR slappasswd (8),
+.BR slaptest (8),
+.BR slurpd (8).
+
+Known overlays are documented in
+.BR slapo\-accesslog (5),
+.BR slapo\-auditlog (5),
+.BR slapo\-chain (5),
+.BR slapo\-dynlist (5),
+.BR slapo\-lastmod (5),
+.BR slapo\-pcache (5),
+.BR slapo\-ppolicy (5),
+.BR slapo\-refint (5),
+.BR slapo\-retcode (5),
+.BR slapo\-rwm (5),
+.BR slapo\-syncprov (5),
+.BR slapo\-translucent (5),
+.BR slapo\-unique (5).
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.plugin.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.plugin.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.plugin.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,125 @@
+.TH SLAPD.PLUGIN 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2002-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+slapd.plugin \- plugin configuration for slapd, the stand-alone LDAP daemon
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.BR slapd.conf (5)
+file contains configuration information for the
+.BR slapd (8)
+daemon. This configuration file is also used by the
+.BR slurpd (8)
+replication daemon and by the SLAPD tools
+.BR slapadd (8),
+.BR slapcat (8),
+and
+.BR slapindex (8).
+.LP
+The
+.B slapd.conf
+file consists of a series of global configuration options that apply to
+.B slapd
+as a whole (including all backends), followed by zero or more database
+backend definitions that contain information specific to a backend
+instance.
+.LP
+The general format of
+.B slapd.conf
+is as follows:
+.LP
+.nf
+ # comment - these options apply to every database
+ <global configuration options>
+ # first database definition & configuration options
+ database <backend 1 type>
+ <configuration options specific to backend 1>
+ # subsequent database definitions & configuration options
+ ...
+.fi
+.LP
+If slapd is compiled with \fI--enable-slapi\fP, support for plugins
+according to \fINetscape's Directory Server Plug-Ins\fP.
+Version 4 of the API is currently implemented, with some extensions
+from version 5.
+.LP
+Both global and database specific data may contain plugin information.
+Plugins associated with a specific database are called before global
+plugins.
+This manpage details the
+.BR slapd (8)
+configuration statements that affect the loading of SLAPI \fIplugins\fP.
+.LP
+Arguments that should be replaced by actual text are shown in brackets <>.
+.LP
+The structure of the plugin directives is
+.TP
+.B plugin "<type> <lib_path> <init_function> [<arguments>]"
+Load a plugin of the specified type for the current database.
+.LP
+The
+.BR <type>
+can be one of
+.BR preoperation ,
+that is executed before processing the operation for the specified
+database,
+.BR postoperation ,
+that is executed after the operation for the specified database
+has been processed,
+.BR extendedop ,
+that is used when executing an extended operation, or
+.BR object .
+The latter is used for miscellaneous types such as ACL, computed
+attribute and search filter rewriter plugins.
+.LP
+The
+.BR <libpath>
+argument specifies the path to the plugin loadable object; if a relative
+path is given, the object is looked for according to the underlying
+dynamic loading package (libtool's ltdl is used).
+.LP
+The
+.BR <init_function>
+argument specifies what symbol must be called when the plugin is first
+loaded.
+This function should register the functions provided by the plugin
+for the desired operations. It should be noted that it is this
+init function, not the plugin type specified as the first argument,
+that determines when and for what operations the plugin will be invoked.
+The optional
+.BR <arguments>
+list is passed to the init function.
+.TP
+.B pluginlog <file>
+Specify an alternative path for the plugin log file (default is
+LOCALSTATEDIR/error).
+.TP
+.B modulepath <pathspec>
+This statement sets the module load path for dynamically loadable
+backends, as described in
+.BR slapd.conf (5);
+however, since both the dynamically loadable backends
+and the SLAPI plugins use the same underlying library (libtool's ltdl)
+its value also affects the plugin search path.
+In general the search path is made of colon-separated paths; usually
+the user-defined path is searched first; then the value of the
+\fILTDL_LIBRARY_PATH\fP environment variable, if defined, is used;
+finally, the system-specific dynamic load path is attempted (e.g. on
+Linux the value of the environment variable \fILD_LIBRARY_PATH\fP).
+Please carefully read the documentation of ltdl because its behavior
+is very platform dependent.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd (8),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.replog.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.replog.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapd.replog.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,170 @@
+.TH SLAPD.REPLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.replog.5,v 1.12.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+slapd.replog \- slapd replication log format
+.SH SYNOPSIS
+slapd.replog
+slapd.replog.lock
+.SH DESCRIPTION
+.LP
+The file slapd.replog is produced by the stand-alone LDAP daemon,
+.BR slapd (8),
+when changes are made to its local database that are to be
+propagated to one or more replica
+.IR slapd s.
+The file consists of
+zero or more records, each one corresponding to a change, addition,
+or deletion from the
+.I slapd
+database. The file is meant to be read
+and processed by
+.BR slurpd (8),
+the stand-alone LDAP update replication daemon. The records are
+separated by a blank line. Each record has the following format.
+.LP
+The record begins with one or more lines indicating the replicas
+to which the change is to be propagated:
+.LP
+.nf
+ replica: <hostname[:portnumber]>
+.fi
+.LP
+Next, the time the change took place given, as the number of seconds since
+00:00:00 GMT, Jan. 1, 1970, with an optional decimal extension, in order
+to make times unique. Note that slapd does not make times unique, but
+slurpd makes all times unique in its copies of the replog files.
+.LP
+.nf
+ time: <integer[.integer]>
+.fi
+.LP
+Next, the distinguished name of the entry being changed is given:
+.LP
+.nf
+ dn: <distinguishedname>
+.fi
+.LP
+Next, the type of change being made is given:
+.LP
+.nf
+ changetype: <[modify|add|delete|modrdn]>
+.fi
+.LP
+Finally, the change information itself is given, the format of which
+depends on what kind of change was specified above. For a \fIchangetype\fP
+of \fImodify\fP, the format is one or more of the following:
+.LP
+.nf
+ add: <attributetype>
+ <attributetype>: <value1>
+ <attributetype>: <value2>
+ ...
+ -
+.fi
+.LP
+Or, for a replace modification:
+.LP
+.nf
+ replace: <attributetype>
+ <attributetype>: <value1>
+ <attributetype>: <value2>
+ ...
+ -
+.fi
+.LP
+Or, for a delete modification:
+.LP
+.nf
+ delete: <attributetype>
+ <attributetype>: <value1>
+ <attributetype>: <value2>
+ ...
+ -
+.fi
+.LP
+If no \fIattributetype\fP lines are given, the entire attribute is to be
+deleted.
+.LP
+For a \fIchangetype\fP of \fIadd\fP, the format is:
+.LP
+.nf
+ <attributetype1>: <value1>
+ <attributetype1>: <value2>
+ ...
+ <attributetypeN>: <value1>
+ <attributetypeN>: <value2>
+.fi
+.LP
+For a \fIchangetype\fP of \fImodrdn\fP, the format is:
+.LP
+.nf
+ newrdn: <newrdn>
+ deleteoldrdn: 0 | 1
+.fi
+.LP
+where a value of 1 for deleteoldrdn means to delete the values
+forming the old rdn from the entry, and a value of 0 means to
+leave the values as non-distinguished attributes in the entry.
+.LP
+For a \fIchangetype\fP of \fIdelete\fP, no additional information
+is needed in the record.
+.LP
+The format of the values is the LDAP Directory Interchange Format
+described in
+.BR ldif (5).
+.LP
+Access to the \fIslapd.replog\fP file is synchronized through the
+use of
+.BR flock (3)
+on the file \fIslapd.replog.lock\fP. Any process
+reading or writing this file should obey this locking convention.
+.SH EXAMPLE
+The following sample \fIslapd.replog\fP file contains information
+on one of each type of change.
+.LP
+.nf
+ replica: truelies.rs.itd.umich.edu
+ replica: judgmentday.rs.itd.umich.edu
+ time: 797612941
+ dn: cn=Babs Jensen,dc=example,dc=com
+ changetype: add
+ objectclass: person
+ cn: babs
+ cn: babs jensen
+ sn: jensen
+
+ replica: truelies.rs.itd.umich.edu
+ replica: judgmentday.rs.itd.umich.edu
+ time: 797612973
+ dn: cn=Babs Jensen,dc=example,dc=com
+ changetype: modify
+ add: description
+ description: the fabulous babs
+
+ replica: truelies.rs.itd.umich.edu
+ replica: judgmentday.rs.itd.umich.edu
+ time: 797613020
+ dn: cn=Babs Jensen,dc=example,dc=com
+ changetype: modrdn
+ newrdn: cn=Barbara J Jensen
+ deleteoldrdn: 0
+.fi
+.SH FILES
+.TP
+slapd.replog
+slapd replication log file
+.TP
+slapd.replog.lock
+lockfile for slapd.replog
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldif (5),
+.BR slapd (8),
+.BR slurpd (8)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-accesslog.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-accesslog.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-accesslog.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,466 @@
+.TH SLAPO-ACCESSLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2005-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-accesslog.5,v 1.1.2.9 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapo-accesslog \- Access Logging overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The Access Logging overlay can be used to record all accesses to a given
+backend database on another database. This allows all of the activity on
+a given database to be reviewed using arbitrary LDAP queries, instead of
+just logging to local flat text files. Configuration options are available
+for selecting a subset of operation types to log, and to automatically
+prune older log records from the logging database. Log records are stored
+with audit schema (see below) to assure their readability whether viewed
+as LDIF or in raw form.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the Access Logging overlay.
+They should appear after the
+.B overlay
+directive.
+.TP
+.B logdb <suffix>
+Specify the suffix of a database to be used for storing the log records.
+The specified database must have already been configured in a prior section
+of the config file, and it must have a rootDN configured. The access controls
+on the log database should prevent general write access. The suffix entry
+of the log database will be created automatically by this overlay. The log
+entries will be generated as the immediate children of the suffix entry.
+.TP
+.B logops <operations>
+Specify which types of operations to log. The valid operation types are
+abandon, add, bind, compare, delete, extended, modify, modrdn, search,
+and unbind. Aliases for common sets of operations are also available:
+.RS
+.TP
+.B writes
+add, delete, modify, modrdn
+.TP
+.B reads
+compare, search
+.TP
+.B session
+abandon, bind, unbind
+.TP
+.B all
+all operations
+.RE
+.TP
+.B logold <filter>
+Specify a filter for matching against Deleted and Modified entries. If
+the entry matches the filter, the old contents of the entry will be
+logged along with the current request.
+.TP
+.B logpurge <age> <interval>
+Specify the maximum age for log entries to be retained in the database,
+and how often to scan the database for old entries. Both the
+.B age
+and
+.B interval
+are specified as a time span in days, hours, minutes, and seconds. The
+time format is [ddd+]hh:mm[:ss] i.e., the days and seconds components are
+optional but hours and minutes are required. Except for days, which can
+be up to 5 digits, each numeric field must be exactly two digits. For example
+.RS
+.RS
+.PD 0
+.TP
+logpurge 2+00:00 1+00:00
+.RE
+.PD
+would specify that the log database should be scanned every day for old
+entries, and entries older than two days should be deleted. When using a
+log database that supports ordered indexing on generalizedTime attributes,
+specifying an eq index on the
+.B reqStart
+attribute will greatly benefit the performance of the purge operation.
+.RE
+.TP
+.B logsuccess TRUE | FALSE
+If set to TRUE then log records will only be generated for successful
+requests, i.e., requests that produce a result code of 0 (LDAP_SUCCESS).
+If FALSE, log records are generated for all requests whether they
+succeed or not. The default is FALSE.
+
+.SH EXAMPLES
+.LP
+.nf
+ database bdb
+ suffix cn=log
+ \...
+ index reqStart eq
+
+ database bdb
+ suffix dc=example,dc=com
+ \...
+ overlay accesslog
+ logdb cn=log
+ logops writes reads
+ logold (objectclass=person)
+.fi
+
+.SH SCHEMA
+The
+.B accesslog
+overlay utilizes the "audit" schema described herein.
+This schema is specifically designed for
+.B accesslog
+auditing and is not intended to be used otherwise. It is also
+noted that the schema describe here is
+.I a work in
+.IR progress ,
+and hence subject to change without notice.
+The schema is loaded automatically by the overlay.
+
+The schema includes a number of object classes and associated
+attribute types as described below.
+
+There is
+a basic
+.B auditObject
+class from which two additional classes,
+.B auditReadObject
+and
+.B auditWriteObject
+are derived. Object classes for each type of LDAP operation are further
+derived from these classes. This object class hierarchy is designed to
+allow flexible yet efficient searches of the log based on either a specific
+operation type's class, or on more general classifications. The definition
+of the
+.B auditObject
+class is as follows:
+.LP
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.5.2.1
+ NAME 'auditObject'
+ DESC 'OpenLDAP request auditing'
+ SUP top STRUCTURAL
+ MUST ( reqStart $ reqType $ reqSession )
+ MAY ( reqDN $ reqAuthzID $ reqControls $ reqRespControls $
+ reqEnd $ reqResult $ reqMessage $ reqReferral ) )
+.RE
+.P
+Note that all of the OIDs used in the logging schema currently reside
+under the OpenLDAP Experimental branch. It is anticipated that they
+will migrate to a Standard branch in the future.
+
+An overview of the attributes follows:
+.B reqStart
+and
+.B reqEnd
+provide the start and end time of the operation, respectively. They use
+generalizedTime syntax. The
+.B reqStart
+attribute is also used as the RDN for each log entry.
+
+The
+.B reqType
+attribute is a simple string containing the type of operation
+being logged, e.g.
+.BR add ,
+.BR delete ,
+.BR search ,
+etc. For extended operations, the type also includes the OID of the
+extended operation, e.g.
+.B extended(1.1.1.1)
+
+The
+.B reqSession
+attribute is an implementation-specific identifier that is common to
+all the operations associated with the same LDAP session. Currently this
+is slapd's internal connection ID, stored in decimal.
+
+The
+.B reqDN
+attribute is the distinguishedName of the target of the operation. E.g., for
+a Bind request, this is the Bind DN. For an Add request, this is the DN
+of the entry being added. For a Search request, this is the base DN of
+the search.
+
+The
+.B reqAuthzID
+attribute is the distinguishedName of the user that performed the operation.
+This will usually be the same name as was established at the start of a
+session by a Bind request (if any) but may be altered in various
+circumstances.
+
+The
+.B reqControls
+and
+.B reqRespControls
+attributes carry any controls sent by the client on the request and returned
+by the server in the response, respectively. The attribute values are just
+uninterpreted octet strings.
+
+The
+.B reqResult
+attribute is the numeric LDAP result code of the operation, indicating
+either success or a particular LDAP error code. An error code may be
+accompanied by a text error message which will be recorded in the
+.B reqMessage
+attribute.
+
+The
+.B reqReferral
+attribute carries any referrals that were returned with the result of the
+request.
+
+Operation-specific classes are defined with additional attributes to carry
+all of the relevant parameters associated with the operation:
+
+.LP
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.5.2.4
+ NAME 'auditAbandon'
+ DESC 'Abandon operation'
+ SUP auditObject STRUCTURAL
+ MUST reqId )
+.RE
+.P
+For the
+.B Abandon
+operation the
+.B reqId
+attribute contains the message ID of the request that was abandoned.
+
+.LP
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.5.2.5
+ NAME 'auditAdd'
+ DESC 'Add operation'
+ SUP auditWriteObject STRUCTURAL
+ MUST reqMod )
+.RE
+.P
+The
+.B Add
+class inherits from the
+.B auditWriteObject
+class. The Add and Modify classes are very similar. The
+.B reqMod
+attribute carries all of the attributes of the original entry being added.
+(Or in the case of a Modify operation, all of the modifications being
+performed.) The values are formatted as
+.RS
+.PD 0
+.TP
+attribute:<+|-|=|#> [ value]
+.RE
+.RE
+.PD
+Where '+' indicates an Add of a value, '-' for Delete, '=' for Replace,
+and '#' for Increment. In an Add operation, all of the reqMod values will
+have the '+' designator.
+.P
+.LP
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.5.2.6
+ NAME 'auditBind'
+ DESC 'Bind operation'
+ SUP auditObject STRUCTURAL
+ MUST ( reqVersion $ reqMethod ) )
+.RE
+.P
+The
+.B Bind
+class includes the
+.B reqVersion
+attribute which contains the LDAP protocol version specified in the Bind
+as well as the
+.B reqMethod
+attribute which contains the Bind Method used in the Bind. This will be
+the string
+.B SIMPLE
+for LDAP Simple Binds or
+.B SASL(<mech>)
+for SASL Binds.
+Note that unless configured as a global overlay, only Simple Binds using
+DNs that reside in the current database will be logged.
+
+.LP
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.5.2.7
+ NAME 'auditCompare'
+ DESC 'Compare operation'
+ SUP auditObject STRUCTURAL
+ MUST reqAssertion )
+.RE
+.P
+For the
+.B Compare
+operation the
+.B reqAssertion
+attribute carries the Attribute Value Assertion used in the compare request.
+
+.LP
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.5.2.8
+ NAME 'auditDelete'
+ DESC 'Delete operation'
+ SUP auditWriteObject STRUCTURAL
+ MAY reqOld )
+.RE
+.P
+The
+.B Delete
+operation needs no further parameters. However, the
+.B reqOld
+attribute may optionally be used to record the contents of the entry prior
+to its deletion. The values are formatted as
+.RS
+.PD 0
+.TP
+attribute: value
+.RE
+.PD
+The
+.B reqOld
+attribute is only populated if the entry being deleted matches the
+configured
+.B logold
+filter.
+
+.LP
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.5.2.9
+ NAME 'auditModify'
+ DESC 'Modify operation'
+ SUP auditWriteObject STRUCTURAL
+ MAY reqOld MUST reqMod )
+.RE
+.P
+The
+.B Modify
+operation contains a description of modifications in the
+.B reqMod
+attribute, which was already described above in the Add operation. It may
+optionally contain the previous contents of any modified attributes in the
+.B reqOld
+attribute, using the same format as described above for the Delete operation.
+The
+.B reqOld
+attribute is only populated if the entry being modified matches the
+configured
+.B logold
+filter.
+
+.LP
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.5.2.10
+ NAME 'auditModRDN'
+ DESC 'ModRDN operation'
+ SUP auditWriteObject STRUCTURAL
+ MUST ( reqNewRDN $ reqDeleteOldRDN )
+ MAY reqNewSuperior )
+.RE
+.P
+The
+.B ModRDN
+class uses the
+.B reqNewRDN
+attribute to carry the new RDN of the request.
+The
+.B reqDeleteOldRDN
+attribute is a Boolean value showing
+.B TRUE
+if the old RDN was deleted from the entry, or
+.B FALSE
+if the old RDN was preserved.
+The
+.B reqNewSuperior
+attribute carries the DN of the new parent entry if the request specified
+the new parent.
+
+.LP
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.5.2.11
+ NAME 'auditSearch'
+ DESC 'Search operation'
+ SUP auditReadObject STRUCTURAL
+ MUST ( reqScope $ reqDerefAliases $ reqAttrsOnly )
+ MAY ( reqFilter $ reqAttr $ reqEntries $ reqSizeLimit $
+ reqTimeLimit ) )
+.RE
+.P
+For the
+.B Search
+class the
+.B reqScope
+attribute contains the scope of the original search request, using the
+values specified for the LDAP URL format. I.e.
+.BR base ,
+.BR one ,
+.BR sub ,
+or
+.BR subord .
+The
+.B reqDerefAliases
+attribute is one of
+.BR never ,
+.BR finding ,
+.BR searching ,
+or
+.BR always ,
+denoting how aliases will be processed during the search.
+The
+.B reqAttrsOnly
+attribute is a Boolean value showing
+.B TRUE
+if only attribute names were requested, or
+.B FALSE
+if attributes and their values were requested.
+The
+.B reqFilter
+attribute carries the filter used in the search request.
+The
+.B reqAttr
+attribute lists the requested attributes if specific attributes were
+requested.
+The
+.B reqEntries
+attribute is the integer count of how many entries were returned by
+this search request.
+The
+.B reqSizeLimit
+and
+.B reqTimeLimit
+attributes indicate what limits were requested on the search operation.
+
+.LP
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.5.2.12
+ NAME 'auditExtended'
+ DESC 'Extended operation'
+ SUP auditObject STRUCTURAL
+ MAY reqData )
+.RE
+.P
+The
+.B Extended
+class represents an LDAP Extended Operation. As noted above, the actual OID of
+the operation is included in the
+.B reqType
+attribute of the parent class. If any optional data was provided with the
+request, it will be contained in the
+.B reqData
+attribute as an uninterpreted octet string.
+
+.SH NOTES
+The Access Log implemented by this overlay may be used for a variety of
+other tasks, e.g. as a ChangeLog for a replication mechanism, as well
+as for security/audit logging purposes.
+
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5).
+
+.SH ACKNOWLEDGEMENTS
+.P
+This module was written in 2005 by Howard Chu of Symas Corporation.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-auditlog.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-auditlog.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-auditlog.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,35 @@
+.TH SLAPO-AUDITLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2005-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-auditlog.5,v 1.1.2.4 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapo-auditlog \- Audit Logging overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The Audit Logging overlay can be used to record all changes on a given
+backend database to a specified log file. Changes are logged as standard
+LDIF, with an additional comment header giving the timestamp of the change
+and the identity of the user making the change.
+.LP
+For Add and Modify operations the identity comes from the modifiersName
+associated with the operation. This is usually the same as the requestor's
+identity, but may be set by other overlays to reflect other values.
+.SH CONFIGURATION
+This
+.B slapd.conf
+option applies to the Audit Logging overlay.
+It should appear after the
+.B overlay
+directive.
+.TP
+.B auditlog <filename>
+Specify the fully qualified path for the log file.
+.TP
+.B
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5).
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-chain.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-chain.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-chain.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,134 @@
+.TH SLAPO-CHAIN 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copying restrictions apply. See the COPYRIGHT file.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-chain.5,v 1.1.2.7 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapo-chain \- chain overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.B chain
+overlay to
+.BR slapd (8)
+allows automatic referral chasing.
+Any time a referral is returned (except for bind operations),
+it chased by using an instance of the ldap backend.
+If operations are performed with an identity (i.e. after a bind),
+that identity can be asserted while chasing the referrals
+by means of the \fIidentity assertion\fP feature of back-ldap
+(see
+.BR slapd-ldap (5)
+for details), which is essentially based on the
+.B proxyAuthz
+control (see \fIdraft-weltman-ldapv3-proxy\fP for details.)
+Referral chasing can be controlled by the client by issuing the
+\fBchaining\fP control
+(see \fIdraft-sermersheim-ldap-chaining\fP for details.)
+
+.LP
+The config directives that are specific to the
+.B chain
+overlay are prefixed by
+.BR chain\- ,
+to avoid potential conflicts with directives specific to the underlying
+database or to other stacked overlays.
+
+.LP
+There are very few chain overlay specific directives; however, directives
+related to the instances of the \fIldap\fP backend that may be implicitly
+instantiated by the overlay may assume a special meaning when used
+in conjunction with this overlay. They are described in
+.BR slapd-ldap (5),
+and they also need be prefixed by
+.BR chain\- .
+.TP
+.B overlay chain
+This directive adds the chain overlay to the current backend.
+The chain overlay may be used with any backend, but it is mainly
+intended for use with local storage backends that may return referrals.
+It is useless in conjunction with the \fIslapd-ldap\fP and \fIslapd-meta\fP
+backends because they already exploit the libldap specific referral chase
+feature.
+[Note: this may change in the future, as the \fBldap\fP(5) and
+\fBmeta\fP(5) backends might no longer chase referrals on their own.]
+.TP
+.B chain-chaining [resolve=<r>] [continuation=<c>] [critical]
+This directive enables the \fIchaining\fP control
+(see \fIdraft-sermersheim-ldap-chaining\fP for details)
+with the desired resolve and continuation behaviors and criticality.
+The \fBresolve\fP parameter refers to the behavior while discovering
+a resource, namely when accessing the object indicated by the request DN;
+the \fBcontinuation\fP parameter refers to the behavior while handling
+intermediate responses, which is mostly significant for the search
+operation, but may affect extended operations that return intermediate
+responses.
+The values \fBr\fP and \fBc\fP can be any of
+.BR chainingPreferred ,
+.BR chainingRequired ,
+.BR referralsPreferred ,
+.BR referralsRequired .
+If the \fBcritical\fP flag affects the control criticality if provided.
+[This control is experimental and its support may change in the future.]
+.TP
+.B chain-cache-uri {FALSE|true}
+This directive instructs the \fIchain\fP overlay to cache
+connections to URIs parsed out of referrals that are not predefined,
+to be reused for later chaining.
+These URIs inherit the properties configured for the underlying
+\fBslapd-ldap\fP(5) before any occurrence of the \fBchain-uri\fP
+directive; in detail, they are essentially chained anonymously.
+.TP
+.B chain-uri <ldapuri>
+This directive instantiates a new underlying \fIldap\fP database
+and instructs it about which URI to contact to chase referrals.
+As opposed to what stated in \fBslapd-ldap\fP(5), only one URI
+can appear after this directive; all subsequent \fBslapd-ldap\fP(5)
+directives prefixed by \fBchain-\fP refer to this specific instance
+of a remote server.
+.LP
+
+Directives for configuring the underlying ldap database may also
+be required, as shown in this example:
+.LP
+.RS
+.nf
+overlay chain
+chain-rebind-as-user FALSE
+
+chain-uri "ldap://ldap1.example.com"
+chain-rebind-as-user TRUE
+chain-idassert-bind bindmethod="simple"
+ binddn="cn=Auth,dc=example,dc=com"
+ credentials="secret"
+ mode="self"
+
+chain-uri "ldap://ldap2.example.com"
+chain-idassert-bind bindmethod="simple"
+ binddn="cn=Auth,dc=example,dc=com"
+ credentials="secret"
+ mode="none"
+
+.fi
+.RE
+.LP
+Any valid directives for the ldap database may be used; see
+.BR slapd-ldap (5)
+for details.
+Multiple occurrences of the \fBchain-uri\fP directive may appear,
+to define multiple "trusted" URIs where operations with
+\fIidentity assertion\fP are chained.
+All URIs not listed in the configuration are chained anonymously.
+All \fBslapd-ldap\fP(5) directives appearing before the first
+occurrence of \fBchain-uri\fP are inherited by all URIs,
+unless specifically overridden inside each URI configuration.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd\-ldap (5),
+.BR slapd (8).
+.SH AUTHOR
+Originally implemented by Howard Chu; extended by Pierangelo Masarati.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-dynlist.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-dynlist.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-dynlist.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,151 @@
+.TH SLAPO-DYNLIST 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copying restrictions apply. See the COPYRIGHT file.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-dynlist.5,v 1.1.2.8 2007/02/03 09:06:46 ando Exp $
+.SH NAME
+slapo-dynlist \- Dynamic List overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.B dynlist
+overlay to
+.BR slapd (8)
+allows expansion of dynamic groups and more.
+Any time an entry with a specific objectClass is being returned,
+the LDAP URI-valued occurrences of a specific attribute are
+expanded into the corresponding entries, and the values
+of the attributes listed in the URI are added to the original
+entry.
+No recursion is allowed, to avoid potential infinite loops.
+The resulting entry must comply with the LDAP data model, so constraints
+are enforced.
+For example, if a \fISINGLE-VALUE\fP attribute is listed,
+only the first value results in the final entry.
+The above described behavior is disabled when the \fImanageDSAit\fP
+control (RFC 3296) is used.
+In that case, the contents of the dynamic group entry is returned;
+namely, the URLs are returned instead of being expanded.
+
+.SH CONFIGURATION
+The config directives that are specific to the
+.B dynlist
+overlay must be prefixed by
+.BR dynlist\- ,
+to avoid potential conflicts with directives specific to the underlying
+database or to other stacked overlays.
+
+.TP
+.B overlay dynlist
+This directive adds the dynlist overlay to the current database,
+or to the frontend, if used before any database instantiation; see
+.BR slapd.conf (5)
+for details.
+
+.LP
+This
+.B slapd.conf
+configuration option is define for the dynlist overlay. It may have multiple
+occurrences, and it must appear after the
+.B overlay
+directive.
+.TP
+.B dynlist-attrset <group-oc> <URL-ad> [<member-ad>]
+The value
+.B <group-oc>
+is the name of the objectClass that triggers the dynamic expansion of the
+data.
+
+The value
+.B <URL-ad>
+is the name of the attributeDescription that cointains the URI that is
+expanded by the overlay; if none is present, no expansion occurs.
+If the intersection of the attributes requested by the search operation
+(or the asserted attribute for compares) and the attributes listed
+in the URI is empty, no expansion occurs for that specific URI.
+It must be a subtype of \fIlabeledURI\fP.
+
+The value
+.B <member-ad>
+is optional; if present, the overlay behaves as a dynamic group: this
+attribute will list the DN of the entries resulting from the internal search.
+In this case, the <attrs> portion of the URI must be absent, and the DNs
+of all the entries resulting from the expansion of the URI are listed
+as values of this attribute.
+Compares that assert the value of the
+.B <member-ad>
+attribute of entries with
+.B <group-oc>
+objectClass apply as if the DN of the entries resulting from the expansion
+of the URI were present in the
+.B <group-oc>
+entry as values of the
+.B <member-ad>
+attribute.
+.LP
+The dynlist overlay may be used with any backend, but it is mainly
+intended for use with local storage backends.
+In case the URI expansion is very resource-intensive and occurs frequently
+with well-defined patterns, one should consider adding a proxycache
+later on in the overlay stack.
+
+.SH EXAMPLE
+This example collects all the email addresses of a database into a single
+entry; first of all, make sure that slapd.conf contains the directives:
+
+.LP
+.nf
+ include /path/to/dyngroup.schema
+ # ...
+
+ database <database>
+ # ...
+
+ overlay dynlist
+ dynlist-attrset groupOfURLs memberURL
+.fi
+.LP
+and that slapd loads dynlist.la, if compiled as a run-time module;
+then add to the database an entry like
+.LP
+.nf
+ dn: cn=Dynamic List,ou=Groups,dc=example,dc=com
+ objectClass: groupOfURLs
+ cn: Dynamic List
+ memberURL: ldap:///ou=People,dc=example,dc=com?mail?sub?(objectClass=person)
+.fi
+
+If no <attrs> are provided in the URI, all (non-operational) attributes are
+collected.
+
+This example implements the dynamic group feature on the
+.B member
+attribute:
+
+.LP
+.nf
+ include /path/to/dyngroup.schema
+ # ...
+
+ database <database>
+ # ...
+
+ overlay dynlist
+ dynlist-attrset groupOfURLs memberURL member
+.fi
+.LP
+
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8).
+The
+.BR slapo-dynlist (5)
+overlay supports dynamic configuration via
+.BR back-config .
+.SH ACKNOWLEDGEMENTS
+.P
+This module was written in 2004 by Pierangelo Masarati for SysNet s.n.c.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-lastmod.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-lastmod.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-lastmod.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,185 @@
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.TH SLAPO_LASTMOD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.SH NAME
+slapo-lastmod \- Last Modification overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+.LP
+The
+.B lastmod
+overlay creates a service entry rooted at the suffix of the database
+it's stacked onto, which holds the DN, the modification type,
+the modifiersName and the modifyTimestamp of the last write operation
+performed on that database.
+The lastmod overlay cannot be used when the "lastmod" feature
+is disabled, i.e. "lastmod off" is used.
+.P
+All operations targeted at the DN of the lastmod entry are rejected,
+except reads, i.e. searches with
+.B base
+scope.
+Regular operations are ignored, unless they result in writing; then,
+in case of success, the lastmod entry is updated accordingly,
+if possible.
+
+.SH CONFIGURATION
+These
+.B slapd.conf
+configuration options apply to the lastmod overlay. They must appear
+after the
+.B overlay
+directive.
+.TP
+.B lastmod-rdnvalue <RDN value>
+Specify the value of the RDN used for the service entry. By default
+.I Lastmod
+is used.
+.TP
+.B lastmod-enabled {yes|no}
+Specify whether the overlay must be enabled or not at startup.
+By default, the overlay is enabled; however, by changing the boolean
+value of the attribute
+.IR lastmodEnabled ,
+one can affect the status of the overlay.
+This is useful, for instance, to inhibit the overlay from keeping track
+of large bulk loads or deletions.
+
+.SH OBJECT CLASS
+The
+.B lastmod
+overlay depends on the
+.B lastmod
+objectClass. The definition of that class is as follows:
+.LP
+.RS 4
+( 1.3.6.1.4.1.4203.666.3.13 "
+ NAME 'lastmod'
+ DESC 'OpenLDAP per-database last modification monitoring'
+ STRUCTURAL
+ SUP top
+ MUST ( cn $ lastmodDN $ lastmodType )
+ MAY ( description $ seeAlso ) )
+.RE
+
+.SH ATTRIBUTES
+.P
+Each one of the sections below details the meaning and use of a particular
+attribute of this
+.B lastmod
+objectClass.
+Most of the attributes that are specific to the lastmod objectClass are
+operational, since they can logically be altered only by the DSA.
+The most notable exception is the
+.I lastmodEnabled
+attributeType, which can be altered via protocol to change the status
+of the overlay.
+.P
+
+.B lastmodEnabled
+.P
+This attribute contains a boolean flag that determines the status
+of the overlay. It can be altered via protocol by issuing a modify
+operation that replaces the value of the attribute.
+.LP
+.RS 4
+( 1.3.6.1.4.1.4203.666.1.30
+ NAME 'lastmodEnabled'
+ DESC 'Lastmod overlay state'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ EQUALITY booleanMatch
+ SINGLE-VALUE )
+.RE
+
+.SH OPERATIONAL ATTRIBUTES
+.P
+Each one of the sections below details the meaning and use of a particular
+attribute of this
+.B lastmod
+objectClass.
+Most of the attributes that are specific to the lastmod objectClass are
+operational, since they can logically be altered only by the DSA.
+.P
+
+.B lastmodDN
+.P
+This attribute contains the distinguished name of the entry
+that was last modified within the naming context of a database.
+.LP
+.RS 4
+( 1.3.6.1.4.1.4203.666.1.28
+ NAME 'lastmodDN'
+ DESC 'DN of last modification'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ NO-USER-MODIFICATION
+ USAGE directoryOperation )
+.RE
+
+.B lastmodType
+.P
+This attribute contains the type of the modification that occurred
+to the last modified entry. Legal values are
+.BR add ,
+.BR delete ,
+.BR exop ,
+.BR modify ,
+.B modrdn
+and
+.BR unknown .
+The latter should only be used as a fall-thru in case of unhandled
+request types that are considered equivalent to a write operation.
+.LP
+.RS 4
+( 1.3.6.1.4.1.4203.666.1.29
+ NAME 'lastmodType'
+ DESC 'Type of last modification'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ EQUALITY caseIgnoreMatch
+ SINGLE-VALUE
+ NO-USER-MODIFICATION
+ USAGE directoryOperation )
+.RE
+
+
+.SH EXAMPLES
+.LP
+.RS
+.nf
+database bdb
+suffix dc=example,dc=com
+\...
+overlay lastmod
+lastmod-rdnvalue "Last Modification"
+.fi
+.RE
+
+.SH SEE ALSO
+.BR ldap (3),
+.BR slapd.conf (5),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH BUGS
+It is unclear whether this overlay can safely interoperate
+with other overlays.
+If the underlying backend does not implement entry_get/entry_release
+handlers, modrdn update can become tricky.
+The code needs some cleanup and more consistent error handling.
+So far, the OIDs for the schema haven't been assigned yet.
+
+.SH ACKNOWLEDGEMENTS
+.P
+This module was written in 2004 by Pierangelo Masarati in fulfillment
+of requirements from SysNet s.n.c.; this man page has been copied
+from
+.BR slapo-ppolicy (5),
+and most of the overlays ever written are copied from Howard Chu's
+first overlays.
+.P
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-pcache.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-pcache.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-pcache.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,208 @@
+.TH SLAPO-PCACHE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copying restrictions apply. See the COPYRIGHT file.
+.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-pcache.5,v 1.3.2.10 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapo-pcache \- proxycache overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.B pcache
+overlay to
+.BR slapd (8)
+allows caching of LDAP search requests (queries) in a local database.
+For an incoming query, the
+proxy cache determines its corresponding \fBtemplate\fP. If the template
+was specified as cacheable using the \fBproxytemplate\fP directive
+and the request is contained in a cached request, it is answered from
+the proxy cache.
+Otherwise, the search is performed as usual and cacheable search results
+are saved in the cache for use in future queries.
+.LP
+
+A template is defined by a filter string and an index identifying a set of
+attributes. The \fBtemplate string\fP for a query can be obtained by
+removing assertion values from the RFC 2254 representation of its search
+filter. A query belongs to a template if its template string and set of
+projected attributes correspond to a cacheable template.
+Examples of template strings are \fB(mail=)\fP, \fB(|(sn=)(cn=))\fP,
+\fB(&(sn=)(givenName=))\fP.
+
+.LP
+The config directives that are specific to the
+.B proxycache
+overlay can be prefixed by
+.BR proxycache\- ,
+to avoid conflicts with directives specific to the underlying database
+or to other stacked overlays. This may be particularly useful for those
+directives that refer to the backend used for local storage.
+The following cache specific directives can be used to configure the proxy
+cache:
+.TP
+.B overlay pcache
+This directive adds the proxy cache overlay to the current backend. The
+proxy cache overlay may be used with any backend but is intended for use
+with the
+.BR ldap ,
+.BR meta ,
+and
+.BR sql
+backends.
+.TP
+.B proxycache <database> <max_entries> <numattrsets> <entry_limit> <cc_period>
+The directive enables proxy caching in the current backend and sets general
+cache parameters. A <database> backend will be used internally to maintain
+the cached entries. The chosen database will need to be configured as well,
+as shown below. Cache replacement is invoked when the cache size grows to
+<max_entries> entries and continues till the cache size drops below this size.
+<numattrsets> should be equal to the number of following \fBproxyattrset\fP
+directives. Queries are cached only if they correspond to a cacheable template
+(specified by the \fBproxytemplate\fP directive) and the number of entries
+returned is less than <entry_limit>. Consistency check is performed every
+<cc_period> duration (specified in secs). In each cycle queries with expired
+"time to live(\fBTTL\fP)" are removed. A sample cache configuration is:
+.LP
+.RS
+proxycache \fBbdb 10000 1 50 100\fP
+.RE
+.TP
+.B proxycachequeries <queries>
+Specify the maximum number of queries to cache. The default is 10000.
+
+.TP
+.B proxyattrset <index> <attrs...>
+Used to associate a set of attributes <attrs..> with an <index>. Each attribute
+set is associated with an integer from 0 to <numattrsets>-1. These indices are
+used by the \fBproxytemplate\fP directive to define cacheable templates.
+
+.TP
+.B proxytemplate <template_string> <attrset_index> <ttl> [<negttl>]
+Specifies a cacheable template and "time to live" (in sec) <ttl> of queries
+belonging to the template. An optional <negttl> can be used to specify
+that negative results (i.e., queries that returned zero entries)
+should also be cached for the specified number of seconds. Negative
+results are not cached by default.
+
+.TP
+.B response-callback { head | tail }
+Specifies whether the response callback should be placed at the
+.B tail
+(the default) or at the
+.B head
+(actually, wherever the stacking sequence would make it appear)
+of the callback list. This affects how the overlay interacts with other
+overlays, since the proxycache overlay should be executed as early
+as possible (and thus configured as late as possible), to get
+a chance to return the cached results; however, if executed early
+at response, it would cache entries that may be later "massaged"
+by other databases and thus returned \fIafter\fP massaging the first
+time, and \fIbefore\fP massaging when cached.
+
+.TP
+There are some constraints:
+
+all values must be positive;
+
+.B <entry_limit>
+must be less than or equal to
+.BR <max_entries> ;
+
+.B <numattrsets>
+attribute sets SHOULD be defined by using the directive
+.BR proxyattrset ;
+
+all attribute sets SHOULD be referenced by (at least) one
+.B proxytemplate
+directive;
+
+.LP
+The following adds a template with filter string \fB(&(sn=)(givenName=))\fP
+and attributes mail, postaladdress, telephonenumber and a TTL of 1 hour.
+.LP
+.RS
+.nf
+proxyattrset \fB0 mail postaladdress telephonenumber\fP
+proxytemplate \fB(&(sn=)(givenName=)) 0 3600\fP
+.fi
+.RE
+
+.LP
+Directives for configuring the underlying database must also be given, as
+shown here:
+.LP
+.RS
+.nf
+directory /var/tmp/cache
+cachesize 100
+.fi
+.RE
+.LP
+Any valid directives for the chosen database type may be used. Indexing
+should be used as appropriate for the queries being handled. In addition,
+an equality index on the \fBqueryid\fP attribute should be configured, to
+assist in the removal of expired query data.
+.SH CAVEATS
+Caching data is prone to inconsistencies because updates on the remote server
+will not be reflected in the response of the cache at least (and at most)
+for the duration of the
+.B proxytemplate
+.BR TTL .
+
+The remote server should expose the
+.B objectClass
+attribute because the underlying database that actually caches the entries
+may need it for optimal local processing of the queries.
+
+Another potential (and subtle) inconsistency may occur when data is retrieved
+with different identities and specific per-identity access control
+is enforced by the remote server.
+If data was retrieved with an identity that collected only partial results
+because of access rules enforcement on the remote server, other users
+with different access privileges on the remote server will get different
+results from the remote server and from the cache.
+If those users have higher access privileges on the remote server, they will
+get from the cache only a subset of the results they would get directly
+from the remote server; but if they have lower access privileges, they will
+get from the cache a superset of the results they would get directly
+from the remote server.
+Either occurrence may or may not be acceptable, based on the security policy
+of the cache and of the remote server.
+It is important to note that in this case the proxy is violating the security
+of the remote server by disclosing to an identity data that was collected
+by another identity.
+For this reason, it is suggested that, when using
+.BR back-ldap ,
+proxy caching be used in conjunction with the
+.I identity assertion
+feature of
+.BR slapd-ldap (5)
+(see the
+.B idassert-bind
+and the
+.B idassert-authz
+statements), so that remote server interrogation occurs with a vanilla identity
+that has some relatively high
+.B search
+and
+.B read
+access privileges, and the "real" access control is delegated to the proxy's ACLs.
+Beware that since only the cached fraction of the real datum is available
+to the cache, it may not be possible to enforce the same access rules that
+are defined on the remote server.
+When security is a concern, cached proxy access must be carefully tailored.
+.SH FILES
+
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd\-ldap (5),
+.BR slapd\-meta (5),
+.BR slapd\-sql (5),
+.BR slapd (8).
+.SH AUTHOR
+Originally implemented by Apurva Kumar as an extension to back-meta;
+turned into an overlay by Howard Chu.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-ppolicy.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-ppolicy.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-ppolicy.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,756 @@
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-ppolicy.5,v 1.4.2.7 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.TH SLAPO_PPOLICY 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.SH NAME
+slapo-ppolicy \- Password Policy overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+.LP
+The
+.B ppolicy
+overlay
+is an implementation of the most recent IETF Password
+Policy proposal for LDAP. When instantiated, it intercepts,
+decodes and applies specific password policy controls to overall
+use of a backend database, changes to user password fields, etc.
+.P
+The overlay provides a variety of password control mechanisms. They
+include password aging--both minimum and maximum ages, password
+reuse and duplication control, account time-outs, mandatory password
+resets, acceptable password content, and even grace logins.
+Different groups of users may be associated with different password
+policies, and there is no limit to the number of password policies
+that may be created.
+.P
+Note that some of the policies do not take effect when the operation
+is performed with the
+.B rootdn
+identity; all the operations, when performed with any other identity,
+may be subjected to constraints, like access control.
+
+.SH CONFIGURATION
+These
+.B slapd.conf
+configuration options apply to the ppolicy overlay. They should appear
+after the
+.B overlay
+directive.
+.TP
+.B ppolicy_default <policyDN>
+Specify the DN of the pwdPolicy object to use when no specific policy is
+set on a given user's entry. If there is no specific policy for an entry
+and no default is given, then no policies will be enforced.
+.TP
+.B ppolicy_hash_cleartext
+Specify that cleartext passwords present in Add and Modify requests should
+be hashed before being stored in the database. This violates the X.500/LDAP
+information model, but may be needed to compensate for LDAP clients that
+don't use the Password Modify extended operation to manage passwords. It
+is recommended that when this option is used that compare, search, and
+read access be denied to all directory users.
+.TP
+.B ppolicy_use_lockout
+A client will always receive an LDAP
+.B InvalidCredentials
+response when
+Binding to a locked account. By default, when a Password Policy control
+was provided on the Bind request, a Password Policy response will be
+included with no special error code set. This option changes the
+Password Policy response to include the
+.B AccountLocked
+error code. Note
+that sending the
+.B AccountLocked
+error code provides useful information
+to an attacker; sites that are sensitive to security issues should not
+enable this option.
+
+.SH OBJECT CLASS
+The
+.B ppolicy
+overlay depends on the
+.B pwdPolicy
+object class. The definition of that class is as follows:
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.2.1
+ NAME 'pwdPolicy'
+ AUXILIARY
+ SUP top
+ MUST ( pwdAttribute )
+ MAY (
+ pwdMinAge $ pwdMaxAge $ pwdInHistory $
+ pwdCheckQuality $ pwdMinLength $
+ pwdExpireWarning $ pwdGraceAuthnLimit $
+ pwdLockout $ pwdLockoutDuration $
+ pwdMaxFailure $ pwdFailureCountInterval $
+ pwdMustChange $ pwdAllowUserChange $
+ pwdSafeModify ) )
+.RE
+
+This implementation also provides an additional
+.B pwdPolicyChecker
+objectclass, used for password quality checking (see below).
+.LP
+.RS 4
+( 1.3.6.1.4.1.4754.2.99.1
+ NAME 'pwdPolicyChecker'
+ AUXILIARY
+ SUP top
+ MAY ( pwdCheckModule ) )
+.RE
+.P
+Every account that should be subject to password policy control should
+have a
+.B
+pwdPolicySubentry
+attribute containing the DN of a valid
+.B pwdPolicy
+entry, or they can simply use the configured default.
+In this way different users may be managed according to
+different policies.
+
+.SH OBJECT CLASS ATTRIBUTES
+.P
+Each one of the sections below details the meaning and use of a particular
+attribute of this
+.B pwdPolicy
+object class.
+.P
+
+.B pwdAttribute
+.P
+This attribute contains the name of the attribute to which the password
+policy is applied. For example, the password policy may be applied
+to the
+.B userPassword
+attribute.
+.P
+Note: in this implementation, the only
+value accepted for
+.B pwdAttribute
+is
+.IR " userPassword ".
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.1
+ NAME 'pwdAttribute'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+.RE
+
+.B pwdMinAge
+.P
+This attribute contains the number of seconds that must elapse
+between modifications allowed to the password. If this attribute
+is not present, zero seconds is assumed (i.e. the password may be
+modified whenever and however often is desired).
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.2
+ NAME 'pwdMinAge'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+.RE
+
+.B pwdMaxAge
+.P
+This attribute contains the number of seconds after which a modified
+password will expire. If this attribute is not present, or if its
+value is zero (0), then passwords will not expire.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.3
+ NAME 'pwdMaxAge'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+.RE
+
+.B pwdInHistory
+.P
+This attribute is used to specify the maximum number of used
+passwords that will be stored in the
+.B pwdHistory
+attribute. If the
+.B pwdInHistory
+attribute is not present, or if its value is
+zero (0), used passwords will not be stored in
+.B pwdHistory
+and thus any previously-used password may be reused.
+No history checking occurs if the password is being modified by the
+.BR rootdn ,
+although the password is saved in the history.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.4
+ NAME 'pwdInHistory'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+.RE
+
+.B pwdCheckQuality
+.P
+This attribute indicates if and how password syntax will be checked
+while a password is being modified or added. If this attribute is
+not present, or its value is zero (0), no syntax checking will be
+done. If its value is one (1), the server will check the syntax,
+and if the server is unable to check the syntax,
+whether due to a client-side hashed password or some other reason,
+it will be
+accepted. If its value is two (2), the server will check the syntax,
+and if the server is unable to check the syntax it will return an
+error refusing the password.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.5
+ NAME 'pwdCheckQuality'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+.RE
+
+.B pwdMinLength
+.P
+When syntax checking is enabled
+(see also the
+.B pwdCheckQuality
+attribute), this attribute contains the minimum
+number of characters that will be accepted in a password. If this
+attribute is not present, minimum password length is not
+enforced. If the server is unable to check the length of the password,
+whether due to a client-side hashed password or some other reason,
+the server will, depending on the
+value of
+.BR pwdCheckQuality ,
+either accept the password
+without checking it (if
+.B pwdCheckQuality
+is zero (0) or one (1)) or refuse it (if
+.B pwdCheckQuality
+is two (2)).
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.6
+ NAME 'pwdMinLength'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+.RE
+
+.B pwdExpireWarning
+.P
+This attribute contains the maximum number of seconds before a
+password is due to expire that expiration warning messages will be
+returned to a user who is authenticating to the directory.
+If this attribute is not
+present, or if the value is zero (0), no warnings will be sent.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.7
+ NAME 'pwdExpireWarning'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+.RE
+
+.B pwdGraceAuthnLimit
+.P
+This attribute contains the number of times that an expired password
+may be used to authenticate a user to the directory. If this
+attribute is not present or if its value is zero (0), users with
+expired passwords will not be allowed to authenticate to the
+directory.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.8
+ NAME 'pwdGraceAuthnLimit'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+.RE
+
+.B pwdLockout
+.P
+This attribute specifies the action that should be taken
+by the directory when a user has made a number of failed attempts
+to authenticate to the directory. If
+.B pwdLockout
+is set (its value is "TRUE"), the user will not be allowed to
+attempt to authenticate to the directory after there have been a
+specified number of consecutive failed bind attempts. The maximum
+number of consecutive failed bind attempts allowed is specified by
+the
+.B pwdMaxFailure
+attribute. If
+.B pwdLockout
+is not present, or if its value is "FALSE", the password may be
+used to authenticate no matter how many consecutive failed bind
+attempts have been made.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.9
+ NAME 'pwdLockout'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+.RE
+
+.B pwdLockoutDuration
+.P
+This attribute contains the number of seconds during
+which the password cannot be used to authenticate the
+user to the directory due to too many consecutive failed
+bind attempts.
+(See also
+.B pwdLockout
+and
+.BR pwdMaxFailure .)
+If
+.B pwdLockoutDuration
+is not present, or if its value is zero (0), the password
+cannot be used to authenticate the user to the directory
+again until it is reset by an administrator.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.10
+ NAME 'pwdLockoutDuration'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+.RE
+
+.B pwdMaxFailure
+.P
+This attribute contains the number of consecutive failed bind
+attempts after which the password may not be used to authenticate
+a user to the directory.
+If
+.B pwdMaxFailure
+is not present, or its value is zero (0), then a user will
+be allowed to continue to attempt to authenticate to
+the directory, no matter how many consecutive failed
+bind attempts have occurred with that user's DN.
+(See also
+.B pwdLockout
+and
+.BR pwdLockoutDuration .)
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.11
+ NAME 'pwdMaxFailure'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+.RE
+
+.B pwdFailureCountInterval
+.P
+This attribute contains the number of seconds after which old
+consecutive failed bind attempts are purged from the failure counter,
+even though no successful authentication has occurred.
+If
+.B pwdFailureCountInterval
+is not present, or its value is zero (0), the failure
+counter will only be reset by a successful authentication.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.12
+ NAME 'pwdFailureCountInterval'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+.RE
+
+.B pwdMustChange
+.P
+This attribute specifies whether users must change their passwords
+when they first bind to the directory after a password is set or
+reset by the administrator, or not. If
+.B pwdMustChange
+has a value of "TRUE", users must change their passwords when they
+first bind to the directory after a password is set or reset by
+the administrator. If
+.B pwdMustChange
+is not present, or its value is "FALSE",
+users are not required to change their password upon binding after
+the administrator sets or resets the password.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.13
+ NAME 'pwdMustChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+.RE
+
+.B pwdAllowUserChange
+.P
+This attribute specifies whether users are allowed to change their own
+passwords or not. If
+.B pwdAllowUserChange
+is set to "TRUE", or if the attribute is not present, users will be
+allowed to change their own passwords. If its value is "FALSE",
+users will not be allowed to change their own passwords.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.14
+ NAME 'pwdAllowUserChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+.RE
+
+.B pwdSafeModify
+.P
+This attribute denotes whether the user's existing password must be sent
+along with their new password when changing a password. If
+.B pwdSafeModify
+is set to "TRUE", the existing password must be sent
+along with the new password. If the attribute is not present, or
+its value is "FALSE", the existing password need not be sent
+along with the new password.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.15
+ NAME 'pwdSafeModify'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+.RE
+
+.B pwdCheckModule
+.P
+This attribute names a user-defined loadable module that must
+instantiate the check_password() function. This function
+will be called to further check a new password if
+.B pwdCheckQuality
+is set to one (1) or two (2),
+after all of the built-in password compliance checks have
+been passed. This function will be called according to this
+function prototype:
+.RS 4
+int
+.I check_password
+(char *pPasswd, char **ppErrStr, Entry *pEntry);
+.RE
+The
+.B pPasswd
+parameter contains the clear-text user password, the
+.B ppErrStr
+parameter contains a double pointer that allows the function
+to return human-readable details about any error it encounters.
+The optional
+.B pEntry
+parameter, if non-NULL, carries a pointer to the
+entry whose password is being checked.
+If
+.B ppErrStr
+is NULL, then
+.I funcName
+must NOT attempt to use it/them.
+A return value of LDAP_SUCCESS from the called
+function indicates that the password is ok, any other value
+indicates that the password is unacceptable. If the password is
+unacceptable, the server will return an error to the client, and
+.B ppErrStr
+may be used to return a human-readable textual explanation of the
+error. The error string must be dynamically allocated as it will
+be free()'d by slapd.
+.LP
+.RS 4
+( 1.3.6.1.4.1.4754.1.99.1
+ NAME 'pwdCheckModule'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+.RE
+.P
+Note:
+The user-defined loadable module named by
+.B pwdCheckModule
+must be in
+.B slapd's
+standard executable search PATH.
+.P
+Note:
+.B pwdCheckModule
+is a non-standard extension to the LDAP password
+policy proposal.
+
+.SH OPERATIONAL ATTRIBUTES
+.P
+The operational attributes used by the
+.B passwd_policy
+module are stored in the user's entry. Most of these attributes
+are not intended to be changed directly by users; they are there
+to track user activity. They have been detailed here so that
+administrators and users can both understand the workings of
+the
+.B ppolicy
+module.
+
+.B userPassword
+.P
+The
+.b userPassword
+attribute is not strictly part of the
+.B ppolicy
+module. It is, however, the attribute that is tracked and controlled
+by the module. Please refer to the standard OpenLDAP schema for
+its definition.
+
+.B pwdPolicySubentry
+.P
+This attribute refers directly to the
+.B pwdPolicy
+subentry that is to be used for this particular directory user.
+If
+.B pwdPolicySubentry
+exists, it must contain the DN of a valid
+.B pwdPolicy
+object. If it does not exist, the
+.B ppolicy
+module will enforce the default password policy rules on the
+user associated with this authenticating DN. If there is no
+default, or the referenced subentry does not exist, then no
+policy rules will be enforced.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.23
+ NAME 'pwdPolicySubentry'
+ DESC 'The pwdPolicy subentry in effect for
+ this object'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE
+ NO-USER-MODIFICATION
+ USAGE directoryOperation)
+.RE
+
+.B pwdChangedTime
+.P
+This attribute denotes the last time that the entry's password was
+changed. This value is used by the password expiration policy to
+determine whether the password is too old to be allowed to be used
+for user authentication. If
+.B pwdChangedTime
+does not exist, the user's password will not expire.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.16
+ NAME 'pwdChangedTime'
+ DESC 'The time the password was last changed'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SINGLE-VALUE
+ NO-USER-MODIFICATION
+ USAGE directoryOperation)
+.RE
+
+.B pwdAccountLockedTime
+.P
+This attribute contains the time that the user's account was locked.
+If the account has been locked, the password may no longer be used to
+authenticate the user to the directory. If
+.B pwdAccountLockedTime
+is set to zero (0), the user's account has been permanently locked
+and may only be unlocked by an administrator.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.17
+ NAME 'pwdAccountLockedTime'
+ DESC 'The time an user account was locked'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SINGLE-VALUE
+ NO-USER-MODIFICATION
+ USAGE directoryOperation)
+.RE
+
+.B pwdFailureTime
+.P
+This attribute contains the timestamps of each of the consecutive
+authentication failures made upon attempted authentication to this
+DN (i.e. account). If too many timestamps accumulate here (refer to
+the
+.B pwdMaxFailure
+password policy attribute for details),
+and the
+.B pwdLockout
+password policy attribute is set to "TRUE", the
+account may be locked.
+(Please also refer to the
+.B pwdLockout
+password policy attribute.)
+Excess timestamps beyond those allowed by
+.B pwdMaxFailure
+may also be purged. If a successful authentication is made to this
+DN (i.e. to this user account), then
+.B pwdFailureTime
+will be cleansed of entries.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.19
+ NAME 'pwdFailureTime'
+ DESC 'The timestamps of the last consecutive
+ authentication failures'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ NO-USER-MODIFICATION
+ USAGE directoryOperation )
+.RE
+
+.B pwdHistory
+.P
+This attribute contains the history of previously used passwords
+for this DN (i.e. for this user account).
+The values of this attribute are stored in string format as follows:
+
+.RS 4
+
+pwdHistory=
+.RS 4
+time "#" syntaxOID "#" length "#" data
+.RE
+
+time=
+.RS 4
+generalizedTimeString as specified in section 6.14 of [RFC2252]
+.RE
+
+.P
+syntaxOID = numericoid
+.RS 4
+This is the string representation of the dotted-decimal OID that
+defines the syntax used to store the password. numericoid is
+described in section 4.1 of [RFC2252].
+.RE
+
+length = numericstring
+.RS 4
+The number of octets in the data. numericstring is described in
+section 4.1 of [RFC2252].
+.RE
+
+data =
+.RS 4
+Octets representing the password in the format specified by syntaxOID.
+.RE
+
+.RE
+
+This format allows the server to store and transmit a history of
+passwords that have been used. In order for equality matching
+on the values in this attribute to function properly, the time
+field is in GMT format.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.20
+ NAME 'pwdHistory'
+ DESC 'The history of user passwords'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ EQUALITY octetStringMatch
+ NO-USER-MODIFICATION
+ USAGE directoryOperation)
+.RE
+
+.B pwdGraceUseTime
+This attribute contains the list of timestamps of logins made after
+the user password in the DN has expired. These post-expiration
+logins are known as "\fIgrace logins\fP".
+If too many
+.I grace logins
+have been used (please refer to the
+.B pwdGraceLoginLimit
+password policy attribute), then the DN will no longer be allowed
+to be used to authenticate the user to the directory until the
+administrator changes the DN's
+.B userPassword
+attribute.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.21
+ NAME 'pwdGraceUseTime'
+ DESC 'The timestamps of the grace login once the password has expired'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ EQUALITY generalizedTimeMatch
+ NO-USER-MODIFICATION
+ USAGE directoryOperation)
+.RE
+
+.B pwdReset
+.P
+This attribute indicates whether the user's password has been reset
+by the administrator and thus must be changed upon first use of this
+DN for authentication to the directory. If
+.B pwdReset
+is set to "TRUE", then the password was reset and the user must change
+it upon first authentication. If the attribute does not exist, or
+is set to "FALSE", the user need not change their password due to
+administrative reset.
+.LP
+.RS 4
+( 1.3.6.1.4.1.42.2.27.8.1.22
+ NAME 'pwdReset'
+ DESC 'The indication that the password has
+ been reset'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE
+ USAGE directoryOperation)
+.RE
+
+.SH EXAMPLES
+.LP
+.RS
+.nf
+database bdb
+suffix dc=example,dc=com
+\...
+overlay ppolicy
+ppolicy_default "cn=Standard,ou=Policies,dc=example,dc=com"
+.fi
+.RE
+
+.SH SEE ALSO
+.BR ldap (3),
+.BR slapd.conf (5),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+IETF LDAP password policy proposal by P. Behera, L. Poitou and J.
+Sermersheim: documented in IETF document
+"draft-behera-ldap-password-policy-09.txt".
+
+.SH BUGS
+The LDAP Password Policy specification is not yet an approved standard,
+and it is still evolving. This code will continue to be in flux until the
+specification is finalized.
+
+.SH ACKNOWLEDGEMENTS
+.P
+This module was written in 2004 by Howard Chu of Symas Corporation
+with significant input from Neil Dunbar and Kartik Subbarao of Hewlett-Packard.
+.P
+This manual page borrows heavily and shamelessly from the specification
+upon which the password policy module it describes is based. This
+source is the
+IETF LDAP password policy proposal by P. Behera, L.
+Poitou and J. Sermersheim.
+The proposal is fully documented in
+the
+IETF document named draft-behera-ldap-password-policy-09.txt,
+written in July of 2005.
+.P
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-refint.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-refint.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-refint.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,51 @@
+.TH SLAPO-REFINT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-refint.5,v 1.2.2.5 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapo-refint \- Referential Integrity overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The Referential Integrity overlay can be used with a backend database such as
+.BR slapd-bdb (5)
+to maintain the cohesiveness of a schema which utilizes reference attributes.
+.LP
+Integrity is maintained by updating database records which contain the named
+attributes to match the results of a
+.B modrdn
+or
+.B delete
+operation. For example, if the integrity attribute were configured as
+.BR manager ,
+deletion of the record "uid=robert,ou=people,o=openldap.org" would trigger a
+search for all other records which have a
+.B manager
+attribute containing that DN. Entries matching that search would have their
+.B manager
+attribute removed.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the Referential Integrity overlay.
+They should appear after the
+.B overlay
+directive.
+.TP
+.B refint_attributes <attribute...>
+Specify one or more attributes for which integrity will be maintained
+as described above.
+.TP
+.B refint_nothing <string>
+Specify an arbitrary value to be used as a placeholder when the last value
+would otherwise be deleted from an attribute. This can be useful in cases
+where the schema requires the existence of an attribute for which referential
+integrity is enforced. The attempted deletion of a required attribute will
+otherwise result in an Object Class Violation, causing the request to fail.
+.B
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5).
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-retcode.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-retcode.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-retcode.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,201 @@
+.TH SLAPO-RETCODE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copying restrictions apply. See the COPYRIGHT file.
+.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-retcode.5,v 1.2.2.8 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapo-retcode \- return code overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.B retcode
+overlay to
+.BR slapd (8)
+is useful to test the behavior of clients when server-generated erroneous
+and/or unusual responses occur, e.g. error codes, referrals,
+excessive response times and so on.
+
+The error responses are generated according to different strategies.
+.LP
+In the first case, all operations targeted at a specific configurable
+subtree cause the object related to the request DN to be looked up
+and checked for return code data: a response code, plus an optional
+textual message, an optional configurable delay, an optional matched DN
+field, and, when the response code is "referral", a (list of) referral(s).
+.LP
+Well-known response codes from standard track documents are provided
+in \fBretcode.conf\fP, which can be included after instantiating
+the overlay.
+.LP
+In the second case, objects of classes inherited from
+the \fBerrAbsObject\fP, like \fBerrObject\fP or \fBerrAuxObject\fP,
+when returned as intermediate responses of a search request, are changed
+into the response dictated by their content.
+.LP
+A third mode causes objects to be looked up from the underlying database
+to discover if their class inherits from \fBerrABsObject\fP;
+in that case, their content is used to compute the corresponding response.
+.LP
+The behavior is disabled by using the \fBmanageDSAit\fP control (RFC 3296);
+in that case, the resulting object, either present in the directory
+or dynamically generated by the overlay, or contained in the request,
+is handled as usual.
+.LP
+The config directives that are specific to the
+.B retcode
+overlay must be prefixed by
+.BR retcode\- ,
+to avoid conflicts with directives specific to the underlying database
+or to other stacked overlays. The following specific directives
+can be used to configure the retcode overlay:
+.TP
+.B retcode\-parent <DN>
+This directive defines the parent DN where dynamically generated
+entries reside.
+If not defined, the suffix of the database is used.
+.HP
+.hy 0
+.B retcode\-item <RDN> <errCode> [op=<oplist>] [text=<message>]
+.B [ref=<referral>] [sleeptime=<sec>] [matched=<DN>]
+.RS
+A dynamically generated entry, located below \fBretcode\-parent\fP.
+The \fB<errCode>\fP is the number of the response code;
+it can be in any format supported by strtol.
+The optional \fB<oplist>\fP is a list of operations that cause
+response code generation; if absent, all operations are affected.
+The \fBmatched\fP field is the matched DN that is returned
+along with the error.
+The \fBref\fP field is only allowed for the \fBreferral\fP
+response code.
+.RE
+.TP
+.B retcode\-indir
+Enables exploitation of in-directory stored errAbsObject.
+May result in a lot of unnecessary overhead.
+.TP
+.B retcode\-sleep [-]<n>
+Defines a sleep time in seconds that is spent before actually handling
+any operation.
+If negative, a random time between 0 and the absolute value of the argument
+is used.
+
+.SH SCHEMA
+The
+.B retcode
+overlay utilizes the "return code" schema described herein.
+This schema is specifically designed for use with this
+overlay and is not intended to be used otherwise.
+It is also noted that the schema describe here is
+.I a work in
+.IR progress ,
+and hence subject to change without notice.
+The schema is loaded automatically by the overlay.
+
+The schema includes a number of object classes and associated
+attribute types as described below.
+
+.LP
+The error code:
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.4.1.1
+ NAME ( 'errCode' )
+ DESC 'LDAP error code'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+.RE
+.LP
+The operations that trigger the response code:
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.4.1.2
+ NAME ( 'errOp' )
+ DESC 'Operations the errObject applies to'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+.RE
+.LP
+The text message:
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.4.1.3
+ NAME ( 'errText' )
+ DESC 'LDAP error textual description'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+.RE
+.LP
+The sleep time before the response is actually returned to the client:
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.4.1.4
+ NAME ( 'errSleepTime' )
+ DESC 'Time to wait before returning the error'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+.RE
+.LP
+The matched DN returned to the client:
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.4.1.5
+ NAME ( 'errMatchedDN' )
+ DESC 'Value to be returned as matched DN'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE )
+.RE
+.LP
+The abstract class that triggers the overlay:
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.4.3.0
+ NAME ( 'errAbsObject' )
+ SUP top ABSTRACT
+ MUST ( errCode )
+ MAY ( cn $ description $ errOp $ errText $ errSleepTime
+ $ errMatchedDN ) )
+.RE
+.LP
+The standalone structural objectclass for specifically created data:
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.4.3.1
+ NAME ( 'errObject' )
+ SUP errAbsObject STRUCTURAL )
+.RE
+.LP
+The auxiliary objectclass to alter the behavior of existing objects:
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.4.3.2
+ NAME ( 'errAuxObject' )
+ SUP errAbsObject AUXILIARY )
+.RE
+
+.SH EXAMPLE
+.LP
+.RS
+.nf
+overlay retcode
+retcode-parent "ou=RetCodes,dc=example,dc=com"
+include ./retcode.conf
+
+# Wait 10 seconds, then return success (0x00)
+retcode-item "cn=Success after 10 seconds" 0x00 sleeptime=10
+# Wait 10 seconds, then return timelimitExceeded (0x03)
+retcode-item "cn=Timelimit after 10 seconds" 0x03 sleeptime=10
+.fi
+.RE
+.LP
+.LP
+
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8),
+.SH ACKNOWLEDGEMENTS
+.P
+This module was written in 2005 by Pierangelo Masarati for SysNet s.n.c.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-rwm.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-rwm.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-rwm.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,569 @@
+.TH SLAPO-RWM 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copying restrictions apply. See the COPYRIGHT file.
+.\" Copyright 2004, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-rwm.5,v 1.8.2.7 2007/01/02 21:43:45 kurt Exp $
+.\"
+.\" Portions of this document should probably be moved to slapd-ldap(5)
+.\" and maybe manual pages for librewrite.
+.\"
+.SH NAME
+slapo-rwm \- rewrite/remap overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.B rwm
+overlay to
+.BR slapd (8)
+performs basic DN/data rewrite and objectClass/attributeType mapping.
+Its usage is mostly intended to provide virtual views of existing data
+either remotely, in conjunction with the proxy backend described in
+.BR slapd-ldap (5),
+or locally, in conjunction with the relay backend described in
+.BR slapd-relay (5).
+.LP
+This overlay is experimental.
+.SH MAPPING
+An important feature of the
+.B rwm
+overlay is the capability to map objectClasses and attributeTypes
+from the local set (or a subset of it) to a foreign set, and vice versa.
+This is accomplished by means of the
+.B rwm-map
+directive.
+.TP
+.B rwm-map "{attribute | objectclass} [<local name> | *] {<foreign name> | *}"
+Map attributeTypes and objectClasses from the foreign server to
+different values on the local slapd.
+The reason is that some attributes might not be part of the local
+slapd's schema, some attribute names might be different but serve the
+same purpose, etc.
+If local or foreign name is `*', the name is preserved.
+If local name is omitted, the foreign name is removed.
+Unmapped names are preserved if both local and foreign name are `*',
+and removed if local name is omitted and foreign name is `*'.
+.LP
+The local
+.I objectClasses
+and
+.I attributeTypes
+must be defined in the local schema; the foreign ones do not have to,
+but users are encouraged to explicitly define the remote attributeTypes
+and the objectClasses they intend to map. All in all, when remapping
+a remote server via back-ldap (\fBslapd-ldap\fP(5))
+or back-meta (\fBslapd-meta\fP(5))
+their definition can be easily obtained by querying the \fIsubschemaSubentry\fP
+of the remote server; the problem should not exist when remapping a local
+database.
+Note, however, that the decision whether to rewrite or not attributeTypes
+with
+.IR "distinguishedName syntax" ,
+requires the knowledge of the attributeType syntax.
+See the REWRITING section for details.
+.LP
+Note that when mapping DN-valued attributes from local to remote,
+first the DN is rewritten, and then the attributeType is mapped;
+while mapping from remote to local, first the attributeType is mapped,
+and then the DN is rewritten.
+As such, it is important that the local attributeType is appropriately
+defined as using the distinguishedName syntax.
+Also, note that there are DN-related syntaxes (i.e. compound types with
+a portion that is DN-valued), like nameAndOptionalUID,
+whose values are currently not rewritten.
+.SH SUFFIX MASSAGING
+A basic feature of the
+.B rwm
+overlay is the capability to perform suffix massaging between a virtual
+and a real naming context by means of the
+.B rwm-suffixmassage
+directive.
+.TP
+.B rwm-suffixmassage "[<virtual naming context>]" "<real naming context>"
+Shortcut to implement naming context rewriting; the trailing part
+of the DN is rewritten from the virtual to the real naming context
+in the bindDN, searchDN, searchFilterAttrDN, compareDN, compareAttrDN,
+addDN, addAttrDN, modifyDN, modifyAttrDN, modrDN, newSuperiorDN,
+deleteDN, exopPasswdDN, and from the real to the virtual naming context
+in the searchEntryDN, searchAttrDN and matchedDN rewrite contexts.
+By default no rewriting occurs for the searchFilter
+and for the referralAttrDN and referralDN rewrite contexts.
+If no \fI<virtual naming context>\fP is given, the first suffix of the
+database is used; this requires the
+.B rwm-suffixmassage
+directive be defined \fIafter\fP the database
+.B suffix
+directive.
+The
+.B rwm-suffixmassage
+directive automatically sets the
+.B rwm-rewriteEngine
+to
+.BR ON .
+.LP
+See the REWRITING section for details.
+.SH REWRITING
+A string is rewritten according to a set of rules, called a `rewrite
+context'.
+The rules are based on POSIX (''extended'') regular expressions with
+substring matching; basic variable substitution and map resolution
+of substrings is allowed by specific mechanisms detailed in the following.
+The behavior of pattern matching/substitution can be altered by a set
+of flags.
+.LP
+.RS
+.nf
+<rewrite context> ::= <rewrite rule> [...]
+<rewrite rule> ::= <pattern> <action> [<flags>]
+.fi
+.RE
+.LP
+The underlying concept is to build a lightweight rewrite module
+for the slapd server (initially dedicated to the LDAP backend):
+.LP
+.SH Passes
+An incoming string is matched against a set of
+.IR rewriteRules .
+Rules are made of a
+.IR "regex match pattern" ,
+a
+.I "substitution pattern"
+and a set of actions, described by a set of
+.IR "optional flags" .
+In case of match, string rewriting is performed according to the
+substitution pattern that allows to refer to substrings matched in the
+incoming string.
+The actions, if any, are finally performed.
+Each rule is executed recursively, unless altered by specific action
+flags; see "Action Flags" for details.
+A default limit on the recursion level is set, and can be altered
+by the
+.B rwm-rewriteMaxPasses
+directive, as detailed in the "Additional Configuration Syntax" section.
+The substitution pattern allows map resolution of substrings.
+A map is a generic object that maps a substitution pattern to a value.
+The flags are divided in "Pattern Matching Flags" and "Action Flags";
+the former alter the regex match pattern behavior, while the latter
+alter the actions that are taken after substitution.
+.SH "Pattern Matching Flags"
+.TP
+.B `C'
+honors case in matching (default is case insensitive)
+.TP
+.B `R'
+use POSIX ''basic'' regular expressions (default is ''extended'')
+.TP
+.B `M{n}'
+allow no more than
+.B n
+recursive passes for a specific rule; does not alter the max total count
+of passes, so it can only enforce a stricter limit for a specific rule.
+.SH "Action Flags"
+.TP
+.B `:'
+apply the rule once only (default is recursive)
+.TP
+.B `@'
+stop applying rules in case of match; the current rule is still applied
+recursively; combine with `:' to apply the current rule only once
+and then stop.
+.TP
+.B `#'
+stop current operation if the rule matches, and issue an `unwilling to
+perform' error.
+.TP
+.B `G{n}'
+jump
+.B n
+rules back and forth (watch for loops!).
+Note that `G{1}' is implicit in every rule.
+.TP
+.B `I'
+ignores errors in rule; this means, in case of error, e.g. issued by a
+map, the error is treated as a missed match.
+The `unwilling to perform' is not overridden.
+.TP
+.B `U{n}'
+uses
+.B
+n
+as return code if the rule matches; the flag does not alter the recursive
+behavior of the rule, so, to have it performed only once, it must be used
+in combination with `:', e.g.
+.B `:U{32}'
+returns the value `32' (indicating noSuchObject) after exactly
+one execution of the rule, if the pattern matches.
+As a consequence, its behavior is equivalent to `@', with the return
+code set to
+.BR n ;
+or, in other words, `@' is equivalent to `U{0}'.
+Positive errors are allowed, indicating the related LDAP error codes
+as specified in \fIdraft-ietf-ldapbis-protocol\fP.
+.LP
+The ordering of the flags can be significant.
+For instance: `IG{2}' means ignore errors and jump two lines ahead
+both in case of match and in case of error, while `G{2}I' means ignore
+errors, but jump two lines ahead only in case of match.
+.LP
+More flags (mainly Action Flags) will be added as needed.
+.SH "Pattern Matching"
+See
+.BR regex (7)
+and/or
+.BR re_format (7).
+.SH "Substitution Pattern Syntax"
+Everything starting with `$' requires substitution;
+.LP
+the only obvious exception is `$$', which is turned into a single `$';
+.LP
+the basic substitution is `$<d>', where `<d>' is a digit;
+0 means the whole string, while 1-9 is a submatch, as discussed in
+.BR regex (7)
+and/or
+.BR re_format (7).
+.LP
+a `$' followed by a `{' invokes an advanced substitution.
+The pattern is:
+.LP
+.RS
+`$' `{' [ <operator> ] <name> `(' <substitution> `)' `}'
+.RE
+.LP
+where <name> must be a legal name for the map, i.e.
+.LP
+.RS
+.nf
+<name> ::= [a-z][a-z0-9]* (case insensitive)
+<operator> ::= `>' `|' `&' `&&' `*' `**' `$'
+.fi
+.RE
+.LP
+and <substitution> must be a legal substitution
+pattern, with no limits on the nesting level.
+.LP
+The operators are:
+.TP
+.B >
+sub-context invocation; <name> must be a legal, already defined
+rewrite context name
+.TP
+.B |
+external command invocation; <name> must refer to a legal, already
+defined command name (NOT IMPLEMENTED YET)
+.TP
+.B &
+variable assignment; <name> defines a variable in the running
+operation structure which can be dereferenced later; operator
+.B &
+assigns a variable in the rewrite context scope; operator
+.B &&
+assigns a variable that scopes the entire session, e.g. its value
+can be dereferenced later by other rewrite contexts
+.TP
+.B *
+variable dereferencing; <name> must refer to a variable that is
+defined and assigned for the running operation; operator
+.B *
+dereferences a variable scoping the rewrite context; operator
+.B **
+dereferences a variable scoping the whole session, e.g. the value
+is passed across rewrite contexts
+.TP
+.B $
+parameter dereferencing; <name> must refer to an existing parameter;
+the idea is to make some run-time parameters set by the system
+available to the rewrite engine, as the client host name, the bind DN
+if any, constant parameters initialized at config time, and so on;
+no parameter is currently set by either
+.B back\-ldap
+or
+.BR back\-meta ,
+but constant parameters can be defined in the configuration file
+by using the
+.B rewriteParam
+directive.
+.LP
+Substitution escaping has been delegated to the `$' symbol,
+which is used instead of `\e' in string substitution patterns
+because `\e' is already escaped by slapd's low level parsing routines;
+as a consequence, regex escaping requires
+two `\e' symbols, e.g. `\fB.*\e.foo\e.bar\fP' must
+be written as `\fB.*\e\e.foo\e\e.bar\fP'.
+.\"
+.\" The symbol can be altered at will by redefining the related macro in
+.\" "rewrite-int.h".
+.\"
+.SH "Rewrite Context"
+A rewrite context is a set of rules which are applied in sequence.
+The basic idea is to have an application initialize a rewrite
+engine (think of Apache's mod_rewrite ...) with a set of rewrite
+contexts; when string rewriting is required, one invokes the
+appropriate rewrite context with the input string and obtains the
+newly rewritten one if no errors occur.
+.LP
+Each basic server operation is associated to a rewrite context;
+they are divided in two main groups: client \-> server and
+server \-> client rewriting.
+.LP
+client -> server:
+.LP
+.RS
+.nf
+(default) if defined and no specific context
+ is available
+bindDN bind
+searchDN search
+searchFilter search
+searchFilterAttrDN search
+compareDN compare
+compareAttrDN compare AVA
+addDN add
+addAttrDN add AVA (DN portion of "ref" excluded)
+modifyDN modify
+modifyAttrDN modify AVA (DN portion of "ref" excluded)
+referralAttrDN add/modify DN portion of referrals
+ (default to none)
+modrDN modrdn
+newSuperiorDN modrdn
+deleteDN delete
+exopPasswdDN password modify extended operation DN
+.fi
+.RE
+.LP
+server -> client:
+.LP
+.RS
+.nf
+searchEntryDN search (only if defined; no default;
+ acts on DN of search entries)
+searchAttrDN search AVA (only if defined; defaults
+ to searchEntryDN; acts on DN-syntax
+ attributes of search results)
+matchedDN all ops (only if applicable; defaults
+ to searchEntryDN)
+referralDN all ops (only if applicable; defaults
+ to none)
+.fi
+.RE
+.LP
+.SH "Basic Configuration Syntax"
+All rewrite/remap directives start with the prefix
+.BR rwm- ;
+for backwards compatibility with the historical
+.BR slapd-ldap (5)
+and
+.BR slapd-meta (5)
+builtin rewrite/remap capabilities, the prefix may be omitted,
+but this practice is strongly discouraged.
+.TP
+.B rwm-rewriteEngine { on | off }
+If `on', the requested rewriting is performed; if `off', no
+rewriting takes place (an easy way to stop rewriting without
+altering too much the configuration file).
+.TP
+.B rwm-rewriteContext <context name> "[ alias <aliased context name> ]"
+<Context name> is the name that identifies the context, i.e. the name
+used by the application to refer to the set of rules it contains.
+It is used also to reference sub contexts in string rewriting.
+A context may alias another one.
+In this case the alias context contains no rule, and any reference to
+it will result in accessing the aliased one.
+.TP
+.B rwm-rewriteRule "<regex match pattern>" "<substitution pattern>" "[ <flags> ]"
+Determines how a string can be rewritten if a pattern is matched.
+Examples are reported below.
+.SH "Additional Configuration Syntax"
+.TP
+.B rwm-rewriteMap "<map type>" "<map name>" "[ <map attrs> ]"
+Allows to define a map that transforms substring rewriting into
+something else.
+The map is referenced inside the substitution pattern of a rule.
+.TP
+.B rwm-rewriteParam <param name> <param value>
+Sets a value with global scope, that can be dereferenced by the
+command `${$paramName}'.
+.TP
+.B rwm-rewriteMaxPasses <number of passes> [<number of passes per rule>]
+Sets the maximum number of total rewriting passes that can be
+performed in a single rewrite operation (to avoid loops).
+A safe default is set to 100; note that reaching this limit is still
+treated as a success; recursive invocation of rules is simply
+interrupted.
+The count applies to the rewriting operation as a whole, not
+to any single rule; an optional per-rule limit can be set.
+This limit is overridden by setting specific per-rule limits
+with the `M{n}' flag.
+.SH "REWRITE CONFIGURATION EXAMPLES"
+.nf
+# set to `off' to disable rewriting
+rwm-rewriteEngine on
+
+# the rules the "suffixmassage" directive implies
+rwm-rewriteEngine on
+# all dataflow from client to server referring to DNs
+rwm-rewriteContext default
+rwm-rewriteRule "(.+,)?<virtualnamingcontext>$" "$1<realnamingcontext>" ":"
+# empty filter rule
+rwm-rewriteContext searchFilter
+# all dataflow from server to client
+rwm-rewriteContext searchEntryDN
+rwm-rewriteRule "(.+,)?<realnamingcontext>$" "$1<virtualnamingcontext>" ":"
+rwm-rewriteContext searchAttrDN alias searchEntryDN
+rwm-rewriteContext matchedDN alias searchEntryDN
+# misc empty rules
+rwm-rewriteContext referralAttrDN
+rwm-rewriteContext referralDN
+
+# Everything defined here goes into the `default' context.
+# This rule changes the naming context of anything sent
+# to `dc=home,dc=net' to `dc=OpenLDAP, dc=org'
+
+rwm-rewriteRule "(.+,)?dc=home,[ ]?dc=net$"
+ "$1dc=OpenLDAP, dc=org" ":"
+
+# since a pretty/normalized DN does not include spaces
+# after rdn separators, e.g. `,', this rule suffices:
+
+rwm-rewriteRule "(.+,)?dc=home,dc=net$"
+ "$1dc=OpenLDAP,dc=org" ":"
+
+# Start a new context (ends input of the previous one).
+# This rule adds blanks between DN parts if not present.
+rwm-rewriteContext addBlanks
+rwm-rewriteRule "(.*),([^ ].*)" "$1, $2"
+
+# This one eats blanks
+rwm-rewriteContext eatBlanks
+rwm-rewriteRule "(.*), (.*)" "$1,$2"
+
+# Here control goes back to the default rewrite
+# context; rules are appended to the existing ones.
+# anything that gets here is piped into rule `addBlanks'
+rwm-rewriteContext default
+rwm-rewriteRule ".*" "${>addBlanks($0)}" ":"
+
+.\" # Anything with `uid=username' is looked up in
+.\" # /etc/passwd for gecos (I know it's nearly useless,
+.\" # but it is there just as a guideline to implementing
+.\" # custom maps).
+.\" # Note the `I' flag that leaves `uid=username' in place
+.\" # if `username' does not have a valid account, and the
+.\" # `:' that forces the rule to be processed exactly once.
+.\" rwm-rewriteContext uid2Gecos
+.\" rwm-rewriteRule "(.*)uid=([a-z0-9]+),(.+)"
+.\" "$1cn=$2{xpasswd},$3" "I:"
+.\"
+.\" # Finally, in a bind, if one uses a `uid=username' DN,
+.\" # it is rewritten in `cn=name surname' if possible.
+.\" rwm-rewriteContext bindDN
+.\" rwm-rewriteRule ".*" "${>addBlanks(${>uid2Gecos($0)})}" ":"
+.\"
+# Rewrite the search base according to `default' rules.
+rwm-rewriteContext searchDN alias default
+
+# Search results with OpenLDAP DN are rewritten back with
+# `dc=home,dc=net' naming context, with spaces eaten.
+rwm-rewriteContext searchEntryDN
+rwm-rewriteRule "(.*[^ ],)?[ ]?dc=OpenLDAP,[ ]?dc=org$"
+ "${>eatBlanks($1)}dc=home,dc=net" ":"
+
+# Bind with email instead of full DN: we first need
+# an ldap map that turns attributes into a DN (the
+# argument used when invoking the map is appended to
+# the URI and acts as the filter portion)
+rwm-rewriteMap ldap attr2dn "ldap://host/dc=my,dc=org?dn?sub"
+
+# Then we need to detect DN made up of a single email,
+# e.g. `mail=someone at example.com'; note that the rule
+# in case of match stops rewriting; in case of error,
+# it is ignored. In case we are mapping virtual
+# to real naming contexts, we also need to rewrite
+# regular DNs, because the definition of a bindDN
+# rewrite context overrides the default definition.
+rwm-rewriteContext bindDN
+rwm-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I"
+
+# This is a rather sophisticated example. It massages a
+# search filter in case who performs the search has
+# administrative privileges. First we need to keep
+# track of the bind DN of the incoming request, which is
+# stored in a variable called `binddn' with session scope,
+# and left in place to allow regular binding:
+rwm-rewriteContext bindDN
+rwm-rewriteRule ".+" "${&&binddn($0)}$0" ":"
+
+# A search filter containing `uid=' is rewritten only
+# if an appropriate DN is bound.
+# To do this, in the first rule the bound DN is
+# dereferenced, while the filter is decomposed in a
+# prefix, in the value of the `uid=<arg>' AVA, and
+# in a suffix. A tag `<>' is appended to the DN.
+# If the DN refers to an entry in the `ou=admin' subtree,
+# the filter is rewritten OR-ing the `uid=<arg>' with
+# `cn=<arg>'; otherwise it is left as is. This could be
+# useful, for instance, to allow apache's auth_ldap-1.4
+# module to authenticate users with both `uid' and
+# `cn', but only if the request comes from a possible
+# `cn=Web auth,ou=admin,dc=home,dc=net' user.
+rwm-rewriteContext searchFilter
+rwm-rewriteRule "(.*\e\e()uid=([a-z0-9_]+)(\e\e).*)"
+ "${**binddn}<>${&prefix($1)}${&arg($2)}${&suffix($3)}"
+ ":I"
+rwm-rewriteRule "^[^,]+,ou=admin,dc=home,dc=net$"
+ "${*prefix}|(uid=${*arg})(cn=${*arg})${*suffix}" ":@I"
+rwm-rewriteRule ".*<>$" "${*prefix}uid=${*arg}${*suffix}" ":"
+
+# This example shows how to strip unwanted DN-valued
+# attribute values from a search result; the first rule
+# matches DN values below "ou=People,dc=example,dc=com";
+# in case of match the rewriting exits successfully.
+# The second rule matches everything else and causes
+# the value to be rejected.
+rwm-rewriteContext searchEntryDN
+rwm-rewriteRule ".+,ou=People,dc=example,dc=com$" "$0" ":@"
+rwm-rewriteRule ".*" "" "#"
+.fi
+.SH "MAPPING EXAMPLES"
+The following directives map the object class `groupOfNames' to
+the object class `groupOfUniqueNames' and the attribute type
+`member' to the attribute type `uniqueMember':
+.LP
+.RS
+.nf
+map objectclass groupOfNames groupOfUniqueNames
+map attribute uniqueMember member
+.fi
+.RE
+.LP
+This presents a limited attribute set from the foreign
+server:
+.LP
+.RS
+.nf
+map attribute cn *
+map attribute sn *
+map attribute manager *
+map attribute description *
+map attribute *
+.fi
+.RE
+.LP
+These lines map cn, sn, manager, and description to themselves, and
+any other attribute gets "removed" from the object before it is sent
+to the client (or sent up to the LDAP server). This is obviously a
+simplistic example, but you get the point.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd\-ldap (5),
+.BR slapd\-meta (5),
+.BR slapd\-relay (5),
+.BR slapd (8),
+.BR regex (7),
+.BR re_format (7).
+.SH AUTHOR
+Pierangelo Masarati; based on back-ldap rewrite/remap features
+by Howard Chu, Pierangelo Masarati.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-syncprov.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-syncprov.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-syncprov.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,75 @@
+.TH SLAPO-SYNCPROV 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-syncprov.5,v 1.2.2.8 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapo-syncprov \- Sync Provider overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The Sync Provider overlay implements the provider-side support for the
+LDAP Content Synchronization (RFC4533) as well as syncrepl replication
+support. The overlay
+can be used with any backend that maintains entryCSN and entryUUID
+attributes for its entries. It also creates a contextCSN attribute in
+the root entry of the database.
+
+The contextCSN is updated for every write operation performed against the
+database. To reduce database contention, the contextCSN is only updated in
+memory. The value is written to the database on server shutdown and read into
+memory on startup, and maintained in memory thereafter. Checkpoints may be
+configured to write the contextCSN into the underlying database to minimize
+recovery time after an unclean shutdown.
+
+Note that due to deadlock constraints in the LDBM database, this overlay
+will only work in RefreshOnly mode, and cannot perform checkpoints, on LDBM.
+
+On databases that support inequality indexing, it is helpful to set an
+eq index on the entryCSN attribute when using this overlay.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the Sync Provider overlay.
+They should appear after the
+.B overlay
+directive.
+.TP
+.B syncprov-checkpoint <ops> <minutes>
+After a write operation has succeeded, write the contextCSN to the underlying
+database if
+.B <ops>
+write operations or more than
+.B <minutes>
+time have passed
+since the last checkpoint. Checkpointing is disabled by default.
+.TP
+.B syncprov-sessionlog <ops>
+Specify a session log for recording information about write operations made
+on the database. The
+.B <ops>
+specifies the number of operations that are recorded in the log. All write
+operations (except Adds) are recorded in the log.
+When using the session log, it is helpful to set an eq index on the
+entryUUID attribute in the underlying database.
+.TP
+.B syncprov-nopresent TRUE | FALSE
+Specify that the Present phase of refreshing should be skipped. This value
+should only be set TRUE for a syncprov instance on top of a log database
+(such as one managed by the accesslog overlay).
+The default is FALSE.
+.TP
+.B syncprov-reloadhint TRUE | FALSE
+Specify that the overlay should honor the reloadHint flag in the Sync
+Control. In OpenLDAP releases 2.3.11 and earlier the syncrepl consumer did
+not properly set this flag, so the overlay must ignore it. This option
+should be set TRUE when working with newer releases that properly support
+this flag. It must be set TRUE when using the accesslog overlay for
+delta-based syncrepl support. The default is FALSE.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapo-accesslog (5).
+OpenLDAP Administrator's Guide.
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-translucent.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-translucent.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-translucent.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,77 @@
+.TH SLAPO-TRANSLUCENT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-translucent.5,v 1.2.2.4 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapo-translucent \- Translucent Proxy overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The Translucent Proxy overlay can be used with a backend database such as
+.BR slapd-bdb (5)
+to create a "translucent proxy". Entries retrieved from a remote LDAP
+server may have some or all attributes overridden, or new attributes
+added, by entries in the local database before being presented to the
+client.
+.LP
+A
+.BR search
+operation is first populated with entries from the remote LDAP server, the
+attributes of which are then overridden with any attributes defined in the
+local database. Local overrides may be populated with the
+.BR add ,
+.B modify ,
+and
+.B modrdn
+operations, the use of which is restricted to the root user.
+.LP
+A
+.BR compare
+operation will perform a comparison with attributes defined in the local
+database record (if any) before any comparison is made with data in the
+remote database.
+.SH CONFIGURATION
+The Translucent Proxy overlay uses a remote LDAP server which is configured
+with the options shown in
+.BR slapd-ldap (5).
+These
+.B slapd.conf
+options are specific to the Translucent Proxy overlay; they may appear anywhere
+after the
+.B overlay
+directive and before any subsequent
+.B database
+directive.
+.TP
+.B translucent_strict
+By default, attempts to delete attributes in either the local or remote
+databases will be silently ignored. The
+.B translucent_strict
+directive causes these modifications to fail with a Constraint Violation.
+.TP
+.B translucent_no_glue
+This configuration option disables the automatic creation of "glue" records
+for an
+.B add
+or
+.B modrdn
+operation, such that all parents of an entry added to the local database
+must be created by hand. Glue records are always created for a
+.B modify
+operation.
+.SH CAVEATS
+.LP
+The Translucent Proxy overlay will disable schema checking in the local database,
+so that an entry consisting of overlay attributes need not adhere to the
+complete schema.
+.LP
+Because the translucent overlay does not perform any DN rewrites, the local
+and remote database instances must have the same suffix. Other configurations
+will probably fail with No Such Object and other errors.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd-ldap (5).
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-unique.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-unique.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-unique.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,99 @@
+.TH SLAPO-UNIQUE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-unique.5,v 1.2.2.6 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapo-unique \- Attribute Uniqueness overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The Attribute Uniqueness overlay can be used with a backend database such as
+.BR slapd-bdb (5)
+to enforce the uniqueness of some or all attributes within a subtree. This
+subtree defaults to the base DN of the database for which the Uniqueness
+overlay is configured.
+.LP
+Uniqueness is enforced by searching the subtree to ensure that the values of
+all attributes presented with an
+.BR add ,
+.B modify
+or
+.B modrdn
+operation are unique within the subtree.
+For example, if uniqueness were enforced for the
+.B uid
+attribute, the subtree would be searched for any other records which also
+have a
+.B uid
+attribute containing the same value. If any are found, the request is
+rejected.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the Attribute Uniqueness overlay.
+They should appear after the
+.B overlay
+directive.
+.TP
+.B unique_base <basedn>
+Configure the subtree against which uniqueness searches will be invoked.
+The
+.B basedn
+defaults to the base DN of the database for which uniqueness is configured.
+.TP
+.B unique_ignore <attribute...>
+Configure one or more attributes for which uniqueness will not be enforced.
+If not configured, all non-operational (eg, system) attributes must be
+unique. Note that the
+.B unique_ignore
+list should generally contain the
+.BR objectClass ,
+.BR dc ,
+.B ou
+and
+.B o
+attributes, as these will generally not be unique, nor are they operational
+attributes.
+.TP
+.B unique_attributes <attribute...>
+Specify one or more attributes for which uniqueness will be enforced.
+If not specified, all attributes which are not operational (eg, system
+attributes such as
+.B entryUUID )
+or specified via the
+.B unique_ignore
+directive above must be unique within the subtree.
+.TP
+.B unique_strict
+By default, uniqueness is not enforced for null values. Enabling
+.B unique_strict
+mode extends the concept of uniqueness to include null values, such that
+only one attribute within a subtree will be allowed to have a null value.
+.SH CAVEATS
+.LP
+The search key is generated with attributes that are non-operational, not
+on the
+.B unique_ignore
+list, and included in the
+.B unique_attributes
+list, in that order. This makes it possible to create interesting and
+unusable configurations. Usually only one of
+.B unique_ignore
+or
+.B unique_attributes
+should be configured; use
+.B unique_ignore
+if the majority of attributes should be unique, and use
+.B unique_attributes
+if only a small set of attributes should be unique.
+.LP
+Typical attributes for the
+.B unique_ignore
+directive are intentionally not hardcoded into the overlay to allow for
+maximum flexibility in meeting site-specific requirements.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5).
Added: openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-valsort.5
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-valsort.5 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man5/slapo-valsort.5 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,75 @@
+.TH SLAPO-VALSORT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2005-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-valsort.5,v 1.2.2.5 2007/01/02 21:43:45 kurt Exp $
+.SH NAME
+slapo-valsort \- Value Sorting overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The Value Sorting overlay can be used with a backend database to sort the
+values of specific multi-valued attributes within a subtree. The sorting
+occurs whenever the attributes are returned in a search response.
+.LP
+Sorting can be specified in ascending or descending order, using either
+numeric or alphanumeric sort methods. Additionally, a "weighted" sort can
+be specified, which uses a numeric weight prepended to the attribute values.
+The weighted sort is always performed in ascending order, but may be combined
+with the other methods for values that all have equal weights. The weight
+is specified by prepending an integer weight {<\fIweight\fP>}
+in front of each value of the attribute for which weighted sorting is
+desired. This weighting factor is stripped off and never returned in
+search results.
+
+.SH CONFIGURATION
+These
+.I slapd.conf
+options apply to the Value Sorting overlay.
+They should appear after the
+.B overlay
+directive.
+.TP
+valsort-attr <\fIattribute\fP> <\fIbaseDN\fP> (<\fIsort-method\fP> | weighted [<\fIsort-method\fP>])
+Configure a sorting method for the specified
+.I attribute
+in the subtree rooted at
+.IR baseDN .
+The
+.I sort-method
+may be one of
+.BR alpha-ascend ,
+.BR alpha-descend ,
+.BR numeric-ascend ,
+or
+.BR numeric-descend .
+If the special
+.B weighted
+method is specified, a secondary
+.I sort-method
+may also be specified. It is an
+error to specify an alphanumeric
+.I sort-method
+for an attribute with Integer
+or NumericString syntax, and it is an error to specify a numeric
+.I sort-method
+for an attribute with a syntax other than Integer or NumericString.
+.SH EXAMPLES
+.LP
+.nf
+ database bdb
+ suffix dc=example,dc=com
+ ...
+ overlay valsort
+ valsort-attr member ou=groups,dc=example,dc=com alpha-ascend
+.fi
+
+.SH FILES
+.TP
+\fIETCDIR/slapd.conf\fP
+default \fBslapd\fP configuration file
+.SH SEE ALSO
+.BR slapd.conf (5).
+.SH ACKNOWLEDGEMENTS
+.P
+This module was written in 2005 by Howard Chu of Symas Corporation. The
+work was sponsored by Stanford University.
Added: openldap/vendor/openldap-2.3.35/doc/man/man8/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man8/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man8/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,16 @@
+# man8 Makefile.in for OpenLDAP
+# $OpenLDAP: pkg/ldap/doc/man/man8/Makefile.in,v 1.8.2.4 2007/01/02 21:43:46 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+MANSECT=8
Added: openldap/vendor/openldap-2.3.35/doc/man/man8/slapacl.8
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man8/slapacl.8 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man8/slapacl.8 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,163 @@
+.TH SLAPACL 8C "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+slapacl \- Check access to a list of attributes.
+.SH SYNOPSIS
+.B SBINDIR/slapacl
+.B [\-v]
+.B [\-d level]
+.B [\-f slapd.conf]
+.B [\-F confdir]
+.B [\-D authcDN | \-U authcID]
+.B \-b DN
+.B [\-u]
+.B [\-X authzID | \-o authzDN=DN]
+.B [attr[/access][:value]] [...]
+.LP
+.SH DESCRIPTION
+.LP
+.B Slapacl
+is used to check the behavior of the slapd in verifying access to data
+according to ACLs, as specified in
+.BR slapd.access (5).
+It opens the
+.BR slapd.conf (5)
+configuration file, reads in the
+.B access
+directives, and then parses the
+.B attr
+list given on the command-line; if none is given, access to the
+.B entry
+pseudo-attribute is tested.
+.LP
+.SH OPTIONS
+.TP
+.B \-v
+enable verbose mode.
+.TP
+.BI \-d " level"
+enable debugging messages as defined by the specified
+.IR level .
+.TP
+.BI \-f " slapd.conf"
+specify an alternative
+.BR slapd.conf (5)
+file.
+.TP
+.BI \-F " confdir"
+specify a config directory.
+If both
+.B -f
+and
+.B -F
+are specified, the config file will be read and converted to
+config directory format and written to the specified directory.
+If neither option is specified, an attempt to read the
+default config directory will be made before trying to use the default
+config file. If a valid config directory exists then the
+default config file is ignored.
+.TP
+.BI \-D " authcDN"
+specify a DN to be used as identity through the test session
+when selecting appropriate
+.B <by>
+clauses in access lists.
+.TP
+.BI \-U " authcID"
+specify an ID to be mapped to a
+.B DN
+as by means of
+.B authz-regexp
+or
+.B authz-rewrite
+rules (see
+.BR slapd.conf (5)
+for details); mutually exclusive with
+.BR \-D .
+.TP
+.BI \-X " authzID"
+specify an authorization ID to be mapped to a
+.B DN
+as by means of
+.B authz-regexp
+or
+.B authz-rewrite
+rules (see
+.BR slapd.conf (5)
+for details); mutually exclusive with \fB\-o\fP \fIauthzDN=DN\fP.
+.TP
+.BI \-o " option[=value]"
+Specify an
+.BR option
+with a(n optional)
+.BR value .
+Possible options/values are:
+.LP
+.nf
+ sockurl
+ domain
+ peername
+ sockname
+ ssf
+ transport_ssf
+ tls_ssf
+ sasl_ssf
+ authzDN
+.fi
+.TP
+.BI \-b " DN"
+specify the
+.B DN
+which access is requested to; the corresponding entry is fetched
+from the database, and thus it must exist.
+The DN is also used to determine what rules apply; thus, it must be
+in the naming context of a configured database. See also
+.BR \-u .
+.TP
+.BI \-u
+do not fetch the entry from the database.
+In this case, if the entry does not exist, a fake entry with the DN
+given with the
+.B \-b
+option is used, with no attributes.
+As a consequence, those rules that depend on the contents
+of the target object will not behave as with the real object.
+The DN given with the
+.B \-b
+option is still used to select what rules apply; thus, it must be
+in the naming context of a configured database.
+See also
+.BR \-b .
+.SH EXAMPLES
+The command
+.LP
+.nf
+.ft tt
+ SBINDIR/slapacl -f /ETCDIR/slapd.conf -v \\
+ -U bjorn -b "o=University of Michigan,c=US" \\
+ "o/read:University of Michigan"
+
+.ft
+.fi
+tests whether the user
+.I bjorn
+can access the attribute
+.I o
+of the entry
+.I o=University of Michigan,c=US
+at
+.I read
+level.
+.SH "SEE ALSO"
+.BR ldap (3),
+.BR slapd (8)
+.BR slaptest (8)
+.BR slapauth (8)
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man8/slapadd.8
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man8/slapadd.8 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man8/slapadd.8 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,145 @@
+.TH SLAPADD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapadd.8,v 1.23.2.9 2007/01/02 21:43:46 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+slapadd \- Add entries to a SLAPD database
+.SH SYNOPSIS
+.B SBINDIR/slapadd
+.B [\-v]
+.B [\-c]
+.B [\-g]
+.B [\-u]
+.B [\-q]
+.B [\-w]
+.B [\-d level]
+.B [\-b suffix]
+.B [\-n dbnum]
+.B [\-f slapd.conf]
+.B [\-F confdir]
+.B [\-l ldif-file]
+.SH DESCRIPTION
+.LP
+.B Slapadd
+is used to add entries specified in LDAP Directory Interchange Format
+(LDIF) to a
+.BR slapd (8)
+database.
+It opens the given database determined by the database number or
+suffix and adds entries corresponding to the provided LDIF to
+the database.
+Databases configured as
+.B subordinate
+of this one are also updated, unless \fB-g\fP is specified.
+The LDIF input is read from standard input or the specified file.
+.LP
+As
+.B slapadd
+is designed to accept LDIF in database order, as produced by
+.BR slapcat (8),
+it does not verify that superior entries exist before
+adding an entry, does not perform all user and system
+schema checks, and does not maintain operational
+attributes (such as createTimeStamp and modifiersName).
+.SH OPTIONS
+.TP
+.B \-v
+enable verbose mode.
+.TP
+.B \-c
+enable continue (ignore errors) mode.
+.TP
+.B \-g
+disable subordinate gluing. Only the specified database will be
+processed, and not its glued subordinates (if any).
+.TP
+.B \-u
+enable dry-run (don't write to backend) mode.
+.TP
+.B \-q
+enable quick (fewer integrity checks) mode. Does fewer consistency checks
+on the input data, and no consistency checks when writing the database.
+Improves the load time but if any errors or interruptions occur the resulting
+database will be unusable.
+.TP
+.BI \-w
+write syncrepl context information.
+After all entries are added, the contextCSN
+will be updated with the greatest CSN in the database.
+.TP
+.BI \-d " level"
+enable debugging messages as defined by the specified
+.IR level .
+.TP
+.BI \-b " suffix"
+Use the specified \fIsuffix\fR to determine which database to
+add entries to. The \-b cannot be used in conjunction
+with the
+.B \-n
+option.
+.TP
+.BI \-n " dbnum"
+Add entries to the \fIdbnum\fR\-th database listed in the
+configuration file. The
+.B \-n
+cannot be used in conjunction with the
+.B \-b
+option.
+.TP
+.BI \-f " slapd.conf"
+specify an alternative
+.BR slapd.conf (5)
+file.
+.TP
+.BI \-F " confdir"
+specify a config directory.
+If both
+.B -f
+and
+.B -F
+are specified, the config file will be read and converted to
+config directory format and written to the specified directory.
+If neither option is specified, an attempt to read the
+default config directory will be made before trying to use the default
+config file. If a valid config directory exists then the
+default config file is ignored. If dryrun mode is also specified,
+no conversion will occur.
+.TP
+.BI \-l " ldif-file"
+Read LDIF from the specified file instead of standard input.
+.SH LIMITATIONS
+Your
+.BR slapd (8)
+should not be running
+when you do this to ensure consistency of the database.
+.LP
+.B slapadd
+may not provide naming or schema checks. It is advisable to
+use
+.BR ldapadd (1)
+when adding new entries into an existing directory.
+.SH EXAMPLES
+To import the entries specified in file
+.B ldif
+into your
+.BR slapd (8)
+database give the command:
+.LP
+.nf
+.ft tt
+ SBINDIR/slapadd -l ldif
+.ft
+.fi
+.SH "SEE ALSO"
+.BR ldap (3),
+.BR ldif (5),
+.BR slapcat (8),
+.BR ldapadd (1),
+.BR slapd (8)
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man8/slapauth.8
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man8/slapauth.8 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man8/slapauth.8 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,125 @@
+.TH SLAPAUTH 8C "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+slapauth \- Check a list of string-represented IDs for authc/authz.
+.SH SYNOPSIS
+.B SBINDIR/slapauth
+.B [\-v]
+.B [\-d level]
+.B [\-f slapd.conf]
+.B [\-F confdir]
+.B [\-M mech]
+.B [\-R realm]
+.B [\-U authcID]
+.B [\-X authzID]
+.B ID [...]
+.LP
+.SH DESCRIPTION
+.LP
+.B Slapauth
+is used to check the behavior of the slapd in mapping identities
+for authentication and authorization purposes, as specified in
+.BR slapd.conf (5).
+It opens the
+.BR slapd.conf (5)
+configuration file, reads in the
+.B authz-policy
+and
+.B authz-regexp
+directives, and then parses the
+.B ID
+list given on the command-line.
+.LP
+.SH OPTIONS
+.TP
+.B \-v
+enable verbose mode.
+.TP
+.BI \-d " level"
+enable debugging messages as defined by the specified
+.IR level .
+.TP
+.BI \-f " slapd.conf"
+specify an alternative
+.BR slapd.conf (5)
+file.
+.TP
+.BI \-F " confdir"
+specify a config directory.
+If both
+.B -f
+and
+.B -F
+are specified, the config file will be read and converted to
+config directory format and written to the specified directory.
+If neither option is specified, an attempt to read the
+default config directory will be made before trying to use the default
+config file. If a valid config directory exists then the
+default config file is ignored.
+.TP
+.BI \-M " mech"
+specify a mechanism.
+.TP
+.BI \-R " realm"
+specify a realm.
+.TP
+.BI \-U " authcID"
+specify an ID to be used as
+.I authcID
+throughout the test session.
+If present, and if no
+.B authzID
+is given, the IDs in the ID list are treated as
+.BR authzID .
+.TP
+.BI \-X " authzID"
+specify an ID to be used as
+.I authzID
+throughout the test session.
+If present, and if no
+.B authcID
+is given, the IDs in the ID list are treated as
+.BR authcID .
+If both
+.I authcID
+and
+.I authzID
+are given via command line switch, the ID list cannot be present.
+.SH EXAMPLES
+The command
+.LP
+.nf
+.ft tt
+ SBINDIR/slapauth -f /ETCDIR/slapd.conf -v \\
+ -U bjorn -X u:bjensen
+
+.ft
+.fi
+tests whether the user
+.I bjorn
+can assume the identity of the user
+.I bjensen
+provided the directives
+.LP
+.nf
+.ft tt
+ authz-policy from
+ authz-regexp "^uid=([^,]+).*,cn=auth$"
+ "ldap:///dc=example,dc=net??sub?uid=$1"
+
+.ft
+.fi
+are defined in
+.BR slapd.conf (5).
+.SH "SEE ALSO"
+.BR ldap (3),
+.BR slapd (8)
+.BR slaptest (8)
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man8/slapcat.8
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man8/slapcat.8 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man8/slapcat.8 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,138 @@
+.TH SLAPCAT 8C "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapcat.8,v 1.19.2.8 2007/01/02 21:43:46 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+slapcat \- SLAPD database to LDIF utility
+.SH SYNOPSIS
+.B SBINDIR/slapcat
+.B [\-v]
+.B [\-c]
+.B [\-g]
+.B [\-d level]
+.B [\-b suffix]
+.B [\-n dbnum]
+.B [\-a filter]
+.B [\-s subtree-dn]
+.B [\-f slapd.conf]
+.B [\-F confdir]
+.B [\-l ldif-file]
+.B
+.LP
+.SH DESCRIPTION
+.LP
+.B Slapcat
+is used to generate an LDAP Directory Interchange Format
+(LDIF) output based upon the contents of a
+.BR slapd (8)
+database.
+It opens the given database determined by the database number or
+suffix and writes the corresponding LDIF to standard output or
+the specified file.
+Databases configured as
+.B subordinate
+of this one are also output, unless \fB-g\fP is specified.
+.LP
+The LDIF generated by this tool is suitable for use with
+.BR slapadd (8).
+As the entries are in database order, not superior first order,
+they cannot be loaded with
+.BR ldapadd (1)
+without first being reordered.
+.SH OPTIONS
+.TP
+.B \-v
+Enable verbose mode.
+.TP
+.B \-c
+Enable continue (ignore errors) mode.
+.TP
+.B \-g
+disable subordinate gluing. Only the specified database will be
+processed, and not its glued subordinates (if any).
+.TP
+.BI \-d " level"
+Enable debugging messages as defined by the specified
+.IR level .
+.TP
+.BI \-b " suffix"
+Use the specified \fIsuffix\fR to determine which database to
+generate output for. The \-b cannot be used in conjunction
+with the
+.B \-n
+option.
+.TP
+.BI \-n " dbnum"
+Generate output for the \fIdbnum\fR\-th database listed in the
+configuration file. The
+.B \-n
+cannot be used in conjunction with the
+.B \-b
+option.
+.TP
+.BI \-a " filter"
+Only dump entries matching the asserted filter.
+For example
+
+slapcat -a \\
+ "(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
+
+will dump all but the "ou=People,dc=example,dc=com" subtree
+of the "dc=example,dc=com" database.
+.TP
+.BI \-s " subtree-dn"
+Only dump entries in the subtree specified by this DN.
+Implies `-b subtree-dn' if no
+.B \-b
+or
+.B \-n
+option is given.
+.TP
+.BI \-f " slapd.conf"
+Specify an alternative
+.BR slapd.conf (5)
+file.
+.TP
+.BI \-F " confdir"
+specify a config directory.
+If both
+.B -f
+and
+.B -F
+are specified, the config file will be read and converted to
+config directory format and written to the specified directory.
+If neither option is specified, an attempt to read the
+default config directory will be made before trying to use the default
+config file. If a valid config directory exists then the
+default config file is ignored.
+.TP
+.BI \-l " ldif-file"
+Write LDIF to specified file instead of standard output.
+.SH LIMITATIONS
+In general, your
+.BR slapd (8)
+should not be running (at least, not in read-write
+mode) when you do this to ensure consistency of the database.
+.SH EXAMPLES
+To make a text backup of your SLAPD database and put it in a file called
+.BR ldif ,
+give the command:
+.LP
+.nf
+.ft tt
+ SBINDIR/slapcat -l ldif
+.ft
+.fi
+.SH "SEE ALSO"
+.BR ldap (3),
+.BR ldif (5),
+.BR slapadd (8),
+.BR ldapadd (1),
+.BR slapd (8)
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man8/slapd.8
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man8/slapd.8 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man8/slapd.8 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,281 @@
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapd.8,v 1.53.2.9 2007/01/02 21:43:46 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.TH SLAPD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
+.SH NAME
+slapd \- Stand-alone LDAP Daemon
+.SH SYNOPSIS
+.B LIBEXECDIR/slapd
+.B [\-[4|6]]
+.B [\-T {acl|add|auth|cat|dn|index|passwd|test}]
+.B [\-d debug\-level]
+.B [\-f slapd\-config\-file]
+.B [\-F slapd\-config\-directory]
+.B [\-h URLs]
+.B [\-n service\-name] [\-s syslog\-level] [\-l syslog\-local\-user]
+.B [\-r directory]
+.B [\-u user] [\-g group]
+.B [\-c cookie]
+.SH DESCRIPTION
+.LP
+.B Slapd
+is the stand-alone LDAP daemon. It listens for LDAP connections on
+any number of ports (default 389), responding
+to the LDAP operations it receives over these connections.
+.B slapd
+is typically invoked at boot time, usually out of
+.BR /etc/rc.local .
+Upon startup,
+.B slapd
+normally forks and disassociates itself from the invoking tty.
+If configured in the config file (or config directory),
+the
+.B slapd
+process will print its process ID (see
+.BR getpid (2))
+to a
+.B .pid
+file, as well as the command line options during invocation to an
+.B .args
+file (see
+.BR slapd.conf (5)).
+If the
+.B \-d
+flag is given, even with a zero argument,
+.B slapd
+will not fork and disassociate from the invoking tty.
+.LP
+.B Slapd
+can be configured to provide replicated service for a database with
+the help of
+.BR slurpd ,
+the standalone LDAP update replication daemon.
+See
+.BR slurpd (8)
+for details.
+.LP
+See the "OpenLDAP Administrator's Guide" for more details on
+.BR slapd .
+.SH OPTIONS
+.TP
+.B \-4
+Listen on IPv4 addresses only.
+.TP
+.B \-6
+Listen on IPv6 addresses only.
+.TP
+.B \-T {a|c|d|i|p|t|acl|auth}
+Run in Tool mode. The additional argument selects whether to run as
+slapadd, slapcat, slapdn, slapindex, slappasswd, or slaptest
+(slapacl and slapauth need the entire "\fIacl\fP" and "\fIauth\fP"
+option value to be spelled out, as "\fIa\fP" is reserved to
+.BR slapadd ).
+This option should be the first option specified when it is used;
+any remaining options will be interpreted by the corresponding
+slap tool program, according to the respective man pages.
+Note that these tool programs will usually be symbolic links to slapd.
+This option is provided for situations where symbolic links
+are not provided or not usable.
+.TP
+.BI \-d " debug\-level"
+Turn on debugging as defined by
+.I debug\-level.
+If this option is specified, even with a zero argument,
+.B slapd
+will not fork or disassociate from the invoking terminal. Some general
+operation and status messages are printed for any value of \fIdebug\-level\fP.
+\fIdebug\-level\fP is taken as a bit string, with each bit corresponding to a
+different kind of debugging information. See <ldap_log.h> for details.
+Remember that if you turn on packet logging, packets containing bind passwords
+will be output, so if you redirect the log to a logfile, that file should
+be read-protected.
+.TP
+.BI \-s " syslog\-level"
+This option tells
+.B slapd
+at what level debugging statements should be logged to the
+.BR syslog (8)
+facility.
+.TP
+.BI \-n " service\-name"
+Specifies the service name for logging and other purposes. Defaults
+to basename of argv[0], i.e.: "slapd".
+.TP
+.BI \-l " syslog\-local\-user"
+Selects the local user of the
+.BR syslog (8)
+facility. Value can be
+.BR LOCAL0 ,
+through
+.BR LOCAL7 ,
+as well as
+.B USER
+and
+.BR DAEMON .
+The default is
+.BR LOCAL4 .
+However, this option is only permitted on systems that support
+local users with the
+.BR syslog (8)
+facility.
+.TP
+.BI \-f " slapd\-config\-file"
+Specifies the slapd configuration file. The default is
+.BR ETCDIR/slapd.conf .
+.TP
+.BI \-F " slapd\-config\-directory"
+Specifies the slapd configuration directory. The default is
+.BR ETCDIR/slapd.d .
+If both
+.B -f
+and
+.B -F
+are specified, the config file will be read and converted to
+config directory format and written to the specified directory.
+If neither option is specified, slapd will attempt to read the
+default config directory before trying to use the default
+config file. If a valid config directory exists then the
+default config file is ignored. All of the slap tools that
+use the config options observe this same behavior.
+.TP
+.BI \-h " URLlist"
+.B slapd
+will by default serve
+.B ldap:///
+(LDAP over TCP on all interfaces on default LDAP port). That is,
+it will bind using INADDR_ANY and port 389.
+The
+.B \-h
+option may be used to specify LDAP (and other scheme) URLs to serve.
+For example, if slapd is given
+.BR "\-h \(dqldap://127.0.0.1:9009/ ldaps:/// ldapi:///\(dq" ,
+it will listen on 127.0.0.1:9009 for LDAP, 0.0.0.0:636 for LDAP over TLS,
+and LDAP over IPC (Unix domain sockets). Host 0.0.0.0 represents
+INADDR_ANY (any interface).
+A space separated list of URLs is expected. The URLs should be of
+the LDAP, LDAPS, or LDAPI schemes, and generally
+without a DN or other optional parameters (excepting as discussed below).
+Support for the latter two schemes depends on selected configuration
+options. Hosts may be specified by name or IPv4 and IPv6 address formats.
+Ports, if specified, must be numeric. The default ldap:// port is 389
+and the default ldaps:// port is 636.
+
+The listener permissions are indicated by
+"x-mod=-rwxrwxrwx", "x-mod=0777" or "x-mod=777", where any
+of the "rwx" can be "-" to suppress the related permission, while any
+of the "7" can be any legal octal digit, according to chmod(1).
+The listeners can take advantage of the "x-mod"
+extension to apply rough limitations to operations, e.g. allow read operations
+("r", which applies to search and compare), write operations ("w",
+which applies to add, delete, modify and modrdn), and execute operations
+("x", which means bind is required).
+"User" permissions apply to authenticated users, while "other" apply
+to anonymous users; "group" permissions are ignored.
+For example, "ldap:///????x-mod=-rw-------" means that read and write is only allowed
+for authenticated connections, and bind is required for all operations.
+This feature is experimental, and requires to be manually enabled
+at configure time.
+.TP
+.BI \-r " directory"
+Specifies a directory to become the root directory. slapd will
+change the current working directory to this directory and
+then
+.BR chroot (2)
+to this directory. This is done after opening listeners but before
+reading any configuration file or initializing any backend. When
+used as a security mechanism, it should be used in conjunction with
+.B -u
+and
+.B -g
+options.
+.TP
+.BI \-u " user"
+.B slapd
+will run slapd with the specified user name or id, and that user's
+supplementary group access list as set with initgroups(3). The group ID
+is also changed to this user's gid, unless the -g option is used to
+override. Note when used with
+.BR -r ,
+slapd will use the user database in the change root environment.
+
+Note that on some systems, running as a non-privileged user will prevent
+passwd back-ends from accessing the encrypted passwords. Note also that
+any shell back-ends will run as the specified non-privileged user.
+.TP
+.BI \-g " group"
+.B slapd
+will run with the specified group name or id. Note when used with
+.BR -r ,
+slapd will use the group database in the change root environment.
+.TP
+.BI \-c " cookie"
+This option provides a cookie for the syncrepl replication consumer.
+The cookie is a comma separated list of name=value pairs.
+Currently supported syncrepl cookie fields are
+.B rid
+and
+.B csn.
+.B rid
+identifies a replication thread within the consumer server
+and is used to find the syncrepl specification in
+.BR slapd.conf (5)
+having the matching replication identifier in its definition. The
+.B rid
+must be provided in order for any other specified values to be used.
+.B csn
+is the commit sequence number received by a previous synchronization
+and represents the state of the consumer replica content which the
+syncrepl engine will synchronize to the current provider content.
+.SH EXAMPLES
+To start
+.I slapd
+and have it fork and detach from the terminal and start serving
+the LDAP databases defined in the default config file, just type:
+.LP
+.nf
+.ft tt
+ LIBEXECDIR/slapd
+.ft
+.fi
+.LP
+To start
+.B slapd
+with an alternate configuration file, and turn
+on voluminous debugging which will be printed on standard error, type:
+.LP
+.nf
+.ft tt
+ LIBEXECDIR/slapd -f /var/tmp/slapd.conf -d 255
+.ft
+.fi
+.LP
+To test whether the configuration file is correct or not, type:
+.LP
+.nf
+.ft tt
+ LIBEXECDIR/slapd -Tt
+.ft
+.fi
+.LP
+.SH "SEE ALSO"
+.BR ldap (3),
+.BR slapd.conf (5),
+.BR slapd.access (5),
+.BR slapacl (8),
+.BR slapadd (8),
+.BR slapauth (8),
+.BR slapcat (8),
+.BR slapdn (8),
+.BR slapindex (8),
+.BR slappasswd (8),
+.BR slaptest (8),
+.BR slurpd (8)
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH BUGS
+See http://www.openldap.org/its/
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man8/slapdn.8
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man8/slapdn.8 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man8/slapdn.8 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,86 @@
+.TH SLAPDN 8C "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+slapdn \- Check a list of string-represented DNs based on schema syntax.
+.SH SYNOPSIS
+.B SBINDIR/slapdn
+.B [\-v]
+.B [\-d level]
+.B [\-f slapd.conf]
+.B [\-F confdir]
+.B [\-N | \-P]
+.B DN [...]
+.LP
+.SH DESCRIPTION
+.LP
+.B Slapdn
+is used to check the conformance of a DN based on the schema
+defined in
+.BR slapd (8)
+and that loaded via
+.BR slapd.conf (5).
+It opens the
+.BR slapd.conf (5)
+configuration file, reads in the schema definitions, and then
+parses the
+.B DN
+list given on the command-line.
+.LP
+.SH OPTIONS
+.TP
+.B \-v
+enable verbose mode.
+.TP
+.BI \-d " level"
+enable debugging messages as defined by the specified
+.IR level .
+.TP
+.BI \-f " slapd.conf"
+specify an alternative
+.BR slapd.conf (5)
+file.
+.TP
+.BI \-F " confdir"
+specify a config directory.
+If both
+.B -f
+and
+.B -F
+are specified, the config file will be read and converted to
+config directory format and written to the specified directory.
+If neither option is specified, an attempt to read the
+default config directory will be made before trying to use the default
+config file. If a valid config directory exists then the
+default config file is ignored.
+.TP
+.BI \-N
+only output a normalized form of the DN, suitable to be used
+in a normalization tool; incompatible with
+.BR \-P .
+.TP
+.BI \-P
+only output a prettified form of the DN, suitable to be used
+in a check and beautification tool; incompatible with
+.BR \-N .
+.SH EXAMPLES
+To check a
+.B DN
+give the command:
+.LP
+.nf
+.ft tt
+ SBINDIR/slapdn -f /ETCDIR/slapd.conf -v DN
+.ft
+.fi
+.SH "SEE ALSO"
+.BR ldap (3),
+.BR slapd (8)
+.BR slaptest (8)
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man8/slapindex.8
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man8/slapindex.8 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man8/slapindex.8 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,115 @@
+.TH SLAPINDEX 8C "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapindex.8,v 1.10.2.10 2007/01/02 21:43:46 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+slapindex \- SLAPD index to LDIF utility
+.SH SYNOPSIS
+.B SBINDIR/slapindex
+.B [\-v]
+.B [\-c]
+.B [\-g]
+.B [\-q]
+.B [\-d level]
+.B [\-b suffix]
+.B [\-n dbnum]
+.B [\-f slapd.conf]
+.B [\-F confdir]
+.B
+.LP
+.SH DESCRIPTION
+.LP
+.B Slapindex
+is used to regenerate
+.BR slapd (8)
+indices based upon the current contents of a database.
+It opens the given database determined by the database number or
+suffix and updates the indices for all values of all attributes
+of all entries.
+Databases configured as
+.B subordinate
+of this one are also re-indexed, unless \fB-g\fP is specified.
+.SH OPTIONS
+.TP
+.B \-v
+enable verbose mode.
+.TP
+.B \-c
+enable continue (ignore errors) mode.
+.TP
+.B \-g
+disable subordinate gluing. Only the specified database will be
+processed, and not its glued subordinates (if any).
+.TP
+.B \-q
+enable quick (fewer integrity checks) mode. Performs no consistency checks
+when writing the database. Improves indexing time,
+.B however
+the database will most likely be unusable if any errors or
+interruptions occur.
+.TP
+.BI \-d " level"
+enable debugging messages as defined by the specified
+.IR level .
+.TP
+.BI \-b " suffix"
+Use the specified \fIsuffix\fR to determine which database to
+generate output for. The \-b cannot be used in conjunction
+with the
+.B \-n
+option.
+.TP
+.BI \-n " dbnum"
+Generate output for the \fIdbnum\fR\-th database listed in the
+configuration file. The
+.B \-n
+cannot be used in conjunction with the
+.B \-b
+option.
+.TP
+.BI \-f " slapd.conf"
+specify an alternative
+.BR slapd.conf (5)
+file.
+.TP
+.BI \-F " confdir"
+specify a config directory.
+If both
+.B -f
+and
+.B -F
+are specified, the config file will be read and converted to
+config directory format and written to the specified directory.
+If neither option is specified, an attempt to read the
+default config directory will be made before trying to use the default
+config file. If a valid config directory exists then the
+default config file is ignored.
+.SH LIMITATIONS
+Your
+.BR slapd (8)
+should not be running (at least, not in read-write
+mode) when you do this to ensure consistency of the database.
+.LP
+This command provides ample opportunity for the user to obtain
+and drink their favorite beverage.
+.SH EXAMPLES
+To reindex your SLAPD database, give the command:
+.LP
+.nf
+.ft tt
+ SBINDIR/slapindex
+.ft
+.fi
+.SH "SEE ALSO"
+.BR ldap (3),
+.BR ldif (5),
+.BR slapadd (8),
+.BR ldapadd (1),
+.BR slapd (8)
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man8/slappasswd.8
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man8/slappasswd.8 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man8/slappasswd.8 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,135 @@
+.TH SLAPPASSWD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slappasswd.8,v 1.18.2.3 2007/01/02 21:43:46 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+slappasswd \- OpenLDAP password utility
+.SH SYNOPSIS
+.B SBINDIR/slappasswd
+.B [\-v]
+.B [\-u]
+.B [\-s secret|\-T file]
+.B [\-h hash]
+.B [\-c salt-format]
+.B
+.LP
+.SH DESCRIPTION
+.LP
+.B Slappasswd
+is used to generate an userPassword value
+suitable for use with
+.BR ldapmodify (1)
+or
+.BR slapd.conf (5)
+.I rootpw
+configuration directive.
+.SH OPTIONS
+.TP
+.B \-v
+enable verbose mode.
+.TP
+.B \-u
+Generate RFC 2307 userPassword values (the default). Future
+versions of this program may generate alternative syntaxes
+by default. This option is provided for forward compatibility.
+.TP
+.BI \-s " secret"
+The secret to hash.
+If this and
+.B \-T
+are absent, the user will be prompted for the secret to hash.
+.B \-s
+and
+.B \-T
+and mutually exclusive flags.
+.TP
+.BI \-T " file"
+Hash the contents of the file.
+If this and
+.B \-s
+are absent, the user will be prompted for the secret to hash.
+.B \-s
+and
+.B \-T
+and mutually exclusive flags.
+.TP
+.BI \-h " scheme"
+If -h is specified, one of the following RFC 2307 schemes may
+be specified:
+.IR {CRYPT} ,
+.IR {MD5} ,
+.IR {SMD5} ,
+.IR {SSHA} ", and"
+.IR {SHA} .
+The default is
+.IR {SSHA} .
+
+Note that scheme names may need to be protected, due to
+.B {
+and
+.BR } ,
+from expansion by the user's command interpreter.
+
+.B {SHA}
+and
+.B {SSHA}
+use the SHA-1 algorithm (FIPS 160-1), the latter with a seed.
+
+.B {MD5}
+and
+.B {SMD5}
+use the MD5 algorithm (RFC 1321), the latter with a seed.
+
+.B {CRYPT}
+uses the
+.BR crypt (3).
+
+.B {CLEARTEXT}
+indicates that the new password should be added to userPassword as
+clear text.
+.TP
+.BI \-c " crypt-salt-format"
+Specify the format of the salt passed to
+.BR crypt (3)
+when generating {CRYPT} passwords.
+This string needs to be in
+.BR sprintf (3)
+format and may include one (and only one) %s conversion.
+This conversion will be substituted with a string random
+characters from [A\-Za\-z0\-9./]. For example, '%.2s'
+provides a two character salt and '$1$%.8s' tells some
+versions of crypt(3) to use an MD5 algorithm and provides
+8 random characters of salt. The default is '%s', which
+provides 31 characters of salt.
+.SH LIMITATIONS
+The practice storing hashed passwords in userPassword violates
+Standard Track (RFC 2256) schema specifications and may hinder
+interoperability. A new attribute type, authPassword, to hold
+hashed passwords has been defined (RFC 3112), but is not yet
+implemented in
+.BR slapd (8).
+.TP
+It should also be noted that the behavior of
+.BR crypt (3)
+is platform specific.
+.SH "SECURITY CONSIDERATIONS"
+Use of hashed passwords does not protect passwords during
+protocol transfer. TLS or other eavesdropping protections
+should be in\-place before using LDAP simple bind.
+.TP
+The hashed password values should be protected as if they
+were clear text passwords.
+.SH "SEE ALSO"
+.BR ldappasswd (1),
+.BR ldapmodify (1),
+.BR slapd (8)
+.BR slapd.conf (5)
+.B RFC 2307
+.B RFC 2256
+.B RFC 3112
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+OpenLDAP is developed and maintained by
+The OpenLDAP Project (http://www.openldap.org/).
+OpenLDAP is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man8/slaptest.8
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man8/slaptest.8 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man8/slaptest.8 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,76 @@
+.TH SLAPTEST 8C "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+slaptest \- Check the suitability of the slapd.conf file.
+.SH SYNOPSIS
+.B SBINDIR/slaptest
+.B [\-d level]
+.B [\-f slapd.conf]
+.B [\-F confdir]
+.B [\-u]
+.B [\-v]
+.LP
+.SH DESCRIPTION
+.LP
+.B Slaptest
+is used to check the conformance of the
+.BR slapd.conf (5)
+configuration file.
+It opens the
+.BR slapd.conf (5)
+configuration file, and parses it according to the general
+and the backend-specific rules, checking its sanity.
+.LP
+.SH OPTIONS
+.TP
+.BI \-d " level"
+enable debugging messages as defined by the specified
+.IR level .
+.TP
+.BI \-f " slapd.conf"
+specify an alternative
+.BR slapd.conf (5)
+file.
+.TP
+.BI \-F " confdir"
+specify a config directory.
+If both
+.B -f
+and
+.B -F
+are specified, the config file will be read and converted to
+config directory format and written to the specified directory.
+If neither option is specified, slaptest will attempt to read the
+default config directory before trying to use the default
+config file. If a valid config directory exists then the
+default config file is ignored. If dryrun mode is also specified,
+no conversion will occur.
+.TP
+.B \-u
+enable dryrun mode (i.e. don't fail if databases cannot be opened,
+but config is fine).
+.TP
+.B \-v
+enable verbose mode.
+.SH EXAMPLES
+To check a
+.BR slapd.conf (5)
+give the command:
+.LP
+.nf
+.ft tt
+ SBINDIR/slaptest -f /ETCDIR/slapd.conf -v
+.ft
+.fi
+.SH "SEE ALSO"
+.BR ldap (3),
+.BR slapd (8)
+.BR slapdn (8)
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/doc/man/man8/slurpd.8
===================================================================
--- openldap/vendor/openldap-2.3.35/doc/man/man8/slurpd.8 (rev 0)
+++ openldap/vendor/openldap-2.3.35/doc/man/man8/slurpd.8 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,163 @@
+.TH SLURPD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slurpd.8,v 1.17.2.5 2007/01/02 21:43:46 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+slurpd \- Standalone LDAP Update Replication Daemon
+.SH SYNOPSIS
+.B LIBEXECDIR/slurpd [\-d debug\-level]
+.B [\-f slapd\-config\-file] [\-r slapd\-replog\-file]
+.B [\-t temp\-dir] [\-o]
+.B
+.SH DESCRIPTION
+.LP
+.B Slurpd
+is used to propagate changes from one slapd database to another. If
+slapd is configured to produce a replication log,
+.B slurpd
+reads that
+replication log and sends the changes to the slave
+.B slapd
+instances
+via the LDAP protocol.
+.B slurpd
+is typically invoked at boot time, usually out of
+.BR /etc/rc.local .
+.LP
+Upon startup,
+.B slurpd
+normally forks and disassociates itself from the invoking tty,
+then reads the replication log (given either by the
+.I replogfile
+directive in the
+.B slapd
+config file, or by the
+.RB \- r
+command-line option).
+If the replication log file does not exist or is empty,
+.B slurpd
+goes to sleep. It periodically wakes up and checks to see if there
+are any changes to be propagated.
+.LP
+When
+.B slurpd
+notices that there are changes to propagate to slave
+.B slapd
+instances, it locks the replication log, makes its own private copy,
+releases the lock, and forks one copy of itself for each replica
+.B slapd
+to be updated. Each child process binds to the slave
+.B slapd
+as the
+DN given by the
+.I binddn
+option to the
+.I replica
+directive in the
+.B slapd
+config file, and sends the changes.
+.LP
+See
+.BR slapd (8)
+for details on the standalone LDAP daemon.
+.LP
+Note that slurpd reads
+.B replication
+directive from
+.BR slapd.conf (5),
+but uses
+.BR ldap.conf (5)
+to obtain other configuration settings (such as TLS settings).
+.SH OPTIONS
+.TP
+.BI \-d " debug\-level"
+Turn on debugging as defined by
+.I debug\-level.
+If this option is specified, even with a zero argument,
+.B slurpd
+will not fork or disassociate from the invoking terminal. Some general
+operation and status messages are printed for any value of \fIdebug\-level\fP.
+\fIdebug\-level\fP is taken as a bit string, with each bit corresponding to a
+different kind of debugging information. See <ldap.h> for details.
+.TP
+.BI \-f " slapd\-config\-file"
+Specifies the slapd configuration file. The default is
+.BR ETCDIR/slapd.conf .
+.TP
+.BI \-r " slapd\-replog\-file"
+Specifies the name of the
+.B slapd
+replication logfile. Normally, the name
+of the replication log file is read from the
+.B slapd
+configuration file. The file should be located in a directory
+with limited read/write/execute access.
+The
+.B \-r
+option allows you to override this. In conjunction with the
+.B \-o
+option, you can process a replication log file in a "one\-shot" mode. For
+example, if
+.B slurpd
+has encountered errors in processing a replication log,
+you can run it in one\-shot mode and give the rejection file name as
+the argument to the \-r option, once you've resolved the problem which caused
+the replication to fail.
+.TP
+.B \-o
+Run in "one\-shot" mode. Normally,
+.B slurpd
+processes the replog file
+and then watches for more replication entries to be appended. In
+one\-shot mode,
+.B slurpd
+processes a replication log and exits.
+.TP
+.BI \-t " temp\-dir"
+.B slurpd
+copies the replication log to a working directory before processing it.
+The directory permissions should limit read/write/execute access as
+temporary files may contain sensitive information.
+This option allows you to specify the location of these temporary files.
+The default is
+.BR LOCALSTATEDIR/openldap-slurp .
+.SH EXAMPLES
+To start
+.I slurpd
+and have it fork and detach from the terminal and process
+the replication logs generated by
+.I slapd,
+just type:
+.LP
+.nf
+.ft tt
+ LIBEXECDIR/slurpd
+.ft
+.fi
+.LP
+To start
+.I slurpd
+with an alternate
+.I slapd
+configuration file, and turn
+on voluminous debugging which will be printed on standard error, type:
+.LP
+.nf
+.ft tt
+ LIBEXECDIR/slurpd -f ETCDIR/slapd.conf -d 255
+.ft
+.fi
+.LP
+.SH "SEE ALSO"
+.BR ldap (3),
+.BR ldap.conf (5),
+.BR slapd.conf (5),
+.BR slapd.replog (5),
+.BR slapd (8)
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Added: openldap/vendor/openldap-2.3.35/include/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/include/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,80 @@
+# include Makefile.in for OpenLDAP
+# $OpenLDAP: pkg/ldap/include/Makefile.in,v 1.30.2.4 2007/01/02 21:43:46 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+all-local: ldap_config.h FORCE
+
+install-local: FORCE
+ -$(MKDIR) $(DESTDIR)$(includedir)
+ for header in $(srcdir)/lber.h lber_types.h \
+ $(srcdir)/ldap.h $(srcdir)/ldap_cdefs.h \
+ $(srcdir)/ldap_schema.h $(srcdir)/ldap_utf8.h \
+ $(srcdir)/slapi-plugin.h ldap_features.h; \
+ do \
+ $(INSTALL) $(INSTALLFLAGS) -m 644 $$header $(DESTDIR)$(includedir); \
+ done
+
+clean-local: FORCE
+ $(RM) ldap_config.h
+
+veryclean-local: clean-local FORCE
+ $(RM) portable.h lber_types.h ldap_features.h
+
+depend-local: ldap_config.h FORCE
+
+LDAP_CONFIG=$(srcdir)/ldap_config.hin
+
+ldap_config.h: $(LDAP_CONFIG) Makefile
+ @$(RM) $@
+ @echo "Making $@"
+ @echo "/* Generated from $(LDAP_CONFIG) on `date` */" > $@; \
+ if test $(PLAT) = NT; then \
+ sysconfdir=`cygpath -w $(sysconfdir) | \
+ $(SED) -e 's/\\\\/\\\\\\\\\\\\\\\\/g'`; \
+ datadir=`cygpath -w $(datadir) | \
+ $(SED) -e 's/\\\\/\\\\\\\\\\\\\\\\/g'`; \
+ bindir=`cygpath -w $(bindir) | \
+ $(SED) -e 's/\\\\/\\\\\\\\\\\\\\\\/g'`; \
+ sbindir=`cygpath -w $(sbindir) | \
+ $(SED) -e 's/\\\\/\\\\\\\\\\\\\\\\/g'`; \
+ libexecdir=`cygpath -w $(libexecdir) | \
+ $(SED) -e 's/\\\\/\\\\\\\\\\\\\\\\/g'`; \
+ localstatedir=`cygpath -w $(localstatedir) | \
+ $(SED) -e 's/\\\\/\\\\\\\\\\\\\\\\/g'`; \
+ else \
+ sysconfdir=$(sysconfdir); \
+ datadir=$(datadir); \
+ bindir=$(bindir); \
+ sbindir=$(sbindir); \
+ libexecdir=$(libexecdir); \
+ localstatedir=$(localstatedir); \
+ localedir=$(localedir); \
+ fi; \
+ $(SED) \
+ -e "s;%SYSCONFDIR%;$$sysconfdir;" \
+ -e "s;%DATADIR%;$$datadir;" \
+ -e "s;%BINDIR%;$$bindir;" \
+ -e "s;%SBINDIR%;$$sbindir;" \
+ -e "s;%LIBEXECDIR%;$$libexecdir;" \
+ -e "s;%RUNDIR%;$$localstatedir;" \
+ -e "s;%LOCALEDIR%;$$localedir;" \
+ $(LDAP_CONFIG) >> $@; \
+ $(CHMOD) 444 $@
+
+all-common: all-local
+install-common: all-common install-local
+clean-common: clean-local
+veryclean-common: veryclean-local
+depend-common: depend-local
+
Added: openldap/vendor/openldap-2.3.35/include/ac/alloca.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/alloca.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/alloca.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,43 @@
+/* Generic alloca.h */
+/* $OpenLDAP: pkg/ldap/include/ac/alloca.h,v 1.16.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_ALLOCA_H
+#define _AC_ALLOCA_H
+
+/*
+ * use of alloca is disallowed as it is machine dependent
+ */
+#error "alloca() not supported, use malloc()"
+
+/* AIX requires this to be the first thing in the file. */
+#ifdef __GNUC__
+# define alloca __builtin_alloca
+#else
+# if HAVE_ALLOCA_H
+# include <alloca.h>
+# else
+# ifdef _AIX
+#pragma alloca
+# else
+# ifndef alloca /* predefined by HP cc +Olibcalls */
+extern char *(alloca)();
+# endif
+# endif
+# endif
+#endif
+
+
+#endif /* _AC_ALLOCA_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/assert.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/assert.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/assert.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,57 @@
+/* Generic assert.h */
+/* $OpenLDAP: pkg/ldap/include/ac/assert.h,v 1.19.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_ASSERT_H
+#define _AC_ASSERT_H
+
+#undef assert
+
+#ifdef LDAP_DEBUG
+
+#if defined( HAVE_ASSERT_H ) || defined( STDC_HEADERS )
+
+#undef NDEBUG
+#include <assert.h>
+
+#else /* !(HAVE_ASSERT_H || STDC_HEADERS) */
+
+#define LDAP_NEED_ASSERT 1
+
+/*
+ * no assert()... must be a very old compiler.
+ * create a replacement and hope it works
+ */
+
+LBER_F (void) ber_pvt_assert LDAP_P(( const char *file, int line,
+ const char *test ));
+
+/* Can't use LDAP_STRING(test), that'd expand to "test" */
+#if defined(__STDC__) || defined(__cplusplus)
+#define assert(test) \
+ ((test) ? (void)0 : ber_pvt_assert( __FILE__, __LINE__, #test ) )
+#else
+#define assert(test) \
+ ((test) ? (void)0 : ber_pvt_assert( __FILE__, __LINE__, "test" ) )
+#endif
+
+#endif /* (HAVE_ASSERT_H || STDC_HEADERS) */
+
+#else /* !LDAP_DEBUG */
+/* no asserts */
+#define assert(test) ((void)0)
+#endif /* LDAP_DEBUG */
+
+#endif /* _AC_ASSERT_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/bytes.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/bytes.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/bytes.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,78 @@
+/* Generic bytes.h */
+/* $OpenLDAP: pkg/ldap/include/ac/bytes.h,v 1.18.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_BYTES_H
+#define _AC_BYTES_H
+
+/* cross compilers should define both AC_INT{2,4}_TYPE in CPPFLAGS */
+
+#if !defined( AC_INT4_TYPE )
+ /* use autoconf defines to provide sized typedefs */
+# if SIZEOF_LONG == 4
+# define AC_INT4_TYPE long
+# elif SIZEOF_INT == 4
+# define AC_INT4_TYPE int
+# elif SIZEOF_SHORT == 4
+# define AC_INT4_TYPE short
+# else
+# error "AC_INT4_TYPE?"
+# endif
+#endif
+
+typedef AC_INT4_TYPE ac_int4;
+typedef signed AC_INT4_TYPE ac_sint4;
+typedef unsigned AC_INT4_TYPE ac_uint4;
+
+#if !defined( AC_INT2_TYPE )
+# if SIZEOF_SHORT == 2
+# define AC_INT2_TYPE short
+# elif SIZEOF_INT == 2
+# define AC_INT2_TYPE int
+# elif SIZEOF_LONG == 2
+# define AC_INT2_TYPE long
+# else
+# error "AC_INT2_TYPE?"
+# endif
+#endif
+
+#if defined( AC_INT2_TYPE )
+typedef AC_INT2_TYPE ac_int2;
+typedef signed AC_INT2_TYPE ac_sint2;
+typedef unsigned AC_INT2_TYPE ac_uint2;
+#endif
+
+#ifndef BYTE_ORDER
+/* cross compilers should define BYTE_ORDER in CPPFLAGS */
+
+/*
+ * Definitions for byte order, according to byte significance from low
+ * address to high.
+ */
+#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax */
+#define BIG_ENDIAN 4321 /* MSB first: 68000, ibm, net */
+#define PDP_ENDIAN 3412 /* LSB first in word, MSW first in long */
+
+/* assume autoconf's AC_C_BIGENDIAN has been ran */
+/* if it hasn't, we assume (maybe falsely) the order is LITTLE ENDIAN */
+# ifdef WORDS_BIGENDIAN
+# define BYTE_ORDER BIG_ENDIAN
+# else
+# define BYTE_ORDER LITTLE_ENDIAN
+# endif
+
+#endif /* BYTE_ORDER */
+
+#endif /* _AC_BYTES_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/crypt.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/crypt.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/crypt.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,29 @@
+/* Generic crypt.h */
+/* $OpenLDAP: pkg/ldap/include/ac/crypt.h,v 1.8.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_CRYPT_H
+#define _AC_CRYPT_H
+
+#include <ac/unistd.h>
+
+/* crypt() may be defined in a separate include file */
+#if HAVE_CRYPT_H
+# include <crypt.h>
+#else
+ extern char *(crypt)();
+#endif
+
+#endif /* _AC_CRYPT_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/ctype.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/ctype.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/ctype.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,33 @@
+/* Generic ctype.h */
+/* $OpenLDAP: pkg/ldap/include/ac/ctype.h,v 1.14.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_CTYPE_H
+#define _AC_CTYPE_H
+
+#include <ctype.h>
+
+#undef TOUPPER
+#undef TOLOWER
+
+#ifdef C_UPPER_LOWER
+# define TOUPPER(c) (islower(c) ? toupper(c) : (c))
+# define TOLOWER(c) (isupper(c) ? tolower(c) : (c))
+#else
+# define TOUPPER(c) toupper(c)
+# define TOLOWER(c) tolower(c)
+#endif
+
+#endif /* _AC_CTYPE_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/dirent.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/dirent.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/dirent.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,37 @@
+/* Generic dirent.h */
+/* $OpenLDAP: pkg/ldap/include/ac/dirent.h,v 1.12.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_DIRENT_H
+#define _AC_DIRENT_H
+
+#if HAVE_DIRENT_H
+# include <dirent.h>
+# define NAMLEN(dirent) strlen((dirent)->d_name)
+#else
+# define dirent direct
+# define NAMLEN(dirent) (dirent)->d_namlen
+# if HAVE_SYS_NDIR_H
+# include <sys/ndir.h>
+# endif
+# if HAVE_SYS_DIR_H
+# include <sys/dir.h>
+# endif
+# if HAVE_NDIR_H
+# include <ndir.h>
+# endif
+#endif
+
+#endif /* _AC_DIRENT_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/errno.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/errno.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/errno.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,55 @@
+/* Generic errno.h */
+/* $OpenLDAP: pkg/ldap/include/ac/errno.h,v 1.28.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_ERRNO_H
+#define _AC_ERRNO_H
+
+#if defined( HAVE_ERRNO_H )
+# include <errno.h>
+#elif defined( HAVE_SYS_ERRNO_H )
+# include <sys/errno.h>
+#endif
+
+#ifndef HAVE_SYS_ERRLIST
+ /* no sys_errlist */
+# define sys_nerr 0
+# define sys_errlist ((char **)0)
+#elif DECL_SYS_ERRLIST
+ /* have sys_errlist but need declaration */
+ LDAP_LIBC_V(int) sys_nerr;
+ LDAP_LIBC_V(char) *sys_errlist[];
+#endif
+
+#undef _AC_ERRNO_UNKNOWN
+#define _AC_ERRNO_UNKNOWN "unknown error"
+
+#ifdef HAVE_SYS_ERRLIST
+ /* this is thread safe */
+# define STRERROR(e) ( (e) > -1 && (e) < sys_nerr \
+ ? sys_errlist[(e)] : _AC_ERRNO_UNKNOWN )
+
+#elif defined( HAVE_STRERROR )
+ /* this may not be thread safe */
+ /* and, yes, some implementations of strerror may return NULL */
+# define STRERROR(e) ( strerror(e) \
+ ? strerror(e) : _AC_ERRNO_UNKNOWN )
+
+#else
+ /* this is thread safe */
+# define STRERROR(e) ( _AC_ERRNO_UNKNOWN )
+#endif
+
+#endif /* _AC_ERRNO_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/fdset.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/fdset.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/fdset.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,42 @@
+/* redefine FD_SET */
+/* $OpenLDAP: pkg/ldap/include/ac/fdset.h,v 1.3.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * This header is to be included by portable.h to ensure
+ * tweaking of FD_SETSIZE is done early enough to be effective.
+ */
+
+#ifndef _AC_FDSET_H
+#define _AC_FDSET_H
+
+#if !defined( OPENLDAP_FD_SETSIZE ) && !defined( FD_SETSIZE )
+# define OPENLDAP_FD_SETSIZE 4096
+#endif
+
+#ifdef OPENLDAP_FD_SETSIZE
+ /* assume installer desires to enlarge fd_set */
+# ifdef HAVE_BITS_TYPES_H
+# include <bits/types.h>
+# endif
+# ifdef __FD_SETSIZE
+# undef __FD_SETSIZE
+# define __FD_SETSIZE OPENLDAP_FD_SETSIZE
+# else
+# define FD_SETSIZE OPENLDAP_FD_SETSIZE
+# endif
+#endif
+
+#endif /* _AC_FDSET_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/krb.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/krb.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/krb.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,37 @@
+/* Generic krb.h */
+/* $OpenLDAP: pkg/ldap/include/ac/krb.h,v 1.15.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/* Kerberos IV */
+
+#ifndef _AC_KRB_H
+#define _AC_KRB_H
+
+#if defined( HAVE_KRB4 )
+
+#if defined( HAVE_KERBEROSIV_KRB_H )
+#include <kerberosIV/krb.h>
+#elif defined( HAVE_KRB_H )
+#include <krb.h>
+#endif
+
+#if defined( HAVE_KERBEROSIV_DES_H )
+#include <kerberosIV/des.h>
+#elif defined( HAVE_DES_H )
+#include <des.h>
+#endif
+
+#endif /* HAVE_KRB4 */
+#endif /* _AC_KRB_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/krb5.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/krb5.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/krb5.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,26 @@
+/* Generic krb.h */
+/* $OpenLDAP: pkg/ldap/include/ac/krb5.h,v 1.8.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/* Kerberos V */
+
+#ifndef _AC_KRB5_H
+#define _AC_KRB5_H
+
+#if defined( HAVE_KRB5 )
+#include <krb5.h>
+#endif /* HAVE_KRB5 */
+
+#endif /* _AC_KRB5_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/localize.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/localize.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/localize.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,44 @@
+/* localize.h (i18n/l10n) */
+/* $OpenLDAP: pkg/ldap/include/ac/localize.h,v 1.5.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_LOCALIZE_H
+#define _AC_LOCALIZE_H
+
+#ifdef LDAP_LOCALIZE
+
+# include <locale.h>
+# include <libintl.h>
+
+ /* enable i18n/l10n */
+# define gettext_noop(s) s
+# define _(s) gettext(s)
+# define N_(s) gettext_noop(s)
+# define ldap_pvt_setlocale(c,l) ((void) setlocale(c, l))
+# define ldap_pvt_textdomain(d) ((void) textdomain(d))
+# define ldap_pvt_bindtextdomain(p,d) ((void) bindtextdomain(p, d))
+
+#else
+
+ /* disable i18n/l10n */
+# define _(s) s
+# define N_(s) s
+# define ldap_pvt_setlocale(c,l) ((void) 0)
+# define ldap_pvt_textdomain(d) ((void) 0)
+# define ldap_pvt_bindtextdomain(p,d) ((void) 0)
+
+#endif
+
+#endif /* _AC_LOCALIZE_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/param.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/param.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/param.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,36 @@
+/* Generic param.h */
+/* $OpenLDAP: pkg/ldap/include/ac/param.h,v 1.11.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_PARAM_H
+#define _AC_PARAM_H
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifndef MAXPATHLEN
+# if defined(PATH_MAX)
+# define MAXPATHLEN PATH_MAX
+
+# elif defined(_MAX_PATH)
+# define MAXPATHLEN _MAX_PATH
+
+# else
+# define MAXPATHLEN 4096
+# endif
+#endif
+
+#endif /* _AC_PARAM_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/regex.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/regex.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/regex.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,39 @@
+/* Generic Regex */
+/* $OpenLDAP: pkg/ldap/include/ac/regex.h,v 1.15.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_REGEX_H_
+#define _AC_REGEX_H_
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifndef HAVE_REGEX_H
+/* NO POSIX REGEX!!
+ * You'll need to install a POSIX compatible REGEX library.
+ * Either Henry Spencer's or GNU regex will do.
+ */
+#error "No POSIX REGEX available."
+
+#elif HAVE_GNUREGEX_H
+ /* system has GNU gnuregex.h */
+# include <gnuregex.h>
+#else
+ /* have regex.h, assume it's POSIX compliant */
+# include <regex.h>
+#endif /* regex.h */
+
+#endif /* _AC_REGEX_H_ */
Added: openldap/vendor/openldap-2.3.35/include/ac/setproctitle.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/setproctitle.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/setproctitle.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,33 @@
+/* Generic setproctitle.h */
+/* $OpenLDAP: pkg/ldap/include/ac/setproctitle.h,v 1.19.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_SETPROCTITLE_H
+#define _AC_SETPROCTITLE_H
+
+#ifdef LDAP_PROCTITLE
+
+#if defined( HAVE_LIBUTIL_H )
+# include <libutil.h>
+#else
+ /* use lutil version */
+ LDAP_LUTIL_F (void) (setproctitle) LDAP_P((const char *fmt, ...)) \
+ LDAP_GCCATTR((format(printf, 1, 2)));
+ LDAP_LUTIL_V (int) Argc;
+ LDAP_LUTIL_V (char) **Argv;
+#endif
+
+#endif /* LDAP_PROCTITLE */
+#endif /* _AC_SETPROCTITLE_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/signal.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/signal.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/signal.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,80 @@
+/* Generic signal.h */
+/* $OpenLDAP: pkg/ldap/include/ac/signal.h,v 1.23.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_SIGNAL_H
+#define _AC_SIGNAL_H
+
+#include <signal.h>
+
+#undef SIGNAL
+
+#if defined( HAVE_SIGACTION )
+#define SIGNAL lutil_sigaction
+typedef void (*lutil_sig_t)(int);
+LDAP_LUTIL_F(lutil_sig_t) lutil_sigaction( int sig, lutil_sig_t func );
+#define SIGNAL_REINSTALL(sig,act) (void)0
+#elif defined( HAVE_SIGSET )
+#define SIGNAL sigset
+#define SIGNAL_REINSTALL sigset
+#else
+#define SIGNAL signal
+#define SIGNAL_REINSTALL signal
+#endif
+
+#if !defined( LDAP_SIGUSR1 ) || !defined( LDAP_SIGUSR2 )
+#undef LDAP_SIGUSR1
+#undef LDAP_SIGUSR2
+
+# if defined(WINNT) || defined(_WINNT) || defined(_WIN32)
+# define LDAP_SIGUSR1 SIGILL
+# define LDAP_SIGUSR2 SIGTERM
+
+# elif !defined(HAVE_LINUX_THREADS)
+# define LDAP_SIGUSR1 SIGUSR1
+# define LDAP_SIGUSR2 SIGUSR2
+
+# else
+ /*
+ * Some versions of LinuxThreads unfortunately uses the only
+ * two signals reserved for user applications. This forces
+ * OpenLDAP to use other signals reserved for other uses.
+ */
+
+# if defined( SIGSTKFLT )
+# define LDAP_SIGUSR1 SIGSTKFLT
+# elif defined ( SIGSYS )
+# define LDAP_SIGUSR1 SIGSYS
+# endif
+
+# if defined( SIGUNUSED )
+# define LDAP_SIGUSR2 SIGUNUSED
+# elif defined ( SIGINFO )
+# define LDAP_SIGUSR2 SIGINFO
+# elif defined ( SIGEMT )
+# define LDAP_SIGUSR2 SIGEMT
+# endif
+# endif
+#endif
+
+#ifndef LDAP_SIGCHLD
+#ifdef SIGCHLD
+#define LDAP_SIGCHLD SIGCHLD
+#elif SIGCLD
+#define LDAP_SIGCHLD SIGCLD
+#endif
+#endif
+
+#endif /* _AC_SIGNAL_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/socket.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/socket.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/socket.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,235 @@
+/* Generic socket.h */
+/* $OpenLDAP: pkg/ldap/include/ac/socket.h,v 1.65.2.4 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_SOCKET_H_
+#define _AC_SOCKET_H_
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_POLL_H
+#include <poll.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
+
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+#include <netinet/in.h>
+
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+
+#include <netdb.h>
+
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+
+#endif /* HAVE_SYS_SOCKET_H */
+
+#ifdef HAVE_WINSOCK2
+#include <winsock2.h>
+#elif HAVE_WINSOCK
+#include <winsock.h>
+#endif
+
+#ifdef HAVE_PCNFS
+#include <tklib.h>
+#endif /* HAVE_PCNFS */
+
+#ifndef INADDR_LOOPBACK
+#define INADDR_LOOPBACK (0x7f000001UL)
+#endif
+
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN 64
+#endif
+
+#undef sock_errno
+#undef sock_errstr
+#define sock_errno() errno
+#define sock_errstr(e) STRERROR(e)
+#define sock_errset(e) errno = (e)
+
+#ifdef HAVE_WINSOCK
+# define tcp_read( s, buf, len ) recv( s, buf, len, 0 )
+# define tcp_write( s, buf, len ) send( s, buf, len, 0 )
+# define ioctl( s, c, a ) ioctlsocket( (s), (c), (a) )
+# define ioctl_t u_long
+# define AC_SOCKET_INVALID ((unsigned int) ~0)
+
+# ifdef SD_BOTH
+# define tcp_close( s ) (shutdown( s, SD_BOTH ), closesocket( s ))
+# else
+# define tcp_close( s ) closesocket( s )
+# endif
+
+#define EWOULDBLOCK WSAEWOULDBLOCK
+#define EINPROGRESS WSAEINPROGRESS
+#define ETIMEDOUT WSAETIMEDOUT
+
+#undef sock_errno
+#undef sock_errstr
+#undef sock_errset
+#define sock_errno() WSAGetLastError()
+#define sock_errstr(e) ber_pvt_wsa_err2string(e)
+#define sock_errset(e) WSASetLastError(e)
+
+LBER_F( char * ) ber_pvt_wsa_err2string LDAP_P((int));
+
+#elif MACOS
+# define tcp_close( s ) tcpclose( s )
+# define tcp_read( s, buf, len ) tcpread( s, buf, len )
+# define tcp_write( s, buf, len ) tcpwrite( s, buf, len )
+
+#elif DOS
+# ifdef PCNFS
+# define tcp_close( s ) close( s )
+# define tcp_read( s, buf, len ) recv( s, buf, len, 0 )
+# define tcp_write( s, buf, len ) send( s, buf, len, 0 )
+# endif /* PCNFS */
+# ifdef NCSA
+# define tcp_close( s ) do { netclose( s ); netshut() } while(0)
+# define tcp_read( s, buf, len ) nread( s, buf, len )
+# define tcp_write( s, buf, len ) netwrite( s, buf, len )
+# endif /* NCSA */
+
+#elif HAVE_CLOSESOCKET
+# define tcp_close( s ) closesocket( s )
+
+# ifdef __BEOS__
+# define tcp_read( s, buf, len ) recv( s, buf, len, 0 )
+# define tcp_write( s, buf, len ) send( s, buf, len, 0 )
+# endif
+
+#else
+# define tcp_read( s, buf, len) read( s, buf, len )
+# define tcp_write( s, buf, len) write( s, buf, len )
+
+# ifdef SHUT_RDWR
+# define tcp_close( s ) (shutdown( s, SHUT_RDWR ), close( s ))
+# else
+# define tcp_close( s ) close( s )
+# endif
+
+#ifdef HAVE_PIPE
+/*
+ * Only use pipe() on systems where file and socket descriptors
+ * are interchangable
+ */
+# define USE_PIPE HAVE_PIPE
+#endif
+
+#endif /* MACOS */
+
+#ifndef ioctl_t
+# define ioctl_t int
+#endif
+
+#ifndef AC_SOCKET_INVALID
+# define AC_SOCKET_INVALID (-1)
+#endif
+#ifndef AC_SOCKET_ERROR
+# define AC_SOCKET_ERROR (-1)
+#endif
+
+#if !defined( HAVE_INET_ATON ) && !defined( inet_aton )
+# define inet_aton ldap_pvt_inet_aton
+struct in_addr;
+LDAP_F (int) ldap_pvt_inet_aton LDAP_P(( const char *, struct in_addr * ));
+#endif
+
+#if defined(__WIN32) && defined(_ALPHA)
+/* NT on Alpha is hosed. */
+# define AC_HTONL( l ) \
+ ((((l)&0xffU)<<24) + (((l)&0xff00U)<<8) + \
+ (((l)&0xff0000U)>>8) + (((l)&0xff000000U)>>24))
+# define AC_NTOHL(l) AC_HTONL(l)
+
+#else
+# define AC_HTONL( l ) htonl( l )
+# define AC_NTOHL( l ) ntohl( l )
+#endif
+
+/* htons()/ntohs() may be broken much like htonl()/ntohl() */
+#define AC_HTONS( s ) htons( s )
+#define AC_NTOHS( s ) ntohs( s )
+
+#ifdef LDAP_PF_LOCAL
+# if !defined( AF_LOCAL ) && defined( AF_UNIX )
+# define AF_LOCAL AF_UNIX
+# endif
+# if !defined( PF_LOCAL ) && defined( PF_UNIX )
+# define PF_LOCAL PF_UNIX
+# endif
+#endif
+
+#ifndef INET_ADDRSTRLEN
+# define INET_ADDRSTRLEN 16
+#endif
+#ifndef INET6_ADDRSTRLEN
+# define INET6_ADDRSTRLEN 46
+#endif
+
+#if defined( HAVE_GETADDRINFO ) || defined( HAVE_GETNAMEINFO )
+# ifdef HAVE_GAI_STRERROR
+# define AC_GAI_STRERROR(x) (gai_strerror((x)))
+# else
+# define AC_GAI_STRERROR(x) (ldap_pvt_gai_strerror((x)))
+ LDAP_F (char *) ldap_pvt_gai_strerror( int );
+# endif
+#endif
+
+#ifndef HAVE_GETPEEREID
+LDAP_LUTIL_F( int ) getpeereid( int s, uid_t *, gid_t * );
+#endif
+
+/* DNS RFC defines max host name as 255. New systems seem to use 1024 */
+#ifndef NI_MAXHOST
+#define NI_MAXHOST 256
+#endif
+
+#ifdef HAVE_POLL_H
+# ifndef INFTIM
+# define INFTIM (-1)
+# endif
+#undef POLL_OTHER
+#define POLL_OTHER (POLLERR|POLLHUP)
+#undef POLL_READ
+#define POLL_READ (POLLIN|POLLPRI|POLL_OTHER)
+#undef POLL_WRITE
+#define POLL_WRITE (POLLOUT|POLL_OTHER)
+#endif
+
+#endif /* _AC_SOCKET_H_ */
Added: openldap/vendor/openldap-2.3.35/include/ac/stdarg.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/stdarg.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/stdarg.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,28 @@
+/* Generic stdarg.h */
+/* $OpenLDAP: pkg/ldap/include/ac/stdarg.h,v 1.17.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_STDARG_H
+#define _AC_STDARG_H 1
+
+/* require STDC variable argument support */
+
+#include <stdarg.h>
+
+#ifndef HAVE_STDARG
+# define HAVE_STDARG 1
+#endif
+
+#endif /* _AC_STDARG_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/stdlib.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/stdlib.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/stdlib.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,48 @@
+/* Generic stdlib.h */
+/* $OpenLDAP: pkg/ldap/include/ac/stdlib.h,v 1.17.2.4 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_STDLIB_H
+#define _AC_STDLIB_H
+
+#if defined( HAVE_CSRIMALLOC )
+#include <stdio.h>
+#define MALLOC_TRACE
+#include <libmalloc.h>
+#endif
+
+#include <stdlib.h>
+
+/* Ignore malloc.h if we have STDC_HEADERS */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+# include <malloc.h>
+#endif
+
+#ifndef EXIT_SUCCESS
+# define EXIT_SUCCESS 0
+# define EXIT_FAILURE 1
+#endif
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#if defined(LINE_MAX)
+# define AC_LINE_MAX LINE_MAX
+#else
+# define AC_LINE_MAX 2048 /* POSIX MIN */
+#endif
+
+#endif /* _AC_STDLIB_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/string.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/string.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/string.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,119 @@
+/* Generic string.h */
+/* $OpenLDAP: pkg/ldap/include/ac/string.h,v 1.44.2.7 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_STRING_H
+#define _AC_STRING_H
+
+#ifdef STDC_HEADERS
+# include <string.h>
+
+#else
+# ifdef HAVE_STRING_H
+# include <string.h>
+# endif
+# if defined(HAVE_STRINGS_H) && (!defined(HAVE_STRING_H) || defined(BOTH_STRINGS_H))
+# include <strings.h>
+# endif
+
+# ifdef HAVE_MEMORY_H
+# include <memory.h>
+# endif
+
+# ifndef HAVE_STRRCHR
+# undef strchr
+# define strchr index
+# undef strrchr
+# define strrchr rindex
+# endif
+
+# ifndef HAVE_MEMCPY
+# undef memcpy
+# define memcpy(d, s, n) ((void) bcopy ((s), (d), (n)))
+# undef memmove
+# define memmove(d, s, n) ((void) bcopy ((s), (d), (n)))
+# endif
+#endif
+
+/* use ldap_pvt_strtok instead of strtok or strtok_r! */
+LDAP_F(char *) ldap_pvt_strtok LDAP_P(( char *str,
+ const char *delim, char **pos ));
+
+#ifndef HAVE_STRDUP
+ /* strdup() is missing, declare our own version */
+# undef strdup
+# define strdup(s) ber_strdup(s)
+#elif !defined(_WIN32)
+ /* some systems fail to declare strdup */
+ /* Windows does not require this declaration */
+ LDAP_LIBC_F(char *) (strdup)();
+#endif
+
+/*
+ * some systems fail to declare strcasecmp() and strncasecmp()
+ * we need them declared so we can obtain pointers to them
+ */
+
+/* we don't want these declared for Windows or Mingw */
+#ifndef _WIN32
+int (strcasecmp)();
+int (strncasecmp)();
+#endif
+
+#ifndef SAFEMEMCPY
+# if defined( HAVE_MEMMOVE )
+# define SAFEMEMCPY( d, s, n ) memmove((d), (s), (n))
+# elif defined( HAVE_BCOPY )
+# define SAFEMEMCPY( d, s, n ) bcopy((s), (d), (n))
+# else
+ /* nothing left but memcpy() */
+# define SAFEMEMCPY( d, s, n ) memcpy((d), (s), (n))
+# endif
+#endif
+
+#define AC_MEMCPY( d, s, n ) (SAFEMEMCPY((d),(s),(n)))
+#define AC_FMEMCPY( d, s, n ) do { \
+ if((n) == 1) *((char*)(d)) = *((char*)(s)); \
+ else AC_MEMCPY( (d), (s), (n) ); \
+ } while(0)
+
+#ifdef NEED_MEMCMP_REPLACEMENT
+ int (lutil_memcmp)(const void *b1, const void *b2, size_t len);
+#define memcmp lutil_memcmp
+#endif
+
+/* GNU extension (glibc >= 2.1.91), only declared when defined(_GNU_SOURCE) */
+#ifndef HAVE_MEMRCHR
+#undef memrchr
+#define memrchr lutil_memrchr
+#endif /* ! HAVE_MEMRCHR */
+void * memrchr(const void *b, int c, size_t len);
+
+#define STRLENOF(s) (sizeof(s)-1)
+
+#if defined( HAVE_NONPOSIX_STRERROR_R )
+# define AC_STRERROR_R(e,b,l) (strerror_r((e), (b), (l)))
+#elif defined( HAVE_STRERROR_R )
+# define AC_STRERROR_R(e,b,l) (strerror_r((e), (b), (l)) == 0 ? (b) : "Unknown error")
+#elif defined( HAVE_SYS_ERRLIST )
+# define AC_STRERROR_R(e,b,l) ((e) > -1 && (e) < sys_nerr \
+ ? sys_errlist[(e)] : "Unknown error" )
+#elif defined( HAVE_STRERROR )
+# define AC_STRERROR_R(e,b,l) (strerror(e)) /* NOTE: may be NULL */
+#else
+# define AC_STRERROR_R(e,b,l) ("Unknown error")
+#endif
+
+#endif /* _AC_STRING_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/sysexits.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/sysexits.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/sysexits.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,26 @@
+/* Generic sysexits */
+/* $OpenLDAP: pkg/ldap/include/ac/sysexits.h,v 1.10.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_SYSEXITS_H_
+#define _AC_SYSEXITS_H_
+
+#ifdef HAVE_SYSEXITS_H
+# include <sysexits.h>
+#else
+# include <sysexits-compat.h>
+#endif
+
+#endif /* _AC_SYSEXITS_H_ */
Added: openldap/vendor/openldap-2.3.35/include/ac/syslog.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/syslog.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/syslog.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,38 @@
+/* Generic syslog.h */
+/* $OpenLDAP: pkg/ldap/include/ac/syslog.h,v 1.15.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_SYSLOG_H_
+#define _AC_SYSLOG_H_
+
+#if defined( HAVE_SYSLOG_H )
+#include <syslog.h>
+#elif defined ( HAVE_SYS_SYSLOG_H )
+#include <sys/syslog.h>
+#endif
+
+#if defined( LOG_NDELAY ) && defined( LOG_NOWAIT )
+# define OPENLOG_OPTIONS ( LOG_PID | LOG_NDELAY | LOG_NOWAIT )
+#elif defined( LOG_NDELAY )
+# define OPENLOG_OPTIONS ( LOG_PID | LOG_NDELAY )
+#elif defined( LOG_NOWAIT )
+# define OPENLOG_OPTIONS ( LOG_PID | LOG_NOWAIT )
+#elif defined( LOG_PID )
+# define OPENLOG_OPTIONS ( LOG_PID )
+#else
+# define OPENLOG_OPTIONS ( 0 )
+#endif
+
+#endif /* _AC_SYSLOG_H_ */
Added: openldap/vendor/openldap-2.3.35/include/ac/termios.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/termios.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/termios.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,50 @@
+/* Generic termios.h */
+/* $OpenLDAP: pkg/ldap/include/ac/termios.h,v 1.16.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_TERMIOS_H
+#define _AC_TERMIOS_H
+
+#ifdef HAVE_POSIX_TERMIOS
+#include <termios.h>
+
+#ifdef GCWINSZ_IN_SYS_IOCTL
+#include <sys/ioctl.h>
+#endif
+
+#define TERMIO_TYPE struct termios
+#define TERMFLAG_TYPE tcflag_t
+#define GETATTR( fd, tiop ) tcgetattr((fd), (tiop))
+#define SETATTR( fd, tiop ) tcsetattr((fd), TCSANOW /* 0 */, (tiop))
+#define GETFLAGS( tio ) ((tio).c_lflag)
+#define SETFLAGS( tio, flags ) ((tio).c_lflag = (flags))
+
+#elif defined( HAVE_SGTTY_H )
+#include <sgtty.h>
+
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+
+#define TERMIO_TYPE struct sgttyb
+#define TERMFLAG_TYPE int
+#define GETATTR( fd, tiop ) ioctl((fd), TIOCGETP, (caddr_t)(tiop))
+#define SETATTR( fd, tiop ) ioctl((fd), TIOCSETP, (caddr_t)(tiop))
+#define GETFLAGS( tio ) ((tio).sg_flags)
+#define SETFLAGS( tio, flags ) ((tio).sg_flags = (flags))
+
+#endif /* HAVE_SGTTY_H */
+
+#endif /* _AC_TERMIOS_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/time.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/time.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/time.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,32 @@
+/* Generic time.h */
+/* $OpenLDAP: pkg/ldap/include/ac/time.h,v 1.16.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_TIME_H
+#define _AC_TIME_H
+
+#if TIME_WITH_SYS_TIME
+# include <sys/time.h>
+# include <time.h>
+#elif HAVE_SYS_TIME_H
+# include <sys/time.h>
+# ifdef HAVE_SYS_TIMEB_H
+# include <sys/timeb.h>
+# endif
+#else
+# include <time.h>
+#endif
+
+#endif /* _AC_TIME_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/unistd.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/unistd.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/unistd.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,77 @@
+/* Generic unistd.h */
+/* $OpenLDAP: pkg/ldap/include/ac/unistd.h,v 1.35.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_UNISTD_H
+#define _AC_UNISTD_H
+
+#if HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#if HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+
+#if HAVE_PROCESS_H
+# include <process.h>
+#endif
+
+/* note: callers of crypt(3) should include <ac/crypt.h> */
+
+#if defined(HAVE_GETPASSPHRASE)
+LDAP_LIBC_F(char*)(getpassphrase)();
+
+#elif defined(HAVE_GETPASS)
+#define getpassphrase(p) getpass(p)
+LDAP_LIBC_F(char*)(getpass)();
+
+#else
+#define NEED_GETPASSPHRASE 1
+#define getpassphrase(p) lutil_getpass(p)
+LDAP_LUTIL_F(char*)(lutil_getpass) LDAP_P((const char *getpass));
+#endif
+
+/* getopt() defines may be in separate include file */
+#if HAVE_GETOPT_H
+# include <getopt.h>
+
+#elif !defined(HAVE_GETOPT)
+ /* no getopt, assume we need getopt-compat.h */
+# include <getopt-compat.h>
+
+#else
+ /* assume we need to declare these externs */
+ LDAP_LIBC_V (char *) optarg;
+ LDAP_LIBC_V (int) optind, opterr, optopt;
+#endif
+
+/* use lutil file locking */
+#define ldap_lockf(x) lutil_lockf(x)
+#define ldap_unlockf(x) lutil_unlockf(x)
+#include <lutil_lockf.h>
+
+/*
+ * Windows: although sleep() will be resolved by both MSVC and Mingw GCC
+ * linkers, the function is not declared in header files. This is
+ * because Windows' version of the function is called _sleep(), and it
+ * is declared in stdlib.h
+ */
+
+#ifdef _WIN32
+#define sleep _sleep
+#endif
+
+#endif /* _AC_UNISTD_H */
Added: openldap/vendor/openldap-2.3.35/include/ac/wait.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ac/wait.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ac/wait.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,56 @@
+/* Generic wait.h */
+/* $OpenLDAP: pkg/ldap/include/ac/wait.h,v 1.14.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _AC_WAIT_H
+#define _AC_WAIT_H
+
+#include <sys/types.h>
+
+#if HAVE_SYS_WAIT_H
+# include <sys/wait.h>
+#endif
+
+#define LDAP_HI(s) (((s) >> 8) & 0377)
+#define LDAP_LO(s) ((s) & 0377)
+
+/* These should work on non-POSIX UNIX platforms,
+ all bets on off on non-POSIX non-UNIX platforms... */
+#ifndef WIFEXITED
+# define WIFEXITED(s) (LDAP_LO(s) == 0)
+#endif
+#ifndef WEXITSTATUS
+# define WEXITSTATUS(s) LDAP_HI(s)
+#endif
+#ifndef WIFSIGNALED
+# define WIFSIGNALED(s) (LDAP_LO(s) > 0 && LDAP_HI(s) == 0)
+#endif
+#ifndef WTERMSIG
+# define WTERMSIG(s) (LDAP_LO(s) & 0177)
+#endif
+#ifndef WIFSTOPPED
+# define WIFSTOPPED(s) (LDAP_LO(s) == 0177 && LDAP_HI(s) != 0)
+#endif
+#ifndef WSTOPSIG
+# define WSTOPSIG(s) LDAP_HI(s)
+#endif
+
+#ifdef WCONTINUED
+# define WAIT_FLAGS ( WNOHANG | WUNTRACED | WCONTINUED )
+#else
+# define WAIT_FLAGS ( WNOHANG | WUNTRACED )
+#endif
+
+#endif /* _AC_WAIT_H */
Added: openldap/vendor/openldap-2.3.35/include/avl.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/avl.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/avl.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,153 @@
+/* avl.h - avl tree definitions */
+/* $OpenLDAP: pkg/ldap/include/avl.h,v 1.24.2.4 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1993 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+
+#ifndef _AVL
+#define _AVL
+
+#include <ldap_cdefs.h>
+
+/*
+ * this structure represents a generic avl tree node.
+ */
+
+LDAP_BEGIN_DECL
+
+typedef struct avlnode Avlnode;
+
+struct avlnode {
+ void* avl_data;
+ struct avlnode *avl_link[2];
+ char avl_bits[2];
+ signed char avl_bf;
+};
+
+#define avl_left avl_link[0]
+#define avl_right avl_link[1]
+#define avl_lbit avl_bits[0]
+#define avl_rbit avl_bits[1]
+
+#ifdef AVL_INTERNAL
+
+#define NULLAVL ((Avlnode *) NULL)
+
+/* balance factor values */
+#define LH (-1)
+#define EH 0
+#define RH 1
+
+/* thread bits */
+#define AVL_THREAD 0
+#define AVL_CHILD 1
+
+/* avl routines */
+#define avl_getone(x) ((x) == 0 ? 0 : (x)->avl_data)
+#define avl_onenode(x) ((x) == 0 || ((x)->avl_left == 0 && (x)->avl_right == 0))
+
+#endif /* AVL_INTERNALS */
+
+#define avl_child(x,dir) ((x)->avl_bits[dir]) == AVL_CHILD ? \
+ (x)->avl_link[dir] : NULL
+#define avl_lchild(x) avl_child(x,0)
+#define avl_rchild(x) avl_child(x,1)
+
+typedef int (*AVL_APPLY) LDAP_P((void *, void*));
+typedef int (*AVL_CMP) LDAP_P((const void*, const void*));
+typedef int (*AVL_DUP) LDAP_P((void*, void*));
+typedef void (*AVL_FREE) LDAP_P((void*));
+
+LDAP_AVL_F( int )
+avl_free LDAP_P(( Avlnode *root, AVL_FREE dfree ));
+
+LDAP_AVL_F( int )
+avl_insert LDAP_P((Avlnode **, void*, AVL_CMP, AVL_DUP));
+
+LDAP_AVL_F( void* )
+avl_delete LDAP_P((Avlnode **, void*, AVL_CMP));
+
+LDAP_AVL_F( void* )
+avl_find LDAP_P((Avlnode *, const void*, AVL_CMP));
+
+LDAP_AVL_F( Avlnode* )
+avl_find2 LDAP_P((Avlnode *, const void*, AVL_CMP));
+
+LDAP_AVL_F( void* )
+avl_find_lin LDAP_P((Avlnode *, const void*, AVL_CMP));
+
+#ifdef AVL_NONREENTRANT
+LDAP_AVL_F( void* )
+avl_getfirst LDAP_P((Avlnode *));
+
+LDAP_AVL_F( void* )
+avl_getnext LDAP_P((void));
+#endif
+
+LDAP_AVL_F( int )
+avl_dup_error LDAP_P((void*, void*));
+
+LDAP_AVL_F( int )
+avl_dup_ok LDAP_P((void*, void*));
+
+LDAP_AVL_F( int )
+avl_apply LDAP_P((Avlnode *, AVL_APPLY, void*, int, int));
+
+LDAP_AVL_F( int )
+avl_prefixapply LDAP_P((Avlnode *, void*, AVL_CMP, void*, AVL_CMP, void*, int));
+
+LDAP_AVL_F( int )
+tavl_free LDAP_P(( Avlnode *root, AVL_FREE dfree ));
+
+LDAP_AVL_F( int )
+tavl_insert LDAP_P((Avlnode **, void*, AVL_CMP, AVL_DUP));
+
+LDAP_AVL_F( void* )
+tavl_delete LDAP_P((Avlnode **, void*, AVL_CMP));
+
+LDAP_AVL_F( void* )
+tavl_find LDAP_P((Avlnode *, const void*, AVL_CMP));
+
+LDAP_AVL_F( Avlnode* )
+tavl_find2 LDAP_P((Avlnode *, const void*, AVL_CMP));
+
+#define TAVL_DIR_LEFT 0
+#define TAVL_DIR_RIGHT 1
+
+LDAP_AVL_F( Avlnode* )
+tavl_end LDAP_P((Avlnode *, int direction ));
+
+LDAP_AVL_F( Avlnode* )
+tavl_next LDAP_P((Avlnode *, int direction ));
+
+/* apply traversal types */
+#define AVL_PREORDER 1
+#define AVL_INORDER 2
+#define AVL_POSTORDER 3
+/* what apply returns if it ran out of nodes */
+#define AVL_NOMORE (-6)
+
+LDAP_END_DECL
+
+#endif /* _AVL */
Added: openldap/vendor/openldap-2.3.35/include/getopt-compat.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/getopt-compat.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/getopt-compat.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,40 @@
+/* getopt-compat.h -- getopt(3) compatibility header */
+/* $OpenLDAP: pkg/ldap/include/getopt-compat.h,v 1.17.2.3 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * getopt(3) declarations
+ */
+#ifndef _GETOPT_COMPAT_H
+#define _GETOPT_COMPAT_H
+
+#include <ldap_cdefs.h>
+
+LDAP_BEGIN_DECL
+
+/* change symbols to avoid clashing */
+#define optarg lutil_optarg
+#define optind lutil_optind
+#define opterr lutil_opterr
+#define optopt lutil_optopt
+#define getopt lutil_getopt
+
+LDAP_LUTIL_V (char *) optarg;
+LDAP_LUTIL_V (int) optind, opterr, optopt;
+LDAP_LUTIL_F (int) getopt LDAP_P(( int, char * const [], const char *));
+
+LDAP_END_DECL
+
+#endif /* _GETOPT_COMPAT_H */
Added: openldap/vendor/openldap-2.3.35/include/lber.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/lber.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/lber.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,631 @@
+/* $OpenLDAP: pkg/ldap/include/lber.h,v 1.94.2.5 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#ifndef _LBER_H
+#define _LBER_H
+
+#include <lber_types.h>
+#include <string.h>
+
+LDAP_BEGIN_DECL
+
+/* Overview of LBER tag construction
+ *
+ * Bits
+ * ______
+ * 8 7 | CLASS
+ * 0 0 = UNIVERSAL
+ * 0 1 = APPLICATION
+ * 1 0 = CONTEXT-SPECIFIC
+ * 1 1 = PRIVATE
+ * _____
+ * | 6 | DATA-TYPE
+ * 0 = PRIMITIVE
+ * 1 = CONSTRUCTED
+ * ___________
+ * | 5 ... 1 | TAG-NUMBER
+ */
+
+/* BER classes and mask */
+#define LBER_CLASS_UNIVERSAL ((ber_tag_t) 0x00U)
+#define LBER_CLASS_APPLICATION ((ber_tag_t) 0x40U)
+#define LBER_CLASS_CONTEXT ((ber_tag_t) 0x80U)
+#define LBER_CLASS_PRIVATE ((ber_tag_t) 0xc0U)
+#define LBER_CLASS_MASK ((ber_tag_t) 0xc0U)
+
+/* BER encoding type and mask */
+#define LBER_PRIMITIVE ((ber_tag_t) 0x00U)
+#define LBER_CONSTRUCTED ((ber_tag_t) 0x20U)
+#define LBER_ENCODING_MASK ((ber_tag_t) 0x20U)
+
+#define LBER_BIG_TAG_MASK ((ber_tag_t) 0x1fU)
+#define LBER_MORE_TAG_MASK ((ber_tag_t) 0x80U)
+
+/*
+ * Note that LBER_ERROR and LBER_DEFAULT are values that can never appear
+ * as valid BER tags, and so it is safe to use them to report errors. In
+ * fact, any tag for which the following is true is invalid:
+ */
+#define LBER_INVALID(t) (((t) & (ber_tag_t) 0x080UL) \
+ && (((t) & (ber_tag_t) ~ 0x0FF))
+
+#define LBER_ERROR ((ber_tag_t) -1)
+#define LBER_DEFAULT ((ber_tag_t) -1)
+
+/* general BER types we know about */
+#define LBER_BOOLEAN ((ber_tag_t) 0x01UL)
+#define LBER_INTEGER ((ber_tag_t) 0x02UL)
+#define LBER_BITSTRING ((ber_tag_t) 0x03UL)
+#define LBER_OCTETSTRING ((ber_tag_t) 0x04UL)
+#define LBER_NULL ((ber_tag_t) 0x05UL)
+#define LBER_ENUMERATED ((ber_tag_t) 0x0aUL)
+#define LBER_SEQUENCE ((ber_tag_t) 0x30UL) /* constructed */
+#define LBER_SET ((ber_tag_t) 0x31UL) /* constructed */
+
+/* LBER BerElement options */
+#define LBER_USE_DER 0x01
+
+/* get/set options for BerElement */
+#define LBER_OPT_BER_OPTIONS 0x01
+#define LBER_OPT_BER_DEBUG 0x02
+#define LBER_OPT_BER_REMAINING_BYTES 0x03
+#define LBER_OPT_BER_TOTAL_BYTES 0x04
+#define LBER_OPT_BER_BYTES_TO_WRITE 0x05
+#define LBER_OPT_BER_MEMCTX 0x06
+
+#define LBER_OPT_DEBUG_LEVEL LBER_OPT_BER_DEBUG
+#define LBER_OPT_REMAINING_BYTES LBER_OPT_BER_REMAINING_BYTES
+#define LBER_OPT_TOTAL_BYTES LBER_OPT_BER_TOTAL_BYTES
+#define LBER_OPT_BYTES_TO_WRITE LBER_OPT_BER_BYTES_TO_WRITE
+
+#define LBER_OPT_LOG_PRINT_FN 0x8001
+#define LBER_OPT_MEMORY_FNS 0x8002
+#define LBER_OPT_ERROR_FN 0x8003
+#define LBER_OPT_LOG_PRINT_FILE 0x8004
+
+/* get/set Memory Debug options */
+#define LBER_OPT_MEMORY_INUSE 0x8005 /* for memory debugging */
+#define LBER_OPT_LOG_PROC 0x8006 /* for external logging function */
+
+typedef int* (*BER_ERRNO_FN) LDAP_P(( void ));
+
+typedef void (*BER_LOG_PRINT_FN) LDAP_P(( LDAP_CONST char *buf ));
+
+typedef void* (BER_MEMALLOC_FN) LDAP_P(( ber_len_t size, void *ctx ));
+typedef void* (BER_MEMCALLOC_FN) LDAP_P(( ber_len_t n, ber_len_t size, void *ctx ));
+typedef void* (BER_MEMREALLOC_FN) LDAP_P(( void *p, ber_len_t size, void *ctx ));
+typedef void (BER_MEMFREE_FN) LDAP_P(( void *p, void *ctx ));
+
+typedef struct lber_memory_fns {
+ BER_MEMALLOC_FN *bmf_malloc;
+ BER_MEMCALLOC_FN *bmf_calloc;
+ BER_MEMREALLOC_FN *bmf_realloc;
+ BER_MEMFREE_FN *bmf_free;
+} BerMemoryFunctions;
+
+/* LBER Sockbuf_IO options */
+#define LBER_SB_OPT_GET_FD 1
+#define LBER_SB_OPT_SET_FD 2
+#define LBER_SB_OPT_HAS_IO 3
+#define LBER_SB_OPT_SET_NONBLOCK 4
+#define LBER_SB_OPT_GET_SSL 7
+#define LBER_SB_OPT_DATA_READY 8
+#define LBER_SB_OPT_SET_READAHEAD 9
+#define LBER_SB_OPT_DRAIN 10
+#define LBER_SB_OPT_NEEDS_READ 11
+#define LBER_SB_OPT_NEEDS_WRITE 12
+#define LBER_SB_OPT_GET_MAX_INCOMING 13
+#define LBER_SB_OPT_SET_MAX_INCOMING 14
+/* Largest option used by the library */
+#define LBER_SB_OPT_OPT_MAX 14
+
+/* LBER IO operations stacking levels */
+#define LBER_SBIOD_LEVEL_PROVIDER 10
+#define LBER_SBIOD_LEVEL_TRANSPORT 20
+#define LBER_SBIOD_LEVEL_APPLICATION 30
+
+/* get/set options for Sockbuf */
+#define LBER_OPT_SOCKBUF_DESC 0x1000
+#define LBER_OPT_SOCKBUF_OPTIONS 0x1001
+#define LBER_OPT_SOCKBUF_DEBUG 0x1002
+
+/* on/off values */
+LBER_V( char ) ber_pvt_opt_on;
+#define LBER_OPT_ON ((void *) &ber_pvt_opt_on)
+#define LBER_OPT_OFF ((void *) 0)
+
+#define LBER_OPT_SUCCESS (0)
+#define LBER_OPT_ERROR (-1)
+
+typedef struct berelement BerElement;
+typedef struct sockbuf Sockbuf;
+typedef struct seqorset Seqorset;
+
+typedef struct sockbuf_io Sockbuf_IO;
+
+/* Structure for LBER IO operarion descriptor */
+typedef struct sockbuf_io_desc {
+ int sbiod_level;
+ Sockbuf *sbiod_sb;
+ Sockbuf_IO *sbiod_io;
+ void *sbiod_pvt;
+ struct sockbuf_io_desc *sbiod_next;
+} Sockbuf_IO_Desc;
+
+/* Structure for LBER IO operation functions */
+struct sockbuf_io {
+ int (*sbi_setup)( Sockbuf_IO_Desc *sbiod, void *arg );
+ int (*sbi_remove)( Sockbuf_IO_Desc *sbiod );
+ int (*sbi_ctrl)( Sockbuf_IO_Desc *sbiod, int opt, void *arg);
+
+ ber_slen_t (*sbi_read)( Sockbuf_IO_Desc *sbiod, void *buf,
+ ber_len_t len );
+ ber_slen_t (*sbi_write)( Sockbuf_IO_Desc *sbiod, void *buf,
+ ber_len_t len );
+
+ int (*sbi_close)( Sockbuf_IO_Desc *sbiod );
+};
+
+/* Helper macros for LBER IO functions */
+#define LBER_SBIOD_READ_NEXT( sbiod, buf, len ) \
+ ( (sbiod)->sbiod_next->sbiod_io->sbi_read( (sbiod)->sbiod_next, \
+ buf, len ) )
+#define LBER_SBIOD_WRITE_NEXT( sbiod, buf, len ) \
+ ( (sbiod)->sbiod_next->sbiod_io->sbi_write( (sbiod)->sbiod_next, \
+ buf, len ) )
+#define LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg ) \
+ ( (sbiod)->sbiod_next ? \
+ ( (sbiod)->sbiod_next->sbiod_io->sbi_ctrl( \
+ (sbiod)->sbiod_next, opt, arg ) ) : 0 )
+
+/* structure for returning a sequence of octet strings + length */
+typedef struct berval {
+ ber_len_t bv_len;
+ char *bv_val;
+} BerValue;
+
+typedef BerValue *BerVarray; /* To distinguish from a single bv */
+
+/* this should be moved to lber-int.h */
+
+/*
+ * in bprint.c:
+ */
+LBER_F( void )
+ber_error_print LDAP_P((
+ LDAP_CONST char *data ));
+
+LBER_F( void )
+ber_bprint LDAP_P((
+ LDAP_CONST char *data, ber_len_t len ));
+
+LBER_F( void )
+ber_dump LDAP_P((
+ BerElement *ber, int inout ));
+
+LBER_F( void )
+ber_sos_dump LDAP_P((
+ Seqorset *sos ));
+
+/*
+ * in decode.c:
+ */
+typedef int (*BERDecodeCallback) LDAP_P((
+ BerElement *ber,
+ void *data,
+ int mode ));
+
+LBER_F( ber_tag_t )
+ber_get_tag LDAP_P((
+ BerElement *ber ));
+
+LBER_F( ber_tag_t )
+ber_skip_tag LDAP_P((
+ BerElement *ber,
+ ber_len_t *len ));
+
+LBER_F( ber_tag_t )
+ber_peek_tag LDAP_P((
+ BerElement *ber,
+ ber_len_t *len ));
+
+LBER_F( ber_tag_t )
+ber_get_int LDAP_P((
+ BerElement *ber,
+ ber_int_t *num ));
+
+LBER_F( ber_tag_t )
+ber_get_enum LDAP_P((
+ BerElement *ber,
+ ber_int_t *num ));
+
+LBER_F( ber_tag_t )
+ber_get_stringb LDAP_P((
+ BerElement *ber,
+ char *buf,
+ ber_len_t *len ));
+
+LBER_F( ber_tag_t )
+ber_get_stringbv LDAP_P((
+ BerElement *ber,
+ struct berval *bv,
+ int alloc ));
+
+LBER_F( ber_tag_t )
+ber_get_stringa LDAP_P((
+ BerElement *ber,
+ char **buf ));
+
+LBER_F( ber_tag_t )
+ber_get_stringal LDAP_P((
+ BerElement *ber,
+ struct berval **bv ));
+
+LBER_F( ber_tag_t )
+ber_get_bitstringa LDAP_P((
+ BerElement *ber,
+ char **buf,
+ ber_len_t *len ));
+
+LBER_F( ber_tag_t )
+ber_get_null LDAP_P((
+ BerElement *ber ));
+
+LBER_F( ber_tag_t )
+ber_get_boolean LDAP_P((
+ BerElement *ber,
+ ber_int_t *boolval ));
+
+LBER_F( ber_tag_t )
+ber_first_element LDAP_P((
+ BerElement *ber,
+ ber_len_t *len,
+ char **last ));
+
+LBER_F( ber_tag_t )
+ber_next_element LDAP_P((
+ BerElement *ber,
+ ber_len_t *len,
+ LDAP_CONST char *last ));
+
+LBER_F( ber_tag_t )
+ber_scanf LDAP_P((
+ BerElement *ber,
+ LDAP_CONST char *fmt,
+ ... ));
+
+/*
+ * in encode.c
+ */
+typedef int (*BEREncodeCallback) LDAP_P((
+ BerElement *ber,
+ void *data ));
+
+LBER_F( int )
+ber_put_enum LDAP_P((
+ BerElement *ber,
+ ber_int_t num,
+ ber_tag_t tag ));
+
+LBER_F( int )
+ber_put_int LDAP_P((
+ BerElement *ber,
+ ber_int_t num,
+ ber_tag_t tag ));
+
+LBER_F( int )
+ber_put_ostring LDAP_P((
+ BerElement *ber,
+ LDAP_CONST char *str,
+ ber_len_t len,
+ ber_tag_t tag ));
+
+LBER_F( int )
+ber_put_berval LDAP_P((
+ BerElement *ber,
+ struct berval *bv,
+ ber_tag_t tag ));
+
+LBER_F( int )
+ber_put_string LDAP_P((
+ BerElement *ber,
+ LDAP_CONST char *str,
+ ber_tag_t tag ));
+
+LBER_F( int )
+ber_put_bitstring LDAP_P((
+ BerElement *ber,
+ LDAP_CONST char *str,
+ ber_len_t bitlen,
+ ber_tag_t tag ));
+
+LBER_F( int )
+ber_put_null LDAP_P((
+ BerElement *ber,
+ ber_tag_t tag ));
+
+LBER_F( int )
+ber_put_boolean LDAP_P((
+ BerElement *ber,
+ ber_int_t boolval,
+ ber_tag_t tag ));
+
+LBER_F( int )
+ber_start_seq LDAP_P((
+ BerElement *ber,
+ ber_tag_t tag ));
+
+LBER_F( int )
+ber_start_set LDAP_P((
+ BerElement *ber,
+ ber_tag_t tag ));
+
+LBER_F( int )
+ber_put_seq LDAP_P((
+ BerElement *ber ));
+
+LBER_F( int )
+ber_put_set LDAP_P((
+ BerElement *ber ));
+
+LBER_F( int )
+ber_printf LDAP_P((
+ BerElement *ber,
+ LDAP_CONST char *fmt,
+ ... ));
+
+
+/*
+ * in io.c:
+ */
+
+LBER_F( ber_slen_t )
+ber_read LDAP_P((
+ BerElement *ber,
+ char *buf,
+ ber_len_t len ));
+
+LBER_F( ber_slen_t )
+ber_write LDAP_P((
+ BerElement *ber,
+ LDAP_CONST char *buf,
+ ber_len_t len,
+ int nosos ));
+
+LBER_F( void )
+ber_free LDAP_P((
+ BerElement *ber,
+ int freebuf ));
+
+LBER_F( void )
+ber_free_buf LDAP_P(( BerElement *ber ));
+
+LBER_F( int )
+ber_flush LDAP_P((
+ Sockbuf *sb,
+ BerElement *ber,
+ int freeit ));
+
+LBER_F( BerElement * )
+ber_alloc LDAP_P(( void )); /* DEPRECATED */
+
+LBER_F( BerElement * )
+der_alloc LDAP_P(( void )); /* DEPRECATED */
+
+LBER_F( BerElement * )
+ber_alloc_t LDAP_P((
+ int beroptions ));
+
+LBER_F( BerElement * )
+ber_dup LDAP_P((
+ BerElement *ber ));
+
+LBER_F( ber_tag_t )
+ber_get_next LDAP_P((
+ Sockbuf *sb,
+ ber_len_t *len,
+ BerElement *ber ));
+
+LBER_F( void )
+ber_init2 LDAP_P((
+ BerElement *ber,
+ struct berval *bv,
+ int options ));
+
+LBER_F( void )
+ber_init_w_nullc LDAP_P(( /* DEPRECATED */
+ BerElement *ber,
+ int options ));
+
+LBER_F( void )
+ber_reset LDAP_P((
+ BerElement *ber,
+ int was_writing ));
+
+LBER_F( BerElement * )
+ber_init LDAP_P((
+ struct berval *bv ));
+
+LBER_F( int )
+ber_flatten LDAP_P((
+ BerElement *ber,
+ struct berval **bvPtr ));
+
+LBER_F( int )
+ber_flatten2 LDAP_P((
+ BerElement *ber,
+ struct berval *bv,
+ int alloc ));
+
+LBER_F( int )
+ber_remaining LDAP_P((
+ BerElement *ber ));
+
+/*
+ * LBER ber accessor functions
+ */
+
+LBER_F( int )
+ber_get_option LDAP_P((
+ void *item,
+ int option,
+ void *outvalue));
+
+LBER_F( int )
+ber_set_option LDAP_P((
+ void *item,
+ int option,
+ LDAP_CONST void *invalue));
+
+/*
+ * LBER sockbuf.c
+ */
+
+LBER_F( Sockbuf * )
+ber_sockbuf_alloc LDAP_P((
+ void ));
+
+LBER_F( void )
+ber_sockbuf_free LDAP_P((
+ Sockbuf *sb ));
+
+LBER_F( int )
+ber_sockbuf_add_io LDAP_P((
+ Sockbuf *sb,
+ Sockbuf_IO *sbio,
+ int layer,
+ void *arg ));
+
+LBER_F( int )
+ber_sockbuf_remove_io LDAP_P((
+ Sockbuf *sb,
+ Sockbuf_IO *sbio,
+ int layer ));
+
+LBER_F( int )
+ber_sockbuf_ctrl LDAP_P((
+ Sockbuf *sb,
+ int opt,
+ void *arg ));
+
+LBER_V( Sockbuf_IO ) ber_sockbuf_io_tcp;
+LBER_V( Sockbuf_IO ) ber_sockbuf_io_readahead;
+LBER_V( Sockbuf_IO ) ber_sockbuf_io_fd;
+LBER_V( Sockbuf_IO ) ber_sockbuf_io_debug;
+LBER_V( Sockbuf_IO ) ber_sockbuf_io_udp;
+
+/*
+ * LBER memory.c
+ */
+LBER_F( void * )
+ber_memalloc LDAP_P((
+ ber_len_t s ));
+
+LBER_F( void * )
+ber_memrealloc LDAP_P((
+ void* p,
+ ber_len_t s ));
+
+LBER_F( void * )
+ber_memcalloc LDAP_P((
+ ber_len_t n,
+ ber_len_t s ));
+
+LBER_F( void )
+ber_memfree LDAP_P((
+ void* p ));
+
+LBER_F( void )
+ber_memvfree LDAP_P((
+ void** vector ));
+
+LBER_F( void )
+ber_bvfree LDAP_P((
+ struct berval *bv ));
+
+LBER_F( void )
+ber_bvecfree LDAP_P((
+ struct berval **bv ));
+
+LBER_F( int )
+ber_bvecadd LDAP_P((
+ struct berval ***bvec,
+ struct berval *bv ));
+
+LBER_F( struct berval * )
+ber_dupbv LDAP_P((
+ struct berval *dst, struct berval *src ));
+
+LBER_F( struct berval * )
+ber_bvdup LDAP_P((
+ struct berval *src ));
+
+LBER_F( struct berval * )
+ber_mem2bv LDAP_P((
+ LDAP_CONST char *, ber_len_t len, int duplicate, struct berval *bv));
+
+LBER_F( struct berval * )
+ber_str2bv LDAP_P((
+ LDAP_CONST char *, ber_len_t len, int duplicate, struct berval *bv));
+
+#define ber_bvstr(a) ((ber_str2bv)((a), 0, 0, NULL))
+#define ber_bvstrdup(a) ((ber_str2bv)((a), 0, 1, NULL))
+
+LBER_F( char * )
+ber_strdup LDAP_P((
+ LDAP_CONST char * ));
+
+LBER_F( struct berval * )
+ber_bvreplace LDAP_P((
+ struct berval *dst, LDAP_CONST struct berval *src ));
+
+LBER_F( void )
+ber_bvarray_free LDAP_P(( BerVarray p ));
+
+LBER_F( int )
+ber_bvarray_add LDAP_P(( BerVarray *p, BerValue *bv ));
+
+#define ber_bvcmp(v1,v2) \
+ ((v1)->bv_len < (v2)->bv_len \
+ ? -1 : ((v1)->bv_len > (v2)->bv_len \
+ ? 1 : memcmp((v1)->bv_val, (v2)->bv_val, (v1)->bv_len) ))
+
+/*
+ * error.c
+ */
+LBER_F( int * ) ber_errno_addr LDAP_P((void));
+#define ber_errno (*(ber_errno_addr)())
+
+#define LBER_ERROR_NONE 0
+#define LBER_ERROR_PARAM 0x1
+#define LBER_ERROR_MEMORY 0x2
+
+#ifdef LDAP_DEVEL
+#define LDAP_NULL_IS_NULL
+#endif
+
+LDAP_END_DECL
+
+#endif /* _LBER_H */
Added: openldap/vendor/openldap-2.3.35/include/lber_pvt.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/lber_pvt.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/lber_pvt.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,219 @@
+/* $OpenLDAP: pkg/ldap/include/lber_pvt.h,v 1.30.2.5 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * lber_pvt.h - Header for ber_pvt_ functions.
+ * These are meant to be internal to OpenLDAP Software.
+ */
+
+#ifndef _LBER_PVT_H
+#define _LBER_PVT_H 1
+
+#include <lber.h>
+
+LDAP_BEGIN_DECL
+
+/* for allocating aligned buffers (on the stack) */
+#define LBER_ALIGNED_BUFFER(uname,size) \
+ union uname { \
+ char buffer[size]; \
+ /* force alignment */ \
+ int ialign; \
+ long lalign; \
+ float falign; \
+ double dalign; \
+ char* palign; \
+ }
+
+#define LBER_ELEMENT_SIZEOF (256) /* must be >= sizeof(BerElement) */
+typedef LBER_ALIGNED_BUFFER(lber_berelement_u,LBER_ELEMENT_SIZEOF)
+ BerElementBuffer;
+
+typedef struct sockbuf_buf {
+ ber_len_t buf_size;
+ ber_len_t buf_ptr;
+ ber_len_t buf_end;
+ char *buf_base;
+} Sockbuf_Buf;
+
+/*
+ * bprint.c
+ */
+LBER_V( BER_LOG_PRINT_FN ) ber_pvt_log_print;
+
+LBER_F( int )
+ber_pvt_log_printf LDAP_P((
+ int errlvl,
+ int loglvl,
+ const char *fmt,
+ ... )) LDAP_GCCATTR((format(printf, 3, 4)));
+
+/*
+ * sockbuf.c
+ */
+LBER_F( ber_slen_t )
+ber_pvt_sb_do_write LDAP_P(( Sockbuf_IO_Desc *sbiod, Sockbuf_Buf *buf_out ));
+
+LBER_F( void )
+ber_pvt_sb_buf_init LDAP_P(( Sockbuf_Buf *buf ));
+
+LBER_F( void )
+ber_pvt_sb_buf_destroy LDAP_P(( Sockbuf_Buf *buf ));
+
+LBER_F( int )
+ber_pvt_sb_grow_buffer LDAP_P(( Sockbuf_Buf *buf, ber_len_t minsize ));
+
+LBER_F( ber_len_t )
+ber_pvt_sb_copy_out LDAP_P(( Sockbuf_Buf *sbb, char *buf, ber_len_t len ));
+
+LBER_F( int )
+ber_pvt_socket_set_nonblock LDAP_P(( ber_socket_t sd, int nb ));
+
+/*
+ * memory.c
+ */
+LBER_F( void * )
+ber_memalloc_x LDAP_P((
+ ber_len_t s, void *ctx));
+
+LBER_F( void * )
+ber_memrealloc_x LDAP_P((
+ void* p,
+ ber_len_t s, void *ctx ));
+
+LBER_F( void * )
+ber_memcalloc_x LDAP_P((
+ ber_len_t n,
+ ber_len_t s, void *ctx ));
+
+LBER_F( void )
+ber_memfree_x LDAP_P((
+ void* p, void *ctx ));
+
+LBER_F( void )
+ber_memvfree_x LDAP_P((
+ void** vector, void *ctx ));
+
+LBER_F( void )
+ber_bvfree_x LDAP_P((
+ struct berval *bv, void *ctx ));
+
+LBER_F( void )
+ber_bvecfree_x LDAP_P((
+ struct berval **bv, void *ctx ));
+
+LBER_F( int )
+ber_bvecadd_x LDAP_P((
+ struct berval ***bvec,
+ struct berval *bv, void *ctx ));
+
+LBER_F( struct berval * )
+ber_dupbv_x LDAP_P((
+ struct berval *dst, struct berval *src, void *ctx ));
+
+LBER_F( struct berval * )
+ber_str2bv_x LDAP_P((
+ LDAP_CONST char *, ber_len_t len, int dup, struct berval *bv, void *ctx));
+
+LBER_F( struct berval * )
+ber_mem2bv_x LDAP_P((
+ LDAP_CONST char *, ber_len_t len, int dup, struct berval *bv, void *ctx));
+
+LBER_F( char * )
+ber_strdup_x LDAP_P((
+ LDAP_CONST char *, void *ctx ));
+
+LBER_F( struct berval * )
+ber_bvreplace_x LDAP_P((
+ struct berval *dst, LDAP_CONST struct berval *src, void *ctx ));
+
+LBER_F( void )
+ber_bvarray_free_x LDAP_P(( BerVarray p, void *ctx ));
+
+LBER_F( int )
+ber_bvarray_add_x LDAP_P(( BerVarray *p, BerValue *bv, void *ctx ));
+
+#if 0
+#define ber_bvstrcmp(v1,v2) \
+ ((v1)->bv_len < (v2)->bv_len \
+ ? -1 : ((v1)->bv_len > (v2)->bv_len \
+ ? 1 : strncmp((v1)->bv_val, (v2)->bv_val, (v1)->bv_len) ))
+#else
+ /* avoid strncmp() */
+#define ber_bvstrcmp(v1,v2) ber_bvcmp((v1),(v2))
+#endif
+
+#define ber_bvstrcasecmp(v1,v2) \
+ ((v1)->bv_len < (v2)->bv_len \
+ ? -1 : ((v1)->bv_len > (v2)->bv_len \
+ ? 1 : strncasecmp((v1)->bv_val, (v2)->bv_val, (v1)->bv_len) ))
+
+#define ber_bvccmp(v1,c) \
+ ( (v1)->bv_len == 1 && (v1)->bv_val[0] == (c) )
+
+#define ber_strccmp(s,c) \
+ ( (s)[0] == (c) && (s)[1] == '\0' )
+
+#define ber_bvchr(bv,c) \
+ ((char *) memchr( (bv)->bv_val, (c), (bv)->bv_len ))
+
+#define ber_bvrchr(bv,c) \
+ ((char *) memrchr( (bv)->bv_val, (c), (bv)->bv_len ))
+
+#define ber_bvchr_right(dst,bv,c) \
+ do { \
+ (dst)->bv_val = memchr( (bv)->bv_val, (c), (bv)->bv_len ); \
+ (dst)->bv_len = (dst)->bv_val ? (bv)->bv_len - ((dst)->bv_val - (bv)->bv_val) : 0; \
+ } while (0)
+
+#define ber_bvchr_left(dst,bv,c) \
+ do { \
+ (dst)->bv_val = memchr( (bv)->bv_val, (c), (bv)->bv_len ); \
+ (dst)->bv_len = (dst)->bv_val ? ((dst)->bv_val - (bv)->bv_val) : (bv)->bv_len; \
+ (dst)->bv_val = (bv)->bv_val; \
+ } while (0)
+
+#define ber_bvrchr_right(dst,bv,c) \
+ do { \
+ (dst)->bv_val = memrchr( (bv)->bv_val, (c), (bv)->bv_len ); \
+ (dst)->bv_len = (dst)->bv_val ? (bv)->bv_len - ((dst)->bv_val - (bv)->bv_val) : 0; \
+ } while (0)
+
+#define ber_bvrchr_left(dst,bv,c) \
+ do { \
+ (dst)->bv_val = memrchr( (bv)->bv_val, (c), (bv)->bv_len ); \
+ (dst)->bv_len = (dst)->bv_val ? ((dst)->bv_val - (bv)->bv_val) : (bv)->bv_len; \
+ (dst)->bv_val = (bv)->bv_val; \
+ } while (0)
+
+#define BER_BVC(s) { STRLENOF(s), (s) }
+#define BER_BVNULL { 0L, NULL }
+#define BER_BVZERO(bv) \
+ do { \
+ (bv)->bv_len = 0; \
+ (bv)->bv_val = NULL; \
+ } while (0)
+#define BER_BVSTR(bv,s) \
+ do { \
+ (bv)->bv_len = STRLENOF(s); \
+ (bv)->bv_val = (s); \
+ } while (0)
+#define BER_BVISNULL(bv) ((bv)->bv_val == NULL)
+#define BER_BVISEMPTY(bv) ((bv)->bv_len == 0)
+
+LDAP_END_DECL
+
+#endif
+
Added: openldap/vendor/openldap-2.3.35/include/lber_types.hin
===================================================================
--- openldap/vendor/openldap-2.3.35/include/lber_types.hin (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/lber_types.hin 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,62 @@
+/* $OpenLDAP: pkg/ldap/include/lber_types.hin,v 1.2.2.3 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * LBER types
+ */
+
+#ifndef _LBER_TYPES_H
+#define _LBER_TYPES_H
+
+#include <ldap_cdefs.h>
+
+LDAP_BEGIN_DECL
+
+/* LBER boolean, enum, integers (32 bits or larger) */
+#undef LBER_INT_T
+
+/* LBER tags (32 bits or larger) */
+#undef LBER_TAG_T
+
+/* LBER socket descriptor */
+#undef LBER_SOCKET_T
+
+/* LBER lengths (32 bits or larger) */
+#undef LBER_LEN_T
+
+/* ------------------------------------------------------------ */
+
+/* booleans, enumerations, and integers */
+typedef LBER_INT_T ber_int_t;
+
+/* signed and unsigned versions */
+typedef signed LBER_INT_T ber_sint_t;
+typedef unsigned LBER_INT_T ber_uint_t;
+
+/* tags */
+typedef unsigned LBER_TAG_T ber_tag_t;
+
+/* "socket" descriptors */
+typedef LBER_SOCKET_T ber_socket_t;
+
+/* lengths */
+typedef unsigned LBER_LEN_T ber_len_t;
+
+/* signed lengths */
+typedef signed LBER_LEN_T ber_slen_t;
+
+LDAP_END_DECL
+
+#endif /* _LBER_TYPES_H */
Added: openldap/vendor/openldap-2.3.35/include/ldap.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ldap.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ldap.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2122 @@
+/* $OpenLDAP: pkg/ldap/include/ldap.h,v 1.263.2.25 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#ifndef _LDAP_H
+#define _LDAP_H
+
+/* pull in lber */
+#include <lber.h>
+
+/* include version and API feature defines */
+#include <ldap_features.h>
+
+LDAP_BEGIN_DECL
+
+#define LDAP_VERSION1 1
+#define LDAP_VERSION2 2
+#define LDAP_VERSION3 3
+
+#define LDAP_VERSION_MIN LDAP_VERSION2
+#define LDAP_VERSION LDAP_VERSION2
+#define LDAP_VERSION_MAX LDAP_VERSION3
+
+/*
+ * We use 3000+n here because it is above 1823 (for RFC 1823),
+ * above 2000+rev of IETF LDAPEXT draft (now quite dated),
+ * yet below allocations for new RFCs (just in case there is
+ * someday an RFC produced).
+ */
+#define LDAP_API_VERSION 3001
+#define LDAP_VENDOR_NAME "OpenLDAP"
+
+/* OpenLDAP API Features */
+#define LDAP_API_FEATURE_X_OPENLDAP LDAP_VENDOR_VERSION
+
+#if defined( LDAP_API_FEATURE_X_OPENLDAP_REENTRANT ) || \
+ ( defined( LDAP_THREAD_SAFE ) && \
+ defined( LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE ) )
+ /* -lldap may or may not be thread safe */
+ /* -lldap_r, if available, is always thread safe */
+# define LDAP_API_FEATURE_THREAD_SAFE 1
+#endif
+#if defined( LDAP_THREAD_SAFE ) && \
+ defined( LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE )
+/* #define LDAP_API_FEATURE_SESSION_SAFE 1 */
+/* #define LDAP_API_OPERATION_SESSION_SAFE 1 */
+#endif
+
+
+#define LDAP_PORT 389 /* ldap:/// default LDAP port */
+#define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */
+
+#define LDAP_ROOT_DSE ""
+#define LDAP_NO_ATTRS "1.1"
+#define LDAP_ALL_USER_ATTRIBUTES "*"
+#define LDAP_ALL_OPERATIONAL_ATTRIBUTES "+" /* RFC 3673 */
+
+/* RFC 2251: maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- */
+#define LDAP_MAXINT (2147483647)
+
+/*
+ * LDAP_OPTions
+ * 0x0000 - 0x0fff reserved for api options
+ * 0x1000 - 0x3fff reserved for api extended options
+ * 0x4000 - 0x7fff reserved for private and experimental options
+ */
+
+#define LDAP_OPT_API_INFO 0x0000
+#define LDAP_OPT_DESC 0x0001 /* historic */
+#define LDAP_OPT_DEREF 0x0002
+#define LDAP_OPT_SIZELIMIT 0x0003
+#define LDAP_OPT_TIMELIMIT 0x0004
+/* 0x05 - 0x07 not defined */
+#define LDAP_OPT_REFERRALS 0x0008
+#define LDAP_OPT_RESTART 0x0009
+/* 0x0a - 0x10 not defined */
+#define LDAP_OPT_PROTOCOL_VERSION 0x0011
+#define LDAP_OPT_SERVER_CONTROLS 0x0012
+#define LDAP_OPT_CLIENT_CONTROLS 0x0013
+/* 0x14 not defined */
+#define LDAP_OPT_API_FEATURE_INFO 0x0015
+/* 0x16 - 0x2f not defined */
+#define LDAP_OPT_HOST_NAME 0x0030
+#define LDAP_OPT_RESULT_CODE 0x0031
+#define LDAP_OPT_ERROR_NUMBER LDAP_OPT_RESULT_CODE
+#define LDAP_OPT_ERROR_STRING 0x0032
+#define LDAP_OPT_MATCHED_DN 0x0033
+/* 0x0034 - 0x3fff not defined */
+
+/* API Extensions */
+#define LDAP_OPT_API_EXTENSION_BASE 0x4000 /* API extensions */
+
+/* private and experimental options */
+/* OpenLDAP specific options */
+#define LDAP_OPT_DEBUG_LEVEL 0x5001 /* debug level */
+#define LDAP_OPT_TIMEOUT 0x5002 /* default timeout */
+#define LDAP_OPT_REFHOPLIMIT 0x5003 /* ref hop limit */
+#define LDAP_OPT_NETWORK_TIMEOUT 0x5005 /* socket level timeout */
+#define LDAP_OPT_URI 0x5006
+#define LDAP_OPT_REFERRAL_URLS 0x5007 /* Referral URLs */
+#define LDAP_OPT_SOCKBUF 0x5008 /* sockbuf */
+
+/* OpenLDAP TLS options */
+#define LDAP_OPT_X_TLS 0x6000
+#define LDAP_OPT_X_TLS_CTX 0x6001 /* SSL CTX */
+#define LDAP_OPT_X_TLS_CACERTFILE 0x6002
+#define LDAP_OPT_X_TLS_CACERTDIR 0x6003
+#define LDAP_OPT_X_TLS_CERTFILE 0x6004
+#define LDAP_OPT_X_TLS_KEYFILE 0x6005
+#define LDAP_OPT_X_TLS_REQUIRE_CERT 0x6006
+/* #define LDAP_OPT_X_TLS_PROTOCOL 0x6007 */
+#define LDAP_OPT_X_TLS_CIPHER_SUITE 0x6008
+#define LDAP_OPT_X_TLS_RANDOM_FILE 0x6009
+#define LDAP_OPT_X_TLS_SSL_CTX 0x600a
+#define LDAP_OPT_X_TLS_CRLCHECK 0x600b
+#define LDAP_OPT_X_TLS_CONNECT_CB 0x600c
+#define LDAP_OPT_X_TLS_CONNECT_ARG 0x600d
+#define LDAP_OPT_X_TLS_DHFILE 0x600e
+
+#define LDAP_OPT_X_TLS_NEVER 0
+#define LDAP_OPT_X_TLS_HARD 1
+#define LDAP_OPT_X_TLS_DEMAND 2
+#define LDAP_OPT_X_TLS_ALLOW 3
+#define LDAP_OPT_X_TLS_TRY 4
+
+#define LDAP_OPT_X_TLS_CRL_NONE 0
+#define LDAP_OPT_X_TLS_CRL_PEER 1
+#define LDAP_OPT_X_TLS_CRL_ALL 2
+
+/* OpenLDAP SASL options */
+#define LDAP_OPT_X_SASL_MECH 0x6100
+#define LDAP_OPT_X_SASL_REALM 0x6101
+#define LDAP_OPT_X_SASL_AUTHCID 0x6102
+#define LDAP_OPT_X_SASL_AUTHZID 0x6103
+#define LDAP_OPT_X_SASL_SSF 0x6104 /* read-only */
+#define LDAP_OPT_X_SASL_SSF_EXTERNAL 0x6105 /* write-only */
+#define LDAP_OPT_X_SASL_SECPROPS 0x6106 /* write-only */
+#define LDAP_OPT_X_SASL_SSF_MIN 0x6107
+#define LDAP_OPT_X_SASL_SSF_MAX 0x6108
+#define LDAP_OPT_X_SASL_MAXBUFSIZE 0x6109
+
+/* Private API Extensions -- reserved for application use */
+#define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x7000 /* Private API inclusive */
+
+/*
+ * ldap_get_option() and ldap_set_option() return values.
+ * As later versions may return other values indicating
+ * failure, current applications should only compare returned
+ * value against LDAP_OPT_SUCCESS.
+ */
+#define LDAP_OPT_SUCCESS 0
+#define LDAP_OPT_ERROR (-1)
+
+/* option on/off values */
+#define LDAP_OPT_ON ((void *) &ber_pvt_opt_on)
+#define LDAP_OPT_OFF ((void *) 0)
+
+typedef struct ldapapiinfo {
+ int ldapai_info_version; /* version of LDAPAPIInfo */
+#define LDAP_API_INFO_VERSION (1)
+ int ldapai_api_version; /* revision of API supported */
+ int ldapai_protocol_version; /* highest LDAP version supported */
+ char **ldapai_extensions; /* names of API extensions */
+ char *ldapai_vendor_name; /* name of supplier */
+ int ldapai_vendor_version; /* supplier-specific version * 100 */
+} LDAPAPIInfo;
+
+typedef struct ldap_apifeature_info {
+ int ldapaif_info_version; /* version of LDAPAPIFeatureInfo */
+#define LDAP_FEATURE_INFO_VERSION (1) /* apifeature_info struct version */
+ char* ldapaif_name; /* LDAP_API_FEATURE_* (less prefix) */
+ int ldapaif_version; /* value of LDAP_API_FEATURE_... */
+} LDAPAPIFeatureInfo;
+
+/*
+ * LDAP Control structure
+ */
+typedef struct ldapcontrol {
+ char * ldctl_oid; /* numericoid of control */
+ struct berval ldctl_value; /* encoded value of control */
+ char ldctl_iscritical; /* criticality */
+} LDAPControl;
+
+/* LDAP Controls */
+/* standard track controls */
+#define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2" /* RFC 3296 */
+#define LDAP_CONTROL_PROXY_AUTHZ "2.16.840.1.113730.3.4.18" /* RFC 4370 */
+#define LDAP_CONTROL_SUBENTRIES "1.3.6.1.4.1.4203.1.10.1" /* RFC 3672 */
+
+#define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.3344810.2.3"/* RFC 3876 */
+#define LDAP_CONTROL_X_VALUESRETURNFILTER "1.2.826.0.1.334810.2.3"/* bad OID */
+
+#define LDAP_CONTROL_ASSERT "1.3.6.1.1.12" /* RFC TBD */
+#define LDAP_CONTROL_PRE_READ "1.3.6.1.1.13.1" /* RFC TBD */
+#define LDAP_CONTROL_POST_READ "1.3.6.1.1.13.2" /* RFC TBD */
+
+/* standard track - not implemented in slapd(8) */
+#define LDAP_CONTROL_SORTREQUEST "1.2.840.113556.1.4.473" /* RFC 2891 */
+#define LDAP_CONTROL_SORTRESPONSE "1.2.840.113556.1.4.474" /* RFC 2891 */
+
+/* non-standard track controls */
+#define LDAP_CONTROL_PAGEDRESULTS "1.2.840.113556.1.4.319" /* RFC 2696 */
+
+/* Password policy Controls *//* work in progress */
+/* ITS#3458: released; disabled by default */
+#define LDAP_CONTROL_PASSWORDPOLICYREQUEST "1.3.6.1.4.1.42.2.27.8.5.1"
+#define LDAP_CONTROL_PASSWORDPOLICYRESPONSE "1.3.6.1.4.1.42.2.27.8.5.1"
+
+/* various works in progress */
+#define LDAP_CONTROL_NOOP "1.3.6.1.4.1.4203.666.5.2"
+#define LDAP_CONTROL_NO_SUBORDINATES "1.3.6.1.4.1.4203.666.5.11"
+#define LDAP_CONTROL_MANAGEDIT "1.3.6.1.4.1.4203.666.5.12"
+#define LDAP_CONTROL_SLURP "1.3.6.1.4.1.4203.666.5.13"
+#define LDAP_CONTROL_VALSORT "1.3.6.1.4.1.4203.666.5.14"
+
+/* LDAP Sync -- draft-zeilenga-ldup-sync *//* submitted for publication */
+#define LDAP_SYNC_OID "1.3.6.1.4.1.4203.1.9.1"
+#define LDAP_CONTROL_SYNC LDAP_SYNC_OID ".1"
+#define LDAP_CONTROL_SYNC_STATE LDAP_SYNC_OID ".2"
+#define LDAP_CONTROL_SYNC_DONE LDAP_SYNC_OID ".3"
+#define LDAP_SYNC_INFO LDAP_SYNC_OID ".4"
+
+#define LDAP_SYNC_NONE 0x00
+#define LDAP_SYNC_REFRESH_ONLY 0x01
+#define LDAP_SYNC_RESERVED 0x02
+#define LDAP_SYNC_REFRESH_AND_PERSIST 0x03
+
+#define LDAP_SYNC_REFRESH_PRESENTS 0
+#define LDAP_SYNC_REFRESH_DELETES 1
+
+#define LDAP_TAG_SYNC_NEW_COOKIE ((ber_tag_t) 0x80U)
+#define LDAP_TAG_SYNC_REFRESH_DELETE ((ber_tag_t) 0xa1U)
+#define LDAP_TAG_SYNC_REFRESH_PRESENT ((ber_tag_t) 0xa2U)
+#define LDAP_TAG_SYNC_ID_SET ((ber_tag_t) 0xa3U)
+
+#define LDAP_TAG_SYNC_COOKIE ((ber_tag_t) 0x04U)
+#define LDAP_TAG_REFRESHDELETES ((ber_tag_t) 0x01U)
+#define LDAP_TAG_REFRESHDONE ((ber_tag_t) 0x01U)
+#define LDAP_TAG_RELOAD_HINT ((ber_tag_t) 0x01U)
+
+#define LDAP_SYNC_PRESENT 0
+#define LDAP_SYNC_ADD 1
+#define LDAP_SYNC_MODIFY 2
+#define LDAP_SYNC_DELETE 3
+
+/* LDAP Chaining Behavior Control *//* work in progress */
+/* <draft-sermersheim-ldap-chaining>;
+ * see also LDAP_NO_REFERRALS_FOUND, LDAP_CANNOT_CHAIN */
+#ifdef LDAP_DEVEL
+#define LDAP_CONTROL_X_CHAINING_BEHAVIOR "1.3.6.1.4.1.4203.666.11.3"
+
+#define LDAP_CHAINING_PREFERRED 0
+#define LDAP_CHAINING_REQUIRED 1
+#define LDAP_REFERRALS_PREFERRED 2
+#define LDAP_REFERRALS_REQUIRED 3
+#endif
+
+/* MS Active Directory controls (for compatibility) */
+#define LDAP_CONTROL_X_INCREMENTAL_VALUES "1.2.840.113556.1.4.802"
+#define LDAP_CONTROL_X_DOMAIN_SCOPE "1.2.840.113556.1.4.1339"
+#define LDAP_CONTROL_X_PERMISSIVE_MODIFY "1.2.840.113556.1.4.1413"
+#define LDAP_CONTROL_X_SEARCH_OPTIONS "1.2.840.113556.1.4.1340"
+#define LDAP_SEARCH_FLAG_DOMAIN_SCOPE 1 /* do not generate referrals */
+#define LDAP_SEARCH_FLAG_PHANTOM_ROOT 2 /* search all subordinate NCs */
+
+/* MS Active Directory controls - not implemented in slapd(8) */
+#define LDAP_CONTROL_X_TREE_DELETE "1.2.840.113556.1.4.805"
+#define LDAP_CONTROL_X_EXTENDED_DN "1.2.840.113556.1.4.529"
+
+/* various expired works */
+/* LDAP Duplicated Entry Control Extension *//* not implemented in slapd(8) */
+#define LDAP_CONTROL_DUPENT_REQUEST "2.16.840.1.113719.1.27.101.1"
+#define LDAP_CONTROL_DUPENT_RESPONSE "2.16.840.1.113719.1.27.101.2"
+#define LDAP_CONTROL_DUPENT_ENTRY "2.16.840.1.113719.1.27.101.3"
+#define LDAP_CONTROL_DUPENT LDAP_CONTROL_DUPENT_REQUEST
+
+/* LDAP Persistent Search Control *//* not implemented in slapd(8) */
+#define LDAP_CONTROL_PERSIST_REQUEST "2.16.840.1.113730.3.4.3"
+#define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_NOTICE "2.16.840.1.113730.3.4.7"
+#define LDAP_CONTROL_PERSSIT_ENTRY_CHANGE_ADD 0x1
+#define LDAP_CONTROL_PERSSIT_ENTRY_CHANGE_DELETE 0x2
+#define LDAP_CONTROL_PERSSIT_ENTRY_CHANGE_MODIFY 0x4
+#define LDAP_CONTROL_PERSSIT_ENTRY_CHANGE_RENAME 0x8
+
+/* LDAP VLV *//* not implemented in slapd(8) */
+#define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9"
+#define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10"
+
+
+/* LDAP Unsolicited Notifications */
+#define LDAP_NOTICE_OF_DISCONNECTION "1.3.6.1.4.1.1466.20036" /* RFC 2251 */
+#define LDAP_NOTICE_DISCONNECT LDAP_NOTICE_OF_DISCONNECTION
+
+/* LDAP Extended Operations */
+#define LDAP_EXOP_START_TLS "1.3.6.1.4.1.1466.20037" /* RFC 2830 */
+
+#define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1" /* RFC 3062 */
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ((ber_tag_t) 0x81U)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_GEN ((ber_tag_t) 0x80U)
+
+#define LDAP_EXOP_CANCEL "1.3.6.1.1.8" /* RFC 3909 */
+#define LDAP_EXOP_X_CANCEL LDAP_EXOP_CANCEL
+
+/* various works in progress */
+#define LDAP_EXOP_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3"
+#define LDAP_EXOP_X_WHO_AM_I LDAP_EXOP_WHO_AM_I
+
+#define LDAP_EXOP_X_TURN "1.3.6.1.4.1.4203.666.6.4"
+
+/* LDAP Grouping of Related Operations *//* a work in progress */
+#ifdef LDAP_DEVEL
+#define LDAP_X_GROUPING_BASE "1.3.6.1.4.1.4203.666.10.3"
+#define LDAP_EXOP_GROUPING_CREATE LDAP_X_GROUPING_BASE ".1"
+#define LDAP_EXOP_GROUPING_END LDAP_X_GROUPING_BASE ".2"
+#define LDAP_NOTICE_GROUPING_END LDAP_X_GROUPING_BASE ".3"
+#define LDAP_EXOP_GROUPING_ACTION LDAP_X_GROUPING_BASE ".4"
+#define LDAP_NOTICE_GROUPING_INFO LDAP_X_GROUPING_BASE ".5"
+#define LDAP_CONTROL_GROUPING LDAP_X_GROUPING_BASE ".6"
+#endif
+
+/* LDAP Grouping Types *//* a work in progress */
+#ifdef LDAP_DEVEL
+#define LDAP_GROUP_TRANSACTION "1.3.6.1.4.1.4203.666.10.4"
+#endif
+
+/* LDAP Features */
+#define LDAP_FEATURE_ALL_OP_ATTRS "1.3.6.1.4.1.4203.1.5.1" /* RFC 3673 */
+#define LDAP_FEATURE_OBJECTCLASS_ATTRS \
+ "1.3.6.1.4.1.4203.1.5.2" /* @objectClass - new number to be assigned */
+#define LDAP_FEATURE_ABSOLUTE_FILTERS "1.3.6.1.4.1.4203.1.5.3" /* (&) (|) */
+#define LDAP_FEATURE_LANGUAGE_TAG_OPTIONS "1.3.6.1.4.1.4203.1.5.4"
+#define LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS "1.3.6.1.4.1.4203.1.5.5"
+#define LDAP_FEATURE_MODIFY_INCREMENT "1.3.6.1.1.14"
+
+#ifdef LDAP_DEVEL
+/* LDAP Experimental (works in progress) Features */
+#define LDAP_FEATURE_SUBORDINATE_SCOPE \
+ "1.3.6.1.4.1.4203.666.8.1" /* "children" */
+#define LDAP_FEATURE_CHILDREN_SCOPE LDAP_FEATURE_SUBORDINATE_SCOPE
+#endif
+
+/*
+ * specific LDAP instantiations of BER types we know about
+ */
+
+/* Overview of LBER tag construction
+ *
+ * Bits
+ * ______
+ * 8 7 | CLASS
+ * 0 0 = UNIVERSAL
+ * 0 1 = APPLICATION
+ * 1 0 = CONTEXT-SPECIFIC
+ * 1 1 = PRIVATE
+ * _____
+ * | 6 | DATA-TYPE
+ * 0 = PRIMITIVE
+ * 1 = CONSTRUCTED
+ * ___________
+ * | 5 ... 1 | TAG-NUMBER
+ */
+
+/* general stuff */
+#define LDAP_TAG_MESSAGE ((ber_tag_t) 0x30U) /* constructed + 16 */
+#define LDAP_TAG_MSGID ((ber_tag_t) 0x02U) /* integer */
+
+#define LDAP_TAG_LDAPDN ((ber_tag_t) 0x04U) /* octet string */
+#define LDAP_TAG_LDAPCRED ((ber_tag_t) 0x04U) /* octet string */
+
+#define LDAP_TAG_CONTROLS ((ber_tag_t) 0xa0U) /* context specific + constructed + 0 */
+#define LDAP_TAG_REFERRAL ((ber_tag_t) 0xa3U) /* context specific + constructed + 3 */
+
+#define LDAP_TAG_NEWSUPERIOR ((ber_tag_t) 0x80U) /* context-specific + primitive + 0 */
+
+#define LDAP_TAG_EXOP_REQ_OID ((ber_tag_t) 0x80U) /* context specific + primitive */
+#define LDAP_TAG_EXOP_REQ_VALUE ((ber_tag_t) 0x81U) /* context specific + primitive */
+#define LDAP_TAG_EXOP_RES_OID ((ber_tag_t) 0x8aU) /* context specific + primitive */
+#define LDAP_TAG_EXOP_RES_VALUE ((ber_tag_t) 0x8bU) /* context specific + primitive */
+
+#define LDAP_TAG_IM_RES_OID ((ber_tag_t) 0x80U) /* context specific + primitive */
+#define LDAP_TAG_IM_RES_VALUE ((ber_tag_t) 0x81U) /* context specific + primitive */
+
+#define LDAP_TAG_SASL_RES_CREDS ((ber_tag_t) 0x87U) /* context specific + primitive */
+
+/* LDAP Request Messages */
+#define LDAP_REQ_BIND ((ber_tag_t) 0x60U) /* application + constructed */
+#define LDAP_REQ_UNBIND ((ber_tag_t) 0x42U) /* application + primitive */
+#define LDAP_REQ_SEARCH ((ber_tag_t) 0x63U) /* application + constructed */
+#define LDAP_REQ_MODIFY ((ber_tag_t) 0x66U) /* application + constructed */
+#define LDAP_REQ_ADD ((ber_tag_t) 0x68U) /* application + constructed */
+#define LDAP_REQ_DELETE ((ber_tag_t) 0x4aU) /* application + primitive */
+#define LDAP_REQ_MODDN ((ber_tag_t) 0x6cU) /* application + constructed */
+#define LDAP_REQ_MODRDN LDAP_REQ_MODDN
+#define LDAP_REQ_RENAME LDAP_REQ_MODDN
+#define LDAP_REQ_COMPARE ((ber_tag_t) 0x6eU) /* application + constructed */
+#define LDAP_REQ_ABANDON ((ber_tag_t) 0x50U) /* application + primitive */
+#define LDAP_REQ_EXTENDED ((ber_tag_t) 0x77U) /* application + constructed */
+
+/* LDAP Response Messages */
+#define LDAP_RES_BIND ((ber_tag_t) 0x61U) /* application + constructed */
+#define LDAP_RES_SEARCH_ENTRY ((ber_tag_t) 0x64U) /* application + constructed */
+#define LDAP_RES_SEARCH_REFERENCE ((ber_tag_t) 0x73U) /* V3: application + constructed */
+#define LDAP_RES_SEARCH_RESULT ((ber_tag_t) 0x65U) /* application + constructed */
+#define LDAP_RES_MODIFY ((ber_tag_t) 0x67U) /* application + constructed */
+#define LDAP_RES_ADD ((ber_tag_t) 0x69U) /* application + constructed */
+#define LDAP_RES_DELETE ((ber_tag_t) 0x6bU) /* application + constructed */
+#define LDAP_RES_MODDN ((ber_tag_t) 0x6dU) /* application + constructed */
+#define LDAP_RES_MODRDN LDAP_RES_MODDN /* application + constructed */
+#define LDAP_RES_RENAME LDAP_RES_MODDN /* application + constructed */
+#define LDAP_RES_COMPARE ((ber_tag_t) 0x6fU) /* application + constructed */
+#define LDAP_RES_EXTENDED ((ber_tag_t) 0x78U) /* V3: application + constructed */
+#define LDAP_RES_INTERMEDIATE ((ber_tag_t) 0x79U) /* V3+: application + constructed */
+
+#define LDAP_RES_ANY (-1)
+#define LDAP_RES_UNSOLICITED (0)
+
+
+/* sasl methods */
+#define LDAP_SASL_SIMPLE ((char*)0)
+#define LDAP_SASL_NULL ("")
+
+
+/* authentication methods available */
+#define LDAP_AUTH_NONE ((ber_tag_t) 0x00U) /* no authentication */
+#define LDAP_AUTH_SIMPLE ((ber_tag_t) 0x80U) /* context specific + primitive */
+#define LDAP_AUTH_SASL ((ber_tag_t) 0xa3U) /* context specific + constructed */
+#define LDAP_AUTH_KRBV4 ((ber_tag_t) 0xffU) /* means do both of the following */
+#define LDAP_AUTH_KRBV41 ((ber_tag_t) 0x81U) /* context specific + primitive */
+#define LDAP_AUTH_KRBV42 ((ber_tag_t) 0x82U) /* context specific + primitive */
+
+
+/* filter types */
+#define LDAP_FILTER_AND ((ber_tag_t) 0xa0U) /* context specific + constructed */
+#define LDAP_FILTER_OR ((ber_tag_t) 0xa1U) /* context specific + constructed */
+#define LDAP_FILTER_NOT ((ber_tag_t) 0xa2U) /* context specific + constructed */
+#define LDAP_FILTER_EQUALITY ((ber_tag_t) 0xa3U) /* context specific + constructed */
+#define LDAP_FILTER_SUBSTRINGS ((ber_tag_t) 0xa4U) /* context specific + constructed */
+#define LDAP_FILTER_GE ((ber_tag_t) 0xa5U) /* context specific + constructed */
+#define LDAP_FILTER_LE ((ber_tag_t) 0xa6U) /* context specific + constructed */
+#define LDAP_FILTER_PRESENT ((ber_tag_t) 0x87U) /* context specific + primitive */
+#define LDAP_FILTER_APPROX ((ber_tag_t) 0xa8U) /* context specific + constructed */
+#define LDAP_FILTER_EXT ((ber_tag_t) 0xa9U) /* context specific + constructed */
+
+/* extended filter component types */
+#define LDAP_FILTER_EXT_OID ((ber_tag_t) 0x81U) /* context specific */
+#define LDAP_FILTER_EXT_TYPE ((ber_tag_t) 0x82U) /* context specific */
+#define LDAP_FILTER_EXT_VALUE ((ber_tag_t) 0x83U) /* context specific */
+#define LDAP_FILTER_EXT_DNATTRS ((ber_tag_t) 0x84U) /* context specific */
+
+/* substring filter component types */
+#define LDAP_SUBSTRING_INITIAL ((ber_tag_t) 0x80U) /* context specific */
+#define LDAP_SUBSTRING_ANY ((ber_tag_t) 0x81U) /* context specific */
+#define LDAP_SUBSTRING_FINAL ((ber_tag_t) 0x82U) /* context specific */
+
+/* search scopes */
+#define LDAP_SCOPE_BASE ((ber_int_t) 0x0000)
+#define LDAP_SCOPE_BASEOBJECT LDAP_SCOPE_BASE
+#define LDAP_SCOPE_ONELEVEL ((ber_int_t) 0x0001)
+#define LDAP_SCOPE_ONE LDAP_SCOPE_ONELEVEL
+#define LDAP_SCOPE_SUBTREE ((ber_int_t) 0x0002)
+#define LDAP_SCOPE_SUB LDAP_SCOPE_SUBTREE
+#define LDAP_SCOPE_SUBORDINATE ((ber_int_t) 0x0003) /* OpenLDAP extension */
+#define LDAP_SCOPE_CHILDREN LDAP_SCOPE_SUBORDINATE
+#define LDAP_SCOPE_DEFAULT ((ber_int_t) -1) /* OpenLDAP extension */
+
+/* substring filter component types */
+#define LDAP_SUBSTRING_INITIAL ((ber_tag_t) 0x80U) /* context specific */
+#define LDAP_SUBSTRING_ANY ((ber_tag_t) 0x81U) /* context specific */
+#define LDAP_SUBSTRING_FINAL ((ber_tag_t) 0x82U) /* context specific */
+
+/*
+ * LDAP Result Codes
+ */
+#define LDAP_SUCCESS 0x00
+
+#define LDAP_RANGE(n,x,y) (((x) <= (n)) && ((n) <= (y)))
+
+#define LDAP_OPERATIONS_ERROR 0x01
+#define LDAP_PROTOCOL_ERROR 0x02
+#define LDAP_TIMELIMIT_EXCEEDED 0x03
+#define LDAP_SIZELIMIT_EXCEEDED 0x04
+#define LDAP_COMPARE_FALSE 0x05
+#define LDAP_COMPARE_TRUE 0x06
+#define LDAP_AUTH_METHOD_NOT_SUPPORTED 0x07
+#define LDAP_STRONG_AUTH_NOT_SUPPORTED LDAP_AUTH_METHOD_NOT_SUPPORTED
+#define LDAP_STRONG_AUTH_REQUIRED 0x08
+#define LDAP_STRONGER_AUTH_REQUIRED LDAP_STRONG_AUTH_REQUIRED
+#define LDAP_PARTIAL_RESULTS 0x09 /* LDAPv2+ (not LDAPv3) */
+
+#define LDAP_REFERRAL 0x0a /* LDAPv3 */
+#define LDAP_ADMINLIMIT_EXCEEDED 0x0b /* LDAPv3 */
+#define LDAP_UNAVAILABLE_CRITICAL_EXTENSION 0x0c /* LDAPv3 */
+#define LDAP_CONFIDENTIALITY_REQUIRED 0x0d /* LDAPv3 */
+#define LDAP_SASL_BIND_IN_PROGRESS 0x0e /* LDAPv3 */
+
+#define LDAP_ATTR_ERROR(n) LDAP_RANGE((n),0x10,0x15) /* 16-21 */
+
+#define LDAP_NO_SUCH_ATTRIBUTE 0x10
+#define LDAP_UNDEFINED_TYPE 0x11
+#define LDAP_INAPPROPRIATE_MATCHING 0x12
+#define LDAP_CONSTRAINT_VIOLATION 0x13
+#define LDAP_TYPE_OR_VALUE_EXISTS 0x14
+#define LDAP_INVALID_SYNTAX 0x15
+
+#define LDAP_NAME_ERROR(n) LDAP_RANGE((n),0x20,0x24) /* 32-34,36 */
+
+#define LDAP_NO_SUCH_OBJECT 0x20
+#define LDAP_ALIAS_PROBLEM 0x21
+#define LDAP_INVALID_DN_SYNTAX 0x22
+#define LDAP_IS_LEAF 0x23 /* not LDAPv3 */
+#define LDAP_ALIAS_DEREF_PROBLEM 0x24
+
+#define LDAP_SECURITY_ERROR(n) LDAP_RANGE((n),0x2F,0x32) /* 47-50 */
+
+#define LDAP_PROXY_AUTHZ_FAILURE 0x2F /* LDAPv3 proxy authorization */
+#define LDAP_INAPPROPRIATE_AUTH 0x30
+#define LDAP_INVALID_CREDENTIALS 0x31
+#define LDAP_INSUFFICIENT_ACCESS 0x32
+
+#define LDAP_SERVICE_ERROR(n) LDAP_RANGE((n),0x33,0x36) /* 51-54 */
+
+#define LDAP_BUSY 0x33
+#define LDAP_UNAVAILABLE 0x34
+#define LDAP_UNWILLING_TO_PERFORM 0x35
+#define LDAP_LOOP_DETECT 0x36
+
+#define LDAP_UPDATE_ERROR(n) LDAP_RANGE((n),0x40,0x47) /* 64-69,71 */
+
+#define LDAP_NAMING_VIOLATION 0x40
+#define LDAP_OBJECT_CLASS_VIOLATION 0x41
+#define LDAP_NOT_ALLOWED_ON_NONLEAF 0x42
+#define LDAP_NOT_ALLOWED_ON_RDN 0x43
+#define LDAP_ALREADY_EXISTS 0x44
+#define LDAP_NO_OBJECT_CLASS_MODS 0x45
+#define LDAP_RESULTS_TOO_LARGE 0x46 /* CLDAP */
+#define LDAP_AFFECTS_MULTIPLE_DSAS 0x47
+
+#define LDAP_OTHER 0x50
+
+/* LCUP operation codes (113-117) - not implemented */
+#define LDAP_CUP_RESOURCES_EXHAUSTED 0x71
+#define LDAP_CUP_SECURITY_VIOLATION 0x72
+#define LDAP_CUP_INVALID_DATA 0x73
+#define LDAP_CUP_UNSUPPORTED_SCHEME 0x74
+#define LDAP_CUP_RELOAD_REQUIRED 0x75
+
+/* Cancel operation codes (118-121) */
+#define LDAP_CANCELLED 0x76
+#define LDAP_NO_SUCH_OPERATION 0x77
+#define LDAP_TOO_LATE 0x78
+#define LDAP_CANNOT_CANCEL 0x79
+
+/* Assertion control (122) */
+#define LDAP_ASSERTION_FAILED 0x7A
+
+
+/* Experimental result codes */
+#define LDAP_E_ERROR(n) LDAP_RANGE((n),0x1000,0x3FFF)
+
+/* LDAP Sync (4096) */
+#define LDAP_SYNC_REFRESH_REQUIRED 0x1000
+
+
+/* Private Use result codes */
+#define LDAP_X_ERROR(n) LDAP_RANGE((n),0x4000,0xFFFF)
+
+#define LDAP_X_SYNC_REFRESH_REQUIRED 0x4100 /* defunct */
+#define LDAP_X_ASSERTION_FAILED 0x410f /* defunct */
+
+/* for the LDAP No-Op control */
+#define LDAP_X_NO_OPERATION 0x410e
+
+/* for the Chaining Behavior control (consecutive result codes requested;
+ * see <draft-sermersheim-ldap-chaining> ) */
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+#define LDAP_X_NO_REFERRALS_FOUND 0x4110
+#define LDAP_X_CANNOT_CHAIN 0x4111
+#endif
+
+
+/* API Error Codes
+ *
+ * Based on draft-ietf-ldap-c-api-xx
+ * but with new negative code values
+ */
+#define LDAP_API_ERROR(n) ((n)<0)
+#define LDAP_API_RESULT(n) ((n)<=0)
+
+#define LDAP_SERVER_DOWN (-1)
+#define LDAP_LOCAL_ERROR (-2)
+#define LDAP_ENCODING_ERROR (-3)
+#define LDAP_DECODING_ERROR (-4)
+#define LDAP_TIMEOUT (-5)
+#define LDAP_AUTH_UNKNOWN (-6)
+#define LDAP_FILTER_ERROR (-7)
+#define LDAP_USER_CANCELLED (-8)
+#define LDAP_PARAM_ERROR (-9)
+#define LDAP_NO_MEMORY (-10)
+#define LDAP_CONNECT_ERROR (-11)
+#define LDAP_NOT_SUPPORTED (-12)
+#define LDAP_CONTROL_NOT_FOUND (-13)
+#define LDAP_NO_RESULTS_RETURNED (-14)
+#define LDAP_MORE_RESULTS_TO_RETURN (-15) /* Obsolete */
+#define LDAP_CLIENT_LOOP (-16)
+#define LDAP_REFERRAL_LIMIT_EXCEEDED (-17)
+
+
+/*
+ * This structure represents both ldap messages and ldap responses.
+ * These are really the same, except in the case of search responses,
+ * where a response has multiple messages.
+ */
+
+typedef struct ldapmsg LDAPMessage;
+
+/* for modifications */
+typedef struct ldapmod {
+ int mod_op;
+
+#define LDAP_MOD_OP (0x0007)
+#define LDAP_MOD_ADD (0x0000)
+#define LDAP_MOD_DELETE (0x0001)
+#define LDAP_MOD_REPLACE (0x0002)
+#define LDAP_MOD_INCREMENT (0x0003) /* OpenLDAP extension */
+#define LDAP_MOD_BVALUES (0x0080)
+/* IMPORTANT: do not use code 0x1000 (or above),
+ * it is used internally by the backends!
+ * (see ldap/servers/slapd/slap.h)
+ */
+
+ char *mod_type;
+ union mod_vals_u {
+ char **modv_strvals;
+ struct berval **modv_bvals;
+ } mod_vals;
+#define mod_values mod_vals.modv_strvals
+#define mod_bvalues mod_vals.modv_bvals
+} LDAPMod;
+
+/*
+ * structure representing an ldap session which can
+ * encompass connections to multiple servers (in the
+ * face of referrals).
+ */
+typedef struct ldap LDAP;
+
+#define LDAP_DEREF_NEVER 0x00
+#define LDAP_DEREF_SEARCHING 0x01
+#define LDAP_DEREF_FINDING 0x02
+#define LDAP_DEREF_ALWAYS 0x03
+
+#define LDAP_NO_LIMIT 0
+
+/* how many messages to retrieve results for */
+#define LDAP_MSG_ONE 0x00
+#define LDAP_MSG_ALL 0x01
+#define LDAP_MSG_RECEIVED 0x02
+
+/*
+ * types for ldap URL handling
+ */
+typedef struct ldap_url_desc {
+ struct ldap_url_desc *lud_next;
+ char *lud_scheme;
+ char *lud_host;
+ int lud_port;
+ char *lud_dn;
+ char **lud_attrs;
+ int lud_scope;
+ char *lud_filter;
+ char **lud_exts;
+ int lud_crit_exts;
+} LDAPURLDesc;
+
+#define LDAP_URL_SUCCESS 0x00 /* Success */
+#define LDAP_URL_ERR_MEM 0x01 /* can't allocate memory space */
+#define LDAP_URL_ERR_PARAM 0x02 /* parameter is bad */
+
+#define LDAP_URL_ERR_BADSCHEME 0x03 /* URL doesn't begin with "ldap[si]://" */
+#define LDAP_URL_ERR_BADENCLOSURE 0x04 /* URL is missing trailing ">" */
+#define LDAP_URL_ERR_BADURL 0x05 /* URL is bad */
+#define LDAP_URL_ERR_BADHOST 0x06 /* host port is bad */
+#define LDAP_URL_ERR_BADATTRS 0x07 /* bad (or missing) attributes */
+#define LDAP_URL_ERR_BADSCOPE 0x08 /* scope string is invalid (or missing) */
+#define LDAP_URL_ERR_BADFILTER 0x09 /* bad or missing filter */
+#define LDAP_URL_ERR_BADEXTS 0x0a /* bad or missing extensions */
+
+/*
+ * The API draft spec says we should declare (or cause to be declared)
+ * 'struct timeval'. We don't. See IETF LDAPext discussions.
+ */
+struct timeval;
+
+/*
+ * in options.c:
+ */
+LDAP_F( int )
+ldap_get_option LDAP_P((
+ LDAP *ld,
+ int option,
+ void *outvalue));
+
+LDAP_F( int )
+ldap_set_option LDAP_P((
+ LDAP *ld,
+ int option,
+ LDAP_CONST void *invalue));
+
+/* V3 REBIND Function Callback Prototype */
+typedef int (LDAP_REBIND_PROC) LDAP_P((
+ LDAP *ld, LDAP_CONST char *url,
+ ber_tag_t request, ber_int_t msgid,
+ void *params ));
+
+LDAP_F( int )
+ldap_set_rebind_proc LDAP_P((
+ LDAP *ld,
+ LDAP_REBIND_PROC *rebind_proc,
+ void *params ));
+
+/* V3 referral selection Function Callback Prototype */
+typedef int (LDAP_NEXTREF_PROC) LDAP_P((
+ LDAP *ld, char ***refsp, int *cntp,
+ void *params ));
+
+LDAP_F( int )
+ldap_set_nextref_proc LDAP_P((
+ LDAP *ld,
+ LDAP_NEXTREF_PROC *nextref_proc,
+ void *params ));
+
+/*
+ * in controls.c:
+ */
+LDAP_F( int )
+ldap_create_control LDAP_P((
+ LDAP_CONST char *requestOID,
+ BerElement *ber,
+ int iscritical,
+ LDAPControl **ctrlp ));
+
+LDAP_F( LDAPControl * )
+ldap_find_control LDAP_P((
+ LDAP_CONST char *oid,
+ LDAPControl **ctrls ));
+
+LDAP_F( void )
+ldap_control_free LDAP_P((
+ LDAPControl *ctrl ));
+
+LDAP_F( void )
+ldap_controls_free LDAP_P((
+ LDAPControl **ctrls ));
+
+/*
+ * in dnssrv.c:
+ */
+LDAP_F( int )
+ldap_domain2dn LDAP_P((
+ LDAP_CONST char* domain,
+ char** dn ));
+
+LDAP_F( int )
+ldap_dn2domain LDAP_P((
+ LDAP_CONST char* dn,
+ char** domain ));
+
+LDAP_F( int )
+ldap_domain2hostlist LDAP_P((
+ LDAP_CONST char *domain,
+ char** hostlist ));
+
+/*
+ * in extended.c:
+ */
+LDAP_F( int )
+ldap_extended_operation LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *reqoid,
+ struct berval *reqdata,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_extended_operation_s LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *reqoid,
+ struct berval *reqdata,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ char **retoidp,
+ struct berval **retdatap ));
+
+LDAP_F( int )
+ldap_parse_extended_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ char **retoidp,
+ struct berval **retdatap,
+ int freeit ));
+
+LDAP_F( int )
+ldap_parse_intermediate LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ char **retoidp,
+ struct berval **retdatap,
+ LDAPControl ***serverctrls,
+ int freeit ));
+
+/*
+ * in groupings.c:
+ */
+#ifdef LDAP_EXOP_GROUPING_CREATE
+
+LDAP_F( int )
+ldap_grouping_create LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *grpoid,
+ struct berval *grpdata,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_grouping_create_s LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *grpoid,
+ struct berval *grpdata,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ struct berval **retgrpcookiep,
+ struct berval **retgrpdatap ));
+
+LDAP_F( int )
+ldap_parse_grouping_create_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval **retgrpcookiep,
+ struct berval **retgrpdatap,
+ LDAPControl ***serverctrls,
+ int freeit ));
+
+LDAP_F( int )
+ldap_grouping_end LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *grpoid,
+ struct berval *grpdata,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_grouping_end_s LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *grpoid,
+ struct berval *grpdata,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ struct berval **retgrpdatap ));
+
+LDAP_F( int )
+ldap_parse_grouping_end_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval **retgrpdatap,
+ LDAPControl ***serverctrls,
+ int freeit ));
+
+LDAP_F( int )
+ldap_grouping_action_operation LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *grpoid,
+ struct berval *grpdata,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_grouping_action_operation_s LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *grpoid,
+ struct berval *grpdata,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ struct berval **retgrpcookiep,
+ struct berval **retgrpdatap ));
+
+LDAP_F( int )
+ldap_parse_grouping_action_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval **retgrpcookiep,
+ struct berval **retgrpdatap,
+ LDAPControl ***serverctrls,
+ int freeit ));
+
+LDAP_F( int )
+ldap_parse_grouping_end_notice LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval **retdatap,
+ struct berval **retgrpcookiep,
+ struct berval **retgrpdatap,
+ int freeit ));
+
+LDAP_F( int )
+ldap_parse_grouping_info_notice LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval **retdatap,
+ struct berval **retgrpcookiep,
+ struct berval **retgrpdatap,
+ int freeit ));
+#endif
+
+/*
+ * in abandon.c:
+ */
+LDAP_F( int )
+ldap_abandon_ext LDAP_P((
+ LDAP *ld,
+ int msgid,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls ));
+
+#if LDAP_DEPRECATED
+LDAP_F( int )
+ldap_abandon LDAP_P(( /* deprecated, use ldap_abandon_ext */
+ LDAP *ld,
+ int msgid ));
+#endif
+
+
+/*
+ * in add.c:
+ */
+LDAP_F( int )
+ldap_add_ext LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAPMod **attrs,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_add_ext_s LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAPMod **attrs,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls ));
+
+#if LDAP_DEPRECATED
+LDAP_F( int )
+ldap_add LDAP_P(( /* deprecated, use ldap_add_ext */
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAPMod **attrs ));
+
+LDAP_F( int )
+ldap_add_s LDAP_P(( /* deprecated, use ldap_add_ext_s */
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAPMod **attrs ));
+#endif
+
+
+/*
+ * in sasl.c:
+ */
+LDAP_F( int )
+ldap_sasl_bind LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *mechanism,
+ struct berval *cred,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp ));
+
+/* Interaction flags (should be passed about in a control)
+ * Automatic (default): use defaults, prompt otherwise
+ * Interactive: prompt always
+ * Quiet: never prompt
+ */
+#define LDAP_SASL_AUTOMATIC 0U
+#define LDAP_SASL_INTERACTIVE 1U
+#define LDAP_SASL_QUIET 2U
+
+/*
+ * V3 SASL Interaction Function Callback Prototype
+ * when using Cyrus SASL, interact is pointer to sasl_interact_t
+ * should likely passed in a control (and provided controls)
+ */
+typedef int (LDAP_SASL_INTERACT_PROC) LDAP_P((
+ LDAP *ld, unsigned flags, void* defaults, void *interact ));
+
+LDAP_F( int )
+ldap_sasl_interactive_bind_s LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn, /* usually NULL */
+ LDAP_CONST char *saslMechanism,
+ LDAPControl **serverControls,
+ LDAPControl **clientControls,
+
+ /* should be client controls */
+ unsigned flags,
+ LDAP_SASL_INTERACT_PROC *proc,
+ void *defaults ));
+
+LDAP_F( int )
+ldap_sasl_bind_s LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *mechanism,
+ struct berval *cred,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ struct berval **servercredp ));
+
+LDAP_F( int )
+ldap_parse_sasl_bind_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval **servercredp,
+ int freeit ));
+
+#if LDAP_DEPRECATED
+/*
+ * in bind.c:
+ * (deprecated)
+ */
+LDAP_F( int )
+ldap_bind LDAP_P(( /* deprecated, use ldap_sasl_bind */
+ LDAP *ld,
+ LDAP_CONST char *who,
+ LDAP_CONST char *passwd,
+ int authmethod ));
+
+LDAP_F( int )
+ldap_bind_s LDAP_P(( /* deprecated, use ldap_sasl_bind_s */
+ LDAP *ld,
+ LDAP_CONST char *who,
+ LDAP_CONST char *cred,
+ int authmethod ));
+
+/*
+ * in sbind.c:
+ */
+LDAP_F( int )
+ldap_simple_bind LDAP_P(( /* deprecated, use ldap_sasl_bind */
+ LDAP *ld,
+ LDAP_CONST char *who,
+ LDAP_CONST char *passwd ));
+
+LDAP_F( int )
+ldap_simple_bind_s LDAP_P(( /* deprecated, use ldap_sasl_bind_s */
+ LDAP *ld,
+ LDAP_CONST char *who,
+ LDAP_CONST char *passwd ));
+
+
+/*
+ * in kbind.c:
+ * (deprecated - use SASL instead)
+ */
+LDAP_F( int )
+ldap_kerberos_bind_s LDAP_P(( /* deprecated */
+ LDAP *ld,
+ LDAP_CONST char *who ));
+
+LDAP_F( int )
+ldap_kerberos_bind1 LDAP_P(( /* deprecated */
+ LDAP *ld,
+ LDAP_CONST char *who ));
+
+LDAP_F( int )
+ldap_kerberos_bind1_s LDAP_P(( /* deprecated */
+ LDAP *ld,
+ LDAP_CONST char *who ));
+
+LDAP_F( int )
+ldap_kerberos_bind2 LDAP_P(( /* deprecated */
+ LDAP *ld,
+ LDAP_CONST char *who ));
+
+LDAP_F( int )
+ldap_kerberos_bind2_s LDAP_P(( /* deprecated */
+ LDAP *ld,
+ LDAP_CONST char *who ));
+#endif
+
+
+/*
+ * in compare.c:
+ */
+LDAP_F( int )
+ldap_compare_ext LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *attr,
+ struct berval *bvalue,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_compare_ext_s LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *attr,
+ struct berval *bvalue,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls ));
+
+#if LDAP_DEPRECATED
+LDAP_F( int )
+ldap_compare LDAP_P(( /* deprecated, use ldap_compare_ext */
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *attr,
+ LDAP_CONST char *value ));
+
+LDAP_F( int )
+ldap_compare_s LDAP_P(( /* deprecated, use ldap_compare_ext_s */
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *attr,
+ LDAP_CONST char *value ));
+#endif
+
+
+/*
+ * in delete.c:
+ */
+LDAP_F( int )
+ldap_delete_ext LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_delete_ext_s LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls ));
+
+#if LDAP_DEPRECATED
+LDAP_F( int )
+ldap_delete LDAP_P(( /* deprecated, use ldap_delete_ext */
+ LDAP *ld,
+ LDAP_CONST char *dn ));
+
+LDAP_F( int )
+ldap_delete_s LDAP_P(( /* deprecated, use ldap_delete_ext_s */
+ LDAP *ld,
+ LDAP_CONST char *dn ));
+#endif
+
+
+/*
+ * in error.c:
+ */
+LDAP_F( int )
+ldap_parse_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ int *errcodep,
+ char **matcheddnp,
+ char **errmsgp,
+ char ***referralsp,
+ LDAPControl ***serverctrls,
+ int freeit ));
+
+LDAP_F( char * )
+ldap_err2string LDAP_P((
+ int err ));
+
+#if LDAP_DEPRECATED
+LDAP_F( int )
+ldap_result2error LDAP_P(( /* deprecated, use ldap_parse_result */
+ LDAP *ld,
+ LDAPMessage *r,
+ int freeit ));
+
+LDAP_F( void )
+ldap_perror LDAP_P(( /* deprecated, use ldap_err2string */
+ LDAP *ld,
+ LDAP_CONST char *s ));
+#endif
+
+
+/*
+ * in modify.c:
+ */
+LDAP_F( int )
+ldap_modify_ext LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAPMod **mods,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_modify_ext_s LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAPMod **mods,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls ));
+
+#if LDAP_DEPRECATED
+LDAP_F( int )
+ldap_modify LDAP_P(( /* deprecated, use ldap_modify_ext */
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAPMod **mods ));
+
+LDAP_F( int )
+ldap_modify_s LDAP_P(( /* deprecated, use ldap_modify_ext_s */
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAPMod **mods ));
+#endif
+
+
+/*
+ * in modrdn.c:
+ */
+LDAP_F( int )
+ldap_rename LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *newrdn,
+ LDAP_CONST char *newSuperior,
+ int deleteoldrdn,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_rename_s LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *newrdn,
+ LDAP_CONST char *newSuperior,
+ int deleteoldrdn,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls ));
+
+#if LDAP_DEPRECATED
+LDAP_F( int )
+ldap_rename2 LDAP_P(( /* deprecated, use ldap_rename */
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *newrdn,
+ LDAP_CONST char *newSuperior,
+ int deleteoldrdn ));
+
+LDAP_F( int )
+ldap_rename2_s LDAP_P(( /* deprecated, use ldap_rename_s */
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *newrdn,
+ LDAP_CONST char *newSuperior,
+ int deleteoldrdn ));
+
+LDAP_F( int )
+ldap_modrdn LDAP_P(( /* deprecated, use ldap_rename */
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *newrdn ));
+
+LDAP_F( int )
+ldap_modrdn_s LDAP_P(( /* deprecated, use ldap_rename_s */
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *newrdn ));
+
+LDAP_F( int )
+ldap_modrdn2 LDAP_P(( /* deprecated, use ldap_rename */
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *newrdn,
+ int deleteoldrdn ));
+
+LDAP_F( int )
+ldap_modrdn2_s LDAP_P(( /* deprecated, use ldap_rename_s */
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *newrdn,
+ int deleteoldrdn));
+#endif
+
+
+/*
+ * in open.c:
+ */
+#if LDAP_DEPRECATED
+LDAP_F( LDAP * )
+ldap_init LDAP_P(( /* deprecated, use ldap_create or ldap_initialize */
+ LDAP_CONST char *host,
+ int port ));
+
+LDAP_F( LDAP * )
+ldap_open LDAP_P(( /* deprecated, use ldap_create or ldap_initialize */
+ LDAP_CONST char *host,
+ int port ));
+#endif
+
+LDAP_F( int )
+ldap_create LDAP_P((
+ LDAP **ldp ));
+
+LDAP_F( int )
+ldap_initialize LDAP_P((
+ LDAP **ldp,
+ LDAP_CONST char *url ));
+
+/*
+ * in tls.c
+ */
+
+LDAP_F( int )
+ldap_tls_inplace LDAP_P((
+ LDAP *ld ));
+
+LDAP_F( int )
+ldap_start_tls LDAP_P((
+ LDAP *ld,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_install_tls LDAP_P((
+ LDAP *ld ));
+
+LDAP_F( int )
+ldap_start_tls_s LDAP_P((
+ LDAP *ld,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls ));
+
+/*
+ * in messages.c:
+ */
+LDAP_F( LDAPMessage * )
+ldap_first_message LDAP_P((
+ LDAP *ld,
+ LDAPMessage *chain ));
+
+LDAP_F( LDAPMessage * )
+ldap_next_message LDAP_P((
+ LDAP *ld,
+ LDAPMessage *msg ));
+
+LDAP_F( int )
+ldap_count_messages LDAP_P((
+ LDAP *ld,
+ LDAPMessage *chain ));
+
+/*
+ * in references.c:
+ */
+LDAP_F( LDAPMessage * )
+ldap_first_reference LDAP_P((
+ LDAP *ld,
+ LDAPMessage *chain ));
+
+LDAP_F( LDAPMessage * )
+ldap_next_reference LDAP_P((
+ LDAP *ld,
+ LDAPMessage *ref ));
+
+LDAP_F( int )
+ldap_count_references LDAP_P((
+ LDAP *ld,
+ LDAPMessage *chain ));
+
+LDAP_F( int )
+ldap_parse_reference LDAP_P((
+ LDAP *ld,
+ LDAPMessage *ref,
+ char ***referralsp,
+ LDAPControl ***serverctrls,
+ int freeit));
+
+
+/*
+ * in getentry.c:
+ */
+LDAP_F( LDAPMessage * )
+ldap_first_entry LDAP_P((
+ LDAP *ld,
+ LDAPMessage *chain ));
+
+LDAP_F( LDAPMessage * )
+ldap_next_entry LDAP_P((
+ LDAP *ld,
+ LDAPMessage *entry ));
+
+LDAP_F( int )
+ldap_count_entries LDAP_P((
+ LDAP *ld,
+ LDAPMessage *chain ));
+
+LDAP_F( int )
+ldap_get_entry_controls LDAP_P((
+ LDAP *ld,
+ LDAPMessage *entry,
+ LDAPControl ***serverctrls));
+
+
+/*
+ * in addentry.c
+ */
+LDAP_F( LDAPMessage * )
+ldap_delete_result_entry LDAP_P((
+ LDAPMessage **list,
+ LDAPMessage *e ));
+
+LDAP_F( void )
+ldap_add_result_entry LDAP_P((
+ LDAPMessage **list,
+ LDAPMessage *e ));
+
+
+/*
+ * in getdn.c
+ */
+LDAP_F( char * )
+ldap_get_dn LDAP_P((
+ LDAP *ld,
+ LDAPMessage *entry ));
+
+typedef struct ldap_ava {
+ struct berval la_attr;
+ struct berval la_value;
+ unsigned la_flags;
+#define LDAP_AVA_NULL 0x0000U
+#define LDAP_AVA_STRING 0x0001U
+#define LDAP_AVA_BINARY 0x0002U
+#define LDAP_AVA_NONPRINTABLE 0x0004U
+#define LDAP_AVA_FREE_ATTR 0x0010U
+#define LDAP_AVA_FREE_VALUE 0x0020U
+
+ void *la_private;
+} LDAPAVA;
+
+typedef LDAPAVA** LDAPRDN;
+typedef LDAPRDN* LDAPDN;
+
+/* DN formats */
+#define LDAP_DN_FORMAT_LDAP 0x0000U
+#define LDAP_DN_FORMAT_LDAPV3 0x0010U
+#define LDAP_DN_FORMAT_LDAPV2 0x0020U
+#define LDAP_DN_FORMAT_DCE 0x0030U
+#define LDAP_DN_FORMAT_UFN 0x0040U /* dn2str only */
+#define LDAP_DN_FORMAT_AD_CANONICAL 0x0050U /* dn2str only */
+#define LDAP_DN_FORMAT_LBER 0x00F0U /* for testing only */
+#define LDAP_DN_FORMAT_MASK 0x00F0U
+
+/* DN flags */
+#define LDAP_DN_PRETTY 0x0100U
+#define LDAP_DN_SKIP 0x0200U
+#define LDAP_DN_P_NOLEADTRAILSPACES 0x1000U
+#define LDAP_DN_P_NOSPACEAFTERRDN 0x2000U
+#define LDAP_DN_PEDANTIC 0xF000U
+
+LDAP_F( void ) ldap_rdnfree LDAP_P(( LDAPRDN rdn ));
+LDAP_F( void ) ldap_dnfree LDAP_P(( LDAPDN dn ));
+
+LDAP_F( int )
+ldap_bv2dn LDAP_P((
+ struct berval *bv,
+ LDAPDN *dn,
+ unsigned flags ));
+
+LDAP_F( int )
+ldap_str2dn LDAP_P((
+ LDAP_CONST char *str,
+ LDAPDN *dn,
+ unsigned flags ));
+
+LDAP_F( int )
+ldap_dn2bv LDAP_P((
+ LDAPDN dn,
+ struct berval *bv,
+ unsigned flags ));
+
+LDAP_F( int )
+ldap_dn2str LDAP_P((
+ LDAPDN dn,
+ char **str,
+ unsigned flags ));
+
+LDAP_F( int )
+ldap_bv2rdn LDAP_P((
+ struct berval *bv,
+ LDAPRDN *rdn,
+ char **next,
+ unsigned flags ));
+
+LDAP_F( int )
+ldap_str2rdn LDAP_P((
+ LDAP_CONST char *str,
+ LDAPRDN *rdn,
+ char **next,
+ unsigned flags ));
+
+LDAP_F( int )
+ldap_rdn2bv LDAP_P((
+ LDAPRDN rdn,
+ struct berval *bv,
+ unsigned flags ));
+
+LDAP_F( int )
+ldap_rdn2str LDAP_P((
+ LDAPRDN rdn,
+ char **str,
+ unsigned flags ));
+
+LDAP_F( int )
+ldap_dn_normalize LDAP_P((
+ LDAP_CONST char *in, unsigned iflags,
+ char **out, unsigned oflags ));
+
+LDAP_F( char * )
+ldap_dn2ufn LDAP_P(( /* deprecated, use ldap_str2dn/dn2str */
+ LDAP_CONST char *dn ));
+
+LDAP_F( char ** )
+ldap_explode_dn LDAP_P(( /* deprecated, ldap_str2dn */
+ LDAP_CONST char *dn,
+ int notypes ));
+
+LDAP_F( char ** )
+ldap_explode_rdn LDAP_P(( /* deprecated, ldap_str2rdn */
+ LDAP_CONST char *rdn,
+ int notypes ));
+
+typedef int LDAPDN_rewrite_func
+ LDAP_P(( LDAPDN dn, unsigned flags, void *ctx ));
+
+LDAP_F( int )
+ldap_X509dn2bv LDAP_P(( void *x509_name, struct berval *dn,
+ LDAPDN_rewrite_func *func, unsigned flags ));
+
+LDAP_F( char * )
+ldap_dn2dcedn LDAP_P(( /* deprecated, ldap_str2dn/dn2str */
+ LDAP_CONST char *dn ));
+
+LDAP_F( char * )
+ldap_dcedn2dn LDAP_P(( /* deprecated, ldap_str2dn/dn2str */
+ LDAP_CONST char *dce ));
+
+LDAP_F( char * )
+ldap_dn2ad_canonical LDAP_P(( /* deprecated, ldap_str2dn/dn2str */
+ LDAP_CONST char *dn ));
+
+LDAP_F( int )
+ldap_get_dn_ber LDAP_P((
+ LDAP *ld, LDAPMessage *e, BerElement **berout, struct berval *dn ));
+
+LDAP_F( int )
+ldap_get_attribute_ber LDAP_P((
+ LDAP *ld, LDAPMessage *e, BerElement *ber, struct berval *attr,
+ struct berval **vals ));
+
+/*
+ * in getattr.c
+ */
+LDAP_F( char * )
+ldap_first_attribute LDAP_P((
+ LDAP *ld,
+ LDAPMessage *entry,
+ BerElement **ber ));
+
+LDAP_F( char * )
+ldap_next_attribute LDAP_P((
+ LDAP *ld,
+ LDAPMessage *entry,
+ BerElement *ber ));
+
+
+/*
+ * in getvalues.c
+ */
+LDAP_F( struct berval ** )
+ldap_get_values_len LDAP_P((
+ LDAP *ld,
+ LDAPMessage *entry,
+ LDAP_CONST char *target ));
+
+LDAP_F( int )
+ldap_count_values_len LDAP_P((
+ struct berval **vals ));
+
+LDAP_F( void )
+ldap_value_free_len LDAP_P((
+ struct berval **vals ));
+
+#if LDAP_DEPRECATED
+LDAP_F( char ** )
+ldap_get_values LDAP_P(( /* deprecated, use ldap_get_values_len */
+ LDAP *ld,
+ LDAPMessage *entry,
+ LDAP_CONST char *target ));
+
+LDAP_F( int )
+ldap_count_values LDAP_P(( /* deprecated, use ldap_count_values_len */
+ char **vals ));
+
+LDAP_F( void )
+ldap_value_free LDAP_P(( /* deprecated, use ldap_values_free_len */
+ char **vals ));
+#endif
+
+/*
+ * in result.c:
+ */
+LDAP_F( int )
+ldap_result LDAP_P((
+ LDAP *ld,
+ int msgid,
+ int all,
+ struct timeval *timeout,
+ LDAPMessage **result ));
+
+LDAP_F( int )
+ldap_msgtype LDAP_P((
+ LDAPMessage *lm ));
+
+LDAP_F( int )
+ldap_msgid LDAP_P((
+ LDAPMessage *lm ));
+
+LDAP_F( int )
+ldap_msgfree LDAP_P((
+ LDAPMessage *lm ));
+
+LDAP_F( int )
+ldap_msgdelete LDAP_P((
+ LDAP *ld,
+ int msgid ));
+
+
+/*
+ * in search.c:
+ */
+LDAP_F( int )
+ldap_bv2escaped_filter_value LDAP_P((
+ struct berval *in,
+ struct berval *out ));
+
+LDAP_F( int )
+ldap_search_ext LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *base,
+ int scope,
+ LDAP_CONST char *filter,
+ char **attrs,
+ int attrsonly,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ struct timeval *timeout,
+ int sizelimit,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_search_ext_s LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *base,
+ int scope,
+ LDAP_CONST char *filter,
+ char **attrs,
+ int attrsonly,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ struct timeval *timeout,
+ int sizelimit,
+ LDAPMessage **res ));
+
+#if LDAP_DEPRECATED
+LDAP_F( int )
+ldap_search LDAP_P(( /* deprecated, use ldap_search_ext */
+ LDAP *ld,
+ LDAP_CONST char *base,
+ int scope,
+ LDAP_CONST char *filter,
+ char **attrs,
+ int attrsonly ));
+
+LDAP_F( int )
+ldap_search_s LDAP_P(( /* deprecated, use ldap_search_ext_s */
+ LDAP *ld,
+ LDAP_CONST char *base,
+ int scope,
+ LDAP_CONST char *filter,
+ char **attrs,
+ int attrsonly,
+ LDAPMessage **res ));
+
+LDAP_F( int )
+ldap_search_st LDAP_P(( /* deprecated, use ldap_search_ext_s */
+ LDAP *ld,
+ LDAP_CONST char *base,
+ int scope,
+ LDAP_CONST char *filter,
+ char **attrs,
+ int attrsonly,
+ struct timeval *timeout,
+ LDAPMessage **res ));
+#endif
+
+/*
+ * in unbind.c
+ */
+LDAP_F( int )
+ldap_unbind_ext LDAP_P((
+ LDAP *ld,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls));
+
+LDAP_F( int )
+ldap_unbind_ext_s LDAP_P((
+ LDAP *ld,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls));
+
+#if LDAP_DEPRECATED
+LDAP_F( int )
+ldap_unbind LDAP_P(( /* deprecated, use ldap_unbind_ext */
+ LDAP *ld ));
+
+LDAP_F( int )
+ldap_unbind_s LDAP_P(( /* deprecated, use ldap_unbind_ext_s */
+ LDAP *ld ));
+#endif
+
+/*
+ * in filter.c
+ */
+LDAP_F( int )
+ldap_put_vrFilter LDAP_P((
+ BerElement *ber,
+ const char *vrf ));
+
+/*
+ * in free.c
+ */
+
+LDAP_F( void * )
+ldap_memalloc LDAP_P((
+ ber_len_t s ));
+
+LDAP_F( void * )
+ldap_memrealloc LDAP_P((
+ void* p,
+ ber_len_t s ));
+
+LDAP_F( void * )
+ldap_memcalloc LDAP_P((
+ ber_len_t n,
+ ber_len_t s ));
+
+LDAP_F( void )
+ldap_memfree LDAP_P((
+ void* p ));
+
+LDAP_F( void )
+ldap_memvfree LDAP_P((
+ void** v ));
+
+LDAP_F( char * )
+ldap_strdup LDAP_P((
+ LDAP_CONST char * ));
+
+LDAP_F( void )
+ldap_mods_free LDAP_P((
+ LDAPMod **mods,
+ int freemods ));
+
+
+#if LDAP_DEPRECATED
+/*
+ * in sort.c (deprecated, use custom code instead)
+ */
+typedef int (LDAP_SORT_AD_CMP_PROC) LDAP_P(( /* deprecated */
+ LDAP_CONST char *left,
+ LDAP_CONST char *right ));
+
+typedef int (LDAP_SORT_AV_CMP_PROC) LDAP_P(( /* deprecated */
+ LDAP_CONST void *left,
+ LDAP_CONST void *right ));
+
+LDAP_F( int ) /* deprecated */
+ldap_sort_entries LDAP_P(( LDAP *ld,
+ LDAPMessage **chain,
+ LDAP_CONST char *attr,
+ LDAP_SORT_AD_CMP_PROC *cmp ));
+
+LDAP_F( int ) /* deprecated */
+ldap_sort_values LDAP_P((
+ LDAP *ld,
+ char **vals,
+ LDAP_SORT_AV_CMP_PROC *cmp ));
+
+LDAP_F( int ) /* deprecated */
+ldap_sort_strcasecmp LDAP_P((
+ LDAP_CONST void *a,
+ LDAP_CONST void *b ));
+#endif
+
+/*
+ * in url.c
+ */
+LDAP_F( int )
+ldap_is_ldap_url LDAP_P((
+ LDAP_CONST char *url ));
+
+LDAP_F( int )
+ldap_is_ldaps_url LDAP_P((
+ LDAP_CONST char *url ));
+
+LDAP_F( int )
+ldap_is_ldapi_url LDAP_P((
+ LDAP_CONST char *url ));
+
+LDAP_F( int )
+ldap_url_parse LDAP_P((
+ LDAP_CONST char *url,
+ LDAPURLDesc **ludpp ));
+
+LDAP_F( char * )
+ldap_url_desc2str LDAP_P((
+ LDAPURLDesc *ludp ));
+
+LDAP_F( void )
+ldap_free_urldesc LDAP_P((
+ LDAPURLDesc *ludp ));
+
+
+/*
+ * LDAP Cancel Extended Operation <draft-zeilenga-ldap-cancel-xx.txt>
+ * in cancel.c
+ */
+#define LDAP_API_FEATURE_CANCEL 1000
+
+LDAP_F( int )
+ldap_cancel LDAP_P(( LDAP *ld,
+ int cancelid,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_cancel_s LDAP_P(( LDAP *ld,
+ int cancelid,
+ LDAPControl **sctrl,
+ LDAPControl **cctrl ));
+
+/*
+ * LDAP Turn Extended Operation <draft-zeilenga-ldap-turn-xx.txt>
+ * in turn.c
+ */
+#define LDAP_API_FEATURE_TURN 1000
+
+LDAP_F( int )
+ldap_turn LDAP_P(( LDAP *ld,
+ int mutual,
+ LDAP_CONST char* identifier,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_turn_s LDAP_P(( LDAP *ld,
+ int mutual,
+ LDAP_CONST char* identifier,
+ LDAPControl **sctrl,
+ LDAPControl **cctrl ));
+
+/*
+ * LDAP Server Side Sort
+ * in sortctrl.c
+ */
+#define LDAP_API_FEATURE_SERVER_SIDE_SORT 1000
+
+/* structure for a sort-key */
+typedef struct ldapsortkey {
+ char * attributeType;
+ char * orderingRule;
+ int reverseOrder;
+} LDAPSortKey;
+
+LDAP_F( int )
+ldap_create_sort_keylist LDAP_P((
+ LDAPSortKey ***sortKeyList,
+ char *keyString ));
+
+LDAP_F( void )
+ldap_free_sort_keylist LDAP_P((
+ LDAPSortKey **sortkeylist ));
+
+LDAP_F( int )
+ldap_create_sort_control LDAP_P((
+ LDAP *ld,
+ LDAPSortKey **keyList,
+ int ctl_iscritical,
+ LDAPControl **ctrlp ));
+
+LDAP_F( int )
+ldap_parse_sort_control LDAP_P((
+ LDAP *ld,
+ LDAPControl **ctrlp,
+ unsigned long *result,
+ char **attribute ));
+
+
+/*
+ * LDAP Virtual List View
+ * in vlvctrl.c
+ */
+#define LDAP_API_FEATURE_VIRTUAL_LIST_VIEW 1000
+
+/* structure for virtual list */
+typedef struct ldapvlvinfo {
+ int ldvlv_version;
+ unsigned long ldvlv_before_count;
+ unsigned long ldvlv_after_count;
+ unsigned long ldvlv_offset;
+ unsigned long ldvlv_count;
+ struct berval * ldvlv_attrvalue;
+ struct berval * ldvlv_context;
+ void * ldvlv_extradata;
+} LDAPVLVInfo;
+
+LDAP_F( int )
+ldap_create_vlv_control LDAP_P((
+ LDAP *ld,
+ LDAPVLVInfo *ldvlistp,
+ LDAPControl **ctrlp ));
+
+LDAP_F( int )
+ldap_parse_vlv_control LDAP_P((
+ LDAP *ld,
+ LDAPControl **ctrls,
+ unsigned long *target_posp,
+ unsigned long *list_countp,
+ struct berval **contextp,
+ int *errcodep ));
+
+/*
+ * LDAP Transactions
+ * in txn.c
+ */
+#ifdef LDAP_GROUP_TRANSACTION
+LDAP_F( int )
+ldap_parse_txn_create LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval **cookie ));
+
+LDAP_F( int )
+ldap_txn_create LDAP_P((
+ LDAP *ld,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_txn_create_s LDAP_P((
+ LDAP *ld,
+ struct berval **cookie,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls ));
+
+LDAP_F( int )
+ldap_txn_end LDAP_P((
+ LDAP *ld,
+ struct berval *cookie,
+ int commit,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_txn_end_s LDAP_P((
+ LDAP *ld,
+ struct berval *cookie,
+ int commit,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls ));
+#endif
+
+/*
+ * LDAP Who Am I?
+ * in whoami.c
+ */
+#define LDAP_API_FEATURE_WHOAMI 1000
+
+LDAP_F( int )
+ldap_parse_whoami LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval **authzid ));
+
+LDAP_F( int )
+ldap_whoami LDAP_P(( LDAP *ld,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_whoami_s LDAP_P((
+ LDAP *ld,
+ struct berval **authzid,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls ));
+
+/*
+ * LDAP Password Modify
+ * in passwd.c
+ */
+#define LDAP_API_FEATURE_PASSWD_MODIFY 1000
+
+LDAP_F( int )
+ldap_parse_passwd LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *newpasswd ));
+
+LDAP_F( int )
+ldap_passwd LDAP_P(( LDAP *ld,
+ struct berval *user,
+ struct berval *oldpw,
+ struct berval *newpw,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_passwd_s LDAP_P((
+ LDAP *ld,
+ struct berval *user,
+ struct berval *oldpw,
+ struct berval *newpw,
+ struct berval *newpasswd,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls ));
+
+#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
+/*
+ * LDAP Password Policy controls
+ * in ppolicy.c
+ */
+#define LDAP_API_FEATURE_PASSWORD_POLICY 1000
+
+typedef enum passpolicyerror_enum {
+ PP_passwordExpired = 0,
+ PP_accountLocked = 1,
+ PP_changeAfterReset = 2,
+ PP_passwordModNotAllowed = 3,
+ PP_mustSupplyOldPassword = 4,
+ PP_insufficientPasswordQuality = 5,
+ PP_passwordTooShort = 6,
+ PP_passwordTooYoung = 7,
+ PP_passwordInHistory = 8,
+ PP_noError = 65535
+} LDAPPasswordPolicyError;
+
+LDAP_F( int )
+ldap_create_passwordpolicy_control LDAP_P((
+ LDAP *ld,
+ LDAPControl **ctrlp ));
+
+LDAP_F( int )
+ldap_parse_passwordpolicy_control LDAP_P((
+ LDAP *ld,
+ LDAPControl *ctrl,
+ int *expirep,
+ int *gracep,
+ LDAPPasswordPolicyError *errorp ));
+
+LDAP_F( const char * )
+ldap_passwordpolicy_err2txt LDAP_P(( LDAPPasswordPolicyError ));
+#endif /* LDAP_CONTROL_PASSWORDPOLICYREQUEST */
+
+LDAP_END_DECL
+#endif /* _LDAP_H */
Added: openldap/vendor/openldap-2.3.35/include/ldap_cdefs.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ldap_cdefs.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ldap_cdefs.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,253 @@
+/* $OpenLDAP: pkg/ldap/include/ldap_cdefs.h,v 1.26.2.4 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* LDAP C Defines */
+
+#ifndef _LDAP_CDEFS_H
+#define _LDAP_CDEFS_H
+
+#if defined(__cplusplus) || defined(c_plusplus)
+# define LDAP_BEGIN_DECL extern "C" {
+# define LDAP_END_DECL }
+#else
+# define LDAP_BEGIN_DECL /* begin declarations */
+# define LDAP_END_DECL /* end declarations */
+#endif
+
+#if !defined(LDAP_NO_PROTOTYPES) && ( defined(LDAP_NEEDS_PROTOTYPES) || \
+ defined(__STDC__) || defined(__cplusplus) || defined(c_plusplus) )
+
+ /* ANSI C or C++ */
+# define LDAP_P(protos) protos
+# define LDAP_CONCAT1(x,y) x ## y
+# define LDAP_CONCAT(x,y) LDAP_CONCAT1(x,y)
+# define LDAP_STRING(x) #x /* stringify without expanding x */
+# define LDAP_XSTRING(x) LDAP_STRING(x) /* expand x, then stringify */
+
+#ifndef LDAP_CONST
+# define LDAP_CONST const
+#endif
+
+#else /* no prototypes */
+
+ /* traditional C */
+# define LDAP_P(protos) ()
+# define LDAP_CONCAT(x,y) x/**/y
+# define LDAP_STRING(x) "x"
+
+#ifndef LDAP_CONST
+# define LDAP_CONST /* no const */
+#endif
+
+#endif /* no prototypes */
+
+#if (__GNUC__) * 1000 + (__GNUC_MINOR__) >= 2006
+# define LDAP_GCCATTR(attrs) __attribute__(attrs)
+#else
+# define LDAP_GCCATTR(attrs)
+#endif
+
+/*
+ * Support for Windows DLLs.
+ *
+ * When external source code includes header files for dynamic libraries,
+ * the external source code is "importing" DLL symbols into its resulting
+ * object code. On Windows, symbols imported from DLLs must be explicitly
+ * indicated in header files with the __declspec(dllimport) directive.
+ * This is not totally necessary for functions because the compiler
+ * (gcc or MSVC) will generate stubs when this directive is absent.
+ * However, this is required for imported variables.
+ *
+ * The LDAP libraries, i.e. liblber and libldap, can be built as
+ * static or shared, based on configuration. Just about all other source
+ * code in OpenLDAP use these libraries. If the LDAP libraries
+ * are configured as shared, 'configure' defines the LDAP_LIBS_DYNAMIC
+ * macro. When other source files include LDAP library headers, the
+ * LDAP library symbols will automatically be marked as imported. When
+ * the actual LDAP libraries are being built, the symbols will not
+ * be marked as imported because the LBER_LIBRARY or LDAP_LIBRARY macros
+ * will be respectively defined.
+ *
+ * Any project outside of OpenLDAP with source code wanting to use
+ * LDAP dynamic libraries should explicitly define LDAP_LIBS_DYNAMIC.
+ * This will ensure that external source code appropriately marks symbols
+ * that will be imported.
+ *
+ * The slapd executable, itself, can be used as a dynamic library.
+ * For example, if a backend module is compiled as shared, it will
+ * import symbols from slapd. When this happens, the slapd symbols
+ * must be marked as imported in header files that the backend module
+ * includes. Remember that slapd links with various static libraries.
+ * If the LDAP libraries were configured as static, their object
+ * code is also part of the monolithic slapd executable. Thus, when
+ * a backend module imports symbols from slapd, it imports symbols from
+ * all of the static libraries in slapd as well. Thus, the SLAP_IMPORT
+ * macro, when defined, will appropriately mark symbols as imported.
+ * This macro should be used by shared backend modules as well as any
+ * other external source code that imports symbols from the slapd
+ * executable as if it were a DLL.
+ *
+ * Note that we don't actually have to worry about using the
+ * __declspec(dllexport) directive anywhere. This is because both
+ * MSVC and Mingw provide alternate (more effective) methods for exporting
+ * symbols out of binaries, i.e. the use of a DEF file.
+ *
+ * NOTE ABOUT BACKENDS: Backends can be configured as static or dynamic.
+ * When a backend is configured as dynamic, slapd will load the backend
+ * explicitly and populate function pointer structures by calling
+ * the backend's well-known initialization function. Because of this
+ * procedure, slapd never implicitly imports symbols from dynamic backends.
+ * This makes it unnecessary to tag various backend functions with the
+ * __declspec(dllimport) directive. This is because neither slapd nor
+ * any other external binary should ever be implicitly loading a backend
+ * dynamic module.
+ *
+ * Backends are supposed to be self-contained. However, it appears that
+ * back-meta DOES implicitly import symbols from back-ldap. This means
+ * that the __declspec(dllimport) directive should be marked on back-ldap
+ * functions (in its header files) if and only if we're compiling for
+ * windows AND back-ldap has been configured as dynamic AND back-meta
+ * is the client of back-ldap. When client is slapd, there is no effect
+ * since slapd does not implicitly import symbols.
+ *
+ * TODO(?): Currently, back-meta nor back-ldap is supported for Mingw32.
+ * Thus, there's no need to worry about this right now. This is something that
+ * may or may not have to be addressed in the future.
+ */
+
+/* LBER library */
+#if defined(_WIN32) && \
+ ((defined(LDAP_LIBS_DYNAMIC) && !defined(LBER_LIBRARY)) || \
+ (!defined(LDAP_LIBS_DYNAMIC) && defined(SLAPD_IMPORT)))
+# define LBER_F(type) extern __declspec(dllimport) type
+# define LBER_V(type) extern __declspec(dllimport) type
+#else
+# define LBER_F(type) extern type
+# define LBER_V(type) extern type
+#endif
+
+/* LDAP library */
+#if defined(_WIN32) && \
+ ((defined(LDAP_LIBS_DYNAMIC) && !defined(LDAP_LIBRARY)) || \
+ (!defined(LDAP_LIBS_DYNAMIC) && defined(SLAPD_IMPORT)))
+# define LDAP_F(type) extern __declspec(dllimport) type
+# define LDAP_V(type) extern __declspec(dllimport) type
+#else
+# define LDAP_F(type) extern type
+# define LDAP_V(type) extern type
+#endif
+
+/* AVL library */
+#if defined(_WIN32) && defined(SLAPD_IMPORT)
+# define LDAP_AVL_F(type) extern __declspec(dllimport) type
+# define LDAP_AVL_V(type) extern __declspec(dllimport) type
+#else
+# define LDAP_AVL_F(type) extern type
+# define LDAP_AVL_V(type) extern type
+#endif
+
+/* LDBM library */
+/* Not exported/imported any more */
+# define LDAP_LDBM_F(type) extern type
+# define LDAP_LDBM_V(type) extern type
+
+/* LDIF library */
+#if defined(_WIN32) && defined(SLAPD_IMPORT)
+# define LDAP_LDIF_F(type) extern __declspec(dllimport) type
+# define LDAP_LDIF_V(type) extern __declspec(dllimport) type
+#else
+# define LDAP_LDIF_F(type) extern type
+# define LDAP_LDIF_V(type) extern type
+#endif
+
+/* LUNICODE library */
+#if defined(_WIN32) && defined(SLAPD_IMPORT)
+# define LDAP_LUNICODE_F(type) extern __declspec(dllimport) type
+# define LDAP_LUNICODE_V(type) extern __declspec(dllimport) type
+#else
+# define LDAP_LUNICODE_F(type) extern type
+# define LDAP_LUNICODE_V(type) extern type
+#endif
+
+/* LUTIL library */
+#if defined(_WIN32) && defined(SLAPD_IMPORT)
+# define LDAP_LUTIL_F(type) extern __declspec(dllimport) type
+# define LDAP_LUTIL_V(type) extern __declspec(dllimport) type
+#else
+# define LDAP_LUTIL_F(type) extern type
+# define LDAP_LUTIL_V(type) extern type
+#endif
+
+/* REWRITE library */
+#if defined(_WIN32) && defined(SLAPD_IMPORT)
+# define LDAP_REWRITE_F(type) extern __declspec(dllimport) type
+# define LDAP_REWRITE_V(type) extern __declspec(dllimport) type
+#else
+# define LDAP_REWRITE_F(type) extern type
+# define LDAP_REWRITE_V(type) extern type
+#endif
+
+/* SLAPD (as a dynamic library exporting symbols) */
+#if defined(_WIN32) && defined(SLAPD_IMPORT)
+# define LDAP_SLAPD_F(type) extern __declspec(dllimport) type
+# define LDAP_SLAPD_V(type) extern __declspec(dllimport) type
+#else
+# define LDAP_SLAPD_F(type) extern type
+# define LDAP_SLAPD_V(type) extern type
+#endif
+
+/* SLAPD (as a dynamic library exporting symbols) */
+#if defined(_WIN32) && defined(SLAPD_IMPORT)
+# define LDAP_SLAPI_F(type) extern __declspec(dllimport) type
+# define LDAP_SLAPI_V(type) extern __declspec(dllimport) type
+#else
+# define LDAP_SLAPI_F(type) extern type
+# define LDAP_SLAPI_V(type) extern type
+#endif
+
+/* SLAPD (as a dynamic library exporting symbols) */
+#if defined(_WIN32) && defined(SLAPD_IMPORT)
+# define SLAPI_F(type) extern __declspec(dllimport) type
+# define SLAPI_V(type) extern __declspec(dllimport) type
+#else
+# define SLAPI_F(type) extern type
+# define SLAPI_V(type) extern type
+#endif
+
+/*
+ * C library. Mingw32 links with the dynamic C run-time library by default,
+ * so the explicit definition of CSTATIC will keep dllimport from
+ * being defined, if desired.
+ *
+ * MSVC defines the _DLL macro when the compiler is invoked with /MD or /MDd,
+ * which means the resulting object code will be linked with the dynamic
+ * C run-time library.
+ *
+ * Technically, it shouldn't be necessary to redefine any functions that
+ * the headers for the C library should already contain. Nevertheless, this
+ * is here as a safe-guard.
+ *
+ * TODO: Determine if these macros ever get expanded for Windows. If not,
+ * the declspec expansion can probably be removed.
+ */
+#if (defined(__MINGW32__) && !defined(CSTATIC)) || \
+ (defined(_MSC_VER) && defined(_DLL))
+# define LDAP_LIBC_F(type) extern __declspec(dllimport) type
+# define LDAP_LIBC_V(type) extern __declspec(dllimport) type
+#else
+# define LDAP_LIBC_F(type) extern type
+# define LDAP_LIBC_V(type) extern type
+#endif
+
+#endif /* _LDAP_CDEFS_H */
Added: openldap/vendor/openldap-2.3.35/include/ldap_config.hin
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ldap_config.hin (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ldap_config.hin 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,70 @@
+/* $OpenLDAP: pkg/ldap/include/ldap_config.hin,v 1.2.2.3 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * This file works in confunction with OpenLDAP configure system.
+ * If you do no like the values below, adjust your configure options.
+ */
+
+#ifndef _LDAP_CONFIG_H
+#define _LDAP_CONFIG_H
+
+/* directory separator */
+#ifndef LDAP_DIRSEP
+#ifndef _WIN32
+#define LDAP_DIRSEP "/"
+#else
+#define LDAP_DIRSEP "\\"
+#endif
+#endif
+
+/* directory for temporary files */
+#if defined(_WIN32)
+# define LDAP_TMPDIR "C:\\." /* we don't have much of a choice */
+#elif defined( _P_tmpdir )
+# define LDAP_TMPDIR _P_tmpdir
+#elif defined( P_tmpdir )
+# define LDAP_TMPDIR P_tmpdir
+#elif defined( _PATH_TMPDIR )
+# define LDAP_TMPDIR _PATH_TMPDIR
+#else
+# define LDAP_TMPDIR LDAP_DIRSEP "tmp"
+#endif
+
+/* directories */
+#ifndef LDAP_BINDIR
+#define LDAP_BINDIR "%BINDIR%"
+#endif
+#ifndef LDAP_SBINDIR
+#define LDAP_SBINDIR "%SBINDIR%"
+#endif
+#ifndef LDAP_DATADIR
+#define LDAP_DATADIR "%DATADIR%"
+#endif
+#ifndef LDAP_SYSCONFDIR
+#define LDAP_SYSCONFDIR "%SYSCONFDIR%"
+#endif
+#ifndef LDAP_LIBEXECDIR
+#define LDAP_LIBEXECDIR "%LIBEXECDIR%"
+#endif
+#ifndef LDAP_RUNDIR
+#define LDAP_RUNDIR "%RUNDIR%"
+#endif
+#ifndef LDAP_LOCALEDIR
+#define LDAP_LOCALEDIR "%LOCALEDIR%"
+#endif
+
+
+#endif /* _LDAP_CONFIG_H */
Added: openldap/vendor/openldap-2.3.35/include/ldap_defaults.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ldap_defaults.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ldap_defaults.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,68 @@
+/* $OpenLDAP: pkg/ldap/include/ldap_defaults.h,v 1.30.2.4 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1994 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+/*
+ * This file controls defaults for OpenLDAP package.
+ * You probably do not need to edit the defaults provided by this file.
+ */
+
+#ifndef _LDAP_DEFAULTS_H
+#define _LDAP_DEFAULTS_H
+
+
+#include <ldap_config.h>
+
+#define LDAP_CONF_FILE LDAP_SYSCONFDIR LDAP_DIRSEP "ldap.conf"
+#define LDAP_USERRC_FILE "ldaprc"
+#define LDAP_ENV_PREFIX "LDAP"
+
+/* default ldapi:// socket */
+#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"
+
+/*
+ * SLAPD DEFINITIONS
+ */
+ /* location of the default slapd config file */
+#define SLAPD_DEFAULT_CONFIGFILE LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.conf"
+#define SLAPD_DEFAULT_CONFIGDIR LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.d"
+#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-data"
+#define SLAPD_DEFAULT_DB_MODE 0600
+#define SLAPD_DEFAULT_UCDATA LDAP_DATADIR LDAP_DIRSEP "ucdata"
+ /* default max deref depth for aliases */
+#define SLAPD_DEFAULT_MAXDEREFDEPTH 15
+ /* default sizelimit on number of entries from a search */
+#define SLAPD_DEFAULT_SIZELIMIT 500
+ /* default timelimit to spend on a search */
+#define SLAPD_DEFAULT_TIMELIMIT 3600
+ /* minimum max ids that a single index entry can map to in ldbm */
+#define SLAPD_LDBM_MIN_MAXIDS (8192-4)
+
+/* the following DNs must be normalized! */
+ /* dn of the default subschema subentry */
+#define SLAPD_SCHEMA_DN "cn=Subschema"
+ /* dn of the default "monitor" subentry */
+#define SLAPD_MONITOR_DN "cn=Monitor"
+
+#endif /* _LDAP_CONFIG_H */
Added: openldap/vendor/openldap-2.3.35/include/ldap_features.hin
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ldap_features.hin (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ldap_features.hin 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,63 @@
+/* $OpenLDAP: pkg/ldap/include/ldap_features.hin,v 1.2.2.3 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * LDAP Features
+ */
+
+#ifndef _LDAP_FEATURES_H
+#define _LDAP_FEATURES_H 1
+
+/* OpenLDAP API version macros */
+#undef LDAP_VENDOR_VERSION
+#undef LDAP_VENDOR_VERSION_MAJOR
+#undef LDAP_VENDOR_VERSION_MINOR
+#undef LDAP_VENDOR_VERSION_PATCH
+
+/*
+** WORK IN PROGRESS!
+**
+** OpenLDAP reentrancy/thread-safeness should be dynamically
+** checked using ldap_get_option().
+**
+** The -lldap implementation is not thread-safe.
+**
+** The -lldap_r implementation is:
+** LDAP_API_FEATURE_THREAD_SAFE (basic thread safety)
+** but also be:
+** LDAP_API_FEATURE_SESSION_THREAD_SAFE
+** LDAP_API_FEATURE_OPERATION_THREAD_SAFE
+**
+** The preprocessor flag LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE
+** can be used to determine if -lldap_r is available at compile
+** time. You must define LDAP_THREAD_SAFE if and only if you
+** link with -lldap_r.
+**
+** If you fail to define LDAP_THREAD_SAFE when linking with
+** -lldap_r or define LDAP_THREAD_SAFE when linking with -lldap,
+** provided header definations and declarations may be incorrect.
+**
+*/
+
+/* is -lldap_r available or not */
+#undef LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE
+
+/* LDAP v2 Kerberos Bind */
+#undef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+
+/* LDAP v2 Referrals */
+#undef LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS
+
+#endif /* LDAP_FEATURES */
Added: openldap/vendor/openldap-2.3.35/include/ldap_int_thread.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ldap_int_thread.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ldap_int_thread.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,274 @@
+/* ldap_int_thread.h - ldap internal thread wrappers header file */
+/* $OpenLDAP: pkg/ldap/include/ldap_int_thread.h,v 1.13.2.4 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+
+LDAP_BEGIN_DECL
+
+/* Can be done twice in libldap_r. See libldap_r/ldap_thr_debug.h. */
+LDAP_F(int) ldap_int_thread_initialize LDAP_P(( void ));
+LDAP_F(int) ldap_int_thread_destroy LDAP_P(( void ));
+
+LDAP_END_DECL
+
+
+#ifndef _LDAP_INT_THREAD_H
+#define _LDAP_INT_THREAD_H
+
+#if defined( HAVE_PTHREADS )
+/**********************************
+ * *
+ * definitions for POSIX Threads *
+ * *
+ **********************************/
+
+#include <pthread.h>
+#ifdef HAVE_SCHED_H
+#include <sched.h>
+#endif
+
+LDAP_BEGIN_DECL
+
+typedef pthread_t ldap_int_thread_t;
+typedef pthread_mutex_t ldap_int_thread_mutex_t;
+typedef pthread_cond_t ldap_int_thread_cond_t;
+
+#define ldap_int_thread_equal(a, b) pthread_equal((a), (b))
+
+#if defined( _POSIX_REENTRANT_FUNCTIONS ) || \
+ defined( _POSIX_THREAD_SAFE_FUNCTIONS ) || \
+ defined( _POSIX_THREADSAFE_FUNCTIONS )
+#define HAVE_REENTRANT_FUNCTIONS 1
+#endif
+
+#if defined( HAVE_PTHREAD_GETCONCURRENCY ) || \
+ defined( HAVE_THR_GETCONCURRENCY )
+#define LDAP_THREAD_HAVE_GETCONCURRENCY 1
+#endif
+
+#if defined( HAVE_PTHREAD_SETCONCURRENCY ) || \
+ defined( HAVE_THR_SETCONCURRENCY )
+#define LDAP_THREAD_HAVE_SETCONCURRENCY 1
+#endif
+
+#if 0 && defined( HAVE_PTHREAD_RWLOCK_DESTROY )
+#define LDAP_THREAD_HAVE_RDWR 1
+typedef pthread_rwlock_t ldap_int_thread_rdwr_t;
+#endif
+
+LDAP_END_DECL
+
+#elif defined ( HAVE_MACH_CTHREADS )
+/**********************************
+ * *
+ * definitions for Mach CThreads *
+ * *
+ **********************************/
+
+#if defined( HAVE_MACH_CTHREADS_H )
+# include <mach/cthreads.h>
+#elif defined( HAVE_CTHREAD_H
+# include <cthreads.h>
+#endif
+
+LDAP_BEGIN_DECL
+
+typedef cthread_t ldap_int_thread_t;
+typedef struct mutex ldap_int_thread_mutex_t;
+typedef struct condition ldap_int_thread_cond_t;
+
+LDAP_END_DECL
+
+#elif defined( HAVE_GNU_PTH )
+/***********************************
+ * *
+ * thread definitions for GNU Pth *
+ * *
+ ***********************************/
+
+#define PTH_SYSCALL_SOFT 1
+#include <pth.h>
+
+LDAP_BEGIN_DECL
+
+typedef pth_t ldap_int_thread_t;
+typedef pth_mutex_t ldap_int_thread_mutex_t;
+typedef pth_cond_t ldap_int_thread_cond_t;
+
+#if 0
+#define LDAP_THREAD_HAVE_RDWR 1
+typedef pth_rwlock_t ldap_int_thread_rdwr_t;
+#endif
+
+LDAP_END_DECL
+
+#elif defined( HAVE_THR )
+/********************************************
+ * *
+ * thread definitions for Solaris LWP (THR) *
+ * *
+ ********************************************/
+
+#include <thread.h>
+#include <synch.h>
+
+LDAP_BEGIN_DECL
+
+typedef thread_t ldap_int_thread_t;
+typedef mutex_t ldap_int_thread_mutex_t;
+typedef cond_t ldap_int_thread_cond_t;
+
+#define HAVE_REENTRANT_FUNCTIONS 1
+
+#ifdef HAVE_THR_GETCONCURRENCY
+#define LDAP_THREAD_HAVE_GETCONCURRENCY 1
+#endif
+#ifdef HAVE_THR_SETCONCURRENCY
+#define LDAP_THREAD_HAVE_SETCONCURRENCY 1
+#endif
+
+LDAP_END_DECL
+
+#elif defined( HAVE_LWP )
+/*************************************
+ * *
+ * thread definitions for SunOS LWP *
+ * *
+ *************************************/
+
+#include <lwp/lwp.h>
+#include <lwp/stackdep.h>
+#define LDAP_THREAD_HAVE_SLEEP 1
+
+LDAP_BEGIN_DECL
+
+typedef thread_t ldap_int_thread_t;
+typedef mon_t ldap_int_thread_mutex_t;
+struct ldap_int_thread_lwp_cv {
+ int lcv_created;
+ cv_t lcv_cv;
+};
+typedef struct ldap_int_thread_lwp_cv ldap_int_thread_cond_t;
+
+#define HAVE_REENTRANT_FUNCTIONS 1
+
+LDAP_END_DECL
+
+#elif defined(HAVE_NT_THREADS)
+/*************************************
+ * *
+ * thread definitions for NT threads *
+ * *
+ *************************************/
+
+#include <process.h>
+#include <windows.h>
+
+LDAP_BEGIN_DECL
+
+typedef unsigned long ldap_int_thread_t;
+typedef HANDLE ldap_int_thread_mutex_t;
+typedef HANDLE ldap_int_thread_cond_t;
+
+LDAP_END_DECL
+
+#else
+/***********************************
+ * *
+ * thread definitions for no *
+ * underlying library support *
+ * *
+ ***********************************/
+
+#ifndef NO_THREADS
+#define NO_THREADS 1
+#endif
+
+LDAP_BEGIN_DECL
+
+typedef int ldap_int_thread_t;
+typedef int ldap_int_thread_mutex_t;
+typedef int ldap_int_thread_cond_t;
+
+#define LDAP_THREAD_HAVE_TPOOL 1
+typedef int ldap_int_thread_pool_t;
+
+LDAP_END_DECL
+
+#endif /* no threads support */
+
+
+LDAP_BEGIN_DECL
+
+#ifndef ldap_int_thread_equal
+#define ldap_int_thread_equal(a, b) ((a) == (b))
+#endif
+
+#ifndef LDAP_THREAD_HAVE_RDWR
+typedef struct ldap_int_thread_rdwr_s * ldap_int_thread_rdwr_t;
+#endif
+
+LDAP_F(int) ldap_int_thread_pool_startup ( void );
+LDAP_F(int) ldap_int_thread_pool_shutdown ( void );
+
+#ifndef LDAP_THREAD_HAVE_TPOOL
+typedef struct ldap_int_thread_pool_s * ldap_int_thread_pool_t;
+#endif
+
+LDAP_END_DECL
+
+
+#if defined(LDAP_THREAD_DEBUG) && !((LDAP_THREAD_DEBUG +0) & 2U)
+#define LDAP_THREAD_DEBUG_WRAP 1
+#endif
+
+#ifdef LDAP_THREAD_DEBUG_WRAP
+/**************************************
+ * *
+ * definitions for type-wrapped debug *
+ * *
+ **************************************/
+
+LDAP_BEGIN_DECL
+
+#ifndef LDAP_UINTPTR_T /* May be configured in CPPFLAGS */
+#define LDAP_UINTPTR_T unsigned long
+#endif
+
+typedef union {
+ unsigned char *ptr;
+ LDAP_UINTPTR_T num;
+} ldap_debug_usage_info_t;
+
+typedef struct {
+ ldap_int_thread_mutex_t wrapped;
+ ldap_debug_usage_info_t usage;
+} ldap_debug_thread_mutex_t;
+
+typedef struct {
+ ldap_int_thread_cond_t wrapped;
+ ldap_debug_usage_info_t usage;
+} ldap_debug_thread_cond_t;
+
+typedef struct {
+ ldap_int_thread_rdwr_t wrapped;
+ ldap_debug_usage_info_t usage;
+} ldap_debug_thread_rdwr_t;
+
+LDAP_END_DECL
+
+#endif /* LDAP_THREAD_DEBUG_WRAP */
+
+#endif /* _LDAP_INT_THREAD_H */
Added: openldap/vendor/openldap-2.3.35/include/ldap_log.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ldap_log.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ldap_log.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,131 @@
+/* $OpenLDAP: pkg/ldap/include/ldap_log.h,v 1.35.2.3 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#ifndef _LDAP_LOG_H
+#define _LDAP_LOG_H
+
+#include <stdio.h>
+#include <ldap_cdefs.h>
+
+LDAP_BEGIN_DECL
+
+/*
+ * debug reporting levels.
+ *
+ * They start with the syslog levels, and
+ * go down in importance. The normal
+ * debugging levels begin with LDAP_LEVEL_ENTRY
+ *
+ */
+#define LDAP_LEVEL_EMERG 0
+#define LDAP_LEVEL_ALERT 1
+#define LDAP_LEVEL_CRIT 2
+#define LDAP_LEVEL_ERR 3
+#define LDAP_LEVEL_WARNING 4
+#define LDAP_LEVEL_NOTICE 5
+#define LDAP_LEVEL_INFO 6
+#define LDAP_LEVEL_ENTRY 7 /* log function entry points */
+#define LDAP_LEVEL_ARGS 8 /* log function call parameters */
+#define LDAP_LEVEL_RESULTS 9 /* Log function results */
+#define LDAP_LEVEL_DETAIL1 10 /* log level 1 function operational details */
+#define LDAP_LEVEL_DETAIL2 11 /* Log level 2 function operational details */
+
+#define LDAP_DEBUG_TRACE 0x0001
+#define LDAP_DEBUG_PACKETS 0x0002
+#define LDAP_DEBUG_ARGS 0x0004
+#define LDAP_DEBUG_CONNS 0x0008
+#define LDAP_DEBUG_BER 0x0010
+#define LDAP_DEBUG_FILTER 0x0020
+#define LDAP_DEBUG_CONFIG 0x0040
+#define LDAP_DEBUG_ACL 0x0080
+#define LDAP_DEBUG_STATS 0x0100
+#define LDAP_DEBUG_STATS2 0x0200
+#define LDAP_DEBUG_SHELL 0x0400
+#define LDAP_DEBUG_PARSE 0x0800
+#define LDAP_DEBUG_CACHE 0x1000
+#define LDAP_DEBUG_INDEX 0x2000
+#define LDAP_DEBUG_SYNC 0x4000
+
+#define LDAP_DEBUG_NONE 0x8000
+#define LDAP_DEBUG_ANY -1
+
+/* debugging stuff */
+#ifdef LDAP_DEBUG
+ /*
+ * This is a bogus extern declaration for the compiler. No need to ensure
+ * a 'proper' dllimport.
+ */
+# ifndef ldap_debug
+ extern int ldap_debug;
+# endif /* !ldap_debug */
+
+# ifdef LDAP_SYSLOG
+ extern int ldap_syslog;
+ extern int ldap_syslog_level;
+
+# ifdef HAVE_EBCDIC
+# define syslog eb_syslog
+ extern void eb_syslog(int pri, const char *fmt, ...);
+# endif
+
+# endif /* LDAP_SYSLOG */
+
+/* this doesn't below as part of ldap.h */
+# ifdef LDAP_SYSLOG
+# define Debug( level, fmt, arg1, arg2, arg3 ) \
+ do { \
+ if ( ldap_debug & (level) ) \
+ lutil_debug( ldap_debug, (level), (fmt), (arg1), (arg2), (arg3) ); \
+ if ( ldap_syslog & (level) ) \
+ syslog( ldap_syslog_level, (fmt), (arg1), (arg2), (arg3) ); \
+ } while ( 0 )
+
+# else
+# define Debug( level, fmt, arg1, arg2, arg3 ) \
+ do { \
+ if ( ldap_debug & (level) ) \
+ lutil_debug( ldap_debug, (level), (fmt), (arg1), (arg2), (arg3) ); \
+ } while ( 0 )
+# endif
+
+#else /* LDAP_DEBUG */
+# define Debug( level, fmt, arg1, arg2, arg3 )
+
+#endif /* LDAP_DEBUG */
+
+#ifndef LDAP_LOG
+#define LDAP_LOG(a, b, fmt, arg1, arg2, arg3)
+#define LDAP_LOGS_TEST(a, b) 0
+#endif
+
+LDAP_LUTIL_F(int) lutil_debug_file LDAP_P(( FILE *file ));
+
+LDAP_LUTIL_F(void) lutil_debug LDAP_P((
+ int debug, int level,
+ const char* fmt, ... )) LDAP_GCCATTR((format(printf, 3, 4)));
+
+LDAP_END_DECL
+
+#endif /* _LDAP_LOG_H */
Added: openldap/vendor/openldap-2.3.35/include/ldap_pvt.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ldap_pvt.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ldap_pvt.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,364 @@
+/* $OpenLDAP: pkg/ldap/include/ldap_pvt.h,v 1.82.2.8 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/* ldap-pvt.h - Header for ldap_pvt_ functions.
+ * These are meant to be internal to OpenLDAP Software.
+ */
+
+#ifndef _LDAP_PVT_H
+#define _LDAP_PVT_H 1
+
+#include <lber.h> /* get ber_slen_t */
+
+LDAP_BEGIN_DECL
+
+#define LDAP_PROTO_TCP 1 /* ldap:// */
+#define LDAP_PROTO_UDP 2 /* reserved */
+#define LDAP_PROTO_IPC 3 /* ldapi:// */
+
+LDAP_F ( int )
+ldap_pvt_url_scheme2proto LDAP_P((
+ const char * ));
+LDAP_F ( int )
+ldap_pvt_url_scheme2tls LDAP_P((
+ const char * ));
+
+LDAP_F ( int )
+ldap_pvt_url_scheme_port LDAP_P((
+ const char *, int ));
+
+struct ldap_url_desc; /* avoid pulling in <ldap.h> */
+
+LDAP_F( int )
+ldap_url_parse_ext LDAP_P((
+ LDAP_CONST char *url,
+ struct ldap_url_desc **ludpp ));
+
+LDAP_F( char * )
+ldap_pvt_ctime LDAP_P((
+ const time_t *tp,
+ char *buf ));
+
+LDAP_F( char *) ldap_pvt_get_fqdn LDAP_P(( char * ));
+
+struct hostent; /* avoid pulling in <netdb.h> */
+
+LDAP_F( int )
+ldap_pvt_gethostbyname_a LDAP_P((
+ const char *name,
+ struct hostent *resbuf,
+ char **buf,
+ struct hostent **result,
+ int *herrno_ptr ));
+
+LDAP_F( int )
+ldap_pvt_gethostbyaddr_a LDAP_P((
+ const char *addr,
+ int len,
+ int type,
+ struct hostent *resbuf,
+ char **buf,
+ struct hostent **result,
+ int *herrno_ptr ));
+
+struct sockaddr;
+
+LDAP_F( int )
+ldap_pvt_get_hname LDAP_P((
+ const struct sockaddr * sa,
+ int salen,
+ char *name,
+ int namelen,
+ char **herr ));
+
+
+/* charray.c */
+
+LDAP_F( int )
+ldap_charray_add LDAP_P((
+ char ***a,
+ const char *s ));
+
+LDAP_F( int )
+ldap_charray_merge LDAP_P((
+ char ***a,
+ char **s ));
+
+LDAP_F( void )
+ldap_charray_free LDAP_P(( char **a ));
+
+LDAP_F( int )
+ldap_charray_inlist LDAP_P((
+ char **a,
+ const char *s ));
+
+LDAP_F( char ** )
+ldap_charray_dup LDAP_P(( char **a ));
+
+LDAP_F( char ** )
+ldap_str2charray LDAP_P((
+ const char *str,
+ const char *brkstr ));
+
+LDAP_F( char * )
+ldap_charray2str LDAP_P((
+ char **array, const char* sep ));
+
+/* getdn.c */
+
+#ifdef LDAP_AVA_NULL /* in ldap.h */
+LDAP_F( void ) ldap_rdnfree_x LDAP_P(( LDAPRDN rdn, void *ctx ));
+LDAP_F( void ) ldap_dnfree_x LDAP_P(( LDAPDN dn, void *ctx ));
+
+LDAP_F( int ) ldap_bv2dn_x LDAP_P((
+ struct berval *bv, LDAPDN *dn, unsigned flags, void *ctx ));
+LDAP_F( int ) ldap_dn2bv_x LDAP_P((
+ LDAPDN dn, struct berval *bv, unsigned flags, void *ctx ));
+LDAP_F( int ) ldap_bv2rdn_x LDAP_P((
+ struct berval *, LDAPRDN *, char **, unsigned flags, void *ctx ));
+LDAP_F( int ) ldap_rdn2bv_x LDAP_P((
+ LDAPRDN rdn, struct berval *bv, unsigned flags, void *ctx ));
+#endif
+
+/* url.c */
+LDAP_F (void) ldap_pvt_hex_unescape LDAP_P(( char *s ));
+
+/*
+ * these macros assume 'x' is an ASCII x
+ * and assume the "C" locale
+ */
+#define LDAP_ASCII(c) (!((c) & 0x80))
+#define LDAP_SPACE(c) ((c) == ' ' || (c) == '\t' || (c) == '\n')
+#define LDAP_DIGIT(c) ((c) >= '0' && (c) <= '9')
+#define LDAP_LOWER(c) ((c) >= 'a' && (c) <= 'z')
+#define LDAP_UPPER(c) ((c) >= 'A' && (c) <= 'Z')
+#define LDAP_ALPHA(c) (LDAP_LOWER(c) || LDAP_UPPER(c))
+#define LDAP_ALNUM(c) (LDAP_ALPHA(c) || LDAP_DIGIT(c))
+
+#define LDAP_LDH(c) (LDAP_ALNUM(c) || (c) == '-')
+
+#define LDAP_HEXLOWER(c) ((c) >= 'a' && (c) <= 'f')
+#define LDAP_HEXUPPER(c) ((c) >= 'A' && (c) <= 'F')
+#define LDAP_HEX(c) (LDAP_DIGIT(c) || \
+ LDAP_HEXLOWER(c) || LDAP_HEXUPPER(c))
+
+/* controls.c */
+struct ldapcontrol;
+LDAP_F (struct ldapcontrol *) ldap_control_dup LDAP_P((
+ const struct ldapcontrol *ctrl ));
+
+LDAP_F (struct ldapcontrol **) ldap_controls_dup LDAP_P((
+ struct ldapcontrol *const *ctrls ));
+
+LDAP_F (int) ldap_pvt_get_controls LDAP_P((
+ BerElement *be,
+ struct ldapcontrol ***ctrlsp));
+
+#ifdef HAVE_CYRUS_SASL
+/* cyrus.c */
+struct sasl_security_properties; /* avoid pulling in <sasl.h> */
+LDAP_F (int) ldap_pvt_sasl_secprops LDAP_P((
+ const char *in,
+ struct sasl_security_properties *secprops ));
+LDAP_F (void) ldap_pvt_sasl_secprops_unparse LDAP_P((
+ struct sasl_security_properties *secprops,
+ struct berval *out ));
+
+LDAP_F (void *) ldap_pvt_sasl_mutex_new LDAP_P((void));
+LDAP_F (int) ldap_pvt_sasl_mutex_lock LDAP_P((void *mutex));
+LDAP_F (int) ldap_pvt_sasl_mutex_unlock LDAP_P((void *mutex));
+LDAP_F (void) ldap_pvt_sasl_mutex_dispose LDAP_P((void *mutex));
+
+struct sockbuf; /* avoid pulling in <lber.h> */
+LDAP_F (int) ldap_pvt_sasl_install LDAP_P(( struct sockbuf *, void * ));
+LDAP_F (void) ldap_pvt_sasl_remove LDAP_P(( struct sockbuf * ));
+#endif /* HAVE_CYRUS_SASL */
+
+#ifndef LDAP_PVT_SASL_LOCAL_SSF
+#define LDAP_PVT_SASL_LOCAL_SSF 71 /* SSF for Unix Domain Sockets */
+#endif
+
+struct ldap;
+struct ldapmsg;
+
+LDAP_F (int) ldap_open_internal_connection LDAP_P((
+ struct ldap **ldp, ber_socket_t *fdp ));
+
+/* messages.c */
+LDAP_F( BerElement * )
+ldap_get_message_ber LDAP_P((
+ struct ldapmsg * ));
+
+/* search.c */
+LDAP_F( int ) ldap_pvt_put_filter LDAP_P((
+ BerElement *ber,
+ const char *str ));
+
+LDAP_F( char * )
+ldap_pvt_find_wildcard LDAP_P(( const char *s ));
+
+LDAP_F( ber_slen_t )
+ldap_pvt_filter_value_unescape LDAP_P(( char *filter ));
+
+LDAP_F( ber_len_t )
+ldap_bv2escaped_filter_value_len LDAP_P(( struct berval *in ));
+
+LDAP_F( int )
+ldap_bv2escaped_filter_value_x LDAP_P(( struct berval *in, struct berval *out,
+ int inplace, void *ctx ));
+
+/* string.c */
+LDAP_F( char * )
+ldap_pvt_str2upper LDAP_P(( char *str ));
+
+LDAP_F( char * )
+ldap_pvt_str2lower LDAP_P(( char *str ));
+
+LDAP_F( struct berval * )
+ldap_pvt_str2upperbv LDAP_P(( char *str, struct berval *bv ));
+
+LDAP_F( struct berval * )
+ldap_pvt_str2lowerbv LDAP_P(( char *str, struct berval *bv ));
+
+/* tls.c */
+LDAP_F (int) ldap_int_tls_config LDAP_P(( struct ldap *ld,
+ int option, const char *arg ));
+LDAP_F (int) ldap_pvt_tls_get_option LDAP_P(( struct ldap *ld,
+ int option, void *arg ));
+LDAP_F (int) ldap_pvt_tls_set_option LDAP_P(( struct ldap *ld,
+ int option, void *arg ));
+
+LDAP_F (void) ldap_pvt_tls_destroy LDAP_P(( void ));
+LDAP_F (int) ldap_pvt_tls_init LDAP_P(( void ));
+LDAP_F (int) ldap_pvt_tls_init_def_ctx LDAP_P(( int is_server ));
+LDAP_F (int) ldap_pvt_tls_accept LDAP_P(( Sockbuf *sb, void *ctx_arg ));
+LDAP_F (int) ldap_pvt_tls_inplace LDAP_P(( Sockbuf *sb ));
+LDAP_F (void *) ldap_pvt_tls_sb_ctx LDAP_P(( Sockbuf *sb ));
+
+LDAP_F (int) ldap_pvt_tls_init_default_ctx LDAP_P(( void ));
+
+typedef int LDAPDN_rewrite_dummy LDAP_P (( void *dn, unsigned flags ));
+
+typedef int (LDAP_TLS_CONNECT_CB) LDAP_P (( struct ldap *ld, void *ssl,
+ void *ctx, void *arg ));
+
+LDAP_F (int) ldap_pvt_tls_get_my_dn LDAP_P(( void *ctx, struct berval *dn,
+ LDAPDN_rewrite_dummy *func, unsigned flags ));
+LDAP_F (int) ldap_pvt_tls_get_peer_dn LDAP_P(( void *ctx, struct berval *dn,
+ LDAPDN_rewrite_dummy *func, unsigned flags ));
+LDAP_F (int) ldap_pvt_tls_get_strength LDAP_P(( void *ctx ));
+
+LDAP_END_DECL
+
+/*
+ * Multiple precision stuff
+ *
+ * May use OpenSSL's BIGNUM if built with TLS,
+ * or GNU's multiple precision library. But if
+ * long long is available, that's big enough
+ * and much more efficient.
+ *
+ * If none is available, unsigned long data is used.
+ */
+
+#if USE_MP_BIGNUM
+/*
+ * Use OpenSSL's BIGNUM
+ */
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+
+typedef BIGNUM* ldap_pvt_mp_t;
+#define LDAP_PVT_MP_INIT (NULL)
+
+#define ldap_pvt_mp_init(mp) \
+ do { (mp) = BN_new(); } while (0)
+
+/* FIXME: we rely on mpr being initialized */
+#define ldap_pvt_mp_init_set(mpr,mpv) \
+ do { ldap_pvt_mp_init((mpr)); BN_add((mpr), (mpr), (mpv)); } while (0)
+
+#define ldap_pvt_mp_add(mpr,mpv) \
+ BN_add((mpr), (mpr), (mpv))
+
+#define ldap_pvt_mp_add_ulong(mp,v) \
+ BN_add_word((mp), (v))
+
+#define ldap_pvt_mp_clear(mp) \
+ do { BN_free((mp)); (mp) = 0; } while (0)
+
+#elif USE_MP_GMP
+/*
+ * Use GNU's multiple precision library
+ */
+#include <gmp.h>
+
+typedef mpz_t ldap_pvt_mp_t;
+#define LDAP_PVT_MP_INIT { 0 }
+
+#define ldap_pvt_mp_init(mp) \
+ mpz_init((mp))
+
+#define ldap_pvt_mp_init_set(mpr,mpv) \
+ mpz_init_set((mpr), (mpv))
+
+#define ldap_pvt_mp_add(mpr,mpv) \
+ mpz_add((mpr), (mpr), (mpv))
+
+#define ldap_pvt_mp_add_ulong(mp,v) \
+ mpz_add_ui((mp), (mp), (v))
+
+#define ldap_pvt_mp_clear(mp) \
+ mpz_clear((mp))
+
+#else
+/*
+ * Use unsigned long long
+ */
+
+#if USE_MP_LONG_LONG
+typedef unsigned long long ldap_pvt_mp_t;
+#define LDAP_PVT_MP_INIT (0LL)
+#elif USE_MP_LONG
+typedef unsigned long ldap_pvt_mp_t;
+#define LDAP_PVT_MP_INIT (0L)
+#elif HAVE_LONG_LONG
+typedef unsigned long long ldap_pvt_mp_t;
+#define LDAP_PVT_MP_INIT (0LL)
+#else
+typedef unsigned long ldap_pvt_mp_t;
+#define LDAP_PVT_MP_INIT (0L)
+#endif
+
+#define ldap_pvt_mp_init(mp) \
+ do { (mp) = 0; } while (0)
+
+#define ldap_pvt_mp_init_set(mpr,mpv) \
+ do { (mpr) = (mpv); } while (0)
+
+#define ldap_pvt_mp_add(mpr,mpv) \
+ do { (mpr) += (mpv); } while (0)
+
+#define ldap_pvt_mp_add_ulong(mp,v) \
+ do { (mp) += (v); } while (0)
+
+#define ldap_pvt_mp_clear(mp) \
+ do { (mp) = 0; } while (0)
+
+#endif /* MP */
+
+#include "ldap_pvt_uc.h"
+
+#endif /* _LDAP_PVT_H */
Added: openldap/vendor/openldap-2.3.35/include/ldap_pvt_thread.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ldap_pvt_thread.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ldap_pvt_thread.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,228 @@
+/* ldap_pvt_thread.h - ldap threads header file */
+/* $OpenLDAP: pkg/ldap/include/ldap_pvt_thread.h,v 1.41.2.7 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _LDAP_PVT_THREAD_H
+#define _LDAP_PVT_THREAD_H /* libldap_r/ldap_thr_debug.h #undefines this */
+
+#include "ldap_cdefs.h"
+#include "ldap_int_thread.h"
+
+LDAP_BEGIN_DECL
+
+#ifndef LDAP_PVT_THREAD_H_DONE
+typedef ldap_int_thread_t ldap_pvt_thread_t;
+#ifdef LDAP_THREAD_DEBUG_WRAP
+typedef ldap_debug_thread_mutex_t ldap_pvt_thread_mutex_t;
+typedef ldap_debug_thread_cond_t ldap_pvt_thread_cond_t;
+typedef ldap_debug_thread_rdwr_t ldap_pvt_thread_rdwr_t;
+#else
+typedef ldap_int_thread_mutex_t ldap_pvt_thread_mutex_t;
+typedef ldap_int_thread_cond_t ldap_pvt_thread_cond_t;
+typedef ldap_int_thread_rdwr_t ldap_pvt_thread_rdwr_t;
+#endif
+#endif /* !LDAP_PVT_THREAD_H_DONE */
+
+#define ldap_pvt_thread_equal ldap_int_thread_equal
+
+LDAP_F( int )
+ldap_pvt_thread_initialize LDAP_P(( void ));
+
+LDAP_F( int )
+ldap_pvt_thread_destroy LDAP_P(( void ));
+
+LDAP_F( unsigned int )
+ldap_pvt_thread_sleep LDAP_P(( unsigned int s ));
+
+LDAP_F( int )
+ldap_pvt_thread_get_concurrency LDAP_P(( void ));
+
+LDAP_F( int )
+ldap_pvt_thread_set_concurrency LDAP_P(( int ));
+
+#define LDAP_PVT_THREAD_CREATE_JOINABLE 0
+#define LDAP_PVT_THREAD_CREATE_DETACHED 1
+
+#ifndef LDAP_PVT_THREAD_H_DONE
+#define LDAP_PVT_THREAD_SET_STACK_SIZE
+#ifndef LDAP_PVT_THREAD_STACK_SIZE
+ /* LARGE stack. Will be twice as large on 64 bit machine. */
+#define LDAP_PVT_THREAD_STACK_SIZE ( 1 * 1024 * 1024 * sizeof(void *) )
+/* May be explicitly defined to zero to disable it */
+#elif LDAP_PVT_THREAD_STACK_SIZE == 0
+#undef LDAP_PVT_THREAD_SET_STACK_SIZE
+#endif
+#endif /* !LDAP_PVT_THREAD_H_DONE */
+
+LDAP_F( int )
+ldap_pvt_thread_create LDAP_P((
+ ldap_pvt_thread_t * thread,
+ int detach,
+ void *(*start_routine)( void * ),
+ void *arg));
+
+LDAP_F( void )
+ldap_pvt_thread_exit LDAP_P(( void *retval ));
+
+LDAP_F( int )
+ldap_pvt_thread_join LDAP_P(( ldap_pvt_thread_t thread, void **status ));
+
+LDAP_F( int )
+ldap_pvt_thread_kill LDAP_P(( ldap_pvt_thread_t thread, int signo ));
+
+LDAP_F( int )
+ldap_pvt_thread_yield LDAP_P(( void ));
+
+LDAP_F( int )
+ldap_pvt_thread_cond_init LDAP_P(( ldap_pvt_thread_cond_t *cond ));
+
+LDAP_F( int )
+ldap_pvt_thread_cond_destroy LDAP_P(( ldap_pvt_thread_cond_t *cond ));
+
+LDAP_F( int )
+ldap_pvt_thread_cond_signal LDAP_P(( ldap_pvt_thread_cond_t *cond ));
+
+LDAP_F( int )
+ldap_pvt_thread_cond_broadcast LDAP_P(( ldap_pvt_thread_cond_t *cond ));
+
+LDAP_F( int )
+ldap_pvt_thread_cond_wait LDAP_P((
+ ldap_pvt_thread_cond_t *cond,
+ ldap_pvt_thread_mutex_t *mutex ));
+
+LDAP_F( int )
+ldap_pvt_thread_mutex_init LDAP_P(( ldap_pvt_thread_mutex_t *mutex ));
+
+LDAP_F( int )
+ldap_pvt_thread_mutex_destroy LDAP_P(( ldap_pvt_thread_mutex_t *mutex ));
+
+LDAP_F( int )
+ldap_pvt_thread_mutex_lock LDAP_P(( ldap_pvt_thread_mutex_t *mutex ));
+
+LDAP_F( int )
+ldap_pvt_thread_mutex_trylock LDAP_P(( ldap_pvt_thread_mutex_t *mutex ));
+
+LDAP_F( int )
+ldap_pvt_thread_mutex_unlock LDAP_P(( ldap_pvt_thread_mutex_t *mutex ));
+
+LDAP_F( ldap_pvt_thread_t )
+ldap_pvt_thread_self LDAP_P(( void ));
+
+LDAP_F( int )
+ldap_pvt_thread_rdwr_init LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
+
+LDAP_F( int )
+ldap_pvt_thread_rdwr_destroy LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
+
+LDAP_F( int )
+ldap_pvt_thread_rdwr_rlock LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
+
+LDAP_F( int )
+ldap_pvt_thread_rdwr_rtrylock LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
+
+LDAP_F( int )
+ldap_pvt_thread_rdwr_runlock LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
+
+LDAP_F( int )
+ldap_pvt_thread_rdwr_wlock LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
+
+LDAP_F( int )
+ldap_pvt_thread_rdwr_wtrylock LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
+
+LDAP_F( int )
+ldap_pvt_thread_rdwr_wunlock LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
+
+#ifdef LDAP_DEBUG
+LDAP_F( int )
+ldap_pvt_thread_rdwr_readers LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
+
+LDAP_F( int )
+ldap_pvt_thread_rdwr_writers LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
+
+LDAP_F( int )
+ldap_pvt_thread_rdwr_active LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
+#endif /* LDAP_DEBUG */
+
+#define LDAP_PVT_THREAD_EINVAL EINVAL
+#define LDAP_PVT_THREAD_EBUSY EINVAL
+
+#ifndef LDAP_PVT_THREAD_H_DONE
+typedef ldap_int_thread_pool_t ldap_pvt_thread_pool_t;
+
+typedef void * (ldap_pvt_thread_start_t) LDAP_P((void *ctx, void *arg));
+typedef void (ldap_pvt_thread_pool_keyfree_t) LDAP_P((void *key, void *data));
+#endif /* !LDAP_PVT_THREAD_H_DONE */
+
+LDAP_F( int )
+ldap_pvt_thread_pool_init LDAP_P((
+ ldap_pvt_thread_pool_t *pool_out,
+ int max_threads,
+ int max_pending ));
+
+LDAP_F( int )
+ldap_pvt_thread_pool_submit LDAP_P((
+ ldap_pvt_thread_pool_t *pool,
+ ldap_pvt_thread_start_t *start,
+ void *arg ));
+
+LDAP_F( int )
+ldap_pvt_thread_pool_maxthreads LDAP_P((
+ ldap_pvt_thread_pool_t *pool,
+ int max_threads ));
+
+LDAP_F( int )
+ldap_pvt_thread_pool_backload LDAP_P((
+ ldap_pvt_thread_pool_t *pool ));
+
+LDAP_F( int )
+ldap_pvt_thread_pool_pause LDAP_P((
+ ldap_pvt_thread_pool_t *pool ));
+
+LDAP_F( int )
+ldap_pvt_thread_pool_resume LDAP_P((
+ ldap_pvt_thread_pool_t *pool ));
+
+LDAP_F( int )
+ldap_pvt_thread_pool_destroy LDAP_P((
+ ldap_pvt_thread_pool_t *pool,
+ int run_pending ));
+
+LDAP_F( int )
+ldap_pvt_thread_pool_getkey LDAP_P((
+ void *ctx,
+ void *key,
+ void **data,
+ ldap_pvt_thread_pool_keyfree_t **kfree ));
+
+LDAP_F( int )
+ldap_pvt_thread_pool_setkey LDAP_P((
+ void *ctx,
+ void *key,
+ void *data,
+ ldap_pvt_thread_pool_keyfree_t *kfree ));
+
+LDAP_F( void )
+ldap_pvt_thread_pool_purgekey LDAP_P(( void *key ));
+
+LDAP_F( void *)
+ldap_pvt_thread_pool_context LDAP_P(( void ));
+
+LDAP_F( void )
+ldap_pvt_thread_pool_context_reset LDAP_P(( void *key ));
+
+LDAP_END_DECL
+
+#define LDAP_PVT_THREAD_H_DONE
+#endif /* _LDAP_THREAD_H */
Added: openldap/vendor/openldap-2.3.35/include/ldap_pvt_uc.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ldap_pvt_uc.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ldap_pvt_uc.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,163 @@
+/* $OpenLDAP: pkg/ldap/include/ldap_pvt_uc.h,v 1.28.2.4 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * ldap_pvt_uc.h - Header for Unicode functions.
+ * These are meant to be used by the OpenLDAP distribution only.
+ * These should be named ldap_pvt_....()
+ */
+
+#ifndef _LDAP_PVT_UC_H
+#define _LDAP_PVT_UC_H 1
+
+#include <lber.h> /* get ber_slen_t */
+
+#include <ac/bytes.h>
+#include "../libraries/liblunicode/ucdata/ucdata.h"
+
+LDAP_BEGIN_DECL
+
+/*
+ * UTF-8 (in utf-8.c)
+ */
+
+/* UCDATA uses UCS-2 passed in a 4 byte unsigned int */
+typedef ac_uint4 ldap_unicode_t;
+
+/* Convert a string with csize octets per character to UTF-8 */
+LDAP_F( int ) ldap_ucs_to_utf8s LDAP_P((
+ struct berval *ucs, int csize, struct berval *utf8s ));
+
+
+/* returns the number of bytes in the UTF-8 string */
+LDAP_F (ber_len_t) ldap_utf8_bytes( const char * );
+/* returns the number of UTF-8 characters in the string */
+LDAP_F (ber_len_t) ldap_utf8_chars( const char * );
+/* returns the length (in bytes) of the UTF-8 character */
+LDAP_F (int) ldap_utf8_offset( const char * );
+/* returns the length (in bytes) indicated by the UTF-8 character */
+LDAP_F (int) ldap_utf8_charlen( const char * );
+
+/* returns the length (in bytes) indicated by the UTF-8 character
+ * also checks that shortest possible encoding was used
+ */
+LDAP_F (int) ldap_utf8_charlen2( const char * );
+
+/* copies a UTF-8 character and returning number of bytes copied */
+LDAP_F (int) ldap_utf8_copy( char *, const char *);
+
+/* returns pointer of next UTF-8 character in string */
+LDAP_F (char*) ldap_utf8_next( const char * );
+/* returns pointer of previous UTF-8 character in string */
+LDAP_F (char*) ldap_utf8_prev( const char * );
+
+/* primitive ctype routines -- not aware of non-ascii characters */
+LDAP_F (int) ldap_utf8_isascii( const char * );
+LDAP_F (int) ldap_utf8_isalpha( const char * );
+LDAP_F (int) ldap_utf8_isalnum( const char * );
+LDAP_F (int) ldap_utf8_isdigit( const char * );
+LDAP_F (int) ldap_utf8_isxdigit( const char * );
+LDAP_F (int) ldap_utf8_isspace( const char * );
+
+/* span characters not in set, return bytes spanned */
+LDAP_F (ber_len_t) ldap_utf8_strcspn( const char* str, const char *set);
+/* span characters in set, return bytes spanned */
+LDAP_F (ber_len_t) ldap_utf8_strspn( const char* str, const char *set);
+/* return first occurance of character in string */
+LDAP_F (char *) ldap_utf8_strchr( const char* str, const char *chr);
+/* return first character of set in string */
+LDAP_F (char *) ldap_utf8_strpbrk( const char* str, const char *set);
+/* reentrant tokenizer */
+LDAP_F (char*) ldap_utf8_strtok( char* sp, const char* sep, char **last);
+
+/* Optimizations */
+LDAP_V (const char) ldap_utf8_lentab[128];
+LDAP_V (const char) ldap_utf8_mintab[32];
+
+#define LDAP_UTF8_ISASCII(p) ( !(*(const unsigned char *)(p) & 0x80 ) )
+#define LDAP_UTF8_CHARLEN(p) ( LDAP_UTF8_ISASCII(p) \
+ ? 1 : ldap_utf8_lentab[*(const unsigned char *)(p) ^ 0x80] )
+
+/* This is like CHARLEN but additionally validates to make sure
+ * the char used the shortest possible encoding.
+ * 'l' is used to temporarily hold the result of CHARLEN.
+ */
+#define LDAP_UTF8_CHARLEN2(p, l) ( ( ( l = LDAP_UTF8_CHARLEN( p )) < 3 || \
+ ( ldap_utf8_mintab[*(const unsigned char *)(p) & 0x1f] & (p)[1] ) ) ? \
+ l : 0 )
+
+#define LDAP_UTF8_OFFSET(p) ( LDAP_UTF8_ISASCII(p) \
+ ? 1 : ldap_utf8_offset((p)) )
+
+#define LDAP_UTF8_COPY(d,s) ( LDAP_UTF8_ISASCII(s) \
+ ? (*(d) = *(s), 1) : ldap_utf8_copy((d),(s)) )
+
+#define LDAP_UTF8_NEXT(p) ( LDAP_UTF8_ISASCII(p) \
+ ? (char *)(p)+1 : ldap_utf8_next((p)) )
+
+#define LDAP_UTF8_INCR(p) ((p) = LDAP_UTF8_NEXT(p))
+
+/* For symmetry */
+#define LDAP_UTF8_PREV(p) (ldap_utf8_prev((p)))
+#define LDAP_UTF8_DECR(p) ((p)=LDAP_UTF8_PREV((p)))
+
+
+/* these probably should be renamed */
+LDAP_LUNICODE_F(int) ucstrncmp(
+ const ldap_unicode_t *,
+ const ldap_unicode_t *,
+ ber_len_t );
+
+LDAP_LUNICODE_F(int) ucstrncasecmp(
+ const ldap_unicode_t *,
+ const ldap_unicode_t *,
+ ber_len_t );
+
+LDAP_LUNICODE_F(ldap_unicode_t *) ucstrnchr(
+ const ldap_unicode_t *,
+ ber_len_t,
+ ldap_unicode_t );
+
+LDAP_LUNICODE_F(ldap_unicode_t *) ucstrncasechr(
+ const ldap_unicode_t *,
+ ber_len_t,
+ ldap_unicode_t );
+
+LDAP_LUNICODE_F(void) ucstr2upper(
+ ldap_unicode_t *,
+ ber_len_t );
+
+#define LDAP_UTF8_NOCASEFOLD 0x0U
+#define LDAP_UTF8_CASEFOLD 0x1U
+#define LDAP_UTF8_ARG1NFC 0x2U
+#define LDAP_UTF8_ARG2NFC 0x4U
+#define LDAP_UTF8_APPROX 0x8U
+
+LDAP_LUNICODE_F(struct berval *) UTF8bvnormalize(
+ struct berval *,
+ struct berval *,
+ unsigned,
+ void *memctx );
+
+LDAP_LUNICODE_F(int) UTF8bvnormcmp(
+ struct berval *,
+ struct berval *,
+ unsigned,
+ void *memctx );
+
+LDAP_END_DECL
+
+#endif
+
Added: openldap/vendor/openldap-2.3.35/include/ldap_queue.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ldap_queue.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ldap_queue.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,562 @@
+/* ldap_queue.h -- queue macros */
+/* $OpenLDAP: pkg/ldap/include/ldap_queue.h,v 1.11.2.4 2007/01/13 11:19:07 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)queue.h 8.5 (Berkeley) 8/20/94
+ * $FreeBSD: src/sys/sys/queue.h,v 1.32.2.5 2001/09/30 21:12:54 luigi Exp $
+ *
+ * See also: ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work is derived from FreeBSD queue.h work. Adapted for use in
+ * OpenLDAP Software by Kurt D. Zeilenga.
+ */
+
+#ifndef _LDAP_QUEUE_H_
+#define _LDAP_QUEUE_H_
+
+/*
+ * This file defines five types of data structures: singly-linked lists,
+ * singly-linked tail queues, lists, tail queues, and circular queues.
+ *
+ * A singly-linked list is headed by a single forward pointer. The elements
+ * are singly linked for minimum space and pointer manipulation overhead at
+ * the expense of O(n) removal for arbitrary elements. New elements can be
+ * added to the list after an existing element or at the head of the list.
+ * Elements being removed from the head of the list should use the explicit
+ * macro for this purpose for optimum efficiency. A singly-linked list may
+ * only be traversed in the forward direction. Singly-linked lists are ideal
+ * for applications with large datasets and few or no removals or for
+ * implementing a LIFO queue.
+ *
+ * A singly-linked tail queue is headed by a pair of pointers, one to the
+ * head of the list and the other to the tail of the list. The elements are
+ * singly linked for minimum space and pointer manipulation overhead at the
+ * expense of O(n) removal for arbitrary elements. New elements can be added
+ * to the list after an existing element, at the head of the list, or at the
+ * end of the list. Elements being removed from the head of the tail queue
+ * should use the explicit macro for this purpose for optimum efficiency.
+ * A singly-linked tail queue may only be traversed in the forward direction.
+ * Singly-linked tail queues are ideal for applications with large datasets
+ * and few or no removals or for implementing a FIFO queue.
+ *
+ * A list is headed by a single forward pointer (or an array of forward
+ * pointers for a hash table header). The elements are doubly linked
+ * so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before
+ * or after an existing element or at the head of the list. A list
+ * may only be traversed in the forward direction.
+ *
+ * A tail queue is headed by a pair of pointers, one to the head of the
+ * list and the other to the tail of the list. The elements are doubly
+ * linked so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before or
+ * after an existing element, at the head of the list, or at the end of
+ * the list. A tail queue may be traversed in either direction.
+ *
+ * A circle queue is headed by a pair of pointers, one to the head of the
+ * list and the other to the tail of the list. The elements are doubly
+ * linked so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before or after
+ * an existing element, at the head of the list, or at the end of the list.
+ * A circle queue may be traversed in either direction, but has a more
+ * complex end of list detection.
+ *
+ * For details on the use of these macros, see the queue(3) manual page.
+ * All macros are prefixed with LDAP_.
+ *
+ * SLIST_ LIST_ STAILQ_ TAILQ_ CIRCLEQ_
+ * _HEAD + + + + +
+ * _ENTRY + + + + +
+ * _INIT + + + + +
+ * _ENTRY_INIT + + + + +
+ * _EMPTY + + + + +
+ * _FIRST + + + + +
+ * _NEXT + + + + +
+ * _PREV - - - + +
+ * _LAST - - + + +
+ * _FOREACH + + + + +
+ * _FOREACH_REVERSE - - - + +
+ * _INSERT_HEAD + + + + +
+ * _INSERT_BEFORE - + - + +
+ * _INSERT_AFTER + + + + +
+ * _INSERT_TAIL - - + + +
+ * _REMOVE_HEAD + - + - -
+ * _REMOVE + + + + +
+ *
+ */
+
+/*
+ * Singly-linked List definitions.
+ */
+#define LDAP_SLIST_HEAD(name, type) \
+struct name { \
+ struct type *slh_first; /* first element */ \
+}
+
+#define LDAP_SLIST_HEAD_INITIALIZER(head) \
+ { NULL }
+
+#define LDAP_SLIST_ENTRY(type) \
+struct { \
+ struct type *sle_next; /* next element */ \
+}
+
+#define LDAP_SLIST_ENTRY_INITIALIZER(entry) \
+ { NULL }
+
+/*
+ * Singly-linked List functions.
+ */
+#define LDAP_SLIST_EMPTY(head) ((head)->slh_first == NULL)
+
+#define LDAP_SLIST_FIRST(head) ((head)->slh_first)
+
+#define LDAP_SLIST_FOREACH(var, head, field) \
+ for((var) = (head)->slh_first; (var); (var) = (var)->field.sle_next)
+
+#define LDAP_SLIST_INIT(head) { \
+ (head)->slh_first = NULL; \
+}
+
+#define LDAP_SLIST_ENTRY_INIT(var, field) { \
+ (var)->field.sle_next = NULL; \
+}
+
+#define LDAP_SLIST_INSERT_AFTER(slistelm, elm, field) do { \
+ (elm)->field.sle_next = (slistelm)->field.sle_next; \
+ (slistelm)->field.sle_next = (elm); \
+} while (0)
+
+#define LDAP_SLIST_INSERT_HEAD(head, elm, field) do { \
+ (elm)->field.sle_next = (head)->slh_first; \
+ (head)->slh_first = (elm); \
+} while (0)
+
+#define LDAP_SLIST_NEXT(elm, field) ((elm)->field.sle_next)
+
+#define LDAP_SLIST_REMOVE_HEAD(head, field) do { \
+ (head)->slh_first = (head)->slh_first->field.sle_next; \
+} while (0)
+
+#define LDAP_SLIST_REMOVE(head, elm, type, field) do { \
+ if ((head)->slh_first == (elm)) { \
+ LDAP_SLIST_REMOVE_HEAD((head), field); \
+ } \
+ else { \
+ struct type *curelm = (head)->slh_first; \
+ while( curelm->field.sle_next != (elm) ) \
+ curelm = curelm->field.sle_next; \
+ curelm->field.sle_next = \
+ curelm->field.sle_next->field.sle_next; \
+ } \
+} while (0)
+
+/*
+ * Singly-linked Tail queue definitions.
+ */
+#define LDAP_STAILQ_HEAD(name, type) \
+struct name { \
+ struct type *stqh_first;/* first element */ \
+ struct type **stqh_last;/* addr of last next element */ \
+}
+
+#define LDAP_STAILQ_HEAD_INITIALIZER(head) \
+ { NULL, &(head).stqh_first }
+
+#define LDAP_STAILQ_ENTRY(type) \
+struct { \
+ struct type *stqe_next; /* next element */ \
+}
+
+#define LDAP_STAILQ_ENTRY_INITIALIZER(entry) \
+ { NULL }
+
+/*
+ * Singly-linked Tail queue functions.
+ */
+#define LDAP_STAILQ_EMPTY(head) ((head)->stqh_first == NULL)
+
+#define LDAP_STAILQ_INIT(head) do { \
+ (head)->stqh_first = NULL; \
+ (head)->stqh_last = &(head)->stqh_first; \
+} while (0)
+
+#define LDAP_STAILQ_ENTRY_INIT(var, field) { \
+ (entry)->field.stqe_next = NULL; \
+}
+
+#define LDAP_STAILQ_FIRST(head) ((head)->stqh_first)
+
+#define LDAP_STAILQ_LAST(head, type, field) \
+ (LDAP_STAILQ_EMPTY(head) ? \
+ NULL : \
+ ((struct type *) \
+ ((char *)((head)->stqh_last) - offsetof(struct type, field))))
+
+#define LDAP_STAILQ_FOREACH(var, head, field) \
+ for((var) = (head)->stqh_first; (var); (var) = (var)->field.stqe_next)
+
+#define LDAP_STAILQ_INSERT_HEAD(head, elm, field) do { \
+ if (((elm)->field.stqe_next = (head)->stqh_first) == NULL) \
+ (head)->stqh_last = &(elm)->field.stqe_next; \
+ (head)->stqh_first = (elm); \
+} while (0)
+
+#define LDAP_STAILQ_INSERT_TAIL(head, elm, field) do { \
+ (elm)->field.stqe_next = NULL; \
+ *(head)->stqh_last = (elm); \
+ (head)->stqh_last = &(elm)->field.stqe_next; \
+} while (0)
+
+#define LDAP_STAILQ_INSERT_AFTER(head, tqelm, elm, field) do { \
+ if (((elm)->field.stqe_next = (tqelm)->field.stqe_next) == NULL)\
+ (head)->stqh_last = &(elm)->field.stqe_next; \
+ (tqelm)->field.stqe_next = (elm); \
+} while (0)
+
+#define LDAP_STAILQ_NEXT(elm, field) ((elm)->field.stqe_next)
+
+#define LDAP_STAILQ_REMOVE_HEAD(head, field) do { \
+ if (((head)->stqh_first = \
+ (head)->stqh_first->field.stqe_next) == NULL) \
+ (head)->stqh_last = &(head)->stqh_first; \
+} while (0)
+
+#define LDAP_STAILQ_REMOVE_HEAD_UNTIL(head, elm, field) do { \
+ if (((head)->stqh_first = (elm)->field.stqe_next) == NULL) \
+ (head)->stqh_last = &(head)->stqh_first; \
+} while (0)
+
+#define LDAP_STAILQ_REMOVE(head, elm, type, field) do { \
+ if ((head)->stqh_first == (elm)) { \
+ LDAP_STAILQ_REMOVE_HEAD(head, field); \
+ } \
+ else { \
+ struct type *curelm = (head)->stqh_first; \
+ while( curelm->field.stqe_next != (elm) ) \
+ curelm = curelm->field.stqe_next; \
+ if((curelm->field.stqe_next = \
+ curelm->field.stqe_next->field.stqe_next) == NULL) \
+ (head)->stqh_last = &(curelm)->field.stqe_next; \
+ } \
+} while (0)
+
+/*
+ * List definitions.
+ */
+#define LDAP_LIST_HEAD(name, type) \
+struct name { \
+ struct type *lh_first; /* first element */ \
+}
+
+#define LDAP_LIST_HEAD_INITIALIZER(head) \
+ { NULL }
+
+#define LDAP_LIST_ENTRY(type) \
+struct { \
+ struct type *le_next; /* next element */ \
+ struct type **le_prev; /* address of previous next element */ \
+}
+
+#define LDAP_LIST_ENTRY_INITIALIZER(entry) \
+ { NULL, NULL }
+
+/*
+ * List functions.
+ */
+
+#define LDAP_LIST_EMPTY(head) ((head)->lh_first == NULL)
+
+#define LDAP_LIST_FIRST(head) ((head)->lh_first)
+
+#define LDAP_LIST_FOREACH(var, head, field) \
+ for((var) = (head)->lh_first; (var); (var) = (var)->field.le_next)
+
+#define LDAP_LIST_INIT(head) do { \
+ (head)->lh_first = NULL; \
+} while (0)
+
+#define LDAP_LIST_ENTRY_INIT(var, field) do { \
+ (var)->field.le_next = NULL; \
+ (var)->field.le_prev = NULL; \
+} while (0)
+
+#define LDAP_LIST_INSERT_AFTER(listelm, elm, field) do { \
+ if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \
+ (listelm)->field.le_next->field.le_prev = \
+ &(elm)->field.le_next; \
+ (listelm)->field.le_next = (elm); \
+ (elm)->field.le_prev = &(listelm)->field.le_next; \
+} while (0)
+
+#define LDAP_LIST_INSERT_BEFORE(listelm, elm, field) do { \
+ (elm)->field.le_prev = (listelm)->field.le_prev; \
+ (elm)->field.le_next = (listelm); \
+ *(listelm)->field.le_prev = (elm); \
+ (listelm)->field.le_prev = &(elm)->field.le_next; \
+} while (0)
+
+#define LDAP_LIST_INSERT_HEAD(head, elm, field) do { \
+ if (((elm)->field.le_next = (head)->lh_first) != NULL) \
+ (head)->lh_first->field.le_prev = &(elm)->field.le_next;\
+ (head)->lh_first = (elm); \
+ (elm)->field.le_prev = &(head)->lh_first; \
+} while (0)
+
+#define LDAP_LIST_NEXT(elm, field) ((elm)->field.le_next)
+
+#define LDAP_LIST_REMOVE(elm, field) do { \
+ if ((elm)->field.le_next != NULL) \
+ (elm)->field.le_next->field.le_prev = \
+ (elm)->field.le_prev; \
+ *(elm)->field.le_prev = (elm)->field.le_next; \
+} while (0)
+
+/*
+ * Tail queue definitions.
+ */
+#define LDAP_TAILQ_HEAD(name, type) \
+struct name { \
+ struct type *tqh_first; /* first element */ \
+ struct type **tqh_last; /* addr of last next element */ \
+}
+
+#define LDAP_TAILQ_HEAD_INITIALIZER(head) \
+ { NULL, &(head).tqh_first }
+
+#define LDAP_TAILQ_ENTRY(type) \
+struct { \
+ struct type *tqe_next; /* next element */ \
+ struct type **tqe_prev; /* address of previous next element */ \
+}
+
+#define LDAP_TAILQ_ENTRY_INITIALIZER(entry) \
+ { NULL, NULL }
+
+/*
+ * Tail queue functions.
+ */
+#define LDAP_TAILQ_EMPTY(head) ((head)->tqh_first == NULL)
+
+#define LDAP_TAILQ_FOREACH(var, head, field) \
+ for (var = LDAP_TAILQ_FIRST(head); var; var = LDAP_TAILQ_NEXT(var, field))
+
+#define LDAP_TAILQ_FOREACH_REVERSE(var, head, type, field) \
+ for ((var) = LDAP_TAILQ_LAST((head), type, field); \
+ (var); \
+ (var) = LDAP_TAILQ_PREV((var), head, type, field))
+
+#define LDAP_TAILQ_FIRST(head) ((head)->tqh_first)
+
+#define LDAP_TAILQ_LAST(head, type, field) \
+ (LDAP_TAILQ_EMPTY(head) ? \
+ NULL : \
+ ((struct type *) \
+ ((char *)((head)->tqh_last) - offsetof(struct type, field))))
+
+#define LDAP_TAILQ_NEXT(elm, field) ((elm)->field.tqe_next)
+
+#define LDAP_TAILQ_PREV(elm, head, type, field) \
+ ((struct type *)((elm)->field.tqe_prev) == LDAP_TAILQ_FIRST(head) ? \
+ NULL : \
+ ((struct type *) \
+ ((char *)((elm)->field.tqe_prev) - offsetof(struct type, field))))
+
+#define LDAP_TAILQ_INIT(head) do { \
+ (head)->tqh_first = NULL; \
+ (head)->tqh_last = &(head)->tqh_first; \
+} while (0)
+
+#define LDAP_TAILQ_ENTRY_INIT(var, field) do { \
+ (var)->field.tqe_next = NULL; \
+ (var)->field.tqe_prev = NULL; \
+} while (0)
+
+#define LDAP_TAILQ_INSERT_HEAD(head, elm, field) do { \
+ if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \
+ (head)->tqh_first->field.tqe_prev = \
+ &(elm)->field.tqe_next; \
+ else \
+ (head)->tqh_last = &(elm)->field.tqe_next; \
+ (head)->tqh_first = (elm); \
+ (elm)->field.tqe_prev = &(head)->tqh_first; \
+} while (0)
+
+#define LDAP_TAILQ_INSERT_TAIL(head, elm, field) do { \
+ (elm)->field.tqe_next = NULL; \
+ (elm)->field.tqe_prev = (head)->tqh_last; \
+ *(head)->tqh_last = (elm); \
+ (head)->tqh_last = &(elm)->field.tqe_next; \
+} while (0)
+
+#define LDAP_TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \
+ if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\
+ (elm)->field.tqe_next->field.tqe_prev = \
+ &(elm)->field.tqe_next; \
+ else \
+ (head)->tqh_last = &(elm)->field.tqe_next; \
+ (listelm)->field.tqe_next = (elm); \
+ (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \
+} while (0)
+
+#define LDAP_TAILQ_INSERT_BEFORE(listelm, elm, field) do { \
+ (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \
+ (elm)->field.tqe_next = (listelm); \
+ *(listelm)->field.tqe_prev = (elm); \
+ (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \
+} while (0)
+
+#define LDAP_TAILQ_REMOVE(head, elm, field) do { \
+ if (((elm)->field.tqe_next) != NULL) \
+ (elm)->field.tqe_next->field.tqe_prev = \
+ (elm)->field.tqe_prev; \
+ else \
+ (head)->tqh_last = (elm)->field.tqe_prev; \
+ *(elm)->field.tqe_prev = (elm)->field.tqe_next; \
+} while (0)
+
+/*
+ * Circular queue definitions.
+ */
+#define LDAP_CIRCLEQ_HEAD(name, type) \
+struct name { \
+ struct type *cqh_first; /* first element */ \
+ struct type *cqh_last; /* last element */ \
+}
+
+#define LDAP_CIRCLEQ_ENTRY(type) \
+struct { \
+ struct type *cqe_next; /* next element */ \
+ struct type *cqe_prev; /* previous element */ \
+}
+
+/*
+ * Circular queue functions.
+ */
+#define LDAP_CIRCLEQ_EMPTY(head) ((head)->cqh_first == (void *)(head))
+
+#define LDAP_CIRCLEQ_FIRST(head) ((head)->cqh_first)
+
+#define LDAP_CIRCLEQ_FOREACH(var, head, field) \
+ for((var) = (head)->cqh_first; \
+ (var) != (void *)(head); \
+ (var) = (var)->field.cqe_next)
+
+#define LDAP_CIRCLEQ_FOREACH_REVERSE(var, head, field) \
+ for((var) = (head)->cqh_last; \
+ (var) != (void *)(head); \
+ (var) = (var)->field.cqe_prev)
+
+#define LDAP_CIRCLEQ_INIT(head) do { \
+ (head)->cqh_first = (void *)(head); \
+ (head)->cqh_last = (void *)(head); \
+} while (0)
+
+#define LDAP_CIRCLEQ_ENTRY_INIT(var, field) do { \
+ (var)->field.cqe_next = NULL; \
+ (var)->field.cqe_prev = NULL; \
+} while (0)
+
+#define LDAP_CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \
+ (elm)->field.cqe_next = (listelm)->field.cqe_next; \
+ (elm)->field.cqe_prev = (listelm); \
+ if ((listelm)->field.cqe_next == (void *)(head)) \
+ (head)->cqh_last = (elm); \
+ else \
+ (listelm)->field.cqe_next->field.cqe_prev = (elm); \
+ (listelm)->field.cqe_next = (elm); \
+} while (0)
+
+#define LDAP_CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do { \
+ (elm)->field.cqe_next = (listelm); \
+ (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \
+ if ((listelm)->field.cqe_prev == (void *)(head)) \
+ (head)->cqh_first = (elm); \
+ else \
+ (listelm)->field.cqe_prev->field.cqe_next = (elm); \
+ (listelm)->field.cqe_prev = (elm); \
+} while (0)
+
+#define LDAP_CIRCLEQ_INSERT_HEAD(head, elm, field) do { \
+ (elm)->field.cqe_next = (head)->cqh_first; \
+ (elm)->field.cqe_prev = (void *)(head); \
+ if ((head)->cqh_last == (void *)(head)) \
+ (head)->cqh_last = (elm); \
+ else \
+ (head)->cqh_first->field.cqe_prev = (elm); \
+ (head)->cqh_first = (elm); \
+} while (0)
+
+#define LDAP_CIRCLEQ_INSERT_TAIL(head, elm, field) do { \
+ (elm)->field.cqe_next = (void *)(head); \
+ (elm)->field.cqe_prev = (head)->cqh_last; \
+ if ((head)->cqh_first == (void *)(head)) \
+ (head)->cqh_first = (elm); \
+ else \
+ (head)->cqh_last->field.cqe_next = (elm); \
+ (head)->cqh_last = (elm); \
+} while (0)
+
+#define LDAP_CIRCLEQ_LAST(head) ((head)->cqh_last)
+
+#define LDAP_CIRCLEQ_NEXT(elm,field) ((elm)->field.cqe_next)
+
+#define LDAP_CIRCLEQ_PREV(elm,field) ((elm)->field.cqe_prev)
+
+#define LDAP_CIRCLEQ_REMOVE(head, elm, field) do { \
+ if ((elm)->field.cqe_next == (void *)(head)) \
+ (head)->cqh_last = (elm)->field.cqe_prev; \
+ else \
+ (elm)->field.cqe_next->field.cqe_prev = \
+ (elm)->field.cqe_prev; \
+ if ((elm)->field.cqe_prev == (void *)(head)) \
+ (head)->cqh_first = (elm)->field.cqe_next; \
+ else \
+ (elm)->field.cqe_prev->field.cqe_next = \
+ (elm)->field.cqe_next; \
+} while (0)
+
+#endif /* !_LDAP_QUEUE_H_ */
Added: openldap/vendor/openldap-2.3.35/include/ldap_rq.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ldap_rq.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ldap_rq.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,101 @@
+/* $OpenLDAP: pkg/ldap/include/ldap_rq.h,v 1.9.2.5 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef LDAP_RQ_H
+#define LDAP_RQ_H 1
+
+#include <ldap_cdefs.h>
+
+LDAP_BEGIN_DECL
+
+typedef struct re_s {
+ struct timeval next_sched;
+ struct timeval interval;
+ LDAP_STAILQ_ENTRY(re_s) tnext; /* it includes running */
+ LDAP_STAILQ_ENTRY(re_s) rnext;
+ ldap_pvt_thread_start_t *routine;
+ void *arg;
+ char *tname;
+ char *tspec;
+} re_t;
+
+typedef struct runqueue_s {
+ LDAP_STAILQ_HEAD(l, re_s) task_list;
+ LDAP_STAILQ_HEAD(rl, re_s) run_list;
+ ldap_pvt_thread_mutex_t rq_mutex;
+} runqueue_t;
+
+LDAP_F( struct re_s* )
+ldap_pvt_runqueue_insert(
+ struct runqueue_s* rq,
+ time_t interval,
+ ldap_pvt_thread_start_t* routine,
+ void *arg,
+ char *tname,
+ char *tspec
+);
+
+LDAP_F( struct re_s* )
+ldap_pvt_runqueue_find(
+ struct runqueue_s* rq,
+ ldap_pvt_thread_start_t* routine,
+ void *arg
+);
+
+LDAP_F( void )
+ldap_pvt_runqueue_remove(
+ struct runqueue_s* rq,
+ struct re_s* entry
+);
+
+LDAP_F( struct re_s* )
+ldap_pvt_runqueue_next_sched(
+ struct runqueue_s* rq,
+ struct timeval* next_run
+);
+
+LDAP_F( void )
+ldap_pvt_runqueue_runtask(
+ struct runqueue_s* rq,
+ struct re_s* entry
+);
+
+LDAP_F( void )
+ldap_pvt_runqueue_stoptask(
+ struct runqueue_s* rq,
+ struct re_s* entry
+);
+
+LDAP_F( int )
+ldap_pvt_runqueue_isrunning(
+ struct runqueue_s* rq,
+ struct re_s* entry
+);
+
+LDAP_F( void )
+ldap_pvt_runqueue_resched(
+ struct runqueue_s* rq,
+ struct re_s* entry,
+ int defer
+);
+
+LDAP_F( int )
+ldap_pvt_runqueue_persistent_backload(
+ struct runqueue_s* rq
+);
+
+LDAP_END_DECL
+
+#endif
Added: openldap/vendor/openldap-2.3.35/include/ldap_schema.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ldap_schema.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ldap_schema.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,360 @@
+/* $OpenLDAP: pkg/ldap/include/ldap_schema.h,v 1.34.2.3 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/* ldap-schema.h - Header for basic schema handling functions that can be
+ * used by both clients and servers.
+ * these routines should be renamed ldap_x_...
+ */
+
+#ifndef _LDAP_SCHEMA_H
+#define _LDAP_SCHEMA_H 1
+
+#include <ldap_cdefs.h>
+
+LDAP_BEGIN_DECL
+
+/* Codes for parsing errors */
+
+#define LDAP_SCHERR_OUTOFMEM 1
+#define LDAP_SCHERR_UNEXPTOKEN 2
+#define LDAP_SCHERR_NOLEFTPAREN 3
+#define LDAP_SCHERR_NORIGHTPAREN 4
+#define LDAP_SCHERR_NODIGIT 5
+#define LDAP_SCHERR_BADNAME 6
+#define LDAP_SCHERR_BADDESC 7
+#define LDAP_SCHERR_BADSUP 8
+#define LDAP_SCHERR_DUPOPT 9
+#define LDAP_SCHERR_EMPTY 10
+#define LDAP_SCHERR_MISSING 11
+#define LDAP_SCHERR_OUT_OF_ORDER 12
+
+typedef struct ldap_schema_extension_item {
+ char *lsei_name;
+ char **lsei_values;
+} LDAPSchemaExtensionItem;
+
+typedef struct ldap_syntax {
+ char *syn_oid; /* REQUIRED */
+ char **syn_names; /* OPTIONAL */
+ char *syn_desc; /* OPTIONAL */
+ LDAPSchemaExtensionItem **syn_extensions; /* OPTIONAL */
+} LDAPSyntax;
+
+typedef struct ldap_matchingrule {
+ char *mr_oid; /* REQUIRED */
+ char **mr_names; /* OPTIONAL */
+ char *mr_desc; /* OPTIONAL */
+ int mr_obsolete; /* OPTIONAL */
+ char *mr_syntax_oid; /* REQUIRED */
+ LDAPSchemaExtensionItem **mr_extensions; /* OPTIONAL */
+} LDAPMatchingRule;
+
+typedef struct ldap_matchingruleuse {
+ char *mru_oid; /* REQUIRED */
+ char **mru_names; /* OPTIONAL */
+ char *mru_desc; /* OPTIONAL */
+ int mru_obsolete; /* OPTIONAL */
+ char **mru_applies_oids; /* REQUIRED */
+ LDAPSchemaExtensionItem **mru_extensions; /* OPTIONAL */
+} LDAPMatchingRuleUse;
+
+typedef struct ldap_attributetype {
+ char *at_oid; /* REQUIRED */
+ char **at_names; /* OPTIONAL */
+ char *at_desc; /* OPTIONAL */
+ int at_obsolete; /* 0=no, 1=yes */
+ char *at_sup_oid; /* OPTIONAL */
+ char *at_equality_oid; /* OPTIONAL */
+ char *at_ordering_oid; /* OPTIONAL */
+ char *at_substr_oid; /* OPTIONAL */
+ char *at_syntax_oid; /* OPTIONAL */
+ int at_syntax_len; /* OPTIONAL */
+ int at_single_value; /* 0=no, 1=yes */
+ int at_collective; /* 0=no, 1=yes */
+ int at_no_user_mod; /* 0=no, 1=yes */
+ int at_usage; /* 0=userApplications, 1=directoryOperation,
+ 2=distributedOperation, 3=dSAOperation */
+ LDAPSchemaExtensionItem **at_extensions; /* OPTIONAL */
+} LDAPAttributeType;
+
+typedef struct ldap_objectclass {
+ char *oc_oid; /* REQUIRED */
+ char **oc_names; /* OPTIONAL */
+ char *oc_desc; /* OPTIONAL */
+ int oc_obsolete; /* 0=no, 1=yes */
+ char **oc_sup_oids; /* OPTIONAL */
+ int oc_kind; /* 0=ABSTRACT, 1=STRUCTURAL, 2=AUXILIARY */
+ char **oc_at_oids_must; /* OPTIONAL */
+ char **oc_at_oids_may; /* OPTIONAL */
+ LDAPSchemaExtensionItem **oc_extensions; /* OPTIONAL */
+} LDAPObjectClass;
+
+typedef struct ldap_contentrule {
+ char *cr_oid; /* REQUIRED */
+ char **cr_names; /* OPTIONAL */
+ char *cr_desc; /* OPTIONAL */
+ char **cr_sup_oids; /* OPTIONAL */
+ int cr_obsolete; /* 0=no, 1=yes */
+ char **cr_oc_oids_aux; /* OPTIONAL */
+ char **cr_at_oids_must; /* OPTIONAL */
+ char **cr_at_oids_may; /* OPTIONAL */
+ char **cr_at_oids_not; /* OPTIONAL */
+ LDAPSchemaExtensionItem **cr_extensions; /* OPTIONAL */
+} LDAPContentRule;
+
+typedef struct ldap_nameform {
+ char *nf_oid; /* REQUIRED */
+ char **nf_names; /* OPTIONAL */
+ char *nf_desc; /* OPTIONAL */
+ int nf_obsolete; /* 0=no, 1=yes */
+ char *nf_objectclass; /* REQUIRED */
+ char **nf_at_oids_must; /* REQUIRED */
+ char **nf_at_oids_may; /* OPTIONAL */
+ LDAPSchemaExtensionItem **nf_extensions; /* OPTIONAL */
+} LDAPNameForm;
+
+typedef struct ldap_structurerule {
+ int sr_ruleid; /* REQUIRED */
+ char **sr_names; /* OPTIONAL */
+ char *sr_desc; /* OPTIONAL */
+ int sr_obsolete; /* 0=no, 1=yes */
+ char *sr_nameform; /* REQUIRED */
+ int sr_nsup_ruleids;/* number of sr_sup_ruleids */
+ int *sr_sup_ruleids;/* OPTIONAL */
+ LDAPSchemaExtensionItem **sr_extensions; /* OPTIONAL */
+} LDAPStructureRule;
+
+/*
+ * Misc macros
+ */
+#define LDAP_SCHEMA_NO 0
+#define LDAP_SCHEMA_YES 1
+
+#define LDAP_SCHEMA_USER_APPLICATIONS 0
+#define LDAP_SCHEMA_DIRECTORY_OPERATION 1
+#define LDAP_SCHEMA_DISTRIBUTED_OPERATION 2
+#define LDAP_SCHEMA_DSA_OPERATION 3
+
+#define LDAP_SCHEMA_ABSTRACT 0
+#define LDAP_SCHEMA_STRUCTURAL 1
+#define LDAP_SCHEMA_AUXILIARY 2
+
+
+/*
+ * Flags that control how liberal the parsing routines are.
+ */
+#define LDAP_SCHEMA_ALLOW_NONE 0x00U /* Strict parsing */
+#define LDAP_SCHEMA_ALLOW_NO_OID 0x01U /* Allow missing oid */
+#define LDAP_SCHEMA_ALLOW_QUOTED 0x02U /* Allow bogus extra quotes */
+#define LDAP_SCHEMA_ALLOW_DESCR 0x04U /* Allow descr instead of OID */
+#define LDAP_SCHEMA_ALLOW_DESCR_PREFIX 0x08U /* Allow descr as OID prefix */
+#define LDAP_SCHEMA_ALLOW_OID_MACRO 0x10U /* Allow OID macros in slapd */
+#define LDAP_SCHEMA_ALLOW_OUT_OF_ORDER_FIELDS 0x20U /* Allow fields in most any order */
+#define LDAP_SCHEMA_ALLOW_ALL 0x3fU /* Be very liberal in parsing */
+#define LDAP_SCHEMA_SKIP 0x80U /* Don't malloc any result */
+
+
+LDAP_F( LDAP_CONST char * )
+ldap_syntax2name LDAP_P((
+ LDAPSyntax * syn ));
+
+LDAP_F( LDAP_CONST char * )
+ldap_matchingrule2name LDAP_P((
+ LDAPMatchingRule * mr ));
+
+LDAP_F( LDAP_CONST char * )
+ldap_matchingruleuse2name LDAP_P((
+ LDAPMatchingRuleUse * mru ));
+
+LDAP_F( LDAP_CONST char * )
+ldap_attributetype2name LDAP_P((
+ LDAPAttributeType * at ));
+
+LDAP_F( LDAP_CONST char * )
+ldap_objectclass2name LDAP_P((
+ LDAPObjectClass * oc ));
+
+LDAP_F( LDAP_CONST char * )
+ldap_contentrule2name LDAP_P((
+ LDAPContentRule * cr ));
+
+LDAP_F( LDAP_CONST char * )
+ldap_nameform2name LDAP_P((
+ LDAPNameForm * nf ));
+
+LDAP_F( LDAP_CONST char * )
+ldap_structurerule2name LDAP_P((
+ LDAPStructureRule * sr ));
+
+LDAP_F( void )
+ldap_syntax_free LDAP_P((
+ LDAPSyntax * syn ));
+
+LDAP_F( void )
+ldap_matchingrule_free LDAP_P((
+ LDAPMatchingRule * mr ));
+
+LDAP_F( void )
+ldap_matchingruleuse_free LDAP_P((
+ LDAPMatchingRuleUse * mr ));
+
+LDAP_F( void )
+ldap_attributetype_free LDAP_P((
+ LDAPAttributeType * at ));
+
+LDAP_F( void )
+ldap_objectclass_free LDAP_P((
+ LDAPObjectClass * oc ));
+
+LDAP_F( void )
+ldap_contentrule_free LDAP_P((
+ LDAPContentRule * cr ));
+
+LDAP_F( void )
+ldap_nameform_free LDAP_P((
+ LDAPNameForm * nf ));
+
+LDAP_F( void )
+ldap_structurerule_free LDAP_P((
+ LDAPStructureRule * sr ));
+
+LDAP_F( LDAPStructureRule * )
+ldap_str2structurerule LDAP_P((
+ LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags ));
+
+LDAP_F( LDAPNameForm * )
+ldap_str2nameform LDAP_P((
+ LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags ));
+
+LDAP_F( LDAPContentRule * )
+ldap_str2contentrule LDAP_P((
+ LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags ));
+
+LDAP_F( LDAPObjectClass * )
+ldap_str2objectclass LDAP_P((
+ LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags ));
+
+LDAP_F( LDAPAttributeType * )
+ldap_str2attributetype LDAP_P((
+ LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags ));
+
+LDAP_F( LDAPSyntax * )
+ldap_str2syntax LDAP_P((
+ LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags ));
+
+LDAP_F( LDAPMatchingRule * )
+ldap_str2matchingrule LDAP_P((
+ LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags ));
+
+LDAP_F( LDAPMatchingRuleUse * )
+ldap_str2matchingruleuse LDAP_P((
+ LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags ));
+
+LDAP_F( char * )
+ldap_structurerule2str LDAP_P((
+ LDAPStructureRule * sr ));
+
+LDAP_F( struct berval * )
+ldap_structurerule2bv LDAP_P((
+ LDAPStructureRule * sr, struct berval *bv ));
+
+LDAP_F( char * )
+ldap_nameform2str LDAP_P((
+ LDAPNameForm * nf ));
+
+LDAP_F( struct berval * )
+ldap_nameform2bv LDAP_P((
+ LDAPNameForm * nf, struct berval *bv ));
+
+LDAP_F( char * )
+ldap_contentrule2str LDAP_P((
+ LDAPContentRule * cr ));
+
+LDAP_F( struct berval * )
+ldap_contentrule2bv LDAP_P((
+ LDAPContentRule * cr, struct berval *bv ));
+
+LDAP_F( char * )
+ldap_objectclass2str LDAP_P((
+ LDAPObjectClass * oc ));
+
+LDAP_F( struct berval * )
+ldap_objectclass2bv LDAP_P((
+ LDAPObjectClass * oc, struct berval *bv ));
+
+LDAP_F( char * )
+ldap_attributetype2str LDAP_P((
+ LDAPAttributeType * at ));
+
+LDAP_F( struct berval * )
+ldap_attributetype2bv LDAP_P((
+ LDAPAttributeType * at, struct berval *bv ));
+
+LDAP_F( char * )
+ldap_syntax2str LDAP_P((
+ LDAPSyntax * syn ));
+
+LDAP_F( struct berval * )
+ldap_syntax2bv LDAP_P((
+ LDAPSyntax * syn, struct berval *bv ));
+
+LDAP_F( char * )
+ldap_matchingrule2str LDAP_P((
+ LDAPMatchingRule * mr ));
+
+LDAP_F( struct berval * )
+ldap_matchingrule2bv LDAP_P((
+ LDAPMatchingRule * mr, struct berval *bv ));
+
+LDAP_F( char * )
+ldap_matchingruleuse2str LDAP_P((
+ LDAPMatchingRuleUse * mru ));
+
+LDAP_F( struct berval * )
+ldap_matchingruleuse2bv LDAP_P((
+ LDAPMatchingRuleUse * mru, struct berval *bv ));
+
+LDAP_F( char * )
+ldap_scherr2str LDAP_P((
+ int code )) LDAP_GCCATTR((const));
+
+LDAP_END_DECL
+
+#endif
+
Added: openldap/vendor/openldap-2.3.35/include/ldap_utf8.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ldap_utf8.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ldap_utf8.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,106 @@
+/* $OpenLDAP: pkg/ldap/include/ldap_utf8.h,v 1.11.2.3 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This notice applies to changes, created by or for Novell, Inc.,
+ * to preexisting works for which notices appear elsewhere in this file.
+ *
+ * Copyright (C) 2000 Novell, Inc. All Rights Reserved.
+ *
+ * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES.
+ * USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION
+ * 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT
+ * HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE
+ * TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS
+ * WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC
+ * LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE
+ * PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
+ */
+/* Note: A verbatim copy of version 2.0.1 of the OpenLDAP Public License
+ * can be found in the file "build/LICENSE-2.0.1" in this distribution
+ * of OpenLDAP Software.
+ */
+
+#ifndef _LDAP_UTF8_H
+#define _LDAP_UTF8_H
+
+#include <lber_types.h> /* get ber_*_t */
+
+/*
+ * UTF-8 Utility Routines
+ */
+
+LDAP_BEGIN_DECL
+
+#define LDAP_UCS4_INVALID (0x80000000U)
+typedef ber_int_t ldap_ucs4_t;
+
+
+/* LDAP_MAX_UTF8_LEN is 3 or 6 depending on size of wchar_t */
+#define LDAP_MAX_UTF8_LEN ( sizeof(wchar_t) * 3/2 )
+
+/* Unicode conversion routines */
+LDAP_F( ldap_ucs4_t ) ldap_x_utf8_to_ucs4( LDAP_CONST char * p );
+LDAP_F( int ) ldap_x_ucs4_to_utf8( ldap_ucs4_t c, char *buf );
+
+
+/*
+ * Wide Char / UTF-8 Conversion Routines
+ */
+
+/* UTF-8 character to Wide Char */
+LDAP_F(int) ldap_x_utf8_to_wc LDAP_P((
+ wchar_t *wchar, LDAP_CONST char *utf8char ));
+
+/* UTF-8 string to Wide Char string */
+LDAP_F(int) ldap_x_utf8s_to_wcs LDAP_P((
+ wchar_t *wcstr, LDAP_CONST char *utf8str, size_t count ));
+
+/* Wide Char to UTF-8 character */
+LDAP_F(int) ldap_x_wc_to_utf8 LDAP_P((
+ char *utf8char, wchar_t wchar, size_t count ));
+
+/* Wide Char string to UTF-8 string */
+LDAP_F(int) ldap_x_wcs_to_utf8s LDAP_P((
+ char *utf8str, LDAP_CONST wchar_t *wcstr, size_t count ));
+
+/*
+ * MultiByte Char / UTF-8 Conversion Routines
+ */
+
+/* UTF-8 character to MultiByte character */
+LDAP_F(int) ldap_x_utf8_to_mb LDAP_P((
+ char *mbchar, LDAP_CONST char *utf8char,
+ int (*ldap_f_wctomb)( char *mbchar, wchar_t wchar )));
+
+/* UTF-8 string to MultiByte string */
+LDAP_F(int) ldap_x_utf8s_to_mbs LDAP_P((
+ char *mbstr, LDAP_CONST char *utf8str, size_t count,
+ size_t (*ldap_f_wcstombs)( char *mbstr,
+ LDAP_CONST wchar_t *wcstr, size_t count) ));
+
+/* MultiByte character to UTF-8 character */
+LDAP_F(int) ldap_x_mb_to_utf8 LDAP_P((
+ char *utf8char, LDAP_CONST char *mbchar, size_t mbsize,
+ int (*ldap_f_mbtowc)( wchar_t *wchar,
+ LDAP_CONST char *mbchar, size_t count) ));
+
+/* MultiByte string to UTF-8 string */
+LDAP_F(int) ldap_x_mbs_to_utf8s LDAP_P((
+ char *utf8str, LDAP_CONST char *mbstr, size_t count,
+ size_t (*ldap_f_mbstowcs)( wchar_t *wcstr,
+ LDAP_CONST char *mbstr, size_t count) ));
+
+LDAP_END_DECL
+
+#endif /* _LDAP_UTF8_H */
Added: openldap/vendor/openldap-2.3.35/include/ldif.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/ldif.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/ldif.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,145 @@
+/* $OpenLDAP: pkg/ldap/include/ldif.h,v 1.23.2.7 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#ifndef _LDIF_H
+#define _LDIF_H
+
+#include <ldap_cdefs.h>
+
+LDAP_BEGIN_DECL
+
+/* This is NOT a bogus extern declaration (unlike ldap_debug) */
+LDAP_LDIF_V (int) ldif_debug;
+
+#define LDIF_LINE_WIDTH 76 /* maximum length of LDIF lines */
+
+/*
+ * Macro to calculate maximum number of bytes that the base64 equivalent
+ * of an item that is "len" bytes long will take up. Base64 encoding
+ * uses one byte for every six bits in the value plus up to two pad bytes.
+ */
+#define LDIF_BASE64_LEN(len) (((len) * 4 / 3 ) + 3)
+
+/*
+ * Macro to calculate maximum size that an LDIF-encoded type (length
+ * tlen) and value (length vlen) will take up: room for type + ":: " +
+ * first newline + base64 value + continued lines. Each continued line
+ * needs room for a newline and a leading space character.
+ */
+#define LDIF_SIZE_NEEDED(nlen,vlen) \
+ ((nlen) + 4 + LDIF_BASE64_LEN(vlen) \
+ + ((LDIF_BASE64_LEN(vlen) + (nlen) + 3) / LDIF_LINE_WIDTH * 2 ))
+
+LDAP_LDIF_F( int )
+ldif_parse_line LDAP_P((
+ LDAP_CONST char *line,
+ char **name,
+ char **value,
+ ber_len_t *vlen ));
+
+LDAP_LDIF_F( int )
+ldif_parse_line2 LDAP_P((
+ char *line,
+ struct berval *type,
+ struct berval *value,
+ int *freeval ));
+
+LDAP_LDIF_F( FILE * )
+ldif_open_url LDAP_P(( LDAP_CONST char *urlstr ));
+
+LDAP_LDIF_F( int )
+ldif_fetch_url LDAP_P((
+ LDAP_CONST char *line,
+ char **value,
+ ber_len_t *vlen ));
+
+LDAP_LDIF_F( char * )
+ldif_getline LDAP_P(( char **next ));
+
+LDAP_LDIF_F( int )
+ldif_countlines LDAP_P(( LDAP_CONST char *line ));
+
+/* ldif_ropen, rclose, read_record - just for reading LDIF files,
+ * no special open/close needed to write LDIF files.
+ */
+typedef struct LDIFFP {
+ FILE *fp;
+ struct LDIFFP *prev;
+} LDIFFP;
+
+LDAP_LDIF_F( LDIFFP * )
+ldif_open LDAP_P(( LDAP_CONST char *file, LDAP_CONST char *mode ));
+
+LDAP_LDIF_F( void )
+ldif_close LDAP_P(( LDIFFP * ));
+
+LDAP_LDIF_F( int )
+ldif_read_record LDAP_P((
+ LDIFFP *fp,
+ int *lineno,
+ char **bufp,
+ int *buflen ));
+
+LDAP_LDIF_F( int )
+ldif_must_b64_encode_register LDAP_P((
+ LDAP_CONST char *name,
+ LDAP_CONST char *oid ));
+
+LDAP_LDIF_F( void )
+ldif_must_b64_encode_release LDAP_P(( void ));
+
+#define LDIF_PUT_NOVALUE 0x0000 /* no value */
+#define LDIF_PUT_VALUE 0x0001 /* value w/ auto detection */
+#define LDIF_PUT_TEXT 0x0002 /* assume text */
+#define LDIF_PUT_BINARY 0x0004 /* assume binary (convert to base64) */
+#define LDIF_PUT_B64 0x0008 /* pre-converted base64 value */
+
+#define LDIF_PUT_COMMENT 0x0010 /* comment */
+#define LDIF_PUT_URL 0x0020 /* url */
+#define LDIF_PUT_SEP 0x0040 /* separator */
+
+LDAP_LDIF_F( void )
+ldif_sput LDAP_P((
+ char **out,
+ int type,
+ LDAP_CONST char *name,
+ LDAP_CONST char *val,
+ ber_len_t vlen ));
+
+LDAP_LDIF_F( char * )
+ldif_put LDAP_P((
+ int type,
+ LDAP_CONST char *name,
+ LDAP_CONST char *val,
+ ber_len_t vlen ));
+
+LDAP_LDIF_F( int )
+ldif_is_not_printable LDAP_P((
+ LDAP_CONST char *val,
+ ber_len_t vlen ));
+
+LDAP_END_DECL
+
+#endif /* _LDIF_H */
Added: openldap/vendor/openldap-2.3.35/include/lutil.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/lutil.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/lutil.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,327 @@
+/* $OpenLDAP: pkg/ldap/include/lutil.h,v 1.57.2.7 2007/01/05 09:47:09 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _LUTIL_H
+#define _LUTIL_H 1
+
+#include <ldap_cdefs.h>
+#include <lber_types.h>
+
+/*
+ * Include file for LDAP utility routine
+ */
+
+LDAP_BEGIN_DECL
+
+/* n octets encode into ceiling(n/3) * 4 bytes */
+/* Avoid floating point math through extra padding */
+
+#define LUTIL_BASE64_ENCODE_LEN(n) (((n)+2)/3 * 4)
+#define LUTIL_BASE64_DECODE_LEN(n) ((n)/4*3)
+
+/* ISC Base64 Routines */
+/* base64.c */
+
+LDAP_LUTIL_F( int )
+lutil_b64_ntop LDAP_P((
+ unsigned char const *,
+ size_t,
+ char *,
+ size_t));
+
+LDAP_LUTIL_F( int )
+lutil_b64_pton LDAP_P((
+ char const *,
+ unsigned char *,
+ size_t));
+
+/* detach.c */
+LDAP_LUTIL_F( void )
+lutil_detach LDAP_P((
+ int debug,
+ int do_close));
+
+/* entropy.c */
+LDAP_LUTIL_F( int )
+lutil_entropy LDAP_P((
+ unsigned char *buf,
+ ber_len_t nbytes ));
+
+/* passfile.c */
+struct berval; /* avoid pulling in lber.h */
+
+LDAP_LUTIL_F( int )
+lutil_get_filed_password LDAP_P((
+ const char *filename,
+ struct berval * ));
+
+/* passwd.c */
+struct lutil_pw_scheme;
+
+#define LUTIL_PASSWD_OK (0)
+#define LUTIL_PASSWD_ERR (-1)
+
+typedef int (LUTIL_PASSWD_CHK_FUNC)(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ const struct berval *cred,
+ const char **text );
+
+typedef int (LUTIL_PASSWD_HASH_FUNC) (
+ const struct berval *scheme,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text );
+
+LDAP_LUTIL_F( int )
+lutil_passwd_add LDAP_P((
+ struct berval *scheme,
+ LUTIL_PASSWD_CHK_FUNC *chk_fn,
+ LUTIL_PASSWD_HASH_FUNC *hash_fn ));
+
+LDAP_LUTIL_F( void )
+lutil_passwd_init LDAP_P(( void ));
+
+LDAP_LUTIL_F( void )
+lutil_passwd_destroy LDAP_P(( void ));
+
+LDAP_LUTIL_F( int )
+lutil_authpasswd LDAP_P((
+ const struct berval *passwd, /* stored password */
+ const struct berval *cred, /* user supplied value */
+ const char **methods ));
+
+LDAP_LUTIL_F( int )
+lutil_authpasswd_hash LDAP_P((
+ const struct berval *cred,
+ struct berval **passwd, /* password to store */
+ struct berval **salt, /* salt to store */
+ const char *method ));
+
+#ifdef SLAPD_CRYPT
+typedef int (lutil_cryptfunc) LDAP_P((
+ const char *key,
+ const char *salt,
+ char **hash ));
+LDAP_LUTIL_V (lutil_cryptfunc *) lutil_cryptptr;
+#endif
+
+LDAP_LUTIL_F( int )
+lutil_passwd LDAP_P((
+ const struct berval *passwd, /* stored password */
+ const struct berval *cred, /* user supplied value */
+ const char **methods,
+ const char **text )); /* error message */
+
+LDAP_LUTIL_F( int )
+lutil_passwd_generate LDAP_P(( struct berval *pw, ber_len_t ));
+
+LDAP_LUTIL_F( int )
+lutil_passwd_hash LDAP_P((
+ const struct berval *passwd,
+ const char *method,
+ struct berval *hash,
+ const char **text ));
+
+LDAP_LUTIL_F( int )
+lutil_passwd_scheme LDAP_P((
+ const char *scheme ));
+
+LDAP_LUTIL_F( int )
+lutil_salt_format LDAP_P((
+ const char *format ));
+
+/* utils.c */
+LDAP_LUTIL_F( char* )
+lutil_progname LDAP_P((
+ const char* name,
+ int argc,
+ char *argv[] ));
+
+typedef struct lutil_tm {
+ int tm_sec; /* seconds 0-60 (1 leap second) */
+ int tm_min; /* minutes 0-59 */
+ int tm_hour; /* hours 0-23 */
+ int tm_mday; /* day 1-31 */
+ int tm_mon; /* month 0-11 */
+ int tm_year; /* year - 1900 */
+ int tm_usec; /* microseconds */
+} lutil_tm;
+
+typedef struct lutil_timet {
+ unsigned int tt_sec; /* seconds since 1900 */
+ int tt_gsec; /* seconds since 1900, high 7 bits */
+ unsigned int tt_usec; /* microseconds */
+} lutil_timet;
+
+LDAP_LUTIL_F( int )
+lutil_parsetime LDAP_P((
+ char *atm, struct lutil_tm * ));
+
+LDAP_LUTIL_F( int )
+lutil_tm2time LDAP_P((
+ struct lutil_tm *, struct lutil_timet * ));
+
+#ifdef _WIN32
+LDAP_LUTIL_F( void )
+lutil_slashpath LDAP_P(( char* path ));
+#define LUTIL_SLASHPATH(p) lutil_slashpath(p)
+#else
+#define LUTIL_SLASHPATH(p)
+#endif
+
+LDAP_LUTIL_F( char* )
+lutil_strcopy LDAP_P(( char *dst, const char *src ));
+
+LDAP_LUTIL_F( char* )
+lutil_strncopy LDAP_P(( char *dst, const char *src, size_t n ));
+
+struct tm;
+
+/* use this macro to statically allocate buffer for lutil_gentime */
+#define LDAP_LUTIL_GENTIME_BUFSIZE 22
+#define lutil_gentime(s,m,t) lutil_localtime((s),(m),(t),0)
+LDAP_LUTIL_F( size_t )
+lutil_localtime LDAP_P(( char *s, size_t smax, const struct tm *tm,
+ long delta ));
+
+#ifndef HAVE_MKSTEMP
+LDAP_LUTIL_F( int )
+mkstemp LDAP_P (( char * template ));
+#endif
+
+/* sockpair.c */
+LDAP_LUTIL_F( int )
+lutil_pair( ber_socket_t sd[2] );
+
+/* uuid.c */
+/* use this macro to allocate buffer for lutil_uuidstr */
+#define LDAP_LUTIL_UUIDSTR_BUFSIZE 40
+LDAP_LUTIL_F( size_t )
+lutil_uuidstr( char *buf, size_t len );
+
+/* csn.c */
+/* use this macro to allocate buffer for lutil_csnstr */
+#define LDAP_LUTIL_CSNSTR_BUFSIZE 64
+LDAP_LUTIL_F( size_t )
+lutil_csnstr( char *buf, size_t len, unsigned int replica, unsigned int mod );
+
+/*
+ * Sometimes not all declarations in a header file are needed.
+ * An indicator to this is whether or not the symbol's type has
+ * been defined. Thus, we don't need to include a symbol if
+ * its type has not been defined through another header file.
+ */
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+LDAP_LUTIL_V (int) is_NT_Service;
+
+#ifdef _LDAP_PVT_THREAD_H
+LDAP_LUTIL_V (ldap_pvt_thread_cond_t) started_event;
+#endif /* _LDAP_PVT_THREAD_H */
+
+/* macros are different between Windows and Mingw */
+#if defined(_WINSVC_H) || defined(_WINSVC_)
+LDAP_LUTIL_V (SERVICE_STATUS) lutil_ServiceStatus;
+LDAP_LUTIL_V (SERVICE_STATUS_HANDLE) hlutil_ServiceStatus;
+#endif /* _WINSVC_H */
+
+LDAP_LUTIL_F (void)
+lutil_CommenceStartupProcessing( char *serverName, void (*stopper)(int)) ;
+
+LDAP_LUTIL_F (void)
+lutil_ReportShutdownComplete( void );
+
+LDAP_LUTIL_F (void *)
+lutil_getRegParam( char *svc, char *value );
+
+LDAP_LUTIL_F (int)
+lutil_srv_install( char* service, char * displayName, char* filename,
+ int auto_start );
+LDAP_LUTIL_F (int)
+lutil_srv_remove ( char* service, char* filename );
+
+#endif /* HAVE_NT_SERVICE_MANAGER */
+
+#ifdef HAVE_NT_EVENT_LOG
+LDAP_LUTIL_F (void)
+lutil_LogStartedEvent( char *svc, int slap_debug, char *configfile, char *urls );
+
+LDAP_LUTIL_F (void)
+lutil_LogStoppedEvent( char *svc );
+#endif
+
+#ifdef HAVE_EBCDIC
+/* Generally this has only been used to put '\n' to stdout. We need to
+ * make sure it is output in EBCDIC.
+ */
+#undef putchar
+#undef putc
+#define putchar(c) putc((c), stdout)
+#define putc(c,fp) do { char x=(c); __atoe_l(&x,1); putc(x,fp); } while(0)
+#endif
+
+LDAP_LUTIL_F (int)
+lutil_atoix( int *v, const char *s, int x );
+
+LDAP_LUTIL_F (int)
+lutil_atoux( unsigned *v, const char *s, int x );
+
+LDAP_LUTIL_F (int)
+lutil_atolx( long *v, const char *s, int x );
+
+LDAP_LUTIL_F (int)
+lutil_atoulx( unsigned long *v, const char *s, int x );
+
+#define lutil_atoi(v, s) lutil_atoix((v), (s), 10)
+#define lutil_atou(v, s) lutil_atoux((v), (s), 10)
+#define lutil_atol(v, s) lutil_atolx((v), (s), 10)
+#define lutil_atoul(v, s) lutil_atoulx((v), (s), 10)
+
+LDAP_LUTIL_F (int)
+lutil_parse_time( const char *in, unsigned long *tp );
+
+LDAP_LUTIL_F (int)
+lutil_unparse_time( char *buf, size_t buflen, unsigned long t );
+
+#ifdef timerdiv
+#define lutil_timerdiv timerdiv
+#else /* ! timerdiv */
+/* works inplace (x == t) */
+#define lutil_timerdiv(t,d,x) \
+ do { \
+ time_t s = (t)->tv_sec; \
+ assert( d > 0 ); \
+ (x)->tv_sec = s / d; \
+ (x)->tv_usec = ( (t)->tv_usec + 1000000 * ( s % d ) ) / d; \
+ } while ( 0 )
+#endif /* ! timerdiv */
+
+#ifdef timermul
+#define lutil_timermul timermul
+#else /* ! timermul */
+/* works inplace (x == t) */
+#define lutil_timermul(t,m,x) \
+ do { \
+ time_t u = (t)->tv_usec * m; \
+ assert( m > 0 ); \
+ (x)->tv_sec = (t)->tv_sec * m + u / 1000000; \
+ (x)->tv_usec = u % 1000000; \
+ } while ( 0 );
+#endif /* ! timermul */
+
+LDAP_END_DECL
+
+#endif /* _LUTIL_H */
Added: openldap/vendor/openldap-2.3.35/include/lutil_hash.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/lutil_hash.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/lutil_hash.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,48 @@
+/* $OpenLDAP: pkg/ldap/include/lutil_hash.h,v 1.6.2.3 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _LUTIL_HASH_H_
+#define _LUTIL_HASH_H_
+
+#include <lber_types.h>
+
+LDAP_BEGIN_DECL
+
+#define LUTIL_HASH_BYTES 4
+
+struct lutil_HASHContext {
+ ber_uint_t hash;
+};
+
+LDAP_LUTIL_F( void )
+lutil_HASHInit LDAP_P((
+ struct lutil_HASHContext *context));
+
+LDAP_LUTIL_F( void )
+lutil_HASHUpdate LDAP_P((
+ struct lutil_HASHContext *context,
+ unsigned char const *buf,
+ ber_len_t len));
+
+LDAP_LUTIL_F( void )
+lutil_HASHFinal LDAP_P((
+ unsigned char digest[LUTIL_HASH_BYTES],
+ struct lutil_HASHContext *context));
+
+typedef struct lutil_HASHContext lutil_HASH_CTX;
+
+LDAP_END_DECL
+
+#endif /* _LUTIL_HASH_H_ */
Added: openldap/vendor/openldap-2.3.35/include/lutil_ldap.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/lutil_ldap.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/lutil_ldap.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,47 @@
+/* $OpenLDAP: pkg/ldap/include/lutil_ldap.h,v 1.9.2.3 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _LUTIL_LDAP_H
+#define _LUTIL_LDAP_H 1
+
+#include <ldap_cdefs.h>
+#include <lber_types.h>
+
+/*
+ * Include file for lutil LDAP routines
+ */
+
+LDAP_BEGIN_DECL
+
+LDAP_LUTIL_F( void )
+lutil_sasl_freedefs LDAP_P((
+ void *defaults ));
+
+LDAP_LUTIL_F( void * )
+lutil_sasl_defaults LDAP_P((
+ LDAP *ld,
+ char *mech,
+ char *realm,
+ char *authcid,
+ char *passwd,
+ char *authzid ));
+
+LDAP_LUTIL_F( int )
+lutil_sasl_interact LDAP_P((
+ LDAP *ld, unsigned flags, void *defaults, void *p ));
+
+LDAP_END_DECL
+
+#endif /* _LUTIL_LDAP_H */
Added: openldap/vendor/openldap-2.3.35/include/lutil_lockf.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/lutil_lockf.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/lutil_lockf.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,34 @@
+/* $OpenLDAP: pkg/ldap/include/lutil_lockf.h,v 1.15.2.3 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/* File locking methods
+ *
+ * lutil_lockf() will block until an exclusive lock is acquired.
+ */
+
+#ifndef _LUTIL_LOCKF_H_
+#define _LUTIL_LOCKF_H_
+
+LDAP_BEGIN_DECL
+
+LDAP_LUTIL_F( int )
+lutil_lockf LDAP_P(( int fd ));
+
+LDAP_LUTIL_F( int )
+lutil_unlockf LDAP_P(( int fd ));
+
+LDAP_END_DECL
+
+#endif /* _LUTIL_LOCKF_H_ */
Added: openldap/vendor/openldap-2.3.35/include/lutil_md5.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/lutil_md5.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/lutil_md5.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,64 @@
+/* $OpenLDAP: pkg/ldap/include/lutil_md5.h,v 1.22.2.3 2007/01/02 21:43:46 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _LUTIL_MD5_H_
+#define _LUTIL_MD5_H_
+
+#include <lber_types.h>
+
+LDAP_BEGIN_DECL
+
+/* Unlike previous versions of this code, ber_int_t need not be exactly
+ 32 bits, merely 32 bits or more. Choosing a data type which is 32
+ bits instead of 64 is not important; speed is considerably more
+ important. ANSI guarantees that "unsigned long" will be big enough,
+ and always using it seems to have few disadvantages. */
+
+#define LUTIL_MD5_BYTES 16
+
+struct lutil_MD5Context {
+ ber_uint_t buf[4];
+ ber_uint_t bits[2];
+ unsigned char in[64];
+};
+
+LDAP_LUTIL_F( void )
+lutil_MD5Init LDAP_P((
+ struct lutil_MD5Context *context));
+
+LDAP_LUTIL_F( void )
+lutil_MD5Update LDAP_P((
+ struct lutil_MD5Context *context,
+ unsigned char const *buf,
+ ber_len_t len));
+
+LDAP_LUTIL_F( void )
+lutil_MD5Final LDAP_P((
+ unsigned char digest[16],
+ struct lutil_MD5Context *context));
+
+LDAP_LUTIL_F( void )
+lutil_MD5Transform LDAP_P((
+ ber_uint_t buf[4],
+ const unsigned char in[64]));
+
+/*
+ * This is needed to make RSAREF happy on some MS-DOS compilers.
+ */
+typedef struct lutil_MD5Context lutil_MD5_CTX;
+
+LDAP_END_DECL
+
+#endif /* _LUTIL_MD5_H_ */
Added: openldap/vendor/openldap-2.3.35/include/lutil_sha1.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/lutil_sha1.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/lutil_sha1.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,77 @@
+/* $OpenLDAP: pkg/ldap/include/lutil_sha1.h,v 1.26.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/* This version is based on:
+ * $OpenBSD: sha1.h,v 1.8 1997/07/15 01:54:23 millert Exp $ */
+
+#ifndef _LUTIL_SHA1_H_
+#define _LUTIL_SHA1_H_
+
+#include <ldap_cdefs.h>
+#include <ac/bytes.h>
+
+#ifdef AC_INT4_TYPE
+
+LDAP_BEGIN_DECL
+
+
+/*
+ * SHA-1 in C
+ * By Steve Reid <steve at edmweb.com>
+ */
+#define LUTIL_SHA1_BYTES 20
+
+/* This code assumes char are 8-bits and uint32 are 32-bits */
+typedef ac_uint4 uint32;
+
+typedef struct {
+ uint32 state[5];
+ uint32 count[2];
+ unsigned char buffer[64];
+} lutil_SHA1_CTX;
+
+LDAP_LUTIL_F( void )
+lutil_SHA1Transform
+ LDAP_P((uint32 state[5], const unsigned char buffer[64]));
+
+LDAP_LUTIL_F( void )
+lutil_SHA1Init
+ LDAP_P((lutil_SHA1_CTX *context));
+
+LDAP_LUTIL_F( void )
+lutil_SHA1Update
+ LDAP_P((lutil_SHA1_CTX *context, const unsigned char *data, uint32 len));
+
+LDAP_LUTIL_F( void )
+lutil_SHA1Final
+ LDAP_P((unsigned char digest[20], lutil_SHA1_CTX *context));
+
+LDAP_LUTIL_F( char * )
+lutil_SHA1End
+ LDAP_P((lutil_SHA1_CTX *, char *));
+
+LDAP_LUTIL_F( char * )
+lutil_SHA1File
+ LDAP_P((char *, char *));
+
+LDAP_LUTIL_F( char * )
+lutil_SHA1Data
+ LDAP_P((const unsigned char *, size_t, char *));
+
+LDAP_END_DECL
+
+#endif /* AC_INT4_TYPE */
+
+#endif /* _LUTIL_SHA1_H_ */
Added: openldap/vendor/openldap-2.3.35/include/portable.hin
===================================================================
--- openldap/vendor/openldap-2.3.35/include/portable.hin (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/portable.hin 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1157 @@
+/* include/portable.hin. Generated from configure.in by autoheader. */
+
+
+/* begin of portable.h.pre */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _LDAP_PORTABLE_H
+#define _LDAP_PORTABLE_H
+
+/* define this if needed to get reentrant functions */
+#ifndef REENTRANT
+#undef REENTRANT
+#endif
+#ifndef _REENTRANT
+#undef _REENTRANT
+#endif
+
+/* define this if needed to get threadsafe functions */
+#ifndef THREADSAFE
+#undef THREADSAFE
+#endif
+#ifndef _THREADSAFE
+#undef _THREADSAFE
+#endif
+#ifndef THREAD_SAFE
+#undef THREAD_SAFE
+#endif
+#ifndef _THREAD_SAFE
+#undef _THREAD_SAFE
+#endif
+
+#ifndef _SGI_MP_SOURCE
+#undef _SGI_MP_SOURCE
+#endif
+
+/* end of portable.h.pre */
+
+
+/* define to use both <string.h> and <strings.h> */
+#undef BOTH_STRINGS_H
+
+/* define if cross compiling */
+#undef CROSS_COMPILING
+
+/* set to the number of arguments ctime_r() expects */
+#undef CTIME_R_NARGS
+
+/* define if toupper() requires islower() */
+#undef C_UPPER_LOWER
+
+/* define if sys_errlist is not declared in stdio.h or errno.h */
+#undef DECL_SYS_ERRLIST
+
+/* define to enable rewriting in back-ldap and back-meta */
+#undef ENABLE_REWRITE
+
+/* define to enable slapi library */
+#undef ENABLE_SLAPI
+
+/* defined to be the EXE extension */
+#undef EXEEXT
+
+/* set to the number of arguments gethostbyaddr_r() expects */
+#undef GETHOSTBYADDR_R_NARGS
+
+/* set to the number of arguments gethostbyname_r() expects */
+#undef GETHOSTBYNAME_R_NARGS
+
+/* Define to 1 if `TIOCGWINSZ' requires <sys/ioctl.h>. */
+#undef GWINSZ_IN_SYS_IOCTL
+
+/* define if you have AIX security lib */
+#undef HAVE_AIX_SECURITY
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#undef HAVE_ARPA_INET_H
+
+/* Define to 1 if you have the <arpa/nameser.h> header file. */
+#undef HAVE_ARPA_NAMESER_H
+
+/* Define to 1 if you have the <assert.h> header file. */
+#undef HAVE_ASSERT_H
+
+/* Define to 1 if you have the `bcopy' function. */
+#undef HAVE_BCOPY
+
+/* define this if Berkeley DB is available */
+#undef HAVE_BERKELEY_DB
+
+/* define if Berkeley DB has DB_THREAD support */
+#undef HAVE_BERKELEY_DB_THREAD
+
+/* Define to 1 if you have the <bits/types.h> header file. */
+#undef HAVE_BITS_TYPES_H
+
+/* Define to 1 if you have the `chroot' function. */
+#undef HAVE_CHROOT
+
+/* Define to 1 if you have the `closesocket' function. */
+#undef HAVE_CLOSESOCKET
+
+/* Define to 1 if you have the <conio.h> header file. */
+#undef HAVE_CONIO_H
+
+/* define if crypt(3) is available */
+#undef HAVE_CRYPT
+
+/* Define to 1 if you have the <crypt.h> header file. */
+#undef HAVE_CRYPT_H
+
+/* Define to 1 if you have the <cthreads.h> header file. */
+#undef HAVE_CTHREADS_H
+
+/* Define to 1 if you have the `ctime_r' function. */
+#undef HAVE_CTIME_R
+
+/* define if you have Cyrus SASL */
+#undef HAVE_CYRUS_SASL
+
+/* Define to 1 if you have the <db_185.h> header file. */
+#undef HAVE_DB_185_H
+
+/* Define to 1 if you have the <db.h> header file. */
+#undef HAVE_DB_H
+
+/* define if you have Kerberos des_debug */
+#undef HAVE_DES_DEBUG
+
+/* Define to 1 if you have the <des.h> header file. */
+#undef HAVE_DES_H
+
+/* Define to 1 if you have the <direct.h> header file. */
+#undef HAVE_DIRECT_H
+
+/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
+ */
+#undef HAVE_DIRENT_H
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
+#undef HAVE_DOPRNT
+
+/* define if system uses EBCDIC instead of ASCII */
+#undef HAVE_EBCDIC
+
+/* Define to 1 if you have the `endgrent' function. */
+#undef HAVE_ENDGRENT
+
+/* Define to 1 if you have the `endpwent' function. */
+#undef HAVE_ENDPWENT
+
+/* define if your system supports epoll */
+#undef HAVE_EPOLL
+
+/* Define to 1 if you have the <errno.h> header file. */
+#undef HAVE_ERRNO_H
+
+/* Define to 1 if you have the `fcntl' function. */
+#undef HAVE_FCNTL
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#undef HAVE_FCNTL_H
+
+/* define if you actually have FreeBSD fetch(3) */
+#undef HAVE_FETCH
+
+/* Define to 1 if you have the <filio.h> header file. */
+#undef HAVE_FILIO_H
+
+/* Define to 1 if you have the `flock' function. */
+#undef HAVE_FLOCK
+
+/* Define to 1 if you have the `fstat' function. */
+#undef HAVE_FSTAT
+
+/* Define to 1 if you have the `gai_strerror' function. */
+#undef HAVE_GAI_STRERROR
+
+/* define if GNU DBM is available */
+#undef HAVE_GDBM
+
+/* Define to 1 if you have the <gdbm.h> header file. */
+#undef HAVE_GDBM_H
+
+/* Define to 1 if you have the `getaddrinfo' function. */
+#undef HAVE_GETADDRINFO
+
+/* Define to 1 if you have the `getdtablesize' function. */
+#undef HAVE_GETDTABLESIZE
+
+/* Define to 1 if you have the `getgrgid' function. */
+#undef HAVE_GETGRGID
+
+/* Define to 1 if you have the `gethostbyaddr_r' function. */
+#undef HAVE_GETHOSTBYADDR_R
+
+/* Define to 1 if you have the `gethostbyname_r' function. */
+#undef HAVE_GETHOSTBYNAME_R
+
+/* Define to 1 if you have the `gethostname' function. */
+#undef HAVE_GETHOSTNAME
+
+/* Define to 1 if you have the `getnameinfo' function. */
+#undef HAVE_GETNAMEINFO
+
+/* Define to 1 if you have the `getopt' function. */
+#undef HAVE_GETOPT
+
+/* Define to 1 if you have the <getopt.h> header file. */
+#undef HAVE_GETOPT_H
+
+/* Define to 1 if you have the `getpass' function. */
+#undef HAVE_GETPASS
+
+/* Define to 1 if you have the `getpassphrase' function. */
+#undef HAVE_GETPASSPHRASE
+
+/* Define to 1 if you have the `getpeereid' function. */
+#undef HAVE_GETPEEREID
+
+/* Define to 1 if you have the `getpwnam' function. */
+#undef HAVE_GETPWNAM
+
+/* Define to 1 if you have the `getpwuid' function. */
+#undef HAVE_GETPWUID
+
+/* Define to 1 if you have the `getspnam' function. */
+#undef HAVE_GETSPNAM
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#undef HAVE_GETTIMEOFDAY
+
+/* Define to 1 if you have the <gmp.h> header file. */
+#undef HAVE_GMP_H
+
+/* if you have GNU Pth */
+#undef HAVE_GNU_PTH
+
+/* Define to 1 if you have the <grp.h> header file. */
+#undef HAVE_GRP_H
+
+/* define if you have HEIMDAL Kerberos */
+#undef HAVE_HEIMDAL_KERBEROS
+
+/* Define to 1 if you have the <heim_err.h> header file. */
+#undef HAVE_HEIM_ERR_H
+
+/* Define to 1 if you have the `hstrerror' function. */
+#undef HAVE_HSTRERROR
+
+/* define to you inet_aton(3) is available */
+#undef HAVE_INET_ATON
+
+/* Define to 1 if you have the `inet_ntoa_b' function. */
+#undef HAVE_INET_NTOA_B
+
+/* Define to 1 if you have the `inet_ntop' function. */
+#undef HAVE_INET_NTOP
+
+/* Define to 1 if you have the `initgroups' function. */
+#undef HAVE_INITGROUPS
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the <io.h> header file. */
+#undef HAVE_IO_H
+
+/* define if you have Kerberos */
+#undef HAVE_KERBEROS
+
+/* Define to 1 if you have the <kerberosIV/des.h> header file. */
+#undef HAVE_KERBEROSIV_DES_H
+
+/* Define to 1 if you have the <kerberosIV/krb.h> header file. */
+#undef HAVE_KERBEROSIV_KRB_H
+
+/* define if you have Kerberos IV */
+#undef HAVE_KRB4
+
+/* define if you have Kerberos V with IV support */
+#undef HAVE_KRB425
+
+/* define if you have Kerberos V */
+#undef HAVE_KRB5
+
+/* Define to 1 if you have the <krb5.h> header file. */
+#undef HAVE_KRB5_H
+
+/* Define to 1 if you have the <krb-archaeology.h> header file. */
+#undef HAVE_KRB_ARCHAEOLOGY_H
+
+/* Define to 1 if you have the <krb.h> header file. */
+#undef HAVE_KRB_H
+
+/* define if you have Kth Kerberos */
+#undef HAVE_KTH_KERBEROS
+
+/* Define to 1 if you have the `gen' library (-lgen). */
+#undef HAVE_LIBGEN
+
+/* Define to 1 if you have the `gmp' library (-lgmp). */
+#undef HAVE_LIBGMP
+
+/* Define to 1 if you have the `inet' library (-linet). */
+#undef HAVE_LIBINET
+
+/* define if you have libtool -ltdl */
+#undef HAVE_LIBLTDL
+
+/* Define to 1 if you have the `net' library (-lnet). */
+#undef HAVE_LIBNET
+
+/* Define to 1 if you have the `nsl' library (-lnsl). */
+#undef HAVE_LIBNSL
+
+/* Define to 1 if you have the `nsl_s' library (-lnsl_s). */
+#undef HAVE_LIBNSL_S
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+#undef HAVE_LIBSOCKET
+
+/* Define to 1 if you have the <libutil.h> header file. */
+#undef HAVE_LIBUTIL_H
+
+/* Define to 1 if you have the `V3' library (-lV3). */
+#undef HAVE_LIBV3
+
+/* Define to 1 if you have the <limits.h> header file. */
+#undef HAVE_LIMITS_H
+
+/* if you have LinuxThreads */
+#undef HAVE_LINUX_THREADS
+
+/* Define to 1 if you have the <locale.h> header file. */
+#undef HAVE_LOCALE_H
+
+/* Define to 1 if you have the `lockf' function. */
+#undef HAVE_LOCKF
+
+/* Define to 1 if the system has the type `long long'. */
+#undef HAVE_LONG_LONG
+
+/* Define to 1 if you have the <ltdl.h> header file. */
+#undef HAVE_LTDL_H
+
+/* if you have SunOS LWP package */
+#undef HAVE_LWP
+
+/* Define to 1 if you have the <lwp/lwp.h> header file. */
+#undef HAVE_LWP_LWP_H
+
+/* define if you have Mach Cthreads */
+#undef HAVE_MACH_CTHREADS
+
+/* Define to 1 if you have the <mach/cthreads.h> header file. */
+#undef HAVE_MACH_CTHREADS_H
+
+/* Define to 1 if you have the <malloc.h> header file. */
+#undef HAVE_MALLOC_H
+
+/* define if MDBM is available */
+#undef HAVE_MDBM
+
+/* Define to 1 if you have the <mdbm.h> header file. */
+#undef HAVE_MDBM_H
+
+/* Define to 1 if you have the `memcpy' function. */
+#undef HAVE_MEMCPY
+
+/* Define to 1 if you have the `memmove' function. */
+#undef HAVE_MEMMOVE
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the `memrchr' function. */
+#undef HAVE_MEMRCHR
+
+/* Define to 1 if you have the `mkstemp' function. */
+#undef HAVE_MKSTEMP
+
+/* Define to 1 if you have the `mktemp' function. */
+#undef HAVE_MKTEMP
+
+/* define this if you have mkversion */
+#undef HAVE_MKVERSION
+
+/* define if NDBM is available */
+#undef HAVE_NDBM
+
+/* Define to 1 if you have the <ndbm.h> header file. */
+#undef HAVE_NDBM_H
+
+/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
+#undef HAVE_NDIR_H
+
+/* Define to 1 if you have the <netinet/tcp.h> header file. */
+#undef HAVE_NETINET_TCP_H
+
+/* define if strerror_r returns char* instead of int */
+#undef HAVE_NONPOSIX_STRERROR_R
+
+/* if you have NT Event Log */
+#undef HAVE_NT_EVENT_LOG
+
+/* if you have NT Service Manager */
+#undef HAVE_NT_SERVICE_MANAGER
+
+/* if you have NT Threads */
+#undef HAVE_NT_THREADS
+
+/* define if you have OpenSSL */
+#undef HAVE_OPENSSL
+
+/* Define to 1 if you have the <openssl/bn.h> header file. */
+#undef HAVE_OPENSSL_BN_H
+
+/* define if you have OpenSSL with CRL checking capability */
+#undef HAVE_OPENSSL_CRL
+
+/* Define to 1 if you have the <openssl/crypto.h> header file. */
+#undef HAVE_OPENSSL_CRYPTO_H
+
+/* Define to 1 if you have the <openssl/ssl.h> header file. */
+#undef HAVE_OPENSSL_SSL_H
+
+/* Define to 1 if you have the `pipe' function. */
+#undef HAVE_PIPE
+
+/* Define to 1 if you have the `poll' function. */
+#undef HAVE_POLL
+
+/* Define to 1 if you have the <poll.h> header file. */
+#undef HAVE_POLL_H
+
+/* Define to 1 if you have the <process.h> header file. */
+#undef HAVE_PROCESS_H
+
+/* Define to 1 if you have the <psap.h> header file. */
+#undef HAVE_PSAP_H
+
+/* define to pthreads API spec revision */
+#undef HAVE_PTHREADS
+
+/* define if you have pthread_detach function */
+#undef HAVE_PTHREAD_DETACH
+
+/* Define to 1 if you have the `pthread_getconcurrency' function. */
+#undef HAVE_PTHREAD_GETCONCURRENCY
+
+/* Define to 1 if you have the <pthread.h> header file. */
+#undef HAVE_PTHREAD_H
+
+/* Define to 1 if you have the `pthread_kill' function. */
+#undef HAVE_PTHREAD_KILL
+
+/* Define to 1 if you have the `pthread_kill_other_threads_np' function. */
+#undef HAVE_PTHREAD_KILL_OTHER_THREADS_NP
+
+/* Define to 1 if you have the `pthread_rwlock_destroy' function. */
+#undef HAVE_PTHREAD_RWLOCK_DESTROY
+
+/* Define to 1 if you have the `pthread_setconcurrency' function. */
+#undef HAVE_PTHREAD_SETCONCURRENCY
+
+/* Define to 1 if you have the `pthread_yield' function. */
+#undef HAVE_PTHREAD_YIELD
+
+/* Define to 1 if you have the <pth.h> header file. */
+#undef HAVE_PTH_H
+
+/* Define to 1 if the system has the type `ptrdiff_t'. */
+#undef HAVE_PTRDIFF_T
+
+/* Define to 1 if you have the <pwd.h> header file. */
+#undef HAVE_PWD_H
+
+/* Define to 1 if you have the `read' function. */
+#undef HAVE_READ
+
+/* Define to 1 if you have the `recv' function. */
+#undef HAVE_RECV
+
+/* Define to 1 if you have the `recvfrom' function. */
+#undef HAVE_RECVFROM
+
+/* Define to 1 if you have the <regex.h> header file. */
+#undef HAVE_REGEX_H
+
+/* Define to 1 if you have the <resolv.h> header file. */
+#undef HAVE_RESOLV_H
+
+/* define if you have res_query() */
+#undef HAVE_RES_QUERY
+
+/* define if OpenSSL needs RSAref */
+#undef HAVE_RSAREF
+
+/* Define to 1 if you have the <sasl.h> header file. */
+#undef HAVE_SASL_H
+
+/* Define to 1 if you have the <sasl/sasl.h> header file. */
+#undef HAVE_SASL_SASL_H
+
+/* define if your SASL library has sasl_version() */
+#undef HAVE_SASL_VERSION
+
+/* Define to 1 if you have the <sched.h> header file. */
+#undef HAVE_SCHED_H
+
+/* Define to 1 if you have the `sched_yield' function. */
+#undef HAVE_SCHED_YIELD
+
+/* Define to 1 if you have the `send' function. */
+#undef HAVE_SEND
+
+/* Define to 1 if you have the `sendmsg' function. */
+#undef HAVE_SENDMSG
+
+/* Define to 1 if you have the `sendto' function. */
+#undef HAVE_SENDTO
+
+/* Define to 1 if you have the `setegid' function. */
+#undef HAVE_SETEGID
+
+/* Define to 1 if you have the `seteuid' function. */
+#undef HAVE_SETEUID
+
+/* Define to 1 if you have the `setgid' function. */
+#undef HAVE_SETGID
+
+/* define if setproctitle(3) is available */
+#undef HAVE_SETPROCTITLE
+
+/* Define to 1 if you have the `setpwfile' function. */
+#undef HAVE_SETPWFILE
+
+/* Define to 1 if you have the `setsid' function. */
+#undef HAVE_SETSID
+
+/* Define to 1 if you have the `setuid' function. */
+#undef HAVE_SETUID
+
+/* Define to 1 if you have the <sgtty.h> header file. */
+#undef HAVE_SGTTY_H
+
+/* Define to 1 if you have the <shadow.h> header file. */
+#undef HAVE_SHADOW_H
+
+/* Define to 1 if you have the `sigaction' function. */
+#undef HAVE_SIGACTION
+
+/* Define to 1 if you have the `signal' function. */
+#undef HAVE_SIGNAL
+
+/* Define to 1 if you have the `sigset' function. */
+#undef HAVE_SIGSET
+
+/* define if you have -lslp */
+#undef HAVE_SLP
+
+/* Define to 1 if you have the <slp.h> header file. */
+#undef HAVE_SLP_H
+
+/* Define to 1 if you have the `snprintf' function. */
+#undef HAVE_SNPRINTF
+
+/* if you have spawnlp() */
+#undef HAVE_SPAWNLP
+
+/* Define to 1 if you have the <sqlext.h> header file. */
+#undef HAVE_SQLEXT_H
+
+/* Define to 1 if you have the <sql.h> header file. */
+#undef HAVE_SQL_H
+
+/* Define to 1 if you have the <stddef.h> header file. */
+#undef HAVE_STDDEF_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the `strdup' function. */
+#undef HAVE_STRDUP
+
+/* Define to 1 if you have the `strerror' function. */
+#undef HAVE_STRERROR
+
+/* Define to 1 if you have the `strerror_r' function. */
+#undef HAVE_STRERROR_R
+
+/* Define to 1 if you have the `strftime' function. */
+#undef HAVE_STRFTIME
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the `strpbrk' function. */
+#undef HAVE_STRPBRK
+
+/* Define to 1 if you have the `strrchr' function. */
+#undef HAVE_STRRCHR
+
+/* Define to 1 if you have the `strsep' function. */
+#undef HAVE_STRSEP
+
+/* Define to 1 if you have the `strspn' function. */
+#undef HAVE_STRSPN
+
+/* Define to 1 if you have the `strstr' function. */
+#undef HAVE_STRSTR
+
+/* Define to 1 if you have the `strtol' function. */
+#undef HAVE_STRTOL
+
+/* Define to 1 if you have the `strtoll' function. */
+#undef HAVE_STRTOLL
+
+/* Define to 1 if you have the `strtoq' function. */
+#undef HAVE_STRTOQ
+
+/* Define to 1 if you have the `strtoul' function. */
+#undef HAVE_STRTOUL
+
+/* Define to 1 if you have the `strtouq' function. */
+#undef HAVE_STRTOUQ
+
+/* Define to 1 if `msg_accrightslen' is member of `struct msghdr'. */
+#undef HAVE_STRUCT_MSGHDR_MSG_ACCRIGHTSLEN
+
+/* Define to 1 if `msg_control' is member of `struct msghdr'. */
+#undef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+
+/* Define to 1 if `pw_gecos' is member of `struct passwd'. */
+#undef HAVE_STRUCT_PASSWD_PW_GECOS
+
+/* Define to 1 if `pw_passwd' is member of `struct passwd'. */
+#undef HAVE_STRUCT_PASSWD_PW_PASSWD
+
+/* Define to 1 if `st_blksize' is member of `struct stat'. */
+#undef HAVE_STRUCT_STAT_ST_BLKSIZE
+
+/* Define to 1 if you have the <synch.h> header file. */
+#undef HAVE_SYNCH_H
+
+/* Define to 1 if you have the `sysconf' function. */
+#undef HAVE_SYSCONF
+
+/* Define to 1 if you have the <sysexits.h> header file. */
+#undef HAVE_SYSEXITS_H
+
+/* Define to 1 if you have the <syslog.h> header file. */
+#undef HAVE_SYSLOG_H
+
+/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
+ */
+#undef HAVE_SYS_DIR_H
+
+/* Define to 1 if you have the <sys/epoll.h> header file. */
+#undef HAVE_SYS_EPOLL_H
+
+/* define if you actually have sys_errlist in your libs */
+#undef HAVE_SYS_ERRLIST
+
+/* Define to 1 if you have the <sys/errno.h> header file. */
+#undef HAVE_SYS_ERRNO_H
+
+/* Define to 1 if you have the <sys/file.h> header file. */
+#undef HAVE_SYS_FILE_H
+
+/* Define to 1 if you have the <sys/filio.h> header file. */
+#undef HAVE_SYS_FILIO_H
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#undef HAVE_SYS_IOCTL_H
+
+/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
+ */
+#undef HAVE_SYS_NDIR_H
+
+/* Define to 1 if you have the <sys/param.h> header file. */
+#undef HAVE_SYS_PARAM_H
+
+/* Define to 1 if you have the <sys/resource.h> header file. */
+#undef HAVE_SYS_RESOURCE_H
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#undef HAVE_SYS_SELECT_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/syslog.h> header file. */
+#undef HAVE_SYS_SYSLOG_H
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#undef HAVE_SYS_TIME_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <sys/ucred.h> header file. */
+#undef HAVE_SYS_UCRED_H
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#undef HAVE_SYS_UIO_H
+
+/* Define to 1 if you have the <sys/un.h> header file. */
+#undef HAVE_SYS_UN_H
+
+/* Define to 1 if you have the <sys/uuid.h> header file. */
+#undef HAVE_SYS_UUID_H
+
+/* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */
+#undef HAVE_SYS_WAIT_H
+
+/* define if you have -lwrap */
+#undef HAVE_TCPD
+
+/* Define to 1 if you have the <tcpd.h> header file. */
+#undef HAVE_TCPD_H
+
+/* Define to 1 if you have the <termios.h> header file. */
+#undef HAVE_TERMIOS_H
+
+/* if you have Solaris LWP (thr) package */
+#undef HAVE_THR
+
+/* Define to 1 if you have the <thread.h> header file. */
+#undef HAVE_THREAD_H
+
+/* Define to 1 if you have the `thr_getconcurrency' function. */
+#undef HAVE_THR_GETCONCURRENCY
+
+/* Define to 1 if you have the `thr_setconcurrency' function. */
+#undef HAVE_THR_SETCONCURRENCY
+
+/* Define to 1 if you have the `thr_yield' function. */
+#undef HAVE_THR_YIELD
+
+/* define if you have TLS */
+#undef HAVE_TLS
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the <utime.h> header file. */
+#undef HAVE_UTIME_H
+
+/* define if you have uuid_to_str() */
+#undef HAVE_UUID_TO_STR
+
+/* Define to 1 if you have the `vprintf' function. */
+#undef HAVE_VPRINTF
+
+/* Define to 1 if you have the `vsnprintf' function. */
+#undef HAVE_VSNPRINTF
+
+/* Define to 1 if you have the `wait4' function. */
+#undef HAVE_WAIT4
+
+/* Define to 1 if you have the `waitpid' function. */
+#undef HAVE_WAITPID
+
+/* define if you have winsock */
+#undef HAVE_WINSOCK
+
+/* define if you have winsock2 */
+#undef HAVE_WINSOCK2
+
+/* Define to 1 if you have the <winsock2.h> header file. */
+#undef HAVE_WINSOCK2_H
+
+/* Define to 1 if you have the <winsock.h> header file. */
+#undef HAVE_WINSOCK_H
+
+/* Define to 1 if you have the `write' function. */
+#undef HAVE_WRITE
+
+/* define if select implicitly yields */
+#undef HAVE_YIELDING_SELECT
+
+/* define to 32-bit or greater integer type */
+#undef LBER_INT_T
+
+/* define to large integer type */
+#undef LBER_LEN_T
+
+/* define to socket descriptor type */
+#undef LBER_SOCKET_T
+
+/* define to large integer type */
+#undef LBER_TAG_T
+
+/* define to 1 if library is thread safe */
+#undef LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE
+
+/* define to LDAP VENDOR VERSION */
+#undef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+
+/* define to LDAP VENDOR VERSION */
+#undef LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS
+
+/* define this to add debugging code */
+#undef LDAP_DEBUG
+
+/* define if LDAP libs are dynamic */
+#undef LDAP_LIBS_DYNAMIC
+
+/* define to support PF_INET6 */
+#undef LDAP_PF_INET6
+
+/* define to support PF_LOCAL */
+#undef LDAP_PF_LOCAL
+
+/* define this for LDAP process title support */
+#undef LDAP_PROCTITLE
+
+/* define this to add SLAPI code */
+#undef LDAP_SLAPI
+
+/* define this to add syslog code */
+#undef LDAP_SYSLOG
+
+/* Version */
+#undef LDAP_VENDOR_VERSION
+
+/* Major */
+#undef LDAP_VENDOR_VERSION_MAJOR
+
+/* Minor */
+#undef LDAP_VENDOR_VERSION_MINOR
+
+/* Patch */
+#undef LDAP_VENDOR_VERSION_PATCH
+
+/* define this to use DBBTREE w/ LDBM backend */
+#undef LDBM_USE_DBBTREE
+
+/* define this to use DBHASH w/ LDBM backend */
+#undef LDBM_USE_DBHASH
+
+/* define if memcmp is not 8-bit clean or is otherwise broken */
+#undef NEED_MEMCMP_REPLACEMENT
+
+/* define if you have (or want) no threads */
+#undef NO_THREADS
+
+/* Package */
+#undef OPENLDAP_PACKAGE
+
+/* Version */
+#undef OPENLDAP_VERSION
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* define if sched_yield yields the entire process */
+#undef REPLACE_BROKEN_YIELD
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#undef RETSIGTYPE
+
+/* Define to the type of arg 1 for `select'. */
+#undef SELECT_TYPE_ARG1
+
+/* Define to the type of args 2, 3 and 4 for `select'. */
+#undef SELECT_TYPE_ARG234
+
+/* Define to the type of arg 5 for `select'. */
+#undef SELECT_TYPE_ARG5
+
+/* The size of a `int', as computed by sizeof. */
+#undef SIZEOF_INT
+
+/* The size of a `long', as computed by sizeof. */
+#undef SIZEOF_LONG
+
+/* The size of a `long long', as computed by sizeof. */
+#undef SIZEOF_LONG_LONG
+
+/* The size of a `short', as computed by sizeof. */
+#undef SIZEOF_SHORT
+
+/* The size of a `wchar_t', as computed by sizeof. */
+#undef SIZEOF_WCHAR_T
+
+/* define to support per-object ACIs */
+#undef SLAPD_ACI_ENABLED
+
+/* define to support BDB backend */
+#undef SLAPD_BDB
+
+/* define to support cleartext passwords */
+#undef SLAPD_CLEARTEXT
+
+/* define to support crypt(3) passwords */
+#undef SLAPD_CRYPT
+
+/* define to support DNS SRV backend */
+#undef SLAPD_DNSSRV
+
+/* define to support HDB backend */
+#undef SLAPD_HDB
+
+/* define to support LDAP backend */
+#undef SLAPD_LDAP
+
+/* define to support LDBM backend */
+#undef SLAPD_LDBM
+
+/* define to support LAN Manager passwords */
+#undef SLAPD_LMHASH
+
+/* define to support LDAP Metadirectory backend */
+#undef SLAPD_META
+
+/* define to support modules */
+#undef SLAPD_MODULES
+
+/* dynamically linked module */
+#undef SLAPD_MOD_DYNAMIC
+
+/* statically linked module */
+#undef SLAPD_MOD_STATIC
+
+/* define to support cn=Monitor backend */
+#undef SLAPD_MONITOR
+
+/* define to support multimaster replication */
+#undef SLAPD_MULTIMASTER
+
+/* define to support NULL backend */
+#undef SLAPD_NULL
+
+/* define for In-Directory Access Logging overlay */
+#undef SLAPD_OVER_ACCESSLOG
+
+/* define for Audit Logging overlay */
+#undef SLAPD_OVER_AUDITLOG
+
+/* define for Deny Operation overlay */
+#undef SLAPD_OVER_DENYOP
+
+/* define for Dynamic Group overlay */
+#undef SLAPD_OVER_DYNGROUP
+
+/* define for Dynamic List overlay */
+#undef SLAPD_OVER_DYNLIST
+
+/* define for Last Modification overlay */
+#undef SLAPD_OVER_LASTMOD
+
+/* define for Password Policy overlay */
+#undef SLAPD_OVER_PPOLICY
+
+/* define for Proxy Cache overlay */
+#undef SLAPD_OVER_PROXYCACHE
+
+/* define for Referential Integrity overlay */
+#undef SLAPD_OVER_REFINT
+
+/* define for Referential Integrity overlay */
+#undef SLAPD_OVER_RETCODE
+
+/* define for Rewrite/Remap overlay */
+#undef SLAPD_OVER_RWM
+
+/* define for Syncrepl Provider overlay */
+#undef SLAPD_OVER_SYNCPROV
+
+/* define for Translucent Proxy overlay */
+#undef SLAPD_OVER_TRANSLUCENT
+
+/* define for Attribute Uniqueness overlay */
+#undef SLAPD_OVER_UNIQUE
+
+/* define for Value Sorting overlay */
+#undef SLAPD_OVER_VALSORT
+
+/* define to support PASSWD backend */
+#undef SLAPD_PASSWD
+
+/* define to support PERL backend */
+#undef SLAPD_PERL
+
+/* define to support relay backend */
+#undef SLAPD_RELAY
+
+/* define to support reverse lookups */
+#undef SLAPD_RLOOKUPS
+
+/* define to support SHELL backend */
+#undef SLAPD_SHELL
+
+/* define to support SASL passwords */
+#undef SLAPD_SPASSWD
+
+/* define to support SQL backend */
+#undef SLAPD_SQL
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#undef TIME_WITH_SYS_TIME
+
+/* Define to 1 if your <sys/time.h> declares `struct tm'. */
+#undef TM_IN_SYS_TIME
+
+/* set to urandom device */
+#undef URANDOM_DEVICE
+
+/* define to use OpenSSL BIGNUM for MP */
+#undef USE_MP_BIGNUM
+
+/* define to use GMP for MP */
+#undef USE_MP_GMP
+
+/* define to use 'long' for MP */
+#undef USE_MP_LONG
+
+/* define to use 'long long' for MP */
+#undef USE_MP_LONG_LONG
+
+/* Define to 1 if your processor stores words with the most significant byte
+ first (like Motorola and SPARC, unlike Intel and VAX). */
+#undef WORDS_BIGENDIAN
+
+/* Define to `char *' if <sys/types.h> does not define. */
+#undef caddr_t
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef gid_t
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef mode_t
+
+/* Define to `long' if <sys/types.h> does not define. */
+#undef off_t
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef pid_t
+
+/* Define to `int' if <signal.h> does not define. */
+#undef sig_atomic_t
+
+/* Define to `unsigned' if <sys/types.h> does not define. */
+#undef size_t
+
+/* define to snprintf routine */
+#undef snprintf
+
+/* Define to `int' if <sys/socket.h> does not define. */
+#undef socklen_t
+
+/* Define to `signed int' if <sys/types.h> does not define. */
+#undef ssize_t
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef uid_t
+
+/* define as empty if volatile is not supported */
+#undef volatile
+
+/* define to snprintf routine */
+#undef vsnprintf
+
+
+/* begin of portable.h.post */
+
+#ifdef _WIN32
+ /* don't suck in all of the win32 api */
+# define WIN32_LEAN_AND_MEAN 1
+#endif
+
+#ifndef LDAP_NEEDS_PROTOTYPES
+/* force LDAP_P to always include prototypes */
+#define LDAP_NEEDS_PROTOTYPES 1
+#endif
+
+#ifndef LDAP_REL_ENG
+#if (LDAP_VENDOR_VERSION == 000000) && !defined(LDAP_DEVEL)
+#define LDAP_DEVEL
+#endif
+#if defined(LDAP_DEVEL) && !defined(LDAP_TEST)
+#define LDAP_TEST
+#endif
+#endif
+
+#ifdef HAVE_STDDEF_H
+# include <stddef.h>
+#endif
+
+#ifdef HAVE_EBCDIC
+/* ASCII/EBCDIC converting replacements for stdio funcs
+ * vsnprintf and snprintf are used too, but they are already
+ * checked by the configure script
+ */
+#define fputs ber_pvt_fputs
+#define fgets ber_pvt_fgets
+#define printf ber_pvt_printf
+#define fprintf ber_pvt_fprintf
+#define vfprintf ber_pvt_vfprintf
+#define vsprintf ber_pvt_vsprintf
+#endif
+
+#include "ac/fdset.h"
+
+#include "ldap_cdefs.h"
+#include "ldap_features.h"
+
+#include "ac/assert.h"
+#include "ac/localize.h"
+
+#endif /* _LDAP_PORTABLE_H */
+/* end of portable.h.post */
+
Added: openldap/vendor/openldap-2.3.35/include/rewrite.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/rewrite.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/rewrite.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,258 @@
+/* $OpenLDAP: pkg/ldap/include/rewrite.h,v 1.12.2.4 2007/01/02 21:43:47 kurt Exp $
+ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#ifndef REWRITE_H
+#define REWRITE_H
+
+/*
+ * Default rewrite context
+ */
+#define REWRITE_DEFAULT_CONTEXT "default"
+
+/*
+ * Rewrite engine states
+ */
+#define REWRITE_OFF 0x0000
+#define REWRITE_ON 0x0001
+#define REWRITE_DEFAULT REWRITE_OFF
+
+/*
+ * Rewrite internal status returns
+ */
+#define REWRITE_SUCCESS LDAP_SUCCESS
+#define REWRITE_ERR LDAP_OTHER
+
+/*
+ * Rewrite modes (input values for rewrite_info_init); determine the
+ * behavior in case a null or non existent context is required:
+ *
+ * REWRITE_MODE_ERR error
+ * REWRITE_MODE_OK no error but no rewrite
+ * REWRITE_MODE_COPY_INPUT a copy of the input is returned
+ * REWRITE_MODE_USE_DEFAULT the default context is used.
+ */
+#define REWRITE_MODE_ERR 0x0010
+#define REWRITE_MODE_OK 0x0011
+#define REWRITE_MODE_COPY_INPUT 0x0012
+#define REWRITE_MODE_USE_DEFAULT 0x0013
+
+/*
+ * Rewrite status returns
+ *
+ * REWRITE_REGEXEC_OK success (result may be empty in case
+ * of no match)
+ * REWRITE_REGEXEC_ERR error (internal error,
+ * misconfiguration, map not working ...)
+ * REWRITE_REGEXEC_STOP internal use; never returned
+ * REWRITE_REGEXEC_UNWILLING the server should issue an 'unwilling
+ * to perform' error
+ */
+#define REWRITE_REGEXEC_OK (0)
+#define REWRITE_REGEXEC_ERR (-1)
+#define REWRITE_REGEXEC_STOP (-2)
+#define REWRITE_REGEXEC_UNWILLING (-3)
+#define REWRITE_REGEXEC_USER (1) /* and above: LDAP errors */
+
+/*
+ * Rewrite variable flags
+ * REWRITE_VAR_INSERT insert mode (default) when adding
+ * a variable; if not set during value
+ * update, the variable is not inserted
+ * if not present
+ * REWRITE_VAR_UPDATE update mode (default) when updating
+ * a variable; if not set during insert,
+ * the value is not updated if the
+ * variable already exists
+ * REWRITE_VAR_COPY_NAME copy the variable name; if not set,
+ * the name is not copied; be sure the
+ * referenced string is available for
+ * the entire life scope of the variable.
+ * REWRITE_VAR_COPY_VALUE copy the variable value; if not set,
+ * the value is not copied; be sure the
+ * referenced string is available for
+ * the entire life scope of the variable.
+ */
+#define REWRITE_VAR_NONE 0x0000
+#define REWRITE_VAR_INSERT 0x0001
+#define REWRITE_VAR_UPDATE 0x0002
+#define REWRITE_VAR_COPY_NAME 0x0004
+#define REWRITE_VAR_COPY_VALUE 0x0008
+
+/*
+ * Rewrite info
+ */
+struct rewrite_info;
+
+struct berval; /* avoid include */
+
+LDAP_BEGIN_DECL
+
+/*
+ * Inits the info
+ */
+LDAP_REWRITE_F (struct rewrite_info *)
+rewrite_info_init(
+ int mode
+);
+
+/*
+ * Cleans up the info structure
+ */
+LDAP_REWRITE_F (int)
+rewrite_info_delete(
+ struct rewrite_info **info
+);
+
+
+/*
+ * Parses a config line and takes actions to fit content in rewrite structure;
+ * lines handled are of the form:
+ *
+ * rewriteEngine {on|off}
+ * rewriteMaxPasses numPasses
+ * rewriteContext contextName [alias aliasedRewriteContex]
+ * rewriteRule pattern substPattern [ruleFlags]
+ * rewriteMap mapType mapName [mapArgs]
+ * rewriteParam paramName paramValue
+ */
+LDAP_REWRITE_F (int)
+rewrite_parse(
+ struct rewrite_info *info,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+);
+
+/*
+ * process a config file that was already opened. Uses rewrite_parse.
+ */
+LDAP_REWRITE_F (int)
+rewrite_read(
+ FILE *fin,
+ struct rewrite_info *info
+);
+
+/*
+ * Rewrites a string according to context.
+ * If the engine is off, OK is returned, but the return string will be NULL.
+ * In case of 'unwilling to perform', UNWILLING is returned, and the
+ * return string will also be null. The same in case of error.
+ * Otherwise, OK is returned, and result will hold a newly allocated string
+ * with the rewriting.
+ *
+ * What to do in case of non-existing rewrite context is still an issue.
+ * Four possibilities:
+ * - error,
+ * - ok with NULL result,
+ * - ok with copy of string as result,
+ * - use the default rewrite context.
+ */
+LDAP_REWRITE_F (int)
+rewrite(
+ struct rewrite_info *info,
+ const char *rewriteContext,
+ const char *string,
+ char **result
+);
+
+/*
+ * Same as above; the cookie relates the rewrite to a session
+ */
+LDAP_REWRITE_F (int)
+rewrite_session(
+ struct rewrite_info *info,
+ const char *rewriteContext,
+ const char *string,
+ const void *cookie,
+ char **result
+);
+
+/*
+ * Inits a session
+ */
+LDAP_REWRITE_F (struct rewrite_session *)
+rewrite_session_init(
+ struct rewrite_info *info,
+ const void *cookie
+);
+
+/*
+ * Defines and inits a variable with session scope
+ */
+LDAP_REWRITE_F (int)
+rewrite_session_var_set_f(
+ struct rewrite_info *info,
+ const void *cookie,
+ const char *name,
+ const char *value,
+ int flags
+);
+
+#define rewrite_session_var_set(info, cookie, name, value) \
+ rewrite_session_var_set_f((info), (cookie), (name), (value), \
+ REWRITE_VAR_INSERT|REWRITE_VAR_UPDATE|REWRITE_VAR_COPY_NAME|REWRITE_VAR_COPY_VALUE)
+
+/*
+ * Deletes a session
+ */
+LDAP_REWRITE_F (int)
+rewrite_session_delete(
+ struct rewrite_info *info,
+ const void *cookie
+);
+
+
+/*
+ * Params
+ */
+
+/*
+ * Defines and inits a variable with global scope
+ */
+LDAP_REWRITE_F (int)
+rewrite_param_set(
+ struct rewrite_info *info,
+ const char *name,
+ const char *value
+);
+
+/*
+ * Gets a var with global scope
+ */
+LDAP_REWRITE_F (int)
+rewrite_param_get(
+ struct rewrite_info *info,
+ const char *name,
+ struct berval *value
+);
+
+/*
+ * Destroys the parameter tree
+ */
+LDAP_REWRITE_F (int)
+rewrite_param_destroy(
+ struct rewrite_info *info
+);
+
+LDAP_END_DECL
+
+#endif /* REWRITE_H */
Added: openldap/vendor/openldap-2.3.35/include/slapi-plugin.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/slapi-plugin.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/slapi-plugin.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,885 @@
+/* $OpenLDAP: pkg/ldap/include/slapi-plugin.h,v 1.37.2.6 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1997,2002,2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * This header is used in development of SLAPI plugins for
+ * OpenLDAP slapd(8) and other directory servers supporting
+ * this interface. Your portability mileage may vary.
+ */
+
+#ifndef _SLAPI_PLUGIN_H
+#define _SLAPI_PLUGIN_H
+
+#include <ldap.h>
+
+typedef struct slapi_pblock Slapi_PBlock;
+typedef struct slapi_entry Slapi_Entry;
+typedef struct slapi_attr Slapi_Attr;
+typedef struct slapi_value Slapi_Value;
+typedef struct slapi_valueset Slapi_ValueSet;
+typedef struct slapi_filter Slapi_Filter;
+typedef struct slap_backend_db Slapi_Backend;
+typedef struct slap_op Slapi_Operation;
+typedef struct slap_conn Slapi_Connection;
+typedef struct slapi_dn Slapi_DN;
+typedef struct slapi_rdn Slapi_RDN;
+typedef struct slapi_mod Slapi_Mod;
+typedef struct slapi_mods Slapi_Mods;
+typedef struct slapi_componentid Slapi_ComponentId;
+
+#define SLAPI_ATTR_UNIQUEID "entryUUID"
+#define SLAPI_ATTR_OBJECTCLASS "objectClass"
+
+/* pblock routines */
+int slapi_pblock_get( Slapi_PBlock *pb, int arg, void *value );
+int slapi_pblock_set( Slapi_PBlock *pb, int arg, void *value );
+Slapi_PBlock *slapi_pblock_new( void );
+void slapi_pblock_destroy( Slapi_PBlock *pb );
+
+/* entry/attr/dn routines */
+Slapi_Entry *slapi_str2entry( char *s, int flags );
+#define SLAPI_STR2ENTRY_REMOVEDUPVALS 1
+#define SLAPI_STR2ENTRY_ADDRDNVALS 2
+#define SLAPI_STR2ENTRY_BIGENTRY 4
+#define SLAPI_STR2ENTRY_TOMBSTONE_CHECK 8
+#define SLAPI_STR2ENTRY_IGNORE_STATE 16
+#define SLAPI_STR2ENTRY_INCLUDE_VERSION_STR 32
+#define SLAPI_STR2ENTRY_EXPAND_OBJECTCLASSES 64
+#define SLAPI_STR2ENTRY_NOT_WELL_FORMED_LDIF 128
+char *slapi_entry2str( Slapi_Entry *e, int *len );
+char *slapi_entry_get_dn( Slapi_Entry *e );
+int slapi_x_entry_get_id( Slapi_Entry *e );
+void slapi_entry_set_dn( Slapi_Entry *e, char *dn );
+Slapi_Entry *slapi_entry_dup( Slapi_Entry *e );
+int slapi_entry_attr_delete( Slapi_Entry *e, char *type );
+Slapi_Entry *slapi_entry_alloc();
+void slapi_entry_free( Slapi_Entry *e );
+int slapi_entry_attr_merge( Slapi_Entry *e, char *type, struct berval **vals );
+int slapi_entry_attr_find( Slapi_Entry *e, char *type, Slapi_Attr **attr );
+char *slapi_entry_attr_get_charptr( const Slapi_Entry *e, const char *type );
+int slapi_entry_attr_get_int( const Slapi_Entry *e, const char *type );
+long slapi_entry_attr_get_long( const Slapi_Entry *e, const char *type );
+unsigned int slapi_entry_attr_get_uint( const Slapi_Entry *e, const char *type );
+unsigned long slapi_entry_attr_get_ulong( const Slapi_Entry *e, const char *type );
+int slapi_attr_get_values( Slapi_Attr *attr, struct berval ***vals );
+char *slapi_dn_normalize( char *dn );
+char *slapi_dn_normalize_case( char *dn );
+int slapi_dn_issuffix( char *dn, char *suffix );
+char *slapi_dn_beparent( Slapi_PBlock *pb, const char *dn );
+int slapi_dn_isbesuffix( Slapi_PBlock *pb, char *dn );
+char *slapi_dn_parent( const char *dn );
+int slapi_dn_isparent( const char *parentdn, const char *childdn );
+char *slapi_dn_ignore_case( char *dn );
+int slapi_rdn2typeval( char *rdn, char **type, struct berval *bv );
+char *slapi_dn_plus_rdn(const char *dn, const char *rdn);
+
+/* DS 5.x SLAPI */
+int slapi_access_allowed( Slapi_PBlock *pb, Slapi_Entry *e, char *attr, struct berval *val, int access );
+int slapi_acl_check_mods( Slapi_PBlock *pb, Slapi_Entry *e, LDAPMod **mods, char **errbuf );
+Slapi_Attr *slapi_attr_new( void );
+Slapi_Attr *slapi_attr_init( Slapi_Attr *a, const char *type );
+void slapi_attr_free( Slapi_Attr **a );
+Slapi_Attr *slapi_attr_dup( const Slapi_Attr *attr );
+int slapi_attr_add_value( Slapi_Attr *a, const Slapi_Value *v );
+int slapi_attr_type2plugin( const char *type, void **pi );
+int slapi_attr_get_type( const Slapi_Attr *attr, char **type );
+int slapi_attr_get_oid_copy( const Slapi_Attr *attr, char **oidp );
+int slapi_attr_get_flags( const Slapi_Attr *attr, unsigned long *flags );
+int slapi_attr_flag_is_set( const Slapi_Attr *attr, unsigned long flag );
+int slapi_attr_value_cmp( const Slapi_Attr *attr, const struct berval *v1, const struct berval *v2 );
+int slapi_attr_value_find( const Slapi_Attr *a, struct berval *v );
+#define SLAPI_TYPE_CMP_EXACT 0
+#define SLAPI_TYPE_CMP_BASE 1
+#define SLAPI_TYPE_CMP_SUBTYPE 2
+int slapi_attr_type_cmp( const char *t1, const char *t2, int opt );
+int slapi_attr_types_equivalent( const char *t1, const char *t2 );
+int slapi_attr_first_value( Slapi_Attr *a, Slapi_Value **v );
+int slapi_attr_next_value( Slapi_Attr *a, int hint, Slapi_Value **v );
+int slapi_attr_get_numvalues( const Slapi_Attr *a, int *numValues );
+int slapi_attr_get_valueset( const Slapi_Attr *a, Slapi_ValueSet **vs );
+int slapi_attr_get_bervals_copy( Slapi_Attr *a, struct berval ***vals );
+int slapi_entry_attr_hasvalue( Slapi_Entry *e, const char *type, const char *value );
+int slapi_entry_attr_merge_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+void slapi_entry_attr_set_charptr(Slapi_Entry* e, const char *type, const char *value);
+void slapi_entry_attr_set_int( Slapi_Entry* e, const char *type, int l);
+void slapi_entry_attr_set_uint( Slapi_Entry* e, const char *type, unsigned int l);
+void slapi_entry_attr_set_long(Slapi_Entry* e, const char *type, long l);
+void slapi_entry_attr_set_ulong(Slapi_Entry* e, const char *type, unsigned long l);
+int slapi_entry_has_children(const Slapi_Entry *e);
+size_t slapi_entry_size(Slapi_Entry *e);
+int slapi_is_rootdse( const char *dn );
+int slapi_entry_attr_merge_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+int slapi_entry_add_values_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+int slapi_entry_add_valueset(Slapi_Entry *e, const char *type, Slapi_ValueSet *vs);
+int slapi_entry_delete_values_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+int slapi_entry_merge_values_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+int slapi_entry_attr_replace_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+int slapi_entry_add_value(Slapi_Entry *e, const char *type, const Slapi_Value *value);
+int slapi_entry_add_string(Slapi_Entry *e, const char *type, const char *value);
+int slapi_entry_delete_string(Slapi_Entry *e, const char *type, const char *value);
+int slapi_entry_first_attr( const Slapi_Entry *e, Slapi_Attr **attr );
+int slapi_entry_next_attr( const Slapi_Entry *e, Slapi_Attr *prevattr, Slapi_Attr **attr );
+const char *slapi_entry_get_uniqueid( const Slapi_Entry *e );
+void slapi_entry_set_uniqueid( Slapi_Entry *e, char *uniqueid );
+int slapi_entry_schema_check( Slapi_PBlock *pb, Slapi_Entry *e );
+int slapi_entry_rdn_values_present( const Slapi_Entry *e );
+int slapi_entry_add_rdn_values( Slapi_Entry *e );
+char *slapi_attr_syntax_normalize( const char *s );
+
+Slapi_Value *slapi_value_new( void );
+Slapi_Value *slapi_value_new_berval(const struct berval *bval);
+Slapi_Value *slapi_value_new_value(const Slapi_Value *v);
+Slapi_Value *slapi_value_new_string(const char *s);
+Slapi_Value *slapi_value_init(Slapi_Value *v);
+Slapi_Value *slapi_value_init_berval(Slapi_Value *v, struct berval *bval);
+Slapi_Value *slapi_value_init_string(Slapi_Value *v, const char *s);
+Slapi_Value *slapi_value_dup(const Slapi_Value *v);
+void slapi_value_free(Slapi_Value **value);
+const struct berval *slapi_value_get_berval( const Slapi_Value *value );
+Slapi_Value *slapi_value_set_berval( Slapi_Value *value, const struct berval *bval );
+Slapi_Value *slapi_value_set_value( Slapi_Value *value, const Slapi_Value *vfrom);
+Slapi_Value *slapi_value_set( Slapi_Value *value, void *val, unsigned long len);
+int slapi_value_set_string(Slapi_Value *value, const char *strVal);
+int slapi_value_set_int(Slapi_Value *value, int intVal);
+const char*slapi_value_get_string(const Slapi_Value *value);
+int slapi_value_get_int(const Slapi_Value *value);
+unsigned int slapi_value_get_uint(const Slapi_Value *value);
+long slapi_value_get_long(const Slapi_Value *value);
+unsigned long slapi_value_get_ulong(const Slapi_Value *value);
+size_t slapi_value_get_length(const Slapi_Value *value);
+int slapi_value_compare(const Slapi_Attr *a, const Slapi_Value *v1, const Slapi_Value *v2);
+
+Slapi_ValueSet *slapi_valueset_new( void );
+void slapi_valueset_free(Slapi_ValueSet *vs);
+void slapi_valueset_init(Slapi_ValueSet *vs);
+void slapi_valueset_done(Slapi_ValueSet *vs);
+void slapi_valueset_add_value(Slapi_ValueSet *vs, const Slapi_Value *addval);
+int slapi_valueset_first_value( Slapi_ValueSet *vs, Slapi_Value **v );
+int slapi_valueset_next_value( Slapi_ValueSet *vs, int index, Slapi_Value **v);
+int slapi_valueset_count( const Slapi_ValueSet *vs);
+void slapi_valueset_set_valueset(Slapi_ValueSet *vs1, const Slapi_ValueSet *vs2);
+
+/* DNs */
+Slapi_DN *slapi_sdn_new( void );
+Slapi_DN *slapi_sdn_new_dn_byval( const char *dn );
+Slapi_DN *slapi_sdn_new_ndn_byval( const char *ndn );
+Slapi_DN *slapi_sdn_new_dn_byref( const char *dn );
+Slapi_DN *slapi_sdn_new_ndn_byref( const char *ndn );
+Slapi_DN *slapi_sdn_new_dn_passin( const char *dn );
+Slapi_DN *slapi_sdn_set_dn_byval( Slapi_DN *sdn, const char *dn );
+Slapi_DN *slapi_sdn_set_dn_byref( Slapi_DN *sdn, const char *dn );
+Slapi_DN *slapi_sdn_set_dn_passin( Slapi_DN *sdn, const char *dn );
+Slapi_DN *slapi_sdn_set_ndn_byval( Slapi_DN *sdn, const char *ndn );
+Slapi_DN *slapi_sdn_set_ndn_byref( Slapi_DN *sdn, const char *ndn );
+void slapi_sdn_done( Slapi_DN *sdn );
+void slapi_sdn_free( Slapi_DN **sdn );
+const char * slapi_sdn_get_dn( const Slapi_DN *sdn );
+const char * slapi_sdn_get_ndn( const Slapi_DN *sdn );
+void slapi_sdn_get_parent( const Slapi_DN *sdn,Slapi_DN *sdn_parent );
+void slapi_sdn_get_backend_parent( const Slapi_DN *sdn, Slapi_DN *sdn_parent, const Slapi_Backend *backend );
+Slapi_DN * slapi_sdn_dup( const Slapi_DN *sdn );
+void slapi_sdn_copy( const Slapi_DN *from, Slapi_DN *to );
+int slapi_sdn_compare( const Slapi_DN *sdn1, const Slapi_DN *sdn2 );
+int slapi_sdn_isempty( const Slapi_DN *sdn );
+int slapi_sdn_issuffix(const Slapi_DN *sdn, const Slapi_DN *suffixsdn );
+int slapi_sdn_isparent( const Slapi_DN *parent, const Slapi_DN *child );
+int slapi_sdn_isgrandparent( const Slapi_DN *parent, const Slapi_DN *child );
+int slapi_sdn_get_ndn_len( const Slapi_DN *sdn );
+int slapi_sdn_scope_test( const Slapi_DN *dn, const Slapi_DN *base, int scope );
+void slapi_sdn_get_rdn( const Slapi_DN *sdn,Slapi_RDN *rdn );
+Slapi_DN *slapi_sdn_set_rdn( Slapi_DN *sdn, const Slapi_RDN *rdn );
+Slapi_DN *slapi_sdn_set_parent( Slapi_DN *sdn, const Slapi_DN *parentdn );
+int slapi_sdn_is_rdn_component( const Slapi_DN *rdn, const Slapi_Attr *a, const Slapi_Value *v );
+char * slapi_moddn_get_newdn( Slapi_DN *dn_olddn, char *newrdn, char *newsuperiordn );
+
+/* RDNs */
+Slapi_RDN *slapi_rdn_new( void );
+Slapi_RDN *slapi_rdn_new_dn( const char *dn );
+Slapi_RDN *slapi_rdn_new_sdn( const Slapi_DN *sdn );
+Slapi_RDN *slapi_rdn_new_rdn( const Slapi_RDN *fromrdn );
+void slapi_rdn_init( Slapi_RDN *rdn );
+void slapi_rdn_init_dn( Slapi_RDN *rdn, const char *dn );
+void slapi_rdn_init_sdn( Slapi_RDN *rdn, const Slapi_DN *sdn );
+void slapi_rdn_init_rdn( Slapi_RDN *rdn, const Slapi_RDN *fromrdn );
+void slapi_rdn_set_dn( Slapi_RDN *rdn, const char *dn );
+void slapi_rdn_set_sdn( Slapi_RDN *rdn, const Slapi_DN *sdn );
+void slapi_rdn_set_rdn( Slapi_RDN *rdn, const Slapi_RDN *fromrdn );
+void slapi_rdn_free( Slapi_RDN **rdn );
+void slapi_rdn_done( Slapi_RDN *rdn );
+int slapi_rdn_get_first( Slapi_RDN *rdn, char **type, char **value );
+int slapi_rdn_get_next( Slapi_RDN *rdn, int index, char **type, char **value );
+int slapi_rdn_get_index( Slapi_RDN *rdn, const char *type, const char *value, size_t length );
+int slapi_rdn_get_index_attr( Slapi_RDN *rdn, const char *type, char **value );
+int slapi_rdn_contains( Slapi_RDN *rdn, const char *type, const char *value,size_t length );
+int slapi_rdn_contains_attr( Slapi_RDN *rdn, const char *type, char **value );
+int slapi_rdn_add( Slapi_RDN *rdn, const char *type, const char *value );
+int slapi_rdn_remove_index( Slapi_RDN *rdn, int atindex );
+int slapi_rdn_remove( Slapi_RDN *rdn, const char *type, const char *value, size_t length );
+int slapi_rdn_remove_attr( Slapi_RDN *rdn, const char *type );
+int slapi_rdn_isempty( const Slapi_RDN *rdn );
+int slapi_rdn_get_num_components( Slapi_RDN *rdn );
+int slapi_rdn_compare( Slapi_RDN *rdn1, Slapi_RDN *rdn2 );
+const char *slapi_rdn_get_rdn( const Slapi_RDN *rdn );
+const char *slapi_rdn_get_nrdn( const Slapi_RDN *rdn );
+Slapi_DN *slapi_sdn_add_rdn( Slapi_DN *sdn, const Slapi_RDN *rdn );
+
+/* locks and synchronization */
+typedef struct slapi_mutex Slapi_Mutex;
+typedef struct slapi_condvar Slapi_CondVar;
+Slapi_Mutex *slapi_new_mutex( void );
+void slapi_destroy_mutex( Slapi_Mutex *mutex );
+void slapi_lock_mutex( Slapi_Mutex *mutex );
+int slapi_unlock_mutex( Slapi_Mutex *mutex );
+Slapi_CondVar *slapi_new_condvar( Slapi_Mutex *mutex );
+void slapi_destroy_condvar( Slapi_CondVar *cvar );
+int slapi_wait_condvar( Slapi_CondVar *cvar, struct timeval *timeout );
+int slapi_notify_condvar( Slapi_CondVar *cvar, int notify_all );
+
+/* thread-safe LDAP connections */
+LDAP *slapi_ldap_init( char *ldaphost, int ldapport, int secure, int shared );
+void slapi_ldap_unbind( LDAP *ld );
+
+char *slapi_ch_malloc( unsigned long size );
+void slapi_ch_free( void **ptr );
+void slapi_ch_free_string( char **ptr );
+char *slapi_ch_calloc( unsigned long nelem, unsigned long size );
+char *slapi_ch_realloc( char *block, unsigned long size );
+char *slapi_ch_strdup( const char *s );
+void slapi_ch_array_free( char **arrayp );
+struct berval *slapi_ch_bvdup(const struct berval *v);
+struct berval **slapi_ch_bvecdup(const struct berval **v);
+
+/* LDAP V3 routines */
+int slapi_control_present( LDAPControl **controls, char *oid,
+ struct berval **val, int *iscritical);
+void slapi_register_supported_control(char *controloid,
+ unsigned long controlops);
+#define SLAPI_OPERATION_BIND 0x00000001L
+#define SLAPI_OPERATION_UNBIND 0x00000002L
+#define SLAPI_OPERATION_SEARCH 0x00000004L
+#define SLAPI_OPERATION_MODIFY 0x00000008L
+#define SLAPI_OPERATION_ADD 0x00000010L
+#define SLAPI_OPERATION_DELETE 0x00000020L
+#define SLAPI_OPERATION_MODDN 0x00000040L
+#define SLAPI_OPERATION_MODRDN SLAPI_OPERATION_MODDN
+#define SLAPI_OPERATION_COMPARE 0x00000080L
+#define SLAPI_OPERATION_ABANDON 0x00000100L
+#define SLAPI_OPERATION_EXTENDED 0x00000200L
+#define SLAPI_OPERATION_ANY 0xFFFFFFFFL
+#define SLAPI_OPERATION_NONE 0x00000000L
+int slapi_get_supported_controls(char ***ctrloidsp, unsigned long **ctrlopsp);
+LDAPControl *slapi_dup_control(LDAPControl *ctrl);
+void slapi_register_supported_saslmechanism(char *mechanism);
+char **slapi_get_supported_saslmechanisms();
+char **slapi_get_supported_extended_ops(void);
+
+/* operation */
+int slapi_op_abandoned( Slapi_PBlock *pb );
+unsigned long slapi_op_get_type(Slapi_Operation * op);
+void slapi_operation_set_flag(Slapi_Operation *op, unsigned long flag);
+void slapi_operation_clear_flag(Slapi_Operation *op, unsigned long flag);
+int slapi_operation_is_flag_set(Slapi_Operation *op, unsigned long flag);
+char *slapi_op_type_to_string(unsigned long type);
+
+/* send ldap result back */
+void slapi_send_ldap_result( Slapi_PBlock *pb, int err, char *matched,
+ char *text, int nentries, struct berval **urls );
+int slapi_send_ldap_search_entry( Slapi_PBlock *pb, Slapi_Entry *e,
+ LDAPControl **ectrls, char **attrs, int attrsonly );
+int slapi_send_ldap_search_reference( Slapi_PBlock *pb, Slapi_Entry *e,
+ struct berval **urls, LDAPControl **ectrls, struct berval **v2refs );
+
+/* filter routines */
+Slapi_Filter *slapi_str2filter( char *str );
+Slapi_Filter *slapi_filter_dup( Slapi_Filter *f );
+void slapi_filter_free( Slapi_Filter *f, int recurse );
+int slapi_filter_get_choice( Slapi_Filter *f);
+int slapi_filter_get_ava( Slapi_Filter *f, char **type, struct berval **bval );
+Slapi_Filter *slapi_filter_list_first( Slapi_Filter *f );
+Slapi_Filter *slapi_filter_list_next( Slapi_Filter *f, Slapi_Filter *fprev );
+int slapi_filter_get_attribute_type( Slapi_Filter *f, char **type );
+int slapi_x_filter_set_attribute_type( Slapi_Filter *f, const char *type );
+int slapi_filter_get_subfilt( Slapi_Filter *f, char **type, char **initial,
+ char ***any, char **final );
+Slapi_Filter *slapi_filter_join( int ftype, Slapi_Filter *f1, Slapi_Filter *f2);
+int slapi_x_filter_append( int choice, Slapi_Filter **pContainingFilter,
+ Slapi_Filter **pNextFilter, Slapi_Filter *filterToAppend );
+int slapi_filter_test( Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Filter *f,
+ int verify_access );
+int slapi_filter_test_simple( Slapi_Entry *e, Slapi_Filter *f );
+typedef int (*FILTER_APPLY_FN)( Slapi_Filter *f, void *arg );
+int slapi_filter_apply( Slapi_Filter *f, FILTER_APPLY_FN fn, void *arg, int *error_code );
+#define SLAPI_FILTER_SCAN_STOP -1 /* set by callback */
+#define SLAPI_FILTER_SCAN_ERROR -2 /* set by callback */
+#define SLAPI_FILTER_SCAN_NOMORE 0 /* set by callback */
+#define SLAPI_FILTER_SCAN_CONTINUE 1 /* set by callback */
+#define SLAPI_FILTER_UNKNOWN_FILTER_TYPE 2 /* set by slapi_filter_apply() */
+
+/* internal add/delete/search/modify routines */
+Slapi_PBlock *slapi_search_internal( char *base, int scope, char *filter,
+ LDAPControl **controls, char **attrs, int attrsonly );
+Slapi_PBlock *slapi_modify_internal( char *dn, LDAPMod **mods,
+ LDAPControl **controls, int log_change );
+Slapi_PBlock *slapi_add_internal( char * dn, LDAPMod **attrs,
+ LDAPControl **controls, int log_changes );
+Slapi_PBlock *slapi_add_entry_internal( Slapi_Entry * e,
+ LDAPControl **controls, int log_change );
+Slapi_PBlock *slapi_delete_internal( char * dn, LDAPControl **controls,
+ int log_change );
+Slapi_PBlock *slapi_modrdn_internal( char * olddn, char * newrdn,
+ int deloldrdn, LDAPControl **controls,
+ int log_change );
+Slapi_PBlock *slapi_rename_internal( const char * olddn, const char *newrdn,
+ const char *newsuperior, int delolrdn,
+ LDAPControl **controls, int log_change );
+void slapi_free_search_results_internal(Slapi_PBlock *pb);
+
+/* new internal add/delete/search/modify routines */
+typedef void (*plugin_result_callback)( int rc, void *callback_data );
+typedef int (*plugin_referral_entry_callback)( char * referral,
+ void *callback_data );
+typedef int (*plugin_search_entry_callback)( Slapi_Entry *e,
+ void *callback_data );
+void slapi_free_search_results_internal( Slapi_PBlock *pb );
+
+#define SLAPI_OP_FLAG_NEVER_CHAIN 0x0800
+
+int slapi_search_internal_pb( Slapi_PBlock *pb );
+int slapi_search_internal_callback_pb( Slapi_PBlock *pb, void *callback_data,
+ plugin_result_callback prc, plugin_search_entry_callback psec,
+ plugin_referral_entry_callback prec );
+int slapi_add_internal_pb( Slapi_PBlock *pb );
+int slapi_modify_internal_pb( Slapi_PBlock *pb );
+int slapi_modrdn_internal_pb( Slapi_PBlock *pb );
+int slapi_delete_internal_pb( Slapi_PBlock *pb );
+
+int slapi_seq_internal_callback_pb(Slapi_PBlock *pb, void *callback_data,
+ plugin_result_callback res_callback,
+ plugin_search_entry_callback srch_callback,
+ plugin_referral_entry_callback ref_callback);
+
+void slapi_search_internal_set_pb( Slapi_PBlock *pb, const char *base,
+ int scope, const char *filter, char **attrs, int attrsonly,
+ LDAPControl **controls, const char *uniqueid,
+ Slapi_ComponentId *plugin_identity, int operation_flags );
+void slapi_add_entry_internal_set_pb( Slapi_PBlock *pb, Slapi_Entry *e,
+ LDAPControl **controls, Slapi_ComponentId *plugin_identity,
+ int operation_flags );
+int slapi_add_internal_set_pb( Slapi_PBlock *pb, const char *dn,
+ LDAPMod **attrs, LDAPControl **controls,
+ Slapi_ComponentId *plugin_identity, int operation_flags );
+void slapi_modify_internal_set_pb( Slapi_PBlock *pb, const char *dn,
+ LDAPMod **mods, LDAPControl **controls, const char *uniqueid,
+ Slapi_ComponentId *plugin_identity, int operation_flags );
+void slapi_rename_internal_set_pb( Slapi_PBlock *pb, const char *olddn,
+ const char *newrdn, const char *newsuperior, int deloldrdn,
+ LDAPControl **controls, const char *uniqueid,
+ Slapi_ComponentId *plugin_identity, int operation_flags );
+void slapi_delete_internal_set_pb( Slapi_PBlock *pb, const char *dn,
+ LDAPControl **controls, const char *uniqueid,
+ Slapi_ComponentId *plugin_identity, int operation_flags );
+void slapi_seq_internal_set_pb( Slapi_PBlock *pb, char *ibase, int type,
+ char *attrname, char *val, char **attrs, int attrsonly,
+ LDAPControl **controls, Slapi_ComponentId *plugin_identity,
+ int operation_flags );
+
+/* connection related routines */
+int slapi_is_connection_ssl(Slapi_PBlock *pPB, int *isSSL);
+int slapi_get_client_port(Slapi_PBlock *pPB, int *fromPort);
+
+/* computed attributes */
+typedef struct _computed_attr_context computed_attr_context;
+typedef int (*slapi_compute_output_t)(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e);
+typedef int (*slapi_compute_callback_t)(computed_attr_context *c, char *type, Slapi_Entry *e, slapi_compute_output_t outputfn);
+typedef int (*slapi_search_rewrite_callback_t)(Slapi_PBlock *pb);
+int slapi_compute_add_evaluator(slapi_compute_callback_t function);
+int slapi_compute_add_search_rewriter(slapi_search_rewrite_callback_t function);
+int compute_rewrite_search_filter(Slapi_PBlock *pb);
+int compute_evaluator(computed_attr_context *c, char *type, Slapi_Entry *e, slapi_compute_output_t outputfn);
+int slapi_x_compute_get_pblock(computed_attr_context *c, Slapi_PBlock **pb);
+
+/* backend routines */
+void slapi_be_set_readonly( Slapi_Backend *be, int readonly );
+int slapi_be_get_readonly( Slapi_Backend *be );
+const char *slapi_x_be_get_updatedn( Slapi_Backend *be );
+Slapi_Backend *slapi_be_select( const Slapi_DN *sdn );
+
+/* ACL plugins; only SLAPI_PLUGIN_ACL_ALLOW_ACCESS supported now */
+typedef int (*slapi_acl_callback_t)(Slapi_PBlock *pb,
+ Slapi_Entry *e,
+ const char *attr,
+ struct berval *berval,
+ int access,
+ void *state);
+
+/* object extensions */
+typedef void *(*slapi_extension_constructor_fnptr)(void *object, void *parent);
+
+typedef void (*slapi_extension_destructor_fnptr)(void *extension,
+ void *object, void *parent);
+
+int slapi_register_object_extension( const char *pluginname,
+ const char *objectname, slapi_extension_constructor_fnptr constructor,
+ slapi_extension_destructor_fnptr destructor, int *objecttype,
+ int *extensionhandle);
+
+#define SLAPI_EXT_CONNECTION "Connection"
+#define SLAPI_EXT_OPERATION "Operation"
+#define SLAPI_EXT_ENTRY "Entry"
+#define SLAPI_EXT_MTNODE "Mapping Tree Node"
+
+void *slapi_get_object_extension(int objecttype, void *object,
+ int extensionhandle);
+void slapi_set_object_extension(int objecttype, void *object,
+ int extensionhandle, void *extension);
+
+int slapi_x_backend_get_flags( const Slapi_Backend *be, unsigned long *flags );
+
+/* parameters currently supported */
+
+/*
+ * Attribute flags returned by slapi_attr_get_flags()
+ */
+#define SLAPI_ATTR_FLAG_SINGLE 0x0001
+#define SLAPI_ATTR_FLAG_OPATTR 0x0002
+#define SLAPI_ATTR_FLAG_READONLY 0x0004
+#define SLAPI_ATTR_FLAG_STD_ATTR SLAPI_ATTR_FLAG_READONLY
+#define SLAPI_ATTR_FLAG_OBSOLETE 0x0040
+#define SLAPI_ATTR_FLAG_COLLECTIVE 0x0080
+#define SLAPI_ATTR_FLAG_NOUSERMOD 0x0100
+
+/*
+ * Backend flags returned by slapi_x_backend_get_flags()
+ */
+#define SLAPI_BACKEND_FLAG_NOLASTMOD 0x0001U
+#define SLAPI_BACKEND_FLAG_NO_SCHEMA_CHECK 0x0002U
+#define SLAPI_BACKEND_FLAG_GLUE_INSTANCE 0x0010U /* a glue backend */
+#define SLAPI_BACKEND_FLAG_GLUE_SUBORDINATE 0x0020U /* child of a glue hierarchy */
+#define SLAPI_BACKEND_FLAG_GLUE_LINKED 0x0040U /* child is connected to parent */
+#define SLAPI_BACKEND_FLAG_OVERLAY 0x0080U /* this db struct is an overlay */
+#define SLAPI_BACKEND_FLAG_GLOBAL_OVERLAY 0x0100U /* this db struct is a global overlay */
+#define SLAPI_BACKEND_FLAG_SHADOW 0x8000U /* a shadow */
+#define SLAPI_BACKEND_FLAG_SYNC_SHADOW 0x1000U /* a sync shadow */
+#define SLAPI_BACKEND_FLAG_SLURP_SHADOW 0x2000U /* a slurp shadow */
+
+/*
+ * ACL levels
+ */
+#define SLAPI_ACL_COMPARE 0x01
+#define SLAPI_ACL_SEARCH 0x02
+#define SLAPI_ACL_READ 0x04
+#define SLAPI_ACL_WRITE 0x08
+#define SLAPI_ACL_DELETE 0x10
+#define SLAPI_ACL_ADD 0x20
+#define SLAPI_ACL_SELF 0x40
+#define SLAPI_ACL_PROXY 0x80
+#define SLAPI_ACL_ALL 0x7f
+
+/* plugin types supported */
+
+#define SLAPI_PLUGIN_DATABASE 1
+#define SLAPI_PLUGIN_EXTENDEDOP 2
+#define SLAPI_PLUGIN_PREOPERATION 3
+#define SLAPI_PLUGIN_POSTOPERATION 4
+#define SLAPI_PLUGIN_MATCHINGRULE 5
+#define SLAPI_PLUGIN_SYNTAX 6
+#define SLAPI_PLUGIN_AUDIT 7
+
+/* misc params */
+
+#define SLAPI_BACKEND 130
+#define SLAPI_CONNECTION 131
+#define SLAPI_OPERATION 132
+#define SLAPI_REQUESTOR_ISROOT 133
+#define SLAPI_BE_MONITORDN 134
+#define SLAPI_BE_TYPE 135
+#define SLAPI_BE_READONLY 136
+#define SLAPI_BE_LASTMOD 137
+#define SLAPI_CONN_ID 139
+
+/* operation params */
+#define SLAPI_OPINITIATED_TIME 140
+#define SLAPI_REQUESTOR_DN 141
+#define SLAPI_IS_REPLICATED_OPERATION 142
+#define SLAPI_REQUESTOR_ISUPDATEDN SLAPI_IS_REPLICATED_OPERATION
+
+/* connection structure params*/
+#define SLAPI_CONN_DN 143
+#define SLAPI_CONN_AUTHTYPE 144
+#define SLAPI_CONN_CLIENTIP 145
+#define SLAPI_CONN_SERVERIP 146
+/* OpenLDAP extensions */
+#define SLAPI_X_CONN_CLIENTPATH 1300
+#define SLAPI_X_CONN_SERVERPATH 1301
+#define SLAPI_X_CONN_IS_UDP 1302
+#define SLAPI_X_CONN_SSF 1303
+#define SLAPI_X_CONN_SASL_CONTEXT 1304
+#define SLAPI_X_OPERATION_DELETE_GLUE_PARENT 1305
+#define SLAPI_X_MANAGEDIT 1306
+#define SLAPI_X_OPERATION_NO_SCHEMA_CHECK 1307
+#define SLAPI_X_ADD_STRUCTURAL_CLASS 1308
+
+/* Authentication types */
+#define SLAPD_AUTH_NONE "none"
+#define SLAPD_AUTH_SIMPLE "simple"
+#define SLAPD_AUTH_SSL "SSL"
+#define SLAPD_AUTH_SASL "SASL "
+
+/* plugin configuration parmams */
+#define SLAPI_PLUGIN 3
+#define SLAPI_PLUGIN_PRIVATE 4
+#define SLAPI_PLUGIN_TYPE 5
+#define SLAPI_PLUGIN_ARGV 6
+#define SLAPI_PLUGIN_ARGC 7
+#define SLAPI_PLUGIN_VERSION 8
+#define SLAPI_PLUGIN_OPRETURN 9
+#define SLAPI_PLUGIN_OBJECT 10
+#define SLAPI_PLUGIN_DESTROY_FN 11
+#define SLAPI_PLUGIN_DESCRIPTION 12
+#define SLAPI_PLUGIN_IDENTITY 13
+
+/* internal opreations params */
+#define SLAPI_PLUGIN_INTOP_RESULT 15
+#define SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES 16
+#define SLAPI_PLUGIN_INTOP_SEARCH_REFERRALS 17
+
+/* transaction arguments */
+#define SLAPI_PARENT_TXN 190
+#define SLAPI_TXN 191
+
+/* function pointer params for backends */
+#define SLAPI_PLUGIN_DB_BIND_FN 200
+#define SLAPI_PLUGIN_DB_UNBIND_FN 201
+#define SLAPI_PLUGIN_DB_SEARCH_FN 202
+#define SLAPI_PLUGIN_DB_COMPARE_FN 203
+#define SLAPI_PLUGIN_DB_MODIFY_FN 204
+#define SLAPI_PLUGIN_DB_MODRDN_FN 205
+#define SLAPI_PLUGIN_DB_ADD_FN 206
+#define SLAPI_PLUGIN_DB_DELETE_FN 207
+#define SLAPI_PLUGIN_DB_ABANDON_FN 208
+#define SLAPI_PLUGIN_DB_CONFIG_FN 209
+#define SLAPI_PLUGIN_CLOSE_FN 210
+#define SLAPI_PLUGIN_DB_FLUSH_FN 211
+#define SLAPI_PLUGIN_START_FN 212
+#define SLAPI_PLUGIN_DB_SEQ_FN 213
+#define SLAPI_PLUGIN_DB_ENTRY_FN 214
+#define SLAPI_PLUGIN_DB_REFERRAL_FN 215
+#define SLAPI_PLUGIN_DB_RESULT_FN 216
+#define SLAPI_PLUGIN_DB_LDIF2DB_FN 217
+#define SLAPI_PLUGIN_DB_DB2LDIF_FN 218
+#define SLAPI_PLUGIN_DB_BEGIN_FN 219
+#define SLAPI_PLUGIN_DB_COMMIT_FN 220
+#define SLAPI_PLUGIN_DB_ABORT_FN 221
+#define SLAPI_PLUGIN_DB_ARCHIVE2DB_FN 222
+#define SLAPI_PLUGIN_DB_DB2ARCHIVE_FN 223
+#define SLAPI_PLUGIN_DB_NEXT_SEARCH_ENTRY_FN 224
+#define SLAPI_PLUGIN_DB_FREE_RESULT_SET_FN 225
+#define SLAPI_PLUGIN_DB_SIZE_FN 226
+#define SLAPI_PLUGIN_DB_TEST_FN 227
+
+
+/* functions pointers for LDAP V3 extended ops */
+#define SLAPI_PLUGIN_EXT_OP_FN 300
+#define SLAPI_PLUGIN_EXT_OP_OIDLIST 301
+
+/* preoperation */
+#define SLAPI_PLUGIN_PRE_BIND_FN 401
+#define SLAPI_PLUGIN_PRE_UNBIND_FN 402
+#define SLAPI_PLUGIN_PRE_SEARCH_FN 403
+#define SLAPI_PLUGIN_PRE_COMPARE_FN 404
+#define SLAPI_PLUGIN_PRE_MODIFY_FN 405
+#define SLAPI_PLUGIN_PRE_MODRDN_FN 406
+#define SLAPI_PLUGIN_PRE_ADD_FN 407
+#define SLAPI_PLUGIN_PRE_DELETE_FN 408
+#define SLAPI_PLUGIN_PRE_ABANDON_FN 409
+#define SLAPI_PLUGIN_PRE_ENTRY_FN 410
+#define SLAPI_PLUGIN_PRE_REFERRAL_FN 411
+#define SLAPI_PLUGIN_PRE_RESULT_FN 412
+
+/* internal preoperation */
+#define SLAPI_PLUGIN_INTERNAL_PRE_ADD_FN 420
+#define SLAPI_PLUGIN_INTERNAL_PRE_MODIFY_FN 421
+#define SLAPI_PLUGIN_INTERNAL_PRE_MODRDN_FN 422
+#define SLAPI_PLUGIN_INTERNAL_PRE_DELETE_FN 423
+
+/* backend preoperation */
+#define SLAPI_PLUGIN_BE_PRE_ADD_FN 450
+#define SLAPI_PLUGIN_BE_PRE_MODIFY_FN 451
+#define SLAPI_PLUGIN_BE_PRE_MODRDN_FN 452
+#define SLAPI_PLUGIN_BE_PRE_DELETE_FN 453
+
+/* postoperation */
+#define SLAPI_PLUGIN_POST_BIND_FN 501
+#define SLAPI_PLUGIN_POST_UNBIND_FN 502
+#define SLAPI_PLUGIN_POST_SEARCH_FN 503
+#define SLAPI_PLUGIN_POST_COMPARE_FN 504
+#define SLAPI_PLUGIN_POST_MODIFY_FN 505
+#define SLAPI_PLUGIN_POST_MODRDN_FN 506
+#define SLAPI_PLUGIN_POST_ADD_FN 507
+#define SLAPI_PLUGIN_POST_DELETE_FN 508
+#define SLAPI_PLUGIN_POST_ABANDON_FN 509
+#define SLAPI_PLUGIN_POST_ENTRY_FN 510
+#define SLAPI_PLUGIN_POST_REFERRAL_FN 511
+#define SLAPI_PLUGIN_POST_RESULT_FN 512
+
+/* internal postoperation */
+#define SLAPI_PLUGIN_INTERNAL_POST_ADD_FN 520
+#define SLAPI_PLUGIN_INTERNAL_POST_MODIFY_FN 521
+#define SLAPI_PLUGIN_INTERNAL_POST_MODRDN_FN 522
+#define SLAPI_PLUGIN_INTERNAL_POST_DELETE_FN 523
+
+/* backend postoperation */
+#define SLAPI_PLUGIN_BE_POST_ADD_FN 550
+#define SLAPI_PLUGIN_BE_POST_MODIFY_FN 551
+#define SLAPI_PLUGIN_BE_POST_MODRDN_FN 552
+#define SLAPI_PLUGIN_BE_POST_DELETE_FN 553
+
+#define SLAPI_OPERATION_TYPE 590
+
+#define SLAPI_PLUGIN_MR_FILTER_CREATE_FN 600
+#define SLAPI_PLUGIN_MR_INDEXER_CREATE_FN 601
+#define SLAPI_PLUGIN_MR_FILTER_MATCH_FN 602
+#define SLAPI_PLUGIN_MR_FILTER_INDEX_FN 603
+#define SLAPI_PLUGIN_MR_FILTER_RESET_FN 604
+#define SLAPI_PLUGIN_MR_INDEX_FN 605
+#define SLAPI_PLUGIN_MR_OID 610
+#define SLAPI_PLUGIN_MR_TYPE 611
+#define SLAPI_PLUGIN_MR_VALUE 612
+#define SLAPI_PLUGIN_MR_VALUES 613
+#define SLAPI_PLUGIN_MR_KEYS 614
+#define SLAPI_PLUGIN_MR_FILTER_REUSABLE 615
+#define SLAPI_PLUGIN_MR_QUERY_OPERATOR 616
+#define SLAPI_PLUGIN_MR_USAGE 617
+
+#define SLAPI_MATCHINGRULE_NAME 1
+#define SLAPI_MATCHINGRULE_OID 2
+#define SLAPI_MATCHINGRULE_DESC 3
+#define SLAPI_MATCHINGRULE_SYNTAX 4
+#define SLAPI_MATCHINGRULE_OBSOLETE 5
+
+#define SLAPI_OP_LESS 1
+#define SLAPI_OP_LESS_OR_EQUAL 2
+#define SLAPI_OP_EQUAL 3
+#define SLAPI_OP_GREATER_OR_EQUAL 4
+#define SLAPI_OP_GREATER 5
+#define SLAPI_OP_SUBSTRING 6
+
+#define SLAPI_PLUGIN_MR_USAGE_INDEX 0
+#define SLAPI_PLUGIN_MR_USAGE_SORT 1
+
+#define SLAPI_PLUGIN_SYNTAX_FILTER_AVA 700
+#define SLAPI_PLUGIN_SYNTAX_FILTER_SUB 701
+#define SLAPI_PLUGIN_SYNTAX_VALUES2KEYS 702
+#define SLAPI_PLUGIN_SYNTAX_ASSERTION2KEYS_AVA 703
+#define SLAPI_PLUGIN_SYNTAX_ASSERTION2KEYS_SUB 704
+#define SLAPI_PLUGIN_SYNTAX_NAMES 705
+#define SLAPI_PLUGIN_SYNTAX_OID 706
+#define SLAPI_PLUGIN_SYNTAX_FLAGS 707
+#define SLAPI_PLUGIN_SYNTAX_COMPARE 708
+
+#define SLAPI_PLUGIN_SYNTAX_FLAG_ORKEYS 1
+#define SLAPI_PLUGIN_SYNTAX_FLAG_ORDERING 2
+
+#define SLAPI_PLUGIN_ACL_INIT 730
+#define SLAPI_PLUGIN_ACL_SYNTAX_CHECK 731
+#define SLAPI_PLUGIN_ACL_ALLOW_ACCESS 732
+#define SLAPI_PLUGIN_ACL_MODS_ALLOWED 733
+#define SLAPI_PLUGIN_ACL_MODS_UPDATE 734
+
+#define SLAPI_OPERATION_AUTHTYPE 741
+#define SLAPI_OPERATION_ID 742
+#define SLAPI_CONN_CERT 743
+#define SLAPI_CONN_AUTHMETHOD 746
+
+#define SLAPI_RESULT_CODE 881
+#define SLAPI_RESULT_TEXT 882
+#define SLAPI_RESULT_MATCHED 883
+
+/* managedsait control */
+#define SLAPI_MANAGEDSAIT 1000
+
+/* audit plugin defines */
+#define SLAPI_PLUGIN_AUDIT_DATA 1100
+#define SLAPI_PLUGIN_AUDIT_FN 1101
+
+/* backend_group extension */
+#define SLAPI_X_PLUGIN_PRE_GROUP_FN 1202
+#define SLAPI_X_PLUGIN_POST_GROUP_FN 1203
+
+#define SLAPI_X_GROUP_ENTRY 1250 /* group entry */
+#define SLAPI_X_GROUP_ATTRIBUTE 1251 /* member attribute */
+#define SLAPI_X_GROUP_OPERATION_DN 1252 /* asserted value */
+#define SLAPI_X_GROUP_TARGET_ENTRY 1253 /* target entry */
+
+/* config stuff */
+#define SLAPI_CONFIG_FILENAME 40
+#define SLAPI_CONFIG_LINENO 41
+#define SLAPI_CONFIG_ARGC 42
+#define SLAPI_CONFIG_ARGV 43
+
+/* operational params */
+#define SLAPI_TARGET_ADDRESS 48
+#define SLAPI_TARGET_UNIQUEID 49
+#define SLAPI_TARGET_DN 50
+
+/* server LDAPv3 controls */
+#define SLAPI_REQCONTROLS 51
+#define SLAPI_RESCONTROLS 55
+#define SLAPI_ADD_RESCONTROL 56
+#define SLAPI_CONTROLS_ARG 58
+
+/* add params */
+#define SLAPI_ADD_TARGET SLAPI_TARGET_DN
+#define SLAPI_ADD_ENTRY 60
+#define SLAPI_ADD_EXISTING_DN_ENTRY 61
+#define SLAPI_ADD_PARENT_ENTRY 62
+#define SLAPI_ADD_PARENT_UNIQUEID 63
+#define SLAPI_ADD_EXISTING_UNIQUEID_ENTRY 64
+
+/* bind params */
+#define SLAPI_BIND_TARGET SLAPI_TARGET_DN
+#define SLAPI_BIND_METHOD 70
+#define SLAPI_BIND_CREDENTIALS 71
+#define SLAPI_BIND_SASLMECHANISM 72
+#define SLAPI_BIND_RET_SASLCREDS 73
+
+/* compare params */
+#define SLAPI_COMPARE_TARGET SLAPI_TARGET_DN
+#define SLAPI_COMPARE_TYPE 80
+#define SLAPI_COMPARE_VALUE 81
+
+/* delete params */
+#define SLAPI_DELETE_TARGET SLAPI_TARGET_DN
+#define SLAPI_DELETE_EXISTING_ENTRY SLAPI_ADD_EXISTING_DN_ENTRY
+
+/* modify params */
+#define SLAPI_MODIFY_TARGET SLAPI_TARGET_DN
+#define SLAPI_MODIFY_MODS 90
+#define SLAPI_MODIFY_EXISTING_ENTRY SLAPI_ADD_EXISTING_DN_ENTRY
+
+/* modrdn params */
+#define SLAPI_MODRDN_TARGET SLAPI_TARGET_DN
+#define SLAPI_MODRDN_NEWRDN 100
+#define SLAPI_MODRDN_DELOLDRDN 101
+#define SLAPI_MODRDN_NEWSUPERIOR 102 /* v3 only */
+#define SLAPI_MODRDN_EXISTING_ENTRY SLAPI_ADD_EXISTING_DN_ENTRY
+#define SLAPI_MODRDN_PARENT_ENTRY 104
+#define SLAPI_MODRDN_NEWPARENT_ENTRY 105
+#define SLAPI_MODRDN_TARGET_ENTRY 106
+#define SLAPI_MODRDN_NEWSUPERIOR_ADDRESS 107
+
+/* search params */
+#define SLAPI_SEARCH_TARGET SLAPI_TARGET_DN
+#define SLAPI_SEARCH_SCOPE 110
+#define SLAPI_SEARCH_DEREF 111
+#define SLAPI_SEARCH_SIZELIMIT 112
+#define SLAPI_SEARCH_TIMELIMIT 113
+#define SLAPI_SEARCH_FILTER 114
+#define SLAPI_SEARCH_STRFILTER 115
+#define SLAPI_SEARCH_ATTRS 116
+#define SLAPI_SEARCH_ATTRSONLY 117
+
+/* abandon params */
+#define SLAPI_ABANDON_MSGID 120
+
+/* extended operation params */
+#define SLAPI_EXT_OP_REQ_OID 160
+#define SLAPI_EXT_OP_REQ_VALUE 161
+
+/* extended operation return codes */
+#define SLAPI_EXT_OP_RET_OID 162
+#define SLAPI_EXT_OP_RET_VALUE 163
+
+#define SLAPI_PLUGIN_EXTENDED_SENT_RESULT -1
+
+#define SLAPI_FAIL_DISKFULL -2
+#define SLAPI_FAIL_GENERAL -1
+#define SLAPI_PLUGIN_EXTENDED_NOT_HANDLED -2
+#define SLAPI_BIND_SUCCESS 0
+#define SLAPI_BIND_FAIL 2
+#define SLAPI_BIND_ANONYMOUS 3
+
+/* Search result params */
+#define SLAPI_SEARCH_RESULT_SET 193
+#define SLAPI_SEARCH_RESULT_ENTRY 194
+#define SLAPI_NENTRIES 195
+#define SLAPI_SEARCH_REFERRALS 196
+
+/* filter types */
+#ifndef LDAP_FILTER_AND
+#define LDAP_FILTER_AND 0xa0L
+#endif
+#ifndef LDAP_FILTER_OR
+#define LDAP_FILTER_OR 0xa1L
+#endif
+#ifndef LDAP_FILTER_NOT
+#define LDAP_FILTER_NOT 0xa2L
+#endif
+#ifndef LDAP_FILTER_EQUALITY
+#define LDAP_FILTER_EQUALITY 0xa3L
+#endif
+#ifndef LDAP_FILTER_SUBSTRINGS
+#define LDAP_FILTER_SUBSTRINGS 0xa4L
+#endif
+#ifndef LDAP_FILTER_GE
+#define LDAP_FILTER_GE 0xa5L
+#endif
+#ifndef LDAP_FILTER_LE
+#define LDAP_FILTER_LE 0xa6L
+#endif
+#ifndef LDAP_FILTER_PRESENT
+#define LDAP_FILTER_PRESENT 0x87L
+#endif
+#ifndef LDAP_FILTER_APPROX
+#define LDAP_FILTER_APPROX 0xa8L
+#endif
+#ifndef LDAP_FILTER_EXT_MATCH
+#define LDAP_FILTER_EXT_MATCH 0xa9L
+#endif
+
+int slapi_log_error( int severity, char *subsystem, char *fmt, ... );
+#define SLAPI_LOG_FATAL 0
+#define SLAPI_LOG_TRACE 1
+#define SLAPI_LOG_PACKETS 2
+#define SLAPI_LOG_ARGS 3
+#define SLAPI_LOG_CONNS 4
+#define SLAPI_LOG_BER 5
+#define SLAPI_LOG_FILTER 6
+#define SLAPI_LOG_CONFIG 7
+#define SLAPI_LOG_ACL 8
+#define SLAPI_LOG_SHELL 9
+#define SLAPI_LOG_PARSE 10
+#define SLAPI_LOG_HOUSE 11
+#define SLAPI_LOG_REPL 12
+#define SLAPI_LOG_CACHE 13
+#define SLAPI_LOG_PLUGIN 14
+#define SLAPI_LOG_TIMING 15
+
+#define SLAPI_PLUGIN_DESCRIPTION 12
+typedef struct slapi_plugindesc {
+ char *spd_id;
+ char *spd_vendor;
+ char *spd_version;
+ char *spd_description;
+} Slapi_PluginDesc;
+
+#define SLAPI_PLUGIN_VERSION_01 "01"
+#define SLAPI_PLUGIN_VERSION_02 "02"
+#define SLAPI_PLUGIN_VERSION_03 "03"
+#define SLAPI_PLUGIN_CURRENT_VERSION SLAPI_PLUGIN_VERSION_03
+
+#endif /* _SLAPI_PLUGIN_H */
+
Added: openldap/vendor/openldap-2.3.35/include/sysexits-compat.h
===================================================================
--- openldap/vendor/openldap-2.3.35/include/sysexits-compat.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/include/sysexits-compat.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,115 @@
+/* $OpenLDAP: pkg/ldap/include/sysexits-compat.h,v 1.9.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1987 Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the University of California, Berkeley. The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * @(#)sysexits.h 4.5 (Berkeley) 7/6/88
+ */
+
+/*
+** SYSEXITS.H -- Exit status codes for system programs.
+**
+** This include file attempts to categorize possible error
+** exit statuses for system programs, notably delivermail
+** and the Berkeley network.
+**
+** Error numbers begin at EX__BASE to reduce the possibility of
+** clashing with other exit statuses that random programs may
+** already return. The meaning of the codes is approximately
+** as follows:
+**
+** EX_USAGE -- The command was used incorrectly, e.g., with
+** the wrong number of arguments, a bad flag, a bad
+** syntax in a parameter, or whatever.
+** EX_DATAERR -- The input data was incorrect in some way.
+** This should only be used for user's data & not
+** system files.
+** EX_NOINPUT -- An input file (not a system file) did not
+** exist or was not readable. This could also include
+** errors like "No message" to a mailer (if it cared
+** to catch it).
+** EX_NOUSER -- The user specified did not exist. This might
+** be used for mail addresses or remote logins.
+** EX_NOHOST -- The host specified did not exist. This is used
+** in mail addresses or network requests.
+** EX_UNAVAILABLE -- A service is unavailable. This can occur
+** if a support program or file does not exist. This
+** can also be used as a catchall message when something
+** you wanted to do doesn't work, but you don't know
+** why.
+** EX_SOFTWARE -- An internal software error has been detected.
+** This should be limited to non-operating system related
+** errors as possible.
+** EX_OSERR -- An operating system error has been detected.
+** This is intended to be used for such things as "cannot
+** fork", "cannot create pipe", or the like. It includes
+** things like getuid returning a user that does not
+** exist in the passwd file.
+** EX_OSFILE -- Some system file (e.g., /etc/passwd, /etc/utmp,
+** etc.) does not exist, cannot be opened, or has some
+** sort of error (e.g., syntax error).
+** EX_CANTCREAT -- A (user specified) output file cannot be
+** created.
+** EX_IOERR -- An error occurred while doing I/O on some file.
+** EX_TEMPFAIL -- temporary failure, indicating something that
+** is not really an error. In sendmail, this means
+** that a mailer (e.g.) could not create a connection,
+** and the request should be reattempted later.
+** EX_PROTOCOL -- the remote system returned something that
+** was "not possible" during a protocol exchange.
+** EX_NOPERM -- You did not have sufficient permission to
+** perform the operation. This is not intended for
+** file system problems, which should use NOINPUT or
+** CANTCREAT, but rather for higher level permissions.
+** For example, kre uses this to restrict who students
+** can send mail to.
+**
+** Maintained by Eric Allman (eric at berkeley, ucbvax!eric) --
+** please mail changes to me.
+**
+** @(#)sysexits.h 4.5 7/6/88
+*/
+
+# define EX_OK 0 /* successful termination */
+
+# define EX__BASE 64 /* base value for error messages */
+
+# define EX_USAGE 64 /* command line usage error */
+# define EX_DATAERR 65 /* data format error */
+# define EX_NOINPUT 66 /* cannot open input */
+# define EX_NOUSER 67 /* addressee unknown */
+# define EX_NOHOST 68 /* host name unknown */
+# define EX_UNAVAILABLE 69 /* service unavailable */
+# define EX_SOFTWARE 70 /* internal software error */
+# define EX_OSERR 71 /* system error (e.g., can't fork) */
+# define EX_OSFILE 72 /* critical OS file missing */
+# define EX_CANTCREAT 73 /* can't create (user) output file */
+# define EX_IOERR 74 /* input/output error */
+# define EX_TEMPFAIL 75 /* temp failure; user is invited to retry */
+# define EX_PROTOCOL 76 /* remote error in protocol */
+# define EX_NOPERM 77 /* permission denied */
+# define EX_CONFIG 78 /* configuration error */
Added: openldap/vendor/openldap-2.3.35/libraries/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,22 @@
+# Libraries Makefile for OpenLDAP
+# $OpenLDAP: pkg/ldap/libraries/Makefile.in,v 1.24.2.4 2007/01/02 21:43:48 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SUBDIRS= \
+ liblutil \
+ liblber \
+ liblunicode \
+ libldap libldap_r \
+ librewrite
+
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,52 @@
+# LIBLBER
+# $OpenLDAP: pkg/ldap/libraries/liblber/Makefile.in,v 1.35.2.3 2007/01/02 21:43:48 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+LIBRARY = liblber.la
+
+NT_SRCS = nt_err.c
+NT_OBJS = nt_err.lo
+
+UNIX_SRCS = stdio.c
+UNIX_OBJS = stdio.lo
+
+LIB_DEFS = -DLBER_LIBRARY
+
+SRCS= assert.c decode.c encode.c io.c bprint.c debug.c \
+ memory.c options.c sockbuf.c $(@PLAT at _SRCS)
+OBJS= assert.lo decode.lo encode.lo io.lo bprint.lo debug.lo \
+ memory.lo options.lo sockbuf.lo $(@PLAT at _OBJS)
+XSRCS= version.c
+
+PROGRAMS= dtest etest idtest
+
+LDAP_INCDIR= ../../include
+LDAP_LIBDIR= ../../libraries
+
+XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A)
+XXLIBS =
+NT_LINK_LIBS = $(AC_LIBS)
+
+dtest: $(XLIBS) dtest.o
+ $(LTLINK) -o $@ dtest.o $(LIBS)
+etest: $(XLIBS) etest.o
+ $(LTLINK) -o $@ etest.o $(LIBS)
+idtest: $(XLIBS) idtest.o
+ $(LTLINK) -o $@ idtest.o $(LIBS)
+
+install-local: FORCE
+ -$(MKDIR) $(DESTDIR)$(libdir)
+ $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir)
+ $(LTFINISH) $(DESTDIR)$(libdir)
+
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/assert.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/assert.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/assert.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,40 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblber/assert.c,v 1.11.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#ifdef LDAP_NEED_ASSERT
+
+#include <stdio.h>
+
+/*
+ * helper for our private assert() macro
+ *
+ * note: if assert() doesn't exist, like abort() or raise() won't either.
+ * could use kill() but that might be problematic. I'll just ignore this
+ * issue for now.
+ */
+
+void
+ber_pvt_assert( const char *file, int line, const char *test )
+{
+ fprintf(stderr,
+ _("Assertion failed: %s, file %s, line %d\n"),
+ test, file, line);
+
+ abort();
+}
+
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/bprint.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/bprint.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/bprint.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,322 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblber/bprint.c,v 1.55.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/*
+ * Copyright (c) 1991 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/stdarg.h>
+#include <ac/string.h>
+
+#include "lber-int.h"
+
+#define ber_log_check(errlvl, loglvl) ((errlvl) & (loglvl))
+
+BER_LOG_FN ber_int_log_proc = NULL;
+
+/*
+ * We don't just set ber_pvt_err_file to stderr here, because in NT,
+ * stderr is a symbol imported from a DLL. As such, the compiler
+ * doesn't recognize the symbol as having a constant address. Thus
+ * we set ber_pvt_err_file to stderr later, when it first gets
+ * referenced.
+ */
+FILE *ber_pvt_err_file = NULL;
+
+/*
+ * ber errno
+ */
+BER_ERRNO_FN ber_int_errno_fn = NULL;
+
+int * ber_errno_addr(void)
+{
+ static int ber_int_errno = LBER_ERROR_NONE;
+
+ if( ber_int_errno_fn ) {
+ return (*ber_int_errno_fn)();
+ }
+
+ return &ber_int_errno;
+}
+
+/*
+ * Print stuff
+ */
+void ber_error_print( LDAP_CONST char *data )
+{
+ assert( data != NULL );
+
+ if (!ber_pvt_err_file) ber_pvt_err_file = stderr;
+
+ fputs( data, ber_pvt_err_file );
+
+ /* Print to both streams */
+ if (ber_pvt_err_file != stderr) {
+ fputs( data, stderr );
+ fflush( stderr );
+ }
+
+ fflush( ber_pvt_err_file );
+}
+
+BER_LOG_PRINT_FN ber_pvt_log_print = ber_error_print;
+
+/*
+ * lber log
+ */
+
+int ber_pvt_log_output(
+ const char *subsystem,
+ int level,
+ const char *fmt,
+ ... )
+{
+ char buf[1024];
+ va_list vl;
+ va_start( vl, fmt );
+
+ if ( ber_int_log_proc != NULL ) {
+ ber_int_log_proc( ber_pvt_err_file, subsystem, level, fmt, vl );
+
+ } else {
+ int level;
+ ber_get_option( NULL, LBER_OPT_BER_DEBUG, &level );
+ buf[sizeof(buf) - 1] = '\0';
+ vsnprintf( buf, sizeof(buf)-1, fmt, vl );
+ if ( ber_log_check( LDAP_DEBUG_BER, level ) ) {
+ (*ber_pvt_log_print)( buf );
+ }
+ }
+
+ va_end(vl);
+ return 1;
+}
+
+int ber_pvt_log_printf( int errlvl, int loglvl, const char *fmt, ... )
+{
+ char buf[1024];
+ va_list ap;
+
+ assert( fmt != NULL );
+
+ if ( !ber_log_check( errlvl, loglvl )) {
+ return 0;
+ }
+
+ va_start( ap, fmt );
+
+ buf[sizeof(buf) - 1] = '\0';
+ vsnprintf( buf, sizeof(buf)-1, fmt, ap );
+
+ va_end(ap);
+
+ (*ber_pvt_log_print)( buf );
+ return 1;
+}
+
+#if 0
+static int ber_log_puts(int errlvl, int loglvl, char *buf)
+{
+ assert( buf != NULL );
+
+ if ( !ber_log_check( errlvl, loglvl )) {
+ return 0;
+ }
+
+ (*ber_pvt_log_print)( buf );
+ return 1;
+}
+#endif
+
+/*
+ * Print arbitrary stuff, for debugging.
+ */
+
+int
+ber_log_bprint(int errlvl,
+ int loglvl,
+ const char *data,
+ ber_len_t len )
+{
+ assert( data != NULL );
+
+ if ( !ber_log_check( errlvl, loglvl )) {
+ return 0;
+ }
+
+ ber_bprint(data, len);
+ return 1;
+}
+
+void
+ber_bprint(
+ LDAP_CONST char *data,
+ ber_len_t len )
+{
+ static const char hexdig[] = "0123456789abcdef";
+#define BP_OFFSET 9
+#define BP_GRAPH 60
+#define BP_LEN 80
+ char line[BP_LEN];
+ ber_len_t i;
+
+ assert( data != NULL );
+
+ /* in case len is zero */
+ line[0] = '\n';
+ line[1] = '\0';
+
+ for ( i = 0 ; i < len ; i++ ) {
+ int n = i % 16;
+ unsigned off;
+
+ if( !n ) {
+ if( i ) (*ber_pvt_log_print)( line );
+ memset( line, ' ', sizeof(line)-2 );
+ line[sizeof(line)-2] = '\n';
+ line[sizeof(line)-1] = '\0';
+
+ off = i % 0x0ffffU;
+
+ line[2] = hexdig[0x0f & (off >> 12)];
+ line[3] = hexdig[0x0f & (off >> 8)];
+ line[4] = hexdig[0x0f & (off >> 4)];
+ line[5] = hexdig[0x0f & off];
+ line[6] = ':';
+ }
+
+ off = BP_OFFSET + n*3 + ((n >= 8)?1:0);
+ line[off] = hexdig[0x0f & ( data[i] >> 4 )];
+ line[off+1] = hexdig[0x0f & data[i]];
+
+ off = BP_GRAPH + n + ((n >= 8)?1:0);
+
+ if ( isprint( (unsigned char) data[i] )) {
+ line[BP_GRAPH + n] = data[i];
+ } else {
+ line[BP_GRAPH + n] = '.';
+ }
+ }
+
+ (*ber_pvt_log_print)( line );
+}
+
+
+int
+ber_log_dump(
+ int errlvl,
+ int loglvl,
+ BerElement *ber,
+ int inout )
+{
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if ( !ber_log_check( errlvl, loglvl )) {
+ return 0;
+ }
+
+ ber_dump(ber, inout);
+ return 1;
+}
+
+void
+ber_dump(
+ BerElement *ber,
+ int inout )
+{
+ char buf[132];
+ ber_len_t len;
+
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if ( inout == 1 ) {
+ len = ber_pvt_ber_remaining(ber);
+ } else {
+ len = ber_pvt_ber_write(ber);
+ }
+
+ sprintf( buf, "ber_dump: buf=0x%08lx ptr=0x%08lx end=0x%08lx len=%ld\n",
+ (long) ber->ber_buf,
+ (long) ber->ber_ptr,
+ (long) ber->ber_end,
+ (long) len );
+
+ (void) (*ber_pvt_log_print)( buf );
+
+ ber_bprint( ber->ber_ptr, len );
+}
+
+int
+ber_log_sos_dump(
+ int errlvl,
+ int loglvl,
+ Seqorset *sos )
+{
+ assert( sos != NULL );
+
+ if ( !ber_log_check( errlvl, loglvl )) {
+ return 0;
+ }
+
+ ber_sos_dump( sos );
+ return 1;
+}
+
+void
+ber_sos_dump(
+ Seqorset *sos )
+{
+ char buf[132];
+
+ assert( sos != NULL );
+
+ (*ber_pvt_log_print)( "*** sos dump ***\n" );
+
+ while ( sos != NULL ) {
+ sprintf( buf, "ber_sos_dump: clen %ld first 0x%lx ptr 0x%lx\n",
+ (long) sos->sos_clen,
+ (long) sos->sos_first,
+ (long) sos->sos_ptr );
+ (*ber_pvt_log_print)( buf );
+
+ sprintf( buf, " current len %ld contents:\n",
+ (long) (sos->sos_ptr - sos->sos_first) );
+ (*ber_pvt_log_print)( buf );
+
+ ber_bprint( sos->sos_first, sos->sos_ptr - sos->sos_first );
+
+ sos = sos->sos_next;
+ }
+
+ (*ber_pvt_log_print)( "*** end dump ***\n" );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/debug.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/debug.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/debug.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,111 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblber/debug.c,v 1.18.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdarg.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/ctype.h>
+
+#ifdef LDAP_SYSLOG
+#include <ac/syslog.h>
+#endif
+
+#include "ldap_log.h"
+#include "ldap_defaults.h"
+#include "lber.h"
+#include "ldap_pvt.h"
+
+static FILE *log_file = NULL;
+
+#ifdef LDAP_SYSLOG
+static int use_syslog = 0;
+
+static int debug2syslog(int l) {
+ switch (l) {
+ case LDAP_LEVEL_EMERG: return LOG_EMERG;
+ case LDAP_LEVEL_ALERT: return LOG_ALERT;
+ case LDAP_LEVEL_CRIT: return LOG_CRIT;
+ case LDAP_LEVEL_ERR: return LOG_ERR;
+ case LDAP_LEVEL_WARNING: return LOG_WARNING;
+ case LDAP_LEVEL_NOTICE: return LOG_NOTICE;
+ case LDAP_LEVEL_INFO: return LOG_INFO;
+ }
+ return LOG_DEBUG;
+}
+#endif
+
+int lutil_debug_file( FILE *file )
+{
+ log_file = file;
+ ber_set_option( NULL, LBER_OPT_LOG_PRINT_FILE, file );
+
+ return 0;
+}
+
+void (lutil_debug)( int debug, int level, const char *fmt, ... )
+{
+ char buffer[4096];
+ va_list vl;
+
+ if ( !(level & debug ) ) return;
+
+#ifdef HAVE_WINSOCK
+ if( log_file == NULL ) {
+ log_file = fopen( LDAP_RUNDIR LDAP_DIRSEP "openldap.log", "w" );
+
+ if ( log_file == NULL ) {
+ log_file = fopen( "openldap.log", "w" );
+ if ( log_file == NULL ) return;
+ }
+
+ ber_set_option( NULL, LBER_OPT_LOG_PRINT_FILE, log_file );
+ }
+#endif
+
+ va_start( vl, fmt );
+ vsnprintf( buffer, sizeof(buffer), fmt, vl );
+ buffer[sizeof(buffer)-1] = '\0';
+ if( log_file != NULL ) {
+ fputs( buffer, log_file );
+ fflush( log_file );
+ }
+ fputs( buffer, stderr );
+ va_end( vl );
+}
+
+#if defined(HAVE_EBCDIC) && defined(LDAP_SYSLOG)
+#undef syslog
+void eb_syslog( int pri, const char *fmt, ... )
+{
+ char buffer[4096];
+ va_list vl;
+
+ va_start( vl, fmt );
+ vsnprintf( buffer, sizeof(buffer), fmt, vl );
+ buffer[sizeof(buffer)-1] = '\0';
+
+ /* The syslog function appears to only work with pure EBCDIC */
+ __atoe(buffer);
+#pragma convlit(suspend)
+ syslog( pri, "%s", buffer );
+#pragma convlit(resume)
+ va_end( vl );
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/decode.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/decode.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/decode.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1002 @@
+/* decode.c - ber input decoding routines */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/decode.c,v 1.101.2.4 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/stdarg.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "lber-int.h"
+
+static ber_len_t ber_getnint LDAP_P((
+ BerElement *ber,
+ ber_int_t *num,
+ ber_len_t len ));
+
+/* return the tag - LBER_DEFAULT returned means trouble */
+ber_tag_t
+ber_get_tag( BerElement *ber )
+{
+ unsigned char xbyte;
+ ber_tag_t tag;
+ unsigned int i;
+
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if ( ber_pvt_ber_remaining( ber ) < 1 ) {
+ return LBER_DEFAULT;
+ }
+
+ if ( ber->ber_ptr == ber->ber_buf ) {
+ tag = *(unsigned char *)ber->ber_ptr;
+ } else {
+ tag = ber->ber_tag;
+ }
+ ber->ber_ptr++;
+
+ if ( (tag & LBER_BIG_TAG_MASK) != LBER_BIG_TAG_MASK ) {
+ return tag;
+ }
+
+ for ( i = 1; i < sizeof(ber_tag_t); i++ ) {
+ if ( ber_read( ber, (char *) &xbyte, 1 ) != 1 ) {
+ return LBER_DEFAULT;
+ }
+
+ tag <<= 8;
+ tag |= 0x00ffUL & (ber_tag_t) xbyte;
+
+ if ( ! (xbyte & LBER_MORE_TAG_MASK) ) {
+ break;
+ }
+ }
+
+ /* tag too big! */
+ if ( i == sizeof(ber_tag_t) ) {
+ return LBER_DEFAULT;
+ }
+
+ return tag;
+}
+
+ber_tag_t
+ber_skip_tag( BerElement *ber, ber_len_t *len )
+{
+ ber_tag_t tag;
+ unsigned char lc;
+ ber_len_t i, noctets;
+ unsigned char netlen[sizeof(ber_len_t)];
+
+ assert( ber != NULL );
+ assert( len != NULL );
+ assert( LBER_VALID( ber ) );
+
+ /*
+ * Any ber element looks like this: tag length contents.
+ * Assuming everything's ok, we return the tag byte (we
+ * can assume a single byte), and return the length in len.
+ *
+ * Assumptions:
+ * 1) definite lengths
+ * 2) primitive encodings used whenever possible
+ */
+
+ *len = 0;
+
+ /*
+ * First, we read the tag.
+ */
+
+ if ( (tag = ber_get_tag( ber )) == LBER_DEFAULT ) {
+ return LBER_DEFAULT;
+ }
+
+ /*
+ * Next, read the length. The first byte contains the length of
+ * the length. If bit 8 is set, the length is the long form,
+ * otherwise it's the short form. We don't allow a length that's
+ * greater than what we can hold in a ber_len_t.
+ */
+
+ if ( ber_read( ber, (char *) &lc, 1 ) != 1 ) {
+ return LBER_DEFAULT;
+ }
+
+ if ( lc & 0x80U ) {
+ noctets = (lc & 0x7fU);
+
+ if ( noctets > sizeof(ber_len_t) ) {
+ return LBER_DEFAULT;
+ }
+
+ if( (unsigned) ber_read( ber, (char *) netlen, noctets ) != noctets ) {
+ return LBER_DEFAULT;
+ }
+
+ for( i = 0; i < noctets; i++ ) {
+ *len <<= 8;
+ *len |= netlen[i];
+ }
+
+ } else {
+ *len = lc;
+ }
+
+ /* BER element should have enough data left */
+ if( *len > (ber_len_t) ber_pvt_ber_remaining( ber ) ) {
+ return LBER_DEFAULT;
+ }
+ ber->ber_tag = *(unsigned char *)ber->ber_ptr;
+
+ return tag;
+}
+
+ber_tag_t
+ber_peek_tag(
+ BerElement *ber,
+ ber_len_t *len )
+{
+ /*
+ * This implementation assumes ber_skip_tag() only
+ * modifies ber_ptr field of the BerElement.
+ */
+
+ char *save;
+ ber_tag_t tag, old;
+
+ old = ber->ber_tag;
+ save = ber->ber_ptr;
+ tag = ber_skip_tag( ber, len );
+ ber->ber_ptr = save;
+ ber->ber_tag = old;
+
+ return tag;
+}
+
+static ber_len_t
+ber_getnint(
+ BerElement *ber,
+ ber_int_t *num,
+ ber_len_t len )
+{
+ unsigned char buf[sizeof(ber_int_t)];
+
+ assert( ber != NULL );
+ assert( num != NULL );
+ assert( LBER_VALID( ber ) );
+
+ /*
+ * The tag and length have already been stripped off. We should
+ * be sitting right before len bytes of 2's complement integer,
+ * ready to be read straight into an int. We may have to sign
+ * extend after we read it in.
+ */
+
+ if ( len > sizeof(ber_int_t) ) {
+ return -1;
+ }
+
+ /* read into the low-order bytes of our buffer */
+ if ( (ber_len_t) ber_read( ber, (char *) buf, len ) != len ) {
+ return -1;
+ }
+
+ if( len ) {
+ /* sign extend if necessary */
+ ber_len_t i;
+ ber_int_t netnum = 0x80 & buf[0] ? -1 : 0;
+
+ /* shift in the bytes */
+ for( i=0 ; i<len; i++ ) {
+ netnum = (netnum << 8 ) | buf[i];
+ }
+
+ *num = netnum;
+
+ } else {
+ *num = 0;
+ }
+ ber->ber_tag = *(unsigned char *)ber->ber_ptr;
+
+ return len;
+}
+
+ber_tag_t
+ber_get_int(
+ BerElement *ber,
+ ber_int_t *num )
+{
+ ber_tag_t tag;
+ ber_len_t len;
+
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if ( (tag = ber_skip_tag( ber, &len )) == LBER_DEFAULT ) {
+ return LBER_DEFAULT;
+ }
+
+ if ( ber_getnint( ber, num, len ) != len ) {
+ return LBER_DEFAULT;
+ }
+
+ return tag;
+}
+
+ber_tag_t
+ber_get_enum(
+ BerElement *ber,
+ ber_int_t *num )
+{
+ return ber_get_int( ber, num );
+}
+
+ber_tag_t
+ber_get_stringb(
+ BerElement *ber,
+ char *buf,
+ ber_len_t *len )
+{
+ ber_len_t datalen;
+ ber_tag_t tag;
+
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if ( (tag = ber_skip_tag( ber, &datalen )) == LBER_DEFAULT ) {
+ return LBER_DEFAULT;
+ }
+
+ /* must fit within allocated space with termination */
+ if ( datalen >= *len ) {
+ return LBER_DEFAULT;
+ }
+
+ if ( (ber_len_t) ber_read( ber, buf, datalen ) != datalen ) {
+ return LBER_DEFAULT;
+ }
+ ber->ber_tag = *(unsigned char *)ber->ber_ptr;
+
+ buf[datalen] = '\0';
+
+ *len = datalen;
+ return tag;
+}
+
+/* Definitions for get_string vector
+ *
+ * ChArray, BvArray, and BvVec are self-explanatory.
+ * BvOff is a struct berval embedded in an array of larger structures
+ * of siz bytes at off bytes from the beginning of the struct.
+ */
+enum bgbvc { ChArray, BvArray, BvVec, BvOff };
+
+/* Use this single cookie for state, to keep actual
+ * stack use to the absolute minimum.
+ */
+typedef struct bgbvr {
+ enum bgbvc choice;
+ BerElement *ber;
+ int alloc;
+ ber_len_t siz;
+ ber_len_t off;
+ union {
+ char ***c;
+ BerVarray *ba;
+ struct berval ***bv;
+ } res;
+} bgbvr;
+
+static ber_tag_t
+ber_get_stringbvl( bgbvr *b, ber_len_t *rlen )
+{
+ int i = 0, n;
+ ber_tag_t tag;
+ ber_len_t len;
+ char *last, *orig;
+ struct berval bv, *bvp = NULL;
+
+ /* For rewinding, just like ber_peek_tag() */
+ orig = b->ber->ber_ptr;
+ tag = b->ber->ber_tag;
+
+ if ( ber_first_element( b->ber, &len, &last ) != LBER_DEFAULT ) {
+ for ( ; b->ber->ber_ptr < last; i++ ) {
+ if (ber_skip_tag( b->ber, &len ) == LBER_DEFAULT) break;
+ b->ber->ber_ptr += len;
+ b->ber->ber_tag = *(unsigned char *)b->ber->ber_ptr;
+ }
+ }
+
+ if ( rlen ) *rlen = i;
+
+ if ( i == 0 ) {
+ *b->res.c = NULL;
+ return 0;
+ }
+
+ n = i;
+
+ /* Allocate the result vector */
+ switch (b->choice) {
+ case ChArray:
+ *b->res.c = ber_memalloc_x( (n+1)*sizeof( char * ),
+ b->ber->ber_memctx);
+ if ( *b->res.c == NULL ) return LBER_DEFAULT;
+ (*b->res.c)[n] = NULL;
+ break;
+ case BvArray:
+ *b->res.ba = ber_memalloc_x( (n+1)*sizeof( struct berval ),
+ b->ber->ber_memctx);
+ if ( *b->res.ba == NULL ) return LBER_DEFAULT;
+ (*b->res.ba)[n].bv_val = NULL;
+ break;
+ case BvVec:
+ *b->res.bv = ber_memalloc_x( (n+1)*sizeof( struct berval *),
+ b->ber->ber_memctx);
+ if ( *b->res.bv == NULL ) return LBER_DEFAULT;
+ (*b->res.bv)[n] = NULL;
+ break;
+ case BvOff:
+ *b->res.ba = ber_memalloc_x( (n+1) * b->siz, b->ber->ber_memctx );
+ if ( *b->res.ba == NULL ) return LBER_DEFAULT;
+ ((struct berval *)((long)(*b->res.ba) + n*b->siz +
+ b->off))->bv_val = NULL;
+ break;
+ }
+ b->ber->ber_ptr = orig;
+ b->ber->ber_tag = tag;
+ ber_skip_tag( b->ber, &len );
+
+ for (n=0; n<i; n++)
+ {
+ tag = ber_next_element( b->ber, &len, last );
+ if ( ber_get_stringbv( b->ber, &bv, b->alloc ) == LBER_DEFAULT ) {
+ goto nomem;
+ }
+
+ /* store my result */
+ switch (b->choice) {
+ case ChArray:
+ (*b->res.c)[n] = bv.bv_val;
+ break;
+ case BvArray:
+ (*b->res.ba)[n] = bv;
+ break;
+ case BvVec:
+ bvp = ber_memalloc_x( sizeof( struct berval ), b->ber->ber_memctx);
+ if ( !bvp ) {
+ LBER_FREE(bv.bv_val);
+ goto nomem;
+ }
+ (*b->res.bv)[n] = bvp;
+ *bvp = bv;
+ break;
+ case BvOff:
+ *(BerVarray)((long)(*b->res.ba)+n*b->siz+b->off) = bv;
+ break;
+ }
+ }
+ return tag;
+
+nomem:
+ if (b->alloc || b->choice == BvVec) {
+ for (--n; n>=0; n--) {
+ switch(b->choice) {
+ case ChArray:
+ LBER_FREE((*b->res.c)[n]);
+ break;
+ case BvArray:
+ LBER_FREE((*b->res.ba)[n].bv_val);
+ break;
+ case BvVec:
+ LBER_FREE((*b->res.bv)[n]->bv_val);
+ LBER_FREE((*b->res.bv)[n]);
+ break;
+ default:
+ break;
+ }
+ }
+ }
+ LBER_FREE(*b->res.c);
+ *b->res.c = NULL;
+ return LBER_DEFAULT;
+}
+
+ber_tag_t
+ber_get_stringbv( BerElement *ber, struct berval *bv, int alloc )
+{
+ ber_tag_t tag;
+
+ assert( ber != NULL );
+ assert( bv != NULL );
+
+ assert( LBER_VALID( ber ) );
+
+ if ( (tag = ber_skip_tag( ber, &bv->bv_len )) == LBER_DEFAULT ) {
+ bv->bv_val = NULL;
+ return LBER_DEFAULT;
+ }
+
+ if ( (ber_len_t) ber_pvt_ber_remaining( ber ) < bv->bv_len ) {
+ return LBER_DEFAULT;
+ }
+
+ if ( alloc ) {
+ bv->bv_val = (char *) ber_memalloc_x( bv->bv_len + 1,
+ ber->ber_memctx );
+ if ( bv->bv_val == NULL ) {
+ return LBER_DEFAULT;
+ }
+
+ if ( bv->bv_len > 0 && (ber_len_t) ber_read( ber, bv->bv_val,
+ bv->bv_len ) != bv->bv_len )
+ {
+ LBER_FREE( bv->bv_val );
+ bv->bv_val = NULL;
+ return LBER_DEFAULT;
+ }
+ } else {
+ bv->bv_val = ber->ber_ptr;
+ ber->ber_ptr += bv->bv_len;
+ }
+ ber->ber_tag = *(unsigned char *)ber->ber_ptr;
+ bv->bv_val[bv->bv_len] = '\0';
+
+ return tag;
+}
+
+#ifdef LDAP_NULL_IS_NULL
+ber_tag_t
+ber_get_stringbv_null( BerElement *ber, struct berval *bv, int alloc )
+{
+ ber_tag_t tag;
+
+ assert( ber != NULL );
+ assert( bv != NULL );
+
+ assert( LBER_VALID( ber ) );
+
+ if ( (tag = ber_skip_tag( ber, &bv->bv_len )) == LBER_DEFAULT ) {
+ bv->bv_val = NULL;
+ return LBER_DEFAULT;
+ }
+
+ if ( (ber_len_t) ber_pvt_ber_remaining( ber ) < bv->bv_len ) {
+ return LBER_DEFAULT;
+ }
+
+ if ( bv->bv_len == 0 ) {
+ bv->bv_val = NULL;
+ ber->ber_tag = *(unsigned char *)ber->ber_ptr;
+ return tag;
+ }
+
+ if ( alloc ) {
+ bv->bv_val = (char *) ber_memalloc_x( bv->bv_len + 1,
+ ber->ber_memctx );
+ if ( bv->bv_val == NULL ) {
+ return LBER_DEFAULT;
+ }
+
+ if ( bv->bv_len > 0 && (ber_len_t) ber_read( ber, bv->bv_val,
+ bv->bv_len ) != bv->bv_len )
+ {
+ LBER_FREE( bv->bv_val );
+ bv->bv_val = NULL;
+ return LBER_DEFAULT;
+ }
+ } else {
+ bv->bv_val = ber->ber_ptr;
+ ber->ber_ptr += bv->bv_len;
+ }
+ ber->ber_tag = *(unsigned char *)ber->ber_ptr;
+ bv->bv_val[bv->bv_len] = '\0';
+
+ return tag;
+}
+#endif /* LDAP_NULL_IS_NULL */
+
+ber_tag_t
+ber_get_stringa( BerElement *ber, char **buf )
+{
+ BerValue bv;
+ ber_tag_t tag;
+
+ assert( buf != NULL );
+
+ tag = ber_get_stringbv( ber, &bv, 1 );
+ *buf = bv.bv_val;
+
+ return tag;
+}
+
+#ifdef LDAP_NULL_IS_NULL
+ber_tag_t
+ber_get_stringa_null( BerElement *ber, char **buf )
+{
+ BerValue bv;
+ ber_tag_t tag;
+
+ assert( buf != NULL );
+
+ tag = ber_get_stringbv_null( ber, &bv, 1 );
+ *buf = bv.bv_val;
+
+ return tag;
+}
+#endif /* LDAP_NULL_IS_NULL */
+
+ber_tag_t
+ber_get_stringal( BerElement *ber, struct berval **bv )
+{
+ ber_tag_t tag;
+
+ assert( ber != NULL );
+ assert( bv != NULL );
+
+ *bv = (struct berval *) ber_memalloc_x( sizeof(struct berval),
+ ber->ber_memctx );
+ if ( *bv == NULL ) {
+ return LBER_DEFAULT;
+ }
+
+ tag = ber_get_stringbv( ber, *bv, 1 );
+ if ( tag == LBER_DEFAULT ) {
+ LBER_FREE( *bv );
+ *bv = NULL;
+ }
+ return tag;
+}
+
+ber_tag_t
+ber_get_bitstringa(
+ BerElement *ber,
+ char **buf,
+ ber_len_t *blen )
+{
+ ber_len_t datalen;
+ ber_tag_t tag;
+ unsigned char unusedbits;
+
+ assert( ber != NULL );
+ assert( buf != NULL );
+ assert( blen != NULL );
+
+ assert( LBER_VALID( ber ) );
+
+ if ( (tag = ber_skip_tag( ber, &datalen )) == LBER_DEFAULT ) {
+ *buf = NULL;
+ return LBER_DEFAULT;
+ }
+ --datalen;
+
+ *buf = (char *) ber_memalloc_x( datalen, ber->ber_memctx );
+ if ( *buf == NULL ) {
+ return LBER_DEFAULT;
+ }
+
+ if ( ber_read( ber, (char *)&unusedbits, 1 ) != 1 ) {
+ LBER_FREE( buf );
+ *buf = NULL;
+ return LBER_DEFAULT;
+ }
+
+ if ( (ber_len_t) ber_read( ber, *buf, datalen ) != datalen ) {
+ LBER_FREE( buf );
+ *buf = NULL;
+ return LBER_DEFAULT;
+ }
+ ber->ber_tag = *(unsigned char *)ber->ber_ptr;
+
+ *blen = datalen * 8 - unusedbits;
+ return tag;
+}
+
+ber_tag_t
+ber_get_null( BerElement *ber )
+{
+ ber_len_t len;
+ ber_tag_t tag;
+
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if ( (tag = ber_skip_tag( ber, &len )) == LBER_DEFAULT ) {
+ return LBER_DEFAULT;
+ }
+
+ if ( len != 0 ) {
+ return LBER_DEFAULT;
+ }
+ ber->ber_tag = *(unsigned char *)ber->ber_ptr;
+
+ return( tag );
+}
+
+ber_tag_t
+ber_get_boolean(
+ BerElement *ber,
+ ber_int_t *boolval )
+{
+ ber_int_t longbool;
+ ber_tag_t rc;
+
+ assert( ber != NULL );
+ assert( boolval != NULL );
+
+ assert( LBER_VALID( ber ) );
+
+ rc = ber_get_int( ber, &longbool );
+ *boolval = longbool;
+
+ return rc;
+}
+
+ber_tag_t
+ber_first_element(
+ BerElement *ber,
+ ber_len_t *len,
+ char **last )
+{
+ assert( ber != NULL );
+ assert( len != NULL );
+ assert( last != NULL );
+
+ /* skip the sequence header, use the len to mark where to stop */
+ if ( ber_skip_tag( ber, len ) == LBER_DEFAULT ) {
+ *last = NULL;
+ return LBER_DEFAULT;
+ }
+ ber->ber_tag = *(unsigned char *)ber->ber_ptr;
+
+ *last = ber->ber_ptr + *len;
+
+ if ( *last == ber->ber_ptr ) {
+ return LBER_DEFAULT;
+ }
+
+ return ber_peek_tag( ber, len );
+}
+
+ber_tag_t
+ber_next_element(
+ BerElement *ber,
+ ber_len_t *len,
+ LDAP_CONST char *last )
+{
+ assert( ber != NULL );
+ assert( len != NULL );
+ assert( last != NULL );
+
+ assert( LBER_VALID( ber ) );
+
+ if ( ber->ber_ptr >= last ) {
+ return LBER_DEFAULT;
+ }
+
+ return ber_peek_tag( ber, len );
+}
+
+/* VARARGS */
+ber_tag_t
+ber_scanf ( BerElement *ber,
+ LDAP_CONST char *fmt,
+ ... )
+{
+ va_list ap;
+ LDAP_CONST char *fmt_reset;
+ char *s, **ss;
+ struct berval **bvp, *bval;
+ ber_int_t *i;
+ ber_len_t *l;
+ ber_tag_t *t;
+ ber_tag_t rc;
+ ber_len_t len;
+
+ va_start( ap, fmt );
+
+ assert( ber != NULL );
+ assert( fmt != NULL );
+
+ assert( LBER_VALID( ber ) );
+
+ fmt_reset = fmt;
+
+ ber_log_printf( LDAP_DEBUG_TRACE, ber->ber_debug,
+ "ber_scanf fmt (%s) ber:\n", fmt );
+ ber_log_dump( LDAP_DEBUG_BER, ber->ber_debug, ber, 1 );
+
+ for ( rc = 0; *fmt && rc != LBER_DEFAULT; fmt++ ) {
+ /* When this is modified, remember to update
+ * the error-cleanup code below accordingly. */
+ switch ( *fmt ) {
+ case '!': { /* Hook */
+ BERDecodeCallback *f;
+ void *p;
+
+ f = va_arg( ap, BERDecodeCallback * );
+ p = va_arg( ap, void * );
+
+ rc = (*f)( ber, p, 0 );
+ } break;
+
+ case 'a': /* octet string - allocate storage as needed */
+ ss = va_arg( ap, char ** );
+ rc = ber_get_stringa( ber, ss );
+ break;
+
+#ifdef LDAP_NULL_IS_NULL
+ case 'A': /* octet string - allocate storage as needed,
+ * but return NULL if len == 0 */
+ ss = va_arg( ap, char ** );
+ rc = ber_get_stringa_null( ber, ss );
+ break;
+#endif /* LDAP_NULL_IS_NULL */
+
+ case 'b': /* boolean */
+ i = va_arg( ap, ber_int_t * );
+ rc = ber_get_boolean( ber, i );
+ break;
+
+ case 'B': /* bit string - allocate storage as needed */
+ ss = va_arg( ap, char ** );
+ l = va_arg( ap, ber_len_t * ); /* for length, in bits */
+ rc = ber_get_bitstringa( ber, ss, l );
+ break;
+
+ case 'e': /* enumerated */
+ case 'i': /* int */
+ i = va_arg( ap, ber_int_t * );
+ rc = ber_get_int( ber, i );
+ break;
+
+ case 'l': /* length of next item */
+ l = va_arg( ap, ber_len_t * );
+ rc = ber_peek_tag( ber, l );
+ break;
+
+ case 'm': /* octet string in berval, in-place */
+ bval = va_arg( ap, struct berval * );
+ rc = ber_get_stringbv( ber, bval, 0 );
+ break;
+
+ case 'M': /* bvoffarray - must include address of
+ * a record len, and record offset.
+ * number of records will be returned thru
+ * len ptr on finish. parsed in-place.
+ */
+ {
+ bgbvr cookie = { BvOff };
+ cookie.ber = ber;
+ cookie.res.ba = va_arg( ap, struct berval ** );
+ cookie.alloc = 0;
+ l = va_arg( ap, ber_len_t * );
+ cookie.siz = *l;
+ cookie.off = va_arg( ap, ber_len_t );
+ rc = ber_get_stringbvl( &cookie, l );
+ break;
+ }
+
+ case 'n': /* null */
+ rc = ber_get_null( ber );
+ break;
+
+ case 'o': /* octet string in a supplied berval */
+ bval = va_arg( ap, struct berval * );
+ rc = ber_get_stringbv( ber, bval, 1 );
+ break;
+
+ case 'O': /* octet string - allocate & include length */
+ bvp = va_arg( ap, struct berval ** );
+ rc = ber_get_stringal( ber, bvp );
+ break;
+
+ case 's': /* octet string - in a buffer */
+ s = va_arg( ap, char * );
+ l = va_arg( ap, ber_len_t * );
+ rc = ber_get_stringb( ber, s, l );
+ break;
+
+ case 't': /* tag of next item */
+ t = va_arg( ap, ber_tag_t * );
+ *t = rc = ber_peek_tag( ber, &len );
+ break;
+
+ case 'T': /* skip tag of next item */
+ t = va_arg( ap, ber_tag_t * );
+ *t = rc = ber_skip_tag( ber, &len );
+ break;
+
+ case 'v': /* sequence of strings */
+ {
+ bgbvr cookie = { ChArray };
+ cookie.ber = ber;
+ cookie.res.c = va_arg( ap, char *** );
+ cookie.alloc = 1;
+ rc = ber_get_stringbvl( &cookie, NULL );
+ break;
+ }
+
+ case 'V': /* sequence of strings + lengths */
+ {
+ bgbvr cookie = { BvVec };
+ cookie.ber = ber;
+ cookie.res.bv = va_arg( ap, struct berval *** );
+ cookie.alloc = 1;
+ rc = ber_get_stringbvl( &cookie, NULL );
+ break;
+ }
+
+ case 'W': /* bvarray */
+ {
+ bgbvr cookie = { BvArray };
+ cookie.ber = ber;
+ cookie.res.ba = va_arg( ap, struct berval ** );
+ cookie.alloc = 1;
+ rc = ber_get_stringbvl( &cookie, NULL );
+ break;
+ }
+
+ case 'x': /* skip the next element - whatever it is */
+ if ( (rc = ber_skip_tag( ber, &len )) == LBER_DEFAULT )
+ break;
+ ber->ber_ptr += len;
+ ber->ber_tag = *(unsigned char *)ber->ber_ptr;
+ break;
+
+ case '{': /* begin sequence */
+ case '[': /* begin set */
+ if ( *(fmt + 1) != 'v' && *(fmt + 1) != 'V'
+ && *(fmt + 1) != 'W' && *(fmt + 1) != 'M' )
+ rc = ber_skip_tag( ber, &len );
+ break;
+
+ case '}': /* end sequence */
+ case ']': /* end set */
+ break;
+
+ default:
+ if( ber->ber_debug ) {
+ ber_log_printf( LDAP_DEBUG_ANY, ber->ber_debug,
+ "ber_scanf: unknown fmt %c\n", *fmt );
+ }
+ rc = LBER_DEFAULT;
+ break;
+ }
+ }
+
+ va_end( ap );
+ if ( rc == LBER_DEFAULT ) {
+ /*
+ * Error. Reclaim malloced memory that was given to the caller.
+ * Set allocated pointers to NULL, "data length" outvalues to 0.
+ */
+ va_start( ap, fmt );
+
+ for ( ; fmt_reset < fmt; fmt_reset++ ) {
+ switch ( *fmt_reset ) {
+ case '!': { /* Hook */
+ BERDecodeCallback *f;
+ void *p;
+
+ f = va_arg( ap, BERDecodeCallback * );
+ p = va_arg( ap, void * );
+
+ (void) (*f)( ber, p, 1 );
+ } break;
+
+ case 'a': /* octet string - allocate storage as needed */
+#ifdef LDAP_NULL_IS_NULL
+ case 'A':
+#endif /* LDAP_NULL_IS_NULL */
+ ss = va_arg( ap, char ** );
+ if ( *ss ) {
+ LBER_FREE( *ss );
+ *ss = NULL;
+ }
+ break;
+
+ case 'b': /* boolean */
+ case 'e': /* enumerated */
+ case 'i': /* int */
+ (void) va_arg( ap, int * );
+ break;
+
+ case 'l': /* length of next item */
+ (void) va_arg( ap, ber_len_t * );
+ break;
+
+ case 'o': /* octet string in a supplied berval */
+ bval = va_arg( ap, struct berval * );
+ if ( bval->bv_val != NULL ) {
+ LBER_FREE( bval->bv_val );
+ bval->bv_val = NULL;
+ }
+ bval->bv_len = 0;
+ break;
+
+ case 'O': /* octet string - allocate & include length */
+ bvp = va_arg( ap, struct berval ** );
+ if ( *bvp ) {
+ ber_bvfree( *bvp );
+ *bvp = NULL;
+ }
+ break;
+
+ case 's': /* octet string - in a buffer */
+ (void) va_arg( ap, char * );
+ (void) va_arg( ap, ber_len_t * );
+ break;
+
+ case 't': /* tag of next item */
+ case 'T': /* skip tag of next item */
+ (void) va_arg( ap, ber_tag_t * );
+ break;
+
+ case 'B': /* bit string - allocate storage as needed */
+ ss = va_arg( ap, char ** );
+ if ( *ss ) {
+ LBER_FREE( *ss );
+ *ss = NULL;
+ }
+ *(va_arg( ap, ber_len_t * )) = 0; /* for length, in bits */
+ break;
+
+ case 'm': /* berval in-place */
+ case 'M': /* BVoff array in-place */
+ case 'n': /* null */
+ case 'v': /* sequence of strings */
+ case 'V': /* sequence of strings + lengths */
+ case 'W': /* BerVarray */
+ case 'x': /* skip the next element - whatever it is */
+ case '{': /* begin sequence */
+ case '[': /* begin set */
+ case '}': /* end sequence */
+ case ']': /* end set */
+ break;
+
+ default:
+ /* format should be good */
+ assert( 0 );
+ }
+ }
+
+ va_end( ap );
+ }
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/dtest.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/dtest.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/dtest.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,121 @@
+/* dtest.c - lber decoding test program */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/dtest.c,v 1.35.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/unistd.h>
+#include <ac/errno.h>
+
+#ifdef HAVE_CONSOLE_H
+#include <console.h>
+#endif
+
+#include <lber.h>
+
+static void usage( const char *name )
+{
+ fprintf( stderr, "usage: %s fmt\n", name );
+}
+
+int
+main( int argc, char **argv )
+{
+ char *s;
+
+ ber_tag_t tag;
+ ber_len_t len;
+
+ BerElement *ber;
+ Sockbuf *sb;
+ int fd;
+
+ /* enable debugging */
+ int ival = -1;
+ ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ival );
+
+ if ( argc < 2 ) {
+ usage( argv[0] );
+ return( EXIT_FAILURE );
+ }
+
+#ifdef HAVE_CONSOLE_H
+ ccommand( &argv );
+ cshow( stdout );
+#endif
+
+ sb = ber_sockbuf_alloc();
+ fd = fileno( stdin );
+ ber_sockbuf_add_io( sb, &ber_sockbuf_io_fd, LBER_SBIOD_LEVEL_PROVIDER,
+ (void *)&fd );
+
+ ber = ber_alloc_t(LBER_USE_DER);
+ if( ber == NULL ) {
+ perror( "ber_alloc_t" );
+ return( EXIT_FAILURE );
+ }
+
+ for (;;) {
+ tag = ber_get_next( sb, &len, ber);
+ if( tag != LBER_ERROR ) break;
+
+ if( errno == EWOULDBLOCK ) continue;
+ if( errno == EAGAIN ) continue;
+
+ perror( "ber_get_next" );
+ return( EXIT_FAILURE );
+ }
+
+ printf("decode: message tag 0x%lx and length %ld\n",
+ (unsigned long) tag, (long) len );
+
+ for( s = argv[1]; *s; s++ ) {
+ char buf[128];
+ char fmt[2];
+ fmt[0] = *s;
+ fmt[1] = '\0';
+
+ printf("decode: format %s\n", fmt );
+ len = sizeof(buf);
+ tag = ber_scanf( ber, fmt, &buf[0], &len );
+
+ if( tag == LBER_ERROR ) {
+ perror( "ber_scanf" );
+ return( EXIT_FAILURE );
+ }
+ }
+
+ ber_sockbuf_free( sb );
+ return( EXIT_SUCCESS );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/encode.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/encode.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/encode.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,831 @@
+/* encode.c - ber output encoding routines */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/encode.c,v 1.61.2.4 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/stdarg.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "lber-int.h"
+
+static int ber_put_len LDAP_P((
+ BerElement *ber,
+ ber_len_t len,
+ int nosos ));
+
+static int ber_start_seqorset LDAP_P((
+ BerElement *ber,
+ ber_tag_t tag ));
+
+static int ber_put_seqorset LDAP_P(( BerElement *ber ));
+
+static int ber_put_int_or_enum LDAP_P((
+ BerElement *ber,
+ ber_int_t num,
+ ber_tag_t tag ));
+
+#define BER_TOP_BYTE(type) (sizeof(type)-1)
+#define BER_TOP_MASK(type) ((type)0xffU << (BER_TOP_BYTE(type)*8))
+
+static int
+ber_calc_taglen( ber_tag_t tag )
+{
+ int i = BER_TOP_BYTE(ber_tag_t);
+ ber_tag_t mask = BER_TOP_MASK(ber_tag_t);
+
+ /* find the first non-all-zero byte in the tag */
+ for ( ; i > 0; i-- ) {
+ /* not all zero */
+ if ( tag & mask ) break;
+ mask >>= 8;
+ }
+
+ return i + 1;
+}
+
+static int
+ber_put_tag(
+ BerElement *ber,
+ ber_tag_t tag,
+ int nosos )
+{
+ int rc;
+ int taglen;
+ int i;
+ unsigned char nettag[sizeof(ber_tag_t)];
+
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ taglen = ber_calc_taglen( tag );
+
+ for( i=taglen-1; i>=0; i-- ) {
+ nettag[i] = (unsigned char)(tag & 0xffU);
+ tag >>= 8;
+ }
+
+ rc = ber_write( ber, (char *) nettag, taglen, nosos );
+
+ return rc;
+}
+
+static ber_len_t
+ber_calc_lenlen( ber_len_t len )
+{
+ /*
+ * short len if it's less than 128 - one byte giving the len,
+ * with bit 8 0.
+ */
+
+ if ( len <= (ber_len_t) 0x7FU ) return 1;
+
+ /*
+ * long len otherwise - one byte with bit 8 set, giving the
+ * length of the length, followed by the length itself.
+ */
+
+ if ( len <= (ber_len_t) 0xffU ) return 2;
+ if ( len <= (ber_len_t) 0xffffU ) return 3;
+ if ( len <= (ber_len_t) 0xffffffU ) return 4;
+
+ return 5;
+}
+
+static int
+ber_put_len( BerElement *ber, ber_len_t len, int nosos )
+{
+ int rc;
+ int i,j;
+ char lenlen;
+ ber_len_t mask;
+ unsigned char netlen[sizeof(ber_len_t)];
+
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ /*
+ * short len if it's less than 128 - one byte giving the len,
+ * with bit 8 0.
+ */
+
+ if ( len <= 127 ) {
+ char length_byte = (char) len;
+ return ber_write( ber, &length_byte, 1, nosos );
+ }
+
+ /*
+ * long len otherwise - one byte with bit 8 set, giving the
+ * length of the length, followed by the length itself.
+ */
+
+ /* find the first non-all-zero byte */
+ i = BER_TOP_BYTE(ber_len_t);
+ mask = BER_TOP_MASK(ber_len_t);
+ for ( ; i > 0; i-- ) {
+ /* not all zero */
+ if ( len & mask ) break;
+ mask >>= 8;
+ }
+ lenlen = (unsigned char) ++i;
+ if ( lenlen > 4 ) return -1;
+
+ lenlen |= 0x80UL;
+
+ /* write the length of the length */
+ if ( ber_write( ber, &lenlen, 1, nosos ) != 1 ) return -1;
+
+ for( j=i-1; j>=0; j-- ) {
+ netlen[j] = (unsigned char)(len & 0xffU);
+ len >>= 8;
+ }
+
+ /* write the length itself */
+ rc = ber_write( ber, (char *) netlen, i, nosos );
+
+ return rc == i ? i+1 : -1;
+}
+
+static int
+ber_put_int_or_enum(
+ BerElement *ber,
+ ber_int_t num,
+ ber_tag_t tag )
+{
+ int rc;
+ int i, j, sign, taglen, lenlen;
+ ber_len_t len;
+ ber_uint_t unum, mask;
+ unsigned char netnum[sizeof(ber_uint_t)];
+
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ sign = (num < 0);
+ unum = num; /* Bit fiddling should be done with unsigned values */
+
+ /*
+ * high bit is set - look for first non-all-one byte
+ * high bit is clear - look for first non-all-zero byte
+ */
+ i = BER_TOP_BYTE(ber_int_t);
+ mask = BER_TOP_MASK(ber_uint_t);
+ for ( ; i > 0; i-- ) {
+ if ( sign ) {
+ /* not all ones */
+ if ( (unum & mask) != mask ) break;
+ } else {
+ /* not all zero */
+ if ( unum & mask ) break;
+ }
+ mask >>= 8;
+ }
+
+ /*
+ * we now have the "leading byte". if the high bit on this
+ * byte matches the sign bit, we need to "back up" a byte.
+ */
+ mask = (unum & ((ber_uint_t)0x80U << (i * 8)));
+ if ( (mask && !sign) || (sign && !mask) ) {
+ i++;
+ }
+
+ len = i + 1;
+
+ if ( (taglen = ber_put_tag( ber, tag, 0 )) == -1 ) {
+ return -1;
+ }
+
+ if ( (lenlen = ber_put_len( ber, len, 0 )) == -1 ) {
+ return -1;
+ }
+ i++;
+
+ for( j=i-1; j>=0; j-- ) {
+ netnum[j] = (unsigned char)(unum & 0xffU);
+ unum >>= 8;
+ }
+
+ rc = ber_write( ber, (char *) netnum, i, 0 );
+
+ /* length of tag + length + contents */
+ return rc == i ? taglen + lenlen + i : -1;
+}
+
+int
+ber_put_enum(
+ BerElement *ber,
+ ber_int_t num,
+ ber_tag_t tag )
+{
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if ( tag == LBER_DEFAULT ) {
+ tag = LBER_ENUMERATED;
+ }
+
+ return ber_put_int_or_enum( ber, num, tag );
+}
+
+int
+ber_put_int(
+ BerElement *ber,
+ ber_int_t num,
+ ber_tag_t tag )
+{
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if ( tag == LBER_DEFAULT ) {
+ tag = LBER_INTEGER;
+ }
+
+ return ber_put_int_or_enum( ber, num, tag );
+}
+
+int
+ber_put_ostring(
+ BerElement *ber,
+ LDAP_CONST char *str,
+ ber_len_t len,
+ ber_tag_t tag )
+{
+ int taglen, lenlen, rc;
+
+ assert( ber != NULL );
+ assert( str != NULL );
+
+ assert( LBER_VALID( ber ) );
+
+ if ( tag == LBER_DEFAULT ) {
+ tag = LBER_OCTETSTRING;
+ }
+
+ if ( (taglen = ber_put_tag( ber, tag, 0 )) == -1 )
+ return -1;
+
+ if ( (lenlen = ber_put_len( ber, len, 0 )) == -1 ||
+ (ber_len_t) ber_write( ber, str, len, 0 ) != len )
+ {
+ rc = -1;
+ } else {
+ /* return length of tag + length + contents */
+ rc = taglen + lenlen + len;
+ }
+
+ return rc;
+}
+
+int
+ber_put_berval(
+ BerElement *ber,
+ struct berval *bv,
+ ber_tag_t tag )
+{
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if( bv == NULL || bv->bv_len == 0 ) {
+ return ber_put_ostring( ber, "", (ber_len_t) 0, tag );
+ }
+
+ return ber_put_ostring( ber, bv->bv_val, bv->bv_len, tag );
+}
+
+int
+ber_put_string(
+ BerElement *ber,
+ LDAP_CONST char *str,
+ ber_tag_t tag )
+{
+ assert( ber != NULL );
+ assert( str != NULL );
+
+ assert( LBER_VALID( ber ) );
+
+ return ber_put_ostring( ber, str, strlen( str ), tag );
+}
+
+int
+ber_put_bitstring(
+ BerElement *ber,
+ LDAP_CONST char *str,
+ ber_len_t blen /* in bits */,
+ ber_tag_t tag )
+{
+ int taglen, lenlen;
+ ber_len_t len;
+ unsigned char unusedbits;
+
+ assert( ber != NULL );
+ assert( str != NULL );
+
+ assert( LBER_VALID( ber ) );
+
+ if ( tag == LBER_DEFAULT ) {
+ tag = LBER_BITSTRING;
+ }
+
+ if ( (taglen = ber_put_tag( ber, tag, 0 )) == -1 ) {
+ return -1;
+ }
+
+ len = ( blen + 7 ) / 8;
+ unusedbits = (unsigned char) ((len * 8) - blen);
+ if ( (lenlen = ber_put_len( ber, len + 1, 0 )) == -1 ) {
+ return -1;
+ }
+
+ if ( ber_write( ber, (char *)&unusedbits, 1, 0 ) != 1 ) {
+ return -1;
+ }
+
+ if ( (ber_len_t) ber_write( ber, str, len, 0 ) != len ) {
+ return -1;
+ }
+
+ /* return length of tag + length + unused bit count + contents */
+ return taglen + 1 + lenlen + len;
+}
+
+int
+ber_put_null( BerElement *ber, ber_tag_t tag )
+{
+ int taglen;
+
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if ( tag == LBER_DEFAULT ) {
+ tag = LBER_NULL;
+ }
+
+ if ( (taglen = ber_put_tag( ber, tag, 0 )) == -1 ) {
+ return -1;
+ }
+
+ if ( ber_put_len( ber, 0, 0 ) != 1 ) {
+ return -1;
+ }
+
+ return taglen + 1;
+}
+
+int
+ber_put_boolean(
+ BerElement *ber,
+ ber_int_t boolval,
+ ber_tag_t tag )
+{
+ int taglen;
+ unsigned char c;
+
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if ( tag == LBER_DEFAULT )
+ tag = LBER_BOOLEAN;
+
+ if ( (taglen = ber_put_tag( ber, tag, 0 )) == -1 ) {
+ return -1;
+ }
+
+ if ( ber_put_len( ber, 1, 0 ) != 1 ) {
+ return -1;
+ }
+
+ c = boolval ? (unsigned char) ~0U : (unsigned char) 0U;
+
+ if ( ber_write( ber, (char *) &c, 1, 0 ) != 1 ) {
+ return -1;
+ }
+
+ return taglen + 2;
+}
+
+#define FOUR_BYTE_LEN 5
+
+static int
+ber_start_seqorset(
+ BerElement *ber,
+ ber_tag_t tag )
+{
+ Seqorset *new;
+
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ new = (Seqorset *) ber_memcalloc_x( 1, sizeof(Seqorset), ber->ber_memctx );
+
+ if ( new == NULL ) {
+ return -1;
+ }
+
+ new->sos_ber = ber;
+ if ( ber->ber_sos == NULL ) {
+ new->sos_first = ber->ber_ptr;
+ } else {
+ new->sos_first = ber->ber_sos->sos_ptr;
+ }
+
+ /* Set aside room for a 4 byte length field */
+ new->sos_ptr = new->sos_first + ber_calc_taglen( tag ) + FOUR_BYTE_LEN;
+ new->sos_tag = tag;
+
+ new->sos_next = ber->ber_sos;
+ ber->ber_sos = new;
+
+ return 0;
+}
+
+int
+ber_start_seq( BerElement *ber, ber_tag_t tag )
+{
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if ( tag == LBER_DEFAULT ) {
+ tag = LBER_SEQUENCE;
+ }
+
+ return ber_start_seqorset( ber, tag );
+}
+
+int
+ber_start_set( BerElement *ber, ber_tag_t tag )
+{
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if ( tag == LBER_DEFAULT ) {
+ tag = LBER_SET;
+ }
+
+ return ber_start_seqorset( ber, tag );
+}
+
+static int
+ber_put_seqorset( BerElement *ber )
+{
+ int rc;
+ ber_len_t len;
+ unsigned char netlen[sizeof(ber_len_t)];
+ int taglen;
+ ber_len_t lenlen;
+ unsigned char ltag = 0x80U + FOUR_BYTE_LEN - 1;
+ Seqorset *next;
+ Seqorset **sos = &ber->ber_sos;
+
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if( *sos == NULL ) return -1;
+
+ /*
+ * If this is the toplevel sequence or set, we need to actually
+ * write the stuff out. Otherwise, it's already been put in
+ * the appropriate buffer and will be written when the toplevel
+ * one is written. In this case all we need to do is update the
+ * length and tag.
+ */
+
+ len = (*sos)->sos_clen;
+
+ if ( sizeof(ber_len_t) > 4 && len > 0xffffffffUL ) {
+ return -1;
+ }
+
+ if ( ber->ber_options & LBER_USE_DER ) {
+ lenlen = ber_calc_lenlen( len );
+
+ } else {
+ lenlen = FOUR_BYTE_LEN;
+ }
+
+ if( lenlen > 1 ) {
+ int i;
+ ber_len_t j = len;
+ for( i=lenlen-2; i >= 0; i-- ) {
+ netlen[i] = j & 0xffU;
+ j >>= 8;
+ }
+ } else {
+ netlen[0] = (unsigned char)(len & 0x7fU);
+ }
+
+ if ( (next = (*sos)->sos_next) == NULL ) {
+ /* write the tag */
+ if ( (taglen = ber_put_tag( ber, (*sos)->sos_tag, 1 )) == -1 ) {
+ return( -1 );
+ }
+
+ if ( ber->ber_options & LBER_USE_DER ) {
+ /* Write the length in the minimum # of octets */
+ if ( ber_put_len( ber, len, 1 ) == -1 ) {
+ return -1;
+ }
+
+ if (lenlen != FOUR_BYTE_LEN) {
+ /*
+ * We set aside FOUR_BYTE_LEN bytes for
+ * the length field. Move the data if
+ * we don't actually need that much
+ */
+ AC_MEMCPY( (*sos)->sos_first + taglen +
+ lenlen, (*sos)->sos_first + taglen +
+ FOUR_BYTE_LEN, len );
+ }
+ } else {
+ /* Fill FOUR_BYTE_LEN bytes for length field */
+ /* one byte of length length */
+ if ( ber_write( ber, (char *)<ag, 1, 1 ) != 1 ) {
+ return -1;
+ }
+
+ /* the length itself */
+ rc = ber_write( ber, (char *) netlen, FOUR_BYTE_LEN-1, 1 );
+
+ if( rc != FOUR_BYTE_LEN - 1 ) {
+ return -1;
+ }
+ }
+ /* The ber_ptr is at the set/seq start - move it to the end */
+ (*sos)->sos_ber->ber_ptr += len;
+
+ } else {
+ int i;
+ unsigned char nettag[sizeof(ber_tag_t)];
+ ber_tag_t tmptag = (*sos)->sos_tag;
+
+ if( ber->ber_sos->sos_ptr > ber->ber_end ) {
+ /* The sos_ptr exceeds the end of the BerElement
+ * this can happen, for example, when the sos_ptr
+ * is near the end and no data was written for the
+ * 'V'. We must realloc the BerElement to ensure
+ * we don't overwrite the buffer when writing
+ * the tag and length fields.
+ */
+ ber_len_t ext = ber->ber_sos->sos_ptr - ber->ber_end;
+
+ if( ber_realloc( ber, ext ) != 0 ) {
+ return -1;
+ }
+ }
+
+ /* the tag */
+ taglen = ber_calc_taglen( tmptag );
+
+ for( i = taglen-1; i >= 0; i-- ) {
+ nettag[i] = (unsigned char)(tmptag & 0xffU);
+ tmptag >>= 8;
+ }
+
+ AC_FMEMCPY( (*sos)->sos_first, nettag, taglen );
+
+ if ( ber->ber_options & LBER_USE_DER ) {
+ ltag = (lenlen == 1)
+ ? (unsigned char) len
+ : (unsigned char) (0x80U + (lenlen - 1));
+ }
+
+ /* one byte of length length */
+ (*sos)->sos_first[1] = ltag;
+
+ if ( ber->ber_options & LBER_USE_DER ) {
+ if (lenlen > 1) {
+ /* Write the length itself */
+ AC_FMEMCPY( (*sos)->sos_first + 2, netlen, lenlen - 1 );
+ }
+ if (lenlen != FOUR_BYTE_LEN) {
+ /*
+ * We set aside FOUR_BYTE_LEN bytes for
+ * the length field. Move the data if
+ * we don't actually need that much
+ */
+ AC_FMEMCPY( (*sos)->sos_first + taglen +
+ lenlen, (*sos)->sos_first + taglen +
+ FOUR_BYTE_LEN, len );
+ }
+ } else {
+ /* the length itself */
+ AC_FMEMCPY( (*sos)->sos_first + taglen + 1,
+ netlen, FOUR_BYTE_LEN - 1 );
+ }
+
+ next->sos_clen += (taglen + lenlen + len);
+ next->sos_ptr += (taglen + lenlen + len);
+ }
+
+ /* we're done with this seqorset, so free it up */
+ ber_memfree_x( (char *) (*sos), ber->ber_memctx );
+ *sos = next;
+
+ return taglen + lenlen + len;
+}
+
+int
+ber_put_seq( BerElement *ber )
+{
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ return ber_put_seqorset( ber );
+}
+
+int
+ber_put_set( BerElement *ber )
+{
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ return ber_put_seqorset( ber );
+}
+
+/* N tag */
+static ber_tag_t lber_int_null = 0;
+
+/* VARARGS */
+int
+ber_printf( BerElement *ber, LDAP_CONST char *fmt, ... )
+{
+ va_list ap;
+ char *s, **ss;
+ struct berval *bv, **bvp;
+ int rc;
+ ber_int_t i;
+ ber_len_t len;
+
+ assert( ber != NULL );
+ assert( fmt != NULL );
+
+ assert( LBER_VALID( ber ) );
+
+ va_start( ap, fmt );
+
+ for ( rc = 0; *fmt && rc != -1; fmt++ ) {
+ switch ( *fmt ) {
+ case '!': { /* hook */
+ BEREncodeCallback *f;
+ void *p;
+
+ f = va_arg( ap, BEREncodeCallback * );
+ p = va_arg( ap, void * );
+
+ rc = (*f)( ber, p );
+ } break;
+
+ case 'b': /* boolean */
+ i = va_arg( ap, ber_int_t );
+ rc = ber_put_boolean( ber, i, ber->ber_tag );
+ break;
+
+ case 'i': /* int */
+ i = va_arg( ap, ber_int_t );
+ rc = ber_put_int( ber, i, ber->ber_tag );
+ break;
+
+ case 'e': /* enumeration */
+ i = va_arg( ap, ber_int_t );
+ rc = ber_put_enum( ber, i, ber->ber_tag );
+ break;
+
+ case 'n': /* null */
+ rc = ber_put_null( ber, ber->ber_tag );
+ break;
+
+ case 'N': /* Debug NULL */
+ if( lber_int_null != 0 ) {
+ /* Insert NULL to ensure peer ignores unknown tags */
+ rc = ber_put_null( ber, lber_int_null );
+ } else {
+ rc = 0;
+ }
+ break;
+
+ case 'o': /* octet string (non-null terminated) */
+ s = va_arg( ap, char * );
+ len = va_arg( ap, ber_len_t );
+ rc = ber_put_ostring( ber, s, len, ber->ber_tag );
+ break;
+
+ case 'O': /* berval octet string */
+ bv = va_arg( ap, struct berval * );
+ if( bv == NULL ) break;
+ rc = ber_put_berval( ber, bv, ber->ber_tag );
+ break;
+
+ case 's': /* string */
+ s = va_arg( ap, char * );
+ rc = ber_put_string( ber, s, ber->ber_tag );
+ break;
+
+ case 'B': /* bit string */
+ case 'X': /* bit string (deprecated) */
+ s = va_arg( ap, char * );
+ len = va_arg( ap, int ); /* in bits */
+ rc = ber_put_bitstring( ber, s, len, ber->ber_tag );
+ break;
+
+ case 't': /* tag for the next element */
+ ber->ber_tag = va_arg( ap, ber_tag_t );
+ ber->ber_usertag = 1;
+ break;
+
+ case 'v': /* vector of strings */
+ if ( (ss = va_arg( ap, char ** )) == NULL )
+ break;
+ for ( i = 0; ss[i] != NULL; i++ ) {
+ if ( (rc = ber_put_string( ber, ss[i],
+ ber->ber_tag )) == -1 )
+ break;
+ }
+ break;
+
+ case 'V': /* sequences of strings + lengths */
+ if ( (bvp = va_arg( ap, struct berval ** )) == NULL )
+ break;
+ for ( i = 0; bvp[i] != NULL; i++ ) {
+ if ( (rc = ber_put_berval( ber, bvp[i],
+ ber->ber_tag )) == -1 )
+ break;
+ }
+ break;
+
+ case 'W': /* BerVarray */
+ if ( (bv = va_arg( ap, BerVarray )) == NULL )
+ break;
+ for ( i = 0; bv[i].bv_val != NULL; i++ ) {
+ if ( (rc = ber_put_berval( ber, &bv[i],
+ ber->ber_tag )) == -1 )
+ break;
+ }
+ break;
+
+ case '{': /* begin sequence */
+ rc = ber_start_seq( ber, ber->ber_tag );
+ break;
+
+ case '}': /* end sequence */
+ rc = ber_put_seqorset( ber );
+ break;
+
+ case '[': /* begin set */
+ rc = ber_start_set( ber, ber->ber_tag );
+ break;
+
+ case ']': /* end set */
+ rc = ber_put_seqorset( ber );
+ break;
+
+ default:
+ if( ber->ber_debug ) {
+ ber_log_printf( LDAP_DEBUG_ANY, ber->ber_debug,
+ "ber_printf: unknown fmt %c\n", *fmt );
+ }
+ rc = -1;
+ break;
+ }
+
+ if ( ber->ber_usertag == 0 ) {
+ ber->ber_tag = LBER_DEFAULT;
+ } else {
+ ber->ber_usertag = 0;
+ }
+ }
+
+ va_end( ap );
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/etest.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/etest.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/etest.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,181 @@
+/* etest.c - lber encoding test program */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/etest.c,v 1.33.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#ifdef HAVE_CONSOLE_H
+#include <console.h>
+#endif /* HAVE_CONSOLE_H */
+
+#include "lber.h"
+
+static void usage( const char *name )
+{
+ fprintf( stderr, "usage: %s fmtstring\n", name );
+}
+
+static char* getbuf( void ) {
+ char *p;
+ static char buf[1024];
+
+ if ( fgets( buf, sizeof(buf), stdin ) == NULL ) return NULL;
+
+ if ( (p = strchr( buf, '\n' )) != NULL ) *p = '\0';
+
+ return buf;
+}
+
+int
+main( int argc, char **argv )
+{
+ char *s;
+ int tag;
+
+ int fd, rc;
+ BerElement *ber;
+ Sockbuf *sb;
+
+ /* enable debugging */
+ int ival = -1;
+ ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ival );
+
+ if ( argc < 2 ) {
+ usage( argv[0] );
+ return( EXIT_FAILURE );
+ }
+
+#ifdef HAVE_CONSOLE_H
+ ccommand( &argv );
+ cshow( stdout );
+
+ if (( fd = open( "lber-test", O_WRONLY|O_CREAT|O_TRUNC|O_BINARY ))
+ < 0 ) {
+ perror( "open" );
+ return( EXIT_FAILURE );
+ }
+
+#else
+ fd = fileno(stdout);
+#endif
+
+ sb = ber_sockbuf_alloc();
+ ber_sockbuf_add_io( sb, &ber_sockbuf_io_fd, LBER_SBIOD_LEVEL_PROVIDER,
+ (void *)&fd );
+
+ if( sb == NULL ) {
+ perror( "ber_sockbuf_alloc_fd" );
+ return( EXIT_FAILURE );
+ }
+
+ if ( (ber = ber_alloc_t( LBER_USE_DER )) == NULL ) {
+ perror( "ber_alloc" );
+ return( EXIT_FAILURE );
+ }
+
+ fprintf(stderr, "encode: start\n" );
+ if( ber_printf( ber, "{" /*}*/ ) ) {
+ perror( "ber_printf {" /*}*/ );
+ return( EXIT_FAILURE );
+ }
+
+ for ( s = argv[1]; *s; s++ ) {
+ char *buf;
+ char fmt[2];
+
+ fmt[0] = *s;
+ fmt[1] = '\0';
+
+ fprintf(stderr, "encode: %s\n", fmt );
+ switch ( *s ) {
+ case 'i': /* int */
+ case 'b': /* boolean */
+ case 'e': /* enumeration */
+ buf = getbuf();
+ rc = ber_printf( ber, fmt, atoi(buf) );
+ break;
+
+ case 'n': /* null */
+ case '{': /* begin sequence */
+ case '}': /* end sequence */
+ case '[': /* begin set */
+ case ']': /* end set */
+ rc = ber_printf( ber, fmt );
+ break;
+
+ case 'o': /* octet string (non-null terminated) */
+ case 'B': /* bit string */
+ buf = getbuf();
+ rc = ber_printf( ber, fmt, buf, strlen(buf) );
+ break;
+
+ case 's': /* string */
+ buf = getbuf();
+ rc = ber_printf( ber, fmt, buf );
+ break;
+ case 't': /* tag for the next element */
+ buf = getbuf();
+ tag = atoi(buf);
+ rc = ber_printf( ber, fmt, tag );
+ break;
+
+ default:
+ fprintf( stderr, "encode: unknown fmt %c\n", *fmt );
+ rc = -1;
+ break;
+ }
+
+ if( rc == -1 ) {
+ perror( "ber_printf" );
+ return( EXIT_FAILURE );
+ }
+ }
+
+ fprintf(stderr, "encode: end\n" );
+ if( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+ perror( /*{*/ "ber_printf }" );
+ return( EXIT_FAILURE );
+ }
+
+ if ( ber_flush( sb, ber, 1 ) == -1 ) {
+ perror( "ber_flush" );
+ return( EXIT_FAILURE );
+ }
+
+ ber_sockbuf_free( sb );
+ return( EXIT_SUCCESS );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/idtest.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/idtest.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/idtest.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,87 @@
+/* idtest.c - ber decoding test program using isode libraries */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/idtest.c,v 1.16.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#ifdef HAVE_PSAP_H
+#include <psap.h>
+#include <quipu/attr.h>
+#endif
+
+int
+main( int argc, char **argv )
+{
+#ifdef HAVE_PSAP_H
+ PE pe;
+ PS psin, psout, pserr;
+
+ /* read the pe from standard in */
+ if ( (psin = ps_alloc( std_open )) == NULLPS ) {
+ perror( "ps_alloc" );
+ exit( EXIT_FAILURE );
+ }
+ if ( std_setup( psin, stdin ) == NOTOK ) {
+ perror( "std_setup" );
+ exit( EXIT_FAILURE );
+ }
+ /* write the pe to standard out */
+ if ( (psout = ps_alloc( std_open )) == NULLPS ) {
+ perror( "ps_alloc" );
+ exit( EXIT_FAILURE );
+ }
+ if ( std_setup( psout, stdout ) == NOTOK ) {
+ perror( "std_setup" );
+ exit( EXIT_FAILURE );
+ }
+ /* pretty print it to standard error */
+ if ( (pserr = ps_alloc( std_open )) == NULLPS ) {
+ perror( "ps_alloc" );
+ exit( EXIT_FAILURE );
+ }
+ if ( std_setup( pserr, stderr ) == NOTOK ) {
+ perror( "std_setup" );
+ exit( EXIT_FAILURE );
+ }
+
+ while ( (pe = ps2pe( psin )) != NULLPE ) {
+ pe2pl( pserr, pe );
+ pe2ps( psout, pe );
+ }
+
+ exit( EXIT_SUCCESS );
+#else
+ fprintf(stderr, "requires ISODE X.500 distribution.\n");
+ return( EXIT_FAILURE );
+#endif
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/io.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/io.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/io.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,706 @@
+/* io.c - ber general i/o routines */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/io.c,v 1.107.2.6 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif
+
+#include "lber-int.h"
+#include "ldap_log.h"
+
+ber_slen_t
+ber_read(
+ BerElement *ber,
+ char *buf,
+ ber_len_t len )
+{
+ ber_len_t actuallen, nleft;
+
+ assert( ber != NULL );
+ assert( buf != NULL );
+
+ assert( LBER_VALID( ber ) );
+
+ nleft = ber_pvt_ber_remaining( ber );
+ actuallen = nleft < len ? nleft : len;
+
+ AC_MEMCPY( buf, ber->ber_ptr, actuallen );
+
+ ber->ber_ptr += actuallen;
+
+ return( (ber_slen_t) actuallen );
+}
+
+ber_slen_t
+ber_write(
+ BerElement *ber,
+ LDAP_CONST char *buf,
+ ber_len_t len,
+ int nosos )
+{
+ assert( ber != NULL );
+ assert( buf != NULL );
+
+ assert( LBER_VALID( ber ) );
+
+ if ( nosos || ber->ber_sos == NULL ) {
+ if ( ber->ber_ptr + len > ber->ber_end ) {
+ if ( ber_realloc( ber, len ) != 0 ) return( -1 );
+ }
+ AC_MEMCPY( ber->ber_ptr, buf, (size_t)len );
+ ber->ber_ptr += len;
+ return( (ber_slen_t) len );
+
+ } else {
+ if ( ber->ber_sos->sos_ptr + len > ber->ber_end ) {
+ if ( ber_realloc( ber, len ) != 0 ) return( -1 );
+ }
+ AC_MEMCPY( ber->ber_sos->sos_ptr, buf, (size_t)len );
+ ber->ber_sos->sos_ptr += len;
+ ber->ber_sos->sos_clen += len;
+ return( (ber_slen_t) len );
+ }
+}
+
+int
+ber_realloc( BerElement *ber, ber_len_t len )
+{
+ ber_len_t total;
+ Seqorset *s;
+ long off;
+ char *oldbuf;
+
+ assert( ber != NULL );
+ assert( len > 0 );
+ assert( LBER_VALID( ber ) );
+
+ total = ber_pvt_ber_total( ber );
+
+#define LBER_EXBUFSIZ 4060 /* a few words less than 2^N for binary buddy */
+#if defined( LBER_EXBUFSIZ ) && LBER_EXBUFSIZ > 0
+# ifndef notdef
+ /* don't realloc by small amounts */
+ total += len < LBER_EXBUFSIZ ? LBER_EXBUFSIZ : len;
+# else
+ { /* not sure what value this adds */
+ ber_len_t have = (total + (LBER_EXBUFSIZE - 1)) / LBER_EXBUFSIZ;
+ ber_len_t need = (len + (LBER_EXBUFSIZ - 1)) / LBER_EXBUFSIZ;
+ total = ( have + need ) * LBER_EXBUFSIZ;
+ }
+# endif
+#else
+ total += len; /* realloc just what's needed */
+#endif
+
+ oldbuf = ber->ber_buf;
+
+ ber->ber_buf = (char *) ber_memrealloc_x( oldbuf, total, ber->ber_memctx );
+
+ if ( ber->ber_buf == NULL ) {
+ ber->ber_buf = oldbuf;
+ return( -1 );
+ }
+
+ ber->ber_end = ber->ber_buf + total;
+
+ /*
+ * If the stinking thing was moved, we need to go through and
+ * reset all the sos and ber pointers. Offsets would've been
+ * a better idea... oh well.
+ */
+
+ if ( ber->ber_buf != oldbuf ) {
+ ber->ber_ptr = ber->ber_buf + (ber->ber_ptr - oldbuf);
+
+ for ( s = ber->ber_sos; s != NULL; s = s->sos_next ) {
+ off = s->sos_first - oldbuf;
+ s->sos_first = ber->ber_buf + off;
+
+ off = s->sos_ptr - oldbuf;
+ s->sos_ptr = ber->ber_buf + off;
+ }
+ }
+
+ return( 0 );
+}
+
+void
+ber_free_buf( BerElement *ber )
+{
+ Seqorset *s, *next;
+
+ assert( LBER_VALID( ber ) );
+
+ if ( ber->ber_buf) ber_memfree_x( ber->ber_buf, ber->ber_memctx );
+
+ for( s = ber->ber_sos ; s != NULL ; s = next ) {
+ next = s->sos_next;
+ ber_memfree_x( s, ber->ber_memctx );
+ }
+
+ ber->ber_buf = NULL;
+ ber->ber_sos = NULL;
+ ber->ber_valid = LBER_UNINITIALIZED;
+}
+
+void
+ber_free( BerElement *ber, int freebuf )
+{
+#ifdef LDAP_MEMORY_DEBUG
+ assert( ber != NULL );
+#endif
+
+ if( ber == NULL ) {
+ return;
+ }
+
+ if( freebuf ) ber_free_buf( ber );
+
+ ber_memfree_x( (char *) ber, ber->ber_memctx );
+}
+
+int
+ber_flush( Sockbuf *sb, BerElement *ber, int freeit )
+{
+ ber_len_t towrite;
+ ber_slen_t rc;
+
+ assert( sb != NULL );
+ assert( ber != NULL );
+
+ assert( SOCKBUF_VALID( sb ) );
+ assert( LBER_VALID( ber ) );
+
+ if ( ber->ber_rwptr == NULL ) {
+ ber->ber_rwptr = ber->ber_buf;
+ }
+ towrite = ber->ber_ptr - ber->ber_rwptr;
+
+ if ( sb->sb_debug ) {
+ ber_log_printf( LDAP_DEBUG_TRACE, sb->sb_debug,
+ "ber_flush: %ld bytes to sd %ld%s\n",
+ towrite, (long) sb->sb_fd,
+ ber->ber_rwptr != ber->ber_buf ? " (re-flush)" : "" );
+ ber_log_bprint( LDAP_DEBUG_PACKETS, sb->sb_debug,
+ ber->ber_rwptr, towrite );
+ }
+
+ while ( towrite > 0 ) {
+#ifdef LBER_TRICKLE
+ sleep(1);
+ rc = ber_int_sb_write( sb, ber->ber_rwptr, 1 );
+#else
+ rc = ber_int_sb_write( sb, ber->ber_rwptr, towrite );
+#endif
+ if (rc<=0) {
+ return -1;
+ }
+ towrite -= rc;
+ ber->ber_rwptr += rc;
+ }
+
+ if ( freeit ) ber_free( ber, 1 );
+
+ return( 0 );
+}
+
+BerElement *
+ber_alloc_t( int options )
+{
+ BerElement *ber;
+
+ ber = (BerElement *) LBER_CALLOC( 1, sizeof(BerElement) );
+
+ if ( ber == NULL ) {
+ return NULL;
+ }
+
+ ber->ber_valid = LBER_VALID_BERELEMENT;
+ ber->ber_tag = LBER_DEFAULT;
+ ber->ber_options = options;
+ ber->ber_debug = ber_int_debug;
+
+ assert( LBER_VALID( ber ) );
+ return ber;
+}
+
+BerElement *
+ber_alloc( void ) /* deprecated */
+{
+ return ber_alloc_t( 0 );
+}
+
+BerElement *
+der_alloc( void ) /* deprecated */
+{
+ return ber_alloc_t( LBER_USE_DER );
+}
+
+BerElement *
+ber_dup( BerElement *ber )
+{
+ BerElement *new;
+
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if ( (new = ber_alloc_t( ber->ber_options )) == NULL ) {
+ return NULL;
+ }
+
+ *new = *ber;
+
+ assert( LBER_VALID( new ) );
+ return( new );
+}
+
+
+void
+ber_init2( BerElement *ber, struct berval *bv, int options )
+{
+ assert( ber != NULL );
+
+ (void) memset( (char *)ber, '\0', sizeof( BerElement ));
+ ber->ber_valid = LBER_VALID_BERELEMENT;
+ ber->ber_tag = LBER_DEFAULT;
+ ber->ber_options = (char) options;
+ ber->ber_debug = ber_int_debug;
+
+ if ( bv != NULL ) {
+ ber->ber_buf = bv->bv_val;
+ ber->ber_ptr = ber->ber_buf;
+ ber->ber_end = ber->ber_buf + bv->bv_len;
+ }
+
+ assert( LBER_VALID( ber ) );
+}
+
+/* OLD U-Mich ber_init() */
+void
+ber_init_w_nullc( BerElement *ber, int options )
+{
+ ber_init2( ber, NULL, options );
+}
+
+/* New C-API ber_init() */
+/* This function constructs a BerElement containing a copy
+** of the data in the bv argument.
+*/
+BerElement *
+ber_init( struct berval *bv )
+{
+ BerElement *ber;
+
+ assert( bv != NULL );
+
+ if ( bv == NULL ) {
+ return NULL;
+ }
+
+ ber = ber_alloc_t( 0 );
+
+ if( ber == NULL ) {
+ /* allocation failed */
+ return NULL;
+ }
+
+ /* copy the data */
+ if ( ((ber_len_t) ber_write ( ber, bv->bv_val, bv->bv_len, 0 ))
+ != bv->bv_len )
+ {
+ /* write failed, so free and return NULL */
+ ber_free( ber, 1 );
+ return NULL;
+ }
+
+ ber_reset( ber, 1 ); /* reset the pointer to the start of the buffer */
+ return ber;
+}
+
+/* New C-API ber_flatten routine */
+/* This routine allocates a struct berval whose contents are a BER
+** encoding taken from the ber argument. The bvPtr pointer points to
+** the returned berval.
+**
+** ber_flatten2 is the same, but uses a struct berval passed by
+** the caller. If alloc is 0 the returned bv uses the ber buf directly.
+*/
+int ber_flatten2(
+ BerElement *ber,
+ struct berval *bv,
+ int alloc )
+{
+ assert( bv != NULL );
+
+ if ( bv == NULL ) {
+ return -1;
+ }
+
+ if ( ber == NULL ) {
+ /* ber is null, create an empty berval */
+ bv->bv_val = NULL;
+ bv->bv_len = 0;
+
+ } else {
+ /* copy the berval */
+ ber_len_t len = ber_pvt_ber_write( ber );
+
+ if ( alloc ) {
+ bv->bv_val = (char *) ber_memalloc_x( len + 1, ber->ber_memctx );
+ if ( bv->bv_val == NULL ) {
+ return -1;
+ }
+ AC_MEMCPY( bv->bv_val, ber->ber_buf, len );
+ } else {
+ bv->bv_val = ber->ber_buf;
+ }
+ bv->bv_val[len] = '\0';
+ bv->bv_len = len;
+ }
+ return 0;
+}
+
+int ber_flatten(
+ BerElement *ber,
+ struct berval **bvPtr)
+{
+ struct berval *bv;
+ int rc;
+
+ assert( bvPtr != NULL );
+
+ if(bvPtr == NULL) {
+ return -1;
+ }
+
+ bv = ber_memalloc_x( sizeof(struct berval), ber->ber_memctx );
+ if ( bv == NULL ) {
+ return -1;
+ }
+ rc = ber_flatten2(ber, bv, 1);
+ if (rc == -1) {
+ ber_memfree_x(bv, ber->ber_memctx);
+ } else {
+ *bvPtr = bv;
+ }
+ return rc;
+}
+
+void
+ber_reset( BerElement *ber, int was_writing )
+{
+ assert( ber != NULL );
+ assert( LBER_VALID( ber ) );
+
+ if ( was_writing ) {
+ ber->ber_end = ber->ber_ptr;
+ ber->ber_ptr = ber->ber_buf;
+
+ } else {
+ ber->ber_ptr = ber->ber_end;
+ }
+
+ ber->ber_rwptr = NULL;
+}
+
+/*
+ * A rewrite of ber_get_next that can safely be called multiple times
+ * for the same packet. It will simply continue where it stopped until
+ * a full packet is read.
+ */
+
+#define LENSIZE 4
+
+ber_tag_t
+ber_get_next(
+ Sockbuf *sb,
+ ber_len_t *len,
+ BerElement *ber )
+{
+ assert( sb != NULL );
+ assert( len != NULL );
+ assert( ber != NULL );
+
+ assert( SOCKBUF_VALID( sb ) );
+ assert( LBER_VALID( ber ) );
+
+ ber_log_printf( LDAP_DEBUG_TRACE, ber->ber_debug,
+ "ber_get_next\n" );
+
+ /*
+ * Any ber element looks like this: tag length contents.
+ * Assuming everything's ok, we return the tag byte (we
+ * can assume a single byte), return the length in len,
+ * and the rest of the undecoded element in buf.
+ *
+ * Assumptions:
+ * 1) small tags (less than 128)
+ * 2) definite lengths
+ * 3) primitive encodings used whenever possible
+ *
+ * The code also handles multi-byte tags. The first few bytes
+ * of the message are read to check for multi-byte tags and
+ * lengths. These bytes are temporarily stored in the ber_tag,
+ * ber_len, and ber_usertag fields of the berelement until
+ * tag/len parsing is complete. After this parsing, any leftover
+ * bytes and the rest of the message are copied into the ber_buf.
+ *
+ * We expect tag and len to be at most 32 bits wide.
+ */
+
+ if (ber->ber_rwptr == NULL) {
+ assert( ber->ber_buf == NULL );
+ ber->ber_rwptr = (char *) &ber->ber_len-1;
+ ber->ber_ptr = ber->ber_rwptr;
+ ber->ber_tag = 0;
+ }
+
+ while (ber->ber_rwptr > (char *)&ber->ber_tag && ber->ber_rwptr <
+ (char *)&ber->ber_len + LENSIZE*2 -1) {
+ ber_slen_t sblen;
+ char buf[sizeof(ber->ber_len)-1];
+ ber_len_t tlen = 0;
+
+ sock_errset(0);
+ sblen=ber_int_sb_read( sb, ber->ber_rwptr,
+ ((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr);
+ if (sblen<=0) return LBER_DEFAULT;
+ ber->ber_rwptr += sblen;
+
+ /* We got at least one byte, try to parse the tag. */
+ if (ber->ber_ptr == (char *)&ber->ber_len-1) {
+ ber_tag_t tag;
+ unsigned char *p = (unsigned char *)ber->ber_ptr;
+ tag = *p++;
+ if ((tag & LBER_BIG_TAG_MASK) == LBER_BIG_TAG_MASK) {
+ ber_len_t i;
+ for (i=1; (char *)p<ber->ber_rwptr; i++) {
+ tag <<= 8;
+ tag |= *p++;
+ if (!(tag & LBER_MORE_TAG_MASK))
+ break;
+ /* Is the tag too big? */
+ if (i == sizeof(ber_tag_t)-1) {
+ sock_errset(ERANGE);
+ return LBER_DEFAULT;
+ }
+ }
+ /* Did we run out of bytes? */
+ if ((char *)p == ber->ber_rwptr) {
+#if defined( EWOULDBLOCK )
+ sock_errset(EWOULDBLOCK);
+#elif defined( EAGAIN )
+ sock_errset(EAGAIN);
+#endif
+ return LBER_DEFAULT;
+ }
+ }
+ ber->ber_tag = tag;
+ ber->ber_ptr = (char *)p;
+ }
+
+ if ( ber->ber_ptr == ber->ber_rwptr ) {
+#if defined( EWOULDBLOCK )
+ sock_errset(EWOULDBLOCK);
+#elif defined( EAGAIN )
+ sock_errset(EAGAIN);
+#endif
+ return LBER_DEFAULT;
+ }
+
+ /* Now look for the length */
+ if (*ber->ber_ptr & 0x80) { /* multi-byte */
+ int i;
+ unsigned char *p = (unsigned char *)ber->ber_ptr;
+ int llen = *p++ & 0x7f;
+ if (llen > (int)sizeof(ber_len_t)) {
+ sock_errset(ERANGE);
+ return LBER_DEFAULT;
+ }
+ /* Not enough bytes? */
+ if (ber->ber_rwptr - (char *)p < llen) {
+#if defined( EWOULDBLOCK )
+ sock_errset(EWOULDBLOCK);
+#elif defined( EAGAIN )
+ sock_errset(EAGAIN);
+#endif
+ return LBER_DEFAULT;
+ }
+ for (i=0; i<llen; i++) {
+ tlen <<=8;
+ tlen |= *p++;
+ }
+ ber->ber_ptr = (char *)p;
+ } else {
+ tlen = *(unsigned char *)ber->ber_ptr++;
+ }
+
+ /* Are there leftover data bytes inside ber->ber_len? */
+ if (ber->ber_ptr < (char *)&ber->ber_usertag) {
+ if (ber->ber_rwptr < (char *)&ber->ber_usertag) {
+ sblen = ber->ber_rwptr - ber->ber_ptr;
+ } else {
+ sblen = (char *)&ber->ber_usertag - ber->ber_ptr;
+ }
+ AC_MEMCPY(buf, ber->ber_ptr, sblen);
+ ber->ber_ptr += sblen;
+ } else {
+ sblen = 0;
+ }
+ ber->ber_len = tlen;
+
+ /* now fill the buffer. */
+
+ /* make sure length is reasonable */
+ if ( ber->ber_len == 0 ) {
+ sock_errset(ERANGE);
+ return LBER_DEFAULT;
+ }
+
+ if ( sb->sb_max_incoming && ber->ber_len > sb->sb_max_incoming ) {
+ ber_log_printf( LDAP_DEBUG_CONNS, ber->ber_debug,
+ "ber_get_next: sockbuf_max_incoming exceeded "
+ "(%ld > %ld)\n", ber->ber_len, sb->sb_max_incoming );
+ sock_errset(ERANGE);
+ return LBER_DEFAULT;
+ }
+
+ if (ber->ber_buf==NULL) {
+ ber_len_t l = ber->ber_rwptr - ber->ber_ptr;
+ /* ber->ber_ptr is always <= ber->ber->ber_rwptr.
+ * make sure ber->ber_len agrees with what we've
+ * already read.
+ */
+ if ( ber->ber_len < sblen + l ) {
+ sock_errset(ERANGE);
+ return LBER_DEFAULT;
+ }
+ ber->ber_buf = (char *) ber_memalloc_x( ber->ber_len + 1, ber->ber_memctx );
+ if (ber->ber_buf==NULL) {
+ return LBER_DEFAULT;
+ }
+ ber->ber_end = ber->ber_buf + ber->ber_len;
+ if (sblen) {
+ AC_MEMCPY(ber->ber_buf, buf, sblen);
+ }
+ if (l > 0) {
+ AC_MEMCPY(ber->ber_buf + sblen, ber->ber_ptr, l);
+ sblen += l;
+ }
+ *ber->ber_end = '\0';
+ ber->ber_ptr = ber->ber_buf;
+ ber->ber_usertag = 0;
+ if ((ber_len_t)sblen == ber->ber_len) {
+ goto done;
+ }
+ ber->ber_rwptr = ber->ber_buf + sblen;
+ }
+ }
+
+ if ((ber->ber_rwptr>=ber->ber_buf) && (ber->ber_rwptr<ber->ber_end)) {
+ ber_slen_t res;
+ ber_slen_t to_go;
+
+ to_go = ber->ber_end - ber->ber_rwptr;
+ assert( to_go > 0 );
+
+ sock_errset(0);
+ res = ber_int_sb_read( sb, ber->ber_rwptr, to_go );
+ if (res<=0) return LBER_DEFAULT;
+ ber->ber_rwptr+=res;
+
+ if (res<to_go) {
+#if defined( EWOULDBLOCK )
+ sock_errset(EWOULDBLOCK);
+#elif defined( EAGAIN )
+ sock_errset(EAGAIN);
+#endif
+ return LBER_DEFAULT;
+ }
+done:
+ ber->ber_rwptr = NULL;
+ *len = ber->ber_len;
+ if ( ber->ber_debug ) {
+ ber_log_printf( LDAP_DEBUG_TRACE, ber->ber_debug,
+ "ber_get_next: tag 0x%lx len %ld contents:\n",
+ ber->ber_tag, ber->ber_len );
+ ber_log_dump( LDAP_DEBUG_BER, ber->ber_debug, ber, 1 );
+ }
+ return (ber->ber_tag);
+ }
+
+ assert( 0 ); /* ber structure is messed up ?*/
+ return LBER_DEFAULT;
+}
+
+char *
+ber_start( BerElement* ber )
+{
+ return ber->ber_buf;
+}
+
+int
+ber_len( BerElement* ber )
+{
+ return ( ber->ber_end - ber->ber_buf );
+}
+
+int
+ber_ptrlen( BerElement* ber )
+{
+ return ( ber->ber_ptr - ber->ber_buf );
+}
+
+void
+ber_rewind ( BerElement * ber )
+{
+ ber->ber_rwptr = NULL;
+ ber->ber_sos = NULL;
+ ber->ber_end = ber->ber_ptr;
+ ber->ber_ptr = ber->ber_buf;
+}
+
+int
+ber_remaining( BerElement * ber )
+{
+ return ber_pvt_ber_remaining( ber );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/lber-int.h
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/lber-int.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/lber-int.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,193 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblber/lber-int.h,v 1.65.2.4 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#ifndef _LBER_INT_H
+#define _LBER_INT_H
+
+#include "lber.h"
+#include "ldap_log.h"
+#include "lber_pvt.h"
+#include "ldap_queue.h"
+
+LDAP_BEGIN_DECL
+
+typedef void (*BER_LOG_FN)(FILE *file,
+ const char *subsys, int level, const char *fmt, ... );
+
+LBER_V (BER_ERRNO_FN) ber_int_errno_fn;
+
+#ifdef LDAP_MEMORY_TRACE
+# ifndef LDAP_MEMORY_DEBUG
+# define LDAP_MEMORY_DEBUG 1
+# endif
+#endif
+
+#ifdef LDAP_MEMORY_DEBUG
+LBER_V (long) ber_int_meminuse;
+#endif
+
+struct lber_options {
+ short lbo_valid;
+ unsigned short lbo_options;
+ int lbo_debug;
+};
+
+LBER_F( int ) ber_pvt_log_output(
+ const char *subsystem,
+ int level,
+ const char *fmt, ... );
+
+#define LBER_UNINITIALIZED 0x0
+#define LBER_INITIALIZED 0x1
+#define LBER_VALID_BERELEMENT 0x2
+#define LBER_VALID_SOCKBUF 0x3
+
+LBER_V (struct lber_options) ber_int_options;
+#define ber_int_debug ber_int_options.lbo_debug
+
+struct berelement {
+ struct lber_options ber_opts;
+#define ber_valid ber_opts.lbo_valid
+#define ber_options ber_opts.lbo_options
+#define ber_debug ber_opts.lbo_debug
+
+ /* Do not change the order of these 3 fields! see ber_get_next */
+ ber_tag_t ber_tag;
+ ber_len_t ber_len;
+ ber_tag_t ber_usertag;
+
+ char *ber_buf;
+ char *ber_ptr;
+ char *ber_end;
+
+ struct seqorset *ber_sos;
+ char *ber_rwptr;
+ void *ber_memctx;
+};
+#define LBER_VALID(ber) ((ber)->ber_valid==LBER_VALID_BERELEMENT)
+
+#define ber_pvt_ber_remaining(ber) ((ber)->ber_end - (ber)->ber_ptr)
+#define ber_pvt_ber_total(ber) ((ber)->ber_end - (ber)->ber_buf)
+#define ber_pvt_ber_write(ber) ((ber)->ber_ptr - (ber)->ber_buf)
+
+struct sockbuf {
+ struct lber_options sb_opts;
+ Sockbuf_IO_Desc *sb_iod; /* I/O functions */
+#define sb_valid sb_opts.lbo_valid
+#define sb_options sb_opts.lbo_options
+#define sb_debug sb_opts.lbo_debug
+ ber_socket_t sb_fd;
+ unsigned int sb_trans_needs_read:1;
+ unsigned int sb_trans_needs_write:1;
+ ber_len_t sb_max_incoming;
+};
+
+#define SOCKBUF_VALID( sb ) ( (sb)->sb_valid == LBER_VALID_SOCKBUF )
+
+struct seqorset {
+ BerElement *sos_ber;
+ ber_len_t sos_clen;
+ ber_tag_t sos_tag;
+ char *sos_first;
+ char *sos_ptr;
+ struct seqorset *sos_next;
+};
+
+
+/*
+ * io.c
+ */
+LBER_F( int )
+ber_realloc LDAP_P((
+ BerElement *ber,
+ ber_len_t len ));
+
+LBER_F (char *) ber_start LDAP_P(( BerElement * ));
+LBER_F (int) ber_len LDAP_P(( BerElement * ));
+LBER_F (int) ber_ptrlen LDAP_P(( BerElement * ));
+LBER_F (void) ber_rewind LDAP_P(( BerElement * ));
+
+/*
+ * bprint.c
+ */
+#define ber_log_printf ber_pvt_log_printf
+
+LBER_F( int )
+ber_log_bprint LDAP_P((
+ int errlvl,
+ int loglvl,
+ const char *data,
+ ber_len_t len ));
+
+LBER_F( int )
+ber_log_dump LDAP_P((
+ int errlvl,
+ int loglvl,
+ BerElement *ber,
+ int inout ));
+
+LBER_F( int )
+ber_log_sos_dump LDAP_P((
+ int errlvl,
+ int loglvl,
+ Seqorset *sos ));
+
+LBER_V (BER_LOG_FN) ber_int_log_proc;
+LBER_V (FILE *) ber_pvt_err_file;
+
+/* memory.c */
+ /* simple macros to realloc for now */
+LBER_V (BerMemoryFunctions *) ber_int_memory_fns;
+LBER_F (char *) ber_strndup( LDAP_CONST char *, ber_len_t );
+LBER_F (char *) ber_strndup_x( LDAP_CONST char *, ber_len_t, void *ctx );
+
+#define LBER_MALLOC(s) ber_memalloc((s))
+#define LBER_CALLOC(n,s) ber_memcalloc((n),(s))
+#define LBER_REALLOC(p,s) ber_memrealloc((p),(s))
+#define LBER_FREE(p) ber_memfree((p))
+#define LBER_VFREE(v) ber_memvfree((void**)(v))
+#define LBER_STRDUP(s) ber_strdup((s))
+#define LBER_STRNDUP(s,l) ber_strndup((s),(l))
+
+/* sockbuf.c */
+
+LBER_F( int )
+ber_int_sb_init LDAP_P(( Sockbuf *sb ));
+
+LBER_F( int )
+ber_int_sb_close LDAP_P(( Sockbuf *sb ));
+
+LBER_F( int )
+ber_int_sb_destroy LDAP_P(( Sockbuf *sb ));
+
+LBER_F( ber_slen_t )
+ber_int_sb_read LDAP_P(( Sockbuf *sb, void *buf, ber_len_t len ));
+
+LBER_F( ber_slen_t )
+ber_int_sb_write LDAP_P(( Sockbuf *sb, void *buf, ber_len_t len ));
+
+LDAP_END_DECL
+
+#endif /* _LBER_INT_H */
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/memory.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/memory.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/memory.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,795 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblber/memory.c,v 1.57.2.7 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+
+#include "lber-int.h"
+
+#ifdef LDAP_MEMORY_TRACE
+#include <stdio.h>
+#endif
+
+#if LDAP_MEMORY_DEBUG
+/*
+ * LDAP_MEMORY_DEBUG should only be enabled for the purposes of
+ * debugging memory management within OpenLDAP libraries and slapd.
+ * It should only be enabled by an experienced developer as it
+ * causes the inclusion of numerous assert()'s, many of which may
+ * be triggered by a prefectly valid program.
+ *
+ * The code behind this macro is subject to change as needed to
+ * support this testing.
+ */
+
+struct ber_mem_hdr {
+ ber_int_t bm_top; /* Pattern to detect buf overrun from prev buffer */
+ ber_int_t bm_length; /* Length of user allocated area */
+#ifdef LDAP_MEMORY_TRACE
+ ber_int_t bm_sequence; /* Allocation sequence number */
+#endif
+ union bmu_align_u { /* Force alignment, pattern to detect back clobber */
+ ber_len_t bmu_len_t;
+ ber_tag_t bmu_tag_t;
+ ber_int_t bmu_int_t;
+
+ size_t bmu_size_t;
+ void * bmu_voidp;
+ double bmu_double;
+ long bmu_long;
+ long (*bmu_funcp)( double );
+ unsigned char bmu_char[4];
+ } ber_align;
+#define bm_junk ber_align.bmu_len_t
+#define bm_data ber_align.bmu_char[1]
+#define bm_char ber_align.bmu_char
+};
+
+/* Pattern at top of allocated space */
+#define LBER_MEM_JUNK 0xdeaddadaU
+
+static const struct ber_mem_hdr ber_int_mem_hdr = { LBER_MEM_JUNK, 0, 0 };
+
+/* Note sequence and ber_int_meminuse are counters, but are not
+ * thread safe. If you want to use these values for multithreaded applications,
+ * you must put mutexes around them, otherwise they will have incorrect values.
+ * When debugging, if you sort the debug output, the sequence number will
+ * put allocations/frees together. It is then a simple matter to write a script
+ * to find any allocations that don't have a buffer free function.
+ */
+#ifdef LDAP_MEMORY_TRACE
+static ber_int_t sequence = 0;
+#endif
+
+/* Pattern placed just before user data */
+static unsigned char toppattern[4] = { 0xde, 0xad, 0xba, 0xde };
+/* Pattern placed just after user data */
+static unsigned char endpattern[4] = { 0xd1, 0xed, 0xde, 0xca };
+
+#define mbu_len sizeof(ber_int_mem_hdr.ber_align)
+
+/* Test if pattern placed just before user data is good */
+#define testdatatop(val) ( \
+ *(val->bm_char+mbu_len-4)==toppattern[0] && \
+ *(val->bm_char+mbu_len-3)==toppattern[1] && \
+ *(val->bm_char+mbu_len-2)==toppattern[2] && \
+ *(val->bm_char+mbu_len-1)==toppattern[3] )
+
+/* Place pattern just before user data */
+#define setdatatop(val) *(val->bm_char+mbu_len-4)=toppattern[0]; \
+ *(val->bm_char+mbu_len-3)=toppattern[1]; \
+ *(val->bm_char+mbu_len-2)=toppattern[2]; \
+ *(val->bm_char+mbu_len-1)=toppattern[3];
+
+/* Test if pattern placed just after user data is good */
+#define testend(val) ( *((unsigned char *)val+0)==endpattern[0] && \
+ *((unsigned char *)val+1)==endpattern[1] && \
+ *((unsigned char *)val+2)==endpattern[2] && \
+ *((unsigned char *)val+3)==endpattern[3] )
+
+/* Place pattern just after user data */
+#define setend(val) *((unsigned char *)val+0)=endpattern[0]; \
+ *((unsigned char *)val+1)=endpattern[1]; \
+ *((unsigned char *)val+2)=endpattern[2]; \
+ *((unsigned char *)val+3)=endpattern[3];
+
+#define BER_MEM_BADADDR ((void *) &ber_int_mem_hdr.bm_data)
+#define BER_MEM_VALID(p) do { \
+ assert( (p) != BER_MEM_BADADDR ); \
+ assert( (p) != (void *) &ber_int_mem_hdr ); \
+ } while(0)
+
+#else
+#define BER_MEM_VALID(p) /* no-op */
+#endif
+
+BerMemoryFunctions *ber_int_memory_fns = NULL;
+
+void
+ber_memfree_x( void *p, void *ctx )
+{
+ if( p == NULL ) {
+ return;
+ }
+
+ BER_MEM_VALID( p );
+
+ if( ber_int_memory_fns == NULL || ctx == NULL ) {
+#ifdef LDAP_MEMORY_DEBUG
+ struct ber_mem_hdr *mh = (struct ber_mem_hdr *)
+ ((char *)p - sizeof(struct ber_mem_hdr));
+ assert( mh->bm_top == LBER_MEM_JUNK);
+ assert( testdatatop( mh));
+ assert( testend( (char *)&mh[1] + mh->bm_length) );
+ ber_int_meminuse -= mh->bm_length;
+
+#ifdef LDAP_MEMORY_TRACE
+ fprintf(stderr, "0x%08lx 0x%08lx -f- %ld ber_memfree %ld\n",
+ (long)mh->bm_sequence, (long)mh, (long)mh->bm_length,
+ ber_int_meminuse);
+#endif
+ /* Fill the free space with poison */
+ memset( mh, 0xff, mh->bm_length + sizeof(struct ber_mem_hdr) + sizeof(ber_int_t));
+ free( mh );
+#else
+ free( p );
+#endif
+ return;
+ }
+
+ assert( ber_int_memory_fns->bmf_free != 0 );
+
+ (*ber_int_memory_fns->bmf_free)( p, ctx );
+}
+
+void
+ber_memfree( void *p )
+{
+ ber_memfree_x(p, NULL);
+}
+
+void
+ber_memvfree_x( void **vec, void *ctx )
+{
+ int i;
+
+ if( vec == NULL ) {
+ return;
+ }
+
+ BER_MEM_VALID( vec );
+
+ for ( i = 0; vec[i] != NULL; i++ ) {
+ ber_memfree_x( vec[i], ctx );
+ }
+
+ ber_memfree_x( vec, ctx );
+}
+
+void
+ber_memvfree( void **vec )
+{
+ ber_memvfree_x( vec, NULL );
+}
+
+void *
+ber_memalloc_x( ber_len_t s, void *ctx )
+{
+ void *new;
+
+#ifdef LDAP_MEMORY_DEBUG
+ assert( s != 0 );
+#endif
+
+ if( s == 0 ) {
+ return NULL;
+ }
+
+ if( ber_int_memory_fns == NULL || ctx == NULL ) {
+#ifdef LDAP_MEMORY_DEBUG
+ struct ber_mem_hdr *mh = malloc(s + sizeof(struct ber_mem_hdr) + sizeof( ber_int_t));
+ if( mh == NULL ) return NULL;
+
+ mh->bm_top = LBER_MEM_JUNK;
+ mh->bm_length = s;
+ setdatatop( mh);
+ setend( (char *)&mh[1] + mh->bm_length );
+
+ ber_int_meminuse += mh->bm_length; /* Count mem inuse */
+
+#ifdef LDAP_MEMORY_TRACE
+ mh->bm_sequence = sequence++;
+ fprintf(stderr, "0x%08lx 0x%08lx -a- %ld ber_memalloc %ld\n",
+ (long)mh->bm_sequence, (long)mh, (long)mh->bm_length,
+ ber_int_meminuse);
+#endif
+ /* poison new memory */
+ memset( (char *)&mh[1], 0xff, s);
+
+ BER_MEM_VALID( &mh[1] );
+ new = &mh[1];
+#else
+ new = malloc( s );
+#endif
+ } else {
+ new = (*ber_int_memory_fns->bmf_malloc)( s, ctx );
+ }
+
+ if( new == NULL ) {
+ ber_errno = LBER_ERROR_MEMORY;
+ }
+
+ return new;
+}
+
+void *
+ber_memalloc( ber_len_t s )
+{
+ return ber_memalloc_x( s, NULL );
+}
+
+void *
+ber_memcalloc_x( ber_len_t n, ber_len_t s, void *ctx )
+{
+ void *new;
+
+#ifdef LDAP_MEMORY_DEBUG
+ assert( n != 0 && s != 0);
+#endif
+
+ if( n == 0 || s == 0 ) {
+ return NULL;
+ }
+
+ if( ber_int_memory_fns == NULL || ctx == NULL ) {
+#ifdef LDAP_MEMORY_DEBUG
+ struct ber_mem_hdr *mh = calloc(1,
+ (n * s) + sizeof(struct ber_mem_hdr) + sizeof(ber_int_t) );
+ if( mh == NULL ) return NULL;
+
+ mh->bm_top = LBER_MEM_JUNK;
+ mh->bm_length = n*s;
+ setdatatop( mh);
+ setend( (char *)&mh[1] + mh->bm_length );
+
+ ber_int_meminuse += mh->bm_length;
+
+#ifdef LDAP_MEMORY_TRACE
+ mh->bm_sequence = sequence++;
+ fprintf(stderr, "0x%08lx 0x%08lx -a- %ld ber_memcalloc %ld\n",
+ (long)mh->bm_sequence, (long)mh, (long)mh->bm_length,
+ ber_int_meminuse);
+#endif
+ BER_MEM_VALID( &mh[1] );
+ new = &mh[1];
+#else
+ new = calloc( n, s );
+#endif
+
+ } else {
+ new = (*ber_int_memory_fns->bmf_calloc)( n, s, ctx );
+ }
+
+ if( new == NULL ) {
+ ber_errno = LBER_ERROR_MEMORY;
+ }
+
+ return new;
+}
+
+void *
+ber_memcalloc( ber_len_t n, ber_len_t s )
+{
+ return ber_memcalloc_x( n, s, NULL );
+}
+
+void *
+ber_memrealloc_x( void* p, ber_len_t s, void *ctx )
+{
+ void *new = NULL;
+
+ /* realloc(NULL,s) -> malloc(s) */
+ if( p == NULL ) {
+ return ber_memalloc_x( s, ctx );
+ }
+
+ /* realloc(p,0) -> free(p) */
+ if( s == 0 ) {
+ ber_memfree_x( p, ctx );
+ return NULL;
+ }
+
+ BER_MEM_VALID( p );
+
+ if( ber_int_memory_fns == NULL || ctx == NULL ) {
+#ifdef LDAP_MEMORY_DEBUG
+ ber_int_t oldlen;
+ struct ber_mem_hdr *mh = (struct ber_mem_hdr *)
+ ((char *)p - sizeof(struct ber_mem_hdr));
+ assert( mh->bm_top == LBER_MEM_JUNK);
+ assert( testdatatop( mh));
+ assert( testend( (char *)&mh[1] + mh->bm_length) );
+ oldlen = mh->bm_length;
+
+ p = realloc( mh, s + sizeof(struct ber_mem_hdr) + sizeof(ber_int_t) );
+ if( p == NULL ) {
+ ber_errno = LBER_ERROR_MEMORY;
+ return NULL;
+ }
+
+ mh = p;
+ mh->bm_length = s;
+ setend( (char *)&mh[1] + mh->bm_length );
+ if( s > oldlen ) {
+ /* poison any new memory */
+ memset( (char *)&mh[1] + oldlen, 0xff, s - oldlen);
+ }
+
+ assert( mh->bm_top == LBER_MEM_JUNK);
+ assert( testdatatop( mh));
+
+ ber_int_meminuse += s - oldlen;
+#ifdef LDAP_MEMORY_TRACE
+ fprintf(stderr, "0x%08lx 0x%08lx -a- %ld ber_memrealloc %ld\n",
+ (long)mh->bm_sequence, (long)mh, (long)mh->bm_length,
+ ber_int_meminuse);
+#endif
+ BER_MEM_VALID( &mh[1] );
+ return &mh[1];
+#else
+ new = realloc( p, s );
+#endif
+ } else {
+ new = (*ber_int_memory_fns->bmf_realloc)( p, s, ctx );
+ }
+
+ if( new == NULL ) {
+ ber_errno = LBER_ERROR_MEMORY;
+ }
+
+ return new;
+}
+
+void *
+ber_memrealloc( void* p, ber_len_t s )
+{
+ return ber_memrealloc_x( p, s, NULL );
+}
+
+void
+ber_bvfree_x( struct berval *bv, void *ctx )
+{
+ if( bv == NULL ) {
+ return;
+ }
+
+ BER_MEM_VALID( bv );
+
+ if ( bv->bv_val != NULL ) {
+ ber_memfree_x( bv->bv_val, ctx );
+ }
+
+ ber_memfree_x( (char *) bv, ctx );
+}
+
+void
+ber_bvfree( struct berval *bv )
+{
+ ber_bvfree_x( bv, NULL );
+}
+
+void
+ber_bvecfree_x( struct berval **bv, void *ctx )
+{
+ int i;
+
+ if( bv == NULL ) {
+ return;
+ }
+
+ BER_MEM_VALID( bv );
+
+ /* count elements */
+ for ( i = 0; bv[i] != NULL; i++ ) ;
+
+ /* free in reverse order */
+ for ( i--; i >= 0; i-- ) {
+ ber_bvfree_x( bv[i], ctx );
+ }
+
+ ber_memfree_x( (char *) bv, ctx );
+}
+
+void
+ber_bvecfree( struct berval **bv )
+{
+ ber_bvecfree_x( bv, NULL );
+}
+
+int
+ber_bvecadd_x( struct berval ***bvec, struct berval *bv, void *ctx )
+{
+ ber_len_t i;
+ struct berval **new;
+
+ if( *bvec == NULL ) {
+ if( bv == NULL ) {
+ /* nothing to add */
+ return 0;
+ }
+
+ *bvec = ber_memalloc_x( 2 * sizeof(struct berval *), ctx );
+
+ if( *bvec == NULL ) {
+ return -1;
+ }
+
+ (*bvec)[0] = bv;
+ (*bvec)[1] = NULL;
+
+ return 1;
+ }
+
+ BER_MEM_VALID( bvec );
+
+ /* count entries */
+ for ( i = 0; (*bvec)[i] != NULL; i++ ) {
+ /* EMPTY */;
+ }
+
+ if( bv == NULL ) {
+ return i;
+ }
+
+ new = ber_memrealloc_x( *bvec, (i+2) * sizeof(struct berval *), ctx);
+
+ if( new == NULL ) {
+ return -1;
+ }
+
+ *bvec = new;
+
+ (*bvec)[i++] = bv;
+ (*bvec)[i] = NULL;
+
+ return i;
+}
+
+int
+ber_bvecadd( struct berval ***bvec, struct berval *bv )
+{
+ return ber_bvecadd_x( bvec, bv, NULL );
+}
+
+struct berval *
+ber_dupbv_x(
+ struct berval *dst, struct berval *src, void *ctx )
+{
+ struct berval *new;
+
+ if( src == NULL ) {
+ ber_errno = LBER_ERROR_PARAM;
+ return NULL;
+ }
+
+ if ( dst ) {
+ new = dst;
+ } else {
+ if(( new = ber_memalloc_x( sizeof(struct berval), ctx )) == NULL ) {
+ ber_errno = LBER_ERROR_MEMORY;
+ return NULL;
+ }
+ }
+
+ if ( src->bv_val == NULL ) {
+ new->bv_val = NULL;
+ new->bv_len = 0;
+ return new;
+ }
+
+ if(( new->bv_val = ber_memalloc_x( src->bv_len + 1, ctx )) == NULL ) {
+ ber_errno = LBER_ERROR_MEMORY;
+ if ( !dst )
+ ber_memfree_x( new, ctx );
+ return NULL;
+ }
+
+ AC_MEMCPY( new->bv_val, src->bv_val, src->bv_len );
+ new->bv_val[src->bv_len] = '\0';
+ new->bv_len = src->bv_len;
+
+ return new;
+}
+
+struct berval *
+ber_dupbv(
+ struct berval *dst, struct berval *src )
+{
+ return ber_dupbv_x( dst, src, NULL );
+}
+
+struct berval *
+ber_bvdup(
+ struct berval *src )
+{
+ return ber_dupbv_x( NULL, src, NULL );
+}
+
+struct berval *
+ber_str2bv_x(
+ LDAP_CONST char *s, ber_len_t len, int dup, struct berval *bv,
+ void *ctx)
+{
+ struct berval *new;
+
+ if( s == NULL ) {
+ ber_errno = LBER_ERROR_PARAM;
+ return NULL;
+ }
+
+ if( bv ) {
+ new = bv;
+ } else {
+ if(( new = ber_memalloc_x( sizeof(struct berval), ctx )) == NULL ) {
+ ber_errno = LBER_ERROR_MEMORY;
+ return NULL;
+ }
+ }
+
+ new->bv_len = len ? len : strlen( s );
+ if ( dup ) {
+ if ( (new->bv_val = ber_memalloc_x( new->bv_len+1, ctx )) == NULL ) {
+ ber_errno = LBER_ERROR_MEMORY;
+ if ( !bv )
+ ber_memfree_x( new, ctx );
+ return NULL;
+ }
+
+ AC_MEMCPY( new->bv_val, s, new->bv_len );
+ new->bv_val[new->bv_len] = '\0';
+ } else {
+ new->bv_val = (char *) s;
+ }
+
+ return( new );
+}
+
+struct berval *
+ber_str2bv(
+ LDAP_CONST char *s, ber_len_t len, int dup, struct berval *bv)
+{
+ return ber_str2bv_x( s, len, dup, bv, NULL );
+}
+
+struct berval *
+ber_mem2bv_x(
+ LDAP_CONST char *s, ber_len_t len, int dup, struct berval *bv,
+ void *ctx)
+{
+ struct berval *new;
+
+ if( s == NULL ) {
+ ber_errno = LBER_ERROR_PARAM;
+ return NULL;
+ }
+
+ if( bv ) {
+ new = bv;
+ } else {
+ if(( new = ber_memalloc_x( sizeof(struct berval), ctx )) == NULL ) {
+ ber_errno = LBER_ERROR_MEMORY;
+ return NULL;
+ }
+ }
+
+ new->bv_len = len;
+ if ( dup ) {
+ if ( (new->bv_val = ber_memalloc_x( new->bv_len+1, ctx )) == NULL ) {
+ ber_errno = LBER_ERROR_MEMORY;
+ if ( !bv ) {
+ ber_memfree_x( new, ctx );
+ }
+ return NULL;
+ }
+
+ AC_MEMCPY( new->bv_val, s, new->bv_len );
+ new->bv_val[new->bv_len] = '\0';
+ } else {
+ new->bv_val = (char *) s;
+ }
+
+ return( new );
+}
+
+struct berval *
+ber_mem2bv(
+ LDAP_CONST char *s, ber_len_t len, int dup, struct berval *bv)
+{
+ return ber_mem2bv_x( s, len, dup, bv, NULL );
+}
+
+char *
+ber_strdup_x( LDAP_CONST char *s, void *ctx )
+{
+ char *p;
+ size_t len;
+
+#ifdef LDAP_MEMORY_DEBUG
+ assert(s != NULL); /* bv damn better point to something */
+#endif
+
+ if( s == NULL ) {
+ ber_errno = LBER_ERROR_PARAM;
+ return NULL;
+ }
+
+ len = strlen( s ) + 1;
+
+ if ( (p = ber_memalloc_x( len, ctx )) == NULL ) {
+ ber_errno = LBER_ERROR_MEMORY;
+ return NULL;
+ }
+
+ AC_MEMCPY( p, s, len );
+ return p;
+}
+
+char *
+ber_strdup( LDAP_CONST char *s )
+{
+ return ber_strdup_x( s, NULL );
+}
+
+char *
+ber_strndup_x( LDAP_CONST char *s, ber_len_t l, void *ctx )
+{
+ char *p;
+ size_t len;
+
+#ifdef LDAP_MEMORY_DEBUG
+ assert(s != NULL); /* bv damn better point to something */
+#endif
+
+ if( s == NULL ) {
+ ber_errno = LBER_ERROR_PARAM;
+ return NULL;
+ }
+
+ len = strlen( s );
+
+ if ( len > l ) {
+ len = l;
+ }
+
+ if ( (p = ber_memalloc_x( len + 1, ctx )) == NULL ) {
+ ber_errno = LBER_ERROR_MEMORY;
+ return NULL;
+ }
+
+ AC_MEMCPY( p, s, len );
+ p[len] = '\0';
+ return p;
+}
+
+char *
+ber_strndup( LDAP_CONST char *s, ber_len_t l )
+{
+ return ber_strndup_x( s, l, NULL );
+}
+
+/*
+ * dst is resized as required by src and the value of src is copied into dst
+ * dst->bv_val must be NULL (and dst->bv_len must be 0), or it must be
+ * alloc'ed with the context ctx
+ */
+struct berval *
+ber_bvreplace_x( struct berval *dst, LDAP_CONST struct berval *src, void *ctx )
+{
+ assert( dst != NULL );
+ assert( !BER_BVISNULL( src ) );
+
+ if ( BER_BVISNULL( dst ) || dst->bv_len < src->bv_len ) {
+ dst->bv_val = ber_memrealloc_x( dst->bv_val, src->bv_len + 1, ctx );
+ }
+
+ AC_MEMCPY( dst->bv_val, src->bv_val, src->bv_len + 1 );
+ dst->bv_len = src->bv_len;
+
+ return dst;
+}
+
+struct berval *
+ber_bvreplace( struct berval *dst, LDAP_CONST struct berval *src )
+{
+ return ber_bvreplace_x( dst, src, NULL );
+}
+
+void
+ber_bvarray_free_x( BerVarray a, void *ctx )
+{
+ int i;
+
+ if (a) {
+ BER_MEM_VALID( a );
+
+ /* count elements */
+ for (i=0; a[i].bv_val; i++) ;
+
+ /* free in reverse order */
+ for (i--; i>=0; i--) {
+ ber_memfree_x(a[i].bv_val, ctx);
+ }
+
+ ber_memfree_x(a, ctx);
+ }
+}
+
+void
+ber_bvarray_free( BerVarray a )
+{
+ ber_bvarray_free_x(a, NULL);
+}
+
+int
+ber_bvarray_add_x( BerVarray *a, BerValue *bv, void *ctx )
+{
+ int n;
+
+ if ( *a == NULL ) {
+ if (bv == NULL) {
+ return 0;
+ }
+ n = 0;
+
+ *a = (BerValue *) ber_memalloc_x( 2 * sizeof(BerValue), ctx );
+ if ( *a == NULL ) {
+ return -1;
+ }
+
+ } else {
+ BerVarray atmp;
+ BER_MEM_VALID( a );
+
+ for ( n = 0; *a != NULL && (*a)[n].bv_val != NULL; n++ ) {
+ ; /* just count them */
+ }
+
+ if (bv == NULL) {
+ return n;
+ }
+
+ atmp = (BerValue *) ber_memrealloc_x( (char *) *a,
+ (n + 2) * sizeof(BerValue), ctx );
+
+ if( atmp == NULL ) {
+ return -1;
+ }
+
+ *a = atmp;
+ }
+
+ (*a)[n++] = *bv;
+ (*a)[n].bv_val = NULL;
+
+ return n;
+}
+
+int
+ber_bvarray_add( BerVarray *a, BerValue *bv )
+{
+ return ber_bvarray_add_x( a, bv, NULL );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/nt_err.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/nt_err.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/nt_err.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,96 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblber/nt_err.c,v 1.13.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#ifdef HAVE_WINSOCK2
+#include <winsock2.h>
+#elif HAVE_WINSOCK
+#include <winsock.h>
+#endif /* HAVE_WINSOCK(2) */
+
+#define LBER_RETSTR( x ) case x: return #x;
+
+char *ber_pvt_wsa_err2string( int err )
+{
+ switch( err ) {
+ LBER_RETSTR( WSAEINTR )
+ LBER_RETSTR( WSAEBADF )
+ LBER_RETSTR( WSAEACCES )
+ LBER_RETSTR( WSAEFAULT )
+ LBER_RETSTR( WSAEINVAL )
+ LBER_RETSTR( WSAEMFILE )
+ LBER_RETSTR( WSAEWOULDBLOCK )
+ LBER_RETSTR( WSAEINPROGRESS )
+ LBER_RETSTR( WSAEALREADY )
+ LBER_RETSTR( WSAENOTSOCK )
+ LBER_RETSTR( WSAEDESTADDRREQ )
+ LBER_RETSTR( WSAEMSGSIZE )
+ LBER_RETSTR( WSAEPROTOTYPE )
+ LBER_RETSTR( WSAENOPROTOOPT )
+ LBER_RETSTR( WSAEPROTONOSUPPORT )
+ LBER_RETSTR( WSAESOCKTNOSUPPORT )
+ LBER_RETSTR( WSAEOPNOTSUPP )
+ LBER_RETSTR( WSAEPFNOSUPPORT )
+ LBER_RETSTR( WSAEAFNOSUPPORT )
+ LBER_RETSTR( WSAEADDRINUSE )
+ LBER_RETSTR( WSAEADDRNOTAVAIL )
+ LBER_RETSTR( WSAENETDOWN )
+ LBER_RETSTR( WSAENETUNREACH )
+ LBER_RETSTR( WSAENETRESET )
+ LBER_RETSTR( WSAECONNABORTED )
+ LBER_RETSTR( WSAECONNRESET )
+ LBER_RETSTR( WSAENOBUFS )
+ LBER_RETSTR( WSAEISCONN )
+ LBER_RETSTR( WSAENOTCONN )
+ LBER_RETSTR( WSAESHUTDOWN )
+ LBER_RETSTR( WSAETOOMANYREFS )
+ LBER_RETSTR( WSAETIMEDOUT )
+ LBER_RETSTR( WSAECONNREFUSED )
+ LBER_RETSTR( WSAELOOP )
+ LBER_RETSTR( WSAENAMETOOLONG )
+ LBER_RETSTR( WSAEHOSTDOWN )
+ LBER_RETSTR( WSAEHOSTUNREACH )
+ LBER_RETSTR( WSAENOTEMPTY )
+ LBER_RETSTR( WSAEPROCLIM )
+ LBER_RETSTR( WSAEUSERS )
+ LBER_RETSTR( WSAEDQUOT )
+ LBER_RETSTR( WSAESTALE )
+ LBER_RETSTR( WSAEREMOTE )
+ LBER_RETSTR( WSASYSNOTREADY )
+ LBER_RETSTR( WSAVERNOTSUPPORTED )
+ LBER_RETSTR( WSANOTINITIALISED )
+ LBER_RETSTR( WSAEDISCON )
+
+#ifdef HAVE_WINSOCK2
+ LBER_RETSTR( WSAENOMORE )
+ LBER_RETSTR( WSAECANCELLED )
+ LBER_RETSTR( WSAEINVALIDPROCTABLE )
+ LBER_RETSTR( WSAEINVALIDPROVIDER )
+ LBER_RETSTR( WSASYSCALLFAILURE )
+ LBER_RETSTR( WSASERVICE_NOT_FOUND )
+ LBER_RETSTR( WSATYPE_NOT_FOUND )
+ LBER_RETSTR( WSA_E_NO_MORE )
+ LBER_RETSTR( WSA_E_CANCELLED )
+ LBER_RETSTR( WSAEREFUSED )
+#endif /* HAVE_WINSOCK2 */
+
+ LBER_RETSTR( WSAHOST_NOT_FOUND )
+ LBER_RETSTR( WSATRY_AGAIN )
+ LBER_RETSTR( WSANO_RECOVERY )
+ LBER_RETSTR( WSANO_DATA )
+ }
+ return "unknown WSA error";
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/options.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/options.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/options.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,233 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblber/options.c,v 1.37.2.5 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/stdarg.h>
+#include "lber-int.h"
+
+char ber_pvt_opt_on; /* used to get a non-NULL address for *_OPT_ON */
+
+struct lber_options ber_int_options = {
+ LBER_UNINITIALIZED, 0, 0 };
+
+static BerMemoryFunctions ber_int_memory_fns_datum;
+
+int
+ber_get_option(
+ void *item,
+ int option,
+ void *outvalue)
+{
+ const BerElement *ber;
+ const Sockbuf *sb;
+
+ if(outvalue == NULL) {
+ /* no place to get to */
+ ber_errno = LBER_ERROR_PARAM;
+ return LBER_OPT_ERROR;
+ }
+
+ if(item == NULL) {
+ switch ( option ) {
+ case LBER_OPT_BER_DEBUG:
+ * (int *) outvalue = ber_int_debug;
+ return LBER_OPT_SUCCESS;
+
+ case LBER_OPT_MEMORY_INUSE:
+ /* The memory inuse is a global variable on kernal implementations.
+ * This means that memory debug is shared by all LDAP processes
+ * so for this variable to have much meaning, only one LDAP process
+ * should be running and memory inuse should be initialized to zero
+ * using the lber_set_option() function during startup.
+ * The counter is not accurate for multithreaded ldap applications.
+ */
+#ifdef LDAP_MEMORY_DEBUG
+ * (int *) outvalue = ber_int_meminuse;
+ return LBER_OPT_SUCCESS;
+#else
+ return LBER_OPT_ERROR;
+#endif
+
+ case LBER_OPT_LOG_PRINT_FILE:
+ *((FILE**)outvalue) = (FILE*)ber_pvt_err_file;
+ return LBER_OPT_SUCCESS;
+ }
+
+ ber_errno = LBER_ERROR_PARAM;
+ return LBER_OPT_ERROR;
+ }
+
+ ber = item;
+ sb = item;
+
+ switch(option) {
+ case LBER_OPT_BER_OPTIONS:
+ assert( LBER_VALID( ber ) );
+ * (int *) outvalue = ber->ber_options;
+ return LBER_OPT_SUCCESS;
+
+ case LBER_OPT_BER_DEBUG:
+ assert( LBER_VALID( ber ) );
+ * (int *) outvalue = ber->ber_debug;
+ return LBER_OPT_SUCCESS;
+
+ case LBER_OPT_BER_REMAINING_BYTES:
+ assert( LBER_VALID( ber ) );
+ *((ber_len_t *) outvalue) = ber_pvt_ber_remaining(ber);
+ return LBER_OPT_SUCCESS;
+
+ case LBER_OPT_BER_TOTAL_BYTES:
+ assert( LBER_VALID( ber ) );
+ *((ber_len_t *) outvalue) = ber_pvt_ber_total(ber);
+ return LBER_OPT_SUCCESS;
+
+ case LBER_OPT_BER_BYTES_TO_WRITE:
+ assert( LBER_VALID( ber ) );
+ *((ber_len_t *) outvalue) = ber_pvt_ber_write(ber);
+ return LBER_OPT_SUCCESS;
+
+ case LBER_OPT_BER_MEMCTX:
+ assert( LBER_VALID( ber ) );
+ *((void **) outvalue) = ber->ber_memctx;
+ return LBER_OPT_SUCCESS;
+
+ default:
+ /* bad param */
+ ber_errno = LBER_ERROR_PARAM;
+ break;
+ }
+
+ return LBER_OPT_ERROR;
+}
+
+int
+ber_set_option(
+ void *item,
+ int option,
+ LDAP_CONST void *invalue)
+{
+ BerElement *ber;
+ Sockbuf *sb;
+
+ if(invalue == NULL) {
+ /* no place to set from */
+ ber_errno = LBER_ERROR_PARAM;
+ return LBER_OPT_ERROR;
+ }
+
+ if(item == NULL) {
+ switch ( option ) {
+ case LBER_OPT_BER_DEBUG:
+ ber_int_debug = * (const int *) invalue;
+ return LBER_OPT_SUCCESS;
+
+ case LBER_OPT_LOG_PRINT_FN:
+ ber_pvt_log_print = (BER_LOG_PRINT_FN) invalue;
+ return LBER_OPT_SUCCESS;
+
+ case LBER_OPT_LOG_PRINT_FILE:
+ ber_pvt_err_file = (void *) invalue;
+ return LBER_OPT_SUCCESS;
+
+ case LBER_OPT_MEMORY_INUSE:
+ /* The memory inuse is a global variable on kernal implementations.
+ * This means that memory debug is shared by all LDAP processes
+ * so for this variable to have much meaning, only one LDAP process
+ * should be running and memory inuse should be initialized to zero
+ * using the lber_set_option() function during startup.
+ * The counter is not accurate for multithreaded applications.
+ */
+#ifdef LDAP_MEMORY_DEBUG
+ ber_int_meminuse = * (int *) invalue;
+ return LBER_OPT_SUCCESS;
+#else
+ return LBER_OPT_ERROR;
+#endif
+ case LBER_OPT_MEMORY_FNS:
+ if ( ber_int_memory_fns == NULL )
+ {
+ const BerMemoryFunctions *f =
+ (const BerMemoryFunctions *) invalue;
+ /* make sure all functions are provided */
+ if(!( f->bmf_malloc && f->bmf_calloc
+ && f->bmf_realloc && f->bmf_free ))
+ {
+ ber_errno = LBER_ERROR_PARAM;
+ return LBER_OPT_ERROR;
+ }
+
+ ber_int_memory_fns = &ber_int_memory_fns_datum;
+
+ AC_MEMCPY(ber_int_memory_fns, f,
+ sizeof(BerMemoryFunctions));
+
+ return LBER_OPT_SUCCESS;
+ }
+ break;
+
+ case LBER_OPT_LOG_PROC:
+ ber_int_log_proc = (BER_LOG_FN)invalue;
+ return LBER_OPT_SUCCESS;
+ }
+
+ ber_errno = LBER_ERROR_PARAM;
+ return LBER_OPT_ERROR;
+ }
+
+ ber = item;
+ sb = item;
+
+ switch(option) {
+ case LBER_OPT_BER_OPTIONS:
+ assert( LBER_VALID( ber ) );
+ ber->ber_options = * (const int *) invalue;
+ return LBER_OPT_SUCCESS;
+
+ case LBER_OPT_BER_DEBUG:
+ assert( LBER_VALID( ber ) );
+ ber->ber_debug = * (const int *) invalue;
+ return LBER_OPT_SUCCESS;
+
+ case LBER_OPT_BER_REMAINING_BYTES:
+ assert( LBER_VALID( ber ) );
+ ber->ber_end = &ber->ber_ptr[* (const ber_len_t *) invalue];
+ return LBER_OPT_SUCCESS;
+
+ case LBER_OPT_BER_TOTAL_BYTES:
+ assert( LBER_VALID( ber ) );
+ ber->ber_end = &ber->ber_buf[* (const ber_len_t *) invalue];
+ return LBER_OPT_SUCCESS;
+
+ case LBER_OPT_BER_BYTES_TO_WRITE:
+ assert( LBER_VALID( ber ) );
+ ber->ber_ptr = &ber->ber_buf[* (const ber_len_t *) invalue];
+ return LBER_OPT_SUCCESS;
+
+ case LBER_OPT_BER_MEMCTX:
+ assert( LBER_VALID( ber ) );
+ ber->ber_memctx = *(void **)invalue;
+ return LBER_OPT_SUCCESS;
+
+ default:
+ /* bad param */
+ ber_errno = LBER_ERROR_PARAM;
+ break;
+ }
+
+ return LBER_OPT_ERROR;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/sockbuf.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/sockbuf.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/sockbuf.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,949 @@
+/* sockbuf.c - i/o routines with support for adding i/o layers. */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/sockbuf.c,v 1.60.2.7 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif /* HAVE_IO_H */
+
+#if defined( HAVE_FCNTL_H )
+#include <fcntl.h>
+#endif
+
+#if defined( HAVE_SYS_FILIO_H )
+#include <sys/filio.h>
+#elif defined( HAVE_SYS_IOCTL_H )
+#include <sys/ioctl.h>
+#endif
+
+#include "lber-int.h"
+
+#ifndef LBER_MIN_BUFF_SIZE
+#define LBER_MIN_BUFF_SIZE 4096
+#endif
+#ifndef LBER_MAX_BUFF_SIZE
+#define LBER_MAX_BUFF_SIZE (65536*256)
+#endif
+#ifndef LBER_DEFAULT_READAHEAD
+#define LBER_DEFAULT_READAHEAD 16384
+#endif
+
+Sockbuf *
+ber_sockbuf_alloc( void )
+{
+ Sockbuf *sb;
+
+ sb = LBER_CALLOC( 1, sizeof( Sockbuf ) );
+
+ if( sb == NULL ) return NULL;
+
+ ber_int_sb_init( sb );
+ return sb;
+}
+
+void
+ber_sockbuf_free( Sockbuf *sb )
+{
+ assert( sb != NULL );
+ assert( SOCKBUF_VALID( sb ) );
+
+ ber_int_sb_close( sb );
+ ber_int_sb_destroy( sb );
+ LBER_FREE( sb );
+}
+
+/* Return values: -1: error, 0: no operation performed or the answer is false,
+ * 1: successful operation or the answer is true
+ */
+int
+ber_sockbuf_ctrl( Sockbuf *sb, int opt, void *arg )
+{
+ Sockbuf_IO_Desc *p;
+ int ret = 0;
+
+ assert( sb != NULL );
+ assert( SOCKBUF_VALID( sb ) );
+
+ switch ( opt ) {
+ case LBER_SB_OPT_HAS_IO:
+ p = sb->sb_iod;
+ while ( p && p->sbiod_io != (Sockbuf_IO *)arg ) {
+ p = p->sbiod_next;
+ }
+
+ if ( p ) {
+ ret = 1;
+ }
+ break;
+
+ case LBER_SB_OPT_GET_FD:
+ if ( arg != NULL ) {
+ *((ber_socket_t *)arg) = sb->sb_fd;
+ }
+ ret = ( sb->sb_fd == AC_SOCKET_INVALID ? -1 : 1);
+ break;
+
+ case LBER_SB_OPT_SET_FD:
+ sb->sb_fd = *((ber_socket_t *)arg);
+ ret = 1;
+ break;
+
+ case LBER_SB_OPT_SET_NONBLOCK:
+ ret = ber_pvt_socket_set_nonblock( sb->sb_fd, arg != NULL)
+ ? -1 : 1;
+ break;
+
+ case LBER_SB_OPT_DRAIN: {
+ /* Drain the data source to enable possible errors (e.g.
+ * TLS) to be propagated to the upper layers
+ */
+ char buf[LBER_MIN_BUFF_SIZE];
+
+ do {
+ ret = ber_int_sb_read( sb, buf, sizeof( buf ) );
+ } while ( ret == sizeof( buf ) );
+
+ ret = 1;
+ } break;
+
+ case LBER_SB_OPT_NEEDS_READ:
+ ret = ( sb->sb_trans_needs_read ? 1 : 0 );
+ break;
+
+ case LBER_SB_OPT_NEEDS_WRITE:
+ ret = ( sb->sb_trans_needs_write ? 1 : 0 );
+ break;
+
+ case LBER_SB_OPT_GET_MAX_INCOMING:
+ if ( arg != NULL ) {
+ *((ber_len_t *)arg) = sb->sb_max_incoming;
+ }
+ ret = 1;
+ break;
+
+ case LBER_SB_OPT_SET_MAX_INCOMING:
+ sb->sb_max_incoming = *((ber_len_t *)arg);
+ ret = 1;
+ break;
+
+ default:
+ ret = sb->sb_iod->sbiod_io->sbi_ctrl( sb->sb_iod, opt, arg );
+ break;
+ }
+
+ return ret;
+}
+
+int
+ber_sockbuf_add_io( Sockbuf *sb, Sockbuf_IO *sbio, int layer, void *arg )
+{
+ Sockbuf_IO_Desc *d, *p, **q;
+
+ assert( sb != NULL );
+ assert( SOCKBUF_VALID( sb ) );
+
+ if ( sbio == NULL ) {
+ return -1;
+ }
+
+ q = &sb->sb_iod;
+ p = *q;
+ while ( p && p->sbiod_level > layer ) {
+ q = &p->sbiod_next;
+ p = *q;
+ }
+
+ d = LBER_MALLOC( sizeof( *d ) );
+ if ( d == NULL ) {
+ return -1;
+ }
+
+ d->sbiod_level = layer;
+ d->sbiod_sb = sb;
+ d->sbiod_io = sbio;
+ memset( &d->sbiod_pvt, '\0', sizeof( d->sbiod_pvt ) );
+ d->sbiod_next = p;
+ *q = d;
+
+ if ( sbio->sbi_setup != NULL && ( sbio->sbi_setup( d, arg ) < 0 ) ) {
+ return -1;
+ }
+
+ return 0;
+}
+
+int
+ber_sockbuf_remove_io( Sockbuf *sb, Sockbuf_IO *sbio, int layer )
+{
+ Sockbuf_IO_Desc *p, **q;
+
+ assert( sb != NULL );
+ assert( SOCKBUF_VALID( sb ) );
+
+ if ( sb->sb_iod == NULL ) {
+ return -1;
+ }
+
+ q = &sb->sb_iod;
+ while ( *q != NULL ) {
+ p = *q;
+ if ( layer == p->sbiod_level && p->sbiod_io == sbio ) {
+ if ( p->sbiod_io->sbi_remove != NULL &&
+ p->sbiod_io->sbi_remove( p ) < 0 )
+ {
+ return -1;
+ }
+ *q = p->sbiod_next;
+ LBER_FREE( p );
+ break;
+ }
+ q = &p->sbiod_next;
+ }
+
+ return 0;
+}
+
+void
+ber_pvt_sb_buf_init( Sockbuf_Buf *buf )
+{
+ buf->buf_base = NULL;
+ buf->buf_ptr = 0;
+ buf->buf_end = 0;
+ buf->buf_size = 0;
+}
+
+void
+ber_pvt_sb_buf_destroy( Sockbuf_Buf *buf )
+{
+ assert( buf != NULL);
+
+ if (buf->buf_base) {
+ LBER_FREE( buf->buf_base );
+ }
+ ber_pvt_sb_buf_init( buf );
+}
+
+int
+ber_pvt_sb_grow_buffer( Sockbuf_Buf *buf, ber_len_t minsize )
+{
+ ber_len_t pw;
+ char *p;
+
+ assert( buf != NULL );
+
+ for ( pw = LBER_MIN_BUFF_SIZE; pw < minsize; pw <<= 1 ) {
+ if (pw > LBER_MAX_BUFF_SIZE) return -1;
+ }
+
+ if ( buf->buf_size < pw ) {
+ p = LBER_REALLOC( buf->buf_base, pw );
+ if ( p == NULL ) return -1;
+ buf->buf_base = p;
+ buf->buf_size = pw;
+ }
+ return 0;
+}
+
+ber_len_t
+ber_pvt_sb_copy_out( Sockbuf_Buf *sbb, char *buf, ber_len_t len )
+{
+ ber_len_t max;
+
+ assert( buf != NULL );
+ assert( sbb != NULL );
+#if 0
+ assert( sbb->buf_size > 0 );
+#endif
+
+ max = sbb->buf_end - sbb->buf_ptr;
+ max = ( max < len) ? max : len;
+ if ( max ) {
+ AC_MEMCPY( buf, sbb->buf_base + sbb->buf_ptr, max );
+ sbb->buf_ptr += max;
+ if ( sbb->buf_ptr >= sbb->buf_end ) {
+ sbb->buf_ptr = sbb->buf_end = 0;
+ }
+ }
+ return max;
+}
+
+ber_slen_t
+ber_pvt_sb_do_write( Sockbuf_IO_Desc *sbiod, Sockbuf_Buf *buf_out )
+{
+ ber_len_t to_go;
+ ber_slen_t ret;
+
+ assert( sbiod != NULL );
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+ to_go = buf_out->buf_end - buf_out->buf_ptr;
+ assert( to_go > 0 );
+
+ for(;;) {
+ ret = LBER_SBIOD_WRITE_NEXT( sbiod, buf_out->buf_base +
+ buf_out->buf_ptr, to_go );
+#ifdef EINTR
+ if ((ret<0) && (errno==EINTR)) continue;
+#endif
+ break;
+ }
+
+ if ( ret <= 0 ) return ret;
+
+ buf_out->buf_ptr += ret;
+ if (buf_out->buf_ptr == buf_out->buf_end) {
+ buf_out->buf_end = buf_out->buf_ptr = 0;
+ }
+
+ return ret;
+}
+
+int
+ber_pvt_socket_set_nonblock( ber_socket_t sd, int nb )
+{
+#if HAVE_FCNTL
+ int flags = fcntl( sd, F_GETFL);
+ if( nb ) {
+ flags |= O_NONBLOCK;
+ } else {
+ flags &= ~O_NONBLOCK;
+ }
+ return fcntl( sd, F_SETFL, flags );
+
+#elif defined( FIONBIO )
+ ioctl_t status = nb ? 1 : 0;
+ return ioctl( sd, FIONBIO, &status );
+#endif
+}
+
+int
+ber_int_sb_init( Sockbuf *sb )
+{
+ assert( sb != NULL);
+
+ sb->sb_valid=LBER_VALID_SOCKBUF;
+ sb->sb_options = 0;
+ sb->sb_debug = ber_int_debug;
+ sb->sb_fd = AC_SOCKET_INVALID;
+ sb->sb_iod = NULL;
+ sb->sb_trans_needs_read = 0;
+ sb->sb_trans_needs_write = 0;
+
+ assert( SOCKBUF_VALID( sb ) );
+ return 0;
+}
+
+int
+ber_int_sb_close( Sockbuf *sb )
+{
+ Sockbuf_IO_Desc *p;
+
+ assert( sb != NULL);
+
+ p = sb->sb_iod;
+ while ( p ) {
+ if ( p->sbiod_io->sbi_close && p->sbiod_io->sbi_close( p ) < 0 ) {
+ return -1;
+ }
+ p = p->sbiod_next;
+ }
+
+ sb->sb_fd = AC_SOCKET_INVALID;
+
+ return 0;
+}
+
+int
+ber_int_sb_destroy( Sockbuf *sb )
+{
+ Sockbuf_IO_Desc *p;
+
+ assert( sb != NULL);
+ assert( SOCKBUF_VALID( sb ) );
+
+ while ( sb->sb_iod ) {
+ p = sb->sb_iod->sbiod_next;
+ ber_sockbuf_remove_io( sb, sb->sb_iod->sbiod_io,
+ sb->sb_iod->sbiod_level );
+ sb->sb_iod = p;
+ }
+
+ return ber_int_sb_init( sb );
+}
+
+ber_slen_t
+ber_int_sb_read( Sockbuf *sb, void *buf, ber_len_t len )
+{
+ ber_slen_t ret;
+
+ assert( buf != NULL );
+ assert( sb != NULL);
+ assert( sb->sb_iod != NULL );
+ assert( SOCKBUF_VALID( sb ) );
+
+ for (;;) {
+ ret = sb->sb_iod->sbiod_io->sbi_read( sb->sb_iod, buf, len );
+
+#ifdef EINTR
+ if ( ( ret < 0 ) && ( errno == EINTR ) ) continue;
+#endif
+ break;
+ }
+
+ return ret;
+}
+
+ber_slen_t
+ber_int_sb_write( Sockbuf *sb, void *buf, ber_len_t len )
+{
+ ber_slen_t ret;
+
+ assert( buf != NULL );
+ assert( sb != NULL);
+ assert( sb->sb_iod != NULL );
+ assert( SOCKBUF_VALID( sb ) );
+
+ for (;;) {
+ ret = sb->sb_iod->sbiod_io->sbi_write( sb->sb_iod, buf, len );
+
+#ifdef EINTR
+ if ( ( ret < 0 ) && ( errno == EINTR ) ) continue;
+#endif
+ break;
+ }
+
+ return ret;
+}
+
+/*
+ * Support for TCP
+ */
+
+static ber_slen_t
+sb_stream_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
+{
+ assert( sbiod != NULL);
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+#if defined(MACOS)
+/*
+ * MacTCP/OpenTransport
+ */
+ return tcpread( sbiod->sbiod_sb->sb_fd, 0, (unsigned char *)buf,
+ len, NULL );
+
+#elif defined( HAVE_PCNFS ) || \
+ defined( HAVE_WINSOCK ) || defined ( __BEOS__ )
+/*
+ * PCNFS (under DOS)
+ */
+/*
+ * Windows Socket API (under DOS/Windows 3.x)
+ */
+/*
+ * 32-bit Windows Socket API (under Windows NT or Windows 95)
+ */
+ return recv( sbiod->sbiod_sb->sb_fd, buf, len, 0 );
+
+#elif defined( HAVE_NCSA )
+/*
+ * NCSA Telnet TCP/IP stack (under DOS)
+ */
+ return nread( sbiod->sbiod_sb->sb_fd, buf, len );
+
+#else
+ return read( sbiod->sbiod_sb->sb_fd, buf, len );
+#endif
+}
+
+static ber_slen_t
+sb_stream_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
+{
+ assert( sbiod != NULL);
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+#if defined(MACOS)
+/*
+ * MacTCP/OpenTransport
+ */
+#define MAX_WRITE 65535
+ return tcpwrite( sbiod->sbiod_sb->sb_fd, (unsigned char *)buf,
+ (len<MAX_WRITE) ? len : MAX_WRITE );
+
+#elif defined( HAVE_PCNFS) \
+ || defined( HAVE_WINSOCK) || defined ( __BEOS__ )
+/*
+ * PCNFS (under DOS)
+ */
+/*
+ * Windows Socket API (under DOS/Windows 3.x)
+ */
+/*
+ * 32-bit Windows Socket API (under Windows NT or Windows 95)
+ */
+ return send( sbiod->sbiod_sb->sb_fd, buf, len, 0 );
+
+#elif defined(HAVE_NCSA)
+ return netwrite( sbiod->sbiod_sb->sb_fd, buf, len );
+
+#elif defined(VMS)
+/*
+ * VMS -- each write must be 64K or smaller
+ */
+#define MAX_WRITE 65535
+ return write( sbiod->sbiod_sb->sb_fd, buf,
+ (len<MAX_WRITE) ? len : MAX_WRITE);
+#else
+ return write( sbiod->sbiod_sb->sb_fd, buf, len );
+#endif
+}
+
+static int
+sb_stream_close( Sockbuf_IO_Desc *sbiod )
+{
+ assert( sbiod != NULL );
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+ tcp_close( sbiod->sbiod_sb->sb_fd );
+ return 0;
+}
+
+/* The argument is a pointer to the socket descriptor */
+static int
+sb_stream_setup( Sockbuf_IO_Desc *sbiod, void *arg ) {
+ assert( sbiod != NULL );
+
+ if ( arg != NULL ) {
+ sbiod->sbiod_sb->sb_fd = *((int *)arg);
+ }
+ return 0;
+}
+
+static int
+sb_stream_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg ) {
+ /* This is an end IO descriptor */
+ return 0;
+}
+
+Sockbuf_IO ber_sockbuf_io_tcp = {
+ sb_stream_setup, /* sbi_setup */
+ NULL, /* sbi_remove */
+ sb_stream_ctrl, /* sbi_ctrl */
+ sb_stream_read, /* sbi_read */
+ sb_stream_write, /* sbi_write */
+ sb_stream_close /* sbi_close */
+};
+
+
+/*
+ * Support for readahead (UDP needs it)
+ */
+
+static int
+sb_rdahead_setup( Sockbuf_IO_Desc *sbiod, void *arg )
+{
+ Sockbuf_Buf *p;
+
+ assert( sbiod != NULL );
+
+ p = LBER_MALLOC( sizeof( *p ) );
+ if ( p == NULL ) return -1;
+
+ ber_pvt_sb_buf_init( p );
+
+ if ( arg == NULL ) {
+ ber_pvt_sb_grow_buffer( p, LBER_DEFAULT_READAHEAD );
+ } else {
+ ber_pvt_sb_grow_buffer( p, *((int *)arg) );
+ }
+
+ sbiod->sbiod_pvt = p;
+ return 0;
+}
+
+static int
+sb_rdahead_remove( Sockbuf_IO_Desc *sbiod )
+{
+ Sockbuf_Buf *p;
+
+ assert( sbiod != NULL );
+
+ p = (Sockbuf_Buf *)sbiod->sbiod_pvt;
+
+ if ( p->buf_ptr != p->buf_end ) return -1;
+
+ ber_pvt_sb_buf_destroy( (Sockbuf_Buf *)(sbiod->sbiod_pvt) );
+ LBER_FREE( sbiod->sbiod_pvt );
+ sbiod->sbiod_pvt = NULL;
+
+ return 0;
+}
+
+static ber_slen_t
+sb_rdahead_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
+{
+ Sockbuf_Buf *p;
+ ber_slen_t bufptr = 0, ret, max;
+
+ assert( sbiod != NULL );
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+ assert( sbiod->sbiod_next != NULL );
+
+ p = (Sockbuf_Buf *)sbiod->sbiod_pvt;
+
+ assert( p->buf_size > 0 );
+
+ /* Are there anything left in the buffer? */
+ ret = ber_pvt_sb_copy_out( p, buf, len );
+ bufptr += ret;
+ len -= ret;
+
+ if ( len == 0 ) return bufptr;
+
+ max = p->buf_size - p->buf_end;
+ ret = 0;
+ while ( max > 0 ) {
+ ret = LBER_SBIOD_READ_NEXT( sbiod, p->buf_base + p->buf_end,
+ max );
+#ifdef EINTR
+ if ( ( ret < 0 ) && ( errno == EINTR ) ) continue;
+#endif
+ break;
+ }
+
+ if ( ret < 0 ) {
+ return ( bufptr ? bufptr : ret );
+ }
+
+ p->buf_end += ret;
+ bufptr += ber_pvt_sb_copy_out( p, (char *) buf + bufptr, len );
+ return bufptr;
+}
+
+static ber_slen_t
+sb_rdahead_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
+{
+ assert( sbiod != NULL );
+ assert( sbiod->sbiod_next != NULL );
+
+ return LBER_SBIOD_WRITE_NEXT( sbiod, buf, len );
+}
+
+static int
+sb_rdahead_close( Sockbuf_IO_Desc *sbiod )
+{
+ assert( sbiod != NULL );
+
+ /* Just erase the buffer */
+ ber_pvt_sb_buf_destroy((Sockbuf_Buf *)sbiod->sbiod_pvt);
+ return 0;
+}
+
+static int
+sb_rdahead_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg )
+{
+ Sockbuf_Buf *p;
+
+ p = (Sockbuf_Buf *)sbiod->sbiod_pvt;
+
+ if ( opt == LBER_SB_OPT_DATA_READY ) {
+ if ( p->buf_ptr != p->buf_end ) {
+ return 1;
+ }
+
+ } else if ( opt == LBER_SB_OPT_SET_READAHEAD ) {
+ if ( p->buf_size >= *((ber_len_t *)arg) ) {
+ return 0;
+ }
+ return ( ber_pvt_sb_grow_buffer( p, *((int *)arg) ) ?
+ -1 : 1 );
+ }
+
+ return LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg );
+}
+
+Sockbuf_IO ber_sockbuf_io_readahead = {
+ sb_rdahead_setup, /* sbi_setup */
+ sb_rdahead_remove, /* sbi_remove */
+ sb_rdahead_ctrl, /* sbi_ctrl */
+ sb_rdahead_read, /* sbi_read */
+ sb_rdahead_write, /* sbi_write */
+ sb_rdahead_close /* sbi_close */
+};
+
+/*
+ * Support for simple file IO
+ */
+
+static ber_slen_t
+sb_fd_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
+{
+ assert( sbiod != NULL);
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+ return read( sbiod->sbiod_sb->sb_fd, buf, len );
+}
+
+static ber_slen_t
+sb_fd_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
+{
+ assert( sbiod != NULL);
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+ return write( sbiod->sbiod_sb->sb_fd, buf, len );
+}
+
+static int
+sb_fd_close( Sockbuf_IO_Desc *sbiod )
+{
+ assert( sbiod != NULL );
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+ close( sbiod->sbiod_sb->sb_fd );
+ return 0;
+}
+
+/* The argument is a pointer to the file descriptor */
+static int
+sb_fd_setup( Sockbuf_IO_Desc *sbiod, void *arg ) {
+ assert( sbiod != NULL );
+
+ if ( arg != NULL )
+ sbiod->sbiod_sb->sb_fd = *((int *)arg);
+ return 0;
+}
+
+static int
+sb_fd_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg ) {
+ /* This is an end IO descriptor */
+ return 0;
+}
+
+Sockbuf_IO ber_sockbuf_io_fd = {
+ sb_fd_setup, /* sbi_setup */
+ NULL, /* sbi_remove */
+ sb_fd_ctrl, /* sbi_ctrl */
+ sb_fd_read, /* sbi_read */
+ sb_fd_write, /* sbi_write */
+ sb_fd_close /* sbi_close */
+};
+
+/*
+ * Debugging layer
+ */
+
+static int
+sb_debug_setup( Sockbuf_IO_Desc *sbiod, void *arg )
+{
+ assert( sbiod != NULL );
+
+ if ( arg == NULL ) arg = "sockbuf_";
+
+ sbiod->sbiod_pvt = LBER_MALLOC( strlen( arg ) + 1 );
+ if ( sbiod->sbiod_pvt == NULL ) return -1;
+
+ strcpy( (char *)sbiod->sbiod_pvt, (char *)arg );
+ return 0;
+}
+
+static int
+sb_debug_remove( Sockbuf_IO_Desc *sbiod )
+{
+ assert( sbiod != NULL );
+ assert( sbiod->sbiod_pvt != NULL );
+
+ LBER_FREE( sbiod->sbiod_pvt );
+ sbiod->sbiod_pvt = NULL;
+ return 0;
+}
+
+static int
+sb_debug_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg )
+{
+ return LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg );
+}
+
+static ber_slen_t
+sb_debug_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
+{
+ ber_slen_t ret;
+ char ebuf[128];
+
+ ret = LBER_SBIOD_READ_NEXT( sbiod, buf, len );
+ if (sbiod->sbiod_sb->sb_debug & LDAP_DEBUG_PACKETS) {
+ int err = sock_errno();
+ if ( ret < 0 ) {
+ ber_log_printf( LDAP_DEBUG_PACKETS, sbiod->sbiod_sb->sb_debug,
+ "%sread: want=%ld error=%s\n", (char *)sbiod->sbiod_pvt,
+ (long)len, AC_STRERROR_R( err, ebuf, sizeof ebuf ) );
+ } else {
+ ber_log_printf( LDAP_DEBUG_PACKETS, sbiod->sbiod_sb->sb_debug,
+ "%sread: want=%ld, got=%ld\n", (char *)sbiod->sbiod_pvt,
+ (long)len, (long)ret );
+ ber_log_bprint( LDAP_DEBUG_PACKETS, sbiod->sbiod_sb->sb_debug,
+ (const char *)buf, ret );
+ }
+ sock_errset(err);
+ }
+ return ret;
+}
+
+static ber_slen_t
+sb_debug_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
+{
+ ber_slen_t ret;
+ char ebuf[128];
+
+ ret = LBER_SBIOD_WRITE_NEXT( sbiod, buf, len );
+ if (sbiod->sbiod_sb->sb_debug & LDAP_DEBUG_PACKETS) {
+ int err = sock_errno();
+ if ( ret < 0 ) {
+ ber_log_printf( LDAP_DEBUG_PACKETS, sbiod->sbiod_sb->sb_debug,
+ "%swrite: want=%ld error=%s\n",
+ (char *)sbiod->sbiod_pvt, (long)len,
+ AC_STRERROR_R( err, ebuf, sizeof ebuf ) );
+ } else {
+ ber_log_printf( LDAP_DEBUG_PACKETS, sbiod->sbiod_sb->sb_debug,
+ "%swrite: want=%ld, written=%ld\n",
+ (char *)sbiod->sbiod_pvt, (long)len, (long)ret );
+ ber_log_bprint( LDAP_DEBUG_PACKETS, sbiod->sbiod_sb->sb_debug,
+ (const char *)buf, ret );
+ }
+ sock_errset(err);
+ }
+
+ return ret;
+}
+
+Sockbuf_IO ber_sockbuf_io_debug = {
+ sb_debug_setup, /* sbi_setup */
+ sb_debug_remove, /* sbi_remove */
+ sb_debug_ctrl, /* sbi_ctrl */
+ sb_debug_read, /* sbi_read */
+ sb_debug_write, /* sbi_write */
+ NULL /* sbi_close */
+};
+
+#ifdef LDAP_CONNECTIONLESS
+
+/*
+ * Support for UDP (CLDAP)
+ *
+ * All I/O at this level must be atomic. For ease of use, the sb_readahead
+ * must be used above this module. All data reads and writes are prefixed
+ * with a sockaddr containing the address of the remote entity. Upper levels
+ * must read and write this sockaddr before doing the usual ber_printf/scanf
+ * operations on LDAP messages.
+ */
+
+static int
+sb_dgram_setup( Sockbuf_IO_Desc *sbiod, void *arg )
+{
+ assert( sbiod != NULL);
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+ if ( arg != NULL ) sbiod->sbiod_sb->sb_fd = *((int *)arg);
+ return 0;
+}
+
+static ber_slen_t
+sb_dgram_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
+{
+ ber_slen_t rc;
+ socklen_t addrlen;
+ struct sockaddr *src;
+
+ assert( sbiod != NULL );
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+ assert( buf != NULL );
+
+ addrlen = sizeof( struct sockaddr );
+ src = buf;
+ buf += addrlen;
+ len -= addrlen;
+ rc = recvfrom( sbiod->sbiod_sb->sb_fd, buf, len, 0, src, &addrlen );
+
+ return rc > 0 ? rc+sizeof(struct sockaddr) : rc;
+}
+
+static ber_slen_t
+sb_dgram_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
+{
+ ber_slen_t rc;
+ struct sockaddr *dst;
+
+ assert( sbiod != NULL );
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+ assert( buf != NULL );
+
+ dst = buf;
+ buf += sizeof( struct sockaddr );
+ len -= sizeof( struct sockaddr );
+
+ rc = sendto( sbiod->sbiod_sb->sb_fd, buf, len, 0, dst,
+ sizeof( struct sockaddr ) );
+
+ if ( rc < 0 ) return -1;
+
+ /* fake error if write was not atomic */
+ if (rc < len) {
+# ifdef EMSGSIZE
+ errno = EMSGSIZE;
+# endif
+ return -1;
+ }
+ rc = len + sizeof(struct sockaddr);
+ return rc;
+}
+
+static int
+sb_dgram_close( Sockbuf_IO_Desc *sbiod )
+{
+ assert( sbiod != NULL );
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+ tcp_close( sbiod->sbiod_sb->sb_fd );
+ return 0;
+}
+
+static int
+sb_dgram_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg )
+{
+ /* This is an end IO descriptor */
+ return 0;
+}
+
+Sockbuf_IO ber_sockbuf_io_udp =
+{
+ sb_dgram_setup, /* sbi_setup */
+ NULL, /* sbi_remove */
+ sb_dgram_ctrl, /* sbi_ctrl */
+ sb_dgram_read, /* sbi_read */
+ sb_dgram_write, /* sbi_write */
+ sb_dgram_close /* sbi_close */
+};
+
+#endif /* LDAP_CONNECTIONLESS */
Added: openldap/vendor/openldap-2.3.35/libraries/liblber/stdio.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblber/stdio.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblber/stdio.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,243 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblber/stdio.c,v 1.9.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdarg.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <lutil.h>
+
+#if !defined(HAVE_VSNPRINTF) && !defined(HAVE_EBCDIC)
+/* Write at most n characters to the buffer in str, return the
+ * number of chars written or -1 if the buffer would have been
+ * overflowed.
+ *
+ * This is portable to any POSIX-compliant system. We use pipe()
+ * to create a valid file descriptor, and then fdopen() it to get
+ * a valid FILE pointer. The user's buffer and size are assigned
+ * to the FILE pointer using setvbuf. Then we close the read side
+ * of the pipe to invalidate the descriptor.
+ *
+ * If the write arguments all fit into size n, the write will
+ * return successfully. If the write is too large, the stdio
+ * buffer will need to be flushed to the underlying file descriptor.
+ * The flush will fail because it is attempting to write to a
+ * broken pipe, and the write will be terminated.
+ * -- hyc, 2002-07-19
+ */
+/* This emulation uses vfprintf; on OS/390 we're also emulating
+ * that function so it's more efficient just to have a separate
+ * version of vsnprintf there.
+ */
+#include <ac/signal.h>
+int ber_pvt_vsnprintf( char *str, size_t n, const char *fmt, va_list ap )
+{
+ int fds[2], res;
+ FILE *f;
+ RETSIGTYPE (*sig)();
+
+ if (pipe( fds )) return -1;
+
+ f = fdopen( fds[1], "w" );
+ if ( !f ) {
+ close( fds[1] );
+ close( fds[0] );
+ return -1;
+ }
+ setvbuf( f, str, _IOFBF, n );
+ sig = signal( SIGPIPE, SIG_IGN );
+ close( fds[0] );
+
+ res = vfprintf( f, fmt, ap );
+
+ fclose( f );
+ signal( SIGPIPE, sig );
+ if ( res > 0 && res < n ) {
+ res = vsprintf( str, fmt, ap );
+ }
+ return res;
+}
+#endif
+
+#ifndef HAVE_SNPRINTF
+int ber_pvt_snprintf( char *str, size_t n, const char *fmt, ... )
+{
+ va_list ap;
+ int res;
+
+ va_start( ap, fmt );
+ res = vsnprintf( str, n, fmt, ap );
+ va_end( ap );
+ return res;
+}
+#endif /* !HAVE_SNPRINTF */
+
+#ifdef HAVE_EBCDIC
+/* stdio replacements with ASCII/EBCDIC translation for OS/390.
+ * The OS/390 port depends on the CONVLIT compiler option being
+ * used to force character and string literals to be compiled in
+ * ISO8859-1, and the __LIBASCII cpp symbol to be defined to use the
+ * OS/390 ASCII-compatibility library. This library only supplies
+ * an ASCII version of sprintf, so other needed functions are
+ * provided here.
+ *
+ * All of the internal character manipulation is done in ASCII,
+ * but file I/O is EBCDIC, so we catch any stdio reading/writing
+ * of files here and do the translations.
+ */
+
+#undef fputs
+#undef fgets
+
+char *ber_pvt_fgets( char *s, int n, FILE *fp )
+{
+ s = (char *)fgets( s, n, fp );
+ if ( s ) __etoa( s );
+ return s;
+}
+
+int ber_pvt_fputs( const char *str, FILE *fp )
+{
+ char buf[8192];
+
+ strncpy( buf, str, sizeof(buf) );
+ __atoe( buf );
+ return fputs( buf, fp );
+}
+
+/* The __LIBASCII doesn't include a working vsprintf, so we make do
+ * using just sprintf. This is a very simplistic parser that looks for
+ * format strings and uses sprintf to process them one at a time.
+ * Literal text is just copied straight to the destination.
+ * The result is appended to the destination string. The parser
+ * recognizes field-width specifiers and the 'l' qualifier; it
+ * may need to be extended to recognize other qualifiers but so
+ * far this seems to be enough.
+ */
+int ber_pvt_vsnprintf( char *str, size_t n, const char *fmt, va_list ap )
+{
+ char *ptr, *pct, *s2, *f2, *end;
+ char fm2[64];
+ int len, rem;
+
+ ptr = (char *)fmt;
+ s2 = str;
+ fm2[0] = '%';
+ if (n) {
+ end = str + n;
+ } else {
+ end = NULL;
+ }
+
+ for (pct = strchr(ptr, '%'); pct; pct = strchr(ptr, '%')) {
+ len = pct-ptr;
+ if (end) {
+ rem = end-s2;
+ if (rem < 1) return -1;
+ if (rem < len) len = rem;
+ }
+ s2 = lutil_strncopy( s2, ptr, len );
+ /* Did we cheat the length above? If so, bail out */
+ if (len < pct-ptr) return -1;
+ for (pct++, f2 = fm2+1; isdigit(*pct);) *f2++ = *pct++;
+ if (*pct == 'l') *f2++ = *pct++;
+ if (*pct == '%') {
+ *s2++ = '%';
+ } else {
+ *f2++ = *pct;
+ *f2 = '\0';
+ if (*pct == 's') {
+ char *ss = va_arg(ap, char *);
+ /* Attempt to limit sprintf output. This
+ * may be thrown off if field widths were
+ * specified for this string.
+ *
+ * If it looks like the string is too
+ * long for the remaining buffer, bypass
+ * sprintf and just copy what fits, then
+ * quit.
+ */
+ if (end && strlen(ss) > (rem=end-s2)) {
+ strncpy(s2, ss, rem);
+ return -1;
+ } else {
+ s2 += sprintf(s2, fm2, ss);
+ }
+ } else {
+ s2 += sprintf(s2, fm2, va_arg(ap, int));
+ }
+ }
+ ptr = pct + 1;
+ }
+ if (end) {
+ rem = end-s2;
+ if (rem > 0) {
+ len = strlen(ptr);
+ s2 = lutil_strncopy( s2, ptr, rem );
+ rem -= len;
+ }
+ if (rem < 0) return -1;
+ } else {
+ s2 = lutil_strcopy( s2, ptr );
+ }
+ return s2 - str;
+}
+
+int ber_pvt_vsprintf( char *str, const char *fmt, va_list ap )
+{
+ return vsnprintf( str, 0, fmt, ap );
+}
+
+/* The fixed buffer size here is a problem, we don't know how
+ * to flush the buffer and keep printing if the msg is too big.
+ * Hopefully we never try to write something bigger than this
+ * in a log msg...
+ */
+int ber_pvt_vfprintf( FILE *fp, const char *fmt, va_list ap )
+{
+ char buf[8192];
+ int res;
+
+ vsnprintf( buf, sizeof(buf), fmt, ap );
+ __atoe( buf );
+ res = fputs( buf, fp );
+ if (res == EOF) res = -1;
+ return res;
+}
+
+int ber_pvt_printf( const char *fmt, ... )
+{
+ va_list ap;
+ int res;
+
+ va_start( ap, fmt );
+ res = ber_pvt_vfprintf( stdout, fmt, ap );
+ va_end( ap );
+ return res;
+}
+
+int ber_pvt_fprintf( FILE *fp, const char *fmt, ... )
+{
+ va_list ap;
+ int res;
+
+ va_start( ap, fmt );
+ res = ber_pvt_vfprintf( fp, fmt, ap );
+ va_end( ap );
+ return res;
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,78 @@
+# Makefile.in for LDAP -lldap
+# $OpenLDAP: pkg/ldap/libraries/libldap/Makefile.in,v 1.71.2.4 2007/01/02 21:43:48 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+LIBRARY = libldap.la
+
+PROGRAMS = apitest dntest ftest ltest
+
+SRCS = bind.c open.c result.c error.c compare.c search.c \
+ controls.c messages.c references.c extended.c cyrus.c \
+ modify.c add.c modrdn.c delete.c abandon.c \
+ sasl.c sbind.c kbind.c unbind.c cancel.c \
+ filter.c free.c sort.c passwd.c whoami.c \
+ getdn.c getentry.c getattr.c getvalues.c addentry.c \
+ request.c os-ip.c url.c sortctrl.c vlvctrl.c \
+ init.c options.c print.c string.c util-int.c schema.c \
+ charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
+ turn.c groupings.c txn.c ppolicy.c
+
+OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
+ controls.lo messages.lo references.lo extended.lo cyrus.lo \
+ modify.lo add.lo modrdn.lo delete.lo abandon.lo \
+ sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+ filter.lo free.lo sort.lo passwd.lo whoami.lo \
+ getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
+ request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
+ init.lo options.lo print.lo string.lo util-int.lo schema.lo \
+ charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
+ turn.lo groupings.lo txn.lo ppolicy.lo
+
+LDAP_INCDIR= ../../include
+LDAP_LIBDIR= ../../libraries
+
+LIB_DEFS = -DLDAP_LIBRARY
+
+XLIBS = $(LIBRARY) $(LDAP_LIBLBER_LA) $(LDAP_LIBLUTIL_A)
+XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS)
+NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
+UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
+
+apitest: $(XLIBS) apitest.o
+ $(LTLINK) -o $@ apitest.o $(LIBS)
+dntest: $(XLIBS) dntest.o
+ $(LTLINK) -o $@ dntest.o $(LIBS)
+ftest: $(XLIBS) ftest.o
+ $(LTLINK) -o $@ ftest.o $(LIBS)
+ltest: $(XLIBS) test.o
+ $(LTLINK) -o $@ test.o $(LIBS)
+
+CFFILES=ldap.conf
+
+install-local: $(CFFILES) FORCE
+ -$(MKDIR) $(DESTDIR)$(libdir)
+ $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir)
+ $(LTFINISH) $(DESTDIR)$(libdir)
+ -$(MKDIR) $(DESTDIR)$(sysconfdir)
+ @for i in $(CFFILES); do \
+ if test ! -f $(DESTDIR)$(sysconfdir)/$$i; then \
+ echo "installing $$i in $(sysconfdir)"; \
+ echo "$(INSTALL) $(INSTALLFLAGS) -m 644 $(srcdir)/$$i $(DESTDIR)$(sysconfdir)/$$i"; \
+ $(INSTALL) $(INSTALLFLAGS) -m 644 $(srcdir)/$$i $(DESTDIR)$(sysconfdir)/$$i; \
+ else \
+ echo "PRESERVING EXISTING CONFIGURATION FILE $(sysconfdir)/$$i" ; \
+ fi; \
+ $(INSTALL) $(INSTALLFLAGS) -m 644 $(srcdir)/$$i $(DESTDIR)$(sysconfdir)/$$i.default; \
+ done
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/abandon.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/abandon.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/abandon.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,302 @@
+/* abandon.c */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/abandon.c,v 1.36.2.5 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/* Portions Copyright (C) The Internet Society (1997).
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+/*
+ * An abandon request looks like this:
+ * AbandonRequest ::= MessageID
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+static int do_abandon LDAP_P((
+ LDAP *ld,
+ ber_int_t origid,
+ ber_int_t msgid,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls));
+
+/*
+ * ldap_abandon_ext - perform an ldap extended abandon operation.
+ *
+ * Parameters:
+ * ld LDAP descriptor
+ * msgid The message id of the operation to abandon
+ * scntrls Server Controls
+ * ccntrls Client Controls
+ *
+ * ldap_abandon_ext returns a LDAP error code.
+ * (LDAP_SUCCESS if everything went ok)
+ *
+ * Example:
+ * ldap_abandon_ext( ld, msgid, scntrls, ccntrls );
+ */
+int
+ldap_abandon_ext(
+ LDAP *ld,
+ int msgid,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+ int rc;
+ Debug( LDAP_DEBUG_TRACE, "ldap_abandon_ext %d\n", msgid, 0, 0 );
+
+ /* check client controls */
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ rc = ldap_int_client_controls( ld, cctrls );
+ if( rc == LDAP_SUCCESS )
+ rc = do_abandon( ld, msgid, msgid, sctrls, cctrls );
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+ return rc;
+}
+
+
+/*
+ * ldap_abandon - perform an ldap abandon operation. Parameters:
+ *
+ * ld LDAP descriptor
+ * msgid The message id of the operation to abandon
+ *
+ * ldap_abandon returns 0 if everything went ok, -1 otherwise.
+ *
+ * Example:
+ * ldap_abandon( ld, msgid );
+ */
+int
+ldap_abandon( LDAP *ld, int msgid )
+{
+ Debug( LDAP_DEBUG_TRACE, "ldap_abandon %d\n", msgid, 0, 0 );
+ return ldap_abandon_ext( ld, msgid, NULL, NULL ) == LDAP_SUCCESS
+ ? 0 : -1;
+}
+
+
+static int
+do_abandon(
+ LDAP *ld,
+ ber_int_t origid,
+ ber_int_t msgid,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls)
+{
+ BerElement *ber;
+ int i, err, sendabandon;
+ ber_int_t *old_abandon;
+ Sockbuf *sb;
+ LDAPRequest *lr;
+
+ Debug( LDAP_DEBUG_TRACE, "do_abandon origid %d, msgid %d\n",
+ origid, msgid, 0 );
+
+ sendabandon = 1;
+
+ /* find the request that we are abandoning */
+ for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) {
+ if ( lr->lr_msgid == msgid ) { /* this message */
+ break;
+ }
+ if ( lr->lr_origid == msgid ) {/* child: abandon it */
+ (void) do_abandon( ld,
+ lr->lr_origid, lr->lr_msgid, sctrls, cctrls );
+ }
+ }
+
+ if ( lr != NULL ) {
+ if ( origid == msgid && lr->lr_parent != NULL ) {
+ /* don't let caller abandon child requests! */
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return( LDAP_PARAM_ERROR );
+ }
+ if ( lr->lr_status != LDAP_REQST_INPROGRESS ) {
+ /* no need to send abandon message */
+ sendabandon = 0;
+ }
+ }
+
+/* ldap_msgdelete locks the res_mutex. Give up the req_mutex
+ * while we're in there.
+ */
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+ err = ldap_msgdelete( ld, msgid );
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ if ( err == 0 ) {
+ ld->ld_errno = LDAP_SUCCESS;
+ return LDAP_SUCCESS;
+ }
+
+ /* fetch again the request that we are abandoning */
+ if ( lr != NULL ) {
+ for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) {
+ if ( lr->lr_msgid == msgid ) { /* this message */
+ break;
+ }
+ }
+ }
+
+ err = 0;
+ if ( sendabandon ) {
+ if( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) {
+ /* not connected */
+ err = -1;
+ ld->ld_errno = LDAP_SERVER_DOWN;
+
+ } else if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ /* BER element alocation failed */
+ err = -1;
+ ld->ld_errno = LDAP_NO_MEMORY;
+
+ } else {
+ /*
+ * We already have the mutex in LDAP_R_COMPILE, so
+ * don't try to get it again.
+ * LDAP_NEXT_MSGID(ld, i);
+ */
+ i = ++(ld)->ld_msgid;
+#ifdef LDAP_CONNECTIONLESS
+ if ( LDAP_IS_UDP(ld) ) {
+ err = ber_write( ber, ld->ld_options.ldo_peer,
+ sizeof(struct sockaddr), 0);
+ }
+ if ( LDAP_IS_UDP(ld) && ld->ld_options.ldo_version ==
+ LDAP_VERSION2) {
+ char *dn = ld->ld_options.ldo_cldapdn;
+ if (!dn) dn = "";
+ err = ber_printf( ber, "{isti", /* '}' */
+ i, dn,
+ LDAP_REQ_ABANDON, msgid );
+ } else
+#endif
+ {
+ /* create a message to send */
+ err = ber_printf( ber, "{iti", /* '}' */
+ i,
+ LDAP_REQ_ABANDON, msgid );
+ }
+
+ if( err == -1 ) {
+ /* encoding error */
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+
+ } else {
+ /* Put Server Controls */
+ if ( ldap_int_put_controls( ld, sctrls, ber )
+ != LDAP_SUCCESS )
+ {
+ err = -1;
+
+ } else {
+ /* close '{' */
+ err = ber_printf( ber, /*{*/ "N}" );
+
+ if( err == -1 ) {
+ /* encoding error */
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ }
+ }
+ }
+
+ if ( err == -1 ) {
+ ber_free( ber, 1 );
+
+ } else {
+ /* send the message */
+ if ( lr != NULL ) {
+ assert( lr->lr_conn != NULL );
+ sb = lr->lr_conn->lconn_sb;
+ } else {
+ sb = ld->ld_sb;
+ }
+
+ if ( ber_flush( sb, ber, 1 ) != 0 ) {
+ ld->ld_errno = LDAP_SERVER_DOWN;
+ err = -1;
+ } else {
+ err = 0;
+ }
+ }
+ }
+ }
+
+ if ( lr != NULL ) {
+ if ( sendabandon || lr->lr_status == LDAP_REQST_WRITING ) {
+ ldap_free_connection( ld, lr->lr_conn, 0, 1 );
+ }
+ if ( origid == msgid ) {
+ ldap_free_request( ld, lr );
+ }
+ }
+
+#ifdef LDAP_R_COMPILE
+ /* ld_abandoned is actually protected by the ld_res_mutex;
+ * give up the ld_req_mutex and get the other */
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+ ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
+#endif
+ i = 0;
+ if ( ld->ld_abandoned != NULL ) {
+ for ( ; ld->ld_abandoned[i] != -1; i++ )
+ ; /* NULL */
+ }
+
+ old_abandon = ld->ld_abandoned;
+
+ ld->ld_abandoned = (ber_int_t *) LDAP_REALLOC( (char *)
+ ld->ld_abandoned, (i + 2) * sizeof(ber_int_t) );
+
+ if ( ld->ld_abandoned == NULL ) {
+ ld->ld_abandoned = old_abandon;
+ ld->ld_errno = LDAP_NO_MEMORY;
+ goto done;
+ }
+
+ ld->ld_abandoned[i] = msgid;
+ ld->ld_abandoned[i + 1] = -1;
+
+ if ( err != -1 ) {
+ ld->ld_errno = LDAP_SUCCESS;
+ }
+
+done:;
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ return( ld->ld_errno );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/add.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/add.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/add.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,212 @@
+/* add.c */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/add.c,v 1.23.2.4 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/* Portions Copyright (C) The Internet Society (1997).
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+/*
+ * An add request looks like this:
+ * AddRequest ::= SEQUENCE {
+ * entry DistinguishedName,
+ * attrs SEQUENCE OF SEQUENCE {
+ * type AttributeType,
+ * values SET OF AttributeValue
+ * }
+ * }
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+/*
+ * ldap_add - initiate an ldap add operation. Parameters:
+ *
+ * ld LDAP descriptor
+ * dn DN of the entry to add
+ * mods List of attributes for the entry. This is a null-
+ * terminated array of pointers to LDAPMod structures.
+ * only the type and values in the structures need be
+ * filled in.
+ *
+ * Example:
+ * LDAPMod *attrs[] = {
+ * { 0, "cn", { "babs jensen", "babs", 0 } },
+ * { 0, "sn", { "jensen", 0 } },
+ * { 0, "objectClass", { "person", 0 } },
+ * 0
+ * }
+ * msgid = ldap_add( ld, dn, attrs );
+ */
+int
+ldap_add( LDAP *ld, LDAP_CONST char *dn, LDAPMod **attrs )
+{
+ int rc;
+ int msgid;
+
+ rc = ldap_add_ext( ld, dn, attrs, NULL, NULL, &msgid );
+
+ if ( rc != LDAP_SUCCESS )
+ return -1;
+
+ return msgid;
+}
+
+
+/*
+ * ldap_add_ext - initiate an ldap extended add operation. Parameters:
+ *
+ * ld LDAP descriptor
+ * dn DN of the entry to add
+ * mods List of attributes for the entry. This is a null-
+ * terminated array of pointers to LDAPMod structures.
+ * only the type and values in the structures need be
+ * filled in.
+ * sctrl Server Controls
+ * cctrl Client Controls
+ * msgidp Message ID pointer
+ *
+ * Example:
+ * LDAPMod *attrs[] = {
+ * { 0, "cn", { "babs jensen", "babs", 0 } },
+ * { 0, "sn", { "jensen", 0 } },
+ * { 0, "objectClass", { "person", 0 } },
+ * 0
+ * }
+ * rc = ldap_add_ext( ld, dn, attrs, NULL, NULL, &msgid );
+ */
+int
+ldap_add_ext(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAPMod **attrs,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ BerElement *ber;
+ int i, rc;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_add_ext\n", 0, 0, 0 );
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( dn != NULL );
+ assert( msgidp != NULL );
+
+ /* check client controls */
+ rc = ldap_int_client_controls( ld, cctrls );
+ if( rc != LDAP_SUCCESS ) return rc;
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ LDAP_NEXT_MSGID(ld, id);
+ rc = ber_printf( ber, "{it{s{", /* '}}}' */
+ id, LDAP_REQ_ADD, dn );
+
+ if ( rc == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ /* allow attrs to be NULL ("touch"; should fail...) */
+ if ( attrs ) {
+ /* for each attribute in the entry... */
+ for ( i = 0; attrs[i] != NULL; i++ ) {
+ if ( ( attrs[i]->mod_op & LDAP_MOD_BVALUES) != 0 ) {
+ rc = ber_printf( ber, "{s[V]N}", attrs[i]->mod_type,
+ attrs[i]->mod_bvalues );
+ } else {
+ rc = ber_printf( ber, "{s[v]N}", attrs[i]->mod_type,
+ attrs[i]->mod_values );
+ }
+ if ( rc == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+ }
+ }
+
+ if ( ber_printf( ber, /*{{*/ "N}N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ /* send the message */
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_ADD, dn, ber, id );
+
+ if(*msgidp < 0)
+ return ld->ld_errno;
+
+ return LDAP_SUCCESS;
+}
+
+int
+ldap_add_ext_s(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAPMod **attrs,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+ int msgid, rc;
+ LDAPMessage *res;
+
+ rc = ldap_add_ext( ld, dn, attrs, sctrls, cctrls, &msgid );
+
+ if ( rc != LDAP_SUCCESS )
+ return( rc );
+
+ if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 )
+ return( ld->ld_errno );
+
+ return( ldap_result2error( ld, res, 1 ) );
+}
+
+int
+ldap_add_s( LDAP *ld, LDAP_CONST char *dn, LDAPMod **attrs )
+{
+ return ldap_add_ext_s( ld, dn, attrs, NULL, NULL );
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/addentry.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/addentry.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/addentry.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,69 @@
+/* addentry.c */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/addentry.c,v 1.14.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+LDAPMessage *
+ldap_delete_result_entry( LDAPMessage **list, LDAPMessage *e )
+{
+ LDAPMessage *tmp, *prev = NULL;
+
+ assert( list != NULL );
+ assert( e != NULL );
+
+ for ( tmp = *list; tmp != NULL && tmp != e; tmp = tmp->lm_chain )
+ prev = tmp;
+
+ if ( tmp == NULL )
+ return( NULL );
+
+ if ( prev == NULL ) {
+ if ( tmp->lm_chain )
+ tmp->lm_chain->lm_chain_tail = (*list)->lm_chain_tail;
+ *list = tmp->lm_chain;
+ } else {
+ prev->lm_chain = tmp->lm_chain;
+ if ( prev->lm_chain == NULL )
+ (*list)->lm_chain_tail = prev;
+ }
+ tmp->lm_chain = NULL;
+
+ return( tmp );
+}
+
+void
+ldap_add_result_entry( LDAPMessage **list, LDAPMessage *e )
+{
+ assert( list != NULL );
+ assert( e != NULL );
+
+ e->lm_chain = *list;
+ e->lm_chain_tail = (*list)->lm_chain_tail;
+ *list = e;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/apitest.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/apitest.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/apitest.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,241 @@
+/* apitest.c -- OpenLDAP API Test Program */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/apitest.c,v 1.23.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This program was orignally developed by Kurt D. Zeilenga for inclusion in
+ * OpenLDAP Software.
+ */
+#include "portable.h"
+
+#include <ac/stdlib.h>
+
+#include <stdio.h>
+
+#include <ldap.h>
+
+int
+main(int argc, char **argv)
+{
+ LDAPAPIInfo api;
+ int ival;
+ char *sval;
+
+ printf("Compile time API Information\n");
+
+#ifdef LDAP_API_INFO_VERSION
+ api.ldapai_info_version = LDAP_API_INFO_VERSION;
+ printf(" API Info version: %d\n", (int) api.ldapai_info_version);
+#else
+ api.ldapai_info_version = 1;
+ printf(" API Info version: unknown\n");
+#endif
+
+#ifdef LDAP_FEATURE_INFO_VERSION
+ printf(" Feature Info version: %d\n", (int) LDAP_FEATURE_INFO_VERSION);
+#else
+ printf(" Feature Info version: unknown\n");
+ api.ldapai_info_version = 1;
+#endif
+
+#ifdef LDAP_API_VERSION
+ printf(" API version: %d\n", (int) LDAP_API_VERSION);
+#else
+ printf(" API version: unknown\n");
+#endif
+
+#ifdef LDAP_VERSION
+ printf(" Protocol Version: %d\n", (int) LDAP_VERSION);
+#else
+ printf(" Protocol Version: unknown\n");
+#endif
+#ifdef LDAP_VERSION_MIN
+ printf(" Protocol Min: %d\n", (int) LDAP_VERSION_MIN);
+#else
+ printf(" Protocol Min: unknown\n");
+#endif
+#ifdef LDAP_VERSION_MAX
+ printf(" Protocol Max: %d\n", (int) LDAP_VERSION_MAX);
+#else
+ printf(" Protocol Max: unknown\n");
+#endif
+#ifdef LDAP_VENDOR_NAME
+ printf(" Vendor Name: %s\n", LDAP_VENDOR_NAME);
+#else
+ printf(" Vendor Name: unknown\n");
+#endif
+#ifdef LDAP_VENDOR_VERSION
+ printf(" Vendor Version: %d\n", (int) LDAP_VENDOR_VERSION);
+#else
+ printf(" Vendor Version: unknown\n");
+#endif
+
+ if(ldap_get_option(NULL, LDAP_OPT_API_INFO, &api) != LDAP_SUCCESS) {
+ fprintf(stderr, "%s: ldap_get_option(API_INFO) failed\n", argv[0]);
+ return EXIT_FAILURE;
+ }
+
+ printf("\nExecution time API Information\n");
+ printf(" API Info version: %d\n", api.ldapai_info_version);
+
+ if (api.ldapai_info_version != LDAP_API_INFO_VERSION) {
+ printf(" API INFO version mismatch: got %d, expected %d\n",
+ api.ldapai_info_version, LDAP_API_INFO_VERSION);
+ return EXIT_FAILURE;
+ }
+
+ printf(" API Version: %d\n", api.ldapai_api_version);
+ printf(" Protocol Max: %d\n", api.ldapai_protocol_version);
+
+ if(api.ldapai_extensions == NULL) {
+ printf(" Extensions: none\n");
+
+ } else {
+ int i;
+ for(i=0; api.ldapai_extensions[i] != NULL; i++) /* empty */;
+ printf(" Extensions: %d\n", i);
+ for(i=0; api.ldapai_extensions[i] != NULL; i++) {
+#ifdef LDAP_OPT_API_FEATURE_INFO
+ LDAPAPIFeatureInfo fi;
+ fi.ldapaif_info_version = LDAP_FEATURE_INFO_VERSION;
+ fi.ldapaif_name = api.ldapai_extensions[i];
+ fi.ldapaif_version = 0;
+
+ if( ldap_get_option(NULL, LDAP_OPT_API_FEATURE_INFO, &fi) == LDAP_SUCCESS ) {
+ if(fi.ldapaif_info_version != LDAP_FEATURE_INFO_VERSION) {
+ printf(" %s feature info mismatch: got %d, expected %d\n",
+ api.ldapai_extensions[i],
+ LDAP_FEATURE_INFO_VERSION,
+ fi.ldapaif_info_version);
+
+ } else {
+ printf(" %s: version %d\n",
+ fi.ldapaif_name,
+ fi.ldapaif_version);
+ }
+
+ } else {
+ printf(" %s (NO FEATURE INFO)\n",
+ api.ldapai_extensions[i]);
+ }
+
+#else
+ printf(" %s\n",
+ api.ldapai_extensions[i]);
+#endif
+
+ ldap_memfree(api.ldapai_extensions[i]);
+ }
+ ldap_memfree(api.ldapai_extensions);
+ }
+
+ printf(" Vendor Name: %s\n", api.ldapai_vendor_name);
+ ldap_memfree(api.ldapai_vendor_name);
+
+ printf(" Vendor Version: %d\n", api.ldapai_vendor_version);
+
+ printf("\nExecution time Default Options\n");
+
+ if(ldap_get_option(NULL, LDAP_OPT_DEREF, &ival) != LDAP_SUCCESS) {
+ fprintf(stderr, "%s: ldap_get_option(api) failed\n", argv[0]);
+ return EXIT_FAILURE;
+ }
+ printf(" DEREF: %d\n", ival);
+
+ if(ldap_get_option(NULL, LDAP_OPT_SIZELIMIT, &ival) != LDAP_SUCCESS) {
+ fprintf(stderr, "%s: ldap_get_option(sizelimit) failed\n", argv[0]);
+ return EXIT_FAILURE;
+ }
+ printf(" SIZELIMIT: %d\n", ival);
+
+ if(ldap_get_option(NULL, LDAP_OPT_TIMELIMIT, &ival) != LDAP_SUCCESS) {
+ fprintf(stderr, "%s: ldap_get_option(timelimit) failed\n", argv[0]);
+ return EXIT_FAILURE;
+ }
+ printf(" TIMELIMIT: %d\n", ival);
+
+ if(ldap_get_option(NULL, LDAP_OPT_REFERRALS, &ival) != LDAP_SUCCESS) {
+ fprintf(stderr, "%s: ldap_get_option(referrals) failed\n", argv[0]);
+ return EXIT_FAILURE;
+ }
+ printf(" REFERRALS: %s\n", ival ? "on" : "off");
+
+ if(ldap_get_option(NULL, LDAP_OPT_RESTART, &ival) != LDAP_SUCCESS) {
+ fprintf(stderr, "%s: ldap_get_option(restart) failed\n", argv[0]);
+ return EXIT_FAILURE;
+ }
+ printf(" RESTART: %s\n", ival ? "on" : "off");
+
+ if(ldap_get_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &ival) != LDAP_SUCCESS) {
+ fprintf(stderr, "%s: ldap_get_option(protocol version) failed\n", argv[0]);
+ return EXIT_FAILURE;
+ }
+ printf(" PROTOCOL VERSION: %d\n", ival);
+
+ if(ldap_get_option(NULL, LDAP_OPT_HOST_NAME, &sval) != LDAP_SUCCESS) {
+ fprintf(stderr, "%s: ldap_get_option(host name) failed\n", argv[0]);
+ return EXIT_FAILURE;
+ }
+ if( sval != NULL ) {
+ printf(" HOST NAME: %s\n", sval);
+ ldap_memfree(sval);
+ } else {
+ puts(" HOST NAME: <not set>");
+ }
+
+#if 0
+ /* API tests */
+ { /* bindless unbind */
+ LDAP *ld;
+ int rc;
+
+ ld = ldap_init( "localhost", 389 );
+ if( ld == NULL ) {
+ perror("ldap_init");
+ return EXIT_FAILURE;
+ }
+
+ rc = ldap_unbind( ld );
+ if( rc != LDAP_SUCCESS ) {
+ perror("ldap_unbind");
+ return EXIT_FAILURE;
+ }
+ }
+ { /* bindless unbind */
+ LDAP *ld;
+ int rc;
+
+ ld = ldap_init( "localhost", 389 );
+ if( ld == NULL ) {
+ perror("ldap_init");
+ return EXIT_FAILURE;
+ }
+
+ rc = ldap_abandon_ext( ld, 0, NULL, NULL );
+ if( rc != LDAP_SERVER_DOWN ) {
+ ldap_perror( ld, "ldap_abandon");
+ return EXIT_FAILURE;
+ }
+
+ rc = ldap_unbind( ld );
+ if( rc != LDAP_SUCCESS ) {
+ perror("ldap_unbind");
+ return EXIT_FAILURE;
+ }
+ }
+#endif
+
+ return EXIT_SUCCESS;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/bind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/bind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/bind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,142 @@
+/* bind.c */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/bind.c,v 1.22.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/* Portions Copyright (C) The Internet Society (1997)
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+/*
+ * BindRequest ::= SEQUENCE {
+ * version INTEGER,
+ * name DistinguishedName, -- who
+ * authentication CHOICE {
+ * simple [0] OCTET STRING -- passwd
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ * krbv42ldap [1] OCTET STRING
+ * krbv42dsa [2] OCTET STRING
+#endif
+ * sasl [3] SaslCredentials -- LDAPv3
+ * }
+ * }
+ *
+ * BindResponse ::= SEQUENCE {
+ * COMPONENTS OF LDAPResult,
+ * serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3
+ * }
+ *
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+#include "ldap_log.h"
+
+/*
+ * ldap_bind - bind to the ldap server (and X.500). The dn and password
+ * of the entry to which to bind are supplied, along with the authentication
+ * method to use. The msgid of the bind request is returned on success,
+ * -1 if there's trouble. Note, the kerberos support assumes the user already
+ * has a valid tgt for now. ldap_result() should be called to find out the
+ * outcome of the bind request.
+ *
+ * Example:
+ * ldap_bind( ld, "cn=manager, o=university of michigan, c=us", "secret",
+ * LDAP_AUTH_SIMPLE )
+ */
+
+int
+ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmethod )
+{
+ Debug( LDAP_DEBUG_TRACE, "ldap_bind\n", 0, 0, 0 );
+
+ switch ( authmethod ) {
+ case LDAP_AUTH_SIMPLE:
+ return( ldap_simple_bind( ld, dn, passwd ) );
+
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ case LDAP_AUTH_KRBV41:
+ return( ldap_kerberos_bind1( ld, dn ) );
+
+ case LDAP_AUTH_KRBV42:
+ return( ldap_kerberos_bind2( ld, dn ) );
+#endif
+
+ case LDAP_AUTH_SASL:
+ /* user must use ldap_sasl_bind */
+ /* FALL-THRU */
+
+ default:
+ ld->ld_errno = LDAP_AUTH_UNKNOWN;
+ return( -1 );
+ }
+}
+
+/*
+ * ldap_bind_s - bind to the ldap server (and X.500). The dn and password
+ * of the entry to which to bind are supplied, along with the authentication
+ * method to use. This routine just calls whichever bind routine is
+ * appropriate and returns the result of the bind (e.g. LDAP_SUCCESS or
+ * some other error indication). Note, the kerberos support assumes the
+ * user already has a valid tgt for now.
+ *
+ * Examples:
+ * ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us",
+ * "secret", LDAP_AUTH_SIMPLE )
+ * ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us",
+ * NULL, LDAP_AUTH_KRBV4 )
+ */
+int
+ldap_bind_s(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *passwd,
+ int authmethod )
+{
+ Debug( LDAP_DEBUG_TRACE, "ldap_bind_s\n", 0, 0, 0 );
+
+ switch ( authmethod ) {
+ case LDAP_AUTH_SIMPLE:
+ return( ldap_simple_bind_s( ld, dn, passwd ) );
+
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ case LDAP_AUTH_KRBV4:
+ return( ldap_kerberos_bind_s( ld, dn ) );
+
+ case LDAP_AUTH_KRBV41:
+ return( ldap_kerberos_bind1_s( ld, dn ) );
+
+ case LDAP_AUTH_KRBV42:
+ return( ldap_kerberos_bind2_s( ld, dn ) );
+#endif
+
+ case LDAP_AUTH_SASL:
+ /* user must use ldap_sasl_bind */
+ /* FALL-THRU */
+
+ default:
+ return( ld->ld_errno = LDAP_AUTH_UNKNOWN );
+ }
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/cancel.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/cancel.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/cancel.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,76 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/cancel.c,v 1.7.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This program was orignally developed by Kurt D. Zeilenga for inclusion in
+ * OpenLDAP Software.
+ */
+
+/*
+ * LDAPv3 Cancel Operation Request
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+#include "ldap_log.h"
+
+int
+ldap_cancel(
+ LDAP *ld,
+ int cancelid,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ BerElement *cancelidber = NULL;
+ struct berval *cancelidvalp = NULL;
+ int rc;
+
+ cancelidber = ber_alloc_t( LBER_USE_DER );
+ ber_printf( cancelidber, "{i}", cancelid );
+ ber_flatten( cancelidber, &cancelidvalp );
+ rc = ldap_extended_operation( ld, LDAP_EXOP_X_CANCEL,
+ cancelidvalp, sctrls, cctrls, msgidp );
+ ber_free( cancelidber, 1 );
+ return rc;
+}
+
+int
+ldap_cancel_s(
+ LDAP *ld,
+ int cancelid,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+ BerElement *cancelidber = NULL;
+ struct berval *cancelidvalp = NULL;
+ int rc;
+
+ cancelidber = ber_alloc_t( LBER_USE_DER );
+ ber_printf( cancelidber, "{i}", cancelid );
+ ber_flatten( cancelidber, &cancelidvalp );
+ rc = ldap_extended_operation_s( ld, LDAP_EXOP_X_CANCEL,
+ cancelidvalp, sctrls, cctrls, NULL, NULL );
+ ber_free( cancelidber, 1 );
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/charray.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/charray.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/charray.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,275 @@
+/* charray.c - routines for dealing with char * arrays */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/charray.c,v 1.14.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "ldap-int.h"
+
+int
+ldap_charray_add(
+ char ***a,
+ const char *s
+)
+{
+ int n;
+
+ if ( *a == NULL ) {
+ *a = (char **) LDAP_MALLOC( 2 * sizeof(char *) );
+ n = 0;
+
+ if( *a == NULL ) {
+ return -1;
+ }
+
+ } else {
+ char **new;
+
+ for ( n = 0; *a != NULL && (*a)[n] != NULL; n++ ) {
+ ; /* NULL */
+ }
+
+ new = (char **) LDAP_REALLOC( (char *) *a,
+ (n + 2) * sizeof(char *) );
+
+ if( new == NULL ) {
+ /* caller is required to call ldap_charray_free(*a) */
+ return -1;
+ }
+
+ *a = new;
+ }
+
+ (*a)[n] = LDAP_STRDUP(s);
+
+ if( (*a)[n] == NULL ) {
+ return 1;
+ }
+
+ (*a)[++n] = NULL;
+
+ return 0;
+}
+
+int
+ldap_charray_merge(
+ char ***a,
+ char **s
+)
+{
+ int i, n, nn;
+ char **aa;
+
+ for ( n = 0; *a != NULL && (*a)[n] != NULL; n++ ) {
+ ; /* NULL */
+ }
+ for ( nn = 0; s[nn] != NULL; nn++ ) {
+ ; /* NULL */
+ }
+
+ aa = (char **) LDAP_REALLOC( (char *) *a, (n + nn + 1) * sizeof(char *) );
+
+ if( aa == NULL ) {
+ return -1;
+ }
+
+ *a = aa;
+
+ for ( i = 0; i < nn; i++ ) {
+ (*a)[n + i] = LDAP_STRDUP(s[i]);
+
+ if( (*a)[n + i] == NULL ) {
+ for( --i ; i >= 0 ; i-- ) {
+ LDAP_FREE( (*a)[n + i] );
+ (*a)[n + i] = NULL;
+ }
+ return -1;
+ }
+ }
+
+ (*a)[n + nn] = NULL;
+ return 0;
+}
+
+void
+ldap_charray_free( char **a )
+{
+ char **p;
+
+ if ( a == NULL ) {
+ return;
+ }
+
+ for ( p = a; *p != NULL; p++ ) {
+ if ( *p != NULL ) {
+ LDAP_FREE( *p );
+ }
+ }
+
+ LDAP_FREE( (char *) a );
+}
+
+int
+ldap_charray_inlist(
+ char **a,
+ const char *s
+)
+{
+ int i;
+
+ if( a == NULL ) return 0;
+
+ for ( i=0; a[i] != NULL; i++ ) {
+ if ( strcasecmp( s, a[i] ) == 0 ) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+char **
+ldap_charray_dup( char **a )
+{
+ int i;
+ char **new;
+
+ for ( i = 0; a[i] != NULL; i++ )
+ ; /* NULL */
+
+ new = (char **) LDAP_MALLOC( (i + 1) * sizeof(char *) );
+
+ if( new == NULL ) {
+ return NULL;
+ }
+
+ for ( i = 0; a[i] != NULL; i++ ) {
+ new[i] = LDAP_STRDUP( a[i] );
+
+ if( new[i] == NULL ) {
+ for( --i ; i >= 0 ; i-- ) {
+ LDAP_FREE( new[i] );
+ }
+ LDAP_FREE( new );
+ return NULL;
+ }
+ }
+ new[i] = NULL;
+
+ return( new );
+}
+
+char **
+ldap_str2charray( const char *str_in, const char *brkstr )
+{
+ char **res;
+ char *str, *s;
+ char *lasts;
+ int i;
+
+ /* protect the input string from strtok */
+ str = LDAP_STRDUP( str_in );
+ if( str == NULL ) {
+ return NULL;
+ }
+
+ i = 1;
+ for ( s = str; *s; s++ ) {
+ if ( ldap_utf8_strchr( brkstr, s ) != NULL ) {
+ i++;
+ }
+ }
+
+ res = (char **) LDAP_MALLOC( (i + 1) * sizeof(char *) );
+
+ if( res == NULL ) {
+ LDAP_FREE( str );
+ return NULL;
+ }
+
+ i = 0;
+
+ for ( s = ldap_utf8_strtok( str, brkstr, &lasts );
+ s != NULL;
+ s = ldap_utf8_strtok( NULL, brkstr, &lasts ) )
+ {
+ res[i] = LDAP_STRDUP( s );
+
+ if(res[i] == NULL) {
+ for( --i ; i >= 0 ; i-- ) {
+ LDAP_FREE( res[i] );
+ }
+ LDAP_FREE( res );
+ LDAP_FREE( str );
+ return NULL;
+ }
+
+ i++;
+ }
+
+ res[i] = NULL;
+
+ LDAP_FREE( str );
+ return( res );
+}
+
+char * ldap_charray2str( char **a, const char *sep )
+{
+ char *s, **v, *p;
+ int len;
+ int slen;
+
+ if( sep == NULL ) sep = " ";
+
+ slen = strlen( sep );
+ len = 0;
+
+ for ( v = a; *v != NULL; v++ ) {
+ len += strlen( *v ) + slen;
+ }
+
+ if ( len == 0 ) {
+ return NULL;
+ }
+
+ /* trim extra sep len */
+ len -= slen;
+
+ s = LDAP_MALLOC ( len + 1 );
+
+ if ( s == NULL ) {
+ return NULL;
+ }
+
+ p = s;
+ for ( v = a; *v != NULL; v++ ) {
+ if ( v != a ) {
+ strncpy( p, sep, slen );
+ p += slen;
+ }
+
+ len = strlen( *v );
+ strncpy( p, *v, len );
+ p += len;
+ }
+
+ *p = '\0';
+ return s;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/compare.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/compare.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/compare.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,180 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/compare.c,v 1.26.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/* Portions Copyright (C) The Internet Society (1997)
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+/* The compare request looks like this:
+ * CompareRequest ::= SEQUENCE {
+ * entry DistinguishedName,
+ * ava SEQUENCE {
+ * type AttributeType,
+ * value AttributeValue
+ * }
+ * }
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+#include "ldap_log.h"
+
+/*
+ * ldap_compare_ext - perform an ldap extended compare operation. The dn
+ * of the entry to compare to and the attribute and value to compare (in
+ * attr and value) are supplied. The msgid of the response is returned.
+ *
+ * Example:
+ * struct berval bvalue = { "secret", sizeof("secret")-1 };
+ * rc = ldap_compare( ld, "c=us at cn=bob",
+ * "userPassword", &bvalue,
+ * sctrl, cctrl, &msgid )
+ */
+int
+ldap_compare_ext(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *attr,
+ struct berval *bvalue,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ int rc;
+ BerElement *ber;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_compare\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( dn != NULL );
+ assert( attr != NULL );
+ assert( msgidp != NULL );
+
+ /* check client controls */
+ rc = ldap_int_client_controls( ld, cctrls );
+ if( rc != LDAP_SUCCESS ) return rc;
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ return( LDAP_NO_MEMORY );
+ }
+
+ LDAP_NEXT_MSGID(ld, id);
+ rc = ber_printf( ber, "{it{s{sON}N}", /* '}' */
+ id,
+ LDAP_REQ_COMPARE, dn, attr, bvalue );
+ if ( rc == -1 )
+ {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( ld->ld_errno );
+ }
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ if( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( ld->ld_errno );
+ }
+
+
+ /* send the message */
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_COMPARE, dn, ber, id );
+ return ( *msgidp < 0 ? ld->ld_errno : LDAP_SUCCESS );
+}
+
+/*
+ * ldap_compare_ext - perform an ldap extended compare operation. The dn
+ * of the entry to compare to and the attribute and value to compare (in
+ * attr and value) are supplied. The msgid of the response is returned.
+ *
+ * Example:
+ * msgid = ldap_compare( ld, "c=us at cn=bob", "userPassword", "secret" )
+ */
+int
+ldap_compare(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *attr,
+ LDAP_CONST char *value )
+{
+ int msgid;
+ struct berval bvalue;
+
+ assert( value != NULL );
+
+ bvalue.bv_val = (char *) value;
+ bvalue.bv_len = (value == NULL) ? 0 : strlen( value );
+
+ return ldap_compare_ext( ld, dn, attr, &bvalue, NULL, NULL, &msgid ) == LDAP_SUCCESS
+ ? msgid : -1;
+}
+
+int
+ldap_compare_ext_s(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *attr,
+ struct berval *bvalue,
+ LDAPControl **sctrl,
+ LDAPControl **cctrl )
+{
+ int rc;
+ int msgid;
+ LDAPMessage *res;
+
+ rc = ldap_compare_ext( ld, dn, attr, bvalue, sctrl, cctrl, &msgid );
+
+ if ( rc != LDAP_SUCCESS )
+ return( rc );
+
+ if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 )
+ return( ld->ld_errno );
+
+ return( ldap_result2error( ld, res, 1 ) );
+}
+
+int
+ldap_compare_s(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *attr,
+ LDAP_CONST char *value )
+{
+ struct berval bvalue;
+
+ assert( value != NULL );
+
+ bvalue.bv_val = (char *) value;
+ bvalue.bv_len = (value == NULL) ? 0 : strlen( value );
+
+ return ldap_compare_ext_s( ld, dn, attr, &bvalue, NULL, NULL );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/controls.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/controls.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/controls.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,492 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/controls.c,v 1.45.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This notice applies to changes, created by or for Novell, Inc.,
+ * to preexisting works for which notices appear elsewhere in this file.
+ *
+ * Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
+ *
+ * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES.
+ * USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION
+ * 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT
+ * HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE
+ * TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS
+ * WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC
+ * LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE
+ * PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
+ *---
+ * Note: A verbatim copy of version 2.0.1 of the OpenLDAP Public License
+ * can be found in the file "build/LICENSE-2.0.1" in this distribution
+ * of OpenLDAP Software.
+ */
+/* Portions Copyright (C) The Internet Society (1997)
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+/* LDAPv3 Controls (RFC2251)
+ *
+ * Controls ::= SEQUENCE OF Control
+ *
+ * Control ::= SEQUENCE {
+ * controlType LDAPOID,
+ * criticality BOOLEAN DEFAULT FALSE,
+ * controlValue OCTET STRING OPTIONAL
+ * }
+ */
+
+#include "portable.h"
+
+#include <ac/stdlib.h>
+
+#include <ac/time.h>
+#include <ac/string.h>
+
+#include "ldap-int.h"
+
+
+/*
+ * ldap_int_put_controls
+ */
+
+int
+ldap_int_put_controls(
+ LDAP *ld,
+ LDAPControl *const *ctrls,
+ BerElement *ber )
+{
+ LDAPControl *const *c;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID(ld) );
+ assert( ber != NULL );
+
+ if( ctrls == NULL ) {
+ /* use default server controls */
+ ctrls = ld->ld_sctrls;
+ }
+
+ if( ctrls == NULL || *ctrls == NULL ) {
+ return LDAP_SUCCESS;
+ }
+
+ if ( ld->ld_version < LDAP_VERSION3 ) {
+ /* LDAPv2 doesn't support controls,
+ * error if any control is critical
+ */
+ for( c = ctrls ; *c != NULL; c++ ) {
+ if( (*c)->ldctl_iscritical ) {
+ ld->ld_errno = LDAP_NOT_SUPPORTED;
+ return ld->ld_errno;
+ }
+ }
+
+ return LDAP_SUCCESS;
+ }
+
+ /* Controls are encoded as a sequence of sequences */
+ if( ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ return ld->ld_errno;
+ }
+
+ for( c = ctrls ; *c != NULL; c++ ) {
+ if ( ber_printf( ber, "{s" /*}*/,
+ (*c)->ldctl_oid ) == -1 )
+ {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ return ld->ld_errno;
+ }
+
+ if( (*c)->ldctl_iscritical /* only if true */
+ && ( ber_printf( ber, "b",
+ (ber_int_t) (*c)->ldctl_iscritical ) == -1 ) )
+ {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ return ld->ld_errno;
+ }
+
+ if( (*c)->ldctl_value.bv_val != NULL /* only if we have a value */
+ && ( ber_printf( ber, "O",
+ &((*c)->ldctl_value) ) == -1 ) )
+ {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ return ld->ld_errno;
+ }
+
+
+ if( ber_printf( ber, /*{*/"N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ return ld->ld_errno;
+ }
+ }
+
+
+ if( ber_printf( ber, /*{*/ "}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ return ld->ld_errno;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int ldap_pvt_get_controls(
+ BerElement *ber,
+ LDAPControl ***ctrls )
+{
+ int nctrls;
+ ber_tag_t tag;
+ ber_len_t len;
+ char *opaque;
+
+ assert( ber != NULL );
+
+ if( ctrls == NULL ) {
+ return LDAP_SUCCESS;
+ }
+ *ctrls = NULL;
+
+ len = ber_pvt_ber_remaining( ber );
+
+ if( len == 0) {
+ /* no controls */
+ return LDAP_SUCCESS;
+ }
+
+ if(( tag = ber_peek_tag( ber, &len )) != LDAP_TAG_CONTROLS ) {
+ if( tag == LBER_ERROR ) {
+ /* decoding error */
+ return LDAP_DECODING_ERROR;
+ }
+
+ /* ignore unexpected input */
+ return LDAP_SUCCESS;
+ }
+
+ /* set through each element */
+ nctrls = 0;
+ *ctrls = LDAP_MALLOC( 1 * sizeof(LDAPControl *) );
+
+ if( *ctrls == NULL ) {
+ return LDAP_NO_MEMORY;
+ }
+
+ *ctrls[nctrls] = NULL;
+
+ for( tag = ber_first_element( ber, &len, &opaque );
+ tag != LBER_ERROR;
+ tag = ber_next_element( ber, &len, opaque ) )
+ {
+ LDAPControl *tctrl;
+ LDAPControl **tctrls;
+
+ tctrl = LDAP_CALLOC( 1, sizeof(LDAPControl) );
+
+ /* allocate pointer space for current controls (nctrls)
+ * + this control + extra NULL
+ */
+ tctrls = (tctrl == NULL) ? NULL :
+ LDAP_REALLOC(*ctrls, (nctrls+2) * sizeof(LDAPControl *));
+
+ if( tctrls == NULL ) {
+ /* one of the above allocation failed */
+
+ if( tctrl != NULL ) {
+ LDAP_FREE( tctrl );
+ }
+
+ ldap_controls_free(*ctrls);
+ *ctrls = NULL;
+
+ return LDAP_NO_MEMORY;
+ }
+
+
+ tctrls[nctrls++] = tctrl;
+ tctrls[nctrls] = NULL;
+
+ tag = ber_scanf( ber, "{a" /*}*/, &tctrl->ldctl_oid );
+
+ if( tag == LBER_ERROR ) {
+ *ctrls = NULL;
+ ldap_controls_free( tctrls );
+ return LDAP_DECODING_ERROR;
+ }
+
+ tag = ber_peek_tag( ber, &len );
+
+ if( tag == LBER_BOOLEAN ) {
+ ber_int_t crit;
+ tag = ber_scanf( ber, "b", &crit );
+ tctrl->ldctl_iscritical = crit ? (char) 0 : (char) ~0;
+ tag = ber_peek_tag( ber, &len );
+ }
+
+ if( tag == LBER_OCTETSTRING ) {
+ tag = ber_scanf( ber, "o", &tctrl->ldctl_value );
+ } else {
+ tctrl->ldctl_value.bv_val = NULL;
+ }
+
+ *ctrls = tctrls;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Free a LDAPControl
+ */
+void
+ldap_control_free( LDAPControl *c )
+{
+#ifdef LDAP_MEMORY_DEBUG
+ assert( c != NULL );
+#endif
+
+ if ( c != NULL ) {
+ if( c->ldctl_oid != NULL) {
+ LDAP_FREE( c->ldctl_oid );
+ }
+
+ if( c->ldctl_value.bv_val != NULL ) {
+ LDAP_FREE( c->ldctl_value.bv_val );
+ }
+
+ LDAP_FREE( c );
+ }
+}
+
+/*
+ * Free an array of LDAPControl's
+ */
+void
+ldap_controls_free( LDAPControl **controls )
+{
+#ifdef LDAP_MEMORY_DEBUG
+ assert( controls != NULL );
+#endif
+
+ if ( controls != NULL ) {
+ int i;
+
+ for( i=0; controls[i] != NULL; i++) {
+ ldap_control_free( controls[i] );
+ }
+
+ LDAP_FREE( controls );
+ }
+}
+
+/*
+ * Duplicate an array of LDAPControl
+ */
+LDAPControl **
+ldap_controls_dup( LDAPControl *const *controls )
+{
+ LDAPControl **new;
+ int i;
+
+ if ( controls == NULL ) {
+ return NULL;
+ }
+
+ /* count the controls */
+ for(i=0; controls[i] != NULL; i++) /* empty */ ;
+
+ if( i < 1 ) {
+ /* no controls to duplicate */
+ return NULL;
+ }
+
+ new = (LDAPControl **) LDAP_MALLOC( (i+1) * sizeof(LDAPControl *) );
+
+ if( new == NULL ) {
+ /* memory allocation failure */
+ return NULL;
+ }
+
+ /* duplicate the controls */
+ for(i=0; controls[i] != NULL; i++) {
+ new[i] = ldap_control_dup( controls[i] );
+
+ if( new[i] == NULL ) {
+ ldap_controls_free( new );
+ return NULL;
+ }
+ }
+
+ new[i] = NULL;
+
+ return new;
+}
+
+/*
+ * Duplicate a LDAPControl
+ */
+LDAPControl *
+ldap_control_dup( const LDAPControl *c )
+{
+ LDAPControl *new;
+
+ if ( c == NULL ) {
+ return NULL;
+ }
+
+ new = (LDAPControl *) LDAP_MALLOC( sizeof(LDAPControl) );
+
+ if( new == NULL ) {
+ return NULL;
+ }
+
+ if( c->ldctl_oid != NULL ) {
+ new->ldctl_oid = LDAP_STRDUP( c->ldctl_oid );
+
+ if(new->ldctl_oid == NULL) {
+ LDAP_FREE( new );
+ return NULL;
+ }
+
+ } else {
+ new->ldctl_oid = NULL;
+ }
+
+ if( c->ldctl_value.bv_val != NULL ) {
+ new->ldctl_value.bv_val =
+ (char *) LDAP_MALLOC( c->ldctl_value.bv_len + 1 );
+
+ if(new->ldctl_value.bv_val == NULL) {
+ if(new->ldctl_oid != NULL) {
+ LDAP_FREE( new->ldctl_oid );
+ }
+ LDAP_FREE( new );
+ return NULL;
+ }
+
+ new->ldctl_value.bv_len = c->ldctl_value.bv_len;
+
+ AC_MEMCPY( new->ldctl_value.bv_val, c->ldctl_value.bv_val,
+ c->ldctl_value.bv_len );
+
+ new->ldctl_value.bv_val[new->ldctl_value.bv_len] = '\0';
+
+ } else {
+ new->ldctl_value.bv_len = 0;
+ new->ldctl_value.bv_val = NULL;
+ }
+
+ new->ldctl_iscritical = c->ldctl_iscritical;
+ return new;
+}
+
+
+LDAPControl *
+ldap_find_control(
+ LDAP_CONST char *oid,
+ LDAPControl **ctrls )
+{
+ if( ctrls == NULL || *ctrls == NULL ) {
+ return NULL;
+ }
+
+ for( ; *ctrls != NULL; ctrls++ ) {
+ if( strcmp( (*ctrls)->ldctl_oid, oid ) == 0 ) {
+ return *ctrls;
+ }
+ }
+
+ return NULL;
+}
+
+/*
+ ldap_create_control
+
+ Internal function to create an LDAP control from the encoded BerElement.
+
+ requestOID (IN) The OID to use in creating the control.
+
+ ber (IN) The encoded BerElement to use in creating the control.
+
+ iscritical (IN) 0 - Indicates the control is not critical to the operation.
+ non-zero - The control is critical to the operation.
+
+ ctrlp (OUT) Returns a pointer to the LDAPControl created. This control
+ SHOULD be freed by calling ldap_control_free() when done.
+---*/
+
+int
+ldap_create_control(
+ LDAP_CONST char *requestOID,
+ BerElement *ber,
+ int iscritical,
+ LDAPControl **ctrlp )
+{
+ LDAPControl *ctrl;
+
+ assert( requestOID != NULL );
+ assert( ber != NULL );
+ assert( ctrlp != NULL );
+
+ ctrl = (LDAPControl *) LDAP_MALLOC( sizeof(LDAPControl) );
+ if ( ctrl == NULL ) {
+ return LDAP_NO_MEMORY;
+ }
+
+ if ( ber_flatten2( ber, &ctrl->ldctl_value, 1 ) == -1 ) {
+ LDAP_FREE( ctrl );
+ return LDAP_NO_MEMORY;
+ }
+
+ ctrl->ldctl_oid = LDAP_STRDUP( requestOID );
+ ctrl->ldctl_iscritical = iscritical;
+
+ if ( requestOID != NULL && ctrl->ldctl_oid == NULL ) {
+ ldap_control_free( ctrl );
+ return LDAP_NO_MEMORY;
+ }
+
+ *ctrlp = ctrl;
+ return LDAP_SUCCESS;
+}
+
+/*
+ * check for critical client controls and bitch if present
+ * if we ever support critical controls, we'll have to
+ * find a means for maintaining per API call control
+ * information.
+ */
+int ldap_int_client_controls( LDAP *ld, LDAPControl **ctrls )
+{
+ LDAPControl *const *c;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID(ld) );
+
+ if( ctrls == NULL ) {
+ /* use default server controls */
+ ctrls = ld->ld_cctrls;
+ }
+
+ if( ctrls == NULL || *ctrls == NULL ) {
+ return LDAP_SUCCESS;
+ }
+
+ for( c = ctrls ; *c != NULL; c++ ) {
+ if( (*c)->ldctl_iscritical ) {
+ ld->ld_errno = LDAP_NOT_SUPPORTED;
+ return ld->ld_errno;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/cyrus.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/cyrus.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/cyrus.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1346 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/cyrus.c,v 1.112.2.16 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/errno.h>
+#include <ac/ctype.h>
+#include <ac/unistd.h>
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include "ldap-int.h"
+
+#ifdef HAVE_CYRUS_SASL
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#ifndef INT_MAX
+#define INT_MAX 2147483647 /* 32 bit signed max */
+#endif
+
+#ifdef LDAP_R_COMPILE
+ldap_pvt_thread_mutex_t ldap_int_sasl_mutex;
+#endif
+
+#ifdef HAVE_SASL_SASL_H
+#include <sasl/sasl.h>
+#else
+#include <sasl.h>
+#endif
+
+#if SASL_VERSION_MAJOR >= 2
+#define SASL_CONST const
+#else
+#define SASL_CONST
+#endif
+
+/*
+* Various Cyrus SASL related stuff.
+*/
+
+static const sasl_callback_t client_callbacks[] = {
+#ifdef SASL_CB_GETREALM
+ { SASL_CB_GETREALM, NULL, NULL },
+#endif
+ { SASL_CB_USER, NULL, NULL },
+ { SASL_CB_AUTHNAME, NULL, NULL },
+ { SASL_CB_PASS, NULL, NULL },
+ { SASL_CB_ECHOPROMPT, NULL, NULL },
+ { SASL_CB_NOECHOPROMPT, NULL, NULL },
+ { SASL_CB_LIST_END, NULL, NULL }
+};
+
+int ldap_int_sasl_init( void )
+{
+ /* XXX not threadsafe */
+ static int sasl_initialized = 0;
+
+#ifdef HAVE_SASL_VERSION
+ /* stringify the version number, sasl.h doesn't do it for us */
+#define VSTR0(maj, min, pat) #maj "." #min "." #pat
+#define VSTR(maj, min, pat) VSTR0(maj, min, pat)
+#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \
+ SASL_VERSION_STEP)
+ { int rc;
+ sasl_version( NULL, &rc );
+ if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) ||
+ (rc & 0xffff) < SASL_VERSION_STEP) {
+ char version[sizeof("xxx.xxx.xxxxx")];
+ sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff,
+ rc & 0xffff );
+
+ Debug( LDAP_DEBUG_ANY,
+ "ldap_int_sasl_init: SASL library version mismatch:"
+ " expected " SASL_VERSION_STRING ","
+ " got %s\n", version, 0, 0 );
+ return -1;
+ }
+ }
+#endif
+ if ( sasl_initialized ) {
+ return 0;
+ }
+
+/* SASL 2 takes care of its own memory completely internally */
+#if SASL_VERSION_MAJOR < 2 && !defined(CSRIMALLOC)
+ sasl_set_alloc(
+ ber_memalloc,
+ ber_memcalloc,
+ ber_memrealloc,
+ ber_memfree );
+#endif /* CSRIMALLOC */
+
+#ifdef LDAP_R_COMPILE
+ sasl_set_mutex(
+ ldap_pvt_sasl_mutex_new,
+ ldap_pvt_sasl_mutex_lock,
+ ldap_pvt_sasl_mutex_unlock,
+ ldap_pvt_sasl_mutex_dispose );
+#endif
+
+ if ( sasl_client_init( NULL ) == SASL_OK ) {
+ sasl_initialized = 1;
+ return 0;
+ }
+
+#if SASL_VERSION_MAJOR < 2
+ /* A no-op to make sure we link with Cyrus 1.5 */
+ sasl_client_auth( NULL, NULL, NULL, 0, NULL, NULL );
+#endif
+ return -1;
+}
+
+/*
+ * SASL encryption support for LBER Sockbufs
+ */
+
+struct sb_sasl_data {
+ sasl_conn_t *sasl_context;
+ unsigned *sasl_maxbuf;
+ Sockbuf_Buf sec_buf_in;
+ Sockbuf_Buf buf_in;
+ Sockbuf_Buf buf_out;
+};
+
+static int
+sb_sasl_setup( Sockbuf_IO_Desc *sbiod, void *arg )
+{
+ struct sb_sasl_data *p;
+
+ assert( sbiod != NULL );
+
+ p = LBER_MALLOC( sizeof( *p ) );
+ if ( p == NULL )
+ return -1;
+ p->sasl_context = (sasl_conn_t *)arg;
+ ber_pvt_sb_buf_init( &p->sec_buf_in );
+ ber_pvt_sb_buf_init( &p->buf_in );
+ ber_pvt_sb_buf_init( &p->buf_out );
+ if ( ber_pvt_sb_grow_buffer( &p->sec_buf_in, SASL_MIN_BUFF_SIZE ) < 0 ) {
+ LBER_FREE( p );
+ sock_errset(ENOMEM);
+ return -1;
+ }
+ sasl_getprop( p->sasl_context, SASL_MAXOUTBUF,
+ (SASL_CONST void **) &p->sasl_maxbuf );
+
+ sbiod->sbiod_pvt = p;
+
+ return 0;
+}
+
+static int
+sb_sasl_remove( Sockbuf_IO_Desc *sbiod )
+{
+ struct sb_sasl_data *p;
+
+ assert( sbiod != NULL );
+
+ p = (struct sb_sasl_data *)sbiod->sbiod_pvt;
+#if SASL_VERSION_MAJOR >= 2
+ /*
+ * SASLv2 encode/decode buffers are managed by
+ * libsasl2. Ensure they are not freed by liblber.
+ */
+ p->buf_in.buf_base = NULL;
+ p->buf_out.buf_base = NULL;
+#endif
+ ber_pvt_sb_buf_destroy( &p->sec_buf_in );
+ ber_pvt_sb_buf_destroy( &p->buf_in );
+ ber_pvt_sb_buf_destroy( &p->buf_out );
+ LBER_FREE( p );
+ sbiod->sbiod_pvt = NULL;
+ return 0;
+}
+
+static ber_len_t
+sb_sasl_pkt_length( const unsigned char *buf, int debuglevel )
+{
+ ber_len_t size;
+
+ assert( buf != NULL );
+
+ size = buf[0] << 24
+ | buf[1] << 16
+ | buf[2] << 8
+ | buf[3];
+
+ if ( size > SASL_MAX_BUFF_SIZE ) {
+ /* somebody is trying to mess me up. */
+ ber_log_printf( LDAP_DEBUG_ANY, debuglevel,
+ "sb_sasl_pkt_length: received illegal packet length "
+ "of %lu bytes\n", (unsigned long)size );
+ size = 16; /* this should lead to an error. */
+ }
+
+ return size + 4; /* include the size !!! */
+}
+
+/* Drop a processed packet from the input buffer */
+static void
+sb_sasl_drop_packet ( Sockbuf_Buf *sec_buf_in, int debuglevel )
+{
+ ber_slen_t len;
+
+ len = sec_buf_in->buf_ptr - sec_buf_in->buf_end;
+ if ( len > 0 )
+ AC_MEMCPY( sec_buf_in->buf_base, sec_buf_in->buf_base +
+ sec_buf_in->buf_end, len );
+
+ if ( len >= 4 ) {
+ sec_buf_in->buf_end = sb_sasl_pkt_length(
+ (unsigned char *) sec_buf_in->buf_base, debuglevel);
+ }
+ else {
+ sec_buf_in->buf_end = 0;
+ }
+ sec_buf_in->buf_ptr = len;
+}
+
+static ber_slen_t
+sb_sasl_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+ struct sb_sasl_data *p;
+ ber_slen_t ret, bufptr;
+
+ assert( sbiod != NULL );
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+ p = (struct sb_sasl_data *)sbiod->sbiod_pvt;
+
+ /* Are there anything left in the buffer? */
+ ret = ber_pvt_sb_copy_out( &p->buf_in, buf, len );
+ bufptr = ret;
+ len -= ret;
+
+ if ( len == 0 )
+ return bufptr;
+
+#if SASL_VERSION_MAJOR >= 2
+ ber_pvt_sb_buf_init( &p->buf_in );
+#else
+ ber_pvt_sb_buf_destroy( &p->buf_in );
+#endif
+
+ /* Read the length of the packet */
+ while ( p->sec_buf_in.buf_ptr < 4 ) {
+ ret = LBER_SBIOD_READ_NEXT( sbiod, p->sec_buf_in.buf_base +
+ p->sec_buf_in.buf_ptr,
+ 4 - p->sec_buf_in.buf_ptr );
+#ifdef EINTR
+ if ( ( ret < 0 ) && ( errno == EINTR ) )
+ continue;
+#endif
+ if ( ret <= 0 )
+ return bufptr ? bufptr : ret;
+
+ p->sec_buf_in.buf_ptr += ret;
+ }
+
+ /* The new packet always starts at p->sec_buf_in.buf_base */
+ ret = sb_sasl_pkt_length( (unsigned char *) p->sec_buf_in.buf_base,
+ sbiod->sbiod_sb->sb_debug );
+
+ /* Grow the packet buffer if neccessary */
+ if ( ( p->sec_buf_in.buf_size < (ber_len_t) ret ) &&
+ ber_pvt_sb_grow_buffer( &p->sec_buf_in, ret ) < 0 )
+ {
+ sock_errset(ENOMEM);
+ return -1;
+ }
+ p->sec_buf_in.buf_end = ret;
+
+ /* Did we read the whole encrypted packet? */
+ while ( p->sec_buf_in.buf_ptr < p->sec_buf_in.buf_end ) {
+ /* No, we have got only a part of it */
+ ret = p->sec_buf_in.buf_end - p->sec_buf_in.buf_ptr;
+
+ ret = LBER_SBIOD_READ_NEXT( sbiod, p->sec_buf_in.buf_base +
+ p->sec_buf_in.buf_ptr, ret );
+#ifdef EINTR
+ if ( ( ret < 0 ) && ( errno == EINTR ) )
+ continue;
+#endif
+ if ( ret <= 0 )
+ return bufptr ? bufptr : ret;
+
+ p->sec_buf_in.buf_ptr += ret;
+ }
+
+ /* Decode the packet */
+ {
+ unsigned tmpsize = p->buf_in.buf_end;
+ ret = sasl_decode( p->sasl_context, p->sec_buf_in.buf_base,
+ p->sec_buf_in.buf_end,
+ (SASL_CONST char **)&p->buf_in.buf_base,
+ (unsigned *)&tmpsize );
+ p->buf_in.buf_end = tmpsize;
+ }
+
+ /* Drop the packet from the input buffer */
+ sb_sasl_drop_packet( &p->sec_buf_in, sbiod->sbiod_sb->sb_debug );
+
+ if ( ret != SASL_OK ) {
+ ber_log_printf( LDAP_DEBUG_ANY, sbiod->sbiod_sb->sb_debug,
+ "sb_sasl_read: failed to decode packet: %s\n",
+ sasl_errstring( ret, NULL, NULL ) );
+ sock_errset(EIO);
+ return -1;
+ }
+
+ p->buf_in.buf_size = p->buf_in.buf_end;
+
+ bufptr += ber_pvt_sb_copy_out( &p->buf_in, (char*) buf + bufptr, len );
+
+ return bufptr;
+}
+
+static ber_slen_t
+sb_sasl_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+ struct sb_sasl_data *p;
+ int ret;
+
+ assert( sbiod != NULL );
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+ p = (struct sb_sasl_data *)sbiod->sbiod_pvt;
+
+ /* Are there anything left in the buffer? */
+ if ( p->buf_out.buf_ptr != p->buf_out.buf_end ) {
+ ret = ber_pvt_sb_do_write( sbiod, &p->buf_out );
+ if ( ret < 0 ) return ret;
+
+ /* Still have something left?? */
+ if ( p->buf_out.buf_ptr != p->buf_out.buf_end ) {
+ sock_errset(EAGAIN);
+ return -1;
+ }
+ }
+
+ /* now encode the next packet. */
+#if SASL_VERSION_MAJOR >= 2
+ ber_pvt_sb_buf_init( &p->buf_out );
+#else
+ ber_pvt_sb_buf_destroy( &p->buf_out );
+#endif
+ if ( len > *p->sasl_maxbuf - 100 ) {
+ len = *p->sasl_maxbuf - 100; /* For safety margin */
+ }
+
+ {
+ unsigned tmpsize = p->buf_out.buf_size;
+ ret = sasl_encode( p->sasl_context, buf, len,
+ (SASL_CONST char **)&p->buf_out.buf_base,
+ &tmpsize );
+ p->buf_out.buf_size = tmpsize;
+ }
+
+ if ( ret != SASL_OK ) {
+ ber_log_printf( LDAP_DEBUG_ANY, sbiod->sbiod_sb->sb_debug,
+ "sb_sasl_write: failed to encode packet: %s\n",
+ sasl_errstring( ret, NULL, NULL ) );
+ sock_errset(EIO);
+ return -1;
+ }
+ p->buf_out.buf_end = p->buf_out.buf_size;
+
+ ret = ber_pvt_sb_do_write( sbiod, &p->buf_out );
+
+ /* return number of bytes encoded, not written, to ensure
+ * no byte is encoded twice (even if only sent once).
+ */
+ return len;
+}
+
+static int
+sb_sasl_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg )
+{
+ struct sb_sasl_data *p;
+
+ p = (struct sb_sasl_data *)sbiod->sbiod_pvt;
+
+ if ( opt == LBER_SB_OPT_DATA_READY ) {
+ if ( p->buf_in.buf_ptr != p->buf_in.buf_end ) return 1;
+ }
+
+ return LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg );
+}
+
+Sockbuf_IO ldap_pvt_sockbuf_io_sasl = {
+ sb_sasl_setup, /* sbi_setup */
+ sb_sasl_remove, /* sbi_remove */
+ sb_sasl_ctrl, /* sbi_ctrl */
+ sb_sasl_read, /* sbi_read */
+ sb_sasl_write, /* sbi_write */
+ NULL /* sbi_close */
+};
+
+int ldap_pvt_sasl_install( Sockbuf *sb, void *ctx_arg )
+{
+ Debug( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_install\n",
+ 0, 0, 0 );
+
+ /* don't install the stuff unless security has been negotiated */
+
+ if ( !ber_sockbuf_ctrl( sb, LBER_SB_OPT_HAS_IO,
+ &ldap_pvt_sockbuf_io_sasl ) )
+ {
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_APPLICATION, (void *)"sasl_" );
+#endif
+ ber_sockbuf_add_io( sb, &ldap_pvt_sockbuf_io_sasl,
+ LBER_SBIOD_LEVEL_APPLICATION, ctx_arg );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+void ldap_pvt_sasl_remove( Sockbuf *sb )
+{
+ ber_sockbuf_remove_io( sb, &ldap_pvt_sockbuf_io_sasl,
+ LBER_SBIOD_LEVEL_APPLICATION );
+#ifdef LDAP_DEBUG
+ ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_APPLICATION );
+#endif
+}
+
+static int
+sasl_err2ldap( int saslerr )
+{
+ int rc;
+
+ /* map SASL errors to LDAP API errors returned by:
+ * sasl_client_new()
+ * SASL_OK, SASL_NOMECH, SASL_NOMEM
+ * sasl_client_start()
+ * SASL_OK, SASL_NOMECH, SASL_NOMEM, SASL_INTERACT
+ * sasl_client_step()
+ * SASL_OK, SASL_INTERACT, SASL_BADPROT, SASL_BADSERV
+ */
+
+ switch (saslerr) {
+ case SASL_CONTINUE:
+ rc = LDAP_MORE_RESULTS_TO_RETURN;
+ break;
+ case SASL_INTERACT:
+ rc = LDAP_LOCAL_ERROR;
+ break;
+ case SASL_OK:
+ rc = LDAP_SUCCESS;
+ break;
+ case SASL_NOMEM:
+ rc = LDAP_NO_MEMORY;
+ break;
+ case SASL_NOMECH:
+ rc = LDAP_AUTH_UNKNOWN;
+ break;
+ case SASL_BADPROT:
+ rc = LDAP_DECODING_ERROR;
+ break;
+ case SASL_BADSERV:
+ rc = LDAP_AUTH_UNKNOWN;
+ break;
+
+ /* other codes */
+ case SASL_BADAUTH:
+ rc = LDAP_AUTH_UNKNOWN;
+ break;
+ case SASL_NOAUTHZ:
+ rc = LDAP_PARAM_ERROR;
+ break;
+ case SASL_FAIL:
+ rc = LDAP_LOCAL_ERROR;
+ break;
+ case SASL_TOOWEAK:
+ case SASL_ENCRYPT:
+ rc = LDAP_AUTH_UNKNOWN;
+ break;
+ default:
+ rc = LDAP_LOCAL_ERROR;
+ break;
+ }
+
+ assert( rc == LDAP_SUCCESS || LDAP_API_ERROR( rc ) );
+ return rc;
+}
+
+int
+ldap_int_sasl_open(
+ LDAP *ld,
+ LDAPConn *lc,
+ const char * host )
+{
+ int rc;
+ sasl_conn_t *ctx;
+
+ assert( lc->lconn_sasl_authctx == NULL );
+
+ if ( host == NULL ) {
+ ld->ld_errno = LDAP_LOCAL_ERROR;
+ return ld->ld_errno;
+ }
+
+ if ( ldap_int_sasl_init() ) {
+ ld->ld_errno = LDAP_LOCAL_ERROR;
+ return ld->ld_errno;
+ }
+
+#if SASL_VERSION_MAJOR >= 2
+ rc = sasl_client_new( "ldap", host, NULL, NULL,
+ client_callbacks, 0, &ctx );
+#else
+ rc = sasl_client_new( "ldap", host, client_callbacks,
+ SASL_SECURITY_LAYER, &ctx );
+#endif
+
+ if ( rc != SASL_OK ) {
+ ld->ld_errno = sasl_err2ldap( rc );
+ return ld->ld_errno;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_open: host=%s\n",
+ host, 0, 0 );
+
+ lc->lconn_sasl_authctx = ctx;
+
+ return LDAP_SUCCESS;
+}
+
+int ldap_int_sasl_close( LDAP *ld, LDAPConn *lc )
+{
+ sasl_conn_t *ctx = lc->lconn_sasl_authctx;
+
+ if( ctx != NULL ) {
+ sasl_dispose( &ctx );
+ if ( lc->lconn_sasl_sockctx &&
+ lc->lconn_sasl_authctx != lc->lconn_sasl_sockctx ) {
+ ctx = lc->lconn_sasl_sockctx;
+ sasl_dispose( &ctx );
+ }
+ lc->lconn_sasl_sockctx = NULL;
+ lc->lconn_sasl_authctx = NULL;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int
+ldap_int_sasl_bind(
+ LDAP *ld,
+ const char *dn,
+ const char *mechs,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ unsigned flags,
+ LDAP_SASL_INTERACT_PROC *interact,
+ void * defaults )
+{
+ char *data;
+ const char *mech = NULL;
+ const char *pmech = NULL;
+ int saslrc, rc;
+ sasl_ssf_t *ssf = NULL;
+ sasl_conn_t *ctx, *oldctx = NULL;
+ sasl_interact_t *prompts = NULL;
+ unsigned credlen;
+ struct berval ccred;
+ ber_socket_t sd;
+ void *ssl;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_bind: %s\n",
+ mechs ? mechs : "<null>", 0, 0 );
+
+ /* do a quick !LDAPv3 check... ldap_sasl_bind will do the rest. */
+ if (ld->ld_version < LDAP_VERSION3) {
+ ld->ld_errno = LDAP_NOT_SUPPORTED;
+ return ld->ld_errno;
+ }
+
+ rc = 0;
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, &sd );
+
+ if ( sd == AC_SOCKET_INVALID ) {
+ /* not connected yet */
+
+ rc = ldap_open_defconn( ld );
+
+ if ( rc == 0 ) {
+ ber_sockbuf_ctrl( ld->ld_defconn->lconn_sb,
+ LBER_SB_OPT_GET_FD, &sd );
+
+ if( sd == AC_SOCKET_INVALID ) {
+ ld->ld_errno = LDAP_LOCAL_ERROR;
+ rc = ld->ld_errno;
+ }
+ }
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+ if( rc != 0 ) return ld->ld_errno;
+
+ oldctx = ld->ld_defconn->lconn_sasl_authctx;
+
+ /* If we already have an authentication context, clear it out */
+ if( oldctx ) {
+ if ( oldctx != ld->ld_defconn->lconn_sasl_sockctx ) {
+ sasl_dispose( &oldctx );
+ }
+ ld->ld_defconn->lconn_sasl_authctx = NULL;
+ }
+
+ {
+ char *saslhost = ldap_host_connected_to( ld->ld_defconn->lconn_sb,
+ "localhost" );
+ rc = ldap_int_sasl_open( ld, ld->ld_defconn, saslhost );
+ LDAP_FREE( saslhost );
+ }
+
+ if ( rc != LDAP_SUCCESS ) return rc;
+
+ ctx = ld->ld_defconn->lconn_sasl_authctx;
+
+ /* Check for TLS */
+ ssl = ldap_pvt_tls_sb_ctx( ld->ld_defconn->lconn_sb );
+ if ( ssl ) {
+ struct berval authid = BER_BVNULL;
+ ber_len_t fac;
+
+ fac = ldap_pvt_tls_get_strength( ssl );
+ /* failure is OK, we just can't use SASL EXTERNAL */
+ (void) ldap_pvt_tls_get_my_dn( ssl, &authid, NULL, 0 );
+
+ (void) ldap_int_sasl_external( ld, ld->ld_defconn, authid.bv_val, fac );
+ LDAP_FREE( authid.bv_val );
+ }
+
+#if !defined(_WIN32)
+ /* Check for local */
+ if ( ldap_pvt_url_scheme2proto(
+ ld->ld_defconn->lconn_server->lud_scheme ) == LDAP_PROTO_IPC )
+ {
+ char authid[sizeof("gidNumber=4294967295+uidNumber=4294967295,"
+ "cn=peercred,cn=external,cn=auth")];
+ sprintf( authid, "gidNumber=%d+uidNumber=%d,"
+ "cn=peercred,cn=external,cn=auth",
+ (int) getegid(), (int) geteuid() );
+ (void) ldap_int_sasl_external( ld, ld->ld_defconn, authid,
+ LDAP_PVT_SASL_LOCAL_SSF );
+ }
+#endif
+
+ /* (re)set security properties */
+ sasl_setprop( ctx, SASL_SEC_PROPS,
+ &ld->ld_options.ldo_sasl_secprops );
+
+ ccred.bv_val = NULL;
+ ccred.bv_len = 0;
+
+ do {
+ saslrc = sasl_client_start( ctx,
+ mechs,
+#if SASL_VERSION_MAJOR < 2
+ NULL,
+#endif
+ &prompts,
+ (SASL_CONST char **)&ccred.bv_val,
+ &credlen,
+ &mech );
+
+ if( pmech == NULL && mech != NULL ) {
+ pmech = mech;
+
+ if( flags != LDAP_SASL_QUIET ) {
+ fprintf(stderr,
+ "SASL/%s authentication started\n",
+ pmech );
+ }
+ }
+
+ if( saslrc == SASL_INTERACT ) {
+ int res;
+ if( !interact ) break;
+ res = (interact)( ld, flags, defaults, prompts );
+
+ if( res != LDAP_SUCCESS ) break;
+ }
+ } while ( saslrc == SASL_INTERACT );
+
+ ccred.bv_len = credlen;
+
+ if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) {
+ rc = ld->ld_errno = sasl_err2ldap( saslrc );
+#if SASL_VERSION_MAJOR >= 2
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ }
+ ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) );
+#endif
+ goto done;
+ }
+
+ do {
+ struct berval *scred;
+ unsigned credlen;
+
+ scred = NULL;
+
+ rc = ldap_sasl_bind_s( ld, dn, mech, &ccred, sctrls, cctrls,
+ &scred );
+
+ if ( ccred.bv_val != NULL ) {
+#if SASL_VERSION_MAJOR < 2
+ LDAP_FREE( ccred.bv_val );
+#endif
+ ccred.bv_val = NULL;
+ }
+
+ if ( rc != LDAP_SUCCESS && rc != LDAP_SASL_BIND_IN_PROGRESS ) {
+ if( scred ) {
+ /* and server provided us with data? */
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n",
+ rc, saslrc, scred ? scred->bv_len : -1 );
+ ber_bvfree( scred );
+ scred = NULL;
+ }
+ rc = ld->ld_errno;
+ goto done;
+ }
+
+ if( rc == LDAP_SUCCESS && saslrc == SASL_OK ) {
+ /* we're done, no need to step */
+ if( scred ) {
+ /* but we got additional data? */
+#define KLUDGE_FOR_MSAD
+#ifdef KLUDGE_FOR_MSAD
+ /*
+ * MSAD provides empty additional data in violation of LDAP
+ * technical specifications. As no existing SASL mechanism
+ * allows empty data with an outcome message, just ignore it
+ * for now. Hopefully MS will fix their bug before someone
+ * defines a mechanism with possibly empty additional data.
+ */
+ if( scred->bv_len == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "ldap_int_sasl_bind: ignoring "
+ " bogus empty data provided with SASL outcome message.\n",
+ rc, saslrc, scred->bv_len );
+ ber_bvfree( scred );
+ } else
+#endif
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n",
+ rc, saslrc, scred->bv_len );
+ rc = ld->ld_errno = LDAP_LOCAL_ERROR;
+ ber_bvfree( scred );
+ goto done;
+ }
+ }
+ break;
+ }
+
+ do {
+ if( ! scred ) {
+ /* no data! */
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_int_sasl_bind: no data in step!\n",
+ 0, 0, 0 );
+ }
+
+ saslrc = sasl_client_step( ctx,
+ (scred == NULL) ? NULL : scred->bv_val,
+ (scred == NULL) ? 0 : scred->bv_len,
+ &prompts,
+ (SASL_CONST char **)&ccred.bv_val,
+ &credlen );
+
+ Debug( LDAP_DEBUG_TRACE, "sasl_client_step: %d\n",
+ saslrc, 0, 0 );
+
+ if( saslrc == SASL_INTERACT ) {
+ int res;
+ if( !interact ) break;
+ res = (interact)( ld, flags, defaults, prompts );
+ if( res != LDAP_SUCCESS ) break;
+ }
+ } while ( saslrc == SASL_INTERACT );
+
+ ccred.bv_len = credlen;
+ ber_bvfree( scred );
+
+ if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) {
+ ld->ld_errno = sasl_err2ldap( saslrc );
+#if SASL_VERSION_MAJOR >= 2
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ }
+ ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) );
+#endif
+ rc = ld->ld_errno;
+ goto done;
+ }
+ } while ( rc == LDAP_SASL_BIND_IN_PROGRESS );
+
+ if ( rc != LDAP_SUCCESS ) goto done;
+
+ if ( saslrc != SASL_OK ) {
+#if SASL_VERSION_MAJOR >= 2
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ }
+ ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) );
+#endif
+ rc = ld->ld_errno = sasl_err2ldap( saslrc );
+ goto done;
+ }
+
+ if( flags != LDAP_SASL_QUIET ) {
+ saslrc = sasl_getprop( ctx, SASL_USERNAME,
+ (SASL_CONST void **) &data );
+ if( saslrc == SASL_OK && data && *data ) {
+ fprintf( stderr, "SASL username: %s\n", data );
+ }
+
+#if SASL_VERSION_MAJOR < 2
+ saslrc = sasl_getprop( ctx, SASL_REALM,
+ (SASL_CONST void **) &data );
+ if( saslrc == SASL_OK && data && *data ) {
+ fprintf( stderr, "SASL realm: %s\n", data );
+ }
+#endif
+ }
+
+ saslrc = sasl_getprop( ctx, SASL_SSF, (SASL_CONST void **) &ssf );
+ if( saslrc == SASL_OK ) {
+ if( flags != LDAP_SASL_QUIET ) {
+ fprintf( stderr, "SASL SSF: %lu\n",
+ (unsigned long) *ssf );
+ }
+
+ if( ssf && *ssf ) {
+ if( flags != LDAP_SASL_QUIET ) {
+ fprintf( stderr, "SASL installing layers\n" );
+ }
+ if ( ld->ld_defconn->lconn_sasl_sockctx ) {
+ oldctx = ld->ld_defconn->lconn_sasl_sockctx;
+ sasl_dispose( &oldctx );
+ ldap_pvt_sasl_remove( ld->ld_defconn->lconn_sb );
+ }
+ ldap_pvt_sasl_install( ld->ld_defconn->lconn_sb, ctx );
+ ld->ld_defconn->lconn_sasl_sockctx = ctx;
+ }
+ }
+ ld->ld_defconn->lconn_sasl_authctx = ctx;
+
+done:
+ return rc;
+}
+
+int
+ldap_int_sasl_external(
+ LDAP *ld,
+ LDAPConn *conn,
+ const char * authid,
+ ber_len_t ssf )
+{
+ int sc;
+ sasl_conn_t *ctx;
+#if SASL_VERSION_MAJOR < 2
+ sasl_external_properties_t extprops;
+#endif
+
+ ctx = conn->lconn_sasl_authctx;
+
+ if ( ctx == NULL ) {
+ return LDAP_LOCAL_ERROR;
+ }
+
+#if SASL_VERSION_MAJOR >= 2
+ sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &ssf );
+ if ( sc == SASL_OK )
+ sc = sasl_setprop( ctx, SASL_AUTH_EXTERNAL, authid );
+#else
+ memset( &extprops, '\0', sizeof(extprops) );
+ extprops.ssf = ssf;
+ extprops.auth_id = (char *) authid;
+
+ sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL,
+ (void *) &extprops );
+#endif
+
+ if ( sc != SASL_OK ) {
+ return LDAP_LOCAL_ERROR;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+
+#define GOT_MINSSF 1
+#define GOT_MAXSSF 2
+#define GOT_MAXBUF 4
+
+static struct {
+ struct berval key;
+ int sflag;
+ int ival;
+ int idef;
+} sprops[] = {
+ { BER_BVC("none"), 0, 0, 0 },
+ { BER_BVC("nodict"), SASL_SEC_NODICTIONARY, 0, 0 },
+ { BER_BVC("noplain"), SASL_SEC_NOPLAINTEXT, 0, 0 },
+ { BER_BVC("noactive"), SASL_SEC_NOACTIVE, 0, 0 },
+ { BER_BVC("passcred"), SASL_SEC_PASS_CREDENTIALS, 0, 0 },
+ { BER_BVC("forwardsec"), SASL_SEC_FORWARD_SECRECY, 0, 0 },
+ { BER_BVC("noanonymous"), SASL_SEC_NOANONYMOUS, 0, 0 },
+ { BER_BVC("minssf="), 0, GOT_MINSSF, 0 },
+ { BER_BVC("maxssf="), 0, GOT_MAXSSF, INT_MAX },
+ { BER_BVC("maxbufsize="), 0, GOT_MAXBUF, 65536 },
+ { BER_BVNULL, 0, 0, 0 }
+};
+
+void ldap_pvt_sasl_secprops_unparse(
+ sasl_security_properties_t *secprops,
+ struct berval *out )
+{
+ int i, l = 0;
+ int comma;
+ char *ptr;
+
+ if ( secprops == NULL || out == NULL ) {
+ return;
+ }
+
+ comma = 0;
+ for ( i=0; !BER_BVISNULL( &sprops[i].key ); i++ ) {
+ if ( sprops[i].ival ) {
+ int v = 0;
+
+ switch( sprops[i].ival ) {
+ case GOT_MINSSF: v = secprops->min_ssf; break;
+ case GOT_MAXSSF: v = secprops->max_ssf; break;
+ case GOT_MAXBUF: v = secprops->maxbufsize; break;
+ }
+ /* It is the default, ignore it */
+ if ( v == sprops[i].idef ) continue;
+
+ l += sprops[i].key.bv_len + 24;
+ } else if ( sprops[i].sflag ) {
+ if ( sprops[i].sflag & secprops->security_flags ) {
+ l += sprops[i].key.bv_len;
+ }
+ } else if ( secprops->security_flags == 0 ) {
+ l += sprops[i].key.bv_len;
+ }
+ if ( comma ) l++;
+ comma = 1;
+ }
+ l++;
+
+ out->bv_val = LDAP_MALLOC( l );
+ if ( out->bv_val == NULL ) {
+ out->bv_len = 0;
+ return;
+ }
+
+ ptr = out->bv_val;
+ comma = 0;
+ for ( i=0; !BER_BVISNULL( &sprops[i].key ); i++ ) {
+ if ( sprops[i].ival ) {
+ int v = 0;
+
+ switch( sprops[i].ival ) {
+ case GOT_MINSSF: v = secprops->min_ssf; break;
+ case GOT_MAXSSF: v = secprops->max_ssf; break;
+ case GOT_MAXBUF: v = secprops->maxbufsize; break;
+ }
+ /* It is the default, ignore it */
+ if ( v == sprops[i].idef ) continue;
+
+ if ( comma ) *ptr++ = ',';
+ ptr += sprintf(ptr, "%s%d", sprops[i].key.bv_val, v );
+ comma = 1;
+ } else if ( sprops[i].sflag ) {
+ if ( sprops[i].sflag & secprops->security_flags ) {
+ if ( comma ) *ptr++ = ',';
+ ptr += sprintf(ptr, "%s", sprops[i].key.bv_val );
+ comma = 1;
+ }
+ } else if ( secprops->security_flags == 0 ) {
+ if ( comma ) *ptr++ = ',';
+ ptr += sprintf(ptr, "%s", sprops[i].key.bv_val );
+ comma = 1;
+ }
+ }
+ out->bv_len = ptr - out->bv_val;
+}
+
+int ldap_pvt_sasl_secprops(
+ const char *in,
+ sasl_security_properties_t *secprops )
+{
+ int i, j, l;
+ char **props;
+ unsigned sflags = 0;
+ int got_sflags = 0;
+ sasl_ssf_t max_ssf = 0;
+ int got_max_ssf = 0;
+ sasl_ssf_t min_ssf = 0;
+ int got_min_ssf = 0;
+ unsigned maxbufsize = 0;
+ int got_maxbufsize = 0;
+
+ if( secprops == NULL ) {
+ return LDAP_PARAM_ERROR;
+ }
+ props = ldap_str2charray( in, "," );
+ if( props == NULL ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ for( i=0; props[i]; i++ ) {
+ l = strlen( props[i] );
+ for ( j=0; !BER_BVISNULL( &sprops[j].key ); j++ ) {
+ if ( l < sprops[j].key.bv_len ) continue;
+ if ( strncasecmp( props[i], sprops[j].key.bv_val,
+ sprops[j].key.bv_len )) continue;
+ if ( sprops[j].ival ) {
+ unsigned v;
+ char *next = NULL;
+ if ( !isdigit( (unsigned char)props[i][sprops[j].key.bv_len] ))
+ continue;
+ v = strtoul( &props[i][sprops[j].key.bv_len], &next, 10 );
+ if ( next == &props[i][sprops[j].key.bv_len] || next[0] != '\0' ) continue;
+ switch( sprops[j].ival ) {
+ case GOT_MINSSF:
+ min_ssf = v; got_min_ssf++; break;
+ case GOT_MAXSSF:
+ max_ssf = v; got_max_ssf++; break;
+ case GOT_MAXBUF:
+ maxbufsize = v; got_maxbufsize++; break;
+ }
+ } else {
+ if ( props[i][sprops[j].key.bv_len] ) continue;
+ if ( sprops[j].sflag )
+ sflags |= sprops[j].sflag;
+ else
+ sflags = 0;
+ got_sflags++;
+ }
+ break;
+ }
+ if ( BER_BVISNULL( &sprops[j].key )) {
+ ldap_charray_free( props );
+ return LDAP_NOT_SUPPORTED;
+ }
+ }
+
+ if(got_sflags) {
+ secprops->security_flags = sflags;
+ }
+ if(got_min_ssf) {
+ secprops->min_ssf = min_ssf;
+ }
+ if(got_max_ssf) {
+ secprops->max_ssf = max_ssf;
+ }
+ if(got_maxbufsize) {
+ secprops->maxbufsize = maxbufsize;
+ }
+
+ ldap_charray_free( props );
+ return LDAP_SUCCESS;
+}
+
+int
+ldap_int_sasl_config( struct ldapoptions *lo, int option, const char *arg )
+{
+ int rc;
+
+ switch( option ) {
+ case LDAP_OPT_X_SASL_SECPROPS:
+ rc = ldap_pvt_sasl_secprops( arg, &lo->ldo_sasl_secprops );
+ if( rc == LDAP_SUCCESS ) return 0;
+ }
+
+ return -1;
+}
+
+int
+ldap_int_sasl_get_option( LDAP *ld, int option, void *arg )
+{
+ if ( ld == NULL )
+ return -1;
+
+ switch ( option ) {
+ case LDAP_OPT_X_SASL_MECH: {
+ *(char **)arg = ld->ld_options.ldo_def_sasl_mech
+ ? LDAP_STRDUP( ld->ld_options.ldo_def_sasl_mech ) : NULL;
+ } break;
+ case LDAP_OPT_X_SASL_REALM: {
+ *(char **)arg = ld->ld_options.ldo_def_sasl_realm
+ ? LDAP_STRDUP( ld->ld_options.ldo_def_sasl_realm ) : NULL;
+ } break;
+ case LDAP_OPT_X_SASL_AUTHCID: {
+ *(char **)arg = ld->ld_options.ldo_def_sasl_authcid
+ ? LDAP_STRDUP( ld->ld_options.ldo_def_sasl_authcid ) : NULL;
+ } break;
+ case LDAP_OPT_X_SASL_AUTHZID: {
+ *(char **)arg = ld->ld_options.ldo_def_sasl_authzid
+ ? LDAP_STRDUP( ld->ld_options.ldo_def_sasl_authzid ) : NULL;
+ } break;
+
+ case LDAP_OPT_X_SASL_SSF: {
+ int sc;
+ sasl_ssf_t *ssf;
+ sasl_conn_t *ctx;
+
+ if( ld->ld_defconn == NULL ) {
+ return -1;
+ }
+
+ ctx = ld->ld_defconn->lconn_sasl_sockctx;
+
+ if ( ctx == NULL ) {
+ return -1;
+ }
+
+ sc = sasl_getprop( ctx, SASL_SSF,
+ (SASL_CONST void **) &ssf );
+
+ if ( sc != SASL_OK ) {
+ return -1;
+ }
+
+ *(ber_len_t *)arg = *ssf;
+ } break;
+
+ case LDAP_OPT_X_SASL_SSF_EXTERNAL:
+ /* this option is write only */
+ return -1;
+
+ case LDAP_OPT_X_SASL_SSF_MIN:
+ *(ber_len_t *)arg = ld->ld_options.ldo_sasl_secprops.min_ssf;
+ break;
+ case LDAP_OPT_X_SASL_SSF_MAX:
+ *(ber_len_t *)arg = ld->ld_options.ldo_sasl_secprops.max_ssf;
+ break;
+ case LDAP_OPT_X_SASL_MAXBUFSIZE:
+ *(ber_len_t *)arg = ld->ld_options.ldo_sasl_secprops.maxbufsize;
+ break;
+
+ case LDAP_OPT_X_SASL_SECPROPS:
+ /* this option is write only */
+ return -1;
+
+ default:
+ return -1;
+ }
+ return 0;
+}
+
+int
+ldap_int_sasl_set_option( LDAP *ld, int option, void *arg )
+{
+ if ( ld == NULL )
+ return -1;
+
+ switch ( option ) {
+ case LDAP_OPT_X_SASL_SSF:
+ /* This option is read-only */
+ return -1;
+
+ case LDAP_OPT_X_SASL_SSF_EXTERNAL: {
+ int sc;
+#if SASL_VERSION_MAJOR < 2
+ sasl_external_properties_t extprops;
+#endif
+ sasl_conn_t *ctx;
+
+ if( ld->ld_defconn == NULL ) {
+ return -1;
+ }
+
+ ctx = ld->ld_defconn->lconn_sasl_authctx;
+
+ if ( ctx == NULL ) {
+ return -1;
+ }
+
+#if SASL_VERSION_MAJOR >= 2
+ sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, arg);
+#else
+ memset(&extprops, 0L, sizeof(extprops));
+
+ extprops.ssf = * (ber_len_t *) arg;
+
+ sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL,
+ (void *) &extprops );
+#endif
+
+ if ( sc != SASL_OK ) {
+ return -1;
+ }
+ } break;
+
+ case LDAP_OPT_X_SASL_SSF_MIN:
+ ld->ld_options.ldo_sasl_secprops.min_ssf = *(ber_len_t *)arg;
+ break;
+ case LDAP_OPT_X_SASL_SSF_MAX:
+ ld->ld_options.ldo_sasl_secprops.max_ssf = *(ber_len_t *)arg;
+ break;
+ case LDAP_OPT_X_SASL_MAXBUFSIZE:
+ ld->ld_options.ldo_sasl_secprops.maxbufsize = *(ber_len_t *)arg;
+ break;
+
+ case LDAP_OPT_X_SASL_SECPROPS: {
+ int sc;
+ sc = ldap_pvt_sasl_secprops( (char *) arg,
+ &ld->ld_options.ldo_sasl_secprops );
+
+ return sc == LDAP_SUCCESS ? 0 : -1;
+ }
+
+ default:
+ return -1;
+ }
+ return 0;
+}
+
+#ifdef LDAP_R_COMPILE
+#define LDAP_DEBUG_R_SASL
+void *ldap_pvt_sasl_mutex_new(void)
+{
+ ldap_pvt_thread_mutex_t *mutex;
+
+ mutex = (ldap_pvt_thread_mutex_t *) LDAP_MALLOC(
+ sizeof(ldap_pvt_thread_mutex_t) );
+
+ if ( ldap_pvt_thread_mutex_init( mutex ) == 0 ) {
+ return mutex;
+ }
+#ifndef LDAP_DEBUG_R_SASL
+ assert( 0 );
+#endif /* !LDAP_DEBUG_R_SASL */
+ return NULL;
+}
+
+int ldap_pvt_sasl_mutex_lock(void *mutex)
+{
+#ifdef LDAP_DEBUG_R_SASL
+ if ( mutex == NULL ) {
+ return SASL_OK;
+ }
+#else /* !LDAP_DEBUG_R_SASL */
+ assert( mutex != NULL );
+#endif /* !LDAP_DEBUG_R_SASL */
+ return ldap_pvt_thread_mutex_lock( (ldap_pvt_thread_mutex_t *)mutex )
+ ? SASL_FAIL : SASL_OK;
+}
+
+int ldap_pvt_sasl_mutex_unlock(void *mutex)
+{
+#ifdef LDAP_DEBUG_R_SASL
+ if ( mutex == NULL ) {
+ return SASL_OK;
+ }
+#else /* !LDAP_DEBUG_R_SASL */
+ assert( mutex != NULL );
+#endif /* !LDAP_DEBUG_R_SASL */
+ return ldap_pvt_thread_mutex_unlock( (ldap_pvt_thread_mutex_t *)mutex )
+ ? SASL_FAIL : SASL_OK;
+}
+
+void ldap_pvt_sasl_mutex_dispose(void *mutex)
+{
+#ifdef LDAP_DEBUG_R_SASL
+ if ( mutex == NULL ) {
+ return;
+ }
+#else /* !LDAP_DEBUG_R_SASL */
+ assert( mutex != NULL );
+#endif /* !LDAP_DEBUG_R_SASL */
+ (void) ldap_pvt_thread_mutex_destroy( (ldap_pvt_thread_mutex_t *)mutex );
+ LDAP_FREE( mutex );
+}
+#endif
+
+#else
+int ldap_int_sasl_init( void )
+{ return LDAP_SUCCESS; }
+
+int ldap_int_sasl_close( LDAP *ld, LDAPConn *lc )
+{ return LDAP_SUCCESS; }
+
+int
+ldap_int_sasl_bind(
+ LDAP *ld,
+ const char *dn,
+ const char *mechs,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ unsigned flags,
+ LDAP_SASL_INTERACT_PROC *interact,
+ void * defaults )
+{ return LDAP_NOT_SUPPORTED; }
+
+int
+ldap_int_sasl_external(
+ LDAP *ld,
+ LDAPConn *conn,
+ const char * authid,
+ ber_len_t ssf )
+{ return LDAP_SUCCESS; }
+
+#endif /* HAVE_CYRUS_SASL */
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/delete.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/delete.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/delete.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,161 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/delete.c,v 1.23.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/*
+ * Portions Copyright (C) The Internet Society (1997)
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+/*
+ * A delete request looks like this:
+ * DelRequet ::= DistinguishedName,
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+/*
+ * ldap_delete_ext - initiate an ldap extended delete operation. Parameters:
+ *
+ * ld LDAP descriptor
+ * dn DN of the object to delete
+ * sctrls Server Controls
+ * cctrls Client Controls
+ * msgidp Message Id Pointer
+ *
+ * Example:
+ * rc = ldap_delete( ld, dn, sctrls, cctrls, msgidp );
+ */
+int
+ldap_delete_ext(
+ LDAP *ld,
+ LDAP_CONST char* dn,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ int rc;
+ BerElement *ber;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_delete_ext\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( dn != NULL );
+ assert( msgidp != NULL );
+
+ /* check client controls */
+ rc = ldap_int_client_controls( ld, cctrls );
+ if( rc != LDAP_SUCCESS ) return rc;
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return( ld->ld_errno );
+ }
+
+ LDAP_NEXT_MSGID( ld, id );
+ rc = ber_printf( ber, "{its", /* '}' */
+ id, LDAP_REQ_DELETE, dn );
+ if ( rc == -1 )
+ {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( ld->ld_errno );
+ }
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( ld->ld_errno );
+ }
+
+ /* send the message */
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_DELETE, dn, ber, id );
+
+ if(*msgidp < 0)
+ return ld->ld_errno;
+
+ return LDAP_SUCCESS;
+}
+
+int
+ldap_delete_ext_s(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+ int msgid;
+ int rc;
+ LDAPMessage *res;
+
+ rc = ldap_delete_ext( ld, dn, sctrls, cctrls, &msgid );
+
+ if( rc != LDAP_SUCCESS )
+ return( ld->ld_errno );
+
+ if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 )
+ return( ld->ld_errno );
+
+ return( ldap_result2error( ld, res, 1 ) );
+}
+/*
+ * ldap_delete - initiate an ldap (and X.500) delete operation. Parameters:
+ *
+ * ld LDAP descriptor
+ * dn DN of the object to delete
+ *
+ * Example:
+ * msgid = ldap_delete( ld, dn );
+ */
+int
+ldap_delete( LDAP *ld, LDAP_CONST char *dn )
+{
+ int msgid;
+
+ /*
+ * A delete request looks like this:
+ * DelRequet ::= DistinguishedName,
+ */
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_delete\n", 0, 0, 0 );
+
+ return ldap_delete_ext( ld, dn, NULL, NULL, &msgid ) == LDAP_SUCCESS
+ ? msgid : -1 ;
+}
+
+
+int
+ldap_delete_s( LDAP *ld, LDAP_CONST char *dn )
+{
+ return ldap_delete_ext_s( ld, dn, NULL, NULL );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/dnssrv.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/dnssrv.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/dnssrv.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,322 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/dnssrv.c,v 1.37.2.4 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * locate LDAP servers using DNS SRV records.
+ * Location code based on MIT Kerberos KDC location code.
+ */
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/param.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+
+int ldap_dn2domain(
+ LDAP_CONST char *dn_in,
+ char **domainp)
+{
+ int i, j;
+ char *ndomain;
+ LDAPDN dn = NULL;
+ LDAPRDN rdn = NULL;
+ LDAPAVA *ava = NULL;
+ struct berval domain = BER_BVNULL;
+ static const struct berval DC = BER_BVC("DC");
+ static const struct berval DCOID = BER_BVC("0.9.2342.19200300.100.1.25");
+
+ assert( dn_in != NULL );
+ assert( domainp != NULL );
+
+ *domainp = NULL;
+
+ if ( ldap_str2dn( dn_in, &dn, LDAP_DN_FORMAT_LDAP ) != LDAP_SUCCESS ) {
+ return -2;
+ }
+
+ if( dn ) for( i=0; dn[i] != NULL; i++ ) {
+ rdn = dn[i];
+
+ for( j=0; rdn[j] != NULL; j++ ) {
+ ava = rdn[j];
+
+ if( rdn[j+1] == NULL &&
+ (ava->la_flags & LDAP_AVA_STRING) &&
+ ava->la_value.bv_len &&
+ ( ber_bvstrcasecmp( &ava->la_attr, &DC ) == 0
+ || ber_bvcmp( &ava->la_attr, &DCOID ) == 0 ) )
+ {
+ if( domain.bv_len == 0 ) {
+ ndomain = LDAP_REALLOC( domain.bv_val,
+ ava->la_value.bv_len + 1);
+
+ if( ndomain == NULL ) {
+ goto return_error;
+ }
+
+ domain.bv_val = ndomain;
+
+ AC_MEMCPY( domain.bv_val, ava->la_value.bv_val,
+ ava->la_value.bv_len );
+
+ domain.bv_len = ava->la_value.bv_len;
+ domain.bv_val[domain.bv_len] = '\0';
+
+ } else {
+ ndomain = LDAP_REALLOC( domain.bv_val,
+ ava->la_value.bv_len + sizeof(".") + domain.bv_len );
+
+ if( ndomain == NULL ) {
+ goto return_error;
+ }
+
+ domain.bv_val = ndomain;
+ domain.bv_val[domain.bv_len++] = '.';
+ AC_MEMCPY( &domain.bv_val[domain.bv_len],
+ ava->la_value.bv_val, ava->la_value.bv_len );
+ domain.bv_len += ava->la_value.bv_len;
+ domain.bv_val[domain.bv_len] = '\0';
+ }
+ } else {
+ domain.bv_len = 0;
+ }
+ }
+ }
+
+
+ if( domain.bv_len == 0 && domain.bv_val != NULL ) {
+ LDAP_FREE( domain.bv_val );
+ domain.bv_val = NULL;
+ }
+
+ ldap_dnfree( dn );
+ *domainp = domain.bv_val;
+ return 0;
+
+return_error:
+ ldap_dnfree( dn );
+ LDAP_FREE( domain.bv_val );
+ return -1;
+}
+
+int ldap_domain2dn(
+ LDAP_CONST char *domain_in,
+ char **dnp)
+{
+ char *domain, *s, *tok_r, *dn, *dntmp;
+ size_t loc;
+
+ assert( domain_in != NULL );
+ assert( dnp != NULL );
+
+ domain = LDAP_STRDUP(domain_in);
+ if (domain == NULL) {
+ return LDAP_NO_MEMORY;
+ }
+ dn = NULL;
+ loc = 0;
+
+ for (s = ldap_pvt_strtok(domain, ".", &tok_r);
+ s != NULL;
+ s = ldap_pvt_strtok(NULL, ".", &tok_r))
+ {
+ size_t len = strlen(s);
+
+ dntmp = (char *) LDAP_REALLOC(dn, loc + sizeof(",dc=") + len );
+ if (dntmp == NULL) {
+ if (dn != NULL)
+ LDAP_FREE(dn);
+ LDAP_FREE(domain);
+ return LDAP_NO_MEMORY;
+ }
+
+ dn = dntmp;
+
+ if (loc > 0) {
+ /* not first time. */
+ strcpy(dn + loc, ",");
+ loc++;
+ }
+ strcpy(dn + loc, "dc=");
+ loc += sizeof("dc=")-1;
+
+ strcpy(dn + loc, s);
+ loc += len;
+ }
+
+ LDAP_FREE(domain);
+ *dnp = dn;
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Lookup and return LDAP servers for domain (using the DNS
+ * SRV record _ldap._tcp.domain).
+ */
+int ldap_domain2hostlist(
+ LDAP_CONST char *domain,
+ char **list )
+{
+#ifdef HAVE_RES_QUERY
+#define DNSBUFSIZ (64*1024)
+ char *request;
+ char *hostlist = NULL;
+ int rc, len, cur = 0;
+ unsigned char reply[DNSBUFSIZ];
+
+ assert( domain != NULL );
+ assert( list != NULL );
+
+ if( *domain == '\0' ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ request = LDAP_MALLOC(strlen(domain) + sizeof("_ldap._tcp."));
+ if (request == NULL) {
+ return LDAP_NO_MEMORY;
+ }
+ sprintf(request, "_ldap._tcp.%s", domain);
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock(&ldap_int_resolv_mutex);
+#endif
+
+ rc = LDAP_UNAVAILABLE;
+#ifdef NS_HFIXEDSZ
+ /* Bind 8/9 interface */
+ len = res_query(request, ns_c_in, ns_t_srv, reply, sizeof(reply));
+# ifndef T_SRV
+# define T_SRV ns_t_srv
+# endif
+#else
+ /* Bind 4 interface */
+# ifndef T_SRV
+# define T_SRV 33
+# endif
+
+ len = res_query(request, C_IN, T_SRV, reply, sizeof(reply));
+#endif
+ if (len >= 0) {
+ unsigned char *p;
+ char host[DNSBUFSIZ];
+ int status;
+ u_short port;
+ /* int priority, weight; */
+
+ /* Parse out query */
+ p = reply;
+
+#ifdef NS_HFIXEDSZ
+ /* Bind 8/9 interface */
+ p += NS_HFIXEDSZ;
+#elif defined(HFIXEDSZ)
+ /* Bind 4 interface w/ HFIXEDSZ */
+ p += HFIXEDSZ;
+#else
+ /* Bind 4 interface w/o HFIXEDSZ */
+ p += sizeof(HEADER);
+#endif
+
+ status = dn_expand(reply, reply + len, p, host, sizeof(host));
+ if (status < 0) {
+ goto out;
+ }
+ p += status;
+ p += 4;
+
+ while (p < reply + len) {
+ int type, class, ttl, size;
+ status = dn_expand(reply, reply + len, p, host, sizeof(host));
+ if (status < 0) {
+ goto out;
+ }
+ p += status;
+ type = (p[0] << 8) | p[1];
+ p += 2;
+ class = (p[0] << 8) | p[1];
+ p += 2;
+ ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+ p += 4;
+ size = (p[0] << 8) | p[1];
+ p += 2;
+ if (type == T_SRV) {
+ int buflen;
+ status = dn_expand(reply, reply + len, p + 6, host, sizeof(host));
+ if (status < 0) {
+ goto out;
+ }
+ /* ignore priority and weight for now */
+ /* priority = (p[0] << 8) | p[1]; */
+ /* weight = (p[2] << 8) | p[3]; */
+ port = (p[4] << 8) | p[5];
+
+ if ( port == 0 || host[ 0 ] == '\0' ) {
+ goto add_size;
+ }
+
+ buflen = strlen(host) + STRLENOF(":65355 ");
+ hostlist = (char *) LDAP_REALLOC(hostlist, cur + buflen + 1);
+ if (hostlist == NULL) {
+ rc = LDAP_NO_MEMORY;
+ goto out;
+ }
+ if (cur > 0) {
+ /* not first time around */
+ hostlist[cur++] = ' ';
+ }
+ cur += sprintf(&hostlist[cur], "%s:%hd", host, port);
+ }
+add_size:;
+ p += size;
+ }
+ }
+ if (hostlist == NULL) {
+ /* No LDAP servers found in DNS. */
+ rc = LDAP_UNAVAILABLE;
+ goto out;
+ }
+
+ rc = LDAP_SUCCESS;
+ *list = hostlist;
+
+ out:
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock(&ldap_int_resolv_mutex);
+#endif
+
+ if (request != NULL) {
+ LDAP_FREE(request);
+ }
+ if (rc != LDAP_SUCCESS && hostlist != NULL) {
+ LDAP_FREE(hostlist);
+ }
+ return rc;
+#else
+ return LDAP_NOT_SUPPORTED;
+#endif /* HAVE_RES_QUERY */
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/dntest.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/dntest.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/dntest.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,299 @@
+/* dntest.c -- OpenLDAP DN API Test Program */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/dntest.c,v 1.24.2.4 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This program was initially developed by Pierangelo Masarati <ando at OpenLDAP.org>
+ * for inclusion in OpenLDAP Software.
+ */
+
+/*
+ * This program is designed to test the ldap_str2dn/ldap_dn2str
+ * functions
+ */
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include <ldap.h>
+
+#include "ldap-int.h"
+
+#include "ldif.h"
+#include "lutil.h"
+#include "lutil_ldap.h"
+#include "ldap_defaults.h"
+
+int
+main( int argc, char *argv[] )
+{
+ int rc, i, debug = 0, f2 = 0;
+ unsigned flags[ 2 ] = { 0U, 0 };
+ char *strin, *str = NULL, buf[ 1024 ];
+ LDAPDN dn, dn2 = NULL;
+
+ while ( 1 ) {
+ int opt = getopt( argc, argv, "d:" );
+
+ if ( opt == EOF ) {
+ break;
+ }
+
+ switch ( opt ) {
+ case 'd':
+ debug = atoi( optarg );
+ break;
+ }
+ }
+
+ optind--;
+ argc -= optind;
+ argv += optind;
+
+ if ( argc < 2 ) {
+ fprintf( stderr, "usage: dntest <dn> [flags-in[,...]] [flags-out[,...]]\n\n" );
+ fprintf( stderr, "\tflags-in: V3,V2,DCE,<flags>\n" );
+ fprintf( stderr, "\tflags-out: V3,V2,UFN,DCE,AD,<flags>\n\n" );
+ fprintf( stderr, "\t<flags>: PRETTY,PEDANTIC,NOSPACES,NOONESPACE\n\n" );
+ return( 0 );
+ }
+
+ if ( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) {
+ fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug );
+ }
+ if ( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug ) != LDAP_OPT_SUCCESS ) {
+ fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug );
+ }
+
+ if ( strcmp( argv[ 1 ], "-" ) == 0 ) {
+ size_t len;
+
+ fgets( buf, sizeof( buf ), stdin );
+ len = strlen( buf );
+ if ( len > 0 && buf[ --len ] == '\n' ) {
+ buf[ len ] = '\0';
+ }
+ strin = buf;
+ } else {
+ strin = argv[ 1 ];
+ }
+
+ if ( argc >= 3 ) {
+ for ( i = 0; i < argc - 2; i++ ) {
+ char *s, *e;
+ for ( s = argv[ 2 + i ]; s; s = e ) {
+ e = strchr( s, ',' );
+ if ( e != NULL ) {
+ e[ 0 ] = '\0';
+ e++;
+ }
+
+ if ( !strcasecmp( s, "V3" ) ) {
+ flags[ i ] |= LDAP_DN_FORMAT_LDAPV3;
+ } else if ( !strcasecmp( s, "V2" ) ) {
+ flags[ i ] |= LDAP_DN_FORMAT_LDAPV2;
+ } else if ( !strcasecmp( s, "DCE" ) ) {
+ flags[ i ] |= LDAP_DN_FORMAT_DCE;
+ } else if ( !strcasecmp( s, "UFN" ) ) {
+ flags[ i ] |= LDAP_DN_FORMAT_UFN;
+ } else if ( !strcasecmp( s, "AD" ) ) {
+ flags[ i ] |= LDAP_DN_FORMAT_AD_CANONICAL;
+ } else if ( !strcasecmp( s, "PRETTY" ) ) {
+ flags[ i ] |= LDAP_DN_PRETTY;
+ } else if ( !strcasecmp( s, "PEDANTIC" ) ) {
+ flags[ i ] |= LDAP_DN_PEDANTIC;
+ } else if ( !strcasecmp( s, "NOSPACES" ) ) {
+ flags[ i ] |= LDAP_DN_P_NOLEADTRAILSPACES;
+ } else if ( !strcasecmp( s, "NOONESPACE" ) ) {
+ flags[ i ] |= LDAP_DN_P_NOSPACEAFTERRDN;
+ }
+ }
+ }
+ }
+
+ if ( flags[ 1 ] == 0 )
+ flags[ 1 ] = LDAP_DN_FORMAT_LDAPV3;
+
+ f2 = 1;
+
+ rc = ldap_str2dn( strin, &dn, flags[ 0 ] );
+
+ if ( rc == LDAP_SUCCESS ) {
+ int i;
+ if ( dn ) {
+ for ( i = 0; dn[ i ]; i++ ) {
+ LDAPRDN rdn = dn[ i ];
+ char *rstr = NULL;
+
+ if ( ldap_rdn2str( rdn, &rstr, flags[ f2 ] ) ) {
+ fprintf( stdout, "\tldap_rdn2str() failed\n" );
+ continue;
+ }
+
+ fprintf( stdout, "\tldap_rdn2str() = \"%s\"\n", rstr );
+ ldap_memfree( rstr );
+ }
+ } else {
+ fprintf( stdout, "\tempty DN\n" );
+ }
+ }
+
+ str = NULL;
+ if ( rc == LDAP_SUCCESS &&
+ ldap_dn2str( dn, &str, flags[ f2 ] ) == LDAP_SUCCESS )
+ {
+ char **values, *tmp, *tmp2, *str2 = NULL;
+ int n;
+
+ fprintf( stdout, "\nldap_dn2str(ldap_str2dn(\"%s\"))\n"
+ "\t= \"%s\"\n", strin, str );
+
+ switch ( flags[ f2 ] & LDAP_DN_FORMAT_MASK ) {
+ case LDAP_DN_FORMAT_UFN:
+ case LDAP_DN_FORMAT_AD_CANONICAL:
+ return( 0 );
+
+ case LDAP_DN_FORMAT_LDAPV3:
+ case LDAP_DN_FORMAT_LDAPV2:
+ n = ldap_dn2domain( strin, &tmp );
+ if ( n ) {
+ fprintf( stdout, "\nldap_dn2domain(\"%s\") FAILED\n", strin );
+ } else {
+ fprintf( stdout, "\nldap_dn2domain(\"%s\")\n"
+ "\t= \"%s\"\n", strin, tmp ? tmp : "" );
+ }
+ ldap_memfree( tmp );
+
+ tmp = ldap_dn2ufn( strin );
+ fprintf( stdout, "\nldap_dn2ufn(\"%s\")\n"
+ "\t= \"%s\"\n", strin, tmp ? tmp : "" );
+ ldap_memfree( tmp );
+
+ tmp = ldap_dn2dcedn( strin );
+ fprintf( stdout, "\nldap_dn2dcedn(\"%s\")\n"
+ "\t= \"%s\"\n", strin, tmp ? tmp : "" );
+ tmp2 = ldap_dcedn2dn( tmp );
+ fprintf( stdout, "\nldap_dcedn2dn(\"%s\")\n"
+ "\t= \"%s\"\n",
+ tmp ? tmp : "", tmp2 ? tmp2 : "" );
+ ldap_memfree( tmp );
+ ldap_memfree( tmp2 );
+
+ tmp = ldap_dn2ad_canonical( strin );
+ fprintf( stdout, "\nldap_dn2ad_canonical(\"%s\")\n"
+ "\t= \"%s\"\n", strin, tmp ? tmp : "" );
+ ldap_memfree( tmp );
+
+ fprintf( stdout, "\nldap_explode_dn(\"%s\"):\n", str );
+ values = ldap_explode_dn( str, 0 );
+ for ( n = 0; values && values[ n ]; n++ ) {
+ char **vv;
+ int nn;
+
+ fprintf( stdout, "\t\"%s\"\n", values[ n ] );
+
+ fprintf( stdout, "\tldap_explode_rdn(\"%s\")\n",
+ values[ n ] );
+ vv = ldap_explode_rdn( values[ n ], 0 );
+ for ( nn = 0; vv && vv[ nn ]; nn++ ) {
+ fprintf( stdout, "\t\t'%s'\n",
+ vv[ nn ] );
+ }
+ LDAP_VFREE( vv );
+
+ fprintf( stdout, "\tldap_explode_rdn(\"%s\")"
+ " (no types)\n", values[ n ] );
+ vv = ldap_explode_rdn( values[ n ], 1 );
+ for ( nn = 0; vv && vv[ nn ]; nn++ ) {
+ fprintf( stdout, "\t\t\t\"%s\"\n",
+ vv[ nn ] );
+ }
+ LDAP_VFREE( vv );
+
+ }
+ LDAP_VFREE( values );
+
+ fprintf( stdout, "\nldap_explode_dn(\"%s\")"
+ " (no types):\n", str );
+ values = ldap_explode_dn( str, 1 );
+ for ( n = 0; values && values[ n ]; n++ ) {
+ fprintf( stdout, "\t\"%s\"\n", values[ n ] );
+ }
+ LDAP_VFREE( values );
+
+ break;
+ }
+
+ dn2 = NULL;
+ rc = ldap_str2dn( str, &dn2, flags[ f2 ] );
+ str2 = NULL;
+ if ( rc == LDAP_SUCCESS &&
+ ldap_dn2str( dn2, &str2, flags[ f2 ] )
+ == LDAP_SUCCESS ) {
+ int iRDN;
+
+ fprintf( stdout, "\n\"%s\"\n\t == \"%s\" ? %s\n",
+ str, str2,
+ strcmp( str, str2 ) == 0 ? "yes" : "no" );
+
+ if( dn != NULL && dn2 == NULL ) {
+ fprintf( stdout, "dn mismatch\n" );
+ } else if (( dn != NULL ) && (dn2 != NULL))
+ for ( iRDN = 0; dn[ iRDN ] && dn2[ iRDN ]; iRDN++ )
+ {
+ LDAPRDN r = dn[ iRDN ];
+ LDAPRDN r2 = dn2[ iRDN ];
+ int iAVA;
+
+ for ( iAVA = 0; r[ iAVA ] && r2[ iAVA ]; iAVA++ ) {
+ LDAPAVA *a = r[ iAVA ];
+ LDAPAVA *a2 = r2[ iAVA ];
+
+ if ( a->la_attr.bv_len != a2->la_attr.bv_len ) {
+ fprintf( stdout, "ava(%d), rdn(%d) attr len mismatch (%ld->%ld)\n",
+ iAVA + 1, iRDN + 1,
+ a->la_attr.bv_len, a2->la_attr.bv_len );
+ } else if ( memcmp( a->la_attr.bv_val, a2->la_attr.bv_val, a->la_attr.bv_len ) ) {
+ fprintf( stdout, "ava(%d), rdn(%d) attr mismatch\n",
+ iAVA + 1, iRDN + 1 );
+ } else if ( a->la_flags != a2->la_flags ) {
+ fprintf( stdout, "ava(%d), rdn(%d) flag mismatch (%x->%x)\n",
+ iAVA + 1, iRDN + 1, a->la_flags, a2->la_flags );
+ } else if ( a->la_value.bv_len != a2->la_value.bv_len ) {
+ fprintf( stdout, "ava(%d), rdn(%d) value len mismatch (%ld->%ld)\n",
+ iAVA + 1, iRDN + 1,
+ a->la_value.bv_len, a2->la_value.bv_len );
+ } else if ( memcmp( a->la_value.bv_val, a2->la_value.bv_val, a->la_value.bv_len ) ) {
+ fprintf( stdout, "ava(%d), rdn(%d) value mismatch\n",
+ iAVA + 1, iRDN + 1 );
+ }
+ }
+ }
+
+ ldap_dnfree( dn2 );
+ ldap_memfree( str2 );
+ }
+ ldap_memfree( str );
+ }
+ ldap_dnfree( dn );
+
+ /* note: dn is not freed */
+
+ return( 0 );
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/error.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/error.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/error.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,434 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/error.c,v 1.64.2.9 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (C) The Internet Society (1997)
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+struct ldaperror {
+ int e_code;
+ char *e_reason;
+};
+
+static struct ldaperror ldap_builtin_errlist[] = {
+ {LDAP_SUCCESS, N_("Success")},
+ {LDAP_OPERATIONS_ERROR, N_("Operations error")},
+ {LDAP_PROTOCOL_ERROR, N_("Protocol error")},
+ {LDAP_TIMELIMIT_EXCEEDED, N_("Time limit exceeded")},
+ {LDAP_SIZELIMIT_EXCEEDED, N_("Size limit exceeded")},
+ {LDAP_COMPARE_FALSE, N_("Compare False")},
+ {LDAP_COMPARE_TRUE, N_("Compare True")},
+ {LDAP_STRONG_AUTH_NOT_SUPPORTED, N_("Authentication method not supported")},
+ {LDAP_STRONG_AUTH_REQUIRED, N_("Strong(er) authentication required")},
+ {LDAP_PARTIAL_RESULTS, N_("Partial results and referral received")},
+
+ {LDAP_REFERRAL, N_("Referral")},
+ {LDAP_ADMINLIMIT_EXCEEDED, N_("Administrative limit exceeded")},
+ {LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
+ N_("Critical extension is unavailable")},
+ {LDAP_CONFIDENTIALITY_REQUIRED, N_("Confidentiality required")},
+ {LDAP_SASL_BIND_IN_PROGRESS, N_("SASL bind in progress")},
+
+ {LDAP_NO_SUCH_ATTRIBUTE, N_("No such attribute")},
+ {LDAP_UNDEFINED_TYPE, N_("Undefined attribute type")},
+ {LDAP_INAPPROPRIATE_MATCHING, N_("Inappropriate matching")},
+ {LDAP_CONSTRAINT_VIOLATION, N_("Constraint violation")},
+ {LDAP_TYPE_OR_VALUE_EXISTS, N_("Type or value exists")},
+ {LDAP_INVALID_SYNTAX, N_("Invalid syntax")},
+
+ {LDAP_NO_SUCH_OBJECT, N_("No such object")},
+ {LDAP_ALIAS_PROBLEM, N_("Alias problem")},
+ {LDAP_INVALID_DN_SYNTAX, N_("Invalid DN syntax")},
+ {LDAP_IS_LEAF, N_("Entry is a leaf")},
+ {LDAP_ALIAS_DEREF_PROBLEM, N_("Alias dereferencing problem")},
+
+ {LDAP_PROXY_AUTHZ_FAILURE, N_("Proxy Authorization Failure")},
+ {LDAP_INAPPROPRIATE_AUTH, N_("Inappropriate authentication")},
+ {LDAP_INVALID_CREDENTIALS, N_("Invalid credentials")},
+ {LDAP_INSUFFICIENT_ACCESS, N_("Insufficient access")},
+ {LDAP_BUSY, N_("Server is busy")},
+ {LDAP_UNAVAILABLE, N_("Server is unavailable")},
+ {LDAP_UNWILLING_TO_PERFORM, N_("Server is unwilling to perform")},
+ {LDAP_LOOP_DETECT, N_("Loop detected")},
+
+ {LDAP_NAMING_VIOLATION, N_("Naming violation")},
+ {LDAP_OBJECT_CLASS_VIOLATION, N_("Object class violation")},
+ {LDAP_NOT_ALLOWED_ON_NONLEAF, N_("Operation not allowed on non-leaf")},
+ {LDAP_NOT_ALLOWED_ON_RDN, N_("Operation not allowed on RDN")},
+ {LDAP_ALREADY_EXISTS, N_("Already exists")},
+ {LDAP_NO_OBJECT_CLASS_MODS, N_("Cannot modify object class")},
+ {LDAP_RESULTS_TOO_LARGE, N_("Results too large")},
+ {LDAP_AFFECTS_MULTIPLE_DSAS, N_("Operation affects multiple DSAs")},
+
+ {LDAP_OTHER, N_("Internal (implementation specific) error")},
+
+ {LDAP_CANCELLED, N_("Cancelled")},
+ {LDAP_NO_SUCH_OPERATION, N_("No Operation to Cancel")},
+ {LDAP_TOO_LATE, N_("Too Late to Cancel")},
+ {LDAP_CANNOT_CANCEL, N_("Cannot Cancel")},
+
+ {LDAP_ASSERTION_FAILED, N_("Assertion Failed")},
+ {LDAP_X_ASSERTION_FAILED, N_("Assertion Failed (X)")},
+
+ {LDAP_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required")},
+ {LDAP_X_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required (X)")},
+
+ {LDAP_X_NO_OPERATION, N_("No Operation (X)")},
+
+ {LDAP_CUP_RESOURCES_EXHAUSTED, N_("LCUP Resources Exhausted")},
+ {LDAP_CUP_SECURITY_VIOLATION, N_("LCUP Security Violation")},
+ {LDAP_CUP_INVALID_DATA, N_("LCUP Invalid Data")},
+ {LDAP_CUP_UNSUPPORTED_SCHEME, N_("LCUP Unsupported Scheme")},
+ {LDAP_CUP_RELOAD_REQUIRED, N_("LCUP Reload Required")},
+
+#ifdef LDAP_X_TXN
+ {LDAP_X_TXN_SPECIFY_OKAY, N_("TXN specify okay")},
+ {LDAP_X_TXN_ID_INVALID, N_("TXN ID is invalid")},
+#endif
+
+ /* API ResultCodes */
+ {LDAP_SERVER_DOWN, N_("Can't contact LDAP server")},
+ {LDAP_LOCAL_ERROR, N_("Local error")},
+ {LDAP_ENCODING_ERROR, N_("Encoding error")},
+ {LDAP_DECODING_ERROR, N_("Decoding error")},
+ {LDAP_TIMEOUT, N_("Timed out")},
+ {LDAP_AUTH_UNKNOWN, N_("Unknown authentication method")},
+ {LDAP_FILTER_ERROR, N_("Bad search filter")},
+ {LDAP_USER_CANCELLED, N_("User cancelled operation")},
+ {LDAP_PARAM_ERROR, N_("Bad parameter to an ldap routine")},
+ {LDAP_NO_MEMORY, N_("Out of memory")},
+
+ {LDAP_CONNECT_ERROR, N_("Connect error")},
+ {LDAP_NOT_SUPPORTED, N_("Not Supported")},
+ {LDAP_CONTROL_NOT_FOUND, N_("Control not found")},
+ {LDAP_NO_RESULTS_RETURNED, N_("No results returned")},
+ {LDAP_MORE_RESULTS_TO_RETURN, N_("More results to return")},
+ {LDAP_CLIENT_LOOP, N_("Client Loop")},
+ {LDAP_REFERRAL_LIMIT_EXCEEDED, N_("Referral Limit Exceeded")},
+
+ {0, NULL}
+};
+
+static struct ldaperror *ldap_errlist = ldap_builtin_errlist;
+
+void ldap_int_error_init( void ) {
+}
+
+static const struct ldaperror *
+ldap_int_error( int err )
+{
+ int i;
+
+ /* XXYYZ: O(n) search instead of O(1) lookup */
+ for ( i=0; ldap_errlist[i].e_reason != NULL; i++ ) {
+ if ( err == ldap_errlist[i].e_code ) {
+ return &ldap_errlist[i];
+ }
+ }
+
+ return NULL;
+}
+
+char *
+ldap_err2string( int err )
+{
+ const struct ldaperror *e;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_err2string\n", 0, 0, 0 );
+
+ e = ldap_int_error( err );
+
+ if (e) {
+ return e->e_reason;
+
+ } else if ( LDAP_API_ERROR(err) ) {
+ return _("Unknown API error");
+
+ } else if ( LDAP_E_ERROR(err) ) {
+ return _("Unknown (extension) error");
+
+ } else if ( LDAP_X_ERROR(err) ) {
+ return _("Unknown (private extension) error");
+ }
+
+ return _("Unknown error");
+}
+
+/* deprecated */
+void
+ldap_perror( LDAP *ld, LDAP_CONST char *str )
+{
+ int i;
+ const struct ldaperror *e;
+ Debug( LDAP_DEBUG_TRACE, "ldap_perror\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( str != NULL );
+
+ e = ldap_int_error( ld->ld_errno );
+
+ fprintf( stderr, "%s: %s (%d)\n",
+ str ? str : "ldap_perror",
+ e ? _(e->e_reason) : _("unknown result code"),
+ ld->ld_errno );
+
+ if ( ld->ld_matched != NULL && ld->ld_matched[0] != '\0' ) {
+ fprintf( stderr, _("\tmatched DN: %s\n"), ld->ld_matched );
+ }
+
+ if ( ld->ld_error != NULL && ld->ld_error[0] != '\0' ) {
+ fprintf( stderr, _("\tadditional info: %s\n"), ld->ld_error );
+ }
+
+ if ( ld->ld_referrals != NULL && ld->ld_referrals[0] != NULL) {
+ fprintf( stderr, _("\treferrals:\n") );
+ for (i=0; ld->ld_referrals[i]; i++) {
+ fprintf( stderr, _("\t\t%s\n"), ld->ld_referrals[i] );
+ }
+ }
+
+ fflush( stderr );
+}
+
+/* deprecated */
+int
+ldap_result2error( LDAP *ld, LDAPMessage *r, int freeit )
+{
+ int rc, err;
+
+ rc = ldap_parse_result( ld, r, &err,
+ NULL, NULL, NULL, NULL, freeit );
+
+ return err != LDAP_SUCCESS ? err : rc;
+}
+
+/*
+ * Parse LDAPResult Messages:
+ *
+ * LDAPResult ::= SEQUENCE {
+ * resultCode ENUMERATED,
+ * matchedDN LDAPDN,
+ * errorMessage LDAPString,
+ * referral [3] Referral OPTIONAL }
+ *
+ * including Bind results:
+ *
+ * BindResponse ::= [APPLICATION 1] SEQUENCE {
+ * COMPONENTS OF LDAPResult,
+ * serverSaslCreds [7] OCTET STRING OPTIONAL }
+ *
+ * and ExtendedOp results:
+ *
+ * ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
+ * COMPONENTS OF LDAPResult,
+ * responseName [10] LDAPOID OPTIONAL,
+ * response [11] OCTET STRING OPTIONAL }
+ *
+ */
+int
+ldap_parse_result(
+ LDAP *ld,
+ LDAPMessage *r,
+ int *errcodep,
+ char **matcheddnp,
+ char **errmsgp,
+ char ***referralsp,
+ LDAPControl ***serverctrls,
+ int freeit )
+{
+ LDAPMessage *lm;
+ ber_int_t errcode = LDAP_SUCCESS;
+
+ ber_tag_t tag;
+ BerElement *ber;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_parse_result\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( r != NULL );
+
+ if(errcodep != NULL) *errcodep = LDAP_SUCCESS;
+ if(matcheddnp != NULL) *matcheddnp = NULL;
+ if(errmsgp != NULL) *errmsgp = NULL;
+ if(referralsp != NULL) *referralsp = NULL;
+ if(serverctrls != NULL) *serverctrls = NULL;
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
+#endif
+ /* Find the result, last msg in chain... */
+ lm = r->lm_chain_tail;
+ /* FIXME: either this is not possible (assert?)
+ * or it should be handled */
+ if ( lm != NULL ) {
+ switch ( lm->lm_msgtype ) {
+ case LDAP_RES_SEARCH_ENTRY:
+ case LDAP_RES_SEARCH_REFERENCE:
+ case LDAP_RES_INTERMEDIATE:
+ lm = NULL;
+ break;
+
+ default:
+ break;
+ }
+ }
+
+ if( lm == NULL ) {
+ ld->ld_errno = LDAP_NO_RESULTS_RETURNED;
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
+#endif
+ return ld->ld_errno;
+ }
+
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ ld->ld_error = NULL;
+ }
+ if ( ld->ld_matched ) {
+ LDAP_FREE( ld->ld_matched );
+ ld->ld_matched = NULL;
+ }
+ if ( ld->ld_referrals ) {
+ LDAP_VFREE( ld->ld_referrals );
+ ld->ld_referrals = NULL;
+ }
+
+ /* parse results */
+
+ ber = ber_dup( lm->lm_ber );
+
+ if ( ld->ld_version < LDAP_VERSION2 ) {
+#ifdef LDAP_NULL_IS_NULL
+ tag = ber_scanf( ber, "{iA}",
+ &ld->ld_errno, &ld->ld_error );
+#else /* ! LDAP_NULL_IS_NULL */
+ tag = ber_scanf( ber, "{ia}",
+ &ld->ld_errno, &ld->ld_error );
+#endif /* ! LDAP_NULL_IS_NULL */
+
+ } else {
+ ber_len_t len;
+
+#ifdef LDAP_NULL_IS_NULL
+ tag = ber_scanf( ber, "{iAA" /*}*/,
+ &ld->ld_errno, &ld->ld_matched, &ld->ld_error );
+#else /* ! LDAP_NULL_IS_NULL */
+ tag = ber_scanf( ber, "{iaa" /*}*/,
+ &ld->ld_errno, &ld->ld_matched, &ld->ld_error );
+#endif /* ! LDAP_NULL_IS_NULL */
+
+ if( tag != LBER_ERROR ) {
+ /* peek for referrals */
+ if( ber_peek_tag(ber, &len) == LDAP_TAG_REFERRAL ) {
+ tag = ber_scanf( ber, "v", &ld->ld_referrals );
+ }
+ }
+
+ /* need to clean out misc items */
+ if( tag != LBER_ERROR ) {
+ if( lm->lm_msgtype == LDAP_RES_BIND ) {
+ /* look for sasl result creditials */
+ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SASL_RES_CREDS ) {
+ /* skip 'em */
+ tag = ber_scanf( ber, "x" );
+ }
+
+ } else if( lm->lm_msgtype == LDAP_RES_EXTENDED ) {
+ /* look for exop result oid or value */
+ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_OID ) {
+ /* skip 'em */
+ tag = ber_scanf( ber, "x" );
+ }
+
+ if ( tag != LBER_ERROR &&
+ ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_VALUE )
+ {
+ /* skip 'em */
+ tag = ber_scanf( ber, "x" );
+ }
+ }
+ }
+
+ if( tag != LBER_ERROR ) {
+ int rc = ldap_pvt_get_controls( ber, serverctrls );
+
+ if( rc != LDAP_SUCCESS ) {
+ tag = LBER_ERROR;
+ }
+ }
+
+ if( tag != LBER_ERROR ) {
+ tag = ber_scanf( ber, /*{*/"}" );
+ }
+ }
+
+ if ( tag == LBER_ERROR ) {
+ ld->ld_errno = errcode = LDAP_DECODING_ERROR;
+ }
+
+ if( ber != NULL ) {
+ ber_free( ber, 0 );
+ }
+
+ /* return */
+ if( errcodep != NULL ) {
+ *errcodep = ld->ld_errno;
+ }
+ if ( errcode == LDAP_SUCCESS ) {
+ if( matcheddnp != NULL ) {
+#ifdef LDAP_NULL_IS_NULL
+ if ( ld->ld_matched )
+#endif /* LDAP_NULL_IS_NULL */
+ {
+ *matcheddnp = LDAP_STRDUP( ld->ld_matched );
+ }
+ }
+ if( errmsgp != NULL ) {
+#ifdef LDAP_NULL_IS_NULL
+ if ( ld->ld_error )
+#endif /* LDAP_NULL_IS_NULL */
+ {
+ *errmsgp = LDAP_STRDUP( ld->ld_error );
+ }
+ }
+
+ if( referralsp != NULL) {
+ *referralsp = ldap_value_dup( ld->ld_referrals );
+ }
+ }
+
+ if ( freeit ) {
+ ldap_msgfree( r );
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
+#endif
+
+ return( errcode );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/extended.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/extended.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/extended.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,412 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/extended.c,v 1.32.2.6 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (C) The Internet Society (1997).
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+/*
+ * LDAPv3 Extended Operation Request
+ * ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
+ * requestName [0] LDAPOID,
+ * requestValue [1] OCTET STRING OPTIONAL
+ * }
+ *
+ * LDAPv3 Extended Operation Response
+ * ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
+ * COMPONENTS OF LDAPResult,
+ * responseName [10] LDAPOID OPTIONAL,
+ * response [11] OCTET STRING OPTIONAL
+ * }
+ *
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+#include "ldap_log.h"
+
+int
+ldap_extended_operation(
+ LDAP *ld,
+ LDAP_CONST char *reqoid,
+ struct berval *reqdata,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ BerElement *ber;
+ int rc;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( reqoid != NULL && *reqoid != '\0' );
+ assert( msgidp != NULL );
+
+ /* must be version 3 (or greater) */
+ if ( ld->ld_version < LDAP_VERSION3 ) {
+ ld->ld_errno = LDAP_NOT_SUPPORTED;
+ return( ld->ld_errno );
+ }
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return( ld->ld_errno );
+ }
+
+ LDAP_NEXT_MSGID( ld, id );
+ if ( reqdata != NULL ) {
+ rc = ber_printf( ber, "{it{tstON}", /* '}' */
+ id, LDAP_REQ_EXTENDED,
+ LDAP_TAG_EXOP_REQ_OID, reqoid,
+ LDAP_TAG_EXOP_REQ_VALUE, reqdata );
+
+ } else {
+ rc = ber_printf( ber, "{it{tsN}", /* '}' */
+ id, LDAP_REQ_EXTENDED,
+ LDAP_TAG_EXOP_REQ_OID, reqoid );
+ }
+
+ if( rc == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( ld->ld_errno );
+ }
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( ld->ld_errno );
+ }
+
+ /* send the message */
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_EXTENDED, NULL, ber, id );
+
+ return( *msgidp < 0 ? ld->ld_errno : LDAP_SUCCESS );
+}
+
+int
+ldap_extended_operation_s(
+ LDAP *ld,
+ LDAP_CONST char *reqoid,
+ struct berval *reqdata,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ char **retoidp,
+ struct berval **retdatap )
+{
+ int rc;
+ int msgid;
+ LDAPMessage *res;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( reqoid != NULL && *reqoid != '\0' );
+
+ rc = ldap_extended_operation( ld, reqoid, reqdata,
+ sctrls, cctrls, &msgid );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return( rc );
+ }
+
+ if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) {
+ return( ld->ld_errno );
+ }
+
+ if ( retoidp != NULL ) *retoidp = NULL;
+ if ( retdatap != NULL ) *retdatap = NULL;
+
+ rc = ldap_parse_extended_result( ld, res, retoidp, retdatap, 0 );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_msgfree( res );
+ return rc;
+ }
+
+ return( ldap_result2error( ld, res, 1 ) );
+}
+
+/* Parse an extended result */
+int
+ldap_parse_extended_result (
+ LDAP *ld,
+ LDAPMessage *res,
+ char **retoidp,
+ struct berval **retdatap,
+ int freeit )
+{
+ BerElement *ber;
+ ber_tag_t rc;
+ ber_tag_t tag;
+ ber_len_t len;
+ struct berval *resdata;
+ ber_int_t errcode;
+ char *resoid;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( res != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_parse_extended_result\n", 0, 0, 0 );
+
+ if( ld->ld_version < LDAP_VERSION3 ) {
+ ld->ld_errno = LDAP_NOT_SUPPORTED;
+ return ld->ld_errno;
+ }
+
+ if( res->lm_msgtype != LDAP_RES_EXTENDED ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ if( retoidp != NULL ) *retoidp = NULL;
+ if( retdatap != NULL ) *retdatap = NULL;
+
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ ld->ld_error = NULL;
+ }
+
+ if ( ld->ld_matched ) {
+ LDAP_FREE( ld->ld_matched );
+ ld->ld_matched = NULL;
+ }
+
+ ber = ber_dup( res->lm_ber );
+
+ if ( ber == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+#ifdef LDAP_NULL_IS_NULL
+ rc = ber_scanf( ber, "{eAA" /*}*/, &errcode,
+ &ld->ld_matched, &ld->ld_error );
+#else /* ! LDAP_NULL_IS_NULL */
+ rc = ber_scanf( ber, "{eaa" /*}*/, &errcode,
+ &ld->ld_matched, &ld->ld_error );
+#endif /* ! LDAP_NULL_IS_NULL */
+
+ if( rc == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free( ber, 0 );
+ return ld->ld_errno;
+ }
+
+ resoid = NULL;
+ resdata = NULL;
+
+ tag = ber_peek_tag( ber, &len );
+
+ if( tag == LDAP_TAG_REFERRAL ) {
+ /* skip over referral */
+ if( ber_scanf( ber, "x" ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free( ber, 0 );
+ return ld->ld_errno;
+ }
+
+ tag = ber_peek_tag( ber, &len );
+ }
+
+ if( tag == LDAP_TAG_EXOP_RES_OID ) {
+ /* we have a resoid */
+ if( ber_scanf( ber, "a", &resoid ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free( ber, 0 );
+ return ld->ld_errno;
+ }
+
+#ifdef LDAP_NULL_IS_NULL
+ assert( resoid[ 0 ] != '\0' );
+#endif /* LDAP_NULL_IS_NULL */
+
+ tag = ber_peek_tag( ber, &len );
+ }
+
+ if( tag == LDAP_TAG_EXOP_RES_VALUE ) {
+ /* we have a resdata */
+ if( ber_scanf( ber, "O", &resdata ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free( ber, 0 );
+ if( resoid != NULL ) LDAP_FREE( resoid );
+ return ld->ld_errno;
+ }
+ }
+
+ ber_free( ber, 0 );
+
+ if( retoidp != NULL ) {
+ *retoidp = resoid;
+ } else {
+ LDAP_FREE( resoid );
+ }
+
+ if( retdatap != NULL ) {
+ *retdatap = resdata;
+ } else {
+ ber_bvfree( resdata );
+ }
+
+ ld->ld_errno = errcode;
+
+ if( freeit ) {
+ ldap_msgfree( res );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+
+/* Parse an extended partial */
+int
+ldap_parse_intermediate (
+ LDAP *ld,
+ LDAPMessage *res,
+ char **retoidp,
+ struct berval **retdatap,
+ LDAPControl ***serverctrls,
+ int freeit )
+{
+ BerElement *ber;
+ ber_tag_t rc;
+ ber_tag_t tag;
+ ber_len_t len;
+ struct berval *resdata;
+ char *resoid;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( res != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_parse_intermediate\n", 0, 0, 0 );
+
+ if( ld->ld_version < LDAP_VERSION3 ) {
+ ld->ld_errno = LDAP_NOT_SUPPORTED;
+ return ld->ld_errno;
+ }
+
+ if( res->lm_msgtype != LDAP_RES_INTERMEDIATE ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ if( retoidp != NULL ) *retoidp = NULL;
+ if( retdatap != NULL ) *retdatap = NULL;
+
+ ber = ber_dup( res->lm_ber );
+
+ if ( ber == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ rc = ber_scanf( ber, "{" /*}*/ );
+
+ if( rc == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free( ber, 0 );
+ return ld->ld_errno;
+ }
+
+ resoid = NULL;
+ resdata = NULL;
+
+ tag = ber_peek_tag( ber, &len );
+
+ /*
+ * NOTE: accept intermediate and extended response tag values
+ * as older versions of slapd(8) incorrectly used extended
+ * response tags.
+ * Should be removed when 2.2 is moved to Historic.
+ */
+ if( tag == LDAP_TAG_IM_RES_OID || tag == LDAP_TAG_EXOP_RES_OID ) {
+ /* we have a resoid */
+ if( ber_scanf( ber, "a", &resoid ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free( ber, 0 );
+ return ld->ld_errno;
+ }
+
+#ifdef LDAP_NULL_IS_NULL
+ assert( resoid[ 0 ] != '\0' );
+#endif /* LDAP_NULL_IS_NULL */
+
+ tag = ber_peek_tag( ber, &len );
+ }
+
+ if( tag == LDAP_TAG_IM_RES_VALUE || tag == LDAP_TAG_EXOP_RES_VALUE ) {
+ /* we have a resdata */
+ if( ber_scanf( ber, "O", &resdata ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free( ber, 0 );
+ if( resoid != NULL ) LDAP_FREE( resoid );
+ return ld->ld_errno;
+ }
+ }
+
+ if ( serverctrls == NULL ) {
+ rc = LDAP_SUCCESS;
+ goto free_and_return;
+ }
+
+ if ( ber_scanf( ber, /*{*/ "}" ) == LBER_ERROR ) {
+ rc = LDAP_DECODING_ERROR;
+ goto free_and_return;
+ }
+
+ rc = ldap_pvt_get_controls( ber, serverctrls );
+
+free_and_return:
+ ber_free( ber, 0 );
+
+ if( retoidp != NULL ) {
+ *retoidp = resoid;
+ } else {
+ LDAP_FREE( resoid );
+ }
+
+ if( retdatap != NULL ) {
+ *retdatap = resdata;
+ } else {
+ ber_bvfree( resdata );
+ }
+
+ if( freeit ) {
+ ldap_msgfree( res );
+ }
+
+ return LDAP_SUCCESS;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/filter.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/filter.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/filter.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1126 @@
+/* search.c */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/filter.c,v 1.27.2.4 2007/01/10 09:22:18 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/* Portions Copyright (C) The Internet Society (1997).
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+static int put_simple_vrFilter LDAP_P((
+ BerElement *ber,
+ char *str ));
+
+static int put_vrFilter_list LDAP_P((
+ BerElement *ber,
+ char *str ));
+
+static char *put_complex_filter LDAP_P((
+ BerElement *ber,
+ char *str,
+ ber_tag_t tag,
+ int not ));
+
+static int put_simple_filter LDAP_P((
+ BerElement *ber,
+ char *str ));
+
+static int put_substring_filter LDAP_P((
+ BerElement *ber,
+ char *type,
+ char *str ));
+
+static int put_filter_list LDAP_P((
+ BerElement *ber,
+ char *str,
+ ber_tag_t tag ));
+
+static int ldap_is_oid ( const char *str )
+{
+ int i;
+
+ if( LDAP_ALPHA( str[0] )) {
+ for( i=1; str[i]; i++ ) {
+ if( !LDAP_LDH( str[i] )) {
+ return 0;
+ }
+ }
+ return 1;
+
+ } else if LDAP_DIGIT( str[0] ) {
+ int dot=0;
+ for( i=1; str[i]; i++ ) {
+ if( LDAP_DIGIT( str[i] )) {
+ dot=0;
+
+ } else if ( str[i] == '.' ) {
+ if( dot ) return 0;
+ if( ++dot > 1 ) return 0;
+
+ } else {
+ return 0;
+ }
+ }
+ return !dot;
+ }
+
+ return 0;
+}
+
+static int ldap_is_desc ( const char *str )
+{
+ int i;
+
+ if( LDAP_ALPHA( str[0] )) {
+ for( i=1; str[i]; i++ ) {
+ if( str[i] == ';' ) {
+ str = &str[i+1];
+ goto options;
+ }
+
+ if( !LDAP_LDH( str[i] )) {
+ return 0;
+ }
+ }
+ return 1;
+
+ } else if LDAP_DIGIT( str[0] ) {
+ int dot=0;
+ for( i=1; str[i]; i++ ) {
+ if( str[i] == ';' ) {
+ if( dot ) return 0;
+ str = &str[i+1];
+ goto options;
+ }
+
+ if( LDAP_DIGIT( str[i] )) {
+ dot=0;
+
+ } else if ( str[i] == '.' ) {
+ if( dot ) return 0;
+ if( ++dot > 1 ) return 0;
+
+ } else {
+ return 0;
+ }
+ }
+ return !dot;
+ }
+
+ return 0;
+
+options:
+ if( !LDAP_LDH( str[0] )) {
+ return 0;
+ }
+ for( i=1; str[i]; i++ ) {
+ if( str[i] == ';' ) {
+ str = &str[i+1];
+ goto options;
+ }
+ if( !LDAP_LDH( str[i] )) {
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static char *
+find_right_paren( char *s )
+{
+ int balance, escape;
+
+ balance = 1;
+ escape = 0;
+ while ( *s && balance ) {
+ if ( !escape ) {
+ if ( *s == '(' ) {
+ balance++;
+ } else if ( *s == ')' ) {
+ balance--;
+ }
+ }
+
+ escape = ( *s == '\\' && !escape );
+
+ if ( balance ) s++;
+ }
+
+ return *s ? s : NULL;
+}
+
+static int hex2value( int c )
+{
+ if( c >= '0' && c <= '9' ) {
+ return c - '0';
+ }
+
+ if( c >= 'A' && c <= 'F' ) {
+ return c + (10 - (int) 'A');
+ }
+
+ if( c >= 'a' && c <= 'f' ) {
+ return c + (10 - (int) 'a');
+ }
+
+ return -1;
+}
+
+char *
+ldap_pvt_find_wildcard( const char *s )
+{
+ for( ; *s; s++ ) {
+ switch( *s ) {
+ case '*': /* found wildcard */
+ return (char *) s;
+
+ case '(':
+ case ')':
+ return NULL;
+
+ case '\\':
+ if( s[1] == '\0' ) return NULL;
+
+ if( LDAP_HEX( s[1] ) && LDAP_HEX( s[2] ) ) {
+ s+=2;
+
+ } else switch( s[1] ) {
+ default:
+ return NULL;
+
+ /* allow RFC 1960 escapes */
+ case '*':
+ case '(':
+ case ')':
+ case '\\':
+ s++;
+ }
+ }
+ }
+
+ return (char *) s;
+}
+
+/* unescape filter value */
+/* support both LDAP v2 and v3 escapes */
+/* output can include nul characters! */
+ber_slen_t
+ldap_pvt_filter_value_unescape( char *fval )
+{
+ ber_slen_t r, v;
+ int v1, v2;
+
+ for( r=v=0; fval[v] != '\0'; v++ ) {
+ switch( fval[v] ) {
+ case '(':
+ case ')':
+ case '*':
+ return -1;
+
+ case '\\':
+ /* escape */
+ v++;
+
+ if ( fval[v] == '\0' ) {
+ /* escape at end of string */
+ return -1;
+ }
+
+ if (( v1 = hex2value( fval[v] )) >= 0 ) {
+ /* LDAPv3 escape */
+ if (( v2 = hex2value( fval[v+1] )) < 0 ) {
+ /* must be two digit code */
+ return -1;
+ }
+
+ fval[r++] = v1 * 16 + v2;
+ v++;
+
+ } else {
+ /* LDAPv2 escape */
+ switch( fval[v] ) {
+ case '(':
+ case ')':
+ case '*':
+ case '\\':
+ fval[r++] = fval[v];
+ break;
+ default:
+ /* illegal escape */
+ return -1;
+ }
+ }
+ break;
+
+ default:
+ fval[r++] = fval[v];
+ }
+ }
+
+ fval[r] = '\0';
+ return r;
+}
+
+static char *
+put_complex_filter( BerElement *ber, char *str, ber_tag_t tag, int not )
+{
+ char *next;
+
+ /*
+ * We have (x(filter)...) with str sitting on
+ * the x. We have to find the paren matching
+ * the one before the x and put the intervening
+ * filters by calling put_filter_list().
+ */
+
+ /* put explicit tag */
+ if ( ber_printf( ber, "t{" /*"}"*/, tag ) == -1 ) {
+ return NULL;
+ }
+
+ str++;
+ if ( (next = find_right_paren( str )) == NULL ) {
+ return NULL;
+ }
+
+ *next = '\0';
+ if ( put_filter_list( ber, str, tag ) == -1 ) {
+ return NULL;
+ }
+
+ /* close the '(' */
+ *next++ = ')';
+
+ /* flush explicit tagged thang */
+ if ( ber_printf( ber, /*"{"*/ "N}" ) == -1 ) {
+ return NULL;
+ }
+
+ return next;
+}
+
+int
+ldap_pvt_put_filter( BerElement *ber, const char *str_in )
+{
+ int rc;
+ char *freeme;
+ char *str;
+ char *next;
+ int parens, balance, escape;
+
+ /*
+ * A Filter looks like this:
+ * Filter ::= CHOICE {
+ * and [0] SET OF Filter,
+ * or [1] SET OF Filter,
+ * not [2] Filter,
+ * equalityMatch [3] AttributeValueAssertion,
+ * substrings [4] SubstringFilter,
+ * greaterOrEqual [5] AttributeValueAssertion,
+ * lessOrEqual [6] AttributeValueAssertion,
+ * present [7] AttributeType,
+ * approxMatch [8] AttributeValueAssertion,
+ * extensibleMatch [9] MatchingRuleAssertion -- LDAPv3
+ * }
+ *
+ * SubstringFilter ::= SEQUENCE {
+ * type AttributeType,
+ * SEQUENCE OF CHOICE {
+ * initial [0] IA5String,
+ * any [1] IA5String,
+ * final [2] IA5String
+ * }
+ * }
+ *
+ * MatchingRuleAssertion ::= SEQUENCE { -- LDAPv3
+ * matchingRule [1] MatchingRuleId OPTIONAL,
+ * type [2] AttributeDescription OPTIONAL,
+ * matchValue [3] AssertionValue,
+ * dnAttributes [4] BOOLEAN DEFAULT FALSE }
+ *
+ * Note: tags in a choice are always explicit
+ */
+
+ Debug( LDAP_DEBUG_TRACE, "put_filter: \"%s\"\n", str_in, 0, 0 );
+
+ freeme = LDAP_STRDUP( str_in );
+ if( freeme == NULL ) return LDAP_NO_MEMORY;
+ str = freeme;
+
+ parens = 0;
+ while ( *str ) {
+ switch ( *str ) {
+ case '(': /*')'*/
+ str++;
+ parens++;
+
+ /* skip spaces */
+ while( LDAP_SPACE( *str ) ) str++;
+
+ switch ( *str ) {
+ case '&':
+ Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n",
+ 0, 0, 0 );
+
+ str = put_complex_filter( ber, str,
+ LDAP_FILTER_AND, 0 );
+ if( str == NULL ) {
+ rc = -1;
+ goto done;
+ }
+
+ parens--;
+ break;
+
+ case '|':
+ Debug( LDAP_DEBUG_TRACE, "put_filter: OR\n",
+ 0, 0, 0 );
+
+ str = put_complex_filter( ber, str,
+ LDAP_FILTER_OR, 0 );
+ if( str == NULL ) {
+ rc = -1;
+ goto done;
+ }
+
+ parens--;
+ break;
+
+ case '!':
+ Debug( LDAP_DEBUG_TRACE, "put_filter: NOT\n",
+ 0, 0, 0 );
+
+ str = put_complex_filter( ber, str,
+ LDAP_FILTER_NOT, 0 );
+ if( str == NULL ) {
+ rc = -1;
+ goto done;
+ }
+
+ parens--;
+ break;
+
+ case '(':
+ rc = -1;
+ goto done;
+
+ default:
+ Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
+ 0, 0, 0 );
+
+ balance = 1;
+ escape = 0;
+ next = str;
+
+ while ( *next && balance ) {
+ if ( escape == 0 ) {
+ if ( *next == '(' ) {
+ balance++;
+ } else if ( *next == ')' ) {
+ balance--;
+ }
+ }
+
+ if ( *next == '\\' && ! escape ) {
+ escape = 1;
+ } else {
+ escape = 0;
+ }
+
+ if ( balance ) next++;
+ }
+
+ if ( balance != 0 ) {
+ rc = -1;
+ goto done;
+ }
+
+ *next = '\0';
+
+ if ( put_simple_filter( ber, str ) == -1 ) {
+ rc = -1;
+ goto done;
+ }
+
+ *next++ = /*'('*/ ')';
+
+ str = next;
+ parens--;
+ break;
+ }
+ break;
+
+ case /*'('*/ ')':
+ Debug( LDAP_DEBUG_TRACE, "put_filter: end\n",
+ 0, 0, 0 );
+ if ( ber_printf( ber, /*"["*/ "]" ) == -1 ) {
+ rc = -1;
+ goto done;
+ }
+ str++;
+ parens--;
+ break;
+
+ case ' ':
+ str++;
+ break;
+
+ default: /* assume it's a simple type=value filter */
+ Debug( LDAP_DEBUG_TRACE, "put_filter: default\n",
+ 0, 0, 0 );
+ next = strchr( str, '\0' );
+ if ( put_simple_filter( ber, str ) == -1 ) {
+ rc = -1;
+ goto done;
+ }
+ str = next;
+ break;
+ }
+ if ( !parens )
+ break;
+ }
+
+ rc = ( parens || *str ) ? -1 : 0;
+
+done:
+ LDAP_FREE( freeme );
+ return rc;
+}
+
+/*
+ * Put a list of filters like this "(filter1)(filter2)..."
+ */
+
+static int
+put_filter_list( BerElement *ber, char *str, ber_tag_t tag )
+{
+ char *next = NULL;
+ char save;
+
+ Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n",
+ str, 0, 0 );
+
+ while ( *str ) {
+ while ( *str && LDAP_SPACE( (unsigned char) *str ) ) {
+ str++;
+ }
+ if ( *str == '\0' ) break;
+
+ if ( (next = find_right_paren( str + 1 )) == NULL ) {
+ return -1;
+ }
+ save = *++next;
+
+ /* now we have "(filter)" with str pointing to it */
+ *next = '\0';
+ if ( ldap_pvt_put_filter( ber, str ) == -1 ) return -1;
+ *next = save;
+ str = next;
+
+ if( tag == LDAP_FILTER_NOT ) break;
+ }
+
+ if( tag == LDAP_FILTER_NOT && ( next == NULL || *str )) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static int
+put_simple_filter(
+ BerElement *ber,
+ char *str )
+{
+ char *s;
+ char *value;
+ ber_tag_t ftype;
+ int rc = -1;
+
+ Debug( LDAP_DEBUG_TRACE, "put_simple_filter: \"%s\"\n",
+ str, 0, 0 );
+
+ str = LDAP_STRDUP( str );
+ if( str == NULL ) return -1;
+
+ if ( (s = strchr( str, '=' )) == NULL ) {
+ goto done;
+ }
+
+ value = s + 1;
+ *s-- = '\0';
+
+ switch ( *s ) {
+ case '<':
+ ftype = LDAP_FILTER_LE;
+ *s = '\0';
+ break;
+
+ case '>':
+ ftype = LDAP_FILTER_GE;
+ *s = '\0';
+ break;
+
+ case '~':
+ ftype = LDAP_FILTER_APPROX;
+ *s = '\0';
+ break;
+
+ case ':':
+ /* RFC2254 extensible filters are off the form:
+ * type [:dn] [:rule] := value
+ * or [:dn]:rule := value
+ */
+ ftype = LDAP_FILTER_EXT;
+ *s = '\0';
+
+ {
+ char *dn = strchr( str, ':' );
+ char *rule = NULL;
+
+ if( dn != NULL ) {
+ *dn++ = '\0';
+ rule = strchr( dn, ':' );
+
+ if( rule == NULL ) {
+ /* one colon */
+ if ( strcasecmp(dn, "dn") == 0 ) {
+ /* must have attribute */
+ if( !ldap_is_desc( str ) ) {
+ goto done;
+ }
+
+ rule = "";
+
+ } else {
+ rule = dn;
+ dn = NULL;
+ }
+
+ } else {
+ /* two colons */
+ *rule++ = '\0';
+
+ if ( strcasecmp(dn, "dn") != 0 ) {
+ /* must have "dn" */
+ goto done;
+ }
+ }
+
+ }
+
+ if ( *str == '\0' && ( !rule || *rule == '\0' ) ) {
+ /* must have either type or rule */
+ goto done;
+ }
+
+ if ( *str != '\0' && !ldap_is_desc( str ) ) {
+ goto done;
+ }
+
+ if ( rule && *rule != '\0' && !ldap_is_oid( rule ) ) {
+ goto done;
+ }
+
+ rc = ber_printf( ber, "t{" /*"}"*/, ftype );
+
+ if( rc != -1 && rule && *rule != '\0' ) {
+ rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule );
+ }
+
+ if( rc != -1 && *str != '\0' ) {
+ rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str );
+ }
+
+ if( rc != -1 ) {
+ ber_slen_t len = ldap_pvt_filter_value_unescape( value );
+
+ if( len >= 0 ) {
+ rc = ber_printf( ber, "to",
+ LDAP_FILTER_EXT_VALUE, value, len );
+ } else {
+ rc = -1;
+ }
+ }
+
+ if( rc != -1 && dn ) {
+ rc = ber_printf( ber, "tb",
+ LDAP_FILTER_EXT_DNATTRS, (ber_int_t) 1 );
+ }
+
+ if( rc != -1 ) {
+ rc = ber_printf( ber, /*"{"*/ "N}" );
+ }
+ }
+ goto done;
+
+ default:
+ if( !ldap_is_desc( str ) ) {
+ goto done;
+
+ } else {
+ char *nextstar = ldap_pvt_find_wildcard( value );
+
+ if ( nextstar == NULL ) {
+ goto done;
+
+ } else if ( *nextstar == '\0' ) {
+ ftype = LDAP_FILTER_EQUALITY;
+
+ } else if ( strcmp( value, "*" ) == 0 ) {
+ ftype = LDAP_FILTER_PRESENT;
+
+ } else {
+ rc = put_substring_filter( ber, str, value );
+ goto done;
+ }
+ } break;
+ }
+
+ if( !ldap_is_desc( str ) ) goto done;
+
+ if ( ftype == LDAP_FILTER_PRESENT ) {
+ rc = ber_printf( ber, "ts", ftype, str );
+
+ } else {
+ ber_slen_t len = ldap_pvt_filter_value_unescape( value );
+
+ if( len >= 0 ) {
+ rc = ber_printf( ber, "t{soN}",
+ ftype, str, value, len );
+ }
+ }
+
+done:
+ if( rc != -1 ) rc = 0;
+ LDAP_FREE( str );
+ return rc;
+}
+
+static int
+put_substring_filter( BerElement *ber, char *type, char *val )
+{
+ char *nextstar;
+ int gotstar = 0;
+ ber_tag_t ftype = LDAP_FILTER_SUBSTRINGS;
+
+ Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n",
+ type, val, 0 );
+
+ if ( ber_printf( ber, "t{s{" /*"}}"*/, ftype, type ) == -1 ) {
+ return -1;
+ }
+
+ for( ; *val; val=nextstar ) {
+ nextstar = ldap_pvt_find_wildcard( val );
+
+ if ( nextstar == NULL ) {
+ return -1;
+ }
+
+ if ( *nextstar == '\0' ) {
+ ftype = LDAP_SUBSTRING_FINAL;
+ } else {
+ *nextstar++ = '\0';
+ if ( gotstar++ == 0 ) {
+ ftype = LDAP_SUBSTRING_INITIAL;
+ } else {
+ ftype = LDAP_SUBSTRING_ANY;
+ }
+ }
+
+ if ( *val != '\0' || ftype == LDAP_SUBSTRING_ANY ) {
+ ber_slen_t len = ldap_pvt_filter_value_unescape( val );
+
+ if ( len < 0 ) {
+ return -1;
+ }
+
+ if ( ber_printf( ber, "to", ftype, val, len ) == -1 ) {
+ return -1;
+ }
+ }
+ }
+
+ if ( ber_printf( ber, /*"{{"*/ "N}N}" ) == -1 ) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static int
+put_vrFilter( BerElement *ber, const char *str_in )
+{
+ int rc;
+ char *freeme;
+ char *str;
+ char *next;
+ int parens, balance, escape;
+
+ /*
+ * A ValuesReturnFilter looks like this:
+ *
+ * ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem
+ * SimpleFilterItem ::= CHOICE {
+ * equalityMatch [3] AttributeValueAssertion,
+ * substrings [4] SubstringFilter,
+ * greaterOrEqual [5] AttributeValueAssertion,
+ * lessOrEqual [6] AttributeValueAssertion,
+ * present [7] AttributeType,
+ * approxMatch [8] AttributeValueAssertion,
+ * extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3
+ * }
+ *
+ * SubstringFilter ::= SEQUENCE {
+ * type AttributeType,
+ * SEQUENCE OF CHOICE {
+ * initial [0] IA5String,
+ * any [1] IA5String,
+ * final [2] IA5String
+ * }
+ * }
+ *
+ * SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3
+ * matchingRule [1] MatchingRuleId OPTIONAL,
+ * type [2] AttributeDescription OPTIONAL,
+ * matchValue [3] AssertionValue }
+ */
+
+ Debug( LDAP_DEBUG_TRACE, "put_vrFilter: \"%s\"\n", str_in, 0, 0 );
+
+ freeme = LDAP_STRDUP( str_in );
+ if( freeme == NULL ) return LDAP_NO_MEMORY;
+ str = freeme;
+
+ parens = 0;
+ while ( *str ) {
+ switch ( *str ) {
+ case '(': /*')'*/
+ str++;
+ parens++;
+
+ /* skip spaces */
+ while( LDAP_SPACE( *str ) ) str++;
+
+ switch ( *str ) {
+ case '(':
+ if ( (next = find_right_paren( str )) == NULL ) {
+ rc = -1;
+ goto done;
+ }
+
+ *next = '\0';
+
+ if ( put_vrFilter_list( ber, str ) == -1 ) {
+ rc = -1;
+ goto done;
+ }
+
+ /* close the '(' */
+ *next++ = ')';
+
+ str = next;
+
+ parens--;
+ break;
+
+
+ default:
+ Debug( LDAP_DEBUG_TRACE, "put_vrFilter: simple\n",
+ 0, 0, 0 );
+
+ balance = 1;
+ escape = 0;
+ next = str;
+
+ while ( *next && balance ) {
+ if ( escape == 0 ) {
+ if ( *next == '(' ) {
+ balance++;
+ } else if ( *next == ')' ) {
+ balance--;
+ }
+ }
+
+ if ( *next == '\\' && ! escape ) {
+ escape = 1;
+ } else {
+ escape = 0;
+ }
+
+ if ( balance ) next++;
+ }
+
+ if ( balance != 0 ) {
+ rc = -1;
+ goto done;
+ }
+
+ *next = '\0';
+
+ if ( put_simple_vrFilter( ber, str ) == -1 ) {
+ rc = -1;
+ goto done;
+ }
+
+ *next++ = /*'('*/ ')';
+
+ str = next;
+ parens--;
+ break;
+ }
+ break;
+
+ case /*'('*/ ')':
+ Debug( LDAP_DEBUG_TRACE, "put_vrFilter: end\n",
+ 0, 0, 0 );
+ if ( ber_printf( ber, /*"["*/ "]" ) == -1 ) {
+ rc = -1;
+ goto done;
+ }
+ str++;
+ parens--;
+ break;
+
+ case ' ':
+ str++;
+ break;
+
+ default: /* assume it's a simple type=value filter */
+ Debug( LDAP_DEBUG_TRACE, "put_vrFilter: default\n",
+ 0, 0, 0 );
+ next = strchr( str, '\0' );
+ if ( put_simple_vrFilter( ber, str ) == -1 ) {
+ rc = -1;
+ goto done;
+ }
+ str = next;
+ break;
+ }
+ }
+
+ rc = parens ? -1 : 0;
+
+done:
+ LDAP_FREE( freeme );
+ return rc;
+}
+
+int
+ldap_put_vrFilter( BerElement *ber, const char *str_in )
+{
+ int rc =0;
+
+ if ( ber_printf( ber, "{" /*"}"*/ ) == -1 ) {
+ rc = -1;
+ }
+
+ rc = put_vrFilter( ber, str_in );
+
+ if ( ber_printf( ber, /*"{"*/ "N}" ) == -1 ) {
+ rc = -1;
+ }
+
+ return rc;
+}
+
+static int
+put_vrFilter_list( BerElement *ber, char *str )
+{
+ char *next = NULL;
+ char save;
+
+ Debug( LDAP_DEBUG_TRACE, "put_vrFilter_list \"%s\"\n",
+ str, 0, 0 );
+
+ while ( *str ) {
+ while ( *str && LDAP_SPACE( (unsigned char) *str ) ) {
+ str++;
+ }
+ if ( *str == '\0' ) break;
+
+ if ( (next = find_right_paren( str + 1 )) == NULL ) {
+ return -1;
+ }
+ save = *++next;
+
+ /* now we have "(filter)" with str pointing to it */
+ *next = '\0';
+ if ( put_vrFilter( ber, str ) == -1 ) return -1;
+ *next = save;
+ str = next;
+ }
+
+ return 0;
+}
+
+static int
+put_simple_vrFilter(
+ BerElement *ber,
+ char *str )
+{
+ char *s;
+ char *value;
+ ber_tag_t ftype;
+ int rc = -1;
+
+ Debug( LDAP_DEBUG_TRACE, "put_simple_vrFilter: \"%s\"\n",
+ str, 0, 0 );
+
+ str = LDAP_STRDUP( str );
+ if( str == NULL ) return -1;
+
+ if ( (s = strchr( str, '=' )) == NULL ) {
+ goto done;
+ }
+
+ value = s + 1;
+ *s-- = '\0';
+
+ switch ( *s ) {
+ case '<':
+ ftype = LDAP_FILTER_LE;
+ *s = '\0';
+ break;
+
+ case '>':
+ ftype = LDAP_FILTER_GE;
+ *s = '\0';
+ break;
+
+ case '~':
+ ftype = LDAP_FILTER_APPROX;
+ *s = '\0';
+ break;
+
+ case ':':
+ /* According to ValuesReturnFilter control definition
+ * extensible filters are off the form:
+ * type [:rule] := value
+ * or :rule := value
+ */
+ ftype = LDAP_FILTER_EXT;
+ *s = '\0';
+
+ {
+ char *rule = strchr( str, ':' );
+
+ if( rule == NULL ) {
+ /* must have attribute */
+ if( !ldap_is_desc( str ) ) {
+ goto done;
+ }
+ rule = "";
+ } else {
+ *rule++ = '\0';
+ }
+
+ if ( *str == '\0' && ( !rule || *rule == '\0' ) ) {
+ /* must have either type or rule */
+ goto done;
+ }
+
+ if ( *str != '\0' && !ldap_is_desc( str ) ) {
+ goto done;
+ }
+
+ if ( rule && *rule != '\0' && !ldap_is_oid( rule ) ) {
+ goto done;
+ }
+
+ rc = ber_printf( ber, "t{" /*"}"*/, ftype );
+
+ if( rc != -1 && rule && *rule != '\0' ) {
+ rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule );
+ }
+
+ if( rc != -1 && *str != '\0' ) {
+ rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str );
+ }
+
+ if( rc != -1 ) {
+ ber_slen_t len = ldap_pvt_filter_value_unescape( value );
+
+ if( len >= 0 ) {
+ rc = ber_printf( ber, "to",
+ LDAP_FILTER_EXT_VALUE, value, len );
+ } else {
+ rc = -1;
+ }
+ }
+
+ if( rc != -1 ) {
+ rc = ber_printf( ber, /*"{"*/ "N}" );
+ }
+ }
+ goto done;
+
+ default:
+ if( !ldap_is_desc( str ) ) {
+ goto done;
+
+ } else {
+ char *nextstar = ldap_pvt_find_wildcard( value );
+
+ if ( nextstar == NULL ) {
+ goto done;
+
+ } else if ( *nextstar == '\0' ) {
+ ftype = LDAP_FILTER_EQUALITY;
+
+ } else if ( strcmp( value, "*" ) == 0 ) {
+ ftype = LDAP_FILTER_PRESENT;
+
+ } else {
+ rc = put_substring_filter( ber, str, value );
+ goto done;
+ }
+ } break;
+ }
+
+ if( !ldap_is_desc( str ) ) goto done;
+
+ if ( ftype == LDAP_FILTER_PRESENT ) {
+ rc = ber_printf( ber, "ts", ftype, str );
+
+ } else {
+ ber_slen_t len = ldap_pvt_filter_value_unescape( value );
+
+ if( len >= 0 ) {
+ rc = ber_printf( ber, "t{soN}",
+ ftype, str, value, len );
+ }
+ }
+
+done:
+ if( rc != -1 ) rc = 0;
+ LDAP_FREE( str );
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/free.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/free.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/free.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,107 @@
+/* free.c */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/free.c,v 1.20.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1994 The Regents of the University of Michigan.
+ * All rights reserved.
+ */
+
+/*
+ * free.c - some free routines are included here to avoid having to
+ * link in lots of extra code when not using certain features
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+/*
+ * C-API deallocator
+ */
+void
+ldap_memfree( void *p )
+{
+ LDAP_FREE( p );
+}
+
+void
+ldap_memvfree( void **v )
+{
+ LDAP_VFREE( v );
+}
+
+void *
+ldap_memalloc( ber_len_t s )
+{
+ return LDAP_MALLOC( s );
+}
+
+void *
+ldap_memcalloc( ber_len_t n, ber_len_t s )
+{
+ return LDAP_CALLOC( n, s );
+}
+
+void *
+ldap_memrealloc( void* p, ber_len_t s )
+{
+ return LDAP_REALLOC( p, s );
+}
+
+char *
+ldap_strdup( LDAP_CONST char *p )
+{
+ return LDAP_STRDUP( p );
+}
+
+/*
+ * free a null-terminated array of pointers to mod structures. the
+ * structures are freed, not the array itself, unless the freemods
+ * flag is set.
+ */
+
+void
+ldap_mods_free( LDAPMod **mods, int freemods )
+{
+ int i;
+
+ if ( mods == NULL )
+ return;
+
+ for ( i = 0; mods[i] != NULL; i++ ) {
+ if ( mods[i]->mod_op & LDAP_MOD_BVALUES ) {
+ if( mods[i]->mod_bvalues != NULL )
+ ber_bvecfree( mods[i]->mod_bvalues );
+
+ } else if( mods[i]->mod_values != NULL ) {
+ LDAP_VFREE( mods[i]->mod_values );
+ }
+
+ if ( mods[i]->mod_type != NULL ) {
+ LDAP_FREE( mods[i]->mod_type );
+ }
+
+ LDAP_FREE( (char *) mods[i] );
+ }
+
+ if ( freemods ) {
+ LDAP_FREE( (char *) mods );
+ }
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/ftest.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/ftest.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/ftest.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,119 @@
+/* ftest.c -- OpenLDAP Filter API Test */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ftest.c,v 1.13.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include <stdio.h>
+
+#include <ldap.h>
+
+#include "ldap_pvt.h"
+#include "lber_pvt.h"
+
+#include "ldif.h"
+#include "lutil.h"
+#include "lutil_ldap.h"
+#include "ldap_defaults.h"
+
+static int filter2ber( char *filter );
+
+int usage()
+{
+ fprintf( stderr, "usage:\n"
+ " ftest [-d n] filter\n"
+ " filter - RFC 2254 string representation of an "
+ "LDAP search filter\n" );
+ return EXIT_FAILURE;
+}
+
+int
+main( int argc, char *argv[] )
+{
+ int c;
+ int debug=0;
+
+ while( (c = getopt( argc, argv, "d:" )) != EOF ) {
+ switch ( c ) {
+ case 'd':
+ debug = atoi( optarg );
+ break;
+ default:
+ fprintf( stderr, "ftest: unrecognized option -%c\n",
+ optopt );
+ return usage();
+ }
+ }
+
+ if ( debug ) {
+ if ( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug )
+ != LBER_OPT_SUCCESS )
+ {
+ fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n",
+ debug );
+ }
+ if ( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug )
+ != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n",
+ debug );
+ }
+ }
+
+ if ( argc - optind != 1 ) {
+ return usage();
+ }
+
+ return filter2ber( strdup( argv[optind] ) );
+}
+
+static int filter2ber( char *filter )
+{
+ int rc;
+ struct berval bv = BER_BVNULL;
+ BerElement *ber;
+
+ printf( "Filter: %s\n", filter );
+
+ ber = ber_alloc_t( LBER_USE_DER );
+ if( ber == NULL ) {
+ perror( "ber_alloc_t" );
+ return EXIT_FAILURE;
+ }
+
+ rc = ldap_pvt_put_filter( ber, filter );
+ if( rc < 0 ) {
+ fprintf( stderr, "Filter error!\n");
+ return EXIT_FAILURE;
+ }
+
+ rc = ber_flatten2( ber, &bv, 0 );
+ if( rc < 0 ) {
+ perror( "ber_flatten2" );
+ return EXIT_FAILURE;
+ }
+
+ printf( "BER encoding (len=%ld):\n", (long) bv.bv_len );
+ ber_bprint( bv.bv_val, bv.bv_len );
+
+ ber_free( ber, 1 );
+
+ return EXIT_SUCCESS;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/getattr.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/getattr.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/getattr.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,157 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/getattr.c,v 1.33.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+char *
+ldap_first_attribute( LDAP *ld, LDAPMessage *entry, BerElement **berout )
+{
+ int rc;
+ ber_tag_t tag;
+ ber_len_t len = 0;
+ char *attr;
+ BerElement *ber;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_first_attribute\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( entry != NULL );
+ assert( berout != NULL );
+
+ *berout = NULL;
+
+ ber = ldap_alloc_ber_with_options( ld );
+ if( ber == NULL ) {
+ return NULL;
+ }
+
+ *ber = *entry->lm_ber;
+
+ /*
+ * Skip past the sequence, dn, sequence of sequence leaving
+ * us at the first attribute.
+ */
+
+ tag = ber_scanf( ber, "{xl{" /*}}*/, &len );
+ if( tag == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free( ber, 0 );
+ return NULL;
+ }
+
+ /* set the length to avoid overrun */
+ rc = ber_set_option( ber, LBER_OPT_REMAINING_BYTES, &len );
+ if( rc != LBER_OPT_SUCCESS ) {
+ ld->ld_errno = LDAP_LOCAL_ERROR;
+ ber_free( ber, 0 );
+ return NULL;
+ }
+
+ if ( ber_pvt_ber_remaining( ber ) == 0 ) {
+ assert( len == 0 );
+ ber_free( ber, 0 );
+ return NULL;
+ }
+ assert( len != 0 );
+
+ /* snatch the first attribute */
+ tag = ber_scanf( ber, "{ax}", &attr );
+ if( tag == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free( ber, 0 );
+ return NULL;
+ }
+
+ *berout = ber;
+ return attr;
+}
+
+/* ARGSUSED */
+char *
+ldap_next_attribute( LDAP *ld, LDAPMessage *entry, BerElement *ber )
+{
+ ber_tag_t tag;
+ char *attr;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_next_attribute\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( entry != NULL );
+ assert( ber != NULL );
+
+ if ( ber_pvt_ber_remaining( ber ) == 0 ) {
+ return NULL;
+ }
+
+ /* skip sequence, snarf attribute type, skip values */
+ tag = ber_scanf( ber, "{ax}", &attr );
+ if( tag == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return NULL;
+ }
+
+ return attr;
+}
+
+/* Fetch attribute type and optionally fetch values. The type
+ * and values are referenced in-place from the BerElement, they are
+ * not dup'd into malloc'd memory.
+ */
+/* ARGSUSED */
+int
+ldap_get_attribute_ber( LDAP *ld, LDAPMessage *entry, BerElement *ber,
+ BerValue *attr, BerVarray *vals )
+{
+ ber_tag_t tag;
+ int rc = LDAP_SUCCESS;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_get_attribute_ber\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( entry != NULL );
+ assert( ber != NULL );
+ assert( attr != NULL );
+
+ attr->bv_val = NULL;
+ attr->bv_len = 0;
+
+ if ( ber_pvt_ber_remaining( ber ) ) {
+ ber_len_t siz = sizeof( BerValue );
+
+ /* skip sequence, snarf attribute type */
+ tag = ber_scanf( ber, vals ? "{mM}" : "{mx}", attr, vals,
+ &siz, 0 );
+ if( tag == LBER_ERROR ) {
+ rc = ld->ld_errno = LDAP_DECODING_ERROR;
+ }
+ }
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/getdn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/getdn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/getdn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3519 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/getdn.c,v 1.124.2.6 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1994 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+#include "ldap_schema.h"
+
+/* extension to UFN that turns trailing "dc=value" rdns in DNS style,
+ * e.g. "ou=People,dc=openldap,dc=org" => "People, openldap.org" */
+#define DC_IN_UFN
+
+/* parsing/printing routines */
+static int str2strval( const char *str, ber_len_t stoplen, struct berval *val,
+ const char **next, unsigned flags, int *retFlags, void *ctx );
+static int DCE2strval( const char *str, struct berval *val,
+ const char **next, unsigned flags, void *ctx );
+static int IA52strval( const char *str, struct berval *val,
+ const char **next, unsigned flags, void *ctx );
+static int quotedIA52strval( const char *str, struct berval *val,
+ const char **next, unsigned flags, void *ctx );
+static int hexstr2binval( const char *str, struct berval *val,
+ const char **next, unsigned flags, void *ctx );
+static int hexstr2bin( const char *str, char *c );
+static int byte2hexpair( const char *val, char *pair );
+static int binval2hexstr( struct berval *val, char *str );
+static int strval2strlen( struct berval *val, unsigned flags,
+ ber_len_t *len );
+static int strval2str( struct berval *val, char *str, unsigned flags,
+ ber_len_t *len );
+static int strval2IA5strlen( struct berval *val, unsigned flags,
+ ber_len_t *len );
+static int strval2IA5str( struct berval *val, char *str, unsigned flags,
+ ber_len_t *len );
+static int strval2DCEstrlen( struct berval *val, unsigned flags,
+ ber_len_t *len );
+static int strval2DCEstr( struct berval *val, char *str, unsigned flags,
+ ber_len_t *len );
+static int strval2ADstrlen( struct berval *val, unsigned flags,
+ ber_len_t *len );
+static int strval2ADstr( struct berval *val, char *str, unsigned flags,
+ ber_len_t *len );
+static int dn2domain( LDAPDN dn, struct berval *bv, int pos, int *iRDN );
+
+/* AVA helpers */
+static LDAPAVA * ldapava_new(
+ const struct berval *attr, const struct berval *val, unsigned flags, void *ctx );
+
+/* Higher level helpers */
+static int rdn2strlen( LDAPRDN rdn, unsigned flags, ber_len_t *len,
+ int ( *s2l )( struct berval *, unsigned, ber_len_t * ) );
+static int rdn2str( LDAPRDN rdn, char *str, unsigned flags, ber_len_t *len,
+ int ( *s2s )( struct berval *, char *, unsigned, ber_len_t * ));
+static int rdn2UFNstrlen( LDAPRDN rdn, unsigned flags, ber_len_t *len );
+static int rdn2UFNstr( LDAPRDN rdn, char *str, unsigned flags, ber_len_t *len );
+static int rdn2DCEstrlen( LDAPRDN rdn, unsigned flags, ber_len_t *len );
+static int rdn2DCEstr( LDAPRDN rdn, char *str, unsigned flag, ber_len_t *len, int first );
+static int rdn2ADstrlen( LDAPRDN rdn, unsigned flags, ber_len_t *len );
+static int rdn2ADstr( LDAPRDN rdn, char *str, unsigned flags, ber_len_t *len, int first );
+
+/*
+ * RFC 1823 ldap_get_dn
+ */
+char *
+ldap_get_dn( LDAP *ld, LDAPMessage *entry )
+{
+ char *dn;
+ BerElement tmp;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_get_dn\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID(ld) );
+ assert( entry != NULL );
+
+ tmp = *entry->lm_ber; /* struct copy */
+ if ( ber_scanf( &tmp, "{a" /*}*/, &dn ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return( NULL );
+ }
+
+ return( dn );
+}
+
+int
+ldap_get_dn_ber( LDAP *ld, LDAPMessage *entry, BerElement **berout,
+ BerValue *dn )
+{
+ BerElement tmp, *ber;
+ ber_len_t len = 0;
+ int rc = LDAP_SUCCESS;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_get_dn_ber\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID(ld) );
+ assert( entry != NULL );
+ assert( dn != NULL );
+
+ dn->bv_val = NULL;
+ dn->bv_len = 0;
+
+ if ( berout ) {
+ *berout = NULL;
+ ber = ldap_alloc_ber_with_options( ld );
+ if( ber == NULL ) {
+ return LDAP_NO_MEMORY;
+ }
+ *berout = ber;
+ } else {
+ ber = &tmp;
+ }
+
+ *ber = *entry->lm_ber; /* struct copy */
+ if ( ber_scanf( ber, "{ml{" /*}*/, dn, &len ) == LBER_ERROR ) {
+ rc = ld->ld_errno = LDAP_DECODING_ERROR;
+ }
+ if ( rc == LDAP_SUCCESS ) {
+ /* set the length to avoid overrun */
+ rc = ber_set_option( ber, LBER_OPT_REMAINING_BYTES, &len );
+ if( rc != LBER_OPT_SUCCESS ) {
+ rc = ld->ld_errno = LDAP_LOCAL_ERROR;
+ }
+ }
+ if ( rc != LDAP_SUCCESS && berout ) {
+ ber_free( ber, 0 );
+ *berout = NULL;
+ }
+ return rc;
+}
+
+/*
+ * RFC 1823 ldap_dn2ufn
+ */
+char *
+ldap_dn2ufn( LDAP_CONST char *dn )
+{
+ char *out = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_dn2ufn\n", 0, 0, 0 );
+
+ ( void )ldap_dn_normalize( dn, LDAP_DN_FORMAT_LDAP,
+ &out, LDAP_DN_FORMAT_UFN );
+
+ return( out );
+}
+
+/*
+ * RFC 1823 ldap_explode_dn
+ */
+char **
+ldap_explode_dn( LDAP_CONST char *dn, int notypes )
+{
+ LDAPDN tmpDN;
+ char **values = NULL;
+ int iRDN;
+ unsigned flag = notypes ? LDAP_DN_FORMAT_UFN : LDAP_DN_FORMAT_LDAPV3;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_explode_dn\n", 0, 0, 0 );
+
+ if ( ldap_str2dn( dn, &tmpDN, LDAP_DN_FORMAT_LDAP )
+ != LDAP_SUCCESS ) {
+ return NULL;
+ }
+
+ if( tmpDN == NULL ) {
+ values = LDAP_MALLOC( sizeof( char * ) );
+ if( values == NULL ) return NULL;
+
+ values[0] = NULL;
+ return values;
+ }
+
+ for ( iRDN = 0; tmpDN[ iRDN ]; iRDN++ );
+
+ values = LDAP_MALLOC( sizeof( char * ) * ( 1 + iRDN ) );
+ if ( values == NULL ) {
+ ldap_dnfree( tmpDN );
+ return NULL;
+ }
+
+ for ( iRDN = 0; tmpDN[ iRDN ]; iRDN++ ) {
+ ldap_rdn2str( tmpDN[ iRDN ], &values[ iRDN ], flag );
+ }
+ ldap_dnfree( tmpDN );
+ values[ iRDN ] = NULL;
+
+ return values;
+}
+
+char **
+ldap_explode_rdn( LDAP_CONST char *rdn, int notypes )
+{
+ LDAPRDN tmpRDN;
+ char **values = NULL;
+ const char *p;
+ int iAVA;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_explode_rdn\n", 0, 0, 0 );
+
+ /*
+ * we only parse the first rdn
+ * FIXME: we prefer efficiency over checking if the _ENTIRE_
+ * dn can be parsed
+ */
+ if ( ldap_str2rdn( rdn, &tmpRDN, (char **) &p, LDAP_DN_FORMAT_LDAP )
+ != LDAP_SUCCESS ) {
+ return( NULL );
+ }
+
+ for ( iAVA = 0; tmpRDN[ iAVA ]; iAVA++ ) ;
+ values = LDAP_MALLOC( sizeof( char * ) * ( 1 + iAVA ) );
+ if ( values == NULL ) {
+ ldap_rdnfree( tmpRDN );
+ return( NULL );
+ }
+
+ for ( iAVA = 0; tmpRDN[ iAVA ]; iAVA++ ) {
+ ber_len_t l = 0, vl, al = 0;
+ char *str;
+ LDAPAVA *ava = tmpRDN[ iAVA ];
+
+ if ( ava->la_flags & LDAP_AVA_BINARY ) {
+ vl = 1 + 2 * ava->la_value.bv_len;
+
+ } else {
+ if ( strval2strlen( &ava->la_value,
+ ava->la_flags, &vl ) ) {
+ goto error_return;
+ }
+ }
+
+ if ( !notypes ) {
+ al = ava->la_attr.bv_len;
+ l = vl + ava->la_attr.bv_len + 1;
+
+ str = LDAP_MALLOC( l + 1 );
+ AC_MEMCPY( str, ava->la_attr.bv_val,
+ ava->la_attr.bv_len );
+ str[ al++ ] = '=';
+
+ } else {
+ l = vl;
+ str = LDAP_MALLOC( l + 1 );
+ }
+
+ if ( ava->la_flags & LDAP_AVA_BINARY ) {
+ str[ al++ ] = '#';
+ if ( binval2hexstr( &ava->la_value, &str[ al ] ) ) {
+ goto error_return;
+ }
+
+ } else {
+ if ( strval2str( &ava->la_value, &str[ al ],
+ ava->la_flags, &vl ) ) {
+ goto error_return;
+ }
+ }
+
+ str[ l ] = '\0';
+ values[ iAVA ] = str;
+ }
+ values[ iAVA ] = NULL;
+
+ ldap_rdnfree( tmpRDN );
+
+ return( values );
+
+error_return:;
+ LBER_VFREE( values );
+ ldap_rdnfree( tmpRDN );
+ return( NULL );
+}
+
+char *
+ldap_dn2dcedn( LDAP_CONST char *dn )
+{
+ char *out = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_dn2dcedn\n", 0, 0, 0 );
+
+ ( void )ldap_dn_normalize( dn, LDAP_DN_FORMAT_LDAP,
+ &out, LDAP_DN_FORMAT_DCE );
+
+ return( out );
+}
+
+char *
+ldap_dcedn2dn( LDAP_CONST char *dce )
+{
+ char *out = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_dcedn2dn\n", 0, 0, 0 );
+
+ ( void )ldap_dn_normalize( dce, LDAP_DN_FORMAT_DCE, &out, LDAP_DN_FORMAT_LDAPV3 );
+
+ return( out );
+}
+
+char *
+ldap_dn2ad_canonical( LDAP_CONST char *dn )
+{
+ char *out = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_dn2ad_canonical\n", 0, 0, 0 );
+
+ ( void )ldap_dn_normalize( dn, LDAP_DN_FORMAT_LDAP,
+ &out, LDAP_DN_FORMAT_AD_CANONICAL );
+
+ return( out );
+}
+
+/*
+ * function that changes the string representation of dnin
+ * from ( fin & LDAP_DN_FORMAT_MASK ) to ( fout & LDAP_DN_FORMAT_MASK )
+ *
+ * fin can be one of:
+ * LDAP_DN_FORMAT_LDAP (rfc 2253 and ldapbis liberal,
+ * plus some rfc 1779)
+ * LDAP_DN_FORMAT_LDAPV3 (rfc 2253 and ldapbis)
+ * LDAP_DN_FORMAT_LDAPV2 (rfc 1779)
+ * LDAP_DN_FORMAT_DCE (?)
+ *
+ * fout can be any of the above except
+ * LDAP_DN_FORMAT_LDAP
+ * plus:
+ * LDAP_DN_FORMAT_UFN (rfc 1781, partial and with extensions)
+ * LDAP_DN_FORMAT_AD_CANONICAL (?)
+ */
+int
+ldap_dn_normalize( LDAP_CONST char *dnin,
+ unsigned fin, char **dnout, unsigned fout )
+{
+ int rc;
+ LDAPDN tmpDN = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_dn_normalize\n", 0, 0, 0 );
+
+ assert( dnout != NULL );
+
+ *dnout = NULL;
+
+ if ( dnin == NULL ) {
+ return( LDAP_SUCCESS );
+ }
+
+ rc = ldap_str2dn( dnin , &tmpDN, fin );
+ if ( rc != LDAP_SUCCESS ) {
+ return( rc );
+ }
+
+ rc = ldap_dn2str( tmpDN, dnout, fout );
+
+ ldap_dnfree( tmpDN );
+
+ return( rc );
+}
+
+/* States */
+#define B4AVA 0x0000
+
+/* #define B4ATTRTYPE 0x0001 */
+#define B4OIDATTRTYPE 0x0002
+#define B4STRINGATTRTYPE 0x0003
+
+#define B4AVAEQUALS 0x0100
+#define B4AVASEP 0x0200
+#define B4RDNSEP 0x0300
+#define GOTAVA 0x0400
+
+#define B4ATTRVALUE 0x0010
+#define B4STRINGVALUE 0x0020
+#define B4IA5VALUEQUOTED 0x0030
+#define B4IA5VALUE 0x0040
+#define B4BINARYVALUE 0x0050
+
+/*
+ * Helpers (mostly from slap.h)
+ * c is assumed to Unicode in an ASCII compatible format (UTF-8)
+ * Macros assume "C" Locale (ASCII)
+ */
+#define LDAP_DN_ASCII_SPACE(c) \
+ ( (c) == ' ' || (c) == '\t' || (c) == '\n' || (c) == '\r' )
+#define LDAP_DN_ASCII_LOWER(c) LDAP_LOWER(c)
+#define LDAP_DN_ASCII_UPPER(c) LDAP_UPPER(c)
+#define LDAP_DN_ASCII_ALPHA(c) LDAP_ALPHA(c)
+
+#define LDAP_DN_ASCII_DIGIT(c) LDAP_DIGIT(c)
+#define LDAP_DN_ASCII_LCASE_HEXALPHA(c) LDAP_HEXLOWER(c)
+#define LDAP_DN_ASCII_UCASE_HEXALPHA(c) LDAP_HEXUPPER(c)
+#define LDAP_DN_ASCII_HEXDIGIT(c) LDAP_HEX(c)
+#define LDAP_DN_ASCII_ALNUM(c) LDAP_ALNUM(c)
+#define LDAP_DN_ASCII_PRINTABLE(c) ( (c) >= ' ' && (c) <= '~' )
+
+/* attribute type */
+#define LDAP_DN_OID_LEADCHAR(c) LDAP_DIGIT(c)
+#define LDAP_DN_DESC_LEADCHAR(c) LDAP_ALPHA(c)
+#define LDAP_DN_DESC_CHAR(c) LDAP_LDH(c)
+#define LDAP_DN_LANG_SEP(c) ( (c) == ';' )
+#define LDAP_DN_ATTRDESC_CHAR(c) \
+ ( LDAP_DN_DESC_CHAR(c) || LDAP_DN_LANG_SEP(c) )
+
+/* special symbols */
+#define LDAP_DN_AVA_EQUALS(c) ( (c) == '=' )
+#define LDAP_DN_AVA_SEP(c) ( (c) == '+' )
+#define LDAP_DN_RDN_SEP(c) ( (c) == ',' )
+#define LDAP_DN_RDN_SEP_V2(c) ( LDAP_DN_RDN_SEP(c) || (c) == ';' )
+#define LDAP_DN_OCTOTHORPE(c) ( (c) == '#' )
+#define LDAP_DN_QUOTES(c) ( (c) == '\"' )
+#define LDAP_DN_ESCAPE(c) ( (c) == '\\' )
+#define LDAP_DN_VALUE_END(c) \
+ ( LDAP_DN_RDN_SEP(c) || LDAP_DN_AVA_SEP(c) )
+
+/* NOTE: according to draft-ietf-ldapbis-dn, '=' can be escaped
+ * and treated as special, i.e. escaped both as "\<hexpair>" and
+ * as "\=", but it is treated as a regular char, i.e. it can also
+ * appear as '='.
+ *
+ * As such, in 2.2 we used to allow reading unescaped '=',
+ * but we always produced escaped '\3D'; this changes
+ * since 2.3, if compatibility issues do not arise */
+#define LDAP_DN_NE(c) \
+ ( LDAP_DN_RDN_SEP_V2(c) || LDAP_DN_AVA_SEP(c) \
+ || LDAP_DN_QUOTES(c) \
+ || (c) == '<' || (c) == '>' )
+#define LDAP_DN_MAYESCAPE(c) \
+ ( LDAP_DN_ESCAPE(c) || LDAP_DN_NE(c) \
+ || LDAP_DN_AVA_EQUALS(c) \
+ || LDAP_DN_ASCII_SPACE(c) || LDAP_DN_OCTOTHORPE(c) )
+#define LDAP_DN_SHOULDESCAPE(c) ( LDAP_DN_AVA_EQUALS(c) )
+
+#define LDAP_DN_NEEDESCAPE(c) \
+ ( LDAP_DN_ESCAPE(c) || LDAP_DN_NE(c) )
+#define LDAP_DN_NEEDESCAPE_LEAD(c) LDAP_DN_MAYESCAPE(c)
+#define LDAP_DN_NEEDESCAPE_TRAIL(c) \
+ ( LDAP_DN_ASCII_SPACE(c) || LDAP_DN_NEEDESCAPE(c) )
+#define LDAP_DN_WILLESCAPE_CHAR(c) \
+ ( LDAP_DN_RDN_SEP(c) || LDAP_DN_AVA_SEP(c) || LDAP_DN_ESCAPE(c) )
+#define LDAP_DN_IS_PRETTY(f) ( (f) & LDAP_DN_PRETTY )
+#define LDAP_DN_WILLESCAPE_HEX(f, c) \
+ ( ( !LDAP_DN_IS_PRETTY( f ) ) && LDAP_DN_WILLESCAPE_CHAR(c) )
+
+/* LDAPv2 */
+#define LDAP_DN_VALUE_END_V2(c) \
+ ( LDAP_DN_RDN_SEP_V2(c) || LDAP_DN_AVA_SEP(c) )
+/* RFC 1779 */
+#define LDAP_DN_V2_SPECIAL(c) \
+ ( LDAP_DN_RDN_SEP_V2(c) || LDAP_DN_AVA_EQUALS(c) \
+ || LDAP_DN_AVA_SEP(c) || (c) == '<' || (c) == '>' \
+ || LDAP_DN_OCTOTHORPE(c) )
+#define LDAP_DN_V2_PAIR(c) \
+ ( LDAP_DN_V2_SPECIAL(c) || LDAP_DN_ESCAPE(c) || LDAP_DN_QUOTES(c) )
+
+/*
+ * DCE (mostly from Luke Howard and IBM implementation for AIX)
+ *
+ * From: "Application Development Guide - Directory Services" (FIXME: add link?)
+ * Here escapes and valid chars for GDS are considered; as soon as more
+ * specific info is found, the macros will be updated.
+ *
+ * Chars: 'a'-'z', 'A'-'Z', '0'-'9',
+ * '.', ':', ',', ''', '+', '-', '=', '(', ')', '?', '/', ' '.
+ *
+ * Metachars: '/', ',', '=', '\'.
+ *
+ * the '\' is used to escape other metachars.
+ *
+ * Assertion: '='
+ * RDN separator: '/'
+ * AVA separator: ','
+ *
+ * Attribute types must start with alphabetic chars and can contain
+ * alphabetic chars and digits (FIXME: no '-'?). OIDs are allowed.
+ */
+#define LDAP_DN_RDN_SEP_DCE(c) ( (c) == '/' )
+#define LDAP_DN_AVA_SEP_DCE(c) ( (c) == ',' )
+#define LDAP_DN_ESCAPE_DCE(c) ( LDAP_DN_ESCAPE(c) )
+#define LDAP_DN_VALUE_END_DCE(c) \
+ ( LDAP_DN_RDN_SEP_DCE(c) || LDAP_DN_AVA_SEP_DCE(c) )
+#define LDAP_DN_NEEDESCAPE_DCE(c) \
+ ( LDAP_DN_VALUE_END_DCE(c) || LDAP_DN_AVA_EQUALS(c) )
+
+/* AD Canonical */
+#define LDAP_DN_RDN_SEP_AD(c) ( (c) == '/' )
+#define LDAP_DN_ESCAPE_AD(c) ( LDAP_DN_ESCAPE(c) )
+#define LDAP_DN_AVA_SEP_AD(c) ( (c) == ',' ) /* assume same as DCE */
+#define LDAP_DN_VALUE_END_AD(c) \
+ ( LDAP_DN_RDN_SEP_AD(c) || LDAP_DN_AVA_SEP_AD(c) )
+#define LDAP_DN_NEEDESCAPE_AD(c) \
+ ( LDAP_DN_VALUE_END_AD(c) || LDAP_DN_AVA_EQUALS(c) )
+
+/* generics */
+#define LDAP_DN_HEXPAIR(s) \
+ ( LDAP_DN_ASCII_HEXDIGIT((s)[0]) && LDAP_DN_ASCII_HEXDIGIT((s)[1]) )
+/* better look at the AttributeDescription? */
+
+/* FIXME: no composite rdn or non-"dc" types, right?
+ * (what about "dc" in OID form?) */
+/* FIXME: we do not allow binary values in domain, right? */
+/* NOTE: use this macro only when ABSOLUTELY SURE rdn IS VALID! */
+/* NOTE: don't use strcasecmp() as it is locale specific! */
+#define LDAP_DC_ATTR "dc"
+#define LDAP_DC_ATTRU "DC"
+#define LDAP_DN_IS_RDN_DC( r ) \
+ ( (r) && (r)[0] && !(r)[1] \
+ && ((r)[0]->la_flags & LDAP_AVA_STRING) \
+ && ((r)[0]->la_attr.bv_len == 2) \
+ && (((r)[0]->la_attr.bv_val[0] == LDAP_DC_ATTR[0]) \
+ || ((r)[0]->la_attr.bv_val[0] == LDAP_DC_ATTRU[0])) \
+ && (((r)[0]->la_attr.bv_val[1] == LDAP_DC_ATTR[1]) \
+ || ((r)[0]->la_attr.bv_val[1] == LDAP_DC_ATTRU[1])))
+
+/* Composite rules */
+#define LDAP_DN_ALLOW_ONE_SPACE(f) \
+ ( LDAP_DN_LDAPV2(f) \
+ || !( (f) & LDAP_DN_P_NOSPACEAFTERRDN ) )
+#define LDAP_DN_ALLOW_SPACES(f) \
+ ( LDAP_DN_LDAPV2(f) \
+ || !( (f) & ( LDAP_DN_P_NOLEADTRAILSPACES | LDAP_DN_P_NOSPACEAFTERRDN ) ) )
+#define LDAP_DN_LDAP(f) \
+ ( ( (f) & LDAP_DN_FORMAT_MASK ) == LDAP_DN_FORMAT_LDAP )
+#define LDAP_DN_LDAPV3(f) \
+ ( ( (f) & LDAP_DN_FORMAT_MASK ) == LDAP_DN_FORMAT_LDAPV3 )
+#define LDAP_DN_LDAPV2(f) \
+ ( ( (f) & LDAP_DN_FORMAT_MASK ) == LDAP_DN_FORMAT_LDAPV2 )
+#define LDAP_DN_DCE(f) \
+ ( ( (f) & LDAP_DN_FORMAT_MASK ) == LDAP_DN_FORMAT_DCE )
+#define LDAP_DN_UFN(f) \
+ ( ( (f) & LDAP_DN_FORMAT_MASK ) == LDAP_DN_FORMAT_UFN )
+#define LDAP_DN_ADC(f) \
+ ( ( (f) & LDAP_DN_FORMAT_MASK ) == LDAP_DN_FORMAT_AD_CANONICAL )
+#define LDAP_DN_FORMAT(f) ( (f) & LDAP_DN_FORMAT_MASK )
+
+/*
+ * LDAPAVA helpers (will become part of the API for operations
+ * on structural representations of DNs).
+ */
+static LDAPAVA *
+ldapava_new( const struct berval *attr, const struct berval *val,
+ unsigned flags, void *ctx )
+{
+ LDAPAVA *ava;
+
+ assert( attr != NULL );
+ assert( val != NULL );
+
+ ava = LDAP_MALLOCX( sizeof( LDAPAVA ) + attr->bv_len + 1, ctx );
+
+ if ( ava ) {
+ ava->la_attr.bv_len = attr->bv_len;
+ ava->la_attr.bv_val = (char *)(ava+1);
+ AC_MEMCPY( ava->la_attr.bv_val, attr->bv_val, attr->bv_len );
+ ava->la_attr.bv_val[attr->bv_len] = '\0';
+
+ ava->la_value = *val;
+ ava->la_flags = flags | LDAP_AVA_FREE_VALUE;
+
+ ava->la_private = NULL;
+ }
+
+ return( ava );
+}
+
+void
+ldapava_free( LDAPAVA *ava, void *ctx )
+{
+ assert( ava != NULL );
+
+#if 0
+ /* ava's private must be freed by caller
+ * (at present let's skip this check because la_private
+ * basically holds static data) */
+ assert( ava->la_private == NULL );
+#endif
+
+ if (ava->la_flags & LDAP_AVA_FREE_VALUE)
+ LDAP_FREEX( ava->la_value.bv_val, ctx );
+
+ LDAP_FREEX( ava, ctx );
+}
+
+void
+ldap_rdnfree( LDAPRDN rdn )
+{
+ ldap_rdnfree_x( rdn, NULL );
+}
+
+void
+ldap_rdnfree_x( LDAPRDN rdn, void *ctx )
+{
+ int iAVA;
+
+ if ( rdn == NULL ) {
+ return;
+ }
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ ldapava_free( rdn[ iAVA ], ctx );
+ }
+
+ LDAP_FREEX( rdn, ctx );
+}
+
+void
+ldap_dnfree( LDAPDN dn )
+{
+ ldap_dnfree_x( dn, NULL );
+}
+
+void
+ldap_dnfree_x( LDAPDN dn, void *ctx )
+{
+ int iRDN;
+
+ if ( dn == NULL ) {
+ return;
+ }
+
+ for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
+ ldap_rdnfree_x( dn[ iRDN ], ctx );
+ }
+
+ LDAP_FREEX( dn, ctx );
+}
+
+/*
+ * Converts a string representation of a DN (in LDAPv3, LDAPv2 or DCE)
+ * into a structural representation of the DN, by separating attribute
+ * types and values encoded in the more appropriate form, which is
+ * string or OID for attribute types and binary form of the BER encoded
+ * value or Unicode string. Formats different from LDAPv3 are parsed
+ * according to their own rules and turned into the more appropriate
+ * form according to LDAPv3.
+ *
+ * NOTE: I realize the code is getting spaghettish; it is rather
+ * experimental and will hopefully turn into something more simple
+ * and readable as soon as it works as expected.
+ */
+
+/*
+ * Default sizes of AVA and RDN static working arrays; if required
+ * the are dynamically resized. The values can be tuned in case
+ * of special requirements (e.g. very deep DN trees or high number
+ * of AVAs per RDN).
+ */
+#define TMP_AVA_SLOTS 8
+#define TMP_RDN_SLOTS 32
+
+int
+ldap_str2dn( LDAP_CONST char *str, LDAPDN *dn, unsigned flags )
+{
+ struct berval bv;
+
+ assert( str != NULL );
+
+ bv.bv_len = strlen( str );
+ bv.bv_val = (char *) str;
+
+ return ldap_bv2dn_x( &bv, dn, flags, NULL );
+}
+
+int
+ldap_bv2dn( struct berval *bv, LDAPDN *dn, unsigned flags )
+{
+ return ldap_bv2dn_x( bv, dn, flags, NULL );
+}
+
+int
+ldap_bv2dn_x( struct berval *bvin, LDAPDN *dn, unsigned flags, void *ctx )
+{
+ const char *p;
+ int rc = LDAP_DECODING_ERROR;
+ int nrdns = 0;
+
+ LDAPDN newDN = NULL;
+ LDAPRDN newRDN = NULL, tmpDN_[TMP_RDN_SLOTS], *tmpDN = tmpDN_;
+ int num_slots = TMP_RDN_SLOTS;
+ char *str, *end;
+ struct berval bvtmp, *bv = &bvtmp;
+
+ assert( bvin != NULL );
+ assert( bvin->bv_val != NULL );
+ assert( dn != NULL );
+
+ *bv = *bvin;
+ str = bv->bv_val;
+ end = str + bv->bv_len;
+
+ Debug( LDAP_DEBUG_ARGS, "=> ldap_bv2dn(%s,%u)\n", str, flags, 0 );
+
+ *dn = NULL;
+
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAP:
+ case LDAP_DN_FORMAT_LDAPV3:
+ case LDAP_DN_FORMAT_DCE:
+ break;
+
+ /* allow DN enclosed in brackets */
+ case LDAP_DN_FORMAT_LDAPV2:
+ if ( str[0] == '<' ) {
+ if ( bv->bv_len < 2 || end[ -1 ] != '>' ) {
+ rc = LDAP_DECODING_ERROR;
+ goto parsing_error;
+ }
+ bv->bv_val++;
+ bv->bv_len -= 2;
+ str++;
+ end--;
+ }
+ break;
+
+ /* unsupported in str2dn */
+ case LDAP_DN_FORMAT_UFN:
+ case LDAP_DN_FORMAT_AD_CANONICAL:
+ return LDAP_PARAM_ERROR;
+
+ case LDAP_DN_FORMAT_LBER:
+ default:
+ return LDAP_PARAM_ERROR;
+ }
+
+ if ( bv->bv_len == 0 ) {
+ return LDAP_SUCCESS;
+ }
+
+ if( memchr( bv->bv_val, '\0', bv->bv_len ) != NULL ) {
+ /* value must have embedded NULs */
+ return LDAP_DECODING_ERROR;
+ }
+
+ p = str;
+ if ( LDAP_DN_DCE( flags ) ) {
+
+ /*
+ * (from Luke Howard: thnx) A RDN separator is required
+ * at the beginning of an (absolute) DN.
+ */
+ if ( !LDAP_DN_RDN_SEP_DCE( p[ 0 ] ) ) {
+ goto parsing_error;
+ }
+ p++;
+
+ /*
+ * actually we do not want to accept by default the DCE form,
+ * we do not want to auto-detect it
+ */
+#if 0
+ } else if ( LDAP_DN_LDAP( flags ) ) {
+ /*
+ * if dn starts with '/' let's make it a DCE dn
+ */
+ if ( LDAP_DN_RDN_SEP_DCE( p[ 0 ] ) ) {
+ flags |= LDAP_DN_FORMAT_DCE;
+ p++;
+ }
+#endif
+ }
+
+ for ( ; p < end; p++ ) {
+ int err;
+ struct berval tmpbv;
+ tmpbv.bv_len = bv->bv_len - ( p - str );
+ tmpbv.bv_val = (char *)p;
+
+ err = ldap_bv2rdn_x( &tmpbv, &newRDN, (char **) &p, flags,ctx);
+ if ( err != LDAP_SUCCESS ) {
+ goto parsing_error;
+ }
+
+ /*
+ * We expect a rdn separator
+ */
+ if ( p < end && p[ 0 ] ) {
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAPV3:
+ if ( !LDAP_DN_RDN_SEP( p[ 0 ] ) ) {
+ rc = LDAP_DECODING_ERROR;
+ goto parsing_error;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_LDAP:
+ case LDAP_DN_FORMAT_LDAPV2:
+ if ( !LDAP_DN_RDN_SEP_V2( p[ 0 ] ) ) {
+ rc = LDAP_DECODING_ERROR;
+ goto parsing_error;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_DCE:
+ if ( !LDAP_DN_RDN_SEP_DCE( p[ 0 ] ) ) {
+ rc = LDAP_DECODING_ERROR;
+ goto parsing_error;
+ }
+ break;
+ }
+ }
+
+
+ tmpDN[nrdns++] = newRDN;
+ newRDN = NULL;
+
+ /*
+ * make the static RDN array dynamically rescalable
+ */
+ if ( nrdns == num_slots ) {
+ LDAPRDN *tmp;
+
+ if ( tmpDN == tmpDN_ ) {
+ tmp = LDAP_MALLOCX( num_slots * 2 * sizeof( LDAPRDN * ), ctx );
+ if ( tmp == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto parsing_error;
+ }
+ AC_MEMCPY( tmp, tmpDN, num_slots * sizeof( LDAPRDN * ) );
+
+ } else {
+ tmp = LDAP_REALLOCX( tmpDN, num_slots * 2 * sizeof( LDAPRDN * ), ctx );
+ if ( tmp == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto parsing_error;
+ }
+ }
+
+ tmpDN = tmp;
+ num_slots *= 2;
+ }
+
+ if ( p >= end || p[ 0 ] == '\0' ) {
+ /*
+ * the DN is over, phew
+ */
+ newDN = (LDAPDN)LDAP_MALLOCX( sizeof(LDAPRDN *) * (nrdns+1), ctx );
+ if ( newDN == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto parsing_error;
+ } else {
+ int i;
+
+ if ( LDAP_DN_DCE( flags ) ) {
+ /* add in reversed order */
+ for ( i=0; i<nrdns; i++ )
+ newDN[i] = tmpDN[nrdns-1-i];
+ } else {
+ for ( i=0; i<nrdns; i++ )
+ newDN[i] = tmpDN[i];
+ }
+ newDN[nrdns] = NULL;
+ rc = LDAP_SUCCESS;
+ }
+ goto return_result;
+ }
+ }
+
+parsing_error:;
+ if ( newRDN ) {
+ ldap_rdnfree_x( newRDN, ctx );
+ }
+
+ for ( nrdns-- ;nrdns >= 0; nrdns-- ) {
+ ldap_rdnfree_x( tmpDN[nrdns], ctx );
+ }
+
+return_result:;
+
+ if ( tmpDN != tmpDN_ ) {
+ LDAP_FREEX( tmpDN, ctx );
+ }
+
+ Debug( LDAP_DEBUG_ARGS, "<= ldap_bv2dn(%s)=%d %s\n", str, rc,
+ rc ? ldap_err2string( rc ) : "" );
+ *dn = newDN;
+
+ return( rc );
+}
+
+/*
+ * ldap_str2rdn
+ *
+ * Parses a relative DN according to flags up to a rdn separator
+ * or to the end of str.
+ * Returns the rdn and a pointer to the string continuation, which
+ * corresponds to the rdn separator or to '\0' in case the string is over.
+ */
+int
+ldap_str2rdn( LDAP_CONST char *str, LDAPRDN *rdn,
+ char **n_in, unsigned flags )
+{
+ struct berval bv;
+
+ assert( str != NULL );
+ assert( str[ 0 ] != '\0' ); /* FIXME: is this required? */
+
+ bv.bv_len = strlen( str );
+ bv.bv_val = (char *) str;
+
+ return ldap_bv2rdn_x( &bv, rdn, n_in, flags, NULL );
+}
+
+int
+ldap_bv2rdn( struct berval *bv, LDAPRDN *rdn,
+ char **n_in, unsigned flags )
+{
+ return ldap_bv2rdn_x( bv, rdn, n_in, flags, NULL );
+}
+
+int
+ldap_bv2rdn_x( struct berval *bv, LDAPRDN *rdn,
+ char **n_in, unsigned flags, void *ctx )
+{
+ const char **n = (const char **) n_in;
+ const char *p;
+ int navas = 0;
+ int state = B4AVA;
+ int rc = LDAP_DECODING_ERROR;
+ int attrTypeEncoding = LDAP_AVA_STRING,
+ attrValueEncoding = LDAP_AVA_STRING;
+
+ struct berval attrType = BER_BVNULL;
+ struct berval attrValue = BER_BVNULL;
+
+ LDAPRDN newRDN = NULL;
+ LDAPAVA *tmpRDN_[TMP_AVA_SLOTS], **tmpRDN = tmpRDN_;
+ int num_slots = TMP_AVA_SLOTS;
+
+ char *str;
+ ber_len_t stoplen;
+
+ assert( bv != NULL );
+ assert( bv->bv_len != 0 );
+ assert( bv->bv_val != NULL );
+ assert( rdn || flags & LDAP_DN_SKIP );
+ assert( n != NULL );
+
+ str = bv->bv_val;
+ stoplen = bv->bv_len;
+
+ if ( rdn ) {
+ *rdn = NULL;
+ }
+ *n = NULL;
+
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAP:
+ case LDAP_DN_FORMAT_LDAPV3:
+ case LDAP_DN_FORMAT_LDAPV2:
+ case LDAP_DN_FORMAT_DCE:
+ break;
+
+ /* unsupported in str2dn */
+ case LDAP_DN_FORMAT_UFN:
+ case LDAP_DN_FORMAT_AD_CANONICAL:
+ return LDAP_PARAM_ERROR;
+
+ case LDAP_DN_FORMAT_LBER:
+ default:
+ return LDAP_PARAM_ERROR;
+ }
+
+ if ( bv->bv_len == 0 ) {
+ return LDAP_SUCCESS;
+
+ }
+
+ if( memchr( bv->bv_val, '\0', bv->bv_len ) != NULL ) {
+ /* value must have embedded NULs */
+ return LDAP_DECODING_ERROR;
+ }
+
+ p = str;
+ for ( ; p[ 0 ] || state == GOTAVA; ) {
+
+ /*
+ * The parser in principle advances one token a time,
+ * or toggles state if preferable.
+ */
+ switch (state) {
+
+ /*
+ * an AttributeType can be encoded as:
+ * - its string representation; in detail, implementations
+ * MUST recognize AttributeType string type names listed
+ * in section 2.3 of draft-ietf-ldapbis-dn-XX.txt, and
+ * MAY recognize other names.
+ * - its numeric OID (a dotted decimal string); in detail
+ * RFC 2253 asserts that ``Implementations MUST allow
+ * an oid in the attribute type to be prefixed by one
+ * of the character strings "oid." or "OID."''. As soon
+ * as draft-ietf-ldapbis-dn-XX.txt obsoletes RFC 2253
+ * I'm not sure whether this is required or not any
+ * longer; to be liberal, we still implement it.
+ */
+ case B4AVA:
+ if ( LDAP_DN_ASCII_SPACE( p[ 0 ] ) ) {
+ if ( !LDAP_DN_ALLOW_ONE_SPACE( flags ) ) {
+ /* error */
+ goto parsing_error;
+ }
+ p++;
+ }
+
+ if ( LDAP_DN_ASCII_SPACE( p[ 0 ] ) ) {
+ if ( !LDAP_DN_ALLOW_SPACES( flags ) ) {
+ /* error */
+ goto parsing_error;
+ }
+
+ /* whitespace is allowed (and trimmed) */
+ p++;
+ while ( p[ 0 ] && LDAP_DN_ASCII_SPACE( p[ 0 ] ) ) {
+ p++;
+ }
+
+ if ( !p[ 0 ] ) {
+ /* error: we expected an AVA */
+ goto parsing_error;
+ }
+ }
+
+ /* oid */
+ if ( LDAP_DN_OID_LEADCHAR( p[ 0 ] ) ) {
+ state = B4OIDATTRTYPE;
+ break;
+ }
+
+ /* else must be alpha */
+ if ( !LDAP_DN_DESC_LEADCHAR( p[ 0 ] ) ) {
+ goto parsing_error;
+ }
+
+ /* LDAPv2 "oid." prefix */
+ if ( LDAP_DN_LDAPV2( flags ) ) {
+ /*
+ * to be overly pedantic, we only accept
+ * "OID." or "oid."
+ */
+ if ( flags & LDAP_DN_PEDANTIC ) {
+ if ( !strncmp( p, "OID.", 4 )
+ || !strncmp( p, "oid.", 4 ) ) {
+ p += 4;
+ state = B4OIDATTRTYPE;
+ break;
+ }
+ } else {
+ if ( !strncasecmp( p, "oid.", 4 ) ) {
+ p += 4;
+ state = B4OIDATTRTYPE;
+ break;
+ }
+ }
+ }
+
+ state = B4STRINGATTRTYPE;
+ break;
+
+ case B4OIDATTRTYPE: {
+ int err = LDAP_SUCCESS;
+
+ attrType.bv_val = ldap_int_parse_numericoid( &p, &err,
+ LDAP_SCHEMA_SKIP);
+
+ if ( err != LDAP_SUCCESS ) {
+ goto parsing_error;
+ }
+ attrType.bv_len = p - attrType.bv_val;
+
+ attrTypeEncoding = LDAP_AVA_BINARY;
+
+ state = B4AVAEQUALS;
+ break;
+ }
+
+ case B4STRINGATTRTYPE: {
+ const char *startPos, *endPos = NULL;
+ ber_len_t len;
+
+ /*
+ * the starting char has been found to be
+ * a LDAP_DN_DESC_LEADCHAR so we don't re-check it
+ * FIXME: DCE attr types seem to have a more
+ * restrictive syntax (no '-' ...)
+ */
+ for ( startPos = p++; p[ 0 ]; p++ ) {
+ if ( LDAP_DN_DESC_CHAR( p[ 0 ] ) ) {
+ continue;
+ }
+
+ if ( LDAP_DN_LANG_SEP( p[ 0 ] ) ) {
+
+ /*
+ * RFC 2253 does not explicitly
+ * allow lang extensions to attribute
+ * types in DNs ...
+ */
+ if ( flags & LDAP_DN_PEDANTIC ) {
+ goto parsing_error;
+ }
+
+ /*
+ * we trim ';' and following lang
+ * and so from attribute types
+ */
+ endPos = p;
+ for ( ; LDAP_DN_ATTRDESC_CHAR( p[ 0 ] )
+ || LDAP_DN_LANG_SEP( p[ 0 ] ); p++ ) {
+ /* no op */ ;
+ }
+ break;
+ }
+ break;
+ }
+
+ len = ( endPos ? endPos : p ) - startPos;
+ if ( len == 0 ) {
+ goto parsing_error;
+ }
+
+ attrTypeEncoding = LDAP_AVA_STRING;
+
+ /*
+ * here we need to decide whether to use it as is
+ * or turn it in OID form; as a consequence, we
+ * need to decide whether to binary encode the value
+ */
+
+ state = B4AVAEQUALS;
+
+ if ( flags & LDAP_DN_SKIP ) {
+ break;
+ }
+
+ attrType.bv_val = (char *)startPos;
+ attrType.bv_len = len;
+
+ break;
+ }
+
+ case B4AVAEQUALS:
+ /* spaces may not be allowed */
+ if ( LDAP_DN_ASCII_SPACE( p[ 0 ] ) ) {
+ if ( !LDAP_DN_ALLOW_SPACES( flags ) ) {
+ goto parsing_error;
+ }
+
+ /* trim spaces */
+ for ( p++; LDAP_DN_ASCII_SPACE( p[ 0 ] ); p++ ) {
+ /* no op */
+ }
+ }
+
+ /* need equal sign */
+ if ( !LDAP_DN_AVA_EQUALS( p[ 0 ] ) ) {
+ goto parsing_error;
+ }
+ p++;
+
+ /* spaces may not be allowed */
+ if ( LDAP_DN_ASCII_SPACE( p[ 0 ] ) ) {
+ if ( !LDAP_DN_ALLOW_SPACES( flags ) ) {
+ goto parsing_error;
+ }
+
+ /* trim spaces */
+ for ( p++; LDAP_DN_ASCII_SPACE( p[ 0 ] ); p++ ) {
+ /* no op */
+ }
+ }
+
+ /*
+ * octothorpe means a BER encoded value will follow
+ * FIXME: I don't think DCE will allow it
+ */
+ if ( LDAP_DN_OCTOTHORPE( p[ 0 ] ) ) {
+ p++;
+ attrValueEncoding = LDAP_AVA_BINARY;
+ state = B4BINARYVALUE;
+ break;
+ }
+
+ /* STRING value expected */
+
+ /*
+ * if we're pedantic, an attribute type in OID form
+ * SHOULD imply a BER encoded attribute value; we
+ * should at least issue a warning
+ */
+ if ( ( flags & LDAP_DN_PEDANTIC )
+ && ( attrTypeEncoding == LDAP_AVA_BINARY ) ) {
+ /* OID attrType SHOULD use binary encoding */
+ goto parsing_error;
+ }
+
+ attrValueEncoding = LDAP_AVA_STRING;
+
+ /*
+ * LDAPv2 allows the attribute value to be quoted;
+ * also, IA5 values are expected, in principle
+ */
+ if ( LDAP_DN_LDAPV2( flags ) || LDAP_DN_LDAP( flags ) ) {
+ if ( LDAP_DN_QUOTES( p[ 0 ] ) ) {
+ p++;
+ state = B4IA5VALUEQUOTED;
+ break;
+ }
+
+ if ( LDAP_DN_LDAPV2( flags ) ) {
+ state = B4IA5VALUE;
+ break;
+ }
+ }
+
+ /*
+ * here STRING means RFC 2253 string
+ * FIXME: what about DCE strings?
+ */
+ if ( !p[ 0 ] ) {
+ /* empty value */
+ state = GOTAVA;
+ } else {
+ state = B4STRINGVALUE;
+ }
+ break;
+
+ case B4BINARYVALUE:
+ if ( hexstr2binval( p, &attrValue, &p, flags, ctx ) ) {
+ goto parsing_error;
+ }
+
+ state = GOTAVA;
+ break;
+
+ case B4STRINGVALUE:
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAP:
+ case LDAP_DN_FORMAT_LDAPV3:
+ if ( str2strval( p, stoplen - ( p - str ),
+ &attrValue, &p, flags,
+ &attrValueEncoding, ctx ) ) {
+ goto parsing_error;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_DCE:
+ if ( DCE2strval( p, &attrValue, &p, flags, ctx ) ) {
+ goto parsing_error;
+ }
+ break;
+
+ default:
+ assert( 0 );
+ }
+
+ state = GOTAVA;
+ break;
+
+ case B4IA5VALUE:
+ if ( IA52strval( p, &attrValue, &p, flags, ctx ) ) {
+ goto parsing_error;
+ }
+
+ state = GOTAVA;
+ break;
+
+ case B4IA5VALUEQUOTED:
+
+ /* lead quote already stripped */
+ if ( quotedIA52strval( p, &attrValue,
+ &p, flags, ctx ) ) {
+ goto parsing_error;
+ }
+
+ state = GOTAVA;
+ break;
+
+ case GOTAVA: {
+ int rdnsep = 0;
+
+ if ( !( flags & LDAP_DN_SKIP ) ) {
+ LDAPAVA *ava;
+
+ /*
+ * we accept empty values
+ */
+ ava = ldapava_new( &attrType, &attrValue,
+ attrValueEncoding, ctx );
+ if ( ava == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto parsing_error;
+ }
+ tmpRDN[navas++] = ava;
+
+ attrValue.bv_val = NULL;
+ attrValue.bv_len = 0;
+
+ /*
+ * prepare room for new AVAs if needed
+ */
+ if (navas == num_slots) {
+ LDAPAVA **tmp;
+
+ if ( tmpRDN == tmpRDN_ ) {
+ tmp = LDAP_MALLOCX( num_slots * 2 * sizeof( LDAPAVA * ), ctx );
+ if ( tmp == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto parsing_error;
+ }
+ AC_MEMCPY( tmp, tmpRDN, num_slots * sizeof( LDAPAVA * ) );
+
+ } else {
+ tmp = LDAP_REALLOCX( tmpRDN, num_slots * 2 * sizeof( LDAPAVA * ), ctx );
+ if ( tmp == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto parsing_error;
+ }
+ }
+
+ tmpRDN = tmp;
+ num_slots *= 2;
+ }
+ }
+
+ /*
+ * if we got an AVA separator ('+', or ',' for DCE )
+ * we expect a new AVA for this RDN; otherwise
+ * we add the RDN to the DN
+ */
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAP:
+ case LDAP_DN_FORMAT_LDAPV3:
+ case LDAP_DN_FORMAT_LDAPV2:
+ if ( !LDAP_DN_AVA_SEP( p[ 0 ] ) ) {
+ rdnsep = 1;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_DCE:
+ if ( !LDAP_DN_AVA_SEP_DCE( p[ 0 ] ) ) {
+ rdnsep = 1;
+ }
+ break;
+ }
+
+ if ( rdnsep ) {
+ /*
+ * the RDN is over, phew
+ */
+ *n = p;
+ if ( !( flags & LDAP_DN_SKIP ) ) {
+ newRDN = (LDAPRDN)LDAP_MALLOCX(
+ sizeof(LDAPAVA) * (navas+1), ctx );
+ if ( newRDN == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto parsing_error;
+ } else {
+ AC_MEMCPY( newRDN, tmpRDN, sizeof(LDAPAVA *) * navas);
+ newRDN[navas] = NULL;
+ }
+
+ }
+ rc = LDAP_SUCCESS;
+ goto return_result;
+ }
+
+ /* they should have been used in an AVA */
+ attrType.bv_val = NULL;
+ attrValue.bv_val = NULL;
+
+ p++;
+ state = B4AVA;
+ break;
+ }
+
+ default:
+ assert( 0 );
+ goto parsing_error;
+ }
+ }
+ *n = p;
+
+parsing_error:;
+ /* They are set to NULL after they're used in an AVA */
+
+ if ( attrValue.bv_val ) {
+ LDAP_FREEX( attrValue.bv_val, ctx );
+ }
+
+ for ( navas-- ; navas >= 0; navas-- ) {
+ ldapava_free( tmpRDN[navas], ctx );
+ }
+
+return_result:;
+
+ if ( tmpRDN != tmpRDN_ ) {
+ LDAP_FREEX( tmpRDN, ctx );
+ }
+
+ if ( rdn ) {
+ *rdn = newRDN;
+ }
+
+ return( rc );
+}
+
+/*
+ * reads in a UTF-8 string value, unescaping stuff:
+ * '\' + LDAP_DN_NEEDESCAPE(c) -> 'c'
+ * '\' + HEXPAIR(p) -> unhex(p)
+ */
+static int
+str2strval( const char *str, ber_len_t stoplen, struct berval *val, const char **next, unsigned flags, int *retFlags, void *ctx )
+{
+ const char *p, *end, *startPos, *endPos = NULL;
+ ber_len_t len, escapes;
+
+ assert( str != NULL );
+ assert( val != NULL );
+ assert( next != NULL );
+
+ *next = NULL;
+ end = str + stoplen;
+ for ( startPos = p = str, escapes = 0; p < end; p++ ) {
+ if ( LDAP_DN_ESCAPE( p[ 0 ] ) ) {
+ p++;
+ if ( p[ 0 ] == '\0' ) {
+ return( 1 );
+ }
+ if ( LDAP_DN_MAYESCAPE( p[ 0 ] ) ) {
+ escapes++;
+ continue;
+ }
+
+ if ( LDAP_DN_HEXPAIR( p ) ) {
+ char c;
+
+ hexstr2bin( p, &c );
+ escapes += 2;
+
+ if ( !LDAP_DN_ASCII_PRINTABLE( c ) ) {
+
+ /*
+ * we assume the string is UTF-8
+ */
+ *retFlags = LDAP_AVA_NONPRINTABLE;
+ }
+ p++;
+
+ continue;
+ }
+
+ if ( LDAP_DN_PEDANTIC & flags ) {
+ return( 1 );
+ }
+ /*
+ * we do not allow escaping
+ * of chars that don't need
+ * to and do not belong to
+ * HEXDIGITS
+ */
+ return( 1 );
+
+ } else if ( !LDAP_DN_ASCII_PRINTABLE( p[ 0 ] ) ) {
+ if ( p[ 0 ] == '\0' ) {
+ return( 1 );
+ }
+ *retFlags = LDAP_AVA_NONPRINTABLE;
+
+ } else if ( ( LDAP_DN_LDAP( flags ) && LDAP_DN_VALUE_END_V2( p[ 0 ] ) )
+ || ( LDAP_DN_LDAPV3( flags ) && LDAP_DN_VALUE_END( p[ 0 ] ) ) ) {
+ break;
+
+ } else if ( LDAP_DN_NEEDESCAPE( p[ 0 ] ) ) {
+ /*
+ * FIXME: maybe we can add
+ * escapes if not pedantic?
+ */
+ return( 1 );
+ }
+ }
+
+ /*
+ * we do allow unescaped spaces at the end
+ * of the value only in non-pedantic mode
+ */
+ if ( p > startPos + 1 && LDAP_DN_ASCII_SPACE( p[ -1 ] ) &&
+ !LDAP_DN_ESCAPE( p[ -2 ] ) ) {
+ if ( flags & LDAP_DN_PEDANTIC ) {
+ return( 1 );
+ }
+
+ /* strip trailing (unescaped) spaces */
+ for ( endPos = p - 1;
+ endPos > startPos + 1 &&
+ LDAP_DN_ASCII_SPACE( endPos[ -1 ] ) &&
+ !LDAP_DN_ESCAPE( endPos[ -2 ] );
+ endPos-- ) {
+ /* no op */
+ }
+ }
+
+ *next = p;
+ if ( flags & LDAP_DN_SKIP ) {
+ return( 0 );
+ }
+
+ /*
+ * FIXME: test memory?
+ */
+ len = ( endPos ? endPos : p ) - startPos - escapes;
+ val->bv_len = len;
+
+ if ( escapes == 0 ) {
+ if ( *retFlags & LDAP_AVA_NONPRINTABLE ) {
+ val->bv_val = LDAP_MALLOCX( len + 1, ctx );
+ AC_MEMCPY( val->bv_val, startPos, len );
+ val->bv_val[ len ] = '\0';
+ } else {
+ val->bv_val = LDAP_STRNDUPX( startPos, len, ctx );
+ }
+
+ } else {
+ ber_len_t s, d;
+
+ val->bv_val = LDAP_MALLOCX( len + 1, ctx );
+ for ( s = 0, d = 0; d < len; ) {
+ if ( LDAP_DN_ESCAPE( startPos[ s ] ) ) {
+ s++;
+ if ( LDAP_DN_MAYESCAPE( startPos[ s ] ) ) {
+ val->bv_val[ d++ ] =
+ startPos[ s++ ];
+
+ } else if ( LDAP_DN_HEXPAIR( &startPos[ s ] ) ) {
+ char c;
+
+ hexstr2bin( &startPos[ s ], &c );
+ val->bv_val[ d++ ] = c;
+ s += 2;
+
+ } else {
+ /* we should never get here */
+ assert( 0 );
+ }
+
+ } else {
+ val->bv_val[ d++ ] = startPos[ s++ ];
+ }
+ }
+
+ val->bv_val[ d ] = '\0';
+ assert( d == len );
+ }
+
+ return( 0 );
+}
+
+static int
+DCE2strval( const char *str, struct berval *val, const char **next, unsigned flags, void *ctx )
+{
+ const char *p, *startPos, *endPos = NULL;
+ ber_len_t len, escapes;
+
+ assert( str != NULL );
+ assert( val != NULL );
+ assert( next != NULL );
+
+ *next = NULL;
+
+ for ( startPos = p = str, escapes = 0; p[ 0 ]; p++ ) {
+ if ( LDAP_DN_ESCAPE_DCE( p[ 0 ] ) ) {
+ p++;
+ if ( LDAP_DN_NEEDESCAPE_DCE( p[ 0 ] ) ) {
+ escapes++;
+
+ } else {
+ return( 1 );
+ }
+
+ } else if ( LDAP_DN_VALUE_END_DCE( p[ 0 ] ) ) {
+ break;
+ }
+
+ /*
+ * FIXME: can we accept anything else? I guess we need
+ * to stop if a value is not legal
+ */
+ }
+
+ /*
+ * (unescaped) trailing spaces are trimmed must be silently ignored;
+ * so we eat them
+ */
+ if ( p > startPos + 1 && LDAP_DN_ASCII_SPACE( p[ -1 ] ) &&
+ !LDAP_DN_ESCAPE( p[ -2 ] ) ) {
+ if ( flags & LDAP_DN_PEDANTIC ) {
+ return( 1 );
+ }
+
+ /* strip trailing (unescaped) spaces */
+ for ( endPos = p - 1;
+ endPos > startPos + 1 &&
+ LDAP_DN_ASCII_SPACE( endPos[ -1 ] ) &&
+ !LDAP_DN_ESCAPE( endPos[ -2 ] );
+ endPos-- ) {
+ /* no op */
+ }
+ }
+
+ *next = p;
+ if ( flags & LDAP_DN_SKIP ) {
+ return( 0 );
+ }
+
+ len = ( endPos ? endPos : p ) - startPos - escapes;
+ val->bv_len = len;
+ if ( escapes == 0 ){
+ val->bv_val = LDAP_STRNDUPX( startPos, len, ctx );
+
+ } else {
+ ber_len_t s, d;
+
+ val->bv_val = LDAP_MALLOCX( len + 1, ctx );
+ for ( s = 0, d = 0; d < len; ) {
+ /*
+ * This point is reached only if escapes
+ * are properly used, so all we need to
+ * do is eat them
+ */
+ if ( LDAP_DN_ESCAPE_DCE( startPos[ s ] ) ) {
+ s++;
+
+ }
+ val->bv_val[ d++ ] = startPos[ s++ ];
+ }
+ val->bv_val[ d ] = '\0';
+ assert( strlen( val->bv_val ) == len );
+ }
+
+ return( 0 );
+}
+
+static int
+IA52strval( const char *str, struct berval *val, const char **next, unsigned flags, void *ctx )
+{
+ const char *p, *startPos, *endPos = NULL;
+ ber_len_t len, escapes;
+
+ assert( str != NULL );
+ assert( val != NULL );
+ assert( next != NULL );
+
+ *next = NULL;
+
+ /*
+ * LDAPv2 (RFC 1779)
+ */
+
+ for ( startPos = p = str, escapes = 0; p[ 0 ]; p++ ) {
+ if ( LDAP_DN_ESCAPE( p[ 0 ] ) ) {
+ p++;
+ if ( p[ 0 ] == '\0' ) {
+ return( 1 );
+ }
+
+ if ( !LDAP_DN_NEEDESCAPE( p[ 0 ] )
+ && ( LDAP_DN_PEDANTIC & flags ) ) {
+ return( 1 );
+ }
+ escapes++;
+
+ } else if ( LDAP_DN_VALUE_END_V2( p[ 0 ] ) ) {
+ break;
+ }
+
+ /*
+ * FIXME: can we accept anything else? I guess we need
+ * to stop if a value is not legal
+ */
+ }
+
+ /* strip trailing (unescaped) spaces */
+ for ( endPos = p;
+ endPos > startPos + 1 &&
+ LDAP_DN_ASCII_SPACE( endPos[ -1 ] ) &&
+ !LDAP_DN_ESCAPE( endPos[ -2 ] );
+ endPos-- ) {
+ /* no op */
+ }
+
+ *next = p;
+ if ( flags & LDAP_DN_SKIP ) {
+ return( 0 );
+ }
+
+ len = ( endPos ? endPos : p ) - startPos - escapes;
+ val->bv_len = len;
+ if ( escapes == 0 ) {
+ val->bv_val = LDAP_STRNDUPX( startPos, len, ctx );
+
+ } else {
+ ber_len_t s, d;
+
+ val->bv_val = LDAP_MALLOCX( len + 1, ctx );
+ for ( s = 0, d = 0; d < len; ) {
+ if ( LDAP_DN_ESCAPE( startPos[ s ] ) ) {
+ s++;
+ }
+ val->bv_val[ d++ ] = startPos[ s++ ];
+ }
+ val->bv_val[ d ] = '\0';
+ assert( strlen( val->bv_val ) == len );
+ }
+
+ return( 0 );
+}
+
+static int
+quotedIA52strval( const char *str, struct berval *val, const char **next, unsigned flags, void *ctx )
+{
+ const char *p, *startPos, *endPos = NULL;
+ ber_len_t len;
+ unsigned escapes = 0;
+
+ assert( str != NULL );
+ assert( val != NULL );
+ assert( next != NULL );
+
+ *next = NULL;
+
+ /* initial quote already eaten */
+ for ( startPos = p = str; p[ 0 ]; p++ ) {
+ /*
+ * According to RFC 1779, the quoted value can
+ * contain escaped as well as unescaped special values;
+ * as a consequence we tolerate escaped values
+ * (e.g. '"\,"' -> '\,') and escape unescaped specials
+ * (e.g. '","' -> '\,').
+ */
+ if ( LDAP_DN_ESCAPE( p[ 0 ] ) ) {
+ if ( p[ 1 ] == '\0' ) {
+ return( 1 );
+ }
+ p++;
+
+ if ( !LDAP_DN_V2_PAIR( p[ 0 ] )
+ && ( LDAP_DN_PEDANTIC & flags ) ) {
+ /*
+ * do we allow to escape normal chars?
+ * LDAPv2 does not allow any mechanism
+ * for escaping chars with '\' and hex
+ * pair
+ */
+ return( 1 );
+ }
+ escapes++;
+
+ } else if ( LDAP_DN_QUOTES( p[ 0 ] ) ) {
+ endPos = p;
+ /* eat closing quotes */
+ p++;
+ break;
+ }
+
+ /*
+ * FIXME: can we accept anything else? I guess we need
+ * to stop if a value is not legal
+ */
+ }
+
+ if ( endPos == NULL ) {
+ return( 1 );
+ }
+
+ /* Strip trailing (unescaped) spaces */
+ for ( ; p[ 0 ] && LDAP_DN_ASCII_SPACE( p[ 0 ] ); p++ ) {
+ /* no op */
+ }
+
+ *next = p;
+ if ( flags & LDAP_DN_SKIP ) {
+ return( 0 );
+ }
+
+ len = endPos - startPos - escapes;
+ assert( endPos >= startPos + escapes );
+ val->bv_len = len;
+ if ( escapes == 0 ) {
+ val->bv_val = LDAP_STRNDUPX( startPos, len, ctx );
+
+ } else {
+ ber_len_t s, d;
+
+ val->bv_val = LDAP_MALLOCX( len + 1, ctx );
+ val->bv_len = len;
+
+ for ( s = d = 0; d < len; ) {
+ if ( LDAP_DN_ESCAPE( str[ s ] ) ) {
+ s++;
+ }
+ val->bv_val[ d++ ] = str[ s++ ];
+ }
+ val->bv_val[ d ] = '\0';
+ assert( strlen( val->bv_val ) == len );
+ }
+
+ return( 0 );
+}
+
+static int
+hexstr2bin( const char *str, char *c )
+{
+ char c1, c2;
+
+ assert( str != NULL );
+ assert( c != NULL );
+
+ c1 = str[ 0 ];
+ c2 = str[ 1 ];
+
+ if ( LDAP_DN_ASCII_DIGIT( c1 ) ) {
+ *c = c1 - '0';
+
+ } else {
+ if ( LDAP_DN_ASCII_UCASE_HEXALPHA( c1 ) ) {
+ *c = c1 - 'A' + 10;
+ } else {
+ assert( LDAP_DN_ASCII_LCASE_HEXALPHA( c1 ) );
+ *c = c1 - 'a' + 10;
+ }
+ }
+
+ *c <<= 4;
+
+ if ( LDAP_DN_ASCII_DIGIT( c2 ) ) {
+ *c += c2 - '0';
+
+ } else {
+ if ( LDAP_DN_ASCII_UCASE_HEXALPHA( c2 ) ) {
+ *c += c2 - 'A' + 10;
+ } else {
+ assert( LDAP_DN_ASCII_LCASE_HEXALPHA( c2 ) );
+ *c += c2 - 'a' + 10;
+ }
+ }
+
+ return( 0 );
+}
+
+static int
+hexstr2binval( const char *str, struct berval *val, const char **next, unsigned flags, void *ctx )
+{
+ const char *p, *startPos, *endPos = NULL;
+ ber_len_t len;
+ ber_len_t s, d;
+
+ assert( str != NULL );
+ assert( val != NULL );
+ assert( next != NULL );
+
+ *next = NULL;
+
+ for ( startPos = p = str; p[ 0 ]; p += 2 ) {
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAPV3:
+ if ( LDAP_DN_VALUE_END( p[ 0 ] ) ) {
+ goto end_of_value;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_LDAP:
+ case LDAP_DN_FORMAT_LDAPV2:
+ if ( LDAP_DN_VALUE_END_V2( p[ 0 ] ) ) {
+ goto end_of_value;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_DCE:
+ if ( LDAP_DN_VALUE_END_DCE( p[ 0 ] ) ) {
+ goto end_of_value;
+ }
+ break;
+ }
+
+ if ( LDAP_DN_ASCII_SPACE( p[ 0 ] ) ) {
+ if ( flags & LDAP_DN_PEDANTIC ) {
+ return( 1 );
+ }
+ endPos = p;
+
+ for ( ; p[ 0 ]; p++ ) {
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAPV3:
+ if ( LDAP_DN_VALUE_END( p[ 0 ] ) ) {
+ goto end_of_value;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_LDAP:
+ case LDAP_DN_FORMAT_LDAPV2:
+ if ( LDAP_DN_VALUE_END_V2( p[ 0 ] ) ) {
+ goto end_of_value;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_DCE:
+ if ( LDAP_DN_VALUE_END_DCE( p[ 0 ] ) ) {
+ goto end_of_value;
+ }
+ break;
+ }
+ }
+ break;
+ }
+
+ if ( !LDAP_DN_HEXPAIR( p ) ) {
+ return( 1 );
+ }
+ }
+
+end_of_value:;
+
+ *next = p;
+ if ( flags & LDAP_DN_SKIP ) {
+ return( 0 );
+ }
+
+ len = ( ( endPos ? endPos : p ) - startPos ) / 2;
+ /* must be even! */
+ assert( 2 * len == (ber_len_t) (( endPos ? endPos : p ) - startPos ));
+
+ val->bv_len = len;
+ val->bv_val = LDAP_MALLOCX( len + 1, ctx );
+ if ( val->bv_val == NULL ) {
+ return( LDAP_NO_MEMORY );
+ }
+
+ for ( s = 0, d = 0; d < len; s += 2, d++ ) {
+ char c;
+
+ hexstr2bin( &startPos[ s ], &c );
+
+ val->bv_val[ d ] = c;
+ }
+
+ val->bv_val[ d ] = '\0';
+
+ return( 0 );
+}
+
+/*
+ * convert a byte in a hexadecimal pair
+ */
+static int
+byte2hexpair( const char *val, char *pair )
+{
+ static const char hexdig[] = "0123456789ABCDEF";
+
+ assert( val != NULL );
+ assert( pair != NULL );
+
+ /*
+ * we assume the string has enough room for the hex encoding
+ * of the value
+ */
+
+ pair[ 0 ] = hexdig[ 0x0f & ( val[ 0 ] >> 4 ) ];
+ pair[ 1 ] = hexdig[ 0x0f & val[ 0 ] ];
+
+ return( 0 );
+}
+
+/*
+ * convert a binary value in hexadecimal pairs
+ */
+static int
+binval2hexstr( struct berval *val, char *str )
+{
+ ber_len_t s, d;
+
+ assert( val != NULL );
+ assert( str != NULL );
+
+ if ( val->bv_len == 0 ) {
+ return( 0 );
+ }
+
+ /*
+ * we assume the string has enough room for the hex encoding
+ * of the value
+ */
+
+ for ( s = 0, d = 0; s < val->bv_len; s++, d += 2 ) {
+ byte2hexpair( &val->bv_val[ s ], &str[ d ] );
+ }
+
+ return( 0 );
+}
+
+/*
+ * Length of the string representation, accounting for escaped hex
+ * of UTF-8 chars
+ */
+static int
+strval2strlen( struct berval *val, unsigned flags, ber_len_t *len )
+{
+ ber_len_t l, cl = 1;
+ char *p, *end;
+ int escaped_byte_len = LDAP_DN_IS_PRETTY( flags ) ? 1 : 3;
+#ifdef PRETTY_ESCAPE
+ int escaped_ascii_len = LDAP_DN_IS_PRETTY( flags ) ? 2 : 3;
+#endif /* PRETTY_ESCAPE */
+
+ assert( val != NULL );
+ assert( len != NULL );
+
+ *len = 0;
+ if ( val->bv_len == 0 ) {
+ return( 0 );
+ }
+
+ end = val->bv_val + val->bv_len - 1;
+ for ( l = 0, p = val->bv_val; p <= end; p += cl ) {
+
+ /*
+ * escape '%x00'
+ */
+ if ( p[ 0 ] == '\0' ) {
+ cl = 1;
+ l += 3;
+ continue;
+ }
+
+ cl = LDAP_UTF8_CHARLEN2( p, cl );
+ if ( cl == 0 ) {
+ /* illegal utf-8 char! */
+ return( -1 );
+
+ } else if ( cl > 1 ) {
+ ber_len_t cnt;
+
+ for ( cnt = 1; cnt < cl; cnt++ ) {
+ if ( ( p[ cnt ] & 0xc0 ) != 0x80 ) {
+ return( -1 );
+ }
+ }
+ l += escaped_byte_len * cl;
+
+ } else if ( LDAP_DN_NEEDESCAPE( p[ 0 ] )
+ || LDAP_DN_SHOULDESCAPE( p[ 0 ] )
+ || ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) )
+ || ( p == end && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
+#ifdef PRETTY_ESCAPE
+#if 0
+ if ( LDAP_DN_WILLESCAPE_HEX( flags, p[ 0 ] ) ) {
+#else
+ if ( LDAP_DN_WILLESCAPE_CHAR( p[ 0 ] ) ) {
+#endif
+
+ /*
+ * there might be some chars we want
+ * to escape in form of a couple
+ * of hexdigits for optimization purposes
+ */
+ l += 3;
+
+ } else {
+ l += escaped_ascii_len;
+ }
+#else /* ! PRETTY_ESCAPE */
+ l += 3;
+#endif /* ! PRETTY_ESCAPE */
+
+ } else {
+ l++;
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+/*
+ * convert to string representation, escaping with hex the UTF-8 stuff;
+ * assume the destination has enough room for escaping
+ */
+static int
+strval2str( struct berval *val, char *str, unsigned flags, ber_len_t *len )
+{
+ ber_len_t s, d, end;
+
+ assert( val != NULL );
+ assert( str != NULL );
+ assert( len != NULL );
+
+ if ( val->bv_len == 0 ) {
+ *len = 0;
+ return( 0 );
+ }
+
+ /*
+ * we assume the string has enough room for the hex encoding
+ * of the value
+ */
+ for ( s = 0, d = 0, end = val->bv_len - 1; s < val->bv_len; ) {
+ ber_len_t cl;
+
+ /*
+ * escape '%x00'
+ */
+ if ( val->bv_val[ s ] == '\0' ) {
+ cl = 1;
+ str[ d++ ] = '\\';
+ str[ d++ ] = '0';
+ str[ d++ ] = '0';
+ s++;
+ continue;
+ }
+
+ /*
+ * The length was checked in strval2strlen();
+ * LDAP_UTF8_CHARLEN() should suffice
+ */
+ cl = LDAP_UTF8_CHARLEN2( &val->bv_val[ s ], cl );
+ assert( cl > 0 );
+
+ /*
+ * there might be some chars we want to escape in form
+ * of a couple of hexdigits for optimization purposes
+ */
+ if ( ( cl > 1 && !LDAP_DN_IS_PRETTY( flags ) )
+#ifdef PRETTY_ESCAPE
+#if 0
+ || LDAP_DN_WILLESCAPE_HEX( flags, val->bv_val[ s ] )
+#else
+ || LDAP_DN_WILLESCAPE_CHAR( val->bv_val[ s ] )
+#endif
+#else /* ! PRETTY_ESCAPE */
+ || LDAP_DN_NEEDESCAPE( val->bv_val[ s ] )
+ || LDAP_DN_SHOULDESCAPE( val->bv_val[ s ] )
+ || ( d == 0 && LDAP_DN_NEEDESCAPE_LEAD( val->bv_val[ s ] ) )
+ || ( s == end && LDAP_DN_NEEDESCAPE_TRAIL( val->bv_val[ s ] ) )
+
+#endif /* ! PRETTY_ESCAPE */
+ ) {
+ for ( ; cl--; ) {
+ str[ d++ ] = '\\';
+ byte2hexpair( &val->bv_val[ s ], &str[ d ] );
+ s++;
+ d += 2;
+ }
+
+ } else if ( cl > 1 ) {
+ for ( ; cl--; ) {
+ str[ d++ ] = val->bv_val[ s++ ];
+ }
+
+ } else {
+#ifdef PRETTY_ESCAPE
+ if ( LDAP_DN_NEEDESCAPE( val->bv_val[ s ] )
+ || LDAP_DN_SHOULDESCAPE( val->bv_val[ s ] )
+ || ( d == 0 && LDAP_DN_NEEDESCAPE_LEAD( val->bv_val[ s ] ) )
+ || ( s == end && LDAP_DN_NEEDESCAPE_TRAIL( val->bv_val[ s ] ) ) ) {
+ str[ d++ ] = '\\';
+ if ( !LDAP_DN_IS_PRETTY( flags ) ) {
+ byte2hexpair( &val->bv_val[ s ], &str[ d ] );
+ s++;
+ d += 2;
+ continue;
+ }
+ }
+#endif /* PRETTY_ESCAPE */
+ str[ d++ ] = val->bv_val[ s++ ];
+ }
+ }
+
+ *len = d;
+
+ return( 0 );
+}
+
+/*
+ * Length of the IA5 string representation (no UTF-8 allowed)
+ */
+static int
+strval2IA5strlen( struct berval *val, unsigned flags, ber_len_t *len )
+{
+ ber_len_t l;
+ char *p;
+
+ assert( val != NULL );
+ assert( len != NULL );
+
+ *len = 0;
+ if ( val->bv_len == 0 ) {
+ return( 0 );
+ }
+
+ if ( flags & LDAP_AVA_NONPRINTABLE ) {
+ /*
+ * Turn value into a binary encoded BER
+ */
+ return( -1 );
+
+ } else {
+ for ( l = 0, p = val->bv_val; p[ 0 ]; p++ ) {
+ if ( LDAP_DN_NEEDESCAPE( p[ 0 ] )
+ || LDAP_DN_SHOULDESCAPE( p[ 0 ] )
+ || ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) )
+ || ( !p[ 1 ] && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
+ l += 2;
+
+ } else {
+ l++;
+ }
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+/*
+ * convert to string representation (np UTF-8)
+ * assume the destination has enough room for escaping
+ */
+static int
+strval2IA5str( struct berval *val, char *str, unsigned flags, ber_len_t *len )
+{
+ ber_len_t s, d, end;
+
+ assert( val != NULL );
+ assert( str != NULL );
+ assert( len != NULL );
+
+ if ( val->bv_len == 0 ) {
+ *len = 0;
+ return( 0 );
+ }
+
+ if ( flags & LDAP_AVA_NONPRINTABLE ) {
+ /*
+ * Turn value into a binary encoded BER
+ */
+ *len = 0;
+ return( -1 );
+
+ } else {
+ /*
+ * we assume the string has enough room for the hex encoding
+ * of the value
+ */
+
+ for ( s = 0, d = 0, end = val->bv_len - 1; s < val->bv_len; ) {
+ if ( LDAP_DN_NEEDESCAPE( val->bv_val[ s ] )
+ || LDAP_DN_SHOULDESCAPE( val->bv_val[ s ] )
+ || ( s == 0 && LDAP_DN_NEEDESCAPE_LEAD( val->bv_val[ s ] ) )
+ || ( s == end && LDAP_DN_NEEDESCAPE_TRAIL( val->bv_val[ s ] ) ) ) {
+ str[ d++ ] = '\\';
+ }
+ str[ d++ ] = val->bv_val[ s++ ];
+ }
+ }
+
+ *len = d;
+
+ return( 0 );
+}
+
+/*
+ * Length of the (supposedly) DCE string representation,
+ * accounting for escaped hex of UTF-8 chars
+ */
+static int
+strval2DCEstrlen( struct berval *val, unsigned flags, ber_len_t *len )
+{
+ ber_len_t l;
+ char *p;
+
+ assert( val != NULL );
+ assert( len != NULL );
+
+ *len = 0;
+ if ( val->bv_len == 0 ) {
+ return( 0 );
+ }
+
+ if ( flags & LDAP_AVA_NONPRINTABLE ) {
+ /*
+ * FIXME: Turn the value into a binary encoded BER?
+ */
+ return( -1 );
+
+ } else {
+ for ( l = 0, p = val->bv_val; p[ 0 ]; p++ ) {
+ if ( LDAP_DN_NEEDESCAPE_DCE( p[ 0 ] ) ) {
+ l += 2;
+
+ } else {
+ l++;
+ }
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+/*
+ * convert to (supposedly) DCE string representation,
+ * escaping with hex the UTF-8 stuff;
+ * assume the destination has enough room for escaping
+ */
+static int
+strval2DCEstr( struct berval *val, char *str, unsigned flags, ber_len_t *len )
+{
+ ber_len_t s, d;
+
+ assert( val != NULL );
+ assert( str != NULL );
+ assert( len != NULL );
+
+ if ( val->bv_len == 0 ) {
+ *len = 0;
+ return( 0 );
+ }
+
+ if ( flags & LDAP_AVA_NONPRINTABLE ) {
+ /*
+ * FIXME: Turn the value into a binary encoded BER?
+ */
+ *len = 0;
+ return( -1 );
+
+ } else {
+
+ /*
+ * we assume the string has enough room for the hex encoding
+ * of the value
+ */
+
+ for ( s = 0, d = 0; s < val->bv_len; ) {
+ if ( LDAP_DN_NEEDESCAPE_DCE( val->bv_val[ s ] ) ) {
+ str[ d++ ] = '\\';
+ }
+ str[ d++ ] = val->bv_val[ s++ ];
+ }
+ }
+
+ *len = d;
+
+ return( 0 );
+}
+
+/*
+ * Length of the (supposedly) AD canonical string representation,
+ * accounting for escaped hex of UTF-8 chars
+ */
+static int
+strval2ADstrlen( struct berval *val, unsigned flags, ber_len_t *len )
+{
+ ber_len_t l;
+ char *p;
+
+ assert( val != NULL );
+ assert( len != NULL );
+
+ *len = 0;
+ if ( val->bv_len == 0 ) {
+ return( 0 );
+ }
+
+ if ( flags & LDAP_AVA_NONPRINTABLE ) {
+ /*
+ * FIXME: Turn the value into a binary encoded BER?
+ */
+ return( -1 );
+
+ } else {
+ for ( l = 0, p = val->bv_val; p[ 0 ]; p++ ) {
+ if ( LDAP_DN_NEEDESCAPE_AD( p[ 0 ] ) ) {
+ l += 2;
+
+ } else {
+ l++;
+ }
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+/*
+ * convert to (supposedly) AD string representation,
+ * escaping with hex the UTF-8 stuff;
+ * assume the destination has enough room for escaping
+ */
+static int
+strval2ADstr( struct berval *val, char *str, unsigned flags, ber_len_t *len )
+{
+ ber_len_t s, d;
+
+ assert( val != NULL );
+ assert( str != NULL );
+ assert( len != NULL );
+
+ if ( val->bv_len == 0 ) {
+ *len = 0;
+ return( 0 );
+ }
+
+ if ( flags & LDAP_AVA_NONPRINTABLE ) {
+ /*
+ * FIXME: Turn the value into a binary encoded BER?
+ */
+ *len = 0;
+ return( -1 );
+
+ } else {
+
+ /*
+ * we assume the string has enough room for the hex encoding
+ * of the value
+ */
+
+ for ( s = 0, d = 0; s < val->bv_len; ) {
+ if ( LDAP_DN_NEEDESCAPE_AD( val->bv_val[ s ] ) ) {
+ str[ d++ ] = '\\';
+ }
+ str[ d++ ] = val->bv_val[ s++ ];
+ }
+ }
+
+ *len = d;
+
+ return( 0 );
+}
+
+/*
+ * If the DN is terminated by single-AVA RDNs with attribute type of "dc",
+ * the first part of the AD representation of the DN is written in DNS
+ * form, i.e. dot separated domain name components (as suggested
+ * by Luke Howard, http://www.padl.com/~lukeh)
+ */
+static int
+dn2domain( LDAPDN dn, struct berval *bv, int pos, int *iRDN )
+{
+ int i;
+ int domain = 0, first = 1;
+ ber_len_t l = 1; /* we move the null also */
+ char *str;
+
+ /* we are guaranteed there's enough memory in str */
+
+ /* sanity */
+ assert( dn != NULL );
+ assert( bv != NULL );
+ assert( iRDN != NULL );
+ assert( *iRDN >= 0 );
+
+ str = bv->bv_val + pos;
+
+ for ( i = *iRDN; i >= 0; i-- ) {
+ LDAPRDN rdn;
+ LDAPAVA *ava;
+
+ assert( dn[ i ] != NULL );
+ rdn = dn[ i ];
+
+ assert( rdn[ 0 ] != NULL );
+ ava = rdn[ 0 ];
+
+ if ( !LDAP_DN_IS_RDN_DC( rdn ) ) {
+ break;
+ }
+
+ domain = 1;
+
+ if ( first ) {
+ first = 0;
+ AC_MEMCPY( str, ava->la_value.bv_val,
+ ava->la_value.bv_len + 1);
+ l += ava->la_value.bv_len;
+
+ } else {
+ AC_MEMCPY( str + ava->la_value.bv_len + 1, bv->bv_val + pos, l);
+ AC_MEMCPY( str, ava->la_value.bv_val,
+ ava->la_value.bv_len );
+ str[ ava->la_value.bv_len ] = '.';
+ l += ava->la_value.bv_len + 1;
+ }
+ }
+
+ *iRDN = i;
+ bv->bv_len = pos + l - 1;
+
+ return( domain );
+}
+
+static int
+rdn2strlen( LDAPRDN rdn, unsigned flags, ber_len_t *len,
+ int ( *s2l )( struct berval *v, unsigned f, ber_len_t *l ) )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ *len = 0;
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+
+ /* len(type) + '=' + '+' | ',' */
+ l += ava->la_attr.bv_len + 2;
+
+ if ( ava->la_flags & LDAP_AVA_BINARY ) {
+ /* octothorpe + twice the length */
+ l += 1 + 2 * ava->la_value.bv_len;
+
+ } else {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( ( *s2l )( &ava->la_value, f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+static int
+rdn2str( LDAPRDN rdn, char *str, unsigned flags, ber_len_t *len,
+ int ( *s2s ) ( struct berval *v, char * s, unsigned f, ber_len_t *l ) )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+
+ AC_MEMCPY( &str[ l ], ava->la_attr.bv_val,
+ ava->la_attr.bv_len );
+ l += ava->la_attr.bv_len;
+
+ str[ l++ ] = '=';
+
+ if ( ava->la_flags & LDAP_AVA_BINARY ) {
+ str[ l++ ] = '#';
+ if ( binval2hexstr( &ava->la_value, &str[ l ] ) ) {
+ return( -1 );
+ }
+ l += 2 * ava->la_value.bv_len;
+
+ } else {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( ( *s2s )( &ava->la_value, &str[ l ], f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ }
+ str[ l++ ] = ( rdn[ iAVA + 1] ? '+' : ',' );
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+static int
+rdn2DCEstrlen( LDAPRDN rdn, unsigned flags, ber_len_t *len )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ *len = 0;
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+
+ /* len(type) + '=' + ',' | '/' */
+ l += ava->la_attr.bv_len + 2;
+
+ if ( ava->la_flags & LDAP_AVA_BINARY ) {
+ /* octothorpe + twice the length */
+ l += 1 + 2 * ava->la_value.bv_len;
+ } else {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( strval2DCEstrlen( &ava->la_value, f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+static int
+rdn2DCEstr( LDAPRDN rdn, char *str, unsigned flags, ber_len_t *len, int first )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+
+ if ( first ) {
+ first = 0;
+ } else {
+ str[ l++ ] = ( iAVA ? ',' : '/' );
+ }
+
+ AC_MEMCPY( &str[ l ], ava->la_attr.bv_val,
+ ava->la_attr.bv_len );
+ l += ava->la_attr.bv_len;
+
+ str[ l++ ] = '=';
+
+ if ( ava->la_flags & LDAP_AVA_BINARY ) {
+ str[ l++ ] = '#';
+ if ( binval2hexstr( &ava->la_value, &str[ l ] ) ) {
+ return( -1 );
+ }
+ l += 2 * ava->la_value.bv_len;
+ } else {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( strval2DCEstr( &ava->la_value, &str[ l ], f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+static int
+rdn2UFNstrlen( LDAPRDN rdn, unsigned flags, ber_len_t *len )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ assert( rdn != NULL );
+ assert( len != NULL );
+
+ *len = 0;
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+
+ /* ' + ' | ', ' */
+ l += ( rdn[ iAVA + 1 ] ? 3 : 2 );
+
+ /* FIXME: are binary values allowed in UFN? */
+ if ( ava->la_flags & LDAP_AVA_BINARY ) {
+ /* octothorpe + twice the value */
+ l += 1 + 2 * ava->la_value.bv_len;
+
+ } else {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( strval2strlen( &ava->la_value, f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+static int
+rdn2UFNstr( LDAPRDN rdn, char *str, unsigned flags, ber_len_t *len )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+
+ if ( ava->la_flags & LDAP_AVA_BINARY ) {
+ str[ l++ ] = '#';
+ if ( binval2hexstr( &ava->la_value, &str[ l ] ) ) {
+ return( -1 );
+ }
+ l += 2 * ava->la_value.bv_len;
+
+ } else {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( strval2str( &ava->la_value, &str[ l ], f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ }
+
+ if ( rdn[ iAVA + 1 ] ) {
+ AC_MEMCPY( &str[ l ], " + ", 3 );
+ l += 3;
+
+ } else {
+ AC_MEMCPY( &str[ l ], ", ", 2 );
+ l += 2;
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+static int
+rdn2ADstrlen( LDAPRDN rdn, unsigned flags, ber_len_t *len )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ assert( rdn != NULL );
+ assert( len != NULL );
+
+ *len = 0;
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+
+ /* ',' | '/' */
+ l++;
+
+ /* FIXME: are binary values allowed in UFN? */
+ if ( ava->la_flags & LDAP_AVA_BINARY ) {
+ /* octothorpe + twice the value */
+ l += 1 + 2 * ava->la_value.bv_len;
+ } else {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( strval2ADstrlen( &ava->la_value, f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+static int
+rdn2ADstr( LDAPRDN rdn, char *str, unsigned flags, ber_len_t *len, int first )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+
+ if ( first ) {
+ first = 0;
+ } else {
+ str[ l++ ] = ( iAVA ? ',' : '/' );
+ }
+
+ if ( ava->la_flags & LDAP_AVA_BINARY ) {
+ str[ l++ ] = '#';
+ if ( binval2hexstr( &ava->la_value, &str[ l ] ) ) {
+ return( -1 );
+ }
+ l += 2 * ava->la_value.bv_len;
+ } else {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( strval2ADstr( &ava->la_value, &str[ l ], f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+/*
+ * ldap_rdn2str
+ *
+ * Returns in str a string representation of rdn based on flags.
+ * There is some duplication of code between this and ldap_dn2str;
+ * this is wanted to reduce the allocation of temporary buffers.
+ */
+int
+ldap_rdn2str( LDAPRDN rdn, char **str, unsigned flags )
+{
+ struct berval bv;
+ int rc;
+
+ assert( str != NULL );
+
+ if((flags & LDAP_DN_FORMAT_MASK) == LDAP_DN_FORMAT_LBER) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ rc = ldap_rdn2bv_x( rdn, &bv, flags, NULL );
+ *str = bv.bv_val;
+ return rc;
+}
+
+int
+ldap_rdn2bv( LDAPRDN rdn, struct berval *bv, unsigned flags )
+{
+ return ldap_rdn2bv_x( rdn, bv, flags, NULL );
+}
+
+int
+ldap_rdn2bv_x( LDAPRDN rdn, struct berval *bv, unsigned flags, void *ctx )
+{
+ int rc, back;
+ ber_len_t l;
+
+ assert( bv != NULL );
+
+ bv->bv_len = 0;
+ bv->bv_val = NULL;
+
+ if ( rdn == NULL ) {
+ bv->bv_val = LDAP_STRDUPX( "", ctx );
+ return( LDAP_SUCCESS );
+ }
+
+ /*
+ * This routine wastes "back" bytes at the end of the string
+ */
+
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAPV3:
+ if ( rdn2strlen( rdn, flags, &l, strval2strlen ) ) {
+ return LDAP_DECODING_ERROR;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_LDAPV2:
+ if ( rdn2strlen( rdn, flags, &l, strval2IA5strlen ) ) {
+ return LDAP_DECODING_ERROR;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_UFN:
+ if ( rdn2UFNstrlen( rdn, flags, &l ) ) {
+ return LDAP_DECODING_ERROR;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_DCE:
+ if ( rdn2DCEstrlen( rdn, flags, &l ) ) {
+ return LDAP_DECODING_ERROR;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_AD_CANONICAL:
+ if ( rdn2ADstrlen( rdn, flags, &l ) ) {
+ return LDAP_DECODING_ERROR;
+ }
+ break;
+
+ default:
+ return LDAP_PARAM_ERROR;
+ }
+
+ bv->bv_val = LDAP_MALLOCX( l + 1, ctx );
+
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAPV3:
+ rc = rdn2str( rdn, bv->bv_val, flags, &l, strval2str );
+ back = 1;
+ break;
+
+ case LDAP_DN_FORMAT_LDAPV2:
+ rc = rdn2str( rdn, bv->bv_val, flags, &l, strval2IA5str );
+ back = 1;
+ break;
+
+ case LDAP_DN_FORMAT_UFN:
+ rc = rdn2UFNstr( rdn, bv->bv_val, flags, &l );
+ back = 2;
+ break;
+
+ case LDAP_DN_FORMAT_DCE:
+ rc = rdn2DCEstr( rdn, bv->bv_val, flags, &l, 1 );
+ back = 0;
+ break;
+
+ case LDAP_DN_FORMAT_AD_CANONICAL:
+ rc = rdn2ADstr( rdn, bv->bv_val, flags, &l, 1 );
+ back = 0;
+ break;
+
+ default:
+ /* need at least one of the previous */
+ return LDAP_PARAM_ERROR;
+ }
+
+ if ( rc ) {
+ LDAP_FREEX( bv->bv_val, ctx );
+ return rc;
+ }
+
+ bv->bv_len = l - back;
+ bv->bv_val[ bv->bv_len ] = '\0';
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Very bulk implementation; many optimizations can be performed
+ * - a NULL dn results in an empty string ""
+ *
+ * FIXME: doubts
+ * a) what do we do if a UTF-8 string must be converted in LDAPv2?
+ * we must encode it in binary form ('#' + HEXPAIRs)
+ * b) does DCE/AD support UTF-8?
+ * no clue; don't think so.
+ * c) what do we do when binary values must be converted in UTF/DCE/AD?
+ * use binary encoded BER
+ */
+int ldap_dn2str( LDAPDN dn, char **str, unsigned flags )
+{
+ struct berval bv;
+ int rc;
+
+ assert( str != NULL );
+
+ if((flags & LDAP_DN_FORMAT_MASK) == LDAP_DN_FORMAT_LBER) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ rc = ldap_dn2bv_x( dn, &bv, flags, NULL );
+ *str = bv.bv_val;
+ return rc;
+}
+
+int ldap_dn2bv( LDAPDN dn, struct berval *bv, unsigned flags )
+{
+ return ldap_dn2bv_x( dn, bv, flags, NULL );
+}
+
+int ldap_dn2bv_x( LDAPDN dn, struct berval *bv, unsigned flags, void *ctx )
+{
+ int iRDN;
+ int rc = LDAP_ENCODING_ERROR;
+ ber_len_t len, l;
+
+ /* stringifying helpers for LDAPv3/LDAPv2 */
+ int ( *sv2l ) ( struct berval *v, unsigned f, ber_len_t *l );
+ int ( *sv2s ) ( struct berval *v, char *s, unsigned f, ber_len_t *l );
+
+ assert( bv != NULL );
+ bv->bv_len = 0;
+ bv->bv_val = NULL;
+
+ Debug( LDAP_DEBUG_ARGS, "=> ldap_dn2bv(%u)\n", flags, 0, 0 );
+
+ /*
+ * a null dn means an empty dn string
+ * FIXME: better raise an error?
+ */
+ if ( dn == NULL ) {
+ bv->bv_val = LDAP_STRDUPX( "", ctx );
+ return( LDAP_SUCCESS );
+ }
+
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAPV3:
+ sv2l = strval2strlen;
+ sv2s = strval2str;
+
+ if( 0 ) {
+ case LDAP_DN_FORMAT_LDAPV2:
+ sv2l = strval2IA5strlen;
+ sv2s = strval2IA5str;
+ }
+
+ for ( iRDN = 0, len = 0; dn[ iRDN ]; iRDN++ ) {
+ ber_len_t rdnl;
+ if ( rdn2strlen( dn[ iRDN ], flags, &rdnl, sv2l ) ) {
+ goto return_results;
+ }
+
+ len += rdnl;
+ }
+
+ if ( ( bv->bv_val = LDAP_MALLOCX( len + 1, ctx ) ) == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ break;
+ }
+
+ for ( l = 0, iRDN = 0; dn[ iRDN ]; iRDN++ ) {
+ ber_len_t rdnl;
+
+ if ( rdn2str( dn[ iRDN ], &bv->bv_val[ l ], flags,
+ &rdnl, sv2s ) ) {
+ LDAP_FREEX( bv->bv_val, ctx );
+ bv->bv_val = NULL;
+ goto return_results;
+ }
+ l += rdnl;
+ }
+
+ assert( l == len );
+
+ /*
+ * trim the last ',' (the allocated memory
+ * is one byte longer than required)
+ */
+ bv->bv_len = len - 1;
+ bv->bv_val[ bv->bv_len ] = '\0';
+
+ rc = LDAP_SUCCESS;
+ break;
+
+ case LDAP_DN_FORMAT_UFN: {
+ /*
+ * FIXME: quoting from RFC 1781:
+ *
+ To take a distinguished name, and generate a name of this format with
+ attribute types omitted, the following steps are followed.
+
+ 1. If the first attribute is of type CommonName, the type may be
+ omitted.
+
+ 2. If the last attribute is of type Country, the type may be
+ omitted.
+
+ 3. If the last attribute is of type Country, the last
+ Organisation attribute may have the type omitted.
+
+ 4. All attributes of type OrganisationalUnit may have the type
+ omitted, unless they are after an Organisation attribute or
+ the first attribute is of type OrganisationalUnit.
+
+ * this should be the pedantic implementation.
+ *
+ * Here the standard implementation reflects
+ * the one historically provided by OpenLDAP
+ * (and UMIch, I presume), with the variant
+ * of spaces and plusses (' + ') separating
+ * rdn components.
+ *
+ * A non-standard but nice implementation could
+ * be to turn the final "dc" attributes into a
+ * dot-separated domain.
+ *
+ * Other improvements could involve the use of
+ * friendly country names and so.
+ */
+#ifdef DC_IN_UFN
+ int leftmost_dc = -1;
+ int last_iRDN = -1;
+#endif /* DC_IN_UFN */
+
+ for ( iRDN = 0, len = 0; dn[ iRDN ]; iRDN++ ) {
+ ber_len_t rdnl;
+
+ if ( rdn2UFNstrlen( dn[ iRDN ], flags, &rdnl ) ) {
+ goto return_results;
+ }
+ len += rdnl;
+
+#ifdef DC_IN_UFN
+ if ( LDAP_DN_IS_RDN_DC( dn[ iRDN ] ) ) {
+ if ( leftmost_dc == -1 ) {
+ leftmost_dc = iRDN;
+ }
+ } else {
+ leftmost_dc = -1;
+ }
+#endif /* DC_IN_UFN */
+ }
+
+ if ( ( bv->bv_val = LDAP_MALLOCX( len + 1, ctx ) ) == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ break;
+ }
+
+#ifdef DC_IN_UFN
+ if ( leftmost_dc == -1 ) {
+#endif /* DC_IN_UFN */
+ for ( l = 0, iRDN = 0; dn[ iRDN ]; iRDN++ ) {
+ ber_len_t vl;
+
+ if ( rdn2UFNstr( dn[ iRDN ], &bv->bv_val[ l ],
+ flags, &vl ) ) {
+ LDAP_FREEX( bv->bv_val, ctx );
+ bv->bv_val = NULL;
+ goto return_results;
+ }
+ l += vl;
+ }
+
+ /*
+ * trim the last ', ' (the allocated memory
+ * is two bytes longer than required)
+ */
+ bv->bv_len = len - 2;
+ bv->bv_val[ bv->bv_len ] = '\0';
+#ifdef DC_IN_UFN
+ } else {
+ last_iRDN = iRDN - 1;
+
+ for ( l = 0, iRDN = 0; iRDN < leftmost_dc; iRDN++ ) {
+ ber_len_t vl;
+
+ if ( rdn2UFNstr( dn[ iRDN ], &bv->bv_val[ l ],
+ flags, &vl ) ) {
+ LDAP_FREEX( bv->bv_val, ctx );
+ bv->bv_val = NULL;
+ goto return_results;
+ }
+ l += vl;
+ }
+
+ if ( !dn2domain( dn, bv, l, &last_iRDN ) ) {
+ LDAP_FREEX( bv->bv_val, ctx );
+ bv->bv_val = NULL;
+ goto return_results;
+ }
+
+ /* the string is correctly terminated by dn2domain */
+ }
+#endif /* DC_IN_UFN */
+
+ rc = LDAP_SUCCESS;
+
+ } break;
+
+ case LDAP_DN_FORMAT_DCE:
+ for ( iRDN = 0, len = 0; dn[ iRDN ]; iRDN++ ) {
+ ber_len_t rdnl;
+ if ( rdn2DCEstrlen( dn[ iRDN ], flags, &rdnl ) ) {
+ goto return_results;
+ }
+
+ len += rdnl;
+ }
+
+ if ( ( bv->bv_val = LDAP_MALLOCX( len + 1, ctx ) ) == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ break;
+ }
+
+ for ( l = 0; iRDN--; ) {
+ ber_len_t rdnl;
+
+ if ( rdn2DCEstr( dn[ iRDN ], &bv->bv_val[ l ], flags,
+ &rdnl, 0 ) ) {
+ LDAP_FREEX( bv->bv_val, ctx );
+ bv->bv_val = NULL;
+ goto return_results;
+ }
+ l += rdnl;
+ }
+
+ assert( l == len );
+
+ bv->bv_len = len;
+ bv->bv_val[ bv->bv_len ] = '\0';
+
+ rc = LDAP_SUCCESS;
+ break;
+
+ case LDAP_DN_FORMAT_AD_CANONICAL: {
+ int trailing_slash = 1;
+
+ /*
+ * Sort of UFN for DCE DNs: a slash ('/') separated
+ * global->local DN with no types; strictly speaking,
+ * the naming context should be a domain, which is
+ * written in DNS-style, e.g. dot-deparated.
+ *
+ * Example:
+ *
+ * "givenName=Bill+sn=Gates,ou=People,dc=microsoft,dc=com"
+ *
+ * will read
+ *
+ * "microsoft.com/People/Bill,Gates"
+ */
+ for ( iRDN = 0, len = -1; dn[ iRDN ]; iRDN++ ) {
+ ber_len_t rdnl;
+
+ if ( rdn2ADstrlen( dn[ iRDN ], flags, &rdnl ) ) {
+ goto return_results;
+ }
+
+ len += rdnl;
+ }
+
+ /* reserve room for trailing '/' in case the DN
+ * is exactly a domain */
+ if ( ( bv->bv_val = LDAP_MALLOCX( len + 1 + 1, ctx ) ) == NULL )
+ {
+ rc = LDAP_NO_MEMORY;
+ break;
+ }
+
+ iRDN--;
+ if ( iRDN && dn2domain( dn, bv, 0, &iRDN ) != 0 ) {
+ for ( l = bv->bv_len; iRDN >= 0 ; iRDN-- ) {
+ ber_len_t rdnl;
+
+ trailing_slash = 0;
+
+ if ( rdn2ADstr( dn[ iRDN ], &bv->bv_val[ l ],
+ flags, &rdnl, 0 ) ) {
+ LDAP_FREEX( bv->bv_val, ctx );
+ bv->bv_val = NULL;
+ goto return_results;
+ }
+ l += rdnl;
+ }
+
+ } else {
+ int first = 1;
+
+ /*
+ * Strictly speaking, AD canonical requires
+ * a DN to be in the form "..., dc=smtg",
+ * i.e. terminated by a domain component
+ */
+ if ( flags & LDAP_DN_PEDANTIC ) {
+ LDAP_FREEX( bv->bv_val, ctx );
+ bv->bv_val = NULL;
+ rc = LDAP_ENCODING_ERROR;
+ break;
+ }
+
+ for ( l = 0; iRDN >= 0 ; iRDN-- ) {
+ ber_len_t rdnl;
+
+ if ( rdn2ADstr( dn[ iRDN ], &bv->bv_val[ l ],
+ flags, &rdnl, first ) ) {
+ LDAP_FREEX( bv->bv_val, ctx );
+ bv->bv_val = NULL;
+ goto return_results;
+ }
+ if ( first ) {
+ first = 0;
+ }
+ l += rdnl;
+ }
+ }
+
+ if ( trailing_slash ) {
+ /* the DN is exactly a domain -- need a trailing
+ * slash; room was reserved in advance */
+ bv->bv_val[ len ] = '/';
+ len++;
+ }
+
+ bv->bv_len = len;
+ bv->bv_val[ bv->bv_len ] = '\0';
+
+ rc = LDAP_SUCCESS;
+ } break;
+
+ default:
+ return LDAP_PARAM_ERROR;
+ }
+
+ Debug( LDAP_DEBUG_ARGS, "<= ldap_dn2bv(%s)=%d %s\n",
+ bv->bv_val, rc, rc ? ldap_err2string( rc ) : "" );
+
+return_results:;
+ return( rc );
+}
+
+#ifdef HAVE_TLS
+#include <openssl/x509.h>
+#include <openssl/err.h>
+
+/* Convert a structured DN from an X.509 certificate into an LDAPV3 DN.
+ * x509_name must be an (X509_NAME *). If func is non-NULL, the
+ * constructed DN will use numeric OIDs to identify attributeTypes,
+ * and the func() will be invoked to rewrite the DN with the given
+ * flags.
+ *
+ * Otherwise the DN will use shortNames as defined in the OpenSSL
+ * library.
+ *
+ * It's preferable to let slapd do the OID to attributeType mapping,
+ * because the OpenSSL tables are known to have many typos in versions
+ * up to (at least) 0.9.6c. However, the LDAP client has no schema tables,
+ * so we're forced to use OpenSSL's mapping there.
+ * -- Howard Chu 2002-04-18
+ */
+
+int
+ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
+ unsigned flags )
+{
+ LDAPDN newDN;
+ LDAPRDN newRDN;
+ LDAPAVA *newAVA, *baseAVA;
+ X509_NAME_ENTRY *ne;
+ ASN1_OBJECT *obj;
+ ASN1_STRING *str;
+ char oids[8192], *oidptr = oids, *oidbuf = NULL;
+ void *ptrs[2048];
+ int i, j, k = 0, navas, nrdns, rc = LDAP_SUCCESS;
+ int set = -1;
+ size_t dnsize, oidrem = sizeof(oids), oidsize = 0;
+ int csize;
+
+ struct berval Val;
+
+ assert( bv != NULL );
+ bv->bv_len = 0;
+ bv->bv_val = NULL;
+
+ /* Get the number of AVAs. This is not necessarily the same as
+ * the number of RDNs.
+ */
+ navas = X509_NAME_entry_count( x509_name );
+
+ /* Get the last element, to see how many RDNs there are */
+ ne = X509_NAME_get_entry( x509_name, navas - 1 );
+ nrdns = ne->set + 1;
+
+ /* Allocate the DN/RDN/AVA stuff as a single block */
+ dnsize = sizeof(LDAPRDN) * (nrdns+1);
+ dnsize += sizeof(LDAPAVA *) * (navas+nrdns);
+ dnsize += sizeof(LDAPAVA) * navas;
+ if (dnsize > sizeof(ptrs)) {
+ newDN = (LDAPDN)LDAP_MALLOC( dnsize );
+ if ( newDN == NULL )
+ return LDAP_NO_MEMORY;
+ } else {
+ newDN = (LDAPDN)ptrs;
+ }
+
+ newDN[nrdns] = NULL;
+ newRDN = (LDAPRDN)(newDN + nrdns+1);
+ newAVA = (LDAPAVA *)(newRDN + navas + nrdns);
+ baseAVA = newAVA;
+
+ /* Retrieve RDNs in reverse order; LDAP is backwards from X.500. */
+ for ( i = nrdns - 1, j = 0; i >= 0; i-- ) {
+ ne = X509_NAME_get_entry( x509_name, i );
+ obj = X509_NAME_ENTRY_get_object( ne );
+ str = X509_NAME_ENTRY_get_data( ne );
+
+ /* If set changed, move to next RDN */
+ if ( set != ne->set ) {
+ /* If this is not the first time, end the
+ * previous RDN and advance.
+ */
+ if ( j > 0 ) {
+ newRDN[k] = NULL;
+ newRDN += k+1;
+ }
+ newDN[j++] = newRDN;
+
+ k = 0;
+ set = ne->set;
+ }
+ newAVA->la_private = NULL;
+ newAVA->la_flags = LDAP_AVA_STRING;
+
+ if ( !func ) {
+ int n = OBJ_obj2nid( obj );
+
+ if (n == NID_undef)
+ goto get_oid;
+ newAVA->la_attr.bv_val = (char *)OBJ_nid2sn( n );
+ newAVA->la_attr.bv_len = strlen( newAVA->la_attr.bv_val );
+#ifdef HAVE_EBCDIC
+ newAVA->la_attr.bv_val = LDAP_STRDUP( newAVA->la_attr.bv_val );
+ __etoa( newAVA->la_attr.bv_val );
+ newAVA->la_flags |= LDAP_AVA_FREE_ATTR;
+#endif
+ } else {
+get_oid: newAVA->la_attr.bv_val = oidptr;
+ newAVA->la_attr.bv_len = OBJ_obj2txt( oidptr, oidrem, obj, 1 );
+#ifdef HAVE_EBCDIC
+ __etoa( newAVA->la_attr.bv_val );
+#endif
+ oidptr += newAVA->la_attr.bv_len + 1;
+ oidrem -= newAVA->la_attr.bv_len + 1;
+
+ /* Running out of OID buffer space? */
+ if (oidrem < 128) {
+ if ( oidsize == 0 ) {
+ oidsize = sizeof(oids) * 2;
+ oidrem = oidsize;
+ oidbuf = LDAP_MALLOC( oidsize );
+ if ( oidbuf == NULL ) goto nomem;
+ oidptr = oidbuf;
+ } else {
+ char *old = oidbuf;
+ oidbuf = LDAP_REALLOC( oidbuf, oidsize*2 );
+ if ( oidbuf == NULL ) goto nomem;
+ /* Buffer moved! Fix AVA pointers */
+ if ( old != oidbuf ) {
+ LDAPAVA *a;
+ long dif = oidbuf - old;
+
+ for (a=baseAVA; a<=newAVA; a++){
+ if (a->la_attr.bv_val >= old &&
+ a->la_attr.bv_val <= (old + oidsize))
+ a->la_attr.bv_val += dif;
+ }
+ }
+ oidptr = oidbuf + oidsize - oidrem;
+ oidrem += oidsize;
+ oidsize *= 2;
+ }
+ }
+ }
+ Val.bv_val = (char *) str->data;
+ Val.bv_len = str->length;
+ switch( str->type ) {
+ case V_ASN1_UNIVERSALSTRING:
+ /* This uses 32-bit ISO 10646-1 */
+ csize = 4; goto to_utf8;
+ case V_ASN1_BMPSTRING:
+ /* This uses 16-bit ISO 10646-1 */
+ csize = 2; goto to_utf8;
+ case V_ASN1_T61STRING:
+ /* This uses 8-bit, assume ISO 8859-1 */
+ csize = 1;
+to_utf8: rc = ldap_ucs_to_utf8s( &Val, csize, &newAVA->la_value );
+ newAVA->la_flags |= LDAP_AVA_FREE_VALUE;
+ if (rc != LDAP_SUCCESS) goto nomem;
+ newAVA->la_flags = LDAP_AVA_NONPRINTABLE;
+ break;
+ case V_ASN1_UTF8STRING:
+ newAVA->la_flags = LDAP_AVA_NONPRINTABLE;
+ /* This is already in UTF-8 encoding */
+ case V_ASN1_IA5STRING:
+ case V_ASN1_PRINTABLESTRING:
+ /* These are always 7-bit strings */
+ newAVA->la_value = Val;
+ default:
+ ;
+ }
+ newRDN[k] = newAVA;
+ newAVA++;
+ k++;
+ }
+ newRDN[k] = NULL;
+
+ if ( func ) {
+ rc = func( newDN, flags, NULL );
+ if ( rc != LDAP_SUCCESS )
+ goto nomem;
+ }
+
+ rc = ldap_dn2bv_x( newDN, bv, LDAP_DN_FORMAT_LDAPV3, NULL );
+
+nomem:
+ for (;baseAVA < newAVA; baseAVA++) {
+ if (baseAVA->la_flags & LDAP_AVA_FREE_ATTR)
+ LDAP_FREE( baseAVA->la_attr.bv_val );
+ if (baseAVA->la_flags & LDAP_AVA_FREE_VALUE)
+ LDAP_FREE( baseAVA->la_value.bv_val );
+ }
+
+ if ( oidsize != 0 )
+ LDAP_FREE( oidbuf );
+ if ( newDN != (LDAPDN) ptrs )
+ LDAP_FREE( newDN );
+ return rc;
+}
+#endif /* HAVE_TLS */
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/getentry.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/getentry.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/getentry.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,124 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/getentry.c,v 1.26.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+/* ARGSUSED */
+LDAPMessage *
+ldap_first_entry( LDAP *ld, LDAPMessage *chain )
+{
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( chain != NULL );
+
+ return chain->lm_msgtype == LDAP_RES_SEARCH_ENTRY
+ ? chain
+ : ldap_next_entry( ld, chain );
+}
+
+LDAPMessage *
+ldap_next_entry( LDAP *ld, LDAPMessage *entry )
+{
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( entry != NULL );
+
+ for(
+ entry = entry->lm_chain;
+ entry != NULL;
+ entry = entry->lm_chain )
+ {
+ if( entry->lm_msgtype == LDAP_RES_SEARCH_ENTRY ) {
+ return( entry );
+ }
+ }
+
+ return( NULL );
+}
+
+int
+ldap_count_entries( LDAP *ld, LDAPMessage *chain )
+{
+ int i;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+
+ for ( i = 0; chain != NULL; chain = chain->lm_chain ) {
+ if( chain->lm_msgtype == LDAP_RES_SEARCH_ENTRY ) {
+ i++;
+ }
+ }
+
+ return( i );
+}
+
+int
+ldap_get_entry_controls(
+ LDAP *ld,
+ LDAPMessage *entry,
+ LDAPControl ***sctrls )
+{
+ int rc;
+ BerElement be;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( entry != NULL );
+ assert( sctrls != NULL );
+
+ if ( entry->lm_msgtype != LDAP_RES_SEARCH_ENTRY ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ /* make a local copy of the BerElement */
+ AC_MEMCPY(&be, entry->lm_ber, sizeof(be));
+
+ if ( ber_scanf( &be, "{xx" /*}*/ ) == LBER_ERROR ) {
+ rc = LDAP_DECODING_ERROR;
+ goto cleanup_and_return;
+ }
+
+ rc = ldap_pvt_get_controls( &be, sctrls );
+
+cleanup_and_return:
+ if( rc != LDAP_SUCCESS ) {
+ ld->ld_errno = rc;
+
+ if( ld->ld_matched != NULL ) {
+ LDAP_FREE( ld->ld_matched );
+ ld->ld_matched = NULL;
+ }
+
+ if( ld->ld_error != NULL ) {
+ LDAP_FREE( ld->ld_error );
+ ld->ld_error = NULL;
+ }
+ }
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/getvalues.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/getvalues.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/getvalues.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,211 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/getvalues.c,v 1.24.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+char **
+ldap_get_values( LDAP *ld, LDAPMessage *entry, LDAP_CONST char *target )
+{
+ BerElement ber;
+ char *attr;
+ int found = 0;
+ char **vals;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( entry != NULL );
+ assert( target != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_get_values\n", 0, 0, 0 );
+
+ ber = *entry->lm_ber;
+
+ /* skip sequence, dn, sequence of, and snag the first attr */
+ if ( ber_scanf( &ber, "{x{{a" /*}}}*/, &attr ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return( NULL );
+ }
+
+ if ( strcasecmp( target, attr ) == 0 )
+ found = 1;
+
+ /* break out on success, return out on error */
+ while ( ! found ) {
+ LDAP_FREE(attr);
+ attr = NULL;
+
+ if ( ber_scanf( &ber, /*{*/ "x}{a" /*}*/, &attr ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return( NULL );
+ }
+
+ if ( strcasecmp( target, attr ) == 0 )
+ break;
+
+ }
+
+ LDAP_FREE(attr);
+ attr = NULL;
+
+ /*
+ * if we get this far, we've found the attribute and are sitting
+ * just before the set of values.
+ */
+
+ if ( ber_scanf( &ber, "[v]", &vals ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return( NULL );
+ }
+
+ return( vals );
+}
+
+struct berval **
+ldap_get_values_len( LDAP *ld, LDAPMessage *entry, LDAP_CONST char *target )
+{
+ BerElement ber;
+ char *attr;
+ int found = 0;
+ struct berval **vals;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( entry != NULL );
+ assert( target != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_get_values_len\n", 0, 0, 0 );
+
+ ber = *entry->lm_ber;
+
+ /* skip sequence, dn, sequence of, and snag the first attr */
+ if ( ber_scanf( &ber, "{x{{a" /* }}} */, &attr ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return( NULL );
+ }
+
+ if ( strcasecmp( target, attr ) == 0 )
+ found = 1;
+
+ /* break out on success, return out on error */
+ while ( ! found ) {
+ LDAP_FREE( attr );
+ attr = NULL;
+
+ if ( ber_scanf( &ber, /*{*/ "x}{a" /*}*/, &attr ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return( NULL );
+ }
+
+ if ( strcasecmp( target, attr ) == 0 )
+ break;
+ }
+
+ LDAP_FREE( attr );
+ attr = NULL;
+
+ /*
+ * if we get this far, we've found the attribute and are sitting
+ * just before the set of values.
+ */
+
+ if ( ber_scanf( &ber, "[V]", &vals ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return( NULL );
+ }
+
+ return( vals );
+}
+
+int
+ldap_count_values( char **vals )
+{
+ int i;
+
+ if ( vals == NULL )
+ return( 0 );
+
+ for ( i = 0; vals[i] != NULL; i++ )
+ ; /* NULL */
+
+ return( i );
+}
+
+int
+ldap_count_values_len( struct berval **vals )
+{
+ return( ldap_count_values( (char **) vals ) );
+}
+
+void
+ldap_value_free( char **vals )
+{
+ LDAP_VFREE( vals );
+}
+
+void
+ldap_value_free_len( struct berval **vals )
+{
+ ber_bvecfree( vals );
+}
+
+char **
+ldap_value_dup( char *const *vals )
+{
+ char **new;
+ int i;
+
+ if( vals == NULL ) {
+ return NULL;
+ }
+
+ for( i=0; vals[i]; i++ ) {
+ ; /* Count the number of values */
+ }
+
+ if( i == 0 ) {
+ return NULL;
+ }
+
+ new = LDAP_MALLOC( (i+1)*sizeof(char *) ); /* Alloc array of pointers */
+ if( new == NULL ) {
+ return NULL;
+ }
+
+ for( i=0; vals[i]; i++ ) {
+ new[i] = LDAP_STRDUP( vals[i] ); /* Dup each value */
+ if( new[i] == NULL ) {
+ LDAP_VFREE( new );
+ return NULL;
+ }
+ }
+ new[i] = NULL;
+
+ return new;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/groupings.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/groupings.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/groupings.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,144 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/groupings.c,v 1.4.2.4 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This program was orignally developed by Kurt D. Zeilenga for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <ac/stdlib.h>
+
+#include <ac/time.h>
+#include <ac/string.h>
+
+#include "ldap-int.h"
+
+#ifdef LDAP_EXOP_GROUPING_CREATE
+
+int ldap_grouping_create(
+ LDAP *ld,
+ LDAP_CONST char *grpoid,
+ struct berval *grpdata,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ int rc;
+ BerElement *ber = NULL;
+ struct berval bv = BER_BVNULL;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_grouping_create\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( grpoid != NULL || *grpoid == '\0' );
+ assert( msgidp != NULL );
+
+ /* build the create grouping exop */
+ ber = ber_alloc_t( LBER_USE_DER );
+ if( ber == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return( ld->ld_errno );
+ }
+
+ if ( grpdata != NULL ) {
+ ber_printf( ber, "{sON}", grpoid, grpdata );
+ } else {
+ ber_printf( ber, "{sN}", grpoid );
+ }
+
+ rc = ber_flatten2( ber, &bv, 0 );
+ if( rc < 0 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ return( ld->ld_errno );
+ }
+
+ rc = ldap_extended_operation( ld, LDAP_EXOP_GROUPING_CREATE,
+ &bv, sctrls, cctrls, msgidp );
+
+ ber_free( ber, 1 );
+ return rc;
+}
+
+int ldap_grouping_create_s(
+ LDAP *ld,
+ LDAP_CONST char *grpoid,
+ struct berval *grpdata,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ struct berval **retgrpcookiep,
+ struct berval **retgrpdatap )
+{
+ int rc;
+ int msgid;
+ LDAPMessage *res;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_grouping_create_s\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( grpoid != NULL || *grpoid == '\0' );
+
+ rc = ldap_grouping_create( ld, grpoid, grpdata,
+ sctrls, cctrls, &msgid );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) {
+ return ld->ld_errno;
+ }
+
+ if ( retgrpcookiep != NULL ) *retgrpcookiep = NULL;
+ if ( retgrpdatap != NULL ) *retgrpdatap = NULL;
+
+#if 0
+ rc = ldap_parse_extended_result( ld, res, retoidp, retdatap, 0 );
+#else
+ rc = LDAP_NOT_SUPPORTED;
+#endif
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_msgfree( res );
+ return rc;
+ }
+
+ return( ldap_result2error( ld, res, 1 ) );
+}
+
+int ldap_grouping_end(
+ LDAP *ld,
+ LDAP_CONST char *grpoid,
+ struct berval *grpdata,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ return 0;
+}
+
+int ldap_grouping_end_s(
+ LDAP *ld,
+ LDAP_CONST char *grpoid,
+ struct berval *grpdata,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ struct berval **retgrpdatap )
+{
+ return 0;
+}
+
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/init.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/init.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/init.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,611 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/init.c,v 1.93.2.12 2007/01/02 21:43:48 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/time.h>
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include "ldap-int.h"
+#include "ldap_defaults.h"
+
+struct ldapoptions ldap_int_global_options =
+ { LDAP_UNINITIALIZED, LDAP_DEBUG_NONE };
+
+#define ATTR_NONE 0
+#define ATTR_BOOL 1
+#define ATTR_INT 2
+#define ATTR_KV 3
+#define ATTR_STRING 4
+#define ATTR_OPTION 5
+
+#define ATTR_SASL 6
+#define ATTR_TLS 7
+
+struct ol_keyvalue {
+ const char * key;
+ int value;
+};
+
+static const struct ol_keyvalue deref_kv[] = {
+ {"never", LDAP_DEREF_NEVER},
+ {"searching", LDAP_DEREF_SEARCHING},
+ {"finding", LDAP_DEREF_FINDING},
+ {"always", LDAP_DEREF_ALWAYS},
+ {NULL, 0}
+};
+
+static const struct ol_attribute {
+ int useronly;
+ int type;
+ const char * name;
+ const void * data;
+ size_t offset;
+} attrs[] = {
+ {0, ATTR_KV, "DEREF", deref_kv, /* or &deref_kv[0] */
+ offsetof(struct ldapoptions, ldo_deref)},
+ {0, ATTR_INT, "SIZELIMIT", NULL,
+ offsetof(struct ldapoptions, ldo_sizelimit)},
+ {0, ATTR_INT, "TIMELIMIT", NULL,
+ offsetof(struct ldapoptions, ldo_timelimit)},
+ {1, ATTR_STRING, "BINDDN", NULL,
+ offsetof(struct ldapoptions, ldo_defbinddn)},
+ {0, ATTR_STRING, "BASE", NULL,
+ offsetof(struct ldapoptions, ldo_defbase)},
+ {0, ATTR_INT, "PORT", NULL, /* deprecated */
+ offsetof(struct ldapoptions, ldo_defport)},
+ {0, ATTR_OPTION, "HOST", NULL, LDAP_OPT_HOST_NAME}, /* deprecated */
+ {0, ATTR_OPTION, "URI", NULL, LDAP_OPT_URI}, /* replaces HOST/PORT */
+ {0, ATTR_BOOL, "REFERRALS", NULL, LDAP_BOOL_REFERRALS},
+ {0, ATTR_BOOL, "RESTART", NULL, LDAP_BOOL_RESTART},
+
+#ifdef HAVE_CYRUS_SASL
+ {1, ATTR_STRING, "SASL_MECH", NULL,
+ offsetof(struct ldapoptions, ldo_def_sasl_mech)},
+ {1, ATTR_STRING, "SASL_REALM", NULL,
+ offsetof(struct ldapoptions, ldo_def_sasl_realm)},
+ {1, ATTR_STRING, "SASL_AUTHCID", NULL,
+ offsetof(struct ldapoptions, ldo_def_sasl_authcid)},
+ {1, ATTR_STRING, "SASL_AUTHZID", NULL,
+ offsetof(struct ldapoptions, ldo_def_sasl_authzid)},
+ {0, ATTR_SASL, "SASL_SECPROPS", NULL, LDAP_OPT_X_SASL_SECPROPS},
+#endif
+
+#ifdef HAVE_TLS
+ {1, ATTR_TLS, "TLS_CERT", NULL, LDAP_OPT_X_TLS_CERTFILE},
+ {1, ATTR_TLS, "TLS_KEY", NULL, LDAP_OPT_X_TLS_KEYFILE},
+ {0, ATTR_TLS, "TLS_CACERT", NULL, LDAP_OPT_X_TLS_CACERTFILE},
+ {0, ATTR_TLS, "TLS_CACERTDIR", NULL, LDAP_OPT_X_TLS_CACERTDIR},
+ {0, ATTR_TLS, "TLS_REQCERT", NULL, LDAP_OPT_X_TLS_REQUIRE_CERT},
+ {0, ATTR_TLS, "TLS_RANDFILE", NULL, LDAP_OPT_X_TLS_RANDOM_FILE},
+ {0, ATTR_TLS, "TLS_CIPHER_SUITE", NULL, LDAP_OPT_X_TLS_CIPHER_SUITE},
+
+#ifdef HAVE_OPENSSL_CRL
+ {0, ATTR_TLS, "TLS_CRLCHECK", NULL, LDAP_OPT_X_TLS_CRLCHECK},
+#endif
+
+#endif
+
+ {0, ATTR_NONE, NULL, NULL, 0}
+};
+
+#define MAX_LDAP_ATTR_LEN sizeof("TLS_CIPHER_SUITE")
+#define MAX_LDAP_ENV_PREFIX_LEN 8
+
+static void openldap_ldap_init_w_conf(
+ const char *file, int userconf )
+{
+ char linebuf[ AC_LINE_MAX ];
+ FILE *fp;
+ int i;
+ char *cmd, *opt;
+ char *start, *end;
+ struct ldapoptions *gopts;
+
+ if ((gopts = LDAP_INT_GLOBAL_OPT()) == NULL) {
+ return; /* Could not allocate mem for global options */
+ }
+
+ if (file == NULL) {
+ /* no file name */
+ return;
+ }
+
+ Debug(LDAP_DEBUG_TRACE, "ldap_init: trying %s\n", file, 0, 0);
+
+ fp = fopen(file, "r");
+ if(fp == NULL) {
+ /* could not open file */
+ return;
+ }
+
+ Debug(LDAP_DEBUG_TRACE, "ldap_init: using %s\n", file, 0, 0);
+
+ while((start = fgets(linebuf, sizeof(linebuf), fp)) != NULL) {
+ /* skip lines starting with '#' */
+ if(*start == '#') continue;
+
+ /* trim leading white space */
+ while((*start != '\0') && isspace((unsigned char) *start))
+ start++;
+
+ /* anything left? */
+ if(*start == '\0') continue;
+
+ /* trim trailing white space */
+ end = &start[strlen(start)-1];
+ while(isspace((unsigned char)*end)) end--;
+ end[1] = '\0';
+
+ /* anything left? */
+ if(*start == '\0') continue;
+
+
+ /* parse the command */
+ cmd=start;
+ while((*start != '\0') && !isspace((unsigned char)*start)) {
+ start++;
+ }
+ if(*start == '\0') {
+ /* command has no argument */
+ continue;
+ }
+
+ *start++ = '\0';
+
+ /* we must have some whitespace to skip */
+ while(isspace((unsigned char)*start)) start++;
+ opt = start;
+
+ for(i=0; attrs[i].type != ATTR_NONE; i++) {
+ void *p;
+
+ if( !userconf && attrs[i].useronly ) {
+ continue;
+ }
+
+ if(strcasecmp(cmd, attrs[i].name) != 0) {
+ continue;
+ }
+
+ switch(attrs[i].type) {
+ case ATTR_BOOL:
+ if((strcasecmp(opt, "on") == 0)
+ || (strcasecmp(opt, "yes") == 0)
+ || (strcasecmp(opt, "true") == 0))
+ {
+ LDAP_BOOL_SET(gopts, attrs[i].offset);
+
+ } else {
+ LDAP_BOOL_CLR(gopts, attrs[i].offset);
+ }
+
+ break;
+
+ case ATTR_INT:
+ p = &((char *) gopts)[attrs[i].offset];
+ * (int*) p = atoi(opt);
+ break;
+
+ case ATTR_KV: {
+ const struct ol_keyvalue *kv;
+
+ for(kv = attrs[i].data;
+ kv->key != NULL;
+ kv++) {
+
+ if(strcasecmp(opt, kv->key) == 0) {
+ p = &((char *) gopts)[attrs[i].offset];
+ * (int*) p = kv->value;
+ break;
+ }
+ }
+ } break;
+
+ case ATTR_STRING:
+ p = &((char *) gopts)[attrs[i].offset];
+ if (* (char**) p != NULL) LDAP_FREE(* (char**) p);
+ * (char**) p = LDAP_STRDUP(opt);
+ break;
+ case ATTR_OPTION:
+ ldap_set_option( NULL, attrs[i].offset, opt );
+ break;
+ case ATTR_SASL:
+#ifdef HAVE_CYRUS_SASL
+ ldap_int_sasl_config( gopts, attrs[i].offset, opt );
+#endif
+ break;
+ case ATTR_TLS:
+#ifdef HAVE_TLS
+ ldap_int_tls_config( NULL, attrs[i].offset, opt );
+#endif
+ break;
+ }
+
+ break;
+ }
+ }
+
+ fclose(fp);
+}
+
+static void openldap_ldap_init_w_sysconf(const char *file)
+{
+ openldap_ldap_init_w_conf( file, 0 );
+}
+
+static void openldap_ldap_init_w_userconf(const char *file)
+{
+ char *home;
+ char *path = NULL;
+
+ if (file == NULL) {
+ /* no file name */
+ return;
+ }
+
+ home = getenv("HOME");
+
+ if (home != NULL) {
+ Debug(LDAP_DEBUG_TRACE, "ldap_init: HOME env is %s\n",
+ home, 0, 0);
+ path = LDAP_MALLOC(strlen(home) + strlen(file) + sizeof( LDAP_DIRSEP "."));
+ } else {
+ Debug(LDAP_DEBUG_TRACE, "ldap_init: HOME env is NULL\n",
+ 0, 0, 0);
+ }
+
+ if(home != NULL && path != NULL) {
+ /* we assume UNIX path syntax is used... */
+
+ /* try ~/file */
+ sprintf(path, "%s" LDAP_DIRSEP "%s", home, file);
+ openldap_ldap_init_w_conf(path, 1);
+
+ /* try ~/.file */
+ sprintf(path, "%s" LDAP_DIRSEP ".%s", home, file);
+ openldap_ldap_init_w_conf(path, 1);
+ }
+
+ if(path != NULL) {
+ LDAP_FREE(path);
+ }
+
+ /* try file */
+ openldap_ldap_init_w_conf(file, 1);
+}
+
+static void openldap_ldap_init_w_env(
+ struct ldapoptions *gopts,
+ const char *prefix)
+{
+ char buf[MAX_LDAP_ATTR_LEN+MAX_LDAP_ENV_PREFIX_LEN];
+ int len;
+ int i;
+ void *p;
+ char *value;
+
+ if (prefix == NULL) {
+ prefix = LDAP_ENV_PREFIX;
+ }
+
+ strncpy(buf, prefix, MAX_LDAP_ENV_PREFIX_LEN);
+ buf[MAX_LDAP_ENV_PREFIX_LEN] = '\0';
+ len = strlen(buf);
+
+ for(i=0; attrs[i].type != ATTR_NONE; i++) {
+ strcpy(&buf[len], attrs[i].name);
+ value = getenv(buf);
+
+ if(value == NULL) {
+ continue;
+ }
+
+ switch(attrs[i].type) {
+ case ATTR_BOOL:
+ if((strcasecmp(value, "on") == 0)
+ || (strcasecmp(value, "yes") == 0)
+ || (strcasecmp(value, "true") == 0))
+ {
+ LDAP_BOOL_SET(gopts, attrs[i].offset);
+
+ } else {
+ LDAP_BOOL_CLR(gopts, attrs[i].offset);
+ }
+ break;
+
+ case ATTR_INT:
+ p = &((char *) gopts)[attrs[i].offset];
+ * (int*) p = atoi(value);
+ break;
+
+ case ATTR_KV: {
+ const struct ol_keyvalue *kv;
+
+ for(kv = attrs[i].data;
+ kv->key != NULL;
+ kv++) {
+
+ if(strcasecmp(value, kv->key) == 0) {
+ p = &((char *) gopts)[attrs[i].offset];
+ * (int*) p = kv->value;
+ break;
+ }
+ }
+ } break;
+
+ case ATTR_STRING:
+ p = &((char *) gopts)[attrs[i].offset];
+ if (* (char**) p != NULL) LDAP_FREE(* (char**) p);
+ if (*value == '\0') {
+ * (char**) p = NULL;
+ } else {
+ * (char**) p = LDAP_STRDUP(value);
+ }
+ break;
+ case ATTR_OPTION:
+ ldap_set_option( NULL, attrs[i].offset, value );
+ break;
+ case ATTR_SASL:
+#ifdef HAVE_CYRUS_SASL
+ ldap_int_sasl_config( gopts, attrs[i].offset, value );
+#endif
+ break;
+ case ATTR_TLS:
+#ifdef HAVE_TLS
+ ldap_int_tls_config( NULL, attrs[i].offset, value );
+#endif
+ break;
+ }
+ }
+}
+
+#if defined(__GNUC__)
+/* Declare this function as a destructor so that it will automatically be
+ * invoked either at program exit (if libldap is a static library) or
+ * at unload time (if libldap is a dynamic library).
+ *
+ * Sorry, don't know how to handle this for non-GCC environments.
+ */
+static void ldap_int_destroy_global_options(void)
+ __attribute__ ((destructor));
+#endif
+
+static void
+ldap_int_destroy_global_options(void)
+{
+ struct ldapoptions *gopts = LDAP_INT_GLOBAL_OPT();
+
+ if ( gopts == NULL )
+ return;
+
+ gopts->ldo_valid = LDAP_UNINITIALIZED;
+
+ if ( gopts->ldo_defludp ) {
+ ldap_free_urllist( gopts->ldo_defludp );
+ gopts->ldo_defludp = NULL;
+ }
+#if defined(HAVE_WINSOCK) || defined(HAVE_WINSOCK2)
+ WSACleanup( );
+#endif
+
+#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \
+ || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
+ if ( ldap_int_hostname ) {
+ LDAP_FREE( ldap_int_hostname );
+ ldap_int_hostname = NULL;
+ }
+#endif
+#ifdef HAVE_CYRUS_SASL
+ if ( gopts->ldo_def_sasl_authcid ) {
+ LDAP_FREE( gopts->ldo_def_sasl_authcid );
+ gopts->ldo_def_sasl_authcid = NULL;
+ }
+#endif
+}
+
+/*
+ * Initialize the global options structure with default values.
+ */
+void ldap_int_initialize_global_options( struct ldapoptions *gopts, int *dbglvl )
+{
+ if (dbglvl)
+ gopts->ldo_debug = *dbglvl;
+ else
+ gopts->ldo_debug = 0;
+
+ gopts->ldo_version = LDAP_VERSION2;
+ gopts->ldo_deref = LDAP_DEREF_NEVER;
+ gopts->ldo_timelimit = LDAP_NO_LIMIT;
+ gopts->ldo_sizelimit = LDAP_NO_LIMIT;
+
+ gopts->ldo_tm_api = (struct timeval *)NULL;
+ gopts->ldo_tm_net = (struct timeval *)NULL;
+
+ /* ldo_defludp will be freed by the termination handler
+ */
+ ldap_url_parselist(&gopts->ldo_defludp, "ldap://localhost/");
+ gopts->ldo_defport = LDAP_PORT;
+#if !defined(__GNUC__) && !defined(PIC)
+ /* Do this only for a static library, and only if we can't
+ * arrange for it to be executed as a library destructor
+ */
+ atexit(ldap_int_destroy_global_options);
+#endif
+
+ gopts->ldo_refhoplimit = LDAP_DEFAULT_REFHOPLIMIT;
+ gopts->ldo_rebind_proc = NULL;
+ gopts->ldo_rebind_params = NULL;
+
+ LDAP_BOOL_ZERO(gopts);
+
+ LDAP_BOOL_SET(gopts, LDAP_BOOL_REFERRALS);
+
+#ifdef LDAP_CONNECTIONLESS
+ gopts->ldo_peer = NULL;
+ gopts->ldo_cldapdn = NULL;
+ gopts->ldo_is_udp = 0;
+#endif
+
+#ifdef HAVE_CYRUS_SASL
+ gopts->ldo_def_sasl_mech = NULL;
+ gopts->ldo_def_sasl_realm = NULL;
+ gopts->ldo_def_sasl_authcid = NULL;
+ gopts->ldo_def_sasl_authzid = NULL;
+
+ memset( &gopts->ldo_sasl_secprops,
+ '\0', sizeof(gopts->ldo_sasl_secprops) );
+
+ gopts->ldo_sasl_secprops.max_ssf = INT_MAX;
+ gopts->ldo_sasl_secprops.maxbufsize = SASL_MAX_BUFF_SIZE;
+ gopts->ldo_sasl_secprops.security_flags =
+ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS;
+#endif
+
+#ifdef HAVE_TLS
+ gopts->ldo_tls_connect_cb = NULL;
+ gopts->ldo_tls_connect_arg = NULL;
+#endif
+
+ gopts->ldo_valid = LDAP_INITIALIZED;
+ return;
+}
+
+#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \
+ || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
+char * ldap_int_hostname = NULL;
+#endif
+
+void ldap_int_initialize( struct ldapoptions *gopts, int *dbglvl )
+{
+ if ( gopts->ldo_valid == LDAP_INITIALIZED ) {
+ return;
+ }
+
+ ldap_int_error_init();
+
+ ldap_int_utils_init();
+
+#ifdef HAVE_WINSOCK2
+{ WORD wVersionRequested;
+ WSADATA wsaData;
+
+ wVersionRequested = MAKEWORD( 2, 0 );
+ if ( WSAStartup( wVersionRequested, &wsaData ) != 0 ) {
+ /* Tell the user that we couldn't find a usable */
+ /* WinSock DLL. */
+ return;
+ }
+
+ /* Confirm that the WinSock DLL supports 2.0.*/
+ /* Note that if the DLL supports versions greater */
+ /* than 2.0 in addition to 2.0, it will still return */
+ /* 2.0 in wVersion since that is the version we */
+ /* requested. */
+
+ if ( LOBYTE( wsaData.wVersion ) != 2 ||
+ HIBYTE( wsaData.wVersion ) != 0 )
+ {
+ /* Tell the user that we couldn't find a usable */
+ /* WinSock DLL. */
+ WSACleanup( );
+ return;
+ }
+} /* The WinSock DLL is acceptable. Proceed. */
+#elif HAVE_WINSOCK
+{ WSADATA wsaData;
+ if ( WSAStartup( 0x0101, &wsaData ) != 0 ) {
+ return;
+ }
+}
+#endif
+
+#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \
+ || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
+ {
+ char *name = ldap_int_hostname;
+
+ ldap_int_hostname = ldap_pvt_get_fqdn( name );
+
+ if ( name != NULL && name != ldap_int_hostname ) {
+ LDAP_FREE( name );
+ }
+ }
+#endif
+
+#ifndef HAVE_POLL
+ if ( ldap_int_tblsize == 0 ) ldap_int_ip_init();
+#endif
+
+ ldap_int_initialize_global_options(gopts, NULL);
+
+ if( getenv("LDAPNOINIT") != NULL ) {
+ return;
+ }
+
+#ifdef HAVE_CYRUS_SASL
+ {
+ /* set authentication identity to current user name */
+ char *user = getenv("USER");
+
+ if( user == NULL ) user = getenv("USERNAME");
+ if( user == NULL ) user = getenv("LOGNAME");
+
+ if( user != NULL ) {
+ gopts->ldo_def_sasl_authcid = LDAP_STRDUP( user );
+ }
+ }
+#endif
+
+ openldap_ldap_init_w_sysconf(LDAP_CONF_FILE);
+ openldap_ldap_init_w_userconf(LDAP_USERRC_FILE);
+
+ {
+ char *altfile = getenv(LDAP_ENV_PREFIX "CONF");
+
+ if( altfile != NULL ) {
+ Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n",
+ LDAP_ENV_PREFIX "CONF", altfile, 0);
+ openldap_ldap_init_w_sysconf( altfile );
+ }
+ else
+ Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n",
+ LDAP_ENV_PREFIX "CONF", 0, 0);
+ }
+
+ {
+ char *altfile = getenv(LDAP_ENV_PREFIX "RC");
+
+ if( altfile != NULL ) {
+ Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n",
+ LDAP_ENV_PREFIX "RC", altfile, 0);
+ openldap_ldap_init_w_userconf( altfile );
+ }
+ else
+ Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n",
+ LDAP_ENV_PREFIX "RC", 0, 0);
+ }
+
+ openldap_ldap_init_w_env(gopts, NULL);
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/kbind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/kbind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/kbind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,294 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/kbind.c,v 1.37.2.4 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1993 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/* Portions Copyright (C) The Internet Society (1997)
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+/*
+ * BindRequest ::= SEQUENCE {
+ * version INTEGER,
+ * name DistinguishedName, -- who
+ * authentication CHOICE {
+ * simple [0] OCTET STRING -- passwd
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ * krbv42ldap [1] OCTET STRING
+ * krbv42dsa [2] OCTET STRING
+#endif
+ * sasl [3] SaslCredentials -- LDAPv3
+ * }
+ * }
+ *
+ * BindResponse ::= SEQUENCE {
+ * COMPONENTS OF LDAPResult,
+ * serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3
+ * }
+ *
+ */
+
+#include "portable.h"
+
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <ac/krb.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+/*
+ * ldap_kerberos_bind1 - initiate a bind to the ldap server using
+ * kerberos authentication. The dn is supplied. It is assumed the user
+ * already has a valid ticket granting ticket. The msgid of the
+ * request is returned on success (suitable for passing to ldap_result()),
+ * -1 is returned if there's trouble.
+ *
+ * Example:
+ * ldap_kerberos_bind1( ld, "cn=manager, o=university of michigan, c=us" )
+ */
+int
+ldap_kerberos_bind1( LDAP *ld, LDAP_CONST char *dn )
+{
+ BerElement *ber;
+ char *cred;
+ int rc;
+ ber_len_t credlen;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind1\n", 0, 0, 0 );
+
+ if( ld->ld_version > LDAP_VERSION2 ) {
+ ld->ld_errno = LDAP_NOT_SUPPORTED;
+ return -1;
+ }
+
+ if ( dn == NULL )
+ dn = "";
+
+ if ( (cred = ldap_get_kerberosv4_credentials( ld, dn, "ldapserver",
+ &credlen )) == NULL ) {
+ return( -1 ); /* ld_errno should already be set */
+ }
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ LDAP_FREE( cred );
+ return( -1 );
+ }
+
+ LDAP_NEXT_MSGID( ld, id );
+ /* fill it in */
+ rc = ber_printf( ber, "{it{istoN}N}", id, LDAP_REQ_BIND,
+ ld->ld_version, dn, LDAP_AUTH_KRBV41, cred, credlen );
+
+ if ( rc == -1 ) {
+ LDAP_FREE( cred );
+ ber_free( ber, 1 );
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ return( -1 );
+ }
+
+ LDAP_FREE( cred );
+
+
+ /* send the message */
+ return ( ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ));
+}
+
+int
+ldap_kerberos_bind1_s( LDAP *ld, LDAP_CONST char *dn )
+{
+ int msgid;
+ LDAPMessage *res;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind1_s\n", 0, 0, 0 );
+
+ /* initiate the bind */
+ if ( (msgid = ldap_kerberos_bind1( ld, dn )) == -1 )
+ return( ld->ld_errno );
+
+ /* wait for a result */
+ if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &res )
+ == -1 ) {
+ return( ld->ld_errno ); /* ldap_result sets ld_errno */
+ }
+
+ return( ldap_result2error( ld, res, 1 ) );
+}
+
+/*
+ * ldap_kerberos_bind2 - initiate a bind to the X.500 server using
+ * kerberos authentication. The dn is supplied. It is assumed the user
+ * already has a valid ticket granting ticket. The msgid of the
+ * request is returned on success (suitable for passing to ldap_result()),
+ * -1 is returned if there's trouble.
+ *
+ * Example:
+ * ldap_kerberos_bind2( ld, "cn=manager, o=university of michigan, c=us" )
+ */
+int
+ldap_kerberos_bind2( LDAP *ld, LDAP_CONST char *dn )
+{
+ BerElement *ber;
+ char *cred;
+ int rc;
+ ber_len_t credlen;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind2\n", 0, 0, 0 );
+
+ if( ld->ld_version > LDAP_VERSION2 ) {
+ ld->ld_errno = LDAP_NOT_SUPPORTED;
+ return -1;
+ }
+
+ if ( dn == NULL )
+ dn = "";
+
+ if ( (cred = ldap_get_kerberosv4_credentials( ld, dn, "x500dsa", &credlen ))
+ == NULL ) {
+ return( -1 ); /* ld_errno should already be set */
+ }
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ LDAP_FREE( cred );
+ return( -1 );
+ }
+
+ LDAP_NEXT_MSGID( ld, id );
+ /* fill it in */
+ rc = ber_printf( ber, "{it{istoN}N}", id, LDAP_REQ_BIND,
+ ld->ld_version, dn, LDAP_AUTH_KRBV42, cred, credlen );
+
+ LDAP_FREE( cred );
+
+ if ( rc == -1 ) {
+ ber_free( ber, 1 );
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ return( -1 );
+ }
+
+ /* send the message */
+ return ( ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ));
+}
+
+/* synchronous bind to DSA using kerberos */
+int
+ldap_kerberos_bind2_s( LDAP *ld, LDAP_CONST char *dn )
+{
+ int msgid;
+ LDAPMessage *res;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind2_s\n", 0, 0, 0 );
+
+ /* initiate the bind */
+ if ( (msgid = ldap_kerberos_bind2( ld, dn )) == -1 )
+ return( ld->ld_errno );
+
+ /* wait for a result */
+ if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &res )
+ == -1 ) {
+ return( ld->ld_errno ); /* ldap_result sets ld_errno */
+ }
+
+ return( ldap_result2error( ld, res, 1 ) );
+}
+
+/* synchronous bind to ldap and DSA using kerberos */
+int
+ldap_kerberos_bind_s( LDAP *ld, LDAP_CONST char *dn )
+{
+ int err;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind_s\n", 0, 0, 0 );
+
+ if ( (err = ldap_kerberos_bind1_s( ld, dn )) != LDAP_SUCCESS )
+ return( err );
+
+ return( ldap_kerberos_bind2_s( ld, dn ) );
+}
+
+
+#ifndef AUTHMAN
+/*
+ * ldap_get_kerberosv4_credentials - obtain kerberos v4 credentials for ldap.
+ * The dn of the entry to which to bind is supplied. It's assumed the
+ * user already has a tgt.
+ */
+
+char *
+ldap_get_kerberosv4_credentials(
+ LDAP *ld,
+ LDAP_CONST char *who,
+ LDAP_CONST char *service,
+ ber_len_t *len )
+{
+ KTEXT_ST ktxt;
+ int err;
+ char realm[REALM_SZ], *cred, *krbinstance;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_get_kerberosv4_credentials\n", 0, 0, 0 );
+
+ if ( (err = krb_get_tf_realm( tkt_string(), realm )) != KSUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "ldap_get_kerberosv4_credentials: "
+ "krb_get_tf_realm failed: %s\n", krb_err_txt[err], 0, 0 );
+ ld->ld_errno = LDAP_AUTH_UNKNOWN;
+ return( NULL );
+ }
+
+ err = 0;
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) {
+ /* not connected yet */
+ err = ldap_open_defconn( ld );
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+ if ( err < 0 ) return NULL;
+
+ krbinstance = ld->ld_defconn->lconn_krbinstance;
+
+ if ( (err = krb_mk_req( &ktxt, service, krbinstance, realm, 0 ))
+ != KSUCCESS )
+ {
+ Debug( LDAP_DEBUG_ANY, "ldap_get_kerberosv4_credentials: "
+ "krb_mk_req failed (%s)\n", krb_err_txt[err], 0, 0 );
+ ld->ld_errno = LDAP_AUTH_UNKNOWN;
+ return( NULL );
+ }
+
+ if ( ( cred = LDAP_MALLOC( ktxt.length )) == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return( NULL );
+ }
+
+ *len = ktxt.length;
+ AC_MEMCPY( cred, ktxt.dat, ktxt.length );
+
+ return( cred );
+}
+
+#endif /* !AUTHMAN */
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/ldap-int.h
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/ldap-int.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/ldap-int.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,645 @@
+/* ldap-int.h - defines & prototypes internal to the LDAP library */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ldap-int.h,v 1.160.2.9 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+
+#ifndef _LDAP_INT_H
+#define _LDAP_INT_H 1
+
+#ifdef LDAP_R_COMPILE
+#define LDAP_THREAD_SAFE 1
+#endif
+
+#include "../liblber/lber-int.h"
+
+#ifdef LDAP_R_COMPILE
+#include <ldap_pvt_thread.h>
+#endif
+
+#ifdef HAVE_CYRUS_SASL
+ /* the need for this should be removed */
+#ifdef HAVE_SASL_SASL_H
+#include <sasl/sasl.h>
+#else
+#include <sasl.h>
+#endif
+
+#define SASL_MAX_BUFF_SIZE 65536
+#define SASL_MIN_BUFF_SIZE 4096
+#endif
+
+#undef TV2MILLISEC
+#define TV2MILLISEC(tv) (((tv)->tv_sec * 1000) + ((tv)->tv_usec/1000))
+
+/*
+ * Support needed if the library is running in the kernel
+ */
+#if LDAP_INT_IN_KERNEL
+ /*
+ * Platform specific function to return a pointer to the
+ * process-specific global options.
+ *
+ * This function should perform the following functions:
+ * Allocate and initialize a global options struct on a per process basis
+ * Use callers process identifier to return its global options struct
+ * Note: Deallocate structure when the process exits
+ */
+# define LDAP_INT_GLOBAL_OPT() ldap_int_global_opt()
+ struct ldapoptions *ldap_int_global_opt(void);
+#else
+# define LDAP_INT_GLOBAL_OPT() (&ldap_int_global_options)
+#endif
+
+#define ldap_debug ((LDAP_INT_GLOBAL_OPT())->ldo_debug)
+
+#include "ldap_log.h"
+
+#undef Debug
+
+#ifdef LDAP_DEBUG
+
+#define Debug( level, fmt, arg1, arg2, arg3 ) \
+ do { if ( ldap_debug & level ) \
+ ldap_log_printf( NULL, (level), (fmt), (arg1), (arg2), (arg3) ); \
+ } while ( 0 )
+
+#define LDAP_Debug( subsystem, level, fmt, arg1, arg2, arg3 )\
+ ldap_log_printf( NULL, (level), (fmt), (arg1), (arg2), (arg3) )
+
+#else
+
+#define Debug( level, fmt, arg1, arg2, arg3 ) ((void)0)
+#define LDAP_Debug( subsystem, level, fmt, arg1, arg2, arg3 ) ((void)0)
+
+#endif /* LDAP_DEBUG */
+
+#define LDAP_DEPRECATED 1
+#include "ldap.h"
+
+#include "ldap_pvt.h"
+
+LDAP_BEGIN_DECL
+
+#define LDAP_URL_PREFIX "ldap://"
+#define LDAP_URL_PREFIX_LEN (sizeof(LDAP_URL_PREFIX)-1)
+#define LDAPS_URL_PREFIX "ldaps://"
+#define LDAPS_URL_PREFIX_LEN (sizeof(LDAPS_URL_PREFIX)-1)
+#define LDAPI_URL_PREFIX "ldapi://"
+#define LDAPI_URL_PREFIX_LEN (sizeof(LDAPI_URL_PREFIX)-1)
+#ifdef LDAP_CONNECTIONLESS
+#define LDAPC_URL_PREFIX "cldap://"
+#define LDAPC_URL_PREFIX_LEN (sizeof(LDAPC_URL_PREFIX)-1)
+#endif
+#define LDAP_URL_URLCOLON "URL:"
+#define LDAP_URL_URLCOLON_LEN (sizeof(LDAP_URL_URLCOLON)-1)
+
+#define LDAP_REF_STR "Referral:\n"
+#define LDAP_REF_STR_LEN (sizeof(LDAP_REF_STR)-1)
+#define LDAP_LDAP_REF_STR LDAP_URL_PREFIX
+#define LDAP_LDAP_REF_STR_LEN LDAP_URL_PREFIX_LEN
+
+#define LDAP_DEFAULT_REFHOPLIMIT 5
+
+#define LDAP_BOOL_REFERRALS 0
+#define LDAP_BOOL_RESTART 1
+#define LDAP_BOOL_TLS 3
+
+#define LDAP_BOOLEANS unsigned long
+#define LDAP_BOOL(n) ((LDAP_BOOLEANS)1 << (n))
+#define LDAP_BOOL_GET(lo, bool) \
+ ((lo)->ldo_booleans & LDAP_BOOL(bool) ? -1 : 0)
+#define LDAP_BOOL_SET(lo, bool) ((lo)->ldo_booleans |= LDAP_BOOL(bool))
+#define LDAP_BOOL_CLR(lo, bool) ((lo)->ldo_booleans &= ~LDAP_BOOL(bool))
+#define LDAP_BOOL_ZERO(lo) ((lo)->ldo_booleans = 0)
+
+/*
+ * This structure represents both ldap messages and ldap responses.
+ * These are really the same, except in the case of search responses,
+ * where a response has multiple messages.
+ */
+
+struct ldapmsg {
+ ber_int_t lm_msgid; /* the message id */
+ ber_tag_t lm_msgtype; /* the message type */
+ BerElement *lm_ber; /* the ber encoded message contents */
+ struct ldapmsg *lm_chain; /* for search - next msg in the resp */
+ struct ldapmsg *lm_chain_tail;
+ struct ldapmsg *lm_next; /* next response */
+ time_t lm_time; /* used to maintain cache */
+};
+
+/*
+ * structure representing get/set'able options
+ * which have global defaults.
+ */
+struct ldapoptions {
+ short ldo_valid;
+#define LDAP_UNINITIALIZED 0x0
+#define LDAP_INITIALIZED 0x1
+#define LDAP_VALID_SESSION 0x2
+#define LDAP_TRASHED_SESSION 0xFF
+ int ldo_debug;
+#ifdef LDAP_CONNECTIONLESS
+#define LDAP_IS_UDP(ld) ((ld)->ld_options.ldo_is_udp)
+ void* ldo_peer; /* struct sockaddr* */
+ char* ldo_cldapdn;
+ int ldo_is_udp;
+#endif
+
+ /* per API call timeout */
+ struct timeval *ldo_tm_api;
+ struct timeval *ldo_tm_net;
+
+ ber_int_t ldo_version;
+ ber_int_t ldo_deref;
+ ber_int_t ldo_timelimit;
+ ber_int_t ldo_sizelimit;
+
+#ifdef HAVE_TLS
+ /* tls context */
+ void *ldo_tls_ctx;
+ int ldo_tls_mode;
+ LDAP_TLS_CONNECT_CB *ldo_tls_connect_cb;
+ void* ldo_tls_connect_arg;
+#endif
+
+ LDAPURLDesc *ldo_defludp;
+ int ldo_defport;
+ char* ldo_defbase;
+ char* ldo_defbinddn; /* bind dn */
+
+#ifdef HAVE_CYRUS_SASL
+ char* ldo_def_sasl_mech; /* SASL Mechanism(s) */
+ char* ldo_def_sasl_realm; /* SASL realm */
+ char* ldo_def_sasl_authcid; /* SASL authentication identity */
+ char* ldo_def_sasl_authzid; /* SASL authorization identity */
+
+ /* SASL Security Properties */
+ struct sasl_security_properties ldo_sasl_secprops;
+#endif
+
+ int ldo_refhoplimit; /* limit on referral nesting */
+
+ /* LDAPv3 server and client controls */
+ LDAPControl **ldo_sctrls;
+ LDAPControl **ldo_cctrls;
+
+ /* LDAP rebind callback function */
+ LDAP_REBIND_PROC *ldo_rebind_proc;
+ void *ldo_rebind_params;
+ LDAP_NEXTREF_PROC *ldo_nextref_proc;
+ void *ldo_nextref_params;
+
+ LDAP_BOOLEANS ldo_booleans; /* boolean options */
+};
+
+
+/*
+ * structure for representing an LDAP server connection
+ */
+typedef struct ldap_conn {
+ Sockbuf *lconn_sb;
+#ifdef HAVE_CYRUS_SASL
+ void *lconn_sasl_authctx; /* context for bind */
+ void *lconn_sasl_sockctx; /* for security layer */
+#endif
+ int lconn_refcnt;
+ time_t lconn_lastused; /* time */
+ int lconn_rebind_inprogress; /* set if rebind in progress */
+ char ***lconn_rebind_queue; /* used if rebind in progress */
+ int lconn_status;
+#define LDAP_CONNST_NEEDSOCKET 1
+#define LDAP_CONNST_CONNECTING 2
+#define LDAP_CONNST_CONNECTED 3
+ LDAPURLDesc *lconn_server;
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ char *lconn_krbinstance;
+#endif
+ BerElement *lconn_ber; /* ber receiving on this conn. */
+
+ struct ldap_conn *lconn_next;
+} LDAPConn;
+
+
+/*
+ * structure used to track outstanding requests
+ */
+typedef struct ldapreq {
+ ber_int_t lr_msgid; /* the message id */
+ int lr_status; /* status of request */
+#define LDAP_REQST_COMPLETED 0
+#define LDAP_REQST_INPROGRESS 1
+#define LDAP_REQST_CHASINGREFS 2
+#define LDAP_REQST_NOTCONNECTED 3
+#define LDAP_REQST_WRITING 4
+ int lr_outrefcnt; /* count of outstanding referrals */
+ ber_int_t lr_origid; /* original request's message id */
+ int lr_parentcnt; /* count of parent requests */
+ ber_tag_t lr_res_msgtype; /* result message type */
+ ber_int_t lr_res_errno; /* result LDAP errno */
+ char *lr_res_error; /* result error string */
+ char *lr_res_matched;/* result matched DN string */
+ BerElement *lr_ber; /* ber encoded request contents */
+ LDAPConn *lr_conn; /* connection used to send request */
+ struct berval lr_dn; /* DN of request, in lr_ber */
+ struct ldapreq *lr_parent; /* request that spawned this referral */
+ struct ldapreq *lr_child; /* first child request */
+ struct ldapreq *lr_refnext; /* next referral spawned */
+ struct ldapreq *lr_prev; /* previous request */
+ struct ldapreq *lr_next; /* next request */
+} LDAPRequest;
+
+/*
+ * structure for client cache
+ */
+#define LDAP_CACHE_BUCKETS 31 /* cache hash table size */
+typedef struct ldapcache {
+ LDAPMessage *lc_buckets[LDAP_CACHE_BUCKETS];/* hash table */
+ LDAPMessage *lc_requests; /* unfulfilled reqs */
+ long lc_timeout; /* request timeout */
+ ber_len_t lc_maxmem; /* memory to use */
+ ber_len_t lc_memused; /* memory in use */
+ int lc_enabled; /* enabled? */
+ unsigned long lc_options; /* options */
+#define LDAP_CACHE_OPT_CACHENOERRS 0x00000001
+#define LDAP_CACHE_OPT_CACHEALLERRS 0x00000002
+} LDAPCache;
+
+/*
+ * structure containing referral request info for rebind procedure
+ */
+typedef struct ldapreqinfo {
+ ber_len_t ri_msgid;
+ int ri_request;
+ char *ri_url;
+} LDAPreqinfo;
+
+/*
+ * structure representing an ldap connection
+ */
+
+struct ldap {
+ Sockbuf *ld_sb; /* socket descriptor & buffer */
+
+ struct ldapoptions ld_options;
+
+#define ld_valid ld_options.ldo_valid
+#define ld_debug ld_options.ldo_debug
+
+#define ld_deref ld_options.ldo_deref
+#define ld_timelimit ld_options.ldo_timelimit
+#define ld_sizelimit ld_options.ldo_sizelimit
+
+#define ld_defbinddn ld_options.ldo_defbinddn
+#define ld_defbase ld_options.ldo_defbase
+#define ld_defhost ld_options.ldo_defhost
+#define ld_defport ld_options.ldo_defport
+
+#define ld_refhoplimit ld_options.ldo_refhoplimit
+
+#define ld_sctrls ld_options.ldo_sctrls
+#define ld_cctrls ld_options.ldo_cctrls
+#define ld_rebind_proc ld_options.ldo_rebind_proc
+#define ld_rebind_params ld_options.ldo_rebind_params
+#define ld_nextref_proc ld_options.ldo_nextref_proc
+#define ld_nextref_params ld_options.ldo_nextref_params
+
+#define ld_version ld_options.ldo_version
+
+ unsigned short ld_lberoptions;
+
+ ber_int_t ld_errno;
+ char *ld_error;
+ char *ld_matched;
+ char **ld_referrals;
+ ber_len_t ld_msgid;
+
+ /* do not mess with these */
+ LDAPRequest *ld_requests; /* list of outstanding requests */
+ LDAPMessage *ld_responses; /* list of outstanding responses */
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_t ld_conn_mutex;
+ ldap_pvt_thread_mutex_t ld_req_mutex;
+ ldap_pvt_thread_mutex_t ld_res_mutex;
+#endif
+
+ ber_int_t *ld_abandoned; /* array of abandoned requests */
+
+ LDAPCache *ld_cache; /* non-null if cache is initialized */
+
+ /* do not mess with the rest though */
+
+ LDAPConn *ld_defconn; /* default connection */
+ LDAPConn *ld_conns; /* list of server connections */
+ void *ld_selectinfo; /* platform specifics for select */
+};
+#define LDAP_VALID(ld) ( (ld)->ld_valid == LDAP_VALID_SESSION )
+#define LDAP_TRASHED(ld) ( (ld)->ld_valid == LDAP_TRASHED_SESSION )
+#define LDAP_TRASH(ld) ( (ld)->ld_valid = LDAP_TRASHED_SESSION )
+
+#ifdef LDAP_R_COMPILE
+LDAP_V ( ldap_pvt_thread_mutex_t ) ldap_int_resolv_mutex;
+
+#ifdef HAVE_CYRUS_SASL
+LDAP_V( ldap_pvt_thread_mutex_t ) ldap_int_sasl_mutex;
+#endif
+#endif
+
+#ifdef LDAP_R_COMPILE
+#define LDAP_NEXT_MSGID(ld, id) \
+ ldap_pvt_thread_mutex_lock( &(ld)->ld_req_mutex ); \
+ id = ++(ld)->ld_msgid; \
+ ldap_pvt_thread_mutex_unlock( &(ld)->ld_req_mutex )
+#else
+#define LDAP_NEXT_MSGID(ld, id) id = ++(ld)->ld_msgid
+#endif
+
+/*
+ * in init.c
+ */
+
+LDAP_V ( struct ldapoptions ) ldap_int_global_options;
+
+LDAP_F ( void ) ldap_int_initialize LDAP_P((struct ldapoptions *, int *));
+LDAP_F ( void ) ldap_int_initialize_global_options LDAP_P((
+ struct ldapoptions *, int *));
+
+/* memory.c */
+ /* simple macros to realloc for now */
+#define LDAP_MALLOC(s) (ber_memalloc_x((s),NULL))
+#define LDAP_CALLOC(n,s) (ber_memcalloc_x((n),(s),NULL))
+#define LDAP_REALLOC(p,s) (ber_memrealloc_x((p),(s),NULL))
+#define LDAP_FREE(p) (ber_memfree_x((p),NULL))
+#define LDAP_VFREE(v) (ber_memvfree_x((void **)(v),NULL))
+#define LDAP_STRDUP(s) (ber_strdup_x((s),NULL))
+#define LDAP_STRNDUP(s,l) (ber_strndup_x((s),(l),NULL))
+
+#define LDAP_MALLOCX(s,x) (ber_memalloc_x((s),(x)))
+#define LDAP_CALLOCX(n,s,x) (ber_memcalloc_x((n),(s),(x)))
+#define LDAP_REALLOCX(p,s,x) (ber_memrealloc_x((p),(s),(x)))
+#define LDAP_FREEX(p,x) (ber_memfree_x((p),(x)))
+#define LDAP_VFREEX(v,x) (ber_memvfree_x((void **)(v),(x)))
+#define LDAP_STRDUPX(s,x) (ber_strdup_x((s),(x)))
+#define LDAP_STRNDUPX(s,l,x) (ber_strndup_x((s),(l),(x)))
+
+/*
+ * in error.c
+ */
+LDAP_F (void) ldap_int_error_init( void );
+
+/*
+ * in unit-int.c
+ */
+LDAP_F (void) ldap_int_utils_init LDAP_P(( void ));
+
+
+/*
+ * in print.c
+ */
+LDAP_F (int) ldap_log_printf LDAP_P((LDAP *ld, int level, const char *fmt, ...)) LDAP_GCCATTR((format(printf, 3, 4)));
+
+/*
+ * in cache.c
+ */
+LDAP_F (void) ldap_add_request_to_cache LDAP_P(( LDAP *ld, ber_tag_t msgtype,
+ BerElement *request ));
+LDAP_F (void) ldap_add_result_to_cache LDAP_P(( LDAP *ld, LDAPMessage *result ));
+LDAP_F (int) ldap_check_cache LDAP_P(( LDAP *ld, ber_tag_t msgtype, BerElement *request ));
+
+/*
+ * in controls.c
+ */
+LDAP_F (int) ldap_int_put_controls LDAP_P((
+ LDAP *ld,
+ LDAPControl *const *ctrls,
+ BerElement *ber ));
+
+LDAP_F (int) ldap_int_client_controls LDAP_P((
+ LDAP *ld,
+ LDAPControl **ctrlp ));
+
+/*
+ * in dsparse.c
+ */
+LDAP_F (int) ldap_int_next_line_tokens LDAP_P(( char **bufp, ber_len_t *blenp, char ***toksp ));
+
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+/*
+ * in kerberos.c
+ */
+LDAP_F (char *) ldap_get_kerberosv4_credentials LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *who,
+ LDAP_CONST char *service,
+ ber_len_t *len ));
+
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
+
+
+/*
+ * in open.c
+ */
+LDAP_F (int) ldap_open_defconn( LDAP *ld );
+LDAP_F (int) ldap_int_open_connection( LDAP *ld,
+ LDAPConn *conn, LDAPURLDesc *srvlist, int async );
+
+/*
+ * in os-ip.c
+ */
+#ifndef HAVE_POLL
+LDAP_V (int) ldap_int_tblsize;
+LDAP_F (void) ldap_int_ip_init( void );
+#endif
+
+LDAP_F (int) ldap_int_timeval_dup( struct timeval **dest,
+ const struct timeval *tm );
+LDAP_F (int) ldap_connect_to_host( LDAP *ld, Sockbuf *sb,
+ int proto, const char *host, int port, int async );
+
+#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) || \
+ defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
+LDAP_V (char *) ldap_int_hostname;
+LDAP_F (char *) ldap_host_connected_to( Sockbuf *sb,
+ const char *host );
+#endif
+
+LDAP_F (int) ldap_int_select( LDAP *ld, struct timeval *timeout );
+LDAP_F (void *) ldap_new_select_info( void );
+LDAP_F (void) ldap_free_select_info( void *sip );
+LDAP_F (void) ldap_mark_select_write( LDAP *ld, Sockbuf *sb );
+LDAP_F (void) ldap_mark_select_read( LDAP *ld, Sockbuf *sb );
+LDAP_F (void) ldap_mark_select_clear( LDAP *ld, Sockbuf *sb );
+LDAP_F (int) ldap_is_read_ready( LDAP *ld, Sockbuf *sb );
+LDAP_F (int) ldap_is_write_ready( LDAP *ld, Sockbuf *sb );
+
+/*
+ * in os-local.c
+ */
+#ifdef LDAP_PF_LOCAL
+LDAP_F (int) ldap_connect_to_path( LDAP *ld, Sockbuf *sb,
+ const char *path, int async );
+#endif /* LDAP_PF_LOCAL */
+
+/*
+ * in request.c
+ */
+LDAP_F (ber_int_t) ldap_send_initial_request( LDAP *ld, ber_tag_t msgtype,
+ const char *dn, BerElement *ber, ber_int_t msgid );
+LDAP_F (BerElement *) ldap_alloc_ber_with_options( LDAP *ld );
+LDAP_F (void) ldap_set_ber_options( LDAP *ld, BerElement *ber );
+
+LDAP_F (int) ldap_send_server_request( LDAP *ld, BerElement *ber, ber_int_t msgid, LDAPRequest *parentreq, LDAPURLDesc *srvlist, LDAPConn *lc, LDAPreqinfo *bind );
+LDAP_F (LDAPConn *) ldap_new_connection( LDAP *ld, LDAPURLDesc *srvlist, int use_ldsb, int connect, LDAPreqinfo *bind );
+LDAP_F (LDAPRequest *) ldap_find_request_by_msgid( LDAP *ld, ber_int_t msgid );
+LDAP_F (void) ldap_free_request( LDAP *ld, LDAPRequest *lr );
+LDAP_F (void) ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind );
+LDAP_F (void) ldap_dump_connection( LDAP *ld, LDAPConn *lconns, int all );
+LDAP_F (void) ldap_dump_requests_and_responses( LDAP *ld );
+LDAP_F (int) ldap_chase_referrals( LDAP *ld, LDAPRequest *lr,
+ char **errstrp, int sref, int *hadrefp );
+LDAP_F (int) ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr,
+ char **refs, int sref, char **referralsp, int *hadrefp );
+LDAP_F (int) ldap_append_referral( LDAP *ld, char **referralsp, char *s );
+LDAP_F (int) ldap_int_flush_request( LDAP *ld, LDAPRequest *lr );
+
+/*
+ * in result.c:
+ */
+LDAP_F (char *) ldap_int_msgtype2str( ber_tag_t tag );
+
+/*
+ * in search.c
+ */
+LDAP_F (BerElement *) ldap_build_search_req LDAP_P((
+ LDAP *ld,
+ const char *base,
+ ber_int_t scope,
+ const char *filter,
+ char **attrs,
+ ber_int_t attrsonly,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ ber_int_t timelimit,
+ ber_int_t sizelimit,
+ ber_int_t *msgidp));
+
+
+/*
+ * in unbind.c
+ */
+LDAP_F (int) ldap_ld_free LDAP_P((
+ LDAP *ld,
+ int close,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls ));
+
+LDAP_F (int) ldap_send_unbind LDAP_P((
+ LDAP *ld,
+ Sockbuf *sb,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls ));
+
+/*
+ * in url.c
+ */
+LDAP_F (LDAPURLDesc *) ldap_url_dup LDAP_P((
+ LDAPURLDesc *ludp ));
+
+LDAP_F (LDAPURLDesc *) ldap_url_duplist LDAP_P((
+ LDAPURLDesc *ludlist ));
+
+LDAP_F (int) ldap_url_parselist LDAP_P((
+ LDAPURLDesc **ludlist,
+ const char *url ));
+
+LDAP_F (int) ldap_url_parselist_ext LDAP_P((
+ LDAPURLDesc **ludlist,
+ const char *url,
+ const char *sep ));
+
+LDAP_F (int) ldap_url_parsehosts LDAP_P((
+ LDAPURLDesc **ludlist,
+ const char *hosts,
+ int port ));
+
+LDAP_F (char *) ldap_url_list2hosts LDAP_P((
+ LDAPURLDesc *ludlist ));
+
+LDAP_F (char *) ldap_url_list2urls LDAP_P((
+ LDAPURLDesc *ludlist ));
+
+LDAP_F (void) ldap_free_urllist LDAP_P((
+ LDAPURLDesc *ludlist ));
+
+/*
+ * in cyrus.c
+ */
+
+LDAP_F (int) ldap_int_sasl_init LDAP_P(( void ));
+
+LDAP_F (int) ldap_int_sasl_open LDAP_P((
+ LDAP *ld, LDAPConn *conn,
+ const char* host ));
+LDAP_F (int) ldap_int_sasl_close LDAP_P(( LDAP *ld, LDAPConn *conn ));
+
+LDAP_F (int) ldap_int_sasl_external LDAP_P((
+ LDAP *ld, LDAPConn *conn,
+ const char* authid, ber_len_t ssf ));
+
+LDAP_F (int) ldap_int_sasl_get_option LDAP_P(( LDAP *ld,
+ int option, void *arg ));
+LDAP_F (int) ldap_int_sasl_set_option LDAP_P(( LDAP *ld,
+ int option, void *arg ));
+LDAP_F (int) ldap_int_sasl_config LDAP_P(( struct ldapoptions *lo,
+ int option, const char *arg ));
+
+LDAP_F (int) ldap_int_sasl_bind LDAP_P((
+ LDAP *ld,
+ const char *,
+ const char *,
+ LDAPControl **, LDAPControl **,
+
+ /* should be passed in client controls */
+ unsigned flags,
+ LDAP_SASL_INTERACT_PROC *interact,
+ void *defaults ));
+
+/* in schema.c */
+LDAP_F (char *) ldap_int_parse_numericoid LDAP_P((
+ const char **sp,
+ int *code,
+ const int flags ));
+
+/*
+ * in tls.c
+ */
+LDAP_F (int) ldap_int_tls_config LDAP_P(( LDAP *ld,
+ int option, const char *arg ));
+
+LDAP_F (int) ldap_int_tls_start LDAP_P(( LDAP *ld,
+ LDAPConn *conn, LDAPURLDesc *srv ));
+
+/*
+ * in getvalues.c
+ */
+LDAP_F (char **) ldap_value_dup LDAP_P((
+ char *const *vals ));
+
+LDAP_END_DECL
+
+#endif /* _LDAP_INT_H */
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/ldap.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/ldap.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/ldap.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,13 @@
+#
+# LDAP Defaults
+#
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+#BASE dc=example, dc=com
+#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
+
+#SIZELIMIT 12
+#TIMELIMIT 15
+#DEREF never
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/messages.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/messages.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/messages.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,68 @@
+/* messages.c */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/messages.c,v 1.15.2.3 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+LDAPMessage *
+ldap_first_message( LDAP *ld, LDAPMessage *chain )
+{
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( chain != NULL );
+
+ return chain;
+}
+
+LDAPMessage *
+ldap_next_message( LDAP *ld, LDAPMessage *msg )
+{
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( msg != NULL );
+
+ return msg->lm_chain;
+}
+
+int
+ldap_count_messages( LDAP *ld, LDAPMessage *chain )
+{
+ int i;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+
+ for ( i = 0; chain != NULL; chain = chain->lm_chain ) {
+ i++;
+ }
+
+ return( i );
+}
+
+BerElement*
+ldap_get_message_ber( LDAPMessage *ld )
+{
+ return ld->lm_ber;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/modify.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/modify.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/modify.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,211 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/modify.c,v 1.21.2.4 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/* Portions Copyright (C) The Internet Society (1997)
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+/*
+ * ldap_modify_ext - initiate an ldap extended modify operation.
+ *
+ * Parameters:
+ *
+ * ld LDAP descriptor
+ * dn DN of the object to modify
+ * mods List of modifications to make. This is null-terminated
+ * array of struct ldapmod's, specifying the modifications
+ * to perform.
+ * sctrls Server Controls
+ * cctrls Client Controls
+ * msgidp Message ID pointer
+ *
+ * Example:
+ * LDAPMod *mods[] = {
+ * { LDAP_MOD_ADD, "cn", { "babs jensen", "babs", 0 } },
+ * { LDAP_MOD_REPLACE, "sn", { "babs jensen", "babs", 0 } },
+ * { LDAP_MOD_DELETE, "ou", 0 },
+ * { LDAP_MOD_INCREMENT, "uidNumber, { "1", 0 } }
+ * 0
+ * }
+ * rc= ldap_modify_ext( ld, dn, mods, sctrls, cctrls, &msgid );
+ */
+int
+ldap_modify_ext( LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAPMod **mods,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ BerElement *ber;
+ int i, rc;
+ ber_int_t id;
+
+ /*
+ * A modify request looks like this:
+ * ModifyRequet ::= SEQUENCE {
+ * object DistinguishedName,
+ * modifications SEQUENCE OF SEQUENCE {
+ * operation ENUMERATED {
+ * add (0),
+ * delete (1),
+ * replace (2),
+ * increment (3) -- extension
+ * },
+ * modification SEQUENCE {
+ * type AttributeType,
+ * values SET OF AttributeValue
+ * }
+ * }
+ * }
+ */
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_modify_ext\n", 0, 0, 0 );
+
+ /* check client controls */
+ rc = ldap_int_client_controls( ld, cctrls );
+ if( rc != LDAP_SUCCESS ) return rc;
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ return( LDAP_NO_MEMORY );
+ }
+
+ LDAP_NEXT_MSGID( ld, id );
+ rc = ber_printf( ber, "{it{s{" /*}}}*/, id, LDAP_REQ_MODIFY, dn );
+ if ( rc == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( ld->ld_errno );
+ }
+
+ /* allow mods to be NULL ("touch") */
+ if ( mods ) {
+ /* for each modification to be performed... */
+ for ( i = 0; mods[i] != NULL; i++ ) {
+ if (( mods[i]->mod_op & LDAP_MOD_BVALUES) != 0 ) {
+ rc = ber_printf( ber, "{e{s[V]N}N}",
+ (ber_int_t) ( mods[i]->mod_op & ~LDAP_MOD_BVALUES ),
+ mods[i]->mod_type, mods[i]->mod_bvalues );
+ } else {
+ rc = ber_printf( ber, "{e{s[v]N}N}",
+ (ber_int_t) mods[i]->mod_op,
+ mods[i]->mod_type, mods[i]->mod_values );
+ }
+
+ if ( rc == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( ld->ld_errno );
+ }
+ }
+ }
+
+ if ( ber_printf( ber, /*{{*/ "N}N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( ld->ld_errno );
+ }
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( ld->ld_errno );
+ }
+
+ /* send the message */
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_MODIFY, dn, ber, id );
+ return( *msgidp < 0 ? ld->ld_errno : LDAP_SUCCESS );
+}
+
+/*
+ * ldap_modify - initiate an ldap modify operation.
+ *
+ * Parameters:
+ *
+ * ld LDAP descriptor
+ * dn DN of the object to modify
+ * mods List of modifications to make. This is null-terminated
+ * array of struct ldapmod's, specifying the modifications
+ * to perform.
+ *
+ * Example:
+ * LDAPMod *mods[] = {
+ * { LDAP_MOD_ADD, "cn", { "babs jensen", "babs", 0 } },
+ * { LDAP_MOD_REPLACE, "sn", { "babs jensen", "babs", 0 } },
+ * { LDAP_MOD_DELETE, "ou", 0 },
+ * { LDAP_MOD_INCREMENT, "uidNumber, { "1", 0 } }
+ * 0
+ * }
+ * msgid = ldap_modify( ld, dn, mods );
+ */
+int
+ldap_modify( LDAP *ld, LDAP_CONST char *dn, LDAPMod **mods )
+{
+ int rc, msgid;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_modify\n", 0, 0, 0 );
+
+ rc = ldap_modify_ext( ld, dn, mods, NULL, NULL, &msgid );
+
+ if ( rc != LDAP_SUCCESS )
+ return -1;
+
+ return msgid;
+}
+
+int
+ldap_modify_ext_s( LDAP *ld, LDAP_CONST char *dn,
+ LDAPMod **mods, LDAPControl **sctrl, LDAPControl **cctrl )
+{
+ int rc;
+ int msgid;
+ LDAPMessage *res;
+
+ rc = ldap_modify_ext( ld, dn, mods, sctrl, cctrl, &msgid );
+
+ if ( rc != LDAP_SUCCESS )
+ return( rc );
+
+ if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 )
+ return( ld->ld_errno );
+
+ return( ldap_result2error( ld, res, 1 ) );
+}
+
+int
+ldap_modify_s( LDAP *ld, LDAP_CONST char *dn, LDAPMod **mods )
+{
+ return ldap_modify_ext_s( ld, dn, mods, NULL, NULL );
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/modrdn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/modrdn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/modrdn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,254 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/modrdn.c,v 1.27.2.3 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/* Copyright 1999, Juan C. Gomez, All rights reserved.
+ * This software is not subject to any license of Silicon Graphics
+ * Inc. or Purdue University.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * without restriction or fee of any kind as long as this notice
+ * is preserved.
+ */
+/* Portions Copyright (C) The Internet Society (1997)
+ * ASN.1 fragments are from RFC 2251; see RFC 2251 for full legal notices.
+ */
+
+/* ACKNOWLEDGEMENTS:
+ * Juan C. Gomez
+ */
+
+/*
+ * A modify rdn request looks like this:
+ * ModifyRDNRequest ::= SEQUENCE {
+ * entry DistinguishedName,
+ * newrdn RelativeDistinguishedName,
+ * deleteoldrdn BOOLEAN
+ * newSuperior [0] DistinguishedName [v3 only]
+ * }
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+/*
+ * ldap_rename - initiate an ldap extended modifyDN operation.
+ *
+ * Parameters:
+ * ld LDAP descriptor
+ * dn DN of the object to modify
+ * newrdn RDN to give the object
+ * deleteoldrdn nonzero means to delete old rdn values from the entry
+ * newSuperior DN of the new parent if applicable
+ *
+ * Returns the LDAP error code.
+ */
+
+int
+ldap_rename(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *newrdn,
+ LDAP_CONST char *newSuperior,
+ int deleteoldrdn,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ BerElement *ber;
+ int rc;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_rename\n", 0, 0, 0 );
+
+ /* check client controls */
+ rc = ldap_int_client_controls( ld, cctrls );
+ if( rc != LDAP_SUCCESS ) return rc;
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ return( LDAP_NO_MEMORY );
+ }
+
+ LDAP_NEXT_MSGID( ld, id );
+ if( newSuperior != NULL ) {
+ /* must be version 3 (or greater) */
+ if ( ld->ld_version < LDAP_VERSION3 ) {
+ ld->ld_errno = LDAP_NOT_SUPPORTED;
+ ber_free( ber, 1 );
+ return( ld->ld_errno );
+ }
+ rc = ber_printf( ber, "{it{ssbtsN}", /* '}' */
+ id, LDAP_REQ_MODDN,
+ dn, newrdn, (ber_int_t) deleteoldrdn,
+ LDAP_TAG_NEWSUPERIOR, newSuperior );
+
+ } else {
+ rc = ber_printf( ber, "{it{ssbN}", /* '}' */
+ id, LDAP_REQ_MODDN,
+ dn, newrdn, (ber_int_t) deleteoldrdn );
+ }
+
+ if ( rc < 0 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( ld->ld_errno );
+ }
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ rc = ber_printf( ber, /*{*/ "N}" );
+ if ( rc < 0 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( ld->ld_errno );
+ }
+
+ /* send the message */
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_MODRDN, dn, ber, id );
+
+ if( *msgidp < 0 ) {
+ return( ld->ld_errno );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+
+/*
+ * ldap_rename2 - initiate an ldap (and X.500) modifyDN operation. Parameters:
+ * (LDAP V3 MODIFYDN REQUEST)
+ * ld LDAP descriptor
+ * dn DN of the object to modify
+ * newrdn RDN to give the object
+ * deleteoldrdn nonzero means to delete old rdn values from the entry
+ * newSuperior DN of the new parent if applicable
+ *
+ * ldap_rename2 uses a U-Mich Style API. It returns the msgid.
+ */
+
+int
+ldap_rename2(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *newrdn,
+ LDAP_CONST char *newSuperior,
+ int deleteoldrdn )
+{
+ int msgid;
+ int rc;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_rename2\n", 0, 0, 0 );
+
+ rc = ldap_rename( ld, dn, newrdn, newSuperior,
+ deleteoldrdn, NULL, NULL, &msgid );
+
+ return rc == LDAP_SUCCESS ? msgid : -1;
+}
+
+
+/*
+ * ldap_modrdn2 - initiate an ldap modifyRDN operation. Parameters:
+ *
+ * ld LDAP descriptor
+ * dn DN of the object to modify
+ * newrdn RDN to give the object
+ * deleteoldrdn nonzero means to delete old rdn values from the entry
+ *
+ * Example:
+ * msgid = ldap_modrdn( ld, dn, newrdn );
+ */
+int
+ldap_modrdn2( LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *newrdn,
+ int deleteoldrdn )
+{
+ return ldap_rename2( ld, dn, newrdn, NULL, deleteoldrdn );
+}
+
+int
+ldap_modrdn( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *newrdn )
+{
+ return( ldap_rename2( ld, dn, newrdn, NULL, 1 ) );
+}
+
+
+int
+ldap_rename_s(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *newrdn,
+ LDAP_CONST char *newSuperior,
+ int deleteoldrdn,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+ int rc;
+ int msgid;
+ LDAPMessage *res;
+
+ rc = ldap_rename( ld, dn, newrdn, newSuperior,
+ deleteoldrdn, sctrls, cctrls, &msgid );
+
+ if( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ rc = ldap_result( ld, msgid, 1, NULL, &res );
+
+ if( rc == -1 ) {
+ return ld->ld_errno;
+ }
+
+ return ldap_result2error( ld, res, 1 );
+}
+
+int
+ldap_rename2_s(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *newrdn,
+ LDAP_CONST char *newSuperior,
+ int deleteoldrdn )
+{
+ return ldap_rename_s( ld, dn, newrdn, newSuperior,
+ deleteoldrdn, NULL, NULL );
+}
+
+int
+ldap_modrdn2_s( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *newrdn, int deleteoldrdn )
+{
+ return ldap_rename_s( ld, dn, newrdn, NULL, deleteoldrdn, NULL, NULL );
+}
+
+int
+ldap_modrdn_s( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *newrdn )
+{
+ return ldap_rename_s( ld, dn, newrdn, NULL, 1, NULL, NULL );
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/open.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/open.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/open.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,432 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/open.c,v 1.105.2.7 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include <ac/stdlib.h>
+
+#include <ac/param.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include <ac/unistd.h>
+
+#include "ldap-int.h"
+#include "ldap_log.h"
+
+/* Caller should hold the req_mutex if simultaneous accesses are possible */
+int ldap_open_defconn( LDAP *ld )
+{
+ ld->ld_defconn = ldap_new_connection( ld,
+ ld->ld_options.ldo_defludp, 1, 1, NULL );
+
+ if( ld->ld_defconn == NULL ) {
+ ld->ld_errno = LDAP_SERVER_DOWN;
+ return -1;
+ }
+
+ ++ld->ld_defconn->lconn_refcnt; /* so it never gets closed/freed */
+ return 0;
+}
+
+/*
+ * ldap_open - initialize and connect to an ldap server. A magic cookie to
+ * be used for future communication is returned on success, NULL on failure.
+ * "host" may be a space-separated list of hosts or IP addresses
+ *
+ * Example:
+ * LDAP *ld;
+ * ld = ldap_open( hostname, port );
+ */
+
+LDAP *
+ldap_open( LDAP_CONST char *host, int port )
+{
+ int rc;
+ LDAP *ld;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_open(%s, %d)\n",
+ host, port, 0 );
+
+ ld = ldap_init( host, port );
+ if ( ld == NULL ) {
+ return( NULL );
+ }
+
+ rc = ldap_open_defconn( ld );
+
+ if( rc < 0 ) {
+ ldap_ld_free( ld, 0, NULL, NULL );
+ ld = NULL;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_open: %s\n",
+ ld == NULL ? "succeeded" : "failed", 0, 0 );
+
+ return ld;
+}
+
+
+
+int
+ldap_create( LDAP **ldp )
+{
+ LDAP *ld;
+ struct ldapoptions *gopts;
+
+ *ldp = NULL;
+ /* Get pointer to global option structure */
+ if ( (gopts = LDAP_INT_GLOBAL_OPT()) == NULL) {
+ return LDAP_NO_MEMORY;
+ }
+
+ /* Initialize the global options, if not already done. */
+ if( gopts->ldo_valid != LDAP_INITIALIZED ) {
+ ldap_int_initialize(gopts, NULL);
+ if ( gopts->ldo_valid != LDAP_INITIALIZED )
+ return LDAP_LOCAL_ERROR;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_create\n", 0, 0, 0 );
+
+ if ( (ld = (LDAP *) LDAP_CALLOC( 1, sizeof(LDAP) )) == NULL ) {
+ return( LDAP_NO_MEMORY );
+ }
+
+ /* copy the global options */
+ AC_MEMCPY(&ld->ld_options, gopts, sizeof(ld->ld_options));
+
+ ld->ld_valid = LDAP_VALID_SESSION;
+
+ /* but not pointers to malloc'ed items */
+ ld->ld_options.ldo_sctrls = NULL;
+ ld->ld_options.ldo_cctrls = NULL;
+ ld->ld_options.ldo_tm_api = NULL;
+ ld->ld_options.ldo_tm_net = NULL;
+ ld->ld_options.ldo_defludp = NULL;
+
+#ifdef HAVE_CYRUS_SASL
+ ld->ld_options.ldo_def_sasl_mech = gopts->ldo_def_sasl_mech
+ ? LDAP_STRDUP( gopts->ldo_def_sasl_mech ) : NULL;
+ ld->ld_options.ldo_def_sasl_realm = gopts->ldo_def_sasl_realm
+ ? LDAP_STRDUP( gopts->ldo_def_sasl_realm ) : NULL;
+ ld->ld_options.ldo_def_sasl_authcid = gopts->ldo_def_sasl_authcid
+ ? LDAP_STRDUP( gopts->ldo_def_sasl_authcid ) : NULL;
+ ld->ld_options.ldo_def_sasl_authzid = gopts->ldo_def_sasl_authzid
+ ? LDAP_STRDUP( gopts->ldo_def_sasl_authzid ) : NULL;
+#endif
+
+ if ( gopts->ldo_tm_api &&
+ ldap_int_timeval_dup( &ld->ld_options.ldo_tm_api, gopts->ldo_tm_api ))
+ goto nomem;
+
+ if ( gopts->ldo_tm_net &&
+ ldap_int_timeval_dup( &ld->ld_options.ldo_tm_net, gopts->ldo_tm_net ))
+ goto nomem;
+
+ if ( gopts->ldo_defludp ) {
+ ld->ld_options.ldo_defludp = ldap_url_duplist(gopts->ldo_defludp);
+
+ if ( ld->ld_options.ldo_defludp == NULL ) goto nomem;
+ }
+
+ if (( ld->ld_selectinfo = ldap_new_select_info()) == NULL ) goto nomem;
+
+ ld->ld_lberoptions = LBER_USE_DER;
+
+ ld->ld_sb = ber_sockbuf_alloc( );
+ if ( ld->ld_sb == NULL ) goto nomem;
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_init( &ld->ld_req_mutex );
+ ldap_pvt_thread_mutex_init( &ld->ld_res_mutex );
+ ldap_pvt_thread_mutex_init( &ld->ld_conn_mutex );
+#endif
+ *ldp = ld;
+ return LDAP_SUCCESS;
+
+nomem:
+ ldap_free_select_info( ld->ld_selectinfo );
+ ldap_free_urllist( ld->ld_options.ldo_defludp );
+ LDAP_FREE( ld->ld_options.ldo_tm_net );
+ LDAP_FREE( ld->ld_options.ldo_tm_api );
+#ifdef HAVE_CYRUS_SASL
+ LDAP_FREE( ld->ld_options.ldo_def_sasl_authzid );
+ LDAP_FREE( ld->ld_options.ldo_def_sasl_authcid );
+ LDAP_FREE( ld->ld_options.ldo_def_sasl_realm );
+ LDAP_FREE( ld->ld_options.ldo_def_sasl_mech );
+#endif
+ LDAP_FREE( (char *)ld );
+ return LDAP_NO_MEMORY;
+}
+
+/*
+ * ldap_init - initialize the LDAP library. A magic cookie to be used for
+ * future communication is returned on success, NULL on failure.
+ * "host" may be a space-separated list of hosts or IP addresses
+ *
+ * Example:
+ * LDAP *ld;
+ * ld = ldap_init( host, port );
+ */
+LDAP *
+ldap_init( LDAP_CONST char *defhost, int defport )
+{
+ LDAP *ld;
+ int rc;
+
+ rc = ldap_create(&ld);
+ if ( rc != LDAP_SUCCESS )
+ return NULL;
+
+ if (defport != 0)
+ ld->ld_options.ldo_defport = defport;
+
+ if (defhost != NULL) {
+ rc = ldap_set_option(ld, LDAP_OPT_HOST_NAME, defhost);
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_ld_free(ld, 1, NULL, NULL);
+ return NULL;
+ }
+ }
+
+ return( ld );
+}
+
+
+int
+ldap_initialize( LDAP **ldp, LDAP_CONST char *url )
+{
+ int rc;
+ LDAP *ld;
+
+ *ldp = NULL;
+ rc = ldap_create(&ld);
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ if (url != NULL) {
+ rc = ldap_set_option(ld, LDAP_OPT_URI, url);
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_ld_free(ld, 1, NULL, NULL);
+ return rc;
+ }
+#ifdef LDAP_CONNECTIONLESS
+ if (ldap_is_ldapc_url(url))
+ LDAP_IS_UDP(ld) = 1;
+#endif
+ }
+
+ *ldp = ld;
+ return LDAP_SUCCESS;
+}
+
+int
+ldap_int_open_connection(
+ LDAP *ld,
+ LDAPConn *conn,
+ LDAPURLDesc *srv,
+ int async )
+{
+ int rc = -1;
+ char *host;
+ int port, proto;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_int_open_connection\n", 0, 0, 0 );
+
+ switch ( proto = ldap_pvt_url_scheme2proto( srv->lud_scheme ) ) {
+ case LDAP_PROTO_TCP:
+ port = srv->lud_port;
+
+ if ( srv->lud_host == NULL || *srv->lud_host == 0 ) {
+ host = NULL;
+ } else {
+ host = srv->lud_host;
+ }
+
+ if( !port ) {
+ if( strcmp(srv->lud_scheme, "ldaps") == 0 ) {
+ port = LDAPS_PORT;
+ } else {
+ port = LDAP_PORT;
+ }
+ }
+
+ rc = ldap_connect_to_host( ld, conn->lconn_sb,
+ proto, host, port, async );
+
+ if ( rc == -1 ) return rc;
+
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_PROVIDER, (void *)"tcp_" );
+#endif
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_tcp,
+ LBER_SBIOD_LEVEL_PROVIDER, NULL );
+
+ break;
+
+#ifdef LDAP_CONNECTIONLESS
+ case LDAP_PROTO_UDP:
+ port = srv->lud_port;
+
+ if ( srv->lud_host == NULL || *srv->lud_host == 0 ) {
+ host = NULL;
+ } else {
+ host = srv->lud_host;
+ }
+
+ if( !port ) port = LDAP_PORT;
+
+ LDAP_IS_UDP(ld) = 1;
+ rc = ldap_connect_to_host( ld, conn->lconn_sb,
+ proto, host, port, async );
+
+ if ( rc == -1 ) return rc;
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_PROVIDER, (void *)"udp_" );
+#endif
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_udp,
+ LBER_SBIOD_LEVEL_PROVIDER, NULL );
+
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_readahead,
+ LBER_SBIOD_LEVEL_PROVIDER, NULL );
+
+ break;
+#endif
+ case LDAP_PROTO_IPC:
+#ifdef LDAP_PF_LOCAL
+ /* only IPC mechanism supported is PF_LOCAL (PF_UNIX) */
+ rc = ldap_connect_to_path( ld, conn->lconn_sb,
+ srv->lud_host, async );
+ if ( rc == -1 ) return rc;
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_PROVIDER, (void *)"ipc_" );
+#endif
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_fd,
+ LBER_SBIOD_LEVEL_PROVIDER, NULL );
+
+ break;
+#endif /* LDAP_PF_LOCAL */
+ default:
+ return -1;
+ break;
+ }
+
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
+ INT_MAX, (void *)"ldap_" );
+#endif
+
+#ifdef LDAP_CONNECTIONLESS
+ if( proto == LDAP_PROTO_UDP ) return 0;
+#endif
+
+#ifdef HAVE_TLS
+ if (ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||
+ strcmp( srv->lud_scheme, "ldaps" ) == 0 )
+ {
+ ++conn->lconn_refcnt; /* avoid premature free */
+
+ rc = ldap_int_tls_start( ld, conn, srv );
+
+ --conn->lconn_refcnt;
+
+ if (rc != LDAP_SUCCESS) {
+ return -1;
+ }
+ }
+#endif
+
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ if ( conn->lconn_krbinstance == NULL ) {
+ char *c;
+ conn->lconn_krbinstance = ldap_host_connected_to(
+ conn->lconn_sb, host );
+
+ if( conn->lconn_krbinstance != NULL &&
+ ( c = strchr( conn->lconn_krbinstance, '.' )) != NULL ) {
+ *c = '\0';
+ }
+ }
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
+
+ return( 0 );
+}
+
+
+int ldap_open_internal_connection( LDAP **ldp, ber_socket_t *fdp )
+{
+ int rc;
+ LDAPConn *c;
+ LDAPRequest *lr;
+
+ rc = ldap_create( ldp );
+ if( rc != LDAP_SUCCESS ) {
+ *ldp = NULL;
+ return( rc );
+ }
+
+ /* Make it appear that a search request, msgid 0, was sent */
+ lr = (LDAPRequest *)LDAP_CALLOC( 1, sizeof( LDAPRequest ));
+ if( lr == NULL ) {
+ ldap_unbind( *ldp );
+ *ldp = NULL;
+ return( LDAP_NO_MEMORY );
+ }
+ memset(lr, 0, sizeof( LDAPRequest ));
+ lr->lr_msgid = 0;
+ lr->lr_status = LDAP_REQST_INPROGRESS;
+ lr->lr_res_errno = LDAP_SUCCESS;
+ /* no mutex lock needed, we just created this ld here */
+ (*ldp)->ld_requests = lr;
+
+ /* Attach the passed socket as the *LDAP's connection */
+ c = ldap_new_connection( *ldp, NULL, 1, 0, NULL);
+ if( c == NULL ) {
+ ldap_unbind( *ldp );
+ *ldp = NULL;
+ return( LDAP_NO_MEMORY );
+ }
+ ber_sockbuf_ctrl( c->lconn_sb, LBER_SB_OPT_SET_FD, fdp );
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( c->lconn_sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_PROVIDER, (void *)"int_" );
+#endif
+ ber_sockbuf_add_io( c->lconn_sb, &ber_sockbuf_io_tcp,
+ LBER_SBIOD_LEVEL_PROVIDER, NULL );
+ (*ldp)->ld_defconn = c;
+
+ /* Add the connection to the *LDAP's select pool */
+ ldap_mark_select_read( *ldp, c->lconn_sb );
+ ldap_mark_select_write( *ldp, c->lconn_sb );
+
+ /* Make this connection an LDAP V3 protocol connection */
+ rc = LDAP_VERSION3;
+ ldap_set_option( *ldp, LDAP_OPT_PROTOCOL_VERSION, &rc );
+
+ return( LDAP_SUCCESS );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/options.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/options.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/options.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,701 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/options.c,v 1.67.2.8 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+#define LDAP_OPT_REBIND_PROC 0x4e814d
+#define LDAP_OPT_REBIND_PARAMS 0x4e814e
+
+#define LDAP_OPT_NEXTREF_PROC 0x4e815d
+#define LDAP_OPT_NEXTREF_PARAMS 0x4e815e
+
+static const LDAPAPIFeatureInfo features[] = {
+#ifdef LDAP_API_FEATURE_X_OPENLDAP
+ { /* OpenLDAP Extensions API Feature */
+ LDAP_FEATURE_INFO_VERSION,
+ "X_OPENLDAP",
+ LDAP_API_FEATURE_X_OPENLDAP
+ },
+#endif
+
+#ifdef LDAP_API_FEATURE_THREAD_SAFE
+ { /* Basic Thread Safe */
+ LDAP_FEATURE_INFO_VERSION,
+ "THREAD_SAFE",
+ LDAP_API_FEATURE_THREAD_SAFE
+ },
+#endif
+#ifdef LDAP_API_FEATURE_SESSION_THREAD_SAFE
+ { /* Session Thread Safe */
+ LDAP_FEATURE_INFO_VERSION,
+ "SESSION_THREAD_SAFE",
+ LDAP_API_FEATURE_SESSION_THREAD_SAFE
+ },
+#endif
+#ifdef LDAP_API_FEATURE_OPERATION_THREAD_SAFE
+ { /* Operation Thread Safe */
+ LDAP_FEATURE_INFO_VERSION,
+ "OPERATION_THREAD_SAFE",
+ LDAP_API_FEATURE_OPERATION_THREAD_SAFE
+ },
+#endif
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_REENTRANT
+ { /* OpenLDAP Reentrant */
+ LDAP_FEATURE_INFO_VERSION,
+ "X_OPENLDAP_REENTRANT",
+ LDAP_API_FEATURE_X_OPENLDAP_REENTRANT
+ },
+#endif
+#if defined( LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE ) && \
+ defined( LDAP_THREAD_SAFE )
+ { /* OpenLDAP Thread Safe */
+ LDAP_FEATURE_INFO_VERSION,
+ "X_OPENLDAP_THREAD_SAFE",
+ LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE
+ },
+#endif
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS
+ { /* V2 Referrals */
+ LDAP_FEATURE_INFO_VERSION,
+ "X_OPENLDAP_V2_REFERRALS",
+ LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS
+ },
+#endif
+ {0, NULL, 0}
+};
+
+int
+ldap_get_option(
+ LDAP *ld,
+ int option,
+ void *outvalue)
+{
+ struct ldapoptions *lo;
+
+ /* Get pointer to global option structure */
+ lo = LDAP_INT_GLOBAL_OPT();
+ if (NULL == lo) {
+ return LDAP_NO_MEMORY;
+ }
+
+ if( lo->ldo_valid != LDAP_INITIALIZED ) {
+ ldap_int_initialize(lo, NULL);
+ }
+
+ if(ld != NULL) {
+ assert( LDAP_VALID( ld ) );
+
+ if( !LDAP_VALID( ld ) ) {
+ return LDAP_OPT_ERROR;
+ }
+
+ lo = &ld->ld_options;
+ }
+
+ if(outvalue == NULL) {
+ /* no place to get to */
+ return LDAP_OPT_ERROR;
+ }
+
+ switch(option) {
+ case LDAP_OPT_API_INFO: {
+ struct ldapapiinfo *info = (struct ldapapiinfo *) outvalue;
+
+ if(info == NULL) {
+ /* outvalue must point to an apiinfo structure */
+ return LDAP_OPT_ERROR;
+ }
+
+ if(info->ldapai_info_version != LDAP_API_INFO_VERSION) {
+ /* api info version mismatch */
+ info->ldapai_info_version = LDAP_API_INFO_VERSION;
+ return LDAP_OPT_ERROR;
+ }
+
+ info->ldapai_api_version = LDAP_API_VERSION;
+ info->ldapai_protocol_version = LDAP_VERSION_MAX;
+
+ if(features[0].ldapaif_name == NULL) {
+ info->ldapai_extensions = NULL;
+ } else {
+ int i;
+ info->ldapai_extensions = LDAP_MALLOC(sizeof(char *) *
+ sizeof(features)/sizeof(LDAPAPIFeatureInfo));
+
+ for(i=0; features[i].ldapaif_name != NULL; i++) {
+ info->ldapai_extensions[i] =
+ LDAP_STRDUP(features[i].ldapaif_name);
+ }
+
+ info->ldapai_extensions[i] = NULL;
+ }
+
+ info->ldapai_vendor_name = LDAP_STRDUP(LDAP_VENDOR_NAME);
+ info->ldapai_vendor_version = LDAP_VENDOR_VERSION;
+
+ return LDAP_OPT_SUCCESS;
+ } break;
+
+ case LDAP_OPT_DESC:
+ if( ld == NULL || ld->ld_sb == NULL ) {
+ /* bad param */
+ break;
+ }
+
+ ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, outvalue );
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_SOCKBUF:
+ if( ld == NULL ) break;
+ *(Sockbuf **)outvalue = ld->ld_sb;
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_TIMEOUT:
+ /* the caller has to free outvalue ! */
+ if ( ldap_int_timeval_dup( outvalue, lo->ldo_tm_api) != 0 ) {
+ return LDAP_OPT_ERROR;
+ }
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_NETWORK_TIMEOUT:
+ /* the caller has to free outvalue ! */
+ if ( ldap_int_timeval_dup( outvalue, lo->ldo_tm_net ) != 0 ) {
+ return LDAP_OPT_ERROR;
+ }
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_DEREF:
+ * (int *) outvalue = lo->ldo_deref;
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_SIZELIMIT:
+ * (int *) outvalue = lo->ldo_sizelimit;
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_TIMELIMIT:
+ * (int *) outvalue = lo->ldo_timelimit;
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_REFERRALS:
+ * (int *) outvalue = (int) LDAP_BOOL_GET(lo, LDAP_BOOL_REFERRALS);
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_RESTART:
+ * (int *) outvalue = (int) LDAP_BOOL_GET(lo, LDAP_BOOL_RESTART);
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_PROTOCOL_VERSION:
+ * (int *) outvalue = lo->ldo_version;
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_SERVER_CONTROLS:
+ * (LDAPControl ***) outvalue =
+ ldap_controls_dup( lo->ldo_sctrls );
+
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_CLIENT_CONTROLS:
+ * (LDAPControl ***) outvalue =
+ ldap_controls_dup( lo->ldo_cctrls );
+
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_HOST_NAME:
+ * (char **) outvalue = ldap_url_list2hosts(lo->ldo_defludp);
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_URI:
+ * (char **) outvalue = ldap_url_list2urls(lo->ldo_defludp);
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_ERROR_NUMBER:
+ if(ld == NULL) {
+ /* bad param */
+ break;
+ }
+ * (int *) outvalue = ld->ld_errno;
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_ERROR_STRING:
+ if(ld == NULL) {
+ /* bad param */
+ break;
+ }
+
+ if( ld->ld_error == NULL ) {
+ * (char **) outvalue = NULL;
+ } else {
+ * (char **) outvalue = LDAP_STRDUP(ld->ld_error);
+ }
+
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_MATCHED_DN:
+ if(ld == NULL) {
+ /* bad param */
+ break;
+ }
+
+ if( ld->ld_matched == NULL ) {
+ * (char **) outvalue = NULL;
+ } else {
+ * (char **) outvalue = LDAP_STRDUP( ld->ld_matched );
+ }
+
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_REFERRAL_URLS:
+ if(ld == NULL) {
+ /* bad param */
+ break;
+ }
+
+ if( ld->ld_referrals == NULL ) {
+ * (char ***) outvalue = NULL;
+ } else {
+ * (char ***) outvalue = ldap_value_dup(ld->ld_referrals);
+ }
+
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_API_FEATURE_INFO: {
+ LDAPAPIFeatureInfo *info = (LDAPAPIFeatureInfo *) outvalue;
+ int i;
+
+ if(info == NULL) return LDAP_OPT_ERROR;
+
+ if(info->ldapaif_info_version != LDAP_FEATURE_INFO_VERSION) {
+ /* api info version mismatch */
+ info->ldapaif_info_version = LDAP_FEATURE_INFO_VERSION;
+ return LDAP_OPT_ERROR;
+ }
+
+ if(info->ldapaif_name == NULL) return LDAP_OPT_ERROR;
+
+ for(i=0; features[i].ldapaif_name != NULL; i++) {
+ if(!strcmp(info->ldapaif_name, features[i].ldapaif_name)) {
+ info->ldapaif_version =
+ features[i].ldapaif_version;
+ return LDAP_OPT_SUCCESS;
+ }
+ }
+ }
+ break;
+
+ case LDAP_OPT_DEBUG_LEVEL:
+ * (int *) outvalue = lo->ldo_debug;
+ return LDAP_OPT_SUCCESS;
+
+ default:
+#ifdef HAVE_TLS
+ if ( ldap_pvt_tls_get_option( ld, option, outvalue ) == 0 ) {
+ return LDAP_OPT_SUCCESS;
+ }
+#endif
+#ifdef HAVE_CYRUS_SASL
+ if ( ldap_int_sasl_get_option( ld, option, outvalue ) == 0 ) {
+ return LDAP_OPT_SUCCESS;
+ }
+#endif
+ /* bad param */
+ break;
+ }
+
+ return LDAP_OPT_ERROR;
+}
+
+int
+ldap_set_option(
+ LDAP *ld,
+ int option,
+ LDAP_CONST void *invalue)
+{
+ struct ldapoptions *lo;
+ int *dbglvl = NULL;
+
+ /* Get pointer to global option structure */
+ lo = LDAP_INT_GLOBAL_OPT();
+ if (lo == NULL) {
+ return LDAP_NO_MEMORY;
+ }
+
+ /*
+ * The architecture to turn on debugging has a chicken and egg
+ * problem. Thus, we introduce a fix here.
+ */
+
+ if (option == LDAP_OPT_DEBUG_LEVEL) {
+ dbglvl = (int *) invalue;
+ }
+
+ if( lo->ldo_valid != LDAP_INITIALIZED ) {
+ ldap_int_initialize(lo, dbglvl);
+ }
+
+ if(ld != NULL) {
+ assert( LDAP_VALID( ld ) );
+
+ if( !LDAP_VALID( ld ) ) {
+ return LDAP_OPT_ERROR;
+ }
+
+ lo = &ld->ld_options;
+ }
+
+ switch(option) {
+ case LDAP_OPT_REFERRALS:
+ if(invalue == LDAP_OPT_OFF) {
+ LDAP_BOOL_CLR(lo, LDAP_BOOL_REFERRALS);
+ } else {
+ LDAP_BOOL_SET(lo, LDAP_BOOL_REFERRALS);
+ }
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_RESTART:
+ if(invalue == LDAP_OPT_OFF) {
+ LDAP_BOOL_CLR(lo, LDAP_BOOL_RESTART);
+ } else {
+ LDAP_BOOL_SET(lo, LDAP_BOOL_RESTART);
+ }
+ return LDAP_OPT_SUCCESS;
+ }
+
+ /* options which can withstand invalue == NULL */
+ switch ( option ) {
+ case LDAP_OPT_SERVER_CONTROLS: {
+ LDAPControl *const *controls =
+ (LDAPControl *const *) invalue;
+
+ if( lo->ldo_sctrls )
+ ldap_controls_free( lo->ldo_sctrls );
+
+ if( controls == NULL || *controls == NULL ) {
+ lo->ldo_sctrls = NULL;
+ return LDAP_OPT_SUCCESS;
+ }
+
+ lo->ldo_sctrls = ldap_controls_dup( controls );
+
+ if(lo->ldo_sctrls == NULL) {
+ /* memory allocation error ? */
+ break;
+ }
+ } return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_CLIENT_CONTROLS: {
+ LDAPControl *const *controls =
+ (LDAPControl *const *) invalue;
+
+ if( lo->ldo_cctrls )
+ ldap_controls_free( lo->ldo_cctrls );
+
+ if( controls == NULL || *controls == NULL ) {
+ lo->ldo_cctrls = NULL;
+ return LDAP_OPT_SUCCESS;
+ }
+
+ lo->ldo_cctrls = ldap_controls_dup( controls );
+
+ if(lo->ldo_cctrls == NULL) {
+ /* memory allocation error ? */
+ break;
+ }
+ } return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_TIMEOUT: {
+ const struct timeval *tv =
+ (const struct timeval *) invalue;
+
+ if ( lo->ldo_tm_api != NULL ) {
+ LDAP_FREE( lo->ldo_tm_api );
+ lo->ldo_tm_api = NULL;
+ }
+
+ if ( ldap_int_timeval_dup( &lo->ldo_tm_api, tv ) != 0 ) {
+ return LDAP_OPT_ERROR;
+ }
+ } return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_NETWORK_TIMEOUT: {
+ const struct timeval *tv =
+ (const struct timeval *) invalue;
+
+ if ( lo->ldo_tm_net != NULL ) {
+ LDAP_FREE( lo->ldo_tm_net );
+ lo->ldo_tm_net = NULL;
+ }
+
+ if ( ldap_int_timeval_dup( &lo->ldo_tm_net, tv ) != 0 ) {
+ return LDAP_OPT_ERROR;
+ }
+ } return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_HOST_NAME: {
+ const char *host = (const char *) invalue;
+ LDAPURLDesc *ludlist = NULL;
+ int rc = LDAP_OPT_SUCCESS;
+
+ if(host != NULL) {
+ rc = ldap_url_parsehosts( &ludlist, host,
+ lo->ldo_defport ? lo->ldo_defport : LDAP_PORT );
+
+ } else if(ld == NULL) {
+ /*
+ * must want global default returned
+ * to initial condition.
+ */
+ rc = ldap_url_parselist(&ludlist, "ldap://localhost/");
+
+ } else {
+ /*
+ * must want the session default
+ * updated to the current global default
+ */
+ ludlist = ldap_url_duplist(
+ ldap_int_global_options.ldo_defludp);
+ if (ludlist == NULL)
+ rc = LDAP_NO_MEMORY;
+ }
+
+ if (rc == LDAP_OPT_SUCCESS) {
+ if (lo->ldo_defludp != NULL)
+ ldap_free_urllist(lo->ldo_defludp);
+ lo->ldo_defludp = ludlist;
+ }
+ return rc;
+ }
+
+ case LDAP_OPT_URI: {
+ const char *urls = (const char *) invalue;
+ LDAPURLDesc *ludlist = NULL;
+ int rc = LDAP_OPT_SUCCESS;
+
+ if(urls != NULL) {
+ rc = ldap_url_parselist(&ludlist, urls);
+ } else if(ld == NULL) {
+ /*
+ * must want global default returned
+ * to initial condition.
+ */
+ rc = ldap_url_parselist(&ludlist, "ldap://localhost/");
+
+ } else {
+ /*
+ * must want the session default
+ * updated to the current global default
+ */
+ ludlist = ldap_url_duplist(
+ ldap_int_global_options.ldo_defludp);
+ if (ludlist == NULL)
+ rc = LDAP_NO_MEMORY;
+ }
+
+ switch (rc) {
+ case LDAP_URL_SUCCESS: /* Success */
+ rc = LDAP_SUCCESS;
+ break;
+
+ case LDAP_URL_ERR_MEM: /* can't allocate memory space */
+ rc = LDAP_NO_MEMORY;
+ break;
+
+ case LDAP_URL_ERR_PARAM: /* parameter is bad */
+ case LDAP_URL_ERR_BADSCHEME: /* URL doesn't begin with "ldap[si]://" */
+ case LDAP_URL_ERR_BADENCLOSURE: /* URL is missing trailing ">" */
+ case LDAP_URL_ERR_BADURL: /* URL is bad */
+ case LDAP_URL_ERR_BADHOST: /* host port is bad */
+ case LDAP_URL_ERR_BADATTRS: /* bad (or missing) attributes */
+ case LDAP_URL_ERR_BADSCOPE: /* scope string is invalid (or missing) */
+ case LDAP_URL_ERR_BADFILTER: /* bad or missing filter */
+ case LDAP_URL_ERR_BADEXTS: /* bad or missing extensions */
+ rc = LDAP_PARAM_ERROR;
+ break;
+ }
+
+ if (rc == LDAP_OPT_SUCCESS) {
+ if (lo->ldo_defludp != NULL)
+ ldap_free_urllist(lo->ldo_defludp);
+ lo->ldo_defludp = ludlist;
+ }
+ return rc;
+ }
+
+ /* Only accessed from inside this function by ldap_set_rebind_proc() */
+ case LDAP_OPT_REBIND_PROC: {
+ lo->ldo_rebind_proc = (LDAP_REBIND_PROC *)invalue;
+ } return LDAP_OPT_SUCCESS;
+ case LDAP_OPT_REBIND_PARAMS: {
+ lo->ldo_rebind_params = (void *)invalue;
+ } return LDAP_OPT_SUCCESS;
+
+ /* Only accessed from inside this function by ldap_set_nextref_proc() */
+ case LDAP_OPT_NEXTREF_PROC: {
+ lo->ldo_nextref_proc = (LDAP_NEXTREF_PROC *)invalue;
+ } return LDAP_OPT_SUCCESS;
+ case LDAP_OPT_NEXTREF_PARAMS: {
+ lo->ldo_nextref_params = (void *)invalue;
+ } return LDAP_OPT_SUCCESS;
+ }
+
+ if(invalue == NULL) {
+ /* no place to set from */
+ return LDAP_OPT_ERROR;
+ }
+
+ /* options which cannot withstand invalue == NULL */
+
+ switch(option) {
+ case LDAP_OPT_API_INFO:
+ case LDAP_OPT_DESC:
+ /* READ ONLY */
+ break;
+
+ case LDAP_OPT_DEREF:
+ lo->ldo_deref = * (const int *) invalue;
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_SIZELIMIT:
+ lo->ldo_sizelimit = * (const int *) invalue;
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_TIMELIMIT:
+ lo->ldo_timelimit = * (const int *) invalue;
+ return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_PROTOCOL_VERSION: {
+ int vers = * (const int *) invalue;
+ if (vers < LDAP_VERSION_MIN || vers > LDAP_VERSION_MAX) {
+ /* not supported */
+ break;
+ }
+ lo->ldo_version = vers;
+ } return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_ERROR_NUMBER: {
+ int err = * (const int *) invalue;
+
+ if(ld == NULL) {
+ /* need a struct ldap */
+ break;
+ }
+
+ ld->ld_errno = err;
+ } return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_ERROR_STRING: {
+ const char *err = (const char *) invalue;
+
+ if(ld == NULL) {
+ /* need a struct ldap */
+ break;
+ }
+
+ if( ld->ld_error ) {
+ LDAP_FREE(ld->ld_error);
+ ld->ld_error = NULL;
+ }
+
+ if ( err ) {
+ ld->ld_error = LDAP_STRDUP(err);
+ }
+ } return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_MATCHED_DN: {
+ const char *matched = (const char *) invalue;
+
+ if (ld == NULL) {
+ /* need a struct ldap */
+ break;
+ }
+
+ if( ld->ld_matched ) {
+ LDAP_FREE(ld->ld_matched);
+ ld->ld_matched = NULL;
+ }
+
+ if ( matched ) {
+ ld->ld_matched = LDAP_STRDUP( matched );
+ }
+ } return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_REFERRAL_URLS: {
+ char *const *referrals = (char *const *) invalue;
+
+ if(ld == NULL) {
+ /* need a struct ldap */
+ break;
+ }
+
+ if( ld->ld_referrals ) {
+ LDAP_VFREE(ld->ld_referrals);
+ }
+
+ ld->ld_referrals = ldap_value_dup(referrals);
+ } return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_API_FEATURE_INFO:
+ /* read-only */
+ break;
+
+ case LDAP_OPT_DEBUG_LEVEL:
+ lo->ldo_debug = * (const int *) invalue;
+ return LDAP_OPT_SUCCESS;
+
+ default:
+#ifdef HAVE_TLS
+ if ( ldap_pvt_tls_set_option( ld, option, (void *)invalue ) == 0 )
+ return LDAP_OPT_SUCCESS;
+#endif
+#ifdef HAVE_CYRUS_SASL
+ if ( ldap_int_sasl_set_option( ld, option, (void *)invalue ) == 0 )
+ return LDAP_OPT_SUCCESS;
+#endif
+ /* bad param */
+ break;
+ }
+ return LDAP_OPT_ERROR;
+}
+
+int
+ldap_set_rebind_proc( LDAP *ld, LDAP_REBIND_PROC *proc, void *params )
+{
+ int rc;
+ rc = ldap_set_option( ld, LDAP_OPT_REBIND_PROC, (void *)proc );
+ if( rc != LDAP_OPT_SUCCESS ) return rc;
+
+ rc = ldap_set_option( ld, LDAP_OPT_REBIND_PARAMS, (void *)params );
+ return rc;
+}
+
+int
+ldap_set_nextref_proc( LDAP *ld, LDAP_NEXTREF_PROC *proc, void *params )
+{
+ int rc;
+ rc = ldap_set_option( ld, LDAP_OPT_NEXTREF_PROC, (void *)proc );
+ if( rc != LDAP_OPT_SUCCESS ) return rc;
+
+ rc = ldap_set_option( ld, LDAP_OPT_NEXTREF_PARAMS, (void *)params );
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/os-ip.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/os-ip.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/os-ip.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,942 @@
+/* os-ip.c -- platform-specific TCP & UDP related code */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/os-ip.c,v 1.108.2.13 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Lars Uffmann.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/* Significant additional contributors include:
+ * Lars Uffman
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif /* HAVE_IO_H */
+
+#include "ldap-int.h"
+
+#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
+# ifdef LDAP_PF_INET6
+int ldap_int_inet4or6 = AF_UNSPEC;
+# else
+int ldap_int_inet4or6 = AF_INET;
+# endif
+#endif
+
+#ifdef LDAP_DEBUG
+
+#define osip_debug(ld,fmt,arg1,arg2,arg3) \
+do { \
+ ldap_log_printf(NULL, LDAP_DEBUG_TRACE, fmt, arg1, arg2, arg3); \
+} while(0)
+
+#else
+
+#define osip_debug(ld,fmt,arg1,arg2,arg3) ((void)0)
+
+#endif /* LDAP_DEBUG */
+
+static void
+ldap_pvt_set_errno(int err)
+{
+ sock_errset(err);
+}
+
+int
+ldap_int_timeval_dup( struct timeval **dest, const struct timeval *src )
+{
+ struct timeval *new;
+
+ assert( dest != NULL );
+
+ if (src == NULL) {
+ *dest = NULL;
+ return 0;
+ }
+
+ new = (struct timeval *) LDAP_MALLOC(sizeof(struct timeval));
+
+ if( new == NULL ) {
+ *dest = NULL;
+ return 1;
+ }
+
+ AC_MEMCPY( (char *) new, (const char *) src, sizeof(struct timeval));
+
+ *dest = new;
+ return 0;
+}
+
+static int
+ldap_pvt_ndelay_on(LDAP *ld, int fd)
+{
+ osip_debug(ld, "ldap_ndelay_on: %d\n",fd,0,0);
+ return ber_pvt_socket_set_nonblock( fd, 1 );
+}
+
+static int
+ldap_pvt_ndelay_off(LDAP *ld, int fd)
+{
+ osip_debug(ld, "ldap_ndelay_off: %d\n",fd,0,0);
+ return ber_pvt_socket_set_nonblock( fd, 0 );
+}
+
+static ber_socket_t
+ldap_int_socket(LDAP *ld, int family, int type )
+{
+ ber_socket_t s = socket(family, type, 0);
+ osip_debug(ld, "ldap_new_socket: %d\n",s,0,0);
+ return ( s );
+}
+
+static int
+ldap_pvt_close_socket(LDAP *ld, int s)
+{
+ osip_debug(ld, "ldap_close_socket: %d\n",s,0,0);
+ return tcp_close(s);
+}
+
+static int
+ldap_int_prepare_socket(LDAP *ld, int s, int proto )
+{
+ osip_debug( ld, "ldap_prepare_socket: %d\n", s, 0, 0 );
+
+#if defined( SO_KEEPALIVE ) || defined( TCP_NODELAY )
+ if ( proto == LDAP_PROTO_TCP ) {
+ int dummy = 1;
+#ifdef SO_KEEPALIVE
+ if ( setsockopt( s, SOL_SOCKET, SO_KEEPALIVE,
+ (char*) &dummy, sizeof(dummy) ) == AC_SOCKET_ERROR )
+ {
+ osip_debug( ld, "ldap_prepare_socket: "
+ "setsockopt(%d, SO_KEEPALIVE) failed (ignored).\n",
+ s, 0, 0 );
+ }
+#endif /* SO_KEEPALIVE */
+#ifdef TCP_NODELAY
+ if ( setsockopt( s, IPPROTO_TCP, TCP_NODELAY,
+ (char*) &dummy, sizeof(dummy) ) == AC_SOCKET_ERROR )
+ {
+ osip_debug( ld, "ldap_prepare_socket: "
+ "setsockopt(%d, TCP_NODELAY) failed (ignored).\n",
+ s, 0, 0 );
+ }
+#endif /* TCP_NODELAY */
+ }
+#endif /* SO_KEEPALIVE || TCP_NODELAY */
+
+ return 0;
+}
+
+#ifndef HAVE_WINSOCK
+
+#undef TRACE
+#define TRACE do { \
+ osip_debug(ld, \
+ "ldap_is_socket_ready: error on socket %d: errno: %d (%s)\n", \
+ s, \
+ errno, \
+ sock_errstr(errno) ); \
+} while( 0 )
+
+/*
+ * check the socket for errors after select returned.
+ */
+static int
+ldap_pvt_is_socket_ready(LDAP *ld, int s)
+{
+ osip_debug(ld, "ldap_is_sock_ready: %d\n",s,0,0);
+
+#if defined( notyet ) /* && defined( SO_ERROR ) */
+{
+ int so_errno;
+ socklen_t dummy = sizeof(so_errno);
+ if ( getsockopt( s, SOL_SOCKET, SO_ERROR, &so_errno, &dummy )
+ == AC_SOCKET_ERROR )
+ {
+ return -1;
+ }
+ if ( so_errno ) {
+ ldap_pvt_set_errno(so_errno);
+ TRACE;
+ return -1;
+ }
+ return 0;
+}
+#else
+{
+ /* error slippery */
+#ifdef LDAP_PF_INET6
+ struct sockaddr_storage sin;
+#else
+ struct sockaddr_in sin;
+#endif
+ char ch;
+ socklen_t dummy = sizeof(sin);
+ if ( getpeername( s, (struct sockaddr *) &sin, &dummy )
+ == AC_SOCKET_ERROR )
+ {
+ /* XXX: needs to be replace with ber_stream_read() */
+ read(s, &ch, 1);
+ TRACE;
+ return -1;
+ }
+ return 0;
+}
+#endif
+ return -1;
+}
+#undef TRACE
+
+#endif /* HAVE_WINSOCK */
+
+static int
+ldap_pvt_connect(LDAP *ld, ber_socket_t s,
+ struct sockaddr *sin, socklen_t addrlen,
+ int async)
+{
+ int rc, err;
+ struct timeval tv = { 0 },
+ *opt_tv = NULL;
+
+#ifdef LDAP_CONNECTIONLESS
+ /* We could do a connect() but that would interfere with
+ * attempts to poll a broadcast address
+ */
+ if (LDAP_IS_UDP(ld)) {
+ if (ld->ld_options.ldo_peer)
+ ldap_memfree(ld->ld_options.ldo_peer);
+ ld->ld_options.ldo_peer=ldap_memalloc(sizeof(struct sockaddr));
+ AC_MEMCPY(ld->ld_options.ldo_peer,sin,sizeof(struct sockaddr));
+ return ( 0 );
+ }
+#endif
+ opt_tv = ld->ld_options.ldo_tm_net;
+ if ( opt_tv != NULL ) {
+ tv = *opt_tv;
+ }
+
+ osip_debug(ld, "ldap_connect_timeout: fd: %d tm: %ld async: %d\n",
+ s, opt_tv ? tv.tv_sec : -1L, async);
+
+ if ( opt_tv && ldap_pvt_ndelay_on(ld, s) == -1 )
+ return ( -1 );
+
+ if ( connect(s, sin, addrlen) != AC_SOCKET_ERROR ) {
+ if ( opt_tv && ldap_pvt_ndelay_off(ld, s) == -1 )
+ return ( -1 );
+ return ( 0 );
+ }
+
+ err = sock_errno();
+ if ( err != EINPROGRESS && err != EWOULDBLOCK ) {
+ return ( -1 );
+ }
+
+#ifdef notyet
+ if ( async ) return ( -2 );
+#endif
+
+#ifdef HAVE_POLL
+ {
+ struct pollfd fd;
+ int timeout = INFTIM;
+
+ if( opt_tv != NULL ) timeout = TV2MILLISEC( &tv );
+
+ fd.fd = s;
+ fd.events = POLL_WRITE;
+
+ do {
+ fd.revents = 0;
+ rc = poll( &fd, 1, timeout );
+ } while( rc == AC_SOCKET_ERROR && errno == EINTR &&
+ LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_RESTART ));
+
+ if( rc == AC_SOCKET_ERROR ) return rc;
+
+ if( fd.revents & POLL_WRITE ) {
+ if ( ldap_pvt_is_socket_ready(ld, s) == -1 ) return -1;
+ if ( ldap_pvt_ndelay_off(ld, s) == -1 ) return -1;
+ return ( 0 );
+ }
+ }
+#else
+ {
+ fd_set wfds, *z=NULL;
+#ifdef HAVE_WINSOCK
+ fd_set efds;
+#endif
+
+#if defined( FD_SETSIZE ) && !defined( HAVE_WINSOCK )
+ if ( s >= FD_SETSIZE ) {
+ rc = AC_SOCKET_ERROR;
+ tcp_close( s );
+ ldap_pvt_set_errno( EMFILE );
+ return rc;
+ }
+#endif
+
+ do {
+ FD_ZERO(&wfds);
+ FD_SET(s, &wfds );
+
+#ifdef HAVE_WINSOCK
+ FD_ZERO(&efds);
+ FD_SET(s, &efds );
+#endif
+
+ rc = select(ldap_int_tblsize, z, &wfds,
+#ifdef HAVE_WINSOCK
+ &efds,
+#else
+ z,
+#endif
+ opt_tv ? &tv : NULL);
+ } while( rc == AC_SOCKET_ERROR && errno == EINTR &&
+ LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_RESTART ));
+
+ if( rc == AC_SOCKET_ERROR ) return rc;
+
+#ifdef HAVE_WINSOCK
+ /* This means the connection failed */
+ if ( FD_ISSET(s, &efds) ) {
+ int so_errno;
+ int dummy = sizeof(so_errno);
+ if ( getsockopt( s, SOL_SOCKET, SO_ERROR,
+ (char *) &so_errno, &dummy ) == AC_SOCKET_ERROR || !so_errno )
+ {
+ /* impossible */
+ so_errno = WSAGetLastError();
+ }
+ ldap_pvt_set_errno(so_errno);
+ osip_debug(ld, "ldap_pvt_connect: error on socket %d: "
+ "errno: %d (%s)\n", s, errno, sock_errstr(errno));
+ return -1;
+ }
+#endif
+ if ( FD_ISSET(s, &wfds) ) {
+#ifndef HAVE_WINSOCK
+ if ( ldap_pvt_is_socket_ready(ld, s) == -1 ) return -1;
+#endif
+ if ( ldap_pvt_ndelay_off(ld, s) == -1 ) return -1;
+ return 0;
+ }
+ }
+#endif
+
+ osip_debug(ld, "ldap_connect_timeout: timed out\n",0,0,0);
+ ldap_pvt_set_errno( ETIMEDOUT );
+ return -1;
+}
+
+#ifndef HAVE_INET_ATON
+int
+ldap_pvt_inet_aton( const char *host, struct in_addr *in)
+{
+ unsigned long u = inet_addr( host );
+
+#ifdef INADDR_NONE
+ if ( u == INADDR_NONE ) return 0;
+#endif
+ if ( u == 0xffffffffUL || u == (unsigned long) -1L ) return 0;
+
+ in->s_addr = u;
+ return 1;
+}
+#endif
+
+
+int
+ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
+ int proto,
+ const char *host, int port,
+ int async )
+{
+ int rc;
+ int socktype;
+ ber_socket_t s = AC_SOCKET_INVALID;
+
+#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
+ char serv[7];
+ int err;
+ struct addrinfo hints, *res, *sai;
+#else
+ int i;
+ int use_hp = 0;
+ struct hostent *hp = NULL;
+ struct hostent he_buf;
+ struct in_addr in;
+ char *ha_buf=NULL;
+#endif
+
+ if( host == NULL ) host = "localhost";
+
+ switch(proto) {
+ case LDAP_PROTO_TCP: socktype = SOCK_STREAM;
+ osip_debug( ld,
+ "ldap_connect_to_host: TCP %s:%d\n",
+ host, port, 0);
+ break;
+ case LDAP_PROTO_UDP: socktype = SOCK_DGRAM;
+ osip_debug( ld,
+ "ldap_connect_to_host: UDP %s:%d\n",
+ host, port, 0);
+ break;
+ default:
+ osip_debug( ld, "ldap_connect_to_host: unknown proto: %d\n",
+ proto, 0, 0 );
+ return -1;
+ }
+
+#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
+ memset( &hints, '\0', sizeof(hints) );
+#ifdef USE_AI_ATTRCONFIG /* FIXME: configure test needed */
+ /* Use AI_ATTRCONFIG only on systems where its known to be needed. */
+ hints.ai_flags = AI_ATTRCONFIG;
+#endif
+ hints.ai_family = ldap_int_inet4or6;
+ hints.ai_socktype = socktype;
+ snprintf(serv, sizeof serv, "%d", port );
+
+#ifdef LDAP_R_COMPILE
+ /* most getaddrinfo(3) use non-threadsafe resolver libraries */
+ ldap_pvt_thread_mutex_lock(&ldap_int_resolv_mutex);
+#endif
+
+ err = getaddrinfo( host, serv, &hints, &res );
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock(&ldap_int_resolv_mutex);
+#endif
+
+ if ( err != 0 ) {
+ osip_debug(ld, "ldap_connect_to_host: getaddrinfo failed: %s\n",
+ AC_GAI_STRERROR(err), 0, 0);
+ return -1;
+ }
+ rc = -1;
+
+ for( sai=res; sai != NULL; sai=sai->ai_next) {
+ if( sai->ai_addr == NULL ) {
+ osip_debug(ld, "ldap_connect_to_host: getaddrinfo "
+ "ai_addr is NULL?\n", 0, 0, 0);
+ continue;
+ }
+
+ /* we assume AF_x and PF_x are equal for all x */
+ s = ldap_int_socket( ld, sai->ai_family, socktype );
+ if ( s == AC_SOCKET_INVALID ) {
+ continue;
+ }
+
+ if ( ldap_int_prepare_socket(ld, s, proto ) == -1 ) {
+ ldap_pvt_close_socket(ld, s);
+ break;
+ }
+
+ switch (sai->ai_family) {
+#ifdef LDAP_PF_INET6
+ case AF_INET6: {
+ char addr[INET6_ADDRSTRLEN];
+ inet_ntop( AF_INET6,
+ &((struct sockaddr_in6 *)sai->ai_addr)->sin6_addr,
+ addr, sizeof addr);
+ osip_debug(ld, "ldap_connect_to_host: Trying %s %s\n",
+ addr, serv, 0);
+ } break;
+#endif
+ case AF_INET: {
+ char addr[INET_ADDRSTRLEN];
+ inet_ntop( AF_INET,
+ &((struct sockaddr_in *)sai->ai_addr)->sin_addr,
+ addr, sizeof addr);
+ osip_debug(ld, "ldap_connect_to_host: Trying %s:%s\n",
+ addr, serv, 0);
+ } break;
+ }
+
+ rc = ldap_pvt_connect( ld, s,
+ sai->ai_addr, sai->ai_addrlen, async );
+ if ( (rc == 0) || (rc == -2) ) {
+ ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, &s );
+ break;
+ }
+ ldap_pvt_close_socket(ld, s);
+ }
+ freeaddrinfo(res);
+
+#else
+ if (! inet_aton( host, &in ) ) {
+ int local_h_errno;
+ rc = ldap_pvt_gethostbyname_a( host, &he_buf, &ha_buf,
+ &hp, &local_h_errno );
+
+ if ( (rc < 0) || (hp == NULL) ) {
+#ifdef HAVE_WINSOCK
+ ldap_pvt_set_errno( WSAGetLastError() );
+#else
+ /* not exactly right, but... */
+ ldap_pvt_set_errno( EHOSTUNREACH );
+#endif
+ if (ha_buf) LDAP_FREE(ha_buf);
+ return -1;
+ }
+
+ use_hp = 1;
+ }
+
+ rc = s = -1;
+ for ( i = 0; !use_hp || (hp->h_addr_list[i] != 0); ++i, rc = -1 ) {
+ struct sockaddr_in sin;
+
+ s = ldap_int_socket( ld, PF_INET, socktype );
+ if ( s == AC_SOCKET_INVALID ) {
+ /* use_hp ? continue : break; */
+ break;
+ }
+
+ if ( ldap_int_prepare_socket( ld, s, proto ) == -1 ) {
+ ldap_pvt_close_socket(ld, s);
+ break;
+ }
+
+ (void)memset((char *)&sin, '\0', sizeof sin);
+ sin.sin_family = AF_INET;
+ sin.sin_port = htons((short) port);
+
+ if( use_hp ) {
+ AC_MEMCPY( &sin.sin_addr, hp->h_addr_list[i],
+ sizeof(sin.sin_addr) );
+ } else {
+ AC_MEMCPY( &sin.sin_addr, &in.s_addr,
+ sizeof(sin.sin_addr) );
+ }
+
+#ifdef HAVE_INET_NTOA_B
+ {
+ /* for VxWorks */
+ char address[INET_ADDR_LEN];
+ inet_ntoa_b(sin.sin_address, address);
+ osip_debug(ld, "ldap_connect_to_host: Trying %s:%d\n",
+ address, port, 0);
+ }
+#else
+ osip_debug(ld, "ldap_connect_to_host: Trying %s:%d\n",
+ inet_ntoa(sin.sin_addr), port, 0);
+#endif
+
+ rc = ldap_pvt_connect(ld, s,
+ (struct sockaddr *)&sin, sizeof(sin),
+ async);
+
+ if ( (rc == 0) || (rc == -2) ) {
+ ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, &s );
+ break;
+ }
+
+ ldap_pvt_close_socket(ld, s);
+
+ if (!use_hp) break;
+ }
+ if (ha_buf) LDAP_FREE(ha_buf);
+#endif
+
+ return rc;
+}
+
+#if defined( LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND ) || \
+ defined( HAVE_CYRUS_SASL )
+char *
+ldap_host_connected_to( Sockbuf *sb, const char *host )
+{
+ socklen_t len;
+#ifdef LDAP_PF_INET6
+ struct sockaddr_storage sabuf;
+#else
+ struct sockaddr sabuf;
+#endif
+ struct sockaddr *sa = (struct sockaddr *) &sabuf;
+ ber_socket_t sd;
+
+ (void)memset( (char *)sa, '\0', sizeof sabuf );
+ len = sizeof sabuf;
+
+ ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd );
+ if ( getpeername( sd, sa, &len ) == -1 ) {
+ return( NULL );
+ }
+
+ /*
+ * do a reverse lookup on the addr to get the official hostname.
+ * this is necessary for kerberos to work right, since the official
+ * hostname is used as the kerberos instance.
+ */
+
+ switch (sa->sa_family) {
+#ifdef LDAP_PF_LOCAL
+ case AF_LOCAL:
+ return LDAP_STRDUP( ldap_int_hostname );
+#endif
+#ifdef LDAP_PF_INET6
+ case AF_INET6:
+ {
+ struct in6_addr localhost = IN6ADDR_LOOPBACK_INIT;
+ if( memcmp ( &((struct sockaddr_in6 *)sa)->sin6_addr,
+ &localhost, sizeof(localhost)) == 0 )
+ {
+ return LDAP_STRDUP( ldap_int_hostname );
+ }
+ }
+ break;
+#endif
+ case AF_INET:
+ {
+ struct in_addr localhost;
+ localhost.s_addr = htonl( INADDR_ANY );
+
+ if( memcmp ( &((struct sockaddr_in *)sa)->sin_addr,
+ &localhost, sizeof(localhost) ) == 0 )
+ {
+ return LDAP_STRDUP( ldap_int_hostname );
+ }
+
+#ifdef INADDR_LOOPBACK
+ localhost.s_addr = htonl( INADDR_LOOPBACK );
+
+ if( memcmp ( &((struct sockaddr_in *)sa)->sin_addr,
+ &localhost, sizeof(localhost) ) == 0 )
+ {
+ return LDAP_STRDUP( ldap_int_hostname );
+ }
+#endif
+ }
+ break;
+
+ default:
+ return( NULL );
+ break;
+ }
+
+ {
+ char *herr;
+#ifdef NI_MAXHOST
+ char hbuf[NI_MAXHOST];
+#elif defined( MAXHOSTNAMELEN
+ char hbuf[MAXHOSTNAMELEN];
+#else
+ char hbuf[256];
+#endif
+ hbuf[0] = 0;
+
+ if (ldap_pvt_get_hname( sa, len, hbuf, sizeof(hbuf), &herr ) == 0
+ && hbuf[0] )
+ {
+ return LDAP_STRDUP( hbuf );
+ }
+ }
+
+ return host ? LDAP_STRDUP( host ) : NULL;
+}
+#endif
+
+
+struct selectinfo {
+#ifdef HAVE_POLL
+ /* for UNIX poll(2) */
+ int si_maxfd;
+ struct pollfd si_fds[FD_SETSIZE];
+#else
+ /* for UNIX select(2) */
+ fd_set si_readfds;
+ fd_set si_writefds;
+ fd_set si_use_readfds;
+ fd_set si_use_writefds;
+#endif
+};
+
+void
+ldap_mark_select_write( LDAP *ld, Sockbuf *sb )
+{
+ struct selectinfo *sip;
+ ber_socket_t sd;
+
+ sip = (struct selectinfo *)ld->ld_selectinfo;
+
+ ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd );
+
+#ifdef HAVE_POLL
+ /* for UNIX poll(2) */
+ {
+ int empty=-1;
+ int i;
+ for(i=0; i < sip->si_maxfd; i++) {
+ if( sip->si_fds[i].fd == sd ) {
+ sip->si_fds[i].events |= POLL_WRITE;
+ return;
+ }
+ if( empty==-1 && sip->si_fds[i].fd == -1 ) {
+ empty=i;
+ }
+ }
+
+ if( empty == -1 ) {
+ if( sip->si_maxfd >= FD_SETSIZE ) {
+ /* FIXME */
+ return;
+ }
+ empty = sip->si_maxfd++;
+ }
+
+ sip->si_fds[empty].fd = sd;
+ sip->si_fds[empty].events = POLL_WRITE;
+ }
+#else
+ /* for UNIX select(2) */
+ if ( !FD_ISSET( sd, &sip->si_writefds )) {
+ FD_SET( sd, &sip->si_writefds );
+ }
+#endif
+}
+
+
+void
+ldap_mark_select_read( LDAP *ld, Sockbuf *sb )
+{
+ struct selectinfo *sip;
+ ber_socket_t sd;
+
+ sip = (struct selectinfo *)ld->ld_selectinfo;
+
+ ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd );
+
+#ifdef HAVE_POLL
+ /* for UNIX poll(2) */
+ {
+ int empty=-1;
+ int i;
+ for(i=0; i < sip->si_maxfd; i++) {
+ if( sip->si_fds[i].fd == sd ) {
+ sip->si_fds[i].events |= POLL_READ;
+ return;
+ }
+ if( empty==-1 && sip->si_fds[i].fd == -1 ) {
+ empty=i;
+ }
+ }
+
+ if( empty == -1 ) {
+ if( sip->si_maxfd >= FD_SETSIZE ) {
+ /* FIXME */
+ return;
+ }
+ empty = sip->si_maxfd++;
+ }
+
+ sip->si_fds[empty].fd = sd;
+ sip->si_fds[empty].events = POLL_READ;
+ }
+#else
+ /* for UNIX select(2) */
+ if ( !FD_ISSET( sd, &sip->si_readfds )) {
+ FD_SET( sd, &sip->si_readfds );
+ }
+#endif
+}
+
+
+void
+ldap_mark_select_clear( LDAP *ld, Sockbuf *sb )
+{
+ struct selectinfo *sip;
+ ber_socket_t sd;
+
+ sip = (struct selectinfo *)ld->ld_selectinfo;
+
+ ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd );
+
+#ifdef HAVE_POLL
+ /* for UNIX poll(2) */
+ {
+ int i;
+ for(i=0; i < sip->si_maxfd; i++) {
+ if( sip->si_fds[i].fd == sd ) {
+ sip->si_fds[i].fd = -1;
+ }
+ }
+ }
+#else
+ /* for UNIX select(2) */
+ FD_CLR( sd, &sip->si_writefds );
+ FD_CLR( sd, &sip->si_readfds );
+#endif
+}
+
+
+int
+ldap_is_write_ready( LDAP *ld, Sockbuf *sb )
+{
+ struct selectinfo *sip;
+ ber_socket_t sd;
+
+ sip = (struct selectinfo *)ld->ld_selectinfo;
+
+ ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd );
+
+#ifdef HAVE_POLL
+ /* for UNIX poll(2) */
+ {
+ int i;
+ for(i=0; i < sip->si_maxfd; i++) {
+ if( sip->si_fds[i].fd == sd ) {
+ return sip->si_fds[i].revents & POLL_WRITE;
+ }
+ }
+
+ return 0;
+ }
+#else
+ /* for UNIX select(2) */
+ return( FD_ISSET( sd, &sip->si_use_writefds ));
+#endif
+}
+
+
+int
+ldap_is_read_ready( LDAP *ld, Sockbuf *sb )
+{
+ struct selectinfo *sip;
+ ber_socket_t sd;
+
+ sip = (struct selectinfo *)ld->ld_selectinfo;
+
+ ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd );
+
+#ifdef HAVE_POLL
+ /* for UNIX poll(2) */
+ {
+ int i;
+ for(i=0; i < sip->si_maxfd; i++) {
+ if( sip->si_fds[i].fd == sd ) {
+ return sip->si_fds[i].revents & POLL_READ;
+ }
+ }
+
+ return 0;
+ }
+#else
+ /* for UNIX select(2) */
+ return( FD_ISSET( sd, &sip->si_use_readfds ));
+#endif
+}
+
+
+void *
+ldap_new_select_info( void )
+{
+ struct selectinfo *sip;
+
+ sip = (struct selectinfo *)LDAP_CALLOC( 1, sizeof( struct selectinfo ));
+
+ if ( sip == NULL ) return NULL;
+
+#ifdef HAVE_POLL
+ /* for UNIX poll(2) */
+ /* sip->si_maxfd=0 */
+#else
+ /* for UNIX select(2) */
+ FD_ZERO( &sip->si_readfds );
+ FD_ZERO( &sip->si_writefds );
+#endif
+
+ return( (void *)sip );
+}
+
+
+void
+ldap_free_select_info( void *sip )
+{
+ LDAP_FREE( sip );
+}
+
+
+#ifndef HAVE_POLL
+int ldap_int_tblsize = 0;
+
+void
+ldap_int_ip_init( void )
+{
+#if defined( HAVE_SYSCONF )
+ long tblsize = sysconf( _SC_OPEN_MAX );
+ if( tblsize > INT_MAX ) tblsize = INT_MAX;
+
+#elif defined( HAVE_GETDTABLESIZE )
+ int tblsize = getdtablesize();
+#else
+ int tblsize = FD_SETSIZE;
+#endif /* !USE_SYSCONF */
+
+#ifdef FD_SETSIZE
+ if( tblsize > FD_SETSIZE ) tblsize = FD_SETSIZE;
+#endif /* FD_SETSIZE */
+
+ ldap_int_tblsize = tblsize;
+}
+#endif
+
+
+int
+ldap_int_select( LDAP *ld, struct timeval *timeout )
+{
+ int rc;
+ struct selectinfo *sip;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_int_select\n", 0, 0, 0 );
+
+#ifndef HAVE_POLL
+ if ( ldap_int_tblsize == 0 ) ldap_int_ip_init();
+#endif
+
+ sip = (struct selectinfo *)ld->ld_selectinfo;
+ assert( sip != NULL );
+
+#ifdef HAVE_POLL
+ {
+ int to = timeout ? TV2MILLISEC( timeout ) : INFTIM;
+ rc = poll( sip->si_fds, sip->si_maxfd, to );
+ }
+#else
+ sip->si_use_readfds = sip->si_readfds;
+ sip->si_use_writefds = sip->si_writefds;
+
+ rc = select( ldap_int_tblsize,
+ &sip->si_use_readfds, &sip->si_use_writefds,
+ NULL, timeout );
+#endif
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/os-local.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/os-local.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/os-local.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,358 @@
+/* os-local.c -- platform-specific domain socket code */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/os-local.c,v 1.37.2.8 2007/04/04 21:56:13 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/* Portions (C) Copyright PADL Software Pty Ltd. 1999
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that this notice is preserved
+ * and that due credit is given to PADL Software Pty Ltd. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#ifdef LDAP_PF_LOCAL
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif
+
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif /* HAVE_IO_H */
+
+#include "ldap-int.h"
+#include "ldap_defaults.h"
+
+#ifdef LDAP_DEBUG
+
+#define oslocal_debug(ld,fmt,arg1,arg2,arg3) \
+do { \
+ ldap_log_printf(ld, LDAP_DEBUG_TRACE, fmt, arg1, arg2, arg3); \
+} while(0)
+
+#else
+
+#define oslocal_debug(ld,fmt,arg1,arg2,arg3) ((void)0)
+
+#endif /* LDAP_DEBUG */
+
+static void
+ldap_pvt_set_errno(int err)
+{
+ errno = err;
+}
+
+static int
+ldap_pvt_ndelay_on(LDAP *ld, int fd)
+{
+ oslocal_debug(ld, "ldap_ndelay_on: %d\n",fd,0,0);
+ return ber_pvt_socket_set_nonblock( fd, 1 );
+}
+
+static int
+ldap_pvt_ndelay_off(LDAP *ld, int fd)
+{
+ oslocal_debug(ld, "ldap_ndelay_off: %d\n",fd,0,0);
+ return ber_pvt_socket_set_nonblock( fd, 0 );
+}
+
+static ber_socket_t
+ldap_pvt_socket(LDAP *ld)
+{
+ ber_socket_t s = socket(PF_LOCAL, SOCK_STREAM, 0);
+ oslocal_debug(ld, "ldap_new_socket: %d\n",s,0,0);
+ return ( s );
+}
+
+static int
+ldap_pvt_close_socket(LDAP *ld, int s)
+{
+ oslocal_debug(ld, "ldap_close_socket: %d\n",s,0,0);
+ return tcp_close(s);
+}
+
+#undef TRACE
+#define TRACE do { \
+ char ebuf[128]; \
+ oslocal_debug(ld, \
+ "ldap_is_socket_ready: errror on socket %d: errno: %d (%s)\n", \
+ s, \
+ errno, \
+ AC_STRERROR_R(errno, ebuf, sizeof ebuf)); \
+} while( 0 )
+
+/*
+ * check the socket for errors after select returned.
+ */
+static int
+ldap_pvt_is_socket_ready(LDAP *ld, int s)
+{
+ oslocal_debug(ld, "ldap_is_sock_ready: %d\n",s,0,0);
+
+#if defined( notyet ) /* && defined( SO_ERROR ) */
+{
+ int so_errno;
+ socklen_t dummy = sizeof(so_errno);
+ if ( getsockopt( s, SOL_SOCKET, SO_ERROR, &so_errno, &dummy )
+ == AC_SOCKET_ERROR )
+ {
+ return -1;
+ }
+ if ( so_errno ) {
+ ldap_pvt_set_errno(so_errno);
+ TRACE;
+ return -1;
+ }
+ return 0;
+}
+#else
+{
+ /* error slippery */
+ struct sockaddr_un sa;
+ char ch;
+ socklen_t dummy = sizeof(sa);
+ if ( getpeername( s, (struct sockaddr *) &sa, &dummy )
+ == AC_SOCKET_ERROR )
+ {
+ /* XXX: needs to be replace with ber_stream_read() */
+ read(s, &ch, 1);
+ TRACE;
+ return -1;
+ }
+ return 0;
+}
+#endif
+ return -1;
+}
+#undef TRACE
+
+#if !defined(HAVE_GETPEEREID) && \
+ !defined(SO_PEERCRED) && !defined(LOCAL_PEERCRED) && \
+ defined(HAVE_SENDMSG) && (defined(HAVE_STRUCT_MSGHDR_MSG_ACCRIGHTSLEN) || \
+ defined(HAVE_STRUCT_MSGHDR_MSG_CONTROL))
+#define DO_SENDMSG
+static const char abandonPDU[] = {LDAP_TAG_MESSAGE, 6,
+ LDAP_TAG_MSGID, 1, 0, LDAP_REQ_ABANDON, 1, 0};
+#endif
+
+static int
+ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sockaddr_un *sa, int async)
+{
+ int rc;
+ struct timeval tv = { 0 },
+ *opt_tv = NULL;
+
+ opt_tv = ld->ld_options.ldo_tm_net;
+ if ( opt_tv != NULL ) {
+ tv = *opt_tv;
+ }
+
+ oslocal_debug(ld, "ldap_connect_timeout: fd: %d tm: %ld async: %d\n",
+ s, opt_tv ? tv.tv_sec : -1L, async);
+
+ if ( ldap_pvt_ndelay_on(ld, s) == -1 ) return -1;
+
+ if ( connect(s, (struct sockaddr *) sa, sizeof(struct sockaddr_un))
+ != AC_SOCKET_ERROR )
+ {
+ if ( ldap_pvt_ndelay_off(ld, s) == -1 ) return -1;
+
+#ifdef DO_SENDMSG
+ /* Send a dummy message with access rights. Remote side will
+ * obtain our uid/gid by fstat'ing this descriptor.
+ */
+sendcred:
+ {
+#if 0 /* ITS#4893 disable all of this for now */
+ int fds[2];
+ if (pipe(fds) == 0) {
+ /* Abandon, noop, has no reply */
+ struct iovec iov;
+ struct msghdr msg = {0};
+# ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+# ifndef CMSG_SPACE
+# define CMSG_SPACE(len) (_CMSG_ALIGN( sizeof(struct cmsghdr)) + _CMSG_ALIGN(len) )
+# endif
+# ifndef CMSG_LEN
+# define CMSG_LEN(len) (_CMSG_ALIGN( sizeof(struct cmsghdr)) + (len) )
+# endif
+ union {
+ struct cmsghdr cm;
+ unsigned char control[CMSG_SPACE(sizeof(int))];
+ } control_un;
+ struct cmsghdr *cmsg;
+# endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+ msg.msg_name = NULL;
+ msg.msg_namelen = 0;
+ iov.iov_base = (char *) abandonPDU;
+ iov.iov_len = sizeof abandonPDU;
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+# ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ msg.msg_control = control_un.control;
+ msg.msg_controllen = sizeof( control_un.control );
+ msg.msg_flags = 0;
+
+ cmsg = CMSG_FIRSTHDR( &msg );
+ cmsg->cmsg_len = CMSG_LEN( sizeof(int) );
+ cmsg->cmsg_level = SOL_SOCKET;
+ cmsg->cmsg_type = SCM_RIGHTS;
+
+ *((int *)CMSG_DATA(cmsg)) = fds[0];
+# else
+ msg.msg_accrights = (char *)fds;
+ msg.msg_accrightslen = sizeof(int);
+# endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+ sendmsg( s, &msg, 0 );
+ close(fds[0]);
+ close(fds[1]);
+ }
+# else
+ write( s, abandonPDU, sizeof( abandonPDU ));
+#endif /* ITS#4893 */
+ }
+#endif
+ return 0;
+ }
+
+ if ( errno != EINPROGRESS && errno != EWOULDBLOCK ) return -1;
+
+#ifdef notyet
+ if ( async ) return -2;
+#endif
+
+#ifdef HAVE_POLL
+ {
+ struct pollfd fd;
+ int timeout = INFTIM;
+
+ if( opt_tv != NULL ) timeout = TV2MILLISEC( &tv );
+
+ fd.fd = s;
+ fd.events = POLL_WRITE;
+
+ do {
+ fd.revents = 0;
+ rc = poll( &fd, 1, timeout );
+ } while( rc == AC_SOCKET_ERROR && errno == EINTR &&
+ LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_RESTART ));
+
+ if( rc == AC_SOCKET_ERROR ) return rc;
+
+ if( fd.revents & POLL_WRITE ) {
+ if ( ldap_pvt_is_socket_ready(ld, s) == -1 ) return -1;
+ if ( ldap_pvt_ndelay_off(ld, s) == -1 ) return -1;
+#ifdef DO_SENDMSG
+ goto sendcred;
+#else
+ return ( 0 );
+#endif
+ }
+ }
+#else
+ {
+ fd_set wfds, *z=NULL;
+
+#ifdef FD_SETSIZE
+ if ( s >= FD_SETSIZE ) {
+ rc = AC_SOCKET_ERROR;
+ tcp_close( s );
+ ldap_pvt_set_errno( EMFILE );
+ return rc;
+ }
+#endif
+ do {
+ FD_ZERO(&wfds);
+ FD_SET(s, &wfds );
+ rc = select( ldap_int_tblsize, z, &wfds, z, opt_tv ? &tv : NULL );
+ } while( rc == AC_SOCKET_ERROR && errno == EINTR &&
+ LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_RESTART ));
+
+ if( rc == AC_SOCKET_ERROR ) return rc;
+
+ if ( FD_ISSET(s, &wfds) ) {
+ if ( ldap_pvt_is_socket_ready(ld, s) == -1 ) return -1;
+ if ( ldap_pvt_ndelay_off(ld, s) == -1 ) return -1;
+#ifdef DO_SENDMSG
+ goto sendcred;
+#else
+ return ( 0 );
+#endif
+ }
+ }
+#endif
+
+ oslocal_debug(ld, "ldap_connect_timeout: timed out\n",0,0,0);
+ ldap_pvt_set_errno( ETIMEDOUT );
+ return ( -1 );
+}
+
+int
+ldap_connect_to_path(LDAP *ld, Sockbuf *sb, const char *path, int async)
+{
+ struct sockaddr_un server;
+ ber_socket_t s;
+ int rc;
+
+ oslocal_debug(ld, "ldap_connect_to_path\n",0,0,0);
+
+ s = ldap_pvt_socket( ld );
+ if ( s == AC_SOCKET_INVALID ) {
+ return -1;
+ }
+
+ if ( path == NULL || path[0] == '\0' ) {
+ path = LDAPI_SOCK;
+ } else {
+ if ( strlen(path) > (sizeof( server.sun_path ) - 1) ) {
+ ldap_pvt_set_errno( ENAMETOOLONG );
+ return -1;
+ }
+ }
+
+ oslocal_debug(ld, "ldap_connect_to_path: Trying %s\n", path, 0, 0);
+
+ memset( &server, '\0', sizeof(server) );
+ server.sun_family = AF_LOCAL;
+ strcpy( server.sun_path, path );
+
+ rc = ldap_pvt_connect(ld, s, &server, async);
+
+ if (rc == 0) {
+ ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, (void *)&s );
+ } else {
+ ldap_pvt_close_socket(ld, s);
+ }
+ return rc;
+}
+#else
+static int dummy;
+#endif /* LDAP_PF_LOCAL */
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/passwd.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/passwd.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/passwd.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,170 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/passwd.c,v 1.14.2.3 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This program was orignally developed by Kurt D. Zeilenga for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+/*
+ * LDAP Password Modify (Extended) Operation <RFC 3062>
+ */
+
+int ldap_parse_passwd(
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *newpasswd )
+{
+ int rc;
+ char *retoid = NULL;
+ struct berval *retdata;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( res != NULL );
+ assert( newpasswd != NULL );
+
+ newpasswd->bv_val = NULL;
+ newpasswd->bv_len = 0;
+
+ rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 0 );
+
+ if( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if( retdata != NULL ) {
+ ber_tag_t tag;
+ BerElement *ber = ber_init( retdata );
+
+ if( ber == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ /* we should check the tag */
+ tag = ber_scanf( ber, "{o}", newpasswd );
+ ber_free( ber, 1 );
+
+ if( tag == LBER_ERROR ) {
+ rc = ld->ld_errno = LDAP_DECODING_ERROR;
+ }
+ }
+
+ ber_memfree( retoid );
+ return rc;
+}
+
+int
+ldap_passwd( LDAP *ld,
+ struct berval *user,
+ struct berval *oldpw,
+ struct berval *newpw,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ int rc;
+ struct berval bv = BER_BVNULL;
+ BerElement *ber = NULL;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( msgidp != NULL );
+
+ if( user != NULL || oldpw != NULL || newpw != NULL ) {
+ /* build change password control */
+ ber = ber_alloc_t( LBER_USE_DER );
+
+ if( ber == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ ber_printf( ber, "{" /*}*/ );
+
+ if( user != NULL ) {
+ ber_printf( ber, "tO",
+ LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user );
+ }
+
+ if( oldpw != NULL ) {
+ ber_printf( ber, "tO",
+ LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, oldpw );
+ }
+
+ if( newpw != NULL ) {
+ ber_printf( ber, "tO",
+ LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, newpw );
+ }
+
+ ber_printf( ber, /*{*/ "N}" );
+
+ rc = ber_flatten2( ber, &bv, 0 );
+
+ if( rc < 0 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ return ld->ld_errno;
+ }
+
+ }
+
+ rc = ldap_extended_operation( ld, LDAP_EXOP_MODIFY_PASSWD,
+ bv.bv_val ? &bv : NULL, sctrls, cctrls, msgidp );
+
+ ber_free( ber, 1 );
+
+ return rc;
+}
+
+int
+ldap_passwd_s(
+ LDAP *ld,
+ struct berval *user,
+ struct berval *oldpw,
+ struct berval *newpw,
+ struct berval *newpasswd,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+ int rc;
+ int msgid;
+ LDAPMessage *res;
+
+ rc = ldap_passwd( ld, user, oldpw, newpw, sctrls, cctrls, &msgid );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) {
+ return ld->ld_errno;
+ }
+
+ rc = ldap_parse_passwd( ld, res, newpasswd );
+ if( rc != LDAP_SUCCESS ) {
+ ldap_msgfree( res );
+ return rc;
+ }
+
+ return( ldap_result2error( ld, res, 1 ) );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/ppolicy.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/ppolicy.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/ppolicy.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,217 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ppolicy.c,v 1.3.2.5 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Hewlett-Packard Company.
+ * Portions Copyright 2004 Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was developed by Howard Chu for inclusion in
+ * OpenLDAP Software, based on prior work by Neil Dunbar (HP).
+ * This work was sponsored by the Hewlett-Packard Company.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
+
+/* IMPLICIT TAGS, all context-specific */
+#define PPOLICY_WARNING 0xa0L /* constructed + 0 */
+#define PPOLICY_ERROR 0x81L /* primitive + 1 */
+
+#define PPOLICY_EXPIRE 0x80L /* primitive + 0 */
+#define PPOLICY_GRACE 0x81L /* primitive + 1 */
+
+/*---
+ ldap_create_passwordpolicy_control
+
+ Create and encode the Password Policy Request
+
+ ld (IN) An LDAP session handle, as obtained from a call to
+ ldap_init().
+
+ ctrlp (OUT) A result parameter that will be assigned the address
+ of an LDAPControl structure that contains the
+ passwordPolicyRequest control created by this function.
+ The memory occupied by the LDAPControl structure
+ SHOULD be freed when it is no longer in use by
+ calling ldap_control_free().
+
+
+ There is no control value for a password policy request
+ ---*/
+
+int
+ldap_create_passwordpolicy_control( LDAP *ld,
+ LDAPControl **ctrlp )
+{
+ BerElement *ber;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( ctrlp != NULL );
+
+ if ((ber = ldap_alloc_ber_with_options(ld)) == NULL) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return(LDAP_NO_MEMORY);
+ }
+
+ ld->ld_errno = ldap_create_control( LDAP_CONTROL_PASSWORDPOLICYREQUEST,
+ ber, 0, ctrlp);
+
+ ber_free(ber, 1);
+ return(ld->ld_errno);
+}
+
+
+/*---
+ ldap_parse_passwordpolicy_control
+
+ Decode the passwordPolicyResponse control and return information.
+
+ ld (IN) An LDAP session handle.
+
+ ctrls (IN) The address of an
+ LDAPControl structure, typically obtained
+ by a call to ldap_find_control().
+
+ exptimep (OUT) This result parameter is filled in with the number of seconds before
+ the password will expire, if expiration is imminent
+ (imminency defined by the password policy). If expiration
+ is not imminent, the value is set to -1.
+
+ gracep (OUT) This result parameter is filled in with the number of grace logins after
+ the password has expired, before no further login attempts
+ will be allowed.
+
+ errorcodep (OUT) This result parameter is filled in with the error code of the password operation
+ If no error was detected, this error is set to PP_noError.
+
+ Ber encoding
+
+ PasswordPolicyResponseValue ::= SEQUENCE {
+ warning [0] CHOICE {
+ timeBeforeExpiration [0] INTEGER (0 .. maxInt),
+ graceLoginsRemaining [1] INTEGER (0 .. maxInt) } OPTIONAL
+ error [1] ENUMERATED {
+ passwordExpired (0),
+ accountLocked (1),
+ changeAfterReset (2),
+ passwordModNotAllowed (3),
+ mustSupplyOldPassword (4),
+ invalidPasswordSyntax (5),
+ passwordTooShort (6),
+ passwordTooYoung (7),
+ passwordInHistory (8) } OPTIONAL }
+
+---*/
+
+int
+ldap_parse_passwordpolicy_control(
+ LDAP *ld,
+ LDAPControl *ctrl,
+ int *expirep,
+ int *gracep,
+ LDAPPasswordPolicyError *errorp )
+{
+ BerElement *ber;
+ int exp = -1, grace = -1;
+ ber_tag_t tag;
+ ber_len_t berLen;
+ char *last;
+ int err = PP_noError;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( ctrl != NULL );
+
+ /* Create a BerElement from the berval returned in the control. */
+ ber = ber_init(&ctrl->ldctl_value);
+
+ if (ber == NULL) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return(ld->ld_errno);
+ }
+
+ tag = ber_peek_tag( ber, &berLen );
+ if (tag != LBER_SEQUENCE) goto exit;
+
+ for( tag = ber_first_element( ber, &berLen, &last );
+ tag != LBER_DEFAULT;
+ tag = ber_next_element( ber, &berLen, last ) ) {
+ switch (tag) {
+ case PPOLICY_WARNING:
+ ber_skip_tag(ber, &berLen );
+ tag = ber_peek_tag( ber, &berLen );
+ switch( tag ) {
+ case PPOLICY_EXPIRE:
+ if (ber_get_int( ber, &exp ) == LBER_DEFAULT) goto exit;
+ break;
+ case PPOLICY_GRACE:
+ if (ber_get_int( ber, &grace ) == LBER_DEFAULT) goto exit;
+ break;
+ default:
+ goto exit;
+
+ }
+
+ break;
+ case PPOLICY_ERROR:
+ if (ber_get_enum( ber, &err ) == LBER_DEFAULT) goto exit;
+ break;
+ default:
+ goto exit;
+ }
+ }
+
+ ber_free(ber, 1);
+
+ /* Return data to the caller for items that were requested. */
+ if (expirep) *expirep = exp;
+ if (gracep) *gracep = grace;
+ if (errorp) *errorp = err;
+
+ ld->ld_errno = LDAP_SUCCESS;
+ return(ld->ld_errno);
+
+ exit:
+ ber_free(ber, 1);
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return(ld->ld_errno);
+}
+
+const char *
+ldap_passwordpolicy_err2txt( LDAPPasswordPolicyError err )
+{
+ switch(err) {
+ case PP_passwordExpired: return "Password expired";
+ case PP_accountLocked: return "Account locked";
+ case PP_changeAfterReset: return "Password must be changed";
+ case PP_passwordModNotAllowed: return "Policy prevents password modification";
+ case PP_mustSupplyOldPassword: return "Policy requires old password in order to change password";
+ case PP_insufficientPasswordQuality: return "Password fails quality checks";
+ case PP_passwordTooShort: return "Password is too short for policy";
+ case PP_passwordTooYoung: return "Password has been changed too recently";
+ case PP_passwordInHistory: return "New password is in list of old passwords";
+ case PP_noError: return "No error";
+ default: return "Unknown error code";
+ }
+}
+
+#endif /* LDAP_CONTROL_PASSWORDPOLICYREQUEST */
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/print.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/print.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/print.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,62 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/print.c,v 1.14.2.3 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/stdarg.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+/*
+ * ldap log
+ */
+
+static int ldap_log_check( LDAP *ld, int loglvl )
+{
+ int errlvl;
+
+ if(ld == NULL) {
+ errlvl = ldap_debug;
+ } else {
+ errlvl = ld->ld_debug;
+ }
+
+ return errlvl & loglvl ? 1 : 0;
+}
+
+int ldap_log_printf( LDAP *ld, int loglvl, const char *fmt, ... )
+{
+ char buf[ 1024 ];
+ va_list ap;
+
+ if ( !ldap_log_check( ld, loglvl )) {
+ return 0;
+ }
+
+ va_start( ap, fmt );
+
+ buf[sizeof(buf) - 1] = '\0';
+ vsnprintf( buf, sizeof(buf)-1, fmt, ap );
+
+ va_end(ap);
+
+ (*ber_pvt_log_print)( buf );
+ return 1;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/references.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/references.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/references.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,147 @@
+/* references.c */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/references.c,v 1.22.2.3 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+LDAPMessage *
+ldap_first_reference( LDAP *ld, LDAPMessage *chain )
+{
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( chain != NULL );
+
+ return chain->lm_msgtype == LDAP_RES_SEARCH_REFERENCE
+ ? chain
+ : ldap_next_reference( ld, chain );
+}
+
+LDAPMessage *
+ldap_next_reference( LDAP *ld, LDAPMessage *ref )
+{
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( ref != NULL );
+
+ for (
+ ref = ref->lm_chain;
+ ref != NULL;
+ ref = ref->lm_chain )
+ {
+ if( ref->lm_msgtype == LDAP_RES_SEARCH_REFERENCE ) {
+ return( ref );
+ }
+ }
+
+ return( NULL );
+}
+
+int
+ldap_count_references( LDAP *ld, LDAPMessage *chain )
+{
+ int i;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+
+ for ( i = 0; chain != NULL; chain = chain->lm_chain ) {
+ if( chain->lm_msgtype == LDAP_RES_SEARCH_REFERENCE ) {
+ i++;
+ }
+ }
+
+ return( i );
+}
+
+int
+ldap_parse_reference(
+ LDAP *ld,
+ LDAPMessage *ref,
+ char ***referralsp,
+ LDAPControl ***serverctrls,
+ int freeit)
+{
+ BerElement be;
+ char **refs = NULL;
+ int rc;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( ref != NULL );
+
+ if( ref->lm_msgtype != LDAP_RES_SEARCH_REFERENCE ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ /* make a private copy of BerElement */
+ AC_MEMCPY(&be, ref->lm_ber, sizeof(be));
+
+ if ( ber_scanf( &be, "{v" /*}*/, &refs ) == LBER_ERROR ) {
+ rc = LDAP_DECODING_ERROR;
+ goto free_and_return;
+ }
+
+ if ( serverctrls == NULL ) {
+ rc = LDAP_SUCCESS;
+ goto free_and_return;
+ }
+
+ if ( ber_scanf( &be, /*{*/ "}" ) == LBER_ERROR ) {
+ rc = LDAP_DECODING_ERROR;
+ goto free_and_return;
+ }
+
+ rc = ldap_pvt_get_controls( &be, serverctrls );
+
+free_and_return:
+
+ if( referralsp != NULL ) {
+ /* provide references regradless of return code */
+ *referralsp = refs;
+
+ } else {
+ LDAP_VFREE( refs );
+ }
+
+ if( freeit ) {
+ ldap_msgfree( ref );
+ }
+
+ if( rc != LDAP_SUCCESS ) {
+ ld->ld_errno = rc;
+
+ if( ld->ld_matched != NULL ) {
+ LDAP_FREE( ld->ld_matched );
+ ld->ld_matched = NULL;
+ }
+
+ if( ld->ld_error != NULL ) {
+ LDAP_FREE( ld->ld_error );
+ ld->ld_error = NULL;
+ }
+ }
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/request.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/request.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/request.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1426 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/request.c,v 1.103.2.15 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/* This notice applies to changes, created by or for Novell, Inc.,
+ * to preexisting works for which notices appear elsewhere in this file.
+ *
+ * Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
+ *
+ * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES.
+ * USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION
+ * 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT
+ * HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE
+ * TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS
+ * WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC
+ * LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE
+ * PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
+ *---
+ * Modification to OpenLDAP source by Novell, Inc.
+ * April 2000 sfs Added code to chase V3 referrals
+ * request.c - sending of ldap requests; handling of referrals
+ *---
+ * Note: A verbatim copy of version 2.0.1 of the OpenLDAP Public License
+ * can be found in the file "build/LICENSE-2.0.1" in this distribution
+ * of OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include "ldap-int.h"
+#include "lber.h"
+
+static LDAPConn *find_connection LDAP_P(( LDAP *ld, LDAPURLDesc *srv, int any ));
+static void use_connection LDAP_P(( LDAP *ld, LDAPConn *lc ));
+static void ldap_free_request_int LDAP_P(( LDAP *ld, LDAPRequest *lr ));
+
+static BerElement *
+re_encode_request( LDAP *ld,
+ BerElement *origber,
+ ber_int_t msgid,
+ int sref,
+ LDAPURLDesc *srv,
+ int *type );
+
+BerElement *
+ldap_alloc_ber_with_options( LDAP *ld )
+{
+ BerElement *ber;
+
+ if (( ber = ber_alloc_t( ld->ld_lberoptions )) == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ }
+
+ return( ber );
+}
+
+
+void
+ldap_set_ber_options( LDAP *ld, BerElement *ber )
+{
+ ber->ber_options = ld->ld_lberoptions;
+}
+
+
+ber_int_t
+ldap_send_initial_request(
+ LDAP *ld,
+ ber_tag_t msgtype,
+ const char *dn,
+ BerElement *ber,
+ ber_int_t msgid)
+{
+ int rc = 1;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_send_initial_request\n", 0, 0, 0 );
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) {
+ /* not connected yet */
+ rc = ldap_open_defconn( ld );
+
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+ if( rc < 0 ) {
+ ber_free( ber, 1 );
+ return( -1 );
+ } else if ( rc == 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_open_defconn: successful\n",
+ 0, 0, 0 );
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ if (LDAP_IS_UDP(ld)) {
+ if (msgtype == LDAP_REQ_BIND) {
+ if (ld->ld_options.ldo_cldapdn)
+ ldap_memfree(ld->ld_options.ldo_cldapdn);
+ ld->ld_options.ldo_cldapdn = ldap_strdup(dn);
+ return 0;
+ }
+ if (msgtype != LDAP_REQ_ABANDON && msgtype != LDAP_REQ_SEARCH)
+ return LDAP_PARAM_ERROR;
+ }
+#endif
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ rc = ldap_send_server_request( ld, ber, msgid, NULL,
+ NULL, NULL, NULL );
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+ return(rc);
+}
+
+
+int
+ldap_int_flush_request(
+ LDAP *ld,
+ LDAPRequest *lr )
+{
+ LDAPConn *lc = lr->lr_conn;
+
+ if ( ber_flush( lc->lconn_sb, lr->lr_ber, 0 ) != 0 ) {
+ if ( sock_errno() == EAGAIN ) {
+ /* need to continue write later */
+ lr->lr_status = LDAP_REQST_WRITING;
+ ldap_mark_select_write( ld, lc->lconn_sb );
+ ld->ld_errno = LDAP_BUSY;
+ return -2;
+ } else {
+ ld->ld_errno = LDAP_SERVER_DOWN;
+ ldap_free_request( ld, lr );
+ ldap_free_connection( ld, lc, 0, 0 );
+ return( -1 );
+ }
+ } else {
+ if ( lr->lr_parent == NULL ) {
+ lr->lr_ber->ber_end = lr->lr_ber->ber_ptr;
+ lr->lr_ber->ber_ptr = lr->lr_ber->ber_buf;
+ }
+ lr->lr_status = LDAP_REQST_INPROGRESS;
+
+ /* sent -- waiting for a response */
+ ldap_mark_select_read( ld, lc->lconn_sb );
+ }
+ return 0;
+}
+
+int
+ldap_send_server_request(
+ LDAP *ld,
+ BerElement *ber,
+ ber_int_t msgid,
+ LDAPRequest *parentreq,
+ LDAPURLDesc *srvlist,
+ LDAPConn *lc,
+ LDAPreqinfo *bind )
+{
+ LDAPRequest *lr;
+ int incparent, rc;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_send_server_request\n", 0, 0, 0 );
+
+ incparent = 0;
+ ld->ld_errno = LDAP_SUCCESS; /* optimistic */
+
+ if ( lc == NULL ) {
+ if ( srvlist == NULL ) {
+ lc = ld->ld_defconn;
+ } else {
+ lc = find_connection( ld, srvlist, 1 );
+ if ( lc == NULL ) {
+ if ( (bind != NULL) && (parentreq != NULL) ) {
+ /* Remember the bind in the parent */
+ incparent = 1;
+ ++parentreq->lr_outrefcnt;
+ }
+ lc = ldap_new_connection( ld, srvlist, 0, 1, bind );
+ }
+ }
+ }
+
+ if ( lc == NULL || lc->lconn_status != LDAP_CONNST_CONNECTED ) {
+ ber_free( ber, 1 );
+ if ( ld->ld_errno == LDAP_SUCCESS ) {
+ ld->ld_errno = LDAP_SERVER_DOWN;
+ }
+ if ( incparent ) {
+ /* Forget about the bind */
+ --parentreq->lr_outrefcnt;
+ }
+ return( -1 );
+ }
+
+ use_connection( ld, lc );
+
+ /* If we still have an incomplete write, try to finish it before
+ * dealing with the new request. If we don't finish here, return
+ * LDAP_BUSY and let the caller retry later. We only allow a single
+ * request to be in WRITING state.
+ */
+ rc = 0;
+ if ( ld->ld_requests &&
+ ld->ld_requests->lr_status == LDAP_REQST_WRITING &&
+ ldap_int_flush_request( ld, ld->ld_requests ) < 0 )
+ {
+ rc = -1;
+ }
+ if ( rc ) return rc;
+
+ lr = (LDAPRequest *)LDAP_CALLOC( 1, sizeof( LDAPRequest ));
+ if ( lr == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ ldap_free_connection( ld, lc, 0, 0 );
+ ber_free( ber, 1 );
+ if ( incparent ) {
+ /* Forget about the bind */
+ --parentreq->lr_outrefcnt;
+ }
+ return( -1 );
+ }
+ lr->lr_msgid = msgid;
+ lr->lr_status = LDAP_REQST_INPROGRESS;
+ lr->lr_res_errno = LDAP_SUCCESS; /* optimistic */
+ lr->lr_ber = ber;
+ lr->lr_conn = lc;
+ if ( parentreq != NULL ) { /* sub-request */
+ if ( !incparent ) {
+ /* Increment if we didn't do it before the bind */
+ ++parentreq->lr_outrefcnt;
+ }
+ lr->lr_origid = parentreq->lr_origid;
+ lr->lr_parentcnt = ++parentreq->lr_parentcnt;
+ lr->lr_parent = parentreq;
+ lr->lr_refnext = parentreq->lr_child;
+ parentreq->lr_child = lr;
+ } else { /* original request */
+ lr->lr_origid = lr->lr_msgid;
+ }
+
+ /* Extract requestDN for future reference */
+ {
+ BerElement tmpber = *ber;
+ ber_int_t bint;
+ ber_tag_t tag, rtag;
+
+ ber_reset( &tmpber, 1 );
+ rtag = ber_scanf( &tmpber, "{it", /*}*/ &bint, &tag );
+ switch ( tag ) {
+ case LDAP_REQ_BIND:
+ rtag = ber_scanf( &tmpber, "{i" /*}*/, &bint );
+ break;
+ case LDAP_REQ_DELETE:
+ break;
+ default:
+ rtag = ber_scanf( &tmpber, "{" /*}*/ );
+ case LDAP_REQ_ABANDON:
+ break;
+ }
+ if ( tag != LDAP_REQ_ABANDON ) {
+ ber_skip_tag( &tmpber, &lr->lr_dn.bv_len );
+ lr->lr_dn.bv_val = tmpber.ber_ptr;
+ }
+ }
+
+ lr->lr_prev = NULL;
+ if (( lr->lr_next = ld->ld_requests ) != NULL ) {
+ lr->lr_next->lr_prev = lr;
+ }
+ ld->ld_requests = lr;
+
+ ld->ld_errno = LDAP_SUCCESS;
+ if ( ldap_int_flush_request( ld, lr ) == -1 ) {
+ msgid = -1;
+ }
+
+ return( msgid );
+}
+
+LDAPConn *
+ldap_new_connection( LDAP *ld, LDAPURLDesc *srvlist, int use_ldsb,
+ int connect, LDAPreqinfo *bind )
+{
+ LDAPConn *lc;
+ LDAPURLDesc *srv;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_new_connection %d %d %d\n",
+ use_ldsb, connect, (bind != NULL) );
+ /*
+ * make a new LDAP server connection
+ * XXX open connection synchronously for now
+ */
+ lc = (LDAPConn *)LDAP_CALLOC( 1, sizeof( LDAPConn ) );
+ if ( lc == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return( NULL );
+ }
+
+ if ( use_ldsb ) {
+ assert( ld->ld_sb != NULL );
+ lc->lconn_sb = ld->ld_sb;
+
+ } else {
+ lc->lconn_sb = ber_sockbuf_alloc();
+ if ( lc->lconn_sb == NULL ) {
+ LDAP_FREE( (char *)lc );
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return( NULL );
+ }
+ }
+
+ if ( connect ) {
+ for ( srv = srvlist; srv != NULL; srv = srv->lud_next ) {
+ if ( ldap_int_open_connection( ld, lc, srv, 0 ) != -1 )
+ {
+ break;
+ }
+ }
+
+ if ( srv == NULL ) {
+ if ( !use_ldsb ) {
+ ber_sockbuf_free( lc->lconn_sb );
+ }
+ LDAP_FREE( (char *)lc );
+ ld->ld_errno = LDAP_SERVER_DOWN;
+ return( NULL );
+ }
+
+ lc->lconn_server = ldap_url_dup( srv );
+ }
+
+ lc->lconn_status = LDAP_CONNST_CONNECTED;
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
+#endif
+ lc->lconn_next = ld->ld_conns;
+ ld->ld_conns = lc;
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
+#endif
+
+ /*
+ * XXX for now, we always do a synchronous bind. This will have
+ * to change in the long run...
+ */
+ if ( bind != NULL) {
+ int err = 0;
+ LDAPConn *savedefconn;
+
+ /* Set flag to prevent additional referrals
+ * from being processed on this
+ * connection until the bind has completed
+ */
+ lc->lconn_rebind_inprogress = 1;
+ /* V3 rebind function */
+ if ( ld->ld_rebind_proc != NULL) {
+ LDAPURLDesc *srvfunc;
+
+ srvfunc = ldap_url_dup( srvlist );
+ if ( srvfunc == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ err = -1;
+ } else {
+ savedefconn = ld->ld_defconn;
+ ++lc->lconn_refcnt; /* avoid premature free */
+ ld->ld_defconn = lc;
+
+ Debug( LDAP_DEBUG_TRACE, "Call application rebind_proc\n", 0, 0, 0);
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+ ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
+#endif
+ err = (*ld->ld_rebind_proc)( ld,
+ bind->ri_url, bind->ri_request, bind->ri_msgid,
+ ld->ld_rebind_params );
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+
+ ld->ld_defconn = savedefconn;
+ --lc->lconn_refcnt;
+
+ if ( err != 0 ) {
+ err = -1;
+ ldap_free_connection( ld, lc, 1, 0 );
+ lc = NULL;
+ }
+ ldap_free_urldesc( srvfunc );
+ }
+ } else {
+ int msgid, rc;
+ struct berval passwd = BER_BVNULL;
+
+ savedefconn = ld->ld_defconn;
+ ++lc->lconn_refcnt; /* avoid premature free */
+ ld->ld_defconn = lc;
+
+ Debug( LDAP_DEBUG_TRACE, "anonymous rebind via ldap_bind_s\n", 0, 0, 0);
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+ ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
+#endif
+ rc = ldap_sasl_bind( ld, "", LDAP_SASL_SIMPLE, &passwd,
+ NULL, NULL, &msgid );
+ if ( rc != LDAP_SUCCESS ) {
+ err = -1;
+
+ } else {
+ for ( err = 1; err > 0; ) {
+ struct timeval tv = { 0, 100000 };
+ LDAPMessage *res = NULL;
+
+ switch ( ldap_result( ld, msgid, LDAP_MSG_ALL, &tv, &res ) ) {
+ case -1:
+ err = -1;
+ break;
+
+ case 0:
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_yield();
+#endif
+ break;
+
+ case LDAP_RES_BIND:
+ rc = ldap_parse_result( ld, res, &err, NULL, NULL, NULL, NULL, 1 );
+ if ( rc != LDAP_SUCCESS ) {
+ err = -1;
+
+ } else if ( err != LDAP_SUCCESS ) {
+ err = -1;
+ }
+ /* else err == LDAP_SUCCESS == 0 */
+ break;
+
+ default:
+ assert( 0 );
+ }
+ }
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ ld->ld_defconn = savedefconn;
+ --lc->lconn_refcnt;
+
+ if ( err != 0 ) {
+ ldap_free_connection( ld, lc, 1, 0 );
+ lc = NULL;
+ }
+ }
+ if ( lc != NULL )
+ lc->lconn_rebind_inprogress = 0;
+ }
+
+ return( lc );
+}
+
+
+static LDAPConn *
+find_connection( LDAP *ld, LDAPURLDesc *srv, int any )
+/*
+ * return an existing connection (if any) to the server srv
+ * if "any" is non-zero, check for any server in the "srv" chain
+ */
+{
+ LDAPConn *lc;
+ LDAPURLDesc *lcu, *lsu;
+ int lcu_port, lsu_port;
+ int found = 0;
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
+#endif
+ for ( lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next ) {
+ lcu = lc->lconn_server;
+ lcu_port = ldap_pvt_url_scheme_port( lcu->lud_scheme,
+ lcu->lud_port );
+
+ for ( lsu = srv; lsu != NULL; lsu = lsu->lud_next ) {
+ lsu_port = ldap_pvt_url_scheme_port( lsu->lud_scheme,
+ lsu->lud_port );
+
+ if ( lsu_port == lcu_port
+ && strcmp( lcu->lud_scheme, lsu->lud_scheme ) == 0
+ && lcu->lud_host != NULL && *lcu->lud_host != '\0'
+ && lsu->lud_host != NULL && *lsu->lud_host != '\0'
+ && strcasecmp( lsu->lud_host, lcu->lud_host ) == 0 )
+ {
+ found = 1;
+ break;
+ }
+
+ if ( !any ) break;
+ }
+ if ( found )
+ break;
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
+#endif
+ return lc;
+}
+
+
+
+static void
+use_connection( LDAP *ld, LDAPConn *lc )
+{
+ ++lc->lconn_refcnt;
+ lc->lconn_lastused = time( NULL );
+}
+
+
+void
+ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind )
+{
+ LDAPConn *tmplc, *prevlc;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_free_connection %d %d\n",
+ force, unbind, 0 );
+
+ if ( force || --lc->lconn_refcnt <= 0 ) {
+ if ( lc->lconn_status == LDAP_CONNST_CONNECTED ) {
+ ldap_mark_select_clear( ld, lc->lconn_sb );
+ if ( unbind ) {
+ ldap_send_unbind( ld, lc->lconn_sb,
+ NULL, NULL );
+ }
+ }
+
+ if ( lc->lconn_ber != NULL ) {
+ ber_free( lc->lconn_ber, 1 );
+ }
+
+ ldap_int_sasl_close( ld, lc );
+
+ prevlc = NULL;
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
+#endif
+ for ( tmplc = ld->ld_conns;
+ tmplc != NULL;
+ tmplc = tmplc->lconn_next )
+ {
+ if ( tmplc == lc ) {
+ if ( prevlc == NULL ) {
+ ld->ld_conns = tmplc->lconn_next;
+ } else {
+ prevlc->lconn_next = tmplc->lconn_next;
+ }
+ break;
+ }
+ prevlc = tmplc;
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
+#endif
+ ldap_free_urllist( lc->lconn_server );
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ if ( lc->lconn_krbinstance != NULL ) {
+ LDAP_FREE( lc->lconn_krbinstance );
+ }
+#endif
+
+ /* FIXME: is this at all possible? */
+ if ( force ) {
+ LDAPRequest *lr;
+
+ for ( lr = ld->ld_requests; lr; ) {
+ LDAPRequest *lr_next = lr->lr_next;
+
+ if ( lr->lr_conn == lc ) {
+ ldap_free_request_int( ld, lr );
+ }
+
+ lr = lr_next;
+ }
+ }
+ if ( lc->lconn_sb != ld->ld_sb ) {
+ ber_sockbuf_free( lc->lconn_sb );
+ }
+ if ( lc->lconn_rebind_queue != NULL) {
+ int i;
+ for( i = 0; lc->lconn_rebind_queue[i] != NULL; i++ ) {
+ LDAP_VFREE( lc->lconn_rebind_queue[i] );
+ }
+ LDAP_FREE( lc->lconn_rebind_queue );
+ }
+ LDAP_FREE( lc );
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_free_connection: actually freed\n",
+ 0, 0, 0 );
+ } else {
+ lc->lconn_lastused = time( NULL );
+ Debug( LDAP_DEBUG_TRACE, "ldap_free_connection: refcnt %d\n",
+ lc->lconn_refcnt, 0, 0 );
+ }
+}
+
+
+#ifdef LDAP_DEBUG
+void
+ldap_dump_connection( LDAP *ld, LDAPConn *lconns, int all )
+{
+ LDAPConn *lc;
+ char timebuf[32];
+
+ fprintf( stderr, "** ld %p Connection%s:\n", (void *)ld, all ? "s" : "" );
+ for ( lc = lconns; lc != NULL; lc = lc->lconn_next ) {
+ if ( lc->lconn_server != NULL ) {
+ fprintf( stderr, "* host: %s port: %d%s\n",
+ ( lc->lconn_server->lud_host == NULL ) ? "(null)"
+ : lc->lconn_server->lud_host,
+ lc->lconn_server->lud_port, ( lc->lconn_sb ==
+ ld->ld_sb ) ? " (default)" : "" );
+ }
+ fprintf( stderr, " refcnt: %d status: %s\n", lc->lconn_refcnt,
+ ( lc->lconn_status == LDAP_CONNST_NEEDSOCKET ) ?
+ "NeedSocket" : ( lc->lconn_status ==
+ LDAP_CONNST_CONNECTING ) ? "Connecting" : "Connected" );
+ fprintf( stderr, " last used: %s",
+ ldap_pvt_ctime( &lc->lconn_lastused, timebuf ));
+ if( lc->lconn_rebind_inprogress ) {
+ fprintf( stderr, " rebind in progress\n");
+ if( lc->lconn_rebind_queue != NULL) {
+ int i = 0;
+ for( ;lc->lconn_rebind_queue[i] != NULL; i++) {
+ int j = 0;
+ for( ;lc->lconn_rebind_queue[i][j] != 0; j++) {
+ fprintf( stderr, " queue %d entry %d - %s\n",
+ i, j, lc->lconn_rebind_queue[i][j]);
+ }
+ }
+ } else {
+ fprintf( stderr, " queue is empty\n");
+ }
+ }
+ fprintf(stderr, "\n");
+ if ( !all ) {
+ break;
+ }
+ }
+}
+
+
+void
+ldap_dump_requests_and_responses( LDAP *ld )
+{
+ LDAPRequest *lr;
+ LDAPMessage *lm, *l;
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ fprintf( stderr, "** ld %p Outstanding Requests:\n", (void *)ld );
+ if (( lr = ld->ld_requests ) == NULL ) {
+ fprintf( stderr, " Empty\n" );
+ }
+ for ( ; lr != NULL; lr = lr->lr_next ) {
+ fprintf( stderr, " * msgid %d, origid %d, status %s\n",
+ lr->lr_msgid, lr->lr_origid,
+ ( lr->lr_status == LDAP_REQST_INPROGRESS ) ? "InProgress" :
+ ( lr->lr_status == LDAP_REQST_CHASINGREFS ) ? "ChasingRefs" :
+ ( lr->lr_status == LDAP_REQST_NOTCONNECTED ) ? "NotConnected" :
+ ( lr->lr_status == LDAP_REQST_WRITING) ? "Writing" :
+ ( lr->lr_status == LDAP_REQST_COMPLETED ? "RequestCompleted"
+ : "InvalidStatus"));
+ fprintf( stderr, " outstanding referrals %d, parent count %d\n",
+ lr->lr_outrefcnt, lr->lr_parentcnt );
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+ fprintf( stderr, "** ld %p Response Queue:\n", (void *)ld );
+ if (( lm = ld->ld_responses ) == NULL ) {
+ fprintf( stderr, " Empty\n" );
+ }
+ for ( ; lm != NULL; lm = lm->lm_next ) {
+ fprintf( stderr, " * msgid %d, type %lu\n",
+ lm->lm_msgid, (unsigned long) lm->lm_msgtype );
+ if (( l = lm->lm_chain ) != NULL ) {
+ fprintf( stderr, " chained responses:\n" );
+ for ( ; l != NULL; l = l->lm_chain ) {
+ fprintf( stderr,
+ " * msgid %d, type %lu\n",
+ l->lm_msgid,
+ (unsigned long) l->lm_msgtype );
+ }
+ }
+ }
+}
+#endif /* LDAP_DEBUG */
+
+static void
+ldap_free_request_int( LDAP *ld, LDAPRequest *lr )
+{
+ if ( lr->lr_prev == NULL ) {
+ /* free'ing the first request? */
+ assert( ld->ld_requests == lr );
+ ld->ld_requests = lr->lr_next;
+
+ } else {
+ lr->lr_prev->lr_next = lr->lr_next;
+ }
+
+ if ( lr->lr_next != NULL ) {
+ lr->lr_next->lr_prev = lr->lr_prev;
+ }
+
+ if ( lr->lr_ber != NULL ) {
+ ber_free( lr->lr_ber, 1 );
+ }
+
+ if ( lr->lr_res_error != NULL ) {
+ LDAP_FREE( lr->lr_res_error );
+ }
+
+ if ( lr->lr_res_matched != NULL ) {
+ LDAP_FREE( lr->lr_res_matched );
+ }
+
+ LDAP_FREE( lr );
+}
+
+void
+ldap_free_request( LDAP *ld, LDAPRequest *lr )
+{
+ LDAPRequest **ttmplr;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_free_request (origid %d, msgid %d)\n",
+ lr->lr_origid, lr->lr_msgid, 0 );
+
+ /* free all referrals (child requests) */
+ while ( lr->lr_child )
+ ldap_free_request( ld, lr->lr_child );
+
+ if ( lr->lr_parent != NULL ) {
+ --lr->lr_parent->lr_outrefcnt;
+ for ( ttmplr = &lr->lr_parent->lr_child; *ttmplr && *ttmplr != lr; ttmplr = &(*ttmplr)->lr_refnext );
+ if ( *ttmplr == lr )
+ *ttmplr = lr->lr_refnext;
+ }
+ ldap_free_request_int( ld, lr );
+}
+
+/*
+ * call first time with *cntp = -1
+ * when returns *cntp == -1, no referrals are left
+ *
+ * NOTE: may replace *refsp, or shuffle the contents
+ * of the original array.
+ */
+static int ldap_int_nextref(
+ LDAP *ld,
+ char ***refsp,
+ int *cntp,
+ void *params )
+{
+ assert( refsp != NULL );
+ assert( *refsp != NULL );
+ assert( cntp != NULL );
+
+ if ( *cntp < -1 ) {
+ *cntp = -1;
+ return -1;
+ }
+
+ (*cntp)++;
+
+ if ( (*refsp)[ *cntp ] == NULL ) {
+ *cntp = -1;
+ }
+
+ return 0;
+}
+
+/*
+ * Chase v3 referrals
+ *
+ * Parameters:
+ * (IN) ld = LDAP connection handle
+ * (IN) lr = LDAP Request structure
+ * (IN) refs = array of pointers to referral strings that we will chase
+ * The array will be free'd by this function when no longer needed
+ * (IN) sref != 0 if following search reference
+ * (OUT) errstrp = Place to return a string of referrals which could not be followed
+ * (OUT) hadrefp = 1 if sucessfully followed referral
+ *
+ * Return value - number of referrals followed
+ */
+int
+ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, int sref, char **errstrp, int *hadrefp )
+{
+ char *unfollowed;
+ int unfollowedcnt = 0;
+ LDAPRequest *origreq;
+ LDAPURLDesc *srv = NULL;
+ BerElement *ber;
+ char **refarray = NULL;
+ LDAPConn *lc;
+ int rc, count, i, j, id;
+ LDAPreqinfo rinfo;
+
+ ld->ld_errno = LDAP_SUCCESS; /* optimistic */
+ *hadrefp = 0;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_chase_v3referrals\n", 0, 0, 0 );
+
+ unfollowed = NULL;
+ rc = count = 0;
+
+ /* If no referrals in array, return */
+ if ( (refs == NULL) || ( (refs)[0] == NULL) ) {
+ rc = 0;
+ goto done;
+ }
+
+ /* Check for hop limit exceeded */
+ if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) {
+ Debug( LDAP_DEBUG_ANY,
+ "more than %d referral hops (dropping)\n", ld->ld_refhoplimit, 0, 0 );
+ ld->ld_errno = LDAP_REFERRAL_LIMIT_EXCEEDED;
+ rc = -1;
+ goto done;
+ }
+
+ /* find original request */
+ for ( origreq = lr;
+ origreq->lr_parent != NULL;
+ origreq = origreq->lr_parent )
+ {
+ /* empty */ ;
+ }
+
+ refarray = refs;
+ refs = NULL;
+
+ if ( ld->ld_nextref_proc == NULL ) {
+ ld->ld_nextref_proc = ldap_int_nextref;
+ }
+
+ /* parse out & follow referrals */
+ i = -1;
+ for ( ld->ld_nextref_proc( ld, &refarray, &i, ld->ld_nextref_params );
+ i != -1;
+ ld->ld_nextref_proc( ld, &refarray, &i, ld->ld_nextref_params ) )
+ {
+
+ /* Parse the referral URL */
+ if (( rc = ldap_url_parse_ext( refarray[i], &srv)) != LDAP_SUCCESS) {
+ ld->ld_errno = rc;
+ rc = -1;
+ goto done;
+ }
+
+ if( srv->lud_crit_exts ) {
+ /* we do not support any extensions */
+ ld->ld_errno = LDAP_NOT_SUPPORTED;
+ rc = -1;
+ goto done;
+ }
+
+ /* treat ldap://hostpart and ldap://hostpart/ the same */
+ if ( srv->lud_dn && srv->lud_dn[0] == '\0' ) {
+ LDAP_FREE( srv->lud_dn );
+ srv->lud_dn = NULL;
+ }
+
+ /* check connection for re-bind in progress */
+ if (( lc = find_connection( ld, srv, 1 )) != NULL ) {
+ /* See if we've already requested this DN with this conn */
+ LDAPRequest *lp;
+ int looped = 0;
+ int len = srv->lud_dn ? strlen( srv->lud_dn ) : 0;
+ for ( lp = origreq; lp; ) {
+ if ( lp->lr_conn == lc ) {
+ if ( len == lp->lr_dn.bv_len
+ && len
+ && strncmp( srv->lud_dn, lp->lr_dn.bv_val, len ) == 0 )
+ {
+ looped = 1;
+ break;
+ }
+ }
+ if ( lp == origreq ) {
+ lp = lp->lr_child;
+ } else {
+ lp = lr->lr_refnext;
+ }
+ }
+ if ( looped ) {
+ ldap_free_urllist( srv );
+ srv = NULL;
+ ld->ld_errno = LDAP_CLIENT_LOOP;
+ rc = -1;
+ continue;
+ }
+
+ if ( lc->lconn_rebind_inprogress ) {
+ /* We are already chasing a referral or search reference and a
+ * bind on that connection is in progress. We must queue
+ * referrals on that connection, so we don't get a request
+ * going out before the bind operation completes. This happens
+ * if two search references come in one behind the other
+ * for the same server with different contexts.
+ */
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_chase_v3referrals: queue referral \"%s\"\n",
+ refarray[i], 0, 0);
+ if( lc->lconn_rebind_queue == NULL ) {
+ /* Create a referral list */
+ lc->lconn_rebind_queue =
+ (char ***) LDAP_MALLOC( sizeof(void *) * 2);
+
+ if( lc->lconn_rebind_queue == NULL) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ rc = -1;
+ goto done;
+ }
+
+ lc->lconn_rebind_queue[0] = refarray;
+ lc->lconn_rebind_queue[1] = NULL;
+ refarray = NULL;
+
+ } else {
+ /* Count how many referral arrays we already have */
+ for( j = 0; lc->lconn_rebind_queue[j] != NULL; j++) {
+ /* empty */;
+ }
+
+ /* Add the new referral to the list */
+ lc->lconn_rebind_queue = (char ***) LDAP_REALLOC(
+ lc->lconn_rebind_queue, sizeof(void *) * (j + 2));
+
+ if( lc->lconn_rebind_queue == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ rc = -1;
+ goto done;
+ }
+ lc->lconn_rebind_queue[j] = refarray;
+ lc->lconn_rebind_queue[j+1] = NULL;
+ refarray = NULL;
+ }
+
+ /* We have queued the referral/reference, now just return */
+ rc = 0;
+ *hadrefp = 1;
+ count = 1; /* Pretend we already followed referral */
+ goto done;
+ }
+ }
+ /* Re-encode the request with the new starting point of the search.
+ * Note: In the future we also need to replace the filter if one
+ * was provided with the search reference
+ */
+
+ /* For references we don't want old dn if new dn empty */
+ if ( sref && srv->lud_dn == NULL ) {
+ srv->lud_dn = LDAP_STRDUP( "" );
+ }
+
+ LDAP_NEXT_MSGID( ld, id );
+ ber = re_encode_request( ld, origreq->lr_ber, id,
+ sref, srv, &rinfo.ri_request );
+
+ if( ber == NULL ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ rc = -1;
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_chase_v3referral: msgid %d, url \"%s\"\n",
+ lr->lr_msgid, refarray[i], 0);
+
+ /* Send the new request to the server - may require a bind */
+ rinfo.ri_msgid = origreq->lr_origid;
+ rinfo.ri_url = refarray[i];
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ rc = ldap_send_server_request( ld, ber, id,
+ origreq, srv, NULL, &rinfo );
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+ if ( rc < 0 ) {
+ /* Failure, try next referral in the list */
+ Debug( LDAP_DEBUG_ANY, "Unable to chase referral \"%s\" (%d: %s)\n",
+ refarray[i], ld->ld_errno, ldap_err2string( ld->ld_errno ) );
+ unfollowedcnt += ldap_append_referral( ld, &unfollowed, refarray[i] );
+ ldap_free_urllist( srv );
+ srv = NULL;
+ ld->ld_errno = LDAP_REFERRAL;
+ } else {
+ /* Success, no need to try this referral list further */
+ rc = 0;
+ ++count;
+ *hadrefp = 1;
+
+ /* check if there is a queue of referrals that came in during bind */
+ if ( lc == NULL) {
+ lc = find_connection( ld, srv, 1 );
+ if ( lc == NULL ) {
+ ld->ld_errno = LDAP_OPERATIONS_ERROR;
+ rc = -1;
+ goto done;
+ }
+ }
+
+ if ( lc->lconn_rebind_queue != NULL ) {
+ /* Release resources of previous list */
+ LDAP_VFREE( refarray );
+ refarray = NULL;
+ ldap_free_urllist( srv );
+ srv = NULL;
+
+ /* Pull entries off end of queue so list always null terminated */
+ for( j = 0; lc->lconn_rebind_queue[j] != NULL; j++ )
+ ;
+ refarray = lc->lconn_rebind_queue[j - 1];
+ lc->lconn_rebind_queue[j-1] = NULL;
+ /* we pulled off last entry from queue, free queue */
+ if ( j == 1 ) {
+ LDAP_FREE( lc->lconn_rebind_queue );
+ lc->lconn_rebind_queue = NULL;
+ }
+ /* restart the loop the with new referral list */
+ i = -1;
+ continue;
+ }
+ break; /* referral followed, break out of for loop */
+ }
+ } /* end for loop */
+done:
+ LDAP_VFREE( refarray );
+ ldap_free_urllist( srv );
+ LDAP_FREE( *errstrp );
+
+ if( rc == 0 ) {
+ *errstrp = NULL;
+ LDAP_FREE( unfollowed );
+ return count;
+ } else {
+ *errstrp = unfollowed;
+ return rc;
+ }
+}
+
+/*
+ * XXX merging of errors in this routine needs to be improved
+ */
+int
+ldap_chase_referrals( LDAP *ld,
+ LDAPRequest *lr,
+ char **errstrp,
+ int sref,
+ int *hadrefp )
+{
+ int rc, count, id;
+ unsigned len;
+ char *p, *ref, *unfollowed;
+ LDAPRequest *origreq;
+ LDAPURLDesc *srv;
+ BerElement *ber;
+ LDAPreqinfo rinfo;
+ LDAPConn *lc;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_chase_referrals\n", 0, 0, 0 );
+
+ ld->ld_errno = LDAP_SUCCESS; /* optimistic */
+ *hadrefp = 0;
+
+ if ( *errstrp == NULL ) {
+ return( 0 );
+ }
+
+ len = strlen( *errstrp );
+ for ( p = *errstrp; len >= LDAP_REF_STR_LEN; ++p, --len ) {
+ if ( strncasecmp( p, LDAP_REF_STR, LDAP_REF_STR_LEN ) == 0 ) {
+ *p = '\0';
+ p += LDAP_REF_STR_LEN;
+ break;
+ }
+ }
+
+ if ( len < LDAP_REF_STR_LEN ) {
+ return( 0 );
+ }
+
+ if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) {
+ Debug( LDAP_DEBUG_ANY,
+ "more than %d referral hops (dropping)\n",
+ ld->ld_refhoplimit, 0, 0 );
+ /* XXX report as error in ld->ld_errno? */
+ return( 0 );
+ }
+
+ /* find original request */
+ for ( origreq = lr; origreq->lr_parent != NULL;
+ origreq = origreq->lr_parent ) {
+ /* empty */;
+ }
+
+ unfollowed = NULL;
+ rc = count = 0;
+
+ /* parse out & follow referrals */
+ for ( ref = p; rc == 0 && ref != NULL; ref = p ) {
+ p = strchr( ref, '\n' );
+ if ( p != NULL ) {
+ *p++ = '\0';
+ }
+
+ rc = ldap_url_parse_ext( ref, &srv );
+
+ if ( rc != LDAP_URL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "ignoring unknown referral <%s>\n", ref, 0, 0 );
+ rc = ldap_append_referral( ld, &unfollowed, ref );
+ *hadrefp = 1;
+ continue;
+ }
+
+ if ( srv->lud_dn != NULL && srv->lud_dn == '\0' ) {
+ LDAP_FREE( srv->lud_dn );
+ srv->lud_dn = NULL;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "chasing LDAP referral: <%s>\n", ref, 0, 0 );
+
+ *hadrefp = 1;
+
+ /* See if we've already been here */
+ if (( lc = find_connection( ld, srv, 1 )) != NULL ) {
+ LDAPRequest *lp;
+ int looped = 0;
+ int len = srv->lud_dn ? strlen( srv->lud_dn ) : 0;
+ for (lp = lr; lp; lp = lp->lr_parent ) {
+ if ( lp->lr_conn == lc ) {
+ if ( len == lp->lr_dn.bv_len ) {
+ if ( len && strncmp( srv->lud_dn, lp->lr_dn.bv_val,
+ len ))
+ continue;
+ looped = 1;
+ break;
+ }
+ }
+ }
+ if ( looped ) {
+ ldap_free_urllist(srv);
+ ld->ld_errno = LDAP_CLIENT_LOOP;
+ rc = -1;
+ continue;
+ }
+ }
+
+ LDAP_NEXT_MSGID( ld, id );
+ ber = re_encode_request( ld, origreq->lr_ber,
+ id, sref, srv, &rinfo.ri_request );
+
+ if ( ber == NULL ) {
+ return -1 ;
+ }
+
+ /* copy the complete referral for rebind process */
+ rinfo.ri_url = LDAP_STRDUP( ref );
+
+ rinfo.ri_msgid = origreq->lr_origid;
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ rc = ldap_send_server_request( ld, ber, id,
+ lr, srv, NULL, &rinfo );
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+
+ LDAP_FREE( rinfo.ri_url );
+
+ if( rc >= 0 ) {
+ ++count;
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "Unable to chase referral \"%s\" (%d: %s)\n",
+ ref, ld->ld_errno, ldap_err2string( ld->ld_errno ) );
+ rc = ldap_append_referral( ld, &unfollowed, ref );
+ }
+
+ ldap_free_urllist(srv);
+ }
+
+ LDAP_FREE( *errstrp );
+ *errstrp = unfollowed;
+
+ return(( rc == 0 ) ? count : rc );
+}
+
+
+int
+ldap_append_referral( LDAP *ld, char **referralsp, char *s )
+{
+ int first;
+
+ if ( *referralsp == NULL ) {
+ first = 1;
+ *referralsp = (char *)LDAP_MALLOC( strlen( s ) + LDAP_REF_STR_LEN
+ + 1 );
+ } else {
+ first = 0;
+ *referralsp = (char *)LDAP_REALLOC( *referralsp,
+ strlen( *referralsp ) + strlen( s ) + 2 );
+ }
+
+ if ( *referralsp == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return( -1 );
+ }
+
+ if ( first ) {
+ strcpy( *referralsp, LDAP_REF_STR );
+ } else {
+ strcat( *referralsp, "\n" );
+ }
+ strcat( *referralsp, s );
+
+ return( 0 );
+}
+
+
+
+static BerElement *
+re_encode_request( LDAP *ld,
+ BerElement *origber,
+ ber_int_t msgid,
+ int sref,
+ LDAPURLDesc *srv,
+ int *type )
+{
+ /*
+ * XXX this routine knows way too much about how the lber library works!
+ */
+ ber_int_t along;
+ ber_tag_t tag;
+ ber_tag_t rtag;
+ ber_int_t ver;
+ ber_int_t scope;
+ int rc;
+ BerElement tmpber, *ber;
+ struct berval dn;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "re_encode_request: new msgid %ld, new dn <%s>\n",
+ (long) msgid,
+ ( srv == NULL || srv->lud_dn == NULL) ? "NONE" : srv->lud_dn, 0 );
+
+ tmpber = *origber;
+
+ /*
+ * all LDAP requests are sequences that start with a message id.
+ * For all except delete, this is followed by a sequence that is
+ * tagged with the operation code. For delete, the provided DN
+ * is not wrapped by a sequence.
+ */
+ rtag = ber_scanf( &tmpber, "{it", /*}*/ &along, &tag );
+
+ if ( rtag == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return( NULL );
+ }
+
+ assert( tag != 0);
+ if ( tag == LDAP_REQ_BIND ) {
+ /* bind requests have a version number before the DN & other stuff */
+ rtag = ber_scanf( &tmpber, "{im" /*}*/, &ver, &dn );
+
+ } else if ( tag == LDAP_REQ_DELETE ) {
+ /* delete requests don't have a DN wrapping sequence */
+ rtag = ber_scanf( &tmpber, "m", &dn );
+
+ } else if ( tag == LDAP_REQ_SEARCH ) {
+ /* search requests need to be re-scope-ed */
+ rtag = ber_scanf( &tmpber, "{me" /*"}"*/, &dn, &scope );
+
+ if( srv->lud_scope != LDAP_SCOPE_DEFAULT ) {
+ /* use the scope provided in reference */
+ scope = srv->lud_scope;
+
+ } else if ( sref ) {
+ /* use scope implied by previous operation
+ * base -> base
+ * one -> base
+ * subtree -> subtree
+ * subordinate -> subtree
+ */
+ switch( scope ) {
+ default:
+ case LDAP_SCOPE_BASE:
+ case LDAP_SCOPE_ONELEVEL:
+ scope = LDAP_SCOPE_BASE;
+ break;
+ case LDAP_SCOPE_SUBTREE:
+#ifdef LDAP_SCOPE_SUBORDINATE
+ case LDAP_SCOPE_SUBORDINATE:
+#endif
+ scope = LDAP_SCOPE_SUBTREE;
+ break;
+ }
+ }
+
+ } else {
+ rtag = ber_scanf( &tmpber, "{m" /*}*/, &dn );
+ }
+
+ if( rtag == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return NULL;
+ }
+
+ /* restore character zero'd out by ber_scanf*/
+ dn.bv_val[dn.bv_len] = tmpber.ber_tag;
+
+ if (( ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ return NULL;
+ }
+
+ if ( srv->lud_dn ) {
+ ber_str2bv( srv->lud_dn, 0, 0, &dn );
+ }
+
+ if ( tag == LDAP_REQ_BIND ) {
+ rc = ber_printf( ber, "{it{iO" /*}}*/, msgid, tag, ver, &dn );
+ } else if ( tag == LDAP_REQ_DELETE ) {
+ rc = ber_printf( ber, "{itON}", msgid, tag, &dn );
+ } else if ( tag == LDAP_REQ_SEARCH ) {
+ rc = ber_printf( ber, "{it{Oe" /*}}*/, msgid, tag, &dn, scope );
+ } else {
+ rc = ber_printf( ber, "{it{O" /*}}*/, msgid, tag, &dn );
+ }
+
+ if ( rc == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return NULL;
+ }
+
+ if ( tag != LDAP_REQ_DELETE && (
+ ber_write(ber, tmpber.ber_ptr, ( tmpber.ber_end - tmpber.ber_ptr ), 0)
+ != ( tmpber.ber_end - tmpber.ber_ptr ) ||
+ ber_printf( ber, /*{{*/ "N}N}" ) == -1 ) )
+ {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return NULL;
+ }
+
+#ifdef LDAP_DEBUG
+ if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
+ Debug( LDAP_DEBUG_ANY, "re_encode_request new request is:\n",
+ 0, 0, 0 );
+ ber_log_dump( LDAP_DEBUG_BER, ldap_debug, ber, 0 );
+ }
+#endif /* LDAP_DEBUG */
+
+ *type = tag; /* return request type */
+ return ber;
+}
+
+
+LDAPRequest *
+ldap_find_request_by_msgid( LDAP *ld, ber_int_t msgid )
+{
+ LDAPRequest *lr;
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) {
+ if( lr->lr_status == LDAP_REQST_COMPLETED ) {
+ continue; /* Skip completed requests */
+ }
+ if ( msgid == lr->lr_msgid ) {
+ break;
+ }
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+
+ return( lr );
+}
+
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/result.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/result.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/result.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1242 @@
+/* result.c - wait for an ldap result */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/result.c,v 1.99.2.23 2007/03/13 08:53:15 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/* This notice applies to changes, created by or for Novell, Inc.,
+ * to preexisting works for which notices appear elsewhere in this file.
+ *
+ * Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
+ *
+ * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES.
+ * USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION
+ * 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT
+ * HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE
+ * TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS
+ * WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC
+ * LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE
+ * PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
+ *---
+ * Modification to OpenLDAP source by Novell, Inc.
+ * April 2000 sfs Add code to process V3 referrals and search results
+ *---
+ * Note: A verbatim copy of version 2.0.1 of the OpenLDAP Public License
+ * can be found in the file "build/LICENSE-2.0.1" in this distribution
+ * of OpenLDAP Software.
+ */
+/* Portions Copyright (C) The Internet Society (1997)
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+/*
+ * LDAPv3 (RFC2251)
+ * LDAPResult ::= SEQUENCE {
+ * resultCode ENUMERATED { ... },
+ * matchedDN LDAPDN,
+ * errorMessage LDAPString,
+ * referral Referral OPTIONAL
+ * }
+ * Referral ::= SEQUENCE OF LDAPURL (one or more)
+ * LDAPURL ::= LDAPString (limited to URL chars)
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include "ldap-int.h"
+#include "ldap_log.h"
+
+static int ldap_abandoned LDAP_P(( LDAP *ld, ber_int_t msgid ));
+static int ldap_mark_abandoned LDAP_P(( LDAP *ld, ber_int_t msgid ));
+static int wait4msg LDAP_P(( LDAP *ld, ber_int_t msgid, int all, struct timeval *timeout,
+ LDAPMessage **result ));
+static ber_tag_t try_read1msg LDAP_P(( LDAP *ld, ber_int_t msgid,
+ int all, LDAPConn **lc, LDAPMessage **result ));
+static ber_tag_t build_result_ber LDAP_P(( LDAP *ld, BerElement **bp, LDAPRequest *lr ));
+static void merge_error_info LDAP_P(( LDAP *ld, LDAPRequest *parentr, LDAPRequest *lr ));
+static LDAPMessage * chkResponseList LDAP_P(( LDAP *ld, int msgid, int all));
+
+#define LDAP_MSG_X_KEEP_LOOKING (-2)
+
+
+/*
+ * ldap_result - wait for an ldap result response to a message from the
+ * ldap server. If msgid is LDAP_RES_ANY (-1), any message will be
+ * accepted. If msgid is LDAP_RES_UNSOLICITED (0), any unsolicited
+ * message is accepted. Otherwise ldap_result will wait for a response
+ * with msgid. If all is LDAP_MSG_ONE (0) the first message with id
+ * msgid will be accepted, otherwise, ldap_result will wait for all
+ * responses with id msgid and then return a pointer to the entire list
+ * of messages. In general, this is only useful for search responses,
+ * which can be of three message types (zero or more entries, zero or
+ * search references, followed by an ldap result). An extension to
+ * LDAPv3 allows partial extended responses to be returned in response
+ * to any request. The type of the first message received is returned.
+ * When waiting, any messages that have been abandoned are discarded.
+ *
+ * Example:
+ * ldap_result( s, msgid, all, timeout, result )
+ */
+int
+ldap_result(
+ LDAP *ld,
+ int msgid,
+ int all,
+ struct timeval *timeout,
+ LDAPMessage **result )
+{
+ LDAPMessage *lm;
+ int rc;
+
+ assert( ld != NULL );
+ assert( result != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_result ld %p msgid %d\n", (void *)ld, msgid, 0 );
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
+#endif
+ lm = chkResponseList(ld, msgid, all);
+
+ if ( lm == NULL ) {
+ rc = wait4msg( ld, msgid, all, timeout, result );
+ } else {
+ *result = lm;
+ ld->ld_errno = LDAP_SUCCESS;
+ rc = lm->lm_msgtype;
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
+#endif
+ return( rc );
+}
+
+static LDAPMessage *
+chkResponseList(
+ LDAP *ld,
+ int msgid,
+ int all)
+{
+ LDAPMessage *lm, **lastlm, *nextlm;
+ /*
+ * Look through the list of responses we have received on
+ * this association and see if the response we're interested in
+ * is there. If it is, return it. If not, call wait4msg() to
+ * wait until it arrives or timeout occurs.
+ */
+
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_chkResponseList ld %p msgid %d all %d\n",
+ (void *)ld, msgid, all );
+ lastlm = &ld->ld_responses;
+ for ( lm = ld->ld_responses; lm != NULL; lm = nextlm ) {
+ nextlm = lm->lm_next;
+
+ if ( ldap_abandoned( ld, lm->lm_msgid ) ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_chkResponseList msg abandoned, msgid %d\n",
+ msgid, 0, 0 );
+ ldap_mark_abandoned( ld, lm->lm_msgid );
+
+ /* Remove this entry from list */
+ *lastlm = nextlm;
+
+ ldap_msgfree( lm );
+
+ continue;
+ }
+
+ if ( msgid == LDAP_RES_ANY || lm->lm_msgid == msgid ) {
+ LDAPMessage *tmp;
+
+ if ( all == LDAP_MSG_ONE || all == LDAP_MSG_RECEIVED ||
+ msgid == LDAP_RES_UNSOLICITED ) {
+ break;
+ }
+
+ tmp = lm->lm_chain_tail;
+ if ((tmp->lm_msgtype == LDAP_RES_SEARCH_ENTRY) ||
+ (tmp->lm_msgtype == LDAP_RES_SEARCH_REFERENCE) ||
+ (tmp->lm_msgtype == LDAP_RES_INTERMEDIATE)) {
+ tmp = NULL;
+ }
+
+ if ( tmp == NULL ) {
+ lm = NULL;
+ }
+
+ break;
+ }
+ lastlm = &lm->lm_next;
+ }
+
+ if ( lm != NULL ) {
+ /* Found an entry, remove it from the list */
+ if ( all == LDAP_MSG_ONE && lm->lm_chain != NULL ) {
+ *lastlm = lm->lm_chain;
+ lm->lm_chain->lm_next = lm->lm_next;
+ lm->lm_chain->lm_chain_tail = ( lm->lm_chain_tail != lm ) ? lm->lm_chain_tail : lm->lm_chain;
+ lm->lm_chain = NULL;
+ lm->lm_chain_tail = NULL;
+ } else {
+ *lastlm = lm->lm_next;
+ }
+ lm->lm_next = NULL;
+ }
+
+#ifdef LDAP_DEBUG
+ if( lm == NULL) {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_chkResponseList returns ld %p NULL\n", (void *)ld, 0, 0);
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_chkResponseList returns ld %p msgid %d, type 0x%02lu\n",
+ (void *)ld, lm->lm_msgid, (unsigned long) lm->lm_msgtype);
+ }
+#endif
+ return lm;
+}
+
+static int
+wait4msg(
+ LDAP *ld,
+ ber_int_t msgid,
+ int all,
+ struct timeval *timeout,
+ LDAPMessage **result )
+{
+ int rc;
+ struct timeval tv = { 0 },
+ tv0 = { 0 },
+ *tvp;
+ time_t start_time = 0;
+ time_t tmp_time;
+ LDAPConn *lc;
+
+ assert( ld != NULL );
+ assert( result != NULL );
+
+#ifdef LDAP_DEBUG
+ if ( timeout == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (infinite timeout)\n",
+ (void *)ld, msgid, 0 );
+ } else {
+ Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (timeout %ld usec)\n",
+ (void *)ld, msgid, (long)timeout->tv_sec * 1000000 + timeout->tv_usec );
+ }
+#endif /* LDAP_DEBUG */
+
+ if ( timeout == NULL ) {
+ tvp = NULL;
+ } else {
+ tv0 = *timeout;
+ tv = *timeout;
+ tvp = &tv;
+ start_time = time( NULL );
+ }
+
+ rc = LDAP_MSG_X_KEEP_LOOKING;
+ while ( rc == LDAP_MSG_X_KEEP_LOOKING ) {
+#ifdef LDAP_DEBUG
+ if ( ldap_debug & LDAP_DEBUG_TRACE ) {
+ Debug( LDAP_DEBUG_TRACE, "wait4msg continue ld %p msgid %d all %d\n",
+ (void *)ld, msgid, all );
+ ldap_dump_connection( ld, ld->ld_conns, 1 );
+ ldap_dump_requests_and_responses( ld );
+ }
+#endif /* LDAP_DEBUG */
+
+ if ( (*result = chkResponseList(ld, msgid, all)) != NULL ) {
+ rc = (*result)->lm_msgtype;
+
+ } else {
+ int lc_ready = 0;
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
+#endif
+ for ( lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next ) {
+ if ( ber_sockbuf_ctrl( lc->lconn_sb,
+ LBER_SB_OPT_DATA_READY, NULL ) ) {
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
+#endif
+ rc = try_read1msg( ld, msgid, all, &lc, result );
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
+#endif
+ lc_ready = 1;
+ break;
+ }
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
+#endif
+
+ if ( !lc_ready ) {
+ rc = ldap_int_select( ld, tvp );
+#ifdef LDAP_DEBUG
+ if ( rc == -1 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_int_select returned -1: errno %d\n",
+ sock_errno(), 0, 0 );
+ }
+#endif
+
+ if ( rc == 0 || ( rc == -1 && (
+ !LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_RESTART)
+ || sock_errno() != EINTR )))
+ {
+ ld->ld_errno = (rc == -1 ? LDAP_SERVER_DOWN :
+ LDAP_TIMEOUT);
+ return( rc );
+ }
+
+ if ( rc == -1 ) {
+ rc = LDAP_MSG_X_KEEP_LOOKING; /* select interrupted: loop */
+ } else {
+ rc = LDAP_MSG_X_KEEP_LOOKING;
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ if ( ld->ld_requests &&
+ ld->ld_requests->lr_status == LDAP_REQST_WRITING &&
+ ldap_is_write_ready( ld,
+ ld->ld_requests->lr_conn->lconn_sb ) )
+ {
+ ldap_int_flush_request( ld, ld->ld_requests );
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+ ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
+#endif
+ for ( lc = ld->ld_conns;
+ rc == LDAP_MSG_X_KEEP_LOOKING && lc != NULL; )
+ {
+ if ( lc->lconn_status == LDAP_CONNST_CONNECTED &&
+ ldap_is_read_ready( ld, lc->lconn_sb ))
+ {
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
+#endif
+ rc = try_read1msg( ld, msgid, all, &lc, result );
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
+#endif
+ if ( lc == NULL ) {
+ /* if lc gets free()'d,
+ * there's no guarantee
+ * lc->lconn_next is still
+ * sane; better restart
+ * (ITS#4405) */
+ lc = ld->ld_conns;
+
+ /* don't get to next conn! */
+ break;
+ }
+ }
+
+ /* next conn */
+ lc = lc->lconn_next;
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
+#endif
+ }
+ }
+ }
+
+ if ( rc == LDAP_MSG_X_KEEP_LOOKING && tvp != NULL ) {
+ time_t delta_time;
+
+ tmp_time = time( NULL );
+ delta_time = tmp_time - start_time;
+
+ /* do not assume time_t is signed */
+ if ( tv0.tv_sec <= delta_time ) {
+ rc = 0; /* timed out */
+ ld->ld_errno = LDAP_TIMEOUT;
+ break;
+ }
+ tv0.tv_sec -= delta_time;
+ tv.tv_sec = tv0.tv_sec;
+
+ Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p %ld secs to go\n",
+ (void *)ld, (long) tv.tv_sec, 0 );
+ start_time = tmp_time;
+ }
+ }
+
+ return( rc );
+}
+
+
+static ber_tag_t
+try_read1msg(
+ LDAP *ld,
+ ber_int_t msgid,
+ int all,
+ LDAPConn **lcp,
+ LDAPMessage **result )
+{
+ BerElement *ber;
+ LDAPMessage *newmsg, *l, *prev;
+ ber_int_t id;
+ ber_tag_t tag;
+ ber_len_t len;
+ int foundit = 0;
+ LDAPRequest *lr, *tmplr;
+ LDAPConn *lc;
+ BerElement tmpber;
+ int rc, refer_cnt, hadref, simple_request;
+ ber_int_t lderr;
+
+#ifdef LDAP_CONNECTIONLESS
+ LDAPMessage *tmp = NULL, *chain_head = NULL;
+ int moremsgs = 0, isv2 = 0;
+#endif
+
+ /*
+ * v3ref = flag for V3 referral / search reference
+ * 0 = not a ref, 1 = sucessfully chased ref, -1 = pass ref to application
+ */
+ enum {
+ V3REF_NOREF = 0,
+ V3REF_SUCCESS = 1,
+ V3REF_TOAPP = -1
+ } v3ref;
+
+ assert( ld != NULL );
+ assert( lcp != NULL );
+ assert( *lcp != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, "read1msg: ld %p msgid %d all %d\n",
+ (void *)ld, msgid, all );
+
+ lc = *lcp;
+
+retry:
+ if ( lc->lconn_ber == NULL ) {
+ lc->lconn_ber = ldap_alloc_ber_with_options(ld);
+
+ if( lc->lconn_ber == NULL ) {
+ return -1;
+ }
+ }
+
+ ber = lc->lconn_ber;
+ assert( LBER_VALID (ber) );
+
+ /* get the next message */
+ sock_errset(0);
+#ifdef LDAP_CONNECTIONLESS
+ if ( LDAP_IS_UDP(ld) ) {
+ struct sockaddr from;
+ ber_int_sb_read( lc->lconn_sb, &from, sizeof(struct sockaddr) );
+ if (ld->ld_options.ldo_version == LDAP_VERSION2) isv2=1;
+ }
+nextresp3:
+#endif
+ tag = ber_get_next( lc->lconn_sb, &len, ber );
+ if ( tag == LDAP_TAG_MESSAGE ) {
+ /*
+ * We read a complete message.
+ * The connection should no longer need this ber.
+ */
+ lc->lconn_ber = NULL;
+ }
+ if ( tag != LDAP_TAG_MESSAGE ) {
+ if ( tag == LBER_DEFAULT) {
+#ifdef LDAP_DEBUG
+ Debug( LDAP_DEBUG_CONNS,
+ "ber_get_next failed.\n", 0, 0, 0 );
+#endif
+#ifdef EWOULDBLOCK
+ if ( sock_errno() == EWOULDBLOCK ) return LDAP_MSG_X_KEEP_LOOKING;
+#endif
+#ifdef EAGAIN
+ if ( sock_errno() == EAGAIN ) return LDAP_MSG_X_KEEP_LOOKING;
+#endif
+ ld->ld_errno = LDAP_SERVER_DOWN;
+ return -1;
+ }
+ ld->ld_errno = LDAP_LOCAL_ERROR;
+ return -1;
+ }
+
+ /* message id */
+ if ( ber_get_int( ber, &id ) == LBER_ERROR ) {
+ ber_free( ber, 1 );
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return( -1 );
+ }
+
+ /* if it's been abandoned, toss it */
+ if ( ldap_abandoned( ld, id ) ) {
+ Debug( LDAP_DEBUG_ANY, "abandoned ld %p msgid %ld\n",
+ (void *)ld, (long) id, 0);
+retry_ber:
+ ber_free( ber, 1 );
+ if ( ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_DATA_READY, NULL ) ) {
+ goto retry;
+ }
+ return( LDAP_MSG_X_KEEP_LOOKING ); /* continue looking */
+ }
+
+ lr = ldap_find_request_by_msgid( ld, id );
+ if ( lr == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "no request for response on ld %p msgid %ld (tossing)\n",
+ (void *)ld, (long) id, 0 );
+ goto retry_ber;
+ }
+#ifdef LDAP_CONNECTIONLESS
+ if (LDAP_IS_UDP(ld) && isv2) {
+ ber_scanf(ber, "x{");
+ }
+nextresp2:
+#endif
+ /* the message type */
+ if ( (tag = ber_peek_tag( ber, &len )) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free( ber, 1 );
+ return( -1 );
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "read1msg: ld %p msgid %ld message type %s\n",
+ (void *)ld, (long) lr->lr_msgid, ldap_int_msgtype2str( tag ));
+
+ id = lr->lr_origid;
+ refer_cnt = 0;
+ hadref = simple_request = 0;
+ rc = LDAP_MSG_X_KEEP_LOOKING; /* default is to keep looking (no response found) */
+ lr->lr_res_msgtype = tag;
+
+ /*
+ * This code figures out if we are going to chase a
+ * referral / search reference, or pass it back to the application
+ */
+ v3ref = V3REF_NOREF; /* Assume not a V3 search reference/referral */
+ if( (tag != LDAP_RES_SEARCH_ENTRY) && (ld->ld_version > LDAP_VERSION2) ) {
+ BerElement tmpber = *ber; /* struct copy */
+ char **refs = NULL;
+
+ if( tag == LDAP_RES_SEARCH_REFERENCE ) {
+ /* This is a V3 search reference */
+ /* Assume we do not chase the reference,
+ * but pass it to application */
+ v3ref = V3REF_TOAPP;
+ if( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ||
+ (lr->lr_parent != NULL) )
+ {
+ /* Get the referral list */
+ if ( ber_scanf( &tmpber, "{v}", &refs ) == LBER_ERROR ) {
+ rc = LDAP_DECODING_ERROR;
+ } else {
+ /* Note: refs array is freed by ldap_chase_v3referrals */
+ refer_cnt = ldap_chase_v3referrals( ld, lr, refs,
+ 1, &lr->lr_res_error, &hadref );
+ if ( refer_cnt > 0 ) {
+ /* sucessfully chased reference */
+ /* If haven't got end search, set chasing referrals */
+ if( lr->lr_status != LDAP_REQST_COMPLETED) {
+ lr->lr_status = LDAP_REQST_CHASINGREFS;
+ Debug( LDAP_DEBUG_TRACE,
+ "read1msg: search ref chased, "
+ "mark request chasing refs, "
+ "id = %d\n",
+ lr->lr_msgid, 0, 0);
+ }
+
+ /* We successfully chased the reference */
+ v3ref = V3REF_SUCCESS;
+ }
+ }
+ }
+ } else {
+ /* Check for V3 referral */
+ ber_len_t len;
+ char *lr_res_error = NULL;
+
+#ifdef LDAP_NULL_IS_NULL
+ if ( ber_scanf( &tmpber, "{eAA",/*}*/ &lderr,
+ &lr->lr_res_matched, &lr_res_error )
+ != LBER_ERROR )
+#else /* ! LDAP_NULL_IS_NULL */
+ if ( ber_scanf( &tmpber, "{eaa",/*}*/ &lderr,
+ &lr->lr_res_matched, &lr_res_error )
+ != LBER_ERROR )
+#endif /* ! LDAP_NULL_IS_NULL */
+ {
+ if ( lr_res_error != NULL ) {
+#ifndef LDAP_NULL_IS_NULL
+ if ( lr_res_error[ 0 ] == '\0' ) {
+ LDAP_FREE( lr_res_error );
+ lr_res_error = NULL;
+ } else
+#endif /* ! LDAP_NULL_IS_NULL */
+ {
+ if ( lr->lr_res_error != NULL ) {
+ (void)ldap_append_referral( ld, &lr->lr_res_error, lr_res_error );
+ LDAP_FREE( (char *)lr_res_error );
+
+ } else {
+ lr->lr_res_error = lr_res_error;
+ }
+ }
+ lr_res_error = NULL;
+ }
+
+ /* Check if V3 referral */
+ if ( ber_peek_tag( &tmpber, &len ) == LDAP_TAG_REFERRAL ) {
+ /* We have a V3 referral, assume we cannot chase it */
+ v3ref = V3REF_TOAPP;
+ if( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS)
+ || (lr->lr_parent != NULL) )
+ {
+ /* Get the referral list */
+ if( ber_scanf( &tmpber, "{v}", &refs) == LBER_ERROR) {
+ rc = LDAP_DECODING_ERROR;
+ lr->lr_status = LDAP_REQST_COMPLETED;
+ Debug( LDAP_DEBUG_TRACE,
+ "read1msg: referral decode error, mark request completed, ld %p msgid %d\n",
+ (void *)ld, lr->lr_msgid, 0);
+ } else {
+ /* Chase the referral
+ * Note: refs arrary is freed by ldap_chase_v3referrals
+ */
+ refer_cnt = ldap_chase_v3referrals( ld, lr, refs,
+ 0, &lr->lr_res_error, &hadref );
+ lr->lr_status = LDAP_REQST_COMPLETED;
+ Debug( LDAP_DEBUG_TRACE,
+ "read1msg: referral %s chased, "
+ "mark request completed, ld %p msgid %d\n",
+ hadref ? "" : "not",
+ (void *)ld, lr->lr_msgid);
+ if( refer_cnt > 0) {
+ /* Referral successfully chased */
+ v3ref = V3REF_SUCCESS;
+ } else {
+ refer_cnt = 0;
+ }
+ }
+ }
+ }
+
+ if( lr->lr_res_matched != NULL ) {
+ LDAP_FREE( lr->lr_res_matched );
+ lr->lr_res_matched = NULL;
+ }
+ if( lr->lr_res_error != NULL ) {
+ LDAP_FREE( lr->lr_res_error );
+ lr->lr_res_error = NULL;
+ }
+ }
+ }
+ }
+
+ /* All results that just return a status, i.e. don't return data
+ * go through the following code. This code also chases V2 referrals
+ * and checks if all referrals have been chased.
+ */
+ if ( tag != LDAP_RES_SEARCH_ENTRY &&
+ tag != LDAP_RES_SEARCH_REFERENCE &&
+ tag != LDAP_RES_INTERMEDIATE )
+ {
+ /* For a v3 search referral/reference, only come here if already chased it */
+ if ( ld->ld_version >= LDAP_VERSION2 &&
+ v3ref != V3REF_TOAPP &&
+ ( lr->lr_parent != NULL ||
+ LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ) )
+ {
+ char *lr_res_error = NULL;
+
+ tmpber = *ber; /* struct copy */
+ if ( v3ref == V3REF_SUCCESS ) {
+ /* V3 search reference or V3 referral
+ * sucessfully chased. If this message
+ * is a search result, then it has no more
+ * outstanding referrals.
+ */
+ if ( tag == LDAP_RES_SEARCH_RESULT )
+ refer_cnt = 0;
+#ifdef LDAP_NULL_IS_NULL
+ } else if ( ber_scanf( &tmpber, "{eAA}", &lderr,
+ &lr->lr_res_matched, &lr_res_error )
+ != LBER_ERROR )
+#else /* ! LDAP_NULL_IS_NULL */
+ } else if ( ber_scanf( &tmpber, "{eaa}", &lderr,
+ &lr->lr_res_matched, &lr_res_error )
+ != LBER_ERROR )
+#endif /* ! LDAP_NULL_IS_NULL */
+ {
+ if ( lr_res_error != NULL ) {
+#ifndef LDAP_NULL_IS_NULL
+ if ( lr_res_error[ 0 ] == '\0' ) {
+ LDAP_FREE( lr_res_error );
+ } else
+#endif /* ! LDAP_NULL_IS_NULL */
+ {
+ if ( lr->lr_res_error != NULL ) {
+ (void)ldap_append_referral( ld, &lr->lr_res_error, lr_res_error );
+ LDAP_FREE( (char *)lr_res_error );
+ } else {
+ lr->lr_res_error = lr_res_error;
+ }
+ }
+ lr_res_error = NULL;
+ }
+
+ switch ( lderr ) {
+ case LDAP_SUCCESS:
+ case LDAP_COMPARE_TRUE:
+ case LDAP_COMPARE_FALSE:
+ break;
+
+ default:
+ if ( lr->lr_res_error == NULL
+ || lr->lr_res_error[ 0 ] == '\0' )
+ {
+ break;
+ }
+
+ /* referrals are in error string */
+ refer_cnt = ldap_chase_referrals( ld, lr,
+ &lr->lr_res_error, -1, &hadref );
+ lr->lr_status = LDAP_REQST_COMPLETED;
+ Debug( LDAP_DEBUG_TRACE,
+ "read1msg: V2 referral chased, "
+ "mark request completed, id = %d\n",
+ lr->lr_msgid, 0, 0 );
+ break;
+ }
+
+ /* save errno, message, and matched string */
+ if ( !hadref || lr->lr_res_error == NULL ) {
+ lr->lr_res_errno = ( lderr ==
+ LDAP_PARTIAL_RESULTS ) ? LDAP_SUCCESS
+ : lderr;
+ } else if ( ld->ld_errno != LDAP_SUCCESS ) {
+ lr->lr_res_errno = ld->ld_errno;
+ } else {
+ lr->lr_res_errno = LDAP_PARTIAL_RESULTS;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "new result: "
+ "res_errno: %d, "
+ "res_error: <%s>, "
+ "res_matched: <%s>\n",
+ lr->lr_res_errno,
+ lr->lr_res_error ? lr->lr_res_error : "",
+ lr->lr_res_matched ? lr->lr_res_matched : "" );
+ }
+
+ /* in any case, don't leave any lr_res_error 'round */
+ if ( lr_res_error ) {
+ LDAP_FREE( lr_res_error );
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "read1msg: ld %p %d new referrals\n",
+ (void *)ld, refer_cnt, 0 );
+
+ if ( refer_cnt != 0 ) { /* chasing referrals */
+ ber_free( ber, 1 );
+ ber = NULL;
+ if ( refer_cnt < 0 ) {
+ return( -1 ); /* fatal error */
+ }
+ lr->lr_res_errno = LDAP_SUCCESS; /* sucessfully chased referral */
+ } else {
+ if ( lr->lr_outrefcnt <= 0 && lr->lr_parent == NULL ) {
+ /* request without any referrals */
+ simple_request = ( hadref ? 0 : 1 );
+ } else {
+ /* request with referrals or child request */
+ ber_free( ber, 1 );
+ ber = NULL;
+ }
+
+ lr->lr_status = LDAP_REQST_COMPLETED; /* declare this request done */
+ Debug( LDAP_DEBUG_TRACE,
+ "read1msg: mark request completed, ld %p msgid %d\n",
+ (void *)ld, lr->lr_msgid, 0);
+ while ( lr->lr_parent != NULL ) {
+ merge_error_info( ld, lr->lr_parent, lr );
+
+ lr = lr->lr_parent;
+ if ( --lr->lr_outrefcnt > 0 ) {
+ break; /* not completely done yet */
+ }
+ }
+
+ /* Check if all requests are finished, lr is now parent */
+ tmplr = lr;
+ if (tmplr->lr_status == LDAP_REQST_COMPLETED) {
+ for ( tmplr=lr->lr_child;
+ tmplr != NULL;
+ tmplr=tmplr->lr_refnext)
+ {
+ if( tmplr->lr_status != LDAP_REQST_COMPLETED) break;
+ }
+ }
+
+ /* This is the parent request if the request has referrals */
+ if ( lr->lr_outrefcnt <= 0 && lr->lr_parent == NULL &&
+ tmplr == NULL )
+ {
+ id = lr->lr_msgid;
+ tag = lr->lr_res_msgtype;
+ Debug( LDAP_DEBUG_ANY, "request done: ld %p msgid %ld\n",
+ (void *)ld, (long) id, 0 );
+Debug( LDAP_DEBUG_TRACE,
+"res_errno: %d, res_error: <%s>, res_matched: <%s>\n",
+lr->lr_res_errno, lr->lr_res_error ? lr->lr_res_error : "",
+lr->lr_res_matched ? lr->lr_res_matched : "" );
+ if ( !simple_request ) {
+ ber_free( ber, 1 );
+ ber = NULL;
+ if ( build_result_ber( ld, &ber, lr )
+ == LBER_ERROR ) {
+ rc = -1; /* fatal error */
+ }
+ }
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ ldap_free_request( ld, lr );
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+ }
+
+ if ( lc != NULL ) {
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ ldap_free_connection( ld, lc, 0, 1 );
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+ lc = *lcp = NULL;
+ }
+ }
+ }
+
+ if ( ber == NULL ) {
+ return( rc );
+ }
+
+ /* make a new ldap message */
+ newmsg = (LDAPMessage *) LDAP_CALLOC( 1, sizeof(LDAPMessage) );
+ if ( newmsg == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return( -1 );
+ }
+ newmsg->lm_msgid = (int)id;
+ newmsg->lm_msgtype = tag;
+ newmsg->lm_ber = ber;
+ newmsg->lm_chain_tail = newmsg;
+
+#ifdef LDAP_CONNECTIONLESS
+ /* CLDAP replies all fit in a single datagram. In LDAPv2 RFC1798
+ * the responses are all a sequence wrapped in one message. In
+ * LDAPv3 each response is in its own message. The datagram must
+ * end with a SearchResult. We can't just parse each response in
+ * separate calls to try_read1msg because the header info is only
+ * present at the beginning of the datagram, not at the beginning
+ * of each response. So parse all the responses at once and queue
+ * them up, then pull off the first response to return to the
+ * caller when all parsing is complete.
+ */
+ if ( LDAP_IS_UDP(ld) ) {
+ /* If not a result, look for more */
+ if ( tag != LDAP_RES_SEARCH_RESULT ) {
+ int ok = 0;
+ moremsgs = 1;
+ if (isv2) {
+ /* LDAPv2: dup the current ber, skip past the current
+ * response, and see if there are any more after it.
+ */
+ ber = ber_dup( ber );
+ ber_scanf( ber, "x" );
+ if (ber_peek_tag(ber, &len) != LBER_DEFAULT) {
+ /* There's more - dup the ber buffer so they can all be
+ * individually freed by ldap_msgfree.
+ */
+ struct berval bv;
+ ber_get_option(ber, LBER_OPT_BER_REMAINING_BYTES, &len);
+ bv.bv_val = LDAP_MALLOC(len);
+ if (bv.bv_val) {
+ ok=1;
+ ber_read(ber, bv.bv_val, len);
+ bv.bv_len = len;
+ ber_init2(ber, &bv, ld->ld_lberoptions );
+ }
+ }
+ } else {
+ /* LDAPv3: Just allocate a new ber. Since this is a buffered
+ * datagram, if the sockbuf is readable we still have data
+ * to parse.
+ */
+ ber = ldap_alloc_ber_with_options( ld );
+ if ( ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_DATA_READY, NULL ) ) ok = 1;
+ }
+ /* set up response chain */
+ if ( tmp == NULL ) {
+ newmsg->lm_next = ld->ld_responses;
+ ld->ld_responses = newmsg;
+ chain_head = newmsg;
+ } else {
+ tmp->lm_chain = newmsg;
+ }
+ chain_head->lm_chain_tail = newmsg;
+ tmp = newmsg;
+ /* "ok" means there's more to parse */
+ if (ok) {
+ if (isv2) goto nextresp2;
+ else goto nextresp3;
+ } else {
+ /* got to end of datagram without a SearchResult. Free
+ * our dup'd ber, but leave any buffer alone. For v2 case,
+ * the previous response is still using this buffer. For v3,
+ * the new ber has no buffer to free yet.
+ */
+ ber_free(ber, 0);
+ return -1;
+ }
+ } else if ( moremsgs ) {
+ /* got search result, and we had multiple responses in 1 datagram.
+ * stick the result onto the end of the chain, and then pull the
+ * first response off the head of the chain.
+ */
+ tmp->lm_chain = newmsg;
+ chain_head->lm_chain_tail = newmsg;
+ *result = chkResponseList( ld, msgid, all );
+ ld->ld_errno = LDAP_SUCCESS;
+ return( (*result)->lm_msgtype );
+ }
+ }
+#endif /* LDAP_CONNECTIONLESS */
+
+ /* is this the one we're looking for? */
+ if ( msgid == LDAP_RES_ANY || id == msgid ) {
+ if ( all == LDAP_MSG_ONE
+ || (newmsg->lm_msgtype != LDAP_RES_SEARCH_RESULT
+ && newmsg->lm_msgtype != LDAP_RES_SEARCH_ENTRY
+ && newmsg->lm_msgtype != LDAP_RES_SEARCH_REFERENCE) ) {
+ *result = newmsg;
+ ld->ld_errno = LDAP_SUCCESS;
+ return( tag );
+ } else if ( newmsg->lm_msgtype == LDAP_RES_SEARCH_RESULT) {
+ foundit = 1; /* return the chain later */
+ }
+ }
+
+ /*
+ * if not, we must add it to the list of responses. if
+ * the msgid is already there, it must be part of an existing
+ * search response.
+ */
+
+ prev = NULL;
+ for ( l = ld->ld_responses; l != NULL; l = l->lm_next ) {
+ if ( l->lm_msgid == newmsg->lm_msgid )
+ break;
+ prev = l;
+ }
+
+ /* not part of an existing search response */
+ if ( l == NULL ) {
+ if ( foundit ) {
+ *result = newmsg;
+ goto exit;
+ }
+
+ newmsg->lm_next = ld->ld_responses;
+ ld->ld_responses = newmsg;
+ goto exit;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "adding response ld %p msgid %ld type %ld:\n",
+ (void *)ld, (long) newmsg->lm_msgid, (long) newmsg->lm_msgtype );
+
+ /* part of a search response - add to end of list of entries */
+ l->lm_chain_tail->lm_chain = newmsg;
+ l->lm_chain_tail = newmsg;
+
+ /* return the whole chain if that's what we were looking for */
+ if ( foundit ) {
+ if ( prev == NULL )
+ ld->ld_responses = l->lm_next;
+ else
+ prev->lm_next = l->lm_next;
+ *result = l;
+ }
+
+exit:
+ if ( foundit ) {
+ ld->ld_errno = LDAP_SUCCESS;
+ return( tag );
+ }
+ if ( lc && ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_DATA_READY, NULL ) ) {
+ goto retry;
+ }
+ return( LDAP_MSG_X_KEEP_LOOKING ); /* continue looking */
+}
+
+
+static ber_tag_t
+build_result_ber( LDAP *ld, BerElement **bp, LDAPRequest *lr )
+{
+ ber_len_t len;
+ ber_tag_t tag;
+ ber_int_t along;
+ BerElement *ber;
+
+ *bp = NULL;
+ ber = ldap_alloc_ber_with_options( ld );
+
+ if( ber == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return LBER_ERROR;
+ }
+
+ if ( ber_printf( ber, "{it{ess}}", lr->lr_msgid,
+ lr->lr_res_msgtype, lr->lr_res_errno,
+ lr->lr_res_matched ? lr->lr_res_matched : "",
+ lr->lr_res_error ? lr->lr_res_error : "" ) == -1 )
+ {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free(ber, 1);
+ return( LBER_ERROR );
+ }
+
+ ber_reset( ber, 1 );
+
+ if ( ber_skip_tag( ber, &len ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free(ber, 1);
+ return( LBER_ERROR );
+ }
+
+ if ( ber_get_enum( ber, &along ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free(ber, 1);
+ return( LBER_ERROR );
+ }
+
+ tag = ber_peek_tag( ber, &len );
+
+ if ( tag == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free(ber, 1);
+ return( LBER_ERROR );
+ }
+
+ *bp = ber;
+ return tag;
+}
+
+
+static void
+merge_error_info( LDAP *ld, LDAPRequest *parentr, LDAPRequest *lr )
+{
+/*
+ * Merge error information in "lr" with "parentr" error code and string.
+ */
+ if ( lr->lr_res_errno == LDAP_PARTIAL_RESULTS ) {
+ parentr->lr_res_errno = lr->lr_res_errno;
+ if ( lr->lr_res_error != NULL ) {
+ (void)ldap_append_referral( ld, &parentr->lr_res_error,
+ lr->lr_res_error );
+ }
+ } else if ( lr->lr_res_errno != LDAP_SUCCESS &&
+ parentr->lr_res_errno == LDAP_SUCCESS )
+ {
+ parentr->lr_res_errno = lr->lr_res_errno;
+ if ( parentr->lr_res_error != NULL ) {
+ LDAP_FREE( parentr->lr_res_error );
+ }
+ parentr->lr_res_error = lr->lr_res_error;
+ lr->lr_res_error = NULL;
+ if ( LDAP_NAME_ERROR( lr->lr_res_errno ) ) {
+ if ( parentr->lr_res_matched != NULL ) {
+ LDAP_FREE( parentr->lr_res_matched );
+ }
+ parentr->lr_res_matched = lr->lr_res_matched;
+ lr->lr_res_matched = NULL;
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "merged parent (id %d) error info: ",
+ parentr->lr_msgid, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "result errno %d, error <%s>, matched <%s>\n",
+ parentr->lr_res_errno, parentr->lr_res_error ?
+ parentr->lr_res_error : "", parentr->lr_res_matched ?
+ parentr->lr_res_matched : "" );
+}
+
+
+
+int
+ldap_msgtype( LDAPMessage *lm )
+{
+ assert( lm != NULL );
+ return ( lm != NULL ) ? (int)lm->lm_msgtype : -1;
+}
+
+
+int
+ldap_msgid( LDAPMessage *lm )
+{
+ assert( lm != NULL );
+
+ return ( lm != NULL ) ? lm->lm_msgid : -1;
+}
+
+
+char * ldap_int_msgtype2str( ber_tag_t tag )
+{
+ switch( tag ) {
+ case LDAP_RES_ADD: return "add";
+ case LDAP_RES_BIND: return "bind";
+ case LDAP_RES_COMPARE: return "compare";
+ case LDAP_RES_DELETE: return "delete";
+ case LDAP_RES_EXTENDED: return "extended-result";
+ case LDAP_RES_INTERMEDIATE: return "intermediate";
+ case LDAP_RES_MODIFY: return "modify";
+ case LDAP_RES_RENAME: return "rename";
+ case LDAP_RES_SEARCH_ENTRY: return "search-entry";
+ case LDAP_RES_SEARCH_REFERENCE: return "search-reference";
+ case LDAP_RES_SEARCH_RESULT: return "search-result";
+ }
+ return "unknown";
+}
+
+int
+ldap_msgfree( LDAPMessage *lm )
+{
+ LDAPMessage *next;
+ int type = 0;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_msgfree\n", 0, 0, 0 );
+
+ for ( ; lm != NULL; lm = next ) {
+ next = lm->lm_chain;
+ type = lm->lm_msgtype;
+ ber_free( lm->lm_ber, 1 );
+ LDAP_FREE( (char *) lm );
+ }
+
+ return( type );
+}
+
+/*
+ * ldap_msgdelete - delete a message. It returns:
+ * 0 if the entire message was deleted
+ * -1 if the message was not found, or only part of it was found
+ */
+int
+ldap_msgdelete( LDAP *ld, int msgid )
+{
+ LDAPMessage *lm, *prev;
+ int rc = 0;
+
+ assert( ld != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_msgdelete\n", 0, 0, 0 );
+
+ prev = NULL;
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
+#endif
+ for ( lm = ld->ld_responses; lm != NULL; lm = lm->lm_next ) {
+ if ( lm->lm_msgid == msgid )
+ break;
+ prev = lm;
+ }
+
+ if ( lm == NULL ) {
+ rc = -1;
+ } else {
+ if ( prev == NULL )
+ ld->ld_responses = lm->lm_next;
+ else
+ prev->lm_next = lm->lm_next;
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
+#endif
+ if ( lm && ldap_msgfree( lm ) == LDAP_RES_SEARCH_ENTRY )
+ rc = -1;
+
+ return( rc );
+}
+
+
+/*
+ * return 1 if message msgid is waiting to be abandoned, 0 otherwise
+ */
+static int
+ldap_abandoned( LDAP *ld, ber_int_t msgid )
+{
+ int i;
+
+ if ( ld->ld_abandoned == NULL )
+ return( 0 );
+
+ for ( i = 0; ld->ld_abandoned[i] != -1; i++ )
+ if ( ld->ld_abandoned[i] == msgid )
+ return( 1 );
+
+ return( 0 );
+}
+
+
+static int
+ldap_mark_abandoned( LDAP *ld, ber_int_t msgid )
+{
+ int i;
+
+ if ( ld->ld_abandoned == NULL )
+ return( -1 );
+
+ for ( i = 0; ld->ld_abandoned[i] != -1; i++ )
+ if ( ld->ld_abandoned[i] == msgid )
+ break;
+
+ if ( ld->ld_abandoned[i] == -1 )
+ return( -1 );
+
+ for ( ; ld->ld_abandoned[i] != -1; i++ ) {
+ ld->ld_abandoned[i] = ld->ld_abandoned[i + 1];
+ }
+
+ return( 0 );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/sasl.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/sasl.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/sasl.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,490 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/sasl.c,v 1.58.2.5 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (C) The Internet Society (1997)
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+/*
+ * BindRequest ::= SEQUENCE {
+ * version INTEGER,
+ * name DistinguishedName, -- who
+ * authentication CHOICE {
+ * simple [0] OCTET STRING -- passwd
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ * krbv42ldap [1] OCTET STRING
+ * krbv42dsa [2] OCTET STRING
+#endif
+ * sasl [3] SaslCredentials -- LDAPv3
+ * }
+ * }
+ *
+ * BindResponse ::= SEQUENCE {
+ * COMPONENTS OF LDAPResult,
+ * serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3
+ * }
+ *
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/errno.h>
+
+#include "ldap-int.h"
+
+/*
+ * ldap_sasl_bind - bind to the ldap server (and X.500).
+ * The dn (usually NULL), mechanism, and credentials are provided.
+ * The message id of the request initiated is provided upon successful
+ * (LDAP_SUCCESS) return.
+ *
+ * Example:
+ * ldap_sasl_bind( ld, NULL, "mechanism",
+ * cred, NULL, NULL, &msgid )
+ */
+
+int
+ldap_sasl_bind(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *mechanism,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ BerElement *ber;
+ int rc;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( msgidp != NULL );
+
+ /* check client controls */
+ rc = ldap_int_client_controls( ld, cctrls );
+ if( rc != LDAP_SUCCESS ) return rc;
+
+ if( mechanism == LDAP_SASL_SIMPLE ) {
+ if( dn == NULL && cred != NULL && cred->bv_len ) {
+ /* use default binddn */
+ dn = ld->ld_defbinddn;
+ }
+
+ } else if( ld->ld_version < LDAP_VERSION3 ) {
+ ld->ld_errno = LDAP_NOT_SUPPORTED;
+ return ld->ld_errno;
+ }
+
+ if ( dn == NULL ) {
+ dn = "";
+ }
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ assert( LBER_VALID( ber ) );
+
+ LDAP_NEXT_MSGID( ld, id );
+ if( mechanism == LDAP_SASL_SIMPLE ) {
+ /* simple bind */
+ rc = ber_printf( ber, "{it{istON}" /*}*/,
+ id, LDAP_REQ_BIND,
+ ld->ld_version, dn, LDAP_AUTH_SIMPLE,
+ cred );
+
+ } else if ( cred == NULL || cred->bv_val == NULL ) {
+ /* SASL bind w/o credentials */
+ rc = ber_printf( ber, "{it{ist{sN}N}" /*}*/,
+ id, LDAP_REQ_BIND,
+ ld->ld_version, dn, LDAP_AUTH_SASL,
+ mechanism );
+
+ } else {
+ /* SASL bind w/ credentials */
+ rc = ber_printf( ber, "{it{ist{sON}N}" /*}*/,
+ id, LDAP_REQ_BIND,
+ ld->ld_version, dn, LDAP_AUTH_SASL,
+ mechanism, cred );
+ }
+
+ if( rc == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( -1 );
+ }
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+
+ /* send the message */
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
+
+ if(*msgidp < 0)
+ return ld->ld_errno;
+
+ return LDAP_SUCCESS;
+}
+
+
+int
+ldap_sasl_bind_s(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *mechanism,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ struct berval **servercredp )
+{
+ int rc, msgid;
+ LDAPMessage *result;
+ struct berval *scredp = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind_s\n", 0, 0, 0 );
+
+ /* do a quick !LDAPv3 check... ldap_sasl_bind will do the rest. */
+ if( servercredp != NULL ) {
+ if (ld->ld_version < LDAP_VERSION3) {
+ ld->ld_errno = LDAP_NOT_SUPPORTED;
+ return ld->ld_errno;
+ }
+ *servercredp = NULL;
+ }
+
+ rc = ldap_sasl_bind( ld, dn, mechanism, cred, sctrls, cctrls, &msgid );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return( rc );
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ if (LDAP_IS_UDP(ld)) {
+ return( rc );
+ }
+#endif
+
+ if ( ldap_result( ld, msgid, 1, NULL, &result ) == -1 ) {
+ return( ld->ld_errno ); /* ldap_result sets ld_errno */
+ }
+
+ /* parse the results */
+ scredp = NULL;
+ if( servercredp != NULL ) {
+ rc = ldap_parse_sasl_bind_result( ld, result, &scredp, 0 );
+ }
+
+ if ( rc != LDAP_SUCCESS && rc != LDAP_SASL_BIND_IN_PROGRESS ) {
+ ldap_msgfree( result );
+ return( rc );
+ }
+
+ rc = ldap_result2error( ld, result, 1 );
+
+ if ( rc == LDAP_SUCCESS || rc == LDAP_SASL_BIND_IN_PROGRESS ) {
+ if( servercredp != NULL ) {
+ *servercredp = scredp;
+ scredp = NULL;
+ }
+ }
+
+ if ( scredp != NULL ) {
+ ber_bvfree(scredp);
+ }
+
+ return rc;
+}
+
+
+/*
+* Parse BindResponse:
+*
+* BindResponse ::= [APPLICATION 1] SEQUENCE {
+* COMPONENTS OF LDAPResult,
+* serverSaslCreds [7] OCTET STRING OPTIONAL }
+*
+* LDAPResult ::= SEQUENCE {
+* resultCode ENUMERATED,
+* matchedDN LDAPDN,
+* errorMessage LDAPString,
+* referral [3] Referral OPTIONAL }
+*/
+
+int
+ldap_parse_sasl_bind_result(
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval **servercredp,
+ int freeit )
+{
+ ber_int_t errcode;
+ struct berval* scred;
+
+ ber_tag_t tag;
+ BerElement *ber;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_parse_sasl_bind_result\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( res != NULL );
+
+ if( servercredp != NULL ) {
+ if( ld->ld_version < LDAP_VERSION2 ) {
+ return LDAP_NOT_SUPPORTED;
+ }
+ *servercredp = NULL;
+ }
+
+ if( res->lm_msgtype != LDAP_RES_BIND ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ scred = NULL;
+
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ ld->ld_error = NULL;
+ }
+ if ( ld->ld_matched ) {
+ LDAP_FREE( ld->ld_matched );
+ ld->ld_matched = NULL;
+ }
+
+ /* parse results */
+
+ ber = ber_dup( res->lm_ber );
+
+ if( ber == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ if ( ld->ld_version < LDAP_VERSION2 ) {
+#ifdef LDAP_NULL_IS_NULL
+ tag = ber_scanf( ber, "{iA}",
+ &errcode, &ld->ld_error );
+#else /* ! LDAP_NULL_IS_NULL */
+ tag = ber_scanf( ber, "{ia}",
+ &errcode, &ld->ld_error );
+#endif /* ! LDAP_NULL_IS_NULL */
+
+ if( tag == LBER_ERROR ) {
+ ber_free( ber, 0 );
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return ld->ld_errno;
+ }
+
+ } else {
+ ber_len_t len;
+
+#ifdef LDAP_NULL_IS_NULL
+ tag = ber_scanf( ber, "{eAA" /*}*/,
+ &errcode, &ld->ld_matched, &ld->ld_error );
+#else /* ! LDAP_NULL_IS_NULL */
+ tag = ber_scanf( ber, "{eaa" /*}*/,
+ &errcode, &ld->ld_matched, &ld->ld_error );
+#endif /* ! LDAP_NULL_IS_NULL */
+
+ if( tag == LBER_ERROR ) {
+ ber_free( ber, 0 );
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return ld->ld_errno;
+ }
+
+ tag = ber_peek_tag(ber, &len);
+
+ if( tag == LDAP_TAG_REFERRAL ) {
+ /* skip 'em */
+ if( ber_scanf( ber, "x" ) == LBER_ERROR ) {
+ ber_free( ber, 0 );
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return ld->ld_errno;
+ }
+
+ tag = ber_peek_tag(ber, &len);
+ }
+
+ if( tag == LDAP_TAG_SASL_RES_CREDS ) {
+ if( ber_scanf( ber, "O", &scred ) == LBER_ERROR ) {
+ ber_free( ber, 0 );
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return ld->ld_errno;
+ }
+ }
+ }
+
+ ber_free( ber, 0 );
+
+ if ( servercredp != NULL ) {
+ *servercredp = scred;
+
+ } else if ( scred != NULL ) {
+ ber_bvfree( scred );
+ }
+
+ ld->ld_errno = errcode;
+
+ if ( freeit ) {
+ ldap_msgfree( res );
+ }
+
+ return( ld->ld_errno );
+}
+
+int
+ldap_pvt_sasl_getmechs ( LDAP *ld, char **pmechlist )
+{
+ /* we need to query the server for supported mechs anyway */
+ LDAPMessage *res, *e;
+ char *attrs[] = { "supportedSASLMechanisms", NULL };
+ char **values, *mechlist;
+ int rc;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_getmech\n", 0, 0, 0 );
+
+ rc = ldap_search_s( ld, "", LDAP_SCOPE_BASE,
+ NULL, attrs, 0, &res );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return ld->ld_errno;
+ }
+
+ e = ldap_first_entry( ld, res );
+ if ( e == NULL ) {
+ ldap_msgfree( res );
+ if ( ld->ld_errno == LDAP_SUCCESS ) {
+ ld->ld_errno = LDAP_NO_SUCH_OBJECT;
+ }
+ return ld->ld_errno;
+ }
+
+ values = ldap_get_values( ld, e, "supportedSASLMechanisms" );
+ if ( values == NULL ) {
+ ldap_msgfree( res );
+ ld->ld_errno = LDAP_NO_SUCH_ATTRIBUTE;
+ return ld->ld_errno;
+ }
+
+ mechlist = ldap_charray2str( values, " " );
+ if ( mechlist == NULL ) {
+ LDAP_VFREE( values );
+ ldap_msgfree( res );
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ LDAP_VFREE( values );
+ ldap_msgfree( res );
+
+ *pmechlist = mechlist;
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * ldap_sasl_interactive_bind_s - interactive SASL authentication
+ *
+ * This routine uses interactive callbacks.
+ *
+ * LDAP_SUCCESS is returned upon success, the ldap error code
+ * otherwise.
+ */
+int
+ldap_sasl_interactive_bind_s(
+ LDAP *ld,
+ LDAP_CONST char *dn, /* usually NULL */
+ LDAP_CONST char *mechs,
+ LDAPControl **serverControls,
+ LDAPControl **clientControls,
+ unsigned flags,
+ LDAP_SASL_INTERACT_PROC *interact,
+ void *defaults )
+{
+ int rc;
+ char *smechs = NULL;
+
+#if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL )
+ ldap_pvt_thread_mutex_lock( &ldap_int_sasl_mutex );
+#endif
+#ifdef LDAP_CONNECTIONLESS
+ if( LDAP_IS_UDP(ld) ) {
+ /* Just force it to simple bind, silly to make the user
+ * ask all the time. No, we don't ever actually bind, but I'll
+ * let the final bind handler take care of saving the cdn.
+ */
+ rc = ldap_simple_bind( ld, dn, NULL );
+ rc = rc < 0 ? rc : 0;
+ goto done;
+ } else
+#endif
+
+#ifdef HAVE_CYRUS_SASL
+ if( mechs == NULL || *mechs == '\0' ) {
+ mechs = ld->ld_options.ldo_def_sasl_mech;
+ }
+#endif
+
+ if( mechs == NULL || *mechs == '\0' ) {
+ rc = ldap_pvt_sasl_getmechs( ld, &smechs );
+ if( rc != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_sasl_interactive_bind_s: server supports: %s\n",
+ smechs, 0, 0 );
+
+ mechs = smechs;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_sasl_interactive_bind_s: user selected: %s\n",
+ mechs, 0, 0 );
+ }
+
+ rc = ldap_int_sasl_bind( ld, dn, mechs,
+ serverControls, clientControls,
+ flags, interact, defaults );
+
+done:
+#if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL )
+ ldap_pvt_thread_mutex_unlock( &ldap_int_sasl_mutex );
+#endif
+ if ( smechs ) LDAP_FREE( smechs );
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/sbind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/sbind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/sbind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,120 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/sbind.c,v 1.23.2.3 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1993 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/* Portions Copyright (C) The Internet Society (1997)
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+/*
+ * BindRequest ::= SEQUENCE {
+ * version INTEGER,
+ * name DistinguishedName, -- who
+ * authentication CHOICE {
+ * simple [0] OCTET STRING -- passwd
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ * krbv42ldap [1] OCTET STRING
+ * krbv42dsa [2] OCTET STRING
+#endif
+ * sasl [3] SaslCredentials -- LDAPv3
+ * }
+ * }
+ *
+ * BindResponse ::= SEQUENCE {
+ * COMPONENTS OF LDAPResult,
+ * serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3
+ * }
+ *
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+/*
+ * ldap_simple_bind - bind to the ldap server (and X.500). The dn and
+ * password of the entry to which to bind are supplied. The message id
+ * of the request initiated is returned.
+ *
+ * Example:
+ * ldap_simple_bind( ld, "cn=manager, o=university of michigan, c=us",
+ * "secret" )
+ */
+
+int
+ldap_simple_bind(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *passwd )
+{
+ int rc;
+ int msgid;
+ struct berval cred;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_simple_bind\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+
+ if ( passwd != NULL ) {
+ cred.bv_val = (char *) passwd;
+ cred.bv_len = strlen( passwd );
+ } else {
+ cred.bv_val = "";
+ cred.bv_len = 0;
+ }
+
+ rc = ldap_sasl_bind( ld, dn, LDAP_SASL_SIMPLE, &cred,
+ NULL, NULL, &msgid );
+
+ return rc == LDAP_SUCCESS ? msgid : -1;
+}
+
+/*
+ * ldap_simple_bind - bind to the ldap server (and X.500) using simple
+ * authentication. The dn and password of the entry to which to bind are
+ * supplied. LDAP_SUCCESS is returned upon success, the ldap error code
+ * otherwise.
+ *
+ * Example:
+ * ldap_simple_bind_s( ld, "cn=manager, o=university of michigan, c=us",
+ * "secret" )
+ */
+
+int
+ldap_simple_bind_s( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd )
+{
+ struct berval cred;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_simple_bind_s\n", 0, 0, 0 );
+
+ if ( passwd != NULL ) {
+ cred.bv_val = (char *) passwd;
+ cred.bv_len = strlen( passwd );
+ } else {
+ cred.bv_val = "";
+ cred.bv_len = 0;
+ }
+
+ return ldap_sasl_bind_s( ld, dn, LDAP_SASL_SIMPLE, &cred,
+ NULL, NULL, NULL );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/schema.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/schema.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/schema.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3343 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/schema.c,v 1.66.2.7 2007/01/02 21:43:49 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * schema.c: parsing routines used by servers and clients to process
+ * schema definitions
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+#include <ldap_schema.h>
+
+static const char *
+choose_name( char *names[], const char *fallback )
+{
+ return (names != NULL && names[0] != NULL) ? names[0] : fallback;
+}
+
+LDAP_CONST char *
+ldap_syntax2name( LDAPSyntax * syn )
+{
+ return( syn->syn_oid );
+}
+
+LDAP_CONST char *
+ldap_matchingrule2name( LDAPMatchingRule * mr )
+{
+ return( choose_name( mr->mr_names, mr->mr_oid ) );
+}
+
+LDAP_CONST char *
+ldap_matchingruleuse2name( LDAPMatchingRuleUse * mru )
+{
+ return( choose_name( mru->mru_names, mru->mru_oid ) );
+}
+
+LDAP_CONST char *
+ldap_attributetype2name( LDAPAttributeType * at )
+{
+ return( choose_name( at->at_names, at->at_oid ) );
+}
+
+LDAP_CONST char *
+ldap_objectclass2name( LDAPObjectClass * oc )
+{
+ return( choose_name( oc->oc_names, oc->oc_oid ) );
+}
+
+LDAP_CONST char *
+ldap_contentrule2name( LDAPContentRule * cr )
+{
+ return( choose_name( cr->cr_names, cr->cr_oid ) );
+}
+
+LDAP_CONST char *
+ldap_nameform2name( LDAPNameForm * nf )
+{
+ return( choose_name( nf->nf_names, nf->nf_oid ) );
+}
+
+LDAP_CONST char *
+ldap_structurerule2name( LDAPStructureRule * sr )
+{
+ return( choose_name( sr->sr_names, NULL ) );
+}
+
+/*
+ * When pretty printing the entities we will be appending to a buffer.
+ * Since checking for overflow, realloc'ing and checking if no error
+ * is extremely boring, we will use a protection layer that will let
+ * us blissfully ignore the error until the end. This layer is
+ * implemented with the help of the next type.
+ */
+
+typedef struct safe_string {
+ char * val;
+ ber_len_t size;
+ ber_len_t pos;
+ int at_whsp;
+} safe_string;
+
+static safe_string *
+new_safe_string(int size)
+{
+ safe_string * ss;
+
+ ss = LDAP_MALLOC(sizeof(safe_string));
+ if ( !ss )
+ return(NULL);
+
+ ss->val = LDAP_MALLOC(size);
+ if ( !ss->val ) {
+ LDAP_FREE(ss);
+ return(NULL);
+ }
+
+ ss->size = size;
+ ss->pos = 0;
+ ss->at_whsp = 0;
+
+ return ss;
+}
+
+static void
+safe_string_free(safe_string * ss)
+{
+ if ( !ss )
+ return;
+ LDAP_FREE(ss->val);
+ LDAP_FREE(ss);
+}
+
+#if 0 /* unused */
+static char *
+safe_string_val(safe_string * ss)
+{
+ ss->val[ss->pos] = '\0';
+ return(ss->val);
+}
+#endif
+
+static char *
+safe_strdup(safe_string * ss)
+{
+ char *ret = LDAP_MALLOC(ss->pos+1);
+ if (!ret)
+ return NULL;
+ AC_MEMCPY(ret, ss->val, ss->pos);
+ ret[ss->pos] = '\0';
+ return ret;
+}
+
+static int
+append_to_safe_string(safe_string * ss, char * s)
+{
+ int l = strlen(s);
+ char * temp;
+
+ /*
+ * Some runaway process is trying to append to a string that
+ * overflowed and we could not extend.
+ */
+ if ( !ss->val )
+ return -1;
+
+ /* We always make sure there is at least one position available */
+ if ( ss->pos + l >= ss->size-1 ) {
+ ss->size *= 2;
+ if ( ss->pos + l >= ss->size-1 ) {
+ ss->size = ss->pos + l + 1;
+ }
+
+ temp = LDAP_REALLOC(ss->val, ss->size);
+ if ( !temp ) {
+ /* Trouble, out of memory */
+ LDAP_FREE(ss->val);
+ return -1;
+ }
+ ss->val = temp;
+ }
+ strncpy(&ss->val[ss->pos], s, l);
+ ss->pos += l;
+ if ( ss->pos > 0 && LDAP_SPACE(ss->val[ss->pos-1]) )
+ ss->at_whsp = 1;
+ else
+ ss->at_whsp = 0;
+
+ return 0;
+}
+
+static int
+print_literal(safe_string *ss, char *s)
+{
+ return(append_to_safe_string(ss,s));
+}
+
+static int
+print_whsp(safe_string *ss)
+{
+ if ( ss->at_whsp )
+ return(append_to_safe_string(ss,""));
+ else
+ return(append_to_safe_string(ss," "));
+}
+
+static int
+print_numericoid(safe_string *ss, char *s)
+{
+ if ( s )
+ return(append_to_safe_string(ss,s));
+ else
+ return(append_to_safe_string(ss,""));
+}
+
+/* This one is identical to print_qdescr */
+static int
+print_qdstring(safe_string *ss, char *s)
+{
+ print_whsp(ss);
+ print_literal(ss,"'");
+ append_to_safe_string(ss,s);
+ print_literal(ss,"'");
+ return(print_whsp(ss));
+}
+
+static int
+print_qdescr(safe_string *ss, char *s)
+{
+ print_whsp(ss);
+ print_literal(ss,"'");
+ append_to_safe_string(ss,s);
+ print_literal(ss,"'");
+ return(print_whsp(ss));
+}
+
+static int
+print_qdescrlist(safe_string *ss, char **sa)
+{
+ char **sp;
+ int ret = 0;
+
+ for (sp=sa; *sp; sp++) {
+ ret = print_qdescr(ss,*sp);
+ }
+ /* If the list was empty, we return zero that is potentially
+ * incorrect, but since we will be still appending things, the
+ * overflow will be detected later. Maybe FIX.
+ */
+ return(ret);
+}
+
+static int
+print_qdescrs(safe_string *ss, char **sa)
+{
+ /* The only way to represent an empty list is as a qdescrlist
+ * so, if the list is empty we treat it as a long list.
+ * Really, this is what the syntax mandates. We should not
+ * be here if the list was empty, but if it happens, a label
+ * has already been output and we cannot undo it.
+ */
+ if ( !sa[0] || ( sa[0] && sa[1] ) ) {
+ print_whsp(ss);
+ print_literal(ss,"("/*)*/);
+ print_qdescrlist(ss,sa);
+ print_literal(ss,/*(*/")");
+ return(print_whsp(ss));
+ } else {
+ return(print_qdescr(ss,*sa));
+ }
+}
+
+static int
+print_woid(safe_string *ss, char *s)
+{
+ print_whsp(ss);
+ append_to_safe_string(ss,s);
+ return print_whsp(ss);
+}
+
+static int
+print_oidlist(safe_string *ss, char **sa)
+{
+ char **sp;
+
+ for (sp=sa; *(sp+1); sp++) {
+ print_woid(ss,*sp);
+ print_literal(ss,"$");
+ }
+ return(print_woid(ss,*sp));
+}
+
+static int
+print_oids(safe_string *ss, char **sa)
+{
+ if ( sa[0] && sa[1] ) {
+ print_literal(ss,"("/*)*/);
+ print_oidlist(ss,sa);
+ print_whsp(ss);
+ return(print_literal(ss,/*(*/")"));
+ } else {
+ return(print_woid(ss,*sa));
+ }
+}
+
+static int
+print_noidlen(safe_string *ss, char *s, int l)
+{
+ char buf[64];
+ int ret;
+
+ ret = print_numericoid(ss,s);
+ if ( l ) {
+ snprintf(buf, sizeof buf, "{%d}",l);
+ ret = print_literal(ss,buf);
+ }
+ return(ret);
+}
+
+static int
+print_ruleid(safe_string *ss, int rid)
+{
+ char buf[64];
+ snprintf(buf, sizeof buf, "%d", rid);
+ return print_literal(ss,buf);
+}
+
+static int
+print_ruleids(safe_string *ss, int n, int *rids)
+{
+ int i;
+
+ if( n == 1 ) {
+ print_ruleid(ss,rids[0]);
+ return print_whsp(ss);
+ } else {
+ print_literal(ss,"("/*)*/);
+ for( i=0; i<n; i++ ) {
+ print_whsp(ss);
+ print_ruleid(ss,rids[i]);
+ }
+ print_whsp(ss);
+ return print_literal(ss,/*(*/")");
+ }
+}
+
+
+static int
+print_extensions(safe_string *ss, LDAPSchemaExtensionItem **extensions)
+{
+ LDAPSchemaExtensionItem **ext;
+
+ if ( extensions ) {
+ print_whsp(ss);
+ for ( ext = extensions; *ext != NULL; ext++ ) {
+ print_literal(ss, (*ext)->lsei_name);
+ print_whsp(ss);
+ /* Should be print_qdstrings */
+ print_qdescrs(ss, (*ext)->lsei_values);
+ print_whsp(ss);
+ }
+ }
+
+ return 0;
+}
+
+char *
+ldap_syntax2str( LDAPSyntax * syn )
+{
+ struct berval bv;
+ if (ldap_syntax2bv( syn, &bv ))
+ return(bv.bv_val);
+ else
+ return NULL;
+}
+
+struct berval *
+ldap_syntax2bv( LDAPSyntax * syn, struct berval *bv )
+{
+ safe_string * ss;
+
+ ss = new_safe_string(256);
+ if ( !ss )
+ return NULL;
+
+ print_literal(ss,"("/*)*/);
+ print_whsp(ss);
+
+ print_numericoid(ss, syn->syn_oid);
+ print_whsp(ss);
+
+ if ( syn->syn_desc ) {
+ print_literal(ss,"DESC");
+ print_qdstring(ss,syn->syn_desc);
+ }
+
+ print_whsp(ss);
+
+ print_extensions(ss, syn->syn_extensions);
+
+ print_literal(ss,/*(*/ ")");
+
+ bv->bv_val = safe_strdup(ss);
+ bv->bv_len = ss->pos;
+ safe_string_free(ss);
+ return(bv);
+}
+
+char *
+ldap_matchingrule2str( LDAPMatchingRule * mr )
+{
+ struct berval bv;
+ if (ldap_matchingrule2bv( mr, &bv ))
+ return(bv.bv_val);
+ else
+ return NULL;
+}
+
+struct berval *
+ldap_matchingrule2bv( LDAPMatchingRule * mr, struct berval *bv )
+{
+ safe_string * ss;
+
+ ss = new_safe_string(256);
+ if ( !ss )
+ return NULL;
+
+ print_literal(ss,"(" /*)*/);
+ print_whsp(ss);
+
+ print_numericoid(ss, mr->mr_oid);
+ print_whsp(ss);
+
+ if ( mr->mr_names ) {
+ print_literal(ss,"NAME");
+ print_qdescrs(ss,mr->mr_names);
+ }
+
+ if ( mr->mr_desc ) {
+ print_literal(ss,"DESC");
+ print_qdstring(ss,mr->mr_desc);
+ }
+
+ if ( mr->mr_obsolete ) {
+ print_literal(ss, "OBSOLETE");
+ print_whsp(ss);
+ }
+
+ if ( mr->mr_syntax_oid ) {
+ print_literal(ss,"SYNTAX");
+ print_whsp(ss);
+ print_literal(ss, mr->mr_syntax_oid);
+ print_whsp(ss);
+ }
+
+ print_whsp(ss);
+
+ print_extensions(ss, mr->mr_extensions);
+
+ print_literal(ss,/*(*/")");
+
+ bv->bv_val = safe_strdup(ss);
+ bv->bv_len = ss->pos;
+ safe_string_free(ss);
+ return(bv);
+}
+
+char *
+ldap_matchingruleuse2str( LDAPMatchingRuleUse * mru )
+{
+ struct berval bv;
+ if (ldap_matchingruleuse2bv( mru, &bv ))
+ return(bv.bv_val);
+ else
+ return NULL;
+}
+
+struct berval *
+ldap_matchingruleuse2bv( LDAPMatchingRuleUse * mru, struct berval *bv )
+{
+ safe_string * ss;
+
+ ss = new_safe_string(256);
+ if ( !ss )
+ return NULL;
+
+ print_literal(ss,"(" /*)*/);
+ print_whsp(ss);
+
+ print_numericoid(ss, mru->mru_oid);
+ print_whsp(ss);
+
+ if ( mru->mru_names ) {
+ print_literal(ss,"NAME");
+ print_qdescrs(ss,mru->mru_names);
+ }
+
+ if ( mru->mru_desc ) {
+ print_literal(ss,"DESC");
+ print_qdstring(ss,mru->mru_desc);
+ }
+
+ if ( mru->mru_obsolete ) {
+ print_literal(ss, "OBSOLETE");
+ print_whsp(ss);
+ }
+
+ if ( mru->mru_applies_oids ) {
+ print_literal(ss,"APPLIES");
+ print_whsp(ss);
+ print_oids(ss, mru->mru_applies_oids);
+ print_whsp(ss);
+ }
+
+ print_whsp(ss);
+
+ print_extensions(ss, mru->mru_extensions);
+
+ print_literal(ss,/*(*/")");
+
+ bv->bv_val = safe_strdup(ss);
+ bv->bv_len = ss->pos;
+ safe_string_free(ss);
+ return(bv);
+}
+
+char *
+ldap_objectclass2str( LDAPObjectClass * oc )
+{
+ struct berval bv;
+ if (ldap_objectclass2bv( oc, &bv ))
+ return(bv.bv_val);
+ else
+ return NULL;
+}
+
+struct berval *
+ldap_objectclass2bv( LDAPObjectClass * oc, struct berval *bv )
+{
+ safe_string * ss;
+
+ ss = new_safe_string(256);
+ if ( !ss )
+ return NULL;
+
+ print_literal(ss,"("/*)*/);
+ print_whsp(ss);
+
+ print_numericoid(ss, oc->oc_oid);
+ print_whsp(ss);
+
+ if ( oc->oc_names ) {
+ print_literal(ss,"NAME");
+ print_qdescrs(ss,oc->oc_names);
+ }
+
+ if ( oc->oc_desc ) {
+ print_literal(ss,"DESC");
+ print_qdstring(ss,oc->oc_desc);
+ }
+
+ if ( oc->oc_obsolete ) {
+ print_literal(ss, "OBSOLETE");
+ print_whsp(ss);
+ }
+
+ if ( oc->oc_sup_oids ) {
+ print_literal(ss,"SUP");
+ print_whsp(ss);
+ print_oids(ss,oc->oc_sup_oids);
+ print_whsp(ss);
+ }
+
+ switch (oc->oc_kind) {
+ case LDAP_SCHEMA_ABSTRACT:
+ print_literal(ss,"ABSTRACT");
+ break;
+ case LDAP_SCHEMA_STRUCTURAL:
+ print_literal(ss,"STRUCTURAL");
+ break;
+ case LDAP_SCHEMA_AUXILIARY:
+ print_literal(ss,"AUXILIARY");
+ break;
+ default:
+ print_literal(ss,"KIND-UNKNOWN");
+ break;
+ }
+ print_whsp(ss);
+
+ if ( oc->oc_at_oids_must ) {
+ print_literal(ss,"MUST");
+ print_whsp(ss);
+ print_oids(ss,oc->oc_at_oids_must);
+ print_whsp(ss);
+ }
+
+ if ( oc->oc_at_oids_may ) {
+ print_literal(ss,"MAY");
+ print_whsp(ss);
+ print_oids(ss,oc->oc_at_oids_may);
+ print_whsp(ss);
+ }
+
+ print_whsp(ss);
+
+ print_extensions(ss, oc->oc_extensions);
+
+ print_literal(ss, /*(*/")");
+
+ bv->bv_val = safe_strdup(ss);
+ bv->bv_len = ss->pos;
+ safe_string_free(ss);
+ return(bv);
+}
+
+char *
+ldap_contentrule2str( LDAPContentRule * cr )
+{
+ struct berval bv;
+ if (ldap_contentrule2bv( cr, &bv ))
+ return(bv.bv_val);
+ else
+ return NULL;
+}
+
+struct berval *
+ldap_contentrule2bv( LDAPContentRule * cr, struct berval *bv )
+{
+ safe_string * ss;
+
+ ss = new_safe_string(256);
+ if ( !ss )
+ return NULL;
+
+ print_literal(ss,"("/*)*/);
+ print_whsp(ss);
+
+ print_numericoid(ss, cr->cr_oid);
+ print_whsp(ss);
+
+ if ( cr->cr_names ) {
+ print_literal(ss,"NAME");
+ print_qdescrs(ss,cr->cr_names);
+ }
+
+ if ( cr->cr_desc ) {
+ print_literal(ss,"DESC");
+ print_qdstring(ss,cr->cr_desc);
+ }
+
+ if ( cr->cr_obsolete ) {
+ print_literal(ss, "OBSOLETE");
+ print_whsp(ss);
+ }
+
+ if ( cr->cr_oc_oids_aux ) {
+ print_literal(ss,"AUX");
+ print_whsp(ss);
+ print_oids(ss,cr->cr_oc_oids_aux);
+ print_whsp(ss);
+ }
+
+ if ( cr->cr_at_oids_must ) {
+ print_literal(ss,"MUST");
+ print_whsp(ss);
+ print_oids(ss,cr->cr_at_oids_must);
+ print_whsp(ss);
+ }
+
+ if ( cr->cr_at_oids_may ) {
+ print_literal(ss,"MAY");
+ print_whsp(ss);
+ print_oids(ss,cr->cr_at_oids_may);
+ print_whsp(ss);
+ }
+
+ if ( cr->cr_at_oids_not ) {
+ print_literal(ss,"NOT");
+ print_whsp(ss);
+ print_oids(ss,cr->cr_at_oids_not);
+ print_whsp(ss);
+ }
+
+ print_whsp(ss);
+ print_extensions(ss, cr->cr_extensions);
+
+ print_literal(ss, /*(*/")");
+
+ bv->bv_val = safe_strdup(ss);
+ bv->bv_len = ss->pos;
+ safe_string_free(ss);
+ return(bv);
+}
+
+char *
+ldap_structurerule2str( LDAPStructureRule * sr )
+{
+ struct berval bv;
+ if (ldap_structurerule2bv( sr, &bv ))
+ return(bv.bv_val);
+ else
+ return NULL;
+}
+
+struct berval *
+ldap_structurerule2bv( LDAPStructureRule * sr, struct berval *bv )
+{
+ safe_string * ss;
+
+ ss = new_safe_string(256);
+ if ( !ss )
+ return NULL;
+
+ print_literal(ss,"("/*)*/);
+ print_whsp(ss);
+
+ print_ruleid(ss, sr->sr_ruleid);
+ print_whsp(ss);
+
+ if ( sr->sr_names ) {
+ print_literal(ss,"NAME");
+ print_qdescrs(ss,sr->sr_names);
+ }
+
+ if ( sr->sr_desc ) {
+ print_literal(ss,"DESC");
+ print_qdstring(ss,sr->sr_desc);
+ }
+
+ if ( sr->sr_obsolete ) {
+ print_literal(ss, "OBSOLETE");
+ print_whsp(ss);
+ }
+
+ print_literal(ss,"FORM");
+ print_whsp(ss);
+ print_woid(ss,sr->sr_nameform);
+ print_whsp(ss);
+
+ if ( sr->sr_nsup_ruleids ) {
+ print_literal(ss,"SUP");
+ print_whsp(ss);
+ print_ruleids(ss,sr->sr_nsup_ruleids,sr->sr_sup_ruleids);
+ print_whsp(ss);
+ }
+
+ print_whsp(ss);
+ print_extensions(ss, sr->sr_extensions);
+
+ print_literal(ss, /*(*/")");
+
+ bv->bv_val = safe_strdup(ss);
+ bv->bv_len = ss->pos;
+ safe_string_free(ss);
+ return(bv);
+}
+
+
+char *
+ldap_nameform2str( LDAPNameForm * nf )
+{
+ struct berval bv;
+ if (ldap_nameform2bv( nf, &bv ))
+ return(bv.bv_val);
+ else
+ return NULL;
+}
+
+struct berval *
+ldap_nameform2bv( LDAPNameForm * nf, struct berval *bv )
+{
+ safe_string * ss;
+
+ ss = new_safe_string(256);
+ if ( !ss )
+ return NULL;
+
+ print_literal(ss,"("/*)*/);
+ print_whsp(ss);
+
+ print_numericoid(ss, nf->nf_oid);
+ print_whsp(ss);
+
+ if ( nf->nf_names ) {
+ print_literal(ss,"NAME");
+ print_qdescrs(ss,nf->nf_names);
+ }
+
+ if ( nf->nf_desc ) {
+ print_literal(ss,"DESC");
+ print_qdstring(ss,nf->nf_desc);
+ }
+
+ if ( nf->nf_obsolete ) {
+ print_literal(ss, "OBSOLETE");
+ print_whsp(ss);
+ }
+
+ print_literal(ss,"OC");
+ print_whsp(ss);
+ print_woid(ss,nf->nf_objectclass);
+ print_whsp(ss);
+
+ print_literal(ss,"MUST");
+ print_whsp(ss);
+ print_oids(ss,nf->nf_at_oids_must);
+ print_whsp(ss);
+
+
+ if ( nf->nf_at_oids_may ) {
+ print_literal(ss,"MAY");
+ print_whsp(ss);
+ print_oids(ss,nf->nf_at_oids_may);
+ print_whsp(ss);
+ }
+
+ print_whsp(ss);
+ print_extensions(ss, nf->nf_extensions);
+
+ print_literal(ss, /*(*/")");
+
+ bv->bv_val = safe_strdup(ss);
+ bv->bv_len = ss->pos;
+ safe_string_free(ss);
+ return(bv);
+}
+
+char *
+ldap_attributetype2str( LDAPAttributeType * at )
+{
+ struct berval bv;
+ if (ldap_attributetype2bv( at, &bv ))
+ return(bv.bv_val);
+ else
+ return NULL;
+}
+
+struct berval *
+ldap_attributetype2bv( LDAPAttributeType * at, struct berval *bv )
+{
+ safe_string * ss;
+
+ ss = new_safe_string(256);
+ if ( !ss )
+ return NULL;
+
+ print_literal(ss,"("/*)*/);
+ print_whsp(ss);
+
+ print_numericoid(ss, at->at_oid);
+ print_whsp(ss);
+
+ if ( at->at_names ) {
+ print_literal(ss,"NAME");
+ print_qdescrs(ss,at->at_names);
+ }
+
+ if ( at->at_desc ) {
+ print_literal(ss,"DESC");
+ print_qdstring(ss,at->at_desc);
+ }
+
+ if ( at->at_obsolete ) {
+ print_literal(ss, "OBSOLETE");
+ print_whsp(ss);
+ }
+
+ if ( at->at_sup_oid ) {
+ print_literal(ss,"SUP");
+ print_woid(ss,at->at_sup_oid);
+ }
+
+ if ( at->at_equality_oid ) {
+ print_literal(ss,"EQUALITY");
+ print_woid(ss,at->at_equality_oid);
+ }
+
+ if ( at->at_ordering_oid ) {
+ print_literal(ss,"ORDERING");
+ print_woid(ss,at->at_ordering_oid);
+ }
+
+ if ( at->at_substr_oid ) {
+ print_literal(ss,"SUBSTR");
+ print_woid(ss,at->at_substr_oid);
+ }
+
+ if ( at->at_syntax_oid ) {
+ print_literal(ss,"SYNTAX");
+ print_whsp(ss);
+ print_noidlen(ss,at->at_syntax_oid,at->at_syntax_len);
+ print_whsp(ss);
+ }
+
+ if ( at->at_single_value == LDAP_SCHEMA_YES ) {
+ print_literal(ss,"SINGLE-VALUE");
+ print_whsp(ss);
+ }
+
+ if ( at->at_collective == LDAP_SCHEMA_YES ) {
+ print_literal(ss,"COLLECTIVE");
+ print_whsp(ss);
+ }
+
+ if ( at->at_no_user_mod == LDAP_SCHEMA_YES ) {
+ print_literal(ss,"NO-USER-MODIFICATION");
+ print_whsp(ss);
+ }
+
+ if ( at->at_usage != LDAP_SCHEMA_USER_APPLICATIONS ) {
+ print_literal(ss,"USAGE");
+ print_whsp(ss);
+ switch (at->at_usage) {
+ case LDAP_SCHEMA_DIRECTORY_OPERATION:
+ print_literal(ss,"directoryOperation");
+ break;
+ case LDAP_SCHEMA_DISTRIBUTED_OPERATION:
+ print_literal(ss,"distributedOperation");
+ break;
+ case LDAP_SCHEMA_DSA_OPERATION:
+ print_literal(ss,"dSAOperation");
+ break;
+ default:
+ print_literal(ss,"UNKNOWN");
+ break;
+ }
+ }
+
+ print_whsp(ss);
+
+ print_extensions(ss, at->at_extensions);
+
+ print_literal(ss,/*(*/")");
+
+ bv->bv_val = safe_strdup(ss);
+ bv->bv_len = ss->pos;
+ safe_string_free(ss);
+ return(bv);
+}
+
+/*
+ * Now come the parsers. There is one parser for each entity type:
+ * objectclasses, attributetypes, etc.
+ *
+ * Each of them is written as a recursive-descent parser, except that
+ * none of them is really recursive. But the idea is kept: there
+ * is one routine per non-terminal that eithers gobbles lexical tokens
+ * or calls lower-level routines, etc.
+ *
+ * The scanner is implemented in the routine get_token. Actually,
+ * get_token is more than a scanner and will return tokens that are
+ * in fact non-terminals in the grammar. So you can see the whole
+ * approach as the combination of a low-level bottom-up recognizer
+ * combined with a scanner and a number of top-down parsers. Or just
+ * consider that the real grammars recognized by the parsers are not
+ * those of the standards. As a matter of fact, our parsers are more
+ * liberal than the spec when there is no ambiguity.
+ *
+ * The difference is pretty academic (modulo bugs or incorrect
+ * interpretation of the specs).
+ */
+
+typedef enum tk_t {
+ TK_NOENDQUOTE = -2,
+ TK_OUTOFMEM = -1,
+ TK_EOS = 0,
+ TK_UNEXPCHAR = 1,
+ TK_BAREWORD = 2,
+ TK_QDSTRING = 3,
+ TK_LEFTPAREN = 4,
+ TK_RIGHTPAREN = 5,
+ TK_DOLLAR = 6,
+ TK_QDESCR = TK_QDSTRING
+} tk_t;
+
+static tk_t
+get_token( const char ** sp, char ** token_val )
+{
+ tk_t kind;
+ const char * p;
+ const char * q;
+ char * res;
+
+ *token_val = NULL;
+ switch (**sp) {
+ case '\0':
+ kind = TK_EOS;
+ (*sp)++;
+ break;
+ case '(':
+ kind = TK_LEFTPAREN;
+ (*sp)++;
+ break;
+ case ')':
+ kind = TK_RIGHTPAREN;
+ (*sp)++;
+ break;
+ case '$':
+ kind = TK_DOLLAR;
+ (*sp)++;
+ break;
+ case '\'':
+ kind = TK_QDSTRING;
+ (*sp)++;
+ p = *sp;
+ while ( **sp != '\'' && **sp != '\0' )
+ (*sp)++;
+ if ( **sp == '\'' ) {
+ q = *sp;
+ res = LDAP_MALLOC(q-p+1);
+ if ( !res ) {
+ kind = TK_OUTOFMEM;
+ } else {
+ strncpy(res,p,q-p);
+ res[q-p] = '\0';
+ *token_val = res;
+ }
+ (*sp)++;
+ } else {
+ kind = TK_NOENDQUOTE;
+ }
+ break;
+ default:
+ kind = TK_BAREWORD;
+ p = *sp;
+ while ( !LDAP_SPACE(**sp) &&
+ **sp != '(' &&
+ **sp != ')' &&
+ **sp != '$' &&
+ **sp != '\'' &&
+ /* for suggested minimum upper bound on the number
+ * of characters <draft-ietf-ldapbis-syntaxes> */
+ **sp != '{' &&
+ **sp != '\0' )
+ (*sp)++;
+ q = *sp;
+ res = LDAP_MALLOC(q-p+1);
+ if ( !res ) {
+ kind = TK_OUTOFMEM;
+ } else {
+ strncpy(res,p,q-p);
+ res[q-p] = '\0';
+ *token_val = res;
+ }
+ break;
+/* kind = TK_UNEXPCHAR; */
+/* break; */
+ }
+
+ return kind;
+}
+
+/* Gobble optional whitespace */
+static void
+parse_whsp(const char **sp)
+{
+ while (LDAP_SPACE(**sp))
+ (*sp)++;
+}
+
+/* TBC:!!
+ * General note for all parsers: to guarantee the algorithm halts they
+ * must always advance the pointer even when an error is found. For
+ * this one is not that important since an error here is fatal at the
+ * upper layers, but it is a simple strategy that will not get in
+ * endless loops.
+ */
+
+/* Parse a sequence of dot-separated decimal strings */
+char *
+ldap_int_parse_numericoid(const char **sp, int *code, const int flags)
+{
+ char * res = NULL;
+ const char * start = *sp;
+ int len;
+ int quoted = 0;
+
+ /* Netscape puts the SYNTAX value in quotes (incorrectly) */
+ if ( flags & LDAP_SCHEMA_ALLOW_QUOTED && **sp == '\'' ) {
+ quoted = 1;
+ (*sp)++;
+ start++;
+ }
+ /* Each iteration of this loop gets one decimal string */
+ while (**sp) {
+ if ( !LDAP_DIGIT(**sp) ) {
+ /*
+ * Initial char is not a digit or char after dot is
+ * not a digit
+ */
+ *code = LDAP_SCHERR_NODIGIT;
+ return NULL;
+ }
+ (*sp)++;
+ while ( LDAP_DIGIT(**sp) )
+ (*sp)++;
+ if ( **sp != '.' )
+ break;
+ /* Otherwise, gobble the dot and loop again */
+ (*sp)++;
+ }
+ /* Now *sp points at the char past the numericoid. Perfect. */
+ len = *sp - start;
+ if ( flags & LDAP_SCHEMA_ALLOW_QUOTED && quoted ) {
+ if ( **sp == '\'' ) {
+ (*sp)++;
+ } else {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ return NULL;
+ }
+ }
+ if (flags & LDAP_SCHEMA_SKIP) {
+ res = (char *)start;
+ } else {
+ res = LDAP_MALLOC(len+1);
+ if (!res) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ return(NULL);
+ }
+ strncpy(res,start,len);
+ res[len] = '\0';
+ }
+ return(res);
+}
+
+/* Parse a sequence of dot-separated decimal strings */
+int
+ldap_int_parse_ruleid(const char **sp, int *code, const int flags, int *ruleid)
+{
+ *ruleid=0;
+
+ if ( !LDAP_DIGIT(**sp) ) {
+ *code = LDAP_SCHERR_NODIGIT;
+ return -1;
+ }
+ *ruleid = (**sp) - '0';
+ (*sp)++;
+
+ while ( LDAP_DIGIT(**sp) ) {
+ *ruleid *= 10;
+ *ruleid += (**sp) - '0';
+ (*sp)++;
+ }
+
+ return 0;
+}
+
+/* Parse a qdescr or a list of them enclosed in () */
+static char **
+parse_qdescrs(const char **sp, int *code)
+{
+ char ** res;
+ char ** res1;
+ tk_t kind;
+ char * sval;
+ int size;
+ int pos;
+
+ parse_whsp(sp);
+ kind = get_token(sp,&sval);
+ if ( kind == TK_LEFTPAREN ) {
+ /* Let's presume there will be at least 2 entries */
+ size = 3;
+ res = LDAP_CALLOC(3,sizeof(char *));
+ if ( !res ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ return NULL;
+ }
+ pos = 0;
+ while (1) {
+ parse_whsp(sp);
+ kind = get_token(sp,&sval);
+ if ( kind == TK_RIGHTPAREN )
+ break;
+ if ( kind == TK_QDESCR ) {
+ if ( pos == size-2 ) {
+ size++;
+ res1 = LDAP_REALLOC(res,size*sizeof(char *));
+ if ( !res1 ) {
+ LDAP_VFREE(res);
+ LDAP_FREE(sval);
+ *code = LDAP_SCHERR_OUTOFMEM;
+ return(NULL);
+ }
+ res = res1;
+ }
+ res[pos++] = sval;
+ res[pos] = NULL;
+ parse_whsp(sp);
+ } else {
+ LDAP_VFREE(res);
+ LDAP_FREE(sval);
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ return(NULL);
+ }
+ }
+ parse_whsp(sp);
+ return(res);
+ } else if ( kind == TK_QDESCR ) {
+ res = LDAP_CALLOC(2,sizeof(char *));
+ if ( !res ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ return NULL;
+ }
+ res[0] = sval;
+ res[1] = NULL;
+ parse_whsp(sp);
+ return res;
+ } else {
+ LDAP_FREE(sval);
+ *code = LDAP_SCHERR_BADNAME;
+ return NULL;
+ }
+}
+
+/* Parse a woid */
+static char *
+parse_woid(const char **sp, int *code)
+{
+ char * sval;
+ tk_t kind;
+
+ parse_whsp(sp);
+ kind = get_token(sp, &sval);
+ if ( kind != TK_BAREWORD ) {
+ LDAP_FREE(sval);
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ return NULL;
+ }
+ parse_whsp(sp);
+ return sval;
+}
+
+/* Parse a noidlen */
+static char *
+parse_noidlen(const char **sp, int *code, int *len, int flags)
+{
+ char * sval;
+ const char *savepos;
+ int quoted = 0;
+ int allow_quoted = ( flags & LDAP_SCHEMA_ALLOW_QUOTED );
+ int allow_oidmacro = ( flags & LDAP_SCHEMA_ALLOW_OID_MACRO );
+
+ *len = 0;
+ /* Netscape puts the SYNTAX value in quotes (incorrectly) */
+ if ( allow_quoted && **sp == '\'' ) {
+ quoted = 1;
+ (*sp)++;
+ }
+ savepos = *sp;
+ sval = ldap_int_parse_numericoid(sp, code, 0);
+ if ( !sval ) {
+ if ( allow_oidmacro
+ && *sp == savepos
+ && *code == LDAP_SCHERR_NODIGIT )
+ {
+ if ( get_token(sp, &sval) != TK_BAREWORD ) {
+ if ( sval != NULL ) {
+ LDAP_FREE(sval);
+ }
+ return NULL;
+ }
+ } else {
+ return NULL;
+ }
+ }
+ if ( **sp == '{' /*}*/ ) {
+ (*sp)++;
+ *len = atoi(*sp);
+ while ( LDAP_DIGIT(**sp) )
+ (*sp)++;
+ if ( **sp != /*{*/ '}' ) {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ LDAP_FREE(sval);
+ return NULL;
+ }
+ (*sp)++;
+ }
+ if ( allow_quoted && quoted ) {
+ if ( **sp == '\'' ) {
+ (*sp)++;
+ } else {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ LDAP_FREE(sval);
+ return NULL;
+ }
+ }
+ return sval;
+}
+
+/*
+ * Next routine will accept a qdstring in place of an oid if
+ * allow_quoted is set. This is necessary to interoperate with
+ * Netscape Directory server that will improperly quote each oid (at
+ * least those of the descr kind) in the SUP clause.
+ */
+
+/* Parse a woid or a $-separated list of them enclosed in () */
+static char **
+parse_oids(const char **sp, int *code, const int allow_quoted)
+{
+ char ** res;
+ char ** res1;
+ tk_t kind;
+ char * sval;
+ int size;
+ int pos;
+
+ /*
+ * Strictly speaking, doing this here accepts whsp before the
+ * ( at the begining of an oidlist, but this is harmless. Also,
+ * we are very liberal in what we accept as an OID. Maybe
+ * refine later.
+ */
+ parse_whsp(sp);
+ kind = get_token(sp,&sval);
+ if ( kind == TK_LEFTPAREN ) {
+ /* Let's presume there will be at least 2 entries */
+ size = 3;
+ res = LDAP_CALLOC(3,sizeof(char *));
+ if ( !res ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ return NULL;
+ }
+ pos = 0;
+ parse_whsp(sp);
+ kind = get_token(sp,&sval);
+ if ( kind == TK_BAREWORD ||
+ ( allow_quoted && kind == TK_QDSTRING ) ) {
+ res[pos++] = sval;
+ res[pos] = NULL;
+ } else if ( kind == TK_RIGHTPAREN ) {
+ /* FIXME: be liberal in what we accept... */
+ parse_whsp(sp);
+ LDAP_FREE(res);
+ return NULL;
+ } else {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ LDAP_FREE(sval);
+ LDAP_VFREE(res);
+ return NULL;
+ }
+ parse_whsp(sp);
+ while (1) {
+ kind = get_token(sp,&sval);
+ if ( kind == TK_RIGHTPAREN )
+ break;
+ if ( kind == TK_DOLLAR ) {
+ parse_whsp(sp);
+ kind = get_token(sp,&sval);
+ if ( kind == TK_BAREWORD ||
+ ( allow_quoted &&
+ kind == TK_QDSTRING ) ) {
+ if ( pos == size-2 ) {
+ size++;
+ res1 = LDAP_REALLOC(res,size*sizeof(char *));
+ if ( !res1 ) {
+ LDAP_FREE(sval);
+ LDAP_VFREE(res);
+ *code = LDAP_SCHERR_OUTOFMEM;
+ return(NULL);
+ }
+ res = res1;
+ }
+ res[pos++] = sval;
+ res[pos] = NULL;
+ } else {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ LDAP_FREE(sval);
+ LDAP_VFREE(res);
+ return NULL;
+ }
+ parse_whsp(sp);
+ } else {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ LDAP_FREE(sval);
+ LDAP_VFREE(res);
+ return NULL;
+ }
+ }
+ parse_whsp(sp);
+ return(res);
+ } else if ( kind == TK_BAREWORD ||
+ ( allow_quoted && kind == TK_QDSTRING ) ) {
+ res = LDAP_CALLOC(2,sizeof(char *));
+ if ( !res ) {
+ LDAP_FREE(sval);
+ *code = LDAP_SCHERR_OUTOFMEM;
+ return NULL;
+ }
+ res[0] = sval;
+ res[1] = NULL;
+ parse_whsp(sp);
+ return res;
+ } else {
+ LDAP_FREE(sval);
+ *code = LDAP_SCHERR_BADNAME;
+ return NULL;
+ }
+}
+
+static int
+add_extension(LDAPSchemaExtensionItem ***extensions,
+ char * name, char ** values)
+{
+ int n;
+ LDAPSchemaExtensionItem **tmp, *ext;
+
+ ext = LDAP_CALLOC(1, sizeof(LDAPSchemaExtensionItem));
+ if ( !ext )
+ return 1;
+ ext->lsei_name = name;
+ ext->lsei_values = values;
+
+ if ( !*extensions ) {
+ *extensions =
+ LDAP_CALLOC(2, sizeof(LDAPSchemaExtensionItem *));
+ if ( !*extensions ) {
+ LDAP_FREE( ext );
+ return 1;
+ }
+ n = 0;
+ } else {
+ for ( n=0; (*extensions)[n] != NULL; n++ )
+ ;
+ tmp = LDAP_REALLOC(*extensions,
+ (n+2)*sizeof(LDAPSchemaExtensionItem *));
+ if ( !tmp ) {
+ LDAP_FREE( ext );
+ return 1;
+ }
+ *extensions = tmp;
+ }
+ (*extensions)[n] = ext;
+ (*extensions)[n+1] = NULL;
+ return 0;
+}
+
+static void
+free_extensions(LDAPSchemaExtensionItem **extensions)
+{
+ LDAPSchemaExtensionItem **ext;
+
+ if ( extensions ) {
+ for ( ext = extensions; *ext != NULL; ext++ ) {
+ LDAP_FREE((*ext)->lsei_name);
+ LDAP_VFREE((*ext)->lsei_values);
+ LDAP_FREE(*ext);
+ }
+ LDAP_FREE(extensions);
+ }
+}
+
+void
+ldap_syntax_free( LDAPSyntax * syn )
+{
+ LDAP_FREE(syn->syn_oid);
+ if (syn->syn_names) LDAP_VFREE(syn->syn_names);
+ if (syn->syn_desc) LDAP_FREE(syn->syn_desc);
+ free_extensions(syn->syn_extensions);
+ LDAP_FREE(syn);
+}
+
+LDAPSyntax *
+ldap_str2syntax( LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags )
+{
+ tk_t kind;
+ const char * ss = s;
+ char * sval;
+ int seen_name = 0;
+ int seen_desc = 0;
+ LDAPSyntax * syn;
+ char ** ext_vals;
+
+ if ( !s ) {
+ *code = LDAP_SCHERR_EMPTY;
+ *errp = "";
+ return NULL;
+ }
+
+ *errp = s;
+ syn = LDAP_CALLOC(1,sizeof(LDAPSyntax));
+
+ if ( !syn ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ return NULL;
+ }
+
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_LEFTPAREN ) {
+ LDAP_FREE(sval);
+ *code = LDAP_SCHERR_NOLEFTPAREN;
+ ldap_syntax_free(syn);
+ return NULL;
+ }
+
+ parse_whsp(&ss);
+ syn->syn_oid = ldap_int_parse_numericoid(&ss,code,0);
+ if ( !syn->syn_oid ) {
+ *errp = ss;
+ ldap_syntax_free(syn);
+ return NULL;
+ }
+ parse_whsp(&ss);
+
+ /*
+ * Beyond this point we will be liberal and accept the items
+ * in any order.
+ */
+ while (1) {
+ kind = get_token(&ss,&sval);
+ switch (kind) {
+ case TK_EOS:
+ *code = LDAP_SCHERR_NORIGHTPAREN;
+ *errp = ss;
+ ldap_syntax_free(syn);
+ return NULL;
+ case TK_RIGHTPAREN:
+ return syn;
+ case TK_BAREWORD:
+ if ( !strcasecmp(sval,"NAME") ) {
+ LDAP_FREE(sval);
+ if ( seen_name ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_syntax_free(syn);
+ return(NULL);
+ }
+ seen_name = 1;
+ syn->syn_names = parse_qdescrs(&ss,code);
+ if ( !syn->syn_names ) {
+ if ( *code != LDAP_SCHERR_OUTOFMEM )
+ *code = LDAP_SCHERR_BADNAME;
+ *errp = ss;
+ ldap_syntax_free(syn);
+ return NULL;
+ }
+ } else if ( !strcasecmp(sval,"DESC") ) {
+ LDAP_FREE(sval);
+ if ( seen_desc ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_syntax_free(syn);
+ return(NULL);
+ }
+ seen_desc = 1;
+ parse_whsp(&ss);
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_QDSTRING ) {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_syntax_free(syn);
+ return NULL;
+ }
+ syn->syn_desc = sval;
+ parse_whsp(&ss);
+ } else if ( sval[0] == 'X' && sval[1] == '-' ) {
+ /* Should be parse_qdstrings */
+ ext_vals = parse_qdescrs(&ss, code);
+ if ( !ext_vals ) {
+ *errp = ss;
+ ldap_syntax_free(syn);
+ return NULL;
+ }
+ if ( add_extension(&syn->syn_extensions,
+ sval, ext_vals) ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_syntax_free(syn);
+ return NULL;
+ }
+ } else {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_syntax_free(syn);
+ return NULL;
+ }
+ break;
+ default:
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_syntax_free(syn);
+ return NULL;
+ }
+ }
+}
+
+void
+ldap_matchingrule_free( LDAPMatchingRule * mr )
+{
+ LDAP_FREE(mr->mr_oid);
+ if (mr->mr_names) LDAP_VFREE(mr->mr_names);
+ if (mr->mr_desc) LDAP_FREE(mr->mr_desc);
+ if (mr->mr_syntax_oid) LDAP_FREE(mr->mr_syntax_oid);
+ free_extensions(mr->mr_extensions);
+ LDAP_FREE(mr);
+}
+
+LDAPMatchingRule *
+ldap_str2matchingrule( LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags )
+{
+ tk_t kind;
+ const char * ss = s;
+ char * sval;
+ int seen_name = 0;
+ int seen_desc = 0;
+ int seen_obsolete = 0;
+ int seen_syntax = 0;
+ LDAPMatchingRule * mr;
+ char ** ext_vals;
+ const char * savepos;
+
+ if ( !s ) {
+ *code = LDAP_SCHERR_EMPTY;
+ *errp = "";
+ return NULL;
+ }
+
+ *errp = s;
+ mr = LDAP_CALLOC(1,sizeof(LDAPMatchingRule));
+
+ if ( !mr ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ return NULL;
+ }
+
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_LEFTPAREN ) {
+ *code = LDAP_SCHERR_NOLEFTPAREN;
+ LDAP_FREE(sval);
+ ldap_matchingrule_free(mr);
+ return NULL;
+ }
+
+ parse_whsp(&ss);
+ savepos = ss;
+ mr->mr_oid = ldap_int_parse_numericoid(&ss,code,flags);
+ if ( !mr->mr_oid ) {
+ if ( flags & LDAP_SCHEMA_ALLOW_NO_OID ) {
+ /* Backtracking */
+ ss = savepos;
+ kind = get_token(&ss,&sval);
+ if ( kind == TK_BAREWORD ) {
+ if ( !strcasecmp(sval, "NAME") ||
+ !strcasecmp(sval, "DESC") ||
+ !strcasecmp(sval, "OBSOLETE") ||
+ !strcasecmp(sval, "SYNTAX") ||
+ !strncasecmp(sval, "X-", 2) ) {
+ /* Missing OID, backtrack */
+ ss = savepos;
+ } else {
+ /* Non-numerical OID, ignore */
+ }
+ }
+ LDAP_FREE(sval);
+ } else {
+ *errp = ss;
+ ldap_matchingrule_free(mr);
+ return NULL;
+ }
+ }
+ parse_whsp(&ss);
+
+ /*
+ * Beyond this point we will be liberal and accept the items
+ * in any order.
+ */
+ while (1) {
+ kind = get_token(&ss,&sval);
+ switch (kind) {
+ case TK_EOS:
+ *code = LDAP_SCHERR_NORIGHTPAREN;
+ *errp = ss;
+ ldap_matchingrule_free(mr);
+ return NULL;
+ case TK_RIGHTPAREN:
+ if( !seen_syntax ) {
+ *code = LDAP_SCHERR_MISSING;
+ ldap_matchingrule_free(mr);
+ return NULL;
+ }
+ return mr;
+ case TK_BAREWORD:
+ if ( !strcasecmp(sval,"NAME") ) {
+ LDAP_FREE(sval);
+ if ( seen_name ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_matchingrule_free(mr);
+ return(NULL);
+ }
+ seen_name = 1;
+ mr->mr_names = parse_qdescrs(&ss,code);
+ if ( !mr->mr_names ) {
+ if ( *code != LDAP_SCHERR_OUTOFMEM )
+ *code = LDAP_SCHERR_BADNAME;
+ *errp = ss;
+ ldap_matchingrule_free(mr);
+ return NULL;
+ }
+ } else if ( !strcasecmp(sval,"DESC") ) {
+ LDAP_FREE(sval);
+ if ( seen_desc ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_matchingrule_free(mr);
+ return(NULL);
+ }
+ seen_desc = 1;
+ parse_whsp(&ss);
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_QDSTRING ) {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_matchingrule_free(mr);
+ return NULL;
+ }
+ mr->mr_desc = sval;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"OBSOLETE") ) {
+ LDAP_FREE(sval);
+ if ( seen_obsolete ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_matchingrule_free(mr);
+ return(NULL);
+ }
+ seen_obsolete = 1;
+ mr->mr_obsolete = LDAP_SCHEMA_YES;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"SYNTAX") ) {
+ LDAP_FREE(sval);
+ if ( seen_syntax ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_matchingrule_free(mr);
+ return(NULL);
+ }
+ seen_syntax = 1;
+ parse_whsp(&ss);
+ mr->mr_syntax_oid =
+ ldap_int_parse_numericoid(&ss,code,flags);
+ if ( !mr->mr_syntax_oid ) {
+ *errp = ss;
+ ldap_matchingrule_free(mr);
+ return NULL;
+ }
+ parse_whsp(&ss);
+ } else if ( sval[0] == 'X' && sval[1] == '-' ) {
+ /* Should be parse_qdstrings */
+ ext_vals = parse_qdescrs(&ss, code);
+ if ( !ext_vals ) {
+ *errp = ss;
+ ldap_matchingrule_free(mr);
+ return NULL;
+ }
+ if ( add_extension(&mr->mr_extensions,
+ sval, ext_vals) ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_matchingrule_free(mr);
+ return NULL;
+ }
+ } else {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_matchingrule_free(mr);
+ return NULL;
+ }
+ break;
+ default:
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_matchingrule_free(mr);
+ return NULL;
+ }
+ }
+}
+
+void
+ldap_matchingruleuse_free( LDAPMatchingRuleUse * mru )
+{
+ LDAP_FREE(mru->mru_oid);
+ if (mru->mru_names) LDAP_VFREE(mru->mru_names);
+ if (mru->mru_desc) LDAP_FREE(mru->mru_desc);
+ if (mru->mru_applies_oids) LDAP_VFREE(mru->mru_applies_oids);
+ free_extensions(mru->mru_extensions);
+ LDAP_FREE(mru);
+}
+
+LDAPMatchingRuleUse *
+ldap_str2matchingruleuse( LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags )
+{
+ tk_t kind;
+ const char * ss = s;
+ char * sval;
+ int seen_name = 0;
+ int seen_desc = 0;
+ int seen_obsolete = 0;
+ int seen_applies = 0;
+ LDAPMatchingRuleUse * mru;
+ char ** ext_vals;
+ const char * savepos;
+
+ if ( !s ) {
+ *code = LDAP_SCHERR_EMPTY;
+ *errp = "";
+ return NULL;
+ }
+
+ *errp = s;
+ mru = LDAP_CALLOC(1,sizeof(LDAPMatchingRuleUse));
+
+ if ( !mru ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ return NULL;
+ }
+
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_LEFTPAREN ) {
+ *code = LDAP_SCHERR_NOLEFTPAREN;
+ LDAP_FREE(sval);
+ ldap_matchingruleuse_free(mru);
+ return NULL;
+ }
+
+ parse_whsp(&ss);
+ savepos = ss;
+ mru->mru_oid = ldap_int_parse_numericoid(&ss,code,flags);
+ if ( !mru->mru_oid ) {
+ if ( flags & LDAP_SCHEMA_ALLOW_NO_OID ) {
+ /* Backtracking */
+ ss = savepos;
+ kind = get_token(&ss,&sval);
+ if ( kind == TK_BAREWORD ) {
+ if ( !strcasecmp(sval, "NAME") ||
+ !strcasecmp(sval, "DESC") ||
+ !strcasecmp(sval, "OBSOLETE") ||
+ !strcasecmp(sval, "APPLIES") ||
+ !strncasecmp(sval, "X-", 2) ) {
+ /* Missing OID, backtrack */
+ ss = savepos;
+ } else {
+ /* Non-numerical OID, ignore */
+ }
+ }
+ LDAP_FREE(sval);
+ } else {
+ *errp = ss;
+ ldap_matchingruleuse_free(mru);
+ return NULL;
+ }
+ }
+ parse_whsp(&ss);
+
+ /*
+ * Beyond this point we will be liberal and accept the items
+ * in any order.
+ */
+ while (1) {
+ kind = get_token(&ss,&sval);
+ switch (kind) {
+ case TK_EOS:
+ *code = LDAP_SCHERR_NORIGHTPAREN;
+ *errp = ss;
+ ldap_matchingruleuse_free(mru);
+ return NULL;
+ case TK_RIGHTPAREN:
+ if( !seen_applies ) {
+ *code = LDAP_SCHERR_MISSING;
+ ldap_matchingruleuse_free(mru);
+ return NULL;
+ }
+ return mru;
+ case TK_BAREWORD:
+ if ( !strcasecmp(sval,"NAME") ) {
+ LDAP_FREE(sval);
+ if ( seen_name ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_matchingruleuse_free(mru);
+ return(NULL);
+ }
+ seen_name = 1;
+ mru->mru_names = parse_qdescrs(&ss,code);
+ if ( !mru->mru_names ) {
+ if ( *code != LDAP_SCHERR_OUTOFMEM )
+ *code = LDAP_SCHERR_BADNAME;
+ *errp = ss;
+ ldap_matchingruleuse_free(mru);
+ return NULL;
+ }
+ } else if ( !strcasecmp(sval,"DESC") ) {
+ LDAP_FREE(sval);
+ if ( seen_desc ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_matchingruleuse_free(mru);
+ return(NULL);
+ }
+ seen_desc = 1;
+ parse_whsp(&ss);
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_QDSTRING ) {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_matchingruleuse_free(mru);
+ return NULL;
+ }
+ mru->mru_desc = sval;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"OBSOLETE") ) {
+ LDAP_FREE(sval);
+ if ( seen_obsolete ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_matchingruleuse_free(mru);
+ return(NULL);
+ }
+ seen_obsolete = 1;
+ mru->mru_obsolete = LDAP_SCHEMA_YES;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"APPLIES") ) {
+ LDAP_FREE(sval);
+ if ( seen_applies ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_matchingruleuse_free(mru);
+ return(NULL);
+ }
+ seen_applies = 1;
+ mru->mru_applies_oids = parse_oids(&ss,
+ code,
+ flags);
+ if ( !mru->mru_applies_oids && *code != LDAP_SUCCESS ) {
+ *errp = ss;
+ ldap_matchingruleuse_free(mru);
+ return NULL;
+ }
+ } else if ( sval[0] == 'X' && sval[1] == '-' ) {
+ /* Should be parse_qdstrings */
+ ext_vals = parse_qdescrs(&ss, code);
+ if ( !ext_vals ) {
+ *errp = ss;
+ ldap_matchingruleuse_free(mru);
+ return NULL;
+ }
+ if ( add_extension(&mru->mru_extensions,
+ sval, ext_vals) ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_matchingruleuse_free(mru);
+ return NULL;
+ }
+ } else {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_matchingruleuse_free(mru);
+ return NULL;
+ }
+ break;
+ default:
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_matchingruleuse_free(mru);
+ return NULL;
+ }
+ }
+}
+
+void
+ldap_attributetype_free(LDAPAttributeType * at)
+{
+ LDAP_FREE(at->at_oid);
+ if (at->at_names) LDAP_VFREE(at->at_names);
+ if (at->at_desc) LDAP_FREE(at->at_desc);
+ if (at->at_sup_oid) LDAP_FREE(at->at_sup_oid);
+ if (at->at_equality_oid) LDAP_FREE(at->at_equality_oid);
+ if (at->at_ordering_oid) LDAP_FREE(at->at_ordering_oid);
+ if (at->at_substr_oid) LDAP_FREE(at->at_substr_oid);
+ if (at->at_syntax_oid) LDAP_FREE(at->at_syntax_oid);
+ free_extensions(at->at_extensions);
+ LDAP_FREE(at);
+}
+
+LDAPAttributeType *
+ldap_str2attributetype( LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags )
+{
+ tk_t kind;
+ const char * ss = s;
+ char * sval;
+ int seen_name = 0;
+ int seen_desc = 0;
+ int seen_obsolete = 0;
+ int seen_sup = 0;
+ int seen_equality = 0;
+ int seen_ordering = 0;
+ int seen_substr = 0;
+ int seen_syntax = 0;
+ int seen_usage = 0;
+ LDAPAttributeType * at;
+ char ** ext_vals;
+ const char * savepos;
+
+ if ( !s ) {
+ *code = LDAP_SCHERR_EMPTY;
+ *errp = "";
+ return NULL;
+ }
+
+ *errp = s;
+ at = LDAP_CALLOC(1,sizeof(LDAPAttributeType));
+
+ if ( !at ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ return NULL;
+ }
+
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_LEFTPAREN ) {
+ *code = LDAP_SCHERR_NOLEFTPAREN;
+ LDAP_FREE(sval);
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+
+ /*
+ * Definitions MUST begin with an OID in the numericoid format.
+ * However, this routine is used by clients to parse the response
+ * from servers and very well known servers will provide an OID
+ * in the wrong format or even no OID at all. We do our best to
+ * extract info from those servers.
+ */
+ parse_whsp(&ss);
+ savepos = ss;
+ at->at_oid = ldap_int_parse_numericoid(&ss,code,0);
+ if ( !at->at_oid ) {
+ if ( ( flags & ( LDAP_SCHEMA_ALLOW_NO_OID
+ | LDAP_SCHEMA_ALLOW_OID_MACRO ) )
+ && (ss == savepos) )
+ {
+ /* Backtracking */
+ ss = savepos;
+ kind = get_token(&ss,&sval);
+ if ( kind == TK_BAREWORD ) {
+ if ( !strcasecmp(sval, "NAME") ||
+ !strcasecmp(sval, "DESC") ||
+ !strcasecmp(sval, "OBSOLETE") ||
+ !strcasecmp(sval, "SUP") ||
+ !strcasecmp(sval, "EQUALITY") ||
+ !strcasecmp(sval, "ORDERING") ||
+ !strcasecmp(sval, "SUBSTR") ||
+ !strcasecmp(sval, "SYNTAX") ||
+ !strcasecmp(sval, "SINGLE-VALUE") ||
+ !strcasecmp(sval, "COLLECTIVE") ||
+ !strcasecmp(sval, "NO-USER-MODIFICATION") ||
+ !strcasecmp(sval, "USAGE") ||
+ !strncasecmp(sval, "X-", 2) )
+ {
+ /* Missing OID, backtrack */
+ ss = savepos;
+ } else if ( flags
+ & LDAP_SCHEMA_ALLOW_OID_MACRO)
+ {
+ /* Non-numerical OID ... */
+ int len = ss-savepos;
+ at->at_oid = LDAP_MALLOC(len+1);
+ strncpy(at->at_oid, savepos, len);
+ at->at_oid[len] = 0;
+ }
+ }
+ LDAP_FREE(sval);
+ } else {
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+ }
+ parse_whsp(&ss);
+
+ /*
+ * Beyond this point we will be liberal and accept the items
+ * in any order.
+ */
+ while (1) {
+ kind = get_token(&ss,&sval);
+ switch (kind) {
+ case TK_EOS:
+ *code = LDAP_SCHERR_NORIGHTPAREN;
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return NULL;
+ case TK_RIGHTPAREN:
+ return at;
+ case TK_BAREWORD:
+ if ( !strcasecmp(sval,"NAME") ) {
+ LDAP_FREE(sval);
+ if ( seen_name ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return(NULL);
+ }
+ seen_name = 1;
+ at->at_names = parse_qdescrs(&ss,code);
+ if ( !at->at_names ) {
+ if ( *code != LDAP_SCHERR_OUTOFMEM )
+ *code = LDAP_SCHERR_BADNAME;
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+ } else if ( !strcasecmp(sval,"DESC") ) {
+ LDAP_FREE(sval);
+ if ( seen_desc ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return(NULL);
+ }
+ seen_desc = 1;
+ parse_whsp(&ss);
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_QDSTRING ) {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+ at->at_desc = sval;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"OBSOLETE") ) {
+ LDAP_FREE(sval);
+ if ( seen_obsolete ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return(NULL);
+ }
+ seen_obsolete = 1;
+ at->at_obsolete = LDAP_SCHEMA_YES;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"SUP") ) {
+ LDAP_FREE(sval);
+ if ( seen_sup ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return(NULL);
+ }
+ seen_sup = 1;
+ at->at_sup_oid = parse_woid(&ss,code);
+ if ( !at->at_sup_oid ) {
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+ } else if ( !strcasecmp(sval,"EQUALITY") ) {
+ LDAP_FREE(sval);
+ if ( seen_equality ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return(NULL);
+ }
+ seen_equality = 1;
+ at->at_equality_oid = parse_woid(&ss,code);
+ if ( !at->at_equality_oid ) {
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+ } else if ( !strcasecmp(sval,"ORDERING") ) {
+ LDAP_FREE(sval);
+ if ( seen_ordering ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return(NULL);
+ }
+ seen_ordering = 1;
+ at->at_ordering_oid = parse_woid(&ss,code);
+ if ( !at->at_ordering_oid ) {
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+ } else if ( !strcasecmp(sval,"SUBSTR") ) {
+ LDAP_FREE(sval);
+ if ( seen_substr ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return(NULL);
+ }
+ seen_substr = 1;
+ at->at_substr_oid = parse_woid(&ss,code);
+ if ( !at->at_substr_oid ) {
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+ } else if ( !strcasecmp(sval,"SYNTAX") ) {
+ LDAP_FREE(sval);
+ if ( seen_syntax ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return(NULL);
+ }
+ seen_syntax = 1;
+ parse_whsp(&ss);
+ savepos = ss;
+ at->at_syntax_oid =
+ parse_noidlen(&ss,
+ code,
+ &at->at_syntax_len,
+ flags);
+ if ( !at->at_syntax_oid ) {
+ if ( flags & LDAP_SCHEMA_ALLOW_OID_MACRO ) {
+ kind = get_token(&ss,&sval);
+ if (kind == TK_BAREWORD)
+ {
+ char *sp = strchr(sval, '{');
+ at->at_syntax_oid = sval;
+ if (sp)
+ {
+ *sp++ = 0;
+ at->at_syntax_len = atoi(sp);
+ while ( LDAP_DIGIT(*sp) )
+ sp++;
+ if ( *sp != '}' ) {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+ }
+ }
+ } else {
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+ }
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"SINGLE-VALUE") ) {
+ LDAP_FREE(sval);
+ if ( at->at_single_value ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return(NULL);
+ }
+ at->at_single_value = LDAP_SCHEMA_YES;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"COLLECTIVE") ) {
+ LDAP_FREE(sval);
+ if ( at->at_collective ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return(NULL);
+ }
+ at->at_collective = LDAP_SCHEMA_YES;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"NO-USER-MODIFICATION") ) {
+ LDAP_FREE(sval);
+ if ( at->at_no_user_mod ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return(NULL);
+ }
+ at->at_no_user_mod = LDAP_SCHEMA_YES;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"USAGE") ) {
+ LDAP_FREE(sval);
+ if ( seen_usage ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return(NULL);
+ }
+ seen_usage = 1;
+ parse_whsp(&ss);
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_BAREWORD ) {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+ if ( !strcasecmp(sval,"userApplications") )
+ at->at_usage =
+ LDAP_SCHEMA_USER_APPLICATIONS;
+ else if ( !strcasecmp(sval,"directoryOperation") )
+ at->at_usage =
+ LDAP_SCHEMA_DIRECTORY_OPERATION;
+ else if ( !strcasecmp(sval,"distributedOperation") )
+ at->at_usage =
+ LDAP_SCHEMA_DISTRIBUTED_OPERATION;
+ else if ( !strcasecmp(sval,"dSAOperation") )
+ at->at_usage =
+ LDAP_SCHEMA_DSA_OPERATION;
+ else {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+ LDAP_FREE(sval);
+ parse_whsp(&ss);
+ } else if ( sval[0] == 'X' && sval[1] == '-' ) {
+ /* Should be parse_qdstrings */
+ ext_vals = parse_qdescrs(&ss, code);
+ if ( !ext_vals ) {
+ *errp = ss;
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+ if ( add_extension(&at->at_extensions,
+ sval, ext_vals) ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+ } else {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+ break;
+ default:
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_attributetype_free(at);
+ return NULL;
+ }
+ }
+}
+
+void
+ldap_objectclass_free(LDAPObjectClass * oc)
+{
+ LDAP_FREE(oc->oc_oid);
+ if (oc->oc_names) LDAP_VFREE(oc->oc_names);
+ if (oc->oc_desc) LDAP_FREE(oc->oc_desc);
+ if (oc->oc_sup_oids) LDAP_VFREE(oc->oc_sup_oids);
+ if (oc->oc_at_oids_must) LDAP_VFREE(oc->oc_at_oids_must);
+ if (oc->oc_at_oids_may) LDAP_VFREE(oc->oc_at_oids_may);
+ free_extensions(oc->oc_extensions);
+ LDAP_FREE(oc);
+}
+
+LDAPObjectClass *
+ldap_str2objectclass( LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags )
+{
+ tk_t kind;
+ const char * ss = s;
+ char * sval;
+ int seen_name = 0;
+ int seen_desc = 0;
+ int seen_obsolete = 0;
+ int seen_sup = 0;
+ int seen_kind = 0;
+ int seen_must = 0;
+ int seen_may = 0;
+ LDAPObjectClass * oc;
+ char ** ext_vals;
+ const char * savepos;
+
+ if ( !s ) {
+ *code = LDAP_SCHERR_EMPTY;
+ *errp = "";
+ return NULL;
+ }
+
+ *errp = s;
+ oc = LDAP_CALLOC(1,sizeof(LDAPObjectClass));
+
+ if ( !oc ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ return NULL;
+ }
+ oc->oc_kind = LDAP_SCHEMA_STRUCTURAL;
+
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_LEFTPAREN ) {
+ *code = LDAP_SCHERR_NOLEFTPAREN;
+ LDAP_FREE(sval);
+ ldap_objectclass_free(oc);
+ return NULL;
+ }
+
+ /*
+ * Definitions MUST begin with an OID in the numericoid format.
+ * However, this routine is used by clients to parse the response
+ * from servers and very well known servers will provide an OID
+ * in the wrong format or even no OID at all. We do our best to
+ * extract info from those servers.
+ */
+ parse_whsp(&ss);
+ savepos = ss;
+ oc->oc_oid = ldap_int_parse_numericoid(&ss,code,0);
+ if ( !oc->oc_oid ) {
+ if ( (flags & LDAP_SCHEMA_ALLOW_ALL) && (ss == savepos) ) {
+ /* Backtracking */
+ ss = savepos;
+ kind = get_token(&ss,&sval);
+ if ( kind == TK_BAREWORD ) {
+ if ( !strcasecmp(sval, "NAME") ||
+ !strcasecmp(sval, "DESC") ||
+ !strcasecmp(sval, "OBSOLETE") ||
+ !strcasecmp(sval, "SUP") ||
+ !strcasecmp(sval, "ABSTRACT") ||
+ !strcasecmp(sval, "STRUCTURAL") ||
+ !strcasecmp(sval, "AUXILIARY") ||
+ !strcasecmp(sval, "MUST") ||
+ !strcasecmp(sval, "MAY") ||
+ !strncasecmp(sval, "X-", 2) ) {
+ /* Missing OID, backtrack */
+ ss = savepos;
+ } else if ( flags &
+ LDAP_SCHEMA_ALLOW_OID_MACRO ) {
+ /* Non-numerical OID, ignore */
+ int len = ss-savepos;
+ oc->oc_oid = LDAP_MALLOC(len+1);
+ strncpy(oc->oc_oid, savepos, len);
+ oc->oc_oid[len] = 0;
+ }
+ }
+ LDAP_FREE(sval);
+ *code = 0;
+ } else {
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return NULL;
+ }
+ }
+ parse_whsp(&ss);
+
+ /*
+ * Beyond this point we will be liberal an accept the items
+ * in any order.
+ */
+ while (1) {
+ kind = get_token(&ss,&sval);
+ switch (kind) {
+ case TK_EOS:
+ *code = LDAP_SCHERR_NORIGHTPAREN;
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return NULL;
+ case TK_RIGHTPAREN:
+ return oc;
+ case TK_BAREWORD:
+ if ( !strcasecmp(sval,"NAME") ) {
+ LDAP_FREE(sval);
+ if ( seen_name ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return(NULL);
+ }
+ seen_name = 1;
+ oc->oc_names = parse_qdescrs(&ss,code);
+ if ( !oc->oc_names ) {
+ if ( *code != LDAP_SCHERR_OUTOFMEM )
+ *code = LDAP_SCHERR_BADNAME;
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return NULL;
+ }
+ } else if ( !strcasecmp(sval,"DESC") ) {
+ LDAP_FREE(sval);
+ if ( seen_desc ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return(NULL);
+ }
+ seen_desc = 1;
+ parse_whsp(&ss);
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_QDSTRING ) {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_objectclass_free(oc);
+ return NULL;
+ }
+ oc->oc_desc = sval;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"OBSOLETE") ) {
+ LDAP_FREE(sval);
+ if ( seen_obsolete ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return(NULL);
+ }
+ seen_obsolete = 1;
+ oc->oc_obsolete = LDAP_SCHEMA_YES;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"SUP") ) {
+ LDAP_FREE(sval);
+ if ( seen_sup ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return(NULL);
+ }
+ seen_sup = 1;
+ oc->oc_sup_oids = parse_oids(&ss,
+ code,
+ flags);
+ if ( !oc->oc_sup_oids && *code != LDAP_SUCCESS ) {
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return NULL;
+ }
+ *code = 0;
+ } else if ( !strcasecmp(sval,"ABSTRACT") ) {
+ LDAP_FREE(sval);
+ if ( seen_kind ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return(NULL);
+ }
+ seen_kind = 1;
+ oc->oc_kind = LDAP_SCHEMA_ABSTRACT;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"STRUCTURAL") ) {
+ LDAP_FREE(sval);
+ if ( seen_kind ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return(NULL);
+ }
+ seen_kind = 1;
+ oc->oc_kind = LDAP_SCHEMA_STRUCTURAL;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"AUXILIARY") ) {
+ LDAP_FREE(sval);
+ if ( seen_kind ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return(NULL);
+ }
+ seen_kind = 1;
+ oc->oc_kind = LDAP_SCHEMA_AUXILIARY;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"MUST") ) {
+ LDAP_FREE(sval);
+ if ( seen_must ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return(NULL);
+ }
+ seen_must = 1;
+ oc->oc_at_oids_must = parse_oids(&ss,code,0);
+ if ( !oc->oc_at_oids_must && *code != LDAP_SUCCESS ) {
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return NULL;
+ }
+ *code = 0;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"MAY") ) {
+ LDAP_FREE(sval);
+ if ( seen_may ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return(NULL);
+ }
+ seen_may = 1;
+ oc->oc_at_oids_may = parse_oids(&ss,code,0);
+ if ( !oc->oc_at_oids_may && *code != LDAP_SUCCESS ) {
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return NULL;
+ }
+ *code = 0;
+ parse_whsp(&ss);
+ } else if ( sval[0] == 'X' && sval[1] == '-' ) {
+ /* Should be parse_qdstrings */
+ ext_vals = parse_qdescrs(&ss, code);
+ *code = 0;
+ if ( !ext_vals ) {
+ *errp = ss;
+ ldap_objectclass_free(oc);
+ return NULL;
+ }
+ if ( add_extension(&oc->oc_extensions,
+ sval, ext_vals) ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_objectclass_free(oc);
+ return NULL;
+ }
+ } else {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_objectclass_free(oc);
+ return NULL;
+ }
+ break;
+ default:
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_objectclass_free(oc);
+ return NULL;
+ }
+ }
+}
+
+void
+ldap_contentrule_free(LDAPContentRule * cr)
+{
+ LDAP_FREE(cr->cr_oid);
+ if (cr->cr_names) LDAP_VFREE(cr->cr_names);
+ if (cr->cr_desc) LDAP_FREE(cr->cr_desc);
+ if (cr->cr_oc_oids_aux) LDAP_VFREE(cr->cr_oc_oids_aux);
+ if (cr->cr_at_oids_must) LDAP_VFREE(cr->cr_at_oids_must);
+ if (cr->cr_at_oids_may) LDAP_VFREE(cr->cr_at_oids_may);
+ if (cr->cr_at_oids_not) LDAP_VFREE(cr->cr_at_oids_not);
+ free_extensions(cr->cr_extensions);
+ LDAP_FREE(cr);
+}
+
+LDAPContentRule *
+ldap_str2contentrule( LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags )
+{
+ tk_t kind;
+ const char * ss = s;
+ char * sval;
+ int seen_name = 0;
+ int seen_desc = 0;
+ int seen_obsolete = 0;
+ int seen_aux = 0;
+ int seen_must = 0;
+ int seen_may = 0;
+ int seen_not = 0;
+ LDAPContentRule * cr;
+ char ** ext_vals;
+ const char * savepos;
+
+ if ( !s ) {
+ *code = LDAP_SCHERR_EMPTY;
+ *errp = "";
+ return NULL;
+ }
+
+ *errp = s;
+ cr = LDAP_CALLOC(1,sizeof(LDAPContentRule));
+
+ if ( !cr ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ return NULL;
+ }
+
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_LEFTPAREN ) {
+ *code = LDAP_SCHERR_NOLEFTPAREN;
+ LDAP_FREE(sval);
+ ldap_contentrule_free(cr);
+ return NULL;
+ }
+
+ /*
+ * Definitions MUST begin with an OID in the numericoid format.
+ */
+ parse_whsp(&ss);
+ savepos = ss;
+ cr->cr_oid = ldap_int_parse_numericoid(&ss,code,0);
+ if ( !cr->cr_oid ) {
+ if ( (flags & LDAP_SCHEMA_ALLOW_ALL) && (ss == savepos) ) {
+ /* Backtracking */
+ ss = savepos;
+ kind = get_token(&ss,&sval);
+ if ( kind == TK_BAREWORD ) {
+ if ( !strcasecmp(sval, "NAME") ||
+ !strcasecmp(sval, "DESC") ||
+ !strcasecmp(sval, "OBSOLETE") ||
+ !strcasecmp(sval, "AUX") ||
+ !strcasecmp(sval, "MUST") ||
+ !strcasecmp(sval, "MAY") ||
+ !strcasecmp(sval, "NOT") ||
+ !strncasecmp(sval, "X-", 2) ) {
+ /* Missing OID, backtrack */
+ ss = savepos;
+ } else if ( flags &
+ LDAP_SCHEMA_ALLOW_OID_MACRO ) {
+ /* Non-numerical OID, ignore */
+ int len = ss-savepos;
+ cr->cr_oid = LDAP_MALLOC(len+1);
+ strncpy(cr->cr_oid, savepos, len);
+ cr->cr_oid[len] = 0;
+ }
+ }
+ LDAP_FREE(sval);
+ } else {
+ *errp = ss;
+ ldap_contentrule_free(cr);
+ return NULL;
+ }
+ }
+ parse_whsp(&ss);
+
+ /*
+ * Beyond this point we will be liberal an accept the items
+ * in any order.
+ */
+ while (1) {
+ kind = get_token(&ss,&sval);
+ switch (kind) {
+ case TK_EOS:
+ *code = LDAP_SCHERR_NORIGHTPAREN;
+ *errp = ss;
+ ldap_contentrule_free(cr);
+ return NULL;
+ case TK_RIGHTPAREN:
+ return cr;
+ case TK_BAREWORD:
+ if ( !strcasecmp(sval,"NAME") ) {
+ LDAP_FREE(sval);
+ if ( seen_name ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_contentrule_free(cr);
+ return(NULL);
+ }
+ seen_name = 1;
+ cr->cr_names = parse_qdescrs(&ss,code);
+ if ( !cr->cr_names ) {
+ if ( *code != LDAP_SCHERR_OUTOFMEM )
+ *code = LDAP_SCHERR_BADNAME;
+ *errp = ss;
+ ldap_contentrule_free(cr);
+ return NULL;
+ }
+ } else if ( !strcasecmp(sval,"DESC") ) {
+ LDAP_FREE(sval);
+ if ( seen_desc ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_contentrule_free(cr);
+ return(NULL);
+ }
+ seen_desc = 1;
+ parse_whsp(&ss);
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_QDSTRING ) {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_contentrule_free(cr);
+ return NULL;
+ }
+ cr->cr_desc = sval;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"OBSOLETE") ) {
+ LDAP_FREE(sval);
+ if ( seen_obsolete ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_contentrule_free(cr);
+ return(NULL);
+ }
+ seen_obsolete = 1;
+ cr->cr_obsolete = LDAP_SCHEMA_YES;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"AUX") ) {
+ LDAP_FREE(sval);
+ if ( seen_aux ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_contentrule_free(cr);
+ return(NULL);
+ }
+ seen_aux = 1;
+ cr->cr_oc_oids_aux = parse_oids(&ss,code,0);
+ if ( !cr->cr_oc_oids_aux ) {
+ *errp = ss;
+ ldap_contentrule_free(cr);
+ return NULL;
+ }
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"MUST") ) {
+ LDAP_FREE(sval);
+ if ( seen_must ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_contentrule_free(cr);
+ return(NULL);
+ }
+ seen_must = 1;
+ cr->cr_at_oids_must = parse_oids(&ss,code,0);
+ if ( !cr->cr_at_oids_must && *code != LDAP_SUCCESS ) {
+ *errp = ss;
+ ldap_contentrule_free(cr);
+ return NULL;
+ }
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"MAY") ) {
+ LDAP_FREE(sval);
+ if ( seen_may ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_contentrule_free(cr);
+ return(NULL);
+ }
+ seen_may = 1;
+ cr->cr_at_oids_may = parse_oids(&ss,code,0);
+ if ( !cr->cr_at_oids_may && *code != LDAP_SUCCESS ) {
+ *errp = ss;
+ ldap_contentrule_free(cr);
+ return NULL;
+ }
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"NOT") ) {
+ LDAP_FREE(sval);
+ if ( seen_not ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_contentrule_free(cr);
+ return(NULL);
+ }
+ seen_not = 1;
+ cr->cr_at_oids_not = parse_oids(&ss,code,0);
+ if ( !cr->cr_at_oids_not && *code != LDAP_SUCCESS ) {
+ *errp = ss;
+ ldap_contentrule_free(cr);
+ return NULL;
+ }
+ parse_whsp(&ss);
+ } else if ( sval[0] == 'X' && sval[1] == '-' ) {
+ /* Should be parse_qdstrings */
+ ext_vals = parse_qdescrs(&ss, code);
+ if ( !ext_vals ) {
+ *errp = ss;
+ ldap_contentrule_free(cr);
+ return NULL;
+ }
+ if ( add_extension(&cr->cr_extensions,
+ sval, ext_vals) ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_contentrule_free(cr);
+ return NULL;
+ }
+ } else {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_contentrule_free(cr);
+ return NULL;
+ }
+ break;
+ default:
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_contentrule_free(cr);
+ return NULL;
+ }
+ }
+}
+
+void
+ldap_structurerule_free(LDAPStructureRule * sr)
+{
+ if (sr->sr_names) LDAP_VFREE(sr->sr_names);
+ if (sr->sr_desc) LDAP_FREE(sr->sr_desc);
+ if (sr->sr_nameform) LDAP_FREE(sr->sr_nameform);
+ if (sr->sr_sup_ruleids) LDAP_FREE(sr->sr_sup_ruleids);
+ free_extensions(sr->sr_extensions);
+ LDAP_FREE(sr);
+}
+
+LDAPStructureRule *
+ldap_str2structurerule( LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags )
+{
+ tk_t kind;
+ int ret;
+ const char * ss = s;
+ char * sval;
+ int seen_name = 0;
+ int seen_desc = 0;
+ int seen_obsolete = 0;
+ int seen_nameform = 0;
+ LDAPStructureRule * sr;
+ char ** ext_vals;
+ const char * savepos;
+
+ if ( !s ) {
+ *code = LDAP_SCHERR_EMPTY;
+ *errp = "";
+ return NULL;
+ }
+
+ *errp = s;
+ sr = LDAP_CALLOC(1,sizeof(LDAPStructureRule));
+
+ if ( !sr ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ return NULL;
+ }
+
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_LEFTPAREN ) {
+ *code = LDAP_SCHERR_NOLEFTPAREN;
+ LDAP_FREE(sval);
+ ldap_structurerule_free(sr);
+ return NULL;
+ }
+
+ /*
+ * Definitions MUST begin with a ruleid.
+ */
+ parse_whsp(&ss);
+ savepos = ss;
+ ret = ldap_int_parse_ruleid(&ss,code,0,&sr->sr_ruleid);
+ if ( ret ) {
+ *errp = ss;
+ ldap_structurerule_free(sr);
+ return NULL;
+ }
+ parse_whsp(&ss);
+
+ /*
+ * Beyond this point we will be liberal an accept the items
+ * in any order.
+ */
+ while (1) {
+ kind = get_token(&ss,&sval);
+ switch (kind) {
+ case TK_EOS:
+ *code = LDAP_SCHERR_NORIGHTPAREN;
+ *errp = ss;
+ ldap_structurerule_free(sr);
+ return NULL;
+ case TK_RIGHTPAREN:
+ if( !seen_nameform ) {
+ *code = LDAP_SCHERR_MISSING;
+ ldap_structurerule_free(sr);
+ return NULL;
+ }
+ return sr;
+ case TK_BAREWORD:
+ if ( !strcasecmp(sval,"NAME") ) {
+ LDAP_FREE(sval);
+ if ( seen_name ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_structurerule_free(sr);
+ return(NULL);
+ }
+ seen_name = 1;
+ sr->sr_names = parse_qdescrs(&ss,code);
+ if ( !sr->sr_names ) {
+ if ( *code != LDAP_SCHERR_OUTOFMEM )
+ *code = LDAP_SCHERR_BADNAME;
+ *errp = ss;
+ ldap_structurerule_free(sr);
+ return NULL;
+ }
+ } else if ( !strcasecmp(sval,"DESC") ) {
+ LDAP_FREE(sval);
+ if ( seen_desc ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_structurerule_free(sr);
+ return(NULL);
+ }
+ seen_desc = 1;
+ parse_whsp(&ss);
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_QDSTRING ) {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_structurerule_free(sr);
+ return NULL;
+ }
+ sr->sr_desc = sval;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"OBSOLETE") ) {
+ LDAP_FREE(sval);
+ if ( seen_obsolete ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_structurerule_free(sr);
+ return(NULL);
+ }
+ seen_obsolete = 1;
+ sr->sr_obsolete = LDAP_SCHEMA_YES;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"FORM") ) {
+ LDAP_FREE(sval);
+ if ( seen_nameform ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_structurerule_free(sr);
+ return(NULL);
+ }
+ seen_nameform = 1;
+ sr->sr_nameform = parse_woid(&ss,code);
+ if ( !sr->sr_nameform ) {
+ *errp = ss;
+ ldap_structurerule_free(sr);
+ return NULL;
+ }
+ parse_whsp(&ss);
+ } else if ( sval[0] == 'X' && sval[1] == '-' ) {
+ /* Should be parse_qdstrings */
+ ext_vals = parse_qdescrs(&ss, code);
+ if ( !ext_vals ) {
+ *errp = ss;
+ ldap_structurerule_free(sr);
+ return NULL;
+ }
+ if ( add_extension(&sr->sr_extensions,
+ sval, ext_vals) ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_structurerule_free(sr);
+ return NULL;
+ }
+ } else {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_structurerule_free(sr);
+ return NULL;
+ }
+ break;
+ default:
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_structurerule_free(sr);
+ return NULL;
+ }
+ }
+}
+
+void
+ldap_nameform_free(LDAPNameForm * nf)
+{
+ LDAP_FREE(nf->nf_oid);
+ if (nf->nf_names) LDAP_VFREE(nf->nf_names);
+ if (nf->nf_desc) LDAP_FREE(nf->nf_desc);
+ if (nf->nf_objectclass) LDAP_FREE(nf->nf_objectclass);
+ if (nf->nf_at_oids_must) LDAP_VFREE(nf->nf_at_oids_must);
+ if (nf->nf_at_oids_may) LDAP_VFREE(nf->nf_at_oids_may);
+ free_extensions(nf->nf_extensions);
+ LDAP_FREE(nf);
+}
+
+LDAPNameForm *
+ldap_str2nameform( LDAP_CONST char * s,
+ int * code,
+ LDAP_CONST char ** errp,
+ LDAP_CONST unsigned flags )
+{
+ tk_t kind;
+ const char * ss = s;
+ char * sval;
+ int seen_name = 0;
+ int seen_desc = 0;
+ int seen_obsolete = 0;
+ int seen_class = 0;
+ int seen_must = 0;
+ int seen_may = 0;
+ LDAPNameForm * nf;
+ char ** ext_vals;
+ const char * savepos;
+
+ if ( !s ) {
+ *code = LDAP_SCHERR_EMPTY;
+ *errp = "";
+ return NULL;
+ }
+
+ *errp = s;
+ nf = LDAP_CALLOC(1,sizeof(LDAPNameForm));
+
+ if ( !nf ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ return NULL;
+ }
+
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_LEFTPAREN ) {
+ *code = LDAP_SCHERR_NOLEFTPAREN;
+ LDAP_FREE(sval);
+ ldap_nameform_free(nf);
+ return NULL;
+ }
+
+ /*
+ * Definitions MUST begin with an OID in the numericoid format.
+ * However, this routine is used by clients to parse the response
+ * from servers and very well known servers will provide an OID
+ * in the wrong format or even no OID at all. We do our best to
+ * extract info from those servers.
+ */
+ parse_whsp(&ss);
+ savepos = ss;
+ nf->nf_oid = ldap_int_parse_numericoid(&ss,code,0);
+ if ( !nf->nf_oid ) {
+ *errp = ss;
+ ldap_nameform_free(nf);
+ return NULL;
+ }
+ parse_whsp(&ss);
+
+ /*
+ * Beyond this point we will be liberal an accept the items
+ * in any order.
+ */
+ while (1) {
+ kind = get_token(&ss,&sval);
+ switch (kind) {
+ case TK_EOS:
+ *code = LDAP_SCHERR_NORIGHTPAREN;
+ *errp = ss;
+ ldap_nameform_free(nf);
+ return NULL;
+ case TK_RIGHTPAREN:
+ if( !seen_class || !seen_must ) {
+ *code = LDAP_SCHERR_MISSING;
+ ldap_nameform_free(nf);
+ return NULL;
+ }
+ return nf;
+ case TK_BAREWORD:
+ if ( !strcasecmp(sval,"NAME") ) {
+ LDAP_FREE(sval);
+ if ( seen_name ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_nameform_free(nf);
+ return(NULL);
+ }
+ seen_name = 1;
+ nf->nf_names = parse_qdescrs(&ss,code);
+ if ( !nf->nf_names ) {
+ if ( *code != LDAP_SCHERR_OUTOFMEM )
+ *code = LDAP_SCHERR_BADNAME;
+ *errp = ss;
+ ldap_nameform_free(nf);
+ return NULL;
+ }
+ } else if ( !strcasecmp(sval,"DESC") ) {
+ LDAP_FREE(sval);
+ if ( seen_desc ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_nameform_free(nf);
+ return(NULL);
+ }
+ seen_desc = 1;
+ parse_whsp(&ss);
+ kind = get_token(&ss,&sval);
+ if ( kind != TK_QDSTRING ) {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_nameform_free(nf);
+ return NULL;
+ }
+ nf->nf_desc = sval;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"OBSOLETE") ) {
+ LDAP_FREE(sval);
+ if ( seen_obsolete ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_nameform_free(nf);
+ return(NULL);
+ }
+ seen_obsolete = 1;
+ nf->nf_obsolete = LDAP_SCHEMA_YES;
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"OC") ) {
+ LDAP_FREE(sval);
+ if ( seen_class ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_nameform_free(nf);
+ return(NULL);
+ }
+ seen_class = 1;
+ nf->nf_objectclass = parse_woid(&ss,code);
+ if ( !nf->nf_objectclass ) {
+ *errp = ss;
+ ldap_nameform_free(nf);
+ return NULL;
+ }
+ } else if ( !strcasecmp(sval,"MUST") ) {
+ LDAP_FREE(sval);
+ if ( seen_must ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_nameform_free(nf);
+ return(NULL);
+ }
+ seen_must = 1;
+ nf->nf_at_oids_must = parse_oids(&ss,code,0);
+ if ( !nf->nf_at_oids_must && *code != LDAP_SUCCESS ) {
+ *errp = ss;
+ ldap_nameform_free(nf);
+ return NULL;
+ }
+ parse_whsp(&ss);
+ } else if ( !strcasecmp(sval,"MAY") ) {
+ LDAP_FREE(sval);
+ if ( seen_may ) {
+ *code = LDAP_SCHERR_DUPOPT;
+ *errp = ss;
+ ldap_nameform_free(nf);
+ return(NULL);
+ }
+ seen_may = 1;
+ nf->nf_at_oids_may = parse_oids(&ss,code,0);
+ if ( !nf->nf_at_oids_may && *code != LDAP_SUCCESS ) {
+ *errp = ss;
+ ldap_nameform_free(nf);
+ return NULL;
+ }
+ parse_whsp(&ss);
+ } else if ( sval[0] == 'X' && sval[1] == '-' ) {
+ /* Should be parse_qdstrings */
+ ext_vals = parse_qdescrs(&ss, code);
+ if ( !ext_vals ) {
+ *errp = ss;
+ ldap_nameform_free(nf);
+ return NULL;
+ }
+ if ( add_extension(&nf->nf_extensions,
+ sval, ext_vals) ) {
+ *code = LDAP_SCHERR_OUTOFMEM;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_nameform_free(nf);
+ return NULL;
+ }
+ } else {
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_nameform_free(nf);
+ return NULL;
+ }
+ break;
+ default:
+ *code = LDAP_SCHERR_UNEXPTOKEN;
+ *errp = ss;
+ LDAP_FREE(sval);
+ ldap_nameform_free(nf);
+ return NULL;
+ }
+ }
+}
+
+static char *const err2text[] = {
+ N_("Success"),
+ N_("Out of memory"),
+ N_("Unexpected token"),
+ N_("Missing opening parenthesis"),
+ N_("Missing closing parenthesis"),
+ N_("Expecting digit"),
+ N_("Expecting a name"),
+ N_("Bad description"),
+ N_("Bad superiors"),
+ N_("Duplicate option"),
+ N_("Unexpected end of data"),
+ N_("Missing required field"),
+ N_("Out of order field")
+};
+
+char *
+ldap_scherr2str(int code)
+{
+ if ( code < 0 || code >= (int)(sizeof(err2text)/sizeof(char *)) ) {
+ return _("Unknown error");
+ } else {
+ return _(err2text[code]);
+ }
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/search.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/search.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/search.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,487 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/search.c,v 1.64.2.8 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+#include "ldap_log.h"
+
+/*
+ * ldap_search_ext - initiate an ldap search operation.
+ *
+ * Parameters:
+ *
+ * ld LDAP descriptor
+ * base DN of the base object
+ * scope the search scope - one of
+ * LDAP_SCOPE_BASE (baseObject),
+ * LDAP_SCOPE_ONELEVEL (oneLevel),
+ * LDAP_SCOPE_SUBTREE (subtree), or
+ * LDAP_SCOPE_SUBORDINATE (children) -- OpenLDAP extension
+ * filter a string containing the search filter
+ * (e.g., "(|(cn=bob)(sn=bob))")
+ * attrs list of attribute types to return for matches
+ * attrsonly 1 => attributes only 0 => attributes and values
+ *
+ * Example:
+ * char *attrs[] = { "mail", "title", 0 };
+ * ldap_search_ext( ld, "dc=example,dc=com", LDAP_SCOPE_SUBTREE, "cn~=bob",
+ * attrs, attrsonly, sctrls, ctrls, timeout, sizelimit,
+ * &msgid );
+ */
+int
+ldap_search_ext(
+ LDAP *ld,
+ LDAP_CONST char *base,
+ int scope,
+ LDAP_CONST char *filter,
+ char **attrs,
+ int attrsonly,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ struct timeval *timeout,
+ int sizelimit,
+ int *msgidp )
+{
+ int rc;
+ BerElement *ber;
+ int timelimit;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+
+ /* check client controls */
+ rc = ldap_int_client_controls( ld, cctrls );
+ if( rc != LDAP_SUCCESS ) return rc;
+
+ /*
+ * if timeout is provided, both tv_sec and tv_usec must
+ * not be zero
+ */
+ if( timeout != NULL ) {
+ if( timeout->tv_sec == 0 && timeout->tv_usec == 0 ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ /* timelimit must be non-zero if timeout is provided */
+ timelimit = timeout->tv_sec != 0 ? timeout->tv_sec : 1;
+
+ } else {
+ /* no timeout, no timelimit */
+ timelimit = -1;
+ }
+
+ ber = ldap_build_search_req( ld, base, scope, filter, attrs,
+ attrsonly, sctrls, cctrls, timelimit, sizelimit, &id );
+
+ if ( ber == NULL ) {
+ return ld->ld_errno;
+ }
+
+
+ /* send the message */
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber, id );
+
+ if( *msgidp < 0 )
+ return ld->ld_errno;
+
+ return LDAP_SUCCESS;
+}
+
+int
+ldap_search_ext_s(
+ LDAP *ld,
+ LDAP_CONST char *base,
+ int scope,
+ LDAP_CONST char *filter,
+ char **attrs,
+ int attrsonly,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ struct timeval *timeout,
+ int sizelimit,
+ LDAPMessage **res )
+{
+ int rc;
+ int msgid;
+
+ rc = ldap_search_ext( ld, base, scope, filter, attrs, attrsonly,
+ sctrls, cctrls, timeout, sizelimit, &msgid );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return( rc );
+ }
+
+ rc = ldap_result( ld, msgid, 1, timeout, res );
+
+ if( rc <= 0 ) {
+ /* error(-1) or timeout(0) */
+ return( ld->ld_errno );
+ }
+
+ if( rc == LDAP_RES_SEARCH_REFERENCE || rc == LDAP_RES_INTERMEDIATE ) {
+ return( ld->ld_errno );
+ }
+
+ return( ldap_result2error( ld, *res, 0 ) );
+}
+
+/*
+ * ldap_search - initiate an ldap search operation.
+ *
+ * Parameters:
+ *
+ * ld LDAP descriptor
+ * base DN of the base object
+ * scope the search scope - one of
+ * LDAP_SCOPE_BASE (baseObject),
+ * LDAP_SCOPE_ONELEVEL (oneLevel),
+ * LDAP_SCOPE_SUBTREE (subtree), or
+ * LDAP_SCOPE_SUBORDINATE (children) -- OpenLDAP extension
+ * filter a string containing the search filter
+ * (e.g., "(|(cn=bob)(sn=bob))")
+ * attrs list of attribute types to return for matches
+ * attrsonly 1 => attributes only 0 => attributes and values
+ *
+ * Example:
+ * char *attrs[] = { "mail", "title", 0 };
+ * msgid = ldap_search( ld, "dc=example,dc=com", LDAP_SCOPE_SUBTREE, "cn~=bob",
+ * attrs, attrsonly );
+ */
+int
+ldap_search(
+ LDAP *ld, LDAP_CONST char *base, int scope, LDAP_CONST char *filter,
+ char **attrs, int attrsonly )
+{
+ BerElement *ber;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+
+ ber = ldap_build_search_req( ld, base, scope, filter, attrs,
+ attrsonly, NULL, NULL, -1, -1, &id );
+
+ if ( ber == NULL ) {
+ return( -1 );
+ }
+
+
+ /* send the message */
+ return ( ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber, id ));
+}
+
+
+BerElement *
+ldap_build_search_req(
+ LDAP *ld,
+ LDAP_CONST char *base,
+ ber_int_t scope,
+ LDAP_CONST char *filter,
+ char **attrs,
+ ber_int_t attrsonly,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ ber_int_t timelimit,
+ ber_int_t sizelimit,
+ ber_int_t *idp)
+{
+ BerElement *ber;
+ int err;
+
+ /*
+ * Create the search request. It looks like this:
+ * SearchRequest := [APPLICATION 3] SEQUENCE {
+ * baseObject DistinguishedName,
+ * scope ENUMERATED {
+ * baseObject (0),
+ * singleLevel (1),
+ * wholeSubtree (2)
+ * },
+ * derefAliases ENUMERATED {
+ * neverDerefaliases (0),
+ * derefInSearching (1),
+ * derefFindingBaseObj (2),
+ * alwaysDerefAliases (3)
+ * },
+ * sizelimit INTEGER (0 .. 65535),
+ * timelimit INTEGER (0 .. 65535),
+ * attrsOnly BOOLEAN,
+ * filter Filter,
+ * attributes SEQUENCE OF AttributeType
+ * }
+ * wrapped in an ldap message.
+ */
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ return( NULL );
+ }
+
+ if ( base == NULL ) {
+ /* no base provided, use session default base */
+ base = ld->ld_options.ldo_defbase;
+
+ if ( base == NULL ) {
+ /* no session default base, use top */
+ base = "";
+ }
+ }
+
+ LDAP_NEXT_MSGID( ld, *idp );
+#ifdef LDAP_CONNECTIONLESS
+ if ( LDAP_IS_UDP(ld) ) {
+ err = ber_write( ber, ld->ld_options.ldo_peer,
+ sizeof(struct sockaddr), 0);
+ }
+ if ( LDAP_IS_UDP(ld) && ld->ld_options.ldo_version == LDAP_VERSION2) {
+ char *dn = ld->ld_options.ldo_cldapdn;
+ if (!dn) dn = "";
+ err = ber_printf( ber, "{ist{seeiib", *idp, dn,
+ LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
+ (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
+ (timelimit < 0) ? ld->ld_timelimit : timelimit,
+ attrsonly );
+ } else
+#endif
+ {
+ err = ber_printf( ber, "{it{seeiib", *idp,
+ LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
+ (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
+ (timelimit < 0) ? ld->ld_timelimit : timelimit,
+ attrsonly );
+ }
+
+ if ( err == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( NULL );
+ }
+
+ if( filter == NULL ) {
+ filter = "(objectclass=*)";
+ }
+
+ err = ldap_pvt_put_filter( ber, filter );
+
+ if ( err == -1 ) {
+ ld->ld_errno = LDAP_FILTER_ERROR;
+ ber_free( ber, 1 );
+ return( NULL );
+ }
+
+#ifdef LDAP_DEBUG
+ if ( ldap_debug & LDAP_DEBUG_ARGS ) {
+ if ( attrs == NULL ) {
+ Debug( LDAP_DEBUG_ARGS, "ldap_build_search_req ATTRS: *\n", 0, 0, 0 );
+
+ } else {
+ int i;
+
+ Debug( LDAP_DEBUG_ARGS, "ldap_build_search_req ATTRS:\n", 0, 0, 0 );
+
+ for ( i = 0; attrs[ i ]; i++ ) {
+ Debug( LDAP_DEBUG_ARGS, " %s\n", attrs[ i ], 0, 0 );
+ }
+ }
+ }
+#endif /* LDAP_DEBUG */
+
+ if ( ber_printf( ber, /*{*/ "{v}N}", attrs ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( NULL );
+ }
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return( NULL );
+ }
+
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( NULL );
+ }
+
+ return( ber );
+}
+
+int
+ldap_search_st(
+ LDAP *ld, LDAP_CONST char *base, int scope,
+ LDAP_CONST char *filter, char **attrs,
+ int attrsonly, struct timeval *timeout, LDAPMessage **res )
+{
+ int msgid;
+
+ if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
+ == -1 )
+ return( ld->ld_errno );
+
+ if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 )
+ return( ld->ld_errno );
+
+ if ( ld->ld_errno == LDAP_TIMEOUT ) {
+ (void) ldap_abandon( ld, msgid );
+ ld->ld_errno = LDAP_TIMEOUT;
+ return( ld->ld_errno );
+ }
+
+ return( ldap_result2error( ld, *res, 0 ) );
+}
+
+int
+ldap_search_s(
+ LDAP *ld,
+ LDAP_CONST char *base,
+ int scope,
+ LDAP_CONST char *filter,
+ char **attrs,
+ int attrsonly,
+ LDAPMessage **res )
+{
+ int msgid;
+
+ if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
+ == -1 )
+ return( ld->ld_errno );
+
+ if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, res ) == -1 )
+ return( ld->ld_errno );
+
+ return( ldap_result2error( ld, *res, 0 ) );
+}
+
+static char escape[128] = {
+ 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1,
+
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 1, 1, 1, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 1, 0, 0, 0,
+
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 1
+};
+#define NEEDFLTESCAPE(c) ((c) & 0x80 || escape[ (unsigned)(c) ])
+
+/*
+ * compute the length of the escaped value;
+ * returns ((ber_len_t)(-1)) if no escaping is required.
+ */
+ber_len_t
+ldap_bv2escaped_filter_value_len( struct berval *in )
+{
+ ber_len_t i, l;
+
+ assert( in != NULL );
+
+ if ( in->bv_len == 0 ) {
+ return 0;
+ }
+
+ /* assume we'll escape everything */
+ for( l = 0, i = 0; i < in->bv_len; l++, i++ ) {
+ char c = in->bv_val[ i ];
+ if ( NEEDFLTESCAPE( c ) ) {
+ l += 2;
+ }
+ }
+
+ return l;
+}
+
+int
+ldap_bv2escaped_filter_value( struct berval *in, struct berval *out )
+{
+ return ldap_bv2escaped_filter_value_x( in, out, 0, NULL );
+}
+
+int
+ldap_bv2escaped_filter_value_x( struct berval *in, struct berval *out, int inplace, void *ctx )
+{
+ ber_len_t i, l;
+
+ assert( in != NULL );
+ assert( out != NULL );
+
+ BER_BVZERO( out );
+
+ if ( in->bv_len == 0 ) {
+ return 0;
+ }
+
+ /* assume we'll escape everything */
+ l = ldap_bv2escaped_filter_value_len( in );
+ if ( l == in->bv_len ) {
+ if ( inplace ) {
+ *out = *in;
+ } else {
+ ber_dupbv( out, in );
+ }
+ return 0;
+ }
+ out->bv_val = LDAP_MALLOCX( l + 1, ctx );
+ if ( out->bv_val == NULL ) {
+ return -1;
+ }
+
+ for ( i = 0; i < in->bv_len; i++ ) {
+ char c = in->bv_val[ i ];
+ if ( NEEDFLTESCAPE( c ) ) {
+ assert( out->bv_len < l - 2 );
+ out->bv_val[out->bv_len++] = '\\';
+ out->bv_val[out->bv_len++] = "0123456789ABCDEF"[0x0f & (c>>4)];
+ out->bv_val[out->bv_len++] = "0123456789ABCDEF"[0x0f & c];
+
+ } else {
+ assert( out->bv_len < l );
+ out->bv_val[out->bv_len++] = c;
+ }
+ }
+
+ out->bv_val[out->bv_len] = '\0';
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/sort.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/sort.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/sort.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,183 @@
+/* sort.c -- LDAP library entry and value sort routines */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/sort.c,v 1.25.2.4 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1994 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+
+#include "ldap-int.h"
+
+struct entrything {
+ char **et_vals;
+ LDAPMessage *et_msg;
+ int (*et_cmp_fn) LDAP_P((const char *a, const char *b));
+};
+
+static int et_cmp LDAP_P(( const void *aa, const void *bb));
+
+
+int
+ldap_sort_strcasecmp(
+ LDAP_CONST void *a,
+ LDAP_CONST void *b
+)
+{
+ return( strcasecmp( *(char *const *)a, *(char *const *)b ) );
+}
+
+static int
+et_cmp(
+ const void *aa,
+ const void *bb
+)
+{
+ int i, rc;
+ const struct entrything *a = (const struct entrything *)aa;
+ const struct entrything *b = (const struct entrything *)bb;
+
+ if ( a->et_vals == NULL && b->et_vals == NULL )
+ return( 0 );
+ if ( a->et_vals == NULL )
+ return( -1 );
+ if ( b->et_vals == NULL )
+ return( 1 );
+
+ for ( i = 0; a->et_vals[i] && b->et_vals[i]; i++ ) {
+ if ( (rc = a->et_cmp_fn( a->et_vals[i], b->et_vals[i] )) != 0 ) {
+ return( rc );
+ }
+ }
+
+ if ( a->et_vals[i] == NULL && b->et_vals[i] == NULL )
+ return( 0 );
+ if ( a->et_vals[i] == NULL )
+ return( -1 );
+ return( 1 );
+}
+
+int
+ldap_sort_entries(
+ LDAP *ld,
+ LDAPMessage **chain,
+ LDAP_CONST char *attr, /* NULL => sort by DN */
+ int (*cmp) (LDAP_CONST char *, LDAP_CONST char *)
+)
+{
+ int i, count = 0;
+ struct entrything *et;
+ LDAPMessage *e, *ehead = NULL, *etail = NULL;
+ LDAPMessage *ohead = NULL, *otail = NULL;
+ LDAPMessage **ep;
+
+ assert( ld != NULL );
+
+ /* Separate entries from non-entries */
+ for ( e = *chain; e; e=e->lm_chain ) {
+ if ( e->lm_msgtype == LDAP_RES_SEARCH_ENTRY ) {
+ count++;
+ if ( !ehead ) ehead = e;
+ if ( etail ) etail->lm_chain = e;
+ etail = e;
+ } else {
+ if ( !ohead ) ohead = e;
+ if ( otail ) otail->lm_chain = e;
+ otail = e;
+ }
+ }
+
+ if ( count < 2 ) {
+ /* zero or one entries -- already sorted! */
+ if ( ehead ) {
+ etail->lm_chain = ohead;
+ *chain = ehead;
+ } else {
+ *chain = ohead;
+ }
+ return 0;
+ }
+
+ if ( (et = (struct entrything *) LDAP_MALLOC( count *
+ sizeof(struct entrything) )) == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return( -1 );
+ }
+
+ e = ehead;
+ for ( i = 0; i < count; i++ ) {
+ et[i].et_cmp_fn = cmp;
+ et[i].et_msg = e;
+ if ( attr == NULL ) {
+ char *dn;
+
+ dn = ldap_get_dn( ld, e );
+ et[i].et_vals = ldap_explode_dn( dn, 1 );
+ LDAP_FREE( dn );
+ } else {
+ et[i].et_vals = ldap_get_values( ld, e, attr );
+ }
+
+ e = e->lm_chain;
+ }
+
+ qsort( et, count, sizeof(struct entrything), et_cmp );
+
+ ep = chain;
+ for ( i = 0; i < count; i++ ) {
+ *ep = et[i].et_msg;
+ ep = &(*ep)->lm_chain;
+
+ LDAP_VFREE( et[i].et_vals );
+ }
+ *ep = ohead;
+ (*chain)->lm_chain_tail = otail ? otail : etail;
+
+ LDAP_FREE( (char *) et );
+
+ return( 0 );
+}
+
+int
+ldap_sort_values(
+ LDAP *ld,
+ char **vals,
+ int (*cmp) (LDAP_CONST void *, LDAP_CONST void *)
+)
+{
+ int nel;
+
+ for ( nel = 0; vals[nel] != NULL; nel++ )
+ ; /* NULL */
+
+ qsort( vals, nel, sizeof(char *), cmp );
+
+ return( 0 );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/sortctrl.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/sortctrl.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/sortctrl.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,480 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/sortctrl.c,v 1.12.2.3 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
+ *
+ * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND
+ * TREATIES. USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT
+ * TO VERSION 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS
+ * AVAILABLE AT HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE"
+ * IN THE TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION
+ * OF THIS WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP
+ * PUBLIC LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT
+ * THE PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
+ */
+/* Note: A verbatim copy of version 2.0.1 of the OpenLDAP Public License
+ * can be found in the file "build/LICENSE-2.0.1" in this distribution
+ * of OpenLDAP Software.
+ */
+/* Portions Copyright (C) The Internet Society (1997)
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+#define LDAP_MATCHRULE_IDENTIFIER 0x80L
+#define LDAP_REVERSEORDER_IDENTIFIER 0x81L
+#define LDAP_ATTRTYPES_IDENTIFIER 0x80L
+
+
+
+/* ---------------------------------------------------------------------------
+ countKeys
+
+ Internal function to determine the number of keys in the string.
+
+ keyString (IN) String of items separated by whitespace.
+ ---------------------------------------------------------------------------*/
+
+static int countKeys(char *keyString)
+{
+ char *p = keyString;
+ int count = 0;
+
+ for (;;)
+ {
+ while (LDAP_SPACE(*p)) /* Skip leading whitespace */
+ p++;
+
+ if (*p == '\0') /* End of string? */
+ return count;
+
+ count++; /* Found start of a key */
+
+ while (!LDAP_SPACE(*p)) /* Skip till next space or end of string. */
+ if (*p++ == '\0')
+ return count;
+ }
+}
+
+
+/* ---------------------------------------------------------------------------
+ readNextKey
+
+ Internal function to parse the next sort key in the string.
+ Allocate an LDAPSortKey structure and initialize it with
+ attribute name, reverse flag, and matching rule OID.
+
+ Each sort key in the string has the format:
+ [whitespace][-]attribute[:[OID]]
+
+ pNextKey (IN/OUT) Points to the next key in the sortkey string to parse.
+ The pointer is updated to point to the next character
+ after the sortkey being parsed.
+
+ key (OUT) Points to the address of an LDAPSortKey stucture
+ which has been allocated by this routine and
+ initialized with information from the next sortkey.
+ ---------------------------------------------------------------------------*/
+
+static int readNextKey( char **pNextKey, LDAPSortKey **key)
+{
+ char *p = *pNextKey;
+ int rev = 0;
+ char *attrStart;
+ int attrLen;
+ char *oidStart = NULL;
+ int oidLen = 0;
+
+ /* Skip leading white space. */
+ while (LDAP_SPACE(*p))
+ p++;
+
+ if (*p == '-') /* Check if the reverse flag is present. */
+ {
+ rev=1;
+ p++;
+ }
+
+ /* We're now positioned at the start of the attribute. */
+ attrStart = p;
+
+ /* Get the length of the attribute until the next whitespace or ":". */
+ attrLen = strcspn(p, " \t:");
+ p += attrLen;
+
+ if (attrLen == 0) /* If no attribute name was present, quit. */
+ return LDAP_PARAM_ERROR;
+
+ if (*p == ':')
+ {
+ oidStart = ++p; /* Start of the OID, after the colon */
+ oidLen = strcspn(p, " \t"); /* Get length of OID till next whitespace */
+ p += oidLen;
+ }
+
+ *pNextKey = p; /* Update argument to point to next key */
+
+ /* Allocate an LDAPSortKey structure */
+ *key = LDAP_MALLOC(sizeof(LDAPSortKey));
+ if (*key == NULL) return LDAP_NO_MEMORY;
+
+ /* Allocate memory for the attribute and copy to it. */
+ (*key)->attributeType = LDAP_MALLOC(attrLen+1);
+ if ((*key)->attributeType == NULL) {
+ LDAP_FREE(*key);
+ return LDAP_NO_MEMORY;
+ }
+
+ strncpy((*key)->attributeType, attrStart, attrLen);
+ (*key)->attributeType[attrLen] = 0;
+
+ /* If present, allocate memory for the OID and copy to it. */
+ if (oidLen) {
+ (*key)->orderingRule = LDAP_MALLOC(oidLen+1);
+ if ((*key)->orderingRule == NULL) {
+ LDAP_FREE((*key)->attributeType);
+ LDAP_FREE(*key);
+ return LDAP_NO_MEMORY;
+ }
+ strncpy((*key)->orderingRule, oidStart, oidLen);
+ (*key)->orderingRule[oidLen] = 0;
+
+ } else {
+ (*key)->orderingRule = NULL;
+ }
+
+ (*key)->reverseOrder = rev;
+
+ return LDAP_SUCCESS;
+}
+
+
+/* ---------------------------------------------------------------------------
+ ldap_create_sort_keylist
+
+ Create an array of pointers to LDAPSortKey structures, containing the
+ information specified by the string representation of one or more
+ sort keys.
+
+ sortKeyList (OUT) Points to a null-terminated array of pointers to
+ LDAPSortKey structures allocated by this routine.
+ This memory SHOULD be freed by the calling program
+ using ldap_free_sort_keylist().
+
+ keyString (IN) Points to a string of one or more sort keys.
+
+ ---------------------------------------------------------------------------*/
+
+int
+ldap_create_sort_keylist ( LDAPSortKey ***sortKeyList, char *keyString )
+{
+ int numKeys, rc, i;
+ char *nextKey;
+ LDAPSortKey **keyList = NULL;
+
+ assert( sortKeyList != NULL );
+ assert( keyString != NULL );
+
+ *sortKeyList = NULL;
+
+ /* Determine the number of sort keys so we can allocate memory. */
+ if (( numKeys = countKeys(keyString)) == 0) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ /* Allocate the array of pointers. Initialize to NULL. */
+ keyList=(LDAPSortKey**)LBER_CALLOC(numKeys+1, sizeof(LDAPSortKey*));
+ if ( keyList == NULL) return LDAP_NO_MEMORY;
+
+ /* For each sort key in the string, create an LDAPSortKey structure
+ and add it to the list.
+ */
+ nextKey = keyString; /* Points to the next key in the string */
+ for (i=0; i < numKeys; i++) {
+ rc = readNextKey(&nextKey, &keyList[i]);
+
+ if (rc != LDAP_SUCCESS) {
+ ldap_free_sort_keylist(keyList);
+ return rc;
+ }
+ }
+
+ *sortKeyList = keyList;
+ return LDAP_SUCCESS;
+}
+
+
+/* ---------------------------------------------------------------------------
+ ldap_free_sort_keylist
+
+ Frees the sort key structures created by ldap_create_sort_keylist().
+ Frees the memory referenced by the LDAPSortKey structures,
+ the LDAPSortKey structures themselves, and the array of pointers
+ to the structures.
+
+ keyList (IN) Points to an array of pointers to LDAPSortKey structures.
+ ---------------------------------------------------------------------------*/
+
+void
+ldap_free_sort_keylist ( LDAPSortKey **keyList )
+{
+ int i;
+ LDAPSortKey *nextKeyp;
+
+ if (keyList == NULL) return;
+
+ i=0;
+ while ( 0 != (nextKeyp = keyList[i++]) ) {
+ if (nextKeyp->attributeType) {
+ LBER_FREE(nextKeyp->attributeType);
+ }
+
+ if (nextKeyp->orderingRule != NULL) {
+ LBER_FREE(nextKeyp->orderingRule);
+ }
+
+ LBER_FREE(nextKeyp);
+ }
+
+ LBER_FREE(keyList);
+}
+
+
+/* ---------------------------------------------------------------------------
+ ldap_create_sort_control
+
+ Create and encode the server-side sort control.
+
+ ld (IN) An LDAP session handle, as obtained from a call to
+ ldap_init().
+
+ keyList (IN) Points to a null-terminated array of pointers to
+ LDAPSortKey structures, containing a description of
+ each of the sort keys to be used. The description
+ consists of an attribute name, ascending/descending flag,
+ and an optional matching rule (OID) to use.
+
+ isCritical (IN) 0 - Indicates the control is not critical to the operation.
+ non-zero - The control is critical to the operation.
+
+ ctrlp (OUT) Returns a pointer to the LDAPControl created. This control
+ SHOULD be freed by calling ldap_control_free() when done.
+
+
+ Ber encoding
+
+ SortKeyList ::= SEQUENCE OF SEQUENCE {
+ attributeType AttributeDescription,
+ orderingRule [0] MatchingRuleId OPTIONAL,
+ reverseOrder [1] BOOLEAN DEFAULT FALSE }
+
+ ---------------------------------------------------------------------------*/
+
+int
+ldap_create_sort_control (
+ LDAP *ld,
+ LDAPSortKey **keyList,
+ int isCritical,
+ LDAPControl **ctrlp )
+{
+ int i;
+ BerElement *ber;
+ ber_tag_t tag;
+
+
+ if ( (ld == NULL) || (keyList == NULL) || (ctrlp == NULL) ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return(ld->ld_errno);
+ }
+
+ if ((ber = ldap_alloc_ber_with_options(ld)) == NULL) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return( ld->ld_errno );
+ }
+
+ tag = ber_printf(ber, "{" /*}*/);
+ if (tag == LBER_ERROR) goto exit;
+
+ for (i = 0; keyList[i] != NULL; i++) {
+ tag = ber_printf(ber, "{s" /*}*/, (keyList[i])->attributeType);
+ if (tag == LBER_ERROR) goto exit;
+
+ if ((keyList[i])->orderingRule != NULL) {
+ tag = ber_printf( ber, "ts",
+ LDAP_MATCHRULE_IDENTIFIER,
+ (keyList[i])->orderingRule );
+
+ if( tag == LBER_ERROR ) goto exit;
+ }
+
+ if ((keyList[i])->reverseOrder) {
+ tag = ber_printf(ber, "tb",
+ LDAP_REVERSEORDER_IDENTIFIER,
+ (keyList[i])->reverseOrder );
+
+ if( tag == LBER_ERROR ) goto exit;
+ }
+
+ tag = ber_printf(ber, /*{*/ "N}");
+ if( tag == LBER_ERROR ) goto exit;
+ }
+
+ tag = ber_printf(ber, /*{*/ "N}");
+ if( tag == LBER_ERROR ) goto exit;
+
+ ld->ld_errno = ldap_create_control( LDAP_CONTROL_SORTREQUEST,
+ ber, isCritical, ctrlp);
+
+ ber_free(ber, 1);
+
+ return(ld->ld_errno);
+
+exit:
+ ber_free(ber, 1);
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ return(ld->ld_errno);
+}
+
+
+/* ---------------------------------------------------------------------------
+ ldap_parse_sort_control
+
+ Decode the server-side sort control return information.
+
+ ld (IN) An LDAP session handle, as obtained from a call to
+ ldap_init().
+
+ ctrls (IN) The address of a NULL-terminated array of LDAPControl
+ structures, typically obtained by a call to
+ ldap_parse_result().
+
+ returnCode (OUT) This result parameter is filled in with the sort control
+ result code. This parameter MUST not be NULL.
+
+ attribute (OUT) If an error occured the server may return a string
+ indicating the first attribute in the sortkey list
+ that was in error. If a string is returned, the memory
+ should be freed with ldap_memfree. If this parameter is
+ NULL, no string is returned.
+
+
+ Ber encoding for sort control
+
+ SortResult ::= SEQUENCE {
+ sortResult ENUMERATED {
+ success (0), -- results are sorted
+ operationsError (1), -- server internal failure
+ timeLimitExceeded (3), -- timelimit reached before
+ -- sorting was completed
+ strongAuthRequired (8), -- refused to return sorted
+ -- results via insecure
+ -- protocol
+ adminLimitExceeded (11), -- too many matching entries
+ -- for the server to sort
+ noSuchAttribute (16), -- unrecognized attribute
+ -- type in sort key
+ inappropriateMatching (18), -- unrecognized or inappro-
+ -- priate matching rule in
+ -- sort key
+ insufficientAccessRights (50), -- refused to return sorted
+ -- results to this client
+ busy (51), -- too busy to process
+ unwillingToPerform (53), -- unable to sort
+ other (80)
+ },
+ attributeType [0] AttributeDescription OPTIONAL }
+ ---------------------------------------------------------------------------*/
+
+int
+ldap_parse_sort_control(
+ LDAP *ld,
+ LDAPControl **ctrls,
+ unsigned long *returnCode,
+ char **attribute )
+{
+ BerElement *ber;
+ LDAPControl *pControl;
+ int i;
+ ber_tag_t tag, berTag;
+ ber_len_t berLen;
+
+ if (ld == NULL) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return(ld->ld_errno);
+ }
+
+ if (ctrls == NULL) {
+ ld->ld_errno = LDAP_CONTROL_NOT_FOUND;
+ return(ld->ld_errno);
+ }
+
+ if (attribute) {
+ *attribute = NULL;
+ }
+
+ /* Search the list of control responses for a sort control. */
+ for (i=0; ctrls[i]; i++) {
+ pControl = ctrls[i];
+ if (!strcmp(LDAP_CONTROL_SORTRESPONSE, pControl->ldctl_oid))
+ goto foundSortControl;
+ }
+
+ /* No sort control was found. */
+ ld->ld_errno = LDAP_CONTROL_NOT_FOUND;
+ return(ld->ld_errno);
+
+foundSortControl:
+ /* Create a BerElement from the berval returned in the control. */
+ ber = ber_init(&pControl->ldctl_value);
+
+ if (ber == NULL) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return(ld->ld_errno);
+ }
+
+ /* Extract the result code from the control. */
+ tag = ber_scanf(ber, "{e" /*}*/, returnCode);
+
+ if( tag == LBER_ERROR ) {
+ ber_free(ber, 1);
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return(ld->ld_errno);
+ }
+
+ /* If caller wants the attribute name, and if it's present in the control,
+ extract the attribute name which caused the error. */
+ if (attribute && (LDAP_ATTRTYPES_IDENTIFIER == ber_peek_tag(ber, &berLen)))
+ {
+ tag = ber_scanf(ber, "ta", &berTag, attribute);
+
+ if (tag == LBER_ERROR ) {
+ ber_free(ber, 1);
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return(ld->ld_errno);
+ }
+ }
+
+ ber_free(ber,1);
+
+ ld->ld_errno = LDAP_SUCCESS;
+ return(ld->ld_errno);
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/string.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/string.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/string.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,177 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/string.c,v 1.20.2.4 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * Locale-specific 1-byte character versions
+ * See utf-8.c for UTF-8 versions
+ */
+
+#include "portable.h"
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/ctype.h>
+
+#include "ldap-int.h"
+
+
+#if defined ( HAVE_STRSPN )
+#define int_strspn strspn
+#else
+static int int_strspn( const char *str, const char *delim )
+{
+ int pos;
+ const char *p=delim;
+
+ for( pos=0; (*str) ; pos++,str++) {
+ if (*str!=*p) {
+ for( p=delim; (*p) ; p++ ) {
+ if (*str==*p) {
+ break;
+ }
+ }
+ }
+
+ if (*p=='\0') {
+ return pos;
+ }
+ }
+ return pos;
+}
+#endif
+
+#if defined( HAVE_STRPBRK )
+#define int_strpbrk strpbrk
+#else
+static char *(int_strpbrk)( const char *str, const char *accept )
+{
+ const char *p;
+
+ for( ; (*str) ; str++ ) {
+ for( p=accept; (*p) ; p++) {
+ if (*str==*p) {
+ return str;
+ }
+ }
+ }
+
+ return NULL;
+}
+#endif
+
+char *(ldap_pvt_strtok)( char *str, const char *delim, char **pos )
+{
+ char *p;
+
+ if (pos==NULL) {
+ return NULL;
+ }
+
+ if (str==NULL) {
+ if (*pos==NULL) {
+ return NULL;
+ }
+
+ str=*pos;
+ }
+
+ /* skip any initial delimiters */
+ str += int_strspn( str, delim );
+ if (*str == '\0') {
+ return NULL;
+ }
+
+ p = int_strpbrk( str, delim );
+ if (p==NULL) {
+ *pos = NULL;
+
+ } else {
+ *p ='\0';
+ *pos = p+1;
+ }
+
+ return str;
+}
+
+char *
+ldap_pvt_str2upper( char *str )
+{
+ char *s;
+
+ /* to upper */
+ if ( str ) {
+ for ( s = str; *s; s++ ) {
+ *s = TOUPPER( (unsigned char) *s );
+ }
+ }
+
+ return( str );
+}
+
+struct berval *
+ldap_pvt_str2upperbv( char *str, struct berval *bv )
+{
+ char *s = NULL;
+
+ assert( bv != NULL );
+
+ /* to upper */
+ if ( str ) {
+ for ( s = str; *s; s++ ) {
+ *s = TOUPPER( (unsigned char) *s );
+ }
+ }
+
+ bv->bv_val = str;
+ bv->bv_len = (ber_len_t)(s - str);
+
+ return( bv );
+}
+
+char *
+ldap_pvt_str2lower( char *str )
+{
+ char *s;
+
+ /* to lower */
+ if ( str ) {
+ for ( s = str; *s; s++ ) {
+ *s = TOLOWER( (unsigned char) *s );
+ }
+ }
+
+ return( str );
+}
+
+struct berval *
+ldap_pvt_str2lowerbv( char *str, struct berval *bv )
+{
+ char *s = NULL;
+
+ assert( bv != NULL );
+
+ /* to lower */
+ if ( str ) {
+ for ( s = str; *s; s++ ) {
+ *s = TOLOWER( (unsigned char) *s );
+ }
+ }
+
+ bv->bv_val = str;
+ bv->bv_len = (ber_len_t)(s - str);
+
+ return( bv );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/t61.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/t61.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/t61.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,690 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/t61.c,v 1.7.2.3 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2002-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion in
+ * OpenLDAP Software.
+ */
+
+/*
+ * Basic T.61 <-> UTF-8 conversion
+ *
+ * These routines will perform a lossless translation from T.61 to UTF-8
+ * and a lossy translation from UTF-8 to T.61.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+#include "ldap_utf8.h"
+
+#include "ldap_defaults.h"
+
+/*
+ * T.61 is somewhat braindead; even in the 7-bit space it is not
+ * completely equivalent to 7-bit US-ASCII. Our definition of the
+ * character set comes from RFC 1345 with a slightly more readable
+ * rendition at http://std.dkuug.dk/i18n/charmaps/T.61-8BIT.
+ *
+ * Even though '#' and '$' are present in the 7-bit US-ASCII space,
+ * (x23 and x24, resp.) in T.61 they are mapped to 8-bit characters
+ * xA6 and xA4.
+ *
+ * Also T.61 lacks
+ * backslash \ (x5C)
+ * caret ^ (x5E)
+ * backquote ` (x60)
+ * left brace { (x7B)
+ * right brace } (x7D)
+ * tilde ~ (x7E)
+ *
+ * In T.61, the codes xC1 to xCF (excluding xC9, unused) are non-spacing
+ * accents of some form or another. There are predefined combinations
+ * for certain characters, but they can also be used arbitrarily. The
+ * table at dkuug.dk maps these accents to the E000 "private use" range
+ * of the Unicode space, but I believe they more properly belong in the
+ * 0300 range (non-spacing accents). The transformation is complicated
+ * slightly because Unicode wants the non-spacing character to follow
+ * the base character, while T.61 has the non-spacing character leading.
+ * Also, T.61 specifically recognizes certain combined pairs as "characters"
+ * but doesn't specify how to treat unrecognized pairs. This code will
+ * always attempt to combine pairs when a known Unicode composite exists.
+ */
+
+static const wchar_t t61_tab[] = {
+ 0x000, 0x001, 0x002, 0x003, 0x004, 0x005, 0x006, 0x007,
+ 0x008, 0x009, 0x00a, 0x00b, 0x00c, 0x00d, 0x00e, 0x00f,
+ 0x010, 0x011, 0x012, 0x013, 0x014, 0x015, 0x016, 0x017,
+ 0x018, 0x019, 0x01a, 0x01b, 0x01c, 0x01d, 0x01e, 0x01f,
+ 0x020, 0x021, 0x022, 0x000, 0x000, 0x025, 0x026, 0x027,
+ 0x028, 0x029, 0x02a, 0x02b, 0x02c, 0x02d, 0x02e, 0x02f,
+ 0x030, 0x031, 0x032, 0x033, 0x034, 0x035, 0x036, 0x037,
+ 0x038, 0x039, 0x03a, 0x03b, 0x03c, 0x03d, 0x03e, 0x03f,
+ 0x040, 0x041, 0x042, 0x043, 0x044, 0x045, 0x046, 0x047,
+ 0x048, 0x049, 0x04a, 0x04b, 0x04c, 0x04d, 0x04e, 0x04f,
+ 0x050, 0x051, 0x052, 0x053, 0x054, 0x055, 0x056, 0x057,
+ 0x058, 0x059, 0x05a, 0x05b, 0x000, 0x05d, 0x000, 0x05f,
+ 0x000, 0x061, 0x062, 0x063, 0x064, 0x065, 0x066, 0x067,
+ 0x068, 0x069, 0x06a, 0x06b, 0x06c, 0x06d, 0x06e, 0x06f,
+ 0x070, 0x071, 0x072, 0x073, 0x074, 0x075, 0x076, 0x077,
+ 0x078, 0x079, 0x07a, 0x000, 0x07c, 0x000, 0x000, 0x07f,
+ 0x080, 0x081, 0x082, 0x083, 0x084, 0x085, 0x086, 0x087,
+ 0x088, 0x089, 0x08a, 0x08b, 0x08c, 0x08d, 0x08e, 0x08f,
+ 0x090, 0x091, 0x092, 0x093, 0x094, 0x095, 0x096, 0x097,
+ 0x098, 0x099, 0x09a, 0x09b, 0x09c, 0x09d, 0x09e, 0x09f,
+ 0x0a0, 0x0a1, 0x0a2, 0x0a3, 0x024, 0x0a5, 0x023, 0x0a7,
+ 0x0a4, 0x000, 0x000, 0x0ab, 0x000, 0x000, 0x000, 0x000,
+ 0x0b0, 0x0b1, 0x0b2, 0x0b3, 0x0d7, 0x0b5, 0x0b6, 0x0b7,
+ 0x0f7, 0x000, 0x000, 0x0bb, 0x0bc, 0x0bd, 0x0be, 0x0bf,
+ 0x000, 0x300, 0x301, 0x302, 0x303, 0x304, 0x306, 0x307,
+ 0x308, 0x000, 0x30a, 0x327, 0x332, 0x30b, 0x328, 0x30c,
+ 0x000, 0x000, 0x000, 0x000, 0x000, 0x000, 0x000, 0x000,
+ 0x000, 0x000, 0x000, 0x000, 0x000, 0x000, 0x000, 0x000,
+ 0x2126, 0xc6, 0x0d0, 0x0aa, 0x126, 0x000, 0x132, 0x13f,
+ 0x141, 0x0d8, 0x152, 0x0ba, 0x0de, 0x166, 0x14a, 0x149,
+ 0x138, 0x0e6, 0x111, 0x0f0, 0x127, 0x131, 0x133, 0x140,
+ 0x142, 0x0f8, 0x153, 0x0df, 0x0fe, 0x167, 0x14b, 0x000
+};
+
+typedef wchar_t wvec16[16];
+typedef wchar_t wvec32[32];
+typedef wchar_t wvec64[64];
+
+/* Substitutions when 0xc1-0xcf appears by itself or with space 0x20 */
+static const wvec16 accents = {
+ 0x000, 0x060, 0x0b4, 0x05e, 0x07e, 0x0af, 0x2d8, 0x2d9,
+ 0x0a8, 0x000, 0x2da, 0x0b8, 0x000, 0x2dd, 0x2db, 0x2c7};
+
+/* In the following tables, base characters commented in (parentheses)
+ * are not defined by T.61 but are mapped anyway since their Unicode
+ * composite exists.
+ */
+
+/* Grave accented chars AEIOU (NWY) */
+static const wvec32 c1_vec1 = {
+ /* Upper case */
+ 0, 0xc0, 0, 0, 0, 0xc8, 0, 0, 0, 0xcc, 0, 0, 0, 0, 0x1f8, 0xd2,
+ 0, 0, 0, 0, 0, 0xd9, 0, 0x1e80, 0, 0x1ef2, 0, 0, 0, 0, 0, 0};
+static const wvec32 c1_vec2 = {
+ /* Lower case */
+ 0, 0xe0, 0, 0, 0, 0xe8, 0, 0, 0, 0xec, 0, 0, 0, 0, 0x1f9, 0xf2,
+ 0, 0, 0, 0, 0, 0xf9, 0, 0x1e81, 0, 0x1ef3, 0, 0, 0, 0, 0, 0};
+
+static const wvec32 *c1_grave[] = {
+ NULL, NULL, &c1_vec1, &c1_vec2, NULL, NULL, NULL, NULL
+};
+
+/* Acute accented chars AEIOUYCLNRSZ (GKMPW) */
+static const wvec32 c2_vec1 = {
+ /* Upper case */
+ 0, 0xc1, 0, 0x106, 0, 0xc9, 0, 0x1f4,
+ 0, 0xcd, 0, 0x1e30, 0x139, 0x1e3e, 0x143, 0xd3,
+ 0x1e54, 0, 0x154, 0x15a, 0, 0xda, 0, 0x1e82,
+ 0, 0xdd, 0x179, 0, 0, 0, 0, 0};
+static const wvec32 c2_vec2 = {
+ /* Lower case */
+ 0, 0xe1, 0, 0x107, 0, 0xe9, 0, 0x1f5,
+ 0, 0xed, 0, 0x1e31, 0x13a, 0x1e3f, 0x144, 0xf3,
+ 0x1e55, 0, 0x155, 0x15b, 0, 0xfa, 0, 0x1e83,
+ 0, 0xfd, 0x17a, 0, 0, 0, 0, 0};
+static const wvec32 c2_vec3 = {
+ /* (AE and ae) */
+ 0, 0x1fc, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0x1fd, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+
+static const wvec32 *c2_acute[] = {
+ NULL, NULL, &c2_vec1, &c2_vec2, NULL, NULL, NULL, &c2_vec3
+};
+
+/* Circumflex AEIOUYCGHJSW (Z) */
+static const wvec32 c3_vec1 = {
+ /* Upper case */
+ 0, 0xc2, 0, 0x108, 0, 0xca, 0, 0x11c,
+ 0x124, 0xce, 0x134, 0, 0, 0, 0, 0xd4,
+ 0, 0, 0, 0x15c, 0, 0xdb, 0, 0x174,
+ 0, 0x176, 0x1e90, 0, 0, 0, 0, 0};
+static const wvec32 c3_vec2 = {
+ /* Lower case */
+ 0, 0xe2, 0, 0x109, 0, 0xea, 0, 0x11d,
+ 0x125, 0xee, 0x135, 0, 0, 0, 0, 0xf4,
+ 0, 0, 0, 0x15d, 0, 0xfb, 0, 0x175,
+ 0, 0x177, 0x1e91, 0, 0, 0, 0, 0};
+static const wvec32 *c3_circumflex[] = {
+ NULL, NULL, &c3_vec1, &c3_vec2, NULL, NULL, NULL, NULL
+};
+
+/* Tilde AIOUN (EVY) */
+static const wvec32 c4_vec1 = {
+ /* Upper case */
+ 0, 0xc3, 0, 0, 0, 0x1ebc, 0, 0, 0, 0x128, 0, 0, 0, 0, 0xd1, 0xd5,
+ 0, 0, 0, 0, 0, 0x168, 0x1e7c, 0, 0, 0x1ef8, 0, 0, 0, 0, 0, 0};
+static const wvec32 c4_vec2 = {
+ /* Lower case */
+ 0, 0xe3, 0, 0, 0, 0x1ebd, 0, 0, 0, 0x129, 0, 0, 0, 0, 0xf1, 0xf5,
+ 0, 0, 0, 0, 0, 0x169, 0x1e7d, 0, 0, 0x1ef9, 0, 0, 0, 0, 0, 0};
+static const wvec32 *c4_tilde[] = {
+ NULL, NULL, &c4_vec1, &c4_vec2, NULL, NULL, NULL, NULL
+};
+
+/* Macron AEIOU (YG) */
+static const wvec32 c5_vec1 = {
+ /* Upper case */
+ 0, 0x100, 0, 0, 0, 0x112, 0, 0x1e20, 0, 0x12a, 0, 0, 0, 0, 0, 0x14c,
+ 0, 0, 0, 0, 0, 0x16a, 0, 0, 0, 0x232, 0, 0, 0, 0, 0, 0};
+static const wvec32 c5_vec2 = {
+ /* Lower case */
+ 0, 0x101, 0, 0, 0, 0x113, 0, 0x1e21, 0, 0x12b, 0, 0, 0, 0, 0, 0x14d,
+ 0, 0, 0, 0, 0, 0x16b, 0, 0, 0, 0x233, 0, 0, 0, 0, 0, 0};
+static const wvec32 c5_vec3 = {
+ /* (AE and ae) */
+ 0, 0x1e2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0x1e3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+static const wvec32 *c5_macron[] = {
+ NULL, NULL, &c5_vec1, &c5_vec2, NULL, NULL, NULL, &c5_vec3
+};
+
+/* Breve AUG (EIO) */
+static const wvec32 c6_vec1 = {
+ /* Upper case */
+ 0, 0x102, 0, 0, 0, 0x114, 0, 0x11e, 0, 0x12c, 0, 0, 0, 0, 0, 0x14e,
+ 0, 0, 0, 0, 0, 0x16c, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+static const wvec32 c6_vec2 = {
+ /* Lower case */
+ 0, 0x103, 0, 0, 0, 0x115, 0, 0x11f, 0, 0x12d, 0, 0, 0, 0, 0, 0x14f,
+ 0, 0, 0, 0, 0, 0x16d, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+static const wvec32 *c6_breve[] = {
+ NULL, NULL, &c6_vec1, &c6_vec2, NULL, NULL, NULL, NULL
+};
+
+/* Dot Above CEGIZ (AOBDFHMNPRSTWXY) */
+static const wvec32 c7_vec1 = {
+ /* Upper case */
+ 0, 0x226, 0x1e02, 0x10a, 0x1e0a, 0x116, 0x1e1e, 0x120,
+ 0x1e22, 0x130, 0, 0, 0, 0x1e40, 0x1e44, 0x22e,
+ 0x1e56, 0, 0x1e58, 0x1e60, 0x1e6a, 0, 0, 0x1e86,
+ 0x1e8a, 0x1e8e, 0x17b, 0, 0, 0, 0, 0};
+static const wvec32 c7_vec2 = {
+ /* Lower case */
+ 0, 0x227, 0x1e03, 0x10b, 0x1e0b, 0x117, 0x1e1f, 0x121,
+ 0x1e23, 0, 0, 0, 0, 0x1e41, 0x1e45, 0x22f,
+ 0x1e57, 0, 0x1e59, 0x1e61, 0x1e6b, 0, 0, 0x1e87,
+ 0x1e8b, 0x1e8f, 0x17c, 0, 0, 0, 0, 0};
+static const wvec32 *c7_dotabove[] = {
+ NULL, NULL, &c7_vec1, &c7_vec2, NULL, NULL, NULL, NULL
+};
+
+/* Diaeresis AEIOUY (HWXt) */
+static const wvec32 c8_vec1 = {
+ /* Upper case */
+ 0, 0xc4, 0, 0, 0, 0xcb, 0, 0, 0x1e26, 0xcf, 0, 0, 0, 0, 0, 0xd6,
+ 0, 0, 0, 0, 0, 0xdc, 0, 0x1e84, 0x1e8c, 0x178, 0, 0, 0, 0, 0, 0};
+static const wvec32 c8_vec2 = {
+ /* Lower case */
+ 0, 0xe4, 0, 0, 0, 0xeb, 0, 0, 0x1e27, 0xef, 0, 0, 0, 0, 0, 0xf6,
+ 0, 0, 0, 0, 0x1e97, 0xfc, 0, 0x1e85, 0x1e8d, 0xff, 0, 0, 0, 0, 0, 0};
+static const wvec32 *c8_diaeresis[] = {
+ NULL, NULL, &c8_vec1, &c8_vec2, NULL, NULL, NULL, NULL
+};
+
+/* Ring Above AU (wy) */
+static const wvec32 ca_vec1 = {
+ /* Upper case */
+ 0, 0xc5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0x16e, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+static const wvec32 ca_vec2 = {
+ /* Lower case */
+ 0, 0xe5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0x16f, 0, 0x1e98, 0, 0x1e99, 0, 0, 0, 0, 0, 0};
+static const wvec32 *ca_ringabove[] = {
+ NULL, NULL, &ca_vec1, &ca_vec2, NULL, NULL, NULL, NULL
+};
+
+/* Cedilla CGKLNRST (EDH) */
+static const wvec32 cb_vec1 = {
+ /* Upper case */
+ 0, 0, 0, 0xc7, 0x1e10, 0x228, 0, 0x122,
+ 0x1e28, 0, 0, 0x136, 0x13b, 0, 0x145, 0,
+ 0, 0, 0x156, 0x15e, 0x162, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+static const wvec32 cb_vec2 = {
+ /* Lower case */
+ 0, 0, 0, 0xe7, 0x1e11, 0x229, 0, 0x123,
+ 0x1e29, 0, 0, 0x137, 0x13c, 0, 0x146, 0,
+ 0, 0, 0x157, 0x15f, 0x163, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+static const wvec32 *cb_cedilla[] = {
+ NULL, NULL, &cb_vec1, &cb_vec2, NULL, NULL, NULL, NULL
+};
+
+/* Double Acute Accent OU */
+static const wvec32 cd_vec1 = {
+ /* Upper case */
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x150,
+ 0, 0, 0, 0, 0, 0x170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+static const wvec32 cd_vec2 = {
+ /* Lower case */
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x151,
+ 0, 0, 0, 0, 0, 0x171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+static const wvec32 *cd_doubleacute[] = {
+ NULL, NULL, &cd_vec1, &cd_vec2, NULL, NULL, NULL, NULL
+};
+
+/* Ogonek AEIU (O) */
+static const wvec32 ce_vec1 = {
+ /* Upper case */
+ 0, 0x104, 0, 0, 0, 0x118, 0, 0, 0, 0x12e, 0, 0, 0, 0, 0, 0x1ea,
+ 0, 0, 0, 0, 0, 0x172, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+static const wvec32 ce_vec2 = {
+ /* Lower case */
+ 0, 0x105, 0, 0, 0, 0x119, 0, 0, 0, 0x12f, 0, 0, 0, 0, 0, 0x1eb,
+ 0, 0, 0, 0, 0, 0x173, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+static const wvec32 *ce_ogonek[] = {
+ NULL, NULL, &ce_vec1, &ce_vec2, NULL, NULL, NULL, NULL
+};
+
+/* Caron CDELNRSTZ (AIOUGKjH) */
+static const wvec32 cf_vec1 = {
+ /* Upper case */
+ 0, 0x1cd, 0, 0x10c, 0x10e, 0x11a, 0, 0x1e6,
+ 0x21e, 0x1cf, 0, 0x1e8, 0x13d, 0, 0x147, 0x1d1,
+ 0, 0, 0x158, 0x160, 0x164, 0x1d3, 0, 0,
+ 0, 0, 0x17d, 0, 0, 0, 0, 0};
+static const wvec32 cf_vec2 = {
+ /* Lower case */
+ 0, 0x1ce, 0, 0x10d, 0x10f, 0x11b, 0, 0x1e7,
+ 0x21f, 0x1d0, 0x1f0, 0x1e9, 0x13e, 0, 0x148, 0x1d2,
+ 0, 0, 0x159, 0x161, 0x165, 0x1d4, 0, 0,
+ 0, 0, 0x17e, 0, 0, 0, 0, 0};
+static const wvec32 *cf_caron[] = {
+ NULL, NULL, &cf_vec1, &cf_vec2, NULL, NULL, NULL, NULL
+};
+
+static const wvec32 **cx_tab[] = {
+ NULL, c1_grave, c2_acute, c3_circumflex, c4_tilde, c5_macron,
+ c6_breve, c7_dotabove, c8_diaeresis, NULL, ca_ringabove,
+ cb_cedilla, NULL, cd_doubleacute, ce_ogonek, cf_caron };
+
+int ldap_t61s_valid( struct berval *str )
+{
+ unsigned char *c = (unsigned char *)str->bv_val;
+ int i;
+
+ for (i=0; i < str->bv_len; c++,i++)
+ if (!t61_tab[*c])
+ return 0;
+ return 1;
+}
+
+/* Transform a T.61 string to UTF-8.
+ */
+int ldap_t61s_to_utf8s( struct berval *src, struct berval *dst )
+{
+ unsigned char *c;
+ char *d;
+ int i, wlen = 0;
+
+ /* Just count the length of the UTF-8 result first */
+ for (i=0,c=(unsigned char *)src->bv_val; i < src->bv_len; c++,i++) {
+ /* Invalid T.61 characters? */
+ if (!t61_tab[*c])
+ return LDAP_INVALID_SYNTAX;
+ if ((*c & 0xf0) == 0xc0) {
+ int j = *c & 0x0f;
+ /* If this is the end of the string, or if the base
+ * character is just a space, treat this as a regular
+ * spacing character.
+ */
+ if ((!c[1] || c[1] == 0x20) && accents[j]) {
+ wlen += ldap_x_wc_to_utf8(NULL, accents[j], 0);
+ } else if (cx_tab[j] && cx_tab[j][c[1]>>5] &&
+ /* We have a composite mapping for this pair */
+ (*cx_tab[j][c[1]>>5])[c[1]&0x1f]) {
+ wlen += ldap_x_wc_to_utf8( NULL,
+ (*cx_tab[j][c[1]>>5])[c[1]&0x1f], 0);
+ } else {
+ /* No mapping, just swap it around so the base
+ * character comes first.
+ */
+ wlen += ldap_x_wc_to_utf8(NULL, c[1], 0);
+ wlen += ldap_x_wc_to_utf8(NULL,
+ t61_tab[*c], 0);
+ }
+ c++; i++;
+ continue;
+ } else {
+ wlen += ldap_x_wc_to_utf8(NULL, t61_tab[*c], 0);
+ }
+ }
+
+ /* Now transform the string */
+ dst->bv_len = wlen;
+ dst->bv_val = LDAP_MALLOC( wlen+1 );
+ d = dst->bv_val;
+ if (!d)
+ return LDAP_NO_MEMORY;
+
+ for (i=0,c=(unsigned char *)src->bv_val; i < src->bv_len; c++,i++) {
+ if ((*c & 0xf0) == 0xc0) {
+ int j = *c & 0x0f;
+ /* If this is the end of the string, or if the base
+ * character is just a space, treat this as a regular
+ * spacing character.
+ */
+ if ((!c[1] || c[1] == 0x20) && accents[j]) {
+ d += ldap_x_wc_to_utf8(d, accents[j], 6);
+ } else if (cx_tab[j] && cx_tab[j][c[1]>>5] &&
+ /* We have a composite mapping for this pair */
+ (*cx_tab[j][c[1]>>5])[c[1]&0x1f]) {
+ d += ldap_x_wc_to_utf8(d,
+ (*cx_tab[j][c[1]>>5])[c[1]&0x1f], 6);
+ } else {
+ /* No mapping, just swap it around so the base
+ * character comes first.
+ */
+ d += ldap_x_wc_to_utf8(d, c[1], 6);
+ d += ldap_x_wc_to_utf8(d, t61_tab[*c], 6);
+ }
+ c++; i++;
+ continue;
+ } else {
+ d += ldap_x_wc_to_utf8(d, t61_tab[*c], 6);
+ }
+ }
+ *d = '\0';
+ return LDAP_SUCCESS;
+}
+
+/* For the reverse mapping, we just pay attention to the Latin-oriented
+ * code blocks. These are
+ * 0000 - 007f Basic Latin
+ * 0080 - 00ff Latin-1 Supplement
+ * 0100 - 017f Latin Extended-A
+ * 0180 - 024f Latin Extended-B
+ * 1e00 - 1eff Latin Extended Additional
+ *
+ * We have a special case to map Ohm U2126 back to T.61 0xe0. All other
+ * unrecognized characters are replaced with '?' 0x3f.
+ */
+
+static const wvec64 u000 = {
+ 0x0000, 0x0001, 0x0002, 0x0003, 0x0004, 0x0005, 0x0006, 0x0007,
+ 0x0008, 0x0009, 0x000a, 0x000b, 0x000c, 0x000d, 0x000e, 0x000f,
+ 0x0010, 0x0011, 0x0012, 0x0013, 0x0014, 0x0015, 0x0016, 0x0017,
+ 0x0018, 0x0019, 0x001a, 0x001b, 0x001c, 0x001d, 0x001e, 0x001f,
+ 0x0020, 0x0021, 0x0022, 0x00a6, 0x00a4, 0x0025, 0x0026, 0x0027,
+ 0x0028, 0x0029, 0x002a, 0x002b, 0x002c, 0x002d, 0x002e, 0x002f,
+ 0x0030, 0x0031, 0x0032, 0x0033, 0x0034, 0x0035, 0x0036, 0x0037,
+ 0x0038, 0x0039, 0x003a, 0x003b, 0x003c, 0x003d, 0x003e, 0x003f};
+
+/* In this range, we've mapped caret to xc3/x20, backquote to xc1/x20,
+ * and tilde to xc4/x20. T.61 (stupidly!) doesn't define these characters
+ * on their own, even though it provides them as combiners for other
+ * letters. T.61 doesn't define these pairings either, so this may just
+ * have to be replaced with '?' 0x3f if other software can't cope with it.
+ */
+static const wvec64 u001 = {
+ 0x0040, 0x0041, 0x0042, 0x0043, 0x0044, 0x0045, 0x0046, 0x0047,
+ 0x0048, 0x0049, 0x004a, 0x004b, 0x004c, 0x004d, 0x004e, 0x004f,
+ 0x0050, 0x0051, 0x0052, 0x0053, 0x0054, 0x0055, 0x0056, 0x0057,
+ 0x0058, 0x0059, 0x005a, 0x005b, 0x003f, 0x005d, 0xc320, 0x005f,
+ 0xc120, 0x0061, 0x0062, 0x0063, 0x0064, 0x0065, 0x0066, 0x0067,
+ 0x0068, 0x0069, 0x006a, 0x006b, 0x006c, 0x006d, 0x006e, 0x006f,
+ 0x0070, 0x0071, 0x0072, 0x0073, 0x0074, 0x0075, 0x0076, 0x0077,
+ 0x0078, 0x0079, 0x007a, 0x003f, 0x007c, 0x003f, 0xc420, 0x007f};
+
+static const wvec64 u002 = {
+ 0x0080, 0x0081, 0x0082, 0x0083, 0x0084, 0x0085, 0x0086, 0x0087,
+ 0x0088, 0x0089, 0x008a, 0x008b, 0x008c, 0x008d, 0x008e, 0x008f,
+ 0x0090, 0x0091, 0x0092, 0x0093, 0x0094, 0x0095, 0x0096, 0x0097,
+ 0x0098, 0x0099, 0x009a, 0x009b, 0x009c, 0x009d, 0x009e, 0x009f,
+ 0x00a0, 0x00a1, 0x00a2, 0x00a3, 0x00a8, 0x00a5, 0x003f, 0x00a7,
+ 0xc820, 0x003f, 0x00e3, 0x00ab, 0x003f, 0x003f, 0x003f, 0xc520,
+ 0x00b0, 0x00b1, 0x00b2, 0x00b3, 0xc220, 0x00b5, 0x00b6, 0x00b7,
+ 0xcb20, 0x003f, 0x00eb, 0x00bb, 0x00bc, 0x00bd, 0x00be, 0x00bf};
+
+static const wvec64 u003 = {
+ 0xc141, 0xc241, 0xc341, 0xc441, 0xc841, 0xca41, 0x00e1, 0xcb43,
+ 0xc145, 0xc245, 0xc345, 0xc845, 0xc149, 0xc249, 0xc349, 0xc849,
+ 0x00e2, 0xc44e, 0xc14f, 0xc24f, 0xc34f, 0xc44f, 0xc84f, 0x00b4,
+ 0x00e9, 0xc155, 0xc255, 0xc355, 0xc855, 0xc259, 0x00ec, 0x00fb,
+ 0xc161, 0xc261, 0xc361, 0xc461, 0xc861, 0xca61, 0x00f1, 0xcb63,
+ 0xc165, 0xc265, 0xc365, 0xc865, 0xc169, 0xc269, 0xc369, 0xc869,
+ 0x00f3, 0xc46e, 0xc16f, 0xc26f, 0xc36f, 0xc46f, 0xc86f, 0x00b8,
+ 0x00f9, 0xc175, 0xc275, 0xc375, 0xc875, 0xc279, 0x00fc, 0xc879};
+
+/* These codes are used here but not defined by T.61:
+ * x114 = xc6/x45, x115 = xc6/x65, x12c = xc6/x49, x12d = xc6/x69
+ */
+static const wvec64 u010 = {
+ 0xc541, 0xc561, 0xc641, 0xc661, 0xce41, 0xce61, 0xc243, 0xc263,
+ 0xc343, 0xc363, 0xc743, 0xc763, 0xcf43, 0xcf63, 0xcf44, 0xcf64,
+ 0x003f, 0x00f2, 0xc545, 0xc565, 0xc645, 0xc665, 0xc745, 0xc765,
+ 0xce45, 0xce65, 0xcf45, 0xcf65, 0xc347, 0xc367, 0xc647, 0xc667,
+ 0xc747, 0xc767, 0xcb47, 0xcb67, 0xc348, 0xc368, 0x00e4, 0x00f4,
+ 0xc449, 0xc469, 0xc549, 0xc569, 0xc649, 0xc669, 0xce49, 0xce69,
+ 0xc749, 0x00f5, 0x00e6, 0x00f6, 0xc34a, 0xc36a, 0xcb4b, 0xcb6b,
+ 0x00f0, 0xc24c, 0xc26c, 0xcb4c, 0xcb6c, 0xcf4c, 0xcf6c, 0x00e7};
+
+/* These codes are used here but not defined by T.61:
+ * x14e = xc6/x4f, x14f = xc6/x6f
+ */
+static const wvec64 u011 = {
+ 0x00f7, 0x00e8, 0x00f8, 0xc24e, 0xc26e, 0xcb4e, 0xcb6e, 0xcf4e,
+ 0xcf6e, 0x00ef, 0x00ee, 0x00fe, 0xc54f, 0xc56f, 0xc64f, 0xc66f,
+ 0xcd4f, 0xcd6f, 0x00ea, 0x00fa, 0xc252, 0xc272, 0xcb52, 0xcb72,
+ 0xcf52, 0xcf72, 0xc253, 0xc273, 0xc353, 0xc373, 0xcb53, 0xcb73,
+ 0xcf53, 0xcf73, 0xcb54, 0xcb74, 0xcf54, 0xcf74, 0x00ed, 0x00fd,
+ 0xc455, 0xc475, 0xc555, 0xc575, 0xc655, 0xc675, 0xca55, 0xca75,
+ 0xcd55, 0xcd75, 0xce55, 0xce75, 0xc357, 0xc377, 0xc359, 0xc379,
+ 0xc859, 0xc25a, 0xc27a, 0xc75a, 0xc77a, 0xcf5a, 0xcf7a, 0x003f};
+
+/* All of the codes in this block are undefined in T.61.
+ */
+static const wvec64 u013 = {
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0xcf41, 0xcf61, 0xcf49,
+ 0xcf69, 0xcf4f, 0xcf6f, 0xcf55, 0xcf75, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0xc5e1, 0xc5f1, 0x003f, 0x003f, 0xcf47, 0xcf67,
+ 0xcf4b, 0xcf6b, 0xce4f, 0xce6f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0xcf6a, 0x003f, 0x003f, 0x003f, 0xc247, 0xc267, 0x003f, 0x003f,
+ 0xc14e, 0xc16e, 0x003f, 0x003f, 0xc2e1, 0xc2f1, 0x003f, 0x003f};
+
+/* All of the codes in this block are undefined in T.61.
+ */
+static const wvec64 u020 = {
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0xcf48, 0xcf68,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0xc741, 0xc761,
+ 0xcb45, 0xcb65, 0x003f, 0x003f, 0x003f, 0x003f, 0xc74f, 0xc76f,
+ 0x003f, 0x003f, 0xc559, 0xc579, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f};
+
+static const wvec64 u023 = {
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0xcf20,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0xc620, 0xc720, 0xca20, 0xce20, 0x003f, 0xcd20, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f};
+
+/* These are the non-spacing characters by themselves. They should
+ * never appear by themselves in actual text.
+ */
+static const wvec64 u030 = {
+ 0x00c1, 0x00c2, 0x00c3, 0x00c4, 0x00c5, 0x003f, 0x00c6, 0x00c7,
+ 0x00c8, 0x003f, 0x00ca, 0x00cd, 0x00cf, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x00cb,
+ 0x00ce, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x00cc, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f};
+
+/* None of the following blocks are defined in T.61.
+ */
+static const wvec64 u1e0 = {
+ 0x003f, 0x003f, 0xc742, 0xc762, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0xc744, 0xc764, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0xcb44, 0xcb64, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0xc746, 0xc766,
+ 0xc547, 0xc567, 0xc748, 0xc768, 0x003f, 0x003f, 0xc848, 0xc868,
+ 0xcb48, 0xcb68, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0xc24b, 0xc26b, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0xc24d, 0xc26d,
+};
+
+static const wvec64 u1e1 = {
+ 0xc74d, 0xc76d, 0x003f, 0x003f, 0xc74e, 0xc76e, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0xc250, 0xc270, 0xc750, 0xc770,
+ 0xc752, 0xc772, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0xc753, 0xc773, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0xc754, 0xc774, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0xc456, 0xc476, 0x003f, 0x003f,
+};
+
+static const wvec64 u1e2 = {
+ 0xc157, 0xc177, 0xc257, 0xc277, 0xc857, 0xc877, 0xc757, 0xc777,
+ 0x003f, 0x003f, 0xc758, 0xc778, 0xc858, 0xc878, 0xc759, 0xc779,
+ 0xc35a, 0xc37a, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0xc874,
+ 0xca77, 0xca79, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0xc445, 0xc465, 0x003f, 0x003f,
+};
+
+static const wvec64 u1e3 = {
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0x003f, 0x003f, 0xc159, 0xc179, 0x003f, 0x003f, 0x003f, 0x003f,
+ 0xc459, 0xc479, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f, 0x003f,
+};
+
+static const wvec64 *wc00[] = {
+ &u000, &u001, &u002, &u003,
+ &u010, &u011, NULL, &u013,
+ &u020, NULL, NULL, &u023,
+ &u030, NULL, NULL, NULL};
+
+static const wvec64 *wc1e[] = {
+ &u1e0, &u1e1, &u1e2, &u1e3};
+
+
+int ldap_utf8s_to_t61s( struct berval *src, struct berval *dst )
+{
+ char *c, *d;
+ wchar_t tmp;
+ int i, j, tlen = 0;
+
+ /* Just count the length of the T.61 result first */
+ for (i=0,c=src->bv_val; i < src->bv_len;) {
+ j = ldap_x_utf8_to_wc( &tmp, c );
+ if (j == -1)
+ return LDAP_INVALID_SYNTAX;
+ switch (tmp >> 8) {
+ case 0x00:
+ case 0x01:
+ case 0x02:
+ case 0x03:
+ if (wc00[tmp >> 6] &&
+ ((*wc00[tmp >> 6])[tmp & 0x3f] & 0xff00)) {
+ tlen++;
+ }
+ tlen++;
+ break;
+ case 0x1e:
+ if ((*wc1e[(tmp >> 6) & 3])[tmp & 0x3f] & 0xff00) {
+ tlen++;
+ }
+ case 0x21:
+ default:
+ tlen ++;
+ break;
+ }
+ i += j;
+ c += j;
+ }
+ dst->bv_len = tlen;
+ dst->bv_val = LDAP_MALLOC( tlen+1 );
+ if (!dst->bv_val)
+ return LDAP_NO_MEMORY;
+
+ d = dst->bv_val;
+ for (i=0,c=src->bv_val; i < src->bv_len;) {
+ j = ldap_x_utf8_to_wc( &tmp, c );
+ switch (tmp >> 8) {
+ case 0x00:
+ case 0x01:
+ case 0x02:
+ if (wc00[tmp >> 6]) {
+ tmp = (*wc00[tmp >> 6])[tmp & 0x3f];
+ if (tmp & 0xff00)
+ *d++ = (tmp >> 8);
+ *d++ = tmp & 0xff;
+ } else {
+ *d++ = 0x3f;
+ }
+ break;
+ case 0x03:
+ /* swap order of non-spacing characters */
+ if (wc00[tmp >> 6]) {
+ wchar_t t2 = (*wc00[tmp >> 6])[tmp & 0x3f];
+ if (t2 != 0x3f) {
+ d[0] = d[-1];
+ d[-1] = t2;
+ d++;
+ } else {
+ *d++ = 0x3f;
+ }
+ } else {
+ *d++ = 0x3f;
+ }
+ break;
+ case 0x1e:
+ tmp = (*wc1e[(tmp >> 6) & 3])[tmp & 0x3f];
+ if (tmp & 0xff00)
+ *d++ = (tmp >> 8);
+ *d++ = tmp & 0xff;
+ break;
+ case 0x21:
+ if (tmp == 0x2126) {
+ *d++ = 0xe0;
+ break;
+ }
+ /* FALLTHRU */
+ default:
+ *d++ = 0x3f;
+ break;
+ }
+ }
+ *d = '\0';
+ return LDAP_SUCCESS;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/test.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/test.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/test.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,832 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/test.c,v 1.50.2.7 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include <sys/stat.h>
+
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif
+
+#include <fcntl.h>
+
+/* including the "internal" defs is legit and nec. since this test routine has
+ * a-priori knowledge of libldap internal workings.
+ * hodges at stanford.edu 5-Feb-96
+ */
+#include "ldap-int.h"
+
+/* local functions */
+static char *get_line LDAP_P(( char *line, int len, FILE *fp, const char *prompt ));
+static char **get_list LDAP_P(( const char *prompt ));
+static int file_read LDAP_P(( const char *path, struct berval *bv ));
+static LDAPMod **get_modlist LDAP_P(( const char *prompt1,
+ const char *prompt2, const char *prompt3 ));
+static void handle_result LDAP_P(( LDAP *ld, LDAPMessage *lm ));
+static void print_ldap_result LDAP_P(( LDAP *ld, LDAPMessage *lm,
+ const char *s ));
+static void print_search_entry LDAP_P(( LDAP *ld, LDAPMessage *res ));
+static void free_list LDAP_P(( char **list ));
+
+static char *dnsuffix;
+
+static char *
+get_line( char *line, int len, FILE *fp, const char *prompt )
+{
+ fputs(prompt, stdout);
+
+ if ( fgets( line, len, fp ) == NULL )
+ return( NULL );
+
+ line[ strlen( line ) - 1 ] = '\0';
+
+ return( line );
+}
+
+static char **
+get_list( const char *prompt )
+{
+ static char buf[256];
+ int num;
+ char **result;
+
+ num = 0;
+ result = (char **) 0;
+ while ( 1 ) {
+ get_line( buf, sizeof(buf), stdin, prompt );
+
+ if ( *buf == '\0' )
+ break;
+
+ if ( result == (char **) 0 )
+ result = (char **) malloc( sizeof(char *) );
+ else
+ result = (char **) realloc( result,
+ sizeof(char *) * (num + 1) );
+
+ result[num++] = (char *) strdup( buf );
+ }
+ if ( result == (char **) 0 )
+ return( NULL );
+ result = (char **) realloc( result, sizeof(char *) * (num + 1) );
+ result[num] = NULL;
+
+ return( result );
+}
+
+
+static void
+free_list( char **list )
+{
+ int i;
+
+ if ( list != NULL ) {
+ for ( i = 0; list[ i ] != NULL; ++i ) {
+ free( list[ i ] );
+ }
+ free( (char *)list );
+ }
+}
+
+
+static int
+file_read( const char *path, struct berval *bv )
+{
+ FILE *fp;
+ ber_slen_t rlen;
+ int eof;
+
+ if (( fp = fopen( path, "r" )) == NULL ) {
+ perror( path );
+ return( -1 );
+ }
+
+ if ( fseek( fp, 0L, SEEK_END ) != 0 ) {
+ perror( path );
+ fclose( fp );
+ return( -1 );
+ }
+
+ bv->bv_len = ftell( fp );
+
+ if (( bv->bv_val = (char *)malloc( bv->bv_len )) == NULL ) {
+ perror( "malloc" );
+ fclose( fp );
+ return( -1 );
+ }
+
+ if ( fseek( fp, 0L, SEEK_SET ) != 0 ) {
+ perror( path );
+ fclose( fp );
+ return( -1 );
+ }
+
+ rlen = fread( bv->bv_val, 1, bv->bv_len, fp );
+ eof = feof( fp );
+ fclose( fp );
+
+ if ( (ber_len_t) rlen != bv->bv_len ) {
+ perror( path );
+ free( bv->bv_val );
+ return( -1 );
+ }
+
+ return( bv->bv_len );
+}
+
+
+static LDAPMod **
+get_modlist(
+ const char *prompt1,
+ const char *prompt2,
+ const char *prompt3 )
+{
+ static char buf[256];
+ int num;
+ LDAPMod tmp = { 0 };
+ LDAPMod **result;
+ struct berval **bvals;
+
+ num = 0;
+ result = NULL;
+ while ( 1 ) {
+ if ( prompt1 ) {
+ get_line( buf, sizeof(buf), stdin, prompt1 );
+ tmp.mod_op = atoi( buf );
+
+ if ( tmp.mod_op == -1 || buf[0] == '\0' )
+ break;
+ }
+
+ get_line( buf, sizeof(buf), stdin, prompt2 );
+ if ( buf[0] == '\0' )
+ break;
+ tmp.mod_type = strdup( buf );
+
+ tmp.mod_values = get_list( prompt3 );
+
+ if ( tmp.mod_values != NULL ) {
+ int i;
+
+ for ( i = 0; tmp.mod_values[i] != NULL; ++i )
+ ;
+ bvals = (struct berval **)calloc( i + 1,
+ sizeof( struct berval *));
+ for ( i = 0; tmp.mod_values[i] != NULL; ++i ) {
+ bvals[i] = (struct berval *)malloc(
+ sizeof( struct berval ));
+ if ( strncmp( tmp.mod_values[i], "{FILE}",
+ 6 ) == 0 ) {
+ if ( file_read( tmp.mod_values[i] + 6,
+ bvals[i] ) < 0 ) {
+ free( bvals );
+ for ( i = 0; i<num; i++ )
+ free( result[ i ] );
+ free( result );
+ return( NULL );
+ }
+ } else {
+ bvals[i]->bv_val = tmp.mod_values[i];
+ bvals[i]->bv_len =
+ strlen( tmp.mod_values[i] );
+ }
+ }
+ tmp.mod_bvalues = bvals;
+ tmp.mod_op |= LDAP_MOD_BVALUES;
+ }
+
+ if ( result == NULL )
+ result = (LDAPMod **) malloc( sizeof(LDAPMod *) );
+ else
+ result = (LDAPMod **) realloc( result,
+ sizeof(LDAPMod *) * (num + 1) );
+
+ result[num] = (LDAPMod *) malloc( sizeof(LDAPMod) );
+ *(result[num]) = tmp; /* struct copy */
+ num++;
+ }
+ if ( result == NULL )
+ return( NULL );
+ result = (LDAPMod **) realloc( result, sizeof(LDAPMod *) * (num + 1) );
+ result[num] = NULL;
+
+ return( result );
+}
+
+
+static int
+bind_prompt( LDAP *ld,
+ LDAP_CONST char *url,
+ ber_tag_t request, ber_int_t msgid,
+ void *params )
+{
+ static char dn[256], passwd[256];
+ int authmethod;
+
+ printf("rebind for request=%ld msgid=%ld url=%s\n",
+ request, (long) msgid, url );
+
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ get_line( dn, sizeof(dn), stdin,
+ "re-bind method (0->simple, 1->krbv41, 2->krbv42, 3->krbv41&2)? " );
+ if (( authmethod = atoi( dn )) == 3 ) {
+ authmethod = LDAP_AUTH_KRBV4;
+ } else {
+ authmethod |= 0x80;
+ }
+#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
+ authmethod = LDAP_AUTH_SIMPLE;
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
+
+ get_line( dn, sizeof(dn), stdin, "re-bind dn? " );
+ strcat( dn, dnsuffix );
+
+ if ( authmethod == LDAP_AUTH_SIMPLE && dn[0] != '\0' ) {
+ get_line( passwd, sizeof(passwd), stdin,
+ "re-bind password? " );
+ } else {
+ passwd[0] = '\0';
+ }
+
+ return ldap_bind_s( ld, dn, passwd, authmethod);
+}
+
+
+int
+main( int argc, char **argv )
+{
+ LDAP *ld = NULL;
+ int i, c, port, errflg, method, id, msgtype;
+ char line[256], command1, command2, command3;
+ char passwd[64], dn[256], rdn[64], attr[64], value[256];
+ char filter[256], *host, **types;
+ char **exdn;
+ char *usage = "usage: %s [-u] [-h host] [-d level] [-s dnsuffix] [-p port] [-t file] [-T file]\n";
+ int bound, all, scope, attrsonly;
+ LDAPMessage *res;
+ LDAPMod **mods, **attrs;
+ struct timeval timeout;
+ char *copyfname = NULL;
+ int copyoptions = 0;
+ LDAPURLDesc *ludp;
+
+ host = NULL;
+ port = LDAP_PORT;
+ dnsuffix = "";
+ errflg = 0;
+
+ while (( c = getopt( argc, argv, "h:d:s:p:t:T:" )) != -1 ) {
+ switch( c ) {
+ case 'd':
+#ifdef LDAP_DEBUG
+ ldap_debug = atoi( optarg );
+#ifdef LBER_DEBUG
+ if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
+ ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ldap_debug );
+ }
+#endif
+#else
+ printf( "Compile with -DLDAP_DEBUG for debugging\n" );
+#endif
+ break;
+
+ case 'h':
+ host = optarg;
+ break;
+
+ case 's':
+ dnsuffix = optarg;
+ break;
+
+ case 'p':
+ port = atoi( optarg );
+ break;
+
+ case 't': /* copy ber's to given file */
+ copyfname = strdup( optarg );
+/* copyoptions = LBER_TO_FILE; */
+ break;
+
+ case 'T': /* only output ber's to given file */
+ copyfname = strdup( optarg );
+/* copyoptions = (LBER_TO_FILE | LBER_TO_FILE_ONLY); */
+ break;
+
+ default:
+ ++errflg;
+ }
+ }
+
+ if ( host == NULL && optind == argc - 1 ) {
+ host = argv[ optind ];
+ ++optind;
+ }
+
+ if ( errflg || optind < argc - 1 ) {
+ fprintf( stderr, usage, argv[ 0 ] );
+ exit( EXIT_FAILURE );
+ }
+
+ printf( "ldap_init( %s, %d )\n",
+ host == NULL ? "(null)" : host, port );
+
+ ld = ldap_init( host, port );
+
+ if ( ld == NULL ) {
+ perror( "ldap_init" );
+ exit( EXIT_FAILURE );
+ }
+
+ if ( copyfname != NULL ) {
+ if ( ( ld->ld_sb->sb_fd = open( copyfname, O_WRONLY|O_CREAT|O_EXCL,
+ 0600 )) == -1 ) {
+ perror( copyfname );
+ exit ( EXIT_FAILURE );
+ }
+ ld->ld_sb->sb_options = copyoptions;
+ }
+
+ bound = 0;
+ timeout.tv_sec = 0;
+ timeout.tv_usec = 0;
+
+ (void) memset( line, '\0', sizeof(line) );
+ while ( get_line( line, sizeof(line), stdin, "\ncommand? " ) != NULL ) {
+ command1 = line[0];
+ command2 = line[1];
+ command3 = line[2];
+
+ switch ( command1 ) {
+ case 'a': /* add or abandon */
+ switch ( command2 ) {
+ case 'd': /* add */
+ get_line( dn, sizeof(dn), stdin, "dn? " );
+ strcat( dn, dnsuffix );
+ if ( (attrs = get_modlist( NULL, "attr? ",
+ "value? " )) == NULL )
+ break;
+ if ( (id = ldap_add( ld, dn, attrs )) == -1 )
+ ldap_perror( ld, "ldap_add" );
+ else
+ printf( "Add initiated with id %d\n",
+ id );
+ break;
+
+ case 'b': /* abandon */
+ get_line( line, sizeof(line), stdin, "msgid? " );
+ id = atoi( line );
+ if ( ldap_abandon( ld, id ) != 0 )
+ ldap_perror( ld, "ldap_abandon" );
+ else
+ printf( "Abandon successful\n" );
+ break;
+ default:
+ printf( "Possibilities: [ad]d, [ab]ort\n" );
+ }
+ break;
+
+ case 'b': /* asynch bind */
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ get_line( line, sizeof(line), stdin,
+ "method (0->simple, 1->krbv41, 2->krbv42)? " );
+ method = atoi( line ) | 0x80;
+#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
+ method = LDAP_AUTH_SIMPLE;
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
+ get_line( dn, sizeof(dn), stdin, "dn? " );
+ strcat( dn, dnsuffix );
+
+ if ( method == LDAP_AUTH_SIMPLE && dn[0] != '\0' )
+ get_line( passwd, sizeof(passwd), stdin,
+ "password? " );
+ else
+ passwd[0] = '\0';
+
+ if ( ldap_bind( ld, dn, passwd, method ) == -1 ) {
+ fprintf( stderr, "ldap_bind failed\n" );
+ ldap_perror( ld, "ldap_bind" );
+ } else {
+ printf( "Bind initiated\n" );
+ bound = 1;
+ }
+ break;
+
+ case 'B': /* synch bind */
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ get_line( line, sizeof(line), stdin,
+ "method 0->simple 1->krbv41 2->krbv42 3->krb? " );
+ method = atoi( line );
+ if ( method == 3 )
+ method = LDAP_AUTH_KRBV4;
+ else
+ method = method | 0x80;
+#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
+ method = LDAP_AUTH_SIMPLE;
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
+ get_line( dn, sizeof(dn), stdin, "dn? " );
+ strcat( dn, dnsuffix );
+
+ if ( dn[0] != '\0' )
+ get_line( passwd, sizeof(passwd), stdin,
+ "password? " );
+ else
+ passwd[0] = '\0';
+
+ if ( ldap_bind_s( ld, dn, passwd, method ) !=
+ LDAP_SUCCESS ) {
+ fprintf( stderr, "ldap_bind_s failed\n" );
+ ldap_perror( ld, "ldap_bind_s" );
+ } else {
+ printf( "Bind successful\n" );
+ bound = 1;
+ }
+ break;
+
+ case 'c': /* compare */
+ get_line( dn, sizeof(dn), stdin, "dn? " );
+ strcat( dn, dnsuffix );
+ get_line( attr, sizeof(attr), stdin, "attr? " );
+ get_line( value, sizeof(value), stdin, "value? " );
+
+ if ( (id = ldap_compare( ld, dn, attr, value )) == -1 )
+ ldap_perror( ld, "ldap_compare" );
+ else
+ printf( "Compare initiated with id %d\n", id );
+ break;
+
+ case 'd': /* turn on debugging */
+#ifdef LDAP_DEBUG
+ get_line( line, sizeof(line), stdin, "debug level? " );
+ ldap_debug = atoi( line );
+#ifdef LBER_DEBUG
+ if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
+ ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ldap_debug );
+ }
+#endif
+#else
+ printf( "Compile with -DLDAP_DEBUG for debugging\n" );
+#endif
+ break;
+
+ case 'E': /* explode a dn */
+ get_line( line, sizeof(line), stdin, "dn? " );
+ exdn = ldap_explode_dn( line, 0 );
+ for ( i = 0; exdn != NULL && exdn[i] != NULL; i++ ) {
+ printf( "\t%s\n", exdn[i] );
+ }
+ break;
+
+ case 'g': /* set next msgid */
+ get_line( line, sizeof(line), stdin, "msgid? " );
+ ld->ld_msgid = atoi( line );
+ break;
+
+ case 'v': /* set version number */
+ get_line( line, sizeof(line), stdin, "version? " );
+ ld->ld_version = atoi( line );
+ break;
+
+ case 'm': /* modify or modifyrdn */
+ if ( strncmp( line, "modify", 4 ) == 0 ) {
+ get_line( dn, sizeof(dn), stdin, "dn? " );
+ strcat( dn, dnsuffix );
+ if ( (mods = get_modlist(
+ "mod (0=>add, 1=>delete, 2=>replace -1=>done)? ",
+ "attribute type? ", "attribute value? " ))
+ == NULL )
+ break;
+ if ( (id = ldap_modify( ld, dn, mods )) == -1 )
+ ldap_perror( ld, "ldap_modify" );
+ else
+ printf( "Modify initiated with id %d\n",
+ id );
+ } else if ( strncmp( line, "modrdn", 4 ) == 0 ) {
+ get_line( dn, sizeof(dn), stdin, "dn? " );
+ strcat( dn, dnsuffix );
+ get_line( rdn, sizeof(rdn), stdin, "newrdn? " );
+ if ( (id = ldap_modrdn( ld, dn, rdn )) == -1 )
+ ldap_perror( ld, "ldap_modrdn" );
+ else
+ printf( "Modrdn initiated with id %d\n",
+ id );
+ } else {
+ printf( "Possibilities: [modi]fy, [modr]dn\n" );
+ }
+ break;
+
+ case 'q': /* quit */
+ ldap_unbind( ld );
+ exit( EXIT_SUCCESS );
+ break;
+
+ case 'r': /* result or remove */
+ switch ( command3 ) {
+ case 's': /* result */
+ get_line( line, sizeof(line), stdin,
+ "msgid (-1=>any)? " );
+ if ( line[0] == '\0' )
+ id = -1;
+ else
+ id = atoi( line );
+ get_line( line, sizeof(line), stdin,
+ "all (0=>any, 1=>all)? " );
+ if ( line[0] == '\0' )
+ all = 1;
+ else
+ all = atoi( line );
+ if (( msgtype = ldap_result( ld, id, all,
+ &timeout, &res )) < 1 ) {
+ ldap_perror( ld, "ldap_result" );
+ break;
+ }
+ printf( "\nresult: msgtype %d msgid %d\n",
+ msgtype, res->lm_msgid );
+ handle_result( ld, res );
+ res = NULL;
+ break;
+
+ case 'm': /* remove */
+ get_line( dn, sizeof(dn), stdin, "dn? " );
+ strcat( dn, dnsuffix );
+ if ( (id = ldap_delete( ld, dn )) == -1 )
+ ldap_perror( ld, "ldap_delete" );
+ else
+ printf( "Remove initiated with id %d\n",
+ id );
+ break;
+
+ default:
+ printf( "Possibilities: [rem]ove, [res]ult\n" );
+ break;
+ }
+ break;
+
+ case 's': /* search */
+ get_line( dn, sizeof(dn), stdin, "searchbase? " );
+ strcat( dn, dnsuffix );
+ get_line( line, sizeof(line), stdin,
+ "scope (0=baseObject, 1=oneLevel, 2=subtree, 3=children)? " );
+ scope = atoi( line );
+ get_line( filter, sizeof(filter), stdin,
+ "search filter (e.g. sn=jones)? " );
+ types = get_list( "attrs to return? " );
+ get_line( line, sizeof(line), stdin,
+ "attrsonly (0=attrs&values, 1=attrs only)? " );
+ attrsonly = atoi( line );
+
+ if (( id = ldap_search( ld, dn, scope, filter,
+ types, attrsonly )) == -1 ) {
+ ldap_perror( ld, "ldap_search" );
+ } else {
+ printf( "Search initiated with id %d\n", id );
+ }
+ free_list( types );
+ break;
+
+ case 't': /* set timeout value */
+ get_line( line, sizeof(line), stdin, "timeout? " );
+ timeout.tv_sec = atoi( line );
+ break;
+
+ case 'p': /* parse LDAP URL */
+ get_line( line, sizeof(line), stdin, "LDAP URL? " );
+ if (( i = ldap_url_parse( line, &ludp )) != 0 ) {
+ fprintf( stderr, "ldap_url_parse: error %d\n", i );
+ } else {
+ printf( "\t host: " );
+ if ( ludp->lud_host == NULL ) {
+ printf( "DEFAULT\n" );
+ } else {
+ printf( "<%s>\n", ludp->lud_host );
+ }
+ printf( "\t port: " );
+ if ( ludp->lud_port == 0 ) {
+ printf( "DEFAULT\n" );
+ } else {
+ printf( "%d\n", ludp->lud_port );
+ }
+ printf( "\t dn: <%s>\n", ludp->lud_dn );
+ printf( "\t attrs:" );
+ if ( ludp->lud_attrs == NULL ) {
+ printf( " ALL" );
+ } else {
+ for ( i = 0; ludp->lud_attrs[ i ] != NULL; ++i ) {
+ printf( " <%s>", ludp->lud_attrs[ i ] );
+ }
+ }
+ printf( "\n\t scope: %s\n",
+ ludp->lud_scope == LDAP_SCOPE_BASE ? "baseObject"
+ : ludp->lud_scope == LDAP_SCOPE_ONELEVEL ? "oneLevel"
+ : ludp->lud_scope == LDAP_SCOPE_SUBTREE ? "subtree"
+#ifdef LDAP_SCOPE_SUBORDINATE
+ : ludp->lud_scope == LDAP_SCOPE_SUBORDINATE ? "children"
+#endif
+ : "**invalid**" );
+ printf( "\tfilter: <%s>\n", ludp->lud_filter );
+ ldap_free_urldesc( ludp );
+ }
+ break;
+
+ case 'n': /* set dn suffix, for convenience */
+ get_line( line, sizeof(line), stdin, "DN suffix? " );
+ strcpy( dnsuffix, line );
+ break;
+
+ case 'o': /* set ldap options */
+ get_line( line, sizeof(line), stdin, "alias deref (0=never, 1=searching, 2=finding, 3=always)?" );
+ ld->ld_deref = atoi( line );
+ get_line( line, sizeof(line), stdin, "timelimit?" );
+ ld->ld_timelimit = atoi( line );
+ get_line( line, sizeof(line), stdin, "sizelimit?" );
+ ld->ld_sizelimit = atoi( line );
+
+ LDAP_BOOL_ZERO(&ld->ld_options);
+
+ get_line( line, sizeof(line), stdin,
+ "Recognize and chase referrals (0=no, 1=yes)?" );
+ if ( atoi( line ) != 0 ) {
+ LDAP_BOOL_SET(&ld->ld_options, LDAP_BOOL_REFERRALS);
+ get_line( line, sizeof(line), stdin,
+ "Prompt for bind credentials when chasing referrals (0=no, 1=yes)?" );
+ if ( atoi( line ) != 0 ) {
+ ldap_set_rebind_proc( ld, bind_prompt, NULL );
+ }
+ }
+ break;
+
+ case '?': /* help */
+ printf(
+"Commands: [ad]d [ab]andon [b]ind\n"
+" [B]ind async [c]ompare\n"
+" [modi]fy [modr]dn [rem]ove\n"
+" [res]ult [s]earch [q]uit/unbind\n\n"
+" [d]ebug set ms[g]id\n"
+" d[n]suffix [t]imeout [v]ersion\n"
+" [?]help [o]ptions"
+" [E]xplode dn [p]arse LDAP URL\n" );
+ break;
+
+ default:
+ printf( "Invalid command. Type ? for help.\n" );
+ break;
+ }
+
+ (void) memset( line, '\0', sizeof(line) );
+ }
+
+ return( 0 );
+}
+
+static void
+handle_result( LDAP *ld, LDAPMessage *lm )
+{
+ switch ( lm->lm_msgtype ) {
+ case LDAP_RES_COMPARE:
+ printf( "Compare result\n" );
+ print_ldap_result( ld, lm, "compare" );
+ break;
+
+ case LDAP_RES_SEARCH_RESULT:
+ printf( "Search result\n" );
+ print_ldap_result( ld, lm, "search" );
+ break;
+
+ case LDAP_RES_SEARCH_ENTRY:
+ printf( "Search entry\n" );
+ print_search_entry( ld, lm );
+ break;
+
+ case LDAP_RES_ADD:
+ printf( "Add result\n" );
+ print_ldap_result( ld, lm, "add" );
+ break;
+
+ case LDAP_RES_DELETE:
+ printf( "Delete result\n" );
+ print_ldap_result( ld, lm, "delete" );
+ break;
+
+ case LDAP_RES_MODRDN:
+ printf( "ModRDN result\n" );
+ print_ldap_result( ld, lm, "modrdn" );
+ break;
+
+ case LDAP_RES_BIND:
+ printf( "Bind result\n" );
+ print_ldap_result( ld, lm, "bind" );
+ break;
+
+ default:
+ printf( "Unknown result type 0x%lx\n",
+ (unsigned long) lm->lm_msgtype );
+ print_ldap_result( ld, lm, "unknown" );
+ }
+}
+
+static void
+print_ldap_result( LDAP *ld, LDAPMessage *lm, const char *s )
+{
+ ldap_result2error( ld, lm, 1 );
+ ldap_perror( ld, s );
+/*
+ if ( ld->ld_error != NULL && *ld->ld_error != '\0' )
+ fprintf( stderr, "Additional info: %s\n", ld->ld_error );
+ if ( LDAP_NAME_ERROR( ld->ld_errno ) && ld->ld_matched != NULL )
+ fprintf( stderr, "Matched DN: %s\n", ld->ld_matched );
+*/
+}
+
+static void
+print_search_entry( LDAP *ld, LDAPMessage *res )
+{
+ LDAPMessage *e;
+
+ for ( e = ldap_first_entry( ld, res ); e != NULL;
+ e = ldap_next_entry( ld, e ) )
+ {
+ BerElement *ber = NULL;
+ char *a, *dn, *ufn;
+
+ if ( e->lm_msgtype == LDAP_RES_SEARCH_RESULT )
+ break;
+
+ dn = ldap_get_dn( ld, e );
+ printf( "\tDN: %s\n", dn );
+
+ ufn = ldap_dn2ufn( dn );
+ printf( "\tUFN: %s\n", ufn );
+
+ free( dn );
+ free( ufn );
+
+ for ( a = ldap_first_attribute( ld, e, &ber ); a != NULL;
+ a = ldap_next_attribute( ld, e, ber ) )
+ {
+ struct berval **vals;
+
+ printf( "\t\tATTR: %s\n", a );
+ if ( (vals = ldap_get_values_len( ld, e, a ))
+ == NULL ) {
+ printf( "\t\t\t(no values)\n" );
+ } else {
+ int i;
+ for ( i = 0; vals[i] != NULL; i++ ) {
+ int j, nonascii;
+
+ nonascii = 0;
+ for ( j = 0; (ber_len_t) j < vals[i]->bv_len; j++ )
+ if ( !isascii( vals[i]->bv_val[j] ) ) {
+ nonascii = 1;
+ break;
+ }
+
+ if ( nonascii ) {
+ printf( "\t\t\tlength (%ld) (not ascii)\n", vals[i]->bv_len );
+#ifdef BPRINT_NONASCII
+ ber_bprint( vals[i]->bv_val,
+ vals[i]->bv_len );
+#endif /* BPRINT_NONASCII */
+ continue;
+ }
+ printf( "\t\t\tlength (%ld) %s\n",
+ vals[i]->bv_len, vals[i]->bv_val );
+ }
+ ber_bvecfree( vals );
+ }
+ }
+
+ if(ber != NULL) {
+ ber_free( ber, 0 );
+ }
+ }
+
+ if ( res->lm_msgtype == LDAP_RES_SEARCH_RESULT
+ || res->lm_chain != NULL )
+ print_ldap_result( ld, res, "search" );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/tls.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/tls.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/tls.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1920 @@
+/* tls.c - Handle tls/ssl using SSLeay or OpenSSL. */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/tls.c,v 1.118.2.17 2007/01/25 02:28:40 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+#include "ldap_config.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+#include <ac/param.h>
+#include <ac/dirent.h>
+
+#include "ldap-int.h"
+
+#ifdef HAVE_TLS
+
+#ifdef LDAP_R_COMPILE
+#include <ldap_pvt_thread.h>
+#endif
+
+#ifdef HAVE_OPENSSL_SSL_H
+#include <openssl/ssl.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/safestack.h>
+#elif defined( HAVE_SSL_H )
+#include <ssl.h>
+#endif
+
+static int tls_opt_trace = 1;
+static char *tls_opt_certfile = NULL;
+static char *tls_opt_keyfile = NULL;
+static char *tls_opt_dhfile = NULL;
+static char *tls_opt_cacertfile = NULL;
+static char *tls_opt_cacertdir = NULL;
+static int tls_opt_require_cert = LDAP_OPT_X_TLS_DEMAND;
+#ifdef HAVE_OPENSSL_CRL
+static int tls_opt_crlcheck = LDAP_OPT_X_TLS_CRL_NONE;
+#endif
+static char *tls_opt_ciphersuite = NULL;
+static char *tls_opt_randfile = NULL;
+
+#define HAS_TLS( sb ) ber_sockbuf_ctrl( sb, LBER_SB_OPT_HAS_IO, \
+ (void *)&sb_tls_sbio )
+
+static void tls_report_error( void );
+
+static void tls_info_cb( const SSL *ssl, int where, int ret );
+static int tls_verify_cb( int ok, X509_STORE_CTX *ctx );
+static int tls_verify_ok( int ok, X509_STORE_CTX *ctx );
+static RSA * tls_tmp_rsa_cb( SSL *ssl, int is_export, int key_length );
+static STACK_OF(X509_NAME) * get_ca_list( char * bundle, char * dir );
+
+static DH * tls_tmp_dh_cb( SSL *ssl, int is_export, int key_length );
+
+static SSL_CTX *tls_def_ctx = NULL;
+
+typedef struct dhplist {
+ struct dhplist *next;
+ int keylength;
+ DH *param;
+} dhplist;
+
+static dhplist *dhparams;
+
+static int tls_seed_PRNG( const char *randfile );
+
+#ifdef LDAP_R_COMPILE
+/*
+ * provide mutexes for the SSLeay library.
+ */
+static ldap_pvt_thread_mutex_t tls_mutexes[CRYPTO_NUM_LOCKS];
+
+static void tls_locking_cb( int mode, int type, const char *file, int line )
+{
+ if ( mode & CRYPTO_LOCK ) {
+ ldap_pvt_thread_mutex_lock( &tls_mutexes[type] );
+ } else {
+ ldap_pvt_thread_mutex_unlock( &tls_mutexes[type] );
+ }
+}
+
+/*
+ * an extra mutex for the default ctx.
+ */
+
+static ldap_pvt_thread_mutex_t tls_def_ctx_mutex;
+static ldap_pvt_thread_mutex_t tls_connect_mutex;
+
+static void tls_init_threads( void )
+{
+ int i;
+
+ for( i=0; i< CRYPTO_NUM_LOCKS ; i++ ) {
+ ldap_pvt_thread_mutex_init( &tls_mutexes[i] );
+ }
+ CRYPTO_set_locking_callback( tls_locking_cb );
+ CRYPTO_set_id_callback( ldap_pvt_thread_self );
+ /* FIXME: CRYPTO_set_id_callback only works when ldap_pvt_thread_t
+ * is an integral type that fits in an unsigned long
+ */
+
+ ldap_pvt_thread_mutex_init( &tls_def_ctx_mutex );
+ ldap_pvt_thread_mutex_init( &tls_connect_mutex );
+}
+#endif /* LDAP_R_COMPILE */
+
+/*
+ * Tear down the TLS subsystem. Should only be called once.
+ */
+void
+ldap_pvt_tls_destroy( void )
+{
+ SSL_CTX_free(tls_def_ctx);
+ tls_def_ctx = NULL;
+
+ EVP_cleanup();
+ ERR_remove_state(0);
+ ERR_free_strings();
+
+ if ( tls_opt_certfile ) {
+ LDAP_FREE( tls_opt_certfile );
+ tls_opt_certfile = NULL;
+ }
+ if ( tls_opt_keyfile ) {
+ LDAP_FREE( tls_opt_keyfile );
+ tls_opt_keyfile = NULL;
+ }
+ if ( tls_opt_dhfile ) {
+ LDAP_FREE( tls_opt_dhfile );
+ tls_opt_dhfile = NULL;
+ }
+ if ( tls_opt_cacertfile ) {
+ LDAP_FREE( tls_opt_cacertfile );
+ tls_opt_cacertfile = NULL;
+ }
+ if ( tls_opt_cacertdir ) {
+ LDAP_FREE( tls_opt_cacertdir );
+ tls_opt_cacertdir = NULL;
+ }
+ if ( tls_opt_ciphersuite ) {
+ LDAP_FREE( tls_opt_ciphersuite );
+ tls_opt_ciphersuite = NULL;
+ }
+ if ( tls_opt_randfile ) {
+ LDAP_FREE( tls_opt_randfile );
+ tls_opt_randfile = NULL;
+ }
+}
+
+/*
+ * Initialize TLS subsystem. Should be called only once.
+ */
+int
+ldap_pvt_tls_init( void )
+{
+ static int tls_initialized = 0;
+
+ if ( tls_initialized++ ) return 0;
+
+#ifdef HAVE_EBCDIC
+ {
+ char *file = LDAP_STRDUP( tls_opt_randfile );
+ if ( file ) __atoe( file );
+ (void) tls_seed_PRNG( file );
+ LDAP_FREE( file );
+ }
+#else
+ (void) tls_seed_PRNG( tls_opt_randfile );
+#endif
+
+#ifdef LDAP_R_COMPILE
+ tls_init_threads();
+#endif
+
+ SSL_load_error_strings();
+ SSLeay_add_ssl_algorithms();
+
+ /* FIXME: mod_ssl does this */
+ X509V3_add_standard_extensions();
+ return 0;
+}
+
+/*
+ * initialize the default context
+ */
+int
+ldap_pvt_tls_init_def_ctx( int is_server )
+{
+ STACK_OF(X509_NAME) *calist;
+ int rc = 0;
+ char *ciphersuite = tls_opt_ciphersuite;
+ char *cacertfile = tls_opt_cacertfile;
+ char *cacertdir = tls_opt_cacertdir;
+ char *certfile = tls_opt_certfile;
+ char *keyfile = tls_opt_keyfile;
+ char *dhfile = tls_opt_dhfile;
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &tls_def_ctx_mutex );
+#endif
+
+ if ( is_server && !certfile && !keyfile && !cacertfile && !cacertdir ) {
+ /* minimum configuration not provided */
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
+#endif
+ return LDAP_NOT_SUPPORTED;
+ }
+
+#ifdef HAVE_EBCDIC
+ /* This ASCII/EBCDIC handling is a real pain! */
+ if ( ciphersuite ) {
+ ciphersuite = LDAP_STRDUP( ciphersuite );
+ __atoe( ciphersuite );
+ }
+ if ( cacertfile ) {
+ cacertfile = LDAP_STRDUP( cacertfile );
+ __atoe( cacertfile );
+ }
+ if ( cacertdir ) {
+ cacertdir = LDAP_STRDUP( cacertdir );
+ __atoe( cacertdir );
+ }
+ if ( certfile ) {
+ certfile = LDAP_STRDUP( certfile );
+ __atoe( certfile );
+ }
+ if ( keyfile ) {
+ keyfile = LDAP_STRDUP( keyfile );
+ __atoe( keyfile );
+ }
+ if ( dhfile ) {
+ dhfile = LDAP_STRDUP( dhfile );
+ __atoe( dhfile );
+ }
+#endif
+ if ( tls_def_ctx == NULL ) {
+ int i;
+ tls_def_ctx = SSL_CTX_new( SSLv23_method() );
+ if ( tls_def_ctx == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not allocate default ctx (%lu).\n",
+ ERR_peek_error(),0,0);
+ rc = -1;
+ goto error_exit;
+ }
+
+ SSL_CTX_set_session_id_context( tls_def_ctx,
+ (const unsigned char *) "OpenLDAP", sizeof("OpenLDAP")-1 );
+
+ if ( tls_opt_ciphersuite &&
+ !SSL_CTX_set_cipher_list( tls_def_ctx, ciphersuite ) )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not set cipher list %s.\n",
+ tls_opt_ciphersuite, 0, 0 );
+ tls_report_error();
+ rc = -1;
+ goto error_exit;
+ }
+
+ if (tls_opt_cacertfile != NULL || tls_opt_cacertdir != NULL) {
+ if ( !SSL_CTX_load_verify_locations( tls_def_ctx,
+ cacertfile, cacertdir ) ||
+ !SSL_CTX_set_default_verify_paths( tls_def_ctx ) )
+ {
+ Debug( LDAP_DEBUG_ANY, "TLS: "
+ "could not load verify locations (file:`%s',dir:`%s').\n",
+ tls_opt_cacertfile ? tls_opt_cacertfile : "",
+ tls_opt_cacertdir ? tls_opt_cacertdir : "",
+ 0 );
+ tls_report_error();
+ rc = -1;
+ goto error_exit;
+ }
+
+ calist = get_ca_list( cacertfile, cacertdir );
+ if ( !calist ) {
+ Debug( LDAP_DEBUG_ANY, "TLS: "
+ "could not load client CA list (file:`%s',dir:`%s').\n",
+ tls_opt_cacertfile ? tls_opt_cacertfile : "",
+ tls_opt_cacertdir ? tls_opt_cacertdir : "",
+ 0 );
+ tls_report_error();
+ rc = -1;
+ goto error_exit;
+ }
+
+ SSL_CTX_set_client_CA_list( tls_def_ctx, calist );
+ }
+
+ if ( tls_opt_keyfile &&
+ !SSL_CTX_use_PrivateKey_file( tls_def_ctx,
+ keyfile, SSL_FILETYPE_PEM ) )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not use key file `%s'.\n",
+ tls_opt_keyfile,0,0);
+ tls_report_error();
+ rc = -1;
+ goto error_exit;
+ }
+
+ if ( tls_opt_certfile &&
+ !SSL_CTX_use_certificate_file( tls_def_ctx,
+ certfile, SSL_FILETYPE_PEM ) )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not use certificate `%s'.\n",
+ tls_opt_certfile,0,0);
+ tls_report_error();
+ rc = -1;
+ goto error_exit;
+ }
+
+ if ( ( tls_opt_certfile || tls_opt_keyfile ) &&
+ !SSL_CTX_check_private_key( tls_def_ctx ) )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: private key mismatch.\n",
+ 0,0,0);
+ tls_report_error();
+ rc = -1;
+ goto error_exit;
+ }
+
+ if ( tls_opt_dhfile ) {
+ DH *dh = NULL;
+ BIO *bio;
+ dhplist *p;
+
+ if (( bio=BIO_new_file( dhfile,"r" )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not use DH parameters file `%s'.\n",
+ tls_opt_dhfile,0,0);
+ tls_report_error();
+ rc = -1;
+ goto error_exit;
+ }
+ while (( dh=PEM_read_bio_DHparams( bio, NULL, NULL, NULL ))) {
+ p = LDAP_MALLOC( sizeof(dhplist) );
+ if ( p != NULL ) {
+ p->keylength = DH_size( dh ) * 8;
+ p->param = dh;
+ p->next = dhparams;
+ dhparams = p;
+ }
+ }
+ BIO_free( bio );
+ }
+
+ if ( tls_opt_trace ) {
+ SSL_CTX_set_info_callback( tls_def_ctx, tls_info_cb );
+ }
+
+ i = SSL_VERIFY_NONE;
+ if ( tls_opt_require_cert ) {
+ i = SSL_VERIFY_PEER;
+ if ( tls_opt_require_cert == LDAP_OPT_X_TLS_DEMAND ||
+ tls_opt_require_cert == LDAP_OPT_X_TLS_HARD ) {
+ i |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+ }
+ }
+
+ SSL_CTX_set_verify( tls_def_ctx, i,
+ tls_opt_require_cert == LDAP_OPT_X_TLS_ALLOW ?
+ tls_verify_ok : tls_verify_cb );
+ SSL_CTX_set_tmp_rsa_callback( tls_def_ctx, tls_tmp_rsa_cb );
+ if ( tls_opt_dhfile ) {
+ SSL_CTX_set_tmp_dh_callback( tls_def_ctx, tls_tmp_dh_cb );
+ }
+#ifdef HAVE_OPENSSL_CRL
+ if ( tls_opt_crlcheck ) {
+ X509_STORE *x509_s = SSL_CTX_get_cert_store( tls_def_ctx );
+ if ( tls_opt_crlcheck == LDAP_OPT_X_TLS_CRL_PEER ) {
+ X509_STORE_set_flags( x509_s, X509_V_FLAG_CRL_CHECK );
+ } else if ( tls_opt_crlcheck == LDAP_OPT_X_TLS_CRL_ALL ) {
+ X509_STORE_set_flags( x509_s,
+ X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL );
+ }
+ }
+#endif
+ }
+error_exit:
+ if ( rc == -1 && tls_def_ctx != NULL ) {
+ SSL_CTX_free( tls_def_ctx );
+ tls_def_ctx = NULL;
+ }
+#ifdef HAVE_EBCDIC
+ LDAP_FREE( ciphersuite );
+ LDAP_FREE( cacertfile );
+ LDAP_FREE( cacertdir );
+ LDAP_FREE( certfile );
+ LDAP_FREE( keyfile );
+ LDAP_FREE( dhfile );
+#endif
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
+#endif
+ return rc;
+}
+
+static STACK_OF(X509_NAME) *
+get_ca_list( char * bundle, char * dir )
+{
+ STACK_OF(X509_NAME) *ca_list = NULL;
+
+ if ( bundle ) {
+ ca_list = SSL_load_client_CA_file( bundle );
+ }
+#if defined(HAVE_DIRENT_H) || defined(dirent)
+ if ( dir ) {
+ int freeit = 0;
+
+ if ( !ca_list ) {
+ ca_list = sk_X509_NAME_new_null();
+ freeit = 1;
+ }
+ if ( !SSL_add_dir_cert_subjects_to_stack( ca_list, dir ) &&
+ freeit ) {
+ sk_X509_NAME_free( ca_list );
+ ca_list = NULL;
+ }
+ }
+#endif
+ return ca_list;
+}
+
+static SSL *
+alloc_handle( void *ctx_arg, int is_server )
+{
+ SSL_CTX *ctx;
+ SSL *ssl;
+
+ if ( ctx_arg ) {
+ ctx = (SSL_CTX *) ctx_arg;
+ } else {
+ if ( ldap_pvt_tls_init_def_ctx( is_server ) < 0 ) return NULL;
+ ctx = tls_def_ctx;
+ }
+
+ ssl = SSL_new( ctx );
+ if ( ssl == NULL ) {
+ Debug( LDAP_DEBUG_ANY,"TLS: can't create ssl handle.\n",0,0,0);
+ return NULL;
+ }
+ return ssl;
+}
+
+static int
+update_flags( Sockbuf *sb, SSL * ssl, int rc )
+{
+ int err = SSL_get_error(ssl, rc);
+
+ sb->sb_trans_needs_read = 0;
+ sb->sb_trans_needs_write = 0;
+
+ if (err == SSL_ERROR_WANT_READ) {
+ sb->sb_trans_needs_read = 1;
+ return 1;
+
+ } else if (err == SSL_ERROR_WANT_WRITE) {
+ sb->sb_trans_needs_write = 1;
+ return 1;
+
+ } else if (err == SSL_ERROR_WANT_CONNECT) {
+ return 1;
+ }
+ return 0;
+}
+
+/*
+ * TLS support for LBER Sockbufs
+ */
+
+struct tls_data {
+ SSL *ssl;
+ Sockbuf_IO_Desc *sbiod;
+};
+
+static BIO_METHOD sb_tls_bio_method;
+
+static int
+sb_tls_setup( Sockbuf_IO_Desc *sbiod, void *arg )
+{
+ struct tls_data *p;
+ BIO *bio;
+
+ assert( sbiod != NULL );
+
+ p = LBER_MALLOC( sizeof( *p ) );
+ if ( p == NULL ) {
+ return -1;
+ }
+
+ p->ssl = (SSL *)arg;
+ p->sbiod = sbiod;
+ bio = BIO_new( &sb_tls_bio_method );
+ bio->ptr = (void *)p;
+ SSL_set_bio( p->ssl, bio, bio );
+ sbiod->sbiod_pvt = p;
+ return 0;
+}
+
+static int
+sb_tls_remove( Sockbuf_IO_Desc *sbiod )
+{
+ struct tls_data *p;
+
+ assert( sbiod != NULL );
+ assert( sbiod->sbiod_pvt != NULL );
+
+ p = (struct tls_data *)sbiod->sbiod_pvt;
+ SSL_free( p->ssl );
+ LBER_FREE( sbiod->sbiod_pvt );
+ sbiod->sbiod_pvt = NULL;
+ return 0;
+}
+
+static int
+sb_tls_close( Sockbuf_IO_Desc *sbiod )
+{
+ struct tls_data *p;
+
+ assert( sbiod != NULL );
+ assert( sbiod->sbiod_pvt != NULL );
+
+ p = (struct tls_data *)sbiod->sbiod_pvt;
+ SSL_shutdown( p->ssl );
+ return 0;
+}
+
+static int
+sb_tls_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg )
+{
+ struct tls_data *p;
+
+ assert( sbiod != NULL );
+ assert( sbiod->sbiod_pvt != NULL );
+
+ p = (struct tls_data *)sbiod->sbiod_pvt;
+
+ if ( opt == LBER_SB_OPT_GET_SSL ) {
+ *((SSL **)arg) = p->ssl;
+ return 1;
+
+ } else if ( opt == LBER_SB_OPT_DATA_READY ) {
+ if( SSL_pending( p->ssl ) > 0 ) {
+ return 1;
+ }
+ }
+
+ return LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg );
+}
+
+static ber_slen_t
+sb_tls_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+ struct tls_data *p;
+ ber_slen_t ret;
+ int err;
+
+ assert( sbiod != NULL );
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+ p = (struct tls_data *)sbiod->sbiod_pvt;
+
+ ret = SSL_read( p->ssl, (char *)buf, len );
+#ifdef HAVE_WINSOCK
+ errno = WSAGetLastError();
+#endif
+ err = SSL_get_error( p->ssl, ret );
+ if (err == SSL_ERROR_WANT_READ ) {
+ sbiod->sbiod_sb->sb_trans_needs_read = 1;
+ sock_errset(EWOULDBLOCK);
+ }
+ else
+ sbiod->sbiod_sb->sb_trans_needs_read = 0;
+ return ret;
+}
+
+static ber_slen_t
+sb_tls_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+ struct tls_data *p;
+ ber_slen_t ret;
+ int err;
+
+ assert( sbiod != NULL );
+ assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+ p = (struct tls_data *)sbiod->sbiod_pvt;
+
+ ret = SSL_write( p->ssl, (char *)buf, len );
+#ifdef HAVE_WINSOCK
+ errno = WSAGetLastError();
+#endif
+ err = SSL_get_error( p->ssl, ret );
+ if (err == SSL_ERROR_WANT_WRITE ) {
+ sbiod->sbiod_sb->sb_trans_needs_write = 1;
+ sock_errset(EWOULDBLOCK);
+
+ } else {
+ sbiod->sbiod_sb->sb_trans_needs_write = 0;
+ }
+ return ret;
+}
+
+static Sockbuf_IO sb_tls_sbio =
+{
+ sb_tls_setup, /* sbi_setup */
+ sb_tls_remove, /* sbi_remove */
+ sb_tls_ctrl, /* sbi_ctrl */
+ sb_tls_read, /* sbi_read */
+ sb_tls_write, /* sbi_write */
+ sb_tls_close /* sbi_close */
+};
+
+static int
+sb_tls_bio_create( BIO *b ) {
+ b->init = 1;
+ b->num = 0;
+ b->ptr = NULL;
+ b->flags = 0;
+ return 1;
+}
+
+static int
+sb_tls_bio_destroy( BIO *b )
+{
+ if ( b == NULL ) return 0;
+
+ b->ptr = NULL; /* sb_tls_remove() will free it */
+ b->init = 0;
+ b->flags = 0;
+ return 1;
+}
+
+static int
+sb_tls_bio_read( BIO *b, char *buf, int len )
+{
+ struct tls_data *p;
+ int ret;
+
+ if ( buf == NULL || len <= 0 ) return 0;
+
+ p = (struct tls_data *)b->ptr;
+
+ if ( p == NULL || p->sbiod == NULL ) {
+ return 0;
+ }
+
+ ret = LBER_SBIOD_READ_NEXT( p->sbiod, buf, len );
+
+ BIO_clear_retry_flags( b );
+ if ( ret < 0 ) {
+ int err = sock_errno();
+ if ( err == EAGAIN || err == EWOULDBLOCK ) {
+ BIO_set_retry_read( b );
+ }
+ }
+
+ return ret;
+}
+
+static int
+sb_tls_bio_write( BIO *b, const char *buf, int len )
+{
+ struct tls_data *p;
+ int ret;
+
+ if ( buf == NULL || len <= 0 ) return 0;
+
+ p = (struct tls_data *)b->ptr;
+
+ if ( p == NULL || p->sbiod == NULL ) {
+ return 0;
+ }
+
+ ret = LBER_SBIOD_WRITE_NEXT( p->sbiod, (char *)buf, len );
+
+ BIO_clear_retry_flags( b );
+ if ( ret < 0 ) {
+ int err = sock_errno();
+ if ( err == EAGAIN || err == EWOULDBLOCK ) {
+ BIO_set_retry_write( b );
+ }
+ }
+
+ return ret;
+}
+
+static long
+sb_tls_bio_ctrl( BIO *b, int cmd, long num, void *ptr )
+{
+ if ( cmd == BIO_CTRL_FLUSH ) {
+ /* The OpenSSL library needs this */
+ return 1;
+ }
+ return 0;
+}
+
+static int
+sb_tls_bio_gets( BIO *b, char *buf, int len )
+{
+ return -1;
+}
+
+static int
+sb_tls_bio_puts( BIO *b, const char *str )
+{
+ return sb_tls_bio_write( b, str, strlen( str ) );
+}
+
+static BIO_METHOD sb_tls_bio_method =
+{
+ ( 100 | 0x400 ), /* it's a source/sink BIO */
+ "sockbuf glue",
+ sb_tls_bio_write,
+ sb_tls_bio_read,
+ sb_tls_bio_puts,
+ sb_tls_bio_gets,
+ sb_tls_bio_ctrl,
+ sb_tls_bio_create,
+ sb_tls_bio_destroy
+};
+
+/*
+ * Call this to do a TLS connect on a sockbuf. ctx_arg can be
+ * a SSL_CTX * or NULL, in which case the default ctx is used.
+ *
+ * Return value:
+ *
+ * 0 - Success. Connection is ready for communication.
+ * <0 - Error. Can't create a TLS stream.
+ * >0 - Partial success.
+ * Do a select (using information from lber_pvt_sb_needs_{read,write}
+ * and call again.
+ */
+
+static int
+ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
+{
+ Sockbuf *sb = conn->lconn_sb;
+ int err;
+ SSL *ssl;
+
+ if ( HAS_TLS( sb ) ) {
+ ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
+
+ } else {
+ struct ldapoptions *lo;
+ void *ctx;
+
+ lo = &ld->ld_options;
+ ctx = lo->ldo_tls_ctx;
+
+ ssl = alloc_handle( ctx, 0 );
+
+ if ( ssl == NULL ) return -1;
+
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" );
+#endif
+ ber_sockbuf_add_io( sb, &sb_tls_sbio,
+ LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
+
+ if( ctx == NULL ) {
+ ctx = tls_def_ctx;
+ lo->ldo_tls_ctx = ctx;
+ }
+ if ( lo->ldo_tls_connect_cb )
+ lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
+ lo = LDAP_INT_GLOBAL_OPT();
+ if ( lo && lo->ldo_tls_connect_cb )
+ lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
+ }
+
+ err = SSL_connect( ssl );
+
+#ifdef HAVE_WINSOCK
+ errno = WSAGetLastError();
+#endif
+
+ if ( err <= 0 ) {
+ if ( update_flags( sb, ssl, err )) {
+ return 1;
+ }
+
+ if ((err = ERR_peek_error())) {
+ char buf[256];
+
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ }
+ ld->ld_error = LDAP_STRDUP(ERR_error_string(err, buf));
+#ifdef HAVE_EBCDIC
+ if ( ld->ld_error ) __etoa(ld->ld_error);
+#endif
+ }
+
+ Debug( LDAP_DEBUG_ANY,"TLS: can't connect.\n",0,0,0);
+
+ ber_sockbuf_remove_io( sb, &sb_tls_sbio,
+ LBER_SBIOD_LEVEL_TRANSPORT );
+#ifdef LDAP_DEBUG
+ ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_TRANSPORT );
+#endif
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * Call this to do a TLS accept on a sockbuf.
+ * Everything else is the same as with tls_connect.
+ */
+int
+ldap_pvt_tls_accept( Sockbuf *sb, void *ctx_arg )
+{
+ int err;
+ SSL *ssl;
+
+ if ( HAS_TLS( sb ) ) {
+ ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
+
+ } else {
+ ssl = alloc_handle( ctx_arg, 1 );
+ if ( ssl == NULL ) return -1;
+
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" );
+#endif
+ ber_sockbuf_add_io( sb, &sb_tls_sbio,
+ LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
+ }
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &tls_connect_mutex );
+#endif
+ err = SSL_accept( ssl );
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &tls_connect_mutex );
+#endif
+
+#ifdef HAVE_WINSOCK
+ errno = WSAGetLastError();
+#endif
+ if ( err <= 0 ) {
+ if ( update_flags( sb, ssl, err )) return 1;
+
+ Debug( LDAP_DEBUG_ANY,"TLS: can't accept.\n",0,0,0 );
+
+ tls_report_error();
+ ber_sockbuf_remove_io( sb, &sb_tls_sbio,
+ LBER_SBIOD_LEVEL_TRANSPORT );
+#ifdef LDAP_DEBUG
+ ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_TRANSPORT );
+#endif
+ return -1;
+ }
+
+ return 0;
+}
+
+int
+ldap_pvt_tls_inplace ( Sockbuf *sb )
+{
+ return HAS_TLS( sb ) ? 1 : 0;
+}
+
+int
+ldap_tls_inplace( LDAP *ld )
+{
+ Sockbuf *sb = NULL;
+
+ if ( ld->ld_defconn && ld->ld_defconn->lconn_sb ) {
+ sb = ld->ld_defconn->lconn_sb;
+
+ } else if ( ld->ld_sb ) {
+ sb = ld->ld_sb;
+
+ } else {
+ return 0;
+ }
+
+ return ldap_pvt_tls_inplace( sb );
+}
+
+static X509 *
+tls_get_cert( SSL *s )
+{
+ /* If peer cert was bad, treat as if no cert was given */
+ if (SSL_get_verify_result(s)) {
+ /* If we can send an alert, do so */
+ if (SSL_version(s) != SSL2_VERSION) {
+ ssl3_send_alert(s,SSL3_AL_WARNING,SSL3_AD_BAD_CERTIFICATE);
+ }
+ return NULL;
+ }
+ return SSL_get_peer_certificate(s);
+}
+
+int
+ldap_pvt_tls_get_peer_dn( void *s, struct berval *dn,
+ LDAPDN_rewrite_dummy *func, unsigned flags )
+{
+ X509 *x;
+ X509_NAME *xn;
+ int rc;
+
+ x = tls_get_cert((SSL *)s);
+
+ if (!x) return LDAP_INVALID_CREDENTIALS;
+
+ xn = X509_get_subject_name(x);
+ rc = ldap_X509dn2bv(xn, dn, (LDAPDN_rewrite_func *)func, flags);
+ X509_free(x);
+ return rc;
+}
+
+char *
+ldap_pvt_tls_get_peer_hostname( void *s )
+{
+ X509 *x;
+ X509_NAME *xn;
+ char buf[2048], *p;
+ int ret;
+
+ x = tls_get_cert((SSL *)s);
+ if (!x) return NULL;
+
+ xn = X509_get_subject_name(x);
+
+ ret = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf));
+ if( ret == -1 ) {
+ X509_free(x);
+ return NULL;
+ }
+
+ p = LDAP_STRDUP(buf);
+ X509_free(x);
+ return p;
+}
+
+/* what kind of hostname were we given? */
+#define IS_DNS 0
+#define IS_IP4 1
+#define IS_IP6 2
+
+int
+ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in )
+{
+ int i, ret = LDAP_LOCAL_ERROR;
+ X509 *x;
+ const char *name;
+ char *ptr;
+ int ntype = IS_DNS;
+#ifdef LDAP_PF_INET6
+ struct in6_addr addr;
+#else
+ struct in_addr addr;
+#endif
+
+ if( ldap_int_hostname &&
+ ( !name_in || !strcasecmp( name_in, "localhost" ) ) )
+ {
+ name = ldap_int_hostname;
+ } else {
+ name = name_in;
+ }
+
+ x = tls_get_cert((SSL *)s);
+ if (!x) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: unable to get peer certificate.\n",
+ 0, 0, 0 );
+ /* If this was a fatal condition, things would have
+ * aborted long before now.
+ */
+ return LDAP_SUCCESS;
+ }
+
+#ifdef LDAP_PF_INET6
+ if (name[0] == '[' && strchr(name, ']')) {
+ char *n2 = ldap_strdup(name+1);
+ *strchr(n2, ']') = 2;
+ if (inet_pton(AF_INET6, n2, &addr))
+ ntype = IS_IP6;
+ LDAP_FREE(n2);
+ } else
+#endif
+ if ((ptr = strrchr(name, '.')) && isdigit((unsigned char)ptr[1])) {
+ if (inet_aton(name, (struct in_addr *)&addr)) ntype = IS_IP4;
+ }
+
+ i = X509_get_ext_by_NID(x, NID_subject_alt_name, -1);
+ if (i >= 0) {
+ X509_EXTENSION *ex;
+ STACK_OF(GENERAL_NAME) *alt;
+
+ ex = X509_get_ext(x, i);
+ alt = X509V3_EXT_d2i(ex);
+ if (alt) {
+ int n, len1 = 0, len2 = 0;
+ char *domain = NULL;
+ GENERAL_NAME *gn;
+
+ if (ntype == IS_DNS) {
+ len1 = strlen(name);
+ domain = strchr(name, '.');
+ if (domain) {
+ len2 = len1 - (domain-name);
+ }
+ }
+ n = sk_GENERAL_NAME_num(alt);
+ for (i=0; i<n; i++) {
+ char *sn;
+ int sl;
+ gn = sk_GENERAL_NAME_value(alt, i);
+ if (gn->type == GEN_DNS) {
+ if (ntype != IS_DNS) continue;
+
+ sn = (char *) ASN1_STRING_data(gn->d.ia5);
+ sl = ASN1_STRING_length(gn->d.ia5);
+
+ /* ignore empty */
+ if (sl == 0) continue;
+
+ /* Is this an exact match? */
+ if ((len1 == sl) && !strncasecmp(name, sn, len1)) {
+ break;
+ }
+
+ /* Is this a wildcard match? */
+ if (domain && (sn[0] == '*') && (sn[1] == '.') &&
+ (len2 == sl-1) && !strncasecmp(domain, &sn[1], len2))
+ {
+ break;
+ }
+
+ } else if (gn->type == GEN_IPADD) {
+ if (ntype == IS_DNS) continue;
+
+ sn = (char *) ASN1_STRING_data(gn->d.ia5);
+ sl = ASN1_STRING_length(gn->d.ia5);
+
+#ifdef LDAP_PF_INET6
+ if (ntype == IS_IP6 && sl != sizeof(struct in6_addr)) {
+ continue;
+ } else
+#endif
+ if (ntype == IS_IP4 && sl != sizeof(struct in_addr)) {
+ continue;
+ }
+ if (!memcmp(sn, &addr, sl)) {
+ break;
+ }
+ }
+ }
+
+ GENERAL_NAMES_free(alt);
+ if (i < n) { /* Found a match */
+ ret = LDAP_SUCCESS;
+ }
+ }
+ }
+
+ if (ret != LDAP_SUCCESS) {
+ X509_NAME *xn;
+ char buf[2048];
+ buf[0] = '\0';
+
+ xn = X509_get_subject_name(x);
+ if( X509_NAME_get_text_by_NID( xn, NID_commonName,
+ buf, sizeof(buf)) == -1)
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: unable to get common name from peer certificate.\n",
+ 0, 0, 0 );
+ ret = LDAP_CONNECT_ERROR;
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ }
+ ld->ld_error = LDAP_STRDUP(
+ _("TLS: unable to get CN from peer certificate"));
+
+ } else if (strcasecmp(name, buf) == 0 ) {
+ ret = LDAP_SUCCESS;
+
+ } else if (( buf[0] == '*' ) && ( buf[1] == '.' )) {
+ char *domain = strchr(name, '.');
+ if( domain ) {
+ size_t dlen = 0;
+ size_t sl;
+
+ sl = strlen(name);
+ dlen = sl - (domain-name);
+ sl = strlen(buf);
+
+ /* Is this a wildcard match? */
+ if ((dlen == sl-1) && !strncasecmp(domain, &buf[1], dlen)) {
+ ret = LDAP_SUCCESS;
+ }
+ }
+ }
+
+ if( ret == LDAP_LOCAL_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
+ "common name in certificate (%s).\n",
+ name, buf, 0 );
+ ret = LDAP_CONNECT_ERROR;
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ }
+ ld->ld_error = LDAP_STRDUP(
+ _("TLS: hostname does not match CN in peer certificate"));
+ }
+ }
+ X509_free(x);
+ return ret;
+}
+
+const char *
+ldap_pvt_tls_get_peer_issuer( void *s )
+{
+#if 0 /* currently unused; see ldap_pvt_tls_get_peer_dn() if needed */
+ X509 *x;
+ X509_NAME *xn;
+ char buf[2048], *p;
+
+ x = SSL_get_peer_certificate((SSL *)s);
+
+ if (!x) return NULL;
+
+ xn = X509_get_issuer_name(x);
+ p = LDAP_STRDUP(X509_NAME_oneline(xn, buf, sizeof(buf)));
+ X509_free(x);
+ return p;
+#else
+ return NULL;
+#endif
+}
+
+int
+ldap_int_tls_config( LDAP *ld, int option, const char *arg )
+{
+ int i;
+
+ switch( option ) {
+ case LDAP_OPT_X_TLS_CACERTFILE:
+ case LDAP_OPT_X_TLS_CACERTDIR:
+ case LDAP_OPT_X_TLS_CERTFILE:
+ case LDAP_OPT_X_TLS_KEYFILE:
+ case LDAP_OPT_X_TLS_RANDOM_FILE:
+ case LDAP_OPT_X_TLS_CIPHER_SUITE:
+ case LDAP_OPT_X_TLS_DHFILE:
+ return ldap_pvt_tls_set_option( ld, option, (void *) arg );
+
+ case LDAP_OPT_X_TLS_REQUIRE_CERT:
+ case LDAP_OPT_X_TLS:
+ i = -1;
+ if ( strcasecmp( arg, "never" ) == 0 ) {
+ i = LDAP_OPT_X_TLS_NEVER ;
+
+ } else if ( strcasecmp( arg, "demand" ) == 0 ) {
+ i = LDAP_OPT_X_TLS_DEMAND ;
+
+ } else if ( strcasecmp( arg, "allow" ) == 0 ) {
+ i = LDAP_OPT_X_TLS_ALLOW ;
+
+ } else if ( strcasecmp( arg, "try" ) == 0 ) {
+ i = LDAP_OPT_X_TLS_TRY ;
+
+ } else if ( ( strcasecmp( arg, "hard" ) == 0 ) ||
+ ( strcasecmp( arg, "on" ) == 0 ) ||
+ ( strcasecmp( arg, "yes" ) == 0) ||
+ ( strcasecmp( arg, "true" ) == 0 ) )
+ {
+ i = LDAP_OPT_X_TLS_HARD ;
+ }
+
+ if (i >= 0) {
+ return ldap_pvt_tls_set_option( ld, option, &i );
+ }
+ return -1;
+#ifdef HAVE_OPENSSL_CRL
+ case LDAP_OPT_X_TLS_CRLCHECK:
+ i = -1;
+ if ( strcasecmp( arg, "none" ) == 0 ) {
+ i = LDAP_OPT_X_TLS_CRL_NONE ;
+ } else if ( strcasecmp( arg, "peer" ) == 0 ) {
+ i = LDAP_OPT_X_TLS_CRL_PEER ;
+ } else if ( strcasecmp( arg, "all" ) == 0 ) {
+ i = LDAP_OPT_X_TLS_CRL_ALL ;
+ }
+ if (i >= 0) {
+ return ldap_pvt_tls_set_option( ld, option, &i );
+ }
+ return -1;
+#endif
+ }
+ return -1;
+}
+
+int
+ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
+{
+ struct ldapoptions *lo;
+
+ if( ld != NULL ) {
+ assert( LDAP_VALID( ld ) );
+
+ if( !LDAP_VALID( ld ) ) {
+ return LDAP_OPT_ERROR;
+ }
+
+ lo = &ld->ld_options;
+
+ } else {
+ /* Get pointer to global option structure */
+ lo = LDAP_INT_GLOBAL_OPT();
+ if ( lo == NULL ) {
+ return LDAP_NO_MEMORY;
+ }
+ }
+
+ switch( option ) {
+ case LDAP_OPT_X_TLS:
+ *(int *)arg = lo->ldo_tls_mode;
+ break;
+ case LDAP_OPT_X_TLS_CTX:
+ if ( ld == NULL ) {
+ *(void **)arg = (void *) tls_def_ctx;
+ } else {
+ *(void **)arg = lo->ldo_tls_ctx;
+ }
+ break;
+ case LDAP_OPT_X_TLS_CACERTFILE:
+ *(char **)arg = tls_opt_cacertfile ?
+ LDAP_STRDUP( tls_opt_cacertfile ) : NULL;
+ break;
+ case LDAP_OPT_X_TLS_CACERTDIR:
+ *(char **)arg = tls_opt_cacertdir ?
+ LDAP_STRDUP( tls_opt_cacertdir ) : NULL;
+ break;
+ case LDAP_OPT_X_TLS_CERTFILE:
+ *(char **)arg = tls_opt_certfile ?
+ LDAP_STRDUP( tls_opt_certfile ) : NULL;
+ break;
+ case LDAP_OPT_X_TLS_KEYFILE:
+ *(char **)arg = tls_opt_keyfile ?
+ LDAP_STRDUP( tls_opt_keyfile ) : NULL;
+ break;
+ case LDAP_OPT_X_TLS_DHFILE:
+ *(char **)arg = tls_opt_dhfile ?
+ LDAP_STRDUP( tls_opt_dhfile ) : NULL;
+ break;
+ case LDAP_OPT_X_TLS_REQUIRE_CERT:
+ *(int *)arg = tls_opt_require_cert;
+ break;
+#ifdef HAVE_OPENSSL_CRL
+ case LDAP_OPT_X_TLS_CRLCHECK:
+ *(int *)arg = tls_opt_crlcheck;
+ break;
+#endif
+ case LDAP_OPT_X_TLS_CIPHER_SUITE:
+ *(char **)arg = tls_opt_ciphersuite ?
+ LDAP_STRDUP( tls_opt_ciphersuite ) : NULL;
+ break;
+ case LDAP_OPT_X_TLS_RANDOM_FILE:
+ *(char **)arg = tls_opt_randfile ?
+ LDAP_STRDUP( tls_opt_randfile ) : NULL;
+ break;
+ case LDAP_OPT_X_TLS_SSL_CTX: {
+ void *retval = 0;
+ if ( ld != NULL ) {
+ LDAPConn *conn = ld->ld_defconn;
+ if ( conn != NULL ) {
+ Sockbuf *sb = conn->lconn_sb;
+ retval = ldap_pvt_tls_sb_ctx( sb );
+ }
+ }
+ *(void **)arg = retval;
+ break;
+ }
+ case LDAP_OPT_X_TLS_CONNECT_CB:
+ *(LDAP_TLS_CONNECT_CB **)arg = lo->ldo_tls_connect_cb;
+ break;
+ case LDAP_OPT_X_TLS_CONNECT_ARG:
+ *(void **)arg = lo->ldo_tls_connect_arg;
+ break;
+ default:
+ return -1;
+ }
+ return 0;
+}
+
+int
+ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
+{
+ struct ldapoptions *lo;
+
+ if( ld != NULL ) {
+ assert( LDAP_VALID( ld ) );
+
+ if( !LDAP_VALID( ld ) ) {
+ return LDAP_OPT_ERROR;
+ }
+
+ lo = &ld->ld_options;
+
+ } else {
+ /* Get pointer to global option structure */
+ lo = LDAP_INT_GLOBAL_OPT();
+ if ( lo == NULL ) {
+ return LDAP_NO_MEMORY;
+ }
+ }
+
+ switch( option ) {
+ case LDAP_OPT_X_TLS:
+ switch( *(int *) arg ) {
+ case LDAP_OPT_X_TLS_NEVER:
+ case LDAP_OPT_X_TLS_DEMAND:
+ case LDAP_OPT_X_TLS_ALLOW:
+ case LDAP_OPT_X_TLS_TRY:
+ case LDAP_OPT_X_TLS_HARD:
+ if (lo != NULL) {
+ lo->ldo_tls_mode = *(int *)arg;
+ }
+
+ return 0;
+ }
+ return -1;
+
+ case LDAP_OPT_X_TLS_CTX:
+ if ( ld == NULL ) {
+ tls_def_ctx = (SSL_CTX *) arg;
+
+ } else {
+ lo->ldo_tls_ctx = arg;
+ }
+ return 0;
+ case LDAP_OPT_X_TLS_CONNECT_CB:
+ lo->ldo_tls_connect_cb = (LDAP_TLS_CONNECT_CB *)arg;
+ return 0;
+ case LDAP_OPT_X_TLS_CONNECT_ARG:
+ lo->ldo_tls_connect_arg = arg;
+ return 0;
+ }
+
+ if ( ld != NULL ) {
+ return -1;
+ }
+
+ switch( option ) {
+ case LDAP_OPT_X_TLS_CACERTFILE:
+ if ( tls_opt_cacertfile ) LDAP_FREE( tls_opt_cacertfile );
+ tls_opt_cacertfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
+ break;
+ case LDAP_OPT_X_TLS_CACERTDIR:
+ if ( tls_opt_cacertdir ) LDAP_FREE( tls_opt_cacertdir );
+ tls_opt_cacertdir = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
+ break;
+ case LDAP_OPT_X_TLS_CERTFILE:
+ if ( tls_opt_certfile ) LDAP_FREE( tls_opt_certfile );
+ tls_opt_certfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
+ break;
+ case LDAP_OPT_X_TLS_KEYFILE:
+ if ( tls_opt_keyfile ) LDAP_FREE( tls_opt_keyfile );
+ tls_opt_keyfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
+ break;
+ case LDAP_OPT_X_TLS_DHFILE:
+ if ( tls_opt_dhfile ) LDAP_FREE( tls_opt_dhfile );
+ tls_opt_dhfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
+ break;
+ case LDAP_OPT_X_TLS_REQUIRE_CERT:
+ switch( *(int *) arg ) {
+ case LDAP_OPT_X_TLS_NEVER:
+ case LDAP_OPT_X_TLS_DEMAND:
+ case LDAP_OPT_X_TLS_ALLOW:
+ case LDAP_OPT_X_TLS_TRY:
+ case LDAP_OPT_X_TLS_HARD:
+ tls_opt_require_cert = * (int *) arg;
+ return 0;
+ }
+ return -1;
+#ifdef HAVE_OPENSSL_CRL
+ case LDAP_OPT_X_TLS_CRLCHECK:
+ switch( *(int *) arg ) {
+ case LDAP_OPT_X_TLS_CRL_NONE:
+ case LDAP_OPT_X_TLS_CRL_PEER:
+ case LDAP_OPT_X_TLS_CRL_ALL:
+ tls_opt_crlcheck = * (int *) arg;
+ return 0;
+ }
+ return -1;
+#endif
+ case LDAP_OPT_X_TLS_CIPHER_SUITE:
+ if ( tls_opt_ciphersuite ) LDAP_FREE( tls_opt_ciphersuite );
+ tls_opt_ciphersuite = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
+ break;
+ case LDAP_OPT_X_TLS_RANDOM_FILE:
+ if (tls_opt_randfile ) LDAP_FREE (tls_opt_randfile );
+ tls_opt_randfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
+ break;
+ default:
+ return -1;
+ }
+ return 0;
+}
+
+int
+ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
+{
+ Sockbuf *sb = conn->lconn_sb;
+ char *host;
+ void *ssl;
+
+ if( srv ) {
+ host = srv->lud_host;
+ } else {
+ host = conn->lconn_server->lud_host;
+ }
+
+ /* avoid NULL host */
+ if( host == NULL ) {
+ host = "localhost";
+ }
+
+ (void) ldap_pvt_tls_init();
+
+ /*
+ * Fortunately, the lib uses blocking io...
+ */
+ if ( ldap_int_tls_connect( ld, conn ) < 0 ) {
+ ld->ld_errno = LDAP_CONNECT_ERROR;
+ return (ld->ld_errno);
+ }
+
+ ssl = ldap_pvt_tls_sb_ctx( sb );
+ assert( ssl != NULL );
+
+ /*
+ * compare host with name(s) in certificate
+ */
+ if (tls_opt_require_cert != LDAP_OPT_X_TLS_NEVER) {
+ ld->ld_errno = ldap_pvt_tls_check_hostname( ld, ssl, host );
+ if (ld->ld_errno != LDAP_SUCCESS) {
+ return ld->ld_errno;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/* Derived from openssl/apps/s_cb.c */
+static void
+tls_info_cb( const SSL *ssl, int where, int ret )
+{
+ int w;
+ char *op;
+ char *state = (char *) SSL_state_string_long( (SSL *)ssl );
+
+ w = where & ~SSL_ST_MASK;
+ if ( w & SSL_ST_CONNECT ) {
+ op = "SSL_connect";
+ } else if ( w & SSL_ST_ACCEPT ) {
+ op = "SSL_accept";
+ } else {
+ op = "undefined";
+ }
+
+#ifdef HAVE_EBCDIC
+ if ( state ) {
+ state = LDAP_STRDUP( state );
+ __etoa( state );
+ }
+#endif
+ if ( where & SSL_CB_LOOP ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS trace: %s:%s\n",
+ op, state, 0 );
+
+ } else if ( where & SSL_CB_ALERT ) {
+ char *atype = (char *) SSL_alert_type_string_long( ret );
+ char *adesc = (char *) SSL_alert_desc_string_long( ret );
+ op = ( where & SSL_CB_READ ) ? "read" : "write";
+#ifdef HAVE_EBCDIC
+ if ( atype ) {
+ atype = LDAP_STRDUP( atype );
+ __etoa( atype );
+ }
+ if ( adesc ) {
+ adesc = LDAP_STRDUP( adesc );
+ __etoa( adesc );
+ }
+#endif
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS trace: SSL3 alert %s:%s:%s\n",
+ op, atype, adesc );
+#ifdef HAVE_EBCDIC
+ if ( atype ) LDAP_FREE( atype );
+ if ( adesc ) LDAP_FREE( adesc );
+#endif
+ } else if ( where & SSL_CB_EXIT ) {
+ if ( ret == 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS trace: %s:failed in %s\n",
+ op, state, 0 );
+ } else if ( ret < 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS trace: %s:error in %s\n",
+ op, state, 0 );
+ }
+ }
+#ifdef HAVE_EBCDIC
+ if ( state ) LDAP_FREE( state );
+#endif
+}
+
+static int
+tls_verify_cb( int ok, X509_STORE_CTX *ctx )
+{
+ X509 *cert;
+ int errnum;
+ int errdepth;
+ X509_NAME *subject;
+ X509_NAME *issuer;
+ char *sname;
+ char *iname;
+ char *certerr = NULL;
+
+ cert = X509_STORE_CTX_get_current_cert( ctx );
+ errnum = X509_STORE_CTX_get_error( ctx );
+ errdepth = X509_STORE_CTX_get_error_depth( ctx );
+
+ /*
+ * X509_get_*_name return pointers to the internal copies of
+ * those things requested. So do not free them.
+ */
+ subject = X509_get_subject_name( cert );
+ issuer = X509_get_issuer_name( cert );
+ /* X509_NAME_oneline, if passed a NULL buf, allocate memomry */
+ sname = X509_NAME_oneline( subject, NULL, 0 );
+ iname = X509_NAME_oneline( issuer, NULL, 0 );
+ if ( !ok ) certerr = (char *)X509_verify_cert_error_string( errnum );
+#ifdef HAVE_EBCDIC
+ if ( sname ) __etoa( sname );
+ if ( iname ) __etoa( iname );
+ if ( certerr ) {
+ certerr = LDAP_STRDUP( certerr );
+ __etoa( certerr );
+ }
+#endif
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS certificate verification: depth: %d, err: %d, subject: %s,",
+ errdepth, errnum,
+ sname ? sname : "-unknown-" );
+ Debug( LDAP_DEBUG_TRACE, " issuer: %s\n", iname ? iname : "-unknown-", 0, 0 );
+ if ( !ok ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS certificate verification: Error, %s\n",
+ certerr, 0, 0 );
+ }
+ if ( sname )
+ CRYPTO_free ( sname );
+ if ( iname )
+ CRYPTO_free ( iname );
+#ifdef HAVE_EBCDIC
+ if ( certerr ) LDAP_FREE( certerr );
+#endif
+ return ok;
+}
+
+static int
+tls_verify_ok( int ok, X509_STORE_CTX *ctx )
+{
+ (void) tls_verify_cb( ok, ctx );
+ return 1;
+}
+
+/* Inspired by ERR_print_errors in OpenSSL */
+static void
+tls_report_error( void )
+{
+ unsigned long l;
+ char buf[200];
+ const char *file;
+ int line;
+
+ while ( ( l = ERR_get_error_line( &file, &line ) ) != 0 ) {
+ ERR_error_string_n( l, buf, sizeof( buf ) );
+#ifdef HAVE_EBCDIC
+ if ( file ) {
+ file = LDAP_STRDUP( file );
+ __etoa( (char *)file );
+ }
+ __etoa( buf );
+#endif
+ Debug( LDAP_DEBUG_ANY, "TLS: %s %s:%d\n",
+ buf, file, line );
+#ifdef HAVE_EBCDIC
+ if ( file ) LDAP_FREE( (void *)file );
+#endif
+ }
+}
+
+static RSA *
+tls_tmp_rsa_cb( SSL *ssl, int is_export, int key_length )
+{
+ RSA *tmp_rsa;
+
+ /* FIXME: Pregenerate the key on startup */
+ /* FIXME: Who frees the key? */
+ tmp_rsa = RSA_generate_key( key_length, RSA_F4, NULL, NULL );
+
+ if ( !tmp_rsa ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: Failed to generate temporary %d-bit %s RSA key\n",
+ key_length, is_export ? "export" : "domestic", 0 );
+ return NULL;
+ }
+ return tmp_rsa;
+}
+
+static int
+tls_seed_PRNG( const char *randfile )
+{
+#ifndef URANDOM_DEVICE
+ /* no /dev/urandom (or equiv) */
+ long total=0;
+ char buffer[MAXPATHLEN];
+
+ if (randfile == NULL) {
+ /* The seed file is $RANDFILE if defined, otherwise $HOME/.rnd.
+ * If $HOME is not set or buffer too small to hold the pathname,
+ * an error occurs. - From RAND_file_name() man page.
+ * The fact is that when $HOME is NULL, .rnd is used.
+ */
+ randfile = RAND_file_name( buffer, sizeof( buffer ) );
+
+ } else if (RAND_egd(randfile) > 0) {
+ /* EGD socket */
+ return 0;
+ }
+
+ if (randfile == NULL) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: Use configuration file or $RANDFILE to define seed PRNG\n",
+ 0, 0, 0);
+ return -1;
+ }
+
+ total = RAND_load_file(randfile, -1);
+
+ if (RAND_status() == 0) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: PRNG not been seeded with enough data\n",
+ 0, 0, 0);
+ return -1;
+ }
+
+ /* assume if there was enough bits to seed that it's okay
+ * to write derived bits to the file
+ */
+ RAND_write_file(randfile);
+
+#endif
+
+ return 0;
+}
+
+struct dhinfo {
+ int keylength;
+ const char *pem;
+ size_t size;
+};
+
+
+/* From the OpenSSL 0.9.7 distro */
+static const char dhpem512[] =
+"-----BEGIN DH PARAMETERS-----\n\
+MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn\n\
+a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC\n\
+-----END DH PARAMETERS-----\n";
+
+static const char dhpem1024[] =
+"-----BEGIN DH PARAMETERS-----\n\
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq\n\
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx\n\
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC\n\
+-----END DH PARAMETERS-----\n";
+
+static const char dhpem2048[] =
+"-----BEGIN DH PARAMETERS-----\n\
+MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o\n\
+AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh\n\
+z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo\n\
+pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW\n\
+aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA\n\
+Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg==\n\
+-----END DH PARAMETERS-----\n";
+
+static const char dhpem4096[] =
+"-----BEGIN DH PARAMETERS-----\n\
+MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7\n\
+vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H\n\
+TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF\n\
+bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1\n\
+rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE\n\
+EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9\n\
+bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3\n\
+W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH\n\
+ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb\n\
+NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR\n\
+jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=\n\
+-----END DH PARAMETERS-----\n";
+
+static const struct dhinfo dhpem[] = {
+ { 512, dhpem512, sizeof(dhpem512) },
+ { 1024, dhpem1024, sizeof(dhpem1024) },
+ { 2048, dhpem2048, sizeof(dhpem2048) },
+ { 4096, dhpem4096, sizeof(dhpem4096) },
+ { 0, NULL, 0 }
+};
+
+static DH *
+tls_tmp_dh_cb( SSL *ssl, int is_export, int key_length )
+{
+ struct dhplist *p = NULL;
+ BIO *b = NULL;
+ DH *dh = NULL;
+ int i;
+
+ /* Do we have params of this length already? */
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &tls_def_ctx_mutex );
+#endif
+ for ( p = dhparams; p; p=p->next ) {
+ if ( p->keylength == key_length ) {
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
+#endif
+ return p->param;
+ }
+ }
+
+ /* No - check for hardcoded params */
+
+ for (i=0; dhpem[i].keylength; i++) {
+ if ( dhpem[i].keylength == key_length ) {
+ b = BIO_new_mem_buf( (char *)dhpem[i].pem, dhpem[i].size );
+ break;
+ }
+ }
+
+ if ( b ) {
+ dh = PEM_read_bio_DHparams( b, NULL, NULL, NULL );
+ BIO_free( b );
+ }
+
+ /* Generating on the fly is expensive/slow... */
+ if ( !dh ) {
+ dh = DH_generate_parameters( key_length, DH_GENERATOR_2, NULL, NULL );
+ }
+ if ( dh ) {
+ p = LDAP_MALLOC( sizeof(struct dhplist) );
+ if ( p != NULL ) {
+ p->keylength = key_length;
+ p->param = dh;
+ p->next = dhparams;
+ dhparams = p;
+ }
+ }
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
+#endif
+ return dh;
+}
+#endif
+
+void *
+ldap_pvt_tls_sb_ctx( Sockbuf *sb )
+{
+#ifdef HAVE_TLS
+ void *p;
+
+ if (HAS_TLS( sb )) {
+ ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&p );
+ return p;
+ }
+#endif
+
+ return NULL;
+}
+
+int
+ldap_pvt_tls_get_strength( void *s )
+{
+#ifdef HAVE_TLS
+ SSL_CIPHER *c;
+
+ c = SSL_get_current_cipher((SSL *)s);
+ return SSL_CIPHER_get_bits(c, NULL);
+#else
+ return 0;
+#endif
+}
+
+
+int
+ldap_pvt_tls_get_my_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func, unsigned flags )
+{
+#ifdef HAVE_TLS
+ X509 *x;
+ X509_NAME *xn;
+ int rc;
+
+ x = SSL_get_certificate((SSL *)s);
+
+ if (!x) return LDAP_INVALID_CREDENTIALS;
+
+ xn = X509_get_subject_name(x);
+ rc = ldap_X509dn2bv(xn, dn, (LDAPDN_rewrite_func *)func, flags );
+ return rc;
+#else
+ return LDAP_NOT_SUPPORTED;
+#endif
+}
+
+int
+ldap_start_tls( LDAP *ld,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp )
+{
+ return ldap_extended_operation( ld, LDAP_EXOP_START_TLS,
+ NULL, serverctrls, clientctrls, msgidp );
+}
+
+int
+ldap_install_tls( LDAP *ld )
+{
+#ifndef HAVE_TLS
+ return LDAP_NOT_SUPPORTED;
+#else
+ if ( ldap_tls_inplace( ld ) ) {
+ return LDAP_LOCAL_ERROR;
+ }
+
+ return ldap_int_tls_start( ld, ld->ld_defconn, NULL );
+#endif
+}
+
+int
+ldap_start_tls_s ( LDAP *ld,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls )
+{
+#ifndef HAVE_TLS
+ return LDAP_NOT_SUPPORTED;
+#else
+ int rc;
+ char *rspoid = NULL;
+ struct berval *rspdata = NULL;
+
+ /* XXYYZ: this initiates operation only on default connection! */
+
+ if ( ldap_tls_inplace( ld ) ) {
+ return LDAP_LOCAL_ERROR;
+ }
+
+ rc = ldap_extended_operation_s( ld, LDAP_EXOP_START_TLS,
+ NULL, serverctrls, clientctrls, &rspoid, &rspdata );
+
+ if ( rspoid != NULL ) {
+ LDAP_FREE(rspoid);
+ }
+
+ if ( rspdata != NULL ) {
+ ber_bvfree( rspdata );
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ rc = ldap_int_tls_start( ld, ld->ld_defconn, NULL );
+ }
+
+ return rc;
+#endif
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/turn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/turn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/turn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,96 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/turn.c,v 1.1.2.4 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This program was orignally developed by Kurt D. Zeilenga for inclusion in
+ * OpenLDAP Software.
+ */
+
+/*
+ * LDAPv3 Turn Operation Request
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+#include "ldap_log.h"
+
+int
+ldap_turn(
+ LDAP *ld,
+ int mutual,
+ LDAP_CONST char* identifier,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+#ifdef LDAP_EXOP_X_TURN
+ BerElement *turnvalber = NULL;
+ struct berval *turnvalp = NULL;
+ int rc;
+
+ turnvalber = ber_alloc_t( LBER_USE_DER );
+ if( mutual ) {
+ ber_printf( turnvalber, "{bs}", mutual, identifier );
+ } else {
+ ber_printf( turnvalber, "{s}", identifier );
+ }
+ ber_flatten( turnvalber, &turnvalp );
+
+ rc = ldap_extended_operation( ld, LDAP_EXOP_X_TURN,
+ turnvalp, sctrls, cctrls, msgidp );
+ ber_free( turnvalber, 1 );
+ return rc;
+#else
+ return LDAP_CONTROL_NOT_FOUND;
+#endif
+}
+
+int
+ldap_turn_s(
+ LDAP *ld,
+ int mutual,
+ LDAP_CONST char* identifier,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+#ifdef LDAP_EXOP_X_TURN
+ BerElement *turnvalber = NULL;
+ struct berval *turnvalp = NULL;
+ int rc;
+
+ turnvalber = ber_alloc_t( LBER_USE_DER );
+ if( mutual ) {
+ ber_printf( turnvalber, "{bs}", 0xFF, identifier );
+ } else {
+ ber_printf( turnvalber, "{s}", identifier );
+ }
+ ber_flatten( turnvalber, &turnvalp );
+
+ rc = ldap_extended_operation_s( ld, LDAP_EXOP_X_TURN,
+ turnvalp, sctrls, cctrls, NULL, NULL );
+ ber_free( turnvalber, 1 );
+ return rc;
+#else
+ return LDAP_CONTROL_NOT_FOUND;
+#endif
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/txn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/txn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/txn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,52 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/txn.c,v 1.2.2.3 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This program was orignally developed by Kurt D. Zeilenga for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <ac/stdlib.h>
+
+#include <ac/time.h>
+#include <ac/string.h>
+
+#include "ldap-int.h"
+
+#ifdef LDAP_GROUP_TRANSACTION
+
+int
+ldap_txn_create_s(
+ LDAP *ld,
+ struct berval **cookie,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+ return LDAP_NOT_SUPPORTED;
+}
+
+int
+ldap_txn_end_s(
+ LDAP *ld,
+ struct berval *cookie,
+ int commit,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+ return LDAP_NOT_SUPPORTED;
+}
+
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/unbind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/unbind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/unbind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,266 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/unbind.c,v 1.48.2.8 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/* Portions Copyright (C) The Internet Society (1997)
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+/* An Unbind Request looks like this:
+ *
+ * UnbindRequest ::= NULL
+ *
+ * and has no response.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+int
+ldap_unbind_ext(
+ LDAP *ld,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+ int rc;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+
+ /* check client controls */
+ rc = ldap_int_client_controls( ld, cctrls );
+ if( rc != LDAP_SUCCESS ) return rc;
+
+ return ldap_ld_free( ld, 1, sctrls, cctrls );
+}
+
+int
+ldap_unbind_ext_s(
+ LDAP *ld,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+ return ldap_unbind_ext( ld, sctrls, cctrls );
+}
+
+int
+ldap_unbind( LDAP *ld )
+{
+ Debug( LDAP_DEBUG_TRACE, "ldap_unbind\n", 0, 0, 0 );
+
+ return( ldap_unbind_ext( ld, NULL, NULL ) );
+}
+
+
+int
+ldap_ld_free(
+ LDAP *ld,
+ int close,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+ LDAPMessage *lm, *next;
+ int err = LDAP_SUCCESS;
+
+ /* free LDAP structure and outstanding requests/responses */
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ while ( ld->ld_requests != NULL ) {
+ ldap_free_request( ld, ld->ld_requests );
+ }
+
+ /* free and unbind from all open connections */
+ while ( ld->ld_conns != NULL ) {
+ ldap_free_connection( ld, ld->ld_conns, 1, close );
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
+#endif
+ for ( lm = ld->ld_responses; lm != NULL; lm = next ) {
+ next = lm->lm_next;
+ ldap_msgfree( lm );
+ }
+
+ if ( ld->ld_abandoned != NULL ) {
+ LDAP_FREE( ld->ld_abandoned );
+ ld->ld_abandoned = NULL;
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
+#endif
+
+ if ( ld->ld_error != NULL ) {
+ LDAP_FREE( ld->ld_error );
+ ld->ld_error = NULL;
+ }
+
+ if ( ld->ld_matched != NULL ) {
+ LDAP_FREE( ld->ld_matched );
+ ld->ld_matched = NULL;
+ }
+
+ if( ld->ld_referrals != NULL) {
+ LDAP_VFREE(ld->ld_referrals);
+ ld->ld_referrals = NULL;
+ }
+
+ if ( ld->ld_selectinfo != NULL ) {
+ ldap_free_select_info( ld->ld_selectinfo );
+ ld->ld_selectinfo = NULL;
+ }
+
+ if ( ld->ld_options.ldo_defludp != NULL ) {
+ ldap_free_urllist( ld->ld_options.ldo_defludp );
+ ld->ld_options.ldo_defludp = NULL;
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ if ( ld->ld_options.ldo_peer != NULL ) {
+ LDAP_FREE( ld->ld_options.ldo_peer );
+ ld->ld_options.ldo_peer = NULL;
+ }
+#endif
+
+ if ( ld->ld_options.ldo_tm_api != NULL ) {
+ LDAP_FREE( ld->ld_options.ldo_tm_api );
+ ld->ld_options.ldo_tm_api = NULL;
+ }
+
+ if ( ld->ld_options.ldo_tm_net != NULL ) {
+ LDAP_FREE( ld->ld_options.ldo_tm_net );
+ ld->ld_options.ldo_tm_net = NULL;
+ }
+
+#ifdef HAVE_CYRUS_SASL
+ if ( ld->ld_options.ldo_def_sasl_mech != NULL ) {
+ LDAP_FREE( ld->ld_options.ldo_def_sasl_mech );
+ ld->ld_options.ldo_def_sasl_mech = NULL;
+ }
+
+ if ( ld->ld_options.ldo_def_sasl_realm != NULL ) {
+ LDAP_FREE( ld->ld_options.ldo_def_sasl_realm );
+ ld->ld_options.ldo_def_sasl_realm = NULL;
+ }
+
+ if ( ld->ld_options.ldo_def_sasl_authcid != NULL ) {
+ LDAP_FREE( ld->ld_options.ldo_def_sasl_authcid );
+ ld->ld_options.ldo_def_sasl_authcid = NULL;
+ }
+
+ if ( ld->ld_options.ldo_def_sasl_authzid != NULL ) {
+ LDAP_FREE( ld->ld_options.ldo_def_sasl_authzid );
+ ld->ld_options.ldo_def_sasl_authzid = NULL;
+ }
+#endif
+
+ if ( ld->ld_options.ldo_sctrls != NULL ) {
+ ldap_controls_free( ld->ld_options.ldo_sctrls );
+ ld->ld_options.ldo_sctrls = NULL;
+ }
+
+ if ( ld->ld_options.ldo_cctrls != NULL ) {
+ ldap_controls_free( ld->ld_options.ldo_cctrls );
+ ld->ld_options.ldo_cctrls = NULL;
+ }
+
+ ber_sockbuf_free( ld->ld_sb );
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_destroy( &ld->ld_req_mutex );
+ ldap_pvt_thread_mutex_destroy( &ld->ld_res_mutex );
+ ldap_pvt_thread_mutex_destroy( &ld->ld_conn_mutex );
+#endif
+#ifndef NDEBUG
+ LDAP_TRASH(ld);
+#endif
+ LDAP_FREE( (char *) ld );
+
+ return( err );
+}
+
+int
+ldap_unbind_s( LDAP *ld )
+{
+ return( ldap_unbind_ext( ld, NULL, NULL ) );
+}
+
+/* FIXME: this function is called only by ldap_free_connection(),
+ * which, most of the times, is called with ld_req_mutex locked */
+int
+ldap_send_unbind(
+ LDAP *ld,
+ Sockbuf *sb,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+ BerElement *ber;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_send_unbind\n", 0, 0, 0 );
+
+#ifdef LDAP_CONNECTIONLESS
+ if (LDAP_IS_UDP(ld))
+ return LDAP_SUCCESS;
+#endif
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ return( ld->ld_errno );
+ }
+
+ id = ++(ld)->ld_msgid;
+
+ /* fill it in */
+ if ( ber_printf( ber, "{itn" /*}*/, id,
+ LDAP_REQ_UNBIND ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( ld->ld_errno );
+ }
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ if ( ber_printf( ber, /*{*/ "N}", LDAP_REQ_UNBIND ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return( ld->ld_errno );
+ }
+
+ ld->ld_errno = LDAP_SUCCESS;
+ /* send the message */
+ if ( ber_flush( sb, ber, 1 ) == -1 ) {
+ ld->ld_errno = LDAP_SERVER_DOWN;
+ ber_free( ber, 1 );
+ }
+
+ return( ld->ld_errno );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/url.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/url.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/url.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1571 @@
+/* LIBLDAP url.c -- LDAP URL (RFC 2255) related routines */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/url.c,v 1.84.2.8 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+
+
+/*
+ * LDAP URLs look like this:
+ * ldap[is]://host:port[/[dn[?[attributes][?[scope][?[filter][?exts]]]]]]
+ *
+ * where:
+ * attributes is a comma separated list
+ * scope is one of these three strings: base one sub (default=base)
+ * filter is an string-represented filter as in RFC 2254
+ *
+ * e.g., ldap://host:port/dc=com?o,cn?base?(o=openldap)?extension
+ *
+ * We also tolerate URLs that look like: <ldapurl> and <URL:ldapurl>
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/ctype.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+/* local functions */
+static const char* skip_url_prefix LDAP_P((
+ const char *url,
+ int *enclosedp,
+ const char **scheme ));
+
+int ldap_pvt_url_scheme2proto( const char *scheme )
+{
+ assert( scheme != NULL );
+
+ if( scheme == NULL ) {
+ return -1;
+ }
+
+ if( strcmp("ldap", scheme) == 0 ) {
+ return LDAP_PROTO_TCP;
+ }
+
+ if( strcmp("ldapi", scheme) == 0 ) {
+ return LDAP_PROTO_IPC;
+ }
+
+ if( strcmp("ldaps", scheme) == 0 ) {
+ return LDAP_PROTO_TCP;
+ }
+#ifdef LDAP_CONNECTIONLESS
+ if( strcmp("cldap", scheme) == 0 ) {
+ return LDAP_PROTO_UDP;
+ }
+#endif
+
+ return -1;
+}
+
+int ldap_pvt_url_scheme_port( const char *scheme, int port )
+{
+ assert( scheme != NULL );
+
+ if( port ) return port;
+ if( scheme == NULL ) return port;
+
+ if( strcmp("ldap", scheme) == 0 ) {
+ return LDAP_PORT;
+ }
+
+ if( strcmp("ldapi", scheme) == 0 ) {
+ return -1;
+ }
+
+ if( strcmp("ldaps", scheme) == 0 ) {
+ return LDAPS_PORT;
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ if( strcmp("cldap", scheme) == 0 ) {
+ return LDAP_PORT;
+ }
+#endif
+
+ return -1;
+}
+
+int
+ldap_pvt_url_scheme2tls( const char *scheme )
+{
+ assert( scheme != NULL );
+
+ if( scheme == NULL ) {
+ return -1;
+ }
+
+ return strcmp("ldaps", scheme) == 0;
+}
+
+int
+ldap_is_ldap_url( LDAP_CONST char *url )
+{
+ int enclosed;
+ const char * scheme;
+
+ if( url == NULL ) {
+ return 0;
+ }
+
+ if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) {
+ return 0;
+ }
+
+ return 1;
+}
+
+int
+ldap_is_ldaps_url( LDAP_CONST char *url )
+{
+ int enclosed;
+ const char * scheme;
+
+ if( url == NULL ) {
+ return 0;
+ }
+
+ if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) {
+ return 0;
+ }
+
+ return strcmp(scheme, "ldaps") == 0;
+}
+
+int
+ldap_is_ldapi_url( LDAP_CONST char *url )
+{
+ int enclosed;
+ const char * scheme;
+
+ if( url == NULL ) {
+ return 0;
+ }
+
+ if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) {
+ return 0;
+ }
+
+ return strcmp(scheme, "ldapi") == 0;
+}
+
+#ifdef LDAP_CONNECTIONLESS
+int
+ldap_is_ldapc_url( LDAP_CONST char *url )
+{
+ int enclosed;
+ const char * scheme;
+
+ if( url == NULL ) {
+ return 0;
+ }
+
+ if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) {
+ return 0;
+ }
+
+ return strcmp(scheme, "cldap") == 0;
+}
+#endif
+
+static const char*
+skip_url_prefix(
+ const char *url,
+ int *enclosedp,
+ const char **scheme )
+{
+ /*
+ * return non-zero if this looks like a LDAP URL; zero if not
+ * if non-zero returned, *urlp will be moved past "ldap://" part of URL
+ */
+ const char *p;
+
+ if ( url == NULL ) {
+ return( NULL );
+ }
+
+ p = url;
+
+ /* skip leading '<' (if any) */
+ if ( *p == '<' ) {
+ *enclosedp = 1;
+ ++p;
+ } else {
+ *enclosedp = 0;
+ }
+
+ /* skip leading "URL:" (if any) */
+ if ( strncasecmp( p, LDAP_URL_URLCOLON, LDAP_URL_URLCOLON_LEN ) == 0 ) {
+ p += LDAP_URL_URLCOLON_LEN;
+ }
+
+ /* check for "ldap://" prefix */
+ if ( strncasecmp( p, LDAP_URL_PREFIX, LDAP_URL_PREFIX_LEN ) == 0 ) {
+ /* skip over "ldap://" prefix and return success */
+ p += LDAP_URL_PREFIX_LEN;
+ *scheme = "ldap";
+ return( p );
+ }
+
+ /* check for "ldaps://" prefix */
+ if ( strncasecmp( p, LDAPS_URL_PREFIX, LDAPS_URL_PREFIX_LEN ) == 0 ) {
+ /* skip over "ldaps://" prefix and return success */
+ p += LDAPS_URL_PREFIX_LEN;
+ *scheme = "ldaps";
+ return( p );
+ }
+
+ /* check for "ldapi://" prefix */
+ if ( strncasecmp( p, LDAPI_URL_PREFIX, LDAPI_URL_PREFIX_LEN ) == 0 ) {
+ /* skip over "ldapi://" prefix and return success */
+ p += LDAPI_URL_PREFIX_LEN;
+ *scheme = "ldapi";
+ return( p );
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ /* check for "cldap://" prefix */
+ if ( strncasecmp( p, LDAPC_URL_PREFIX, LDAPC_URL_PREFIX_LEN ) == 0 ) {
+ /* skip over "cldap://" prefix and return success */
+ p += LDAPC_URL_PREFIX_LEN;
+ *scheme = "cldap";
+ return( p );
+ }
+#endif
+
+ return( NULL );
+}
+
+
+static int str2scope( const char *p )
+{
+ if ( strcasecmp( p, "one" ) == 0 ) {
+ return LDAP_SCOPE_ONELEVEL;
+
+ } else if ( strcasecmp( p, "onelevel" ) == 0 ) {
+ return LDAP_SCOPE_ONELEVEL;
+
+ } else if ( strcasecmp( p, "base" ) == 0 ) {
+ return LDAP_SCOPE_BASE;
+
+ } else if ( strcasecmp( p, "sub" ) == 0 ) {
+ return LDAP_SCOPE_SUBTREE;
+
+ } else if ( strcasecmp( p, "subtree" ) == 0 ) {
+ return LDAP_SCOPE_SUBTREE;
+
+#ifdef LDAP_SCOPE_SUBORDINATE
+ } else if ( strcasecmp( p, "subordinate" ) == 0 ) {
+ return LDAP_SCOPE_SUBORDINATE;
+
+ } else if ( strcasecmp( p, "children" ) == 0 ) {
+ return LDAP_SCOPE_SUBORDINATE;
+#endif
+ }
+
+ return( -1 );
+}
+
+static const char hex[] = "0123456789ABCDEF";
+
+#define URLESC_NONE 0x0000U
+#define URLESC_COMMA 0x0001U
+#define URLESC_SLASH 0x0002U
+
+static int
+hex_escape_len( const char *s, unsigned list )
+{
+ int len;
+
+ if ( s == NULL ) {
+ return 0;
+ }
+
+ for ( len = 0; s[0]; s++ ) {
+ switch ( s[0] ) {
+ /* RFC 2396: reserved */
+ case '?':
+ len += 3;
+ break;
+
+ case ',':
+ if ( list & URLESC_COMMA ) {
+ len += 3;
+ } else {
+ len++;
+ }
+ break;
+
+ case '/':
+ if ( list & URLESC_SLASH ) {
+ len += 3;
+ } else {
+ len++;
+ }
+ break;
+
+ case ';':
+ case ':':
+ case '@':
+ case '&':
+ case '=':
+ case '+':
+ case '$':
+
+ /* RFC 2396: unreserved mark */
+ case '-':
+ case '_':
+ case '.':
+ case '!':
+ case '~':
+ case '*':
+ case '\'':
+ case '(':
+ case ')':
+ len++;
+ break;
+
+ /* RFC 2396: unreserved alphanum */
+ default:
+ if ( !isalnum( (unsigned char) s[0] ) ) {
+ len += 3;
+ } else {
+ len++;
+ }
+ break;
+ }
+ }
+
+ return len;
+}
+
+static int
+hex_escape( char *buf, int len, const char *s, unsigned list )
+{
+ int i;
+ int pos;
+
+ if ( s == NULL ) {
+ return 0;
+ }
+
+ for ( pos = 0, i = 0; s[i] && pos < len; i++ ) {
+ int escape = 0;
+
+ switch ( s[i] ) {
+ /* RFC 2396: reserved */
+ case '?':
+ escape = 1;
+ break;
+
+ case ',':
+ if ( list & URLESC_COMMA ) {
+ escape = 1;
+ }
+ break;
+
+ case '/':
+ if ( list & URLESC_SLASH ) {
+ escape = 1;
+ }
+ break;
+
+ case ';':
+ case ':':
+ case '@':
+ case '&':
+ case '=':
+ case '+':
+ case '$':
+
+ /* RFC 2396: unreserved mark */
+ case '-':
+ case '_':
+ case '.':
+ case '!':
+ case '~':
+ case '*':
+ case '\'':
+ case '(':
+ case ')':
+ break;
+
+ /* RFC 2396: unreserved alphanum */
+ default:
+ if ( !isalnum( (unsigned char) s[i] ) ) {
+ escape = 1;
+ }
+ break;
+ }
+
+ if ( escape ) {
+ buf[pos++] = '%';
+ buf[pos++] = hex[ (s[i] >> 4) & 0x0f ];
+ buf[pos++] = hex[ s[i] & 0x0f ];
+
+ } else {
+ buf[pos++] = s[i];
+ }
+ }
+
+ buf[pos] = '\0';
+
+ return pos;
+}
+
+static int
+hex_escape_len_list( char **s, unsigned flags )
+{
+ int len;
+ int i;
+
+ if ( s == NULL ) {
+ return 0;
+ }
+
+ len = 0;
+ for ( i = 0; s[i] != NULL; i++ ) {
+ if ( len ) {
+ len++;
+ }
+ len += hex_escape_len( s[i], flags );
+ }
+
+ return len;
+}
+
+static int
+hex_escape_list( char *buf, int len, char **s, unsigned flags )
+{
+ int pos;
+ int i;
+
+ if ( s == NULL ) {
+ return 0;
+ }
+
+ pos = 0;
+ for ( i = 0; s[i] != NULL; i++ ) {
+ int curlen;
+
+ if ( pos ) {
+ buf[pos++] = ',';
+ len--;
+ }
+ curlen = hex_escape( &buf[pos], len, s[i], flags );
+ len -= curlen;
+ pos += curlen;
+ }
+
+ return pos;
+}
+
+static int
+desc2str_len( LDAPURLDesc *u )
+{
+ int sep = 0;
+ int len = 0;
+
+ if ( u == NULL ) {
+ return -1;
+ }
+
+ if ( u->lud_exts ) {
+ len += hex_escape_len_list( u->lud_exts, URLESC_COMMA );
+ if ( !sep ) {
+ sep = 5;
+ }
+ }
+
+ if ( u->lud_filter ) {
+ len += hex_escape_len( u->lud_filter, URLESC_NONE );
+ if ( !sep ) {
+ sep = 4;
+ }
+ }
+
+ switch ( u->lud_scope ) {
+ case LDAP_SCOPE_BASE:
+ case LDAP_SCOPE_ONELEVEL:
+ case LDAP_SCOPE_SUBTREE:
+#ifdef LDAP_SCOPE_SUBORDINATE
+ case LDAP_SCOPE_SUBORDINATE:
+#endif
+ switch ( u->lud_scope ) {
+ case LDAP_SCOPE_BASE:
+ len += STRLENOF( "base" );
+ break;
+
+ case LDAP_SCOPE_ONELEVEL:
+ len += STRLENOF( "one" );
+ break;
+
+ case LDAP_SCOPE_SUBTREE:
+ len += STRLENOF( "sub" );
+ break;
+
+#ifdef LDAP_SCOPE_SUBORDINATE
+ case LDAP_SCOPE_SUBORDINATE:
+ len += STRLENOF( "subordinate" );
+ break;
+
+#endif
+ }
+
+ if ( !sep ) {
+ sep = 3;
+ }
+ break;
+
+ default:
+ break;
+ }
+
+ if ( u->lud_attrs ) {
+ len += hex_escape_len_list( u->lud_attrs, URLESC_NONE );
+ if ( !sep ) {
+ sep = 2;
+ }
+ }
+
+ if ( u->lud_dn && u->lud_dn[0] ) {
+ len += hex_escape_len( u->lud_dn, URLESC_NONE );
+ if ( !sep ) {
+ sep = 1;
+ }
+ };
+
+ len += sep;
+
+ if ( u->lud_port ) {
+ char buf[] = ":65535";
+
+ len += snprintf( buf, sizeof( buf ), ":%d", u->lud_port );
+ if ( u->lud_host && u->lud_host[0] ) {
+ len += strlen( u->lud_host );
+ }
+
+ } else {
+ if ( u->lud_host && u->lud_host[0] ) {
+ len += hex_escape_len( u->lud_host, URLESC_SLASH );
+ }
+ }
+
+ len += strlen( u->lud_scheme ) + STRLENOF( "://" );
+
+ return len;
+}
+
+int
+desc2str( LDAPURLDesc *u, char *s, int len )
+{
+ int i;
+ int sep = 0;
+ int sofar = 0;
+ int gotscope = 0;
+
+ if ( u == NULL ) {
+ return -1;
+ }
+
+ if ( s == NULL ) {
+ return -1;
+ }
+
+ switch ( u->lud_scope ) {
+ case LDAP_SCOPE_BASE:
+ case LDAP_SCOPE_ONELEVEL:
+ case LDAP_SCOPE_SUBTREE:
+#ifdef LDAP_SCOPE_SUBORDINATE
+ case LDAP_SCOPE_SUBORDINATE:
+#endif
+ gotscope = 1;
+ break;
+ }
+
+ if ( u->lud_exts ) {
+ sep = 5;
+ } else if ( u->lud_filter ) {
+ sep = 4;
+ } else if ( gotscope ) {
+ sep = 3;
+ } else if ( u->lud_attrs ) {
+ sep = 2;
+ } else if ( u->lud_dn && u->lud_dn[0] ) {
+ sep = 1;
+ }
+
+ if ( u->lud_port ) {
+ len -= sprintf( s, "%s://%s:%d%n", u->lud_scheme,
+ u->lud_host ? u->lud_host : "",
+ u->lud_port, &sofar );
+
+ } else {
+ len -= sprintf( s, "%s://%n", u->lud_scheme, &sofar );
+ if ( u->lud_host && u->lud_host[0] ) {
+ i = hex_escape( &s[sofar], len, u->lud_host, URLESC_SLASH );
+ sofar += i;
+ len -= i;
+ }
+ }
+
+ assert( len >= 0 );
+
+ if ( sep < 1 ) {
+ goto done;
+ }
+
+ s[sofar++] = '/';
+ len--;
+
+ assert( len >= 0 );
+
+ if ( u->lud_dn && u->lud_dn[0] ) {
+ i = hex_escape( &s[sofar], len, u->lud_dn, URLESC_NONE );
+ sofar += i;
+ len -= i;
+
+ assert( len >= 0 );
+ }
+
+ if ( sep < 2 ) {
+ goto done;
+ }
+ s[sofar++] = '?';
+ len--;
+
+ assert( len >= 0 );
+
+ i = hex_escape_list( &s[sofar], len, u->lud_attrs, URLESC_NONE );
+ sofar += i;
+ len -= i;
+
+ assert( len >= 0 );
+
+ if ( sep < 3 ) {
+ goto done;
+ }
+ s[sofar++] = '?';
+ len--;
+
+ assert( len >= 0 );
+
+ switch ( u->lud_scope ) {
+ case LDAP_SCOPE_BASE:
+ strcpy( &s[sofar], "base" );
+ sofar += STRLENOF("base");
+ len -= STRLENOF("base");
+ break;
+
+ case LDAP_SCOPE_ONELEVEL:
+ strcpy( &s[sofar], "one" );
+ sofar += STRLENOF("one");
+ len -= STRLENOF("one");
+ break;
+
+ case LDAP_SCOPE_SUBTREE:
+ strcpy( &s[sofar], "sub" );
+ sofar += STRLENOF("sub");
+ len -= STRLENOF("sub");
+ break;
+
+#ifdef LDAP_SCOPE_SUBORDINATE
+ case LDAP_SCOPE_SUBORDINATE:
+ strcpy( &s[sofar], "children" );
+ sofar += STRLENOF("children");
+ len -= STRLENOF("children");
+ break;
+#endif
+ }
+
+ assert( len >= 0 );
+
+ if ( sep < 4 ) {
+ goto done;
+ }
+ s[sofar++] = '?';
+ len--;
+
+ assert( len >= 0 );
+
+ i = hex_escape( &s[sofar], len, u->lud_filter, URLESC_NONE );
+ sofar += i;
+ len -= i;
+
+ assert( len >= 0 );
+
+ if ( sep < 5 ) {
+ goto done;
+ }
+ s[sofar++] = '?';
+ len--;
+
+ assert( len >= 0 );
+
+ i = hex_escape_list( &s[sofar], len, u->lud_exts, URLESC_COMMA );
+ sofar += i;
+ len -= i;
+
+ assert( len >= 0 );
+
+done:
+ if ( len < 0 ) {
+ return -1;
+ }
+
+ return sofar;
+}
+
+char *
+ldap_url_desc2str( LDAPURLDesc *u )
+{
+ int len;
+ char *s;
+
+ if ( u == NULL ) {
+ return NULL;
+ }
+
+ len = desc2str_len( u );
+ if ( len < 0 ) {
+ return NULL;
+ }
+
+ /* allocate enough to hex escape everything -- overkill */
+ s = LDAP_MALLOC( len + 1 );
+
+ if ( s == NULL ) {
+ return NULL;
+ }
+
+ if ( desc2str( u, s, len ) != len ) {
+ LDAP_FREE( s );
+ return NULL;
+ }
+
+ s[len] = '\0';
+
+ return s;
+}
+
+int
+ldap_url_parse_ext( LDAP_CONST char *url_in, LDAPURLDesc **ludpp )
+{
+/*
+ * Pick apart the pieces of an LDAP URL.
+ */
+
+ LDAPURLDesc *ludp;
+ char *p, *q, *r;
+ int i, enclosed;
+ const char *scheme = NULL;
+ const char *url_tmp;
+ char *url;
+
+ if( url_in == NULL || ludpp == NULL ) {
+ return LDAP_URL_ERR_PARAM;
+ }
+
+#ifndef LDAP_INT_IN_KERNEL
+ /* Global options may not be created yet
+ * We can't test if the global options are initialized
+ * because a call to LDAP_INT_GLOBAL_OPT() will try to allocate
+ * the options and cause infinite recursion
+ */
+ Debug( LDAP_DEBUG_TRACE, "ldap_url_parse_ext(%s)\n", url_in, 0, 0 );
+#endif
+
+ *ludpp = NULL; /* pessimistic */
+
+ url_tmp = skip_url_prefix( url_in, &enclosed, &scheme );
+
+ if ( url_tmp == NULL ) {
+ return LDAP_URL_ERR_BADSCHEME;
+ }
+
+ assert( scheme != NULL );
+
+ /* make working copy of the remainder of the URL */
+ url = LDAP_STRDUP( url_tmp );
+ if ( url == NULL ) {
+ return LDAP_URL_ERR_MEM;
+ }
+
+ if ( enclosed ) {
+ p = &url[strlen(url)-1];
+
+ if( *p != '>' ) {
+ LDAP_FREE( url );
+ return LDAP_URL_ERR_BADENCLOSURE;
+ }
+
+ *p = '\0';
+ }
+
+ /* allocate return struct */
+ ludp = (LDAPURLDesc *)LDAP_CALLOC( 1, sizeof( LDAPURLDesc ));
+
+ if ( ludp == NULL ) {
+ LDAP_FREE( url );
+ return LDAP_URL_ERR_MEM;
+ }
+
+ ludp->lud_next = NULL;
+ ludp->lud_host = NULL;
+ ludp->lud_port = 0;
+ ludp->lud_dn = NULL;
+ ludp->lud_attrs = NULL;
+ ludp->lud_scope = LDAP_SCOPE_DEFAULT;
+ ludp->lud_filter = NULL;
+ ludp->lud_exts = NULL;
+
+ ludp->lud_scheme = LDAP_STRDUP( scheme );
+
+ if ( ludp->lud_scheme == NULL ) {
+ LDAP_FREE( url );
+ ldap_free_urldesc( ludp );
+ return LDAP_URL_ERR_MEM;
+ }
+
+ /* scan forward for '/' that marks end of hostport and begin. of dn */
+ p = strchr( url, '/' );
+
+ if( p != NULL ) {
+ /* terminate hostport; point to start of dn */
+ *p++ = '\0';
+ }
+
+ /* IPv6 syntax with [ip address]:port */
+ if ( *url == '[' ) {
+ r = strchr( url, ']' );
+ if ( r == NULL ) {
+ LDAP_FREE( url );
+ ldap_free_urldesc( ludp );
+ return LDAP_URL_ERR_BADURL;
+ }
+ *r++ = '\0';
+ q = strchr( r, ':' );
+ } else {
+ q = strchr( url, ':' );
+ }
+
+ if ( q != NULL ) {
+ char *next;
+
+ *q++ = '\0';
+ ldap_pvt_hex_unescape( q );
+
+ if( *q == '\0' ) {
+ LDAP_FREE( url );
+ ldap_free_urldesc( ludp );
+ return LDAP_URL_ERR_BADURL;
+ }
+
+ ludp->lud_port = strtol( q, &next, 10 );
+ if ( next == q || next[0] != '\0' ) {
+ LDAP_FREE( url );
+ ldap_free_urldesc( ludp );
+ return LDAP_URL_ERR_BADURL;
+ }
+ }
+
+ ldap_pvt_hex_unescape( url );
+
+ /* If [ip address]:port syntax, url is [ip and we skip the [ */
+ ludp->lud_host = LDAP_STRDUP( url + ( *url == '[' ) );
+
+ if( ludp->lud_host == NULL ) {
+ LDAP_FREE( url );
+ ldap_free_urldesc( ludp );
+ return LDAP_URL_ERR_MEM;
+ }
+
+ /*
+ * Kludge. ldap://111.222.333.444:389??cn=abc,o=company
+ *
+ * On early Novell releases, search references/referrals were returned
+ * in this format, i.e., the dn was kind of in the scope position,
+ * but the required slash is missing. The whole thing is illegal syntax,
+ * but we need to account for it. Fortunately it can't be confused with
+ * anything real.
+ */
+ if( (p == NULL) && (q != NULL) && ((q = strchr( q, '?')) != NULL)) {
+ q++;
+ /* ? immediately followed by question */
+ if( *q == '?') {
+ q++;
+ if( *q != '\0' ) {
+ /* parse dn part */
+ ldap_pvt_hex_unescape( q );
+ ludp->lud_dn = LDAP_STRDUP( q );
+ } else {
+ ludp->lud_dn = LDAP_STRDUP( "" );
+ }
+
+ if( ludp->lud_dn == NULL ) {
+ LDAP_FREE( url );
+ ldap_free_urldesc( ludp );
+ return LDAP_URL_ERR_MEM;
+ }
+ }
+ }
+
+ if( p == NULL ) {
+ LDAP_FREE( url );
+ *ludpp = ludp;
+ return LDAP_URL_SUCCESS;
+ }
+
+ /* scan forward for '?' that may marks end of dn */
+ q = strchr( p, '?' );
+
+ if( q != NULL ) {
+ /* terminate dn part */
+ *q++ = '\0';
+ }
+
+ if( *p != '\0' ) {
+ /* parse dn part */
+ ldap_pvt_hex_unescape( p );
+ ludp->lud_dn = LDAP_STRDUP( p );
+ } else {
+ ludp->lud_dn = LDAP_STRDUP( "" );
+ }
+
+ if( ludp->lud_dn == NULL ) {
+ LDAP_FREE( url );
+ ldap_free_urldesc( ludp );
+ return LDAP_URL_ERR_MEM;
+ }
+
+ if( q == NULL ) {
+ /* no more */
+ LDAP_FREE( url );
+ *ludpp = ludp;
+ return LDAP_URL_SUCCESS;
+ }
+
+ /* scan forward for '?' that may marks end of attributes */
+ p = q;
+ q = strchr( p, '?' );
+
+ if( q != NULL ) {
+ /* terminate attributes part */
+ *q++ = '\0';
+ }
+
+ if( *p != '\0' ) {
+ /* parse attributes */
+ ldap_pvt_hex_unescape( p );
+ ludp->lud_attrs = ldap_str2charray( p, "," );
+
+ if( ludp->lud_attrs == NULL ) {
+ LDAP_FREE( url );
+ ldap_free_urldesc( ludp );
+ return LDAP_URL_ERR_BADATTRS;
+ }
+ }
+
+ if ( q == NULL ) {
+ /* no more */
+ LDAP_FREE( url );
+ *ludpp = ludp;
+ return LDAP_URL_SUCCESS;
+ }
+
+ /* scan forward for '?' that may marks end of scope */
+ p = q;
+ q = strchr( p, '?' );
+
+ if( q != NULL ) {
+ /* terminate the scope part */
+ *q++ = '\0';
+ }
+
+ if( *p != '\0' ) {
+ /* parse the scope */
+ ldap_pvt_hex_unescape( p );
+ ludp->lud_scope = str2scope( p );
+
+ if( ludp->lud_scope == -1 ) {
+ LDAP_FREE( url );
+ ldap_free_urldesc( ludp );
+ return LDAP_URL_ERR_BADSCOPE;
+ }
+ }
+
+ if ( q == NULL ) {
+ /* no more */
+ LDAP_FREE( url );
+ *ludpp = ludp;
+ return LDAP_URL_SUCCESS;
+ }
+
+ /* scan forward for '?' that may marks end of filter */
+ p = q;
+ q = strchr( p, '?' );
+
+ if( q != NULL ) {
+ /* terminate the filter part */
+ *q++ = '\0';
+ }
+
+ if( *p != '\0' ) {
+ /* parse the filter */
+ ldap_pvt_hex_unescape( p );
+
+ if( ! *p ) {
+ /* missing filter */
+ LDAP_FREE( url );
+ ldap_free_urldesc( ludp );
+ return LDAP_URL_ERR_BADFILTER;
+ }
+
+ ludp->lud_filter = LDAP_STRDUP( p );
+
+ if( ludp->lud_filter == NULL ) {
+ LDAP_FREE( url );
+ ldap_free_urldesc( ludp );
+ return LDAP_URL_ERR_MEM;
+ }
+ }
+
+ if ( q == NULL ) {
+ /* no more */
+ LDAP_FREE( url );
+ *ludpp = ludp;
+ return LDAP_URL_SUCCESS;
+ }
+
+ /* scan forward for '?' that may marks end of extensions */
+ p = q;
+ q = strchr( p, '?' );
+
+ if( q != NULL ) {
+ /* extra '?' */
+ LDAP_FREE( url );
+ ldap_free_urldesc( ludp );
+ return LDAP_URL_ERR_BADURL;
+ }
+
+ /* parse the extensions */
+ ludp->lud_exts = ldap_str2charray( p, "," );
+
+ if( ludp->lud_exts == NULL ) {
+ LDAP_FREE( url );
+ ldap_free_urldesc( ludp );
+ return LDAP_URL_ERR_BADEXTS;
+ }
+
+ for( i=0; ludp->lud_exts[i] != NULL; i++ ) {
+ ldap_pvt_hex_unescape( ludp->lud_exts[i] );
+
+ if( *ludp->lud_exts[i] == '!' ) {
+ /* count the number of critical extensions */
+ ludp->lud_crit_exts++;
+ }
+ }
+
+ if( i == 0 ) {
+ /* must have 1 or more */
+ LDAP_FREE( url );
+ ldap_free_urldesc( ludp );
+ return LDAP_URL_ERR_BADEXTS;
+ }
+
+ /* no more */
+ *ludpp = ludp;
+ LDAP_FREE( url );
+ return LDAP_URL_SUCCESS;
+}
+
+int
+ldap_url_parse( LDAP_CONST char *url_in, LDAPURLDesc **ludpp )
+{
+ int rc = ldap_url_parse_ext( url_in, ludpp );
+
+ if( rc != LDAP_URL_SUCCESS ) {
+ return rc;
+ }
+
+ if ((*ludpp)->lud_scope == LDAP_SCOPE_DEFAULT) {
+ (*ludpp)->lud_scope = LDAP_SCOPE_BASE;
+ }
+
+ if ((*ludpp)->lud_host != NULL && *(*ludpp)->lud_host == '\0') {
+ LDAP_FREE( (*ludpp)->lud_host );
+ (*ludpp)->lud_host = NULL;
+ }
+
+ if ((*ludpp)->lud_port == 0) {
+ if( strcmp((*ludpp)->lud_scheme, "ldap") == 0 ) {
+ (*ludpp)->lud_port = LDAP_PORT;
+#ifdef LDAP_CONNECTIONLESS
+ } else if( strcmp((*ludpp)->lud_scheme, "cldap") == 0 ) {
+ (*ludpp)->lud_port = LDAP_PORT;
+#endif
+ } else if( strcmp((*ludpp)->lud_scheme, "ldaps") == 0 ) {
+ (*ludpp)->lud_port = LDAPS_PORT;
+ }
+ }
+
+ return rc;
+}
+
+LDAPURLDesc *
+ldap_url_dup ( LDAPURLDesc *ludp )
+{
+ LDAPURLDesc *dest;
+
+ if ( ludp == NULL ) {
+ return NULL;
+ }
+
+ dest = LDAP_MALLOC( sizeof(LDAPURLDesc) );
+ if (dest == NULL)
+ return NULL;
+
+ *dest = *ludp;
+ dest->lud_scheme = NULL;
+ dest->lud_host = NULL;
+ dest->lud_dn = NULL;
+ dest->lud_filter = NULL;
+ dest->lud_attrs = NULL;
+ dest->lud_exts = NULL;
+ dest->lud_next = NULL;
+
+ if ( ludp->lud_scheme != NULL ) {
+ dest->lud_scheme = LDAP_STRDUP( ludp->lud_scheme );
+ if (dest->lud_scheme == NULL) {
+ ldap_free_urldesc(dest);
+ return NULL;
+ }
+ }
+
+ if ( ludp->lud_host != NULL ) {
+ dest->lud_host = LDAP_STRDUP( ludp->lud_host );
+ if (dest->lud_host == NULL) {
+ ldap_free_urldesc(dest);
+ return NULL;
+ }
+ }
+
+ if ( ludp->lud_dn != NULL ) {
+ dest->lud_dn = LDAP_STRDUP( ludp->lud_dn );
+ if (dest->lud_dn == NULL) {
+ ldap_free_urldesc(dest);
+ return NULL;
+ }
+ }
+
+ if ( ludp->lud_filter != NULL ) {
+ dest->lud_filter = LDAP_STRDUP( ludp->lud_filter );
+ if (dest->lud_filter == NULL) {
+ ldap_free_urldesc(dest);
+ return NULL;
+ }
+ }
+
+ if ( ludp->lud_attrs != NULL ) {
+ dest->lud_attrs = ldap_charray_dup( ludp->lud_attrs );
+ if (dest->lud_attrs == NULL) {
+ ldap_free_urldesc(dest);
+ return NULL;
+ }
+ }
+
+ if ( ludp->lud_exts != NULL ) {
+ dest->lud_exts = ldap_charray_dup( ludp->lud_exts );
+ if (dest->lud_exts == NULL) {
+ ldap_free_urldesc(dest);
+ return NULL;
+ }
+ }
+
+ return dest;
+}
+
+LDAPURLDesc *
+ldap_url_duplist (LDAPURLDesc *ludlist)
+{
+ LDAPURLDesc *dest, *tail, *ludp, *newludp;
+
+ dest = NULL;
+ tail = NULL;
+ for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
+ newludp = ldap_url_dup(ludp);
+ if (newludp == NULL) {
+ ldap_free_urllist(dest);
+ return NULL;
+ }
+ if (tail == NULL)
+ dest = newludp;
+ else
+ tail->lud_next = newludp;
+ tail = newludp;
+ }
+ return dest;
+}
+
+static int
+ldap_url_parselist_int (LDAPURLDesc **ludlist, const char *url, const char *sep,
+ int (*url_parse)( const char *, LDAPURLDesc ** ) )
+{
+ int i, rc;
+ LDAPURLDesc *ludp;
+ char **urls;
+
+ assert( ludlist != NULL );
+ assert( url != NULL );
+
+ *ludlist = NULL;
+
+ urls = ldap_str2charray(url, sep);
+ if (urls == NULL)
+ return LDAP_URL_ERR_MEM;
+
+ /* count the URLs... */
+ for (i = 0; urls[i] != NULL; i++) ;
+ /* ...and put them in the "stack" backward */
+ while (--i >= 0) {
+ rc = url_parse( urls[i], &ludp );
+ if ( rc != 0 ) {
+ ldap_charray_free(urls);
+ ldap_free_urllist(*ludlist);
+ *ludlist = NULL;
+ return rc;
+ }
+ ludp->lud_next = *ludlist;
+ *ludlist = ludp;
+ }
+ ldap_charray_free(urls);
+ return LDAP_URL_SUCCESS;
+}
+
+int
+ldap_url_parselist (LDAPURLDesc **ludlist, const char *url )
+{
+ return ldap_url_parselist_int( ludlist, url, ", ", ldap_url_parse );
+}
+
+int
+ldap_url_parselist_ext (LDAPURLDesc **ludlist, const char *url, const char *sep )
+{
+ return ldap_url_parselist_int( ludlist, url, sep, ldap_url_parse_ext );
+}
+
+int
+ldap_url_parsehosts(
+ LDAPURLDesc **ludlist,
+ const char *hosts,
+ int port )
+{
+ int i;
+ LDAPURLDesc *ludp;
+ char **specs, *p;
+
+ assert( ludlist != NULL );
+ assert( hosts != NULL );
+
+ *ludlist = NULL;
+
+ specs = ldap_str2charray(hosts, ", ");
+ if (specs == NULL)
+ return LDAP_NO_MEMORY;
+
+ /* count the URLs... */
+ for (i = 0; specs[i] != NULL; i++) /* EMPTY */;
+
+ /* ...and put them in the "stack" backward */
+ while (--i >= 0) {
+ ludp = LDAP_CALLOC( 1, sizeof(LDAPURLDesc) );
+ if (ludp == NULL) {
+ ldap_charray_free(specs);
+ ldap_free_urllist(*ludlist);
+ *ludlist = NULL;
+ return LDAP_NO_MEMORY;
+ }
+ ludp->lud_port = port;
+ ludp->lud_host = specs[i];
+ specs[i] = NULL;
+ p = strchr(ludp->lud_host, ':');
+ if (p != NULL) {
+ /* more than one :, IPv6 address */
+ if ( strchr(p+1, ':') != NULL ) {
+ /* allow [address] and [address]:port */
+ if ( *ludp->lud_host == '[' ) {
+ p = LDAP_STRDUP(ludp->lud_host+1);
+ /* copied, make sure we free source later */
+ specs[i] = ludp->lud_host;
+ ludp->lud_host = p;
+ p = strchr( ludp->lud_host, ']' );
+ if ( p == NULL ) {
+ LDAP_FREE(ludp);
+ ldap_charray_free(specs);
+ return LDAP_PARAM_ERROR;
+ }
+ *p++ = '\0';
+ if ( *p != ':' ) {
+ if ( *p != '\0' ) {
+ LDAP_FREE(ludp);
+ ldap_charray_free(specs);
+ return LDAP_PARAM_ERROR;
+ }
+ p = NULL;
+ }
+ } else {
+ p = NULL;
+ }
+ }
+ if (p != NULL) {
+ char *next;
+
+ *p++ = 0;
+ ldap_pvt_hex_unescape(p);
+ ludp->lud_port = strtol( p, &next, 10 );
+ if ( next == p || next[0] != '\0' ) {
+ LDAP_FREE(ludp);
+ ldap_charray_free(specs);
+ return LDAP_PARAM_ERROR;
+ }
+ }
+ }
+ ldap_pvt_hex_unescape(ludp->lud_host);
+ ludp->lud_scheme = LDAP_STRDUP("ldap");
+ ludp->lud_next = *ludlist;
+ *ludlist = ludp;
+ }
+
+ /* this should be an array of NULLs now */
+ /* except entries starting with [ */
+ ldap_charray_free(specs);
+ return LDAP_SUCCESS;
+}
+
+char *
+ldap_url_list2hosts (LDAPURLDesc *ludlist)
+{
+ LDAPURLDesc *ludp;
+ int size;
+ char *s, *p, buf[32]; /* big enough to hold a long decimal # (overkill) */
+
+ if (ludlist == NULL)
+ return NULL;
+
+ /* figure out how big the string is */
+ size = 1; /* nul-term */
+ for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
+ size += strlen(ludp->lud_host) + 1; /* host and space */
+ if (strchr(ludp->lud_host, ':')) /* will add [ ] below */
+ size += 2;
+ if (ludp->lud_port != 0)
+ size += sprintf(buf, ":%d", ludp->lud_port);
+ }
+ s = LDAP_MALLOC(size);
+ if (s == NULL)
+ return NULL;
+
+ p = s;
+ for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
+ if (strchr(ludp->lud_host, ':')) {
+ p += sprintf(p, "[%s]", ludp->lud_host);
+ } else {
+ strcpy(p, ludp->lud_host);
+ p += strlen(ludp->lud_host);
+ }
+ if (ludp->lud_port != 0)
+ p += sprintf(p, ":%d", ludp->lud_port);
+ *p++ = ' ';
+ }
+ if (p != s)
+ p--; /* nuke that extra space */
+ *p = 0;
+ return s;
+}
+
+char *
+ldap_url_list2urls(
+ LDAPURLDesc *ludlist )
+{
+ LDAPURLDesc *ludp;
+ int size, sofar;
+ char *s;
+
+ if ( ludlist == NULL ) {
+ return NULL;
+ }
+
+ /* figure out how big the string is */
+ for ( size = 0, ludp = ludlist; ludp != NULL; ludp = ludp->lud_next ) {
+ int len = desc2str_len( ludp );
+ if ( len < 0 ) {
+ return NULL;
+ }
+ size += len + 1;
+ }
+
+ s = LDAP_MALLOC( size );
+
+ if ( s == NULL ) {
+ return NULL;
+ }
+
+ for ( sofar = 0, ludp = ludlist; ludp != NULL; ludp = ludp->lud_next ) {
+ int len;
+
+ len = desc2str( ludp, &s[sofar], size );
+
+ if ( len < 0 ) {
+ LDAP_FREE( s );
+ return NULL;
+ }
+
+ sofar += len;
+ size -= len;
+
+ s[sofar++] = ' ';
+ size--;
+
+ assert( size >= 0 );
+ }
+
+ s[sofar - 1] = '\0';
+
+ return s;
+}
+
+void
+ldap_free_urllist( LDAPURLDesc *ludlist )
+{
+ LDAPURLDesc *ludp, *next;
+
+ for (ludp = ludlist; ludp != NULL; ludp = next) {
+ next = ludp->lud_next;
+ ldap_free_urldesc(ludp);
+ }
+}
+
+void
+ldap_free_urldesc( LDAPURLDesc *ludp )
+{
+ if ( ludp == NULL ) {
+ return;
+ }
+
+ if ( ludp->lud_scheme != NULL ) {
+ LDAP_FREE( ludp->lud_scheme );
+ }
+
+ if ( ludp->lud_host != NULL ) {
+ LDAP_FREE( ludp->lud_host );
+ }
+
+ if ( ludp->lud_dn != NULL ) {
+ LDAP_FREE( ludp->lud_dn );
+ }
+
+ if ( ludp->lud_filter != NULL ) {
+ LDAP_FREE( ludp->lud_filter);
+ }
+
+ if ( ludp->lud_attrs != NULL ) {
+ LDAP_VFREE( ludp->lud_attrs );
+ }
+
+ if ( ludp->lud_exts != NULL ) {
+ LDAP_VFREE( ludp->lud_exts );
+ }
+
+ LDAP_FREE( ludp );
+}
+
+static int
+ldap_int_is_hexpair( char *s )
+{
+ int i;
+
+ for ( i = 0; i < 2; i++ ) {
+ if ( s[i] >= '0' && s[i] <= '9' ) {
+ continue;
+ }
+
+ if ( s[i] >= 'A' && s[i] <= 'F' ) {
+ continue;
+ }
+
+ if ( s[i] >= 'a' && s[i] <= 'f' ) {
+ continue;
+ }
+
+ return 0;
+ }
+
+ return 1;
+}
+
+static int
+ldap_int_unhex( int c )
+{
+ return( c >= '0' && c <= '9' ? c - '0'
+ : c >= 'A' && c <= 'F' ? c - 'A' + 10
+ : c - 'a' + 10 );
+}
+
+void
+ldap_pvt_hex_unescape( char *s )
+{
+ /*
+ * Remove URL hex escapes from s... done in place. The basic concept for
+ * this routine is borrowed from the WWW library HTUnEscape() routine.
+ */
+ char *p,
+ *save_s = s;
+
+ for ( p = s; *s != '\0'; ++s ) {
+ if ( *s == '%' ) {
+ /*
+ * FIXME: what if '%' is followed
+ * by non-hexpair chars?
+ */
+ if ( !ldap_int_is_hexpair( s + 1 ) ) {
+ p = save_s;
+ break;
+ }
+
+ if ( *++s == '\0' ) {
+ break;
+ }
+ *p = ldap_int_unhex( *s ) << 4;
+ if ( *++s == '\0' ) {
+ break;
+ }
+ *p++ += ldap_int_unhex( *s );
+ } else {
+ *p++ = *s;
+ }
+ }
+
+ *p = '\0';
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/utf-8-conv.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/utf-8-conv.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/utf-8-conv.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,470 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/utf-8-conv.c,v 1.11.2.5 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
+ *
+ * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND
+ * TREATIES. USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT
+ * TO VERSION 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS
+ * AVAILABLE AT HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE"
+ * IN THE TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION
+ * OF THIS WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP
+ * PUBLIC LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT
+ * THE PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
+ *---
+ * Note: A verbatim copy of version 2.0.1 of the OpenLDAP Public License
+ * can be found in the file "build/LICENSE-2.0.1" in this distribution
+ * of OpenLDAP Software.
+ */
+
+/*
+ * UTF-8 Conversion Routines
+ *
+ * These routines convert between Wide Character and UTF-8,
+ * or between MultiByte and UTF-8 encodings.
+ *
+ * Both single character and string versions of the functions are provided.
+ * All functions return -1 if the character or string cannot be converted.
+ */
+
+#include "portable.h"
+
+#if SIZEOF_WCHAR_T >= 4
+/* These routines assume ( sizeof(wchar_t) >= 4 ) */
+
+#include <stdio.h>
+#include <ac/stdlib.h> /* For wctomb, wcstombs, mbtowc, mbstowcs */
+#include <ac/string.h>
+#include <ac/time.h> /* for time_t */
+
+#include "ldap-int.h"
+
+#include <ldap_utf8.h>
+
+static unsigned char mask[] = { 0, 0x7f, 0x1f, 0x0f, 0x07, 0x03, 0x01 };
+
+
+/*-----------------------------------------------------------------------------
+ UTF-8 Format Summary
+
+ASCII chars 7 bits
+ 0xxxxxxx
+
+2-character UTF-8 sequence: 11 bits
+ 110xxxxx 10xxxxxx
+
+3-character UTF-8 16 bits
+ 1110xxxx 10xxxxxx 10xxxxxx
+
+4-char UTF-8 21 bits
+ 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
+
+5-char UTF-8 26 bits
+ 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+
+6-char UTF-8 31 bits
+ 1111110x 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+
+Unicode address space (0 - 0x10FFFF) 21 bits
+ISO-10646 address space (0 - 0x7FFFFFFF) 31 bits
+
+Note: This code does not prevent UTF-8 sequences which are longer than
+ necessary from being decoded.
+*/
+
+/*-----------------------------------------------------------------------------
+ Convert a UTF-8 character to a wide char.
+ Return the length of the UTF-8 input character in bytes.
+*/
+int
+ldap_x_utf8_to_wc ( wchar_t *wchar, const char *utf8char )
+{
+ int utflen, i;
+ wchar_t ch;
+
+ if (utf8char == NULL) return -1;
+
+ /* Get UTF-8 sequence length from 1st byte */
+ utflen = LDAP_UTF8_CHARLEN2(utf8char, utflen);
+
+ if( utflen==0 || utflen > (int)LDAP_MAX_UTF8_LEN ) return -1;
+
+ /* First byte minus length tag */
+ ch = (wchar_t)(utf8char[0] & mask[utflen]);
+
+ for(i=1; i < utflen; i++) {
+ /* Subsequent bytes must start with 10 */
+ if ((utf8char[i] & 0xc0) != 0x80) return -1;
+
+ ch <<= 6; /* 6 bits of data in each subsequent byte */
+ ch |= (wchar_t)(utf8char[i] & 0x3f);
+ }
+
+ if (wchar) *wchar = ch;
+
+ return utflen;
+}
+
+/*-----------------------------------------------------------------------------
+ Convert a UTF-8 string to a wide char string.
+ No more than 'count' wide chars will be written to the output buffer.
+ Return the size of the converted string in wide chars, excl null terminator.
+*/
+int
+ldap_x_utf8s_to_wcs ( wchar_t *wcstr, const char *utf8str, size_t count )
+{
+ size_t wclen = 0;
+ int utflen, i;
+ wchar_t ch;
+
+
+ /* If input ptr is NULL or empty... */
+ if (utf8str == NULL || !*utf8str) {
+ if ( wcstr )
+ *wcstr = 0;
+ return 0;
+ }
+
+ /* Examine next UTF-8 character. If output buffer is NULL, ignore count */
+ while ( *utf8str && (wcstr==NULL || wclen<count) ) {
+ /* Get UTF-8 sequence length from 1st byte */
+ utflen = LDAP_UTF8_CHARLEN2(utf8str, utflen);
+
+ if( utflen==0 || utflen > (int)LDAP_MAX_UTF8_LEN ) return -1;
+
+ /* First byte minus length tag */
+ ch = (wchar_t)(utf8str[0] & mask[utflen]);
+
+ for(i=1; i < utflen; i++) {
+ /* Subsequent bytes must start with 10 */
+ if ((utf8str[i] & 0xc0) != 0x80) return -1;
+
+ ch <<= 6; /* 6 bits of data in each subsequent byte */
+ ch |= (wchar_t)(utf8str[i] & 0x3f);
+ }
+
+ if (wcstr) wcstr[wclen] = ch;
+
+ utf8str += utflen; /* Move to next UTF-8 character */
+ wclen++; /* Count number of wide chars stored/required */
+ }
+
+ /* Add null terminator if there's room in the buffer. */
+ if (wcstr && wclen < count) wcstr[wclen] = 0;
+
+ return wclen;
+}
+
+
+/*-----------------------------------------------------------------------------
+ Convert one wide char to a UTF-8 character.
+ Return the length of the converted UTF-8 character in bytes.
+ No more than 'count' bytes will be written to the output buffer.
+*/
+int
+ldap_x_wc_to_utf8 ( char *utf8char, wchar_t wchar, size_t count )
+{
+ int len=0;
+
+ if (utf8char == NULL) /* Just determine the required UTF-8 char length. */
+ { /* Ignore count */
+ if( wchar < 0 )
+ return -1;
+ if( wchar < 0x80 )
+ return 1;
+ if( wchar < 0x800 )
+ return 2;
+ if( wchar < 0x10000 )
+ return 3;
+ if( wchar < 0x200000 )
+ return 4;
+ if( wchar < 0x4000000 )
+ return 5;
+ if( wchar < 0x80000000 )
+ return 6;
+ return -1;
+ }
+
+
+ if ( wchar < 0 ) { /* Invalid wide character */
+ len = -1;
+
+ } else if( wchar < 0x80 ) {
+ if (count >= 1) {
+ utf8char[len++] = (char)wchar;
+ }
+
+ } else if( wchar < 0x800 ) {
+ if (count >=2) {
+ utf8char[len++] = 0xc0 | ( wchar >> 6 );
+ utf8char[len++] = 0x80 | ( wchar & 0x3f );
+ }
+
+ } else if( wchar < 0x10000 ) {
+ if (count >= 3) {
+ utf8char[len++] = 0xe0 | ( wchar >> 12 );
+ utf8char[len++] = 0x80 | ( (wchar >> 6) & 0x3f );
+ utf8char[len++] = 0x80 | ( wchar & 0x3f );
+ }
+
+ } else if( wchar < 0x200000 ) {
+ if (count >= 4) {
+ utf8char[len++] = 0xf0 | ( wchar >> 18 );
+ utf8char[len++] = 0x80 | ( (wchar >> 12) & 0x3f );
+ utf8char[len++] = 0x80 | ( (wchar >> 6) & 0x3f );
+ utf8char[len++] = 0x80 | ( wchar & 0x3f );
+ }
+
+ } else if( wchar < 0x4000000 ) {
+ if (count >= 5) {
+ utf8char[len++] = 0xf8 | ( wchar >> 24 );
+ utf8char[len++] = 0x80 | ( (wchar >> 18) & 0x3f );
+ utf8char[len++] = 0x80 | ( (wchar >> 12) & 0x3f );
+ utf8char[len++] = 0x80 | ( (wchar >> 6) & 0x3f );
+ utf8char[len++] = 0x80 | ( wchar & 0x3f );
+ }
+
+ } else if( wchar < 0x80000000 ) {
+ if (count >= 6) {
+ utf8char[len++] = 0xfc | ( wchar >> 30 );
+ utf8char[len++] = 0x80 | ( (wchar >> 24) & 0x3f );
+ utf8char[len++] = 0x80 | ( (wchar >> 18) & 0x3f );
+ utf8char[len++] = 0x80 | ( (wchar >> 12) & 0x3f );
+ utf8char[len++] = 0x80 | ( (wchar >> 6) & 0x3f );
+ utf8char[len++] = 0x80 | ( wchar & 0x3f );
+ }
+
+ } else
+ len = -1;
+
+ return len;
+
+}
+
+
+/*-----------------------------------------------------------------------------
+ Convert a wide char string to a UTF-8 string.
+ No more than 'count' bytes will be written to the output buffer.
+ Return the # of bytes written to the output buffer, excl null terminator.
+*/
+int
+ldap_x_wcs_to_utf8s ( char *utf8str, const wchar_t *wcstr, size_t count )
+{
+ int len = 0;
+ int n;
+ char *p = utf8str;
+ wchar_t empty = 0; /* To avoid use of L"" construct */
+
+ if (wcstr == NULL) /* Treat input ptr NULL as an empty string */
+ wcstr = ∅
+
+ if (utf8str == NULL) /* Just compute size of output, excl null */
+ {
+ while (*wcstr)
+ {
+ /* Get UTF-8 size of next wide char */
+ n = ldap_x_wc_to_utf8( NULL, *wcstr++, LDAP_MAX_UTF8_LEN);
+ if (n == -1)
+ return -1;
+ len += n;
+ }
+
+ return len;
+ }
+
+
+ /* Do the actual conversion. */
+
+ n = 1; /* In case of empty wcstr */
+ while (*wcstr)
+ {
+ n = ldap_x_wc_to_utf8( p, *wcstr++, count);
+
+ if (n <= 0) /* If encoding error (-1) or won't fit (0), quit */
+ break;
+
+ p += n;
+ count -= n; /* Space left in output buffer */
+ }
+
+ /* If not enough room for last character, pad remainder with null
+ so that return value = original count, indicating buffer full. */
+ if (n == 0)
+ {
+ while (count--)
+ *p++ = 0;
+ }
+
+ /* Add a null terminator if there's room. */
+ else if (count)
+ *p = 0;
+
+ if (n == -1) /* Conversion encountered invalid wide char. */
+ return -1;
+
+ /* Return the number of bytes written to output buffer, excl null. */
+ return (p - utf8str);
+}
+
+
+/*-----------------------------------------------------------------------------
+ Convert a UTF-8 character to a MultiByte character.
+ Return the size of the converted character in bytes.
+*/
+int
+ldap_x_utf8_to_mb ( char *mbchar, const char *utf8char,
+ int (*f_wctomb)(char *mbchar, wchar_t wchar) )
+{
+ wchar_t wchar;
+ int n;
+ char tmp[6]; /* Large enough for biggest multibyte char */
+
+ if (f_wctomb == NULL) /* If no conversion function was given... */
+ f_wctomb = wctomb; /* use the local ANSI C function */
+
+ /* First convert UTF-8 char to a wide char */
+ n = ldap_x_utf8_to_wc( &wchar, utf8char);
+
+ if (n == -1)
+ return -1; /* Invalid UTF-8 character */
+
+ if (mbchar == NULL)
+ n = f_wctomb( tmp, wchar );
+ else
+ n = f_wctomb( mbchar, wchar);
+
+ return n;
+}
+
+/*-----------------------------------------------------------------------------
+ Convert a UTF-8 string to a MultiByte string.
+ No more than 'count' bytes will be written to the output buffer.
+ Return the size of the converted string in bytes, excl null terminator.
+*/
+int
+ldap_x_utf8s_to_mbs ( char *mbstr, const char *utf8str, size_t count,
+ size_t (*f_wcstombs)(char *mbstr, const wchar_t *wcstr, size_t count) )
+{
+ wchar_t *wcs;
+ size_t wcsize;
+ int n;
+
+ if (f_wcstombs == NULL) /* If no conversion function was given... */
+ f_wcstombs = wcstombs; /* use the local ANSI C function */
+
+ if (utf8str == NULL || *utf8str == 0) /* NULL or empty input string */
+ {
+ if (mbstr)
+ *mbstr = 0;
+ return 0;
+ }
+
+/* Allocate memory for the maximum size wchar string that we could get. */
+ wcsize = strlen(utf8str) + 1;
+ wcs = (wchar_t *)LDAP_MALLOC(wcsize * sizeof(wchar_t));
+ if (wcs == NULL)
+ return -1; /* Memory allocation failure. */
+
+ /* First convert the UTF-8 string to a wide char string */
+ n = ldap_x_utf8s_to_wcs( wcs, utf8str, wcsize);
+
+ /* Then convert wide char string to multi-byte string */
+ if (n != -1)
+ {
+ n = f_wcstombs(mbstr, wcs, count);
+ }
+
+ LDAP_FREE(wcs);
+
+ return n;
+}
+
+/*-----------------------------------------------------------------------------
+ Convert a MultiByte character to a UTF-8 character.
+ 'mbsize' indicates the number of bytes of 'mbchar' to check.
+ Returns the number of bytes written to the output character.
+*/
+int
+ldap_x_mb_to_utf8 ( char *utf8char, const char *mbchar, size_t mbsize,
+ int (*f_mbtowc)(wchar_t *wchar, const char *mbchar, size_t count) )
+{
+ wchar_t wchar;
+ int n;
+
+ if (f_mbtowc == NULL) /* If no conversion function was given... */
+ f_mbtowc = mbtowc; /* use the local ANSI C function */
+
+ if (mbsize == 0) /* 0 is not valid. */
+ return -1;
+
+ if (mbchar == NULL || *mbchar == 0)
+ {
+ if (utf8char)
+ *utf8char = 0;
+ return 1;
+ }
+
+ /* First convert the MB char to a Wide Char */
+ n = f_mbtowc( &wchar, mbchar, mbsize);
+
+ if (n == -1)
+ return -1;
+
+ /* Convert the Wide Char to a UTF-8 character. */
+ n = ldap_x_wc_to_utf8( utf8char, wchar, LDAP_MAX_UTF8_LEN);
+
+ return n;
+}
+
+
+/*-----------------------------------------------------------------------------
+ Convert a MultiByte string to a UTF-8 string.
+ No more than 'count' bytes will be written to the output buffer.
+ Return the size of the converted string in bytes, excl null terminator.
+*/
+int
+ldap_x_mbs_to_utf8s ( char *utf8str, const char *mbstr, size_t count,
+ size_t (*f_mbstowcs)(wchar_t *wcstr, const char *mbstr, size_t count) )
+{
+ wchar_t *wcs;
+ int n;
+ size_t wcsize;
+
+ if (mbstr == NULL) /* Treat NULL input string as an empty string */
+ mbstr = "";
+
+ if (f_mbstowcs == NULL) /* If no conversion function was given... */
+ f_mbstowcs = mbstowcs; /* use the local ANSI C function */
+
+ /* Allocate memory for the maximum size wchar string that we could get. */
+ wcsize = strlen(mbstr) + 1;
+ wcs = (wchar_t *)LDAP_MALLOC( wcsize * sizeof(wchar_t) );
+ if (wcs == NULL)
+ return -1;
+
+ /* First convert multi-byte string to a wide char string */
+ n = f_mbstowcs(wcs, mbstr, wcsize);
+
+ /* Convert wide char string to UTF-8 string */
+ if (n != -1)
+ {
+ n = ldap_x_wcs_to_utf8s( utf8str, wcs, count);
+ }
+
+ LDAP_FREE(wcs);
+
+ return n;
+}
+
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/utf-8.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/utf-8.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/utf-8.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,562 @@
+/* utf-8.c -- Basic UTF-8 routines */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/utf-8.c,v 1.34.2.3 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Basic UTF-8 routines
+ *
+ * These routines are "dumb". Though they understand UTF-8,
+ * they don't grok Unicode. That is, they can push bits,
+ * but don't have a clue what the bits represent. That's
+ * good enough for use with the LDAP Client SDK.
+ *
+ * These routines are not optimized.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap_utf8.h"
+
+#include "ldap-int.h"
+#include "ldap_defaults.h"
+
+/*
+ * return the number of bytes required to hold the
+ * NULL-terminated UTF-8 string NOT INCLUDING the
+ * termination.
+ */
+ber_len_t ldap_utf8_bytes( const char * p )
+{
+ ber_len_t bytes;
+
+ for( bytes=0; p[bytes]; bytes++ ) {
+ /* EMPTY */ ;
+ }
+
+ return bytes;
+}
+
+ber_len_t ldap_utf8_chars( const char * p )
+{
+ /* could be optimized and could check for invalid sequences */
+ ber_len_t chars=0;
+
+ for( ; *p ; LDAP_UTF8_INCR(p) ) {
+ chars++;
+ }
+
+ return chars;
+}
+
+/* return offset to next character */
+int ldap_utf8_offset( const char * p )
+{
+ return LDAP_UTF8_NEXT(p) - p;
+}
+
+/*
+ * Returns length indicated by first byte.
+ */
+const char ldap_utf8_lentab[] = {
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
+ 4, 4, 4, 4, 4, 4, 4, 4, 5, 5, 5, 5, 6, 6, 0, 0 };
+
+int ldap_utf8_charlen( const char * p )
+{
+ if (!(*p & 0x80))
+ return 1;
+
+ return ldap_utf8_lentab[*(const unsigned char *)p ^ 0x80];
+}
+
+/*
+ * Make sure the UTF-8 char used the shortest possible encoding
+ * returns charlen if valid, 0 if not.
+ *
+ * Here are the valid UTF-8 encodings, taken from RFC 2279 page 4.
+ * The table is slightly modified from that of the RFC.
+ *
+ * UCS-4 range (hex) UTF-8 sequence (binary)
+ * 0000 0000-0000 007F 0.......
+ * 0000 0080-0000 07FF 110++++. 10......
+ * 0000 0800-0000 FFFF 1110++++ 10+..... 10......
+ * 0001 0000-001F FFFF 11110+++ 10++.... 10...... 10......
+ * 0020 0000-03FF FFFF 111110++ 10+++... 10...... 10...... 10......
+ * 0400 0000-7FFF FFFF 1111110+ 10++++.. 10...... 10...... 10...... 10......
+ *
+ * The '.' bits are "don't cares". When validating a UTF-8 sequence,
+ * at least one of the '+' bits must be set, otherwise the character
+ * should have been encoded in fewer octets. Note that in the two-octet
+ * case, only the first octet needs to be validated, and this is done
+ * in the ldap_utf8_lentab[] above.
+ */
+
+/* mask of required bits in second octet */
+#undef c
+#define c const char
+c ldap_utf8_mintab[] = {
+ (c)0x20, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80,
+ (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80,
+ (c)0x30, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80,
+ (c)0x38, (c)0x80, (c)0x80, (c)0x80, (c)0x3c, (c)0x80, (c)0x00, (c)0x00 };
+#undef c
+
+int ldap_utf8_charlen2( const char * p )
+{
+ int i = LDAP_UTF8_CHARLEN( p );
+
+ if ( i > 2 ) {
+ if ( !( ldap_utf8_mintab[*p & 0x1f] & p[1] ) )
+ i = 0;
+ }
+ return i;
+}
+
+/* conv UTF-8 to UCS-4, useful for comparisons */
+ldap_ucs4_t ldap_x_utf8_to_ucs4( const char * p )
+{
+ const unsigned char *c = (const unsigned char *) p;
+ ldap_ucs4_t ch;
+ int len, i;
+ static unsigned char mask[] = {
+ 0, 0x7f, 0x1f, 0x0f, 0x07, 0x03, 0x01 };
+
+ len = LDAP_UTF8_CHARLEN2(p, len);
+
+ if( len == 0 ) return LDAP_UCS4_INVALID;
+
+ ch = c[0] & mask[len];
+
+ for(i=1; i < len; i++) {
+ if ((c[i] & 0xc0) != 0x80) {
+ return LDAP_UCS4_INVALID;
+ }
+
+ ch <<= 6;
+ ch |= c[i] & 0x3f;
+ }
+
+ return ch;
+}
+
+/* conv UCS-4 to UTF-8, not used */
+int ldap_x_ucs4_to_utf8( ldap_ucs4_t c, char *buf )
+{
+ int len=0;
+ unsigned char* p = (unsigned char *) buf;
+
+ /* not a valid Unicode character */
+ if ( c < 0 ) return 0;
+
+ /* Just return length, don't convert */
+ if(buf == NULL) {
+ if( c < 0x80 ) return 1;
+ else if( c < 0x800 ) return 2;
+ else if( c < 0x10000 ) return 3;
+ else if( c < 0x200000 ) return 4;
+ else if( c < 0x4000000 ) return 5;
+ else return 6;
+ }
+
+ if( c < 0x80 ) {
+ p[len++] = c;
+
+ } else if( c < 0x800 ) {
+ p[len++] = 0xc0 | ( c >> 6 );
+ p[len++] = 0x80 | ( c & 0x3f );
+
+ } else if( c < 0x10000 ) {
+ p[len++] = 0xe0 | ( c >> 12 );
+ p[len++] = 0x80 | ( (c >> 6) & 0x3f );
+ p[len++] = 0x80 | ( c & 0x3f );
+
+ } else if( c < 0x200000 ) {
+ p[len++] = 0xf0 | ( c >> 18 );
+ p[len++] = 0x80 | ( (c >> 12) & 0x3f );
+ p[len++] = 0x80 | ( (c >> 6) & 0x3f );
+ p[len++] = 0x80 | ( c & 0x3f );
+
+ } else if( c < 0x4000000 ) {
+ p[len++] = 0xf8 | ( c >> 24 );
+ p[len++] = 0x80 | ( (c >> 18) & 0x3f );
+ p[len++] = 0x80 | ( (c >> 12) & 0x3f );
+ p[len++] = 0x80 | ( (c >> 6) & 0x3f );
+ p[len++] = 0x80 | ( c & 0x3f );
+
+ } else /* if( c < 0x80000000 ) */ {
+ p[len++] = 0xfc | ( c >> 30 );
+ p[len++] = 0x80 | ( (c >> 24) & 0x3f );
+ p[len++] = 0x80 | ( (c >> 18) & 0x3f );
+ p[len++] = 0x80 | ( (c >> 12) & 0x3f );
+ p[len++] = 0x80 | ( (c >> 6) & 0x3f );
+ p[len++] = 0x80 | ( c & 0x3f );
+ }
+
+ return len;
+}
+
+#define LDAP_UCS_UTF8LEN(c) \
+ c < 0 ? 0 : (c < 0x80 ? 1 : (c < 0x800 ? 2 : (c < 0x10000 ? 3 : \
+ (c < 0x200000 ? 4 : (c < 0x4000000 ? 5 : 6)))))
+
+/* Convert a string to UTF-8 format. The input string is expected to
+ * have characters of 1, 2, or 4 octets (in network byte order)
+ * corresponding to the ASN.1 T61STRING, BMPSTRING, and UNIVERSALSTRING
+ * types respectively. (Here T61STRING just means that there is one
+ * octet per character and characters may use the high bit of the octet.
+ * The characters are assumed to use ISO mappings, no provision is made
+ * for converting from T.61 coding rules to Unicode.)
+ */
+
+int
+ldap_ucs_to_utf8s( struct berval *ucs, int csize, struct berval *utf8s )
+{
+ unsigned char *in, *end;
+ char *ptr;
+ ldap_ucs4_t u;
+ int i, l = 0;
+
+ utf8s->bv_val = NULL;
+ utf8s->bv_len = 0;
+
+ in = (unsigned char *)ucs->bv_val;
+
+ /* Make sure we stop at an even multiple of csize */
+ end = in + ( ucs->bv_len & ~(csize-1) );
+
+ for (; in < end; ) {
+ u = *in++;
+ if (csize > 1) {
+ u <<= 8;
+ u |= *in++;
+ }
+ if (csize > 2) {
+ u <<= 8;
+ u |= *in++;
+ u <<= 8;
+ u |= *in++;
+ }
+ i = LDAP_UCS_UTF8LEN(u);
+ if (i == 0)
+ return LDAP_INVALID_SYNTAX;
+ l += i;
+ }
+
+ utf8s->bv_val = LDAP_MALLOC( l+1 );
+ if (utf8s->bv_val == NULL)
+ return LDAP_NO_MEMORY;
+ utf8s->bv_len = l;
+
+ ptr = utf8s->bv_val;
+ for (in = (unsigned char *)ucs->bv_val; in < end; ) {
+ u = *in++;
+ if (csize > 1) {
+ u <<= 8;
+ u |= *in++;
+ }
+ if (csize > 2) {
+ u <<= 8;
+ u |= *in++;
+ u <<= 8;
+ u |= *in++;
+ }
+ ptr += ldap_x_ucs4_to_utf8(u, ptr);
+ }
+ *ptr = '\0';
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Advance to the next UTF-8 character
+ *
+ * Ignores length of multibyte character, instead rely on
+ * continuation markers to find start of next character.
+ * This allows for "resyncing" of when invalid characters
+ * are provided provided the start of the next character
+ * is appears within the 6 bytes examined.
+ */
+char* ldap_utf8_next( const char * p )
+{
+ int i;
+ const unsigned char *u = (const unsigned char *) p;
+
+ if( LDAP_UTF8_ISASCII(u) ) {
+ return (char *) &p[1];
+ }
+
+ for( i=1; i<6; i++ ) {
+ if ( ( u[i] & 0xc0 ) != 0x80 ) {
+ return (char *) &p[i];
+ }
+ }
+
+ return (char *) &p[i];
+}
+
+/*
+ * Advance to the previous UTF-8 character
+ *
+ * Ignores length of multibyte character, instead rely on
+ * continuation markers to find start of next character.
+ * This allows for "resyncing" of when invalid characters
+ * are provided provided the start of the next character
+ * is appears within the 6 bytes examined.
+ */
+char* ldap_utf8_prev( const char * p )
+{
+ int i;
+ const unsigned char *u = (const unsigned char *) p;
+
+ for( i=-1; i>-6 ; i-- ) {
+ if ( ( u[i] & 0xc0 ) != 0x80 ) {
+ return (char *) &p[i];
+ }
+ }
+
+ return (char *) &p[i];
+}
+
+/*
+ * Copy one UTF-8 character from src to dst returning
+ * number of bytes copied.
+ *
+ * Ignores length of multibyte character, instead rely on
+ * continuation markers to find start of next character.
+ * This allows for "resyncing" of when invalid characters
+ * are provided provided the start of the next character
+ * is appears within the 6 bytes examined.
+ */
+int ldap_utf8_copy( char* dst, const char *src )
+{
+ int i;
+ const unsigned char *u = (const unsigned char *) src;
+
+ dst[0] = src[0];
+
+ if( LDAP_UTF8_ISASCII(u) ) {
+ return 1;
+ }
+
+ for( i=1; i<6; i++ ) {
+ if ( ( u[i] & 0xc0 ) != 0x80 ) {
+ return i;
+ }
+ dst[i] = src[i];
+ }
+
+ return i;
+}
+
+#ifndef UTF8_ALPHA_CTYPE
+/*
+ * UTF-8 ctype routines
+ * Only deals with characters < 0x80 (ie: US-ASCII)
+ */
+
+int ldap_utf8_isascii( const char * p )
+{
+ unsigned c = * (const unsigned char *) p;
+ return LDAP_ASCII(c);
+}
+
+int ldap_utf8_isdigit( const char * p )
+{
+ unsigned c = * (const unsigned char *) p;
+
+ if(!LDAP_ASCII(c)) return 0;
+
+ return LDAP_DIGIT( c );
+}
+
+int ldap_utf8_isxdigit( const char * p )
+{
+ unsigned c = * (const unsigned char *) p;
+
+ if(!LDAP_ASCII(c)) return 0;
+
+ return LDAP_HEX(c);
+}
+
+int ldap_utf8_isspace( const char * p )
+{
+ unsigned c = * (const unsigned char *) p;
+
+ if(!LDAP_ASCII(c)) return 0;
+
+ switch(c) {
+ case ' ':
+ case '\t':
+ case '\n':
+ case '\r':
+ case '\v':
+ case '\f':
+ return 1;
+ }
+
+ return 0;
+}
+
+/*
+ * These are not needed by the C SDK and are
+ * not "good enough" for general use.
+ */
+int ldap_utf8_isalpha( const char * p )
+{
+ unsigned c = * (const unsigned char *) p;
+
+ if(!LDAP_ASCII(c)) return 0;
+
+ return LDAP_ALPHA(c);
+}
+
+int ldap_utf8_isalnum( const char * p )
+{
+ unsigned c = * (const unsigned char *) p;
+
+ if(!LDAP_ASCII(c)) return 0;
+
+ return LDAP_ALNUM(c);
+}
+
+int ldap_utf8_islower( const char * p )
+{
+ unsigned c = * (const unsigned char *) p;
+
+ if(!LDAP_ASCII(c)) return 0;
+
+ return LDAP_LOWER(c);
+}
+
+int ldap_utf8_isupper( const char * p )
+{
+ unsigned c = * (const unsigned char *) p;
+
+ if(!LDAP_ASCII(c)) return 0;
+
+ return LDAP_UPPER(c);
+}
+#endif
+
+
+/*
+ * UTF-8 string routines
+ */
+
+/* like strchr() */
+char * (ldap_utf8_strchr)( const char *str, const char *chr )
+{
+ for( ; *str != '\0'; LDAP_UTF8_INCR(str) ) {
+ if( ldap_x_utf8_to_ucs4( str ) == ldap_x_utf8_to_ucs4( chr ) ) {
+ return (char *) str;
+ }
+ }
+
+ return NULL;
+}
+
+/* like strcspn() but returns number of bytes, not characters */
+ber_len_t (ldap_utf8_strcspn)( const char *str, const char *set )
+{
+ const char *cstr;
+ const char *cset;
+
+ for( cstr = str; *cstr != '\0'; LDAP_UTF8_INCR(cstr) ) {
+ for( cset = set; *cset != '\0'; LDAP_UTF8_INCR(cset) ) {
+ if( ldap_x_utf8_to_ucs4( cstr ) == ldap_x_utf8_to_ucs4( cset ) ) {
+ return cstr - str;
+ }
+ }
+ }
+
+ return cstr - str;
+}
+
+/* like strspn() but returns number of bytes, not characters */
+ber_len_t (ldap_utf8_strspn)( const char *str, const char *set )
+{
+ const char *cstr;
+ const char *cset;
+
+ for( cstr = str; *cstr != '\0'; LDAP_UTF8_INCR(cstr) ) {
+ for( cset = set; ; LDAP_UTF8_INCR(cset) ) {
+ if( *cset == '\0' ) {
+ return cstr - str;
+ }
+
+ if( ldap_x_utf8_to_ucs4( cstr ) == ldap_x_utf8_to_ucs4( cset ) ) {
+ break;
+ }
+ }
+ }
+
+ return cstr - str;
+}
+
+/* like strpbrk(), replaces strchr() as well */
+char *(ldap_utf8_strpbrk)( const char *str, const char *set )
+{
+ for( ; *str != '\0'; LDAP_UTF8_INCR(str) ) {
+ const char *cset;
+
+ for( cset = set; *cset != '\0'; LDAP_UTF8_INCR(cset) ) {
+ if( ldap_x_utf8_to_ucs4( str ) == ldap_x_utf8_to_ucs4( cset ) ) {
+ return (char *) str;
+ }
+ }
+ }
+
+ return NULL;
+}
+
+/* like strtok_r(), not strtok() */
+char *(ldap_utf8_strtok)(char *str, const char *sep, char **last)
+{
+ char *begin;
+ char *end;
+
+ if( last == NULL ) return NULL;
+
+ begin = str ? str : *last;
+
+ begin += ldap_utf8_strspn( begin, sep );
+
+ if( *begin == '\0' ) {
+ *last = NULL;
+ return NULL;
+ }
+
+ end = &begin[ ldap_utf8_strcspn( begin, sep ) ];
+
+ if( *end != '\0' ) {
+ char *next = LDAP_UTF8_NEXT( end );
+ *end = '\0';
+ end = next;
+ }
+
+ *last = end;
+ return begin;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/util-int.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/util-int.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/util-int.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,592 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/util-int.c,v 1.51.2.5 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998 A. Hartgers.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Bart Hartgers for inclusion in
+ * OpenLDAP Software.
+ */
+
+/*
+ * util-int.c Various functions to replace missing threadsafe ones.
+ * Without the real *_r funcs, things will
+ * work, but might not be threadsafe.
+ */
+
+#include "portable.h"
+
+#include <ac/stdlib.h>
+
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include "ldap-int.h"
+
+#ifndef h_errno
+/* newer systems declare this in <netdb.h> for you, older ones don't.
+ * harmless to declare it again (unless defined by a macro).
+ */
+extern int h_errno;
+#endif
+
+#ifdef HAVE_HSTRERROR
+# define HSTRERROR(e) hstrerror(e)
+#else
+# define HSTRERROR(e) hp_strerror(e)
+#endif
+
+#ifndef LDAP_R_COMPILE
+# undef HAVE_REENTRANT_FUNCTIONS
+# undef HAVE_CTIME_R
+# undef HAVE_GETHOSTBYNAME_R
+# undef HAVE_GETHOSTBYADDR_R
+
+#else
+# include <ldap_pvt_thread.h>
+ ldap_pvt_thread_mutex_t ldap_int_resolv_mutex;
+
+# if (defined( HAVE_CTIME_R ) || defined( HAVE_REENTRANT_FUNCTIONS)) \
+ && defined( CTIME_R_NARGS )
+# define USE_CTIME_R
+# else
+ static ldap_pvt_thread_mutex_t ldap_int_ctime_mutex;
+# endif
+
+# if defined(HAVE_GETHOSTBYNAME_R) && \
+ (GETHOSTBYNAME_R_NARGS < 5) || (6 < GETHOSTBYNAME_R_NARGS)
+ /* Don't know how to handle this version, pretend it's not there */
+# undef HAVE_GETHOSTBYNAME_R
+# endif
+# if defined(HAVE_GETHOSTBYADDR_R) && \
+ (GETHOSTBYADDR_R_NARGS < 7) || (8 < GETHOSTBYADDR_R_NARGS)
+ /* Don't know how to handle this version, pretend it's not there */
+# undef HAVE_GETHOSTBYADDR_R
+# endif
+#endif /* LDAP_R_COMPILE */
+
+char *ldap_pvt_ctime( const time_t *tp, char *buf )
+{
+#ifdef USE_CTIME_R
+# if (CTIME_R_NARGS > 3) || (CTIME_R_NARGS < 2)
+# error "CTIME_R_NARGS should be 2 or 3"
+# elif CTIME_R_NARGS > 2 && defined(CTIME_R_RETURNS_INT)
+ return( ctime_r(tp,buf,26) < 0 ? 0 : buf );
+# elif CTIME_R_NARGS > 2
+ return ctime_r(tp,buf,26);
+# else
+ return ctime_r(tp,buf);
+# endif
+
+#else
+
+# ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ldap_int_ctime_mutex );
+# endif
+
+ AC_MEMCPY( buf, ctime(tp), 26 );
+
+# ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ldap_int_ctime_mutex );
+# endif
+
+ return buf;
+#endif
+}
+
+#define BUFSTART (1024-32)
+#define BUFMAX (32*1024-32)
+
+#if defined(LDAP_R_COMPILE)
+static char *safe_realloc( char **buf, int len );
+
+#if !(defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R))
+static int copy_hostent( struct hostent *res,
+ char **buf, struct hostent * src );
+#endif
+#endif
+
+int ldap_pvt_gethostbyname_a(
+ const char *name,
+ struct hostent *resbuf,
+ char **buf,
+ struct hostent **result,
+ int *herrno_ptr )
+{
+#if defined( HAVE_GETHOSTBYNAME_R )
+
+# define NEED_SAFE_REALLOC 1
+ int r=-1;
+ int buflen=BUFSTART;
+ *buf = NULL;
+ for(;buflen<BUFMAX;) {
+ if (safe_realloc( buf, buflen )==NULL)
+ return r;
+
+#if (GETHOSTBYNAME_R_NARGS < 6)
+ *result=gethostbyname_r( name, resbuf, *buf, buflen, herrno_ptr );
+ r = (*result == NULL) ? -1 : 0;
+#else
+ r = gethostbyname_r( name, resbuf, *buf,
+ buflen, result, herrno_ptr );
+#endif
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_pvt_gethostbyname_a: host=%s, r=%d\n",
+ name, r, 0 );
+
+#ifdef NETDB_INTERNAL
+ if ((r<0) &&
+ (*herrno_ptr==NETDB_INTERNAL) &&
+ (errno==ERANGE))
+ {
+ buflen*=2;
+ continue;
+ }
+#endif
+ return r;
+ }
+ return -1;
+#elif defined( LDAP_R_COMPILE )
+# define NEED_COPY_HOSTENT
+ struct hostent *he;
+ int retval;
+ *buf = NULL;
+
+ ldap_pvt_thread_mutex_lock( &ldap_int_resolv_mutex );
+
+ he = gethostbyname( name );
+
+ if (he==NULL) {
+ *herrno_ptr = h_errno;
+ retval = -1;
+ } else if (copy_hostent( resbuf, buf, he )<0) {
+ *herrno_ptr = -1;
+ retval = -1;
+ } else {
+ *result = resbuf;
+ retval = 0;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &ldap_int_resolv_mutex );
+
+ return retval;
+#else
+ *buf = NULL;
+ *result = gethostbyname( name );
+
+ if (*result!=NULL) {
+ return 0;
+ }
+
+ *herrno_ptr = h_errno;
+
+ return -1;
+#endif
+}
+
+#if !defined( HAVE_GETNAMEINFO ) && !defined( HAVE_HSTRERROR )
+static const char *
+hp_strerror( int err )
+{
+ switch (err) {
+ case HOST_NOT_FOUND: return _("Host not found (authoritative)");
+ case TRY_AGAIN: return _("Host not found (server fail?)");
+ case NO_RECOVERY: return _("Non-recoverable failure");
+ case NO_DATA: return _("No data of requested type");
+#ifdef NETDB_INTERNAL
+ case NETDB_INTERNAL: return STRERROR( errno );
+#endif
+ }
+ return _("Unknown resolver error");
+}
+#endif
+
+int ldap_pvt_get_hname(
+ const struct sockaddr *sa,
+ int len,
+ char *name,
+ int namelen,
+ char **err )
+{
+ int rc;
+#if defined( HAVE_GETNAMEINFO )
+
+#if defined( LDAP_R_COMPILE )
+ ldap_pvt_thread_mutex_lock( &ldap_int_resolv_mutex );
+#endif
+ rc = getnameinfo( sa, len, name, namelen, NULL, 0, 0 );
+#if defined( LDAP_R_COMPILE )
+ ldap_pvt_thread_mutex_unlock( &ldap_int_resolv_mutex );
+#endif
+ if ( rc ) *err = (char *)AC_GAI_STRERROR( rc );
+ return rc;
+
+#else /* !HAVE_GETNAMEINFO */
+ char *addr;
+ int alen;
+ struct hostent *hp = NULL;
+#ifdef HAVE_GETHOSTBYADDR_R
+ struct hostent hb;
+ int buflen=BUFSTART, h_errno;
+ char *buf=NULL;
+#endif
+
+#ifdef LDAP_PF_INET6
+ if (sa->sa_family == AF_INET6) {
+ struct sockaddr_in6 *sin = (struct sockaddr_in6 *)sa;
+ addr = (char *)&sin->sin6_addr;
+ alen = sizeof(sin->sin6_addr);
+ } else
+#endif
+ if (sa->sa_family == AF_INET) {
+ struct sockaddr_in *sin = (struct sockaddr_in *)sa;
+ addr = (char *)&sin->sin_addr;
+ alen = sizeof(sin->sin_addr);
+ } else {
+ rc = NO_RECOVERY;
+ *err = (char *)HSTRERROR( rc );
+ return rc;
+ }
+#if defined( HAVE_GETHOSTBYADDR_R )
+ for(;buflen<BUFMAX;) {
+ if (safe_realloc( &buf, buflen )==NULL) {
+ *err = (char *)STRERROR( ENOMEM );
+ return ENOMEM;
+ }
+#if (GETHOSTBYADDR_R_NARGS < 8)
+ hp=gethostbyaddr_r( addr, alen, sa->sa_family,
+ &hb, buf, buflen, &h_errno );
+ rc = (hp == NULL) ? -1 : 0;
+#else
+ rc = gethostbyaddr_r( addr, alen, sa->sa_family,
+ &hb, buf, buflen,
+ &hp, &h_errno );
+#endif
+#ifdef NETDB_INTERNAL
+ if ((rc<0) &&
+ (h_errno==NETDB_INTERNAL) &&
+ (errno==ERANGE))
+ {
+ buflen*=2;
+ continue;
+ }
+#endif
+ break;
+ }
+ if (hp) {
+ strncpy( name, hp->h_name, namelen );
+ } else {
+ *err = (char *)HSTRERROR( h_errno );
+ }
+ LDAP_FREE(buf);
+#else /* HAVE_GETHOSTBYADDR_R */
+
+#if defined( LDAP_R_COMPILE )
+ ldap_pvt_thread_mutex_lock( &ldap_int_resolv_mutex );
+#endif
+ hp = gethostbyaddr( addr, alen, sa->sa_family );
+ if (hp) {
+ strncpy( name, hp->h_name, namelen );
+ rc = 0;
+ } else {
+ rc = h_errno;
+ *err = (char *)HSTRERROR( h_errno );
+ }
+#if defined( LDAP_R_COMPILE )
+ ldap_pvt_thread_mutex_unlock( &ldap_int_resolv_mutex );
+#endif
+
+#endif /* !HAVE_GETHOSTBYADDR_R */
+ return rc;
+#endif /* !HAVE_GETNAMEINFO */
+}
+
+int ldap_pvt_gethostbyaddr_a(
+ const char *addr,
+ int len,
+ int type,
+ struct hostent *resbuf,
+ char **buf,
+ struct hostent **result,
+ int *herrno_ptr )
+{
+#if defined( HAVE_GETHOSTBYADDR_R )
+
+# undef NEED_SAFE_REALLOC
+# define NEED_SAFE_REALLOC
+ int r=-1;
+ int buflen=BUFSTART;
+ *buf = NULL;
+ for(;buflen<BUFMAX;) {
+ if (safe_realloc( buf, buflen )==NULL)
+ return r;
+#if (GETHOSTBYADDR_R_NARGS < 8)
+ *result=gethostbyaddr_r( addr, len, type,
+ resbuf, *buf, buflen, herrno_ptr );
+ r = (*result == NULL) ? -1 : 0;
+#else
+ r = gethostbyaddr_r( addr, len, type,
+ resbuf, *buf, buflen,
+ result, herrno_ptr );
+#endif
+
+#ifdef NETDB_INTERNAL
+ if ((r<0) &&
+ (*herrno_ptr==NETDB_INTERNAL) &&
+ (errno==ERANGE))
+ {
+ buflen*=2;
+ continue;
+ }
+#endif
+ return r;
+ }
+ return -1;
+#elif defined( LDAP_R_COMPILE )
+# undef NEED_COPY_HOSTENT
+# define NEED_COPY_HOSTENT
+ struct hostent *he;
+ int retval;
+ *buf = NULL;
+
+ ldap_pvt_thread_mutex_lock( &ldap_int_resolv_mutex );
+
+ he = gethostbyaddr( addr, len, type );
+
+ if (he==NULL) {
+ *herrno_ptr = h_errno;
+ retval = -1;
+ } else if (copy_hostent( resbuf, buf, he )<0) {
+ *herrno_ptr = -1;
+ retval = -1;
+ } else {
+ *result = resbuf;
+ retval = 0;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &ldap_int_resolv_mutex );
+
+ return retval;
+
+#else /* gethostbyaddr() */
+ *buf = NULL;
+ *result = gethostbyaddr( addr, len, type );
+
+ if (*result!=NULL) {
+ return 0;
+ }
+ return -1;
+#endif
+}
+/*
+ * ldap_int_utils_init() should be called before any other function.
+ */
+
+void ldap_int_utils_init( void )
+{
+ static int done=0;
+ if (done)
+ return;
+ done=1;
+
+#ifdef LDAP_R_COMPILE
+#if !defined( USE_CTIME_R ) && !defined( HAVE_REENTRANT_FUNCTIONS )
+ ldap_pvt_thread_mutex_init( &ldap_int_ctime_mutex );
+#endif
+ ldap_pvt_thread_mutex_init( &ldap_int_resolv_mutex );
+
+#ifdef HAVE_CYRUS_SASL
+ ldap_pvt_thread_mutex_init( &ldap_int_sasl_mutex );
+#endif
+#endif
+
+ /* call other module init functions here... */
+}
+
+#if defined( NEED_COPY_HOSTENT )
+# undef NEED_SAFE_REALLOC
+#define NEED_SAFE_REALLOC
+
+static char *cpy_aliases(
+ char ***tgtio,
+ char *buf,
+ char **src )
+{
+ int len;
+ char **tgt=*tgtio;
+ for( ; (*src) ; src++ ) {
+ len = strlen( *src ) + 1;
+ AC_MEMCPY( buf, *src, len );
+ *tgt++=buf;
+ buf+=len;
+ }
+ *tgtio=tgt;
+ return buf;
+}
+
+static char *cpy_addresses(
+ char ***tgtio,
+ char *buf,
+ char **src,
+ int len )
+{
+ char **tgt=*tgtio;
+ for( ; (*src) ; src++ ) {
+ AC_MEMCPY( buf, *src, len );
+ *tgt++=buf;
+ buf+=len;
+ }
+ *tgtio=tgt;
+ return buf;
+}
+
+static int copy_hostent(
+ struct hostent *res,
+ char **buf,
+ struct hostent * src )
+{
+ char **p;
+ char **tp;
+ char *tbuf;
+ int name_len;
+ int n_alias=0;
+ int total_alias_len=0;
+ int n_addr=0;
+ int total_addr_len=0;
+ int total_len;
+
+ /* calculate the size needed for the buffer */
+ name_len = strlen( src->h_name ) + 1;
+
+ if( src->h_aliases != NULL ) {
+ for( p = src->h_aliases; (*p) != NULL; p++ ) {
+ total_alias_len += strlen( *p ) + 1;
+ n_alias++;
+ }
+ }
+
+ if( src->h_addr_list != NULL ) {
+ for( p = src->h_addr_list; (*p) != NULL; p++ ) {
+ n_addr++;
+ }
+ total_addr_len = n_addr * src->h_length;
+ }
+
+ total_len = (n_alias + n_addr + 2) * sizeof( char * ) +
+ total_addr_len + total_alias_len + name_len;
+
+ if (safe_realloc( buf, total_len )) {
+ tp = (char **) *buf;
+ tbuf = *buf + (n_alias + n_addr + 2) * sizeof( char * );
+ AC_MEMCPY( res, src, sizeof( struct hostent ) );
+ /* first the name... */
+ AC_MEMCPY( tbuf, src->h_name, name_len );
+ res->h_name = tbuf; tbuf+=name_len;
+ /* now the aliases */
+ res->h_aliases = tp;
+ if ( src->h_aliases != NULL ) {
+ tbuf = cpy_aliases( &tp, tbuf, src->h_aliases );
+ }
+ *tp++=NULL;
+ /* finally the addresses */
+ res->h_addr_list = tp;
+ if ( src->h_addr_list != NULL ) {
+ tbuf = cpy_addresses( &tp, tbuf, src->h_addr_list, src->h_length );
+ }
+ *tp++=NULL;
+ return 0;
+ }
+ return -1;
+}
+#endif
+
+#if defined( NEED_SAFE_REALLOC )
+static char *safe_realloc( char **buf, int len )
+{
+ char *tmpbuf;
+ tmpbuf = LDAP_REALLOC( *buf, len );
+ if (tmpbuf) {
+ *buf=tmpbuf;
+ }
+ return tmpbuf;
+}
+#endif
+
+char * ldap_pvt_get_fqdn( char *name )
+{
+ char *fqdn, *ha_buf;
+ char hostbuf[MAXHOSTNAMELEN+1];
+ struct hostent *hp, he_buf;
+ int rc, local_h_errno;
+
+ if( name == NULL ) {
+ if( gethostname( hostbuf, MAXHOSTNAMELEN ) == 0 ) {
+ hostbuf[MAXHOSTNAMELEN] = '\0';
+ name = hostbuf;
+ } else {
+ name = "localhost";
+ }
+ }
+
+ rc = ldap_pvt_gethostbyname_a( name,
+ &he_buf, &ha_buf, &hp, &local_h_errno );
+
+ if( rc < 0 || hp == NULL || hp->h_name == NULL ) {
+ fqdn = LDAP_STRDUP( name );
+ } else {
+ fqdn = LDAP_STRDUP( hp->h_name );
+ }
+
+ LDAP_FREE( ha_buf );
+ return fqdn;
+}
+
+#if ( defined( HAVE_GETADDRINFO ) || defined( HAVE_GETNAMEINFO ) ) \
+ && !defined( HAVE_GAI_STRERROR )
+char *ldap_pvt_gai_strerror (int code) {
+ static struct {
+ int code;
+ const char *msg;
+ } values[] = {
+#ifdef EAI_ADDRFAMILY
+ { EAI_ADDRFAMILY, N_("Address family for hostname not supported") },
+#endif
+ { EAI_AGAIN, N_("Temporary failure in name resolution") },
+ { EAI_BADFLAGS, N_("Bad value for ai_flags") },
+ { EAI_FAIL, N_("Non-recoverable failure in name resolution") },
+ { EAI_FAMILY, N_("ai_family not supported") },
+ { EAI_MEMORY, N_("Memory allocation failure") },
+#ifdef EAI_NODATA
+ { EAI_NODATA, N_("No address associated with hostname") },
+#endif
+ { EAI_NONAME, N_("Name or service not known") },
+ { EAI_SERVICE, N_("Servname not supported for ai_socktype") },
+ { EAI_SOCKTYPE, N_("ai_socktype not supported") },
+ { EAI_SYSTEM, N_("System error") },
+ { 0, NULL }
+ };
+
+ int i;
+
+ for ( i = 0; values[i].msg != NULL; i++ ) {
+ if ( values[i].code == code ) {
+ return (char *) _(values[i].msg);
+ }
+ }
+
+ return _("Unknown error");
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/vlvctrl.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/vlvctrl.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/vlvctrl.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,292 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/vlvctrl.c,v 1.13.2.3 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
+ *
+ * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND
+ * TREATIES. USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT
+ * TO VERSION 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS
+ * AVAILABLE AT HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE"
+ * IN THE TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION
+ * OF THIS WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP
+ * PUBLIC LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT
+ * THE PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
+ *---
+ * Note: A verbatim copy of version 2.0.1 of the OpenLDAP Public License
+ * can be found in the file "build/LICENSE-2.0.1" in this distribution
+ * of OpenLDAP Software.
+ */
+/* Portions Copyright (C) The Internet Society (1997)
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+#define LDAP_VLVBYINDEX_IDENTIFIER 0xa0L
+#define LDAP_VLVBYVALUE_IDENTIFIER 0x81L
+#define LDAP_VLVCONTEXT_IDENTIFIER 0x04L
+
+
+/*---
+ ldap_create_vlv_control
+
+ Create and encode the Virtual List View control.
+
+ ld (IN) An LDAP session handle, as obtained from a call to
+ ldap_init().
+
+ vlvinfop (IN) The address of an LDAPVLVInfo structure whose contents
+ are used to construct the value of the control
+ that is created.
+
+ ctrlp (OUT) A result parameter that will be assigned the address
+ of an LDAPControl structure that contains the
+ VirtualListViewRequest control created by this function.
+ The memory occupied by the LDAPControl structure
+ SHOULD be freed when it is no longer in use by
+ calling ldap_control_free().
+
+
+ Ber encoding
+
+ VirtualListViewRequest ::= SEQUENCE {
+ beforeCount INTEGER (0 .. maxInt),
+ afterCount INTEGER (0 .. maxInt),
+ CHOICE {
+ byoffset [0] SEQUENCE, {
+ offset INTEGER (0 .. maxInt),
+ contentCount INTEGER (0 .. maxInt) }
+ [1] greaterThanOrEqual assertionValue }
+ contextID OCTET STRING OPTIONAL }
+
+
+ Note: The first time the VLV control is created, the ldvlv_context
+ field of the LDAPVLVInfo structure should be set to NULL.
+ The context obtained from calling ldap_parse_vlv_control()
+ should be used as the context in the next ldap_create_vlv_control
+ call.
+
+ ---*/
+
+int
+ldap_create_vlv_control( LDAP *ld,
+ LDAPVLVInfo *vlvinfop,
+ LDAPControl **ctrlp )
+{
+ ber_tag_t tag;
+ BerElement *ber;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( vlvinfop != NULL );
+ assert( ctrlp != NULL );
+
+ if ((ber = ldap_alloc_ber_with_options(ld)) == NULL) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return(LDAP_NO_MEMORY);
+ }
+
+ tag = ber_printf(ber, "{ii" /*}*/,
+ vlvinfop->ldvlv_before_count,
+ vlvinfop->ldvlv_after_count);
+ if( tag == LBER_ERROR ) goto exit;
+
+ if (vlvinfop->ldvlv_attrvalue == NULL) {
+ tag = ber_printf(ber, "t{iiN}",
+ LDAP_VLVBYINDEX_IDENTIFIER,
+ vlvinfop->ldvlv_offset,
+ vlvinfop->ldvlv_count);
+ if( tag == LBER_ERROR ) goto exit;
+
+ } else {
+ tag = ber_printf(ber, "tO",
+ LDAP_VLVBYVALUE_IDENTIFIER,
+ vlvinfop->ldvlv_attrvalue);
+ if( tag == LBER_ERROR ) goto exit;
+ }
+
+ if (vlvinfop->ldvlv_context) {
+ tag = ber_printf(ber, "tO",
+ LDAP_VLVCONTEXT_IDENTIFIER,
+ vlvinfop->ldvlv_context);
+ if( tag == LBER_ERROR ) goto exit;
+ }
+
+ tag = ber_printf(ber, /*{*/ "N}");
+ if( tag == LBER_ERROR ) goto exit;
+
+ ld->ld_errno = ldap_create_control( LDAP_CONTROL_VLVREQUEST,
+ ber, 1, ctrlp);
+
+ ber_free(ber, 1);
+ return(ld->ld_errno);
+
+exit:
+ ber_free(ber, 1);
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ return(ld->ld_errno);
+}
+
+
+/*---
+ ldap_parse_vlv_control
+
+ Decode the Virtual List View control return information.
+
+ ld (IN) An LDAP session handle.
+
+ ctrls (IN) The address of a NULL-terminated array of
+ LDAPControl structures, typically obtained
+ by a call to ldap_parse_result().
+
+ target_posp (OUT) This result parameter is filled in with the list
+ index of the target entry. If this parameter is
+ NULL, the target position is not returned.
+
+ list_countp (OUT) This result parameter is filled in with the server's
+ estimate of the size of the list. If this parameter
+ is NULL, the size is not returned.
+
+ contextp (OUT) This result parameter is filled in with the address
+ of a struct berval that contains the server-
+ generated context identifier if one was returned by
+ the server. If the server did not return a context
+ identifier, this parameter will be set to NULL, even
+ if an error occured.
+ The returned context SHOULD be used in the next call
+ to create a VLV sort control. The struct berval
+ returned SHOULD be disposed of by calling ber_bvfree()
+ when it is no longer needed. If NULL is passed for
+ contextp, the context identifier is not returned.
+
+ errcodep (OUT) This result parameter is filled in with the VLV
+ result code. If this parameter is NULL, the result
+ code is not returned.
+
+
+ Ber encoding
+
+ VirtualListViewResponse ::= SEQUENCE {
+ targetPosition INTEGER (0 .. maxInt),
+ contentCount INTEGER (0 .. maxInt),
+ virtualListViewResult ENUMERATED {
+ success (0),
+ operatonsError (1),
+ unwillingToPerform (53),
+ insufficientAccessRights (50),
+ busy (51),
+ timeLimitExceeded (3),
+ adminLimitExceeded (11),
+ sortControlMissing (60),
+ offsetRangeError (61),
+ other (80) },
+ contextID OCTET STRING OPTIONAL }
+
+---*/
+
+int
+ldap_parse_vlv_control(
+ LDAP *ld,
+ LDAPControl **ctrls,
+ unsigned long *target_posp,
+ unsigned long *list_countp,
+ struct berval **contextp,
+ int *errcodep )
+{
+ BerElement *ber;
+ LDAPControl *pControl;
+ int i;
+ unsigned long pos, count, err;
+ ber_tag_t tag, berTag;
+ ber_len_t berLen;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+
+ if (contextp) {
+ *contextp = NULL; /* Make sure we return a NULL if error occurs. */
+ }
+
+ if (ctrls == NULL) {
+ ld->ld_errno = LDAP_CONTROL_NOT_FOUND;
+ return(ld->ld_errno);
+ }
+
+ /* Search the list of control responses for a VLV control. */
+ for (i=0; ctrls[i]; i++) {
+ pControl = ctrls[i];
+ if (!strcmp(LDAP_CONTROL_VLVRESPONSE, pControl->ldctl_oid))
+ goto foundVLVControl;
+ }
+
+ /* No sort control was found. */
+ ld->ld_errno = LDAP_CONTROL_NOT_FOUND;
+ return(ld->ld_errno);
+
+foundVLVControl:
+ /* Create a BerElement from the berval returned in the control. */
+ ber = ber_init(&pControl->ldctl_value);
+
+ if (ber == NULL) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return(ld->ld_errno);
+ }
+
+ /* Extract the data returned in the control. */
+ tag = ber_scanf(ber, "{iie" /*}*/, &pos, &count, &err);
+
+ if( tag == LBER_ERROR) {
+ ber_free(ber, 1);
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return(ld->ld_errno);
+ }
+
+
+ /* Since the context is the last item encoded, if caller doesn't want
+ it returned, don't decode it. */
+ if (contextp) {
+ if (LDAP_VLVCONTEXT_IDENTIFIER == ber_peek_tag(ber, &berLen)) {
+ tag = ber_scanf(ber, "tO", &berTag, contextp);
+
+ if( tag == LBER_ERROR) {
+ ber_free(ber, 1);
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return(ld->ld_errno);
+ }
+ }
+ }
+
+ ber_free(ber, 1);
+
+ /* Return data to the caller for items that were requested. */
+ if (target_posp) {
+ *target_posp = pos;
+ }
+ if (list_countp) {
+ *list_countp = count;
+ }
+ if (errcodep) {
+ *errcodep = err;
+ }
+
+ ld->ld_errno = LDAP_SUCCESS;
+ return(ld->ld_errno);
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap/whoami.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap/whoami.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap/whoami.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,102 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/whoami.c,v 1.6.2.3 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This program was orignally developed by Kurt D. Zeilenga for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+/*
+ * LDAP Who Am I? (Extended) Operation <draft-zeilenga-ldap-authzid-xx.txt>
+ */
+
+int ldap_parse_whoami(
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval **authzid )
+{
+ int rc;
+ char *retoid = NULL;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( res != NULL );
+ assert( authzid != NULL );
+
+ *authzid = NULL;
+
+ rc = ldap_parse_extended_result( ld, res, &retoid, authzid, 0 );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_parse_whoami" );
+ return rc;
+ }
+
+ ber_memfree( retoid );
+ return rc;
+}
+
+int
+ldap_whoami( LDAP *ld,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ int rc;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( msgidp != NULL );
+
+ rc = ldap_extended_operation( ld, LDAP_EXOP_X_WHO_AM_I,
+ NULL, sctrls, cctrls, msgidp );
+
+ return rc;
+}
+
+int
+ldap_whoami_s(
+ LDAP *ld,
+ struct berval **authzid,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+ int rc;
+ int msgid;
+ LDAPMessage *res;
+
+ rc = ldap_whoami( ld, sctrls, cctrls, &msgid );
+ if ( rc != LDAP_SUCCESS ) return rc;
+
+ if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) {
+ return ld->ld_errno;
+ }
+
+ rc = ldap_parse_whoami( ld, res, authzid );
+ if( rc != LDAP_SUCCESS ) {
+ ldap_msgfree( res );
+ return rc;
+ }
+
+ return( ldap_result2error( ld, res, 1 ) );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/libldap_r/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap_r/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap_r/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,84 @@
+# Makefile.in for LDAP -lldap
+# $OpenLDAP: pkg/ldap/libraries/libldap_r/Makefile.in,v 1.70.2.5 2007/01/02 21:43:50 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+LIBRARY = libldap_r.la
+
+PROGRAMS = apitest ltest
+
+XXDIR = $(srcdir)/../libldap
+XXSRCS = apitest.c test.c \
+ bind.c open.c result.c error.c compare.c search.c \
+ controls.c messages.c references.c extended.c cyrus.c \
+ modify.c add.c modrdn.c delete.c abandon.c \
+ sasl.c sbind.c kbind.c unbind.c cancel.c \
+ filter.c free.c sort.c passwd.c whoami.c \
+ getdn.c getentry.c getattr.c getvalues.c addentry.c \
+ request.c os-ip.c url.c sortctrl.c vlvctrl.c \
+ init.c options.c print.c string.c util-int.c schema.c \
+ charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
+ turn.c groupings.c txn.c ppolicy.c
+SRCS = threads.c rdwr.c tpool.c rq.c \
+ thr_posix.c thr_cthreads.c thr_thr.c thr_lwp.c thr_nt.c \
+ thr_pth.c thr_stub.c thr_debug.c
+OBJS = threads.lo rdwr.lo tpool.lo rq.lo \
+ thr_posix.lo thr_cthreads.lo thr_thr.lo thr_lwp.lo thr_nt.lo \
+ thr_pth.lo thr_stub.lo thr_debug.lo \
+ bind.lo open.lo result.lo error.lo compare.lo search.lo \
+ controls.lo messages.lo references.lo extended.lo cyrus.lo \
+ modify.lo add.lo modrdn.lo delete.lo abandon.lo \
+ sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+ filter.lo free.lo sort.lo passwd.lo whoami.lo \
+ getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
+ request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
+ init.lo options.lo print.lo string.lo util-int.lo schema.lo \
+ charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
+ turn.lo groupings.lo txn.lo ppolicy.lo
+
+LDAP_INCDIR= ../../include
+LDAP_LIBDIR= ../../libraries
+
+LIB_DEFS = -DLDAP_LIBRARY
+
+XDEFS = -DLDAP_R_COMPILE -I$(XXDIR)
+XLIBS = $(LIBRARY) $(LDAP_LIBLBER_LA) $(LDAP_LIBLUTIL_A)
+XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS)
+XXXLIBS = $(LTHREAD_LIBS)
+NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
+UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
+
+.links : Makefile
+ @for i in $(XXSRCS); do \
+ $(RM) $$i ; \
+ $(LN_S) $(XXDIR)/$$i . ; \
+ done
+ touch .links
+
+$(XXSRCS) : .links
+
+clean-local: FORCE
+ @$(RM) .links
+
+depend-common: .links
+
+apitest: $(XLIBS) apitest.o
+ $(LTLINK) -o $@ apitest.o $(LIBS)
+ltest: $(XLIBS) test.o
+ $(LTLINK) -o $@ test.o $(LIBS)
+
+install-local: $(CFFILES) FORCE
+ -$(MKDIR) $(DESTDIR)$(libdir)
+ $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir)
+ $(LTFINISH) $(DESTDIR)$(libdir)
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap_r/ldap_thr_debug.h
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap_r/ldap_thr_debug.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap_r/ldap_thr_debug.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,175 @@
+/* ldap_thr_debug.h - preprocessor magic for LDAP_THREAD_DEBUG */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/ldap_thr_debug.h,v 1.1.2.3 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifdef LDAP_THREAD_DEBUG
+
+/*
+ * libldap_r .c files should include this file after ldap_pvt_thread.h,
+ * with the appropriate LDAP_THREAD*_IMPLEMENTATION macro defined.
+ */
+
+#ifndef _LDAP_PVT_THREAD_H
+#error "ldap_pvt_thread.h" must be included before "ldap_thr_debug.h"
+#endif
+
+/*
+ * Support for thr_debug.c:
+ *
+ * thr_debug.c defines the ldap_pvt_*() as wrappers around
+ * ldap_int_*(), and ldap_debug_*() around ldap_int_*().
+ *
+ * Renames ldap_pvt_thread_* names to ldap_int_thread_*, and a few
+ * ldap_int_*() names to ldap_debug_*(). Includes "ldap_pvt_thread.h"
+ * to declare these renamed functions, and undefines the macros
+ * afterwards when included from thr_debug.c. So,
+ *
+ * libldap_r/<not thr_debug.c> define ldap_int_* instead of ldap_pvt_*.
+ * In thread.c, ldap_pvt_thread_<initialize/destroy>() will call
+ * ldap_debug_*() instead of ldap_int_*().
+ * In tpool.c, ldap_int_thread_pool_shutdown() has thr_debug support
+ * which treats ldap_pvt_thread_pool_destroy() the same way.
+ */
+
+#ifndef LDAP_THREAD_IMPLEMENTATION /* for first part of threads.c */
+#define ldap_int_thread_initialize ldap_debug_thread_initialize
+#define ldap_int_thread_destroy ldap_debug_thread_destroy
+#else /* LDAP_THREAD_IMPLEMENTATION -- for thr_*.c and end of threads.c */
+#undef ldap_int_thread_initialize
+#undef ldap_int_thread_destroy
+#ifdef LDAP_THREAD_DEBUG_WRAP /* see ldap_pvt_thread.h */
+#define ldap_pvt_thread_mutex_t ldap_int_thread_mutex_t
+#define ldap_pvt_thread_cond_t ldap_int_thread_cond_t
+#endif
+#define ldap_pvt_thread_sleep ldap_int_thread_sleep
+#define ldap_pvt_thread_get_concurrency ldap_int_thread_get_concurrency
+#define ldap_pvt_thread_set_concurrency ldap_int_thread_set_concurrency
+#define ldap_pvt_thread_create ldap_int_thread_create
+#define ldap_pvt_thread_exit ldap_int_thread_exit
+#define ldap_pvt_thread_join ldap_int_thread_join
+#define ldap_pvt_thread_kill ldap_int_thread_kill
+#define ldap_pvt_thread_yield ldap_int_thread_yield
+#define ldap_pvt_thread_cond_init ldap_int_thread_cond_init
+#define ldap_pvt_thread_cond_destroy ldap_int_thread_cond_destroy
+#define ldap_pvt_thread_cond_signal ldap_int_thread_cond_signal
+#define ldap_pvt_thread_cond_broadcast ldap_int_thread_cond_broadcast
+#define ldap_pvt_thread_cond_wait ldap_int_thread_cond_wait
+#define ldap_pvt_thread_mutex_init ldap_int_thread_mutex_init
+#define ldap_pvt_thread_mutex_destroy ldap_int_thread_mutex_destroy
+#define ldap_pvt_thread_mutex_lock ldap_int_thread_mutex_lock
+#define ldap_pvt_thread_mutex_trylock ldap_int_thread_mutex_trylock
+#define ldap_pvt_thread_mutex_unlock ldap_int_thread_mutex_unlock
+#define ldap_pvt_thread_self ldap_int_thread_self
+#endif /* LDAP_THREAD_IMPLEMENTATION */
+
+#ifdef LDAP_THREAD_RDWR_IMPLEMENTATION /* rdwr.c, thr_debug.c */
+#ifdef LDAP_THREAD_DEBUG_WRAP /* see ldap_pvt_thread.h */
+#define ldap_pvt_thread_rdwr_t ldap_int_thread_rdwr_t
+#endif
+#define ldap_pvt_thread_rdwr_init ldap_int_thread_rdwr_init
+#define ldap_pvt_thread_rdwr_destroy ldap_int_thread_rdwr_destroy
+#define ldap_pvt_thread_rdwr_rlock ldap_int_thread_rdwr_rlock
+#define ldap_pvt_thread_rdwr_rtrylock ldap_int_thread_rdwr_rtrylock
+#define ldap_pvt_thread_rdwr_runlock ldap_int_thread_rdwr_runlock
+#define ldap_pvt_thread_rdwr_wlock ldap_int_thread_rdwr_wlock
+#define ldap_pvt_thread_rdwr_wtrylock ldap_int_thread_rdwr_wtrylock
+#define ldap_pvt_thread_rdwr_wunlock ldap_int_thread_rdwr_wunlock
+#define ldap_pvt_thread_rdwr_readers ldap_int_thread_rdwr_readers
+#define ldap_pvt_thread_rdwr_writers ldap_int_thread_rdwr_writers
+#define ldap_pvt_thread_rdwr_active ldap_int_thread_rdwr_active
+#endif /* LDAP_THREAD_RDWR_IMPLEMENTATION */
+
+#ifdef LDAP_THREAD_POOL_IMPLEMENTATION /* tpool.c, thr_stub.c, thr_debug.c */
+#ifdef LDAP_THREAD_DEBUG_WRAP /* see ldap_pvt_thread.h */
+#define ldap_pvt_thread_pool_t ldap_int_thread_pool_t
+#endif
+#define ldap_pvt_thread_pool_init ldap_int_thread_pool_init
+#define ldap_pvt_thread_pool_submit ldap_int_thread_pool_submit
+#define ldap_pvt_thread_pool_maxthreads ldap_int_thread_pool_maxthreads
+#define ldap_pvt_thread_pool_backload ldap_int_thread_pool_backload
+#define ldap_pvt_thread_pool_pause ldap_int_thread_pool_pause
+#define ldap_pvt_thread_pool_resume ldap_int_thread_pool_resume
+#define ldap_pvt_thread_pool_destroy ldap_int_thread_pool_destroy
+#define ldap_pvt_thread_pool_getkey ldap_int_thread_pool_getkey
+#define ldap_pvt_thread_pool_setkey ldap_int_thread_pool_setkey
+#define ldap_pvt_thread_pool_purgekey ldap_int_thread_pool_purgekey
+#define ldap_pvt_thread_pool_context ldap_int_thread_pool_context
+#define ldap_pvt_thread_pool_context_reset ldap_int_thread_pool_context_reset
+#endif /* LDAP_THREAD_POOL_IMPLEMENTATION */
+
+#undef _LDAP_PVT_THREAD_H
+#include "ldap_pvt_thread.h"
+
+#ifdef LDAP_THREAD_POOL_IMPLEMENTATION /* tpool.c */
+/*
+ * tpool.c:ldap_int_thread_pool_shutdown() needs this. Could not
+ * use it for ldap_pvt_thread.h above because of its use of LDAP_P().
+ */
+#undef ldap_pvt_thread_pool_destroy
+#define ldap_pvt_thread_pool_destroy(p,r) ldap_int_thread_pool_destroy(p,r)
+#endif
+
+#ifdef LDAP_THREAD_DEBUG_IMPLEMENTATION /* thr_debug.c */
+#undef ldap_pvt_thread_mutex_t
+#undef ldap_pvt_thread_cond_t
+#undef ldap_pvt_thread_sleep
+#undef ldap_pvt_thread_get_concurrency
+#undef ldap_pvt_thread_set_concurrency
+#undef ldap_pvt_thread_create
+#undef ldap_pvt_thread_exit
+#undef ldap_pvt_thread_join
+#undef ldap_pvt_thread_kill
+#undef ldap_pvt_thread_yield
+#undef ldap_pvt_thread_cond_init
+#undef ldap_pvt_thread_cond_destroy
+#undef ldap_pvt_thread_cond_signal
+#undef ldap_pvt_thread_cond_broadcast
+#undef ldap_pvt_thread_cond_wait
+#undef ldap_pvt_thread_mutex_init
+#undef ldap_pvt_thread_mutex_destroy
+#undef ldap_pvt_thread_mutex_lock
+#undef ldap_pvt_thread_mutex_trylock
+#undef ldap_pvt_thread_mutex_unlock
+#undef ldap_pvt_thread_self
+/* LDAP_THREAD_RDWR_IMPLEMENTATION: */
+#undef ldap_pvt_thread_rdwr_t
+#undef ldap_pvt_thread_rdwr_init
+#undef ldap_pvt_thread_rdwr_destroy
+#undef ldap_pvt_thread_rdwr_rlock
+#undef ldap_pvt_thread_rdwr_rtrylock
+#undef ldap_pvt_thread_rdwr_runlock
+#undef ldap_pvt_thread_rdwr_wlock
+#undef ldap_pvt_thread_rdwr_wtrylock
+#undef ldap_pvt_thread_rdwr_wunlock
+#undef ldap_pvt_thread_rdwr_readers
+#undef ldap_pvt_thread_rdwr_writers
+#undef ldap_pvt_thread_rdwr_active
+/* LDAP_THREAD_POOL_IMPLEMENTATION: */
+#undef ldap_pvt_thread_pool_t
+#undef ldap_pvt_thread_pool_init
+#undef ldap_pvt_thread_pool_submit
+#undef ldap_pvt_thread_pool_maxthreads
+#undef ldap_pvt_thread_pool_backload
+#undef ldap_pvt_thread_pool_pause
+#undef ldap_pvt_thread_pool_resume
+#undef ldap_pvt_thread_pool_destroy
+#undef ldap_pvt_thread_pool_getkey
+#undef ldap_pvt_thread_pool_setkey
+#undef ldap_pvt_thread_pool_purgekey
+#undef ldap_pvt_thread_pool_context
+#undef ldap_pvt_thread_pool_context_reset
+#endif /* LDAP_THREAD_DEBUG_IMPLEMENTATION */
+
+#endif /* LDAP_THREAD_DEBUG */
Added: openldap/vendor/openldap-2.3.35/libraries/libldap_r/rdwr.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap_r/rdwr.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap_r/rdwr.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,448 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/rdwr.c,v 1.23.2.5 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This work was initially developed by Kurt D. Zeilenga for inclusion
+ * in OpenLDAP Software. Additional significant contributors include:
+ * Stuart Lynne
+ */
+
+/*
+ * This is an improved implementation of Reader/Writer locks does
+ * not protect writers from starvation. That is, if a writer is
+ * currently waiting on a reader, any new reader will get
+ * the lock before the writer.
+ *
+ * Does not support cancellation nor does any status checking.
+ */
+/* Adapted from publically available examples for:
+ * "Programming with Posix Threads"
+ * by David R Butenhof, Addison-Wesley
+ * http://cseng.aw.com/bookpage.taf?ISBN=0-201-63392-2
+ */
+
+#include "portable.h"
+
+#include <ac/stdlib.h>
+
+#include <ac/errno.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+#include "ldap_pvt_thread.h" /* Get the thread interface */
+#define LDAP_THREAD_RDWR_IMPLEMENTATION
+#include "ldap_thr_debug.h" /* May rename the symbols defined below */
+
+/*
+ * implementations that provide their own compatible
+ * reader/writer locks define LDAP_THREAD_HAVE_RDWR
+ * in ldap_pvt_thread.h
+ */
+#ifndef LDAP_THREAD_HAVE_RDWR
+
+struct ldap_int_thread_rdwr_s {
+ ldap_pvt_thread_mutex_t ltrw_mutex;
+ ldap_pvt_thread_cond_t ltrw_read; /* wait for read */
+ ldap_pvt_thread_cond_t ltrw_write; /* wait for write */
+ int ltrw_valid;
+#define LDAP_PVT_THREAD_RDWR_VALID 0x0bad
+ int ltrw_r_active;
+ int ltrw_w_active;
+ int ltrw_r_wait;
+ int ltrw_w_wait;
+#ifdef LDAP_RDWR_DEBUG
+ /* keep track of who has these locks */
+#define MAX_READERS 32
+ ldap_pvt_thread_t ltrw_readers[MAX_READERS];
+ ldap_pvt_thread_t ltrw_writer;
+#endif
+};
+
+int
+ldap_pvt_thread_rdwr_init( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ struct ldap_int_thread_rdwr_s *rw;
+
+ assert( rwlock != NULL );
+
+ rw = (struct ldap_int_thread_rdwr_s *) LDAP_CALLOC( 1,
+ sizeof( struct ldap_int_thread_rdwr_s ) );
+ if ( !rw )
+ return LDAP_NO_MEMORY;
+
+ /* we should check return results */
+ ldap_pvt_thread_mutex_init( &rw->ltrw_mutex );
+ ldap_pvt_thread_cond_init( &rw->ltrw_read );
+ ldap_pvt_thread_cond_init( &rw->ltrw_write );
+
+ rw->ltrw_valid = LDAP_PVT_THREAD_RDWR_VALID;
+
+ *rwlock = rw;
+ return 0;
+}
+
+int
+ldap_pvt_thread_rdwr_destroy( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ struct ldap_int_thread_rdwr_s *rw;
+
+ assert( rwlock != NULL );
+ rw = *rwlock;
+
+ assert( rw != NULL );
+ assert( rw->ltrw_valid == LDAP_PVT_THREAD_RDWR_VALID );
+
+ if( rw->ltrw_valid != LDAP_PVT_THREAD_RDWR_VALID )
+ return LDAP_PVT_THREAD_EINVAL;
+
+ ldap_pvt_thread_mutex_lock( &rw->ltrw_mutex );
+
+ assert( rw->ltrw_w_active >= 0 );
+ assert( rw->ltrw_w_wait >= 0 );
+ assert( rw->ltrw_r_active >= 0 );
+ assert( rw->ltrw_r_wait >= 0 );
+
+ /* active threads? */
+ if( rw->ltrw_r_active > 0 || rw->ltrw_w_active > 0) {
+ ldap_pvt_thread_mutex_unlock( &rw->ltrw_mutex );
+ return LDAP_PVT_THREAD_EBUSY;
+ }
+
+ /* waiting threads? */
+ if( rw->ltrw_r_wait > 0 || rw->ltrw_w_wait > 0) {
+ ldap_pvt_thread_mutex_unlock( &rw->ltrw_mutex );
+ return LDAP_PVT_THREAD_EBUSY;
+ }
+
+ rw->ltrw_valid = 0;
+
+ ldap_pvt_thread_mutex_unlock( &rw->ltrw_mutex );
+
+ ldap_pvt_thread_mutex_destroy( &rw->ltrw_mutex );
+ ldap_pvt_thread_cond_destroy( &rw->ltrw_read );
+ ldap_pvt_thread_cond_destroy( &rw->ltrw_write );
+
+ LDAP_FREE(rw);
+ *rwlock = NULL;
+ return 0;
+}
+
+int ldap_pvt_thread_rdwr_rlock( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ struct ldap_int_thread_rdwr_s *rw;
+
+ assert( rwlock != NULL );
+ rw = *rwlock;
+
+ assert( rw != NULL );
+ assert( rw->ltrw_valid == LDAP_PVT_THREAD_RDWR_VALID );
+
+ if( rw->ltrw_valid != LDAP_PVT_THREAD_RDWR_VALID )
+ return LDAP_PVT_THREAD_EINVAL;
+
+ ldap_pvt_thread_mutex_lock( &rw->ltrw_mutex );
+
+ assert( rw->ltrw_w_active >= 0 );
+ assert( rw->ltrw_w_wait >= 0 );
+ assert( rw->ltrw_r_active >= 0 );
+ assert( rw->ltrw_r_wait >= 0 );
+
+ if( rw->ltrw_w_active > 0 ) {
+ /* writer is active */
+
+ rw->ltrw_r_wait++;
+
+ do {
+ ldap_pvt_thread_cond_wait(
+ &rw->ltrw_read, &rw->ltrw_mutex );
+ } while( rw->ltrw_w_active > 0 );
+
+ rw->ltrw_r_wait--;
+ assert( rw->ltrw_r_wait >= 0 );
+ }
+
+#ifdef LDAP_RDWR_DEBUG
+ rw->ltrw_readers[rw->ltrw_r_active] = ldap_pvt_thread_self();
+#endif
+ rw->ltrw_r_active++;
+
+
+ ldap_pvt_thread_mutex_unlock( &rw->ltrw_mutex );
+
+ return 0;
+}
+
+int ldap_pvt_thread_rdwr_rtrylock( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ struct ldap_int_thread_rdwr_s *rw;
+
+ assert( rwlock != NULL );
+ rw = *rwlock;
+
+ assert( rw != NULL );
+ assert( rw->ltrw_valid == LDAP_PVT_THREAD_RDWR_VALID );
+
+ if( rw->ltrw_valid != LDAP_PVT_THREAD_RDWR_VALID )
+ return LDAP_PVT_THREAD_EINVAL;
+
+ ldap_pvt_thread_mutex_lock( &rw->ltrw_mutex );
+
+ assert( rw->ltrw_w_active >= 0 );
+ assert( rw->ltrw_w_wait >= 0 );
+ assert( rw->ltrw_r_active >= 0 );
+ assert( rw->ltrw_r_wait >= 0 );
+
+ if( rw->ltrw_w_active > 0) {
+ ldap_pvt_thread_mutex_unlock( &rw->ltrw_mutex );
+ return LDAP_PVT_THREAD_EBUSY;
+ }
+
+#ifdef LDAP_RDWR_DEBUG
+ rw->ltrw_readers[rw->ltrw_r_active] = ldap_pvt_thread_self();
+#endif
+ rw->ltrw_r_active++;
+
+ ldap_pvt_thread_mutex_unlock( &rw->ltrw_mutex );
+
+ return 0;
+}
+
+int ldap_pvt_thread_rdwr_runlock( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ struct ldap_int_thread_rdwr_s *rw;
+
+ assert( rwlock != NULL );
+ rw = *rwlock;
+
+ assert( rw != NULL );
+ assert( rw->ltrw_valid == LDAP_PVT_THREAD_RDWR_VALID );
+
+ if( rw->ltrw_valid != LDAP_PVT_THREAD_RDWR_VALID )
+ return LDAP_PVT_THREAD_EINVAL;
+
+ ldap_pvt_thread_mutex_lock( &rw->ltrw_mutex );
+
+#ifdef LDAP_RDWR_DEBUG
+ /* Remove us from the list of readers */
+ { int i, j;
+ ldap_pvt_thread_t self = ldap_pvt_thread_self();
+
+ for (i=0; i<rw->ltrw_r_active;i++)
+ {
+ if (rw->ltrw_readers[i] == self) {
+ for (j=i; j<rw->ltrw_r_active-1; j++)
+ rw->ltrw_readers[j] = rw->ltrw_readers[j+1];
+ rw->ltrw_readers[j] = 0;
+ break;
+ }
+ }
+ }
+#endif
+ rw->ltrw_r_active--;
+
+ assert( rw->ltrw_w_active >= 0 );
+ assert( rw->ltrw_w_wait >= 0 );
+ assert( rw->ltrw_r_active >= 0 );
+ assert( rw->ltrw_r_wait >= 0 );
+
+ if (rw->ltrw_r_active == 0 && rw->ltrw_w_wait > 0 ) {
+ ldap_pvt_thread_cond_signal( &rw->ltrw_write );
+ }
+
+ ldap_pvt_thread_mutex_unlock( &rw->ltrw_mutex );
+
+ return 0;
+}
+
+int ldap_pvt_thread_rdwr_wlock( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ struct ldap_int_thread_rdwr_s *rw;
+
+ assert( rwlock != NULL );
+ rw = *rwlock;
+
+ assert( rw != NULL );
+ assert( rw->ltrw_valid == LDAP_PVT_THREAD_RDWR_VALID );
+
+ if( rw->ltrw_valid != LDAP_PVT_THREAD_RDWR_VALID )
+ return LDAP_PVT_THREAD_EINVAL;
+
+ ldap_pvt_thread_mutex_lock( &rw->ltrw_mutex );
+
+ assert( rw->ltrw_w_active >= 0 );
+ assert( rw->ltrw_w_wait >= 0 );
+ assert( rw->ltrw_r_active >= 0 );
+ assert( rw->ltrw_r_wait >= 0 );
+
+ if ( rw->ltrw_w_active > 0 || rw->ltrw_r_active > 0 ) {
+ rw->ltrw_w_wait++;
+
+ do {
+ ldap_pvt_thread_cond_wait(
+ &rw->ltrw_write, &rw->ltrw_mutex );
+ } while ( rw->ltrw_w_active > 0 || rw->ltrw_r_active > 0 );
+
+ rw->ltrw_w_wait--;
+ assert( rw->ltrw_w_wait >= 0 );
+ }
+
+#ifdef LDAP_RDWR_DEBUG
+ rw->ltrw_writer = ldap_pvt_thread_self();
+#endif
+ rw->ltrw_w_active++;
+
+ ldap_pvt_thread_mutex_unlock( &rw->ltrw_mutex );
+
+ return 0;
+}
+
+int ldap_pvt_thread_rdwr_wtrylock( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ struct ldap_int_thread_rdwr_s *rw;
+
+ assert( rwlock != NULL );
+ rw = *rwlock;
+
+ assert( rw != NULL );
+ assert( rw->ltrw_valid == LDAP_PVT_THREAD_RDWR_VALID );
+
+ if( rw->ltrw_valid != LDAP_PVT_THREAD_RDWR_VALID )
+ return LDAP_PVT_THREAD_EINVAL;
+
+ ldap_pvt_thread_mutex_lock( &rw->ltrw_mutex );
+
+ assert( rw->ltrw_w_active >= 0 );
+ assert( rw->ltrw_w_wait >= 0 );
+ assert( rw->ltrw_r_active >= 0 );
+ assert( rw->ltrw_r_wait >= 0 );
+
+ if ( rw->ltrw_w_active > 0 || rw->ltrw_r_active > 0 ) {
+ ldap_pvt_thread_mutex_unlock( &rw->ltrw_mutex );
+ return LDAP_PVT_THREAD_EBUSY;
+ }
+
+#ifdef LDAP_RDWR_DEBUG
+ rw->ltrw_writer = ldap_pvt_thread_self();
+#endif
+ rw->ltrw_w_active++;
+
+ ldap_pvt_thread_mutex_unlock( &rw->ltrw_mutex );
+
+ return 0;
+}
+
+int ldap_pvt_thread_rdwr_wunlock( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ struct ldap_int_thread_rdwr_s *rw;
+
+ assert( rwlock != NULL );
+ rw = *rwlock;
+
+ assert( rw != NULL );
+ assert( rw->ltrw_valid == LDAP_PVT_THREAD_RDWR_VALID );
+
+ if( rw->ltrw_valid != LDAP_PVT_THREAD_RDWR_VALID )
+ return LDAP_PVT_THREAD_EINVAL;
+
+ ldap_pvt_thread_mutex_lock( &rw->ltrw_mutex );
+
+ rw->ltrw_w_active--;
+
+ assert( rw->ltrw_w_active >= 0 );
+ assert( rw->ltrw_w_wait >= 0 );
+ assert( rw->ltrw_r_active >= 0 );
+ assert( rw->ltrw_r_wait >= 0 );
+
+ if (rw->ltrw_r_wait > 0) {
+ ldap_pvt_thread_cond_broadcast( &rw->ltrw_read );
+
+ } else if (rw->ltrw_w_wait > 0) {
+ ldap_pvt_thread_cond_signal( &rw->ltrw_write );
+ }
+
+#ifdef LDAP_RDWR_DEBUG
+ rw->ltrw_writer = 0;
+#endif
+ ldap_pvt_thread_mutex_unlock( &rw->ltrw_mutex );
+
+ return 0;
+}
+
+#ifdef LDAP_RDWR_DEBUG
+
+/* just for testing,
+ * return 0 if false, suitable for assert(ldap_pvt_thread_rdwr_Xchk(rdwr))
+ *
+ * Currently they don't check if the calling thread is the one
+ * that has the lock, just that there is a reader or writer.
+ *
+ * Basically sufficent for testing that places that should have
+ * a lock are caught.
+ */
+
+int ldap_pvt_thread_rdwr_readers(ldap_pvt_thread_rdwr_t *rwlock)
+{
+ struct ldap_int_thread_rdwr_s *rw;
+
+ assert( rwlock != NULL );
+ rw = *rwlock;
+
+ assert( rw != NULL );
+ assert( rw->ltrw_valid == LDAP_PVT_THREAD_RDWR_VALID );
+ assert( rw->ltrw_w_active >= 0 );
+ assert( rw->ltrw_w_wait >= 0 );
+ assert( rw->ltrw_r_active >= 0 );
+ assert( rw->ltrw_r_wait >= 0 );
+
+ return( rw->ltrw_r_active );
+}
+
+int ldap_pvt_thread_rdwr_writers(ldap_pvt_thread_rdwr_t *rwlock)
+{
+ struct ldap_int_thread_rdwr_s *rw;
+
+ assert( rwlock != NULL );
+ rw = *rwlock;
+
+ assert( rw != NULL );
+ assert( rw->ltrw_valid == LDAP_PVT_THREAD_RDWR_VALID );
+ assert( rw->ltrw_w_active >= 0 );
+ assert( rw->ltrw_w_wait >= 0 );
+ assert( rw->ltrw_r_active >= 0 );
+ assert( rw->ltrw_r_wait >= 0 );
+
+ return( rw->ltrw_w_active );
+}
+
+int ldap_pvt_thread_rdwr_active(ldap_pvt_thread_rdwr_t *rwlock)
+{
+ struct ldap_int_thread_rdwr_s *rw;
+
+ assert( rwlock != NULL );
+ rw = *rwlock;
+
+ assert( rw != NULL );
+ assert( rw->ltrw_valid == LDAP_PVT_THREAD_RDWR_VALID );
+ assert( rw->ltrw_w_active >= 0 );
+ assert( rw->ltrw_w_wait >= 0 );
+ assert( rw->ltrw_r_active >= 0 );
+ assert( rw->ltrw_r_wait >= 0 );
+
+ return(ldap_pvt_thread_rdwr_readers(rwlock) +
+ ldap_pvt_thread_rdwr_writers(rwlock));
+}
+
+#endif /* LDAP_RDWR_DEBUG */
+
+#endif /* LDAP_THREAD_HAVE_RDWR */
Added: openldap/vendor/openldap-2.3.35/libraries/libldap_r/rq.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap_r/rq.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap_r/rq.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,221 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/rq.c,v 1.17.2.5 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This work was initially developed by Jong Hyuk Choi for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdarg.h>
+#include <ac/stdlib.h>
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+#include "ldap_pvt_thread.h"
+#include "ldap_queue.h"
+#include "ldap_rq.h"
+
+struct re_s *
+ldap_pvt_runqueue_insert(
+ struct runqueue_s* rq,
+ time_t interval,
+ ldap_pvt_thread_start_t *routine,
+ void *arg,
+ char *tname,
+ char *tspec
+)
+{
+ struct re_s* entry;
+
+ entry = (struct re_s *) LDAP_CALLOC( 1, sizeof( struct re_s ));
+ if ( entry ) {
+ entry->interval.tv_sec = interval;
+ entry->interval.tv_usec = 0;
+ entry->next_sched.tv_sec = time( NULL );
+ entry->next_sched.tv_usec = 0;
+ entry->routine = routine;
+ entry->arg = arg;
+ entry->tname = tname;
+ entry->tspec = tspec;
+ LDAP_STAILQ_INSERT_HEAD( &rq->task_list, entry, tnext );
+ }
+ return entry;
+}
+
+struct re_s *
+ldap_pvt_runqueue_find(
+ struct runqueue_s *rq,
+ ldap_pvt_thread_start_t *routine,
+ void *arg
+)
+{
+ struct re_s* e;
+
+ LDAP_STAILQ_FOREACH( e, &rq->task_list, tnext ) {
+ if ( e->routine == routine && e->arg == arg )
+ return e;
+ }
+ return NULL;
+}
+
+void
+ldap_pvt_runqueue_remove(
+ struct runqueue_s* rq,
+ struct re_s* entry
+)
+{
+ struct re_s* e;
+
+ LDAP_STAILQ_FOREACH( e, &rq->task_list, tnext ) {
+ if ( e == entry)
+ break;
+ }
+
+ assert( e == entry );
+
+ LDAP_STAILQ_REMOVE( &rq->task_list, entry, re_s, tnext );
+
+ LDAP_FREE( entry );
+}
+
+struct re_s*
+ldap_pvt_runqueue_next_sched(
+ struct runqueue_s* rq,
+ struct timeval* next_run
+)
+{
+ struct re_s* entry;
+
+ entry = LDAP_STAILQ_FIRST( &rq->task_list );
+ if ( entry == NULL || entry->next_sched.tv_sec == 0 ) {
+ return NULL;
+ } else {
+ *next_run = entry->next_sched;
+ return entry;
+ }
+}
+
+void
+ldap_pvt_runqueue_runtask(
+ struct runqueue_s* rq,
+ struct re_s* entry
+)
+{
+ LDAP_STAILQ_INSERT_TAIL( &rq->run_list, entry, rnext );
+}
+
+void
+ldap_pvt_runqueue_stoptask(
+ struct runqueue_s* rq,
+ struct re_s* entry
+)
+{
+ LDAP_STAILQ_REMOVE( &rq->run_list, entry, re_s, rnext );
+}
+
+int
+ldap_pvt_runqueue_isrunning(
+ struct runqueue_s* rq,
+ struct re_s* entry
+)
+{
+ struct re_s* e;
+
+ LDAP_STAILQ_FOREACH( e, &rq->run_list, rnext ) {
+ if ( e == entry ) {
+ return 1;
+ }
+ }
+ return 0;
+}
+
+void
+ldap_pvt_runqueue_resched(
+ struct runqueue_s* rq,
+ struct re_s* entry,
+ int defer
+)
+{
+ struct re_s* prev;
+ struct re_s* e;
+
+ LDAP_STAILQ_FOREACH( e, &rq->task_list, tnext ) {
+ if ( e == entry )
+ break;
+ }
+
+ assert ( e == entry );
+
+ LDAP_STAILQ_REMOVE( &rq->task_list, entry, re_s, tnext );
+
+ if ( !defer ) {
+ entry->next_sched.tv_sec = time( NULL ) + entry->interval.tv_sec;
+ } else {
+ entry->next_sched.tv_sec = 0;
+ }
+
+ if ( LDAP_STAILQ_EMPTY( &rq->task_list )) {
+ LDAP_STAILQ_INSERT_HEAD( &rq->task_list, entry, tnext );
+ } else if ( entry->next_sched.tv_sec == 0 ) {
+ LDAP_STAILQ_INSERT_TAIL( &rq->task_list, entry, tnext );
+ } else {
+ prev = NULL;
+ LDAP_STAILQ_FOREACH( e, &rq->task_list, tnext ) {
+ if ( e->next_sched.tv_sec == 0 ) {
+ if ( prev == NULL ) {
+ LDAP_STAILQ_INSERT_HEAD( &rq->task_list, entry, tnext );
+ } else {
+ LDAP_STAILQ_INSERT_AFTER( &rq->task_list, prev, entry, tnext );
+ }
+ return;
+ } else if ( e->next_sched.tv_sec > entry->next_sched.tv_sec ) {
+ if ( prev == NULL ) {
+ LDAP_STAILQ_INSERT_HEAD( &rq->task_list, entry, tnext );
+ } else {
+ LDAP_STAILQ_INSERT_AFTER( &rq->task_list, prev, entry, tnext );
+ }
+ return;
+ }
+ prev = e;
+ }
+ LDAP_STAILQ_INSERT_TAIL( &rq->task_list, entry, tnext );
+ }
+}
+
+int
+ldap_pvt_runqueue_persistent_backload(
+ struct runqueue_s* rq
+)
+{
+ struct re_s* e;
+ int count = 0;
+
+ ldap_pvt_thread_mutex_lock( &rq->rq_mutex );
+ if ( !LDAP_STAILQ_EMPTY( &rq->task_list )) {
+ LDAP_STAILQ_FOREACH( e, &rq->task_list, tnext ) {
+ if ( e->next_sched.tv_sec == 0 )
+ count++;
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &rq->rq_mutex );
+ return count;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_cthreads.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_cthreads.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_cthreads.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,156 @@
+/* thr_cthreads.c - wrapper for mach cthreads */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_cthreads.c,v 1.17.2.4 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This work was initially developed by Luke Howard for inclusion
+ * in U-MICH LDAP 3.3.
+ */
+
+#include "portable.h"
+
+#if defined( HAVE_MACH_CTHREADS )
+#include "ldap_pvt_thread.h" /* Get the thread interface */
+#define LDAP_THREAD_IMPLEMENTATION
+#include "ldap_thr_debug.h" /* May rename the symbols defined below */
+
+int
+ldap_int_thread_initialize( void )
+{
+ return 0;
+}
+
+int
+ldap_int_thread_destroy( void )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_create( ldap_pvt_thread_t * thread,
+ int detach,
+ void *(*start_routine)( void *), void *arg)
+{
+ *thread = cthread_fork( (cthread_fn_t) start_routine, arg);
+ return ( *thread == NULL ? -1 : 0 );
+}
+
+void
+ldap_pvt_thread_exit( void *retval )
+{
+ cthread_exit( (any_t) retval );
+}
+
+int
+ldap_pvt_thread_join( ldap_pvt_thread_t thread, void **thread_return )
+{
+ void *status;
+ status = (void *) cthread_join ( thread );
+ if (thread_return != NULL)
+ {
+ *thread_return = status;
+ }
+ return 0;
+}
+
+int
+ldap_pvt_thread_kill( ldap_pvt_thread_t thread, int signo )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_yield( void )
+{
+ cthread_yield();
+ return 0;
+}
+
+int
+ldap_pvt_thread_cond_init( ldap_pvt_thread_cond_t *cond )
+{
+ condition_init( cond );
+ return( 0 );
+}
+
+int
+ldap_pvt_thread_cond_destroy( ldap_pvt_thread_cond_t *cond )
+{
+ condition_clear( cond );
+ return( 0 );
+}
+
+int
+ldap_pvt_thread_cond_signal( ldap_pvt_thread_cond_t *cond )
+{
+ condition_signal( cond );
+ return( 0 );
+}
+
+int
+ldap_pvt_thread_cond_broadcast( ldap_pvt_thread_cond_t *cond )
+{
+ condition_broadcast( cond );
+ return( 0 );
+}
+
+int
+ldap_pvt_thread_cond_wait( ldap_pvt_thread_cond_t *cond,
+ ldap_pvt_thread_mutex_t *mutex )
+{
+ condition_wait( cond, mutex );
+ return( 0 );
+}
+
+int
+ldap_pvt_thread_mutex_init( ldap_pvt_thread_mutex_t *mutex )
+{
+ mutex_init( mutex );
+ mutex->name = NULL;
+ return ( 0 );
+}
+
+int
+ldap_pvt_thread_mutex_destroy( ldap_pvt_thread_mutex_t *mutex )
+{
+ mutex_clear( mutex );
+ return ( 0 );
+}
+
+int
+ldap_pvt_thread_mutex_lock( ldap_pvt_thread_mutex_t *mutex )
+{
+ mutex_lock( mutex );
+ return ( 0 );
+}
+
+int
+ldap_pvt_thread_mutex_unlock( ldap_pvt_thread_mutex_t *mutex )
+{
+ mutex_unlock( mutex );
+ return ( 0 );
+}
+
+int
+ldap_pvt_thread_mutex_trylock( ldap_pvt_thread_mutex_t *mutex )
+{
+ return mutex_try_lock( mutex );
+}
+
+ldap_pvt_thread_t
+ldap_pvt_thread_self( void )
+{
+ return cthread_self();
+}
+
+#endif /* HAVE_MACH_CTHREADS */
Added: openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_debug.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_debug.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_debug.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1030 @@
+/* thr_debug.c - wrapper around the chosen thread wrapper, for debugging. */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_debug.c,v 1.1.2.4 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * This package provides three types of thread operation debugging:
+ *
+ * - Print error messages and abort() when thread operations fail:
+ * Operations on threads, mutexes, condition variables, rdwr locks.
+ * Some thread pool operations are also checked, but not those for
+ * which failure can happen in normal slapd operation.
+ *
+ * - Wrap those types except threads and pools in structs that
+ * contain a state variable or a pointer to dummy allocated memory,
+ * and check that on all operations. The dummy memory variant lets
+ * malloc debuggers see some incorrect use as memory leaks, access
+ * to freed memory, etc.
+ *
+ * - Print a count of leaked thread resources after cleanup.
+ *
+ * Compile-time (./configure) setup: Macros defined in CPPFLAGS.
+ *
+ * LDAP_THREAD_DEBUG or LDAP_THREAD_DEBUG=2
+ * Enables debugging, but value & 2 turns off type wrapping.
+ *
+ * LDAP_UINTPTR_T=integer type to hold pointers, preferably unsigned.
+ * Used by dummy memory option "scramble". Default = unsigned long.
+ *
+ * In addition, you may need to set up an implementation-specific way
+ * to enable whatever error checking your thread library provides.
+ * Currently only implemented for Posix threads (pthreads), where
+ * you may need to define LDAP_INT_THREAD_MUTEXATTR. The default
+ * is PTHREAD_MUTEX_ERRORCHECK, or PTHREAD_MUTEX_ERRORCHECK_NP for
+ * Linux threads. See pthread_mutexattr_settype(3).
+ *
+ * Run-time configuration: Environment variable LDAP_THREAD_DEBUG.
+ *
+ * The variable may contain a comma- or space-separated option list.
+ * Options:
+ * off - Disable this package.
+ * Error checking:
+ * noabort - Do not abort() on errors.
+ * noerror - Do not report errors. Implies noabort.
+ * nocount - Do not report counts of unreleased resources.
+ * State variable/dummy memory, unless type wrapping is disabled:
+ * noalloc - Default. Use a state variable, not dummy memory.
+ * dupinit - Implies noalloc. Check if resources that have
+ * not been destroyed are reinitialized. Tools that
+ * report uninitialized memory access should disable
+ * such warnings about debug_already_initialized().
+ * alloc - Allocate dummy memory and store pointers as-is.
+ * Malloc debuggers might not notice unreleased
+ * resources in global variables as memory leaks.
+ * scramble - Store bitwise complement of dummy memory pointer.
+ * That never escapes memory leak detectors -
+ * but detection while the program is running will
+ * report active resources as leaks. Do not
+ * use this if a garbage collector is in use:-)
+ * adjptr - Point to end of dummy memory.
+ * Purify reports these as "potential leaks" (PLK).
+ * I have not checked other malloc debuggers.
+ * Tracing:
+ * tracethreads - Report create/join/exit/kill of threads.
+ */
+
+#include "portable.h"
+
+#if defined( LDAP_THREAD_DEBUG )
+
+#include <stdio.h>
+#include <ac/errno.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+
+#include "ldap_pvt_thread.h" /* Get the thread interface */
+#define LDAP_THREAD_IMPLEMENTATION
+#define LDAP_THREAD_DEBUG_IMPLEMENTATION
+#define LDAP_THREAD_RDWR_IMPLEMENTATION
+#define LDAP_THREAD_POOL_IMPLEMENTATION
+#include "ldap_thr_debug.h" /* Get the underlying implementation */
+
+
+/* Options from environment variable $LDAP_THREAD_DEBUG */
+enum { Count_no = 0, Count_yes, Count_reported, Count_reported_more };
+static int nodebug, noabort, noerror, count = Count_yes, options_done;
+#ifdef LDAP_THREAD_DEBUG_WRAP
+enum { Wrap_noalloc, Wrap_alloc, Wrap_scramble, Wrap_adjptr };
+static int dupinit, wraptype = Wrap_noalloc, wrap_offset, unwrap_offset;
+#endif
+static int tracethreads;
+
+static int threading_enabled;
+
+enum {
+ Idx_unexited_thread, Idx_unjoined_thread, Idx_locked_mutex,
+ Idx_mutex, Idx_cond, Idx_rdwr, Idx_tpool, Idx_max
+};
+static int resource_counts[Idx_max];
+static const char *const resource_names[] = {
+ "unexited threads", "unjoined threads", "locked mutexes",
+ "mutexes", "conds", "rdwrs", "thread pools"
+};
+static ldap_int_thread_mutex_t resource_mutexes[Idx_max];
+
+
+/*
+ * Making ldap_pvt_thread_t a wrapper around ldap_int_thread_t would
+ * slow down ldap_pvt_thread_self(), so keep a list of threads instead.
+ */
+typedef struct ldap_debug_thread_s {
+ ldap_pvt_thread_t wrapped;
+ ldap_debug_usage_info_t usage;
+ int detached;
+ int freeme, idx;
+} ldap_debug_thread_t;
+
+static ldap_debug_thread_t **thread_info;
+static unsigned int thread_info_size, thread_info_used;
+static ldap_int_thread_mutex_t thread_info_mutex;
+
+
+#define WARN(var, msg) (warn (__FILE__, __LINE__, (msg), #var, (var)))
+#define ERROR(var,msg) (error(__FILE__, __LINE__, (msg), #var, (var)))
+#define WARN_IF(rc, msg) {if (rc) warn (__FILE__, __LINE__, (msg), #rc, (rc));}
+#define ERROR_IF(rc,msg) {if (rc) error(__FILE__, __LINE__, (msg), #rc, (rc));}
+
+#if 0
+static void
+warn( const char *file, int line, const char *msg, const char *var, int val )
+{
+ fprintf( stderr, "%s:%d: %s warning: %s is %d\n",
+ file, line, msg, var, val );
+}
+#endif
+
+static void
+error( const char *file, int line, const char *msg, const char *var, int val )
+{
+ if( !noerror ) {
+ fprintf( stderr, "%s:%d: %s error: %s is %d\n",
+ file, line, msg, var, val );
+ if( !noabort )
+ abort();
+ }
+}
+
+static void
+count_resource_leaks( void )
+{
+ int i, j;
+ char errbuf[200], *delim = "Leaked";
+ if( count == Count_yes ) {
+ count = Count_reported;
+#if 0 /* Could break if there are still threads after atexit */
+ for( i = j = 0; i < Idx_max; i++ )
+ j |= ldap_int_thread_mutex_destroy( &resource_mutexes[i] );
+ WARN_IF( j, "ldap_debug_thread_destroy:mutexes" );
+#endif
+ for( i = j = 0; i < Idx_max; i++ ) {
+ if( resource_counts[i] ) {
+ j += sprintf( errbuf + j, "%s %d %s",
+ delim, resource_counts[i], resource_names[i] );
+ delim = ",";
+ }
+ }
+ if( j )
+ fprintf( stderr, "%s:%d: %s.\n", __FILE__, __LINE__, errbuf );
+ }
+}
+
+static void
+get_options( void )
+{
+ static const struct option_info_s {
+ const char *name;
+ int *var, val;
+ } option_info[] = {
+ { "off", &nodebug, 1 },
+ { "noabort", &noabort, 1 },
+ { "noerror", &noerror, 1 },
+ { "nocount", &count, Count_no },
+#ifdef LDAP_THREAD_DEBUG_WRAP
+ { "noalloc", &wraptype, Wrap_noalloc },
+ { "dupinit", &dupinit, 1 },
+ { "alloc", &wraptype, Wrap_alloc },
+ { "adjptr", &wraptype, Wrap_adjptr },
+ { "scramble", &wraptype, Wrap_scramble },
+#endif
+ { "tracethreads", &tracethreads, 1 },
+ { NULL, NULL, 0 }
+ };
+ const char *s = getenv( "LDAP_THREAD_DEBUG" );
+ if( s != NULL ) {
+ while( *(s += strspn( s, ", \t\r\n" )) != '\0' ) {
+ size_t optlen = strcspn( s, ", \t\r\n" );
+ const struct option_info_s *oi;
+ for( oi = option_info; oi->name; oi++ ) {
+ if( strncasecmp( oi->name, s, optlen ) == 0 ) {
+ if( oi->name && oi->name[optlen] == '\0' ) {
+ *oi->var = oi->val;
+ } else {
+ fprintf( stderr, "Unknown $%s option '%.*s'\n",
+ "LDAP_THREAD_DEBUG", (int) optlen, s );
+ }
+ break;
+ }
+ }
+ s += optlen;
+ }
+ }
+ if( nodebug ) {
+ noabort = noerror = 1;
+ tracethreads = dupinit = 0;
+ count = Count_no;
+ }
+#ifdef LDAP_THREAD_DEBUG_WRAP
+ if( nodebug || dupinit ) {
+ wraptype = Wrap_noalloc;
+ } else if( wraptype == Wrap_scramble ) {
+ const unsigned char *dummy = (const unsigned char *)&option_info;
+ if( sizeof(LDAP_UINTPTR_T) < sizeof(void *)
+ || (unsigned char *)~~(LDAP_UINTPTR_T) dummy != dummy
+ || (unsigned char *)~~(LDAP_UINTPTR_T) (unsigned char *)0 )
+ {
+ fprintf( stderr, "Misconfigured for $%s %s. Using %s.\n",
+ "LDAP_THREAD_DEBUG", "scramble", "adjptr" );
+ wraptype = Wrap_adjptr;
+ }
+ }
+ unwrap_offset = -(wrap_offset = (wraptype == Wrap_adjptr));
+#endif
+ options_done = 1;
+}
+
+
+static char *
+thread_name( char *buf, int bufsize, ldap_pvt_thread_t thread )
+{
+ int i;
+ --bufsize;
+ if( bufsize > 2*sizeof(thread) )
+ bufsize = 2*sizeof(thread);
+ for( i = 0; i < bufsize; i += 2 )
+ snprintf( buf+i, 3, "%02x", ((unsigned char *)&thread)[i/2] );
+ return buf;
+}
+
+static void
+exit_thread_message( const ldap_pvt_thread_t thread )
+{
+ if( tracethreads ) {
+ char buf[40];
+ fprintf( stderr, "== Exiting thread %s ==\n",
+ thread_name( buf, sizeof(buf), thread ) );
+ }
+}
+
+
+#ifndef LDAP_THREAD_DEBUG_WRAP
+
+#define WRAPPED(ptr) (ptr)
+#define alloc_usage(ptr, msg) ((void) 0)
+#define check_usage(ptr, msg) ((void) 0)
+#define free_usage(ptr, msg) ((void) 0)
+
+#define with_threads_lock(statement) { statement; }
+#define get_new_thread_info(msg) NULL
+#define update_thread_info(ti, th, det) {}
+#define remove_thread_info(ti, msg) ((void)0)
+#define get_thread_info(thread, msg) NULL
+#define exiting_thread(msg) exit_thread_message(ldap_pvt_thread_self())
+
+#else /* LDAP_THREAD_DEBUG_WRAP */
+
+#define WRAPPED(ptr) (&(ptr)->wrapped)
+
+#define INITED_VALUE 0x12345678UL
+#define INITED_BYTE_VALUE 0xd5
+
+static int
+debug_already_initialized( const LDAP_UINTPTR_T *num )
+{
+ /* Valid programs will access uninitialized memory if dupinit */
+ return dupinit && *num == INITED_VALUE;
+}
+
+static void
+alloc_usage( ldap_debug_usage_info_t *usage, const char *msg )
+{
+ if( !options_done )
+ get_options();
+ if( wraptype == Wrap_noalloc ) {
+ ERROR_IF( debug_already_initialized( &usage->num ), msg );
+ usage->num = INITED_VALUE;
+ } else {
+ unsigned char *dummy = malloc( 1 );
+ assert( dummy != NULL );
+ *dummy = INITED_BYTE_VALUE;
+ if( wraptype == Wrap_scramble ) {
+ usage->num = ~(LDAP_UINTPTR_T) dummy;
+ assert( (unsigned char *)~usage->num == dummy );
+ } else {
+ usage->ptr = dummy + wrap_offset;
+ }
+ }
+}
+
+static void
+check_usage( ldap_debug_usage_info_t *usage, const char *msg )
+{
+ if( wraptype == Wrap_noalloc ) {
+ ERROR_IF( usage->num != INITED_VALUE, msg );
+ } else if( wraptype == Wrap_scramble ) {
+ ERROR_IF( !usage->num, msg );
+ ERROR_IF( *(unsigned char *)~usage->num != INITED_BYTE_VALUE, msg );
+ } else {
+ ERROR_IF( !usage->ptr, msg );
+ ERROR_IF( usage->ptr[unwrap_offset] != INITED_BYTE_VALUE, msg );
+ }
+}
+
+static void
+free_usage( ldap_debug_usage_info_t *usage, const char *msg )
+{
+ if( wraptype == Wrap_noalloc ) {
+ usage->num = ~(LDAP_UINTPTR_T)INITED_VALUE;
+ } else {
+ unsigned char *dummy = (wraptype == Wrap_scramble
+ ? (unsigned char *)~usage->num
+ : usage->ptr + unwrap_offset);
+ *(volatile unsigned char *)dummy = (unsigned char)-1;
+ free( dummy );
+ }
+}
+
+#define with_threads_lock(statement) { \
+ if( !nodebug ) { \
+ int rc_wtl_ = ldap_int_thread_mutex_lock( &thread_info_mutex ); \
+ assert( rc_wtl_ == 0 ); \
+ } \
+ statement; \
+ if( !nodebug ) { \
+ int rc_wtl_ = ldap_int_thread_mutex_unlock( &thread_info_mutex ); \
+ assert( rc_wtl_ == 0 ); \
+ } \
+}
+
+static ldap_debug_thread_t *
+get_new_thread_info( const char *msg )
+{
+ if( nodebug )
+ return NULL;
+ if( thread_info_used >= thread_info_size ) {
+ unsigned int more = thread_info_size + 1; /* debug value. increase. */
+ unsigned int new_size = thread_info_size + more;
+ ldap_debug_thread_t *t = calloc( more, sizeof(ldap_debug_thread_t) );
+ assert( t != NULL );
+ t->freeme = 1;
+ thread_info = realloc( thread_info, new_size * sizeof(*thread_info) );
+ assert( thread_info != NULL );
+ while( thread_info_size < new_size ) {
+ t->idx = thread_info_size;
+ thread_info[thread_info_size++] = t++;
+ }
+ }
+ alloc_usage( &thread_info[thread_info_used]->usage, msg );
+ return thread_info[thread_info_used++];
+}
+
+static void
+update_thread_info(
+ ldap_debug_thread_t *t,
+ const ldap_pvt_thread_t *thread,
+ int detached )
+{
+ if( !nodebug ) {
+ t->wrapped = *thread;
+ t->detached = detached;
+ }
+}
+
+static void
+remove_thread_info( ldap_debug_thread_t *t, const char *msg )
+{
+ if( !nodebug ) {
+ ldap_debug_thread_t *last;
+ int idx;
+ free_usage( &t->usage, msg );
+ idx = t->idx;
+ assert( thread_info[idx] == t );
+ last = thread_info[--thread_info_used];
+ assert( last->idx == thread_info_used );
+ (thread_info[idx] = last)->idx = idx;
+ (thread_info[thread_info_used] = t )->idx = thread_info_used;
+ }
+}
+
+ldap_debug_thread_t *
+get_thread_info( ldap_pvt_thread_t *thread, const char *msg )
+{
+ unsigned int i;
+ ldap_debug_thread_t *t;
+ if( nodebug )
+ return NULL;
+ for( i = 0; i < thread_info_used; i++ ) {
+ if( ldap_pvt_thread_equal( *thread, thread_info[i]->wrapped ) )
+ break;
+ }
+ ERROR_IF( i == thread_info_used, msg );
+ t = thread_info[i];
+ check_usage( &t->usage, msg );
+ return t;
+}
+
+static void
+exiting_thread( const char *msg )
+{
+ if( !nodebug ) {
+ ldap_pvt_thread_t thread;
+ thread = ldap_pvt_thread_self();
+ exit_thread_message( thread );
+ with_threads_lock({
+ ldap_debug_thread_t *t = get_thread_info( &thread, msg );
+ if( t->detached )
+ remove_thread_info( t, msg );
+ });
+ }
+}
+
+#endif /* LDAP_THREAD_DEBUG_WRAP */
+
+
+static void
+adjust_count( int which, int adjust )
+{
+ int rc;
+ switch( count ) {
+ case Count_no:
+ break;
+ case Count_yes:
+ rc = ldap_int_thread_mutex_lock( &resource_mutexes[which] );
+ assert( rc == 0 );
+ resource_counts[which] += adjust;
+ rc = ldap_int_thread_mutex_unlock( &resource_mutexes[which] );
+ assert( rc == 0 );
+ break;
+ case Count_reported:
+ fputs( "...more ldap_debug_thread activity after exit...\n", stderr );
+ count = Count_reported_more;
+ /* FALL THROUGH */
+ case Count_reported_more:
+ /* Not used, but result might be inspected with debugger */
+ /* (Hopefully threading is disabled by now...) */
+ resource_counts[which] += adjust;
+ break;
+ }
+}
+
+
+/* Wrappers for LDAP_THREAD_IMPLEMENTATION: */
+
+/* Used instead of ldap_int_thread_initialize by ldap_pvt_thread_initialize */
+int
+ldap_debug_thread_initialize( void )
+{
+ int i, rc, rc2;
+ if( !options_done )
+ get_options();
+ ERROR_IF( threading_enabled, "ldap_debug_thread_initialize" );
+ threading_enabled = 1;
+ rc = ldap_int_thread_initialize();
+ if( rc ) {
+ ERROR( rc, "ldap_debug_thread_initialize:threads" );
+ threading_enabled = 0;
+ } else {
+ rc2 = ldap_int_thread_mutex_init( &thread_info_mutex );
+ assert( rc2 == 0 );
+ if( count != Count_no ) {
+ for( i = rc2 = 0; i < Idx_max; i++ )
+ rc2 |= ldap_int_thread_mutex_init( &resource_mutexes[i] );
+ assert( rc2 == 0 );
+ /* FIXME: Only for static libldap_r as in init.c? If so, why? */
+ atexit( count_resource_leaks );
+ }
+ }
+ return rc;
+}
+
+/* Used instead of ldap_int_thread_destroy by ldap_pvt_thread_destroy */
+int
+ldap_debug_thread_destroy( void )
+{
+ int rc;
+ ERROR_IF( !threading_enabled, "ldap_debug_thread_destroy" );
+ /* sleep(1) -- need to wait for thread pool to finish? */
+ rc = ldap_int_thread_destroy();
+ if( rc ) {
+ ERROR( rc, "ldap_debug_thread_destroy:threads" );
+ } else {
+ threading_enabled = 0;
+ }
+ return rc;
+}
+
+int
+ldap_pvt_thread_set_concurrency( int n )
+{
+ int rc;
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_set_concurrency" );
+ rc = ldap_int_thread_set_concurrency( n );
+ ERROR_IF( rc, "ldap_pvt_thread_set_concurrency" );
+ return rc;
+}
+
+int
+ldap_pvt_thread_get_concurrency( void )
+{
+ int rc;
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_get_concurrency" );
+ rc = ldap_int_thread_get_concurrency();
+ ERROR_IF( rc, "ldap_pvt_thread_get_concurrency" );
+ return rc;
+}
+
+unsigned int
+ldap_pvt_thread_sleep( unsigned int interval )
+{
+ int rc;
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_sleep" );
+ rc = ldap_int_thread_sleep( interval );
+ ERROR_IF( rc, "ldap_pvt_thread_sleep" );
+ return 0;
+}
+
+int
+ldap_pvt_thread_create(
+ ldap_pvt_thread_t *thread,
+ int detach,
+ void *(*start_routine)( void * ),
+ void *arg )
+{
+ int rc;
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_create" );
+ if( !options_done )
+ get_options();
+ with_threads_lock({
+ ldap_debug_thread_t *t;
+ t = get_new_thread_info( "ldap_pvt_thread_create" );
+ rc = ldap_int_thread_create( thread, detach, start_routine, arg );
+ if( rc ) {
+ ERROR( rc, "ldap_pvt_thread_create" );
+ remove_thread_info( t, "ldap_pvt_thread_init" );
+ } else {
+ update_thread_info( t, thread, detach );
+ }
+ });
+ if( rc == 0 ) {
+ if( tracethreads ) {
+ char buf[40];
+ fprintf( stderr, "== Created thread %s%s ==\n",
+ thread_name( buf, sizeof(buf), *thread ),
+ detach ? " (detached)" : "" );
+ }
+ adjust_count( Idx_unexited_thread, +1 );
+ if( !detach )
+ adjust_count( Idx_unjoined_thread, +1 );
+ }
+ return rc;
+}
+
+void
+ldap_pvt_thread_exit( void *retval )
+{
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_exit" );
+ adjust_count( Idx_unexited_thread, -1 );
+ exiting_thread( "ldap_pvt_thread_exit" );
+ ldap_int_thread_exit( retval );
+}
+
+int
+ldap_pvt_thread_join( ldap_pvt_thread_t thread, void **thread_return )
+{
+ int rc;
+ ldap_debug_thread_t *t;
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_join" );
+ if( tracethreads ) {
+ char buf[40];
+ fprintf( stderr, "== Joining thread %s ==\n",
+ thread_name( buf, sizeof(buf), thread ) );
+ }
+ with_threads_lock(
+ t = get_thread_info( &thread, "ldap_pvt_thread_join" ) );
+ rc = ldap_int_thread_join( thread, thread_return );
+ if( rc ) {
+ ERROR( rc, "ldap_pvt_thread_join" );
+ } else {
+ with_threads_lock(
+ remove_thread_info( t, "ldap_pvt_thread_join" ) );
+ adjust_count( Idx_unjoined_thread, -1 );
+ }
+ return rc;
+}
+
+int
+ldap_pvt_thread_kill( ldap_pvt_thread_t thread, int signo )
+{
+ int rc;
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_kill" );
+ if( tracethreads ) {
+ char buf[40];
+ fprintf( stderr, "== Killing thread %s (sig %i) ==\n",
+ thread_name( buf, sizeof(buf), thread ), signo );
+ }
+ rc = ldap_int_thread_kill( thread, signo );
+ ERROR_IF( rc, "ldap_pvt_thread_kill" );
+ return rc;
+}
+
+int
+ldap_pvt_thread_yield( void )
+{
+ int rc;
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_yield" );
+ rc = ldap_int_thread_yield();
+ ERROR_IF( rc, "ldap_pvt_thread_yield" );
+ return rc;
+}
+
+ldap_pvt_thread_t
+ldap_pvt_thread_self( void )
+{
+#if 0 /* Function is used by ch_free() via slap_sl_contxt() in slapd */
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_self" );
+#endif
+ return ldap_int_thread_self();
+}
+
+int
+ldap_pvt_thread_cond_init( ldap_pvt_thread_cond_t *cond )
+{
+ int rc;
+ alloc_usage( &cond->usage, "ldap_pvt_thread_cond_init" );
+ rc = ldap_int_thread_cond_init( WRAPPED( cond ) );
+ if( rc ) {
+ ERROR( rc, "ldap_pvt_thread_cond_init" );
+ free_usage( &cond->usage, "ldap_pvt_thread_cond_init" );
+ } else {
+ adjust_count( Idx_cond, +1 );
+ }
+ return rc;
+}
+
+int
+ldap_pvt_thread_cond_destroy( ldap_pvt_thread_cond_t *cond )
+{
+ int rc;
+ check_usage( &cond->usage, "ldap_pvt_thread_cond_destroy" );
+ rc = ldap_int_thread_cond_destroy( WRAPPED( cond ) );
+ if( rc ) {
+ ERROR( rc, "ldap_pvt_thread_cond_destroy" );
+ } else {
+ free_usage( &cond->usage, "ldap_pvt_thread_cond_destroy" );
+ adjust_count( Idx_cond, -1 );
+ }
+ return rc;
+}
+
+int
+ldap_pvt_thread_cond_signal( ldap_pvt_thread_cond_t *cond )
+{
+ int rc;
+ check_usage( &cond->usage, "ldap_pvt_thread_cond_signal" );
+ rc = ldap_int_thread_cond_signal( WRAPPED( cond ) );
+ ERROR_IF( rc, "ldap_pvt_thread_cond_signal" );
+ return rc;
+}
+
+int
+ldap_pvt_thread_cond_broadcast( ldap_pvt_thread_cond_t *cond )
+{
+ int rc;
+ check_usage( &cond->usage, "ldap_pvt_thread_cond_broadcast" );
+ rc = ldap_int_thread_cond_broadcast( WRAPPED( cond ) );
+ ERROR_IF( rc, "ldap_pvt_thread_cond_broadcast" );
+ return rc;
+}
+
+int
+ldap_pvt_thread_cond_wait(
+ ldap_pvt_thread_cond_t *cond,
+ ldap_pvt_thread_mutex_t *mutex )
+{
+ int rc;
+ check_usage( &cond->usage, "ldap_pvt_thread_cond_wait:cond" );
+ check_usage( &mutex->usage, "ldap_pvt_thread_cond_wait:mutex" );
+ adjust_count( Idx_locked_mutex, -1 );
+ rc = ldap_int_thread_cond_wait( WRAPPED( cond ), WRAPPED( mutex ) );
+ adjust_count( Idx_locked_mutex, +1 );
+ ERROR_IF( rc, "ldap_pvt_thread_cond_wait" );
+ return rc;
+}
+
+int
+ldap_pvt_thread_mutex_init( ldap_pvt_thread_mutex_t *mutex )
+{
+ int rc;
+ alloc_usage( &mutex->usage, "ldap_pvt_thread_mutex_init" );
+ rc = ldap_int_thread_mutex_init( WRAPPED( mutex ) );
+ if( rc ) {
+ ERROR( rc, "ldap_pvt_thread_mutex_init" );
+ free_usage( &mutex->usage, "ldap_pvt_thread_mutex_init" );
+ } else {
+ adjust_count( Idx_mutex, +1 );
+ }
+ return rc;
+}
+
+int
+ldap_pvt_thread_mutex_destroy( ldap_pvt_thread_mutex_t *mutex )
+{
+ int rc;
+ check_usage( &mutex->usage, "ldap_pvt_thread_mutex_destroy" );
+ rc = ldap_int_thread_mutex_destroy( WRAPPED( mutex ) );
+ if( rc ) {
+ ERROR( rc, "ldap_pvt_thread_mutex_destroy" );
+ } else {
+ free_usage( &mutex->usage, "ldap_pvt_thread_mutex_destroy" );
+ adjust_count( Idx_mutex, -1 );
+ }
+ return rc;
+}
+
+int
+ldap_pvt_thread_mutex_lock( ldap_pvt_thread_mutex_t *mutex )
+{
+ int rc;
+ check_usage( &mutex->usage, "ldap_pvt_thread_mutex_lock" );
+ rc = ldap_int_thread_mutex_lock( WRAPPED( mutex ) );
+ if( rc ) {
+ ERROR_IF( rc, "ldap_pvt_thread_mutex_lock" );
+ } else {
+ adjust_count( Idx_locked_mutex, +1 );
+ }
+ return rc;
+}
+
+int
+ldap_pvt_thread_mutex_trylock( ldap_pvt_thread_mutex_t *mutex )
+{
+ int rc;
+ check_usage( &mutex->usage, "ldap_pvt_thread_mutex_trylock" );
+ rc = ldap_int_thread_mutex_trylock( WRAPPED( mutex ) );
+ if( rc == 0 )
+ adjust_count( Idx_locked_mutex, +1 );
+ return rc;
+}
+
+int
+ldap_pvt_thread_mutex_unlock( ldap_pvt_thread_mutex_t *mutex )
+{
+ int rc;
+ check_usage( &mutex->usage, "ldap_pvt_thread_mutex_unlock" );
+ rc = ldap_int_thread_mutex_unlock( WRAPPED( mutex ) );
+ if( rc ) {
+ ERROR_IF( rc, "ldap_pvt_thread_mutex_unlock" );
+ } else {
+ adjust_count( Idx_locked_mutex, -1 );
+ }
+ return rc;
+}
+
+
+/* Wrappers for LDAP_THREAD_RDWR_IMPLEMENTATION: */
+
+int
+ldap_pvt_thread_rdwr_init( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ int rc;
+ alloc_usage( &rwlock->usage, "ldap_pvt_thread_rdwr_init" );
+ rc = ldap_int_thread_rdwr_init( WRAPPED( rwlock ) );
+ if( rc ) {
+ ERROR( rc, "ldap_pvt_thread_rdwr_init" );
+ free_usage( &rwlock->usage, "ldap_pvt_thread_rdwr_init" );
+ } else {
+ adjust_count( Idx_rdwr, +1 );
+ }
+ return rc;
+}
+
+int
+ldap_pvt_thread_rdwr_destroy( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ int rc;
+ check_usage( &rwlock->usage, "ldap_pvt_thread_rdwr_destroy" );
+ rc = ldap_int_thread_rdwr_destroy( WRAPPED( rwlock ) );
+ if( rc ) {
+ ERROR( rc, "ldap_pvt_thread_rdwr_destroy" );
+ } else {
+ free_usage( &rwlock->usage, "ldap_pvt_thread_rdwr_destroy" );
+ adjust_count( Idx_rdwr, -1 );
+ }
+ return rc;
+}
+
+int
+ldap_pvt_thread_rdwr_rlock( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ int rc;
+ check_usage( &rwlock->usage, "ldap_pvt_thread_rdwr_rlock" );
+ rc = ldap_int_thread_rdwr_rlock( WRAPPED( rwlock ) );
+ ERROR_IF( rc, "ldap_pvt_thread_rdwr_rlock" );
+ return rc;
+}
+
+int
+ldap_pvt_thread_rdwr_rtrylock( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ check_usage( &rwlock->usage, "ldap_pvt_thread_rdwr_rtrylock" );
+ return ldap_int_thread_rdwr_rtrylock( WRAPPED( rwlock ) );
+}
+
+int
+ldap_pvt_thread_rdwr_runlock( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ int rc;
+ check_usage( &rwlock->usage, "ldap_pvt_thread_rdwr_runlock" );
+ rc = ldap_int_thread_rdwr_runlock( WRAPPED( rwlock ) );
+ ERROR_IF( rc, "ldap_pvt_thread_rdwr_runlock" );
+ return rc;
+}
+
+int
+ldap_pvt_thread_rdwr_wlock( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ int rc;
+ check_usage( &rwlock->usage, "ldap_pvt_thread_rdwr_wlock" );
+ rc = ldap_int_thread_rdwr_wlock( WRAPPED( rwlock ) );
+ ERROR_IF( rc, "ldap_pvt_thread_rdwr_wlock" );
+ return rc;
+}
+
+int
+ldap_pvt_thread_rdwr_wtrylock( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ check_usage( &rwlock->usage, "ldap_pvt_thread_rdwr_wtrylock" );
+ return ldap_int_thread_rdwr_wtrylock( WRAPPED( rwlock ) );
+}
+
+int
+ldap_pvt_thread_rdwr_wunlock( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ int rc;
+ check_usage( &rwlock->usage, "ldap_pvt_thread_rdwr_wunlock" );
+ rc = ldap_int_thread_rdwr_wunlock( WRAPPED( rwlock ) );
+ ERROR_IF( rc, "ldap_pvt_thread_rdwr_wunlock" );
+ return rc;
+}
+
+#ifdef LDAP_RDWR_DEBUG
+
+int
+ldap_pvt_thread_rdwr_readers( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ check_usage( &rwlock->usage, "ldap_pvt_thread_rdwr_readers" );
+ return ldap_int_thread_rdwr_readers( WRAPPED( rwlock ) );
+}
+
+int
+ldap_pvt_thread_rdwr_writers( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ check_usage( &rwlock->usage, "ldap_pvt_thread_rdwr_writers" );
+ return ldap_int_thread_rdwr_writers( WRAPPED( rwlock ) );
+}
+
+int
+ldap_pvt_thread_rdwr_active( ldap_pvt_thread_rdwr_t *rwlock )
+{
+ check_usage( &rwlock->usage, "ldap_pvt_thread_rdwr_active" );
+ return ldap_int_thread_rdwr_active( WRAPPED( rwlock ) );
+}
+
+#endif /* LDAP_RDWR_DEBUG */
+
+
+/* Some wrappers for LDAP_THREAD_POOL_IMPLEMENTATION: */
+#ifdef LDAP_THREAD_POOL_IMPLEMENTATION
+
+int
+ldap_pvt_thread_pool_init(
+ ldap_pvt_thread_pool_t *tpool,
+ int max_threads,
+ int max_pending )
+{
+ int rc;
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_pool_init" );
+ rc = ldap_int_thread_pool_init( tpool, max_threads, max_pending );
+ if( rc ) {
+ ERROR( rc, "ldap_pvt_thread_pool_init" );
+ } else {
+ adjust_count( Idx_tpool, +1 );
+ }
+ return rc;
+}
+
+int
+ldap_pvt_thread_pool_submit(
+ ldap_pvt_thread_pool_t *tpool,
+ ldap_pvt_thread_start_t *start_routine, void *arg )
+{
+ int rc, has_pool;
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_pool_submit" );
+ has_pool = (tpool != NULL && *tpool != NULL);
+ rc = ldap_int_thread_pool_submit( tpool, start_routine, arg );
+ if( has_pool )
+ ERROR_IF( rc, "ldap_pvt_thread_pool_submit" );
+ return rc;
+}
+
+int
+ldap_pvt_thread_pool_maxthreads(
+ ldap_pvt_thread_pool_t *tpool,
+ int max_threads )
+{
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_pool_maxthreads" );
+ return ldap_int_thread_pool_maxthreads( tpool, max_threads );
+}
+
+int
+ldap_pvt_thread_pool_backload( ldap_pvt_thread_pool_t *tpool )
+{
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_pool_backload" );
+ return ldap_int_thread_pool_backload( tpool );
+}
+
+int
+ldap_pvt_thread_pool_destroy( ldap_pvt_thread_pool_t *tpool, int run_pending )
+{
+ int rc, has_pool;
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_pool_destroy" );
+ has_pool = (tpool != NULL && *tpool != NULL);
+ rc = ldap_int_thread_pool_destroy( tpool, run_pending );
+ if( has_pool ) {
+ if( rc ) {
+ ERROR( rc, "ldap_pvt_thread_pool_destroy" );
+ } else {
+ adjust_count( Idx_tpool, -1 );
+ }
+ }
+ return rc;
+}
+
+int
+ldap_pvt_thread_pool_pause( ldap_pvt_thread_pool_t *tpool )
+{
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_pool_pause" );
+ return ldap_int_thread_pool_pause( tpool );
+}
+
+int
+ldap_pvt_thread_pool_resume( ldap_pvt_thread_pool_t *tpool )
+{
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_pool_resume" );
+ return ldap_int_thread_pool_resume( tpool );
+}
+
+int
+ldap_pvt_thread_pool_getkey(
+ void *xctx,
+ void *key,
+ void **data,
+ ldap_pvt_thread_pool_keyfree_t **kfree )
+{
+#if 0 /* Function is used by ch_free() via slap_sl_contxt() in slapd */
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_pool_getkey" );
+#endif
+ return ldap_int_thread_pool_getkey( xctx, key, data, kfree );
+}
+
+int
+ldap_pvt_thread_pool_setkey(
+ void *xctx,
+ void *key,
+ void *data,
+ ldap_pvt_thread_pool_keyfree_t *kfree )
+{
+ int rc;
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_pool_setkey" );
+ rc = ldap_int_thread_pool_setkey( xctx, key, data, kfree );
+ ERROR_IF( rc, "ldap_pvt_thread_pool_setkey" );
+ return rc;
+}
+
+void
+ldap_pvt_thread_pool_purgekey( void *key )
+{
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_pool_purgekey" );
+ ldap_int_thread_pool_purgekey( key );
+}
+
+void *
+ldap_pvt_thread_pool_context( void )
+{
+#if 0 /* Function is used by ch_free() via slap_sl_contxt() in slapd */
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_pool_context" );
+#endif
+ return ldap_int_thread_pool_context();
+}
+
+void
+ldap_pvt_thread_pool_context_reset( void *vctx )
+{
+ ERROR_IF( !threading_enabled, "ldap_pvt_thread_pool_context_reset" );
+ ldap_int_thread_pool_context_reset( vctx );
+}
+
+#endif /* LDAP_THREAD_POOL_IMPLEMENTATION */
+
+#endif /* LDAP_THREAD_DEBUG */
Added: openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_lwp.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_lwp.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_lwp.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,378 @@
+/* thr_lwp.c - wrappers around SunOS LWP threads */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_lwp.c,v 1.17.2.4 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/* BUGS:
+ * - slurpd calls the get_stack/free_stack functions. Should be fixed, so
+ * they can become static.
+ */
+
+#include "portable.h"
+
+#if defined( HAVE_LWP )
+
+/*************
+ * *
+ * SunOS LWP *
+ * *
+ *************/
+
+/* This implementation NEEDS WORK. It currently does not compile */
+
+#include <stdio.h>
+
+#include <ac/time.h>
+#include <ac/socket.h>
+
+#include "ldap-int.h"
+
+#include "ldap_pvt_thread.h" /* Get the thread interface */
+#define LDAP_THREAD_IMPLEMENTATION
+#include "ldap_thr_debug.h" /* May rename the symbols defined below */
+
+#include <lwp/lwp.h>
+#include <lwp/stackdep.h>
+
+#define MAX_STACK 51200
+#define MAX_THREADS 20
+
+/*
+ * Initialize LWP by spinning of a schedular
+ */
+int
+ldap_int_thread_initialize( void )
+{
+ thread_t tid;
+ stkalign_t *stack;
+ int stackno;
+
+ if (( stack = get_stack( &stackno )) == NULL ) {
+ return -1;
+ }
+
+ lwp_create( &tid, lwp_scheduler, MINPRIO, 0, stack, 1, stackno );
+ return 0;
+}
+
+int
+ldap_int_thread_destroy( void )
+{
+ /* need to destroy lwp_scheduler thread and clean up private
+ variables */
+ return 0;
+}
+
+struct stackinfo {
+ int stk_inuse;
+ stkalign_t *stk_stack;
+};
+
+static struct stackinfo *stacks;
+
+static stkalign_t * ldap_int_thread_get_stack( int *stacknop )
+{
+ int i;
+
+ if ( stacks == NULL ) {
+ stacks = (struct stackinfo *) LDAP_CALLOC( 1, MAX_THREADS *
+ sizeof(struct stackinfo) );
+
+ if( stacks == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "stacks allocation failed",
+ 0, 0, 0 );
+ return NULL;
+ }
+ }
+
+ for ( i = 0; i < MAX_THREADS; i++ ) {
+ if ( stacks[i].stk_inuse == 0 ) {
+ break;
+ }
+ }
+
+ if ( i == MAX_THREADS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "no more stacks (max %d) - increase MAX_THREADS for more",
+ MAX_THREADS, 0, 0 );
+ return( NULL );
+ }
+
+ if ( stacks[i].stk_stack == NULL ) {
+ stacks[i].stk_stack = (stkalign_t *) LDAP_MALLOC(
+ (MAX_STACK / sizeof(stkalign_t) + 1 )
+ * sizeof(stkalign_t) );
+
+ if( stacks[i].stk_stack == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "stack allocation failed",
+ 0, 0, 0 );
+ return( NULL );
+ }
+ }
+
+ *stacknop = i;
+ stacks[i].stk_inuse = 1;
+ return( stacks[i].stk_stack + MAX_STACK / sizeof(stkalign_t) );
+}
+
+static void
+ldap_int_thread_free_stack( int stackno )
+{
+ if ( stackno < 0 || stackno > MAX_THREADS ) {
+ Debug( LDAP_DEBUG_ANY, "free_stack of bogus stack %d\n",
+ stackno, 0, 0 );
+ }
+
+ stacks[stackno].stk_inuse = 0;
+}
+
+static void
+lwp_create_stack( void *(*func)(), void *arg, int stackno )
+{
+ (*func)( arg );
+
+ ldap_int_thread_free_stack( stackno );
+}
+
+int
+ldap_pvt_thread_create( ldap_pvt_thread_t * thread,
+ int detach,
+ void *(*start_routine)( void *),
+ void *arg)
+{
+ stkalign_t *stack;
+ int stackno;
+
+ if ( (stack = ldap_int_thread_get_stack( &stackno )) == NULL ) {
+ return( -1 );
+ }
+ return( lwp_create( thread, lwp_create_stack, MINPRIO, 0,
+ stack, 3, start_routine, arg, stackno ) );
+}
+
+void
+ldap_pvt_thread_exit( void *retval )
+{
+ lwp_destroy( SELF );
+}
+
+unsigned int
+ldap_pvt_thread_sleep(
+ unsigned int interval
+)
+{
+ thread_t mylwp;
+ tl_t *t, *nt;
+ time_t now;
+
+
+ if ( lwp_self( &mylwp ) < 0 ) {
+ return -1;
+ }
+
+ time( &now );
+
+ mon_enter( &sglob->tsl_mon );
+
+ if ( sglob->tsl_list != NULL ) {
+ for ( t = sglob->tsl_list; t != NULL; t = t->tl_next ) {
+ if ( SAMETHREAD( t->tl_tid, mylwp )) {
+ /* We're already sleeping? */
+ t->tl_wake = now + interval;
+ mon_exit( &sglob->tsl_mon );
+ lwp_suspend( mylwp );
+ return 0;
+ }
+ }
+ }
+
+ nt = (tl_t *) LDAP_MALLOC( sizeof( tl_t ));
+
+ if( nt == NULL ) return -1;
+
+ nt->tl_next = sglob->tsl_list;
+ nt->tl_wake = now + interval;
+ nt->tl_tid = mylwp;
+ sglob->tsl_list = nt;
+
+ mon_exit( &sglob->tsl_mon );
+
+ lwp_suspend( mylwp );
+ return 0;
+}
+
+/*
+ * The lwp_scheduler thread periodically checks to see if any threads
+ * are due to be resumed. If there are, it resumes them. Otherwise,
+ * it computes the lesser of ( 1 second ) or ( the minimum time until
+ * a thread need to be resumed ) and puts itself to sleep for that amount
+ * of time.
+ */
+static void
+lwp_scheduler(
+ int stackno
+)
+{
+ time_t now, min;
+ struct timeval interval;
+ tl_t *t;
+
+ while ( !sglob->slurpd_shutdown ) {
+ mon_enter( &sglob->tsl_mon );
+
+ time( &now );
+ min = 0L;
+ if ( sglob->tsl_list != NULL ) {
+ for ( t = sglob->tsl_list; t != NULL; t = t->tl_next ) {
+ if (( t->tl_wake > 0L ) && ( t->tl_wake < now )) {
+ lwp_resume( t->tl_tid );
+ t->tl_wake = 0L;
+ }
+
+ if (( t->tl_wake > now ) && ( t->tl_wake < min )) {
+ min = t->tl_wake;
+ }
+ }
+ }
+
+ mon_exit( &sglob->tsl_mon );
+
+ interval.tv_usec = 0L;
+ if ( min == 0L ) {
+ interval.tv_sec = 1L;
+ } else {
+ interval.tv_sec = min;
+ }
+
+ lwp_sleep( &interval );
+ }
+
+ mon_enter( &sglob->tsl_mon );
+
+ for ( t = sglob->tsl_list; t != NULL; t = t->tl_next ) {
+ lwp_resume( t->tl_tid );
+ }
+
+ mon_exit( &sglob->tsl_mon );
+
+ free_stack( stackno );
+}
+
+int
+ldap_pvt_thread_join( ldap_pvt_thread_t thread, void **thread_return )
+{
+ lwp_join( thread );
+ return 0;
+}
+
+int
+ldap_pvt_thread_kill( ldap_pvt_thread_t thread, int signo )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_yield( void )
+{
+ lwp_yield( SELF );
+ return 0;
+}
+
+int
+ldap_pvt_thread_cond_init( ldap_pvt_thread_cond_t *cond )
+{
+ /*
+ * lwp cv_create requires the monitor id be passed in
+ * when the cv is created, pthreads passes it when the
+ * condition is waited for. so, we fake the creation
+ * here and actually do it when the cv is waited for
+ * later.
+ */
+
+ cond->lcv_created = 0;
+
+ return( 0 );
+}
+
+int
+ldap_pvt_thread_cond_signal( ldap_pvt_thread_cond_t *cond )
+{
+ return( cond->lcv_created ? cv_notify( cv->lcv_cv ) : 0 );
+}
+
+int
+ldap_pvt_thread_cond_wait( ldap_pvt_thread_cond_t *cond,
+ ldap_pvt_thread_mutex_t *mutex )
+{
+ if ( ! cond->lcv_created ) {
+ cv_create( &cond->lcv_cv, *mutex );
+ cond->lcv_created = 1;
+ }
+
+ return( cv_wait( cond->lcv_cv ) );
+}
+
+int
+ldap_pvt_thread_mutex_init( ldap_pvt_thread_mutex_t *mutex )
+{
+ return( mon_create( mutex ) );
+}
+
+int
+ldap_pvt_thread_mutex_destroy( ldap_pvt_thread_mutex_t *mutex )
+{
+ return( mon_destroy( *mutex ) );
+}
+
+int
+ldap_pvt_thread_mutex_lock( ldap_pvt_thread_mutex_t *mutex )
+{
+ return( mon_enter( *mutex ) );
+}
+
+int
+ldap_pvt_thread_mutex_unlock( ldap_pvt_thread_mutex_t *mutex )
+{
+ return( mon_exit( *mutex ) );
+}
+
+int
+ldap_pvt_thread_mutex_trylock( ldap_pvt_thread_mutex_t *mp )
+{
+ return( mon_cond_enter( *mp ) );
+}
+
+int
+ldap_pvt_thread_cond_destroy( ldap_pvt_thread_cond_t *cv )
+{
+ return( cv->lcv_created ? cv_destroy( cv->lcv_cv ) : 0 );
+}
+
+int
+ldap_pvt_thread_cond_broadcast( ldap_pvt_thread_cond_t *cv )
+{
+ return( cv->lcv_created ? cv_broadcast( cv->lcv_cv ) : 0 );
+}
+
+ldap_pvt_thread_t
+ldap_pvt_thread_self( void )
+{
+ thread_t mylwp;
+
+ lwp_self( &mylwp );
+
+ return mylwp;
+}
+
+#endif /* HAVE_LWP */
Added: openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_nt.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_nt.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_nt.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,197 @@
+/* thr_nt.c - wrapper around NT threads */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_nt.c,v 1.29.2.4 2007/01/02 21:43:50 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#if defined( HAVE_NT_THREADS )
+
+#include "ldap_pvt_thread.h" /* Get the thread interface */
+#define LDAP_THREAD_IMPLEMENTATION
+#include "ldap_thr_debug.h" /* May rename the symbols defined below */
+
+typedef struct ldap_int_thread_s {
+ long tid;
+ HANDLE thd;
+} ldap_int_thread_s;
+
+#ifndef NT_MAX_THREADS
+#define NT_MAX_THREADS 1024
+#endif
+
+static ldap_int_thread_s tids[NT_MAX_THREADS];
+static int ntids;
+
+
+/* mingw compiler very sensitive about getting prototypes right */
+typedef unsigned __stdcall thrfunc_t(void *);
+
+int
+ldap_int_thread_initialize( void )
+{
+ return 0;
+}
+
+int
+ldap_int_thread_destroy( void )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_create( ldap_pvt_thread_t * thread,
+ int detach,
+ void *(*start_routine)( void *),
+ void *arg)
+{
+ unsigned tid;
+ HANDLE thd;
+ int rc = -1;
+
+ thd = (HANDLE) _beginthreadex(NULL, LDAP_PVT_THREAD_STACK_SIZE, (thrfunc_t *) start_routine,
+ arg, 0, &tid);
+
+ if ( thd ) {
+ *thread = (ldap_pvt_thread_t) tid;
+ tids[ntids].tid = tid;
+ tids[ntids].thd = thd;
+ ntids++;
+ rc = 0;
+ }
+ return rc;
+}
+
+void
+ldap_pvt_thread_exit( void *retval )
+{
+ _endthread( );
+}
+
+int
+ldap_pvt_thread_join( ldap_pvt_thread_t thread, void **thread_return )
+{
+ DWORD status;
+ int i;
+
+ for (i=0; i<ntids; i++) {
+ if ( tids[i].tid == thread )
+ break;
+ }
+ if ( i > ntids ) return -1;
+
+ status = WaitForSingleObject( tids[i].thd, INFINITE );
+ for (; i<ntids; i++) {
+ tids[i] = tids[i+1];
+ }
+ ntids--;
+ return status == WAIT_FAILED ? -1 : 0;
+}
+
+int
+ldap_pvt_thread_kill( ldap_pvt_thread_t thread, int signo )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_yield( void )
+{
+ Sleep( 0 );
+ return 0;
+}
+
+int
+ldap_pvt_thread_cond_init( ldap_pvt_thread_cond_t *cond )
+{
+ *cond = CreateEvent( NULL, FALSE, FALSE, NULL );
+ return( 0 );
+}
+
+int
+ldap_pvt_thread_cond_destroy( ldap_pvt_thread_cond_t *cv )
+{
+ CloseHandle( *cv );
+ return( 0 );
+}
+
+int
+ldap_pvt_thread_cond_signal( ldap_pvt_thread_cond_t *cond )
+{
+ SetEvent( *cond );
+ return( 0 );
+}
+
+int
+ldap_pvt_thread_cond_wait( ldap_pvt_thread_cond_t *cond,
+ ldap_pvt_thread_mutex_t *mutex )
+{
+ SignalObjectAndWait( *mutex, *cond, INFINITE, FALSE );
+ WaitForSingleObject( *mutex, INFINITE );
+ return( 0 );
+}
+
+int
+ldap_pvt_thread_cond_broadcast( ldap_pvt_thread_cond_t *cond )
+{
+ while ( WaitForSingleObject( *cond, 0 ) == WAIT_TIMEOUT )
+ SetEvent( *cond );
+ return( 0 );
+}
+
+int
+ldap_pvt_thread_mutex_init( ldap_pvt_thread_mutex_t *mutex )
+{
+ *mutex = CreateMutex( NULL, 0, NULL );
+ return ( 0 );
+}
+
+int
+ldap_pvt_thread_mutex_destroy( ldap_pvt_thread_mutex_t *mutex )
+{
+ CloseHandle( *mutex );
+ return ( 0 );
+}
+
+int
+ldap_pvt_thread_mutex_lock( ldap_pvt_thread_mutex_t *mutex )
+{
+ DWORD status;
+ status = WaitForSingleObject( *mutex, INFINITE );
+ return status == WAIT_FAILED ? -1 : 0;
+}
+
+int
+ldap_pvt_thread_mutex_unlock( ldap_pvt_thread_mutex_t *mutex )
+{
+ ReleaseMutex( *mutex );
+ return ( 0 );
+}
+
+int
+ldap_pvt_thread_mutex_trylock( ldap_pvt_thread_mutex_t *mp )
+{
+ DWORD status;
+ status = WaitForSingleObject( *mp, 0 );
+ return status == WAIT_FAILED || status == WAIT_TIMEOUT
+ ? -1 : 0;
+}
+
+ldap_pvt_thread_t
+ldap_pvt_thread_self( void )
+{
+ return GetCurrentThreadId();
+}
+
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_posix.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_posix.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_posix.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,451 @@
+/* thr_posix.c - wrapper around posix and posixish thread implementations. */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_posix.c,v 1.37.2.7 2007/01/02 21:43:51 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#if defined( HAVE_PTHREADS )
+
+#include <ac/errno.h>
+
+#ifdef REPLACE_BROKEN_YIELD
+#ifndef HAVE_NANOSLEEP
+#include <ac/socket.h>
+#endif
+#include <ac/time.h>
+#endif
+
+#include "ldap_pvt_thread.h" /* Get the thread interface */
+#define LDAP_THREAD_IMPLEMENTATION
+#define LDAP_THREAD_RDWR_IMPLEMENTATION
+#include "ldap_thr_debug.h" /* May rename the symbols defined below */
+
+#if HAVE_PTHREADS < 6
+# define LDAP_INT_THREAD_ATTR_DEFAULT pthread_attr_default
+# define LDAP_INT_THREAD_CONDATTR_DEFAULT pthread_condattr_default
+# define LDAP_INT_THREAD_MUTEXATTR_DEFAULT pthread_mutexattr_default
+#else
+# define LDAP_INT_THREAD_ATTR_DEFAULT NULL
+# define LDAP_INT_THREAD_CONDATTR_DEFAULT NULL
+# define LDAP_INT_THREAD_MUTEXATTR_DEFAULT NULL
+#endif
+
+#ifdef LDAP_THREAD_DEBUG
+# if defined LDAP_INT_THREAD_MUTEXATTR /* May be defined in CPPFLAGS */
+# elif defined HAVE_PTHREAD_KILL_OTHER_THREADS_NP
+ /* LinuxThreads hack */
+# define LDAP_INT_THREAD_MUTEXATTR PTHREAD_MUTEX_ERRORCHECK_NP
+# else
+# define LDAP_INT_THREAD_MUTEXATTR PTHREAD_MUTEX_ERRORCHECK
+# endif
+static pthread_mutexattr_t mutex_attr;
+# undef LDAP_INT_THREAD_MUTEXATTR_DEFAULT
+# define LDAP_INT_THREAD_MUTEXATTR_DEFAULT &mutex_attr
+#endif
+
+int
+ldap_int_thread_initialize( void )
+{
+#ifdef LDAP_INT_THREAD_MUTEXATTR
+ pthread_mutexattr_init( &mutex_attr );
+ pthread_mutexattr_settype( &mutex_attr, LDAP_INT_THREAD_MUTEXATTR );
+#endif
+ return 0;
+}
+
+int
+ldap_int_thread_destroy( void )
+{
+#ifdef HAVE_PTHREAD_KILL_OTHER_THREADS_NP
+ /* LinuxThreads: kill clones */
+ pthread_kill_other_threads_np();
+#endif
+#ifdef LDAP_INT_THREAD_MUTEXATTR
+ pthread_mutexattr_destroy( &mutex_attr );
+#endif
+ return 0;
+}
+
+#ifdef LDAP_THREAD_HAVE_SETCONCURRENCY
+int
+ldap_pvt_thread_set_concurrency(int n)
+{
+#ifdef HAVE_PTHREAD_SETCONCURRENCY
+ return pthread_setconcurrency( n );
+#elif HAVE_THR_SETCONCURRENCY
+ return thr_setconcurrency( n );
+#else
+ return 0;
+#endif
+}
+#endif
+
+#ifdef LDAP_THREAD_HAVE_GETCONCURRENCY
+int
+ldap_pvt_thread_get_concurrency(void)
+{
+#ifdef HAVE_PTHREAD_GETCONCURRENCY
+ return pthread_getconcurrency();
+#elif HAVE_THR_GETCONCURRENCY
+ return thr_getconcurrency();
+#else
+ return 0;
+#endif
+}
+#endif
+
+/* detachstate appeared in Draft 6, but without manifest constants.
+ * in Draft 7 they were called PTHREAD_CREATE_UNDETACHED and ...DETACHED.
+ * in Draft 8 on, ...UNDETACHED became ...JOINABLE.
+ */
+#ifndef PTHREAD_CREATE_JOINABLE
+#ifdef PTHREAD_CREATE_UNDETACHED
+#define PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED
+#else
+#define PTHREAD_CREATE_JOINABLE 0
+#endif
+#endif
+
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+
+int
+ldap_pvt_thread_create( ldap_pvt_thread_t * thread,
+ int detach,
+ void *(*start_routine)( void * ),
+ void *arg)
+{
+ int rtn;
+ pthread_attr_t attr;
+
+/* Always create the thread attrs, so we can set stacksize if we need to */
+#if HAVE_PTHREADS > 5
+ pthread_attr_init(&attr);
+#else
+ pthread_attr_create(&attr);
+#endif
+
+#ifdef LDAP_PVT_THREAD_SET_STACK_SIZE
+ /* this should be tunable */
+ pthread_attr_setstacksize( &attr, LDAP_PVT_THREAD_STACK_SIZE );
+#endif
+
+#if HAVE_PTHREADS > 5
+ detach = detach ? PTHREAD_CREATE_DETACHED : PTHREAD_CREATE_JOINABLE;
+#if HAVE_PTHREADS == 6
+ pthread_attr_setdetachstate(&attr, &detach);
+#else
+ pthread_attr_setdetachstate(&attr, detach);
+#endif
+#endif
+
+#if HAVE_PTHREADS < 5
+ rtn = pthread_create( thread, attr, start_routine, arg );
+#else
+ rtn = pthread_create( thread, &attr, start_routine, arg );
+#endif
+#if HAVE_PTHREADS > 5
+ pthread_attr_destroy(&attr);
+#else
+ pthread_attr_delete(&attr);
+ if( detach ) {
+ pthread_detach( thread );
+ }
+#endif
+
+#if HAVE_PTHREADS < 7
+ if ( rtn < 0 ) rtn = errno;
+#endif
+ return rtn;
+}
+
+void
+ldap_pvt_thread_exit( void *retval )
+{
+ pthread_exit( retval );
+}
+
+int
+ldap_pvt_thread_join( ldap_pvt_thread_t thread, void **thread_return )
+{
+#if HAVE_PTHREADS < 7
+ void *dummy;
+
+ if (thread_return==NULL)
+ thread_return=&dummy;
+
+ if ( pthread_join( thread, thread_return ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_join( thread, thread_return );
+#endif
+}
+
+int
+ldap_pvt_thread_kill( ldap_pvt_thread_t thread, int signo )
+{
+#if ( HAVE_PTHREAD_KILL && HAVE_PTHREADS > 6 )
+ /* MacOS 10.1 is detected as v10 but has no pthread_kill() */
+ return pthread_kill( thread, signo );
+#elif ( HAVE_PTHREAD_KILL && HAVE_PTHREADS > 4 )
+ if ( pthread_kill( thread, signo ) < 0 ) return errno;
+ return 0;
+#else
+ /* pthread package with DCE */
+ if (kill( getpid(), signo )<0)
+ return errno;
+ return 0;
+#endif
+}
+
+int
+ldap_pvt_thread_yield( void )
+{
+#ifdef REPLACE_BROKEN_YIELD
+#ifdef HAVE_NANOSLEEP
+ struct timespec t = { 0, 0 };
+ nanosleep(&t, NULL);
+#else
+ struct timeval tv = {0,0};
+ select( 0, NULL, NULL, NULL, &tv );
+#endif
+ return 0;
+#elif HAVE_THR_YIELD
+ thr_yield();
+ return 0;
+
+#elif HAVE_PTHREADS == 10
+ return sched_yield();
+
+#elif defined(_POSIX_THREAD_IS_GNU_PTH)
+ sched_yield();
+ return 0;
+
+#elif HAVE_PTHREADS == 6
+ pthread_yield(NULL);
+ return 0;
+#else
+ pthread_yield();
+ return 0;
+#endif
+}
+
+int
+ldap_pvt_thread_cond_init( ldap_pvt_thread_cond_t *cond )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_cond_init( cond, LDAP_INT_THREAD_CONDATTR_DEFAULT ) < 0 )
+ return errno;
+ return 0;
+#else
+ return pthread_cond_init( cond, LDAP_INT_THREAD_CONDATTR_DEFAULT );
+#endif
+}
+
+int
+ldap_pvt_thread_cond_destroy( ldap_pvt_thread_cond_t *cond )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_cond_destroy( cond ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_cond_destroy( cond );
+#endif
+}
+
+int
+ldap_pvt_thread_cond_signal( ldap_pvt_thread_cond_t *cond )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_cond_signal( cond ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_cond_signal( cond );
+#endif
+}
+
+int
+ldap_pvt_thread_cond_broadcast( ldap_pvt_thread_cond_t *cond )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_cond_broadcast( cond ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_cond_broadcast( cond );
+#endif
+}
+
+int
+ldap_pvt_thread_cond_wait( ldap_pvt_thread_cond_t *cond,
+ ldap_pvt_thread_mutex_t *mutex )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_cond_wait( cond, mutex ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_cond_wait( cond, mutex );
+#endif
+}
+
+int
+ldap_pvt_thread_mutex_init( ldap_pvt_thread_mutex_t *mutex )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_mutex_init( mutex, LDAP_INT_THREAD_MUTEXATTR_DEFAULT )<0)
+ return errno;
+ return 0;
+#else
+ return pthread_mutex_init( mutex, LDAP_INT_THREAD_MUTEXATTR_DEFAULT );
+#endif
+}
+
+int
+ldap_pvt_thread_mutex_destroy( ldap_pvt_thread_mutex_t *mutex )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_mutex_destroy( mutex ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_mutex_destroy( mutex );
+#endif
+}
+
+int
+ldap_pvt_thread_mutex_lock( ldap_pvt_thread_mutex_t *mutex )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_mutex_lock( mutex ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_mutex_lock( mutex );
+#endif
+}
+
+int
+ldap_pvt_thread_mutex_trylock( ldap_pvt_thread_mutex_t *mutex )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_mutex_trylock( mutex ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_mutex_trylock( mutex );
+#endif
+}
+
+int
+ldap_pvt_thread_mutex_unlock( ldap_pvt_thread_mutex_t *mutex )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_mutex_unlock( mutex ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_mutex_unlock( mutex );
+#endif
+}
+
+ldap_pvt_thread_t ldap_pvt_thread_self( void )
+{
+ return pthread_self();
+}
+
+#ifdef LDAP_THREAD_HAVE_RDWR
+#ifdef HAVE_PTHREAD_RWLOCK_DESTROY
+int
+ldap_pvt_thread_rdwr_init( ldap_pvt_thread_rdwr_t *rw )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_rwlock_init( rw, NULL ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_rwlock_init( rw, NULL );
+#endif
+}
+
+int
+ldap_pvt_thread_rdwr_destroy( ldap_pvt_thread_rdwr_t *rw )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_rwlock_destroy( rw ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_rwlock_destroy( rw );
+#endif
+}
+
+int ldap_pvt_thread_rdwr_rlock( ldap_pvt_thread_rdwr_t *rw )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_rwlock_rdlock( rw ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_rwlock_rdlock( rw );
+#endif
+}
+
+int ldap_pvt_thread_rdwr_rtrylock( ldap_pvt_thread_rdwr_t *rw )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_rwlock_tryrdlock( rw ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_rwlock_tryrdlock( rw );
+#endif
+}
+
+int ldap_pvt_thread_rdwr_runlock( ldap_pvt_thread_rdwr_t *rw )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_rwlock_unlock( rw ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_rwlock_unlock( rw );
+#endif
+}
+
+int ldap_pvt_thread_rdwr_wlock( ldap_pvt_thread_rdwr_t *rw )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_rwlock_wrlock( rw ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_rwlock_wrlock( rw );
+#endif
+}
+
+int ldap_pvt_thread_rdwr_wtrylock( ldap_pvt_thread_rdwr_t *rw )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_rwlock_trywrlock( rw ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_rwlock_trywrlock( rw );
+#endif
+}
+
+int ldap_pvt_thread_rdwr_wunlock( ldap_pvt_thread_rdwr_t *rw )
+{
+#if HAVE_PTHREADS < 7
+ if ( pthread_rwlock_unlock( rw ) < 0 ) return errno;
+ return 0;
+#else
+ return pthread_rwlock_unlock( rw );
+#endif
+}
+
+#endif /* HAVE_PTHREAD_RWLOCK_DESTROY */
+#endif /* LDAP_THREAD_HAVE_RDWR */
+#endif /* HAVE_PTHREADS */
+
Added: openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_pth.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_pth.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_pth.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,206 @@
+/* thr_pth.c - wrappers around GNU Pth */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_pth.c,v 1.12.2.5 2007/01/02 21:43:51 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#if defined( HAVE_GNU_PTH )
+
+#include "ldap_pvt_thread.h" /* Get the thread interface */
+#define LDAP_THREAD_IMPLEMENTATION
+#define LDAP_THREAD_RDWR_IMPLEMENTATION
+#include "ldap_thr_debug.h" /* May rename the symbols defined below */
+
+#include <errno.h>
+
+/*******************
+ * *
+ * GNU Pth Threads *
+ * *
+ *******************/
+
+static pth_attr_t detach_attr;
+static pth_attr_t joined_attr;
+
+int
+ldap_int_thread_initialize( void )
+{
+ if( !pth_init() ) {
+ return -1;
+ }
+ detach_attr = pth_attr_new();
+ joined_attr = pth_attr_new();
+#ifdef LDAP_PVT_THREAD_SET_STACK_SIZE
+ pth_attr_set( joined_attr, PTH_ATTR_STACK_SIZE, LDAP_PVT_THREAD_STACK_SIZE );
+ pth_attr_set( detach_attr, PTH_ATTR_STACK_SIZE, LDAP_PVT_THREAD_STACK_SIZE );
+#endif
+ return pth_attr_set( detach_attr, PTH_ATTR_JOINABLE, FALSE );
+}
+
+int
+ldap_int_thread_destroy( void )
+{
+ pth_attr_destroy(detach_attr);
+ pth_kill();
+ return 0;
+}
+
+int
+ldap_pvt_thread_create( ldap_pvt_thread_t * thread,
+ int detach,
+ void *(*start_routine)( void *),
+ void *arg)
+{
+ *thread = pth_spawn( detach ? detach_attr : joined_attr,
+ start_routine, arg );
+
+ return *thread == NULL ? errno : 0;
+}
+
+void
+ldap_pvt_thread_exit( void *retval )
+{
+ pth_exit( retval );
+}
+
+int ldap_pvt_thread_join( ldap_pvt_thread_t thread, void **thread_return )
+{
+ return pth_join( thread, thread_return ) ? 0 : errno;
+}
+
+int
+ldap_pvt_thread_kill( ldap_pvt_thread_t thread, int signo )
+{
+ return pth_raise( thread, signo ) ? 0 : errno;
+}
+
+int
+ldap_pvt_thread_yield( void )
+{
+ return pth_yield(NULL) ? 0 : errno;
+}
+
+int
+ldap_pvt_thread_cond_init( ldap_pvt_thread_cond_t *cond )
+{
+ return( pth_cond_init( cond ) ? 0 : errno );
+}
+
+int
+ldap_pvt_thread_cond_signal( ldap_pvt_thread_cond_t *cond )
+{
+ return( pth_cond_notify( cond, 0 ) ? 0 : errno );
+}
+
+int
+ldap_pvt_thread_cond_broadcast( ldap_pvt_thread_cond_t *cond )
+{
+ return( pth_cond_notify( cond, 1 ) ? 0 : errno );
+}
+
+int
+ldap_pvt_thread_cond_wait( ldap_pvt_thread_cond_t *cond,
+ ldap_pvt_thread_mutex_t *mutex )
+{
+ return( pth_cond_await( cond, mutex, NULL ) ? 0 : errno );
+}
+
+int
+ldap_pvt_thread_cond_destroy( ldap_pvt_thread_cond_t *cv )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_mutex_init( ldap_pvt_thread_mutex_t *mutex )
+{
+ return( pth_mutex_init( mutex ) ? 0 : errno );
+}
+
+int
+ldap_pvt_thread_mutex_destroy( ldap_pvt_thread_mutex_t *mutex )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_mutex_lock( ldap_pvt_thread_mutex_t *mutex )
+{
+ return( pth_mutex_acquire( mutex, 0, NULL ) ? 0 : errno );
+}
+
+int
+ldap_pvt_thread_mutex_unlock( ldap_pvt_thread_mutex_t *mutex )
+{
+ return( pth_mutex_release( mutex ) ? 0 : errno );
+}
+
+int
+ldap_pvt_thread_mutex_trylock( ldap_pvt_thread_mutex_t *mutex )
+{
+ return( pth_mutex_acquire( mutex, 1, NULL ) ? 0 : errno );
+}
+
+ldap_pvt_thread_t
+ldap_pvt_thread_self( void )
+{
+ return pth_self();
+}
+
+#ifdef LDAP_THREAD_HAVE_RDWR
+int
+ldap_pvt_thread_rdwr_init( ldap_pvt_thread_rdwr_t *rw )
+{
+ return pth_rwlock_init( rw ) ? 0 : errno;
+}
+
+int
+ldap_pvt_thread_rdwr_destroy( ldap_pvt_thread_rdwr_t *rw )
+{
+ return 0;
+}
+
+int ldap_pvt_thread_rdwr_rlock( ldap_pvt_thread_rdwr_t *rw )
+{
+ return pth_rwlock_acquire( rw, PTH_RWLOCK_RD, 0, NULL ) ? 0 : errno;
+}
+
+int ldap_pvt_thread_rdwr_rtrylock( ldap_pvt_thread_rdwr_t *rw )
+{
+ return pth_rwlock_acquire( rw, PTH_RWLOCK_RD, 1, NULL ) ? 0 : errno;
+}
+
+int ldap_pvt_thread_rdwr_runlock( ldap_pvt_thread_rdwr_t *rw )
+{
+ return pth_rwlock_release( rw ) ? 0 : errno;
+}
+
+int ldap_pvt_thread_rdwr_wlock( ldap_pvt_thread_rdwr_t *rw )
+{
+ return pth_rwlock_acquire( rw, PTH_RWLOCK_RW, 0, NULL ) ? 0 : errno;
+}
+
+int ldap_pvt_thread_rdwr_wtrylock( ldap_pvt_thread_rdwr_t *rw )
+{
+ return pth_rwlock_acquire( rw, PTH_RWLOCK_RW, 1, NULL ) ? 0 : errno;
+}
+
+int ldap_pvt_thread_rdwr_wunlock( ldap_pvt_thread_rdwr_t *rw )
+{
+ return pth_rwlock_release( rw ) ? 0 : errno;
+}
+
+#endif /* LDAP_THREAD_HAVE_RDWR */
+#endif /* HAVE_GNU_PTH */
Added: openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_stub.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_stub.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_stub.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,232 @@
+/* thr_stub.c - stubs for the threads */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_stub.c,v 1.22.2.5 2007/01/02 21:43:51 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#if defined( NO_THREADS )
+
+#include "ldap_pvt_thread.h" /* Get the thread interface */
+#define LDAP_THREAD_IMPLEMENTATION
+#define LDAP_THREAD_POOL_IMPLEMENTATION
+#include "ldap_thr_debug.h" /* May rename the symbols defined below */
+
+/***********************************************************************
+ * *
+ * no threads package defined for this system - fake ok returns from *
+ * all threads routines (making it single-threaded). *
+ * *
+ ***********************************************************************/
+
+int
+ldap_int_thread_initialize( void )
+{
+ return 0;
+}
+
+int
+ldap_int_thread_destroy( void )
+{
+ return 0;
+}
+
+static void* ldap_int_status = NULL;
+
+int
+ldap_pvt_thread_create( ldap_pvt_thread_t * thread,
+ int detach,
+ void *(*start_routine)(void *),
+ void *arg)
+{
+ if( ! detach ) ldap_int_status = NULL;
+ start_routine( arg );
+ return 0;
+}
+
+void
+ldap_pvt_thread_exit( void *retval )
+{
+ if( retval != NULL ) {
+ ldap_int_status = retval;
+ }
+ return;
+}
+
+int
+ldap_pvt_thread_join( ldap_pvt_thread_t thread, void **status )
+{
+ if(status != NULL) *status = ldap_int_status;
+ return 0;
+}
+
+int
+ldap_pvt_thread_kill( ldap_pvt_thread_t thread, int signo )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_yield( void )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_cond_init( ldap_pvt_thread_cond_t *cond )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_cond_destroy( ldap_pvt_thread_cond_t *cond )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_cond_signal( ldap_pvt_thread_cond_t *cond )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_cond_broadcast( ldap_pvt_thread_cond_t *cond )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_cond_wait( ldap_pvt_thread_cond_t *cond,
+ ldap_pvt_thread_mutex_t *mutex )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_mutex_init( ldap_pvt_thread_mutex_t *mutex )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_mutex_destroy( ldap_pvt_thread_mutex_t *mutex )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_mutex_lock( ldap_pvt_thread_mutex_t *mutex )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_mutex_trylock( ldap_pvt_thread_mutex_t *mutex )
+{
+ return 0;
+}
+
+int
+ldap_pvt_thread_mutex_unlock( ldap_pvt_thread_mutex_t *mutex )
+{
+ return 0;
+}
+
+/*
+ * NO_THREADS requires a separate tpool implementation since
+ * generic ldap_pvt_thread_pool_wrapper loops forever.
+ */
+int
+ldap_pvt_thread_pool_init (
+ ldap_pvt_thread_pool_t *pool_out,
+ int max_concurrency, int max_pending )
+{
+ *pool_out = (ldap_pvt_thread_pool_t) 0;
+ return(0);
+}
+
+int
+ldap_pvt_thread_pool_submit (
+ ldap_pvt_thread_pool_t *pool,
+ ldap_pvt_thread_start_t *start_routine, void *arg )
+{
+ (start_routine)(NULL, arg);
+ return(0);
+}
+
+int
+ldap_pvt_thread_pool_maxthreads ( ldap_pvt_thread_pool_t *tpool, int max_threads )
+{
+ return(0);
+}
+
+int
+ldap_pvt_thread_pool_backload (
+ ldap_pvt_thread_pool_t *pool )
+{
+ return(0);
+}
+
+int
+ldap_pvt_thread_pool_destroy (
+ ldap_pvt_thread_pool_t *pool, int run_pending )
+{
+ return(0);
+}
+
+int ldap_pvt_thread_pool_getkey (
+ void *ctx, void *key, void **data, ldap_pvt_thread_pool_keyfree_t **kfree )
+{
+ return(0);
+}
+
+int ldap_pvt_thread_pool_setkey (
+ void *ctx, void *key, void *data, ldap_pvt_thread_pool_keyfree_t *kfree )
+{
+ return(0);
+}
+
+void ldap_pvt_thread_pool_purgekey( void *key )
+{
+}
+
+int ldap_pvt_thread_pool_pause (
+ ldap_pvt_thread_pool_t *tpool )
+{
+ return(0);
+}
+
+int ldap_pvt_thread_pool_resume (
+ ldap_pvt_thread_pool_t *tpool )
+{
+ return(0);
+}
+
+void *ldap_pvt_thread_pool_context( )
+{
+ return(NULL);
+}
+
+void ldap_pvt_thread_pool_context_reset( void *vctx )
+{
+}
+
+ldap_pvt_thread_t
+ldap_pvt_thread_self( void )
+{
+ return(0);
+}
+
+#endif /* NO_THREADS */
Added: openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_thr.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_thr.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap_r/thr_thr.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,162 @@
+/* thr_thr.c - wrappers around solaris threads */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_thr.c,v 1.15.2.4 2007/01/02 21:43:51 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#if defined( HAVE_THR )
+
+#include "ldap_pvt_thread.h" /* Get the thread interface */
+#define LDAP_THREAD_IMPLEMENTATION
+#include "ldap_thr_debug.h" /* May rename the symbols defined below */
+
+/*******************
+ * *
+ * Solaris Threads *
+ * *
+ *******************/
+
+int
+ldap_int_thread_initialize( void )
+{
+ return 0;
+}
+
+int
+ldap_int_thread_destroy( void )
+{
+ return 0;
+}
+
+#ifdef LDAP_THREAD_HAVE_SETCONCURRENCY
+int
+ldap_pvt_thread_set_concurrency(int n)
+{
+ return thr_setconcurrency( n );
+}
+#endif
+
+#ifdef LDAP_THREAD_HAVE_GETCONCURRENCY
+int
+ldap_pvt_thread_get_concurrency(void)
+{
+ return thr_getconcurrency();
+}
+#endif
+
+int
+ldap_pvt_thread_create( ldap_pvt_thread_t * thread,
+ int detach,
+ void *(*start_routine)( void *),
+ void *arg)
+{
+ return( thr_create( NULL, LDAP_PVT_THREAD_STACK_SIZE, start_routine,
+ arg, detach ? THR_DETACHED : 0, thread ) );
+}
+
+void
+ldap_pvt_thread_exit( void *retval )
+{
+ thr_exit( NULL );
+}
+
+int ldap_pvt_thread_join( ldap_pvt_thread_t thread, void **thread_return )
+{
+ thr_join( thread, NULL, thread_return );
+ return 0;
+}
+
+int
+ldap_pvt_thread_kill( ldap_pvt_thread_t thread, int signo )
+{
+ thr_kill( thread, signo );
+ return 0;
+}
+
+int
+ldap_pvt_thread_yield( void )
+{
+ thr_yield();
+ return 0;
+}
+
+int
+ldap_pvt_thread_cond_init( ldap_pvt_thread_cond_t *cond )
+{
+ return( cond_init( cond, USYNC_THREAD, NULL ) );
+}
+
+int
+ldap_pvt_thread_cond_signal( ldap_pvt_thread_cond_t *cond )
+{
+ return( cond_signal( cond ) );
+}
+
+int
+ldap_pvt_thread_cond_broadcast( ldap_pvt_thread_cond_t *cv )
+{
+ return( cond_broadcast( cv ) );
+}
+
+int
+ldap_pvt_thread_cond_wait( ldap_pvt_thread_cond_t *cond,
+ ldap_pvt_thread_mutex_t *mutex )
+{
+ return( cond_wait( cond, mutex ) );
+}
+
+int
+ldap_pvt_thread_cond_destroy( ldap_pvt_thread_cond_t *cv )
+{
+ return( cond_destroy( cv ) );
+}
+
+int
+ldap_pvt_thread_mutex_init( ldap_pvt_thread_mutex_t *mutex )
+{
+ return( mutex_init( mutex, USYNC_THREAD, NULL ) );
+}
+
+int
+ldap_pvt_thread_mutex_destroy( ldap_pvt_thread_mutex_t *mutex )
+{
+ return( mutex_destroy( mutex ) );
+}
+
+int
+ldap_pvt_thread_mutex_lock( ldap_pvt_thread_mutex_t *mutex )
+{
+ return( mutex_lock( mutex ) );
+}
+
+int
+ldap_pvt_thread_mutex_unlock( ldap_pvt_thread_mutex_t *mutex )
+{
+ return( mutex_unlock( mutex ) );
+}
+
+int
+ldap_pvt_thread_mutex_trylock( ldap_pvt_thread_mutex_t *mp )
+{
+ return( mutex_trylock( mp ) );
+}
+
+ldap_pvt_thread_t
+ldap_pvt_thread_self( void )
+{
+ return thr_self();
+}
+
+#endif /* HAVE_THR */
Added: openldap/vendor/openldap-2.3.35/libraries/libldap_r/threads.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap_r/threads.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap_r/threads.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,102 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/threads.c,v 1.15.2.4 2007/01/02 21:43:51 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdarg.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include "ldap_pvt_thread.h" /* Get the thread interface */
+#include "ldap_thr_debug.h" /* May redirect thread initialize/destroy calls */
+
+
+/*
+ * Common LDAP thread routines
+ * see thr_*.c for implementation specific routines
+ * see rdwr.c for generic reader/writer lock implementation
+ * see tpool.c for generic thread pool implementation
+ */
+
+
+int ldap_pvt_thread_initialize( void )
+{
+ int rc;
+ static int init = 0;
+
+ /* we only get one shot at this */
+ if( init++ ) return -1;
+
+ rc = ldap_int_thread_initialize();
+ if( rc ) return rc;
+
+#ifndef LDAP_THREAD_HAVE_TPOOL
+ rc = ldap_int_thread_pool_startup();
+ if( rc ) return rc;
+#endif
+
+ return 0;
+}
+
+int ldap_pvt_thread_destroy( void )
+{
+#ifndef LDAP_THREAD_HAVE_TPOOL
+ (void) ldap_int_thread_pool_shutdown();
+#endif
+ return ldap_int_thread_destroy();
+}
+
+
+/*
+ * Default implementations of some LDAP thread routines
+ */
+
+#define LDAP_THREAD_IMPLEMENTATION
+#include "ldap_thr_debug.h" /* May rename the symbols defined below */
+
+
+#ifndef LDAP_THREAD_HAVE_GETCONCURRENCY
+int
+ldap_pvt_thread_get_concurrency ( void )
+{
+ return 1;
+}
+#endif
+
+#ifndef LDAP_THREAD_HAVE_SETCONCURRENCY
+int
+ldap_pvt_thread_set_concurrency ( int concurrency )
+{
+ return 1;
+}
+#endif
+
+#ifndef LDAP_THREAD_HAVE_SLEEP
+/*
+ * Here we assume we have fully preemptive threads and that sleep()
+ * does the right thing.
+ */
+unsigned int
+ldap_pvt_thread_sleep(
+ unsigned int interval
+)
+{
+ sleep( interval );
+ return 0;
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/libldap_r/tpool.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/libldap_r/tpool.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/libldap_r/tpool.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,686 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/tpool.c,v 1.30.2.19 2007/04/01 09:53:06 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdarg.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/errno.h>
+
+#include "ldap-int.h"
+#include "ldap_pvt_thread.h" /* Get the thread interface */
+#include "ldap_queue.h"
+#define LDAP_THREAD_POOL_IMPLEMENTATION
+#include "ldap_thr_debug.h" /* May rename symbols defined below */
+
+#ifndef LDAP_THREAD_HAVE_TPOOL
+
+typedef enum ldap_int_thread_pool_state_e {
+ LDAP_INT_THREAD_POOL_RUNNING,
+ LDAP_INT_THREAD_POOL_FINISHING,
+ LDAP_INT_THREAD_POOL_STOPPING,
+ LDAP_INT_THREAD_POOL_PAUSING
+} ldap_int_thread_pool_state_t;
+
+typedef struct ldap_int_thread_key_s {
+ void *ltk_key;
+ void *ltk_data;
+ ldap_pvt_thread_pool_keyfree_t *ltk_free;
+} ldap_int_thread_key_t;
+
+/* Max number of thread-specific keys we store per thread.
+ * We don't expect to use many...
+ */
+#define MAXKEYS 32
+#define LDAP_MAXTHR 1024 /* must be a power of 2 */
+
+static ldap_pvt_thread_t tid_zero;
+
+static struct {
+ ldap_pvt_thread_t id;
+ ldap_int_thread_key_t *ctx;
+} thread_keys[LDAP_MAXTHR];
+
+
+typedef struct ldap_int_thread_ctx_s {
+ union {
+ LDAP_STAILQ_ENTRY(ldap_int_thread_ctx_s) q;
+ LDAP_SLIST_ENTRY(ldap_int_thread_ctx_s) l;
+ LDAP_SLIST_ENTRY(ldap_int_thread_ctx_s) al;
+ } ltc_next;
+ ldap_pvt_thread_start_t *ltc_start_routine;
+ void *ltc_arg;
+} ldap_int_thread_ctx_t;
+
+struct ldap_int_thread_pool_s {
+ LDAP_STAILQ_ENTRY(ldap_int_thread_pool_s) ltp_next;
+ ldap_pvt_thread_mutex_t ltp_mutex;
+ ldap_pvt_thread_cond_t ltp_cond;
+ ldap_pvt_thread_cond_t ltp_pcond;
+ LDAP_STAILQ_HEAD(tcq, ldap_int_thread_ctx_s) ltp_pending_list;
+ LDAP_SLIST_HEAD(tcl, ldap_int_thread_ctx_s) ltp_free_list;
+ LDAP_SLIST_HEAD(tclq, ldap_int_thread_ctx_s) ltp_active_list;
+ ldap_int_thread_pool_state_t ltp_state;
+ long ltp_max_count;
+ long ltp_max_pending;
+ long ltp_pending_count;
+ long ltp_active_count;
+ long ltp_open_count;
+ long ltp_starting;
+};
+
+static LDAP_STAILQ_HEAD(tpq, ldap_int_thread_pool_s)
+ ldap_int_thread_pool_list =
+ LDAP_STAILQ_HEAD_INITIALIZER(ldap_int_thread_pool_list);
+
+static ldap_pvt_thread_mutex_t ldap_pvt_thread_pool_mutex;
+
+static void *ldap_int_thread_pool_wrapper( void *pool );
+
+static ldap_pvt_thread_t ldap_int_main_tid;
+
+static ldap_int_thread_key_t ldap_int_main_thrctx[LDAP_MAXTHR];
+
+int
+ldap_int_thread_pool_startup ( void )
+{
+ ldap_int_main_tid = ldap_pvt_thread_self();
+
+ return ldap_pvt_thread_mutex_init(&ldap_pvt_thread_pool_mutex);
+}
+
+int
+ldap_int_thread_pool_shutdown ( void )
+{
+ struct ldap_int_thread_pool_s *pool;
+
+ while ((pool = LDAP_STAILQ_FIRST(&ldap_int_thread_pool_list)) != NULL) {
+ (ldap_pvt_thread_pool_destroy)(&pool, 0); /* ignore thr_debug macro */
+ }
+ ldap_pvt_thread_mutex_destroy(&ldap_pvt_thread_pool_mutex);
+ return(0);
+}
+
+int
+ldap_pvt_thread_pool_init (
+ ldap_pvt_thread_pool_t *tpool,
+ int max_threads,
+ int max_pending )
+{
+ ldap_pvt_thread_pool_t pool;
+ int rc;
+
+ *tpool = NULL;
+ pool = (ldap_pvt_thread_pool_t) LDAP_CALLOC(1,
+ sizeof(struct ldap_int_thread_pool_s));
+
+ if (pool == NULL) return(-1);
+
+ rc = ldap_pvt_thread_mutex_init(&pool->ltp_mutex);
+ if (rc != 0)
+ return(rc);
+ rc = ldap_pvt_thread_cond_init(&pool->ltp_cond);
+ if (rc != 0)
+ return(rc);
+ rc = ldap_pvt_thread_cond_init(&pool->ltp_pcond);
+ if (rc != 0)
+ return(rc);
+ pool->ltp_state = LDAP_INT_THREAD_POOL_RUNNING;
+ pool->ltp_max_count = max_threads;
+ pool->ltp_max_pending = max_pending;
+ LDAP_STAILQ_INIT(&pool->ltp_pending_list);
+ LDAP_SLIST_INIT(&pool->ltp_free_list);
+ LDAP_SLIST_INIT(&pool->ltp_active_list);
+ ldap_pvt_thread_mutex_lock(&ldap_pvt_thread_pool_mutex);
+ LDAP_STAILQ_INSERT_TAIL(&ldap_int_thread_pool_list, pool, ltp_next);
+ ldap_pvt_thread_mutex_unlock(&ldap_pvt_thread_pool_mutex);
+
+#if 0
+ /* THIS WILL NOT WORK on some systems. If the process
+ * forks after starting a thread, there is no guarantee
+ * that the thread will survive the fork. For example,
+ * slapd forks in order to daemonize, and does so after
+ * calling ldap_pvt_thread_pool_init. On some systems,
+ * this initial thread does not run in the child process,
+ * but ltp_open_count == 1, so two things happen:
+ * 1) the first client connection fails, and 2) when
+ * slapd is kill'ed, it never terminates since it waits
+ * for all worker threads to exit. */
+
+ /* start up one thread, just so there is one. no need to
+ * lock the mutex right now, since no threads are running.
+ */
+ pool->ltp_open_count++;
+
+ ldap_pvt_thread_t thr;
+ rc = ldap_pvt_thread_create( &thr, 1, ldap_int_thread_pool_wrapper, pool );
+
+ if( rc != 0) {
+ /* couldn't start one? then don't start any */
+ ldap_pvt_thread_mutex_lock(&ldap_pvt_thread_pool_mutex);
+ LDAP_STAILQ_REMOVE(ldap_int_thread_pool_list, pool,
+ ldap_int_thread_pool_s, ltp_next);
+ ldap_pvt_thread_mutex_unlock(&ldap_pvt_thread_pool_mutex);
+ ldap_pvt_thread_cond_destroy(&pool->ltp_pcond);
+ ldap_pvt_thread_cond_destroy(&pool->ltp_cond);
+ ldap_pvt_thread_mutex_destroy(&pool->ltp_mutex);
+ LDAP_FREE(pool);
+ return(-1);
+ }
+#endif
+
+ *tpool = pool;
+ return(0);
+}
+
+#define TID_HASH(tid, hash) do { unsigned i; \
+ unsigned char *ptr = (unsigned char *)&(tid); \
+ for (i=0, hash=0; i<sizeof(tid); i++) hash += ptr[i]; } while(0)
+
+int
+ldap_pvt_thread_pool_submit (
+ ldap_pvt_thread_pool_t *tpool,
+ ldap_pvt_thread_start_t *start_routine, void *arg )
+{
+ struct ldap_int_thread_pool_s *pool;
+ ldap_int_thread_ctx_t *ctx;
+ int need_thread = 0;
+ ldap_pvt_thread_t thr;
+
+ if (tpool == NULL)
+ return(-1);
+
+ pool = *tpool;
+
+ if (pool == NULL)
+ return(-1);
+
+ ldap_pvt_thread_mutex_lock(&pool->ltp_mutex);
+ if ((pool->ltp_state != LDAP_INT_THREAD_POOL_RUNNING &&
+ pool->ltp_state != LDAP_INT_THREAD_POOL_PAUSING)
+ || (pool->ltp_max_pending > 0
+ && pool->ltp_pending_count >= pool->ltp_max_pending))
+ {
+ ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
+ return(-1);
+ }
+ ctx = LDAP_SLIST_FIRST(&pool->ltp_free_list);
+ if (ctx) {
+ LDAP_SLIST_REMOVE_HEAD(&pool->ltp_free_list, ltc_next.l);
+ } else {
+ ctx = (ldap_int_thread_ctx_t *) LDAP_MALLOC(
+ sizeof(ldap_int_thread_ctx_t));
+ if (ctx == NULL) {
+ ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
+ return(-1);
+ }
+ }
+
+ ctx->ltc_start_routine = start_routine;
+ ctx->ltc_arg = arg;
+
+ pool->ltp_pending_count++;
+ LDAP_STAILQ_INSERT_TAIL(&pool->ltp_pending_list, ctx, ltc_next.q);
+ if (pool->ltp_state == LDAP_INT_THREAD_POOL_PAUSING) {
+ ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
+ return(0);
+ }
+ ldap_pvt_thread_cond_signal(&pool->ltp_cond);
+ if (pool->ltp_open_count < pool->ltp_active_count + pool->ltp_pending_count
+ && (pool->ltp_open_count < pool->ltp_max_count ||
+ pool->ltp_max_count <= 0 ))
+ {
+ pool->ltp_open_count++;
+ pool->ltp_starting++;
+ need_thread = 1;
+ }
+ ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
+
+ if (need_thread) {
+ int rc;
+
+ ldap_pvt_thread_mutex_lock(&pool->ltp_mutex);
+
+ rc = ldap_pvt_thread_create( &thr, 1,
+ ldap_int_thread_pool_wrapper, pool );
+ if (rc == 0) {
+ int hash;
+ pool->ltp_starting--;
+
+ /* assign this thread ID to a key slot; start
+ * at the thread ID itself (mod LDAP_MAXTHR) and
+ * look for an empty slot.
+ */
+ TID_HASH(thr, hash);
+ for (rc = hash & (LDAP_MAXTHR-1);
+ !ldap_pvt_thread_equal(thread_keys[rc].id, tid_zero);
+ rc = (rc+1) & (LDAP_MAXTHR-1));
+ thread_keys[rc].id = thr;
+ } else {
+ /* couldn't create thread. back out of
+ * ltp_open_count and check for even worse things.
+ */
+ pool->ltp_open_count--;
+ pool->ltp_starting--;
+ if (pool->ltp_open_count == 0) {
+ /* no open threads at all?!?
+ */
+ ldap_int_thread_ctx_t *ptr;
+ LDAP_STAILQ_FOREACH(ptr, &pool->ltp_pending_list, ltc_next.q)
+ if (ptr == ctx) break;
+ if (ptr == ctx) {
+ /* no open threads, context not handled, so
+ * back out of ltp_pending_count, free the context,
+ * report the error.
+ */
+ LDAP_STAILQ_REMOVE(&pool->ltp_pending_list, ctx,
+ ldap_int_thread_ctx_s, ltc_next.q);
+ pool->ltp_pending_count++;
+ ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
+ LDAP_FREE(ctx);
+ return(-1);
+ }
+ }
+ /* there is another open thread, so this
+ * context will be handled eventually.
+ * continue on and signal that the context
+ * is waiting.
+ */
+ }
+ ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
+ }
+
+ return(0);
+}
+
+int
+ldap_pvt_thread_pool_maxthreads ( ldap_pvt_thread_pool_t *tpool, int max_threads )
+{
+ struct ldap_int_thread_pool_s *pool;
+
+ if (tpool == NULL)
+ return(-1);
+
+ pool = *tpool;
+
+ if (pool == NULL)
+ return(-1);
+
+ ldap_pvt_thread_mutex_lock(&pool->ltp_mutex);
+ pool->ltp_max_count = max_threads;
+ ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
+ return(0);
+}
+
+int
+ldap_pvt_thread_pool_backload ( ldap_pvt_thread_pool_t *tpool )
+{
+ struct ldap_int_thread_pool_s *pool;
+ int count;
+
+ if (tpool == NULL)
+ return(-1);
+
+ pool = *tpool;
+
+ if (pool == NULL)
+ return(0);
+
+ ldap_pvt_thread_mutex_lock(&pool->ltp_mutex);
+ count = pool->ltp_pending_count + pool->ltp_active_count;
+ ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
+ return(count);
+}
+
+int
+ldap_pvt_thread_pool_destroy ( ldap_pvt_thread_pool_t *tpool, int run_pending )
+{
+ struct ldap_int_thread_pool_s *pool, *pptr;
+ ldap_int_thread_ctx_t *ctx;
+
+ if (tpool == NULL)
+ return(-1);
+
+ pool = *tpool;
+
+ if (pool == NULL) return(-1);
+
+ ldap_pvt_thread_mutex_lock(&ldap_pvt_thread_pool_mutex);
+ LDAP_STAILQ_FOREACH(pptr, &ldap_int_thread_pool_list, ltp_next)
+ if (pptr == pool) break;
+ if (pptr == pool)
+ LDAP_STAILQ_REMOVE(&ldap_int_thread_pool_list, pool,
+ ldap_int_thread_pool_s, ltp_next);
+ ldap_pvt_thread_mutex_unlock(&ldap_pvt_thread_pool_mutex);
+
+ if (pool != pptr) return(-1);
+
+ ldap_pvt_thread_mutex_lock(&pool->ltp_mutex);
+ pool->ltp_state = run_pending
+ ? LDAP_INT_THREAD_POOL_FINISHING
+ : LDAP_INT_THREAD_POOL_STOPPING;
+
+ if ( pool->ltp_open_count ) {
+ ldap_pvt_thread_cond_broadcast(&pool->ltp_cond);
+ ldap_pvt_thread_cond_wait(&pool->ltp_cond, &pool->ltp_mutex);
+ }
+ ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
+
+ while ((ctx = LDAP_STAILQ_FIRST(&pool->ltp_pending_list)) != NULL)
+ {
+ LDAP_STAILQ_REMOVE_HEAD(&pool->ltp_pending_list, ltc_next.q);
+ LDAP_FREE(ctx);
+ }
+
+ while ((ctx = LDAP_SLIST_FIRST(&pool->ltp_free_list)) != NULL)
+ {
+ LDAP_SLIST_REMOVE_HEAD(&pool->ltp_free_list, ltc_next.l);
+ LDAP_FREE(ctx);
+ }
+
+ ldap_pvt_thread_cond_destroy(&pool->ltp_pcond);
+ ldap_pvt_thread_cond_destroy(&pool->ltp_cond);
+ ldap_pvt_thread_mutex_destroy(&pool->ltp_mutex);
+ LDAP_FREE(pool);
+ return(0);
+}
+
+static void *
+ldap_int_thread_pool_wrapper (
+ void *xpool )
+{
+ struct ldap_int_thread_pool_s *pool = xpool;
+ ldap_int_thread_ctx_t *ctx;
+ ldap_int_thread_key_t ltc_key[MAXKEYS];
+ ldap_pvt_thread_t tid;
+ int i, keyslot, hash;
+
+ if (pool == NULL)
+ return NULL;
+
+ for ( i=0; i<MAXKEYS; i++ ) {
+ ltc_key[i].ltk_key = NULL;
+ }
+
+ tid = ldap_pvt_thread_self();
+
+ ldap_pvt_thread_mutex_lock(&pool->ltp_mutex);
+
+ /* store pointer to our keys */
+ TID_HASH(tid, hash);
+ for (i = hash & (LDAP_MAXTHR-1);
+ !ldap_pvt_thread_equal(thread_keys[i].id, tid);
+ i = (i+1) & (LDAP_MAXTHR-1));
+ thread_keys[i].ctx = ltc_key;
+ keyslot = i;
+
+ while (pool->ltp_state != LDAP_INT_THREAD_POOL_STOPPING) {
+ ctx = LDAP_STAILQ_FIRST(&pool->ltp_pending_list);
+ if (ctx) {
+ LDAP_STAILQ_REMOVE_HEAD(&pool->ltp_pending_list, ltc_next.q);
+ } else {
+ if (pool->ltp_state == LDAP_INT_THREAD_POOL_FINISHING)
+ break;
+ if (pool->ltp_max_count > 0
+ && pool->ltp_open_count > pool->ltp_max_count)
+ {
+ /* too many threads running (can happen if the
+ * maximum threads value is set during ongoing
+ * operation using ldap_pvt_thread_pool_maxthreads)
+ * so let this thread die.
+ */
+ break;
+ }
+
+ /* we could check an idle timer here, and let the
+ * thread die if it has been inactive for a while.
+ * only die if there are other open threads (i.e.,
+ * always have at least one thread open). the check
+ * should be like this:
+ * if (pool->ltp_open_count > 1 && pool->ltp_starting == 0)
+ * check timer, leave thread (break;)
+ *
+ * Just use pthread_cond_timedwait if we want to
+ * check idle time.
+ */
+
+ if (pool->ltp_state == LDAP_INT_THREAD_POOL_RUNNING
+ || pool->ltp_state == LDAP_INT_THREAD_POOL_PAUSING)
+ {
+ ldap_pvt_thread_cond_wait(&pool->ltp_cond, &pool->ltp_mutex);
+ }
+
+ continue;
+ }
+
+ pool->ltp_pending_count--;
+
+ LDAP_SLIST_INSERT_HEAD(&pool->ltp_active_list, ctx, ltc_next.al);
+ pool->ltp_active_count++;
+ ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
+
+ ctx->ltc_start_routine(ltc_key, ctx->ltc_arg);
+
+ ldap_pvt_thread_mutex_lock(&pool->ltp_mutex);
+ LDAP_SLIST_REMOVE(&pool->ltp_active_list, ctx,
+ ldap_int_thread_ctx_s, ltc_next.al);
+ LDAP_SLIST_INSERT_HEAD(&pool->ltp_free_list, ctx, ltc_next.l);
+ pool->ltp_active_count--;
+
+ if (pool->ltp_state == LDAP_INT_THREAD_POOL_PAUSING) {
+ if (pool->ltp_active_count < 2) {
+ ldap_pvt_thread_cond_signal(&pool->ltp_pcond);
+ }
+ ldap_pvt_thread_cond_wait(&pool->ltp_cond, &pool->ltp_mutex);
+ }
+ }
+
+ ldap_pvt_thread_pool_context_reset( ltc_key );
+
+ thread_keys[keyslot].ctx = NULL;
+ thread_keys[keyslot].id = tid_zero;
+
+ pool->ltp_open_count--;
+
+ /* let pool_destroy know we're all done */
+ if (pool->ltp_open_count < 1)
+ ldap_pvt_thread_cond_signal(&pool->ltp_cond);
+
+ ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
+
+ ldap_pvt_thread_exit(NULL);
+ return(NULL);
+}
+
+int
+ldap_pvt_thread_pool_pause (
+ ldap_pvt_thread_pool_t *tpool )
+{
+ struct ldap_int_thread_pool_s *pool;
+
+ if (tpool == NULL)
+ return(-1);
+
+ pool = *tpool;
+
+ if (pool == NULL)
+ return(0);
+
+ ldap_pvt_thread_mutex_lock(&pool->ltp_mutex);
+
+ /* If someone else has already requested a pause, we have to wait */
+ while (pool->ltp_state == LDAP_INT_THREAD_POOL_PAUSING) {
+ pool->ltp_pending_count++;
+ pool->ltp_active_count--;
+ ldap_pvt_thread_cond_wait(&pool->ltp_cond, &pool->ltp_mutex);
+ pool->ltp_pending_count--;
+ pool->ltp_active_count++;
+ }
+ /* Wait for everyone else to finish */
+ pool->ltp_state = LDAP_INT_THREAD_POOL_PAUSING;
+ while (pool->ltp_active_count > 1) {
+ ldap_pvt_thread_cond_wait(&pool->ltp_pcond, &pool->ltp_mutex);
+ }
+ ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
+ return(0);
+}
+
+int
+ldap_pvt_thread_pool_resume (
+ ldap_pvt_thread_pool_t *tpool )
+{
+ struct ldap_int_thread_pool_s *pool;
+
+ if (tpool == NULL)
+ return(-1);
+
+ pool = *tpool;
+
+ if (pool == NULL)
+ return(0);
+
+ ldap_pvt_thread_mutex_lock(&pool->ltp_mutex);
+
+ pool->ltp_state = LDAP_INT_THREAD_POOL_RUNNING;
+ ldap_pvt_thread_cond_broadcast(&pool->ltp_cond);
+ ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
+ return(0);
+}
+
+int ldap_pvt_thread_pool_getkey(
+ void *xctx,
+ void *key,
+ void **data,
+ ldap_pvt_thread_pool_keyfree_t **kfree )
+{
+ ldap_int_thread_key_t *ctx = xctx;
+ int i;
+
+ if ( !ctx || !data ) return EINVAL;
+
+ for ( i=0; i<MAXKEYS && ctx[i].ltk_key; i++ ) {
+ if ( ctx[i].ltk_key == key ) {
+ *data = ctx[i].ltk_data;
+ if ( kfree ) *kfree = ctx[i].ltk_free;
+ return 0;
+ }
+ }
+ return ENOENT;
+}
+
+int ldap_pvt_thread_pool_setkey(
+ void *xctx,
+ void *key,
+ void *data,
+ ldap_pvt_thread_pool_keyfree_t *kfree )
+{
+ ldap_int_thread_key_t *ctx = xctx;
+ int i;
+
+ if ( !ctx || !key ) return EINVAL;
+
+ for ( i=0; i<MAXKEYS; i++ ) {
+ if (( data && !ctx[i].ltk_key ) || ctx[i].ltk_key == key ) {
+ if ( data || kfree ) {
+ ctx[i].ltk_key = key;
+ ctx[i].ltk_data = data;
+ ctx[i].ltk_free = kfree;
+ } else {
+ int j;
+ for ( j=i+1; j<MAXKEYS; j++ )
+ if ( !ctx[j].ltk_key ) break;
+ j--;
+ if ( j != i ) {
+ ctx[i].ltk_key = ctx[j].ltk_key;
+ ctx[i].ltk_data = ctx[j].ltk_data;
+ ctx[i].ltk_free = ctx[j].ltk_free;
+ }
+ ctx[j].ltk_key = NULL;
+ ctx[j].ltk_data = NULL;
+ ctx[j].ltk_free = NULL;
+ }
+ return 0;
+ }
+ }
+ return ENOMEM;
+}
+
+/* Free all elements with this key, no matter which thread they're in.
+ * May only be called while the pool is paused.
+ */
+void ldap_pvt_thread_pool_purgekey( void *key )
+{
+ int i, j;
+ ldap_int_thread_key_t *ctx;
+
+ for ( i=0; i<LDAP_MAXTHR; i++ ) {
+ if ( thread_keys[i].ctx ) {
+ ctx = thread_keys[i].ctx;
+ for ( j=0; j<MAXKEYS; j++ ) {
+ if ( ctx[j].ltk_key == key ) {
+ if (ctx[j].ltk_free)
+ ctx[j].ltk_free( ctx[j].ltk_key, ctx[j].ltk_data );
+ ctx[j].ltk_key = NULL;
+ ctx[j].ltk_free = NULL;
+ break;
+ }
+ }
+ }
+ }
+}
+
+/*
+ * This is necessary if the caller does not have access to the
+ * thread context handle (for example, a slapd plugin calling
+ * slapi_search_internal()). No doubt it is more efficient to
+ * for the application to keep track of the thread context
+ * handles itself.
+ */
+void *ldap_pvt_thread_pool_context( )
+{
+ ldap_pvt_thread_t tid;
+ int i, hash;
+
+ tid = ldap_pvt_thread_self();
+ if ( ldap_pvt_thread_equal( tid, ldap_int_main_tid ))
+ return ldap_int_main_thrctx;
+
+ TID_HASH( tid, hash );
+ for (i = hash & (LDAP_MAXTHR-1);
+ !ldap_pvt_thread_equal(thread_keys[i].id, tid_zero) &&
+ !ldap_pvt_thread_equal(thread_keys[i].id, tid);
+ i = (i+1) & (LDAP_MAXTHR-1));
+
+ return thread_keys[i].ctx;
+}
+
+void ldap_pvt_thread_pool_context_reset( void *vctx )
+{
+ ldap_int_thread_key_t *ctx = vctx;
+ int i;
+
+ for ( i=MAXKEYS-1; i>=0; i--) {
+ if ( ctx[i].ltk_key == NULL )
+ continue;
+ if ( ctx[i].ltk_free )
+ ctx[i].ltk_free( ctx[i].ltk_key, ctx[i].ltk_data );
+ ctx[i].ltk_key = NULL;
+ }
+}
+#endif /* LDAP_THREAD_HAVE_TPOOL */
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/CompositionExclusions.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/CompositionExclusions.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/CompositionExclusions.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,176 @@
+# CompositionExclusions-3.2.0.txt
+# Date: 2002-03-19,23:30:28 GMT [MD]
+#
+# This file lists the characters from the UAX #15 Composition Exclusion Table.
+#
+# The format of the comments in this file has been updated since the last version,
+# CompositionExclusions-3.txt. The only substantive change to this file between that
+# version and this one is the addition of U+2ADC FORKING.
+#
+# For more information, see
+# http://www.unicode.org/unicode/reports/tr15/#Primary Exclusion List Table
+# ================================================
+
+# (1) Script Specifics
+# This list of characters cannot be derived from the UnicodeData file.
+# ================================================
+
+0958 # DEVANAGARI LETTER QA
+0959 # DEVANAGARI LETTER KHHA
+095A # DEVANAGARI LETTER GHHA
+095B # DEVANAGARI LETTER ZA
+095C # DEVANAGARI LETTER DDDHA
+095D # DEVANAGARI LETTER RHA
+095E # DEVANAGARI LETTER FA
+095F # DEVANAGARI LETTER YYA
+09DC # BENGALI LETTER RRA
+09DD # BENGALI LETTER RHA
+09DF # BENGALI LETTER YYA
+0A33 # GURMUKHI LETTER LLA
+0A36 # GURMUKHI LETTER SHA
+0A59 # GURMUKHI LETTER KHHA
+0A5A # GURMUKHI LETTER GHHA
+0A5B # GURMUKHI LETTER ZA
+0A5E # GURMUKHI LETTER FA
+0B5C # ORIYA LETTER RRA
+0B5D # ORIYA LETTER RHA
+0F43 # TIBETAN LETTER GHA
+0F4D # TIBETAN LETTER DDHA
+0F52 # TIBETAN LETTER DHA
+0F57 # TIBETAN LETTER BHA
+0F5C # TIBETAN LETTER DZHA
+0F69 # TIBETAN LETTER KSSA
+0F76 # TIBETAN VOWEL SIGN VOCALIC R
+0F78 # TIBETAN VOWEL SIGN VOCALIC L
+0F93 # TIBETAN SUBJOINED LETTER GHA
+0F9D # TIBETAN SUBJOINED LETTER DDHA
+0FA2 # TIBETAN SUBJOINED LETTER DHA
+0FA7 # TIBETAN SUBJOINED LETTER BHA
+0FAC # TIBETAN SUBJOINED LETTER DZHA
+0FB9 # TIBETAN SUBJOINED LETTER KSSA
+FB1D # HEBREW LETTER YOD WITH HIRIQ
+FB1F # HEBREW LIGATURE YIDDISH YOD YOD PATAH
+FB2A # HEBREW LETTER SHIN WITH SHIN DOT
+FB2B # HEBREW LETTER SHIN WITH SIN DOT
+FB2C # HEBREW LETTER SHIN WITH DAGESH AND SHIN DOT
+FB2D # HEBREW LETTER SHIN WITH DAGESH AND SIN DOT
+FB2E # HEBREW LETTER ALEF WITH PATAH
+FB2F # HEBREW LETTER ALEF WITH QAMATS
+FB30 # HEBREW LETTER ALEF WITH MAPIQ
+FB31 # HEBREW LETTER BET WITH DAGESH
+FB32 # HEBREW LETTER GIMEL WITH DAGESH
+FB33 # HEBREW LETTER DALET WITH DAGESH
+FB34 # HEBREW LETTER HE WITH MAPIQ
+FB35 # HEBREW LETTER VAV WITH DAGESH
+FB36 # HEBREW LETTER ZAYIN WITH DAGESH
+FB38 # HEBREW LETTER TET WITH DAGESH
+FB39 # HEBREW LETTER YOD WITH DAGESH
+FB3A # HEBREW LETTER FINAL KAF WITH DAGESH
+FB3B # HEBREW LETTER KAF WITH DAGESH
+FB3C # HEBREW LETTER LAMED WITH DAGESH
+FB3E # HEBREW LETTER MEM WITH DAGESH
+FB40 # HEBREW LETTER NUN WITH DAGESH
+FB41 # HEBREW LETTER SAMEKH WITH DAGESH
+FB43 # HEBREW LETTER FINAL PE WITH DAGESH
+FB44 # HEBREW LETTER PE WITH DAGESH
+FB46 # HEBREW LETTER TSADI WITH DAGESH
+FB47 # HEBREW LETTER QOF WITH DAGESH
+FB48 # HEBREW LETTER RESH WITH DAGESH
+FB49 # HEBREW LETTER SHIN WITH DAGESH
+FB4A # HEBREW LETTER TAV WITH DAGESH
+FB4B # HEBREW LETTER VAV WITH HOLAM
+FB4C # HEBREW LETTER BET WITH RAFE
+FB4D # HEBREW LETTER KAF WITH RAFE
+FB4E # HEBREW LETTER PE WITH RAFE
+
+# Total code points: 67
+
+# ================================================
+# (2) Post Composition Version precomposed characters
+# These characters cannot be derived solely from the UnicodeData.txt file
+# in this version of Unicode.
+# ================================================
+
+2ADC # FORKING
+1D15E # MUSICAL SYMBOL HALF NOTE
+1D15F # MUSICAL SYMBOL QUARTER NOTE
+1D160 # MUSICAL SYMBOL EIGHTH NOTE
+1D161 # MUSICAL SYMBOL SIXTEENTH NOTE
+1D162 # MUSICAL SYMBOL THIRTY-SECOND NOTE
+1D163 # MUSICAL SYMBOL SIXTY-FOURTH NOTE
+1D164 # MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE
+1D1BB # MUSICAL SYMBOL MINIMA
+1D1BC # MUSICAL SYMBOL MINIMA BLACK
+1D1BD # MUSICAL SYMBOL SEMIMINIMA WHITE
+1D1BE # MUSICAL SYMBOL SEMIMINIMA BLACK
+1D1BF # MUSICAL SYMBOL FUSA WHITE
+1D1C0 # MUSICAL SYMBOL FUSA BLACK
+
+# Total code points: 14
+
+# ================================================
+# (3) Singleton Decompositions
+# These characters can be derived from the UnicodeData file
+# by including all characters whose canonical decomposition
+# consists of a single character.
+# These characters are simply quoted here for reference.
+# ================================================
+
+# 0340..0341 [2] COMBINING GRAVE TONE MARK..COMBINING ACUTE TONE MARK
+# 0343 COMBINING GREEK KORONIS
+# 0374 GREEK NUMERAL SIGN
+# 037E GREEK QUESTION MARK
+# 0387 GREEK ANO TELEIA
+# 1F71 GREEK SMALL LETTER ALPHA WITH OXIA
+# 1F73 GREEK SMALL LETTER EPSILON WITH OXIA
+# 1F75 GREEK SMALL LETTER ETA WITH OXIA
+# 1F77 GREEK SMALL LETTER IOTA WITH OXIA
+# 1F79 GREEK SMALL LETTER OMICRON WITH OXIA
+# 1F7B GREEK SMALL LETTER UPSILON WITH OXIA
+# 1F7D GREEK SMALL LETTER OMEGA WITH OXIA
+# 1FBB GREEK CAPITAL LETTER ALPHA WITH OXIA
+# 1FBE GREEK PROSGEGRAMMENI
+# 1FC9 GREEK CAPITAL LETTER EPSILON WITH OXIA
+# 1FCB GREEK CAPITAL LETTER ETA WITH OXIA
+# 1FD3 GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA
+# 1FDB GREEK CAPITAL LETTER IOTA WITH OXIA
+# 1FE3 GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND OXIA
+# 1FEB GREEK CAPITAL LETTER UPSILON WITH OXIA
+# 1FEE..1FEF [2] GREEK DIALYTIKA AND OXIA..GREEK VARIA
+# 1FF9 GREEK CAPITAL LETTER OMICRON WITH OXIA
+# 1FFB GREEK CAPITAL LETTER OMEGA WITH OXIA
+# 1FFD GREEK OXIA
+# 2000..2001 [2] EN QUAD..EM QUAD
+# 2126 OHM SIGN
+# 212A..212B [2] KELVIN SIGN..ANGSTROM SIGN
+# 2329 LEFT-POINTING ANGLE BRACKET
+# 232A RIGHT-POINTING ANGLE BRACKET
+# F900..FA0D [270] CJK COMPATIBILITY IDEOGRAPH-F900..CJK COMPATIBILITY IDEOGRAPH-FA0D
+# FA10 CJK COMPATIBILITY IDEOGRAPH-FA10
+# FA12 CJK COMPATIBILITY IDEOGRAPH-FA12
+# FA15..FA1E [10] CJK COMPATIBILITY IDEOGRAPH-FA15..CJK COMPATIBILITY IDEOGRAPH-FA1E
+# FA20 CJK COMPATIBILITY IDEOGRAPH-FA20
+# FA22 CJK COMPATIBILITY IDEOGRAPH-FA22
+# FA25..FA26 [2] CJK COMPATIBILITY IDEOGRAPH-FA25..CJK COMPATIBILITY IDEOGRAPH-FA26
+# FA2A..FA2D [4] CJK COMPATIBILITY IDEOGRAPH-FA2A..CJK COMPATIBILITY IDEOGRAPH-FA2D
+# FA30..FA6A [59] CJK COMPATIBILITY IDEOGRAPH-FA30..CJK COMPATIBILITY IDEOGRAPH-FA6A
+# 2F800..2FA1D [542] CJK COMPATIBILITY IDEOGRAPH-2F800..CJK COMPATIBILITY IDEOGRAPH-2FA1D
+
+# Total code points: 924
+
+# ================================================
+# (4) Non-Starter Decompositions
+# These characters can be derived from the UnicodeData file
+# by including all characters whose canonical decomposition consists
+# of a sequence of characters, the first of which has a non-zero
+# combining class.
+# These characters are simply quoted here for reference.
+# ================================================
+
+# 0344 COMBINING GREEK DIALYTIKA TONOS
+# 0F73 TIBETAN VOWEL SIGN II
+# 0F75 TIBETAN VOWEL SIGN UU
+# 0F81 TIBETAN VOWEL SIGN REVERSED II
+
+# Total code points: 4
+
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,54 @@
+# Makefile.in for LDAP -llunicode
+# $OpenLDAP: pkg/ldap/libraries/liblunicode/Makefile.in,v 1.26.2.7 2007/01/02 21:43:51 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+LIBRARY = liblunicode.a
+
+XXDIR = $(srcdir)/ucdata/
+XXHEADERS = ucdata.h ure.h uctable.h
+
+XXSRCS = ucdata.c ucgendat.c ure.c urestubs.c
+SRCS = ucstr.c
+OBJS = ucdata.o ure.o urestubs.o ucstr.o
+
+XLIB = $(LIBRARY)
+XLIBS = $(LDAP_LIBLBER_LA) $(LDAP_LIBLUTIL_A)
+#PROGRAMS = ucgendat
+
+LDAP_INCDIR= ../../include
+LDAP_LIBDIR= ../../libraries
+
+uctable.h: $(XXDIR)/uctable.h
+
+$(XXDIR)/uctable.h: $(XXDIR)/ucgendat.c $(srcdir)/UnicodeData.txt $(srcdir)/CompositionExclusions.txt
+ $(MAKE) ucgendat
+ ./ucgendat $(srcdir)/UnicodeData.txt -x $(srcdir)/CompositionExclusions.txt
+
+ucgendat: $(XLIBS) ucgendat.o
+ $(LTLINK) -o $@ ucgendat.o $(LIBS)
+
+.links :
+ @for i in $(XXSRCS) $(XXHEADERS); do \
+ $(RM) $$i ; \
+ ii=`find $(srcdir) -name $$i` ; \
+ $(LN_S) $$ii . ; \
+ done
+ touch .links
+
+$(XXSRCS) $(XXHEADERS) : .links
+
+clean-local: FORCE
+ @$(RM) *.dat .links $(XXHEADERS) ucgendat
+
+depend-common: .links
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/UCD-Terms
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/UCD-Terms (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/UCD-Terms 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,29 @@
+UCD Terms of Use (http://www.unicode.org/Public/UNIDATA/UCD.html)
+
+Disclaimer
+
+The Unicode Character Database is provided as is by Unicode, Inc.
+No claims are made as to fitness for any particular purpose. No
+warranties of any kind are expressed or implied. The recipient
+agrees to determine applicability of information provided. If this
+file has been purchased on magnetic or optical media from Unicode,
+Inc., the sole remedy for any claim will be exchange of defective
+media within 90 days of receipt.
+
+This disclaimer is applicable for all other data files accompanying
+the Unicode Character Database, some of which have been compiled
+by the Unicode Consortium, and some of which have been supplied by
+other sources.
+
+Limitations on Rights to Redistribute This Data
+
+Recipient is granted the right to make copies in any form for
+internal distribution and to freely use the information supplied
+in the creation of products supporting the Unicode (TM) Standard.
+The files in the Unicode Character Database can be redistributed
+to third parties or other organizations (whether for profit or not)
+as long as this notice and the disclaimer notice are retained.
+Information can be extracted from these files and used in documentation
+or programs, as long as there is an accompanying notice indicating
+the source.
+
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/UnicodeData.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/UnicodeData.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/UnicodeData.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,13874 @@
+0000;<control>;Cc;0;BN;;;;;N;NULL;;;;
+0001;<control>;Cc;0;BN;;;;;N;START OF HEADING;;;;
+0002;<control>;Cc;0;BN;;;;;N;START OF TEXT;;;;
+0003;<control>;Cc;0;BN;;;;;N;END OF TEXT;;;;
+0004;<control>;Cc;0;BN;;;;;N;END OF TRANSMISSION;;;;
+0005;<control>;Cc;0;BN;;;;;N;ENQUIRY;;;;
+0006;<control>;Cc;0;BN;;;;;N;ACKNOWLEDGE;;;;
+0007;<control>;Cc;0;BN;;;;;N;BELL;;;;
+0008;<control>;Cc;0;BN;;;;;N;BACKSPACE;;;;
+0009;<control>;Cc;0;S;;;;;N;CHARACTER TABULATION;;;;
+000A;<control>;Cc;0;B;;;;;N;LINE FEED (LF);;;;
+000B;<control>;Cc;0;S;;;;;N;LINE TABULATION;;;;
+000C;<control>;Cc;0;WS;;;;;N;FORM FEED (FF);;;;
+000D;<control>;Cc;0;B;;;;;N;CARRIAGE RETURN (CR);;;;
+000E;<control>;Cc;0;BN;;;;;N;SHIFT OUT;;;;
+000F;<control>;Cc;0;BN;;;;;N;SHIFT IN;;;;
+0010;<control>;Cc;0;BN;;;;;N;DATA LINK ESCAPE;;;;
+0011;<control>;Cc;0;BN;;;;;N;DEVICE CONTROL ONE;;;;
+0012;<control>;Cc;0;BN;;;;;N;DEVICE CONTROL TWO;;;;
+0013;<control>;Cc;0;BN;;;;;N;DEVICE CONTROL THREE;;;;
+0014;<control>;Cc;0;BN;;;;;N;DEVICE CONTROL FOUR;;;;
+0015;<control>;Cc;0;BN;;;;;N;NEGATIVE ACKNOWLEDGE;;;;
+0016;<control>;Cc;0;BN;;;;;N;SYNCHRONOUS IDLE;;;;
+0017;<control>;Cc;0;BN;;;;;N;END OF TRANSMISSION BLOCK;;;;
+0018;<control>;Cc;0;BN;;;;;N;CANCEL;;;;
+0019;<control>;Cc;0;BN;;;;;N;END OF MEDIUM;;;;
+001A;<control>;Cc;0;BN;;;;;N;SUBSTITUTE;;;;
+001B;<control>;Cc;0;BN;;;;;N;ESCAPE;;;;
+001C;<control>;Cc;0;B;;;;;N;INFORMATION SEPARATOR FOUR;;;;
+001D;<control>;Cc;0;B;;;;;N;INFORMATION SEPARATOR THREE;;;;
+001E;<control>;Cc;0;B;;;;;N;INFORMATION SEPARATOR TWO;;;;
+001F;<control>;Cc;0;S;;;;;N;INFORMATION SEPARATOR ONE;;;;
+0020;SPACE;Zs;0;WS;;;;;N;;;;;
+0021;EXCLAMATION MARK;Po;0;ON;;;;;N;;;;;
+0022;QUOTATION MARK;Po;0;ON;;;;;N;;;;;
+0023;NUMBER SIGN;Po;0;ET;;;;;N;;;;;
+0024;DOLLAR SIGN;Sc;0;ET;;;;;N;;;;;
+0025;PERCENT SIGN;Po;0;ET;;;;;N;;;;;
+0026;AMPERSAND;Po;0;ON;;;;;N;;;;;
+0027;APOSTROPHE;Po;0;ON;;;;;N;APOSTROPHE-QUOTE;;;;
+0028;LEFT PARENTHESIS;Ps;0;ON;;;;;Y;OPENING PARENTHESIS;;;;
+0029;RIGHT PARENTHESIS;Pe;0;ON;;;;;Y;CLOSING PARENTHESIS;;;;
+002A;ASTERISK;Po;0;ON;;;;;N;;;;;
+002B;PLUS SIGN;Sm;0;ET;;;;;N;;;;;
+002C;COMMA;Po;0;CS;;;;;N;;;;;
+002D;HYPHEN-MINUS;Pd;0;ET;;;;;N;;;;;
+002E;FULL STOP;Po;0;CS;;;;;N;PERIOD;;;;
+002F;SOLIDUS;Po;0;ES;;;;;N;SLASH;;;;
+0030;DIGIT ZERO;Nd;0;EN;;0;0;0;N;;;;;
+0031;DIGIT ONE;Nd;0;EN;;1;1;1;N;;;;;
+0032;DIGIT TWO;Nd;0;EN;;2;2;2;N;;;;;
+0033;DIGIT THREE;Nd;0;EN;;3;3;3;N;;;;;
+0034;DIGIT FOUR;Nd;0;EN;;4;4;4;N;;;;;
+0035;DIGIT FIVE;Nd;0;EN;;5;5;5;N;;;;;
+0036;DIGIT SIX;Nd;0;EN;;6;6;6;N;;;;;
+0037;DIGIT SEVEN;Nd;0;EN;;7;7;7;N;;;;;
+0038;DIGIT EIGHT;Nd;0;EN;;8;8;8;N;;;;;
+0039;DIGIT NINE;Nd;0;EN;;9;9;9;N;;;;;
+003A;COLON;Po;0;CS;;;;;N;;;;;
+003B;SEMICOLON;Po;0;ON;;;;;N;;;;;
+003C;LESS-THAN SIGN;Sm;0;ON;;;;;Y;;;;;
+003D;EQUALS SIGN;Sm;0;ON;;;;;N;;;;;
+003E;GREATER-THAN SIGN;Sm;0;ON;;;;;Y;;;;;
+003F;QUESTION MARK;Po;0;ON;;;;;N;;;;;
+0040;COMMERCIAL AT;Po;0;ON;;;;;N;;;;;
+0041;LATIN CAPITAL LETTER A;Lu;0;L;;;;;N;;;;0061;
+0042;LATIN CAPITAL LETTER B;Lu;0;L;;;;;N;;;;0062;
+0043;LATIN CAPITAL LETTER C;Lu;0;L;;;;;N;;;;0063;
+0044;LATIN CAPITAL LETTER D;Lu;0;L;;;;;N;;;;0064;
+0045;LATIN CAPITAL LETTER E;Lu;0;L;;;;;N;;;;0065;
+0046;LATIN CAPITAL LETTER F;Lu;0;L;;;;;N;;;;0066;
+0047;LATIN CAPITAL LETTER G;Lu;0;L;;;;;N;;;;0067;
+0048;LATIN CAPITAL LETTER H;Lu;0;L;;;;;N;;;;0068;
+0049;LATIN CAPITAL LETTER I;Lu;0;L;;;;;N;;;;0069;
+004A;LATIN CAPITAL LETTER J;Lu;0;L;;;;;N;;;;006A;
+004B;LATIN CAPITAL LETTER K;Lu;0;L;;;;;N;;;;006B;
+004C;LATIN CAPITAL LETTER L;Lu;0;L;;;;;N;;;;006C;
+004D;LATIN CAPITAL LETTER M;Lu;0;L;;;;;N;;;;006D;
+004E;LATIN CAPITAL LETTER N;Lu;0;L;;;;;N;;;;006E;
+004F;LATIN CAPITAL LETTER O;Lu;0;L;;;;;N;;;;006F;
+0050;LATIN CAPITAL LETTER P;Lu;0;L;;;;;N;;;;0070;
+0051;LATIN CAPITAL LETTER Q;Lu;0;L;;;;;N;;;;0071;
+0052;LATIN CAPITAL LETTER R;Lu;0;L;;;;;N;;;;0072;
+0053;LATIN CAPITAL LETTER S;Lu;0;L;;;;;N;;;;0073;
+0054;LATIN CAPITAL LETTER T;Lu;0;L;;;;;N;;;;0074;
+0055;LATIN CAPITAL LETTER U;Lu;0;L;;;;;N;;;;0075;
+0056;LATIN CAPITAL LETTER V;Lu;0;L;;;;;N;;;;0076;
+0057;LATIN CAPITAL LETTER W;Lu;0;L;;;;;N;;;;0077;
+0058;LATIN CAPITAL LETTER X;Lu;0;L;;;;;N;;;;0078;
+0059;LATIN CAPITAL LETTER Y;Lu;0;L;;;;;N;;;;0079;
+005A;LATIN CAPITAL LETTER Z;Lu;0;L;;;;;N;;;;007A;
+005B;LEFT SQUARE BRACKET;Ps;0;ON;;;;;Y;OPENING SQUARE BRACKET;;;;
+005C;REVERSE SOLIDUS;Po;0;ON;;;;;N;BACKSLASH;;;;
+005D;RIGHT SQUARE BRACKET;Pe;0;ON;;;;;Y;CLOSING SQUARE BRACKET;;;;
+005E;CIRCUMFLEX ACCENT;Sk;0;ON;;;;;N;SPACING CIRCUMFLEX;;;;
+005F;LOW LINE;Pc;0;ON;;;;;N;SPACING UNDERSCORE;;;;
+0060;GRAVE ACCENT;Sk;0;ON;;;;;N;SPACING GRAVE;;;;
+0061;LATIN SMALL LETTER A;Ll;0;L;;;;;N;;;0041;;0041
+0062;LATIN SMALL LETTER B;Ll;0;L;;;;;N;;;0042;;0042
+0063;LATIN SMALL LETTER C;Ll;0;L;;;;;N;;;0043;;0043
+0064;LATIN SMALL LETTER D;Ll;0;L;;;;;N;;;0044;;0044
+0065;LATIN SMALL LETTER E;Ll;0;L;;;;;N;;;0045;;0045
+0066;LATIN SMALL LETTER F;Ll;0;L;;;;;N;;;0046;;0046
+0067;LATIN SMALL LETTER G;Ll;0;L;;;;;N;;;0047;;0047
+0068;LATIN SMALL LETTER H;Ll;0;L;;;;;N;;;0048;;0048
+0069;LATIN SMALL LETTER I;Ll;0;L;;;;;N;;;0049;;0049
+006A;LATIN SMALL LETTER J;Ll;0;L;;;;;N;;;004A;;004A
+006B;LATIN SMALL LETTER K;Ll;0;L;;;;;N;;;004B;;004B
+006C;LATIN SMALL LETTER L;Ll;0;L;;;;;N;;;004C;;004C
+006D;LATIN SMALL LETTER M;Ll;0;L;;;;;N;;;004D;;004D
+006E;LATIN SMALL LETTER N;Ll;0;L;;;;;N;;;004E;;004E
+006F;LATIN SMALL LETTER O;Ll;0;L;;;;;N;;;004F;;004F
+0070;LATIN SMALL LETTER P;Ll;0;L;;;;;N;;;0050;;0050
+0071;LATIN SMALL LETTER Q;Ll;0;L;;;;;N;;;0051;;0051
+0072;LATIN SMALL LETTER R;Ll;0;L;;;;;N;;;0052;;0052
+0073;LATIN SMALL LETTER S;Ll;0;L;;;;;N;;;0053;;0053
+0074;LATIN SMALL LETTER T;Ll;0;L;;;;;N;;;0054;;0054
+0075;LATIN SMALL LETTER U;Ll;0;L;;;;;N;;;0055;;0055
+0076;LATIN SMALL LETTER V;Ll;0;L;;;;;N;;;0056;;0056
+0077;LATIN SMALL LETTER W;Ll;0;L;;;;;N;;;0057;;0057
+0078;LATIN SMALL LETTER X;Ll;0;L;;;;;N;;;0058;;0058
+0079;LATIN SMALL LETTER Y;Ll;0;L;;;;;N;;;0059;;0059
+007A;LATIN SMALL LETTER Z;Ll;0;L;;;;;N;;;005A;;005A
+007B;LEFT CURLY BRACKET;Ps;0;ON;;;;;Y;OPENING CURLY BRACKET;;;;
+007C;VERTICAL LINE;Sm;0;ON;;;;;N;VERTICAL BAR;;;;
+007D;RIGHT CURLY BRACKET;Pe;0;ON;;;;;Y;CLOSING CURLY BRACKET;;;;
+007E;TILDE;Sm;0;ON;;;;;N;;;;;
+007F;<control>;Cc;0;BN;;;;;N;DELETE;;;;
+0080;<control>;Cc;0;BN;;;;;N;;;;;
+0081;<control>;Cc;0;BN;;;;;N;;;;;
+0082;<control>;Cc;0;BN;;;;;N;BREAK PERMITTED HERE;;;;
+0083;<control>;Cc;0;BN;;;;;N;NO BREAK HERE;;;;
+0084;<control>;Cc;0;BN;;;;;N;;;;;
+0085;<control>;Cc;0;B;;;;;N;NEXT LINE (NEL);;;;
+0086;<control>;Cc;0;BN;;;;;N;START OF SELECTED AREA;;;;
+0087;<control>;Cc;0;BN;;;;;N;END OF SELECTED AREA;;;;
+0088;<control>;Cc;0;BN;;;;;N;CHARACTER TABULATION SET;;;;
+0089;<control>;Cc;0;BN;;;;;N;CHARACTER TABULATION WITH JUSTIFICATION;;;;
+008A;<control>;Cc;0;BN;;;;;N;LINE TABULATION SET;;;;
+008B;<control>;Cc;0;BN;;;;;N;PARTIAL LINE FORWARD;;;;
+008C;<control>;Cc;0;BN;;;;;N;PARTIAL LINE BACKWARD;;;;
+008D;<control>;Cc;0;BN;;;;;N;REVERSE LINE FEED;;;;
+008E;<control>;Cc;0;BN;;;;;N;SINGLE SHIFT TWO;;;;
+008F;<control>;Cc;0;BN;;;;;N;SINGLE SHIFT THREE;;;;
+0090;<control>;Cc;0;BN;;;;;N;DEVICE CONTROL STRING;;;;
+0091;<control>;Cc;0;BN;;;;;N;PRIVATE USE ONE;;;;
+0092;<control>;Cc;0;BN;;;;;N;PRIVATE USE TWO;;;;
+0093;<control>;Cc;0;BN;;;;;N;SET TRANSMIT STATE;;;;
+0094;<control>;Cc;0;BN;;;;;N;CANCEL CHARACTER;;;;
+0095;<control>;Cc;0;BN;;;;;N;MESSAGE WAITING;;;;
+0096;<control>;Cc;0;BN;;;;;N;START OF GUARDED AREA;;;;
+0097;<control>;Cc;0;BN;;;;;N;END OF GUARDED AREA;;;;
+0098;<control>;Cc;0;BN;;;;;N;START OF STRING;;;;
+0099;<control>;Cc;0;BN;;;;;N;;;;;
+009A;<control>;Cc;0;BN;;;;;N;SINGLE CHARACTER INTRODUCER;;;;
+009B;<control>;Cc;0;BN;;;;;N;CONTROL SEQUENCE INTRODUCER;;;;
+009C;<control>;Cc;0;BN;;;;;N;STRING TERMINATOR;;;;
+009D;<control>;Cc;0;BN;;;;;N;OPERATING SYSTEM COMMAND;;;;
+009E;<control>;Cc;0;BN;;;;;N;PRIVACY MESSAGE;;;;
+009F;<control>;Cc;0;BN;;;;;N;APPLICATION PROGRAM COMMAND;;;;
+00A0;NO-BREAK SPACE;Zs;0;CS;<noBreak> 0020;;;;N;NON-BREAKING SPACE;;;;
+00A1;INVERTED EXCLAMATION MARK;Po;0;ON;;;;;N;;;;;
+00A2;CENT SIGN;Sc;0;ET;;;;;N;;;;;
+00A3;POUND SIGN;Sc;0;ET;;;;;N;;;;;
+00A4;CURRENCY SIGN;Sc;0;ET;;;;;N;;;;;
+00A5;YEN SIGN;Sc;0;ET;;;;;N;;;;;
+00A6;BROKEN BAR;So;0;ON;;;;;N;BROKEN VERTICAL BAR;;;;
+00A7;SECTION SIGN;So;0;ON;;;;;N;;;;;
+00A8;DIAERESIS;Sk;0;ON;<compat> 0020 0308;;;;N;SPACING DIAERESIS;;;;
+00A9;COPYRIGHT SIGN;So;0;ON;;;;;N;;;;;
+00AA;FEMININE ORDINAL INDICATOR;Ll;0;L;<super> 0061;;;;N;;;;;
+00AB;LEFT-POINTING DOUBLE ANGLE QUOTATION MARK;Pi;0;ON;;;;;Y;LEFT POINTING GUILLEMET;*;;;
+00AC;NOT SIGN;Sm;0;ON;;;;;N;;;;;
+00AD;SOFT HYPHEN;Pd;0;ON;;;;;N;;;;;
+00AE;REGISTERED SIGN;So;0;ON;;;;;N;REGISTERED TRADE MARK SIGN;;;;
+00AF;MACRON;Sk;0;ON;<compat> 0020 0304;;;;N;SPACING MACRON;;;;
+00B0;DEGREE SIGN;So;0;ET;;;;;N;;;;;
+00B1;PLUS-MINUS SIGN;Sm;0;ET;;;;;N;PLUS-OR-MINUS SIGN;;;;
+00B2;SUPERSCRIPT TWO;No;0;EN;<super> 0032;2;2;2;N;SUPERSCRIPT DIGIT TWO;;;;
+00B3;SUPERSCRIPT THREE;No;0;EN;<super> 0033;3;3;3;N;SUPERSCRIPT DIGIT THREE;;;;
+00B4;ACUTE ACCENT;Sk;0;ON;<compat> 0020 0301;;;;N;SPACING ACUTE;;;;
+00B5;MICRO SIGN;Ll;0;L;<compat> 03BC;;;;N;;;039C;;039C
+00B6;PILCROW SIGN;So;0;ON;;;;;N;PARAGRAPH SIGN;;;;
+00B7;MIDDLE DOT;Po;0;ON;;;;;N;;;;;
+00B8;CEDILLA;Sk;0;ON;<compat> 0020 0327;;;;N;SPACING CEDILLA;;;;
+00B9;SUPERSCRIPT ONE;No;0;EN;<super> 0031;1;1;1;N;SUPERSCRIPT DIGIT ONE;;;;
+00BA;MASCULINE ORDINAL INDICATOR;Ll;0;L;<super> 006F;;;;N;;;;;
+00BB;RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK;Pf;0;ON;;;;;Y;RIGHT POINTING GUILLEMET;*;;;
+00BC;VULGAR FRACTION ONE QUARTER;No;0;ON;<fraction> 0031 2044 0034;;;1/4;N;FRACTION ONE QUARTER;;;;
+00BD;VULGAR FRACTION ONE HALF;No;0;ON;<fraction> 0031 2044 0032;;;1/2;N;FRACTION ONE HALF;;;;
+00BE;VULGAR FRACTION THREE QUARTERS;No;0;ON;<fraction> 0033 2044 0034;;;3/4;N;FRACTION THREE QUARTERS;;;;
+00BF;INVERTED QUESTION MARK;Po;0;ON;;;;;N;;;;;
+00C0;LATIN CAPITAL LETTER A WITH GRAVE;Lu;0;L;0041 0300;;;;N;LATIN CAPITAL LETTER A GRAVE;;;00E0;
+00C1;LATIN CAPITAL LETTER A WITH ACUTE;Lu;0;L;0041 0301;;;;N;LATIN CAPITAL LETTER A ACUTE;;;00E1;
+00C2;LATIN CAPITAL LETTER A WITH CIRCUMFLEX;Lu;0;L;0041 0302;;;;N;LATIN CAPITAL LETTER A CIRCUMFLEX;;;00E2;
+00C3;LATIN CAPITAL LETTER A WITH TILDE;Lu;0;L;0041 0303;;;;N;LATIN CAPITAL LETTER A TILDE;;;00E3;
+00C4;LATIN CAPITAL LETTER A WITH DIAERESIS;Lu;0;L;0041 0308;;;;N;LATIN CAPITAL LETTER A DIAERESIS;;;00E4;
+00C5;LATIN CAPITAL LETTER A WITH RING ABOVE;Lu;0;L;0041 030A;;;;N;LATIN CAPITAL LETTER A RING;;;00E5;
+00C6;LATIN CAPITAL LETTER AE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER A E;ash *;;00E6;
+00C7;LATIN CAPITAL LETTER C WITH CEDILLA;Lu;0;L;0043 0327;;;;N;LATIN CAPITAL LETTER C CEDILLA;;;00E7;
+00C8;LATIN CAPITAL LETTER E WITH GRAVE;Lu;0;L;0045 0300;;;;N;LATIN CAPITAL LETTER E GRAVE;;;00E8;
+00C9;LATIN CAPITAL LETTER E WITH ACUTE;Lu;0;L;0045 0301;;;;N;LATIN CAPITAL LETTER E ACUTE;;;00E9;
+00CA;LATIN CAPITAL LETTER E WITH CIRCUMFLEX;Lu;0;L;0045 0302;;;;N;LATIN CAPITAL LETTER E CIRCUMFLEX;;;00EA;
+00CB;LATIN CAPITAL LETTER E WITH DIAERESIS;Lu;0;L;0045 0308;;;;N;LATIN CAPITAL LETTER E DIAERESIS;;;00EB;
+00CC;LATIN CAPITAL LETTER I WITH GRAVE;Lu;0;L;0049 0300;;;;N;LATIN CAPITAL LETTER I GRAVE;;;00EC;
+00CD;LATIN CAPITAL LETTER I WITH ACUTE;Lu;0;L;0049 0301;;;;N;LATIN CAPITAL LETTER I ACUTE;;;00ED;
+00CE;LATIN CAPITAL LETTER I WITH CIRCUMFLEX;Lu;0;L;0049 0302;;;;N;LATIN CAPITAL LETTER I CIRCUMFLEX;;;00EE;
+00CF;LATIN CAPITAL LETTER I WITH DIAERESIS;Lu;0;L;0049 0308;;;;N;LATIN CAPITAL LETTER I DIAERESIS;;;00EF;
+00D0;LATIN CAPITAL LETTER ETH;Lu;0;L;;;;;N;;Icelandic;;00F0;
+00D1;LATIN CAPITAL LETTER N WITH TILDE;Lu;0;L;004E 0303;;;;N;LATIN CAPITAL LETTER N TILDE;;;00F1;
+00D2;LATIN CAPITAL LETTER O WITH GRAVE;Lu;0;L;004F 0300;;;;N;LATIN CAPITAL LETTER O GRAVE;;;00F2;
+00D3;LATIN CAPITAL LETTER O WITH ACUTE;Lu;0;L;004F 0301;;;;N;LATIN CAPITAL LETTER O ACUTE;;;00F3;
+00D4;LATIN CAPITAL LETTER O WITH CIRCUMFLEX;Lu;0;L;004F 0302;;;;N;LATIN CAPITAL LETTER O CIRCUMFLEX;;;00F4;
+00D5;LATIN CAPITAL LETTER O WITH TILDE;Lu;0;L;004F 0303;;;;N;LATIN CAPITAL LETTER O TILDE;;;00F5;
+00D6;LATIN CAPITAL LETTER O WITH DIAERESIS;Lu;0;L;004F 0308;;;;N;LATIN CAPITAL LETTER O DIAERESIS;;;00F6;
+00D7;MULTIPLICATION SIGN;Sm;0;ON;;;;;N;;;;;
+00D8;LATIN CAPITAL LETTER O WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER O SLASH;;;00F8;
+00D9;LATIN CAPITAL LETTER U WITH GRAVE;Lu;0;L;0055 0300;;;;N;LATIN CAPITAL LETTER U GRAVE;;;00F9;
+00DA;LATIN CAPITAL LETTER U WITH ACUTE;Lu;0;L;0055 0301;;;;N;LATIN CAPITAL LETTER U ACUTE;;;00FA;
+00DB;LATIN CAPITAL LETTER U WITH CIRCUMFLEX;Lu;0;L;0055 0302;;;;N;LATIN CAPITAL LETTER U CIRCUMFLEX;;;00FB;
+00DC;LATIN CAPITAL LETTER U WITH DIAERESIS;Lu;0;L;0055 0308;;;;N;LATIN CAPITAL LETTER U DIAERESIS;;;00FC;
+00DD;LATIN CAPITAL LETTER Y WITH ACUTE;Lu;0;L;0059 0301;;;;N;LATIN CAPITAL LETTER Y ACUTE;;;00FD;
+00DE;LATIN CAPITAL LETTER THORN;Lu;0;L;;;;;N;;Icelandic;;00FE;
+00DF;LATIN SMALL LETTER SHARP S;Ll;0;L;;;;;N;;German;;;
+00E0;LATIN SMALL LETTER A WITH GRAVE;Ll;0;L;0061 0300;;;;N;LATIN SMALL LETTER A GRAVE;;00C0;;00C0
+00E1;LATIN SMALL LETTER A WITH ACUTE;Ll;0;L;0061 0301;;;;N;LATIN SMALL LETTER A ACUTE;;00C1;;00C1
+00E2;LATIN SMALL LETTER A WITH CIRCUMFLEX;Ll;0;L;0061 0302;;;;N;LATIN SMALL LETTER A CIRCUMFLEX;;00C2;;00C2
+00E3;LATIN SMALL LETTER A WITH TILDE;Ll;0;L;0061 0303;;;;N;LATIN SMALL LETTER A TILDE;;00C3;;00C3
+00E4;LATIN SMALL LETTER A WITH DIAERESIS;Ll;0;L;0061 0308;;;;N;LATIN SMALL LETTER A DIAERESIS;;00C4;;00C4
+00E5;LATIN SMALL LETTER A WITH RING ABOVE;Ll;0;L;0061 030A;;;;N;LATIN SMALL LETTER A RING;;00C5;;00C5
+00E6;LATIN SMALL LETTER AE;Ll;0;L;;;;;N;LATIN SMALL LETTER A E;ash *;00C6;;00C6
+00E7;LATIN SMALL LETTER C WITH CEDILLA;Ll;0;L;0063 0327;;;;N;LATIN SMALL LETTER C CEDILLA;;00C7;;00C7
+00E8;LATIN SMALL LETTER E WITH GRAVE;Ll;0;L;0065 0300;;;;N;LATIN SMALL LETTER E GRAVE;;00C8;;00C8
+00E9;LATIN SMALL LETTER E WITH ACUTE;Ll;0;L;0065 0301;;;;N;LATIN SMALL LETTER E ACUTE;;00C9;;00C9
+00EA;LATIN SMALL LETTER E WITH CIRCUMFLEX;Ll;0;L;0065 0302;;;;N;LATIN SMALL LETTER E CIRCUMFLEX;;00CA;;00CA
+00EB;LATIN SMALL LETTER E WITH DIAERESIS;Ll;0;L;0065 0308;;;;N;LATIN SMALL LETTER E DIAERESIS;;00CB;;00CB
+00EC;LATIN SMALL LETTER I WITH GRAVE;Ll;0;L;0069 0300;;;;N;LATIN SMALL LETTER I GRAVE;;00CC;;00CC
+00ED;LATIN SMALL LETTER I WITH ACUTE;Ll;0;L;0069 0301;;;;N;LATIN SMALL LETTER I ACUTE;;00CD;;00CD
+00EE;LATIN SMALL LETTER I WITH CIRCUMFLEX;Ll;0;L;0069 0302;;;;N;LATIN SMALL LETTER I CIRCUMFLEX;;00CE;;00CE
+00EF;LATIN SMALL LETTER I WITH DIAERESIS;Ll;0;L;0069 0308;;;;N;LATIN SMALL LETTER I DIAERESIS;;00CF;;00CF
+00F0;LATIN SMALL LETTER ETH;Ll;0;L;;;;;N;;Icelandic;00D0;;00D0
+00F1;LATIN SMALL LETTER N WITH TILDE;Ll;0;L;006E 0303;;;;N;LATIN SMALL LETTER N TILDE;;00D1;;00D1
+00F2;LATIN SMALL LETTER O WITH GRAVE;Ll;0;L;006F 0300;;;;N;LATIN SMALL LETTER O GRAVE;;00D2;;00D2
+00F3;LATIN SMALL LETTER O WITH ACUTE;Ll;0;L;006F 0301;;;;N;LATIN SMALL LETTER O ACUTE;;00D3;;00D3
+00F4;LATIN SMALL LETTER O WITH CIRCUMFLEX;Ll;0;L;006F 0302;;;;N;LATIN SMALL LETTER O CIRCUMFLEX;;00D4;;00D4
+00F5;LATIN SMALL LETTER O WITH TILDE;Ll;0;L;006F 0303;;;;N;LATIN SMALL LETTER O TILDE;;00D5;;00D5
+00F6;LATIN SMALL LETTER O WITH DIAERESIS;Ll;0;L;006F 0308;;;;N;LATIN SMALL LETTER O DIAERESIS;;00D6;;00D6
+00F7;DIVISION SIGN;Sm;0;ON;;;;;N;;;;;
+00F8;LATIN SMALL LETTER O WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER O SLASH;;00D8;;00D8
+00F9;LATIN SMALL LETTER U WITH GRAVE;Ll;0;L;0075 0300;;;;N;LATIN SMALL LETTER U GRAVE;;00D9;;00D9
+00FA;LATIN SMALL LETTER U WITH ACUTE;Ll;0;L;0075 0301;;;;N;LATIN SMALL LETTER U ACUTE;;00DA;;00DA
+00FB;LATIN SMALL LETTER U WITH CIRCUMFLEX;Ll;0;L;0075 0302;;;;N;LATIN SMALL LETTER U CIRCUMFLEX;;00DB;;00DB
+00FC;LATIN SMALL LETTER U WITH DIAERESIS;Ll;0;L;0075 0308;;;;N;LATIN SMALL LETTER U DIAERESIS;;00DC;;00DC
+00FD;LATIN SMALL LETTER Y WITH ACUTE;Ll;0;L;0079 0301;;;;N;LATIN SMALL LETTER Y ACUTE;;00DD;;00DD
+00FE;LATIN SMALL LETTER THORN;Ll;0;L;;;;;N;;Icelandic;00DE;;00DE
+00FF;LATIN SMALL LETTER Y WITH DIAERESIS;Ll;0;L;0079 0308;;;;N;LATIN SMALL LETTER Y DIAERESIS;;0178;;0178
+0100;LATIN CAPITAL LETTER A WITH MACRON;Lu;0;L;0041 0304;;;;N;LATIN CAPITAL LETTER A MACRON;;;0101;
+0101;LATIN SMALL LETTER A WITH MACRON;Ll;0;L;0061 0304;;;;N;LATIN SMALL LETTER A MACRON;;0100;;0100
+0102;LATIN CAPITAL LETTER A WITH BREVE;Lu;0;L;0041 0306;;;;N;LATIN CAPITAL LETTER A BREVE;;;0103;
+0103;LATIN SMALL LETTER A WITH BREVE;Ll;0;L;0061 0306;;;;N;LATIN SMALL LETTER A BREVE;;0102;;0102
+0104;LATIN CAPITAL LETTER A WITH OGONEK;Lu;0;L;0041 0328;;;;N;LATIN CAPITAL LETTER A OGONEK;;;0105;
+0105;LATIN SMALL LETTER A WITH OGONEK;Ll;0;L;0061 0328;;;;N;LATIN SMALL LETTER A OGONEK;;0104;;0104
+0106;LATIN CAPITAL LETTER C WITH ACUTE;Lu;0;L;0043 0301;;;;N;LATIN CAPITAL LETTER C ACUTE;;;0107;
+0107;LATIN SMALL LETTER C WITH ACUTE;Ll;0;L;0063 0301;;;;N;LATIN SMALL LETTER C ACUTE;;0106;;0106
+0108;LATIN CAPITAL LETTER C WITH CIRCUMFLEX;Lu;0;L;0043 0302;;;;N;LATIN CAPITAL LETTER C CIRCUMFLEX;;;0109;
+0109;LATIN SMALL LETTER C WITH CIRCUMFLEX;Ll;0;L;0063 0302;;;;N;LATIN SMALL LETTER C CIRCUMFLEX;;0108;;0108
+010A;LATIN CAPITAL LETTER C WITH DOT ABOVE;Lu;0;L;0043 0307;;;;N;LATIN CAPITAL LETTER C DOT;;;010B;
+010B;LATIN SMALL LETTER C WITH DOT ABOVE;Ll;0;L;0063 0307;;;;N;LATIN SMALL LETTER C DOT;;010A;;010A
+010C;LATIN CAPITAL LETTER C WITH CARON;Lu;0;L;0043 030C;;;;N;LATIN CAPITAL LETTER C HACEK;;;010D;
+010D;LATIN SMALL LETTER C WITH CARON;Ll;0;L;0063 030C;;;;N;LATIN SMALL LETTER C HACEK;;010C;;010C
+010E;LATIN CAPITAL LETTER D WITH CARON;Lu;0;L;0044 030C;;;;N;LATIN CAPITAL LETTER D HACEK;;;010F;
+010F;LATIN SMALL LETTER D WITH CARON;Ll;0;L;0064 030C;;;;N;LATIN SMALL LETTER D HACEK;;010E;;010E
+0110;LATIN CAPITAL LETTER D WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER D BAR;;;0111;
+0111;LATIN SMALL LETTER D WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER D BAR;;0110;;0110
+0112;LATIN CAPITAL LETTER E WITH MACRON;Lu;0;L;0045 0304;;;;N;LATIN CAPITAL LETTER E MACRON;;;0113;
+0113;LATIN SMALL LETTER E WITH MACRON;Ll;0;L;0065 0304;;;;N;LATIN SMALL LETTER E MACRON;;0112;;0112
+0114;LATIN CAPITAL LETTER E WITH BREVE;Lu;0;L;0045 0306;;;;N;LATIN CAPITAL LETTER E BREVE;;;0115;
+0115;LATIN SMALL LETTER E WITH BREVE;Ll;0;L;0065 0306;;;;N;LATIN SMALL LETTER E BREVE;;0114;;0114
+0116;LATIN CAPITAL LETTER E WITH DOT ABOVE;Lu;0;L;0045 0307;;;;N;LATIN CAPITAL LETTER E DOT;;;0117;
+0117;LATIN SMALL LETTER E WITH DOT ABOVE;Ll;0;L;0065 0307;;;;N;LATIN SMALL LETTER E DOT;;0116;;0116
+0118;LATIN CAPITAL LETTER E WITH OGONEK;Lu;0;L;0045 0328;;;;N;LATIN CAPITAL LETTER E OGONEK;;;0119;
+0119;LATIN SMALL LETTER E WITH OGONEK;Ll;0;L;0065 0328;;;;N;LATIN SMALL LETTER E OGONEK;;0118;;0118
+011A;LATIN CAPITAL LETTER E WITH CARON;Lu;0;L;0045 030C;;;;N;LATIN CAPITAL LETTER E HACEK;;;011B;
+011B;LATIN SMALL LETTER E WITH CARON;Ll;0;L;0065 030C;;;;N;LATIN SMALL LETTER E HACEK;;011A;;011A
+011C;LATIN CAPITAL LETTER G WITH CIRCUMFLEX;Lu;0;L;0047 0302;;;;N;LATIN CAPITAL LETTER G CIRCUMFLEX;;;011D;
+011D;LATIN SMALL LETTER G WITH CIRCUMFLEX;Ll;0;L;0067 0302;;;;N;LATIN SMALL LETTER G CIRCUMFLEX;;011C;;011C
+011E;LATIN CAPITAL LETTER G WITH BREVE;Lu;0;L;0047 0306;;;;N;LATIN CAPITAL LETTER G BREVE;;;011F;
+011F;LATIN SMALL LETTER G WITH BREVE;Ll;0;L;0067 0306;;;;N;LATIN SMALL LETTER G BREVE;;011E;;011E
+0120;LATIN CAPITAL LETTER G WITH DOT ABOVE;Lu;0;L;0047 0307;;;;N;LATIN CAPITAL LETTER G DOT;;;0121;
+0121;LATIN SMALL LETTER G WITH DOT ABOVE;Ll;0;L;0067 0307;;;;N;LATIN SMALL LETTER G DOT;;0120;;0120
+0122;LATIN CAPITAL LETTER G WITH CEDILLA;Lu;0;L;0047 0327;;;;N;LATIN CAPITAL LETTER G CEDILLA;;;0123;
+0123;LATIN SMALL LETTER G WITH CEDILLA;Ll;0;L;0067 0327;;;;N;LATIN SMALL LETTER G CEDILLA;;0122;;0122
+0124;LATIN CAPITAL LETTER H WITH CIRCUMFLEX;Lu;0;L;0048 0302;;;;N;LATIN CAPITAL LETTER H CIRCUMFLEX;;;0125;
+0125;LATIN SMALL LETTER H WITH CIRCUMFLEX;Ll;0;L;0068 0302;;;;N;LATIN SMALL LETTER H CIRCUMFLEX;;0124;;0124
+0126;LATIN CAPITAL LETTER H WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER H BAR;;;0127;
+0127;LATIN SMALL LETTER H WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER H BAR;;0126;;0126
+0128;LATIN CAPITAL LETTER I WITH TILDE;Lu;0;L;0049 0303;;;;N;LATIN CAPITAL LETTER I TILDE;;;0129;
+0129;LATIN SMALL LETTER I WITH TILDE;Ll;0;L;0069 0303;;;;N;LATIN SMALL LETTER I TILDE;;0128;;0128
+012A;LATIN CAPITAL LETTER I WITH MACRON;Lu;0;L;0049 0304;;;;N;LATIN CAPITAL LETTER I MACRON;;;012B;
+012B;LATIN SMALL LETTER I WITH MACRON;Ll;0;L;0069 0304;;;;N;LATIN SMALL LETTER I MACRON;;012A;;012A
+012C;LATIN CAPITAL LETTER I WITH BREVE;Lu;0;L;0049 0306;;;;N;LATIN CAPITAL LETTER I BREVE;;;012D;
+012D;LATIN SMALL LETTER I WITH BREVE;Ll;0;L;0069 0306;;;;N;LATIN SMALL LETTER I BREVE;;012C;;012C
+012E;LATIN CAPITAL LETTER I WITH OGONEK;Lu;0;L;0049 0328;;;;N;LATIN CAPITAL LETTER I OGONEK;;;012F;
+012F;LATIN SMALL LETTER I WITH OGONEK;Ll;0;L;0069 0328;;;;N;LATIN SMALL LETTER I OGONEK;;012E;;012E
+0130;LATIN CAPITAL LETTER I WITH DOT ABOVE;Lu;0;L;0049 0307;;;;N;LATIN CAPITAL LETTER I DOT;;;0069;
+0131;LATIN SMALL LETTER DOTLESS I;Ll;0;L;;;;;N;;;0049;;0049
+0132;LATIN CAPITAL LIGATURE IJ;Lu;0;L;<compat> 0049 004A;;;;N;LATIN CAPITAL LETTER I J;;;0133;
+0133;LATIN SMALL LIGATURE IJ;Ll;0;L;<compat> 0069 006A;;;;N;LATIN SMALL LETTER I J;;0132;;0132
+0134;LATIN CAPITAL LETTER J WITH CIRCUMFLEX;Lu;0;L;004A 0302;;;;N;LATIN CAPITAL LETTER J CIRCUMFLEX;;;0135;
+0135;LATIN SMALL LETTER J WITH CIRCUMFLEX;Ll;0;L;006A 0302;;;;N;LATIN SMALL LETTER J CIRCUMFLEX;;0134;;0134
+0136;LATIN CAPITAL LETTER K WITH CEDILLA;Lu;0;L;004B 0327;;;;N;LATIN CAPITAL LETTER K CEDILLA;;;0137;
+0137;LATIN SMALL LETTER K WITH CEDILLA;Ll;0;L;006B 0327;;;;N;LATIN SMALL LETTER K CEDILLA;;0136;;0136
+0138;LATIN SMALL LETTER KRA;Ll;0;L;;;;;N;;Greenlandic;;;
+0139;LATIN CAPITAL LETTER L WITH ACUTE;Lu;0;L;004C 0301;;;;N;LATIN CAPITAL LETTER L ACUTE;;;013A;
+013A;LATIN SMALL LETTER L WITH ACUTE;Ll;0;L;006C 0301;;;;N;LATIN SMALL LETTER L ACUTE;;0139;;0139
+013B;LATIN CAPITAL LETTER L WITH CEDILLA;Lu;0;L;004C 0327;;;;N;LATIN CAPITAL LETTER L CEDILLA;;;013C;
+013C;LATIN SMALL LETTER L WITH CEDILLA;Ll;0;L;006C 0327;;;;N;LATIN SMALL LETTER L CEDILLA;;013B;;013B
+013D;LATIN CAPITAL LETTER L WITH CARON;Lu;0;L;004C 030C;;;;N;LATIN CAPITAL LETTER L HACEK;;;013E;
+013E;LATIN SMALL LETTER L WITH CARON;Ll;0;L;006C 030C;;;;N;LATIN SMALL LETTER L HACEK;;013D;;013D
+013F;LATIN CAPITAL LETTER L WITH MIDDLE DOT;Lu;0;L;<compat> 004C 00B7;;;;N;;;;0140;
+0140;LATIN SMALL LETTER L WITH MIDDLE DOT;Ll;0;L;<compat> 006C 00B7;;;;N;;;013F;;013F
+0141;LATIN CAPITAL LETTER L WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER L SLASH;;;0142;
+0142;LATIN SMALL LETTER L WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER L SLASH;;0141;;0141
+0143;LATIN CAPITAL LETTER N WITH ACUTE;Lu;0;L;004E 0301;;;;N;LATIN CAPITAL LETTER N ACUTE;;;0144;
+0144;LATIN SMALL LETTER N WITH ACUTE;Ll;0;L;006E 0301;;;;N;LATIN SMALL LETTER N ACUTE;;0143;;0143
+0145;LATIN CAPITAL LETTER N WITH CEDILLA;Lu;0;L;004E 0327;;;;N;LATIN CAPITAL LETTER N CEDILLA;;;0146;
+0146;LATIN SMALL LETTER N WITH CEDILLA;Ll;0;L;006E 0327;;;;N;LATIN SMALL LETTER N CEDILLA;;0145;;0145
+0147;LATIN CAPITAL LETTER N WITH CARON;Lu;0;L;004E 030C;;;;N;LATIN CAPITAL LETTER N HACEK;;;0148;
+0148;LATIN SMALL LETTER N WITH CARON;Ll;0;L;006E 030C;;;;N;LATIN SMALL LETTER N HACEK;;0147;;0147
+0149;LATIN SMALL LETTER N PRECEDED BY APOSTROPHE;Ll;0;L;<compat> 02BC 006E;;;;N;LATIN SMALL LETTER APOSTROPHE N;;;;
+014A;LATIN CAPITAL LETTER ENG;Lu;0;L;;;;;N;;Sami;;014B;
+014B;LATIN SMALL LETTER ENG;Ll;0;L;;;;;N;;Sami;014A;;014A
+014C;LATIN CAPITAL LETTER O WITH MACRON;Lu;0;L;004F 0304;;;;N;LATIN CAPITAL LETTER O MACRON;;;014D;
+014D;LATIN SMALL LETTER O WITH MACRON;Ll;0;L;006F 0304;;;;N;LATIN SMALL LETTER O MACRON;;014C;;014C
+014E;LATIN CAPITAL LETTER O WITH BREVE;Lu;0;L;004F 0306;;;;N;LATIN CAPITAL LETTER O BREVE;;;014F;
+014F;LATIN SMALL LETTER O WITH BREVE;Ll;0;L;006F 0306;;;;N;LATIN SMALL LETTER O BREVE;;014E;;014E
+0150;LATIN CAPITAL LETTER O WITH DOUBLE ACUTE;Lu;0;L;004F 030B;;;;N;LATIN CAPITAL LETTER O DOUBLE ACUTE;;;0151;
+0151;LATIN SMALL LETTER O WITH DOUBLE ACUTE;Ll;0;L;006F 030B;;;;N;LATIN SMALL LETTER O DOUBLE ACUTE;;0150;;0150
+0152;LATIN CAPITAL LIGATURE OE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER O E;;;0153;
+0153;LATIN SMALL LIGATURE OE;Ll;0;L;;;;;N;LATIN SMALL LETTER O E;;0152;;0152
+0154;LATIN CAPITAL LETTER R WITH ACUTE;Lu;0;L;0052 0301;;;;N;LATIN CAPITAL LETTER R ACUTE;;;0155;
+0155;LATIN SMALL LETTER R WITH ACUTE;Ll;0;L;0072 0301;;;;N;LATIN SMALL LETTER R ACUTE;;0154;;0154
+0156;LATIN CAPITAL LETTER R WITH CEDILLA;Lu;0;L;0052 0327;;;;N;LATIN CAPITAL LETTER R CEDILLA;;;0157;
+0157;LATIN SMALL LETTER R WITH CEDILLA;Ll;0;L;0072 0327;;;;N;LATIN SMALL LETTER R CEDILLA;;0156;;0156
+0158;LATIN CAPITAL LETTER R WITH CARON;Lu;0;L;0052 030C;;;;N;LATIN CAPITAL LETTER R HACEK;;;0159;
+0159;LATIN SMALL LETTER R WITH CARON;Ll;0;L;0072 030C;;;;N;LATIN SMALL LETTER R HACEK;;0158;;0158
+015A;LATIN CAPITAL LETTER S WITH ACUTE;Lu;0;L;0053 0301;;;;N;LATIN CAPITAL LETTER S ACUTE;;;015B;
+015B;LATIN SMALL LETTER S WITH ACUTE;Ll;0;L;0073 0301;;;;N;LATIN SMALL LETTER S ACUTE;;015A;;015A
+015C;LATIN CAPITAL LETTER S WITH CIRCUMFLEX;Lu;0;L;0053 0302;;;;N;LATIN CAPITAL LETTER S CIRCUMFLEX;;;015D;
+015D;LATIN SMALL LETTER S WITH CIRCUMFLEX;Ll;0;L;0073 0302;;;;N;LATIN SMALL LETTER S CIRCUMFLEX;;015C;;015C
+015E;LATIN CAPITAL LETTER S WITH CEDILLA;Lu;0;L;0053 0327;;;;N;LATIN CAPITAL LETTER S CEDILLA;*;;015F;
+015F;LATIN SMALL LETTER S WITH CEDILLA;Ll;0;L;0073 0327;;;;N;LATIN SMALL LETTER S CEDILLA;*;015E;;015E
+0160;LATIN CAPITAL LETTER S WITH CARON;Lu;0;L;0053 030C;;;;N;LATIN CAPITAL LETTER S HACEK;;;0161;
+0161;LATIN SMALL LETTER S WITH CARON;Ll;0;L;0073 030C;;;;N;LATIN SMALL LETTER S HACEK;;0160;;0160
+0162;LATIN CAPITAL LETTER T WITH CEDILLA;Lu;0;L;0054 0327;;;;N;LATIN CAPITAL LETTER T CEDILLA;*;;0163;
+0163;LATIN SMALL LETTER T WITH CEDILLA;Ll;0;L;0074 0327;;;;N;LATIN SMALL LETTER T CEDILLA;*;0162;;0162
+0164;LATIN CAPITAL LETTER T WITH CARON;Lu;0;L;0054 030C;;;;N;LATIN CAPITAL LETTER T HACEK;;;0165;
+0165;LATIN SMALL LETTER T WITH CARON;Ll;0;L;0074 030C;;;;N;LATIN SMALL LETTER T HACEK;;0164;;0164
+0166;LATIN CAPITAL LETTER T WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER T BAR;;;0167;
+0167;LATIN SMALL LETTER T WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER T BAR;;0166;;0166
+0168;LATIN CAPITAL LETTER U WITH TILDE;Lu;0;L;0055 0303;;;;N;LATIN CAPITAL LETTER U TILDE;;;0169;
+0169;LATIN SMALL LETTER U WITH TILDE;Ll;0;L;0075 0303;;;;N;LATIN SMALL LETTER U TILDE;;0168;;0168
+016A;LATIN CAPITAL LETTER U WITH MACRON;Lu;0;L;0055 0304;;;;N;LATIN CAPITAL LETTER U MACRON;;;016B;
+016B;LATIN SMALL LETTER U WITH MACRON;Ll;0;L;0075 0304;;;;N;LATIN SMALL LETTER U MACRON;;016A;;016A
+016C;LATIN CAPITAL LETTER U WITH BREVE;Lu;0;L;0055 0306;;;;N;LATIN CAPITAL LETTER U BREVE;;;016D;
+016D;LATIN SMALL LETTER U WITH BREVE;Ll;0;L;0075 0306;;;;N;LATIN SMALL LETTER U BREVE;;016C;;016C
+016E;LATIN CAPITAL LETTER U WITH RING ABOVE;Lu;0;L;0055 030A;;;;N;LATIN CAPITAL LETTER U RING;;;016F;
+016F;LATIN SMALL LETTER U WITH RING ABOVE;Ll;0;L;0075 030A;;;;N;LATIN SMALL LETTER U RING;;016E;;016E
+0170;LATIN CAPITAL LETTER U WITH DOUBLE ACUTE;Lu;0;L;0055 030B;;;;N;LATIN CAPITAL LETTER U DOUBLE ACUTE;;;0171;
+0171;LATIN SMALL LETTER U WITH DOUBLE ACUTE;Ll;0;L;0075 030B;;;;N;LATIN SMALL LETTER U DOUBLE ACUTE;;0170;;0170
+0172;LATIN CAPITAL LETTER U WITH OGONEK;Lu;0;L;0055 0328;;;;N;LATIN CAPITAL LETTER U OGONEK;;;0173;
+0173;LATIN SMALL LETTER U WITH OGONEK;Ll;0;L;0075 0328;;;;N;LATIN SMALL LETTER U OGONEK;;0172;;0172
+0174;LATIN CAPITAL LETTER W WITH CIRCUMFLEX;Lu;0;L;0057 0302;;;;N;LATIN CAPITAL LETTER W CIRCUMFLEX;;;0175;
+0175;LATIN SMALL LETTER W WITH CIRCUMFLEX;Ll;0;L;0077 0302;;;;N;LATIN SMALL LETTER W CIRCUMFLEX;;0174;;0174
+0176;LATIN CAPITAL LETTER Y WITH CIRCUMFLEX;Lu;0;L;0059 0302;;;;N;LATIN CAPITAL LETTER Y CIRCUMFLEX;;;0177;
+0177;LATIN SMALL LETTER Y WITH CIRCUMFLEX;Ll;0;L;0079 0302;;;;N;LATIN SMALL LETTER Y CIRCUMFLEX;;0176;;0176
+0178;LATIN CAPITAL LETTER Y WITH DIAERESIS;Lu;0;L;0059 0308;;;;N;LATIN CAPITAL LETTER Y DIAERESIS;;;00FF;
+0179;LATIN CAPITAL LETTER Z WITH ACUTE;Lu;0;L;005A 0301;;;;N;LATIN CAPITAL LETTER Z ACUTE;;;017A;
+017A;LATIN SMALL LETTER Z WITH ACUTE;Ll;0;L;007A 0301;;;;N;LATIN SMALL LETTER Z ACUTE;;0179;;0179
+017B;LATIN CAPITAL LETTER Z WITH DOT ABOVE;Lu;0;L;005A 0307;;;;N;LATIN CAPITAL LETTER Z DOT;;;017C;
+017C;LATIN SMALL LETTER Z WITH DOT ABOVE;Ll;0;L;007A 0307;;;;N;LATIN SMALL LETTER Z DOT;;017B;;017B
+017D;LATIN CAPITAL LETTER Z WITH CARON;Lu;0;L;005A 030C;;;;N;LATIN CAPITAL LETTER Z HACEK;;;017E;
+017E;LATIN SMALL LETTER Z WITH CARON;Ll;0;L;007A 030C;;;;N;LATIN SMALL LETTER Z HACEK;;017D;;017D
+017F;LATIN SMALL LETTER LONG S;Ll;0;L;<compat> 0073;;;;N;;;0053;;0053
+0180;LATIN SMALL LETTER B WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER B BAR;;;;
+0181;LATIN CAPITAL LETTER B WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER B HOOK;;;0253;
+0182;LATIN CAPITAL LETTER B WITH TOPBAR;Lu;0;L;;;;;N;LATIN CAPITAL LETTER B TOPBAR;;;0183;
+0183;LATIN SMALL LETTER B WITH TOPBAR;Ll;0;L;;;;;N;LATIN SMALL LETTER B TOPBAR;;0182;;0182
+0184;LATIN CAPITAL LETTER TONE SIX;Lu;0;L;;;;;N;;;;0185;
+0185;LATIN SMALL LETTER TONE SIX;Ll;0;L;;;;;N;;;0184;;0184
+0186;LATIN CAPITAL LETTER OPEN O;Lu;0;L;;;;;N;;;;0254;
+0187;LATIN CAPITAL LETTER C WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER C HOOK;;;0188;
+0188;LATIN SMALL LETTER C WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER C HOOK;;0187;;0187
+0189;LATIN CAPITAL LETTER AFRICAN D;Lu;0;L;;;;;N;;*;;0256;
+018A;LATIN CAPITAL LETTER D WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER D HOOK;;;0257;
+018B;LATIN CAPITAL LETTER D WITH TOPBAR;Lu;0;L;;;;;N;LATIN CAPITAL LETTER D TOPBAR;;;018C;
+018C;LATIN SMALL LETTER D WITH TOPBAR;Ll;0;L;;;;;N;LATIN SMALL LETTER D TOPBAR;;018B;;018B
+018D;LATIN SMALL LETTER TURNED DELTA;Ll;0;L;;;;;N;;;;;
+018E;LATIN CAPITAL LETTER REVERSED E;Lu;0;L;;;;;N;LATIN CAPITAL LETTER TURNED E;;;01DD;
+018F;LATIN CAPITAL LETTER SCHWA;Lu;0;L;;;;;N;;;;0259;
+0190;LATIN CAPITAL LETTER OPEN E;Lu;0;L;;;;;N;LATIN CAPITAL LETTER EPSILON;;;025B;
+0191;LATIN CAPITAL LETTER F WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER F HOOK;;;0192;
+0192;LATIN SMALL LETTER F WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER SCRIPT F;;0191;;0191
+0193;LATIN CAPITAL LETTER G WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER G HOOK;;;0260;
+0194;LATIN CAPITAL LETTER GAMMA;Lu;0;L;;;;;N;;;;0263;
+0195;LATIN SMALL LETTER HV;Ll;0;L;;;;;N;LATIN SMALL LETTER H V;hwair;01F6;;01F6
+0196;LATIN CAPITAL LETTER IOTA;Lu;0;L;;;;;N;;;;0269;
+0197;LATIN CAPITAL LETTER I WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER BARRED I;;;0268;
+0198;LATIN CAPITAL LETTER K WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER K HOOK;;;0199;
+0199;LATIN SMALL LETTER K WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER K HOOK;;0198;;0198
+019A;LATIN SMALL LETTER L WITH BAR;Ll;0;L;;;;;N;LATIN SMALL LETTER BARRED L;;;;
+019B;LATIN SMALL LETTER LAMBDA WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER BARRED LAMBDA;;;;
+019C;LATIN CAPITAL LETTER TURNED M;Lu;0;L;;;;;N;;;;026F;
+019D;LATIN CAPITAL LETTER N WITH LEFT HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER N HOOK;;;0272;
+019E;LATIN SMALL LETTER N WITH LONG RIGHT LEG;Ll;0;L;;;;;N;;;0220;;0220
+019F;LATIN CAPITAL LETTER O WITH MIDDLE TILDE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER BARRED O;*;;0275;
+01A0;LATIN CAPITAL LETTER O WITH HORN;Lu;0;L;004F 031B;;;;N;LATIN CAPITAL LETTER O HORN;;;01A1;
+01A1;LATIN SMALL LETTER O WITH HORN;Ll;0;L;006F 031B;;;;N;LATIN SMALL LETTER O HORN;;01A0;;01A0
+01A2;LATIN CAPITAL LETTER OI;Lu;0;L;;;;;N;LATIN CAPITAL LETTER O I;gha;;01A3;
+01A3;LATIN SMALL LETTER OI;Ll;0;L;;;;;N;LATIN SMALL LETTER O I;gha;01A2;;01A2
+01A4;LATIN CAPITAL LETTER P WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER P HOOK;;;01A5;
+01A5;LATIN SMALL LETTER P WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER P HOOK;;01A4;;01A4
+01A6;LATIN LETTER YR;Lu;0;L;;;;;N;LATIN LETTER Y R;*;;0280;
+01A7;LATIN CAPITAL LETTER TONE TWO;Lu;0;L;;;;;N;;;;01A8;
+01A8;LATIN SMALL LETTER TONE TWO;Ll;0;L;;;;;N;;;01A7;;01A7
+01A9;LATIN CAPITAL LETTER ESH;Lu;0;L;;;;;N;;;;0283;
+01AA;LATIN LETTER REVERSED ESH LOOP;Ll;0;L;;;;;N;;;;;
+01AB;LATIN SMALL LETTER T WITH PALATAL HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER T PALATAL HOOK;;;;
+01AC;LATIN CAPITAL LETTER T WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER T HOOK;;;01AD;
+01AD;LATIN SMALL LETTER T WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER T HOOK;;01AC;;01AC
+01AE;LATIN CAPITAL LETTER T WITH RETROFLEX HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER T RETROFLEX HOOK;;;0288;
+01AF;LATIN CAPITAL LETTER U WITH HORN;Lu;0;L;0055 031B;;;;N;LATIN CAPITAL LETTER U HORN;;;01B0;
+01B0;LATIN SMALL LETTER U WITH HORN;Ll;0;L;0075 031B;;;;N;LATIN SMALL LETTER U HORN;;01AF;;01AF
+01B1;LATIN CAPITAL LETTER UPSILON;Lu;0;L;;;;;N;;;;028A;
+01B2;LATIN CAPITAL LETTER V WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER SCRIPT V;;;028B;
+01B3;LATIN CAPITAL LETTER Y WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER Y HOOK;;;01B4;
+01B4;LATIN SMALL LETTER Y WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER Y HOOK;;01B3;;01B3
+01B5;LATIN CAPITAL LETTER Z WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER Z BAR;;;01B6;
+01B6;LATIN SMALL LETTER Z WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER Z BAR;;01B5;;01B5
+01B7;LATIN CAPITAL LETTER EZH;Lu;0;L;;;;;N;LATIN CAPITAL LETTER YOGH;;;0292;
+01B8;LATIN CAPITAL LETTER EZH REVERSED;Lu;0;L;;;;;N;LATIN CAPITAL LETTER REVERSED YOGH;;;01B9;
+01B9;LATIN SMALL LETTER EZH REVERSED;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED YOGH;;01B8;;01B8
+01BA;LATIN SMALL LETTER EZH WITH TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER YOGH WITH TAIL;;;;
+01BB;LATIN LETTER TWO WITH STROKE;Lo;0;L;;;;;N;LATIN LETTER TWO BAR;;;;
+01BC;LATIN CAPITAL LETTER TONE FIVE;Lu;0;L;;;;;N;;;;01BD;
+01BD;LATIN SMALL LETTER TONE FIVE;Ll;0;L;;;;;N;;;01BC;;01BC
+01BE;LATIN LETTER INVERTED GLOTTAL STOP WITH STROKE;Ll;0;L;;;;;N;LATIN LETTER INVERTED GLOTTAL STOP BAR;;;;
+01BF;LATIN LETTER WYNN;Ll;0;L;;;;;N;;;01F7;;01F7
+01C0;LATIN LETTER DENTAL CLICK;Lo;0;L;;;;;N;LATIN LETTER PIPE;;;;
+01C1;LATIN LETTER LATERAL CLICK;Lo;0;L;;;;;N;LATIN LETTER DOUBLE PIPE;;;;
+01C2;LATIN LETTER ALVEOLAR CLICK;Lo;0;L;;;;;N;LATIN LETTER PIPE DOUBLE BAR;;;;
+01C3;LATIN LETTER RETROFLEX CLICK;Lo;0;L;;;;;N;LATIN LETTER EXCLAMATION MARK;;;;
+01C4;LATIN CAPITAL LETTER DZ WITH CARON;Lu;0;L;<compat> 0044 017D;;;;N;LATIN CAPITAL LETTER D Z HACEK;;;01C6;01C5
+01C5;LATIN CAPITAL LETTER D WITH SMALL LETTER Z WITH CARON;Lt;0;L;<compat> 0044 017E;;;;N;LATIN LETTER CAPITAL D SMALL Z HACEK;;01C4;01C6;
+01C6;LATIN SMALL LETTER DZ WITH CARON;Ll;0;L;<compat> 0064 017E;;;;N;LATIN SMALL LETTER D Z HACEK;;01C4;;01C5
+01C7;LATIN CAPITAL LETTER LJ;Lu;0;L;<compat> 004C 004A;;;;N;LATIN CAPITAL LETTER L J;;;01C9;01C8
+01C8;LATIN CAPITAL LETTER L WITH SMALL LETTER J;Lt;0;L;<compat> 004C 006A;;;;N;LATIN LETTER CAPITAL L SMALL J;;01C7;01C9;
+01C9;LATIN SMALL LETTER LJ;Ll;0;L;<compat> 006C 006A;;;;N;LATIN SMALL LETTER L J;;01C7;;01C8
+01CA;LATIN CAPITAL LETTER NJ;Lu;0;L;<compat> 004E 004A;;;;N;LATIN CAPITAL LETTER N J;;;01CC;01CB
+01CB;LATIN CAPITAL LETTER N WITH SMALL LETTER J;Lt;0;L;<compat> 004E 006A;;;;N;LATIN LETTER CAPITAL N SMALL J;;01CA;01CC;
+01CC;LATIN SMALL LETTER NJ;Ll;0;L;<compat> 006E 006A;;;;N;LATIN SMALL LETTER N J;;01CA;;01CB
+01CD;LATIN CAPITAL LETTER A WITH CARON;Lu;0;L;0041 030C;;;;N;LATIN CAPITAL LETTER A HACEK;;;01CE;
+01CE;LATIN SMALL LETTER A WITH CARON;Ll;0;L;0061 030C;;;;N;LATIN SMALL LETTER A HACEK;;01CD;;01CD
+01CF;LATIN CAPITAL LETTER I WITH CARON;Lu;0;L;0049 030C;;;;N;LATIN CAPITAL LETTER I HACEK;;;01D0;
+01D0;LATIN SMALL LETTER I WITH CARON;Ll;0;L;0069 030C;;;;N;LATIN SMALL LETTER I HACEK;;01CF;;01CF
+01D1;LATIN CAPITAL LETTER O WITH CARON;Lu;0;L;004F 030C;;;;N;LATIN CAPITAL LETTER O HACEK;;;01D2;
+01D2;LATIN SMALL LETTER O WITH CARON;Ll;0;L;006F 030C;;;;N;LATIN SMALL LETTER O HACEK;;01D1;;01D1
+01D3;LATIN CAPITAL LETTER U WITH CARON;Lu;0;L;0055 030C;;;;N;LATIN CAPITAL LETTER U HACEK;;;01D4;
+01D4;LATIN SMALL LETTER U WITH CARON;Ll;0;L;0075 030C;;;;N;LATIN SMALL LETTER U HACEK;;01D3;;01D3
+01D5;LATIN CAPITAL LETTER U WITH DIAERESIS AND MACRON;Lu;0;L;00DC 0304;;;;N;LATIN CAPITAL LETTER U DIAERESIS MACRON;;;01D6;
+01D6;LATIN SMALL LETTER U WITH DIAERESIS AND MACRON;Ll;0;L;00FC 0304;;;;N;LATIN SMALL LETTER U DIAERESIS MACRON;;01D5;;01D5
+01D7;LATIN CAPITAL LETTER U WITH DIAERESIS AND ACUTE;Lu;0;L;00DC 0301;;;;N;LATIN CAPITAL LETTER U DIAERESIS ACUTE;;;01D8;
+01D8;LATIN SMALL LETTER U WITH DIAERESIS AND ACUTE;Ll;0;L;00FC 0301;;;;N;LATIN SMALL LETTER U DIAERESIS ACUTE;;01D7;;01D7
+01D9;LATIN CAPITAL LETTER U WITH DIAERESIS AND CARON;Lu;0;L;00DC 030C;;;;N;LATIN CAPITAL LETTER U DIAERESIS HACEK;;;01DA;
+01DA;LATIN SMALL LETTER U WITH DIAERESIS AND CARON;Ll;0;L;00FC 030C;;;;N;LATIN SMALL LETTER U DIAERESIS HACEK;;01D9;;01D9
+01DB;LATIN CAPITAL LETTER U WITH DIAERESIS AND GRAVE;Lu;0;L;00DC 0300;;;;N;LATIN CAPITAL LETTER U DIAERESIS GRAVE;;;01DC;
+01DC;LATIN SMALL LETTER U WITH DIAERESIS AND GRAVE;Ll;0;L;00FC 0300;;;;N;LATIN SMALL LETTER U DIAERESIS GRAVE;;01DB;;01DB
+01DD;LATIN SMALL LETTER TURNED E;Ll;0;L;;;;;N;;;018E;;018E
+01DE;LATIN CAPITAL LETTER A WITH DIAERESIS AND MACRON;Lu;0;L;00C4 0304;;;;N;LATIN CAPITAL LETTER A DIAERESIS MACRON;;;01DF;
+01DF;LATIN SMALL LETTER A WITH DIAERESIS AND MACRON;Ll;0;L;00E4 0304;;;;N;LATIN SMALL LETTER A DIAERESIS MACRON;;01DE;;01DE
+01E0;LATIN CAPITAL LETTER A WITH DOT ABOVE AND MACRON;Lu;0;L;0226 0304;;;;N;LATIN CAPITAL LETTER A DOT MACRON;;;01E1;
+01E1;LATIN SMALL LETTER A WITH DOT ABOVE AND MACRON;Ll;0;L;0227 0304;;;;N;LATIN SMALL LETTER A DOT MACRON;;01E0;;01E0
+01E2;LATIN CAPITAL LETTER AE WITH MACRON;Lu;0;L;00C6 0304;;;;N;LATIN CAPITAL LETTER A E MACRON;ash *;;01E3;
+01E3;LATIN SMALL LETTER AE WITH MACRON;Ll;0;L;00E6 0304;;;;N;LATIN SMALL LETTER A E MACRON;ash *;01E2;;01E2
+01E4;LATIN CAPITAL LETTER G WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER G BAR;;;01E5;
+01E5;LATIN SMALL LETTER G WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER G BAR;;01E4;;01E4
+01E6;LATIN CAPITAL LETTER G WITH CARON;Lu;0;L;0047 030C;;;;N;LATIN CAPITAL LETTER G HACEK;;;01E7;
+01E7;LATIN SMALL LETTER G WITH CARON;Ll;0;L;0067 030C;;;;N;LATIN SMALL LETTER G HACEK;;01E6;;01E6
+01E8;LATIN CAPITAL LETTER K WITH CARON;Lu;0;L;004B 030C;;;;N;LATIN CAPITAL LETTER K HACEK;;;01E9;
+01E9;LATIN SMALL LETTER K WITH CARON;Ll;0;L;006B 030C;;;;N;LATIN SMALL LETTER K HACEK;;01E8;;01E8
+01EA;LATIN CAPITAL LETTER O WITH OGONEK;Lu;0;L;004F 0328;;;;N;LATIN CAPITAL LETTER O OGONEK;;;01EB;
+01EB;LATIN SMALL LETTER O WITH OGONEK;Ll;0;L;006F 0328;;;;N;LATIN SMALL LETTER O OGONEK;;01EA;;01EA
+01EC;LATIN CAPITAL LETTER O WITH OGONEK AND MACRON;Lu;0;L;01EA 0304;;;;N;LATIN CAPITAL LETTER O OGONEK MACRON;;;01ED;
+01ED;LATIN SMALL LETTER O WITH OGONEK AND MACRON;Ll;0;L;01EB 0304;;;;N;LATIN SMALL LETTER O OGONEK MACRON;;01EC;;01EC
+01EE;LATIN CAPITAL LETTER EZH WITH CARON;Lu;0;L;01B7 030C;;;;N;LATIN CAPITAL LETTER YOGH HACEK;;;01EF;
+01EF;LATIN SMALL LETTER EZH WITH CARON;Ll;0;L;0292 030C;;;;N;LATIN SMALL LETTER YOGH HACEK;;01EE;;01EE
+01F0;LATIN SMALL LETTER J WITH CARON;Ll;0;L;006A 030C;;;;N;LATIN SMALL LETTER J HACEK;;;;
+01F1;LATIN CAPITAL LETTER DZ;Lu;0;L;<compat> 0044 005A;;;;N;;;;01F3;01F2
+01F2;LATIN CAPITAL LETTER D WITH SMALL LETTER Z;Lt;0;L;<compat> 0044 007A;;;;N;;;01F1;01F3;
+01F3;LATIN SMALL LETTER DZ;Ll;0;L;<compat> 0064 007A;;;;N;;;01F1;;01F2
+01F4;LATIN CAPITAL LETTER G WITH ACUTE;Lu;0;L;0047 0301;;;;N;;;;01F5;
+01F5;LATIN SMALL LETTER G WITH ACUTE;Ll;0;L;0067 0301;;;;N;;;01F4;;01F4
+01F6;LATIN CAPITAL LETTER HWAIR;Lu;0;L;;;;;N;;;;0195;
+01F7;LATIN CAPITAL LETTER WYNN;Lu;0;L;;;;;N;;;;01BF;
+01F8;LATIN CAPITAL LETTER N WITH GRAVE;Lu;0;L;004E 0300;;;;N;;;;01F9;
+01F9;LATIN SMALL LETTER N WITH GRAVE;Ll;0;L;006E 0300;;;;N;;;01F8;;01F8
+01FA;LATIN CAPITAL LETTER A WITH RING ABOVE AND ACUTE;Lu;0;L;00C5 0301;;;;N;;;;01FB;
+01FB;LATIN SMALL LETTER A WITH RING ABOVE AND ACUTE;Ll;0;L;00E5 0301;;;;N;;;01FA;;01FA
+01FC;LATIN CAPITAL LETTER AE WITH ACUTE;Lu;0;L;00C6 0301;;;;N;;ash *;;01FD;
+01FD;LATIN SMALL LETTER AE WITH ACUTE;Ll;0;L;00E6 0301;;;;N;;ash *;01FC;;01FC
+01FE;LATIN CAPITAL LETTER O WITH STROKE AND ACUTE;Lu;0;L;00D8 0301;;;;N;;;;01FF;
+01FF;LATIN SMALL LETTER O WITH STROKE AND ACUTE;Ll;0;L;00F8 0301;;;;N;;;01FE;;01FE
+0200;LATIN CAPITAL LETTER A WITH DOUBLE GRAVE;Lu;0;L;0041 030F;;;;N;;;;0201;
+0201;LATIN SMALL LETTER A WITH DOUBLE GRAVE;Ll;0;L;0061 030F;;;;N;;;0200;;0200
+0202;LATIN CAPITAL LETTER A WITH INVERTED BREVE;Lu;0;L;0041 0311;;;;N;;;;0203;
+0203;LATIN SMALL LETTER A WITH INVERTED BREVE;Ll;0;L;0061 0311;;;;N;;;0202;;0202
+0204;LATIN CAPITAL LETTER E WITH DOUBLE GRAVE;Lu;0;L;0045 030F;;;;N;;;;0205;
+0205;LATIN SMALL LETTER E WITH DOUBLE GRAVE;Ll;0;L;0065 030F;;;;N;;;0204;;0204
+0206;LATIN CAPITAL LETTER E WITH INVERTED BREVE;Lu;0;L;0045 0311;;;;N;;;;0207;
+0207;LATIN SMALL LETTER E WITH INVERTED BREVE;Ll;0;L;0065 0311;;;;N;;;0206;;0206
+0208;LATIN CAPITAL LETTER I WITH DOUBLE GRAVE;Lu;0;L;0049 030F;;;;N;;;;0209;
+0209;LATIN SMALL LETTER I WITH DOUBLE GRAVE;Ll;0;L;0069 030F;;;;N;;;0208;;0208
+020A;LATIN CAPITAL LETTER I WITH INVERTED BREVE;Lu;0;L;0049 0311;;;;N;;;;020B;
+020B;LATIN SMALL LETTER I WITH INVERTED BREVE;Ll;0;L;0069 0311;;;;N;;;020A;;020A
+020C;LATIN CAPITAL LETTER O WITH DOUBLE GRAVE;Lu;0;L;004F 030F;;;;N;;;;020D;
+020D;LATIN SMALL LETTER O WITH DOUBLE GRAVE;Ll;0;L;006F 030F;;;;N;;;020C;;020C
+020E;LATIN CAPITAL LETTER O WITH INVERTED BREVE;Lu;0;L;004F 0311;;;;N;;;;020F;
+020F;LATIN SMALL LETTER O WITH INVERTED BREVE;Ll;0;L;006F 0311;;;;N;;;020E;;020E
+0210;LATIN CAPITAL LETTER R WITH DOUBLE GRAVE;Lu;0;L;0052 030F;;;;N;;;;0211;
+0211;LATIN SMALL LETTER R WITH DOUBLE GRAVE;Ll;0;L;0072 030F;;;;N;;;0210;;0210
+0212;LATIN CAPITAL LETTER R WITH INVERTED BREVE;Lu;0;L;0052 0311;;;;N;;;;0213;
+0213;LATIN SMALL LETTER R WITH INVERTED BREVE;Ll;0;L;0072 0311;;;;N;;;0212;;0212
+0214;LATIN CAPITAL LETTER U WITH DOUBLE GRAVE;Lu;0;L;0055 030F;;;;N;;;;0215;
+0215;LATIN SMALL LETTER U WITH DOUBLE GRAVE;Ll;0;L;0075 030F;;;;N;;;0214;;0214
+0216;LATIN CAPITAL LETTER U WITH INVERTED BREVE;Lu;0;L;0055 0311;;;;N;;;;0217;
+0217;LATIN SMALL LETTER U WITH INVERTED BREVE;Ll;0;L;0075 0311;;;;N;;;0216;;0216
+0218;LATIN CAPITAL LETTER S WITH COMMA BELOW;Lu;0;L;0053 0326;;;;N;;*;;0219;
+0219;LATIN SMALL LETTER S WITH COMMA BELOW;Ll;0;L;0073 0326;;;;N;;*;0218;;0218
+021A;LATIN CAPITAL LETTER T WITH COMMA BELOW;Lu;0;L;0054 0326;;;;N;;*;;021B;
+021B;LATIN SMALL LETTER T WITH COMMA BELOW;Ll;0;L;0074 0326;;;;N;;*;021A;;021A
+021C;LATIN CAPITAL LETTER YOGH;Lu;0;L;;;;;N;;;;021D;
+021D;LATIN SMALL LETTER YOGH;Ll;0;L;;;;;N;;;021C;;021C
+021E;LATIN CAPITAL LETTER H WITH CARON;Lu;0;L;0048 030C;;;;N;;;;021F;
+021F;LATIN SMALL LETTER H WITH CARON;Ll;0;L;0068 030C;;;;N;;;021E;;021E
+0220;LATIN CAPITAL LETTER N WITH LONG RIGHT LEG;Lu;0;L;;;;;N;;;;019E;
+0222;LATIN CAPITAL LETTER OU;Lu;0;L;;;;;N;;;;0223;
+0223;LATIN SMALL LETTER OU;Ll;0;L;;;;;N;;;0222;;0222
+0224;LATIN CAPITAL LETTER Z WITH HOOK;Lu;0;L;;;;;N;;;;0225;
+0225;LATIN SMALL LETTER Z WITH HOOK;Ll;0;L;;;;;N;;;0224;;0224
+0226;LATIN CAPITAL LETTER A WITH DOT ABOVE;Lu;0;L;0041 0307;;;;N;;;;0227;
+0227;LATIN SMALL LETTER A WITH DOT ABOVE;Ll;0;L;0061 0307;;;;N;;;0226;;0226
+0228;LATIN CAPITAL LETTER E WITH CEDILLA;Lu;0;L;0045 0327;;;;N;;;;0229;
+0229;LATIN SMALL LETTER E WITH CEDILLA;Ll;0;L;0065 0327;;;;N;;;0228;;0228
+022A;LATIN CAPITAL LETTER O WITH DIAERESIS AND MACRON;Lu;0;L;00D6 0304;;;;N;;;;022B;
+022B;LATIN SMALL LETTER O WITH DIAERESIS AND MACRON;Ll;0;L;00F6 0304;;;;N;;;022A;;022A
+022C;LATIN CAPITAL LETTER O WITH TILDE AND MACRON;Lu;0;L;00D5 0304;;;;N;;;;022D;
+022D;LATIN SMALL LETTER O WITH TILDE AND MACRON;Ll;0;L;00F5 0304;;;;N;;;022C;;022C
+022E;LATIN CAPITAL LETTER O WITH DOT ABOVE;Lu;0;L;004F 0307;;;;N;;;;022F;
+022F;LATIN SMALL LETTER O WITH DOT ABOVE;Ll;0;L;006F 0307;;;;N;;;022E;;022E
+0230;LATIN CAPITAL LETTER O WITH DOT ABOVE AND MACRON;Lu;0;L;022E 0304;;;;N;;;;0231;
+0231;LATIN SMALL LETTER O WITH DOT ABOVE AND MACRON;Ll;0;L;022F 0304;;;;N;;;0230;;0230
+0232;LATIN CAPITAL LETTER Y WITH MACRON;Lu;0;L;0059 0304;;;;N;;;;0233;
+0233;LATIN SMALL LETTER Y WITH MACRON;Ll;0;L;0079 0304;;;;N;;;0232;;0232
+0250;LATIN SMALL LETTER TURNED A;Ll;0;L;;;;;N;;;;;
+0251;LATIN SMALL LETTER ALPHA;Ll;0;L;;;;;N;LATIN SMALL LETTER SCRIPT A;;;;
+0252;LATIN SMALL LETTER TURNED ALPHA;Ll;0;L;;;;;N;LATIN SMALL LETTER TURNED SCRIPT A;;;;
+0253;LATIN SMALL LETTER B WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER B HOOK;;0181;;0181
+0254;LATIN SMALL LETTER OPEN O;Ll;0;L;;;;;N;;;0186;;0186
+0255;LATIN SMALL LETTER C WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER C CURL;;;;
+0256;LATIN SMALL LETTER D WITH TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER D RETROFLEX HOOK;;0189;;0189
+0257;LATIN SMALL LETTER D WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER D HOOK;;018A;;018A
+0258;LATIN SMALL LETTER REVERSED E;Ll;0;L;;;;;N;;;;;
+0259;LATIN SMALL LETTER SCHWA;Ll;0;L;;;;;N;;;018F;;018F
+025A;LATIN SMALL LETTER SCHWA WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER SCHWA HOOK;;;;
+025B;LATIN SMALL LETTER OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER EPSILON;;0190;;0190
+025C;LATIN SMALL LETTER REVERSED OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED EPSILON;;;;
+025D;LATIN SMALL LETTER REVERSED OPEN E WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED EPSILON HOOK;;;;
+025E;LATIN SMALL LETTER CLOSED REVERSED OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER CLOSED REVERSED EPSILON;;;;
+025F;LATIN SMALL LETTER DOTLESS J WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER DOTLESS J BAR;;;;
+0260;LATIN SMALL LETTER G WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER G HOOK;;0193;;0193
+0261;LATIN SMALL LETTER SCRIPT G;Ll;0;L;;;;;N;;;;;
+0262;LATIN LETTER SMALL CAPITAL G;Ll;0;L;;;;;N;;;;;
+0263;LATIN SMALL LETTER GAMMA;Ll;0;L;;;;;N;;;0194;;0194
+0264;LATIN SMALL LETTER RAMS HORN;Ll;0;L;;;;;N;LATIN SMALL LETTER BABY GAMMA;;;;
+0265;LATIN SMALL LETTER TURNED H;Ll;0;L;;;;;N;;;;;
+0266;LATIN SMALL LETTER H WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER H HOOK;;;;
+0267;LATIN SMALL LETTER HENG WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER HENG HOOK;;;;
+0268;LATIN SMALL LETTER I WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER BARRED I;;0197;;0197
+0269;LATIN SMALL LETTER IOTA;Ll;0;L;;;;;N;;;0196;;0196
+026A;LATIN LETTER SMALL CAPITAL I;Ll;0;L;;;;;N;;;;;
+026B;LATIN SMALL LETTER L WITH MIDDLE TILDE;Ll;0;L;;;;;N;;;;;
+026C;LATIN SMALL LETTER L WITH BELT;Ll;0;L;;;;;N;LATIN SMALL LETTER L BELT;;;;
+026D;LATIN SMALL LETTER L WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER L RETROFLEX HOOK;;;;
+026E;LATIN SMALL LETTER LEZH;Ll;0;L;;;;;N;LATIN SMALL LETTER L YOGH;;;;
+026F;LATIN SMALL LETTER TURNED M;Ll;0;L;;;;;N;;;019C;;019C
+0270;LATIN SMALL LETTER TURNED M WITH LONG LEG;Ll;0;L;;;;;N;;;;;
+0271;LATIN SMALL LETTER M WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER M HOOK;;;;
+0272;LATIN SMALL LETTER N WITH LEFT HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER N HOOK;;019D;;019D
+0273;LATIN SMALL LETTER N WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER N RETROFLEX HOOK;;;;
+0274;LATIN LETTER SMALL CAPITAL N;Ll;0;L;;;;;N;;;;;
+0275;LATIN SMALL LETTER BARRED O;Ll;0;L;;;;;N;;;019F;;019F
+0276;LATIN LETTER SMALL CAPITAL OE;Ll;0;L;;;;;N;LATIN LETTER SMALL CAPITAL O E;;;;
+0277;LATIN SMALL LETTER CLOSED OMEGA;Ll;0;L;;;;;N;;;;;
+0278;LATIN SMALL LETTER PHI;Ll;0;L;;;;;N;;;;;
+0279;LATIN SMALL LETTER TURNED R;Ll;0;L;;;;;N;;;;;
+027A;LATIN SMALL LETTER TURNED R WITH LONG LEG;Ll;0;L;;;;;N;;;;;
+027B;LATIN SMALL LETTER TURNED R WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER TURNED R HOOK;;;;
+027C;LATIN SMALL LETTER R WITH LONG LEG;Ll;0;L;;;;;N;;;;;
+027D;LATIN SMALL LETTER R WITH TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER R HOOK;;;;
+027E;LATIN SMALL LETTER R WITH FISHHOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER FISHHOOK R;;;;
+027F;LATIN SMALL LETTER REVERSED R WITH FISHHOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED FISHHOOK R;;;;
+0280;LATIN LETTER SMALL CAPITAL R;Ll;0;L;;;;;N;;*;01A6;;01A6
+0281;LATIN LETTER SMALL CAPITAL INVERTED R;Ll;0;L;;;;;N;;;;;
+0282;LATIN SMALL LETTER S WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER S HOOK;;;;
+0283;LATIN SMALL LETTER ESH;Ll;0;L;;;;;N;;;01A9;;01A9
+0284;LATIN SMALL LETTER DOTLESS J WITH STROKE AND HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER DOTLESS J BAR HOOK;;;;
+0285;LATIN SMALL LETTER SQUAT REVERSED ESH;Ll;0;L;;;;;N;;;;;
+0286;LATIN SMALL LETTER ESH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER ESH CURL;;;;
+0287;LATIN SMALL LETTER TURNED T;Ll;0;L;;;;;N;;;;;
+0288;LATIN SMALL LETTER T WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER T RETROFLEX HOOK;;01AE;;01AE
+0289;LATIN SMALL LETTER U BAR;Ll;0;L;;;;;N;;;;;
+028A;LATIN SMALL LETTER UPSILON;Ll;0;L;;;;;N;;;01B1;;01B1
+028B;LATIN SMALL LETTER V WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER SCRIPT V;;01B2;;01B2
+028C;LATIN SMALL LETTER TURNED V;Ll;0;L;;;;;N;;;;;
+028D;LATIN SMALL LETTER TURNED W;Ll;0;L;;;;;N;;;;;
+028E;LATIN SMALL LETTER TURNED Y;Ll;0;L;;;;;N;;;;;
+028F;LATIN LETTER SMALL CAPITAL Y;Ll;0;L;;;;;N;;;;;
+0290;LATIN SMALL LETTER Z WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER Z RETROFLEX HOOK;;;;
+0291;LATIN SMALL LETTER Z WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER Z CURL;;;;
+0292;LATIN SMALL LETTER EZH;Ll;0;L;;;;;N;LATIN SMALL LETTER YOGH;;01B7;;01B7
+0293;LATIN SMALL LETTER EZH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER YOGH CURL;;;;
+0294;LATIN LETTER GLOTTAL STOP;Ll;0;L;;;;;N;;;;;
+0295;LATIN LETTER PHARYNGEAL VOICED FRICATIVE;Ll;0;L;;;;;N;LATIN LETTER REVERSED GLOTTAL STOP;;;;
+0296;LATIN LETTER INVERTED GLOTTAL STOP;Ll;0;L;;;;;N;;;;;
+0297;LATIN LETTER STRETCHED C;Ll;0;L;;;;;N;;;;;
+0298;LATIN LETTER BILABIAL CLICK;Ll;0;L;;;;;N;LATIN LETTER BULLSEYE;;;;
+0299;LATIN LETTER SMALL CAPITAL B;Ll;0;L;;;;;N;;;;;
+029A;LATIN SMALL LETTER CLOSED OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER CLOSED EPSILON;;;;
+029B;LATIN LETTER SMALL CAPITAL G WITH HOOK;Ll;0;L;;;;;N;LATIN LETTER SMALL CAPITAL G HOOK;;;;
+029C;LATIN LETTER SMALL CAPITAL H;Ll;0;L;;;;;N;;;;;
+029D;LATIN SMALL LETTER J WITH CROSSED-TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER CROSSED-TAIL J;;;;
+029E;LATIN SMALL LETTER TURNED K;Ll;0;L;;;;;N;;;;;
+029F;LATIN LETTER SMALL CAPITAL L;Ll;0;L;;;;;N;;;;;
+02A0;LATIN SMALL LETTER Q WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER Q HOOK;;;;
+02A1;LATIN LETTER GLOTTAL STOP WITH STROKE;Ll;0;L;;;;;N;LATIN LETTER GLOTTAL STOP BAR;;;;
+02A2;LATIN LETTER REVERSED GLOTTAL STOP WITH STROKE;Ll;0;L;;;;;N;LATIN LETTER REVERSED GLOTTAL STOP BAR;;;;
+02A3;LATIN SMALL LETTER DZ DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER D Z;;;;
+02A4;LATIN SMALL LETTER DEZH DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER D YOGH;;;;
+02A5;LATIN SMALL LETTER DZ DIGRAPH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER D Z CURL;;;;
+02A6;LATIN SMALL LETTER TS DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER T S;;;;
+02A7;LATIN SMALL LETTER TESH DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER T ESH;;;;
+02A8;LATIN SMALL LETTER TC DIGRAPH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER T C CURL;;;;
+02A9;LATIN SMALL LETTER FENG DIGRAPH;Ll;0;L;;;;;N;;;;;
+02AA;LATIN SMALL LETTER LS DIGRAPH;Ll;0;L;;;;;N;;;;;
+02AB;LATIN SMALL LETTER LZ DIGRAPH;Ll;0;L;;;;;N;;;;;
+02AC;LATIN LETTER BILABIAL PERCUSSIVE;Ll;0;L;;;;;N;;;;;
+02AD;LATIN LETTER BIDENTAL PERCUSSIVE;Ll;0;L;;;;;N;;;;;
+02B0;MODIFIER LETTER SMALL H;Lm;0;L;<super> 0068;;;;N;;;;;
+02B1;MODIFIER LETTER SMALL H WITH HOOK;Lm;0;L;<super> 0266;;;;N;MODIFIER LETTER SMALL H HOOK;;;;
+02B2;MODIFIER LETTER SMALL J;Lm;0;L;<super> 006A;;;;N;;;;;
+02B3;MODIFIER LETTER SMALL R;Lm;0;L;<super> 0072;;;;N;;;;;
+02B4;MODIFIER LETTER SMALL TURNED R;Lm;0;L;<super> 0279;;;;N;;;;;
+02B5;MODIFIER LETTER SMALL TURNED R WITH HOOK;Lm;0;L;<super> 027B;;;;N;MODIFIER LETTER SMALL TURNED R HOOK;;;;
+02B6;MODIFIER LETTER SMALL CAPITAL INVERTED R;Lm;0;L;<super> 0281;;;;N;;;;;
+02B7;MODIFIER LETTER SMALL W;Lm;0;L;<super> 0077;;;;N;;;;;
+02B8;MODIFIER LETTER SMALL Y;Lm;0;L;<super> 0079;;;;N;;;;;
+02B9;MODIFIER LETTER PRIME;Sk;0;ON;;;;;N;;;;;
+02BA;MODIFIER LETTER DOUBLE PRIME;Sk;0;ON;;;;;N;;;;;
+02BB;MODIFIER LETTER TURNED COMMA;Lm;0;L;;;;;N;;;;;
+02BC;MODIFIER LETTER APOSTROPHE;Lm;0;L;;;;;N;;;;;
+02BD;MODIFIER LETTER REVERSED COMMA;Lm;0;L;;;;;N;;;;;
+02BE;MODIFIER LETTER RIGHT HALF RING;Lm;0;L;;;;;N;;;;;
+02BF;MODIFIER LETTER LEFT HALF RING;Lm;0;L;;;;;N;;;;;
+02C0;MODIFIER LETTER GLOTTAL STOP;Lm;0;L;;;;;N;;;;;
+02C1;MODIFIER LETTER REVERSED GLOTTAL STOP;Lm;0;L;;;;;N;;;;;
+02C2;MODIFIER LETTER LEFT ARROWHEAD;Sk;0;ON;;;;;N;;;;;
+02C3;MODIFIER LETTER RIGHT ARROWHEAD;Sk;0;ON;;;;;N;;;;;
+02C4;MODIFIER LETTER UP ARROWHEAD;Sk;0;ON;;;;;N;;;;;
+02C5;MODIFIER LETTER DOWN ARROWHEAD;Sk;0;ON;;;;;N;;;;;
+02C6;MODIFIER LETTER CIRCUMFLEX ACCENT;Sk;0;ON;;;;;N;MODIFIER LETTER CIRCUMFLEX;;;;
+02C7;CARON;Sk;0;ON;;;;;N;MODIFIER LETTER HACEK;Mandarin Chinese third tone;;;
+02C8;MODIFIER LETTER VERTICAL LINE;Sk;0;ON;;;;;N;;;;;
+02C9;MODIFIER LETTER MACRON;Sk;0;ON;;;;;N;;Mandarin Chinese first tone;;;
+02CA;MODIFIER LETTER ACUTE ACCENT;Sk;0;ON;;;;;N;MODIFIER LETTER ACUTE;Mandarin Chinese second tone;;;
+02CB;MODIFIER LETTER GRAVE ACCENT;Sk;0;ON;;;;;N;MODIFIER LETTER GRAVE;Mandarin Chinese fourth tone;;;
+02CC;MODIFIER LETTER LOW VERTICAL LINE;Sk;0;ON;;;;;N;;;;;
+02CD;MODIFIER LETTER LOW MACRON;Sk;0;ON;;;;;N;;;;;
+02CE;MODIFIER LETTER LOW GRAVE ACCENT;Sk;0;ON;;;;;N;MODIFIER LETTER LOW GRAVE;;;;
+02CF;MODIFIER LETTER LOW ACUTE ACCENT;Sk;0;ON;;;;;N;MODIFIER LETTER LOW ACUTE;;;;
+02D0;MODIFIER LETTER TRIANGULAR COLON;Lm;0;L;;;;;N;;;;;
+02D1;MODIFIER LETTER HALF TRIANGULAR COLON;Lm;0;L;;;;;N;;;;;
+02D2;MODIFIER LETTER CENTRED RIGHT HALF RING;Sk;0;ON;;;;;N;MODIFIER LETTER CENTERED RIGHT HALF RING;;;;
+02D3;MODIFIER LETTER CENTRED LEFT HALF RING;Sk;0;ON;;;;;N;MODIFIER LETTER CENTERED LEFT HALF RING;;;;
+02D4;MODIFIER LETTER UP TACK;Sk;0;ON;;;;;N;;;;;
+02D5;MODIFIER LETTER DOWN TACK;Sk;0;ON;;;;;N;;;;;
+02D6;MODIFIER LETTER PLUS SIGN;Sk;0;ON;;;;;N;;;;;
+02D7;MODIFIER LETTER MINUS SIGN;Sk;0;ON;;;;;N;;;;;
+02D8;BREVE;Sk;0;ON;<compat> 0020 0306;;;;N;SPACING BREVE;;;;
+02D9;DOT ABOVE;Sk;0;ON;<compat> 0020 0307;;;;N;SPACING DOT ABOVE;Mandarin Chinese light tone;;;
+02DA;RING ABOVE;Sk;0;ON;<compat> 0020 030A;;;;N;SPACING RING ABOVE;;;;
+02DB;OGONEK;Sk;0;ON;<compat> 0020 0328;;;;N;SPACING OGONEK;;;;
+02DC;SMALL TILDE;Sk;0;ON;<compat> 0020 0303;;;;N;SPACING TILDE;;;;
+02DD;DOUBLE ACUTE ACCENT;Sk;0;ON;<compat> 0020 030B;;;;N;SPACING DOUBLE ACUTE;;;;
+02DE;MODIFIER LETTER RHOTIC HOOK;Sk;0;ON;;;;;N;;;;;
+02DF;MODIFIER LETTER CROSS ACCENT;Sk;0;ON;;;;;N;;;;;
+02E0;MODIFIER LETTER SMALL GAMMA;Lm;0;L;<super> 0263;;;;N;;;;;
+02E1;MODIFIER LETTER SMALL L;Lm;0;L;<super> 006C;;;;N;;;;;
+02E2;MODIFIER LETTER SMALL S;Lm;0;L;<super> 0073;;;;N;;;;;
+02E3;MODIFIER LETTER SMALL X;Lm;0;L;<super> 0078;;;;N;;;;;
+02E4;MODIFIER LETTER SMALL REVERSED GLOTTAL STOP;Lm;0;L;<super> 0295;;;;N;;;;;
+02E5;MODIFIER LETTER EXTRA-HIGH TONE BAR;Sk;0;ON;;;;;N;;;;;
+02E6;MODIFIER LETTER HIGH TONE BAR;Sk;0;ON;;;;;N;;;;;
+02E7;MODIFIER LETTER MID TONE BAR;Sk;0;ON;;;;;N;;;;;
+02E8;MODIFIER LETTER LOW TONE BAR;Sk;0;ON;;;;;N;;;;;
+02E9;MODIFIER LETTER EXTRA-LOW TONE BAR;Sk;0;ON;;;;;N;;;;;
+02EA;MODIFIER LETTER YIN DEPARTING TONE MARK;Sk;0;ON;;;;;N;;;;;
+02EB;MODIFIER LETTER YANG DEPARTING TONE MARK;Sk;0;ON;;;;;N;;;;;
+02EC;MODIFIER LETTER VOICING;Sk;0;ON;;;;;N;;;;;
+02ED;MODIFIER LETTER UNASPIRATED;Sk;0;ON;;;;;N;;;;;
+02EE;MODIFIER LETTER DOUBLE APOSTROPHE;Lm;0;L;;;;;N;;;;;
+0300;COMBINING GRAVE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING GRAVE;Varia;;;
+0301;COMBINING ACUTE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING ACUTE;Oxia, Tonos;;;
+0302;COMBINING CIRCUMFLEX ACCENT;Mn;230;NSM;;;;;N;NON-SPACING CIRCUMFLEX;;;;
+0303;COMBINING TILDE;Mn;230;NSM;;;;;N;NON-SPACING TILDE;;;;
+0304;COMBINING MACRON;Mn;230;NSM;;;;;N;NON-SPACING MACRON;;;;
+0305;COMBINING OVERLINE;Mn;230;NSM;;;;;N;NON-SPACING OVERSCORE;;;;
+0306;COMBINING BREVE;Mn;230;NSM;;;;;N;NON-SPACING BREVE;Vrachy;;;
+0307;COMBINING DOT ABOVE;Mn;230;NSM;;;;;N;NON-SPACING DOT ABOVE;;;;
+0308;COMBINING DIAERESIS;Mn;230;NSM;;;;;N;NON-SPACING DIAERESIS;Dialytika;;;
+0309;COMBINING HOOK ABOVE;Mn;230;NSM;;;;;N;NON-SPACING HOOK ABOVE;;;;
+030A;COMBINING RING ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RING ABOVE;;;;
+030B;COMBINING DOUBLE ACUTE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE ACUTE;;;;
+030C;COMBINING CARON;Mn;230;NSM;;;;;N;NON-SPACING HACEK;;;;
+030D;COMBINING VERTICAL LINE ABOVE;Mn;230;NSM;;;;;N;NON-SPACING VERTICAL LINE ABOVE;;;;
+030E;COMBINING DOUBLE VERTICAL LINE ABOVE;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE VERTICAL LINE ABOVE;;;;
+030F;COMBINING DOUBLE GRAVE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE GRAVE;;;;
+0310;COMBINING CANDRABINDU;Mn;230;NSM;;;;;N;NON-SPACING CANDRABINDU;;;;
+0311;COMBINING INVERTED BREVE;Mn;230;NSM;;;;;N;NON-SPACING INVERTED BREVE;;;;
+0312;COMBINING TURNED COMMA ABOVE;Mn;230;NSM;;;;;N;NON-SPACING TURNED COMMA ABOVE;;;;
+0313;COMBINING COMMA ABOVE;Mn;230;NSM;;;;;N;NON-SPACING COMMA ABOVE;Psili;;;
+0314;COMBINING REVERSED COMMA ABOVE;Mn;230;NSM;;;;;N;NON-SPACING REVERSED COMMA ABOVE;Dasia;;;
+0315;COMBINING COMMA ABOVE RIGHT;Mn;232;NSM;;;;;N;NON-SPACING COMMA ABOVE RIGHT;;;;
+0316;COMBINING GRAVE ACCENT BELOW;Mn;220;NSM;;;;;N;NON-SPACING GRAVE BELOW;;;;
+0317;COMBINING ACUTE ACCENT BELOW;Mn;220;NSM;;;;;N;NON-SPACING ACUTE BELOW;;;;
+0318;COMBINING LEFT TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING LEFT TACK BELOW;;;;
+0319;COMBINING RIGHT TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING RIGHT TACK BELOW;;;;
+031A;COMBINING LEFT ANGLE ABOVE;Mn;232;NSM;;;;;N;NON-SPACING LEFT ANGLE ABOVE;;;;
+031B;COMBINING HORN;Mn;216;NSM;;;;;N;NON-SPACING HORN;;;;
+031C;COMBINING LEFT HALF RING BELOW;Mn;220;NSM;;;;;N;NON-SPACING LEFT HALF RING BELOW;;;;
+031D;COMBINING UP TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING UP TACK BELOW;;;;
+031E;COMBINING DOWN TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING DOWN TACK BELOW;;;;
+031F;COMBINING PLUS SIGN BELOW;Mn;220;NSM;;;;;N;NON-SPACING PLUS SIGN BELOW;;;;
+0320;COMBINING MINUS SIGN BELOW;Mn;220;NSM;;;;;N;NON-SPACING MINUS SIGN BELOW;;;;
+0321;COMBINING PALATALIZED HOOK BELOW;Mn;202;NSM;;;;;N;NON-SPACING PALATALIZED HOOK BELOW;;;;
+0322;COMBINING RETROFLEX HOOK BELOW;Mn;202;NSM;;;;;N;NON-SPACING RETROFLEX HOOK BELOW;;;;
+0323;COMBINING DOT BELOW;Mn;220;NSM;;;;;N;NON-SPACING DOT BELOW;;;;
+0324;COMBINING DIAERESIS BELOW;Mn;220;NSM;;;;;N;NON-SPACING DOUBLE DOT BELOW;;;;
+0325;COMBINING RING BELOW;Mn;220;NSM;;;;;N;NON-SPACING RING BELOW;;;;
+0326;COMBINING COMMA BELOW;Mn;220;NSM;;;;;N;NON-SPACING COMMA BELOW;;;;
+0327;COMBINING CEDILLA;Mn;202;NSM;;;;;N;NON-SPACING CEDILLA;;;;
+0328;COMBINING OGONEK;Mn;202;NSM;;;;;N;NON-SPACING OGONEK;;;;
+0329;COMBINING VERTICAL LINE BELOW;Mn;220;NSM;;;;;N;NON-SPACING VERTICAL LINE BELOW;;;;
+032A;COMBINING BRIDGE BELOW;Mn;220;NSM;;;;;N;NON-SPACING BRIDGE BELOW;;;;
+032B;COMBINING INVERTED DOUBLE ARCH BELOW;Mn;220;NSM;;;;;N;NON-SPACING INVERTED DOUBLE ARCH BELOW;;;;
+032C;COMBINING CARON BELOW;Mn;220;NSM;;;;;N;NON-SPACING HACEK BELOW;;;;
+032D;COMBINING CIRCUMFLEX ACCENT BELOW;Mn;220;NSM;;;;;N;NON-SPACING CIRCUMFLEX BELOW;;;;
+032E;COMBINING BREVE BELOW;Mn;220;NSM;;;;;N;NON-SPACING BREVE BELOW;;;;
+032F;COMBINING INVERTED BREVE BELOW;Mn;220;NSM;;;;;N;NON-SPACING INVERTED BREVE BELOW;;;;
+0330;COMBINING TILDE BELOW;Mn;220;NSM;;;;;N;NON-SPACING TILDE BELOW;;;;
+0331;COMBINING MACRON BELOW;Mn;220;NSM;;;;;N;NON-SPACING MACRON BELOW;;;;
+0332;COMBINING LOW LINE;Mn;220;NSM;;;;;N;NON-SPACING UNDERSCORE;;;;
+0333;COMBINING DOUBLE LOW LINE;Mn;220;NSM;;;;;N;NON-SPACING DOUBLE UNDERSCORE;;;;
+0334;COMBINING TILDE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING TILDE OVERLAY;;;;
+0335;COMBINING SHORT STROKE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING SHORT BAR OVERLAY;;;;
+0336;COMBINING LONG STROKE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG BAR OVERLAY;;;;
+0337;COMBINING SHORT SOLIDUS OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING SHORT SLASH OVERLAY;;;;
+0338;COMBINING LONG SOLIDUS OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG SLASH OVERLAY;;;;
+0339;COMBINING RIGHT HALF RING BELOW;Mn;220;NSM;;;;;N;NON-SPACING RIGHT HALF RING BELOW;;;;
+033A;COMBINING INVERTED BRIDGE BELOW;Mn;220;NSM;;;;;N;NON-SPACING INVERTED BRIDGE BELOW;;;;
+033B;COMBINING SQUARE BELOW;Mn;220;NSM;;;;;N;NON-SPACING SQUARE BELOW;;;;
+033C;COMBINING SEAGULL BELOW;Mn;220;NSM;;;;;N;NON-SPACING SEAGULL BELOW;;;;
+033D;COMBINING X ABOVE;Mn;230;NSM;;;;;N;NON-SPACING X ABOVE;;;;
+033E;COMBINING VERTICAL TILDE;Mn;230;NSM;;;;;N;NON-SPACING VERTICAL TILDE;;;;
+033F;COMBINING DOUBLE OVERLINE;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE OVERSCORE;;;;
+0340;COMBINING GRAVE TONE MARK;Mn;230;NSM;0300;;;;N;NON-SPACING GRAVE TONE MARK;Vietnamese;;;
+0341;COMBINING ACUTE TONE MARK;Mn;230;NSM;0301;;;;N;NON-SPACING ACUTE TONE MARK;Vietnamese;;;
+0342;COMBINING GREEK PERISPOMENI;Mn;230;NSM;;;;;N;;;;;
+0343;COMBINING GREEK KORONIS;Mn;230;NSM;0313;;;;N;;;;;
+0344;COMBINING GREEK DIALYTIKA TONOS;Mn;230;NSM;0308 0301;;;;N;GREEK NON-SPACING DIAERESIS TONOS;;;;
+0345;COMBINING GREEK YPOGEGRAMMENI;Mn;240;NSM;;;;;N;GREEK NON-SPACING IOTA BELOW;;0399;;0399
+0346;COMBINING BRIDGE ABOVE;Mn;230;NSM;;;;;N;;;;;
+0347;COMBINING EQUALS SIGN BELOW;Mn;220;NSM;;;;;N;;;;;
+0348;COMBINING DOUBLE VERTICAL LINE BELOW;Mn;220;NSM;;;;;N;;;;;
+0349;COMBINING LEFT ANGLE BELOW;Mn;220;NSM;;;;;N;;;;;
+034A;COMBINING NOT TILDE ABOVE;Mn;230;NSM;;;;;N;;;;;
+034B;COMBINING HOMOTHETIC ABOVE;Mn;230;NSM;;;;;N;;;;;
+034C;COMBINING ALMOST EQUAL TO ABOVE;Mn;230;NSM;;;;;N;;;;;
+034D;COMBINING LEFT RIGHT ARROW BELOW;Mn;220;NSM;;;;;N;;;;;
+034E;COMBINING UPWARDS ARROW BELOW;Mn;220;NSM;;;;;N;;;;;
+034F;COMBINING GRAPHEME JOINER;Mn;0;NSM;;;;;N;;;;;
+0360;COMBINING DOUBLE TILDE;Mn;234;NSM;;;;;N;;;;;
+0361;COMBINING DOUBLE INVERTED BREVE;Mn;234;NSM;;;;;N;;;;;
+0362;COMBINING DOUBLE RIGHTWARDS ARROW BELOW;Mn;233;NSM;;;;;N;;;;;
+0363;COMBINING LATIN SMALL LETTER A;Mn;230;NSM;;;;;N;;;;;
+0364;COMBINING LATIN SMALL LETTER E;Mn;230;NSM;;;;;N;;;;;
+0365;COMBINING LATIN SMALL LETTER I;Mn;230;NSM;;;;;N;;;;;
+0366;COMBINING LATIN SMALL LETTER O;Mn;230;NSM;;;;;N;;;;;
+0367;COMBINING LATIN SMALL LETTER U;Mn;230;NSM;;;;;N;;;;;
+0368;COMBINING LATIN SMALL LETTER C;Mn;230;NSM;;;;;N;;;;;
+0369;COMBINING LATIN SMALL LETTER D;Mn;230;NSM;;;;;N;;;;;
+036A;COMBINING LATIN SMALL LETTER H;Mn;230;NSM;;;;;N;;;;;
+036B;COMBINING LATIN SMALL LETTER M;Mn;230;NSM;;;;;N;;;;;
+036C;COMBINING LATIN SMALL LETTER R;Mn;230;NSM;;;;;N;;;;;
+036D;COMBINING LATIN SMALL LETTER T;Mn;230;NSM;;;;;N;;;;;
+036E;COMBINING LATIN SMALL LETTER V;Mn;230;NSM;;;;;N;;;;;
+036F;COMBINING LATIN SMALL LETTER X;Mn;230;NSM;;;;;N;;;;;
+0374;GREEK NUMERAL SIGN;Sk;0;ON;02B9;;;;N;GREEK UPPER NUMERAL SIGN;Dexia keraia;;;
+0375;GREEK LOWER NUMERAL SIGN;Sk;0;ON;;;;;N;;Aristeri keraia;;;
+037A;GREEK YPOGEGRAMMENI;Lm;0;L;<compat> 0020 0345;;;;N;GREEK SPACING IOTA BELOW;;;;
+037E;GREEK QUESTION MARK;Po;0;ON;003B;;;;N;;Erotimatiko;;;
+0384;GREEK TONOS;Sk;0;ON;<compat> 0020 0301;;;;N;GREEK SPACING TONOS;;;;
+0385;GREEK DIALYTIKA TONOS;Sk;0;ON;00A8 0301;;;;N;GREEK SPACING DIAERESIS TONOS;;;;
+0386;GREEK CAPITAL LETTER ALPHA WITH TONOS;Lu;0;L;0391 0301;;;;N;GREEK CAPITAL LETTER ALPHA TONOS;;;03AC;
+0387;GREEK ANO TELEIA;Po;0;ON;00B7;;;;N;;;;;
+0388;GREEK CAPITAL LETTER EPSILON WITH TONOS;Lu;0;L;0395 0301;;;;N;GREEK CAPITAL LETTER EPSILON TONOS;;;03AD;
+0389;GREEK CAPITAL LETTER ETA WITH TONOS;Lu;0;L;0397 0301;;;;N;GREEK CAPITAL LETTER ETA TONOS;;;03AE;
+038A;GREEK CAPITAL LETTER IOTA WITH TONOS;Lu;0;L;0399 0301;;;;N;GREEK CAPITAL LETTER IOTA TONOS;;;03AF;
+038C;GREEK CAPITAL LETTER OMICRON WITH TONOS;Lu;0;L;039F 0301;;;;N;GREEK CAPITAL LETTER OMICRON TONOS;;;03CC;
+038E;GREEK CAPITAL LETTER UPSILON WITH TONOS;Lu;0;L;03A5 0301;;;;N;GREEK CAPITAL LETTER UPSILON TONOS;;;03CD;
+038F;GREEK CAPITAL LETTER OMEGA WITH TONOS;Lu;0;L;03A9 0301;;;;N;GREEK CAPITAL LETTER OMEGA TONOS;;;03CE;
+0390;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND TONOS;Ll;0;L;03CA 0301;;;;N;GREEK SMALL LETTER IOTA DIAERESIS TONOS;;;;
+0391;GREEK CAPITAL LETTER ALPHA;Lu;0;L;;;;;N;;;;03B1;
+0392;GREEK CAPITAL LETTER BETA;Lu;0;L;;;;;N;;;;03B2;
+0393;GREEK CAPITAL LETTER GAMMA;Lu;0;L;;;;;N;;;;03B3;
+0394;GREEK CAPITAL LETTER DELTA;Lu;0;L;;;;;N;;;;03B4;
+0395;GREEK CAPITAL LETTER EPSILON;Lu;0;L;;;;;N;;;;03B5;
+0396;GREEK CAPITAL LETTER ZETA;Lu;0;L;;;;;N;;;;03B6;
+0397;GREEK CAPITAL LETTER ETA;Lu;0;L;;;;;N;;;;03B7;
+0398;GREEK CAPITAL LETTER THETA;Lu;0;L;;;;;N;;;;03B8;
+0399;GREEK CAPITAL LETTER IOTA;Lu;0;L;;;;;N;;;;03B9;
+039A;GREEK CAPITAL LETTER KAPPA;Lu;0;L;;;;;N;;;;03BA;
+039B;GREEK CAPITAL LETTER LAMDA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER LAMBDA;;;03BB;
+039C;GREEK CAPITAL LETTER MU;Lu;0;L;;;;;N;;;;03BC;
+039D;GREEK CAPITAL LETTER NU;Lu;0;L;;;;;N;;;;03BD;
+039E;GREEK CAPITAL LETTER XI;Lu;0;L;;;;;N;;;;03BE;
+039F;GREEK CAPITAL LETTER OMICRON;Lu;0;L;;;;;N;;;;03BF;
+03A0;GREEK CAPITAL LETTER PI;Lu;0;L;;;;;N;;;;03C0;
+03A1;GREEK CAPITAL LETTER RHO;Lu;0;L;;;;;N;;;;03C1;
+03A3;GREEK CAPITAL LETTER SIGMA;Lu;0;L;;;;;N;;;;03C3;
+03A4;GREEK CAPITAL LETTER TAU;Lu;0;L;;;;;N;;;;03C4;
+03A5;GREEK CAPITAL LETTER UPSILON;Lu;0;L;;;;;N;;;;03C5;
+03A6;GREEK CAPITAL LETTER PHI;Lu;0;L;;;;;N;;;;03C6;
+03A7;GREEK CAPITAL LETTER CHI;Lu;0;L;;;;;N;;;;03C7;
+03A8;GREEK CAPITAL LETTER PSI;Lu;0;L;;;;;N;;;;03C8;
+03A9;GREEK CAPITAL LETTER OMEGA;Lu;0;L;;;;;N;;;;03C9;
+03AA;GREEK CAPITAL LETTER IOTA WITH DIALYTIKA;Lu;0;L;0399 0308;;;;N;GREEK CAPITAL LETTER IOTA DIAERESIS;;;03CA;
+03AB;GREEK CAPITAL LETTER UPSILON WITH DIALYTIKA;Lu;0;L;03A5 0308;;;;N;GREEK CAPITAL LETTER UPSILON DIAERESIS;;;03CB;
+03AC;GREEK SMALL LETTER ALPHA WITH TONOS;Ll;0;L;03B1 0301;;;;N;GREEK SMALL LETTER ALPHA TONOS;;0386;;0386
+03AD;GREEK SMALL LETTER EPSILON WITH TONOS;Ll;0;L;03B5 0301;;;;N;GREEK SMALL LETTER EPSILON TONOS;;0388;;0388
+03AE;GREEK SMALL LETTER ETA WITH TONOS;Ll;0;L;03B7 0301;;;;N;GREEK SMALL LETTER ETA TONOS;;0389;;0389
+03AF;GREEK SMALL LETTER IOTA WITH TONOS;Ll;0;L;03B9 0301;;;;N;GREEK SMALL LETTER IOTA TONOS;;038A;;038A
+03B0;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND TONOS;Ll;0;L;03CB 0301;;;;N;GREEK SMALL LETTER UPSILON DIAERESIS TONOS;;;;
+03B1;GREEK SMALL LETTER ALPHA;Ll;0;L;;;;;N;;;0391;;0391
+03B2;GREEK SMALL LETTER BETA;Ll;0;L;;;;;N;;;0392;;0392
+03B3;GREEK SMALL LETTER GAMMA;Ll;0;L;;;;;N;;;0393;;0393
+03B4;GREEK SMALL LETTER DELTA;Ll;0;L;;;;;N;;;0394;;0394
+03B5;GREEK SMALL LETTER EPSILON;Ll;0;L;;;;;N;;;0395;;0395
+03B6;GREEK SMALL LETTER ZETA;Ll;0;L;;;;;N;;;0396;;0396
+03B7;GREEK SMALL LETTER ETA;Ll;0;L;;;;;N;;;0397;;0397
+03B8;GREEK SMALL LETTER THETA;Ll;0;L;;;;;N;;;0398;;0398
+03B9;GREEK SMALL LETTER IOTA;Ll;0;L;;;;;N;;;0399;;0399
+03BA;GREEK SMALL LETTER KAPPA;Ll;0;L;;;;;N;;;039A;;039A
+03BB;GREEK SMALL LETTER LAMDA;Ll;0;L;;;;;N;GREEK SMALL LETTER LAMBDA;;039B;;039B
+03BC;GREEK SMALL LETTER MU;Ll;0;L;;;;;N;;;039C;;039C
+03BD;GREEK SMALL LETTER NU;Ll;0;L;;;;;N;;;039D;;039D
+03BE;GREEK SMALL LETTER XI;Ll;0;L;;;;;N;;;039E;;039E
+03BF;GREEK SMALL LETTER OMICRON;Ll;0;L;;;;;N;;;039F;;039F
+03C0;GREEK SMALL LETTER PI;Ll;0;L;;;;;N;;;03A0;;03A0
+03C1;GREEK SMALL LETTER RHO;Ll;0;L;;;;;N;;;03A1;;03A1
+03C2;GREEK SMALL LETTER FINAL SIGMA;Ll;0;L;;;;;N;;;03A3;;03A3
+03C3;GREEK SMALL LETTER SIGMA;Ll;0;L;;;;;N;;;03A3;;03A3
+03C4;GREEK SMALL LETTER TAU;Ll;0;L;;;;;N;;;03A4;;03A4
+03C5;GREEK SMALL LETTER UPSILON;Ll;0;L;;;;;N;;;03A5;;03A5
+03C6;GREEK SMALL LETTER PHI;Ll;0;L;;;;;N;;;03A6;;03A6
+03C7;GREEK SMALL LETTER CHI;Ll;0;L;;;;;N;;;03A7;;03A7
+03C8;GREEK SMALL LETTER PSI;Ll;0;L;;;;;N;;;03A8;;03A8
+03C9;GREEK SMALL LETTER OMEGA;Ll;0;L;;;;;N;;;03A9;;03A9
+03CA;GREEK SMALL LETTER IOTA WITH DIALYTIKA;Ll;0;L;03B9 0308;;;;N;GREEK SMALL LETTER IOTA DIAERESIS;;03AA;;03AA
+03CB;GREEK SMALL LETTER UPSILON WITH DIALYTIKA;Ll;0;L;03C5 0308;;;;N;GREEK SMALL LETTER UPSILON DIAERESIS;;03AB;;03AB
+03CC;GREEK SMALL LETTER OMICRON WITH TONOS;Ll;0;L;03BF 0301;;;;N;GREEK SMALL LETTER OMICRON TONOS;;038C;;038C
+03CD;GREEK SMALL LETTER UPSILON WITH TONOS;Ll;0;L;03C5 0301;;;;N;GREEK SMALL LETTER UPSILON TONOS;;038E;;038E
+03CE;GREEK SMALL LETTER OMEGA WITH TONOS;Ll;0;L;03C9 0301;;;;N;GREEK SMALL LETTER OMEGA TONOS;;038F;;038F
+03D0;GREEK BETA SYMBOL;Ll;0;L;<compat> 03B2;;;;N;GREEK SMALL LETTER CURLED BETA;;0392;;0392
+03D1;GREEK THETA SYMBOL;Ll;0;L;<compat> 03B8;;;;N;GREEK SMALL LETTER SCRIPT THETA;;0398;;0398
+03D2;GREEK UPSILON WITH HOOK SYMBOL;Lu;0;L;<compat> 03A5;;;;N;GREEK CAPITAL LETTER UPSILON HOOK;;;;
+03D3;GREEK UPSILON WITH ACUTE AND HOOK SYMBOL;Lu;0;L;03D2 0301;;;;N;GREEK CAPITAL LETTER UPSILON HOOK TONOS;;;;
+03D4;GREEK UPSILON WITH DIAERESIS AND HOOK SYMBOL;Lu;0;L;03D2 0308;;;;N;GREEK CAPITAL LETTER UPSILON HOOK DIAERESIS;;;;
+03D5;GREEK PHI SYMBOL;Ll;0;L;<compat> 03C6;;;;N;GREEK SMALL LETTER SCRIPT PHI;;03A6;;03A6
+03D6;GREEK PI SYMBOL;Ll;0;L;<compat> 03C0;;;;N;GREEK SMALL LETTER OMEGA PI;;03A0;;03A0
+03D7;GREEK KAI SYMBOL;Ll;0;L;;;;;N;;;;;
+03D8;GREEK LETTER ARCHAIC KOPPA;Lu;0;L;;;;;N;;*;;03D9;
+03D9;GREEK SMALL LETTER ARCHAIC KOPPA;Ll;0;L;;;;;N;;*;03D8;;03D8
+03DA;GREEK LETTER STIGMA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER STIGMA;;;03DB;
+03DB;GREEK SMALL LETTER STIGMA;Ll;0;L;;;;;N;;;03DA;;03DA
+03DC;GREEK LETTER DIGAMMA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER DIGAMMA;;;03DD;
+03DD;GREEK SMALL LETTER DIGAMMA;Ll;0;L;;;;;N;;;03DC;;03DC
+03DE;GREEK LETTER KOPPA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER KOPPA;;;03DF;
+03DF;GREEK SMALL LETTER KOPPA;Ll;0;L;;;;;N;;;03DE;;03DE
+03E0;GREEK LETTER SAMPI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER SAMPI;;;03E1;
+03E1;GREEK SMALL LETTER SAMPI;Ll;0;L;;;;;N;;;03E0;;03E0
+03E2;COPTIC CAPITAL LETTER SHEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER SHEI;;;03E3;
+03E3;COPTIC SMALL LETTER SHEI;Ll;0;L;;;;;N;GREEK SMALL LETTER SHEI;;03E2;;03E2
+03E4;COPTIC CAPITAL LETTER FEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER FEI;;;03E5;
+03E5;COPTIC SMALL LETTER FEI;Ll;0;L;;;;;N;GREEK SMALL LETTER FEI;;03E4;;03E4
+03E6;COPTIC CAPITAL LETTER KHEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER KHEI;;;03E7;
+03E7;COPTIC SMALL LETTER KHEI;Ll;0;L;;;;;N;GREEK SMALL LETTER KHEI;;03E6;;03E6
+03E8;COPTIC CAPITAL LETTER HORI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER HORI;;;03E9;
+03E9;COPTIC SMALL LETTER HORI;Ll;0;L;;;;;N;GREEK SMALL LETTER HORI;;03E8;;03E8
+03EA;COPTIC CAPITAL LETTER GANGIA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER GANGIA;;;03EB;
+03EB;COPTIC SMALL LETTER GANGIA;Ll;0;L;;;;;N;GREEK SMALL LETTER GANGIA;;03EA;;03EA
+03EC;COPTIC CAPITAL LETTER SHIMA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER SHIMA;;;03ED;
+03ED;COPTIC SMALL LETTER SHIMA;Ll;0;L;;;;;N;GREEK SMALL LETTER SHIMA;;03EC;;03EC
+03EE;COPTIC CAPITAL LETTER DEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER DEI;;;03EF;
+03EF;COPTIC SMALL LETTER DEI;Ll;0;L;;;;;N;GREEK SMALL LETTER DEI;;03EE;;03EE
+03F0;GREEK KAPPA SYMBOL;Ll;0;L;<compat> 03BA;;;;N;GREEK SMALL LETTER SCRIPT KAPPA;;039A;;039A
+03F1;GREEK RHO SYMBOL;Ll;0;L;<compat> 03C1;;;;N;GREEK SMALL LETTER TAILED RHO;;03A1;;03A1
+03F2;GREEK LUNATE SIGMA SYMBOL;Ll;0;L;<compat> 03C2;;;;N;GREEK SMALL LETTER LUNATE SIGMA;;03A3;;03A3
+03F3;GREEK LETTER YOT;Ll;0;L;;;;;N;;;;;
+03F4;GREEK CAPITAL THETA SYMBOL;Lu;0;L;<compat> 0398;;;;N;;;;03B8;
+03F5;GREEK LUNATE EPSILON SYMBOL;Ll;0;L;<compat> 03B5;;;;N;;;0395;;0395
+03F6;GREEK REVERSED LUNATE EPSILON SYMBOL;Sm;0;ON;;;;;N;;;;;
+0400;CYRILLIC CAPITAL LETTER IE WITH GRAVE;Lu;0;L;0415 0300;;;;N;;;;0450;
+0401;CYRILLIC CAPITAL LETTER IO;Lu;0;L;0415 0308;;;;N;;;;0451;
+0402;CYRILLIC CAPITAL LETTER DJE;Lu;0;L;;;;;N;;Serbocroatian;;0452;
+0403;CYRILLIC CAPITAL LETTER GJE;Lu;0;L;0413 0301;;;;N;;;;0453;
+0404;CYRILLIC CAPITAL LETTER UKRAINIAN IE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER E;;;0454;
+0405;CYRILLIC CAPITAL LETTER DZE;Lu;0;L;;;;;N;;;;0455;
+0406;CYRILLIC CAPITAL LETTER BYELORUSSIAN-UKRAINIAN I;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER I;;;0456;
+0407;CYRILLIC CAPITAL LETTER YI;Lu;0;L;0406 0308;;;;N;;Ukrainian;;0457;
+0408;CYRILLIC CAPITAL LETTER JE;Lu;0;L;;;;;N;;;;0458;
+0409;CYRILLIC CAPITAL LETTER LJE;Lu;0;L;;;;;N;;;;0459;
+040A;CYRILLIC CAPITAL LETTER NJE;Lu;0;L;;;;;N;;;;045A;
+040B;CYRILLIC CAPITAL LETTER TSHE;Lu;0;L;;;;;N;;Serbocroatian;;045B;
+040C;CYRILLIC CAPITAL LETTER KJE;Lu;0;L;041A 0301;;;;N;;;;045C;
+040D;CYRILLIC CAPITAL LETTER I WITH GRAVE;Lu;0;L;0418 0300;;;;N;;;;045D;
+040E;CYRILLIC CAPITAL LETTER SHORT U;Lu;0;L;0423 0306;;;;N;;Byelorussian;;045E;
+040F;CYRILLIC CAPITAL LETTER DZHE;Lu;0;L;;;;;N;;;;045F;
+0410;CYRILLIC CAPITAL LETTER A;Lu;0;L;;;;;N;;;;0430;
+0411;CYRILLIC CAPITAL LETTER BE;Lu;0;L;;;;;N;;;;0431;
+0412;CYRILLIC CAPITAL LETTER VE;Lu;0;L;;;;;N;;;;0432;
+0413;CYRILLIC CAPITAL LETTER GHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE;;;0433;
+0414;CYRILLIC CAPITAL LETTER DE;Lu;0;L;;;;;N;;;;0434;
+0415;CYRILLIC CAPITAL LETTER IE;Lu;0;L;;;;;N;;;;0435;
+0416;CYRILLIC CAPITAL LETTER ZHE;Lu;0;L;;;;;N;;;;0436;
+0417;CYRILLIC CAPITAL LETTER ZE;Lu;0;L;;;;;N;;;;0437;
+0418;CYRILLIC CAPITAL LETTER I;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER II;;;0438;
+0419;CYRILLIC CAPITAL LETTER SHORT I;Lu;0;L;0418 0306;;;;N;CYRILLIC CAPITAL LETTER SHORT II;;;0439;
+041A;CYRILLIC CAPITAL LETTER KA;Lu;0;L;;;;;N;;;;043A;
+041B;CYRILLIC CAPITAL LETTER EL;Lu;0;L;;;;;N;;;;043B;
+041C;CYRILLIC CAPITAL LETTER EM;Lu;0;L;;;;;N;;;;043C;
+041D;CYRILLIC CAPITAL LETTER EN;Lu;0;L;;;;;N;;;;043D;
+041E;CYRILLIC CAPITAL LETTER O;Lu;0;L;;;;;N;;;;043E;
+041F;CYRILLIC CAPITAL LETTER PE;Lu;0;L;;;;;N;;;;043F;
+0420;CYRILLIC CAPITAL LETTER ER;Lu;0;L;;;;;N;;;;0440;
+0421;CYRILLIC CAPITAL LETTER ES;Lu;0;L;;;;;N;;;;0441;
+0422;CYRILLIC CAPITAL LETTER TE;Lu;0;L;;;;;N;;;;0442;
+0423;CYRILLIC CAPITAL LETTER U;Lu;0;L;;;;;N;;;;0443;
+0424;CYRILLIC CAPITAL LETTER EF;Lu;0;L;;;;;N;;;;0444;
+0425;CYRILLIC CAPITAL LETTER HA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KHA;;;0445;
+0426;CYRILLIC CAPITAL LETTER TSE;Lu;0;L;;;;;N;;;;0446;
+0427;CYRILLIC CAPITAL LETTER CHE;Lu;0;L;;;;;N;;;;0447;
+0428;CYRILLIC CAPITAL LETTER SHA;Lu;0;L;;;;;N;;;;0448;
+0429;CYRILLIC CAPITAL LETTER SHCHA;Lu;0;L;;;;;N;;;;0449;
+042A;CYRILLIC CAPITAL LETTER HARD SIGN;Lu;0;L;;;;;N;;;;044A;
+042B;CYRILLIC CAPITAL LETTER YERU;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER YERI;;;044B;
+042C;CYRILLIC CAPITAL LETTER SOFT SIGN;Lu;0;L;;;;;N;;;;044C;
+042D;CYRILLIC CAPITAL LETTER E;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER REVERSED E;;;044D;
+042E;CYRILLIC CAPITAL LETTER YU;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IU;;;044E;
+042F;CYRILLIC CAPITAL LETTER YA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IA;;;044F;
+0430;CYRILLIC SMALL LETTER A;Ll;0;L;;;;;N;;;0410;;0410
+0431;CYRILLIC SMALL LETTER BE;Ll;0;L;;;;;N;;;0411;;0411
+0432;CYRILLIC SMALL LETTER VE;Ll;0;L;;;;;N;;;0412;;0412
+0433;CYRILLIC SMALL LETTER GHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE;;0413;;0413
+0434;CYRILLIC SMALL LETTER DE;Ll;0;L;;;;;N;;;0414;;0414
+0435;CYRILLIC SMALL LETTER IE;Ll;0;L;;;;;N;;;0415;;0415
+0436;CYRILLIC SMALL LETTER ZHE;Ll;0;L;;;;;N;;;0416;;0416
+0437;CYRILLIC SMALL LETTER ZE;Ll;0;L;;;;;N;;;0417;;0417
+0438;CYRILLIC SMALL LETTER I;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER II;;0418;;0418
+0439;CYRILLIC SMALL LETTER SHORT I;Ll;0;L;0438 0306;;;;N;CYRILLIC SMALL LETTER SHORT II;;0419;;0419
+043A;CYRILLIC SMALL LETTER KA;Ll;0;L;;;;;N;;;041A;;041A
+043B;CYRILLIC SMALL LETTER EL;Ll;0;L;;;;;N;;;041B;;041B
+043C;CYRILLIC SMALL LETTER EM;Ll;0;L;;;;;N;;;041C;;041C
+043D;CYRILLIC SMALL LETTER EN;Ll;0;L;;;;;N;;;041D;;041D
+043E;CYRILLIC SMALL LETTER O;Ll;0;L;;;;;N;;;041E;;041E
+043F;CYRILLIC SMALL LETTER PE;Ll;0;L;;;;;N;;;041F;;041F
+0440;CYRILLIC SMALL LETTER ER;Ll;0;L;;;;;N;;;0420;;0420
+0441;CYRILLIC SMALL LETTER ES;Ll;0;L;;;;;N;;;0421;;0421
+0442;CYRILLIC SMALL LETTER TE;Ll;0;L;;;;;N;;;0422;;0422
+0443;CYRILLIC SMALL LETTER U;Ll;0;L;;;;;N;;;0423;;0423
+0444;CYRILLIC SMALL LETTER EF;Ll;0;L;;;;;N;;;0424;;0424
+0445;CYRILLIC SMALL LETTER HA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KHA;;0425;;0425
+0446;CYRILLIC SMALL LETTER TSE;Ll;0;L;;;;;N;;;0426;;0426
+0447;CYRILLIC SMALL LETTER CHE;Ll;0;L;;;;;N;;;0427;;0427
+0448;CYRILLIC SMALL LETTER SHA;Ll;0;L;;;;;N;;;0428;;0428
+0449;CYRILLIC SMALL LETTER SHCHA;Ll;0;L;;;;;N;;;0429;;0429
+044A;CYRILLIC SMALL LETTER HARD SIGN;Ll;0;L;;;;;N;;;042A;;042A
+044B;CYRILLIC SMALL LETTER YERU;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER YERI;;042B;;042B
+044C;CYRILLIC SMALL LETTER SOFT SIGN;Ll;0;L;;;;;N;;;042C;;042C
+044D;CYRILLIC SMALL LETTER E;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER REVERSED E;;042D;;042D
+044E;CYRILLIC SMALL LETTER YU;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IU;;042E;;042E
+044F;CYRILLIC SMALL LETTER YA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IA;;042F;;042F
+0450;CYRILLIC SMALL LETTER IE WITH GRAVE;Ll;0;L;0435 0300;;;;N;;;0400;;0400
+0451;CYRILLIC SMALL LETTER IO;Ll;0;L;0435 0308;;;;N;;;0401;;0401
+0452;CYRILLIC SMALL LETTER DJE;Ll;0;L;;;;;N;;Serbocroatian;0402;;0402
+0453;CYRILLIC SMALL LETTER GJE;Ll;0;L;0433 0301;;;;N;;;0403;;0403
+0454;CYRILLIC SMALL LETTER UKRAINIAN IE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER E;;0404;;0404
+0455;CYRILLIC SMALL LETTER DZE;Ll;0;L;;;;;N;;;0405;;0405
+0456;CYRILLIC SMALL LETTER BYELORUSSIAN-UKRAINIAN I;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER I;;0406;;0406
+0457;CYRILLIC SMALL LETTER YI;Ll;0;L;0456 0308;;;;N;;Ukrainian;0407;;0407
+0458;CYRILLIC SMALL LETTER JE;Ll;0;L;;;;;N;;;0408;;0408
+0459;CYRILLIC SMALL LETTER LJE;Ll;0;L;;;;;N;;;0409;;0409
+045A;CYRILLIC SMALL LETTER NJE;Ll;0;L;;;;;N;;;040A;;040A
+045B;CYRILLIC SMALL LETTER TSHE;Ll;0;L;;;;;N;;Serbocroatian;040B;;040B
+045C;CYRILLIC SMALL LETTER KJE;Ll;0;L;043A 0301;;;;N;;;040C;;040C
+045D;CYRILLIC SMALL LETTER I WITH GRAVE;Ll;0;L;0438 0300;;;;N;;;040D;;040D
+045E;CYRILLIC SMALL LETTER SHORT U;Ll;0;L;0443 0306;;;;N;;Byelorussian;040E;;040E
+045F;CYRILLIC SMALL LETTER DZHE;Ll;0;L;;;;;N;;;040F;;040F
+0460;CYRILLIC CAPITAL LETTER OMEGA;Lu;0;L;;;;;N;;;;0461;
+0461;CYRILLIC SMALL LETTER OMEGA;Ll;0;L;;;;;N;;;0460;;0460
+0462;CYRILLIC CAPITAL LETTER YAT;Lu;0;L;;;;;N;;;;0463;
+0463;CYRILLIC SMALL LETTER YAT;Ll;0;L;;;;;N;;;0462;;0462
+0464;CYRILLIC CAPITAL LETTER IOTIFIED E;Lu;0;L;;;;;N;;;;0465;
+0465;CYRILLIC SMALL LETTER IOTIFIED E;Ll;0;L;;;;;N;;;0464;;0464
+0466;CYRILLIC CAPITAL LETTER LITTLE YUS;Lu;0;L;;;;;N;;;;0467;
+0467;CYRILLIC SMALL LETTER LITTLE YUS;Ll;0;L;;;;;N;;;0466;;0466
+0468;CYRILLIC CAPITAL LETTER IOTIFIED LITTLE YUS;Lu;0;L;;;;;N;;;;0469;
+0469;CYRILLIC SMALL LETTER IOTIFIED LITTLE YUS;Ll;0;L;;;;;N;;;0468;;0468
+046A;CYRILLIC CAPITAL LETTER BIG YUS;Lu;0;L;;;;;N;;;;046B;
+046B;CYRILLIC SMALL LETTER BIG YUS;Ll;0;L;;;;;N;;;046A;;046A
+046C;CYRILLIC CAPITAL LETTER IOTIFIED BIG YUS;Lu;0;L;;;;;N;;;;046D;
+046D;CYRILLIC SMALL LETTER IOTIFIED BIG YUS;Ll;0;L;;;;;N;;;046C;;046C
+046E;CYRILLIC CAPITAL LETTER KSI;Lu;0;L;;;;;N;;;;046F;
+046F;CYRILLIC SMALL LETTER KSI;Ll;0;L;;;;;N;;;046E;;046E
+0470;CYRILLIC CAPITAL LETTER PSI;Lu;0;L;;;;;N;;;;0471;
+0471;CYRILLIC SMALL LETTER PSI;Ll;0;L;;;;;N;;;0470;;0470
+0472;CYRILLIC CAPITAL LETTER FITA;Lu;0;L;;;;;N;;;;0473;
+0473;CYRILLIC SMALL LETTER FITA;Ll;0;L;;;;;N;;;0472;;0472
+0474;CYRILLIC CAPITAL LETTER IZHITSA;Lu;0;L;;;;;N;;;;0475;
+0475;CYRILLIC SMALL LETTER IZHITSA;Ll;0;L;;;;;N;;;0474;;0474
+0476;CYRILLIC CAPITAL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT;Lu;0;L;0474 030F;;;;N;CYRILLIC CAPITAL LETTER IZHITSA DOUBLE GRAVE;;;0477;
+0477;CYRILLIC SMALL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT;Ll;0;L;0475 030F;;;;N;CYRILLIC SMALL LETTER IZHITSA DOUBLE GRAVE;;0476;;0476
+0478;CYRILLIC CAPITAL LETTER UK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER UK DIGRAPH;;;0479;
+0479;CYRILLIC SMALL LETTER UK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER UK DIGRAPH;;0478;;0478
+047A;CYRILLIC CAPITAL LETTER ROUND OMEGA;Lu;0;L;;;;;N;;;;047B;
+047B;CYRILLIC SMALL LETTER ROUND OMEGA;Ll;0;L;;;;;N;;;047A;;047A
+047C;CYRILLIC CAPITAL LETTER OMEGA WITH TITLO;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER OMEGA TITLO;;;047D;
+047D;CYRILLIC SMALL LETTER OMEGA WITH TITLO;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER OMEGA TITLO;;047C;;047C
+047E;CYRILLIC CAPITAL LETTER OT;Lu;0;L;;;;;N;;;;047F;
+047F;CYRILLIC SMALL LETTER OT;Ll;0;L;;;;;N;;;047E;;047E
+0480;CYRILLIC CAPITAL LETTER KOPPA;Lu;0;L;;;;;N;;;;0481;
+0481;CYRILLIC SMALL LETTER KOPPA;Ll;0;L;;;;;N;;;0480;;0480
+0482;CYRILLIC THOUSANDS SIGN;So;0;L;;;;;N;;;;;
+0483;COMBINING CYRILLIC TITLO;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING TITLO;;;;
+0484;COMBINING CYRILLIC PALATALIZATION;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING PALATALIZATION;;;;
+0485;COMBINING CYRILLIC DASIA PNEUMATA;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING DASIA PNEUMATA;;;;
+0486;COMBINING CYRILLIC PSILI PNEUMATA;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING PSILI PNEUMATA;;;;
+0488;COMBINING CYRILLIC HUNDRED THOUSANDS SIGN;Me;0;NSM;;;;;N;;;;;
+0489;COMBINING CYRILLIC MILLIONS SIGN;Me;0;NSM;;;;;N;;;;;
+048A;CYRILLIC CAPITAL LETTER SHORT I WITH TAIL;Lu;0;L;;;;;N;;;;048B;
+048B;CYRILLIC SMALL LETTER SHORT I WITH TAIL;Ll;0;L;;;;;N;;;048A;;048A
+048C;CYRILLIC CAPITAL LETTER SEMISOFT SIGN;Lu;0;L;;;;;N;;;;048D;
+048D;CYRILLIC SMALL LETTER SEMISOFT SIGN;Ll;0;L;;;;;N;;;048C;;048C
+048E;CYRILLIC CAPITAL LETTER ER WITH TICK;Lu;0;L;;;;;N;;;;048F;
+048F;CYRILLIC SMALL LETTER ER WITH TICK;Ll;0;L;;;;;N;;;048E;;048E
+0490;CYRILLIC CAPITAL LETTER GHE WITH UPTURN;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE WITH UPTURN;;;0491;
+0491;CYRILLIC SMALL LETTER GHE WITH UPTURN;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE WITH UPTURN;;0490;;0490
+0492;CYRILLIC CAPITAL LETTER GHE WITH STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE BAR;;;0493;
+0493;CYRILLIC SMALL LETTER GHE WITH STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE BAR;;0492;;0492
+0494;CYRILLIC CAPITAL LETTER GHE WITH MIDDLE HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE HOOK;;;0495;
+0495;CYRILLIC SMALL LETTER GHE WITH MIDDLE HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE HOOK;;0494;;0494
+0496;CYRILLIC CAPITAL LETTER ZHE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER ZHE WITH RIGHT DESCENDER;;;0497;
+0497;CYRILLIC SMALL LETTER ZHE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER ZHE WITH RIGHT DESCENDER;;0496;;0496
+0498;CYRILLIC CAPITAL LETTER ZE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER ZE CEDILLA;;;0499;
+0499;CYRILLIC SMALL LETTER ZE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER ZE CEDILLA;;0498;;0498
+049A;CYRILLIC CAPITAL LETTER KA WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA WITH RIGHT DESCENDER;;;049B;
+049B;CYRILLIC SMALL LETTER KA WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA WITH RIGHT DESCENDER;;049A;;049A
+049C;CYRILLIC CAPITAL LETTER KA WITH VERTICAL STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA VERTICAL BAR;;;049D;
+049D;CYRILLIC SMALL LETTER KA WITH VERTICAL STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA VERTICAL BAR;;049C;;049C
+049E;CYRILLIC CAPITAL LETTER KA WITH STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA BAR;;;049F;
+049F;CYRILLIC SMALL LETTER KA WITH STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA BAR;;049E;;049E
+04A0;CYRILLIC CAPITAL LETTER BASHKIR KA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER REVERSED GE KA;;;04A1;
+04A1;CYRILLIC SMALL LETTER BASHKIR KA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER REVERSED GE KA;;04A0;;04A0
+04A2;CYRILLIC CAPITAL LETTER EN WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER EN WITH RIGHT DESCENDER;;;04A3;
+04A3;CYRILLIC SMALL LETTER EN WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER EN WITH RIGHT DESCENDER;;04A2;;04A2
+04A4;CYRILLIC CAPITAL LIGATURE EN GHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER EN GE;;;04A5;
+04A5;CYRILLIC SMALL LIGATURE EN GHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER EN GE;;04A4;;04A4
+04A6;CYRILLIC CAPITAL LETTER PE WITH MIDDLE HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER PE HOOK;Abkhasian;;04A7;
+04A7;CYRILLIC SMALL LETTER PE WITH MIDDLE HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER PE HOOK;Abkhasian;04A6;;04A6
+04A8;CYRILLIC CAPITAL LETTER ABKHASIAN HA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER O HOOK;;;04A9;
+04A9;CYRILLIC SMALL LETTER ABKHASIAN HA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER O HOOK;;04A8;;04A8
+04AA;CYRILLIC CAPITAL LETTER ES WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER ES CEDILLA;;;04AB;
+04AB;CYRILLIC SMALL LETTER ES WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER ES CEDILLA;;04AA;;04AA
+04AC;CYRILLIC CAPITAL LETTER TE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER TE WITH RIGHT DESCENDER;;;04AD;
+04AD;CYRILLIC SMALL LETTER TE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER TE WITH RIGHT DESCENDER;;04AC;;04AC
+04AE;CYRILLIC CAPITAL LETTER STRAIGHT U;Lu;0;L;;;;;N;;;;04AF;
+04AF;CYRILLIC SMALL LETTER STRAIGHT U;Ll;0;L;;;;;N;;;04AE;;04AE
+04B0;CYRILLIC CAPITAL LETTER STRAIGHT U WITH STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER STRAIGHT U BAR;;;04B1;
+04B1;CYRILLIC SMALL LETTER STRAIGHT U WITH STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER STRAIGHT U BAR;;04B0;;04B0
+04B2;CYRILLIC CAPITAL LETTER HA WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KHA WITH RIGHT DESCENDER;;;04B3;
+04B3;CYRILLIC SMALL LETTER HA WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KHA WITH RIGHT DESCENDER;;04B2;;04B2
+04B4;CYRILLIC CAPITAL LIGATURE TE TSE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER TE TSE;Abkhasian;;04B5;
+04B5;CYRILLIC SMALL LIGATURE TE TSE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER TE TSE;Abkhasian;04B4;;04B4
+04B6;CYRILLIC CAPITAL LETTER CHE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER CHE WITH RIGHT DESCENDER;;;04B7;
+04B7;CYRILLIC SMALL LETTER CHE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER CHE WITH RIGHT DESCENDER;;04B6;;04B6
+04B8;CYRILLIC CAPITAL LETTER CHE WITH VERTICAL STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER CHE VERTICAL BAR;;;04B9;
+04B9;CYRILLIC SMALL LETTER CHE WITH VERTICAL STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER CHE VERTICAL BAR;;04B8;;04B8
+04BA;CYRILLIC CAPITAL LETTER SHHA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER H;;;04BB;
+04BB;CYRILLIC SMALL LETTER SHHA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER H;;04BA;;04BA
+04BC;CYRILLIC CAPITAL LETTER ABKHASIAN CHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IE HOOK;;;04BD;
+04BD;CYRILLIC SMALL LETTER ABKHASIAN CHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IE HOOK;;04BC;;04BC
+04BE;CYRILLIC CAPITAL LETTER ABKHASIAN CHE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IE HOOK OGONEK;;;04BF;
+04BF;CYRILLIC SMALL LETTER ABKHASIAN CHE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IE HOOK OGONEK;;04BE;;04BE
+04C0;CYRILLIC LETTER PALOCHKA;Lu;0;L;;;;;N;CYRILLIC LETTER I;;;;
+04C1;CYRILLIC CAPITAL LETTER ZHE WITH BREVE;Lu;0;L;0416 0306;;;;N;CYRILLIC CAPITAL LETTER SHORT ZHE;;;04C2;
+04C2;CYRILLIC SMALL LETTER ZHE WITH BREVE;Ll;0;L;0436 0306;;;;N;CYRILLIC SMALL LETTER SHORT ZHE;;04C1;;04C1
+04C3;CYRILLIC CAPITAL LETTER KA WITH HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA HOOK;;;04C4;
+04C4;CYRILLIC SMALL LETTER KA WITH HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA HOOK;;04C3;;04C3
+04C5;CYRILLIC CAPITAL LETTER EL WITH TAIL;Lu;0;L;;;;;N;;;;04C6;
+04C6;CYRILLIC SMALL LETTER EL WITH TAIL;Ll;0;L;;;;;N;;;04C5;;04C5
+04C7;CYRILLIC CAPITAL LETTER EN WITH HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER EN HOOK;;;04C8;
+04C8;CYRILLIC SMALL LETTER EN WITH HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER EN HOOK;;04C7;;04C7
+04C9;CYRILLIC CAPITAL LETTER EN WITH TAIL;Lu;0;L;;;;;N;;;;04CA;
+04CA;CYRILLIC SMALL LETTER EN WITH TAIL;Ll;0;L;;;;;N;;;04C9;;04C9
+04CB;CYRILLIC CAPITAL LETTER KHAKASSIAN CHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER CHE WITH LEFT DESCENDER;;;04CC;
+04CC;CYRILLIC SMALL LETTER KHAKASSIAN CHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER CHE WITH LEFT DESCENDER;;04CB;;04CB
+04CD;CYRILLIC CAPITAL LETTER EM WITH TAIL;Lu;0;L;;;;;N;;;;04CE;
+04CE;CYRILLIC SMALL LETTER EM WITH TAIL;Ll;0;L;;;;;N;;;04CD;;04CD
+04D0;CYRILLIC CAPITAL LETTER A WITH BREVE;Lu;0;L;0410 0306;;;;N;;;;04D1;
+04D1;CYRILLIC SMALL LETTER A WITH BREVE;Ll;0;L;0430 0306;;;;N;;;04D0;;04D0
+04D2;CYRILLIC CAPITAL LETTER A WITH DIAERESIS;Lu;0;L;0410 0308;;;;N;;;;04D3;
+04D3;CYRILLIC SMALL LETTER A WITH DIAERESIS;Ll;0;L;0430 0308;;;;N;;;04D2;;04D2
+04D4;CYRILLIC CAPITAL LIGATURE A IE;Lu;0;L;;;;;N;;;;04D5;
+04D5;CYRILLIC SMALL LIGATURE A IE;Ll;0;L;;;;;N;;;04D4;;04D4
+04D6;CYRILLIC CAPITAL LETTER IE WITH BREVE;Lu;0;L;0415 0306;;;;N;;;;04D7;
+04D7;CYRILLIC SMALL LETTER IE WITH BREVE;Ll;0;L;0435 0306;;;;N;;;04D6;;04D6
+04D8;CYRILLIC CAPITAL LETTER SCHWA;Lu;0;L;;;;;N;;;;04D9;
+04D9;CYRILLIC SMALL LETTER SCHWA;Ll;0;L;;;;;N;;;04D8;;04D8
+04DA;CYRILLIC CAPITAL LETTER SCHWA WITH DIAERESIS;Lu;0;L;04D8 0308;;;;N;;;;04DB;
+04DB;CYRILLIC SMALL LETTER SCHWA WITH DIAERESIS;Ll;0;L;04D9 0308;;;;N;;;04DA;;04DA
+04DC;CYRILLIC CAPITAL LETTER ZHE WITH DIAERESIS;Lu;0;L;0416 0308;;;;N;;;;04DD;
+04DD;CYRILLIC SMALL LETTER ZHE WITH DIAERESIS;Ll;0;L;0436 0308;;;;N;;;04DC;;04DC
+04DE;CYRILLIC CAPITAL LETTER ZE WITH DIAERESIS;Lu;0;L;0417 0308;;;;N;;;;04DF;
+04DF;CYRILLIC SMALL LETTER ZE WITH DIAERESIS;Ll;0;L;0437 0308;;;;N;;;04DE;;04DE
+04E0;CYRILLIC CAPITAL LETTER ABKHASIAN DZE;Lu;0;L;;;;;N;;;;04E1;
+04E1;CYRILLIC SMALL LETTER ABKHASIAN DZE;Ll;0;L;;;;;N;;;04E0;;04E0
+04E2;CYRILLIC CAPITAL LETTER I WITH MACRON;Lu;0;L;0418 0304;;;;N;;;;04E3;
+04E3;CYRILLIC SMALL LETTER I WITH MACRON;Ll;0;L;0438 0304;;;;N;;;04E2;;04E2
+04E4;CYRILLIC CAPITAL LETTER I WITH DIAERESIS;Lu;0;L;0418 0308;;;;N;;;;04E5;
+04E5;CYRILLIC SMALL LETTER I WITH DIAERESIS;Ll;0;L;0438 0308;;;;N;;;04E4;;04E4
+04E6;CYRILLIC CAPITAL LETTER O WITH DIAERESIS;Lu;0;L;041E 0308;;;;N;;;;04E7;
+04E7;CYRILLIC SMALL LETTER O WITH DIAERESIS;Ll;0;L;043E 0308;;;;N;;;04E6;;04E6
+04E8;CYRILLIC CAPITAL LETTER BARRED O;Lu;0;L;;;;;N;;;;04E9;
+04E9;CYRILLIC SMALL LETTER BARRED O;Ll;0;L;;;;;N;;;04E8;;04E8
+04EA;CYRILLIC CAPITAL LETTER BARRED O WITH DIAERESIS;Lu;0;L;04E8 0308;;;;N;;;;04EB;
+04EB;CYRILLIC SMALL LETTER BARRED O WITH DIAERESIS;Ll;0;L;04E9 0308;;;;N;;;04EA;;04EA
+04EC;CYRILLIC CAPITAL LETTER E WITH DIAERESIS;Lu;0;L;042D 0308;;;;N;;;;04ED;
+04ED;CYRILLIC SMALL LETTER E WITH DIAERESIS;Ll;0;L;044D 0308;;;;N;;;04EC;;04EC
+04EE;CYRILLIC CAPITAL LETTER U WITH MACRON;Lu;0;L;0423 0304;;;;N;;;;04EF;
+04EF;CYRILLIC SMALL LETTER U WITH MACRON;Ll;0;L;0443 0304;;;;N;;;04EE;;04EE
+04F0;CYRILLIC CAPITAL LETTER U WITH DIAERESIS;Lu;0;L;0423 0308;;;;N;;;;04F1;
+04F1;CYRILLIC SMALL LETTER U WITH DIAERESIS;Ll;0;L;0443 0308;;;;N;;;04F0;;04F0
+04F2;CYRILLIC CAPITAL LETTER U WITH DOUBLE ACUTE;Lu;0;L;0423 030B;;;;N;;;;04F3;
+04F3;CYRILLIC SMALL LETTER U WITH DOUBLE ACUTE;Ll;0;L;0443 030B;;;;N;;;04F2;;04F2
+04F4;CYRILLIC CAPITAL LETTER CHE WITH DIAERESIS;Lu;0;L;0427 0308;;;;N;;;;04F5;
+04F5;CYRILLIC SMALL LETTER CHE WITH DIAERESIS;Ll;0;L;0447 0308;;;;N;;;04F4;;04F4
+04F8;CYRILLIC CAPITAL LETTER YERU WITH DIAERESIS;Lu;0;L;042B 0308;;;;N;;;;04F9;
+04F9;CYRILLIC SMALL LETTER YERU WITH DIAERESIS;Ll;0;L;044B 0308;;;;N;;;04F8;;04F8
+0500;CYRILLIC CAPITAL LETTER KOMI DE;Lu;0;L;;;;;N;;;;0501;
+0501;CYRILLIC SMALL LETTER KOMI DE;Ll;0;L;;;;;N;;;0500;;0500
+0502;CYRILLIC CAPITAL LETTER KOMI DJE;Lu;0;L;;;;;N;;;;0503;
+0503;CYRILLIC SMALL LETTER KOMI DJE;Ll;0;L;;;;;N;;;0502;;0502
+0504;CYRILLIC CAPITAL LETTER KOMI ZJE;Lu;0;L;;;;;N;;;;0505;
+0505;CYRILLIC SMALL LETTER KOMI ZJE;Ll;0;L;;;;;N;;;0504;;0504
+0506;CYRILLIC CAPITAL LETTER KOMI DZJE;Lu;0;L;;;;;N;;;;0507;
+0507;CYRILLIC SMALL LETTER KOMI DZJE;Ll;0;L;;;;;N;;;0506;;0506
+0508;CYRILLIC CAPITAL LETTER KOMI LJE;Lu;0;L;;;;;N;;;;0509;
+0509;CYRILLIC SMALL LETTER KOMI LJE;Ll;0;L;;;;;N;;;0508;;0508
+050A;CYRILLIC CAPITAL LETTER KOMI NJE;Lu;0;L;;;;;N;;;;050B;
+050B;CYRILLIC SMALL LETTER KOMI NJE;Ll;0;L;;;;;N;;;050A;;050A
+050C;CYRILLIC CAPITAL LETTER KOMI SJE;Lu;0;L;;;;;N;;;;050D;
+050D;CYRILLIC SMALL LETTER KOMI SJE;Ll;0;L;;;;;N;;;050C;;050C
+050E;CYRILLIC CAPITAL LETTER KOMI TJE;Lu;0;L;;;;;N;;;;050F;
+050F;CYRILLIC SMALL LETTER KOMI TJE;Ll;0;L;;;;;N;;;050E;;050E
+0531;ARMENIAN CAPITAL LETTER AYB;Lu;0;L;;;;;N;;;;0561;
+0532;ARMENIAN CAPITAL LETTER BEN;Lu;0;L;;;;;N;;;;0562;
+0533;ARMENIAN CAPITAL LETTER GIM;Lu;0;L;;;;;N;;;;0563;
+0534;ARMENIAN CAPITAL LETTER DA;Lu;0;L;;;;;N;;;;0564;
+0535;ARMENIAN CAPITAL LETTER ECH;Lu;0;L;;;;;N;;;;0565;
+0536;ARMENIAN CAPITAL LETTER ZA;Lu;0;L;;;;;N;;;;0566;
+0537;ARMENIAN CAPITAL LETTER EH;Lu;0;L;;;;;N;;;;0567;
+0538;ARMENIAN CAPITAL LETTER ET;Lu;0;L;;;;;N;;;;0568;
+0539;ARMENIAN CAPITAL LETTER TO;Lu;0;L;;;;;N;;;;0569;
+053A;ARMENIAN CAPITAL LETTER ZHE;Lu;0;L;;;;;N;;;;056A;
+053B;ARMENIAN CAPITAL LETTER INI;Lu;0;L;;;;;N;;;;056B;
+053C;ARMENIAN CAPITAL LETTER LIWN;Lu;0;L;;;;;N;;;;056C;
+053D;ARMENIAN CAPITAL LETTER XEH;Lu;0;L;;;;;N;;;;056D;
+053E;ARMENIAN CAPITAL LETTER CA;Lu;0;L;;;;;N;;;;056E;
+053F;ARMENIAN CAPITAL LETTER KEN;Lu;0;L;;;;;N;;;;056F;
+0540;ARMENIAN CAPITAL LETTER HO;Lu;0;L;;;;;N;;;;0570;
+0541;ARMENIAN CAPITAL LETTER JA;Lu;0;L;;;;;N;;;;0571;
+0542;ARMENIAN CAPITAL LETTER GHAD;Lu;0;L;;;;;N;ARMENIAN CAPITAL LETTER LAD;;;0572;
+0543;ARMENIAN CAPITAL LETTER CHEH;Lu;0;L;;;;;N;;;;0573;
+0544;ARMENIAN CAPITAL LETTER MEN;Lu;0;L;;;;;N;;;;0574;
+0545;ARMENIAN CAPITAL LETTER YI;Lu;0;L;;;;;N;;;;0575;
+0546;ARMENIAN CAPITAL LETTER NOW;Lu;0;L;;;;;N;;;;0576;
+0547;ARMENIAN CAPITAL LETTER SHA;Lu;0;L;;;;;N;;;;0577;
+0548;ARMENIAN CAPITAL LETTER VO;Lu;0;L;;;;;N;;;;0578;
+0549;ARMENIAN CAPITAL LETTER CHA;Lu;0;L;;;;;N;;;;0579;
+054A;ARMENIAN CAPITAL LETTER PEH;Lu;0;L;;;;;N;;;;057A;
+054B;ARMENIAN CAPITAL LETTER JHEH;Lu;0;L;;;;;N;;;;057B;
+054C;ARMENIAN CAPITAL LETTER RA;Lu;0;L;;;;;N;;;;057C;
+054D;ARMENIAN CAPITAL LETTER SEH;Lu;0;L;;;;;N;;;;057D;
+054E;ARMENIAN CAPITAL LETTER VEW;Lu;0;L;;;;;N;;;;057E;
+054F;ARMENIAN CAPITAL LETTER TIWN;Lu;0;L;;;;;N;;;;057F;
+0550;ARMENIAN CAPITAL LETTER REH;Lu;0;L;;;;;N;;;;0580;
+0551;ARMENIAN CAPITAL LETTER CO;Lu;0;L;;;;;N;;;;0581;
+0552;ARMENIAN CAPITAL LETTER YIWN;Lu;0;L;;;;;N;;;;0582;
+0553;ARMENIAN CAPITAL LETTER PIWR;Lu;0;L;;;;;N;;;;0583;
+0554;ARMENIAN CAPITAL LETTER KEH;Lu;0;L;;;;;N;;;;0584;
+0555;ARMENIAN CAPITAL LETTER OH;Lu;0;L;;;;;N;;;;0585;
+0556;ARMENIAN CAPITAL LETTER FEH;Lu;0;L;;;;;N;;;;0586;
+0559;ARMENIAN MODIFIER LETTER LEFT HALF RING;Lm;0;L;;;;;N;;;;;
+055A;ARMENIAN APOSTROPHE;Po;0;L;;;;;N;ARMENIAN MODIFIER LETTER RIGHT HALF RING;;;;
+055B;ARMENIAN EMPHASIS MARK;Po;0;L;;;;;N;;;;;
+055C;ARMENIAN EXCLAMATION MARK;Po;0;L;;;;;N;;;;;
+055D;ARMENIAN COMMA;Po;0;L;;;;;N;;;;;
+055E;ARMENIAN QUESTION MARK;Po;0;L;;;;;N;;;;;
+055F;ARMENIAN ABBREVIATION MARK;Po;0;L;;;;;N;;;;;
+0561;ARMENIAN SMALL LETTER AYB;Ll;0;L;;;;;N;;;0531;;0531
+0562;ARMENIAN SMALL LETTER BEN;Ll;0;L;;;;;N;;;0532;;0532
+0563;ARMENIAN SMALL LETTER GIM;Ll;0;L;;;;;N;;;0533;;0533
+0564;ARMENIAN SMALL LETTER DA;Ll;0;L;;;;;N;;;0534;;0534
+0565;ARMENIAN SMALL LETTER ECH;Ll;0;L;;;;;N;;;0535;;0535
+0566;ARMENIAN SMALL LETTER ZA;Ll;0;L;;;;;N;;;0536;;0536
+0567;ARMENIAN SMALL LETTER EH;Ll;0;L;;;;;N;;;0537;;0537
+0568;ARMENIAN SMALL LETTER ET;Ll;0;L;;;;;N;;;0538;;0538
+0569;ARMENIAN SMALL LETTER TO;Ll;0;L;;;;;N;;;0539;;0539
+056A;ARMENIAN SMALL LETTER ZHE;Ll;0;L;;;;;N;;;053A;;053A
+056B;ARMENIAN SMALL LETTER INI;Ll;0;L;;;;;N;;;053B;;053B
+056C;ARMENIAN SMALL LETTER LIWN;Ll;0;L;;;;;N;;;053C;;053C
+056D;ARMENIAN SMALL LETTER XEH;Ll;0;L;;;;;N;;;053D;;053D
+056E;ARMENIAN SMALL LETTER CA;Ll;0;L;;;;;N;;;053E;;053E
+056F;ARMENIAN SMALL LETTER KEN;Ll;0;L;;;;;N;;;053F;;053F
+0570;ARMENIAN SMALL LETTER HO;Ll;0;L;;;;;N;;;0540;;0540
+0571;ARMENIAN SMALL LETTER JA;Ll;0;L;;;;;N;;;0541;;0541
+0572;ARMENIAN SMALL LETTER GHAD;Ll;0;L;;;;;N;ARMENIAN SMALL LETTER LAD;;0542;;0542
+0573;ARMENIAN SMALL LETTER CHEH;Ll;0;L;;;;;N;;;0543;;0543
+0574;ARMENIAN SMALL LETTER MEN;Ll;0;L;;;;;N;;;0544;;0544
+0575;ARMENIAN SMALL LETTER YI;Ll;0;L;;;;;N;;;0545;;0545
+0576;ARMENIAN SMALL LETTER NOW;Ll;0;L;;;;;N;;;0546;;0546
+0577;ARMENIAN SMALL LETTER SHA;Ll;0;L;;;;;N;;;0547;;0547
+0578;ARMENIAN SMALL LETTER VO;Ll;0;L;;;;;N;;;0548;;0548
+0579;ARMENIAN SMALL LETTER CHA;Ll;0;L;;;;;N;;;0549;;0549
+057A;ARMENIAN SMALL LETTER PEH;Ll;0;L;;;;;N;;;054A;;054A
+057B;ARMENIAN SMALL LETTER JHEH;Ll;0;L;;;;;N;;;054B;;054B
+057C;ARMENIAN SMALL LETTER RA;Ll;0;L;;;;;N;;;054C;;054C
+057D;ARMENIAN SMALL LETTER SEH;Ll;0;L;;;;;N;;;054D;;054D
+057E;ARMENIAN SMALL LETTER VEW;Ll;0;L;;;;;N;;;054E;;054E
+057F;ARMENIAN SMALL LETTER TIWN;Ll;0;L;;;;;N;;;054F;;054F
+0580;ARMENIAN SMALL LETTER REH;Ll;0;L;;;;;N;;;0550;;0550
+0581;ARMENIAN SMALL LETTER CO;Ll;0;L;;;;;N;;;0551;;0551
+0582;ARMENIAN SMALL LETTER YIWN;Ll;0;L;;;;;N;;;0552;;0552
+0583;ARMENIAN SMALL LETTER PIWR;Ll;0;L;;;;;N;;;0553;;0553
+0584;ARMENIAN SMALL LETTER KEH;Ll;0;L;;;;;N;;;0554;;0554
+0585;ARMENIAN SMALL LETTER OH;Ll;0;L;;;;;N;;;0555;;0555
+0586;ARMENIAN SMALL LETTER FEH;Ll;0;L;;;;;N;;;0556;;0556
+0587;ARMENIAN SMALL LIGATURE ECH YIWN;Ll;0;L;<compat> 0565 0582;;;;N;;;;;
+0589;ARMENIAN FULL STOP;Po;0;L;;;;;N;ARMENIAN PERIOD;;;;
+058A;ARMENIAN HYPHEN;Pd;0;ON;;;;;N;;;;;
+0591;HEBREW ACCENT ETNAHTA;Mn;220;NSM;;;;;N;;;;;
+0592;HEBREW ACCENT SEGOL;Mn;230;NSM;;;;;N;;;;;
+0593;HEBREW ACCENT SHALSHELET;Mn;230;NSM;;;;;N;;;;;
+0594;HEBREW ACCENT ZAQEF QATAN;Mn;230;NSM;;;;;N;;;;;
+0595;HEBREW ACCENT ZAQEF GADOL;Mn;230;NSM;;;;;N;;;;;
+0596;HEBREW ACCENT TIPEHA;Mn;220;NSM;;;;;N;;*;;;
+0597;HEBREW ACCENT REVIA;Mn;230;NSM;;;;;N;;;;;
+0598;HEBREW ACCENT ZARQA;Mn;230;NSM;;;;;N;;*;;;
+0599;HEBREW ACCENT PASHTA;Mn;230;NSM;;;;;N;;;;;
+059A;HEBREW ACCENT YETIV;Mn;222;NSM;;;;;N;;;;;
+059B;HEBREW ACCENT TEVIR;Mn;220;NSM;;;;;N;;;;;
+059C;HEBREW ACCENT GERESH;Mn;230;NSM;;;;;N;;;;;
+059D;HEBREW ACCENT GERESH MUQDAM;Mn;230;NSM;;;;;N;;;;;
+059E;HEBREW ACCENT GERSHAYIM;Mn;230;NSM;;;;;N;;;;;
+059F;HEBREW ACCENT QARNEY PARA;Mn;230;NSM;;;;;N;;;;;
+05A0;HEBREW ACCENT TELISHA GEDOLA;Mn;230;NSM;;;;;N;;;;;
+05A1;HEBREW ACCENT PAZER;Mn;230;NSM;;;;;N;;;;;
+05A3;HEBREW ACCENT MUNAH;Mn;220;NSM;;;;;N;;;;;
+05A4;HEBREW ACCENT MAHAPAKH;Mn;220;NSM;;;;;N;;;;;
+05A5;HEBREW ACCENT MERKHA;Mn;220;NSM;;;;;N;;*;;;
+05A6;HEBREW ACCENT MERKHA KEFULA;Mn;220;NSM;;;;;N;;;;;
+05A7;HEBREW ACCENT DARGA;Mn;220;NSM;;;;;N;;;;;
+05A8;HEBREW ACCENT QADMA;Mn;230;NSM;;;;;N;;*;;;
+05A9;HEBREW ACCENT TELISHA QETANA;Mn;230;NSM;;;;;N;;;;;
+05AA;HEBREW ACCENT YERAH BEN YOMO;Mn;220;NSM;;;;;N;;*;;;
+05AB;HEBREW ACCENT OLE;Mn;230;NSM;;;;;N;;;;;
+05AC;HEBREW ACCENT ILUY;Mn;230;NSM;;;;;N;;;;;
+05AD;HEBREW ACCENT DEHI;Mn;222;NSM;;;;;N;;;;;
+05AE;HEBREW ACCENT ZINOR;Mn;228;NSM;;;;;N;;;;;
+05AF;HEBREW MARK MASORA CIRCLE;Mn;230;NSM;;;;;N;;;;;
+05B0;HEBREW POINT SHEVA;Mn;10;NSM;;;;;N;;;;;
+05B1;HEBREW POINT HATAF SEGOL;Mn;11;NSM;;;;;N;;;;;
+05B2;HEBREW POINT HATAF PATAH;Mn;12;NSM;;;;;N;;;;;
+05B3;HEBREW POINT HATAF QAMATS;Mn;13;NSM;;;;;N;;;;;
+05B4;HEBREW POINT HIRIQ;Mn;14;NSM;;;;;N;;;;;
+05B5;HEBREW POINT TSERE;Mn;15;NSM;;;;;N;;;;;
+05B6;HEBREW POINT SEGOL;Mn;16;NSM;;;;;N;;;;;
+05B7;HEBREW POINT PATAH;Mn;17;NSM;;;;;N;;;;;
+05B8;HEBREW POINT QAMATS;Mn;18;NSM;;;;;N;;;;;
+05B9;HEBREW POINT HOLAM;Mn;19;NSM;;;;;N;;;;;
+05BB;HEBREW POINT QUBUTS;Mn;20;NSM;;;;;N;;;;;
+05BC;HEBREW POINT DAGESH OR MAPIQ;Mn;21;NSM;;;;;N;HEBREW POINT DAGESH;or shuruq;;;
+05BD;HEBREW POINT METEG;Mn;22;NSM;;;;;N;;*;;;
+05BE;HEBREW PUNCTUATION MAQAF;Po;0;R;;;;;N;;;;;
+05BF;HEBREW POINT RAFE;Mn;23;NSM;;;;;N;;;;;
+05C0;HEBREW PUNCTUATION PASEQ;Po;0;R;;;;;N;HEBREW POINT PASEQ;*;;;
+05C1;HEBREW POINT SHIN DOT;Mn;24;NSM;;;;;N;;;;;
+05C2;HEBREW POINT SIN DOT;Mn;25;NSM;;;;;N;;;;;
+05C3;HEBREW PUNCTUATION SOF PASUQ;Po;0;R;;;;;N;;*;;;
+05C4;HEBREW MARK UPPER DOT;Mn;230;NSM;;;;;N;;;;;
+05D0;HEBREW LETTER ALEF;Lo;0;R;;;;;N;;;;;
+05D1;HEBREW LETTER BET;Lo;0;R;;;;;N;;;;;
+05D2;HEBREW LETTER GIMEL;Lo;0;R;;;;;N;;;;;
+05D3;HEBREW LETTER DALET;Lo;0;R;;;;;N;;;;;
+05D4;HEBREW LETTER HE;Lo;0;R;;;;;N;;;;;
+05D5;HEBREW LETTER VAV;Lo;0;R;;;;;N;;;;;
+05D6;HEBREW LETTER ZAYIN;Lo;0;R;;;;;N;;;;;
+05D7;HEBREW LETTER HET;Lo;0;R;;;;;N;;;;;
+05D8;HEBREW LETTER TET;Lo;0;R;;;;;N;;;;;
+05D9;HEBREW LETTER YOD;Lo;0;R;;;;;N;;;;;
+05DA;HEBREW LETTER FINAL KAF;Lo;0;R;;;;;N;;;;;
+05DB;HEBREW LETTER KAF;Lo;0;R;;;;;N;;;;;
+05DC;HEBREW LETTER LAMED;Lo;0;R;;;;;N;;;;;
+05DD;HEBREW LETTER FINAL MEM;Lo;0;R;;;;;N;;;;;
+05DE;HEBREW LETTER MEM;Lo;0;R;;;;;N;;;;;
+05DF;HEBREW LETTER FINAL NUN;Lo;0;R;;;;;N;;;;;
+05E0;HEBREW LETTER NUN;Lo;0;R;;;;;N;;;;;
+05E1;HEBREW LETTER SAMEKH;Lo;0;R;;;;;N;;;;;
+05E2;HEBREW LETTER AYIN;Lo;0;R;;;;;N;;;;;
+05E3;HEBREW LETTER FINAL PE;Lo;0;R;;;;;N;;;;;
+05E4;HEBREW LETTER PE;Lo;0;R;;;;;N;;;;;
+05E5;HEBREW LETTER FINAL TSADI;Lo;0;R;;;;;N;;;;;
+05E6;HEBREW LETTER TSADI;Lo;0;R;;;;;N;;;;;
+05E7;HEBREW LETTER QOF;Lo;0;R;;;;;N;;;;;
+05E8;HEBREW LETTER RESH;Lo;0;R;;;;;N;;;;;
+05E9;HEBREW LETTER SHIN;Lo;0;R;;;;;N;;;;;
+05EA;HEBREW LETTER TAV;Lo;0;R;;;;;N;;;;;
+05F0;HEBREW LIGATURE YIDDISH DOUBLE VAV;Lo;0;R;;;;;N;HEBREW LETTER DOUBLE VAV;;;;
+05F1;HEBREW LIGATURE YIDDISH VAV YOD;Lo;0;R;;;;;N;HEBREW LETTER VAV YOD;;;;
+05F2;HEBREW LIGATURE YIDDISH DOUBLE YOD;Lo;0;R;;;;;N;HEBREW LETTER DOUBLE YOD;;;;
+05F3;HEBREW PUNCTUATION GERESH;Po;0;R;;;;;N;;;;;
+05F4;HEBREW PUNCTUATION GERSHAYIM;Po;0;R;;;;;N;;;;;
+060C;ARABIC COMMA;Po;0;CS;;;;;N;;;;;
+061B;ARABIC SEMICOLON;Po;0;AL;;;;;N;;;;;
+061F;ARABIC QUESTION MARK;Po;0;AL;;;;;N;;;;;
+0621;ARABIC LETTER HAMZA;Lo;0;AL;;;;;N;ARABIC LETTER HAMZAH;;;;
+0622;ARABIC LETTER ALEF WITH MADDA ABOVE;Lo;0;AL;0627 0653;;;;N;ARABIC LETTER MADDAH ON ALEF;;;;
+0623;ARABIC LETTER ALEF WITH HAMZA ABOVE;Lo;0;AL;0627 0654;;;;N;ARABIC LETTER HAMZAH ON ALEF;;;;
+0624;ARABIC LETTER WAW WITH HAMZA ABOVE;Lo;0;AL;0648 0654;;;;N;ARABIC LETTER HAMZAH ON WAW;;;;
+0625;ARABIC LETTER ALEF WITH HAMZA BELOW;Lo;0;AL;0627 0655;;;;N;ARABIC LETTER HAMZAH UNDER ALEF;;;;
+0626;ARABIC LETTER YEH WITH HAMZA ABOVE;Lo;0;AL;064A 0654;;;;N;ARABIC LETTER HAMZAH ON YA;;;;
+0627;ARABIC LETTER ALEF;Lo;0;AL;;;;;N;;;;;
+0628;ARABIC LETTER BEH;Lo;0;AL;;;;;N;ARABIC LETTER BAA;;;;
+0629;ARABIC LETTER TEH MARBUTA;Lo;0;AL;;;;;N;ARABIC LETTER TAA MARBUTAH;;;;
+062A;ARABIC LETTER TEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA;;;;
+062B;ARABIC LETTER THEH;Lo;0;AL;;;;;N;ARABIC LETTER THAA;;;;
+062C;ARABIC LETTER JEEM;Lo;0;AL;;;;;N;;;;;
+062D;ARABIC LETTER HAH;Lo;0;AL;;;;;N;ARABIC LETTER HAA;;;;
+062E;ARABIC LETTER KHAH;Lo;0;AL;;;;;N;ARABIC LETTER KHAA;;;;
+062F;ARABIC LETTER DAL;Lo;0;AL;;;;;N;;;;;
+0630;ARABIC LETTER THAL;Lo;0;AL;;;;;N;;;;;
+0631;ARABIC LETTER REH;Lo;0;AL;;;;;N;ARABIC LETTER RA;;;;
+0632;ARABIC LETTER ZAIN;Lo;0;AL;;;;;N;;;;;
+0633;ARABIC LETTER SEEN;Lo;0;AL;;;;;N;;;;;
+0634;ARABIC LETTER SHEEN;Lo;0;AL;;;;;N;;;;;
+0635;ARABIC LETTER SAD;Lo;0;AL;;;;;N;;;;;
+0636;ARABIC LETTER DAD;Lo;0;AL;;;;;N;;;;;
+0637;ARABIC LETTER TAH;Lo;0;AL;;;;;N;;;;;
+0638;ARABIC LETTER ZAH;Lo;0;AL;;;;;N;ARABIC LETTER DHAH;;;;
+0639;ARABIC LETTER AIN;Lo;0;AL;;;;;N;;;;;
+063A;ARABIC LETTER GHAIN;Lo;0;AL;;;;;N;;;;;
+0640;ARABIC TATWEEL;Lm;0;AL;;;;;N;;;;;
+0641;ARABIC LETTER FEH;Lo;0;AL;;;;;N;ARABIC LETTER FA;;;;
+0642;ARABIC LETTER QAF;Lo;0;AL;;;;;N;;;;;
+0643;ARABIC LETTER KAF;Lo;0;AL;;;;;N;ARABIC LETTER CAF;;;;
+0644;ARABIC LETTER LAM;Lo;0;AL;;;;;N;;;;;
+0645;ARABIC LETTER MEEM;Lo;0;AL;;;;;N;;;;;
+0646;ARABIC LETTER NOON;Lo;0;AL;;;;;N;;;;;
+0647;ARABIC LETTER HEH;Lo;0;AL;;;;;N;ARABIC LETTER HA;;;;
+0648;ARABIC LETTER WAW;Lo;0;AL;;;;;N;;;;;
+0649;ARABIC LETTER ALEF MAKSURA;Lo;0;AL;;;;;N;ARABIC LETTER ALEF MAQSURAH;;;;
+064A;ARABIC LETTER YEH;Lo;0;AL;;;;;N;ARABIC LETTER YA;;;;
+064B;ARABIC FATHATAN;Mn;27;NSM;;;;;N;;;;;
+064C;ARABIC DAMMATAN;Mn;28;NSM;;;;;N;;;;;
+064D;ARABIC KASRATAN;Mn;29;NSM;;;;;N;;;;;
+064E;ARABIC FATHA;Mn;30;NSM;;;;;N;ARABIC FATHAH;;;;
+064F;ARABIC DAMMA;Mn;31;NSM;;;;;N;ARABIC DAMMAH;;;;
+0650;ARABIC KASRA;Mn;32;NSM;;;;;N;ARABIC KASRAH;;;;
+0651;ARABIC SHADDA;Mn;33;NSM;;;;;N;ARABIC SHADDAH;;;;
+0652;ARABIC SUKUN;Mn;34;NSM;;;;;N;;;;;
+0653;ARABIC MADDAH ABOVE;Mn;230;NSM;;;;;N;;;;;
+0654;ARABIC HAMZA ABOVE;Mn;230;NSM;;;;;N;;;;;
+0655;ARABIC HAMZA BELOW;Mn;220;NSM;;;;;N;;;;;
+0660;ARABIC-INDIC DIGIT ZERO;Nd;0;AN;;0;0;0;N;;;;;
+0661;ARABIC-INDIC DIGIT ONE;Nd;0;AN;;1;1;1;N;;;;;
+0662;ARABIC-INDIC DIGIT TWO;Nd;0;AN;;2;2;2;N;;;;;
+0663;ARABIC-INDIC DIGIT THREE;Nd;0;AN;;3;3;3;N;;;;;
+0664;ARABIC-INDIC DIGIT FOUR;Nd;0;AN;;4;4;4;N;;;;;
+0665;ARABIC-INDIC DIGIT FIVE;Nd;0;AN;;5;5;5;N;;;;;
+0666;ARABIC-INDIC DIGIT SIX;Nd;0;AN;;6;6;6;N;;;;;
+0667;ARABIC-INDIC DIGIT SEVEN;Nd;0;AN;;7;7;7;N;;;;;
+0668;ARABIC-INDIC DIGIT EIGHT;Nd;0;AN;;8;8;8;N;;;;;
+0669;ARABIC-INDIC DIGIT NINE;Nd;0;AN;;9;9;9;N;;;;;
+066A;ARABIC PERCENT SIGN;Po;0;ET;;;;;N;;;;;
+066B;ARABIC DECIMAL SEPARATOR;Po;0;AN;;;;;N;;;;;
+066C;ARABIC THOUSANDS SEPARATOR;Po;0;AN;;;;;N;;;;;
+066D;ARABIC FIVE POINTED STAR;Po;0;AL;;;;;N;;;;;
+066E;ARABIC LETTER DOTLESS BEH;Lo;0;AL;;;;;N;;;;;
+066F;ARABIC LETTER DOTLESS QAF;Lo;0;AL;;;;;N;;;;;
+0670;ARABIC LETTER SUPERSCRIPT ALEF;Mn;35;NSM;;;;;N;ARABIC ALEF ABOVE;;;;
+0671;ARABIC LETTER ALEF WASLA;Lo;0;AL;;;;;N;ARABIC LETTER HAMZAT WASL ON ALEF;;;;
+0672;ARABIC LETTER ALEF WITH WAVY HAMZA ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER WAVY HAMZAH ON ALEF;;;;
+0673;ARABIC LETTER ALEF WITH WAVY HAMZA BELOW;Lo;0;AL;;;;;N;ARABIC LETTER WAVY HAMZAH UNDER ALEF;;;;
+0674;ARABIC LETTER HIGH HAMZA;Lo;0;AL;;;;;N;ARABIC LETTER HIGH HAMZAH;;;;
+0675;ARABIC LETTER HIGH HAMZA ALEF;Lo;0;AL;<compat> 0627 0674;;;;N;ARABIC LETTER HIGH HAMZAH ALEF;;;;
+0676;ARABIC LETTER HIGH HAMZA WAW;Lo;0;AL;<compat> 0648 0674;;;;N;ARABIC LETTER HIGH HAMZAH WAW;;;;
+0677;ARABIC LETTER U WITH HAMZA ABOVE;Lo;0;AL;<compat> 06C7 0674;;;;N;ARABIC LETTER HIGH HAMZAH WAW WITH DAMMAH;;;;
+0678;ARABIC LETTER HIGH HAMZA YEH;Lo;0;AL;<compat> 064A 0674;;;;N;ARABIC LETTER HIGH HAMZAH YA;;;;
+0679;ARABIC LETTER TTEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH SMALL TAH;;;;
+067A;ARABIC LETTER TTEHEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH TWO DOTS VERTICAL ABOVE;;;;
+067B;ARABIC LETTER BEEH;Lo;0;AL;;;;;N;ARABIC LETTER BAA WITH TWO DOTS VERTICAL BELOW;;;;
+067C;ARABIC LETTER TEH WITH RING;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH RING;;;;
+067D;ARABIC LETTER TEH WITH THREE DOTS ABOVE DOWNWARDS;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH THREE DOTS ABOVE DOWNWARD;;;;
+067E;ARABIC LETTER PEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH THREE DOTS BELOW;;;;
+067F;ARABIC LETTER TEHEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH FOUR DOTS ABOVE;;;;
+0680;ARABIC LETTER BEHEH;Lo;0;AL;;;;;N;ARABIC LETTER BAA WITH FOUR DOTS BELOW;;;;
+0681;ARABIC LETTER HAH WITH HAMZA ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER HAMZAH ON HAA;;;;
+0682;ARABIC LETTER HAH WITH TWO DOTS VERTICAL ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH TWO DOTS VERTICAL ABOVE;;;;
+0683;ARABIC LETTER NYEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE TWO DOTS;;;;
+0684;ARABIC LETTER DYEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE TWO DOTS VERTICAL;;;;
+0685;ARABIC LETTER HAH WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH THREE DOTS ABOVE;;;;
+0686;ARABIC LETTER TCHEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE THREE DOTS DOWNWARD;;;;
+0687;ARABIC LETTER TCHEHEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE FOUR DOTS;;;;
+0688;ARABIC LETTER DDAL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH SMALL TAH;;;;
+0689;ARABIC LETTER DAL WITH RING;Lo;0;AL;;;;;N;;;;;
+068A;ARABIC LETTER DAL WITH DOT BELOW;Lo;0;AL;;;;;N;;;;;
+068B;ARABIC LETTER DAL WITH DOT BELOW AND SMALL TAH;Lo;0;AL;;;;;N;;;;;
+068C;ARABIC LETTER DAHAL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH TWO DOTS ABOVE;;;;
+068D;ARABIC LETTER DDAHAL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH TWO DOTS BELOW;;;;
+068E;ARABIC LETTER DUL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH THREE DOTS ABOVE;;;;
+068F;ARABIC LETTER DAL WITH THREE DOTS ABOVE DOWNWARDS;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH THREE DOTS ABOVE DOWNWARD;;;;
+0690;ARABIC LETTER DAL WITH FOUR DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+0691;ARABIC LETTER RREH;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH SMALL TAH;;;;
+0692;ARABIC LETTER REH WITH SMALL V;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH SMALL V;;;;
+0693;ARABIC LETTER REH WITH RING;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH RING;;;;
+0694;ARABIC LETTER REH WITH DOT BELOW;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH DOT BELOW;;;;
+0695;ARABIC LETTER REH WITH SMALL V BELOW;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH SMALL V BELOW;;;;
+0696;ARABIC LETTER REH WITH DOT BELOW AND DOT ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH DOT BELOW AND DOT ABOVE;;;;
+0697;ARABIC LETTER REH WITH TWO DOTS ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH TWO DOTS ABOVE;;;;
+0698;ARABIC LETTER JEH;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH THREE DOTS ABOVE;;;;
+0699;ARABIC LETTER REH WITH FOUR DOTS ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH FOUR DOTS ABOVE;;;;
+069A;ARABIC LETTER SEEN WITH DOT BELOW AND DOT ABOVE;Lo;0;AL;;;;;N;;;;;
+069B;ARABIC LETTER SEEN WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;;;;;
+069C;ARABIC LETTER SEEN WITH THREE DOTS BELOW AND THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+069D;ARABIC LETTER SAD WITH TWO DOTS BELOW;Lo;0;AL;;;;;N;;;;;
+069E;ARABIC LETTER SAD WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+069F;ARABIC LETTER TAH WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+06A0;ARABIC LETTER AIN WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+06A1;ARABIC LETTER DOTLESS FEH;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS FA;;;;
+06A2;ARABIC LETTER FEH WITH DOT MOVED BELOW;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH DOT MOVED BELOW;;;;
+06A3;ARABIC LETTER FEH WITH DOT BELOW;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH DOT BELOW;;;;
+06A4;ARABIC LETTER VEH;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH THREE DOTS ABOVE;;;;
+06A5;ARABIC LETTER FEH WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH THREE DOTS BELOW;;;;
+06A6;ARABIC LETTER PEHEH;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH FOUR DOTS ABOVE;;;;
+06A7;ARABIC LETTER QAF WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;;
+06A8;ARABIC LETTER QAF WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+06A9;ARABIC LETTER KEHEH;Lo;0;AL;;;;;N;ARABIC LETTER OPEN CAF;;;;
+06AA;ARABIC LETTER SWASH KAF;Lo;0;AL;;;;;N;ARABIC LETTER SWASH CAF;;;;
+06AB;ARABIC LETTER KAF WITH RING;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH RING;;;;
+06AC;ARABIC LETTER KAF WITH DOT ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH DOT ABOVE;;;;
+06AD;ARABIC LETTER NG;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH THREE DOTS ABOVE;;;;
+06AE;ARABIC LETTER KAF WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH THREE DOTS BELOW;;;;
+06AF;ARABIC LETTER GAF;Lo;0;AL;;;;;N;;*;;;
+06B0;ARABIC LETTER GAF WITH RING;Lo;0;AL;;;;;N;;;;;
+06B1;ARABIC LETTER NGOEH;Lo;0;AL;;;;;N;ARABIC LETTER GAF WITH TWO DOTS ABOVE;;;;
+06B2;ARABIC LETTER GAF WITH TWO DOTS BELOW;Lo;0;AL;;;;;N;;;;;
+06B3;ARABIC LETTER GUEH;Lo;0;AL;;;;;N;ARABIC LETTER GAF WITH TWO DOTS VERTICAL BELOW;;;;
+06B4;ARABIC LETTER GAF WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+06B5;ARABIC LETTER LAM WITH SMALL V;Lo;0;AL;;;;;N;;;;;
+06B6;ARABIC LETTER LAM WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;;
+06B7;ARABIC LETTER LAM WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+06B8;ARABIC LETTER LAM WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;;;;;
+06B9;ARABIC LETTER NOON WITH DOT BELOW;Lo;0;AL;;;;;N;;;;;
+06BA;ARABIC LETTER NOON GHUNNA;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS NOON;;;;
+06BB;ARABIC LETTER RNOON;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS NOON WITH SMALL TAH;;;;
+06BC;ARABIC LETTER NOON WITH RING;Lo;0;AL;;;;;N;;;;;
+06BD;ARABIC LETTER NOON WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+06BE;ARABIC LETTER HEH DOACHASHMEE;Lo;0;AL;;;;;N;ARABIC LETTER KNOTTED HA;;;;
+06BF;ARABIC LETTER TCHEH WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;;
+06C0;ARABIC LETTER HEH WITH YEH ABOVE;Lo;0;AL;06D5 0654;;;;N;ARABIC LETTER HAMZAH ON HA;;;;
+06C1;ARABIC LETTER HEH GOAL;Lo;0;AL;;;;;N;ARABIC LETTER HA GOAL;;;;
+06C2;ARABIC LETTER HEH GOAL WITH HAMZA ABOVE;Lo;0;AL;06C1 0654;;;;N;ARABIC LETTER HAMZAH ON HA GOAL;;;;
+06C3;ARABIC LETTER TEH MARBUTA GOAL;Lo;0;AL;;;;;N;ARABIC LETTER TAA MARBUTAH GOAL;;;;
+06C4;ARABIC LETTER WAW WITH RING;Lo;0;AL;;;;;N;;;;;
+06C5;ARABIC LETTER KIRGHIZ OE;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH BAR;;;;
+06C6;ARABIC LETTER OE;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH SMALL V;;;;
+06C7;ARABIC LETTER U;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH DAMMAH;;;;
+06C8;ARABIC LETTER YU;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH ALEF ABOVE;;;;
+06C9;ARABIC LETTER KIRGHIZ YU;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH INVERTED SMALL V;;;;
+06CA;ARABIC LETTER WAW WITH TWO DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+06CB;ARABIC LETTER VE;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH THREE DOTS ABOVE;;;;
+06CC;ARABIC LETTER FARSI YEH;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS YA;;;;
+06CD;ARABIC LETTER YEH WITH TAIL;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH TAIL;;;;
+06CE;ARABIC LETTER YEH WITH SMALL V;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH SMALL V;;;;
+06CF;ARABIC LETTER WAW WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;;
+06D0;ARABIC LETTER E;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH TWO DOTS VERTICAL BELOW;*;;;
+06D1;ARABIC LETTER YEH WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH THREE DOTS BELOW;;;;
+06D2;ARABIC LETTER YEH BARREE;Lo;0;AL;;;;;N;ARABIC LETTER YA BARREE;;;;
+06D3;ARABIC LETTER YEH BARREE WITH HAMZA ABOVE;Lo;0;AL;06D2 0654;;;;N;ARABIC LETTER HAMZAH ON YA BARREE;;;;
+06D4;ARABIC FULL STOP;Po;0;AL;;;;;N;ARABIC PERIOD;;;;
+06D5;ARABIC LETTER AE;Lo;0;AL;;;;;N;;;;;
+06D6;ARABIC SMALL HIGH LIGATURE SAD WITH LAM WITH ALEF MAKSURA;Mn;230;NSM;;;;;N;;;;;
+06D7;ARABIC SMALL HIGH LIGATURE QAF WITH LAM WITH ALEF MAKSURA;Mn;230;NSM;;;;;N;;;;;
+06D8;ARABIC SMALL HIGH MEEM INITIAL FORM;Mn;230;NSM;;;;;N;;;;;
+06D9;ARABIC SMALL HIGH LAM ALEF;Mn;230;NSM;;;;;N;;;;;
+06DA;ARABIC SMALL HIGH JEEM;Mn;230;NSM;;;;;N;;;;;
+06DB;ARABIC SMALL HIGH THREE DOTS;Mn;230;NSM;;;;;N;;;;;
+06DC;ARABIC SMALL HIGH SEEN;Mn;230;NSM;;;;;N;;;;;
+06DD;ARABIC END OF AYAH;Cf;0;AL;;;;;N;;;;;
+06DE;ARABIC START OF RUB EL HIZB;Me;0;NSM;;;;;N;;;;;
+06DF;ARABIC SMALL HIGH ROUNDED ZERO;Mn;230;NSM;;;;;N;;;;;
+06E0;ARABIC SMALL HIGH UPRIGHT RECTANGULAR ZERO;Mn;230;NSM;;;;;N;;;;;
+06E1;ARABIC SMALL HIGH DOTLESS HEAD OF KHAH;Mn;230;NSM;;;;;N;;;;;
+06E2;ARABIC SMALL HIGH MEEM ISOLATED FORM;Mn;230;NSM;;;;;N;;;;;
+06E3;ARABIC SMALL LOW SEEN;Mn;220;NSM;;;;;N;;;;;
+06E4;ARABIC SMALL HIGH MADDA;Mn;230;NSM;;;;;N;;;;;
+06E5;ARABIC SMALL WAW;Lm;0;AL;;;;;N;;;;;
+06E6;ARABIC SMALL YEH;Lm;0;AL;;;;;N;;;;;
+06E7;ARABIC SMALL HIGH YEH;Mn;230;NSM;;;;;N;;;;;
+06E8;ARABIC SMALL HIGH NOON;Mn;230;NSM;;;;;N;;;;;
+06E9;ARABIC PLACE OF SAJDAH;So;0;ON;;;;;N;;;;;
+06EA;ARABIC EMPTY CENTRE LOW STOP;Mn;220;NSM;;;;;N;;;;;
+06EB;ARABIC EMPTY CENTRE HIGH STOP;Mn;230;NSM;;;;;N;;;;;
+06EC;ARABIC ROUNDED HIGH STOP WITH FILLED CENTRE;Mn;230;NSM;;;;;N;;;;;
+06ED;ARABIC SMALL LOW MEEM;Mn;220;NSM;;;;;N;;;;;
+06F0;EXTENDED ARABIC-INDIC DIGIT ZERO;Nd;0;EN;;0;0;0;N;EASTERN ARABIC-INDIC DIGIT ZERO;;;;
+06F1;EXTENDED ARABIC-INDIC DIGIT ONE;Nd;0;EN;;1;1;1;N;EASTERN ARABIC-INDIC DIGIT ONE;;;;
+06F2;EXTENDED ARABIC-INDIC DIGIT TWO;Nd;0;EN;;2;2;2;N;EASTERN ARABIC-INDIC DIGIT TWO;;;;
+06F3;EXTENDED ARABIC-INDIC DIGIT THREE;Nd;0;EN;;3;3;3;N;EASTERN ARABIC-INDIC DIGIT THREE;;;;
+06F4;EXTENDED ARABIC-INDIC DIGIT FOUR;Nd;0;EN;;4;4;4;N;EASTERN ARABIC-INDIC DIGIT FOUR;;;;
+06F5;EXTENDED ARABIC-INDIC DIGIT FIVE;Nd;0;EN;;5;5;5;N;EASTERN ARABIC-INDIC DIGIT FIVE;;;;
+06F6;EXTENDED ARABIC-INDIC DIGIT SIX;Nd;0;EN;;6;6;6;N;EASTERN ARABIC-INDIC DIGIT SIX;;;;
+06F7;EXTENDED ARABIC-INDIC DIGIT SEVEN;Nd;0;EN;;7;7;7;N;EASTERN ARABIC-INDIC DIGIT SEVEN;;;;
+06F8;EXTENDED ARABIC-INDIC DIGIT EIGHT;Nd;0;EN;;8;8;8;N;EASTERN ARABIC-INDIC DIGIT EIGHT;;;;
+06F9;EXTENDED ARABIC-INDIC DIGIT NINE;Nd;0;EN;;9;9;9;N;EASTERN ARABIC-INDIC DIGIT NINE;;;;
+06FA;ARABIC LETTER SHEEN WITH DOT BELOW;Lo;0;AL;;;;;N;;;;;
+06FB;ARABIC LETTER DAD WITH DOT BELOW;Lo;0;AL;;;;;N;;;;;
+06FC;ARABIC LETTER GHAIN WITH DOT BELOW;Lo;0;AL;;;;;N;;;;;
+06FD;ARABIC SIGN SINDHI AMPERSAND;So;0;AL;;;;;N;;;;;
+06FE;ARABIC SIGN SINDHI POSTPOSITION MEN;So;0;AL;;;;;N;;;;;
+0700;SYRIAC END OF PARAGRAPH;Po;0;AL;;;;;N;;;;;
+0701;SYRIAC SUPRALINEAR FULL STOP;Po;0;AL;;;;;N;;;;;
+0702;SYRIAC SUBLINEAR FULL STOP;Po;0;AL;;;;;N;;;;;
+0703;SYRIAC SUPRALINEAR COLON;Po;0;AL;;;;;N;;;;;
+0704;SYRIAC SUBLINEAR COLON;Po;0;AL;;;;;N;;;;;
+0705;SYRIAC HORIZONTAL COLON;Po;0;AL;;;;;N;;;;;
+0706;SYRIAC COLON SKEWED LEFT;Po;0;AL;;;;;N;;;;;
+0707;SYRIAC COLON SKEWED RIGHT;Po;0;AL;;;;;N;;;;;
+0708;SYRIAC SUPRALINEAR COLON SKEWED LEFT;Po;0;AL;;;;;N;;;;;
+0709;SYRIAC SUBLINEAR COLON SKEWED RIGHT;Po;0;AL;;;;;N;;;;;
+070A;SYRIAC CONTRACTION;Po;0;AL;;;;;N;;;;;
+070B;SYRIAC HARKLEAN OBELUS;Po;0;AL;;;;;N;;;;;
+070C;SYRIAC HARKLEAN METOBELUS;Po;0;AL;;;;;N;;;;;
+070D;SYRIAC HARKLEAN ASTERISCUS;Po;0;AL;;;;;N;;;;;
+070F;SYRIAC ABBREVIATION MARK;Cf;0;BN;;;;;N;;;;;
+0710;SYRIAC LETTER ALAPH;Lo;0;AL;;;;;N;;;;;
+0711;SYRIAC LETTER SUPERSCRIPT ALAPH;Mn;36;NSM;;;;;N;;;;;
+0712;SYRIAC LETTER BETH;Lo;0;AL;;;;;N;;;;;
+0713;SYRIAC LETTER GAMAL;Lo;0;AL;;;;;N;;;;;
+0714;SYRIAC LETTER GAMAL GARSHUNI;Lo;0;AL;;;;;N;;;;;
+0715;SYRIAC LETTER DALATH;Lo;0;AL;;;;;N;;;;;
+0716;SYRIAC LETTER DOTLESS DALATH RISH;Lo;0;AL;;;;;N;;;;;
+0717;SYRIAC LETTER HE;Lo;0;AL;;;;;N;;;;;
+0718;SYRIAC LETTER WAW;Lo;0;AL;;;;;N;;;;;
+0719;SYRIAC LETTER ZAIN;Lo;0;AL;;;;;N;;;;;
+071A;SYRIAC LETTER HETH;Lo;0;AL;;;;;N;;;;;
+071B;SYRIAC LETTER TETH;Lo;0;AL;;;;;N;;;;;
+071C;SYRIAC LETTER TETH GARSHUNI;Lo;0;AL;;;;;N;;;;;
+071D;SYRIAC LETTER YUDH;Lo;0;AL;;;;;N;;;;;
+071E;SYRIAC LETTER YUDH HE;Lo;0;AL;;;;;N;;;;;
+071F;SYRIAC LETTER KAPH;Lo;0;AL;;;;;N;;;;;
+0720;SYRIAC LETTER LAMADH;Lo;0;AL;;;;;N;;;;;
+0721;SYRIAC LETTER MIM;Lo;0;AL;;;;;N;;;;;
+0722;SYRIAC LETTER NUN;Lo;0;AL;;;;;N;;;;;
+0723;SYRIAC LETTER SEMKATH;Lo;0;AL;;;;;N;;;;;
+0724;SYRIAC LETTER FINAL SEMKATH;Lo;0;AL;;;;;N;;;;;
+0725;SYRIAC LETTER E;Lo;0;AL;;;;;N;;;;;
+0726;SYRIAC LETTER PE;Lo;0;AL;;;;;N;;;;;
+0727;SYRIAC LETTER REVERSED PE;Lo;0;AL;;;;;N;;;;;
+0728;SYRIAC LETTER SADHE;Lo;0;AL;;;;;N;;;;;
+0729;SYRIAC LETTER QAPH;Lo;0;AL;;;;;N;;;;;
+072A;SYRIAC LETTER RISH;Lo;0;AL;;;;;N;;;;;
+072B;SYRIAC LETTER SHIN;Lo;0;AL;;;;;N;;;;;
+072C;SYRIAC LETTER TAW;Lo;0;AL;;;;;N;;;;;
+0730;SYRIAC PTHAHA ABOVE;Mn;230;NSM;;;;;N;;;;;
+0731;SYRIAC PTHAHA BELOW;Mn;220;NSM;;;;;N;;;;;
+0732;SYRIAC PTHAHA DOTTED;Mn;230;NSM;;;;;N;;;;;
+0733;SYRIAC ZQAPHA ABOVE;Mn;230;NSM;;;;;N;;;;;
+0734;SYRIAC ZQAPHA BELOW;Mn;220;NSM;;;;;N;;;;;
+0735;SYRIAC ZQAPHA DOTTED;Mn;230;NSM;;;;;N;;;;;
+0736;SYRIAC RBASA ABOVE;Mn;230;NSM;;;;;N;;;;;
+0737;SYRIAC RBASA BELOW;Mn;220;NSM;;;;;N;;;;;
+0738;SYRIAC DOTTED ZLAMA HORIZONTAL;Mn;220;NSM;;;;;N;;;;;
+0739;SYRIAC DOTTED ZLAMA ANGULAR;Mn;220;NSM;;;;;N;;;;;
+073A;SYRIAC HBASA ABOVE;Mn;230;NSM;;;;;N;;;;;
+073B;SYRIAC HBASA BELOW;Mn;220;NSM;;;;;N;;;;;
+073C;SYRIAC HBASA-ESASA DOTTED;Mn;220;NSM;;;;;N;;;;;
+073D;SYRIAC ESASA ABOVE;Mn;230;NSM;;;;;N;;;;;
+073E;SYRIAC ESASA BELOW;Mn;220;NSM;;;;;N;;;;;
+073F;SYRIAC RWAHA;Mn;230;NSM;;;;;N;;;;;
+0740;SYRIAC FEMININE DOT;Mn;230;NSM;;;;;N;;;;;
+0741;SYRIAC QUSHSHAYA;Mn;230;NSM;;;;;N;;;;;
+0742;SYRIAC RUKKAKHA;Mn;220;NSM;;;;;N;;;;;
+0743;SYRIAC TWO VERTICAL DOTS ABOVE;Mn;230;NSM;;;;;N;;;;;
+0744;SYRIAC TWO VERTICAL DOTS BELOW;Mn;220;NSM;;;;;N;;;;;
+0745;SYRIAC THREE DOTS ABOVE;Mn;230;NSM;;;;;N;;;;;
+0746;SYRIAC THREE DOTS BELOW;Mn;220;NSM;;;;;N;;;;;
+0747;SYRIAC OBLIQUE LINE ABOVE;Mn;230;NSM;;;;;N;;;;;
+0748;SYRIAC OBLIQUE LINE BELOW;Mn;220;NSM;;;;;N;;;;;
+0749;SYRIAC MUSIC;Mn;230;NSM;;;;;N;;;;;
+074A;SYRIAC BARREKH;Mn;230;NSM;;;;;N;;;;;
+0780;THAANA LETTER HAA;Lo;0;AL;;;;;N;;;;;
+0781;THAANA LETTER SHAVIYANI;Lo;0;AL;;;;;N;;;;;
+0782;THAANA LETTER NOONU;Lo;0;AL;;;;;N;;;;;
+0783;THAANA LETTER RAA;Lo;0;AL;;;;;N;;;;;
+0784;THAANA LETTER BAA;Lo;0;AL;;;;;N;;;;;
+0785;THAANA LETTER LHAVIYANI;Lo;0;AL;;;;;N;;;;;
+0786;THAANA LETTER KAAFU;Lo;0;AL;;;;;N;;;;;
+0787;THAANA LETTER ALIFU;Lo;0;AL;;;;;N;;;;;
+0788;THAANA LETTER VAAVU;Lo;0;AL;;;;;N;;;;;
+0789;THAANA LETTER MEEMU;Lo;0;AL;;;;;N;;;;;
+078A;THAANA LETTER FAAFU;Lo;0;AL;;;;;N;;;;;
+078B;THAANA LETTER DHAALU;Lo;0;AL;;;;;N;;;;;
+078C;THAANA LETTER THAA;Lo;0;AL;;;;;N;;;;;
+078D;THAANA LETTER LAAMU;Lo;0;AL;;;;;N;;;;;
+078E;THAANA LETTER GAAFU;Lo;0;AL;;;;;N;;;;;
+078F;THAANA LETTER GNAVIYANI;Lo;0;AL;;;;;N;;;;;
+0790;THAANA LETTER SEENU;Lo;0;AL;;;;;N;;;;;
+0791;THAANA LETTER DAVIYANI;Lo;0;AL;;;;;N;;;;;
+0792;THAANA LETTER ZAVIYANI;Lo;0;AL;;;;;N;;;;;
+0793;THAANA LETTER TAVIYANI;Lo;0;AL;;;;;N;;;;;
+0794;THAANA LETTER YAA;Lo;0;AL;;;;;N;;;;;
+0795;THAANA LETTER PAVIYANI;Lo;0;AL;;;;;N;;;;;
+0796;THAANA LETTER JAVIYANI;Lo;0;AL;;;;;N;;;;;
+0797;THAANA LETTER CHAVIYANI;Lo;0;AL;;;;;N;;;;;
+0798;THAANA LETTER TTAA;Lo;0;AL;;;;;N;;;;;
+0799;THAANA LETTER HHAA;Lo;0;AL;;;;;N;;;;;
+079A;THAANA LETTER KHAA;Lo;0;AL;;;;;N;;;;;
+079B;THAANA LETTER THAALU;Lo;0;AL;;;;;N;;;;;
+079C;THAANA LETTER ZAA;Lo;0;AL;;;;;N;;;;;
+079D;THAANA LETTER SHEENU;Lo;0;AL;;;;;N;;;;;
+079E;THAANA LETTER SAADHU;Lo;0;AL;;;;;N;;;;;
+079F;THAANA LETTER DAADHU;Lo;0;AL;;;;;N;;;;;
+07A0;THAANA LETTER TO;Lo;0;AL;;;;;N;;;;;
+07A1;THAANA LETTER ZO;Lo;0;AL;;;;;N;;;;;
+07A2;THAANA LETTER AINU;Lo;0;AL;;;;;N;;;;;
+07A3;THAANA LETTER GHAINU;Lo;0;AL;;;;;N;;;;;
+07A4;THAANA LETTER QAAFU;Lo;0;AL;;;;;N;;;;;
+07A5;THAANA LETTER WAAVU;Lo;0;AL;;;;;N;;;;;
+07A6;THAANA ABAFILI;Mn;0;NSM;;;;;N;;;;;
+07A7;THAANA AABAAFILI;Mn;0;NSM;;;;;N;;;;;
+07A8;THAANA IBIFILI;Mn;0;NSM;;;;;N;;;;;
+07A9;THAANA EEBEEFILI;Mn;0;NSM;;;;;N;;;;;
+07AA;THAANA UBUFILI;Mn;0;NSM;;;;;N;;;;;
+07AB;THAANA OOBOOFILI;Mn;0;NSM;;;;;N;;;;;
+07AC;THAANA EBEFILI;Mn;0;NSM;;;;;N;;;;;
+07AD;THAANA EYBEYFILI;Mn;0;NSM;;;;;N;;;;;
+07AE;THAANA OBOFILI;Mn;0;NSM;;;;;N;;;;;
+07AF;THAANA OABOAFILI;Mn;0;NSM;;;;;N;;;;;
+07B0;THAANA SUKUN;Mn;0;NSM;;;;;N;;;;;
+07B1;THAANA LETTER NAA;Lo;0;AL;;;;;N;;;;;
+0901;DEVANAGARI SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;;
+0902;DEVANAGARI SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;;
+0903;DEVANAGARI SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+0905;DEVANAGARI LETTER A;Lo;0;L;;;;;N;;;;;
+0906;DEVANAGARI LETTER AA;Lo;0;L;;;;;N;;;;;
+0907;DEVANAGARI LETTER I;Lo;0;L;;;;;N;;;;;
+0908;DEVANAGARI LETTER II;Lo;0;L;;;;;N;;;;;
+0909;DEVANAGARI LETTER U;Lo;0;L;;;;;N;;;;;
+090A;DEVANAGARI LETTER UU;Lo;0;L;;;;;N;;;;;
+090B;DEVANAGARI LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+090C;DEVANAGARI LETTER VOCALIC L;Lo;0;L;;;;;N;;;;;
+090D;DEVANAGARI LETTER CANDRA E;Lo;0;L;;;;;N;;;;;
+090E;DEVANAGARI LETTER SHORT E;Lo;0;L;;;;;N;;;;;
+090F;DEVANAGARI LETTER E;Lo;0;L;;;;;N;;;;;
+0910;DEVANAGARI LETTER AI;Lo;0;L;;;;;N;;;;;
+0911;DEVANAGARI LETTER CANDRA O;Lo;0;L;;;;;N;;;;;
+0912;DEVANAGARI LETTER SHORT O;Lo;0;L;;;;;N;;;;;
+0913;DEVANAGARI LETTER O;Lo;0;L;;;;;N;;;;;
+0914;DEVANAGARI LETTER AU;Lo;0;L;;;;;N;;;;;
+0915;DEVANAGARI LETTER KA;Lo;0;L;;;;;N;;;;;
+0916;DEVANAGARI LETTER KHA;Lo;0;L;;;;;N;;;;;
+0917;DEVANAGARI LETTER GA;Lo;0;L;;;;;N;;;;;
+0918;DEVANAGARI LETTER GHA;Lo;0;L;;;;;N;;;;;
+0919;DEVANAGARI LETTER NGA;Lo;0;L;;;;;N;;;;;
+091A;DEVANAGARI LETTER CA;Lo;0;L;;;;;N;;;;;
+091B;DEVANAGARI LETTER CHA;Lo;0;L;;;;;N;;;;;
+091C;DEVANAGARI LETTER JA;Lo;0;L;;;;;N;;;;;
+091D;DEVANAGARI LETTER JHA;Lo;0;L;;;;;N;;;;;
+091E;DEVANAGARI LETTER NYA;Lo;0;L;;;;;N;;;;;
+091F;DEVANAGARI LETTER TTA;Lo;0;L;;;;;N;;;;;
+0920;DEVANAGARI LETTER TTHA;Lo;0;L;;;;;N;;;;;
+0921;DEVANAGARI LETTER DDA;Lo;0;L;;;;;N;;;;;
+0922;DEVANAGARI LETTER DDHA;Lo;0;L;;;;;N;;;;;
+0923;DEVANAGARI LETTER NNA;Lo;0;L;;;;;N;;;;;
+0924;DEVANAGARI LETTER TA;Lo;0;L;;;;;N;;;;;
+0925;DEVANAGARI LETTER THA;Lo;0;L;;;;;N;;;;;
+0926;DEVANAGARI LETTER DA;Lo;0;L;;;;;N;;;;;
+0927;DEVANAGARI LETTER DHA;Lo;0;L;;;;;N;;;;;
+0928;DEVANAGARI LETTER NA;Lo;0;L;;;;;N;;;;;
+0929;DEVANAGARI LETTER NNNA;Lo;0;L;0928 093C;;;;N;;;;;
+092A;DEVANAGARI LETTER PA;Lo;0;L;;;;;N;;;;;
+092B;DEVANAGARI LETTER PHA;Lo;0;L;;;;;N;;;;;
+092C;DEVANAGARI LETTER BA;Lo;0;L;;;;;N;;;;;
+092D;DEVANAGARI LETTER BHA;Lo;0;L;;;;;N;;;;;
+092E;DEVANAGARI LETTER MA;Lo;0;L;;;;;N;;;;;
+092F;DEVANAGARI LETTER YA;Lo;0;L;;;;;N;;;;;
+0930;DEVANAGARI LETTER RA;Lo;0;L;;;;;N;;;;;
+0931;DEVANAGARI LETTER RRA;Lo;0;L;0930 093C;;;;N;;;;;
+0932;DEVANAGARI LETTER LA;Lo;0;L;;;;;N;;;;;
+0933;DEVANAGARI LETTER LLA;Lo;0;L;;;;;N;;;;;
+0934;DEVANAGARI LETTER LLLA;Lo;0;L;0933 093C;;;;N;;;;;
+0935;DEVANAGARI LETTER VA;Lo;0;L;;;;;N;;;;;
+0936;DEVANAGARI LETTER SHA;Lo;0;L;;;;;N;;;;;
+0937;DEVANAGARI LETTER SSA;Lo;0;L;;;;;N;;;;;
+0938;DEVANAGARI LETTER SA;Lo;0;L;;;;;N;;;;;
+0939;DEVANAGARI LETTER HA;Lo;0;L;;;;;N;;;;;
+093C;DEVANAGARI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;;
+093D;DEVANAGARI SIGN AVAGRAHA;Lo;0;L;;;;;N;;;;;
+093E;DEVANAGARI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+093F;DEVANAGARI VOWEL SIGN I;Mc;0;L;;;;;N;;;;;
+0940;DEVANAGARI VOWEL SIGN II;Mc;0;L;;;;;N;;;;;
+0941;DEVANAGARI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+0942;DEVANAGARI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+0943;DEVANAGARI VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;;
+0944;DEVANAGARI VOWEL SIGN VOCALIC RR;Mn;0;NSM;;;;;N;;;;;
+0945;DEVANAGARI VOWEL SIGN CANDRA E;Mn;0;NSM;;;;;N;;;;;
+0946;DEVANAGARI VOWEL SIGN SHORT E;Mn;0;NSM;;;;;N;;;;;
+0947;DEVANAGARI VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;;
+0948;DEVANAGARI VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;;
+0949;DEVANAGARI VOWEL SIGN CANDRA O;Mc;0;L;;;;;N;;;;;
+094A;DEVANAGARI VOWEL SIGN SHORT O;Mc;0;L;;;;;N;;;;;
+094B;DEVANAGARI VOWEL SIGN O;Mc;0;L;;;;;N;;;;;
+094C;DEVANAGARI VOWEL SIGN AU;Mc;0;L;;;;;N;;;;;
+094D;DEVANAGARI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0950;DEVANAGARI OM;Lo;0;L;;;;;N;;;;;
+0951;DEVANAGARI STRESS SIGN UDATTA;Mn;230;NSM;;;;;N;;;;;
+0952;DEVANAGARI STRESS SIGN ANUDATTA;Mn;220;NSM;;;;;N;;;;;
+0953;DEVANAGARI GRAVE ACCENT;Mn;230;NSM;;;;;N;;;;;
+0954;DEVANAGARI ACUTE ACCENT;Mn;230;NSM;;;;;N;;;;;
+0958;DEVANAGARI LETTER QA;Lo;0;L;0915 093C;;;;N;;;;;
+0959;DEVANAGARI LETTER KHHA;Lo;0;L;0916 093C;;;;N;;;;;
+095A;DEVANAGARI LETTER GHHA;Lo;0;L;0917 093C;;;;N;;;;;
+095B;DEVANAGARI LETTER ZA;Lo;0;L;091C 093C;;;;N;;;;;
+095C;DEVANAGARI LETTER DDDHA;Lo;0;L;0921 093C;;;;N;;;;;
+095D;DEVANAGARI LETTER RHA;Lo;0;L;0922 093C;;;;N;;;;;
+095E;DEVANAGARI LETTER FA;Lo;0;L;092B 093C;;;;N;;;;;
+095F;DEVANAGARI LETTER YYA;Lo;0;L;092F 093C;;;;N;;;;;
+0960;DEVANAGARI LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+0961;DEVANAGARI LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;;
+0962;DEVANAGARI VOWEL SIGN VOCALIC L;Mn;0;NSM;;;;;N;;;;;
+0963;DEVANAGARI VOWEL SIGN VOCALIC LL;Mn;0;NSM;;;;;N;;;;;
+0964;DEVANAGARI DANDA;Po;0;L;;;;;N;;;;;
+0965;DEVANAGARI DOUBLE DANDA;Po;0;L;;;;;N;;;;;
+0966;DEVANAGARI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0967;DEVANAGARI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0968;DEVANAGARI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0969;DEVANAGARI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+096A;DEVANAGARI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+096B;DEVANAGARI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+096C;DEVANAGARI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+096D;DEVANAGARI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+096E;DEVANAGARI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+096F;DEVANAGARI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0970;DEVANAGARI ABBREVIATION SIGN;Po;0;L;;;;;N;;;;;
+0981;BENGALI SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;;
+0982;BENGALI SIGN ANUSVARA;Mc;0;L;;;;;N;;;;;
+0983;BENGALI SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+0985;BENGALI LETTER A;Lo;0;L;;;;;N;;;;;
+0986;BENGALI LETTER AA;Lo;0;L;;;;;N;;;;;
+0987;BENGALI LETTER I;Lo;0;L;;;;;N;;;;;
+0988;BENGALI LETTER II;Lo;0;L;;;;;N;;;;;
+0989;BENGALI LETTER U;Lo;0;L;;;;;N;;;;;
+098A;BENGALI LETTER UU;Lo;0;L;;;;;N;;;;;
+098B;BENGALI LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+098C;BENGALI LETTER VOCALIC L;Lo;0;L;;;;;N;;;;;
+098F;BENGALI LETTER E;Lo;0;L;;;;;N;;;;;
+0990;BENGALI LETTER AI;Lo;0;L;;;;;N;;;;;
+0993;BENGALI LETTER O;Lo;0;L;;;;;N;;;;;
+0994;BENGALI LETTER AU;Lo;0;L;;;;;N;;;;;
+0995;BENGALI LETTER KA;Lo;0;L;;;;;N;;;;;
+0996;BENGALI LETTER KHA;Lo;0;L;;;;;N;;;;;
+0997;BENGALI LETTER GA;Lo;0;L;;;;;N;;;;;
+0998;BENGALI LETTER GHA;Lo;0;L;;;;;N;;;;;
+0999;BENGALI LETTER NGA;Lo;0;L;;;;;N;;;;;
+099A;BENGALI LETTER CA;Lo;0;L;;;;;N;;;;;
+099B;BENGALI LETTER CHA;Lo;0;L;;;;;N;;;;;
+099C;BENGALI LETTER JA;Lo;0;L;;;;;N;;;;;
+099D;BENGALI LETTER JHA;Lo;0;L;;;;;N;;;;;
+099E;BENGALI LETTER NYA;Lo;0;L;;;;;N;;;;;
+099F;BENGALI LETTER TTA;Lo;0;L;;;;;N;;;;;
+09A0;BENGALI LETTER TTHA;Lo;0;L;;;;;N;;;;;
+09A1;BENGALI LETTER DDA;Lo;0;L;;;;;N;;;;;
+09A2;BENGALI LETTER DDHA;Lo;0;L;;;;;N;;;;;
+09A3;BENGALI LETTER NNA;Lo;0;L;;;;;N;;;;;
+09A4;BENGALI LETTER TA;Lo;0;L;;;;;N;;;;;
+09A5;BENGALI LETTER THA;Lo;0;L;;;;;N;;;;;
+09A6;BENGALI LETTER DA;Lo;0;L;;;;;N;;;;;
+09A7;BENGALI LETTER DHA;Lo;0;L;;;;;N;;;;;
+09A8;BENGALI LETTER NA;Lo;0;L;;;;;N;;;;;
+09AA;BENGALI LETTER PA;Lo;0;L;;;;;N;;;;;
+09AB;BENGALI LETTER PHA;Lo;0;L;;;;;N;;;;;
+09AC;BENGALI LETTER BA;Lo;0;L;;;;;N;;;;;
+09AD;BENGALI LETTER BHA;Lo;0;L;;;;;N;;;;;
+09AE;BENGALI LETTER MA;Lo;0;L;;;;;N;;;;;
+09AF;BENGALI LETTER YA;Lo;0;L;;;;;N;;;;;
+09B0;BENGALI LETTER RA;Lo;0;L;;;;;N;;;;;
+09B2;BENGALI LETTER LA;Lo;0;L;;;;;N;;;;;
+09B6;BENGALI LETTER SHA;Lo;0;L;;;;;N;;;;;
+09B7;BENGALI LETTER SSA;Lo;0;L;;;;;N;;;;;
+09B8;BENGALI LETTER SA;Lo;0;L;;;;;N;;;;;
+09B9;BENGALI LETTER HA;Lo;0;L;;;;;N;;;;;
+09BC;BENGALI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;;
+09BE;BENGALI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+09BF;BENGALI VOWEL SIGN I;Mc;0;L;;;;;N;;;;;
+09C0;BENGALI VOWEL SIGN II;Mc;0;L;;;;;N;;;;;
+09C1;BENGALI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+09C2;BENGALI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+09C3;BENGALI VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;;
+09C4;BENGALI VOWEL SIGN VOCALIC RR;Mn;0;NSM;;;;;N;;;;;
+09C7;BENGALI VOWEL SIGN E;Mc;0;L;;;;;N;;;;;
+09C8;BENGALI VOWEL SIGN AI;Mc;0;L;;;;;N;;;;;
+09CB;BENGALI VOWEL SIGN O;Mc;0;L;09C7 09BE;;;;N;;;;;
+09CC;BENGALI VOWEL SIGN AU;Mc;0;L;09C7 09D7;;;;N;;;;;
+09CD;BENGALI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+09D7;BENGALI AU LENGTH MARK;Mc;0;L;;;;;N;;;;;
+09DC;BENGALI LETTER RRA;Lo;0;L;09A1 09BC;;;;N;;;;;
+09DD;BENGALI LETTER RHA;Lo;0;L;09A2 09BC;;;;N;;;;;
+09DF;BENGALI LETTER YYA;Lo;0;L;09AF 09BC;;;;N;;;;;
+09E0;BENGALI LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+09E1;BENGALI LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;;
+09E2;BENGALI VOWEL SIGN VOCALIC L;Mn;0;NSM;;;;;N;;;;;
+09E3;BENGALI VOWEL SIGN VOCALIC LL;Mn;0;NSM;;;;;N;;;;;
+09E6;BENGALI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+09E7;BENGALI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+09E8;BENGALI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+09E9;BENGALI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+09EA;BENGALI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+09EB;BENGALI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+09EC;BENGALI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+09ED;BENGALI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+09EE;BENGALI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+09EF;BENGALI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+09F0;BENGALI LETTER RA WITH MIDDLE DIAGONAL;Lo;0;L;;;;;N;;Assamese;;;
+09F1;BENGALI LETTER RA WITH LOWER DIAGONAL;Lo;0;L;;;;;N;BENGALI LETTER VA WITH LOWER DIAGONAL;Assamese;;;
+09F2;BENGALI RUPEE MARK;Sc;0;ET;;;;;N;;;;;
+09F3;BENGALI RUPEE SIGN;Sc;0;ET;;;;;N;;;;;
+09F4;BENGALI CURRENCY NUMERATOR ONE;No;0;L;;;;1;N;;;;;
+09F5;BENGALI CURRENCY NUMERATOR TWO;No;0;L;;;;2;N;;;;;
+09F6;BENGALI CURRENCY NUMERATOR THREE;No;0;L;;;;3;N;;;;;
+09F7;BENGALI CURRENCY NUMERATOR FOUR;No;0;L;;;;4;N;;;;;
+09F8;BENGALI CURRENCY NUMERATOR ONE LESS THAN THE DENOMINATOR;No;0;L;;;;;N;;;;;
+09F9;BENGALI CURRENCY DENOMINATOR SIXTEEN;No;0;L;;;;16;N;;;;;
+09FA;BENGALI ISSHAR;So;0;L;;;;;N;;;;;
+0A02;GURMUKHI SIGN BINDI;Mn;0;NSM;;;;;N;;;;;
+0A05;GURMUKHI LETTER A;Lo;0;L;;;;;N;;;;;
+0A06;GURMUKHI LETTER AA;Lo;0;L;;;;;N;;;;;
+0A07;GURMUKHI LETTER I;Lo;0;L;;;;;N;;;;;
+0A08;GURMUKHI LETTER II;Lo;0;L;;;;;N;;;;;
+0A09;GURMUKHI LETTER U;Lo;0;L;;;;;N;;;;;
+0A0A;GURMUKHI LETTER UU;Lo;0;L;;;;;N;;;;;
+0A0F;GURMUKHI LETTER EE;Lo;0;L;;;;;N;;;;;
+0A10;GURMUKHI LETTER AI;Lo;0;L;;;;;N;;;;;
+0A13;GURMUKHI LETTER OO;Lo;0;L;;;;;N;;;;;
+0A14;GURMUKHI LETTER AU;Lo;0;L;;;;;N;;;;;
+0A15;GURMUKHI LETTER KA;Lo;0;L;;;;;N;;;;;
+0A16;GURMUKHI LETTER KHA;Lo;0;L;;;;;N;;;;;
+0A17;GURMUKHI LETTER GA;Lo;0;L;;;;;N;;;;;
+0A18;GURMUKHI LETTER GHA;Lo;0;L;;;;;N;;;;;
+0A19;GURMUKHI LETTER NGA;Lo;0;L;;;;;N;;;;;
+0A1A;GURMUKHI LETTER CA;Lo;0;L;;;;;N;;;;;
+0A1B;GURMUKHI LETTER CHA;Lo;0;L;;;;;N;;;;;
+0A1C;GURMUKHI LETTER JA;Lo;0;L;;;;;N;;;;;
+0A1D;GURMUKHI LETTER JHA;Lo;0;L;;;;;N;;;;;
+0A1E;GURMUKHI LETTER NYA;Lo;0;L;;;;;N;;;;;
+0A1F;GURMUKHI LETTER TTA;Lo;0;L;;;;;N;;;;;
+0A20;GURMUKHI LETTER TTHA;Lo;0;L;;;;;N;;;;;
+0A21;GURMUKHI LETTER DDA;Lo;0;L;;;;;N;;;;;
+0A22;GURMUKHI LETTER DDHA;Lo;0;L;;;;;N;;;;;
+0A23;GURMUKHI LETTER NNA;Lo;0;L;;;;;N;;;;;
+0A24;GURMUKHI LETTER TA;Lo;0;L;;;;;N;;;;;
+0A25;GURMUKHI LETTER THA;Lo;0;L;;;;;N;;;;;
+0A26;GURMUKHI LETTER DA;Lo;0;L;;;;;N;;;;;
+0A27;GURMUKHI LETTER DHA;Lo;0;L;;;;;N;;;;;
+0A28;GURMUKHI LETTER NA;Lo;0;L;;;;;N;;;;;
+0A2A;GURMUKHI LETTER PA;Lo;0;L;;;;;N;;;;;
+0A2B;GURMUKHI LETTER PHA;Lo;0;L;;;;;N;;;;;
+0A2C;GURMUKHI LETTER BA;Lo;0;L;;;;;N;;;;;
+0A2D;GURMUKHI LETTER BHA;Lo;0;L;;;;;N;;;;;
+0A2E;GURMUKHI LETTER MA;Lo;0;L;;;;;N;;;;;
+0A2F;GURMUKHI LETTER YA;Lo;0;L;;;;;N;;;;;
+0A30;GURMUKHI LETTER RA;Lo;0;L;;;;;N;;;;;
+0A32;GURMUKHI LETTER LA;Lo;0;L;;;;;N;;;;;
+0A33;GURMUKHI LETTER LLA;Lo;0;L;0A32 0A3C;;;;N;;;;;
+0A35;GURMUKHI LETTER VA;Lo;0;L;;;;;N;;;;;
+0A36;GURMUKHI LETTER SHA;Lo;0;L;0A38 0A3C;;;;N;;;;;
+0A38;GURMUKHI LETTER SA;Lo;0;L;;;;;N;;;;;
+0A39;GURMUKHI LETTER HA;Lo;0;L;;;;;N;;;;;
+0A3C;GURMUKHI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;;
+0A3E;GURMUKHI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+0A3F;GURMUKHI VOWEL SIGN I;Mc;0;L;;;;;N;;;;;
+0A40;GURMUKHI VOWEL SIGN II;Mc;0;L;;;;;N;;;;;
+0A41;GURMUKHI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+0A42;GURMUKHI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+0A47;GURMUKHI VOWEL SIGN EE;Mn;0;NSM;;;;;N;;;;;
+0A48;GURMUKHI VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;;
+0A4B;GURMUKHI VOWEL SIGN OO;Mn;0;NSM;;;;;N;;;;;
+0A4C;GURMUKHI VOWEL SIGN AU;Mn;0;NSM;;;;;N;;;;;
+0A4D;GURMUKHI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0A59;GURMUKHI LETTER KHHA;Lo;0;L;0A16 0A3C;;;;N;;;;;
+0A5A;GURMUKHI LETTER GHHA;Lo;0;L;0A17 0A3C;;;;N;;;;;
+0A5B;GURMUKHI LETTER ZA;Lo;0;L;0A1C 0A3C;;;;N;;;;;
+0A5C;GURMUKHI LETTER RRA;Lo;0;L;;;;;N;;;;;
+0A5E;GURMUKHI LETTER FA;Lo;0;L;0A2B 0A3C;;;;N;;;;;
+0A66;GURMUKHI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0A67;GURMUKHI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0A68;GURMUKHI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0A69;GURMUKHI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0A6A;GURMUKHI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0A6B;GURMUKHI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0A6C;GURMUKHI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0A6D;GURMUKHI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0A6E;GURMUKHI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0A6F;GURMUKHI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0A70;GURMUKHI TIPPI;Mn;0;NSM;;;;;N;;;;;
+0A71;GURMUKHI ADDAK;Mn;0;NSM;;;;;N;;;;;
+0A72;GURMUKHI IRI;Lo;0;L;;;;;N;;;;;
+0A73;GURMUKHI URA;Lo;0;L;;;;;N;;;;;
+0A74;GURMUKHI EK ONKAR;Lo;0;L;;;;;N;;;;;
+0A81;GUJARATI SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;;
+0A82;GUJARATI SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;;
+0A83;GUJARATI SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+0A85;GUJARATI LETTER A;Lo;0;L;;;;;N;;;;;
+0A86;GUJARATI LETTER AA;Lo;0;L;;;;;N;;;;;
+0A87;GUJARATI LETTER I;Lo;0;L;;;;;N;;;;;
+0A88;GUJARATI LETTER II;Lo;0;L;;;;;N;;;;;
+0A89;GUJARATI LETTER U;Lo;0;L;;;;;N;;;;;
+0A8A;GUJARATI LETTER UU;Lo;0;L;;;;;N;;;;;
+0A8B;GUJARATI LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+0A8D;GUJARATI VOWEL CANDRA E;Lo;0;L;;;;;N;;;;;
+0A8F;GUJARATI LETTER E;Lo;0;L;;;;;N;;;;;
+0A90;GUJARATI LETTER AI;Lo;0;L;;;;;N;;;;;
+0A91;GUJARATI VOWEL CANDRA O;Lo;0;L;;;;;N;;;;;
+0A93;GUJARATI LETTER O;Lo;0;L;;;;;N;;;;;
+0A94;GUJARATI LETTER AU;Lo;0;L;;;;;N;;;;;
+0A95;GUJARATI LETTER KA;Lo;0;L;;;;;N;;;;;
+0A96;GUJARATI LETTER KHA;Lo;0;L;;;;;N;;;;;
+0A97;GUJARATI LETTER GA;Lo;0;L;;;;;N;;;;;
+0A98;GUJARATI LETTER GHA;Lo;0;L;;;;;N;;;;;
+0A99;GUJARATI LETTER NGA;Lo;0;L;;;;;N;;;;;
+0A9A;GUJARATI LETTER CA;Lo;0;L;;;;;N;;;;;
+0A9B;GUJARATI LETTER CHA;Lo;0;L;;;;;N;;;;;
+0A9C;GUJARATI LETTER JA;Lo;0;L;;;;;N;;;;;
+0A9D;GUJARATI LETTER JHA;Lo;0;L;;;;;N;;;;;
+0A9E;GUJARATI LETTER NYA;Lo;0;L;;;;;N;;;;;
+0A9F;GUJARATI LETTER TTA;Lo;0;L;;;;;N;;;;;
+0AA0;GUJARATI LETTER TTHA;Lo;0;L;;;;;N;;;;;
+0AA1;GUJARATI LETTER DDA;Lo;0;L;;;;;N;;;;;
+0AA2;GUJARATI LETTER DDHA;Lo;0;L;;;;;N;;;;;
+0AA3;GUJARATI LETTER NNA;Lo;0;L;;;;;N;;;;;
+0AA4;GUJARATI LETTER TA;Lo;0;L;;;;;N;;;;;
+0AA5;GUJARATI LETTER THA;Lo;0;L;;;;;N;;;;;
+0AA6;GUJARATI LETTER DA;Lo;0;L;;;;;N;;;;;
+0AA7;GUJARATI LETTER DHA;Lo;0;L;;;;;N;;;;;
+0AA8;GUJARATI LETTER NA;Lo;0;L;;;;;N;;;;;
+0AAA;GUJARATI LETTER PA;Lo;0;L;;;;;N;;;;;
+0AAB;GUJARATI LETTER PHA;Lo;0;L;;;;;N;;;;;
+0AAC;GUJARATI LETTER BA;Lo;0;L;;;;;N;;;;;
+0AAD;GUJARATI LETTER BHA;Lo;0;L;;;;;N;;;;;
+0AAE;GUJARATI LETTER MA;Lo;0;L;;;;;N;;;;;
+0AAF;GUJARATI LETTER YA;Lo;0;L;;;;;N;;;;;
+0AB0;GUJARATI LETTER RA;Lo;0;L;;;;;N;;;;;
+0AB2;GUJARATI LETTER LA;Lo;0;L;;;;;N;;;;;
+0AB3;GUJARATI LETTER LLA;Lo;0;L;;;;;N;;;;;
+0AB5;GUJARATI LETTER VA;Lo;0;L;;;;;N;;;;;
+0AB6;GUJARATI LETTER SHA;Lo;0;L;;;;;N;;;;;
+0AB7;GUJARATI LETTER SSA;Lo;0;L;;;;;N;;;;;
+0AB8;GUJARATI LETTER SA;Lo;0;L;;;;;N;;;;;
+0AB9;GUJARATI LETTER HA;Lo;0;L;;;;;N;;;;;
+0ABC;GUJARATI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;;
+0ABD;GUJARATI SIGN AVAGRAHA;Lo;0;L;;;;;N;;;;;
+0ABE;GUJARATI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+0ABF;GUJARATI VOWEL SIGN I;Mc;0;L;;;;;N;;;;;
+0AC0;GUJARATI VOWEL SIGN II;Mc;0;L;;;;;N;;;;;
+0AC1;GUJARATI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+0AC2;GUJARATI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+0AC3;GUJARATI VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;;
+0AC4;GUJARATI VOWEL SIGN VOCALIC RR;Mn;0;NSM;;;;;N;;;;;
+0AC5;GUJARATI VOWEL SIGN CANDRA E;Mn;0;NSM;;;;;N;;;;;
+0AC7;GUJARATI VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;;
+0AC8;GUJARATI VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;;
+0AC9;GUJARATI VOWEL SIGN CANDRA O;Mc;0;L;;;;;N;;;;;
+0ACB;GUJARATI VOWEL SIGN O;Mc;0;L;;;;;N;;;;;
+0ACC;GUJARATI VOWEL SIGN AU;Mc;0;L;;;;;N;;;;;
+0ACD;GUJARATI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0AD0;GUJARATI OM;Lo;0;L;;;;;N;;;;;
+0AE0;GUJARATI LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+0AE6;GUJARATI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0AE7;GUJARATI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0AE8;GUJARATI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0AE9;GUJARATI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0AEA;GUJARATI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0AEB;GUJARATI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0AEC;GUJARATI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0AED;GUJARATI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0AEE;GUJARATI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0AEF;GUJARATI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0B01;ORIYA SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;;
+0B02;ORIYA SIGN ANUSVARA;Mc;0;L;;;;;N;;;;;
+0B03;ORIYA SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+0B05;ORIYA LETTER A;Lo;0;L;;;;;N;;;;;
+0B06;ORIYA LETTER AA;Lo;0;L;;;;;N;;;;;
+0B07;ORIYA LETTER I;Lo;0;L;;;;;N;;;;;
+0B08;ORIYA LETTER II;Lo;0;L;;;;;N;;;;;
+0B09;ORIYA LETTER U;Lo;0;L;;;;;N;;;;;
+0B0A;ORIYA LETTER UU;Lo;0;L;;;;;N;;;;;
+0B0B;ORIYA LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+0B0C;ORIYA LETTER VOCALIC L;Lo;0;L;;;;;N;;;;;
+0B0F;ORIYA LETTER E;Lo;0;L;;;;;N;;;;;
+0B10;ORIYA LETTER AI;Lo;0;L;;;;;N;;;;;
+0B13;ORIYA LETTER O;Lo;0;L;;;;;N;;;;;
+0B14;ORIYA LETTER AU;Lo;0;L;;;;;N;;;;;
+0B15;ORIYA LETTER KA;Lo;0;L;;;;;N;;;;;
+0B16;ORIYA LETTER KHA;Lo;0;L;;;;;N;;;;;
+0B17;ORIYA LETTER GA;Lo;0;L;;;;;N;;;;;
+0B18;ORIYA LETTER GHA;Lo;0;L;;;;;N;;;;;
+0B19;ORIYA LETTER NGA;Lo;0;L;;;;;N;;;;;
+0B1A;ORIYA LETTER CA;Lo;0;L;;;;;N;;;;;
+0B1B;ORIYA LETTER CHA;Lo;0;L;;;;;N;;;;;
+0B1C;ORIYA LETTER JA;Lo;0;L;;;;;N;;;;;
+0B1D;ORIYA LETTER JHA;Lo;0;L;;;;;N;;;;;
+0B1E;ORIYA LETTER NYA;Lo;0;L;;;;;N;;;;;
+0B1F;ORIYA LETTER TTA;Lo;0;L;;;;;N;;;;;
+0B20;ORIYA LETTER TTHA;Lo;0;L;;;;;N;;;;;
+0B21;ORIYA LETTER DDA;Lo;0;L;;;;;N;;;;;
+0B22;ORIYA LETTER DDHA;Lo;0;L;;;;;N;;;;;
+0B23;ORIYA LETTER NNA;Lo;0;L;;;;;N;;;;;
+0B24;ORIYA LETTER TA;Lo;0;L;;;;;N;;;;;
+0B25;ORIYA LETTER THA;Lo;0;L;;;;;N;;;;;
+0B26;ORIYA LETTER DA;Lo;0;L;;;;;N;;;;;
+0B27;ORIYA LETTER DHA;Lo;0;L;;;;;N;;;;;
+0B28;ORIYA LETTER NA;Lo;0;L;;;;;N;;;;;
+0B2A;ORIYA LETTER PA;Lo;0;L;;;;;N;;;;;
+0B2B;ORIYA LETTER PHA;Lo;0;L;;;;;N;;;;;
+0B2C;ORIYA LETTER BA;Lo;0;L;;;;;N;;;;;
+0B2D;ORIYA LETTER BHA;Lo;0;L;;;;;N;;;;;
+0B2E;ORIYA LETTER MA;Lo;0;L;;;;;N;;;;;
+0B2F;ORIYA LETTER YA;Lo;0;L;;;;;N;;;;;
+0B30;ORIYA LETTER RA;Lo;0;L;;;;;N;;;;;
+0B32;ORIYA LETTER LA;Lo;0;L;;;;;N;;;;;
+0B33;ORIYA LETTER LLA;Lo;0;L;;;;;N;;;;;
+0B36;ORIYA LETTER SHA;Lo;0;L;;;;;N;;;;;
+0B37;ORIYA LETTER SSA;Lo;0;L;;;;;N;;;;;
+0B38;ORIYA LETTER SA;Lo;0;L;;;;;N;;;;;
+0B39;ORIYA LETTER HA;Lo;0;L;;;;;N;;;;;
+0B3C;ORIYA SIGN NUKTA;Mn;7;NSM;;;;;N;;;;;
+0B3D;ORIYA SIGN AVAGRAHA;Lo;0;L;;;;;N;;;;;
+0B3E;ORIYA VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+0B3F;ORIYA VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+0B40;ORIYA VOWEL SIGN II;Mc;0;L;;;;;N;;;;;
+0B41;ORIYA VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+0B42;ORIYA VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+0B43;ORIYA VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;;
+0B47;ORIYA VOWEL SIGN E;Mc;0;L;;;;;N;;;;;
+0B48;ORIYA VOWEL SIGN AI;Mc;0;L;0B47 0B56;;;;N;;;;;
+0B4B;ORIYA VOWEL SIGN O;Mc;0;L;0B47 0B3E;;;;N;;;;;
+0B4C;ORIYA VOWEL SIGN AU;Mc;0;L;0B47 0B57;;;;N;;;;;
+0B4D;ORIYA SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0B56;ORIYA AI LENGTH MARK;Mn;0;NSM;;;;;N;;;;;
+0B57;ORIYA AU LENGTH MARK;Mc;0;L;;;;;N;;;;;
+0B5C;ORIYA LETTER RRA;Lo;0;L;0B21 0B3C;;;;N;;;;;
+0B5D;ORIYA LETTER RHA;Lo;0;L;0B22 0B3C;;;;N;;;;;
+0B5F;ORIYA LETTER YYA;Lo;0;L;;;;;N;;;;;
+0B60;ORIYA LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+0B61;ORIYA LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;;
+0B66;ORIYA DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0B67;ORIYA DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0B68;ORIYA DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0B69;ORIYA DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0B6A;ORIYA DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0B6B;ORIYA DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0B6C;ORIYA DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0B6D;ORIYA DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0B6E;ORIYA DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0B6F;ORIYA DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0B70;ORIYA ISSHAR;So;0;L;;;;;N;;;;;
+0B82;TAMIL SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;;
+0B83;TAMIL SIGN VISARGA;Lo;0;L;;;;;N;;;;;
+0B85;TAMIL LETTER A;Lo;0;L;;;;;N;;;;;
+0B86;TAMIL LETTER AA;Lo;0;L;;;;;N;;;;;
+0B87;TAMIL LETTER I;Lo;0;L;;;;;N;;;;;
+0B88;TAMIL LETTER II;Lo;0;L;;;;;N;;;;;
+0B89;TAMIL LETTER U;Lo;0;L;;;;;N;;;;;
+0B8A;TAMIL LETTER UU;Lo;0;L;;;;;N;;;;;
+0B8E;TAMIL LETTER E;Lo;0;L;;;;;N;;;;;
+0B8F;TAMIL LETTER EE;Lo;0;L;;;;;N;;;;;
+0B90;TAMIL LETTER AI;Lo;0;L;;;;;N;;;;;
+0B92;TAMIL LETTER O;Lo;0;L;;;;;N;;;;;
+0B93;TAMIL LETTER OO;Lo;0;L;;;;;N;;;;;
+0B94;TAMIL LETTER AU;Lo;0;L;0B92 0BD7;;;;N;;;;;
+0B95;TAMIL LETTER KA;Lo;0;L;;;;;N;;;;;
+0B99;TAMIL LETTER NGA;Lo;0;L;;;;;N;;;;;
+0B9A;TAMIL LETTER CA;Lo;0;L;;;;;N;;;;;
+0B9C;TAMIL LETTER JA;Lo;0;L;;;;;N;;;;;
+0B9E;TAMIL LETTER NYA;Lo;0;L;;;;;N;;;;;
+0B9F;TAMIL LETTER TTA;Lo;0;L;;;;;N;;;;;
+0BA3;TAMIL LETTER NNA;Lo;0;L;;;;;N;;;;;
+0BA4;TAMIL LETTER TA;Lo;0;L;;;;;N;;;;;
+0BA8;TAMIL LETTER NA;Lo;0;L;;;;;N;;;;;
+0BA9;TAMIL LETTER NNNA;Lo;0;L;;;;;N;;;;;
+0BAA;TAMIL LETTER PA;Lo;0;L;;;;;N;;;;;
+0BAE;TAMIL LETTER MA;Lo;0;L;;;;;N;;;;;
+0BAF;TAMIL LETTER YA;Lo;0;L;;;;;N;;;;;
+0BB0;TAMIL LETTER RA;Lo;0;L;;;;;N;;;;;
+0BB1;TAMIL LETTER RRA;Lo;0;L;;;;;N;;;;;
+0BB2;TAMIL LETTER LA;Lo;0;L;;;;;N;;;;;
+0BB3;TAMIL LETTER LLA;Lo;0;L;;;;;N;;;;;
+0BB4;TAMIL LETTER LLLA;Lo;0;L;;;;;N;;;;;
+0BB5;TAMIL LETTER VA;Lo;0;L;;;;;N;;;;;
+0BB7;TAMIL LETTER SSA;Lo;0;L;;;;;N;;;;;
+0BB8;TAMIL LETTER SA;Lo;0;L;;;;;N;;;;;
+0BB9;TAMIL LETTER HA;Lo;0;L;;;;;N;;;;;
+0BBE;TAMIL VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+0BBF;TAMIL VOWEL SIGN I;Mc;0;L;;;;;N;;;;;
+0BC0;TAMIL VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;;
+0BC1;TAMIL VOWEL SIGN U;Mc;0;L;;;;;N;;;;;
+0BC2;TAMIL VOWEL SIGN UU;Mc;0;L;;;;;N;;;;;
+0BC6;TAMIL VOWEL SIGN E;Mc;0;L;;;;;N;;;;;
+0BC7;TAMIL VOWEL SIGN EE;Mc;0;L;;;;;N;;;;;
+0BC8;TAMIL VOWEL SIGN AI;Mc;0;L;;;;;N;;;;;
+0BCA;TAMIL VOWEL SIGN O;Mc;0;L;0BC6 0BBE;;;;N;;;;;
+0BCB;TAMIL VOWEL SIGN OO;Mc;0;L;0BC7 0BBE;;;;N;;;;;
+0BCC;TAMIL VOWEL SIGN AU;Mc;0;L;0BC6 0BD7;;;;N;;;;;
+0BCD;TAMIL SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0BD7;TAMIL AU LENGTH MARK;Mc;0;L;;;;;N;;;;;
+0BE7;TAMIL DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0BE8;TAMIL DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0BE9;TAMIL DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0BEA;TAMIL DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0BEB;TAMIL DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0BEC;TAMIL DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0BED;TAMIL DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0BEE;TAMIL DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0BEF;TAMIL DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0BF0;TAMIL NUMBER TEN;No;0;L;;;;10;N;;;;;
+0BF1;TAMIL NUMBER ONE HUNDRED;No;0;L;;;;100;N;;;;;
+0BF2;TAMIL NUMBER ONE THOUSAND;No;0;L;;;;1000;N;;;;;
+0C01;TELUGU SIGN CANDRABINDU;Mc;0;L;;;;;N;;;;;
+0C02;TELUGU SIGN ANUSVARA;Mc;0;L;;;;;N;;;;;
+0C03;TELUGU SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+0C05;TELUGU LETTER A;Lo;0;L;;;;;N;;;;;
+0C06;TELUGU LETTER AA;Lo;0;L;;;;;N;;;;;
+0C07;TELUGU LETTER I;Lo;0;L;;;;;N;;;;;
+0C08;TELUGU LETTER II;Lo;0;L;;;;;N;;;;;
+0C09;TELUGU LETTER U;Lo;0;L;;;;;N;;;;;
+0C0A;TELUGU LETTER UU;Lo;0;L;;;;;N;;;;;
+0C0B;TELUGU LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+0C0C;TELUGU LETTER VOCALIC L;Lo;0;L;;;;;N;;;;;
+0C0E;TELUGU LETTER E;Lo;0;L;;;;;N;;;;;
+0C0F;TELUGU LETTER EE;Lo;0;L;;;;;N;;;;;
+0C10;TELUGU LETTER AI;Lo;0;L;;;;;N;;;;;
+0C12;TELUGU LETTER O;Lo;0;L;;;;;N;;;;;
+0C13;TELUGU LETTER OO;Lo;0;L;;;;;N;;;;;
+0C14;TELUGU LETTER AU;Lo;0;L;;;;;N;;;;;
+0C15;TELUGU LETTER KA;Lo;0;L;;;;;N;;;;;
+0C16;TELUGU LETTER KHA;Lo;0;L;;;;;N;;;;;
+0C17;TELUGU LETTER GA;Lo;0;L;;;;;N;;;;;
+0C18;TELUGU LETTER GHA;Lo;0;L;;;;;N;;;;;
+0C19;TELUGU LETTER NGA;Lo;0;L;;;;;N;;;;;
+0C1A;TELUGU LETTER CA;Lo;0;L;;;;;N;;;;;
+0C1B;TELUGU LETTER CHA;Lo;0;L;;;;;N;;;;;
+0C1C;TELUGU LETTER JA;Lo;0;L;;;;;N;;;;;
+0C1D;TELUGU LETTER JHA;Lo;0;L;;;;;N;;;;;
+0C1E;TELUGU LETTER NYA;Lo;0;L;;;;;N;;;;;
+0C1F;TELUGU LETTER TTA;Lo;0;L;;;;;N;;;;;
+0C20;TELUGU LETTER TTHA;Lo;0;L;;;;;N;;;;;
+0C21;TELUGU LETTER DDA;Lo;0;L;;;;;N;;;;;
+0C22;TELUGU LETTER DDHA;Lo;0;L;;;;;N;;;;;
+0C23;TELUGU LETTER NNA;Lo;0;L;;;;;N;;;;;
+0C24;TELUGU LETTER TA;Lo;0;L;;;;;N;;;;;
+0C25;TELUGU LETTER THA;Lo;0;L;;;;;N;;;;;
+0C26;TELUGU LETTER DA;Lo;0;L;;;;;N;;;;;
+0C27;TELUGU LETTER DHA;Lo;0;L;;;;;N;;;;;
+0C28;TELUGU LETTER NA;Lo;0;L;;;;;N;;;;;
+0C2A;TELUGU LETTER PA;Lo;0;L;;;;;N;;;;;
+0C2B;TELUGU LETTER PHA;Lo;0;L;;;;;N;;;;;
+0C2C;TELUGU LETTER BA;Lo;0;L;;;;;N;;;;;
+0C2D;TELUGU LETTER BHA;Lo;0;L;;;;;N;;;;;
+0C2E;TELUGU LETTER MA;Lo;0;L;;;;;N;;;;;
+0C2F;TELUGU LETTER YA;Lo;0;L;;;;;N;;;;;
+0C30;TELUGU LETTER RA;Lo;0;L;;;;;N;;;;;
+0C31;TELUGU LETTER RRA;Lo;0;L;;;;;N;;;;;
+0C32;TELUGU LETTER LA;Lo;0;L;;;;;N;;;;;
+0C33;TELUGU LETTER LLA;Lo;0;L;;;;;N;;;;;
+0C35;TELUGU LETTER VA;Lo;0;L;;;;;N;;;;;
+0C36;TELUGU LETTER SHA;Lo;0;L;;;;;N;;;;;
+0C37;TELUGU LETTER SSA;Lo;0;L;;;;;N;;;;;
+0C38;TELUGU LETTER SA;Lo;0;L;;;;;N;;;;;
+0C39;TELUGU LETTER HA;Lo;0;L;;;;;N;;;;;
+0C3E;TELUGU VOWEL SIGN AA;Mn;0;NSM;;;;;N;;;;;
+0C3F;TELUGU VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+0C40;TELUGU VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;;
+0C41;TELUGU VOWEL SIGN U;Mc;0;L;;;;;N;;;;;
+0C42;TELUGU VOWEL SIGN UU;Mc;0;L;;;;;N;;;;;
+0C43;TELUGU VOWEL SIGN VOCALIC R;Mc;0;L;;;;;N;;;;;
+0C44;TELUGU VOWEL SIGN VOCALIC RR;Mc;0;L;;;;;N;;;;;
+0C46;TELUGU VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;;
+0C47;TELUGU VOWEL SIGN EE;Mn;0;NSM;;;;;N;;;;;
+0C48;TELUGU VOWEL SIGN AI;Mn;0;NSM;0C46 0C56;;;;N;;;;;
+0C4A;TELUGU VOWEL SIGN O;Mn;0;NSM;;;;;N;;;;;
+0C4B;TELUGU VOWEL SIGN OO;Mn;0;NSM;;;;;N;;;;;
+0C4C;TELUGU VOWEL SIGN AU;Mn;0;NSM;;;;;N;;;;;
+0C4D;TELUGU SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0C55;TELUGU LENGTH MARK;Mn;84;NSM;;;;;N;;;;;
+0C56;TELUGU AI LENGTH MARK;Mn;91;NSM;;;;;N;;;;;
+0C60;TELUGU LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+0C61;TELUGU LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;;
+0C66;TELUGU DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0C67;TELUGU DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0C68;TELUGU DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0C69;TELUGU DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0C6A;TELUGU DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0C6B;TELUGU DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0C6C;TELUGU DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0C6D;TELUGU DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0C6E;TELUGU DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0C6F;TELUGU DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0C82;KANNADA SIGN ANUSVARA;Mc;0;L;;;;;N;;;;;
+0C83;KANNADA SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+0C85;KANNADA LETTER A;Lo;0;L;;;;;N;;;;;
+0C86;KANNADA LETTER AA;Lo;0;L;;;;;N;;;;;
+0C87;KANNADA LETTER I;Lo;0;L;;;;;N;;;;;
+0C88;KANNADA LETTER II;Lo;0;L;;;;;N;;;;;
+0C89;KANNADA LETTER U;Lo;0;L;;;;;N;;;;;
+0C8A;KANNADA LETTER UU;Lo;0;L;;;;;N;;;;;
+0C8B;KANNADA LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+0C8C;KANNADA LETTER VOCALIC L;Lo;0;L;;;;;N;;;;;
+0C8E;KANNADA LETTER E;Lo;0;L;;;;;N;;;;;
+0C8F;KANNADA LETTER EE;Lo;0;L;;;;;N;;;;;
+0C90;KANNADA LETTER AI;Lo;0;L;;;;;N;;;;;
+0C92;KANNADA LETTER O;Lo;0;L;;;;;N;;;;;
+0C93;KANNADA LETTER OO;Lo;0;L;;;;;N;;;;;
+0C94;KANNADA LETTER AU;Lo;0;L;;;;;N;;;;;
+0C95;KANNADA LETTER KA;Lo;0;L;;;;;N;;;;;
+0C96;KANNADA LETTER KHA;Lo;0;L;;;;;N;;;;;
+0C97;KANNADA LETTER GA;Lo;0;L;;;;;N;;;;;
+0C98;KANNADA LETTER GHA;Lo;0;L;;;;;N;;;;;
+0C99;KANNADA LETTER NGA;Lo;0;L;;;;;N;;;;;
+0C9A;KANNADA LETTER CA;Lo;0;L;;;;;N;;;;;
+0C9B;KANNADA LETTER CHA;Lo;0;L;;;;;N;;;;;
+0C9C;KANNADA LETTER JA;Lo;0;L;;;;;N;;;;;
+0C9D;KANNADA LETTER JHA;Lo;0;L;;;;;N;;;;;
+0C9E;KANNADA LETTER NYA;Lo;0;L;;;;;N;;;;;
+0C9F;KANNADA LETTER TTA;Lo;0;L;;;;;N;;;;;
+0CA0;KANNADA LETTER TTHA;Lo;0;L;;;;;N;;;;;
+0CA1;KANNADA LETTER DDA;Lo;0;L;;;;;N;;;;;
+0CA2;KANNADA LETTER DDHA;Lo;0;L;;;;;N;;;;;
+0CA3;KANNADA LETTER NNA;Lo;0;L;;;;;N;;;;;
+0CA4;KANNADA LETTER TA;Lo;0;L;;;;;N;;;;;
+0CA5;KANNADA LETTER THA;Lo;0;L;;;;;N;;;;;
+0CA6;KANNADA LETTER DA;Lo;0;L;;;;;N;;;;;
+0CA7;KANNADA LETTER DHA;Lo;0;L;;;;;N;;;;;
+0CA8;KANNADA LETTER NA;Lo;0;L;;;;;N;;;;;
+0CAA;KANNADA LETTER PA;Lo;0;L;;;;;N;;;;;
+0CAB;KANNADA LETTER PHA;Lo;0;L;;;;;N;;;;;
+0CAC;KANNADA LETTER BA;Lo;0;L;;;;;N;;;;;
+0CAD;KANNADA LETTER BHA;Lo;0;L;;;;;N;;;;;
+0CAE;KANNADA LETTER MA;Lo;0;L;;;;;N;;;;;
+0CAF;KANNADA LETTER YA;Lo;0;L;;;;;N;;;;;
+0CB0;KANNADA LETTER RA;Lo;0;L;;;;;N;;;;;
+0CB1;KANNADA LETTER RRA;Lo;0;L;;;;;N;;;;;
+0CB2;KANNADA LETTER LA;Lo;0;L;;;;;N;;;;;
+0CB3;KANNADA LETTER LLA;Lo;0;L;;;;;N;;;;;
+0CB5;KANNADA LETTER VA;Lo;0;L;;;;;N;;;;;
+0CB6;KANNADA LETTER SHA;Lo;0;L;;;;;N;;;;;
+0CB7;KANNADA LETTER SSA;Lo;0;L;;;;;N;;;;;
+0CB8;KANNADA LETTER SA;Lo;0;L;;;;;N;;;;;
+0CB9;KANNADA LETTER HA;Lo;0;L;;;;;N;;;;;
+0CBE;KANNADA VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+0CBF;KANNADA VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+0CC0;KANNADA VOWEL SIGN II;Mc;0;L;0CBF 0CD5;;;;N;;;;;
+0CC1;KANNADA VOWEL SIGN U;Mc;0;L;;;;;N;;;;;
+0CC2;KANNADA VOWEL SIGN UU;Mc;0;L;;;;;N;;;;;
+0CC3;KANNADA VOWEL SIGN VOCALIC R;Mc;0;L;;;;;N;;;;;
+0CC4;KANNADA VOWEL SIGN VOCALIC RR;Mc;0;L;;;;;N;;;;;
+0CC6;KANNADA VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;;
+0CC7;KANNADA VOWEL SIGN EE;Mc;0;L;0CC6 0CD5;;;;N;;;;;
+0CC8;KANNADA VOWEL SIGN AI;Mc;0;L;0CC6 0CD6;;;;N;;;;;
+0CCA;KANNADA VOWEL SIGN O;Mc;0;L;0CC6 0CC2;;;;N;;;;;
+0CCB;KANNADA VOWEL SIGN OO;Mc;0;L;0CCA 0CD5;;;;N;;;;;
+0CCC;KANNADA VOWEL SIGN AU;Mn;0;NSM;;;;;N;;;;;
+0CCD;KANNADA SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0CD5;KANNADA LENGTH MARK;Mc;0;L;;;;;N;;;;;
+0CD6;KANNADA AI LENGTH MARK;Mc;0;L;;;;;N;;;;;
+0CDE;KANNADA LETTER FA;Lo;0;L;;;;;N;;;;;
+0CE0;KANNADA LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+0CE1;KANNADA LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;;
+0CE6;KANNADA DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0CE7;KANNADA DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0CE8;KANNADA DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0CE9;KANNADA DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0CEA;KANNADA DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0CEB;KANNADA DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0CEC;KANNADA DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0CED;KANNADA DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0CEE;KANNADA DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0CEF;KANNADA DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0D02;MALAYALAM SIGN ANUSVARA;Mc;0;L;;;;;N;;;;;
+0D03;MALAYALAM SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+0D05;MALAYALAM LETTER A;Lo;0;L;;;;;N;;;;;
+0D06;MALAYALAM LETTER AA;Lo;0;L;;;;;N;;;;;
+0D07;MALAYALAM LETTER I;Lo;0;L;;;;;N;;;;;
+0D08;MALAYALAM LETTER II;Lo;0;L;;;;;N;;;;;
+0D09;MALAYALAM LETTER U;Lo;0;L;;;;;N;;;;;
+0D0A;MALAYALAM LETTER UU;Lo;0;L;;;;;N;;;;;
+0D0B;MALAYALAM LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+0D0C;MALAYALAM LETTER VOCALIC L;Lo;0;L;;;;;N;;;;;
+0D0E;MALAYALAM LETTER E;Lo;0;L;;;;;N;;;;;
+0D0F;MALAYALAM LETTER EE;Lo;0;L;;;;;N;;;;;
+0D10;MALAYALAM LETTER AI;Lo;0;L;;;;;N;;;;;
+0D12;MALAYALAM LETTER O;Lo;0;L;;;;;N;;;;;
+0D13;MALAYALAM LETTER OO;Lo;0;L;;;;;N;;;;;
+0D14;MALAYALAM LETTER AU;Lo;0;L;;;;;N;;;;;
+0D15;MALAYALAM LETTER KA;Lo;0;L;;;;;N;;;;;
+0D16;MALAYALAM LETTER KHA;Lo;0;L;;;;;N;;;;;
+0D17;MALAYALAM LETTER GA;Lo;0;L;;;;;N;;;;;
+0D18;MALAYALAM LETTER GHA;Lo;0;L;;;;;N;;;;;
+0D19;MALAYALAM LETTER NGA;Lo;0;L;;;;;N;;;;;
+0D1A;MALAYALAM LETTER CA;Lo;0;L;;;;;N;;;;;
+0D1B;MALAYALAM LETTER CHA;Lo;0;L;;;;;N;;;;;
+0D1C;MALAYALAM LETTER JA;Lo;0;L;;;;;N;;;;;
+0D1D;MALAYALAM LETTER JHA;Lo;0;L;;;;;N;;;;;
+0D1E;MALAYALAM LETTER NYA;Lo;0;L;;;;;N;;;;;
+0D1F;MALAYALAM LETTER TTA;Lo;0;L;;;;;N;;;;;
+0D20;MALAYALAM LETTER TTHA;Lo;0;L;;;;;N;;;;;
+0D21;MALAYALAM LETTER DDA;Lo;0;L;;;;;N;;;;;
+0D22;MALAYALAM LETTER DDHA;Lo;0;L;;;;;N;;;;;
+0D23;MALAYALAM LETTER NNA;Lo;0;L;;;;;N;;;;;
+0D24;MALAYALAM LETTER TA;Lo;0;L;;;;;N;;;;;
+0D25;MALAYALAM LETTER THA;Lo;0;L;;;;;N;;;;;
+0D26;MALAYALAM LETTER DA;Lo;0;L;;;;;N;;;;;
+0D27;MALAYALAM LETTER DHA;Lo;0;L;;;;;N;;;;;
+0D28;MALAYALAM LETTER NA;Lo;0;L;;;;;N;;;;;
+0D2A;MALAYALAM LETTER PA;Lo;0;L;;;;;N;;;;;
+0D2B;MALAYALAM LETTER PHA;Lo;0;L;;;;;N;;;;;
+0D2C;MALAYALAM LETTER BA;Lo;0;L;;;;;N;;;;;
+0D2D;MALAYALAM LETTER BHA;Lo;0;L;;;;;N;;;;;
+0D2E;MALAYALAM LETTER MA;Lo;0;L;;;;;N;;;;;
+0D2F;MALAYALAM LETTER YA;Lo;0;L;;;;;N;;;;;
+0D30;MALAYALAM LETTER RA;Lo;0;L;;;;;N;;;;;
+0D31;MALAYALAM LETTER RRA;Lo;0;L;;;;;N;;;;;
+0D32;MALAYALAM LETTER LA;Lo;0;L;;;;;N;;;;;
+0D33;MALAYALAM LETTER LLA;Lo;0;L;;;;;N;;;;;
+0D34;MALAYALAM LETTER LLLA;Lo;0;L;;;;;N;;;;;
+0D35;MALAYALAM LETTER VA;Lo;0;L;;;;;N;;;;;
+0D36;MALAYALAM LETTER SHA;Lo;0;L;;;;;N;;;;;
+0D37;MALAYALAM LETTER SSA;Lo;0;L;;;;;N;;;;;
+0D38;MALAYALAM LETTER SA;Lo;0;L;;;;;N;;;;;
+0D39;MALAYALAM LETTER HA;Lo;0;L;;;;;N;;;;;
+0D3E;MALAYALAM VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+0D3F;MALAYALAM VOWEL SIGN I;Mc;0;L;;;;;N;;;;;
+0D40;MALAYALAM VOWEL SIGN II;Mc;0;L;;;;;N;;;;;
+0D41;MALAYALAM VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+0D42;MALAYALAM VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+0D43;MALAYALAM VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;;
+0D46;MALAYALAM VOWEL SIGN E;Mc;0;L;;;;;N;;;;;
+0D47;MALAYALAM VOWEL SIGN EE;Mc;0;L;;;;;N;;;;;
+0D48;MALAYALAM VOWEL SIGN AI;Mc;0;L;;;;;N;;;;;
+0D4A;MALAYALAM VOWEL SIGN O;Mc;0;L;0D46 0D3E;;;;N;;;;;
+0D4B;MALAYALAM VOWEL SIGN OO;Mc;0;L;0D47 0D3E;;;;N;;;;;
+0D4C;MALAYALAM VOWEL SIGN AU;Mc;0;L;0D46 0D57;;;;N;;;;;
+0D4D;MALAYALAM SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0D57;MALAYALAM AU LENGTH MARK;Mc;0;L;;;;;N;;;;;
+0D60;MALAYALAM LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+0D61;MALAYALAM LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;;
+0D66;MALAYALAM DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0D67;MALAYALAM DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0D68;MALAYALAM DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0D69;MALAYALAM DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0D6A;MALAYALAM DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0D6B;MALAYALAM DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0D6C;MALAYALAM DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0D6D;MALAYALAM DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0D6E;MALAYALAM DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0D6F;MALAYALAM DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0D82;SINHALA SIGN ANUSVARAYA;Mc;0;L;;;;;N;;;;;
+0D83;SINHALA SIGN VISARGAYA;Mc;0;L;;;;;N;;;;;
+0D85;SINHALA LETTER AYANNA;Lo;0;L;;;;;N;;;;;
+0D86;SINHALA LETTER AAYANNA;Lo;0;L;;;;;N;;;;;
+0D87;SINHALA LETTER AEYANNA;Lo;0;L;;;;;N;;;;;
+0D88;SINHALA LETTER AEEYANNA;Lo;0;L;;;;;N;;;;;
+0D89;SINHALA LETTER IYANNA;Lo;0;L;;;;;N;;;;;
+0D8A;SINHALA LETTER IIYANNA;Lo;0;L;;;;;N;;;;;
+0D8B;SINHALA LETTER UYANNA;Lo;0;L;;;;;N;;;;;
+0D8C;SINHALA LETTER UUYANNA;Lo;0;L;;;;;N;;;;;
+0D8D;SINHALA LETTER IRUYANNA;Lo;0;L;;;;;N;;;;;
+0D8E;SINHALA LETTER IRUUYANNA;Lo;0;L;;;;;N;;;;;
+0D8F;SINHALA LETTER ILUYANNA;Lo;0;L;;;;;N;;;;;
+0D90;SINHALA LETTER ILUUYANNA;Lo;0;L;;;;;N;;;;;
+0D91;SINHALA LETTER EYANNA;Lo;0;L;;;;;N;;;;;
+0D92;SINHALA LETTER EEYANNA;Lo;0;L;;;;;N;;;;;
+0D93;SINHALA LETTER AIYANNA;Lo;0;L;;;;;N;;;;;
+0D94;SINHALA LETTER OYANNA;Lo;0;L;;;;;N;;;;;
+0D95;SINHALA LETTER OOYANNA;Lo;0;L;;;;;N;;;;;
+0D96;SINHALA LETTER AUYANNA;Lo;0;L;;;;;N;;;;;
+0D9A;SINHALA LETTER ALPAPRAANA KAYANNA;Lo;0;L;;;;;N;;;;;
+0D9B;SINHALA LETTER MAHAAPRAANA KAYANNA;Lo;0;L;;;;;N;;;;;
+0D9C;SINHALA LETTER ALPAPRAANA GAYANNA;Lo;0;L;;;;;N;;;;;
+0D9D;SINHALA LETTER MAHAAPRAANA GAYANNA;Lo;0;L;;;;;N;;;;;
+0D9E;SINHALA LETTER KANTAJA NAASIKYAYA;Lo;0;L;;;;;N;;;;;
+0D9F;SINHALA LETTER SANYAKA GAYANNA;Lo;0;L;;;;;N;;;;;
+0DA0;SINHALA LETTER ALPAPRAANA CAYANNA;Lo;0;L;;;;;N;;;;;
+0DA1;SINHALA LETTER MAHAAPRAANA CAYANNA;Lo;0;L;;;;;N;;;;;
+0DA2;SINHALA LETTER ALPAPRAANA JAYANNA;Lo;0;L;;;;;N;;;;;
+0DA3;SINHALA LETTER MAHAAPRAANA JAYANNA;Lo;0;L;;;;;N;;;;;
+0DA4;SINHALA LETTER TAALUJA NAASIKYAYA;Lo;0;L;;;;;N;;;;;
+0DA5;SINHALA LETTER TAALUJA SANYOOGA NAAKSIKYAYA;Lo;0;L;;;;;N;;;;;
+0DA6;SINHALA LETTER SANYAKA JAYANNA;Lo;0;L;;;;;N;;;;;
+0DA7;SINHALA LETTER ALPAPRAANA TTAYANNA;Lo;0;L;;;;;N;;;;;
+0DA8;SINHALA LETTER MAHAAPRAANA TTAYANNA;Lo;0;L;;;;;N;;;;;
+0DA9;SINHALA LETTER ALPAPRAANA DDAYANNA;Lo;0;L;;;;;N;;;;;
+0DAA;SINHALA LETTER MAHAAPRAANA DDAYANNA;Lo;0;L;;;;;N;;;;;
+0DAB;SINHALA LETTER MUURDHAJA NAYANNA;Lo;0;L;;;;;N;;;;;
+0DAC;SINHALA LETTER SANYAKA DDAYANNA;Lo;0;L;;;;;N;;;;;
+0DAD;SINHALA LETTER ALPAPRAANA TAYANNA;Lo;0;L;;;;;N;;;;;
+0DAE;SINHALA LETTER MAHAAPRAANA TAYANNA;Lo;0;L;;;;;N;;;;;
+0DAF;SINHALA LETTER ALPAPRAANA DAYANNA;Lo;0;L;;;;;N;;;;;
+0DB0;SINHALA LETTER MAHAAPRAANA DAYANNA;Lo;0;L;;;;;N;;;;;
+0DB1;SINHALA LETTER DANTAJA NAYANNA;Lo;0;L;;;;;N;;;;;
+0DB3;SINHALA LETTER SANYAKA DAYANNA;Lo;0;L;;;;;N;;;;;
+0DB4;SINHALA LETTER ALPAPRAANA PAYANNA;Lo;0;L;;;;;N;;;;;
+0DB5;SINHALA LETTER MAHAAPRAANA PAYANNA;Lo;0;L;;;;;N;;;;;
+0DB6;SINHALA LETTER ALPAPRAANA BAYANNA;Lo;0;L;;;;;N;;;;;
+0DB7;SINHALA LETTER MAHAAPRAANA BAYANNA;Lo;0;L;;;;;N;;;;;
+0DB8;SINHALA LETTER MAYANNA;Lo;0;L;;;;;N;;;;;
+0DB9;SINHALA LETTER AMBA BAYANNA;Lo;0;L;;;;;N;;;;;
+0DBA;SINHALA LETTER YAYANNA;Lo;0;L;;;;;N;;;;;
+0DBB;SINHALA LETTER RAYANNA;Lo;0;L;;;;;N;;;;;
+0DBD;SINHALA LETTER DANTAJA LAYANNA;Lo;0;L;;;;;N;;;;;
+0DC0;SINHALA LETTER VAYANNA;Lo;0;L;;;;;N;;;;;
+0DC1;SINHALA LETTER TAALUJA SAYANNA;Lo;0;L;;;;;N;;;;;
+0DC2;SINHALA LETTER MUURDHAJA SAYANNA;Lo;0;L;;;;;N;;;;;
+0DC3;SINHALA LETTER DANTAJA SAYANNA;Lo;0;L;;;;;N;;;;;
+0DC4;SINHALA LETTER HAYANNA;Lo;0;L;;;;;N;;;;;
+0DC5;SINHALA LETTER MUURDHAJA LAYANNA;Lo;0;L;;;;;N;;;;;
+0DC6;SINHALA LETTER FAYANNA;Lo;0;L;;;;;N;;;;;
+0DCA;SINHALA SIGN AL-LAKUNA;Mn;9;NSM;;;;;N;;;;;
+0DCF;SINHALA VOWEL SIGN AELA-PILLA;Mc;0;L;;;;;N;;;;;
+0DD0;SINHALA VOWEL SIGN KETTI AEDA-PILLA;Mc;0;L;;;;;N;;;;;
+0DD1;SINHALA VOWEL SIGN DIGA AEDA-PILLA;Mc;0;L;;;;;N;;;;;
+0DD2;SINHALA VOWEL SIGN KETTI IS-PILLA;Mn;0;NSM;;;;;N;;;;;
+0DD3;SINHALA VOWEL SIGN DIGA IS-PILLA;Mn;0;NSM;;;;;N;;;;;
+0DD4;SINHALA VOWEL SIGN KETTI PAA-PILLA;Mn;0;NSM;;;;;N;;;;;
+0DD6;SINHALA VOWEL SIGN DIGA PAA-PILLA;Mn;0;NSM;;;;;N;;;;;
+0DD8;SINHALA VOWEL SIGN GAETTA-PILLA;Mc;0;L;;;;;N;;;;;
+0DD9;SINHALA VOWEL SIGN KOMBUVA;Mc;0;L;;;;;N;;;;;
+0DDA;SINHALA VOWEL SIGN DIGA KOMBUVA;Mc;0;L;0DD9 0DCA;;;;N;;;;;
+0DDB;SINHALA VOWEL SIGN KOMBU DEKA;Mc;0;L;;;;;N;;;;;
+0DDC;SINHALA VOWEL SIGN KOMBUVA HAA AELA-PILLA;Mc;0;L;0DD9 0DCF;;;;N;;;;;
+0DDD;SINHALA VOWEL SIGN KOMBUVA HAA DIGA AELA-PILLA;Mc;0;L;0DDC 0DCA;;;;N;;;;;
+0DDE;SINHALA VOWEL SIGN KOMBUVA HAA GAYANUKITTA;Mc;0;L;0DD9 0DDF;;;;N;;;;;
+0DDF;SINHALA VOWEL SIGN GAYANUKITTA;Mc;0;L;;;;;N;;;;;
+0DF2;SINHALA VOWEL SIGN DIGA GAETTA-PILLA;Mc;0;L;;;;;N;;;;;
+0DF3;SINHALA VOWEL SIGN DIGA GAYANUKITTA;Mc;0;L;;;;;N;;;;;
+0DF4;SINHALA PUNCTUATION KUNDDALIYA;Po;0;L;;;;;N;;;;;
+0E01;THAI CHARACTER KO KAI;Lo;0;L;;;;;N;THAI LETTER KO KAI;;;;
+0E02;THAI CHARACTER KHO KHAI;Lo;0;L;;;;;N;THAI LETTER KHO KHAI;;;;
+0E03;THAI CHARACTER KHO KHUAT;Lo;0;L;;;;;N;THAI LETTER KHO KHUAT;;;;
+0E04;THAI CHARACTER KHO KHWAI;Lo;0;L;;;;;N;THAI LETTER KHO KHWAI;;;;
+0E05;THAI CHARACTER KHO KHON;Lo;0;L;;;;;N;THAI LETTER KHO KHON;;;;
+0E06;THAI CHARACTER KHO RAKHANG;Lo;0;L;;;;;N;THAI LETTER KHO RAKHANG;;;;
+0E07;THAI CHARACTER NGO NGU;Lo;0;L;;;;;N;THAI LETTER NGO NGU;;;;
+0E08;THAI CHARACTER CHO CHAN;Lo;0;L;;;;;N;THAI LETTER CHO CHAN;;;;
+0E09;THAI CHARACTER CHO CHING;Lo;0;L;;;;;N;THAI LETTER CHO CHING;;;;
+0E0A;THAI CHARACTER CHO CHANG;Lo;0;L;;;;;N;THAI LETTER CHO CHANG;;;;
+0E0B;THAI CHARACTER SO SO;Lo;0;L;;;;;N;THAI LETTER SO SO;;;;
+0E0C;THAI CHARACTER CHO CHOE;Lo;0;L;;;;;N;THAI LETTER CHO CHOE;;;;
+0E0D;THAI CHARACTER YO YING;Lo;0;L;;;;;N;THAI LETTER YO YING;;;;
+0E0E;THAI CHARACTER DO CHADA;Lo;0;L;;;;;N;THAI LETTER DO CHADA;;;;
+0E0F;THAI CHARACTER TO PATAK;Lo;0;L;;;;;N;THAI LETTER TO PATAK;;;;
+0E10;THAI CHARACTER THO THAN;Lo;0;L;;;;;N;THAI LETTER THO THAN;;;;
+0E11;THAI CHARACTER THO NANGMONTHO;Lo;0;L;;;;;N;THAI LETTER THO NANGMONTHO;;;;
+0E12;THAI CHARACTER THO PHUTHAO;Lo;0;L;;;;;N;THAI LETTER THO PHUTHAO;;;;
+0E13;THAI CHARACTER NO NEN;Lo;0;L;;;;;N;THAI LETTER NO NEN;;;;
+0E14;THAI CHARACTER DO DEK;Lo;0;L;;;;;N;THAI LETTER DO DEK;;;;
+0E15;THAI CHARACTER TO TAO;Lo;0;L;;;;;N;THAI LETTER TO TAO;;;;
+0E16;THAI CHARACTER THO THUNG;Lo;0;L;;;;;N;THAI LETTER THO THUNG;;;;
+0E17;THAI CHARACTER THO THAHAN;Lo;0;L;;;;;N;THAI LETTER THO THAHAN;;;;
+0E18;THAI CHARACTER THO THONG;Lo;0;L;;;;;N;THAI LETTER THO THONG;;;;
+0E19;THAI CHARACTER NO NU;Lo;0;L;;;;;N;THAI LETTER NO NU;;;;
+0E1A;THAI CHARACTER BO BAIMAI;Lo;0;L;;;;;N;THAI LETTER BO BAIMAI;;;;
+0E1B;THAI CHARACTER PO PLA;Lo;0;L;;;;;N;THAI LETTER PO PLA;;;;
+0E1C;THAI CHARACTER PHO PHUNG;Lo;0;L;;;;;N;THAI LETTER PHO PHUNG;;;;
+0E1D;THAI CHARACTER FO FA;Lo;0;L;;;;;N;THAI LETTER FO FA;;;;
+0E1E;THAI CHARACTER PHO PHAN;Lo;0;L;;;;;N;THAI LETTER PHO PHAN;;;;
+0E1F;THAI CHARACTER FO FAN;Lo;0;L;;;;;N;THAI LETTER FO FAN;;;;
+0E20;THAI CHARACTER PHO SAMPHAO;Lo;0;L;;;;;N;THAI LETTER PHO SAMPHAO;;;;
+0E21;THAI CHARACTER MO MA;Lo;0;L;;;;;N;THAI LETTER MO MA;;;;
+0E22;THAI CHARACTER YO YAK;Lo;0;L;;;;;N;THAI LETTER YO YAK;;;;
+0E23;THAI CHARACTER RO RUA;Lo;0;L;;;;;N;THAI LETTER RO RUA;;;;
+0E24;THAI CHARACTER RU;Lo;0;L;;;;;N;THAI LETTER RU;;;;
+0E25;THAI CHARACTER LO LING;Lo;0;L;;;;;N;THAI LETTER LO LING;;;;
+0E26;THAI CHARACTER LU;Lo;0;L;;;;;N;THAI LETTER LU;;;;
+0E27;THAI CHARACTER WO WAEN;Lo;0;L;;;;;N;THAI LETTER WO WAEN;;;;
+0E28;THAI CHARACTER SO SALA;Lo;0;L;;;;;N;THAI LETTER SO SALA;;;;
+0E29;THAI CHARACTER SO RUSI;Lo;0;L;;;;;N;THAI LETTER SO RUSI;;;;
+0E2A;THAI CHARACTER SO SUA;Lo;0;L;;;;;N;THAI LETTER SO SUA;;;;
+0E2B;THAI CHARACTER HO HIP;Lo;0;L;;;;;N;THAI LETTER HO HIP;;;;
+0E2C;THAI CHARACTER LO CHULA;Lo;0;L;;;;;N;THAI LETTER LO CHULA;;;;
+0E2D;THAI CHARACTER O ANG;Lo;0;L;;;;;N;THAI LETTER O ANG;;;;
+0E2E;THAI CHARACTER HO NOKHUK;Lo;0;L;;;;;N;THAI LETTER HO NOK HUK;;;;
+0E2F;THAI CHARACTER PAIYANNOI;Lo;0;L;;;;;N;THAI PAI YAN NOI;paiyan noi;;;
+0E30;THAI CHARACTER SARA A;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA A;;;;
+0E31;THAI CHARACTER MAI HAN-AKAT;Mn;0;NSM;;;;;N;THAI VOWEL SIGN MAI HAN-AKAT;;;;
+0E32;THAI CHARACTER SARA AA;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA AA;;;;
+0E33;THAI CHARACTER SARA AM;Lo;0;L;<compat> 0E4D 0E32;;;;N;THAI VOWEL SIGN SARA AM;;;;
+0E34;THAI CHARACTER SARA I;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA I;;;;
+0E35;THAI CHARACTER SARA II;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA II;;;;
+0E36;THAI CHARACTER SARA UE;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA UE;;;;
+0E37;THAI CHARACTER SARA UEE;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA UEE;sara uue;;;
+0E38;THAI CHARACTER SARA U;Mn;103;NSM;;;;;N;THAI VOWEL SIGN SARA U;;;;
+0E39;THAI CHARACTER SARA UU;Mn;103;NSM;;;;;N;THAI VOWEL SIGN SARA UU;;;;
+0E3A;THAI CHARACTER PHINTHU;Mn;9;NSM;;;;;N;THAI VOWEL SIGN PHINTHU;;;;
+0E3F;THAI CURRENCY SYMBOL BAHT;Sc;0;ET;;;;;N;THAI BAHT SIGN;;;;
+0E40;THAI CHARACTER SARA E;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA E;;;;
+0E41;THAI CHARACTER SARA AE;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA AE;;;;
+0E42;THAI CHARACTER SARA O;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA O;;;;
+0E43;THAI CHARACTER SARA AI MAIMUAN;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA MAI MUAN;sara ai mai muan;;;
+0E44;THAI CHARACTER SARA AI MAIMALAI;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA MAI MALAI;sara ai mai malai;;;
+0E45;THAI CHARACTER LAKKHANGYAO;Lo;0;L;;;;;N;THAI LAK KHANG YAO;lakkhang yao;;;
+0E46;THAI CHARACTER MAIYAMOK;Lm;0;L;;;;;N;THAI MAI YAMOK;mai yamok;;;
+0E47;THAI CHARACTER MAITAIKHU;Mn;0;NSM;;;;;N;THAI VOWEL SIGN MAI TAI KHU;mai taikhu;;;
+0E48;THAI CHARACTER MAI EK;Mn;107;NSM;;;;;N;THAI TONE MAI EK;;;;
+0E49;THAI CHARACTER MAI THO;Mn;107;NSM;;;;;N;THAI TONE MAI THO;;;;
+0E4A;THAI CHARACTER MAI TRI;Mn;107;NSM;;;;;N;THAI TONE MAI TRI;;;;
+0E4B;THAI CHARACTER MAI CHATTAWA;Mn;107;NSM;;;;;N;THAI TONE MAI CHATTAWA;;;;
+0E4C;THAI CHARACTER THANTHAKHAT;Mn;0;NSM;;;;;N;THAI THANTHAKHAT;;;;
+0E4D;THAI CHARACTER NIKHAHIT;Mn;0;NSM;;;;;N;THAI NIKKHAHIT;nikkhahit;;;
+0E4E;THAI CHARACTER YAMAKKAN;Mn;0;NSM;;;;;N;THAI YAMAKKAN;;;;
+0E4F;THAI CHARACTER FONGMAN;Po;0;L;;;;;N;THAI FONGMAN;;;;
+0E50;THAI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0E51;THAI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0E52;THAI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0E53;THAI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0E54;THAI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0E55;THAI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0E56;THAI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0E57;THAI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0E58;THAI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0E59;THAI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0E5A;THAI CHARACTER ANGKHANKHU;Po;0;L;;;;;N;THAI ANGKHANKHU;;;;
+0E5B;THAI CHARACTER KHOMUT;Po;0;L;;;;;N;THAI KHOMUT;;;;
+0E81;LAO LETTER KO;Lo;0;L;;;;;N;;;;;
+0E82;LAO LETTER KHO SUNG;Lo;0;L;;;;;N;;;;;
+0E84;LAO LETTER KHO TAM;Lo;0;L;;;;;N;;;;;
+0E87;LAO LETTER NGO;Lo;0;L;;;;;N;;;;;
+0E88;LAO LETTER CO;Lo;0;L;;;;;N;;;;;
+0E8A;LAO LETTER SO TAM;Lo;0;L;;;;;N;;;;;
+0E8D;LAO LETTER NYO;Lo;0;L;;;;;N;;;;;
+0E94;LAO LETTER DO;Lo;0;L;;;;;N;;;;;
+0E95;LAO LETTER TO;Lo;0;L;;;;;N;;;;;
+0E96;LAO LETTER THO SUNG;Lo;0;L;;;;;N;;;;;
+0E97;LAO LETTER THO TAM;Lo;0;L;;;;;N;;;;;
+0E99;LAO LETTER NO;Lo;0;L;;;;;N;;;;;
+0E9A;LAO LETTER BO;Lo;0;L;;;;;N;;;;;
+0E9B;LAO LETTER PO;Lo;0;L;;;;;N;;;;;
+0E9C;LAO LETTER PHO SUNG;Lo;0;L;;;;;N;;;;;
+0E9D;LAO LETTER FO TAM;Lo;0;L;;;;;N;;;;;
+0E9E;LAO LETTER PHO TAM;Lo;0;L;;;;;N;;;;;
+0E9F;LAO LETTER FO SUNG;Lo;0;L;;;;;N;;;;;
+0EA1;LAO LETTER MO;Lo;0;L;;;;;N;;;;;
+0EA2;LAO LETTER YO;Lo;0;L;;;;;N;;;;;
+0EA3;LAO LETTER LO LING;Lo;0;L;;;;;N;;;;;
+0EA5;LAO LETTER LO LOOT;Lo;0;L;;;;;N;;;;;
+0EA7;LAO LETTER WO;Lo;0;L;;;;;N;;;;;
+0EAA;LAO LETTER SO SUNG;Lo;0;L;;;;;N;;;;;
+0EAB;LAO LETTER HO SUNG;Lo;0;L;;;;;N;;;;;
+0EAD;LAO LETTER O;Lo;0;L;;;;;N;;;;;
+0EAE;LAO LETTER HO TAM;Lo;0;L;;;;;N;;;;;
+0EAF;LAO ELLIPSIS;Lo;0;L;;;;;N;;;;;
+0EB0;LAO VOWEL SIGN A;Lo;0;L;;;;;N;;;;;
+0EB1;LAO VOWEL SIGN MAI KAN;Mn;0;NSM;;;;;N;;;;;
+0EB2;LAO VOWEL SIGN AA;Lo;0;L;;;;;N;;;;;
+0EB3;LAO VOWEL SIGN AM;Lo;0;L;<compat> 0ECD 0EB2;;;;N;;;;;
+0EB4;LAO VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+0EB5;LAO VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;;
+0EB6;LAO VOWEL SIGN Y;Mn;0;NSM;;;;;N;;;;;
+0EB7;LAO VOWEL SIGN YY;Mn;0;NSM;;;;;N;;;;;
+0EB8;LAO VOWEL SIGN U;Mn;118;NSM;;;;;N;;;;;
+0EB9;LAO VOWEL SIGN UU;Mn;118;NSM;;;;;N;;;;;
+0EBB;LAO VOWEL SIGN MAI KON;Mn;0;NSM;;;;;N;;;;;
+0EBC;LAO SEMIVOWEL SIGN LO;Mn;0;NSM;;;;;N;;;;;
+0EBD;LAO SEMIVOWEL SIGN NYO;Lo;0;L;;;;;N;;;;;
+0EC0;LAO VOWEL SIGN E;Lo;0;L;;;;;N;;;;;
+0EC1;LAO VOWEL SIGN EI;Lo;0;L;;;;;N;;;;;
+0EC2;LAO VOWEL SIGN O;Lo;0;L;;;;;N;;;;;
+0EC3;LAO VOWEL SIGN AY;Lo;0;L;;;;;N;;;;;
+0EC4;LAO VOWEL SIGN AI;Lo;0;L;;;;;N;;;;;
+0EC6;LAO KO LA;Lm;0;L;;;;;N;;;;;
+0EC8;LAO TONE MAI EK;Mn;122;NSM;;;;;N;;;;;
+0EC9;LAO TONE MAI THO;Mn;122;NSM;;;;;N;;;;;
+0ECA;LAO TONE MAI TI;Mn;122;NSM;;;;;N;;;;;
+0ECB;LAO TONE MAI CATAWA;Mn;122;NSM;;;;;N;;;;;
+0ECC;LAO CANCELLATION MARK;Mn;0;NSM;;;;;N;;;;;
+0ECD;LAO NIGGAHITA;Mn;0;NSM;;;;;N;;;;;
+0ED0;LAO DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0ED1;LAO DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0ED2;LAO DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0ED3;LAO DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0ED4;LAO DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0ED5;LAO DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0ED6;LAO DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0ED7;LAO DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0ED8;LAO DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0ED9;LAO DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0EDC;LAO HO NO;Lo;0;L;<compat> 0EAB 0E99;;;;N;;;;;
+0EDD;LAO HO MO;Lo;0;L;<compat> 0EAB 0EA1;;;;N;;;;;
+0F00;TIBETAN SYLLABLE OM;Lo;0;L;;;;;N;;;;;
+0F01;TIBETAN MARK GTER YIG MGO TRUNCATED A;So;0;L;;;;;N;;ter yik go a thung;;;
+0F02;TIBETAN MARK GTER YIG MGO -UM RNAM BCAD MA;So;0;L;;;;;N;;ter yik go wum nam chey ma;;;
+0F03;TIBETAN MARK GTER YIG MGO -UM GTER TSHEG MA;So;0;L;;;;;N;;ter yik go wum ter tsek ma;;;
+0F04;TIBETAN MARK INITIAL YIG MGO MDUN MA;Po;0;L;;;;;N;TIBETAN SINGLE ORNAMENT;yik go dun ma;;;
+0F05;TIBETAN MARK CLOSING YIG MGO SGAB MA;Po;0;L;;;;;N;;yik go kab ma;;;
+0F06;TIBETAN MARK CARET YIG MGO PHUR SHAD MA;Po;0;L;;;;;N;;yik go pur shey ma;;;
+0F07;TIBETAN MARK YIG MGO TSHEG SHAD MA;Po;0;L;;;;;N;;yik go tsek shey ma;;;
+0F08;TIBETAN MARK SBRUL SHAD;Po;0;L;;;;;N;TIBETAN RGYANSHAD;drul shey;;;
+0F09;TIBETAN MARK BSKUR YIG MGO;Po;0;L;;;;;N;;kur yik go;;;
+0F0A;TIBETAN MARK BKA- SHOG YIG MGO;Po;0;L;;;;;N;;ka sho yik go;;;
+0F0B;TIBETAN MARK INTERSYLLABIC TSHEG;Po;0;L;;;;;N;TIBETAN TSEG;tsek;;;
+0F0C;TIBETAN MARK DELIMITER TSHEG BSTAR;Po;0;L;<noBreak> 0F0B;;;;N;;tsek tar;;;
+0F0D;TIBETAN MARK SHAD;Po;0;L;;;;;N;TIBETAN SHAD;shey;;;
+0F0E;TIBETAN MARK NYIS SHAD;Po;0;L;;;;;N;TIBETAN DOUBLE SHAD;nyi shey;;;
+0F0F;TIBETAN MARK TSHEG SHAD;Po;0;L;;;;;N;;tsek shey;;;
+0F10;TIBETAN MARK NYIS TSHEG SHAD;Po;0;L;;;;;N;;nyi tsek shey;;;
+0F11;TIBETAN MARK RIN CHEN SPUNGS SHAD;Po;0;L;;;;;N;TIBETAN RINCHANPHUNGSHAD;rinchen pung shey;;;
+0F12;TIBETAN MARK RGYA GRAM SHAD;Po;0;L;;;;;N;;gya tram shey;;;
+0F13;TIBETAN MARK CARET -DZUD RTAGS ME LONG CAN;So;0;L;;;;;N;;dzu ta me long chen;;;
+0F14;TIBETAN MARK GTER TSHEG;So;0;L;;;;;N;TIBETAN COMMA;ter tsek;;;
+0F15;TIBETAN LOGOTYPE SIGN CHAD RTAGS;So;0;L;;;;;N;;che ta;;;
+0F16;TIBETAN LOGOTYPE SIGN LHAG RTAGS;So;0;L;;;;;N;;hlak ta;;;
+0F17;TIBETAN ASTROLOGICAL SIGN SGRA GCAN -CHAR RTAGS;So;0;L;;;;;N;;trachen char ta;;;
+0F18;TIBETAN ASTROLOGICAL SIGN -KHYUD PA;Mn;220;NSM;;;;;N;;kyu pa;;;
+0F19;TIBETAN ASTROLOGICAL SIGN SDONG TSHUGS;Mn;220;NSM;;;;;N;;dong tsu;;;
+0F1A;TIBETAN SIGN RDEL DKAR GCIG;So;0;L;;;;;N;;deka chig;;;
+0F1B;TIBETAN SIGN RDEL DKAR GNYIS;So;0;L;;;;;N;;deka nyi;;;
+0F1C;TIBETAN SIGN RDEL DKAR GSUM;So;0;L;;;;;N;;deka sum;;;
+0F1D;TIBETAN SIGN RDEL NAG GCIG;So;0;L;;;;;N;;dena chig;;;
+0F1E;TIBETAN SIGN RDEL NAG GNYIS;So;0;L;;;;;N;;dena nyi;;;
+0F1F;TIBETAN SIGN RDEL DKAR RDEL NAG;So;0;L;;;;;N;;deka dena;;;
+0F20;TIBETAN DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0F21;TIBETAN DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0F22;TIBETAN DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0F23;TIBETAN DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0F24;TIBETAN DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0F25;TIBETAN DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0F26;TIBETAN DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0F27;TIBETAN DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0F28;TIBETAN DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0F29;TIBETAN DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0F2A;TIBETAN DIGIT HALF ONE;No;0;L;;;;1/2;N;;;;;
+0F2B;TIBETAN DIGIT HALF TWO;No;0;L;;;;3/2;N;;;;;
+0F2C;TIBETAN DIGIT HALF THREE;No;0;L;;;;5/2;N;;;;;
+0F2D;TIBETAN DIGIT HALF FOUR;No;0;L;;;;7/2;N;;;;;
+0F2E;TIBETAN DIGIT HALF FIVE;No;0;L;;;;9/2;N;;;;;
+0F2F;TIBETAN DIGIT HALF SIX;No;0;L;;;;11/2;N;;;;;
+0F30;TIBETAN DIGIT HALF SEVEN;No;0;L;;;;13/2;N;;;;;
+0F31;TIBETAN DIGIT HALF EIGHT;No;0;L;;;;15/2;N;;;;;
+0F32;TIBETAN DIGIT HALF NINE;No;0;L;;;;17/2;N;;;;;
+0F33;TIBETAN DIGIT HALF ZERO;No;0;L;;;;-1/2;N;;;;;
+0F34;TIBETAN MARK BSDUS RTAGS;So;0;L;;;;;N;;du ta;;;
+0F35;TIBETAN MARK NGAS BZUNG NYI ZLA;Mn;220;NSM;;;;;N;TIBETAN HONORIFIC UNDER RING;nge zung nyi da;;;
+0F36;TIBETAN MARK CARET -DZUD RTAGS BZHI MIG CAN;So;0;L;;;;;N;;dzu ta shi mig chen;;;
+0F37;TIBETAN MARK NGAS BZUNG SGOR RTAGS;Mn;220;NSM;;;;;N;TIBETAN UNDER RING;nge zung gor ta;;;
+0F38;TIBETAN MARK CHE MGO;So;0;L;;;;;N;;che go;;;
+0F39;TIBETAN MARK TSA -PHRU;Mn;216;NSM;;;;;N;TIBETAN LENITION MARK;tsa tru;;;
+0F3A;TIBETAN MARK GUG RTAGS GYON;Ps;0;ON;;;;;N;;gug ta yun;;;
+0F3B;TIBETAN MARK GUG RTAGS GYAS;Pe;0;ON;;;;;N;;gug ta ye;;;
+0F3C;TIBETAN MARK ANG KHANG GYON;Ps;0;ON;;;;;N;TIBETAN LEFT BRACE;ang kang yun;;;
+0F3D;TIBETAN MARK ANG KHANG GYAS;Pe;0;ON;;;;;N;TIBETAN RIGHT BRACE;ang kang ye;;;
+0F3E;TIBETAN SIGN YAR TSHES;Mc;0;L;;;;;N;;yar tse;;;
+0F3F;TIBETAN SIGN MAR TSHES;Mc;0;L;;;;;N;;mar tse;;;
+0F40;TIBETAN LETTER KA;Lo;0;L;;;;;N;;;;;
+0F41;TIBETAN LETTER KHA;Lo;0;L;;;;;N;;;;;
+0F42;TIBETAN LETTER GA;Lo;0;L;;;;;N;;;;;
+0F43;TIBETAN LETTER GHA;Lo;0;L;0F42 0FB7;;;;N;;;;;
+0F44;TIBETAN LETTER NGA;Lo;0;L;;;;;N;;;;;
+0F45;TIBETAN LETTER CA;Lo;0;L;;;;;N;;;;;
+0F46;TIBETAN LETTER CHA;Lo;0;L;;;;;N;;;;;
+0F47;TIBETAN LETTER JA;Lo;0;L;;;;;N;;;;;
+0F49;TIBETAN LETTER NYA;Lo;0;L;;;;;N;;;;;
+0F4A;TIBETAN LETTER TTA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED TA;;;;
+0F4B;TIBETAN LETTER TTHA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED THA;;;;
+0F4C;TIBETAN LETTER DDA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED DA;;;;
+0F4D;TIBETAN LETTER DDHA;Lo;0;L;0F4C 0FB7;;;;N;;;;;
+0F4E;TIBETAN LETTER NNA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED NA;;;;
+0F4F;TIBETAN LETTER TA;Lo;0;L;;;;;N;;;;;
+0F50;TIBETAN LETTER THA;Lo;0;L;;;;;N;;;;;
+0F51;TIBETAN LETTER DA;Lo;0;L;;;;;N;;;;;
+0F52;TIBETAN LETTER DHA;Lo;0;L;0F51 0FB7;;;;N;;;;;
+0F53;TIBETAN LETTER NA;Lo;0;L;;;;;N;;;;;
+0F54;TIBETAN LETTER PA;Lo;0;L;;;;;N;;;;;
+0F55;TIBETAN LETTER PHA;Lo;0;L;;;;;N;;;;;
+0F56;TIBETAN LETTER BA;Lo;0;L;;;;;N;;;;;
+0F57;TIBETAN LETTER BHA;Lo;0;L;0F56 0FB7;;;;N;;;;;
+0F58;TIBETAN LETTER MA;Lo;0;L;;;;;N;;;;;
+0F59;TIBETAN LETTER TSA;Lo;0;L;;;;;N;;;;;
+0F5A;TIBETAN LETTER TSHA;Lo;0;L;;;;;N;;;;;
+0F5B;TIBETAN LETTER DZA;Lo;0;L;;;;;N;;;;;
+0F5C;TIBETAN LETTER DZHA;Lo;0;L;0F5B 0FB7;;;;N;;;;;
+0F5D;TIBETAN LETTER WA;Lo;0;L;;;;;N;;;;;
+0F5E;TIBETAN LETTER ZHA;Lo;0;L;;;;;N;;;;;
+0F5F;TIBETAN LETTER ZA;Lo;0;L;;;;;N;;;;;
+0F60;TIBETAN LETTER -A;Lo;0;L;;;;;N;TIBETAN LETTER AA;;;;
+0F61;TIBETAN LETTER YA;Lo;0;L;;;;;N;;;;;
+0F62;TIBETAN LETTER RA;Lo;0;L;;;;;N;;*;;;
+0F63;TIBETAN LETTER LA;Lo;0;L;;;;;N;;;;;
+0F64;TIBETAN LETTER SHA;Lo;0;L;;;;;N;;;;;
+0F65;TIBETAN LETTER SSA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED SHA;;;;
+0F66;TIBETAN LETTER SA;Lo;0;L;;;;;N;;;;;
+0F67;TIBETAN LETTER HA;Lo;0;L;;;;;N;;;;;
+0F68;TIBETAN LETTER A;Lo;0;L;;;;;N;;;;;
+0F69;TIBETAN LETTER KSSA;Lo;0;L;0F40 0FB5;;;;N;;;;;
+0F6A;TIBETAN LETTER FIXED-FORM RA;Lo;0;L;;;;;N;;*;;;
+0F71;TIBETAN VOWEL SIGN AA;Mn;129;NSM;;;;;N;;;;;
+0F72;TIBETAN VOWEL SIGN I;Mn;130;NSM;;;;;N;;;;;
+0F73;TIBETAN VOWEL SIGN II;Mn;0;NSM;0F71 0F72;;;;N;;;;;
+0F74;TIBETAN VOWEL SIGN U;Mn;132;NSM;;;;;N;;;;;
+0F75;TIBETAN VOWEL SIGN UU;Mn;0;NSM;0F71 0F74;;;;N;;;;;
+0F76;TIBETAN VOWEL SIGN VOCALIC R;Mn;0;NSM;0FB2 0F80;;;;N;;;;;
+0F77;TIBETAN VOWEL SIGN VOCALIC RR;Mn;0;NSM;<compat> 0FB2 0F81;;;;N;;;;;
+0F78;TIBETAN VOWEL SIGN VOCALIC L;Mn;0;NSM;0FB3 0F80;;;;N;;;;;
+0F79;TIBETAN VOWEL SIGN VOCALIC LL;Mn;0;NSM;<compat> 0FB3 0F81;;;;N;;;;;
+0F7A;TIBETAN VOWEL SIGN E;Mn;130;NSM;;;;;N;;;;;
+0F7B;TIBETAN VOWEL SIGN EE;Mn;130;NSM;;;;;N;TIBETAN VOWEL SIGN AI;;;;
+0F7C;TIBETAN VOWEL SIGN O;Mn;130;NSM;;;;;N;;;;;
+0F7D;TIBETAN VOWEL SIGN OO;Mn;130;NSM;;;;;N;TIBETAN VOWEL SIGN AU;;;;
+0F7E;TIBETAN SIGN RJES SU NGA RO;Mn;0;NSM;;;;;N;TIBETAN ANUSVARA;je su nga ro;;;
+0F7F;TIBETAN SIGN RNAM BCAD;Mc;0;L;;;;;N;TIBETAN VISARGA;nam chey;;;
+0F80;TIBETAN VOWEL SIGN REVERSED I;Mn;130;NSM;;;;;N;TIBETAN VOWEL SIGN SHORT I;;;;
+0F81;TIBETAN VOWEL SIGN REVERSED II;Mn;0;NSM;0F71 0F80;;;;N;;;;;
+0F82;TIBETAN SIGN NYI ZLA NAA DA;Mn;230;NSM;;;;;N;TIBETAN CANDRABINDU WITH ORNAMENT;nyi da na da;;;
+0F83;TIBETAN SIGN SNA LDAN;Mn;230;NSM;;;;;N;TIBETAN CANDRABINDU;nan de;;;
+0F84;TIBETAN MARK HALANTA;Mn;9;NSM;;;;;N;TIBETAN VIRAMA;;;;
+0F85;TIBETAN MARK PALUTA;Po;0;L;;;;;N;TIBETAN CHUCHENYIGE;;;;
+0F86;TIBETAN SIGN LCI RTAGS;Mn;230;NSM;;;;;N;;ji ta;;;
+0F87;TIBETAN SIGN YANG RTAGS;Mn;230;NSM;;;;;N;;yang ta;;;
+0F88;TIBETAN SIGN LCE TSA CAN;Lo;0;L;;;;;N;;che tsa chen;;;
+0F89;TIBETAN SIGN MCHU CAN;Lo;0;L;;;;;N;;chu chen;;;
+0F8A;TIBETAN SIGN GRU CAN RGYINGS;Lo;0;L;;;;;N;;tru chen ging;;;
+0F8B;TIBETAN SIGN GRU MED RGYINGS;Lo;0;L;;;;;N;;tru me ging;;;
+0F90;TIBETAN SUBJOINED LETTER KA;Mn;0;NSM;;;;;N;;;;;
+0F91;TIBETAN SUBJOINED LETTER KHA;Mn;0;NSM;;;;;N;;;;;
+0F92;TIBETAN SUBJOINED LETTER GA;Mn;0;NSM;;;;;N;;;;;
+0F93;TIBETAN SUBJOINED LETTER GHA;Mn;0;NSM;0F92 0FB7;;;;N;;;;;
+0F94;TIBETAN SUBJOINED LETTER NGA;Mn;0;NSM;;;;;N;;;;;
+0F95;TIBETAN SUBJOINED LETTER CA;Mn;0;NSM;;;;;N;;;;;
+0F96;TIBETAN SUBJOINED LETTER CHA;Mn;0;NSM;;;;;N;;;;;
+0F97;TIBETAN SUBJOINED LETTER JA;Mn;0;NSM;;;;;N;;;;;
+0F99;TIBETAN SUBJOINED LETTER NYA;Mn;0;NSM;;;;;N;;;;;
+0F9A;TIBETAN SUBJOINED LETTER TTA;Mn;0;NSM;;;;;N;;;;;
+0F9B;TIBETAN SUBJOINED LETTER TTHA;Mn;0;NSM;;;;;N;;;;;
+0F9C;TIBETAN SUBJOINED LETTER DDA;Mn;0;NSM;;;;;N;;;;;
+0F9D;TIBETAN SUBJOINED LETTER DDHA;Mn;0;NSM;0F9C 0FB7;;;;N;;;;;
+0F9E;TIBETAN SUBJOINED LETTER NNA;Mn;0;NSM;;;;;N;;;;;
+0F9F;TIBETAN SUBJOINED LETTER TA;Mn;0;NSM;;;;;N;;;;;
+0FA0;TIBETAN SUBJOINED LETTER THA;Mn;0;NSM;;;;;N;;;;;
+0FA1;TIBETAN SUBJOINED LETTER DA;Mn;0;NSM;;;;;N;;;;;
+0FA2;TIBETAN SUBJOINED LETTER DHA;Mn;0;NSM;0FA1 0FB7;;;;N;;;;;
+0FA3;TIBETAN SUBJOINED LETTER NA;Mn;0;NSM;;;;;N;;;;;
+0FA4;TIBETAN SUBJOINED LETTER PA;Mn;0;NSM;;;;;N;;;;;
+0FA5;TIBETAN SUBJOINED LETTER PHA;Mn;0;NSM;;;;;N;;;;;
+0FA6;TIBETAN SUBJOINED LETTER BA;Mn;0;NSM;;;;;N;;;;;
+0FA7;TIBETAN SUBJOINED LETTER BHA;Mn;0;NSM;0FA6 0FB7;;;;N;;;;;
+0FA8;TIBETAN SUBJOINED LETTER MA;Mn;0;NSM;;;;;N;;;;;
+0FA9;TIBETAN SUBJOINED LETTER TSA;Mn;0;NSM;;;;;N;;;;;
+0FAA;TIBETAN SUBJOINED LETTER TSHA;Mn;0;NSM;;;;;N;;;;;
+0FAB;TIBETAN SUBJOINED LETTER DZA;Mn;0;NSM;;;;;N;;;;;
+0FAC;TIBETAN SUBJOINED LETTER DZHA;Mn;0;NSM;0FAB 0FB7;;;;N;;;;;
+0FAD;TIBETAN SUBJOINED LETTER WA;Mn;0;NSM;;;;;N;;*;;;
+0FAE;TIBETAN SUBJOINED LETTER ZHA;Mn;0;NSM;;;;;N;;;;;
+0FAF;TIBETAN SUBJOINED LETTER ZA;Mn;0;NSM;;;;;N;;;;;
+0FB0;TIBETAN SUBJOINED LETTER -A;Mn;0;NSM;;;;;N;;;;;
+0FB1;TIBETAN SUBJOINED LETTER YA;Mn;0;NSM;;;;;N;;*;;;
+0FB2;TIBETAN SUBJOINED LETTER RA;Mn;0;NSM;;;;;N;;*;;;
+0FB3;TIBETAN SUBJOINED LETTER LA;Mn;0;NSM;;;;;N;;;;;
+0FB4;TIBETAN SUBJOINED LETTER SHA;Mn;0;NSM;;;;;N;;;;;
+0FB5;TIBETAN SUBJOINED LETTER SSA;Mn;0;NSM;;;;;N;;;;;
+0FB6;TIBETAN SUBJOINED LETTER SA;Mn;0;NSM;;;;;N;;;;;
+0FB7;TIBETAN SUBJOINED LETTER HA;Mn;0;NSM;;;;;N;;;;;
+0FB8;TIBETAN SUBJOINED LETTER A;Mn;0;NSM;;;;;N;;;;;
+0FB9;TIBETAN SUBJOINED LETTER KSSA;Mn;0;NSM;0F90 0FB5;;;;N;;;;;
+0FBA;TIBETAN SUBJOINED LETTER FIXED-FORM WA;Mn;0;NSM;;;;;N;;*;;;
+0FBB;TIBETAN SUBJOINED LETTER FIXED-FORM YA;Mn;0;NSM;;;;;N;;*;;;
+0FBC;TIBETAN SUBJOINED LETTER FIXED-FORM RA;Mn;0;NSM;;;;;N;;*;;;
+0FBE;TIBETAN KU RU KHA;So;0;L;;;;;N;;kuruka;;;
+0FBF;TIBETAN KU RU KHA BZHI MIG CAN;So;0;L;;;;;N;;kuruka shi mik chen;;;
+0FC0;TIBETAN CANTILLATION SIGN HEAVY BEAT;So;0;L;;;;;N;;;;;
+0FC1;TIBETAN CANTILLATION SIGN LIGHT BEAT;So;0;L;;;;;N;;;;;
+0FC2;TIBETAN CANTILLATION SIGN CANG TE-U;So;0;L;;;;;N;;chang tyu;;;
+0FC3;TIBETAN CANTILLATION SIGN SBUB -CHAL;So;0;L;;;;;N;;bub chey;;;
+0FC4;TIBETAN SYMBOL DRIL BU;So;0;L;;;;;N;;drilbu;;;
+0FC5;TIBETAN SYMBOL RDO RJE;So;0;L;;;;;N;;dorje;;;
+0FC6;TIBETAN SYMBOL PADMA GDAN;Mn;220;NSM;;;;;N;;pema den;;;
+0FC7;TIBETAN SYMBOL RDO RJE RGYA GRAM;So;0;L;;;;;N;;dorje gya dram;;;
+0FC8;TIBETAN SYMBOL PHUR PA;So;0;L;;;;;N;;phurba;;;
+0FC9;TIBETAN SYMBOL NOR BU;So;0;L;;;;;N;;norbu;;;
+0FCA;TIBETAN SYMBOL NOR BU NYIS -KHYIL;So;0;L;;;;;N;;norbu nyi khyi;;;
+0FCB;TIBETAN SYMBOL NOR BU GSUM -KHYIL;So;0;L;;;;;N;;norbu sum khyi;;;
+0FCC;TIBETAN SYMBOL NOR BU BZHI -KHYIL;So;0;L;;;;;N;;norbu shi khyi;;;
+0FCF;TIBETAN SIGN RDEL NAG GSUM;So;0;L;;;;;N;;dena sum;;;
+1000;MYANMAR LETTER KA;Lo;0;L;;;;;N;;;;;
+1001;MYANMAR LETTER KHA;Lo;0;L;;;;;N;;;;;
+1002;MYANMAR LETTER GA;Lo;0;L;;;;;N;;;;;
+1003;MYANMAR LETTER GHA;Lo;0;L;;;;;N;;;;;
+1004;MYANMAR LETTER NGA;Lo;0;L;;;;;N;;;;;
+1005;MYANMAR LETTER CA;Lo;0;L;;;;;N;;;;;
+1006;MYANMAR LETTER CHA;Lo;0;L;;;;;N;;;;;
+1007;MYANMAR LETTER JA;Lo;0;L;;;;;N;;;;;
+1008;MYANMAR LETTER JHA;Lo;0;L;;;;;N;;;;;
+1009;MYANMAR LETTER NYA;Lo;0;L;;;;;N;;;;;
+100A;MYANMAR LETTER NNYA;Lo;0;L;;;;;N;;;;;
+100B;MYANMAR LETTER TTA;Lo;0;L;;;;;N;;;;;
+100C;MYANMAR LETTER TTHA;Lo;0;L;;;;;N;;;;;
+100D;MYANMAR LETTER DDA;Lo;0;L;;;;;N;;;;;
+100E;MYANMAR LETTER DDHA;Lo;0;L;;;;;N;;;;;
+100F;MYANMAR LETTER NNA;Lo;0;L;;;;;N;;;;;
+1010;MYANMAR LETTER TA;Lo;0;L;;;;;N;;;;;
+1011;MYANMAR LETTER THA;Lo;0;L;;;;;N;;;;;
+1012;MYANMAR LETTER DA;Lo;0;L;;;;;N;;;;;
+1013;MYANMAR LETTER DHA;Lo;0;L;;;;;N;;;;;
+1014;MYANMAR LETTER NA;Lo;0;L;;;;;N;;;;;
+1015;MYANMAR LETTER PA;Lo;0;L;;;;;N;;;;;
+1016;MYANMAR LETTER PHA;Lo;0;L;;;;;N;;;;;
+1017;MYANMAR LETTER BA;Lo;0;L;;;;;N;;;;;
+1018;MYANMAR LETTER BHA;Lo;0;L;;;;;N;;;;;
+1019;MYANMAR LETTER MA;Lo;0;L;;;;;N;;;;;
+101A;MYANMAR LETTER YA;Lo;0;L;;;;;N;;;;;
+101B;MYANMAR LETTER RA;Lo;0;L;;;;;N;;;;;
+101C;MYANMAR LETTER LA;Lo;0;L;;;;;N;;;;;
+101D;MYANMAR LETTER WA;Lo;0;L;;;;;N;;;;;
+101E;MYANMAR LETTER SA;Lo;0;L;;;;;N;;;;;
+101F;MYANMAR LETTER HA;Lo;0;L;;;;;N;;;;;
+1020;MYANMAR LETTER LLA;Lo;0;L;;;;;N;;;;;
+1021;MYANMAR LETTER A;Lo;0;L;;;;;N;;;;;
+1023;MYANMAR LETTER I;Lo;0;L;;;;;N;;;;;
+1024;MYANMAR LETTER II;Lo;0;L;;;;;N;;;;;
+1025;MYANMAR LETTER U;Lo;0;L;;;;;N;;;;;
+1026;MYANMAR LETTER UU;Lo;0;L;1025 102E;;;;N;;;;;
+1027;MYANMAR LETTER E;Lo;0;L;;;;;N;;;;;
+1029;MYANMAR LETTER O;Lo;0;L;;;;;N;;;;;
+102A;MYANMAR LETTER AU;Lo;0;L;;;;;N;;;;;
+102C;MYANMAR VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+102D;MYANMAR VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+102E;MYANMAR VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;;
+102F;MYANMAR VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+1030;MYANMAR VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+1031;MYANMAR VOWEL SIGN E;Mc;0;L;;;;;N;;;;;
+1032;MYANMAR VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;;
+1036;MYANMAR SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;;
+1037;MYANMAR SIGN DOT BELOW;Mn;7;NSM;;;;;N;;;;;
+1038;MYANMAR SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+1039;MYANMAR SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+1040;MYANMAR DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+1041;MYANMAR DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+1042;MYANMAR DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+1043;MYANMAR DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+1044;MYANMAR DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+1045;MYANMAR DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+1046;MYANMAR DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+1047;MYANMAR DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+1048;MYANMAR DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+1049;MYANMAR DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+104A;MYANMAR SIGN LITTLE SECTION;Po;0;L;;;;;N;;;;;
+104B;MYANMAR SIGN SECTION;Po;0;L;;;;;N;;;;;
+104C;MYANMAR SYMBOL LOCATIVE;Po;0;L;;;;;N;;;;;
+104D;MYANMAR SYMBOL COMPLETED;Po;0;L;;;;;N;;;;;
+104E;MYANMAR SYMBOL AFOREMENTIONED;Po;0;L;;;;;N;;;;;
+104F;MYANMAR SYMBOL GENITIVE;Po;0;L;;;;;N;;;;;
+1050;MYANMAR LETTER SHA;Lo;0;L;;;;;N;;;;;
+1051;MYANMAR LETTER SSA;Lo;0;L;;;;;N;;;;;
+1052;MYANMAR LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+1053;MYANMAR LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+1054;MYANMAR LETTER VOCALIC L;Lo;0;L;;;;;N;;;;;
+1055;MYANMAR LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;;
+1056;MYANMAR VOWEL SIGN VOCALIC R;Mc;0;L;;;;;N;;;;;
+1057;MYANMAR VOWEL SIGN VOCALIC RR;Mc;0;L;;;;;N;;;;;
+1058;MYANMAR VOWEL SIGN VOCALIC L;Mn;0;NSM;;;;;N;;;;;
+1059;MYANMAR VOWEL SIGN VOCALIC LL;Mn;0;NSM;;;;;N;;;;;
+10A0;GEORGIAN CAPITAL LETTER AN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A1;GEORGIAN CAPITAL LETTER BAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A2;GEORGIAN CAPITAL LETTER GAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A3;GEORGIAN CAPITAL LETTER DON;Lu;0;L;;;;;N;;Khutsuri;;;
+10A4;GEORGIAN CAPITAL LETTER EN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A5;GEORGIAN CAPITAL LETTER VIN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A6;GEORGIAN CAPITAL LETTER ZEN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A7;GEORGIAN CAPITAL LETTER TAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A8;GEORGIAN CAPITAL LETTER IN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A9;GEORGIAN CAPITAL LETTER KAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10AA;GEORGIAN CAPITAL LETTER LAS;Lu;0;L;;;;;N;;Khutsuri;;;
+10AB;GEORGIAN CAPITAL LETTER MAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10AC;GEORGIAN CAPITAL LETTER NAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10AD;GEORGIAN CAPITAL LETTER ON;Lu;0;L;;;;;N;;Khutsuri;;;
+10AE;GEORGIAN CAPITAL LETTER PAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10AF;GEORGIAN CAPITAL LETTER ZHAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10B0;GEORGIAN CAPITAL LETTER RAE;Lu;0;L;;;;;N;;Khutsuri;;;
+10B1;GEORGIAN CAPITAL LETTER SAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10B2;GEORGIAN CAPITAL LETTER TAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10B3;GEORGIAN CAPITAL LETTER UN;Lu;0;L;;;;;N;;Khutsuri;;;
+10B4;GEORGIAN CAPITAL LETTER PHAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10B5;GEORGIAN CAPITAL LETTER KHAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10B6;GEORGIAN CAPITAL LETTER GHAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10B7;GEORGIAN CAPITAL LETTER QAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10B8;GEORGIAN CAPITAL LETTER SHIN;Lu;0;L;;;;;N;;Khutsuri;;;
+10B9;GEORGIAN CAPITAL LETTER CHIN;Lu;0;L;;;;;N;;Khutsuri;;;
+10BA;GEORGIAN CAPITAL LETTER CAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10BB;GEORGIAN CAPITAL LETTER JIL;Lu;0;L;;;;;N;;Khutsuri;;;
+10BC;GEORGIAN CAPITAL LETTER CIL;Lu;0;L;;;;;N;;Khutsuri;;;
+10BD;GEORGIAN CAPITAL LETTER CHAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10BE;GEORGIAN CAPITAL LETTER XAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10BF;GEORGIAN CAPITAL LETTER JHAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10C0;GEORGIAN CAPITAL LETTER HAE;Lu;0;L;;;;;N;;Khutsuri;;;
+10C1;GEORGIAN CAPITAL LETTER HE;Lu;0;L;;;;;N;;Khutsuri;;;
+10C2;GEORGIAN CAPITAL LETTER HIE;Lu;0;L;;;;;N;;Khutsuri;;;
+10C3;GEORGIAN CAPITAL LETTER WE;Lu;0;L;;;;;N;;Khutsuri;;;
+10C4;GEORGIAN CAPITAL LETTER HAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10C5;GEORGIAN CAPITAL LETTER HOE;Lu;0;L;;;;;N;;Khutsuri;;;
+10D0;GEORGIAN LETTER AN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER AN;;;;
+10D1;GEORGIAN LETTER BAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER BAN;;;;
+10D2;GEORGIAN LETTER GAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER GAN;;;;
+10D3;GEORGIAN LETTER DON;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER DON;;;;
+10D4;GEORGIAN LETTER EN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER EN;;;;
+10D5;GEORGIAN LETTER VIN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER VIN;;;;
+10D6;GEORGIAN LETTER ZEN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER ZEN;;;;
+10D7;GEORGIAN LETTER TAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER TAN;;;;
+10D8;GEORGIAN LETTER IN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER IN;;;;
+10D9;GEORGIAN LETTER KAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER KAN;;;;
+10DA;GEORGIAN LETTER LAS;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER LAS;;;;
+10DB;GEORGIAN LETTER MAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER MAN;;;;
+10DC;GEORGIAN LETTER NAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER NAR;;;;
+10DD;GEORGIAN LETTER ON;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER ON;;;;
+10DE;GEORGIAN LETTER PAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER PAR;;;;
+10DF;GEORGIAN LETTER ZHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER ZHAR;;;;
+10E0;GEORGIAN LETTER RAE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER RAE;;;;
+10E1;GEORGIAN LETTER SAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER SAN;;;;
+10E2;GEORGIAN LETTER TAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER TAR;;;;
+10E3;GEORGIAN LETTER UN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER UN;;;;
+10E4;GEORGIAN LETTER PHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER PHAR;;;;
+10E5;GEORGIAN LETTER KHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER KHAR;;;;
+10E6;GEORGIAN LETTER GHAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER GHAN;;;;
+10E7;GEORGIAN LETTER QAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER QAR;;;;
+10E8;GEORGIAN LETTER SHIN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER SHIN;;;;
+10E9;GEORGIAN LETTER CHIN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CHIN;;;;
+10EA;GEORGIAN LETTER CAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CAN;;;;
+10EB;GEORGIAN LETTER JIL;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER JIL;;;;
+10EC;GEORGIAN LETTER CIL;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CIL;;;;
+10ED;GEORGIAN LETTER CHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CHAR;;;;
+10EE;GEORGIAN LETTER XAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER XAN;;;;
+10EF;GEORGIAN LETTER JHAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER JHAN;;;;
+10F0;GEORGIAN LETTER HAE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HAE;;;;
+10F1;GEORGIAN LETTER HE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HE;;;;
+10F2;GEORGIAN LETTER HIE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HIE;;;;
+10F3;GEORGIAN LETTER WE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER WE;;;;
+10F4;GEORGIAN LETTER HAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HAR;;;;
+10F5;GEORGIAN LETTER HOE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HOE;;;;
+10F6;GEORGIAN LETTER FI;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER FI;;;;
+10F7;GEORGIAN LETTER YN;Lo;0;L;;;;;N;;;;;
+10F8;GEORGIAN LETTER ELIFI;Lo;0;L;;;;;N;;;;;
+10FB;GEORGIAN PARAGRAPH SEPARATOR;Po;0;L;;;;;N;;;;;
+1100;HANGUL CHOSEONG KIYEOK;Lo;0;L;;;;;N;;g *;;;
+1101;HANGUL CHOSEONG SSANGKIYEOK;Lo;0;L;;;;;N;;gg *;;;
+1102;HANGUL CHOSEONG NIEUN;Lo;0;L;;;;;N;;n *;;;
+1103;HANGUL CHOSEONG TIKEUT;Lo;0;L;;;;;N;;d *;;;
+1104;HANGUL CHOSEONG SSANGTIKEUT;Lo;0;L;;;;;N;;dd *;;;
+1105;HANGUL CHOSEONG RIEUL;Lo;0;L;;;;;N;;r *;;;
+1106;HANGUL CHOSEONG MIEUM;Lo;0;L;;;;;N;;m *;;;
+1107;HANGUL CHOSEONG PIEUP;Lo;0;L;;;;;N;;b *;;;
+1108;HANGUL CHOSEONG SSANGPIEUP;Lo;0;L;;;;;N;;bb *;;;
+1109;HANGUL CHOSEONG SIOS;Lo;0;L;;;;;N;;s *;;;
+110A;HANGUL CHOSEONG SSANGSIOS;Lo;0;L;;;;;N;;ss *;;;
+110B;HANGUL CHOSEONG IEUNG;Lo;0;L;;;;;N;;;;;
+110C;HANGUL CHOSEONG CIEUC;Lo;0;L;;;;;N;;j *;;;
+110D;HANGUL CHOSEONG SSANGCIEUC;Lo;0;L;;;;;N;;jj *;;;
+110E;HANGUL CHOSEONG CHIEUCH;Lo;0;L;;;;;N;;c *;;;
+110F;HANGUL CHOSEONG KHIEUKH;Lo;0;L;;;;;N;;k *;;;
+1110;HANGUL CHOSEONG THIEUTH;Lo;0;L;;;;;N;;t *;;;
+1111;HANGUL CHOSEONG PHIEUPH;Lo;0;L;;;;;N;;p *;;;
+1112;HANGUL CHOSEONG HIEUH;Lo;0;L;;;;;N;;h *;;;
+1113;HANGUL CHOSEONG NIEUN-KIYEOK;Lo;0;L;;;;;N;;;;;
+1114;HANGUL CHOSEONG SSANGNIEUN;Lo;0;L;;;;;N;;;;;
+1115;HANGUL CHOSEONG NIEUN-TIKEUT;Lo;0;L;;;;;N;;;;;
+1116;HANGUL CHOSEONG NIEUN-PIEUP;Lo;0;L;;;;;N;;;;;
+1117;HANGUL CHOSEONG TIKEUT-KIYEOK;Lo;0;L;;;;;N;;;;;
+1118;HANGUL CHOSEONG RIEUL-NIEUN;Lo;0;L;;;;;N;;;;;
+1119;HANGUL CHOSEONG SSANGRIEUL;Lo;0;L;;;;;N;;;;;
+111A;HANGUL CHOSEONG RIEUL-HIEUH;Lo;0;L;;;;;N;;;;;
+111B;HANGUL CHOSEONG KAPYEOUNRIEUL;Lo;0;L;;;;;N;;;;;
+111C;HANGUL CHOSEONG MIEUM-PIEUP;Lo;0;L;;;;;N;;;;;
+111D;HANGUL CHOSEONG KAPYEOUNMIEUM;Lo;0;L;;;;;N;;;;;
+111E;HANGUL CHOSEONG PIEUP-KIYEOK;Lo;0;L;;;;;N;;;;;
+111F;HANGUL CHOSEONG PIEUP-NIEUN;Lo;0;L;;;;;N;;;;;
+1120;HANGUL CHOSEONG PIEUP-TIKEUT;Lo;0;L;;;;;N;;;;;
+1121;HANGUL CHOSEONG PIEUP-SIOS;Lo;0;L;;;;;N;;;;;
+1122;HANGUL CHOSEONG PIEUP-SIOS-KIYEOK;Lo;0;L;;;;;N;;;;;
+1123;HANGUL CHOSEONG PIEUP-SIOS-TIKEUT;Lo;0;L;;;;;N;;;;;
+1124;HANGUL CHOSEONG PIEUP-SIOS-PIEUP;Lo;0;L;;;;;N;;;;;
+1125;HANGUL CHOSEONG PIEUP-SSANGSIOS;Lo;0;L;;;;;N;;;;;
+1126;HANGUL CHOSEONG PIEUP-SIOS-CIEUC;Lo;0;L;;;;;N;;;;;
+1127;HANGUL CHOSEONG PIEUP-CIEUC;Lo;0;L;;;;;N;;;;;
+1128;HANGUL CHOSEONG PIEUP-CHIEUCH;Lo;0;L;;;;;N;;;;;
+1129;HANGUL CHOSEONG PIEUP-THIEUTH;Lo;0;L;;;;;N;;;;;
+112A;HANGUL CHOSEONG PIEUP-PHIEUPH;Lo;0;L;;;;;N;;;;;
+112B;HANGUL CHOSEONG KAPYEOUNPIEUP;Lo;0;L;;;;;N;;;;;
+112C;HANGUL CHOSEONG KAPYEOUNSSANGPIEUP;Lo;0;L;;;;;N;;;;;
+112D;HANGUL CHOSEONG SIOS-KIYEOK;Lo;0;L;;;;;N;;;;;
+112E;HANGUL CHOSEONG SIOS-NIEUN;Lo;0;L;;;;;N;;;;;
+112F;HANGUL CHOSEONG SIOS-TIKEUT;Lo;0;L;;;;;N;;;;;
+1130;HANGUL CHOSEONG SIOS-RIEUL;Lo;0;L;;;;;N;;;;;
+1131;HANGUL CHOSEONG SIOS-MIEUM;Lo;0;L;;;;;N;;;;;
+1132;HANGUL CHOSEONG SIOS-PIEUP;Lo;0;L;;;;;N;;;;;
+1133;HANGUL CHOSEONG SIOS-PIEUP-KIYEOK;Lo;0;L;;;;;N;;;;;
+1134;HANGUL CHOSEONG SIOS-SSANGSIOS;Lo;0;L;;;;;N;;;;;
+1135;HANGUL CHOSEONG SIOS-IEUNG;Lo;0;L;;;;;N;;;;;
+1136;HANGUL CHOSEONG SIOS-CIEUC;Lo;0;L;;;;;N;;;;;
+1137;HANGUL CHOSEONG SIOS-CHIEUCH;Lo;0;L;;;;;N;;;;;
+1138;HANGUL CHOSEONG SIOS-KHIEUKH;Lo;0;L;;;;;N;;;;;
+1139;HANGUL CHOSEONG SIOS-THIEUTH;Lo;0;L;;;;;N;;;;;
+113A;HANGUL CHOSEONG SIOS-PHIEUPH;Lo;0;L;;;;;N;;;;;
+113B;HANGUL CHOSEONG SIOS-HIEUH;Lo;0;L;;;;;N;;;;;
+113C;HANGUL CHOSEONG CHITUEUMSIOS;Lo;0;L;;;;;N;;;;;
+113D;HANGUL CHOSEONG CHITUEUMSSANGSIOS;Lo;0;L;;;;;N;;;;;
+113E;HANGUL CHOSEONG CEONGCHIEUMSIOS;Lo;0;L;;;;;N;;;;;
+113F;HANGUL CHOSEONG CEONGCHIEUMSSANGSIOS;Lo;0;L;;;;;N;;;;;
+1140;HANGUL CHOSEONG PANSIOS;Lo;0;L;;;;;N;;;;;
+1141;HANGUL CHOSEONG IEUNG-KIYEOK;Lo;0;L;;;;;N;;;;;
+1142;HANGUL CHOSEONG IEUNG-TIKEUT;Lo;0;L;;;;;N;;;;;
+1143;HANGUL CHOSEONG IEUNG-MIEUM;Lo;0;L;;;;;N;;;;;
+1144;HANGUL CHOSEONG IEUNG-PIEUP;Lo;0;L;;;;;N;;;;;
+1145;HANGUL CHOSEONG IEUNG-SIOS;Lo;0;L;;;;;N;;;;;
+1146;HANGUL CHOSEONG IEUNG-PANSIOS;Lo;0;L;;;;;N;;;;;
+1147;HANGUL CHOSEONG SSANGIEUNG;Lo;0;L;;;;;N;;;;;
+1148;HANGUL CHOSEONG IEUNG-CIEUC;Lo;0;L;;;;;N;;;;;
+1149;HANGUL CHOSEONG IEUNG-CHIEUCH;Lo;0;L;;;;;N;;;;;
+114A;HANGUL CHOSEONG IEUNG-THIEUTH;Lo;0;L;;;;;N;;;;;
+114B;HANGUL CHOSEONG IEUNG-PHIEUPH;Lo;0;L;;;;;N;;;;;
+114C;HANGUL CHOSEONG YESIEUNG;Lo;0;L;;;;;N;;;;;
+114D;HANGUL CHOSEONG CIEUC-IEUNG;Lo;0;L;;;;;N;;;;;
+114E;HANGUL CHOSEONG CHITUEUMCIEUC;Lo;0;L;;;;;N;;;;;
+114F;HANGUL CHOSEONG CHITUEUMSSANGCIEUC;Lo;0;L;;;;;N;;;;;
+1150;HANGUL CHOSEONG CEONGCHIEUMCIEUC;Lo;0;L;;;;;N;;;;;
+1151;HANGUL CHOSEONG CEONGCHIEUMSSANGCIEUC;Lo;0;L;;;;;N;;;;;
+1152;HANGUL CHOSEONG CHIEUCH-KHIEUKH;Lo;0;L;;;;;N;;;;;
+1153;HANGUL CHOSEONG CHIEUCH-HIEUH;Lo;0;L;;;;;N;;;;;
+1154;HANGUL CHOSEONG CHITUEUMCHIEUCH;Lo;0;L;;;;;N;;;;;
+1155;HANGUL CHOSEONG CEONGCHIEUMCHIEUCH;Lo;0;L;;;;;N;;;;;
+1156;HANGUL CHOSEONG PHIEUPH-PIEUP;Lo;0;L;;;;;N;;;;;
+1157;HANGUL CHOSEONG KAPYEOUNPHIEUPH;Lo;0;L;;;;;N;;;;;
+1158;HANGUL CHOSEONG SSANGHIEUH;Lo;0;L;;;;;N;;;;;
+1159;HANGUL CHOSEONG YEORINHIEUH;Lo;0;L;;;;;N;;;;;
+115F;HANGUL CHOSEONG FILLER;Lo;0;L;;;;;N;;;;;
+1160;HANGUL JUNGSEONG FILLER;Lo;0;L;;;;;N;;;;;
+1161;HANGUL JUNGSEONG A;Lo;0;L;;;;;N;;;;;
+1162;HANGUL JUNGSEONG AE;Lo;0;L;;;;;N;;;;;
+1163;HANGUL JUNGSEONG YA;Lo;0;L;;;;;N;;;;;
+1164;HANGUL JUNGSEONG YAE;Lo;0;L;;;;;N;;;;;
+1165;HANGUL JUNGSEONG EO;Lo;0;L;;;;;N;;;;;
+1166;HANGUL JUNGSEONG E;Lo;0;L;;;;;N;;;;;
+1167;HANGUL JUNGSEONG YEO;Lo;0;L;;;;;N;;;;;
+1168;HANGUL JUNGSEONG YE;Lo;0;L;;;;;N;;;;;
+1169;HANGUL JUNGSEONG O;Lo;0;L;;;;;N;;;;;
+116A;HANGUL JUNGSEONG WA;Lo;0;L;;;;;N;;;;;
+116B;HANGUL JUNGSEONG WAE;Lo;0;L;;;;;N;;;;;
+116C;HANGUL JUNGSEONG OE;Lo;0;L;;;;;N;;;;;
+116D;HANGUL JUNGSEONG YO;Lo;0;L;;;;;N;;;;;
+116E;HANGUL JUNGSEONG U;Lo;0;L;;;;;N;;;;;
+116F;HANGUL JUNGSEONG WEO;Lo;0;L;;;;;N;;;;;
+1170;HANGUL JUNGSEONG WE;Lo;0;L;;;;;N;;;;;
+1171;HANGUL JUNGSEONG WI;Lo;0;L;;;;;N;;;;;
+1172;HANGUL JUNGSEONG YU;Lo;0;L;;;;;N;;;;;
+1173;HANGUL JUNGSEONG EU;Lo;0;L;;;;;N;;;;;
+1174;HANGUL JUNGSEONG YI;Lo;0;L;;;;;N;;;;;
+1175;HANGUL JUNGSEONG I;Lo;0;L;;;;;N;;;;;
+1176;HANGUL JUNGSEONG A-O;Lo;0;L;;;;;N;;;;;
+1177;HANGUL JUNGSEONG A-U;Lo;0;L;;;;;N;;;;;
+1178;HANGUL JUNGSEONG YA-O;Lo;0;L;;;;;N;;;;;
+1179;HANGUL JUNGSEONG YA-YO;Lo;0;L;;;;;N;;;;;
+117A;HANGUL JUNGSEONG EO-O;Lo;0;L;;;;;N;;;;;
+117B;HANGUL JUNGSEONG EO-U;Lo;0;L;;;;;N;;;;;
+117C;HANGUL JUNGSEONG EO-EU;Lo;0;L;;;;;N;;;;;
+117D;HANGUL JUNGSEONG YEO-O;Lo;0;L;;;;;N;;;;;
+117E;HANGUL JUNGSEONG YEO-U;Lo;0;L;;;;;N;;;;;
+117F;HANGUL JUNGSEONG O-EO;Lo;0;L;;;;;N;;;;;
+1180;HANGUL JUNGSEONG O-E;Lo;0;L;;;;;N;;;;;
+1181;HANGUL JUNGSEONG O-YE;Lo;0;L;;;;;N;;;;;
+1182;HANGUL JUNGSEONG O-O;Lo;0;L;;;;;N;;;;;
+1183;HANGUL JUNGSEONG O-U;Lo;0;L;;;;;N;;;;;
+1184;HANGUL JUNGSEONG YO-YA;Lo;0;L;;;;;N;;;;;
+1185;HANGUL JUNGSEONG YO-YAE;Lo;0;L;;;;;N;;;;;
+1186;HANGUL JUNGSEONG YO-YEO;Lo;0;L;;;;;N;;;;;
+1187;HANGUL JUNGSEONG YO-O;Lo;0;L;;;;;N;;;;;
+1188;HANGUL JUNGSEONG YO-I;Lo;0;L;;;;;N;;;;;
+1189;HANGUL JUNGSEONG U-A;Lo;0;L;;;;;N;;;;;
+118A;HANGUL JUNGSEONG U-AE;Lo;0;L;;;;;N;;;;;
+118B;HANGUL JUNGSEONG U-EO-EU;Lo;0;L;;;;;N;;;;;
+118C;HANGUL JUNGSEONG U-YE;Lo;0;L;;;;;N;;;;;
+118D;HANGUL JUNGSEONG U-U;Lo;0;L;;;;;N;;;;;
+118E;HANGUL JUNGSEONG YU-A;Lo;0;L;;;;;N;;;;;
+118F;HANGUL JUNGSEONG YU-EO;Lo;0;L;;;;;N;;;;;
+1190;HANGUL JUNGSEONG YU-E;Lo;0;L;;;;;N;;;;;
+1191;HANGUL JUNGSEONG YU-YEO;Lo;0;L;;;;;N;;;;;
+1192;HANGUL JUNGSEONG YU-YE;Lo;0;L;;;;;N;;;;;
+1193;HANGUL JUNGSEONG YU-U;Lo;0;L;;;;;N;;;;;
+1194;HANGUL JUNGSEONG YU-I;Lo;0;L;;;;;N;;;;;
+1195;HANGUL JUNGSEONG EU-U;Lo;0;L;;;;;N;;;;;
+1196;HANGUL JUNGSEONG EU-EU;Lo;0;L;;;;;N;;;;;
+1197;HANGUL JUNGSEONG YI-U;Lo;0;L;;;;;N;;;;;
+1198;HANGUL JUNGSEONG I-A;Lo;0;L;;;;;N;;;;;
+1199;HANGUL JUNGSEONG I-YA;Lo;0;L;;;;;N;;;;;
+119A;HANGUL JUNGSEONG I-O;Lo;0;L;;;;;N;;;;;
+119B;HANGUL JUNGSEONG I-U;Lo;0;L;;;;;N;;;;;
+119C;HANGUL JUNGSEONG I-EU;Lo;0;L;;;;;N;;;;;
+119D;HANGUL JUNGSEONG I-ARAEA;Lo;0;L;;;;;N;;;;;
+119E;HANGUL JUNGSEONG ARAEA;Lo;0;L;;;;;N;;;;;
+119F;HANGUL JUNGSEONG ARAEA-EO;Lo;0;L;;;;;N;;;;;
+11A0;HANGUL JUNGSEONG ARAEA-U;Lo;0;L;;;;;N;;;;;
+11A1;HANGUL JUNGSEONG ARAEA-I;Lo;0;L;;;;;N;;;;;
+11A2;HANGUL JUNGSEONG SSANGARAEA;Lo;0;L;;;;;N;;;;;
+11A8;HANGUL JONGSEONG KIYEOK;Lo;0;L;;;;;N;;g *;;;
+11A9;HANGUL JONGSEONG SSANGKIYEOK;Lo;0;L;;;;;N;;gg *;;;
+11AA;HANGUL JONGSEONG KIYEOK-SIOS;Lo;0;L;;;;;N;;gs *;;;
+11AB;HANGUL JONGSEONG NIEUN;Lo;0;L;;;;;N;;n *;;;
+11AC;HANGUL JONGSEONG NIEUN-CIEUC;Lo;0;L;;;;;N;;nj *;;;
+11AD;HANGUL JONGSEONG NIEUN-HIEUH;Lo;0;L;;;;;N;;nh *;;;
+11AE;HANGUL JONGSEONG TIKEUT;Lo;0;L;;;;;N;;d *;;;
+11AF;HANGUL JONGSEONG RIEUL;Lo;0;L;;;;;N;;l *;;;
+11B0;HANGUL JONGSEONG RIEUL-KIYEOK;Lo;0;L;;;;;N;;lg *;;;
+11B1;HANGUL JONGSEONG RIEUL-MIEUM;Lo;0;L;;;;;N;;lm *;;;
+11B2;HANGUL JONGSEONG RIEUL-PIEUP;Lo;0;L;;;;;N;;lb *;;;
+11B3;HANGUL JONGSEONG RIEUL-SIOS;Lo;0;L;;;;;N;;ls *;;;
+11B4;HANGUL JONGSEONG RIEUL-THIEUTH;Lo;0;L;;;;;N;;lt *;;;
+11B5;HANGUL JONGSEONG RIEUL-PHIEUPH;Lo;0;L;;;;;N;;lp *;;;
+11B6;HANGUL JONGSEONG RIEUL-HIEUH;Lo;0;L;;;;;N;;lh *;;;
+11B7;HANGUL JONGSEONG MIEUM;Lo;0;L;;;;;N;;m *;;;
+11B8;HANGUL JONGSEONG PIEUP;Lo;0;L;;;;;N;;b *;;;
+11B9;HANGUL JONGSEONG PIEUP-SIOS;Lo;0;L;;;;;N;;bs *;;;
+11BA;HANGUL JONGSEONG SIOS;Lo;0;L;;;;;N;;s *;;;
+11BB;HANGUL JONGSEONG SSANGSIOS;Lo;0;L;;;;;N;;ss *;;;
+11BC;HANGUL JONGSEONG IEUNG;Lo;0;L;;;;;N;;ng *;;;
+11BD;HANGUL JONGSEONG CIEUC;Lo;0;L;;;;;N;;j *;;;
+11BE;HANGUL JONGSEONG CHIEUCH;Lo;0;L;;;;;N;;c *;;;
+11BF;HANGUL JONGSEONG KHIEUKH;Lo;0;L;;;;;N;;k *;;;
+11C0;HANGUL JONGSEONG THIEUTH;Lo;0;L;;;;;N;;t *;;;
+11C1;HANGUL JONGSEONG PHIEUPH;Lo;0;L;;;;;N;;p *;;;
+11C2;HANGUL JONGSEONG HIEUH;Lo;0;L;;;;;N;;h *;;;
+11C3;HANGUL JONGSEONG KIYEOK-RIEUL;Lo;0;L;;;;;N;;;;;
+11C4;HANGUL JONGSEONG KIYEOK-SIOS-KIYEOK;Lo;0;L;;;;;N;;;;;
+11C5;HANGUL JONGSEONG NIEUN-KIYEOK;Lo;0;L;;;;;N;;;;;
+11C6;HANGUL JONGSEONG NIEUN-TIKEUT;Lo;0;L;;;;;N;;;;;
+11C7;HANGUL JONGSEONG NIEUN-SIOS;Lo;0;L;;;;;N;;;;;
+11C8;HANGUL JONGSEONG NIEUN-PANSIOS;Lo;0;L;;;;;N;;;;;
+11C9;HANGUL JONGSEONG NIEUN-THIEUTH;Lo;0;L;;;;;N;;;;;
+11CA;HANGUL JONGSEONG TIKEUT-KIYEOK;Lo;0;L;;;;;N;;;;;
+11CB;HANGUL JONGSEONG TIKEUT-RIEUL;Lo;0;L;;;;;N;;;;;
+11CC;HANGUL JONGSEONG RIEUL-KIYEOK-SIOS;Lo;0;L;;;;;N;;;;;
+11CD;HANGUL JONGSEONG RIEUL-NIEUN;Lo;0;L;;;;;N;;;;;
+11CE;HANGUL JONGSEONG RIEUL-TIKEUT;Lo;0;L;;;;;N;;;;;
+11CF;HANGUL JONGSEONG RIEUL-TIKEUT-HIEUH;Lo;0;L;;;;;N;;;;;
+11D0;HANGUL JONGSEONG SSANGRIEUL;Lo;0;L;;;;;N;;;;;
+11D1;HANGUL JONGSEONG RIEUL-MIEUM-KIYEOK;Lo;0;L;;;;;N;;;;;
+11D2;HANGUL JONGSEONG RIEUL-MIEUM-SIOS;Lo;0;L;;;;;N;;;;;
+11D3;HANGUL JONGSEONG RIEUL-PIEUP-SIOS;Lo;0;L;;;;;N;;;;;
+11D4;HANGUL JONGSEONG RIEUL-PIEUP-HIEUH;Lo;0;L;;;;;N;;;;;
+11D5;HANGUL JONGSEONG RIEUL-KAPYEOUNPIEUP;Lo;0;L;;;;;N;;;;;
+11D6;HANGUL JONGSEONG RIEUL-SSANGSIOS;Lo;0;L;;;;;N;;;;;
+11D7;HANGUL JONGSEONG RIEUL-PANSIOS;Lo;0;L;;;;;N;;;;;
+11D8;HANGUL JONGSEONG RIEUL-KHIEUKH;Lo;0;L;;;;;N;;;;;
+11D9;HANGUL JONGSEONG RIEUL-YEORINHIEUH;Lo;0;L;;;;;N;;;;;
+11DA;HANGUL JONGSEONG MIEUM-KIYEOK;Lo;0;L;;;;;N;;;;;
+11DB;HANGUL JONGSEONG MIEUM-RIEUL;Lo;0;L;;;;;N;;;;;
+11DC;HANGUL JONGSEONG MIEUM-PIEUP;Lo;0;L;;;;;N;;;;;
+11DD;HANGUL JONGSEONG MIEUM-SIOS;Lo;0;L;;;;;N;;;;;
+11DE;HANGUL JONGSEONG MIEUM-SSANGSIOS;Lo;0;L;;;;;N;;;;;
+11DF;HANGUL JONGSEONG MIEUM-PANSIOS;Lo;0;L;;;;;N;;;;;
+11E0;HANGUL JONGSEONG MIEUM-CHIEUCH;Lo;0;L;;;;;N;;;;;
+11E1;HANGUL JONGSEONG MIEUM-HIEUH;Lo;0;L;;;;;N;;;;;
+11E2;HANGUL JONGSEONG KAPYEOUNMIEUM;Lo;0;L;;;;;N;;;;;
+11E3;HANGUL JONGSEONG PIEUP-RIEUL;Lo;0;L;;;;;N;;;;;
+11E4;HANGUL JONGSEONG PIEUP-PHIEUPH;Lo;0;L;;;;;N;;;;;
+11E5;HANGUL JONGSEONG PIEUP-HIEUH;Lo;0;L;;;;;N;;;;;
+11E6;HANGUL JONGSEONG KAPYEOUNPIEUP;Lo;0;L;;;;;N;;;;;
+11E7;HANGUL JONGSEONG SIOS-KIYEOK;Lo;0;L;;;;;N;;;;;
+11E8;HANGUL JONGSEONG SIOS-TIKEUT;Lo;0;L;;;;;N;;;;;
+11E9;HANGUL JONGSEONG SIOS-RIEUL;Lo;0;L;;;;;N;;;;;
+11EA;HANGUL JONGSEONG SIOS-PIEUP;Lo;0;L;;;;;N;;;;;
+11EB;HANGUL JONGSEONG PANSIOS;Lo;0;L;;;;;N;;;;;
+11EC;HANGUL JONGSEONG IEUNG-KIYEOK;Lo;0;L;;;;;N;;;;;
+11ED;HANGUL JONGSEONG IEUNG-SSANGKIYEOK;Lo;0;L;;;;;N;;;;;
+11EE;HANGUL JONGSEONG SSANGIEUNG;Lo;0;L;;;;;N;;;;;
+11EF;HANGUL JONGSEONG IEUNG-KHIEUKH;Lo;0;L;;;;;N;;;;;
+11F0;HANGUL JONGSEONG YESIEUNG;Lo;0;L;;;;;N;;;;;
+11F1;HANGUL JONGSEONG YESIEUNG-SIOS;Lo;0;L;;;;;N;;;;;
+11F2;HANGUL JONGSEONG YESIEUNG-PANSIOS;Lo;0;L;;;;;N;;;;;
+11F3;HANGUL JONGSEONG PHIEUPH-PIEUP;Lo;0;L;;;;;N;;;;;
+11F4;HANGUL JONGSEONG KAPYEOUNPHIEUPH;Lo;0;L;;;;;N;;;;;
+11F5;HANGUL JONGSEONG HIEUH-NIEUN;Lo;0;L;;;;;N;;;;;
+11F6;HANGUL JONGSEONG HIEUH-RIEUL;Lo;0;L;;;;;N;;;;;
+11F7;HANGUL JONGSEONG HIEUH-MIEUM;Lo;0;L;;;;;N;;;;;
+11F8;HANGUL JONGSEONG HIEUH-PIEUP;Lo;0;L;;;;;N;;;;;
+11F9;HANGUL JONGSEONG YEORINHIEUH;Lo;0;L;;;;;N;;;;;
+1200;ETHIOPIC SYLLABLE HA;Lo;0;L;;;;;N;;;;;
+1201;ETHIOPIC SYLLABLE HU;Lo;0;L;;;;;N;;;;;
+1202;ETHIOPIC SYLLABLE HI;Lo;0;L;;;;;N;;;;;
+1203;ETHIOPIC SYLLABLE HAA;Lo;0;L;;;;;N;;;;;
+1204;ETHIOPIC SYLLABLE HEE;Lo;0;L;;;;;N;;;;;
+1205;ETHIOPIC SYLLABLE HE;Lo;0;L;;;;;N;;;;;
+1206;ETHIOPIC SYLLABLE HO;Lo;0;L;;;;;N;;;;;
+1208;ETHIOPIC SYLLABLE LA;Lo;0;L;;;;;N;;;;;
+1209;ETHIOPIC SYLLABLE LU;Lo;0;L;;;;;N;;;;;
+120A;ETHIOPIC SYLLABLE LI;Lo;0;L;;;;;N;;;;;
+120B;ETHIOPIC SYLLABLE LAA;Lo;0;L;;;;;N;;;;;
+120C;ETHIOPIC SYLLABLE LEE;Lo;0;L;;;;;N;;;;;
+120D;ETHIOPIC SYLLABLE LE;Lo;0;L;;;;;N;;;;;
+120E;ETHIOPIC SYLLABLE LO;Lo;0;L;;;;;N;;;;;
+120F;ETHIOPIC SYLLABLE LWA;Lo;0;L;;;;;N;;;;;
+1210;ETHIOPIC SYLLABLE HHA;Lo;0;L;;;;;N;;;;;
+1211;ETHIOPIC SYLLABLE HHU;Lo;0;L;;;;;N;;;;;
+1212;ETHIOPIC SYLLABLE HHI;Lo;0;L;;;;;N;;;;;
+1213;ETHIOPIC SYLLABLE HHAA;Lo;0;L;;;;;N;;;;;
+1214;ETHIOPIC SYLLABLE HHEE;Lo;0;L;;;;;N;;;;;
+1215;ETHIOPIC SYLLABLE HHE;Lo;0;L;;;;;N;;;;;
+1216;ETHIOPIC SYLLABLE HHO;Lo;0;L;;;;;N;;;;;
+1217;ETHIOPIC SYLLABLE HHWA;Lo;0;L;;;;;N;;;;;
+1218;ETHIOPIC SYLLABLE MA;Lo;0;L;;;;;N;;;;;
+1219;ETHIOPIC SYLLABLE MU;Lo;0;L;;;;;N;;;;;
+121A;ETHIOPIC SYLLABLE MI;Lo;0;L;;;;;N;;;;;
+121B;ETHIOPIC SYLLABLE MAA;Lo;0;L;;;;;N;;;;;
+121C;ETHIOPIC SYLLABLE MEE;Lo;0;L;;;;;N;;;;;
+121D;ETHIOPIC SYLLABLE ME;Lo;0;L;;;;;N;;;;;
+121E;ETHIOPIC SYLLABLE MO;Lo;0;L;;;;;N;;;;;
+121F;ETHIOPIC SYLLABLE MWA;Lo;0;L;;;;;N;;;;;
+1220;ETHIOPIC SYLLABLE SZA;Lo;0;L;;;;;N;;;;;
+1221;ETHIOPIC SYLLABLE SZU;Lo;0;L;;;;;N;;;;;
+1222;ETHIOPIC SYLLABLE SZI;Lo;0;L;;;;;N;;;;;
+1223;ETHIOPIC SYLLABLE SZAA;Lo;0;L;;;;;N;;;;;
+1224;ETHIOPIC SYLLABLE SZEE;Lo;0;L;;;;;N;;;;;
+1225;ETHIOPIC SYLLABLE SZE;Lo;0;L;;;;;N;;;;;
+1226;ETHIOPIC SYLLABLE SZO;Lo;0;L;;;;;N;;;;;
+1227;ETHIOPIC SYLLABLE SZWA;Lo;0;L;;;;;N;;;;;
+1228;ETHIOPIC SYLLABLE RA;Lo;0;L;;;;;N;;;;;
+1229;ETHIOPIC SYLLABLE RU;Lo;0;L;;;;;N;;;;;
+122A;ETHIOPIC SYLLABLE RI;Lo;0;L;;;;;N;;;;;
+122B;ETHIOPIC SYLLABLE RAA;Lo;0;L;;;;;N;;;;;
+122C;ETHIOPIC SYLLABLE REE;Lo;0;L;;;;;N;;;;;
+122D;ETHIOPIC SYLLABLE RE;Lo;0;L;;;;;N;;;;;
+122E;ETHIOPIC SYLLABLE RO;Lo;0;L;;;;;N;;;;;
+122F;ETHIOPIC SYLLABLE RWA;Lo;0;L;;;;;N;;;;;
+1230;ETHIOPIC SYLLABLE SA;Lo;0;L;;;;;N;;;;;
+1231;ETHIOPIC SYLLABLE SU;Lo;0;L;;;;;N;;;;;
+1232;ETHIOPIC SYLLABLE SI;Lo;0;L;;;;;N;;;;;
+1233;ETHIOPIC SYLLABLE SAA;Lo;0;L;;;;;N;;;;;
+1234;ETHIOPIC SYLLABLE SEE;Lo;0;L;;;;;N;;;;;
+1235;ETHIOPIC SYLLABLE SE;Lo;0;L;;;;;N;;;;;
+1236;ETHIOPIC SYLLABLE SO;Lo;0;L;;;;;N;;;;;
+1237;ETHIOPIC SYLLABLE SWA;Lo;0;L;;;;;N;;;;;
+1238;ETHIOPIC SYLLABLE SHA;Lo;0;L;;;;;N;;;;;
+1239;ETHIOPIC SYLLABLE SHU;Lo;0;L;;;;;N;;;;;
+123A;ETHIOPIC SYLLABLE SHI;Lo;0;L;;;;;N;;;;;
+123B;ETHIOPIC SYLLABLE SHAA;Lo;0;L;;;;;N;;;;;
+123C;ETHIOPIC SYLLABLE SHEE;Lo;0;L;;;;;N;;;;;
+123D;ETHIOPIC SYLLABLE SHE;Lo;0;L;;;;;N;;;;;
+123E;ETHIOPIC SYLLABLE SHO;Lo;0;L;;;;;N;;;;;
+123F;ETHIOPIC SYLLABLE SHWA;Lo;0;L;;;;;N;;;;;
+1240;ETHIOPIC SYLLABLE QA;Lo;0;L;;;;;N;;;;;
+1241;ETHIOPIC SYLLABLE QU;Lo;0;L;;;;;N;;;;;
+1242;ETHIOPIC SYLLABLE QI;Lo;0;L;;;;;N;;;;;
+1243;ETHIOPIC SYLLABLE QAA;Lo;0;L;;;;;N;;;;;
+1244;ETHIOPIC SYLLABLE QEE;Lo;0;L;;;;;N;;;;;
+1245;ETHIOPIC SYLLABLE QE;Lo;0;L;;;;;N;;;;;
+1246;ETHIOPIC SYLLABLE QO;Lo;0;L;;;;;N;;;;;
+1248;ETHIOPIC SYLLABLE QWA;Lo;0;L;;;;;N;;;;;
+124A;ETHIOPIC SYLLABLE QWI;Lo;0;L;;;;;N;;;;;
+124B;ETHIOPIC SYLLABLE QWAA;Lo;0;L;;;;;N;;;;;
+124C;ETHIOPIC SYLLABLE QWEE;Lo;0;L;;;;;N;;;;;
+124D;ETHIOPIC SYLLABLE QWE;Lo;0;L;;;;;N;;;;;
+1250;ETHIOPIC SYLLABLE QHA;Lo;0;L;;;;;N;;;;;
+1251;ETHIOPIC SYLLABLE QHU;Lo;0;L;;;;;N;;;;;
+1252;ETHIOPIC SYLLABLE QHI;Lo;0;L;;;;;N;;;;;
+1253;ETHIOPIC SYLLABLE QHAA;Lo;0;L;;;;;N;;;;;
+1254;ETHIOPIC SYLLABLE QHEE;Lo;0;L;;;;;N;;;;;
+1255;ETHIOPIC SYLLABLE QHE;Lo;0;L;;;;;N;;;;;
+1256;ETHIOPIC SYLLABLE QHO;Lo;0;L;;;;;N;;;;;
+1258;ETHIOPIC SYLLABLE QHWA;Lo;0;L;;;;;N;;;;;
+125A;ETHIOPIC SYLLABLE QHWI;Lo;0;L;;;;;N;;;;;
+125B;ETHIOPIC SYLLABLE QHWAA;Lo;0;L;;;;;N;;;;;
+125C;ETHIOPIC SYLLABLE QHWEE;Lo;0;L;;;;;N;;;;;
+125D;ETHIOPIC SYLLABLE QHWE;Lo;0;L;;;;;N;;;;;
+1260;ETHIOPIC SYLLABLE BA;Lo;0;L;;;;;N;;;;;
+1261;ETHIOPIC SYLLABLE BU;Lo;0;L;;;;;N;;;;;
+1262;ETHIOPIC SYLLABLE BI;Lo;0;L;;;;;N;;;;;
+1263;ETHIOPIC SYLLABLE BAA;Lo;0;L;;;;;N;;;;;
+1264;ETHIOPIC SYLLABLE BEE;Lo;0;L;;;;;N;;;;;
+1265;ETHIOPIC SYLLABLE BE;Lo;0;L;;;;;N;;;;;
+1266;ETHIOPIC SYLLABLE BO;Lo;0;L;;;;;N;;;;;
+1267;ETHIOPIC SYLLABLE BWA;Lo;0;L;;;;;N;;;;;
+1268;ETHIOPIC SYLLABLE VA;Lo;0;L;;;;;N;;;;;
+1269;ETHIOPIC SYLLABLE VU;Lo;0;L;;;;;N;;;;;
+126A;ETHIOPIC SYLLABLE VI;Lo;0;L;;;;;N;;;;;
+126B;ETHIOPIC SYLLABLE VAA;Lo;0;L;;;;;N;;;;;
+126C;ETHIOPIC SYLLABLE VEE;Lo;0;L;;;;;N;;;;;
+126D;ETHIOPIC SYLLABLE VE;Lo;0;L;;;;;N;;;;;
+126E;ETHIOPIC SYLLABLE VO;Lo;0;L;;;;;N;;;;;
+126F;ETHIOPIC SYLLABLE VWA;Lo;0;L;;;;;N;;;;;
+1270;ETHIOPIC SYLLABLE TA;Lo;0;L;;;;;N;;;;;
+1271;ETHIOPIC SYLLABLE TU;Lo;0;L;;;;;N;;;;;
+1272;ETHIOPIC SYLLABLE TI;Lo;0;L;;;;;N;;;;;
+1273;ETHIOPIC SYLLABLE TAA;Lo;0;L;;;;;N;;;;;
+1274;ETHIOPIC SYLLABLE TEE;Lo;0;L;;;;;N;;;;;
+1275;ETHIOPIC SYLLABLE TE;Lo;0;L;;;;;N;;;;;
+1276;ETHIOPIC SYLLABLE TO;Lo;0;L;;;;;N;;;;;
+1277;ETHIOPIC SYLLABLE TWA;Lo;0;L;;;;;N;;;;;
+1278;ETHIOPIC SYLLABLE CA;Lo;0;L;;;;;N;;;;;
+1279;ETHIOPIC SYLLABLE CU;Lo;0;L;;;;;N;;;;;
+127A;ETHIOPIC SYLLABLE CI;Lo;0;L;;;;;N;;;;;
+127B;ETHIOPIC SYLLABLE CAA;Lo;0;L;;;;;N;;;;;
+127C;ETHIOPIC SYLLABLE CEE;Lo;0;L;;;;;N;;;;;
+127D;ETHIOPIC SYLLABLE CE;Lo;0;L;;;;;N;;;;;
+127E;ETHIOPIC SYLLABLE CO;Lo;0;L;;;;;N;;;;;
+127F;ETHIOPIC SYLLABLE CWA;Lo;0;L;;;;;N;;;;;
+1280;ETHIOPIC SYLLABLE XA;Lo;0;L;;;;;N;;;;;
+1281;ETHIOPIC SYLLABLE XU;Lo;0;L;;;;;N;;;;;
+1282;ETHIOPIC SYLLABLE XI;Lo;0;L;;;;;N;;;;;
+1283;ETHIOPIC SYLLABLE XAA;Lo;0;L;;;;;N;;;;;
+1284;ETHIOPIC SYLLABLE XEE;Lo;0;L;;;;;N;;;;;
+1285;ETHIOPIC SYLLABLE XE;Lo;0;L;;;;;N;;;;;
+1286;ETHIOPIC SYLLABLE XO;Lo;0;L;;;;;N;;;;;
+1288;ETHIOPIC SYLLABLE XWA;Lo;0;L;;;;;N;;;;;
+128A;ETHIOPIC SYLLABLE XWI;Lo;0;L;;;;;N;;;;;
+128B;ETHIOPIC SYLLABLE XWAA;Lo;0;L;;;;;N;;;;;
+128C;ETHIOPIC SYLLABLE XWEE;Lo;0;L;;;;;N;;;;;
+128D;ETHIOPIC SYLLABLE XWE;Lo;0;L;;;;;N;;;;;
+1290;ETHIOPIC SYLLABLE NA;Lo;0;L;;;;;N;;;;;
+1291;ETHIOPIC SYLLABLE NU;Lo;0;L;;;;;N;;;;;
+1292;ETHIOPIC SYLLABLE NI;Lo;0;L;;;;;N;;;;;
+1293;ETHIOPIC SYLLABLE NAA;Lo;0;L;;;;;N;;;;;
+1294;ETHIOPIC SYLLABLE NEE;Lo;0;L;;;;;N;;;;;
+1295;ETHIOPIC SYLLABLE NE;Lo;0;L;;;;;N;;;;;
+1296;ETHIOPIC SYLLABLE NO;Lo;0;L;;;;;N;;;;;
+1297;ETHIOPIC SYLLABLE NWA;Lo;0;L;;;;;N;;;;;
+1298;ETHIOPIC SYLLABLE NYA;Lo;0;L;;;;;N;;;;;
+1299;ETHIOPIC SYLLABLE NYU;Lo;0;L;;;;;N;;;;;
+129A;ETHIOPIC SYLLABLE NYI;Lo;0;L;;;;;N;;;;;
+129B;ETHIOPIC SYLLABLE NYAA;Lo;0;L;;;;;N;;;;;
+129C;ETHIOPIC SYLLABLE NYEE;Lo;0;L;;;;;N;;;;;
+129D;ETHIOPIC SYLLABLE NYE;Lo;0;L;;;;;N;;;;;
+129E;ETHIOPIC SYLLABLE NYO;Lo;0;L;;;;;N;;;;;
+129F;ETHIOPIC SYLLABLE NYWA;Lo;0;L;;;;;N;;;;;
+12A0;ETHIOPIC SYLLABLE GLOTTAL A;Lo;0;L;;;;;N;;;;;
+12A1;ETHIOPIC SYLLABLE GLOTTAL U;Lo;0;L;;;;;N;;;;;
+12A2;ETHIOPIC SYLLABLE GLOTTAL I;Lo;0;L;;;;;N;;;;;
+12A3;ETHIOPIC SYLLABLE GLOTTAL AA;Lo;0;L;;;;;N;;;;;
+12A4;ETHIOPIC SYLLABLE GLOTTAL EE;Lo;0;L;;;;;N;;;;;
+12A5;ETHIOPIC SYLLABLE GLOTTAL E;Lo;0;L;;;;;N;;;;;
+12A6;ETHIOPIC SYLLABLE GLOTTAL O;Lo;0;L;;;;;N;;;;;
+12A7;ETHIOPIC SYLLABLE GLOTTAL WA;Lo;0;L;;;;;N;;;;;
+12A8;ETHIOPIC SYLLABLE KA;Lo;0;L;;;;;N;;;;;
+12A9;ETHIOPIC SYLLABLE KU;Lo;0;L;;;;;N;;;;;
+12AA;ETHIOPIC SYLLABLE KI;Lo;0;L;;;;;N;;;;;
+12AB;ETHIOPIC SYLLABLE KAA;Lo;0;L;;;;;N;;;;;
+12AC;ETHIOPIC SYLLABLE KEE;Lo;0;L;;;;;N;;;;;
+12AD;ETHIOPIC SYLLABLE KE;Lo;0;L;;;;;N;;;;;
+12AE;ETHIOPIC SYLLABLE KO;Lo;0;L;;;;;N;;;;;
+12B0;ETHIOPIC SYLLABLE KWA;Lo;0;L;;;;;N;;;;;
+12B2;ETHIOPIC SYLLABLE KWI;Lo;0;L;;;;;N;;;;;
+12B3;ETHIOPIC SYLLABLE KWAA;Lo;0;L;;;;;N;;;;;
+12B4;ETHIOPIC SYLLABLE KWEE;Lo;0;L;;;;;N;;;;;
+12B5;ETHIOPIC SYLLABLE KWE;Lo;0;L;;;;;N;;;;;
+12B8;ETHIOPIC SYLLABLE KXA;Lo;0;L;;;;;N;;;;;
+12B9;ETHIOPIC SYLLABLE KXU;Lo;0;L;;;;;N;;;;;
+12BA;ETHIOPIC SYLLABLE KXI;Lo;0;L;;;;;N;;;;;
+12BB;ETHIOPIC SYLLABLE KXAA;Lo;0;L;;;;;N;;;;;
+12BC;ETHIOPIC SYLLABLE KXEE;Lo;0;L;;;;;N;;;;;
+12BD;ETHIOPIC SYLLABLE KXE;Lo;0;L;;;;;N;;;;;
+12BE;ETHIOPIC SYLLABLE KXO;Lo;0;L;;;;;N;;;;;
+12C0;ETHIOPIC SYLLABLE KXWA;Lo;0;L;;;;;N;;;;;
+12C2;ETHIOPIC SYLLABLE KXWI;Lo;0;L;;;;;N;;;;;
+12C3;ETHIOPIC SYLLABLE KXWAA;Lo;0;L;;;;;N;;;;;
+12C4;ETHIOPIC SYLLABLE KXWEE;Lo;0;L;;;;;N;;;;;
+12C5;ETHIOPIC SYLLABLE KXWE;Lo;0;L;;;;;N;;;;;
+12C8;ETHIOPIC SYLLABLE WA;Lo;0;L;;;;;N;;;;;
+12C9;ETHIOPIC SYLLABLE WU;Lo;0;L;;;;;N;;;;;
+12CA;ETHIOPIC SYLLABLE WI;Lo;0;L;;;;;N;;;;;
+12CB;ETHIOPIC SYLLABLE WAA;Lo;0;L;;;;;N;;;;;
+12CC;ETHIOPIC SYLLABLE WEE;Lo;0;L;;;;;N;;;;;
+12CD;ETHIOPIC SYLLABLE WE;Lo;0;L;;;;;N;;;;;
+12CE;ETHIOPIC SYLLABLE WO;Lo;0;L;;;;;N;;;;;
+12D0;ETHIOPIC SYLLABLE PHARYNGEAL A;Lo;0;L;;;;;N;;;;;
+12D1;ETHIOPIC SYLLABLE PHARYNGEAL U;Lo;0;L;;;;;N;;;;;
+12D2;ETHIOPIC SYLLABLE PHARYNGEAL I;Lo;0;L;;;;;N;;;;;
+12D3;ETHIOPIC SYLLABLE PHARYNGEAL AA;Lo;0;L;;;;;N;;;;;
+12D4;ETHIOPIC SYLLABLE PHARYNGEAL EE;Lo;0;L;;;;;N;;;;;
+12D5;ETHIOPIC SYLLABLE PHARYNGEAL E;Lo;0;L;;;;;N;;;;;
+12D6;ETHIOPIC SYLLABLE PHARYNGEAL O;Lo;0;L;;;;;N;;;;;
+12D8;ETHIOPIC SYLLABLE ZA;Lo;0;L;;;;;N;;;;;
+12D9;ETHIOPIC SYLLABLE ZU;Lo;0;L;;;;;N;;;;;
+12DA;ETHIOPIC SYLLABLE ZI;Lo;0;L;;;;;N;;;;;
+12DB;ETHIOPIC SYLLABLE ZAA;Lo;0;L;;;;;N;;;;;
+12DC;ETHIOPIC SYLLABLE ZEE;Lo;0;L;;;;;N;;;;;
+12DD;ETHIOPIC SYLLABLE ZE;Lo;0;L;;;;;N;;;;;
+12DE;ETHIOPIC SYLLABLE ZO;Lo;0;L;;;;;N;;;;;
+12DF;ETHIOPIC SYLLABLE ZWA;Lo;0;L;;;;;N;;;;;
+12E0;ETHIOPIC SYLLABLE ZHA;Lo;0;L;;;;;N;;;;;
+12E1;ETHIOPIC SYLLABLE ZHU;Lo;0;L;;;;;N;;;;;
+12E2;ETHIOPIC SYLLABLE ZHI;Lo;0;L;;;;;N;;;;;
+12E3;ETHIOPIC SYLLABLE ZHAA;Lo;0;L;;;;;N;;;;;
+12E4;ETHIOPIC SYLLABLE ZHEE;Lo;0;L;;;;;N;;;;;
+12E5;ETHIOPIC SYLLABLE ZHE;Lo;0;L;;;;;N;;;;;
+12E6;ETHIOPIC SYLLABLE ZHO;Lo;0;L;;;;;N;;;;;
+12E7;ETHIOPIC SYLLABLE ZHWA;Lo;0;L;;;;;N;;;;;
+12E8;ETHIOPIC SYLLABLE YA;Lo;0;L;;;;;N;;;;;
+12E9;ETHIOPIC SYLLABLE YU;Lo;0;L;;;;;N;;;;;
+12EA;ETHIOPIC SYLLABLE YI;Lo;0;L;;;;;N;;;;;
+12EB;ETHIOPIC SYLLABLE YAA;Lo;0;L;;;;;N;;;;;
+12EC;ETHIOPIC SYLLABLE YEE;Lo;0;L;;;;;N;;;;;
+12ED;ETHIOPIC SYLLABLE YE;Lo;0;L;;;;;N;;;;;
+12EE;ETHIOPIC SYLLABLE YO;Lo;0;L;;;;;N;;;;;
+12F0;ETHIOPIC SYLLABLE DA;Lo;0;L;;;;;N;;;;;
+12F1;ETHIOPIC SYLLABLE DU;Lo;0;L;;;;;N;;;;;
+12F2;ETHIOPIC SYLLABLE DI;Lo;0;L;;;;;N;;;;;
+12F3;ETHIOPIC SYLLABLE DAA;Lo;0;L;;;;;N;;;;;
+12F4;ETHIOPIC SYLLABLE DEE;Lo;0;L;;;;;N;;;;;
+12F5;ETHIOPIC SYLLABLE DE;Lo;0;L;;;;;N;;;;;
+12F6;ETHIOPIC SYLLABLE DO;Lo;0;L;;;;;N;;;;;
+12F7;ETHIOPIC SYLLABLE DWA;Lo;0;L;;;;;N;;;;;
+12F8;ETHIOPIC SYLLABLE DDA;Lo;0;L;;;;;N;;;;;
+12F9;ETHIOPIC SYLLABLE DDU;Lo;0;L;;;;;N;;;;;
+12FA;ETHIOPIC SYLLABLE DDI;Lo;0;L;;;;;N;;;;;
+12FB;ETHIOPIC SYLLABLE DDAA;Lo;0;L;;;;;N;;;;;
+12FC;ETHIOPIC SYLLABLE DDEE;Lo;0;L;;;;;N;;;;;
+12FD;ETHIOPIC SYLLABLE DDE;Lo;0;L;;;;;N;;;;;
+12FE;ETHIOPIC SYLLABLE DDO;Lo;0;L;;;;;N;;;;;
+12FF;ETHIOPIC SYLLABLE DDWA;Lo;0;L;;;;;N;;;;;
+1300;ETHIOPIC SYLLABLE JA;Lo;0;L;;;;;N;;;;;
+1301;ETHIOPIC SYLLABLE JU;Lo;0;L;;;;;N;;;;;
+1302;ETHIOPIC SYLLABLE JI;Lo;0;L;;;;;N;;;;;
+1303;ETHIOPIC SYLLABLE JAA;Lo;0;L;;;;;N;;;;;
+1304;ETHIOPIC SYLLABLE JEE;Lo;0;L;;;;;N;;;;;
+1305;ETHIOPIC SYLLABLE JE;Lo;0;L;;;;;N;;;;;
+1306;ETHIOPIC SYLLABLE JO;Lo;0;L;;;;;N;;;;;
+1307;ETHIOPIC SYLLABLE JWA;Lo;0;L;;;;;N;;;;;
+1308;ETHIOPIC SYLLABLE GA;Lo;0;L;;;;;N;;;;;
+1309;ETHIOPIC SYLLABLE GU;Lo;0;L;;;;;N;;;;;
+130A;ETHIOPIC SYLLABLE GI;Lo;0;L;;;;;N;;;;;
+130B;ETHIOPIC SYLLABLE GAA;Lo;0;L;;;;;N;;;;;
+130C;ETHIOPIC SYLLABLE GEE;Lo;0;L;;;;;N;;;;;
+130D;ETHIOPIC SYLLABLE GE;Lo;0;L;;;;;N;;;;;
+130E;ETHIOPIC SYLLABLE GO;Lo;0;L;;;;;N;;;;;
+1310;ETHIOPIC SYLLABLE GWA;Lo;0;L;;;;;N;;;;;
+1312;ETHIOPIC SYLLABLE GWI;Lo;0;L;;;;;N;;;;;
+1313;ETHIOPIC SYLLABLE GWAA;Lo;0;L;;;;;N;;;;;
+1314;ETHIOPIC SYLLABLE GWEE;Lo;0;L;;;;;N;;;;;
+1315;ETHIOPIC SYLLABLE GWE;Lo;0;L;;;;;N;;;;;
+1318;ETHIOPIC SYLLABLE GGA;Lo;0;L;;;;;N;;;;;
+1319;ETHIOPIC SYLLABLE GGU;Lo;0;L;;;;;N;;;;;
+131A;ETHIOPIC SYLLABLE GGI;Lo;0;L;;;;;N;;;;;
+131B;ETHIOPIC SYLLABLE GGAA;Lo;0;L;;;;;N;;;;;
+131C;ETHIOPIC SYLLABLE GGEE;Lo;0;L;;;;;N;;;;;
+131D;ETHIOPIC SYLLABLE GGE;Lo;0;L;;;;;N;;;;;
+131E;ETHIOPIC SYLLABLE GGO;Lo;0;L;;;;;N;;;;;
+1320;ETHIOPIC SYLLABLE THA;Lo;0;L;;;;;N;;;;;
+1321;ETHIOPIC SYLLABLE THU;Lo;0;L;;;;;N;;;;;
+1322;ETHIOPIC SYLLABLE THI;Lo;0;L;;;;;N;;;;;
+1323;ETHIOPIC SYLLABLE THAA;Lo;0;L;;;;;N;;;;;
+1324;ETHIOPIC SYLLABLE THEE;Lo;0;L;;;;;N;;;;;
+1325;ETHIOPIC SYLLABLE THE;Lo;0;L;;;;;N;;;;;
+1326;ETHIOPIC SYLLABLE THO;Lo;0;L;;;;;N;;;;;
+1327;ETHIOPIC SYLLABLE THWA;Lo;0;L;;;;;N;;;;;
+1328;ETHIOPIC SYLLABLE CHA;Lo;0;L;;;;;N;;;;;
+1329;ETHIOPIC SYLLABLE CHU;Lo;0;L;;;;;N;;;;;
+132A;ETHIOPIC SYLLABLE CHI;Lo;0;L;;;;;N;;;;;
+132B;ETHIOPIC SYLLABLE CHAA;Lo;0;L;;;;;N;;;;;
+132C;ETHIOPIC SYLLABLE CHEE;Lo;0;L;;;;;N;;;;;
+132D;ETHIOPIC SYLLABLE CHE;Lo;0;L;;;;;N;;;;;
+132E;ETHIOPIC SYLLABLE CHO;Lo;0;L;;;;;N;;;;;
+132F;ETHIOPIC SYLLABLE CHWA;Lo;0;L;;;;;N;;;;;
+1330;ETHIOPIC SYLLABLE PHA;Lo;0;L;;;;;N;;;;;
+1331;ETHIOPIC SYLLABLE PHU;Lo;0;L;;;;;N;;;;;
+1332;ETHIOPIC SYLLABLE PHI;Lo;0;L;;;;;N;;;;;
+1333;ETHIOPIC SYLLABLE PHAA;Lo;0;L;;;;;N;;;;;
+1334;ETHIOPIC SYLLABLE PHEE;Lo;0;L;;;;;N;;;;;
+1335;ETHIOPIC SYLLABLE PHE;Lo;0;L;;;;;N;;;;;
+1336;ETHIOPIC SYLLABLE PHO;Lo;0;L;;;;;N;;;;;
+1337;ETHIOPIC SYLLABLE PHWA;Lo;0;L;;;;;N;;;;;
+1338;ETHIOPIC SYLLABLE TSA;Lo;0;L;;;;;N;;;;;
+1339;ETHIOPIC SYLLABLE TSU;Lo;0;L;;;;;N;;;;;
+133A;ETHIOPIC SYLLABLE TSI;Lo;0;L;;;;;N;;;;;
+133B;ETHIOPIC SYLLABLE TSAA;Lo;0;L;;;;;N;;;;;
+133C;ETHIOPIC SYLLABLE TSEE;Lo;0;L;;;;;N;;;;;
+133D;ETHIOPIC SYLLABLE TSE;Lo;0;L;;;;;N;;;;;
+133E;ETHIOPIC SYLLABLE TSO;Lo;0;L;;;;;N;;;;;
+133F;ETHIOPIC SYLLABLE TSWA;Lo;0;L;;;;;N;;;;;
+1340;ETHIOPIC SYLLABLE TZA;Lo;0;L;;;;;N;;;;;
+1341;ETHIOPIC SYLLABLE TZU;Lo;0;L;;;;;N;;;;;
+1342;ETHIOPIC SYLLABLE TZI;Lo;0;L;;;;;N;;;;;
+1343;ETHIOPIC SYLLABLE TZAA;Lo;0;L;;;;;N;;;;;
+1344;ETHIOPIC SYLLABLE TZEE;Lo;0;L;;;;;N;;;;;
+1345;ETHIOPIC SYLLABLE TZE;Lo;0;L;;;;;N;;;;;
+1346;ETHIOPIC SYLLABLE TZO;Lo;0;L;;;;;N;;;;;
+1348;ETHIOPIC SYLLABLE FA;Lo;0;L;;;;;N;;;;;
+1349;ETHIOPIC SYLLABLE FU;Lo;0;L;;;;;N;;;;;
+134A;ETHIOPIC SYLLABLE FI;Lo;0;L;;;;;N;;;;;
+134B;ETHIOPIC SYLLABLE FAA;Lo;0;L;;;;;N;;;;;
+134C;ETHIOPIC SYLLABLE FEE;Lo;0;L;;;;;N;;;;;
+134D;ETHIOPIC SYLLABLE FE;Lo;0;L;;;;;N;;;;;
+134E;ETHIOPIC SYLLABLE FO;Lo;0;L;;;;;N;;;;;
+134F;ETHIOPIC SYLLABLE FWA;Lo;0;L;;;;;N;;;;;
+1350;ETHIOPIC SYLLABLE PA;Lo;0;L;;;;;N;;;;;
+1351;ETHIOPIC SYLLABLE PU;Lo;0;L;;;;;N;;;;;
+1352;ETHIOPIC SYLLABLE PI;Lo;0;L;;;;;N;;;;;
+1353;ETHIOPIC SYLLABLE PAA;Lo;0;L;;;;;N;;;;;
+1354;ETHIOPIC SYLLABLE PEE;Lo;0;L;;;;;N;;;;;
+1355;ETHIOPIC SYLLABLE PE;Lo;0;L;;;;;N;;;;;
+1356;ETHIOPIC SYLLABLE PO;Lo;0;L;;;;;N;;;;;
+1357;ETHIOPIC SYLLABLE PWA;Lo;0;L;;;;;N;;;;;
+1358;ETHIOPIC SYLLABLE RYA;Lo;0;L;;;;;N;;;;;
+1359;ETHIOPIC SYLLABLE MYA;Lo;0;L;;;;;N;;;;;
+135A;ETHIOPIC SYLLABLE FYA;Lo;0;L;;;;;N;;;;;
+1361;ETHIOPIC WORDSPACE;Po;0;L;;;;;N;;;;;
+1362;ETHIOPIC FULL STOP;Po;0;L;;;;;N;;;;;
+1363;ETHIOPIC COMMA;Po;0;L;;;;;N;;;;;
+1364;ETHIOPIC SEMICOLON;Po;0;L;;;;;N;;;;;
+1365;ETHIOPIC COLON;Po;0;L;;;;;N;;;;;
+1366;ETHIOPIC PREFACE COLON;Po;0;L;;;;;N;;;;;
+1367;ETHIOPIC QUESTION MARK;Po;0;L;;;;;N;;;;;
+1368;ETHIOPIC PARAGRAPH SEPARATOR;Po;0;L;;;;;N;;;;;
+1369;ETHIOPIC DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+136A;ETHIOPIC DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+136B;ETHIOPIC DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+136C;ETHIOPIC DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+136D;ETHIOPIC DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+136E;ETHIOPIC DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+136F;ETHIOPIC DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+1370;ETHIOPIC DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+1371;ETHIOPIC DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+1372;ETHIOPIC NUMBER TEN;No;0;L;;;;10;N;;;;;
+1373;ETHIOPIC NUMBER TWENTY;No;0;L;;;;20;N;;;;;
+1374;ETHIOPIC NUMBER THIRTY;No;0;L;;;;30;N;;;;;
+1375;ETHIOPIC NUMBER FORTY;No;0;L;;;;40;N;;;;;
+1376;ETHIOPIC NUMBER FIFTY;No;0;L;;;;50;N;;;;;
+1377;ETHIOPIC NUMBER SIXTY;No;0;L;;;;60;N;;;;;
+1378;ETHIOPIC NUMBER SEVENTY;No;0;L;;;;70;N;;;;;
+1379;ETHIOPIC NUMBER EIGHTY;No;0;L;;;;80;N;;;;;
+137A;ETHIOPIC NUMBER NINETY;No;0;L;;;;90;N;;;;;
+137B;ETHIOPIC NUMBER HUNDRED;No;0;L;;;;100;N;;;;;
+137C;ETHIOPIC NUMBER TEN THOUSAND;No;0;L;;;;10000;N;;;;;
+13A0;CHEROKEE LETTER A;Lo;0;L;;;;;N;;;;;
+13A1;CHEROKEE LETTER E;Lo;0;L;;;;;N;;;;;
+13A2;CHEROKEE LETTER I;Lo;0;L;;;;;N;;;;;
+13A3;CHEROKEE LETTER O;Lo;0;L;;;;;N;;;;;
+13A4;CHEROKEE LETTER U;Lo;0;L;;;;;N;;;;;
+13A5;CHEROKEE LETTER V;Lo;0;L;;;;;N;;;;;
+13A6;CHEROKEE LETTER GA;Lo;0;L;;;;;N;;;;;
+13A7;CHEROKEE LETTER KA;Lo;0;L;;;;;N;;;;;
+13A8;CHEROKEE LETTER GE;Lo;0;L;;;;;N;;;;;
+13A9;CHEROKEE LETTER GI;Lo;0;L;;;;;N;;;;;
+13AA;CHEROKEE LETTER GO;Lo;0;L;;;;;N;;;;;
+13AB;CHEROKEE LETTER GU;Lo;0;L;;;;;N;;;;;
+13AC;CHEROKEE LETTER GV;Lo;0;L;;;;;N;;;;;
+13AD;CHEROKEE LETTER HA;Lo;0;L;;;;;N;;;;;
+13AE;CHEROKEE LETTER HE;Lo;0;L;;;;;N;;;;;
+13AF;CHEROKEE LETTER HI;Lo;0;L;;;;;N;;;;;
+13B0;CHEROKEE LETTER HO;Lo;0;L;;;;;N;;;;;
+13B1;CHEROKEE LETTER HU;Lo;0;L;;;;;N;;;;;
+13B2;CHEROKEE LETTER HV;Lo;0;L;;;;;N;;;;;
+13B3;CHEROKEE LETTER LA;Lo;0;L;;;;;N;;;;;
+13B4;CHEROKEE LETTER LE;Lo;0;L;;;;;N;;;;;
+13B5;CHEROKEE LETTER LI;Lo;0;L;;;;;N;;;;;
+13B6;CHEROKEE LETTER LO;Lo;0;L;;;;;N;;;;;
+13B7;CHEROKEE LETTER LU;Lo;0;L;;;;;N;;;;;
+13B8;CHEROKEE LETTER LV;Lo;0;L;;;;;N;;;;;
+13B9;CHEROKEE LETTER MA;Lo;0;L;;;;;N;;;;;
+13BA;CHEROKEE LETTER ME;Lo;0;L;;;;;N;;;;;
+13BB;CHEROKEE LETTER MI;Lo;0;L;;;;;N;;;;;
+13BC;CHEROKEE LETTER MO;Lo;0;L;;;;;N;;;;;
+13BD;CHEROKEE LETTER MU;Lo;0;L;;;;;N;;;;;
+13BE;CHEROKEE LETTER NA;Lo;0;L;;;;;N;;;;;
+13BF;CHEROKEE LETTER HNA;Lo;0;L;;;;;N;;;;;
+13C0;CHEROKEE LETTER NAH;Lo;0;L;;;;;N;;;;;
+13C1;CHEROKEE LETTER NE;Lo;0;L;;;;;N;;;;;
+13C2;CHEROKEE LETTER NI;Lo;0;L;;;;;N;;;;;
+13C3;CHEROKEE LETTER NO;Lo;0;L;;;;;N;;;;;
+13C4;CHEROKEE LETTER NU;Lo;0;L;;;;;N;;;;;
+13C5;CHEROKEE LETTER NV;Lo;0;L;;;;;N;;;;;
+13C6;CHEROKEE LETTER QUA;Lo;0;L;;;;;N;;;;;
+13C7;CHEROKEE LETTER QUE;Lo;0;L;;;;;N;;;;;
+13C8;CHEROKEE LETTER QUI;Lo;0;L;;;;;N;;;;;
+13C9;CHEROKEE LETTER QUO;Lo;0;L;;;;;N;;;;;
+13CA;CHEROKEE LETTER QUU;Lo;0;L;;;;;N;;;;;
+13CB;CHEROKEE LETTER QUV;Lo;0;L;;;;;N;;;;;
+13CC;CHEROKEE LETTER SA;Lo;0;L;;;;;N;;;;;
+13CD;CHEROKEE LETTER S;Lo;0;L;;;;;N;;;;;
+13CE;CHEROKEE LETTER SE;Lo;0;L;;;;;N;;;;;
+13CF;CHEROKEE LETTER SI;Lo;0;L;;;;;N;;;;;
+13D0;CHEROKEE LETTER SO;Lo;0;L;;;;;N;;;;;
+13D1;CHEROKEE LETTER SU;Lo;0;L;;;;;N;;;;;
+13D2;CHEROKEE LETTER SV;Lo;0;L;;;;;N;;;;;
+13D3;CHEROKEE LETTER DA;Lo;0;L;;;;;N;;;;;
+13D4;CHEROKEE LETTER TA;Lo;0;L;;;;;N;;;;;
+13D5;CHEROKEE LETTER DE;Lo;0;L;;;;;N;;;;;
+13D6;CHEROKEE LETTER TE;Lo;0;L;;;;;N;;;;;
+13D7;CHEROKEE LETTER DI;Lo;0;L;;;;;N;;;;;
+13D8;CHEROKEE LETTER TI;Lo;0;L;;;;;N;;;;;
+13D9;CHEROKEE LETTER DO;Lo;0;L;;;;;N;;;;;
+13DA;CHEROKEE LETTER DU;Lo;0;L;;;;;N;;;;;
+13DB;CHEROKEE LETTER DV;Lo;0;L;;;;;N;;;;;
+13DC;CHEROKEE LETTER DLA;Lo;0;L;;;;;N;;;;;
+13DD;CHEROKEE LETTER TLA;Lo;0;L;;;;;N;;;;;
+13DE;CHEROKEE LETTER TLE;Lo;0;L;;;;;N;;;;;
+13DF;CHEROKEE LETTER TLI;Lo;0;L;;;;;N;;;;;
+13E0;CHEROKEE LETTER TLO;Lo;0;L;;;;;N;;;;;
+13E1;CHEROKEE LETTER TLU;Lo;0;L;;;;;N;;;;;
+13E2;CHEROKEE LETTER TLV;Lo;0;L;;;;;N;;;;;
+13E3;CHEROKEE LETTER TSA;Lo;0;L;;;;;N;;;;;
+13E4;CHEROKEE LETTER TSE;Lo;0;L;;;;;N;;;;;
+13E5;CHEROKEE LETTER TSI;Lo;0;L;;;;;N;;;;;
+13E6;CHEROKEE LETTER TSO;Lo;0;L;;;;;N;;;;;
+13E7;CHEROKEE LETTER TSU;Lo;0;L;;;;;N;;;;;
+13E8;CHEROKEE LETTER TSV;Lo;0;L;;;;;N;;;;;
+13E9;CHEROKEE LETTER WA;Lo;0;L;;;;;N;;;;;
+13EA;CHEROKEE LETTER WE;Lo;0;L;;;;;N;;;;;
+13EB;CHEROKEE LETTER WI;Lo;0;L;;;;;N;;;;;
+13EC;CHEROKEE LETTER WO;Lo;0;L;;;;;N;;;;;
+13ED;CHEROKEE LETTER WU;Lo;0;L;;;;;N;;;;;
+13EE;CHEROKEE LETTER WV;Lo;0;L;;;;;N;;;;;
+13EF;CHEROKEE LETTER YA;Lo;0;L;;;;;N;;;;;
+13F0;CHEROKEE LETTER YE;Lo;0;L;;;;;N;;;;;
+13F1;CHEROKEE LETTER YI;Lo;0;L;;;;;N;;;;;
+13F2;CHEROKEE LETTER YO;Lo;0;L;;;;;N;;;;;
+13F3;CHEROKEE LETTER YU;Lo;0;L;;;;;N;;;;;
+13F4;CHEROKEE LETTER YV;Lo;0;L;;;;;N;;;;;
+1401;CANADIAN SYLLABICS E;Lo;0;L;;;;;N;;;;;
+1402;CANADIAN SYLLABICS AAI;Lo;0;L;;;;;N;;;;;
+1403;CANADIAN SYLLABICS I;Lo;0;L;;;;;N;;;;;
+1404;CANADIAN SYLLABICS II;Lo;0;L;;;;;N;;;;;
+1405;CANADIAN SYLLABICS O;Lo;0;L;;;;;N;;;;;
+1406;CANADIAN SYLLABICS OO;Lo;0;L;;;;;N;;;;;
+1407;CANADIAN SYLLABICS Y-CREE OO;Lo;0;L;;;;;N;;;;;
+1408;CANADIAN SYLLABICS CARRIER EE;Lo;0;L;;;;;N;;;;;
+1409;CANADIAN SYLLABICS CARRIER I;Lo;0;L;;;;;N;;;;;
+140A;CANADIAN SYLLABICS A;Lo;0;L;;;;;N;;;;;
+140B;CANADIAN SYLLABICS AA;Lo;0;L;;;;;N;;;;;
+140C;CANADIAN SYLLABICS WE;Lo;0;L;;;;;N;;;;;
+140D;CANADIAN SYLLABICS WEST-CREE WE;Lo;0;L;;;;;N;;;;;
+140E;CANADIAN SYLLABICS WI;Lo;0;L;;;;;N;;;;;
+140F;CANADIAN SYLLABICS WEST-CREE WI;Lo;0;L;;;;;N;;;;;
+1410;CANADIAN SYLLABICS WII;Lo;0;L;;;;;N;;;;;
+1411;CANADIAN SYLLABICS WEST-CREE WII;Lo;0;L;;;;;N;;;;;
+1412;CANADIAN SYLLABICS WO;Lo;0;L;;;;;N;;;;;
+1413;CANADIAN SYLLABICS WEST-CREE WO;Lo;0;L;;;;;N;;;;;
+1414;CANADIAN SYLLABICS WOO;Lo;0;L;;;;;N;;;;;
+1415;CANADIAN SYLLABICS WEST-CREE WOO;Lo;0;L;;;;;N;;;;;
+1416;CANADIAN SYLLABICS NASKAPI WOO;Lo;0;L;;;;;N;;;;;
+1417;CANADIAN SYLLABICS WA;Lo;0;L;;;;;N;;;;;
+1418;CANADIAN SYLLABICS WEST-CREE WA;Lo;0;L;;;;;N;;;;;
+1419;CANADIAN SYLLABICS WAA;Lo;0;L;;;;;N;;;;;
+141A;CANADIAN SYLLABICS WEST-CREE WAA;Lo;0;L;;;;;N;;;;;
+141B;CANADIAN SYLLABICS NASKAPI WAA;Lo;0;L;;;;;N;;;;;
+141C;CANADIAN SYLLABICS AI;Lo;0;L;;;;;N;;;;;
+141D;CANADIAN SYLLABICS Y-CREE W;Lo;0;L;;;;;N;;;;;
+141E;CANADIAN SYLLABICS GLOTTAL STOP;Lo;0;L;;;;;N;;;;;
+141F;CANADIAN SYLLABICS FINAL ACUTE;Lo;0;L;;;;;N;;;;;
+1420;CANADIAN SYLLABICS FINAL GRAVE;Lo;0;L;;;;;N;;;;;
+1421;CANADIAN SYLLABICS FINAL BOTTOM HALF RING;Lo;0;L;;;;;N;;;;;
+1422;CANADIAN SYLLABICS FINAL TOP HALF RING;Lo;0;L;;;;;N;;;;;
+1423;CANADIAN SYLLABICS FINAL RIGHT HALF RING;Lo;0;L;;;;;N;;;;;
+1424;CANADIAN SYLLABICS FINAL RING;Lo;0;L;;;;;N;;;;;
+1425;CANADIAN SYLLABICS FINAL DOUBLE ACUTE;Lo;0;L;;;;;N;;;;;
+1426;CANADIAN SYLLABICS FINAL DOUBLE SHORT VERTICAL STROKES;Lo;0;L;;;;;N;;;;;
+1427;CANADIAN SYLLABICS FINAL MIDDLE DOT;Lo;0;L;;;;;N;;;;;
+1428;CANADIAN SYLLABICS FINAL SHORT HORIZONTAL STROKE;Lo;0;L;;;;;N;;;;;
+1429;CANADIAN SYLLABICS FINAL PLUS;Lo;0;L;;;;;N;;;;;
+142A;CANADIAN SYLLABICS FINAL DOWN TACK;Lo;0;L;;;;;N;;;;;
+142B;CANADIAN SYLLABICS EN;Lo;0;L;;;;;N;;;;;
+142C;CANADIAN SYLLABICS IN;Lo;0;L;;;;;N;;;;;
+142D;CANADIAN SYLLABICS ON;Lo;0;L;;;;;N;;;;;
+142E;CANADIAN SYLLABICS AN;Lo;0;L;;;;;N;;;;;
+142F;CANADIAN SYLLABICS PE;Lo;0;L;;;;;N;;;;;
+1430;CANADIAN SYLLABICS PAAI;Lo;0;L;;;;;N;;;;;
+1431;CANADIAN SYLLABICS PI;Lo;0;L;;;;;N;;;;;
+1432;CANADIAN SYLLABICS PII;Lo;0;L;;;;;N;;;;;
+1433;CANADIAN SYLLABICS PO;Lo;0;L;;;;;N;;;;;
+1434;CANADIAN SYLLABICS POO;Lo;0;L;;;;;N;;;;;
+1435;CANADIAN SYLLABICS Y-CREE POO;Lo;0;L;;;;;N;;;;;
+1436;CANADIAN SYLLABICS CARRIER HEE;Lo;0;L;;;;;N;;;;;
+1437;CANADIAN SYLLABICS CARRIER HI;Lo;0;L;;;;;N;;;;;
+1438;CANADIAN SYLLABICS PA;Lo;0;L;;;;;N;;;;;
+1439;CANADIAN SYLLABICS PAA;Lo;0;L;;;;;N;;;;;
+143A;CANADIAN SYLLABICS PWE;Lo;0;L;;;;;N;;;;;
+143B;CANADIAN SYLLABICS WEST-CREE PWE;Lo;0;L;;;;;N;;;;;
+143C;CANADIAN SYLLABICS PWI;Lo;0;L;;;;;N;;;;;
+143D;CANADIAN SYLLABICS WEST-CREE PWI;Lo;0;L;;;;;N;;;;;
+143E;CANADIAN SYLLABICS PWII;Lo;0;L;;;;;N;;;;;
+143F;CANADIAN SYLLABICS WEST-CREE PWII;Lo;0;L;;;;;N;;;;;
+1440;CANADIAN SYLLABICS PWO;Lo;0;L;;;;;N;;;;;
+1441;CANADIAN SYLLABICS WEST-CREE PWO;Lo;0;L;;;;;N;;;;;
+1442;CANADIAN SYLLABICS PWOO;Lo;0;L;;;;;N;;;;;
+1443;CANADIAN SYLLABICS WEST-CREE PWOO;Lo;0;L;;;;;N;;;;;
+1444;CANADIAN SYLLABICS PWA;Lo;0;L;;;;;N;;;;;
+1445;CANADIAN SYLLABICS WEST-CREE PWA;Lo;0;L;;;;;N;;;;;
+1446;CANADIAN SYLLABICS PWAA;Lo;0;L;;;;;N;;;;;
+1447;CANADIAN SYLLABICS WEST-CREE PWAA;Lo;0;L;;;;;N;;;;;
+1448;CANADIAN SYLLABICS Y-CREE PWAA;Lo;0;L;;;;;N;;;;;
+1449;CANADIAN SYLLABICS P;Lo;0;L;;;;;N;;;;;
+144A;CANADIAN SYLLABICS WEST-CREE P;Lo;0;L;;;;;N;;;;;
+144B;CANADIAN SYLLABICS CARRIER H;Lo;0;L;;;;;N;;;;;
+144C;CANADIAN SYLLABICS TE;Lo;0;L;;;;;N;;;;;
+144D;CANADIAN SYLLABICS TAAI;Lo;0;L;;;;;N;;;;;
+144E;CANADIAN SYLLABICS TI;Lo;0;L;;;;;N;;;;;
+144F;CANADIAN SYLLABICS TII;Lo;0;L;;;;;N;;;;;
+1450;CANADIAN SYLLABICS TO;Lo;0;L;;;;;N;;;;;
+1451;CANADIAN SYLLABICS TOO;Lo;0;L;;;;;N;;;;;
+1452;CANADIAN SYLLABICS Y-CREE TOO;Lo;0;L;;;;;N;;;;;
+1453;CANADIAN SYLLABICS CARRIER DEE;Lo;0;L;;;;;N;;;;;
+1454;CANADIAN SYLLABICS CARRIER DI;Lo;0;L;;;;;N;;;;;
+1455;CANADIAN SYLLABICS TA;Lo;0;L;;;;;N;;;;;
+1456;CANADIAN SYLLABICS TAA;Lo;0;L;;;;;N;;;;;
+1457;CANADIAN SYLLABICS TWE;Lo;0;L;;;;;N;;;;;
+1458;CANADIAN SYLLABICS WEST-CREE TWE;Lo;0;L;;;;;N;;;;;
+1459;CANADIAN SYLLABICS TWI;Lo;0;L;;;;;N;;;;;
+145A;CANADIAN SYLLABICS WEST-CREE TWI;Lo;0;L;;;;;N;;;;;
+145B;CANADIAN SYLLABICS TWII;Lo;0;L;;;;;N;;;;;
+145C;CANADIAN SYLLABICS WEST-CREE TWII;Lo;0;L;;;;;N;;;;;
+145D;CANADIAN SYLLABICS TWO;Lo;0;L;;;;;N;;;;;
+145E;CANADIAN SYLLABICS WEST-CREE TWO;Lo;0;L;;;;;N;;;;;
+145F;CANADIAN SYLLABICS TWOO;Lo;0;L;;;;;N;;;;;
+1460;CANADIAN SYLLABICS WEST-CREE TWOO;Lo;0;L;;;;;N;;;;;
+1461;CANADIAN SYLLABICS TWA;Lo;0;L;;;;;N;;;;;
+1462;CANADIAN SYLLABICS WEST-CREE TWA;Lo;0;L;;;;;N;;;;;
+1463;CANADIAN SYLLABICS TWAA;Lo;0;L;;;;;N;;;;;
+1464;CANADIAN SYLLABICS WEST-CREE TWAA;Lo;0;L;;;;;N;;;;;
+1465;CANADIAN SYLLABICS NASKAPI TWAA;Lo;0;L;;;;;N;;;;;
+1466;CANADIAN SYLLABICS T;Lo;0;L;;;;;N;;;;;
+1467;CANADIAN SYLLABICS TTE;Lo;0;L;;;;;N;;;;;
+1468;CANADIAN SYLLABICS TTI;Lo;0;L;;;;;N;;;;;
+1469;CANADIAN SYLLABICS TTO;Lo;0;L;;;;;N;;;;;
+146A;CANADIAN SYLLABICS TTA;Lo;0;L;;;;;N;;;;;
+146B;CANADIAN SYLLABICS KE;Lo;0;L;;;;;N;;;;;
+146C;CANADIAN SYLLABICS KAAI;Lo;0;L;;;;;N;;;;;
+146D;CANADIAN SYLLABICS KI;Lo;0;L;;;;;N;;;;;
+146E;CANADIAN SYLLABICS KII;Lo;0;L;;;;;N;;;;;
+146F;CANADIAN SYLLABICS KO;Lo;0;L;;;;;N;;;;;
+1470;CANADIAN SYLLABICS KOO;Lo;0;L;;;;;N;;;;;
+1471;CANADIAN SYLLABICS Y-CREE KOO;Lo;0;L;;;;;N;;;;;
+1472;CANADIAN SYLLABICS KA;Lo;0;L;;;;;N;;;;;
+1473;CANADIAN SYLLABICS KAA;Lo;0;L;;;;;N;;;;;
+1474;CANADIAN SYLLABICS KWE;Lo;0;L;;;;;N;;;;;
+1475;CANADIAN SYLLABICS WEST-CREE KWE;Lo;0;L;;;;;N;;;;;
+1476;CANADIAN SYLLABICS KWI;Lo;0;L;;;;;N;;;;;
+1477;CANADIAN SYLLABICS WEST-CREE KWI;Lo;0;L;;;;;N;;;;;
+1478;CANADIAN SYLLABICS KWII;Lo;0;L;;;;;N;;;;;
+1479;CANADIAN SYLLABICS WEST-CREE KWII;Lo;0;L;;;;;N;;;;;
+147A;CANADIAN SYLLABICS KWO;Lo;0;L;;;;;N;;;;;
+147B;CANADIAN SYLLABICS WEST-CREE KWO;Lo;0;L;;;;;N;;;;;
+147C;CANADIAN SYLLABICS KWOO;Lo;0;L;;;;;N;;;;;
+147D;CANADIAN SYLLABICS WEST-CREE KWOO;Lo;0;L;;;;;N;;;;;
+147E;CANADIAN SYLLABICS KWA;Lo;0;L;;;;;N;;;;;
+147F;CANADIAN SYLLABICS WEST-CREE KWA;Lo;0;L;;;;;N;;;;;
+1480;CANADIAN SYLLABICS KWAA;Lo;0;L;;;;;N;;;;;
+1481;CANADIAN SYLLABICS WEST-CREE KWAA;Lo;0;L;;;;;N;;;;;
+1482;CANADIAN SYLLABICS NASKAPI KWAA;Lo;0;L;;;;;N;;;;;
+1483;CANADIAN SYLLABICS K;Lo;0;L;;;;;N;;;;;
+1484;CANADIAN SYLLABICS KW;Lo;0;L;;;;;N;;;;;
+1485;CANADIAN SYLLABICS SOUTH-SLAVEY KEH;Lo;0;L;;;;;N;;;;;
+1486;CANADIAN SYLLABICS SOUTH-SLAVEY KIH;Lo;0;L;;;;;N;;;;;
+1487;CANADIAN SYLLABICS SOUTH-SLAVEY KOH;Lo;0;L;;;;;N;;;;;
+1488;CANADIAN SYLLABICS SOUTH-SLAVEY KAH;Lo;0;L;;;;;N;;;;;
+1489;CANADIAN SYLLABICS CE;Lo;0;L;;;;;N;;;;;
+148A;CANADIAN SYLLABICS CAAI;Lo;0;L;;;;;N;;;;;
+148B;CANADIAN SYLLABICS CI;Lo;0;L;;;;;N;;;;;
+148C;CANADIAN SYLLABICS CII;Lo;0;L;;;;;N;;;;;
+148D;CANADIAN SYLLABICS CO;Lo;0;L;;;;;N;;;;;
+148E;CANADIAN SYLLABICS COO;Lo;0;L;;;;;N;;;;;
+148F;CANADIAN SYLLABICS Y-CREE COO;Lo;0;L;;;;;N;;;;;
+1490;CANADIAN SYLLABICS CA;Lo;0;L;;;;;N;;;;;
+1491;CANADIAN SYLLABICS CAA;Lo;0;L;;;;;N;;;;;
+1492;CANADIAN SYLLABICS CWE;Lo;0;L;;;;;N;;;;;
+1493;CANADIAN SYLLABICS WEST-CREE CWE;Lo;0;L;;;;;N;;;;;
+1494;CANADIAN SYLLABICS CWI;Lo;0;L;;;;;N;;;;;
+1495;CANADIAN SYLLABICS WEST-CREE CWI;Lo;0;L;;;;;N;;;;;
+1496;CANADIAN SYLLABICS CWII;Lo;0;L;;;;;N;;;;;
+1497;CANADIAN SYLLABICS WEST-CREE CWII;Lo;0;L;;;;;N;;;;;
+1498;CANADIAN SYLLABICS CWO;Lo;0;L;;;;;N;;;;;
+1499;CANADIAN SYLLABICS WEST-CREE CWO;Lo;0;L;;;;;N;;;;;
+149A;CANADIAN SYLLABICS CWOO;Lo;0;L;;;;;N;;;;;
+149B;CANADIAN SYLLABICS WEST-CREE CWOO;Lo;0;L;;;;;N;;;;;
+149C;CANADIAN SYLLABICS CWA;Lo;0;L;;;;;N;;;;;
+149D;CANADIAN SYLLABICS WEST-CREE CWA;Lo;0;L;;;;;N;;;;;
+149E;CANADIAN SYLLABICS CWAA;Lo;0;L;;;;;N;;;;;
+149F;CANADIAN SYLLABICS WEST-CREE CWAA;Lo;0;L;;;;;N;;;;;
+14A0;CANADIAN SYLLABICS NASKAPI CWAA;Lo;0;L;;;;;N;;;;;
+14A1;CANADIAN SYLLABICS C;Lo;0;L;;;;;N;;;;;
+14A2;CANADIAN SYLLABICS SAYISI TH;Lo;0;L;;;;;N;;;;;
+14A3;CANADIAN SYLLABICS ME;Lo;0;L;;;;;N;;;;;
+14A4;CANADIAN SYLLABICS MAAI;Lo;0;L;;;;;N;;;;;
+14A5;CANADIAN SYLLABICS MI;Lo;0;L;;;;;N;;;;;
+14A6;CANADIAN SYLLABICS MII;Lo;0;L;;;;;N;;;;;
+14A7;CANADIAN SYLLABICS MO;Lo;0;L;;;;;N;;;;;
+14A8;CANADIAN SYLLABICS MOO;Lo;0;L;;;;;N;;;;;
+14A9;CANADIAN SYLLABICS Y-CREE MOO;Lo;0;L;;;;;N;;;;;
+14AA;CANADIAN SYLLABICS MA;Lo;0;L;;;;;N;;;;;
+14AB;CANADIAN SYLLABICS MAA;Lo;0;L;;;;;N;;;;;
+14AC;CANADIAN SYLLABICS MWE;Lo;0;L;;;;;N;;;;;
+14AD;CANADIAN SYLLABICS WEST-CREE MWE;Lo;0;L;;;;;N;;;;;
+14AE;CANADIAN SYLLABICS MWI;Lo;0;L;;;;;N;;;;;
+14AF;CANADIAN SYLLABICS WEST-CREE MWI;Lo;0;L;;;;;N;;;;;
+14B0;CANADIAN SYLLABICS MWII;Lo;0;L;;;;;N;;;;;
+14B1;CANADIAN SYLLABICS WEST-CREE MWII;Lo;0;L;;;;;N;;;;;
+14B2;CANADIAN SYLLABICS MWO;Lo;0;L;;;;;N;;;;;
+14B3;CANADIAN SYLLABICS WEST-CREE MWO;Lo;0;L;;;;;N;;;;;
+14B4;CANADIAN SYLLABICS MWOO;Lo;0;L;;;;;N;;;;;
+14B5;CANADIAN SYLLABICS WEST-CREE MWOO;Lo;0;L;;;;;N;;;;;
+14B6;CANADIAN SYLLABICS MWA;Lo;0;L;;;;;N;;;;;
+14B7;CANADIAN SYLLABICS WEST-CREE MWA;Lo;0;L;;;;;N;;;;;
+14B8;CANADIAN SYLLABICS MWAA;Lo;0;L;;;;;N;;;;;
+14B9;CANADIAN SYLLABICS WEST-CREE MWAA;Lo;0;L;;;;;N;;;;;
+14BA;CANADIAN SYLLABICS NASKAPI MWAA;Lo;0;L;;;;;N;;;;;
+14BB;CANADIAN SYLLABICS M;Lo;0;L;;;;;N;;;;;
+14BC;CANADIAN SYLLABICS WEST-CREE M;Lo;0;L;;;;;N;;;;;
+14BD;CANADIAN SYLLABICS MH;Lo;0;L;;;;;N;;;;;
+14BE;CANADIAN SYLLABICS ATHAPASCAN M;Lo;0;L;;;;;N;;;;;
+14BF;CANADIAN SYLLABICS SAYISI M;Lo;0;L;;;;;N;;;;;
+14C0;CANADIAN SYLLABICS NE;Lo;0;L;;;;;N;;;;;
+14C1;CANADIAN SYLLABICS NAAI;Lo;0;L;;;;;N;;;;;
+14C2;CANADIAN SYLLABICS NI;Lo;0;L;;;;;N;;;;;
+14C3;CANADIAN SYLLABICS NII;Lo;0;L;;;;;N;;;;;
+14C4;CANADIAN SYLLABICS NO;Lo;0;L;;;;;N;;;;;
+14C5;CANADIAN SYLLABICS NOO;Lo;0;L;;;;;N;;;;;
+14C6;CANADIAN SYLLABICS Y-CREE NOO;Lo;0;L;;;;;N;;;;;
+14C7;CANADIAN SYLLABICS NA;Lo;0;L;;;;;N;;;;;
+14C8;CANADIAN SYLLABICS NAA;Lo;0;L;;;;;N;;;;;
+14C9;CANADIAN SYLLABICS NWE;Lo;0;L;;;;;N;;;;;
+14CA;CANADIAN SYLLABICS WEST-CREE NWE;Lo;0;L;;;;;N;;;;;
+14CB;CANADIAN SYLLABICS NWA;Lo;0;L;;;;;N;;;;;
+14CC;CANADIAN SYLLABICS WEST-CREE NWA;Lo;0;L;;;;;N;;;;;
+14CD;CANADIAN SYLLABICS NWAA;Lo;0;L;;;;;N;;;;;
+14CE;CANADIAN SYLLABICS WEST-CREE NWAA;Lo;0;L;;;;;N;;;;;
+14CF;CANADIAN SYLLABICS NASKAPI NWAA;Lo;0;L;;;;;N;;;;;
+14D0;CANADIAN SYLLABICS N;Lo;0;L;;;;;N;;;;;
+14D1;CANADIAN SYLLABICS CARRIER NG;Lo;0;L;;;;;N;;;;;
+14D2;CANADIAN SYLLABICS NH;Lo;0;L;;;;;N;;;;;
+14D3;CANADIAN SYLLABICS LE;Lo;0;L;;;;;N;;;;;
+14D4;CANADIAN SYLLABICS LAAI;Lo;0;L;;;;;N;;;;;
+14D5;CANADIAN SYLLABICS LI;Lo;0;L;;;;;N;;;;;
+14D6;CANADIAN SYLLABICS LII;Lo;0;L;;;;;N;;;;;
+14D7;CANADIAN SYLLABICS LO;Lo;0;L;;;;;N;;;;;
+14D8;CANADIAN SYLLABICS LOO;Lo;0;L;;;;;N;;;;;
+14D9;CANADIAN SYLLABICS Y-CREE LOO;Lo;0;L;;;;;N;;;;;
+14DA;CANADIAN SYLLABICS LA;Lo;0;L;;;;;N;;;;;
+14DB;CANADIAN SYLLABICS LAA;Lo;0;L;;;;;N;;;;;
+14DC;CANADIAN SYLLABICS LWE;Lo;0;L;;;;;N;;;;;
+14DD;CANADIAN SYLLABICS WEST-CREE LWE;Lo;0;L;;;;;N;;;;;
+14DE;CANADIAN SYLLABICS LWI;Lo;0;L;;;;;N;;;;;
+14DF;CANADIAN SYLLABICS WEST-CREE LWI;Lo;0;L;;;;;N;;;;;
+14E0;CANADIAN SYLLABICS LWII;Lo;0;L;;;;;N;;;;;
+14E1;CANADIAN SYLLABICS WEST-CREE LWII;Lo;0;L;;;;;N;;;;;
+14E2;CANADIAN SYLLABICS LWO;Lo;0;L;;;;;N;;;;;
+14E3;CANADIAN SYLLABICS WEST-CREE LWO;Lo;0;L;;;;;N;;;;;
+14E4;CANADIAN SYLLABICS LWOO;Lo;0;L;;;;;N;;;;;
+14E5;CANADIAN SYLLABICS WEST-CREE LWOO;Lo;0;L;;;;;N;;;;;
+14E6;CANADIAN SYLLABICS LWA;Lo;0;L;;;;;N;;;;;
+14E7;CANADIAN SYLLABICS WEST-CREE LWA;Lo;0;L;;;;;N;;;;;
+14E8;CANADIAN SYLLABICS LWAA;Lo;0;L;;;;;N;;;;;
+14E9;CANADIAN SYLLABICS WEST-CREE LWAA;Lo;0;L;;;;;N;;;;;
+14EA;CANADIAN SYLLABICS L;Lo;0;L;;;;;N;;;;;
+14EB;CANADIAN SYLLABICS WEST-CREE L;Lo;0;L;;;;;N;;;;;
+14EC;CANADIAN SYLLABICS MEDIAL L;Lo;0;L;;;;;N;;;;;
+14ED;CANADIAN SYLLABICS SE;Lo;0;L;;;;;N;;;;;
+14EE;CANADIAN SYLLABICS SAAI;Lo;0;L;;;;;N;;;;;
+14EF;CANADIAN SYLLABICS SI;Lo;0;L;;;;;N;;;;;
+14F0;CANADIAN SYLLABICS SII;Lo;0;L;;;;;N;;;;;
+14F1;CANADIAN SYLLABICS SO;Lo;0;L;;;;;N;;;;;
+14F2;CANADIAN SYLLABICS SOO;Lo;0;L;;;;;N;;;;;
+14F3;CANADIAN SYLLABICS Y-CREE SOO;Lo;0;L;;;;;N;;;;;
+14F4;CANADIAN SYLLABICS SA;Lo;0;L;;;;;N;;;;;
+14F5;CANADIAN SYLLABICS SAA;Lo;0;L;;;;;N;;;;;
+14F6;CANADIAN SYLLABICS SWE;Lo;0;L;;;;;N;;;;;
+14F7;CANADIAN SYLLABICS WEST-CREE SWE;Lo;0;L;;;;;N;;;;;
+14F8;CANADIAN SYLLABICS SWI;Lo;0;L;;;;;N;;;;;
+14F9;CANADIAN SYLLABICS WEST-CREE SWI;Lo;0;L;;;;;N;;;;;
+14FA;CANADIAN SYLLABICS SWII;Lo;0;L;;;;;N;;;;;
+14FB;CANADIAN SYLLABICS WEST-CREE SWII;Lo;0;L;;;;;N;;;;;
+14FC;CANADIAN SYLLABICS SWO;Lo;0;L;;;;;N;;;;;
+14FD;CANADIAN SYLLABICS WEST-CREE SWO;Lo;0;L;;;;;N;;;;;
+14FE;CANADIAN SYLLABICS SWOO;Lo;0;L;;;;;N;;;;;
+14FF;CANADIAN SYLLABICS WEST-CREE SWOO;Lo;0;L;;;;;N;;;;;
+1500;CANADIAN SYLLABICS SWA;Lo;0;L;;;;;N;;;;;
+1501;CANADIAN SYLLABICS WEST-CREE SWA;Lo;0;L;;;;;N;;;;;
+1502;CANADIAN SYLLABICS SWAA;Lo;0;L;;;;;N;;;;;
+1503;CANADIAN SYLLABICS WEST-CREE SWAA;Lo;0;L;;;;;N;;;;;
+1504;CANADIAN SYLLABICS NASKAPI SWAA;Lo;0;L;;;;;N;;;;;
+1505;CANADIAN SYLLABICS S;Lo;0;L;;;;;N;;;;;
+1506;CANADIAN SYLLABICS ATHAPASCAN S;Lo;0;L;;;;;N;;;;;
+1507;CANADIAN SYLLABICS SW;Lo;0;L;;;;;N;;;;;
+1508;CANADIAN SYLLABICS BLACKFOOT S;Lo;0;L;;;;;N;;;;;
+1509;CANADIAN SYLLABICS MOOSE-CREE SK;Lo;0;L;;;;;N;;;;;
+150A;CANADIAN SYLLABICS NASKAPI SKW;Lo;0;L;;;;;N;;;;;
+150B;CANADIAN SYLLABICS NASKAPI S-W;Lo;0;L;;;;;N;;;;;
+150C;CANADIAN SYLLABICS NASKAPI SPWA;Lo;0;L;;;;;N;;;;;
+150D;CANADIAN SYLLABICS NASKAPI STWA;Lo;0;L;;;;;N;;;;;
+150E;CANADIAN SYLLABICS NASKAPI SKWA;Lo;0;L;;;;;N;;;;;
+150F;CANADIAN SYLLABICS NASKAPI SCWA;Lo;0;L;;;;;N;;;;;
+1510;CANADIAN SYLLABICS SHE;Lo;0;L;;;;;N;;;;;
+1511;CANADIAN SYLLABICS SHI;Lo;0;L;;;;;N;;;;;
+1512;CANADIAN SYLLABICS SHII;Lo;0;L;;;;;N;;;;;
+1513;CANADIAN SYLLABICS SHO;Lo;0;L;;;;;N;;;;;
+1514;CANADIAN SYLLABICS SHOO;Lo;0;L;;;;;N;;;;;
+1515;CANADIAN SYLLABICS SHA;Lo;0;L;;;;;N;;;;;
+1516;CANADIAN SYLLABICS SHAA;Lo;0;L;;;;;N;;;;;
+1517;CANADIAN SYLLABICS SHWE;Lo;0;L;;;;;N;;;;;
+1518;CANADIAN SYLLABICS WEST-CREE SHWE;Lo;0;L;;;;;N;;;;;
+1519;CANADIAN SYLLABICS SHWI;Lo;0;L;;;;;N;;;;;
+151A;CANADIAN SYLLABICS WEST-CREE SHWI;Lo;0;L;;;;;N;;;;;
+151B;CANADIAN SYLLABICS SHWII;Lo;0;L;;;;;N;;;;;
+151C;CANADIAN SYLLABICS WEST-CREE SHWII;Lo;0;L;;;;;N;;;;;
+151D;CANADIAN SYLLABICS SHWO;Lo;0;L;;;;;N;;;;;
+151E;CANADIAN SYLLABICS WEST-CREE SHWO;Lo;0;L;;;;;N;;;;;
+151F;CANADIAN SYLLABICS SHWOO;Lo;0;L;;;;;N;;;;;
+1520;CANADIAN SYLLABICS WEST-CREE SHWOO;Lo;0;L;;;;;N;;;;;
+1521;CANADIAN SYLLABICS SHWA;Lo;0;L;;;;;N;;;;;
+1522;CANADIAN SYLLABICS WEST-CREE SHWA;Lo;0;L;;;;;N;;;;;
+1523;CANADIAN SYLLABICS SHWAA;Lo;0;L;;;;;N;;;;;
+1524;CANADIAN SYLLABICS WEST-CREE SHWAA;Lo;0;L;;;;;N;;;;;
+1525;CANADIAN SYLLABICS SH;Lo;0;L;;;;;N;;;;;
+1526;CANADIAN SYLLABICS YE;Lo;0;L;;;;;N;;;;;
+1527;CANADIAN SYLLABICS YAAI;Lo;0;L;;;;;N;;;;;
+1528;CANADIAN SYLLABICS YI;Lo;0;L;;;;;N;;;;;
+1529;CANADIAN SYLLABICS YII;Lo;0;L;;;;;N;;;;;
+152A;CANADIAN SYLLABICS YO;Lo;0;L;;;;;N;;;;;
+152B;CANADIAN SYLLABICS YOO;Lo;0;L;;;;;N;;;;;
+152C;CANADIAN SYLLABICS Y-CREE YOO;Lo;0;L;;;;;N;;;;;
+152D;CANADIAN SYLLABICS YA;Lo;0;L;;;;;N;;;;;
+152E;CANADIAN SYLLABICS YAA;Lo;0;L;;;;;N;;;;;
+152F;CANADIAN SYLLABICS YWE;Lo;0;L;;;;;N;;;;;
+1530;CANADIAN SYLLABICS WEST-CREE YWE;Lo;0;L;;;;;N;;;;;
+1531;CANADIAN SYLLABICS YWI;Lo;0;L;;;;;N;;;;;
+1532;CANADIAN SYLLABICS WEST-CREE YWI;Lo;0;L;;;;;N;;;;;
+1533;CANADIAN SYLLABICS YWII;Lo;0;L;;;;;N;;;;;
+1534;CANADIAN SYLLABICS WEST-CREE YWII;Lo;0;L;;;;;N;;;;;
+1535;CANADIAN SYLLABICS YWO;Lo;0;L;;;;;N;;;;;
+1536;CANADIAN SYLLABICS WEST-CREE YWO;Lo;0;L;;;;;N;;;;;
+1537;CANADIAN SYLLABICS YWOO;Lo;0;L;;;;;N;;;;;
+1538;CANADIAN SYLLABICS WEST-CREE YWOO;Lo;0;L;;;;;N;;;;;
+1539;CANADIAN SYLLABICS YWA;Lo;0;L;;;;;N;;;;;
+153A;CANADIAN SYLLABICS WEST-CREE YWA;Lo;0;L;;;;;N;;;;;
+153B;CANADIAN SYLLABICS YWAA;Lo;0;L;;;;;N;;;;;
+153C;CANADIAN SYLLABICS WEST-CREE YWAA;Lo;0;L;;;;;N;;;;;
+153D;CANADIAN SYLLABICS NASKAPI YWAA;Lo;0;L;;;;;N;;;;;
+153E;CANADIAN SYLLABICS Y;Lo;0;L;;;;;N;;;;;
+153F;CANADIAN SYLLABICS BIBLE-CREE Y;Lo;0;L;;;;;N;;;;;
+1540;CANADIAN SYLLABICS WEST-CREE Y;Lo;0;L;;;;;N;;;;;
+1541;CANADIAN SYLLABICS SAYISI YI;Lo;0;L;;;;;N;;;;;
+1542;CANADIAN SYLLABICS RE;Lo;0;L;;;;;N;;;;;
+1543;CANADIAN SYLLABICS R-CREE RE;Lo;0;L;;;;;N;;;;;
+1544;CANADIAN SYLLABICS WEST-CREE LE;Lo;0;L;;;;;N;;;;;
+1545;CANADIAN SYLLABICS RAAI;Lo;0;L;;;;;N;;;;;
+1546;CANADIAN SYLLABICS RI;Lo;0;L;;;;;N;;;;;
+1547;CANADIAN SYLLABICS RII;Lo;0;L;;;;;N;;;;;
+1548;CANADIAN SYLLABICS RO;Lo;0;L;;;;;N;;;;;
+1549;CANADIAN SYLLABICS ROO;Lo;0;L;;;;;N;;;;;
+154A;CANADIAN SYLLABICS WEST-CREE LO;Lo;0;L;;;;;N;;;;;
+154B;CANADIAN SYLLABICS RA;Lo;0;L;;;;;N;;;;;
+154C;CANADIAN SYLLABICS RAA;Lo;0;L;;;;;N;;;;;
+154D;CANADIAN SYLLABICS WEST-CREE LA;Lo;0;L;;;;;N;;;;;
+154E;CANADIAN SYLLABICS RWAA;Lo;0;L;;;;;N;;;;;
+154F;CANADIAN SYLLABICS WEST-CREE RWAA;Lo;0;L;;;;;N;;;;;
+1550;CANADIAN SYLLABICS R;Lo;0;L;;;;;N;;;;;
+1551;CANADIAN SYLLABICS WEST-CREE R;Lo;0;L;;;;;N;;;;;
+1552;CANADIAN SYLLABICS MEDIAL R;Lo;0;L;;;;;N;;;;;
+1553;CANADIAN SYLLABICS FE;Lo;0;L;;;;;N;;;;;
+1554;CANADIAN SYLLABICS FAAI;Lo;0;L;;;;;N;;;;;
+1555;CANADIAN SYLLABICS FI;Lo;0;L;;;;;N;;;;;
+1556;CANADIAN SYLLABICS FII;Lo;0;L;;;;;N;;;;;
+1557;CANADIAN SYLLABICS FO;Lo;0;L;;;;;N;;;;;
+1558;CANADIAN SYLLABICS FOO;Lo;0;L;;;;;N;;;;;
+1559;CANADIAN SYLLABICS FA;Lo;0;L;;;;;N;;;;;
+155A;CANADIAN SYLLABICS FAA;Lo;0;L;;;;;N;;;;;
+155B;CANADIAN SYLLABICS FWAA;Lo;0;L;;;;;N;;;;;
+155C;CANADIAN SYLLABICS WEST-CREE FWAA;Lo;0;L;;;;;N;;;;;
+155D;CANADIAN SYLLABICS F;Lo;0;L;;;;;N;;;;;
+155E;CANADIAN SYLLABICS THE;Lo;0;L;;;;;N;;;;;
+155F;CANADIAN SYLLABICS N-CREE THE;Lo;0;L;;;;;N;;;;;
+1560;CANADIAN SYLLABICS THI;Lo;0;L;;;;;N;;;;;
+1561;CANADIAN SYLLABICS N-CREE THI;Lo;0;L;;;;;N;;;;;
+1562;CANADIAN SYLLABICS THII;Lo;0;L;;;;;N;;;;;
+1563;CANADIAN SYLLABICS N-CREE THII;Lo;0;L;;;;;N;;;;;
+1564;CANADIAN SYLLABICS THO;Lo;0;L;;;;;N;;;;;
+1565;CANADIAN SYLLABICS THOO;Lo;0;L;;;;;N;;;;;
+1566;CANADIAN SYLLABICS THA;Lo;0;L;;;;;N;;;;;
+1567;CANADIAN SYLLABICS THAA;Lo;0;L;;;;;N;;;;;
+1568;CANADIAN SYLLABICS THWAA;Lo;0;L;;;;;N;;;;;
+1569;CANADIAN SYLLABICS WEST-CREE THWAA;Lo;0;L;;;;;N;;;;;
+156A;CANADIAN SYLLABICS TH;Lo;0;L;;;;;N;;;;;
+156B;CANADIAN SYLLABICS TTHE;Lo;0;L;;;;;N;;;;;
+156C;CANADIAN SYLLABICS TTHI;Lo;0;L;;;;;N;;;;;
+156D;CANADIAN SYLLABICS TTHO;Lo;0;L;;;;;N;;;;;
+156E;CANADIAN SYLLABICS TTHA;Lo;0;L;;;;;N;;;;;
+156F;CANADIAN SYLLABICS TTH;Lo;0;L;;;;;N;;;;;
+1570;CANADIAN SYLLABICS TYE;Lo;0;L;;;;;N;;;;;
+1571;CANADIAN SYLLABICS TYI;Lo;0;L;;;;;N;;;;;
+1572;CANADIAN SYLLABICS TYO;Lo;0;L;;;;;N;;;;;
+1573;CANADIAN SYLLABICS TYA;Lo;0;L;;;;;N;;;;;
+1574;CANADIAN SYLLABICS NUNAVIK HE;Lo;0;L;;;;;N;;;;;
+1575;CANADIAN SYLLABICS NUNAVIK HI;Lo;0;L;;;;;N;;;;;
+1576;CANADIAN SYLLABICS NUNAVIK HII;Lo;0;L;;;;;N;;;;;
+1577;CANADIAN SYLLABICS NUNAVIK HO;Lo;0;L;;;;;N;;;;;
+1578;CANADIAN SYLLABICS NUNAVIK HOO;Lo;0;L;;;;;N;;;;;
+1579;CANADIAN SYLLABICS NUNAVIK HA;Lo;0;L;;;;;N;;;;;
+157A;CANADIAN SYLLABICS NUNAVIK HAA;Lo;0;L;;;;;N;;;;;
+157B;CANADIAN SYLLABICS NUNAVIK H;Lo;0;L;;;;;N;;;;;
+157C;CANADIAN SYLLABICS NUNAVUT H;Lo;0;L;;;;;N;;;;;
+157D;CANADIAN SYLLABICS HK;Lo;0;L;;;;;N;;;;;
+157E;CANADIAN SYLLABICS QAAI;Lo;0;L;;;;;N;;;;;
+157F;CANADIAN SYLLABICS QI;Lo;0;L;;;;;N;;;;;
+1580;CANADIAN SYLLABICS QII;Lo;0;L;;;;;N;;;;;
+1581;CANADIAN SYLLABICS QO;Lo;0;L;;;;;N;;;;;
+1582;CANADIAN SYLLABICS QOO;Lo;0;L;;;;;N;;;;;
+1583;CANADIAN SYLLABICS QA;Lo;0;L;;;;;N;;;;;
+1584;CANADIAN SYLLABICS QAA;Lo;0;L;;;;;N;;;;;
+1585;CANADIAN SYLLABICS Q;Lo;0;L;;;;;N;;;;;
+1586;CANADIAN SYLLABICS TLHE;Lo;0;L;;;;;N;;;;;
+1587;CANADIAN SYLLABICS TLHI;Lo;0;L;;;;;N;;;;;
+1588;CANADIAN SYLLABICS TLHO;Lo;0;L;;;;;N;;;;;
+1589;CANADIAN SYLLABICS TLHA;Lo;0;L;;;;;N;;;;;
+158A;CANADIAN SYLLABICS WEST-CREE RE;Lo;0;L;;;;;N;;;;;
+158B;CANADIAN SYLLABICS WEST-CREE RI;Lo;0;L;;;;;N;;;;;
+158C;CANADIAN SYLLABICS WEST-CREE RO;Lo;0;L;;;;;N;;;;;
+158D;CANADIAN SYLLABICS WEST-CREE RA;Lo;0;L;;;;;N;;;;;
+158E;CANADIAN SYLLABICS NGAAI;Lo;0;L;;;;;N;;;;;
+158F;CANADIAN SYLLABICS NGI;Lo;0;L;;;;;N;;;;;
+1590;CANADIAN SYLLABICS NGII;Lo;0;L;;;;;N;;;;;
+1591;CANADIAN SYLLABICS NGO;Lo;0;L;;;;;N;;;;;
+1592;CANADIAN SYLLABICS NGOO;Lo;0;L;;;;;N;;;;;
+1593;CANADIAN SYLLABICS NGA;Lo;0;L;;;;;N;;;;;
+1594;CANADIAN SYLLABICS NGAA;Lo;0;L;;;;;N;;;;;
+1595;CANADIAN SYLLABICS NG;Lo;0;L;;;;;N;;;;;
+1596;CANADIAN SYLLABICS NNG;Lo;0;L;;;;;N;;;;;
+1597;CANADIAN SYLLABICS SAYISI SHE;Lo;0;L;;;;;N;;;;;
+1598;CANADIAN SYLLABICS SAYISI SHI;Lo;0;L;;;;;N;;;;;
+1599;CANADIAN SYLLABICS SAYISI SHO;Lo;0;L;;;;;N;;;;;
+159A;CANADIAN SYLLABICS SAYISI SHA;Lo;0;L;;;;;N;;;;;
+159B;CANADIAN SYLLABICS WOODS-CREE THE;Lo;0;L;;;;;N;;;;;
+159C;CANADIAN SYLLABICS WOODS-CREE THI;Lo;0;L;;;;;N;;;;;
+159D;CANADIAN SYLLABICS WOODS-CREE THO;Lo;0;L;;;;;N;;;;;
+159E;CANADIAN SYLLABICS WOODS-CREE THA;Lo;0;L;;;;;N;;;;;
+159F;CANADIAN SYLLABICS WOODS-CREE TH;Lo;0;L;;;;;N;;;;;
+15A0;CANADIAN SYLLABICS LHI;Lo;0;L;;;;;N;;;;;
+15A1;CANADIAN SYLLABICS LHII;Lo;0;L;;;;;N;;;;;
+15A2;CANADIAN SYLLABICS LHO;Lo;0;L;;;;;N;;;;;
+15A3;CANADIAN SYLLABICS LHOO;Lo;0;L;;;;;N;;;;;
+15A4;CANADIAN SYLLABICS LHA;Lo;0;L;;;;;N;;;;;
+15A5;CANADIAN SYLLABICS LHAA;Lo;0;L;;;;;N;;;;;
+15A6;CANADIAN SYLLABICS LH;Lo;0;L;;;;;N;;;;;
+15A7;CANADIAN SYLLABICS TH-CREE THE;Lo;0;L;;;;;N;;;;;
+15A8;CANADIAN SYLLABICS TH-CREE THI;Lo;0;L;;;;;N;;;;;
+15A9;CANADIAN SYLLABICS TH-CREE THII;Lo;0;L;;;;;N;;;;;
+15AA;CANADIAN SYLLABICS TH-CREE THO;Lo;0;L;;;;;N;;;;;
+15AB;CANADIAN SYLLABICS TH-CREE THOO;Lo;0;L;;;;;N;;;;;
+15AC;CANADIAN SYLLABICS TH-CREE THA;Lo;0;L;;;;;N;;;;;
+15AD;CANADIAN SYLLABICS TH-CREE THAA;Lo;0;L;;;;;N;;;;;
+15AE;CANADIAN SYLLABICS TH-CREE TH;Lo;0;L;;;;;N;;;;;
+15AF;CANADIAN SYLLABICS AIVILIK B;Lo;0;L;;;;;N;;;;;
+15B0;CANADIAN SYLLABICS BLACKFOOT E;Lo;0;L;;;;;N;;;;;
+15B1;CANADIAN SYLLABICS BLACKFOOT I;Lo;0;L;;;;;N;;;;;
+15B2;CANADIAN SYLLABICS BLACKFOOT O;Lo;0;L;;;;;N;;;;;
+15B3;CANADIAN SYLLABICS BLACKFOOT A;Lo;0;L;;;;;N;;;;;
+15B4;CANADIAN SYLLABICS BLACKFOOT WE;Lo;0;L;;;;;N;;;;;
+15B5;CANADIAN SYLLABICS BLACKFOOT WI;Lo;0;L;;;;;N;;;;;
+15B6;CANADIAN SYLLABICS BLACKFOOT WO;Lo;0;L;;;;;N;;;;;
+15B7;CANADIAN SYLLABICS BLACKFOOT WA;Lo;0;L;;;;;N;;;;;
+15B8;CANADIAN SYLLABICS BLACKFOOT NE;Lo;0;L;;;;;N;;;;;
+15B9;CANADIAN SYLLABICS BLACKFOOT NI;Lo;0;L;;;;;N;;;;;
+15BA;CANADIAN SYLLABICS BLACKFOOT NO;Lo;0;L;;;;;N;;;;;
+15BB;CANADIAN SYLLABICS BLACKFOOT NA;Lo;0;L;;;;;N;;;;;
+15BC;CANADIAN SYLLABICS BLACKFOOT KE;Lo;0;L;;;;;N;;;;;
+15BD;CANADIAN SYLLABICS BLACKFOOT KI;Lo;0;L;;;;;N;;;;;
+15BE;CANADIAN SYLLABICS BLACKFOOT KO;Lo;0;L;;;;;N;;;;;
+15BF;CANADIAN SYLLABICS BLACKFOOT KA;Lo;0;L;;;;;N;;;;;
+15C0;CANADIAN SYLLABICS SAYISI HE;Lo;0;L;;;;;N;;;;;
+15C1;CANADIAN SYLLABICS SAYISI HI;Lo;0;L;;;;;N;;;;;
+15C2;CANADIAN SYLLABICS SAYISI HO;Lo;0;L;;;;;N;;;;;
+15C3;CANADIAN SYLLABICS SAYISI HA;Lo;0;L;;;;;N;;;;;
+15C4;CANADIAN SYLLABICS CARRIER GHU;Lo;0;L;;;;;N;;;;;
+15C5;CANADIAN SYLLABICS CARRIER GHO;Lo;0;L;;;;;N;;;;;
+15C6;CANADIAN SYLLABICS CARRIER GHE;Lo;0;L;;;;;N;;;;;
+15C7;CANADIAN SYLLABICS CARRIER GHEE;Lo;0;L;;;;;N;;;;;
+15C8;CANADIAN SYLLABICS CARRIER GHI;Lo;0;L;;;;;N;;;;;
+15C9;CANADIAN SYLLABICS CARRIER GHA;Lo;0;L;;;;;N;;;;;
+15CA;CANADIAN SYLLABICS CARRIER RU;Lo;0;L;;;;;N;;;;;
+15CB;CANADIAN SYLLABICS CARRIER RO;Lo;0;L;;;;;N;;;;;
+15CC;CANADIAN SYLLABICS CARRIER RE;Lo;0;L;;;;;N;;;;;
+15CD;CANADIAN SYLLABICS CARRIER REE;Lo;0;L;;;;;N;;;;;
+15CE;CANADIAN SYLLABICS CARRIER RI;Lo;0;L;;;;;N;;;;;
+15CF;CANADIAN SYLLABICS CARRIER RA;Lo;0;L;;;;;N;;;;;
+15D0;CANADIAN SYLLABICS CARRIER WU;Lo;0;L;;;;;N;;;;;
+15D1;CANADIAN SYLLABICS CARRIER WO;Lo;0;L;;;;;N;;;;;
+15D2;CANADIAN SYLLABICS CARRIER WE;Lo;0;L;;;;;N;;;;;
+15D3;CANADIAN SYLLABICS CARRIER WEE;Lo;0;L;;;;;N;;;;;
+15D4;CANADIAN SYLLABICS CARRIER WI;Lo;0;L;;;;;N;;;;;
+15D5;CANADIAN SYLLABICS CARRIER WA;Lo;0;L;;;;;N;;;;;
+15D6;CANADIAN SYLLABICS CARRIER HWU;Lo;0;L;;;;;N;;;;;
+15D7;CANADIAN SYLLABICS CARRIER HWO;Lo;0;L;;;;;N;;;;;
+15D8;CANADIAN SYLLABICS CARRIER HWE;Lo;0;L;;;;;N;;;;;
+15D9;CANADIAN SYLLABICS CARRIER HWEE;Lo;0;L;;;;;N;;;;;
+15DA;CANADIAN SYLLABICS CARRIER HWI;Lo;0;L;;;;;N;;;;;
+15DB;CANADIAN SYLLABICS CARRIER HWA;Lo;0;L;;;;;N;;;;;
+15DC;CANADIAN SYLLABICS CARRIER THU;Lo;0;L;;;;;N;;;;;
+15DD;CANADIAN SYLLABICS CARRIER THO;Lo;0;L;;;;;N;;;;;
+15DE;CANADIAN SYLLABICS CARRIER THE;Lo;0;L;;;;;N;;;;;
+15DF;CANADIAN SYLLABICS CARRIER THEE;Lo;0;L;;;;;N;;;;;
+15E0;CANADIAN SYLLABICS CARRIER THI;Lo;0;L;;;;;N;;;;;
+15E1;CANADIAN SYLLABICS CARRIER THA;Lo;0;L;;;;;N;;;;;
+15E2;CANADIAN SYLLABICS CARRIER TTU;Lo;0;L;;;;;N;;;;;
+15E3;CANADIAN SYLLABICS CARRIER TTO;Lo;0;L;;;;;N;;;;;
+15E4;CANADIAN SYLLABICS CARRIER TTE;Lo;0;L;;;;;N;;;;;
+15E5;CANADIAN SYLLABICS CARRIER TTEE;Lo;0;L;;;;;N;;;;;
+15E6;CANADIAN SYLLABICS CARRIER TTI;Lo;0;L;;;;;N;;;;;
+15E7;CANADIAN SYLLABICS CARRIER TTA;Lo;0;L;;;;;N;;;;;
+15E8;CANADIAN SYLLABICS CARRIER PU;Lo;0;L;;;;;N;;;;;
+15E9;CANADIAN SYLLABICS CARRIER PO;Lo;0;L;;;;;N;;;;;
+15EA;CANADIAN SYLLABICS CARRIER PE;Lo;0;L;;;;;N;;;;;
+15EB;CANADIAN SYLLABICS CARRIER PEE;Lo;0;L;;;;;N;;;;;
+15EC;CANADIAN SYLLABICS CARRIER PI;Lo;0;L;;;;;N;;;;;
+15ED;CANADIAN SYLLABICS CARRIER PA;Lo;0;L;;;;;N;;;;;
+15EE;CANADIAN SYLLABICS CARRIER P;Lo;0;L;;;;;N;;;;;
+15EF;CANADIAN SYLLABICS CARRIER GU;Lo;0;L;;;;;N;;;;;
+15F0;CANADIAN SYLLABICS CARRIER GO;Lo;0;L;;;;;N;;;;;
+15F1;CANADIAN SYLLABICS CARRIER GE;Lo;0;L;;;;;N;;;;;
+15F2;CANADIAN SYLLABICS CARRIER GEE;Lo;0;L;;;;;N;;;;;
+15F3;CANADIAN SYLLABICS CARRIER GI;Lo;0;L;;;;;N;;;;;
+15F4;CANADIAN SYLLABICS CARRIER GA;Lo;0;L;;;;;N;;;;;
+15F5;CANADIAN SYLLABICS CARRIER KHU;Lo;0;L;;;;;N;;;;;
+15F6;CANADIAN SYLLABICS CARRIER KHO;Lo;0;L;;;;;N;;;;;
+15F7;CANADIAN SYLLABICS CARRIER KHE;Lo;0;L;;;;;N;;;;;
+15F8;CANADIAN SYLLABICS CARRIER KHEE;Lo;0;L;;;;;N;;;;;
+15F9;CANADIAN SYLLABICS CARRIER KHI;Lo;0;L;;;;;N;;;;;
+15FA;CANADIAN SYLLABICS CARRIER KHA;Lo;0;L;;;;;N;;;;;
+15FB;CANADIAN SYLLABICS CARRIER KKU;Lo;0;L;;;;;N;;;;;
+15FC;CANADIAN SYLLABICS CARRIER KKO;Lo;0;L;;;;;N;;;;;
+15FD;CANADIAN SYLLABICS CARRIER KKE;Lo;0;L;;;;;N;;;;;
+15FE;CANADIAN SYLLABICS CARRIER KKEE;Lo;0;L;;;;;N;;;;;
+15FF;CANADIAN SYLLABICS CARRIER KKI;Lo;0;L;;;;;N;;;;;
+1600;CANADIAN SYLLABICS CARRIER KKA;Lo;0;L;;;;;N;;;;;
+1601;CANADIAN SYLLABICS CARRIER KK;Lo;0;L;;;;;N;;;;;
+1602;CANADIAN SYLLABICS CARRIER NU;Lo;0;L;;;;;N;;;;;
+1603;CANADIAN SYLLABICS CARRIER NO;Lo;0;L;;;;;N;;;;;
+1604;CANADIAN SYLLABICS CARRIER NE;Lo;0;L;;;;;N;;;;;
+1605;CANADIAN SYLLABICS CARRIER NEE;Lo;0;L;;;;;N;;;;;
+1606;CANADIAN SYLLABICS CARRIER NI;Lo;0;L;;;;;N;;;;;
+1607;CANADIAN SYLLABICS CARRIER NA;Lo;0;L;;;;;N;;;;;
+1608;CANADIAN SYLLABICS CARRIER MU;Lo;0;L;;;;;N;;;;;
+1609;CANADIAN SYLLABICS CARRIER MO;Lo;0;L;;;;;N;;;;;
+160A;CANADIAN SYLLABICS CARRIER ME;Lo;0;L;;;;;N;;;;;
+160B;CANADIAN SYLLABICS CARRIER MEE;Lo;0;L;;;;;N;;;;;
+160C;CANADIAN SYLLABICS CARRIER MI;Lo;0;L;;;;;N;;;;;
+160D;CANADIAN SYLLABICS CARRIER MA;Lo;0;L;;;;;N;;;;;
+160E;CANADIAN SYLLABICS CARRIER YU;Lo;0;L;;;;;N;;;;;
+160F;CANADIAN SYLLABICS CARRIER YO;Lo;0;L;;;;;N;;;;;
+1610;CANADIAN SYLLABICS CARRIER YE;Lo;0;L;;;;;N;;;;;
+1611;CANADIAN SYLLABICS CARRIER YEE;Lo;0;L;;;;;N;;;;;
+1612;CANADIAN SYLLABICS CARRIER YI;Lo;0;L;;;;;N;;;;;
+1613;CANADIAN SYLLABICS CARRIER YA;Lo;0;L;;;;;N;;;;;
+1614;CANADIAN SYLLABICS CARRIER JU;Lo;0;L;;;;;N;;;;;
+1615;CANADIAN SYLLABICS SAYISI JU;Lo;0;L;;;;;N;;;;;
+1616;CANADIAN SYLLABICS CARRIER JO;Lo;0;L;;;;;N;;;;;
+1617;CANADIAN SYLLABICS CARRIER JE;Lo;0;L;;;;;N;;;;;
+1618;CANADIAN SYLLABICS CARRIER JEE;Lo;0;L;;;;;N;;;;;
+1619;CANADIAN SYLLABICS CARRIER JI;Lo;0;L;;;;;N;;;;;
+161A;CANADIAN SYLLABICS SAYISI JI;Lo;0;L;;;;;N;;;;;
+161B;CANADIAN SYLLABICS CARRIER JA;Lo;0;L;;;;;N;;;;;
+161C;CANADIAN SYLLABICS CARRIER JJU;Lo;0;L;;;;;N;;;;;
+161D;CANADIAN SYLLABICS CARRIER JJO;Lo;0;L;;;;;N;;;;;
+161E;CANADIAN SYLLABICS CARRIER JJE;Lo;0;L;;;;;N;;;;;
+161F;CANADIAN SYLLABICS CARRIER JJEE;Lo;0;L;;;;;N;;;;;
+1620;CANADIAN SYLLABICS CARRIER JJI;Lo;0;L;;;;;N;;;;;
+1621;CANADIAN SYLLABICS CARRIER JJA;Lo;0;L;;;;;N;;;;;
+1622;CANADIAN SYLLABICS CARRIER LU;Lo;0;L;;;;;N;;;;;
+1623;CANADIAN SYLLABICS CARRIER LO;Lo;0;L;;;;;N;;;;;
+1624;CANADIAN SYLLABICS CARRIER LE;Lo;0;L;;;;;N;;;;;
+1625;CANADIAN SYLLABICS CARRIER LEE;Lo;0;L;;;;;N;;;;;
+1626;CANADIAN SYLLABICS CARRIER LI;Lo;0;L;;;;;N;;;;;
+1627;CANADIAN SYLLABICS CARRIER LA;Lo;0;L;;;;;N;;;;;
+1628;CANADIAN SYLLABICS CARRIER DLU;Lo;0;L;;;;;N;;;;;
+1629;CANADIAN SYLLABICS CARRIER DLO;Lo;0;L;;;;;N;;;;;
+162A;CANADIAN SYLLABICS CARRIER DLE;Lo;0;L;;;;;N;;;;;
+162B;CANADIAN SYLLABICS CARRIER DLEE;Lo;0;L;;;;;N;;;;;
+162C;CANADIAN SYLLABICS CARRIER DLI;Lo;0;L;;;;;N;;;;;
+162D;CANADIAN SYLLABICS CARRIER DLA;Lo;0;L;;;;;N;;;;;
+162E;CANADIAN SYLLABICS CARRIER LHU;Lo;0;L;;;;;N;;;;;
+162F;CANADIAN SYLLABICS CARRIER LHO;Lo;0;L;;;;;N;;;;;
+1630;CANADIAN SYLLABICS CARRIER LHE;Lo;0;L;;;;;N;;;;;
+1631;CANADIAN SYLLABICS CARRIER LHEE;Lo;0;L;;;;;N;;;;;
+1632;CANADIAN SYLLABICS CARRIER LHI;Lo;0;L;;;;;N;;;;;
+1633;CANADIAN SYLLABICS CARRIER LHA;Lo;0;L;;;;;N;;;;;
+1634;CANADIAN SYLLABICS CARRIER TLHU;Lo;0;L;;;;;N;;;;;
+1635;CANADIAN SYLLABICS CARRIER TLHO;Lo;0;L;;;;;N;;;;;
+1636;CANADIAN SYLLABICS CARRIER TLHE;Lo;0;L;;;;;N;;;;;
+1637;CANADIAN SYLLABICS CARRIER TLHEE;Lo;0;L;;;;;N;;;;;
+1638;CANADIAN SYLLABICS CARRIER TLHI;Lo;0;L;;;;;N;;;;;
+1639;CANADIAN SYLLABICS CARRIER TLHA;Lo;0;L;;;;;N;;;;;
+163A;CANADIAN SYLLABICS CARRIER TLU;Lo;0;L;;;;;N;;;;;
+163B;CANADIAN SYLLABICS CARRIER TLO;Lo;0;L;;;;;N;;;;;
+163C;CANADIAN SYLLABICS CARRIER TLE;Lo;0;L;;;;;N;;;;;
+163D;CANADIAN SYLLABICS CARRIER TLEE;Lo;0;L;;;;;N;;;;;
+163E;CANADIAN SYLLABICS CARRIER TLI;Lo;0;L;;;;;N;;;;;
+163F;CANADIAN SYLLABICS CARRIER TLA;Lo;0;L;;;;;N;;;;;
+1640;CANADIAN SYLLABICS CARRIER ZU;Lo;0;L;;;;;N;;;;;
+1641;CANADIAN SYLLABICS CARRIER ZO;Lo;0;L;;;;;N;;;;;
+1642;CANADIAN SYLLABICS CARRIER ZE;Lo;0;L;;;;;N;;;;;
+1643;CANADIAN SYLLABICS CARRIER ZEE;Lo;0;L;;;;;N;;;;;
+1644;CANADIAN SYLLABICS CARRIER ZI;Lo;0;L;;;;;N;;;;;
+1645;CANADIAN SYLLABICS CARRIER ZA;Lo;0;L;;;;;N;;;;;
+1646;CANADIAN SYLLABICS CARRIER Z;Lo;0;L;;;;;N;;;;;
+1647;CANADIAN SYLLABICS CARRIER INITIAL Z;Lo;0;L;;;;;N;;;;;
+1648;CANADIAN SYLLABICS CARRIER DZU;Lo;0;L;;;;;N;;;;;
+1649;CANADIAN SYLLABICS CARRIER DZO;Lo;0;L;;;;;N;;;;;
+164A;CANADIAN SYLLABICS CARRIER DZE;Lo;0;L;;;;;N;;;;;
+164B;CANADIAN SYLLABICS CARRIER DZEE;Lo;0;L;;;;;N;;;;;
+164C;CANADIAN SYLLABICS CARRIER DZI;Lo;0;L;;;;;N;;;;;
+164D;CANADIAN SYLLABICS CARRIER DZA;Lo;0;L;;;;;N;;;;;
+164E;CANADIAN SYLLABICS CARRIER SU;Lo;0;L;;;;;N;;;;;
+164F;CANADIAN SYLLABICS CARRIER SO;Lo;0;L;;;;;N;;;;;
+1650;CANADIAN SYLLABICS CARRIER SE;Lo;0;L;;;;;N;;;;;
+1651;CANADIAN SYLLABICS CARRIER SEE;Lo;0;L;;;;;N;;;;;
+1652;CANADIAN SYLLABICS CARRIER SI;Lo;0;L;;;;;N;;;;;
+1653;CANADIAN SYLLABICS CARRIER SA;Lo;0;L;;;;;N;;;;;
+1654;CANADIAN SYLLABICS CARRIER SHU;Lo;0;L;;;;;N;;;;;
+1655;CANADIAN SYLLABICS CARRIER SHO;Lo;0;L;;;;;N;;;;;
+1656;CANADIAN SYLLABICS CARRIER SHE;Lo;0;L;;;;;N;;;;;
+1657;CANADIAN SYLLABICS CARRIER SHEE;Lo;0;L;;;;;N;;;;;
+1658;CANADIAN SYLLABICS CARRIER SHI;Lo;0;L;;;;;N;;;;;
+1659;CANADIAN SYLLABICS CARRIER SHA;Lo;0;L;;;;;N;;;;;
+165A;CANADIAN SYLLABICS CARRIER SH;Lo;0;L;;;;;N;;;;;
+165B;CANADIAN SYLLABICS CARRIER TSU;Lo;0;L;;;;;N;;;;;
+165C;CANADIAN SYLLABICS CARRIER TSO;Lo;0;L;;;;;N;;;;;
+165D;CANADIAN SYLLABICS CARRIER TSE;Lo;0;L;;;;;N;;;;;
+165E;CANADIAN SYLLABICS CARRIER TSEE;Lo;0;L;;;;;N;;;;;
+165F;CANADIAN SYLLABICS CARRIER TSI;Lo;0;L;;;;;N;;;;;
+1660;CANADIAN SYLLABICS CARRIER TSA;Lo;0;L;;;;;N;;;;;
+1661;CANADIAN SYLLABICS CARRIER CHU;Lo;0;L;;;;;N;;;;;
+1662;CANADIAN SYLLABICS CARRIER CHO;Lo;0;L;;;;;N;;;;;
+1663;CANADIAN SYLLABICS CARRIER CHE;Lo;0;L;;;;;N;;;;;
+1664;CANADIAN SYLLABICS CARRIER CHEE;Lo;0;L;;;;;N;;;;;
+1665;CANADIAN SYLLABICS CARRIER CHI;Lo;0;L;;;;;N;;;;;
+1666;CANADIAN SYLLABICS CARRIER CHA;Lo;0;L;;;;;N;;;;;
+1667;CANADIAN SYLLABICS CARRIER TTSU;Lo;0;L;;;;;N;;;;;
+1668;CANADIAN SYLLABICS CARRIER TTSO;Lo;0;L;;;;;N;;;;;
+1669;CANADIAN SYLLABICS CARRIER TTSE;Lo;0;L;;;;;N;;;;;
+166A;CANADIAN SYLLABICS CARRIER TTSEE;Lo;0;L;;;;;N;;;;;
+166B;CANADIAN SYLLABICS CARRIER TTSI;Lo;0;L;;;;;N;;;;;
+166C;CANADIAN SYLLABICS CARRIER TTSA;Lo;0;L;;;;;N;;;;;
+166D;CANADIAN SYLLABICS CHI SIGN;Po;0;L;;;;;N;;;;;
+166E;CANADIAN SYLLABICS FULL STOP;Po;0;L;;;;;N;;;;;
+166F;CANADIAN SYLLABICS QAI;Lo;0;L;;;;;N;;;;;
+1670;CANADIAN SYLLABICS NGAI;Lo;0;L;;;;;N;;;;;
+1671;CANADIAN SYLLABICS NNGI;Lo;0;L;;;;;N;;;;;
+1672;CANADIAN SYLLABICS NNGII;Lo;0;L;;;;;N;;;;;
+1673;CANADIAN SYLLABICS NNGO;Lo;0;L;;;;;N;;;;;
+1674;CANADIAN SYLLABICS NNGOO;Lo;0;L;;;;;N;;;;;
+1675;CANADIAN SYLLABICS NNGA;Lo;0;L;;;;;N;;;;;
+1676;CANADIAN SYLLABICS NNGAA;Lo;0;L;;;;;N;;;;;
+1680;OGHAM SPACE MARK;Zs;0;WS;;;;;N;;;;;
+1681;OGHAM LETTER BEITH;Lo;0;L;;;;;N;;;;;
+1682;OGHAM LETTER LUIS;Lo;0;L;;;;;N;;;;;
+1683;OGHAM LETTER FEARN;Lo;0;L;;;;;N;;;;;
+1684;OGHAM LETTER SAIL;Lo;0;L;;;;;N;;;;;
+1685;OGHAM LETTER NION;Lo;0;L;;;;;N;;;;;
+1686;OGHAM LETTER UATH;Lo;0;L;;;;;N;;;;;
+1687;OGHAM LETTER DAIR;Lo;0;L;;;;;N;;;;;
+1688;OGHAM LETTER TINNE;Lo;0;L;;;;;N;;;;;
+1689;OGHAM LETTER COLL;Lo;0;L;;;;;N;;;;;
+168A;OGHAM LETTER CEIRT;Lo;0;L;;;;;N;;;;;
+168B;OGHAM LETTER MUIN;Lo;0;L;;;;;N;;;;;
+168C;OGHAM LETTER GORT;Lo;0;L;;;;;N;;;;;
+168D;OGHAM LETTER NGEADAL;Lo;0;L;;;;;N;;;;;
+168E;OGHAM LETTER STRAIF;Lo;0;L;;;;;N;;;;;
+168F;OGHAM LETTER RUIS;Lo;0;L;;;;;N;;;;;
+1690;OGHAM LETTER AILM;Lo;0;L;;;;;N;;;;;
+1691;OGHAM LETTER ONN;Lo;0;L;;;;;N;;;;;
+1692;OGHAM LETTER UR;Lo;0;L;;;;;N;;;;;
+1693;OGHAM LETTER EADHADH;Lo;0;L;;;;;N;;;;;
+1694;OGHAM LETTER IODHADH;Lo;0;L;;;;;N;;;;;
+1695;OGHAM LETTER EABHADH;Lo;0;L;;;;;N;;;;;
+1696;OGHAM LETTER OR;Lo;0;L;;;;;N;;;;;
+1697;OGHAM LETTER UILLEANN;Lo;0;L;;;;;N;;;;;
+1698;OGHAM LETTER IFIN;Lo;0;L;;;;;N;;;;;
+1699;OGHAM LETTER EAMHANCHOLL;Lo;0;L;;;;;N;;;;;
+169A;OGHAM LETTER PEITH;Lo;0;L;;;;;N;;;;;
+169B;OGHAM FEATHER MARK;Ps;0;ON;;;;;N;;;;;
+169C;OGHAM REVERSED FEATHER MARK;Pe;0;ON;;;;;N;;;;;
+16A0;RUNIC LETTER FEHU FEOH FE F;Lo;0;L;;;;;N;;;;;
+16A1;RUNIC LETTER V;Lo;0;L;;;;;N;;;;;
+16A2;RUNIC LETTER URUZ UR U;Lo;0;L;;;;;N;;;;;
+16A3;RUNIC LETTER YR;Lo;0;L;;;;;N;;;;;
+16A4;RUNIC LETTER Y;Lo;0;L;;;;;N;;;;;
+16A5;RUNIC LETTER W;Lo;0;L;;;;;N;;;;;
+16A6;RUNIC LETTER THURISAZ THURS THORN;Lo;0;L;;;;;N;;;;;
+16A7;RUNIC LETTER ETH;Lo;0;L;;;;;N;;;;;
+16A8;RUNIC LETTER ANSUZ A;Lo;0;L;;;;;N;;;;;
+16A9;RUNIC LETTER OS O;Lo;0;L;;;;;N;;;;;
+16AA;RUNIC LETTER AC A;Lo;0;L;;;;;N;;;;;
+16AB;RUNIC LETTER AESC;Lo;0;L;;;;;N;;;;;
+16AC;RUNIC LETTER LONG-BRANCH-OSS O;Lo;0;L;;;;;N;;;;;
+16AD;RUNIC LETTER SHORT-TWIG-OSS O;Lo;0;L;;;;;N;;;;;
+16AE;RUNIC LETTER O;Lo;0;L;;;;;N;;;;;
+16AF;RUNIC LETTER OE;Lo;0;L;;;;;N;;;;;
+16B0;RUNIC LETTER ON;Lo;0;L;;;;;N;;;;;
+16B1;RUNIC LETTER RAIDO RAD REID R;Lo;0;L;;;;;N;;;;;
+16B2;RUNIC LETTER KAUNA;Lo;0;L;;;;;N;;;;;
+16B3;RUNIC LETTER CEN;Lo;0;L;;;;;N;;;;;
+16B4;RUNIC LETTER KAUN K;Lo;0;L;;;;;N;;;;;
+16B5;RUNIC LETTER G;Lo;0;L;;;;;N;;;;;
+16B6;RUNIC LETTER ENG;Lo;0;L;;;;;N;;;;;
+16B7;RUNIC LETTER GEBO GYFU G;Lo;0;L;;;;;N;;;;;
+16B8;RUNIC LETTER GAR;Lo;0;L;;;;;N;;;;;
+16B9;RUNIC LETTER WUNJO WYNN W;Lo;0;L;;;;;N;;;;;
+16BA;RUNIC LETTER HAGLAZ H;Lo;0;L;;;;;N;;;;;
+16BB;RUNIC LETTER HAEGL H;Lo;0;L;;;;;N;;;;;
+16BC;RUNIC LETTER LONG-BRANCH-HAGALL H;Lo;0;L;;;;;N;;;;;
+16BD;RUNIC LETTER SHORT-TWIG-HAGALL H;Lo;0;L;;;;;N;;;;;
+16BE;RUNIC LETTER NAUDIZ NYD NAUD N;Lo;0;L;;;;;N;;;;;
+16BF;RUNIC LETTER SHORT-TWIG-NAUD N;Lo;0;L;;;;;N;;;;;
+16C0;RUNIC LETTER DOTTED-N;Lo;0;L;;;;;N;;;;;
+16C1;RUNIC LETTER ISAZ IS ISS I;Lo;0;L;;;;;N;;;;;
+16C2;RUNIC LETTER E;Lo;0;L;;;;;N;;;;;
+16C3;RUNIC LETTER JERAN J;Lo;0;L;;;;;N;;;;;
+16C4;RUNIC LETTER GER;Lo;0;L;;;;;N;;;;;
+16C5;RUNIC LETTER LONG-BRANCH-AR AE;Lo;0;L;;;;;N;;;;;
+16C6;RUNIC LETTER SHORT-TWIG-AR A;Lo;0;L;;;;;N;;;;;
+16C7;RUNIC LETTER IWAZ EOH;Lo;0;L;;;;;N;;;;;
+16C8;RUNIC LETTER PERTHO PEORTH P;Lo;0;L;;;;;N;;;;;
+16C9;RUNIC LETTER ALGIZ EOLHX;Lo;0;L;;;;;N;;;;;
+16CA;RUNIC LETTER SOWILO S;Lo;0;L;;;;;N;;;;;
+16CB;RUNIC LETTER SIGEL LONG-BRANCH-SOL S;Lo;0;L;;;;;N;;;;;
+16CC;RUNIC LETTER SHORT-TWIG-SOL S;Lo;0;L;;;;;N;;;;;
+16CD;RUNIC LETTER C;Lo;0;L;;;;;N;;;;;
+16CE;RUNIC LETTER Z;Lo;0;L;;;;;N;;;;;
+16CF;RUNIC LETTER TIWAZ TIR TYR T;Lo;0;L;;;;;N;;;;;
+16D0;RUNIC LETTER SHORT-TWIG-TYR T;Lo;0;L;;;;;N;;;;;
+16D1;RUNIC LETTER D;Lo;0;L;;;;;N;;;;;
+16D2;RUNIC LETTER BERKANAN BEORC BJARKAN B;Lo;0;L;;;;;N;;;;;
+16D3;RUNIC LETTER SHORT-TWIG-BJARKAN B;Lo;0;L;;;;;N;;;;;
+16D4;RUNIC LETTER DOTTED-P;Lo;0;L;;;;;N;;;;;
+16D5;RUNIC LETTER OPEN-P;Lo;0;L;;;;;N;;;;;
+16D6;RUNIC LETTER EHWAZ EH E;Lo;0;L;;;;;N;;;;;
+16D7;RUNIC LETTER MANNAZ MAN M;Lo;0;L;;;;;N;;;;;
+16D8;RUNIC LETTER LONG-BRANCH-MADR M;Lo;0;L;;;;;N;;;;;
+16D9;RUNIC LETTER SHORT-TWIG-MADR M;Lo;0;L;;;;;N;;;;;
+16DA;RUNIC LETTER LAUKAZ LAGU LOGR L;Lo;0;L;;;;;N;;;;;
+16DB;RUNIC LETTER DOTTED-L;Lo;0;L;;;;;N;;;;;
+16DC;RUNIC LETTER INGWAZ;Lo;0;L;;;;;N;;;;;
+16DD;RUNIC LETTER ING;Lo;0;L;;;;;N;;;;;
+16DE;RUNIC LETTER DAGAZ DAEG D;Lo;0;L;;;;;N;;;;;
+16DF;RUNIC LETTER OTHALAN ETHEL O;Lo;0;L;;;;;N;;;;;
+16E0;RUNIC LETTER EAR;Lo;0;L;;;;;N;;;;;
+16E1;RUNIC LETTER IOR;Lo;0;L;;;;;N;;;;;
+16E2;RUNIC LETTER CWEORTH;Lo;0;L;;;;;N;;;;;
+16E3;RUNIC LETTER CALC;Lo;0;L;;;;;N;;;;;
+16E4;RUNIC LETTER CEALC;Lo;0;L;;;;;N;;;;;
+16E5;RUNIC LETTER STAN;Lo;0;L;;;;;N;;;;;
+16E6;RUNIC LETTER LONG-BRANCH-YR;Lo;0;L;;;;;N;;;;;
+16E7;RUNIC LETTER SHORT-TWIG-YR;Lo;0;L;;;;;N;;;;;
+16E8;RUNIC LETTER ICELANDIC-YR;Lo;0;L;;;;;N;;;;;
+16E9;RUNIC LETTER Q;Lo;0;L;;;;;N;;;;;
+16EA;RUNIC LETTER X;Lo;0;L;;;;;N;;;;;
+16EB;RUNIC SINGLE PUNCTUATION;Po;0;L;;;;;N;;;;;
+16EC;RUNIC MULTIPLE PUNCTUATION;Po;0;L;;;;;N;;;;;
+16ED;RUNIC CROSS PUNCTUATION;Po;0;L;;;;;N;;;;;
+16EE;RUNIC ARLAUG SYMBOL;Nl;0;L;;;;17;N;;golden number 17;;;
+16EF;RUNIC TVIMADUR SYMBOL;Nl;0;L;;;;18;N;;golden number 18;;;
+16F0;RUNIC BELGTHOR SYMBOL;Nl;0;L;;;;19;N;;golden number 19;;;
+1700;TAGALOG LETTER A;Lo;0;L;;;;;N;;;;;
+1701;TAGALOG LETTER I;Lo;0;L;;;;;N;;;;;
+1702;TAGALOG LETTER U;Lo;0;L;;;;;N;;;;;
+1703;TAGALOG LETTER KA;Lo;0;L;;;;;N;;;;;
+1704;TAGALOG LETTER GA;Lo;0;L;;;;;N;;;;;
+1705;TAGALOG LETTER NGA;Lo;0;L;;;;;N;;;;;
+1706;TAGALOG LETTER TA;Lo;0;L;;;;;N;;;;;
+1707;TAGALOG LETTER DA;Lo;0;L;;;;;N;;;;;
+1708;TAGALOG LETTER NA;Lo;0;L;;;;;N;;;;;
+1709;TAGALOG LETTER PA;Lo;0;L;;;;;N;;;;;
+170A;TAGALOG LETTER BA;Lo;0;L;;;;;N;;;;;
+170B;TAGALOG LETTER MA;Lo;0;L;;;;;N;;;;;
+170C;TAGALOG LETTER YA;Lo;0;L;;;;;N;;;;;
+170E;TAGALOG LETTER LA;Lo;0;L;;;;;N;;;;;
+170F;TAGALOG LETTER WA;Lo;0;L;;;;;N;;;;;
+1710;TAGALOG LETTER SA;Lo;0;L;;;;;N;;;;;
+1711;TAGALOG LETTER HA;Lo;0;L;;;;;N;;;;;
+1712;TAGALOG VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+1713;TAGALOG VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+1714;TAGALOG SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+1720;HANUNOO LETTER A;Lo;0;L;;;;;N;;;;;
+1721;HANUNOO LETTER I;Lo;0;L;;;;;N;;;;;
+1722;HANUNOO LETTER U;Lo;0;L;;;;;N;;;;;
+1723;HANUNOO LETTER KA;Lo;0;L;;;;;N;;;;;
+1724;HANUNOO LETTER GA;Lo;0;L;;;;;N;;;;;
+1725;HANUNOO LETTER NGA;Lo;0;L;;;;;N;;;;;
+1726;HANUNOO LETTER TA;Lo;0;L;;;;;N;;;;;
+1727;HANUNOO LETTER DA;Lo;0;L;;;;;N;;;;;
+1728;HANUNOO LETTER NA;Lo;0;L;;;;;N;;;;;
+1729;HANUNOO LETTER PA;Lo;0;L;;;;;N;;;;;
+172A;HANUNOO LETTER BA;Lo;0;L;;;;;N;;;;;
+172B;HANUNOO LETTER MA;Lo;0;L;;;;;N;;;;;
+172C;HANUNOO LETTER YA;Lo;0;L;;;;;N;;;;;
+172D;HANUNOO LETTER RA;Lo;0;L;;;;;N;;;;;
+172E;HANUNOO LETTER LA;Lo;0;L;;;;;N;;;;;
+172F;HANUNOO LETTER WA;Lo;0;L;;;;;N;;;;;
+1730;HANUNOO LETTER SA;Lo;0;L;;;;;N;;;;;
+1731;HANUNOO LETTER HA;Lo;0;L;;;;;N;;;;;
+1732;HANUNOO VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+1733;HANUNOO VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+1734;HANUNOO SIGN PAMUDPOD;Mn;9;NSM;;;;;N;;;;;
+1735;PHILIPPINE SINGLE PUNCTUATION;Po;0;L;;;;;N;;;;;
+1736;PHILIPPINE DOUBLE PUNCTUATION;Po;0;L;;;;;N;;;;;
+1740;BUHID LETTER A;Lo;0;L;;;;;N;;;;;
+1741;BUHID LETTER I;Lo;0;L;;;;;N;;;;;
+1742;BUHID LETTER U;Lo;0;L;;;;;N;;;;;
+1743;BUHID LETTER KA;Lo;0;L;;;;;N;;;;;
+1744;BUHID LETTER GA;Lo;0;L;;;;;N;;;;;
+1745;BUHID LETTER NGA;Lo;0;L;;;;;N;;;;;
+1746;BUHID LETTER TA;Lo;0;L;;;;;N;;;;;
+1747;BUHID LETTER DA;Lo;0;L;;;;;N;;;;;
+1748;BUHID LETTER NA;Lo;0;L;;;;;N;;;;;
+1749;BUHID LETTER PA;Lo;0;L;;;;;N;;;;;
+174A;BUHID LETTER BA;Lo;0;L;;;;;N;;;;;
+174B;BUHID LETTER MA;Lo;0;L;;;;;N;;;;;
+174C;BUHID LETTER YA;Lo;0;L;;;;;N;;;;;
+174D;BUHID LETTER RA;Lo;0;L;;;;;N;;;;;
+174E;BUHID LETTER LA;Lo;0;L;;;;;N;;;;;
+174F;BUHID LETTER WA;Lo;0;L;;;;;N;;;;;
+1750;BUHID LETTER SA;Lo;0;L;;;;;N;;;;;
+1751;BUHID LETTER HA;Lo;0;L;;;;;N;;;;;
+1752;BUHID VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+1753;BUHID VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+1760;TAGBANWA LETTER A;Lo;0;L;;;;;N;;;;;
+1761;TAGBANWA LETTER I;Lo;0;L;;;;;N;;;;;
+1762;TAGBANWA LETTER U;Lo;0;L;;;;;N;;;;;
+1763;TAGBANWA LETTER KA;Lo;0;L;;;;;N;;;;;
+1764;TAGBANWA LETTER GA;Lo;0;L;;;;;N;;;;;
+1765;TAGBANWA LETTER NGA;Lo;0;L;;;;;N;;;;;
+1766;TAGBANWA LETTER TA;Lo;0;L;;;;;N;;;;;
+1767;TAGBANWA LETTER DA;Lo;0;L;;;;;N;;;;;
+1768;TAGBANWA LETTER NA;Lo;0;L;;;;;N;;;;;
+1769;TAGBANWA LETTER PA;Lo;0;L;;;;;N;;;;;
+176A;TAGBANWA LETTER BA;Lo;0;L;;;;;N;;;;;
+176B;TAGBANWA LETTER MA;Lo;0;L;;;;;N;;;;;
+176C;TAGBANWA LETTER YA;Lo;0;L;;;;;N;;;;;
+176E;TAGBANWA LETTER LA;Lo;0;L;;;;;N;;;;;
+176F;TAGBANWA LETTER WA;Lo;0;L;;;;;N;;;;;
+1770;TAGBANWA LETTER SA;Lo;0;L;;;;;N;;;;;
+1772;TAGBANWA VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+1773;TAGBANWA VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+1780;KHMER LETTER KA;Lo;0;L;;;;;N;;;;;
+1781;KHMER LETTER KHA;Lo;0;L;;;;;N;;;;;
+1782;KHMER LETTER KO;Lo;0;L;;;;;N;;;;;
+1783;KHMER LETTER KHO;Lo;0;L;;;;;N;;;;;
+1784;KHMER LETTER NGO;Lo;0;L;;;;;N;;;;;
+1785;KHMER LETTER CA;Lo;0;L;;;;;N;;;;;
+1786;KHMER LETTER CHA;Lo;0;L;;;;;N;;;;;
+1787;KHMER LETTER CO;Lo;0;L;;;;;N;;;;;
+1788;KHMER LETTER CHO;Lo;0;L;;;;;N;;;;;
+1789;KHMER LETTER NYO;Lo;0;L;;;;;N;;;;;
+178A;KHMER LETTER DA;Lo;0;L;;;;;N;;;;;
+178B;KHMER LETTER TTHA;Lo;0;L;;;;;N;;;;;
+178C;KHMER LETTER DO;Lo;0;L;;;;;N;;;;;
+178D;KHMER LETTER TTHO;Lo;0;L;;;;;N;;;;;
+178E;KHMER LETTER NNO;Lo;0;L;;;;;N;;;;;
+178F;KHMER LETTER TA;Lo;0;L;;;;;N;;;;;
+1790;KHMER LETTER THA;Lo;0;L;;;;;N;;;;;
+1791;KHMER LETTER TO;Lo;0;L;;;;;N;;;;;
+1792;KHMER LETTER THO;Lo;0;L;;;;;N;;;;;
+1793;KHMER LETTER NO;Lo;0;L;;;;;N;;;;;
+1794;KHMER LETTER BA;Lo;0;L;;;;;N;;;;;
+1795;KHMER LETTER PHA;Lo;0;L;;;;;N;;;;;
+1796;KHMER LETTER PO;Lo;0;L;;;;;N;;;;;
+1797;KHMER LETTER PHO;Lo;0;L;;;;;N;;;;;
+1798;KHMER LETTER MO;Lo;0;L;;;;;N;;;;;
+1799;KHMER LETTER YO;Lo;0;L;;;;;N;;;;;
+179A;KHMER LETTER RO;Lo;0;L;;;;;N;;;;;
+179B;KHMER LETTER LO;Lo;0;L;;;;;N;;;;;
+179C;KHMER LETTER VO;Lo;0;L;;;;;N;;;;;
+179D;KHMER LETTER SHA;Lo;0;L;;;;;N;;;;;
+179E;KHMER LETTER SSO;Lo;0;L;;;;;N;;;;;
+179F;KHMER LETTER SA;Lo;0;L;;;;;N;;;;;
+17A0;KHMER LETTER HA;Lo;0;L;;;;;N;;;;;
+17A1;KHMER LETTER LA;Lo;0;L;;;;;N;;;;;
+17A2;KHMER LETTER QA;Lo;0;L;;;;;N;;;;;
+17A3;KHMER INDEPENDENT VOWEL QAQ;Lo;0;L;;;;;N;;;;;
+17A4;KHMER INDEPENDENT VOWEL QAA;Lo;0;L;;;;;N;;;;;
+17A5;KHMER INDEPENDENT VOWEL QI;Lo;0;L;;;;;N;;;;;
+17A6;KHMER INDEPENDENT VOWEL QII;Lo;0;L;;;;;N;;;;;
+17A7;KHMER INDEPENDENT VOWEL QU;Lo;0;L;;;;;N;;;;;
+17A8;KHMER INDEPENDENT VOWEL QUK;Lo;0;L;;;;;N;;;;;
+17A9;KHMER INDEPENDENT VOWEL QUU;Lo;0;L;;;;;N;;;;;
+17AA;KHMER INDEPENDENT VOWEL QUUV;Lo;0;L;;;;;N;;;;;
+17AB;KHMER INDEPENDENT VOWEL RY;Lo;0;L;;;;;N;;;;;
+17AC;KHMER INDEPENDENT VOWEL RYY;Lo;0;L;;;;;N;;;;;
+17AD;KHMER INDEPENDENT VOWEL LY;Lo;0;L;;;;;N;;;;;
+17AE;KHMER INDEPENDENT VOWEL LYY;Lo;0;L;;;;;N;;;;;
+17AF;KHMER INDEPENDENT VOWEL QE;Lo;0;L;;;;;N;;;;;
+17B0;KHMER INDEPENDENT VOWEL QAI;Lo;0;L;;;;;N;;;;;
+17B1;KHMER INDEPENDENT VOWEL QOO TYPE ONE;Lo;0;L;;;;;N;;;;;
+17B2;KHMER INDEPENDENT VOWEL QOO TYPE TWO;Lo;0;L;;;;;N;;;;;
+17B3;KHMER INDEPENDENT VOWEL QAU;Lo;0;L;;;;;N;;;;;
+17B4;KHMER VOWEL INHERENT AQ;Mc;0;L;;;;;N;;;;;
+17B5;KHMER VOWEL INHERENT AA;Mc;0;L;;;;;N;;;;;
+17B6;KHMER VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+17B7;KHMER VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+17B8;KHMER VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;;
+17B9;KHMER VOWEL SIGN Y;Mn;0;NSM;;;;;N;;;;;
+17BA;KHMER VOWEL SIGN YY;Mn;0;NSM;;;;;N;;;;;
+17BB;KHMER VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+17BC;KHMER VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+17BD;KHMER VOWEL SIGN UA;Mn;0;NSM;;;;;N;;;;;
+17BE;KHMER VOWEL SIGN OE;Mc;0;L;;;;;N;;;;;
+17BF;KHMER VOWEL SIGN YA;Mc;0;L;;;;;N;;;;;
+17C0;KHMER VOWEL SIGN IE;Mc;0;L;;;;;N;;;;;
+17C1;KHMER VOWEL SIGN E;Mc;0;L;;;;;N;;;;;
+17C2;KHMER VOWEL SIGN AE;Mc;0;L;;;;;N;;;;;
+17C3;KHMER VOWEL SIGN AI;Mc;0;L;;;;;N;;;;;
+17C4;KHMER VOWEL SIGN OO;Mc;0;L;;;;;N;;;;;
+17C5;KHMER VOWEL SIGN AU;Mc;0;L;;;;;N;;;;;
+17C6;KHMER SIGN NIKAHIT;Mn;0;NSM;;;;;N;;;;;
+17C7;KHMER SIGN REAHMUK;Mc;0;L;;;;;N;;;;;
+17C8;KHMER SIGN YUUKALEAPINTU;Mc;0;L;;;;;N;;;;;
+17C9;KHMER SIGN MUUSIKATOAN;Mn;0;NSM;;;;;N;;;;;
+17CA;KHMER SIGN TRIISAP;Mn;0;NSM;;;;;N;;;;;
+17CB;KHMER SIGN BANTOC;Mn;0;NSM;;;;;N;;;;;
+17CC;KHMER SIGN ROBAT;Mn;0;NSM;;;;;N;;;;;
+17CD;KHMER SIGN TOANDAKHIAT;Mn;0;NSM;;;;;N;;;;;
+17CE;KHMER SIGN KAKABAT;Mn;0;NSM;;;;;N;;;;;
+17CF;KHMER SIGN AHSDA;Mn;0;NSM;;;;;N;;;;;
+17D0;KHMER SIGN SAMYOK SANNYA;Mn;0;NSM;;;;;N;;;;;
+17D1;KHMER SIGN VIRIAM;Mn;0;NSM;;;;;N;;;;;
+17D2;KHMER SIGN COENG;Mn;9;NSM;;;;;N;;;;;
+17D3;KHMER SIGN BATHAMASAT;Mn;0;NSM;;;;;N;;;;;
+17D4;KHMER SIGN KHAN;Po;0;L;;;;;N;;;;;
+17D5;KHMER SIGN BARIYOOSAN;Po;0;L;;;;;N;;;;;
+17D6;KHMER SIGN CAMNUC PII KUUH;Po;0;L;;;;;N;;;;;
+17D7;KHMER SIGN LEK TOO;Lm;0;L;;;;;N;;;;;
+17D8;KHMER SIGN BEYYAL;Po;0;L;;;;;N;;;;;
+17D9;KHMER SIGN PHNAEK MUAN;Po;0;L;;;;;N;;;;;
+17DA;KHMER SIGN KOOMUUT;Po;0;L;;;;;N;;;;;
+17DB;KHMER CURRENCY SYMBOL RIEL;Sc;0;ET;;;;;N;;;;;
+17DC;KHMER SIGN AVAKRAHASANYA;Lo;0;L;;;;;N;;;;;
+17E0;KHMER DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+17E1;KHMER DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+17E2;KHMER DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+17E3;KHMER DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+17E4;KHMER DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+17E5;KHMER DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+17E6;KHMER DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+17E7;KHMER DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+17E8;KHMER DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+17E9;KHMER DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+1800;MONGOLIAN BIRGA;Po;0;ON;;;;;N;;;;;
+1801;MONGOLIAN ELLIPSIS;Po;0;ON;;;;;N;;;;;
+1802;MONGOLIAN COMMA;Po;0;ON;;;;;N;;;;;
+1803;MONGOLIAN FULL STOP;Po;0;ON;;;;;N;;;;;
+1804;MONGOLIAN COLON;Po;0;ON;;;;;N;;;;;
+1805;MONGOLIAN FOUR DOTS;Po;0;ON;;;;;N;;;;;
+1806;MONGOLIAN TODO SOFT HYPHEN;Pd;0;ON;;;;;N;;;;;
+1807;MONGOLIAN SIBE SYLLABLE BOUNDARY MARKER;Po;0;ON;;;;;N;;;;;
+1808;MONGOLIAN MANCHU COMMA;Po;0;ON;;;;;N;;;;;
+1809;MONGOLIAN MANCHU FULL STOP;Po;0;ON;;;;;N;;;;;
+180A;MONGOLIAN NIRUGU;Po;0;ON;;;;;N;;;;;
+180B;MONGOLIAN FREE VARIATION SELECTOR ONE;Mn;0;NSM;;;;;N;;;;;
+180C;MONGOLIAN FREE VARIATION SELECTOR TWO;Mn;0;NSM;;;;;N;;;;;
+180D;MONGOLIAN FREE VARIATION SELECTOR THREE;Mn;0;NSM;;;;;N;;;;;
+180E;MONGOLIAN VOWEL SEPARATOR;Cf;0;BN;;;;;N;;;;;
+1810;MONGOLIAN DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+1811;MONGOLIAN DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+1812;MONGOLIAN DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+1813;MONGOLIAN DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+1814;MONGOLIAN DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+1815;MONGOLIAN DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+1816;MONGOLIAN DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+1817;MONGOLIAN DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+1818;MONGOLIAN DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+1819;MONGOLIAN DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+1820;MONGOLIAN LETTER A;Lo;0;L;;;;;N;;;;;
+1821;MONGOLIAN LETTER E;Lo;0;L;;;;;N;;;;;
+1822;MONGOLIAN LETTER I;Lo;0;L;;;;;N;;;;;
+1823;MONGOLIAN LETTER O;Lo;0;L;;;;;N;;;;;
+1824;MONGOLIAN LETTER U;Lo;0;L;;;;;N;;;;;
+1825;MONGOLIAN LETTER OE;Lo;0;L;;;;;N;;;;;
+1826;MONGOLIAN LETTER UE;Lo;0;L;;;;;N;;;;;
+1827;MONGOLIAN LETTER EE;Lo;0;L;;;;;N;;;;;
+1828;MONGOLIAN LETTER NA;Lo;0;L;;;;;N;;;;;
+1829;MONGOLIAN LETTER ANG;Lo;0;L;;;;;N;;;;;
+182A;MONGOLIAN LETTER BA;Lo;0;L;;;;;N;;;;;
+182B;MONGOLIAN LETTER PA;Lo;0;L;;;;;N;;;;;
+182C;MONGOLIAN LETTER QA;Lo;0;L;;;;;N;;;;;
+182D;MONGOLIAN LETTER GA;Lo;0;L;;;;;N;;;;;
+182E;MONGOLIAN LETTER MA;Lo;0;L;;;;;N;;;;;
+182F;MONGOLIAN LETTER LA;Lo;0;L;;;;;N;;;;;
+1830;MONGOLIAN LETTER SA;Lo;0;L;;;;;N;;;;;
+1831;MONGOLIAN LETTER SHA;Lo;0;L;;;;;N;;;;;
+1832;MONGOLIAN LETTER TA;Lo;0;L;;;;;N;;;;;
+1833;MONGOLIAN LETTER DA;Lo;0;L;;;;;N;;;;;
+1834;MONGOLIAN LETTER CHA;Lo;0;L;;;;;N;;;;;
+1835;MONGOLIAN LETTER JA;Lo;0;L;;;;;N;;;;;
+1836;MONGOLIAN LETTER YA;Lo;0;L;;;;;N;;;;;
+1837;MONGOLIAN LETTER RA;Lo;0;L;;;;;N;;;;;
+1838;MONGOLIAN LETTER WA;Lo;0;L;;;;;N;;;;;
+1839;MONGOLIAN LETTER FA;Lo;0;L;;;;;N;;;;;
+183A;MONGOLIAN LETTER KA;Lo;0;L;;;;;N;;;;;
+183B;MONGOLIAN LETTER KHA;Lo;0;L;;;;;N;;;;;
+183C;MONGOLIAN LETTER TSA;Lo;0;L;;;;;N;;;;;
+183D;MONGOLIAN LETTER ZA;Lo;0;L;;;;;N;;;;;
+183E;MONGOLIAN LETTER HAA;Lo;0;L;;;;;N;;;;;
+183F;MONGOLIAN LETTER ZRA;Lo;0;L;;;;;N;;;;;
+1840;MONGOLIAN LETTER LHA;Lo;0;L;;;;;N;;;;;
+1841;MONGOLIAN LETTER ZHI;Lo;0;L;;;;;N;;;;;
+1842;MONGOLIAN LETTER CHI;Lo;0;L;;;;;N;;;;;
+1843;MONGOLIAN LETTER TODO LONG VOWEL SIGN;Lm;0;L;;;;;N;;;;;
+1844;MONGOLIAN LETTER TODO E;Lo;0;L;;;;;N;;;;;
+1845;MONGOLIAN LETTER TODO I;Lo;0;L;;;;;N;;;;;
+1846;MONGOLIAN LETTER TODO O;Lo;0;L;;;;;N;;;;;
+1847;MONGOLIAN LETTER TODO U;Lo;0;L;;;;;N;;;;;
+1848;MONGOLIAN LETTER TODO OE;Lo;0;L;;;;;N;;;;;
+1849;MONGOLIAN LETTER TODO UE;Lo;0;L;;;;;N;;;;;
+184A;MONGOLIAN LETTER TODO ANG;Lo;0;L;;;;;N;;;;;
+184B;MONGOLIAN LETTER TODO BA;Lo;0;L;;;;;N;;;;;
+184C;MONGOLIAN LETTER TODO PA;Lo;0;L;;;;;N;;;;;
+184D;MONGOLIAN LETTER TODO QA;Lo;0;L;;;;;N;;;;;
+184E;MONGOLIAN LETTER TODO GA;Lo;0;L;;;;;N;;;;;
+184F;MONGOLIAN LETTER TODO MA;Lo;0;L;;;;;N;;;;;
+1850;MONGOLIAN LETTER TODO TA;Lo;0;L;;;;;N;;;;;
+1851;MONGOLIAN LETTER TODO DA;Lo;0;L;;;;;N;;;;;
+1852;MONGOLIAN LETTER TODO CHA;Lo;0;L;;;;;N;;;;;
+1853;MONGOLIAN LETTER TODO JA;Lo;0;L;;;;;N;;;;;
+1854;MONGOLIAN LETTER TODO TSA;Lo;0;L;;;;;N;;;;;
+1855;MONGOLIAN LETTER TODO YA;Lo;0;L;;;;;N;;;;;
+1856;MONGOLIAN LETTER TODO WA;Lo;0;L;;;;;N;;;;;
+1857;MONGOLIAN LETTER TODO KA;Lo;0;L;;;;;N;;;;;
+1858;MONGOLIAN LETTER TODO GAA;Lo;0;L;;;;;N;;;;;
+1859;MONGOLIAN LETTER TODO HAA;Lo;0;L;;;;;N;;;;;
+185A;MONGOLIAN LETTER TODO JIA;Lo;0;L;;;;;N;;;;;
+185B;MONGOLIAN LETTER TODO NIA;Lo;0;L;;;;;N;;;;;
+185C;MONGOLIAN LETTER TODO DZA;Lo;0;L;;;;;N;;;;;
+185D;MONGOLIAN LETTER SIBE E;Lo;0;L;;;;;N;;;;;
+185E;MONGOLIAN LETTER SIBE I;Lo;0;L;;;;;N;;;;;
+185F;MONGOLIAN LETTER SIBE IY;Lo;0;L;;;;;N;;;;;
+1860;MONGOLIAN LETTER SIBE UE;Lo;0;L;;;;;N;;;;;
+1861;MONGOLIAN LETTER SIBE U;Lo;0;L;;;;;N;;;;;
+1862;MONGOLIAN LETTER SIBE ANG;Lo;0;L;;;;;N;;;;;
+1863;MONGOLIAN LETTER SIBE KA;Lo;0;L;;;;;N;;;;;
+1864;MONGOLIAN LETTER SIBE GA;Lo;0;L;;;;;N;;;;;
+1865;MONGOLIAN LETTER SIBE HA;Lo;0;L;;;;;N;;;;;
+1866;MONGOLIAN LETTER SIBE PA;Lo;0;L;;;;;N;;;;;
+1867;MONGOLIAN LETTER SIBE SHA;Lo;0;L;;;;;N;;;;;
+1868;MONGOLIAN LETTER SIBE TA;Lo;0;L;;;;;N;;;;;
+1869;MONGOLIAN LETTER SIBE DA;Lo;0;L;;;;;N;;;;;
+186A;MONGOLIAN LETTER SIBE JA;Lo;0;L;;;;;N;;;;;
+186B;MONGOLIAN LETTER SIBE FA;Lo;0;L;;;;;N;;;;;
+186C;MONGOLIAN LETTER SIBE GAA;Lo;0;L;;;;;N;;;;;
+186D;MONGOLIAN LETTER SIBE HAA;Lo;0;L;;;;;N;;;;;
+186E;MONGOLIAN LETTER SIBE TSA;Lo;0;L;;;;;N;;;;;
+186F;MONGOLIAN LETTER SIBE ZA;Lo;0;L;;;;;N;;;;;
+1870;MONGOLIAN LETTER SIBE RAA;Lo;0;L;;;;;N;;;;;
+1871;MONGOLIAN LETTER SIBE CHA;Lo;0;L;;;;;N;;;;;
+1872;MONGOLIAN LETTER SIBE ZHA;Lo;0;L;;;;;N;;;;;
+1873;MONGOLIAN LETTER MANCHU I;Lo;0;L;;;;;N;;;;;
+1874;MONGOLIAN LETTER MANCHU KA;Lo;0;L;;;;;N;;;;;
+1875;MONGOLIAN LETTER MANCHU RA;Lo;0;L;;;;;N;;;;;
+1876;MONGOLIAN LETTER MANCHU FA;Lo;0;L;;;;;N;;;;;
+1877;MONGOLIAN LETTER MANCHU ZHA;Lo;0;L;;;;;N;;;;;
+1880;MONGOLIAN LETTER ALI GALI ANUSVARA ONE;Lo;0;L;;;;;N;;;;;
+1881;MONGOLIAN LETTER ALI GALI VISARGA ONE;Lo;0;L;;;;;N;;;;;
+1882;MONGOLIAN LETTER ALI GALI DAMARU;Lo;0;L;;;;;N;;;;;
+1883;MONGOLIAN LETTER ALI GALI UBADAMA;Lo;0;L;;;;;N;;;;;
+1884;MONGOLIAN LETTER ALI GALI INVERTED UBADAMA;Lo;0;L;;;;;N;;;;;
+1885;MONGOLIAN LETTER ALI GALI BALUDA;Lo;0;L;;;;;N;;;;;
+1886;MONGOLIAN LETTER ALI GALI THREE BALUDA;Lo;0;L;;;;;N;;;;;
+1887;MONGOLIAN LETTER ALI GALI A;Lo;0;L;;;;;N;;;;;
+1888;MONGOLIAN LETTER ALI GALI I;Lo;0;L;;;;;N;;;;;
+1889;MONGOLIAN LETTER ALI GALI KA;Lo;0;L;;;;;N;;;;;
+188A;MONGOLIAN LETTER ALI GALI NGA;Lo;0;L;;;;;N;;;;;
+188B;MONGOLIAN LETTER ALI GALI CA;Lo;0;L;;;;;N;;;;;
+188C;MONGOLIAN LETTER ALI GALI TTA;Lo;0;L;;;;;N;;;;;
+188D;MONGOLIAN LETTER ALI GALI TTHA;Lo;0;L;;;;;N;;;;;
+188E;MONGOLIAN LETTER ALI GALI DDA;Lo;0;L;;;;;N;;;;;
+188F;MONGOLIAN LETTER ALI GALI NNA;Lo;0;L;;;;;N;;;;;
+1890;MONGOLIAN LETTER ALI GALI TA;Lo;0;L;;;;;N;;;;;
+1891;MONGOLIAN LETTER ALI GALI DA;Lo;0;L;;;;;N;;;;;
+1892;MONGOLIAN LETTER ALI GALI PA;Lo;0;L;;;;;N;;;;;
+1893;MONGOLIAN LETTER ALI GALI PHA;Lo;0;L;;;;;N;;;;;
+1894;MONGOLIAN LETTER ALI GALI SSA;Lo;0;L;;;;;N;;;;;
+1895;MONGOLIAN LETTER ALI GALI ZHA;Lo;0;L;;;;;N;;;;;
+1896;MONGOLIAN LETTER ALI GALI ZA;Lo;0;L;;;;;N;;;;;
+1897;MONGOLIAN LETTER ALI GALI AH;Lo;0;L;;;;;N;;;;;
+1898;MONGOLIAN LETTER TODO ALI GALI TA;Lo;0;L;;;;;N;;;;;
+1899;MONGOLIAN LETTER TODO ALI GALI ZHA;Lo;0;L;;;;;N;;;;;
+189A;MONGOLIAN LETTER MANCHU ALI GALI GHA;Lo;0;L;;;;;N;;;;;
+189B;MONGOLIAN LETTER MANCHU ALI GALI NGA;Lo;0;L;;;;;N;;;;;
+189C;MONGOLIAN LETTER MANCHU ALI GALI CA;Lo;0;L;;;;;N;;;;;
+189D;MONGOLIAN LETTER MANCHU ALI GALI JHA;Lo;0;L;;;;;N;;;;;
+189E;MONGOLIAN LETTER MANCHU ALI GALI TTA;Lo;0;L;;;;;N;;;;;
+189F;MONGOLIAN LETTER MANCHU ALI GALI DDHA;Lo;0;L;;;;;N;;;;;
+18A0;MONGOLIAN LETTER MANCHU ALI GALI TA;Lo;0;L;;;;;N;;;;;
+18A1;MONGOLIAN LETTER MANCHU ALI GALI DHA;Lo;0;L;;;;;N;;;;;
+18A2;MONGOLIAN LETTER MANCHU ALI GALI SSA;Lo;0;L;;;;;N;;;;;
+18A3;MONGOLIAN LETTER MANCHU ALI GALI CYA;Lo;0;L;;;;;N;;;;;
+18A4;MONGOLIAN LETTER MANCHU ALI GALI ZHA;Lo;0;L;;;;;N;;;;;
+18A5;MONGOLIAN LETTER MANCHU ALI GALI ZA;Lo;0;L;;;;;N;;;;;
+18A6;MONGOLIAN LETTER ALI GALI HALF U;Lo;0;L;;;;;N;;;;;
+18A7;MONGOLIAN LETTER ALI GALI HALF YA;Lo;0;L;;;;;N;;;;;
+18A8;MONGOLIAN LETTER MANCHU ALI GALI BHA;Lo;0;L;;;;;N;;;;;
+18A9;MONGOLIAN LETTER ALI GALI DAGALGA;Mn;228;NSM;;;;;N;;;;;
+1E00;LATIN CAPITAL LETTER A WITH RING BELOW;Lu;0;L;0041 0325;;;;N;;;;1E01;
+1E01;LATIN SMALL LETTER A WITH RING BELOW;Ll;0;L;0061 0325;;;;N;;;1E00;;1E00
+1E02;LATIN CAPITAL LETTER B WITH DOT ABOVE;Lu;0;L;0042 0307;;;;N;;;;1E03;
+1E03;LATIN SMALL LETTER B WITH DOT ABOVE;Ll;0;L;0062 0307;;;;N;;;1E02;;1E02
+1E04;LATIN CAPITAL LETTER B WITH DOT BELOW;Lu;0;L;0042 0323;;;;N;;;;1E05;
+1E05;LATIN SMALL LETTER B WITH DOT BELOW;Ll;0;L;0062 0323;;;;N;;;1E04;;1E04
+1E06;LATIN CAPITAL LETTER B WITH LINE BELOW;Lu;0;L;0042 0331;;;;N;;;;1E07;
+1E07;LATIN SMALL LETTER B WITH LINE BELOW;Ll;0;L;0062 0331;;;;N;;;1E06;;1E06
+1E08;LATIN CAPITAL LETTER C WITH CEDILLA AND ACUTE;Lu;0;L;00C7 0301;;;;N;;;;1E09;
+1E09;LATIN SMALL LETTER C WITH CEDILLA AND ACUTE;Ll;0;L;00E7 0301;;;;N;;;1E08;;1E08
+1E0A;LATIN CAPITAL LETTER D WITH DOT ABOVE;Lu;0;L;0044 0307;;;;N;;;;1E0B;
+1E0B;LATIN SMALL LETTER D WITH DOT ABOVE;Ll;0;L;0064 0307;;;;N;;;1E0A;;1E0A
+1E0C;LATIN CAPITAL LETTER D WITH DOT BELOW;Lu;0;L;0044 0323;;;;N;;;;1E0D;
+1E0D;LATIN SMALL LETTER D WITH DOT BELOW;Ll;0;L;0064 0323;;;;N;;;1E0C;;1E0C
+1E0E;LATIN CAPITAL LETTER D WITH LINE BELOW;Lu;0;L;0044 0331;;;;N;;;;1E0F;
+1E0F;LATIN SMALL LETTER D WITH LINE BELOW;Ll;0;L;0064 0331;;;;N;;;1E0E;;1E0E
+1E10;LATIN CAPITAL LETTER D WITH CEDILLA;Lu;0;L;0044 0327;;;;N;;;;1E11;
+1E11;LATIN SMALL LETTER D WITH CEDILLA;Ll;0;L;0064 0327;;;;N;;;1E10;;1E10
+1E12;LATIN CAPITAL LETTER D WITH CIRCUMFLEX BELOW;Lu;0;L;0044 032D;;;;N;;;;1E13;
+1E13;LATIN SMALL LETTER D WITH CIRCUMFLEX BELOW;Ll;0;L;0064 032D;;;;N;;;1E12;;1E12
+1E14;LATIN CAPITAL LETTER E WITH MACRON AND GRAVE;Lu;0;L;0112 0300;;;;N;;;;1E15;
+1E15;LATIN SMALL LETTER E WITH MACRON AND GRAVE;Ll;0;L;0113 0300;;;;N;;;1E14;;1E14
+1E16;LATIN CAPITAL LETTER E WITH MACRON AND ACUTE;Lu;0;L;0112 0301;;;;N;;;;1E17;
+1E17;LATIN SMALL LETTER E WITH MACRON AND ACUTE;Ll;0;L;0113 0301;;;;N;;;1E16;;1E16
+1E18;LATIN CAPITAL LETTER E WITH CIRCUMFLEX BELOW;Lu;0;L;0045 032D;;;;N;;;;1E19;
+1E19;LATIN SMALL LETTER E WITH CIRCUMFLEX BELOW;Ll;0;L;0065 032D;;;;N;;;1E18;;1E18
+1E1A;LATIN CAPITAL LETTER E WITH TILDE BELOW;Lu;0;L;0045 0330;;;;N;;;;1E1B;
+1E1B;LATIN SMALL LETTER E WITH TILDE BELOW;Ll;0;L;0065 0330;;;;N;;;1E1A;;1E1A
+1E1C;LATIN CAPITAL LETTER E WITH CEDILLA AND BREVE;Lu;0;L;0228 0306;;;;N;;;;1E1D;
+1E1D;LATIN SMALL LETTER E WITH CEDILLA AND BREVE;Ll;0;L;0229 0306;;;;N;;;1E1C;;1E1C
+1E1E;LATIN CAPITAL LETTER F WITH DOT ABOVE;Lu;0;L;0046 0307;;;;N;;;;1E1F;
+1E1F;LATIN SMALL LETTER F WITH DOT ABOVE;Ll;0;L;0066 0307;;;;N;;;1E1E;;1E1E
+1E20;LATIN CAPITAL LETTER G WITH MACRON;Lu;0;L;0047 0304;;;;N;;;;1E21;
+1E21;LATIN SMALL LETTER G WITH MACRON;Ll;0;L;0067 0304;;;;N;;;1E20;;1E20
+1E22;LATIN CAPITAL LETTER H WITH DOT ABOVE;Lu;0;L;0048 0307;;;;N;;;;1E23;
+1E23;LATIN SMALL LETTER H WITH DOT ABOVE;Ll;0;L;0068 0307;;;;N;;;1E22;;1E22
+1E24;LATIN CAPITAL LETTER H WITH DOT BELOW;Lu;0;L;0048 0323;;;;N;;;;1E25;
+1E25;LATIN SMALL LETTER H WITH DOT BELOW;Ll;0;L;0068 0323;;;;N;;;1E24;;1E24
+1E26;LATIN CAPITAL LETTER H WITH DIAERESIS;Lu;0;L;0048 0308;;;;N;;;;1E27;
+1E27;LATIN SMALL LETTER H WITH DIAERESIS;Ll;0;L;0068 0308;;;;N;;;1E26;;1E26
+1E28;LATIN CAPITAL LETTER H WITH CEDILLA;Lu;0;L;0048 0327;;;;N;;;;1E29;
+1E29;LATIN SMALL LETTER H WITH CEDILLA;Ll;0;L;0068 0327;;;;N;;;1E28;;1E28
+1E2A;LATIN CAPITAL LETTER H WITH BREVE BELOW;Lu;0;L;0048 032E;;;;N;;;;1E2B;
+1E2B;LATIN SMALL LETTER H WITH BREVE BELOW;Ll;0;L;0068 032E;;;;N;;;1E2A;;1E2A
+1E2C;LATIN CAPITAL LETTER I WITH TILDE BELOW;Lu;0;L;0049 0330;;;;N;;;;1E2D;
+1E2D;LATIN SMALL LETTER I WITH TILDE BELOW;Ll;0;L;0069 0330;;;;N;;;1E2C;;1E2C
+1E2E;LATIN CAPITAL LETTER I WITH DIAERESIS AND ACUTE;Lu;0;L;00CF 0301;;;;N;;;;1E2F;
+1E2F;LATIN SMALL LETTER I WITH DIAERESIS AND ACUTE;Ll;0;L;00EF 0301;;;;N;;;1E2E;;1E2E
+1E30;LATIN CAPITAL LETTER K WITH ACUTE;Lu;0;L;004B 0301;;;;N;;;;1E31;
+1E31;LATIN SMALL LETTER K WITH ACUTE;Ll;0;L;006B 0301;;;;N;;;1E30;;1E30
+1E32;LATIN CAPITAL LETTER K WITH DOT BELOW;Lu;0;L;004B 0323;;;;N;;;;1E33;
+1E33;LATIN SMALL LETTER K WITH DOT BELOW;Ll;0;L;006B 0323;;;;N;;;1E32;;1E32
+1E34;LATIN CAPITAL LETTER K WITH LINE BELOW;Lu;0;L;004B 0331;;;;N;;;;1E35;
+1E35;LATIN SMALL LETTER K WITH LINE BELOW;Ll;0;L;006B 0331;;;;N;;;1E34;;1E34
+1E36;LATIN CAPITAL LETTER L WITH DOT BELOW;Lu;0;L;004C 0323;;;;N;;;;1E37;
+1E37;LATIN SMALL LETTER L WITH DOT BELOW;Ll;0;L;006C 0323;;;;N;;;1E36;;1E36
+1E38;LATIN CAPITAL LETTER L WITH DOT BELOW AND MACRON;Lu;0;L;1E36 0304;;;;N;;;;1E39;
+1E39;LATIN SMALL LETTER L WITH DOT BELOW AND MACRON;Ll;0;L;1E37 0304;;;;N;;;1E38;;1E38
+1E3A;LATIN CAPITAL LETTER L WITH LINE BELOW;Lu;0;L;004C 0331;;;;N;;;;1E3B;
+1E3B;LATIN SMALL LETTER L WITH LINE BELOW;Ll;0;L;006C 0331;;;;N;;;1E3A;;1E3A
+1E3C;LATIN CAPITAL LETTER L WITH CIRCUMFLEX BELOW;Lu;0;L;004C 032D;;;;N;;;;1E3D;
+1E3D;LATIN SMALL LETTER L WITH CIRCUMFLEX BELOW;Ll;0;L;006C 032D;;;;N;;;1E3C;;1E3C
+1E3E;LATIN CAPITAL LETTER M WITH ACUTE;Lu;0;L;004D 0301;;;;N;;;;1E3F;
+1E3F;LATIN SMALL LETTER M WITH ACUTE;Ll;0;L;006D 0301;;;;N;;;1E3E;;1E3E
+1E40;LATIN CAPITAL LETTER M WITH DOT ABOVE;Lu;0;L;004D 0307;;;;N;;;;1E41;
+1E41;LATIN SMALL LETTER M WITH DOT ABOVE;Ll;0;L;006D 0307;;;;N;;;1E40;;1E40
+1E42;LATIN CAPITAL LETTER M WITH DOT BELOW;Lu;0;L;004D 0323;;;;N;;;;1E43;
+1E43;LATIN SMALL LETTER M WITH DOT BELOW;Ll;0;L;006D 0323;;;;N;;;1E42;;1E42
+1E44;LATIN CAPITAL LETTER N WITH DOT ABOVE;Lu;0;L;004E 0307;;;;N;;;;1E45;
+1E45;LATIN SMALL LETTER N WITH DOT ABOVE;Ll;0;L;006E 0307;;;;N;;;1E44;;1E44
+1E46;LATIN CAPITAL LETTER N WITH DOT BELOW;Lu;0;L;004E 0323;;;;N;;;;1E47;
+1E47;LATIN SMALL LETTER N WITH DOT BELOW;Ll;0;L;006E 0323;;;;N;;;1E46;;1E46
+1E48;LATIN CAPITAL LETTER N WITH LINE BELOW;Lu;0;L;004E 0331;;;;N;;;;1E49;
+1E49;LATIN SMALL LETTER N WITH LINE BELOW;Ll;0;L;006E 0331;;;;N;;;1E48;;1E48
+1E4A;LATIN CAPITAL LETTER N WITH CIRCUMFLEX BELOW;Lu;0;L;004E 032D;;;;N;;;;1E4B;
+1E4B;LATIN SMALL LETTER N WITH CIRCUMFLEX BELOW;Ll;0;L;006E 032D;;;;N;;;1E4A;;1E4A
+1E4C;LATIN CAPITAL LETTER O WITH TILDE AND ACUTE;Lu;0;L;00D5 0301;;;;N;;;;1E4D;
+1E4D;LATIN SMALL LETTER O WITH TILDE AND ACUTE;Ll;0;L;00F5 0301;;;;N;;;1E4C;;1E4C
+1E4E;LATIN CAPITAL LETTER O WITH TILDE AND DIAERESIS;Lu;0;L;00D5 0308;;;;N;;;;1E4F;
+1E4F;LATIN SMALL LETTER O WITH TILDE AND DIAERESIS;Ll;0;L;00F5 0308;;;;N;;;1E4E;;1E4E
+1E50;LATIN CAPITAL LETTER O WITH MACRON AND GRAVE;Lu;0;L;014C 0300;;;;N;;;;1E51;
+1E51;LATIN SMALL LETTER O WITH MACRON AND GRAVE;Ll;0;L;014D 0300;;;;N;;;1E50;;1E50
+1E52;LATIN CAPITAL LETTER O WITH MACRON AND ACUTE;Lu;0;L;014C 0301;;;;N;;;;1E53;
+1E53;LATIN SMALL LETTER O WITH MACRON AND ACUTE;Ll;0;L;014D 0301;;;;N;;;1E52;;1E52
+1E54;LATIN CAPITAL LETTER P WITH ACUTE;Lu;0;L;0050 0301;;;;N;;;;1E55;
+1E55;LATIN SMALL LETTER P WITH ACUTE;Ll;0;L;0070 0301;;;;N;;;1E54;;1E54
+1E56;LATIN CAPITAL LETTER P WITH DOT ABOVE;Lu;0;L;0050 0307;;;;N;;;;1E57;
+1E57;LATIN SMALL LETTER P WITH DOT ABOVE;Ll;0;L;0070 0307;;;;N;;;1E56;;1E56
+1E58;LATIN CAPITAL LETTER R WITH DOT ABOVE;Lu;0;L;0052 0307;;;;N;;;;1E59;
+1E59;LATIN SMALL LETTER R WITH DOT ABOVE;Ll;0;L;0072 0307;;;;N;;;1E58;;1E58
+1E5A;LATIN CAPITAL LETTER R WITH DOT BELOW;Lu;0;L;0052 0323;;;;N;;;;1E5B;
+1E5B;LATIN SMALL LETTER R WITH DOT BELOW;Ll;0;L;0072 0323;;;;N;;;1E5A;;1E5A
+1E5C;LATIN CAPITAL LETTER R WITH DOT BELOW AND MACRON;Lu;0;L;1E5A 0304;;;;N;;;;1E5D;
+1E5D;LATIN SMALL LETTER R WITH DOT BELOW AND MACRON;Ll;0;L;1E5B 0304;;;;N;;;1E5C;;1E5C
+1E5E;LATIN CAPITAL LETTER R WITH LINE BELOW;Lu;0;L;0052 0331;;;;N;;;;1E5F;
+1E5F;LATIN SMALL LETTER R WITH LINE BELOW;Ll;0;L;0072 0331;;;;N;;;1E5E;;1E5E
+1E60;LATIN CAPITAL LETTER S WITH DOT ABOVE;Lu;0;L;0053 0307;;;;N;;;;1E61;
+1E61;LATIN SMALL LETTER S WITH DOT ABOVE;Ll;0;L;0073 0307;;;;N;;;1E60;;1E60
+1E62;LATIN CAPITAL LETTER S WITH DOT BELOW;Lu;0;L;0053 0323;;;;N;;;;1E63;
+1E63;LATIN SMALL LETTER S WITH DOT BELOW;Ll;0;L;0073 0323;;;;N;;;1E62;;1E62
+1E64;LATIN CAPITAL LETTER S WITH ACUTE AND DOT ABOVE;Lu;0;L;015A 0307;;;;N;;;;1E65;
+1E65;LATIN SMALL LETTER S WITH ACUTE AND DOT ABOVE;Ll;0;L;015B 0307;;;;N;;;1E64;;1E64
+1E66;LATIN CAPITAL LETTER S WITH CARON AND DOT ABOVE;Lu;0;L;0160 0307;;;;N;;;;1E67;
+1E67;LATIN SMALL LETTER S WITH CARON AND DOT ABOVE;Ll;0;L;0161 0307;;;;N;;;1E66;;1E66
+1E68;LATIN CAPITAL LETTER S WITH DOT BELOW AND DOT ABOVE;Lu;0;L;1E62 0307;;;;N;;;;1E69;
+1E69;LATIN SMALL LETTER S WITH DOT BELOW AND DOT ABOVE;Ll;0;L;1E63 0307;;;;N;;;1E68;;1E68
+1E6A;LATIN CAPITAL LETTER T WITH DOT ABOVE;Lu;0;L;0054 0307;;;;N;;;;1E6B;
+1E6B;LATIN SMALL LETTER T WITH DOT ABOVE;Ll;0;L;0074 0307;;;;N;;;1E6A;;1E6A
+1E6C;LATIN CAPITAL LETTER T WITH DOT BELOW;Lu;0;L;0054 0323;;;;N;;;;1E6D;
+1E6D;LATIN SMALL LETTER T WITH DOT BELOW;Ll;0;L;0074 0323;;;;N;;;1E6C;;1E6C
+1E6E;LATIN CAPITAL LETTER T WITH LINE BELOW;Lu;0;L;0054 0331;;;;N;;;;1E6F;
+1E6F;LATIN SMALL LETTER T WITH LINE BELOW;Ll;0;L;0074 0331;;;;N;;;1E6E;;1E6E
+1E70;LATIN CAPITAL LETTER T WITH CIRCUMFLEX BELOW;Lu;0;L;0054 032D;;;;N;;;;1E71;
+1E71;LATIN SMALL LETTER T WITH CIRCUMFLEX BELOW;Ll;0;L;0074 032D;;;;N;;;1E70;;1E70
+1E72;LATIN CAPITAL LETTER U WITH DIAERESIS BELOW;Lu;0;L;0055 0324;;;;N;;;;1E73;
+1E73;LATIN SMALL LETTER U WITH DIAERESIS BELOW;Ll;0;L;0075 0324;;;;N;;;1E72;;1E72
+1E74;LATIN CAPITAL LETTER U WITH TILDE BELOW;Lu;0;L;0055 0330;;;;N;;;;1E75;
+1E75;LATIN SMALL LETTER U WITH TILDE BELOW;Ll;0;L;0075 0330;;;;N;;;1E74;;1E74
+1E76;LATIN CAPITAL LETTER U WITH CIRCUMFLEX BELOW;Lu;0;L;0055 032D;;;;N;;;;1E77;
+1E77;LATIN SMALL LETTER U WITH CIRCUMFLEX BELOW;Ll;0;L;0075 032D;;;;N;;;1E76;;1E76
+1E78;LATIN CAPITAL LETTER U WITH TILDE AND ACUTE;Lu;0;L;0168 0301;;;;N;;;;1E79;
+1E79;LATIN SMALL LETTER U WITH TILDE AND ACUTE;Ll;0;L;0169 0301;;;;N;;;1E78;;1E78
+1E7A;LATIN CAPITAL LETTER U WITH MACRON AND DIAERESIS;Lu;0;L;016A 0308;;;;N;;;;1E7B;
+1E7B;LATIN SMALL LETTER U WITH MACRON AND DIAERESIS;Ll;0;L;016B 0308;;;;N;;;1E7A;;1E7A
+1E7C;LATIN CAPITAL LETTER V WITH TILDE;Lu;0;L;0056 0303;;;;N;;;;1E7D;
+1E7D;LATIN SMALL LETTER V WITH TILDE;Ll;0;L;0076 0303;;;;N;;;1E7C;;1E7C
+1E7E;LATIN CAPITAL LETTER V WITH DOT BELOW;Lu;0;L;0056 0323;;;;N;;;;1E7F;
+1E7F;LATIN SMALL LETTER V WITH DOT BELOW;Ll;0;L;0076 0323;;;;N;;;1E7E;;1E7E
+1E80;LATIN CAPITAL LETTER W WITH GRAVE;Lu;0;L;0057 0300;;;;N;;;;1E81;
+1E81;LATIN SMALL LETTER W WITH GRAVE;Ll;0;L;0077 0300;;;;N;;;1E80;;1E80
+1E82;LATIN CAPITAL LETTER W WITH ACUTE;Lu;0;L;0057 0301;;;;N;;;;1E83;
+1E83;LATIN SMALL LETTER W WITH ACUTE;Ll;0;L;0077 0301;;;;N;;;1E82;;1E82
+1E84;LATIN CAPITAL LETTER W WITH DIAERESIS;Lu;0;L;0057 0308;;;;N;;;;1E85;
+1E85;LATIN SMALL LETTER W WITH DIAERESIS;Ll;0;L;0077 0308;;;;N;;;1E84;;1E84
+1E86;LATIN CAPITAL LETTER W WITH DOT ABOVE;Lu;0;L;0057 0307;;;;N;;;;1E87;
+1E87;LATIN SMALL LETTER W WITH DOT ABOVE;Ll;0;L;0077 0307;;;;N;;;1E86;;1E86
+1E88;LATIN CAPITAL LETTER W WITH DOT BELOW;Lu;0;L;0057 0323;;;;N;;;;1E89;
+1E89;LATIN SMALL LETTER W WITH DOT BELOW;Ll;0;L;0077 0323;;;;N;;;1E88;;1E88
+1E8A;LATIN CAPITAL LETTER X WITH DOT ABOVE;Lu;0;L;0058 0307;;;;N;;;;1E8B;
+1E8B;LATIN SMALL LETTER X WITH DOT ABOVE;Ll;0;L;0078 0307;;;;N;;;1E8A;;1E8A
+1E8C;LATIN CAPITAL LETTER X WITH DIAERESIS;Lu;0;L;0058 0308;;;;N;;;;1E8D;
+1E8D;LATIN SMALL LETTER X WITH DIAERESIS;Ll;0;L;0078 0308;;;;N;;;1E8C;;1E8C
+1E8E;LATIN CAPITAL LETTER Y WITH DOT ABOVE;Lu;0;L;0059 0307;;;;N;;;;1E8F;
+1E8F;LATIN SMALL LETTER Y WITH DOT ABOVE;Ll;0;L;0079 0307;;;;N;;;1E8E;;1E8E
+1E90;LATIN CAPITAL LETTER Z WITH CIRCUMFLEX;Lu;0;L;005A 0302;;;;N;;;;1E91;
+1E91;LATIN SMALL LETTER Z WITH CIRCUMFLEX;Ll;0;L;007A 0302;;;;N;;;1E90;;1E90
+1E92;LATIN CAPITAL LETTER Z WITH DOT BELOW;Lu;0;L;005A 0323;;;;N;;;;1E93;
+1E93;LATIN SMALL LETTER Z WITH DOT BELOW;Ll;0;L;007A 0323;;;;N;;;1E92;;1E92
+1E94;LATIN CAPITAL LETTER Z WITH LINE BELOW;Lu;0;L;005A 0331;;;;N;;;;1E95;
+1E95;LATIN SMALL LETTER Z WITH LINE BELOW;Ll;0;L;007A 0331;;;;N;;;1E94;;1E94
+1E96;LATIN SMALL LETTER H WITH LINE BELOW;Ll;0;L;0068 0331;;;;N;;;;;
+1E97;LATIN SMALL LETTER T WITH DIAERESIS;Ll;0;L;0074 0308;;;;N;;;;;
+1E98;LATIN SMALL LETTER W WITH RING ABOVE;Ll;0;L;0077 030A;;;;N;;;;;
+1E99;LATIN SMALL LETTER Y WITH RING ABOVE;Ll;0;L;0079 030A;;;;N;;;;;
+1E9A;LATIN SMALL LETTER A WITH RIGHT HALF RING;Ll;0;L;<compat> 0061 02BE;;;;N;;;;;
+1E9B;LATIN SMALL LETTER LONG S WITH DOT ABOVE;Ll;0;L;017F 0307;;;;N;;;1E60;;1E60
+1EA0;LATIN CAPITAL LETTER A WITH DOT BELOW;Lu;0;L;0041 0323;;;;N;;;;1EA1;
+1EA1;LATIN SMALL LETTER A WITH DOT BELOW;Ll;0;L;0061 0323;;;;N;;;1EA0;;1EA0
+1EA2;LATIN CAPITAL LETTER A WITH HOOK ABOVE;Lu;0;L;0041 0309;;;;N;;;;1EA3;
+1EA3;LATIN SMALL LETTER A WITH HOOK ABOVE;Ll;0;L;0061 0309;;;;N;;;1EA2;;1EA2
+1EA4;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND ACUTE;Lu;0;L;00C2 0301;;;;N;;;;1EA5;
+1EA5;LATIN SMALL LETTER A WITH CIRCUMFLEX AND ACUTE;Ll;0;L;00E2 0301;;;;N;;;1EA4;;1EA4
+1EA6;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND GRAVE;Lu;0;L;00C2 0300;;;;N;;;;1EA7;
+1EA7;LATIN SMALL LETTER A WITH CIRCUMFLEX AND GRAVE;Ll;0;L;00E2 0300;;;;N;;;1EA6;;1EA6
+1EA8;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE;Lu;0;L;00C2 0309;;;;N;;;;1EA9;
+1EA9;LATIN SMALL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE;Ll;0;L;00E2 0309;;;;N;;;1EA8;;1EA8
+1EAA;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND TILDE;Lu;0;L;00C2 0303;;;;N;;;;1EAB;
+1EAB;LATIN SMALL LETTER A WITH CIRCUMFLEX AND TILDE;Ll;0;L;00E2 0303;;;;N;;;1EAA;;1EAA
+1EAC;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND DOT BELOW;Lu;0;L;1EA0 0302;;;;N;;;;1EAD;
+1EAD;LATIN SMALL LETTER A WITH CIRCUMFLEX AND DOT BELOW;Ll;0;L;1EA1 0302;;;;N;;;1EAC;;1EAC
+1EAE;LATIN CAPITAL LETTER A WITH BREVE AND ACUTE;Lu;0;L;0102 0301;;;;N;;;;1EAF;
+1EAF;LATIN SMALL LETTER A WITH BREVE AND ACUTE;Ll;0;L;0103 0301;;;;N;;;1EAE;;1EAE
+1EB0;LATIN CAPITAL LETTER A WITH BREVE AND GRAVE;Lu;0;L;0102 0300;;;;N;;;;1EB1;
+1EB1;LATIN SMALL LETTER A WITH BREVE AND GRAVE;Ll;0;L;0103 0300;;;;N;;;1EB0;;1EB0
+1EB2;LATIN CAPITAL LETTER A WITH BREVE AND HOOK ABOVE;Lu;0;L;0102 0309;;;;N;;;;1EB3;
+1EB3;LATIN SMALL LETTER A WITH BREVE AND HOOK ABOVE;Ll;0;L;0103 0309;;;;N;;;1EB2;;1EB2
+1EB4;LATIN CAPITAL LETTER A WITH BREVE AND TILDE;Lu;0;L;0102 0303;;;;N;;;;1EB5;
+1EB5;LATIN SMALL LETTER A WITH BREVE AND TILDE;Ll;0;L;0103 0303;;;;N;;;1EB4;;1EB4
+1EB6;LATIN CAPITAL LETTER A WITH BREVE AND DOT BELOW;Lu;0;L;1EA0 0306;;;;N;;;;1EB7;
+1EB7;LATIN SMALL LETTER A WITH BREVE AND DOT BELOW;Ll;0;L;1EA1 0306;;;;N;;;1EB6;;1EB6
+1EB8;LATIN CAPITAL LETTER E WITH DOT BELOW;Lu;0;L;0045 0323;;;;N;;;;1EB9;
+1EB9;LATIN SMALL LETTER E WITH DOT BELOW;Ll;0;L;0065 0323;;;;N;;;1EB8;;1EB8
+1EBA;LATIN CAPITAL LETTER E WITH HOOK ABOVE;Lu;0;L;0045 0309;;;;N;;;;1EBB;
+1EBB;LATIN SMALL LETTER E WITH HOOK ABOVE;Ll;0;L;0065 0309;;;;N;;;1EBA;;1EBA
+1EBC;LATIN CAPITAL LETTER E WITH TILDE;Lu;0;L;0045 0303;;;;N;;;;1EBD;
+1EBD;LATIN SMALL LETTER E WITH TILDE;Ll;0;L;0065 0303;;;;N;;;1EBC;;1EBC
+1EBE;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND ACUTE;Lu;0;L;00CA 0301;;;;N;;;;1EBF;
+1EBF;LATIN SMALL LETTER E WITH CIRCUMFLEX AND ACUTE;Ll;0;L;00EA 0301;;;;N;;;1EBE;;1EBE
+1EC0;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND GRAVE;Lu;0;L;00CA 0300;;;;N;;;;1EC1;
+1EC1;LATIN SMALL LETTER E WITH CIRCUMFLEX AND GRAVE;Ll;0;L;00EA 0300;;;;N;;;1EC0;;1EC0
+1EC2;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE;Lu;0;L;00CA 0309;;;;N;;;;1EC3;
+1EC3;LATIN SMALL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE;Ll;0;L;00EA 0309;;;;N;;;1EC2;;1EC2
+1EC4;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND TILDE;Lu;0;L;00CA 0303;;;;N;;;;1EC5;
+1EC5;LATIN SMALL LETTER E WITH CIRCUMFLEX AND TILDE;Ll;0;L;00EA 0303;;;;N;;;1EC4;;1EC4
+1EC6;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND DOT BELOW;Lu;0;L;1EB8 0302;;;;N;;;;1EC7;
+1EC7;LATIN SMALL LETTER E WITH CIRCUMFLEX AND DOT BELOW;Ll;0;L;1EB9 0302;;;;N;;;1EC6;;1EC6
+1EC8;LATIN CAPITAL LETTER I WITH HOOK ABOVE;Lu;0;L;0049 0309;;;;N;;;;1EC9;
+1EC9;LATIN SMALL LETTER I WITH HOOK ABOVE;Ll;0;L;0069 0309;;;;N;;;1EC8;;1EC8
+1ECA;LATIN CAPITAL LETTER I WITH DOT BELOW;Lu;0;L;0049 0323;;;;N;;;;1ECB;
+1ECB;LATIN SMALL LETTER I WITH DOT BELOW;Ll;0;L;0069 0323;;;;N;;;1ECA;;1ECA
+1ECC;LATIN CAPITAL LETTER O WITH DOT BELOW;Lu;0;L;004F 0323;;;;N;;;;1ECD;
+1ECD;LATIN SMALL LETTER O WITH DOT BELOW;Ll;0;L;006F 0323;;;;N;;;1ECC;;1ECC
+1ECE;LATIN CAPITAL LETTER O WITH HOOK ABOVE;Lu;0;L;004F 0309;;;;N;;;;1ECF;
+1ECF;LATIN SMALL LETTER O WITH HOOK ABOVE;Ll;0;L;006F 0309;;;;N;;;1ECE;;1ECE
+1ED0;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND ACUTE;Lu;0;L;00D4 0301;;;;N;;;;1ED1;
+1ED1;LATIN SMALL LETTER O WITH CIRCUMFLEX AND ACUTE;Ll;0;L;00F4 0301;;;;N;;;1ED0;;1ED0
+1ED2;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND GRAVE;Lu;0;L;00D4 0300;;;;N;;;;1ED3;
+1ED3;LATIN SMALL LETTER O WITH CIRCUMFLEX AND GRAVE;Ll;0;L;00F4 0300;;;;N;;;1ED2;;1ED2
+1ED4;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE;Lu;0;L;00D4 0309;;;;N;;;;1ED5;
+1ED5;LATIN SMALL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE;Ll;0;L;00F4 0309;;;;N;;;1ED4;;1ED4
+1ED6;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND TILDE;Lu;0;L;00D4 0303;;;;N;;;;1ED7;
+1ED7;LATIN SMALL LETTER O WITH CIRCUMFLEX AND TILDE;Ll;0;L;00F4 0303;;;;N;;;1ED6;;1ED6
+1ED8;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND DOT BELOW;Lu;0;L;1ECC 0302;;;;N;;;;1ED9;
+1ED9;LATIN SMALL LETTER O WITH CIRCUMFLEX AND DOT BELOW;Ll;0;L;1ECD 0302;;;;N;;;1ED8;;1ED8
+1EDA;LATIN CAPITAL LETTER O WITH HORN AND ACUTE;Lu;0;L;01A0 0301;;;;N;;;;1EDB;
+1EDB;LATIN SMALL LETTER O WITH HORN AND ACUTE;Ll;0;L;01A1 0301;;;;N;;;1EDA;;1EDA
+1EDC;LATIN CAPITAL LETTER O WITH HORN AND GRAVE;Lu;0;L;01A0 0300;;;;N;;;;1EDD;
+1EDD;LATIN SMALL LETTER O WITH HORN AND GRAVE;Ll;0;L;01A1 0300;;;;N;;;1EDC;;1EDC
+1EDE;LATIN CAPITAL LETTER O WITH HORN AND HOOK ABOVE;Lu;0;L;01A0 0309;;;;N;;;;1EDF;
+1EDF;LATIN SMALL LETTER O WITH HORN AND HOOK ABOVE;Ll;0;L;01A1 0309;;;;N;;;1EDE;;1EDE
+1EE0;LATIN CAPITAL LETTER O WITH HORN AND TILDE;Lu;0;L;01A0 0303;;;;N;;;;1EE1;
+1EE1;LATIN SMALL LETTER O WITH HORN AND TILDE;Ll;0;L;01A1 0303;;;;N;;;1EE0;;1EE0
+1EE2;LATIN CAPITAL LETTER O WITH HORN AND DOT BELOW;Lu;0;L;01A0 0323;;;;N;;;;1EE3;
+1EE3;LATIN SMALL LETTER O WITH HORN AND DOT BELOW;Ll;0;L;01A1 0323;;;;N;;;1EE2;;1EE2
+1EE4;LATIN CAPITAL LETTER U WITH DOT BELOW;Lu;0;L;0055 0323;;;;N;;;;1EE5;
+1EE5;LATIN SMALL LETTER U WITH DOT BELOW;Ll;0;L;0075 0323;;;;N;;;1EE4;;1EE4
+1EE6;LATIN CAPITAL LETTER U WITH HOOK ABOVE;Lu;0;L;0055 0309;;;;N;;;;1EE7;
+1EE7;LATIN SMALL LETTER U WITH HOOK ABOVE;Ll;0;L;0075 0309;;;;N;;;1EE6;;1EE6
+1EE8;LATIN CAPITAL LETTER U WITH HORN AND ACUTE;Lu;0;L;01AF 0301;;;;N;;;;1EE9;
+1EE9;LATIN SMALL LETTER U WITH HORN AND ACUTE;Ll;0;L;01B0 0301;;;;N;;;1EE8;;1EE8
+1EEA;LATIN CAPITAL LETTER U WITH HORN AND GRAVE;Lu;0;L;01AF 0300;;;;N;;;;1EEB;
+1EEB;LATIN SMALL LETTER U WITH HORN AND GRAVE;Ll;0;L;01B0 0300;;;;N;;;1EEA;;1EEA
+1EEC;LATIN CAPITAL LETTER U WITH HORN AND HOOK ABOVE;Lu;0;L;01AF 0309;;;;N;;;;1EED;
+1EED;LATIN SMALL LETTER U WITH HORN AND HOOK ABOVE;Ll;0;L;01B0 0309;;;;N;;;1EEC;;1EEC
+1EEE;LATIN CAPITAL LETTER U WITH HORN AND TILDE;Lu;0;L;01AF 0303;;;;N;;;;1EEF;
+1EEF;LATIN SMALL LETTER U WITH HORN AND TILDE;Ll;0;L;01B0 0303;;;;N;;;1EEE;;1EEE
+1EF0;LATIN CAPITAL LETTER U WITH HORN AND DOT BELOW;Lu;0;L;01AF 0323;;;;N;;;;1EF1;
+1EF1;LATIN SMALL LETTER U WITH HORN AND DOT BELOW;Ll;0;L;01B0 0323;;;;N;;;1EF0;;1EF0
+1EF2;LATIN CAPITAL LETTER Y WITH GRAVE;Lu;0;L;0059 0300;;;;N;;;;1EF3;
+1EF3;LATIN SMALL LETTER Y WITH GRAVE;Ll;0;L;0079 0300;;;;N;;;1EF2;;1EF2
+1EF4;LATIN CAPITAL LETTER Y WITH DOT BELOW;Lu;0;L;0059 0323;;;;N;;;;1EF5;
+1EF5;LATIN SMALL LETTER Y WITH DOT BELOW;Ll;0;L;0079 0323;;;;N;;;1EF4;;1EF4
+1EF6;LATIN CAPITAL LETTER Y WITH HOOK ABOVE;Lu;0;L;0059 0309;;;;N;;;;1EF7;
+1EF7;LATIN SMALL LETTER Y WITH HOOK ABOVE;Ll;0;L;0079 0309;;;;N;;;1EF6;;1EF6
+1EF8;LATIN CAPITAL LETTER Y WITH TILDE;Lu;0;L;0059 0303;;;;N;;;;1EF9;
+1EF9;LATIN SMALL LETTER Y WITH TILDE;Ll;0;L;0079 0303;;;;N;;;1EF8;;1EF8
+1F00;GREEK SMALL LETTER ALPHA WITH PSILI;Ll;0;L;03B1 0313;;;;N;;;1F08;;1F08
+1F01;GREEK SMALL LETTER ALPHA WITH DASIA;Ll;0;L;03B1 0314;;;;N;;;1F09;;1F09
+1F02;GREEK SMALL LETTER ALPHA WITH PSILI AND VARIA;Ll;0;L;1F00 0300;;;;N;;;1F0A;;1F0A
+1F03;GREEK SMALL LETTER ALPHA WITH DASIA AND VARIA;Ll;0;L;1F01 0300;;;;N;;;1F0B;;1F0B
+1F04;GREEK SMALL LETTER ALPHA WITH PSILI AND OXIA;Ll;0;L;1F00 0301;;;;N;;;1F0C;;1F0C
+1F05;GREEK SMALL LETTER ALPHA WITH DASIA AND OXIA;Ll;0;L;1F01 0301;;;;N;;;1F0D;;1F0D
+1F06;GREEK SMALL LETTER ALPHA WITH PSILI AND PERISPOMENI;Ll;0;L;1F00 0342;;;;N;;;1F0E;;1F0E
+1F07;GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI;Ll;0;L;1F01 0342;;;;N;;;1F0F;;1F0F
+1F08;GREEK CAPITAL LETTER ALPHA WITH PSILI;Lu;0;L;0391 0313;;;;N;;;;1F00;
+1F09;GREEK CAPITAL LETTER ALPHA WITH DASIA;Lu;0;L;0391 0314;;;;N;;;;1F01;
+1F0A;GREEK CAPITAL LETTER ALPHA WITH PSILI AND VARIA;Lu;0;L;1F08 0300;;;;N;;;;1F02;
+1F0B;GREEK CAPITAL LETTER ALPHA WITH DASIA AND VARIA;Lu;0;L;1F09 0300;;;;N;;;;1F03;
+1F0C;GREEK CAPITAL LETTER ALPHA WITH PSILI AND OXIA;Lu;0;L;1F08 0301;;;;N;;;;1F04;
+1F0D;GREEK CAPITAL LETTER ALPHA WITH DASIA AND OXIA;Lu;0;L;1F09 0301;;;;N;;;;1F05;
+1F0E;GREEK CAPITAL LETTER ALPHA WITH PSILI AND PERISPOMENI;Lu;0;L;1F08 0342;;;;N;;;;1F06;
+1F0F;GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI;Lu;0;L;1F09 0342;;;;N;;;;1F07;
+1F10;GREEK SMALL LETTER EPSILON WITH PSILI;Ll;0;L;03B5 0313;;;;N;;;1F18;;1F18
+1F11;GREEK SMALL LETTER EPSILON WITH DASIA;Ll;0;L;03B5 0314;;;;N;;;1F19;;1F19
+1F12;GREEK SMALL LETTER EPSILON WITH PSILI AND VARIA;Ll;0;L;1F10 0300;;;;N;;;1F1A;;1F1A
+1F13;GREEK SMALL LETTER EPSILON WITH DASIA AND VARIA;Ll;0;L;1F11 0300;;;;N;;;1F1B;;1F1B
+1F14;GREEK SMALL LETTER EPSILON WITH PSILI AND OXIA;Ll;0;L;1F10 0301;;;;N;;;1F1C;;1F1C
+1F15;GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA;Ll;0;L;1F11 0301;;;;N;;;1F1D;;1F1D
+1F18;GREEK CAPITAL LETTER EPSILON WITH PSILI;Lu;0;L;0395 0313;;;;N;;;;1F10;
+1F19;GREEK CAPITAL LETTER EPSILON WITH DASIA;Lu;0;L;0395 0314;;;;N;;;;1F11;
+1F1A;GREEK CAPITAL LETTER EPSILON WITH PSILI AND VARIA;Lu;0;L;1F18 0300;;;;N;;;;1F12;
+1F1B;GREEK CAPITAL LETTER EPSILON WITH DASIA AND VARIA;Lu;0;L;1F19 0300;;;;N;;;;1F13;
+1F1C;GREEK CAPITAL LETTER EPSILON WITH PSILI AND OXIA;Lu;0;L;1F18 0301;;;;N;;;;1F14;
+1F1D;GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA;Lu;0;L;1F19 0301;;;;N;;;;1F15;
+1F20;GREEK SMALL LETTER ETA WITH PSILI;Ll;0;L;03B7 0313;;;;N;;;1F28;;1F28
+1F21;GREEK SMALL LETTER ETA WITH DASIA;Ll;0;L;03B7 0314;;;;N;;;1F29;;1F29
+1F22;GREEK SMALL LETTER ETA WITH PSILI AND VARIA;Ll;0;L;1F20 0300;;;;N;;;1F2A;;1F2A
+1F23;GREEK SMALL LETTER ETA WITH DASIA AND VARIA;Ll;0;L;1F21 0300;;;;N;;;1F2B;;1F2B
+1F24;GREEK SMALL LETTER ETA WITH PSILI AND OXIA;Ll;0;L;1F20 0301;;;;N;;;1F2C;;1F2C
+1F25;GREEK SMALL LETTER ETA WITH DASIA AND OXIA;Ll;0;L;1F21 0301;;;;N;;;1F2D;;1F2D
+1F26;GREEK SMALL LETTER ETA WITH PSILI AND PERISPOMENI;Ll;0;L;1F20 0342;;;;N;;;1F2E;;1F2E
+1F27;GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI;Ll;0;L;1F21 0342;;;;N;;;1F2F;;1F2F
+1F28;GREEK CAPITAL LETTER ETA WITH PSILI;Lu;0;L;0397 0313;;;;N;;;;1F20;
+1F29;GREEK CAPITAL LETTER ETA WITH DASIA;Lu;0;L;0397 0314;;;;N;;;;1F21;
+1F2A;GREEK CAPITAL LETTER ETA WITH PSILI AND VARIA;Lu;0;L;1F28 0300;;;;N;;;;1F22;
+1F2B;GREEK CAPITAL LETTER ETA WITH DASIA AND VARIA;Lu;0;L;1F29 0300;;;;N;;;;1F23;
+1F2C;GREEK CAPITAL LETTER ETA WITH PSILI AND OXIA;Lu;0;L;1F28 0301;;;;N;;;;1F24;
+1F2D;GREEK CAPITAL LETTER ETA WITH DASIA AND OXIA;Lu;0;L;1F29 0301;;;;N;;;;1F25;
+1F2E;GREEK CAPITAL LETTER ETA WITH PSILI AND PERISPOMENI;Lu;0;L;1F28 0342;;;;N;;;;1F26;
+1F2F;GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI;Lu;0;L;1F29 0342;;;;N;;;;1F27;
+1F30;GREEK SMALL LETTER IOTA WITH PSILI;Ll;0;L;03B9 0313;;;;N;;;1F38;;1F38
+1F31;GREEK SMALL LETTER IOTA WITH DASIA;Ll;0;L;03B9 0314;;;;N;;;1F39;;1F39
+1F32;GREEK SMALL LETTER IOTA WITH PSILI AND VARIA;Ll;0;L;1F30 0300;;;;N;;;1F3A;;1F3A
+1F33;GREEK SMALL LETTER IOTA WITH DASIA AND VARIA;Ll;0;L;1F31 0300;;;;N;;;1F3B;;1F3B
+1F34;GREEK SMALL LETTER IOTA WITH PSILI AND OXIA;Ll;0;L;1F30 0301;;;;N;;;1F3C;;1F3C
+1F35;GREEK SMALL LETTER IOTA WITH DASIA AND OXIA;Ll;0;L;1F31 0301;;;;N;;;1F3D;;1F3D
+1F36;GREEK SMALL LETTER IOTA WITH PSILI AND PERISPOMENI;Ll;0;L;1F30 0342;;;;N;;;1F3E;;1F3E
+1F37;GREEK SMALL LETTER IOTA WITH DASIA AND PERISPOMENI;Ll;0;L;1F31 0342;;;;N;;;1F3F;;1F3F
+1F38;GREEK CAPITAL LETTER IOTA WITH PSILI;Lu;0;L;0399 0313;;;;N;;;;1F30;
+1F39;GREEK CAPITAL LETTER IOTA WITH DASIA;Lu;0;L;0399 0314;;;;N;;;;1F31;
+1F3A;GREEK CAPITAL LETTER IOTA WITH PSILI AND VARIA;Lu;0;L;1F38 0300;;;;N;;;;1F32;
+1F3B;GREEK CAPITAL LETTER IOTA WITH DASIA AND VARIA;Lu;0;L;1F39 0300;;;;N;;;;1F33;
+1F3C;GREEK CAPITAL LETTER IOTA WITH PSILI AND OXIA;Lu;0;L;1F38 0301;;;;N;;;;1F34;
+1F3D;GREEK CAPITAL LETTER IOTA WITH DASIA AND OXIA;Lu;0;L;1F39 0301;;;;N;;;;1F35;
+1F3E;GREEK CAPITAL LETTER IOTA WITH PSILI AND PERISPOMENI;Lu;0;L;1F38 0342;;;;N;;;;1F36;
+1F3F;GREEK CAPITAL LETTER IOTA WITH DASIA AND PERISPOMENI;Lu;0;L;1F39 0342;;;;N;;;;1F37;
+1F40;GREEK SMALL LETTER OMICRON WITH PSILI;Ll;0;L;03BF 0313;;;;N;;;1F48;;1F48
+1F41;GREEK SMALL LETTER OMICRON WITH DASIA;Ll;0;L;03BF 0314;;;;N;;;1F49;;1F49
+1F42;GREEK SMALL LETTER OMICRON WITH PSILI AND VARIA;Ll;0;L;1F40 0300;;;;N;;;1F4A;;1F4A
+1F43;GREEK SMALL LETTER OMICRON WITH DASIA AND VARIA;Ll;0;L;1F41 0300;;;;N;;;1F4B;;1F4B
+1F44;GREEK SMALL LETTER OMICRON WITH PSILI AND OXIA;Ll;0;L;1F40 0301;;;;N;;;1F4C;;1F4C
+1F45;GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA;Ll;0;L;1F41 0301;;;;N;;;1F4D;;1F4D
+1F48;GREEK CAPITAL LETTER OMICRON WITH PSILI;Lu;0;L;039F 0313;;;;N;;;;1F40;
+1F49;GREEK CAPITAL LETTER OMICRON WITH DASIA;Lu;0;L;039F 0314;;;;N;;;;1F41;
+1F4A;GREEK CAPITAL LETTER OMICRON WITH PSILI AND VARIA;Lu;0;L;1F48 0300;;;;N;;;;1F42;
+1F4B;GREEK CAPITAL LETTER OMICRON WITH DASIA AND VARIA;Lu;0;L;1F49 0300;;;;N;;;;1F43;
+1F4C;GREEK CAPITAL LETTER OMICRON WITH PSILI AND OXIA;Lu;0;L;1F48 0301;;;;N;;;;1F44;
+1F4D;GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA;Lu;0;L;1F49 0301;;;;N;;;;1F45;
+1F50;GREEK SMALL LETTER UPSILON WITH PSILI;Ll;0;L;03C5 0313;;;;N;;;;;
+1F51;GREEK SMALL LETTER UPSILON WITH DASIA;Ll;0;L;03C5 0314;;;;N;;;1F59;;1F59
+1F52;GREEK SMALL LETTER UPSILON WITH PSILI AND VARIA;Ll;0;L;1F50 0300;;;;N;;;;;
+1F53;GREEK SMALL LETTER UPSILON WITH DASIA AND VARIA;Ll;0;L;1F51 0300;;;;N;;;1F5B;;1F5B
+1F54;GREEK SMALL LETTER UPSILON WITH PSILI AND OXIA;Ll;0;L;1F50 0301;;;;N;;;;;
+1F55;GREEK SMALL LETTER UPSILON WITH DASIA AND OXIA;Ll;0;L;1F51 0301;;;;N;;;1F5D;;1F5D
+1F56;GREEK SMALL LETTER UPSILON WITH PSILI AND PERISPOMENI;Ll;0;L;1F50 0342;;;;N;;;;;
+1F57;GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI;Ll;0;L;1F51 0342;;;;N;;;1F5F;;1F5F
+1F59;GREEK CAPITAL LETTER UPSILON WITH DASIA;Lu;0;L;03A5 0314;;;;N;;;;1F51;
+1F5B;GREEK CAPITAL LETTER UPSILON WITH DASIA AND VARIA;Lu;0;L;1F59 0300;;;;N;;;;1F53;
+1F5D;GREEK CAPITAL LETTER UPSILON WITH DASIA AND OXIA;Lu;0;L;1F59 0301;;;;N;;;;1F55;
+1F5F;GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI;Lu;0;L;1F59 0342;;;;N;;;;1F57;
+1F60;GREEK SMALL LETTER OMEGA WITH PSILI;Ll;0;L;03C9 0313;;;;N;;;1F68;;1F68
+1F61;GREEK SMALL LETTER OMEGA WITH DASIA;Ll;0;L;03C9 0314;;;;N;;;1F69;;1F69
+1F62;GREEK SMALL LETTER OMEGA WITH PSILI AND VARIA;Ll;0;L;1F60 0300;;;;N;;;1F6A;;1F6A
+1F63;GREEK SMALL LETTER OMEGA WITH DASIA AND VARIA;Ll;0;L;1F61 0300;;;;N;;;1F6B;;1F6B
+1F64;GREEK SMALL LETTER OMEGA WITH PSILI AND OXIA;Ll;0;L;1F60 0301;;;;N;;;1F6C;;1F6C
+1F65;GREEK SMALL LETTER OMEGA WITH DASIA AND OXIA;Ll;0;L;1F61 0301;;;;N;;;1F6D;;1F6D
+1F66;GREEK SMALL LETTER OMEGA WITH PSILI AND PERISPOMENI;Ll;0;L;1F60 0342;;;;N;;;1F6E;;1F6E
+1F67;GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI;Ll;0;L;1F61 0342;;;;N;;;1F6F;;1F6F
+1F68;GREEK CAPITAL LETTER OMEGA WITH PSILI;Lu;0;L;03A9 0313;;;;N;;;;1F60;
+1F69;GREEK CAPITAL LETTER OMEGA WITH DASIA;Lu;0;L;03A9 0314;;;;N;;;;1F61;
+1F6A;GREEK CAPITAL LETTER OMEGA WITH PSILI AND VARIA;Lu;0;L;1F68 0300;;;;N;;;;1F62;
+1F6B;GREEK CAPITAL LETTER OMEGA WITH DASIA AND VARIA;Lu;0;L;1F69 0300;;;;N;;;;1F63;
+1F6C;GREEK CAPITAL LETTER OMEGA WITH PSILI AND OXIA;Lu;0;L;1F68 0301;;;;N;;;;1F64;
+1F6D;GREEK CAPITAL LETTER OMEGA WITH DASIA AND OXIA;Lu;0;L;1F69 0301;;;;N;;;;1F65;
+1F6E;GREEK CAPITAL LETTER OMEGA WITH PSILI AND PERISPOMENI;Lu;0;L;1F68 0342;;;;N;;;;1F66;
+1F6F;GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI;Lu;0;L;1F69 0342;;;;N;;;;1F67;
+1F70;GREEK SMALL LETTER ALPHA WITH VARIA;Ll;0;L;03B1 0300;;;;N;;;1FBA;;1FBA
+1F71;GREEK SMALL LETTER ALPHA WITH OXIA;Ll;0;L;03AC;;;;N;;;1FBB;;1FBB
+1F72;GREEK SMALL LETTER EPSILON WITH VARIA;Ll;0;L;03B5 0300;;;;N;;;1FC8;;1FC8
+1F73;GREEK SMALL LETTER EPSILON WITH OXIA;Ll;0;L;03AD;;;;N;;;1FC9;;1FC9
+1F74;GREEK SMALL LETTER ETA WITH VARIA;Ll;0;L;03B7 0300;;;;N;;;1FCA;;1FCA
+1F75;GREEK SMALL LETTER ETA WITH OXIA;Ll;0;L;03AE;;;;N;;;1FCB;;1FCB
+1F76;GREEK SMALL LETTER IOTA WITH VARIA;Ll;0;L;03B9 0300;;;;N;;;1FDA;;1FDA
+1F77;GREEK SMALL LETTER IOTA WITH OXIA;Ll;0;L;03AF;;;;N;;;1FDB;;1FDB
+1F78;GREEK SMALL LETTER OMICRON WITH VARIA;Ll;0;L;03BF 0300;;;;N;;;1FF8;;1FF8
+1F79;GREEK SMALL LETTER OMICRON WITH OXIA;Ll;0;L;03CC;;;;N;;;1FF9;;1FF9
+1F7A;GREEK SMALL LETTER UPSILON WITH VARIA;Ll;0;L;03C5 0300;;;;N;;;1FEA;;1FEA
+1F7B;GREEK SMALL LETTER UPSILON WITH OXIA;Ll;0;L;03CD;;;;N;;;1FEB;;1FEB
+1F7C;GREEK SMALL LETTER OMEGA WITH VARIA;Ll;0;L;03C9 0300;;;;N;;;1FFA;;1FFA
+1F7D;GREEK SMALL LETTER OMEGA WITH OXIA;Ll;0;L;03CE;;;;N;;;1FFB;;1FFB
+1F80;GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI;Ll;0;L;1F00 0345;;;;N;;;1F88;;1F88
+1F81;GREEK SMALL LETTER ALPHA WITH DASIA AND YPOGEGRAMMENI;Ll;0;L;1F01 0345;;;;N;;;1F89;;1F89
+1F82;GREEK SMALL LETTER ALPHA WITH PSILI AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F02 0345;;;;N;;;1F8A;;1F8A
+1F83;GREEK SMALL LETTER ALPHA WITH DASIA AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F03 0345;;;;N;;;1F8B;;1F8B
+1F84;GREEK SMALL LETTER ALPHA WITH PSILI AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F04 0345;;;;N;;;1F8C;;1F8C
+1F85;GREEK SMALL LETTER ALPHA WITH DASIA AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F05 0345;;;;N;;;1F8D;;1F8D
+1F86;GREEK SMALL LETTER ALPHA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F06 0345;;;;N;;;1F8E;;1F8E
+1F87;GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F07 0345;;;;N;;;1F8F;;1F8F
+1F88;GREEK CAPITAL LETTER ALPHA WITH PSILI AND PROSGEGRAMMENI;Lt;0;L;1F08 0345;;;;N;;;;1F80;
+1F89;GREEK CAPITAL LETTER ALPHA WITH DASIA AND PROSGEGRAMMENI;Lt;0;L;1F09 0345;;;;N;;;;1F81;
+1F8A;GREEK CAPITAL LETTER ALPHA WITH PSILI AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F0A 0345;;;;N;;;;1F82;
+1F8B;GREEK CAPITAL LETTER ALPHA WITH DASIA AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F0B 0345;;;;N;;;;1F83;
+1F8C;GREEK CAPITAL LETTER ALPHA WITH PSILI AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F0C 0345;;;;N;;;;1F84;
+1F8D;GREEK CAPITAL LETTER ALPHA WITH DASIA AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F0D 0345;;;;N;;;;1F85;
+1F8E;GREEK CAPITAL LETTER ALPHA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F0E 0345;;;;N;;;;1F86;
+1F8F;GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F0F 0345;;;;N;;;;1F87;
+1F90;GREEK SMALL LETTER ETA WITH PSILI AND YPOGEGRAMMENI;Ll;0;L;1F20 0345;;;;N;;;1F98;;1F98
+1F91;GREEK SMALL LETTER ETA WITH DASIA AND YPOGEGRAMMENI;Ll;0;L;1F21 0345;;;;N;;;1F99;;1F99
+1F92;GREEK SMALL LETTER ETA WITH PSILI AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F22 0345;;;;N;;;1F9A;;1F9A
+1F93;GREEK SMALL LETTER ETA WITH DASIA AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F23 0345;;;;N;;;1F9B;;1F9B
+1F94;GREEK SMALL LETTER ETA WITH PSILI AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F24 0345;;;;N;;;1F9C;;1F9C
+1F95;GREEK SMALL LETTER ETA WITH DASIA AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F25 0345;;;;N;;;1F9D;;1F9D
+1F96;GREEK SMALL LETTER ETA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F26 0345;;;;N;;;1F9E;;1F9E
+1F97;GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F27 0345;;;;N;;;1F9F;;1F9F
+1F98;GREEK CAPITAL LETTER ETA WITH PSILI AND PROSGEGRAMMENI;Lt;0;L;1F28 0345;;;;N;;;;1F90;
+1F99;GREEK CAPITAL LETTER ETA WITH DASIA AND PROSGEGRAMMENI;Lt;0;L;1F29 0345;;;;N;;;;1F91;
+1F9A;GREEK CAPITAL LETTER ETA WITH PSILI AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F2A 0345;;;;N;;;;1F92;
+1F9B;GREEK CAPITAL LETTER ETA WITH DASIA AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F2B 0345;;;;N;;;;1F93;
+1F9C;GREEK CAPITAL LETTER ETA WITH PSILI AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F2C 0345;;;;N;;;;1F94;
+1F9D;GREEK CAPITAL LETTER ETA WITH DASIA AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F2D 0345;;;;N;;;;1F95;
+1F9E;GREEK CAPITAL LETTER ETA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F2E 0345;;;;N;;;;1F96;
+1F9F;GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F2F 0345;;;;N;;;;1F97;
+1FA0;GREEK SMALL LETTER OMEGA WITH PSILI AND YPOGEGRAMMENI;Ll;0;L;1F60 0345;;;;N;;;1FA8;;1FA8
+1FA1;GREEK SMALL LETTER OMEGA WITH DASIA AND YPOGEGRAMMENI;Ll;0;L;1F61 0345;;;;N;;;1FA9;;1FA9
+1FA2;GREEK SMALL LETTER OMEGA WITH PSILI AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F62 0345;;;;N;;;1FAA;;1FAA
+1FA3;GREEK SMALL LETTER OMEGA WITH DASIA AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F63 0345;;;;N;;;1FAB;;1FAB
+1FA4;GREEK SMALL LETTER OMEGA WITH PSILI AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F64 0345;;;;N;;;1FAC;;1FAC
+1FA5;GREEK SMALL LETTER OMEGA WITH DASIA AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F65 0345;;;;N;;;1FAD;;1FAD
+1FA6;GREEK SMALL LETTER OMEGA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F66 0345;;;;N;;;1FAE;;1FAE
+1FA7;GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F67 0345;;;;N;;;1FAF;;1FAF
+1FA8;GREEK CAPITAL LETTER OMEGA WITH PSILI AND PROSGEGRAMMENI;Lt;0;L;1F68 0345;;;;N;;;;1FA0;
+1FA9;GREEK CAPITAL LETTER OMEGA WITH DASIA AND PROSGEGRAMMENI;Lt;0;L;1F69 0345;;;;N;;;;1FA1;
+1FAA;GREEK CAPITAL LETTER OMEGA WITH PSILI AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F6A 0345;;;;N;;;;1FA2;
+1FAB;GREEK CAPITAL LETTER OMEGA WITH DASIA AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F6B 0345;;;;N;;;;1FA3;
+1FAC;GREEK CAPITAL LETTER OMEGA WITH PSILI AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F6C 0345;;;;N;;;;1FA4;
+1FAD;GREEK CAPITAL LETTER OMEGA WITH DASIA AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F6D 0345;;;;N;;;;1FA5;
+1FAE;GREEK CAPITAL LETTER OMEGA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F6E 0345;;;;N;;;;1FA6;
+1FAF;GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F6F 0345;;;;N;;;;1FA7;
+1FB0;GREEK SMALL LETTER ALPHA WITH VRACHY;Ll;0;L;03B1 0306;;;;N;;;1FB8;;1FB8
+1FB1;GREEK SMALL LETTER ALPHA WITH MACRON;Ll;0;L;03B1 0304;;;;N;;;1FB9;;1FB9
+1FB2;GREEK SMALL LETTER ALPHA WITH VARIA AND YPOGEGRAMMENI;Ll;0;L;1F70 0345;;;;N;;;;;
+1FB3;GREEK SMALL LETTER ALPHA WITH YPOGEGRAMMENI;Ll;0;L;03B1 0345;;;;N;;;1FBC;;1FBC
+1FB4;GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI;Ll;0;L;03AC 0345;;;;N;;;;;
+1FB6;GREEK SMALL LETTER ALPHA WITH PERISPOMENI;Ll;0;L;03B1 0342;;;;N;;;;;
+1FB7;GREEK SMALL LETTER ALPHA WITH PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1FB6 0345;;;;N;;;;;
+1FB8;GREEK CAPITAL LETTER ALPHA WITH VRACHY;Lu;0;L;0391 0306;;;;N;;;;1FB0;
+1FB9;GREEK CAPITAL LETTER ALPHA WITH MACRON;Lu;0;L;0391 0304;;;;N;;;;1FB1;
+1FBA;GREEK CAPITAL LETTER ALPHA WITH VARIA;Lu;0;L;0391 0300;;;;N;;;;1F70;
+1FBB;GREEK CAPITAL LETTER ALPHA WITH OXIA;Lu;0;L;0386;;;;N;;;;1F71;
+1FBC;GREEK CAPITAL LETTER ALPHA WITH PROSGEGRAMMENI;Lt;0;L;0391 0345;;;;N;;;;1FB3;
+1FBD;GREEK KORONIS;Sk;0;ON;<compat> 0020 0313;;;;N;;;;;
+1FBE;GREEK PROSGEGRAMMENI;Ll;0;L;03B9;;;;N;;;0399;;0399
+1FBF;GREEK PSILI;Sk;0;ON;<compat> 0020 0313;;;;N;;;;;
+1FC0;GREEK PERISPOMENI;Sk;0;ON;<compat> 0020 0342;;;;N;;;;;
+1FC1;GREEK DIALYTIKA AND PERISPOMENI;Sk;0;ON;00A8 0342;;;;N;;;;;
+1FC2;GREEK SMALL LETTER ETA WITH VARIA AND YPOGEGRAMMENI;Ll;0;L;1F74 0345;;;;N;;;;;
+1FC3;GREEK SMALL LETTER ETA WITH YPOGEGRAMMENI;Ll;0;L;03B7 0345;;;;N;;;1FCC;;1FCC
+1FC4;GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI;Ll;0;L;03AE 0345;;;;N;;;;;
+1FC6;GREEK SMALL LETTER ETA WITH PERISPOMENI;Ll;0;L;03B7 0342;;;;N;;;;;
+1FC7;GREEK SMALL LETTER ETA WITH PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1FC6 0345;;;;N;;;;;
+1FC8;GREEK CAPITAL LETTER EPSILON WITH VARIA;Lu;0;L;0395 0300;;;;N;;;;1F72;
+1FC9;GREEK CAPITAL LETTER EPSILON WITH OXIA;Lu;0;L;0388;;;;N;;;;1F73;
+1FCA;GREEK CAPITAL LETTER ETA WITH VARIA;Lu;0;L;0397 0300;;;;N;;;;1F74;
+1FCB;GREEK CAPITAL LETTER ETA WITH OXIA;Lu;0;L;0389;;;;N;;;;1F75;
+1FCC;GREEK CAPITAL LETTER ETA WITH PROSGEGRAMMENI;Lt;0;L;0397 0345;;;;N;;;;1FC3;
+1FCD;GREEK PSILI AND VARIA;Sk;0;ON;1FBF 0300;;;;N;;;;;
+1FCE;GREEK PSILI AND OXIA;Sk;0;ON;1FBF 0301;;;;N;;;;;
+1FCF;GREEK PSILI AND PERISPOMENI;Sk;0;ON;1FBF 0342;;;;N;;;;;
+1FD0;GREEK SMALL LETTER IOTA WITH VRACHY;Ll;0;L;03B9 0306;;;;N;;;1FD8;;1FD8
+1FD1;GREEK SMALL LETTER IOTA WITH MACRON;Ll;0;L;03B9 0304;;;;N;;;1FD9;;1FD9
+1FD2;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND VARIA;Ll;0;L;03CA 0300;;;;N;;;;;
+1FD3;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA;Ll;0;L;0390;;;;N;;;;;
+1FD6;GREEK SMALL LETTER IOTA WITH PERISPOMENI;Ll;0;L;03B9 0342;;;;N;;;;;
+1FD7;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND PERISPOMENI;Ll;0;L;03CA 0342;;;;N;;;;;
+1FD8;GREEK CAPITAL LETTER IOTA WITH VRACHY;Lu;0;L;0399 0306;;;;N;;;;1FD0;
+1FD9;GREEK CAPITAL LETTER IOTA WITH MACRON;Lu;0;L;0399 0304;;;;N;;;;1FD1;
+1FDA;GREEK CAPITAL LETTER IOTA WITH VARIA;Lu;0;L;0399 0300;;;;N;;;;1F76;
+1FDB;GREEK CAPITAL LETTER IOTA WITH OXIA;Lu;0;L;038A;;;;N;;;;1F77;
+1FDD;GREEK DASIA AND VARIA;Sk;0;ON;1FFE 0300;;;;N;;;;;
+1FDE;GREEK DASIA AND OXIA;Sk;0;ON;1FFE 0301;;;;N;;;;;
+1FDF;GREEK DASIA AND PERISPOMENI;Sk;0;ON;1FFE 0342;;;;N;;;;;
+1FE0;GREEK SMALL LETTER UPSILON WITH VRACHY;Ll;0;L;03C5 0306;;;;N;;;1FE8;;1FE8
+1FE1;GREEK SMALL LETTER UPSILON WITH MACRON;Ll;0;L;03C5 0304;;;;N;;;1FE9;;1FE9
+1FE2;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND VARIA;Ll;0;L;03CB 0300;;;;N;;;;;
+1FE3;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND OXIA;Ll;0;L;03B0;;;;N;;;;;
+1FE4;GREEK SMALL LETTER RHO WITH PSILI;Ll;0;L;03C1 0313;;;;N;;;;;
+1FE5;GREEK SMALL LETTER RHO WITH DASIA;Ll;0;L;03C1 0314;;;;N;;;1FEC;;1FEC
+1FE6;GREEK SMALL LETTER UPSILON WITH PERISPOMENI;Ll;0;L;03C5 0342;;;;N;;;;;
+1FE7;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND PERISPOMENI;Ll;0;L;03CB 0342;;;;N;;;;;
+1FE8;GREEK CAPITAL LETTER UPSILON WITH VRACHY;Lu;0;L;03A5 0306;;;;N;;;;1FE0;
+1FE9;GREEK CAPITAL LETTER UPSILON WITH MACRON;Lu;0;L;03A5 0304;;;;N;;;;1FE1;
+1FEA;GREEK CAPITAL LETTER UPSILON WITH VARIA;Lu;0;L;03A5 0300;;;;N;;;;1F7A;
+1FEB;GREEK CAPITAL LETTER UPSILON WITH OXIA;Lu;0;L;038E;;;;N;;;;1F7B;
+1FEC;GREEK CAPITAL LETTER RHO WITH DASIA;Lu;0;L;03A1 0314;;;;N;;;;1FE5;
+1FED;GREEK DIALYTIKA AND VARIA;Sk;0;ON;00A8 0300;;;;N;;;;;
+1FEE;GREEK DIALYTIKA AND OXIA;Sk;0;ON;0385;;;;N;;;;;
+1FEF;GREEK VARIA;Sk;0;ON;0060;;;;N;;;;;
+1FF2;GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI;Ll;0;L;1F7C 0345;;;;N;;;;;
+1FF3;GREEK SMALL LETTER OMEGA WITH YPOGEGRAMMENI;Ll;0;L;03C9 0345;;;;N;;;1FFC;;1FFC
+1FF4;GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI;Ll;0;L;03CE 0345;;;;N;;;;;
+1FF6;GREEK SMALL LETTER OMEGA WITH PERISPOMENI;Ll;0;L;03C9 0342;;;;N;;;;;
+1FF7;GREEK SMALL LETTER OMEGA WITH PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1FF6 0345;;;;N;;;;;
+1FF8;GREEK CAPITAL LETTER OMICRON WITH VARIA;Lu;0;L;039F 0300;;;;N;;;;1F78;
+1FF9;GREEK CAPITAL LETTER OMICRON WITH OXIA;Lu;0;L;038C;;;;N;;;;1F79;
+1FFA;GREEK CAPITAL LETTER OMEGA WITH VARIA;Lu;0;L;03A9 0300;;;;N;;;;1F7C;
+1FFB;GREEK CAPITAL LETTER OMEGA WITH OXIA;Lu;0;L;038F;;;;N;;;;1F7D;
+1FFC;GREEK CAPITAL LETTER OMEGA WITH PROSGEGRAMMENI;Lt;0;L;03A9 0345;;;;N;;;;1FF3;
+1FFD;GREEK OXIA;Sk;0;ON;00B4;;;;N;;;;;
+1FFE;GREEK DASIA;Sk;0;ON;<compat> 0020 0314;;;;N;;;;;
+2000;EN QUAD;Zs;0;WS;2002;;;;N;;;;;
+2001;EM QUAD;Zs;0;WS;2003;;;;N;;;;;
+2002;EN SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+2003;EM SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+2004;THREE-PER-EM SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+2005;FOUR-PER-EM SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+2006;SIX-PER-EM SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+2007;FIGURE SPACE;Zs;0;WS;<noBreak> 0020;;;;N;;;;;
+2008;PUNCTUATION SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+2009;THIN SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+200A;HAIR SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+200B;ZERO WIDTH SPACE;Zs;0;BN;;;;;N;;;;;
+200C;ZERO WIDTH NON-JOINER;Cf;0;BN;;;;;N;;;;;
+200D;ZERO WIDTH JOINER;Cf;0;BN;;;;;N;;;;;
+200E;LEFT-TO-RIGHT MARK;Cf;0;L;;;;;N;;;;;
+200F;RIGHT-TO-LEFT MARK;Cf;0;R;;;;;N;;;;;
+2010;HYPHEN;Pd;0;ON;;;;;N;;;;;
+2011;NON-BREAKING HYPHEN;Pd;0;ON;<noBreak> 2010;;;;N;;;;;
+2012;FIGURE DASH;Pd;0;ON;;;;;N;;;;;
+2013;EN DASH;Pd;0;ON;;;;;N;;;;;
+2014;EM DASH;Pd;0;ON;;;;;N;;;;;
+2015;HORIZONTAL BAR;Pd;0;ON;;;;;N;QUOTATION DASH;;;;
+2016;DOUBLE VERTICAL LINE;Po;0;ON;;;;;N;DOUBLE VERTICAL BAR;;;;
+2017;DOUBLE LOW LINE;Po;0;ON;<compat> 0020 0333;;;;N;SPACING DOUBLE UNDERSCORE;;;;
+2018;LEFT SINGLE QUOTATION MARK;Pi;0;ON;;;;;N;SINGLE TURNED COMMA QUOTATION MARK;;;;
+2019;RIGHT SINGLE QUOTATION MARK;Pf;0;ON;;;;;N;SINGLE COMMA QUOTATION MARK;;;;
+201A;SINGLE LOW-9 QUOTATION MARK;Ps;0;ON;;;;;N;LOW SINGLE COMMA QUOTATION MARK;;;;
+201B;SINGLE HIGH-REVERSED-9 QUOTATION MARK;Pi;0;ON;;;;;N;SINGLE REVERSED COMMA QUOTATION MARK;;;;
+201C;LEFT DOUBLE QUOTATION MARK;Pi;0;ON;;;;;N;DOUBLE TURNED COMMA QUOTATION MARK;;;;
+201D;RIGHT DOUBLE QUOTATION MARK;Pf;0;ON;;;;;N;DOUBLE COMMA QUOTATION MARK;;;;
+201E;DOUBLE LOW-9 QUOTATION MARK;Ps;0;ON;;;;;N;LOW DOUBLE COMMA QUOTATION MARK;;;;
+201F;DOUBLE HIGH-REVERSED-9 QUOTATION MARK;Pi;0;ON;;;;;N;DOUBLE REVERSED COMMA QUOTATION MARK;;;;
+2020;DAGGER;Po;0;ON;;;;;N;;;;;
+2021;DOUBLE DAGGER;Po;0;ON;;;;;N;;;;;
+2022;BULLET;Po;0;ON;;;;;N;;;;;
+2023;TRIANGULAR BULLET;Po;0;ON;;;;;N;;;;;
+2024;ONE DOT LEADER;Po;0;ON;<compat> 002E;;;;N;;;;;
+2025;TWO DOT LEADER;Po;0;ON;<compat> 002E 002E;;;;N;;;;;
+2026;HORIZONTAL ELLIPSIS;Po;0;ON;<compat> 002E 002E 002E;;;;N;;;;;
+2027;HYPHENATION POINT;Po;0;ON;;;;;N;;;;;
+2028;LINE SEPARATOR;Zl;0;WS;;;;;N;;;;;
+2029;PARAGRAPH SEPARATOR;Zp;0;B;;;;;N;;;;;
+202A;LEFT-TO-RIGHT EMBEDDING;Cf;0;LRE;;;;;N;;;;;
+202B;RIGHT-TO-LEFT EMBEDDING;Cf;0;RLE;;;;;N;;;;;
+202C;POP DIRECTIONAL FORMATTING;Cf;0;PDF;;;;;N;;;;;
+202D;LEFT-TO-RIGHT OVERRIDE;Cf;0;LRO;;;;;N;;;;;
+202E;RIGHT-TO-LEFT OVERRIDE;Cf;0;RLO;;;;;N;;;;;
+202F;NARROW NO-BREAK SPACE;Zs;0;WS;<noBreak> 0020;;;;N;;;;;
+2030;PER MILLE SIGN;Po;0;ET;;;;;N;;;;;
+2031;PER TEN THOUSAND SIGN;Po;0;ET;;;;;N;;;;;
+2032;PRIME;Po;0;ET;;;;;N;;;;;
+2033;DOUBLE PRIME;Po;0;ET;<compat> 2032 2032;;;;N;;;;;
+2034;TRIPLE PRIME;Po;0;ET;<compat> 2032 2032 2032;;;;N;;;;;
+2035;REVERSED PRIME;Po;0;ON;;;;;N;;;;;
+2036;REVERSED DOUBLE PRIME;Po;0;ON;<compat> 2035 2035;;;;N;;;;;
+2037;REVERSED TRIPLE PRIME;Po;0;ON;<compat> 2035 2035 2035;;;;N;;;;;
+2038;CARET;Po;0;ON;;;;;N;;;;;
+2039;SINGLE LEFT-POINTING ANGLE QUOTATION MARK;Pi;0;ON;;;;;Y;LEFT POINTING SINGLE GUILLEMET;;;;
+203A;SINGLE RIGHT-POINTING ANGLE QUOTATION MARK;Pf;0;ON;;;;;Y;RIGHT POINTING SINGLE GUILLEMET;;;;
+203B;REFERENCE MARK;Po;0;ON;;;;;N;;;;;
+203C;DOUBLE EXCLAMATION MARK;Po;0;ON;<compat> 0021 0021;;;;N;;;;;
+203D;INTERROBANG;Po;0;ON;;;;;N;;;;;
+203E;OVERLINE;Po;0;ON;<compat> 0020 0305;;;;N;SPACING OVERSCORE;;;;
+203F;UNDERTIE;Pc;0;ON;;;;;N;;Enotikon;;;
+2040;CHARACTER TIE;Pc;0;ON;;;;;N;;;;;
+2041;CARET INSERTION POINT;Po;0;ON;;;;;N;;;;;
+2042;ASTERISM;Po;0;ON;;;;;N;;;;;
+2043;HYPHEN BULLET;Po;0;ON;;;;;N;;;;;
+2044;FRACTION SLASH;Sm;0;ON;;;;;N;;;;;
+2045;LEFT SQUARE BRACKET WITH QUILL;Ps;0;ON;;;;;Y;;;;;
+2046;RIGHT SQUARE BRACKET WITH QUILL;Pe;0;ON;;;;;Y;;;;;
+2047;DOUBLE QUESTION MARK;Po;0;ON;<compat> 003F 003F;;;;N;;;;;
+2048;QUESTION EXCLAMATION MARK;Po;0;ON;<compat> 003F 0021;;;;N;;;;;
+2049;EXCLAMATION QUESTION MARK;Po;0;ON;<compat> 0021 003F;;;;N;;;;;
+204A;TIRONIAN SIGN ET;Po;0;ON;;;;;N;;;;;
+204B;REVERSED PILCROW SIGN;Po;0;ON;;;;;N;;;;;
+204C;BLACK LEFTWARDS BULLET;Po;0;ON;;;;;N;;;;;
+204D;BLACK RIGHTWARDS BULLET;Po;0;ON;;;;;N;;;;;
+204E;LOW ASTERISK;Po;0;ON;;;;;N;;;;;
+204F;REVERSED SEMICOLON;Po;0;ON;;;;;N;;;;;
+2050;CLOSE UP;Po;0;ON;;;;;N;;;;;
+2051;TWO ASTERISKS ALIGNED VERTICALLY;Po;0;ON;;;;;N;;;;;
+2052;COMMERCIAL MINUS SIGN;Sm;0;ON;;;;;N;;;;;
+2057;QUADRUPLE PRIME;Po;0;ON;<compat> 2032 2032 2032 2032;;;;N;;;;;
+205F;MEDIUM MATHEMATICAL SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+2060;WORD JOINER;Cf;0;BN;;;;;N;;;;;
+2061;FUNCTION APPLICATION;Cf;0;BN;;;;;N;;;;;
+2062;INVISIBLE TIMES;Cf;0;BN;;;;;N;;;;;
+2063;INVISIBLE SEPARATOR;Cf;0;BN;;;;;N;;;;;
+206A;INHIBIT SYMMETRIC SWAPPING;Cf;0;BN;;;;;N;;;;;
+206B;ACTIVATE SYMMETRIC SWAPPING;Cf;0;BN;;;;;N;;;;;
+206C;INHIBIT ARABIC FORM SHAPING;Cf;0;BN;;;;;N;;;;;
+206D;ACTIVATE ARABIC FORM SHAPING;Cf;0;BN;;;;;N;;;;;
+206E;NATIONAL DIGIT SHAPES;Cf;0;BN;;;;;N;;;;;
+206F;NOMINAL DIGIT SHAPES;Cf;0;BN;;;;;N;;;;;
+2070;SUPERSCRIPT ZERO;No;0;EN;<super> 0030;0;0;0;N;SUPERSCRIPT DIGIT ZERO;;;;
+2071;SUPERSCRIPT LATIN SMALL LETTER I;Ll;0;L;<super> 0069;;;;N;;;;;
+2074;SUPERSCRIPT FOUR;No;0;EN;<super> 0034;4;4;4;N;SUPERSCRIPT DIGIT FOUR;;;;
+2075;SUPERSCRIPT FIVE;No;0;EN;<super> 0035;5;5;5;N;SUPERSCRIPT DIGIT FIVE;;;;
+2076;SUPERSCRIPT SIX;No;0;EN;<super> 0036;6;6;6;N;SUPERSCRIPT DIGIT SIX;;;;
+2077;SUPERSCRIPT SEVEN;No;0;EN;<super> 0037;7;7;7;N;SUPERSCRIPT DIGIT SEVEN;;;;
+2078;SUPERSCRIPT EIGHT;No;0;EN;<super> 0038;8;8;8;N;SUPERSCRIPT DIGIT EIGHT;;;;
+2079;SUPERSCRIPT NINE;No;0;EN;<super> 0039;9;9;9;N;SUPERSCRIPT DIGIT NINE;;;;
+207A;SUPERSCRIPT PLUS SIGN;Sm;0;ET;<super> 002B;;;;N;;;;;
+207B;SUPERSCRIPT MINUS;Sm;0;ET;<super> 2212;;;;N;SUPERSCRIPT HYPHEN-MINUS;;;;
+207C;SUPERSCRIPT EQUALS SIGN;Sm;0;ON;<super> 003D;;;;N;;;;;
+207D;SUPERSCRIPT LEFT PARENTHESIS;Ps;0;ON;<super> 0028;;;;Y;SUPERSCRIPT OPENING PARENTHESIS;;;;
+207E;SUPERSCRIPT RIGHT PARENTHESIS;Pe;0;ON;<super> 0029;;;;Y;SUPERSCRIPT CLOSING PARENTHESIS;;;;
+207F;SUPERSCRIPT LATIN SMALL LETTER N;Ll;0;L;<super> 006E;;;;N;;;;;
+2080;SUBSCRIPT ZERO;No;0;EN;<sub> 0030;0;0;0;N;SUBSCRIPT DIGIT ZERO;;;;
+2081;SUBSCRIPT ONE;No;0;EN;<sub> 0031;1;1;1;N;SUBSCRIPT DIGIT ONE;;;;
+2082;SUBSCRIPT TWO;No;0;EN;<sub> 0032;2;2;2;N;SUBSCRIPT DIGIT TWO;;;;
+2083;SUBSCRIPT THREE;No;0;EN;<sub> 0033;3;3;3;N;SUBSCRIPT DIGIT THREE;;;;
+2084;SUBSCRIPT FOUR;No;0;EN;<sub> 0034;4;4;4;N;SUBSCRIPT DIGIT FOUR;;;;
+2085;SUBSCRIPT FIVE;No;0;EN;<sub> 0035;5;5;5;N;SUBSCRIPT DIGIT FIVE;;;;
+2086;SUBSCRIPT SIX;No;0;EN;<sub> 0036;6;6;6;N;SUBSCRIPT DIGIT SIX;;;;
+2087;SUBSCRIPT SEVEN;No;0;EN;<sub> 0037;7;7;7;N;SUBSCRIPT DIGIT SEVEN;;;;
+2088;SUBSCRIPT EIGHT;No;0;EN;<sub> 0038;8;8;8;N;SUBSCRIPT DIGIT EIGHT;;;;
+2089;SUBSCRIPT NINE;No;0;EN;<sub> 0039;9;9;9;N;SUBSCRIPT DIGIT NINE;;;;
+208A;SUBSCRIPT PLUS SIGN;Sm;0;ET;<sub> 002B;;;;N;;;;;
+208B;SUBSCRIPT MINUS;Sm;0;ET;<sub> 2212;;;;N;SUBSCRIPT HYPHEN-MINUS;;;;
+208C;SUBSCRIPT EQUALS SIGN;Sm;0;ON;<sub> 003D;;;;N;;;;;
+208D;SUBSCRIPT LEFT PARENTHESIS;Ps;0;ON;<sub> 0028;;;;Y;SUBSCRIPT OPENING PARENTHESIS;;;;
+208E;SUBSCRIPT RIGHT PARENTHESIS;Pe;0;ON;<sub> 0029;;;;Y;SUBSCRIPT CLOSING PARENTHESIS;;;;
+20A0;EURO-CURRENCY SIGN;Sc;0;ET;;;;;N;;;;;
+20A1;COLON SIGN;Sc;0;ET;;;;;N;;;;;
+20A2;CRUZEIRO SIGN;Sc;0;ET;;;;;N;;;;;
+20A3;FRENCH FRANC SIGN;Sc;0;ET;;;;;N;;;;;
+20A4;LIRA SIGN;Sc;0;ET;;;;;N;;;;;
+20A5;MILL SIGN;Sc;0;ET;;;;;N;;;;;
+20A6;NAIRA SIGN;Sc;0;ET;;;;;N;;;;;
+20A7;PESETA SIGN;Sc;0;ET;;;;;N;;;;;
+20A8;RUPEE SIGN;Sc;0;ET;<compat> 0052 0073;;;;N;;;;;
+20A9;WON SIGN;Sc;0;ET;;;;;N;;;;;
+20AA;NEW SHEQEL SIGN;Sc;0;ET;;;;;N;;;;;
+20AB;DONG SIGN;Sc;0;ET;;;;;N;;;;;
+20AC;EURO SIGN;Sc;0;ET;;;;;N;;;;;
+20AD;KIP SIGN;Sc;0;ET;;;;;N;;;;;
+20AE;TUGRIK SIGN;Sc;0;ET;;;;;N;;;;;
+20AF;DRACHMA SIGN;Sc;0;ET;;;;;N;;;;;
+20B0;GERMAN PENNY SIGN;Sc;0;ET;;;;;N;;;;;
+20B1;PESO SIGN;Sc;0;ET;;;;;N;;;;;
+20D0;COMBINING LEFT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT HARPOON ABOVE;;;;
+20D1;COMBINING RIGHT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RIGHT HARPOON ABOVE;;;;
+20D2;COMBINING LONG VERTICAL LINE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG VERTICAL BAR OVERLAY;;;;
+20D3;COMBINING SHORT VERTICAL LINE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING SHORT VERTICAL BAR OVERLAY;;;;
+20D4;COMBINING ANTICLOCKWISE ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING ANTICLOCKWISE ARROW ABOVE;;;;
+20D5;COMBINING CLOCKWISE ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING CLOCKWISE ARROW ABOVE;;;;
+20D6;COMBINING LEFT ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT ARROW ABOVE;;;;
+20D7;COMBINING RIGHT ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RIGHT ARROW ABOVE;;;;
+20D8;COMBINING RING OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING RING OVERLAY;;;;
+20D9;COMBINING CLOCKWISE RING OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING CLOCKWISE RING OVERLAY;;;;
+20DA;COMBINING ANTICLOCKWISE RING OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING ANTICLOCKWISE RING OVERLAY;;;;
+20DB;COMBINING THREE DOTS ABOVE;Mn;230;NSM;;;;;N;NON-SPACING THREE DOTS ABOVE;;;;
+20DC;COMBINING FOUR DOTS ABOVE;Mn;230;NSM;;;;;N;NON-SPACING FOUR DOTS ABOVE;;;;
+20DD;COMBINING ENCLOSING CIRCLE;Me;0;NSM;;;;;N;ENCLOSING CIRCLE;;;;
+20DE;COMBINING ENCLOSING SQUARE;Me;0;NSM;;;;;N;ENCLOSING SQUARE;;;;
+20DF;COMBINING ENCLOSING DIAMOND;Me;0;NSM;;;;;N;ENCLOSING DIAMOND;;;;
+20E0;COMBINING ENCLOSING CIRCLE BACKSLASH;Me;0;NSM;;;;;N;ENCLOSING CIRCLE SLASH;;;;
+20E1;COMBINING LEFT RIGHT ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT RIGHT ARROW ABOVE;;;;
+20E2;COMBINING ENCLOSING SCREEN;Me;0;NSM;;;;;N;;;;;
+20E3;COMBINING ENCLOSING KEYCAP;Me;0;NSM;;;;;N;;;;;
+20E4;COMBINING ENCLOSING UPWARD POINTING TRIANGLE;Me;0;NSM;;;;;N;;;;;
+20E5;COMBINING REVERSE SOLIDUS OVERLAY;Mn;1;NSM;;;;;N;;;;;
+20E6;COMBINING DOUBLE VERTICAL STROKE OVERLAY;Mn;1;NSM;;;;;N;;;;;
+20E7;COMBINING ANNUITY SYMBOL;Mn;230;NSM;;;;;N;;;;;
+20E8;COMBINING TRIPLE UNDERDOT;Mn;220;NSM;;;;;N;;;;;
+20E9;COMBINING WIDE BRIDGE ABOVE;Mn;230;NSM;;;;;N;;;;;
+20EA;COMBINING LEFTWARDS ARROW OVERLAY;Mn;1;NSM;;;;;N;;;;;
+2100;ACCOUNT OF;So;0;ON;<compat> 0061 002F 0063;;;;N;;;;;
+2101;ADDRESSED TO THE SUBJECT;So;0;ON;<compat> 0061 002F 0073;;;;N;;;;;
+2102;DOUBLE-STRUCK CAPITAL C;Lu;0;L;<font> 0043;;;;N;DOUBLE-STRUCK C;;;;
+2103;DEGREE CELSIUS;So;0;ON;<compat> 00B0 0043;;;;N;DEGREES CENTIGRADE;;;;
+2104;CENTRE LINE SYMBOL;So;0;ON;;;;;N;C L SYMBOL;;;;
+2105;CARE OF;So;0;ON;<compat> 0063 002F 006F;;;;N;;;;;
+2106;CADA UNA;So;0;ON;<compat> 0063 002F 0075;;;;N;;;;;
+2107;EULER CONSTANT;Lu;0;L;<compat> 0190;;;;N;EULERS;;;;
+2108;SCRUPLE;So;0;ON;;;;;N;;;;;
+2109;DEGREE FAHRENHEIT;So;0;ON;<compat> 00B0 0046;;;;N;DEGREES FAHRENHEIT;;;;
+210A;SCRIPT SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+210B;SCRIPT CAPITAL H;Lu;0;L;<font> 0048;;;;N;SCRIPT H;;;;
+210C;BLACK-LETTER CAPITAL H;Lu;0;L;<font> 0048;;;;N;BLACK-LETTER H;;;;
+210D;DOUBLE-STRUCK CAPITAL H;Lu;0;L;<font> 0048;;;;N;DOUBLE-STRUCK H;;;;
+210E;PLANCK CONSTANT;Ll;0;L;<font> 0068;;;;N;;;;;
+210F;PLANCK CONSTANT OVER TWO PI;Ll;0;L;<font> 0127;;;;N;PLANCK CONSTANT OVER 2 PI;;;;
+2110;SCRIPT CAPITAL I;Lu;0;L;<font> 0049;;;;N;SCRIPT I;;;;
+2111;BLACK-LETTER CAPITAL I;Lu;0;L;<font> 0049;;;;N;BLACK-LETTER I;;;;
+2112;SCRIPT CAPITAL L;Lu;0;L;<font> 004C;;;;N;SCRIPT L;;;;
+2113;SCRIPT SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+2114;L B BAR SYMBOL;So;0;ON;;;;;N;;;;;
+2115;DOUBLE-STRUCK CAPITAL N;Lu;0;L;<font> 004E;;;;N;DOUBLE-STRUCK N;;;;
+2116;NUMERO SIGN;So;0;ON;<compat> 004E 006F;;;;N;NUMERO;;;;
+2117;SOUND RECORDING COPYRIGHT;So;0;ON;;;;;N;;;;;
+2118;SCRIPT CAPITAL P;So;0;ON;;;;;N;SCRIPT P;;;;
+2119;DOUBLE-STRUCK CAPITAL P;Lu;0;L;<font> 0050;;;;N;DOUBLE-STRUCK P;;;;
+211A;DOUBLE-STRUCK CAPITAL Q;Lu;0;L;<font> 0051;;;;N;DOUBLE-STRUCK Q;;;;
+211B;SCRIPT CAPITAL R;Lu;0;L;<font> 0052;;;;N;SCRIPT R;;;;
+211C;BLACK-LETTER CAPITAL R;Lu;0;L;<font> 0052;;;;N;BLACK-LETTER R;;;;
+211D;DOUBLE-STRUCK CAPITAL R;Lu;0;L;<font> 0052;;;;N;DOUBLE-STRUCK R;;;;
+211E;PRESCRIPTION TAKE;So;0;ON;;;;;N;;;;;
+211F;RESPONSE;So;0;ON;;;;;N;;;;;
+2120;SERVICE MARK;So;0;ON;<super> 0053 004D;;;;N;;;;;
+2121;TELEPHONE SIGN;So;0;ON;<compat> 0054 0045 004C;;;;N;T E L SYMBOL;;;;
+2122;TRADE MARK SIGN;So;0;ON;<super> 0054 004D;;;;N;TRADEMARK;;;;
+2123;VERSICLE;So;0;ON;;;;;N;;;;;
+2124;DOUBLE-STRUCK CAPITAL Z;Lu;0;L;<font> 005A;;;;N;DOUBLE-STRUCK Z;;;;
+2125;OUNCE SIGN;So;0;ON;;;;;N;OUNCE;;;;
+2126;OHM SIGN;Lu;0;L;03A9;;;;N;OHM;;;03C9;
+2127;INVERTED OHM SIGN;So;0;ON;;;;;N;MHO;;;;
+2128;BLACK-LETTER CAPITAL Z;Lu;0;L;<font> 005A;;;;N;BLACK-LETTER Z;;;;
+2129;TURNED GREEK SMALL LETTER IOTA;So;0;ON;;;;;N;;;;;
+212A;KELVIN SIGN;Lu;0;L;004B;;;;N;DEGREES KELVIN;;;006B;
+212B;ANGSTROM SIGN;Lu;0;L;00C5;;;;N;ANGSTROM UNIT;;;00E5;
+212C;SCRIPT CAPITAL B;Lu;0;L;<font> 0042;;;;N;SCRIPT B;;;;
+212D;BLACK-LETTER CAPITAL C;Lu;0;L;<font> 0043;;;;N;BLACK-LETTER C;;;;
+212E;ESTIMATED SYMBOL;So;0;ET;;;;;N;;;;;
+212F;SCRIPT SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+2130;SCRIPT CAPITAL E;Lu;0;L;<font> 0045;;;;N;SCRIPT E;;;;
+2131;SCRIPT CAPITAL F;Lu;0;L;<font> 0046;;;;N;SCRIPT F;;;;
+2132;TURNED CAPITAL F;So;0;ON;;;;;N;TURNED F;;;;
+2133;SCRIPT CAPITAL M;Lu;0;L;<font> 004D;;;;N;SCRIPT M;;;;
+2134;SCRIPT SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+2135;ALEF SYMBOL;Lo;0;L;<compat> 05D0;;;;N;FIRST TRANSFINITE CARDINAL;;;;
+2136;BET SYMBOL;Lo;0;L;<compat> 05D1;;;;N;SECOND TRANSFINITE CARDINAL;;;;
+2137;GIMEL SYMBOL;Lo;0;L;<compat> 05D2;;;;N;THIRD TRANSFINITE CARDINAL;;;;
+2138;DALET SYMBOL;Lo;0;L;<compat> 05D3;;;;N;FOURTH TRANSFINITE CARDINAL;;;;
+2139;INFORMATION SOURCE;Ll;0;L;<font> 0069;;;;N;;;;;
+213A;ROTATED CAPITAL Q;So;0;ON;;;;;N;;;;;
+213D;DOUBLE-STRUCK SMALL GAMMA;Ll;0;L;<font> 03B3;;;;N;;;;;
+213E;DOUBLE-STRUCK CAPITAL GAMMA;Lu;0;L;<font> 0393;;;;N;;;;;
+213F;DOUBLE-STRUCK CAPITAL PI;Lu;0;L;<font> 03A0;;;;N;;;;;
+2140;DOUBLE-STRUCK N-ARY SUMMATION;Sm;0;ON;<font> 2211;;;;Y;;;;;
+2141;TURNED SANS-SERIF CAPITAL G;Sm;0;ON;;;;;N;;;;;
+2142;TURNED SANS-SERIF CAPITAL L;Sm;0;ON;;;;;N;;;;;
+2143;REVERSED SANS-SERIF CAPITAL L;Sm;0;ON;;;;;N;;;;;
+2144;TURNED SANS-SERIF CAPITAL Y;Sm;0;ON;;;;;N;;;;;
+2145;DOUBLE-STRUCK ITALIC CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+2146;DOUBLE-STRUCK ITALIC SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+2147;DOUBLE-STRUCK ITALIC SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+2148;DOUBLE-STRUCK ITALIC SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+2149;DOUBLE-STRUCK ITALIC SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+214A;PROPERTY LINE;So;0;ON;;;;;N;;;;;
+214B;TURNED AMPERSAND;Sm;0;ON;;;;;N;;;;;
+2153;VULGAR FRACTION ONE THIRD;No;0;ON;<fraction> 0031 2044 0033;;;1/3;N;FRACTION ONE THIRD;;;;
+2154;VULGAR FRACTION TWO THIRDS;No;0;ON;<fraction> 0032 2044 0033;;;2/3;N;FRACTION TWO THIRDS;;;;
+2155;VULGAR FRACTION ONE FIFTH;No;0;ON;<fraction> 0031 2044 0035;;;1/5;N;FRACTION ONE FIFTH;;;;
+2156;VULGAR FRACTION TWO FIFTHS;No;0;ON;<fraction> 0032 2044 0035;;;2/5;N;FRACTION TWO FIFTHS;;;;
+2157;VULGAR FRACTION THREE FIFTHS;No;0;ON;<fraction> 0033 2044 0035;;;3/5;N;FRACTION THREE FIFTHS;;;;
+2158;VULGAR FRACTION FOUR FIFTHS;No;0;ON;<fraction> 0034 2044 0035;;;4/5;N;FRACTION FOUR FIFTHS;;;;
+2159;VULGAR FRACTION ONE SIXTH;No;0;ON;<fraction> 0031 2044 0036;;;1/6;N;FRACTION ONE SIXTH;;;;
+215A;VULGAR FRACTION FIVE SIXTHS;No;0;ON;<fraction> 0035 2044 0036;;;5/6;N;FRACTION FIVE SIXTHS;;;;
+215B;VULGAR FRACTION ONE EIGHTH;No;0;ON;<fraction> 0031 2044 0038;;;1/8;N;FRACTION ONE EIGHTH;;;;
+215C;VULGAR FRACTION THREE EIGHTHS;No;0;ON;<fraction> 0033 2044 0038;;;3/8;N;FRACTION THREE EIGHTHS;;;;
+215D;VULGAR FRACTION FIVE EIGHTHS;No;0;ON;<fraction> 0035 2044 0038;;;5/8;N;FRACTION FIVE EIGHTHS;;;;
+215E;VULGAR FRACTION SEVEN EIGHTHS;No;0;ON;<fraction> 0037 2044 0038;;;7/8;N;FRACTION SEVEN EIGHTHS;;;;
+215F;FRACTION NUMERATOR ONE;No;0;ON;<fraction> 0031 2044;;;1;N;;;;;
+2160;ROMAN NUMERAL ONE;Nl;0;L;<compat> 0049;;;1;N;;;;2170;
+2161;ROMAN NUMERAL TWO;Nl;0;L;<compat> 0049 0049;;;2;N;;;;2171;
+2162;ROMAN NUMERAL THREE;Nl;0;L;<compat> 0049 0049 0049;;;3;N;;;;2172;
+2163;ROMAN NUMERAL FOUR;Nl;0;L;<compat> 0049 0056;;;4;N;;;;2173;
+2164;ROMAN NUMERAL FIVE;Nl;0;L;<compat> 0056;;;5;N;;;;2174;
+2165;ROMAN NUMERAL SIX;Nl;0;L;<compat> 0056 0049;;;6;N;;;;2175;
+2166;ROMAN NUMERAL SEVEN;Nl;0;L;<compat> 0056 0049 0049;;;7;N;;;;2176;
+2167;ROMAN NUMERAL EIGHT;Nl;0;L;<compat> 0056 0049 0049 0049;;;8;N;;;;2177;
+2168;ROMAN NUMERAL NINE;Nl;0;L;<compat> 0049 0058;;;9;N;;;;2178;
+2169;ROMAN NUMERAL TEN;Nl;0;L;<compat> 0058;;;10;N;;;;2179;
+216A;ROMAN NUMERAL ELEVEN;Nl;0;L;<compat> 0058 0049;;;11;N;;;;217A;
+216B;ROMAN NUMERAL TWELVE;Nl;0;L;<compat> 0058 0049 0049;;;12;N;;;;217B;
+216C;ROMAN NUMERAL FIFTY;Nl;0;L;<compat> 004C;;;50;N;;;;217C;
+216D;ROMAN NUMERAL ONE HUNDRED;Nl;0;L;<compat> 0043;;;100;N;;;;217D;
+216E;ROMAN NUMERAL FIVE HUNDRED;Nl;0;L;<compat> 0044;;;500;N;;;;217E;
+216F;ROMAN NUMERAL ONE THOUSAND;Nl;0;L;<compat> 004D;;;1000;N;;;;217F;
+2170;SMALL ROMAN NUMERAL ONE;Nl;0;L;<compat> 0069;;;1;N;;;2160;;2160
+2171;SMALL ROMAN NUMERAL TWO;Nl;0;L;<compat> 0069 0069;;;2;N;;;2161;;2161
+2172;SMALL ROMAN NUMERAL THREE;Nl;0;L;<compat> 0069 0069 0069;;;3;N;;;2162;;2162
+2173;SMALL ROMAN NUMERAL FOUR;Nl;0;L;<compat> 0069 0076;;;4;N;;;2163;;2163
+2174;SMALL ROMAN NUMERAL FIVE;Nl;0;L;<compat> 0076;;;5;N;;;2164;;2164
+2175;SMALL ROMAN NUMERAL SIX;Nl;0;L;<compat> 0076 0069;;;6;N;;;2165;;2165
+2176;SMALL ROMAN NUMERAL SEVEN;Nl;0;L;<compat> 0076 0069 0069;;;7;N;;;2166;;2166
+2177;SMALL ROMAN NUMERAL EIGHT;Nl;0;L;<compat> 0076 0069 0069 0069;;;8;N;;;2167;;2167
+2178;SMALL ROMAN NUMERAL NINE;Nl;0;L;<compat> 0069 0078;;;9;N;;;2168;;2168
+2179;SMALL ROMAN NUMERAL TEN;Nl;0;L;<compat> 0078;;;10;N;;;2169;;2169
+217A;SMALL ROMAN NUMERAL ELEVEN;Nl;0;L;<compat> 0078 0069;;;11;N;;;216A;;216A
+217B;SMALL ROMAN NUMERAL TWELVE;Nl;0;L;<compat> 0078 0069 0069;;;12;N;;;216B;;216B
+217C;SMALL ROMAN NUMERAL FIFTY;Nl;0;L;<compat> 006C;;;50;N;;;216C;;216C
+217D;SMALL ROMAN NUMERAL ONE HUNDRED;Nl;0;L;<compat> 0063;;;100;N;;;216D;;216D
+217E;SMALL ROMAN NUMERAL FIVE HUNDRED;Nl;0;L;<compat> 0064;;;500;N;;;216E;;216E
+217F;SMALL ROMAN NUMERAL ONE THOUSAND;Nl;0;L;<compat> 006D;;;1000;N;;;216F;;216F
+2180;ROMAN NUMERAL ONE THOUSAND C D;Nl;0;L;;;;1000;N;;;;;
+2181;ROMAN NUMERAL FIVE THOUSAND;Nl;0;L;;;;5000;N;;;;;
+2182;ROMAN NUMERAL TEN THOUSAND;Nl;0;L;;;;10000;N;;;;;
+2183;ROMAN NUMERAL REVERSED ONE HUNDRED;Nl;0;L;;;;;N;;;;;
+2190;LEFTWARDS ARROW;Sm;0;ON;;;;;N;LEFT ARROW;;;;
+2191;UPWARDS ARROW;Sm;0;ON;;;;;N;UP ARROW;;;;
+2192;RIGHTWARDS ARROW;Sm;0;ON;;;;;N;RIGHT ARROW;;;;
+2193;DOWNWARDS ARROW;Sm;0;ON;;;;;N;DOWN ARROW;;;;
+2194;LEFT RIGHT ARROW;Sm;0;ON;;;;;N;;;;;
+2195;UP DOWN ARROW;So;0;ON;;;;;N;;;;;
+2196;NORTH WEST ARROW;So;0;ON;;;;;N;UPPER LEFT ARROW;;;;
+2197;NORTH EAST ARROW;So;0;ON;;;;;N;UPPER RIGHT ARROW;;;;
+2198;SOUTH EAST ARROW;So;0;ON;;;;;N;LOWER RIGHT ARROW;;;;
+2199;SOUTH WEST ARROW;So;0;ON;;;;;N;LOWER LEFT ARROW;;;;
+219A;LEFTWARDS ARROW WITH STROKE;Sm;0;ON;2190 0338;;;;N;LEFT ARROW WITH STROKE;;;;
+219B;RIGHTWARDS ARROW WITH STROKE;Sm;0;ON;2192 0338;;;;N;RIGHT ARROW WITH STROKE;;;;
+219C;LEFTWARDS WAVE ARROW;So;0;ON;;;;;N;LEFT WAVE ARROW;;;;
+219D;RIGHTWARDS WAVE ARROW;So;0;ON;;;;;N;RIGHT WAVE ARROW;;;;
+219E;LEFTWARDS TWO HEADED ARROW;So;0;ON;;;;;N;LEFT TWO HEADED ARROW;;;;
+219F;UPWARDS TWO HEADED ARROW;So;0;ON;;;;;N;UP TWO HEADED ARROW;;;;
+21A0;RIGHTWARDS TWO HEADED ARROW;Sm;0;ON;;;;;N;RIGHT TWO HEADED ARROW;;;;
+21A1;DOWNWARDS TWO HEADED ARROW;So;0;ON;;;;;N;DOWN TWO HEADED ARROW;;;;
+21A2;LEFTWARDS ARROW WITH TAIL;So;0;ON;;;;;N;LEFT ARROW WITH TAIL;;;;
+21A3;RIGHTWARDS ARROW WITH TAIL;Sm;0;ON;;;;;N;RIGHT ARROW WITH TAIL;;;;
+21A4;LEFTWARDS ARROW FROM BAR;So;0;ON;;;;;N;LEFT ARROW FROM BAR;;;;
+21A5;UPWARDS ARROW FROM BAR;So;0;ON;;;;;N;UP ARROW FROM BAR;;;;
+21A6;RIGHTWARDS ARROW FROM BAR;Sm;0;ON;;;;;N;RIGHT ARROW FROM BAR;;;;
+21A7;DOWNWARDS ARROW FROM BAR;So;0;ON;;;;;N;DOWN ARROW FROM BAR;;;;
+21A8;UP DOWN ARROW WITH BASE;So;0;ON;;;;;N;;;;;
+21A9;LEFTWARDS ARROW WITH HOOK;So;0;ON;;;;;N;LEFT ARROW WITH HOOK;;;;
+21AA;RIGHTWARDS ARROW WITH HOOK;So;0;ON;;;;;N;RIGHT ARROW WITH HOOK;;;;
+21AB;LEFTWARDS ARROW WITH LOOP;So;0;ON;;;;;N;LEFT ARROW WITH LOOP;;;;
+21AC;RIGHTWARDS ARROW WITH LOOP;So;0;ON;;;;;N;RIGHT ARROW WITH LOOP;;;;
+21AD;LEFT RIGHT WAVE ARROW;So;0;ON;;;;;N;;;;;
+21AE;LEFT RIGHT ARROW WITH STROKE;Sm;0;ON;2194 0338;;;;N;;;;;
+21AF;DOWNWARDS ZIGZAG ARROW;So;0;ON;;;;;N;DOWN ZIGZAG ARROW;;;;
+21B0;UPWARDS ARROW WITH TIP LEFTWARDS;So;0;ON;;;;;N;UP ARROW WITH TIP LEFT;;;;
+21B1;UPWARDS ARROW WITH TIP RIGHTWARDS;So;0;ON;;;;;N;UP ARROW WITH TIP RIGHT;;;;
+21B2;DOWNWARDS ARROW WITH TIP LEFTWARDS;So;0;ON;;;;;N;DOWN ARROW WITH TIP LEFT;;;;
+21B3;DOWNWARDS ARROW WITH TIP RIGHTWARDS;So;0;ON;;;;;N;DOWN ARROW WITH TIP RIGHT;;;;
+21B4;RIGHTWARDS ARROW WITH CORNER DOWNWARDS;So;0;ON;;;;;N;RIGHT ARROW WITH CORNER DOWN;;;;
+21B5;DOWNWARDS ARROW WITH CORNER LEFTWARDS;So;0;ON;;;;;N;DOWN ARROW WITH CORNER LEFT;;;;
+21B6;ANTICLOCKWISE TOP SEMICIRCLE ARROW;So;0;ON;;;;;N;;;;;
+21B7;CLOCKWISE TOP SEMICIRCLE ARROW;So;0;ON;;;;;N;;;;;
+21B8;NORTH WEST ARROW TO LONG BAR;So;0;ON;;;;;N;UPPER LEFT ARROW TO LONG BAR;;;;
+21B9;LEFTWARDS ARROW TO BAR OVER RIGHTWARDS ARROW TO BAR;So;0;ON;;;;;N;LEFT ARROW TO BAR OVER RIGHT ARROW TO BAR;;;;
+21BA;ANTICLOCKWISE OPEN CIRCLE ARROW;So;0;ON;;;;;N;;;;;
+21BB;CLOCKWISE OPEN CIRCLE ARROW;So;0;ON;;;;;N;;;;;
+21BC;LEFTWARDS HARPOON WITH BARB UPWARDS;So;0;ON;;;;;N;LEFT HARPOON WITH BARB UP;;;;
+21BD;LEFTWARDS HARPOON WITH BARB DOWNWARDS;So;0;ON;;;;;N;LEFT HARPOON WITH BARB DOWN;;;;
+21BE;UPWARDS HARPOON WITH BARB RIGHTWARDS;So;0;ON;;;;;N;UP HARPOON WITH BARB RIGHT;;;;
+21BF;UPWARDS HARPOON WITH BARB LEFTWARDS;So;0;ON;;;;;N;UP HARPOON WITH BARB LEFT;;;;
+21C0;RIGHTWARDS HARPOON WITH BARB UPWARDS;So;0;ON;;;;;N;RIGHT HARPOON WITH BARB UP;;;;
+21C1;RIGHTWARDS HARPOON WITH BARB DOWNWARDS;So;0;ON;;;;;N;RIGHT HARPOON WITH BARB DOWN;;;;
+21C2;DOWNWARDS HARPOON WITH BARB RIGHTWARDS;So;0;ON;;;;;N;DOWN HARPOON WITH BARB RIGHT;;;;
+21C3;DOWNWARDS HARPOON WITH BARB LEFTWARDS;So;0;ON;;;;;N;DOWN HARPOON WITH BARB LEFT;;;;
+21C4;RIGHTWARDS ARROW OVER LEFTWARDS ARROW;So;0;ON;;;;;N;RIGHT ARROW OVER LEFT ARROW;;;;
+21C5;UPWARDS ARROW LEFTWARDS OF DOWNWARDS ARROW;So;0;ON;;;;;N;UP ARROW LEFT OF DOWN ARROW;;;;
+21C6;LEFTWARDS ARROW OVER RIGHTWARDS ARROW;So;0;ON;;;;;N;LEFT ARROW OVER RIGHT ARROW;;;;
+21C7;LEFTWARDS PAIRED ARROWS;So;0;ON;;;;;N;LEFT PAIRED ARROWS;;;;
+21C8;UPWARDS PAIRED ARROWS;So;0;ON;;;;;N;UP PAIRED ARROWS;;;;
+21C9;RIGHTWARDS PAIRED ARROWS;So;0;ON;;;;;N;RIGHT PAIRED ARROWS;;;;
+21CA;DOWNWARDS PAIRED ARROWS;So;0;ON;;;;;N;DOWN PAIRED ARROWS;;;;
+21CB;LEFTWARDS HARPOON OVER RIGHTWARDS HARPOON;So;0;ON;;;;;N;LEFT HARPOON OVER RIGHT HARPOON;;;;
+21CC;RIGHTWARDS HARPOON OVER LEFTWARDS HARPOON;So;0;ON;;;;;N;RIGHT HARPOON OVER LEFT HARPOON;;;;
+21CD;LEFTWARDS DOUBLE ARROW WITH STROKE;So;0;ON;21D0 0338;;;;N;LEFT DOUBLE ARROW WITH STROKE;;;;
+21CE;LEFT RIGHT DOUBLE ARROW WITH STROKE;Sm;0;ON;21D4 0338;;;;N;;;;;
+21CF;RIGHTWARDS DOUBLE ARROW WITH STROKE;Sm;0;ON;21D2 0338;;;;N;RIGHT DOUBLE ARROW WITH STROKE;;;;
+21D0;LEFTWARDS DOUBLE ARROW;So;0;ON;;;;;N;LEFT DOUBLE ARROW;;;;
+21D1;UPWARDS DOUBLE ARROW;So;0;ON;;;;;N;UP DOUBLE ARROW;;;;
+21D2;RIGHTWARDS DOUBLE ARROW;Sm;0;ON;;;;;N;RIGHT DOUBLE ARROW;;;;
+21D3;DOWNWARDS DOUBLE ARROW;So;0;ON;;;;;N;DOWN DOUBLE ARROW;;;;
+21D4;LEFT RIGHT DOUBLE ARROW;Sm;0;ON;;;;;N;;;;;
+21D5;UP DOWN DOUBLE ARROW;So;0;ON;;;;;N;;;;;
+21D6;NORTH WEST DOUBLE ARROW;So;0;ON;;;;;N;UPPER LEFT DOUBLE ARROW;;;;
+21D7;NORTH EAST DOUBLE ARROW;So;0;ON;;;;;N;UPPER RIGHT DOUBLE ARROW;;;;
+21D8;SOUTH EAST DOUBLE ARROW;So;0;ON;;;;;N;LOWER RIGHT DOUBLE ARROW;;;;
+21D9;SOUTH WEST DOUBLE ARROW;So;0;ON;;;;;N;LOWER LEFT DOUBLE ARROW;;;;
+21DA;LEFTWARDS TRIPLE ARROW;So;0;ON;;;;;N;LEFT TRIPLE ARROW;;;;
+21DB;RIGHTWARDS TRIPLE ARROW;So;0;ON;;;;;N;RIGHT TRIPLE ARROW;;;;
+21DC;LEFTWARDS SQUIGGLE ARROW;So;0;ON;;;;;N;LEFT SQUIGGLE ARROW;;;;
+21DD;RIGHTWARDS SQUIGGLE ARROW;So;0;ON;;;;;N;RIGHT SQUIGGLE ARROW;;;;
+21DE;UPWARDS ARROW WITH DOUBLE STROKE;So;0;ON;;;;;N;UP ARROW WITH DOUBLE STROKE;;;;
+21DF;DOWNWARDS ARROW WITH DOUBLE STROKE;So;0;ON;;;;;N;DOWN ARROW WITH DOUBLE STROKE;;;;
+21E0;LEFTWARDS DASHED ARROW;So;0;ON;;;;;N;LEFT DASHED ARROW;;;;
+21E1;UPWARDS DASHED ARROW;So;0;ON;;;;;N;UP DASHED ARROW;;;;
+21E2;RIGHTWARDS DASHED ARROW;So;0;ON;;;;;N;RIGHT DASHED ARROW;;;;
+21E3;DOWNWARDS DASHED ARROW;So;0;ON;;;;;N;DOWN DASHED ARROW;;;;
+21E4;LEFTWARDS ARROW TO BAR;So;0;ON;;;;;N;LEFT ARROW TO BAR;;;;
+21E5;RIGHTWARDS ARROW TO BAR;So;0;ON;;;;;N;RIGHT ARROW TO BAR;;;;
+21E6;LEFTWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE LEFT ARROW;;;;
+21E7;UPWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE UP ARROW;;;;
+21E8;RIGHTWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE RIGHT ARROW;;;;
+21E9;DOWNWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE DOWN ARROW;;;;
+21EA;UPWARDS WHITE ARROW FROM BAR;So;0;ON;;;;;N;WHITE UP ARROW FROM BAR;;;;
+21EB;UPWARDS WHITE ARROW ON PEDESTAL;So;0;ON;;;;;N;;;;;
+21EC;UPWARDS WHITE ARROW ON PEDESTAL WITH HORIZONTAL BAR;So;0;ON;;;;;N;;;;;
+21ED;UPWARDS WHITE ARROW ON PEDESTAL WITH VERTICAL BAR;So;0;ON;;;;;N;;;;;
+21EE;UPWARDS WHITE DOUBLE ARROW;So;0;ON;;;;;N;;;;;
+21EF;UPWARDS WHITE DOUBLE ARROW ON PEDESTAL;So;0;ON;;;;;N;;;;;
+21F0;RIGHTWARDS WHITE ARROW FROM WALL;So;0;ON;;;;;N;;;;;
+21F1;NORTH WEST ARROW TO CORNER;So;0;ON;;;;;N;;;;;
+21F2;SOUTH EAST ARROW TO CORNER;So;0;ON;;;;;N;;;;;
+21F3;UP DOWN WHITE ARROW;So;0;ON;;;;;N;;;;;
+21F4;RIGHT ARROW WITH SMALL CIRCLE;Sm;0;ON;;;;;N;;;;;
+21F5;DOWNWARDS ARROW LEFTWARDS OF UPWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+21F6;THREE RIGHTWARDS ARROWS;Sm;0;ON;;;;;N;;;;;
+21F7;LEFTWARDS ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+21F8;RIGHTWARDS ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+21F9;LEFT RIGHT ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+21FA;LEFTWARDS ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+21FB;RIGHTWARDS ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+21FC;LEFT RIGHT ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+21FD;LEFTWARDS OPEN-HEADED ARROW;Sm;0;ON;;;;;N;;;;;
+21FE;RIGHTWARDS OPEN-HEADED ARROW;Sm;0;ON;;;;;N;;;;;
+21FF;LEFT RIGHT OPEN-HEADED ARROW;Sm;0;ON;;;;;N;;;;;
+2200;FOR ALL;Sm;0;ON;;;;;N;;;;;
+2201;COMPLEMENT;Sm;0;ON;;;;;Y;;;;;
+2202;PARTIAL DIFFERENTIAL;Sm;0;ON;;;;;Y;;;;;
+2203;THERE EXISTS;Sm;0;ON;;;;;Y;;;;;
+2204;THERE DOES NOT EXIST;Sm;0;ON;2203 0338;;;;Y;;;;;
+2205;EMPTY SET;Sm;0;ON;;;;;N;;;;;
+2206;INCREMENT;Sm;0;ON;;;;;N;;;;;
+2207;NABLA;Sm;0;ON;;;;;N;;;;;
+2208;ELEMENT OF;Sm;0;ON;;;;;Y;;;;;
+2209;NOT AN ELEMENT OF;Sm;0;ON;2208 0338;;;;Y;;;;;
+220A;SMALL ELEMENT OF;Sm;0;ON;;;;;Y;;;;;
+220B;CONTAINS AS MEMBER;Sm;0;ON;;;;;Y;;;;;
+220C;DOES NOT CONTAIN AS MEMBER;Sm;0;ON;220B 0338;;;;Y;;;;;
+220D;SMALL CONTAINS AS MEMBER;Sm;0;ON;;;;;Y;;;;;
+220E;END OF PROOF;Sm;0;ON;;;;;N;;;;;
+220F;N-ARY PRODUCT;Sm;0;ON;;;;;N;;;;;
+2210;N-ARY COPRODUCT;Sm;0;ON;;;;;N;;;;;
+2211;N-ARY SUMMATION;Sm;0;ON;;;;;Y;;;;;
+2212;MINUS SIGN;Sm;0;ET;;;;;N;;;;;
+2213;MINUS-OR-PLUS SIGN;Sm;0;ET;;;;;N;;;;;
+2214;DOT PLUS;Sm;0;ON;;;;;N;;;;;
+2215;DIVISION SLASH;Sm;0;ON;;;;;Y;;;;;
+2216;SET MINUS;Sm;0;ON;;;;;Y;;;;;
+2217;ASTERISK OPERATOR;Sm;0;ON;;;;;N;;;;;
+2218;RING OPERATOR;Sm;0;ON;;;;;N;;;;;
+2219;BULLET OPERATOR;Sm;0;ON;;;;;N;;;;;
+221A;SQUARE ROOT;Sm;0;ON;;;;;Y;;;;;
+221B;CUBE ROOT;Sm;0;ON;;;;;Y;;;;;
+221C;FOURTH ROOT;Sm;0;ON;;;;;Y;;;;;
+221D;PROPORTIONAL TO;Sm;0;ON;;;;;Y;;;;;
+221E;INFINITY;Sm;0;ON;;;;;N;;;;;
+221F;RIGHT ANGLE;Sm;0;ON;;;;;Y;;;;;
+2220;ANGLE;Sm;0;ON;;;;;Y;;;;;
+2221;MEASURED ANGLE;Sm;0;ON;;;;;Y;;;;;
+2222;SPHERICAL ANGLE;Sm;0;ON;;;;;Y;;;;;
+2223;DIVIDES;Sm;0;ON;;;;;N;;;;;
+2224;DOES NOT DIVIDE;Sm;0;ON;2223 0338;;;;Y;;;;;
+2225;PARALLEL TO;Sm;0;ON;;;;;N;;;;;
+2226;NOT PARALLEL TO;Sm;0;ON;2225 0338;;;;Y;;;;;
+2227;LOGICAL AND;Sm;0;ON;;;;;N;;;;;
+2228;LOGICAL OR;Sm;0;ON;;;;;N;;;;;
+2229;INTERSECTION;Sm;0;ON;;;;;N;;;;;
+222A;UNION;Sm;0;ON;;;;;N;;;;;
+222B;INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+222C;DOUBLE INTEGRAL;Sm;0;ON;<compat> 222B 222B;;;;Y;;;;;
+222D;TRIPLE INTEGRAL;Sm;0;ON;<compat> 222B 222B 222B;;;;Y;;;;;
+222E;CONTOUR INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+222F;SURFACE INTEGRAL;Sm;0;ON;<compat> 222E 222E;;;;Y;;;;;
+2230;VOLUME INTEGRAL;Sm;0;ON;<compat> 222E 222E 222E;;;;Y;;;;;
+2231;CLOCKWISE INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+2232;CLOCKWISE CONTOUR INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+2233;ANTICLOCKWISE CONTOUR INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+2234;THEREFORE;Sm;0;ON;;;;;N;;;;;
+2235;BECAUSE;Sm;0;ON;;;;;N;;;;;
+2236;RATIO;Sm;0;ON;;;;;N;;;;;
+2237;PROPORTION;Sm;0;ON;;;;;N;;;;;
+2238;DOT MINUS;Sm;0;ON;;;;;N;;;;;
+2239;EXCESS;Sm;0;ON;;;;;Y;;;;;
+223A;GEOMETRIC PROPORTION;Sm;0;ON;;;;;N;;;;;
+223B;HOMOTHETIC;Sm;0;ON;;;;;Y;;;;;
+223C;TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;;
+223D;REVERSED TILDE;Sm;0;ON;;;;;Y;;lazy S;;;
+223E;INVERTED LAZY S;Sm;0;ON;;;;;Y;;;;;
+223F;SINE WAVE;Sm;0;ON;;;;;Y;;;;;
+2240;WREATH PRODUCT;Sm;0;ON;;;;;Y;;;;;
+2241;NOT TILDE;Sm;0;ON;223C 0338;;;;Y;;;;;
+2242;MINUS TILDE;Sm;0;ON;;;;;Y;;;;;
+2243;ASYMPTOTICALLY EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2244;NOT ASYMPTOTICALLY EQUAL TO;Sm;0;ON;2243 0338;;;;Y;;;;;
+2245;APPROXIMATELY EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2246;APPROXIMATELY BUT NOT ACTUALLY EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2247;NEITHER APPROXIMATELY NOR ACTUALLY EQUAL TO;Sm;0;ON;2245 0338;;;;Y;;;;;
+2248;ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2249;NOT ALMOST EQUAL TO;Sm;0;ON;2248 0338;;;;Y;;;;;
+224A;ALMOST EQUAL OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+224B;TRIPLE TILDE;Sm;0;ON;;;;;Y;;;;;
+224C;ALL EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+224D;EQUIVALENT TO;Sm;0;ON;;;;;N;;;;;
+224E;GEOMETRICALLY EQUIVALENT TO;Sm;0;ON;;;;;N;;;;;
+224F;DIFFERENCE BETWEEN;Sm;0;ON;;;;;N;;;;;
+2250;APPROACHES THE LIMIT;Sm;0;ON;;;;;N;;;;;
+2251;GEOMETRICALLY EQUAL TO;Sm;0;ON;;;;;N;;;;;
+2252;APPROXIMATELY EQUAL TO OR THE IMAGE OF;Sm;0;ON;;;;;Y;;;;;
+2253;IMAGE OF OR APPROXIMATELY EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2254;COLON EQUALS;Sm;0;ON;;;;;Y;COLON EQUAL;;;;
+2255;EQUALS COLON;Sm;0;ON;;;;;Y;EQUAL COLON;;;;
+2256;RING IN EQUAL TO;Sm;0;ON;;;;;N;;;;;
+2257;RING EQUAL TO;Sm;0;ON;;;;;N;;;;;
+2258;CORRESPONDS TO;Sm;0;ON;;;;;N;;;;;
+2259;ESTIMATES;Sm;0;ON;;;;;N;;;;;
+225A;EQUIANGULAR TO;Sm;0;ON;;;;;N;;;;;
+225B;STAR EQUALS;Sm;0;ON;;;;;N;;;;;
+225C;DELTA EQUAL TO;Sm;0;ON;;;;;N;;;;;
+225D;EQUAL TO BY DEFINITION;Sm;0;ON;;;;;N;;;;;
+225E;MEASURED BY;Sm;0;ON;;;;;N;;;;;
+225F;QUESTIONED EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2260;NOT EQUAL TO;Sm;0;ON;003D 0338;;;;Y;;;;;
+2261;IDENTICAL TO;Sm;0;ON;;;;;N;;;;;
+2262;NOT IDENTICAL TO;Sm;0;ON;2261 0338;;;;Y;;;;;
+2263;STRICTLY EQUIVALENT TO;Sm;0;ON;;;;;N;;;;;
+2264;LESS-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;LESS THAN OR EQUAL TO;;;;
+2265;GREATER-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;GREATER THAN OR EQUAL TO;;;;
+2266;LESS-THAN OVER EQUAL TO;Sm;0;ON;;;;;Y;LESS THAN OVER EQUAL TO;;;;
+2267;GREATER-THAN OVER EQUAL TO;Sm;0;ON;;;;;Y;GREATER THAN OVER EQUAL TO;;;;
+2268;LESS-THAN BUT NOT EQUAL TO;Sm;0;ON;;;;;Y;LESS THAN BUT NOT EQUAL TO;;;;
+2269;GREATER-THAN BUT NOT EQUAL TO;Sm;0;ON;;;;;Y;GREATER THAN BUT NOT EQUAL TO;;;;
+226A;MUCH LESS-THAN;Sm;0;ON;;;;;Y;MUCH LESS THAN;;;;
+226B;MUCH GREATER-THAN;Sm;0;ON;;;;;Y;MUCH GREATER THAN;;;;
+226C;BETWEEN;Sm;0;ON;;;;;N;;;;;
+226D;NOT EQUIVALENT TO;Sm;0;ON;224D 0338;;;;N;;;;;
+226E;NOT LESS-THAN;Sm;0;ON;003C 0338;;;;Y;NOT LESS THAN;;;;
+226F;NOT GREATER-THAN;Sm;0;ON;003E 0338;;;;Y;NOT GREATER THAN;;;;
+2270;NEITHER LESS-THAN NOR EQUAL TO;Sm;0;ON;2264 0338;;;;Y;NEITHER LESS THAN NOR EQUAL TO;;;;
+2271;NEITHER GREATER-THAN NOR EQUAL TO;Sm;0;ON;2265 0338;;;;Y;NEITHER GREATER THAN NOR EQUAL TO;;;;
+2272;LESS-THAN OR EQUIVALENT TO;Sm;0;ON;;;;;Y;LESS THAN OR EQUIVALENT TO;;;;
+2273;GREATER-THAN OR EQUIVALENT TO;Sm;0;ON;;;;;Y;GREATER THAN OR EQUIVALENT TO;;;;
+2274;NEITHER LESS-THAN NOR EQUIVALENT TO;Sm;0;ON;2272 0338;;;;Y;NEITHER LESS THAN NOR EQUIVALENT TO;;;;
+2275;NEITHER GREATER-THAN NOR EQUIVALENT TO;Sm;0;ON;2273 0338;;;;Y;NEITHER GREATER THAN NOR EQUIVALENT TO;;;;
+2276;LESS-THAN OR GREATER-THAN;Sm;0;ON;;;;;Y;LESS THAN OR GREATER THAN;;;;
+2277;GREATER-THAN OR LESS-THAN;Sm;0;ON;;;;;Y;GREATER THAN OR LESS THAN;;;;
+2278;NEITHER LESS-THAN NOR GREATER-THAN;Sm;0;ON;2276 0338;;;;Y;NEITHER LESS THAN NOR GREATER THAN;;;;
+2279;NEITHER GREATER-THAN NOR LESS-THAN;Sm;0;ON;2277 0338;;;;Y;NEITHER GREATER THAN NOR LESS THAN;;;;
+227A;PRECEDES;Sm;0;ON;;;;;Y;;;;;
+227B;SUCCEEDS;Sm;0;ON;;;;;Y;;;;;
+227C;PRECEDES OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+227D;SUCCEEDS OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+227E;PRECEDES OR EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;;
+227F;SUCCEEDS OR EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;;
+2280;DOES NOT PRECEDE;Sm;0;ON;227A 0338;;;;Y;;;;;
+2281;DOES NOT SUCCEED;Sm;0;ON;227B 0338;;;;Y;;;;;
+2282;SUBSET OF;Sm;0;ON;;;;;Y;;;;;
+2283;SUPERSET OF;Sm;0;ON;;;;;Y;;;;;
+2284;NOT A SUBSET OF;Sm;0;ON;2282 0338;;;;Y;;;;;
+2285;NOT A SUPERSET OF;Sm;0;ON;2283 0338;;;;Y;;;;;
+2286;SUBSET OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2287;SUPERSET OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2288;NEITHER A SUBSET OF NOR EQUAL TO;Sm;0;ON;2286 0338;;;;Y;;;;;
+2289;NEITHER A SUPERSET OF NOR EQUAL TO;Sm;0;ON;2287 0338;;;;Y;;;;;
+228A;SUBSET OF WITH NOT EQUAL TO;Sm;0;ON;;;;;Y;SUBSET OF OR NOT EQUAL TO;;;;
+228B;SUPERSET OF WITH NOT EQUAL TO;Sm;0;ON;;;;;Y;SUPERSET OF OR NOT EQUAL TO;;;;
+228C;MULTISET;Sm;0;ON;;;;;Y;;;;;
+228D;MULTISET MULTIPLICATION;Sm;0;ON;;;;;N;;;;;
+228E;MULTISET UNION;Sm;0;ON;;;;;N;;;;;
+228F;SQUARE IMAGE OF;Sm;0;ON;;;;;Y;;;;;
+2290;SQUARE ORIGINAL OF;Sm;0;ON;;;;;Y;;;;;
+2291;SQUARE IMAGE OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2292;SQUARE ORIGINAL OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2293;SQUARE CAP;Sm;0;ON;;;;;N;;;;;
+2294;SQUARE CUP;Sm;0;ON;;;;;N;;;;;
+2295;CIRCLED PLUS;Sm;0;ON;;;;;N;;;;;
+2296;CIRCLED MINUS;Sm;0;ON;;;;;N;;;;;
+2297;CIRCLED TIMES;Sm;0;ON;;;;;N;;;;;
+2298;CIRCLED DIVISION SLASH;Sm;0;ON;;;;;Y;;;;;
+2299;CIRCLED DOT OPERATOR;Sm;0;ON;;;;;N;;;;;
+229A;CIRCLED RING OPERATOR;Sm;0;ON;;;;;N;;;;;
+229B;CIRCLED ASTERISK OPERATOR;Sm;0;ON;;;;;N;;;;;
+229C;CIRCLED EQUALS;Sm;0;ON;;;;;N;;;;;
+229D;CIRCLED DASH;Sm;0;ON;;;;;N;;;;;
+229E;SQUARED PLUS;Sm;0;ON;;;;;N;;;;;
+229F;SQUARED MINUS;Sm;0;ON;;;;;N;;;;;
+22A0;SQUARED TIMES;Sm;0;ON;;;;;N;;;;;
+22A1;SQUARED DOT OPERATOR;Sm;0;ON;;;;;N;;;;;
+22A2;RIGHT TACK;Sm;0;ON;;;;;Y;;;;;
+22A3;LEFT TACK;Sm;0;ON;;;;;Y;;;;;
+22A4;DOWN TACK;Sm;0;ON;;;;;N;;;;;
+22A5;UP TACK;Sm;0;ON;;;;;N;;;;;
+22A6;ASSERTION;Sm;0;ON;;;;;Y;;;;;
+22A7;MODELS;Sm;0;ON;;;;;Y;;;;;
+22A8;TRUE;Sm;0;ON;;;;;Y;;;;;
+22A9;FORCES;Sm;0;ON;;;;;Y;;;;;
+22AA;TRIPLE VERTICAL BAR RIGHT TURNSTILE;Sm;0;ON;;;;;Y;;;;;
+22AB;DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE;Sm;0;ON;;;;;Y;;;;;
+22AC;DOES NOT PROVE;Sm;0;ON;22A2 0338;;;;Y;;;;;
+22AD;NOT TRUE;Sm;0;ON;22A8 0338;;;;Y;;;;;
+22AE;DOES NOT FORCE;Sm;0;ON;22A9 0338;;;;Y;;;;;
+22AF;NEGATED DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE;Sm;0;ON;22AB 0338;;;;Y;;;;;
+22B0;PRECEDES UNDER RELATION;Sm;0;ON;;;;;Y;;;;;
+22B1;SUCCEEDS UNDER RELATION;Sm;0;ON;;;;;Y;;;;;
+22B2;NORMAL SUBGROUP OF;Sm;0;ON;;;;;Y;;;;;
+22B3;CONTAINS AS NORMAL SUBGROUP;Sm;0;ON;;;;;Y;;;;;
+22B4;NORMAL SUBGROUP OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+22B5;CONTAINS AS NORMAL SUBGROUP OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+22B6;ORIGINAL OF;Sm;0;ON;;;;;Y;;;;;
+22B7;IMAGE OF;Sm;0;ON;;;;;Y;;;;;
+22B8;MULTIMAP;Sm;0;ON;;;;;Y;;;;;
+22B9;HERMITIAN CONJUGATE MATRIX;Sm;0;ON;;;;;N;;;;;
+22BA;INTERCALATE;Sm;0;ON;;;;;N;;;;;
+22BB;XOR;Sm;0;ON;;;;;N;;;;;
+22BC;NAND;Sm;0;ON;;;;;N;;;;;
+22BD;NOR;Sm;0;ON;;;;;N;;;;;
+22BE;RIGHT ANGLE WITH ARC;Sm;0;ON;;;;;Y;;;;;
+22BF;RIGHT TRIANGLE;Sm;0;ON;;;;;Y;;;;;
+22C0;N-ARY LOGICAL AND;Sm;0;ON;;;;;N;;;;;
+22C1;N-ARY LOGICAL OR;Sm;0;ON;;;;;N;;;;;
+22C2;N-ARY INTERSECTION;Sm;0;ON;;;;;N;;;;;
+22C3;N-ARY UNION;Sm;0;ON;;;;;N;;;;;
+22C4;DIAMOND OPERATOR;Sm;0;ON;;;;;N;;;;;
+22C5;DOT OPERATOR;Sm;0;ON;;;;;N;;;;;
+22C6;STAR OPERATOR;Sm;0;ON;;;;;N;;;;;
+22C7;DIVISION TIMES;Sm;0;ON;;;;;N;;;;;
+22C8;BOWTIE;Sm;0;ON;;;;;N;;;;;
+22C9;LEFT NORMAL FACTOR SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;;
+22CA;RIGHT NORMAL FACTOR SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;;
+22CB;LEFT SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;;
+22CC;RIGHT SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;;
+22CD;REVERSED TILDE EQUALS;Sm;0;ON;;;;;Y;;;;;
+22CE;CURLY LOGICAL OR;Sm;0;ON;;;;;N;;;;;
+22CF;CURLY LOGICAL AND;Sm;0;ON;;;;;N;;;;;
+22D0;DOUBLE SUBSET;Sm;0;ON;;;;;Y;;;;;
+22D1;DOUBLE SUPERSET;Sm;0;ON;;;;;Y;;;;;
+22D2;DOUBLE INTERSECTION;Sm;0;ON;;;;;N;;;;;
+22D3;DOUBLE UNION;Sm;0;ON;;;;;N;;;;;
+22D4;PITCHFORK;Sm;0;ON;;;;;N;;;;;
+22D5;EQUAL AND PARALLEL TO;Sm;0;ON;;;;;N;;;;;
+22D6;LESS-THAN WITH DOT;Sm;0;ON;;;;;Y;LESS THAN WITH DOT;;;;
+22D7;GREATER-THAN WITH DOT;Sm;0;ON;;;;;Y;GREATER THAN WITH DOT;;;;
+22D8;VERY MUCH LESS-THAN;Sm;0;ON;;;;;Y;VERY MUCH LESS THAN;;;;
+22D9;VERY MUCH GREATER-THAN;Sm;0;ON;;;;;Y;VERY MUCH GREATER THAN;;;;
+22DA;LESS-THAN EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;LESS THAN EQUAL TO OR GREATER THAN;;;;
+22DB;GREATER-THAN EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;GREATER THAN EQUAL TO OR LESS THAN;;;;
+22DC;EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;EQUAL TO OR LESS THAN;;;;
+22DD;EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;EQUAL TO OR GREATER THAN;;;;
+22DE;EQUAL TO OR PRECEDES;Sm;0;ON;;;;;Y;;;;;
+22DF;EQUAL TO OR SUCCEEDS;Sm;0;ON;;;;;Y;;;;;
+22E0;DOES NOT PRECEDE OR EQUAL;Sm;0;ON;227C 0338;;;;Y;;;;;
+22E1;DOES NOT SUCCEED OR EQUAL;Sm;0;ON;227D 0338;;;;Y;;;;;
+22E2;NOT SQUARE IMAGE OF OR EQUAL TO;Sm;0;ON;2291 0338;;;;Y;;;;;
+22E3;NOT SQUARE ORIGINAL OF OR EQUAL TO;Sm;0;ON;2292 0338;;;;Y;;;;;
+22E4;SQUARE IMAGE OF OR NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+22E5;SQUARE ORIGINAL OF OR NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+22E6;LESS-THAN BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;LESS THAN BUT NOT EQUIVALENT TO;;;;
+22E7;GREATER-THAN BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;GREATER THAN BUT NOT EQUIVALENT TO;;;;
+22E8;PRECEDES BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;;
+22E9;SUCCEEDS BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;;
+22EA;NOT NORMAL SUBGROUP OF;Sm;0;ON;22B2 0338;;;;Y;;;;;
+22EB;DOES NOT CONTAIN AS NORMAL SUBGROUP;Sm;0;ON;22B3 0338;;;;Y;;;;;
+22EC;NOT NORMAL SUBGROUP OF OR EQUAL TO;Sm;0;ON;22B4 0338;;;;Y;;;;;
+22ED;DOES NOT CONTAIN AS NORMAL SUBGROUP OR EQUAL;Sm;0;ON;22B5 0338;;;;Y;;;;;
+22EE;VERTICAL ELLIPSIS;Sm;0;ON;;;;;N;;;;;
+22EF;MIDLINE HORIZONTAL ELLIPSIS;Sm;0;ON;;;;;N;;;;;
+22F0;UP RIGHT DIAGONAL ELLIPSIS;Sm;0;ON;;;;;Y;;;;;
+22F1;DOWN RIGHT DIAGONAL ELLIPSIS;Sm;0;ON;;;;;Y;;;;;
+22F2;ELEMENT OF WITH LONG HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;;
+22F3;ELEMENT OF WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;;
+22F4;SMALL ELEMENT OF WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;;
+22F5;ELEMENT OF WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;;
+22F6;ELEMENT OF WITH OVERBAR;Sm;0;ON;;;;;Y;;;;;
+22F7;SMALL ELEMENT OF WITH OVERBAR;Sm;0;ON;;;;;Y;;;;;
+22F8;ELEMENT OF WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;;
+22F9;ELEMENT OF WITH TWO HORIZONTAL STROKES;Sm;0;ON;;;;;Y;;;;;
+22FA;CONTAINS WITH LONG HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;;
+22FB;CONTAINS WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;;
+22FC;SMALL CONTAINS WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;;
+22FD;CONTAINS WITH OVERBAR;Sm;0;ON;;;;;Y;;;;;
+22FE;SMALL CONTAINS WITH OVERBAR;Sm;0;ON;;;;;Y;;;;;
+22FF;Z NOTATION BAG MEMBERSHIP;Sm;0;ON;;;;;Y;;;;;
+2300;DIAMETER SIGN;So;0;ON;;;;;N;;;;;
+2301;ELECTRIC ARROW;So;0;ON;;;;;N;;;;;
+2302;HOUSE;So;0;ON;;;;;N;;;;;
+2303;UP ARROWHEAD;So;0;ON;;;;;N;;;;;
+2304;DOWN ARROWHEAD;So;0;ON;;;;;N;;;;;
+2305;PROJECTIVE;So;0;ON;;;;;N;;;;;
+2306;PERSPECTIVE;So;0;ON;;;;;N;;;;;
+2307;WAVY LINE;So;0;ON;;;;;N;;;;;
+2308;LEFT CEILING;Sm;0;ON;;;;;Y;;;;;
+2309;RIGHT CEILING;Sm;0;ON;;;;;Y;;;;;
+230A;LEFT FLOOR;Sm;0;ON;;;;;Y;;;;;
+230B;RIGHT FLOOR;Sm;0;ON;;;;;Y;;;;;
+230C;BOTTOM RIGHT CROP;So;0;ON;;;;;N;;;;;
+230D;BOTTOM LEFT CROP;So;0;ON;;;;;N;;;;;
+230E;TOP RIGHT CROP;So;0;ON;;;;;N;;;;;
+230F;TOP LEFT CROP;So;0;ON;;;;;N;;;;;
+2310;REVERSED NOT SIGN;So;0;ON;;;;;N;;;;;
+2311;SQUARE LOZENGE;So;0;ON;;;;;N;;;;;
+2312;ARC;So;0;ON;;;;;N;;;;;
+2313;SEGMENT;So;0;ON;;;;;N;;;;;
+2314;SECTOR;So;0;ON;;;;;N;;;;;
+2315;TELEPHONE RECORDER;So;0;ON;;;;;N;;;;;
+2316;POSITION INDICATOR;So;0;ON;;;;;N;;;;;
+2317;VIEWDATA SQUARE;So;0;ON;;;;;N;;;;;
+2318;PLACE OF INTEREST SIGN;So;0;ON;;;;;N;COMMAND KEY;;;;
+2319;TURNED NOT SIGN;So;0;ON;;;;;N;;;;;
+231A;WATCH;So;0;ON;;;;;N;;;;;
+231B;HOURGLASS;So;0;ON;;;;;N;;;;;
+231C;TOP LEFT CORNER;So;0;ON;;;;;N;;;;;
+231D;TOP RIGHT CORNER;So;0;ON;;;;;N;;;;;
+231E;BOTTOM LEFT CORNER;So;0;ON;;;;;N;;;;;
+231F;BOTTOM RIGHT CORNER;So;0;ON;;;;;N;;;;;
+2320;TOP HALF INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+2321;BOTTOM HALF INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+2322;FROWN;So;0;ON;;;;;N;;;;;
+2323;SMILE;So;0;ON;;;;;N;;;;;
+2324;UP ARROWHEAD BETWEEN TWO HORIZONTAL BARS;So;0;ON;;;;;N;ENTER KEY;;;;
+2325;OPTION KEY;So;0;ON;;;;;N;;;;;
+2326;ERASE TO THE RIGHT;So;0;ON;;;;;N;DELETE TO THE RIGHT KEY;;;;
+2327;X IN A RECTANGLE BOX;So;0;ON;;;;;N;CLEAR KEY;;;;
+2328;KEYBOARD;So;0;ON;;;;;N;;;;;
+2329;LEFT-POINTING ANGLE BRACKET;Ps;0;ON;3008;;;;Y;BRA;;;;
+232A;RIGHT-POINTING ANGLE BRACKET;Pe;0;ON;3009;;;;Y;KET;;;;
+232B;ERASE TO THE LEFT;So;0;ON;;;;;N;DELETE TO THE LEFT KEY;;;;
+232C;BENZENE RING;So;0;ON;;;;;N;;;;;
+232D;CYLINDRICITY;So;0;ON;;;;;N;;;;;
+232E;ALL AROUND-PROFILE;So;0;ON;;;;;N;;;;;
+232F;SYMMETRY;So;0;ON;;;;;N;;;;;
+2330;TOTAL RUNOUT;So;0;ON;;;;;N;;;;;
+2331;DIMENSION ORIGIN;So;0;ON;;;;;N;;;;;
+2332;CONICAL TAPER;So;0;ON;;;;;N;;;;;
+2333;SLOPE;So;0;ON;;;;;N;;;;;
+2334;COUNTERBORE;So;0;ON;;;;;N;;;;;
+2335;COUNTERSINK;So;0;ON;;;;;N;;;;;
+2336;APL FUNCTIONAL SYMBOL I-BEAM;So;0;L;;;;;N;;;;;
+2337;APL FUNCTIONAL SYMBOL SQUISH QUAD;So;0;L;;;;;N;;;;;
+2338;APL FUNCTIONAL SYMBOL QUAD EQUAL;So;0;L;;;;;N;;;;;
+2339;APL FUNCTIONAL SYMBOL QUAD DIVIDE;So;0;L;;;;;N;;;;;
+233A;APL FUNCTIONAL SYMBOL QUAD DIAMOND;So;0;L;;;;;N;;;;;
+233B;APL FUNCTIONAL SYMBOL QUAD JOT;So;0;L;;;;;N;;;;;
+233C;APL FUNCTIONAL SYMBOL QUAD CIRCLE;So;0;L;;;;;N;;;;;
+233D;APL FUNCTIONAL SYMBOL CIRCLE STILE;So;0;L;;;;;N;;;;;
+233E;APL FUNCTIONAL SYMBOL CIRCLE JOT;So;0;L;;;;;N;;;;;
+233F;APL FUNCTIONAL SYMBOL SLASH BAR;So;0;L;;;;;N;;;;;
+2340;APL FUNCTIONAL SYMBOL BACKSLASH BAR;So;0;L;;;;;N;;;;;
+2341;APL FUNCTIONAL SYMBOL QUAD SLASH;So;0;L;;;;;N;;;;;
+2342;APL FUNCTIONAL SYMBOL QUAD BACKSLASH;So;0;L;;;;;N;;;;;
+2343;APL FUNCTIONAL SYMBOL QUAD LESS-THAN;So;0;L;;;;;N;;;;;
+2344;APL FUNCTIONAL SYMBOL QUAD GREATER-THAN;So;0;L;;;;;N;;;;;
+2345;APL FUNCTIONAL SYMBOL LEFTWARDS VANE;So;0;L;;;;;N;;;;;
+2346;APL FUNCTIONAL SYMBOL RIGHTWARDS VANE;So;0;L;;;;;N;;;;;
+2347;APL FUNCTIONAL SYMBOL QUAD LEFTWARDS ARROW;So;0;L;;;;;N;;;;;
+2348;APL FUNCTIONAL SYMBOL QUAD RIGHTWARDS ARROW;So;0;L;;;;;N;;;;;
+2349;APL FUNCTIONAL SYMBOL CIRCLE BACKSLASH;So;0;L;;;;;N;;;;;
+234A;APL FUNCTIONAL SYMBOL DOWN TACK UNDERBAR;So;0;L;;;;;N;;*;;;
+234B;APL FUNCTIONAL SYMBOL DELTA STILE;So;0;L;;;;;N;;;;;
+234C;APL FUNCTIONAL SYMBOL QUAD DOWN CARET;So;0;L;;;;;N;;;;;
+234D;APL FUNCTIONAL SYMBOL QUAD DELTA;So;0;L;;;;;N;;;;;
+234E;APL FUNCTIONAL SYMBOL DOWN TACK JOT;So;0;L;;;;;N;;*;;;
+234F;APL FUNCTIONAL SYMBOL UPWARDS VANE;So;0;L;;;;;N;;;;;
+2350;APL FUNCTIONAL SYMBOL QUAD UPWARDS ARROW;So;0;L;;;;;N;;;;;
+2351;APL FUNCTIONAL SYMBOL UP TACK OVERBAR;So;0;L;;;;;N;;*;;;
+2352;APL FUNCTIONAL SYMBOL DEL STILE;So;0;L;;;;;N;;;;;
+2353;APL FUNCTIONAL SYMBOL QUAD UP CARET;So;0;L;;;;;N;;;;;
+2354;APL FUNCTIONAL SYMBOL QUAD DEL;So;0;L;;;;;N;;;;;
+2355;APL FUNCTIONAL SYMBOL UP TACK JOT;So;0;L;;;;;N;;*;;;
+2356;APL FUNCTIONAL SYMBOL DOWNWARDS VANE;So;0;L;;;;;N;;;;;
+2357;APL FUNCTIONAL SYMBOL QUAD DOWNWARDS ARROW;So;0;L;;;;;N;;;;;
+2358;APL FUNCTIONAL SYMBOL QUOTE UNDERBAR;So;0;L;;;;;N;;;;;
+2359;APL FUNCTIONAL SYMBOL DELTA UNDERBAR;So;0;L;;;;;N;;;;;
+235A;APL FUNCTIONAL SYMBOL DIAMOND UNDERBAR;So;0;L;;;;;N;;;;;
+235B;APL FUNCTIONAL SYMBOL JOT UNDERBAR;So;0;L;;;;;N;;;;;
+235C;APL FUNCTIONAL SYMBOL CIRCLE UNDERBAR;So;0;L;;;;;N;;;;;
+235D;APL FUNCTIONAL SYMBOL UP SHOE JOT;So;0;L;;;;;N;;;;;
+235E;APL FUNCTIONAL SYMBOL QUOTE QUAD;So;0;L;;;;;N;;;;;
+235F;APL FUNCTIONAL SYMBOL CIRCLE STAR;So;0;L;;;;;N;;;;;
+2360;APL FUNCTIONAL SYMBOL QUAD COLON;So;0;L;;;;;N;;;;;
+2361;APL FUNCTIONAL SYMBOL UP TACK DIAERESIS;So;0;L;;;;;N;;*;;;
+2362;APL FUNCTIONAL SYMBOL DEL DIAERESIS;So;0;L;;;;;N;;;;;
+2363;APL FUNCTIONAL SYMBOL STAR DIAERESIS;So;0;L;;;;;N;;;;;
+2364;APL FUNCTIONAL SYMBOL JOT DIAERESIS;So;0;L;;;;;N;;;;;
+2365;APL FUNCTIONAL SYMBOL CIRCLE DIAERESIS;So;0;L;;;;;N;;;;;
+2366;APL FUNCTIONAL SYMBOL DOWN SHOE STILE;So;0;L;;;;;N;;;;;
+2367;APL FUNCTIONAL SYMBOL LEFT SHOE STILE;So;0;L;;;;;N;;;;;
+2368;APL FUNCTIONAL SYMBOL TILDE DIAERESIS;So;0;L;;;;;N;;;;;
+2369;APL FUNCTIONAL SYMBOL GREATER-THAN DIAERESIS;So;0;L;;;;;N;;;;;
+236A;APL FUNCTIONAL SYMBOL COMMA BAR;So;0;L;;;;;N;;;;;
+236B;APL FUNCTIONAL SYMBOL DEL TILDE;So;0;L;;;;;N;;;;;
+236C;APL FUNCTIONAL SYMBOL ZILDE;So;0;L;;;;;N;;;;;
+236D;APL FUNCTIONAL SYMBOL STILE TILDE;So;0;L;;;;;N;;;;;
+236E;APL FUNCTIONAL SYMBOL SEMICOLON UNDERBAR;So;0;L;;;;;N;;;;;
+236F;APL FUNCTIONAL SYMBOL QUAD NOT EQUAL;So;0;L;;;;;N;;;;;
+2370;APL FUNCTIONAL SYMBOL QUAD QUESTION;So;0;L;;;;;N;;;;;
+2371;APL FUNCTIONAL SYMBOL DOWN CARET TILDE;So;0;L;;;;;N;;;;;
+2372;APL FUNCTIONAL SYMBOL UP CARET TILDE;So;0;L;;;;;N;;;;;
+2373;APL FUNCTIONAL SYMBOL IOTA;So;0;L;;;;;N;;;;;
+2374;APL FUNCTIONAL SYMBOL RHO;So;0;L;;;;;N;;;;;
+2375;APL FUNCTIONAL SYMBOL OMEGA;So;0;L;;;;;N;;;;;
+2376;APL FUNCTIONAL SYMBOL ALPHA UNDERBAR;So;0;L;;;;;N;;;;;
+2377;APL FUNCTIONAL SYMBOL EPSILON UNDERBAR;So;0;L;;;;;N;;;;;
+2378;APL FUNCTIONAL SYMBOL IOTA UNDERBAR;So;0;L;;;;;N;;;;;
+2379;APL FUNCTIONAL SYMBOL OMEGA UNDERBAR;So;0;L;;;;;N;;;;;
+237A;APL FUNCTIONAL SYMBOL ALPHA;So;0;L;;;;;N;;;;;
+237B;NOT CHECK MARK;So;0;ON;;;;;N;;;;;
+237C;RIGHT ANGLE WITH DOWNWARDS ZIGZAG ARROW;Sm;0;ON;;;;;N;;;;;
+237D;SHOULDERED OPEN BOX;So;0;ON;;;;;N;;;;;
+237E;BELL SYMBOL;So;0;ON;;;;;N;;;;;
+237F;VERTICAL LINE WITH MIDDLE DOT;So;0;ON;;;;;N;;;;;
+2380;INSERTION SYMBOL;So;0;ON;;;;;N;;;;;
+2381;CONTINUOUS UNDERLINE SYMBOL;So;0;ON;;;;;N;;;;;
+2382;DISCONTINUOUS UNDERLINE SYMBOL;So;0;ON;;;;;N;;;;;
+2383;EMPHASIS SYMBOL;So;0;ON;;;;;N;;;;;
+2384;COMPOSITION SYMBOL;So;0;ON;;;;;N;;;;;
+2385;WHITE SQUARE WITH CENTRE VERTICAL LINE;So;0;ON;;;;;N;;;;;
+2386;ENTER SYMBOL;So;0;ON;;;;;N;;;;;
+2387;ALTERNATIVE KEY SYMBOL;So;0;ON;;;;;N;;;;;
+2388;HELM SYMBOL;So;0;ON;;;;;N;;;;;
+2389;CIRCLED HORIZONTAL BAR WITH NOTCH;So;0;ON;;;;;N;;pause;;;
+238A;CIRCLED TRIANGLE DOWN;So;0;ON;;;;;N;;break;;;
+238B;BROKEN CIRCLE WITH NORTHWEST ARROW;So;0;ON;;;;;N;;escape;;;
+238C;UNDO SYMBOL;So;0;ON;;;;;N;;;;;
+238D;MONOSTABLE SYMBOL;So;0;ON;;;;;N;;;;;
+238E;HYSTERESIS SYMBOL;So;0;ON;;;;;N;;;;;
+238F;OPEN-CIRCUIT-OUTPUT H-TYPE SYMBOL;So;0;ON;;;;;N;;;;;
+2390;OPEN-CIRCUIT-OUTPUT L-TYPE SYMBOL;So;0;ON;;;;;N;;;;;
+2391;PASSIVE-PULL-DOWN-OUTPUT SYMBOL;So;0;ON;;;;;N;;;;;
+2392;PASSIVE-PULL-UP-OUTPUT SYMBOL;So;0;ON;;;;;N;;;;;
+2393;DIRECT CURRENT SYMBOL FORM TWO;So;0;ON;;;;;N;;;;;
+2394;SOFTWARE-FUNCTION SYMBOL;So;0;ON;;;;;N;;;;;
+2395;APL FUNCTIONAL SYMBOL QUAD;So;0;L;;;;;N;;;;;
+2396;DECIMAL SEPARATOR KEY SYMBOL;So;0;ON;;;;;N;;;;;
+2397;PREVIOUS PAGE;So;0;ON;;;;;N;;;;;
+2398;NEXT PAGE;So;0;ON;;;;;N;;;;;
+2399;PRINT SCREEN SYMBOL;So;0;ON;;;;;N;;;;;
+239A;CLEAR SCREEN SYMBOL;So;0;ON;;;;;N;;;;;
+239B;LEFT PARENTHESIS UPPER HOOK;Sm;0;ON;;;;;N;;;;;
+239C;LEFT PARENTHESIS EXTENSION;Sm;0;ON;;;;;N;;;;;
+239D;LEFT PARENTHESIS LOWER HOOK;Sm;0;ON;;;;;N;;;;;
+239E;RIGHT PARENTHESIS UPPER HOOK;Sm;0;ON;;;;;N;;;;;
+239F;RIGHT PARENTHESIS EXTENSION;Sm;0;ON;;;;;N;;;;;
+23A0;RIGHT PARENTHESIS LOWER HOOK;Sm;0;ON;;;;;N;;;;;
+23A1;LEFT SQUARE BRACKET UPPER CORNER;Sm;0;ON;;;;;N;;;;;
+23A2;LEFT SQUARE BRACKET EXTENSION;Sm;0;ON;;;;;N;;;;;
+23A3;LEFT SQUARE BRACKET LOWER CORNER;Sm;0;ON;;;;;N;;;;;
+23A4;RIGHT SQUARE BRACKET UPPER CORNER;Sm;0;ON;;;;;N;;;;;
+23A5;RIGHT SQUARE BRACKET EXTENSION;Sm;0;ON;;;;;N;;;;;
+23A6;RIGHT SQUARE BRACKET LOWER CORNER;Sm;0;ON;;;;;N;;;;;
+23A7;LEFT CURLY BRACKET UPPER HOOK;Sm;0;ON;;;;;N;;;;;
+23A8;LEFT CURLY BRACKET MIDDLE PIECE;Sm;0;ON;;;;;N;;;;;
+23A9;LEFT CURLY BRACKET LOWER HOOK;Sm;0;ON;;;;;N;;;;;
+23AA;CURLY BRACKET EXTENSION;Sm;0;ON;;;;;N;;;;;
+23AB;RIGHT CURLY BRACKET UPPER HOOK;Sm;0;ON;;;;;N;;;;;
+23AC;RIGHT CURLY BRACKET MIDDLE PIECE;Sm;0;ON;;;;;N;;;;;
+23AD;RIGHT CURLY BRACKET LOWER HOOK;Sm;0;ON;;;;;N;;;;;
+23AE;INTEGRAL EXTENSION;Sm;0;ON;;;;;N;;;;;
+23AF;HORIZONTAL LINE EXTENSION;Sm;0;ON;;;;;N;;;;;
+23B0;UPPER LEFT OR LOWER RIGHT CURLY BRACKET SECTION;Sm;0;ON;;;;;N;;;;;
+23B1;UPPER RIGHT OR LOWER LEFT CURLY BRACKET SECTION;Sm;0;ON;;;;;N;;;;;
+23B2;SUMMATION TOP;Sm;0;ON;;;;;N;;;;;
+23B3;SUMMATION BOTTOM;Sm;0;ON;;;;;N;;;;;
+23B4;TOP SQUARE BRACKET;Ps;0;ON;;;;;N;;;;;
+23B5;BOTTOM SQUARE BRACKET;Pe;0;ON;;;;;N;;;;;
+23B6;BOTTOM SQUARE BRACKET OVER TOP SQUARE BRACKET;Po;0;ON;;;;;N;;;;;
+23B7;RADICAL SYMBOL BOTTOM;So;0;ON;;;;;N;;;;;
+23B8;LEFT VERTICAL BOX LINE;So;0;ON;;;;;N;;;;;
+23B9;RIGHT VERTICAL BOX LINE;So;0;ON;;;;;N;;;;;
+23BA;HORIZONTAL SCAN LINE-1;So;0;ON;;;;;N;;;;;
+23BB;HORIZONTAL SCAN LINE-3;So;0;ON;;;;;N;;;;;
+23BC;HORIZONTAL SCAN LINE-7;So;0;ON;;;;;N;;;;;
+23BD;HORIZONTAL SCAN LINE-9;So;0;ON;;;;;N;;;;;
+23BE;DENTISTRY SYMBOL LIGHT VERTICAL AND TOP RIGHT;So;0;ON;;;;;N;;;;;
+23BF;DENTISTRY SYMBOL LIGHT VERTICAL AND BOTTOM RIGHT;So;0;ON;;;;;N;;;;;
+23C0;DENTISTRY SYMBOL LIGHT VERTICAL WITH CIRCLE;So;0;ON;;;;;N;;;;;
+23C1;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL WITH CIRCLE;So;0;ON;;;;;N;;;;;
+23C2;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL WITH CIRCLE;So;0;ON;;;;;N;;;;;
+23C3;DENTISTRY SYMBOL LIGHT VERTICAL WITH TRIANGLE;So;0;ON;;;;;N;;;;;
+23C4;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL WITH TRIANGLE;So;0;ON;;;;;N;;;;;
+23C5;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL WITH TRIANGLE;So;0;ON;;;;;N;;;;;
+23C6;DENTISTRY SYMBOL LIGHT VERTICAL AND WAVE;So;0;ON;;;;;N;;;;;
+23C7;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL WITH WAVE;So;0;ON;;;;;N;;;;;
+23C8;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL WITH WAVE;So;0;ON;;;;;N;;;;;
+23C9;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL;So;0;ON;;;;;N;;;;;
+23CA;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL;So;0;ON;;;;;N;;;;;
+23CB;DENTISTRY SYMBOL LIGHT VERTICAL AND TOP LEFT;So;0;ON;;;;;N;;;;;
+23CC;DENTISTRY SYMBOL LIGHT VERTICAL AND BOTTOM LEFT;So;0;ON;;;;;N;;;;;
+23CD;SQUARE FOOT;So;0;ON;;;;;N;;;;;
+23CE;RETURN SYMBOL;So;0;ON;;;;;N;;;;;
+2400;SYMBOL FOR NULL;So;0;ON;;;;;N;GRAPHIC FOR NULL;;;;
+2401;SYMBOL FOR START OF HEADING;So;0;ON;;;;;N;GRAPHIC FOR START OF HEADING;;;;
+2402;SYMBOL FOR START OF TEXT;So;0;ON;;;;;N;GRAPHIC FOR START OF TEXT;;;;
+2403;SYMBOL FOR END OF TEXT;So;0;ON;;;;;N;GRAPHIC FOR END OF TEXT;;;;
+2404;SYMBOL FOR END OF TRANSMISSION;So;0;ON;;;;;N;GRAPHIC FOR END OF TRANSMISSION;;;;
+2405;SYMBOL FOR ENQUIRY;So;0;ON;;;;;N;GRAPHIC FOR ENQUIRY;;;;
+2406;SYMBOL FOR ACKNOWLEDGE;So;0;ON;;;;;N;GRAPHIC FOR ACKNOWLEDGE;;;;
+2407;SYMBOL FOR BELL;So;0;ON;;;;;N;GRAPHIC FOR BELL;;;;
+2408;SYMBOL FOR BACKSPACE;So;0;ON;;;;;N;GRAPHIC FOR BACKSPACE;;;;
+2409;SYMBOL FOR HORIZONTAL TABULATION;So;0;ON;;;;;N;GRAPHIC FOR HORIZONTAL TABULATION;;;;
+240A;SYMBOL FOR LINE FEED;So;0;ON;;;;;N;GRAPHIC FOR LINE FEED;;;;
+240B;SYMBOL FOR VERTICAL TABULATION;So;0;ON;;;;;N;GRAPHIC FOR VERTICAL TABULATION;;;;
+240C;SYMBOL FOR FORM FEED;So;0;ON;;;;;N;GRAPHIC FOR FORM FEED;;;;
+240D;SYMBOL FOR CARRIAGE RETURN;So;0;ON;;;;;N;GRAPHIC FOR CARRIAGE RETURN;;;;
+240E;SYMBOL FOR SHIFT OUT;So;0;ON;;;;;N;GRAPHIC FOR SHIFT OUT;;;;
+240F;SYMBOL FOR SHIFT IN;So;0;ON;;;;;N;GRAPHIC FOR SHIFT IN;;;;
+2410;SYMBOL FOR DATA LINK ESCAPE;So;0;ON;;;;;N;GRAPHIC FOR DATA LINK ESCAPE;;;;
+2411;SYMBOL FOR DEVICE CONTROL ONE;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL ONE;;;;
+2412;SYMBOL FOR DEVICE CONTROL TWO;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL TWO;;;;
+2413;SYMBOL FOR DEVICE CONTROL THREE;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL THREE;;;;
+2414;SYMBOL FOR DEVICE CONTROL FOUR;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL FOUR;;;;
+2415;SYMBOL FOR NEGATIVE ACKNOWLEDGE;So;0;ON;;;;;N;GRAPHIC FOR NEGATIVE ACKNOWLEDGE;;;;
+2416;SYMBOL FOR SYNCHRONOUS IDLE;So;0;ON;;;;;N;GRAPHIC FOR SYNCHRONOUS IDLE;;;;
+2417;SYMBOL FOR END OF TRANSMISSION BLOCK;So;0;ON;;;;;N;GRAPHIC FOR END OF TRANSMISSION BLOCK;;;;
+2418;SYMBOL FOR CANCEL;So;0;ON;;;;;N;GRAPHIC FOR CANCEL;;;;
+2419;SYMBOL FOR END OF MEDIUM;So;0;ON;;;;;N;GRAPHIC FOR END OF MEDIUM;;;;
+241A;SYMBOL FOR SUBSTITUTE;So;0;ON;;;;;N;GRAPHIC FOR SUBSTITUTE;;;;
+241B;SYMBOL FOR ESCAPE;So;0;ON;;;;;N;GRAPHIC FOR ESCAPE;;;;
+241C;SYMBOL FOR FILE SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR FILE SEPARATOR;;;;
+241D;SYMBOL FOR GROUP SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR GROUP SEPARATOR;;;;
+241E;SYMBOL FOR RECORD SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR RECORD SEPARATOR;;;;
+241F;SYMBOL FOR UNIT SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR UNIT SEPARATOR;;;;
+2420;SYMBOL FOR SPACE;So;0;ON;;;;;N;GRAPHIC FOR SPACE;;;;
+2421;SYMBOL FOR DELETE;So;0;ON;;;;;N;GRAPHIC FOR DELETE;;;;
+2422;BLANK SYMBOL;So;0;ON;;;;;N;BLANK;;;;
+2423;OPEN BOX;So;0;ON;;;;;N;;;;;
+2424;SYMBOL FOR NEWLINE;So;0;ON;;;;;N;GRAPHIC FOR NEWLINE;;;;
+2425;SYMBOL FOR DELETE FORM TWO;So;0;ON;;;;;N;;;;;
+2426;SYMBOL FOR SUBSTITUTE FORM TWO;So;0;ON;;;;;N;;;;;
+2440;OCR HOOK;So;0;ON;;;;;N;;;;;
+2441;OCR CHAIR;So;0;ON;;;;;N;;;;;
+2442;OCR FORK;So;0;ON;;;;;N;;;;;
+2443;OCR INVERTED FORK;So;0;ON;;;;;N;;;;;
+2444;OCR BELT BUCKLE;So;0;ON;;;;;N;;;;;
+2445;OCR BOW TIE;So;0;ON;;;;;N;;;;;
+2446;OCR BRANCH BANK IDENTIFICATION;So;0;ON;;;;;N;;;;;
+2447;OCR AMOUNT OF CHECK;So;0;ON;;;;;N;;;;;
+2448;OCR DASH;So;0;ON;;;;;N;;;;;
+2449;OCR CUSTOMER ACCOUNT NUMBER;So;0;ON;;;;;N;;;;;
+244A;OCR DOUBLE BACKSLASH;So;0;ON;;;;;N;;;;;
+2460;CIRCLED DIGIT ONE;No;0;EN;<circle> 0031;;1;1;N;;;;;
+2461;CIRCLED DIGIT TWO;No;0;EN;<circle> 0032;;2;2;N;;;;;
+2462;CIRCLED DIGIT THREE;No;0;EN;<circle> 0033;;3;3;N;;;;;
+2463;CIRCLED DIGIT FOUR;No;0;EN;<circle> 0034;;4;4;N;;;;;
+2464;CIRCLED DIGIT FIVE;No;0;EN;<circle> 0035;;5;5;N;;;;;
+2465;CIRCLED DIGIT SIX;No;0;EN;<circle> 0036;;6;6;N;;;;;
+2466;CIRCLED DIGIT SEVEN;No;0;EN;<circle> 0037;;7;7;N;;;;;
+2467;CIRCLED DIGIT EIGHT;No;0;EN;<circle> 0038;;8;8;N;;;;;
+2468;CIRCLED DIGIT NINE;No;0;EN;<circle> 0039;;9;9;N;;;;;
+2469;CIRCLED NUMBER TEN;No;0;EN;<circle> 0031 0030;;;10;N;;;;;
+246A;CIRCLED NUMBER ELEVEN;No;0;EN;<circle> 0031 0031;;;11;N;;;;;
+246B;CIRCLED NUMBER TWELVE;No;0;EN;<circle> 0031 0032;;;12;N;;;;;
+246C;CIRCLED NUMBER THIRTEEN;No;0;EN;<circle> 0031 0033;;;13;N;;;;;
+246D;CIRCLED NUMBER FOURTEEN;No;0;EN;<circle> 0031 0034;;;14;N;;;;;
+246E;CIRCLED NUMBER FIFTEEN;No;0;EN;<circle> 0031 0035;;;15;N;;;;;
+246F;CIRCLED NUMBER SIXTEEN;No;0;EN;<circle> 0031 0036;;;16;N;;;;;
+2470;CIRCLED NUMBER SEVENTEEN;No;0;EN;<circle> 0031 0037;;;17;N;;;;;
+2471;CIRCLED NUMBER EIGHTEEN;No;0;EN;<circle> 0031 0038;;;18;N;;;;;
+2472;CIRCLED NUMBER NINETEEN;No;0;EN;<circle> 0031 0039;;;19;N;;;;;
+2473;CIRCLED NUMBER TWENTY;No;0;EN;<circle> 0032 0030;;;20;N;;;;;
+2474;PARENTHESIZED DIGIT ONE;No;0;EN;<compat> 0028 0031 0029;;1;1;N;;;;;
+2475;PARENTHESIZED DIGIT TWO;No;0;EN;<compat> 0028 0032 0029;;2;2;N;;;;;
+2476;PARENTHESIZED DIGIT THREE;No;0;EN;<compat> 0028 0033 0029;;3;3;N;;;;;
+2477;PARENTHESIZED DIGIT FOUR;No;0;EN;<compat> 0028 0034 0029;;4;4;N;;;;;
+2478;PARENTHESIZED DIGIT FIVE;No;0;EN;<compat> 0028 0035 0029;;5;5;N;;;;;
+2479;PARENTHESIZED DIGIT SIX;No;0;EN;<compat> 0028 0036 0029;;6;6;N;;;;;
+247A;PARENTHESIZED DIGIT SEVEN;No;0;EN;<compat> 0028 0037 0029;;7;7;N;;;;;
+247B;PARENTHESIZED DIGIT EIGHT;No;0;EN;<compat> 0028 0038 0029;;8;8;N;;;;;
+247C;PARENTHESIZED DIGIT NINE;No;0;EN;<compat> 0028 0039 0029;;9;9;N;;;;;
+247D;PARENTHESIZED NUMBER TEN;No;0;EN;<compat> 0028 0031 0030 0029;;;10;N;;;;;
+247E;PARENTHESIZED NUMBER ELEVEN;No;0;EN;<compat> 0028 0031 0031 0029;;;11;N;;;;;
+247F;PARENTHESIZED NUMBER TWELVE;No;0;EN;<compat> 0028 0031 0032 0029;;;12;N;;;;;
+2480;PARENTHESIZED NUMBER THIRTEEN;No;0;EN;<compat> 0028 0031 0033 0029;;;13;N;;;;;
+2481;PARENTHESIZED NUMBER FOURTEEN;No;0;EN;<compat> 0028 0031 0034 0029;;;14;N;;;;;
+2482;PARENTHESIZED NUMBER FIFTEEN;No;0;EN;<compat> 0028 0031 0035 0029;;;15;N;;;;;
+2483;PARENTHESIZED NUMBER SIXTEEN;No;0;EN;<compat> 0028 0031 0036 0029;;;16;N;;;;;
+2484;PARENTHESIZED NUMBER SEVENTEEN;No;0;EN;<compat> 0028 0031 0037 0029;;;17;N;;;;;
+2485;PARENTHESIZED NUMBER EIGHTEEN;No;0;EN;<compat> 0028 0031 0038 0029;;;18;N;;;;;
+2486;PARENTHESIZED NUMBER NINETEEN;No;0;EN;<compat> 0028 0031 0039 0029;;;19;N;;;;;
+2487;PARENTHESIZED NUMBER TWENTY;No;0;EN;<compat> 0028 0032 0030 0029;;;20;N;;;;;
+2488;DIGIT ONE FULL STOP;No;0;EN;<compat> 0031 002E;;1;1;N;DIGIT ONE PERIOD;;;;
+2489;DIGIT TWO FULL STOP;No;0;EN;<compat> 0032 002E;;2;2;N;DIGIT TWO PERIOD;;;;
+248A;DIGIT THREE FULL STOP;No;0;EN;<compat> 0033 002E;;3;3;N;DIGIT THREE PERIOD;;;;
+248B;DIGIT FOUR FULL STOP;No;0;EN;<compat> 0034 002E;;4;4;N;DIGIT FOUR PERIOD;;;;
+248C;DIGIT FIVE FULL STOP;No;0;EN;<compat> 0035 002E;;5;5;N;DIGIT FIVE PERIOD;;;;
+248D;DIGIT SIX FULL STOP;No;0;EN;<compat> 0036 002E;;6;6;N;DIGIT SIX PERIOD;;;;
+248E;DIGIT SEVEN FULL STOP;No;0;EN;<compat> 0037 002E;;7;7;N;DIGIT SEVEN PERIOD;;;;
+248F;DIGIT EIGHT FULL STOP;No;0;EN;<compat> 0038 002E;;8;8;N;DIGIT EIGHT PERIOD;;;;
+2490;DIGIT NINE FULL STOP;No;0;EN;<compat> 0039 002E;;9;9;N;DIGIT NINE PERIOD;;;;
+2491;NUMBER TEN FULL STOP;No;0;EN;<compat> 0031 0030 002E;;;10;N;NUMBER TEN PERIOD;;;;
+2492;NUMBER ELEVEN FULL STOP;No;0;EN;<compat> 0031 0031 002E;;;11;N;NUMBER ELEVEN PERIOD;;;;
+2493;NUMBER TWELVE FULL STOP;No;0;EN;<compat> 0031 0032 002E;;;12;N;NUMBER TWELVE PERIOD;;;;
+2494;NUMBER THIRTEEN FULL STOP;No;0;EN;<compat> 0031 0033 002E;;;13;N;NUMBER THIRTEEN PERIOD;;;;
+2495;NUMBER FOURTEEN FULL STOP;No;0;EN;<compat> 0031 0034 002E;;;14;N;NUMBER FOURTEEN PERIOD;;;;
+2496;NUMBER FIFTEEN FULL STOP;No;0;EN;<compat> 0031 0035 002E;;;15;N;NUMBER FIFTEEN PERIOD;;;;
+2497;NUMBER SIXTEEN FULL STOP;No;0;EN;<compat> 0031 0036 002E;;;16;N;NUMBER SIXTEEN PERIOD;;;;
+2498;NUMBER SEVENTEEN FULL STOP;No;0;EN;<compat> 0031 0037 002E;;;17;N;NUMBER SEVENTEEN PERIOD;;;;
+2499;NUMBER EIGHTEEN FULL STOP;No;0;EN;<compat> 0031 0038 002E;;;18;N;NUMBER EIGHTEEN PERIOD;;;;
+249A;NUMBER NINETEEN FULL STOP;No;0;EN;<compat> 0031 0039 002E;;;19;N;NUMBER NINETEEN PERIOD;;;;
+249B;NUMBER TWENTY FULL STOP;No;0;EN;<compat> 0032 0030 002E;;;20;N;NUMBER TWENTY PERIOD;;;;
+249C;PARENTHESIZED LATIN SMALL LETTER A;So;0;L;<compat> 0028 0061 0029;;;;N;;;;;
+249D;PARENTHESIZED LATIN SMALL LETTER B;So;0;L;<compat> 0028 0062 0029;;;;N;;;;;
+249E;PARENTHESIZED LATIN SMALL LETTER C;So;0;L;<compat> 0028 0063 0029;;;;N;;;;;
+249F;PARENTHESIZED LATIN SMALL LETTER D;So;0;L;<compat> 0028 0064 0029;;;;N;;;;;
+24A0;PARENTHESIZED LATIN SMALL LETTER E;So;0;L;<compat> 0028 0065 0029;;;;N;;;;;
+24A1;PARENTHESIZED LATIN SMALL LETTER F;So;0;L;<compat> 0028 0066 0029;;;;N;;;;;
+24A2;PARENTHESIZED LATIN SMALL LETTER G;So;0;L;<compat> 0028 0067 0029;;;;N;;;;;
+24A3;PARENTHESIZED LATIN SMALL LETTER H;So;0;L;<compat> 0028 0068 0029;;;;N;;;;;
+24A4;PARENTHESIZED LATIN SMALL LETTER I;So;0;L;<compat> 0028 0069 0029;;;;N;;;;;
+24A5;PARENTHESIZED LATIN SMALL LETTER J;So;0;L;<compat> 0028 006A 0029;;;;N;;;;;
+24A6;PARENTHESIZED LATIN SMALL LETTER K;So;0;L;<compat> 0028 006B 0029;;;;N;;;;;
+24A7;PARENTHESIZED LATIN SMALL LETTER L;So;0;L;<compat> 0028 006C 0029;;;;N;;;;;
+24A8;PARENTHESIZED LATIN SMALL LETTER M;So;0;L;<compat> 0028 006D 0029;;;;N;;;;;
+24A9;PARENTHESIZED LATIN SMALL LETTER N;So;0;L;<compat> 0028 006E 0029;;;;N;;;;;
+24AA;PARENTHESIZED LATIN SMALL LETTER O;So;0;L;<compat> 0028 006F 0029;;;;N;;;;;
+24AB;PARENTHESIZED LATIN SMALL LETTER P;So;0;L;<compat> 0028 0070 0029;;;;N;;;;;
+24AC;PARENTHESIZED LATIN SMALL LETTER Q;So;0;L;<compat> 0028 0071 0029;;;;N;;;;;
+24AD;PARENTHESIZED LATIN SMALL LETTER R;So;0;L;<compat> 0028 0072 0029;;;;N;;;;;
+24AE;PARENTHESIZED LATIN SMALL LETTER S;So;0;L;<compat> 0028 0073 0029;;;;N;;;;;
+24AF;PARENTHESIZED LATIN SMALL LETTER T;So;0;L;<compat> 0028 0074 0029;;;;N;;;;;
+24B0;PARENTHESIZED LATIN SMALL LETTER U;So;0;L;<compat> 0028 0075 0029;;;;N;;;;;
+24B1;PARENTHESIZED LATIN SMALL LETTER V;So;0;L;<compat> 0028 0076 0029;;;;N;;;;;
+24B2;PARENTHESIZED LATIN SMALL LETTER W;So;0;L;<compat> 0028 0077 0029;;;;N;;;;;
+24B3;PARENTHESIZED LATIN SMALL LETTER X;So;0;L;<compat> 0028 0078 0029;;;;N;;;;;
+24B4;PARENTHESIZED LATIN SMALL LETTER Y;So;0;L;<compat> 0028 0079 0029;;;;N;;;;;
+24B5;PARENTHESIZED LATIN SMALL LETTER Z;So;0;L;<compat> 0028 007A 0029;;;;N;;;;;
+24B6;CIRCLED LATIN CAPITAL LETTER A;So;0;L;<circle> 0041;;;;N;;;;24D0;
+24B7;CIRCLED LATIN CAPITAL LETTER B;So;0;L;<circle> 0042;;;;N;;;;24D1;
+24B8;CIRCLED LATIN CAPITAL LETTER C;So;0;L;<circle> 0043;;;;N;;;;24D2;
+24B9;CIRCLED LATIN CAPITAL LETTER D;So;0;L;<circle> 0044;;;;N;;;;24D3;
+24BA;CIRCLED LATIN CAPITAL LETTER E;So;0;L;<circle> 0045;;;;N;;;;24D4;
+24BB;CIRCLED LATIN CAPITAL LETTER F;So;0;L;<circle> 0046;;;;N;;;;24D5;
+24BC;CIRCLED LATIN CAPITAL LETTER G;So;0;L;<circle> 0047;;;;N;;;;24D6;
+24BD;CIRCLED LATIN CAPITAL LETTER H;So;0;L;<circle> 0048;;;;N;;;;24D7;
+24BE;CIRCLED LATIN CAPITAL LETTER I;So;0;L;<circle> 0049;;;;N;;;;24D8;
+24BF;CIRCLED LATIN CAPITAL LETTER J;So;0;L;<circle> 004A;;;;N;;;;24D9;
+24C0;CIRCLED LATIN CAPITAL LETTER K;So;0;L;<circle> 004B;;;;N;;;;24DA;
+24C1;CIRCLED LATIN CAPITAL LETTER L;So;0;L;<circle> 004C;;;;N;;;;24DB;
+24C2;CIRCLED LATIN CAPITAL LETTER M;So;0;L;<circle> 004D;;;;N;;;;24DC;
+24C3;CIRCLED LATIN CAPITAL LETTER N;So;0;L;<circle> 004E;;;;N;;;;24DD;
+24C4;CIRCLED LATIN CAPITAL LETTER O;So;0;L;<circle> 004F;;;;N;;;;24DE;
+24C5;CIRCLED LATIN CAPITAL LETTER P;So;0;L;<circle> 0050;;;;N;;;;24DF;
+24C6;CIRCLED LATIN CAPITAL LETTER Q;So;0;L;<circle> 0051;;;;N;;;;24E0;
+24C7;CIRCLED LATIN CAPITAL LETTER R;So;0;L;<circle> 0052;;;;N;;;;24E1;
+24C8;CIRCLED LATIN CAPITAL LETTER S;So;0;L;<circle> 0053;;;;N;;;;24E2;
+24C9;CIRCLED LATIN CAPITAL LETTER T;So;0;L;<circle> 0054;;;;N;;;;24E3;
+24CA;CIRCLED LATIN CAPITAL LETTER U;So;0;L;<circle> 0055;;;;N;;;;24E4;
+24CB;CIRCLED LATIN CAPITAL LETTER V;So;0;L;<circle> 0056;;;;N;;;;24E5;
+24CC;CIRCLED LATIN CAPITAL LETTER W;So;0;L;<circle> 0057;;;;N;;;;24E6;
+24CD;CIRCLED LATIN CAPITAL LETTER X;So;0;L;<circle> 0058;;;;N;;;;24E7;
+24CE;CIRCLED LATIN CAPITAL LETTER Y;So;0;L;<circle> 0059;;;;N;;;;24E8;
+24CF;CIRCLED LATIN CAPITAL LETTER Z;So;0;L;<circle> 005A;;;;N;;;;24E9;
+24D0;CIRCLED LATIN SMALL LETTER A;So;0;L;<circle> 0061;;;;N;;;24B6;;24B6
+24D1;CIRCLED LATIN SMALL LETTER B;So;0;L;<circle> 0062;;;;N;;;24B7;;24B7
+24D2;CIRCLED LATIN SMALL LETTER C;So;0;L;<circle> 0063;;;;N;;;24B8;;24B8
+24D3;CIRCLED LATIN SMALL LETTER D;So;0;L;<circle> 0064;;;;N;;;24B9;;24B9
+24D4;CIRCLED LATIN SMALL LETTER E;So;0;L;<circle> 0065;;;;N;;;24BA;;24BA
+24D5;CIRCLED LATIN SMALL LETTER F;So;0;L;<circle> 0066;;;;N;;;24BB;;24BB
+24D6;CIRCLED LATIN SMALL LETTER G;So;0;L;<circle> 0067;;;;N;;;24BC;;24BC
+24D7;CIRCLED LATIN SMALL LETTER H;So;0;L;<circle> 0068;;;;N;;;24BD;;24BD
+24D8;CIRCLED LATIN SMALL LETTER I;So;0;L;<circle> 0069;;;;N;;;24BE;;24BE
+24D9;CIRCLED LATIN SMALL LETTER J;So;0;L;<circle> 006A;;;;N;;;24BF;;24BF
+24DA;CIRCLED LATIN SMALL LETTER K;So;0;L;<circle> 006B;;;;N;;;24C0;;24C0
+24DB;CIRCLED LATIN SMALL LETTER L;So;0;L;<circle> 006C;;;;N;;;24C1;;24C1
+24DC;CIRCLED LATIN SMALL LETTER M;So;0;L;<circle> 006D;;;;N;;;24C2;;24C2
+24DD;CIRCLED LATIN SMALL LETTER N;So;0;L;<circle> 006E;;;;N;;;24C3;;24C3
+24DE;CIRCLED LATIN SMALL LETTER O;So;0;L;<circle> 006F;;;;N;;;24C4;;24C4
+24DF;CIRCLED LATIN SMALL LETTER P;So;0;L;<circle> 0070;;;;N;;;24C5;;24C5
+24E0;CIRCLED LATIN SMALL LETTER Q;So;0;L;<circle> 0071;;;;N;;;24C6;;24C6
+24E1;CIRCLED LATIN SMALL LETTER R;So;0;L;<circle> 0072;;;;N;;;24C7;;24C7
+24E2;CIRCLED LATIN SMALL LETTER S;So;0;L;<circle> 0073;;;;N;;;24C8;;24C8
+24E3;CIRCLED LATIN SMALL LETTER T;So;0;L;<circle> 0074;;;;N;;;24C9;;24C9
+24E4;CIRCLED LATIN SMALL LETTER U;So;0;L;<circle> 0075;;;;N;;;24CA;;24CA
+24E5;CIRCLED LATIN SMALL LETTER V;So;0;L;<circle> 0076;;;;N;;;24CB;;24CB
+24E6;CIRCLED LATIN SMALL LETTER W;So;0;L;<circle> 0077;;;;N;;;24CC;;24CC
+24E7;CIRCLED LATIN SMALL LETTER X;So;0;L;<circle> 0078;;;;N;;;24CD;;24CD
+24E8;CIRCLED LATIN SMALL LETTER Y;So;0;L;<circle> 0079;;;;N;;;24CE;;24CE
+24E9;CIRCLED LATIN SMALL LETTER Z;So;0;L;<circle> 007A;;;;N;;;24CF;;24CF
+24EA;CIRCLED DIGIT ZERO;No;0;EN;<circle> 0030;;0;0;N;;;;;
+24EB;NEGATIVE CIRCLED NUMBER ELEVEN;No;0;ON;;;;11;N;;;;;
+24EC;NEGATIVE CIRCLED NUMBER TWELVE;No;0;ON;;;;12;N;;;;;
+24ED;NEGATIVE CIRCLED NUMBER THIRTEEN;No;0;ON;;;;13;N;;;;;
+24EE;NEGATIVE CIRCLED NUMBER FOURTEEN;No;0;ON;;;;14;N;;;;;
+24EF;NEGATIVE CIRCLED NUMBER FIFTEEN;No;0;ON;;;;15;N;;;;;
+24F0;NEGATIVE CIRCLED NUMBER SIXTEEN;No;0;ON;;;;16;N;;;;;
+24F1;NEGATIVE CIRCLED NUMBER SEVENTEEN;No;0;ON;;;;17;N;;;;;
+24F2;NEGATIVE CIRCLED NUMBER EIGHTEEN;No;0;ON;;;;18;N;;;;;
+24F3;NEGATIVE CIRCLED NUMBER NINETEEN;No;0;ON;;;;19;N;;;;;
+24F4;NEGATIVE CIRCLED NUMBER TWENTY;No;0;ON;;;;20;N;;;;;
+24F5;DOUBLE CIRCLED DIGIT ONE;No;0;ON;;;1;1;N;;;;;
+24F6;DOUBLE CIRCLED DIGIT TWO;No;0;ON;;;2;2;N;;;;;
+24F7;DOUBLE CIRCLED DIGIT THREE;No;0;ON;;;3;3;N;;;;;
+24F8;DOUBLE CIRCLED DIGIT FOUR;No;0;ON;;;4;4;N;;;;;
+24F9;DOUBLE CIRCLED DIGIT FIVE;No;0;ON;;;5;5;N;;;;;
+24FA;DOUBLE CIRCLED DIGIT SIX;No;0;ON;;;6;6;N;;;;;
+24FB;DOUBLE CIRCLED DIGIT SEVEN;No;0;ON;;;7;7;N;;;;;
+24FC;DOUBLE CIRCLED DIGIT EIGHT;No;0;ON;;;8;8;N;;;;;
+24FD;DOUBLE CIRCLED DIGIT NINE;No;0;ON;;;9;9;N;;;;;
+24FE;DOUBLE CIRCLED NUMBER TEN;No;0;ON;;;;10;N;;;;;
+2500;BOX DRAWINGS LIGHT HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT HORIZONTAL;;;;
+2501;BOX DRAWINGS HEAVY HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY HORIZONTAL;;;;
+2502;BOX DRAWINGS LIGHT VERTICAL;So;0;ON;;;;;N;FORMS LIGHT VERTICAL;;;;
+2503;BOX DRAWINGS HEAVY VERTICAL;So;0;ON;;;;;N;FORMS HEAVY VERTICAL;;;;
+2504;BOX DRAWINGS LIGHT TRIPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT TRIPLE DASH HORIZONTAL;;;;
+2505;BOX DRAWINGS HEAVY TRIPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY TRIPLE DASH HORIZONTAL;;;;
+2506;BOX DRAWINGS LIGHT TRIPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS LIGHT TRIPLE DASH VERTICAL;;;;
+2507;BOX DRAWINGS HEAVY TRIPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS HEAVY TRIPLE DASH VERTICAL;;;;
+2508;BOX DRAWINGS LIGHT QUADRUPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT QUADRUPLE DASH HORIZONTAL;;;;
+2509;BOX DRAWINGS HEAVY QUADRUPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY QUADRUPLE DASH HORIZONTAL;;;;
+250A;BOX DRAWINGS LIGHT QUADRUPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS LIGHT QUADRUPLE DASH VERTICAL;;;;
+250B;BOX DRAWINGS HEAVY QUADRUPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS HEAVY QUADRUPLE DASH VERTICAL;;;;
+250C;BOX DRAWINGS LIGHT DOWN AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT DOWN AND RIGHT;;;;
+250D;BOX DRAWINGS DOWN LIGHT AND RIGHT HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND RIGHT HEAVY;;;;
+250E;BOX DRAWINGS DOWN HEAVY AND RIGHT LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND RIGHT LIGHT;;;;
+250F;BOX DRAWINGS HEAVY DOWN AND RIGHT;So;0;ON;;;;;N;FORMS HEAVY DOWN AND RIGHT;;;;
+2510;BOX DRAWINGS LIGHT DOWN AND LEFT;So;0;ON;;;;;N;FORMS LIGHT DOWN AND LEFT;;;;
+2511;BOX DRAWINGS DOWN LIGHT AND LEFT HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND LEFT HEAVY;;;;
+2512;BOX DRAWINGS DOWN HEAVY AND LEFT LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND LEFT LIGHT;;;;
+2513;BOX DRAWINGS HEAVY DOWN AND LEFT;So;0;ON;;;;;N;FORMS HEAVY DOWN AND LEFT;;;;
+2514;BOX DRAWINGS LIGHT UP AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT UP AND RIGHT;;;;
+2515;BOX DRAWINGS UP LIGHT AND RIGHT HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND RIGHT HEAVY;;;;
+2516;BOX DRAWINGS UP HEAVY AND RIGHT LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND RIGHT LIGHT;;;;
+2517;BOX DRAWINGS HEAVY UP AND RIGHT;So;0;ON;;;;;N;FORMS HEAVY UP AND RIGHT;;;;
+2518;BOX DRAWINGS LIGHT UP AND LEFT;So;0;ON;;;;;N;FORMS LIGHT UP AND LEFT;;;;
+2519;BOX DRAWINGS UP LIGHT AND LEFT HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND LEFT HEAVY;;;;
+251A;BOX DRAWINGS UP HEAVY AND LEFT LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND LEFT LIGHT;;;;
+251B;BOX DRAWINGS HEAVY UP AND LEFT;So;0;ON;;;;;N;FORMS HEAVY UP AND LEFT;;;;
+251C;BOX DRAWINGS LIGHT VERTICAL AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT VERTICAL AND RIGHT;;;;
+251D;BOX DRAWINGS VERTICAL LIGHT AND RIGHT HEAVY;So;0;ON;;;;;N;FORMS VERTICAL LIGHT AND RIGHT HEAVY;;;;
+251E;BOX DRAWINGS UP HEAVY AND RIGHT DOWN LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND RIGHT DOWN LIGHT;;;;
+251F;BOX DRAWINGS DOWN HEAVY AND RIGHT UP LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND RIGHT UP LIGHT;;;;
+2520;BOX DRAWINGS VERTICAL HEAVY AND RIGHT LIGHT;So;0;ON;;;;;N;FORMS VERTICAL HEAVY AND RIGHT LIGHT;;;;
+2521;BOX DRAWINGS DOWN LIGHT AND RIGHT UP HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND RIGHT UP HEAVY;;;;
+2522;BOX DRAWINGS UP LIGHT AND RIGHT DOWN HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND RIGHT DOWN HEAVY;;;;
+2523;BOX DRAWINGS HEAVY VERTICAL AND RIGHT;So;0;ON;;;;;N;FORMS HEAVY VERTICAL AND RIGHT;;;;
+2524;BOX DRAWINGS LIGHT VERTICAL AND LEFT;So;0;ON;;;;;N;FORMS LIGHT VERTICAL AND LEFT;;;;
+2525;BOX DRAWINGS VERTICAL LIGHT AND LEFT HEAVY;So;0;ON;;;;;N;FORMS VERTICAL LIGHT AND LEFT HEAVY;;;;
+2526;BOX DRAWINGS UP HEAVY AND LEFT DOWN LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND LEFT DOWN LIGHT;;;;
+2527;BOX DRAWINGS DOWN HEAVY AND LEFT UP LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND LEFT UP LIGHT;;;;
+2528;BOX DRAWINGS VERTICAL HEAVY AND LEFT LIGHT;So;0;ON;;;;;N;FORMS VERTICAL HEAVY AND LEFT LIGHT;;;;
+2529;BOX DRAWINGS DOWN LIGHT AND LEFT UP HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND LEFT UP HEAVY;;;;
+252A;BOX DRAWINGS UP LIGHT AND LEFT DOWN HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND LEFT DOWN HEAVY;;;;
+252B;BOX DRAWINGS HEAVY VERTICAL AND LEFT;So;0;ON;;;;;N;FORMS HEAVY VERTICAL AND LEFT;;;;
+252C;BOX DRAWINGS LIGHT DOWN AND HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT DOWN AND HORIZONTAL;;;;
+252D;BOX DRAWINGS LEFT HEAVY AND RIGHT DOWN LIGHT;So;0;ON;;;;;N;FORMS LEFT HEAVY AND RIGHT DOWN LIGHT;;;;
+252E;BOX DRAWINGS RIGHT HEAVY AND LEFT DOWN LIGHT;So;0;ON;;;;;N;FORMS RIGHT HEAVY AND LEFT DOWN LIGHT;;;;
+252F;BOX DRAWINGS DOWN LIGHT AND HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND HORIZONTAL HEAVY;;;;
+2530;BOX DRAWINGS DOWN HEAVY AND HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND HORIZONTAL LIGHT;;;;
+2531;BOX DRAWINGS RIGHT LIGHT AND LEFT DOWN HEAVY;So;0;ON;;;;;N;FORMS RIGHT LIGHT AND LEFT DOWN HEAVY;;;;
+2532;BOX DRAWINGS LEFT LIGHT AND RIGHT DOWN HEAVY;So;0;ON;;;;;N;FORMS LEFT LIGHT AND RIGHT DOWN HEAVY;;;;
+2533;BOX DRAWINGS HEAVY DOWN AND HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY DOWN AND HORIZONTAL;;;;
+2534;BOX DRAWINGS LIGHT UP AND HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT UP AND HORIZONTAL;;;;
+2535;BOX DRAWINGS LEFT HEAVY AND RIGHT UP LIGHT;So;0;ON;;;;;N;FORMS LEFT HEAVY AND RIGHT UP LIGHT;;;;
+2536;BOX DRAWINGS RIGHT HEAVY AND LEFT UP LIGHT;So;0;ON;;;;;N;FORMS RIGHT HEAVY AND LEFT UP LIGHT;;;;
+2537;BOX DRAWINGS UP LIGHT AND HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND HORIZONTAL HEAVY;;;;
+2538;BOX DRAWINGS UP HEAVY AND HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND HORIZONTAL LIGHT;;;;
+2539;BOX DRAWINGS RIGHT LIGHT AND LEFT UP HEAVY;So;0;ON;;;;;N;FORMS RIGHT LIGHT AND LEFT UP HEAVY;;;;
+253A;BOX DRAWINGS LEFT LIGHT AND RIGHT UP HEAVY;So;0;ON;;;;;N;FORMS LEFT LIGHT AND RIGHT UP HEAVY;;;;
+253B;BOX DRAWINGS HEAVY UP AND HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY UP AND HORIZONTAL;;;;
+253C;BOX DRAWINGS LIGHT VERTICAL AND HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT VERTICAL AND HORIZONTAL;;;;
+253D;BOX DRAWINGS LEFT HEAVY AND RIGHT VERTICAL LIGHT;So;0;ON;;;;;N;FORMS LEFT HEAVY AND RIGHT VERTICAL LIGHT;;;;
+253E;BOX DRAWINGS RIGHT HEAVY AND LEFT VERTICAL LIGHT;So;0;ON;;;;;N;FORMS RIGHT HEAVY AND LEFT VERTICAL LIGHT;;;;
+253F;BOX DRAWINGS VERTICAL LIGHT AND HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS VERTICAL LIGHT AND HORIZONTAL HEAVY;;;;
+2540;BOX DRAWINGS UP HEAVY AND DOWN HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND DOWN HORIZONTAL LIGHT;;;;
+2541;BOX DRAWINGS DOWN HEAVY AND UP HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND UP HORIZONTAL LIGHT;;;;
+2542;BOX DRAWINGS VERTICAL HEAVY AND HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS VERTICAL HEAVY AND HORIZONTAL LIGHT;;;;
+2543;BOX DRAWINGS LEFT UP HEAVY AND RIGHT DOWN LIGHT;So;0;ON;;;;;N;FORMS LEFT UP HEAVY AND RIGHT DOWN LIGHT;;;;
+2544;BOX DRAWINGS RIGHT UP HEAVY AND LEFT DOWN LIGHT;So;0;ON;;;;;N;FORMS RIGHT UP HEAVY AND LEFT DOWN LIGHT;;;;
+2545;BOX DRAWINGS LEFT DOWN HEAVY AND RIGHT UP LIGHT;So;0;ON;;;;;N;FORMS LEFT DOWN HEAVY AND RIGHT UP LIGHT;;;;
+2546;BOX DRAWINGS RIGHT DOWN HEAVY AND LEFT UP LIGHT;So;0;ON;;;;;N;FORMS RIGHT DOWN HEAVY AND LEFT UP LIGHT;;;;
+2547;BOX DRAWINGS DOWN LIGHT AND UP HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND UP HORIZONTAL HEAVY;;;;
+2548;BOX DRAWINGS UP LIGHT AND DOWN HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND DOWN HORIZONTAL HEAVY;;;;
+2549;BOX DRAWINGS RIGHT LIGHT AND LEFT VERTICAL HEAVY;So;0;ON;;;;;N;FORMS RIGHT LIGHT AND LEFT VERTICAL HEAVY;;;;
+254A;BOX DRAWINGS LEFT LIGHT AND RIGHT VERTICAL HEAVY;So;0;ON;;;;;N;FORMS LEFT LIGHT AND RIGHT VERTICAL HEAVY;;;;
+254B;BOX DRAWINGS HEAVY VERTICAL AND HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY VERTICAL AND HORIZONTAL;;;;
+254C;BOX DRAWINGS LIGHT DOUBLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT DOUBLE DASH HORIZONTAL;;;;
+254D;BOX DRAWINGS HEAVY DOUBLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY DOUBLE DASH HORIZONTAL;;;;
+254E;BOX DRAWINGS LIGHT DOUBLE DASH VERTICAL;So;0;ON;;;;;N;FORMS LIGHT DOUBLE DASH VERTICAL;;;;
+254F;BOX DRAWINGS HEAVY DOUBLE DASH VERTICAL;So;0;ON;;;;;N;FORMS HEAVY DOUBLE DASH VERTICAL;;;;
+2550;BOX DRAWINGS DOUBLE HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE HORIZONTAL;;;;
+2551;BOX DRAWINGS DOUBLE VERTICAL;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL;;;;
+2552;BOX DRAWINGS DOWN SINGLE AND RIGHT DOUBLE;So;0;ON;;;;;N;FORMS DOWN SINGLE AND RIGHT DOUBLE;;;;
+2553;BOX DRAWINGS DOWN DOUBLE AND RIGHT SINGLE;So;0;ON;;;;;N;FORMS DOWN DOUBLE AND RIGHT SINGLE;;;;
+2554;BOX DRAWINGS DOUBLE DOWN AND RIGHT;So;0;ON;;;;;N;FORMS DOUBLE DOWN AND RIGHT;;;;
+2555;BOX DRAWINGS DOWN SINGLE AND LEFT DOUBLE;So;0;ON;;;;;N;FORMS DOWN SINGLE AND LEFT DOUBLE;;;;
+2556;BOX DRAWINGS DOWN DOUBLE AND LEFT SINGLE;So;0;ON;;;;;N;FORMS DOWN DOUBLE AND LEFT SINGLE;;;;
+2557;BOX DRAWINGS DOUBLE DOWN AND LEFT;So;0;ON;;;;;N;FORMS DOUBLE DOWN AND LEFT;;;;
+2558;BOX DRAWINGS UP SINGLE AND RIGHT DOUBLE;So;0;ON;;;;;N;FORMS UP SINGLE AND RIGHT DOUBLE;;;;
+2559;BOX DRAWINGS UP DOUBLE AND RIGHT SINGLE;So;0;ON;;;;;N;FORMS UP DOUBLE AND RIGHT SINGLE;;;;
+255A;BOX DRAWINGS DOUBLE UP AND RIGHT;So;0;ON;;;;;N;FORMS DOUBLE UP AND RIGHT;;;;
+255B;BOX DRAWINGS UP SINGLE AND LEFT DOUBLE;So;0;ON;;;;;N;FORMS UP SINGLE AND LEFT DOUBLE;;;;
+255C;BOX DRAWINGS UP DOUBLE AND LEFT SINGLE;So;0;ON;;;;;N;FORMS UP DOUBLE AND LEFT SINGLE;;;;
+255D;BOX DRAWINGS DOUBLE UP AND LEFT;So;0;ON;;;;;N;FORMS DOUBLE UP AND LEFT;;;;
+255E;BOX DRAWINGS VERTICAL SINGLE AND RIGHT DOUBLE;So;0;ON;;;;;N;FORMS VERTICAL SINGLE AND RIGHT DOUBLE;;;;
+255F;BOX DRAWINGS VERTICAL DOUBLE AND RIGHT SINGLE;So;0;ON;;;;;N;FORMS VERTICAL DOUBLE AND RIGHT SINGLE;;;;
+2560;BOX DRAWINGS DOUBLE VERTICAL AND RIGHT;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL AND RIGHT;;;;
+2561;BOX DRAWINGS VERTICAL SINGLE AND LEFT DOUBLE;So;0;ON;;;;;N;FORMS VERTICAL SINGLE AND LEFT DOUBLE;;;;
+2562;BOX DRAWINGS VERTICAL DOUBLE AND LEFT SINGLE;So;0;ON;;;;;N;FORMS VERTICAL DOUBLE AND LEFT SINGLE;;;;
+2563;BOX DRAWINGS DOUBLE VERTICAL AND LEFT;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL AND LEFT;;;;
+2564;BOX DRAWINGS DOWN SINGLE AND HORIZONTAL DOUBLE;So;0;ON;;;;;N;FORMS DOWN SINGLE AND HORIZONTAL DOUBLE;;;;
+2565;BOX DRAWINGS DOWN DOUBLE AND HORIZONTAL SINGLE;So;0;ON;;;;;N;FORMS DOWN DOUBLE AND HORIZONTAL SINGLE;;;;
+2566;BOX DRAWINGS DOUBLE DOWN AND HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE DOWN AND HORIZONTAL;;;;
+2567;BOX DRAWINGS UP SINGLE AND HORIZONTAL DOUBLE;So;0;ON;;;;;N;FORMS UP SINGLE AND HORIZONTAL DOUBLE;;;;
+2568;BOX DRAWINGS UP DOUBLE AND HORIZONTAL SINGLE;So;0;ON;;;;;N;FORMS UP DOUBLE AND HORIZONTAL SINGLE;;;;
+2569;BOX DRAWINGS DOUBLE UP AND HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE UP AND HORIZONTAL;;;;
+256A;BOX DRAWINGS VERTICAL SINGLE AND HORIZONTAL DOUBLE;So;0;ON;;;;;N;FORMS VERTICAL SINGLE AND HORIZONTAL DOUBLE;;;;
+256B;BOX DRAWINGS VERTICAL DOUBLE AND HORIZONTAL SINGLE;So;0;ON;;;;;N;FORMS VERTICAL DOUBLE AND HORIZONTAL SINGLE;;;;
+256C;BOX DRAWINGS DOUBLE VERTICAL AND HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL AND HORIZONTAL;;;;
+256D;BOX DRAWINGS LIGHT ARC DOWN AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT ARC DOWN AND RIGHT;;;;
+256E;BOX DRAWINGS LIGHT ARC DOWN AND LEFT;So;0;ON;;;;;N;FORMS LIGHT ARC DOWN AND LEFT;;;;
+256F;BOX DRAWINGS LIGHT ARC UP AND LEFT;So;0;ON;;;;;N;FORMS LIGHT ARC UP AND LEFT;;;;
+2570;BOX DRAWINGS LIGHT ARC UP AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT ARC UP AND RIGHT;;;;
+2571;BOX DRAWINGS LIGHT DIAGONAL UPPER RIGHT TO LOWER LEFT;So;0;ON;;;;;N;FORMS LIGHT DIAGONAL UPPER RIGHT TO LOWER LEFT;;;;
+2572;BOX DRAWINGS LIGHT DIAGONAL UPPER LEFT TO LOWER RIGHT;So;0;ON;;;;;N;FORMS LIGHT DIAGONAL UPPER LEFT TO LOWER RIGHT;;;;
+2573;BOX DRAWINGS LIGHT DIAGONAL CROSS;So;0;ON;;;;;N;FORMS LIGHT DIAGONAL CROSS;;;;
+2574;BOX DRAWINGS LIGHT LEFT;So;0;ON;;;;;N;FORMS LIGHT LEFT;;;;
+2575;BOX DRAWINGS LIGHT UP;So;0;ON;;;;;N;FORMS LIGHT UP;;;;
+2576;BOX DRAWINGS LIGHT RIGHT;So;0;ON;;;;;N;FORMS LIGHT RIGHT;;;;
+2577;BOX DRAWINGS LIGHT DOWN;So;0;ON;;;;;N;FORMS LIGHT DOWN;;;;
+2578;BOX DRAWINGS HEAVY LEFT;So;0;ON;;;;;N;FORMS HEAVY LEFT;;;;
+2579;BOX DRAWINGS HEAVY UP;So;0;ON;;;;;N;FORMS HEAVY UP;;;;
+257A;BOX DRAWINGS HEAVY RIGHT;So;0;ON;;;;;N;FORMS HEAVY RIGHT;;;;
+257B;BOX DRAWINGS HEAVY DOWN;So;0;ON;;;;;N;FORMS HEAVY DOWN;;;;
+257C;BOX DRAWINGS LIGHT LEFT AND HEAVY RIGHT;So;0;ON;;;;;N;FORMS LIGHT LEFT AND HEAVY RIGHT;;;;
+257D;BOX DRAWINGS LIGHT UP AND HEAVY DOWN;So;0;ON;;;;;N;FORMS LIGHT UP AND HEAVY DOWN;;;;
+257E;BOX DRAWINGS HEAVY LEFT AND LIGHT RIGHT;So;0;ON;;;;;N;FORMS HEAVY LEFT AND LIGHT RIGHT;;;;
+257F;BOX DRAWINGS HEAVY UP AND LIGHT DOWN;So;0;ON;;;;;N;FORMS HEAVY UP AND LIGHT DOWN;;;;
+2580;UPPER HALF BLOCK;So;0;ON;;;;;N;;;;;
+2581;LOWER ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;;
+2582;LOWER ONE QUARTER BLOCK;So;0;ON;;;;;N;;;;;
+2583;LOWER THREE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;;
+2584;LOWER HALF BLOCK;So;0;ON;;;;;N;;;;;
+2585;LOWER FIVE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;;
+2586;LOWER THREE QUARTERS BLOCK;So;0;ON;;;;;N;LOWER THREE QUARTER BLOCK;;;;
+2587;LOWER SEVEN EIGHTHS BLOCK;So;0;ON;;;;;N;;;;;
+2588;FULL BLOCK;So;0;ON;;;;;N;;;;;
+2589;LEFT SEVEN EIGHTHS BLOCK;So;0;ON;;;;;N;;;;;
+258A;LEFT THREE QUARTERS BLOCK;So;0;ON;;;;;N;LEFT THREE QUARTER BLOCK;;;;
+258B;LEFT FIVE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;;
+258C;LEFT HALF BLOCK;So;0;ON;;;;;N;;;;;
+258D;LEFT THREE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;;
+258E;LEFT ONE QUARTER BLOCK;So;0;ON;;;;;N;;;;;
+258F;LEFT ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;;
+2590;RIGHT HALF BLOCK;So;0;ON;;;;;N;;;;;
+2591;LIGHT SHADE;So;0;ON;;;;;N;;;;;
+2592;MEDIUM SHADE;So;0;ON;;;;;N;;;;;
+2593;DARK SHADE;So;0;ON;;;;;N;;;;;
+2594;UPPER ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;;
+2595;RIGHT ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;;
+2596;QUADRANT LOWER LEFT;So;0;ON;;;;;N;;;;;
+2597;QUADRANT LOWER RIGHT;So;0;ON;;;;;N;;;;;
+2598;QUADRANT UPPER LEFT;So;0;ON;;;;;N;;;;;
+2599;QUADRANT UPPER LEFT AND LOWER LEFT AND LOWER RIGHT;So;0;ON;;;;;N;;;;;
+259A;QUADRANT UPPER LEFT AND LOWER RIGHT;So;0;ON;;;;;N;;;;;
+259B;QUADRANT UPPER LEFT AND UPPER RIGHT AND LOWER LEFT;So;0;ON;;;;;N;;;;;
+259C;QUADRANT UPPER LEFT AND UPPER RIGHT AND LOWER RIGHT;So;0;ON;;;;;N;;;;;
+259D;QUADRANT UPPER RIGHT;So;0;ON;;;;;N;;;;;
+259E;QUADRANT UPPER RIGHT AND LOWER LEFT;So;0;ON;;;;;N;;;;;
+259F;QUADRANT UPPER RIGHT AND LOWER LEFT AND LOWER RIGHT;So;0;ON;;;;;N;;;;;
+25A0;BLACK SQUARE;So;0;ON;;;;;N;;;;;
+25A1;WHITE SQUARE;So;0;ON;;;;;N;;;;;
+25A2;WHITE SQUARE WITH ROUNDED CORNERS;So;0;ON;;;;;N;;;;;
+25A3;WHITE SQUARE CONTAINING BLACK SMALL SQUARE;So;0;ON;;;;;N;;;;;
+25A4;SQUARE WITH HORIZONTAL FILL;So;0;ON;;;;;N;;;;;
+25A5;SQUARE WITH VERTICAL FILL;So;0;ON;;;;;N;;;;;
+25A6;SQUARE WITH ORTHOGONAL CROSSHATCH FILL;So;0;ON;;;;;N;;;;;
+25A7;SQUARE WITH UPPER LEFT TO LOWER RIGHT FILL;So;0;ON;;;;;N;;;;;
+25A8;SQUARE WITH UPPER RIGHT TO LOWER LEFT FILL;So;0;ON;;;;;N;;;;;
+25A9;SQUARE WITH DIAGONAL CROSSHATCH FILL;So;0;ON;;;;;N;;;;;
+25AA;BLACK SMALL SQUARE;So;0;ON;;;;;N;;;;;
+25AB;WHITE SMALL SQUARE;So;0;ON;;;;;N;;;;;
+25AC;BLACK RECTANGLE;So;0;ON;;;;;N;;;;;
+25AD;WHITE RECTANGLE;So;0;ON;;;;;N;;;;;
+25AE;BLACK VERTICAL RECTANGLE;So;0;ON;;;;;N;;;;;
+25AF;WHITE VERTICAL RECTANGLE;So;0;ON;;;;;N;;;;;
+25B0;BLACK PARALLELOGRAM;So;0;ON;;;;;N;;;;;
+25B1;WHITE PARALLELOGRAM;So;0;ON;;;;;N;;;;;
+25B2;BLACK UP-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK UP POINTING TRIANGLE;;;;
+25B3;WHITE UP-POINTING TRIANGLE;So;0;ON;;;;;N;WHITE UP POINTING TRIANGLE;;;;
+25B4;BLACK UP-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK UP POINTING SMALL TRIANGLE;;;;
+25B5;WHITE UP-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE UP POINTING SMALL TRIANGLE;;;;
+25B6;BLACK RIGHT-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK RIGHT POINTING TRIANGLE;;;;
+25B7;WHITE RIGHT-POINTING TRIANGLE;Sm;0;ON;;;;;N;WHITE RIGHT POINTING TRIANGLE;;;;
+25B8;BLACK RIGHT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK RIGHT POINTING SMALL TRIANGLE;;;;
+25B9;WHITE RIGHT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE RIGHT POINTING SMALL TRIANGLE;;;;
+25BA;BLACK RIGHT-POINTING POINTER;So;0;ON;;;;;N;BLACK RIGHT POINTING POINTER;;;;
+25BB;WHITE RIGHT-POINTING POINTER;So;0;ON;;;;;N;WHITE RIGHT POINTING POINTER;;;;
+25BC;BLACK DOWN-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK DOWN POINTING TRIANGLE;;;;
+25BD;WHITE DOWN-POINTING TRIANGLE;So;0;ON;;;;;N;WHITE DOWN POINTING TRIANGLE;;;;
+25BE;BLACK DOWN-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK DOWN POINTING SMALL TRIANGLE;;;;
+25BF;WHITE DOWN-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE DOWN POINTING SMALL TRIANGLE;;;;
+25C0;BLACK LEFT-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK LEFT POINTING TRIANGLE;;;;
+25C1;WHITE LEFT-POINTING TRIANGLE;Sm;0;ON;;;;;N;WHITE LEFT POINTING TRIANGLE;;;;
+25C2;BLACK LEFT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK LEFT POINTING SMALL TRIANGLE;;;;
+25C3;WHITE LEFT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE LEFT POINTING SMALL TRIANGLE;;;;
+25C4;BLACK LEFT-POINTING POINTER;So;0;ON;;;;;N;BLACK LEFT POINTING POINTER;;;;
+25C5;WHITE LEFT-POINTING POINTER;So;0;ON;;;;;N;WHITE LEFT POINTING POINTER;;;;
+25C6;BLACK DIAMOND;So;0;ON;;;;;N;;;;;
+25C7;WHITE DIAMOND;So;0;ON;;;;;N;;;;;
+25C8;WHITE DIAMOND CONTAINING BLACK SMALL DIAMOND;So;0;ON;;;;;N;;;;;
+25C9;FISHEYE;So;0;ON;;;;;N;;;;;
+25CA;LOZENGE;So;0;ON;;;;;N;;;;;
+25CB;WHITE CIRCLE;So;0;ON;;;;;N;;;;;
+25CC;DOTTED CIRCLE;So;0;ON;;;;;N;;;;;
+25CD;CIRCLE WITH VERTICAL FILL;So;0;ON;;;;;N;;;;;
+25CE;BULLSEYE;So;0;ON;;;;;N;;;;;
+25CF;BLACK CIRCLE;So;0;ON;;;;;N;;;;;
+25D0;CIRCLE WITH LEFT HALF BLACK;So;0;ON;;;;;N;;;;;
+25D1;CIRCLE WITH RIGHT HALF BLACK;So;0;ON;;;;;N;;;;;
+25D2;CIRCLE WITH LOWER HALF BLACK;So;0;ON;;;;;N;;;;;
+25D3;CIRCLE WITH UPPER HALF BLACK;So;0;ON;;;;;N;;;;;
+25D4;CIRCLE WITH UPPER RIGHT QUADRANT BLACK;So;0;ON;;;;;N;;;;;
+25D5;CIRCLE WITH ALL BUT UPPER LEFT QUADRANT BLACK;So;0;ON;;;;;N;;;;;
+25D6;LEFT HALF BLACK CIRCLE;So;0;ON;;;;;N;;;;;
+25D7;RIGHT HALF BLACK CIRCLE;So;0;ON;;;;;N;;;;;
+25D8;INVERSE BULLET;So;0;ON;;;;;N;;;;;
+25D9;INVERSE WHITE CIRCLE;So;0;ON;;;;;N;;;;;
+25DA;UPPER HALF INVERSE WHITE CIRCLE;So;0;ON;;;;;N;;;;;
+25DB;LOWER HALF INVERSE WHITE CIRCLE;So;0;ON;;;;;N;;;;;
+25DC;UPPER LEFT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;;
+25DD;UPPER RIGHT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;;
+25DE;LOWER RIGHT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;;
+25DF;LOWER LEFT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;;
+25E0;UPPER HALF CIRCLE;So;0;ON;;;;;N;;;;;
+25E1;LOWER HALF CIRCLE;So;0;ON;;;;;N;;;;;
+25E2;BLACK LOWER RIGHT TRIANGLE;So;0;ON;;;;;N;;;;;
+25E3;BLACK LOWER LEFT TRIANGLE;So;0;ON;;;;;N;;;;;
+25E4;BLACK UPPER LEFT TRIANGLE;So;0;ON;;;;;N;;;;;
+25E5;BLACK UPPER RIGHT TRIANGLE;So;0;ON;;;;;N;;;;;
+25E6;WHITE BULLET;So;0;ON;;;;;N;;;;;
+25E7;SQUARE WITH LEFT HALF BLACK;So;0;ON;;;;;N;;;;;
+25E8;SQUARE WITH RIGHT HALF BLACK;So;0;ON;;;;;N;;;;;
+25E9;SQUARE WITH UPPER LEFT DIAGONAL HALF BLACK;So;0;ON;;;;;N;;;;;
+25EA;SQUARE WITH LOWER RIGHT DIAGONAL HALF BLACK;So;0;ON;;;;;N;;;;;
+25EB;WHITE SQUARE WITH VERTICAL BISECTING LINE;So;0;ON;;;;;N;;;;;
+25EC;WHITE UP-POINTING TRIANGLE WITH DOT;So;0;ON;;;;;N;WHITE UP POINTING TRIANGLE WITH DOT;;;;
+25ED;UP-POINTING TRIANGLE WITH LEFT HALF BLACK;So;0;ON;;;;;N;UP POINTING TRIANGLE WITH LEFT HALF BLACK;;;;
+25EE;UP-POINTING TRIANGLE WITH RIGHT HALF BLACK;So;0;ON;;;;;N;UP POINTING TRIANGLE WITH RIGHT HALF BLACK;;;;
+25EF;LARGE CIRCLE;So;0;ON;;;;;N;;;;;
+25F0;WHITE SQUARE WITH UPPER LEFT QUADRANT;So;0;ON;;;;;N;;;;;
+25F1;WHITE SQUARE WITH LOWER LEFT QUADRANT;So;0;ON;;;;;N;;;;;
+25F2;WHITE SQUARE WITH LOWER RIGHT QUADRANT;So;0;ON;;;;;N;;;;;
+25F3;WHITE SQUARE WITH UPPER RIGHT QUADRANT;So;0;ON;;;;;N;;;;;
+25F4;WHITE CIRCLE WITH UPPER LEFT QUADRANT;So;0;ON;;;;;N;;;;;
+25F5;WHITE CIRCLE WITH LOWER LEFT QUADRANT;So;0;ON;;;;;N;;;;;
+25F6;WHITE CIRCLE WITH LOWER RIGHT QUADRANT;So;0;ON;;;;;N;;;;;
+25F7;WHITE CIRCLE WITH UPPER RIGHT QUADRANT;So;0;ON;;;;;N;;;;;
+25F8;UPPER LEFT TRIANGLE;Sm;0;ON;;;;;N;;;;;
+25F9;UPPER RIGHT TRIANGLE;Sm;0;ON;;;;;N;;;;;
+25FA;LOWER LEFT TRIANGLE;Sm;0;ON;;;;;N;;;;;
+25FB;WHITE MEDIUM SQUARE;Sm;0;ON;;;;;N;;;;;
+25FC;BLACK MEDIUM SQUARE;Sm;0;ON;;;;;N;;;;;
+25FD;WHITE MEDIUM SMALL SQUARE;Sm;0;ON;;;;;N;;;;;
+25FE;BLACK MEDIUM SMALL SQUARE;Sm;0;ON;;;;;N;;;;;
+25FF;LOWER RIGHT TRIANGLE;Sm;0;ON;;;;;N;;;;;
+2600;BLACK SUN WITH RAYS;So;0;ON;;;;;N;;;;;
+2601;CLOUD;So;0;ON;;;;;N;;;;;
+2602;UMBRELLA;So;0;ON;;;;;N;;;;;
+2603;SNOWMAN;So;0;ON;;;;;N;;;;;
+2604;COMET;So;0;ON;;;;;N;;;;;
+2605;BLACK STAR;So;0;ON;;;;;N;;;;;
+2606;WHITE STAR;So;0;ON;;;;;N;;;;;
+2607;LIGHTNING;So;0;ON;;;;;N;;;;;
+2608;THUNDERSTORM;So;0;ON;;;;;N;;;;;
+2609;SUN;So;0;ON;;;;;N;;;;;
+260A;ASCENDING NODE;So;0;ON;;;;;N;;;;;
+260B;DESCENDING NODE;So;0;ON;;;;;N;;;;;
+260C;CONJUNCTION;So;0;ON;;;;;N;;;;;
+260D;OPPOSITION;So;0;ON;;;;;N;;;;;
+260E;BLACK TELEPHONE;So;0;ON;;;;;N;;;;;
+260F;WHITE TELEPHONE;So;0;ON;;;;;N;;;;;
+2610;BALLOT BOX;So;0;ON;;;;;N;;;;;
+2611;BALLOT BOX WITH CHECK;So;0;ON;;;;;N;;;;;
+2612;BALLOT BOX WITH X;So;0;ON;;;;;N;;;;;
+2613;SALTIRE;So;0;ON;;;;;N;;;;;
+2616;WHITE SHOGI PIECE;So;0;ON;;;;;N;;;;;
+2617;BLACK SHOGI PIECE;So;0;ON;;;;;N;;;;;
+2619;REVERSED ROTATED FLORAL HEART BULLET;So;0;ON;;;;;N;;;;;
+261A;BLACK LEFT POINTING INDEX;So;0;ON;;;;;N;;;;;
+261B;BLACK RIGHT POINTING INDEX;So;0;ON;;;;;N;;;;;
+261C;WHITE LEFT POINTING INDEX;So;0;ON;;;;;N;;;;;
+261D;WHITE UP POINTING INDEX;So;0;ON;;;;;N;;;;;
+261E;WHITE RIGHT POINTING INDEX;So;0;ON;;;;;N;;;;;
+261F;WHITE DOWN POINTING INDEX;So;0;ON;;;;;N;;;;;
+2620;SKULL AND CROSSBONES;So;0;ON;;;;;N;;;;;
+2621;CAUTION SIGN;So;0;ON;;;;;N;;;;;
+2622;RADIOACTIVE SIGN;So;0;ON;;;;;N;;;;;
+2623;BIOHAZARD SIGN;So;0;ON;;;;;N;;;;;
+2624;CADUCEUS;So;0;ON;;;;;N;;;;;
+2625;ANKH;So;0;ON;;;;;N;;;;;
+2626;ORTHODOX CROSS;So;0;ON;;;;;N;;;;;
+2627;CHI RHO;So;0;ON;;;;;N;;;;;
+2628;CROSS OF LORRAINE;So;0;ON;;;;;N;;;;;
+2629;CROSS OF JERUSALEM;So;0;ON;;;;;N;;;;;
+262A;STAR AND CRESCENT;So;0;ON;;;;;N;;;;;
+262B;FARSI SYMBOL;So;0;ON;;;;;N;SYMBOL OF IRAN;;;;
+262C;ADI SHAKTI;So;0;ON;;;;;N;;;;;
+262D;HAMMER AND SICKLE;So;0;ON;;;;;N;;;;;
+262E;PEACE SYMBOL;So;0;ON;;;;;N;;;;;
+262F;YIN YANG;So;0;ON;;;;;N;;;;;
+2630;TRIGRAM FOR HEAVEN;So;0;ON;;;;;N;;;;;
+2631;TRIGRAM FOR LAKE;So;0;ON;;;;;N;;;;;
+2632;TRIGRAM FOR FIRE;So;0;ON;;;;;N;;;;;
+2633;TRIGRAM FOR THUNDER;So;0;ON;;;;;N;;;;;
+2634;TRIGRAM FOR WIND;So;0;ON;;;;;N;;;;;
+2635;TRIGRAM FOR WATER;So;0;ON;;;;;N;;;;;
+2636;TRIGRAM FOR MOUNTAIN;So;0;ON;;;;;N;;;;;
+2637;TRIGRAM FOR EARTH;So;0;ON;;;;;N;;;;;
+2638;WHEEL OF DHARMA;So;0;ON;;;;;N;;;;;
+2639;WHITE FROWNING FACE;So;0;ON;;;;;N;;;;;
+263A;WHITE SMILING FACE;So;0;ON;;;;;N;;;;;
+263B;BLACK SMILING FACE;So;0;ON;;;;;N;;;;;
+263C;WHITE SUN WITH RAYS;So;0;ON;;;;;N;;;;;
+263D;FIRST QUARTER MOON;So;0;ON;;;;;N;;;;;
+263E;LAST QUARTER MOON;So;0;ON;;;;;N;;;;;
+263F;MERCURY;So;0;ON;;;;;N;;;;;
+2640;FEMALE SIGN;So;0;ON;;;;;N;;;;;
+2641;EARTH;So;0;ON;;;;;N;;;;;
+2642;MALE SIGN;So;0;ON;;;;;N;;;;;
+2643;JUPITER;So;0;ON;;;;;N;;;;;
+2644;SATURN;So;0;ON;;;;;N;;;;;
+2645;URANUS;So;0;ON;;;;;N;;;;;
+2646;NEPTUNE;So;0;ON;;;;;N;;;;;
+2647;PLUTO;So;0;ON;;;;;N;;;;;
+2648;ARIES;So;0;ON;;;;;N;;;;;
+2649;TAURUS;So;0;ON;;;;;N;;;;;
+264A;GEMINI;So;0;ON;;;;;N;;;;;
+264B;CANCER;So;0;ON;;;;;N;;;;;
+264C;LEO;So;0;ON;;;;;N;;;;;
+264D;VIRGO;So;0;ON;;;;;N;;;;;
+264E;LIBRA;So;0;ON;;;;;N;;;;;
+264F;SCORPIUS;So;0;ON;;;;;N;;;;;
+2650;SAGITTARIUS;So;0;ON;;;;;N;;;;;
+2651;CAPRICORN;So;0;ON;;;;;N;;;;;
+2652;AQUARIUS;So;0;ON;;;;;N;;;;;
+2653;PISCES;So;0;ON;;;;;N;;;;;
+2654;WHITE CHESS KING;So;0;ON;;;;;N;;;;;
+2655;WHITE CHESS QUEEN;So;0;ON;;;;;N;;;;;
+2656;WHITE CHESS ROOK;So;0;ON;;;;;N;;;;;
+2657;WHITE CHESS BISHOP;So;0;ON;;;;;N;;;;;
+2658;WHITE CHESS KNIGHT;So;0;ON;;;;;N;;;;;
+2659;WHITE CHESS PAWN;So;0;ON;;;;;N;;;;;
+265A;BLACK CHESS KING;So;0;ON;;;;;N;;;;;
+265B;BLACK CHESS QUEEN;So;0;ON;;;;;N;;;;;
+265C;BLACK CHESS ROOK;So;0;ON;;;;;N;;;;;
+265D;BLACK CHESS BISHOP;So;0;ON;;;;;N;;;;;
+265E;BLACK CHESS KNIGHT;So;0;ON;;;;;N;;;;;
+265F;BLACK CHESS PAWN;So;0;ON;;;;;N;;;;;
+2660;BLACK SPADE SUIT;So;0;ON;;;;;N;;;;;
+2661;WHITE HEART SUIT;So;0;ON;;;;;N;;;;;
+2662;WHITE DIAMOND SUIT;So;0;ON;;;;;N;;;;;
+2663;BLACK CLUB SUIT;So;0;ON;;;;;N;;;;;
+2664;WHITE SPADE SUIT;So;0;ON;;;;;N;;;;;
+2665;BLACK HEART SUIT;So;0;ON;;;;;N;;;;;
+2666;BLACK DIAMOND SUIT;So;0;ON;;;;;N;;;;;
+2667;WHITE CLUB SUIT;So;0;ON;;;;;N;;;;;
+2668;HOT SPRINGS;So;0;ON;;;;;N;;;;;
+2669;QUARTER NOTE;So;0;ON;;;;;N;;;;;
+266A;EIGHTH NOTE;So;0;ON;;;;;N;;;;;
+266B;BEAMED EIGHTH NOTES;So;0;ON;;;;;N;BARRED EIGHTH NOTES;;;;
+266C;BEAMED SIXTEENTH NOTES;So;0;ON;;;;;N;BARRED SIXTEENTH NOTES;;;;
+266D;MUSIC FLAT SIGN;So;0;ON;;;;;N;FLAT;;;;
+266E;MUSIC NATURAL SIGN;So;0;ON;;;;;N;NATURAL;;;;
+266F;MUSIC SHARP SIGN;Sm;0;ON;;;;;N;SHARP;;;;
+2670;WEST SYRIAC CROSS;So;0;ON;;;;;N;;;;;
+2671;EAST SYRIAC CROSS;So;0;ON;;;;;N;;;;;
+2672;UNIVERSAL RECYCLING SYMBOL;So;0;ON;;;;;N;;;;;
+2673;RECYCLING SYMBOL FOR TYPE-1 PLASTICS;So;0;ON;;;;;N;;pete;;;
+2674;RECYCLING SYMBOL FOR TYPE-2 PLASTICS;So;0;ON;;;;;N;;hdpe;;;
+2675;RECYCLING SYMBOL FOR TYPE-3 PLASTICS;So;0;ON;;;;;N;;pvc;;;
+2676;RECYCLING SYMBOL FOR TYPE-4 PLASTICS;So;0;ON;;;;;N;;ldpe;;;
+2677;RECYCLING SYMBOL FOR TYPE-5 PLASTICS;So;0;ON;;;;;N;;pp;;;
+2678;RECYCLING SYMBOL FOR TYPE-6 PLASTICS;So;0;ON;;;;;N;;ps;;;
+2679;RECYCLING SYMBOL FOR TYPE-7 PLASTICS;So;0;ON;;;;;N;;other;;;
+267A;RECYCLING SYMBOL FOR GENERIC MATERIALS;So;0;ON;;;;;N;;;;;
+267B;BLACK UNIVERSAL RECYCLING SYMBOL;So;0;ON;;;;;N;;;;;
+267C;RECYCLED PAPER SYMBOL;So;0;ON;;;;;N;;;;;
+267D;PARTIALLY-RECYCLED PAPER SYMBOL;So;0;ON;;;;;N;;;;;
+2680;DIE FACE-1;So;0;ON;;;;;N;;;;;
+2681;DIE FACE-2;So;0;ON;;;;;N;;;;;
+2682;DIE FACE-3;So;0;ON;;;;;N;;;;;
+2683;DIE FACE-4;So;0;ON;;;;;N;;;;;
+2684;DIE FACE-5;So;0;ON;;;;;N;;;;;
+2685;DIE FACE-6;So;0;ON;;;;;N;;;;;
+2686;WHITE CIRCLE WITH DOT RIGHT;So;0;ON;;;;;N;;;;;
+2687;WHITE CIRCLE WITH TWO DOTS;So;0;ON;;;;;N;;;;;
+2688;BLACK CIRCLE WITH WHITE DOT RIGHT;So;0;ON;;;;;N;;;;;
+2689;BLACK CIRCLE WITH TWO WHITE DOTS;So;0;ON;;;;;N;;;;;
+2701;UPPER BLADE SCISSORS;So;0;ON;;;;;N;;;;;
+2702;BLACK SCISSORS;So;0;ON;;;;;N;;;;;
+2703;LOWER BLADE SCISSORS;So;0;ON;;;;;N;;;;;
+2704;WHITE SCISSORS;So;0;ON;;;;;N;;;;;
+2706;TELEPHONE LOCATION SIGN;So;0;ON;;;;;N;;;;;
+2707;TAPE DRIVE;So;0;ON;;;;;N;;;;;
+2708;AIRPLANE;So;0;ON;;;;;N;;;;;
+2709;ENVELOPE;So;0;ON;;;;;N;;;;;
+270C;VICTORY HAND;So;0;ON;;;;;N;;;;;
+270D;WRITING HAND;So;0;ON;;;;;N;;;;;
+270E;LOWER RIGHT PENCIL;So;0;ON;;;;;N;;;;;
+270F;PENCIL;So;0;ON;;;;;N;;;;;
+2710;UPPER RIGHT PENCIL;So;0;ON;;;;;N;;;;;
+2711;WHITE NIB;So;0;ON;;;;;N;;;;;
+2712;BLACK NIB;So;0;ON;;;;;N;;;;;
+2713;CHECK MARK;So;0;ON;;;;;N;;;;;
+2714;HEAVY CHECK MARK;So;0;ON;;;;;N;;;;;
+2715;MULTIPLICATION X;So;0;ON;;;;;N;;;;;
+2716;HEAVY MULTIPLICATION X;So;0;ON;;;;;N;;;;;
+2717;BALLOT X;So;0;ON;;;;;N;;;;;
+2718;HEAVY BALLOT X;So;0;ON;;;;;N;;;;;
+2719;OUTLINED GREEK CROSS;So;0;ON;;;;;N;;;;;
+271A;HEAVY GREEK CROSS;So;0;ON;;;;;N;;;;;
+271B;OPEN CENTRE CROSS;So;0;ON;;;;;N;OPEN CENTER CROSS;;;;
+271C;HEAVY OPEN CENTRE CROSS;So;0;ON;;;;;N;HEAVY OPEN CENTER CROSS;;;;
+271D;LATIN CROSS;So;0;ON;;;;;N;;;;;
+271E;SHADOWED WHITE LATIN CROSS;So;0;ON;;;;;N;;;;;
+271F;OUTLINED LATIN CROSS;So;0;ON;;;;;N;;;;;
+2720;MALTESE CROSS;So;0;ON;;;;;N;;;;;
+2721;STAR OF DAVID;So;0;ON;;;;;N;;;;;
+2722;FOUR TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+2723;FOUR BALLOON-SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+2724;HEAVY FOUR BALLOON-SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+2725;FOUR CLUB-SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+2726;BLACK FOUR POINTED STAR;So;0;ON;;;;;N;;;;;
+2727;WHITE FOUR POINTED STAR;So;0;ON;;;;;N;;;;;
+2729;STRESS OUTLINED WHITE STAR;So;0;ON;;;;;N;;;;;
+272A;CIRCLED WHITE STAR;So;0;ON;;;;;N;;;;;
+272B;OPEN CENTRE BLACK STAR;So;0;ON;;;;;N;OPEN CENTER BLACK STAR;;;;
+272C;BLACK CENTRE WHITE STAR;So;0;ON;;;;;N;BLACK CENTER WHITE STAR;;;;
+272D;OUTLINED BLACK STAR;So;0;ON;;;;;N;;;;;
+272E;HEAVY OUTLINED BLACK STAR;So;0;ON;;;;;N;;;;;
+272F;PINWHEEL STAR;So;0;ON;;;;;N;;;;;
+2730;SHADOWED WHITE STAR;So;0;ON;;;;;N;;;;;
+2731;HEAVY ASTERISK;So;0;ON;;;;;N;;;;;
+2732;OPEN CENTRE ASTERISK;So;0;ON;;;;;N;OPEN CENTER ASTERISK;;;;
+2733;EIGHT SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+2734;EIGHT POINTED BLACK STAR;So;0;ON;;;;;N;;;;;
+2735;EIGHT POINTED PINWHEEL STAR;So;0;ON;;;;;N;;;;;
+2736;SIX POINTED BLACK STAR;So;0;ON;;;;;N;;;;;
+2737;EIGHT POINTED RECTILINEAR BLACK STAR;So;0;ON;;;;;N;;;;;
+2738;HEAVY EIGHT POINTED RECTILINEAR BLACK STAR;So;0;ON;;;;;N;;;;;
+2739;TWELVE POINTED BLACK STAR;So;0;ON;;;;;N;;;;;
+273A;SIXTEEN POINTED ASTERISK;So;0;ON;;;;;N;;;;;
+273B;TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+273C;OPEN CENTRE TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;OPEN CENTER TEARDROP-SPOKED ASTERISK;;;;
+273D;HEAVY TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+273E;SIX PETALLED BLACK AND WHITE FLORETTE;So;0;ON;;;;;N;;;;;
+273F;BLACK FLORETTE;So;0;ON;;;;;N;;;;;
+2740;WHITE FLORETTE;So;0;ON;;;;;N;;;;;
+2741;EIGHT PETALLED OUTLINED BLACK FLORETTE;So;0;ON;;;;;N;;;;;
+2742;CIRCLED OPEN CENTRE EIGHT POINTED STAR;So;0;ON;;;;;N;CIRCLED OPEN CENTER EIGHT POINTED STAR;;;;
+2743;HEAVY TEARDROP-SPOKED PINWHEEL ASTERISK;So;0;ON;;;;;N;;;;;
+2744;SNOWFLAKE;So;0;ON;;;;;N;;;;;
+2745;TIGHT TRIFOLIATE SNOWFLAKE;So;0;ON;;;;;N;;;;;
+2746;HEAVY CHEVRON SNOWFLAKE;So;0;ON;;;;;N;;;;;
+2747;SPARKLE;So;0;ON;;;;;N;;;;;
+2748;HEAVY SPARKLE;So;0;ON;;;;;N;;;;;
+2749;BALLOON-SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+274A;EIGHT TEARDROP-SPOKED PROPELLER ASTERISK;So;0;ON;;;;;N;;;;;
+274B;HEAVY EIGHT TEARDROP-SPOKED PROPELLER ASTERISK;So;0;ON;;;;;N;;;;;
+274D;SHADOWED WHITE CIRCLE;So;0;ON;;;;;N;;;;;
+274F;LOWER RIGHT DROP-SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;;
+2750;UPPER RIGHT DROP-SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;;
+2751;LOWER RIGHT SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;;
+2752;UPPER RIGHT SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;;
+2756;BLACK DIAMOND MINUS WHITE X;So;0;ON;;;;;N;;;;;
+2758;LIGHT VERTICAL BAR;So;0;ON;;;;;N;;;;;
+2759;MEDIUM VERTICAL BAR;So;0;ON;;;;;N;;;;;
+275A;HEAVY VERTICAL BAR;So;0;ON;;;;;N;;;;;
+275B;HEAVY SINGLE TURNED COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;;
+275C;HEAVY SINGLE COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;;
+275D;HEAVY DOUBLE TURNED COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;;
+275E;HEAVY DOUBLE COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;;
+2761;CURVED STEM PARAGRAPH SIGN ORNAMENT;So;0;ON;;;;;N;;;;;
+2762;HEAVY EXCLAMATION MARK ORNAMENT;So;0;ON;;;;;N;;;;;
+2763;HEAVY HEART EXCLAMATION MARK ORNAMENT;So;0;ON;;;;;N;;;;;
+2764;HEAVY BLACK HEART;So;0;ON;;;;;N;;;;;
+2765;ROTATED HEAVY BLACK HEART BULLET;So;0;ON;;;;;N;;;;;
+2766;FLORAL HEART;So;0;ON;;;;;N;;;;;
+2767;ROTATED FLORAL HEART BULLET;So;0;ON;;;;;N;;;;;
+2768;MEDIUM LEFT PARENTHESIS ORNAMENT;Ps;0;ON;;;;;Y;;;;;
+2769;MEDIUM RIGHT PARENTHESIS ORNAMENT;Pe;0;ON;;;;;Y;;;;;
+276A;MEDIUM FLATTENED LEFT PARENTHESIS ORNAMENT;Ps;0;ON;;;;;Y;;;;;
+276B;MEDIUM FLATTENED RIGHT PARENTHESIS ORNAMENT;Pe;0;ON;;;;;Y;;;;;
+276C;MEDIUM LEFT-POINTING ANGLE BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;;
+276D;MEDIUM RIGHT-POINTING ANGLE BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;;
+276E;HEAVY LEFT-POINTING ANGLE QUOTATION MARK ORNAMENT;Ps;0;ON;;;;;Y;;;;;
+276F;HEAVY RIGHT-POINTING ANGLE QUOTATION MARK ORNAMENT;Pe;0;ON;;;;;Y;;;;;
+2770;HEAVY LEFT-POINTING ANGLE BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;;
+2771;HEAVY RIGHT-POINTING ANGLE BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;;
+2772;LIGHT LEFT TORTOISE SHELL BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;;
+2773;LIGHT RIGHT TORTOISE SHELL BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;;
+2774;MEDIUM LEFT CURLY BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;;
+2775;MEDIUM RIGHT CURLY BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;;
+2776;DINGBAT NEGATIVE CIRCLED DIGIT ONE;No;0;ON;;;1;1;N;INVERSE CIRCLED DIGIT ONE;;;;
+2777;DINGBAT NEGATIVE CIRCLED DIGIT TWO;No;0;ON;;;2;2;N;INVERSE CIRCLED DIGIT TWO;;;;
+2778;DINGBAT NEGATIVE CIRCLED DIGIT THREE;No;0;ON;;;3;3;N;INVERSE CIRCLED DIGIT THREE;;;;
+2779;DINGBAT NEGATIVE CIRCLED DIGIT FOUR;No;0;ON;;;4;4;N;INVERSE CIRCLED DIGIT FOUR;;;;
+277A;DINGBAT NEGATIVE CIRCLED DIGIT FIVE;No;0;ON;;;5;5;N;INVERSE CIRCLED DIGIT FIVE;;;;
+277B;DINGBAT NEGATIVE CIRCLED DIGIT SIX;No;0;ON;;;6;6;N;INVERSE CIRCLED DIGIT SIX;;;;
+277C;DINGBAT NEGATIVE CIRCLED DIGIT SEVEN;No;0;ON;;;7;7;N;INVERSE CIRCLED DIGIT SEVEN;;;;
+277D;DINGBAT NEGATIVE CIRCLED DIGIT EIGHT;No;0;ON;;;8;8;N;INVERSE CIRCLED DIGIT EIGHT;;;;
+277E;DINGBAT NEGATIVE CIRCLED DIGIT NINE;No;0;ON;;;9;9;N;INVERSE CIRCLED DIGIT NINE;;;;
+277F;DINGBAT NEGATIVE CIRCLED NUMBER TEN;No;0;ON;;;;10;N;INVERSE CIRCLED NUMBER TEN;;;;
+2780;DINGBAT CIRCLED SANS-SERIF DIGIT ONE;No;0;ON;;;1;1;N;CIRCLED SANS-SERIF DIGIT ONE;;;;
+2781;DINGBAT CIRCLED SANS-SERIF DIGIT TWO;No;0;ON;;;2;2;N;CIRCLED SANS-SERIF DIGIT TWO;;;;
+2782;DINGBAT CIRCLED SANS-SERIF DIGIT THREE;No;0;ON;;;3;3;N;CIRCLED SANS-SERIF DIGIT THREE;;;;
+2783;DINGBAT CIRCLED SANS-SERIF DIGIT FOUR;No;0;ON;;;4;4;N;CIRCLED SANS-SERIF DIGIT FOUR;;;;
+2784;DINGBAT CIRCLED SANS-SERIF DIGIT FIVE;No;0;ON;;;5;5;N;CIRCLED SANS-SERIF DIGIT FIVE;;;;
+2785;DINGBAT CIRCLED SANS-SERIF DIGIT SIX;No;0;ON;;;6;6;N;CIRCLED SANS-SERIF DIGIT SIX;;;;
+2786;DINGBAT CIRCLED SANS-SERIF DIGIT SEVEN;No;0;ON;;;7;7;N;CIRCLED SANS-SERIF DIGIT SEVEN;;;;
+2787;DINGBAT CIRCLED SANS-SERIF DIGIT EIGHT;No;0;ON;;;8;8;N;CIRCLED SANS-SERIF DIGIT EIGHT;;;;
+2788;DINGBAT CIRCLED SANS-SERIF DIGIT NINE;No;0;ON;;;9;9;N;CIRCLED SANS-SERIF DIGIT NINE;;;;
+2789;DINGBAT CIRCLED SANS-SERIF NUMBER TEN;No;0;ON;;;;10;N;CIRCLED SANS-SERIF NUMBER TEN;;;;
+278A;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT ONE;No;0;ON;;;1;1;N;INVERSE CIRCLED SANS-SERIF DIGIT ONE;;;;
+278B;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT TWO;No;0;ON;;;2;2;N;INVERSE CIRCLED SANS-SERIF DIGIT TWO;;;;
+278C;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT THREE;No;0;ON;;;3;3;N;INVERSE CIRCLED SANS-SERIF DIGIT THREE;;;;
+278D;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT FOUR;No;0;ON;;;4;4;N;INVERSE CIRCLED SANS-SERIF DIGIT FOUR;;;;
+278E;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT FIVE;No;0;ON;;;5;5;N;INVERSE CIRCLED SANS-SERIF DIGIT FIVE;;;;
+278F;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT SIX;No;0;ON;;;6;6;N;INVERSE CIRCLED SANS-SERIF DIGIT SIX;;;;
+2790;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT SEVEN;No;0;ON;;;7;7;N;INVERSE CIRCLED SANS-SERIF DIGIT SEVEN;;;;
+2791;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT EIGHT;No;0;ON;;;8;8;N;INVERSE CIRCLED SANS-SERIF DIGIT EIGHT;;;;
+2792;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT NINE;No;0;ON;;;9;9;N;INVERSE CIRCLED SANS-SERIF DIGIT NINE;;;;
+2793;DINGBAT NEGATIVE CIRCLED SANS-SERIF NUMBER TEN;No;0;ON;;;;10;N;INVERSE CIRCLED SANS-SERIF NUMBER TEN;;;;
+2794;HEAVY WIDE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY WIDE-HEADED RIGHT ARROW;;;;
+2798;HEAVY SOUTH EAST ARROW;So;0;ON;;;;;N;HEAVY LOWER RIGHT ARROW;;;;
+2799;HEAVY RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY RIGHT ARROW;;;;
+279A;HEAVY NORTH EAST ARROW;So;0;ON;;;;;N;HEAVY UPPER RIGHT ARROW;;;;
+279B;DRAFTING POINT RIGHTWARDS ARROW;So;0;ON;;;;;N;DRAFTING POINT RIGHT ARROW;;;;
+279C;HEAVY ROUND-TIPPED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY ROUND-TIPPED RIGHT ARROW;;;;
+279D;TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;TRIANGLE-HEADED RIGHT ARROW;;;;
+279E;HEAVY TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY TRIANGLE-HEADED RIGHT ARROW;;;;
+279F;DASHED TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;DASHED TRIANGLE-HEADED RIGHT ARROW;;;;
+27A0;HEAVY DASHED TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY DASHED TRIANGLE-HEADED RIGHT ARROW;;;;
+27A1;BLACK RIGHTWARDS ARROW;So;0;ON;;;;;N;BLACK RIGHT ARROW;;;;
+27A2;THREE-D TOP-LIGHTED RIGHTWARDS ARROWHEAD;So;0;ON;;;;;N;THREE-D TOP-LIGHTED RIGHT ARROWHEAD;;;;
+27A3;THREE-D BOTTOM-LIGHTED RIGHTWARDS ARROWHEAD;So;0;ON;;;;;N;THREE-D BOTTOM-LIGHTED RIGHT ARROWHEAD;;;;
+27A4;BLACK RIGHTWARDS ARROWHEAD;So;0;ON;;;;;N;BLACK RIGHT ARROWHEAD;;;;
+27A5;HEAVY BLACK CURVED DOWNWARDS AND RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY BLACK CURVED DOWN AND RIGHT ARROW;;;;
+27A6;HEAVY BLACK CURVED UPWARDS AND RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY BLACK CURVED UP AND RIGHT ARROW;;;;
+27A7;SQUAT BLACK RIGHTWARDS ARROW;So;0;ON;;;;;N;SQUAT BLACK RIGHT ARROW;;;;
+27A8;HEAVY CONCAVE-POINTED BLACK RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY CONCAVE-POINTED BLACK RIGHT ARROW;;;;
+27A9;RIGHT-SHADED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;RIGHT-SHADED WHITE RIGHT ARROW;;;;
+27AA;LEFT-SHADED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;LEFT-SHADED WHITE RIGHT ARROW;;;;
+27AB;BACK-TILTED SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;BACK-TILTED SHADOWED WHITE RIGHT ARROW;;;;
+27AC;FRONT-TILTED SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;FRONT-TILTED SHADOWED WHITE RIGHT ARROW;;;;
+27AD;HEAVY LOWER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY LOWER RIGHT-SHADOWED WHITE RIGHT ARROW;;;;
+27AE;HEAVY UPPER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY UPPER RIGHT-SHADOWED WHITE RIGHT ARROW;;;;
+27AF;NOTCHED LOWER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;NOTCHED LOWER RIGHT-SHADOWED WHITE RIGHT ARROW;;;;
+27B1;NOTCHED UPPER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;NOTCHED UPPER RIGHT-SHADOWED WHITE RIGHT ARROW;;;;
+27B2;CIRCLED HEAVY WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;CIRCLED HEAVY WHITE RIGHT ARROW;;;;
+27B3;WHITE-FEATHERED RIGHTWARDS ARROW;So;0;ON;;;;;N;WHITE-FEATHERED RIGHT ARROW;;;;
+27B4;BLACK-FEATHERED SOUTH EAST ARROW;So;0;ON;;;;;N;BLACK-FEATHERED LOWER RIGHT ARROW;;;;
+27B5;BLACK-FEATHERED RIGHTWARDS ARROW;So;0;ON;;;;;N;BLACK-FEATHERED RIGHT ARROW;;;;
+27B6;BLACK-FEATHERED NORTH EAST ARROW;So;0;ON;;;;;N;BLACK-FEATHERED UPPER RIGHT ARROW;;;;
+27B7;HEAVY BLACK-FEATHERED SOUTH EAST ARROW;So;0;ON;;;;;N;HEAVY BLACK-FEATHERED LOWER RIGHT ARROW;;;;
+27B8;HEAVY BLACK-FEATHERED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY BLACK-FEATHERED RIGHT ARROW;;;;
+27B9;HEAVY BLACK-FEATHERED NORTH EAST ARROW;So;0;ON;;;;;N;HEAVY BLACK-FEATHERED UPPER RIGHT ARROW;;;;
+27BA;TEARDROP-BARBED RIGHTWARDS ARROW;So;0;ON;;;;;N;TEARDROP-BARBED RIGHT ARROW;;;;
+27BB;HEAVY TEARDROP-SHANKED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY TEARDROP-SHANKED RIGHT ARROW;;;;
+27BC;WEDGE-TAILED RIGHTWARDS ARROW;So;0;ON;;;;;N;WEDGE-TAILED RIGHT ARROW;;;;
+27BD;HEAVY WEDGE-TAILED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY WEDGE-TAILED RIGHT ARROW;;;;
+27BE;OPEN-OUTLINED RIGHTWARDS ARROW;So;0;ON;;;;;N;OPEN-OUTLINED RIGHT ARROW;;;;
+27D0;WHITE DIAMOND WITH CENTRED DOT;Sm;0;ON;;;;;N;;;;;
+27D1;AND WITH DOT;Sm;0;ON;;;;;N;;;;;
+27D2;ELEMENT OF OPENING UPWARDS;Sm;0;ON;;;;;N;;;;;
+27D3;LOWER RIGHT CORNER WITH DOT;Sm;0;ON;;;;;Y;;;;;
+27D4;UPPER LEFT CORNER WITH DOT;Sm;0;ON;;;;;Y;;;;;
+27D5;LEFT OUTER JOIN;Sm;0;ON;;;;;Y;;;;;
+27D6;RIGHT OUTER JOIN;Sm;0;ON;;;;;Y;;;;;
+27D7;FULL OUTER JOIN;Sm;0;ON;;;;;N;;;;;
+27D8;LARGE UP TACK;Sm;0;ON;;;;;N;;;;;
+27D9;LARGE DOWN TACK;Sm;0;ON;;;;;N;;;;;
+27DA;LEFT AND RIGHT DOUBLE TURNSTILE;Sm;0;ON;;;;;N;;;;;
+27DB;LEFT AND RIGHT TACK;Sm;0;ON;;;;;N;;;;;
+27DC;LEFT MULTIMAP;Sm;0;ON;;;;;Y;;;;;
+27DD;LONG RIGHT TACK;Sm;0;ON;;;;;Y;;;;;
+27DE;LONG LEFT TACK;Sm;0;ON;;;;;Y;;;;;
+27DF;UP TACK WITH CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;;
+27E0;LOZENGE DIVIDED BY HORIZONTAL RULE;Sm;0;ON;;;;;N;;;;;
+27E1;WHITE CONCAVE-SIDED DIAMOND;Sm;0;ON;;;;;N;;;;;
+27E2;WHITE CONCAVE-SIDED DIAMOND WITH LEFTWARDS TICK;Sm;0;ON;;;;;Y;;;;;
+27E3;WHITE CONCAVE-SIDED DIAMOND WITH RIGHTWARDS TICK;Sm;0;ON;;;;;Y;;;;;
+27E4;WHITE SQUARE WITH LEFTWARDS TICK;Sm;0;ON;;;;;Y;;;;;
+27E5;WHITE SQUARE WITH RIGHTWARDS TICK;Sm;0;ON;;;;;Y;;;;;
+27E6;MATHEMATICAL LEFT WHITE SQUARE BRACKET;Ps;0;ON;;;;;Y;;;;;
+27E7;MATHEMATICAL RIGHT WHITE SQUARE BRACKET;Pe;0;ON;;;;;Y;;;;;
+27E8;MATHEMATICAL LEFT ANGLE BRACKET;Ps;0;ON;;;;;Y;;;;;
+27E9;MATHEMATICAL RIGHT ANGLE BRACKET;Pe;0;ON;;;;;Y;;;;;
+27EA;MATHEMATICAL LEFT DOUBLE ANGLE BRACKET;Ps;0;ON;;;;;Y;;;;;
+27EB;MATHEMATICAL RIGHT DOUBLE ANGLE BRACKET;Pe;0;ON;;;;;Y;;;;;
+27F0;UPWARDS QUADRUPLE ARROW;Sm;0;ON;;;;;N;;;;;
+27F1;DOWNWARDS QUADRUPLE ARROW;Sm;0;ON;;;;;N;;;;;
+27F2;ANTICLOCKWISE GAPPED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;;
+27F3;CLOCKWISE GAPPED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;;
+27F4;RIGHT ARROW WITH CIRCLED PLUS;Sm;0;ON;;;;;N;;;;;
+27F5;LONG LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+27F6;LONG RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+27F7;LONG LEFT RIGHT ARROW;Sm;0;ON;;;;;N;;;;;
+27F8;LONG LEFTWARDS DOUBLE ARROW;Sm;0;ON;;;;;N;;;;;
+27F9;LONG RIGHTWARDS DOUBLE ARROW;Sm;0;ON;;;;;N;;;;;
+27FA;LONG LEFT RIGHT DOUBLE ARROW;Sm;0;ON;;;;;N;;;;;
+27FB;LONG LEFTWARDS ARROW FROM BAR;Sm;0;ON;;;;;N;;;;;
+27FC;LONG RIGHTWARDS ARROW FROM BAR;Sm;0;ON;;;;;N;;;;;
+27FD;LONG LEFTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;;
+27FE;LONG RIGHTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;;
+27FF;LONG RIGHTWARDS SQUIGGLE ARROW;Sm;0;ON;;;;;N;;;;;
+2800;BRAILLE PATTERN BLANK;So;0;ON;;;;;N;;;;;
+2801;BRAILLE PATTERN DOTS-1;So;0;ON;;;;;N;;;;;
+2802;BRAILLE PATTERN DOTS-2;So;0;ON;;;;;N;;;;;
+2803;BRAILLE PATTERN DOTS-12;So;0;ON;;;;;N;;;;;
+2804;BRAILLE PATTERN DOTS-3;So;0;ON;;;;;N;;;;;
+2805;BRAILLE PATTERN DOTS-13;So;0;ON;;;;;N;;;;;
+2806;BRAILLE PATTERN DOTS-23;So;0;ON;;;;;N;;;;;
+2807;BRAILLE PATTERN DOTS-123;So;0;ON;;;;;N;;;;;
+2808;BRAILLE PATTERN DOTS-4;So;0;ON;;;;;N;;;;;
+2809;BRAILLE PATTERN DOTS-14;So;0;ON;;;;;N;;;;;
+280A;BRAILLE PATTERN DOTS-24;So;0;ON;;;;;N;;;;;
+280B;BRAILLE PATTERN DOTS-124;So;0;ON;;;;;N;;;;;
+280C;BRAILLE PATTERN DOTS-34;So;0;ON;;;;;N;;;;;
+280D;BRAILLE PATTERN DOTS-134;So;0;ON;;;;;N;;;;;
+280E;BRAILLE PATTERN DOTS-234;So;0;ON;;;;;N;;;;;
+280F;BRAILLE PATTERN DOTS-1234;So;0;ON;;;;;N;;;;;
+2810;BRAILLE PATTERN DOTS-5;So;0;ON;;;;;N;;;;;
+2811;BRAILLE PATTERN DOTS-15;So;0;ON;;;;;N;;;;;
+2812;BRAILLE PATTERN DOTS-25;So;0;ON;;;;;N;;;;;
+2813;BRAILLE PATTERN DOTS-125;So;0;ON;;;;;N;;;;;
+2814;BRAILLE PATTERN DOTS-35;So;0;ON;;;;;N;;;;;
+2815;BRAILLE PATTERN DOTS-135;So;0;ON;;;;;N;;;;;
+2816;BRAILLE PATTERN DOTS-235;So;0;ON;;;;;N;;;;;
+2817;BRAILLE PATTERN DOTS-1235;So;0;ON;;;;;N;;;;;
+2818;BRAILLE PATTERN DOTS-45;So;0;ON;;;;;N;;;;;
+2819;BRAILLE PATTERN DOTS-145;So;0;ON;;;;;N;;;;;
+281A;BRAILLE PATTERN DOTS-245;So;0;ON;;;;;N;;;;;
+281B;BRAILLE PATTERN DOTS-1245;So;0;ON;;;;;N;;;;;
+281C;BRAILLE PATTERN DOTS-345;So;0;ON;;;;;N;;;;;
+281D;BRAILLE PATTERN DOTS-1345;So;0;ON;;;;;N;;;;;
+281E;BRAILLE PATTERN DOTS-2345;So;0;ON;;;;;N;;;;;
+281F;BRAILLE PATTERN DOTS-12345;So;0;ON;;;;;N;;;;;
+2820;BRAILLE PATTERN DOTS-6;So;0;ON;;;;;N;;;;;
+2821;BRAILLE PATTERN DOTS-16;So;0;ON;;;;;N;;;;;
+2822;BRAILLE PATTERN DOTS-26;So;0;ON;;;;;N;;;;;
+2823;BRAILLE PATTERN DOTS-126;So;0;ON;;;;;N;;;;;
+2824;BRAILLE PATTERN DOTS-36;So;0;ON;;;;;N;;;;;
+2825;BRAILLE PATTERN DOTS-136;So;0;ON;;;;;N;;;;;
+2826;BRAILLE PATTERN DOTS-236;So;0;ON;;;;;N;;;;;
+2827;BRAILLE PATTERN DOTS-1236;So;0;ON;;;;;N;;;;;
+2828;BRAILLE PATTERN DOTS-46;So;0;ON;;;;;N;;;;;
+2829;BRAILLE PATTERN DOTS-146;So;0;ON;;;;;N;;;;;
+282A;BRAILLE PATTERN DOTS-246;So;0;ON;;;;;N;;;;;
+282B;BRAILLE PATTERN DOTS-1246;So;0;ON;;;;;N;;;;;
+282C;BRAILLE PATTERN DOTS-346;So;0;ON;;;;;N;;;;;
+282D;BRAILLE PATTERN DOTS-1346;So;0;ON;;;;;N;;;;;
+282E;BRAILLE PATTERN DOTS-2346;So;0;ON;;;;;N;;;;;
+282F;BRAILLE PATTERN DOTS-12346;So;0;ON;;;;;N;;;;;
+2830;BRAILLE PATTERN DOTS-56;So;0;ON;;;;;N;;;;;
+2831;BRAILLE PATTERN DOTS-156;So;0;ON;;;;;N;;;;;
+2832;BRAILLE PATTERN DOTS-256;So;0;ON;;;;;N;;;;;
+2833;BRAILLE PATTERN DOTS-1256;So;0;ON;;;;;N;;;;;
+2834;BRAILLE PATTERN DOTS-356;So;0;ON;;;;;N;;;;;
+2835;BRAILLE PATTERN DOTS-1356;So;0;ON;;;;;N;;;;;
+2836;BRAILLE PATTERN DOTS-2356;So;0;ON;;;;;N;;;;;
+2837;BRAILLE PATTERN DOTS-12356;So;0;ON;;;;;N;;;;;
+2838;BRAILLE PATTERN DOTS-456;So;0;ON;;;;;N;;;;;
+2839;BRAILLE PATTERN DOTS-1456;So;0;ON;;;;;N;;;;;
+283A;BRAILLE PATTERN DOTS-2456;So;0;ON;;;;;N;;;;;
+283B;BRAILLE PATTERN DOTS-12456;So;0;ON;;;;;N;;;;;
+283C;BRAILLE PATTERN DOTS-3456;So;0;ON;;;;;N;;;;;
+283D;BRAILLE PATTERN DOTS-13456;So;0;ON;;;;;N;;;;;
+283E;BRAILLE PATTERN DOTS-23456;So;0;ON;;;;;N;;;;;
+283F;BRAILLE PATTERN DOTS-123456;So;0;ON;;;;;N;;;;;
+2840;BRAILLE PATTERN DOTS-7;So;0;ON;;;;;N;;;;;
+2841;BRAILLE PATTERN DOTS-17;So;0;ON;;;;;N;;;;;
+2842;BRAILLE PATTERN DOTS-27;So;0;ON;;;;;N;;;;;
+2843;BRAILLE PATTERN DOTS-127;So;0;ON;;;;;N;;;;;
+2844;BRAILLE PATTERN DOTS-37;So;0;ON;;;;;N;;;;;
+2845;BRAILLE PATTERN DOTS-137;So;0;ON;;;;;N;;;;;
+2846;BRAILLE PATTERN DOTS-237;So;0;ON;;;;;N;;;;;
+2847;BRAILLE PATTERN DOTS-1237;So;0;ON;;;;;N;;;;;
+2848;BRAILLE PATTERN DOTS-47;So;0;ON;;;;;N;;;;;
+2849;BRAILLE PATTERN DOTS-147;So;0;ON;;;;;N;;;;;
+284A;BRAILLE PATTERN DOTS-247;So;0;ON;;;;;N;;;;;
+284B;BRAILLE PATTERN DOTS-1247;So;0;ON;;;;;N;;;;;
+284C;BRAILLE PATTERN DOTS-347;So;0;ON;;;;;N;;;;;
+284D;BRAILLE PATTERN DOTS-1347;So;0;ON;;;;;N;;;;;
+284E;BRAILLE PATTERN DOTS-2347;So;0;ON;;;;;N;;;;;
+284F;BRAILLE PATTERN DOTS-12347;So;0;ON;;;;;N;;;;;
+2850;BRAILLE PATTERN DOTS-57;So;0;ON;;;;;N;;;;;
+2851;BRAILLE PATTERN DOTS-157;So;0;ON;;;;;N;;;;;
+2852;BRAILLE PATTERN DOTS-257;So;0;ON;;;;;N;;;;;
+2853;BRAILLE PATTERN DOTS-1257;So;0;ON;;;;;N;;;;;
+2854;BRAILLE PATTERN DOTS-357;So;0;ON;;;;;N;;;;;
+2855;BRAILLE PATTERN DOTS-1357;So;0;ON;;;;;N;;;;;
+2856;BRAILLE PATTERN DOTS-2357;So;0;ON;;;;;N;;;;;
+2857;BRAILLE PATTERN DOTS-12357;So;0;ON;;;;;N;;;;;
+2858;BRAILLE PATTERN DOTS-457;So;0;ON;;;;;N;;;;;
+2859;BRAILLE PATTERN DOTS-1457;So;0;ON;;;;;N;;;;;
+285A;BRAILLE PATTERN DOTS-2457;So;0;ON;;;;;N;;;;;
+285B;BRAILLE PATTERN DOTS-12457;So;0;ON;;;;;N;;;;;
+285C;BRAILLE PATTERN DOTS-3457;So;0;ON;;;;;N;;;;;
+285D;BRAILLE PATTERN DOTS-13457;So;0;ON;;;;;N;;;;;
+285E;BRAILLE PATTERN DOTS-23457;So;0;ON;;;;;N;;;;;
+285F;BRAILLE PATTERN DOTS-123457;So;0;ON;;;;;N;;;;;
+2860;BRAILLE PATTERN DOTS-67;So;0;ON;;;;;N;;;;;
+2861;BRAILLE PATTERN DOTS-167;So;0;ON;;;;;N;;;;;
+2862;BRAILLE PATTERN DOTS-267;So;0;ON;;;;;N;;;;;
+2863;BRAILLE PATTERN DOTS-1267;So;0;ON;;;;;N;;;;;
+2864;BRAILLE PATTERN DOTS-367;So;0;ON;;;;;N;;;;;
+2865;BRAILLE PATTERN DOTS-1367;So;0;ON;;;;;N;;;;;
+2866;BRAILLE PATTERN DOTS-2367;So;0;ON;;;;;N;;;;;
+2867;BRAILLE PATTERN DOTS-12367;So;0;ON;;;;;N;;;;;
+2868;BRAILLE PATTERN DOTS-467;So;0;ON;;;;;N;;;;;
+2869;BRAILLE PATTERN DOTS-1467;So;0;ON;;;;;N;;;;;
+286A;BRAILLE PATTERN DOTS-2467;So;0;ON;;;;;N;;;;;
+286B;BRAILLE PATTERN DOTS-12467;So;0;ON;;;;;N;;;;;
+286C;BRAILLE PATTERN DOTS-3467;So;0;ON;;;;;N;;;;;
+286D;BRAILLE PATTERN DOTS-13467;So;0;ON;;;;;N;;;;;
+286E;BRAILLE PATTERN DOTS-23467;So;0;ON;;;;;N;;;;;
+286F;BRAILLE PATTERN DOTS-123467;So;0;ON;;;;;N;;;;;
+2870;BRAILLE PATTERN DOTS-567;So;0;ON;;;;;N;;;;;
+2871;BRAILLE PATTERN DOTS-1567;So;0;ON;;;;;N;;;;;
+2872;BRAILLE PATTERN DOTS-2567;So;0;ON;;;;;N;;;;;
+2873;BRAILLE PATTERN DOTS-12567;So;0;ON;;;;;N;;;;;
+2874;BRAILLE PATTERN DOTS-3567;So;0;ON;;;;;N;;;;;
+2875;BRAILLE PATTERN DOTS-13567;So;0;ON;;;;;N;;;;;
+2876;BRAILLE PATTERN DOTS-23567;So;0;ON;;;;;N;;;;;
+2877;BRAILLE PATTERN DOTS-123567;So;0;ON;;;;;N;;;;;
+2878;BRAILLE PATTERN DOTS-4567;So;0;ON;;;;;N;;;;;
+2879;BRAILLE PATTERN DOTS-14567;So;0;ON;;;;;N;;;;;
+287A;BRAILLE PATTERN DOTS-24567;So;0;ON;;;;;N;;;;;
+287B;BRAILLE PATTERN DOTS-124567;So;0;ON;;;;;N;;;;;
+287C;BRAILLE PATTERN DOTS-34567;So;0;ON;;;;;N;;;;;
+287D;BRAILLE PATTERN DOTS-134567;So;0;ON;;;;;N;;;;;
+287E;BRAILLE PATTERN DOTS-234567;So;0;ON;;;;;N;;;;;
+287F;BRAILLE PATTERN DOTS-1234567;So;0;ON;;;;;N;;;;;
+2880;BRAILLE PATTERN DOTS-8;So;0;ON;;;;;N;;;;;
+2881;BRAILLE PATTERN DOTS-18;So;0;ON;;;;;N;;;;;
+2882;BRAILLE PATTERN DOTS-28;So;0;ON;;;;;N;;;;;
+2883;BRAILLE PATTERN DOTS-128;So;0;ON;;;;;N;;;;;
+2884;BRAILLE PATTERN DOTS-38;So;0;ON;;;;;N;;;;;
+2885;BRAILLE PATTERN DOTS-138;So;0;ON;;;;;N;;;;;
+2886;BRAILLE PATTERN DOTS-238;So;0;ON;;;;;N;;;;;
+2887;BRAILLE PATTERN DOTS-1238;So;0;ON;;;;;N;;;;;
+2888;BRAILLE PATTERN DOTS-48;So;0;ON;;;;;N;;;;;
+2889;BRAILLE PATTERN DOTS-148;So;0;ON;;;;;N;;;;;
+288A;BRAILLE PATTERN DOTS-248;So;0;ON;;;;;N;;;;;
+288B;BRAILLE PATTERN DOTS-1248;So;0;ON;;;;;N;;;;;
+288C;BRAILLE PATTERN DOTS-348;So;0;ON;;;;;N;;;;;
+288D;BRAILLE PATTERN DOTS-1348;So;0;ON;;;;;N;;;;;
+288E;BRAILLE PATTERN DOTS-2348;So;0;ON;;;;;N;;;;;
+288F;BRAILLE PATTERN DOTS-12348;So;0;ON;;;;;N;;;;;
+2890;BRAILLE PATTERN DOTS-58;So;0;ON;;;;;N;;;;;
+2891;BRAILLE PATTERN DOTS-158;So;0;ON;;;;;N;;;;;
+2892;BRAILLE PATTERN DOTS-258;So;0;ON;;;;;N;;;;;
+2893;BRAILLE PATTERN DOTS-1258;So;0;ON;;;;;N;;;;;
+2894;BRAILLE PATTERN DOTS-358;So;0;ON;;;;;N;;;;;
+2895;BRAILLE PATTERN DOTS-1358;So;0;ON;;;;;N;;;;;
+2896;BRAILLE PATTERN DOTS-2358;So;0;ON;;;;;N;;;;;
+2897;BRAILLE PATTERN DOTS-12358;So;0;ON;;;;;N;;;;;
+2898;BRAILLE PATTERN DOTS-458;So;0;ON;;;;;N;;;;;
+2899;BRAILLE PATTERN DOTS-1458;So;0;ON;;;;;N;;;;;
+289A;BRAILLE PATTERN DOTS-2458;So;0;ON;;;;;N;;;;;
+289B;BRAILLE PATTERN DOTS-12458;So;0;ON;;;;;N;;;;;
+289C;BRAILLE PATTERN DOTS-3458;So;0;ON;;;;;N;;;;;
+289D;BRAILLE PATTERN DOTS-13458;So;0;ON;;;;;N;;;;;
+289E;BRAILLE PATTERN DOTS-23458;So;0;ON;;;;;N;;;;;
+289F;BRAILLE PATTERN DOTS-123458;So;0;ON;;;;;N;;;;;
+28A0;BRAILLE PATTERN DOTS-68;So;0;ON;;;;;N;;;;;
+28A1;BRAILLE PATTERN DOTS-168;So;0;ON;;;;;N;;;;;
+28A2;BRAILLE PATTERN DOTS-268;So;0;ON;;;;;N;;;;;
+28A3;BRAILLE PATTERN DOTS-1268;So;0;ON;;;;;N;;;;;
+28A4;BRAILLE PATTERN DOTS-368;So;0;ON;;;;;N;;;;;
+28A5;BRAILLE PATTERN DOTS-1368;So;0;ON;;;;;N;;;;;
+28A6;BRAILLE PATTERN DOTS-2368;So;0;ON;;;;;N;;;;;
+28A7;BRAILLE PATTERN DOTS-12368;So;0;ON;;;;;N;;;;;
+28A8;BRAILLE PATTERN DOTS-468;So;0;ON;;;;;N;;;;;
+28A9;BRAILLE PATTERN DOTS-1468;So;0;ON;;;;;N;;;;;
+28AA;BRAILLE PATTERN DOTS-2468;So;0;ON;;;;;N;;;;;
+28AB;BRAILLE PATTERN DOTS-12468;So;0;ON;;;;;N;;;;;
+28AC;BRAILLE PATTERN DOTS-3468;So;0;ON;;;;;N;;;;;
+28AD;BRAILLE PATTERN DOTS-13468;So;0;ON;;;;;N;;;;;
+28AE;BRAILLE PATTERN DOTS-23468;So;0;ON;;;;;N;;;;;
+28AF;BRAILLE PATTERN DOTS-123468;So;0;ON;;;;;N;;;;;
+28B0;BRAILLE PATTERN DOTS-568;So;0;ON;;;;;N;;;;;
+28B1;BRAILLE PATTERN DOTS-1568;So;0;ON;;;;;N;;;;;
+28B2;BRAILLE PATTERN DOTS-2568;So;0;ON;;;;;N;;;;;
+28B3;BRAILLE PATTERN DOTS-12568;So;0;ON;;;;;N;;;;;
+28B4;BRAILLE PATTERN DOTS-3568;So;0;ON;;;;;N;;;;;
+28B5;BRAILLE PATTERN DOTS-13568;So;0;ON;;;;;N;;;;;
+28B6;BRAILLE PATTERN DOTS-23568;So;0;ON;;;;;N;;;;;
+28B7;BRAILLE PATTERN DOTS-123568;So;0;ON;;;;;N;;;;;
+28B8;BRAILLE PATTERN DOTS-4568;So;0;ON;;;;;N;;;;;
+28B9;BRAILLE PATTERN DOTS-14568;So;0;ON;;;;;N;;;;;
+28BA;BRAILLE PATTERN DOTS-24568;So;0;ON;;;;;N;;;;;
+28BB;BRAILLE PATTERN DOTS-124568;So;0;ON;;;;;N;;;;;
+28BC;BRAILLE PATTERN DOTS-34568;So;0;ON;;;;;N;;;;;
+28BD;BRAILLE PATTERN DOTS-134568;So;0;ON;;;;;N;;;;;
+28BE;BRAILLE PATTERN DOTS-234568;So;0;ON;;;;;N;;;;;
+28BF;BRAILLE PATTERN DOTS-1234568;So;0;ON;;;;;N;;;;;
+28C0;BRAILLE PATTERN DOTS-78;So;0;ON;;;;;N;;;;;
+28C1;BRAILLE PATTERN DOTS-178;So;0;ON;;;;;N;;;;;
+28C2;BRAILLE PATTERN DOTS-278;So;0;ON;;;;;N;;;;;
+28C3;BRAILLE PATTERN DOTS-1278;So;0;ON;;;;;N;;;;;
+28C4;BRAILLE PATTERN DOTS-378;So;0;ON;;;;;N;;;;;
+28C5;BRAILLE PATTERN DOTS-1378;So;0;ON;;;;;N;;;;;
+28C6;BRAILLE PATTERN DOTS-2378;So;0;ON;;;;;N;;;;;
+28C7;BRAILLE PATTERN DOTS-12378;So;0;ON;;;;;N;;;;;
+28C8;BRAILLE PATTERN DOTS-478;So;0;ON;;;;;N;;;;;
+28C9;BRAILLE PATTERN DOTS-1478;So;0;ON;;;;;N;;;;;
+28CA;BRAILLE PATTERN DOTS-2478;So;0;ON;;;;;N;;;;;
+28CB;BRAILLE PATTERN DOTS-12478;So;0;ON;;;;;N;;;;;
+28CC;BRAILLE PATTERN DOTS-3478;So;0;ON;;;;;N;;;;;
+28CD;BRAILLE PATTERN DOTS-13478;So;0;ON;;;;;N;;;;;
+28CE;BRAILLE PATTERN DOTS-23478;So;0;ON;;;;;N;;;;;
+28CF;BRAILLE PATTERN DOTS-123478;So;0;ON;;;;;N;;;;;
+28D0;BRAILLE PATTERN DOTS-578;So;0;ON;;;;;N;;;;;
+28D1;BRAILLE PATTERN DOTS-1578;So;0;ON;;;;;N;;;;;
+28D2;BRAILLE PATTERN DOTS-2578;So;0;ON;;;;;N;;;;;
+28D3;BRAILLE PATTERN DOTS-12578;So;0;ON;;;;;N;;;;;
+28D4;BRAILLE PATTERN DOTS-3578;So;0;ON;;;;;N;;;;;
+28D5;BRAILLE PATTERN DOTS-13578;So;0;ON;;;;;N;;;;;
+28D6;BRAILLE PATTERN DOTS-23578;So;0;ON;;;;;N;;;;;
+28D7;BRAILLE PATTERN DOTS-123578;So;0;ON;;;;;N;;;;;
+28D8;BRAILLE PATTERN DOTS-4578;So;0;ON;;;;;N;;;;;
+28D9;BRAILLE PATTERN DOTS-14578;So;0;ON;;;;;N;;;;;
+28DA;BRAILLE PATTERN DOTS-24578;So;0;ON;;;;;N;;;;;
+28DB;BRAILLE PATTERN DOTS-124578;So;0;ON;;;;;N;;;;;
+28DC;BRAILLE PATTERN DOTS-34578;So;0;ON;;;;;N;;;;;
+28DD;BRAILLE PATTERN DOTS-134578;So;0;ON;;;;;N;;;;;
+28DE;BRAILLE PATTERN DOTS-234578;So;0;ON;;;;;N;;;;;
+28DF;BRAILLE PATTERN DOTS-1234578;So;0;ON;;;;;N;;;;;
+28E0;BRAILLE PATTERN DOTS-678;So;0;ON;;;;;N;;;;;
+28E1;BRAILLE PATTERN DOTS-1678;So;0;ON;;;;;N;;;;;
+28E2;BRAILLE PATTERN DOTS-2678;So;0;ON;;;;;N;;;;;
+28E3;BRAILLE PATTERN DOTS-12678;So;0;ON;;;;;N;;;;;
+28E4;BRAILLE PATTERN DOTS-3678;So;0;ON;;;;;N;;;;;
+28E5;BRAILLE PATTERN DOTS-13678;So;0;ON;;;;;N;;;;;
+28E6;BRAILLE PATTERN DOTS-23678;So;0;ON;;;;;N;;;;;
+28E7;BRAILLE PATTERN DOTS-123678;So;0;ON;;;;;N;;;;;
+28E8;BRAILLE PATTERN DOTS-4678;So;0;ON;;;;;N;;;;;
+28E9;BRAILLE PATTERN DOTS-14678;So;0;ON;;;;;N;;;;;
+28EA;BRAILLE PATTERN DOTS-24678;So;0;ON;;;;;N;;;;;
+28EB;BRAILLE PATTERN DOTS-124678;So;0;ON;;;;;N;;;;;
+28EC;BRAILLE PATTERN DOTS-34678;So;0;ON;;;;;N;;;;;
+28ED;BRAILLE PATTERN DOTS-134678;So;0;ON;;;;;N;;;;;
+28EE;BRAILLE PATTERN DOTS-234678;So;0;ON;;;;;N;;;;;
+28EF;BRAILLE PATTERN DOTS-1234678;So;0;ON;;;;;N;;;;;
+28F0;BRAILLE PATTERN DOTS-5678;So;0;ON;;;;;N;;;;;
+28F1;BRAILLE PATTERN DOTS-15678;So;0;ON;;;;;N;;;;;
+28F2;BRAILLE PATTERN DOTS-25678;So;0;ON;;;;;N;;;;;
+28F3;BRAILLE PATTERN DOTS-125678;So;0;ON;;;;;N;;;;;
+28F4;BRAILLE PATTERN DOTS-35678;So;0;ON;;;;;N;;;;;
+28F5;BRAILLE PATTERN DOTS-135678;So;0;ON;;;;;N;;;;;
+28F6;BRAILLE PATTERN DOTS-235678;So;0;ON;;;;;N;;;;;
+28F7;BRAILLE PATTERN DOTS-1235678;So;0;ON;;;;;N;;;;;
+28F8;BRAILLE PATTERN DOTS-45678;So;0;ON;;;;;N;;;;;
+28F9;BRAILLE PATTERN DOTS-145678;So;0;ON;;;;;N;;;;;
+28FA;BRAILLE PATTERN DOTS-245678;So;0;ON;;;;;N;;;;;
+28FB;BRAILLE PATTERN DOTS-1245678;So;0;ON;;;;;N;;;;;
+28FC;BRAILLE PATTERN DOTS-345678;So;0;ON;;;;;N;;;;;
+28FD;BRAILLE PATTERN DOTS-1345678;So;0;ON;;;;;N;;;;;
+28FE;BRAILLE PATTERN DOTS-2345678;So;0;ON;;;;;N;;;;;
+28FF;BRAILLE PATTERN DOTS-12345678;So;0;ON;;;;;N;;;;;
+2900;RIGHTWARDS TWO-HEADED ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2901;RIGHTWARDS TWO-HEADED ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2902;LEFTWARDS DOUBLE ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2903;RIGHTWARDS DOUBLE ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2904;LEFT RIGHT DOUBLE ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2905;RIGHTWARDS TWO-HEADED ARROW FROM BAR;Sm;0;ON;;;;;N;;;;;
+2906;LEFTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;;
+2907;RIGHTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;;
+2908;DOWNWARDS ARROW WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;;
+2909;UPWARDS ARROW WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;;
+290A;UPWARDS TRIPLE ARROW;Sm;0;ON;;;;;N;;;;;
+290B;DOWNWARDS TRIPLE ARROW;Sm;0;ON;;;;;N;;;;;
+290C;LEFTWARDS DOUBLE DASH ARROW;Sm;0;ON;;;;;N;;;;;
+290D;RIGHTWARDS DOUBLE DASH ARROW;Sm;0;ON;;;;;N;;;;;
+290E;LEFTWARDS TRIPLE DASH ARROW;Sm;0;ON;;;;;N;;;;;
+290F;RIGHTWARDS TRIPLE DASH ARROW;Sm;0;ON;;;;;N;;;;;
+2910;RIGHTWARDS TWO-HEADED TRIPLE DASH ARROW;Sm;0;ON;;;;;N;;;;;
+2911;RIGHTWARDS ARROW WITH DOTTED STEM;Sm;0;ON;;;;;N;;;;;
+2912;UPWARDS ARROW TO BAR;Sm;0;ON;;;;;N;;;;;
+2913;DOWNWARDS ARROW TO BAR;Sm;0;ON;;;;;N;;;;;
+2914;RIGHTWARDS ARROW WITH TAIL WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2915;RIGHTWARDS ARROW WITH TAIL WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2916;RIGHTWARDS TWO-HEADED ARROW WITH TAIL;Sm;0;ON;;;;;N;;;;;
+2917;RIGHTWARDS TWO-HEADED ARROW WITH TAIL WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2918;RIGHTWARDS TWO-HEADED ARROW WITH TAIL WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2919;LEFTWARDS ARROW-TAIL;Sm;0;ON;;;;;N;;;;;
+291A;RIGHTWARDS ARROW-TAIL;Sm;0;ON;;;;;N;;;;;
+291B;LEFTWARDS DOUBLE ARROW-TAIL;Sm;0;ON;;;;;N;;;;;
+291C;RIGHTWARDS DOUBLE ARROW-TAIL;Sm;0;ON;;;;;N;;;;;
+291D;LEFTWARDS ARROW TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;;
+291E;RIGHTWARDS ARROW TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;;
+291F;LEFTWARDS ARROW FROM BAR TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;;
+2920;RIGHTWARDS ARROW FROM BAR TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;;
+2921;NORTH WEST AND SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+2922;NORTH EAST AND SOUTH WEST ARROW;Sm;0;ON;;;;;N;;;;;
+2923;NORTH WEST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;;
+2924;NORTH EAST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;;
+2925;SOUTH EAST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;;
+2926;SOUTH WEST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;;
+2927;NORTH WEST ARROW AND NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+2928;NORTH EAST ARROW AND SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+2929;SOUTH EAST ARROW AND SOUTH WEST ARROW;Sm;0;ON;;;;;N;;;;;
+292A;SOUTH WEST ARROW AND NORTH WEST ARROW;Sm;0;ON;;;;;N;;;;;
+292B;RISING DIAGONAL CROSSING FALLING DIAGONAL;Sm;0;ON;;;;;N;;;;;
+292C;FALLING DIAGONAL CROSSING RISING DIAGONAL;Sm;0;ON;;;;;N;;;;;
+292D;SOUTH EAST ARROW CROSSING NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+292E;NORTH EAST ARROW CROSSING SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+292F;FALLING DIAGONAL CROSSING NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+2930;RISING DIAGONAL CROSSING SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+2931;NORTH EAST ARROW CROSSING NORTH WEST ARROW;Sm;0;ON;;;;;N;;;;;
+2932;NORTH WEST ARROW CROSSING NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+2933;WAVE ARROW POINTING DIRECTLY RIGHT;Sm;0;ON;;;;;N;;;;;
+2934;ARROW POINTING RIGHTWARDS THEN CURVING UPWARDS;Sm;0;ON;;;;;N;;;;;
+2935;ARROW POINTING RIGHTWARDS THEN CURVING DOWNWARDS;Sm;0;ON;;;;;N;;;;;
+2936;ARROW POINTING DOWNWARDS THEN CURVING LEFTWARDS;Sm;0;ON;;;;;N;;;;;
+2937;ARROW POINTING DOWNWARDS THEN CURVING RIGHTWARDS;Sm;0;ON;;;;;N;;;;;
+2938;RIGHT-SIDE ARC CLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;;
+2939;LEFT-SIDE ARC ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;;
+293A;TOP ARC ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;;
+293B;BOTTOM ARC ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;;
+293C;TOP ARC CLOCKWISE ARROW WITH MINUS;Sm;0;ON;;;;;N;;;;;
+293D;TOP ARC ANTICLOCKWISE ARROW WITH PLUS;Sm;0;ON;;;;;N;;;;;
+293E;LOWER RIGHT SEMICIRCULAR CLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;;
+293F;LOWER LEFT SEMICIRCULAR ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;;
+2940;ANTICLOCKWISE CLOSED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;;
+2941;CLOCKWISE CLOSED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;;
+2942;RIGHTWARDS ARROW ABOVE SHORT LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+2943;LEFTWARDS ARROW ABOVE SHORT RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+2944;SHORT RIGHTWARDS ARROW ABOVE LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+2945;RIGHTWARDS ARROW WITH PLUS BELOW;Sm;0;ON;;;;;N;;;;;
+2946;LEFTWARDS ARROW WITH PLUS BELOW;Sm;0;ON;;;;;N;;;;;
+2947;RIGHTWARDS ARROW THROUGH X;Sm;0;ON;;;;;N;;;;;
+2948;LEFT RIGHT ARROW THROUGH SMALL CIRCLE;Sm;0;ON;;;;;N;;;;;
+2949;UPWARDS TWO-HEADED ARROW FROM SMALL CIRCLE;Sm;0;ON;;;;;N;;;;;
+294A;LEFT BARB UP RIGHT BARB DOWN HARPOON;Sm;0;ON;;;;;N;;;;;
+294B;LEFT BARB DOWN RIGHT BARB UP HARPOON;Sm;0;ON;;;;;N;;;;;
+294C;UP BARB RIGHT DOWN BARB LEFT HARPOON;Sm;0;ON;;;;;N;;;;;
+294D;UP BARB LEFT DOWN BARB RIGHT HARPOON;Sm;0;ON;;;;;N;;;;;
+294E;LEFT BARB UP RIGHT BARB UP HARPOON;Sm;0;ON;;;;;N;;;;;
+294F;UP BARB RIGHT DOWN BARB RIGHT HARPOON;Sm;0;ON;;;;;N;;;;;
+2950;LEFT BARB DOWN RIGHT BARB DOWN HARPOON;Sm;0;ON;;;;;N;;;;;
+2951;UP BARB LEFT DOWN BARB LEFT HARPOON;Sm;0;ON;;;;;N;;;;;
+2952;LEFTWARDS HARPOON WITH BARB UP TO BAR;Sm;0;ON;;;;;N;;;;;
+2953;RIGHTWARDS HARPOON WITH BARB UP TO BAR;Sm;0;ON;;;;;N;;;;;
+2954;UPWARDS HARPOON WITH BARB RIGHT TO BAR;Sm;0;ON;;;;;N;;;;;
+2955;DOWNWARDS HARPOON WITH BARB RIGHT TO BAR;Sm;0;ON;;;;;N;;;;;
+2956;LEFTWARDS HARPOON WITH BARB DOWN TO BAR;Sm;0;ON;;;;;N;;;;;
+2957;RIGHTWARDS HARPOON WITH BARB DOWN TO BAR;Sm;0;ON;;;;;N;;;;;
+2958;UPWARDS HARPOON WITH BARB LEFT TO BAR;Sm;0;ON;;;;;N;;;;;
+2959;DOWNWARDS HARPOON WITH BARB LEFT TO BAR;Sm;0;ON;;;;;N;;;;;
+295A;LEFTWARDS HARPOON WITH BARB UP FROM BAR;Sm;0;ON;;;;;N;;;;;
+295B;RIGHTWARDS HARPOON WITH BARB UP FROM BAR;Sm;0;ON;;;;;N;;;;;
+295C;UPWARDS HARPOON WITH BARB RIGHT FROM BAR;Sm;0;ON;;;;;N;;;;;
+295D;DOWNWARDS HARPOON WITH BARB RIGHT FROM BAR;Sm;0;ON;;;;;N;;;;;
+295E;LEFTWARDS HARPOON WITH BARB DOWN FROM BAR;Sm;0;ON;;;;;N;;;;;
+295F;RIGHTWARDS HARPOON WITH BARB DOWN FROM BAR;Sm;0;ON;;;;;N;;;;;
+2960;UPWARDS HARPOON WITH BARB LEFT FROM BAR;Sm;0;ON;;;;;N;;;;;
+2961;DOWNWARDS HARPOON WITH BARB LEFT FROM BAR;Sm;0;ON;;;;;N;;;;;
+2962;LEFTWARDS HARPOON WITH BARB UP ABOVE LEFTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;;
+2963;UPWARDS HARPOON WITH BARB LEFT BESIDE UPWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;;
+2964;RIGHTWARDS HARPOON WITH BARB UP ABOVE RIGHTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;;
+2965;DOWNWARDS HARPOON WITH BARB LEFT BESIDE DOWNWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;;
+2966;LEFTWARDS HARPOON WITH BARB UP ABOVE RIGHTWARDS HARPOON WITH BARB UP;Sm;0;ON;;;;;N;;;;;
+2967;LEFTWARDS HARPOON WITH BARB DOWN ABOVE RIGHTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;;
+2968;RIGHTWARDS HARPOON WITH BARB UP ABOVE LEFTWARDS HARPOON WITH BARB UP;Sm;0;ON;;;;;N;;;;;
+2969;RIGHTWARDS HARPOON WITH BARB DOWN ABOVE LEFTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;;
+296A;LEFTWARDS HARPOON WITH BARB UP ABOVE LONG DASH;Sm;0;ON;;;;;N;;;;;
+296B;LEFTWARDS HARPOON WITH BARB DOWN BELOW LONG DASH;Sm;0;ON;;;;;N;;;;;
+296C;RIGHTWARDS HARPOON WITH BARB UP ABOVE LONG DASH;Sm;0;ON;;;;;N;;;;;
+296D;RIGHTWARDS HARPOON WITH BARB DOWN BELOW LONG DASH;Sm;0;ON;;;;;N;;;;;
+296E;UPWARDS HARPOON WITH BARB LEFT BESIDE DOWNWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;;
+296F;DOWNWARDS HARPOON WITH BARB LEFT BESIDE UPWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;;
+2970;RIGHT DOUBLE ARROW WITH ROUNDED HEAD;Sm;0;ON;;;;;N;;;;;
+2971;EQUALS SIGN ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+2972;TILDE OPERATOR ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+2973;LEFTWARDS ARROW ABOVE TILDE OPERATOR;Sm;0;ON;;;;;N;;;;;
+2974;RIGHTWARDS ARROW ABOVE TILDE OPERATOR;Sm;0;ON;;;;;N;;;;;
+2975;RIGHTWARDS ARROW ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;N;;;;;
+2976;LESS-THAN ABOVE LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+2977;LEFTWARDS ARROW THROUGH LESS-THAN;Sm;0;ON;;;;;N;;;;;
+2978;GREATER-THAN ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+2979;SUBSET ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+297A;LEFTWARDS ARROW THROUGH SUBSET;Sm;0;ON;;;;;N;;;;;
+297B;SUPERSET ABOVE LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+297C;LEFT FISH TAIL;Sm;0;ON;;;;;N;;;;;
+297D;RIGHT FISH TAIL;Sm;0;ON;;;;;N;;;;;
+297E;UP FISH TAIL;Sm;0;ON;;;;;N;;;;;
+297F;DOWN FISH TAIL;Sm;0;ON;;;;;N;;;;;
+2980;TRIPLE VERTICAL BAR DELIMITER;Sm;0;ON;;;;;N;;;;;
+2981;Z NOTATION SPOT;Sm;0;ON;;;;;N;;;;;
+2982;Z NOTATION TYPE COLON;Sm;0;ON;;;;;N;;;;;
+2983;LEFT WHITE CURLY BRACKET;Ps;0;ON;;;;;Y;;;;;
+2984;RIGHT WHITE CURLY BRACKET;Pe;0;ON;;;;;Y;;;;;
+2985;LEFT WHITE PARENTHESIS;Ps;0;ON;;;;;Y;;;;;
+2986;RIGHT WHITE PARENTHESIS;Pe;0;ON;;;;;Y;;;;;
+2987;Z NOTATION LEFT IMAGE BRACKET;Ps;0;ON;;;;;Y;;;;;
+2988;Z NOTATION RIGHT IMAGE BRACKET;Pe;0;ON;;;;;Y;;;;;
+2989;Z NOTATION LEFT BINDING BRACKET;Ps;0;ON;;;;;Y;;;;;
+298A;Z NOTATION RIGHT BINDING BRACKET;Pe;0;ON;;;;;Y;;;;;
+298B;LEFT SQUARE BRACKET WITH UNDERBAR;Ps;0;ON;;;;;Y;;;;;
+298C;RIGHT SQUARE BRACKET WITH UNDERBAR;Pe;0;ON;;;;;Y;;;;;
+298D;LEFT SQUARE BRACKET WITH TICK IN TOP CORNER;Ps;0;ON;;;;;Y;;;;;
+298E;RIGHT SQUARE BRACKET WITH TICK IN BOTTOM CORNER;Pe;0;ON;;;;;Y;;;;;
+298F;LEFT SQUARE BRACKET WITH TICK IN BOTTOM CORNER;Ps;0;ON;;;;;Y;;;;;
+2990;RIGHT SQUARE BRACKET WITH TICK IN TOP CORNER;Pe;0;ON;;;;;Y;;;;;
+2991;LEFT ANGLE BRACKET WITH DOT;Ps;0;ON;;;;;Y;;;;;
+2992;RIGHT ANGLE BRACKET WITH DOT;Pe;0;ON;;;;;Y;;;;;
+2993;LEFT ARC LESS-THAN BRACKET;Ps;0;ON;;;;;Y;;;;;
+2994;RIGHT ARC GREATER-THAN BRACKET;Pe;0;ON;;;;;Y;;;;;
+2995;DOUBLE LEFT ARC GREATER-THAN BRACKET;Ps;0;ON;;;;;Y;;;;;
+2996;DOUBLE RIGHT ARC LESS-THAN BRACKET;Pe;0;ON;;;;;Y;;;;;
+2997;LEFT BLACK TORTOISE SHELL BRACKET;Ps;0;ON;;;;;Y;;;;;
+2998;RIGHT BLACK TORTOISE SHELL BRACKET;Pe;0;ON;;;;;Y;;;;;
+2999;DOTTED FENCE;Sm;0;ON;;;;;N;;;;;
+299A;VERTICAL ZIGZAG LINE;Sm;0;ON;;;;;N;;;;;
+299B;MEASURED ANGLE OPENING LEFT;Sm;0;ON;;;;;Y;;;;;
+299C;RIGHT ANGLE VARIANT WITH SQUARE;Sm;0;ON;;;;;Y;;;;;
+299D;MEASURED RIGHT ANGLE WITH DOT;Sm;0;ON;;;;;Y;;;;;
+299E;ANGLE WITH S INSIDE;Sm;0;ON;;;;;Y;;;;;
+299F;ACUTE ANGLE;Sm;0;ON;;;;;Y;;;;;
+29A0;SPHERICAL ANGLE OPENING LEFT;Sm;0;ON;;;;;Y;;;;;
+29A1;SPHERICAL ANGLE OPENING UP;Sm;0;ON;;;;;Y;;;;;
+29A2;TURNED ANGLE;Sm;0;ON;;;;;Y;;;;;
+29A3;REVERSED ANGLE;Sm;0;ON;;;;;Y;;;;;
+29A4;ANGLE WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;;
+29A5;REVERSED ANGLE WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;;
+29A6;OBLIQUE ANGLE OPENING UP;Sm;0;ON;;;;;Y;;;;;
+29A7;OBLIQUE ANGLE OPENING DOWN;Sm;0;ON;;;;;Y;;;;;
+29A8;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING UP AND RIGHT;Sm;0;ON;;;;;Y;;;;;
+29A9;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING UP AND LEFT;Sm;0;ON;;;;;Y;;;;;
+29AA;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING DOWN AND RIGHT;Sm;0;ON;;;;;Y;;;;;
+29AB;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING DOWN AND LEFT;Sm;0;ON;;;;;Y;;;;;
+29AC;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING RIGHT AND UP;Sm;0;ON;;;;;Y;;;;;
+29AD;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING LEFT AND UP;Sm;0;ON;;;;;Y;;;;;
+29AE;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING RIGHT AND DOWN;Sm;0;ON;;;;;Y;;;;;
+29AF;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING LEFT AND DOWN;Sm;0;ON;;;;;Y;;;;;
+29B0;REVERSED EMPTY SET;Sm;0;ON;;;;;N;;;;;
+29B1;EMPTY SET WITH OVERBAR;Sm;0;ON;;;;;N;;;;;
+29B2;EMPTY SET WITH SMALL CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;;
+29B3;EMPTY SET WITH RIGHT ARROW ABOVE;Sm;0;ON;;;;;N;;;;;
+29B4;EMPTY SET WITH LEFT ARROW ABOVE;Sm;0;ON;;;;;N;;;;;
+29B5;CIRCLE WITH HORIZONTAL BAR;Sm;0;ON;;;;;N;;;;;
+29B6;CIRCLED VERTICAL BAR;Sm;0;ON;;;;;N;;;;;
+29B7;CIRCLED PARALLEL;Sm;0;ON;;;;;N;;;;;
+29B8;CIRCLED REVERSE SOLIDUS;Sm;0;ON;;;;;Y;;;;;
+29B9;CIRCLED PERPENDICULAR;Sm;0;ON;;;;;N;;;;;
+29BA;CIRCLE DIVIDED BY HORIZONTAL BAR AND TOP HALF DIVIDED BY VERTICAL BAR;Sm;0;ON;;;;;N;;;;;
+29BB;CIRCLE WITH SUPERIMPOSED X;Sm;0;ON;;;;;N;;;;;
+29BC;CIRCLED ANTICLOCKWISE-ROTATED DIVISION SIGN;Sm;0;ON;;;;;N;;;;;
+29BD;UP ARROW THROUGH CIRCLE;Sm;0;ON;;;;;N;;;;;
+29BE;CIRCLED WHITE BULLET;Sm;0;ON;;;;;N;;;;;
+29BF;CIRCLED BULLET;Sm;0;ON;;;;;N;;;;;
+29C0;CIRCLED LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+29C1;CIRCLED GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+29C2;CIRCLE WITH SMALL CIRCLE TO THE RIGHT;Sm;0;ON;;;;;Y;;;;;
+29C3;CIRCLE WITH TWO HORIZONTAL STROKES TO THE RIGHT;Sm;0;ON;;;;;Y;;;;;
+29C4;SQUARED RISING DIAGONAL SLASH;Sm;0;ON;;;;;Y;;;;;
+29C5;SQUARED FALLING DIAGONAL SLASH;Sm;0;ON;;;;;Y;;;;;
+29C6;SQUARED ASTERISK;Sm;0;ON;;;;;N;;;;;
+29C7;SQUARED SMALL CIRCLE;Sm;0;ON;;;;;N;;;;;
+29C8;SQUARED SQUARE;Sm;0;ON;;;;;N;;;;;
+29C9;TWO JOINED SQUARES;Sm;0;ON;;;;;Y;;;;;
+29CA;TRIANGLE WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;;
+29CB;TRIANGLE WITH UNDERBAR;Sm;0;ON;;;;;N;;;;;
+29CC;S IN TRIANGLE;Sm;0;ON;;;;;N;;;;;
+29CD;TRIANGLE WITH SERIFS AT BOTTOM;Sm;0;ON;;;;;N;;;;;
+29CE;RIGHT TRIANGLE ABOVE LEFT TRIANGLE;Sm;0;ON;;;;;Y;;;;;
+29CF;LEFT TRIANGLE BESIDE VERTICAL BAR;Sm;0;ON;;;;;Y;;;;;
+29D0;VERTICAL BAR BESIDE RIGHT TRIANGLE;Sm;0;ON;;;;;Y;;;;;
+29D1;BOWTIE WITH LEFT HALF BLACK;Sm;0;ON;;;;;Y;;;;;
+29D2;BOWTIE WITH RIGHT HALF BLACK;Sm;0;ON;;;;;Y;;;;;
+29D3;BLACK BOWTIE;Sm;0;ON;;;;;N;;;;;
+29D4;TIMES WITH LEFT HALF BLACK;Sm;0;ON;;;;;Y;;;;;
+29D5;TIMES WITH RIGHT HALF BLACK;Sm;0;ON;;;;;Y;;;;;
+29D6;WHITE HOURGLASS;Sm;0;ON;;;;;N;;;;;
+29D7;BLACK HOURGLASS;Sm;0;ON;;;;;N;;;;;
+29D8;LEFT WIGGLY FENCE;Ps;0;ON;;;;;Y;;;;;
+29D9;RIGHT WIGGLY FENCE;Pe;0;ON;;;;;Y;;;;;
+29DA;LEFT DOUBLE WIGGLY FENCE;Ps;0;ON;;;;;Y;;;;;
+29DB;RIGHT DOUBLE WIGGLY FENCE;Pe;0;ON;;;;;Y;;;;;
+29DC;INCOMPLETE INFINITY;Sm;0;ON;;;;;Y;;;;;
+29DD;TIE OVER INFINITY;Sm;0;ON;;;;;N;;;;;
+29DE;INFINITY NEGATED WITH VERTICAL BAR;Sm;0;ON;;;;;N;;;;;
+29DF;DOUBLE-ENDED MULTIMAP;Sm;0;ON;;;;;N;;;;;
+29E0;SQUARE WITH CONTOURED OUTLINE;Sm;0;ON;;;;;N;;;;;
+29E1;INCREASES AS;Sm;0;ON;;;;;Y;;;;;
+29E2;SHUFFLE PRODUCT;Sm;0;ON;;;;;N;;;;;
+29E3;EQUALS SIGN AND SLANTED PARALLEL;Sm;0;ON;;;;;Y;;;;;
+29E4;EQUALS SIGN AND SLANTED PARALLEL WITH TILDE ABOVE;Sm;0;ON;;;;;Y;;;;;
+29E5;IDENTICAL TO AND SLANTED PARALLEL;Sm;0;ON;;;;;Y;;;;;
+29E6;GLEICH STARK;Sm;0;ON;;;;;N;;;;;
+29E7;THERMODYNAMIC;Sm;0;ON;;;;;N;;;;;
+29E8;DOWN-POINTING TRIANGLE WITH LEFT HALF BLACK;Sm;0;ON;;;;;Y;;;;;
+29E9;DOWN-POINTING TRIANGLE WITH RIGHT HALF BLACK;Sm;0;ON;;;;;Y;;;;;
+29EA;BLACK DIAMOND WITH DOWN ARROW;Sm;0;ON;;;;;N;;;;;
+29EB;BLACK LOZENGE;Sm;0;ON;;;;;N;;;;;
+29EC;WHITE CIRCLE WITH DOWN ARROW;Sm;0;ON;;;;;N;;;;;
+29ED;BLACK CIRCLE WITH DOWN ARROW;Sm;0;ON;;;;;N;;;;;
+29EE;ERROR-BARRED WHITE SQUARE;Sm;0;ON;;;;;N;;;;;
+29EF;ERROR-BARRED BLACK SQUARE;Sm;0;ON;;;;;N;;;;;
+29F0;ERROR-BARRED WHITE DIAMOND;Sm;0;ON;;;;;N;;;;;
+29F1;ERROR-BARRED BLACK DIAMOND;Sm;0;ON;;;;;N;;;;;
+29F2;ERROR-BARRED WHITE CIRCLE;Sm;0;ON;;;;;N;;;;;
+29F3;ERROR-BARRED BLACK CIRCLE;Sm;0;ON;;;;;N;;;;;
+29F4;RULE-DELAYED;Sm;0;ON;;;;;Y;;;;;
+29F5;REVERSE SOLIDUS OPERATOR;Sm;0;ON;;;;;Y;;;;;
+29F6;SOLIDUS WITH OVERBAR;Sm;0;ON;;;;;Y;;;;;
+29F7;REVERSE SOLIDUS WITH HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;;
+29F8;BIG SOLIDUS;Sm;0;ON;;;;;Y;;;;;
+29F9;BIG REVERSE SOLIDUS;Sm;0;ON;;;;;Y;;;;;
+29FA;DOUBLE PLUS;Sm;0;ON;;;;;N;;;;;
+29FB;TRIPLE PLUS;Sm;0;ON;;;;;N;;;;;
+29FC;LEFT-POINTING CURVED ANGLE BRACKET;Ps;0;ON;;;;;Y;;;;;
+29FD;RIGHT-POINTING CURVED ANGLE BRACKET;Pe;0;ON;;;;;Y;;;;;
+29FE;TINY;Sm;0;ON;;;;;N;;;;;
+29FF;MINY;Sm;0;ON;;;;;N;;;;;
+2A00;N-ARY CIRCLED DOT OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A01;N-ARY CIRCLED PLUS OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A02;N-ARY CIRCLED TIMES OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A03;N-ARY UNION OPERATOR WITH DOT;Sm;0;ON;;;;;N;;;;;
+2A04;N-ARY UNION OPERATOR WITH PLUS;Sm;0;ON;;;;;N;;;;;
+2A05;N-ARY SQUARE INTERSECTION OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A06;N-ARY SQUARE UNION OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A07;TWO LOGICAL AND OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A08;TWO LOGICAL OR OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A09;N-ARY TIMES OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A0A;MODULO TWO SUM;Sm;0;ON;;;;;Y;;;;;
+2A0B;SUMMATION WITH INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+2A0C;QUADRUPLE INTEGRAL OPERATOR;Sm;0;ON;<compat> 222B 222B 222B 222B;;;;Y;;;;;
+2A0D;FINITE PART INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+2A0E;INTEGRAL WITH DOUBLE STROKE;Sm;0;ON;;;;;Y;;;;;
+2A0F;INTEGRAL AVERAGE WITH SLASH;Sm;0;ON;;;;;Y;;;;;
+2A10;CIRCULATION FUNCTION;Sm;0;ON;;;;;Y;;;;;
+2A11;ANTICLOCKWISE INTEGRATION;Sm;0;ON;;;;;Y;;;;;
+2A12;LINE INTEGRATION WITH RECTANGULAR PATH AROUND POLE;Sm;0;ON;;;;;Y;;;;;
+2A13;LINE INTEGRATION WITH SEMICIRCULAR PATH AROUND POLE;Sm;0;ON;;;;;Y;;;;;
+2A14;LINE INTEGRATION NOT INCLUDING THE POLE;Sm;0;ON;;;;;Y;;;;;
+2A15;INTEGRAL AROUND A POINT OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2A16;QUATERNION INTEGRAL OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2A17;INTEGRAL WITH LEFTWARDS ARROW WITH HOOK;Sm;0;ON;;;;;Y;;;;;
+2A18;INTEGRAL WITH TIMES SIGN;Sm;0;ON;;;;;Y;;;;;
+2A19;INTEGRAL WITH INTERSECTION;Sm;0;ON;;;;;Y;;;;;
+2A1A;INTEGRAL WITH UNION;Sm;0;ON;;;;;Y;;;;;
+2A1B;INTEGRAL WITH OVERBAR;Sm;0;ON;;;;;Y;;;;;
+2A1C;INTEGRAL WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;;
+2A1D;JOIN;Sm;0;ON;;;;;N;;;;;
+2A1E;LARGE LEFT TRIANGLE OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2A1F;Z NOTATION SCHEMA COMPOSITION;Sm;0;ON;;;;;Y;;;;;
+2A20;Z NOTATION SCHEMA PIPING;Sm;0;ON;;;;;Y;;;;;
+2A21;Z NOTATION SCHEMA PROJECTION;Sm;0;ON;;;;;Y;;;;;
+2A22;PLUS SIGN WITH SMALL CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;;
+2A23;PLUS SIGN WITH CIRCUMFLEX ACCENT ABOVE;Sm;0;ON;;;;;N;;;;;
+2A24;PLUS SIGN WITH TILDE ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A25;PLUS SIGN WITH DOT BELOW;Sm;0;ON;;;;;N;;;;;
+2A26;PLUS SIGN WITH TILDE BELOW;Sm;0;ON;;;;;Y;;;;;
+2A27;PLUS SIGN WITH SUBSCRIPT TWO;Sm;0;ON;;;;;N;;;;;
+2A28;PLUS SIGN WITH BLACK TRIANGLE;Sm;0;ON;;;;;N;;;;;
+2A29;MINUS SIGN WITH COMMA ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A2A;MINUS SIGN WITH DOT BELOW;Sm;0;ON;;;;;N;;;;;
+2A2B;MINUS SIGN WITH FALLING DOTS;Sm;0;ON;;;;;Y;;;;;
+2A2C;MINUS SIGN WITH RISING DOTS;Sm;0;ON;;;;;Y;;;;;
+2A2D;PLUS SIGN IN LEFT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;;
+2A2E;PLUS SIGN IN RIGHT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;;
+2A2F;VECTOR OR CROSS PRODUCT;Sm;0;ON;;;;;N;;;;;
+2A30;MULTIPLICATION SIGN WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;;
+2A31;MULTIPLICATION SIGN WITH UNDERBAR;Sm;0;ON;;;;;N;;;;;
+2A32;SEMIDIRECT PRODUCT WITH BOTTOM CLOSED;Sm;0;ON;;;;;N;;;;;
+2A33;SMASH PRODUCT;Sm;0;ON;;;;;N;;;;;
+2A34;MULTIPLICATION SIGN IN LEFT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;;
+2A35;MULTIPLICATION SIGN IN RIGHT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;;
+2A36;CIRCLED MULTIPLICATION SIGN WITH CIRCUMFLEX ACCENT;Sm;0;ON;;;;;N;;;;;
+2A37;MULTIPLICATION SIGN IN DOUBLE CIRCLE;Sm;0;ON;;;;;N;;;;;
+2A38;CIRCLED DIVISION SIGN;Sm;0;ON;;;;;N;;;;;
+2A39;PLUS SIGN IN TRIANGLE;Sm;0;ON;;;;;N;;;;;
+2A3A;MINUS SIGN IN TRIANGLE;Sm;0;ON;;;;;N;;;;;
+2A3B;MULTIPLICATION SIGN IN TRIANGLE;Sm;0;ON;;;;;N;;;;;
+2A3C;INTERIOR PRODUCT;Sm;0;ON;;;;;Y;;;;;
+2A3D;RIGHTHAND INTERIOR PRODUCT;Sm;0;ON;;;;;Y;;;;;
+2A3E;Z NOTATION RELATIONAL COMPOSITION;Sm;0;ON;;;;;Y;;;;;
+2A3F;AMALGAMATION OR COPRODUCT;Sm;0;ON;;;;;N;;;;;
+2A40;INTERSECTION WITH DOT;Sm;0;ON;;;;;N;;;;;
+2A41;UNION WITH MINUS SIGN;Sm;0;ON;;;;;N;;;;;
+2A42;UNION WITH OVERBAR;Sm;0;ON;;;;;N;;;;;
+2A43;INTERSECTION WITH OVERBAR;Sm;0;ON;;;;;N;;;;;
+2A44;INTERSECTION WITH LOGICAL AND;Sm;0;ON;;;;;N;;;;;
+2A45;UNION WITH LOGICAL OR;Sm;0;ON;;;;;N;;;;;
+2A46;UNION ABOVE INTERSECTION;Sm;0;ON;;;;;N;;;;;
+2A47;INTERSECTION ABOVE UNION;Sm;0;ON;;;;;N;;;;;
+2A48;UNION ABOVE BAR ABOVE INTERSECTION;Sm;0;ON;;;;;N;;;;;
+2A49;INTERSECTION ABOVE BAR ABOVE UNION;Sm;0;ON;;;;;N;;;;;
+2A4A;UNION BESIDE AND JOINED WITH UNION;Sm;0;ON;;;;;N;;;;;
+2A4B;INTERSECTION BESIDE AND JOINED WITH INTERSECTION;Sm;0;ON;;;;;N;;;;;
+2A4C;CLOSED UNION WITH SERIFS;Sm;0;ON;;;;;N;;;;;
+2A4D;CLOSED INTERSECTION WITH SERIFS;Sm;0;ON;;;;;N;;;;;
+2A4E;DOUBLE SQUARE INTERSECTION;Sm;0;ON;;;;;N;;;;;
+2A4F;DOUBLE SQUARE UNION;Sm;0;ON;;;;;N;;;;;
+2A50;CLOSED UNION WITH SERIFS AND SMASH PRODUCT;Sm;0;ON;;;;;N;;;;;
+2A51;LOGICAL AND WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;;
+2A52;LOGICAL OR WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;;
+2A53;DOUBLE LOGICAL AND;Sm;0;ON;;;;;N;;;;;
+2A54;DOUBLE LOGICAL OR;Sm;0;ON;;;;;N;;;;;
+2A55;TWO INTERSECTING LOGICAL AND;Sm;0;ON;;;;;N;;;;;
+2A56;TWO INTERSECTING LOGICAL OR;Sm;0;ON;;;;;N;;;;;
+2A57;SLOPING LARGE OR;Sm;0;ON;;;;;Y;;;;;
+2A58;SLOPING LARGE AND;Sm;0;ON;;;;;Y;;;;;
+2A59;LOGICAL OR OVERLAPPING LOGICAL AND;Sm;0;ON;;;;;N;;;;;
+2A5A;LOGICAL AND WITH MIDDLE STEM;Sm;0;ON;;;;;N;;;;;
+2A5B;LOGICAL OR WITH MIDDLE STEM;Sm;0;ON;;;;;N;;;;;
+2A5C;LOGICAL AND WITH HORIZONTAL DASH;Sm;0;ON;;;;;N;;;;;
+2A5D;LOGICAL OR WITH HORIZONTAL DASH;Sm;0;ON;;;;;N;;;;;
+2A5E;LOGICAL AND WITH DOUBLE OVERBAR;Sm;0;ON;;;;;N;;;;;
+2A5F;LOGICAL AND WITH UNDERBAR;Sm;0;ON;;;;;N;;;;;
+2A60;LOGICAL AND WITH DOUBLE UNDERBAR;Sm;0;ON;;;;;N;;;;;
+2A61;SMALL VEE WITH UNDERBAR;Sm;0;ON;;;;;N;;;;;
+2A62;LOGICAL OR WITH DOUBLE OVERBAR;Sm;0;ON;;;;;N;;;;;
+2A63;LOGICAL OR WITH DOUBLE UNDERBAR;Sm;0;ON;;;;;N;;;;;
+2A64;Z NOTATION DOMAIN ANTIRESTRICTION;Sm;0;ON;;;;;Y;;;;;
+2A65;Z NOTATION RANGE ANTIRESTRICTION;Sm;0;ON;;;;;Y;;;;;
+2A66;EQUALS SIGN WITH DOT BELOW;Sm;0;ON;;;;;N;;;;;
+2A67;IDENTICAL WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;;
+2A68;TRIPLE HORIZONTAL BAR WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2A69;TRIPLE HORIZONTAL BAR WITH TRIPLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2A6A;TILDE OPERATOR WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A6B;TILDE OPERATOR WITH RISING DOTS;Sm;0;ON;;;;;Y;;;;;
+2A6C;SIMILAR MINUS SIMILAR;Sm;0;ON;;;;;Y;;;;;
+2A6D;CONGRUENT WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A6E;EQUALS WITH ASTERISK;Sm;0;ON;;;;;N;;;;;
+2A6F;ALMOST EQUAL TO WITH CIRCUMFLEX ACCENT;Sm;0;ON;;;;;Y;;;;;
+2A70;APPROXIMATELY EQUAL OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2A71;EQUALS SIGN ABOVE PLUS SIGN;Sm;0;ON;;;;;N;;;;;
+2A72;PLUS SIGN ABOVE EQUALS SIGN;Sm;0;ON;;;;;N;;;;;
+2A73;EQUALS SIGN ABOVE TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2A74;DOUBLE COLON EQUAL;Sm;0;ON;<compat> 003A 003A 003D;;;;Y;;;;;
+2A75;TWO CONSECUTIVE EQUALS SIGNS;Sm;0;ON;<compat> 003D 003D;;;;N;;;;;
+2A76;THREE CONSECUTIVE EQUALS SIGNS;Sm;0;ON;<compat> 003D 003D 003D;;;;N;;;;;
+2A77;EQUALS SIGN WITH TWO DOTS ABOVE AND TWO DOTS BELOW;Sm;0;ON;;;;;N;;;;;
+2A78;EQUIVALENT WITH FOUR DOTS ABOVE;Sm;0;ON;;;;;N;;;;;
+2A79;LESS-THAN WITH CIRCLE INSIDE;Sm;0;ON;;;;;Y;;;;;
+2A7A;GREATER-THAN WITH CIRCLE INSIDE;Sm;0;ON;;;;;Y;;;;;
+2A7B;LESS-THAN WITH QUESTION MARK ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A7C;GREATER-THAN WITH QUESTION MARK ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A7D;LESS-THAN OR SLANTED EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2A7E;GREATER-THAN OR SLANTED EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2A7F;LESS-THAN OR SLANTED EQUAL TO WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;;
+2A80;GREATER-THAN OR SLANTED EQUAL TO WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;;
+2A81;LESS-THAN OR SLANTED EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A82;GREATER-THAN OR SLANTED EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A83;LESS-THAN OR SLANTED EQUAL TO WITH DOT ABOVE RIGHT;Sm;0;ON;;;;;Y;;;;;
+2A84;GREATER-THAN OR SLANTED EQUAL TO WITH DOT ABOVE LEFT;Sm;0;ON;;;;;Y;;;;;
+2A85;LESS-THAN OR APPROXIMATE;Sm;0;ON;;;;;Y;;;;;
+2A86;GREATER-THAN OR APPROXIMATE;Sm;0;ON;;;;;Y;;;;;
+2A87;LESS-THAN AND SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2A88;GREATER-THAN AND SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2A89;LESS-THAN AND NOT APPROXIMATE;Sm;0;ON;;;;;Y;;;;;
+2A8A;GREATER-THAN AND NOT APPROXIMATE;Sm;0;ON;;;;;Y;;;;;
+2A8B;LESS-THAN ABOVE DOUBLE-LINE EQUAL ABOVE GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2A8C;GREATER-THAN ABOVE DOUBLE-LINE EQUAL ABOVE LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2A8D;LESS-THAN ABOVE SIMILAR OR EQUAL;Sm;0;ON;;;;;Y;;;;;
+2A8E;GREATER-THAN ABOVE SIMILAR OR EQUAL;Sm;0;ON;;;;;Y;;;;;
+2A8F;LESS-THAN ABOVE SIMILAR ABOVE GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2A90;GREATER-THAN ABOVE SIMILAR ABOVE LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2A91;LESS-THAN ABOVE GREATER-THAN ABOVE DOUBLE-LINE EQUAL;Sm;0;ON;;;;;Y;;;;;
+2A92;GREATER-THAN ABOVE LESS-THAN ABOVE DOUBLE-LINE EQUAL;Sm;0;ON;;;;;Y;;;;;
+2A93;LESS-THAN ABOVE SLANTED EQUAL ABOVE GREATER-THAN ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;;
+2A94;GREATER-THAN ABOVE SLANTED EQUAL ABOVE LESS-THAN ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;;
+2A95;SLANTED EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2A96;SLANTED EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2A97;SLANTED EQUAL TO OR LESS-THAN WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;;
+2A98;SLANTED EQUAL TO OR GREATER-THAN WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;;
+2A99;DOUBLE-LINE EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2A9A;DOUBLE-LINE EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2A9B;DOUBLE-LINE SLANTED EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2A9C;DOUBLE-LINE SLANTED EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2A9D;SIMILAR OR LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2A9E;SIMILAR OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2A9F;SIMILAR ABOVE LESS-THAN ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AA0;SIMILAR ABOVE GREATER-THAN ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AA1;DOUBLE NESTED LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2AA2;DOUBLE NESTED GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2AA3;DOUBLE NESTED LESS-THAN WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;;
+2AA4;GREATER-THAN OVERLAPPING LESS-THAN;Sm;0;ON;;;;;N;;;;;
+2AA5;GREATER-THAN BESIDE LESS-THAN;Sm;0;ON;;;;;N;;;;;
+2AA6;LESS-THAN CLOSED BY CURVE;Sm;0;ON;;;;;Y;;;;;
+2AA7;GREATER-THAN CLOSED BY CURVE;Sm;0;ON;;;;;Y;;;;;
+2AA8;LESS-THAN CLOSED BY CURVE ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;;
+2AA9;GREATER-THAN CLOSED BY CURVE ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;;
+2AAA;SMALLER THAN;Sm;0;ON;;;;;Y;;;;;
+2AAB;LARGER THAN;Sm;0;ON;;;;;Y;;;;;
+2AAC;SMALLER THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AAD;LARGER THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AAE;EQUALS SIGN WITH BUMPY ABOVE;Sm;0;ON;;;;;N;;;;;
+2AAF;PRECEDES ABOVE SINGLE-LINE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AB0;SUCCEEDS ABOVE SINGLE-LINE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AB1;PRECEDES ABOVE SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AB2;SUCCEEDS ABOVE SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AB3;PRECEDES ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AB4;SUCCEEDS ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AB5;PRECEDES ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AB6;SUCCEEDS ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AB7;PRECEDES ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AB8;SUCCEEDS ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AB9;PRECEDES ABOVE NOT ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2ABA;SUCCEEDS ABOVE NOT ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2ABB;DOUBLE PRECEDES;Sm;0;ON;;;;;Y;;;;;
+2ABC;DOUBLE SUCCEEDS;Sm;0;ON;;;;;Y;;;;;
+2ABD;SUBSET WITH DOT;Sm;0;ON;;;;;Y;;;;;
+2ABE;SUPERSET WITH DOT;Sm;0;ON;;;;;Y;;;;;
+2ABF;SUBSET WITH PLUS SIGN BELOW;Sm;0;ON;;;;;Y;;;;;
+2AC0;SUPERSET WITH PLUS SIGN BELOW;Sm;0;ON;;;;;Y;;;;;
+2AC1;SUBSET WITH MULTIPLICATION SIGN BELOW;Sm;0;ON;;;;;Y;;;;;
+2AC2;SUPERSET WITH MULTIPLICATION SIGN BELOW;Sm;0;ON;;;;;Y;;;;;
+2AC3;SUBSET OF OR EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;;
+2AC4;SUPERSET OF OR EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;;
+2AC5;SUBSET OF ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AC6;SUPERSET OF ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AC7;SUBSET OF ABOVE TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2AC8;SUPERSET OF ABOVE TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2AC9;SUBSET OF ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2ACA;SUPERSET OF ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2ACB;SUBSET OF ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2ACC;SUPERSET OF ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2ACD;SQUARE LEFT OPEN BOX OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2ACE;SQUARE RIGHT OPEN BOX OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2ACF;CLOSED SUBSET;Sm;0;ON;;;;;Y;;;;;
+2AD0;CLOSED SUPERSET;Sm;0;ON;;;;;Y;;;;;
+2AD1;CLOSED SUBSET OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AD2;CLOSED SUPERSET OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AD3;SUBSET ABOVE SUPERSET;Sm;0;ON;;;;;Y;;;;;
+2AD4;SUPERSET ABOVE SUBSET;Sm;0;ON;;;;;Y;;;;;
+2AD5;SUBSET ABOVE SUBSET;Sm;0;ON;;;;;Y;;;;;
+2AD6;SUPERSET ABOVE SUPERSET;Sm;0;ON;;;;;Y;;;;;
+2AD7;SUPERSET BESIDE SUBSET;Sm;0;ON;;;;;N;;;;;
+2AD8;SUPERSET BESIDE AND JOINED BY DASH WITH SUBSET;Sm;0;ON;;;;;N;;;;;
+2AD9;ELEMENT OF OPENING DOWNWARDS;Sm;0;ON;;;;;N;;;;;
+2ADA;PITCHFORK WITH TEE TOP;Sm;0;ON;;;;;N;;;;;
+2ADB;TRANSVERSAL INTERSECTION;Sm;0;ON;;;;;N;;;;;
+2ADC;FORKING;Sm;0;ON;2ADD 0338;;;;Y;;not independent;;;
+2ADD;NONFORKING;Sm;0;ON;;;;;N;;independent;;;
+2ADE;SHORT LEFT TACK;Sm;0;ON;;;;;Y;;;;;
+2ADF;SHORT DOWN TACK;Sm;0;ON;;;;;N;;;;;
+2AE0;SHORT UP TACK;Sm;0;ON;;;;;N;;;;;
+2AE1;PERPENDICULAR WITH S;Sm;0;ON;;;;;N;;;;;
+2AE2;VERTICAL BAR TRIPLE RIGHT TURNSTILE;Sm;0;ON;;;;;Y;;;;;
+2AE3;DOUBLE VERTICAL BAR LEFT TURNSTILE;Sm;0;ON;;;;;Y;;;;;
+2AE4;VERTICAL BAR DOUBLE LEFT TURNSTILE;Sm;0;ON;;;;;Y;;;;;
+2AE5;DOUBLE VERTICAL BAR DOUBLE LEFT TURNSTILE;Sm;0;ON;;;;;Y;;;;;
+2AE6;LONG DASH FROM LEFT MEMBER OF DOUBLE VERTICAL;Sm;0;ON;;;;;Y;;;;;
+2AE7;SHORT DOWN TACK WITH OVERBAR;Sm;0;ON;;;;;N;;;;;
+2AE8;SHORT UP TACK WITH UNDERBAR;Sm;0;ON;;;;;N;;;;;
+2AE9;SHORT UP TACK ABOVE SHORT DOWN TACK;Sm;0;ON;;;;;N;;;;;
+2AEA;DOUBLE DOWN TACK;Sm;0;ON;;;;;N;;;;;
+2AEB;DOUBLE UP TACK;Sm;0;ON;;;;;N;;;;;
+2AEC;DOUBLE STROKE NOT SIGN;Sm;0;ON;;;;;Y;;;;;
+2AED;REVERSED DOUBLE STROKE NOT SIGN;Sm;0;ON;;;;;Y;;;;;
+2AEE;DOES NOT DIVIDE WITH REVERSED NEGATION SLASH;Sm;0;ON;;;;;Y;;;;;
+2AEF;VERTICAL LINE WITH CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;;
+2AF0;VERTICAL LINE WITH CIRCLE BELOW;Sm;0;ON;;;;;N;;;;;
+2AF1;DOWN TACK WITH CIRCLE BELOW;Sm;0;ON;;;;;N;;;;;
+2AF2;PARALLEL WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;;
+2AF3;PARALLEL WITH TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2AF4;TRIPLE VERTICAL BAR BINARY RELATION;Sm;0;ON;;;;;N;;;;;
+2AF5;TRIPLE VERTICAL BAR WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;;
+2AF6;TRIPLE COLON OPERATOR;Sm;0;ON;;;;;N;;;;;
+2AF7;TRIPLE NESTED LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2AF8;TRIPLE NESTED GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2AF9;DOUBLE-LINE SLANTED LESS-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AFA;DOUBLE-LINE SLANTED GREATER-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AFB;TRIPLE SOLIDUS BINARY RELATION;Sm;0;ON;;;;;Y;;;;;
+2AFC;LARGE TRIPLE VERTICAL BAR OPERATOR;Sm;0;ON;;;;;N;;;;;
+2AFD;DOUBLE SOLIDUS OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2AFE;WHITE VERTICAL BAR;Sm;0;ON;;;;;N;;;;;
+2AFF;N-ARY WHITE VERTICAL BAR;Sm;0;ON;;;;;N;;;;;
+2E80;CJK RADICAL REPEAT;So;0;ON;;;;;N;;;;;
+2E81;CJK RADICAL CLIFF;So;0;ON;;;;;N;;;;;
+2E82;CJK RADICAL SECOND ONE;So;0;ON;;;;;N;;;;;
+2E83;CJK RADICAL SECOND TWO;So;0;ON;;;;;N;;;;;
+2E84;CJK RADICAL SECOND THREE;So;0;ON;;;;;N;;;;;
+2E85;CJK RADICAL PERSON;So;0;ON;;;;;N;;;;;
+2E86;CJK RADICAL BOX;So;0;ON;;;;;N;;;;;
+2E87;CJK RADICAL TABLE;So;0;ON;;;;;N;;;;;
+2E88;CJK RADICAL KNIFE ONE;So;0;ON;;;;;N;;;;;
+2E89;CJK RADICAL KNIFE TWO;So;0;ON;;;;;N;;;;;
+2E8A;CJK RADICAL DIVINATION;So;0;ON;;;;;N;;;;;
+2E8B;CJK RADICAL SEAL;So;0;ON;;;;;N;;;;;
+2E8C;CJK RADICAL SMALL ONE;So;0;ON;;;;;N;;;;;
+2E8D;CJK RADICAL SMALL TWO;So;0;ON;;;;;N;;;;;
+2E8E;CJK RADICAL LAME ONE;So;0;ON;;;;;N;;;;;
+2E8F;CJK RADICAL LAME TWO;So;0;ON;;;;;N;;;;;
+2E90;CJK RADICAL LAME THREE;So;0;ON;;;;;N;;;;;
+2E91;CJK RADICAL LAME FOUR;So;0;ON;;;;;N;;;;;
+2E92;CJK RADICAL SNAKE;So;0;ON;;;;;N;;;;;
+2E93;CJK RADICAL THREAD;So;0;ON;;;;;N;;;;;
+2E94;CJK RADICAL SNOUT ONE;So;0;ON;;;;;N;;;;;
+2E95;CJK RADICAL SNOUT TWO;So;0;ON;;;;;N;;;;;
+2E96;CJK RADICAL HEART ONE;So;0;ON;;;;;N;;;;;
+2E97;CJK RADICAL HEART TWO;So;0;ON;;;;;N;;;;;
+2E98;CJK RADICAL HAND;So;0;ON;;;;;N;;;;;
+2E99;CJK RADICAL RAP;So;0;ON;;;;;N;;;;;
+2E9B;CJK RADICAL CHOKE;So;0;ON;;;;;N;;;;;
+2E9C;CJK RADICAL SUN;So;0;ON;;;;;N;;;;;
+2E9D;CJK RADICAL MOON;So;0;ON;;;;;N;;;;;
+2E9E;CJK RADICAL DEATH;So;0;ON;;;;;N;;;;;
+2E9F;CJK RADICAL MOTHER;So;0;ON;<compat> 6BCD;;;;N;;;;;
+2EA0;CJK RADICAL CIVILIAN;So;0;ON;;;;;N;;;;;
+2EA1;CJK RADICAL WATER ONE;So;0;ON;;;;;N;;;;;
+2EA2;CJK RADICAL WATER TWO;So;0;ON;;;;;N;;;;;
+2EA3;CJK RADICAL FIRE;So;0;ON;;;;;N;;;;;
+2EA4;CJK RADICAL PAW ONE;So;0;ON;;;;;N;;;;;
+2EA5;CJK RADICAL PAW TWO;So;0;ON;;;;;N;;;;;
+2EA6;CJK RADICAL SIMPLIFIED HALF TREE TRUNK;So;0;ON;;;;;N;;;;;
+2EA7;CJK RADICAL COW;So;0;ON;;;;;N;;;;;
+2EA8;CJK RADICAL DOG;So;0;ON;;;;;N;;;;;
+2EA9;CJK RADICAL JADE;So;0;ON;;;;;N;;;;;
+2EAA;CJK RADICAL BOLT OF CLOTH;So;0;ON;;;;;N;;;;;
+2EAB;CJK RADICAL EYE;So;0;ON;;;;;N;;;;;
+2EAC;CJK RADICAL SPIRIT ONE;So;0;ON;;;;;N;;;;;
+2EAD;CJK RADICAL SPIRIT TWO;So;0;ON;;;;;N;;;;;
+2EAE;CJK RADICAL BAMBOO;So;0;ON;;;;;N;;;;;
+2EAF;CJK RADICAL SILK;So;0;ON;;;;;N;;;;;
+2EB0;CJK RADICAL C-SIMPLIFIED SILK;So;0;ON;;;;;N;;;;;
+2EB1;CJK RADICAL NET ONE;So;0;ON;;;;;N;;;;;
+2EB2;CJK RADICAL NET TWO;So;0;ON;;;;;N;;;;;
+2EB3;CJK RADICAL NET THREE;So;0;ON;;;;;N;;;;;
+2EB4;CJK RADICAL NET FOUR;So;0;ON;;;;;N;;;;;
+2EB5;CJK RADICAL MESH;So;0;ON;;;;;N;;;;;
+2EB6;CJK RADICAL SHEEP;So;0;ON;;;;;N;;;;;
+2EB7;CJK RADICAL RAM;So;0;ON;;;;;N;;;;;
+2EB8;CJK RADICAL EWE;So;0;ON;;;;;N;;;;;
+2EB9;CJK RADICAL OLD;So;0;ON;;;;;N;;;;;
+2EBA;CJK RADICAL BRUSH ONE;So;0;ON;;;;;N;;;;;
+2EBB;CJK RADICAL BRUSH TWO;So;0;ON;;;;;N;;;;;
+2EBC;CJK RADICAL MEAT;So;0;ON;;;;;N;;;;;
+2EBD;CJK RADICAL MORTAR;So;0;ON;;;;;N;;;;;
+2EBE;CJK RADICAL GRASS ONE;So;0;ON;;;;;N;;;;;
+2EBF;CJK RADICAL GRASS TWO;So;0;ON;;;;;N;;;;;
+2EC0;CJK RADICAL GRASS THREE;So;0;ON;;;;;N;;;;;
+2EC1;CJK RADICAL TIGER;So;0;ON;;;;;N;;;;;
+2EC2;CJK RADICAL CLOTHES;So;0;ON;;;;;N;;;;;
+2EC3;CJK RADICAL WEST ONE;So;0;ON;;;;;N;;;;;
+2EC4;CJK RADICAL WEST TWO;So;0;ON;;;;;N;;;;;
+2EC5;CJK RADICAL C-SIMPLIFIED SEE;So;0;ON;;;;;N;;;;;
+2EC6;CJK RADICAL SIMPLIFIED HORN;So;0;ON;;;;;N;;;;;
+2EC7;CJK RADICAL HORN;So;0;ON;;;;;N;;;;;
+2EC8;CJK RADICAL C-SIMPLIFIED SPEECH;So;0;ON;;;;;N;;;;;
+2EC9;CJK RADICAL C-SIMPLIFIED SHELL;So;0;ON;;;;;N;;;;;
+2ECA;CJK RADICAL FOOT;So;0;ON;;;;;N;;;;;
+2ECB;CJK RADICAL C-SIMPLIFIED CART;So;0;ON;;;;;N;;;;;
+2ECC;CJK RADICAL SIMPLIFIED WALK;So;0;ON;;;;;N;;;;;
+2ECD;CJK RADICAL WALK ONE;So;0;ON;;;;;N;;;;;
+2ECE;CJK RADICAL WALK TWO;So;0;ON;;;;;N;;;;;
+2ECF;CJK RADICAL CITY;So;0;ON;;;;;N;;;;;
+2ED0;CJK RADICAL C-SIMPLIFIED GOLD;So;0;ON;;;;;N;;;;;
+2ED1;CJK RADICAL LONG ONE;So;0;ON;;;;;N;;;;;
+2ED2;CJK RADICAL LONG TWO;So;0;ON;;;;;N;;;;;
+2ED3;CJK RADICAL C-SIMPLIFIED LONG;So;0;ON;;;;;N;;;;;
+2ED4;CJK RADICAL C-SIMPLIFIED GATE;So;0;ON;;;;;N;;;;;
+2ED5;CJK RADICAL MOUND ONE;So;0;ON;;;;;N;;;;;
+2ED6;CJK RADICAL MOUND TWO;So;0;ON;;;;;N;;;;;
+2ED7;CJK RADICAL RAIN;So;0;ON;;;;;N;;;;;
+2ED8;CJK RADICAL BLUE;So;0;ON;;;;;N;;;;;
+2ED9;CJK RADICAL C-SIMPLIFIED TANNED LEATHER;So;0;ON;;;;;N;;;;;
+2EDA;CJK RADICAL C-SIMPLIFIED LEAF;So;0;ON;;;;;N;;;;;
+2EDB;CJK RADICAL C-SIMPLIFIED WIND;So;0;ON;;;;;N;;;;;
+2EDC;CJK RADICAL C-SIMPLIFIED FLY;So;0;ON;;;;;N;;;;;
+2EDD;CJK RADICAL EAT ONE;So;0;ON;;;;;N;;;;;
+2EDE;CJK RADICAL EAT TWO;So;0;ON;;;;;N;;;;;
+2EDF;CJK RADICAL EAT THREE;So;0;ON;;;;;N;;;;;
+2EE0;CJK RADICAL C-SIMPLIFIED EAT;So;0;ON;;;;;N;;;;;
+2EE1;CJK RADICAL HEAD;So;0;ON;;;;;N;;;;;
+2EE2;CJK RADICAL C-SIMPLIFIED HORSE;So;0;ON;;;;;N;;;;;
+2EE3;CJK RADICAL BONE;So;0;ON;;;;;N;;;;;
+2EE4;CJK RADICAL GHOST;So;0;ON;;;;;N;;;;;
+2EE5;CJK RADICAL C-SIMPLIFIED FISH;So;0;ON;;;;;N;;;;;
+2EE6;CJK RADICAL C-SIMPLIFIED BIRD;So;0;ON;;;;;N;;;;;
+2EE7;CJK RADICAL C-SIMPLIFIED SALT;So;0;ON;;;;;N;;;;;
+2EE8;CJK RADICAL SIMPLIFIED WHEAT;So;0;ON;;;;;N;;;;;
+2EE9;CJK RADICAL SIMPLIFIED YELLOW;So;0;ON;;;;;N;;;;;
+2EEA;CJK RADICAL C-SIMPLIFIED FROG;So;0;ON;;;;;N;;;;;
+2EEB;CJK RADICAL J-SIMPLIFIED EVEN;So;0;ON;;;;;N;;;;;
+2EEC;CJK RADICAL C-SIMPLIFIED EVEN;So;0;ON;;;;;N;;;;;
+2EED;CJK RADICAL J-SIMPLIFIED TOOTH;So;0;ON;;;;;N;;;;;
+2EEE;CJK RADICAL C-SIMPLIFIED TOOTH;So;0;ON;;;;;N;;;;;
+2EEF;CJK RADICAL J-SIMPLIFIED DRAGON;So;0;ON;;;;;N;;;;;
+2EF0;CJK RADICAL C-SIMPLIFIED DRAGON;So;0;ON;;;;;N;;;;;
+2EF1;CJK RADICAL TURTLE;So;0;ON;;;;;N;;;;;
+2EF2;CJK RADICAL J-SIMPLIFIED TURTLE;So;0;ON;;;;;N;;;;;
+2EF3;CJK RADICAL C-SIMPLIFIED TURTLE;So;0;ON;<compat> 9F9F;;;;N;;;;;
+2F00;KANGXI RADICAL ONE;So;0;ON;<compat> 4E00;;;;N;;;;;
+2F01;KANGXI RADICAL LINE;So;0;ON;<compat> 4E28;;;;N;;;;;
+2F02;KANGXI RADICAL DOT;So;0;ON;<compat> 4E36;;;;N;;;;;
+2F03;KANGXI RADICAL SLASH;So;0;ON;<compat> 4E3F;;;;N;;;;;
+2F04;KANGXI RADICAL SECOND;So;0;ON;<compat> 4E59;;;;N;;;;;
+2F05;KANGXI RADICAL HOOK;So;0;ON;<compat> 4E85;;;;N;;;;;
+2F06;KANGXI RADICAL TWO;So;0;ON;<compat> 4E8C;;;;N;;;;;
+2F07;KANGXI RADICAL LID;So;0;ON;<compat> 4EA0;;;;N;;;;;
+2F08;KANGXI RADICAL MAN;So;0;ON;<compat> 4EBA;;;;N;;;;;
+2F09;KANGXI RADICAL LEGS;So;0;ON;<compat> 513F;;;;N;;;;;
+2F0A;KANGXI RADICAL ENTER;So;0;ON;<compat> 5165;;;;N;;;;;
+2F0B;KANGXI RADICAL EIGHT;So;0;ON;<compat> 516B;;;;N;;;;;
+2F0C;KANGXI RADICAL DOWN BOX;So;0;ON;<compat> 5182;;;;N;;;;;
+2F0D;KANGXI RADICAL COVER;So;0;ON;<compat> 5196;;;;N;;;;;
+2F0E;KANGXI RADICAL ICE;So;0;ON;<compat> 51AB;;;;N;;;;;
+2F0F;KANGXI RADICAL TABLE;So;0;ON;<compat> 51E0;;;;N;;;;;
+2F10;KANGXI RADICAL OPEN BOX;So;0;ON;<compat> 51F5;;;;N;;;;;
+2F11;KANGXI RADICAL KNIFE;So;0;ON;<compat> 5200;;;;N;;;;;
+2F12;KANGXI RADICAL POWER;So;0;ON;<compat> 529B;;;;N;;;;;
+2F13;KANGXI RADICAL WRAP;So;0;ON;<compat> 52F9;;;;N;;;;;
+2F14;KANGXI RADICAL SPOON;So;0;ON;<compat> 5315;;;;N;;;;;
+2F15;KANGXI RADICAL RIGHT OPEN BOX;So;0;ON;<compat> 531A;;;;N;;;;;
+2F16;KANGXI RADICAL HIDING ENCLOSURE;So;0;ON;<compat> 5338;;;;N;;;;;
+2F17;KANGXI RADICAL TEN;So;0;ON;<compat> 5341;;;;N;;;;;
+2F18;KANGXI RADICAL DIVINATION;So;0;ON;<compat> 535C;;;;N;;;;;
+2F19;KANGXI RADICAL SEAL;So;0;ON;<compat> 5369;;;;N;;;;;
+2F1A;KANGXI RADICAL CLIFF;So;0;ON;<compat> 5382;;;;N;;;;;
+2F1B;KANGXI RADICAL PRIVATE;So;0;ON;<compat> 53B6;;;;N;;;;;
+2F1C;KANGXI RADICAL AGAIN;So;0;ON;<compat> 53C8;;;;N;;;;;
+2F1D;KANGXI RADICAL MOUTH;So;0;ON;<compat> 53E3;;;;N;;;;;
+2F1E;KANGXI RADICAL ENCLOSURE;So;0;ON;<compat> 56D7;;;;N;;;;;
+2F1F;KANGXI RADICAL EARTH;So;0;ON;<compat> 571F;;;;N;;;;;
+2F20;KANGXI RADICAL SCHOLAR;So;0;ON;<compat> 58EB;;;;N;;;;;
+2F21;KANGXI RADICAL GO;So;0;ON;<compat> 5902;;;;N;;;;;
+2F22;KANGXI RADICAL GO SLOWLY;So;0;ON;<compat> 590A;;;;N;;;;;
+2F23;KANGXI RADICAL EVENING;So;0;ON;<compat> 5915;;;;N;;;;;
+2F24;KANGXI RADICAL BIG;So;0;ON;<compat> 5927;;;;N;;;;;
+2F25;KANGXI RADICAL WOMAN;So;0;ON;<compat> 5973;;;;N;;;;;
+2F26;KANGXI RADICAL CHILD;So;0;ON;<compat> 5B50;;;;N;;;;;
+2F27;KANGXI RADICAL ROOF;So;0;ON;<compat> 5B80;;;;N;;;;;
+2F28;KANGXI RADICAL INCH;So;0;ON;<compat> 5BF8;;;;N;;;;;
+2F29;KANGXI RADICAL SMALL;So;0;ON;<compat> 5C0F;;;;N;;;;;
+2F2A;KANGXI RADICAL LAME;So;0;ON;<compat> 5C22;;;;N;;;;;
+2F2B;KANGXI RADICAL CORPSE;So;0;ON;<compat> 5C38;;;;N;;;;;
+2F2C;KANGXI RADICAL SPROUT;So;0;ON;<compat> 5C6E;;;;N;;;;;
+2F2D;KANGXI RADICAL MOUNTAIN;So;0;ON;<compat> 5C71;;;;N;;;;;
+2F2E;KANGXI RADICAL RIVER;So;0;ON;<compat> 5DDB;;;;N;;;;;
+2F2F;KANGXI RADICAL WORK;So;0;ON;<compat> 5DE5;;;;N;;;;;
+2F30;KANGXI RADICAL ONESELF;So;0;ON;<compat> 5DF1;;;;N;;;;;
+2F31;KANGXI RADICAL TURBAN;So;0;ON;<compat> 5DFE;;;;N;;;;;
+2F32;KANGXI RADICAL DRY;So;0;ON;<compat> 5E72;;;;N;;;;;
+2F33;KANGXI RADICAL SHORT THREAD;So;0;ON;<compat> 5E7A;;;;N;;;;;
+2F34;KANGXI RADICAL DOTTED CLIFF;So;0;ON;<compat> 5E7F;;;;N;;;;;
+2F35;KANGXI RADICAL LONG STRIDE;So;0;ON;<compat> 5EF4;;;;N;;;;;
+2F36;KANGXI RADICAL TWO HANDS;So;0;ON;<compat> 5EFE;;;;N;;;;;
+2F37;KANGXI RADICAL SHOOT;So;0;ON;<compat> 5F0B;;;;N;;;;;
+2F38;KANGXI RADICAL BOW;So;0;ON;<compat> 5F13;;;;N;;;;;
+2F39;KANGXI RADICAL SNOUT;So;0;ON;<compat> 5F50;;;;N;;;;;
+2F3A;KANGXI RADICAL BRISTLE;So;0;ON;<compat> 5F61;;;;N;;;;;
+2F3B;KANGXI RADICAL STEP;So;0;ON;<compat> 5F73;;;;N;;;;;
+2F3C;KANGXI RADICAL HEART;So;0;ON;<compat> 5FC3;;;;N;;;;;
+2F3D;KANGXI RADICAL HALBERD;So;0;ON;<compat> 6208;;;;N;;;;;
+2F3E;KANGXI RADICAL DOOR;So;0;ON;<compat> 6236;;;;N;;;;;
+2F3F;KANGXI RADICAL HAND;So;0;ON;<compat> 624B;;;;N;;;;;
+2F40;KANGXI RADICAL BRANCH;So;0;ON;<compat> 652F;;;;N;;;;;
+2F41;KANGXI RADICAL RAP;So;0;ON;<compat> 6534;;;;N;;;;;
+2F42;KANGXI RADICAL SCRIPT;So;0;ON;<compat> 6587;;;;N;;;;;
+2F43;KANGXI RADICAL DIPPER;So;0;ON;<compat> 6597;;;;N;;;;;
+2F44;KANGXI RADICAL AXE;So;0;ON;<compat> 65A4;;;;N;;;;;
+2F45;KANGXI RADICAL SQUARE;So;0;ON;<compat> 65B9;;;;N;;;;;
+2F46;KANGXI RADICAL NOT;So;0;ON;<compat> 65E0;;;;N;;;;;
+2F47;KANGXI RADICAL SUN;So;0;ON;<compat> 65E5;;;;N;;;;;
+2F48;KANGXI RADICAL SAY;So;0;ON;<compat> 66F0;;;;N;;;;;
+2F49;KANGXI RADICAL MOON;So;0;ON;<compat> 6708;;;;N;;;;;
+2F4A;KANGXI RADICAL TREE;So;0;ON;<compat> 6728;;;;N;;;;;
+2F4B;KANGXI RADICAL LACK;So;0;ON;<compat> 6B20;;;;N;;;;;
+2F4C;KANGXI RADICAL STOP;So;0;ON;<compat> 6B62;;;;N;;;;;
+2F4D;KANGXI RADICAL DEATH;So;0;ON;<compat> 6B79;;;;N;;;;;
+2F4E;KANGXI RADICAL WEAPON;So;0;ON;<compat> 6BB3;;;;N;;;;;
+2F4F;KANGXI RADICAL DO NOT;So;0;ON;<compat> 6BCB;;;;N;;;;;
+2F50;KANGXI RADICAL COMPARE;So;0;ON;<compat> 6BD4;;;;N;;;;;
+2F51;KANGXI RADICAL FUR;So;0;ON;<compat> 6BDB;;;;N;;;;;
+2F52;KANGXI RADICAL CLAN;So;0;ON;<compat> 6C0F;;;;N;;;;;
+2F53;KANGXI RADICAL STEAM;So;0;ON;<compat> 6C14;;;;N;;;;;
+2F54;KANGXI RADICAL WATER;So;0;ON;<compat> 6C34;;;;N;;;;;
+2F55;KANGXI RADICAL FIRE;So;0;ON;<compat> 706B;;;;N;;;;;
+2F56;KANGXI RADICAL CLAW;So;0;ON;<compat> 722A;;;;N;;;;;
+2F57;KANGXI RADICAL FATHER;So;0;ON;<compat> 7236;;;;N;;;;;
+2F58;KANGXI RADICAL DOUBLE X;So;0;ON;<compat> 723B;;;;N;;;;;
+2F59;KANGXI RADICAL HALF TREE TRUNK;So;0;ON;<compat> 723F;;;;N;;;;;
+2F5A;KANGXI RADICAL SLICE;So;0;ON;<compat> 7247;;;;N;;;;;
+2F5B;KANGXI RADICAL FANG;So;0;ON;<compat> 7259;;;;N;;;;;
+2F5C;KANGXI RADICAL COW;So;0;ON;<compat> 725B;;;;N;;;;;
+2F5D;KANGXI RADICAL DOG;So;0;ON;<compat> 72AC;;;;N;;;;;
+2F5E;KANGXI RADICAL PROFOUND;So;0;ON;<compat> 7384;;;;N;;;;;
+2F5F;KANGXI RADICAL JADE;So;0;ON;<compat> 7389;;;;N;;;;;
+2F60;KANGXI RADICAL MELON;So;0;ON;<compat> 74DC;;;;N;;;;;
+2F61;KANGXI RADICAL TILE;So;0;ON;<compat> 74E6;;;;N;;;;;
+2F62;KANGXI RADICAL SWEET;So;0;ON;<compat> 7518;;;;N;;;;;
+2F63;KANGXI RADICAL LIFE;So;0;ON;<compat> 751F;;;;N;;;;;
+2F64;KANGXI RADICAL USE;So;0;ON;<compat> 7528;;;;N;;;;;
+2F65;KANGXI RADICAL FIELD;So;0;ON;<compat> 7530;;;;N;;;;;
+2F66;KANGXI RADICAL BOLT OF CLOTH;So;0;ON;<compat> 758B;;;;N;;;;;
+2F67;KANGXI RADICAL SICKNESS;So;0;ON;<compat> 7592;;;;N;;;;;
+2F68;KANGXI RADICAL DOTTED TENT;So;0;ON;<compat> 7676;;;;N;;;;;
+2F69;KANGXI RADICAL WHITE;So;0;ON;<compat> 767D;;;;N;;;;;
+2F6A;KANGXI RADICAL SKIN;So;0;ON;<compat> 76AE;;;;N;;;;;
+2F6B;KANGXI RADICAL DISH;So;0;ON;<compat> 76BF;;;;N;;;;;
+2F6C;KANGXI RADICAL EYE;So;0;ON;<compat> 76EE;;;;N;;;;;
+2F6D;KANGXI RADICAL SPEAR;So;0;ON;<compat> 77DB;;;;N;;;;;
+2F6E;KANGXI RADICAL ARROW;So;0;ON;<compat> 77E2;;;;N;;;;;
+2F6F;KANGXI RADICAL STONE;So;0;ON;<compat> 77F3;;;;N;;;;;
+2F70;KANGXI RADICAL SPIRIT;So;0;ON;<compat> 793A;;;;N;;;;;
+2F71;KANGXI RADICAL TRACK;So;0;ON;<compat> 79B8;;;;N;;;;;
+2F72;KANGXI RADICAL GRAIN;So;0;ON;<compat> 79BE;;;;N;;;;;
+2F73;KANGXI RADICAL CAVE;So;0;ON;<compat> 7A74;;;;N;;;;;
+2F74;KANGXI RADICAL STAND;So;0;ON;<compat> 7ACB;;;;N;;;;;
+2F75;KANGXI RADICAL BAMBOO;So;0;ON;<compat> 7AF9;;;;N;;;;;
+2F76;KANGXI RADICAL RICE;So;0;ON;<compat> 7C73;;;;N;;;;;
+2F77;KANGXI RADICAL SILK;So;0;ON;<compat> 7CF8;;;;N;;;;;
+2F78;KANGXI RADICAL JAR;So;0;ON;<compat> 7F36;;;;N;;;;;
+2F79;KANGXI RADICAL NET;So;0;ON;<compat> 7F51;;;;N;;;;;
+2F7A;KANGXI RADICAL SHEEP;So;0;ON;<compat> 7F8A;;;;N;;;;;
+2F7B;KANGXI RADICAL FEATHER;So;0;ON;<compat> 7FBD;;;;N;;;;;
+2F7C;KANGXI RADICAL OLD;So;0;ON;<compat> 8001;;;;N;;;;;
+2F7D;KANGXI RADICAL AND;So;0;ON;<compat> 800C;;;;N;;;;;
+2F7E;KANGXI RADICAL PLOW;So;0;ON;<compat> 8012;;;;N;;;;;
+2F7F;KANGXI RADICAL EAR;So;0;ON;<compat> 8033;;;;N;;;;;
+2F80;KANGXI RADICAL BRUSH;So;0;ON;<compat> 807F;;;;N;;;;;
+2F81;KANGXI RADICAL MEAT;So;0;ON;<compat> 8089;;;;N;;;;;
+2F82;KANGXI RADICAL MINISTER;So;0;ON;<compat> 81E3;;;;N;;;;;
+2F83;KANGXI RADICAL SELF;So;0;ON;<compat> 81EA;;;;N;;;;;
+2F84;KANGXI RADICAL ARRIVE;So;0;ON;<compat> 81F3;;;;N;;;;;
+2F85;KANGXI RADICAL MORTAR;So;0;ON;<compat> 81FC;;;;N;;;;;
+2F86;KANGXI RADICAL TONGUE;So;0;ON;<compat> 820C;;;;N;;;;;
+2F87;KANGXI RADICAL OPPOSE;So;0;ON;<compat> 821B;;;;N;;;;;
+2F88;KANGXI RADICAL BOAT;So;0;ON;<compat> 821F;;;;N;;;;;
+2F89;KANGXI RADICAL STOPPING;So;0;ON;<compat> 826E;;;;N;;;;;
+2F8A;KANGXI RADICAL COLOR;So;0;ON;<compat> 8272;;;;N;;;;;
+2F8B;KANGXI RADICAL GRASS;So;0;ON;<compat> 8278;;;;N;;;;;
+2F8C;KANGXI RADICAL TIGER;So;0;ON;<compat> 864D;;;;N;;;;;
+2F8D;KANGXI RADICAL INSECT;So;0;ON;<compat> 866B;;;;N;;;;;
+2F8E;KANGXI RADICAL BLOOD;So;0;ON;<compat> 8840;;;;N;;;;;
+2F8F;KANGXI RADICAL WALK ENCLOSURE;So;0;ON;<compat> 884C;;;;N;;;;;
+2F90;KANGXI RADICAL CLOTHES;So;0;ON;<compat> 8863;;;;N;;;;;
+2F91;KANGXI RADICAL WEST;So;0;ON;<compat> 897E;;;;N;;;;;
+2F92;KANGXI RADICAL SEE;So;0;ON;<compat> 898B;;;;N;;;;;
+2F93;KANGXI RADICAL HORN;So;0;ON;<compat> 89D2;;;;N;;;;;
+2F94;KANGXI RADICAL SPEECH;So;0;ON;<compat> 8A00;;;;N;;;;;
+2F95;KANGXI RADICAL VALLEY;So;0;ON;<compat> 8C37;;;;N;;;;;
+2F96;KANGXI RADICAL BEAN;So;0;ON;<compat> 8C46;;;;N;;;;;
+2F97;KANGXI RADICAL PIG;So;0;ON;<compat> 8C55;;;;N;;;;;
+2F98;KANGXI RADICAL BADGER;So;0;ON;<compat> 8C78;;;;N;;;;;
+2F99;KANGXI RADICAL SHELL;So;0;ON;<compat> 8C9D;;;;N;;;;;
+2F9A;KANGXI RADICAL RED;So;0;ON;<compat> 8D64;;;;N;;;;;
+2F9B;KANGXI RADICAL RUN;So;0;ON;<compat> 8D70;;;;N;;;;;
+2F9C;KANGXI RADICAL FOOT;So;0;ON;<compat> 8DB3;;;;N;;;;;
+2F9D;KANGXI RADICAL BODY;So;0;ON;<compat> 8EAB;;;;N;;;;;
+2F9E;KANGXI RADICAL CART;So;0;ON;<compat> 8ECA;;;;N;;;;;
+2F9F;KANGXI RADICAL BITTER;So;0;ON;<compat> 8F9B;;;;N;;;;;
+2FA0;KANGXI RADICAL MORNING;So;0;ON;<compat> 8FB0;;;;N;;;;;
+2FA1;KANGXI RADICAL WALK;So;0;ON;<compat> 8FB5;;;;N;;;;;
+2FA2;KANGXI RADICAL CITY;So;0;ON;<compat> 9091;;;;N;;;;;
+2FA3;KANGXI RADICAL WINE;So;0;ON;<compat> 9149;;;;N;;;;;
+2FA4;KANGXI RADICAL DISTINGUISH;So;0;ON;<compat> 91C6;;;;N;;;;;
+2FA5;KANGXI RADICAL VILLAGE;So;0;ON;<compat> 91CC;;;;N;;;;;
+2FA6;KANGXI RADICAL GOLD;So;0;ON;<compat> 91D1;;;;N;;;;;
+2FA7;KANGXI RADICAL LONG;So;0;ON;<compat> 9577;;;;N;;;;;
+2FA8;KANGXI RADICAL GATE;So;0;ON;<compat> 9580;;;;N;;;;;
+2FA9;KANGXI RADICAL MOUND;So;0;ON;<compat> 961C;;;;N;;;;;
+2FAA;KANGXI RADICAL SLAVE;So;0;ON;<compat> 96B6;;;;N;;;;;
+2FAB;KANGXI RADICAL SHORT TAILED BIRD;So;0;ON;<compat> 96B9;;;;N;;;;;
+2FAC;KANGXI RADICAL RAIN;So;0;ON;<compat> 96E8;;;;N;;;;;
+2FAD;KANGXI RADICAL BLUE;So;0;ON;<compat> 9751;;;;N;;;;;
+2FAE;KANGXI RADICAL WRONG;So;0;ON;<compat> 975E;;;;N;;;;;
+2FAF;KANGXI RADICAL FACE;So;0;ON;<compat> 9762;;;;N;;;;;
+2FB0;KANGXI RADICAL LEATHER;So;0;ON;<compat> 9769;;;;N;;;;;
+2FB1;KANGXI RADICAL TANNED LEATHER;So;0;ON;<compat> 97CB;;;;N;;;;;
+2FB2;KANGXI RADICAL LEEK;So;0;ON;<compat> 97ED;;;;N;;;;;
+2FB3;KANGXI RADICAL SOUND;So;0;ON;<compat> 97F3;;;;N;;;;;
+2FB4;KANGXI RADICAL LEAF;So;0;ON;<compat> 9801;;;;N;;;;;
+2FB5;KANGXI RADICAL WIND;So;0;ON;<compat> 98A8;;;;N;;;;;
+2FB6;KANGXI RADICAL FLY;So;0;ON;<compat> 98DB;;;;N;;;;;
+2FB7;KANGXI RADICAL EAT;So;0;ON;<compat> 98DF;;;;N;;;;;
+2FB8;KANGXI RADICAL HEAD;So;0;ON;<compat> 9996;;;;N;;;;;
+2FB9;KANGXI RADICAL FRAGRANT;So;0;ON;<compat> 9999;;;;N;;;;;
+2FBA;KANGXI RADICAL HORSE;So;0;ON;<compat> 99AC;;;;N;;;;;
+2FBB;KANGXI RADICAL BONE;So;0;ON;<compat> 9AA8;;;;N;;;;;
+2FBC;KANGXI RADICAL TALL;So;0;ON;<compat> 9AD8;;;;N;;;;;
+2FBD;KANGXI RADICAL HAIR;So;0;ON;<compat> 9ADF;;;;N;;;;;
+2FBE;KANGXI RADICAL FIGHT;So;0;ON;<compat> 9B25;;;;N;;;;;
+2FBF;KANGXI RADICAL SACRIFICIAL WINE;So;0;ON;<compat> 9B2F;;;;N;;;;;
+2FC0;KANGXI RADICAL CAULDRON;So;0;ON;<compat> 9B32;;;;N;;;;;
+2FC1;KANGXI RADICAL GHOST;So;0;ON;<compat> 9B3C;;;;N;;;;;
+2FC2;KANGXI RADICAL FISH;So;0;ON;<compat> 9B5A;;;;N;;;;;
+2FC3;KANGXI RADICAL BIRD;So;0;ON;<compat> 9CE5;;;;N;;;;;
+2FC4;KANGXI RADICAL SALT;So;0;ON;<compat> 9E75;;;;N;;;;;
+2FC5;KANGXI RADICAL DEER;So;0;ON;<compat> 9E7F;;;;N;;;;;
+2FC6;KANGXI RADICAL WHEAT;So;0;ON;<compat> 9EA5;;;;N;;;;;
+2FC7;KANGXI RADICAL HEMP;So;0;ON;<compat> 9EBB;;;;N;;;;;
+2FC8;KANGXI RADICAL YELLOW;So;0;ON;<compat> 9EC3;;;;N;;;;;
+2FC9;KANGXI RADICAL MILLET;So;0;ON;<compat> 9ECD;;;;N;;;;;
+2FCA;KANGXI RADICAL BLACK;So;0;ON;<compat> 9ED1;;;;N;;;;;
+2FCB;KANGXI RADICAL EMBROIDERY;So;0;ON;<compat> 9EF9;;;;N;;;;;
+2FCC;KANGXI RADICAL FROG;So;0;ON;<compat> 9EFD;;;;N;;;;;
+2FCD;KANGXI RADICAL TRIPOD;So;0;ON;<compat> 9F0E;;;;N;;;;;
+2FCE;KANGXI RADICAL DRUM;So;0;ON;<compat> 9F13;;;;N;;;;;
+2FCF;KANGXI RADICAL RAT;So;0;ON;<compat> 9F20;;;;N;;;;;
+2FD0;KANGXI RADICAL NOSE;So;0;ON;<compat> 9F3B;;;;N;;;;;
+2FD1;KANGXI RADICAL EVEN;So;0;ON;<compat> 9F4A;;;;N;;;;;
+2FD2;KANGXI RADICAL TOOTH;So;0;ON;<compat> 9F52;;;;N;;;;;
+2FD3;KANGXI RADICAL DRAGON;So;0;ON;<compat> 9F8D;;;;N;;;;;
+2FD4;KANGXI RADICAL TURTLE;So;0;ON;<compat> 9F9C;;;;N;;;;;
+2FD5;KANGXI RADICAL FLUTE;So;0;ON;<compat> 9FA0;;;;N;;;;;
+2FF0;IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO RIGHT;So;0;ON;;;;;N;;;;;
+2FF1;IDEOGRAPHIC DESCRIPTION CHARACTER ABOVE TO BELOW;So;0;ON;;;;;N;;;;;
+2FF2;IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO MIDDLE AND RIGHT;So;0;ON;;;;;N;;;;;
+2FF3;IDEOGRAPHIC DESCRIPTION CHARACTER ABOVE TO MIDDLE AND BELOW;So;0;ON;;;;;N;;;;;
+2FF4;IDEOGRAPHIC DESCRIPTION CHARACTER FULL SURROUND;So;0;ON;;;;;N;;;;;
+2FF5;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM ABOVE;So;0;ON;;;;;N;;;;;
+2FF6;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM BELOW;So;0;ON;;;;;N;;;;;
+2FF7;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM LEFT;So;0;ON;;;;;N;;;;;
+2FF8;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM UPPER LEFT;So;0;ON;;;;;N;;;;;
+2FF9;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM UPPER RIGHT;So;0;ON;;;;;N;;;;;
+2FFA;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM LOWER LEFT;So;0;ON;;;;;N;;;;;
+2FFB;IDEOGRAPHIC DESCRIPTION CHARACTER OVERLAID;So;0;ON;;;;;N;;;;;
+3000;IDEOGRAPHIC SPACE;Zs;0;WS;<wide> 0020;;;;N;;;;;
+3001;IDEOGRAPHIC COMMA;Po;0;ON;;;;;N;;;;;
+3002;IDEOGRAPHIC FULL STOP;Po;0;ON;;;;;N;IDEOGRAPHIC PERIOD;;;;
+3003;DITTO MARK;Po;0;ON;;;;;N;;;;;
+3004;JAPANESE INDUSTRIAL STANDARD SYMBOL;So;0;ON;;;;;N;;;;;
+3005;IDEOGRAPHIC ITERATION MARK;Lm;0;L;;;;;N;;;;;
+3006;IDEOGRAPHIC CLOSING MARK;Lo;0;L;;;;;N;;;;;
+3007;IDEOGRAPHIC NUMBER ZERO;Nl;0;L;;;;0;N;;;;;
+3008;LEFT ANGLE BRACKET;Ps;0;ON;;;;;Y;OPENING ANGLE BRACKET;;;;
+3009;RIGHT ANGLE BRACKET;Pe;0;ON;;;;;Y;CLOSING ANGLE BRACKET;;;;
+300A;LEFT DOUBLE ANGLE BRACKET;Ps;0;ON;;;;;Y;OPENING DOUBLE ANGLE BRACKET;;;;
+300B;RIGHT DOUBLE ANGLE BRACKET;Pe;0;ON;;;;;Y;CLOSING DOUBLE ANGLE BRACKET;;;;
+300C;LEFT CORNER BRACKET;Ps;0;ON;;;;;Y;OPENING CORNER BRACKET;;;;
+300D;RIGHT CORNER BRACKET;Pe;0;ON;;;;;Y;CLOSING CORNER BRACKET;;;;
+300E;LEFT WHITE CORNER BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE CORNER BRACKET;;;;
+300F;RIGHT WHITE CORNER BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE CORNER BRACKET;;;;
+3010;LEFT BLACK LENTICULAR BRACKET;Ps;0;ON;;;;;Y;OPENING BLACK LENTICULAR BRACKET;;;;
+3011;RIGHT BLACK LENTICULAR BRACKET;Pe;0;ON;;;;;Y;CLOSING BLACK LENTICULAR BRACKET;;;;
+3012;POSTAL MARK;So;0;ON;;;;;N;;;;;
+3013;GETA MARK;So;0;ON;;;;;N;;;;;
+3014;LEFT TORTOISE SHELL BRACKET;Ps;0;ON;;;;;Y;OPENING TORTOISE SHELL BRACKET;;;;
+3015;RIGHT TORTOISE SHELL BRACKET;Pe;0;ON;;;;;Y;CLOSING TORTOISE SHELL BRACKET;;;;
+3016;LEFT WHITE LENTICULAR BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE LENTICULAR BRACKET;;;;
+3017;RIGHT WHITE LENTICULAR BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE LENTICULAR BRACKET;;;;
+3018;LEFT WHITE TORTOISE SHELL BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE TORTOISE SHELL BRACKET;;;;
+3019;RIGHT WHITE TORTOISE SHELL BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE TORTOISE SHELL BRACKET;;;;
+301A;LEFT WHITE SQUARE BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE SQUARE BRACKET;;;;
+301B;RIGHT WHITE SQUARE BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE SQUARE BRACKET;;;;
+301C;WAVE DASH;Pd;0;ON;;;;;N;;;;;
+301D;REVERSED DOUBLE PRIME QUOTATION MARK;Ps;0;ON;;;;;N;;;;;
+301E;DOUBLE PRIME QUOTATION MARK;Pe;0;ON;;;;;N;;;;;
+301F;LOW DOUBLE PRIME QUOTATION MARK;Pe;0;ON;;;;;N;;;;;
+3020;POSTAL MARK FACE;So;0;ON;;;;;N;;;;;
+3021;HANGZHOU NUMERAL ONE;Nl;0;L;;;;1;N;;;;;
+3022;HANGZHOU NUMERAL TWO;Nl;0;L;;;;2;N;;;;;
+3023;HANGZHOU NUMERAL THREE;Nl;0;L;;;;3;N;;;;;
+3024;HANGZHOU NUMERAL FOUR;Nl;0;L;;;;4;N;;;;;
+3025;HANGZHOU NUMERAL FIVE;Nl;0;L;;;;5;N;;;;;
+3026;HANGZHOU NUMERAL SIX;Nl;0;L;;;;6;N;;;;;
+3027;HANGZHOU NUMERAL SEVEN;Nl;0;L;;;;7;N;;;;;
+3028;HANGZHOU NUMERAL EIGHT;Nl;0;L;;;;8;N;;;;;
+3029;HANGZHOU NUMERAL NINE;Nl;0;L;;;;9;N;;;;;
+302A;IDEOGRAPHIC LEVEL TONE MARK;Mn;218;NSM;;;;;N;;;;;
+302B;IDEOGRAPHIC RISING TONE MARK;Mn;228;NSM;;;;;N;;;;;
+302C;IDEOGRAPHIC DEPARTING TONE MARK;Mn;232;NSM;;;;;N;;;;;
+302D;IDEOGRAPHIC ENTERING TONE MARK;Mn;222;NSM;;;;;N;;;;;
+302E;HANGUL SINGLE DOT TONE MARK;Mn;224;NSM;;;;;N;;;;;
+302F;HANGUL DOUBLE DOT TONE MARK;Mn;224;NSM;;;;;N;;;;;
+3030;WAVY DASH;Pd;0;ON;;;;;N;;;;;
+3031;VERTICAL KANA REPEAT MARK;Lm;0;L;;;;;N;;;;;
+3032;VERTICAL KANA REPEAT WITH VOICED SOUND MARK;Lm;0;L;;;;;N;;;;;
+3033;VERTICAL KANA REPEAT MARK UPPER HALF;Lm;0;L;;;;;N;;;;;
+3034;VERTICAL KANA REPEAT WITH VOICED SOUND MARK UPPER HALF;Lm;0;L;;;;;N;;;;;
+3035;VERTICAL KANA REPEAT MARK LOWER HALF;Lm;0;L;;;;;N;;;;;
+3036;CIRCLED POSTAL MARK;So;0;ON;<compat> 3012;;;;N;;;;;
+3037;IDEOGRAPHIC TELEGRAPH LINE FEED SEPARATOR SYMBOL;So;0;ON;;;;;N;;;;;
+3038;HANGZHOU NUMERAL TEN;Nl;0;L;<compat> 5341;;;10;N;;;;;
+3039;HANGZHOU NUMERAL TWENTY;Nl;0;L;<compat> 5344;;;20;N;;;;;
+303A;HANGZHOU NUMERAL THIRTY;Nl;0;L;<compat> 5345;;;30;N;;;;;
+303B;VERTICAL IDEOGRAPHIC ITERATION MARK;Lm;0;L;;;;;N;;;;;
+303C;MASU MARK;Lo;0;L;;;;;N;;;;;
+303D;PART ALTERNATION MARK;Po;0;ON;;;;;N;;;;;
+303E;IDEOGRAPHIC VARIATION INDICATOR;So;0;ON;;;;;N;;;;;
+303F;IDEOGRAPHIC HALF FILL SPACE;So;0;ON;;;;;N;;;;;
+3041;HIRAGANA LETTER SMALL A;Lo;0;L;;;;;N;;;;;
+3042;HIRAGANA LETTER A;Lo;0;L;;;;;N;;;;;
+3043;HIRAGANA LETTER SMALL I;Lo;0;L;;;;;N;;;;;
+3044;HIRAGANA LETTER I;Lo;0;L;;;;;N;;;;;
+3045;HIRAGANA LETTER SMALL U;Lo;0;L;;;;;N;;;;;
+3046;HIRAGANA LETTER U;Lo;0;L;;;;;N;;;;;
+3047;HIRAGANA LETTER SMALL E;Lo;0;L;;;;;N;;;;;
+3048;HIRAGANA LETTER E;Lo;0;L;;;;;N;;;;;
+3049;HIRAGANA LETTER SMALL O;Lo;0;L;;;;;N;;;;;
+304A;HIRAGANA LETTER O;Lo;0;L;;;;;N;;;;;
+304B;HIRAGANA LETTER KA;Lo;0;L;;;;;N;;;;;
+304C;HIRAGANA LETTER GA;Lo;0;L;304B 3099;;;;N;;;;;
+304D;HIRAGANA LETTER KI;Lo;0;L;;;;;N;;;;;
+304E;HIRAGANA LETTER GI;Lo;0;L;304D 3099;;;;N;;;;;
+304F;HIRAGANA LETTER KU;Lo;0;L;;;;;N;;;;;
+3050;HIRAGANA LETTER GU;Lo;0;L;304F 3099;;;;N;;;;;
+3051;HIRAGANA LETTER KE;Lo;0;L;;;;;N;;;;;
+3052;HIRAGANA LETTER GE;Lo;0;L;3051 3099;;;;N;;;;;
+3053;HIRAGANA LETTER KO;Lo;0;L;;;;;N;;;;;
+3054;HIRAGANA LETTER GO;Lo;0;L;3053 3099;;;;N;;;;;
+3055;HIRAGANA LETTER SA;Lo;0;L;;;;;N;;;;;
+3056;HIRAGANA LETTER ZA;Lo;0;L;3055 3099;;;;N;;;;;
+3057;HIRAGANA LETTER SI;Lo;0;L;;;;;N;;;;;
+3058;HIRAGANA LETTER ZI;Lo;0;L;3057 3099;;;;N;;;;;
+3059;HIRAGANA LETTER SU;Lo;0;L;;;;;N;;;;;
+305A;HIRAGANA LETTER ZU;Lo;0;L;3059 3099;;;;N;;;;;
+305B;HIRAGANA LETTER SE;Lo;0;L;;;;;N;;;;;
+305C;HIRAGANA LETTER ZE;Lo;0;L;305B 3099;;;;N;;;;;
+305D;HIRAGANA LETTER SO;Lo;0;L;;;;;N;;;;;
+305E;HIRAGANA LETTER ZO;Lo;0;L;305D 3099;;;;N;;;;;
+305F;HIRAGANA LETTER TA;Lo;0;L;;;;;N;;;;;
+3060;HIRAGANA LETTER DA;Lo;0;L;305F 3099;;;;N;;;;;
+3061;HIRAGANA LETTER TI;Lo;0;L;;;;;N;;;;;
+3062;HIRAGANA LETTER DI;Lo;0;L;3061 3099;;;;N;;;;;
+3063;HIRAGANA LETTER SMALL TU;Lo;0;L;;;;;N;;;;;
+3064;HIRAGANA LETTER TU;Lo;0;L;;;;;N;;;;;
+3065;HIRAGANA LETTER DU;Lo;0;L;3064 3099;;;;N;;;;;
+3066;HIRAGANA LETTER TE;Lo;0;L;;;;;N;;;;;
+3067;HIRAGANA LETTER DE;Lo;0;L;3066 3099;;;;N;;;;;
+3068;HIRAGANA LETTER TO;Lo;0;L;;;;;N;;;;;
+3069;HIRAGANA LETTER DO;Lo;0;L;3068 3099;;;;N;;;;;
+306A;HIRAGANA LETTER NA;Lo;0;L;;;;;N;;;;;
+306B;HIRAGANA LETTER NI;Lo;0;L;;;;;N;;;;;
+306C;HIRAGANA LETTER NU;Lo;0;L;;;;;N;;;;;
+306D;HIRAGANA LETTER NE;Lo;0;L;;;;;N;;;;;
+306E;HIRAGANA LETTER NO;Lo;0;L;;;;;N;;;;;
+306F;HIRAGANA LETTER HA;Lo;0;L;;;;;N;;;;;
+3070;HIRAGANA LETTER BA;Lo;0;L;306F 3099;;;;N;;;;;
+3071;HIRAGANA LETTER PA;Lo;0;L;306F 309A;;;;N;;;;;
+3072;HIRAGANA LETTER HI;Lo;0;L;;;;;N;;;;;
+3073;HIRAGANA LETTER BI;Lo;0;L;3072 3099;;;;N;;;;;
+3074;HIRAGANA LETTER PI;Lo;0;L;3072 309A;;;;N;;;;;
+3075;HIRAGANA LETTER HU;Lo;0;L;;;;;N;;;;;
+3076;HIRAGANA LETTER BU;Lo;0;L;3075 3099;;;;N;;;;;
+3077;HIRAGANA LETTER PU;Lo;0;L;3075 309A;;;;N;;;;;
+3078;HIRAGANA LETTER HE;Lo;0;L;;;;;N;;;;;
+3079;HIRAGANA LETTER BE;Lo;0;L;3078 3099;;;;N;;;;;
+307A;HIRAGANA LETTER PE;Lo;0;L;3078 309A;;;;N;;;;;
+307B;HIRAGANA LETTER HO;Lo;0;L;;;;;N;;;;;
+307C;HIRAGANA LETTER BO;Lo;0;L;307B 3099;;;;N;;;;;
+307D;HIRAGANA LETTER PO;Lo;0;L;307B 309A;;;;N;;;;;
+307E;HIRAGANA LETTER MA;Lo;0;L;;;;;N;;;;;
+307F;HIRAGANA LETTER MI;Lo;0;L;;;;;N;;;;;
+3080;HIRAGANA LETTER MU;Lo;0;L;;;;;N;;;;;
+3081;HIRAGANA LETTER ME;Lo;0;L;;;;;N;;;;;
+3082;HIRAGANA LETTER MO;Lo;0;L;;;;;N;;;;;
+3083;HIRAGANA LETTER SMALL YA;Lo;0;L;;;;;N;;;;;
+3084;HIRAGANA LETTER YA;Lo;0;L;;;;;N;;;;;
+3085;HIRAGANA LETTER SMALL YU;Lo;0;L;;;;;N;;;;;
+3086;HIRAGANA LETTER YU;Lo;0;L;;;;;N;;;;;
+3087;HIRAGANA LETTER SMALL YO;Lo;0;L;;;;;N;;;;;
+3088;HIRAGANA LETTER YO;Lo;0;L;;;;;N;;;;;
+3089;HIRAGANA LETTER RA;Lo;0;L;;;;;N;;;;;
+308A;HIRAGANA LETTER RI;Lo;0;L;;;;;N;;;;;
+308B;HIRAGANA LETTER RU;Lo;0;L;;;;;N;;;;;
+308C;HIRAGANA LETTER RE;Lo;0;L;;;;;N;;;;;
+308D;HIRAGANA LETTER RO;Lo;0;L;;;;;N;;;;;
+308E;HIRAGANA LETTER SMALL WA;Lo;0;L;;;;;N;;;;;
+308F;HIRAGANA LETTER WA;Lo;0;L;;;;;N;;;;;
+3090;HIRAGANA LETTER WI;Lo;0;L;;;;;N;;;;;
+3091;HIRAGANA LETTER WE;Lo;0;L;;;;;N;;;;;
+3092;HIRAGANA LETTER WO;Lo;0;L;;;;;N;;;;;
+3093;HIRAGANA LETTER N;Lo;0;L;;;;;N;;;;;
+3094;HIRAGANA LETTER VU;Lo;0;L;3046 3099;;;;N;;;;;
+3095;HIRAGANA LETTER SMALL KA;Lo;0;L;;;;;N;;;;;
+3096;HIRAGANA LETTER SMALL KE;Lo;0;L;;;;;N;;;;;
+3099;COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK;Mn;8;NSM;;;;;N;NON-SPACING KATAKANA-HIRAGANA VOICED SOUND MARK;;;;
+309A;COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK;Mn;8;NSM;;;;;N;NON-SPACING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK;;;;
+309B;KATAKANA-HIRAGANA VOICED SOUND MARK;Sk;0;ON;<compat> 0020 3099;;;;N;;;;;
+309C;KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK;Sk;0;ON;<compat> 0020 309A;;;;N;;;;;
+309D;HIRAGANA ITERATION MARK;Lm;0;L;;;;;N;;;;;
+309E;HIRAGANA VOICED ITERATION MARK;Lm;0;L;309D 3099;;;;N;;;;;
+309F;HIRAGANA DIGRAPH YORI;Lo;0;L;<vertical> 3088 308A;;;;N;;;;;
+30A0;KATAKANA-HIRAGANA DOUBLE HYPHEN;Pd;0;ON;;;;;N;;;;;
+30A1;KATAKANA LETTER SMALL A;Lo;0;L;;;;;N;;;;;
+30A2;KATAKANA LETTER A;Lo;0;L;;;;;N;;;;;
+30A3;KATAKANA LETTER SMALL I;Lo;0;L;;;;;N;;;;;
+30A4;KATAKANA LETTER I;Lo;0;L;;;;;N;;;;;
+30A5;KATAKANA LETTER SMALL U;Lo;0;L;;;;;N;;;;;
+30A6;KATAKANA LETTER U;Lo;0;L;;;;;N;;;;;
+30A7;KATAKANA LETTER SMALL E;Lo;0;L;;;;;N;;;;;
+30A8;KATAKANA LETTER E;Lo;0;L;;;;;N;;;;;
+30A9;KATAKANA LETTER SMALL O;Lo;0;L;;;;;N;;;;;
+30AA;KATAKANA LETTER O;Lo;0;L;;;;;N;;;;;
+30AB;KATAKANA LETTER KA;Lo;0;L;;;;;N;;;;;
+30AC;KATAKANA LETTER GA;Lo;0;L;30AB 3099;;;;N;;;;;
+30AD;KATAKANA LETTER KI;Lo;0;L;;;;;N;;;;;
+30AE;KATAKANA LETTER GI;Lo;0;L;30AD 3099;;;;N;;;;;
+30AF;KATAKANA LETTER KU;Lo;0;L;;;;;N;;;;;
+30B0;KATAKANA LETTER GU;Lo;0;L;30AF 3099;;;;N;;;;;
+30B1;KATAKANA LETTER KE;Lo;0;L;;;;;N;;;;;
+30B2;KATAKANA LETTER GE;Lo;0;L;30B1 3099;;;;N;;;;;
+30B3;KATAKANA LETTER KO;Lo;0;L;;;;;N;;;;;
+30B4;KATAKANA LETTER GO;Lo;0;L;30B3 3099;;;;N;;;;;
+30B5;KATAKANA LETTER SA;Lo;0;L;;;;;N;;;;;
+30B6;KATAKANA LETTER ZA;Lo;0;L;30B5 3099;;;;N;;;;;
+30B7;KATAKANA LETTER SI;Lo;0;L;;;;;N;;;;;
+30B8;KATAKANA LETTER ZI;Lo;0;L;30B7 3099;;;;N;;;;;
+30B9;KATAKANA LETTER SU;Lo;0;L;;;;;N;;;;;
+30BA;KATAKANA LETTER ZU;Lo;0;L;30B9 3099;;;;N;;;;;
+30BB;KATAKANA LETTER SE;Lo;0;L;;;;;N;;;;;
+30BC;KATAKANA LETTER ZE;Lo;0;L;30BB 3099;;;;N;;;;;
+30BD;KATAKANA LETTER SO;Lo;0;L;;;;;N;;;;;
+30BE;KATAKANA LETTER ZO;Lo;0;L;30BD 3099;;;;N;;;;;
+30BF;KATAKANA LETTER TA;Lo;0;L;;;;;N;;;;;
+30C0;KATAKANA LETTER DA;Lo;0;L;30BF 3099;;;;N;;;;;
+30C1;KATAKANA LETTER TI;Lo;0;L;;;;;N;;;;;
+30C2;KATAKANA LETTER DI;Lo;0;L;30C1 3099;;;;N;;;;;
+30C3;KATAKANA LETTER SMALL TU;Lo;0;L;;;;;N;;;;;
+30C4;KATAKANA LETTER TU;Lo;0;L;;;;;N;;;;;
+30C5;KATAKANA LETTER DU;Lo;0;L;30C4 3099;;;;N;;;;;
+30C6;KATAKANA LETTER TE;Lo;0;L;;;;;N;;;;;
+30C7;KATAKANA LETTER DE;Lo;0;L;30C6 3099;;;;N;;;;;
+30C8;KATAKANA LETTER TO;Lo;0;L;;;;;N;;;;;
+30C9;KATAKANA LETTER DO;Lo;0;L;30C8 3099;;;;N;;;;;
+30CA;KATAKANA LETTER NA;Lo;0;L;;;;;N;;;;;
+30CB;KATAKANA LETTER NI;Lo;0;L;;;;;N;;;;;
+30CC;KATAKANA LETTER NU;Lo;0;L;;;;;N;;;;;
+30CD;KATAKANA LETTER NE;Lo;0;L;;;;;N;;;;;
+30CE;KATAKANA LETTER NO;Lo;0;L;;;;;N;;;;;
+30CF;KATAKANA LETTER HA;Lo;0;L;;;;;N;;;;;
+30D0;KATAKANA LETTER BA;Lo;0;L;30CF 3099;;;;N;;;;;
+30D1;KATAKANA LETTER PA;Lo;0;L;30CF 309A;;;;N;;;;;
+30D2;KATAKANA LETTER HI;Lo;0;L;;;;;N;;;;;
+30D3;KATAKANA LETTER BI;Lo;0;L;30D2 3099;;;;N;;;;;
+30D4;KATAKANA LETTER PI;Lo;0;L;30D2 309A;;;;N;;;;;
+30D5;KATAKANA LETTER HU;Lo;0;L;;;;;N;;;;;
+30D6;KATAKANA LETTER BU;Lo;0;L;30D5 3099;;;;N;;;;;
+30D7;KATAKANA LETTER PU;Lo;0;L;30D5 309A;;;;N;;;;;
+30D8;KATAKANA LETTER HE;Lo;0;L;;;;;N;;;;;
+30D9;KATAKANA LETTER BE;Lo;0;L;30D8 3099;;;;N;;;;;
+30DA;KATAKANA LETTER PE;Lo;0;L;30D8 309A;;;;N;;;;;
+30DB;KATAKANA LETTER HO;Lo;0;L;;;;;N;;;;;
+30DC;KATAKANA LETTER BO;Lo;0;L;30DB 3099;;;;N;;;;;
+30DD;KATAKANA LETTER PO;Lo;0;L;30DB 309A;;;;N;;;;;
+30DE;KATAKANA LETTER MA;Lo;0;L;;;;;N;;;;;
+30DF;KATAKANA LETTER MI;Lo;0;L;;;;;N;;;;;
+30E0;KATAKANA LETTER MU;Lo;0;L;;;;;N;;;;;
+30E1;KATAKANA LETTER ME;Lo;0;L;;;;;N;;;;;
+30E2;KATAKANA LETTER MO;Lo;0;L;;;;;N;;;;;
+30E3;KATAKANA LETTER SMALL YA;Lo;0;L;;;;;N;;;;;
+30E4;KATAKANA LETTER YA;Lo;0;L;;;;;N;;;;;
+30E5;KATAKANA LETTER SMALL YU;Lo;0;L;;;;;N;;;;;
+30E6;KATAKANA LETTER YU;Lo;0;L;;;;;N;;;;;
+30E7;KATAKANA LETTER SMALL YO;Lo;0;L;;;;;N;;;;;
+30E8;KATAKANA LETTER YO;Lo;0;L;;;;;N;;;;;
+30E9;KATAKANA LETTER RA;Lo;0;L;;;;;N;;;;;
+30EA;KATAKANA LETTER RI;Lo;0;L;;;;;N;;;;;
+30EB;KATAKANA LETTER RU;Lo;0;L;;;;;N;;;;;
+30EC;KATAKANA LETTER RE;Lo;0;L;;;;;N;;;;;
+30ED;KATAKANA LETTER RO;Lo;0;L;;;;;N;;;;;
+30EE;KATAKANA LETTER SMALL WA;Lo;0;L;;;;;N;;;;;
+30EF;KATAKANA LETTER WA;Lo;0;L;;;;;N;;;;;
+30F0;KATAKANA LETTER WI;Lo;0;L;;;;;N;;;;;
+30F1;KATAKANA LETTER WE;Lo;0;L;;;;;N;;;;;
+30F2;KATAKANA LETTER WO;Lo;0;L;;;;;N;;;;;
+30F3;KATAKANA LETTER N;Lo;0;L;;;;;N;;;;;
+30F4;KATAKANA LETTER VU;Lo;0;L;30A6 3099;;;;N;;;;;
+30F5;KATAKANA LETTER SMALL KA;Lo;0;L;;;;;N;;;;;
+30F6;KATAKANA LETTER SMALL KE;Lo;0;L;;;;;N;;;;;
+30F7;KATAKANA LETTER VA;Lo;0;L;30EF 3099;;;;N;;;;;
+30F8;KATAKANA LETTER VI;Lo;0;L;30F0 3099;;;;N;;;;;
+30F9;KATAKANA LETTER VE;Lo;0;L;30F1 3099;;;;N;;;;;
+30FA;KATAKANA LETTER VO;Lo;0;L;30F2 3099;;;;N;;;;;
+30FB;KATAKANA MIDDLE DOT;Pc;0;ON;;;;;N;;;;;
+30FC;KATAKANA-HIRAGANA PROLONGED SOUND MARK;Lm;0;L;;;;;N;;;;;
+30FD;KATAKANA ITERATION MARK;Lm;0;L;;;;;N;;;;;
+30FE;KATAKANA VOICED ITERATION MARK;Lm;0;L;30FD 3099;;;;N;;;;;
+30FF;KATAKANA DIGRAPH KOTO;Lo;0;L;<vertical> 30B3 30C8;;;;N;;;;;
+3105;BOPOMOFO LETTER B;Lo;0;L;;;;;N;;;;;
+3106;BOPOMOFO LETTER P;Lo;0;L;;;;;N;;;;;
+3107;BOPOMOFO LETTER M;Lo;0;L;;;;;N;;;;;
+3108;BOPOMOFO LETTER F;Lo;0;L;;;;;N;;;;;
+3109;BOPOMOFO LETTER D;Lo;0;L;;;;;N;;;;;
+310A;BOPOMOFO LETTER T;Lo;0;L;;;;;N;;;;;
+310B;BOPOMOFO LETTER N;Lo;0;L;;;;;N;;;;;
+310C;BOPOMOFO LETTER L;Lo;0;L;;;;;N;;;;;
+310D;BOPOMOFO LETTER G;Lo;0;L;;;;;N;;;;;
+310E;BOPOMOFO LETTER K;Lo;0;L;;;;;N;;;;;
+310F;BOPOMOFO LETTER H;Lo;0;L;;;;;N;;;;;
+3110;BOPOMOFO LETTER J;Lo;0;L;;;;;N;;;;;
+3111;BOPOMOFO LETTER Q;Lo;0;L;;;;;N;;;;;
+3112;BOPOMOFO LETTER X;Lo;0;L;;;;;N;;;;;
+3113;BOPOMOFO LETTER ZH;Lo;0;L;;;;;N;;;;;
+3114;BOPOMOFO LETTER CH;Lo;0;L;;;;;N;;;;;
+3115;BOPOMOFO LETTER SH;Lo;0;L;;;;;N;;;;;
+3116;BOPOMOFO LETTER R;Lo;0;L;;;;;N;;;;;
+3117;BOPOMOFO LETTER Z;Lo;0;L;;;;;N;;;;;
+3118;BOPOMOFO LETTER C;Lo;0;L;;;;;N;;;;;
+3119;BOPOMOFO LETTER S;Lo;0;L;;;;;N;;;;;
+311A;BOPOMOFO LETTER A;Lo;0;L;;;;;N;;;;;
+311B;BOPOMOFO LETTER O;Lo;0;L;;;;;N;;;;;
+311C;BOPOMOFO LETTER E;Lo;0;L;;;;;N;;;;;
+311D;BOPOMOFO LETTER EH;Lo;0;L;;;;;N;;;;;
+311E;BOPOMOFO LETTER AI;Lo;0;L;;;;;N;;;;;
+311F;BOPOMOFO LETTER EI;Lo;0;L;;;;;N;;;;;
+3120;BOPOMOFO LETTER AU;Lo;0;L;;;;;N;;;;;
+3121;BOPOMOFO LETTER OU;Lo;0;L;;;;;N;;;;;
+3122;BOPOMOFO LETTER AN;Lo;0;L;;;;;N;;;;;
+3123;BOPOMOFO LETTER EN;Lo;0;L;;;;;N;;;;;
+3124;BOPOMOFO LETTER ANG;Lo;0;L;;;;;N;;;;;
+3125;BOPOMOFO LETTER ENG;Lo;0;L;;;;;N;;;;;
+3126;BOPOMOFO LETTER ER;Lo;0;L;;;;;N;;;;;
+3127;BOPOMOFO LETTER I;Lo;0;L;;;;;N;;;;;
+3128;BOPOMOFO LETTER U;Lo;0;L;;;;;N;;;;;
+3129;BOPOMOFO LETTER IU;Lo;0;L;;;;;N;;;;;
+312A;BOPOMOFO LETTER V;Lo;0;L;;;;;N;;;;;
+312B;BOPOMOFO LETTER NG;Lo;0;L;;;;;N;;;;;
+312C;BOPOMOFO LETTER GN;Lo;0;L;;;;;N;;;;;
+3131;HANGUL LETTER KIYEOK;Lo;0;L;<compat> 1100;;;;N;HANGUL LETTER GIYEOG;;;;
+3132;HANGUL LETTER SSANGKIYEOK;Lo;0;L;<compat> 1101;;;;N;HANGUL LETTER SSANG GIYEOG;;;;
+3133;HANGUL LETTER KIYEOK-SIOS;Lo;0;L;<compat> 11AA;;;;N;HANGUL LETTER GIYEOG SIOS;;;;
+3134;HANGUL LETTER NIEUN;Lo;0;L;<compat> 1102;;;;N;;;;;
+3135;HANGUL LETTER NIEUN-CIEUC;Lo;0;L;<compat> 11AC;;;;N;HANGUL LETTER NIEUN JIEUJ;;;;
+3136;HANGUL LETTER NIEUN-HIEUH;Lo;0;L;<compat> 11AD;;;;N;HANGUL LETTER NIEUN HIEUH;;;;
+3137;HANGUL LETTER TIKEUT;Lo;0;L;<compat> 1103;;;;N;HANGUL LETTER DIGEUD;;;;
+3138;HANGUL LETTER SSANGTIKEUT;Lo;0;L;<compat> 1104;;;;N;HANGUL LETTER SSANG DIGEUD;;;;
+3139;HANGUL LETTER RIEUL;Lo;0;L;<compat> 1105;;;;N;HANGUL LETTER LIEUL;;;;
+313A;HANGUL LETTER RIEUL-KIYEOK;Lo;0;L;<compat> 11B0;;;;N;HANGUL LETTER LIEUL GIYEOG;;;;
+313B;HANGUL LETTER RIEUL-MIEUM;Lo;0;L;<compat> 11B1;;;;N;HANGUL LETTER LIEUL MIEUM;;;;
+313C;HANGUL LETTER RIEUL-PIEUP;Lo;0;L;<compat> 11B2;;;;N;HANGUL LETTER LIEUL BIEUB;;;;
+313D;HANGUL LETTER RIEUL-SIOS;Lo;0;L;<compat> 11B3;;;;N;HANGUL LETTER LIEUL SIOS;;;;
+313E;HANGUL LETTER RIEUL-THIEUTH;Lo;0;L;<compat> 11B4;;;;N;HANGUL LETTER LIEUL TIEUT;;;;
+313F;HANGUL LETTER RIEUL-PHIEUPH;Lo;0;L;<compat> 11B5;;;;N;HANGUL LETTER LIEUL PIEUP;;;;
+3140;HANGUL LETTER RIEUL-HIEUH;Lo;0;L;<compat> 111A;;;;N;HANGUL LETTER LIEUL HIEUH;;;;
+3141;HANGUL LETTER MIEUM;Lo;0;L;<compat> 1106;;;;N;;;;;
+3142;HANGUL LETTER PIEUP;Lo;0;L;<compat> 1107;;;;N;HANGUL LETTER BIEUB;;;;
+3143;HANGUL LETTER SSANGPIEUP;Lo;0;L;<compat> 1108;;;;N;HANGUL LETTER SSANG BIEUB;;;;
+3144;HANGUL LETTER PIEUP-SIOS;Lo;0;L;<compat> 1121;;;;N;HANGUL LETTER BIEUB SIOS;;;;
+3145;HANGUL LETTER SIOS;Lo;0;L;<compat> 1109;;;;N;;;;;
+3146;HANGUL LETTER SSANGSIOS;Lo;0;L;<compat> 110A;;;;N;HANGUL LETTER SSANG SIOS;;;;
+3147;HANGUL LETTER IEUNG;Lo;0;L;<compat> 110B;;;;N;;;;;
+3148;HANGUL LETTER CIEUC;Lo;0;L;<compat> 110C;;;;N;HANGUL LETTER JIEUJ;;;;
+3149;HANGUL LETTER SSANGCIEUC;Lo;0;L;<compat> 110D;;;;N;HANGUL LETTER SSANG JIEUJ;;;;
+314A;HANGUL LETTER CHIEUCH;Lo;0;L;<compat> 110E;;;;N;HANGUL LETTER CIEUC;;;;
+314B;HANGUL LETTER KHIEUKH;Lo;0;L;<compat> 110F;;;;N;HANGUL LETTER KIYEOK;;;;
+314C;HANGUL LETTER THIEUTH;Lo;0;L;<compat> 1110;;;;N;HANGUL LETTER TIEUT;;;;
+314D;HANGUL LETTER PHIEUPH;Lo;0;L;<compat> 1111;;;;N;HANGUL LETTER PIEUP;;;;
+314E;HANGUL LETTER HIEUH;Lo;0;L;<compat> 1112;;;;N;;;;;
+314F;HANGUL LETTER A;Lo;0;L;<compat> 1161;;;;N;;;;;
+3150;HANGUL LETTER AE;Lo;0;L;<compat> 1162;;;;N;;;;;
+3151;HANGUL LETTER YA;Lo;0;L;<compat> 1163;;;;N;;;;;
+3152;HANGUL LETTER YAE;Lo;0;L;<compat> 1164;;;;N;;;;;
+3153;HANGUL LETTER EO;Lo;0;L;<compat> 1165;;;;N;;;;;
+3154;HANGUL LETTER E;Lo;0;L;<compat> 1166;;;;N;;;;;
+3155;HANGUL LETTER YEO;Lo;0;L;<compat> 1167;;;;N;;;;;
+3156;HANGUL LETTER YE;Lo;0;L;<compat> 1168;;;;N;;;;;
+3157;HANGUL LETTER O;Lo;0;L;<compat> 1169;;;;N;;;;;
+3158;HANGUL LETTER WA;Lo;0;L;<compat> 116A;;;;N;;;;;
+3159;HANGUL LETTER WAE;Lo;0;L;<compat> 116B;;;;N;;;;;
+315A;HANGUL LETTER OE;Lo;0;L;<compat> 116C;;;;N;;;;;
+315B;HANGUL LETTER YO;Lo;0;L;<compat> 116D;;;;N;;;;;
+315C;HANGUL LETTER U;Lo;0;L;<compat> 116E;;;;N;;;;;
+315D;HANGUL LETTER WEO;Lo;0;L;<compat> 116F;;;;N;;;;;
+315E;HANGUL LETTER WE;Lo;0;L;<compat> 1170;;;;N;;;;;
+315F;HANGUL LETTER WI;Lo;0;L;<compat> 1171;;;;N;;;;;
+3160;HANGUL LETTER YU;Lo;0;L;<compat> 1172;;;;N;;;;;
+3161;HANGUL LETTER EU;Lo;0;L;<compat> 1173;;;;N;;;;;
+3162;HANGUL LETTER YI;Lo;0;L;<compat> 1174;;;;N;;;;;
+3163;HANGUL LETTER I;Lo;0;L;<compat> 1175;;;;N;;;;;
+3164;HANGUL FILLER;Lo;0;L;<compat> 1160;;;;N;HANGUL CAE OM;;;;
+3165;HANGUL LETTER SSANGNIEUN;Lo;0;L;<compat> 1114;;;;N;HANGUL LETTER SSANG NIEUN;;;;
+3166;HANGUL LETTER NIEUN-TIKEUT;Lo;0;L;<compat> 1115;;;;N;HANGUL LETTER NIEUN DIGEUD;;;;
+3167;HANGUL LETTER NIEUN-SIOS;Lo;0;L;<compat> 11C7;;;;N;HANGUL LETTER NIEUN SIOS;;;;
+3168;HANGUL LETTER NIEUN-PANSIOS;Lo;0;L;<compat> 11C8;;;;N;HANGUL LETTER NIEUN BAN CHI EUM;;;;
+3169;HANGUL LETTER RIEUL-KIYEOK-SIOS;Lo;0;L;<compat> 11CC;;;;N;HANGUL LETTER LIEUL GIYEOG SIOS;;;;
+316A;HANGUL LETTER RIEUL-TIKEUT;Lo;0;L;<compat> 11CE;;;;N;HANGUL LETTER LIEUL DIGEUD;;;;
+316B;HANGUL LETTER RIEUL-PIEUP-SIOS;Lo;0;L;<compat> 11D3;;;;N;HANGUL LETTER LIEUL BIEUB SIOS;;;;
+316C;HANGUL LETTER RIEUL-PANSIOS;Lo;0;L;<compat> 11D7;;;;N;HANGUL LETTER LIEUL BAN CHI EUM;;;;
+316D;HANGUL LETTER RIEUL-YEORINHIEUH;Lo;0;L;<compat> 11D9;;;;N;HANGUL LETTER LIEUL YEOLIN HIEUH;;;;
+316E;HANGUL LETTER MIEUM-PIEUP;Lo;0;L;<compat> 111C;;;;N;HANGUL LETTER MIEUM BIEUB;;;;
+316F;HANGUL LETTER MIEUM-SIOS;Lo;0;L;<compat> 11DD;;;;N;HANGUL LETTER MIEUM SIOS;;;;
+3170;HANGUL LETTER MIEUM-PANSIOS;Lo;0;L;<compat> 11DF;;;;N;HANGUL LETTER BIEUB BAN CHI EUM;;;;
+3171;HANGUL LETTER KAPYEOUNMIEUM;Lo;0;L;<compat> 111D;;;;N;HANGUL LETTER MIEUM SUN GYEONG EUM;;;;
+3172;HANGUL LETTER PIEUP-KIYEOK;Lo;0;L;<compat> 111E;;;;N;HANGUL LETTER BIEUB GIYEOG;;;;
+3173;HANGUL LETTER PIEUP-TIKEUT;Lo;0;L;<compat> 1120;;;;N;HANGUL LETTER BIEUB DIGEUD;;;;
+3174;HANGUL LETTER PIEUP-SIOS-KIYEOK;Lo;0;L;<compat> 1122;;;;N;HANGUL LETTER BIEUB SIOS GIYEOG;;;;
+3175;HANGUL LETTER PIEUP-SIOS-TIKEUT;Lo;0;L;<compat> 1123;;;;N;HANGUL LETTER BIEUB SIOS DIGEUD;;;;
+3176;HANGUL LETTER PIEUP-CIEUC;Lo;0;L;<compat> 1127;;;;N;HANGUL LETTER BIEUB JIEUJ;;;;
+3177;HANGUL LETTER PIEUP-THIEUTH;Lo;0;L;<compat> 1129;;;;N;HANGUL LETTER BIEUB TIEUT;;;;
+3178;HANGUL LETTER KAPYEOUNPIEUP;Lo;0;L;<compat> 112B;;;;N;HANGUL LETTER BIEUB SUN GYEONG EUM;;;;
+3179;HANGUL LETTER KAPYEOUNSSANGPIEUP;Lo;0;L;<compat> 112C;;;;N;HANGUL LETTER SSANG BIEUB SUN GYEONG EUM;;;;
+317A;HANGUL LETTER SIOS-KIYEOK;Lo;0;L;<compat> 112D;;;;N;HANGUL LETTER SIOS GIYEOG;;;;
+317B;HANGUL LETTER SIOS-NIEUN;Lo;0;L;<compat> 112E;;;;N;HANGUL LETTER SIOS NIEUN;;;;
+317C;HANGUL LETTER SIOS-TIKEUT;Lo;0;L;<compat> 112F;;;;N;HANGUL LETTER SIOS DIGEUD;;;;
+317D;HANGUL LETTER SIOS-PIEUP;Lo;0;L;<compat> 1132;;;;N;HANGUL LETTER SIOS BIEUB;;;;
+317E;HANGUL LETTER SIOS-CIEUC;Lo;0;L;<compat> 1136;;;;N;HANGUL LETTER SIOS JIEUJ;;;;
+317F;HANGUL LETTER PANSIOS;Lo;0;L;<compat> 1140;;;;N;HANGUL LETTER BAN CHI EUM;;;;
+3180;HANGUL LETTER SSANGIEUNG;Lo;0;L;<compat> 1147;;;;N;HANGUL LETTER SSANG IEUNG;;;;
+3181;HANGUL LETTER YESIEUNG;Lo;0;L;<compat> 114C;;;;N;HANGUL LETTER NGIEUNG;;;;
+3182;HANGUL LETTER YESIEUNG-SIOS;Lo;0;L;<compat> 11F1;;;;N;HANGUL LETTER NGIEUNG SIOS;;;;
+3183;HANGUL LETTER YESIEUNG-PANSIOS;Lo;0;L;<compat> 11F2;;;;N;HANGUL LETTER NGIEUNG BAN CHI EUM;;;;
+3184;HANGUL LETTER KAPYEOUNPHIEUPH;Lo;0;L;<compat> 1157;;;;N;HANGUL LETTER PIEUP SUN GYEONG EUM;;;;
+3185;HANGUL LETTER SSANGHIEUH;Lo;0;L;<compat> 1158;;;;N;HANGUL LETTER SSANG HIEUH;;;;
+3186;HANGUL LETTER YEORINHIEUH;Lo;0;L;<compat> 1159;;;;N;HANGUL LETTER YEOLIN HIEUH;;;;
+3187;HANGUL LETTER YO-YA;Lo;0;L;<compat> 1184;;;;N;HANGUL LETTER YOYA;;;;
+3188;HANGUL LETTER YO-YAE;Lo;0;L;<compat> 1185;;;;N;HANGUL LETTER YOYAE;;;;
+3189;HANGUL LETTER YO-I;Lo;0;L;<compat> 1188;;;;N;HANGUL LETTER YOI;;;;
+318A;HANGUL LETTER YU-YEO;Lo;0;L;<compat> 1191;;;;N;HANGUL LETTER YUYEO;;;;
+318B;HANGUL LETTER YU-YE;Lo;0;L;<compat> 1192;;;;N;HANGUL LETTER YUYE;;;;
+318C;HANGUL LETTER YU-I;Lo;0;L;<compat> 1194;;;;N;HANGUL LETTER YUI;;;;
+318D;HANGUL LETTER ARAEA;Lo;0;L;<compat> 119E;;;;N;HANGUL LETTER ALAE A;;;;
+318E;HANGUL LETTER ARAEAE;Lo;0;L;<compat> 11A1;;;;N;HANGUL LETTER ALAE AE;;;;
+3190;IDEOGRAPHIC ANNOTATION LINKING MARK;So;0;L;;;;;N;KANBUN TATETEN;Kanbun Tateten;;;
+3191;IDEOGRAPHIC ANNOTATION REVERSE MARK;So;0;L;;;;;N;KAERITEN RE;Kaeriten;;;
+3192;IDEOGRAPHIC ANNOTATION ONE MARK;No;0;L;<super> 4E00;;;1;N;KAERITEN ITI;Kaeriten;;;
+3193;IDEOGRAPHIC ANNOTATION TWO MARK;No;0;L;<super> 4E8C;;;2;N;KAERITEN NI;Kaeriten;;;
+3194;IDEOGRAPHIC ANNOTATION THREE MARK;No;0;L;<super> 4E09;;;3;N;KAERITEN SAN;Kaeriten;;;
+3195;IDEOGRAPHIC ANNOTATION FOUR MARK;No;0;L;<super> 56DB;;;4;N;KAERITEN SI;Kaeriten;;;
+3196;IDEOGRAPHIC ANNOTATION TOP MARK;So;0;L;<super> 4E0A;;;;N;KAERITEN ZYOU;Kaeriten;;;
+3197;IDEOGRAPHIC ANNOTATION MIDDLE MARK;So;0;L;<super> 4E2D;;;;N;KAERITEN TYUU;Kaeriten;;;
+3198;IDEOGRAPHIC ANNOTATION BOTTOM MARK;So;0;L;<super> 4E0B;;;;N;KAERITEN GE;Kaeriten;;;
+3199;IDEOGRAPHIC ANNOTATION FIRST MARK;So;0;L;<super> 7532;;;;N;KAERITEN KOU;Kaeriten;;;
+319A;IDEOGRAPHIC ANNOTATION SECOND MARK;So;0;L;<super> 4E59;;;;N;KAERITEN OTU;Kaeriten;;;
+319B;IDEOGRAPHIC ANNOTATION THIRD MARK;So;0;L;<super> 4E19;;;;N;KAERITEN HEI;Kaeriten;;;
+319C;IDEOGRAPHIC ANNOTATION FOURTH MARK;So;0;L;<super> 4E01;;;;N;KAERITEN TEI;Kaeriten;;;
+319D;IDEOGRAPHIC ANNOTATION HEAVEN MARK;So;0;L;<super> 5929;;;;N;KAERITEN TEN;Kaeriten;;;
+319E;IDEOGRAPHIC ANNOTATION EARTH MARK;So;0;L;<super> 5730;;;;N;KAERITEN TI;Kaeriten;;;
+319F;IDEOGRAPHIC ANNOTATION MAN MARK;So;0;L;<super> 4EBA;;;;N;KAERITEN ZIN;Kaeriten;;;
+31A0;BOPOMOFO LETTER BU;Lo;0;L;;;;;N;;;;;
+31A1;BOPOMOFO LETTER ZI;Lo;0;L;;;;;N;;;;;
+31A2;BOPOMOFO LETTER JI;Lo;0;L;;;;;N;;;;;
+31A3;BOPOMOFO LETTER GU;Lo;0;L;;;;;N;;;;;
+31A4;BOPOMOFO LETTER EE;Lo;0;L;;;;;N;;;;;
+31A5;BOPOMOFO LETTER ENN;Lo;0;L;;;;;N;;;;;
+31A6;BOPOMOFO LETTER OO;Lo;0;L;;;;;N;;;;;
+31A7;BOPOMOFO LETTER ONN;Lo;0;L;;;;;N;;;;;
+31A8;BOPOMOFO LETTER IR;Lo;0;L;;;;;N;;;;;
+31A9;BOPOMOFO LETTER ANN;Lo;0;L;;;;;N;;;;;
+31AA;BOPOMOFO LETTER INN;Lo;0;L;;;;;N;;;;;
+31AB;BOPOMOFO LETTER UNN;Lo;0;L;;;;;N;;;;;
+31AC;BOPOMOFO LETTER IM;Lo;0;L;;;;;N;;;;;
+31AD;BOPOMOFO LETTER NGG;Lo;0;L;;;;;N;;;;;
+31AE;BOPOMOFO LETTER AINN;Lo;0;L;;;;;N;;;;;
+31AF;BOPOMOFO LETTER AUNN;Lo;0;L;;;;;N;;;;;
+31B0;BOPOMOFO LETTER AM;Lo;0;L;;;;;N;;;;;
+31B1;BOPOMOFO LETTER OM;Lo;0;L;;;;;N;;;;;
+31B2;BOPOMOFO LETTER ONG;Lo;0;L;;;;;N;;;;;
+31B3;BOPOMOFO LETTER INNN;Lo;0;L;;;;;N;;;;;
+31B4;BOPOMOFO FINAL LETTER P;Lo;0;L;;;;;N;;;;;
+31B5;BOPOMOFO FINAL LETTER T;Lo;0;L;;;;;N;;;;;
+31B6;BOPOMOFO FINAL LETTER K;Lo;0;L;;;;;N;;;;;
+31B7;BOPOMOFO FINAL LETTER H;Lo;0;L;;;;;N;;;;;
+31F0;KATAKANA LETTER SMALL KU;Lo;0;L;;;;;N;;;;;
+31F1;KATAKANA LETTER SMALL SI;Lo;0;L;;;;;N;;;;;
+31F2;KATAKANA LETTER SMALL SU;Lo;0;L;;;;;N;;;;;
+31F3;KATAKANA LETTER SMALL TO;Lo;0;L;;;;;N;;;;;
+31F4;KATAKANA LETTER SMALL NU;Lo;0;L;;;;;N;;;;;
+31F5;KATAKANA LETTER SMALL HA;Lo;0;L;;;;;N;;;;;
+31F6;KATAKANA LETTER SMALL HI;Lo;0;L;;;;;N;;;;;
+31F7;KATAKANA LETTER SMALL HU;Lo;0;L;;;;;N;;;;;
+31F8;KATAKANA LETTER SMALL HE;Lo;0;L;;;;;N;;;;;
+31F9;KATAKANA LETTER SMALL HO;Lo;0;L;;;;;N;;;;;
+31FA;KATAKANA LETTER SMALL MU;Lo;0;L;;;;;N;;;;;
+31FB;KATAKANA LETTER SMALL RA;Lo;0;L;;;;;N;;;;;
+31FC;KATAKANA LETTER SMALL RI;Lo;0;L;;;;;N;;;;;
+31FD;KATAKANA LETTER SMALL RU;Lo;0;L;;;;;N;;;;;
+31FE;KATAKANA LETTER SMALL RE;Lo;0;L;;;;;N;;;;;
+31FF;KATAKANA LETTER SMALL RO;Lo;0;L;;;;;N;;;;;
+3200;PARENTHESIZED HANGUL KIYEOK;So;0;L;<compat> 0028 1100 0029;;;;N;PARENTHESIZED HANGUL GIYEOG;;;;
+3201;PARENTHESIZED HANGUL NIEUN;So;0;L;<compat> 0028 1102 0029;;;;N;;;;;
+3202;PARENTHESIZED HANGUL TIKEUT;So;0;L;<compat> 0028 1103 0029;;;;N;PARENTHESIZED HANGUL DIGEUD;;;;
+3203;PARENTHESIZED HANGUL RIEUL;So;0;L;<compat> 0028 1105 0029;;;;N;PARENTHESIZED HANGUL LIEUL;;;;
+3204;PARENTHESIZED HANGUL MIEUM;So;0;L;<compat> 0028 1106 0029;;;;N;;;;;
+3205;PARENTHESIZED HANGUL PIEUP;So;0;L;<compat> 0028 1107 0029;;;;N;PARENTHESIZED HANGUL BIEUB;;;;
+3206;PARENTHESIZED HANGUL SIOS;So;0;L;<compat> 0028 1109 0029;;;;N;;;;;
+3207;PARENTHESIZED HANGUL IEUNG;So;0;L;<compat> 0028 110B 0029;;;;N;;;;;
+3208;PARENTHESIZED HANGUL CIEUC;So;0;L;<compat> 0028 110C 0029;;;;N;PARENTHESIZED HANGUL JIEUJ;;;;
+3209;PARENTHESIZED HANGUL CHIEUCH;So;0;L;<compat> 0028 110E 0029;;;;N;PARENTHESIZED HANGUL CIEUC;;;;
+320A;PARENTHESIZED HANGUL KHIEUKH;So;0;L;<compat> 0028 110F 0029;;;;N;PARENTHESIZED HANGUL KIYEOK;;;;
+320B;PARENTHESIZED HANGUL THIEUTH;So;0;L;<compat> 0028 1110 0029;;;;N;PARENTHESIZED HANGUL TIEUT;;;;
+320C;PARENTHESIZED HANGUL PHIEUPH;So;0;L;<compat> 0028 1111 0029;;;;N;PARENTHESIZED HANGUL PIEUP;;;;
+320D;PARENTHESIZED HANGUL HIEUH;So;0;L;<compat> 0028 1112 0029;;;;N;;;;;
+320E;PARENTHESIZED HANGUL KIYEOK A;So;0;L;<compat> 0028 1100 1161 0029;;;;N;PARENTHESIZED HANGUL GA;;;;
+320F;PARENTHESIZED HANGUL NIEUN A;So;0;L;<compat> 0028 1102 1161 0029;;;;N;PARENTHESIZED HANGUL NA;;;;
+3210;PARENTHESIZED HANGUL TIKEUT A;So;0;L;<compat> 0028 1103 1161 0029;;;;N;PARENTHESIZED HANGUL DA;;;;
+3211;PARENTHESIZED HANGUL RIEUL A;So;0;L;<compat> 0028 1105 1161 0029;;;;N;PARENTHESIZED HANGUL LA;;;;
+3212;PARENTHESIZED HANGUL MIEUM A;So;0;L;<compat> 0028 1106 1161 0029;;;;N;PARENTHESIZED HANGUL MA;;;;
+3213;PARENTHESIZED HANGUL PIEUP A;So;0;L;<compat> 0028 1107 1161 0029;;;;N;PARENTHESIZED HANGUL BA;;;;
+3214;PARENTHESIZED HANGUL SIOS A;So;0;L;<compat> 0028 1109 1161 0029;;;;N;PARENTHESIZED HANGUL SA;;;;
+3215;PARENTHESIZED HANGUL IEUNG A;So;0;L;<compat> 0028 110B 1161 0029;;;;N;PARENTHESIZED HANGUL A;;;;
+3216;PARENTHESIZED HANGUL CIEUC A;So;0;L;<compat> 0028 110C 1161 0029;;;;N;PARENTHESIZED HANGUL JA;;;;
+3217;PARENTHESIZED HANGUL CHIEUCH A;So;0;L;<compat> 0028 110E 1161 0029;;;;N;PARENTHESIZED HANGUL CA;;;;
+3218;PARENTHESIZED HANGUL KHIEUKH A;So;0;L;<compat> 0028 110F 1161 0029;;;;N;PARENTHESIZED HANGUL KA;;;;
+3219;PARENTHESIZED HANGUL THIEUTH A;So;0;L;<compat> 0028 1110 1161 0029;;;;N;PARENTHESIZED HANGUL TA;;;;
+321A;PARENTHESIZED HANGUL PHIEUPH A;So;0;L;<compat> 0028 1111 1161 0029;;;;N;PARENTHESIZED HANGUL PA;;;;
+321B;PARENTHESIZED HANGUL HIEUH A;So;0;L;<compat> 0028 1112 1161 0029;;;;N;PARENTHESIZED HANGUL HA;;;;
+321C;PARENTHESIZED HANGUL CIEUC U;So;0;L;<compat> 0028 110C 116E 0029;;;;N;PARENTHESIZED HANGUL JU;;;;
+3220;PARENTHESIZED IDEOGRAPH ONE;No;0;L;<compat> 0028 4E00 0029;;;1;N;;;;;
+3221;PARENTHESIZED IDEOGRAPH TWO;No;0;L;<compat> 0028 4E8C 0029;;;2;N;;;;;
+3222;PARENTHESIZED IDEOGRAPH THREE;No;0;L;<compat> 0028 4E09 0029;;;3;N;;;;;
+3223;PARENTHESIZED IDEOGRAPH FOUR;No;0;L;<compat> 0028 56DB 0029;;;4;N;;;;;
+3224;PARENTHESIZED IDEOGRAPH FIVE;No;0;L;<compat> 0028 4E94 0029;;;5;N;;;;;
+3225;PARENTHESIZED IDEOGRAPH SIX;No;0;L;<compat> 0028 516D 0029;;;6;N;;;;;
+3226;PARENTHESIZED IDEOGRAPH SEVEN;No;0;L;<compat> 0028 4E03 0029;;;7;N;;;;;
+3227;PARENTHESIZED IDEOGRAPH EIGHT;No;0;L;<compat> 0028 516B 0029;;;8;N;;;;;
+3228;PARENTHESIZED IDEOGRAPH NINE;No;0;L;<compat> 0028 4E5D 0029;;;9;N;;;;;
+3229;PARENTHESIZED IDEOGRAPH TEN;No;0;L;<compat> 0028 5341 0029;;;10;N;;;;;
+322A;PARENTHESIZED IDEOGRAPH MOON;So;0;L;<compat> 0028 6708 0029;;;;N;;;;;
+322B;PARENTHESIZED IDEOGRAPH FIRE;So;0;L;<compat> 0028 706B 0029;;;;N;;;;;
+322C;PARENTHESIZED IDEOGRAPH WATER;So;0;L;<compat> 0028 6C34 0029;;;;N;;;;;
+322D;PARENTHESIZED IDEOGRAPH WOOD;So;0;L;<compat> 0028 6728 0029;;;;N;;;;;
+322E;PARENTHESIZED IDEOGRAPH METAL;So;0;L;<compat> 0028 91D1 0029;;;;N;;;;;
+322F;PARENTHESIZED IDEOGRAPH EARTH;So;0;L;<compat> 0028 571F 0029;;;;N;;;;;
+3230;PARENTHESIZED IDEOGRAPH SUN;So;0;L;<compat> 0028 65E5 0029;;;;N;;;;;
+3231;PARENTHESIZED IDEOGRAPH STOCK;So;0;L;<compat> 0028 682A 0029;;;;N;;;;;
+3232;PARENTHESIZED IDEOGRAPH HAVE;So;0;L;<compat> 0028 6709 0029;;;;N;;;;;
+3233;PARENTHESIZED IDEOGRAPH SOCIETY;So;0;L;<compat> 0028 793E 0029;;;;N;;;;;
+3234;PARENTHESIZED IDEOGRAPH NAME;So;0;L;<compat> 0028 540D 0029;;;;N;;;;;
+3235;PARENTHESIZED IDEOGRAPH SPECIAL;So;0;L;<compat> 0028 7279 0029;;;;N;;;;;
+3236;PARENTHESIZED IDEOGRAPH FINANCIAL;So;0;L;<compat> 0028 8CA1 0029;;;;N;;;;;
+3237;PARENTHESIZED IDEOGRAPH CONGRATULATION;So;0;L;<compat> 0028 795D 0029;;;;N;;;;;
+3238;PARENTHESIZED IDEOGRAPH LABOR;So;0;L;<compat> 0028 52B4 0029;;;;N;;;;;
+3239;PARENTHESIZED IDEOGRAPH REPRESENT;So;0;L;<compat> 0028 4EE3 0029;;;;N;;;;;
+323A;PARENTHESIZED IDEOGRAPH CALL;So;0;L;<compat> 0028 547C 0029;;;;N;;;;;
+323B;PARENTHESIZED IDEOGRAPH STUDY;So;0;L;<compat> 0028 5B66 0029;;;;N;;;;;
+323C;PARENTHESIZED IDEOGRAPH SUPERVISE;So;0;L;<compat> 0028 76E3 0029;;;;N;;;;;
+323D;PARENTHESIZED IDEOGRAPH ENTERPRISE;So;0;L;<compat> 0028 4F01 0029;;;;N;;;;;
+323E;PARENTHESIZED IDEOGRAPH RESOURCE;So;0;L;<compat> 0028 8CC7 0029;;;;N;;;;;
+323F;PARENTHESIZED IDEOGRAPH ALLIANCE;So;0;L;<compat> 0028 5354 0029;;;;N;;;;;
+3240;PARENTHESIZED IDEOGRAPH FESTIVAL;So;0;L;<compat> 0028 796D 0029;;;;N;;;;;
+3241;PARENTHESIZED IDEOGRAPH REST;So;0;L;<compat> 0028 4F11 0029;;;;N;;;;;
+3242;PARENTHESIZED IDEOGRAPH SELF;So;0;L;<compat> 0028 81EA 0029;;;;N;;;;;
+3243;PARENTHESIZED IDEOGRAPH REACH;So;0;L;<compat> 0028 81F3 0029;;;;N;;;;;
+3251;CIRCLED NUMBER TWENTY ONE;No;0;ON;<circle> 0032 0031;;;21;N;;;;;
+3252;CIRCLED NUMBER TWENTY TWO;No;0;ON;<circle> 0032 0032;;;22;N;;;;;
+3253;CIRCLED NUMBER TWENTY THREE;No;0;ON;<circle> 0032 0033;;;23;N;;;;;
+3254;CIRCLED NUMBER TWENTY FOUR;No;0;ON;<circle> 0032 0034;;;24;N;;;;;
+3255;CIRCLED NUMBER TWENTY FIVE;No;0;ON;<circle> 0032 0035;;;25;N;;;;;
+3256;CIRCLED NUMBER TWENTY SIX;No;0;ON;<circle> 0032 0036;;;26;N;;;;;
+3257;CIRCLED NUMBER TWENTY SEVEN;No;0;ON;<circle> 0032 0037;;;27;N;;;;;
+3258;CIRCLED NUMBER TWENTY EIGHT;No;0;ON;<circle> 0032 0038;;;28;N;;;;;
+3259;CIRCLED NUMBER TWENTY NINE;No;0;ON;<circle> 0032 0039;;;29;N;;;;;
+325A;CIRCLED NUMBER THIRTY;No;0;ON;<circle> 0033 0030;;;30;N;;;;;
+325B;CIRCLED NUMBER THIRTY ONE;No;0;ON;<circle> 0033 0031;;;31;N;;;;;
+325C;CIRCLED NUMBER THIRTY TWO;No;0;ON;<circle> 0033 0032;;;32;N;;;;;
+325D;CIRCLED NUMBER THIRTY THREE;No;0;ON;<circle> 0033 0033;;;33;N;;;;;
+325E;CIRCLED NUMBER THIRTY FOUR;No;0;ON;<circle> 0033 0034;;;34;N;;;;;
+325F;CIRCLED NUMBER THIRTY FIVE;No;0;ON;<circle> 0033 0035;;;35;N;;;;;
+3260;CIRCLED HANGUL KIYEOK;So;0;L;<circle> 1100;;;;N;CIRCLED HANGUL GIYEOG;;;;
+3261;CIRCLED HANGUL NIEUN;So;0;L;<circle> 1102;;;;N;;;;;
+3262;CIRCLED HANGUL TIKEUT;So;0;L;<circle> 1103;;;;N;CIRCLED HANGUL DIGEUD;;;;
+3263;CIRCLED HANGUL RIEUL;So;0;L;<circle> 1105;;;;N;CIRCLED HANGUL LIEUL;;;;
+3264;CIRCLED HANGUL MIEUM;So;0;L;<circle> 1106;;;;N;;;;;
+3265;CIRCLED HANGUL PIEUP;So;0;L;<circle> 1107;;;;N;CIRCLED HANGUL BIEUB;;;;
+3266;CIRCLED HANGUL SIOS;So;0;L;<circle> 1109;;;;N;;;;;
+3267;CIRCLED HANGUL IEUNG;So;0;L;<circle> 110B;;;;N;;;;;
+3268;CIRCLED HANGUL CIEUC;So;0;L;<circle> 110C;;;;N;CIRCLED HANGUL JIEUJ;;;;
+3269;CIRCLED HANGUL CHIEUCH;So;0;L;<circle> 110E;;;;N;CIRCLED HANGUL CIEUC;;;;
+326A;CIRCLED HANGUL KHIEUKH;So;0;L;<circle> 110F;;;;N;CIRCLED HANGUL KIYEOK;;;;
+326B;CIRCLED HANGUL THIEUTH;So;0;L;<circle> 1110;;;;N;CIRCLED HANGUL TIEUT;;;;
+326C;CIRCLED HANGUL PHIEUPH;So;0;L;<circle> 1111;;;;N;CIRCLED HANGUL PIEUP;;;;
+326D;CIRCLED HANGUL HIEUH;So;0;L;<circle> 1112;;;;N;;;;;
+326E;CIRCLED HANGUL KIYEOK A;So;0;L;<circle> 1100 1161;;;;N;CIRCLED HANGUL GA;;;;
+326F;CIRCLED HANGUL NIEUN A;So;0;L;<circle> 1102 1161;;;;N;CIRCLED HANGUL NA;;;;
+3270;CIRCLED HANGUL TIKEUT A;So;0;L;<circle> 1103 1161;;;;N;CIRCLED HANGUL DA;;;;
+3271;CIRCLED HANGUL RIEUL A;So;0;L;<circle> 1105 1161;;;;N;CIRCLED HANGUL LA;;;;
+3272;CIRCLED HANGUL MIEUM A;So;0;L;<circle> 1106 1161;;;;N;CIRCLED HANGUL MA;;;;
+3273;CIRCLED HANGUL PIEUP A;So;0;L;<circle> 1107 1161;;;;N;CIRCLED HANGUL BA;;;;
+3274;CIRCLED HANGUL SIOS A;So;0;L;<circle> 1109 1161;;;;N;CIRCLED HANGUL SA;;;;
+3275;CIRCLED HANGUL IEUNG A;So;0;L;<circle> 110B 1161;;;;N;CIRCLED HANGUL A;;;;
+3276;CIRCLED HANGUL CIEUC A;So;0;L;<circle> 110C 1161;;;;N;CIRCLED HANGUL JA;;;;
+3277;CIRCLED HANGUL CHIEUCH A;So;0;L;<circle> 110E 1161;;;;N;CIRCLED HANGUL CA;;;;
+3278;CIRCLED HANGUL KHIEUKH A;So;0;L;<circle> 110F 1161;;;;N;CIRCLED HANGUL KA;;;;
+3279;CIRCLED HANGUL THIEUTH A;So;0;L;<circle> 1110 1161;;;;N;CIRCLED HANGUL TA;;;;
+327A;CIRCLED HANGUL PHIEUPH A;So;0;L;<circle> 1111 1161;;;;N;CIRCLED HANGUL PA;;;;
+327B;CIRCLED HANGUL HIEUH A;So;0;L;<circle> 1112 1161;;;;N;CIRCLED HANGUL HA;;;;
+327F;KOREAN STANDARD SYMBOL;So;0;L;;;;;N;;;;;
+3280;CIRCLED IDEOGRAPH ONE;No;0;L;<circle> 4E00;;;1;N;;;;;
+3281;CIRCLED IDEOGRAPH TWO;No;0;L;<circle> 4E8C;;;2;N;;;;;
+3282;CIRCLED IDEOGRAPH THREE;No;0;L;<circle> 4E09;;;3;N;;;;;
+3283;CIRCLED IDEOGRAPH FOUR;No;0;L;<circle> 56DB;;;4;N;;;;;
+3284;CIRCLED IDEOGRAPH FIVE;No;0;L;<circle> 4E94;;;5;N;;;;;
+3285;CIRCLED IDEOGRAPH SIX;No;0;L;<circle> 516D;;;6;N;;;;;
+3286;CIRCLED IDEOGRAPH SEVEN;No;0;L;<circle> 4E03;;;7;N;;;;;
+3287;CIRCLED IDEOGRAPH EIGHT;No;0;L;<circle> 516B;;;8;N;;;;;
+3288;CIRCLED IDEOGRAPH NINE;No;0;L;<circle> 4E5D;;;9;N;;;;;
+3289;CIRCLED IDEOGRAPH TEN;No;0;L;<circle> 5341;;;10;N;;;;;
+328A;CIRCLED IDEOGRAPH MOON;So;0;L;<circle> 6708;;;;N;;;;;
+328B;CIRCLED IDEOGRAPH FIRE;So;0;L;<circle> 706B;;;;N;;;;;
+328C;CIRCLED IDEOGRAPH WATER;So;0;L;<circle> 6C34;;;;N;;;;;
+328D;CIRCLED IDEOGRAPH WOOD;So;0;L;<circle> 6728;;;;N;;;;;
+328E;CIRCLED IDEOGRAPH METAL;So;0;L;<circle> 91D1;;;;N;;;;;
+328F;CIRCLED IDEOGRAPH EARTH;So;0;L;<circle> 571F;;;;N;;;;;
+3290;CIRCLED IDEOGRAPH SUN;So;0;L;<circle> 65E5;;;;N;;;;;
+3291;CIRCLED IDEOGRAPH STOCK;So;0;L;<circle> 682A;;;;N;;;;;
+3292;CIRCLED IDEOGRAPH HAVE;So;0;L;<circle> 6709;;;;N;;;;;
+3293;CIRCLED IDEOGRAPH SOCIETY;So;0;L;<circle> 793E;;;;N;;;;;
+3294;CIRCLED IDEOGRAPH NAME;So;0;L;<circle> 540D;;;;N;;;;;
+3295;CIRCLED IDEOGRAPH SPECIAL;So;0;L;<circle> 7279;;;;N;;;;;
+3296;CIRCLED IDEOGRAPH FINANCIAL;So;0;L;<circle> 8CA1;;;;N;;;;;
+3297;CIRCLED IDEOGRAPH CONGRATULATION;So;0;L;<circle> 795D;;;;N;;;;;
+3298;CIRCLED IDEOGRAPH LABOR;So;0;L;<circle> 52B4;;;;N;;;;;
+3299;CIRCLED IDEOGRAPH SECRET;So;0;L;<circle> 79D8;;;;N;;;;;
+329A;CIRCLED IDEOGRAPH MALE;So;0;L;<circle> 7537;;;;N;;;;;
+329B;CIRCLED IDEOGRAPH FEMALE;So;0;L;<circle> 5973;;;;N;;;;;
+329C;CIRCLED IDEOGRAPH SUITABLE;So;0;L;<circle> 9069;;;;N;;;;;
+329D;CIRCLED IDEOGRAPH EXCELLENT;So;0;L;<circle> 512A;;;;N;;;;;
+329E;CIRCLED IDEOGRAPH PRINT;So;0;L;<circle> 5370;;;;N;;;;;
+329F;CIRCLED IDEOGRAPH ATTENTION;So;0;L;<circle> 6CE8;;;;N;;;;;
+32A0;CIRCLED IDEOGRAPH ITEM;So;0;L;<circle> 9805;;;;N;;;;;
+32A1;CIRCLED IDEOGRAPH REST;So;0;L;<circle> 4F11;;;;N;;;;;
+32A2;CIRCLED IDEOGRAPH COPY;So;0;L;<circle> 5199;;;;N;;;;;
+32A3;CIRCLED IDEOGRAPH CORRECT;So;0;L;<circle> 6B63;;;;N;;;;;
+32A4;CIRCLED IDEOGRAPH HIGH;So;0;L;<circle> 4E0A;;;;N;;;;;
+32A5;CIRCLED IDEOGRAPH CENTRE;So;0;L;<circle> 4E2D;;;;N;CIRCLED IDEOGRAPH CENTER;;;;
+32A6;CIRCLED IDEOGRAPH LOW;So;0;L;<circle> 4E0B;;;;N;;;;;
+32A7;CIRCLED IDEOGRAPH LEFT;So;0;L;<circle> 5DE6;;;;N;;;;;
+32A8;CIRCLED IDEOGRAPH RIGHT;So;0;L;<circle> 53F3;;;;N;;;;;
+32A9;CIRCLED IDEOGRAPH MEDICINE;So;0;L;<circle> 533B;;;;N;;;;;
+32AA;CIRCLED IDEOGRAPH RELIGION;So;0;L;<circle> 5B97;;;;N;;;;;
+32AB;CIRCLED IDEOGRAPH STUDY;So;0;L;<circle> 5B66;;;;N;;;;;
+32AC;CIRCLED IDEOGRAPH SUPERVISE;So;0;L;<circle> 76E3;;;;N;;;;;
+32AD;CIRCLED IDEOGRAPH ENTERPRISE;So;0;L;<circle> 4F01;;;;N;;;;;
+32AE;CIRCLED IDEOGRAPH RESOURCE;So;0;L;<circle> 8CC7;;;;N;;;;;
+32AF;CIRCLED IDEOGRAPH ALLIANCE;So;0;L;<circle> 5354;;;;N;;;;;
+32B0;CIRCLED IDEOGRAPH NIGHT;So;0;L;<circle> 591C;;;;N;;;;;
+32B1;CIRCLED NUMBER THIRTY SIX;No;0;ON;<circle> 0033 0036;;;36;N;;;;;
+32B2;CIRCLED NUMBER THIRTY SEVEN;No;0;ON;<circle> 0033 0037;;;37;N;;;;;
+32B3;CIRCLED NUMBER THIRTY EIGHT;No;0;ON;<circle> 0033 0038;;;38;N;;;;;
+32B4;CIRCLED NUMBER THIRTY NINE;No;0;ON;<circle> 0033 0039;;;39;N;;;;;
+32B5;CIRCLED NUMBER FORTY;No;0;ON;<circle> 0034 0030;;;40;N;;;;;
+32B6;CIRCLED NUMBER FORTY ONE;No;0;ON;<circle> 0034 0031;;;41;N;;;;;
+32B7;CIRCLED NUMBER FORTY TWO;No;0;ON;<circle> 0034 0032;;;42;N;;;;;
+32B8;CIRCLED NUMBER FORTY THREE;No;0;ON;<circle> 0034 0033;;;43;N;;;;;
+32B9;CIRCLED NUMBER FORTY FOUR;No;0;ON;<circle> 0034 0034;;;44;N;;;;;
+32BA;CIRCLED NUMBER FORTY FIVE;No;0;ON;<circle> 0034 0035;;;45;N;;;;;
+32BB;CIRCLED NUMBER FORTY SIX;No;0;ON;<circle> 0034 0036;;;46;N;;;;;
+32BC;CIRCLED NUMBER FORTY SEVEN;No;0;ON;<circle> 0034 0037;;;47;N;;;;;
+32BD;CIRCLED NUMBER FORTY EIGHT;No;0;ON;<circle> 0034 0038;;;48;N;;;;;
+32BE;CIRCLED NUMBER FORTY NINE;No;0;ON;<circle> 0034 0039;;;49;N;;;;;
+32BF;CIRCLED NUMBER FIFTY;No;0;ON;<circle> 0035 0030;;;50;N;;;;;
+32C0;IDEOGRAPHIC TELEGRAPH SYMBOL FOR JANUARY;So;0;L;<compat> 0031 6708;;;;N;;;;;
+32C1;IDEOGRAPHIC TELEGRAPH SYMBOL FOR FEBRUARY;So;0;L;<compat> 0032 6708;;;;N;;;;;
+32C2;IDEOGRAPHIC TELEGRAPH SYMBOL FOR MARCH;So;0;L;<compat> 0033 6708;;;;N;;;;;
+32C3;IDEOGRAPHIC TELEGRAPH SYMBOL FOR APRIL;So;0;L;<compat> 0034 6708;;;;N;;;;;
+32C4;IDEOGRAPHIC TELEGRAPH SYMBOL FOR MAY;So;0;L;<compat> 0035 6708;;;;N;;;;;
+32C5;IDEOGRAPHIC TELEGRAPH SYMBOL FOR JUNE;So;0;L;<compat> 0036 6708;;;;N;;;;;
+32C6;IDEOGRAPHIC TELEGRAPH SYMBOL FOR JULY;So;0;L;<compat> 0037 6708;;;;N;;;;;
+32C7;IDEOGRAPHIC TELEGRAPH SYMBOL FOR AUGUST;So;0;L;<compat> 0038 6708;;;;N;;;;;
+32C8;IDEOGRAPHIC TELEGRAPH SYMBOL FOR SEPTEMBER;So;0;L;<compat> 0039 6708;;;;N;;;;;
+32C9;IDEOGRAPHIC TELEGRAPH SYMBOL FOR OCTOBER;So;0;L;<compat> 0031 0030 6708;;;;N;;;;;
+32CA;IDEOGRAPHIC TELEGRAPH SYMBOL FOR NOVEMBER;So;0;L;<compat> 0031 0031 6708;;;;N;;;;;
+32CB;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DECEMBER;So;0;L;<compat> 0031 0032 6708;;;;N;;;;;
+32D0;CIRCLED KATAKANA A;So;0;L;<circle> 30A2;;;;N;;;;;
+32D1;CIRCLED KATAKANA I;So;0;L;<circle> 30A4;;;;N;;;;;
+32D2;CIRCLED KATAKANA U;So;0;L;<circle> 30A6;;;;N;;;;;
+32D3;CIRCLED KATAKANA E;So;0;L;<circle> 30A8;;;;N;;;;;
+32D4;CIRCLED KATAKANA O;So;0;L;<circle> 30AA;;;;N;;;;;
+32D5;CIRCLED KATAKANA KA;So;0;L;<circle> 30AB;;;;N;;;;;
+32D6;CIRCLED KATAKANA KI;So;0;L;<circle> 30AD;;;;N;;;;;
+32D7;CIRCLED KATAKANA KU;So;0;L;<circle> 30AF;;;;N;;;;;
+32D8;CIRCLED KATAKANA KE;So;0;L;<circle> 30B1;;;;N;;;;;
+32D9;CIRCLED KATAKANA KO;So;0;L;<circle> 30B3;;;;N;;;;;
+32DA;CIRCLED KATAKANA SA;So;0;L;<circle> 30B5;;;;N;;;;;
+32DB;CIRCLED KATAKANA SI;So;0;L;<circle> 30B7;;;;N;;;;;
+32DC;CIRCLED KATAKANA SU;So;0;L;<circle> 30B9;;;;N;;;;;
+32DD;CIRCLED KATAKANA SE;So;0;L;<circle> 30BB;;;;N;;;;;
+32DE;CIRCLED KATAKANA SO;So;0;L;<circle> 30BD;;;;N;;;;;
+32DF;CIRCLED KATAKANA TA;So;0;L;<circle> 30BF;;;;N;;;;;
+32E0;CIRCLED KATAKANA TI;So;0;L;<circle> 30C1;;;;N;;;;;
+32E1;CIRCLED KATAKANA TU;So;0;L;<circle> 30C4;;;;N;;;;;
+32E2;CIRCLED KATAKANA TE;So;0;L;<circle> 30C6;;;;N;;;;;
+32E3;CIRCLED KATAKANA TO;So;0;L;<circle> 30C8;;;;N;;;;;
+32E4;CIRCLED KATAKANA NA;So;0;L;<circle> 30CA;;;;N;;;;;
+32E5;CIRCLED KATAKANA NI;So;0;L;<circle> 30CB;;;;N;;;;;
+32E6;CIRCLED KATAKANA NU;So;0;L;<circle> 30CC;;;;N;;;;;
+32E7;CIRCLED KATAKANA NE;So;0;L;<circle> 30CD;;;;N;;;;;
+32E8;CIRCLED KATAKANA NO;So;0;L;<circle> 30CE;;;;N;;;;;
+32E9;CIRCLED KATAKANA HA;So;0;L;<circle> 30CF;;;;N;;;;;
+32EA;CIRCLED KATAKANA HI;So;0;L;<circle> 30D2;;;;N;;;;;
+32EB;CIRCLED KATAKANA HU;So;0;L;<circle> 30D5;;;;N;;;;;
+32EC;CIRCLED KATAKANA HE;So;0;L;<circle> 30D8;;;;N;;;;;
+32ED;CIRCLED KATAKANA HO;So;0;L;<circle> 30DB;;;;N;;;;;
+32EE;CIRCLED KATAKANA MA;So;0;L;<circle> 30DE;;;;N;;;;;
+32EF;CIRCLED KATAKANA MI;So;0;L;<circle> 30DF;;;;N;;;;;
+32F0;CIRCLED KATAKANA MU;So;0;L;<circle> 30E0;;;;N;;;;;
+32F1;CIRCLED KATAKANA ME;So;0;L;<circle> 30E1;;;;N;;;;;
+32F2;CIRCLED KATAKANA MO;So;0;L;<circle> 30E2;;;;N;;;;;
+32F3;CIRCLED KATAKANA YA;So;0;L;<circle> 30E4;;;;N;;;;;
+32F4;CIRCLED KATAKANA YU;So;0;L;<circle> 30E6;;;;N;;;;;
+32F5;CIRCLED KATAKANA YO;So;0;L;<circle> 30E8;;;;N;;;;;
+32F6;CIRCLED KATAKANA RA;So;0;L;<circle> 30E9;;;;N;;;;;
+32F7;CIRCLED KATAKANA RI;So;0;L;<circle> 30EA;;;;N;;;;;
+32F8;CIRCLED KATAKANA RU;So;0;L;<circle> 30EB;;;;N;;;;;
+32F9;CIRCLED KATAKANA RE;So;0;L;<circle> 30EC;;;;N;;;;;
+32FA;CIRCLED KATAKANA RO;So;0;L;<circle> 30ED;;;;N;;;;;
+32FB;CIRCLED KATAKANA WA;So;0;L;<circle> 30EF;;;;N;;;;;
+32FC;CIRCLED KATAKANA WI;So;0;L;<circle> 30F0;;;;N;;;;;
+32FD;CIRCLED KATAKANA WE;So;0;L;<circle> 30F1;;;;N;;;;;
+32FE;CIRCLED KATAKANA WO;So;0;L;<circle> 30F2;;;;N;;;;;
+3300;SQUARE APAATO;So;0;L;<square> 30A2 30D1 30FC 30C8;;;;N;SQUARED APAATO;;;;
+3301;SQUARE ARUHUA;So;0;L;<square> 30A2 30EB 30D5 30A1;;;;N;SQUARED ARUHUA;;;;
+3302;SQUARE ANPEA;So;0;L;<square> 30A2 30F3 30DA 30A2;;;;N;SQUARED ANPEA;;;;
+3303;SQUARE AARU;So;0;L;<square> 30A2 30FC 30EB;;;;N;SQUARED AARU;;;;
+3304;SQUARE ININGU;So;0;L;<square> 30A4 30CB 30F3 30B0;;;;N;SQUARED ININGU;;;;
+3305;SQUARE INTI;So;0;L;<square> 30A4 30F3 30C1;;;;N;SQUARED INTI;;;;
+3306;SQUARE UON;So;0;L;<square> 30A6 30A9 30F3;;;;N;SQUARED UON;;;;
+3307;SQUARE ESUKUUDO;So;0;L;<square> 30A8 30B9 30AF 30FC 30C9;;;;N;SQUARED ESUKUUDO;;;;
+3308;SQUARE EEKAA;So;0;L;<square> 30A8 30FC 30AB 30FC;;;;N;SQUARED EEKAA;;;;
+3309;SQUARE ONSU;So;0;L;<square> 30AA 30F3 30B9;;;;N;SQUARED ONSU;;;;
+330A;SQUARE OOMU;So;0;L;<square> 30AA 30FC 30E0;;;;N;SQUARED OOMU;;;;
+330B;SQUARE KAIRI;So;0;L;<square> 30AB 30A4 30EA;;;;N;SQUARED KAIRI;;;;
+330C;SQUARE KARATTO;So;0;L;<square> 30AB 30E9 30C3 30C8;;;;N;SQUARED KARATTO;;;;
+330D;SQUARE KARORII;So;0;L;<square> 30AB 30ED 30EA 30FC;;;;N;SQUARED KARORII;;;;
+330E;SQUARE GARON;So;0;L;<square> 30AC 30ED 30F3;;;;N;SQUARED GARON;;;;
+330F;SQUARE GANMA;So;0;L;<square> 30AC 30F3 30DE;;;;N;SQUARED GANMA;;;;
+3310;SQUARE GIGA;So;0;L;<square> 30AE 30AC;;;;N;SQUARED GIGA;;;;
+3311;SQUARE GINII;So;0;L;<square> 30AE 30CB 30FC;;;;N;SQUARED GINII;;;;
+3312;SQUARE KYURII;So;0;L;<square> 30AD 30E5 30EA 30FC;;;;N;SQUARED KYURII;;;;
+3313;SQUARE GIRUDAA;So;0;L;<square> 30AE 30EB 30C0 30FC;;;;N;SQUARED GIRUDAA;;;;
+3314;SQUARE KIRO;So;0;L;<square> 30AD 30ED;;;;N;SQUARED KIRO;;;;
+3315;SQUARE KIROGURAMU;So;0;L;<square> 30AD 30ED 30B0 30E9 30E0;;;;N;SQUARED KIROGURAMU;;;;
+3316;SQUARE KIROMEETORU;So;0;L;<square> 30AD 30ED 30E1 30FC 30C8 30EB;;;;N;SQUARED KIROMEETORU;;;;
+3317;SQUARE KIROWATTO;So;0;L;<square> 30AD 30ED 30EF 30C3 30C8;;;;N;SQUARED KIROWATTO;;;;
+3318;SQUARE GURAMU;So;0;L;<square> 30B0 30E9 30E0;;;;N;SQUARED GURAMU;;;;
+3319;SQUARE GURAMUTON;So;0;L;<square> 30B0 30E9 30E0 30C8 30F3;;;;N;SQUARED GURAMUTON;;;;
+331A;SQUARE KURUZEIRO;So;0;L;<square> 30AF 30EB 30BC 30A4 30ED;;;;N;SQUARED KURUZEIRO;;;;
+331B;SQUARE KUROONE;So;0;L;<square> 30AF 30ED 30FC 30CD;;;;N;SQUARED KUROONE;;;;
+331C;SQUARE KEESU;So;0;L;<square> 30B1 30FC 30B9;;;;N;SQUARED KEESU;;;;
+331D;SQUARE KORUNA;So;0;L;<square> 30B3 30EB 30CA;;;;N;SQUARED KORUNA;;;;
+331E;SQUARE KOOPO;So;0;L;<square> 30B3 30FC 30DD;;;;N;SQUARED KOOPO;;;;
+331F;SQUARE SAIKURU;So;0;L;<square> 30B5 30A4 30AF 30EB;;;;N;SQUARED SAIKURU;;;;
+3320;SQUARE SANTIIMU;So;0;L;<square> 30B5 30F3 30C1 30FC 30E0;;;;N;SQUARED SANTIIMU;;;;
+3321;SQUARE SIRINGU;So;0;L;<square> 30B7 30EA 30F3 30B0;;;;N;SQUARED SIRINGU;;;;
+3322;SQUARE SENTI;So;0;L;<square> 30BB 30F3 30C1;;;;N;SQUARED SENTI;;;;
+3323;SQUARE SENTO;So;0;L;<square> 30BB 30F3 30C8;;;;N;SQUARED SENTO;;;;
+3324;SQUARE DAASU;So;0;L;<square> 30C0 30FC 30B9;;;;N;SQUARED DAASU;;;;
+3325;SQUARE DESI;So;0;L;<square> 30C7 30B7;;;;N;SQUARED DESI;;;;
+3326;SQUARE DORU;So;0;L;<square> 30C9 30EB;;;;N;SQUARED DORU;;;;
+3327;SQUARE TON;So;0;L;<square> 30C8 30F3;;;;N;SQUARED TON;;;;
+3328;SQUARE NANO;So;0;L;<square> 30CA 30CE;;;;N;SQUARED NANO;;;;
+3329;SQUARE NOTTO;So;0;L;<square> 30CE 30C3 30C8;;;;N;SQUARED NOTTO;;;;
+332A;SQUARE HAITU;So;0;L;<square> 30CF 30A4 30C4;;;;N;SQUARED HAITU;;;;
+332B;SQUARE PAASENTO;So;0;L;<square> 30D1 30FC 30BB 30F3 30C8;;;;N;SQUARED PAASENTO;;;;
+332C;SQUARE PAATU;So;0;L;<square> 30D1 30FC 30C4;;;;N;SQUARED PAATU;;;;
+332D;SQUARE BAARERU;So;0;L;<square> 30D0 30FC 30EC 30EB;;;;N;SQUARED BAARERU;;;;
+332E;SQUARE PIASUTORU;So;0;L;<square> 30D4 30A2 30B9 30C8 30EB;;;;N;SQUARED PIASUTORU;;;;
+332F;SQUARE PIKURU;So;0;L;<square> 30D4 30AF 30EB;;;;N;SQUARED PIKURU;;;;
+3330;SQUARE PIKO;So;0;L;<square> 30D4 30B3;;;;N;SQUARED PIKO;;;;
+3331;SQUARE BIRU;So;0;L;<square> 30D3 30EB;;;;N;SQUARED BIRU;;;;
+3332;SQUARE HUARADDO;So;0;L;<square> 30D5 30A1 30E9 30C3 30C9;;;;N;SQUARED HUARADDO;;;;
+3333;SQUARE HUIITO;So;0;L;<square> 30D5 30A3 30FC 30C8;;;;N;SQUARED HUIITO;;;;
+3334;SQUARE BUSSYERU;So;0;L;<square> 30D6 30C3 30B7 30A7 30EB;;;;N;SQUARED BUSSYERU;;;;
+3335;SQUARE HURAN;So;0;L;<square> 30D5 30E9 30F3;;;;N;SQUARED HURAN;;;;
+3336;SQUARE HEKUTAARU;So;0;L;<square> 30D8 30AF 30BF 30FC 30EB;;;;N;SQUARED HEKUTAARU;;;;
+3337;SQUARE PESO;So;0;L;<square> 30DA 30BD;;;;N;SQUARED PESO;;;;
+3338;SQUARE PENIHI;So;0;L;<square> 30DA 30CB 30D2;;;;N;SQUARED PENIHI;;;;
+3339;SQUARE HERUTU;So;0;L;<square> 30D8 30EB 30C4;;;;N;SQUARED HERUTU;;;;
+333A;SQUARE PENSU;So;0;L;<square> 30DA 30F3 30B9;;;;N;SQUARED PENSU;;;;
+333B;SQUARE PEEZI;So;0;L;<square> 30DA 30FC 30B8;;;;N;SQUARED PEEZI;;;;
+333C;SQUARE BEETA;So;0;L;<square> 30D9 30FC 30BF;;;;N;SQUARED BEETA;;;;
+333D;SQUARE POINTO;So;0;L;<square> 30DD 30A4 30F3 30C8;;;;N;SQUARED POINTO;;;;
+333E;SQUARE BORUTO;So;0;L;<square> 30DC 30EB 30C8;;;;N;SQUARED BORUTO;;;;
+333F;SQUARE HON;So;0;L;<square> 30DB 30F3;;;;N;SQUARED HON;;;;
+3340;SQUARE PONDO;So;0;L;<square> 30DD 30F3 30C9;;;;N;SQUARED PONDO;;;;
+3341;SQUARE HOORU;So;0;L;<square> 30DB 30FC 30EB;;;;N;SQUARED HOORU;;;;
+3342;SQUARE HOON;So;0;L;<square> 30DB 30FC 30F3;;;;N;SQUARED HOON;;;;
+3343;SQUARE MAIKURO;So;0;L;<square> 30DE 30A4 30AF 30ED;;;;N;SQUARED MAIKURO;;;;
+3344;SQUARE MAIRU;So;0;L;<square> 30DE 30A4 30EB;;;;N;SQUARED MAIRU;;;;
+3345;SQUARE MAHHA;So;0;L;<square> 30DE 30C3 30CF;;;;N;SQUARED MAHHA;;;;
+3346;SQUARE MARUKU;So;0;L;<square> 30DE 30EB 30AF;;;;N;SQUARED MARUKU;;;;
+3347;SQUARE MANSYON;So;0;L;<square> 30DE 30F3 30B7 30E7 30F3;;;;N;SQUARED MANSYON;;;;
+3348;SQUARE MIKURON;So;0;L;<square> 30DF 30AF 30ED 30F3;;;;N;SQUARED MIKURON;;;;
+3349;SQUARE MIRI;So;0;L;<square> 30DF 30EA;;;;N;SQUARED MIRI;;;;
+334A;SQUARE MIRIBAARU;So;0;L;<square> 30DF 30EA 30D0 30FC 30EB;;;;N;SQUARED MIRIBAARU;;;;
+334B;SQUARE MEGA;So;0;L;<square> 30E1 30AC;;;;N;SQUARED MEGA;;;;
+334C;SQUARE MEGATON;So;0;L;<square> 30E1 30AC 30C8 30F3;;;;N;SQUARED MEGATON;;;;
+334D;SQUARE MEETORU;So;0;L;<square> 30E1 30FC 30C8 30EB;;;;N;SQUARED MEETORU;;;;
+334E;SQUARE YAADO;So;0;L;<square> 30E4 30FC 30C9;;;;N;SQUARED YAADO;;;;
+334F;SQUARE YAARU;So;0;L;<square> 30E4 30FC 30EB;;;;N;SQUARED YAARU;;;;
+3350;SQUARE YUAN;So;0;L;<square> 30E6 30A2 30F3;;;;N;SQUARED YUAN;;;;
+3351;SQUARE RITTORU;So;0;L;<square> 30EA 30C3 30C8 30EB;;;;N;SQUARED RITTORU;;;;
+3352;SQUARE RIRA;So;0;L;<square> 30EA 30E9;;;;N;SQUARED RIRA;;;;
+3353;SQUARE RUPII;So;0;L;<square> 30EB 30D4 30FC;;;;N;SQUARED RUPII;;;;
+3354;SQUARE RUUBURU;So;0;L;<square> 30EB 30FC 30D6 30EB;;;;N;SQUARED RUUBURU;;;;
+3355;SQUARE REMU;So;0;L;<square> 30EC 30E0;;;;N;SQUARED REMU;;;;
+3356;SQUARE RENTOGEN;So;0;L;<square> 30EC 30F3 30C8 30B2 30F3;;;;N;SQUARED RENTOGEN;;;;
+3357;SQUARE WATTO;So;0;L;<square> 30EF 30C3 30C8;;;;N;SQUARED WATTO;;;;
+3358;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ZERO;So;0;L;<compat> 0030 70B9;;;;N;;;;;
+3359;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ONE;So;0;L;<compat> 0031 70B9;;;;N;;;;;
+335A;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWO;So;0;L;<compat> 0032 70B9;;;;N;;;;;
+335B;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR THREE;So;0;L;<compat> 0033 70B9;;;;N;;;;;
+335C;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FOUR;So;0;L;<compat> 0034 70B9;;;;N;;;;;
+335D;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FIVE;So;0;L;<compat> 0035 70B9;;;;N;;;;;
+335E;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SIX;So;0;L;<compat> 0036 70B9;;;;N;;;;;
+335F;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SEVEN;So;0;L;<compat> 0037 70B9;;;;N;;;;;
+3360;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR EIGHT;So;0;L;<compat> 0038 70B9;;;;N;;;;;
+3361;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR NINE;So;0;L;<compat> 0039 70B9;;;;N;;;;;
+3362;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TEN;So;0;L;<compat> 0031 0030 70B9;;;;N;;;;;
+3363;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ELEVEN;So;0;L;<compat> 0031 0031 70B9;;;;N;;;;;
+3364;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWELVE;So;0;L;<compat> 0031 0032 70B9;;;;N;;;;;
+3365;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR THIRTEEN;So;0;L;<compat> 0031 0033 70B9;;;;N;;;;;
+3366;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FOURTEEN;So;0;L;<compat> 0031 0034 70B9;;;;N;;;;;
+3367;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FIFTEEN;So;0;L;<compat> 0031 0035 70B9;;;;N;;;;;
+3368;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SIXTEEN;So;0;L;<compat> 0031 0036 70B9;;;;N;;;;;
+3369;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SEVENTEEN;So;0;L;<compat> 0031 0037 70B9;;;;N;;;;;
+336A;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR EIGHTEEN;So;0;L;<compat> 0031 0038 70B9;;;;N;;;;;
+336B;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR NINETEEN;So;0;L;<compat> 0031 0039 70B9;;;;N;;;;;
+336C;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY;So;0;L;<compat> 0032 0030 70B9;;;;N;;;;;
+336D;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-ONE;So;0;L;<compat> 0032 0031 70B9;;;;N;;;;;
+336E;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-TWO;So;0;L;<compat> 0032 0032 70B9;;;;N;;;;;
+336F;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-THREE;So;0;L;<compat> 0032 0033 70B9;;;;N;;;;;
+3370;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-FOUR;So;0;L;<compat> 0032 0034 70B9;;;;N;;;;;
+3371;SQUARE HPA;So;0;L;<square> 0068 0050 0061;;;;N;;;;;
+3372;SQUARE DA;So;0;L;<square> 0064 0061;;;;N;;;;;
+3373;SQUARE AU;So;0;L;<square> 0041 0055;;;;N;;;;;
+3374;SQUARE BAR;So;0;L;<square> 0062 0061 0072;;;;N;;;;;
+3375;SQUARE OV;So;0;L;<square> 006F 0056;;;;N;;;;;
+3376;SQUARE PC;So;0;L;<square> 0070 0063;;;;N;;;;;
+337B;SQUARE ERA NAME HEISEI;So;0;L;<square> 5E73 6210;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME HEISEI;;;;
+337C;SQUARE ERA NAME SYOUWA;So;0;L;<square> 662D 548C;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME SYOUWA;;;;
+337D;SQUARE ERA NAME TAISYOU;So;0;L;<square> 5927 6B63;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME TAISYOU;;;;
+337E;SQUARE ERA NAME MEIZI;So;0;L;<square> 660E 6CBB;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME MEIZI;;;;
+337F;SQUARE CORPORATION;So;0;L;<square> 682A 5F0F 4F1A 793E;;;;N;SQUARED FOUR IDEOGRAPHS CORPORATION;;;;
+3380;SQUARE PA AMPS;So;0;L;<square> 0070 0041;;;;N;SQUARED PA AMPS;;;;
+3381;SQUARE NA;So;0;L;<square> 006E 0041;;;;N;SQUARED NA;;;;
+3382;SQUARE MU A;So;0;L;<square> 03BC 0041;;;;N;SQUARED MU A;;;;
+3383;SQUARE MA;So;0;L;<square> 006D 0041;;;;N;SQUARED MA;;;;
+3384;SQUARE KA;So;0;L;<square> 006B 0041;;;;N;SQUARED KA;;;;
+3385;SQUARE KB;So;0;L;<square> 004B 0042;;;;N;SQUARED KB;;;;
+3386;SQUARE MB;So;0;L;<square> 004D 0042;;;;N;SQUARED MB;;;;
+3387;SQUARE GB;So;0;L;<square> 0047 0042;;;;N;SQUARED GB;;;;
+3388;SQUARE CAL;So;0;L;<square> 0063 0061 006C;;;;N;SQUARED CAL;;;;
+3389;SQUARE KCAL;So;0;L;<square> 006B 0063 0061 006C;;;;N;SQUARED KCAL;;;;
+338A;SQUARE PF;So;0;L;<square> 0070 0046;;;;N;SQUARED PF;;;;
+338B;SQUARE NF;So;0;L;<square> 006E 0046;;;;N;SQUARED NF;;;;
+338C;SQUARE MU F;So;0;L;<square> 03BC 0046;;;;N;SQUARED MU F;;;;
+338D;SQUARE MU G;So;0;L;<square> 03BC 0067;;;;N;SQUARED MU G;;;;
+338E;SQUARE MG;So;0;L;<square> 006D 0067;;;;N;SQUARED MG;;;;
+338F;SQUARE KG;So;0;L;<square> 006B 0067;;;;N;SQUARED KG;;;;
+3390;SQUARE HZ;So;0;L;<square> 0048 007A;;;;N;SQUARED HZ;;;;
+3391;SQUARE KHZ;So;0;L;<square> 006B 0048 007A;;;;N;SQUARED KHZ;;;;
+3392;SQUARE MHZ;So;0;L;<square> 004D 0048 007A;;;;N;SQUARED MHZ;;;;
+3393;SQUARE GHZ;So;0;L;<square> 0047 0048 007A;;;;N;SQUARED GHZ;;;;
+3394;SQUARE THZ;So;0;L;<square> 0054 0048 007A;;;;N;SQUARED THZ;;;;
+3395;SQUARE MU L;So;0;L;<square> 03BC 2113;;;;N;SQUARED MU L;;;;
+3396;SQUARE ML;So;0;L;<square> 006D 2113;;;;N;SQUARED ML;;;;
+3397;SQUARE DL;So;0;L;<square> 0064 2113;;;;N;SQUARED DL;;;;
+3398;SQUARE KL;So;0;L;<square> 006B 2113;;;;N;SQUARED KL;;;;
+3399;SQUARE FM;So;0;L;<square> 0066 006D;;;;N;SQUARED FM;;;;
+339A;SQUARE NM;So;0;L;<square> 006E 006D;;;;N;SQUARED NM;;;;
+339B;SQUARE MU M;So;0;L;<square> 03BC 006D;;;;N;SQUARED MU M;;;;
+339C;SQUARE MM;So;0;L;<square> 006D 006D;;;;N;SQUARED MM;;;;
+339D;SQUARE CM;So;0;L;<square> 0063 006D;;;;N;SQUARED CM;;;;
+339E;SQUARE KM;So;0;L;<square> 006B 006D;;;;N;SQUARED KM;;;;
+339F;SQUARE MM SQUARED;So;0;L;<square> 006D 006D 00B2;;;;N;SQUARED MM SQUARED;;;;
+33A0;SQUARE CM SQUARED;So;0;L;<square> 0063 006D 00B2;;;;N;SQUARED CM SQUARED;;;;
+33A1;SQUARE M SQUARED;So;0;L;<square> 006D 00B2;;;;N;SQUARED M SQUARED;;;;
+33A2;SQUARE KM SQUARED;So;0;L;<square> 006B 006D 00B2;;;;N;SQUARED KM SQUARED;;;;
+33A3;SQUARE MM CUBED;So;0;L;<square> 006D 006D 00B3;;;;N;SQUARED MM CUBED;;;;
+33A4;SQUARE CM CUBED;So;0;L;<square> 0063 006D 00B3;;;;N;SQUARED CM CUBED;;;;
+33A5;SQUARE M CUBED;So;0;L;<square> 006D 00B3;;;;N;SQUARED M CUBED;;;;
+33A6;SQUARE KM CUBED;So;0;L;<square> 006B 006D 00B3;;;;N;SQUARED KM CUBED;;;;
+33A7;SQUARE M OVER S;So;0;L;<square> 006D 2215 0073;;;;N;SQUARED M OVER S;;;;
+33A8;SQUARE M OVER S SQUARED;So;0;L;<square> 006D 2215 0073 00B2;;;;N;SQUARED M OVER S SQUARED;;;;
+33A9;SQUARE PA;So;0;L;<square> 0050 0061;;;;N;SQUARED PA;;;;
+33AA;SQUARE KPA;So;0;L;<square> 006B 0050 0061;;;;N;SQUARED KPA;;;;
+33AB;SQUARE MPA;So;0;L;<square> 004D 0050 0061;;;;N;SQUARED MPA;;;;
+33AC;SQUARE GPA;So;0;L;<square> 0047 0050 0061;;;;N;SQUARED GPA;;;;
+33AD;SQUARE RAD;So;0;L;<square> 0072 0061 0064;;;;N;SQUARED RAD;;;;
+33AE;SQUARE RAD OVER S;So;0;L;<square> 0072 0061 0064 2215 0073;;;;N;SQUARED RAD OVER S;;;;
+33AF;SQUARE RAD OVER S SQUARED;So;0;L;<square> 0072 0061 0064 2215 0073 00B2;;;;N;SQUARED RAD OVER S SQUARED;;;;
+33B0;SQUARE PS;So;0;L;<square> 0070 0073;;;;N;SQUARED PS;;;;
+33B1;SQUARE NS;So;0;L;<square> 006E 0073;;;;N;SQUARED NS;;;;
+33B2;SQUARE MU S;So;0;L;<square> 03BC 0073;;;;N;SQUARED MU S;;;;
+33B3;SQUARE MS;So;0;L;<square> 006D 0073;;;;N;SQUARED MS;;;;
+33B4;SQUARE PV;So;0;L;<square> 0070 0056;;;;N;SQUARED PV;;;;
+33B5;SQUARE NV;So;0;L;<square> 006E 0056;;;;N;SQUARED NV;;;;
+33B6;SQUARE MU V;So;0;L;<square> 03BC 0056;;;;N;SQUARED MU V;;;;
+33B7;SQUARE MV;So;0;L;<square> 006D 0056;;;;N;SQUARED MV;;;;
+33B8;SQUARE KV;So;0;L;<square> 006B 0056;;;;N;SQUARED KV;;;;
+33B9;SQUARE MV MEGA;So;0;L;<square> 004D 0056;;;;N;SQUARED MV MEGA;;;;
+33BA;SQUARE PW;So;0;L;<square> 0070 0057;;;;N;SQUARED PW;;;;
+33BB;SQUARE NW;So;0;L;<square> 006E 0057;;;;N;SQUARED NW;;;;
+33BC;SQUARE MU W;So;0;L;<square> 03BC 0057;;;;N;SQUARED MU W;;;;
+33BD;SQUARE MW;So;0;L;<square> 006D 0057;;;;N;SQUARED MW;;;;
+33BE;SQUARE KW;So;0;L;<square> 006B 0057;;;;N;SQUARED KW;;;;
+33BF;SQUARE MW MEGA;So;0;L;<square> 004D 0057;;;;N;SQUARED MW MEGA;;;;
+33C0;SQUARE K OHM;So;0;L;<square> 006B 03A9;;;;N;SQUARED K OHM;;;;
+33C1;SQUARE M OHM;So;0;L;<square> 004D 03A9;;;;N;SQUARED M OHM;;;;
+33C2;SQUARE AM;So;0;L;<square> 0061 002E 006D 002E;;;;N;SQUARED AM;;;;
+33C3;SQUARE BQ;So;0;L;<square> 0042 0071;;;;N;SQUARED BQ;;;;
+33C4;SQUARE CC;So;0;L;<square> 0063 0063;;;;N;SQUARED CC;;;;
+33C5;SQUARE CD;So;0;L;<square> 0063 0064;;;;N;SQUARED CD;;;;
+33C6;SQUARE C OVER KG;So;0;L;<square> 0043 2215 006B 0067;;;;N;SQUARED C OVER KG;;;;
+33C7;SQUARE CO;So;0;L;<square> 0043 006F 002E;;;;N;SQUARED CO;;;;
+33C8;SQUARE DB;So;0;L;<square> 0064 0042;;;;N;SQUARED DB;;;;
+33C9;SQUARE GY;So;0;L;<square> 0047 0079;;;;N;SQUARED GY;;;;
+33CA;SQUARE HA;So;0;L;<square> 0068 0061;;;;N;SQUARED HA;;;;
+33CB;SQUARE HP;So;0;L;<square> 0048 0050;;;;N;SQUARED HP;;;;
+33CC;SQUARE IN;So;0;L;<square> 0069 006E;;;;N;SQUARED IN;;;;
+33CD;SQUARE KK;So;0;L;<square> 004B 004B;;;;N;SQUARED KK;;;;
+33CE;SQUARE KM CAPITAL;So;0;L;<square> 004B 004D;;;;N;SQUARED KM CAPITAL;;;;
+33CF;SQUARE KT;So;0;L;<square> 006B 0074;;;;N;SQUARED KT;;;;
+33D0;SQUARE LM;So;0;L;<square> 006C 006D;;;;N;SQUARED LM;;;;
+33D1;SQUARE LN;So;0;L;<square> 006C 006E;;;;N;SQUARED LN;;;;
+33D2;SQUARE LOG;So;0;L;<square> 006C 006F 0067;;;;N;SQUARED LOG;;;;
+33D3;SQUARE LX;So;0;L;<square> 006C 0078;;;;N;SQUARED LX;;;;
+33D4;SQUARE MB SMALL;So;0;L;<square> 006D 0062;;;;N;SQUARED MB SMALL;;;;
+33D5;SQUARE MIL;So;0;L;<square> 006D 0069 006C;;;;N;SQUARED MIL;;;;
+33D6;SQUARE MOL;So;0;L;<square> 006D 006F 006C;;;;N;SQUARED MOL;;;;
+33D7;SQUARE PH;So;0;L;<square> 0050 0048;;;;N;SQUARED PH;;;;
+33D8;SQUARE PM;So;0;L;<square> 0070 002E 006D 002E;;;;N;SQUARED PM;;;;
+33D9;SQUARE PPM;So;0;L;<square> 0050 0050 004D;;;;N;SQUARED PPM;;;;
+33DA;SQUARE PR;So;0;L;<square> 0050 0052;;;;N;SQUARED PR;;;;
+33DB;SQUARE SR;So;0;L;<square> 0073 0072;;;;N;SQUARED SR;;;;
+33DC;SQUARE SV;So;0;L;<square> 0053 0076;;;;N;SQUARED SV;;;;
+33DD;SQUARE WB;So;0;L;<square> 0057 0062;;;;N;SQUARED WB;;;;
+33E0;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY ONE;So;0;L;<compat> 0031 65E5;;;;N;;;;;
+33E1;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWO;So;0;L;<compat> 0032 65E5;;;;N;;;;;
+33E2;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THREE;So;0;L;<compat> 0033 65E5;;;;N;;;;;
+33E3;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FOUR;So;0;L;<compat> 0034 65E5;;;;N;;;;;
+33E4;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FIVE;So;0;L;<compat> 0035 65E5;;;;N;;;;;
+33E5;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SIX;So;0;L;<compat> 0036 65E5;;;;N;;;;;
+33E6;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SEVEN;So;0;L;<compat> 0037 65E5;;;;N;;;;;
+33E7;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY EIGHT;So;0;L;<compat> 0038 65E5;;;;N;;;;;
+33E8;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY NINE;So;0;L;<compat> 0039 65E5;;;;N;;;;;
+33E9;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TEN;So;0;L;<compat> 0031 0030 65E5;;;;N;;;;;
+33EA;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY ELEVEN;So;0;L;<compat> 0031 0031 65E5;;;;N;;;;;
+33EB;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWELVE;So;0;L;<compat> 0031 0032 65E5;;;;N;;;;;
+33EC;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTEEN;So;0;L;<compat> 0031 0033 65E5;;;;N;;;;;
+33ED;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FOURTEEN;So;0;L;<compat> 0031 0034 65E5;;;;N;;;;;
+33EE;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FIFTEEN;So;0;L;<compat> 0031 0035 65E5;;;;N;;;;;
+33EF;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SIXTEEN;So;0;L;<compat> 0031 0036 65E5;;;;N;;;;;
+33F0;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SEVENTEEN;So;0;L;<compat> 0031 0037 65E5;;;;N;;;;;
+33F1;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY EIGHTEEN;So;0;L;<compat> 0031 0038 65E5;;;;N;;;;;
+33F2;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY NINETEEN;So;0;L;<compat> 0031 0039 65E5;;;;N;;;;;
+33F3;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY;So;0;L;<compat> 0032 0030 65E5;;;;N;;;;;
+33F4;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-ONE;So;0;L;<compat> 0032 0031 65E5;;;;N;;;;;
+33F5;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-TWO;So;0;L;<compat> 0032 0032 65E5;;;;N;;;;;
+33F6;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-THREE;So;0;L;<compat> 0032 0033 65E5;;;;N;;;;;
+33F7;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-FOUR;So;0;L;<compat> 0032 0034 65E5;;;;N;;;;;
+33F8;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-FIVE;So;0;L;<compat> 0032 0035 65E5;;;;N;;;;;
+33F9;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-SIX;So;0;L;<compat> 0032 0036 65E5;;;;N;;;;;
+33FA;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-SEVEN;So;0;L;<compat> 0032 0037 65E5;;;;N;;;;;
+33FB;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-EIGHT;So;0;L;<compat> 0032 0038 65E5;;;;N;;;;;
+33FC;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-NINE;So;0;L;<compat> 0032 0039 65E5;;;;N;;;;;
+33FD;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTY;So;0;L;<compat> 0033 0030 65E5;;;;N;;;;;
+33FE;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTY-ONE;So;0;L;<compat> 0033 0031 65E5;;;;N;;;;;
+3400;<CJK Ideograph Extension A, First>;Lo;0;L;;;;;N;;;;;
+4DB5;<CJK Ideograph Extension A, Last>;Lo;0;L;;;;;N;;;;;
+4E00;<CJK Ideograph, First>;Lo;0;L;;;;;N;;;;;
+9FA5;<CJK Ideograph, Last>;Lo;0;L;;;;;N;;;;;
+A000;YI SYLLABLE IT;Lo;0;L;;;;;N;;;;;
+A001;YI SYLLABLE IX;Lo;0;L;;;;;N;;;;;
+A002;YI SYLLABLE I;Lo;0;L;;;;;N;;;;;
+A003;YI SYLLABLE IP;Lo;0;L;;;;;N;;;;;
+A004;YI SYLLABLE IET;Lo;0;L;;;;;N;;;;;
+A005;YI SYLLABLE IEX;Lo;0;L;;;;;N;;;;;
+A006;YI SYLLABLE IE;Lo;0;L;;;;;N;;;;;
+A007;YI SYLLABLE IEP;Lo;0;L;;;;;N;;;;;
+A008;YI SYLLABLE AT;Lo;0;L;;;;;N;;;;;
+A009;YI SYLLABLE AX;Lo;0;L;;;;;N;;;;;
+A00A;YI SYLLABLE A;Lo;0;L;;;;;N;;;;;
+A00B;YI SYLLABLE AP;Lo;0;L;;;;;N;;;;;
+A00C;YI SYLLABLE UOX;Lo;0;L;;;;;N;;;;;
+A00D;YI SYLLABLE UO;Lo;0;L;;;;;N;;;;;
+A00E;YI SYLLABLE UOP;Lo;0;L;;;;;N;;;;;
+A00F;YI SYLLABLE OT;Lo;0;L;;;;;N;;;;;
+A010;YI SYLLABLE OX;Lo;0;L;;;;;N;;;;;
+A011;YI SYLLABLE O;Lo;0;L;;;;;N;;;;;
+A012;YI SYLLABLE OP;Lo;0;L;;;;;N;;;;;
+A013;YI SYLLABLE EX;Lo;0;L;;;;;N;;;;;
+A014;YI SYLLABLE E;Lo;0;L;;;;;N;;;;;
+A015;YI SYLLABLE WU;Lo;0;L;;;;;N;;;;;
+A016;YI SYLLABLE BIT;Lo;0;L;;;;;N;;;;;
+A017;YI SYLLABLE BIX;Lo;0;L;;;;;N;;;;;
+A018;YI SYLLABLE BI;Lo;0;L;;;;;N;;;;;
+A019;YI SYLLABLE BIP;Lo;0;L;;;;;N;;;;;
+A01A;YI SYLLABLE BIET;Lo;0;L;;;;;N;;;;;
+A01B;YI SYLLABLE BIEX;Lo;0;L;;;;;N;;;;;
+A01C;YI SYLLABLE BIE;Lo;0;L;;;;;N;;;;;
+A01D;YI SYLLABLE BIEP;Lo;0;L;;;;;N;;;;;
+A01E;YI SYLLABLE BAT;Lo;0;L;;;;;N;;;;;
+A01F;YI SYLLABLE BAX;Lo;0;L;;;;;N;;;;;
+A020;YI SYLLABLE BA;Lo;0;L;;;;;N;;;;;
+A021;YI SYLLABLE BAP;Lo;0;L;;;;;N;;;;;
+A022;YI SYLLABLE BUOX;Lo;0;L;;;;;N;;;;;
+A023;YI SYLLABLE BUO;Lo;0;L;;;;;N;;;;;
+A024;YI SYLLABLE BUOP;Lo;0;L;;;;;N;;;;;
+A025;YI SYLLABLE BOT;Lo;0;L;;;;;N;;;;;
+A026;YI SYLLABLE BOX;Lo;0;L;;;;;N;;;;;
+A027;YI SYLLABLE BO;Lo;0;L;;;;;N;;;;;
+A028;YI SYLLABLE BOP;Lo;0;L;;;;;N;;;;;
+A029;YI SYLLABLE BEX;Lo;0;L;;;;;N;;;;;
+A02A;YI SYLLABLE BE;Lo;0;L;;;;;N;;;;;
+A02B;YI SYLLABLE BEP;Lo;0;L;;;;;N;;;;;
+A02C;YI SYLLABLE BUT;Lo;0;L;;;;;N;;;;;
+A02D;YI SYLLABLE BUX;Lo;0;L;;;;;N;;;;;
+A02E;YI SYLLABLE BU;Lo;0;L;;;;;N;;;;;
+A02F;YI SYLLABLE BUP;Lo;0;L;;;;;N;;;;;
+A030;YI SYLLABLE BURX;Lo;0;L;;;;;N;;;;;
+A031;YI SYLLABLE BUR;Lo;0;L;;;;;N;;;;;
+A032;YI SYLLABLE BYT;Lo;0;L;;;;;N;;;;;
+A033;YI SYLLABLE BYX;Lo;0;L;;;;;N;;;;;
+A034;YI SYLLABLE BY;Lo;0;L;;;;;N;;;;;
+A035;YI SYLLABLE BYP;Lo;0;L;;;;;N;;;;;
+A036;YI SYLLABLE BYRX;Lo;0;L;;;;;N;;;;;
+A037;YI SYLLABLE BYR;Lo;0;L;;;;;N;;;;;
+A038;YI SYLLABLE PIT;Lo;0;L;;;;;N;;;;;
+A039;YI SYLLABLE PIX;Lo;0;L;;;;;N;;;;;
+A03A;YI SYLLABLE PI;Lo;0;L;;;;;N;;;;;
+A03B;YI SYLLABLE PIP;Lo;0;L;;;;;N;;;;;
+A03C;YI SYLLABLE PIEX;Lo;0;L;;;;;N;;;;;
+A03D;YI SYLLABLE PIE;Lo;0;L;;;;;N;;;;;
+A03E;YI SYLLABLE PIEP;Lo;0;L;;;;;N;;;;;
+A03F;YI SYLLABLE PAT;Lo;0;L;;;;;N;;;;;
+A040;YI SYLLABLE PAX;Lo;0;L;;;;;N;;;;;
+A041;YI SYLLABLE PA;Lo;0;L;;;;;N;;;;;
+A042;YI SYLLABLE PAP;Lo;0;L;;;;;N;;;;;
+A043;YI SYLLABLE PUOX;Lo;0;L;;;;;N;;;;;
+A044;YI SYLLABLE PUO;Lo;0;L;;;;;N;;;;;
+A045;YI SYLLABLE PUOP;Lo;0;L;;;;;N;;;;;
+A046;YI SYLLABLE POT;Lo;0;L;;;;;N;;;;;
+A047;YI SYLLABLE POX;Lo;0;L;;;;;N;;;;;
+A048;YI SYLLABLE PO;Lo;0;L;;;;;N;;;;;
+A049;YI SYLLABLE POP;Lo;0;L;;;;;N;;;;;
+A04A;YI SYLLABLE PUT;Lo;0;L;;;;;N;;;;;
+A04B;YI SYLLABLE PUX;Lo;0;L;;;;;N;;;;;
+A04C;YI SYLLABLE PU;Lo;0;L;;;;;N;;;;;
+A04D;YI SYLLABLE PUP;Lo;0;L;;;;;N;;;;;
+A04E;YI SYLLABLE PURX;Lo;0;L;;;;;N;;;;;
+A04F;YI SYLLABLE PUR;Lo;0;L;;;;;N;;;;;
+A050;YI SYLLABLE PYT;Lo;0;L;;;;;N;;;;;
+A051;YI SYLLABLE PYX;Lo;0;L;;;;;N;;;;;
+A052;YI SYLLABLE PY;Lo;0;L;;;;;N;;;;;
+A053;YI SYLLABLE PYP;Lo;0;L;;;;;N;;;;;
+A054;YI SYLLABLE PYRX;Lo;0;L;;;;;N;;;;;
+A055;YI SYLLABLE PYR;Lo;0;L;;;;;N;;;;;
+A056;YI SYLLABLE BBIT;Lo;0;L;;;;;N;;;;;
+A057;YI SYLLABLE BBIX;Lo;0;L;;;;;N;;;;;
+A058;YI SYLLABLE BBI;Lo;0;L;;;;;N;;;;;
+A059;YI SYLLABLE BBIP;Lo;0;L;;;;;N;;;;;
+A05A;YI SYLLABLE BBIET;Lo;0;L;;;;;N;;;;;
+A05B;YI SYLLABLE BBIEX;Lo;0;L;;;;;N;;;;;
+A05C;YI SYLLABLE BBIE;Lo;0;L;;;;;N;;;;;
+A05D;YI SYLLABLE BBIEP;Lo;0;L;;;;;N;;;;;
+A05E;YI SYLLABLE BBAT;Lo;0;L;;;;;N;;;;;
+A05F;YI SYLLABLE BBAX;Lo;0;L;;;;;N;;;;;
+A060;YI SYLLABLE BBA;Lo;0;L;;;;;N;;;;;
+A061;YI SYLLABLE BBAP;Lo;0;L;;;;;N;;;;;
+A062;YI SYLLABLE BBUOX;Lo;0;L;;;;;N;;;;;
+A063;YI SYLLABLE BBUO;Lo;0;L;;;;;N;;;;;
+A064;YI SYLLABLE BBUOP;Lo;0;L;;;;;N;;;;;
+A065;YI SYLLABLE BBOT;Lo;0;L;;;;;N;;;;;
+A066;YI SYLLABLE BBOX;Lo;0;L;;;;;N;;;;;
+A067;YI SYLLABLE BBO;Lo;0;L;;;;;N;;;;;
+A068;YI SYLLABLE BBOP;Lo;0;L;;;;;N;;;;;
+A069;YI SYLLABLE BBEX;Lo;0;L;;;;;N;;;;;
+A06A;YI SYLLABLE BBE;Lo;0;L;;;;;N;;;;;
+A06B;YI SYLLABLE BBEP;Lo;0;L;;;;;N;;;;;
+A06C;YI SYLLABLE BBUT;Lo;0;L;;;;;N;;;;;
+A06D;YI SYLLABLE BBUX;Lo;0;L;;;;;N;;;;;
+A06E;YI SYLLABLE BBU;Lo;0;L;;;;;N;;;;;
+A06F;YI SYLLABLE BBUP;Lo;0;L;;;;;N;;;;;
+A070;YI SYLLABLE BBURX;Lo;0;L;;;;;N;;;;;
+A071;YI SYLLABLE BBUR;Lo;0;L;;;;;N;;;;;
+A072;YI SYLLABLE BBYT;Lo;0;L;;;;;N;;;;;
+A073;YI SYLLABLE BBYX;Lo;0;L;;;;;N;;;;;
+A074;YI SYLLABLE BBY;Lo;0;L;;;;;N;;;;;
+A075;YI SYLLABLE BBYP;Lo;0;L;;;;;N;;;;;
+A076;YI SYLLABLE NBIT;Lo;0;L;;;;;N;;;;;
+A077;YI SYLLABLE NBIX;Lo;0;L;;;;;N;;;;;
+A078;YI SYLLABLE NBI;Lo;0;L;;;;;N;;;;;
+A079;YI SYLLABLE NBIP;Lo;0;L;;;;;N;;;;;
+A07A;YI SYLLABLE NBIEX;Lo;0;L;;;;;N;;;;;
+A07B;YI SYLLABLE NBIE;Lo;0;L;;;;;N;;;;;
+A07C;YI SYLLABLE NBIEP;Lo;0;L;;;;;N;;;;;
+A07D;YI SYLLABLE NBAT;Lo;0;L;;;;;N;;;;;
+A07E;YI SYLLABLE NBAX;Lo;0;L;;;;;N;;;;;
+A07F;YI SYLLABLE NBA;Lo;0;L;;;;;N;;;;;
+A080;YI SYLLABLE NBAP;Lo;0;L;;;;;N;;;;;
+A081;YI SYLLABLE NBOT;Lo;0;L;;;;;N;;;;;
+A082;YI SYLLABLE NBOX;Lo;0;L;;;;;N;;;;;
+A083;YI SYLLABLE NBO;Lo;0;L;;;;;N;;;;;
+A084;YI SYLLABLE NBOP;Lo;0;L;;;;;N;;;;;
+A085;YI SYLLABLE NBUT;Lo;0;L;;;;;N;;;;;
+A086;YI SYLLABLE NBUX;Lo;0;L;;;;;N;;;;;
+A087;YI SYLLABLE NBU;Lo;0;L;;;;;N;;;;;
+A088;YI SYLLABLE NBUP;Lo;0;L;;;;;N;;;;;
+A089;YI SYLLABLE NBURX;Lo;0;L;;;;;N;;;;;
+A08A;YI SYLLABLE NBUR;Lo;0;L;;;;;N;;;;;
+A08B;YI SYLLABLE NBYT;Lo;0;L;;;;;N;;;;;
+A08C;YI SYLLABLE NBYX;Lo;0;L;;;;;N;;;;;
+A08D;YI SYLLABLE NBY;Lo;0;L;;;;;N;;;;;
+A08E;YI SYLLABLE NBYP;Lo;0;L;;;;;N;;;;;
+A08F;YI SYLLABLE NBYRX;Lo;0;L;;;;;N;;;;;
+A090;YI SYLLABLE NBYR;Lo;0;L;;;;;N;;;;;
+A091;YI SYLLABLE HMIT;Lo;0;L;;;;;N;;;;;
+A092;YI SYLLABLE HMIX;Lo;0;L;;;;;N;;;;;
+A093;YI SYLLABLE HMI;Lo;0;L;;;;;N;;;;;
+A094;YI SYLLABLE HMIP;Lo;0;L;;;;;N;;;;;
+A095;YI SYLLABLE HMIEX;Lo;0;L;;;;;N;;;;;
+A096;YI SYLLABLE HMIE;Lo;0;L;;;;;N;;;;;
+A097;YI SYLLABLE HMIEP;Lo;0;L;;;;;N;;;;;
+A098;YI SYLLABLE HMAT;Lo;0;L;;;;;N;;;;;
+A099;YI SYLLABLE HMAX;Lo;0;L;;;;;N;;;;;
+A09A;YI SYLLABLE HMA;Lo;0;L;;;;;N;;;;;
+A09B;YI SYLLABLE HMAP;Lo;0;L;;;;;N;;;;;
+A09C;YI SYLLABLE HMUOX;Lo;0;L;;;;;N;;;;;
+A09D;YI SYLLABLE HMUO;Lo;0;L;;;;;N;;;;;
+A09E;YI SYLLABLE HMUOP;Lo;0;L;;;;;N;;;;;
+A09F;YI SYLLABLE HMOT;Lo;0;L;;;;;N;;;;;
+A0A0;YI SYLLABLE HMOX;Lo;0;L;;;;;N;;;;;
+A0A1;YI SYLLABLE HMO;Lo;0;L;;;;;N;;;;;
+A0A2;YI SYLLABLE HMOP;Lo;0;L;;;;;N;;;;;
+A0A3;YI SYLLABLE HMUT;Lo;0;L;;;;;N;;;;;
+A0A4;YI SYLLABLE HMUX;Lo;0;L;;;;;N;;;;;
+A0A5;YI SYLLABLE HMU;Lo;0;L;;;;;N;;;;;
+A0A6;YI SYLLABLE HMUP;Lo;0;L;;;;;N;;;;;
+A0A7;YI SYLLABLE HMURX;Lo;0;L;;;;;N;;;;;
+A0A8;YI SYLLABLE HMUR;Lo;0;L;;;;;N;;;;;
+A0A9;YI SYLLABLE HMYX;Lo;0;L;;;;;N;;;;;
+A0AA;YI SYLLABLE HMY;Lo;0;L;;;;;N;;;;;
+A0AB;YI SYLLABLE HMYP;Lo;0;L;;;;;N;;;;;
+A0AC;YI SYLLABLE HMYRX;Lo;0;L;;;;;N;;;;;
+A0AD;YI SYLLABLE HMYR;Lo;0;L;;;;;N;;;;;
+A0AE;YI SYLLABLE MIT;Lo;0;L;;;;;N;;;;;
+A0AF;YI SYLLABLE MIX;Lo;0;L;;;;;N;;;;;
+A0B0;YI SYLLABLE MI;Lo;0;L;;;;;N;;;;;
+A0B1;YI SYLLABLE MIP;Lo;0;L;;;;;N;;;;;
+A0B2;YI SYLLABLE MIEX;Lo;0;L;;;;;N;;;;;
+A0B3;YI SYLLABLE MIE;Lo;0;L;;;;;N;;;;;
+A0B4;YI SYLLABLE MIEP;Lo;0;L;;;;;N;;;;;
+A0B5;YI SYLLABLE MAT;Lo;0;L;;;;;N;;;;;
+A0B6;YI SYLLABLE MAX;Lo;0;L;;;;;N;;;;;
+A0B7;YI SYLLABLE MA;Lo;0;L;;;;;N;;;;;
+A0B8;YI SYLLABLE MAP;Lo;0;L;;;;;N;;;;;
+A0B9;YI SYLLABLE MUOT;Lo;0;L;;;;;N;;;;;
+A0BA;YI SYLLABLE MUOX;Lo;0;L;;;;;N;;;;;
+A0BB;YI SYLLABLE MUO;Lo;0;L;;;;;N;;;;;
+A0BC;YI SYLLABLE MUOP;Lo;0;L;;;;;N;;;;;
+A0BD;YI SYLLABLE MOT;Lo;0;L;;;;;N;;;;;
+A0BE;YI SYLLABLE MOX;Lo;0;L;;;;;N;;;;;
+A0BF;YI SYLLABLE MO;Lo;0;L;;;;;N;;;;;
+A0C0;YI SYLLABLE MOP;Lo;0;L;;;;;N;;;;;
+A0C1;YI SYLLABLE MEX;Lo;0;L;;;;;N;;;;;
+A0C2;YI SYLLABLE ME;Lo;0;L;;;;;N;;;;;
+A0C3;YI SYLLABLE MUT;Lo;0;L;;;;;N;;;;;
+A0C4;YI SYLLABLE MUX;Lo;0;L;;;;;N;;;;;
+A0C5;YI SYLLABLE MU;Lo;0;L;;;;;N;;;;;
+A0C6;YI SYLLABLE MUP;Lo;0;L;;;;;N;;;;;
+A0C7;YI SYLLABLE MURX;Lo;0;L;;;;;N;;;;;
+A0C8;YI SYLLABLE MUR;Lo;0;L;;;;;N;;;;;
+A0C9;YI SYLLABLE MYT;Lo;0;L;;;;;N;;;;;
+A0CA;YI SYLLABLE MYX;Lo;0;L;;;;;N;;;;;
+A0CB;YI SYLLABLE MY;Lo;0;L;;;;;N;;;;;
+A0CC;YI SYLLABLE MYP;Lo;0;L;;;;;N;;;;;
+A0CD;YI SYLLABLE FIT;Lo;0;L;;;;;N;;;;;
+A0CE;YI SYLLABLE FIX;Lo;0;L;;;;;N;;;;;
+A0CF;YI SYLLABLE FI;Lo;0;L;;;;;N;;;;;
+A0D0;YI SYLLABLE FIP;Lo;0;L;;;;;N;;;;;
+A0D1;YI SYLLABLE FAT;Lo;0;L;;;;;N;;;;;
+A0D2;YI SYLLABLE FAX;Lo;0;L;;;;;N;;;;;
+A0D3;YI SYLLABLE FA;Lo;0;L;;;;;N;;;;;
+A0D4;YI SYLLABLE FAP;Lo;0;L;;;;;N;;;;;
+A0D5;YI SYLLABLE FOX;Lo;0;L;;;;;N;;;;;
+A0D6;YI SYLLABLE FO;Lo;0;L;;;;;N;;;;;
+A0D7;YI SYLLABLE FOP;Lo;0;L;;;;;N;;;;;
+A0D8;YI SYLLABLE FUT;Lo;0;L;;;;;N;;;;;
+A0D9;YI SYLLABLE FUX;Lo;0;L;;;;;N;;;;;
+A0DA;YI SYLLABLE FU;Lo;0;L;;;;;N;;;;;
+A0DB;YI SYLLABLE FUP;Lo;0;L;;;;;N;;;;;
+A0DC;YI SYLLABLE FURX;Lo;0;L;;;;;N;;;;;
+A0DD;YI SYLLABLE FUR;Lo;0;L;;;;;N;;;;;
+A0DE;YI SYLLABLE FYT;Lo;0;L;;;;;N;;;;;
+A0DF;YI SYLLABLE FYX;Lo;0;L;;;;;N;;;;;
+A0E0;YI SYLLABLE FY;Lo;0;L;;;;;N;;;;;
+A0E1;YI SYLLABLE FYP;Lo;0;L;;;;;N;;;;;
+A0E2;YI SYLLABLE VIT;Lo;0;L;;;;;N;;;;;
+A0E3;YI SYLLABLE VIX;Lo;0;L;;;;;N;;;;;
+A0E4;YI SYLLABLE VI;Lo;0;L;;;;;N;;;;;
+A0E5;YI SYLLABLE VIP;Lo;0;L;;;;;N;;;;;
+A0E6;YI SYLLABLE VIET;Lo;0;L;;;;;N;;;;;
+A0E7;YI SYLLABLE VIEX;Lo;0;L;;;;;N;;;;;
+A0E8;YI SYLLABLE VIE;Lo;0;L;;;;;N;;;;;
+A0E9;YI SYLLABLE VIEP;Lo;0;L;;;;;N;;;;;
+A0EA;YI SYLLABLE VAT;Lo;0;L;;;;;N;;;;;
+A0EB;YI SYLLABLE VAX;Lo;0;L;;;;;N;;;;;
+A0EC;YI SYLLABLE VA;Lo;0;L;;;;;N;;;;;
+A0ED;YI SYLLABLE VAP;Lo;0;L;;;;;N;;;;;
+A0EE;YI SYLLABLE VOT;Lo;0;L;;;;;N;;;;;
+A0EF;YI SYLLABLE VOX;Lo;0;L;;;;;N;;;;;
+A0F0;YI SYLLABLE VO;Lo;0;L;;;;;N;;;;;
+A0F1;YI SYLLABLE VOP;Lo;0;L;;;;;N;;;;;
+A0F2;YI SYLLABLE VEX;Lo;0;L;;;;;N;;;;;
+A0F3;YI SYLLABLE VEP;Lo;0;L;;;;;N;;;;;
+A0F4;YI SYLLABLE VUT;Lo;0;L;;;;;N;;;;;
+A0F5;YI SYLLABLE VUX;Lo;0;L;;;;;N;;;;;
+A0F6;YI SYLLABLE VU;Lo;0;L;;;;;N;;;;;
+A0F7;YI SYLLABLE VUP;Lo;0;L;;;;;N;;;;;
+A0F8;YI SYLLABLE VURX;Lo;0;L;;;;;N;;;;;
+A0F9;YI SYLLABLE VUR;Lo;0;L;;;;;N;;;;;
+A0FA;YI SYLLABLE VYT;Lo;0;L;;;;;N;;;;;
+A0FB;YI SYLLABLE VYX;Lo;0;L;;;;;N;;;;;
+A0FC;YI SYLLABLE VY;Lo;0;L;;;;;N;;;;;
+A0FD;YI SYLLABLE VYP;Lo;0;L;;;;;N;;;;;
+A0FE;YI SYLLABLE VYRX;Lo;0;L;;;;;N;;;;;
+A0FF;YI SYLLABLE VYR;Lo;0;L;;;;;N;;;;;
+A100;YI SYLLABLE DIT;Lo;0;L;;;;;N;;;;;
+A101;YI SYLLABLE DIX;Lo;0;L;;;;;N;;;;;
+A102;YI SYLLABLE DI;Lo;0;L;;;;;N;;;;;
+A103;YI SYLLABLE DIP;Lo;0;L;;;;;N;;;;;
+A104;YI SYLLABLE DIEX;Lo;0;L;;;;;N;;;;;
+A105;YI SYLLABLE DIE;Lo;0;L;;;;;N;;;;;
+A106;YI SYLLABLE DIEP;Lo;0;L;;;;;N;;;;;
+A107;YI SYLLABLE DAT;Lo;0;L;;;;;N;;;;;
+A108;YI SYLLABLE DAX;Lo;0;L;;;;;N;;;;;
+A109;YI SYLLABLE DA;Lo;0;L;;;;;N;;;;;
+A10A;YI SYLLABLE DAP;Lo;0;L;;;;;N;;;;;
+A10B;YI SYLLABLE DUOX;Lo;0;L;;;;;N;;;;;
+A10C;YI SYLLABLE DUO;Lo;0;L;;;;;N;;;;;
+A10D;YI SYLLABLE DOT;Lo;0;L;;;;;N;;;;;
+A10E;YI SYLLABLE DOX;Lo;0;L;;;;;N;;;;;
+A10F;YI SYLLABLE DO;Lo;0;L;;;;;N;;;;;
+A110;YI SYLLABLE DOP;Lo;0;L;;;;;N;;;;;
+A111;YI SYLLABLE DEX;Lo;0;L;;;;;N;;;;;
+A112;YI SYLLABLE DE;Lo;0;L;;;;;N;;;;;
+A113;YI SYLLABLE DEP;Lo;0;L;;;;;N;;;;;
+A114;YI SYLLABLE DUT;Lo;0;L;;;;;N;;;;;
+A115;YI SYLLABLE DUX;Lo;0;L;;;;;N;;;;;
+A116;YI SYLLABLE DU;Lo;0;L;;;;;N;;;;;
+A117;YI SYLLABLE DUP;Lo;0;L;;;;;N;;;;;
+A118;YI SYLLABLE DURX;Lo;0;L;;;;;N;;;;;
+A119;YI SYLLABLE DUR;Lo;0;L;;;;;N;;;;;
+A11A;YI SYLLABLE TIT;Lo;0;L;;;;;N;;;;;
+A11B;YI SYLLABLE TIX;Lo;0;L;;;;;N;;;;;
+A11C;YI SYLLABLE TI;Lo;0;L;;;;;N;;;;;
+A11D;YI SYLLABLE TIP;Lo;0;L;;;;;N;;;;;
+A11E;YI SYLLABLE TIEX;Lo;0;L;;;;;N;;;;;
+A11F;YI SYLLABLE TIE;Lo;0;L;;;;;N;;;;;
+A120;YI SYLLABLE TIEP;Lo;0;L;;;;;N;;;;;
+A121;YI SYLLABLE TAT;Lo;0;L;;;;;N;;;;;
+A122;YI SYLLABLE TAX;Lo;0;L;;;;;N;;;;;
+A123;YI SYLLABLE TA;Lo;0;L;;;;;N;;;;;
+A124;YI SYLLABLE TAP;Lo;0;L;;;;;N;;;;;
+A125;YI SYLLABLE TUOT;Lo;0;L;;;;;N;;;;;
+A126;YI SYLLABLE TUOX;Lo;0;L;;;;;N;;;;;
+A127;YI SYLLABLE TUO;Lo;0;L;;;;;N;;;;;
+A128;YI SYLLABLE TUOP;Lo;0;L;;;;;N;;;;;
+A129;YI SYLLABLE TOT;Lo;0;L;;;;;N;;;;;
+A12A;YI SYLLABLE TOX;Lo;0;L;;;;;N;;;;;
+A12B;YI SYLLABLE TO;Lo;0;L;;;;;N;;;;;
+A12C;YI SYLLABLE TOP;Lo;0;L;;;;;N;;;;;
+A12D;YI SYLLABLE TEX;Lo;0;L;;;;;N;;;;;
+A12E;YI SYLLABLE TE;Lo;0;L;;;;;N;;;;;
+A12F;YI SYLLABLE TEP;Lo;0;L;;;;;N;;;;;
+A130;YI SYLLABLE TUT;Lo;0;L;;;;;N;;;;;
+A131;YI SYLLABLE TUX;Lo;0;L;;;;;N;;;;;
+A132;YI SYLLABLE TU;Lo;0;L;;;;;N;;;;;
+A133;YI SYLLABLE TUP;Lo;0;L;;;;;N;;;;;
+A134;YI SYLLABLE TURX;Lo;0;L;;;;;N;;;;;
+A135;YI SYLLABLE TUR;Lo;0;L;;;;;N;;;;;
+A136;YI SYLLABLE DDIT;Lo;0;L;;;;;N;;;;;
+A137;YI SYLLABLE DDIX;Lo;0;L;;;;;N;;;;;
+A138;YI SYLLABLE DDI;Lo;0;L;;;;;N;;;;;
+A139;YI SYLLABLE DDIP;Lo;0;L;;;;;N;;;;;
+A13A;YI SYLLABLE DDIEX;Lo;0;L;;;;;N;;;;;
+A13B;YI SYLLABLE DDIE;Lo;0;L;;;;;N;;;;;
+A13C;YI SYLLABLE DDIEP;Lo;0;L;;;;;N;;;;;
+A13D;YI SYLLABLE DDAT;Lo;0;L;;;;;N;;;;;
+A13E;YI SYLLABLE DDAX;Lo;0;L;;;;;N;;;;;
+A13F;YI SYLLABLE DDA;Lo;0;L;;;;;N;;;;;
+A140;YI SYLLABLE DDAP;Lo;0;L;;;;;N;;;;;
+A141;YI SYLLABLE DDUOX;Lo;0;L;;;;;N;;;;;
+A142;YI SYLLABLE DDUO;Lo;0;L;;;;;N;;;;;
+A143;YI SYLLABLE DDUOP;Lo;0;L;;;;;N;;;;;
+A144;YI SYLLABLE DDOT;Lo;0;L;;;;;N;;;;;
+A145;YI SYLLABLE DDOX;Lo;0;L;;;;;N;;;;;
+A146;YI SYLLABLE DDO;Lo;0;L;;;;;N;;;;;
+A147;YI SYLLABLE DDOP;Lo;0;L;;;;;N;;;;;
+A148;YI SYLLABLE DDEX;Lo;0;L;;;;;N;;;;;
+A149;YI SYLLABLE DDE;Lo;0;L;;;;;N;;;;;
+A14A;YI SYLLABLE DDEP;Lo;0;L;;;;;N;;;;;
+A14B;YI SYLLABLE DDUT;Lo;0;L;;;;;N;;;;;
+A14C;YI SYLLABLE DDUX;Lo;0;L;;;;;N;;;;;
+A14D;YI SYLLABLE DDU;Lo;0;L;;;;;N;;;;;
+A14E;YI SYLLABLE DDUP;Lo;0;L;;;;;N;;;;;
+A14F;YI SYLLABLE DDURX;Lo;0;L;;;;;N;;;;;
+A150;YI SYLLABLE DDUR;Lo;0;L;;;;;N;;;;;
+A151;YI SYLLABLE NDIT;Lo;0;L;;;;;N;;;;;
+A152;YI SYLLABLE NDIX;Lo;0;L;;;;;N;;;;;
+A153;YI SYLLABLE NDI;Lo;0;L;;;;;N;;;;;
+A154;YI SYLLABLE NDIP;Lo;0;L;;;;;N;;;;;
+A155;YI SYLLABLE NDIEX;Lo;0;L;;;;;N;;;;;
+A156;YI SYLLABLE NDIE;Lo;0;L;;;;;N;;;;;
+A157;YI SYLLABLE NDAT;Lo;0;L;;;;;N;;;;;
+A158;YI SYLLABLE NDAX;Lo;0;L;;;;;N;;;;;
+A159;YI SYLLABLE NDA;Lo;0;L;;;;;N;;;;;
+A15A;YI SYLLABLE NDAP;Lo;0;L;;;;;N;;;;;
+A15B;YI SYLLABLE NDOT;Lo;0;L;;;;;N;;;;;
+A15C;YI SYLLABLE NDOX;Lo;0;L;;;;;N;;;;;
+A15D;YI SYLLABLE NDO;Lo;0;L;;;;;N;;;;;
+A15E;YI SYLLABLE NDOP;Lo;0;L;;;;;N;;;;;
+A15F;YI SYLLABLE NDEX;Lo;0;L;;;;;N;;;;;
+A160;YI SYLLABLE NDE;Lo;0;L;;;;;N;;;;;
+A161;YI SYLLABLE NDEP;Lo;0;L;;;;;N;;;;;
+A162;YI SYLLABLE NDUT;Lo;0;L;;;;;N;;;;;
+A163;YI SYLLABLE NDUX;Lo;0;L;;;;;N;;;;;
+A164;YI SYLLABLE NDU;Lo;0;L;;;;;N;;;;;
+A165;YI SYLLABLE NDUP;Lo;0;L;;;;;N;;;;;
+A166;YI SYLLABLE NDURX;Lo;0;L;;;;;N;;;;;
+A167;YI SYLLABLE NDUR;Lo;0;L;;;;;N;;;;;
+A168;YI SYLLABLE HNIT;Lo;0;L;;;;;N;;;;;
+A169;YI SYLLABLE HNIX;Lo;0;L;;;;;N;;;;;
+A16A;YI SYLLABLE HNI;Lo;0;L;;;;;N;;;;;
+A16B;YI SYLLABLE HNIP;Lo;0;L;;;;;N;;;;;
+A16C;YI SYLLABLE HNIET;Lo;0;L;;;;;N;;;;;
+A16D;YI SYLLABLE HNIEX;Lo;0;L;;;;;N;;;;;
+A16E;YI SYLLABLE HNIE;Lo;0;L;;;;;N;;;;;
+A16F;YI SYLLABLE HNIEP;Lo;0;L;;;;;N;;;;;
+A170;YI SYLLABLE HNAT;Lo;0;L;;;;;N;;;;;
+A171;YI SYLLABLE HNAX;Lo;0;L;;;;;N;;;;;
+A172;YI SYLLABLE HNA;Lo;0;L;;;;;N;;;;;
+A173;YI SYLLABLE HNAP;Lo;0;L;;;;;N;;;;;
+A174;YI SYLLABLE HNUOX;Lo;0;L;;;;;N;;;;;
+A175;YI SYLLABLE HNUO;Lo;0;L;;;;;N;;;;;
+A176;YI SYLLABLE HNOT;Lo;0;L;;;;;N;;;;;
+A177;YI SYLLABLE HNOX;Lo;0;L;;;;;N;;;;;
+A178;YI SYLLABLE HNOP;Lo;0;L;;;;;N;;;;;
+A179;YI SYLLABLE HNEX;Lo;0;L;;;;;N;;;;;
+A17A;YI SYLLABLE HNE;Lo;0;L;;;;;N;;;;;
+A17B;YI SYLLABLE HNEP;Lo;0;L;;;;;N;;;;;
+A17C;YI SYLLABLE HNUT;Lo;0;L;;;;;N;;;;;
+A17D;YI SYLLABLE NIT;Lo;0;L;;;;;N;;;;;
+A17E;YI SYLLABLE NIX;Lo;0;L;;;;;N;;;;;
+A17F;YI SYLLABLE NI;Lo;0;L;;;;;N;;;;;
+A180;YI SYLLABLE NIP;Lo;0;L;;;;;N;;;;;
+A181;YI SYLLABLE NIEX;Lo;0;L;;;;;N;;;;;
+A182;YI SYLLABLE NIE;Lo;0;L;;;;;N;;;;;
+A183;YI SYLLABLE NIEP;Lo;0;L;;;;;N;;;;;
+A184;YI SYLLABLE NAX;Lo;0;L;;;;;N;;;;;
+A185;YI SYLLABLE NA;Lo;0;L;;;;;N;;;;;
+A186;YI SYLLABLE NAP;Lo;0;L;;;;;N;;;;;
+A187;YI SYLLABLE NUOX;Lo;0;L;;;;;N;;;;;
+A188;YI SYLLABLE NUO;Lo;0;L;;;;;N;;;;;
+A189;YI SYLLABLE NUOP;Lo;0;L;;;;;N;;;;;
+A18A;YI SYLLABLE NOT;Lo;0;L;;;;;N;;;;;
+A18B;YI SYLLABLE NOX;Lo;0;L;;;;;N;;;;;
+A18C;YI SYLLABLE NO;Lo;0;L;;;;;N;;;;;
+A18D;YI SYLLABLE NOP;Lo;0;L;;;;;N;;;;;
+A18E;YI SYLLABLE NEX;Lo;0;L;;;;;N;;;;;
+A18F;YI SYLLABLE NE;Lo;0;L;;;;;N;;;;;
+A190;YI SYLLABLE NEP;Lo;0;L;;;;;N;;;;;
+A191;YI SYLLABLE NUT;Lo;0;L;;;;;N;;;;;
+A192;YI SYLLABLE NUX;Lo;0;L;;;;;N;;;;;
+A193;YI SYLLABLE NU;Lo;0;L;;;;;N;;;;;
+A194;YI SYLLABLE NUP;Lo;0;L;;;;;N;;;;;
+A195;YI SYLLABLE NURX;Lo;0;L;;;;;N;;;;;
+A196;YI SYLLABLE NUR;Lo;0;L;;;;;N;;;;;
+A197;YI SYLLABLE HLIT;Lo;0;L;;;;;N;;;;;
+A198;YI SYLLABLE HLIX;Lo;0;L;;;;;N;;;;;
+A199;YI SYLLABLE HLI;Lo;0;L;;;;;N;;;;;
+A19A;YI SYLLABLE HLIP;Lo;0;L;;;;;N;;;;;
+A19B;YI SYLLABLE HLIEX;Lo;0;L;;;;;N;;;;;
+A19C;YI SYLLABLE HLIE;Lo;0;L;;;;;N;;;;;
+A19D;YI SYLLABLE HLIEP;Lo;0;L;;;;;N;;;;;
+A19E;YI SYLLABLE HLAT;Lo;0;L;;;;;N;;;;;
+A19F;YI SYLLABLE HLAX;Lo;0;L;;;;;N;;;;;
+A1A0;YI SYLLABLE HLA;Lo;0;L;;;;;N;;;;;
+A1A1;YI SYLLABLE HLAP;Lo;0;L;;;;;N;;;;;
+A1A2;YI SYLLABLE HLUOX;Lo;0;L;;;;;N;;;;;
+A1A3;YI SYLLABLE HLUO;Lo;0;L;;;;;N;;;;;
+A1A4;YI SYLLABLE HLUOP;Lo;0;L;;;;;N;;;;;
+A1A5;YI SYLLABLE HLOX;Lo;0;L;;;;;N;;;;;
+A1A6;YI SYLLABLE HLO;Lo;0;L;;;;;N;;;;;
+A1A7;YI SYLLABLE HLOP;Lo;0;L;;;;;N;;;;;
+A1A8;YI SYLLABLE HLEX;Lo;0;L;;;;;N;;;;;
+A1A9;YI SYLLABLE HLE;Lo;0;L;;;;;N;;;;;
+A1AA;YI SYLLABLE HLEP;Lo;0;L;;;;;N;;;;;
+A1AB;YI SYLLABLE HLUT;Lo;0;L;;;;;N;;;;;
+A1AC;YI SYLLABLE HLUX;Lo;0;L;;;;;N;;;;;
+A1AD;YI SYLLABLE HLU;Lo;0;L;;;;;N;;;;;
+A1AE;YI SYLLABLE HLUP;Lo;0;L;;;;;N;;;;;
+A1AF;YI SYLLABLE HLURX;Lo;0;L;;;;;N;;;;;
+A1B0;YI SYLLABLE HLUR;Lo;0;L;;;;;N;;;;;
+A1B1;YI SYLLABLE HLYT;Lo;0;L;;;;;N;;;;;
+A1B2;YI SYLLABLE HLYX;Lo;0;L;;;;;N;;;;;
+A1B3;YI SYLLABLE HLY;Lo;0;L;;;;;N;;;;;
+A1B4;YI SYLLABLE HLYP;Lo;0;L;;;;;N;;;;;
+A1B5;YI SYLLABLE HLYRX;Lo;0;L;;;;;N;;;;;
+A1B6;YI SYLLABLE HLYR;Lo;0;L;;;;;N;;;;;
+A1B7;YI SYLLABLE LIT;Lo;0;L;;;;;N;;;;;
+A1B8;YI SYLLABLE LIX;Lo;0;L;;;;;N;;;;;
+A1B9;YI SYLLABLE LI;Lo;0;L;;;;;N;;;;;
+A1BA;YI SYLLABLE LIP;Lo;0;L;;;;;N;;;;;
+A1BB;YI SYLLABLE LIET;Lo;0;L;;;;;N;;;;;
+A1BC;YI SYLLABLE LIEX;Lo;0;L;;;;;N;;;;;
+A1BD;YI SYLLABLE LIE;Lo;0;L;;;;;N;;;;;
+A1BE;YI SYLLABLE LIEP;Lo;0;L;;;;;N;;;;;
+A1BF;YI SYLLABLE LAT;Lo;0;L;;;;;N;;;;;
+A1C0;YI SYLLABLE LAX;Lo;0;L;;;;;N;;;;;
+A1C1;YI SYLLABLE LA;Lo;0;L;;;;;N;;;;;
+A1C2;YI SYLLABLE LAP;Lo;0;L;;;;;N;;;;;
+A1C3;YI SYLLABLE LUOT;Lo;0;L;;;;;N;;;;;
+A1C4;YI SYLLABLE LUOX;Lo;0;L;;;;;N;;;;;
+A1C5;YI SYLLABLE LUO;Lo;0;L;;;;;N;;;;;
+A1C6;YI SYLLABLE LUOP;Lo;0;L;;;;;N;;;;;
+A1C7;YI SYLLABLE LOT;Lo;0;L;;;;;N;;;;;
+A1C8;YI SYLLABLE LOX;Lo;0;L;;;;;N;;;;;
+A1C9;YI SYLLABLE LO;Lo;0;L;;;;;N;;;;;
+A1CA;YI SYLLABLE LOP;Lo;0;L;;;;;N;;;;;
+A1CB;YI SYLLABLE LEX;Lo;0;L;;;;;N;;;;;
+A1CC;YI SYLLABLE LE;Lo;0;L;;;;;N;;;;;
+A1CD;YI SYLLABLE LEP;Lo;0;L;;;;;N;;;;;
+A1CE;YI SYLLABLE LUT;Lo;0;L;;;;;N;;;;;
+A1CF;YI SYLLABLE LUX;Lo;0;L;;;;;N;;;;;
+A1D0;YI SYLLABLE LU;Lo;0;L;;;;;N;;;;;
+A1D1;YI SYLLABLE LUP;Lo;0;L;;;;;N;;;;;
+A1D2;YI SYLLABLE LURX;Lo;0;L;;;;;N;;;;;
+A1D3;YI SYLLABLE LUR;Lo;0;L;;;;;N;;;;;
+A1D4;YI SYLLABLE LYT;Lo;0;L;;;;;N;;;;;
+A1D5;YI SYLLABLE LYX;Lo;0;L;;;;;N;;;;;
+A1D6;YI SYLLABLE LY;Lo;0;L;;;;;N;;;;;
+A1D7;YI SYLLABLE LYP;Lo;0;L;;;;;N;;;;;
+A1D8;YI SYLLABLE LYRX;Lo;0;L;;;;;N;;;;;
+A1D9;YI SYLLABLE LYR;Lo;0;L;;;;;N;;;;;
+A1DA;YI SYLLABLE GIT;Lo;0;L;;;;;N;;;;;
+A1DB;YI SYLLABLE GIX;Lo;0;L;;;;;N;;;;;
+A1DC;YI SYLLABLE GI;Lo;0;L;;;;;N;;;;;
+A1DD;YI SYLLABLE GIP;Lo;0;L;;;;;N;;;;;
+A1DE;YI SYLLABLE GIET;Lo;0;L;;;;;N;;;;;
+A1DF;YI SYLLABLE GIEX;Lo;0;L;;;;;N;;;;;
+A1E0;YI SYLLABLE GIE;Lo;0;L;;;;;N;;;;;
+A1E1;YI SYLLABLE GIEP;Lo;0;L;;;;;N;;;;;
+A1E2;YI SYLLABLE GAT;Lo;0;L;;;;;N;;;;;
+A1E3;YI SYLLABLE GAX;Lo;0;L;;;;;N;;;;;
+A1E4;YI SYLLABLE GA;Lo;0;L;;;;;N;;;;;
+A1E5;YI SYLLABLE GAP;Lo;0;L;;;;;N;;;;;
+A1E6;YI SYLLABLE GUOT;Lo;0;L;;;;;N;;;;;
+A1E7;YI SYLLABLE GUOX;Lo;0;L;;;;;N;;;;;
+A1E8;YI SYLLABLE GUO;Lo;0;L;;;;;N;;;;;
+A1E9;YI SYLLABLE GUOP;Lo;0;L;;;;;N;;;;;
+A1EA;YI SYLLABLE GOT;Lo;0;L;;;;;N;;;;;
+A1EB;YI SYLLABLE GOX;Lo;0;L;;;;;N;;;;;
+A1EC;YI SYLLABLE GO;Lo;0;L;;;;;N;;;;;
+A1ED;YI SYLLABLE GOP;Lo;0;L;;;;;N;;;;;
+A1EE;YI SYLLABLE GET;Lo;0;L;;;;;N;;;;;
+A1EF;YI SYLLABLE GEX;Lo;0;L;;;;;N;;;;;
+A1F0;YI SYLLABLE GE;Lo;0;L;;;;;N;;;;;
+A1F1;YI SYLLABLE GEP;Lo;0;L;;;;;N;;;;;
+A1F2;YI SYLLABLE GUT;Lo;0;L;;;;;N;;;;;
+A1F3;YI SYLLABLE GUX;Lo;0;L;;;;;N;;;;;
+A1F4;YI SYLLABLE GU;Lo;0;L;;;;;N;;;;;
+A1F5;YI SYLLABLE GUP;Lo;0;L;;;;;N;;;;;
+A1F6;YI SYLLABLE GURX;Lo;0;L;;;;;N;;;;;
+A1F7;YI SYLLABLE GUR;Lo;0;L;;;;;N;;;;;
+A1F8;YI SYLLABLE KIT;Lo;0;L;;;;;N;;;;;
+A1F9;YI SYLLABLE KIX;Lo;0;L;;;;;N;;;;;
+A1FA;YI SYLLABLE KI;Lo;0;L;;;;;N;;;;;
+A1FB;YI SYLLABLE KIP;Lo;0;L;;;;;N;;;;;
+A1FC;YI SYLLABLE KIEX;Lo;0;L;;;;;N;;;;;
+A1FD;YI SYLLABLE KIE;Lo;0;L;;;;;N;;;;;
+A1FE;YI SYLLABLE KIEP;Lo;0;L;;;;;N;;;;;
+A1FF;YI SYLLABLE KAT;Lo;0;L;;;;;N;;;;;
+A200;YI SYLLABLE KAX;Lo;0;L;;;;;N;;;;;
+A201;YI SYLLABLE KA;Lo;0;L;;;;;N;;;;;
+A202;YI SYLLABLE KAP;Lo;0;L;;;;;N;;;;;
+A203;YI SYLLABLE KUOX;Lo;0;L;;;;;N;;;;;
+A204;YI SYLLABLE KUO;Lo;0;L;;;;;N;;;;;
+A205;YI SYLLABLE KUOP;Lo;0;L;;;;;N;;;;;
+A206;YI SYLLABLE KOT;Lo;0;L;;;;;N;;;;;
+A207;YI SYLLABLE KOX;Lo;0;L;;;;;N;;;;;
+A208;YI SYLLABLE KO;Lo;0;L;;;;;N;;;;;
+A209;YI SYLLABLE KOP;Lo;0;L;;;;;N;;;;;
+A20A;YI SYLLABLE KET;Lo;0;L;;;;;N;;;;;
+A20B;YI SYLLABLE KEX;Lo;0;L;;;;;N;;;;;
+A20C;YI SYLLABLE KE;Lo;0;L;;;;;N;;;;;
+A20D;YI SYLLABLE KEP;Lo;0;L;;;;;N;;;;;
+A20E;YI SYLLABLE KUT;Lo;0;L;;;;;N;;;;;
+A20F;YI SYLLABLE KUX;Lo;0;L;;;;;N;;;;;
+A210;YI SYLLABLE KU;Lo;0;L;;;;;N;;;;;
+A211;YI SYLLABLE KUP;Lo;0;L;;;;;N;;;;;
+A212;YI SYLLABLE KURX;Lo;0;L;;;;;N;;;;;
+A213;YI SYLLABLE KUR;Lo;0;L;;;;;N;;;;;
+A214;YI SYLLABLE GGIT;Lo;0;L;;;;;N;;;;;
+A215;YI SYLLABLE GGIX;Lo;0;L;;;;;N;;;;;
+A216;YI SYLLABLE GGI;Lo;0;L;;;;;N;;;;;
+A217;YI SYLLABLE GGIEX;Lo;0;L;;;;;N;;;;;
+A218;YI SYLLABLE GGIE;Lo;0;L;;;;;N;;;;;
+A219;YI SYLLABLE GGIEP;Lo;0;L;;;;;N;;;;;
+A21A;YI SYLLABLE GGAT;Lo;0;L;;;;;N;;;;;
+A21B;YI SYLLABLE GGAX;Lo;0;L;;;;;N;;;;;
+A21C;YI SYLLABLE GGA;Lo;0;L;;;;;N;;;;;
+A21D;YI SYLLABLE GGAP;Lo;0;L;;;;;N;;;;;
+A21E;YI SYLLABLE GGUOT;Lo;0;L;;;;;N;;;;;
+A21F;YI SYLLABLE GGUOX;Lo;0;L;;;;;N;;;;;
+A220;YI SYLLABLE GGUO;Lo;0;L;;;;;N;;;;;
+A221;YI SYLLABLE GGUOP;Lo;0;L;;;;;N;;;;;
+A222;YI SYLLABLE GGOT;Lo;0;L;;;;;N;;;;;
+A223;YI SYLLABLE GGOX;Lo;0;L;;;;;N;;;;;
+A224;YI SYLLABLE GGO;Lo;0;L;;;;;N;;;;;
+A225;YI SYLLABLE GGOP;Lo;0;L;;;;;N;;;;;
+A226;YI SYLLABLE GGET;Lo;0;L;;;;;N;;;;;
+A227;YI SYLLABLE GGEX;Lo;0;L;;;;;N;;;;;
+A228;YI SYLLABLE GGE;Lo;0;L;;;;;N;;;;;
+A229;YI SYLLABLE GGEP;Lo;0;L;;;;;N;;;;;
+A22A;YI SYLLABLE GGUT;Lo;0;L;;;;;N;;;;;
+A22B;YI SYLLABLE GGUX;Lo;0;L;;;;;N;;;;;
+A22C;YI SYLLABLE GGU;Lo;0;L;;;;;N;;;;;
+A22D;YI SYLLABLE GGUP;Lo;0;L;;;;;N;;;;;
+A22E;YI SYLLABLE GGURX;Lo;0;L;;;;;N;;;;;
+A22F;YI SYLLABLE GGUR;Lo;0;L;;;;;N;;;;;
+A230;YI SYLLABLE MGIEX;Lo;0;L;;;;;N;;;;;
+A231;YI SYLLABLE MGIE;Lo;0;L;;;;;N;;;;;
+A232;YI SYLLABLE MGAT;Lo;0;L;;;;;N;;;;;
+A233;YI SYLLABLE MGAX;Lo;0;L;;;;;N;;;;;
+A234;YI SYLLABLE MGA;Lo;0;L;;;;;N;;;;;
+A235;YI SYLLABLE MGAP;Lo;0;L;;;;;N;;;;;
+A236;YI SYLLABLE MGUOX;Lo;0;L;;;;;N;;;;;
+A237;YI SYLLABLE MGUO;Lo;0;L;;;;;N;;;;;
+A238;YI SYLLABLE MGUOP;Lo;0;L;;;;;N;;;;;
+A239;YI SYLLABLE MGOT;Lo;0;L;;;;;N;;;;;
+A23A;YI SYLLABLE MGOX;Lo;0;L;;;;;N;;;;;
+A23B;YI SYLLABLE MGO;Lo;0;L;;;;;N;;;;;
+A23C;YI SYLLABLE MGOP;Lo;0;L;;;;;N;;;;;
+A23D;YI SYLLABLE MGEX;Lo;0;L;;;;;N;;;;;
+A23E;YI SYLLABLE MGE;Lo;0;L;;;;;N;;;;;
+A23F;YI SYLLABLE MGEP;Lo;0;L;;;;;N;;;;;
+A240;YI SYLLABLE MGUT;Lo;0;L;;;;;N;;;;;
+A241;YI SYLLABLE MGUX;Lo;0;L;;;;;N;;;;;
+A242;YI SYLLABLE MGU;Lo;0;L;;;;;N;;;;;
+A243;YI SYLLABLE MGUP;Lo;0;L;;;;;N;;;;;
+A244;YI SYLLABLE MGURX;Lo;0;L;;;;;N;;;;;
+A245;YI SYLLABLE MGUR;Lo;0;L;;;;;N;;;;;
+A246;YI SYLLABLE HXIT;Lo;0;L;;;;;N;;;;;
+A247;YI SYLLABLE HXIX;Lo;0;L;;;;;N;;;;;
+A248;YI SYLLABLE HXI;Lo;0;L;;;;;N;;;;;
+A249;YI SYLLABLE HXIP;Lo;0;L;;;;;N;;;;;
+A24A;YI SYLLABLE HXIET;Lo;0;L;;;;;N;;;;;
+A24B;YI SYLLABLE HXIEX;Lo;0;L;;;;;N;;;;;
+A24C;YI SYLLABLE HXIE;Lo;0;L;;;;;N;;;;;
+A24D;YI SYLLABLE HXIEP;Lo;0;L;;;;;N;;;;;
+A24E;YI SYLLABLE HXAT;Lo;0;L;;;;;N;;;;;
+A24F;YI SYLLABLE HXAX;Lo;0;L;;;;;N;;;;;
+A250;YI SYLLABLE HXA;Lo;0;L;;;;;N;;;;;
+A251;YI SYLLABLE HXAP;Lo;0;L;;;;;N;;;;;
+A252;YI SYLLABLE HXUOT;Lo;0;L;;;;;N;;;;;
+A253;YI SYLLABLE HXUOX;Lo;0;L;;;;;N;;;;;
+A254;YI SYLLABLE HXUO;Lo;0;L;;;;;N;;;;;
+A255;YI SYLLABLE HXUOP;Lo;0;L;;;;;N;;;;;
+A256;YI SYLLABLE HXOT;Lo;0;L;;;;;N;;;;;
+A257;YI SYLLABLE HXOX;Lo;0;L;;;;;N;;;;;
+A258;YI SYLLABLE HXO;Lo;0;L;;;;;N;;;;;
+A259;YI SYLLABLE HXOP;Lo;0;L;;;;;N;;;;;
+A25A;YI SYLLABLE HXEX;Lo;0;L;;;;;N;;;;;
+A25B;YI SYLLABLE HXE;Lo;0;L;;;;;N;;;;;
+A25C;YI SYLLABLE HXEP;Lo;0;L;;;;;N;;;;;
+A25D;YI SYLLABLE NGIEX;Lo;0;L;;;;;N;;;;;
+A25E;YI SYLLABLE NGIE;Lo;0;L;;;;;N;;;;;
+A25F;YI SYLLABLE NGIEP;Lo;0;L;;;;;N;;;;;
+A260;YI SYLLABLE NGAT;Lo;0;L;;;;;N;;;;;
+A261;YI SYLLABLE NGAX;Lo;0;L;;;;;N;;;;;
+A262;YI SYLLABLE NGA;Lo;0;L;;;;;N;;;;;
+A263;YI SYLLABLE NGAP;Lo;0;L;;;;;N;;;;;
+A264;YI SYLLABLE NGUOT;Lo;0;L;;;;;N;;;;;
+A265;YI SYLLABLE NGUOX;Lo;0;L;;;;;N;;;;;
+A266;YI SYLLABLE NGUO;Lo;0;L;;;;;N;;;;;
+A267;YI SYLLABLE NGOT;Lo;0;L;;;;;N;;;;;
+A268;YI SYLLABLE NGOX;Lo;0;L;;;;;N;;;;;
+A269;YI SYLLABLE NGO;Lo;0;L;;;;;N;;;;;
+A26A;YI SYLLABLE NGOP;Lo;0;L;;;;;N;;;;;
+A26B;YI SYLLABLE NGEX;Lo;0;L;;;;;N;;;;;
+A26C;YI SYLLABLE NGE;Lo;0;L;;;;;N;;;;;
+A26D;YI SYLLABLE NGEP;Lo;0;L;;;;;N;;;;;
+A26E;YI SYLLABLE HIT;Lo;0;L;;;;;N;;;;;
+A26F;YI SYLLABLE HIEX;Lo;0;L;;;;;N;;;;;
+A270;YI SYLLABLE HIE;Lo;0;L;;;;;N;;;;;
+A271;YI SYLLABLE HAT;Lo;0;L;;;;;N;;;;;
+A272;YI SYLLABLE HAX;Lo;0;L;;;;;N;;;;;
+A273;YI SYLLABLE HA;Lo;0;L;;;;;N;;;;;
+A274;YI SYLLABLE HAP;Lo;0;L;;;;;N;;;;;
+A275;YI SYLLABLE HUOT;Lo;0;L;;;;;N;;;;;
+A276;YI SYLLABLE HUOX;Lo;0;L;;;;;N;;;;;
+A277;YI SYLLABLE HUO;Lo;0;L;;;;;N;;;;;
+A278;YI SYLLABLE HUOP;Lo;0;L;;;;;N;;;;;
+A279;YI SYLLABLE HOT;Lo;0;L;;;;;N;;;;;
+A27A;YI SYLLABLE HOX;Lo;0;L;;;;;N;;;;;
+A27B;YI SYLLABLE HO;Lo;0;L;;;;;N;;;;;
+A27C;YI SYLLABLE HOP;Lo;0;L;;;;;N;;;;;
+A27D;YI SYLLABLE HEX;Lo;0;L;;;;;N;;;;;
+A27E;YI SYLLABLE HE;Lo;0;L;;;;;N;;;;;
+A27F;YI SYLLABLE HEP;Lo;0;L;;;;;N;;;;;
+A280;YI SYLLABLE WAT;Lo;0;L;;;;;N;;;;;
+A281;YI SYLLABLE WAX;Lo;0;L;;;;;N;;;;;
+A282;YI SYLLABLE WA;Lo;0;L;;;;;N;;;;;
+A283;YI SYLLABLE WAP;Lo;0;L;;;;;N;;;;;
+A284;YI SYLLABLE WUOX;Lo;0;L;;;;;N;;;;;
+A285;YI SYLLABLE WUO;Lo;0;L;;;;;N;;;;;
+A286;YI SYLLABLE WUOP;Lo;0;L;;;;;N;;;;;
+A287;YI SYLLABLE WOX;Lo;0;L;;;;;N;;;;;
+A288;YI SYLLABLE WO;Lo;0;L;;;;;N;;;;;
+A289;YI SYLLABLE WOP;Lo;0;L;;;;;N;;;;;
+A28A;YI SYLLABLE WEX;Lo;0;L;;;;;N;;;;;
+A28B;YI SYLLABLE WE;Lo;0;L;;;;;N;;;;;
+A28C;YI SYLLABLE WEP;Lo;0;L;;;;;N;;;;;
+A28D;YI SYLLABLE ZIT;Lo;0;L;;;;;N;;;;;
+A28E;YI SYLLABLE ZIX;Lo;0;L;;;;;N;;;;;
+A28F;YI SYLLABLE ZI;Lo;0;L;;;;;N;;;;;
+A290;YI SYLLABLE ZIP;Lo;0;L;;;;;N;;;;;
+A291;YI SYLLABLE ZIEX;Lo;0;L;;;;;N;;;;;
+A292;YI SYLLABLE ZIE;Lo;0;L;;;;;N;;;;;
+A293;YI SYLLABLE ZIEP;Lo;0;L;;;;;N;;;;;
+A294;YI SYLLABLE ZAT;Lo;0;L;;;;;N;;;;;
+A295;YI SYLLABLE ZAX;Lo;0;L;;;;;N;;;;;
+A296;YI SYLLABLE ZA;Lo;0;L;;;;;N;;;;;
+A297;YI SYLLABLE ZAP;Lo;0;L;;;;;N;;;;;
+A298;YI SYLLABLE ZUOX;Lo;0;L;;;;;N;;;;;
+A299;YI SYLLABLE ZUO;Lo;0;L;;;;;N;;;;;
+A29A;YI SYLLABLE ZUOP;Lo;0;L;;;;;N;;;;;
+A29B;YI SYLLABLE ZOT;Lo;0;L;;;;;N;;;;;
+A29C;YI SYLLABLE ZOX;Lo;0;L;;;;;N;;;;;
+A29D;YI SYLLABLE ZO;Lo;0;L;;;;;N;;;;;
+A29E;YI SYLLABLE ZOP;Lo;0;L;;;;;N;;;;;
+A29F;YI SYLLABLE ZEX;Lo;0;L;;;;;N;;;;;
+A2A0;YI SYLLABLE ZE;Lo;0;L;;;;;N;;;;;
+A2A1;YI SYLLABLE ZEP;Lo;0;L;;;;;N;;;;;
+A2A2;YI SYLLABLE ZUT;Lo;0;L;;;;;N;;;;;
+A2A3;YI SYLLABLE ZUX;Lo;0;L;;;;;N;;;;;
+A2A4;YI SYLLABLE ZU;Lo;0;L;;;;;N;;;;;
+A2A5;YI SYLLABLE ZUP;Lo;0;L;;;;;N;;;;;
+A2A6;YI SYLLABLE ZURX;Lo;0;L;;;;;N;;;;;
+A2A7;YI SYLLABLE ZUR;Lo;0;L;;;;;N;;;;;
+A2A8;YI SYLLABLE ZYT;Lo;0;L;;;;;N;;;;;
+A2A9;YI SYLLABLE ZYX;Lo;0;L;;;;;N;;;;;
+A2AA;YI SYLLABLE ZY;Lo;0;L;;;;;N;;;;;
+A2AB;YI SYLLABLE ZYP;Lo;0;L;;;;;N;;;;;
+A2AC;YI SYLLABLE ZYRX;Lo;0;L;;;;;N;;;;;
+A2AD;YI SYLLABLE ZYR;Lo;0;L;;;;;N;;;;;
+A2AE;YI SYLLABLE CIT;Lo;0;L;;;;;N;;;;;
+A2AF;YI SYLLABLE CIX;Lo;0;L;;;;;N;;;;;
+A2B0;YI SYLLABLE CI;Lo;0;L;;;;;N;;;;;
+A2B1;YI SYLLABLE CIP;Lo;0;L;;;;;N;;;;;
+A2B2;YI SYLLABLE CIET;Lo;0;L;;;;;N;;;;;
+A2B3;YI SYLLABLE CIEX;Lo;0;L;;;;;N;;;;;
+A2B4;YI SYLLABLE CIE;Lo;0;L;;;;;N;;;;;
+A2B5;YI SYLLABLE CIEP;Lo;0;L;;;;;N;;;;;
+A2B6;YI SYLLABLE CAT;Lo;0;L;;;;;N;;;;;
+A2B7;YI SYLLABLE CAX;Lo;0;L;;;;;N;;;;;
+A2B8;YI SYLLABLE CA;Lo;0;L;;;;;N;;;;;
+A2B9;YI SYLLABLE CAP;Lo;0;L;;;;;N;;;;;
+A2BA;YI SYLLABLE CUOX;Lo;0;L;;;;;N;;;;;
+A2BB;YI SYLLABLE CUO;Lo;0;L;;;;;N;;;;;
+A2BC;YI SYLLABLE CUOP;Lo;0;L;;;;;N;;;;;
+A2BD;YI SYLLABLE COT;Lo;0;L;;;;;N;;;;;
+A2BE;YI SYLLABLE COX;Lo;0;L;;;;;N;;;;;
+A2BF;YI SYLLABLE CO;Lo;0;L;;;;;N;;;;;
+A2C0;YI SYLLABLE COP;Lo;0;L;;;;;N;;;;;
+A2C1;YI SYLLABLE CEX;Lo;0;L;;;;;N;;;;;
+A2C2;YI SYLLABLE CE;Lo;0;L;;;;;N;;;;;
+A2C3;YI SYLLABLE CEP;Lo;0;L;;;;;N;;;;;
+A2C4;YI SYLLABLE CUT;Lo;0;L;;;;;N;;;;;
+A2C5;YI SYLLABLE CUX;Lo;0;L;;;;;N;;;;;
+A2C6;YI SYLLABLE CU;Lo;0;L;;;;;N;;;;;
+A2C7;YI SYLLABLE CUP;Lo;0;L;;;;;N;;;;;
+A2C8;YI SYLLABLE CURX;Lo;0;L;;;;;N;;;;;
+A2C9;YI SYLLABLE CUR;Lo;0;L;;;;;N;;;;;
+A2CA;YI SYLLABLE CYT;Lo;0;L;;;;;N;;;;;
+A2CB;YI SYLLABLE CYX;Lo;0;L;;;;;N;;;;;
+A2CC;YI SYLLABLE CY;Lo;0;L;;;;;N;;;;;
+A2CD;YI SYLLABLE CYP;Lo;0;L;;;;;N;;;;;
+A2CE;YI SYLLABLE CYRX;Lo;0;L;;;;;N;;;;;
+A2CF;YI SYLLABLE CYR;Lo;0;L;;;;;N;;;;;
+A2D0;YI SYLLABLE ZZIT;Lo;0;L;;;;;N;;;;;
+A2D1;YI SYLLABLE ZZIX;Lo;0;L;;;;;N;;;;;
+A2D2;YI SYLLABLE ZZI;Lo;0;L;;;;;N;;;;;
+A2D3;YI SYLLABLE ZZIP;Lo;0;L;;;;;N;;;;;
+A2D4;YI SYLLABLE ZZIET;Lo;0;L;;;;;N;;;;;
+A2D5;YI SYLLABLE ZZIEX;Lo;0;L;;;;;N;;;;;
+A2D6;YI SYLLABLE ZZIE;Lo;0;L;;;;;N;;;;;
+A2D7;YI SYLLABLE ZZIEP;Lo;0;L;;;;;N;;;;;
+A2D8;YI SYLLABLE ZZAT;Lo;0;L;;;;;N;;;;;
+A2D9;YI SYLLABLE ZZAX;Lo;0;L;;;;;N;;;;;
+A2DA;YI SYLLABLE ZZA;Lo;0;L;;;;;N;;;;;
+A2DB;YI SYLLABLE ZZAP;Lo;0;L;;;;;N;;;;;
+A2DC;YI SYLLABLE ZZOX;Lo;0;L;;;;;N;;;;;
+A2DD;YI SYLLABLE ZZO;Lo;0;L;;;;;N;;;;;
+A2DE;YI SYLLABLE ZZOP;Lo;0;L;;;;;N;;;;;
+A2DF;YI SYLLABLE ZZEX;Lo;0;L;;;;;N;;;;;
+A2E0;YI SYLLABLE ZZE;Lo;0;L;;;;;N;;;;;
+A2E1;YI SYLLABLE ZZEP;Lo;0;L;;;;;N;;;;;
+A2E2;YI SYLLABLE ZZUX;Lo;0;L;;;;;N;;;;;
+A2E3;YI SYLLABLE ZZU;Lo;0;L;;;;;N;;;;;
+A2E4;YI SYLLABLE ZZUP;Lo;0;L;;;;;N;;;;;
+A2E5;YI SYLLABLE ZZURX;Lo;0;L;;;;;N;;;;;
+A2E6;YI SYLLABLE ZZUR;Lo;0;L;;;;;N;;;;;
+A2E7;YI SYLLABLE ZZYT;Lo;0;L;;;;;N;;;;;
+A2E8;YI SYLLABLE ZZYX;Lo;0;L;;;;;N;;;;;
+A2E9;YI SYLLABLE ZZY;Lo;0;L;;;;;N;;;;;
+A2EA;YI SYLLABLE ZZYP;Lo;0;L;;;;;N;;;;;
+A2EB;YI SYLLABLE ZZYRX;Lo;0;L;;;;;N;;;;;
+A2EC;YI SYLLABLE ZZYR;Lo;0;L;;;;;N;;;;;
+A2ED;YI SYLLABLE NZIT;Lo;0;L;;;;;N;;;;;
+A2EE;YI SYLLABLE NZIX;Lo;0;L;;;;;N;;;;;
+A2EF;YI SYLLABLE NZI;Lo;0;L;;;;;N;;;;;
+A2F0;YI SYLLABLE NZIP;Lo;0;L;;;;;N;;;;;
+A2F1;YI SYLLABLE NZIEX;Lo;0;L;;;;;N;;;;;
+A2F2;YI SYLLABLE NZIE;Lo;0;L;;;;;N;;;;;
+A2F3;YI SYLLABLE NZIEP;Lo;0;L;;;;;N;;;;;
+A2F4;YI SYLLABLE NZAT;Lo;0;L;;;;;N;;;;;
+A2F5;YI SYLLABLE NZAX;Lo;0;L;;;;;N;;;;;
+A2F6;YI SYLLABLE NZA;Lo;0;L;;;;;N;;;;;
+A2F7;YI SYLLABLE NZAP;Lo;0;L;;;;;N;;;;;
+A2F8;YI SYLLABLE NZUOX;Lo;0;L;;;;;N;;;;;
+A2F9;YI SYLLABLE NZUO;Lo;0;L;;;;;N;;;;;
+A2FA;YI SYLLABLE NZOX;Lo;0;L;;;;;N;;;;;
+A2FB;YI SYLLABLE NZOP;Lo;0;L;;;;;N;;;;;
+A2FC;YI SYLLABLE NZEX;Lo;0;L;;;;;N;;;;;
+A2FD;YI SYLLABLE NZE;Lo;0;L;;;;;N;;;;;
+A2FE;YI SYLLABLE NZUX;Lo;0;L;;;;;N;;;;;
+A2FF;YI SYLLABLE NZU;Lo;0;L;;;;;N;;;;;
+A300;YI SYLLABLE NZUP;Lo;0;L;;;;;N;;;;;
+A301;YI SYLLABLE NZURX;Lo;0;L;;;;;N;;;;;
+A302;YI SYLLABLE NZUR;Lo;0;L;;;;;N;;;;;
+A303;YI SYLLABLE NZYT;Lo;0;L;;;;;N;;;;;
+A304;YI SYLLABLE NZYX;Lo;0;L;;;;;N;;;;;
+A305;YI SYLLABLE NZY;Lo;0;L;;;;;N;;;;;
+A306;YI SYLLABLE NZYP;Lo;0;L;;;;;N;;;;;
+A307;YI SYLLABLE NZYRX;Lo;0;L;;;;;N;;;;;
+A308;YI SYLLABLE NZYR;Lo;0;L;;;;;N;;;;;
+A309;YI SYLLABLE SIT;Lo;0;L;;;;;N;;;;;
+A30A;YI SYLLABLE SIX;Lo;0;L;;;;;N;;;;;
+A30B;YI SYLLABLE SI;Lo;0;L;;;;;N;;;;;
+A30C;YI SYLLABLE SIP;Lo;0;L;;;;;N;;;;;
+A30D;YI SYLLABLE SIEX;Lo;0;L;;;;;N;;;;;
+A30E;YI SYLLABLE SIE;Lo;0;L;;;;;N;;;;;
+A30F;YI SYLLABLE SIEP;Lo;0;L;;;;;N;;;;;
+A310;YI SYLLABLE SAT;Lo;0;L;;;;;N;;;;;
+A311;YI SYLLABLE SAX;Lo;0;L;;;;;N;;;;;
+A312;YI SYLLABLE SA;Lo;0;L;;;;;N;;;;;
+A313;YI SYLLABLE SAP;Lo;0;L;;;;;N;;;;;
+A314;YI SYLLABLE SUOX;Lo;0;L;;;;;N;;;;;
+A315;YI SYLLABLE SUO;Lo;0;L;;;;;N;;;;;
+A316;YI SYLLABLE SUOP;Lo;0;L;;;;;N;;;;;
+A317;YI SYLLABLE SOT;Lo;0;L;;;;;N;;;;;
+A318;YI SYLLABLE SOX;Lo;0;L;;;;;N;;;;;
+A319;YI SYLLABLE SO;Lo;0;L;;;;;N;;;;;
+A31A;YI SYLLABLE SOP;Lo;0;L;;;;;N;;;;;
+A31B;YI SYLLABLE SEX;Lo;0;L;;;;;N;;;;;
+A31C;YI SYLLABLE SE;Lo;0;L;;;;;N;;;;;
+A31D;YI SYLLABLE SEP;Lo;0;L;;;;;N;;;;;
+A31E;YI SYLLABLE SUT;Lo;0;L;;;;;N;;;;;
+A31F;YI SYLLABLE SUX;Lo;0;L;;;;;N;;;;;
+A320;YI SYLLABLE SU;Lo;0;L;;;;;N;;;;;
+A321;YI SYLLABLE SUP;Lo;0;L;;;;;N;;;;;
+A322;YI SYLLABLE SURX;Lo;0;L;;;;;N;;;;;
+A323;YI SYLLABLE SUR;Lo;0;L;;;;;N;;;;;
+A324;YI SYLLABLE SYT;Lo;0;L;;;;;N;;;;;
+A325;YI SYLLABLE SYX;Lo;0;L;;;;;N;;;;;
+A326;YI SYLLABLE SY;Lo;0;L;;;;;N;;;;;
+A327;YI SYLLABLE SYP;Lo;0;L;;;;;N;;;;;
+A328;YI SYLLABLE SYRX;Lo;0;L;;;;;N;;;;;
+A329;YI SYLLABLE SYR;Lo;0;L;;;;;N;;;;;
+A32A;YI SYLLABLE SSIT;Lo;0;L;;;;;N;;;;;
+A32B;YI SYLLABLE SSIX;Lo;0;L;;;;;N;;;;;
+A32C;YI SYLLABLE SSI;Lo;0;L;;;;;N;;;;;
+A32D;YI SYLLABLE SSIP;Lo;0;L;;;;;N;;;;;
+A32E;YI SYLLABLE SSIEX;Lo;0;L;;;;;N;;;;;
+A32F;YI SYLLABLE SSIE;Lo;0;L;;;;;N;;;;;
+A330;YI SYLLABLE SSIEP;Lo;0;L;;;;;N;;;;;
+A331;YI SYLLABLE SSAT;Lo;0;L;;;;;N;;;;;
+A332;YI SYLLABLE SSAX;Lo;0;L;;;;;N;;;;;
+A333;YI SYLLABLE SSA;Lo;0;L;;;;;N;;;;;
+A334;YI SYLLABLE SSAP;Lo;0;L;;;;;N;;;;;
+A335;YI SYLLABLE SSOT;Lo;0;L;;;;;N;;;;;
+A336;YI SYLLABLE SSOX;Lo;0;L;;;;;N;;;;;
+A337;YI SYLLABLE SSO;Lo;0;L;;;;;N;;;;;
+A338;YI SYLLABLE SSOP;Lo;0;L;;;;;N;;;;;
+A339;YI SYLLABLE SSEX;Lo;0;L;;;;;N;;;;;
+A33A;YI SYLLABLE SSE;Lo;0;L;;;;;N;;;;;
+A33B;YI SYLLABLE SSEP;Lo;0;L;;;;;N;;;;;
+A33C;YI SYLLABLE SSUT;Lo;0;L;;;;;N;;;;;
+A33D;YI SYLLABLE SSUX;Lo;0;L;;;;;N;;;;;
+A33E;YI SYLLABLE SSU;Lo;0;L;;;;;N;;;;;
+A33F;YI SYLLABLE SSUP;Lo;0;L;;;;;N;;;;;
+A340;YI SYLLABLE SSYT;Lo;0;L;;;;;N;;;;;
+A341;YI SYLLABLE SSYX;Lo;0;L;;;;;N;;;;;
+A342;YI SYLLABLE SSY;Lo;0;L;;;;;N;;;;;
+A343;YI SYLLABLE SSYP;Lo;0;L;;;;;N;;;;;
+A344;YI SYLLABLE SSYRX;Lo;0;L;;;;;N;;;;;
+A345;YI SYLLABLE SSYR;Lo;0;L;;;;;N;;;;;
+A346;YI SYLLABLE ZHAT;Lo;0;L;;;;;N;;;;;
+A347;YI SYLLABLE ZHAX;Lo;0;L;;;;;N;;;;;
+A348;YI SYLLABLE ZHA;Lo;0;L;;;;;N;;;;;
+A349;YI SYLLABLE ZHAP;Lo;0;L;;;;;N;;;;;
+A34A;YI SYLLABLE ZHUOX;Lo;0;L;;;;;N;;;;;
+A34B;YI SYLLABLE ZHUO;Lo;0;L;;;;;N;;;;;
+A34C;YI SYLLABLE ZHUOP;Lo;0;L;;;;;N;;;;;
+A34D;YI SYLLABLE ZHOT;Lo;0;L;;;;;N;;;;;
+A34E;YI SYLLABLE ZHOX;Lo;0;L;;;;;N;;;;;
+A34F;YI SYLLABLE ZHO;Lo;0;L;;;;;N;;;;;
+A350;YI SYLLABLE ZHOP;Lo;0;L;;;;;N;;;;;
+A351;YI SYLLABLE ZHET;Lo;0;L;;;;;N;;;;;
+A352;YI SYLLABLE ZHEX;Lo;0;L;;;;;N;;;;;
+A353;YI SYLLABLE ZHE;Lo;0;L;;;;;N;;;;;
+A354;YI SYLLABLE ZHEP;Lo;0;L;;;;;N;;;;;
+A355;YI SYLLABLE ZHUT;Lo;0;L;;;;;N;;;;;
+A356;YI SYLLABLE ZHUX;Lo;0;L;;;;;N;;;;;
+A357;YI SYLLABLE ZHU;Lo;0;L;;;;;N;;;;;
+A358;YI SYLLABLE ZHUP;Lo;0;L;;;;;N;;;;;
+A359;YI SYLLABLE ZHURX;Lo;0;L;;;;;N;;;;;
+A35A;YI SYLLABLE ZHUR;Lo;0;L;;;;;N;;;;;
+A35B;YI SYLLABLE ZHYT;Lo;0;L;;;;;N;;;;;
+A35C;YI SYLLABLE ZHYX;Lo;0;L;;;;;N;;;;;
+A35D;YI SYLLABLE ZHY;Lo;0;L;;;;;N;;;;;
+A35E;YI SYLLABLE ZHYP;Lo;0;L;;;;;N;;;;;
+A35F;YI SYLLABLE ZHYRX;Lo;0;L;;;;;N;;;;;
+A360;YI SYLLABLE ZHYR;Lo;0;L;;;;;N;;;;;
+A361;YI SYLLABLE CHAT;Lo;0;L;;;;;N;;;;;
+A362;YI SYLLABLE CHAX;Lo;0;L;;;;;N;;;;;
+A363;YI SYLLABLE CHA;Lo;0;L;;;;;N;;;;;
+A364;YI SYLLABLE CHAP;Lo;0;L;;;;;N;;;;;
+A365;YI SYLLABLE CHUOT;Lo;0;L;;;;;N;;;;;
+A366;YI SYLLABLE CHUOX;Lo;0;L;;;;;N;;;;;
+A367;YI SYLLABLE CHUO;Lo;0;L;;;;;N;;;;;
+A368;YI SYLLABLE CHUOP;Lo;0;L;;;;;N;;;;;
+A369;YI SYLLABLE CHOT;Lo;0;L;;;;;N;;;;;
+A36A;YI SYLLABLE CHOX;Lo;0;L;;;;;N;;;;;
+A36B;YI SYLLABLE CHO;Lo;0;L;;;;;N;;;;;
+A36C;YI SYLLABLE CHOP;Lo;0;L;;;;;N;;;;;
+A36D;YI SYLLABLE CHET;Lo;0;L;;;;;N;;;;;
+A36E;YI SYLLABLE CHEX;Lo;0;L;;;;;N;;;;;
+A36F;YI SYLLABLE CHE;Lo;0;L;;;;;N;;;;;
+A370;YI SYLLABLE CHEP;Lo;0;L;;;;;N;;;;;
+A371;YI SYLLABLE CHUX;Lo;0;L;;;;;N;;;;;
+A372;YI SYLLABLE CHU;Lo;0;L;;;;;N;;;;;
+A373;YI SYLLABLE CHUP;Lo;0;L;;;;;N;;;;;
+A374;YI SYLLABLE CHURX;Lo;0;L;;;;;N;;;;;
+A375;YI SYLLABLE CHUR;Lo;0;L;;;;;N;;;;;
+A376;YI SYLLABLE CHYT;Lo;0;L;;;;;N;;;;;
+A377;YI SYLLABLE CHYX;Lo;0;L;;;;;N;;;;;
+A378;YI SYLLABLE CHY;Lo;0;L;;;;;N;;;;;
+A379;YI SYLLABLE CHYP;Lo;0;L;;;;;N;;;;;
+A37A;YI SYLLABLE CHYRX;Lo;0;L;;;;;N;;;;;
+A37B;YI SYLLABLE CHYR;Lo;0;L;;;;;N;;;;;
+A37C;YI SYLLABLE RRAX;Lo;0;L;;;;;N;;;;;
+A37D;YI SYLLABLE RRA;Lo;0;L;;;;;N;;;;;
+A37E;YI SYLLABLE RRUOX;Lo;0;L;;;;;N;;;;;
+A37F;YI SYLLABLE RRUO;Lo;0;L;;;;;N;;;;;
+A380;YI SYLLABLE RROT;Lo;0;L;;;;;N;;;;;
+A381;YI SYLLABLE RROX;Lo;0;L;;;;;N;;;;;
+A382;YI SYLLABLE RRO;Lo;0;L;;;;;N;;;;;
+A383;YI SYLLABLE RROP;Lo;0;L;;;;;N;;;;;
+A384;YI SYLLABLE RRET;Lo;0;L;;;;;N;;;;;
+A385;YI SYLLABLE RREX;Lo;0;L;;;;;N;;;;;
+A386;YI SYLLABLE RRE;Lo;0;L;;;;;N;;;;;
+A387;YI SYLLABLE RREP;Lo;0;L;;;;;N;;;;;
+A388;YI SYLLABLE RRUT;Lo;0;L;;;;;N;;;;;
+A389;YI SYLLABLE RRUX;Lo;0;L;;;;;N;;;;;
+A38A;YI SYLLABLE RRU;Lo;0;L;;;;;N;;;;;
+A38B;YI SYLLABLE RRUP;Lo;0;L;;;;;N;;;;;
+A38C;YI SYLLABLE RRURX;Lo;0;L;;;;;N;;;;;
+A38D;YI SYLLABLE RRUR;Lo;0;L;;;;;N;;;;;
+A38E;YI SYLLABLE RRYT;Lo;0;L;;;;;N;;;;;
+A38F;YI SYLLABLE RRYX;Lo;0;L;;;;;N;;;;;
+A390;YI SYLLABLE RRY;Lo;0;L;;;;;N;;;;;
+A391;YI SYLLABLE RRYP;Lo;0;L;;;;;N;;;;;
+A392;YI SYLLABLE RRYRX;Lo;0;L;;;;;N;;;;;
+A393;YI SYLLABLE RRYR;Lo;0;L;;;;;N;;;;;
+A394;YI SYLLABLE NRAT;Lo;0;L;;;;;N;;;;;
+A395;YI SYLLABLE NRAX;Lo;0;L;;;;;N;;;;;
+A396;YI SYLLABLE NRA;Lo;0;L;;;;;N;;;;;
+A397;YI SYLLABLE NRAP;Lo;0;L;;;;;N;;;;;
+A398;YI SYLLABLE NROX;Lo;0;L;;;;;N;;;;;
+A399;YI SYLLABLE NRO;Lo;0;L;;;;;N;;;;;
+A39A;YI SYLLABLE NROP;Lo;0;L;;;;;N;;;;;
+A39B;YI SYLLABLE NRET;Lo;0;L;;;;;N;;;;;
+A39C;YI SYLLABLE NREX;Lo;0;L;;;;;N;;;;;
+A39D;YI SYLLABLE NRE;Lo;0;L;;;;;N;;;;;
+A39E;YI SYLLABLE NREP;Lo;0;L;;;;;N;;;;;
+A39F;YI SYLLABLE NRUT;Lo;0;L;;;;;N;;;;;
+A3A0;YI SYLLABLE NRUX;Lo;0;L;;;;;N;;;;;
+A3A1;YI SYLLABLE NRU;Lo;0;L;;;;;N;;;;;
+A3A2;YI SYLLABLE NRUP;Lo;0;L;;;;;N;;;;;
+A3A3;YI SYLLABLE NRURX;Lo;0;L;;;;;N;;;;;
+A3A4;YI SYLLABLE NRUR;Lo;0;L;;;;;N;;;;;
+A3A5;YI SYLLABLE NRYT;Lo;0;L;;;;;N;;;;;
+A3A6;YI SYLLABLE NRYX;Lo;0;L;;;;;N;;;;;
+A3A7;YI SYLLABLE NRY;Lo;0;L;;;;;N;;;;;
+A3A8;YI SYLLABLE NRYP;Lo;0;L;;;;;N;;;;;
+A3A9;YI SYLLABLE NRYRX;Lo;0;L;;;;;N;;;;;
+A3AA;YI SYLLABLE NRYR;Lo;0;L;;;;;N;;;;;
+A3AB;YI SYLLABLE SHAT;Lo;0;L;;;;;N;;;;;
+A3AC;YI SYLLABLE SHAX;Lo;0;L;;;;;N;;;;;
+A3AD;YI SYLLABLE SHA;Lo;0;L;;;;;N;;;;;
+A3AE;YI SYLLABLE SHAP;Lo;0;L;;;;;N;;;;;
+A3AF;YI SYLLABLE SHUOX;Lo;0;L;;;;;N;;;;;
+A3B0;YI SYLLABLE SHUO;Lo;0;L;;;;;N;;;;;
+A3B1;YI SYLLABLE SHUOP;Lo;0;L;;;;;N;;;;;
+A3B2;YI SYLLABLE SHOT;Lo;0;L;;;;;N;;;;;
+A3B3;YI SYLLABLE SHOX;Lo;0;L;;;;;N;;;;;
+A3B4;YI SYLLABLE SHO;Lo;0;L;;;;;N;;;;;
+A3B5;YI SYLLABLE SHOP;Lo;0;L;;;;;N;;;;;
+A3B6;YI SYLLABLE SHET;Lo;0;L;;;;;N;;;;;
+A3B7;YI SYLLABLE SHEX;Lo;0;L;;;;;N;;;;;
+A3B8;YI SYLLABLE SHE;Lo;0;L;;;;;N;;;;;
+A3B9;YI SYLLABLE SHEP;Lo;0;L;;;;;N;;;;;
+A3BA;YI SYLLABLE SHUT;Lo;0;L;;;;;N;;;;;
+A3BB;YI SYLLABLE SHUX;Lo;0;L;;;;;N;;;;;
+A3BC;YI SYLLABLE SHU;Lo;0;L;;;;;N;;;;;
+A3BD;YI SYLLABLE SHUP;Lo;0;L;;;;;N;;;;;
+A3BE;YI SYLLABLE SHURX;Lo;0;L;;;;;N;;;;;
+A3BF;YI SYLLABLE SHUR;Lo;0;L;;;;;N;;;;;
+A3C0;YI SYLLABLE SHYT;Lo;0;L;;;;;N;;;;;
+A3C1;YI SYLLABLE SHYX;Lo;0;L;;;;;N;;;;;
+A3C2;YI SYLLABLE SHY;Lo;0;L;;;;;N;;;;;
+A3C3;YI SYLLABLE SHYP;Lo;0;L;;;;;N;;;;;
+A3C4;YI SYLLABLE SHYRX;Lo;0;L;;;;;N;;;;;
+A3C5;YI SYLLABLE SHYR;Lo;0;L;;;;;N;;;;;
+A3C6;YI SYLLABLE RAT;Lo;0;L;;;;;N;;;;;
+A3C7;YI SYLLABLE RAX;Lo;0;L;;;;;N;;;;;
+A3C8;YI SYLLABLE RA;Lo;0;L;;;;;N;;;;;
+A3C9;YI SYLLABLE RAP;Lo;0;L;;;;;N;;;;;
+A3CA;YI SYLLABLE RUOX;Lo;0;L;;;;;N;;;;;
+A3CB;YI SYLLABLE RUO;Lo;0;L;;;;;N;;;;;
+A3CC;YI SYLLABLE RUOP;Lo;0;L;;;;;N;;;;;
+A3CD;YI SYLLABLE ROT;Lo;0;L;;;;;N;;;;;
+A3CE;YI SYLLABLE ROX;Lo;0;L;;;;;N;;;;;
+A3CF;YI SYLLABLE RO;Lo;0;L;;;;;N;;;;;
+A3D0;YI SYLLABLE ROP;Lo;0;L;;;;;N;;;;;
+A3D1;YI SYLLABLE REX;Lo;0;L;;;;;N;;;;;
+A3D2;YI SYLLABLE RE;Lo;0;L;;;;;N;;;;;
+A3D3;YI SYLLABLE REP;Lo;0;L;;;;;N;;;;;
+A3D4;YI SYLLABLE RUT;Lo;0;L;;;;;N;;;;;
+A3D5;YI SYLLABLE RUX;Lo;0;L;;;;;N;;;;;
+A3D6;YI SYLLABLE RU;Lo;0;L;;;;;N;;;;;
+A3D7;YI SYLLABLE RUP;Lo;0;L;;;;;N;;;;;
+A3D8;YI SYLLABLE RURX;Lo;0;L;;;;;N;;;;;
+A3D9;YI SYLLABLE RUR;Lo;0;L;;;;;N;;;;;
+A3DA;YI SYLLABLE RYT;Lo;0;L;;;;;N;;;;;
+A3DB;YI SYLLABLE RYX;Lo;0;L;;;;;N;;;;;
+A3DC;YI SYLLABLE RY;Lo;0;L;;;;;N;;;;;
+A3DD;YI SYLLABLE RYP;Lo;0;L;;;;;N;;;;;
+A3DE;YI SYLLABLE RYRX;Lo;0;L;;;;;N;;;;;
+A3DF;YI SYLLABLE RYR;Lo;0;L;;;;;N;;;;;
+A3E0;YI SYLLABLE JIT;Lo;0;L;;;;;N;;;;;
+A3E1;YI SYLLABLE JIX;Lo;0;L;;;;;N;;;;;
+A3E2;YI SYLLABLE JI;Lo;0;L;;;;;N;;;;;
+A3E3;YI SYLLABLE JIP;Lo;0;L;;;;;N;;;;;
+A3E4;YI SYLLABLE JIET;Lo;0;L;;;;;N;;;;;
+A3E5;YI SYLLABLE JIEX;Lo;0;L;;;;;N;;;;;
+A3E6;YI SYLLABLE JIE;Lo;0;L;;;;;N;;;;;
+A3E7;YI SYLLABLE JIEP;Lo;0;L;;;;;N;;;;;
+A3E8;YI SYLLABLE JUOT;Lo;0;L;;;;;N;;;;;
+A3E9;YI SYLLABLE JUOX;Lo;0;L;;;;;N;;;;;
+A3EA;YI SYLLABLE JUO;Lo;0;L;;;;;N;;;;;
+A3EB;YI SYLLABLE JUOP;Lo;0;L;;;;;N;;;;;
+A3EC;YI SYLLABLE JOT;Lo;0;L;;;;;N;;;;;
+A3ED;YI SYLLABLE JOX;Lo;0;L;;;;;N;;;;;
+A3EE;YI SYLLABLE JO;Lo;0;L;;;;;N;;;;;
+A3EF;YI SYLLABLE JOP;Lo;0;L;;;;;N;;;;;
+A3F0;YI SYLLABLE JUT;Lo;0;L;;;;;N;;;;;
+A3F1;YI SYLLABLE JUX;Lo;0;L;;;;;N;;;;;
+A3F2;YI SYLLABLE JU;Lo;0;L;;;;;N;;;;;
+A3F3;YI SYLLABLE JUP;Lo;0;L;;;;;N;;;;;
+A3F4;YI SYLLABLE JURX;Lo;0;L;;;;;N;;;;;
+A3F5;YI SYLLABLE JUR;Lo;0;L;;;;;N;;;;;
+A3F6;YI SYLLABLE JYT;Lo;0;L;;;;;N;;;;;
+A3F7;YI SYLLABLE JYX;Lo;0;L;;;;;N;;;;;
+A3F8;YI SYLLABLE JY;Lo;0;L;;;;;N;;;;;
+A3F9;YI SYLLABLE JYP;Lo;0;L;;;;;N;;;;;
+A3FA;YI SYLLABLE JYRX;Lo;0;L;;;;;N;;;;;
+A3FB;YI SYLLABLE JYR;Lo;0;L;;;;;N;;;;;
+A3FC;YI SYLLABLE QIT;Lo;0;L;;;;;N;;;;;
+A3FD;YI SYLLABLE QIX;Lo;0;L;;;;;N;;;;;
+A3FE;YI SYLLABLE QI;Lo;0;L;;;;;N;;;;;
+A3FF;YI SYLLABLE QIP;Lo;0;L;;;;;N;;;;;
+A400;YI SYLLABLE QIET;Lo;0;L;;;;;N;;;;;
+A401;YI SYLLABLE QIEX;Lo;0;L;;;;;N;;;;;
+A402;YI SYLLABLE QIE;Lo;0;L;;;;;N;;;;;
+A403;YI SYLLABLE QIEP;Lo;0;L;;;;;N;;;;;
+A404;YI SYLLABLE QUOT;Lo;0;L;;;;;N;;;;;
+A405;YI SYLLABLE QUOX;Lo;0;L;;;;;N;;;;;
+A406;YI SYLLABLE QUO;Lo;0;L;;;;;N;;;;;
+A407;YI SYLLABLE QUOP;Lo;0;L;;;;;N;;;;;
+A408;YI SYLLABLE QOT;Lo;0;L;;;;;N;;;;;
+A409;YI SYLLABLE QOX;Lo;0;L;;;;;N;;;;;
+A40A;YI SYLLABLE QO;Lo;0;L;;;;;N;;;;;
+A40B;YI SYLLABLE QOP;Lo;0;L;;;;;N;;;;;
+A40C;YI SYLLABLE QUT;Lo;0;L;;;;;N;;;;;
+A40D;YI SYLLABLE QUX;Lo;0;L;;;;;N;;;;;
+A40E;YI SYLLABLE QU;Lo;0;L;;;;;N;;;;;
+A40F;YI SYLLABLE QUP;Lo;0;L;;;;;N;;;;;
+A410;YI SYLLABLE QURX;Lo;0;L;;;;;N;;;;;
+A411;YI SYLLABLE QUR;Lo;0;L;;;;;N;;;;;
+A412;YI SYLLABLE QYT;Lo;0;L;;;;;N;;;;;
+A413;YI SYLLABLE QYX;Lo;0;L;;;;;N;;;;;
+A414;YI SYLLABLE QY;Lo;0;L;;;;;N;;;;;
+A415;YI SYLLABLE QYP;Lo;0;L;;;;;N;;;;;
+A416;YI SYLLABLE QYRX;Lo;0;L;;;;;N;;;;;
+A417;YI SYLLABLE QYR;Lo;0;L;;;;;N;;;;;
+A418;YI SYLLABLE JJIT;Lo;0;L;;;;;N;;;;;
+A419;YI SYLLABLE JJIX;Lo;0;L;;;;;N;;;;;
+A41A;YI SYLLABLE JJI;Lo;0;L;;;;;N;;;;;
+A41B;YI SYLLABLE JJIP;Lo;0;L;;;;;N;;;;;
+A41C;YI SYLLABLE JJIET;Lo;0;L;;;;;N;;;;;
+A41D;YI SYLLABLE JJIEX;Lo;0;L;;;;;N;;;;;
+A41E;YI SYLLABLE JJIE;Lo;0;L;;;;;N;;;;;
+A41F;YI SYLLABLE JJIEP;Lo;0;L;;;;;N;;;;;
+A420;YI SYLLABLE JJUOX;Lo;0;L;;;;;N;;;;;
+A421;YI SYLLABLE JJUO;Lo;0;L;;;;;N;;;;;
+A422;YI SYLLABLE JJUOP;Lo;0;L;;;;;N;;;;;
+A423;YI SYLLABLE JJOT;Lo;0;L;;;;;N;;;;;
+A424;YI SYLLABLE JJOX;Lo;0;L;;;;;N;;;;;
+A425;YI SYLLABLE JJO;Lo;0;L;;;;;N;;;;;
+A426;YI SYLLABLE JJOP;Lo;0;L;;;;;N;;;;;
+A427;YI SYLLABLE JJUT;Lo;0;L;;;;;N;;;;;
+A428;YI SYLLABLE JJUX;Lo;0;L;;;;;N;;;;;
+A429;YI SYLLABLE JJU;Lo;0;L;;;;;N;;;;;
+A42A;YI SYLLABLE JJUP;Lo;0;L;;;;;N;;;;;
+A42B;YI SYLLABLE JJURX;Lo;0;L;;;;;N;;;;;
+A42C;YI SYLLABLE JJUR;Lo;0;L;;;;;N;;;;;
+A42D;YI SYLLABLE JJYT;Lo;0;L;;;;;N;;;;;
+A42E;YI SYLLABLE JJYX;Lo;0;L;;;;;N;;;;;
+A42F;YI SYLLABLE JJY;Lo;0;L;;;;;N;;;;;
+A430;YI SYLLABLE JJYP;Lo;0;L;;;;;N;;;;;
+A431;YI SYLLABLE NJIT;Lo;0;L;;;;;N;;;;;
+A432;YI SYLLABLE NJIX;Lo;0;L;;;;;N;;;;;
+A433;YI SYLLABLE NJI;Lo;0;L;;;;;N;;;;;
+A434;YI SYLLABLE NJIP;Lo;0;L;;;;;N;;;;;
+A435;YI SYLLABLE NJIET;Lo;0;L;;;;;N;;;;;
+A436;YI SYLLABLE NJIEX;Lo;0;L;;;;;N;;;;;
+A437;YI SYLLABLE NJIE;Lo;0;L;;;;;N;;;;;
+A438;YI SYLLABLE NJIEP;Lo;0;L;;;;;N;;;;;
+A439;YI SYLLABLE NJUOX;Lo;0;L;;;;;N;;;;;
+A43A;YI SYLLABLE NJUO;Lo;0;L;;;;;N;;;;;
+A43B;YI SYLLABLE NJOT;Lo;0;L;;;;;N;;;;;
+A43C;YI SYLLABLE NJOX;Lo;0;L;;;;;N;;;;;
+A43D;YI SYLLABLE NJO;Lo;0;L;;;;;N;;;;;
+A43E;YI SYLLABLE NJOP;Lo;0;L;;;;;N;;;;;
+A43F;YI SYLLABLE NJUX;Lo;0;L;;;;;N;;;;;
+A440;YI SYLLABLE NJU;Lo;0;L;;;;;N;;;;;
+A441;YI SYLLABLE NJUP;Lo;0;L;;;;;N;;;;;
+A442;YI SYLLABLE NJURX;Lo;0;L;;;;;N;;;;;
+A443;YI SYLLABLE NJUR;Lo;0;L;;;;;N;;;;;
+A444;YI SYLLABLE NJYT;Lo;0;L;;;;;N;;;;;
+A445;YI SYLLABLE NJYX;Lo;0;L;;;;;N;;;;;
+A446;YI SYLLABLE NJY;Lo;0;L;;;;;N;;;;;
+A447;YI SYLLABLE NJYP;Lo;0;L;;;;;N;;;;;
+A448;YI SYLLABLE NJYRX;Lo;0;L;;;;;N;;;;;
+A449;YI SYLLABLE NJYR;Lo;0;L;;;;;N;;;;;
+A44A;YI SYLLABLE NYIT;Lo;0;L;;;;;N;;;;;
+A44B;YI SYLLABLE NYIX;Lo;0;L;;;;;N;;;;;
+A44C;YI SYLLABLE NYI;Lo;0;L;;;;;N;;;;;
+A44D;YI SYLLABLE NYIP;Lo;0;L;;;;;N;;;;;
+A44E;YI SYLLABLE NYIET;Lo;0;L;;;;;N;;;;;
+A44F;YI SYLLABLE NYIEX;Lo;0;L;;;;;N;;;;;
+A450;YI SYLLABLE NYIE;Lo;0;L;;;;;N;;;;;
+A451;YI SYLLABLE NYIEP;Lo;0;L;;;;;N;;;;;
+A452;YI SYLLABLE NYUOX;Lo;0;L;;;;;N;;;;;
+A453;YI SYLLABLE NYUO;Lo;0;L;;;;;N;;;;;
+A454;YI SYLLABLE NYUOP;Lo;0;L;;;;;N;;;;;
+A455;YI SYLLABLE NYOT;Lo;0;L;;;;;N;;;;;
+A456;YI SYLLABLE NYOX;Lo;0;L;;;;;N;;;;;
+A457;YI SYLLABLE NYO;Lo;0;L;;;;;N;;;;;
+A458;YI SYLLABLE NYOP;Lo;0;L;;;;;N;;;;;
+A459;YI SYLLABLE NYUT;Lo;0;L;;;;;N;;;;;
+A45A;YI SYLLABLE NYUX;Lo;0;L;;;;;N;;;;;
+A45B;YI SYLLABLE NYU;Lo;0;L;;;;;N;;;;;
+A45C;YI SYLLABLE NYUP;Lo;0;L;;;;;N;;;;;
+A45D;YI SYLLABLE XIT;Lo;0;L;;;;;N;;;;;
+A45E;YI SYLLABLE XIX;Lo;0;L;;;;;N;;;;;
+A45F;YI SYLLABLE XI;Lo;0;L;;;;;N;;;;;
+A460;YI SYLLABLE XIP;Lo;0;L;;;;;N;;;;;
+A461;YI SYLLABLE XIET;Lo;0;L;;;;;N;;;;;
+A462;YI SYLLABLE XIEX;Lo;0;L;;;;;N;;;;;
+A463;YI SYLLABLE XIE;Lo;0;L;;;;;N;;;;;
+A464;YI SYLLABLE XIEP;Lo;0;L;;;;;N;;;;;
+A465;YI SYLLABLE XUOX;Lo;0;L;;;;;N;;;;;
+A466;YI SYLLABLE XUO;Lo;0;L;;;;;N;;;;;
+A467;YI SYLLABLE XOT;Lo;0;L;;;;;N;;;;;
+A468;YI SYLLABLE XOX;Lo;0;L;;;;;N;;;;;
+A469;YI SYLLABLE XO;Lo;0;L;;;;;N;;;;;
+A46A;YI SYLLABLE XOP;Lo;0;L;;;;;N;;;;;
+A46B;YI SYLLABLE XYT;Lo;0;L;;;;;N;;;;;
+A46C;YI SYLLABLE XYX;Lo;0;L;;;;;N;;;;;
+A46D;YI SYLLABLE XY;Lo;0;L;;;;;N;;;;;
+A46E;YI SYLLABLE XYP;Lo;0;L;;;;;N;;;;;
+A46F;YI SYLLABLE XYRX;Lo;0;L;;;;;N;;;;;
+A470;YI SYLLABLE XYR;Lo;0;L;;;;;N;;;;;
+A471;YI SYLLABLE YIT;Lo;0;L;;;;;N;;;;;
+A472;YI SYLLABLE YIX;Lo;0;L;;;;;N;;;;;
+A473;YI SYLLABLE YI;Lo;0;L;;;;;N;;;;;
+A474;YI SYLLABLE YIP;Lo;0;L;;;;;N;;;;;
+A475;YI SYLLABLE YIET;Lo;0;L;;;;;N;;;;;
+A476;YI SYLLABLE YIEX;Lo;0;L;;;;;N;;;;;
+A477;YI SYLLABLE YIE;Lo;0;L;;;;;N;;;;;
+A478;YI SYLLABLE YIEP;Lo;0;L;;;;;N;;;;;
+A479;YI SYLLABLE YUOT;Lo;0;L;;;;;N;;;;;
+A47A;YI SYLLABLE YUOX;Lo;0;L;;;;;N;;;;;
+A47B;YI SYLLABLE YUO;Lo;0;L;;;;;N;;;;;
+A47C;YI SYLLABLE YUOP;Lo;0;L;;;;;N;;;;;
+A47D;YI SYLLABLE YOT;Lo;0;L;;;;;N;;;;;
+A47E;YI SYLLABLE YOX;Lo;0;L;;;;;N;;;;;
+A47F;YI SYLLABLE YO;Lo;0;L;;;;;N;;;;;
+A480;YI SYLLABLE YOP;Lo;0;L;;;;;N;;;;;
+A481;YI SYLLABLE YUT;Lo;0;L;;;;;N;;;;;
+A482;YI SYLLABLE YUX;Lo;0;L;;;;;N;;;;;
+A483;YI SYLLABLE YU;Lo;0;L;;;;;N;;;;;
+A484;YI SYLLABLE YUP;Lo;0;L;;;;;N;;;;;
+A485;YI SYLLABLE YURX;Lo;0;L;;;;;N;;;;;
+A486;YI SYLLABLE YUR;Lo;0;L;;;;;N;;;;;
+A487;YI SYLLABLE YYT;Lo;0;L;;;;;N;;;;;
+A488;YI SYLLABLE YYX;Lo;0;L;;;;;N;;;;;
+A489;YI SYLLABLE YY;Lo;0;L;;;;;N;;;;;
+A48A;YI SYLLABLE YYP;Lo;0;L;;;;;N;;;;;
+A48B;YI SYLLABLE YYRX;Lo;0;L;;;;;N;;;;;
+A48C;YI SYLLABLE YYR;Lo;0;L;;;;;N;;;;;
+A490;YI RADICAL QOT;So;0;ON;;;;;N;;;;;
+A491;YI RADICAL LI;So;0;ON;;;;;N;;;;;
+A492;YI RADICAL KIT;So;0;ON;;;;;N;;;;;
+A493;YI RADICAL NYIP;So;0;ON;;;;;N;;;;;
+A494;YI RADICAL CYP;So;0;ON;;;;;N;;;;;
+A495;YI RADICAL SSI;So;0;ON;;;;;N;;;;;
+A496;YI RADICAL GGOP;So;0;ON;;;;;N;;;;;
+A497;YI RADICAL GEP;So;0;ON;;;;;N;;;;;
+A498;YI RADICAL MI;So;0;ON;;;;;N;;;;;
+A499;YI RADICAL HXIT;So;0;ON;;;;;N;;;;;
+A49A;YI RADICAL LYR;So;0;ON;;;;;N;;;;;
+A49B;YI RADICAL BBUT;So;0;ON;;;;;N;;;;;
+A49C;YI RADICAL MOP;So;0;ON;;;;;N;;;;;
+A49D;YI RADICAL YO;So;0;ON;;;;;N;;;;;
+A49E;YI RADICAL PUT;So;0;ON;;;;;N;;;;;
+A49F;YI RADICAL HXUO;So;0;ON;;;;;N;;;;;
+A4A0;YI RADICAL TAT;So;0;ON;;;;;N;;;;;
+A4A1;YI RADICAL GA;So;0;ON;;;;;N;;;;;
+A4A2;YI RADICAL ZUP;So;0;ON;;;;;N;;;;;
+A4A3;YI RADICAL CYT;So;0;ON;;;;;N;;;;;
+A4A4;YI RADICAL DDUR;So;0;ON;;;;;N;;;;;
+A4A5;YI RADICAL BUR;So;0;ON;;;;;N;;;;;
+A4A6;YI RADICAL GGUO;So;0;ON;;;;;N;;;;;
+A4A7;YI RADICAL NYOP;So;0;ON;;;;;N;;;;;
+A4A8;YI RADICAL TU;So;0;ON;;;;;N;;;;;
+A4A9;YI RADICAL OP;So;0;ON;;;;;N;;;;;
+A4AA;YI RADICAL JJUT;So;0;ON;;;;;N;;;;;
+A4AB;YI RADICAL ZOT;So;0;ON;;;;;N;;;;;
+A4AC;YI RADICAL PYT;So;0;ON;;;;;N;;;;;
+A4AD;YI RADICAL HMO;So;0;ON;;;;;N;;;;;
+A4AE;YI RADICAL YIT;So;0;ON;;;;;N;;;;;
+A4AF;YI RADICAL VUR;So;0;ON;;;;;N;;;;;
+A4B0;YI RADICAL SHY;So;0;ON;;;;;N;;;;;
+A4B1;YI RADICAL VEP;So;0;ON;;;;;N;;;;;
+A4B2;YI RADICAL ZA;So;0;ON;;;;;N;;;;;
+A4B3;YI RADICAL JO;So;0;ON;;;;;N;;;;;
+A4B4;YI RADICAL NZUP;So;0;ON;;;;;N;;;;;
+A4B5;YI RADICAL JJY;So;0;ON;;;;;N;;;;;
+A4B6;YI RADICAL GOT;So;0;ON;;;;;N;;;;;
+A4B7;YI RADICAL JJIE;So;0;ON;;;;;N;;;;;
+A4B8;YI RADICAL WO;So;0;ON;;;;;N;;;;;
+A4B9;YI RADICAL DU;So;0;ON;;;;;N;;;;;
+A4BA;YI RADICAL SHUR;So;0;ON;;;;;N;;;;;
+A4BB;YI RADICAL LIE;So;0;ON;;;;;N;;;;;
+A4BC;YI RADICAL CY;So;0;ON;;;;;N;;;;;
+A4BD;YI RADICAL CUOP;So;0;ON;;;;;N;;;;;
+A4BE;YI RADICAL CIP;So;0;ON;;;;;N;;;;;
+A4BF;YI RADICAL HXOP;So;0;ON;;;;;N;;;;;
+A4C0;YI RADICAL SHAT;So;0;ON;;;;;N;;;;;
+A4C1;YI RADICAL ZUR;So;0;ON;;;;;N;;;;;
+A4C2;YI RADICAL SHOP;So;0;ON;;;;;N;;;;;
+A4C3;YI RADICAL CHE;So;0;ON;;;;;N;;;;;
+A4C4;YI RADICAL ZZIET;So;0;ON;;;;;N;;;;;
+A4C5;YI RADICAL NBIE;So;0;ON;;;;;N;;;;;
+A4C6;YI RADICAL KE;So;0;ON;;;;;N;;;;;
+AC00;<Hangul Syllable, First>;Lo;0;L;;;;;N;;;;;
+D7A3;<Hangul Syllable, Last>;Lo;0;L;;;;;N;;;;;
+D800;<Non Private Use High Surrogate, First>;Cs;0;L;;;;;N;;;;;
+DB7F;<Non Private Use High Surrogate, Last>;Cs;0;L;;;;;N;;;;;
+DB80;<Private Use High Surrogate, First>;Cs;0;L;;;;;N;;;;;
+DBFF;<Private Use High Surrogate, Last>;Cs;0;L;;;;;N;;;;;
+DC00;<Low Surrogate, First>;Cs;0;L;;;;;N;;;;;
+DFFF;<Low Surrogate, Last>;Cs;0;L;;;;;N;;;;;
+E000;<Private Use, First>;Co;0;L;;;;;N;;;;;
+F8FF;<Private Use, Last>;Co;0;L;;;;;N;;;;;
+F900;CJK COMPATIBILITY IDEOGRAPH-F900;Lo;0;L;8C48;;;;N;;;;;
+F901;CJK COMPATIBILITY IDEOGRAPH-F901;Lo;0;L;66F4;;;;N;;;;;
+F902;CJK COMPATIBILITY IDEOGRAPH-F902;Lo;0;L;8ECA;;;;N;;;;;
+F903;CJK COMPATIBILITY IDEOGRAPH-F903;Lo;0;L;8CC8;;;;N;;;;;
+F904;CJK COMPATIBILITY IDEOGRAPH-F904;Lo;0;L;6ED1;;;;N;;;;;
+F905;CJK COMPATIBILITY IDEOGRAPH-F905;Lo;0;L;4E32;;;;N;;;;;
+F906;CJK COMPATIBILITY IDEOGRAPH-F906;Lo;0;L;53E5;;;;N;;;;;
+F907;CJK COMPATIBILITY IDEOGRAPH-F907;Lo;0;L;9F9C;;;;N;;;;;
+F908;CJK COMPATIBILITY IDEOGRAPH-F908;Lo;0;L;9F9C;;;;N;;;;;
+F909;CJK COMPATIBILITY IDEOGRAPH-F909;Lo;0;L;5951;;;;N;;;;;
+F90A;CJK COMPATIBILITY IDEOGRAPH-F90A;Lo;0;L;91D1;;;;N;;;;;
+F90B;CJK COMPATIBILITY IDEOGRAPH-F90B;Lo;0;L;5587;;;;N;;;;;
+F90C;CJK COMPATIBILITY IDEOGRAPH-F90C;Lo;0;L;5948;;;;N;;;;;
+F90D;CJK COMPATIBILITY IDEOGRAPH-F90D;Lo;0;L;61F6;;;;N;;;;;
+F90E;CJK COMPATIBILITY IDEOGRAPH-F90E;Lo;0;L;7669;;;;N;;;;;
+F90F;CJK COMPATIBILITY IDEOGRAPH-F90F;Lo;0;L;7F85;;;;N;;;;;
+F910;CJK COMPATIBILITY IDEOGRAPH-F910;Lo;0;L;863F;;;;N;;;;;
+F911;CJK COMPATIBILITY IDEOGRAPH-F911;Lo;0;L;87BA;;;;N;;;;;
+F912;CJK COMPATIBILITY IDEOGRAPH-F912;Lo;0;L;88F8;;;;N;;;;;
+F913;CJK COMPATIBILITY IDEOGRAPH-F913;Lo;0;L;908F;;;;N;;;;;
+F914;CJK COMPATIBILITY IDEOGRAPH-F914;Lo;0;L;6A02;;;;N;;;;;
+F915;CJK COMPATIBILITY IDEOGRAPH-F915;Lo;0;L;6D1B;;;;N;;;;;
+F916;CJK COMPATIBILITY IDEOGRAPH-F916;Lo;0;L;70D9;;;;N;;;;;
+F917;CJK COMPATIBILITY IDEOGRAPH-F917;Lo;0;L;73DE;;;;N;;;;;
+F918;CJK COMPATIBILITY IDEOGRAPH-F918;Lo;0;L;843D;;;;N;;;;;
+F919;CJK COMPATIBILITY IDEOGRAPH-F919;Lo;0;L;916A;;;;N;;;;;
+F91A;CJK COMPATIBILITY IDEOGRAPH-F91A;Lo;0;L;99F1;;;;N;;;;;
+F91B;CJK COMPATIBILITY IDEOGRAPH-F91B;Lo;0;L;4E82;;;;N;;;;;
+F91C;CJK COMPATIBILITY IDEOGRAPH-F91C;Lo;0;L;5375;;;;N;;;;;
+F91D;CJK COMPATIBILITY IDEOGRAPH-F91D;Lo;0;L;6B04;;;;N;;;;;
+F91E;CJK COMPATIBILITY IDEOGRAPH-F91E;Lo;0;L;721B;;;;N;;;;;
+F91F;CJK COMPATIBILITY IDEOGRAPH-F91F;Lo;0;L;862D;;;;N;;;;;
+F920;CJK COMPATIBILITY IDEOGRAPH-F920;Lo;0;L;9E1E;;;;N;;;;;
+F921;CJK COMPATIBILITY IDEOGRAPH-F921;Lo;0;L;5D50;;;;N;;;;;
+F922;CJK COMPATIBILITY IDEOGRAPH-F922;Lo;0;L;6FEB;;;;N;;;;;
+F923;CJK COMPATIBILITY IDEOGRAPH-F923;Lo;0;L;85CD;;;;N;;;;;
+F924;CJK COMPATIBILITY IDEOGRAPH-F924;Lo;0;L;8964;;;;N;;;;;
+F925;CJK COMPATIBILITY IDEOGRAPH-F925;Lo;0;L;62C9;;;;N;;;;;
+F926;CJK COMPATIBILITY IDEOGRAPH-F926;Lo;0;L;81D8;;;;N;;;;;
+F927;CJK COMPATIBILITY IDEOGRAPH-F927;Lo;0;L;881F;;;;N;;;;;
+F928;CJK COMPATIBILITY IDEOGRAPH-F928;Lo;0;L;5ECA;;;;N;;;;;
+F929;CJK COMPATIBILITY IDEOGRAPH-F929;Lo;0;L;6717;;;;N;;;;;
+F92A;CJK COMPATIBILITY IDEOGRAPH-F92A;Lo;0;L;6D6A;;;;N;;;;;
+F92B;CJK COMPATIBILITY IDEOGRAPH-F92B;Lo;0;L;72FC;;;;N;;;;;
+F92C;CJK COMPATIBILITY IDEOGRAPH-F92C;Lo;0;L;90CE;;;;N;;;;;
+F92D;CJK COMPATIBILITY IDEOGRAPH-F92D;Lo;0;L;4F86;;;;N;;;;;
+F92E;CJK COMPATIBILITY IDEOGRAPH-F92E;Lo;0;L;51B7;;;;N;;;;;
+F92F;CJK COMPATIBILITY IDEOGRAPH-F92F;Lo;0;L;52DE;;;;N;;;;;
+F930;CJK COMPATIBILITY IDEOGRAPH-F930;Lo;0;L;64C4;;;;N;;;;;
+F931;CJK COMPATIBILITY IDEOGRAPH-F931;Lo;0;L;6AD3;;;;N;;;;;
+F932;CJK COMPATIBILITY IDEOGRAPH-F932;Lo;0;L;7210;;;;N;;;;;
+F933;CJK COMPATIBILITY IDEOGRAPH-F933;Lo;0;L;76E7;;;;N;;;;;
+F934;CJK COMPATIBILITY IDEOGRAPH-F934;Lo;0;L;8001;;;;N;;;;;
+F935;CJK COMPATIBILITY IDEOGRAPH-F935;Lo;0;L;8606;;;;N;;;;;
+F936;CJK COMPATIBILITY IDEOGRAPH-F936;Lo;0;L;865C;;;;N;;;;;
+F937;CJK COMPATIBILITY IDEOGRAPH-F937;Lo;0;L;8DEF;;;;N;;;;;
+F938;CJK COMPATIBILITY IDEOGRAPH-F938;Lo;0;L;9732;;;;N;;;;;
+F939;CJK COMPATIBILITY IDEOGRAPH-F939;Lo;0;L;9B6F;;;;N;;;;;
+F93A;CJK COMPATIBILITY IDEOGRAPH-F93A;Lo;0;L;9DFA;;;;N;;;;;
+F93B;CJK COMPATIBILITY IDEOGRAPH-F93B;Lo;0;L;788C;;;;N;;;;;
+F93C;CJK COMPATIBILITY IDEOGRAPH-F93C;Lo;0;L;797F;;;;N;;;;;
+F93D;CJK COMPATIBILITY IDEOGRAPH-F93D;Lo;0;L;7DA0;;;;N;;;;;
+F93E;CJK COMPATIBILITY IDEOGRAPH-F93E;Lo;0;L;83C9;;;;N;;;;;
+F93F;CJK COMPATIBILITY IDEOGRAPH-F93F;Lo;0;L;9304;;;;N;;;;;
+F940;CJK COMPATIBILITY IDEOGRAPH-F940;Lo;0;L;9E7F;;;;N;;;;;
+F941;CJK COMPATIBILITY IDEOGRAPH-F941;Lo;0;L;8AD6;;;;N;;;;;
+F942;CJK COMPATIBILITY IDEOGRAPH-F942;Lo;0;L;58DF;;;;N;;;;;
+F943;CJK COMPATIBILITY IDEOGRAPH-F943;Lo;0;L;5F04;;;;N;;;;;
+F944;CJK COMPATIBILITY IDEOGRAPH-F944;Lo;0;L;7C60;;;;N;;;;;
+F945;CJK COMPATIBILITY IDEOGRAPH-F945;Lo;0;L;807E;;;;N;;;;;
+F946;CJK COMPATIBILITY IDEOGRAPH-F946;Lo;0;L;7262;;;;N;;;;;
+F947;CJK COMPATIBILITY IDEOGRAPH-F947;Lo;0;L;78CA;;;;N;;;;;
+F948;CJK COMPATIBILITY IDEOGRAPH-F948;Lo;0;L;8CC2;;;;N;;;;;
+F949;CJK COMPATIBILITY IDEOGRAPH-F949;Lo;0;L;96F7;;;;N;;;;;
+F94A;CJK COMPATIBILITY IDEOGRAPH-F94A;Lo;0;L;58D8;;;;N;;;;;
+F94B;CJK COMPATIBILITY IDEOGRAPH-F94B;Lo;0;L;5C62;;;;N;;;;;
+F94C;CJK COMPATIBILITY IDEOGRAPH-F94C;Lo;0;L;6A13;;;;N;;;;;
+F94D;CJK COMPATIBILITY IDEOGRAPH-F94D;Lo;0;L;6DDA;;;;N;;;;;
+F94E;CJK COMPATIBILITY IDEOGRAPH-F94E;Lo;0;L;6F0F;;;;N;;;;;
+F94F;CJK COMPATIBILITY IDEOGRAPH-F94F;Lo;0;L;7D2F;;;;N;;;;;
+F950;CJK COMPATIBILITY IDEOGRAPH-F950;Lo;0;L;7E37;;;;N;;;;;
+F951;CJK COMPATIBILITY IDEOGRAPH-F951;Lo;0;L;964B;;;;N;;;;;
+F952;CJK COMPATIBILITY IDEOGRAPH-F952;Lo;0;L;52D2;;;;N;;;;;
+F953;CJK COMPATIBILITY IDEOGRAPH-F953;Lo;0;L;808B;;;;N;;;;;
+F954;CJK COMPATIBILITY IDEOGRAPH-F954;Lo;0;L;51DC;;;;N;;;;;
+F955;CJK COMPATIBILITY IDEOGRAPH-F955;Lo;0;L;51CC;;;;N;;;;;
+F956;CJK COMPATIBILITY IDEOGRAPH-F956;Lo;0;L;7A1C;;;;N;;;;;
+F957;CJK COMPATIBILITY IDEOGRAPH-F957;Lo;0;L;7DBE;;;;N;;;;;
+F958;CJK COMPATIBILITY IDEOGRAPH-F958;Lo;0;L;83F1;;;;N;;;;;
+F959;CJK COMPATIBILITY IDEOGRAPH-F959;Lo;0;L;9675;;;;N;;;;;
+F95A;CJK COMPATIBILITY IDEOGRAPH-F95A;Lo;0;L;8B80;;;;N;;;;;
+F95B;CJK COMPATIBILITY IDEOGRAPH-F95B;Lo;0;L;62CF;;;;N;;;;;
+F95C;CJK COMPATIBILITY IDEOGRAPH-F95C;Lo;0;L;6A02;;;;N;;;;;
+F95D;CJK COMPATIBILITY IDEOGRAPH-F95D;Lo;0;L;8AFE;;;;N;;;;;
+F95E;CJK COMPATIBILITY IDEOGRAPH-F95E;Lo;0;L;4E39;;;;N;;;;;
+F95F;CJK COMPATIBILITY IDEOGRAPH-F95F;Lo;0;L;5BE7;;;;N;;;;;
+F960;CJK COMPATIBILITY IDEOGRAPH-F960;Lo;0;L;6012;;;;N;;;;;
+F961;CJK COMPATIBILITY IDEOGRAPH-F961;Lo;0;L;7387;;;;N;;;;;
+F962;CJK COMPATIBILITY IDEOGRAPH-F962;Lo;0;L;7570;;;;N;;;;;
+F963;CJK COMPATIBILITY IDEOGRAPH-F963;Lo;0;L;5317;;;;N;;;;;
+F964;CJK COMPATIBILITY IDEOGRAPH-F964;Lo;0;L;78FB;;;;N;;;;;
+F965;CJK COMPATIBILITY IDEOGRAPH-F965;Lo;0;L;4FBF;;;;N;;;;;
+F966;CJK COMPATIBILITY IDEOGRAPH-F966;Lo;0;L;5FA9;;;;N;;;;;
+F967;CJK COMPATIBILITY IDEOGRAPH-F967;Lo;0;L;4E0D;;;;N;;;;;
+F968;CJK COMPATIBILITY IDEOGRAPH-F968;Lo;0;L;6CCC;;;;N;;;;;
+F969;CJK COMPATIBILITY IDEOGRAPH-F969;Lo;0;L;6578;;;;N;;;;;
+F96A;CJK COMPATIBILITY IDEOGRAPH-F96A;Lo;0;L;7D22;;;;N;;;;;
+F96B;CJK COMPATIBILITY IDEOGRAPH-F96B;Lo;0;L;53C3;;;;N;;;;;
+F96C;CJK COMPATIBILITY IDEOGRAPH-F96C;Lo;0;L;585E;;;;N;;;;;
+F96D;CJK COMPATIBILITY IDEOGRAPH-F96D;Lo;0;L;7701;;;;N;;;;;
+F96E;CJK COMPATIBILITY IDEOGRAPH-F96E;Lo;0;L;8449;;;;N;;;;;
+F96F;CJK COMPATIBILITY IDEOGRAPH-F96F;Lo;0;L;8AAA;;;;N;;;;;
+F970;CJK COMPATIBILITY IDEOGRAPH-F970;Lo;0;L;6BBA;;;;N;;;;;
+F971;CJK COMPATIBILITY IDEOGRAPH-F971;Lo;0;L;8FB0;;;;N;;;;;
+F972;CJK COMPATIBILITY IDEOGRAPH-F972;Lo;0;L;6C88;;;;N;;;;;
+F973;CJK COMPATIBILITY IDEOGRAPH-F973;Lo;0;L;62FE;;;;N;;;;;
+F974;CJK COMPATIBILITY IDEOGRAPH-F974;Lo;0;L;82E5;;;;N;;;;;
+F975;CJK COMPATIBILITY IDEOGRAPH-F975;Lo;0;L;63A0;;;;N;;;;;
+F976;CJK COMPATIBILITY IDEOGRAPH-F976;Lo;0;L;7565;;;;N;;;;;
+F977;CJK COMPATIBILITY IDEOGRAPH-F977;Lo;0;L;4EAE;;;;N;;;;;
+F978;CJK COMPATIBILITY IDEOGRAPH-F978;Lo;0;L;5169;;;;N;;;;;
+F979;CJK COMPATIBILITY IDEOGRAPH-F979;Lo;0;L;51C9;;;;N;;;;;
+F97A;CJK COMPATIBILITY IDEOGRAPH-F97A;Lo;0;L;6881;;;;N;;;;;
+F97B;CJK COMPATIBILITY IDEOGRAPH-F97B;Lo;0;L;7CE7;;;;N;;;;;
+F97C;CJK COMPATIBILITY IDEOGRAPH-F97C;Lo;0;L;826F;;;;N;;;;;
+F97D;CJK COMPATIBILITY IDEOGRAPH-F97D;Lo;0;L;8AD2;;;;N;;;;;
+F97E;CJK COMPATIBILITY IDEOGRAPH-F97E;Lo;0;L;91CF;;;;N;;;;;
+F97F;CJK COMPATIBILITY IDEOGRAPH-F97F;Lo;0;L;52F5;;;;N;;;;;
+F980;CJK COMPATIBILITY IDEOGRAPH-F980;Lo;0;L;5442;;;;N;;;;;
+F981;CJK COMPATIBILITY IDEOGRAPH-F981;Lo;0;L;5973;;;;N;;;;;
+F982;CJK COMPATIBILITY IDEOGRAPH-F982;Lo;0;L;5EEC;;;;N;;;;;
+F983;CJK COMPATIBILITY IDEOGRAPH-F983;Lo;0;L;65C5;;;;N;;;;;
+F984;CJK COMPATIBILITY IDEOGRAPH-F984;Lo;0;L;6FFE;;;;N;;;;;
+F985;CJK COMPATIBILITY IDEOGRAPH-F985;Lo;0;L;792A;;;;N;;;;;
+F986;CJK COMPATIBILITY IDEOGRAPH-F986;Lo;0;L;95AD;;;;N;;;;;
+F987;CJK COMPATIBILITY IDEOGRAPH-F987;Lo;0;L;9A6A;;;;N;;;;;
+F988;CJK COMPATIBILITY IDEOGRAPH-F988;Lo;0;L;9E97;;;;N;;;;;
+F989;CJK COMPATIBILITY IDEOGRAPH-F989;Lo;0;L;9ECE;;;;N;;;;;
+F98A;CJK COMPATIBILITY IDEOGRAPH-F98A;Lo;0;L;529B;;;;N;;;;;
+F98B;CJK COMPATIBILITY IDEOGRAPH-F98B;Lo;0;L;66C6;;;;N;;;;;
+F98C;CJK COMPATIBILITY IDEOGRAPH-F98C;Lo;0;L;6B77;;;;N;;;;;
+F98D;CJK COMPATIBILITY IDEOGRAPH-F98D;Lo;0;L;8F62;;;;N;;;;;
+F98E;CJK COMPATIBILITY IDEOGRAPH-F98E;Lo;0;L;5E74;;;;N;;;;;
+F98F;CJK COMPATIBILITY IDEOGRAPH-F98F;Lo;0;L;6190;;;;N;;;;;
+F990;CJK COMPATIBILITY IDEOGRAPH-F990;Lo;0;L;6200;;;;N;;;;;
+F991;CJK COMPATIBILITY IDEOGRAPH-F991;Lo;0;L;649A;;;;N;;;;;
+F992;CJK COMPATIBILITY IDEOGRAPH-F992;Lo;0;L;6F23;;;;N;;;;;
+F993;CJK COMPATIBILITY IDEOGRAPH-F993;Lo;0;L;7149;;;;N;;;;;
+F994;CJK COMPATIBILITY IDEOGRAPH-F994;Lo;0;L;7489;;;;N;;;;;
+F995;CJK COMPATIBILITY IDEOGRAPH-F995;Lo;0;L;79CA;;;;N;;;;;
+F996;CJK COMPATIBILITY IDEOGRAPH-F996;Lo;0;L;7DF4;;;;N;;;;;
+F997;CJK COMPATIBILITY IDEOGRAPH-F997;Lo;0;L;806F;;;;N;;;;;
+F998;CJK COMPATIBILITY IDEOGRAPH-F998;Lo;0;L;8F26;;;;N;;;;;
+F999;CJK COMPATIBILITY IDEOGRAPH-F999;Lo;0;L;84EE;;;;N;;;;;
+F99A;CJK COMPATIBILITY IDEOGRAPH-F99A;Lo;0;L;9023;;;;N;;;;;
+F99B;CJK COMPATIBILITY IDEOGRAPH-F99B;Lo;0;L;934A;;;;N;;;;;
+F99C;CJK COMPATIBILITY IDEOGRAPH-F99C;Lo;0;L;5217;;;;N;;;;;
+F99D;CJK COMPATIBILITY IDEOGRAPH-F99D;Lo;0;L;52A3;;;;N;;;;;
+F99E;CJK COMPATIBILITY IDEOGRAPH-F99E;Lo;0;L;54BD;;;;N;;;;;
+F99F;CJK COMPATIBILITY IDEOGRAPH-F99F;Lo;0;L;70C8;;;;N;;;;;
+F9A0;CJK COMPATIBILITY IDEOGRAPH-F9A0;Lo;0;L;88C2;;;;N;;;;;
+F9A1;CJK COMPATIBILITY IDEOGRAPH-F9A1;Lo;0;L;8AAA;;;;N;;;;;
+F9A2;CJK COMPATIBILITY IDEOGRAPH-F9A2;Lo;0;L;5EC9;;;;N;;;;;
+F9A3;CJK COMPATIBILITY IDEOGRAPH-F9A3;Lo;0;L;5FF5;;;;N;;;;;
+F9A4;CJK COMPATIBILITY IDEOGRAPH-F9A4;Lo;0;L;637B;;;;N;;;;;
+F9A5;CJK COMPATIBILITY IDEOGRAPH-F9A5;Lo;0;L;6BAE;;;;N;;;;;
+F9A6;CJK COMPATIBILITY IDEOGRAPH-F9A6;Lo;0;L;7C3E;;;;N;;;;;
+F9A7;CJK COMPATIBILITY IDEOGRAPH-F9A7;Lo;0;L;7375;;;;N;;;;;
+F9A8;CJK COMPATIBILITY IDEOGRAPH-F9A8;Lo;0;L;4EE4;;;;N;;;;;
+F9A9;CJK COMPATIBILITY IDEOGRAPH-F9A9;Lo;0;L;56F9;;;;N;;;;;
+F9AA;CJK COMPATIBILITY IDEOGRAPH-F9AA;Lo;0;L;5BE7;;;;N;;;;;
+F9AB;CJK COMPATIBILITY IDEOGRAPH-F9AB;Lo;0;L;5DBA;;;;N;;;;;
+F9AC;CJK COMPATIBILITY IDEOGRAPH-F9AC;Lo;0;L;601C;;;;N;;;;;
+F9AD;CJK COMPATIBILITY IDEOGRAPH-F9AD;Lo;0;L;73B2;;;;N;;;;;
+F9AE;CJK COMPATIBILITY IDEOGRAPH-F9AE;Lo;0;L;7469;;;;N;;;;;
+F9AF;CJK COMPATIBILITY IDEOGRAPH-F9AF;Lo;0;L;7F9A;;;;N;;;;;
+F9B0;CJK COMPATIBILITY IDEOGRAPH-F9B0;Lo;0;L;8046;;;;N;;;;;
+F9B1;CJK COMPATIBILITY IDEOGRAPH-F9B1;Lo;0;L;9234;;;;N;;;;;
+F9B2;CJK COMPATIBILITY IDEOGRAPH-F9B2;Lo;0;L;96F6;;;;N;;;;;
+F9B3;CJK COMPATIBILITY IDEOGRAPH-F9B3;Lo;0;L;9748;;;;N;;;;;
+F9B4;CJK COMPATIBILITY IDEOGRAPH-F9B4;Lo;0;L;9818;;;;N;;;;;
+F9B5;CJK COMPATIBILITY IDEOGRAPH-F9B5;Lo;0;L;4F8B;;;;N;;;;;
+F9B6;CJK COMPATIBILITY IDEOGRAPH-F9B6;Lo;0;L;79AE;;;;N;;;;;
+F9B7;CJK COMPATIBILITY IDEOGRAPH-F9B7;Lo;0;L;91B4;;;;N;;;;;
+F9B8;CJK COMPATIBILITY IDEOGRAPH-F9B8;Lo;0;L;96B8;;;;N;;;;;
+F9B9;CJK COMPATIBILITY IDEOGRAPH-F9B9;Lo;0;L;60E1;;;;N;;;;;
+F9BA;CJK COMPATIBILITY IDEOGRAPH-F9BA;Lo;0;L;4E86;;;;N;;;;;
+F9BB;CJK COMPATIBILITY IDEOGRAPH-F9BB;Lo;0;L;50DA;;;;N;;;;;
+F9BC;CJK COMPATIBILITY IDEOGRAPH-F9BC;Lo;0;L;5BEE;;;;N;;;;;
+F9BD;CJK COMPATIBILITY IDEOGRAPH-F9BD;Lo;0;L;5C3F;;;;N;;;;;
+F9BE;CJK COMPATIBILITY IDEOGRAPH-F9BE;Lo;0;L;6599;;;;N;;;;;
+F9BF;CJK COMPATIBILITY IDEOGRAPH-F9BF;Lo;0;L;6A02;;;;N;;;;;
+F9C0;CJK COMPATIBILITY IDEOGRAPH-F9C0;Lo;0;L;71CE;;;;N;;;;;
+F9C1;CJK COMPATIBILITY IDEOGRAPH-F9C1;Lo;0;L;7642;;;;N;;;;;
+F9C2;CJK COMPATIBILITY IDEOGRAPH-F9C2;Lo;0;L;84FC;;;;N;;;;;
+F9C3;CJK COMPATIBILITY IDEOGRAPH-F9C3;Lo;0;L;907C;;;;N;;;;;
+F9C4;CJK COMPATIBILITY IDEOGRAPH-F9C4;Lo;0;L;9F8D;;;;N;;;;;
+F9C5;CJK COMPATIBILITY IDEOGRAPH-F9C5;Lo;0;L;6688;;;;N;;;;;
+F9C6;CJK COMPATIBILITY IDEOGRAPH-F9C6;Lo;0;L;962E;;;;N;;;;;
+F9C7;CJK COMPATIBILITY IDEOGRAPH-F9C7;Lo;0;L;5289;;;;N;;;;;
+F9C8;CJK COMPATIBILITY IDEOGRAPH-F9C8;Lo;0;L;677B;;;;N;;;;;
+F9C9;CJK COMPATIBILITY IDEOGRAPH-F9C9;Lo;0;L;67F3;;;;N;;;;;
+F9CA;CJK COMPATIBILITY IDEOGRAPH-F9CA;Lo;0;L;6D41;;;;N;;;;;
+F9CB;CJK COMPATIBILITY IDEOGRAPH-F9CB;Lo;0;L;6E9C;;;;N;;;;;
+F9CC;CJK COMPATIBILITY IDEOGRAPH-F9CC;Lo;0;L;7409;;;;N;;;;;
+F9CD;CJK COMPATIBILITY IDEOGRAPH-F9CD;Lo;0;L;7559;;;;N;;;;;
+F9CE;CJK COMPATIBILITY IDEOGRAPH-F9CE;Lo;0;L;786B;;;;N;;;;;
+F9CF;CJK COMPATIBILITY IDEOGRAPH-F9CF;Lo;0;L;7D10;;;;N;;;;;
+F9D0;CJK COMPATIBILITY IDEOGRAPH-F9D0;Lo;0;L;985E;;;;N;;;;;
+F9D1;CJK COMPATIBILITY IDEOGRAPH-F9D1;Lo;0;L;516D;;;;N;;;;;
+F9D2;CJK COMPATIBILITY IDEOGRAPH-F9D2;Lo;0;L;622E;;;;N;;;;;
+F9D3;CJK COMPATIBILITY IDEOGRAPH-F9D3;Lo;0;L;9678;;;;N;;;;;
+F9D4;CJK COMPATIBILITY IDEOGRAPH-F9D4;Lo;0;L;502B;;;;N;;;;;
+F9D5;CJK COMPATIBILITY IDEOGRAPH-F9D5;Lo;0;L;5D19;;;;N;;;;;
+F9D6;CJK COMPATIBILITY IDEOGRAPH-F9D6;Lo;0;L;6DEA;;;;N;;;;;
+F9D7;CJK COMPATIBILITY IDEOGRAPH-F9D7;Lo;0;L;8F2A;;;;N;;;;;
+F9D8;CJK COMPATIBILITY IDEOGRAPH-F9D8;Lo;0;L;5F8B;;;;N;;;;;
+F9D9;CJK COMPATIBILITY IDEOGRAPH-F9D9;Lo;0;L;6144;;;;N;;;;;
+F9DA;CJK COMPATIBILITY IDEOGRAPH-F9DA;Lo;0;L;6817;;;;N;;;;;
+F9DB;CJK COMPATIBILITY IDEOGRAPH-F9DB;Lo;0;L;7387;;;;N;;;;;
+F9DC;CJK COMPATIBILITY IDEOGRAPH-F9DC;Lo;0;L;9686;;;;N;;;;;
+F9DD;CJK COMPATIBILITY IDEOGRAPH-F9DD;Lo;0;L;5229;;;;N;;;;;
+F9DE;CJK COMPATIBILITY IDEOGRAPH-F9DE;Lo;0;L;540F;;;;N;;;;;
+F9DF;CJK COMPATIBILITY IDEOGRAPH-F9DF;Lo;0;L;5C65;;;;N;;;;;
+F9E0;CJK COMPATIBILITY IDEOGRAPH-F9E0;Lo;0;L;6613;;;;N;;;;;
+F9E1;CJK COMPATIBILITY IDEOGRAPH-F9E1;Lo;0;L;674E;;;;N;;;;;
+F9E2;CJK COMPATIBILITY IDEOGRAPH-F9E2;Lo;0;L;68A8;;;;N;;;;;
+F9E3;CJK COMPATIBILITY IDEOGRAPH-F9E3;Lo;0;L;6CE5;;;;N;;;;;
+F9E4;CJK COMPATIBILITY IDEOGRAPH-F9E4;Lo;0;L;7406;;;;N;;;;;
+F9E5;CJK COMPATIBILITY IDEOGRAPH-F9E5;Lo;0;L;75E2;;;;N;;;;;
+F9E6;CJK COMPATIBILITY IDEOGRAPH-F9E6;Lo;0;L;7F79;;;;N;;;;;
+F9E7;CJK COMPATIBILITY IDEOGRAPH-F9E7;Lo;0;L;88CF;;;;N;;;;;
+F9E8;CJK COMPATIBILITY IDEOGRAPH-F9E8;Lo;0;L;88E1;;;;N;;;;;
+F9E9;CJK COMPATIBILITY IDEOGRAPH-F9E9;Lo;0;L;91CC;;;;N;;;;;
+F9EA;CJK COMPATIBILITY IDEOGRAPH-F9EA;Lo;0;L;96E2;;;;N;;;;;
+F9EB;CJK COMPATIBILITY IDEOGRAPH-F9EB;Lo;0;L;533F;;;;N;;;;;
+F9EC;CJK COMPATIBILITY IDEOGRAPH-F9EC;Lo;0;L;6EBA;;;;N;;;;;
+F9ED;CJK COMPATIBILITY IDEOGRAPH-F9ED;Lo;0;L;541D;;;;N;;;;;
+F9EE;CJK COMPATIBILITY IDEOGRAPH-F9EE;Lo;0;L;71D0;;;;N;;;;;
+F9EF;CJK COMPATIBILITY IDEOGRAPH-F9EF;Lo;0;L;7498;;;;N;;;;;
+F9F0;CJK COMPATIBILITY IDEOGRAPH-F9F0;Lo;0;L;85FA;;;;N;;;;;
+F9F1;CJK COMPATIBILITY IDEOGRAPH-F9F1;Lo;0;L;96A3;;;;N;;;;;
+F9F2;CJK COMPATIBILITY IDEOGRAPH-F9F2;Lo;0;L;9C57;;;;N;;;;;
+F9F3;CJK COMPATIBILITY IDEOGRAPH-F9F3;Lo;0;L;9E9F;;;;N;;;;;
+F9F4;CJK COMPATIBILITY IDEOGRAPH-F9F4;Lo;0;L;6797;;;;N;;;;;
+F9F5;CJK COMPATIBILITY IDEOGRAPH-F9F5;Lo;0;L;6DCB;;;;N;;;;;
+F9F6;CJK COMPATIBILITY IDEOGRAPH-F9F6;Lo;0;L;81E8;;;;N;;;;;
+F9F7;CJK COMPATIBILITY IDEOGRAPH-F9F7;Lo;0;L;7ACB;;;;N;;;;;
+F9F8;CJK COMPATIBILITY IDEOGRAPH-F9F8;Lo;0;L;7B20;;;;N;;;;;
+F9F9;CJK COMPATIBILITY IDEOGRAPH-F9F9;Lo;0;L;7C92;;;;N;;;;;
+F9FA;CJK COMPATIBILITY IDEOGRAPH-F9FA;Lo;0;L;72C0;;;;N;;;;;
+F9FB;CJK COMPATIBILITY IDEOGRAPH-F9FB;Lo;0;L;7099;;;;N;;;;;
+F9FC;CJK COMPATIBILITY IDEOGRAPH-F9FC;Lo;0;L;8B58;;;;N;;;;;
+F9FD;CJK COMPATIBILITY IDEOGRAPH-F9FD;Lo;0;L;4EC0;;;;N;;;;;
+F9FE;CJK COMPATIBILITY IDEOGRAPH-F9FE;Lo;0;L;8336;;;;N;;;;;
+F9FF;CJK COMPATIBILITY IDEOGRAPH-F9FF;Lo;0;L;523A;;;;N;;;;;
+FA00;CJK COMPATIBILITY IDEOGRAPH-FA00;Lo;0;L;5207;;;;N;;;;;
+FA01;CJK COMPATIBILITY IDEOGRAPH-FA01;Lo;0;L;5EA6;;;;N;;;;;
+FA02;CJK COMPATIBILITY IDEOGRAPH-FA02;Lo;0;L;62D3;;;;N;;;;;
+FA03;CJK COMPATIBILITY IDEOGRAPH-FA03;Lo;0;L;7CD6;;;;N;;;;;
+FA04;CJK COMPATIBILITY IDEOGRAPH-FA04;Lo;0;L;5B85;;;;N;;;;;
+FA05;CJK COMPATIBILITY IDEOGRAPH-FA05;Lo;0;L;6D1E;;;;N;;;;;
+FA06;CJK COMPATIBILITY IDEOGRAPH-FA06;Lo;0;L;66B4;;;;N;;;;;
+FA07;CJK COMPATIBILITY IDEOGRAPH-FA07;Lo;0;L;8F3B;;;;N;;;;;
+FA08;CJK COMPATIBILITY IDEOGRAPH-FA08;Lo;0;L;884C;;;;N;;;;;
+FA09;CJK COMPATIBILITY IDEOGRAPH-FA09;Lo;0;L;964D;;;;N;;;;;
+FA0A;CJK COMPATIBILITY IDEOGRAPH-FA0A;Lo;0;L;898B;;;;N;;;;;
+FA0B;CJK COMPATIBILITY IDEOGRAPH-FA0B;Lo;0;L;5ED3;;;;N;;;;;
+FA0C;CJK COMPATIBILITY IDEOGRAPH-FA0C;Lo;0;L;5140;;;;N;;;;;
+FA0D;CJK COMPATIBILITY IDEOGRAPH-FA0D;Lo;0;L;55C0;;;;N;;;;;
+FA0E;CJK COMPATIBILITY IDEOGRAPH-FA0E;Lo;0;L;;;;;N;;;;;
+FA0F;CJK COMPATIBILITY IDEOGRAPH-FA0F;Lo;0;L;;;;;N;;;;;
+FA10;CJK COMPATIBILITY IDEOGRAPH-FA10;Lo;0;L;585A;;;;N;;;;;
+FA11;CJK COMPATIBILITY IDEOGRAPH-FA11;Lo;0;L;;;;;N;;;;;
+FA12;CJK COMPATIBILITY IDEOGRAPH-FA12;Lo;0;L;6674;;;;N;;;;;
+FA13;CJK COMPATIBILITY IDEOGRAPH-FA13;Lo;0;L;;;;;N;;;;;
+FA14;CJK COMPATIBILITY IDEOGRAPH-FA14;Lo;0;L;;;;;N;;;;;
+FA15;CJK COMPATIBILITY IDEOGRAPH-FA15;Lo;0;L;51DE;;;;N;;;;;
+FA16;CJK COMPATIBILITY IDEOGRAPH-FA16;Lo;0;L;732A;;;;N;;;;;
+FA17;CJK COMPATIBILITY IDEOGRAPH-FA17;Lo;0;L;76CA;;;;N;;;;;
+FA18;CJK COMPATIBILITY IDEOGRAPH-FA18;Lo;0;L;793C;;;;N;;;;;
+FA19;CJK COMPATIBILITY IDEOGRAPH-FA19;Lo;0;L;795E;;;;N;;;;;
+FA1A;CJK COMPATIBILITY IDEOGRAPH-FA1A;Lo;0;L;7965;;;;N;;;;;
+FA1B;CJK COMPATIBILITY IDEOGRAPH-FA1B;Lo;0;L;798F;;;;N;;;;;
+FA1C;CJK COMPATIBILITY IDEOGRAPH-FA1C;Lo;0;L;9756;;;;N;;;;;
+FA1D;CJK COMPATIBILITY IDEOGRAPH-FA1D;Lo;0;L;7CBE;;;;N;;;;;
+FA1E;CJK COMPATIBILITY IDEOGRAPH-FA1E;Lo;0;L;7FBD;;;;N;;;;;
+FA1F;CJK COMPATIBILITY IDEOGRAPH-FA1F;Lo;0;L;;;;;N;;*;;;
+FA20;CJK COMPATIBILITY IDEOGRAPH-FA20;Lo;0;L;8612;;;;N;;;;;
+FA21;CJK COMPATIBILITY IDEOGRAPH-FA21;Lo;0;L;;;;;N;;;;;
+FA22;CJK COMPATIBILITY IDEOGRAPH-FA22;Lo;0;L;8AF8;;;;N;;;;;
+FA23;CJK COMPATIBILITY IDEOGRAPH-FA23;Lo;0;L;;;;;N;;*;;;
+FA24;CJK COMPATIBILITY IDEOGRAPH-FA24;Lo;0;L;;;;;N;;;;;
+FA25;CJK COMPATIBILITY IDEOGRAPH-FA25;Lo;0;L;9038;;;;N;;;;;
+FA26;CJK COMPATIBILITY IDEOGRAPH-FA26;Lo;0;L;90FD;;;;N;;;;;
+FA27;CJK COMPATIBILITY IDEOGRAPH-FA27;Lo;0;L;;;;;N;;;;;
+FA28;CJK COMPATIBILITY IDEOGRAPH-FA28;Lo;0;L;;;;;N;;;;;
+FA29;CJK COMPATIBILITY IDEOGRAPH-FA29;Lo;0;L;;;;;N;;;;;
+FA2A;CJK COMPATIBILITY IDEOGRAPH-FA2A;Lo;0;L;98EF;;;;N;;;;;
+FA2B;CJK COMPATIBILITY IDEOGRAPH-FA2B;Lo;0;L;98FC;;;;N;;;;;
+FA2C;CJK COMPATIBILITY IDEOGRAPH-FA2C;Lo;0;L;9928;;;;N;;;;;
+FA2D;CJK COMPATIBILITY IDEOGRAPH-FA2D;Lo;0;L;9DB4;;;;N;;;;;
+FA30;CJK COMPATIBILITY IDEOGRAPH-FA30;Lo;0;L;4FAE;;;;N;;;;;
+FA31;CJK COMPATIBILITY IDEOGRAPH-FA31;Lo;0;L;50E7;;;;N;;;;;
+FA32;CJK COMPATIBILITY IDEOGRAPH-FA32;Lo;0;L;514D;;;;N;;;;;
+FA33;CJK COMPATIBILITY IDEOGRAPH-FA33;Lo;0;L;52C9;;;;N;;;;;
+FA34;CJK COMPATIBILITY IDEOGRAPH-FA34;Lo;0;L;52E4;;;;N;;;;;
+FA35;CJK COMPATIBILITY IDEOGRAPH-FA35;Lo;0;L;5351;;;;N;;;;;
+FA36;CJK COMPATIBILITY IDEOGRAPH-FA36;Lo;0;L;559D;;;;N;;;;;
+FA37;CJK COMPATIBILITY IDEOGRAPH-FA37;Lo;0;L;5606;;;;N;;;;;
+FA38;CJK COMPATIBILITY IDEOGRAPH-FA38;Lo;0;L;5668;;;;N;;;;;
+FA39;CJK COMPATIBILITY IDEOGRAPH-FA39;Lo;0;L;5840;;;;N;;;;;
+FA3A;CJK COMPATIBILITY IDEOGRAPH-FA3A;Lo;0;L;58A8;;;;N;;;;;
+FA3B;CJK COMPATIBILITY IDEOGRAPH-FA3B;Lo;0;L;5C64;;;;N;;;;;
+FA3C;CJK COMPATIBILITY IDEOGRAPH-FA3C;Lo;0;L;5C6E;;;;N;;;;;
+FA3D;CJK COMPATIBILITY IDEOGRAPH-FA3D;Lo;0;L;6094;;;;N;;;;;
+FA3E;CJK COMPATIBILITY IDEOGRAPH-FA3E;Lo;0;L;6168;;;;N;;;;;
+FA3F;CJK COMPATIBILITY IDEOGRAPH-FA3F;Lo;0;L;618E;;;;N;;;;;
+FA40;CJK COMPATIBILITY IDEOGRAPH-FA40;Lo;0;L;61F2;;;;N;;;;;
+FA41;CJK COMPATIBILITY IDEOGRAPH-FA41;Lo;0;L;654F;;;;N;;;;;
+FA42;CJK COMPATIBILITY IDEOGRAPH-FA42;Lo;0;L;65E2;;;;N;;;;;
+FA43;CJK COMPATIBILITY IDEOGRAPH-FA43;Lo;0;L;6691;;;;N;;;;;
+FA44;CJK COMPATIBILITY IDEOGRAPH-FA44;Lo;0;L;6885;;;;N;;;;;
+FA45;CJK COMPATIBILITY IDEOGRAPH-FA45;Lo;0;L;6D77;;;;N;;;;;
+FA46;CJK COMPATIBILITY IDEOGRAPH-FA46;Lo;0;L;6E1A;;;;N;;;;;
+FA47;CJK COMPATIBILITY IDEOGRAPH-FA47;Lo;0;L;6F22;;;;N;;;;;
+FA48;CJK COMPATIBILITY IDEOGRAPH-FA48;Lo;0;L;716E;;;;N;;;;;
+FA49;CJK COMPATIBILITY IDEOGRAPH-FA49;Lo;0;L;722B;;;;N;;;;;
+FA4A;CJK COMPATIBILITY IDEOGRAPH-FA4A;Lo;0;L;7422;;;;N;;;;;
+FA4B;CJK COMPATIBILITY IDEOGRAPH-FA4B;Lo;0;L;7891;;;;N;;;;;
+FA4C;CJK COMPATIBILITY IDEOGRAPH-FA4C;Lo;0;L;793E;;;;N;;;;;
+FA4D;CJK COMPATIBILITY IDEOGRAPH-FA4D;Lo;0;L;7949;;;;N;;;;;
+FA4E;CJK COMPATIBILITY IDEOGRAPH-FA4E;Lo;0;L;7948;;;;N;;;;;
+FA4F;CJK COMPATIBILITY IDEOGRAPH-FA4F;Lo;0;L;7950;;;;N;;;;;
+FA50;CJK COMPATIBILITY IDEOGRAPH-FA50;Lo;0;L;7956;;;;N;;;;;
+FA51;CJK COMPATIBILITY IDEOGRAPH-FA51;Lo;0;L;795D;;;;N;;;;;
+FA52;CJK COMPATIBILITY IDEOGRAPH-FA52;Lo;0;L;798D;;;;N;;;;;
+FA53;CJK COMPATIBILITY IDEOGRAPH-FA53;Lo;0;L;798E;;;;N;;;;;
+FA54;CJK COMPATIBILITY IDEOGRAPH-FA54;Lo;0;L;7A40;;;;N;;;;;
+FA55;CJK COMPATIBILITY IDEOGRAPH-FA55;Lo;0;L;7A81;;;;N;;;;;
+FA56;CJK COMPATIBILITY IDEOGRAPH-FA56;Lo;0;L;7BC0;;;;N;;;;;
+FA57;CJK COMPATIBILITY IDEOGRAPH-FA57;Lo;0;L;7DF4;;;;N;;;;;
+FA58;CJK COMPATIBILITY IDEOGRAPH-FA58;Lo;0;L;7E09;;;;N;;;;;
+FA59;CJK COMPATIBILITY IDEOGRAPH-FA59;Lo;0;L;7E41;;;;N;;;;;
+FA5A;CJK COMPATIBILITY IDEOGRAPH-FA5A;Lo;0;L;7F72;;;;N;;;;;
+FA5B;CJK COMPATIBILITY IDEOGRAPH-FA5B;Lo;0;L;8005;;;;N;;;;;
+FA5C;CJK COMPATIBILITY IDEOGRAPH-FA5C;Lo;0;L;81ED;;;;N;;;;;
+FA5D;CJK COMPATIBILITY IDEOGRAPH-FA5D;Lo;0;L;8279;;;;N;;;;;
+FA5E;CJK COMPATIBILITY IDEOGRAPH-FA5E;Lo;0;L;8279;;;;N;;;;;
+FA5F;CJK COMPATIBILITY IDEOGRAPH-FA5F;Lo;0;L;8457;;;;N;;;;;
+FA60;CJK COMPATIBILITY IDEOGRAPH-FA60;Lo;0;L;8910;;;;N;;;;;
+FA61;CJK COMPATIBILITY IDEOGRAPH-FA61;Lo;0;L;8996;;;;N;;;;;
+FA62;CJK COMPATIBILITY IDEOGRAPH-FA62;Lo;0;L;8B01;;;;N;;;;;
+FA63;CJK COMPATIBILITY IDEOGRAPH-FA63;Lo;0;L;8B39;;;;N;;;;;
+FA64;CJK COMPATIBILITY IDEOGRAPH-FA64;Lo;0;L;8CD3;;;;N;;;;;
+FA65;CJK COMPATIBILITY IDEOGRAPH-FA65;Lo;0;L;8D08;;;;N;;;;;
+FA66;CJK COMPATIBILITY IDEOGRAPH-FA66;Lo;0;L;8FB6;;;;N;;;;;
+FA67;CJK COMPATIBILITY IDEOGRAPH-FA67;Lo;0;L;9038;;;;N;;;;;
+FA68;CJK COMPATIBILITY IDEOGRAPH-FA68;Lo;0;L;96E3;;;;N;;;;;
+FA69;CJK COMPATIBILITY IDEOGRAPH-FA69;Lo;0;L;97FF;;;;N;;;;;
+FA6A;CJK COMPATIBILITY IDEOGRAPH-FA6A;Lo;0;L;983B;;;;N;;;;;
+FB00;LATIN SMALL LIGATURE FF;Ll;0;L;<compat> 0066 0066;;;;N;;;;;
+FB01;LATIN SMALL LIGATURE FI;Ll;0;L;<compat> 0066 0069;;;;N;;;;;
+FB02;LATIN SMALL LIGATURE FL;Ll;0;L;<compat> 0066 006C;;;;N;;;;;
+FB03;LATIN SMALL LIGATURE FFI;Ll;0;L;<compat> 0066 0066 0069;;;;N;;;;;
+FB04;LATIN SMALL LIGATURE FFL;Ll;0;L;<compat> 0066 0066 006C;;;;N;;;;;
+FB05;LATIN SMALL LIGATURE LONG S T;Ll;0;L;<compat> 017F 0074;;;;N;;;;;
+FB06;LATIN SMALL LIGATURE ST;Ll;0;L;<compat> 0073 0074;;;;N;;;;;
+FB13;ARMENIAN SMALL LIGATURE MEN NOW;Ll;0;L;<compat> 0574 0576;;;;N;;;;;
+FB14;ARMENIAN SMALL LIGATURE MEN ECH;Ll;0;L;<compat> 0574 0565;;;;N;;;;;
+FB15;ARMENIAN SMALL LIGATURE MEN INI;Ll;0;L;<compat> 0574 056B;;;;N;;;;;
+FB16;ARMENIAN SMALL LIGATURE VEW NOW;Ll;0;L;<compat> 057E 0576;;;;N;;;;;
+FB17;ARMENIAN SMALL LIGATURE MEN XEH;Ll;0;L;<compat> 0574 056D;;;;N;;;;;
+FB1D;HEBREW LETTER YOD WITH HIRIQ;Lo;0;R;05D9 05B4;;;;N;;;;;
+FB1E;HEBREW POINT JUDEO-SPANISH VARIKA;Mn;26;NSM;;;;;N;HEBREW POINT VARIKA;;;;
+FB1F;HEBREW LIGATURE YIDDISH YOD YOD PATAH;Lo;0;R;05F2 05B7;;;;N;;;;;
+FB20;HEBREW LETTER ALTERNATIVE AYIN;Lo;0;R;<font> 05E2;;;;N;;;;;
+FB21;HEBREW LETTER WIDE ALEF;Lo;0;R;<font> 05D0;;;;N;;;;;
+FB22;HEBREW LETTER WIDE DALET;Lo;0;R;<font> 05D3;;;;N;;;;;
+FB23;HEBREW LETTER WIDE HE;Lo;0;R;<font> 05D4;;;;N;;;;;
+FB24;HEBREW LETTER WIDE KAF;Lo;0;R;<font> 05DB;;;;N;;;;;
+FB25;HEBREW LETTER WIDE LAMED;Lo;0;R;<font> 05DC;;;;N;;;;;
+FB26;HEBREW LETTER WIDE FINAL MEM;Lo;0;R;<font> 05DD;;;;N;;;;;
+FB27;HEBREW LETTER WIDE RESH;Lo;0;R;<font> 05E8;;;;N;;;;;
+FB28;HEBREW LETTER WIDE TAV;Lo;0;R;<font> 05EA;;;;N;;;;;
+FB29;HEBREW LETTER ALTERNATIVE PLUS SIGN;Sm;0;ET;<font> 002B;;;;N;;;;;
+FB2A;HEBREW LETTER SHIN WITH SHIN DOT;Lo;0;R;05E9 05C1;;;;N;;;;;
+FB2B;HEBREW LETTER SHIN WITH SIN DOT;Lo;0;R;05E9 05C2;;;;N;;;;;
+FB2C;HEBREW LETTER SHIN WITH DAGESH AND SHIN DOT;Lo;0;R;FB49 05C1;;;;N;;;;;
+FB2D;HEBREW LETTER SHIN WITH DAGESH AND SIN DOT;Lo;0;R;FB49 05C2;;;;N;;;;;
+FB2E;HEBREW LETTER ALEF WITH PATAH;Lo;0;R;05D0 05B7;;;;N;;;;;
+FB2F;HEBREW LETTER ALEF WITH QAMATS;Lo;0;R;05D0 05B8;;;;N;;;;;
+FB30;HEBREW LETTER ALEF WITH MAPIQ;Lo;0;R;05D0 05BC;;;;N;;;;;
+FB31;HEBREW LETTER BET WITH DAGESH;Lo;0;R;05D1 05BC;;;;N;;;;;
+FB32;HEBREW LETTER GIMEL WITH DAGESH;Lo;0;R;05D2 05BC;;;;N;;;;;
+FB33;HEBREW LETTER DALET WITH DAGESH;Lo;0;R;05D3 05BC;;;;N;;;;;
+FB34;HEBREW LETTER HE WITH MAPIQ;Lo;0;R;05D4 05BC;;;;N;;;;;
+FB35;HEBREW LETTER VAV WITH DAGESH;Lo;0;R;05D5 05BC;;;;N;;;;;
+FB36;HEBREW LETTER ZAYIN WITH DAGESH;Lo;0;R;05D6 05BC;;;;N;;;;;
+FB38;HEBREW LETTER TET WITH DAGESH;Lo;0;R;05D8 05BC;;;;N;;;;;
+FB39;HEBREW LETTER YOD WITH DAGESH;Lo;0;R;05D9 05BC;;;;N;;;;;
+FB3A;HEBREW LETTER FINAL KAF WITH DAGESH;Lo;0;R;05DA 05BC;;;;N;;;;;
+FB3B;HEBREW LETTER KAF WITH DAGESH;Lo;0;R;05DB 05BC;;;;N;;;;;
+FB3C;HEBREW LETTER LAMED WITH DAGESH;Lo;0;R;05DC 05BC;;;;N;;;;;
+FB3E;HEBREW LETTER MEM WITH DAGESH;Lo;0;R;05DE 05BC;;;;N;;;;;
+FB40;HEBREW LETTER NUN WITH DAGESH;Lo;0;R;05E0 05BC;;;;N;;;;;
+FB41;HEBREW LETTER SAMEKH WITH DAGESH;Lo;0;R;05E1 05BC;;;;N;;;;;
+FB43;HEBREW LETTER FINAL PE WITH DAGESH;Lo;0;R;05E3 05BC;;;;N;;;;;
+FB44;HEBREW LETTER PE WITH DAGESH;Lo;0;R;05E4 05BC;;;;N;;;;;
+FB46;HEBREW LETTER TSADI WITH DAGESH;Lo;0;R;05E6 05BC;;;;N;;;;;
+FB47;HEBREW LETTER QOF WITH DAGESH;Lo;0;R;05E7 05BC;;;;N;;;;;
+FB48;HEBREW LETTER RESH WITH DAGESH;Lo;0;R;05E8 05BC;;;;N;;;;;
+FB49;HEBREW LETTER SHIN WITH DAGESH;Lo;0;R;05E9 05BC;;;;N;;;;;
+FB4A;HEBREW LETTER TAV WITH DAGESH;Lo;0;R;05EA 05BC;;;;N;;;;;
+FB4B;HEBREW LETTER VAV WITH HOLAM;Lo;0;R;05D5 05B9;;;;N;;;;;
+FB4C;HEBREW LETTER BET WITH RAFE;Lo;0;R;05D1 05BF;;;;N;;;;;
+FB4D;HEBREW LETTER KAF WITH RAFE;Lo;0;R;05DB 05BF;;;;N;;;;;
+FB4E;HEBREW LETTER PE WITH RAFE;Lo;0;R;05E4 05BF;;;;N;;;;;
+FB4F;HEBREW LIGATURE ALEF LAMED;Lo;0;R;<compat> 05D0 05DC;;;;N;;;;;
+FB50;ARABIC LETTER ALEF WASLA ISOLATED FORM;Lo;0;AL;<isolated> 0671;;;;N;;;;;
+FB51;ARABIC LETTER ALEF WASLA FINAL FORM;Lo;0;AL;<final> 0671;;;;N;;;;;
+FB52;ARABIC LETTER BEEH ISOLATED FORM;Lo;0;AL;<isolated> 067B;;;;N;;;;;
+FB53;ARABIC LETTER BEEH FINAL FORM;Lo;0;AL;<final> 067B;;;;N;;;;;
+FB54;ARABIC LETTER BEEH INITIAL FORM;Lo;0;AL;<initial> 067B;;;;N;;;;;
+FB55;ARABIC LETTER BEEH MEDIAL FORM;Lo;0;AL;<medial> 067B;;;;N;;;;;
+FB56;ARABIC LETTER PEH ISOLATED FORM;Lo;0;AL;<isolated> 067E;;;;N;;;;;
+FB57;ARABIC LETTER PEH FINAL FORM;Lo;0;AL;<final> 067E;;;;N;;;;;
+FB58;ARABIC LETTER PEH INITIAL FORM;Lo;0;AL;<initial> 067E;;;;N;;;;;
+FB59;ARABIC LETTER PEH MEDIAL FORM;Lo;0;AL;<medial> 067E;;;;N;;;;;
+FB5A;ARABIC LETTER BEHEH ISOLATED FORM;Lo;0;AL;<isolated> 0680;;;;N;;;;;
+FB5B;ARABIC LETTER BEHEH FINAL FORM;Lo;0;AL;<final> 0680;;;;N;;;;;
+FB5C;ARABIC LETTER BEHEH INITIAL FORM;Lo;0;AL;<initial> 0680;;;;N;;;;;
+FB5D;ARABIC LETTER BEHEH MEDIAL FORM;Lo;0;AL;<medial> 0680;;;;N;;;;;
+FB5E;ARABIC LETTER TTEHEH ISOLATED FORM;Lo;0;AL;<isolated> 067A;;;;N;;;;;
+FB5F;ARABIC LETTER TTEHEH FINAL FORM;Lo;0;AL;<final> 067A;;;;N;;;;;
+FB60;ARABIC LETTER TTEHEH INITIAL FORM;Lo;0;AL;<initial> 067A;;;;N;;;;;
+FB61;ARABIC LETTER TTEHEH MEDIAL FORM;Lo;0;AL;<medial> 067A;;;;N;;;;;
+FB62;ARABIC LETTER TEHEH ISOLATED FORM;Lo;0;AL;<isolated> 067F;;;;N;;;;;
+FB63;ARABIC LETTER TEHEH FINAL FORM;Lo;0;AL;<final> 067F;;;;N;;;;;
+FB64;ARABIC LETTER TEHEH INITIAL FORM;Lo;0;AL;<initial> 067F;;;;N;;;;;
+FB65;ARABIC LETTER TEHEH MEDIAL FORM;Lo;0;AL;<medial> 067F;;;;N;;;;;
+FB66;ARABIC LETTER TTEH ISOLATED FORM;Lo;0;AL;<isolated> 0679;;;;N;;;;;
+FB67;ARABIC LETTER TTEH FINAL FORM;Lo;0;AL;<final> 0679;;;;N;;;;;
+FB68;ARABIC LETTER TTEH INITIAL FORM;Lo;0;AL;<initial> 0679;;;;N;;;;;
+FB69;ARABIC LETTER TTEH MEDIAL FORM;Lo;0;AL;<medial> 0679;;;;N;;;;;
+FB6A;ARABIC LETTER VEH ISOLATED FORM;Lo;0;AL;<isolated> 06A4;;;;N;;;;;
+FB6B;ARABIC LETTER VEH FINAL FORM;Lo;0;AL;<final> 06A4;;;;N;;;;;
+FB6C;ARABIC LETTER VEH INITIAL FORM;Lo;0;AL;<initial> 06A4;;;;N;;;;;
+FB6D;ARABIC LETTER VEH MEDIAL FORM;Lo;0;AL;<medial> 06A4;;;;N;;;;;
+FB6E;ARABIC LETTER PEHEH ISOLATED FORM;Lo;0;AL;<isolated> 06A6;;;;N;;;;;
+FB6F;ARABIC LETTER PEHEH FINAL FORM;Lo;0;AL;<final> 06A6;;;;N;;;;;
+FB70;ARABIC LETTER PEHEH INITIAL FORM;Lo;0;AL;<initial> 06A6;;;;N;;;;;
+FB71;ARABIC LETTER PEHEH MEDIAL FORM;Lo;0;AL;<medial> 06A6;;;;N;;;;;
+FB72;ARABIC LETTER DYEH ISOLATED FORM;Lo;0;AL;<isolated> 0684;;;;N;;;;;
+FB73;ARABIC LETTER DYEH FINAL FORM;Lo;0;AL;<final> 0684;;;;N;;;;;
+FB74;ARABIC LETTER DYEH INITIAL FORM;Lo;0;AL;<initial> 0684;;;;N;;;;;
+FB75;ARABIC LETTER DYEH MEDIAL FORM;Lo;0;AL;<medial> 0684;;;;N;;;;;
+FB76;ARABIC LETTER NYEH ISOLATED FORM;Lo;0;AL;<isolated> 0683;;;;N;;;;;
+FB77;ARABIC LETTER NYEH FINAL FORM;Lo;0;AL;<final> 0683;;;;N;;;;;
+FB78;ARABIC LETTER NYEH INITIAL FORM;Lo;0;AL;<initial> 0683;;;;N;;;;;
+FB79;ARABIC LETTER NYEH MEDIAL FORM;Lo;0;AL;<medial> 0683;;;;N;;;;;
+FB7A;ARABIC LETTER TCHEH ISOLATED FORM;Lo;0;AL;<isolated> 0686;;;;N;;;;;
+FB7B;ARABIC LETTER TCHEH FINAL FORM;Lo;0;AL;<final> 0686;;;;N;;;;;
+FB7C;ARABIC LETTER TCHEH INITIAL FORM;Lo;0;AL;<initial> 0686;;;;N;;;;;
+FB7D;ARABIC LETTER TCHEH MEDIAL FORM;Lo;0;AL;<medial> 0686;;;;N;;;;;
+FB7E;ARABIC LETTER TCHEHEH ISOLATED FORM;Lo;0;AL;<isolated> 0687;;;;N;;;;;
+FB7F;ARABIC LETTER TCHEHEH FINAL FORM;Lo;0;AL;<final> 0687;;;;N;;;;;
+FB80;ARABIC LETTER TCHEHEH INITIAL FORM;Lo;0;AL;<initial> 0687;;;;N;;;;;
+FB81;ARABIC LETTER TCHEHEH MEDIAL FORM;Lo;0;AL;<medial> 0687;;;;N;;;;;
+FB82;ARABIC LETTER DDAHAL ISOLATED FORM;Lo;0;AL;<isolated> 068D;;;;N;;;;;
+FB83;ARABIC LETTER DDAHAL FINAL FORM;Lo;0;AL;<final> 068D;;;;N;;;;;
+FB84;ARABIC LETTER DAHAL ISOLATED FORM;Lo;0;AL;<isolated> 068C;;;;N;;;;;
+FB85;ARABIC LETTER DAHAL FINAL FORM;Lo;0;AL;<final> 068C;;;;N;;;;;
+FB86;ARABIC LETTER DUL ISOLATED FORM;Lo;0;AL;<isolated> 068E;;;;N;;;;;
+FB87;ARABIC LETTER DUL FINAL FORM;Lo;0;AL;<final> 068E;;;;N;;;;;
+FB88;ARABIC LETTER DDAL ISOLATED FORM;Lo;0;AL;<isolated> 0688;;;;N;;;;;
+FB89;ARABIC LETTER DDAL FINAL FORM;Lo;0;AL;<final> 0688;;;;N;;;;;
+FB8A;ARABIC LETTER JEH ISOLATED FORM;Lo;0;AL;<isolated> 0698;;;;N;;;;;
+FB8B;ARABIC LETTER JEH FINAL FORM;Lo;0;AL;<final> 0698;;;;N;;;;;
+FB8C;ARABIC LETTER RREH ISOLATED FORM;Lo;0;AL;<isolated> 0691;;;;N;;;;;
+FB8D;ARABIC LETTER RREH FINAL FORM;Lo;0;AL;<final> 0691;;;;N;;;;;
+FB8E;ARABIC LETTER KEHEH ISOLATED FORM;Lo;0;AL;<isolated> 06A9;;;;N;;;;;
+FB8F;ARABIC LETTER KEHEH FINAL FORM;Lo;0;AL;<final> 06A9;;;;N;;;;;
+FB90;ARABIC LETTER KEHEH INITIAL FORM;Lo;0;AL;<initial> 06A9;;;;N;;;;;
+FB91;ARABIC LETTER KEHEH MEDIAL FORM;Lo;0;AL;<medial> 06A9;;;;N;;;;;
+FB92;ARABIC LETTER GAF ISOLATED FORM;Lo;0;AL;<isolated> 06AF;;;;N;;;;;
+FB93;ARABIC LETTER GAF FINAL FORM;Lo;0;AL;<final> 06AF;;;;N;;;;;
+FB94;ARABIC LETTER GAF INITIAL FORM;Lo;0;AL;<initial> 06AF;;;;N;;;;;
+FB95;ARABIC LETTER GAF MEDIAL FORM;Lo;0;AL;<medial> 06AF;;;;N;;;;;
+FB96;ARABIC LETTER GUEH ISOLATED FORM;Lo;0;AL;<isolated> 06B3;;;;N;;;;;
+FB97;ARABIC LETTER GUEH FINAL FORM;Lo;0;AL;<final> 06B3;;;;N;;;;;
+FB98;ARABIC LETTER GUEH INITIAL FORM;Lo;0;AL;<initial> 06B3;;;;N;;;;;
+FB99;ARABIC LETTER GUEH MEDIAL FORM;Lo;0;AL;<medial> 06B3;;;;N;;;;;
+FB9A;ARABIC LETTER NGOEH ISOLATED FORM;Lo;0;AL;<isolated> 06B1;;;;N;;;;;
+FB9B;ARABIC LETTER NGOEH FINAL FORM;Lo;0;AL;<final> 06B1;;;;N;;;;;
+FB9C;ARABIC LETTER NGOEH INITIAL FORM;Lo;0;AL;<initial> 06B1;;;;N;;;;;
+FB9D;ARABIC LETTER NGOEH MEDIAL FORM;Lo;0;AL;<medial> 06B1;;;;N;;;;;
+FB9E;ARABIC LETTER NOON GHUNNA ISOLATED FORM;Lo;0;AL;<isolated> 06BA;;;;N;;;;;
+FB9F;ARABIC LETTER NOON GHUNNA FINAL FORM;Lo;0;AL;<final> 06BA;;;;N;;;;;
+FBA0;ARABIC LETTER RNOON ISOLATED FORM;Lo;0;AL;<isolated> 06BB;;;;N;;;;;
+FBA1;ARABIC LETTER RNOON FINAL FORM;Lo;0;AL;<final> 06BB;;;;N;;;;;
+FBA2;ARABIC LETTER RNOON INITIAL FORM;Lo;0;AL;<initial> 06BB;;;;N;;;;;
+FBA3;ARABIC LETTER RNOON MEDIAL FORM;Lo;0;AL;<medial> 06BB;;;;N;;;;;
+FBA4;ARABIC LETTER HEH WITH YEH ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 06C0;;;;N;;;;;
+FBA5;ARABIC LETTER HEH WITH YEH ABOVE FINAL FORM;Lo;0;AL;<final> 06C0;;;;N;;;;;
+FBA6;ARABIC LETTER HEH GOAL ISOLATED FORM;Lo;0;AL;<isolated> 06C1;;;;N;;;;;
+FBA7;ARABIC LETTER HEH GOAL FINAL FORM;Lo;0;AL;<final> 06C1;;;;N;;;;;
+FBA8;ARABIC LETTER HEH GOAL INITIAL FORM;Lo;0;AL;<initial> 06C1;;;;N;;;;;
+FBA9;ARABIC LETTER HEH GOAL MEDIAL FORM;Lo;0;AL;<medial> 06C1;;;;N;;;;;
+FBAA;ARABIC LETTER HEH DOACHASHMEE ISOLATED FORM;Lo;0;AL;<isolated> 06BE;;;;N;;;;;
+FBAB;ARABIC LETTER HEH DOACHASHMEE FINAL FORM;Lo;0;AL;<final> 06BE;;;;N;;;;;
+FBAC;ARABIC LETTER HEH DOACHASHMEE INITIAL FORM;Lo;0;AL;<initial> 06BE;;;;N;;;;;
+FBAD;ARABIC LETTER HEH DOACHASHMEE MEDIAL FORM;Lo;0;AL;<medial> 06BE;;;;N;;;;;
+FBAE;ARABIC LETTER YEH BARREE ISOLATED FORM;Lo;0;AL;<isolated> 06D2;;;;N;;;;;
+FBAF;ARABIC LETTER YEH BARREE FINAL FORM;Lo;0;AL;<final> 06D2;;;;N;;;;;
+FBB0;ARABIC LETTER YEH BARREE WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 06D3;;;;N;;;;;
+FBB1;ARABIC LETTER YEH BARREE WITH HAMZA ABOVE FINAL FORM;Lo;0;AL;<final> 06D3;;;;N;;;;;
+FBD3;ARABIC LETTER NG ISOLATED FORM;Lo;0;AL;<isolated> 06AD;;;;N;;;;;
+FBD4;ARABIC LETTER NG FINAL FORM;Lo;0;AL;<final> 06AD;;;;N;;;;;
+FBD5;ARABIC LETTER NG INITIAL FORM;Lo;0;AL;<initial> 06AD;;;;N;;;;;
+FBD6;ARABIC LETTER NG MEDIAL FORM;Lo;0;AL;<medial> 06AD;;;;N;;;;;
+FBD7;ARABIC LETTER U ISOLATED FORM;Lo;0;AL;<isolated> 06C7;;;;N;;;;;
+FBD8;ARABIC LETTER U FINAL FORM;Lo;0;AL;<final> 06C7;;;;N;;;;;
+FBD9;ARABIC LETTER OE ISOLATED FORM;Lo;0;AL;<isolated> 06C6;;;;N;;;;;
+FBDA;ARABIC LETTER OE FINAL FORM;Lo;0;AL;<final> 06C6;;;;N;;;;;
+FBDB;ARABIC LETTER YU ISOLATED FORM;Lo;0;AL;<isolated> 06C8;;;;N;;;;;
+FBDC;ARABIC LETTER YU FINAL FORM;Lo;0;AL;<final> 06C8;;;;N;;;;;
+FBDD;ARABIC LETTER U WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 0677;;;;N;;;;;
+FBDE;ARABIC LETTER VE ISOLATED FORM;Lo;0;AL;<isolated> 06CB;;;;N;;;;;
+FBDF;ARABIC LETTER VE FINAL FORM;Lo;0;AL;<final> 06CB;;;;N;;;;;
+FBE0;ARABIC LETTER KIRGHIZ OE ISOLATED FORM;Lo;0;AL;<isolated> 06C5;;;;N;;;;;
+FBE1;ARABIC LETTER KIRGHIZ OE FINAL FORM;Lo;0;AL;<final> 06C5;;;;N;;;;;
+FBE2;ARABIC LETTER KIRGHIZ YU ISOLATED FORM;Lo;0;AL;<isolated> 06C9;;;;N;;;;;
+FBE3;ARABIC LETTER KIRGHIZ YU FINAL FORM;Lo;0;AL;<final> 06C9;;;;N;;;;;
+FBE4;ARABIC LETTER E ISOLATED FORM;Lo;0;AL;<isolated> 06D0;;;;N;;;;;
+FBE5;ARABIC LETTER E FINAL FORM;Lo;0;AL;<final> 06D0;;;;N;;;;;
+FBE6;ARABIC LETTER E INITIAL FORM;Lo;0;AL;<initial> 06D0;;;;N;;;;;
+FBE7;ARABIC LETTER E MEDIAL FORM;Lo;0;AL;<medial> 06D0;;;;N;;;;;
+FBE8;ARABIC LETTER UIGHUR KAZAKH KIRGHIZ ALEF MAKSURA INITIAL FORM;Lo;0;AL;<initial> 0649;;;;N;;;;;
+FBE9;ARABIC LETTER UIGHUR KAZAKH KIRGHIZ ALEF MAKSURA MEDIAL FORM;Lo;0;AL;<medial> 0649;;;;N;;;;;
+FBEA;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0626 0627;;;;N;;;;;
+FBEB;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF FINAL FORM;Lo;0;AL;<final> 0626 0627;;;;N;;;;;
+FBEC;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH AE ISOLATED FORM;Lo;0;AL;<isolated> 0626 06D5;;;;N;;;;;
+FBED;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH AE FINAL FORM;Lo;0;AL;<final> 0626 06D5;;;;N;;;;;
+FBEE;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH WAW ISOLATED FORM;Lo;0;AL;<isolated> 0626 0648;;;;N;;;;;
+FBEF;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH WAW FINAL FORM;Lo;0;AL;<final> 0626 0648;;;;N;;;;;
+FBF0;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH U ISOLATED FORM;Lo;0;AL;<isolated> 0626 06C7;;;;N;;;;;
+FBF1;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH U FINAL FORM;Lo;0;AL;<final> 0626 06C7;;;;N;;;;;
+FBF2;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH OE ISOLATED FORM;Lo;0;AL;<isolated> 0626 06C6;;;;N;;;;;
+FBF3;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH OE FINAL FORM;Lo;0;AL;<final> 0626 06C6;;;;N;;;;;
+FBF4;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YU ISOLATED FORM;Lo;0;AL;<isolated> 0626 06C8;;;;N;;;;;
+FBF5;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YU FINAL FORM;Lo;0;AL;<final> 0626 06C8;;;;N;;;;;
+FBF6;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E ISOLATED FORM;Lo;0;AL;<isolated> 0626 06D0;;;;N;;;;;
+FBF7;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E FINAL FORM;Lo;0;AL;<final> 0626 06D0;;;;N;;;;;
+FBF8;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E INITIAL FORM;Lo;0;AL;<initial> 0626 06D0;;;;N;;;;;
+FBF9;ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0626 0649;;;;N;;;;;
+FBFA;ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0626 0649;;;;N;;;;;
+FBFB;ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA INITIAL FORM;Lo;0;AL;<initial> 0626 0649;;;;N;;;;;
+FBFC;ARABIC LETTER FARSI YEH ISOLATED FORM;Lo;0;AL;<isolated> 06CC;;;;N;;;;;
+FBFD;ARABIC LETTER FARSI YEH FINAL FORM;Lo;0;AL;<final> 06CC;;;;N;;;;;
+FBFE;ARABIC LETTER FARSI YEH INITIAL FORM;Lo;0;AL;<initial> 06CC;;;;N;;;;;
+FBFF;ARABIC LETTER FARSI YEH MEDIAL FORM;Lo;0;AL;<medial> 06CC;;;;N;;;;;
+FC00;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0626 062C;;;;N;;;;;
+FC01;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0626 062D;;;;N;;;;;
+FC02;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0626 0645;;;;N;;;;;
+FC03;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0626 0649;;;;N;;;;;
+FC04;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0626 064A;;;;N;;;;;
+FC05;ARABIC LIGATURE BEH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0628 062C;;;;N;;;;;
+FC06;ARABIC LIGATURE BEH WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0628 062D;;;;N;;;;;
+FC07;ARABIC LIGATURE BEH WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0628 062E;;;;N;;;;;
+FC08;ARABIC LIGATURE BEH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0628 0645;;;;N;;;;;
+FC09;ARABIC LIGATURE BEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0628 0649;;;;N;;;;;
+FC0A;ARABIC LIGATURE BEH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0628 064A;;;;N;;;;;
+FC0B;ARABIC LIGATURE TEH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 062A 062C;;;;N;;;;;
+FC0C;ARABIC LIGATURE TEH WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 062A 062D;;;;N;;;;;
+FC0D;ARABIC LIGATURE TEH WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 062A 062E;;;;N;;;;;
+FC0E;ARABIC LIGATURE TEH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 062A 0645;;;;N;;;;;
+FC0F;ARABIC LIGATURE TEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 062A 0649;;;;N;;;;;
+FC10;ARABIC LIGATURE TEH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 062A 064A;;;;N;;;;;
+FC11;ARABIC LIGATURE THEH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 062B 062C;;;;N;;;;;
+FC12;ARABIC LIGATURE THEH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 062B 0645;;;;N;;;;;
+FC13;ARABIC LIGATURE THEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 062B 0649;;;;N;;;;;
+FC14;ARABIC LIGATURE THEH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 062B 064A;;;;N;;;;;
+FC15;ARABIC LIGATURE JEEM WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 062C 062D;;;;N;;;;;
+FC16;ARABIC LIGATURE JEEM WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 062C 0645;;;;N;;;;;
+FC17;ARABIC LIGATURE HAH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 062D 062C;;;;N;;;;;
+FC18;ARABIC LIGATURE HAH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 062D 0645;;;;N;;;;;
+FC19;ARABIC LIGATURE KHAH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 062E 062C;;;;N;;;;;
+FC1A;ARABIC LIGATURE KHAH WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 062E 062D;;;;N;;;;;
+FC1B;ARABIC LIGATURE KHAH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 062E 0645;;;;N;;;;;
+FC1C;ARABIC LIGATURE SEEN WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0633 062C;;;;N;;;;;
+FC1D;ARABIC LIGATURE SEEN WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0633 062D;;;;N;;;;;
+FC1E;ARABIC LIGATURE SEEN WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0633 062E;;;;N;;;;;
+FC1F;ARABIC LIGATURE SEEN WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0633 0645;;;;N;;;;;
+FC20;ARABIC LIGATURE SAD WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0635 062D;;;;N;;;;;
+FC21;ARABIC LIGATURE SAD WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0635 0645;;;;N;;;;;
+FC22;ARABIC LIGATURE DAD WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0636 062C;;;;N;;;;;
+FC23;ARABIC LIGATURE DAD WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0636 062D;;;;N;;;;;
+FC24;ARABIC LIGATURE DAD WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0636 062E;;;;N;;;;;
+FC25;ARABIC LIGATURE DAD WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0636 0645;;;;N;;;;;
+FC26;ARABIC LIGATURE TAH WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0637 062D;;;;N;;;;;
+FC27;ARABIC LIGATURE TAH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0637 0645;;;;N;;;;;
+FC28;ARABIC LIGATURE ZAH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0638 0645;;;;N;;;;;
+FC29;ARABIC LIGATURE AIN WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0639 062C;;;;N;;;;;
+FC2A;ARABIC LIGATURE AIN WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0639 0645;;;;N;;;;;
+FC2B;ARABIC LIGATURE GHAIN WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 063A 062C;;;;N;;;;;
+FC2C;ARABIC LIGATURE GHAIN WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 063A 0645;;;;N;;;;;
+FC2D;ARABIC LIGATURE FEH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0641 062C;;;;N;;;;;
+FC2E;ARABIC LIGATURE FEH WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0641 062D;;;;N;;;;;
+FC2F;ARABIC LIGATURE FEH WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0641 062E;;;;N;;;;;
+FC30;ARABIC LIGATURE FEH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0641 0645;;;;N;;;;;
+FC31;ARABIC LIGATURE FEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0641 0649;;;;N;;;;;
+FC32;ARABIC LIGATURE FEH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0641 064A;;;;N;;;;;
+FC33;ARABIC LIGATURE QAF WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0642 062D;;;;N;;;;;
+FC34;ARABIC LIGATURE QAF WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0642 0645;;;;N;;;;;
+FC35;ARABIC LIGATURE QAF WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0642 0649;;;;N;;;;;
+FC36;ARABIC LIGATURE QAF WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0642 064A;;;;N;;;;;
+FC37;ARABIC LIGATURE KAF WITH ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0643 0627;;;;N;;;;;
+FC38;ARABIC LIGATURE KAF WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0643 062C;;;;N;;;;;
+FC39;ARABIC LIGATURE KAF WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0643 062D;;;;N;;;;;
+FC3A;ARABIC LIGATURE KAF WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0643 062E;;;;N;;;;;
+FC3B;ARABIC LIGATURE KAF WITH LAM ISOLATED FORM;Lo;0;AL;<isolated> 0643 0644;;;;N;;;;;
+FC3C;ARABIC LIGATURE KAF WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0643 0645;;;;N;;;;;
+FC3D;ARABIC LIGATURE KAF WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0643 0649;;;;N;;;;;
+FC3E;ARABIC LIGATURE KAF WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0643 064A;;;;N;;;;;
+FC3F;ARABIC LIGATURE LAM WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0644 062C;;;;N;;;;;
+FC40;ARABIC LIGATURE LAM WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0644 062D;;;;N;;;;;
+FC41;ARABIC LIGATURE LAM WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0644 062E;;;;N;;;;;
+FC42;ARABIC LIGATURE LAM WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0644 0645;;;;N;;;;;
+FC43;ARABIC LIGATURE LAM WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0644 0649;;;;N;;;;;
+FC44;ARABIC LIGATURE LAM WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0644 064A;;;;N;;;;;
+FC45;ARABIC LIGATURE MEEM WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0645 062C;;;;N;;;;;
+FC46;ARABIC LIGATURE MEEM WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0645 062D;;;;N;;;;;
+FC47;ARABIC LIGATURE MEEM WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0645 062E;;;;N;;;;;
+FC48;ARABIC LIGATURE MEEM WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0645 0645;;;;N;;;;;
+FC49;ARABIC LIGATURE MEEM WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0645 0649;;;;N;;;;;
+FC4A;ARABIC LIGATURE MEEM WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0645 064A;;;;N;;;;;
+FC4B;ARABIC LIGATURE NOON WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0646 062C;;;;N;;;;;
+FC4C;ARABIC LIGATURE NOON WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0646 062D;;;;N;;;;;
+FC4D;ARABIC LIGATURE NOON WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0646 062E;;;;N;;;;;
+FC4E;ARABIC LIGATURE NOON WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0646 0645;;;;N;;;;;
+FC4F;ARABIC LIGATURE NOON WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0646 0649;;;;N;;;;;
+FC50;ARABIC LIGATURE NOON WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0646 064A;;;;N;;;;;
+FC51;ARABIC LIGATURE HEH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0647 062C;;;;N;;;;;
+FC52;ARABIC LIGATURE HEH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0647 0645;;;;N;;;;;
+FC53;ARABIC LIGATURE HEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0647 0649;;;;N;;;;;
+FC54;ARABIC LIGATURE HEH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0647 064A;;;;N;;;;;
+FC55;ARABIC LIGATURE YEH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 064A 062C;;;;N;;;;;
+FC56;ARABIC LIGATURE YEH WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 064A 062D;;;;N;;;;;
+FC57;ARABIC LIGATURE YEH WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 064A 062E;;;;N;;;;;
+FC58;ARABIC LIGATURE YEH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 064A 0645;;;;N;;;;;
+FC59;ARABIC LIGATURE YEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 064A 0649;;;;N;;;;;
+FC5A;ARABIC LIGATURE YEH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 064A 064A;;;;N;;;;;
+FC5B;ARABIC LIGATURE THAL WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0630 0670;;;;N;;;;;
+FC5C;ARABIC LIGATURE REH WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0631 0670;;;;N;;;;;
+FC5D;ARABIC LIGATURE ALEF MAKSURA WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0649 0670;;;;N;;;;;
+FC5E;ARABIC LIGATURE SHADDA WITH DAMMATAN ISOLATED FORM;Lo;0;AL;<isolated> 0020 064C 0651;;;;N;;;;;
+FC5F;ARABIC LIGATURE SHADDA WITH KASRATAN ISOLATED FORM;Lo;0;AL;<isolated> 0020 064D 0651;;;;N;;;;;
+FC60;ARABIC LIGATURE SHADDA WITH FATHA ISOLATED FORM;Lo;0;AL;<isolated> 0020 064E 0651;;;;N;;;;;
+FC61;ARABIC LIGATURE SHADDA WITH DAMMA ISOLATED FORM;Lo;0;AL;<isolated> 0020 064F 0651;;;;N;;;;;
+FC62;ARABIC LIGATURE SHADDA WITH KASRA ISOLATED FORM;Lo;0;AL;<isolated> 0020 0650 0651;;;;N;;;;;
+FC63;ARABIC LIGATURE SHADDA WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0020 0651 0670;;;;N;;;;;
+FC64;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH REH FINAL FORM;Lo;0;AL;<final> 0626 0631;;;;N;;;;;
+FC65;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ZAIN FINAL FORM;Lo;0;AL;<final> 0626 0632;;;;N;;;;;
+FC66;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM FINAL FORM;Lo;0;AL;<final> 0626 0645;;;;N;;;;;
+FC67;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH NOON FINAL FORM;Lo;0;AL;<final> 0626 0646;;;;N;;;;;
+FC68;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0626 0649;;;;N;;;;;
+FC69;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YEH FINAL FORM;Lo;0;AL;<final> 0626 064A;;;;N;;;;;
+FC6A;ARABIC LIGATURE BEH WITH REH FINAL FORM;Lo;0;AL;<final> 0628 0631;;;;N;;;;;
+FC6B;ARABIC LIGATURE BEH WITH ZAIN FINAL FORM;Lo;0;AL;<final> 0628 0632;;;;N;;;;;
+FC6C;ARABIC LIGATURE BEH WITH MEEM FINAL FORM;Lo;0;AL;<final> 0628 0645;;;;N;;;;;
+FC6D;ARABIC LIGATURE BEH WITH NOON FINAL FORM;Lo;0;AL;<final> 0628 0646;;;;N;;;;;
+FC6E;ARABIC LIGATURE BEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0628 0649;;;;N;;;;;
+FC6F;ARABIC LIGATURE BEH WITH YEH FINAL FORM;Lo;0;AL;<final> 0628 064A;;;;N;;;;;
+FC70;ARABIC LIGATURE TEH WITH REH FINAL FORM;Lo;0;AL;<final> 062A 0631;;;;N;;;;;
+FC71;ARABIC LIGATURE TEH WITH ZAIN FINAL FORM;Lo;0;AL;<final> 062A 0632;;;;N;;;;;
+FC72;ARABIC LIGATURE TEH WITH MEEM FINAL FORM;Lo;0;AL;<final> 062A 0645;;;;N;;;;;
+FC73;ARABIC LIGATURE TEH WITH NOON FINAL FORM;Lo;0;AL;<final> 062A 0646;;;;N;;;;;
+FC74;ARABIC LIGATURE TEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062A 0649;;;;N;;;;;
+FC75;ARABIC LIGATURE TEH WITH YEH FINAL FORM;Lo;0;AL;<final> 062A 064A;;;;N;;;;;
+FC76;ARABIC LIGATURE THEH WITH REH FINAL FORM;Lo;0;AL;<final> 062B 0631;;;;N;;;;;
+FC77;ARABIC LIGATURE THEH WITH ZAIN FINAL FORM;Lo;0;AL;<final> 062B 0632;;;;N;;;;;
+FC78;ARABIC LIGATURE THEH WITH MEEM FINAL FORM;Lo;0;AL;<final> 062B 0645;;;;N;;;;;
+FC79;ARABIC LIGATURE THEH WITH NOON FINAL FORM;Lo;0;AL;<final> 062B 0646;;;;N;;;;;
+FC7A;ARABIC LIGATURE THEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062B 0649;;;;N;;;;;
+FC7B;ARABIC LIGATURE THEH WITH YEH FINAL FORM;Lo;0;AL;<final> 062B 064A;;;;N;;;;;
+FC7C;ARABIC LIGATURE FEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0641 0649;;;;N;;;;;
+FC7D;ARABIC LIGATURE FEH WITH YEH FINAL FORM;Lo;0;AL;<final> 0641 064A;;;;N;;;;;
+FC7E;ARABIC LIGATURE QAF WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0642 0649;;;;N;;;;;
+FC7F;ARABIC LIGATURE QAF WITH YEH FINAL FORM;Lo;0;AL;<final> 0642 064A;;;;N;;;;;
+FC80;ARABIC LIGATURE KAF WITH ALEF FINAL FORM;Lo;0;AL;<final> 0643 0627;;;;N;;;;;
+FC81;ARABIC LIGATURE KAF WITH LAM FINAL FORM;Lo;0;AL;<final> 0643 0644;;;;N;;;;;
+FC82;ARABIC LIGATURE KAF WITH MEEM FINAL FORM;Lo;0;AL;<final> 0643 0645;;;;N;;;;;
+FC83;ARABIC LIGATURE KAF WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0643 0649;;;;N;;;;;
+FC84;ARABIC LIGATURE KAF WITH YEH FINAL FORM;Lo;0;AL;<final> 0643 064A;;;;N;;;;;
+FC85;ARABIC LIGATURE LAM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0644 0645;;;;N;;;;;
+FC86;ARABIC LIGATURE LAM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0644 0649;;;;N;;;;;
+FC87;ARABIC LIGATURE LAM WITH YEH FINAL FORM;Lo;0;AL;<final> 0644 064A;;;;N;;;;;
+FC88;ARABIC LIGATURE MEEM WITH ALEF FINAL FORM;Lo;0;AL;<final> 0645 0627;;;;N;;;;;
+FC89;ARABIC LIGATURE MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0645 0645;;;;N;;;;;
+FC8A;ARABIC LIGATURE NOON WITH REH FINAL FORM;Lo;0;AL;<final> 0646 0631;;;;N;;;;;
+FC8B;ARABIC LIGATURE NOON WITH ZAIN FINAL FORM;Lo;0;AL;<final> 0646 0632;;;;N;;;;;
+FC8C;ARABIC LIGATURE NOON WITH MEEM FINAL FORM;Lo;0;AL;<final> 0646 0645;;;;N;;;;;
+FC8D;ARABIC LIGATURE NOON WITH NOON FINAL FORM;Lo;0;AL;<final> 0646 0646;;;;N;;;;;
+FC8E;ARABIC LIGATURE NOON WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0646 0649;;;;N;;;;;
+FC8F;ARABIC LIGATURE NOON WITH YEH FINAL FORM;Lo;0;AL;<final> 0646 064A;;;;N;;;;;
+FC90;ARABIC LIGATURE ALEF MAKSURA WITH SUPERSCRIPT ALEF FINAL FORM;Lo;0;AL;<final> 0649 0670;;;;N;;;;;
+FC91;ARABIC LIGATURE YEH WITH REH FINAL FORM;Lo;0;AL;<final> 064A 0631;;;;N;;;;;
+FC92;ARABIC LIGATURE YEH WITH ZAIN FINAL FORM;Lo;0;AL;<final> 064A 0632;;;;N;;;;;
+FC93;ARABIC LIGATURE YEH WITH MEEM FINAL FORM;Lo;0;AL;<final> 064A 0645;;;;N;;;;;
+FC94;ARABIC LIGATURE YEH WITH NOON FINAL FORM;Lo;0;AL;<final> 064A 0646;;;;N;;;;;
+FC95;ARABIC LIGATURE YEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 064A 0649;;;;N;;;;;
+FC96;ARABIC LIGATURE YEH WITH YEH FINAL FORM;Lo;0;AL;<final> 064A 064A;;;;N;;;;;
+FC97;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0626 062C;;;;N;;;;;
+FC98;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0626 062D;;;;N;;;;;
+FC99;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0626 062E;;;;N;;;;;
+FC9A;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0626 0645;;;;N;;;;;
+FC9B;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HEH INITIAL FORM;Lo;0;AL;<initial> 0626 0647;;;;N;;;;;
+FC9C;ARABIC LIGATURE BEH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0628 062C;;;;N;;;;;
+FC9D;ARABIC LIGATURE BEH WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0628 062D;;;;N;;;;;
+FC9E;ARABIC LIGATURE BEH WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0628 062E;;;;N;;;;;
+FC9F;ARABIC LIGATURE BEH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0628 0645;;;;N;;;;;
+FCA0;ARABIC LIGATURE BEH WITH HEH INITIAL FORM;Lo;0;AL;<initial> 0628 0647;;;;N;;;;;
+FCA1;ARABIC LIGATURE TEH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 062A 062C;;;;N;;;;;
+FCA2;ARABIC LIGATURE TEH WITH HAH INITIAL FORM;Lo;0;AL;<initial> 062A 062D;;;;N;;;;;
+FCA3;ARABIC LIGATURE TEH WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 062A 062E;;;;N;;;;;
+FCA4;ARABIC LIGATURE TEH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062A 0645;;;;N;;;;;
+FCA5;ARABIC LIGATURE TEH WITH HEH INITIAL FORM;Lo;0;AL;<initial> 062A 0647;;;;N;;;;;
+FCA6;ARABIC LIGATURE THEH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062B 0645;;;;N;;;;;
+FCA7;ARABIC LIGATURE JEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 062C 062D;;;;N;;;;;
+FCA8;ARABIC LIGATURE JEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062C 0645;;;;N;;;;;
+FCA9;ARABIC LIGATURE HAH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 062D 062C;;;;N;;;;;
+FCAA;ARABIC LIGATURE HAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062D 0645;;;;N;;;;;
+FCAB;ARABIC LIGATURE KHAH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 062E 062C;;;;N;;;;;
+FCAC;ARABIC LIGATURE KHAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062E 0645;;;;N;;;;;
+FCAD;ARABIC LIGATURE SEEN WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0633 062C;;;;N;;;;;
+FCAE;ARABIC LIGATURE SEEN WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0633 062D;;;;N;;;;;
+FCAF;ARABIC LIGATURE SEEN WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0633 062E;;;;N;;;;;
+FCB0;ARABIC LIGATURE SEEN WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0633 0645;;;;N;;;;;
+FCB1;ARABIC LIGATURE SAD WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0635 062D;;;;N;;;;;
+FCB2;ARABIC LIGATURE SAD WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0635 062E;;;;N;;;;;
+FCB3;ARABIC LIGATURE SAD WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0635 0645;;;;N;;;;;
+FCB4;ARABIC LIGATURE DAD WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0636 062C;;;;N;;;;;
+FCB5;ARABIC LIGATURE DAD WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0636 062D;;;;N;;;;;
+FCB6;ARABIC LIGATURE DAD WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0636 062E;;;;N;;;;;
+FCB7;ARABIC LIGATURE DAD WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0636 0645;;;;N;;;;;
+FCB8;ARABIC LIGATURE TAH WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0637 062D;;;;N;;;;;
+FCB9;ARABIC LIGATURE ZAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0638 0645;;;;N;;;;;
+FCBA;ARABIC LIGATURE AIN WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0639 062C;;;;N;;;;;
+FCBB;ARABIC LIGATURE AIN WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0639 0645;;;;N;;;;;
+FCBC;ARABIC LIGATURE GHAIN WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 063A 062C;;;;N;;;;;
+FCBD;ARABIC LIGATURE GHAIN WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 063A 0645;;;;N;;;;;
+FCBE;ARABIC LIGATURE FEH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0641 062C;;;;N;;;;;
+FCBF;ARABIC LIGATURE FEH WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0641 062D;;;;N;;;;;
+FCC0;ARABIC LIGATURE FEH WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0641 062E;;;;N;;;;;
+FCC1;ARABIC LIGATURE FEH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0641 0645;;;;N;;;;;
+FCC2;ARABIC LIGATURE QAF WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0642 062D;;;;N;;;;;
+FCC3;ARABIC LIGATURE QAF WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0642 0645;;;;N;;;;;
+FCC4;ARABIC LIGATURE KAF WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0643 062C;;;;N;;;;;
+FCC5;ARABIC LIGATURE KAF WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0643 062D;;;;N;;;;;
+FCC6;ARABIC LIGATURE KAF WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0643 062E;;;;N;;;;;
+FCC7;ARABIC LIGATURE KAF WITH LAM INITIAL FORM;Lo;0;AL;<initial> 0643 0644;;;;N;;;;;
+FCC8;ARABIC LIGATURE KAF WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0643 0645;;;;N;;;;;
+FCC9;ARABIC LIGATURE LAM WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0644 062C;;;;N;;;;;
+FCCA;ARABIC LIGATURE LAM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0644 062D;;;;N;;;;;
+FCCB;ARABIC LIGATURE LAM WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0644 062E;;;;N;;;;;
+FCCC;ARABIC LIGATURE LAM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0644 0645;;;;N;;;;;
+FCCD;ARABIC LIGATURE LAM WITH HEH INITIAL FORM;Lo;0;AL;<initial> 0644 0647;;;;N;;;;;
+FCCE;ARABIC LIGATURE MEEM WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0645 062C;;;;N;;;;;
+FCCF;ARABIC LIGATURE MEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0645 062D;;;;N;;;;;
+FCD0;ARABIC LIGATURE MEEM WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0645 062E;;;;N;;;;;
+FCD1;ARABIC LIGATURE MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0645 0645;;;;N;;;;;
+FCD2;ARABIC LIGATURE NOON WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0646 062C;;;;N;;;;;
+FCD3;ARABIC LIGATURE NOON WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0646 062D;;;;N;;;;;
+FCD4;ARABIC LIGATURE NOON WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0646 062E;;;;N;;;;;
+FCD5;ARABIC LIGATURE NOON WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0646 0645;;;;N;;;;;
+FCD6;ARABIC LIGATURE NOON WITH HEH INITIAL FORM;Lo;0;AL;<initial> 0646 0647;;;;N;;;;;
+FCD7;ARABIC LIGATURE HEH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0647 062C;;;;N;;;;;
+FCD8;ARABIC LIGATURE HEH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0647 0645;;;;N;;;;;
+FCD9;ARABIC LIGATURE HEH WITH SUPERSCRIPT ALEF INITIAL FORM;Lo;0;AL;<initial> 0647 0670;;;;N;;;;;
+FCDA;ARABIC LIGATURE YEH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 064A 062C;;;;N;;;;;
+FCDB;ARABIC LIGATURE YEH WITH HAH INITIAL FORM;Lo;0;AL;<initial> 064A 062D;;;;N;;;;;
+FCDC;ARABIC LIGATURE YEH WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 064A 062E;;;;N;;;;;
+FCDD;ARABIC LIGATURE YEH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 064A 0645;;;;N;;;;;
+FCDE;ARABIC LIGATURE YEH WITH HEH INITIAL FORM;Lo;0;AL;<initial> 064A 0647;;;;N;;;;;
+FCDF;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0626 0645;;;;N;;;;;
+FCE0;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 0626 0647;;;;N;;;;;
+FCE1;ARABIC LIGATURE BEH WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0628 0645;;;;N;;;;;
+FCE2;ARABIC LIGATURE BEH WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 0628 0647;;;;N;;;;;
+FCE3;ARABIC LIGATURE TEH WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 062A 0645;;;;N;;;;;
+FCE4;ARABIC LIGATURE TEH WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 062A 0647;;;;N;;;;;
+FCE5;ARABIC LIGATURE THEH WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 062B 0645;;;;N;;;;;
+FCE6;ARABIC LIGATURE THEH WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 062B 0647;;;;N;;;;;
+FCE7;ARABIC LIGATURE SEEN WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0633 0645;;;;N;;;;;
+FCE8;ARABIC LIGATURE SEEN WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 0633 0647;;;;N;;;;;
+FCE9;ARABIC LIGATURE SHEEN WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0634 0645;;;;N;;;;;
+FCEA;ARABIC LIGATURE SHEEN WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 0634 0647;;;;N;;;;;
+FCEB;ARABIC LIGATURE KAF WITH LAM MEDIAL FORM;Lo;0;AL;<medial> 0643 0644;;;;N;;;;;
+FCEC;ARABIC LIGATURE KAF WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0643 0645;;;;N;;;;;
+FCED;ARABIC LIGATURE LAM WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0644 0645;;;;N;;;;;
+FCEE;ARABIC LIGATURE NOON WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0646 0645;;;;N;;;;;
+FCEF;ARABIC LIGATURE NOON WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 0646 0647;;;;N;;;;;
+FCF0;ARABIC LIGATURE YEH WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 064A 0645;;;;N;;;;;
+FCF1;ARABIC LIGATURE YEH WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 064A 0647;;;;N;;;;;
+FCF2;ARABIC LIGATURE SHADDA WITH FATHA MEDIAL FORM;Lo;0;AL;<medial> 0640 064E 0651;;;;N;;;;;
+FCF3;ARABIC LIGATURE SHADDA WITH DAMMA MEDIAL FORM;Lo;0;AL;<medial> 0640 064F 0651;;;;N;;;;;
+FCF4;ARABIC LIGATURE SHADDA WITH KASRA MEDIAL FORM;Lo;0;AL;<medial> 0640 0650 0651;;;;N;;;;;
+FCF5;ARABIC LIGATURE TAH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0637 0649;;;;N;;;;;
+FCF6;ARABIC LIGATURE TAH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0637 064A;;;;N;;;;;
+FCF7;ARABIC LIGATURE AIN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0639 0649;;;;N;;;;;
+FCF8;ARABIC LIGATURE AIN WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0639 064A;;;;N;;;;;
+FCF9;ARABIC LIGATURE GHAIN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 063A 0649;;;;N;;;;;
+FCFA;ARABIC LIGATURE GHAIN WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 063A 064A;;;;N;;;;;
+FCFB;ARABIC LIGATURE SEEN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0633 0649;;;;N;;;;;
+FCFC;ARABIC LIGATURE SEEN WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0633 064A;;;;N;;;;;
+FCFD;ARABIC LIGATURE SHEEN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0634 0649;;;;N;;;;;
+FCFE;ARABIC LIGATURE SHEEN WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0634 064A;;;;N;;;;;
+FCFF;ARABIC LIGATURE HAH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 062D 0649;;;;N;;;;;
+FD00;ARABIC LIGATURE HAH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 062D 064A;;;;N;;;;;
+FD01;ARABIC LIGATURE JEEM WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 062C 0649;;;;N;;;;;
+FD02;ARABIC LIGATURE JEEM WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 062C 064A;;;;N;;;;;
+FD03;ARABIC LIGATURE KHAH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 062E 0649;;;;N;;;;;
+FD04;ARABIC LIGATURE KHAH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 062E 064A;;;;N;;;;;
+FD05;ARABIC LIGATURE SAD WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0635 0649;;;;N;;;;;
+FD06;ARABIC LIGATURE SAD WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0635 064A;;;;N;;;;;
+FD07;ARABIC LIGATURE DAD WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0636 0649;;;;N;;;;;
+FD08;ARABIC LIGATURE DAD WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0636 064A;;;;N;;;;;
+FD09;ARABIC LIGATURE SHEEN WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0634 062C;;;;N;;;;;
+FD0A;ARABIC LIGATURE SHEEN WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0634 062D;;;;N;;;;;
+FD0B;ARABIC LIGATURE SHEEN WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0634 062E;;;;N;;;;;
+FD0C;ARABIC LIGATURE SHEEN WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0634 0645;;;;N;;;;;
+FD0D;ARABIC LIGATURE SHEEN WITH REH ISOLATED FORM;Lo;0;AL;<isolated> 0634 0631;;;;N;;;;;
+FD0E;ARABIC LIGATURE SEEN WITH REH ISOLATED FORM;Lo;0;AL;<isolated> 0633 0631;;;;N;;;;;
+FD0F;ARABIC LIGATURE SAD WITH REH ISOLATED FORM;Lo;0;AL;<isolated> 0635 0631;;;;N;;;;;
+FD10;ARABIC LIGATURE DAD WITH REH ISOLATED FORM;Lo;0;AL;<isolated> 0636 0631;;;;N;;;;;
+FD11;ARABIC LIGATURE TAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0637 0649;;;;N;;;;;
+FD12;ARABIC LIGATURE TAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0637 064A;;;;N;;;;;
+FD13;ARABIC LIGATURE AIN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0639 0649;;;;N;;;;;
+FD14;ARABIC LIGATURE AIN WITH YEH FINAL FORM;Lo;0;AL;<final> 0639 064A;;;;N;;;;;
+FD15;ARABIC LIGATURE GHAIN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 063A 0649;;;;N;;;;;
+FD16;ARABIC LIGATURE GHAIN WITH YEH FINAL FORM;Lo;0;AL;<final> 063A 064A;;;;N;;;;;
+FD17;ARABIC LIGATURE SEEN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0633 0649;;;;N;;;;;
+FD18;ARABIC LIGATURE SEEN WITH YEH FINAL FORM;Lo;0;AL;<final> 0633 064A;;;;N;;;;;
+FD19;ARABIC LIGATURE SHEEN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0634 0649;;;;N;;;;;
+FD1A;ARABIC LIGATURE SHEEN WITH YEH FINAL FORM;Lo;0;AL;<final> 0634 064A;;;;N;;;;;
+FD1B;ARABIC LIGATURE HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062D 0649;;;;N;;;;;
+FD1C;ARABIC LIGATURE HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 062D 064A;;;;N;;;;;
+FD1D;ARABIC LIGATURE JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062C 0649;;;;N;;;;;
+FD1E;ARABIC LIGATURE JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 062C 064A;;;;N;;;;;
+FD1F;ARABIC LIGATURE KHAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062E 0649;;;;N;;;;;
+FD20;ARABIC LIGATURE KHAH WITH YEH FINAL FORM;Lo;0;AL;<final> 062E 064A;;;;N;;;;;
+FD21;ARABIC LIGATURE SAD WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0635 0649;;;;N;;;;;
+FD22;ARABIC LIGATURE SAD WITH YEH FINAL FORM;Lo;0;AL;<final> 0635 064A;;;;N;;;;;
+FD23;ARABIC LIGATURE DAD WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0636 0649;;;;N;;;;;
+FD24;ARABIC LIGATURE DAD WITH YEH FINAL FORM;Lo;0;AL;<final> 0636 064A;;;;N;;;;;
+FD25;ARABIC LIGATURE SHEEN WITH JEEM FINAL FORM;Lo;0;AL;<final> 0634 062C;;;;N;;;;;
+FD26;ARABIC LIGATURE SHEEN WITH HAH FINAL FORM;Lo;0;AL;<final> 0634 062D;;;;N;;;;;
+FD27;ARABIC LIGATURE SHEEN WITH KHAH FINAL FORM;Lo;0;AL;<final> 0634 062E;;;;N;;;;;
+FD28;ARABIC LIGATURE SHEEN WITH MEEM FINAL FORM;Lo;0;AL;<final> 0634 0645;;;;N;;;;;
+FD29;ARABIC LIGATURE SHEEN WITH REH FINAL FORM;Lo;0;AL;<final> 0634 0631;;;;N;;;;;
+FD2A;ARABIC LIGATURE SEEN WITH REH FINAL FORM;Lo;0;AL;<final> 0633 0631;;;;N;;;;;
+FD2B;ARABIC LIGATURE SAD WITH REH FINAL FORM;Lo;0;AL;<final> 0635 0631;;;;N;;;;;
+FD2C;ARABIC LIGATURE DAD WITH REH FINAL FORM;Lo;0;AL;<final> 0636 0631;;;;N;;;;;
+FD2D;ARABIC LIGATURE SHEEN WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0634 062C;;;;N;;;;;
+FD2E;ARABIC LIGATURE SHEEN WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0634 062D;;;;N;;;;;
+FD2F;ARABIC LIGATURE SHEEN WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0634 062E;;;;N;;;;;
+FD30;ARABIC LIGATURE SHEEN WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0634 0645;;;;N;;;;;
+FD31;ARABIC LIGATURE SEEN WITH HEH INITIAL FORM;Lo;0;AL;<initial> 0633 0647;;;;N;;;;;
+FD32;ARABIC LIGATURE SHEEN WITH HEH INITIAL FORM;Lo;0;AL;<initial> 0634 0647;;;;N;;;;;
+FD33;ARABIC LIGATURE TAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0637 0645;;;;N;;;;;
+FD34;ARABIC LIGATURE SEEN WITH JEEM MEDIAL FORM;Lo;0;AL;<medial> 0633 062C;;;;N;;;;;
+FD35;ARABIC LIGATURE SEEN WITH HAH MEDIAL FORM;Lo;0;AL;<medial> 0633 062D;;;;N;;;;;
+FD36;ARABIC LIGATURE SEEN WITH KHAH MEDIAL FORM;Lo;0;AL;<medial> 0633 062E;;;;N;;;;;
+FD37;ARABIC LIGATURE SHEEN WITH JEEM MEDIAL FORM;Lo;0;AL;<medial> 0634 062C;;;;N;;;;;
+FD38;ARABIC LIGATURE SHEEN WITH HAH MEDIAL FORM;Lo;0;AL;<medial> 0634 062D;;;;N;;;;;
+FD39;ARABIC LIGATURE SHEEN WITH KHAH MEDIAL FORM;Lo;0;AL;<medial> 0634 062E;;;;N;;;;;
+FD3A;ARABIC LIGATURE TAH WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0637 0645;;;;N;;;;;
+FD3B;ARABIC LIGATURE ZAH WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0638 0645;;;;N;;;;;
+FD3C;ARABIC LIGATURE ALEF WITH FATHATAN FINAL FORM;Lo;0;AL;<final> 0627 064B;;;;N;;;;;
+FD3D;ARABIC LIGATURE ALEF WITH FATHATAN ISOLATED FORM;Lo;0;AL;<isolated> 0627 064B;;;;N;;;;;
+FD3E;ORNATE LEFT PARENTHESIS;Ps;0;ON;;;;;N;;;;;
+FD3F;ORNATE RIGHT PARENTHESIS;Pe;0;ON;;;;;N;;;;;
+FD50;ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062A 062C 0645;;;;N;;;;;
+FD51;ARABIC LIGATURE TEH WITH HAH WITH JEEM FINAL FORM;Lo;0;AL;<final> 062A 062D 062C;;;;N;;;;;
+FD52;ARABIC LIGATURE TEH WITH HAH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 062A 062D 062C;;;;N;;;;;
+FD53;ARABIC LIGATURE TEH WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062A 062D 0645;;;;N;;;;;
+FD54;ARABIC LIGATURE TEH WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062A 062E 0645;;;;N;;;;;
+FD55;ARABIC LIGATURE TEH WITH MEEM WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 062A 0645 062C;;;;N;;;;;
+FD56;ARABIC LIGATURE TEH WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 062A 0645 062D;;;;N;;;;;
+FD57;ARABIC LIGATURE TEH WITH MEEM WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 062A 0645 062E;;;;N;;;;;
+FD58;ARABIC LIGATURE JEEM WITH MEEM WITH HAH FINAL FORM;Lo;0;AL;<final> 062C 0645 062D;;;;N;;;;;
+FD59;ARABIC LIGATURE JEEM WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 062C 0645 062D;;;;N;;;;;
+FD5A;ARABIC LIGATURE HAH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 062D 0645 064A;;;;N;;;;;
+FD5B;ARABIC LIGATURE HAH WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062D 0645 0649;;;;N;;;;;
+FD5C;ARABIC LIGATURE SEEN WITH HAH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0633 062D 062C;;;;N;;;;;
+FD5D;ARABIC LIGATURE SEEN WITH JEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0633 062C 062D;;;;N;;;;;
+FD5E;ARABIC LIGATURE SEEN WITH JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0633 062C 0649;;;;N;;;;;
+FD5F;ARABIC LIGATURE SEEN WITH MEEM WITH HAH FINAL FORM;Lo;0;AL;<final> 0633 0645 062D;;;;N;;;;;
+FD60;ARABIC LIGATURE SEEN WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0633 0645 062D;;;;N;;;;;
+FD61;ARABIC LIGATURE SEEN WITH MEEM WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0633 0645 062C;;;;N;;;;;
+FD62;ARABIC LIGATURE SEEN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0633 0645 0645;;;;N;;;;;
+FD63;ARABIC LIGATURE SEEN WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0633 0645 0645;;;;N;;;;;
+FD64;ARABIC LIGATURE SAD WITH HAH WITH HAH FINAL FORM;Lo;0;AL;<final> 0635 062D 062D;;;;N;;;;;
+FD65;ARABIC LIGATURE SAD WITH HAH WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0635 062D 062D;;;;N;;;;;
+FD66;ARABIC LIGATURE SAD WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0635 0645 0645;;;;N;;;;;
+FD67;ARABIC LIGATURE SHEEN WITH HAH WITH MEEM FINAL FORM;Lo;0;AL;<final> 0634 062D 0645;;;;N;;;;;
+FD68;ARABIC LIGATURE SHEEN WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0634 062D 0645;;;;N;;;;;
+FD69;ARABIC LIGATURE SHEEN WITH JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0634 062C 064A;;;;N;;;;;
+FD6A;ARABIC LIGATURE SHEEN WITH MEEM WITH KHAH FINAL FORM;Lo;0;AL;<final> 0634 0645 062E;;;;N;;;;;
+FD6B;ARABIC LIGATURE SHEEN WITH MEEM WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0634 0645 062E;;;;N;;;;;
+FD6C;ARABIC LIGATURE SHEEN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0634 0645 0645;;;;N;;;;;
+FD6D;ARABIC LIGATURE SHEEN WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0634 0645 0645;;;;N;;;;;
+FD6E;ARABIC LIGATURE DAD WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0636 062D 0649;;;;N;;;;;
+FD6F;ARABIC LIGATURE DAD WITH KHAH WITH MEEM FINAL FORM;Lo;0;AL;<final> 0636 062E 0645;;;;N;;;;;
+FD70;ARABIC LIGATURE DAD WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0636 062E 0645;;;;N;;;;;
+FD71;ARABIC LIGATURE TAH WITH MEEM WITH HAH FINAL FORM;Lo;0;AL;<final> 0637 0645 062D;;;;N;;;;;
+FD72;ARABIC LIGATURE TAH WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0637 0645 062D;;;;N;;;;;
+FD73;ARABIC LIGATURE TAH WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0637 0645 0645;;;;N;;;;;
+FD74;ARABIC LIGATURE TAH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0637 0645 064A;;;;N;;;;;
+FD75;ARABIC LIGATURE AIN WITH JEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0639 062C 0645;;;;N;;;;;
+FD76;ARABIC LIGATURE AIN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0639 0645 0645;;;;N;;;;;
+FD77;ARABIC LIGATURE AIN WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0639 0645 0645;;;;N;;;;;
+FD78;ARABIC LIGATURE AIN WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0639 0645 0649;;;;N;;;;;
+FD79;ARABIC LIGATURE GHAIN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 063A 0645 0645;;;;N;;;;;
+FD7A;ARABIC LIGATURE GHAIN WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 063A 0645 064A;;;;N;;;;;
+FD7B;ARABIC LIGATURE GHAIN WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 063A 0645 0649;;;;N;;;;;
+FD7C;ARABIC LIGATURE FEH WITH KHAH WITH MEEM FINAL FORM;Lo;0;AL;<final> 0641 062E 0645;;;;N;;;;;
+FD7D;ARABIC LIGATURE FEH WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0641 062E 0645;;;;N;;;;;
+FD7E;ARABIC LIGATURE QAF WITH MEEM WITH HAH FINAL FORM;Lo;0;AL;<final> 0642 0645 062D;;;;N;;;;;
+FD7F;ARABIC LIGATURE QAF WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0642 0645 0645;;;;N;;;;;
+FD80;ARABIC LIGATURE LAM WITH HAH WITH MEEM FINAL FORM;Lo;0;AL;<final> 0644 062D 0645;;;;N;;;;;
+FD81;ARABIC LIGATURE LAM WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0644 062D 064A;;;;N;;;;;
+FD82;ARABIC LIGATURE LAM WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0644 062D 0649;;;;N;;;;;
+FD83;ARABIC LIGATURE LAM WITH JEEM WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0644 062C 062C;;;;N;;;;;
+FD84;ARABIC LIGATURE LAM WITH JEEM WITH JEEM FINAL FORM;Lo;0;AL;<final> 0644 062C 062C;;;;N;;;;;
+FD85;ARABIC LIGATURE LAM WITH KHAH WITH MEEM FINAL FORM;Lo;0;AL;<final> 0644 062E 0645;;;;N;;;;;
+FD86;ARABIC LIGATURE LAM WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0644 062E 0645;;;;N;;;;;
+FD87;ARABIC LIGATURE LAM WITH MEEM WITH HAH FINAL FORM;Lo;0;AL;<final> 0644 0645 062D;;;;N;;;;;
+FD88;ARABIC LIGATURE LAM WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0644 0645 062D;;;;N;;;;;
+FD89;ARABIC LIGATURE MEEM WITH HAH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0645 062D 062C;;;;N;;;;;
+FD8A;ARABIC LIGATURE MEEM WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0645 062D 0645;;;;N;;;;;
+FD8B;ARABIC LIGATURE MEEM WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0645 062D 064A;;;;N;;;;;
+FD8C;ARABIC LIGATURE MEEM WITH JEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0645 062C 062D;;;;N;;;;;
+FD8D;ARABIC LIGATURE MEEM WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0645 062C 0645;;;;N;;;;;
+FD8E;ARABIC LIGATURE MEEM WITH KHAH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0645 062E 062C;;;;N;;;;;
+FD8F;ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0645 062E 0645;;;;N;;;;;
+FD92;ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0645 062C 062E;;;;N;;;;;
+FD93;ARABIC LIGATURE HEH WITH MEEM WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0647 0645 062C;;;;N;;;;;
+FD94;ARABIC LIGATURE HEH WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0647 0645 0645;;;;N;;;;;
+FD95;ARABIC LIGATURE NOON WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0646 062D 0645;;;;N;;;;;
+FD96;ARABIC LIGATURE NOON WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0646 062D 0649;;;;N;;;;;
+FD97;ARABIC LIGATURE NOON WITH JEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0646 062C 0645;;;;N;;;;;
+FD98;ARABIC LIGATURE NOON WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0646 062C 0645;;;;N;;;;;
+FD99;ARABIC LIGATURE NOON WITH JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0646 062C 0649;;;;N;;;;;
+FD9A;ARABIC LIGATURE NOON WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0646 0645 064A;;;;N;;;;;
+FD9B;ARABIC LIGATURE NOON WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0646 0645 0649;;;;N;;;;;
+FD9C;ARABIC LIGATURE YEH WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 064A 0645 0645;;;;N;;;;;
+FD9D;ARABIC LIGATURE YEH WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 064A 0645 0645;;;;N;;;;;
+FD9E;ARABIC LIGATURE BEH WITH KHAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0628 062E 064A;;;;N;;;;;
+FD9F;ARABIC LIGATURE TEH WITH JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 062A 062C 064A;;;;N;;;;;
+FDA0;ARABIC LIGATURE TEH WITH JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062A 062C 0649;;;;N;;;;;
+FDA1;ARABIC LIGATURE TEH WITH KHAH WITH YEH FINAL FORM;Lo;0;AL;<final> 062A 062E 064A;;;;N;;;;;
+FDA2;ARABIC LIGATURE TEH WITH KHAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062A 062E 0649;;;;N;;;;;
+FDA3;ARABIC LIGATURE TEH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 062A 0645 064A;;;;N;;;;;
+FDA4;ARABIC LIGATURE TEH WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062A 0645 0649;;;;N;;;;;
+FDA5;ARABIC LIGATURE JEEM WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 062C 0645 064A;;;;N;;;;;
+FDA6;ARABIC LIGATURE JEEM WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062C 062D 0649;;;;N;;;;;
+FDA7;ARABIC LIGATURE JEEM WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062C 0645 0649;;;;N;;;;;
+FDA8;ARABIC LIGATURE SEEN WITH KHAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0633 062E 0649;;;;N;;;;;
+FDA9;ARABIC LIGATURE SAD WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0635 062D 064A;;;;N;;;;;
+FDAA;ARABIC LIGATURE SHEEN WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0634 062D 064A;;;;N;;;;;
+FDAB;ARABIC LIGATURE DAD WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0636 062D 064A;;;;N;;;;;
+FDAC;ARABIC LIGATURE LAM WITH JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0644 062C 064A;;;;N;;;;;
+FDAD;ARABIC LIGATURE LAM WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0644 0645 064A;;;;N;;;;;
+FDAE;ARABIC LIGATURE YEH WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 064A 062D 064A;;;;N;;;;;
+FDAF;ARABIC LIGATURE YEH WITH JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 064A 062C 064A;;;;N;;;;;
+FDB0;ARABIC LIGATURE YEH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 064A 0645 064A;;;;N;;;;;
+FDB1;ARABIC LIGATURE MEEM WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0645 0645 064A;;;;N;;;;;
+FDB2;ARABIC LIGATURE QAF WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0642 0645 064A;;;;N;;;;;
+FDB3;ARABIC LIGATURE NOON WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0646 062D 064A;;;;N;;;;;
+FDB4;ARABIC LIGATURE QAF WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0642 0645 062D;;;;N;;;;;
+FDB5;ARABIC LIGATURE LAM WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0644 062D 0645;;;;N;;;;;
+FDB6;ARABIC LIGATURE AIN WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0639 0645 064A;;;;N;;;;;
+FDB7;ARABIC LIGATURE KAF WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0643 0645 064A;;;;N;;;;;
+FDB8;ARABIC LIGATURE NOON WITH JEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0646 062C 062D;;;;N;;;;;
+FDB9;ARABIC LIGATURE MEEM WITH KHAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0645 062E 064A;;;;N;;;;;
+FDBA;ARABIC LIGATURE LAM WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0644 062C 0645;;;;N;;;;;
+FDBB;ARABIC LIGATURE KAF WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0643 0645 0645;;;;N;;;;;
+FDBC;ARABIC LIGATURE LAM WITH JEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0644 062C 0645;;;;N;;;;;
+FDBD;ARABIC LIGATURE NOON WITH JEEM WITH HAH FINAL FORM;Lo;0;AL;<final> 0646 062C 062D;;;;N;;;;;
+FDBE;ARABIC LIGATURE JEEM WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 062C 062D 064A;;;;N;;;;;
+FDBF;ARABIC LIGATURE HAH WITH JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 062D 062C 064A;;;;N;;;;;
+FDC0;ARABIC LIGATURE MEEM WITH JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0645 062C 064A;;;;N;;;;;
+FDC1;ARABIC LIGATURE FEH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0641 0645 064A;;;;N;;;;;
+FDC2;ARABIC LIGATURE BEH WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0628 062D 064A;;;;N;;;;;
+FDC3;ARABIC LIGATURE KAF WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0643 0645 0645;;;;N;;;;;
+FDC4;ARABIC LIGATURE AIN WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0639 062C 0645;;;;N;;;;;
+FDC5;ARABIC LIGATURE SAD WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0635 0645 0645;;;;N;;;;;
+FDC6;ARABIC LIGATURE SEEN WITH KHAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0633 062E 064A;;;;N;;;;;
+FDC7;ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0646 062C 064A;;;;N;;;;;
+FDF0;ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM;Lo;0;AL;<isolated> 0635 0644 06D2;;;;N;;;;;
+FDF1;ARABIC LIGATURE QALA USED AS KORANIC STOP SIGN ISOLATED FORM;Lo;0;AL;<isolated> 0642 0644 06D2;;;;N;;;;;
+FDF2;ARABIC LIGATURE ALLAH ISOLATED FORM;Lo;0;AL;<isolated> 0627 0644 0644 0647;;;;N;;;;;
+FDF3;ARABIC LIGATURE AKBAR ISOLATED FORM;Lo;0;AL;<isolated> 0627 0643 0628 0631;;;;N;;;;;
+FDF4;ARABIC LIGATURE MOHAMMAD ISOLATED FORM;Lo;0;AL;<isolated> 0645 062D 0645 062F;;;;N;;;;;
+FDF5;ARABIC LIGATURE SALAM ISOLATED FORM;Lo;0;AL;<isolated> 0635 0644 0639 0645;;;;N;;;;;
+FDF6;ARABIC LIGATURE RASOUL ISOLATED FORM;Lo;0;AL;<isolated> 0631 0633 0648 0644;;;;N;;;;;
+FDF7;ARABIC LIGATURE ALAYHE ISOLATED FORM;Lo;0;AL;<isolated> 0639 0644 064A 0647;;;;N;;;;;
+FDF8;ARABIC LIGATURE WASALLAM ISOLATED FORM;Lo;0;AL;<isolated> 0648 0633 0644 0645;;;;N;;;;;
+FDF9;ARABIC LIGATURE SALLA ISOLATED FORM;Lo;0;AL;<isolated> 0635 0644 0649;;;;N;;;;;
+FDFA;ARABIC LIGATURE SALLALLAHOU ALAYHE WASALLAM;Lo;0;AL;<isolated> 0635 0644 0649 0020 0627 0644 0644 0647 0020 0639 0644 064A 0647 0020 0648 0633 0644 0645;;;;N;ARABIC LETTER SALLALLAHOU ALAYHE WASALLAM;;;;
+FDFB;ARABIC LIGATURE JALLAJALALOUHOU;Lo;0;AL;<isolated> 062C 0644 0020 062C 0644 0627 0644 0647;;;;N;ARABIC LETTER JALLAJALALOUHOU;;;;
+FDFC;RIAL SIGN;Sc;0;AL;<isolated> 0631 06CC 0627 0644;;;;N;;;;;
+FE00;VARIATION SELECTOR-1;Mn;0;NSM;;;;;N;;;;;
+FE01;VARIATION SELECTOR-2;Mn;0;NSM;;;;;N;;;;;
+FE02;VARIATION SELECTOR-3;Mn;0;NSM;;;;;N;;;;;
+FE03;VARIATION SELECTOR-4;Mn;0;NSM;;;;;N;;;;;
+FE04;VARIATION SELECTOR-5;Mn;0;NSM;;;;;N;;;;;
+FE05;VARIATION SELECTOR-6;Mn;0;NSM;;;;;N;;;;;
+FE06;VARIATION SELECTOR-7;Mn;0;NSM;;;;;N;;;;;
+FE07;VARIATION SELECTOR-8;Mn;0;NSM;;;;;N;;;;;
+FE08;VARIATION SELECTOR-9;Mn;0;NSM;;;;;N;;;;;
+FE09;VARIATION SELECTOR-10;Mn;0;NSM;;;;;N;;;;;
+FE0A;VARIATION SELECTOR-11;Mn;0;NSM;;;;;N;;;;;
+FE0B;VARIATION SELECTOR-12;Mn;0;NSM;;;;;N;;;;;
+FE0C;VARIATION SELECTOR-13;Mn;0;NSM;;;;;N;;;;;
+FE0D;VARIATION SELECTOR-14;Mn;0;NSM;;;;;N;;;;;
+FE0E;VARIATION SELECTOR-15;Mn;0;NSM;;;;;N;;;;;
+FE0F;VARIATION SELECTOR-16;Mn;0;NSM;;;;;N;;;;;
+FE20;COMBINING LIGATURE LEFT HALF;Mn;230;NSM;;;;;N;;;;;
+FE21;COMBINING LIGATURE RIGHT HALF;Mn;230;NSM;;;;;N;;;;;
+FE22;COMBINING DOUBLE TILDE LEFT HALF;Mn;230;NSM;;;;;N;;;;;
+FE23;COMBINING DOUBLE TILDE RIGHT HALF;Mn;230;NSM;;;;;N;;;;;
+FE30;PRESENTATION FORM FOR VERTICAL TWO DOT LEADER;Po;0;ON;<vertical> 2025;;;;N;GLYPH FOR VERTICAL TWO DOT LEADER;;;;
+FE31;PRESENTATION FORM FOR VERTICAL EM DASH;Pd;0;ON;<vertical> 2014;;;;N;GLYPH FOR VERTICAL EM DASH;;;;
+FE32;PRESENTATION FORM FOR VERTICAL EN DASH;Pd;0;ON;<vertical> 2013;;;;N;GLYPH FOR VERTICAL EN DASH;;;;
+FE33;PRESENTATION FORM FOR VERTICAL LOW LINE;Pc;0;ON;<vertical> 005F;;;;N;GLYPH FOR VERTICAL SPACING UNDERSCORE;;;;
+FE34;PRESENTATION FORM FOR VERTICAL WAVY LOW LINE;Pc;0;ON;<vertical> 005F;;;;N;GLYPH FOR VERTICAL SPACING WAVY UNDERSCORE;;;;
+FE35;PRESENTATION FORM FOR VERTICAL LEFT PARENTHESIS;Ps;0;ON;<vertical> 0028;;;;N;GLYPH FOR VERTICAL OPENING PARENTHESIS;;;;
+FE36;PRESENTATION FORM FOR VERTICAL RIGHT PARENTHESIS;Pe;0;ON;<vertical> 0029;;;;N;GLYPH FOR VERTICAL CLOSING PARENTHESIS;;;;
+FE37;PRESENTATION FORM FOR VERTICAL LEFT CURLY BRACKET;Ps;0;ON;<vertical> 007B;;;;N;GLYPH FOR VERTICAL OPENING CURLY BRACKET;;;;
+FE38;PRESENTATION FORM FOR VERTICAL RIGHT CURLY BRACKET;Pe;0;ON;<vertical> 007D;;;;N;GLYPH FOR VERTICAL CLOSING CURLY BRACKET;;;;
+FE39;PRESENTATION FORM FOR VERTICAL LEFT TORTOISE SHELL BRACKET;Ps;0;ON;<vertical> 3014;;;;N;GLYPH FOR VERTICAL OPENING TORTOISE SHELL BRACKET;;;;
+FE3A;PRESENTATION FORM FOR VERTICAL RIGHT TORTOISE SHELL BRACKET;Pe;0;ON;<vertical> 3015;;;;N;GLYPH FOR VERTICAL CLOSING TORTOISE SHELL BRACKET;;;;
+FE3B;PRESENTATION FORM FOR VERTICAL LEFT BLACK LENTICULAR BRACKET;Ps;0;ON;<vertical> 3010;;;;N;GLYPH FOR VERTICAL OPENING BLACK LENTICULAR BRACKET;;;;
+FE3C;PRESENTATION FORM FOR VERTICAL RIGHT BLACK LENTICULAR BRACKET;Pe;0;ON;<vertical> 3011;;;;N;GLYPH FOR VERTICAL CLOSING BLACK LENTICULAR BRACKET;;;;
+FE3D;PRESENTATION FORM FOR VERTICAL LEFT DOUBLE ANGLE BRACKET;Ps;0;ON;<vertical> 300A;;;;N;GLYPH FOR VERTICAL OPENING DOUBLE ANGLE BRACKET;;;;
+FE3E;PRESENTATION FORM FOR VERTICAL RIGHT DOUBLE ANGLE BRACKET;Pe;0;ON;<vertical> 300B;;;;N;GLYPH FOR VERTICAL CLOSING DOUBLE ANGLE BRACKET;;;;
+FE3F;PRESENTATION FORM FOR VERTICAL LEFT ANGLE BRACKET;Ps;0;ON;<vertical> 3008;;;;N;GLYPH FOR VERTICAL OPENING ANGLE BRACKET;;;;
+FE40;PRESENTATION FORM FOR VERTICAL RIGHT ANGLE BRACKET;Pe;0;ON;<vertical> 3009;;;;N;GLYPH FOR VERTICAL CLOSING ANGLE BRACKET;;;;
+FE41;PRESENTATION FORM FOR VERTICAL LEFT CORNER BRACKET;Ps;0;ON;<vertical> 300C;;;;N;GLYPH FOR VERTICAL OPENING CORNER BRACKET;;;;
+FE42;PRESENTATION FORM FOR VERTICAL RIGHT CORNER BRACKET;Pe;0;ON;<vertical> 300D;;;;N;GLYPH FOR VERTICAL CLOSING CORNER BRACKET;;;;
+FE43;PRESENTATION FORM FOR VERTICAL LEFT WHITE CORNER BRACKET;Ps;0;ON;<vertical> 300E;;;;N;GLYPH FOR VERTICAL OPENING WHITE CORNER BRACKET;;;;
+FE44;PRESENTATION FORM FOR VERTICAL RIGHT WHITE CORNER BRACKET;Pe;0;ON;<vertical> 300F;;;;N;GLYPH FOR VERTICAL CLOSING WHITE CORNER BRACKET;;;;
+FE45;SESAME DOT;Po;0;ON;;;;;N;;;;;
+FE46;WHITE SESAME DOT;Po;0;ON;;;;;N;;;;;
+FE49;DASHED OVERLINE;Po;0;ON;<compat> 203E;;;;N;SPACING DASHED OVERSCORE;;;;
+FE4A;CENTRELINE OVERLINE;Po;0;ON;<compat> 203E;;;;N;SPACING CENTERLINE OVERSCORE;;;;
+FE4B;WAVY OVERLINE;Po;0;ON;<compat> 203E;;;;N;SPACING WAVY OVERSCORE;;;;
+FE4C;DOUBLE WAVY OVERLINE;Po;0;ON;<compat> 203E;;;;N;SPACING DOUBLE WAVY OVERSCORE;;;;
+FE4D;DASHED LOW LINE;Pc;0;ON;<compat> 005F;;;;N;SPACING DASHED UNDERSCORE;;;;
+FE4E;CENTRELINE LOW LINE;Pc;0;ON;<compat> 005F;;;;N;SPACING CENTERLINE UNDERSCORE;;;;
+FE4F;WAVY LOW LINE;Pc;0;ON;<compat> 005F;;;;N;SPACING WAVY UNDERSCORE;;;;
+FE50;SMALL COMMA;Po;0;CS;<small> 002C;;;;N;;;;;
+FE51;SMALL IDEOGRAPHIC COMMA;Po;0;ON;<small> 3001;;;;N;;;;;
+FE52;SMALL FULL STOP;Po;0;CS;<small> 002E;;;;N;SMALL PERIOD;;;;
+FE54;SMALL SEMICOLON;Po;0;ON;<small> 003B;;;;N;;;;;
+FE55;SMALL COLON;Po;0;CS;<small> 003A;;;;N;;;;;
+FE56;SMALL QUESTION MARK;Po;0;ON;<small> 003F;;;;N;;;;;
+FE57;SMALL EXCLAMATION MARK;Po;0;ON;<small> 0021;;;;N;;;;;
+FE58;SMALL EM DASH;Pd;0;ON;<small> 2014;;;;N;;;;;
+FE59;SMALL LEFT PARENTHESIS;Ps;0;ON;<small> 0028;;;;N;SMALL OPENING PARENTHESIS;;;;
+FE5A;SMALL RIGHT PARENTHESIS;Pe;0;ON;<small> 0029;;;;N;SMALL CLOSING PARENTHESIS;;;;
+FE5B;SMALL LEFT CURLY BRACKET;Ps;0;ON;<small> 007B;;;;N;SMALL OPENING CURLY BRACKET;;;;
+FE5C;SMALL RIGHT CURLY BRACKET;Pe;0;ON;<small> 007D;;;;N;SMALL CLOSING CURLY BRACKET;;;;
+FE5D;SMALL LEFT TORTOISE SHELL BRACKET;Ps;0;ON;<small> 3014;;;;N;SMALL OPENING TORTOISE SHELL BRACKET;;;;
+FE5E;SMALL RIGHT TORTOISE SHELL BRACKET;Pe;0;ON;<small> 3015;;;;N;SMALL CLOSING TORTOISE SHELL BRACKET;;;;
+FE5F;SMALL NUMBER SIGN;Po;0;ET;<small> 0023;;;;N;;;;;
+FE60;SMALL AMPERSAND;Po;0;ON;<small> 0026;;;;N;;;;;
+FE61;SMALL ASTERISK;Po;0;ON;<small> 002A;;;;N;;;;;
+FE62;SMALL PLUS SIGN;Sm;0;ET;<small> 002B;;;;N;;;;;
+FE63;SMALL HYPHEN-MINUS;Pd;0;ET;<small> 002D;;;;N;;;;;
+FE64;SMALL LESS-THAN SIGN;Sm;0;ON;<small> 003C;;;;N;;;;;
+FE65;SMALL GREATER-THAN SIGN;Sm;0;ON;<small> 003E;;;;N;;;;;
+FE66;SMALL EQUALS SIGN;Sm;0;ON;<small> 003D;;;;N;;;;;
+FE68;SMALL REVERSE SOLIDUS;Po;0;ON;<small> 005C;;;;N;SMALL BACKSLASH;;;;
+FE69;SMALL DOLLAR SIGN;Sc;0;ET;<small> 0024;;;;N;;;;;
+FE6A;SMALL PERCENT SIGN;Po;0;ET;<small> 0025;;;;N;;;;;
+FE6B;SMALL COMMERCIAL AT;Po;0;ON;<small> 0040;;;;N;;;;;
+FE70;ARABIC FATHATAN ISOLATED FORM;Lo;0;AL;<isolated> 0020 064B;;;;N;ARABIC SPACING FATHATAN;;;;
+FE71;ARABIC TATWEEL WITH FATHATAN ABOVE;Lo;0;AL;<medial> 0640 064B;;;;N;ARABIC FATHATAN ON TATWEEL;;;;
+FE72;ARABIC DAMMATAN ISOLATED FORM;Lo;0;AL;<isolated> 0020 064C;;;;N;ARABIC SPACING DAMMATAN;;;;
+FE73;ARABIC TAIL FRAGMENT;Lo;0;AL;;;;;N;;;;;
+FE74;ARABIC KASRATAN ISOLATED FORM;Lo;0;AL;<isolated> 0020 064D;;;;N;ARABIC SPACING KASRATAN;;;;
+FE76;ARABIC FATHA ISOLATED FORM;Lo;0;AL;<isolated> 0020 064E;;;;N;ARABIC SPACING FATHAH;;;;
+FE77;ARABIC FATHA MEDIAL FORM;Lo;0;AL;<medial> 0640 064E;;;;N;ARABIC FATHAH ON TATWEEL;;;;
+FE78;ARABIC DAMMA ISOLATED FORM;Lo;0;AL;<isolated> 0020 064F;;;;N;ARABIC SPACING DAMMAH;;;;
+FE79;ARABIC DAMMA MEDIAL FORM;Lo;0;AL;<medial> 0640 064F;;;;N;ARABIC DAMMAH ON TATWEEL;;;;
+FE7A;ARABIC KASRA ISOLATED FORM;Lo;0;AL;<isolated> 0020 0650;;;;N;ARABIC SPACING KASRAH;;;;
+FE7B;ARABIC KASRA MEDIAL FORM;Lo;0;AL;<medial> 0640 0650;;;;N;ARABIC KASRAH ON TATWEEL;;;;
+FE7C;ARABIC SHADDA ISOLATED FORM;Lo;0;AL;<isolated> 0020 0651;;;;N;ARABIC SPACING SHADDAH;;;;
+FE7D;ARABIC SHADDA MEDIAL FORM;Lo;0;AL;<medial> 0640 0651;;;;N;ARABIC SHADDAH ON TATWEEL;;;;
+FE7E;ARABIC SUKUN ISOLATED FORM;Lo;0;AL;<isolated> 0020 0652;;;;N;ARABIC SPACING SUKUN;;;;
+FE7F;ARABIC SUKUN MEDIAL FORM;Lo;0;AL;<medial> 0640 0652;;;;N;ARABIC SUKUN ON TATWEEL;;;;
+FE80;ARABIC LETTER HAMZA ISOLATED FORM;Lo;0;AL;<isolated> 0621;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH;;;;
+FE81;ARABIC LETTER ALEF WITH MADDA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 0622;;;;N;GLYPH FOR ISOLATE ARABIC MADDAH ON ALEF;;;;
+FE82;ARABIC LETTER ALEF WITH MADDA ABOVE FINAL FORM;Lo;0;AL;<final> 0622;;;;N;GLYPH FOR FINAL ARABIC MADDAH ON ALEF;;;;
+FE83;ARABIC LETTER ALEF WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 0623;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON ALEF;;;;
+FE84;ARABIC LETTER ALEF WITH HAMZA ABOVE FINAL FORM;Lo;0;AL;<final> 0623;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON ALEF;;;;
+FE85;ARABIC LETTER WAW WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 0624;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON WAW;;;;
+FE86;ARABIC LETTER WAW WITH HAMZA ABOVE FINAL FORM;Lo;0;AL;<final> 0624;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON WAW;;;;
+FE87;ARABIC LETTER ALEF WITH HAMZA BELOW ISOLATED FORM;Lo;0;AL;<isolated> 0625;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH UNDER ALEF;;;;
+FE88;ARABIC LETTER ALEF WITH HAMZA BELOW FINAL FORM;Lo;0;AL;<final> 0625;;;;N;GLYPH FOR FINAL ARABIC HAMZAH UNDER ALEF;;;;
+FE89;ARABIC LETTER YEH WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 0626;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON YA;;;;
+FE8A;ARABIC LETTER YEH WITH HAMZA ABOVE FINAL FORM;Lo;0;AL;<final> 0626;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON YA;;;;
+FE8B;ARABIC LETTER YEH WITH HAMZA ABOVE INITIAL FORM;Lo;0;AL;<initial> 0626;;;;N;GLYPH FOR INITIAL ARABIC HAMZAH ON YA;;;;
+FE8C;ARABIC LETTER YEH WITH HAMZA ABOVE MEDIAL FORM;Lo;0;AL;<medial> 0626;;;;N;GLYPH FOR MEDIAL ARABIC HAMZAH ON YA;;;;
+FE8D;ARABIC LETTER ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0627;;;;N;GLYPH FOR ISOLATE ARABIC ALEF;;;;
+FE8E;ARABIC LETTER ALEF FINAL FORM;Lo;0;AL;<final> 0627;;;;N;GLYPH FOR FINAL ARABIC ALEF;;;;
+FE8F;ARABIC LETTER BEH ISOLATED FORM;Lo;0;AL;<isolated> 0628;;;;N;GLYPH FOR ISOLATE ARABIC BAA;;;;
+FE90;ARABIC LETTER BEH FINAL FORM;Lo;0;AL;<final> 0628;;;;N;GLYPH FOR FINAL ARABIC BAA;;;;
+FE91;ARABIC LETTER BEH INITIAL FORM;Lo;0;AL;<initial> 0628;;;;N;GLYPH FOR INITIAL ARABIC BAA;;;;
+FE92;ARABIC LETTER BEH MEDIAL FORM;Lo;0;AL;<medial> 0628;;;;N;GLYPH FOR MEDIAL ARABIC BAA;;;;
+FE93;ARABIC LETTER TEH MARBUTA ISOLATED FORM;Lo;0;AL;<isolated> 0629;;;;N;GLYPH FOR ISOLATE ARABIC TAA MARBUTAH;;;;
+FE94;ARABIC LETTER TEH MARBUTA FINAL FORM;Lo;0;AL;<final> 0629;;;;N;GLYPH FOR FINAL ARABIC TAA MARBUTAH;;;;
+FE95;ARABIC LETTER TEH ISOLATED FORM;Lo;0;AL;<isolated> 062A;;;;N;GLYPH FOR ISOLATE ARABIC TAA;;;;
+FE96;ARABIC LETTER TEH FINAL FORM;Lo;0;AL;<final> 062A;;;;N;GLYPH FOR FINAL ARABIC TAA;;;;
+FE97;ARABIC LETTER TEH INITIAL FORM;Lo;0;AL;<initial> 062A;;;;N;GLYPH FOR INITIAL ARABIC TAA;;;;
+FE98;ARABIC LETTER TEH MEDIAL FORM;Lo;0;AL;<medial> 062A;;;;N;GLYPH FOR MEDIAL ARABIC TAA;;;;
+FE99;ARABIC LETTER THEH ISOLATED FORM;Lo;0;AL;<isolated> 062B;;;;N;GLYPH FOR ISOLATE ARABIC THAA;;;;
+FE9A;ARABIC LETTER THEH FINAL FORM;Lo;0;AL;<final> 062B;;;;N;GLYPH FOR FINAL ARABIC THAA;;;;
+FE9B;ARABIC LETTER THEH INITIAL FORM;Lo;0;AL;<initial> 062B;;;;N;GLYPH FOR INITIAL ARABIC THAA;;;;
+FE9C;ARABIC LETTER THEH MEDIAL FORM;Lo;0;AL;<medial> 062B;;;;N;GLYPH FOR MEDIAL ARABIC THAA;;;;
+FE9D;ARABIC LETTER JEEM ISOLATED FORM;Lo;0;AL;<isolated> 062C;;;;N;GLYPH FOR ISOLATE ARABIC JEEM;;;;
+FE9E;ARABIC LETTER JEEM FINAL FORM;Lo;0;AL;<final> 062C;;;;N;GLYPH FOR FINAL ARABIC JEEM;;;;
+FE9F;ARABIC LETTER JEEM INITIAL FORM;Lo;0;AL;<initial> 062C;;;;N;GLYPH FOR INITIAL ARABIC JEEM;;;;
+FEA0;ARABIC LETTER JEEM MEDIAL FORM;Lo;0;AL;<medial> 062C;;;;N;GLYPH FOR MEDIAL ARABIC JEEM;;;;
+FEA1;ARABIC LETTER HAH ISOLATED FORM;Lo;0;AL;<isolated> 062D;;;;N;GLYPH FOR ISOLATE ARABIC HAA;;;;
+FEA2;ARABIC LETTER HAH FINAL FORM;Lo;0;AL;<final> 062D;;;;N;GLYPH FOR FINAL ARABIC HAA;;;;
+FEA3;ARABIC LETTER HAH INITIAL FORM;Lo;0;AL;<initial> 062D;;;;N;GLYPH FOR INITIAL ARABIC HAA;;;;
+FEA4;ARABIC LETTER HAH MEDIAL FORM;Lo;0;AL;<medial> 062D;;;;N;GLYPH FOR MEDIAL ARABIC HAA;;;;
+FEA5;ARABIC LETTER KHAH ISOLATED FORM;Lo;0;AL;<isolated> 062E;;;;N;GLYPH FOR ISOLATE ARABIC KHAA;;;;
+FEA6;ARABIC LETTER KHAH FINAL FORM;Lo;0;AL;<final> 062E;;;;N;GLYPH FOR FINAL ARABIC KHAA;;;;
+FEA7;ARABIC LETTER KHAH INITIAL FORM;Lo;0;AL;<initial> 062E;;;;N;GLYPH FOR INITIAL ARABIC KHAA;;;;
+FEA8;ARABIC LETTER KHAH MEDIAL FORM;Lo;0;AL;<medial> 062E;;;;N;GLYPH FOR MEDIAL ARABIC KHAA;;;;
+FEA9;ARABIC LETTER DAL ISOLATED FORM;Lo;0;AL;<isolated> 062F;;;;N;GLYPH FOR ISOLATE ARABIC DAL;;;;
+FEAA;ARABIC LETTER DAL FINAL FORM;Lo;0;AL;<final> 062F;;;;N;GLYPH FOR FINAL ARABIC DAL;;;;
+FEAB;ARABIC LETTER THAL ISOLATED FORM;Lo;0;AL;<isolated> 0630;;;;N;GLYPH FOR ISOLATE ARABIC THAL;;;;
+FEAC;ARABIC LETTER THAL FINAL FORM;Lo;0;AL;<final> 0630;;;;N;GLYPH FOR FINAL ARABIC THAL;;;;
+FEAD;ARABIC LETTER REH ISOLATED FORM;Lo;0;AL;<isolated> 0631;;;;N;GLYPH FOR ISOLATE ARABIC RA;;;;
+FEAE;ARABIC LETTER REH FINAL FORM;Lo;0;AL;<final> 0631;;;;N;GLYPH FOR FINAL ARABIC RA;;;;
+FEAF;ARABIC LETTER ZAIN ISOLATED FORM;Lo;0;AL;<isolated> 0632;;;;N;GLYPH FOR ISOLATE ARABIC ZAIN;;;;
+FEB0;ARABIC LETTER ZAIN FINAL FORM;Lo;0;AL;<final> 0632;;;;N;GLYPH FOR FINAL ARABIC ZAIN;;;;
+FEB1;ARABIC LETTER SEEN ISOLATED FORM;Lo;0;AL;<isolated> 0633;;;;N;GLYPH FOR ISOLATE ARABIC SEEN;;;;
+FEB2;ARABIC LETTER SEEN FINAL FORM;Lo;0;AL;<final> 0633;;;;N;GLYPH FOR FINAL ARABIC SEEN;;;;
+FEB3;ARABIC LETTER SEEN INITIAL FORM;Lo;0;AL;<initial> 0633;;;;N;GLYPH FOR INITIAL ARABIC SEEN;;;;
+FEB4;ARABIC LETTER SEEN MEDIAL FORM;Lo;0;AL;<medial> 0633;;;;N;GLYPH FOR MEDIAL ARABIC SEEN;;;;
+FEB5;ARABIC LETTER SHEEN ISOLATED FORM;Lo;0;AL;<isolated> 0634;;;;N;GLYPH FOR ISOLATE ARABIC SHEEN;;;;
+FEB6;ARABIC LETTER SHEEN FINAL FORM;Lo;0;AL;<final> 0634;;;;N;GLYPH FOR FINAL ARABIC SHEEN;;;;
+FEB7;ARABIC LETTER SHEEN INITIAL FORM;Lo;0;AL;<initial> 0634;;;;N;GLYPH FOR INITIAL ARABIC SHEEN;;;;
+FEB8;ARABIC LETTER SHEEN MEDIAL FORM;Lo;0;AL;<medial> 0634;;;;N;GLYPH FOR MEDIAL ARABIC SHEEN;;;;
+FEB9;ARABIC LETTER SAD ISOLATED FORM;Lo;0;AL;<isolated> 0635;;;;N;GLYPH FOR ISOLATE ARABIC SAD;;;;
+FEBA;ARABIC LETTER SAD FINAL FORM;Lo;0;AL;<final> 0635;;;;N;GLYPH FOR FINAL ARABIC SAD;;;;
+FEBB;ARABIC LETTER SAD INITIAL FORM;Lo;0;AL;<initial> 0635;;;;N;GLYPH FOR INITIAL ARABIC SAD;;;;
+FEBC;ARABIC LETTER SAD MEDIAL FORM;Lo;0;AL;<medial> 0635;;;;N;GLYPH FOR MEDIAL ARABIC SAD;;;;
+FEBD;ARABIC LETTER DAD ISOLATED FORM;Lo;0;AL;<isolated> 0636;;;;N;GLYPH FOR ISOLATE ARABIC DAD;;;;
+FEBE;ARABIC LETTER DAD FINAL FORM;Lo;0;AL;<final> 0636;;;;N;GLYPH FOR FINAL ARABIC DAD;;;;
+FEBF;ARABIC LETTER DAD INITIAL FORM;Lo;0;AL;<initial> 0636;;;;N;GLYPH FOR INITIAL ARABIC DAD;;;;
+FEC0;ARABIC LETTER DAD MEDIAL FORM;Lo;0;AL;<medial> 0636;;;;N;GLYPH FOR MEDIAL ARABIC DAD;;;;
+FEC1;ARABIC LETTER TAH ISOLATED FORM;Lo;0;AL;<isolated> 0637;;;;N;GLYPH FOR ISOLATE ARABIC TAH;;;;
+FEC2;ARABIC LETTER TAH FINAL FORM;Lo;0;AL;<final> 0637;;;;N;GLYPH FOR FINAL ARABIC TAH;;;;
+FEC3;ARABIC LETTER TAH INITIAL FORM;Lo;0;AL;<initial> 0637;;;;N;GLYPH FOR INITIAL ARABIC TAH;;;;
+FEC4;ARABIC LETTER TAH MEDIAL FORM;Lo;0;AL;<medial> 0637;;;;N;GLYPH FOR MEDIAL ARABIC TAH;;;;
+FEC5;ARABIC LETTER ZAH ISOLATED FORM;Lo;0;AL;<isolated> 0638;;;;N;GLYPH FOR ISOLATE ARABIC DHAH;;;;
+FEC6;ARABIC LETTER ZAH FINAL FORM;Lo;0;AL;<final> 0638;;;;N;GLYPH FOR FINAL ARABIC DHAH;;;;
+FEC7;ARABIC LETTER ZAH INITIAL FORM;Lo;0;AL;<initial> 0638;;;;N;GLYPH FOR INITIAL ARABIC DHAH;;;;
+FEC8;ARABIC LETTER ZAH MEDIAL FORM;Lo;0;AL;<medial> 0638;;;;N;GLYPH FOR MEDIAL ARABIC DHAH;;;;
+FEC9;ARABIC LETTER AIN ISOLATED FORM;Lo;0;AL;<isolated> 0639;;;;N;GLYPH FOR ISOLATE ARABIC AIN;;;;
+FECA;ARABIC LETTER AIN FINAL FORM;Lo;0;AL;<final> 0639;;;;N;GLYPH FOR FINAL ARABIC AIN;;;;
+FECB;ARABIC LETTER AIN INITIAL FORM;Lo;0;AL;<initial> 0639;;;;N;GLYPH FOR INITIAL ARABIC AIN;;;;
+FECC;ARABIC LETTER AIN MEDIAL FORM;Lo;0;AL;<medial> 0639;;;;N;GLYPH FOR MEDIAL ARABIC AIN;;;;
+FECD;ARABIC LETTER GHAIN ISOLATED FORM;Lo;0;AL;<isolated> 063A;;;;N;GLYPH FOR ISOLATE ARABIC GHAIN;;;;
+FECE;ARABIC LETTER GHAIN FINAL FORM;Lo;0;AL;<final> 063A;;;;N;GLYPH FOR FINAL ARABIC GHAIN;;;;
+FECF;ARABIC LETTER GHAIN INITIAL FORM;Lo;0;AL;<initial> 063A;;;;N;GLYPH FOR INITIAL ARABIC GHAIN;;;;
+FED0;ARABIC LETTER GHAIN MEDIAL FORM;Lo;0;AL;<medial> 063A;;;;N;GLYPH FOR MEDIAL ARABIC GHAIN;;;;
+FED1;ARABIC LETTER FEH ISOLATED FORM;Lo;0;AL;<isolated> 0641;;;;N;GLYPH FOR ISOLATE ARABIC FA;;;;
+FED2;ARABIC LETTER FEH FINAL FORM;Lo;0;AL;<final> 0641;;;;N;GLYPH FOR FINAL ARABIC FA;;;;
+FED3;ARABIC LETTER FEH INITIAL FORM;Lo;0;AL;<initial> 0641;;;;N;GLYPH FOR INITIAL ARABIC FA;;;;
+FED4;ARABIC LETTER FEH MEDIAL FORM;Lo;0;AL;<medial> 0641;;;;N;GLYPH FOR MEDIAL ARABIC FA;;;;
+FED5;ARABIC LETTER QAF ISOLATED FORM;Lo;0;AL;<isolated> 0642;;;;N;GLYPH FOR ISOLATE ARABIC QAF;;;;
+FED6;ARABIC LETTER QAF FINAL FORM;Lo;0;AL;<final> 0642;;;;N;GLYPH FOR FINAL ARABIC QAF;;;;
+FED7;ARABIC LETTER QAF INITIAL FORM;Lo;0;AL;<initial> 0642;;;;N;GLYPH FOR INITIAL ARABIC QAF;;;;
+FED8;ARABIC LETTER QAF MEDIAL FORM;Lo;0;AL;<medial> 0642;;;;N;GLYPH FOR MEDIAL ARABIC QAF;;;;
+FED9;ARABIC LETTER KAF ISOLATED FORM;Lo;0;AL;<isolated> 0643;;;;N;GLYPH FOR ISOLATE ARABIC CAF;;;;
+FEDA;ARABIC LETTER KAF FINAL FORM;Lo;0;AL;<final> 0643;;;;N;GLYPH FOR FINAL ARABIC CAF;;;;
+FEDB;ARABIC LETTER KAF INITIAL FORM;Lo;0;AL;<initial> 0643;;;;N;GLYPH FOR INITIAL ARABIC CAF;;;;
+FEDC;ARABIC LETTER KAF MEDIAL FORM;Lo;0;AL;<medial> 0643;;;;N;GLYPH FOR MEDIAL ARABIC CAF;;;;
+FEDD;ARABIC LETTER LAM ISOLATED FORM;Lo;0;AL;<isolated> 0644;;;;N;GLYPH FOR ISOLATE ARABIC LAM;;;;
+FEDE;ARABIC LETTER LAM FINAL FORM;Lo;0;AL;<final> 0644;;;;N;GLYPH FOR FINAL ARABIC LAM;;;;
+FEDF;ARABIC LETTER LAM INITIAL FORM;Lo;0;AL;<initial> 0644;;;;N;GLYPH FOR INITIAL ARABIC LAM;;;;
+FEE0;ARABIC LETTER LAM MEDIAL FORM;Lo;0;AL;<medial> 0644;;;;N;GLYPH FOR MEDIAL ARABIC LAM;;;;
+FEE1;ARABIC LETTER MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0645;;;;N;GLYPH FOR ISOLATE ARABIC MEEM;;;;
+FEE2;ARABIC LETTER MEEM FINAL FORM;Lo;0;AL;<final> 0645;;;;N;GLYPH FOR FINAL ARABIC MEEM;;;;
+FEE3;ARABIC LETTER MEEM INITIAL FORM;Lo;0;AL;<initial> 0645;;;;N;GLYPH FOR INITIAL ARABIC MEEM;;;;
+FEE4;ARABIC LETTER MEEM MEDIAL FORM;Lo;0;AL;<medial> 0645;;;;N;GLYPH FOR MEDIAL ARABIC MEEM;;;;
+FEE5;ARABIC LETTER NOON ISOLATED FORM;Lo;0;AL;<isolated> 0646;;;;N;GLYPH FOR ISOLATE ARABIC NOON;;;;
+FEE6;ARABIC LETTER NOON FINAL FORM;Lo;0;AL;<final> 0646;;;;N;GLYPH FOR FINAL ARABIC NOON;;;;
+FEE7;ARABIC LETTER NOON INITIAL FORM;Lo;0;AL;<initial> 0646;;;;N;GLYPH FOR INITIAL ARABIC NOON;;;;
+FEE8;ARABIC LETTER NOON MEDIAL FORM;Lo;0;AL;<medial> 0646;;;;N;GLYPH FOR MEDIAL ARABIC NOON;;;;
+FEE9;ARABIC LETTER HEH ISOLATED FORM;Lo;0;AL;<isolated> 0647;;;;N;GLYPH FOR ISOLATE ARABIC HA;;;;
+FEEA;ARABIC LETTER HEH FINAL FORM;Lo;0;AL;<final> 0647;;;;N;GLYPH FOR FINAL ARABIC HA;;;;
+FEEB;ARABIC LETTER HEH INITIAL FORM;Lo;0;AL;<initial> 0647;;;;N;GLYPH FOR INITIAL ARABIC HA;;;;
+FEEC;ARABIC LETTER HEH MEDIAL FORM;Lo;0;AL;<medial> 0647;;;;N;GLYPH FOR MEDIAL ARABIC HA;;;;
+FEED;ARABIC LETTER WAW ISOLATED FORM;Lo;0;AL;<isolated> 0648;;;;N;GLYPH FOR ISOLATE ARABIC WAW;;;;
+FEEE;ARABIC LETTER WAW FINAL FORM;Lo;0;AL;<final> 0648;;;;N;GLYPH FOR FINAL ARABIC WAW;;;;
+FEEF;ARABIC LETTER ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0649;;;;N;GLYPH FOR ISOLATE ARABIC ALEF MAQSURAH;;;;
+FEF0;ARABIC LETTER ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0649;;;;N;GLYPH FOR FINAL ARABIC ALEF MAQSURAH;;;;
+FEF1;ARABIC LETTER YEH ISOLATED FORM;Lo;0;AL;<isolated> 064A;;;;N;GLYPH FOR ISOLATE ARABIC YA;;;;
+FEF2;ARABIC LETTER YEH FINAL FORM;Lo;0;AL;<final> 064A;;;;N;GLYPH FOR FINAL ARABIC YA;;;;
+FEF3;ARABIC LETTER YEH INITIAL FORM;Lo;0;AL;<initial> 064A;;;;N;GLYPH FOR INITIAL ARABIC YA;;;;
+FEF4;ARABIC LETTER YEH MEDIAL FORM;Lo;0;AL;<medial> 064A;;;;N;GLYPH FOR MEDIAL ARABIC YA;;;;
+FEF5;ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 0644 0622;;;;N;GLYPH FOR ISOLATE ARABIC MADDAH ON LIGATURE LAM ALEF;;;;
+FEF6;ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE FINAL FORM;Lo;0;AL;<final> 0644 0622;;;;N;GLYPH FOR FINAL ARABIC MADDAH ON LIGATURE LAM ALEF;;;;
+FEF7;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 0644 0623;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON LIGATURE LAM ALEF;;;;
+FEF8;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA ABOVE FINAL FORM;Lo;0;AL;<final> 0644 0623;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON LIGATURE LAM ALEF;;;;
+FEF9;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA BELOW ISOLATED FORM;Lo;0;AL;<isolated> 0644 0625;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH UNDER LIGATURE LAM ALEF;;;;
+FEFA;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA BELOW FINAL FORM;Lo;0;AL;<final> 0644 0625;;;;N;GLYPH FOR FINAL ARABIC HAMZAH UNDER LIGATURE LAM ALEF;;;;
+FEFB;ARABIC LIGATURE LAM WITH ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0644 0627;;;;N;GLYPH FOR ISOLATE ARABIC LIGATURE LAM ALEF;;;;
+FEFC;ARABIC LIGATURE LAM WITH ALEF FINAL FORM;Lo;0;AL;<final> 0644 0627;;;;N;GLYPH FOR FINAL ARABIC LIGATURE LAM ALEF;;;;
+FEFF;ZERO WIDTH NO-BREAK SPACE;Cf;0;BN;;;;;N;BYTE ORDER MARK;;;;
+FF01;FULLWIDTH EXCLAMATION MARK;Po;0;ON;<wide> 0021;;;;N;;;;;
+FF02;FULLWIDTH QUOTATION MARK;Po;0;ON;<wide> 0022;;;;N;;;;;
+FF03;FULLWIDTH NUMBER SIGN;Po;0;ET;<wide> 0023;;;;N;;;;;
+FF04;FULLWIDTH DOLLAR SIGN;Sc;0;ET;<wide> 0024;;;;N;;;;;
+FF05;FULLWIDTH PERCENT SIGN;Po;0;ET;<wide> 0025;;;;N;;;;;
+FF06;FULLWIDTH AMPERSAND;Po;0;ON;<wide> 0026;;;;N;;;;;
+FF07;FULLWIDTH APOSTROPHE;Po;0;ON;<wide> 0027;;;;N;;;;;
+FF08;FULLWIDTH LEFT PARENTHESIS;Ps;0;ON;<wide> 0028;;;;Y;FULLWIDTH OPENING PARENTHESIS;;;;
+FF09;FULLWIDTH RIGHT PARENTHESIS;Pe;0;ON;<wide> 0029;;;;Y;FULLWIDTH CLOSING PARENTHESIS;;;;
+FF0A;FULLWIDTH ASTERISK;Po;0;ON;<wide> 002A;;;;N;;;;;
+FF0B;FULLWIDTH PLUS SIGN;Sm;0;ET;<wide> 002B;;;;N;;;;;
+FF0C;FULLWIDTH COMMA;Po;0;CS;<wide> 002C;;;;N;;;;;
+FF0D;FULLWIDTH HYPHEN-MINUS;Pd;0;ET;<wide> 002D;;;;N;;;;;
+FF0E;FULLWIDTH FULL STOP;Po;0;CS;<wide> 002E;;;;N;FULLWIDTH PERIOD;;;;
+FF0F;FULLWIDTH SOLIDUS;Po;0;ES;<wide> 002F;;;;N;FULLWIDTH SLASH;;;;
+FF10;FULLWIDTH DIGIT ZERO;Nd;0;EN;<wide> 0030;0;0;0;N;;;;;
+FF11;FULLWIDTH DIGIT ONE;Nd;0;EN;<wide> 0031;1;1;1;N;;;;;
+FF12;FULLWIDTH DIGIT TWO;Nd;0;EN;<wide> 0032;2;2;2;N;;;;;
+FF13;FULLWIDTH DIGIT THREE;Nd;0;EN;<wide> 0033;3;3;3;N;;;;;
+FF14;FULLWIDTH DIGIT FOUR;Nd;0;EN;<wide> 0034;4;4;4;N;;;;;
+FF15;FULLWIDTH DIGIT FIVE;Nd;0;EN;<wide> 0035;5;5;5;N;;;;;
+FF16;FULLWIDTH DIGIT SIX;Nd;0;EN;<wide> 0036;6;6;6;N;;;;;
+FF17;FULLWIDTH DIGIT SEVEN;Nd;0;EN;<wide> 0037;7;7;7;N;;;;;
+FF18;FULLWIDTH DIGIT EIGHT;Nd;0;EN;<wide> 0038;8;8;8;N;;;;;
+FF19;FULLWIDTH DIGIT NINE;Nd;0;EN;<wide> 0039;9;9;9;N;;;;;
+FF1A;FULLWIDTH COLON;Po;0;CS;<wide> 003A;;;;N;;;;;
+FF1B;FULLWIDTH SEMICOLON;Po;0;ON;<wide> 003B;;;;N;;;;;
+FF1C;FULLWIDTH LESS-THAN SIGN;Sm;0;ON;<wide> 003C;;;;Y;;;;;
+FF1D;FULLWIDTH EQUALS SIGN;Sm;0;ON;<wide> 003D;;;;N;;;;;
+FF1E;FULLWIDTH GREATER-THAN SIGN;Sm;0;ON;<wide> 003E;;;;Y;;;;;
+FF1F;FULLWIDTH QUESTION MARK;Po;0;ON;<wide> 003F;;;;N;;;;;
+FF20;FULLWIDTH COMMERCIAL AT;Po;0;ON;<wide> 0040;;;;N;;;;;
+FF21;FULLWIDTH LATIN CAPITAL LETTER A;Lu;0;L;<wide> 0041;;;;N;;;;FF41;
+FF22;FULLWIDTH LATIN CAPITAL LETTER B;Lu;0;L;<wide> 0042;;;;N;;;;FF42;
+FF23;FULLWIDTH LATIN CAPITAL LETTER C;Lu;0;L;<wide> 0043;;;;N;;;;FF43;
+FF24;FULLWIDTH LATIN CAPITAL LETTER D;Lu;0;L;<wide> 0044;;;;N;;;;FF44;
+FF25;FULLWIDTH LATIN CAPITAL LETTER E;Lu;0;L;<wide> 0045;;;;N;;;;FF45;
+FF26;FULLWIDTH LATIN CAPITAL LETTER F;Lu;0;L;<wide> 0046;;;;N;;;;FF46;
+FF27;FULLWIDTH LATIN CAPITAL LETTER G;Lu;0;L;<wide> 0047;;;;N;;;;FF47;
+FF28;FULLWIDTH LATIN CAPITAL LETTER H;Lu;0;L;<wide> 0048;;;;N;;;;FF48;
+FF29;FULLWIDTH LATIN CAPITAL LETTER I;Lu;0;L;<wide> 0049;;;;N;;;;FF49;
+FF2A;FULLWIDTH LATIN CAPITAL LETTER J;Lu;0;L;<wide> 004A;;;;N;;;;FF4A;
+FF2B;FULLWIDTH LATIN CAPITAL LETTER K;Lu;0;L;<wide> 004B;;;;N;;;;FF4B;
+FF2C;FULLWIDTH LATIN CAPITAL LETTER L;Lu;0;L;<wide> 004C;;;;N;;;;FF4C;
+FF2D;FULLWIDTH LATIN CAPITAL LETTER M;Lu;0;L;<wide> 004D;;;;N;;;;FF4D;
+FF2E;FULLWIDTH LATIN CAPITAL LETTER N;Lu;0;L;<wide> 004E;;;;N;;;;FF4E;
+FF2F;FULLWIDTH LATIN CAPITAL LETTER O;Lu;0;L;<wide> 004F;;;;N;;;;FF4F;
+FF30;FULLWIDTH LATIN CAPITAL LETTER P;Lu;0;L;<wide> 0050;;;;N;;;;FF50;
+FF31;FULLWIDTH LATIN CAPITAL LETTER Q;Lu;0;L;<wide> 0051;;;;N;;;;FF51;
+FF32;FULLWIDTH LATIN CAPITAL LETTER R;Lu;0;L;<wide> 0052;;;;N;;;;FF52;
+FF33;FULLWIDTH LATIN CAPITAL LETTER S;Lu;0;L;<wide> 0053;;;;N;;;;FF53;
+FF34;FULLWIDTH LATIN CAPITAL LETTER T;Lu;0;L;<wide> 0054;;;;N;;;;FF54;
+FF35;FULLWIDTH LATIN CAPITAL LETTER U;Lu;0;L;<wide> 0055;;;;N;;;;FF55;
+FF36;FULLWIDTH LATIN CAPITAL LETTER V;Lu;0;L;<wide> 0056;;;;N;;;;FF56;
+FF37;FULLWIDTH LATIN CAPITAL LETTER W;Lu;0;L;<wide> 0057;;;;N;;;;FF57;
+FF38;FULLWIDTH LATIN CAPITAL LETTER X;Lu;0;L;<wide> 0058;;;;N;;;;FF58;
+FF39;FULLWIDTH LATIN CAPITAL LETTER Y;Lu;0;L;<wide> 0059;;;;N;;;;FF59;
+FF3A;FULLWIDTH LATIN CAPITAL LETTER Z;Lu;0;L;<wide> 005A;;;;N;;;;FF5A;
+FF3B;FULLWIDTH LEFT SQUARE BRACKET;Ps;0;ON;<wide> 005B;;;;Y;FULLWIDTH OPENING SQUARE BRACKET;;;;
+FF3C;FULLWIDTH REVERSE SOLIDUS;Po;0;ON;<wide> 005C;;;;N;FULLWIDTH BACKSLASH;;;;
+FF3D;FULLWIDTH RIGHT SQUARE BRACKET;Pe;0;ON;<wide> 005D;;;;Y;FULLWIDTH CLOSING SQUARE BRACKET;;;;
+FF3E;FULLWIDTH CIRCUMFLEX ACCENT;Sk;0;ON;<wide> 005E;;;;N;FULLWIDTH SPACING CIRCUMFLEX;;;;
+FF3F;FULLWIDTH LOW LINE;Pc;0;ON;<wide> 005F;;;;N;FULLWIDTH SPACING UNDERSCORE;;;;
+FF40;FULLWIDTH GRAVE ACCENT;Sk;0;ON;<wide> 0060;;;;N;FULLWIDTH SPACING GRAVE;;;;
+FF41;FULLWIDTH LATIN SMALL LETTER A;Ll;0;L;<wide> 0061;;;;N;;;FF21;;FF21
+FF42;FULLWIDTH LATIN SMALL LETTER B;Ll;0;L;<wide> 0062;;;;N;;;FF22;;FF22
+FF43;FULLWIDTH LATIN SMALL LETTER C;Ll;0;L;<wide> 0063;;;;N;;;FF23;;FF23
+FF44;FULLWIDTH LATIN SMALL LETTER D;Ll;0;L;<wide> 0064;;;;N;;;FF24;;FF24
+FF45;FULLWIDTH LATIN SMALL LETTER E;Ll;0;L;<wide> 0065;;;;N;;;FF25;;FF25
+FF46;FULLWIDTH LATIN SMALL LETTER F;Ll;0;L;<wide> 0066;;;;N;;;FF26;;FF26
+FF47;FULLWIDTH LATIN SMALL LETTER G;Ll;0;L;<wide> 0067;;;;N;;;FF27;;FF27
+FF48;FULLWIDTH LATIN SMALL LETTER H;Ll;0;L;<wide> 0068;;;;N;;;FF28;;FF28
+FF49;FULLWIDTH LATIN SMALL LETTER I;Ll;0;L;<wide> 0069;;;;N;;;FF29;;FF29
+FF4A;FULLWIDTH LATIN SMALL LETTER J;Ll;0;L;<wide> 006A;;;;N;;;FF2A;;FF2A
+FF4B;FULLWIDTH LATIN SMALL LETTER K;Ll;0;L;<wide> 006B;;;;N;;;FF2B;;FF2B
+FF4C;FULLWIDTH LATIN SMALL LETTER L;Ll;0;L;<wide> 006C;;;;N;;;FF2C;;FF2C
+FF4D;FULLWIDTH LATIN SMALL LETTER M;Ll;0;L;<wide> 006D;;;;N;;;FF2D;;FF2D
+FF4E;FULLWIDTH LATIN SMALL LETTER N;Ll;0;L;<wide> 006E;;;;N;;;FF2E;;FF2E
+FF4F;FULLWIDTH LATIN SMALL LETTER O;Ll;0;L;<wide> 006F;;;;N;;;FF2F;;FF2F
+FF50;FULLWIDTH LATIN SMALL LETTER P;Ll;0;L;<wide> 0070;;;;N;;;FF30;;FF30
+FF51;FULLWIDTH LATIN SMALL LETTER Q;Ll;0;L;<wide> 0071;;;;N;;;FF31;;FF31
+FF52;FULLWIDTH LATIN SMALL LETTER R;Ll;0;L;<wide> 0072;;;;N;;;FF32;;FF32
+FF53;FULLWIDTH LATIN SMALL LETTER S;Ll;0;L;<wide> 0073;;;;N;;;FF33;;FF33
+FF54;FULLWIDTH LATIN SMALL LETTER T;Ll;0;L;<wide> 0074;;;;N;;;FF34;;FF34
+FF55;FULLWIDTH LATIN SMALL LETTER U;Ll;0;L;<wide> 0075;;;;N;;;FF35;;FF35
+FF56;FULLWIDTH LATIN SMALL LETTER V;Ll;0;L;<wide> 0076;;;;N;;;FF36;;FF36
+FF57;FULLWIDTH LATIN SMALL LETTER W;Ll;0;L;<wide> 0077;;;;N;;;FF37;;FF37
+FF58;FULLWIDTH LATIN SMALL LETTER X;Ll;0;L;<wide> 0078;;;;N;;;FF38;;FF38
+FF59;FULLWIDTH LATIN SMALL LETTER Y;Ll;0;L;<wide> 0079;;;;N;;;FF39;;FF39
+FF5A;FULLWIDTH LATIN SMALL LETTER Z;Ll;0;L;<wide> 007A;;;;N;;;FF3A;;FF3A
+FF5B;FULLWIDTH LEFT CURLY BRACKET;Ps;0;ON;<wide> 007B;;;;Y;FULLWIDTH OPENING CURLY BRACKET;;;;
+FF5C;FULLWIDTH VERTICAL LINE;Sm;0;ON;<wide> 007C;;;;N;FULLWIDTH VERTICAL BAR;;;;
+FF5D;FULLWIDTH RIGHT CURLY BRACKET;Pe;0;ON;<wide> 007D;;;;Y;FULLWIDTH CLOSING CURLY BRACKET;;;;
+FF5E;FULLWIDTH TILDE;Sm;0;ON;<wide> 007E;;;;N;FULLWIDTH SPACING TILDE;;;;
+FF5F;FULLWIDTH LEFT WHITE PARENTHESIS;Ps;0;ON;<wide> 2985;;;;Y;;*;;;
+FF60;FULLWIDTH RIGHT WHITE PARENTHESIS;Pe;0;ON;<wide> 2986;;;;Y;;*;;;
+FF61;HALFWIDTH IDEOGRAPHIC FULL STOP;Po;0;ON;<narrow> 3002;;;;N;HALFWIDTH IDEOGRAPHIC PERIOD;;;;
+FF62;HALFWIDTH LEFT CORNER BRACKET;Ps;0;ON;<narrow> 300C;;;;Y;HALFWIDTH OPENING CORNER BRACKET;;;;
+FF63;HALFWIDTH RIGHT CORNER BRACKET;Pe;0;ON;<narrow> 300D;;;;Y;HALFWIDTH CLOSING CORNER BRACKET;;;;
+FF64;HALFWIDTH IDEOGRAPHIC COMMA;Po;0;ON;<narrow> 3001;;;;N;;;;;
+FF65;HALFWIDTH KATAKANA MIDDLE DOT;Pc;0;ON;<narrow> 30FB;;;;N;;;;;
+FF66;HALFWIDTH KATAKANA LETTER WO;Lo;0;L;<narrow> 30F2;;;;N;;;;;
+FF67;HALFWIDTH KATAKANA LETTER SMALL A;Lo;0;L;<narrow> 30A1;;;;N;;;;;
+FF68;HALFWIDTH KATAKANA LETTER SMALL I;Lo;0;L;<narrow> 30A3;;;;N;;;;;
+FF69;HALFWIDTH KATAKANA LETTER SMALL U;Lo;0;L;<narrow> 30A5;;;;N;;;;;
+FF6A;HALFWIDTH KATAKANA LETTER SMALL E;Lo;0;L;<narrow> 30A7;;;;N;;;;;
+FF6B;HALFWIDTH KATAKANA LETTER SMALL O;Lo;0;L;<narrow> 30A9;;;;N;;;;;
+FF6C;HALFWIDTH KATAKANA LETTER SMALL YA;Lo;0;L;<narrow> 30E3;;;;N;;;;;
+FF6D;HALFWIDTH KATAKANA LETTER SMALL YU;Lo;0;L;<narrow> 30E5;;;;N;;;;;
+FF6E;HALFWIDTH KATAKANA LETTER SMALL YO;Lo;0;L;<narrow> 30E7;;;;N;;;;;
+FF6F;HALFWIDTH KATAKANA LETTER SMALL TU;Lo;0;L;<narrow> 30C3;;;;N;;;;;
+FF70;HALFWIDTH KATAKANA-HIRAGANA PROLONGED SOUND MARK;Lm;0;L;<narrow> 30FC;;;;N;;;;;
+FF71;HALFWIDTH KATAKANA LETTER A;Lo;0;L;<narrow> 30A2;;;;N;;;;;
+FF72;HALFWIDTH KATAKANA LETTER I;Lo;0;L;<narrow> 30A4;;;;N;;;;;
+FF73;HALFWIDTH KATAKANA LETTER U;Lo;0;L;<narrow> 30A6;;;;N;;;;;
+FF74;HALFWIDTH KATAKANA LETTER E;Lo;0;L;<narrow> 30A8;;;;N;;;;;
+FF75;HALFWIDTH KATAKANA LETTER O;Lo;0;L;<narrow> 30AA;;;;N;;;;;
+FF76;HALFWIDTH KATAKANA LETTER KA;Lo;0;L;<narrow> 30AB;;;;N;;;;;
+FF77;HALFWIDTH KATAKANA LETTER KI;Lo;0;L;<narrow> 30AD;;;;N;;;;;
+FF78;HALFWIDTH KATAKANA LETTER KU;Lo;0;L;<narrow> 30AF;;;;N;;;;;
+FF79;HALFWIDTH KATAKANA LETTER KE;Lo;0;L;<narrow> 30B1;;;;N;;;;;
+FF7A;HALFWIDTH KATAKANA LETTER KO;Lo;0;L;<narrow> 30B3;;;;N;;;;;
+FF7B;HALFWIDTH KATAKANA LETTER SA;Lo;0;L;<narrow> 30B5;;;;N;;;;;
+FF7C;HALFWIDTH KATAKANA LETTER SI;Lo;0;L;<narrow> 30B7;;;;N;;;;;
+FF7D;HALFWIDTH KATAKANA LETTER SU;Lo;0;L;<narrow> 30B9;;;;N;;;;;
+FF7E;HALFWIDTH KATAKANA LETTER SE;Lo;0;L;<narrow> 30BB;;;;N;;;;;
+FF7F;HALFWIDTH KATAKANA LETTER SO;Lo;0;L;<narrow> 30BD;;;;N;;;;;
+FF80;HALFWIDTH KATAKANA LETTER TA;Lo;0;L;<narrow> 30BF;;;;N;;;;;
+FF81;HALFWIDTH KATAKANA LETTER TI;Lo;0;L;<narrow> 30C1;;;;N;;;;;
+FF82;HALFWIDTH KATAKANA LETTER TU;Lo;0;L;<narrow> 30C4;;;;N;;;;;
+FF83;HALFWIDTH KATAKANA LETTER TE;Lo;0;L;<narrow> 30C6;;;;N;;;;;
+FF84;HALFWIDTH KATAKANA LETTER TO;Lo;0;L;<narrow> 30C8;;;;N;;;;;
+FF85;HALFWIDTH KATAKANA LETTER NA;Lo;0;L;<narrow> 30CA;;;;N;;;;;
+FF86;HALFWIDTH KATAKANA LETTER NI;Lo;0;L;<narrow> 30CB;;;;N;;;;;
+FF87;HALFWIDTH KATAKANA LETTER NU;Lo;0;L;<narrow> 30CC;;;;N;;;;;
+FF88;HALFWIDTH KATAKANA LETTER NE;Lo;0;L;<narrow> 30CD;;;;N;;;;;
+FF89;HALFWIDTH KATAKANA LETTER NO;Lo;0;L;<narrow> 30CE;;;;N;;;;;
+FF8A;HALFWIDTH KATAKANA LETTER HA;Lo;0;L;<narrow> 30CF;;;;N;;;;;
+FF8B;HALFWIDTH KATAKANA LETTER HI;Lo;0;L;<narrow> 30D2;;;;N;;;;;
+FF8C;HALFWIDTH KATAKANA LETTER HU;Lo;0;L;<narrow> 30D5;;;;N;;;;;
+FF8D;HALFWIDTH KATAKANA LETTER HE;Lo;0;L;<narrow> 30D8;;;;N;;;;;
+FF8E;HALFWIDTH KATAKANA LETTER HO;Lo;0;L;<narrow> 30DB;;;;N;;;;;
+FF8F;HALFWIDTH KATAKANA LETTER MA;Lo;0;L;<narrow> 30DE;;;;N;;;;;
+FF90;HALFWIDTH KATAKANA LETTER MI;Lo;0;L;<narrow> 30DF;;;;N;;;;;
+FF91;HALFWIDTH KATAKANA LETTER MU;Lo;0;L;<narrow> 30E0;;;;N;;;;;
+FF92;HALFWIDTH KATAKANA LETTER ME;Lo;0;L;<narrow> 30E1;;;;N;;;;;
+FF93;HALFWIDTH KATAKANA LETTER MO;Lo;0;L;<narrow> 30E2;;;;N;;;;;
+FF94;HALFWIDTH KATAKANA LETTER YA;Lo;0;L;<narrow> 30E4;;;;N;;;;;
+FF95;HALFWIDTH KATAKANA LETTER YU;Lo;0;L;<narrow> 30E6;;;;N;;;;;
+FF96;HALFWIDTH KATAKANA LETTER YO;Lo;0;L;<narrow> 30E8;;;;N;;;;;
+FF97;HALFWIDTH KATAKANA LETTER RA;Lo;0;L;<narrow> 30E9;;;;N;;;;;
+FF98;HALFWIDTH KATAKANA LETTER RI;Lo;0;L;<narrow> 30EA;;;;N;;;;;
+FF99;HALFWIDTH KATAKANA LETTER RU;Lo;0;L;<narrow> 30EB;;;;N;;;;;
+FF9A;HALFWIDTH KATAKANA LETTER RE;Lo;0;L;<narrow> 30EC;;;;N;;;;;
+FF9B;HALFWIDTH KATAKANA LETTER RO;Lo;0;L;<narrow> 30ED;;;;N;;;;;
+FF9C;HALFWIDTH KATAKANA LETTER WA;Lo;0;L;<narrow> 30EF;;;;N;;;;;
+FF9D;HALFWIDTH KATAKANA LETTER N;Lo;0;L;<narrow> 30F3;;;;N;;;;;
+FF9E;HALFWIDTH KATAKANA VOICED SOUND MARK;Lm;0;L;<narrow> 3099;;;;N;;halfwidth katakana-hiragana voiced sound mark;;;
+FF9F;HALFWIDTH KATAKANA SEMI-VOICED SOUND MARK;Lm;0;L;<narrow> 309A;;;;N;;halfwidth katakana-hiragana semi-voiced sound mark;;;
+FFA0;HALFWIDTH HANGUL FILLER;Lo;0;L;<narrow> 3164;;;;N;HALFWIDTH HANGUL CAE OM;;;;
+FFA1;HALFWIDTH HANGUL LETTER KIYEOK;Lo;0;L;<narrow> 3131;;;;N;HALFWIDTH HANGUL LETTER GIYEOG;;;;
+FFA2;HALFWIDTH HANGUL LETTER SSANGKIYEOK;Lo;0;L;<narrow> 3132;;;;N;HALFWIDTH HANGUL LETTER SSANG GIYEOG;;;;
+FFA3;HALFWIDTH HANGUL LETTER KIYEOK-SIOS;Lo;0;L;<narrow> 3133;;;;N;HALFWIDTH HANGUL LETTER GIYEOG SIOS;;;;
+FFA4;HALFWIDTH HANGUL LETTER NIEUN;Lo;0;L;<narrow> 3134;;;;N;;;;;
+FFA5;HALFWIDTH HANGUL LETTER NIEUN-CIEUC;Lo;0;L;<narrow> 3135;;;;N;HALFWIDTH HANGUL LETTER NIEUN JIEUJ;;;;
+FFA6;HALFWIDTH HANGUL LETTER NIEUN-HIEUH;Lo;0;L;<narrow> 3136;;;;N;HALFWIDTH HANGUL LETTER NIEUN HIEUH;;;;
+FFA7;HALFWIDTH HANGUL LETTER TIKEUT;Lo;0;L;<narrow> 3137;;;;N;HALFWIDTH HANGUL LETTER DIGEUD;;;;
+FFA8;HALFWIDTH HANGUL LETTER SSANGTIKEUT;Lo;0;L;<narrow> 3138;;;;N;HALFWIDTH HANGUL LETTER SSANG DIGEUD;;;;
+FFA9;HALFWIDTH HANGUL LETTER RIEUL;Lo;0;L;<narrow> 3139;;;;N;HALFWIDTH HANGUL LETTER LIEUL;;;;
+FFAA;HALFWIDTH HANGUL LETTER RIEUL-KIYEOK;Lo;0;L;<narrow> 313A;;;;N;HALFWIDTH HANGUL LETTER LIEUL GIYEOG;;;;
+FFAB;HALFWIDTH HANGUL LETTER RIEUL-MIEUM;Lo;0;L;<narrow> 313B;;;;N;HALFWIDTH HANGUL LETTER LIEUL MIEUM;;;;
+FFAC;HALFWIDTH HANGUL LETTER RIEUL-PIEUP;Lo;0;L;<narrow> 313C;;;;N;HALFWIDTH HANGUL LETTER LIEUL BIEUB;;;;
+FFAD;HALFWIDTH HANGUL LETTER RIEUL-SIOS;Lo;0;L;<narrow> 313D;;;;N;HALFWIDTH HANGUL LETTER LIEUL SIOS;;;;
+FFAE;HALFWIDTH HANGUL LETTER RIEUL-THIEUTH;Lo;0;L;<narrow> 313E;;;;N;HALFWIDTH HANGUL LETTER LIEUL TIEUT;;;;
+FFAF;HALFWIDTH HANGUL LETTER RIEUL-PHIEUPH;Lo;0;L;<narrow> 313F;;;;N;HALFWIDTH HANGUL LETTER LIEUL PIEUP;;;;
+FFB0;HALFWIDTH HANGUL LETTER RIEUL-HIEUH;Lo;0;L;<narrow> 3140;;;;N;HALFWIDTH HANGUL LETTER LIEUL HIEUH;;;;
+FFB1;HALFWIDTH HANGUL LETTER MIEUM;Lo;0;L;<narrow> 3141;;;;N;;;;;
+FFB2;HALFWIDTH HANGUL LETTER PIEUP;Lo;0;L;<narrow> 3142;;;;N;HALFWIDTH HANGUL LETTER BIEUB;;;;
+FFB3;HALFWIDTH HANGUL LETTER SSANGPIEUP;Lo;0;L;<narrow> 3143;;;;N;HALFWIDTH HANGUL LETTER SSANG BIEUB;;;;
+FFB4;HALFWIDTH HANGUL LETTER PIEUP-SIOS;Lo;0;L;<narrow> 3144;;;;N;HALFWIDTH HANGUL LETTER BIEUB SIOS;;;;
+FFB5;HALFWIDTH HANGUL LETTER SIOS;Lo;0;L;<narrow> 3145;;;;N;;;;;
+FFB6;HALFWIDTH HANGUL LETTER SSANGSIOS;Lo;0;L;<narrow> 3146;;;;N;HALFWIDTH HANGUL LETTER SSANG SIOS;;;;
+FFB7;HALFWIDTH HANGUL LETTER IEUNG;Lo;0;L;<narrow> 3147;;;;N;;;;;
+FFB8;HALFWIDTH HANGUL LETTER CIEUC;Lo;0;L;<narrow> 3148;;;;N;HALFWIDTH HANGUL LETTER JIEUJ;;;;
+FFB9;HALFWIDTH HANGUL LETTER SSANGCIEUC;Lo;0;L;<narrow> 3149;;;;N;HALFWIDTH HANGUL LETTER SSANG JIEUJ;;;;
+FFBA;HALFWIDTH HANGUL LETTER CHIEUCH;Lo;0;L;<narrow> 314A;;;;N;HALFWIDTH HANGUL LETTER CIEUC;;;;
+FFBB;HALFWIDTH HANGUL LETTER KHIEUKH;Lo;0;L;<narrow> 314B;;;;N;HALFWIDTH HANGUL LETTER KIYEOK;;;;
+FFBC;HALFWIDTH HANGUL LETTER THIEUTH;Lo;0;L;<narrow> 314C;;;;N;HALFWIDTH HANGUL LETTER TIEUT;;;;
+FFBD;HALFWIDTH HANGUL LETTER PHIEUPH;Lo;0;L;<narrow> 314D;;;;N;HALFWIDTH HANGUL LETTER PIEUP;;;;
+FFBE;HALFWIDTH HANGUL LETTER HIEUH;Lo;0;L;<narrow> 314E;;;;N;;;;;
+FFC2;HALFWIDTH HANGUL LETTER A;Lo;0;L;<narrow> 314F;;;;N;;;;;
+FFC3;HALFWIDTH HANGUL LETTER AE;Lo;0;L;<narrow> 3150;;;;N;;;;;
+FFC4;HALFWIDTH HANGUL LETTER YA;Lo;0;L;<narrow> 3151;;;;N;;;;;
+FFC5;HALFWIDTH HANGUL LETTER YAE;Lo;0;L;<narrow> 3152;;;;N;;;;;
+FFC6;HALFWIDTH HANGUL LETTER EO;Lo;0;L;<narrow> 3153;;;;N;;;;;
+FFC7;HALFWIDTH HANGUL LETTER E;Lo;0;L;<narrow> 3154;;;;N;;;;;
+FFCA;HALFWIDTH HANGUL LETTER YEO;Lo;0;L;<narrow> 3155;;;;N;;;;;
+FFCB;HALFWIDTH HANGUL LETTER YE;Lo;0;L;<narrow> 3156;;;;N;;;;;
+FFCC;HALFWIDTH HANGUL LETTER O;Lo;0;L;<narrow> 3157;;;;N;;;;;
+FFCD;HALFWIDTH HANGUL LETTER WA;Lo;0;L;<narrow> 3158;;;;N;;;;;
+FFCE;HALFWIDTH HANGUL LETTER WAE;Lo;0;L;<narrow> 3159;;;;N;;;;;
+FFCF;HALFWIDTH HANGUL LETTER OE;Lo;0;L;<narrow> 315A;;;;N;;;;;
+FFD2;HALFWIDTH HANGUL LETTER YO;Lo;0;L;<narrow> 315B;;;;N;;;;;
+FFD3;HALFWIDTH HANGUL LETTER U;Lo;0;L;<narrow> 315C;;;;N;;;;;
+FFD4;HALFWIDTH HANGUL LETTER WEO;Lo;0;L;<narrow> 315D;;;;N;;;;;
+FFD5;HALFWIDTH HANGUL LETTER WE;Lo;0;L;<narrow> 315E;;;;N;;;;;
+FFD6;HALFWIDTH HANGUL LETTER WI;Lo;0;L;<narrow> 315F;;;;N;;;;;
+FFD7;HALFWIDTH HANGUL LETTER YU;Lo;0;L;<narrow> 3160;;;;N;;;;;
+FFDA;HALFWIDTH HANGUL LETTER EU;Lo;0;L;<narrow> 3161;;;;N;;;;;
+FFDB;HALFWIDTH HANGUL LETTER YI;Lo;0;L;<narrow> 3162;;;;N;;;;;
+FFDC;HALFWIDTH HANGUL LETTER I;Lo;0;L;<narrow> 3163;;;;N;;;;;
+FFE0;FULLWIDTH CENT SIGN;Sc;0;ET;<wide> 00A2;;;;N;;;;;
+FFE1;FULLWIDTH POUND SIGN;Sc;0;ET;<wide> 00A3;;;;N;;;;;
+FFE2;FULLWIDTH NOT SIGN;Sm;0;ON;<wide> 00AC;;;;N;;;;;
+FFE3;FULLWIDTH MACRON;Sk;0;ON;<wide> 00AF;;;;N;FULLWIDTH SPACING MACRON;*;;;
+FFE4;FULLWIDTH BROKEN BAR;So;0;ON;<wide> 00A6;;;;N;FULLWIDTH BROKEN VERTICAL BAR;;;;
+FFE5;FULLWIDTH YEN SIGN;Sc;0;ET;<wide> 00A5;;;;N;;;;;
+FFE6;FULLWIDTH WON SIGN;Sc;0;ET;<wide> 20A9;;;;N;;;;;
+FFE8;HALFWIDTH FORMS LIGHT VERTICAL;So;0;ON;<narrow> 2502;;;;N;;;;;
+FFE9;HALFWIDTH LEFTWARDS ARROW;Sm;0;ON;<narrow> 2190;;;;N;;;;;
+FFEA;HALFWIDTH UPWARDS ARROW;Sm;0;ON;<narrow> 2191;;;;N;;;;;
+FFEB;HALFWIDTH RIGHTWARDS ARROW;Sm;0;ON;<narrow> 2192;;;;N;;;;;
+FFEC;HALFWIDTH DOWNWARDS ARROW;Sm;0;ON;<narrow> 2193;;;;N;;;;;
+FFED;HALFWIDTH BLACK SQUARE;So;0;ON;<narrow> 25A0;;;;N;;;;;
+FFEE;HALFWIDTH WHITE CIRCLE;So;0;ON;<narrow> 25CB;;;;N;;;;;
+FFF9;INTERLINEAR ANNOTATION ANCHOR;Cf;0;BN;;;;;N;;;;;
+FFFA;INTERLINEAR ANNOTATION SEPARATOR;Cf;0;BN;;;;;N;;;;;
+FFFB;INTERLINEAR ANNOTATION TERMINATOR;Cf;0;BN;;;;;N;;;;;
+FFFC;OBJECT REPLACEMENT CHARACTER;So;0;ON;;;;;N;;;;;
+FFFD;REPLACEMENT CHARACTER;So;0;ON;;;;;N;;;;;
+10300;OLD ITALIC LETTER A;Lo;0;L;;;;;N;;;;;
+10301;OLD ITALIC LETTER BE;Lo;0;L;;;;;N;;;;;
+10302;OLD ITALIC LETTER KE;Lo;0;L;;;;;N;;;;;
+10303;OLD ITALIC LETTER DE;Lo;0;L;;;;;N;;;;;
+10304;OLD ITALIC LETTER E;Lo;0;L;;;;;N;;;;;
+10305;OLD ITALIC LETTER VE;Lo;0;L;;;;;N;;;;;
+10306;OLD ITALIC LETTER ZE;Lo;0;L;;;;;N;;;;;
+10307;OLD ITALIC LETTER HE;Lo;0;L;;;;;N;;;;;
+10308;OLD ITALIC LETTER THE;Lo;0;L;;;;;N;;;;;
+10309;OLD ITALIC LETTER I;Lo;0;L;;;;;N;;;;;
+1030A;OLD ITALIC LETTER KA;Lo;0;L;;;;;N;;;;;
+1030B;OLD ITALIC LETTER EL;Lo;0;L;;;;;N;;;;;
+1030C;OLD ITALIC LETTER EM;Lo;0;L;;;;;N;;;;;
+1030D;OLD ITALIC LETTER EN;Lo;0;L;;;;;N;;;;;
+1030E;OLD ITALIC LETTER ESH;Lo;0;L;;;;;N;;;;;
+1030F;OLD ITALIC LETTER O;Lo;0;L;;;;;N;;Faliscan;;;
+10310;OLD ITALIC LETTER PE;Lo;0;L;;;;;N;;;;;
+10311;OLD ITALIC LETTER SHE;Lo;0;L;;;;;N;;;;;
+10312;OLD ITALIC LETTER KU;Lo;0;L;;;;;N;;;;;
+10313;OLD ITALIC LETTER ER;Lo;0;L;;;;;N;;;;;
+10314;OLD ITALIC LETTER ES;Lo;0;L;;;;;N;;;;;
+10315;OLD ITALIC LETTER TE;Lo;0;L;;;;;N;;;;;
+10316;OLD ITALIC LETTER U;Lo;0;L;;;;;N;;;;;
+10317;OLD ITALIC LETTER EKS;Lo;0;L;;;;;N;;Faliscan;;;
+10318;OLD ITALIC LETTER PHE;Lo;0;L;;;;;N;;;;;
+10319;OLD ITALIC LETTER KHE;Lo;0;L;;;;;N;;;;;
+1031A;OLD ITALIC LETTER EF;Lo;0;L;;;;;N;;;;;
+1031B;OLD ITALIC LETTER ERS;Lo;0;L;;;;;N;;Umbrian;;;
+1031C;OLD ITALIC LETTER CHE;Lo;0;L;;;;;N;;Umbrian;;;
+1031D;OLD ITALIC LETTER II;Lo;0;L;;;;;N;;Oscan;;;
+1031E;OLD ITALIC LETTER UU;Lo;0;L;;;;;N;;Oscan;;;
+10320;OLD ITALIC NUMERAL ONE;No;0;L;;;;1;N;;;;;
+10321;OLD ITALIC NUMERAL FIVE;No;0;L;;;;5;N;;;;;
+10322;OLD ITALIC NUMERAL TEN;No;0;L;;;;10;N;;;;;
+10323;OLD ITALIC NUMERAL FIFTY;No;0;L;;;;50;N;;;;;
+10330;GOTHIC LETTER AHSA;Lo;0;L;;;;;N;;;;;
+10331;GOTHIC LETTER BAIRKAN;Lo;0;L;;;;;N;;;;;
+10332;GOTHIC LETTER GIBA;Lo;0;L;;;;;N;;;;;
+10333;GOTHIC LETTER DAGS;Lo;0;L;;;;;N;;;;;
+10334;GOTHIC LETTER AIHVUS;Lo;0;L;;;;;N;;;;;
+10335;GOTHIC LETTER QAIRTHRA;Lo;0;L;;;;;N;;;;;
+10336;GOTHIC LETTER IUJA;Lo;0;L;;;;;N;;;;;
+10337;GOTHIC LETTER HAGL;Lo;0;L;;;;;N;;;;;
+10338;GOTHIC LETTER THIUTH;Lo;0;L;;;;;N;;;;;
+10339;GOTHIC LETTER EIS;Lo;0;L;;;;;N;;;;;
+1033A;GOTHIC LETTER KUSMA;Lo;0;L;;;;;N;;;;;
+1033B;GOTHIC LETTER LAGUS;Lo;0;L;;;;;N;;;;;
+1033C;GOTHIC LETTER MANNA;Lo;0;L;;;;;N;;;;;
+1033D;GOTHIC LETTER NAUTHS;Lo;0;L;;;;;N;;;;;
+1033E;GOTHIC LETTER JER;Lo;0;L;;;;;N;;;;;
+1033F;GOTHIC LETTER URUS;Lo;0;L;;;;;N;;;;;
+10340;GOTHIC LETTER PAIRTHRA;Lo;0;L;;;;;N;;;;;
+10341;GOTHIC LETTER NINETY;Lo;0;L;;;;;N;;;;;
+10342;GOTHIC LETTER RAIDA;Lo;0;L;;;;;N;;;;;
+10343;GOTHIC LETTER SAUIL;Lo;0;L;;;;;N;;;;;
+10344;GOTHIC LETTER TEIWS;Lo;0;L;;;;;N;;;;;
+10345;GOTHIC LETTER WINJA;Lo;0;L;;;;;N;;;;;
+10346;GOTHIC LETTER FAIHU;Lo;0;L;;;;;N;;;;;
+10347;GOTHIC LETTER IGGWS;Lo;0;L;;;;;N;;;;;
+10348;GOTHIC LETTER HWAIR;Lo;0;L;;;;;N;;;;;
+10349;GOTHIC LETTER OTHAL;Lo;0;L;;;;;N;;;;;
+1034A;GOTHIC LETTER NINE HUNDRED;Nl;0;L;;;;;N;;;;;
+10400;DESERET CAPITAL LETTER LONG I;Lu;0;L;;;;;N;;;;10428;
+10401;DESERET CAPITAL LETTER LONG E;Lu;0;L;;;;;N;;;;10429;
+10402;DESERET CAPITAL LETTER LONG A;Lu;0;L;;;;;N;;;;1042A;
+10403;DESERET CAPITAL LETTER LONG AH;Lu;0;L;;;;;N;;;;1042B;
+10404;DESERET CAPITAL LETTER LONG O;Lu;0;L;;;;;N;;;;1042C;
+10405;DESERET CAPITAL LETTER LONG OO;Lu;0;L;;;;;N;;;;1042D;
+10406;DESERET CAPITAL LETTER SHORT I;Lu;0;L;;;;;N;;;;1042E;
+10407;DESERET CAPITAL LETTER SHORT E;Lu;0;L;;;;;N;;;;1042F;
+10408;DESERET CAPITAL LETTER SHORT A;Lu;0;L;;;;;N;;;;10430;
+10409;DESERET CAPITAL LETTER SHORT AH;Lu;0;L;;;;;N;;;;10431;
+1040A;DESERET CAPITAL LETTER SHORT O;Lu;0;L;;;;;N;;;;10432;
+1040B;DESERET CAPITAL LETTER SHORT OO;Lu;0;L;;;;;N;;;;10433;
+1040C;DESERET CAPITAL LETTER AY;Lu;0;L;;;;;N;;;;10434;
+1040D;DESERET CAPITAL LETTER OW;Lu;0;L;;;;;N;;;;10435;
+1040E;DESERET CAPITAL LETTER WU;Lu;0;L;;;;;N;;;;10436;
+1040F;DESERET CAPITAL LETTER YEE;Lu;0;L;;;;;N;;;;10437;
+10410;DESERET CAPITAL LETTER H;Lu;0;L;;;;;N;;;;10438;
+10411;DESERET CAPITAL LETTER PEE;Lu;0;L;;;;;N;;;;10439;
+10412;DESERET CAPITAL LETTER BEE;Lu;0;L;;;;;N;;;;1043A;
+10413;DESERET CAPITAL LETTER TEE;Lu;0;L;;;;;N;;;;1043B;
+10414;DESERET CAPITAL LETTER DEE;Lu;0;L;;;;;N;;;;1043C;
+10415;DESERET CAPITAL LETTER CHEE;Lu;0;L;;;;;N;;;;1043D;
+10416;DESERET CAPITAL LETTER JEE;Lu;0;L;;;;;N;;;;1043E;
+10417;DESERET CAPITAL LETTER KAY;Lu;0;L;;;;;N;;;;1043F;
+10418;DESERET CAPITAL LETTER GAY;Lu;0;L;;;;;N;;;;10440;
+10419;DESERET CAPITAL LETTER EF;Lu;0;L;;;;;N;;;;10441;
+1041A;DESERET CAPITAL LETTER VEE;Lu;0;L;;;;;N;;;;10442;
+1041B;DESERET CAPITAL LETTER ETH;Lu;0;L;;;;;N;;;;10443;
+1041C;DESERET CAPITAL LETTER THEE;Lu;0;L;;;;;N;;;;10444;
+1041D;DESERET CAPITAL LETTER ES;Lu;0;L;;;;;N;;;;10445;
+1041E;DESERET CAPITAL LETTER ZEE;Lu;0;L;;;;;N;;;;10446;
+1041F;DESERET CAPITAL LETTER ESH;Lu;0;L;;;;;N;;;;10447;
+10420;DESERET CAPITAL LETTER ZHEE;Lu;0;L;;;;;N;;;;10448;
+10421;DESERET CAPITAL LETTER ER;Lu;0;L;;;;;N;;;;10449;
+10422;DESERET CAPITAL LETTER EL;Lu;0;L;;;;;N;;;;1044A;
+10423;DESERET CAPITAL LETTER EM;Lu;0;L;;;;;N;;;;1044B;
+10424;DESERET CAPITAL LETTER EN;Lu;0;L;;;;;N;;;;1044C;
+10425;DESERET CAPITAL LETTER ENG;Lu;0;L;;;;;N;;;;1044D;
+10428;DESERET SMALL LETTER LONG I;Ll;0;L;;;;;N;;;10400;;10400
+10429;DESERET SMALL LETTER LONG E;Ll;0;L;;;;;N;;;10401;;10401
+1042A;DESERET SMALL LETTER LONG A;Ll;0;L;;;;;N;;;10402;;10402
+1042B;DESERET SMALL LETTER LONG AH;Ll;0;L;;;;;N;;;10403;;10403
+1042C;DESERET SMALL LETTER LONG O;Ll;0;L;;;;;N;;;10404;;10404
+1042D;DESERET SMALL LETTER LONG OO;Ll;0;L;;;;;N;;;10405;;10405
+1042E;DESERET SMALL LETTER SHORT I;Ll;0;L;;;;;N;;;10406;;10406
+1042F;DESERET SMALL LETTER SHORT E;Ll;0;L;;;;;N;;;10407;;10407
+10430;DESERET SMALL LETTER SHORT A;Ll;0;L;;;;;N;;;10408;;10408
+10431;DESERET SMALL LETTER SHORT AH;Ll;0;L;;;;;N;;;10409;;10409
+10432;DESERET SMALL LETTER SHORT O;Ll;0;L;;;;;N;;;1040A;;1040A
+10433;DESERET SMALL LETTER SHORT OO;Ll;0;L;;;;;N;;;1040B;;1040B
+10434;DESERET SMALL LETTER AY;Ll;0;L;;;;;N;;;1040C;;1040C
+10435;DESERET SMALL LETTER OW;Ll;0;L;;;;;N;;;1040D;;1040D
+10436;DESERET SMALL LETTER WU;Ll;0;L;;;;;N;;;1040E;;1040E
+10437;DESERET SMALL LETTER YEE;Ll;0;L;;;;;N;;;1040F;;1040F
+10438;DESERET SMALL LETTER H;Ll;0;L;;;;;N;;;10410;;10410
+10439;DESERET SMALL LETTER PEE;Ll;0;L;;;;;N;;;10411;;10411
+1043A;DESERET SMALL LETTER BEE;Ll;0;L;;;;;N;;;10412;;10412
+1043B;DESERET SMALL LETTER TEE;Ll;0;L;;;;;N;;;10413;;10413
+1043C;DESERET SMALL LETTER DEE;Ll;0;L;;;;;N;;;10414;;10414
+1043D;DESERET SMALL LETTER CHEE;Ll;0;L;;;;;N;;;10415;;10415
+1043E;DESERET SMALL LETTER JEE;Ll;0;L;;;;;N;;;10416;;10416
+1043F;DESERET SMALL LETTER KAY;Ll;0;L;;;;;N;;;10417;;10417
+10440;DESERET SMALL LETTER GAY;Ll;0;L;;;;;N;;;10418;;10418
+10441;DESERET SMALL LETTER EF;Ll;0;L;;;;;N;;;10419;;10419
+10442;DESERET SMALL LETTER VEE;Ll;0;L;;;;;N;;;1041A;;1041A
+10443;DESERET SMALL LETTER ETH;Ll;0;L;;;;;N;;;1041B;;1041B
+10444;DESERET SMALL LETTER THEE;Ll;0;L;;;;;N;;;1041C;;1041C
+10445;DESERET SMALL LETTER ES;Ll;0;L;;;;;N;;;1041D;;1041D
+10446;DESERET SMALL LETTER ZEE;Ll;0;L;;;;;N;;;1041E;;1041E
+10447;DESERET SMALL LETTER ESH;Ll;0;L;;;;;N;;;1041F;;1041F
+10448;DESERET SMALL LETTER ZHEE;Ll;0;L;;;;;N;;;10420;;10420
+10449;DESERET SMALL LETTER ER;Ll;0;L;;;;;N;;;10421;;10421
+1044A;DESERET SMALL LETTER EL;Ll;0;L;;;;;N;;;10422;;10422
+1044B;DESERET SMALL LETTER EM;Ll;0;L;;;;;N;;;10423;;10423
+1044C;DESERET SMALL LETTER EN;Ll;0;L;;;;;N;;;10424;;10424
+1044D;DESERET SMALL LETTER ENG;Ll;0;L;;;;;N;;;10425;;10425
+1D000;BYZANTINE MUSICAL SYMBOL PSILI;So;0;L;;;;;N;;;;;
+1D001;BYZANTINE MUSICAL SYMBOL DASEIA;So;0;L;;;;;N;;;;;
+1D002;BYZANTINE MUSICAL SYMBOL PERISPOMENI;So;0;L;;;;;N;;;;;
+1D003;BYZANTINE MUSICAL SYMBOL OXEIA EKFONITIKON;So;0;L;;;;;N;;;;;
+1D004;BYZANTINE MUSICAL SYMBOL OXEIA DIPLI;So;0;L;;;;;N;;;;;
+1D005;BYZANTINE MUSICAL SYMBOL VAREIA EKFONITIKON;So;0;L;;;;;N;;;;;
+1D006;BYZANTINE MUSICAL SYMBOL VAREIA DIPLI;So;0;L;;;;;N;;;;;
+1D007;BYZANTINE MUSICAL SYMBOL KATHISTI;So;0;L;;;;;N;;;;;
+1D008;BYZANTINE MUSICAL SYMBOL SYRMATIKI;So;0;L;;;;;N;;;;;
+1D009;BYZANTINE MUSICAL SYMBOL PARAKLITIKI;So;0;L;;;;;N;;;;;
+1D00A;BYZANTINE MUSICAL SYMBOL YPOKRISIS;So;0;L;;;;;N;;;;;
+1D00B;BYZANTINE MUSICAL SYMBOL YPOKRISIS DIPLI;So;0;L;;;;;N;;;;;
+1D00C;BYZANTINE MUSICAL SYMBOL KREMASTI;So;0;L;;;;;N;;;;;
+1D00D;BYZANTINE MUSICAL SYMBOL APESO EKFONITIKON;So;0;L;;;;;N;;;;;
+1D00E;BYZANTINE MUSICAL SYMBOL EXO EKFONITIKON;So;0;L;;;;;N;;;;;
+1D00F;BYZANTINE MUSICAL SYMBOL TELEIA;So;0;L;;;;;N;;;;;
+1D010;BYZANTINE MUSICAL SYMBOL KENTIMATA;So;0;L;;;;;N;;;;;
+1D011;BYZANTINE MUSICAL SYMBOL APOSTROFOS;So;0;L;;;;;N;;;;;
+1D012;BYZANTINE MUSICAL SYMBOL APOSTROFOS DIPLI;So;0;L;;;;;N;;;;;
+1D013;BYZANTINE MUSICAL SYMBOL SYNEVMA;So;0;L;;;;;N;;;;;
+1D014;BYZANTINE MUSICAL SYMBOL THITA;So;0;L;;;;;N;;;;;
+1D015;BYZANTINE MUSICAL SYMBOL OLIGON ARCHAION;So;0;L;;;;;N;;;;;
+1D016;BYZANTINE MUSICAL SYMBOL GORGON ARCHAION;So;0;L;;;;;N;;;;;
+1D017;BYZANTINE MUSICAL SYMBOL PSILON;So;0;L;;;;;N;;;;;
+1D018;BYZANTINE MUSICAL SYMBOL CHAMILON;So;0;L;;;;;N;;;;;
+1D019;BYZANTINE MUSICAL SYMBOL VATHY;So;0;L;;;;;N;;;;;
+1D01A;BYZANTINE MUSICAL SYMBOL ISON ARCHAION;So;0;L;;;;;N;;;;;
+1D01B;BYZANTINE MUSICAL SYMBOL KENTIMA ARCHAION;So;0;L;;;;;N;;;;;
+1D01C;BYZANTINE MUSICAL SYMBOL KENTIMATA ARCHAION;So;0;L;;;;;N;;;;;
+1D01D;BYZANTINE MUSICAL SYMBOL SAXIMATA;So;0;L;;;;;N;;;;;
+1D01E;BYZANTINE MUSICAL SYMBOL PARICHON;So;0;L;;;;;N;;;;;
+1D01F;BYZANTINE MUSICAL SYMBOL STAVROS APODEXIA;So;0;L;;;;;N;;;;;
+1D020;BYZANTINE MUSICAL SYMBOL OXEIAI ARCHAION;So;0;L;;;;;N;;;;;
+1D021;BYZANTINE MUSICAL SYMBOL VAREIAI ARCHAION;So;0;L;;;;;N;;;;;
+1D022;BYZANTINE MUSICAL SYMBOL APODERMA ARCHAION;So;0;L;;;;;N;;;;;
+1D023;BYZANTINE MUSICAL SYMBOL APOTHEMA;So;0;L;;;;;N;;;;;
+1D024;BYZANTINE MUSICAL SYMBOL KLASMA;So;0;L;;;;;N;;;;;
+1D025;BYZANTINE MUSICAL SYMBOL REVMA;So;0;L;;;;;N;;;;;
+1D026;BYZANTINE MUSICAL SYMBOL PIASMA ARCHAION;So;0;L;;;;;N;;;;;
+1D027;BYZANTINE MUSICAL SYMBOL TINAGMA;So;0;L;;;;;N;;;;;
+1D028;BYZANTINE MUSICAL SYMBOL ANATRICHISMA;So;0;L;;;;;N;;;;;
+1D029;BYZANTINE MUSICAL SYMBOL SEISMA;So;0;L;;;;;N;;;;;
+1D02A;BYZANTINE MUSICAL SYMBOL SYNAGMA ARCHAION;So;0;L;;;;;N;;;;;
+1D02B;BYZANTINE MUSICAL SYMBOL SYNAGMA META STAVROU;So;0;L;;;;;N;;;;;
+1D02C;BYZANTINE MUSICAL SYMBOL OYRANISMA ARCHAION;So;0;L;;;;;N;;;;;
+1D02D;BYZANTINE MUSICAL SYMBOL THEMA;So;0;L;;;;;N;;;;;
+1D02E;BYZANTINE MUSICAL SYMBOL LEMOI;So;0;L;;;;;N;;;;;
+1D02F;BYZANTINE MUSICAL SYMBOL DYO;So;0;L;;;;;N;;;;;
+1D030;BYZANTINE MUSICAL SYMBOL TRIA;So;0;L;;;;;N;;;;;
+1D031;BYZANTINE MUSICAL SYMBOL TESSERA;So;0;L;;;;;N;;;;;
+1D032;BYZANTINE MUSICAL SYMBOL KRATIMATA;So;0;L;;;;;N;;;;;
+1D033;BYZANTINE MUSICAL SYMBOL APESO EXO NEO;So;0;L;;;;;N;;;;;
+1D034;BYZANTINE MUSICAL SYMBOL FTHORA ARCHAION;So;0;L;;;;;N;;;;;
+1D035;BYZANTINE MUSICAL SYMBOL IMIFTHORA;So;0;L;;;;;N;;;;;
+1D036;BYZANTINE MUSICAL SYMBOL TROMIKON ARCHAION;So;0;L;;;;;N;;;;;
+1D037;BYZANTINE MUSICAL SYMBOL KATAVA TROMIKON;So;0;L;;;;;N;;;;;
+1D038;BYZANTINE MUSICAL SYMBOL PELASTON;So;0;L;;;;;N;;;;;
+1D039;BYZANTINE MUSICAL SYMBOL PSIFISTON;So;0;L;;;;;N;;;;;
+1D03A;BYZANTINE MUSICAL SYMBOL KONTEVMA;So;0;L;;;;;N;;;;;
+1D03B;BYZANTINE MUSICAL SYMBOL CHOREVMA ARCHAION;So;0;L;;;;;N;;;;;
+1D03C;BYZANTINE MUSICAL SYMBOL RAPISMA;So;0;L;;;;;N;;;;;
+1D03D;BYZANTINE MUSICAL SYMBOL PARAKALESMA ARCHAION;So;0;L;;;;;N;;;;;
+1D03E;BYZANTINE MUSICAL SYMBOL PARAKLITIKI ARCHAION;So;0;L;;;;;N;;;;;
+1D03F;BYZANTINE MUSICAL SYMBOL ICHADIN;So;0;L;;;;;N;;;;;
+1D040;BYZANTINE MUSICAL SYMBOL NANA;So;0;L;;;;;N;;;;;
+1D041;BYZANTINE MUSICAL SYMBOL PETASMA;So;0;L;;;;;N;;;;;
+1D042;BYZANTINE MUSICAL SYMBOL KONTEVMA ALLO;So;0;L;;;;;N;;;;;
+1D043;BYZANTINE MUSICAL SYMBOL TROMIKON ALLO;So;0;L;;;;;N;;;;;
+1D044;BYZANTINE MUSICAL SYMBOL STRAGGISMATA;So;0;L;;;;;N;;;;;
+1D045;BYZANTINE MUSICAL SYMBOL GRONTHISMATA;So;0;L;;;;;N;;;;;
+1D046;BYZANTINE MUSICAL SYMBOL ISON NEO;So;0;L;;;;;N;;;;;
+1D047;BYZANTINE MUSICAL SYMBOL OLIGON NEO;So;0;L;;;;;N;;;;;
+1D048;BYZANTINE MUSICAL SYMBOL OXEIA NEO;So;0;L;;;;;N;;;;;
+1D049;BYZANTINE MUSICAL SYMBOL PETASTI;So;0;L;;;;;N;;;;;
+1D04A;BYZANTINE MUSICAL SYMBOL KOUFISMA;So;0;L;;;;;N;;;;;
+1D04B;BYZANTINE MUSICAL SYMBOL PETASTOKOUFISMA;So;0;L;;;;;N;;;;;
+1D04C;BYZANTINE MUSICAL SYMBOL KRATIMOKOUFISMA;So;0;L;;;;;N;;;;;
+1D04D;BYZANTINE MUSICAL SYMBOL PELASTON NEO;So;0;L;;;;;N;;;;;
+1D04E;BYZANTINE MUSICAL SYMBOL KENTIMATA NEO ANO;So;0;L;;;;;N;;;;;
+1D04F;BYZANTINE MUSICAL SYMBOL KENTIMA NEO ANO;So;0;L;;;;;N;;;;;
+1D050;BYZANTINE MUSICAL SYMBOL YPSILI;So;0;L;;;;;N;;;;;
+1D051;BYZANTINE MUSICAL SYMBOL APOSTROFOS NEO;So;0;L;;;;;N;;;;;
+1D052;BYZANTINE MUSICAL SYMBOL APOSTROFOI SYNDESMOS NEO;So;0;L;;;;;N;;;;;
+1D053;BYZANTINE MUSICAL SYMBOL YPORROI;So;0;L;;;;;N;;;;;
+1D054;BYZANTINE MUSICAL SYMBOL KRATIMOYPORROON;So;0;L;;;;;N;;;;;
+1D055;BYZANTINE MUSICAL SYMBOL ELAFRON;So;0;L;;;;;N;;;;;
+1D056;BYZANTINE MUSICAL SYMBOL CHAMILI;So;0;L;;;;;N;;;;;
+1D057;BYZANTINE MUSICAL SYMBOL MIKRON ISON;So;0;L;;;;;N;;;;;
+1D058;BYZANTINE MUSICAL SYMBOL VAREIA NEO;So;0;L;;;;;N;;;;;
+1D059;BYZANTINE MUSICAL SYMBOL PIASMA NEO;So;0;L;;;;;N;;;;;
+1D05A;BYZANTINE MUSICAL SYMBOL PSIFISTON NEO;So;0;L;;;;;N;;;;;
+1D05B;BYZANTINE MUSICAL SYMBOL OMALON;So;0;L;;;;;N;;;;;
+1D05C;BYZANTINE MUSICAL SYMBOL ANTIKENOMA;So;0;L;;;;;N;;;;;
+1D05D;BYZANTINE MUSICAL SYMBOL LYGISMA;So;0;L;;;;;N;;;;;
+1D05E;BYZANTINE MUSICAL SYMBOL PARAKLITIKI NEO;So;0;L;;;;;N;;;;;
+1D05F;BYZANTINE MUSICAL SYMBOL PARAKALESMA NEO;So;0;L;;;;;N;;;;;
+1D060;BYZANTINE MUSICAL SYMBOL ETERON PARAKALESMA;So;0;L;;;;;N;;;;;
+1D061;BYZANTINE MUSICAL SYMBOL KYLISMA;So;0;L;;;;;N;;;;;
+1D062;BYZANTINE MUSICAL SYMBOL ANTIKENOKYLISMA;So;0;L;;;;;N;;;;;
+1D063;BYZANTINE MUSICAL SYMBOL TROMIKON NEO;So;0;L;;;;;N;;;;;
+1D064;BYZANTINE MUSICAL SYMBOL EKSTREPTON;So;0;L;;;;;N;;;;;
+1D065;BYZANTINE MUSICAL SYMBOL SYNAGMA NEO;So;0;L;;;;;N;;;;;
+1D066;BYZANTINE MUSICAL SYMBOL SYRMA;So;0;L;;;;;N;;;;;
+1D067;BYZANTINE MUSICAL SYMBOL CHOREVMA NEO;So;0;L;;;;;N;;;;;
+1D068;BYZANTINE MUSICAL SYMBOL EPEGERMA;So;0;L;;;;;N;;;;;
+1D069;BYZANTINE MUSICAL SYMBOL SEISMA NEO;So;0;L;;;;;N;;;;;
+1D06A;BYZANTINE MUSICAL SYMBOL XIRON KLASMA;So;0;L;;;;;N;;;;;
+1D06B;BYZANTINE MUSICAL SYMBOL TROMIKOPSIFISTON;So;0;L;;;;;N;;;;;
+1D06C;BYZANTINE MUSICAL SYMBOL PSIFISTOLYGISMA;So;0;L;;;;;N;;;;;
+1D06D;BYZANTINE MUSICAL SYMBOL TROMIKOLYGISMA;So;0;L;;;;;N;;;;;
+1D06E;BYZANTINE MUSICAL SYMBOL TROMIKOPARAKALESMA;So;0;L;;;;;N;;;;;
+1D06F;BYZANTINE MUSICAL SYMBOL PSIFISTOPARAKALESMA;So;0;L;;;;;N;;;;;
+1D070;BYZANTINE MUSICAL SYMBOL TROMIKOSYNAGMA;So;0;L;;;;;N;;;;;
+1D071;BYZANTINE MUSICAL SYMBOL PSIFISTOSYNAGMA;So;0;L;;;;;N;;;;;
+1D072;BYZANTINE MUSICAL SYMBOL GORGOSYNTHETON;So;0;L;;;;;N;;;;;
+1D073;BYZANTINE MUSICAL SYMBOL ARGOSYNTHETON;So;0;L;;;;;N;;;;;
+1D074;BYZANTINE MUSICAL SYMBOL ETERON ARGOSYNTHETON;So;0;L;;;;;N;;;;;
+1D075;BYZANTINE MUSICAL SYMBOL OYRANISMA NEO;So;0;L;;;;;N;;;;;
+1D076;BYZANTINE MUSICAL SYMBOL THEMATISMOS ESO;So;0;L;;;;;N;;;;;
+1D077;BYZANTINE MUSICAL SYMBOL THEMATISMOS EXO;So;0;L;;;;;N;;;;;
+1D078;BYZANTINE MUSICAL SYMBOL THEMA APLOUN;So;0;L;;;;;N;;;;;
+1D079;BYZANTINE MUSICAL SYMBOL THES KAI APOTHES;So;0;L;;;;;N;;;;;
+1D07A;BYZANTINE MUSICAL SYMBOL KATAVASMA;So;0;L;;;;;N;;;;;
+1D07B;BYZANTINE MUSICAL SYMBOL ENDOFONON;So;0;L;;;;;N;;;;;
+1D07C;BYZANTINE MUSICAL SYMBOL YFEN KATO;So;0;L;;;;;N;;;;;
+1D07D;BYZANTINE MUSICAL SYMBOL YFEN ANO;So;0;L;;;;;N;;;;;
+1D07E;BYZANTINE MUSICAL SYMBOL STAVROS;So;0;L;;;;;N;;;;;
+1D07F;BYZANTINE MUSICAL SYMBOL KLASMA ANO;So;0;L;;;;;N;;;;;
+1D080;BYZANTINE MUSICAL SYMBOL DIPLI ARCHAION;So;0;L;;;;;N;;;;;
+1D081;BYZANTINE MUSICAL SYMBOL KRATIMA ARCHAION;So;0;L;;;;;N;;;;;
+1D082;BYZANTINE MUSICAL SYMBOL KRATIMA ALLO;So;0;L;;;;;N;;;;;
+1D083;BYZANTINE MUSICAL SYMBOL KRATIMA NEO;So;0;L;;;;;N;;;;;
+1D084;BYZANTINE MUSICAL SYMBOL APODERMA NEO;So;0;L;;;;;N;;;;;
+1D085;BYZANTINE MUSICAL SYMBOL APLI;So;0;L;;;;;N;;;;;
+1D086;BYZANTINE MUSICAL SYMBOL DIPLI;So;0;L;;;;;N;;;;;
+1D087;BYZANTINE MUSICAL SYMBOL TRIPLI;So;0;L;;;;;N;;;;;
+1D088;BYZANTINE MUSICAL SYMBOL TETRAPLI;So;0;L;;;;;N;;;;;
+1D089;BYZANTINE MUSICAL SYMBOL KORONIS;So;0;L;;;;;N;;;;;
+1D08A;BYZANTINE MUSICAL SYMBOL LEIMMA ENOS CHRONOU;So;0;L;;;;;N;;;;;
+1D08B;BYZANTINE MUSICAL SYMBOL LEIMMA DYO CHRONON;So;0;L;;;;;N;;;;;
+1D08C;BYZANTINE MUSICAL SYMBOL LEIMMA TRION CHRONON;So;0;L;;;;;N;;;;;
+1D08D;BYZANTINE MUSICAL SYMBOL LEIMMA TESSARON CHRONON;So;0;L;;;;;N;;;;;
+1D08E;BYZANTINE MUSICAL SYMBOL LEIMMA IMISEOS CHRONOU;So;0;L;;;;;N;;;;;
+1D08F;BYZANTINE MUSICAL SYMBOL GORGON NEO ANO;So;0;L;;;;;N;;;;;
+1D090;BYZANTINE MUSICAL SYMBOL GORGON PARESTIGMENON ARISTERA;So;0;L;;;;;N;;;;;
+1D091;BYZANTINE MUSICAL SYMBOL GORGON PARESTIGMENON DEXIA;So;0;L;;;;;N;;;;;
+1D092;BYZANTINE MUSICAL SYMBOL DIGORGON;So;0;L;;;;;N;;;;;
+1D093;BYZANTINE MUSICAL SYMBOL DIGORGON PARESTIGMENON ARISTERA KATO;So;0;L;;;;;N;;;;;
+1D094;BYZANTINE MUSICAL SYMBOL DIGORGON PARESTIGMENON ARISTERA ANO;So;0;L;;;;;N;;;;;
+1D095;BYZANTINE MUSICAL SYMBOL DIGORGON PARESTIGMENON DEXIA;So;0;L;;;;;N;;;;;
+1D096;BYZANTINE MUSICAL SYMBOL TRIGORGON;So;0;L;;;;;N;;;;;
+1D097;BYZANTINE MUSICAL SYMBOL ARGON;So;0;L;;;;;N;;;;;
+1D098;BYZANTINE MUSICAL SYMBOL IMIDIARGON;So;0;L;;;;;N;;;;;
+1D099;BYZANTINE MUSICAL SYMBOL DIARGON;So;0;L;;;;;N;;;;;
+1D09A;BYZANTINE MUSICAL SYMBOL AGOGI POLI ARGI;So;0;L;;;;;N;;;;;
+1D09B;BYZANTINE MUSICAL SYMBOL AGOGI ARGOTERI;So;0;L;;;;;N;;;;;
+1D09C;BYZANTINE MUSICAL SYMBOL AGOGI ARGI;So;0;L;;;;;N;;;;;
+1D09D;BYZANTINE MUSICAL SYMBOL AGOGI METRIA;So;0;L;;;;;N;;;;;
+1D09E;BYZANTINE MUSICAL SYMBOL AGOGI MESI;So;0;L;;;;;N;;;;;
+1D09F;BYZANTINE MUSICAL SYMBOL AGOGI GORGI;So;0;L;;;;;N;;;;;
+1D0A0;BYZANTINE MUSICAL SYMBOL AGOGI GORGOTERI;So;0;L;;;;;N;;;;;
+1D0A1;BYZANTINE MUSICAL SYMBOL AGOGI POLI GORGI;So;0;L;;;;;N;;;;;
+1D0A2;BYZANTINE MUSICAL SYMBOL MARTYRIA PROTOS ICHOS;So;0;L;;;;;N;;;;;
+1D0A3;BYZANTINE MUSICAL SYMBOL MARTYRIA ALLI PROTOS ICHOS;So;0;L;;;;;N;;;;;
+1D0A4;BYZANTINE MUSICAL SYMBOL MARTYRIA DEYTEROS ICHOS;So;0;L;;;;;N;;;;;
+1D0A5;BYZANTINE MUSICAL SYMBOL MARTYRIA ALLI DEYTEROS ICHOS;So;0;L;;;;;N;;;;;
+1D0A6;BYZANTINE MUSICAL SYMBOL MARTYRIA TRITOS ICHOS;So;0;L;;;;;N;;;;;
+1D0A7;BYZANTINE MUSICAL SYMBOL MARTYRIA TRIFONIAS;So;0;L;;;;;N;;;;;
+1D0A8;BYZANTINE MUSICAL SYMBOL MARTYRIA TETARTOS ICHOS;So;0;L;;;;;N;;;;;
+1D0A9;BYZANTINE MUSICAL SYMBOL MARTYRIA TETARTOS LEGETOS ICHOS;So;0;L;;;;;N;;;;;
+1D0AA;BYZANTINE MUSICAL SYMBOL MARTYRIA LEGETOS ICHOS;So;0;L;;;;;N;;;;;
+1D0AB;BYZANTINE MUSICAL SYMBOL MARTYRIA PLAGIOS ICHOS;So;0;L;;;;;N;;;;;
+1D0AC;BYZANTINE MUSICAL SYMBOL ISAKIA TELOUS ICHIMATOS;So;0;L;;;;;N;;;;;
+1D0AD;BYZANTINE MUSICAL SYMBOL APOSTROFOI TELOUS ICHIMATOS;So;0;L;;;;;N;;;;;
+1D0AE;BYZANTINE MUSICAL SYMBOL FANEROSIS TETRAFONIAS;So;0;L;;;;;N;;;;;
+1D0AF;BYZANTINE MUSICAL SYMBOL FANEROSIS MONOFONIAS;So;0;L;;;;;N;;;;;
+1D0B0;BYZANTINE MUSICAL SYMBOL FANEROSIS DIFONIAS;So;0;L;;;;;N;;;;;
+1D0B1;BYZANTINE MUSICAL SYMBOL MARTYRIA VARYS ICHOS;So;0;L;;;;;N;;;;;
+1D0B2;BYZANTINE MUSICAL SYMBOL MARTYRIA PROTOVARYS ICHOS;So;0;L;;;;;N;;;;;
+1D0B3;BYZANTINE MUSICAL SYMBOL MARTYRIA PLAGIOS TETARTOS ICHOS;So;0;L;;;;;N;;;;;
+1D0B4;BYZANTINE MUSICAL SYMBOL GORTHMIKON N APLOUN;So;0;L;;;;;N;;;;;
+1D0B5;BYZANTINE MUSICAL SYMBOL GORTHMIKON N DIPLOUN;So;0;L;;;;;N;;;;;
+1D0B6;BYZANTINE MUSICAL SYMBOL ENARXIS KAI FTHORA VOU;So;0;L;;;;;N;;;;;
+1D0B7;BYZANTINE MUSICAL SYMBOL IMIFONON;So;0;L;;;;;N;;;;;
+1D0B8;BYZANTINE MUSICAL SYMBOL IMIFTHORON;So;0;L;;;;;N;;;;;
+1D0B9;BYZANTINE MUSICAL SYMBOL FTHORA ARCHAION DEYTEROU ICHOU;So;0;L;;;;;N;;;;;
+1D0BA;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI PA;So;0;L;;;;;N;;;;;
+1D0BB;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI NANA;So;0;L;;;;;N;;;;;
+1D0BC;BYZANTINE MUSICAL SYMBOL FTHORA NAOS ICHOS;So;0;L;;;;;N;;;;;
+1D0BD;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI DI;So;0;L;;;;;N;;;;;
+1D0BE;BYZANTINE MUSICAL SYMBOL FTHORA SKLIRON DIATONON DI;So;0;L;;;;;N;;;;;
+1D0BF;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI KE;So;0;L;;;;;N;;;;;
+1D0C0;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI ZO;So;0;L;;;;;N;;;;;
+1D0C1;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI NI KATO;So;0;L;;;;;N;;;;;
+1D0C2;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI NI ANO;So;0;L;;;;;N;;;;;
+1D0C3;BYZANTINE MUSICAL SYMBOL FTHORA MALAKON CHROMA DIFONIAS;So;0;L;;;;;N;;;;;
+1D0C4;BYZANTINE MUSICAL SYMBOL FTHORA MALAKON CHROMA MONOFONIAS;So;0;L;;;;;N;;;;;
+1D0C5;BYZANTINE MUSICAL SYMBOL FHTORA SKLIRON CHROMA VASIS;So;0;L;;;;;N;;;;;
+1D0C6;BYZANTINE MUSICAL SYMBOL FTHORA SKLIRON CHROMA SYNAFI;So;0;L;;;;;N;;;;;
+1D0C7;BYZANTINE MUSICAL SYMBOL FTHORA NENANO;So;0;L;;;;;N;;;;;
+1D0C8;BYZANTINE MUSICAL SYMBOL CHROA ZYGOS;So;0;L;;;;;N;;;;;
+1D0C9;BYZANTINE MUSICAL SYMBOL CHROA KLITON;So;0;L;;;;;N;;;;;
+1D0CA;BYZANTINE MUSICAL SYMBOL CHROA SPATHI;So;0;L;;;;;N;;;;;
+1D0CB;BYZANTINE MUSICAL SYMBOL FTHORA I YFESIS TETARTIMORION;So;0;L;;;;;N;;;;;
+1D0CC;BYZANTINE MUSICAL SYMBOL FTHORA ENARMONIOS ANTIFONIA;So;0;L;;;;;N;;;;;
+1D0CD;BYZANTINE MUSICAL SYMBOL YFESIS TRITIMORION;So;0;L;;;;;N;;;;;
+1D0CE;BYZANTINE MUSICAL SYMBOL DIESIS TRITIMORION;So;0;L;;;;;N;;;;;
+1D0CF;BYZANTINE MUSICAL SYMBOL DIESIS TETARTIMORION;So;0;L;;;;;N;;;;;
+1D0D0;BYZANTINE MUSICAL SYMBOL DIESIS APLI DYO DODEKATA;So;0;L;;;;;N;;;;;
+1D0D1;BYZANTINE MUSICAL SYMBOL DIESIS MONOGRAMMOS TESSERA DODEKATA;So;0;L;;;;;N;;;;;
+1D0D2;BYZANTINE MUSICAL SYMBOL DIESIS DIGRAMMOS EX DODEKATA;So;0;L;;;;;N;;;;;
+1D0D3;BYZANTINE MUSICAL SYMBOL DIESIS TRIGRAMMOS OKTO DODEKATA;So;0;L;;;;;N;;;;;
+1D0D4;BYZANTINE MUSICAL SYMBOL YFESIS APLI DYO DODEKATA;So;0;L;;;;;N;;;;;
+1D0D5;BYZANTINE MUSICAL SYMBOL YFESIS MONOGRAMMOS TESSERA DODEKATA;So;0;L;;;;;N;;;;;
+1D0D6;BYZANTINE MUSICAL SYMBOL YFESIS DIGRAMMOS EX DODEKATA;So;0;L;;;;;N;;;;;
+1D0D7;BYZANTINE MUSICAL SYMBOL YFESIS TRIGRAMMOS OKTO DODEKATA;So;0;L;;;;;N;;;;;
+1D0D8;BYZANTINE MUSICAL SYMBOL GENIKI DIESIS;So;0;L;;;;;N;;;;;
+1D0D9;BYZANTINE MUSICAL SYMBOL GENIKI YFESIS;So;0;L;;;;;N;;;;;
+1D0DA;BYZANTINE MUSICAL SYMBOL DIASTOLI APLI MIKRI;So;0;L;;;;;N;;;;;
+1D0DB;BYZANTINE MUSICAL SYMBOL DIASTOLI APLI MEGALI;So;0;L;;;;;N;;;;;
+1D0DC;BYZANTINE MUSICAL SYMBOL DIASTOLI DIPLI;So;0;L;;;;;N;;;;;
+1D0DD;BYZANTINE MUSICAL SYMBOL DIASTOLI THESEOS;So;0;L;;;;;N;;;;;
+1D0DE;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS;So;0;L;;;;;N;;;;;
+1D0DF;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS DISIMOU;So;0;L;;;;;N;;;;;
+1D0E0;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS TRISIMOU;So;0;L;;;;;N;;;;;
+1D0E1;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS TETRASIMOU;So;0;L;;;;;N;;;;;
+1D0E2;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS;So;0;L;;;;;N;;;;;
+1D0E3;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS DISIMOU;So;0;L;;;;;N;;;;;
+1D0E4;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS TRISIMOU;So;0;L;;;;;N;;;;;
+1D0E5;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS TETRASIMOU;So;0;L;;;;;N;;;;;
+1D0E6;BYZANTINE MUSICAL SYMBOL DIGRAMMA GG;So;0;L;;;;;N;;;;;
+1D0E7;BYZANTINE MUSICAL SYMBOL DIFTOGGOS OU;So;0;L;;;;;N;;;;;
+1D0E8;BYZANTINE MUSICAL SYMBOL STIGMA;So;0;L;;;;;N;;;;;
+1D0E9;BYZANTINE MUSICAL SYMBOL ARKTIKO PA;So;0;L;;;;;N;;;;;
+1D0EA;BYZANTINE MUSICAL SYMBOL ARKTIKO VOU;So;0;L;;;;;N;;;;;
+1D0EB;BYZANTINE MUSICAL SYMBOL ARKTIKO GA;So;0;L;;;;;N;;;;;
+1D0EC;BYZANTINE MUSICAL SYMBOL ARKTIKO DI;So;0;L;;;;;N;;;;;
+1D0ED;BYZANTINE MUSICAL SYMBOL ARKTIKO KE;So;0;L;;;;;N;;;;;
+1D0EE;BYZANTINE MUSICAL SYMBOL ARKTIKO ZO;So;0;L;;;;;N;;;;;
+1D0EF;BYZANTINE MUSICAL SYMBOL ARKTIKO NI;So;0;L;;;;;N;;;;;
+1D0F0;BYZANTINE MUSICAL SYMBOL KENTIMATA NEO MESO;So;0;L;;;;;N;;;;;
+1D0F1;BYZANTINE MUSICAL SYMBOL KENTIMA NEO MESO;So;0;L;;;;;N;;;;;
+1D0F2;BYZANTINE MUSICAL SYMBOL KENTIMATA NEO KATO;So;0;L;;;;;N;;;;;
+1D0F3;BYZANTINE MUSICAL SYMBOL KENTIMA NEO KATO;So;0;L;;;;;N;;;;;
+1D0F4;BYZANTINE MUSICAL SYMBOL KLASMA KATO;So;0;L;;;;;N;;;;;
+1D0F5;BYZANTINE MUSICAL SYMBOL GORGON NEO KATO;So;0;L;;;;;N;;;;;
+1D100;MUSICAL SYMBOL SINGLE BARLINE;So;0;L;;;;;N;;;;;
+1D101;MUSICAL SYMBOL DOUBLE BARLINE;So;0;L;;;;;N;;;;;
+1D102;MUSICAL SYMBOL FINAL BARLINE;So;0;L;;;;;N;;;;;
+1D103;MUSICAL SYMBOL REVERSE FINAL BARLINE;So;0;L;;;;;N;;;;;
+1D104;MUSICAL SYMBOL DASHED BARLINE;So;0;L;;;;;N;;;;;
+1D105;MUSICAL SYMBOL SHORT BARLINE;So;0;L;;;;;N;;;;;
+1D106;MUSICAL SYMBOL LEFT REPEAT SIGN;So;0;L;;;;;N;;;;;
+1D107;MUSICAL SYMBOL RIGHT REPEAT SIGN;So;0;L;;;;;N;;;;;
+1D108;MUSICAL SYMBOL REPEAT DOTS;So;0;L;;;;;N;;;;;
+1D109;MUSICAL SYMBOL DAL SEGNO;So;0;L;;;;;N;;;;;
+1D10A;MUSICAL SYMBOL DA CAPO;So;0;L;;;;;N;;;;;
+1D10B;MUSICAL SYMBOL SEGNO;So;0;L;;;;;N;;;;;
+1D10C;MUSICAL SYMBOL CODA;So;0;L;;;;;N;;;;;
+1D10D;MUSICAL SYMBOL REPEATED FIGURE-1;So;0;L;;;;;N;;;;;
+1D10E;MUSICAL SYMBOL REPEATED FIGURE-2;So;0;L;;;;;N;;;;;
+1D10F;MUSICAL SYMBOL REPEATED FIGURE-3;So;0;L;;;;;N;;;;;
+1D110;MUSICAL SYMBOL FERMATA;So;0;L;;;;;N;;;;;
+1D111;MUSICAL SYMBOL FERMATA BELOW;So;0;L;;;;;N;;;;;
+1D112;MUSICAL SYMBOL BREATH MARK;So;0;L;;;;;N;;;;;
+1D113;MUSICAL SYMBOL CAESURA;So;0;L;;;;;N;;;;;
+1D114;MUSICAL SYMBOL BRACE;So;0;L;;;;;N;;;;;
+1D115;MUSICAL SYMBOL BRACKET;So;0;L;;;;;N;;;;;
+1D116;MUSICAL SYMBOL ONE-LINE STAFF;So;0;L;;;;;N;;;;;
+1D117;MUSICAL SYMBOL TWO-LINE STAFF;So;0;L;;;;;N;;;;;
+1D118;MUSICAL SYMBOL THREE-LINE STAFF;So;0;L;;;;;N;;;;;
+1D119;MUSICAL SYMBOL FOUR-LINE STAFF;So;0;L;;;;;N;;;;;
+1D11A;MUSICAL SYMBOL FIVE-LINE STAFF;So;0;L;;;;;N;;;;;
+1D11B;MUSICAL SYMBOL SIX-LINE STAFF;So;0;L;;;;;N;;;;;
+1D11C;MUSICAL SYMBOL SIX-STRING FRETBOARD;So;0;L;;;;;N;;;;;
+1D11D;MUSICAL SYMBOL FOUR-STRING FRETBOARD;So;0;L;;;;;N;;;;;
+1D11E;MUSICAL SYMBOL G CLEF;So;0;L;;;;;N;;;;;
+1D11F;MUSICAL SYMBOL G CLEF OTTAVA ALTA;So;0;L;;;;;N;;;;;
+1D120;MUSICAL SYMBOL G CLEF OTTAVA BASSA;So;0;L;;;;;N;;;;;
+1D121;MUSICAL SYMBOL C CLEF;So;0;L;;;;;N;;;;;
+1D122;MUSICAL SYMBOL F CLEF;So;0;L;;;;;N;;;;;
+1D123;MUSICAL SYMBOL F CLEF OTTAVA ALTA;So;0;L;;;;;N;;;;;
+1D124;MUSICAL SYMBOL F CLEF OTTAVA BASSA;So;0;L;;;;;N;;;;;
+1D125;MUSICAL SYMBOL DRUM CLEF-1;So;0;L;;;;;N;;;;;
+1D126;MUSICAL SYMBOL DRUM CLEF-2;So;0;L;;;;;N;;;;;
+1D12A;MUSICAL SYMBOL DOUBLE SHARP;So;0;L;;;;;N;;;;;
+1D12B;MUSICAL SYMBOL DOUBLE FLAT;So;0;L;;;;;N;;;;;
+1D12C;MUSICAL SYMBOL FLAT UP;So;0;L;;;;;N;;;;;
+1D12D;MUSICAL SYMBOL FLAT DOWN;So;0;L;;;;;N;;;;;
+1D12E;MUSICAL SYMBOL NATURAL UP;So;0;L;;;;;N;;;;;
+1D12F;MUSICAL SYMBOL NATURAL DOWN;So;0;L;;;;;N;;;;;
+1D130;MUSICAL SYMBOL SHARP UP;So;0;L;;;;;N;;;;;
+1D131;MUSICAL SYMBOL SHARP DOWN;So;0;L;;;;;N;;;;;
+1D132;MUSICAL SYMBOL QUARTER TONE SHARP;So;0;L;;;;;N;;;;;
+1D133;MUSICAL SYMBOL QUARTER TONE FLAT;So;0;L;;;;;N;;;;;
+1D134;MUSICAL SYMBOL COMMON TIME;So;0;L;;;;;N;;;;;
+1D135;MUSICAL SYMBOL CUT TIME;So;0;L;;;;;N;;;;;
+1D136;MUSICAL SYMBOL OTTAVA ALTA;So;0;L;;;;;N;;;;;
+1D137;MUSICAL SYMBOL OTTAVA BASSA;So;0;L;;;;;N;;;;;
+1D138;MUSICAL SYMBOL QUINDICESIMA ALTA;So;0;L;;;;;N;;;;;
+1D139;MUSICAL SYMBOL QUINDICESIMA BASSA;So;0;L;;;;;N;;;;;
+1D13A;MUSICAL SYMBOL MULTI REST;So;0;L;;;;;N;;;;;
+1D13B;MUSICAL SYMBOL WHOLE REST;So;0;L;;;;;N;;;;;
+1D13C;MUSICAL SYMBOL HALF REST;So;0;L;;;;;N;;;;;
+1D13D;MUSICAL SYMBOL QUARTER REST;So;0;L;;;;;N;;;;;
+1D13E;MUSICAL SYMBOL EIGHTH REST;So;0;L;;;;;N;;;;;
+1D13F;MUSICAL SYMBOL SIXTEENTH REST;So;0;L;;;;;N;;;;;
+1D140;MUSICAL SYMBOL THIRTY-SECOND REST;So;0;L;;;;;N;;;;;
+1D141;MUSICAL SYMBOL SIXTY-FOURTH REST;So;0;L;;;;;N;;;;;
+1D142;MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH REST;So;0;L;;;;;N;;;;;
+1D143;MUSICAL SYMBOL X NOTEHEAD;So;0;L;;;;;N;;;;;
+1D144;MUSICAL SYMBOL PLUS NOTEHEAD;So;0;L;;;;;N;;;;;
+1D145;MUSICAL SYMBOL CIRCLE X NOTEHEAD;So;0;L;;;;;N;;;;;
+1D146;MUSICAL SYMBOL SQUARE NOTEHEAD WHITE;So;0;L;;;;;N;;;;;
+1D147;MUSICAL SYMBOL SQUARE NOTEHEAD BLACK;So;0;L;;;;;N;;;;;
+1D148;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP WHITE;So;0;L;;;;;N;;;;;
+1D149;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP BLACK;So;0;L;;;;;N;;;;;
+1D14A;MUSICAL SYMBOL TRIANGLE NOTEHEAD LEFT WHITE;So;0;L;;;;;N;;;;;
+1D14B;MUSICAL SYMBOL TRIANGLE NOTEHEAD LEFT BLACK;So;0;L;;;;;N;;;;;
+1D14C;MUSICAL SYMBOL TRIANGLE NOTEHEAD RIGHT WHITE;So;0;L;;;;;N;;;;;
+1D14D;MUSICAL SYMBOL TRIANGLE NOTEHEAD RIGHT BLACK;So;0;L;;;;;N;;;;;
+1D14E;MUSICAL SYMBOL TRIANGLE NOTEHEAD DOWN WHITE;So;0;L;;;;;N;;;;;
+1D14F;MUSICAL SYMBOL TRIANGLE NOTEHEAD DOWN BLACK;So;0;L;;;;;N;;;;;
+1D150;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP RIGHT WHITE;So;0;L;;;;;N;;;;;
+1D151;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP RIGHT BLACK;So;0;L;;;;;N;;;;;
+1D152;MUSICAL SYMBOL MOON NOTEHEAD WHITE;So;0;L;;;;;N;;;;;
+1D153;MUSICAL SYMBOL MOON NOTEHEAD BLACK;So;0;L;;;;;N;;;;;
+1D154;MUSICAL SYMBOL TRIANGLE-ROUND NOTEHEAD DOWN WHITE;So;0;L;;;;;N;;;;;
+1D155;MUSICAL SYMBOL TRIANGLE-ROUND NOTEHEAD DOWN BLACK;So;0;L;;;;;N;;;;;
+1D156;MUSICAL SYMBOL PARENTHESIS NOTEHEAD;So;0;L;;;;;N;;;;;
+1D157;MUSICAL SYMBOL VOID NOTEHEAD;So;0;L;;;;;N;;;;;
+1D158;MUSICAL SYMBOL NOTEHEAD BLACK;So;0;L;;;;;N;;;;;
+1D159;MUSICAL SYMBOL NULL NOTEHEAD;So;0;L;;;;;N;;;;;
+1D15A;MUSICAL SYMBOL CLUSTER NOTEHEAD WHITE;So;0;L;;;;;N;;;;;
+1D15B;MUSICAL SYMBOL CLUSTER NOTEHEAD BLACK;So;0;L;;;;;N;;;;;
+1D15C;MUSICAL SYMBOL BREVE;So;0;L;;;;;N;;;;;
+1D15D;MUSICAL SYMBOL WHOLE NOTE;So;0;L;;;;;N;;;;;
+1D15E;MUSICAL SYMBOL HALF NOTE;So;0;L;1D157 1D165;;;;N;;;;;
+1D15F;MUSICAL SYMBOL QUARTER NOTE;So;0;L;1D158 1D165;;;;N;;;;;
+1D160;MUSICAL SYMBOL EIGHTH NOTE;So;0;L;1D15F 1D16E;;;;N;;;;;
+1D161;MUSICAL SYMBOL SIXTEENTH NOTE;So;0;L;1D15F 1D16F;;;;N;;;;;
+1D162;MUSICAL SYMBOL THIRTY-SECOND NOTE;So;0;L;1D15F 1D170;;;;N;;;;;
+1D163;MUSICAL SYMBOL SIXTY-FOURTH NOTE;So;0;L;1D15F 1D171;;;;N;;;;;
+1D164;MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE;So;0;L;1D15F 1D172;;;;N;;;;;
+1D165;MUSICAL SYMBOL COMBINING STEM;Mc;216;L;;;;;N;;;;;
+1D166;MUSICAL SYMBOL COMBINING SPRECHGESANG STEM;Mc;216;L;;;;;N;;;;;
+1D167;MUSICAL SYMBOL COMBINING TREMOLO-1;Mn;1;NSM;;;;;N;;;;;
+1D168;MUSICAL SYMBOL COMBINING TREMOLO-2;Mn;1;NSM;;;;;N;;;;;
+1D169;MUSICAL SYMBOL COMBINING TREMOLO-3;Mn;1;NSM;;;;;N;;;;;
+1D16A;MUSICAL SYMBOL FINGERED TREMOLO-1;So;0;L;;;;;N;;;;;
+1D16B;MUSICAL SYMBOL FINGERED TREMOLO-2;So;0;L;;;;;N;;;;;
+1D16C;MUSICAL SYMBOL FINGERED TREMOLO-3;So;0;L;;;;;N;;;;;
+1D16D;MUSICAL SYMBOL COMBINING AUGMENTATION DOT;Mc;226;L;;;;;N;;;;;
+1D16E;MUSICAL SYMBOL COMBINING FLAG-1;Mc;216;L;;;;;N;;;;;
+1D16F;MUSICAL SYMBOL COMBINING FLAG-2;Mc;216;L;;;;;N;;;;;
+1D170;MUSICAL SYMBOL COMBINING FLAG-3;Mc;216;L;;;;;N;;;;;
+1D171;MUSICAL SYMBOL COMBINING FLAG-4;Mc;216;L;;;;;N;;;;;
+1D172;MUSICAL SYMBOL COMBINING FLAG-5;Mc;216;L;;;;;N;;;;;
+1D173;MUSICAL SYMBOL BEGIN BEAM;Cf;0;BN;;;;;N;;;;;
+1D174;MUSICAL SYMBOL END BEAM;Cf;0;BN;;;;;N;;;;;
+1D175;MUSICAL SYMBOL BEGIN TIE;Cf;0;BN;;;;;N;;;;;
+1D176;MUSICAL SYMBOL END TIE;Cf;0;BN;;;;;N;;;;;
+1D177;MUSICAL SYMBOL BEGIN SLUR;Cf;0;BN;;;;;N;;;;;
+1D178;MUSICAL SYMBOL END SLUR;Cf;0;BN;;;;;N;;;;;
+1D179;MUSICAL SYMBOL BEGIN PHRASE;Cf;0;BN;;;;;N;;;;;
+1D17A;MUSICAL SYMBOL END PHRASE;Cf;0;BN;;;;;N;;;;;
+1D17B;MUSICAL SYMBOL COMBINING ACCENT;Mn;220;NSM;;;;;N;;;;;
+1D17C;MUSICAL SYMBOL COMBINING STACCATO;Mn;220;NSM;;;;;N;;;;;
+1D17D;MUSICAL SYMBOL COMBINING TENUTO;Mn;220;NSM;;;;;N;;;;;
+1D17E;MUSICAL SYMBOL COMBINING STACCATISSIMO;Mn;220;NSM;;;;;N;;;;;
+1D17F;MUSICAL SYMBOL COMBINING MARCATO;Mn;220;NSM;;;;;N;;;;;
+1D180;MUSICAL SYMBOL COMBINING MARCATO-STACCATO;Mn;220;NSM;;;;;N;;;;;
+1D181;MUSICAL SYMBOL COMBINING ACCENT-STACCATO;Mn;220;NSM;;;;;N;;;;;
+1D182;MUSICAL SYMBOL COMBINING LOURE;Mn;220;NSM;;;;;N;;;;;
+1D183;MUSICAL SYMBOL ARPEGGIATO UP;So;0;L;;;;;N;;;;;
+1D184;MUSICAL SYMBOL ARPEGGIATO DOWN;So;0;L;;;;;N;;;;;
+1D185;MUSICAL SYMBOL COMBINING DOIT;Mn;230;NSM;;;;;N;;;;;
+1D186;MUSICAL SYMBOL COMBINING RIP;Mn;230;NSM;;;;;N;;;;;
+1D187;MUSICAL SYMBOL COMBINING FLIP;Mn;230;NSM;;;;;N;;;;;
+1D188;MUSICAL SYMBOL COMBINING SMEAR;Mn;230;NSM;;;;;N;;;;;
+1D189;MUSICAL SYMBOL COMBINING BEND;Mn;230;NSM;;;;;N;;;;;
+1D18A;MUSICAL SYMBOL COMBINING DOUBLE TONGUE;Mn;220;NSM;;;;;N;;;;;
+1D18B;MUSICAL SYMBOL COMBINING TRIPLE TONGUE;Mn;220;NSM;;;;;N;;;;;
+1D18C;MUSICAL SYMBOL RINFORZANDO;So;0;L;;;;;N;;;;;
+1D18D;MUSICAL SYMBOL SUBITO;So;0;L;;;;;N;;;;;
+1D18E;MUSICAL SYMBOL Z;So;0;L;;;;;N;;;;;
+1D18F;MUSICAL SYMBOL PIANO;So;0;L;;;;;N;;;;;
+1D190;MUSICAL SYMBOL MEZZO;So;0;L;;;;;N;;;;;
+1D191;MUSICAL SYMBOL FORTE;So;0;L;;;;;N;;;;;
+1D192;MUSICAL SYMBOL CRESCENDO;So;0;L;;;;;N;;;;;
+1D193;MUSICAL SYMBOL DECRESCENDO;So;0;L;;;;;N;;;;;
+1D194;MUSICAL SYMBOL GRACE NOTE SLASH;So;0;L;;;;;N;;;;;
+1D195;MUSICAL SYMBOL GRACE NOTE NO SLASH;So;0;L;;;;;N;;;;;
+1D196;MUSICAL SYMBOL TR;So;0;L;;;;;N;;;;;
+1D197;MUSICAL SYMBOL TURN;So;0;L;;;;;N;;;;;
+1D198;MUSICAL SYMBOL INVERTED TURN;So;0;L;;;;;N;;;;;
+1D199;MUSICAL SYMBOL TURN SLASH;So;0;L;;;;;N;;;;;
+1D19A;MUSICAL SYMBOL TURN UP;So;0;L;;;;;N;;;;;
+1D19B;MUSICAL SYMBOL ORNAMENT STROKE-1;So;0;L;;;;;N;;;;;
+1D19C;MUSICAL SYMBOL ORNAMENT STROKE-2;So;0;L;;;;;N;;;;;
+1D19D;MUSICAL SYMBOL ORNAMENT STROKE-3;So;0;L;;;;;N;;;;;
+1D19E;MUSICAL SYMBOL ORNAMENT STROKE-4;So;0;L;;;;;N;;;;;
+1D19F;MUSICAL SYMBOL ORNAMENT STROKE-5;So;0;L;;;;;N;;;;;
+1D1A0;MUSICAL SYMBOL ORNAMENT STROKE-6;So;0;L;;;;;N;;;;;
+1D1A1;MUSICAL SYMBOL ORNAMENT STROKE-7;So;0;L;;;;;N;;;;;
+1D1A2;MUSICAL SYMBOL ORNAMENT STROKE-8;So;0;L;;;;;N;;;;;
+1D1A3;MUSICAL SYMBOL ORNAMENT STROKE-9;So;0;L;;;;;N;;;;;
+1D1A4;MUSICAL SYMBOL ORNAMENT STROKE-10;So;0;L;;;;;N;;;;;
+1D1A5;MUSICAL SYMBOL ORNAMENT STROKE-11;So;0;L;;;;;N;;;;;
+1D1A6;MUSICAL SYMBOL HAUPTSTIMME;So;0;L;;;;;N;;;;;
+1D1A7;MUSICAL SYMBOL NEBENSTIMME;So;0;L;;;;;N;;;;;
+1D1A8;MUSICAL SYMBOL END OF STIMME;So;0;L;;;;;N;;;;;
+1D1A9;MUSICAL SYMBOL DEGREE SLASH;So;0;L;;;;;N;;;;;
+1D1AA;MUSICAL SYMBOL COMBINING DOWN BOW;Mn;230;NSM;;;;;N;;;;;
+1D1AB;MUSICAL SYMBOL COMBINING UP BOW;Mn;230;NSM;;;;;N;;;;;
+1D1AC;MUSICAL SYMBOL COMBINING HARMONIC;Mn;230;NSM;;;;;N;;;;;
+1D1AD;MUSICAL SYMBOL COMBINING SNAP PIZZICATO;Mn;230;NSM;;;;;N;;;;;
+1D1AE;MUSICAL SYMBOL PEDAL MARK;So;0;L;;;;;N;;;;;
+1D1AF;MUSICAL SYMBOL PEDAL UP MARK;So;0;L;;;;;N;;;;;
+1D1B0;MUSICAL SYMBOL HALF PEDAL MARK;So;0;L;;;;;N;;;;;
+1D1B1;MUSICAL SYMBOL GLISSANDO UP;So;0;L;;;;;N;;;;;
+1D1B2;MUSICAL SYMBOL GLISSANDO DOWN;So;0;L;;;;;N;;;;;
+1D1B3;MUSICAL SYMBOL WITH FINGERNAILS;So;0;L;;;;;N;;;;;
+1D1B4;MUSICAL SYMBOL DAMP;So;0;L;;;;;N;;;;;
+1D1B5;MUSICAL SYMBOL DAMP ALL;So;0;L;;;;;N;;;;;
+1D1B6;MUSICAL SYMBOL MAXIMA;So;0;L;;;;;N;;;;;
+1D1B7;MUSICAL SYMBOL LONGA;So;0;L;;;;;N;;;;;
+1D1B8;MUSICAL SYMBOL BREVIS;So;0;L;;;;;N;;;;;
+1D1B9;MUSICAL SYMBOL SEMIBREVIS WHITE;So;0;L;;;;;N;;;;;
+1D1BA;MUSICAL SYMBOL SEMIBREVIS BLACK;So;0;L;;;;;N;;;;;
+1D1BB;MUSICAL SYMBOL MINIMA;So;0;L;1D1B9 1D165;;;;N;;;;;
+1D1BC;MUSICAL SYMBOL MINIMA BLACK;So;0;L;1D1BA 1D165;;;;N;;;;;
+1D1BD;MUSICAL SYMBOL SEMIMINIMA WHITE;So;0;L;1D1BB 1D16E;;;;N;;;;;
+1D1BE;MUSICAL SYMBOL SEMIMINIMA BLACK;So;0;L;1D1BC 1D16E;;;;N;;;;;
+1D1BF;MUSICAL SYMBOL FUSA WHITE;So;0;L;1D1BB 1D16F;;;;N;;;;;
+1D1C0;MUSICAL SYMBOL FUSA BLACK;So;0;L;1D1BC 1D16F;;;;N;;;;;
+1D1C1;MUSICAL SYMBOL LONGA PERFECTA REST;So;0;L;;;;;N;;;;;
+1D1C2;MUSICAL SYMBOL LONGA IMPERFECTA REST;So;0;L;;;;;N;;;;;
+1D1C3;MUSICAL SYMBOL BREVIS REST;So;0;L;;;;;N;;;;;
+1D1C4;MUSICAL SYMBOL SEMIBREVIS REST;So;0;L;;;;;N;;;;;
+1D1C5;MUSICAL SYMBOL MINIMA REST;So;0;L;;;;;N;;;;;
+1D1C6;MUSICAL SYMBOL SEMIMINIMA REST;So;0;L;;;;;N;;;;;
+1D1C7;MUSICAL SYMBOL TEMPUS PERFECTUM CUM PROLATIONE PERFECTA;So;0;L;;;;;N;;;;;
+1D1C8;MUSICAL SYMBOL TEMPUS PERFECTUM CUM PROLATIONE IMPERFECTA;So;0;L;;;;;N;;;;;
+1D1C9;MUSICAL SYMBOL TEMPUS PERFECTUM CUM PROLATIONE PERFECTA DIMINUTION-1;So;0;L;;;;;N;;;;;
+1D1CA;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE PERFECTA;So;0;L;;;;;N;;;;;
+1D1CB;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA;So;0;L;;;;;N;;;;;
+1D1CC;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA DIMINUTION-1;So;0;L;;;;;N;;;;;
+1D1CD;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA DIMINUTION-2;So;0;L;;;;;N;;;;;
+1D1CE;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA DIMINUTION-3;So;0;L;;;;;N;;;;;
+1D1CF;MUSICAL SYMBOL CROIX;So;0;L;;;;;N;;;;;
+1D1D0;MUSICAL SYMBOL GREGORIAN C CLEF;So;0;L;;;;;N;;;;;
+1D1D1;MUSICAL SYMBOL GREGORIAN F CLEF;So;0;L;;;;;N;;;;;
+1D1D2;MUSICAL SYMBOL SQUARE B;So;0;L;;;;;N;;;;;
+1D1D3;MUSICAL SYMBOL VIRGA;So;0;L;;;;;N;;;;;
+1D1D4;MUSICAL SYMBOL PODATUS;So;0;L;;;;;N;;;;;
+1D1D5;MUSICAL SYMBOL CLIVIS;So;0;L;;;;;N;;;;;
+1D1D6;MUSICAL SYMBOL SCANDICUS;So;0;L;;;;;N;;;;;
+1D1D7;MUSICAL SYMBOL CLIMACUS;So;0;L;;;;;N;;;;;
+1D1D8;MUSICAL SYMBOL TORCULUS;So;0;L;;;;;N;;;;;
+1D1D9;MUSICAL SYMBOL PORRECTUS;So;0;L;;;;;N;;;;;
+1D1DA;MUSICAL SYMBOL PORRECTUS FLEXUS;So;0;L;;;;;N;;;;;
+1D1DB;MUSICAL SYMBOL SCANDICUS FLEXUS;So;0;L;;;;;N;;;;;
+1D1DC;MUSICAL SYMBOL TORCULUS RESUPINUS;So;0;L;;;;;N;;;;;
+1D1DD;MUSICAL SYMBOL PES SUBPUNCTIS;So;0;L;;;;;N;;;;;
+1D400;MATHEMATICAL BOLD CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D401;MATHEMATICAL BOLD CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D402;MATHEMATICAL BOLD CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D403;MATHEMATICAL BOLD CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D404;MATHEMATICAL BOLD CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D405;MATHEMATICAL BOLD CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D406;MATHEMATICAL BOLD CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D407;MATHEMATICAL BOLD CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D408;MATHEMATICAL BOLD CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D409;MATHEMATICAL BOLD CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D40A;MATHEMATICAL BOLD CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D40B;MATHEMATICAL BOLD CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D40C;MATHEMATICAL BOLD CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D40D;MATHEMATICAL BOLD CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D40E;MATHEMATICAL BOLD CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D40F;MATHEMATICAL BOLD CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D410;MATHEMATICAL BOLD CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D411;MATHEMATICAL BOLD CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D412;MATHEMATICAL BOLD CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D413;MATHEMATICAL BOLD CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D414;MATHEMATICAL BOLD CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D415;MATHEMATICAL BOLD CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D416;MATHEMATICAL BOLD CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D417;MATHEMATICAL BOLD CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D418;MATHEMATICAL BOLD CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D419;MATHEMATICAL BOLD CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D41A;MATHEMATICAL BOLD SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D41B;MATHEMATICAL BOLD SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D41C;MATHEMATICAL BOLD SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D41D;MATHEMATICAL BOLD SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D41E;MATHEMATICAL BOLD SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D41F;MATHEMATICAL BOLD SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D420;MATHEMATICAL BOLD SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D421;MATHEMATICAL BOLD SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D422;MATHEMATICAL BOLD SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D423;MATHEMATICAL BOLD SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D424;MATHEMATICAL BOLD SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D425;MATHEMATICAL BOLD SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D426;MATHEMATICAL BOLD SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D427;MATHEMATICAL BOLD SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D428;MATHEMATICAL BOLD SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D429;MATHEMATICAL BOLD SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D42A;MATHEMATICAL BOLD SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D42B;MATHEMATICAL BOLD SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D42C;MATHEMATICAL BOLD SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D42D;MATHEMATICAL BOLD SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D42E;MATHEMATICAL BOLD SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D42F;MATHEMATICAL BOLD SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D430;MATHEMATICAL BOLD SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D431;MATHEMATICAL BOLD SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D432;MATHEMATICAL BOLD SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D433;MATHEMATICAL BOLD SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D434;MATHEMATICAL ITALIC CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D435;MATHEMATICAL ITALIC CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D436;MATHEMATICAL ITALIC CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D437;MATHEMATICAL ITALIC CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D438;MATHEMATICAL ITALIC CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D439;MATHEMATICAL ITALIC CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D43A;MATHEMATICAL ITALIC CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D43B;MATHEMATICAL ITALIC CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D43C;MATHEMATICAL ITALIC CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D43D;MATHEMATICAL ITALIC CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D43E;MATHEMATICAL ITALIC CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D43F;MATHEMATICAL ITALIC CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D440;MATHEMATICAL ITALIC CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D441;MATHEMATICAL ITALIC CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D442;MATHEMATICAL ITALIC CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D443;MATHEMATICAL ITALIC CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D444;MATHEMATICAL ITALIC CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D445;MATHEMATICAL ITALIC CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D446;MATHEMATICAL ITALIC CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D447;MATHEMATICAL ITALIC CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D448;MATHEMATICAL ITALIC CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D449;MATHEMATICAL ITALIC CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D44A;MATHEMATICAL ITALIC CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D44B;MATHEMATICAL ITALIC CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D44C;MATHEMATICAL ITALIC CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D44D;MATHEMATICAL ITALIC CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D44E;MATHEMATICAL ITALIC SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D44F;MATHEMATICAL ITALIC SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D450;MATHEMATICAL ITALIC SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D451;MATHEMATICAL ITALIC SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D452;MATHEMATICAL ITALIC SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D453;MATHEMATICAL ITALIC SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D454;MATHEMATICAL ITALIC SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D456;MATHEMATICAL ITALIC SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D457;MATHEMATICAL ITALIC SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D458;MATHEMATICAL ITALIC SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D459;MATHEMATICAL ITALIC SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D45A;MATHEMATICAL ITALIC SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D45B;MATHEMATICAL ITALIC SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D45C;MATHEMATICAL ITALIC SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D45D;MATHEMATICAL ITALIC SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D45E;MATHEMATICAL ITALIC SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D45F;MATHEMATICAL ITALIC SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D460;MATHEMATICAL ITALIC SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D461;MATHEMATICAL ITALIC SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D462;MATHEMATICAL ITALIC SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D463;MATHEMATICAL ITALIC SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D464;MATHEMATICAL ITALIC SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D465;MATHEMATICAL ITALIC SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D466;MATHEMATICAL ITALIC SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D467;MATHEMATICAL ITALIC SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D468;MATHEMATICAL BOLD ITALIC CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D469;MATHEMATICAL BOLD ITALIC CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D46A;MATHEMATICAL BOLD ITALIC CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D46B;MATHEMATICAL BOLD ITALIC CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D46C;MATHEMATICAL BOLD ITALIC CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D46D;MATHEMATICAL BOLD ITALIC CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D46E;MATHEMATICAL BOLD ITALIC CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D46F;MATHEMATICAL BOLD ITALIC CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D470;MATHEMATICAL BOLD ITALIC CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D471;MATHEMATICAL BOLD ITALIC CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D472;MATHEMATICAL BOLD ITALIC CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D473;MATHEMATICAL BOLD ITALIC CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D474;MATHEMATICAL BOLD ITALIC CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D475;MATHEMATICAL BOLD ITALIC CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D476;MATHEMATICAL BOLD ITALIC CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D477;MATHEMATICAL BOLD ITALIC CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D478;MATHEMATICAL BOLD ITALIC CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D479;MATHEMATICAL BOLD ITALIC CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D47A;MATHEMATICAL BOLD ITALIC CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D47B;MATHEMATICAL BOLD ITALIC CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D47C;MATHEMATICAL BOLD ITALIC CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D47D;MATHEMATICAL BOLD ITALIC CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D47E;MATHEMATICAL BOLD ITALIC CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D47F;MATHEMATICAL BOLD ITALIC CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D480;MATHEMATICAL BOLD ITALIC CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D481;MATHEMATICAL BOLD ITALIC CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D482;MATHEMATICAL BOLD ITALIC SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D483;MATHEMATICAL BOLD ITALIC SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D484;MATHEMATICAL BOLD ITALIC SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D485;MATHEMATICAL BOLD ITALIC SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D486;MATHEMATICAL BOLD ITALIC SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D487;MATHEMATICAL BOLD ITALIC SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D488;MATHEMATICAL BOLD ITALIC SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D489;MATHEMATICAL BOLD ITALIC SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D48A;MATHEMATICAL BOLD ITALIC SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D48B;MATHEMATICAL BOLD ITALIC SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D48C;MATHEMATICAL BOLD ITALIC SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D48D;MATHEMATICAL BOLD ITALIC SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D48E;MATHEMATICAL BOLD ITALIC SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D48F;MATHEMATICAL BOLD ITALIC SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D490;MATHEMATICAL BOLD ITALIC SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D491;MATHEMATICAL BOLD ITALIC SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D492;MATHEMATICAL BOLD ITALIC SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D493;MATHEMATICAL BOLD ITALIC SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D494;MATHEMATICAL BOLD ITALIC SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D495;MATHEMATICAL BOLD ITALIC SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D496;MATHEMATICAL BOLD ITALIC SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D497;MATHEMATICAL BOLD ITALIC SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D498;MATHEMATICAL BOLD ITALIC SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D499;MATHEMATICAL BOLD ITALIC SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D49A;MATHEMATICAL BOLD ITALIC SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D49B;MATHEMATICAL BOLD ITALIC SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D49C;MATHEMATICAL SCRIPT CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D49E;MATHEMATICAL SCRIPT CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D49F;MATHEMATICAL SCRIPT CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D4A2;MATHEMATICAL SCRIPT CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D4A5;MATHEMATICAL SCRIPT CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D4A6;MATHEMATICAL SCRIPT CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D4A9;MATHEMATICAL SCRIPT CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D4AA;MATHEMATICAL SCRIPT CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D4AB;MATHEMATICAL SCRIPT CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D4AC;MATHEMATICAL SCRIPT CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D4AE;MATHEMATICAL SCRIPT CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D4AF;MATHEMATICAL SCRIPT CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D4B0;MATHEMATICAL SCRIPT CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D4B1;MATHEMATICAL SCRIPT CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D4B2;MATHEMATICAL SCRIPT CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D4B3;MATHEMATICAL SCRIPT CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D4B4;MATHEMATICAL SCRIPT CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D4B5;MATHEMATICAL SCRIPT CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D4B6;MATHEMATICAL SCRIPT SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D4B7;MATHEMATICAL SCRIPT SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D4B8;MATHEMATICAL SCRIPT SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D4B9;MATHEMATICAL SCRIPT SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D4BB;MATHEMATICAL SCRIPT SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D4BD;MATHEMATICAL SCRIPT SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D4BE;MATHEMATICAL SCRIPT SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D4BF;MATHEMATICAL SCRIPT SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D4C0;MATHEMATICAL SCRIPT SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D4C2;MATHEMATICAL SCRIPT SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D4C3;MATHEMATICAL SCRIPT SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D4C5;MATHEMATICAL SCRIPT SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D4C6;MATHEMATICAL SCRIPT SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D4C7;MATHEMATICAL SCRIPT SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D4C8;MATHEMATICAL SCRIPT SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D4C9;MATHEMATICAL SCRIPT SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D4CA;MATHEMATICAL SCRIPT SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D4CB;MATHEMATICAL SCRIPT SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D4CC;MATHEMATICAL SCRIPT SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D4CD;MATHEMATICAL SCRIPT SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D4CE;MATHEMATICAL SCRIPT SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D4CF;MATHEMATICAL SCRIPT SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D4D0;MATHEMATICAL BOLD SCRIPT CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D4D1;MATHEMATICAL BOLD SCRIPT CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D4D2;MATHEMATICAL BOLD SCRIPT CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D4D3;MATHEMATICAL BOLD SCRIPT CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D4D4;MATHEMATICAL BOLD SCRIPT CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D4D5;MATHEMATICAL BOLD SCRIPT CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D4D6;MATHEMATICAL BOLD SCRIPT CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D4D7;MATHEMATICAL BOLD SCRIPT CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D4D8;MATHEMATICAL BOLD SCRIPT CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D4D9;MATHEMATICAL BOLD SCRIPT CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D4DA;MATHEMATICAL BOLD SCRIPT CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D4DB;MATHEMATICAL BOLD SCRIPT CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D4DC;MATHEMATICAL BOLD SCRIPT CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D4DD;MATHEMATICAL BOLD SCRIPT CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D4DE;MATHEMATICAL BOLD SCRIPT CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D4DF;MATHEMATICAL BOLD SCRIPT CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D4E0;MATHEMATICAL BOLD SCRIPT CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D4E1;MATHEMATICAL BOLD SCRIPT CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D4E2;MATHEMATICAL BOLD SCRIPT CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D4E3;MATHEMATICAL BOLD SCRIPT CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D4E4;MATHEMATICAL BOLD SCRIPT CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D4E5;MATHEMATICAL BOLD SCRIPT CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D4E6;MATHEMATICAL BOLD SCRIPT CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D4E7;MATHEMATICAL BOLD SCRIPT CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D4E8;MATHEMATICAL BOLD SCRIPT CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D4E9;MATHEMATICAL BOLD SCRIPT CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D4EA;MATHEMATICAL BOLD SCRIPT SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D4EB;MATHEMATICAL BOLD SCRIPT SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D4EC;MATHEMATICAL BOLD SCRIPT SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D4ED;MATHEMATICAL BOLD SCRIPT SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D4EE;MATHEMATICAL BOLD SCRIPT SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D4EF;MATHEMATICAL BOLD SCRIPT SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D4F0;MATHEMATICAL BOLD SCRIPT SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D4F1;MATHEMATICAL BOLD SCRIPT SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D4F2;MATHEMATICAL BOLD SCRIPT SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D4F3;MATHEMATICAL BOLD SCRIPT SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D4F4;MATHEMATICAL BOLD SCRIPT SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D4F5;MATHEMATICAL BOLD SCRIPT SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D4F6;MATHEMATICAL BOLD SCRIPT SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D4F7;MATHEMATICAL BOLD SCRIPT SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D4F8;MATHEMATICAL BOLD SCRIPT SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D4F9;MATHEMATICAL BOLD SCRIPT SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D4FA;MATHEMATICAL BOLD SCRIPT SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D4FB;MATHEMATICAL BOLD SCRIPT SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D4FC;MATHEMATICAL BOLD SCRIPT SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D4FD;MATHEMATICAL BOLD SCRIPT SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D4FE;MATHEMATICAL BOLD SCRIPT SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D4FF;MATHEMATICAL BOLD SCRIPT SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D500;MATHEMATICAL BOLD SCRIPT SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D501;MATHEMATICAL BOLD SCRIPT SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D502;MATHEMATICAL BOLD SCRIPT SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D503;MATHEMATICAL BOLD SCRIPT SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D504;MATHEMATICAL FRAKTUR CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D505;MATHEMATICAL FRAKTUR CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D507;MATHEMATICAL FRAKTUR CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D508;MATHEMATICAL FRAKTUR CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D509;MATHEMATICAL FRAKTUR CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D50A;MATHEMATICAL FRAKTUR CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D50D;MATHEMATICAL FRAKTUR CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D50E;MATHEMATICAL FRAKTUR CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D50F;MATHEMATICAL FRAKTUR CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D510;MATHEMATICAL FRAKTUR CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D511;MATHEMATICAL FRAKTUR CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D512;MATHEMATICAL FRAKTUR CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D513;MATHEMATICAL FRAKTUR CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D514;MATHEMATICAL FRAKTUR CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D516;MATHEMATICAL FRAKTUR CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D517;MATHEMATICAL FRAKTUR CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D518;MATHEMATICAL FRAKTUR CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D519;MATHEMATICAL FRAKTUR CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D51A;MATHEMATICAL FRAKTUR CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D51B;MATHEMATICAL FRAKTUR CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D51C;MATHEMATICAL FRAKTUR CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D51E;MATHEMATICAL FRAKTUR SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D51F;MATHEMATICAL FRAKTUR SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D520;MATHEMATICAL FRAKTUR SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D521;MATHEMATICAL FRAKTUR SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D522;MATHEMATICAL FRAKTUR SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D523;MATHEMATICAL FRAKTUR SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D524;MATHEMATICAL FRAKTUR SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D525;MATHEMATICAL FRAKTUR SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D526;MATHEMATICAL FRAKTUR SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D527;MATHEMATICAL FRAKTUR SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D528;MATHEMATICAL FRAKTUR SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D529;MATHEMATICAL FRAKTUR SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D52A;MATHEMATICAL FRAKTUR SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D52B;MATHEMATICAL FRAKTUR SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D52C;MATHEMATICAL FRAKTUR SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D52D;MATHEMATICAL FRAKTUR SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D52E;MATHEMATICAL FRAKTUR SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D52F;MATHEMATICAL FRAKTUR SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D530;MATHEMATICAL FRAKTUR SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D531;MATHEMATICAL FRAKTUR SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D532;MATHEMATICAL FRAKTUR SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D533;MATHEMATICAL FRAKTUR SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D534;MATHEMATICAL FRAKTUR SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D535;MATHEMATICAL FRAKTUR SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D536;MATHEMATICAL FRAKTUR SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D537;MATHEMATICAL FRAKTUR SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D538;MATHEMATICAL DOUBLE-STRUCK CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D539;MATHEMATICAL DOUBLE-STRUCK CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D53B;MATHEMATICAL DOUBLE-STRUCK CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D53C;MATHEMATICAL DOUBLE-STRUCK CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D53D;MATHEMATICAL DOUBLE-STRUCK CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D53E;MATHEMATICAL DOUBLE-STRUCK CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D540;MATHEMATICAL DOUBLE-STRUCK CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D541;MATHEMATICAL DOUBLE-STRUCK CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D542;MATHEMATICAL DOUBLE-STRUCK CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D543;MATHEMATICAL DOUBLE-STRUCK CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D544;MATHEMATICAL DOUBLE-STRUCK CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D546;MATHEMATICAL DOUBLE-STRUCK CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D54A;MATHEMATICAL DOUBLE-STRUCK CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D54B;MATHEMATICAL DOUBLE-STRUCK CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D54C;MATHEMATICAL DOUBLE-STRUCK CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D54D;MATHEMATICAL DOUBLE-STRUCK CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D54E;MATHEMATICAL DOUBLE-STRUCK CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D54F;MATHEMATICAL DOUBLE-STRUCK CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D550;MATHEMATICAL DOUBLE-STRUCK CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D552;MATHEMATICAL DOUBLE-STRUCK SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D553;MATHEMATICAL DOUBLE-STRUCK SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D554;MATHEMATICAL DOUBLE-STRUCK SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D555;MATHEMATICAL DOUBLE-STRUCK SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D556;MATHEMATICAL DOUBLE-STRUCK SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D557;MATHEMATICAL DOUBLE-STRUCK SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D558;MATHEMATICAL DOUBLE-STRUCK SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D559;MATHEMATICAL DOUBLE-STRUCK SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D55A;MATHEMATICAL DOUBLE-STRUCK SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D55B;MATHEMATICAL DOUBLE-STRUCK SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D55C;MATHEMATICAL DOUBLE-STRUCK SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D55D;MATHEMATICAL DOUBLE-STRUCK SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D55E;MATHEMATICAL DOUBLE-STRUCK SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D55F;MATHEMATICAL DOUBLE-STRUCK SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D560;MATHEMATICAL DOUBLE-STRUCK SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D561;MATHEMATICAL DOUBLE-STRUCK SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D562;MATHEMATICAL DOUBLE-STRUCK SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D563;MATHEMATICAL DOUBLE-STRUCK SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D564;MATHEMATICAL DOUBLE-STRUCK SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D565;MATHEMATICAL DOUBLE-STRUCK SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D566;MATHEMATICAL DOUBLE-STRUCK SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D567;MATHEMATICAL DOUBLE-STRUCK SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D568;MATHEMATICAL DOUBLE-STRUCK SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D569;MATHEMATICAL DOUBLE-STRUCK SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D56A;MATHEMATICAL DOUBLE-STRUCK SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D56B;MATHEMATICAL DOUBLE-STRUCK SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D56C;MATHEMATICAL BOLD FRAKTUR CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D56D;MATHEMATICAL BOLD FRAKTUR CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D56E;MATHEMATICAL BOLD FRAKTUR CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D56F;MATHEMATICAL BOLD FRAKTUR CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D570;MATHEMATICAL BOLD FRAKTUR CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D571;MATHEMATICAL BOLD FRAKTUR CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D572;MATHEMATICAL BOLD FRAKTUR CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D573;MATHEMATICAL BOLD FRAKTUR CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D574;MATHEMATICAL BOLD FRAKTUR CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D575;MATHEMATICAL BOLD FRAKTUR CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D576;MATHEMATICAL BOLD FRAKTUR CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D577;MATHEMATICAL BOLD FRAKTUR CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D578;MATHEMATICAL BOLD FRAKTUR CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D579;MATHEMATICAL BOLD FRAKTUR CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D57A;MATHEMATICAL BOLD FRAKTUR CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D57B;MATHEMATICAL BOLD FRAKTUR CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D57C;MATHEMATICAL BOLD FRAKTUR CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D57D;MATHEMATICAL BOLD FRAKTUR CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D57E;MATHEMATICAL BOLD FRAKTUR CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D57F;MATHEMATICAL BOLD FRAKTUR CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D580;MATHEMATICAL BOLD FRAKTUR CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D581;MATHEMATICAL BOLD FRAKTUR CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D582;MATHEMATICAL BOLD FRAKTUR CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D583;MATHEMATICAL BOLD FRAKTUR CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D584;MATHEMATICAL BOLD FRAKTUR CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D585;MATHEMATICAL BOLD FRAKTUR CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D586;MATHEMATICAL BOLD FRAKTUR SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D587;MATHEMATICAL BOLD FRAKTUR SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D588;MATHEMATICAL BOLD FRAKTUR SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D589;MATHEMATICAL BOLD FRAKTUR SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D58A;MATHEMATICAL BOLD FRAKTUR SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D58B;MATHEMATICAL BOLD FRAKTUR SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D58C;MATHEMATICAL BOLD FRAKTUR SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D58D;MATHEMATICAL BOLD FRAKTUR SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D58E;MATHEMATICAL BOLD FRAKTUR SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D58F;MATHEMATICAL BOLD FRAKTUR SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D590;MATHEMATICAL BOLD FRAKTUR SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D591;MATHEMATICAL BOLD FRAKTUR SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D592;MATHEMATICAL BOLD FRAKTUR SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D593;MATHEMATICAL BOLD FRAKTUR SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D594;MATHEMATICAL BOLD FRAKTUR SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D595;MATHEMATICAL BOLD FRAKTUR SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D596;MATHEMATICAL BOLD FRAKTUR SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D597;MATHEMATICAL BOLD FRAKTUR SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D598;MATHEMATICAL BOLD FRAKTUR SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D599;MATHEMATICAL BOLD FRAKTUR SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D59A;MATHEMATICAL BOLD FRAKTUR SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D59B;MATHEMATICAL BOLD FRAKTUR SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D59C;MATHEMATICAL BOLD FRAKTUR SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D59D;MATHEMATICAL BOLD FRAKTUR SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D59E;MATHEMATICAL BOLD FRAKTUR SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D59F;MATHEMATICAL BOLD FRAKTUR SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D5A0;MATHEMATICAL SANS-SERIF CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D5A1;MATHEMATICAL SANS-SERIF CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D5A2;MATHEMATICAL SANS-SERIF CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D5A3;MATHEMATICAL SANS-SERIF CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D5A4;MATHEMATICAL SANS-SERIF CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D5A5;MATHEMATICAL SANS-SERIF CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D5A6;MATHEMATICAL SANS-SERIF CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D5A7;MATHEMATICAL SANS-SERIF CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D5A8;MATHEMATICAL SANS-SERIF CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D5A9;MATHEMATICAL SANS-SERIF CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D5AA;MATHEMATICAL SANS-SERIF CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D5AB;MATHEMATICAL SANS-SERIF CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D5AC;MATHEMATICAL SANS-SERIF CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D5AD;MATHEMATICAL SANS-SERIF CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D5AE;MATHEMATICAL SANS-SERIF CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D5AF;MATHEMATICAL SANS-SERIF CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D5B0;MATHEMATICAL SANS-SERIF CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D5B1;MATHEMATICAL SANS-SERIF CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D5B2;MATHEMATICAL SANS-SERIF CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D5B3;MATHEMATICAL SANS-SERIF CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D5B4;MATHEMATICAL SANS-SERIF CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D5B5;MATHEMATICAL SANS-SERIF CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D5B6;MATHEMATICAL SANS-SERIF CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D5B7;MATHEMATICAL SANS-SERIF CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D5B8;MATHEMATICAL SANS-SERIF CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D5B9;MATHEMATICAL SANS-SERIF CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D5BA;MATHEMATICAL SANS-SERIF SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D5BB;MATHEMATICAL SANS-SERIF SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D5BC;MATHEMATICAL SANS-SERIF SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D5BD;MATHEMATICAL SANS-SERIF SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D5BE;MATHEMATICAL SANS-SERIF SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D5BF;MATHEMATICAL SANS-SERIF SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D5C0;MATHEMATICAL SANS-SERIF SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D5C1;MATHEMATICAL SANS-SERIF SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D5C2;MATHEMATICAL SANS-SERIF SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D5C3;MATHEMATICAL SANS-SERIF SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D5C4;MATHEMATICAL SANS-SERIF SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D5C5;MATHEMATICAL SANS-SERIF SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D5C6;MATHEMATICAL SANS-SERIF SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D5C7;MATHEMATICAL SANS-SERIF SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D5C8;MATHEMATICAL SANS-SERIF SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D5C9;MATHEMATICAL SANS-SERIF SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D5CA;MATHEMATICAL SANS-SERIF SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D5CB;MATHEMATICAL SANS-SERIF SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D5CC;MATHEMATICAL SANS-SERIF SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D5CD;MATHEMATICAL SANS-SERIF SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D5CE;MATHEMATICAL SANS-SERIF SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D5CF;MATHEMATICAL SANS-SERIF SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D5D0;MATHEMATICAL SANS-SERIF SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D5D1;MATHEMATICAL SANS-SERIF SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D5D2;MATHEMATICAL SANS-SERIF SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D5D3;MATHEMATICAL SANS-SERIF SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D5D4;MATHEMATICAL SANS-SERIF BOLD CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D5D5;MATHEMATICAL SANS-SERIF BOLD CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D5D6;MATHEMATICAL SANS-SERIF BOLD CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D5D7;MATHEMATICAL SANS-SERIF BOLD CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D5D8;MATHEMATICAL SANS-SERIF BOLD CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D5D9;MATHEMATICAL SANS-SERIF BOLD CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D5DA;MATHEMATICAL SANS-SERIF BOLD CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D5DB;MATHEMATICAL SANS-SERIF BOLD CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D5DC;MATHEMATICAL SANS-SERIF BOLD CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D5DD;MATHEMATICAL SANS-SERIF BOLD CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D5DE;MATHEMATICAL SANS-SERIF BOLD CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D5DF;MATHEMATICAL SANS-SERIF BOLD CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D5E0;MATHEMATICAL SANS-SERIF BOLD CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D5E1;MATHEMATICAL SANS-SERIF BOLD CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D5E2;MATHEMATICAL SANS-SERIF BOLD CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D5E3;MATHEMATICAL SANS-SERIF BOLD CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D5E4;MATHEMATICAL SANS-SERIF BOLD CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D5E5;MATHEMATICAL SANS-SERIF BOLD CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D5E6;MATHEMATICAL SANS-SERIF BOLD CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D5E7;MATHEMATICAL SANS-SERIF BOLD CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D5E8;MATHEMATICAL SANS-SERIF BOLD CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D5E9;MATHEMATICAL SANS-SERIF BOLD CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D5EA;MATHEMATICAL SANS-SERIF BOLD CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D5EB;MATHEMATICAL SANS-SERIF BOLD CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D5EC;MATHEMATICAL SANS-SERIF BOLD CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D5ED;MATHEMATICAL SANS-SERIF BOLD CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D5EE;MATHEMATICAL SANS-SERIF BOLD SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D5EF;MATHEMATICAL SANS-SERIF BOLD SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D5F0;MATHEMATICAL SANS-SERIF BOLD SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D5F1;MATHEMATICAL SANS-SERIF BOLD SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D5F2;MATHEMATICAL SANS-SERIF BOLD SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D5F3;MATHEMATICAL SANS-SERIF BOLD SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D5F4;MATHEMATICAL SANS-SERIF BOLD SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D5F5;MATHEMATICAL SANS-SERIF BOLD SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D5F6;MATHEMATICAL SANS-SERIF BOLD SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D5F7;MATHEMATICAL SANS-SERIF BOLD SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D5F8;MATHEMATICAL SANS-SERIF BOLD SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D5F9;MATHEMATICAL SANS-SERIF BOLD SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D5FA;MATHEMATICAL SANS-SERIF BOLD SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D5FB;MATHEMATICAL SANS-SERIF BOLD SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D5FC;MATHEMATICAL SANS-SERIF BOLD SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D5FD;MATHEMATICAL SANS-SERIF BOLD SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D5FE;MATHEMATICAL SANS-SERIF BOLD SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D5FF;MATHEMATICAL SANS-SERIF BOLD SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D600;MATHEMATICAL SANS-SERIF BOLD SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D601;MATHEMATICAL SANS-SERIF BOLD SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D602;MATHEMATICAL SANS-SERIF BOLD SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D603;MATHEMATICAL SANS-SERIF BOLD SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D604;MATHEMATICAL SANS-SERIF BOLD SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D605;MATHEMATICAL SANS-SERIF BOLD SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D606;MATHEMATICAL SANS-SERIF BOLD SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D607;MATHEMATICAL SANS-SERIF BOLD SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D608;MATHEMATICAL SANS-SERIF ITALIC CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D609;MATHEMATICAL SANS-SERIF ITALIC CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D60A;MATHEMATICAL SANS-SERIF ITALIC CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D60B;MATHEMATICAL SANS-SERIF ITALIC CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D60C;MATHEMATICAL SANS-SERIF ITALIC CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D60D;MATHEMATICAL SANS-SERIF ITALIC CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D60E;MATHEMATICAL SANS-SERIF ITALIC CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D60F;MATHEMATICAL SANS-SERIF ITALIC CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D610;MATHEMATICAL SANS-SERIF ITALIC CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D611;MATHEMATICAL SANS-SERIF ITALIC CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D612;MATHEMATICAL SANS-SERIF ITALIC CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D613;MATHEMATICAL SANS-SERIF ITALIC CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D614;MATHEMATICAL SANS-SERIF ITALIC CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D615;MATHEMATICAL SANS-SERIF ITALIC CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D616;MATHEMATICAL SANS-SERIF ITALIC CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D617;MATHEMATICAL SANS-SERIF ITALIC CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D618;MATHEMATICAL SANS-SERIF ITALIC CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D619;MATHEMATICAL SANS-SERIF ITALIC CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D61A;MATHEMATICAL SANS-SERIF ITALIC CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D61B;MATHEMATICAL SANS-SERIF ITALIC CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D61C;MATHEMATICAL SANS-SERIF ITALIC CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D61D;MATHEMATICAL SANS-SERIF ITALIC CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D61E;MATHEMATICAL SANS-SERIF ITALIC CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D61F;MATHEMATICAL SANS-SERIF ITALIC CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D620;MATHEMATICAL SANS-SERIF ITALIC CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D621;MATHEMATICAL SANS-SERIF ITALIC CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D622;MATHEMATICAL SANS-SERIF ITALIC SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D623;MATHEMATICAL SANS-SERIF ITALIC SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D624;MATHEMATICAL SANS-SERIF ITALIC SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D625;MATHEMATICAL SANS-SERIF ITALIC SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D626;MATHEMATICAL SANS-SERIF ITALIC SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D627;MATHEMATICAL SANS-SERIF ITALIC SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D628;MATHEMATICAL SANS-SERIF ITALIC SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D629;MATHEMATICAL SANS-SERIF ITALIC SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D62A;MATHEMATICAL SANS-SERIF ITALIC SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D62B;MATHEMATICAL SANS-SERIF ITALIC SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D62C;MATHEMATICAL SANS-SERIF ITALIC SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D62D;MATHEMATICAL SANS-SERIF ITALIC SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D62E;MATHEMATICAL SANS-SERIF ITALIC SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D62F;MATHEMATICAL SANS-SERIF ITALIC SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D630;MATHEMATICAL SANS-SERIF ITALIC SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D631;MATHEMATICAL SANS-SERIF ITALIC SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D632;MATHEMATICAL SANS-SERIF ITALIC SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D633;MATHEMATICAL SANS-SERIF ITALIC SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D634;MATHEMATICAL SANS-SERIF ITALIC SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D635;MATHEMATICAL SANS-SERIF ITALIC SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D636;MATHEMATICAL SANS-SERIF ITALIC SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D637;MATHEMATICAL SANS-SERIF ITALIC SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D638;MATHEMATICAL SANS-SERIF ITALIC SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D639;MATHEMATICAL SANS-SERIF ITALIC SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D63A;MATHEMATICAL SANS-SERIF ITALIC SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D63B;MATHEMATICAL SANS-SERIF ITALIC SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D63C;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D63D;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D63E;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D63F;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D640;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D641;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D642;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D643;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D644;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D645;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D646;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D647;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D648;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D649;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D64A;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D64B;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D64C;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D64D;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D64E;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D64F;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D650;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D651;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D652;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D653;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D654;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D655;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D656;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D657;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D658;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D659;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D65A;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D65B;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D65C;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D65D;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D65E;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D65F;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D660;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D661;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D662;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D663;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D664;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D665;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D666;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D667;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D668;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D669;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D66A;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D66B;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D66C;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D66D;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D66E;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D66F;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D670;MATHEMATICAL MONOSPACE CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D671;MATHEMATICAL MONOSPACE CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D672;MATHEMATICAL MONOSPACE CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D673;MATHEMATICAL MONOSPACE CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D674;MATHEMATICAL MONOSPACE CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D675;MATHEMATICAL MONOSPACE CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D676;MATHEMATICAL MONOSPACE CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D677;MATHEMATICAL MONOSPACE CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D678;MATHEMATICAL MONOSPACE CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D679;MATHEMATICAL MONOSPACE CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D67A;MATHEMATICAL MONOSPACE CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D67B;MATHEMATICAL MONOSPACE CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D67C;MATHEMATICAL MONOSPACE CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D67D;MATHEMATICAL MONOSPACE CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D67E;MATHEMATICAL MONOSPACE CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D67F;MATHEMATICAL MONOSPACE CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D680;MATHEMATICAL MONOSPACE CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D681;MATHEMATICAL MONOSPACE CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D682;MATHEMATICAL MONOSPACE CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D683;MATHEMATICAL MONOSPACE CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D684;MATHEMATICAL MONOSPACE CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D685;MATHEMATICAL MONOSPACE CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D686;MATHEMATICAL MONOSPACE CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D687;MATHEMATICAL MONOSPACE CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D688;MATHEMATICAL MONOSPACE CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D689;MATHEMATICAL MONOSPACE CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D68A;MATHEMATICAL MONOSPACE SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D68B;MATHEMATICAL MONOSPACE SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D68C;MATHEMATICAL MONOSPACE SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D68D;MATHEMATICAL MONOSPACE SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D68E;MATHEMATICAL MONOSPACE SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D68F;MATHEMATICAL MONOSPACE SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D690;MATHEMATICAL MONOSPACE SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D691;MATHEMATICAL MONOSPACE SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D692;MATHEMATICAL MONOSPACE SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D693;MATHEMATICAL MONOSPACE SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D694;MATHEMATICAL MONOSPACE SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D695;MATHEMATICAL MONOSPACE SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D696;MATHEMATICAL MONOSPACE SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D697;MATHEMATICAL MONOSPACE SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D698;MATHEMATICAL MONOSPACE SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D699;MATHEMATICAL MONOSPACE SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D69A;MATHEMATICAL MONOSPACE SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D69B;MATHEMATICAL MONOSPACE SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D69C;MATHEMATICAL MONOSPACE SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D69D;MATHEMATICAL MONOSPACE SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D69E;MATHEMATICAL MONOSPACE SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D69F;MATHEMATICAL MONOSPACE SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D6A0;MATHEMATICAL MONOSPACE SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D6A1;MATHEMATICAL MONOSPACE SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D6A2;MATHEMATICAL MONOSPACE SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D6A3;MATHEMATICAL MONOSPACE SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D6A8;MATHEMATICAL BOLD CAPITAL ALPHA;Lu;0;L;<font> 0391;;;;N;;;;;
+1D6A9;MATHEMATICAL BOLD CAPITAL BETA;Lu;0;L;<font> 0392;;;;N;;;;;
+1D6AA;MATHEMATICAL BOLD CAPITAL GAMMA;Lu;0;L;<font> 0393;;;;N;;;;;
+1D6AB;MATHEMATICAL BOLD CAPITAL DELTA;Lu;0;L;<font> 0394;;;;N;;;;;
+1D6AC;MATHEMATICAL BOLD CAPITAL EPSILON;Lu;0;L;<font> 0395;;;;N;;;;;
+1D6AD;MATHEMATICAL BOLD CAPITAL ZETA;Lu;0;L;<font> 0396;;;;N;;;;;
+1D6AE;MATHEMATICAL BOLD CAPITAL ETA;Lu;0;L;<font> 0397;;;;N;;;;;
+1D6AF;MATHEMATICAL BOLD CAPITAL THETA;Lu;0;L;<font> 0398;;;;N;;;;;
+1D6B0;MATHEMATICAL BOLD CAPITAL IOTA;Lu;0;L;<font> 0399;;;;N;;;;;
+1D6B1;MATHEMATICAL BOLD CAPITAL KAPPA;Lu;0;L;<font> 039A;;;;N;;;;;
+1D6B2;MATHEMATICAL BOLD CAPITAL LAMDA;Lu;0;L;<font> 039B;;;;N;;;;;
+1D6B3;MATHEMATICAL BOLD CAPITAL MU;Lu;0;L;<font> 039C;;;;N;;;;;
+1D6B4;MATHEMATICAL BOLD CAPITAL NU;Lu;0;L;<font> 039D;;;;N;;;;;
+1D6B5;MATHEMATICAL BOLD CAPITAL XI;Lu;0;L;<font> 039E;;;;N;;;;;
+1D6B6;MATHEMATICAL BOLD CAPITAL OMICRON;Lu;0;L;<font> 039F;;;;N;;;;;
+1D6B7;MATHEMATICAL BOLD CAPITAL PI;Lu;0;L;<font> 03A0;;;;N;;;;;
+1D6B8;MATHEMATICAL BOLD CAPITAL RHO;Lu;0;L;<font> 03A1;;;;N;;;;;
+1D6B9;MATHEMATICAL BOLD CAPITAL THETA SYMBOL;Lu;0;L;<font> 03F4;;;;N;;;;;
+1D6BA;MATHEMATICAL BOLD CAPITAL SIGMA;Lu;0;L;<font> 03A3;;;;N;;;;;
+1D6BB;MATHEMATICAL BOLD CAPITAL TAU;Lu;0;L;<font> 03A4;;;;N;;;;;
+1D6BC;MATHEMATICAL BOLD CAPITAL UPSILON;Lu;0;L;<font> 03A5;;;;N;;;;;
+1D6BD;MATHEMATICAL BOLD CAPITAL PHI;Lu;0;L;<font> 03A6;;;;N;;;;;
+1D6BE;MATHEMATICAL BOLD CAPITAL CHI;Lu;0;L;<font> 03A7;;;;N;;;;;
+1D6BF;MATHEMATICAL BOLD CAPITAL PSI;Lu;0;L;<font> 03A8;;;;N;;;;;
+1D6C0;MATHEMATICAL BOLD CAPITAL OMEGA;Lu;0;L;<font> 03A9;;;;N;;;;;
+1D6C1;MATHEMATICAL BOLD NABLA;Sm;0;L;<font> 2207;;;;N;;;;;
+1D6C2;MATHEMATICAL BOLD SMALL ALPHA;Ll;0;L;<font> 03B1;;;;N;;;;;
+1D6C3;MATHEMATICAL BOLD SMALL BETA;Ll;0;L;<font> 03B2;;;;N;;;;;
+1D6C4;MATHEMATICAL BOLD SMALL GAMMA;Ll;0;L;<font> 03B3;;;;N;;;;;
+1D6C5;MATHEMATICAL BOLD SMALL DELTA;Ll;0;L;<font> 03B4;;;;N;;;;;
+1D6C6;MATHEMATICAL BOLD SMALL EPSILON;Ll;0;L;<font> 03B5;;;;N;;;;;
+1D6C7;MATHEMATICAL BOLD SMALL ZETA;Ll;0;L;<font> 03B6;;;;N;;;;;
+1D6C8;MATHEMATICAL BOLD SMALL ETA;Ll;0;L;<font> 03B7;;;;N;;;;;
+1D6C9;MATHEMATICAL BOLD SMALL THETA;Ll;0;L;<font> 03B8;;;;N;;;;;
+1D6CA;MATHEMATICAL BOLD SMALL IOTA;Ll;0;L;<font> 03B9;;;;N;;;;;
+1D6CB;MATHEMATICAL BOLD SMALL KAPPA;Ll;0;L;<font> 03BA;;;;N;;;;;
+1D6CC;MATHEMATICAL BOLD SMALL LAMDA;Ll;0;L;<font> 03BB;;;;N;;;;;
+1D6CD;MATHEMATICAL BOLD SMALL MU;Ll;0;L;<font> 03BC;;;;N;;;;;
+1D6CE;MATHEMATICAL BOLD SMALL NU;Ll;0;L;<font> 03BD;;;;N;;;;;
+1D6CF;MATHEMATICAL BOLD SMALL XI;Ll;0;L;<font> 03BE;;;;N;;;;;
+1D6D0;MATHEMATICAL BOLD SMALL OMICRON;Ll;0;L;<font> 03BF;;;;N;;;;;
+1D6D1;MATHEMATICAL BOLD SMALL PI;Ll;0;L;<font> 03C0;;;;N;;;;;
+1D6D2;MATHEMATICAL BOLD SMALL RHO;Ll;0;L;<font> 03C1;;;;N;;;;;
+1D6D3;MATHEMATICAL BOLD SMALL FINAL SIGMA;Ll;0;L;<font> 03C2;;;;N;;;;;
+1D6D4;MATHEMATICAL BOLD SMALL SIGMA;Ll;0;L;<font> 03C3;;;;N;;;;;
+1D6D5;MATHEMATICAL BOLD SMALL TAU;Ll;0;L;<font> 03C4;;;;N;;;;;
+1D6D6;MATHEMATICAL BOLD SMALL UPSILON;Ll;0;L;<font> 03C5;;;;N;;;;;
+1D6D7;MATHEMATICAL BOLD SMALL PHI;Ll;0;L;<font> 03C6;;;;N;;;;;
+1D6D8;MATHEMATICAL BOLD SMALL CHI;Ll;0;L;<font> 03C7;;;;N;;;;;
+1D6D9;MATHEMATICAL BOLD SMALL PSI;Ll;0;L;<font> 03C8;;;;N;;;;;
+1D6DA;MATHEMATICAL BOLD SMALL OMEGA;Ll;0;L;<font> 03C9;;;;N;;;;;
+1D6DB;MATHEMATICAL BOLD PARTIAL DIFFERENTIAL;Sm;0;L;<font> 2202;;;;N;;;;;
+1D6DC;MATHEMATICAL BOLD EPSILON SYMBOL;Ll;0;L;<font> 03F5;;;;N;;;;;
+1D6DD;MATHEMATICAL BOLD THETA SYMBOL;Ll;0;L;<font> 03D1;;;;N;;;;;
+1D6DE;MATHEMATICAL BOLD KAPPA SYMBOL;Ll;0;L;<font> 03F0;;;;N;;;;;
+1D6DF;MATHEMATICAL BOLD PHI SYMBOL;Ll;0;L;<font> 03D5;;;;N;;;;;
+1D6E0;MATHEMATICAL BOLD RHO SYMBOL;Ll;0;L;<font> 03F1;;;;N;;;;;
+1D6E1;MATHEMATICAL BOLD PI SYMBOL;Ll;0;L;<font> 03D6;;;;N;;;;;
+1D6E2;MATHEMATICAL ITALIC CAPITAL ALPHA;Lu;0;L;<font> 0391;;;;N;;;;;
+1D6E3;MATHEMATICAL ITALIC CAPITAL BETA;Lu;0;L;<font> 0392;;;;N;;;;;
+1D6E4;MATHEMATICAL ITALIC CAPITAL GAMMA;Lu;0;L;<font> 0393;;;;N;;;;;
+1D6E5;MATHEMATICAL ITALIC CAPITAL DELTA;Lu;0;L;<font> 0394;;;;N;;;;;
+1D6E6;MATHEMATICAL ITALIC CAPITAL EPSILON;Lu;0;L;<font> 0395;;;;N;;;;;
+1D6E7;MATHEMATICAL ITALIC CAPITAL ZETA;Lu;0;L;<font> 0396;;;;N;;;;;
+1D6E8;MATHEMATICAL ITALIC CAPITAL ETA;Lu;0;L;<font> 0397;;;;N;;;;;
+1D6E9;MATHEMATICAL ITALIC CAPITAL THETA;Lu;0;L;<font> 0398;;;;N;;;;;
+1D6EA;MATHEMATICAL ITALIC CAPITAL IOTA;Lu;0;L;<font> 0399;;;;N;;;;;
+1D6EB;MATHEMATICAL ITALIC CAPITAL KAPPA;Lu;0;L;<font> 039A;;;;N;;;;;
+1D6EC;MATHEMATICAL ITALIC CAPITAL LAMDA;Lu;0;L;<font> 039B;;;;N;;;;;
+1D6ED;MATHEMATICAL ITALIC CAPITAL MU;Lu;0;L;<font> 039C;;;;N;;;;;
+1D6EE;MATHEMATICAL ITALIC CAPITAL NU;Lu;0;L;<font> 039D;;;;N;;;;;
+1D6EF;MATHEMATICAL ITALIC CAPITAL XI;Lu;0;L;<font> 039E;;;;N;;;;;
+1D6F0;MATHEMATICAL ITALIC CAPITAL OMICRON;Lu;0;L;<font> 039F;;;;N;;;;;
+1D6F1;MATHEMATICAL ITALIC CAPITAL PI;Lu;0;L;<font> 03A0;;;;N;;;;;
+1D6F2;MATHEMATICAL ITALIC CAPITAL RHO;Lu;0;L;<font> 03A1;;;;N;;;;;
+1D6F3;MATHEMATICAL ITALIC CAPITAL THETA SYMBOL;Lu;0;L;<font> 03F4;;;;N;;;;;
+1D6F4;MATHEMATICAL ITALIC CAPITAL SIGMA;Lu;0;L;<font> 03A3;;;;N;;;;;
+1D6F5;MATHEMATICAL ITALIC CAPITAL TAU;Lu;0;L;<font> 03A4;;;;N;;;;;
+1D6F6;MATHEMATICAL ITALIC CAPITAL UPSILON;Lu;0;L;<font> 03A5;;;;N;;;;;
+1D6F7;MATHEMATICAL ITALIC CAPITAL PHI;Lu;0;L;<font> 03A6;;;;N;;;;;
+1D6F8;MATHEMATICAL ITALIC CAPITAL CHI;Lu;0;L;<font> 03A7;;;;N;;;;;
+1D6F9;MATHEMATICAL ITALIC CAPITAL PSI;Lu;0;L;<font> 03A8;;;;N;;;;;
+1D6FA;MATHEMATICAL ITALIC CAPITAL OMEGA;Lu;0;L;<font> 03A9;;;;N;;;;;
+1D6FB;MATHEMATICAL ITALIC NABLA;Sm;0;L;<font> 2207;;;;N;;;;;
+1D6FC;MATHEMATICAL ITALIC SMALL ALPHA;Ll;0;L;<font> 03B1;;;;N;;;;;
+1D6FD;MATHEMATICAL ITALIC SMALL BETA;Ll;0;L;<font> 03B2;;;;N;;;;;
+1D6FE;MATHEMATICAL ITALIC SMALL GAMMA;Ll;0;L;<font> 03B3;;;;N;;;;;
+1D6FF;MATHEMATICAL ITALIC SMALL DELTA;Ll;0;L;<font> 03B4;;;;N;;;;;
+1D700;MATHEMATICAL ITALIC SMALL EPSILON;Ll;0;L;<font> 03B5;;;;N;;;;;
+1D701;MATHEMATICAL ITALIC SMALL ZETA;Ll;0;L;<font> 03B6;;;;N;;;;;
+1D702;MATHEMATICAL ITALIC SMALL ETA;Ll;0;L;<font> 03B7;;;;N;;;;;
+1D703;MATHEMATICAL ITALIC SMALL THETA;Ll;0;L;<font> 03B8;;;;N;;;;;
+1D704;MATHEMATICAL ITALIC SMALL IOTA;Ll;0;L;<font> 03B9;;;;N;;;;;
+1D705;MATHEMATICAL ITALIC SMALL KAPPA;Ll;0;L;<font> 03BA;;;;N;;;;;
+1D706;MATHEMATICAL ITALIC SMALL LAMDA;Ll;0;L;<font> 03BB;;;;N;;;;;
+1D707;MATHEMATICAL ITALIC SMALL MU;Ll;0;L;<font> 03BC;;;;N;;;;;
+1D708;MATHEMATICAL ITALIC SMALL NU;Ll;0;L;<font> 03BD;;;;N;;;;;
+1D709;MATHEMATICAL ITALIC SMALL XI;Ll;0;L;<font> 03BE;;;;N;;;;;
+1D70A;MATHEMATICAL ITALIC SMALL OMICRON;Ll;0;L;<font> 03BF;;;;N;;;;;
+1D70B;MATHEMATICAL ITALIC SMALL PI;Ll;0;L;<font> 03C0;;;;N;;;;;
+1D70C;MATHEMATICAL ITALIC SMALL RHO;Ll;0;L;<font> 03C1;;;;N;;;;;
+1D70D;MATHEMATICAL ITALIC SMALL FINAL SIGMA;Ll;0;L;<font> 03C2;;;;N;;;;;
+1D70E;MATHEMATICAL ITALIC SMALL SIGMA;Ll;0;L;<font> 03C3;;;;N;;;;;
+1D70F;MATHEMATICAL ITALIC SMALL TAU;Ll;0;L;<font> 03C4;;;;N;;;;;
+1D710;MATHEMATICAL ITALIC SMALL UPSILON;Ll;0;L;<font> 03C5;;;;N;;;;;
+1D711;MATHEMATICAL ITALIC SMALL PHI;Ll;0;L;<font> 03C6;;;;N;;;;;
+1D712;MATHEMATICAL ITALIC SMALL CHI;Ll;0;L;<font> 03C7;;;;N;;;;;
+1D713;MATHEMATICAL ITALIC SMALL PSI;Ll;0;L;<font> 03C8;;;;N;;;;;
+1D714;MATHEMATICAL ITALIC SMALL OMEGA;Ll;0;L;<font> 03C9;;;;N;;;;;
+1D715;MATHEMATICAL ITALIC PARTIAL DIFFERENTIAL;Sm;0;L;<font> 2202;;;;N;;;;;
+1D716;MATHEMATICAL ITALIC EPSILON SYMBOL;Ll;0;L;<font> 03F5;;;;N;;;;;
+1D717;MATHEMATICAL ITALIC THETA SYMBOL;Ll;0;L;<font> 03D1;;;;N;;;;;
+1D718;MATHEMATICAL ITALIC KAPPA SYMBOL;Ll;0;L;<font> 03F0;;;;N;;;;;
+1D719;MATHEMATICAL ITALIC PHI SYMBOL;Ll;0;L;<font> 03D5;;;;N;;;;;
+1D71A;MATHEMATICAL ITALIC RHO SYMBOL;Ll;0;L;<font> 03F1;;;;N;;;;;
+1D71B;MATHEMATICAL ITALIC PI SYMBOL;Ll;0;L;<font> 03D6;;;;N;;;;;
+1D71C;MATHEMATICAL BOLD ITALIC CAPITAL ALPHA;Lu;0;L;<font> 0391;;;;N;;;;;
+1D71D;MATHEMATICAL BOLD ITALIC CAPITAL BETA;Lu;0;L;<font> 0392;;;;N;;;;;
+1D71E;MATHEMATICAL BOLD ITALIC CAPITAL GAMMA;Lu;0;L;<font> 0393;;;;N;;;;;
+1D71F;MATHEMATICAL BOLD ITALIC CAPITAL DELTA;Lu;0;L;<font> 0394;;;;N;;;;;
+1D720;MATHEMATICAL BOLD ITALIC CAPITAL EPSILON;Lu;0;L;<font> 0395;;;;N;;;;;
+1D721;MATHEMATICAL BOLD ITALIC CAPITAL ZETA;Lu;0;L;<font> 0396;;;;N;;;;;
+1D722;MATHEMATICAL BOLD ITALIC CAPITAL ETA;Lu;0;L;<font> 0397;;;;N;;;;;
+1D723;MATHEMATICAL BOLD ITALIC CAPITAL THETA;Lu;0;L;<font> 0398;;;;N;;;;;
+1D724;MATHEMATICAL BOLD ITALIC CAPITAL IOTA;Lu;0;L;<font> 0399;;;;N;;;;;
+1D725;MATHEMATICAL BOLD ITALIC CAPITAL KAPPA;Lu;0;L;<font> 039A;;;;N;;;;;
+1D726;MATHEMATICAL BOLD ITALIC CAPITAL LAMDA;Lu;0;L;<font> 039B;;;;N;;;;;
+1D727;MATHEMATICAL BOLD ITALIC CAPITAL MU;Lu;0;L;<font> 039C;;;;N;;;;;
+1D728;MATHEMATICAL BOLD ITALIC CAPITAL NU;Lu;0;L;<font> 039D;;;;N;;;;;
+1D729;MATHEMATICAL BOLD ITALIC CAPITAL XI;Lu;0;L;<font> 039E;;;;N;;;;;
+1D72A;MATHEMATICAL BOLD ITALIC CAPITAL OMICRON;Lu;0;L;<font> 039F;;;;N;;;;;
+1D72B;MATHEMATICAL BOLD ITALIC CAPITAL PI;Lu;0;L;<font> 03A0;;;;N;;;;;
+1D72C;MATHEMATICAL BOLD ITALIC CAPITAL RHO;Lu;0;L;<font> 03A1;;;;N;;;;;
+1D72D;MATHEMATICAL BOLD ITALIC CAPITAL THETA SYMBOL;Lu;0;L;<font> 03F4;;;;N;;;;;
+1D72E;MATHEMATICAL BOLD ITALIC CAPITAL SIGMA;Lu;0;L;<font> 03A3;;;;N;;;;;
+1D72F;MATHEMATICAL BOLD ITALIC CAPITAL TAU;Lu;0;L;<font> 03A4;;;;N;;;;;
+1D730;MATHEMATICAL BOLD ITALIC CAPITAL UPSILON;Lu;0;L;<font> 03A5;;;;N;;;;;
+1D731;MATHEMATICAL BOLD ITALIC CAPITAL PHI;Lu;0;L;<font> 03A6;;;;N;;;;;
+1D732;MATHEMATICAL BOLD ITALIC CAPITAL CHI;Lu;0;L;<font> 03A7;;;;N;;;;;
+1D733;MATHEMATICAL BOLD ITALIC CAPITAL PSI;Lu;0;L;<font> 03A8;;;;N;;;;;
+1D734;MATHEMATICAL BOLD ITALIC CAPITAL OMEGA;Lu;0;L;<font> 03A9;;;;N;;;;;
+1D735;MATHEMATICAL BOLD ITALIC NABLA;Sm;0;L;<font> 2207;;;;N;;;;;
+1D736;MATHEMATICAL BOLD ITALIC SMALL ALPHA;Ll;0;L;<font> 03B1;;;;N;;;;;
+1D737;MATHEMATICAL BOLD ITALIC SMALL BETA;Ll;0;L;<font> 03B2;;;;N;;;;;
+1D738;MATHEMATICAL BOLD ITALIC SMALL GAMMA;Ll;0;L;<font> 03B3;;;;N;;;;;
+1D739;MATHEMATICAL BOLD ITALIC SMALL DELTA;Ll;0;L;<font> 03B4;;;;N;;;;;
+1D73A;MATHEMATICAL BOLD ITALIC SMALL EPSILON;Ll;0;L;<font> 03B5;;;;N;;;;;
+1D73B;MATHEMATICAL BOLD ITALIC SMALL ZETA;Ll;0;L;<font> 03B6;;;;N;;;;;
+1D73C;MATHEMATICAL BOLD ITALIC SMALL ETA;Ll;0;L;<font> 03B7;;;;N;;;;;
+1D73D;MATHEMATICAL BOLD ITALIC SMALL THETA;Ll;0;L;<font> 03B8;;;;N;;;;;
+1D73E;MATHEMATICAL BOLD ITALIC SMALL IOTA;Ll;0;L;<font> 03B9;;;;N;;;;;
+1D73F;MATHEMATICAL BOLD ITALIC SMALL KAPPA;Ll;0;L;<font> 03BA;;;;N;;;;;
+1D740;MATHEMATICAL BOLD ITALIC SMALL LAMDA;Ll;0;L;<font> 03BB;;;;N;;;;;
+1D741;MATHEMATICAL BOLD ITALIC SMALL MU;Ll;0;L;<font> 03BC;;;;N;;;;;
+1D742;MATHEMATICAL BOLD ITALIC SMALL NU;Ll;0;L;<font> 03BD;;;;N;;;;;
+1D743;MATHEMATICAL BOLD ITALIC SMALL XI;Ll;0;L;<font> 03BE;;;;N;;;;;
+1D744;MATHEMATICAL BOLD ITALIC SMALL OMICRON;Ll;0;L;<font> 03BF;;;;N;;;;;
+1D745;MATHEMATICAL BOLD ITALIC SMALL PI;Ll;0;L;<font> 03C0;;;;N;;;;;
+1D746;MATHEMATICAL BOLD ITALIC SMALL RHO;Ll;0;L;<font> 03C1;;;;N;;;;;
+1D747;MATHEMATICAL BOLD ITALIC SMALL FINAL SIGMA;Ll;0;L;<font> 03C2;;;;N;;;;;
+1D748;MATHEMATICAL BOLD ITALIC SMALL SIGMA;Ll;0;L;<font> 03C3;;;;N;;;;;
+1D749;MATHEMATICAL BOLD ITALIC SMALL TAU;Ll;0;L;<font> 03C4;;;;N;;;;;
+1D74A;MATHEMATICAL BOLD ITALIC SMALL UPSILON;Ll;0;L;<font> 03C5;;;;N;;;;;
+1D74B;MATHEMATICAL BOLD ITALIC SMALL PHI;Ll;0;L;<font> 03C6;;;;N;;;;;
+1D74C;MATHEMATICAL BOLD ITALIC SMALL CHI;Ll;0;L;<font> 03C7;;;;N;;;;;
+1D74D;MATHEMATICAL BOLD ITALIC SMALL PSI;Ll;0;L;<font> 03C8;;;;N;;;;;
+1D74E;MATHEMATICAL BOLD ITALIC SMALL OMEGA;Ll;0;L;<font> 03C9;;;;N;;;;;
+1D74F;MATHEMATICAL BOLD ITALIC PARTIAL DIFFERENTIAL;Sm;0;L;<font> 2202;;;;N;;;;;
+1D750;MATHEMATICAL BOLD ITALIC EPSILON SYMBOL;Ll;0;L;<font> 03F5;;;;N;;;;;
+1D751;MATHEMATICAL BOLD ITALIC THETA SYMBOL;Ll;0;L;<font> 03D1;;;;N;;;;;
+1D752;MATHEMATICAL BOLD ITALIC KAPPA SYMBOL;Ll;0;L;<font> 03F0;;;;N;;;;;
+1D753;MATHEMATICAL BOLD ITALIC PHI SYMBOL;Ll;0;L;<font> 03D5;;;;N;;;;;
+1D754;MATHEMATICAL BOLD ITALIC RHO SYMBOL;Ll;0;L;<font> 03F1;;;;N;;;;;
+1D755;MATHEMATICAL BOLD ITALIC PI SYMBOL;Ll;0;L;<font> 03D6;;;;N;;;;;
+1D756;MATHEMATICAL SANS-SERIF BOLD CAPITAL ALPHA;Lu;0;L;<font> 0391;;;;N;;;;;
+1D757;MATHEMATICAL SANS-SERIF BOLD CAPITAL BETA;Lu;0;L;<font> 0392;;;;N;;;;;
+1D758;MATHEMATICAL SANS-SERIF BOLD CAPITAL GAMMA;Lu;0;L;<font> 0393;;;;N;;;;;
+1D759;MATHEMATICAL SANS-SERIF BOLD CAPITAL DELTA;Lu;0;L;<font> 0394;;;;N;;;;;
+1D75A;MATHEMATICAL SANS-SERIF BOLD CAPITAL EPSILON;Lu;0;L;<font> 0395;;;;N;;;;;
+1D75B;MATHEMATICAL SANS-SERIF BOLD CAPITAL ZETA;Lu;0;L;<font> 0396;;;;N;;;;;
+1D75C;MATHEMATICAL SANS-SERIF BOLD CAPITAL ETA;Lu;0;L;<font> 0397;;;;N;;;;;
+1D75D;MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA;Lu;0;L;<font> 0398;;;;N;;;;;
+1D75E;MATHEMATICAL SANS-SERIF BOLD CAPITAL IOTA;Lu;0;L;<font> 0399;;;;N;;;;;
+1D75F;MATHEMATICAL SANS-SERIF BOLD CAPITAL KAPPA;Lu;0;L;<font> 039A;;;;N;;;;;
+1D760;MATHEMATICAL SANS-SERIF BOLD CAPITAL LAMDA;Lu;0;L;<font> 039B;;;;N;;;;;
+1D761;MATHEMATICAL SANS-SERIF BOLD CAPITAL MU;Lu;0;L;<font> 039C;;;;N;;;;;
+1D762;MATHEMATICAL SANS-SERIF BOLD CAPITAL NU;Lu;0;L;<font> 039D;;;;N;;;;;
+1D763;MATHEMATICAL SANS-SERIF BOLD CAPITAL XI;Lu;0;L;<font> 039E;;;;N;;;;;
+1D764;MATHEMATICAL SANS-SERIF BOLD CAPITAL OMICRON;Lu;0;L;<font> 039F;;;;N;;;;;
+1D765;MATHEMATICAL SANS-SERIF BOLD CAPITAL PI;Lu;0;L;<font> 03A0;;;;N;;;;;
+1D766;MATHEMATICAL SANS-SERIF BOLD CAPITAL RHO;Lu;0;L;<font> 03A1;;;;N;;;;;
+1D767;MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA SYMBOL;Lu;0;L;<font> 03F4;;;;N;;;;;
+1D768;MATHEMATICAL SANS-SERIF BOLD CAPITAL SIGMA;Lu;0;L;<font> 03A3;;;;N;;;;;
+1D769;MATHEMATICAL SANS-SERIF BOLD CAPITAL TAU;Lu;0;L;<font> 03A4;;;;N;;;;;
+1D76A;MATHEMATICAL SANS-SERIF BOLD CAPITAL UPSILON;Lu;0;L;<font> 03A5;;;;N;;;;;
+1D76B;MATHEMATICAL SANS-SERIF BOLD CAPITAL PHI;Lu;0;L;<font> 03A6;;;;N;;;;;
+1D76C;MATHEMATICAL SANS-SERIF BOLD CAPITAL CHI;Lu;0;L;<font> 03A7;;;;N;;;;;
+1D76D;MATHEMATICAL SANS-SERIF BOLD CAPITAL PSI;Lu;0;L;<font> 03A8;;;;N;;;;;
+1D76E;MATHEMATICAL SANS-SERIF BOLD CAPITAL OMEGA;Lu;0;L;<font> 03A9;;;;N;;;;;
+1D76F;MATHEMATICAL SANS-SERIF BOLD NABLA;Sm;0;L;<font> 2207;;;;N;;;;;
+1D770;MATHEMATICAL SANS-SERIF BOLD SMALL ALPHA;Ll;0;L;<font> 03B1;;;;N;;;;;
+1D771;MATHEMATICAL SANS-SERIF BOLD SMALL BETA;Ll;0;L;<font> 03B2;;;;N;;;;;
+1D772;MATHEMATICAL SANS-SERIF BOLD SMALL GAMMA;Ll;0;L;<font> 03B3;;;;N;;;;;
+1D773;MATHEMATICAL SANS-SERIF BOLD SMALL DELTA;Ll;0;L;<font> 03B4;;;;N;;;;;
+1D774;MATHEMATICAL SANS-SERIF BOLD SMALL EPSILON;Ll;0;L;<font> 03B5;;;;N;;;;;
+1D775;MATHEMATICAL SANS-SERIF BOLD SMALL ZETA;Ll;0;L;<font> 03B6;;;;N;;;;;
+1D776;MATHEMATICAL SANS-SERIF BOLD SMALL ETA;Ll;0;L;<font> 03B7;;;;N;;;;;
+1D777;MATHEMATICAL SANS-SERIF BOLD SMALL THETA;Ll;0;L;<font> 03B8;;;;N;;;;;
+1D778;MATHEMATICAL SANS-SERIF BOLD SMALL IOTA;Ll;0;L;<font> 03B9;;;;N;;;;;
+1D779;MATHEMATICAL SANS-SERIF BOLD SMALL KAPPA;Ll;0;L;<font> 03BA;;;;N;;;;;
+1D77A;MATHEMATICAL SANS-SERIF BOLD SMALL LAMDA;Ll;0;L;<font> 03BB;;;;N;;;;;
+1D77B;MATHEMATICAL SANS-SERIF BOLD SMALL MU;Ll;0;L;<font> 03BC;;;;N;;;;;
+1D77C;MATHEMATICAL SANS-SERIF BOLD SMALL NU;Ll;0;L;<font> 03BD;;;;N;;;;;
+1D77D;MATHEMATICAL SANS-SERIF BOLD SMALL XI;Ll;0;L;<font> 03BE;;;;N;;;;;
+1D77E;MATHEMATICAL SANS-SERIF BOLD SMALL OMICRON;Ll;0;L;<font> 03BF;;;;N;;;;;
+1D77F;MATHEMATICAL SANS-SERIF BOLD SMALL PI;Ll;0;L;<font> 03C0;;;;N;;;;;
+1D780;MATHEMATICAL SANS-SERIF BOLD SMALL RHO;Ll;0;L;<font> 03C1;;;;N;;;;;
+1D781;MATHEMATICAL SANS-SERIF BOLD SMALL FINAL SIGMA;Ll;0;L;<font> 03C2;;;;N;;;;;
+1D782;MATHEMATICAL SANS-SERIF BOLD SMALL SIGMA;Ll;0;L;<font> 03C3;;;;N;;;;;
+1D783;MATHEMATICAL SANS-SERIF BOLD SMALL TAU;Ll;0;L;<font> 03C4;;;;N;;;;;
+1D784;MATHEMATICAL SANS-SERIF BOLD SMALL UPSILON;Ll;0;L;<font> 03C5;;;;N;;;;;
+1D785;MATHEMATICAL SANS-SERIF BOLD SMALL PHI;Ll;0;L;<font> 03C6;;;;N;;;;;
+1D786;MATHEMATICAL SANS-SERIF BOLD SMALL CHI;Ll;0;L;<font> 03C7;;;;N;;;;;
+1D787;MATHEMATICAL SANS-SERIF BOLD SMALL PSI;Ll;0;L;<font> 03C8;;;;N;;;;;
+1D788;MATHEMATICAL SANS-SERIF BOLD SMALL OMEGA;Ll;0;L;<font> 03C9;;;;N;;;;;
+1D789;MATHEMATICAL SANS-SERIF BOLD PARTIAL DIFFERENTIAL;Sm;0;L;<font> 2202;;;;N;;;;;
+1D78A;MATHEMATICAL SANS-SERIF BOLD EPSILON SYMBOL;Ll;0;L;<font> 03F5;;;;N;;;;;
+1D78B;MATHEMATICAL SANS-SERIF BOLD THETA SYMBOL;Ll;0;L;<font> 03D1;;;;N;;;;;
+1D78C;MATHEMATICAL SANS-SERIF BOLD KAPPA SYMBOL;Ll;0;L;<font> 03F0;;;;N;;;;;
+1D78D;MATHEMATICAL SANS-SERIF BOLD PHI SYMBOL;Ll;0;L;<font> 03D5;;;;N;;;;;
+1D78E;MATHEMATICAL SANS-SERIF BOLD RHO SYMBOL;Ll;0;L;<font> 03F1;;;;N;;;;;
+1D78F;MATHEMATICAL SANS-SERIF BOLD PI SYMBOL;Ll;0;L;<font> 03D6;;;;N;;;;;
+1D790;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ALPHA;Lu;0;L;<font> 0391;;;;N;;;;;
+1D791;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL BETA;Lu;0;L;<font> 0392;;;;N;;;;;
+1D792;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL GAMMA;Lu;0;L;<font> 0393;;;;N;;;;;
+1D793;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL DELTA;Lu;0;L;<font> 0394;;;;N;;;;;
+1D794;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL EPSILON;Lu;0;L;<font> 0395;;;;N;;;;;
+1D795;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ZETA;Lu;0;L;<font> 0396;;;;N;;;;;
+1D796;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ETA;Lu;0;L;<font> 0397;;;;N;;;;;
+1D797;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA;Lu;0;L;<font> 0398;;;;N;;;;;
+1D798;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL IOTA;Lu;0;L;<font> 0399;;;;N;;;;;
+1D799;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL KAPPA;Lu;0;L;<font> 039A;;;;N;;;;;
+1D79A;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL LAMDA;Lu;0;L;<font> 039B;;;;N;;;;;
+1D79B;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL MU;Lu;0;L;<font> 039C;;;;N;;;;;
+1D79C;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL NU;Lu;0;L;<font> 039D;;;;N;;;;;
+1D79D;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL XI;Lu;0;L;<font> 039E;;;;N;;;;;
+1D79E;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMICRON;Lu;0;L;<font> 039F;;;;N;;;;;
+1D79F;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PI;Lu;0;L;<font> 03A0;;;;N;;;;;
+1D7A0;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL RHO;Lu;0;L;<font> 03A1;;;;N;;;;;
+1D7A1;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA SYMBOL;Lu;0;L;<font> 03F4;;;;N;;;;;
+1D7A2;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL SIGMA;Lu;0;L;<font> 03A3;;;;N;;;;;
+1D7A3;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL TAU;Lu;0;L;<font> 03A4;;;;N;;;;;
+1D7A4;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL UPSILON;Lu;0;L;<font> 03A5;;;;N;;;;;
+1D7A5;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PHI;Lu;0;L;<font> 03A6;;;;N;;;;;
+1D7A6;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL CHI;Lu;0;L;<font> 03A7;;;;N;;;;;
+1D7A7;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PSI;Lu;0;L;<font> 03A8;;;;N;;;;;
+1D7A8;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMEGA;Lu;0;L;<font> 03A9;;;;N;;;;;
+1D7A9;MATHEMATICAL SANS-SERIF BOLD ITALIC NABLA;Sm;0;L;<font> 2207;;;;N;;;;;
+1D7AA;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ALPHA;Ll;0;L;<font> 03B1;;;;N;;;;;
+1D7AB;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL BETA;Ll;0;L;<font> 03B2;;;;N;;;;;
+1D7AC;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL GAMMA;Ll;0;L;<font> 03B3;;;;N;;;;;
+1D7AD;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL DELTA;Ll;0;L;<font> 03B4;;;;N;;;;;
+1D7AE;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL EPSILON;Ll;0;L;<font> 03B5;;;;N;;;;;
+1D7AF;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ZETA;Ll;0;L;<font> 03B6;;;;N;;;;;
+1D7B0;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ETA;Ll;0;L;<font> 03B7;;;;N;;;;;
+1D7B1;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL THETA;Ll;0;L;<font> 03B8;;;;N;;;;;
+1D7B2;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL IOTA;Ll;0;L;<font> 03B9;;;;N;;;;;
+1D7B3;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL KAPPA;Ll;0;L;<font> 03BA;;;;N;;;;;
+1D7B4;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL LAMDA;Ll;0;L;<font> 03BB;;;;N;;;;;
+1D7B5;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL MU;Ll;0;L;<font> 03BC;;;;N;;;;;
+1D7B6;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL NU;Ll;0;L;<font> 03BD;;;;N;;;;;
+1D7B7;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL XI;Ll;0;L;<font> 03BE;;;;N;;;;;
+1D7B8;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMICRON;Ll;0;L;<font> 03BF;;;;N;;;;;
+1D7B9;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PI;Ll;0;L;<font> 03C0;;;;N;;;;;
+1D7BA;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL RHO;Ll;0;L;<font> 03C1;;;;N;;;;;
+1D7BB;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL FINAL SIGMA;Ll;0;L;<font> 03C2;;;;N;;;;;
+1D7BC;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL SIGMA;Ll;0;L;<font> 03C3;;;;N;;;;;
+1D7BD;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL TAU;Ll;0;L;<font> 03C4;;;;N;;;;;
+1D7BE;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL UPSILON;Ll;0;L;<font> 03C5;;;;N;;;;;
+1D7BF;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PHI;Ll;0;L;<font> 03C6;;;;N;;;;;
+1D7C0;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL CHI;Ll;0;L;<font> 03C7;;;;N;;;;;
+1D7C1;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PSI;Ll;0;L;<font> 03C8;;;;N;;;;;
+1D7C2;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMEGA;Ll;0;L;<font> 03C9;;;;N;;;;;
+1D7C3;MATHEMATICAL SANS-SERIF BOLD ITALIC PARTIAL DIFFERENTIAL;Sm;0;L;<font> 2202;;;;N;;;;;
+1D7C4;MATHEMATICAL SANS-SERIF BOLD ITALIC EPSILON SYMBOL;Ll;0;L;<font> 03F5;;;;N;;;;;
+1D7C5;MATHEMATICAL SANS-SERIF BOLD ITALIC THETA SYMBOL;Ll;0;L;<font> 03D1;;;;N;;;;;
+1D7C6;MATHEMATICAL SANS-SERIF BOLD ITALIC KAPPA SYMBOL;Ll;0;L;<font> 03F0;;;;N;;;;;
+1D7C7;MATHEMATICAL SANS-SERIF BOLD ITALIC PHI SYMBOL;Ll;0;L;<font> 03D5;;;;N;;;;;
+1D7C8;MATHEMATICAL SANS-SERIF BOLD ITALIC RHO SYMBOL;Ll;0;L;<font> 03F1;;;;N;;;;;
+1D7C9;MATHEMATICAL SANS-SERIF BOLD ITALIC PI SYMBOL;Ll;0;L;<font> 03D6;;;;N;;;;;
+1D7CE;MATHEMATICAL BOLD DIGIT ZERO;Nd;0;EN;<font> 0030;0;0;0;N;;;;;
+1D7CF;MATHEMATICAL BOLD DIGIT ONE;Nd;0;EN;<font> 0031;1;1;1;N;;;;;
+1D7D0;MATHEMATICAL BOLD DIGIT TWO;Nd;0;EN;<font> 0032;2;2;2;N;;;;;
+1D7D1;MATHEMATICAL BOLD DIGIT THREE;Nd;0;EN;<font> 0033;3;3;3;N;;;;;
+1D7D2;MATHEMATICAL BOLD DIGIT FOUR;Nd;0;EN;<font> 0034;4;4;4;N;;;;;
+1D7D3;MATHEMATICAL BOLD DIGIT FIVE;Nd;0;EN;<font> 0035;5;5;5;N;;;;;
+1D7D4;MATHEMATICAL BOLD DIGIT SIX;Nd;0;EN;<font> 0036;6;6;6;N;;;;;
+1D7D5;MATHEMATICAL BOLD DIGIT SEVEN;Nd;0;EN;<font> 0037;7;7;7;N;;;;;
+1D7D6;MATHEMATICAL BOLD DIGIT EIGHT;Nd;0;EN;<font> 0038;8;8;8;N;;;;;
+1D7D7;MATHEMATICAL BOLD DIGIT NINE;Nd;0;EN;<font> 0039;9;9;9;N;;;;;
+1D7D8;MATHEMATICAL DOUBLE-STRUCK DIGIT ZERO;Nd;0;EN;<font> 0030;0;0;0;N;;;;;
+1D7D9;MATHEMATICAL DOUBLE-STRUCK DIGIT ONE;Nd;0;EN;<font> 0031;1;1;1;N;;;;;
+1D7DA;MATHEMATICAL DOUBLE-STRUCK DIGIT TWO;Nd;0;EN;<font> 0032;2;2;2;N;;;;;
+1D7DB;MATHEMATICAL DOUBLE-STRUCK DIGIT THREE;Nd;0;EN;<font> 0033;3;3;3;N;;;;;
+1D7DC;MATHEMATICAL DOUBLE-STRUCK DIGIT FOUR;Nd;0;EN;<font> 0034;4;4;4;N;;;;;
+1D7DD;MATHEMATICAL DOUBLE-STRUCK DIGIT FIVE;Nd;0;EN;<font> 0035;5;5;5;N;;;;;
+1D7DE;MATHEMATICAL DOUBLE-STRUCK DIGIT SIX;Nd;0;EN;<font> 0036;6;6;6;N;;;;;
+1D7DF;MATHEMATICAL DOUBLE-STRUCK DIGIT SEVEN;Nd;0;EN;<font> 0037;7;7;7;N;;;;;
+1D7E0;MATHEMATICAL DOUBLE-STRUCK DIGIT EIGHT;Nd;0;EN;<font> 0038;8;8;8;N;;;;;
+1D7E1;MATHEMATICAL DOUBLE-STRUCK DIGIT NINE;Nd;0;EN;<font> 0039;9;9;9;N;;;;;
+1D7E2;MATHEMATICAL SANS-SERIF DIGIT ZERO;Nd;0;EN;<font> 0030;0;0;0;N;;;;;
+1D7E3;MATHEMATICAL SANS-SERIF DIGIT ONE;Nd;0;EN;<font> 0031;1;1;1;N;;;;;
+1D7E4;MATHEMATICAL SANS-SERIF DIGIT TWO;Nd;0;EN;<font> 0032;2;2;2;N;;;;;
+1D7E5;MATHEMATICAL SANS-SERIF DIGIT THREE;Nd;0;EN;<font> 0033;3;3;3;N;;;;;
+1D7E6;MATHEMATICAL SANS-SERIF DIGIT FOUR;Nd;0;EN;<font> 0034;4;4;4;N;;;;;
+1D7E7;MATHEMATICAL SANS-SERIF DIGIT FIVE;Nd;0;EN;<font> 0035;5;5;5;N;;;;;
+1D7E8;MATHEMATICAL SANS-SERIF DIGIT SIX;Nd;0;EN;<font> 0036;6;6;6;N;;;;;
+1D7E9;MATHEMATICAL SANS-SERIF DIGIT SEVEN;Nd;0;EN;<font> 0037;7;7;7;N;;;;;
+1D7EA;MATHEMATICAL SANS-SERIF DIGIT EIGHT;Nd;0;EN;<font> 0038;8;8;8;N;;;;;
+1D7EB;MATHEMATICAL SANS-SERIF DIGIT NINE;Nd;0;EN;<font> 0039;9;9;9;N;;;;;
+1D7EC;MATHEMATICAL SANS-SERIF BOLD DIGIT ZERO;Nd;0;EN;<font> 0030;0;0;0;N;;;;;
+1D7ED;MATHEMATICAL SANS-SERIF BOLD DIGIT ONE;Nd;0;EN;<font> 0031;1;1;1;N;;;;;
+1D7EE;MATHEMATICAL SANS-SERIF BOLD DIGIT TWO;Nd;0;EN;<font> 0032;2;2;2;N;;;;;
+1D7EF;MATHEMATICAL SANS-SERIF BOLD DIGIT THREE;Nd;0;EN;<font> 0033;3;3;3;N;;;;;
+1D7F0;MATHEMATICAL SANS-SERIF BOLD DIGIT FOUR;Nd;0;EN;<font> 0034;4;4;4;N;;;;;
+1D7F1;MATHEMATICAL SANS-SERIF BOLD DIGIT FIVE;Nd;0;EN;<font> 0035;5;5;5;N;;;;;
+1D7F2;MATHEMATICAL SANS-SERIF BOLD DIGIT SIX;Nd;0;EN;<font> 0036;6;6;6;N;;;;;
+1D7F3;MATHEMATICAL SANS-SERIF BOLD DIGIT SEVEN;Nd;0;EN;<font> 0037;7;7;7;N;;;;;
+1D7F4;MATHEMATICAL SANS-SERIF BOLD DIGIT EIGHT;Nd;0;EN;<font> 0038;8;8;8;N;;;;;
+1D7F5;MATHEMATICAL SANS-SERIF BOLD DIGIT NINE;Nd;0;EN;<font> 0039;9;9;9;N;;;;;
+1D7F6;MATHEMATICAL MONOSPACE DIGIT ZERO;Nd;0;EN;<font> 0030;0;0;0;N;;;;;
+1D7F7;MATHEMATICAL MONOSPACE DIGIT ONE;Nd;0;EN;<font> 0031;1;1;1;N;;;;;
+1D7F8;MATHEMATICAL MONOSPACE DIGIT TWO;Nd;0;EN;<font> 0032;2;2;2;N;;;;;
+1D7F9;MATHEMATICAL MONOSPACE DIGIT THREE;Nd;0;EN;<font> 0033;3;3;3;N;;;;;
+1D7FA;MATHEMATICAL MONOSPACE DIGIT FOUR;Nd;0;EN;<font> 0034;4;4;4;N;;;;;
+1D7FB;MATHEMATICAL MONOSPACE DIGIT FIVE;Nd;0;EN;<font> 0035;5;5;5;N;;;;;
+1D7FC;MATHEMATICAL MONOSPACE DIGIT SIX;Nd;0;EN;<font> 0036;6;6;6;N;;;;;
+1D7FD;MATHEMATICAL MONOSPACE DIGIT SEVEN;Nd;0;EN;<font> 0037;7;7;7;N;;;;;
+1D7FE;MATHEMATICAL MONOSPACE DIGIT EIGHT;Nd;0;EN;<font> 0038;8;8;8;N;;;;;
+1D7FF;MATHEMATICAL MONOSPACE DIGIT NINE;Nd;0;EN;<font> 0039;9;9;9;N;;;;;
+20000;<CJK Ideograph Extension B, First>;Lo;0;L;;;;;N;;;;;
+2A6D6;<CJK Ideograph Extension B, Last>;Lo;0;L;;;;;N;;;;;
+2F800;CJK COMPATIBILITY IDEOGRAPH-2F800;Lo;0;L;4E3D;;;;N;;;;;
+2F801;CJK COMPATIBILITY IDEOGRAPH-2F801;Lo;0;L;4E38;;;;N;;;;;
+2F802;CJK COMPATIBILITY IDEOGRAPH-2F802;Lo;0;L;4E41;;;;N;;;;;
+2F803;CJK COMPATIBILITY IDEOGRAPH-2F803;Lo;0;L;20122;;;;N;;;;;
+2F804;CJK COMPATIBILITY IDEOGRAPH-2F804;Lo;0;L;4F60;;;;N;;;;;
+2F805;CJK COMPATIBILITY IDEOGRAPH-2F805;Lo;0;L;4FAE;;;;N;;;;;
+2F806;CJK COMPATIBILITY IDEOGRAPH-2F806;Lo;0;L;4FBB;;;;N;;;;;
+2F807;CJK COMPATIBILITY IDEOGRAPH-2F807;Lo;0;L;5002;;;;N;;;;;
+2F808;CJK COMPATIBILITY IDEOGRAPH-2F808;Lo;0;L;507A;;;;N;;;;;
+2F809;CJK COMPATIBILITY IDEOGRAPH-2F809;Lo;0;L;5099;;;;N;;;;;
+2F80A;CJK COMPATIBILITY IDEOGRAPH-2F80A;Lo;0;L;50E7;;;;N;;;;;
+2F80B;CJK COMPATIBILITY IDEOGRAPH-2F80B;Lo;0;L;50CF;;;;N;;;;;
+2F80C;CJK COMPATIBILITY IDEOGRAPH-2F80C;Lo;0;L;349E;;;;N;;;;;
+2F80D;CJK COMPATIBILITY IDEOGRAPH-2F80D;Lo;0;L;2063A;;;;N;;;;;
+2F80E;CJK COMPATIBILITY IDEOGRAPH-2F80E;Lo;0;L;514D;;;;N;;;;;
+2F80F;CJK COMPATIBILITY IDEOGRAPH-2F80F;Lo;0;L;5154;;;;N;;;;;
+2F810;CJK COMPATIBILITY IDEOGRAPH-2F810;Lo;0;L;5164;;;;N;;;;;
+2F811;CJK COMPATIBILITY IDEOGRAPH-2F811;Lo;0;L;5177;;;;N;;;;;
+2F812;CJK COMPATIBILITY IDEOGRAPH-2F812;Lo;0;L;2051C;;;;N;;;;;
+2F813;CJK COMPATIBILITY IDEOGRAPH-2F813;Lo;0;L;34B9;;;;N;;;;;
+2F814;CJK COMPATIBILITY IDEOGRAPH-2F814;Lo;0;L;5167;;;;N;;;;;
+2F815;CJK COMPATIBILITY IDEOGRAPH-2F815;Lo;0;L;518D;;;;N;;;;;
+2F816;CJK COMPATIBILITY IDEOGRAPH-2F816;Lo;0;L;2054B;;;;N;;;;;
+2F817;CJK COMPATIBILITY IDEOGRAPH-2F817;Lo;0;L;5197;;;;N;;;;;
+2F818;CJK COMPATIBILITY IDEOGRAPH-2F818;Lo;0;L;51A4;;;;N;;;;;
+2F819;CJK COMPATIBILITY IDEOGRAPH-2F819;Lo;0;L;4ECC;;;;N;;;;;
+2F81A;CJK COMPATIBILITY IDEOGRAPH-2F81A;Lo;0;L;51AC;;;;N;;;;;
+2F81B;CJK COMPATIBILITY IDEOGRAPH-2F81B;Lo;0;L;51B5;;;;N;;;;;
+2F81C;CJK COMPATIBILITY IDEOGRAPH-2F81C;Lo;0;L;291DF;;;;N;;;;;
+2F81D;CJK COMPATIBILITY IDEOGRAPH-2F81D;Lo;0;L;51F5;;;;N;;;;;
+2F81E;CJK COMPATIBILITY IDEOGRAPH-2F81E;Lo;0;L;5203;;;;N;;;;;
+2F81F;CJK COMPATIBILITY IDEOGRAPH-2F81F;Lo;0;L;34DF;;;;N;;;;;
+2F820;CJK COMPATIBILITY IDEOGRAPH-2F820;Lo;0;L;523B;;;;N;;;;;
+2F821;CJK COMPATIBILITY IDEOGRAPH-2F821;Lo;0;L;5246;;;;N;;;;;
+2F822;CJK COMPATIBILITY IDEOGRAPH-2F822;Lo;0;L;5272;;;;N;;;;;
+2F823;CJK COMPATIBILITY IDEOGRAPH-2F823;Lo;0;L;5277;;;;N;;;;;
+2F824;CJK COMPATIBILITY IDEOGRAPH-2F824;Lo;0;L;3515;;;;N;;;;;
+2F825;CJK COMPATIBILITY IDEOGRAPH-2F825;Lo;0;L;52C7;;;;N;;;;;
+2F826;CJK COMPATIBILITY IDEOGRAPH-2F826;Lo;0;L;52C9;;;;N;;;;;
+2F827;CJK COMPATIBILITY IDEOGRAPH-2F827;Lo;0;L;52E4;;;;N;;;;;
+2F828;CJK COMPATIBILITY IDEOGRAPH-2F828;Lo;0;L;52FA;;;;N;;;;;
+2F829;CJK COMPATIBILITY IDEOGRAPH-2F829;Lo;0;L;5305;;;;N;;;;;
+2F82A;CJK COMPATIBILITY IDEOGRAPH-2F82A;Lo;0;L;5306;;;;N;;;;;
+2F82B;CJK COMPATIBILITY IDEOGRAPH-2F82B;Lo;0;L;5317;;;;N;;;;;
+2F82C;CJK COMPATIBILITY IDEOGRAPH-2F82C;Lo;0;L;5349;;;;N;;;;;
+2F82D;CJK COMPATIBILITY IDEOGRAPH-2F82D;Lo;0;L;5351;;;;N;;;;;
+2F82E;CJK COMPATIBILITY IDEOGRAPH-2F82E;Lo;0;L;535A;;;;N;;;;;
+2F82F;CJK COMPATIBILITY IDEOGRAPH-2F82F;Lo;0;L;5373;;;;N;;;;;
+2F830;CJK COMPATIBILITY IDEOGRAPH-2F830;Lo;0;L;537D;;;;N;;;;;
+2F831;CJK COMPATIBILITY IDEOGRAPH-2F831;Lo;0;L;537F;;;;N;;;;;
+2F832;CJK COMPATIBILITY IDEOGRAPH-2F832;Lo;0;L;537F;;;;N;;;;;
+2F833;CJK COMPATIBILITY IDEOGRAPH-2F833;Lo;0;L;537F;;;;N;;;;;
+2F834;CJK COMPATIBILITY IDEOGRAPH-2F834;Lo;0;L;20A2C;;;;N;;;;;
+2F835;CJK COMPATIBILITY IDEOGRAPH-2F835;Lo;0;L;7070;;;;N;;;;;
+2F836;CJK COMPATIBILITY IDEOGRAPH-2F836;Lo;0;L;53CA;;;;N;;;;;
+2F837;CJK COMPATIBILITY IDEOGRAPH-2F837;Lo;0;L;53DF;;;;N;;;;;
+2F838;CJK COMPATIBILITY IDEOGRAPH-2F838;Lo;0;L;20B63;;;;N;;;;;
+2F839;CJK COMPATIBILITY IDEOGRAPH-2F839;Lo;0;L;53EB;;;;N;;;;;
+2F83A;CJK COMPATIBILITY IDEOGRAPH-2F83A;Lo;0;L;53F1;;;;N;;;;;
+2F83B;CJK COMPATIBILITY IDEOGRAPH-2F83B;Lo;0;L;5406;;;;N;;;;;
+2F83C;CJK COMPATIBILITY IDEOGRAPH-2F83C;Lo;0;L;549E;;;;N;;;;;
+2F83D;CJK COMPATIBILITY IDEOGRAPH-2F83D;Lo;0;L;5438;;;;N;;;;;
+2F83E;CJK COMPATIBILITY IDEOGRAPH-2F83E;Lo;0;L;5448;;;;N;;;;;
+2F83F;CJK COMPATIBILITY IDEOGRAPH-2F83F;Lo;0;L;5468;;;;N;;;;;
+2F840;CJK COMPATIBILITY IDEOGRAPH-2F840;Lo;0;L;54A2;;;;N;;;;;
+2F841;CJK COMPATIBILITY IDEOGRAPH-2F841;Lo;0;L;54F6;;;;N;;;;;
+2F842;CJK COMPATIBILITY IDEOGRAPH-2F842;Lo;0;L;5510;;;;N;;;;;
+2F843;CJK COMPATIBILITY IDEOGRAPH-2F843;Lo;0;L;5553;;;;N;;;;;
+2F844;CJK COMPATIBILITY IDEOGRAPH-2F844;Lo;0;L;5563;;;;N;;;;;
+2F845;CJK COMPATIBILITY IDEOGRAPH-2F845;Lo;0;L;5584;;;;N;;;;;
+2F846;CJK COMPATIBILITY IDEOGRAPH-2F846;Lo;0;L;5584;;;;N;;;;;
+2F847;CJK COMPATIBILITY IDEOGRAPH-2F847;Lo;0;L;5599;;;;N;;;;;
+2F848;CJK COMPATIBILITY IDEOGRAPH-2F848;Lo;0;L;55AB;;;;N;;;;;
+2F849;CJK COMPATIBILITY IDEOGRAPH-2F849;Lo;0;L;55B3;;;;N;;;;;
+2F84A;CJK COMPATIBILITY IDEOGRAPH-2F84A;Lo;0;L;55C2;;;;N;;;;;
+2F84B;CJK COMPATIBILITY IDEOGRAPH-2F84B;Lo;0;L;5716;;;;N;;;;;
+2F84C;CJK COMPATIBILITY IDEOGRAPH-2F84C;Lo;0;L;5606;;;;N;;;;;
+2F84D;CJK COMPATIBILITY IDEOGRAPH-2F84D;Lo;0;L;5717;;;;N;;;;;
+2F84E;CJK COMPATIBILITY IDEOGRAPH-2F84E;Lo;0;L;5651;;;;N;;;;;
+2F84F;CJK COMPATIBILITY IDEOGRAPH-2F84F;Lo;0;L;5674;;;;N;;;;;
+2F850;CJK COMPATIBILITY IDEOGRAPH-2F850;Lo;0;L;5207;;;;N;;;;;
+2F851;CJK COMPATIBILITY IDEOGRAPH-2F851;Lo;0;L;58EE;;;;N;;;;;
+2F852;CJK COMPATIBILITY IDEOGRAPH-2F852;Lo;0;L;57CE;;;;N;;;;;
+2F853;CJK COMPATIBILITY IDEOGRAPH-2F853;Lo;0;L;57F4;;;;N;;;;;
+2F854;CJK COMPATIBILITY IDEOGRAPH-2F854;Lo;0;L;580D;;;;N;;;;;
+2F855;CJK COMPATIBILITY IDEOGRAPH-2F855;Lo;0;L;578B;;;;N;;;;;
+2F856;CJK COMPATIBILITY IDEOGRAPH-2F856;Lo;0;L;5832;;;;N;;;;;
+2F857;CJK COMPATIBILITY IDEOGRAPH-2F857;Lo;0;L;5831;;;;N;;;;;
+2F858;CJK COMPATIBILITY IDEOGRAPH-2F858;Lo;0;L;58AC;;;;N;;;;;
+2F859;CJK COMPATIBILITY IDEOGRAPH-2F859;Lo;0;L;214E4;;;;N;;;;;
+2F85A;CJK COMPATIBILITY IDEOGRAPH-2F85A;Lo;0;L;58F2;;;;N;;;;;
+2F85B;CJK COMPATIBILITY IDEOGRAPH-2F85B;Lo;0;L;58F7;;;;N;;;;;
+2F85C;CJK COMPATIBILITY IDEOGRAPH-2F85C;Lo;0;L;5906;;;;N;;;;;
+2F85D;CJK COMPATIBILITY IDEOGRAPH-2F85D;Lo;0;L;591A;;;;N;;;;;
+2F85E;CJK COMPATIBILITY IDEOGRAPH-2F85E;Lo;0;L;5922;;;;N;;;;;
+2F85F;CJK COMPATIBILITY IDEOGRAPH-2F85F;Lo;0;L;5962;;;;N;;;;;
+2F860;CJK COMPATIBILITY IDEOGRAPH-2F860;Lo;0;L;216A8;;;;N;;;;;
+2F861;CJK COMPATIBILITY IDEOGRAPH-2F861;Lo;0;L;216EA;;;;N;;;;;
+2F862;CJK COMPATIBILITY IDEOGRAPH-2F862;Lo;0;L;59EC;;;;N;;;;;
+2F863;CJK COMPATIBILITY IDEOGRAPH-2F863;Lo;0;L;5A1B;;;;N;;;;;
+2F864;CJK COMPATIBILITY IDEOGRAPH-2F864;Lo;0;L;5A27;;;;N;;;;;
+2F865;CJK COMPATIBILITY IDEOGRAPH-2F865;Lo;0;L;59D8;;;;N;;;;;
+2F866;CJK COMPATIBILITY IDEOGRAPH-2F866;Lo;0;L;5A66;;;;N;;;;;
+2F867;CJK COMPATIBILITY IDEOGRAPH-2F867;Lo;0;L;36EE;;;;N;;;;;
+2F868;CJK COMPATIBILITY IDEOGRAPH-2F868;Lo;0;L;2136A;;;;N;;;;;
+2F869;CJK COMPATIBILITY IDEOGRAPH-2F869;Lo;0;L;5B08;;;;N;;;;;
+2F86A;CJK COMPATIBILITY IDEOGRAPH-2F86A;Lo;0;L;5B3E;;;;N;;;;;
+2F86B;CJK COMPATIBILITY IDEOGRAPH-2F86B;Lo;0;L;5B3E;;;;N;;;;;
+2F86C;CJK COMPATIBILITY IDEOGRAPH-2F86C;Lo;0;L;219C8;;;;N;;;;;
+2F86D;CJK COMPATIBILITY IDEOGRAPH-2F86D;Lo;0;L;5BC3;;;;N;;;;;
+2F86E;CJK COMPATIBILITY IDEOGRAPH-2F86E;Lo;0;L;5BD8;;;;N;;;;;
+2F86F;CJK COMPATIBILITY IDEOGRAPH-2F86F;Lo;0;L;5BE7;;;;N;;;;;
+2F870;CJK COMPATIBILITY IDEOGRAPH-2F870;Lo;0;L;5BF3;;;;N;;;;;
+2F871;CJK COMPATIBILITY IDEOGRAPH-2F871;Lo;0;L;21B18;;;;N;;;;;
+2F872;CJK COMPATIBILITY IDEOGRAPH-2F872;Lo;0;L;5BFF;;;;N;;;;;
+2F873;CJK COMPATIBILITY IDEOGRAPH-2F873;Lo;0;L;5C06;;;;N;;;;;
+2F874;CJK COMPATIBILITY IDEOGRAPH-2F874;Lo;0;L;5F33;;;;N;;;;;
+2F875;CJK COMPATIBILITY IDEOGRAPH-2F875;Lo;0;L;5C22;;;;N;;;;;
+2F876;CJK COMPATIBILITY IDEOGRAPH-2F876;Lo;0;L;3781;;;;N;;;;;
+2F877;CJK COMPATIBILITY IDEOGRAPH-2F877;Lo;0;L;5C60;;;;N;;;;;
+2F878;CJK COMPATIBILITY IDEOGRAPH-2F878;Lo;0;L;5C6E;;;;N;;;;;
+2F879;CJK COMPATIBILITY IDEOGRAPH-2F879;Lo;0;L;5CC0;;;;N;;;;;
+2F87A;CJK COMPATIBILITY IDEOGRAPH-2F87A;Lo;0;L;5C8D;;;;N;;;;;
+2F87B;CJK COMPATIBILITY IDEOGRAPH-2F87B;Lo;0;L;21DE4;;;;N;;;;;
+2F87C;CJK COMPATIBILITY IDEOGRAPH-2F87C;Lo;0;L;5D43;;;;N;;;;;
+2F87D;CJK COMPATIBILITY IDEOGRAPH-2F87D;Lo;0;L;21DE6;;;;N;;;;;
+2F87E;CJK COMPATIBILITY IDEOGRAPH-2F87E;Lo;0;L;5D6E;;;;N;;;;;
+2F87F;CJK COMPATIBILITY IDEOGRAPH-2F87F;Lo;0;L;5D6B;;;;N;;;;;
+2F880;CJK COMPATIBILITY IDEOGRAPH-2F880;Lo;0;L;5D7C;;;;N;;;;;
+2F881;CJK COMPATIBILITY IDEOGRAPH-2F881;Lo;0;L;5DE1;;;;N;;;;;
+2F882;CJK COMPATIBILITY IDEOGRAPH-2F882;Lo;0;L;5DE2;;;;N;;;;;
+2F883;CJK COMPATIBILITY IDEOGRAPH-2F883;Lo;0;L;382F;;;;N;;;;;
+2F884;CJK COMPATIBILITY IDEOGRAPH-2F884;Lo;0;L;5DFD;;;;N;;;;;
+2F885;CJK COMPATIBILITY IDEOGRAPH-2F885;Lo;0;L;5E28;;;;N;;;;;
+2F886;CJK COMPATIBILITY IDEOGRAPH-2F886;Lo;0;L;5E3D;;;;N;;;;;
+2F887;CJK COMPATIBILITY IDEOGRAPH-2F887;Lo;0;L;5E69;;;;N;;;;;
+2F888;CJK COMPATIBILITY IDEOGRAPH-2F888;Lo;0;L;3862;;;;N;;;;;
+2F889;CJK COMPATIBILITY IDEOGRAPH-2F889;Lo;0;L;22183;;;;N;;;;;
+2F88A;CJK COMPATIBILITY IDEOGRAPH-2F88A;Lo;0;L;387C;;;;N;;;;;
+2F88B;CJK COMPATIBILITY IDEOGRAPH-2F88B;Lo;0;L;5EB0;;;;N;;;;;
+2F88C;CJK COMPATIBILITY IDEOGRAPH-2F88C;Lo;0;L;5EB3;;;;N;;;;;
+2F88D;CJK COMPATIBILITY IDEOGRAPH-2F88D;Lo;0;L;5EB6;;;;N;;;;;
+2F88E;CJK COMPATIBILITY IDEOGRAPH-2F88E;Lo;0;L;5ECA;;;;N;;;;;
+2F88F;CJK COMPATIBILITY IDEOGRAPH-2F88F;Lo;0;L;2A392;;;;N;;;;;
+2F890;CJK COMPATIBILITY IDEOGRAPH-2F890;Lo;0;L;5EFE;;;;N;;;;;
+2F891;CJK COMPATIBILITY IDEOGRAPH-2F891;Lo;0;L;22331;;;;N;;;;;
+2F892;CJK COMPATIBILITY IDEOGRAPH-2F892;Lo;0;L;22331;;;;N;;;;;
+2F893;CJK COMPATIBILITY IDEOGRAPH-2F893;Lo;0;L;8201;;;;N;;;;;
+2F894;CJK COMPATIBILITY IDEOGRAPH-2F894;Lo;0;L;5F22;;;;N;;;;;
+2F895;CJK COMPATIBILITY IDEOGRAPH-2F895;Lo;0;L;5F22;;;;N;;;;;
+2F896;CJK COMPATIBILITY IDEOGRAPH-2F896;Lo;0;L;38C7;;;;N;;;;;
+2F897;CJK COMPATIBILITY IDEOGRAPH-2F897;Lo;0;L;232B8;;;;N;;;;;
+2F898;CJK COMPATIBILITY IDEOGRAPH-2F898;Lo;0;L;261DA;;;;N;;;;;
+2F899;CJK COMPATIBILITY IDEOGRAPH-2F899;Lo;0;L;5F62;;;;N;;;;;
+2F89A;CJK COMPATIBILITY IDEOGRAPH-2F89A;Lo;0;L;5F6B;;;;N;;;;;
+2F89B;CJK COMPATIBILITY IDEOGRAPH-2F89B;Lo;0;L;38E3;;;;N;;;;;
+2F89C;CJK COMPATIBILITY IDEOGRAPH-2F89C;Lo;0;L;5F9A;;;;N;;;;;
+2F89D;CJK COMPATIBILITY IDEOGRAPH-2F89D;Lo;0;L;5FCD;;;;N;;;;;
+2F89E;CJK COMPATIBILITY IDEOGRAPH-2F89E;Lo;0;L;5FD7;;;;N;;;;;
+2F89F;CJK COMPATIBILITY IDEOGRAPH-2F89F;Lo;0;L;5FF9;;;;N;;;;;
+2F8A0;CJK COMPATIBILITY IDEOGRAPH-2F8A0;Lo;0;L;6081;;;;N;;;;;
+2F8A1;CJK COMPATIBILITY IDEOGRAPH-2F8A1;Lo;0;L;393A;;;;N;;;;;
+2F8A2;CJK COMPATIBILITY IDEOGRAPH-2F8A2;Lo;0;L;391C;;;;N;;;;;
+2F8A3;CJK COMPATIBILITY IDEOGRAPH-2F8A3;Lo;0;L;6094;;;;N;;;;;
+2F8A4;CJK COMPATIBILITY IDEOGRAPH-2F8A4;Lo;0;L;226D4;;;;N;;;;;
+2F8A5;CJK COMPATIBILITY IDEOGRAPH-2F8A5;Lo;0;L;60C7;;;;N;;;;;
+2F8A6;CJK COMPATIBILITY IDEOGRAPH-2F8A6;Lo;0;L;6148;;;;N;;;;;
+2F8A7;CJK COMPATIBILITY IDEOGRAPH-2F8A7;Lo;0;L;614C;;;;N;;;;;
+2F8A8;CJK COMPATIBILITY IDEOGRAPH-2F8A8;Lo;0;L;614E;;;;N;;;;;
+2F8A9;CJK COMPATIBILITY IDEOGRAPH-2F8A9;Lo;0;L;614C;;;;N;;;;;
+2F8AA;CJK COMPATIBILITY IDEOGRAPH-2F8AA;Lo;0;L;617A;;;;N;;;;;
+2F8AB;CJK COMPATIBILITY IDEOGRAPH-2F8AB;Lo;0;L;618E;;;;N;;;;;
+2F8AC;CJK COMPATIBILITY IDEOGRAPH-2F8AC;Lo;0;L;61B2;;;;N;;;;;
+2F8AD;CJK COMPATIBILITY IDEOGRAPH-2F8AD;Lo;0;L;61A4;;;;N;;;;;
+2F8AE;CJK COMPATIBILITY IDEOGRAPH-2F8AE;Lo;0;L;61AF;;;;N;;;;;
+2F8AF;CJK COMPATIBILITY IDEOGRAPH-2F8AF;Lo;0;L;61DE;;;;N;;;;;
+2F8B0;CJK COMPATIBILITY IDEOGRAPH-2F8B0;Lo;0;L;61F2;;;;N;;;;;
+2F8B1;CJK COMPATIBILITY IDEOGRAPH-2F8B1;Lo;0;L;61F6;;;;N;;;;;
+2F8B2;CJK COMPATIBILITY IDEOGRAPH-2F8B2;Lo;0;L;6210;;;;N;;;;;
+2F8B3;CJK COMPATIBILITY IDEOGRAPH-2F8B3;Lo;0;L;621B;;;;N;;;;;
+2F8B4;CJK COMPATIBILITY IDEOGRAPH-2F8B4;Lo;0;L;625D;;;;N;;;;;
+2F8B5;CJK COMPATIBILITY IDEOGRAPH-2F8B5;Lo;0;L;62B1;;;;N;;;;;
+2F8B6;CJK COMPATIBILITY IDEOGRAPH-2F8B6;Lo;0;L;62D4;;;;N;;;;;
+2F8B7;CJK COMPATIBILITY IDEOGRAPH-2F8B7;Lo;0;L;6350;;;;N;;;;;
+2F8B8;CJK COMPATIBILITY IDEOGRAPH-2F8B8;Lo;0;L;22B0C;;;;N;;;;;
+2F8B9;CJK COMPATIBILITY IDEOGRAPH-2F8B9;Lo;0;L;633D;;;;N;;;;;
+2F8BA;CJK COMPATIBILITY IDEOGRAPH-2F8BA;Lo;0;L;62FC;;;;N;;;;;
+2F8BB;CJK COMPATIBILITY IDEOGRAPH-2F8BB;Lo;0;L;6368;;;;N;;;;;
+2F8BC;CJK COMPATIBILITY IDEOGRAPH-2F8BC;Lo;0;L;6383;;;;N;;;;;
+2F8BD;CJK COMPATIBILITY IDEOGRAPH-2F8BD;Lo;0;L;63E4;;;;N;;;;;
+2F8BE;CJK COMPATIBILITY IDEOGRAPH-2F8BE;Lo;0;L;22BF1;;;;N;;;;;
+2F8BF;CJK COMPATIBILITY IDEOGRAPH-2F8BF;Lo;0;L;6422;;;;N;;;;;
+2F8C0;CJK COMPATIBILITY IDEOGRAPH-2F8C0;Lo;0;L;63C5;;;;N;;;;;
+2F8C1;CJK COMPATIBILITY IDEOGRAPH-2F8C1;Lo;0;L;63A9;;;;N;;;;;
+2F8C2;CJK COMPATIBILITY IDEOGRAPH-2F8C2;Lo;0;L;3A2E;;;;N;;;;;
+2F8C3;CJK COMPATIBILITY IDEOGRAPH-2F8C3;Lo;0;L;6469;;;;N;;;;;
+2F8C4;CJK COMPATIBILITY IDEOGRAPH-2F8C4;Lo;0;L;647E;;;;N;;;;;
+2F8C5;CJK COMPATIBILITY IDEOGRAPH-2F8C5;Lo;0;L;649D;;;;N;;;;;
+2F8C6;CJK COMPATIBILITY IDEOGRAPH-2F8C6;Lo;0;L;6477;;;;N;;;;;
+2F8C7;CJK COMPATIBILITY IDEOGRAPH-2F8C7;Lo;0;L;3A6C;;;;N;;;;;
+2F8C8;CJK COMPATIBILITY IDEOGRAPH-2F8C8;Lo;0;L;654F;;;;N;;;;;
+2F8C9;CJK COMPATIBILITY IDEOGRAPH-2F8C9;Lo;0;L;656C;;;;N;;;;;
+2F8CA;CJK COMPATIBILITY IDEOGRAPH-2F8CA;Lo;0;L;2300A;;;;N;;;;;
+2F8CB;CJK COMPATIBILITY IDEOGRAPH-2F8CB;Lo;0;L;65E3;;;;N;;;;;
+2F8CC;CJK COMPATIBILITY IDEOGRAPH-2F8CC;Lo;0;L;66F8;;;;N;;;;;
+2F8CD;CJK COMPATIBILITY IDEOGRAPH-2F8CD;Lo;0;L;6649;;;;N;;;;;
+2F8CE;CJK COMPATIBILITY IDEOGRAPH-2F8CE;Lo;0;L;3B19;;;;N;;;;;
+2F8CF;CJK COMPATIBILITY IDEOGRAPH-2F8CF;Lo;0;L;6691;;;;N;;;;;
+2F8D0;CJK COMPATIBILITY IDEOGRAPH-2F8D0;Lo;0;L;3B08;;;;N;;;;;
+2F8D1;CJK COMPATIBILITY IDEOGRAPH-2F8D1;Lo;0;L;3AE4;;;;N;;;;;
+2F8D2;CJK COMPATIBILITY IDEOGRAPH-2F8D2;Lo;0;L;5192;;;;N;;;;;
+2F8D3;CJK COMPATIBILITY IDEOGRAPH-2F8D3;Lo;0;L;5195;;;;N;;;;;
+2F8D4;CJK COMPATIBILITY IDEOGRAPH-2F8D4;Lo;0;L;6700;;;;N;;;;;
+2F8D5;CJK COMPATIBILITY IDEOGRAPH-2F8D5;Lo;0;L;669C;;;;N;;;;;
+2F8D6;CJK COMPATIBILITY IDEOGRAPH-2F8D6;Lo;0;L;80AD;;;;N;;;;;
+2F8D7;CJK COMPATIBILITY IDEOGRAPH-2F8D7;Lo;0;L;43D9;;;;N;;;;;
+2F8D8;CJK COMPATIBILITY IDEOGRAPH-2F8D8;Lo;0;L;6717;;;;N;;;;;
+2F8D9;CJK COMPATIBILITY IDEOGRAPH-2F8D9;Lo;0;L;671B;;;;N;;;;;
+2F8DA;CJK COMPATIBILITY IDEOGRAPH-2F8DA;Lo;0;L;6721;;;;N;;;;;
+2F8DB;CJK COMPATIBILITY IDEOGRAPH-2F8DB;Lo;0;L;675E;;;;N;;;;;
+2F8DC;CJK COMPATIBILITY IDEOGRAPH-2F8DC;Lo;0;L;6753;;;;N;;;;;
+2F8DD;CJK COMPATIBILITY IDEOGRAPH-2F8DD;Lo;0;L;233C3;;;;N;;;;;
+2F8DE;CJK COMPATIBILITY IDEOGRAPH-2F8DE;Lo;0;L;3B49;;;;N;;;;;
+2F8DF;CJK COMPATIBILITY IDEOGRAPH-2F8DF;Lo;0;L;67FA;;;;N;;;;;
+2F8E0;CJK COMPATIBILITY IDEOGRAPH-2F8E0;Lo;0;L;6785;;;;N;;;;;
+2F8E1;CJK COMPATIBILITY IDEOGRAPH-2F8E1;Lo;0;L;6852;;;;N;;;;;
+2F8E2;CJK COMPATIBILITY IDEOGRAPH-2F8E2;Lo;0;L;6885;;;;N;;;;;
+2F8E3;CJK COMPATIBILITY IDEOGRAPH-2F8E3;Lo;0;L;2346D;;;;N;;;;;
+2F8E4;CJK COMPATIBILITY IDEOGRAPH-2F8E4;Lo;0;L;688E;;;;N;;;;;
+2F8E5;CJK COMPATIBILITY IDEOGRAPH-2F8E5;Lo;0;L;681F;;;;N;;;;;
+2F8E6;CJK COMPATIBILITY IDEOGRAPH-2F8E6;Lo;0;L;6914;;;;N;;;;;
+2F8E7;CJK COMPATIBILITY IDEOGRAPH-2F8E7;Lo;0;L;3B9D;;;;N;;;;;
+2F8E8;CJK COMPATIBILITY IDEOGRAPH-2F8E8;Lo;0;L;6942;;;;N;;;;;
+2F8E9;CJK COMPATIBILITY IDEOGRAPH-2F8E9;Lo;0;L;69A3;;;;N;;;;;
+2F8EA;CJK COMPATIBILITY IDEOGRAPH-2F8EA;Lo;0;L;69EA;;;;N;;;;;
+2F8EB;CJK COMPATIBILITY IDEOGRAPH-2F8EB;Lo;0;L;6AA8;;;;N;;;;;
+2F8EC;CJK COMPATIBILITY IDEOGRAPH-2F8EC;Lo;0;L;236A3;;;;N;;;;;
+2F8ED;CJK COMPATIBILITY IDEOGRAPH-2F8ED;Lo;0;L;6ADB;;;;N;;;;;
+2F8EE;CJK COMPATIBILITY IDEOGRAPH-2F8EE;Lo;0;L;3C18;;;;N;;;;;
+2F8EF;CJK COMPATIBILITY IDEOGRAPH-2F8EF;Lo;0;L;6B21;;;;N;;;;;
+2F8F0;CJK COMPATIBILITY IDEOGRAPH-2F8F0;Lo;0;L;238A7;;;;N;;;;;
+2F8F1;CJK COMPATIBILITY IDEOGRAPH-2F8F1;Lo;0;L;6B54;;;;N;;;;;
+2F8F2;CJK COMPATIBILITY IDEOGRAPH-2F8F2;Lo;0;L;3C4E;;;;N;;;;;
+2F8F3;CJK COMPATIBILITY IDEOGRAPH-2F8F3;Lo;0;L;6B72;;;;N;;;;;
+2F8F4;CJK COMPATIBILITY IDEOGRAPH-2F8F4;Lo;0;L;6B9F;;;;N;;;;;
+2F8F5;CJK COMPATIBILITY IDEOGRAPH-2F8F5;Lo;0;L;6BBA;;;;N;;;;;
+2F8F6;CJK COMPATIBILITY IDEOGRAPH-2F8F6;Lo;0;L;6BBB;;;;N;;;;;
+2F8F7;CJK COMPATIBILITY IDEOGRAPH-2F8F7;Lo;0;L;23A8D;;;;N;;;;;
+2F8F8;CJK COMPATIBILITY IDEOGRAPH-2F8F8;Lo;0;L;21D0B;;;;N;;;;;
+2F8F9;CJK COMPATIBILITY IDEOGRAPH-2F8F9;Lo;0;L;23AFA;;;;N;;;;;
+2F8FA;CJK COMPATIBILITY IDEOGRAPH-2F8FA;Lo;0;L;6C4E;;;;N;;;;;
+2F8FB;CJK COMPATIBILITY IDEOGRAPH-2F8FB;Lo;0;L;23CBC;;;;N;;;;;
+2F8FC;CJK COMPATIBILITY IDEOGRAPH-2F8FC;Lo;0;L;6CBF;;;;N;;;;;
+2F8FD;CJK COMPATIBILITY IDEOGRAPH-2F8FD;Lo;0;L;6CCD;;;;N;;;;;
+2F8FE;CJK COMPATIBILITY IDEOGRAPH-2F8FE;Lo;0;L;6C67;;;;N;;;;;
+2F8FF;CJK COMPATIBILITY IDEOGRAPH-2F8FF;Lo;0;L;6D16;;;;N;;;;;
+2F900;CJK COMPATIBILITY IDEOGRAPH-2F900;Lo;0;L;6D3E;;;;N;;;;;
+2F901;CJK COMPATIBILITY IDEOGRAPH-2F901;Lo;0;L;6D77;;;;N;;;;;
+2F902;CJK COMPATIBILITY IDEOGRAPH-2F902;Lo;0;L;6D41;;;;N;;;;;
+2F903;CJK COMPATIBILITY IDEOGRAPH-2F903;Lo;0;L;6D69;;;;N;;;;;
+2F904;CJK COMPATIBILITY IDEOGRAPH-2F904;Lo;0;L;6D78;;;;N;;;;;
+2F905;CJK COMPATIBILITY IDEOGRAPH-2F905;Lo;0;L;6D85;;;;N;;;;;
+2F906;CJK COMPATIBILITY IDEOGRAPH-2F906;Lo;0;L;23D1E;;;;N;;;;;
+2F907;CJK COMPATIBILITY IDEOGRAPH-2F907;Lo;0;L;6D34;;;;N;;;;;
+2F908;CJK COMPATIBILITY IDEOGRAPH-2F908;Lo;0;L;6E2F;;;;N;;;;;
+2F909;CJK COMPATIBILITY IDEOGRAPH-2F909;Lo;0;L;6E6E;;;;N;;;;;
+2F90A;CJK COMPATIBILITY IDEOGRAPH-2F90A;Lo;0;L;3D33;;;;N;;;;;
+2F90B;CJK COMPATIBILITY IDEOGRAPH-2F90B;Lo;0;L;6ECB;;;;N;;;;;
+2F90C;CJK COMPATIBILITY IDEOGRAPH-2F90C;Lo;0;L;6EC7;;;;N;;;;;
+2F90D;CJK COMPATIBILITY IDEOGRAPH-2F90D;Lo;0;L;23ED1;;;;N;;;;;
+2F90E;CJK COMPATIBILITY IDEOGRAPH-2F90E;Lo;0;L;6DF9;;;;N;;;;;
+2F90F;CJK COMPATIBILITY IDEOGRAPH-2F90F;Lo;0;L;6F6E;;;;N;;;;;
+2F910;CJK COMPATIBILITY IDEOGRAPH-2F910;Lo;0;L;23F5E;;;;N;;;;;
+2F911;CJK COMPATIBILITY IDEOGRAPH-2F911;Lo;0;L;23F8E;;;;N;;;;;
+2F912;CJK COMPATIBILITY IDEOGRAPH-2F912;Lo;0;L;6FC6;;;;N;;;;;
+2F913;CJK COMPATIBILITY IDEOGRAPH-2F913;Lo;0;L;7039;;;;N;;;;;
+2F914;CJK COMPATIBILITY IDEOGRAPH-2F914;Lo;0;L;701E;;;;N;;;;;
+2F915;CJK COMPATIBILITY IDEOGRAPH-2F915;Lo;0;L;701B;;;;N;;;;;
+2F916;CJK COMPATIBILITY IDEOGRAPH-2F916;Lo;0;L;3D96;;;;N;;;;;
+2F917;CJK COMPATIBILITY IDEOGRAPH-2F917;Lo;0;L;704A;;;;N;;;;;
+2F918;CJK COMPATIBILITY IDEOGRAPH-2F918;Lo;0;L;707D;;;;N;;;;;
+2F919;CJK COMPATIBILITY IDEOGRAPH-2F919;Lo;0;L;7077;;;;N;;;;;
+2F91A;CJK COMPATIBILITY IDEOGRAPH-2F91A;Lo;0;L;70AD;;;;N;;;;;
+2F91B;CJK COMPATIBILITY IDEOGRAPH-2F91B;Lo;0;L;20525;;;;N;;;;;
+2F91C;CJK COMPATIBILITY IDEOGRAPH-2F91C;Lo;0;L;7145;;;;N;;;;;
+2F91D;CJK COMPATIBILITY IDEOGRAPH-2F91D;Lo;0;L;24263;;;;N;;;;;
+2F91E;CJK COMPATIBILITY IDEOGRAPH-2F91E;Lo;0;L;719C;;;;N;;;;;
+2F91F;CJK COMPATIBILITY IDEOGRAPH-2F91F;Lo;0;L;43AB;;;;N;;;;;
+2F920;CJK COMPATIBILITY IDEOGRAPH-2F920;Lo;0;L;7228;;;;N;;;;;
+2F921;CJK COMPATIBILITY IDEOGRAPH-2F921;Lo;0;L;7235;;;;N;;;;;
+2F922;CJK COMPATIBILITY IDEOGRAPH-2F922;Lo;0;L;7250;;;;N;;;;;
+2F923;CJK COMPATIBILITY IDEOGRAPH-2F923;Lo;0;L;24608;;;;N;;;;;
+2F924;CJK COMPATIBILITY IDEOGRAPH-2F924;Lo;0;L;7280;;;;N;;;;;
+2F925;CJK COMPATIBILITY IDEOGRAPH-2F925;Lo;0;L;7295;;;;N;;;;;
+2F926;CJK COMPATIBILITY IDEOGRAPH-2F926;Lo;0;L;24735;;;;N;;;;;
+2F927;CJK COMPATIBILITY IDEOGRAPH-2F927;Lo;0;L;24814;;;;N;;;;;
+2F928;CJK COMPATIBILITY IDEOGRAPH-2F928;Lo;0;L;737A;;;;N;;;;;
+2F929;CJK COMPATIBILITY IDEOGRAPH-2F929;Lo;0;L;738B;;;;N;;;;;
+2F92A;CJK COMPATIBILITY IDEOGRAPH-2F92A;Lo;0;L;3EAC;;;;N;;;;;
+2F92B;CJK COMPATIBILITY IDEOGRAPH-2F92B;Lo;0;L;73A5;;;;N;;;;;
+2F92C;CJK COMPATIBILITY IDEOGRAPH-2F92C;Lo;0;L;3EB8;;;;N;;;;;
+2F92D;CJK COMPATIBILITY IDEOGRAPH-2F92D;Lo;0;L;3EB8;;;;N;;;;;
+2F92E;CJK COMPATIBILITY IDEOGRAPH-2F92E;Lo;0;L;7447;;;;N;;;;;
+2F92F;CJK COMPATIBILITY IDEOGRAPH-2F92F;Lo;0;L;745C;;;;N;;;;;
+2F930;CJK COMPATIBILITY IDEOGRAPH-2F930;Lo;0;L;7471;;;;N;;;;;
+2F931;CJK COMPATIBILITY IDEOGRAPH-2F931;Lo;0;L;7485;;;;N;;;;;
+2F932;CJK COMPATIBILITY IDEOGRAPH-2F932;Lo;0;L;74CA;;;;N;;;;;
+2F933;CJK COMPATIBILITY IDEOGRAPH-2F933;Lo;0;L;3F1B;;;;N;;;;;
+2F934;CJK COMPATIBILITY IDEOGRAPH-2F934;Lo;0;L;7524;;;;N;;;;;
+2F935;CJK COMPATIBILITY IDEOGRAPH-2F935;Lo;0;L;24C36;;;;N;;;;;
+2F936;CJK COMPATIBILITY IDEOGRAPH-2F936;Lo;0;L;753E;;;;N;;;;;
+2F937;CJK COMPATIBILITY IDEOGRAPH-2F937;Lo;0;L;24C92;;;;N;;;;;
+2F938;CJK COMPATIBILITY IDEOGRAPH-2F938;Lo;0;L;7570;;;;N;;;;;
+2F939;CJK COMPATIBILITY IDEOGRAPH-2F939;Lo;0;L;2219F;;;;N;;;;;
+2F93A;CJK COMPATIBILITY IDEOGRAPH-2F93A;Lo;0;L;7610;;;;N;;;;;
+2F93B;CJK COMPATIBILITY IDEOGRAPH-2F93B;Lo;0;L;24FA1;;;;N;;;;;
+2F93C;CJK COMPATIBILITY IDEOGRAPH-2F93C;Lo;0;L;24FB8;;;;N;;;;;
+2F93D;CJK COMPATIBILITY IDEOGRAPH-2F93D;Lo;0;L;25044;;;;N;;;;;
+2F93E;CJK COMPATIBILITY IDEOGRAPH-2F93E;Lo;0;L;3FFC;;;;N;;;;;
+2F93F;CJK COMPATIBILITY IDEOGRAPH-2F93F;Lo;0;L;4008;;;;N;;;;;
+2F940;CJK COMPATIBILITY IDEOGRAPH-2F940;Lo;0;L;76F4;;;;N;;;;;
+2F941;CJK COMPATIBILITY IDEOGRAPH-2F941;Lo;0;L;250F3;;;;N;;;;;
+2F942;CJK COMPATIBILITY IDEOGRAPH-2F942;Lo;0;L;250F2;;;;N;;;;;
+2F943;CJK COMPATIBILITY IDEOGRAPH-2F943;Lo;0;L;25119;;;;N;;;;;
+2F944;CJK COMPATIBILITY IDEOGRAPH-2F944;Lo;0;L;25133;;;;N;;;;;
+2F945;CJK COMPATIBILITY IDEOGRAPH-2F945;Lo;0;L;771E;;;;N;;;;;
+2F946;CJK COMPATIBILITY IDEOGRAPH-2F946;Lo;0;L;771F;;;;N;;;;;
+2F947;CJK COMPATIBILITY IDEOGRAPH-2F947;Lo;0;L;771F;;;;N;;;;;
+2F948;CJK COMPATIBILITY IDEOGRAPH-2F948;Lo;0;L;774A;;;;N;;;;;
+2F949;CJK COMPATIBILITY IDEOGRAPH-2F949;Lo;0;L;4039;;;;N;;;;;
+2F94A;CJK COMPATIBILITY IDEOGRAPH-2F94A;Lo;0;L;778B;;;;N;;;;;
+2F94B;CJK COMPATIBILITY IDEOGRAPH-2F94B;Lo;0;L;4046;;;;N;;;;;
+2F94C;CJK COMPATIBILITY IDEOGRAPH-2F94C;Lo;0;L;4096;;;;N;;;;;
+2F94D;CJK COMPATIBILITY IDEOGRAPH-2F94D;Lo;0;L;2541D;;;;N;;;;;
+2F94E;CJK COMPATIBILITY IDEOGRAPH-2F94E;Lo;0;L;784E;;;;N;;;;;
+2F94F;CJK COMPATIBILITY IDEOGRAPH-2F94F;Lo;0;L;788C;;;;N;;;;;
+2F950;CJK COMPATIBILITY IDEOGRAPH-2F950;Lo;0;L;78CC;;;;N;;;;;
+2F951;CJK COMPATIBILITY IDEOGRAPH-2F951;Lo;0;L;40E3;;;;N;;;;;
+2F952;CJK COMPATIBILITY IDEOGRAPH-2F952;Lo;0;L;25626;;;;N;;;;;
+2F953;CJK COMPATIBILITY IDEOGRAPH-2F953;Lo;0;L;7956;;;;N;;;;;
+2F954;CJK COMPATIBILITY IDEOGRAPH-2F954;Lo;0;L;2569A;;;;N;;;;;
+2F955;CJK COMPATIBILITY IDEOGRAPH-2F955;Lo;0;L;256C5;;;;N;;;;;
+2F956;CJK COMPATIBILITY IDEOGRAPH-2F956;Lo;0;L;798F;;;;N;;;;;
+2F957;CJK COMPATIBILITY IDEOGRAPH-2F957;Lo;0;L;79EB;;;;N;;;;;
+2F958;CJK COMPATIBILITY IDEOGRAPH-2F958;Lo;0;L;412F;;;;N;;;;;
+2F959;CJK COMPATIBILITY IDEOGRAPH-2F959;Lo;0;L;7A40;;;;N;;;;;
+2F95A;CJK COMPATIBILITY IDEOGRAPH-2F95A;Lo;0;L;7A4A;;;;N;;;;;
+2F95B;CJK COMPATIBILITY IDEOGRAPH-2F95B;Lo;0;L;7A4F;;;;N;;;;;
+2F95C;CJK COMPATIBILITY IDEOGRAPH-2F95C;Lo;0;L;2597C;;;;N;;;;;
+2F95D;CJK COMPATIBILITY IDEOGRAPH-2F95D;Lo;0;L;25AA7;;;;N;;;;;
+2F95E;CJK COMPATIBILITY IDEOGRAPH-2F95E;Lo;0;L;25AA7;;;;N;;;;;
+2F95F;CJK COMPATIBILITY IDEOGRAPH-2F95F;Lo;0;L;7AAE;;;;N;;;;;
+2F960;CJK COMPATIBILITY IDEOGRAPH-2F960;Lo;0;L;4202;;;;N;;;;;
+2F961;CJK COMPATIBILITY IDEOGRAPH-2F961;Lo;0;L;25BAB;;;;N;;;;;
+2F962;CJK COMPATIBILITY IDEOGRAPH-2F962;Lo;0;L;7BC6;;;;N;;;;;
+2F963;CJK COMPATIBILITY IDEOGRAPH-2F963;Lo;0;L;7BC9;;;;N;;;;;
+2F964;CJK COMPATIBILITY IDEOGRAPH-2F964;Lo;0;L;4227;;;;N;;;;;
+2F965;CJK COMPATIBILITY IDEOGRAPH-2F965;Lo;0;L;25C80;;;;N;;;;;
+2F966;CJK COMPATIBILITY IDEOGRAPH-2F966;Lo;0;L;7CD2;;;;N;;;;;
+2F967;CJK COMPATIBILITY IDEOGRAPH-2F967;Lo;0;L;42A0;;;;N;;;;;
+2F968;CJK COMPATIBILITY IDEOGRAPH-2F968;Lo;0;L;7CE8;;;;N;;;;;
+2F969;CJK COMPATIBILITY IDEOGRAPH-2F969;Lo;0;L;7CE3;;;;N;;;;;
+2F96A;CJK COMPATIBILITY IDEOGRAPH-2F96A;Lo;0;L;7D00;;;;N;;;;;
+2F96B;CJK COMPATIBILITY IDEOGRAPH-2F96B;Lo;0;L;25F86;;;;N;;;;;
+2F96C;CJK COMPATIBILITY IDEOGRAPH-2F96C;Lo;0;L;7D63;;;;N;;;;;
+2F96D;CJK COMPATIBILITY IDEOGRAPH-2F96D;Lo;0;L;4301;;;;N;;;;;
+2F96E;CJK COMPATIBILITY IDEOGRAPH-2F96E;Lo;0;L;7DC7;;;;N;;;;;
+2F96F;CJK COMPATIBILITY IDEOGRAPH-2F96F;Lo;0;L;7E02;;;;N;;;;;
+2F970;CJK COMPATIBILITY IDEOGRAPH-2F970;Lo;0;L;7E45;;;;N;;;;;
+2F971;CJK COMPATIBILITY IDEOGRAPH-2F971;Lo;0;L;4334;;;;N;;;;;
+2F972;CJK COMPATIBILITY IDEOGRAPH-2F972;Lo;0;L;26228;;;;N;;;;;
+2F973;CJK COMPATIBILITY IDEOGRAPH-2F973;Lo;0;L;26247;;;;N;;;;;
+2F974;CJK COMPATIBILITY IDEOGRAPH-2F974;Lo;0;L;4359;;;;N;;;;;
+2F975;CJK COMPATIBILITY IDEOGRAPH-2F975;Lo;0;L;262D9;;;;N;;;;;
+2F976;CJK COMPATIBILITY IDEOGRAPH-2F976;Lo;0;L;7F7A;;;;N;;;;;
+2F977;CJK COMPATIBILITY IDEOGRAPH-2F977;Lo;0;L;2633E;;;;N;;;;;
+2F978;CJK COMPATIBILITY IDEOGRAPH-2F978;Lo;0;L;7F95;;;;N;;;;;
+2F979;CJK COMPATIBILITY IDEOGRAPH-2F979;Lo;0;L;7FFA;;;;N;;;;;
+2F97A;CJK COMPATIBILITY IDEOGRAPH-2F97A;Lo;0;L;8005;;;;N;;;;;
+2F97B;CJK COMPATIBILITY IDEOGRAPH-2F97B;Lo;0;L;264DA;;;;N;;;;;
+2F97C;CJK COMPATIBILITY IDEOGRAPH-2F97C;Lo;0;L;26523;;;;N;;;;;
+2F97D;CJK COMPATIBILITY IDEOGRAPH-2F97D;Lo;0;L;8060;;;;N;;;;;
+2F97E;CJK COMPATIBILITY IDEOGRAPH-2F97E;Lo;0;L;265A8;;;;N;;;;;
+2F97F;CJK COMPATIBILITY IDEOGRAPH-2F97F;Lo;0;L;8070;;;;N;;;;;
+2F980;CJK COMPATIBILITY IDEOGRAPH-2F980;Lo;0;L;2335F;;;;N;;;;;
+2F981;CJK COMPATIBILITY IDEOGRAPH-2F981;Lo;0;L;43D5;;;;N;;;;;
+2F982;CJK COMPATIBILITY IDEOGRAPH-2F982;Lo;0;L;80B2;;;;N;;;;;
+2F983;CJK COMPATIBILITY IDEOGRAPH-2F983;Lo;0;L;8103;;;;N;;;;;
+2F984;CJK COMPATIBILITY IDEOGRAPH-2F984;Lo;0;L;440B;;;;N;;;;;
+2F985;CJK COMPATIBILITY IDEOGRAPH-2F985;Lo;0;L;813E;;;;N;;;;;
+2F986;CJK COMPATIBILITY IDEOGRAPH-2F986;Lo;0;L;5AB5;;;;N;;;;;
+2F987;CJK COMPATIBILITY IDEOGRAPH-2F987;Lo;0;L;267A7;;;;N;;;;;
+2F988;CJK COMPATIBILITY IDEOGRAPH-2F988;Lo;0;L;267B5;;;;N;;;;;
+2F989;CJK COMPATIBILITY IDEOGRAPH-2F989;Lo;0;L;23393;;;;N;;;;;
+2F98A;CJK COMPATIBILITY IDEOGRAPH-2F98A;Lo;0;L;2339C;;;;N;;;;;
+2F98B;CJK COMPATIBILITY IDEOGRAPH-2F98B;Lo;0;L;8201;;;;N;;;;;
+2F98C;CJK COMPATIBILITY IDEOGRAPH-2F98C;Lo;0;L;8204;;;;N;;;;;
+2F98D;CJK COMPATIBILITY IDEOGRAPH-2F98D;Lo;0;L;8F9E;;;;N;;;;;
+2F98E;CJK COMPATIBILITY IDEOGRAPH-2F98E;Lo;0;L;446B;;;;N;;;;;
+2F98F;CJK COMPATIBILITY IDEOGRAPH-2F98F;Lo;0;L;8291;;;;N;;;;;
+2F990;CJK COMPATIBILITY IDEOGRAPH-2F990;Lo;0;L;828B;;;;N;;;;;
+2F991;CJK COMPATIBILITY IDEOGRAPH-2F991;Lo;0;L;829D;;;;N;;;;;
+2F992;CJK COMPATIBILITY IDEOGRAPH-2F992;Lo;0;L;52B3;;;;N;;;;;
+2F993;CJK COMPATIBILITY IDEOGRAPH-2F993;Lo;0;L;82B1;;;;N;;;;;
+2F994;CJK COMPATIBILITY IDEOGRAPH-2F994;Lo;0;L;82B3;;;;N;;;;;
+2F995;CJK COMPATIBILITY IDEOGRAPH-2F995;Lo;0;L;82BD;;;;N;;;;;
+2F996;CJK COMPATIBILITY IDEOGRAPH-2F996;Lo;0;L;82E6;;;;N;;;;;
+2F997;CJK COMPATIBILITY IDEOGRAPH-2F997;Lo;0;L;26B3C;;;;N;;;;;
+2F998;CJK COMPATIBILITY IDEOGRAPH-2F998;Lo;0;L;82E5;;;;N;;;;;
+2F999;CJK COMPATIBILITY IDEOGRAPH-2F999;Lo;0;L;831D;;;;N;;;;;
+2F99A;CJK COMPATIBILITY IDEOGRAPH-2F99A;Lo;0;L;8363;;;;N;;;;;
+2F99B;CJK COMPATIBILITY IDEOGRAPH-2F99B;Lo;0;L;83AD;;;;N;;;;;
+2F99C;CJK COMPATIBILITY IDEOGRAPH-2F99C;Lo;0;L;8323;;;;N;;;;;
+2F99D;CJK COMPATIBILITY IDEOGRAPH-2F99D;Lo;0;L;83BD;;;;N;;;;;
+2F99E;CJK COMPATIBILITY IDEOGRAPH-2F99E;Lo;0;L;83E7;;;;N;;;;;
+2F99F;CJK COMPATIBILITY IDEOGRAPH-2F99F;Lo;0;L;8457;;;;N;;;;;
+2F9A0;CJK COMPATIBILITY IDEOGRAPH-2F9A0;Lo;0;L;8353;;;;N;;;;;
+2F9A1;CJK COMPATIBILITY IDEOGRAPH-2F9A1;Lo;0;L;83CA;;;;N;;;;;
+2F9A2;CJK COMPATIBILITY IDEOGRAPH-2F9A2;Lo;0;L;83CC;;;;N;;;;;
+2F9A3;CJK COMPATIBILITY IDEOGRAPH-2F9A3;Lo;0;L;83DC;;;;N;;;;;
+2F9A4;CJK COMPATIBILITY IDEOGRAPH-2F9A4;Lo;0;L;26C36;;;;N;;;;;
+2F9A5;CJK COMPATIBILITY IDEOGRAPH-2F9A5;Lo;0;L;26D6B;;;;N;;;;;
+2F9A6;CJK COMPATIBILITY IDEOGRAPH-2F9A6;Lo;0;L;26CD5;;;;N;;;;;
+2F9A7;CJK COMPATIBILITY IDEOGRAPH-2F9A7;Lo;0;L;452B;;;;N;;;;;
+2F9A8;CJK COMPATIBILITY IDEOGRAPH-2F9A8;Lo;0;L;84F1;;;;N;;;;;
+2F9A9;CJK COMPATIBILITY IDEOGRAPH-2F9A9;Lo;0;L;84F3;;;;N;;;;;
+2F9AA;CJK COMPATIBILITY IDEOGRAPH-2F9AA;Lo;0;L;8516;;;;N;;;;;
+2F9AB;CJK COMPATIBILITY IDEOGRAPH-2F9AB;Lo;0;L;273CA;;;;N;;;;;
+2F9AC;CJK COMPATIBILITY IDEOGRAPH-2F9AC;Lo;0;L;8564;;;;N;;;;;
+2F9AD;CJK COMPATIBILITY IDEOGRAPH-2F9AD;Lo;0;L;26F2C;;;;N;;;;;
+2F9AE;CJK COMPATIBILITY IDEOGRAPH-2F9AE;Lo;0;L;455D;;;;N;;;;;
+2F9AF;CJK COMPATIBILITY IDEOGRAPH-2F9AF;Lo;0;L;4561;;;;N;;;;;
+2F9B0;CJK COMPATIBILITY IDEOGRAPH-2F9B0;Lo;0;L;26FB1;;;;N;;;;;
+2F9B1;CJK COMPATIBILITY IDEOGRAPH-2F9B1;Lo;0;L;270D2;;;;N;;;;;
+2F9B2;CJK COMPATIBILITY IDEOGRAPH-2F9B2;Lo;0;L;456B;;;;N;;;;;
+2F9B3;CJK COMPATIBILITY IDEOGRAPH-2F9B3;Lo;0;L;8650;;;;N;;;;;
+2F9B4;CJK COMPATIBILITY IDEOGRAPH-2F9B4;Lo;0;L;865C;;;;N;;;;;
+2F9B5;CJK COMPATIBILITY IDEOGRAPH-2F9B5;Lo;0;L;8667;;;;N;;;;;
+2F9B6;CJK COMPATIBILITY IDEOGRAPH-2F9B6;Lo;0;L;8669;;;;N;;;;;
+2F9B7;CJK COMPATIBILITY IDEOGRAPH-2F9B7;Lo;0;L;86A9;;;;N;;;;;
+2F9B8;CJK COMPATIBILITY IDEOGRAPH-2F9B8;Lo;0;L;8688;;;;N;;;;;
+2F9B9;CJK COMPATIBILITY IDEOGRAPH-2F9B9;Lo;0;L;870E;;;;N;;;;;
+2F9BA;CJK COMPATIBILITY IDEOGRAPH-2F9BA;Lo;0;L;86E2;;;;N;;;;;
+2F9BB;CJK COMPATIBILITY IDEOGRAPH-2F9BB;Lo;0;L;8779;;;;N;;;;;
+2F9BC;CJK COMPATIBILITY IDEOGRAPH-2F9BC;Lo;0;L;8728;;;;N;;;;;
+2F9BD;CJK COMPATIBILITY IDEOGRAPH-2F9BD;Lo;0;L;876B;;;;N;;;;;
+2F9BE;CJK COMPATIBILITY IDEOGRAPH-2F9BE;Lo;0;L;8786;;;;N;;;;;
+2F9BF;CJK COMPATIBILITY IDEOGRAPH-2F9BF;Lo;0;L;4D57;;;;N;;;;;
+2F9C0;CJK COMPATIBILITY IDEOGRAPH-2F9C0;Lo;0;L;87E1;;;;N;;;;;
+2F9C1;CJK COMPATIBILITY IDEOGRAPH-2F9C1;Lo;0;L;8801;;;;N;;;;;
+2F9C2;CJK COMPATIBILITY IDEOGRAPH-2F9C2;Lo;0;L;45F9;;;;N;;;;;
+2F9C3;CJK COMPATIBILITY IDEOGRAPH-2F9C3;Lo;0;L;8860;;;;N;;;;;
+2F9C4;CJK COMPATIBILITY IDEOGRAPH-2F9C4;Lo;0;L;8863;;;;N;;;;;
+2F9C5;CJK COMPATIBILITY IDEOGRAPH-2F9C5;Lo;0;L;27667;;;;N;;;;;
+2F9C6;CJK COMPATIBILITY IDEOGRAPH-2F9C6;Lo;0;L;88D7;;;;N;;;;;
+2F9C7;CJK COMPATIBILITY IDEOGRAPH-2F9C7;Lo;0;L;88DE;;;;N;;;;;
+2F9C8;CJK COMPATIBILITY IDEOGRAPH-2F9C8;Lo;0;L;4635;;;;N;;;;;
+2F9C9;CJK COMPATIBILITY IDEOGRAPH-2F9C9;Lo;0;L;88FA;;;;N;;;;;
+2F9CA;CJK COMPATIBILITY IDEOGRAPH-2F9CA;Lo;0;L;34BB;;;;N;;;;;
+2F9CB;CJK COMPATIBILITY IDEOGRAPH-2F9CB;Lo;0;L;278AE;;;;N;;;;;
+2F9CC;CJK COMPATIBILITY IDEOGRAPH-2F9CC;Lo;0;L;27966;;;;N;;;;;
+2F9CD;CJK COMPATIBILITY IDEOGRAPH-2F9CD;Lo;0;L;46BE;;;;N;;;;;
+2F9CE;CJK COMPATIBILITY IDEOGRAPH-2F9CE;Lo;0;L;46C7;;;;N;;;;;
+2F9CF;CJK COMPATIBILITY IDEOGRAPH-2F9CF;Lo;0;L;8AA0;;;;N;;;;;
+2F9D0;CJK COMPATIBILITY IDEOGRAPH-2F9D0;Lo;0;L;8AED;;;;N;;;;;
+2F9D1;CJK COMPATIBILITY IDEOGRAPH-2F9D1;Lo;0;L;8B8A;;;;N;;;;;
+2F9D2;CJK COMPATIBILITY IDEOGRAPH-2F9D2;Lo;0;L;8C55;;;;N;;;;;
+2F9D3;CJK COMPATIBILITY IDEOGRAPH-2F9D3;Lo;0;L;27CA8;;;;N;;;;;
+2F9D4;CJK COMPATIBILITY IDEOGRAPH-2F9D4;Lo;0;L;8CAB;;;;N;;;;;
+2F9D5;CJK COMPATIBILITY IDEOGRAPH-2F9D5;Lo;0;L;8CC1;;;;N;;;;;
+2F9D6;CJK COMPATIBILITY IDEOGRAPH-2F9D6;Lo;0;L;8D1B;;;;N;;;;;
+2F9D7;CJK COMPATIBILITY IDEOGRAPH-2F9D7;Lo;0;L;8D77;;;;N;;;;;
+2F9D8;CJK COMPATIBILITY IDEOGRAPH-2F9D8;Lo;0;L;27F2F;;;;N;;;;;
+2F9D9;CJK COMPATIBILITY IDEOGRAPH-2F9D9;Lo;0;L;20804;;;;N;;;;;
+2F9DA;CJK COMPATIBILITY IDEOGRAPH-2F9DA;Lo;0;L;8DCB;;;;N;;;;;
+2F9DB;CJK COMPATIBILITY IDEOGRAPH-2F9DB;Lo;0;L;8DBC;;;;N;;;;;
+2F9DC;CJK COMPATIBILITY IDEOGRAPH-2F9DC;Lo;0;L;8DF0;;;;N;;;;;
+2F9DD;CJK COMPATIBILITY IDEOGRAPH-2F9DD;Lo;0;L;208DE;;;;N;;;;;
+2F9DE;CJK COMPATIBILITY IDEOGRAPH-2F9DE;Lo;0;L;8ED4;;;;N;;;;;
+2F9DF;CJK COMPATIBILITY IDEOGRAPH-2F9DF;Lo;0;L;8F38;;;;N;;;;;
+2F9E0;CJK COMPATIBILITY IDEOGRAPH-2F9E0;Lo;0;L;285D2;;;;N;;;;;
+2F9E1;CJK COMPATIBILITY IDEOGRAPH-2F9E1;Lo;0;L;285ED;;;;N;;;;;
+2F9E2;CJK COMPATIBILITY IDEOGRAPH-2F9E2;Lo;0;L;9094;;;;N;;;;;
+2F9E3;CJK COMPATIBILITY IDEOGRAPH-2F9E3;Lo;0;L;90F1;;;;N;;;;;
+2F9E4;CJK COMPATIBILITY IDEOGRAPH-2F9E4;Lo;0;L;9111;;;;N;;;;;
+2F9E5;CJK COMPATIBILITY IDEOGRAPH-2F9E5;Lo;0;L;2872E;;;;N;;;;;
+2F9E6;CJK COMPATIBILITY IDEOGRAPH-2F9E6;Lo;0;L;911B;;;;N;;;;;
+2F9E7;CJK COMPATIBILITY IDEOGRAPH-2F9E7;Lo;0;L;9238;;;;N;;;;;
+2F9E8;CJK COMPATIBILITY IDEOGRAPH-2F9E8;Lo;0;L;92D7;;;;N;;;;;
+2F9E9;CJK COMPATIBILITY IDEOGRAPH-2F9E9;Lo;0;L;92D8;;;;N;;;;;
+2F9EA;CJK COMPATIBILITY IDEOGRAPH-2F9EA;Lo;0;L;927C;;;;N;;;;;
+2F9EB;CJK COMPATIBILITY IDEOGRAPH-2F9EB;Lo;0;L;93F9;;;;N;;;;;
+2F9EC;CJK COMPATIBILITY IDEOGRAPH-2F9EC;Lo;0;L;9415;;;;N;;;;;
+2F9ED;CJK COMPATIBILITY IDEOGRAPH-2F9ED;Lo;0;L;28BFA;;;;N;;;;;
+2F9EE;CJK COMPATIBILITY IDEOGRAPH-2F9EE;Lo;0;L;958B;;;;N;;;;;
+2F9EF;CJK COMPATIBILITY IDEOGRAPH-2F9EF;Lo;0;L;4995;;;;N;;;;;
+2F9F0;CJK COMPATIBILITY IDEOGRAPH-2F9F0;Lo;0;L;95B7;;;;N;;;;;
+2F9F1;CJK COMPATIBILITY IDEOGRAPH-2F9F1;Lo;0;L;28D77;;;;N;;;;;
+2F9F2;CJK COMPATIBILITY IDEOGRAPH-2F9F2;Lo;0;L;49E6;;;;N;;;;;
+2F9F3;CJK COMPATIBILITY IDEOGRAPH-2F9F3;Lo;0;L;96C3;;;;N;;;;;
+2F9F4;CJK COMPATIBILITY IDEOGRAPH-2F9F4;Lo;0;L;5DB2;;;;N;;;;;
+2F9F5;CJK COMPATIBILITY IDEOGRAPH-2F9F5;Lo;0;L;9723;;;;N;;;;;
+2F9F6;CJK COMPATIBILITY IDEOGRAPH-2F9F6;Lo;0;L;29145;;;;N;;;;;
+2F9F7;CJK COMPATIBILITY IDEOGRAPH-2F9F7;Lo;0;L;2921A;;;;N;;;;;
+2F9F8;CJK COMPATIBILITY IDEOGRAPH-2F9F8;Lo;0;L;4A6E;;;;N;;;;;
+2F9F9;CJK COMPATIBILITY IDEOGRAPH-2F9F9;Lo;0;L;4A76;;;;N;;;;;
+2F9FA;CJK COMPATIBILITY IDEOGRAPH-2F9FA;Lo;0;L;97E0;;;;N;;;;;
+2F9FB;CJK COMPATIBILITY IDEOGRAPH-2F9FB;Lo;0;L;2940A;;;;N;;;;;
+2F9FC;CJK COMPATIBILITY IDEOGRAPH-2F9FC;Lo;0;L;4AB2;;;;N;;;;;
+2F9FD;CJK COMPATIBILITY IDEOGRAPH-2F9FD;Lo;0;L;29496;;;;N;;;;;
+2F9FE;CJK COMPATIBILITY IDEOGRAPH-2F9FE;Lo;0;L;980B;;;;N;;;;;
+2F9FF;CJK COMPATIBILITY IDEOGRAPH-2F9FF;Lo;0;L;980B;;;;N;;;;;
+2FA00;CJK COMPATIBILITY IDEOGRAPH-2FA00;Lo;0;L;9829;;;;N;;;;;
+2FA01;CJK COMPATIBILITY IDEOGRAPH-2FA01;Lo;0;L;295B6;;;;N;;;;;
+2FA02;CJK COMPATIBILITY IDEOGRAPH-2FA02;Lo;0;L;98E2;;;;N;;;;;
+2FA03;CJK COMPATIBILITY IDEOGRAPH-2FA03;Lo;0;L;4B33;;;;N;;;;;
+2FA04;CJK COMPATIBILITY IDEOGRAPH-2FA04;Lo;0;L;9929;;;;N;;;;;
+2FA05;CJK COMPATIBILITY IDEOGRAPH-2FA05;Lo;0;L;99A7;;;;N;;;;;
+2FA06;CJK COMPATIBILITY IDEOGRAPH-2FA06;Lo;0;L;99C2;;;;N;;;;;
+2FA07;CJK COMPATIBILITY IDEOGRAPH-2FA07;Lo;0;L;99FE;;;;N;;;;;
+2FA08;CJK COMPATIBILITY IDEOGRAPH-2FA08;Lo;0;L;4BCE;;;;N;;;;;
+2FA09;CJK COMPATIBILITY IDEOGRAPH-2FA09;Lo;0;L;29B30;;;;N;;;;;
+2FA0A;CJK COMPATIBILITY IDEOGRAPH-2FA0A;Lo;0;L;9B12;;;;N;;;;;
+2FA0B;CJK COMPATIBILITY IDEOGRAPH-2FA0B;Lo;0;L;9C40;;;;N;;;;;
+2FA0C;CJK COMPATIBILITY IDEOGRAPH-2FA0C;Lo;0;L;9CFD;;;;N;;;;;
+2FA0D;CJK COMPATIBILITY IDEOGRAPH-2FA0D;Lo;0;L;4CCE;;;;N;;;;;
+2FA0E;CJK COMPATIBILITY IDEOGRAPH-2FA0E;Lo;0;L;4CED;;;;N;;;;;
+2FA0F;CJK COMPATIBILITY IDEOGRAPH-2FA0F;Lo;0;L;9D67;;;;N;;;;;
+2FA10;CJK COMPATIBILITY IDEOGRAPH-2FA10;Lo;0;L;2A0CE;;;;N;;;;;
+2FA11;CJK COMPATIBILITY IDEOGRAPH-2FA11;Lo;0;L;4CF8;;;;N;;;;;
+2FA12;CJK COMPATIBILITY IDEOGRAPH-2FA12;Lo;0;L;2A105;;;;N;;;;;
+2FA13;CJK COMPATIBILITY IDEOGRAPH-2FA13;Lo;0;L;2A20E;;;;N;;;;;
+2FA14;CJK COMPATIBILITY IDEOGRAPH-2FA14;Lo;0;L;2A291;;;;N;;;;;
+2FA15;CJK COMPATIBILITY IDEOGRAPH-2FA15;Lo;0;L;9EBB;;;;N;;;;;
+2FA16;CJK COMPATIBILITY IDEOGRAPH-2FA16;Lo;0;L;4D56;;;;N;;;;;
+2FA17;CJK COMPATIBILITY IDEOGRAPH-2FA17;Lo;0;L;9EF9;;;;N;;;;;
+2FA18;CJK COMPATIBILITY IDEOGRAPH-2FA18;Lo;0;L;9EFE;;;;N;;;;;
+2FA19;CJK COMPATIBILITY IDEOGRAPH-2FA19;Lo;0;L;9F05;;;;N;;;;;
+2FA1A;CJK COMPATIBILITY IDEOGRAPH-2FA1A;Lo;0;L;9F0F;;;;N;;;;;
+2FA1B;CJK COMPATIBILITY IDEOGRAPH-2FA1B;Lo;0;L;9F16;;;;N;;;;;
+2FA1C;CJK COMPATIBILITY IDEOGRAPH-2FA1C;Lo;0;L;9F3B;;;;N;;;;;
+2FA1D;CJK COMPATIBILITY IDEOGRAPH-2FA1D;Lo;0;L;2A600;;;;N;;;;;
+E0001;LANGUAGE TAG;Cf;0;BN;;;;;N;;;;;
+E0020;TAG SPACE;Cf;0;BN;;;;;N;;;;;
+E0021;TAG EXCLAMATION MARK;Cf;0;BN;;;;;N;;;;;
+E0022;TAG QUOTATION MARK;Cf;0;BN;;;;;N;;;;;
+E0023;TAG NUMBER SIGN;Cf;0;BN;;;;;N;;;;;
+E0024;TAG DOLLAR SIGN;Cf;0;BN;;;;;N;;;;;
+E0025;TAG PERCENT SIGN;Cf;0;BN;;;;;N;;;;;
+E0026;TAG AMPERSAND;Cf;0;BN;;;;;N;;;;;
+E0027;TAG APOSTROPHE;Cf;0;BN;;;;;N;;;;;
+E0028;TAG LEFT PARENTHESIS;Cf;0;BN;;;;;N;;;;;
+E0029;TAG RIGHT PARENTHESIS;Cf;0;BN;;;;;N;;;;;
+E002A;TAG ASTERISK;Cf;0;BN;;;;;N;;;;;
+E002B;TAG PLUS SIGN;Cf;0;BN;;;;;N;;;;;
+E002C;TAG COMMA;Cf;0;BN;;;;;N;;;;;
+E002D;TAG HYPHEN-MINUS;Cf;0;BN;;;;;N;;;;;
+E002E;TAG FULL STOP;Cf;0;BN;;;;;N;;;;;
+E002F;TAG SOLIDUS;Cf;0;BN;;;;;N;;;;;
+E0030;TAG DIGIT ZERO;Cf;0;BN;;;;;N;;;;;
+E0031;TAG DIGIT ONE;Cf;0;BN;;;;;N;;;;;
+E0032;TAG DIGIT TWO;Cf;0;BN;;;;;N;;;;;
+E0033;TAG DIGIT THREE;Cf;0;BN;;;;;N;;;;;
+E0034;TAG DIGIT FOUR;Cf;0;BN;;;;;N;;;;;
+E0035;TAG DIGIT FIVE;Cf;0;BN;;;;;N;;;;;
+E0036;TAG DIGIT SIX;Cf;0;BN;;;;;N;;;;;
+E0037;TAG DIGIT SEVEN;Cf;0;BN;;;;;N;;;;;
+E0038;TAG DIGIT EIGHT;Cf;0;BN;;;;;N;;;;;
+E0039;TAG DIGIT NINE;Cf;0;BN;;;;;N;;;;;
+E003A;TAG COLON;Cf;0;BN;;;;;N;;;;;
+E003B;TAG SEMICOLON;Cf;0;BN;;;;;N;;;;;
+E003C;TAG LESS-THAN SIGN;Cf;0;BN;;;;;N;;;;;
+E003D;TAG EQUALS SIGN;Cf;0;BN;;;;;N;;;;;
+E003E;TAG GREATER-THAN SIGN;Cf;0;BN;;;;;N;;;;;
+E003F;TAG QUESTION MARK;Cf;0;BN;;;;;N;;;;;
+E0040;TAG COMMERCIAL AT;Cf;0;BN;;;;;N;;;;;
+E0041;TAG LATIN CAPITAL LETTER A;Cf;0;BN;;;;;N;;;;;
+E0042;TAG LATIN CAPITAL LETTER B;Cf;0;BN;;;;;N;;;;;
+E0043;TAG LATIN CAPITAL LETTER C;Cf;0;BN;;;;;N;;;;;
+E0044;TAG LATIN CAPITAL LETTER D;Cf;0;BN;;;;;N;;;;;
+E0045;TAG LATIN CAPITAL LETTER E;Cf;0;BN;;;;;N;;;;;
+E0046;TAG LATIN CAPITAL LETTER F;Cf;0;BN;;;;;N;;;;;
+E0047;TAG LATIN CAPITAL LETTER G;Cf;0;BN;;;;;N;;;;;
+E0048;TAG LATIN CAPITAL LETTER H;Cf;0;BN;;;;;N;;;;;
+E0049;TAG LATIN CAPITAL LETTER I;Cf;0;BN;;;;;N;;;;;
+E004A;TAG LATIN CAPITAL LETTER J;Cf;0;BN;;;;;N;;;;;
+E004B;TAG LATIN CAPITAL LETTER K;Cf;0;BN;;;;;N;;;;;
+E004C;TAG LATIN CAPITAL LETTER L;Cf;0;BN;;;;;N;;;;;
+E004D;TAG LATIN CAPITAL LETTER M;Cf;0;BN;;;;;N;;;;;
+E004E;TAG LATIN CAPITAL LETTER N;Cf;0;BN;;;;;N;;;;;
+E004F;TAG LATIN CAPITAL LETTER O;Cf;0;BN;;;;;N;;;;;
+E0050;TAG LATIN CAPITAL LETTER P;Cf;0;BN;;;;;N;;;;;
+E0051;TAG LATIN CAPITAL LETTER Q;Cf;0;BN;;;;;N;;;;;
+E0052;TAG LATIN CAPITAL LETTER R;Cf;0;BN;;;;;N;;;;;
+E0053;TAG LATIN CAPITAL LETTER S;Cf;0;BN;;;;;N;;;;;
+E0054;TAG LATIN CAPITAL LETTER T;Cf;0;BN;;;;;N;;;;;
+E0055;TAG LATIN CAPITAL LETTER U;Cf;0;BN;;;;;N;;;;;
+E0056;TAG LATIN CAPITAL LETTER V;Cf;0;BN;;;;;N;;;;;
+E0057;TAG LATIN CAPITAL LETTER W;Cf;0;BN;;;;;N;;;;;
+E0058;TAG LATIN CAPITAL LETTER X;Cf;0;BN;;;;;N;;;;;
+E0059;TAG LATIN CAPITAL LETTER Y;Cf;0;BN;;;;;N;;;;;
+E005A;TAG LATIN CAPITAL LETTER Z;Cf;0;BN;;;;;N;;;;;
+E005B;TAG LEFT SQUARE BRACKET;Cf;0;BN;;;;;N;;;;;
+E005C;TAG REVERSE SOLIDUS;Cf;0;BN;;;;;N;;;;;
+E005D;TAG RIGHT SQUARE BRACKET;Cf;0;BN;;;;;N;;;;;
+E005E;TAG CIRCUMFLEX ACCENT;Cf;0;BN;;;;;N;;;;;
+E005F;TAG LOW LINE;Cf;0;BN;;;;;N;;;;;
+E0060;TAG GRAVE ACCENT;Cf;0;BN;;;;;N;;;;;
+E0061;TAG LATIN SMALL LETTER A;Cf;0;BN;;;;;N;;;;;
+E0062;TAG LATIN SMALL LETTER B;Cf;0;BN;;;;;N;;;;;
+E0063;TAG LATIN SMALL LETTER C;Cf;0;BN;;;;;N;;;;;
+E0064;TAG LATIN SMALL LETTER D;Cf;0;BN;;;;;N;;;;;
+E0065;TAG LATIN SMALL LETTER E;Cf;0;BN;;;;;N;;;;;
+E0066;TAG LATIN SMALL LETTER F;Cf;0;BN;;;;;N;;;;;
+E0067;TAG LATIN SMALL LETTER G;Cf;0;BN;;;;;N;;;;;
+E0068;TAG LATIN SMALL LETTER H;Cf;0;BN;;;;;N;;;;;
+E0069;TAG LATIN SMALL LETTER I;Cf;0;BN;;;;;N;;;;;
+E006A;TAG LATIN SMALL LETTER J;Cf;0;BN;;;;;N;;;;;
+E006B;TAG LATIN SMALL LETTER K;Cf;0;BN;;;;;N;;;;;
+E006C;TAG LATIN SMALL LETTER L;Cf;0;BN;;;;;N;;;;;
+E006D;TAG LATIN SMALL LETTER M;Cf;0;BN;;;;;N;;;;;
+E006E;TAG LATIN SMALL LETTER N;Cf;0;BN;;;;;N;;;;;
+E006F;TAG LATIN SMALL LETTER O;Cf;0;BN;;;;;N;;;;;
+E0070;TAG LATIN SMALL LETTER P;Cf;0;BN;;;;;N;;;;;
+E0071;TAG LATIN SMALL LETTER Q;Cf;0;BN;;;;;N;;;;;
+E0072;TAG LATIN SMALL LETTER R;Cf;0;BN;;;;;N;;;;;
+E0073;TAG LATIN SMALL LETTER S;Cf;0;BN;;;;;N;;;;;
+E0074;TAG LATIN SMALL LETTER T;Cf;0;BN;;;;;N;;;;;
+E0075;TAG LATIN SMALL LETTER U;Cf;0;BN;;;;;N;;;;;
+E0076;TAG LATIN SMALL LETTER V;Cf;0;BN;;;;;N;;;;;
+E0077;TAG LATIN SMALL LETTER W;Cf;0;BN;;;;;N;;;;;
+E0078;TAG LATIN SMALL LETTER X;Cf;0;BN;;;;;N;;;;;
+E0079;TAG LATIN SMALL LETTER Y;Cf;0;BN;;;;;N;;;;;
+E007A;TAG LATIN SMALL LETTER Z;Cf;0;BN;;;;;N;;;;;
+E007B;TAG LEFT CURLY BRACKET;Cf;0;BN;;;;;N;;;;;
+E007C;TAG VERTICAL LINE;Cf;0;BN;;;;;N;;;;;
+E007D;TAG RIGHT CURLY BRACKET;Cf;0;BN;;;;;N;;;;;
+E007E;TAG TILDE;Cf;0;BN;;;;;N;;;;;
+E007F;CANCEL TAG;Cf;0;BN;;;;;N;;;;;
+F0000;<Plane 15 Private Use, First>;Co;0;L;;;;;N;;;;;
+FFFFD;<Plane 15 Private Use, Last>;Co;0;L;;;;;N;;;;;
+100000;<Plane 16 Private Use, First>;Co;0;L;;;;;N;;;;;
+10FFFD;<Plane 16 Private Use, Last>;Co;0;L;;;;;N;;;;;
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/MUTTUCData.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/MUTTUCData.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/MUTTUCData.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,303 @@
+#
+# $Id: MUTTUCData.txt,v 1.3 1999/10/29 00:04:35 mleisher Exp $
+#
+# Copyright 1999 Computing Research Labs, New Mexico State University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+# OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+#
+# Implementation specific character properties.
+#
+#
+# Space, other.
+#
+0009;;Ss;;;;;;;;;;;;
+000A;;Ss;;;;;;;;;;;;
+000B;;Ss;;;;;;;;;;;;
+000C;;Ss;;;;;;;;;;;;
+000D;;Ss;;;;;;;;;;;;
+#
+# Non-breaking.
+#
+00A0;;Nb;;;;;;;;;;;;
+2007;;Nb;;;;;;;;;;;;
+2011;;Nb;;;;;;;;;;;;
+FEFF;;Nb;;;;;;;;;;;;
+#
+# Symmetric.
+#
+0028;;Sy;;;;;;;;;;;;
+0029;;Sy;;;;;;;;;;;;
+005B;;Sy;;;;;;;;;;;;
+005D;;Sy;;;;;;;;;;;;
+007B;;Sy;;;;;;;;;;;;
+007D;;Sy;;;;;;;;;;;;
+00AB;;Sy;;;;;;;;;;;;
+00BB;;Sy;;;;;;;;;;;;
+0F3A;;Sy;;;;;;;;;;;;
+0F3B;;Sy;;;;;;;;;;;;
+0F3C;;Sy;;;;;;;;;;;;
+0F3D;;Sy;;;;;;;;;;;;
+0F3E;;Sy;;;;;;;;;;;;
+0F3F;;Sy;;;;;;;;;;;;
+2018;;Sy;;;;;;;;;;;;
+2019;;Sy;;;;;;;;;;;;
+201A;;Sy;;;;;;;;;;;;
+201B;;Sy;;;;;;;;;;;;
+201C;;Sy;;;;;;;;;;;;
+201D;;Sy;;;;;;;;;;;;
+201E;;Sy;;;;;;;;;;;;
+201F;;Sy;;;;;;;;;;;;
+2039;;Sy;;;;;;;;;;;;
+203A;;Sy;;;;;;;;;;;;
+2045;;Sy;;;;;;;;;;;;
+2046;;Sy;;;;;;;;;;;;
+207D;;Sy;;;;;;;;;;;;
+207E;;Sy;;;;;;;;;;;;
+208D;;Sy;;;;;;;;;;;;
+208E;;Sy;;;;;;;;;;;;
+2329;;Sy;;;;;;;;;;;;
+232A;;Sy;;;;;;;;;;;;
+3008;;Sy;;;;;;;;;;;;
+3009;;Sy;;;;;;;;;;;;
+300A;;Sy;;;;;;;;;;;;
+300B;;Sy;;;;;;;;;;;;
+300C;;Sy;;;;;;;;;;;;
+300D;;Sy;;;;;;;;;;;;
+300E;;Sy;;;;;;;;;;;;
+300F;;Sy;;;;;;;;;;;;
+3010;;Sy;;;;;;;;;;;;
+3011;;Sy;;;;;;;;;;;;
+3014;;Sy;;;;;;;;;;;;
+3015;;Sy;;;;;;;;;;;;
+3016;;Sy;;;;;;;;;;;;
+3017;;Sy;;;;;;;;;;;;
+3018;;Sy;;;;;;;;;;;;
+3019;;Sy;;;;;;;;;;;;
+301A;;Sy;;;;;;;;;;;;
+301B;;Sy;;;;;;;;;;;;
+301D;;Sy;;;;;;;;;;;;
+301E;;Sy;;;;;;;;;;;;
+301F;;Sy;;;;;;;;;;;;
+FD3E;;Sy;;;;;;;;;;;;
+FD3F;;Sy;;;;;;;;;;;;
+FE35;;Sy;;;;;;;;;;;;
+FE36;;Sy;;;;;;;;;;;;
+FE37;;Sy;;;;;;;;;;;;
+FE38;;Sy;;;;;;;;;;;;
+FE39;;Sy;;;;;;;;;;;;
+FE3A;;Sy;;;;;;;;;;;;
+FE3B;;Sy;;;;;;;;;;;;
+FE3C;;Sy;;;;;;;;;;;;
+FE3D;;Sy;;;;;;;;;;;;
+FE3E;;Sy;;;;;;;;;;;;
+FE3F;;Sy;;;;;;;;;;;;
+FE40;;Sy;;;;;;;;;;;;
+FE41;;Sy;;;;;;;;;;;;
+FE42;;Sy;;;;;;;;;;;;
+FE43;;Sy;;;;;;;;;;;;
+FE44;;Sy;;;;;;;;;;;;
+FE59;;Sy;;;;;;;;;;;;
+FE5A;;Sy;;;;;;;;;;;;
+FE5B;;Sy;;;;;;;;;;;;
+FE5C;;Sy;;;;;;;;;;;;
+FE5D;;Sy;;;;;;;;;;;;
+FE5E;;Sy;;;;;;;;;;;;
+FF08;;Sy;;;;;;;;;;;;
+FF09;;Sy;;;;;;;;;;;;
+FF3B;;Sy;;;;;;;;;;;;
+FF3D;;Sy;;;;;;;;;;;;
+FF5B;;Sy;;;;;;;;;;;;
+FF5D;;Sy;;;;;;;;;;;;
+FF62;;Sy;;;;;;;;;;;;
+FF63;;Sy;;;;;;;;;;;;
+#
+# Hex digit.
+#
+0030;;Hd;;;;;;;;;;;;
+0031;;Hd;;;;;;;;;;;;
+0032;;Hd;;;;;;;;;;;;
+0033;;Hd;;;;;;;;;;;;
+0034;;Hd;;;;;;;;;;;;
+0035;;Hd;;;;;;;;;;;;
+0036;;Hd;;;;;;;;;;;;
+0037;;Hd;;;;;;;;;;;;
+0038;;Hd;;;;;;;;;;;;
+0039;;Hd;;;;;;;;;;;;
+0041;;Hd;;;;;;;;;;;;
+0042;;Hd;;;;;;;;;;;;
+0043;;Hd;;;;;;;;;;;;
+0044;;Hd;;;;;;;;;;;;
+0045;;Hd;;;;;;;;;;;;
+0046;;Hd;;;;;;;;;;;;
+0061;;Hd;;;;;;;;;;;;
+0062;;Hd;;;;;;;;;;;;
+0063;;Hd;;;;;;;;;;;;
+0064;;Hd;;;;;;;;;;;;
+0065;;Hd;;;;;;;;;;;;
+0066;;Hd;;;;;;;;;;;;
+FF10;;Hd;;;;;;;;;;;;
+FF11;;Hd;;;;;;;;;;;;
+FF12;;Hd;;;;;;;;;;;;
+FF13;;Hd;;;;;;;;;;;;
+FF14;;Hd;;;;;;;;;;;;
+FF15;;Hd;;;;;;;;;;;;
+FF16;;Hd;;;;;;;;;;;;
+FF17;;Hd;;;;;;;;;;;;
+FF18;;Hd;;;;;;;;;;;;
+FF19;;Hd;;;;;;;;;;;;
+FF21;;Hd;;;;;;;;;;;;
+FF22;;Hd;;;;;;;;;;;;
+FF23;;Hd;;;;;;;;;;;;
+FF24;;Hd;;;;;;;;;;;;
+FF25;;Hd;;;;;;;;;;;;
+FF26;;Hd;;;;;;;;;;;;
+FF41;;Hd;;;;;;;;;;;;
+FF42;;Hd;;;;;;;;;;;;
+FF43;;Hd;;;;;;;;;;;;
+FF44;;Hd;;;;;;;;;;;;
+FF45;;Hd;;;;;;;;;;;;
+FF46;;Hd;;;;;;;;;;;;
+#
+# Quote marks.
+#
+0022;;Qm;;;;;;;;;;;;
+0027;;Qm;;;;;;;;;;;;
+00AB;;Qm;;;;;;;;;;;;
+00BB;;Qm;;;;;;;;;;;;
+2018;;Qm;;;;;;;;;;;;
+2019;;Qm;;;;;;;;;;;;
+201A;;Qm;;;;;;;;;;;;
+201B;;Qm;;;;;;;;;;;;
+201C;;Qm;;;;;;;;;;;;
+201D;;Qm;;;;;;;;;;;;
+201E;;Qm;;;;;;;;;;;;
+201F;;Qm;;;;;;;;;;;;
+2039;;Qm;;;;;;;;;;;;
+203A;;Qm;;;;;;;;;;;;
+300C;;Qm;;;;;;;;;;;;
+300D;;Qm;;;;;;;;;;;;
+300E;;Qm;;;;;;;;;;;;
+300F;;Qm;;;;;;;;;;;;
+301D;;Qm;;;;;;;;;;;;
+301E;;Qm;;;;;;;;;;;;
+301F;;Qm;;;;;;;;;;;;
+FE41;;Qm;;;;;;;;;;;;
+FE42;;Qm;;;;;;;;;;;;
+FE43;;Qm;;;;;;;;;;;;
+FE44;;Qm;;;;;;;;;;;;
+FF02;;Qm;;;;;;;;;;;;
+FF07;;Qm;;;;;;;;;;;;
+FF62;;Qm;;;;;;;;;;;;
+FF63;;Qm;;;;;;;;;;;;
+#
+# Special Devanagari forms
+#
+E900;DEVANAGARI KSHA LIGATURE;Lo;0;L;0915 094D 0937;;;;N;;;;;
+E901;DEVANAGARI GNYA LIGATURE;Lo;0;L;091C 094D 091E;;;;N;;;;;
+E902;DEVANAGARI TTA LIGATURE;Lo;0;L;0924 094D 0924;;;;N;;;;;
+E903;DEVANAGARI TRA LIGATURE;Lo;0;L;0924 094D 0930;;;;N;;;;;
+E904;DEVANAGARI SHCHA LIGATURE;Lo;0;L;0936 094D 091B;;;;N;;;;;
+E905;DEVANAGARI SHRA LIGATURE;Lo;0;L;0936 094D 0930;;;;N;;;;;
+E906;DEVANAGARI SHVA LIGATURE;Lo;0;L;0936 094D 0935;;;;N;;;;;
+E907;DEVANAGARI KRA LIGATURE;Lo;0;L;;;;;N;;;;;
+E908;DEVANAGARI JRA LIGATURE;Lo;0;L;;;;;N;;;;;
+E909;DEVANAGARI ZRA LIGATURE;Lo;0;L;;;;;N;;;;;
+E90A;DEVANAGARI PHRA LIGATURE;Lo;0;L;;;;;N;;;;;
+E90B;DEVANAGARI FRA LIGATURE;Lo;0;L;;;;;N;;;;;
+E90C;DEVANAGARI PRA LIGATURE;Lo;0;L;;;;;N;;;;;
+E90D;DEVANAGARI SRA LIGATURE;Lo;0;L;;;;;N;;;;;
+E90E;DEVANAGARI RU LIGATURE;Lo;0;L;;;;;N;;;;;
+E90F;DEVANAGARI RUU LIGATURE;Lo;0;L;;;;;N;;;;;
+E915;DEVANAGARI HALF LETTER KA;Lo;0;L;;;;;N;;;;;
+E916;DEVANAGARI HALF LETTER KHA;Lo;0;L;;;;;N;;;;;
+E917;DEVANAGARI HALF LETTER GA;Lo;0;L;;;;;N;;;;;
+E918;DEVANAGARI HALF LETTER GHA;Lo;0;L;;;;;N;;;;;
+E919;DEVANAGARI HALF LETTER NGA;Lo;0;L;;;;;N;;;;;
+E91A;DEVANAGARI HALF LETTER CA;Lo;0;L;;;;;N;;;;;
+E91B;DEVANAGARI HALF LETTER CHA;Lo;0;L;;;;;N;;;;;
+E91C;DEVANAGARI HALF LETTER JA;Lo;0;L;;;;;N;;;;;
+E91D;DEVANAGARI HALF LETTER JHA;Lo;0;L;;;;;N;;;;;
+E91E;DEVANAGARI HALF LETTER NYA;Lo;0;L;;;;;N;;;;;
+E91F;DEVANAGARI HALF LETTER TTA;Lo;0;L;;;;;N;;;;;
+E920;DEVANAGARI HALF LETTER TTHA;Lo;0;L;;;;;N;;;;;
+E921;DEVANAGARI HALF LETTER DDA;Lo;0;L;;;;;N;;;;;
+E922;DEVANAGARI HALF LETTER DDHA;Lo;0;L;;;;;N;;;;;
+E923;DEVANAGARI HALF LETTER NNA;Lo;0;L;;;;;N;;;;;
+E924;DEVANAGARI HALF LETTER TA;Lo;0;L;;;;;N;;;;;
+E925;DEVANAGARI HALF LETTER THA;Lo;0;L;;;;;N;;;;;
+E926;DEVANAGARI HALF LETTER DA;Lo;0;L;;;;;N;;;;;
+E927;DEVANAGARI HALF LETTER DHA;Lo;0;L;;;;;N;;;;;
+E928;DEVANAGARI HALF LETTER NA;Lo;0;L;;;;;N;;;;;
+E929;DEVANAGARI HALF LETTER NNNA;Lo;0;L;0928 093C;;;;N;;;;;
+E92A;DEVANAGARI HALF LETTER PA;Lo;0;L;;;;;N;;;;;
+E92B;DEVANAGARI HALF LETTER PHA;Lo;0;L;;;;;N;;;;;
+E92C;DEVANAGARI HALF LETTER BA;Lo;0;L;;;;;N;;;;;
+E92D;DEVANAGARI HALF LETTER BHA;Lo;0;L;;;;;N;;;;;
+E92E;DEVANAGARI HALF LETTER MA;Lo;0;L;;;;;N;;;;;
+E92F;DEVANAGARI HALF LETTER YA;Lo;0;L;;;;;N;;;;;
+E930;DEVANAGARI HALF LETTER RA;Lo;0;L;;;;;N;;;;;
+E931;DEVANAGARI HALF LETTER RRA;Lo;0;L;0930 093C;;;;N;;;;;
+E932;DEVANAGARI HALF LETTER LA;Lo;0;L;;;;;N;;;;;
+E933;DEVANAGARI HALF LETTER LLA;Lo;0;L;;;;;N;;;;;
+E934;DEVANAGARI HALF LETTER LLLA;Lo;0;L;0933 093C;;;;N;;;;;
+E935;DEVANAGARI HALF LETTER VA;Lo;0;L;;;;;N;;;;;
+E936;DEVANAGARI HALF LETTER SHA;Lo;0;L;;;;;N;;;;;
+E937;DEVANAGARI HALF LETTER SSA;Lo;0;L;;;;;N;;;;;
+E938;DEVANAGARI HALF LETTER SA;Lo;0;L;;;;;N;;;;;
+E939;DEVANAGARI HALF LETTER HA;Lo;0;L;;;;;N;;;;;
+E940;DEVANAGARI KKA LIGATURE;Lo;0;L;0915 094D 0915;;;;N;;;;;
+E941;DEVANAGARI KTA LIGATURE;Lo;0;L;0915 094D 0924;;;;N;;;;;
+E942;DEVANAGARI NGKA LIGATURE;Lo;0;L;0919 094D 0915;;;;N;;;;;
+E943;DEVANAGARI NGKHA LIGATURE;Lo;0;L;0919 094D 0916;;;;N;;;;;
+E944;DEVANAGARI NGGA LIGATURE;Lo;0;L;0919 094D 0917;;;;N;;;;;
+E945;DEVANAGARI NGGHA LIGATURE;Lo;0;L;0919 094D 0918;;;;N;;;;;
+E946;DEVANAGARI NYJA LIGATURE;Lo;0;L;091E 094D 091C;;;;N;;;;;
+E947;DEVANAGARI DGHA LIGATURE;Lo;0;L;0926 094D 0918;;;;N;;;;;
+E948;DEVANAGARI DDA LIGATURE;Lo;0;L;0926 094D 0926;;;;N;;;;;
+E949;DEVANAGARI DDHA LIGATURE;Lo;0;L;0926 094D 0927;;;;N;;;;;
+E94A;DEVANAGARI DBA LIGATURE;Lo;0;L;0926 094D 092C;;;;N;;;;;
+E94B;DEVANAGARI DBHA LIGATURE;Lo;0;L;0926 094D 092D;;;;N;;;;;
+E94C;DEVANAGARI DMA LIGATURE;Lo;0;L;0926 094D 092E;;;;N;;;;;
+E94D;DEVANAGARI DYA LIGATURE;Lo;0;L;0926 094D 092F;;;;N;;;;;
+E94E;DEVANAGARI DVA LIGATURE;Lo;0;L;0926 094D 0935;;;;N;;;;;
+E94F;DEVANAGARI TT-TTA LIGATURE;Lo;0;L;091F 094D 091F;;;;N;;;;;
+E950;DEVANAGARI TT-TTHA LIGATURE;Lo;0;L;091F 094D 0920;;;;N;;;;;
+E951;DEVANAGARI TTH-TTHA LIGATURE;Lo;0;L;0920 094D 0920;;;;N;;;;;
+E952;DEVANAGARI DD-GA LIGATURE;Lo;0;L;0921 094D 0917;;;;N;;;;;
+E953;DEVANAGARI DD-DDA LIGATURE;Lo;0;L;0921 094D 0921;;;;N;;;;;
+E954;DEVANAGARI DD-DDHA LIGATURE;Lo;0;L;0921 094D 0922;;;;N;;;;;
+E955;DEVANAGARI NNA LIGATURE;Lo;0;L;0928 094D 0928;;;;N;;;;;
+E956;DEVANAGARI HMA LIGATURE;Lo;0;L;0939 094D 092E;;;;N;;;;;
+E957;DEVANAGARI HYA LIGATURE;Lo;0;L;0939 094D 092F;;;;N;;;;;
+E958;DEVANAGARI HLA LIGATURE;Lo;0;L;0939 094D 0932;;;;N;;;;;
+E959;DEVANAGARI HVA LIGATURE;Lo;0;L;0939 094D 0935;;;;N;;;;;
+E95A;DEVANAGARI STRA LIGATURE;Lo;0;L;0938 094D 0924 094D 0930;;;;N;;;;;
+E970;DEVANAGARI HALF KSHA LIGATURE;Lo;0;L;0915 094D 0937;;;;N;;;;;
+E971;DEVANAGARI HALF GNYA LIGATURE;Lo;0;L;091C 094D 091E;;;;N;;;;;
+E972;DEVANAGARI HALF TTA LIGATURE;Lo;0;L;0924 094D 0924;;;;N;;;;;
+E973;DEVANAGARI HALF TRA LIGATURE;Lo;0;L;0924 094D 0930;;;;N;;;;;
+E974;DEVANAGARI HALF SHCHA LIGATURE;Lo;0;L;0936 094D 091B;;;;N;;;;;
+E975;DEVANAGARI HALF SHRA LIGATURE;Lo;0;L;0936 094D 0930;;;;N;;;;;
+E976;DEVANAGARI HALF SHVA LIGATURE;Lo;0;L;0936 094D 0935;;;;N;;;;;
+E97B;DEVANAGARI SIGN RRA-REPHA;Mn;36;L;;;;;N;;;;;
+E97C;DEVANAGARI HAR LIGATURE;Lo;0;L;0939 0943;;;;N;;;;;
+E97D;DEVANAGARI SIGN EYELASH RA;Lo;0;L;;;;;N;;;;;
+E97E;DEVANAGARI SIGN REPHA;Mn;36;L;;;;;N;;;;;
+E97F;DEVANAGARI SIGN SUBJOINED RA;Mn;36;L;;;;;N;;;;;
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/README
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,313 @@
+#
+# $Id: README,v 1.33 2001/01/02 18:46:19 mleisher Exp $
+#
+
+ MUTT UCData Package 2.5
+ -----------------------
+
+This is a package that supports ctype-like operations for Unicode UCS-2 text
+(and surrogates), case mapping, decomposition lookup, and provides a
+bidirectional reordering algorithm. To use it, you will need to get the
+latest "UnicodeData-*.txt" (or later) file from the Unicode Web or FTP site.
+
+The character information portion of the package consists of three parts:
+
+ 1. A program called "ucgendat" which generates five data files from the
+ UnicodeData-*.txt file. The files are:
+
+ A. case.dat - the case mappings.
+ B. ctype.dat - the character property tables.
+ C. comp.dat - the character composition pairs.
+ D. decomp.dat - the character decompositions.
+ E. cmbcl.dat - the non-zero combining classes.
+ F. num.dat - the codes representing numbers.
+
+ 2. The "ucdata.[ch]" files which implement the functions needed to
+ check to see if a character matches groups of properties, to map between
+ upper, lower, and title case, to look up the decomposition of a
+ character, look up the combining class of a character, and get the number
+ value of a character.
+
+ 3. The UCData.java class which provides the same API (with minor changes for
+ the numbers) and loads the same binary data files as the C code.
+
+A short reference to the functions available is in the "api.txt" file.
+
+Techie Details
+==============
+
+The "ucgendat" program parses files from the command line which are all in the
+Unicode Character Database (UCDB) format. An additional properties file,
+"MUTTUCData.txt", provides some extra properties for some characters.
+
+The program looks for the two character properties fields (2 and 4), the
+combining class field (3), the decomposition field (5), the numeric value
+field (8), and the case mapping fields (12, 13, and 14). The decompositions
+are recursively expanded before being written out.
+
+The decomposition table contains all the canonical decompositions. This means
+all decompositions that do not have tags such as "<compat>" or "<font>".
+
+The data is almost all stored as unsigned longs (32-bits assumed) and the
+routines that load the data take care of endian swaps when necessary. This
+also means that supplementary characters (>= 0x10000) can be placed in the
+data files the "ucgendat" program parses.
+
+The data is written as external files and broken into six parts so it can be
+selectively updated at runtime if necessary.
+
+The data files currently generated from the "ucgendat" program total about 56K
+in size all together.
+
+The format of the binary data files is documented in the "format.txt" file.
+
+==========================================================================
+
+ The "Pretty Good Bidi Algorithm"
+ --------------------------------
+
+This routine provides an alternative to the Unicode Bidi algorithm. The
+difference is that this version of the PGBA does not handle the explicit
+directional codes (LRE, RLE, LRO, RLO, PDF). It should now produce the same
+results as the Unicode BiDi algorithm for implicit reordering. Included are
+functions for doing cursor motion in both logical and visual order.
+
+This implementation is provided to demonstrate an effective alternate method
+for implicit reordering. To make this useful for an application, it probably
+needs some changes to the memory allocation and deallocation, as well as data
+structure additions for rendering.
+
+Mark Leisher <mleisher at crl.nmsu.edu>
+19 November 1999
+
+-----------------------------------------------------------------------------
+
+CHANGES
+=======
+Version 2.5
+-----------
+1. Changed the number lookup to set the denominator to 1 in cases of digits.
+ This restores functional compatibility with John Cowan's UCType package.
+
+2. Added support for the AL property.
+
+3. Modified load and reload functions to return error codes.
+
+Version 2.4
+-----------
+1. Improved some bidi algorithm documentation in the code.
+
+2. Fixed a code mixup that produced a non-working version.
+
+Version 2.3
+-----------
+1. Fixed a misspelling in the ucpgba.h header file.
+
+2. Fixed a bug which caused trailing weak non-digit sequences to be left out of
+ the reordered string in the bidi algorithm.
+
+3. Fixed a problem with weak sequences containing non-spacing marks in the
+ bidi algorithm.
+
+4. Fixed a problem with text runs of the opposite direction of the string
+ surrounding a weak + neutral text run appearing in the wrong order in the
+ bidi algorithm.
+
+5. Added a default overall direction parameter to the reordering function for
+ cases of strings with no strong directional characters in the bidi
+ algorithm.
+
+6. The bidi API documentation was improved.
+
+7. Added a man page for the bidi API.
+
+Version 2.2
+-----------
+1. Fixed a problem with the bidi algorithm locating directional section
+ boundaries.
+
+2. Fixed a problem with the bidi algorithm starting the reordering correctly.
+
+3. Fixed a problem with the bidi algorithm determining end boundaries for LTR
+ segments.
+
+4. Fixed a problem with the bidi algorithm reordering weak (digits and number
+ separators) segments.
+
+5. Added automatic switching of symmetrically paired characters when
+ reversing RTL segments.
+
+6. Added a missing symmetric character to the extra character properties in
+ MUTTUCData.txt.
+
+7. Added support for doing logical and visual cursor traversal.
+
+Version 2.1
+-----------
+1. Updated the ucgendat program to handle the Unicode 3.0 character database
+ properties. The AL and BM bidi properties gets marked as strong RTL and
+ Other Neutral, the NSM, LRE, RLE, PDF, LRO, and RLO controls all get marked
+ as Other Neutral.
+
+2. Fixed some problems with testing against signed values in the UCData.java
+ code and some minor cleanup.
+
+3. Added the "Pretty Good Bidi Algorithm."
+
+Version 2.0
+-----------
+1. Removed the old Java stuff for a new class that loads directly from the
+ same data files as the C code does.
+
+2. Fixed a problem with choosing the correct field when mapping case.
+
+3. Adjust some search routines to start their search in the correct position.
+
+4. Moved the copyright year to 1999.
+
+Version 1.9
+-----------
+1. Fixed a problem with an incorrect amount of storage being allocated for the
+ combining class nodes.
+
+2. Fixed an invalid initialization in the number code.
+
+3. Changed the Java template file formatting a bit.
+
+4. Added tables and function for getting decompositions in the Java class.
+
+Version 1.8
+-----------
+1. Fixed a problem with adding certain ranges.
+
+2. Added two more macros for testing for identifiers.
+
+3. Tested with the UnicodeData-2.1.5.txt file.
+
+Version 1.7
+-----------
+1. Fixed a problem with looking up decompositions in "ucgendat."
+
+Version 1.6
+-----------
+1. Added two new properties introduced with UnicodeData-2.1.4.txt.
+
+2. Changed the "ucgendat.c" program a little to automatically align the
+ property data on a 4-byte boundary when new properties are added.
+
+3. Changed the "ucgendat.c" programs to only generate canonical
+ decompositions.
+
+4. Added two new macros ucisinitialpunct() and ucisfinalpunct() to check for
+ initial and final punctuation characters.
+
+5. Minor additions and changes to the documentation.
+
+Version 1.5
+-----------
+1. Changed all file open calls to include binary mode with "b" for DOS/WIN
+ platforms.
+
+2. Wrapped the unistd.h include so it won't be included when compiled under
+ Win32.
+
+3. Fixed a bad range check for hex digits in ucgendat.c.
+
+4. Fixed a bad endian swap for combining classes.
+
+5. Added code to make a number table and associated lookup functions.
+ Functions added are ucnumber(), ucdigit(), and ucgetnumber(). The last
+ function is to maintain compatibility with John Cowan's "uctype" package.
+
+Version 1.4
+-----------
+1. Fixed a bug with adding a range.
+
+2. Fixed a bug with inserting a range in order.
+
+3. Fixed incorrectly specified ucisdefined() and ucisundefined() macros.
+
+4. Added the missing unload for the combining class data.
+
+5. Fixed a bad macro placement in ucisweak().
+
+Version 1.3
+-----------
+1. Bug with case mapping calculations fixed.
+
+2. Bug with empty character property entries fixed.
+
+3. Bug with incorrect type in the combining class lookup fixed.
+
+4. Some corrections done to api.txt.
+
+5. Bug in certain character property lookups fixed.
+
+6. Added a character property table that records the defined characters.
+
+7. Replaced ucisunknown() with ucisdefined() and ucisundefined().
+
+Version 1.2
+-----------
+1. Added code to ucgendat to generate a combining class table.
+
+2. Fixed an endian problem with the byte count of decompositions.
+
+3. Fixed some minor problems in the "format.txt" file.
+
+4. Removed some bogus "Ss" values from MUTTUCData.txt file.
+
+5. Added API function to get combining class.
+
+6. Changed the open mode to "rb" so binary data files will be opened correctly
+ on DOS/WIN as well as other platforms.
+
+7. Added the "api.txt" file.
+
+Version 1.1
+-----------
+1. Added ucisxdigit() which I overlooked.
+
+2. Added UC_LT to the ucisalpha() macro which I overlooked.
+
+3. Change uciscntrl() to include UC_CF.
+
+4. Added ucisocntrl() and ucfntcntrl() macros.
+
+5. Added a ucisblank() which I overlooked.
+
+6. Added missing properties to ucissymbol() and ucisnumber().
+
+7. Added ucisgraph() and ucisprint().
+
+8. Changed the "Mr" property to "Sy" to mark this subset of mirroring
+ characters as symmetric to avoid trampling the Unicode/ISO10646 sense of
+ mirroring.
+
+9. Added another property called "Ss" which includes control characters
+ traditionally seen as spaces in the isspace() macro.
+
+10. Added a bunch of macros to be API compatible with John Cowan's package.
+
+ACKNOWLEDGEMENTS
+================
+
+Thanks go to John Cowan <cowan at locke.ccil.org> for pointing out lots of
+missing things and giving me stuff, particularly a bunch of new macros.
+
+Thanks go to Bob Verbrugge <bob_verbrugge at nl.compuware.com> for pointing out
+various bugs.
+
+Thanks go to Christophe Pierret <cpierret at businessobjects.com> for pointing
+out that file modes need to have "b" for DOS/WIN machines, pointing out
+unistd.h is not a Win 32 header, and pointing out a problem with ucisalnum().
+
+Thanks go to Kent Johnson <kent at pondview.mv.com> for finding a bug that caused
+incomplete decompositions to be generated by the "ucgendat" program.
+
+Thanks go to Valeriy E. Ushakov <uwe at ptc.spbu.ru> for spotting an allocation
+error and an initialization error.
+
+Thanks go to Stig Venaas <Stig.Venaas at uninett.no> for providing a patch to
+support return types on load and reload, and for major updates to handle
+canonical composition and decomposition.
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/api.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/api.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/api.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,401 @@
+#
+# $Id: api.txt,v 1.3 2001/01/02 18:46:20 mleisher Exp $
+#
+
+ The MUTT UCData API
+ -------------------
+
+
+####
+NOTE: This library has been customized for use with OpenLDAP. The character
+data tables are hardcoded into the library and the load/unload/reload
+functions are no-ops. Also, the MUTT API claimed to be compatible with
+John Cowan's library but its ucnumber behavior was broken. This has been
+fixed in the OpenLDAP release.
+
+By default, the implementation specific properties in MUTTUCData.txt are
+not incorporated into the OpenLDAP build. You can supply them to ucgendat
+and recreate uctable.h if you need them.
+ -- hyc at openldap.org
+####
+
+
+-----------------------------------------------------------------------------
+
+Macros that combine to select data tables for ucdata_load(), ucdata_unload(),
+and ucdata_reload().
+
+#define UCDATA_CASE 0x01
+#define UCDATA_CTYPE 0x02
+#define UCDATA_DECOMP 0x04
+#define UCDATA_CMBCL 0x08
+#define UCDATA_NUM 0x10
+#define UCDATA_COMP 0x20
+#define UCATA_ALL (UCDATA_CASE|UCDATA_CTYPE|UCDATA_DECOMP|\
+ UCDATA_CMBCL|UCDATA_NUM|UCDATA_COMP)
+-----------------------------------------------------------------------------
+
+void ucdata_load(char *paths, int masks)
+
+ This function initializes the UCData library by locating the data files in
+ one of the colon-separated directories in the `paths' parameter. The data
+ files to be loaded are specified in the `masks' parameter as a bitwise
+ combination of the macros listed above.
+
+ This should be called before using any of the other functions.
+
+ NOTE: the ucdata_setup(char *paths) function is now a macro that expands
+ into this function at compile time.
+
+-----------------------------------------------------------------------------
+
+void ucdata_unload(int masks)
+
+ This function unloads the data tables specified in the `masks' parameter.
+
+ This function should be called when the application is done using the UCData
+ package.
+
+ NOTE: the ucdata_cleanup() function is now a macro that expands into this
+ function at compile time.
+
+-----------------------------------------------------------------------------
+
+void ucdata_reload(char *paths, int masks)
+
+ This function reloads the data files from one of the colon-separated
+ directories in the `paths' parameter. The data files to be reloaded are
+ specified in the `masks' parameter as a bitwise combination of the macros
+ listed above.
+
+ If the data files have already been loaded, they are unloaded before the
+ data files are loaded again.
+
+-----------------------------------------------------------------------------
+
+int ucdecomp(unsigned long code, unsigned long *num, unsigned long **decomp)
+
+ This function determines if a character has a decomposition and returns the
+ decomposition information if it exists.
+
+ If a zero is returned, there is no decomposition. If a non-zero is
+ returned, then the `num' and `decomp' variables are filled in with the
+ appropriate values.
+
+ Example call:
+
+ unsigned long i, num, *decomp;
+
+ if (ucdecomp(0x1d5, &num, &decomp) != 0) {
+ for (i = 0; i < num; i++)
+ printf("0x%08lX,", decomp[i]);
+ putchar('\n');
+ }
+
+int uccanondecomp(const unsigned long *in, int inlen, unsigned long **out,
+ int *outlen)
+
+ This function decomposes an input string and does canonical reordering of
+ the characters at the same time.
+
+ If a -1 is returned, memory allocation was not successful. If a zero is
+ returned, no decomposition occured. Any other value means the output string
+ contains the fully decomposed string in canonical order.
+
+ If the "outlen" parameter comes back with a value > 0, then the string
+ returned in the "out" parameter needs to be deallocated by the caller.
+
+-----------------------------------------------------------------------------
+
+int ucdecomp_hangul(unsigned long code, unsigned long *num,
+ unsigned long decomp[])
+
+ This function determines if a Hangul syllable has a decomposition and
+ returns the decomposition information.
+
+ An array of at least size 3 should be passed to the function for the
+ decomposition of the syllable.
+
+ If a zero is returned, the character is not a Hangul syllable. If a
+ non-zero is returned, the `num' field will be 2 or 3 and the syllable will
+ be decomposed into the `decomp' array arithmetically.
+
+ Example call:
+
+ unsigned long i, num, decomp[3];
+
+ if (ucdecomp_hangul(0xb1ba, &num, &decomp) != 0) {
+ for (i = 0; i < num; i++)
+ printf("0x%08lX,", decomp[i]);
+ putchar('\n');
+ }
+
+-----------------------------------------------------------------------------
+
+int uccomp(unsigned long ch1, unsigned long ch2, unsigned long *comp)
+
+ This function takes a pair of characters and determines if they combine to
+ form another character.
+
+ If a zero is returned, no composition is formed by the character pair. Any
+ other value indicates the "comp" parameter has a value.
+
+int uccomp_hangul(unsigned long *str, int len)
+
+ This function composes the Hangul Jamo in the string. The composition is
+ done in-place.
+
+ The return value provides the new length of the string. This will be
+ smaller than "len" if compositions occured.
+
+int uccanoncomp(unsigned long *str, int len)
+
+ This function does a canonical composition of characters in the string.
+
+ The return value is the new length of the string.
+
+-----------------------------------------------------------------------------
+
+struct ucnumber {
+ int numerator;
+ int denominator;
+};
+
+int ucnumber_lookup(unsigned long code, struct ucnumber *num)
+
+ This function determines if the code is a number and fills in the `num'
+ field with the numerator and denominator. If the code happens to be a
+ single digit, the denominator field will be 1.
+
+####
+The original code would set numerator = denominator for regular digits.
+However, the Readme also claimed to be compatible with John Cowan's uctype
+library, but this behavior is both nonsensical and incompatible with the
+Cowan library. As such, it has been fixed here as described above.
+ -- hyc at openldap.org
+####
+
+ If the function returns 0, the code is not a number. Any other return
+ value means the code is a number.
+
+int ucdigit_lookup(unsigned long code, int *digit)
+
+ This function determines if the code is a digit and fills in the `digit'
+ field with the digit value.
+
+ If the function returns 0, the code is not a number. Any other return
+ value means the code is a number.
+
+struct ucnumber ucgetnumber(unsigned long code)
+
+ This is a compatibility function with John Cowan's "uctype" package. It
+ uses ucnumber_lookup().
+
+int ucgetdigit(unsigned long code)
+
+ This is a compatibility function with John Cowan's "uctype" package. It
+ uses ucdigit_lookup().
+
+-----------------------------------------------------------------------------
+
+unsigned long uctoupper(unsigned long code)
+
+ This function returns the code unchanged if it is already upper case or has
+ no upper case equivalent. Otherwise the upper case equivalent is returned.
+
+-----------------------------------------------------------------------------
+
+unsigned long uctolower(unsigned long code)
+
+ This function returns the code unchanged if it is already lower case or has
+ no lower case equivalent. Otherwise the lower case equivalent is returned.
+
+-----------------------------------------------------------------------------
+
+unsigned long uctotitle(unsigned long code)
+
+ This function returns the code unchanged if it is already title case or has
+ no title case equivalent. Otherwise the title case equivalent is returned.
+
+-----------------------------------------------------------------------------
+
+int ucisalpha(unsigned long code)
+int ucisalnum(unsigned long code)
+int ucisdigit(unsigned long code)
+int uciscntrl(unsigned long code)
+int ucisspace(unsigned long code)
+int ucisblank(unsigned long code)
+int ucispunct(unsigned long code)
+int ucisgraph(unsigned long code)
+int ucisprint(unsigned long code)
+int ucisxdigit(unsigned long code)
+
+int ucisupper(unsigned long code)
+int ucislower(unsigned long code)
+int ucistitle(unsigned long code)
+
+ These functions (actually macros) determine if a character has these
+ properties. These behave in a fashion very similar to the venerable ctype
+ package.
+
+-----------------------------------------------------------------------------
+
+int ucisisocntrl(unsigned long code)
+
+ Is the character a C0 control character (< 32) ?
+
+int ucisfmtcntrl(unsigned long code)
+
+ Is the character a format control character?
+
+int ucissymbol(unsigned long code)
+
+ Is the character a symbol?
+
+int ucisnumber(unsigned long code)
+
+ Is the character a number or digit?
+
+int ucisnonspacing(unsigned long code)
+
+ Is the character non-spacing?
+
+int ucisopenpunct(unsigned long code)
+
+ Is the character an open/left punctuation (i.e. '[')
+
+int ucisclosepunct(unsigned long code)
+
+ Is the character an close/right punctuation (i.e. ']')
+
+int ucisinitialpunct(unsigned long code)
+
+ Is the character an initial punctuation (i.e. U+2018 LEFT SINGLE QUOTATION
+ MARK)
+
+int ucisfinalpunct(unsigned long code)
+
+ Is the character a final punctuation (i.e. U+2019 RIGHT SINGLE QUOTATION
+ MARK)
+
+int uciscomposite(unsigned long code)
+
+ Can the character be decomposed into a set of other characters?
+
+int ucisquote(unsigned long code)
+
+ Is the character one of the many quotation marks?
+
+int ucissymmetric(unsigned long code)
+
+ Is the character one that has an opposite form (i.e. <>)
+
+int ucismirroring(unsigned long code)
+
+ Is the character mirroring (superset of symmetric)?
+
+int ucisnonbreaking(unsigned long code)
+
+ Is the character non-breaking (i.e. non-breaking space)?
+
+int ucisrtl(unsigned long code)
+
+ Does the character have strong right-to-left directionality (i.e. Arabic
+ letters)?
+
+int ucisltr(unsigned long code)
+
+ Does the character have strong left-to-right directionality (i.e. Latin
+ letters)?
+
+int ucisstrong(unsigned long code)
+
+ Does the character have strong directionality?
+
+int ucisweak(unsigned long code)
+
+ Does the character have weak directionality (i.e. numbers)?
+
+int ucisneutral(unsigned long code)
+
+ Does the character have neutral directionality (i.e. whitespace)?
+
+int ucisseparator(unsigned long code)
+
+ Is the character a block or segment separator?
+
+int ucislsep(unsigned long code)
+
+ Is the character a line separator?
+
+int ucispsep(unsigned long code)
+
+ Is the character a paragraph separator?
+
+int ucismark(unsigned long code)
+
+ Is the character a mark of some kind?
+
+int ucisnsmark(unsigned long code)
+
+ Is the character a non-spacing mark?
+
+int ucisspmark(unsigned long code)
+
+ Is the character a spacing mark?
+
+int ucismodif(unsigned long code)
+
+ Is the character a modifier letter?
+
+int ucismodifsymbol(unsigned long code)
+
+ Is the character a modifier symbol?
+
+int ucisletnum(unsigned long code)
+
+ Is the character a number represented by a letter?
+
+int ucisconnect(unsigned long code)
+
+ Is the character connecting punctuation?
+
+int ucisdash(unsigned long code)
+
+ Is the character dash punctuation?
+
+int ucismath(unsigned long code)
+
+ Is the character a math character?
+
+int uciscurrency(unsigned long code)
+
+ Is the character a currency character?
+
+int ucisenclosing(unsigned long code)
+
+ Is the character enclosing (i.e. enclosing box)?
+
+int ucisprivate(unsigned long code)
+
+ Is the character from the Private Use Area?
+
+int ucissurrogate(unsigned long code)
+
+ Is the character one of the surrogate codes?
+
+int ucisdefined(unsigned long code)
+
+ Is the character defined (appeared in one of the data files)?
+
+int ucisundefined(unsigned long code)
+
+ Is the character not defined (non-Unicode)?
+
+int ucishan(unsigned long code)
+
+ Is the character a Han ideograph?
+
+int ucishangul(unsigned long code)
+
+ Is the character a pre-composed Hangul syllable?
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/bidiapi.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/bidiapi.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/bidiapi.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,84 @@
+#
+# $Id: bidiapi.txt,v 1.2 1999/11/19 15:24:29 mleisher Exp $
+#
+
+ "Pretty Good Bidi Algorithm" API
+
+The PGBA (Pretty Good Bidi Algorithm) is an effective alternative to the
+Unicode BiDi algorithm. It currently provides only implicit reordering and
+does not yet support explicit reordering codes that the Unicode BiDi algorithm
+supports. In addition to reordering, the PGBA includes cursor movement
+support for both visual and logical navigation.
+
+-----------------------------------------------------------------------------
+
+#define UCPGBA_LTR 0
+#define UCPGBA_RTL 1
+
+ These macros appear in the `direction' field of the data structures.
+
+#define UCPGBA_CURSOR_VISUAL 0
+#define UCPGBA_CURSOR_LOGICAL 1
+
+ These macros are used to set the cursor movement for each reordered string.
+
+-----------------------------------------------------------------------------
+
+ucstring_t *ucstring_create(unsigned long *source, unsigned long start,
+ unsigned long end, int default_direction,
+ int cursor_motion)
+
+ This function will create a reordered string by using the implicit
+ directionality of the characters in the specified substring.
+
+ The `default_direction' parameter should be one of UCPGBA_LTR or UCPGBA_RTL
+ and is used only in cases where a string contains no characters with strong
+ directionality.
+
+ The `cursor_motion' parameter should be one of UCPGBA_CURSOR_VISUAL or
+ UCPGBA_CURSOR_LOGICAL, and is used to specify the initial cursor motion
+ behavior. This behavior can be switched at any time using
+ ustring_set_cursor_motion().
+
+-----------------------------------------------------------------------------
+
+void ucstring_free(ucstring_t *string)
+
+ This function will deallocate the memory used by the string, incuding the
+ string itself.
+
+-----------------------------------------------------------------------------
+
+void ucstring_cursor_info(ustring_t *string, int *direction,
+ unsigned long *position)
+
+ This function will return the text position of the internal cursor and the
+ directionality of the text at that position. The position returned is the
+ original text position of the character.
+
+-----------------------------------------------------------------------------
+
+int ucstring_set_cursor_motion(ucstring_t *string, int cursor_motion)
+
+ This function will change the cursor motion type and return the previous
+ cursor motion type.
+
+-----------------------------------------------------------------------------
+
+int ucstring_cursor_right(ucstring_t *string, int count)
+
+ This function will move the internal cursor to the right according to the
+ type of cursor motion set for the string.
+
+ If no cursor motion is performed, it returns 0. Otherwise it will return a
+ 1.
+
+-----------------------------------------------------------------------------
+
+int ucstring_cursor_left(ucstring_t *string, int count)
+
+ This function will move the internal cursor to the left according to the
+ type of cursor motion set for the string.
+
+ If no cursor motion is performed, it returns 0. Otherwise it will return a
+ 1.
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/format.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/format.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/format.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,267 @@
+#
+# $Id: format.txt,v 1.2 2001/01/02 18:46:20 mleisher Exp $
+#
+
+CHARACTER DATA
+==============
+
+This package generates some data files that contain character properties useful
+for text processing.
+
+CHARACTER PROPERTIES
+====================
+
+The first data file is called "ctype.dat" and contains a compressed form of
+the character properties found in the Unicode Character Database (UCDB).
+Additional properties can be specified in limited UCDB format in another file
+to avoid modifying the original UCDB.
+
+The following is a property name and code table to be used with the character
+data:
+
+NAME CODE DESCRIPTION
+---------------------
+Mn 0 Mark, Non-Spacing
+Mc 1 Mark, Spacing Combining
+Me 2 Mark, Enclosing
+Nd 3 Number, Decimal Digit
+Nl 4 Number, Letter
+No 5 Number, Other
+Zs 6 Separator, Space
+Zl 7 Separator, Line
+Zp 8 Separator, Paragraph
+Cc 9 Other, Control
+Cf 10 Other, Format
+Cs 11 Other, Surrogate
+Co 12 Other, Private Use
+Cn 13 Other, Not Assigned
+Lu 14 Letter, Uppercase
+Ll 15 Letter, Lowercase
+Lt 16 Letter, Titlecase
+Lm 17 Letter, Modifier
+Lo 18 Letter, Other
+Pc 19 Punctuation, Connector
+Pd 20 Punctuation, Dash
+Ps 21 Punctuation, Open
+Pe 22 Punctuation, Close
+Po 23 Punctuation, Other
+Sm 24 Symbol, Math
+Sc 25 Symbol, Currency
+Sk 26 Symbol, Modifier
+So 27 Symbol, Other
+L 28 Left-To-Right
+R 29 Right-To-Left
+EN 30 European Number
+ES 31 European Number Separator
+ET 32 European Number Terminator
+AN 33 Arabic Number
+CS 34 Common Number Separator
+B 35 Block Separator
+S 36 Segment Separator
+WS 37 Whitespace
+ON 38 Other Neutrals
+Pi 47 Punctuation, Initial
+Pf 48 Punctuation, Final
+#
+# Implementation specific properties.
+#
+Cm 39 Composite
+Nb 40 Non-Breaking
+Sy 41 Symmetric (characters which are part of open/close pairs)
+Hd 42 Hex Digit
+Qm 43 Quote Mark
+Mr 44 Mirroring
+Ss 45 Space, Other (controls viewed as spaces in ctype isspace())
+Cp 46 Defined character
+
+The actual binary data is formatted as follows:
+
+ Assumptions: unsigned short is at least 16-bits in size and unsigned long
+ is at least 32-bits in size.
+
+ unsigned short ByteOrderMark
+ unsigned short OffsetArraySize
+ unsigned long Bytes
+ unsigned short Offsets[OffsetArraySize + 1]
+ unsigned long Ranges[N], N = value of Offsets[OffsetArraySize]
+
+ The Bytes field provides the total byte count used for the Offsets[] and
+ Ranges[] arrays. The Offsets[] array is aligned on a 4-byte boundary and
+ there is always one extra node on the end to hold the final index of the
+ Ranges[] array. The Ranges[] array contains pairs of 4-byte values
+ representing a range of Unicode characters. The pairs are arranged in
+ increasing order by the first character code in the range.
+
+ Determining if a particular character is in the property list requires a
+ simple binary search to determine if a character is in any of the ranges
+ for the property.
+
+ If the ByteOrderMark is equal to 0xFFFE, then the data was generated on a
+ machine with a different endian order and the values must be byte-swapped.
+
+ To swap a 16-bit value:
+ c = (c >> 8) | ((c & 0xff) << 8)
+
+ To swap a 32-bit value:
+ c = ((c & 0xff) << 24) | (((c >> 8) & 0xff) << 16) |
+ (((c >> 16) & 0xff) << 8) | (c >> 24)
+
+CASE MAPPINGS
+=============
+
+The next data file is called "case.dat" and contains three case mapping tables
+in the following order: upper, lower, and title case. Each table is in
+increasing order by character code and each mapping contains 3 unsigned longs
+which represent the possible mappings.
+
+The format for the binary form of these tables is:
+
+ unsigned short ByteOrderMark
+ unsigned short NumMappingNodes, count of all mapping nodes
+ unsigned short CaseTableSizes[2], upper and lower mapping node counts
+ unsigned long CaseTables[NumMappingNodes]
+
+ The starting indexes of the case tables are calculated as following:
+
+ UpperIndex = 0;
+ LowerIndex = CaseTableSizes[0] * 3;
+ TitleIndex = LowerIndex + CaseTableSizes[1] * 3;
+
+ The order of the fields for the three tables are:
+
+ Upper case
+ ----------
+ unsigned long upper;
+ unsigned long lower;
+ unsigned long title;
+
+ Lower case
+ ----------
+ unsigned long lower;
+ unsigned long upper;
+ unsigned long title;
+
+ Title case
+ ----------
+ unsigned long title;
+ unsigned long upper;
+ unsigned long lower;
+
+ If the ByteOrderMark is equal to 0xFFFE, endian swapping is required in the
+ same way as described in the CHARACTER PROPERTIES section.
+
+ Because the tables are in increasing order by character code, locating a
+ mapping requires a simple binary search on one of the 3 codes that make up
+ each node.
+
+ It is important to note that there can only be 65536 mapping nodes which
+ divided into 3 portions allows 21845 nodes for each case mapping table. The
+ distribution of mappings may be more or less than 21845 per table, but only
+ 65536 are allowed.
+
+COMPOSITIONS
+============
+
+This data file is called "comp.dat" and contains data that tracks character
+pairs that have a single Unicode value representing the combination of the two
+characters.
+
+The format for the binary form of this table is:
+
+ unsigned short ByteOrderMark
+ unsigned short NumCompositionNodes, count of composition nodes
+ unsigned long Bytes, total number of bytes used for composition nodes
+ unsigned long CompositionNodes[NumCompositionNodes * 4]
+
+ If the ByteOrderMark is equal to 0xFFFE, endian swapping is required in the
+ same way as described in the CHARACTER PROPERTIES section.
+
+ The CompositionNodes[] array consists of groups of 4 unsigned longs. The
+ first of these is the character code representing the combination of two
+ other character codes, the second records the number of character codes that
+ make up the composition (not currently used), and the last two are the pair
+ of character codes whose combination is represented by the character code in
+ the first field.
+
+DECOMPOSITIONS
+==============
+
+The next data file is called "decomp.dat" and contains the decomposition data
+for all characters with decompositions containing more than one character and
+are *not* compatibility decompositions. Compatibility decompositions are
+signaled in the UCDB format by the use of the <compat> tag in the
+decomposition field. Each list of character codes represents a full
+decomposition of a composite character. The nodes are arranged in increasing
+order by character code.
+
+The format for the binary form of this table is:
+
+ unsigned short ByteOrderMark
+ unsigned short NumDecompNodes, count of all decomposition nodes
+ unsigned long Bytes
+ unsigned long DecompNodes[(NumDecompNodes * 2) + 1]
+ unsigned long Decomp[N], N = sum of all counts in DecompNodes[]
+
+ If the ByteOrderMark is equal to 0xFFFE, endian swapping is required in the
+ same way as described in the CHARACTER PROPERTIES section.
+
+ The DecompNodes[] array consists of pairs of unsigned longs, the first of
+ which is the character code and the second is the initial index of the list
+ of character codes representing the decomposition.
+
+ Locating the decomposition of a composite character requires a binary search
+ for a character code in the DecompNodes[] array and using its index to
+ locate the start of the decomposition. The length of the decomposition list
+ is the index in the following element in DecompNode[] minus the current
+ index.
+
+COMBINING CLASSES
+=================
+
+The fourth data file is called "cmbcl.dat" and contains the characters with
+non-zero combining classes.
+
+The format for the binary form of this table is:
+
+ unsigned short ByteOrderMark
+ unsigned short NumCCLNodes
+ unsigned long Bytes
+ unsigned long CCLNodes[NumCCLNodes * 3]
+
+ If the ByteOrderMark is equal to 0xFFFE, endian swapping is required in the
+ same way as described in the CHARACTER PROPERTIES section.
+
+ The CCLNodes[] array consists of groups of three unsigned longs. The first
+ and second are the beginning and ending of a range and the third is the
+ combining class of that range.
+
+ If a character is not found in this table, then the combining class is
+ assumed to be 0.
+
+ It is important to note that only 65536 distinct ranges plus combining class
+ can be specified because the NumCCLNodes is usually a 16-bit number.
+
+NUMBER TABLE
+============
+
+The final data file is called "num.dat" and contains the characters that have
+a numeric value associated with them.
+
+The format for the binary form of the table is:
+
+ unsigned short ByteOrderMark
+ unsigned short NumNumberNodes
+ unsigned long Bytes
+ unsigned long NumberNodes[NumNumberNodes]
+ unsigned short ValueNodes[(Bytes - (NumNumberNodes * sizeof(unsigned long)))
+ / sizeof(short)]
+
+ If the ByteOrderMark is equal to 0xFFFE, endian swapping is required in the
+ same way as described in the CHARACTER PROPERTIES section.
+
+ The NumberNodes array contains pairs of values, the first of which is the
+ character code and the second an index into the ValueNodes array. The
+ ValueNodes array contains pairs of integers which represent the numerator
+ and denominator of the numeric value of the character. If the character
+ happens to map to an integer, both the values in ValueNodes will be the
+ same.
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucdata.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucdata.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucdata.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1501 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.c,v 1.30.2.4 2007/01/02 21:43:51 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Copyright 2001 Computing Research Labs, New Mexico State University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+/* $Id: ucdata.c,v 1.4 2001/01/02 18:46:20 mleisher Exp $" */
+
+#include "portable.h"
+#include "ldap_config.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include <ac/bytes.h>
+
+#include "lber_pvt.h"
+#include "ucdata.h"
+
+#ifndef HARDCODE_DATA
+#define HARDCODE_DATA 1
+#endif
+
+#if HARDCODE_DATA
+#include "uctable.h"
+#endif
+
+/**************************************************************************
+ *
+ * Miscellaneous types, data, and support functions.
+ *
+ **************************************************************************/
+
+typedef struct {
+ ac_uint2 bom;
+ ac_uint2 cnt;
+ union {
+ ac_uint4 bytes;
+ ac_uint2 len[2];
+ } size;
+} _ucheader_t;
+
+/*
+ * A simple array of 32-bit masks for lookup.
+ */
+static ac_uint4 masks32[32] = {
+ 0x00000001UL, 0x00000002UL, 0x00000004UL, 0x00000008UL,
+ 0x00000010UL, 0x00000020UL, 0x00000040UL, 0x00000080UL,
+ 0x00000100UL, 0x00000200UL, 0x00000400UL, 0x00000800UL,
+ 0x00001000UL, 0x00002000UL, 0x00004000UL, 0x00008000UL,
+ 0x00010000UL, 0x00020000UL, 0x00040000UL, 0x00080000UL,
+ 0x00100000UL, 0x00200000UL, 0x00400000UL, 0x00800000UL,
+ 0x01000000UL, 0x02000000UL, 0x04000000UL, 0x08000000UL,
+ 0x10000000UL, 0x20000000UL, 0x40000000UL, 0x80000000UL
+};
+
+#define endian_short(cc) (((cc) >> 8) | (((cc) & 0xff) << 8))
+#define endian_long(cc) ((((cc) & 0xff) << 24)|((((cc) >> 8) & 0xff) << 16)|\
+ ((((cc) >> 16) & 0xff) << 8)|((cc) >> 24))
+
+#if !HARDCODE_DATA
+static FILE *
+_ucopenfile(char *paths, char *filename, char *mode)
+{
+ FILE *f;
+ char *fp, *dp, *pp, path[BUFSIZ];
+
+ if (filename == 0 || *filename == 0)
+ return 0;
+
+ dp = paths;
+ while (dp && *dp) {
+ pp = path;
+ while (*dp && *dp != ':')
+ *pp++ = *dp++;
+ *pp++ = *LDAP_DIRSEP;
+
+ fp = filename;
+ while (*fp)
+ *pp++ = *fp++;
+ *pp = 0;
+
+ if ((f = fopen(path, mode)) != 0)
+ return f;
+
+ if (*dp == ':')
+ dp++;
+ }
+
+ return 0;
+}
+#endif
+
+/**************************************************************************
+ *
+ * Support for the character properties.
+ *
+ **************************************************************************/
+
+#if !HARDCODE_DATA
+
+static ac_uint4 _ucprop_size;
+static ac_uint2 *_ucprop_offsets;
+static ac_uint4 *_ucprop_ranges;
+
+/*
+ * Return -1 on error, 0 if okay
+ */
+static int
+_ucprop_load(char *paths, int reload)
+{
+ FILE *in;
+ ac_uint4 size, i;
+ _ucheader_t hdr;
+
+ if (_ucprop_size > 0) {
+ if (!reload)
+ /*
+ * The character properties have already been loaded.
+ */
+ return 0;
+
+ /*
+ * Unload the current character property data in preparation for
+ * loading a new copy. Only the first array has to be deallocated
+ * because all the memory for the arrays is allocated as a single
+ * block.
+ */
+ free((char *) _ucprop_offsets);
+ _ucprop_size = 0;
+ }
+
+ if ((in = _ucopenfile(paths, "ctype.dat", "rb")) == 0)
+ return -1;
+
+ /*
+ * Load the header.
+ */
+ fread((char *) &hdr, sizeof(_ucheader_t), 1, in);
+
+ if (hdr.bom == 0xfffe) {
+ hdr.cnt = endian_short(hdr.cnt);
+ hdr.size.bytes = endian_long(hdr.size.bytes);
+ }
+
+ if ((_ucprop_size = hdr.cnt) == 0) {
+ fclose(in);
+ return -1;
+ }
+
+ /*
+ * Allocate all the storage needed for the lookup table.
+ */
+ _ucprop_offsets = (ac_uint2 *) malloc(hdr.size.bytes);
+
+ /*
+ * Calculate the offset into the storage for the ranges. The offsets
+ * array is on a 4-byte boundary and one larger than the value provided in
+ * the header count field. This means the offset to the ranges must be
+ * calculated after aligning the count to a 4-byte boundary.
+ */
+ if ((size = ((hdr.cnt + 1) * sizeof(ac_uint2))) & 3)
+ size += 4 - (size & 3);
+ size >>= 1;
+ _ucprop_ranges = (ac_uint4 *) (_ucprop_offsets + size);
+
+ /*
+ * Load the offset array.
+ */
+ fread((char *) _ucprop_offsets, sizeof(ac_uint2), size, in);
+
+ /*
+ * Do an endian swap if necessary. Don't forget there is an extra node on
+ * the end with the final index.
+ */
+ if (hdr.bom == 0xfffe) {
+ for (i = 0; i <= _ucprop_size; i++)
+ _ucprop_offsets[i] = endian_short(_ucprop_offsets[i]);
+ }
+
+ /*
+ * Load the ranges. The number of elements is in the last array position
+ * of the offsets.
+ */
+ fread((char *) _ucprop_ranges, sizeof(ac_uint4),
+ _ucprop_offsets[_ucprop_size], in);
+
+ fclose(in);
+
+ /*
+ * Do an endian swap if necessary.
+ */
+ if (hdr.bom == 0xfffe) {
+ for (i = 0; i < _ucprop_offsets[_ucprop_size]; i++)
+ _ucprop_ranges[i] = endian_long(_ucprop_ranges[i]);
+ }
+ return 0;
+}
+
+static void
+_ucprop_unload(void)
+{
+ if (_ucprop_size == 0)
+ return;
+
+ /*
+ * Only need to free the offsets because the memory is allocated as a
+ * single block.
+ */
+ free((char *) _ucprop_offsets);
+ _ucprop_size = 0;
+}
+#endif
+
+static int
+_ucprop_lookup(ac_uint4 code, ac_uint4 n)
+{
+ long l, r, m;
+
+ if (_ucprop_size == 0)
+ return 0;
+
+ /*
+ * There is an extra node on the end of the offsets to allow this routine
+ * to work right. If the index is 0xffff, then there are no nodes for the
+ * property.
+ */
+ if ((l = _ucprop_offsets[n]) == 0xffff)
+ return 0;
+
+ /*
+ * Locate the next offset that is not 0xffff. The sentinel at the end of
+ * the array is the max index value.
+ */
+ for (m = 1;
+ n + m < _ucprop_size && _ucprop_offsets[n + m] == 0xffff; m++) ;
+
+ r = _ucprop_offsets[n + m] - 1;
+
+ while (l <= r) {
+ /*
+ * Determine a "mid" point and adjust to make sure the mid point is at
+ * the beginning of a range pair.
+ */
+ m = (l + r) >> 1;
+ m -= (m & 1);
+ if (code > _ucprop_ranges[m + 1])
+ l = m + 2;
+ else if (code < _ucprop_ranges[m])
+ r = m - 2;
+ else if (code >= _ucprop_ranges[m] && code <= _ucprop_ranges[m + 1])
+ return 1;
+ }
+ return 0;
+}
+
+int
+ucisprop(ac_uint4 code, ac_uint4 mask1, ac_uint4 mask2)
+{
+ ac_uint4 i;
+
+ if (mask1 == 0 && mask2 == 0)
+ return 0;
+
+ for (i = 0; mask1 && i < 32; i++) {
+ if ((mask1 & masks32[i]) && _ucprop_lookup(code, i))
+ return 1;
+ }
+
+ for (i = 32; mask2 && i < _ucprop_size; i++) {
+ if ((mask2 & masks32[i & 31]) && _ucprop_lookup(code, i))
+ return 1;
+ }
+
+ return 0;
+}
+
+/**************************************************************************
+ *
+ * Support for case mapping.
+ *
+ **************************************************************************/
+
+#if !HARDCODE_DATA
+
+/* These record the number of slots in the map.
+ * There are 3 words per slot.
+ */
+static ac_uint4 _uccase_size;
+static ac_uint2 _uccase_len[2];
+static ac_uint4 *_uccase_map;
+
+/*
+ * Return -1 on error, 0 if okay
+ */
+static int
+_uccase_load(char *paths, int reload)
+{
+ FILE *in;
+ ac_uint4 i;
+ _ucheader_t hdr;
+
+ if (_uccase_size > 0) {
+ if (!reload)
+ /*
+ * The case mappings have already been loaded.
+ */
+ return 0;
+
+ free((char *) _uccase_map);
+ _uccase_size = 0;
+ }
+
+ if ((in = _ucopenfile(paths, "case.dat", "rb")) == 0)
+ return -1;
+
+ /*
+ * Load the header.
+ */
+ fread((char *) &hdr, sizeof(_ucheader_t), 1, in);
+
+ if (hdr.bom == 0xfffe) {
+ hdr.cnt = endian_short(hdr.cnt);
+ hdr.size.len[0] = endian_short(hdr.size.len[0]);
+ hdr.size.len[1] = endian_short(hdr.size.len[1]);
+ }
+
+ /*
+ * Set the node count and lengths of the upper and lower case mapping
+ * tables.
+ */
+ _uccase_size = hdr.cnt;
+ _uccase_len[0] = hdr.size.len[0];
+ _uccase_len[1] = hdr.size.len[1];
+
+ _uccase_map = (ac_uint4 *)
+ malloc(_uccase_size * 3 * sizeof(ac_uint4));
+
+ /*
+ * Load the case mapping table.
+ */
+ fread((char *) _uccase_map, sizeof(ac_uint4), _uccase_size * 3, in);
+
+ /*
+ * Do an endian swap if necessary.
+ */
+ if (hdr.bom == 0xfffe) {
+ for (i = 0; i < _uccase_size * 3; i++)
+ _uccase_map[i] = endian_long(_uccase_map[i]);
+ }
+ fclose(in);
+ return 0;
+}
+
+static void
+_uccase_unload(void)
+{
+ if (_uccase_size == 0)
+ return;
+
+ free((char *) _uccase_map);
+ _uccase_size = 0;
+}
+#endif
+
+static ac_uint4
+_uccase_lookup(ac_uint4 code, long l, long r, int field)
+{
+ long m;
+ ac_uint4 *tmp;
+
+ /*
+ * Do the binary search.
+ */
+ while (l <= r) {
+ /*
+ * Determine a "mid" point and adjust to make sure the mid point is at
+ * the beginning of a case mapping triple.
+ */
+ m = (l + r) >> 1;
+ tmp = &_uccase_map[m*3];
+ if (code > *tmp)
+ l = m + 1;
+ else if (code < *tmp)
+ r = m - 1;
+ else if (code == *tmp)
+ return tmp[field];
+ }
+
+ return code;
+}
+
+ac_uint4
+uctoupper(ac_uint4 code)
+{
+ int field;
+ long l, r;
+
+ if (ucisupper(code))
+ return code;
+
+ if (ucislower(code)) {
+ /*
+ * The character is lower case.
+ */
+ field = 2;
+ l = _uccase_len[0];
+ r = (l + _uccase_len[1]) - 1;
+ } else {
+ /*
+ * The character is title case.
+ */
+ field = 1;
+ l = _uccase_len[0] + _uccase_len[1];
+ r = _uccase_size - 1;
+ }
+ return _uccase_lookup(code, l, r, field);
+}
+
+ac_uint4
+uctolower(ac_uint4 code)
+{
+ int field;
+ long l, r;
+
+ if (ucislower(code))
+ return code;
+
+ if (ucisupper(code)) {
+ /*
+ * The character is upper case.
+ */
+ field = 1;
+ l = 0;
+ r = _uccase_len[0] - 1;
+ } else {
+ /*
+ * The character is title case.
+ */
+ field = 2;
+ l = _uccase_len[0] + _uccase_len[1];
+ r = _uccase_size - 1;
+ }
+ return _uccase_lookup(code, l, r, field);
+}
+
+ac_uint4
+uctotitle(ac_uint4 code)
+{
+ int field;
+ long l, r;
+
+ if (ucistitle(code))
+ return code;
+
+ /*
+ * The offset will always be the same for converting to title case.
+ */
+ field = 2;
+
+ if (ucisupper(code)) {
+ /*
+ * The character is upper case.
+ */
+ l = 0;
+ r = _uccase_len[0] - 1;
+ } else {
+ /*
+ * The character is lower case.
+ */
+ l = _uccase_len[0];
+ r = (l + _uccase_len[1]) - 1;
+ }
+ return _uccase_lookup(code, l, r, field);
+}
+
+/**************************************************************************
+ *
+ * Support for compositions.
+ *
+ **************************************************************************/
+
+#if !HARDCODE_DATA
+
+static ac_uint4 _uccomp_size;
+static ac_uint4 *_uccomp_data;
+
+/*
+ * Return -1 on error, 0 if okay
+ */
+static int
+_uccomp_load(char *paths, int reload)
+{
+ FILE *in;
+ ac_uint4 size, i;
+ _ucheader_t hdr;
+
+ if (_uccomp_size > 0) {
+ if (!reload)
+ /*
+ * The compositions have already been loaded.
+ */
+ return 0;
+
+ free((char *) _uccomp_data);
+ _uccomp_size = 0;
+ }
+
+ if ((in = _ucopenfile(paths, "comp.dat", "rb")) == 0)
+ return -1;
+
+ /*
+ * Load the header.
+ */
+ fread((char *) &hdr, sizeof(_ucheader_t), 1, in);
+
+ if (hdr.bom == 0xfffe) {
+ hdr.cnt = endian_short(hdr.cnt);
+ hdr.size.bytes = endian_long(hdr.size.bytes);
+ }
+
+ _uccomp_size = hdr.cnt;
+ _uccomp_data = (ac_uint4 *) malloc(hdr.size.bytes);
+
+ /*
+ * Read the composition data in.
+ */
+ size = hdr.size.bytes / sizeof(ac_uint4);
+ fread((char *) _uccomp_data, sizeof(ac_uint4), size, in);
+
+ /*
+ * Do an endian swap if necessary.
+ */
+ if (hdr.bom == 0xfffe) {
+ for (i = 0; i < size; i++)
+ _uccomp_data[i] = endian_long(_uccomp_data[i]);
+ }
+
+ /*
+ * Assume that the data is ordered on count, so that all compositions
+ * of length 2 come first. Only handling length 2 for now.
+ */
+ for (i = 1; i < size; i += 4)
+ if (_uccomp_data[i] != 2)
+ break;
+ _uccomp_size = i - 1;
+
+ fclose(in);
+ return 0;
+}
+
+static void
+_uccomp_unload(void)
+{
+ if (_uccomp_size == 0)
+ return;
+
+ free((char *) _uccomp_data);
+ _uccomp_size = 0;
+}
+#endif
+
+int
+uccomp(ac_uint4 node1, ac_uint4 node2, ac_uint4 *comp)
+{
+ int l, r, m;
+
+ l = 0;
+ r = _uccomp_size - 1;
+
+ while (l <= r) {
+ m = ((r + l) >> 1);
+ m -= m & 3;
+ if (node1 > _uccomp_data[m+2])
+ l = m + 4;
+ else if (node1 < _uccomp_data[m+2])
+ r = m - 4;
+ else if (node2 > _uccomp_data[m+3])
+ l = m + 4;
+ else if (node2 < _uccomp_data[m+3])
+ r = m - 4;
+ else {
+ *comp = _uccomp_data[m];
+ return 1;
+ }
+ }
+ return 0;
+}
+
+int
+uccomp_hangul(ac_uint4 *str, int len)
+{
+ const int SBase = 0xAC00, LBase = 0x1100,
+ VBase = 0x1161, TBase = 0x11A7,
+ LCount = 19, VCount = 21, TCount = 28,
+ NCount = VCount * TCount, /* 588 */
+ SCount = LCount * NCount; /* 11172 */
+
+ int i, rlen;
+ ac_uint4 ch, last, lindex, sindex;
+
+ last = str[0];
+ rlen = 1;
+ for ( i = 1; i < len; i++ ) {
+ ch = str[i];
+
+ /* check if two current characters are L and V */
+ lindex = last - LBase;
+ if (lindex < (ac_uint4) LCount) {
+ ac_uint4 vindex = ch - VBase;
+ if (vindex < (ac_uint4) VCount) {
+ /* make syllable of form LV */
+ last = SBase + (lindex * VCount + vindex) * TCount;
+ str[rlen-1] = last; /* reset last */
+ continue;
+ }
+ }
+
+ /* check if two current characters are LV and T */
+ sindex = last - SBase;
+ if (sindex < (ac_uint4) SCount
+ && (sindex % TCount) == 0)
+ {
+ ac_uint4 tindex = ch - TBase;
+ if (tindex <= (ac_uint4) TCount) {
+ /* make syllable of form LVT */
+ last += tindex;
+ str[rlen-1] = last; /* reset last */
+ continue;
+ }
+ }
+
+ /* if neither case was true, just add the character */
+ last = ch;
+ str[rlen] = ch;
+ rlen++;
+ }
+ return rlen;
+}
+
+int
+uccanoncomp(ac_uint4 *str, int len)
+{
+ int i, stpos, copos;
+ ac_uint4 cl, prevcl, st, ch, co;
+
+ st = str[0];
+ stpos = 0;
+ copos = 1;
+ prevcl = uccombining_class(st) == 0 ? 0 : 256;
+
+ for (i = 1; i < len; i++) {
+ ch = str[i];
+ cl = uccombining_class(ch);
+ if (uccomp(st, ch, &co) && (prevcl < cl || prevcl == 0))
+ st = str[stpos] = co;
+ else {
+ if (cl == 0) {
+ stpos = copos;
+ st = ch;
+ }
+ prevcl = cl;
+ str[copos++] = ch;
+ }
+ }
+
+ return uccomp_hangul(str, copos);
+}
+
+/**************************************************************************
+ *
+ * Support for decompositions.
+ *
+ **************************************************************************/
+
+#if !HARDCODE_DATA
+
+static ac_uint4 _ucdcmp_size;
+static ac_uint4 *_ucdcmp_nodes;
+static ac_uint4 *_ucdcmp_decomp;
+
+static ac_uint4 _uckdcmp_size;
+static ac_uint4 *_uckdcmp_nodes;
+static ac_uint4 *_uckdcmp_decomp;
+
+/*
+ * Return -1 on error, 0 if okay
+ */
+static int
+_ucdcmp_load(char *paths, int reload)
+{
+ FILE *in;
+ ac_uint4 size, i;
+ _ucheader_t hdr;
+
+ if (_ucdcmp_size > 0) {
+ if (!reload)
+ /*
+ * The decompositions have already been loaded.
+ */
+ return 0;
+
+ free((char *) _ucdcmp_nodes);
+ _ucdcmp_size = 0;
+ }
+
+ if ((in = _ucopenfile(paths, "decomp.dat", "rb")) == 0)
+ return -1;
+
+ /*
+ * Load the header.
+ */
+ fread((char *) &hdr, sizeof(_ucheader_t), 1, in);
+
+ if (hdr.bom == 0xfffe) {
+ hdr.cnt = endian_short(hdr.cnt);
+ hdr.size.bytes = endian_long(hdr.size.bytes);
+ }
+
+ _ucdcmp_size = hdr.cnt << 1;
+ _ucdcmp_nodes = (ac_uint4 *) malloc(hdr.size.bytes);
+ _ucdcmp_decomp = _ucdcmp_nodes + (_ucdcmp_size + 1);
+
+ /*
+ * Read the decomposition data in.
+ */
+ size = hdr.size.bytes / sizeof(ac_uint4);
+ fread((char *) _ucdcmp_nodes, sizeof(ac_uint4), size, in);
+
+ /*
+ * Do an endian swap if necessary.
+ */
+ if (hdr.bom == 0xfffe) {
+ for (i = 0; i < size; i++)
+ _ucdcmp_nodes[i] = endian_long(_ucdcmp_nodes[i]);
+ }
+ fclose(in);
+ return 0;
+}
+
+/*
+ * Return -1 on error, 0 if okay
+ */
+static int
+_uckdcmp_load(char *paths, int reload)
+{
+ FILE *in;
+ ac_uint4 size, i;
+ _ucheader_t hdr;
+
+ if (_uckdcmp_size > 0) {
+ if (!reload)
+ /*
+ * The decompositions have already been loaded.
+ */
+ return 0;
+
+ free((char *) _uckdcmp_nodes);
+ _uckdcmp_size = 0;
+ }
+
+ if ((in = _ucopenfile(paths, "kdecomp.dat", "rb")) == 0)
+ return -1;
+
+ /*
+ * Load the header.
+ */
+ fread((char *) &hdr, sizeof(_ucheader_t), 1, in);
+
+ if (hdr.bom == 0xfffe) {
+ hdr.cnt = endian_short(hdr.cnt);
+ hdr.size.bytes = endian_long(hdr.size.bytes);
+ }
+
+ _uckdcmp_size = hdr.cnt << 1;
+ _uckdcmp_nodes = (ac_uint4 *) malloc(hdr.size.bytes);
+ _uckdcmp_decomp = _uckdcmp_nodes + (_uckdcmp_size + 1);
+
+ /*
+ * Read the decomposition data in.
+ */
+ size = hdr.size.bytes / sizeof(ac_uint4);
+ fread((char *) _uckdcmp_nodes, sizeof(ac_uint4), size, in);
+
+ /*
+ * Do an endian swap if necessary.
+ */
+ if (hdr.bom == 0xfffe) {
+ for (i = 0; i < size; i++)
+ _uckdcmp_nodes[i] = endian_long(_uckdcmp_nodes[i]);
+ }
+ fclose(in);
+ return 0;
+}
+
+static void
+_ucdcmp_unload(void)
+{
+ if (_ucdcmp_size == 0)
+ return;
+
+ /*
+ * Only need to free the offsets because the memory is allocated as a
+ * single block.
+ */
+ free((char *) _ucdcmp_nodes);
+ _ucdcmp_size = 0;
+}
+
+static void
+_uckdcmp_unload(void)
+{
+ if (_uckdcmp_size == 0)
+ return;
+
+ /*
+ * Only need to free the offsets because the memory is allocated as a
+ * single block.
+ */
+ free((char *) _uckdcmp_nodes);
+ _uckdcmp_size = 0;
+}
+#endif
+
+int
+ucdecomp(ac_uint4 code, ac_uint4 *num, ac_uint4 **decomp)
+{
+ long l, r, m;
+
+ if (code < _ucdcmp_nodes[0]) {
+ return 0;
+ }
+
+ l = 0;
+ r = _ucdcmp_nodes[_ucdcmp_size] - 1;
+
+ while (l <= r) {
+ /*
+ * Determine a "mid" point and adjust to make sure the mid point is at
+ * the beginning of a code+offset pair.
+ */
+ m = (l + r) >> 1;
+ m -= (m & 1);
+ if (code > _ucdcmp_nodes[m])
+ l = m + 2;
+ else if (code < _ucdcmp_nodes[m])
+ r = m - 2;
+ else if (code == _ucdcmp_nodes[m]) {
+ *num = _ucdcmp_nodes[m + 3] - _ucdcmp_nodes[m + 1];
+ *decomp = (ac_uint4*)&_ucdcmp_decomp[_ucdcmp_nodes[m + 1]];
+ return 1;
+ }
+ }
+ return 0;
+}
+
+int
+uckdecomp(ac_uint4 code, ac_uint4 *num, ac_uint4 **decomp)
+{
+ long l, r, m;
+
+ if (code < _uckdcmp_nodes[0]) {
+ return 0;
+ }
+
+ l = 0;
+ r = _uckdcmp_nodes[_uckdcmp_size] - 1;
+
+ while (l <= r) {
+ /*
+ * Determine a "mid" point and adjust to make sure the mid point is at
+ * the beginning of a code+offset pair.
+ */
+ m = (l + r) >> 1;
+ m -= (m & 1);
+ if (code > _uckdcmp_nodes[m])
+ l = m + 2;
+ else if (code < _uckdcmp_nodes[m])
+ r = m - 2;
+ else if (code == _uckdcmp_nodes[m]) {
+ *num = _uckdcmp_nodes[m + 3] - _uckdcmp_nodes[m + 1];
+ *decomp = (ac_uint4*)&_uckdcmp_decomp[_uckdcmp_nodes[m + 1]];
+ return 1;
+ }
+ }
+ return 0;
+}
+
+int
+ucdecomp_hangul(ac_uint4 code, ac_uint4 *num, ac_uint4 decomp[])
+{
+ if (!ucishangul(code))
+ return 0;
+
+ code -= 0xac00;
+ decomp[0] = 0x1100 + (ac_uint4) (code / 588);
+ decomp[1] = 0x1161 + (ac_uint4) ((code % 588) / 28);
+ decomp[2] = 0x11a7 + (ac_uint4) (code % 28);
+ *num = (decomp[2] != 0x11a7) ? 3 : 2;
+
+ return 1;
+}
+
+/* mode == 0 for canonical, mode == 1 for compatibility */
+static int
+uccanoncompatdecomp(const ac_uint4 *in, int inlen,
+ ac_uint4 **out, int *outlen, short mode, void *ctx)
+{
+ int l, size;
+ unsigned i, j, k;
+ ac_uint4 num, class, *decomp, hangdecomp[3];
+
+ size = inlen * 2;
+ *out = (ac_uint4 *) ber_memalloc_x(size * sizeof(**out), ctx);
+ if (*out == NULL)
+ return *outlen = -1;
+
+ i = 0;
+ for (j = 0; j < (unsigned) inlen; j++) {
+ if (mode ? uckdecomp(in[j], &num, &decomp) : ucdecomp(in[j], &num, &decomp)) {
+ if ( size - i < num) {
+ size = inlen + i - j + num - 1;
+ *out = (ac_uint4 *) ber_memrealloc_x(*out, size * sizeof(**out), ctx );
+ if (*out == NULL)
+ return *outlen = -1;
+ }
+ for (k = 0; k < num; k++) {
+ class = uccombining_class(decomp[k]);
+ if (class == 0) {
+ (*out)[i] = decomp[k];
+ } else {
+ for (l = i; l > 0; l--)
+ if (class >= uccombining_class((*out)[l-1]))
+ break;
+ AC_MEMCPY(*out + l + 1, *out + l, (i - l) * sizeof(**out));
+ (*out)[l] = decomp[k];
+ }
+ i++;
+ }
+ } else if (ucdecomp_hangul(in[j], &num, hangdecomp)) {
+ if (size - i < num) {
+ size = inlen + i - j + num - 1;
+ *out = (ac_uint4 *) ber_memrealloc_x(*out, size * sizeof(**out), ctx);
+ if (*out == NULL)
+ return *outlen = -1;
+ }
+ for (k = 0; k < num; k++) {
+ (*out)[i] = hangdecomp[k];
+ i++;
+ }
+ } else {
+ if (size - i < 1) {
+ size = inlen + i - j;
+ *out = (ac_uint4 *) ber_memrealloc_x(*out, size * sizeof(**out), ctx);
+ if (*out == NULL)
+ return *outlen = -1;
+ }
+ class = uccombining_class(in[j]);
+ if (class == 0) {
+ (*out)[i] = in[j];
+ } else {
+ for (l = i; l > 0; l--)
+ if (class >= uccombining_class((*out)[l-1]))
+ break;
+ AC_MEMCPY(*out + l + 1, *out + l, (i - l) * sizeof(**out));
+ (*out)[l] = in[j];
+ }
+ i++;
+ }
+ }
+ return *outlen = i;
+}
+
+int
+uccanondecomp(const ac_uint4 *in, int inlen,
+ ac_uint4 **out, int *outlen, void *ctx)
+{
+ return uccanoncompatdecomp(in, inlen, out, outlen, 0, ctx);
+}
+
+int
+uccompatdecomp(const ac_uint4 *in, int inlen,
+ ac_uint4 **out, int *outlen, void *ctx)
+{
+ return uccanoncompatdecomp(in, inlen, out, outlen, 1, ctx);
+}
+
+/**************************************************************************
+ *
+ * Support for combining classes.
+ *
+ **************************************************************************/
+
+#if !HARDCODE_DATA
+static ac_uint4 _uccmcl_size;
+static ac_uint4 *_uccmcl_nodes;
+
+/*
+ * Return -1 on error, 0 if okay
+ */
+static int
+_uccmcl_load(char *paths, int reload)
+{
+ FILE *in;
+ ac_uint4 i;
+ _ucheader_t hdr;
+
+ if (_uccmcl_size > 0) {
+ if (!reload)
+ /*
+ * The combining classes have already been loaded.
+ */
+ return 0;
+
+ free((char *) _uccmcl_nodes);
+ _uccmcl_size = 0;
+ }
+
+ if ((in = _ucopenfile(paths, "cmbcl.dat", "rb")) == 0)
+ return -1;
+
+ /*
+ * Load the header.
+ */
+ fread((char *) &hdr, sizeof(_ucheader_t), 1, in);
+
+ if (hdr.bom == 0xfffe) {
+ hdr.cnt = endian_short(hdr.cnt);
+ hdr.size.bytes = endian_long(hdr.size.bytes);
+ }
+
+ _uccmcl_size = hdr.cnt * 3;
+ _uccmcl_nodes = (ac_uint4 *) malloc(hdr.size.bytes);
+
+ /*
+ * Read the combining classes in.
+ */
+ fread((char *) _uccmcl_nodes, sizeof(ac_uint4), _uccmcl_size, in);
+
+ /*
+ * Do an endian swap if necessary.
+ */
+ if (hdr.bom == 0xfffe) {
+ for (i = 0; i < _uccmcl_size; i++)
+ _uccmcl_nodes[i] = endian_long(_uccmcl_nodes[i]);
+ }
+ fclose(in);
+ return 0;
+}
+
+static void
+_uccmcl_unload(void)
+{
+ if (_uccmcl_size == 0)
+ return;
+
+ free((char *) _uccmcl_nodes);
+ _uccmcl_size = 0;
+}
+#endif
+
+ac_uint4
+uccombining_class(ac_uint4 code)
+{
+ long l, r, m;
+
+ l = 0;
+ r = _uccmcl_size - 1;
+
+ while (l <= r) {
+ m = (l + r) >> 1;
+ m -= (m % 3);
+ if (code > _uccmcl_nodes[m + 1])
+ l = m + 3;
+ else if (code < _uccmcl_nodes[m])
+ r = m - 3;
+ else if (code >= _uccmcl_nodes[m] && code <= _uccmcl_nodes[m + 1])
+ return _uccmcl_nodes[m + 2];
+ }
+ return 0;
+}
+
+/**************************************************************************
+ *
+ * Support for numeric values.
+ *
+ **************************************************************************/
+
+#if !HARDCODE_DATA
+static ac_uint4 *_ucnum_nodes;
+static ac_uint4 _ucnum_size;
+static short *_ucnum_vals;
+
+/*
+ * Return -1 on error, 0 if okay
+ */
+static int
+_ucnumb_load(char *paths, int reload)
+{
+ FILE *in;
+ ac_uint4 size, i;
+ _ucheader_t hdr;
+
+ if (_ucnum_size > 0) {
+ if (!reload)
+ /*
+ * The numbers have already been loaded.
+ */
+ return 0;
+
+ free((char *) _ucnum_nodes);
+ _ucnum_size = 0;
+ }
+
+ if ((in = _ucopenfile(paths, "num.dat", "rb")) == 0)
+ return -1;
+
+ /*
+ * Load the header.
+ */
+ fread((char *) &hdr, sizeof(_ucheader_t), 1, in);
+
+ if (hdr.bom == 0xfffe) {
+ hdr.cnt = endian_short(hdr.cnt);
+ hdr.size.bytes = endian_long(hdr.size.bytes);
+ }
+
+ _ucnum_size = hdr.cnt;
+ _ucnum_nodes = (ac_uint4 *) malloc(hdr.size.bytes);
+ _ucnum_vals = (short *) (_ucnum_nodes + _ucnum_size);
+
+ /*
+ * Read the combining classes in.
+ */
+ fread((char *) _ucnum_nodes, sizeof(unsigned char), hdr.size.bytes, in);
+
+ /*
+ * Do an endian swap if necessary.
+ */
+ if (hdr.bom == 0xfffe) {
+ for (i = 0; i < _ucnum_size; i++)
+ _ucnum_nodes[i] = endian_long(_ucnum_nodes[i]);
+
+ /*
+ * Determine the number of values that have to be adjusted.
+ */
+ size = (hdr.size.bytes -
+ (_ucnum_size * (sizeof(ac_uint4) << 1))) /
+ sizeof(short);
+
+ for (i = 0; i < size; i++)
+ _ucnum_vals[i] = endian_short(_ucnum_vals[i]);
+ }
+ fclose(in);
+ return 0;
+}
+
+static void
+_ucnumb_unload(void)
+{
+ if (_ucnum_size == 0)
+ return;
+
+ free((char *) _ucnum_nodes);
+ _ucnum_size = 0;
+}
+#endif
+
+int
+ucnumber_lookup(ac_uint4 code, struct ucnumber *num)
+{
+ long l, r, m;
+ short *vp;
+
+ l = 0;
+ r = _ucnum_size - 1;
+ while (l <= r) {
+ /*
+ * Determine a "mid" point and adjust to make sure the mid point is at
+ * the beginning of a code+offset pair.
+ */
+ m = (l + r) >> 1;
+ m -= (m & 1);
+ if (code > _ucnum_nodes[m])
+ l = m + 2;
+ else if (code < _ucnum_nodes[m])
+ r = m - 2;
+ else {
+ vp = (short *)_ucnum_vals + _ucnum_nodes[m + 1];
+ num->numerator = (int) *vp++;
+ num->denominator = (int) *vp;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+int
+ucdigit_lookup(ac_uint4 code, int *digit)
+{
+ long l, r, m;
+ short *vp;
+
+ l = 0;
+ r = _ucnum_size - 1;
+ while (l <= r) {
+ /*
+ * Determine a "mid" point and adjust to make sure the mid point is at
+ * the beginning of a code+offset pair.
+ */
+ m = (l + r) >> 1;
+ m -= (m & 1);
+ if (code > _ucnum_nodes[m])
+ l = m + 2;
+ else if (code < _ucnum_nodes[m])
+ r = m - 2;
+ else {
+ vp = (short *)_ucnum_vals + _ucnum_nodes[m + 1];
+ if (*vp == *(vp + 1)) {
+ *digit = *vp;
+ return 1;
+ }
+ return 0;
+ }
+ }
+ return 0;
+}
+
+struct ucnumber
+ucgetnumber(ac_uint4 code)
+{
+ struct ucnumber num;
+
+ /*
+ * Initialize with some arbitrary value, because the caller simply cannot
+ * tell for sure if the code is a number without calling the ucisnumber()
+ * macro before calling this function.
+ */
+ num.numerator = num.denominator = -111;
+
+ (void) ucnumber_lookup(code, &num);
+
+ return num;
+}
+
+int
+ucgetdigit(ac_uint4 code)
+{
+ int dig;
+
+ /*
+ * Initialize with some arbitrary value, because the caller simply cannot
+ * tell for sure if the code is a number without calling the ucisdigit()
+ * macro before calling this function.
+ */
+ dig = -111;
+
+ (void) ucdigit_lookup(code, &dig);
+
+ return dig;
+}
+
+/**************************************************************************
+ *
+ * Setup and cleanup routines.
+ *
+ **************************************************************************/
+
+#if HARDCODE_DATA
+int ucdata_load(char *paths, int masks) { return 0; }
+void ucdata_unload(int masks) { }
+int ucdata_reload(char *paths, int masks) { return 0; }
+#else
+/*
+ * Return 0 if okay, negative on error
+ */
+int
+ucdata_load(char *paths, int masks)
+{
+ int error = 0;
+
+ if (masks & UCDATA_CTYPE)
+ error |= _ucprop_load(paths, 0) < 0 ? UCDATA_CTYPE : 0;
+ if (masks & UCDATA_CASE)
+ error |= _uccase_load(paths, 0) < 0 ? UCDATA_CASE : 0;
+ if (masks & UCDATA_DECOMP)
+ error |= _ucdcmp_load(paths, 0) < 0 ? UCDATA_DECOMP : 0;
+ if (masks & UCDATA_CMBCL)
+ error |= _uccmcl_load(paths, 0) < 0 ? UCDATA_CMBCL : 0;
+ if (masks & UCDATA_NUM)
+ error |= _ucnumb_load(paths, 0) < 0 ? UCDATA_NUM : 0;
+ if (masks & UCDATA_COMP)
+ error |= _uccomp_load(paths, 0) < 0 ? UCDATA_COMP : 0;
+ if (masks & UCDATA_KDECOMP)
+ error |= _uckdcmp_load(paths, 0) < 0 ? UCDATA_KDECOMP : 0;
+
+ return -error;
+}
+
+void
+ucdata_unload(int masks)
+{
+ if (masks & UCDATA_CTYPE)
+ _ucprop_unload();
+ if (masks & UCDATA_CASE)
+ _uccase_unload();
+ if (masks & UCDATA_DECOMP)
+ _ucdcmp_unload();
+ if (masks & UCDATA_CMBCL)
+ _uccmcl_unload();
+ if (masks & UCDATA_NUM)
+ _ucnumb_unload();
+ if (masks & UCDATA_COMP)
+ _uccomp_unload();
+ if (masks & UCDATA_KDECOMP)
+ _uckdcmp_unload();
+}
+
+/*
+ * Return 0 if okay, negative on error
+ */
+int
+ucdata_reload(char *paths, int masks)
+{
+ int error = 0;
+
+ if (masks & UCDATA_CTYPE)
+ error |= _ucprop_load(paths, 1) < 0 ? UCDATA_CTYPE : 0;
+ if (masks & UCDATA_CASE)
+ error |= _uccase_load(paths, 1) < 0 ? UCDATA_CASE : 0;
+ if (masks & UCDATA_DECOMP)
+ error |= _ucdcmp_load(paths, 1) < 0 ? UCDATA_DECOMP : 0;
+ if (masks & UCDATA_CMBCL)
+ error |= _uccmcl_load(paths, 1) < 0 ? UCDATA_CMBCL : 0;
+ if (masks & UCDATA_NUM)
+ error |= _ucnumb_load(paths, 1) < 0 ? UCDATA_NUM : 0;
+ if (masks & UCDATA_COMP)
+ error |= _uccomp_load(paths, 1) < 0 ? UCDATA_COMP : 0;
+ if (masks & UCDATA_KDECOMP)
+ error |= _uckdcmp_load(paths, 1) < 0 ? UCDATA_KDECOMP : 0;
+
+ return -error;
+}
+#endif
+
+#ifdef TEST
+
+void
+main(void)
+{
+ int dig;
+ ac_uint4 i, lo, *dec;
+ struct ucnumber num;
+
+/* ucdata_setup("."); */
+
+ if (ucisweak(0x30))
+ printf("WEAK\n");
+ else
+ printf("NOT WEAK\n");
+
+ printf("LOWER 0x%04lX\n", uctolower(0xff3a));
+ printf("UPPER 0x%04lX\n", uctoupper(0xff5a));
+
+ if (ucisalpha(0x1d5))
+ printf("ALPHA\n");
+ else
+ printf("NOT ALPHA\n");
+
+ if (ucisupper(0x1d5)) {
+ printf("UPPER\n");
+ lo = uctolower(0x1d5);
+ printf("0x%04lx\n", lo);
+ lo = uctotitle(0x1d5);
+ printf("0x%04lx\n", lo);
+ } else
+ printf("NOT UPPER\n");
+
+ if (ucistitle(0x1d5))
+ printf("TITLE\n");
+ else
+ printf("NOT TITLE\n");
+
+ if (uciscomposite(0x1d5))
+ printf("COMPOSITE\n");
+ else
+ printf("NOT COMPOSITE\n");
+
+ if (ucdecomp(0x1d5, &lo, &dec)) {
+ for (i = 0; i < lo; i++)
+ printf("0x%04lx ", dec[i]);
+ putchar('\n');
+ }
+
+ if ((lo = uccombining_class(0x41)) != 0)
+ printf("0x41 CCL %ld\n", lo);
+
+ if (ucisxdigit(0xfeff))
+ printf("0xFEFF HEX DIGIT\n");
+ else
+ printf("0xFEFF NOT HEX DIGIT\n");
+
+ if (ucisdefined(0x10000))
+ printf("0x10000 DEFINED\n");
+ else
+ printf("0x10000 NOT DEFINED\n");
+
+ if (ucnumber_lookup(0x30, &num)) {
+ if (num.denominator != 1)
+ printf("UCNUMBER: 0x30 = %d/%d\n", num.numerator, num.denominator);
+ else
+ printf("UCNUMBER: 0x30 = %d\n", num.numerator);
+ } else
+ printf("UCNUMBER: 0x30 NOT A NUMBER\n");
+
+ if (ucnumber_lookup(0xbc, &num)) {
+ if (num.denominator != 1)
+ printf("UCNUMBER: 0xbc = %d/%d\n", num.numerator, num.denominator);
+ else
+ printf("UCNUMBER: 0xbc = %d\n", num.numerator);
+ } else
+ printf("UCNUMBER: 0xbc NOT A NUMBER\n");
+
+
+ if (ucnumber_lookup(0xff19, &num)) {
+ if (num.denominator != 1)
+ printf("UCNUMBER: 0xff19 = %d/%d\n", num.numerator, num.denominator);
+ else
+ printf("UCNUMBER: 0xff19 = %d\n", num.numerator);
+ } else
+ printf("UCNUMBER: 0xff19 NOT A NUMBER\n");
+
+ if (ucnumber_lookup(0x4e00, &num)) {
+ if (num.denominator != 1)
+ printf("UCNUMBER: 0x4e00 = %d/%d\n", num.numerator, num.denominator);
+ else
+ printf("UCNUMBER: 0x4e00 = %d\n", num.numerator);
+ } else
+ printf("UCNUMBER: 0x4e00 NOT A NUMBER\n");
+
+ if (ucdigit_lookup(0x06f9, &dig))
+ printf("UCDIGIT: 0x6f9 = %d\n", dig);
+ else
+ printf("UCDIGIT: 0x6f9 NOT A NUMBER\n");
+
+ dig = ucgetdigit(0x0969);
+ printf("UCGETDIGIT: 0x969 = %d\n", dig);
+
+ num = ucgetnumber(0x30);
+ if (num.denominator != 1)
+ printf("UCGETNUMBER: 0x30 = %d/%d\n", num.numerator, num.denominator);
+ else
+ printf("UCGETNUMBER: 0x30 = %d\n", num.numerator);
+
+ num = ucgetnumber(0xbc);
+ if (num.denominator != 1)
+ printf("UCGETNUMBER: 0xbc = %d/%d\n", num.numerator, num.denominator);
+ else
+ printf("UCGETNUMBER: 0xbc = %d\n", num.numerator);
+
+ num = ucgetnumber(0xff19);
+ if (num.denominator != 1)
+ printf("UCGETNUMBER: 0xff19 = %d/%d\n", num.numerator, num.denominator);
+ else
+ printf("UCGETNUMBER: 0xff19 = %d\n", num.numerator);
+
+/* ucdata_cleanup(); */
+ exit(0);
+}
+
+#endif /* TEST */
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucdata.h
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucdata.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucdata.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,364 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.h,v 1.17.2.3 2007/01/02 21:43:51 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Copyright 2001 Computing Research Labs, New Mexico State University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+/* $Id: ucdata.h,v 1.6 2001/01/02 18:46:20 mleisher Exp $ */
+
+#ifndef _h_ucdata
+#define _h_ucdata
+
+LDAP_BEGIN_DECL
+
+#define UCDATA_VERSION "2.4"
+
+/**************************************************************************
+ *
+ * Masks and macros for character properties.
+ *
+ **************************************************************************/
+
+/*
+ * Values that can appear in the `mask1' parameter of the ucisprop()
+ * function.
+ */
+#define UC_MN 0x00000001 /* Mark, Non-Spacing */
+#define UC_MC 0x00000002 /* Mark, Spacing Combining */
+#define UC_ME 0x00000004 /* Mark, Enclosing */
+#define UC_ND 0x00000008 /* Number, Decimal Digit */
+#define UC_NL 0x00000010 /* Number, Letter */
+#define UC_NO 0x00000020 /* Number, Other */
+#define UC_ZS 0x00000040 /* Separator, Space */
+#define UC_ZL 0x00000080 /* Separator, Line */
+#define UC_ZP 0x00000100 /* Separator, Paragraph */
+#define UC_CC 0x00000200 /* Other, Control */
+#define UC_CF 0x00000400 /* Other, Format */
+#define UC_OS 0x00000800 /* Other, Surrogate */
+#define UC_CO 0x00001000 /* Other, Private Use */
+#define UC_CN 0x00002000 /* Other, Not Assigned */
+#define UC_LU 0x00004000 /* Letter, Uppercase */
+#define UC_LL 0x00008000 /* Letter, Lowercase */
+#define UC_LT 0x00010000 /* Letter, Titlecase */
+#define UC_LM 0x00020000 /* Letter, Modifier */
+#define UC_LO 0x00040000 /* Letter, Other */
+#define UC_PC 0x00080000 /* Punctuation, Connector */
+#define UC_PD 0x00100000 /* Punctuation, Dash */
+#define UC_PS 0x00200000 /* Punctuation, Open */
+#define UC_PE 0x00400000 /* Punctuation, Close */
+#define UC_PO 0x00800000 /* Punctuation, Other */
+#define UC_SM 0x01000000 /* Symbol, Math */
+#define UC_SC 0x02000000 /* Symbol, Currency */
+#define UC_SK 0x04000000 /* Symbol, Modifier */
+#define UC_SO 0x08000000 /* Symbol, Other */
+#define UC_L 0x10000000 /* Left-To-Right */
+#define UC_R 0x20000000 /* Right-To-Left */
+#define UC_EN 0x40000000 /* European Number */
+#define UC_ES 0x80000000 /* European Number Separator */
+
+/*
+ * Values that can appear in the `mask2' parameter of the ucisprop()
+ * function.
+ */
+#define UC_ET 0x00000001 /* European Number Terminator */
+#define UC_AN 0x00000002 /* Arabic Number */
+#define UC_CS 0x00000004 /* Common Number Separator */
+#define UC_B 0x00000008 /* Block Separator */
+#define UC_S 0x00000010 /* Segment Separator */
+#define UC_WS 0x00000020 /* Whitespace */
+#define UC_ON 0x00000040 /* Other Neutrals */
+/*
+ * Implementation specific character properties.
+ */
+#define UC_CM 0x00000080 /* Composite */
+#define UC_NB 0x00000100 /* Non-Breaking */
+#define UC_SY 0x00000200 /* Symmetric */
+#define UC_HD 0x00000400 /* Hex Digit */
+#define UC_QM 0x00000800 /* Quote Mark */
+#define UC_MR 0x00001000 /* Mirroring */
+#define UC_SS 0x00002000 /* Space, other */
+
+#define UC_CP 0x00004000 /* Defined */
+
+/*
+ * Added for UnicodeData-2.1.3.
+ */
+#define UC_PI 0x00008000 /* Punctuation, Initial */
+#define UC_PF 0x00010000 /* Punctuation, Final */
+
+/*
+ * This is the primary function for testing to see if a character has some set
+ * of properties. The macros that test for various character properties all
+ * call this function with some set of masks.
+ */
+LDAP_LUNICODE_F (int)
+ucisprop LDAP_P((ac_uint4 code, ac_uint4 mask1, ac_uint4 mask2));
+
+#define ucisalpha(cc) ucisprop(cc, UC_LU|UC_LL|UC_LM|UC_LO|UC_LT, 0)
+#define ucisdigit(cc) ucisprop(cc, UC_ND, 0)
+#define ucisalnum(cc) ucisprop(cc, UC_LU|UC_LL|UC_LM|UC_LO|UC_LT|UC_ND, 0)
+#define uciscntrl(cc) ucisprop(cc, UC_CC|UC_CF, 0)
+#define ucisspace(cc) ucisprop(cc, UC_ZS|UC_SS, 0)
+#define ucisblank(cc) ucisprop(cc, UC_ZS, 0)
+#define ucispunct(cc) ucisprop(cc, UC_PD|UC_PS|UC_PE|UC_PO, UC_PI|UC_PF)
+#define ucisgraph(cc) ucisprop(cc, UC_MN|UC_MC|UC_ME|UC_ND|UC_NL|UC_NO|\
+ UC_LU|UC_LL|UC_LT|UC_LM|UC_LO|UC_PC|UC_PD|\
+ UC_PS|UC_PE|UC_PO|UC_SM|UC_SM|UC_SC|UC_SK|\
+ UC_SO, UC_PI|UC_PF)
+#define ucisprint(cc) ucisprop(cc, UC_MN|UC_MC|UC_ME|UC_ND|UC_NL|UC_NO|\
+ UC_LU|UC_LL|UC_LT|UC_LM|UC_LO|UC_PC|UC_PD|\
+ UC_PS|UC_PE|UC_PO|UC_SM|UC_SM|UC_SC|UC_SK|\
+ UC_SO|UC_ZS, UC_PI|UC_PF)
+#define ucisupper(cc) ucisprop(cc, UC_LU, 0)
+#define ucislower(cc) ucisprop(cc, UC_LL, 0)
+#define ucistitle(cc) ucisprop(cc, UC_LT, 0)
+#define ucisxdigit(cc) ucisprop(cc, 0, UC_HD)
+
+#define ucisisocntrl(cc) ucisprop(cc, UC_CC, 0)
+#define ucisfmtcntrl(cc) ucisprop(cc, UC_CF, 0)
+
+#define ucissymbol(cc) ucisprop(cc, UC_SM|UC_SC|UC_SO|UC_SK, 0)
+#define ucisnumber(cc) ucisprop(cc, UC_ND|UC_NO|UC_NL, 0)
+#define ucisnonspacing(cc) ucisprop(cc, UC_MN, 0)
+#define ucisopenpunct(cc) ucisprop(cc, UC_PS, 0)
+#define ucisclosepunct(cc) ucisprop(cc, UC_PE, 0)
+#define ucisinitialpunct(cc) ucisprop(cc, 0, UC_PI)
+#define ucisfinalpunct(cc) ucisprop(cc, 0, UC_PF)
+
+#define uciscomposite(cc) ucisprop(cc, 0, UC_CM)
+#define ucishex(cc) ucisprop(cc, 0, UC_HD)
+#define ucisquote(cc) ucisprop(cc, 0, UC_QM)
+#define ucissymmetric(cc) ucisprop(cc, 0, UC_SY)
+#define ucismirroring(cc) ucisprop(cc, 0, UC_MR)
+#define ucisnonbreaking(cc) ucisprop(cc, 0, UC_NB)
+
+/*
+ * Directionality macros.
+ */
+#define ucisrtl(cc) ucisprop(cc, UC_R, 0)
+#define ucisltr(cc) ucisprop(cc, UC_L, 0)
+#define ucisstrong(cc) ucisprop(cc, UC_L|UC_R, 0)
+#define ucisweak(cc) ucisprop(cc, UC_EN|UC_ES, UC_ET|UC_AN|UC_CS)
+#define ucisneutral(cc) ucisprop(cc, 0, UC_B|UC_S|UC_WS|UC_ON)
+#define ucisseparator(cc) ucisprop(cc, 0, UC_B|UC_S)
+
+/*
+ * Other macros inspired by John Cowan.
+ */
+#define ucismark(cc) ucisprop(cc, UC_MN|UC_MC|UC_ME, 0)
+#define ucismodif(cc) ucisprop(cc, UC_LM, 0)
+#define ucisletnum(cc) ucisprop(cc, UC_NL, 0)
+#define ucisconnect(cc) ucisprop(cc, UC_PC, 0)
+#define ucisdash(cc) ucisprop(cc, UC_PD, 0)
+#define ucismath(cc) ucisprop(cc, UC_SM, 0)
+#define uciscurrency(cc) ucisprop(cc, UC_SC, 0)
+#define ucismodifsymbol(cc) ucisprop(cc, UC_SK, 0)
+#define ucisnsmark(cc) ucisprop(cc, UC_MN, 0)
+#define ucisspmark(cc) ucisprop(cc, UC_MC, 0)
+#define ucisenclosing(cc) ucisprop(cc, UC_ME, 0)
+#define ucisprivate(cc) ucisprop(cc, UC_CO, 0)
+#define ucissurrogate(cc) ucisprop(cc, UC_OS, 0)
+#define ucislsep(cc) ucisprop(cc, UC_ZL, 0)
+#define ucispsep(cc) ucisprop(cc, UC_ZP, 0)
+
+#define ucisidentstart(cc) ucisprop(cc, UC_LU|UC_LL|UC_LT|UC_LO|UC_NL, 0)
+#define ucisidentpart(cc) ucisprop(cc, UC_LU|UC_LL|UC_LT|UC_LO|UC_NL|\
+ UC_MN|UC_MC|UC_ND|UC_PC|UC_CF, 0)
+
+#define ucisdefined(cc) ucisprop(cc, 0, UC_CP)
+#define ucisundefined(cc) !ucisprop(cc, 0, UC_CP)
+
+/*
+ * Other miscellaneous character property macros.
+ */
+#define ucishan(cc) (((cc) >= 0x4e00 && (cc) <= 0x9fff) ||\
+ ((cc) >= 0xf900 && (cc) <= 0xfaff))
+#define ucishangul(cc) ((cc) >= 0xac00 && (cc) <= 0xd7ff)
+
+/**************************************************************************
+ *
+ * Functions for case conversion.
+ *
+ **************************************************************************/
+
+LDAP_LUNICODE_F (ac_uint4) uctoupper LDAP_P((ac_uint4 code));
+LDAP_LUNICODE_F (ac_uint4) uctolower LDAP_P((ac_uint4 code));
+LDAP_LUNICODE_F (ac_uint4) uctotitle LDAP_P((ac_uint4 code));
+
+/**************************************************************************
+ *
+ * Functions for getting compositions.
+ *
+ **************************************************************************/
+
+/*
+ * This routine determines if there exists a composition of node1 and node2.
+ * If it returns 0, there is no composition. Any other value indicates a
+ * composition was returned in comp.
+ */
+LDAP_LUNICODE_F (int) uccomp LDAP_P((ac_uint4 node1, ac_uint4 node2,
+ ac_uint4 *comp));
+
+/*
+ * Does Hangul composition on the string str with length len, and returns
+ * the length of the composed string.
+ */
+LDAP_LUNICODE_F (int) uccomp_hangul LDAP_P((ac_uint4 *str, int len));
+
+/*
+ * Does canonical composition on the string str with length len, and returns
+ * the length of the composed string.
+ */
+LDAP_LUNICODE_F (int) uccanoncomp LDAP_P((ac_uint4 *str, int len));
+
+/**************************************************************************
+ *
+ * Functions for getting decompositions.
+ *
+ **************************************************************************/
+
+/*
+ * This routine determines if the code has a decomposition. If it returns 0,
+ * there is no decomposition. Any other value indicates a decomposition was
+ * returned.
+ */
+LDAP_LUNICODE_F (int)
+ucdecomp LDAP_P((ac_uint4 code, ac_uint4 *num,
+ ac_uint4 **decomp));
+
+/*
+ * Equivalent to ucdecomp() except that it includes compatibility
+ * decompositions.
+ */
+LDAP_LUNICODE_F (int)
+uckdecomp LDAP_P((ac_uint4 code, ac_uint4 *num,
+ ac_uint4 **decomp));
+
+/*
+ * If the code is a Hangul syllable, this routine decomposes it into the array
+ * passed. The array size should be at least 3.
+ */
+LDAP_LUNICODE_F (int)
+ucdecomp_hangul LDAP_P((ac_uint4 code, ac_uint4 *num,
+ ac_uint4 decomp[]));
+
+/*
+ * This routine does canonical decomposition of the string in of length
+ * inlen, and returns the decomposed string in out with length outlen.
+ * The memory for out is allocated by this routine. It returns the length
+ * of the decomposed string if okay, and -1 on error.
+ */
+LDAP_LUNICODE_F (int)
+uccanondecomp LDAP_P((const ac_uint4 *in, int inlen,
+ ac_uint4 **out, int *outlen, void *ctx));
+
+/*
+ * Equivalent to uccanondecomp() except that it includes compatibility
+ * decompositions.
+ */
+LDAP_LUNICODE_F (int)
+uccompatdecomp LDAP_P((const ac_uint4 *in, int inlen,
+ ac_uint4 **out, int *outlen, void *ctx));
+
+/**************************************************************************
+ *
+ * Functions for getting combining classes.
+ *
+ **************************************************************************/
+
+/*
+ * This will return the combining class for a character to be used with the
+ * Canonical Ordering algorithm.
+ */
+LDAP_LUNICODE_F (ac_uint4) uccombining_class LDAP_P((ac_uint4 code));
+
+/**************************************************************************
+ *
+ * Functions for getting numbers and digits.
+ *
+ **************************************************************************/
+
+struct ucnumber {
+ int numerator;
+ int denominator;
+};
+
+LDAP_LUNICODE_F (int)
+ucnumber_lookup LDAP_P((ac_uint4 code, struct ucnumber *num));
+
+LDAP_LUNICODE_F (int)
+ucdigit_lookup LDAP_P((ac_uint4 code, int *digit));
+
+/*
+ * For compatibility with John Cowan's "uctype" package.
+ */
+LDAP_LUNICODE_F (struct ucnumber) ucgetnumber LDAP_P((ac_uint4 code));
+LDAP_LUNICODE_F (int) ucgetdigit LDAP_P((ac_uint4 code));
+
+/**************************************************************************
+ *
+ * Functions library initialization and cleanup.
+ *
+ **************************************************************************/
+
+/*
+ * Macros for specifying the data tables to be loaded, unloaded, or reloaded
+ * by the ucdata_load(), ucdata_unload(), and ucdata_reload() routines.
+ */
+#define UCDATA_CASE 0x01
+#define UCDATA_CTYPE 0x02
+#define UCDATA_DECOMP 0x04
+#define UCDATA_CMBCL 0x08
+#define UCDATA_NUM 0x10
+#define UCDATA_COMP 0x20
+#define UCDATA_KDECOMP 0x40
+
+#define UCDATA_ALL (UCDATA_CASE|UCDATA_CTYPE|UCDATA_DECOMP|\
+ UCDATA_CMBCL|UCDATA_NUM|UCDATA_COMP|UCDATA_KDECOMP)
+
+/*
+ * Functions to load, unload, and reload specific data files.
+ */
+LDAP_LUNICODE_F (int) ucdata_load LDAP_P((char *paths, int mask));
+LDAP_LUNICODE_F (void) ucdata_unload LDAP_P((int mask));
+LDAP_LUNICODE_F (int) ucdata_reload LDAP_P((char *paths, int mask));
+
+#ifdef UCDATA_DEPRECATED
+/*
+ * Deprecated functions, now just compatibility macros.
+ */
+#define ucdata_setup(p) ucdata_load(p, UCDATA_ALL)
+#define ucdata_cleanup() ucdata_unload(UCDATA_ALL)
+#endif
+
+LDAP_END_DECL
+
+#endif /* _h_ucdata */
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucdata.man
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucdata.man (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucdata.man 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,504 @@
+.\"
+.\" $Id: ucdata.man,v 1.5 2001/01/02 18:46:20 mleisher Exp $
+.\"
+.TH ucdata 3 "03 January 2001"
+.SH NAME
+ucdata \- package for providing Unicode/ISO10646 character information
+
+.SH SYNOPSIS
+#include <ucdata.h>
+.sp
+void ucdata_load(char * paths, int masks)
+.sp
+void ucdata_unload(int masks)
+.sp
+void ucdata_reload(char * paths, int masks)
+.sp
+int ucdecomp(unsigned long code, unsigned long *num, unsigned long **decomp)
+.sp
+int uccanondecomp(const unsigned long *in, int inlen, unsigned long **out,
+int *outlen)
+.sp
+int ucdecomp_hangul(unsigned long code, unsigned long *num,
+unsigned long decomp[])
+.sp
+int uccomp(unsigned long ch1, unsigned long ch2, unsigned long *comp)
+.sp
+int uccomp_hangul(unsigned long *str, int len)
+.sp
+int uccanoncomp(unsiged long *str, int len)
+.nf
+struct ucnumber {
+ int numerator;
+ int denominator;
+};
+.sp
+int ucnumber_lookup(unsigned long code, struct ucnumber *num)
+.sp
+int ucdigit_lookup(unsigned long code, int *digit)
+.sp
+struct ucnumber ucgetnumber(unsigned long code)
+.sp
+int ucgetdigit(unsigned long code)
+.sp
+unsigned long uctoupper(unsigned long code)
+.sp
+unsigned long uctolower(unsigned long code)
+.sp
+unsigned long uctotitle(unsigned long code)
+.sp
+int ucisalpha(unsigned long code)
+.sp
+int ucisalnum(unsigned long code)
+.sp
+int ucisdigit(unsigned long code)
+.sp
+int uciscntrl(unsigned long code)
+.sp
+int ucisspace(unsigned long code)
+.sp
+int ucisblank(unsigned long code)
+.sp
+int ucispunct(unsigned long code)
+.sp
+int ucisgraph(unsigned long code)
+.sp
+int ucisprint(unsigned long code)
+.sp
+int ucisxdigit(unsigned long code)
+.sp
+int ucisupper(unsigned long code)
+.sp
+int ucislower(unsigned long code)
+.sp
+int ucistitle(unsigned long code)
+.sp
+int ucisisocntrl(unsigned long code)
+.sp
+int ucisfmtcntrl(unsigned long code)
+.sp
+int ucissymbol(unsigned long code)
+.sp
+int ucisnumber(unsigned long code)
+.sp
+int ucisnonspacing(unsigned long code)
+.sp
+int ucisopenpunct(unsigned long code)
+.sp
+int ucisclosepunct(unsigned long code)
+.sp
+int ucisinitialpunct(unsigned long code)
+.sp
+int ucisfinalpunct(unsigned long code)
+.sp
+int uciscomposite(unsigned long code)
+.sp
+int ucisquote(unsigned long code)
+.sp
+int ucissymmetric(unsigned long code)
+.sp
+int ucismirroring(unsigned long code)
+.sp
+int ucisnonbreaking(unsigned long code)
+.sp
+int ucisrtl(unsigned long code)
+.sp
+int ucisltr(unsigned long code)
+.sp
+int ucisstrong(unsigned long code)
+.sp
+int ucisweak(unsigned long code)
+.sp
+int ucisneutral(unsigned long code)
+.sp
+int ucisseparator(unsigned long code)
+.sp
+int ucislsep(unsigned long code)
+.sp
+int ucispsep(unsigned long code)
+.sp
+int ucismark(unsigned long code)
+.sp
+int ucisnsmark(unsigned long code)
+.sp
+int ucisspmark(unsigned long code)
+.sp
+int ucismodif(unsigned long code)
+.sp
+int ucismodifsymbol(unsigned long code)
+.sp
+int ucisletnum(unsigned long code)
+.sp
+int ucisconnect(unsigned long code)
+.sp
+int ucisdash(unsigned long code)
+.sp
+int ucismath(unsigned long code)
+.sp
+int uciscurrency(unsigned long code)
+.sp
+int ucisenclosing(unsigned long code)
+.sp
+int ucisprivate(unsigned long code)
+.sp
+int ucissurrogate(unsigned long code)
+.sp
+int ucisidentstart(unsigned long code)
+.sp
+int ucisidentpart(unsigned long code)
+.sp
+int ucisdefined(unsigned long code)
+.sp
+int ucisundefined(unsigned long code)
+.sp
+int ucishan(unsigned long code)
+.sp
+int ucishangul(unsigned long code)
+
+.SH DESCRIPTION
+.TP 4
+.BR Macros
+.br
+UCDATA_CASE
+.br
+UCDATA_CTYPE
+.br
+UCDATA_DECOMP
+.br
+UCDATA_CMBCL
+.br
+UCDATA_NUM
+.br
+UCDATA_ALL
+.br
+.TP 4
+.BR ucdata_load()
+This function initializes the UCData library by locating the data files in one
+of the colon-separated directories in the `paths' parameter. The data files
+to be loaded are specified in the `masks' parameter as a bitwise combination
+of the macros listed above.
+.sp
+This should be called before using any of the other functions.
+.TP 4
+.BR ucdata_unload()
+This function unloads the data tables specified in the `masks' parameter.
+.sp
+This function should be called when the application is done using the UCData
+package.
+.TP 4
+.BR ucdata_reload()
+This function reloads the data files from one of the colon-separated
+directories in the `paths' parameter. The data files to be reloaded are
+specified in the `masks' parameter as a bitwise combination of the macros
+listed above.
+.TP 4
+.BR ucdecomp()
+This function determines if a character has a decomposition and returns the
+decomposition information if it exists.
+.sp
+If a zero is returned, there is no decomposition. If a non-zero is
+returned, then the `num' and `decomp' variables are filled in with the
+appropriate values.
+.sp
+Example call:
+.sp
+.nf
+ unsigned long i, num, *decomp;
+
+ if (ucdecomp(0x1d5, &num, &decomp) != 0) {
+ for (i = 0; i < num; i++)
+ printf("0x%08lX,", decomp[i]);
+ putchar('\n');
+ }
+.TP 4
+.BR uccanondecomp()
+This function will decompose a string, insuring the characters are in
+canonical order for comparison.
+.sp
+If a decomposed string is returned, the caller is responsible for deallocating
+the string.
+.sp
+If a -1 is returned, memory allocation failed. If a zero is returned, no
+decomposition was done. Any other value means a decomposition string was
+created and the values returned in the `out' and `outlen' parameters.
+.TP 4
+.BR ucdecomp_hangul()
+This function determines if a Hangul syllable has a
+decomposition and returns the decomposition information.
+.sp
+An array of at least size 3 should be passed to the function
+for the decomposition of the syllable.
+.sp
+If a zero is returned, the character is not a Hangul
+syllable. If a non-zero is returned, the `num' field
+will be 2 or 3 and the syllable will be decomposed into
+the `decomp' array arithmetically.
+.sp
+Example call:
+.sp
+.nf
+ unsigned long i, num, decomp[3];
+
+ if (ucdecomp_hangul(0xb1ba, &num, &decomp) != 0) {
+ for (i = 0; i < num; i++)
+ printf("0x%08lX,", decomp[i]);
+ putchar('\n');
+ }
+.TP 4
+.BR uccomp()
+This function determines if a pair of characters have a composition, and
+returns that composition if one exists.
+.sp
+A zero is returned is no composition exists for the character pair. Any other
+value indicates the `comp' field holds the character code representing the
+composition of the two character codes.
+.TP 4
+.BR uccomp_hangul()
+This composes the Hangul Jamo in-place in the string.
+.sp
+The returned value is the new length of the string.
+.TP 4
+.BR uccanoncomp()
+This function does a full composition in-place in the string, including the
+Hangul composition.
+.sp
+The returned value is the new length of the string.
+.TP 4
+.BR ucnumber_lookup()
+This function determines if the code is a number and
+fills in the `num' field with the numerator and
+denominator. If the code happens to be a single digit,
+the numerator and denominator fields will be the same.
+.sp
+If the function returns 0, the code is not a number.
+Any other return value means the code is a number.
+.TP 4
+.BR ucdigit_lookup()
+This function determines if the code is a digit and
+fills in the `digit' field with the digit value.
+.sp
+If the function returns 0, the code is not a number.
+Any other return value means the code is a number.
+.TP 4
+.BR ucgetnumber()
+This is a compatibility function with John Cowan's
+"uctype" package. It uses ucnumber_lookup().
+.TP 4
+.BR ucgetdigit()
+This is a compatibility function with John Cowan's
+"uctype" package. It uses ucdigit_lookup().
+.TP 4
+.BR uctoupper()
+This function returns the code unchanged if it is
+already upper case or has no upper case equivalent.
+Otherwise the upper case equivalent is returned.
+.TP 4
+.BR uctolower()
+This function returns the code unchanged if it is
+already lower case or has no lower case equivalent.
+Otherwise the lower case equivalent is returned.
+.TP 4
+.BR uctotitle()
+This function returns the code unchanged if it is
+already title case or has no title case equivalent.
+Otherwise the title case equivalent is returned.
+.TP 4
+.BR ucisalpha()
+Test if \fIcode\fR is an alpha character.
+.TP 4
+.BR ucisalnum()
+Test if \fIcode\fR is an alpha or digit character.
+.TP 4
+.BR ucisdigit()
+Test if \fIcode\fR is a digit character.
+.TP 4
+.BR uciscntrl()
+Test if \fIcode\fR is a control character.
+.TP 4
+.BR ucisspace()
+Test if \fIcode\fR is a space character.
+.TP 4
+.BR ucisblank()
+Test if \fIcode\fR is a blank character.
+.TP 4
+.BR ucispunct()
+Test if \fIcode\fR is a punctuation character.
+.TP 4
+.BR ucisgraph()
+Test if \fIcode\fR is a graphical (visible) character.
+.TP 4
+.BR ucisprint()
+Test if \fIcode\fR is a printable character.
+.TP 4
+.BR ucisxdigit()
+Test if \fIcode\fR is a hexadecimal digit character.
+.TP 4
+.BR ucisupper()
+Test if \fIcode\fR is an upper case character.
+.TP 4
+.BR ucislower()
+Test if \fIcode\fR is a lower case character.
+.TP 4
+.BR ucistitle()
+Test if \fIcode\fR is a title case character.
+.TP 4
+.BR ucisisocntrl()
+Is the character a C0 control character (< 32)?
+.TP 4
+.BR ucisfmtcntrl()
+Is the character a format control character?
+.TP 4
+.BR ucissymbol()
+Is the character a symbol?
+.TP 4
+.BR ucisnumber()
+Is the character a number or digit?
+.TP 4
+.BR ucisnonspacing()
+Is the character non-spacing?
+.TP 4
+.BR ucisopenpunct()
+Is the character an open/left punctuation (i.e. '[')
+.TP 4
+.BR ucisclosepunct()
+Is the character an close/right punctuation (i.e. ']')
+.TP 4
+.BR ucisinitialpunct()
+Is the character an initial punctuation (i.e. U+2018 LEFT
+SINGLE QUOTATION MARK)
+.TP 4
+.BR ucisfinalpunct()
+Is the character a final punctuation (i.e. U+2019 RIGHT
+SINGLE QUOTATION MARK)
+.TP 4
+.BR uciscomposite()
+Can the character be decomposed into a set of other
+characters?
+.TP 4
+.BR ucisquote()
+Is the character one of the many quotation marks?
+.TP 4
+.BR ucissymmetric()
+Is the character one that has an opposite form
+(i.e. <>)
+.TP 4
+.BR ucismirroring()
+Is the character mirroring (superset of symmetric)?
+.TP 4
+.BR ucisnonbreaking()
+Is the character non-breaking (i.e. non-breaking
+space)?
+.TP 4
+.BR ucisrtl()
+Does the character have strong right-to-left
+directionality (i.e. Arabic letters)?
+.TP 4
+.BR ucisltr()
+Does the character have strong left-to-right
+directionality (i.e. Latin letters)?
+.TP 4
+.BR ucisstrong()
+Does the character have strong directionality?
+.TP 4
+.BR ucisweak()
+Does the character have weak directionality
+(i.e. numbers)?
+.TP 4
+.BR ucisneutral()
+Does the character have neutral directionality
+(i.e. whitespace)?
+.TP 4
+.BR ucisseparator()
+Is the character a block or segment separator?
+.TP 4
+.BR ucislsep()
+Is the character a line separator?
+.TP 4
+.BR ucispsep()
+Is the character a paragraph separator?
+.TP 4
+.BR ucismark()
+Is the character a mark of some kind?
+.TP 4
+.BR ucisnsmark()
+Is the character a non-spacing mark?
+.TP 4
+.BR ucisspmark()
+Is the character a spacing mark?
+.TP 4
+.BR ucismodif()
+Is the character a modifier letter?
+.TP 4
+.BR ucismodifsymbol()
+Is the character a modifier symbol?
+.TP 4
+.BR ucisletnum()
+Is the character a number represented by a letter?
+.TP 4
+.BR ucisconnect()
+Is the character connecting punctuation?
+.TP 4
+.BR ucisdash()
+Is the character dash punctuation?
+.TP 4
+.BR ucismath()
+Is the character a math character?
+.TP 4
+.BR uciscurrency()
+Is the character a currency character?
+.TP 4
+.BR ucisenclosing()
+Is the character enclosing (i.e. enclosing box)?
+.TP 4
+.BR ucisprivate()
+Is the character from the Private Use Area?
+.TP 4
+.BR ucissurrogate()
+Is the character one of the surrogate codes?
+.TP 4
+.BR ucisidentstart()
+Is the character a legal initial character of an identifier?
+.TP 4
+.BR ucisidentpart()
+Is the character a legal identifier character?
+.TP 4
+.BR ucisdefined()
+Is the character defined (appeared in one of the data
+files)?
+.TP 4
+.BR ucisundefined()
+Is the character not defined (non-Unicode)?
+.TP 4
+.BR ucishan()
+Is the character a Han ideograph?
+.TP 4
+.BR ucishangul()
+Is the character a pre-composed Hangul syllable?
+
+.SH "SEE ALSO"
+ctype(3)
+
+.SH ACKNOWLEDGMENTS
+These are people who have helped with patches or
+alerted me about problems.
+.sp
+John Cowan <cowan at locke.ccil.org>
+.br
+Bob Verbrugge <bob_verbrugge at nl.compuware.com>
+.br
+Christophe Pierret <cpierret at businessobjects.com>
+.br
+Kent Johnson <kent at pondview.mv.com>
+.br
+Valeriy E. Ushakov <uwe at ptc.spbu.ru>
+.br
+Stig Venaas <Stig.Venaas at uninett.no>
+
+.SH AUTHOR
+Mark Leisher
+.br
+Computing Research Lab
+.br
+New Mexico State University
+.br
+Email: mleisher at crl.nmsu.edu
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucgendat.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucgendat.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucgendat.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1951 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucgendat.c,v 1.36.2.4 2007/01/02 21:43:51 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Copyright 2001 Computing Research Labs, New Mexico State University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+/* $Id: ucgendat.c,v 1.4 2001/01/02 18:46:20 mleisher Exp $" */
+
+#include "portable.h"
+#include "ldap_config.h"
+
+#include <stdio.h>
+#include <ac/ctype.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include <ac/bytes.h>
+
+#include <lutil.h>
+
+#ifndef HARDCODE_DATA
+#define HARDCODE_DATA 1
+#endif
+
+#undef ishdigit
+#define ishdigit(cc) (((cc) >= '0' && (cc) <= '9') ||\
+ ((cc) >= 'A' && (cc) <= 'F') ||\
+ ((cc) >= 'a' && (cc) <= 'f'))
+
+/*
+ * A header written to the output file with the byte-order-mark and the number
+ * of property nodes.
+ */
+static ac_uint2 hdr[2] = {0xfeff, 0};
+
+#define NUMPROPS 50
+#define NEEDPROPS (NUMPROPS + (4 - (NUMPROPS & 3)))
+
+typedef struct {
+ char *name;
+ int len;
+} _prop_t;
+
+/*
+ * List of properties expected to be found in the Unicode Character Database
+ * including some implementation specific properties.
+ *
+ * The implementation specific properties are:
+ * Cm = Composed (can be decomposed)
+ * Nb = Non-breaking
+ * Sy = Symmetric (has left and right forms)
+ * Hd = Hex digit
+ * Qm = Quote marks
+ * Mr = Mirroring
+ * Ss = Space, other
+ * Cp = Defined character
+ */
+static _prop_t props[NUMPROPS] = {
+ {"Mn", 2}, {"Mc", 2}, {"Me", 2}, {"Nd", 2}, {"Nl", 2}, {"No", 2},
+ {"Zs", 2}, {"Zl", 2}, {"Zp", 2}, {"Cc", 2}, {"Cf", 2}, {"Cs", 2},
+ {"Co", 2}, {"Cn", 2}, {"Lu", 2}, {"Ll", 2}, {"Lt", 2}, {"Lm", 2},
+ {"Lo", 2}, {"Pc", 2}, {"Pd", 2}, {"Ps", 2}, {"Pe", 2}, {"Po", 2},
+ {"Sm", 2}, {"Sc", 2}, {"Sk", 2}, {"So", 2}, {"L", 1}, {"R", 1},
+ {"EN", 2}, {"ES", 2}, {"ET", 2}, {"AN", 2}, {"CS", 2}, {"B", 1},
+ {"S", 1}, {"WS", 2}, {"ON", 2},
+ {"Cm", 2}, {"Nb", 2}, {"Sy", 2}, {"Hd", 2}, {"Qm", 2}, {"Mr", 2},
+ {"Ss", 2}, {"Cp", 2}, {"Pi", 2}, {"Pf", 2}, {"AL", 2}
+};
+
+typedef struct {
+ ac_uint4 *ranges;
+ ac_uint2 used;
+ ac_uint2 size;
+} _ranges_t;
+
+static _ranges_t proptbl[NUMPROPS];
+
+/*
+ * Make sure this array is sized to be on a 4-byte boundary at compile time.
+ */
+static ac_uint2 propcnt[NEEDPROPS];
+
+/*
+ * Array used to collect a decomposition before adding it to the decomposition
+ * table.
+ */
+static ac_uint4 dectmp[64];
+static ac_uint4 dectmp_size;
+
+typedef struct {
+ ac_uint4 code;
+ ac_uint2 size;
+ ac_uint2 used;
+ ac_uint4 *decomp;
+} _decomp_t;
+
+/*
+ * List of decomposition. Created and expanded in order as the characters are
+ * encountered. First list contains canonical mappings, second also includes
+ * compatibility mappings.
+ */
+static _decomp_t *decomps;
+static ac_uint4 decomps_used;
+static ac_uint4 decomps_size;
+
+static _decomp_t *kdecomps;
+static ac_uint4 kdecomps_used;
+static ac_uint4 kdecomps_size;
+
+/*
+ * Composition exclusion table stuff.
+ */
+#define COMPEX_SET(c) (compexs[(c) >> 5] |= (1 << ((c) & 31)))
+#define COMPEX_TEST(c) (compexs[(c) >> 5] & (1 << ((c) & 31)))
+static ac_uint4 compexs[8192];
+
+/*
+ * Struct for holding a composition pair, and array of composition pairs
+ */
+typedef struct {
+ ac_uint4 comp;
+ ac_uint4 count;
+ ac_uint4 code1;
+ ac_uint4 code2;
+} _comp_t;
+
+static _comp_t *comps;
+static ac_uint4 comps_used;
+
+/*
+ * Types and lists for handling lists of case mappings.
+ */
+typedef struct {
+ ac_uint4 key;
+ ac_uint4 other1;
+ ac_uint4 other2;
+} _case_t;
+
+static _case_t *upper;
+static _case_t *lower;
+static _case_t *title;
+static ac_uint4 upper_used;
+static ac_uint4 upper_size;
+static ac_uint4 lower_used;
+static ac_uint4 lower_size;
+static ac_uint4 title_used;
+static ac_uint4 title_size;
+
+/*
+ * Array used to collect case mappings before adding them to a list.
+ */
+static ac_uint4 cases[3];
+
+/*
+ * An array to hold ranges for combining classes.
+ */
+static ac_uint4 *ccl;
+static ac_uint4 ccl_used;
+static ac_uint4 ccl_size;
+
+/*
+ * Structures for handling numbers.
+ */
+typedef struct {
+ ac_uint4 code;
+ ac_uint4 idx;
+} _codeidx_t;
+
+typedef struct {
+ short numerator;
+ short denominator;
+} _num_t;
+
+/*
+ * Arrays to hold the mapping of codes to numbers.
+ */
+static _codeidx_t *ncodes;
+static ac_uint4 ncodes_used;
+static ac_uint4 ncodes_size;
+
+static _num_t *nums;
+static ac_uint4 nums_used;
+static ac_uint4 nums_size;
+
+/*
+ * Array for holding numbers.
+ */
+static _num_t *nums;
+static ac_uint4 nums_used;
+static ac_uint4 nums_size;
+
+static void
+add_range(ac_uint4 start, ac_uint4 end, char *p1, char *p2)
+{
+ int i, j, k, len;
+ _ranges_t *rlp;
+ char *name;
+
+ for (k = 0; k < 2; k++) {
+ if (k == 0) {
+ name = p1;
+ len = 2;
+ } else {
+ if (p2 == 0)
+ break;
+
+ name = p2;
+ len = 1;
+ }
+
+ for (i = 0; i < NUMPROPS; i++) {
+ if (props[i].len == len && memcmp(props[i].name, name, len) == 0)
+ break;
+ }
+
+ if (i == NUMPROPS)
+ continue;
+
+ rlp = &proptbl[i];
+
+ /*
+ * Resize the range list if necessary.
+ */
+ if (rlp->used == rlp->size) {
+ if (rlp->size == 0)
+ rlp->ranges = (ac_uint4 *)
+ malloc(sizeof(ac_uint4) << 3);
+ else
+ rlp->ranges = (ac_uint4 *)
+ realloc((char *) rlp->ranges,
+ sizeof(ac_uint4) * (rlp->size + 8));
+ rlp->size += 8;
+ }
+
+ /*
+ * If this is the first code for this property list, just add it
+ * and return.
+ */
+ if (rlp->used == 0) {
+ rlp->ranges[0] = start;
+ rlp->ranges[1] = end;
+ rlp->used += 2;
+ continue;
+ }
+
+ /*
+ * Optimize the case of adding the range to the end.
+ */
+ j = rlp->used - 1;
+ if (start > rlp->ranges[j]) {
+ j = rlp->used;
+ rlp->ranges[j++] = start;
+ rlp->ranges[j++] = end;
+ rlp->used = j;
+ continue;
+ }
+
+ /*
+ * Need to locate the insertion point.
+ */
+ for (i = 0;
+ i < rlp->used && start > rlp->ranges[i + 1] + 1; i += 2) ;
+
+ /*
+ * If the start value lies in the current range, then simply set the
+ * new end point of the range to the end value passed as a parameter.
+ */
+ if (rlp->ranges[i] <= start && start <= rlp->ranges[i + 1] + 1) {
+ rlp->ranges[i + 1] = end;
+ return;
+ }
+
+ /*
+ * Shift following values up by two.
+ */
+ for (j = rlp->used; j > i; j -= 2) {
+ rlp->ranges[j] = rlp->ranges[j - 2];
+ rlp->ranges[j + 1] = rlp->ranges[j - 1];
+ }
+
+ /*
+ * Add the new range at the insertion point.
+ */
+ rlp->ranges[i] = start;
+ rlp->ranges[i + 1] = end;
+ rlp->used += 2;
+ }
+}
+
+static void
+ordered_range_insert(ac_uint4 c, char *name, int len)
+{
+ int i, j;
+ ac_uint4 s, e;
+ _ranges_t *rlp;
+
+ if (len == 0)
+ return;
+
+ /*
+ * Deal with directionality codes introduced in Unicode 3.0.
+ */
+ if ((len == 2 && memcmp(name, "BN", 2) == 0) ||
+ (len == 3 &&
+ (memcmp(name, "NSM", 3) == 0 || memcmp(name, "PDF", 3) == 0 ||
+ memcmp(name, "LRE", 3) == 0 || memcmp(name, "LRO", 3) == 0 ||
+ memcmp(name, "RLE", 3) == 0 || memcmp(name, "RLO", 3) == 0))) {
+ /*
+ * Mark all of these as Other Neutral to preserve compatibility with
+ * older versions.
+ */
+ len = 2;
+ name = "ON";
+ }
+
+ for (i = 0; i < NUMPROPS; i++) {
+ if (props[i].len == len && memcmp(props[i].name, name, len) == 0)
+ break;
+ }
+
+ if (i == NUMPROPS)
+ return;
+
+ /*
+ * Have a match, so insert the code in order.
+ */
+ rlp = &proptbl[i];
+
+ /*
+ * Resize the range list if necessary.
+ */
+ if (rlp->used == rlp->size) {
+ if (rlp->size == 0)
+ rlp->ranges = (ac_uint4 *)
+ malloc(sizeof(ac_uint4) << 3);
+ else
+ rlp->ranges = (ac_uint4 *)
+ realloc((char *) rlp->ranges,
+ sizeof(ac_uint4) * (rlp->size + 8));
+ rlp->size += 8;
+ }
+
+ /*
+ * If this is the first code for this property list, just add it
+ * and return.
+ */
+ if (rlp->used == 0) {
+ rlp->ranges[0] = rlp->ranges[1] = c;
+ rlp->used += 2;
+ return;
+ }
+
+ /*
+ * Optimize the cases of extending the last range and adding new ranges to
+ * the end.
+ */
+ j = rlp->used - 1;
+ e = rlp->ranges[j];
+ s = rlp->ranges[j - 1];
+
+ if (c == e + 1) {
+ /*
+ * Extend the last range.
+ */
+ rlp->ranges[j] = c;
+ return;
+ }
+
+ if (c > e + 1) {
+ /*
+ * Start another range on the end.
+ */
+ j = rlp->used;
+ rlp->ranges[j] = rlp->ranges[j + 1] = c;
+ rlp->used += 2;
+ return;
+ }
+
+ if (c >= s)
+ /*
+ * The code is a duplicate of a code in the last range, so just return.
+ */
+ return;
+
+ /*
+ * The code should be inserted somewhere before the last range in the
+ * list. Locate the insertion point.
+ */
+ for (i = 0;
+ i < rlp->used && c > rlp->ranges[i + 1] + 1; i += 2) ;
+
+ s = rlp->ranges[i];
+ e = rlp->ranges[i + 1];
+
+ if (c == e + 1)
+ /*
+ * Simply extend the current range.
+ */
+ rlp->ranges[i + 1] = c;
+ else if (c < s) {
+ /*
+ * Add a new entry before the current location. Shift all entries
+ * before the current one up by one to make room.
+ */
+ for (j = rlp->used; j > i; j -= 2) {
+ rlp->ranges[j] = rlp->ranges[j - 2];
+ rlp->ranges[j + 1] = rlp->ranges[j - 1];
+ }
+ rlp->ranges[i] = rlp->ranges[i + 1] = c;
+
+ rlp->used += 2;
+ }
+}
+
+static void
+add_decomp(ac_uint4 code, short compat)
+{
+ ac_uint4 i, j, size;
+ _decomp_t **pdecomps;
+ ac_uint4 *pdecomps_used;
+ ac_uint4 *pdecomps_size;
+
+ if (compat) {
+ pdecomps = &kdecomps;
+ pdecomps_used = &kdecomps_used;
+ pdecomps_size = &kdecomps_size;
+ } else {
+ pdecomps = &decomps;
+ pdecomps_used = &decomps_used;
+ pdecomps_size = &decomps_size;
+ }
+
+ /*
+ * Add the code to the composite property.
+ */
+ if (!compat) {
+ ordered_range_insert(code, "Cm", 2);
+ }
+
+ /*
+ * Locate the insertion point for the code.
+ */
+ for (i = 0; i < *pdecomps_used && code > (*pdecomps)[i].code; i++) ;
+
+ /*
+ * Allocate space for a new decomposition.
+ */
+ if (*pdecomps_used == *pdecomps_size) {
+ if (*pdecomps_size == 0)
+ *pdecomps = (_decomp_t *) malloc(sizeof(_decomp_t) << 3);
+ else
+ *pdecomps = (_decomp_t *)
+ realloc((char *) *pdecomps,
+ sizeof(_decomp_t) * (*pdecomps_size + 8));
+ (void) memset((char *) (*pdecomps + *pdecomps_size), '\0',
+ sizeof(_decomp_t) << 3);
+ *pdecomps_size += 8;
+ }
+
+ if (i < *pdecomps_used && code != (*pdecomps)[i].code) {
+ /*
+ * Shift the decomps up by one if the codes don't match.
+ */
+ for (j = *pdecomps_used; j > i; j--)
+ (void) AC_MEMCPY((char *) &(*pdecomps)[j], (char *) &(*pdecomps)[j - 1],
+ sizeof(_decomp_t));
+ }
+
+ /*
+ * Insert or replace a decomposition.
+ */
+ size = dectmp_size + (4 - (dectmp_size & 3));
+ if ((*pdecomps)[i].size < size) {
+ if ((*pdecomps)[i].size == 0)
+ (*pdecomps)[i].decomp = (ac_uint4 *)
+ malloc(sizeof(ac_uint4) * size);
+ else
+ (*pdecomps)[i].decomp = (ac_uint4 *)
+ realloc((char *) (*pdecomps)[i].decomp,
+ sizeof(ac_uint4) * size);
+ (*pdecomps)[i].size = size;
+ }
+
+ if ((*pdecomps)[i].code != code)
+ (*pdecomps_used)++;
+
+ (*pdecomps)[i].code = code;
+ (*pdecomps)[i].used = dectmp_size;
+ (void) AC_MEMCPY((char *) (*pdecomps)[i].decomp, (char *) dectmp,
+ sizeof(ac_uint4) * dectmp_size);
+
+ /*
+ * NOTICE: This needs changing later so it is more general than simply
+ * pairs. This calculation is done here to simplify allocation elsewhere.
+ */
+ if (!compat && dectmp_size == 2)
+ comps_used++;
+}
+
+static void
+add_title(ac_uint4 code)
+{
+ ac_uint4 i, j;
+
+ /*
+ * Always map the code to itself.
+ */
+ cases[2] = code;
+
+ if (title_used == title_size) {
+ if (title_size == 0)
+ title = (_case_t *) malloc(sizeof(_case_t) << 3);
+ else
+ title = (_case_t *) realloc((char *) title,
+ sizeof(_case_t) * (title_size + 8));
+ title_size += 8;
+ }
+
+ /*
+ * Locate the insertion point.
+ */
+ for (i = 0; i < title_used && code > title[i].key; i++) ;
+
+ if (i < title_used) {
+ /*
+ * Shift the array up by one.
+ */
+ for (j = title_used; j > i; j--)
+ (void) AC_MEMCPY((char *) &title[j], (char *) &title[j - 1],
+ sizeof(_case_t));
+ }
+
+ title[i].key = cases[2]; /* Title */
+ title[i].other1 = cases[0]; /* Upper */
+ title[i].other2 = cases[1]; /* Lower */
+
+ title_used++;
+}
+
+static void
+add_upper(ac_uint4 code)
+{
+ ac_uint4 i, j;
+
+ /*
+ * Always map the code to itself.
+ */
+ cases[0] = code;
+
+ /*
+ * If the title case character is not present, then make it the same as
+ * the upper case.
+ */
+ if (cases[2] == 0)
+ cases[2] = code;
+
+ if (upper_used == upper_size) {
+ if (upper_size == 0)
+ upper = (_case_t *) malloc(sizeof(_case_t) << 3);
+ else
+ upper = (_case_t *) realloc((char *) upper,
+ sizeof(_case_t) * (upper_size + 8));
+ upper_size += 8;
+ }
+
+ /*
+ * Locate the insertion point.
+ */
+ for (i = 0; i < upper_used && code > upper[i].key; i++) ;
+
+ if (i < upper_used) {
+ /*
+ * Shift the array up by one.
+ */
+ for (j = upper_used; j > i; j--)
+ (void) AC_MEMCPY((char *) &upper[j], (char *) &upper[j - 1],
+ sizeof(_case_t));
+ }
+
+ upper[i].key = cases[0]; /* Upper */
+ upper[i].other1 = cases[1]; /* Lower */
+ upper[i].other2 = cases[2]; /* Title */
+
+ upper_used++;
+}
+
+static void
+add_lower(ac_uint4 code)
+{
+ ac_uint4 i, j;
+
+ /*
+ * Always map the code to itself.
+ */
+ cases[1] = code;
+
+ /*
+ * If the title case character is empty, then make it the same as the
+ * upper case.
+ */
+ if (cases[2] == 0)
+ cases[2] = cases[0];
+
+ if (lower_used == lower_size) {
+ if (lower_size == 0)
+ lower = (_case_t *) malloc(sizeof(_case_t) << 3);
+ else
+ lower = (_case_t *) realloc((char *) lower,
+ sizeof(_case_t) * (lower_size + 8));
+ lower_size += 8;
+ }
+
+ /*
+ * Locate the insertion point.
+ */
+ for (i = 0; i < lower_used && code > lower[i].key; i++) ;
+
+ if (i < lower_used) {
+ /*
+ * Shift the array up by one.
+ */
+ for (j = lower_used; j > i; j--)
+ (void) AC_MEMCPY((char *) &lower[j], (char *) &lower[j - 1],
+ sizeof(_case_t));
+ }
+
+ lower[i].key = cases[1]; /* Lower */
+ lower[i].other1 = cases[0]; /* Upper */
+ lower[i].other2 = cases[2]; /* Title */
+
+ lower_used++;
+}
+
+static void
+ordered_ccl_insert(ac_uint4 c, ac_uint4 ccl_code)
+{
+ ac_uint4 i, j;
+
+ if (ccl_used == ccl_size) {
+ if (ccl_size == 0)
+ ccl = (ac_uint4 *) malloc(sizeof(ac_uint4) * 24);
+ else
+ ccl = (ac_uint4 *)
+ realloc((char *) ccl, sizeof(ac_uint4) * (ccl_size + 24));
+ ccl_size += 24;
+ }
+
+ /*
+ * Optimize adding the first item.
+ */
+ if (ccl_used == 0) {
+ ccl[0] = ccl[1] = c;
+ ccl[2] = ccl_code;
+ ccl_used += 3;
+ return;
+ }
+
+ /*
+ * Handle the special case of extending the range on the end. This
+ * requires that the combining class codes are the same.
+ */
+ if (ccl_code == ccl[ccl_used - 1] && c == ccl[ccl_used - 2] + 1) {
+ ccl[ccl_used - 2] = c;
+ return;
+ }
+
+ /*
+ * Handle the special case of adding another range on the end.
+ */
+ if (c > ccl[ccl_used - 2] + 1 ||
+ (c == ccl[ccl_used - 2] + 1 && ccl_code != ccl[ccl_used - 1])) {
+ ccl[ccl_used++] = c;
+ ccl[ccl_used++] = c;
+ ccl[ccl_used++] = ccl_code;
+ return;
+ }
+
+ /*
+ * Locate either the insertion point or range for the code.
+ */
+ for (i = 0; i < ccl_used && c > ccl[i + 1] + 1; i += 3) ;
+
+ if (ccl_code == ccl[i + 2] && c == ccl[i + 1] + 1) {
+ /*
+ * Extend an existing range.
+ */
+ ccl[i + 1] = c;
+ return;
+ } else if (c < ccl[i]) {
+ /*
+ * Start a new range before the current location.
+ */
+ for (j = ccl_used; j > i; j -= 3) {
+ ccl[j] = ccl[j - 3];
+ ccl[j - 1] = ccl[j - 4];
+ ccl[j - 2] = ccl[j - 5];
+ }
+ ccl[i] = ccl[i + 1] = c;
+ ccl[i + 2] = ccl_code;
+ }
+}
+
+/*
+ * Adds a number if it does not already exist and returns an index value
+ * multiplied by 2.
+ */
+static ac_uint4
+make_number(short num, short denom)
+{
+ ac_uint4 n;
+
+ /*
+ * Determine if the number already exists.
+ */
+ for (n = 0; n < nums_used; n++) {
+ if (nums[n].numerator == num && nums[n].denominator == denom)
+ return n << 1;
+ }
+
+ if (nums_used == nums_size) {
+ if (nums_size == 0)
+ nums = (_num_t *) malloc(sizeof(_num_t) << 3);
+ else
+ nums = (_num_t *) realloc((char *) nums,
+ sizeof(_num_t) * (nums_size + 8));
+ nums_size += 8;
+ }
+
+ n = nums_used++;
+ nums[n].numerator = num;
+ nums[n].denominator = denom;
+
+ return n << 1;
+}
+
+static void
+add_number(ac_uint4 code, short num, short denom)
+{
+ ac_uint4 i, j;
+
+ /*
+ * Insert the code in order.
+ */
+ for (i = 0; i < ncodes_used && code > ncodes[i].code; i++) ;
+
+ /*
+ * Handle the case of the codes matching and simply replace the number
+ * that was there before.
+ */
+ if (i < ncodes_used && code == ncodes[i].code) {
+ ncodes[i].idx = make_number(num, denom);
+ return;
+ }
+
+ /*
+ * Resize the array if necessary.
+ */
+ if (ncodes_used == ncodes_size) {
+ if (ncodes_size == 0)
+ ncodes = (_codeidx_t *) malloc(sizeof(_codeidx_t) << 3);
+ else
+ ncodes = (_codeidx_t *)
+ realloc((char *) ncodes, sizeof(_codeidx_t) * (ncodes_size + 8));
+
+ ncodes_size += 8;
+ }
+
+ /*
+ * Shift things around to insert the code if necessary.
+ */
+ if (i < ncodes_used) {
+ for (j = ncodes_used; j > i; j--) {
+ ncodes[j].code = ncodes[j - 1].code;
+ ncodes[j].idx = ncodes[j - 1].idx;
+ }
+ }
+ ncodes[i].code = code;
+ ncodes[i].idx = make_number(num, denom);
+
+ ncodes_used++;
+}
+
+/*
+ * This routine assumes that the line is a valid Unicode Character Database
+ * entry.
+ */
+static void
+read_cdata(FILE *in)
+{
+ ac_uint4 i, lineno, skip, code, ccl_code;
+ short wnum, neg, number[2], compat;
+ char line[512], *s, *e;
+
+ lineno = skip = 0;
+ while (fgets(line, sizeof(line), in)) {
+ if( (s=strchr(line, '\n')) ) *s = '\0';
+ lineno++;
+
+ /*
+ * Skip blank lines and lines that start with a '#'.
+ */
+ if (line[0] == 0 || line[0] == '#')
+ continue;
+
+ /*
+ * If lines need to be skipped, do it here.
+ */
+ if (skip) {
+ skip--;
+ continue;
+ }
+
+ /*
+ * Collect the code. The code can be up to 6 hex digits in length to
+ * allow surrogates to be specified.
+ */
+ for (s = line, i = code = 0; *s != ';' && i < 6; i++, s++) {
+ code <<= 4;
+ if (*s >= '0' && *s <= '9')
+ code += *s - '0';
+ else if (*s >= 'A' && *s <= 'F')
+ code += (*s - 'A') + 10;
+ else if (*s >= 'a' && *s <= 'f')
+ code += (*s - 'a') + 10;
+ }
+
+ /*
+ * Handle the following special cases:
+ * 1. 4E00-9FA5 CJK Ideographs.
+ * 2. AC00-D7A3 Hangul Syllables.
+ * 3. D800-DFFF Surrogates.
+ * 4. E000-F8FF Private Use Area.
+ * 5. F900-FA2D Han compatibility.
+ * ...Plus additional ranges in newer Unicode versions...
+ */
+ switch (code) {
+ case 0x3400:
+ /* CJK Ideograph Extension A */
+ add_range(0x3400, 0x4db5, "Lo", "L");
+
+ add_range(0x3400, 0x4db5, "Cp", 0);
+
+ skip = 1;
+ break;
+ case 0x4e00:
+ /*
+ * The Han ideographs.
+ */
+ add_range(0x4e00, 0x9fff, "Lo", "L");
+
+ /*
+ * Add the characters to the defined category.
+ */
+ add_range(0x4e00, 0x9fa5, "Cp", 0);
+
+ skip = 1;
+ break;
+ case 0xac00:
+ /*
+ * The Hangul syllables.
+ */
+ add_range(0xac00, 0xd7a3, "Lo", "L");
+
+ /*
+ * Add the characters to the defined category.
+ */
+ add_range(0xac00, 0xd7a3, "Cp", 0);
+
+ skip = 1;
+ break;
+ case 0xd800:
+ /*
+ * Make a range of all surrogates and assume some default
+ * properties.
+ */
+ add_range(0x010000, 0x10ffff, "Cs", "L");
+ skip = 5;
+ break;
+ case 0xe000:
+ /*
+ * The Private Use area. Add with a default set of properties.
+ */
+ add_range(0xe000, 0xf8ff, "Co", "L");
+ skip = 1;
+ break;
+ case 0xf900:
+ /*
+ * The CJK compatibility area.
+ */
+ add_range(0xf900, 0xfaff, "Lo", "L");
+
+ /*
+ * Add the characters to the defined category.
+ */
+ add_range(0xf900, 0xfaff, "Cp", 0);
+
+ skip = 1;
+ break;
+ case 0x20000:
+ /* CJK Ideograph Extension B */
+ add_range(0x20000, 0x2a6d6, "Lo", "L");
+
+ add_range(0x20000, 0x2a6d6, "Cp", 0);
+
+ skip = 1;
+ break;
+ case 0xf0000:
+ /* Plane 15 private use */
+ add_range(0xf0000, 0xffffd, "Co", "L");
+ skip = 1;
+ break;
+
+ case 0x100000:
+ /* Plane 16 private use */
+ add_range(0x100000, 0x10fffd, "Co", "L");
+ skip = 1;
+ break;
+ }
+
+ if (skip)
+ continue;
+
+ /*
+ * Add the code to the defined category.
+ */
+ ordered_range_insert(code, "Cp", 2);
+
+ /*
+ * Locate the first character property field.
+ */
+ for (i = 0; *s != 0 && i < 2; s++) {
+ if (*s == ';')
+ i++;
+ }
+ for (e = s; *e && *e != ';'; e++) ;
+
+ ordered_range_insert(code, s, e - s);
+
+ /*
+ * Locate the combining class code.
+ */
+ for (s = e; *s != 0 && i < 3; s++) {
+ if (*s == ';')
+ i++;
+ }
+
+ /*
+ * Convert the combining class code from decimal.
+ */
+ for (ccl_code = 0, e = s; *e && *e != ';'; e++)
+ ccl_code = (ccl_code * 10) + (*e - '0');
+
+ /*
+ * Add the code if it not 0.
+ */
+ if (ccl_code != 0)
+ ordered_ccl_insert(code, ccl_code);
+
+ /*
+ * Locate the second character property field.
+ */
+ for (s = e; *s != 0 && i < 4; s++) {
+ if (*s == ';')
+ i++;
+ }
+ for (e = s; *e && *e != ';'; e++) ;
+
+ ordered_range_insert(code, s, e - s);
+
+ /*
+ * Check for a decomposition.
+ */
+ s = ++e;
+ if (*s != ';') {
+ compat = *s == '<';
+ if (compat) {
+ /*
+ * Skip compatibility formatting tag.
+ */
+ while (*s++ != '>');
+ }
+ /*
+ * Collect the codes of the decomposition.
+ */
+ for (dectmp_size = 0; *s != ';'; ) {
+ /*
+ * Skip all leading non-hex digits.
+ */
+ while (!ishdigit(*s))
+ s++;
+
+ for (dectmp[dectmp_size] = 0; ishdigit(*s); s++) {
+ dectmp[dectmp_size] <<= 4;
+ if (*s >= '0' && *s <= '9')
+ dectmp[dectmp_size] += *s - '0';
+ else if (*s >= 'A' && *s <= 'F')
+ dectmp[dectmp_size] += (*s - 'A') + 10;
+ else if (*s >= 'a' && *s <= 'f')
+ dectmp[dectmp_size] += (*s - 'a') + 10;
+ }
+ dectmp_size++;
+ }
+
+ /*
+ * If there are any codes in the temporary decomposition array,
+ * then add the character with its decomposition.
+ */
+ if (dectmp_size > 0) {
+ if (!compat) {
+ add_decomp(code, 0);
+ }
+ add_decomp(code, 1);
+ }
+ }
+
+ /*
+ * Skip to the number field.
+ */
+ for (i = 0; i < 3 && *s; s++) {
+ if (*s == ';')
+ i++;
+ }
+
+ /*
+ * Scan the number in.
+ */
+ number[0] = number[1] = 0;
+ for (e = s, neg = wnum = 0; *e && *e != ';'; e++) {
+ if (*e == '-') {
+ neg = 1;
+ continue;
+ }
+
+ if (*e == '/') {
+ /*
+ * Move the the denominator of the fraction.
+ */
+ if (neg)
+ number[wnum] *= -1;
+ neg = 0;
+ e++;
+ wnum++;
+ }
+ number[wnum] = (number[wnum] * 10) + (*e - '0');
+ }
+
+ if (e > s) {
+ /*
+ * Adjust the denominator in case of integers and add the number.
+ */
+ if (wnum == 0)
+ number[1] = 1;
+
+ add_number(code, number[0], number[1]);
+ }
+
+ /*
+ * Skip to the start of the possible case mappings.
+ */
+ for (s = e, i = 0; i < 4 && *s; s++) {
+ if (*s == ';')
+ i++;
+ }
+
+ /*
+ * Collect the case mappings.
+ */
+ cases[0] = cases[1] = cases[2] = 0;
+ for (i = 0; i < 3; i++) {
+ while (ishdigit(*s)) {
+ cases[i] <<= 4;
+ if (*s >= '0' && *s <= '9')
+ cases[i] += *s - '0';
+ else if (*s >= 'A' && *s <= 'F')
+ cases[i] += (*s - 'A') + 10;
+ else if (*s >= 'a' && *s <= 'f')
+ cases[i] += (*s - 'a') + 10;
+ s++;
+ }
+ if (*s == ';')
+ s++;
+ }
+ if (cases[0] && cases[1])
+ /*
+ * Add the upper and lower mappings for a title case character.
+ */
+ add_title(code);
+ else if (cases[1])
+ /*
+ * Add the lower and title case mappings for the upper case
+ * character.
+ */
+ add_upper(code);
+ else if (cases[0])
+ /*
+ * Add the upper and title case mappings for the lower case
+ * character.
+ */
+ add_lower(code);
+ }
+}
+
+static _decomp_t *
+find_decomp(ac_uint4 code, short compat)
+{
+ long l, r, m;
+ _decomp_t *decs;
+
+ l = 0;
+ r = (compat ? kdecomps_used : decomps_used) - 1;
+ decs = compat ? kdecomps : decomps;
+ while (l <= r) {
+ m = (l + r) >> 1;
+ if (code > decs[m].code)
+ l = m + 1;
+ else if (code < decs[m].code)
+ r = m - 1;
+ else
+ return &decs[m];
+ }
+ return 0;
+}
+
+static void
+decomp_it(_decomp_t *d, short compat)
+{
+ ac_uint4 i;
+ _decomp_t *dp;
+
+ for (i = 0; i < d->used; i++) {
+ if ((dp = find_decomp(d->decomp[i], compat)) != 0)
+ decomp_it(dp, compat);
+ else
+ dectmp[dectmp_size++] = d->decomp[i];
+ }
+}
+
+/*
+ * Expand all decompositions by recursively decomposing each character
+ * in the decomposition.
+ */
+static void
+expand_decomp(void)
+{
+ ac_uint4 i;
+
+ for (i = 0; i < decomps_used; i++) {
+ dectmp_size = 0;
+ decomp_it(&decomps[i], 0);
+ if (dectmp_size > 0)
+ add_decomp(decomps[i].code, 0);
+ }
+
+ for (i = 0; i < kdecomps_used; i++) {
+ dectmp_size = 0;
+ decomp_it(&kdecomps[i], 1);
+ if (dectmp_size > 0)
+ add_decomp(kdecomps[i].code, 1);
+ }
+}
+
+static int
+cmpcomps(const void *v_comp1, const void *v_comp2)
+{
+ const _comp_t *comp1 = v_comp1, *comp2 = v_comp2;
+ long diff = comp1->code1 - comp2->code1;
+
+ if (!diff)
+ diff = comp1->code2 - comp2->code2;
+ return (int) diff;
+}
+
+/*
+ * Load composition exclusion data
+ */
+static void
+read_compexdata(FILE *in)
+{
+ ac_uint2 i;
+ ac_uint4 code;
+ char line[512], *s;
+
+ (void) memset((char *) compexs, 0, sizeof(compexs));
+
+ while (fgets(line, sizeof(line), in)) {
+ if( (s=strchr(line, '\n')) ) *s = '\0';
+ /*
+ * Skip blank lines and lines that start with a '#'.
+ */
+ if (line[0] == 0 || line[0] == '#')
+ continue;
+
+ /*
+ * Collect the code. Assume max 6 digits
+ */
+
+ for (s = line, i = code = 0; *s != '#' && i < 6; i++, s++) {
+ if (isspace((unsigned char)*s)) break;
+ code <<= 4;
+ if (*s >= '0' && *s <= '9')
+ code += *s - '0';
+ else if (*s >= 'A' && *s <= 'F')
+ code += (*s - 'A') + 10;
+ else if (*s >= 'a' && *s <= 'f')
+ code += (*s - 'a') + 10;
+ }
+ COMPEX_SET(code);
+ }
+}
+
+/*
+ * Creates array of compositions from decomposition array
+ */
+static void
+create_comps(void)
+{
+ ac_uint4 i, cu;
+
+ comps = (_comp_t *) malloc(comps_used * sizeof(_comp_t));
+
+ for (i = cu = 0; i < decomps_used; i++) {
+ if (decomps[i].used != 2 || COMPEX_TEST(decomps[i].code))
+ continue;
+ comps[cu].comp = decomps[i].code;
+ comps[cu].count = 2;
+ comps[cu].code1 = decomps[i].decomp[0];
+ comps[cu].code2 = decomps[i].decomp[1];
+ cu++;
+ }
+ comps_used = cu;
+ qsort(comps, comps_used, sizeof(_comp_t), cmpcomps);
+}
+
+#if HARDCODE_DATA
+static void
+write_case(FILE *out, _case_t *tab, int num, int first)
+{
+ int i;
+
+ for (i=0; i<num; i++) {
+ if (first) first = 0;
+ else fprintf(out, ",");
+ fprintf(out, "\n\t0x%08lx, 0x%08lx, 0x%08lx",
+ (unsigned long) tab[i].key, (unsigned long) tab[i].other1,
+ (unsigned long) tab[i].other2);
+ }
+}
+
+#define PREF "static const "
+
+#endif
+
+static void
+write_cdata(char *opath)
+{
+ FILE *out;
+ ac_uint4 bytes;
+ ac_uint4 i, idx, nprops;
+#if !(HARDCODE_DATA)
+ ac_uint2 casecnt[2];
+#endif
+ char path[BUFSIZ];
+#if HARDCODE_DATA
+ int j, k;
+
+ /*****************************************************************
+ *
+ * Generate the ctype data.
+ *
+ *****************************************************************/
+
+ /*
+ * Open the output file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "uctable.h", opath);
+ if ((out = fopen(path, "w")) == 0)
+ return;
+#else
+ /*
+ * Open the ctype.dat file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "ctype.dat", opath);
+ if ((out = fopen(path, "wb")) == 0)
+ return;
+#endif
+
+ /*
+ * Collect the offsets for the properties. The offsets array is
+ * on a 4-byte boundary to keep things efficient for architectures
+ * that need such a thing.
+ */
+ for (i = idx = 0; i < NUMPROPS; i++) {
+ propcnt[i] = (proptbl[i].used != 0) ? idx : 0xffff;
+ idx += proptbl[i].used;
+ }
+
+ /*
+ * Add the sentinel index which is used by the binary search as the upper
+ * bound for a search.
+ */
+ propcnt[i] = idx;
+
+ /*
+ * Record the actual number of property lists. This may be different than
+ * the number of offsets actually written because of aligning on a 4-byte
+ * boundary.
+ */
+ hdr[1] = NUMPROPS;
+
+ /*
+ * Calculate the byte count needed and pad the property counts array to a
+ * 4-byte boundary.
+ */
+ if ((bytes = sizeof(ac_uint2) * (NUMPROPS + 1)) & 3)
+ bytes += 4 - (bytes & 3);
+ nprops = bytes / sizeof(ac_uint2);
+ bytes += sizeof(ac_uint4) * idx;
+
+#if HARDCODE_DATA
+ fprintf(out, PREF "ac_uint4 _ucprop_size = %d;\n\n", NUMPROPS);
+
+ fprintf(out, PREF "ac_uint2 _ucprop_offsets[] = {");
+
+ for (i = 0; i<nprops; i++) {
+ if (i) fprintf(out, ",");
+ if (!(i&7)) fprintf(out, "\n\t");
+ else fprintf(out, " ");
+ fprintf(out, "0x%04x", propcnt[i]);
+ }
+ fprintf(out, "\n};\n\n");
+
+ fprintf(out, PREF "ac_uint4 _ucprop_ranges[] = {");
+
+ k = 0;
+ for (i = 0; i < NUMPROPS; i++) {
+ if (proptbl[i].used > 0) {
+ for (j=0; j<proptbl[i].used; j++) {
+ if (k) fprintf(out, ",");
+ if (!(k&3)) fprintf(out,"\n\t");
+ else fprintf(out, " ");
+ k++;
+ fprintf(out, "0x%08lx", (unsigned long) proptbl[i].ranges[j]);
+ }
+ }
+ }
+ fprintf(out, "\n};\n\n");
+#else
+ /*
+ * Write the header.
+ */
+ fwrite((char *) hdr, sizeof(ac_uint2), 2, out);
+
+ /*
+ * Write the byte count.
+ */
+ fwrite((char *) &bytes, sizeof(ac_uint4), 1, out);
+
+ /*
+ * Write the property list counts.
+ */
+ fwrite((char *) propcnt, sizeof(ac_uint2), nprops, out);
+
+ /*
+ * Write the property lists.
+ */
+ for (i = 0; i < NUMPROPS; i++) {
+ if (proptbl[i].used > 0)
+ fwrite((char *) proptbl[i].ranges, sizeof(ac_uint4),
+ proptbl[i].used, out);
+ }
+
+ fclose(out);
+#endif
+
+ /*****************************************************************
+ *
+ * Generate the case mapping data.
+ *
+ *****************************************************************/
+
+#if HARDCODE_DATA
+ fprintf(out, PREF "ac_uint4 _uccase_size = %ld;\n\n",
+ (long) (upper_used + lower_used + title_used));
+
+ fprintf(out, PREF "ac_uint2 _uccase_len[2] = {%ld, %ld};\n\n",
+ (long) upper_used, (long) lower_used);
+ fprintf(out, PREF "ac_uint4 _uccase_map[] = {");
+
+ if (upper_used > 0)
+ /*
+ * Write the upper case table.
+ */
+ write_case(out, upper, upper_used, 1);
+
+ if (lower_used > 0)
+ /*
+ * Write the lower case table.
+ */
+ write_case(out, lower, lower_used, !upper_used);
+
+ if (title_used > 0)
+ /*
+ * Write the title case table.
+ */
+ write_case(out, title, title_used, !(upper_used||lower_used));
+
+ if (!(upper_used || lower_used || title_used))
+ fprintf(out, "\t0");
+
+ fprintf(out, "\n};\n\n");
+#else
+ /*
+ * Open the case.dat file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "case.dat", opath);
+ if ((out = fopen(path, "wb")) == 0)
+ return;
+
+ /*
+ * Write the case mapping tables.
+ */
+ hdr[1] = upper_used + lower_used + title_used;
+ casecnt[0] = upper_used;
+ casecnt[1] = lower_used;
+
+ /*
+ * Write the header.
+ */
+ fwrite((char *) hdr, sizeof(ac_uint2), 2, out);
+
+ /*
+ * Write the upper and lower case table sizes.
+ */
+ fwrite((char *) casecnt, sizeof(ac_uint2), 2, out);
+
+ if (upper_used > 0)
+ /*
+ * Write the upper case table.
+ */
+ fwrite((char *) upper, sizeof(_case_t), upper_used, out);
+
+ if (lower_used > 0)
+ /*
+ * Write the lower case table.
+ */
+ fwrite((char *) lower, sizeof(_case_t), lower_used, out);
+
+ if (title_used > 0)
+ /*
+ * Write the title case table.
+ */
+ fwrite((char *) title, sizeof(_case_t), title_used, out);
+
+ fclose(out);
+#endif
+
+ /*****************************************************************
+ *
+ * Generate the composition data.
+ *
+ *****************************************************************/
+
+ /*
+ * Create compositions from decomposition data
+ */
+ create_comps();
+
+#if HARDCODE_DATA
+ fprintf(out, PREF "ac_uint4 _uccomp_size = %ld;\n\n",
+ comps_used * 4L);
+
+ fprintf(out, PREF "ac_uint4 _uccomp_data[] = {");
+
+ /*
+ * Now, if comps exist, write them out.
+ */
+ if (comps_used > 0) {
+ for (i=0; i<comps_used; i++) {
+ if (i) fprintf(out, ",");
+ fprintf(out, "\n\t0x%08lx, 0x%08lx, 0x%08lx, 0x%08lx",
+ (unsigned long) comps[i].comp, (unsigned long) comps[i].count,
+ (unsigned long) comps[i].code1, (unsigned long) comps[i].code2);
+ }
+ } else {
+ fprintf(out, "\t0");
+ }
+ fprintf(out, "\n};\n\n");
+#else
+ /*
+ * Open the comp.dat file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "comp.dat", opath);
+ if ((out = fopen(path, "wb")) == 0)
+ return;
+
+ /*
+ * Write the header.
+ */
+ hdr[1] = (ac_uint2) comps_used * 4;
+ fwrite((char *) hdr, sizeof(ac_uint2), 2, out);
+
+ /*
+ * Write out the byte count to maintain header size.
+ */
+ bytes = comps_used * sizeof(_comp_t);
+ fwrite((char *) &bytes, sizeof(ac_uint4), 1, out);
+
+ /*
+ * Now, if comps exist, write them out.
+ */
+ if (comps_used > 0)
+ fwrite((char *) comps, sizeof(_comp_t), comps_used, out);
+
+ fclose(out);
+#endif
+
+ /*****************************************************************
+ *
+ * Generate the decomposition data.
+ *
+ *****************************************************************/
+
+ /*
+ * Fully expand all decompositions before generating the output file.
+ */
+ expand_decomp();
+
+#if HARDCODE_DATA
+ fprintf(out, PREF "ac_uint4 _ucdcmp_size = %ld;\n\n",
+ decomps_used * 2L);
+
+ fprintf(out, PREF "ac_uint4 _ucdcmp_nodes[] = {");
+
+ if (decomps_used) {
+ /*
+ * Write the list of decomp nodes.
+ */
+ for (i = idx = 0; i < decomps_used; i++) {
+ fprintf(out, "\n\t0x%08lx, 0x%08lx,",
+ (unsigned long) decomps[i].code, (unsigned long) idx);
+ idx += decomps[i].used;
+ }
+
+ /*
+ * Write the sentinel index as the last decomp node.
+ */
+ fprintf(out, "\n\t0x%08lx\n};\n\n", (unsigned long) idx);
+
+ fprintf(out, PREF "ac_uint4 _ucdcmp_decomp[] = {");
+ /*
+ * Write the decompositions themselves.
+ */
+ k = 0;
+ for (i = 0; i < decomps_used; i++)
+ for (j=0; j<decomps[i].used; j++) {
+ if (k) fprintf(out, ",");
+ if (!(k&3)) fprintf(out,"\n\t");
+ else fprintf(out, " ");
+ k++;
+ fprintf(out, "0x%08lx", (unsigned long) decomps[i].decomp[j]);
+ }
+ fprintf(out, "\n};\n\n");
+ }
+#else
+ /*
+ * Open the decomp.dat file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "decomp.dat", opath);
+ if ((out = fopen(path, "wb")) == 0)
+ return;
+
+ hdr[1] = decomps_used;
+
+ /*
+ * Write the header.
+ */
+ fwrite((char *) hdr, sizeof(ac_uint2), 2, out);
+
+ /*
+ * Write a temporary byte count which will be calculated as the
+ * decompositions are written out.
+ */
+ bytes = 0;
+ fwrite((char *) &bytes, sizeof(ac_uint4), 1, out);
+
+ if (decomps_used) {
+ /*
+ * Write the list of decomp nodes.
+ */
+ for (i = idx = 0; i < decomps_used; i++) {
+ fwrite((char *) &decomps[i].code, sizeof(ac_uint4), 1, out);
+ fwrite((char *) &idx, sizeof(ac_uint4), 1, out);
+ idx += decomps[i].used;
+ }
+
+ /*
+ * Write the sentinel index as the last decomp node.
+ */
+ fwrite((char *) &idx, sizeof(ac_uint4), 1, out);
+
+ /*
+ * Write the decompositions themselves.
+ */
+ for (i = 0; i < decomps_used; i++)
+ fwrite((char *) decomps[i].decomp, sizeof(ac_uint4),
+ decomps[i].used, out);
+
+ /*
+ * Seek back to the beginning and write the byte count.
+ */
+ bytes = (sizeof(ac_uint4) * idx) +
+ (sizeof(ac_uint4) * ((hdr[1] << 1) + 1));
+ fseek(out, sizeof(ac_uint2) << 1, 0L);
+ fwrite((char *) &bytes, sizeof(ac_uint4), 1, out);
+
+ fclose(out);
+ }
+#endif
+
+#ifdef HARDCODE_DATA
+ fprintf(out, PREF "ac_uint4 _uckdcmp_size = %ld;\n\n",
+ kdecomps_used * 2L);
+
+ fprintf(out, PREF "ac_uint4 _uckdcmp_nodes[] = {");
+
+ if (kdecomps_used) {
+ /*
+ * Write the list of kdecomp nodes.
+ */
+ for (i = idx = 0; i < kdecomps_used; i++) {
+ fprintf(out, "\n\t0x%08lx, 0x%08lx,",
+ (unsigned long) kdecomps[i].code, (unsigned long) idx);
+ idx += kdecomps[i].used;
+ }
+
+ /*
+ * Write the sentinel index as the last decomp node.
+ */
+ fprintf(out, "\n\t0x%08lx\n};\n\n", (unsigned long) idx);
+
+ fprintf(out, PREF "ac_uint4 _uckdcmp_decomp[] = {");
+
+ /*
+ * Write the decompositions themselves.
+ */
+ k = 0;
+ for (i = 0; i < kdecomps_used; i++)
+ for (j=0; j<kdecomps[i].used; j++) {
+ if (k) fprintf(out, ",");
+ if (!(k&3)) fprintf(out,"\n\t");
+ else fprintf(out, " ");
+ k++;
+ fprintf(out, "0x%08lx", (unsigned long) kdecomps[i].decomp[j]);
+ }
+ fprintf(out, "\n};\n\n");
+ }
+#else
+ /*
+ * Open the kdecomp.dat file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "kdecomp.dat", opath);
+ if ((out = fopen(path, "wb")) == 0)
+ return;
+
+ hdr[1] = kdecomps_used;
+
+ /*
+ * Write the header.
+ */
+ fwrite((char *) hdr, sizeof(ac_uint2), 2, out);
+
+ /*
+ * Write a temporary byte count which will be calculated as the
+ * decompositions are written out.
+ */
+ bytes = 0;
+ fwrite((char *) &bytes, sizeof(ac_uint4), 1, out);
+
+ if (kdecomps_used) {
+ /*
+ * Write the list of kdecomp nodes.
+ */
+ for (i = idx = 0; i < kdecomps_used; i++) {
+ fwrite((char *) &kdecomps[i].code, sizeof(ac_uint4), 1, out);
+ fwrite((char *) &idx, sizeof(ac_uint4), 1, out);
+ idx += kdecomps[i].used;
+ }
+
+ /*
+ * Write the sentinel index as the last decomp node.
+ */
+ fwrite((char *) &idx, sizeof(ac_uint4), 1, out);
+
+ /*
+ * Write the decompositions themselves.
+ */
+ for (i = 0; i < kdecomps_used; i++)
+ fwrite((char *) kdecomps[i].decomp, sizeof(ac_uint4),
+ kdecomps[i].used, out);
+
+ /*
+ * Seek back to the beginning and write the byte count.
+ */
+ bytes = (sizeof(ac_uint4) * idx) +
+ (sizeof(ac_uint4) * ((hdr[1] << 1) + 1));
+ fseek(out, sizeof(ac_uint2) << 1, 0L);
+ fwrite((char *) &bytes, sizeof(ac_uint4), 1, out);
+
+ fclose(out);
+ }
+#endif
+
+ /*****************************************************************
+ *
+ * Generate the combining class data.
+ *
+ *****************************************************************/
+#ifdef HARDCODE_DATA
+ fprintf(out, PREF "ac_uint4 _uccmcl_size = %ld;\n\n", (long) ccl_used);
+
+ fprintf(out, PREF "ac_uint4 _uccmcl_nodes[] = {");
+
+ if (ccl_used > 0) {
+ /*
+ * Write the combining class ranges out.
+ */
+ for (i = 0; i<ccl_used; i++) {
+ if (i) fprintf(out, ",");
+ if (!(i&3)) fprintf(out, "\n\t");
+ else fprintf(out, " ");
+ fprintf(out, "0x%08lx", (unsigned long) ccl[i]);
+ }
+ } else {
+ fprintf(out, "\t0");
+ }
+ fprintf(out, "\n};\n\n");
+#else
+ /*
+ * Open the cmbcl.dat file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "cmbcl.dat", opath);
+ if ((out = fopen(path, "wb")) == 0)
+ return;
+
+ /*
+ * Set the number of ranges used. Each range has a combining class which
+ * means each entry is a 3-tuple.
+ */
+ hdr[1] = ccl_used / 3;
+
+ /*
+ * Write the header.
+ */
+ fwrite((char *) hdr, sizeof(ac_uint2), 2, out);
+
+ /*
+ * Write out the byte count to maintain header size.
+ */
+ bytes = ccl_used * sizeof(ac_uint4);
+ fwrite((char *) &bytes, sizeof(ac_uint4), 1, out);
+
+ if (ccl_used > 0)
+ /*
+ * Write the combining class ranges out.
+ */
+ fwrite((char *) ccl, sizeof(ac_uint4), ccl_used, out);
+
+ fclose(out);
+#endif
+
+ /*****************************************************************
+ *
+ * Generate the number data.
+ *
+ *****************************************************************/
+
+#if HARDCODE_DATA
+ fprintf(out, PREF "ac_uint4 _ucnum_size = %lu;\n\n",
+ (unsigned long)ncodes_used<<1);
+
+ fprintf(out, PREF "ac_uint4 _ucnum_nodes[] = {");
+
+ /*
+ * Now, if number mappings exist, write them out.
+ */
+ if (ncodes_used > 0) {
+ for (i = 0; i<ncodes_used; i++) {
+ if (i) fprintf(out, ",");
+ if (!(i&1)) fprintf(out, "\n\t");
+ else fprintf(out, " ");
+ fprintf(out, "0x%08lx, 0x%08lx",
+ (unsigned long) ncodes[i].code, (unsigned long) ncodes[i].idx);
+ }
+ fprintf(out, "\n};\n\n");
+
+ fprintf(out, PREF "short _ucnum_vals[] = {");
+ for (i = 0; i<nums_used; i++) {
+ if (i) fprintf(out, ",");
+ if (!(i&3)) fprintf(out, "\n\t");
+ else fprintf(out, " ");
+ if (nums[i].numerator < 0) {
+ fprintf(out, "%6d, 0x%04x",
+ nums[i].numerator, nums[i].denominator);
+ } else {
+ fprintf(out, "0x%04x, 0x%04x",
+ nums[i].numerator, nums[i].denominator);
+ }
+ }
+ fprintf(out, "\n};\n\n");
+ }
+#else
+ /*
+ * Open the num.dat file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "num.dat", opath);
+ if ((out = fopen(path, "wb")) == 0)
+ return;
+
+ /*
+ * The count part of the header will be the total number of codes that
+ * have numbers.
+ */
+ hdr[1] = (ac_uint2) (ncodes_used << 1);
+ bytes = (ncodes_used * sizeof(_codeidx_t)) + (nums_used * sizeof(_num_t));
+
+ /*
+ * Write the header.
+ */
+ fwrite((char *) hdr, sizeof(ac_uint2), 2, out);
+
+ /*
+ * Write out the byte count to maintain header size.
+ */
+ fwrite((char *) &bytes, sizeof(ac_uint4), 1, out);
+
+ /*
+ * Now, if number mappings exist, write them out.
+ */
+ if (ncodes_used > 0) {
+ fwrite((char *) ncodes, sizeof(_codeidx_t), ncodes_used, out);
+ fwrite((char *) nums, sizeof(_num_t), nums_used, out);
+ }
+#endif
+
+ fclose(out);
+}
+
+static void
+usage(char *prog)
+{
+ fprintf(stderr,
+ "Usage: %s [-o output-directory|-x composition-exclusions]", prog);
+ fprintf(stderr, " datafile1 datafile2 ...\n\n");
+ fprintf(stderr,
+ "-o output-directory\n\t\tWrite the output files to a different");
+ fprintf(stderr, " directory (default: .).\n");
+ fprintf(stderr,
+ "-x composition-exclusion\n\t\tFile of composition codes");
+ fprintf(stderr, " that should be excluded.\n");
+ exit(1);
+}
+
+int
+main(int argc, char *argv[])
+{
+ FILE *in;
+ char *prog, *opath;
+
+ prog = lutil_progname( "ucgendat", argc, argv );
+
+ opath = 0;
+ in = stdin;
+
+ argc--;
+ argv++;
+
+ while (argc > 0) {
+ if (argv[0][0] == '-') {
+ switch (argv[0][1]) {
+ case 'o':
+ argc--;
+ argv++;
+ opath = argv[0];
+ break;
+ case 'x':
+ argc--;
+ argv++;
+ if ((in = fopen(argv[0], "r")) == 0)
+ fprintf(stderr,
+ "%s: unable to open composition exclusion file %s\n",
+ prog, argv[0]);
+ else {
+ read_compexdata(in);
+ fclose(in);
+ in = 0;
+ }
+ break;
+ default:
+ usage(prog);
+ }
+ } else {
+ if (in != stdin && in != NULL)
+ fclose(in);
+ if ((in = fopen(argv[0], "r")) == 0)
+ fprintf(stderr, "%s: unable to open ctype file %s\n",
+ prog, argv[0]);
+ else {
+ read_cdata(in);
+ fclose(in);
+ in = 0;
+ }
+ }
+ argc--;
+ argv++;
+ }
+
+ if (opath == 0)
+ opath = ".";
+ write_cdata(opath);
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucpgba.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucpgba.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucpgba.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,750 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucpgba.c,v 1.5.2.3 2007/01/02 21:43:51 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Copyright 2001 Computing Research Labs, New Mexico State University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+/* $Id: ucpgba.c,v 1.5 2001/01/02 18:46:20 mleisher Exp $ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "ucdata.h"
+#include "ucpgba.h"
+
+/*
+ * These macros are used while reordering of RTL runs of text for the
+ * special case of non-spacing characters being in runs of weakly
+ * directional text. They check for weak and non-spacing, and digits and
+ * non-spacing.
+ */
+#define ISWEAKSPECIAL(cc) ucisprop(cc, UC_EN|UC_ES|UC_MN, UC_ET|UC_AN|UC_CS)
+#define ISDIGITSPECIAL(cc) ucisprop(cc, UC_ND|UC_MN, 0)
+
+/*
+ * These macros are used while breaking a string into runs of text in
+ * different directions. Descriptions:
+ *
+ * ISLTR_LTR - Test for members of an LTR run in an LTR context. This looks
+ * for characters with ltr, non-spacing, weak, and neutral
+ * properties.
+ *
+ * ISRTL_RTL - Test for members of an RTL run in an RTL context. This looks
+ * for characters with rtl, non-spacing, weak, and neutral
+ * properties.
+ *
+ * ISRTL_NEUTRAL - Test for RTL or neutral characters.
+ *
+ * ISWEAK_NEUTRAL - Test for weak or neutral characters.
+ */
+#define ISLTR_LTR(cc) ucisprop(cc, UC_L|UC_MN|UC_EN|UC_ES,\
+ UC_ET|UC_CS|UC_B|UC_S|UC_WS|UC_ON)
+
+#define ISRTL_RTL(cc) ucisprop(cc, UC_R|UC_MN|UC_EN|UC_ES,\
+ UC_ET|UC_AN|UC_CS|UC_B|UC_S|UC_WS|UC_ON)
+
+#define ISRTL_NEUTRAL(cc) ucisprop(cc, UC_R, UC_B|UC_S|UC_WS|UC_ON)
+#define ISWEAK_NEUTRAL(cc) ucisprop(cc, UC_EN|UC_ES, \
+ UC_B|UC_S|UC_WS|UC_ON|UC_ET|UC_AN|UC_CS)
+
+/*
+ * This table is temporarily hard-coded here until it can be constructed
+ * automatically somehow.
+ */
+static unsigned long _symmetric_pairs[] = {
+ 0x0028, 0x0029, 0x0029, 0x0028, 0x003C, 0x003E, 0x003E, 0x003C,
+ 0x005B, 0x005D, 0x005D, 0x005B, 0x007B, 0x007D, 0x007D, 0x007B,
+ 0x2045, 0x2046, 0x2046, 0x2045, 0x207D, 0x207E, 0x207E, 0x207D,
+ 0x208D, 0x208E, 0x208E, 0x208D, 0x3008, 0x3009, 0x3009, 0x3008,
+ 0x300A, 0x300B, 0x300B, 0x300A, 0x300C, 0x300D, 0x300D, 0x300C,
+ 0x300E, 0x300F, 0x300F, 0x300E, 0x3010, 0x3011, 0x3011, 0x3010,
+ 0x3014, 0x3015, 0x3015, 0x3014, 0x3016, 0x3017, 0x3017, 0x3016,
+ 0x3018, 0x3019, 0x3019, 0x3018, 0x301A, 0x301B, 0x301B, 0x301A,
+ 0xFD3E, 0xFD3F, 0xFD3F, 0xFD3E, 0xFE59, 0xFE5A, 0xFE5A, 0xFE59,
+ 0xFE5B, 0xFE5C, 0xFE5C, 0xFE5B, 0xFE5D, 0xFE5E, 0xFE5E, 0xFE5D,
+ 0xFF08, 0xFF09, 0xFF09, 0xFF08, 0xFF3B, 0xFF3D, 0xFF3D, 0xFF3B,
+ 0xFF5B, 0xFF5D, 0xFF5D, 0xFF5B, 0xFF62, 0xFF63, 0xFF63, 0xFF62,
+};
+
+static int _symmetric_pairs_size =
+sizeof(_symmetric_pairs)/sizeof(_symmetric_pairs[0]);
+
+/*
+ * This routine looks up the other form of a symmetric pair.
+ */
+static unsigned long
+_ucsymmetric_pair(unsigned long c)
+{
+ int i;
+
+ for (i = 0; i < _symmetric_pairs_size; i += 2) {
+ if (_symmetric_pairs[i] == c)
+ return _symmetric_pairs[i+1];
+ }
+ return c;
+}
+
+/*
+ * This routine creates a new run, copies the text into it, links it into the
+ * logical text order chain and returns it to the caller to be linked into
+ * the visual text order chain.
+ */
+static ucrun_t *
+_add_run(ucstring_t *str, unsigned long *src,
+ unsigned long start, unsigned long end, int direction)
+{
+ long i, t;
+ ucrun_t *run;
+
+ run = (ucrun_t *) malloc(sizeof(ucrun_t));
+ run->visual_next = run->visual_prev = 0;
+ run->direction = direction;
+
+ run->cursor = ~0;
+
+ run->chars = (unsigned long *)
+ malloc(sizeof(unsigned long) * ((end - start) << 1));
+ run->positions = run->chars + (end - start);
+
+ run->source = src;
+ run->start = start;
+ run->end = end;
+
+ if (direction == UCPGBA_RTL) {
+ /*
+ * Copy the source text into the run in reverse order and select
+ * replacements for the pairwise punctuation and the <> characters.
+ */
+ for (i = 0, t = end - 1; start < end; start++, t--, i++) {
+ run->positions[i] = t;
+ if (ucissymmetric(src[t]) || src[t] == '<' || src[t] == '>')
+ run->chars[i] = _ucsymmetric_pair(src[t]);
+ else
+ run->chars[i] = src[t];
+ }
+ } else {
+ /*
+ * Copy the source text into the run directly.
+ */
+ for (i = start; i < end; i++) {
+ run->positions[i - start] = i;
+ run->chars[i - start] = src[i];
+ }
+ }
+
+ /*
+ * Add the run to the logical list for cursor traversal.
+ */
+ if (str->logical_first == 0)
+ str->logical_first = str->logical_last = run;
+ else {
+ run->logical_prev = str->logical_last;
+ str->logical_last->logical_next = run;
+ str->logical_last = run;
+ }
+
+ return run;
+}
+
+static void
+_ucadd_rtl_segment(ucstring_t *str, unsigned long *source, unsigned long start,
+ unsigned long end)
+{
+ unsigned long s, e;
+ ucrun_t *run, *lrun;
+
+ /*
+ * This is used to splice runs into strings with overall LTR direction.
+ * The `lrun' variable will never be NULL because at least one LTR run was
+ * added before this RTL run.
+ */
+ lrun = str->visual_last;
+
+ for (e = s = start; s < end;) {
+ for (; e < end && ISRTL_NEUTRAL(source[e]); e++) ;
+
+ if (e > s) {
+ run = _add_run(str, source, s, e, UCPGBA_RTL);
+
+ /*
+ * Add the run to the visual list for cursor traversal.
+ */
+ if (str->visual_first != 0) {
+ if (str->direction == UCPGBA_LTR) {
+ run->visual_prev = lrun;
+ run->visual_next = lrun->visual_next;
+ if (lrun->visual_next != 0)
+ lrun->visual_next->visual_prev = run;
+ lrun->visual_next = run;
+ if (lrun == str->visual_last)
+ str->visual_last = run;
+ } else {
+ run->visual_next = str->visual_first;
+ str->visual_first->visual_prev = run;
+ str->visual_first = run;
+ }
+ } else
+ str->visual_first = str->visual_last = run;
+ }
+
+ /*
+ * Handle digits in a special way. This makes sure the weakly
+ * directional characters appear on the expected sides of a number
+ * depending on whether that number is Arabic or not.
+ */
+ for (s = e; e < end && ISWEAKSPECIAL(source[e]); e++) {
+ if (!ISDIGITSPECIAL(source[e]) &&
+ (e + 1 == end || !ISDIGITSPECIAL(source[e + 1])))
+ break;
+ }
+
+ if (e > s) {
+ run = _add_run(str, source, s, e, UCPGBA_LTR);
+
+ /*
+ * Add the run to the visual list for cursor traversal.
+ */
+ if (str->visual_first != 0) {
+ if (str->direction == UCPGBA_LTR) {
+ run->visual_prev = lrun;
+ run->visual_next = lrun->visual_next;
+ if (lrun->visual_next != 0)
+ lrun->visual_next->visual_prev = run;
+ lrun->visual_next = run;
+ if (lrun == str->visual_last)
+ str->visual_last = run;
+ } else {
+ run->visual_next = str->visual_first;
+ str->visual_first->visual_prev = run;
+ str->visual_first = run;
+ }
+ } else
+ str->visual_first = str->visual_last = run;
+ }
+
+ /*
+ * Collect all weak non-digit sequences for an RTL segment. These
+ * will appear as part of the next RTL segment or will be added as
+ * an RTL segment by themselves.
+ */
+ for (s = e; e < end && ucisweak(source[e]) && !ucisdigit(source[e]);
+ e++) ;
+ }
+
+ /*
+ * Capture any weak non-digit sequences that occur at the end of the RTL
+ * run.
+ */
+ if (e > s) {
+ run = _add_run(str, source, s, e, UCPGBA_RTL);
+
+ /*
+ * Add the run to the visual list for cursor traversal.
+ */
+ if (str->visual_first != 0) {
+ if (str->direction == UCPGBA_LTR) {
+ run->visual_prev = lrun;
+ run->visual_next = lrun->visual_next;
+ if (lrun->visual_next != 0)
+ lrun->visual_next->visual_prev = run;
+ lrun->visual_next = run;
+ if (lrun == str->visual_last)
+ str->visual_last = run;
+ } else {
+ run->visual_next = str->visual_first;
+ str->visual_first->visual_prev = run;
+ str->visual_first = run;
+ }
+ } else
+ str->visual_first = str->visual_last = run;
+ }
+}
+
+static void
+_ucadd_ltr_segment(ucstring_t *str, unsigned long *source, unsigned long start,
+ unsigned long end)
+{
+ ucrun_t *run;
+
+ run = _add_run(str, source, start, end, UCPGBA_LTR);
+
+ /*
+ * Add the run to the visual list for cursor traversal.
+ */
+ if (str->visual_first != 0) {
+ if (str->direction == UCPGBA_LTR) {
+ run->visual_prev = str->visual_last;
+ str->visual_last->visual_next = run;
+ str->visual_last = run;
+ } else {
+ run->visual_next = str->visual_first;
+ str->visual_first->visual_prev = run;
+ str->visual_first = run;
+ }
+ } else
+ str->visual_first = str->visual_last = run;
+}
+
+ucstring_t *
+ucstring_create(unsigned long *source, unsigned long start, unsigned long end,
+ int default_direction, int cursor_motion)
+{
+ int rtl_first;
+ unsigned long s, e, ld;
+ ucstring_t *str;
+
+ str = (ucstring_t *) malloc(sizeof(ucstring_t));
+
+ /*
+ * Set the initial values.
+ */
+ str->cursor_motion = cursor_motion;
+ str->logical_first = str->logical_last = 0;
+ str->visual_first = str->visual_last = str->cursor = 0;
+ str->source = source;
+ str->start = start;
+ str->end = end;
+
+ /*
+ * If the length of the string is 0, then just return it at this point.
+ */
+ if (start == end)
+ return str;
+
+ /*
+ * This flag indicates whether the collection loop for RTL is called
+ * before the LTR loop the first time.
+ */
+ rtl_first = 0;
+
+ /*
+ * Look for the first character in the string that has strong
+ * directionality.
+ */
+ for (s = start; s < end && !ucisstrong(source[s]); s++) ;
+
+ if (s == end)
+ /*
+ * If the string contains no characters with strong directionality, use
+ * the default direction.
+ */
+ str->direction = default_direction;
+ else
+ str->direction = ucisrtl(source[s]) ? UCPGBA_RTL : UCPGBA_LTR;
+
+ if (str->direction == UCPGBA_RTL)
+ /*
+ * Set the flag that causes the RTL collection loop to run first.
+ */
+ rtl_first = 1;
+
+ /*
+ * This loop now separates the string into runs based on directionality.
+ */
+ for (s = e = 0; s < end; s = e) {
+ if (!rtl_first) {
+ /*
+ * Determine the next run of LTR text.
+ */
+
+ ld = s;
+ while (e < end && ISLTR_LTR(source[e])) {
+ if (ucisdigit(source[e]) &&
+ !(0x660 <= source[e] && source[e] <= 0x669))
+ ld = e;
+ e++;
+ }
+ if (str->direction != UCPGBA_LTR) {
+ while (e > ld && ISWEAK_NEUTRAL(source[e - 1]))
+ e--;
+ }
+
+ /*
+ * Add the LTR segment to the string.
+ */
+ if (e > s)
+ _ucadd_ltr_segment(str, source, s, e);
+ }
+
+ /*
+ * Determine the next run of RTL text.
+ */
+ ld = s = e;
+ while (e < end && ISRTL_RTL(source[e])) {
+ if (ucisdigit(source[e]) &&
+ !(0x660 <= source[e] && source[e] <= 0x669))
+ ld = e;
+ e++;
+ }
+ if (str->direction != UCPGBA_RTL) {
+ while (e > ld && ISWEAK_NEUTRAL(source[e - 1]))
+ e--;
+ }
+
+ /*
+ * Add the RTL segment to the string.
+ */
+ if (e > s)
+ _ucadd_rtl_segment(str, source, s, e);
+
+ /*
+ * Clear the flag that allowed the RTL collection loop to run first
+ * for strings with overall RTL directionality.
+ */
+ rtl_first = 0;
+ }
+
+ /*
+ * Set up the initial cursor run.
+ */
+ str->cursor = str->logical_first;
+ if (str != 0)
+ str->cursor->cursor = (str->cursor->direction == UCPGBA_RTL) ?
+ str->cursor->end - str->cursor->start : 0;
+
+ return str;
+}
+
+void
+ucstring_free(ucstring_t *s)
+{
+ ucrun_t *l, *r;
+
+ if (s == 0)
+ return;
+
+ for (l = 0, r = s->visual_first; r != 0; r = r->visual_next) {
+ if (r->end > r->start)
+ free((char *) r->chars);
+ if (l)
+ free((char *) l);
+ l = r;
+ }
+ if (l)
+ free((char *) l);
+
+ free((char *) s);
+}
+
+int
+ucstring_set_cursor_motion(ucstring_t *str, int cursor_motion)
+{
+ int n;
+
+ if (str == 0)
+ return -1;
+
+ n = str->cursor_motion;
+ str->cursor_motion = cursor_motion;
+ return n;
+}
+
+static int
+_ucstring_visual_cursor_right(ucstring_t *str, int count)
+{
+ int cnt = count;
+ unsigned long size;
+ ucrun_t *cursor;
+
+ if (str == 0)
+ return 0;
+
+ cursor = str->cursor;
+ while (cnt > 0) {
+ size = cursor->end - cursor->start;
+ if ((cursor->direction == UCPGBA_RTL && cursor->cursor + 1 == size) ||
+ cursor->cursor + 1 > size) {
+ /*
+ * If the next run is NULL, then the cursor is already on the
+ * far right end already.
+ */
+ if (cursor->visual_next == 0)
+ /*
+ * If movement occured, then report it.
+ */
+ return (cnt != count);
+
+ /*
+ * Move to the next run.
+ */
+ str->cursor = cursor = cursor->visual_next;
+ cursor->cursor = (cursor->direction == UCPGBA_RTL) ? -1 : 0;
+ size = cursor->end - cursor->start;
+ } else
+ cursor->cursor++;
+ cnt--;
+ }
+ return 1;
+}
+
+static int
+_ucstring_logical_cursor_right(ucstring_t *str, int count)
+{
+ int cnt = count;
+ unsigned long size;
+ ucrun_t *cursor;
+
+ if (str == 0)
+ return 0;
+
+ cursor = str->cursor;
+ while (cnt > 0) {
+ size = cursor->end - cursor->start;
+ if (str->direction == UCPGBA_RTL) {
+ if (cursor->direction == UCPGBA_RTL) {
+ if (cursor->cursor + 1 == size) {
+ if (cursor == str->logical_first)
+ /*
+ * Already at the beginning of the string.
+ */
+ return (cnt != count);
+
+ str->cursor = cursor = cursor->logical_prev;
+ size = cursor->end - cursor->start;
+ cursor->cursor = (cursor->direction == UCPGBA_LTR) ?
+ size : 0;
+ } else
+ cursor->cursor++;
+ } else {
+ if (cursor->cursor == 0) {
+ if (cursor == str->logical_first)
+ /*
+ * At the beginning of the string already.
+ */
+ return (cnt != count);
+
+ str->cursor = cursor = cursor->logical_prev;
+ size = cursor->end - cursor->start;
+ cursor->cursor = (cursor->direction == UCPGBA_LTR) ?
+ size : 0;
+ } else
+ cursor->cursor--;
+ }
+ } else {
+ if (cursor->direction == UCPGBA_RTL) {
+ if (cursor->cursor == 0) {
+ if (cursor == str->logical_last)
+ /*
+ * Already at the end of the string.
+ */
+ return (cnt != count);
+
+ str->cursor = cursor = cursor->logical_next;
+ size = cursor->end - cursor->start;
+ cursor->cursor = (cursor->direction == UCPGBA_LTR) ?
+ 0 : size - 1;
+ } else
+ cursor->cursor--;
+ } else {
+ if (cursor->cursor + 1 > size) {
+ if (cursor == str->logical_last)
+ /*
+ * Already at the end of the string.
+ */
+ return (cnt != count);
+
+ str->cursor = cursor = cursor->logical_next;
+ cursor->cursor = (cursor->direction == UCPGBA_LTR) ?
+ 0 : size - 1;
+ } else
+ cursor->cursor++;
+ }
+ }
+ cnt--;
+ }
+ return 1;
+}
+
+int
+ucstring_cursor_right(ucstring_t *str, int count)
+{
+ if (str == 0)
+ return 0;
+ return (str->cursor_motion == UCPGBA_CURSOR_VISUAL) ?
+ _ucstring_visual_cursor_right(str, count) :
+ _ucstring_logical_cursor_right(str, count);
+}
+
+static int
+_ucstring_visual_cursor_left(ucstring_t *str, int count)
+{
+ int cnt = count;
+ unsigned long size;
+ ucrun_t *cursor;
+
+ if (str == 0)
+ return 0;
+
+ cursor = str->cursor;
+ while (cnt > 0) {
+ size = cursor->end - cursor->start;
+ if ((cursor->direction == UCPGBA_LTR && cursor->cursor == 0) ||
+ cursor->cursor - 1 < -1) {
+ /*
+ * If the preceding run is NULL, then the cursor is already on the
+ * far left end already.
+ */
+ if (cursor->visual_prev == 0)
+ /*
+ * If movement occured, then report it.
+ */
+ return (cnt != count);
+
+ /*
+ * Move to the previous run.
+ */
+ str->cursor = cursor = cursor->visual_prev;
+ size = cursor->end - cursor->start;
+ cursor->cursor = (cursor->direction == UCPGBA_RTL) ?
+ size : size - 1;
+ } else
+ cursor->cursor--;
+ cnt--;
+ }
+ return 1;
+}
+
+static int
+_ucstring_logical_cursor_left(ucstring_t *str, int count)
+{
+ int cnt = count;
+ unsigned long size;
+ ucrun_t *cursor;
+
+ if (str == 0)
+ return 0;
+
+ cursor = str->cursor;
+ while (cnt > 0) {
+ size = cursor->end - cursor->start;
+ if (str->direction == UCPGBA_RTL) {
+ if (cursor->direction == UCPGBA_RTL) {
+ if (cursor->cursor == -1) {
+ if (cursor == str->logical_last)
+ /*
+ * Already at the end of the string.
+ */
+ return (cnt != count);
+
+ str->cursor = cursor = cursor->logical_next;
+ size = cursor->end - cursor->start;
+ cursor->cursor = (cursor->direction == UCPGBA_LTR) ?
+ 0 : size - 1;
+ } else
+ cursor->cursor--;
+ } else {
+ if (cursor->cursor + 1 > size) {
+ if (cursor == str->logical_last)
+ /*
+ * At the end of the string already.
+ */
+ return (cnt != count);
+
+ str->cursor = cursor = cursor->logical_next;
+ size = cursor->end - cursor->start;
+ cursor->cursor = (cursor->direction == UCPGBA_LTR) ?
+ 0 : size - 1;
+ } else
+ cursor->cursor++;
+ }
+ } else {
+ if (cursor->direction == UCPGBA_RTL) {
+ if (cursor->cursor + 1 == size) {
+ if (cursor == str->logical_first)
+ /*
+ * Already at the beginning of the string.
+ */
+ return (cnt != count);
+
+ str->cursor = cursor = cursor->logical_prev;
+ size = cursor->end - cursor->start;
+ cursor->cursor = (cursor->direction == UCPGBA_LTR) ?
+ size : 0;
+ } else
+ cursor->cursor++;
+ } else {
+ if (cursor->cursor == 0) {
+ if (cursor == str->logical_first)
+ /*
+ * Already at the beginning of the string.
+ */
+ return (cnt != count);
+
+ str->cursor = cursor = cursor->logical_prev;
+ cursor->cursor = (cursor->direction == UCPGBA_LTR) ?
+ size : 0;
+ } else
+ cursor->cursor--;
+ }
+ }
+ cnt--;
+ }
+ return 1;
+}
+
+int
+ucstring_cursor_left(ucstring_t *str, int count)
+{
+ if (str == 0)
+ return 0;
+ return (str->cursor_motion == UCPGBA_CURSOR_VISUAL) ?
+ _ucstring_visual_cursor_left(str, count) :
+ _ucstring_logical_cursor_left(str, count);
+}
+
+void
+ucstring_cursor_info(ucstring_t *str, int *direction, unsigned long *position)
+{
+ long c;
+ unsigned long size;
+ ucrun_t *cursor;
+
+ if (str == 0 || direction == 0 || position == 0)
+ return;
+
+ cursor = str->cursor;
+
+ *direction = cursor->direction;
+
+ c = cursor->cursor;
+ size = cursor->end - cursor->start;
+
+ if (c == size)
+ *position = (cursor->direction == UCPGBA_RTL) ?
+ cursor->start : cursor->positions[c - 1];
+ else if (c == -1)
+ *position = (cursor->direction == UCPGBA_RTL) ?
+ cursor->end : cursor->start;
+ else
+ *position = cursor->positions[c];
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucpgba.h
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucpgba.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucpgba.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,167 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucpgba.h,v 1.6.2.3 2007/01/02 21:43:51 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Copyright 1999 Computing Research Labs, New Mexico State University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+/* $Id: ucpgba.h,v 1.4 1999/11/19 15:24:30 mleisher Exp $ */
+
+#ifndef _h_ucpgba
+#define _h_ucpgba
+
+#include "portable.h"
+
+LDAP_BEGIN_DECL
+
+/***************************************************************************
+ *
+ * Macros and types.
+ *
+ ***************************************************************************/
+
+/*
+ * These are the direction values that can appear in render runs and render
+ * strings.
+ */
+#define UCPGBA_LTR 0
+#define UCPGBA_RTL 1
+
+/*
+ * These are the flags for cursor motion.
+ */
+#define UCPGBA_CURSOR_VISUAL 0
+#define UCPGBA_CURSOR_LOGICAL 1
+
+/*
+ * This structure is used to contain runs of text in a particular direction.
+ */
+typedef struct _ucrun_t {
+ struct _ucrun_t *visual_prev; /* Pointer to the previous visual run. */
+ struct _ucrun_t *visual_next; /* Pointer to the next visual run. */
+
+ struct _ucrun_t *logical_prev; /* Pointer to the previous logical run. */
+ struct _ucrun_t *logical_next; /* Pointer to the next logical run. */
+
+ int direction; /* Direction of the run. */
+
+ long cursor; /* Position of "cursor" in the string. */
+
+ unsigned long *chars; /* List of characters for the run. */
+ unsigned long *positions; /* List of original positions in source. */
+
+ unsigned long *source; /* The source string. */
+ unsigned long start; /* Beginning offset in the source string. */
+ unsigned long end; /* Ending offset in the source string. */
+} ucrun_t;
+
+/*
+ * This represents a string of runs rendered up to a point that is not
+ * platform specific.
+ */
+typedef struct _ucstring_t {
+ int direction; /* Overall direction of the string. */
+
+ int cursor_motion; /* Logical or visual cursor motion flag. */
+
+ ucrun_t *cursor; /* The run containing the "cursor." */
+
+ ucrun_t *logical_first; /* First run in the logical order. */
+ ucrun_t *logical_last; /* Last run in the logical order. */
+
+ ucrun_t *visual_first; /* First run in the visual order. */
+ ucrun_t *visual_last; /* Last run in the visual order. */
+
+ unsigned long *source; /* The source string. */
+ unsigned long start; /* The beginning offset in the source. */
+ unsigned long end; /* The ending offset in the source. */
+} ucstring_t;
+
+/***************************************************************************
+ *
+ * API
+ *
+ ***************************************************************************/
+
+/*
+ * This creates and reorders the specified substring using the
+ * "Pretty Good Bidi Algorithm." A default direction is provided for cases
+ * of a string containing no strong direction characters and the default
+ * cursor motion should be provided.
+ */
+LDAP_LUNICODE_F (ucstring_t *)
+ucstring_create LDAP_P((unsigned long *source,
+ unsigned long start,
+ unsigned long end,
+ int default_direction,
+ int cursor_motion));
+/*
+ * This releases the string.
+ */
+LDAP_LUNICODE_F (void) ucstring_free LDAP_P((ucstring_t *string));
+
+/*
+ * This changes the cursor motion flag for the string.
+ */
+LDAP_LUNICODE_F (int)
+ucstring_set_cursor_motion LDAP_P((ucstring_t *string,
+ int cursor_motion));
+
+/*
+ * This function will move the cursor to the right depending on the
+ * type of cursor motion that was specified for the string.
+ *
+ * A 0 is returned if no cursor motion is performed, otherwise a
+ * 1 is returned.
+ */
+LDAP_LUNICODE_F (int)
+ucstring_cursor_right LDAP_P((ucstring_t *string, int count));
+
+/*
+ * This function will move the cursor to the left depending on the
+ * type of cursor motion that was specified for the string.
+ *
+ * A 0 is returned if no cursor motion is performed, otherwise a
+ * 1 is returned.
+ */
+LDAP_LUNICODE_F (int)
+ucstring_cursor_left LDAP_P((ucstring_t *string, int count));
+
+/*
+ * This routine retrieves the direction of the run containing the cursor
+ * and the actual position in the original text string.
+ */
+LDAP_LUNICODE_F (void)
+ucstring_cursor_info LDAP_P((ucstring_t *string, int *direction,
+ unsigned long *position));
+
+LDAP_END_DECL
+
+#endif /* _h_ucpgba */
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucpgba.man
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucpgba.man (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/ucpgba.man 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,97 @@
+.\"
+.\" $Id: ucpgba.man,v 1.1 1999/11/19 16:08:34 mleisher Exp $
+.\"
+.TH ucpgba 3 "19 November 1999"
+.SH NAME
+ucpgba \- functions for doing bidirectional reordering of Unicode text and
+logical and visual cursor motion
+
+.SH SYNOPSIS
+.nf
+#include <ucdata.h>
+#include <ucpgba.h>
+
+ucstring_t *ucstring_create(unsigned long *source, unsigned long start,
+ unsigned long end, int default_direction,
+ int cursor_motion)
+.sp
+void ucstring_free(ucstring_t *string)
+.sp
+int ucstring_set_cursor_motion(ucstring_t *string, int cursor_motion)
+.sp
+int ucstring_cursor_right(ucstring_t *string, int count)
+.sp
+int ucstring_cursor_left(ucstring_t *string, int count)
+.sp
+void ucstring_cursor_info(ucstring_t *string, int *direction,
+ unsigned long *position)
+
+.SH DESCRIPTION
+.TP 4
+.BR Macros
+UCPGBA_LTR
+.br
+UCPGBA_RTL
+.br
+UCPGBA_CURSOR_VISUAL
+.br
+UCPGBA_CURSOR_LOGICAL
+
+.TP 4
+.BR ucstring_create()
+This function will create a reordered string by using the implicit
+directionality of the characters in the specified substring.
+.sp
+The `default_direction' parameter should be one of UCPGBA_LTR or UCPGBA_RTL
+and is used only in cases where a string contains no characters with strong
+directionality.
+.sp
+The `cursor_motion' parameter should be one of UCPGBA_CURSOR_VISUAL or
+UCPGBA_CURSOR_LOGICAL, and is used to specify the initial cursor motion
+behavior. This behavior can be switched at any time using
+ustring_set_cursor_motion().
+
+.TP 4
+.BR ucstring_free()
+This function will deallocate the memory used by the string, incuding the
+string itself.
+
+.TP 4
+.BR ucstring_cursor_info()
+This function will return the text position of the internal cursor and the
+directionality of the text at that position. The position returned is the
+original text position of the character.
+
+.TP 4
+.BR ucstring_set_cursor_motion()
+This function will change the cursor motion type and return the previous
+cursor motion type.
+
+.TP 4
+.BR ucstring_cursor_right()
+This function will move the internal cursor to the right according to the
+type of cursor motion set for the string.
+.sp
+If no cursor motion is performed, it returns 0. Otherwise it will return a 1.
+
+.TP 4
+.BR ucstring_cursor_left()
+This function will move the internal cursor to the left according to the
+type of cursor motion set for the string.
+.sp
+If no cursor motion is performed, it returns 0. Otherwise it will return a 1.
+
+.SH "SEE ALSO"
+ucdata(3)
+
+.SH ACKNOWLEDGMENTS
+These are people who have helped with patches or alerted me about problems.
+
+.SH AUTHOR
+Mark Leisher
+.br
+Computing Research Lab
+.br
+New Mexico State University
+.br
+Email: mleisher at crl.nmsu.edu
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/uctable.h
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/uctable.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucdata/uctable.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,14306 @@
+static const ac_uint4 _ucprop_size = 50;
+
+static const ac_uint2 _ucprop_offsets[] = {
+ 0x0000, 0x00d0, 0x0138, 0x0140, 0x016a, 0x0176, 0x019e, 0x01ac,
+ 0x01ae, 0x01b0, 0x01b4, 0x01cc, 0x01ce, 0xffff, 0x01d4, 0x051a,
+ 0x0862, 0x0876, 0x089e, 0x0a32, 0x0a40, 0x0a58, 0x0ad8, 0x0b54,
+ 0x0be0, 0x0c54, 0x0c6a, 0x0c96, 0x0d66, 0x0fee, 0x100a, 0x1020,
+ 0x1024, 0x1054, 0x1058, 0x106e, 0x1078, 0x107e, 0x108e, 0x1240,
+ 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x13e8, 0x16e4,
+ 0x16ee, 0x16f6, 0x1720, 0x0000
+};
+
+static const ac_uint4 _ucprop_ranges[] = {
+ 0x00000300, 0x0000034f, 0x00000360, 0x0000036f,
+ 0x00000483, 0x00000486, 0x00000591, 0x000005a1,
+ 0x000005a3, 0x000005b9, 0x000005bb, 0x000005bd,
+ 0x000005bf, 0x000005bf, 0x000005c1, 0x000005c2,
+ 0x000005c4, 0x000005c4, 0x0000064b, 0x00000655,
+ 0x00000670, 0x00000670, 0x000006d6, 0x000006dc,
+ 0x000006df, 0x000006e4, 0x000006e7, 0x000006e8,
+ 0x000006ea, 0x000006ed, 0x00000711, 0x00000711,
+ 0x00000730, 0x0000074a, 0x000007a6, 0x000007b0,
+ 0x00000901, 0x00000902, 0x0000093c, 0x0000093c,
+ 0x00000941, 0x00000948, 0x0000094d, 0x0000094d,
+ 0x00000951, 0x00000954, 0x00000962, 0x00000963,
+ 0x00000981, 0x00000981, 0x000009bc, 0x000009bc,
+ 0x000009c1, 0x000009c4, 0x000009cd, 0x000009cd,
+ 0x000009e2, 0x000009e3, 0x00000a02, 0x00000a02,
+ 0x00000a3c, 0x00000a3c, 0x00000a41, 0x00000a42,
+ 0x00000a47, 0x00000a48, 0x00000a4b, 0x00000a4d,
+ 0x00000a70, 0x00000a71, 0x00000a81, 0x00000a82,
+ 0x00000abc, 0x00000abc, 0x00000ac1, 0x00000ac5,
+ 0x00000ac7, 0x00000ac8, 0x00000acd, 0x00000acd,
+ 0x00000b01, 0x00000b01, 0x00000b3c, 0x00000b3c,
+ 0x00000b3f, 0x00000b3f, 0x00000b41, 0x00000b43,
+ 0x00000b4d, 0x00000b4d, 0x00000b56, 0x00000b56,
+ 0x00000b82, 0x00000b82, 0x00000bc0, 0x00000bc0,
+ 0x00000bcd, 0x00000bcd, 0x00000c3e, 0x00000c40,
+ 0x00000c46, 0x00000c48, 0x00000c4a, 0x00000c4d,
+ 0x00000c55, 0x00000c56, 0x00000cbf, 0x00000cbf,
+ 0x00000cc6, 0x00000cc6, 0x00000ccc, 0x00000ccd,
+ 0x00000d41, 0x00000d43, 0x00000d4d, 0x00000d4d,
+ 0x00000dca, 0x00000dca, 0x00000dd2, 0x00000dd4,
+ 0x00000dd6, 0x00000dd6, 0x00000e31, 0x00000e31,
+ 0x00000e34, 0x00000e3a, 0x00000e47, 0x00000e4e,
+ 0x00000eb1, 0x00000eb1, 0x00000eb4, 0x00000eb9,
+ 0x00000ebb, 0x00000ebc, 0x00000ec8, 0x00000ecd,
+ 0x00000f18, 0x00000f19, 0x00000f35, 0x00000f35,
+ 0x00000f37, 0x00000f37, 0x00000f39, 0x00000f39,
+ 0x00000f71, 0x00000f7e, 0x00000f80, 0x00000f84,
+ 0x00000f86, 0x00000f87, 0x00000f90, 0x00000f97,
+ 0x00000f99, 0x00000fbc, 0x00000fc6, 0x00000fc6,
+ 0x0000102d, 0x00001030, 0x00001032, 0x00001032,
+ 0x00001036, 0x00001037, 0x00001039, 0x00001039,
+ 0x00001058, 0x00001059, 0x00001712, 0x00001714,
+ 0x00001732, 0x00001734, 0x00001752, 0x00001753,
+ 0x00001772, 0x00001773, 0x000017b7, 0x000017bd,
+ 0x000017c6, 0x000017c6, 0x000017c9, 0x000017d3,
+ 0x0000180b, 0x0000180d, 0x000018a9, 0x000018a9,
+ 0x000020d0, 0x000020dc, 0x000020e1, 0x000020e1,
+ 0x000020e5, 0x000020ea, 0x0000302a, 0x0000302f,
+ 0x00003099, 0x0000309a, 0x0000fb1e, 0x0000fb1e,
+ 0x0000fe00, 0x0000fe0f, 0x0000fe20, 0x0000fe23,
+ 0x0001d167, 0x0001d169, 0x0001d17b, 0x0001d182,
+ 0x0001d185, 0x0001d18b, 0x0001d1aa, 0x0001d1ad,
+ 0x00000903, 0x00000903, 0x0000093e, 0x00000940,
+ 0x00000949, 0x0000094c, 0x00000982, 0x00000983,
+ 0x000009be, 0x000009c0, 0x000009c7, 0x000009c8,
+ 0x000009cb, 0x000009cc, 0x000009d7, 0x000009d7,
+ 0x00000a3e, 0x00000a40, 0x00000a83, 0x00000a83,
+ 0x00000abe, 0x00000ac0, 0x00000ac9, 0x00000ac9,
+ 0x00000acb, 0x00000acc, 0x00000b02, 0x00000b03,
+ 0x00000b3e, 0x00000b3e, 0x00000b40, 0x00000b40,
+ 0x00000b47, 0x00000b48, 0x00000b4b, 0x00000b4c,
+ 0x00000b57, 0x00000b57, 0x00000bbe, 0x00000bbf,
+ 0x00000bc1, 0x00000bc2, 0x00000bc6, 0x00000bc8,
+ 0x00000bca, 0x00000bcc, 0x00000bd7, 0x00000bd7,
+ 0x00000c01, 0x00000c03, 0x00000c41, 0x00000c44,
+ 0x00000c82, 0x00000c83, 0x00000cbe, 0x00000cbe,
+ 0x00000cc0, 0x00000cc4, 0x00000cc7, 0x00000cc8,
+ 0x00000cca, 0x00000ccb, 0x00000cd5, 0x00000cd6,
+ 0x00000d02, 0x00000d03, 0x00000d3e, 0x00000d40,
+ 0x00000d46, 0x00000d48, 0x00000d4a, 0x00000d4c,
+ 0x00000d57, 0x00000d57, 0x00000d82, 0x00000d83,
+ 0x00000dcf, 0x00000dd1, 0x00000dd8, 0x00000ddf,
+ 0x00000df2, 0x00000df3, 0x00000f3e, 0x00000f3f,
+ 0x00000f7f, 0x00000f7f, 0x0000102c, 0x0000102c,
+ 0x00001031, 0x00001031, 0x00001038, 0x00001038,
+ 0x00001056, 0x00001057, 0x000017b4, 0x000017b6,
+ 0x000017be, 0x000017c5, 0x000017c7, 0x000017c8,
+ 0x0001d165, 0x0001d166, 0x0001d16d, 0x0001d172,
+ 0x00000488, 0x00000489, 0x000006de, 0x000006de,
+ 0x000020dd, 0x000020e0, 0x000020e2, 0x000020e4,
+ 0x00000030, 0x00000039, 0x00000660, 0x00000669,
+ 0x000006f0, 0x000006f9, 0x00000966, 0x0000096f,
+ 0x000009e6, 0x000009ef, 0x00000a66, 0x00000a6f,
+ 0x00000ae6, 0x00000aef, 0x00000b66, 0x00000b6f,
+ 0x00000be7, 0x00000bef, 0x00000c66, 0x00000c6f,
+ 0x00000ce6, 0x00000cef, 0x00000d66, 0x00000d6f,
+ 0x00000e50, 0x00000e59, 0x00000ed0, 0x00000ed9,
+ 0x00000f20, 0x00000f29, 0x00001040, 0x00001049,
+ 0x00001369, 0x00001371, 0x000017e0, 0x000017e9,
+ 0x00001810, 0x00001819, 0x0000ff10, 0x0000ff19,
+ 0x0001d7ce, 0x0001d7ff, 0x000016ee, 0x000016f0,
+ 0x00002160, 0x00002183, 0x00003007, 0x00003007,
+ 0x00003021, 0x00003029, 0x00003038, 0x0000303a,
+ 0x0001034a, 0x0001034a, 0x000000b2, 0x000000b3,
+ 0x000000b9, 0x000000b9, 0x000000bc, 0x000000be,
+ 0x000009f4, 0x000009f9, 0x00000bf0, 0x00000bf2,
+ 0x00000f2a, 0x00000f33, 0x00001372, 0x0000137c,
+ 0x00002070, 0x00002070, 0x00002074, 0x00002079,
+ 0x00002080, 0x00002089, 0x00002153, 0x0000215f,
+ 0x00002460, 0x0000249b, 0x000024ea, 0x000024fe,
+ 0x00002776, 0x00002793, 0x00003192, 0x00003195,
+ 0x00003220, 0x00003229, 0x00003251, 0x0000325f,
+ 0x00003280, 0x00003289, 0x000032b1, 0x000032bf,
+ 0x00010320, 0x00010323, 0x00000020, 0x00000020,
+ 0x000000a0, 0x000000a0, 0x00001680, 0x00001680,
+ 0x00002000, 0x0000200b, 0x0000202f, 0x0000202f,
+ 0x0000205f, 0x0000205f, 0x00003000, 0x00003000,
+ 0x00002028, 0x00002028, 0x00002029, 0x00002029,
+ 0x00000000, 0x0000001f, 0x0000007f, 0x0000009f,
+ 0x000006dd, 0x000006dd, 0x0000070f, 0x0000070f,
+ 0x0000180e, 0x0000180e, 0x0000200c, 0x0000200f,
+ 0x0000202a, 0x0000202e, 0x00002060, 0x00002063,
+ 0x0000206a, 0x0000206f, 0x0000feff, 0x0000feff,
+ 0x0000fff9, 0x0000fffb, 0x0001d173, 0x0001d17a,
+ 0x000e0001, 0x000e0001, 0x000e0020, 0x000e007f,
+ 0x00010000, 0x0010ffff, 0x0000e000, 0x0000f8ff,
+ 0x000f0000, 0x000ffffd, 0x00100000, 0x0010fffd,
+ 0x00000041, 0x0000005a, 0x000000c0, 0x000000d6,
+ 0x000000d8, 0x000000de, 0x00000100, 0x00000100,
+ 0x00000102, 0x00000102, 0x00000104, 0x00000104,
+ 0x00000106, 0x00000106, 0x00000108, 0x00000108,
+ 0x0000010a, 0x0000010a, 0x0000010c, 0x0000010c,
+ 0x0000010e, 0x0000010e, 0x00000110, 0x00000110,
+ 0x00000112, 0x00000112, 0x00000114, 0x00000114,
+ 0x00000116, 0x00000116, 0x00000118, 0x00000118,
+ 0x0000011a, 0x0000011a, 0x0000011c, 0x0000011c,
+ 0x0000011e, 0x0000011e, 0x00000120, 0x00000120,
+ 0x00000122, 0x00000122, 0x00000124, 0x00000124,
+ 0x00000126, 0x00000126, 0x00000128, 0x00000128,
+ 0x0000012a, 0x0000012a, 0x0000012c, 0x0000012c,
+ 0x0000012e, 0x0000012e, 0x00000130, 0x00000130,
+ 0x00000132, 0x00000132, 0x00000134, 0x00000134,
+ 0x00000136, 0x00000136, 0x00000139, 0x00000139,
+ 0x0000013b, 0x0000013b, 0x0000013d, 0x0000013d,
+ 0x0000013f, 0x0000013f, 0x00000141, 0x00000141,
+ 0x00000143, 0x00000143, 0x00000145, 0x00000145,
+ 0x00000147, 0x00000147, 0x0000014a, 0x0000014a,
+ 0x0000014c, 0x0000014c, 0x0000014e, 0x0000014e,
+ 0x00000150, 0x00000150, 0x00000152, 0x00000152,
+ 0x00000154, 0x00000154, 0x00000156, 0x00000156,
+ 0x00000158, 0x00000158, 0x0000015a, 0x0000015a,
+ 0x0000015c, 0x0000015c, 0x0000015e, 0x0000015e,
+ 0x00000160, 0x00000160, 0x00000162, 0x00000162,
+ 0x00000164, 0x00000164, 0x00000166, 0x00000166,
+ 0x00000168, 0x00000168, 0x0000016a, 0x0000016a,
+ 0x0000016c, 0x0000016c, 0x0000016e, 0x0000016e,
+ 0x00000170, 0x00000170, 0x00000172, 0x00000172,
+ 0x00000174, 0x00000174, 0x00000176, 0x00000176,
+ 0x00000178, 0x00000179, 0x0000017b, 0x0000017b,
+ 0x0000017d, 0x0000017d, 0x00000181, 0x00000182,
+ 0x00000184, 0x00000184, 0x00000186, 0x00000187,
+ 0x00000189, 0x0000018b, 0x0000018e, 0x00000191,
+ 0x00000193, 0x00000194, 0x00000196, 0x00000198,
+ 0x0000019c, 0x0000019d, 0x0000019f, 0x000001a0,
+ 0x000001a2, 0x000001a2, 0x000001a4, 0x000001a4,
+ 0x000001a6, 0x000001a7, 0x000001a9, 0x000001a9,
+ 0x000001ac, 0x000001ac, 0x000001ae, 0x000001af,
+ 0x000001b1, 0x000001b3, 0x000001b5, 0x000001b5,
+ 0x000001b7, 0x000001b8, 0x000001bc, 0x000001bc,
+ 0x000001c4, 0x000001c4, 0x000001c7, 0x000001c7,
+ 0x000001ca, 0x000001ca, 0x000001cd, 0x000001cd,
+ 0x000001cf, 0x000001cf, 0x000001d1, 0x000001d1,
+ 0x000001d3, 0x000001d3, 0x000001d5, 0x000001d5,
+ 0x000001d7, 0x000001d7, 0x000001d9, 0x000001d9,
+ 0x000001db, 0x000001db, 0x000001de, 0x000001de,
+ 0x000001e0, 0x000001e0, 0x000001e2, 0x000001e2,
+ 0x000001e4, 0x000001e4, 0x000001e6, 0x000001e6,
+ 0x000001e8, 0x000001e8, 0x000001ea, 0x000001ea,
+ 0x000001ec, 0x000001ec, 0x000001ee, 0x000001ee,
+ 0x000001f1, 0x000001f1, 0x000001f4, 0x000001f4,
+ 0x000001f6, 0x000001f8, 0x000001fa, 0x000001fa,
+ 0x000001fc, 0x000001fc, 0x000001fe, 0x000001fe,
+ 0x00000200, 0x00000200, 0x00000202, 0x00000202,
+ 0x00000204, 0x00000204, 0x00000206, 0x00000206,
+ 0x00000208, 0x00000208, 0x0000020a, 0x0000020a,
+ 0x0000020c, 0x0000020c, 0x0000020e, 0x0000020e,
+ 0x00000210, 0x00000210, 0x00000212, 0x00000212,
+ 0x00000214, 0x00000214, 0x00000216, 0x00000216,
+ 0x00000218, 0x00000218, 0x0000021a, 0x0000021a,
+ 0x0000021c, 0x0000021c, 0x0000021e, 0x0000021e,
+ 0x00000220, 0x00000220, 0x00000222, 0x00000222,
+ 0x00000224, 0x00000224, 0x00000226, 0x00000226,
+ 0x00000228, 0x00000228, 0x0000022a, 0x0000022a,
+ 0x0000022c, 0x0000022c, 0x0000022e, 0x0000022e,
+ 0x00000230, 0x00000230, 0x00000232, 0x00000232,
+ 0x00000386, 0x00000386, 0x00000388, 0x0000038a,
+ 0x0000038c, 0x0000038c, 0x0000038e, 0x0000038f,
+ 0x00000391, 0x000003a1, 0x000003a3, 0x000003ab,
+ 0x000003d2, 0x000003d4, 0x000003d8, 0x000003d8,
+ 0x000003da, 0x000003da, 0x000003dc, 0x000003dc,
+ 0x000003de, 0x000003de, 0x000003e0, 0x000003e0,
+ 0x000003e2, 0x000003e2, 0x000003e4, 0x000003e4,
+ 0x000003e6, 0x000003e6, 0x000003e8, 0x000003e8,
+ 0x000003ea, 0x000003ea, 0x000003ec, 0x000003ec,
+ 0x000003ee, 0x000003ee, 0x000003f4, 0x000003f4,
+ 0x00000400, 0x0000042f, 0x00000460, 0x00000460,
+ 0x00000462, 0x00000462, 0x00000464, 0x00000464,
+ 0x00000466, 0x00000466, 0x00000468, 0x00000468,
+ 0x0000046a, 0x0000046a, 0x0000046c, 0x0000046c,
+ 0x0000046e, 0x0000046e, 0x00000470, 0x00000470,
+ 0x00000472, 0x00000472, 0x00000474, 0x00000474,
+ 0x00000476, 0x00000476, 0x00000478, 0x00000478,
+ 0x0000047a, 0x0000047a, 0x0000047c, 0x0000047c,
+ 0x0000047e, 0x0000047e, 0x00000480, 0x00000480,
+ 0x0000048a, 0x0000048a, 0x0000048c, 0x0000048c,
+ 0x0000048e, 0x0000048e, 0x00000490, 0x00000490,
+ 0x00000492, 0x00000492, 0x00000494, 0x00000494,
+ 0x00000496, 0x00000496, 0x00000498, 0x00000498,
+ 0x0000049a, 0x0000049a, 0x0000049c, 0x0000049c,
+ 0x0000049e, 0x0000049e, 0x000004a0, 0x000004a0,
+ 0x000004a2, 0x000004a2, 0x000004a4, 0x000004a4,
+ 0x000004a6, 0x000004a6, 0x000004a8, 0x000004a8,
+ 0x000004aa, 0x000004aa, 0x000004ac, 0x000004ac,
+ 0x000004ae, 0x000004ae, 0x000004b0, 0x000004b0,
+ 0x000004b2, 0x000004b2, 0x000004b4, 0x000004b4,
+ 0x000004b6, 0x000004b6, 0x000004b8, 0x000004b8,
+ 0x000004ba, 0x000004ba, 0x000004bc, 0x000004bc,
+ 0x000004be, 0x000004be, 0x000004c0, 0x000004c1,
+ 0x000004c3, 0x000004c3, 0x000004c5, 0x000004c5,
+ 0x000004c7, 0x000004c7, 0x000004c9, 0x000004c9,
+ 0x000004cb, 0x000004cb, 0x000004cd, 0x000004cd,
+ 0x000004d0, 0x000004d0, 0x000004d2, 0x000004d2,
+ 0x000004d4, 0x000004d4, 0x000004d6, 0x000004d6,
+ 0x000004d8, 0x000004d8, 0x000004da, 0x000004da,
+ 0x000004dc, 0x000004dc, 0x000004de, 0x000004de,
+ 0x000004e0, 0x000004e0, 0x000004e2, 0x000004e2,
+ 0x000004e4, 0x000004e4, 0x000004e6, 0x000004e6,
+ 0x000004e8, 0x000004e8, 0x000004ea, 0x000004ea,
+ 0x000004ec, 0x000004ec, 0x000004ee, 0x000004ee,
+ 0x000004f0, 0x000004f0, 0x000004f2, 0x000004f2,
+ 0x000004f4, 0x000004f4, 0x000004f8, 0x000004f8,
+ 0x00000500, 0x00000500, 0x00000502, 0x00000502,
+ 0x00000504, 0x00000504, 0x00000506, 0x00000506,
+ 0x00000508, 0x00000508, 0x0000050a, 0x0000050a,
+ 0x0000050c, 0x0000050c, 0x0000050e, 0x0000050e,
+ 0x00000531, 0x00000556, 0x000010a0, 0x000010c5,
+ 0x00001e00, 0x00001e00, 0x00001e02, 0x00001e02,
+ 0x00001e04, 0x00001e04, 0x00001e06, 0x00001e06,
+ 0x00001e08, 0x00001e08, 0x00001e0a, 0x00001e0a,
+ 0x00001e0c, 0x00001e0c, 0x00001e0e, 0x00001e0e,
+ 0x00001e10, 0x00001e10, 0x00001e12, 0x00001e12,
+ 0x00001e14, 0x00001e14, 0x00001e16, 0x00001e16,
+ 0x00001e18, 0x00001e18, 0x00001e1a, 0x00001e1a,
+ 0x00001e1c, 0x00001e1c, 0x00001e1e, 0x00001e1e,
+ 0x00001e20, 0x00001e20, 0x00001e22, 0x00001e22,
+ 0x00001e24, 0x00001e24, 0x00001e26, 0x00001e26,
+ 0x00001e28, 0x00001e28, 0x00001e2a, 0x00001e2a,
+ 0x00001e2c, 0x00001e2c, 0x00001e2e, 0x00001e2e,
+ 0x00001e30, 0x00001e30, 0x00001e32, 0x00001e32,
+ 0x00001e34, 0x00001e34, 0x00001e36, 0x00001e36,
+ 0x00001e38, 0x00001e38, 0x00001e3a, 0x00001e3a,
+ 0x00001e3c, 0x00001e3c, 0x00001e3e, 0x00001e3e,
+ 0x00001e40, 0x00001e40, 0x00001e42, 0x00001e42,
+ 0x00001e44, 0x00001e44, 0x00001e46, 0x00001e46,
+ 0x00001e48, 0x00001e48, 0x00001e4a, 0x00001e4a,
+ 0x00001e4c, 0x00001e4c, 0x00001e4e, 0x00001e4e,
+ 0x00001e50, 0x00001e50, 0x00001e52, 0x00001e52,
+ 0x00001e54, 0x00001e54, 0x00001e56, 0x00001e56,
+ 0x00001e58, 0x00001e58, 0x00001e5a, 0x00001e5a,
+ 0x00001e5c, 0x00001e5c, 0x00001e5e, 0x00001e5e,
+ 0x00001e60, 0x00001e60, 0x00001e62, 0x00001e62,
+ 0x00001e64, 0x00001e64, 0x00001e66, 0x00001e66,
+ 0x00001e68, 0x00001e68, 0x00001e6a, 0x00001e6a,
+ 0x00001e6c, 0x00001e6c, 0x00001e6e, 0x00001e6e,
+ 0x00001e70, 0x00001e70, 0x00001e72, 0x00001e72,
+ 0x00001e74, 0x00001e74, 0x00001e76, 0x00001e76,
+ 0x00001e78, 0x00001e78, 0x00001e7a, 0x00001e7a,
+ 0x00001e7c, 0x00001e7c, 0x00001e7e, 0x00001e7e,
+ 0x00001e80, 0x00001e80, 0x00001e82, 0x00001e82,
+ 0x00001e84, 0x00001e84, 0x00001e86, 0x00001e86,
+ 0x00001e88, 0x00001e88, 0x00001e8a, 0x00001e8a,
+ 0x00001e8c, 0x00001e8c, 0x00001e8e, 0x00001e8e,
+ 0x00001e90, 0x00001e90, 0x00001e92, 0x00001e92,
+ 0x00001e94, 0x00001e94, 0x00001ea0, 0x00001ea0,
+ 0x00001ea2, 0x00001ea2, 0x00001ea4, 0x00001ea4,
+ 0x00001ea6, 0x00001ea6, 0x00001ea8, 0x00001ea8,
+ 0x00001eaa, 0x00001eaa, 0x00001eac, 0x00001eac,
+ 0x00001eae, 0x00001eae, 0x00001eb0, 0x00001eb0,
+ 0x00001eb2, 0x00001eb2, 0x00001eb4, 0x00001eb4,
+ 0x00001eb6, 0x00001eb6, 0x00001eb8, 0x00001eb8,
+ 0x00001eba, 0x00001eba, 0x00001ebc, 0x00001ebc,
+ 0x00001ebe, 0x00001ebe, 0x00001ec0, 0x00001ec0,
+ 0x00001ec2, 0x00001ec2, 0x00001ec4, 0x00001ec4,
+ 0x00001ec6, 0x00001ec6, 0x00001ec8, 0x00001ec8,
+ 0x00001eca, 0x00001eca, 0x00001ecc, 0x00001ecc,
+ 0x00001ece, 0x00001ece, 0x00001ed0, 0x00001ed0,
+ 0x00001ed2, 0x00001ed2, 0x00001ed4, 0x00001ed4,
+ 0x00001ed6, 0x00001ed6, 0x00001ed8, 0x00001ed8,
+ 0x00001eda, 0x00001eda, 0x00001edc, 0x00001edc,
+ 0x00001ede, 0x00001ede, 0x00001ee0, 0x00001ee0,
+ 0x00001ee2, 0x00001ee2, 0x00001ee4, 0x00001ee4,
+ 0x00001ee6, 0x00001ee6, 0x00001ee8, 0x00001ee8,
+ 0x00001eea, 0x00001eea, 0x00001eec, 0x00001eec,
+ 0x00001eee, 0x00001eee, 0x00001ef0, 0x00001ef0,
+ 0x00001ef2, 0x00001ef2, 0x00001ef4, 0x00001ef4,
+ 0x00001ef6, 0x00001ef6, 0x00001ef8, 0x00001ef8,
+ 0x00001f08, 0x00001f0f, 0x00001f18, 0x00001f1d,
+ 0x00001f28, 0x00001f2f, 0x00001f38, 0x00001f3f,
+ 0x00001f48, 0x00001f4d, 0x00001f59, 0x00001f59,
+ 0x00001f5b, 0x00001f5b, 0x00001f5d, 0x00001f5d,
+ 0x00001f5f, 0x00001f5f, 0x00001f68, 0x00001f6f,
+ 0x00001fb8, 0x00001fbb, 0x00001fc8, 0x00001fcb,
+ 0x00001fd8, 0x00001fdb, 0x00001fe8, 0x00001fec,
+ 0x00001ff8, 0x00001ffb, 0x00002102, 0x00002102,
+ 0x00002107, 0x00002107, 0x0000210b, 0x0000210d,
+ 0x00002110, 0x00002112, 0x00002115, 0x00002115,
+ 0x00002119, 0x0000211d, 0x00002124, 0x00002124,
+ 0x00002126, 0x00002126, 0x00002128, 0x00002128,
+ 0x0000212a, 0x0000212d, 0x00002130, 0x00002131,
+ 0x00002133, 0x00002133, 0x0000213e, 0x0000213f,
+ 0x00002145, 0x00002145, 0x0000ff21, 0x0000ff3a,
+ 0x00010400, 0x00010425, 0x0001d400, 0x0001d419,
+ 0x0001d434, 0x0001d44d, 0x0001d468, 0x0001d481,
+ 0x0001d49c, 0x0001d49c, 0x0001d49e, 0x0001d49f,
+ 0x0001d4a2, 0x0001d4a2, 0x0001d4a5, 0x0001d4a6,
+ 0x0001d4a9, 0x0001d4ac, 0x0001d4ae, 0x0001d4b5,
+ 0x0001d4d0, 0x0001d4e9, 0x0001d504, 0x0001d505,
+ 0x0001d507, 0x0001d50a, 0x0001d50d, 0x0001d514,
+ 0x0001d516, 0x0001d51c, 0x0001d538, 0x0001d539,
+ 0x0001d53b, 0x0001d53e, 0x0001d540, 0x0001d544,
+ 0x0001d546, 0x0001d546, 0x0001d54a, 0x0001d550,
+ 0x0001d56c, 0x0001d585, 0x0001d5a0, 0x0001d5b9,
+ 0x0001d5d4, 0x0001d5ed, 0x0001d608, 0x0001d621,
+ 0x0001d63c, 0x0001d655, 0x0001d670, 0x0001d689,
+ 0x0001d6a8, 0x0001d6c0, 0x0001d6e2, 0x0001d6fa,
+ 0x0001d71c, 0x0001d734, 0x0001d756, 0x0001d76e,
+ 0x0001d790, 0x0001d7a8, 0x00000061, 0x0000007a,
+ 0x000000aa, 0x000000aa, 0x000000b5, 0x000000b5,
+ 0x000000ba, 0x000000ba, 0x000000df, 0x000000f6,
+ 0x000000f8, 0x000000ff, 0x00000101, 0x00000101,
+ 0x00000103, 0x00000103, 0x00000105, 0x00000105,
+ 0x00000107, 0x00000107, 0x00000109, 0x00000109,
+ 0x0000010b, 0x0000010b, 0x0000010d, 0x0000010d,
+ 0x0000010f, 0x0000010f, 0x00000111, 0x00000111,
+ 0x00000113, 0x00000113, 0x00000115, 0x00000115,
+ 0x00000117, 0x00000117, 0x00000119, 0x00000119,
+ 0x0000011b, 0x0000011b, 0x0000011d, 0x0000011d,
+ 0x0000011f, 0x0000011f, 0x00000121, 0x00000121,
+ 0x00000123, 0x00000123, 0x00000125, 0x00000125,
+ 0x00000127, 0x00000127, 0x00000129, 0x00000129,
+ 0x0000012b, 0x0000012b, 0x0000012d, 0x0000012d,
+ 0x0000012f, 0x0000012f, 0x00000131, 0x00000131,
+ 0x00000133, 0x00000133, 0x00000135, 0x00000135,
+ 0x00000137, 0x00000138, 0x0000013a, 0x0000013a,
+ 0x0000013c, 0x0000013c, 0x0000013e, 0x0000013e,
+ 0x00000140, 0x00000140, 0x00000142, 0x00000142,
+ 0x00000144, 0x00000144, 0x00000146, 0x00000146,
+ 0x00000148, 0x00000149, 0x0000014b, 0x0000014b,
+ 0x0000014d, 0x0000014d, 0x0000014f, 0x0000014f,
+ 0x00000151, 0x00000151, 0x00000153, 0x00000153,
+ 0x00000155, 0x00000155, 0x00000157, 0x00000157,
+ 0x00000159, 0x00000159, 0x0000015b, 0x0000015b,
+ 0x0000015d, 0x0000015d, 0x0000015f, 0x0000015f,
+ 0x00000161, 0x00000161, 0x00000163, 0x00000163,
+ 0x00000165, 0x00000165, 0x00000167, 0x00000167,
+ 0x00000169, 0x00000169, 0x0000016b, 0x0000016b,
+ 0x0000016d, 0x0000016d, 0x0000016f, 0x0000016f,
+ 0x00000171, 0x00000171, 0x00000173, 0x00000173,
+ 0x00000175, 0x00000175, 0x00000177, 0x00000177,
+ 0x0000017a, 0x0000017a, 0x0000017c, 0x0000017c,
+ 0x0000017e, 0x00000180, 0x00000183, 0x00000183,
+ 0x00000185, 0x00000185, 0x00000188, 0x00000188,
+ 0x0000018c, 0x0000018d, 0x00000192, 0x00000192,
+ 0x00000195, 0x00000195, 0x00000199, 0x0000019b,
+ 0x0000019e, 0x0000019e, 0x000001a1, 0x000001a1,
+ 0x000001a3, 0x000001a3, 0x000001a5, 0x000001a5,
+ 0x000001a8, 0x000001a8, 0x000001aa, 0x000001ab,
+ 0x000001ad, 0x000001ad, 0x000001b0, 0x000001b0,
+ 0x000001b4, 0x000001b4, 0x000001b6, 0x000001b6,
+ 0x000001b9, 0x000001ba, 0x000001bd, 0x000001bf,
+ 0x000001c6, 0x000001c6, 0x000001c9, 0x000001c9,
+ 0x000001cc, 0x000001cc, 0x000001ce, 0x000001ce,
+ 0x000001d0, 0x000001d0, 0x000001d2, 0x000001d2,
+ 0x000001d4, 0x000001d4, 0x000001d6, 0x000001d6,
+ 0x000001d8, 0x000001d8, 0x000001da, 0x000001da,
+ 0x000001dc, 0x000001dd, 0x000001df, 0x000001df,
+ 0x000001e1, 0x000001e1, 0x000001e3, 0x000001e3,
+ 0x000001e5, 0x000001e5, 0x000001e7, 0x000001e7,
+ 0x000001e9, 0x000001e9, 0x000001eb, 0x000001eb,
+ 0x000001ed, 0x000001ed, 0x000001ef, 0x000001f0,
+ 0x000001f3, 0x000001f3, 0x000001f5, 0x000001f5,
+ 0x000001f9, 0x000001f9, 0x000001fb, 0x000001fb,
+ 0x000001fd, 0x000001fd, 0x000001ff, 0x000001ff,
+ 0x00000201, 0x00000201, 0x00000203, 0x00000203,
+ 0x00000205, 0x00000205, 0x00000207, 0x00000207,
+ 0x00000209, 0x00000209, 0x0000020b, 0x0000020b,
+ 0x0000020d, 0x0000020d, 0x0000020f, 0x0000020f,
+ 0x00000211, 0x00000211, 0x00000213, 0x00000213,
+ 0x00000215, 0x00000215, 0x00000217, 0x00000217,
+ 0x00000219, 0x00000219, 0x0000021b, 0x0000021b,
+ 0x0000021d, 0x0000021d, 0x0000021f, 0x0000021f,
+ 0x00000223, 0x00000223, 0x00000225, 0x00000225,
+ 0x00000227, 0x00000227, 0x00000229, 0x00000229,
+ 0x0000022b, 0x0000022b, 0x0000022d, 0x0000022d,
+ 0x0000022f, 0x0000022f, 0x00000231, 0x00000231,
+ 0x00000233, 0x00000233, 0x00000250, 0x000002ad,
+ 0x00000390, 0x00000390, 0x000003ac, 0x000003ce,
+ 0x000003d0, 0x000003d1, 0x000003d5, 0x000003d7,
+ 0x000003d9, 0x000003d9, 0x000003db, 0x000003db,
+ 0x000003dd, 0x000003dd, 0x000003df, 0x000003df,
+ 0x000003e1, 0x000003e1, 0x000003e3, 0x000003e3,
+ 0x000003e5, 0x000003e5, 0x000003e7, 0x000003e7,
+ 0x000003e9, 0x000003e9, 0x000003eb, 0x000003eb,
+ 0x000003ed, 0x000003ed, 0x000003ef, 0x000003f3,
+ 0x000003f5, 0x000003f5, 0x00000430, 0x0000045f,
+ 0x00000461, 0x00000461, 0x00000463, 0x00000463,
+ 0x00000465, 0x00000465, 0x00000467, 0x00000467,
+ 0x00000469, 0x00000469, 0x0000046b, 0x0000046b,
+ 0x0000046d, 0x0000046d, 0x0000046f, 0x0000046f,
+ 0x00000471, 0x00000471, 0x00000473, 0x00000473,
+ 0x00000475, 0x00000475, 0x00000477, 0x00000477,
+ 0x00000479, 0x00000479, 0x0000047b, 0x0000047b,
+ 0x0000047d, 0x0000047d, 0x0000047f, 0x0000047f,
+ 0x00000481, 0x00000481, 0x0000048b, 0x0000048b,
+ 0x0000048d, 0x0000048d, 0x0000048f, 0x0000048f,
+ 0x00000491, 0x00000491, 0x00000493, 0x00000493,
+ 0x00000495, 0x00000495, 0x00000497, 0x00000497,
+ 0x00000499, 0x00000499, 0x0000049b, 0x0000049b,
+ 0x0000049d, 0x0000049d, 0x0000049f, 0x0000049f,
+ 0x000004a1, 0x000004a1, 0x000004a3, 0x000004a3,
+ 0x000004a5, 0x000004a5, 0x000004a7, 0x000004a7,
+ 0x000004a9, 0x000004a9, 0x000004ab, 0x000004ab,
+ 0x000004ad, 0x000004ad, 0x000004af, 0x000004af,
+ 0x000004b1, 0x000004b1, 0x000004b3, 0x000004b3,
+ 0x000004b5, 0x000004b5, 0x000004b7, 0x000004b7,
+ 0x000004b9, 0x000004b9, 0x000004bb, 0x000004bb,
+ 0x000004bd, 0x000004bd, 0x000004bf, 0x000004bf,
+ 0x000004c2, 0x000004c2, 0x000004c4, 0x000004c4,
+ 0x000004c6, 0x000004c6, 0x000004c8, 0x000004c8,
+ 0x000004ca, 0x000004ca, 0x000004cc, 0x000004cc,
+ 0x000004ce, 0x000004ce, 0x000004d1, 0x000004d1,
+ 0x000004d3, 0x000004d3, 0x000004d5, 0x000004d5,
+ 0x000004d7, 0x000004d7, 0x000004d9, 0x000004d9,
+ 0x000004db, 0x000004db, 0x000004dd, 0x000004dd,
+ 0x000004df, 0x000004df, 0x000004e1, 0x000004e1,
+ 0x000004e3, 0x000004e3, 0x000004e5, 0x000004e5,
+ 0x000004e7, 0x000004e7, 0x000004e9, 0x000004e9,
+ 0x000004eb, 0x000004eb, 0x000004ed, 0x000004ed,
+ 0x000004ef, 0x000004ef, 0x000004f1, 0x000004f1,
+ 0x000004f3, 0x000004f3, 0x000004f5, 0x000004f5,
+ 0x000004f9, 0x000004f9, 0x00000501, 0x00000501,
+ 0x00000503, 0x00000503, 0x00000505, 0x00000505,
+ 0x00000507, 0x00000507, 0x00000509, 0x00000509,
+ 0x0000050b, 0x0000050b, 0x0000050d, 0x0000050d,
+ 0x0000050f, 0x0000050f, 0x00000561, 0x00000587,
+ 0x00001e01, 0x00001e01, 0x00001e03, 0x00001e03,
+ 0x00001e05, 0x00001e05, 0x00001e07, 0x00001e07,
+ 0x00001e09, 0x00001e09, 0x00001e0b, 0x00001e0b,
+ 0x00001e0d, 0x00001e0d, 0x00001e0f, 0x00001e0f,
+ 0x00001e11, 0x00001e11, 0x00001e13, 0x00001e13,
+ 0x00001e15, 0x00001e15, 0x00001e17, 0x00001e17,
+ 0x00001e19, 0x00001e19, 0x00001e1b, 0x00001e1b,
+ 0x00001e1d, 0x00001e1d, 0x00001e1f, 0x00001e1f,
+ 0x00001e21, 0x00001e21, 0x00001e23, 0x00001e23,
+ 0x00001e25, 0x00001e25, 0x00001e27, 0x00001e27,
+ 0x00001e29, 0x00001e29, 0x00001e2b, 0x00001e2b,
+ 0x00001e2d, 0x00001e2d, 0x00001e2f, 0x00001e2f,
+ 0x00001e31, 0x00001e31, 0x00001e33, 0x00001e33,
+ 0x00001e35, 0x00001e35, 0x00001e37, 0x00001e37,
+ 0x00001e39, 0x00001e39, 0x00001e3b, 0x00001e3b,
+ 0x00001e3d, 0x00001e3d, 0x00001e3f, 0x00001e3f,
+ 0x00001e41, 0x00001e41, 0x00001e43, 0x00001e43,
+ 0x00001e45, 0x00001e45, 0x00001e47, 0x00001e47,
+ 0x00001e49, 0x00001e49, 0x00001e4b, 0x00001e4b,
+ 0x00001e4d, 0x00001e4d, 0x00001e4f, 0x00001e4f,
+ 0x00001e51, 0x00001e51, 0x00001e53, 0x00001e53,
+ 0x00001e55, 0x00001e55, 0x00001e57, 0x00001e57,
+ 0x00001e59, 0x00001e59, 0x00001e5b, 0x00001e5b,
+ 0x00001e5d, 0x00001e5d, 0x00001e5f, 0x00001e5f,
+ 0x00001e61, 0x00001e61, 0x00001e63, 0x00001e63,
+ 0x00001e65, 0x00001e65, 0x00001e67, 0x00001e67,
+ 0x00001e69, 0x00001e69, 0x00001e6b, 0x00001e6b,
+ 0x00001e6d, 0x00001e6d, 0x00001e6f, 0x00001e6f,
+ 0x00001e71, 0x00001e71, 0x00001e73, 0x00001e73,
+ 0x00001e75, 0x00001e75, 0x00001e77, 0x00001e77,
+ 0x00001e79, 0x00001e79, 0x00001e7b, 0x00001e7b,
+ 0x00001e7d, 0x00001e7d, 0x00001e7f, 0x00001e7f,
+ 0x00001e81, 0x00001e81, 0x00001e83, 0x00001e83,
+ 0x00001e85, 0x00001e85, 0x00001e87, 0x00001e87,
+ 0x00001e89, 0x00001e89, 0x00001e8b, 0x00001e8b,
+ 0x00001e8d, 0x00001e8d, 0x00001e8f, 0x00001e8f,
+ 0x00001e91, 0x00001e91, 0x00001e93, 0x00001e93,
+ 0x00001e95, 0x00001e9b, 0x00001ea1, 0x00001ea1,
+ 0x00001ea3, 0x00001ea3, 0x00001ea5, 0x00001ea5,
+ 0x00001ea7, 0x00001ea7, 0x00001ea9, 0x00001ea9,
+ 0x00001eab, 0x00001eab, 0x00001ead, 0x00001ead,
+ 0x00001eaf, 0x00001eaf, 0x00001eb1, 0x00001eb1,
+ 0x00001eb3, 0x00001eb3, 0x00001eb5, 0x00001eb5,
+ 0x00001eb7, 0x00001eb7, 0x00001eb9, 0x00001eb9,
+ 0x00001ebb, 0x00001ebb, 0x00001ebd, 0x00001ebd,
+ 0x00001ebf, 0x00001ebf, 0x00001ec1, 0x00001ec1,
+ 0x00001ec3, 0x00001ec3, 0x00001ec5, 0x00001ec5,
+ 0x00001ec7, 0x00001ec7, 0x00001ec9, 0x00001ec9,
+ 0x00001ecb, 0x00001ecb, 0x00001ecd, 0x00001ecd,
+ 0x00001ecf, 0x00001ecf, 0x00001ed1, 0x00001ed1,
+ 0x00001ed3, 0x00001ed3, 0x00001ed5, 0x00001ed5,
+ 0x00001ed7, 0x00001ed7, 0x00001ed9, 0x00001ed9,
+ 0x00001edb, 0x00001edb, 0x00001edd, 0x00001edd,
+ 0x00001edf, 0x00001edf, 0x00001ee1, 0x00001ee1,
+ 0x00001ee3, 0x00001ee3, 0x00001ee5, 0x00001ee5,
+ 0x00001ee7, 0x00001ee7, 0x00001ee9, 0x00001ee9,
+ 0x00001eeb, 0x00001eeb, 0x00001eed, 0x00001eed,
+ 0x00001eef, 0x00001eef, 0x00001ef1, 0x00001ef1,
+ 0x00001ef3, 0x00001ef3, 0x00001ef5, 0x00001ef5,
+ 0x00001ef7, 0x00001ef7, 0x00001ef9, 0x00001ef9,
+ 0x00001f00, 0x00001f07, 0x00001f10, 0x00001f15,
+ 0x00001f20, 0x00001f27, 0x00001f30, 0x00001f37,
+ 0x00001f40, 0x00001f45, 0x00001f50, 0x00001f57,
+ 0x00001f60, 0x00001f67, 0x00001f70, 0x00001f7d,
+ 0x00001f80, 0x00001f87, 0x00001f90, 0x00001f97,
+ 0x00001fa0, 0x00001fa7, 0x00001fb0, 0x00001fb4,
+ 0x00001fb6, 0x00001fb7, 0x00001fbe, 0x00001fbe,
+ 0x00001fc2, 0x00001fc4, 0x00001fc6, 0x00001fc7,
+ 0x00001fd0, 0x00001fd3, 0x00001fd6, 0x00001fd7,
+ 0x00001fe0, 0x00001fe7, 0x00001ff2, 0x00001ff4,
+ 0x00001ff6, 0x00001ff7, 0x00002071, 0x00002071,
+ 0x0000207f, 0x0000207f, 0x0000210a, 0x0000210a,
+ 0x0000210e, 0x0000210f, 0x00002113, 0x00002113,
+ 0x0000212f, 0x0000212f, 0x00002134, 0x00002134,
+ 0x00002139, 0x00002139, 0x0000213d, 0x0000213d,
+ 0x00002146, 0x00002149, 0x0000fb00, 0x0000fb06,
+ 0x0000fb13, 0x0000fb17, 0x0000ff41, 0x0000ff5a,
+ 0x00010428, 0x0001044d, 0x0001d41a, 0x0001d433,
+ 0x0001d44e, 0x0001d454, 0x0001d456, 0x0001d467,
+ 0x0001d482, 0x0001d49b, 0x0001d4b6, 0x0001d4b9,
+ 0x0001d4bb, 0x0001d4bb, 0x0001d4bd, 0x0001d4c0,
+ 0x0001d4c2, 0x0001d4c3, 0x0001d4c5, 0x0001d4cf,
+ 0x0001d4ea, 0x0001d503, 0x0001d51e, 0x0001d537,
+ 0x0001d552, 0x0001d56b, 0x0001d586, 0x0001d59f,
+ 0x0001d5ba, 0x0001d5d3, 0x0001d5ee, 0x0001d607,
+ 0x0001d622, 0x0001d63b, 0x0001d656, 0x0001d66f,
+ 0x0001d68a, 0x0001d6a3, 0x0001d6c2, 0x0001d6da,
+ 0x0001d6dc, 0x0001d6e1, 0x0001d6fc, 0x0001d714,
+ 0x0001d716, 0x0001d71b, 0x0001d736, 0x0001d74e,
+ 0x0001d750, 0x0001d755, 0x0001d770, 0x0001d788,
+ 0x0001d78a, 0x0001d78f, 0x0001d7aa, 0x0001d7c2,
+ 0x0001d7c4, 0x0001d7c9, 0x000001c5, 0x000001c5,
+ 0x000001c8, 0x000001c8, 0x000001cb, 0x000001cb,
+ 0x000001f2, 0x000001f2, 0x00001f88, 0x00001f8f,
+ 0x00001f98, 0x00001f9f, 0x00001fa8, 0x00001faf,
+ 0x00001fbc, 0x00001fbc, 0x00001fcc, 0x00001fcc,
+ 0x00001ffc, 0x00001ffc, 0x000002b0, 0x000002b8,
+ 0x000002bb, 0x000002c1, 0x000002d0, 0x000002d1,
+ 0x000002e0, 0x000002e4, 0x000002ee, 0x000002ee,
+ 0x0000037a, 0x0000037a, 0x00000559, 0x00000559,
+ 0x00000640, 0x00000640, 0x000006e5, 0x000006e6,
+ 0x00000e46, 0x00000e46, 0x00000ec6, 0x00000ec6,
+ 0x000017d7, 0x000017d7, 0x00001843, 0x00001843,
+ 0x00003005, 0x00003005, 0x00003031, 0x00003035,
+ 0x0000303b, 0x0000303b, 0x0000309d, 0x0000309e,
+ 0x000030fc, 0x000030fe, 0x0000ff70, 0x0000ff70,
+ 0x0000ff9e, 0x0000ff9f, 0x000001bb, 0x000001bb,
+ 0x000001c0, 0x000001c3, 0x000005d0, 0x000005ea,
+ 0x000005f0, 0x000005f2, 0x00000621, 0x0000063a,
+ 0x00000641, 0x0000064a, 0x0000066e, 0x0000066f,
+ 0x00000671, 0x000006d3, 0x000006d5, 0x000006d5,
+ 0x000006fa, 0x000006fc, 0x00000710, 0x00000710,
+ 0x00000712, 0x0000072c, 0x00000780, 0x000007a5,
+ 0x000007b1, 0x000007b1, 0x00000905, 0x00000939,
+ 0x0000093d, 0x0000093d, 0x00000950, 0x00000950,
+ 0x00000958, 0x00000961, 0x00000985, 0x0000098c,
+ 0x0000098f, 0x00000990, 0x00000993, 0x000009a8,
+ 0x000009aa, 0x000009b0, 0x000009b2, 0x000009b2,
+ 0x000009b6, 0x000009b9, 0x000009dc, 0x000009dd,
+ 0x000009df, 0x000009e1, 0x000009f0, 0x000009f1,
+ 0x00000a05, 0x00000a0a, 0x00000a0f, 0x00000a10,
+ 0x00000a13, 0x00000a28, 0x00000a2a, 0x00000a30,
+ 0x00000a32, 0x00000a33, 0x00000a35, 0x00000a36,
+ 0x00000a38, 0x00000a39, 0x00000a59, 0x00000a5c,
+ 0x00000a5e, 0x00000a5e, 0x00000a72, 0x00000a74,
+ 0x00000a85, 0x00000a8b, 0x00000a8d, 0x00000a8d,
+ 0x00000a8f, 0x00000a91, 0x00000a93, 0x00000aa8,
+ 0x00000aaa, 0x00000ab0, 0x00000ab2, 0x00000ab3,
+ 0x00000ab5, 0x00000ab9, 0x00000abd, 0x00000abd,
+ 0x00000ad0, 0x00000ad0, 0x00000ae0, 0x00000ae0,
+ 0x00000b05, 0x00000b0c, 0x00000b0f, 0x00000b10,
+ 0x00000b13, 0x00000b28, 0x00000b2a, 0x00000b30,
+ 0x00000b32, 0x00000b33, 0x00000b36, 0x00000b39,
+ 0x00000b3d, 0x00000b3d, 0x00000b5c, 0x00000b5d,
+ 0x00000b5f, 0x00000b61, 0x00000b83, 0x00000b83,
+ 0x00000b85, 0x00000b8a, 0x00000b8e, 0x00000b90,
+ 0x00000b92, 0x00000b95, 0x00000b99, 0x00000b9a,
+ 0x00000b9c, 0x00000b9c, 0x00000b9e, 0x00000b9f,
+ 0x00000ba3, 0x00000ba4, 0x00000ba8, 0x00000baa,
+ 0x00000bae, 0x00000bb5, 0x00000bb7, 0x00000bb9,
+ 0x00000c05, 0x00000c0c, 0x00000c0e, 0x00000c10,
+ 0x00000c12, 0x00000c28, 0x00000c2a, 0x00000c33,
+ 0x00000c35, 0x00000c39, 0x00000c60, 0x00000c61,
+ 0x00000c85, 0x00000c8c, 0x00000c8e, 0x00000c90,
+ 0x00000c92, 0x00000ca8, 0x00000caa, 0x00000cb3,
+ 0x00000cb5, 0x00000cb9, 0x00000cde, 0x00000cde,
+ 0x00000ce0, 0x00000ce1, 0x00000d05, 0x00000d0c,
+ 0x00000d0e, 0x00000d10, 0x00000d12, 0x00000d28,
+ 0x00000d2a, 0x00000d39, 0x00000d60, 0x00000d61,
+ 0x00000d85, 0x00000d96, 0x00000d9a, 0x00000db1,
+ 0x00000db3, 0x00000dbb, 0x00000dbd, 0x00000dbd,
+ 0x00000dc0, 0x00000dc6, 0x00000e01, 0x00000e30,
+ 0x00000e32, 0x00000e33, 0x00000e40, 0x00000e45,
+ 0x00000e81, 0x00000e82, 0x00000e84, 0x00000e84,
+ 0x00000e87, 0x00000e88, 0x00000e8a, 0x00000e8a,
+ 0x00000e8d, 0x00000e8d, 0x00000e94, 0x00000e97,
+ 0x00000e99, 0x00000e9f, 0x00000ea1, 0x00000ea3,
+ 0x00000ea5, 0x00000ea5, 0x00000ea7, 0x00000ea7,
+ 0x00000eaa, 0x00000eab, 0x00000ead, 0x00000eb0,
+ 0x00000eb2, 0x00000eb3, 0x00000ebd, 0x00000ebd,
+ 0x00000ec0, 0x00000ec4, 0x00000edc, 0x00000edd,
+ 0x00000f00, 0x00000f00, 0x00000f40, 0x00000f47,
+ 0x00000f49, 0x00000f6a, 0x00000f88, 0x00000f8b,
+ 0x00001000, 0x00001021, 0x00001023, 0x00001027,
+ 0x00001029, 0x0000102a, 0x00001050, 0x00001055,
+ 0x000010d0, 0x000010f8, 0x00001100, 0x00001159,
+ 0x0000115f, 0x000011a2, 0x000011a8, 0x000011f9,
+ 0x00001200, 0x00001206, 0x00001208, 0x00001246,
+ 0x00001248, 0x00001248, 0x0000124a, 0x0000124d,
+ 0x00001250, 0x00001256, 0x00001258, 0x00001258,
+ 0x0000125a, 0x0000125d, 0x00001260, 0x00001286,
+ 0x00001288, 0x00001288, 0x0000128a, 0x0000128d,
+ 0x00001290, 0x000012ae, 0x000012b0, 0x000012b0,
+ 0x000012b2, 0x000012b5, 0x000012b8, 0x000012be,
+ 0x000012c0, 0x000012c0, 0x000012c2, 0x000012c5,
+ 0x000012c8, 0x000012ce, 0x000012d0, 0x000012d6,
+ 0x000012d8, 0x000012ee, 0x000012f0, 0x0000130e,
+ 0x00001310, 0x00001310, 0x00001312, 0x00001315,
+ 0x00001318, 0x0000131e, 0x00001320, 0x00001346,
+ 0x00001348, 0x0000135a, 0x000013a0, 0x000013f4,
+ 0x00001401, 0x0000166c, 0x0000166f, 0x00001676,
+ 0x00001681, 0x0000169a, 0x000016a0, 0x000016ea,
+ 0x00001700, 0x0000170c, 0x0000170e, 0x00001711,
+ 0x00001720, 0x00001731, 0x00001740, 0x00001751,
+ 0x00001760, 0x0000176c, 0x0000176e, 0x00001770,
+ 0x00001780, 0x000017b3, 0x000017dc, 0x000017dc,
+ 0x00001820, 0x00001842, 0x00001844, 0x00001877,
+ 0x00001880, 0x000018a8, 0x00002135, 0x00002138,
+ 0x00003006, 0x00003006, 0x0000303c, 0x0000303c,
+ 0x00003041, 0x00003096, 0x0000309f, 0x0000309f,
+ 0x000030a1, 0x000030fa, 0x000030ff, 0x000030ff,
+ 0x00003105, 0x0000312c, 0x00003131, 0x0000318e,
+ 0x000031a0, 0x000031b7, 0x000031f0, 0x000031ff,
+ 0x00003400, 0x00004db5, 0x00004e00, 0x0000a48c,
+ 0x0000ac00, 0x0000d7a3, 0x0000f900, 0x0000faff,
+ 0x0000fb1d, 0x0000fb1d, 0x0000fb1f, 0x0000fb28,
+ 0x0000fb2a, 0x0000fb36, 0x0000fb38, 0x0000fb3c,
+ 0x0000fb3e, 0x0000fb3e, 0x0000fb40, 0x0000fb41,
+ 0x0000fb43, 0x0000fb44, 0x0000fb46, 0x0000fbb1,
+ 0x0000fbd3, 0x0000fd3d, 0x0000fd50, 0x0000fd8f,
+ 0x0000fd92, 0x0000fdc7, 0x0000fdf0, 0x0000fdfb,
+ 0x0000fe70, 0x0000fe74, 0x0000fe76, 0x0000fefc,
+ 0x0000ff66, 0x0000ff6f, 0x0000ff71, 0x0000ff9d,
+ 0x0000ffa0, 0x0000ffbe, 0x0000ffc2, 0x0000ffc7,
+ 0x0000ffca, 0x0000ffcf, 0x0000ffd2, 0x0000ffd7,
+ 0x0000ffda, 0x0000ffdc, 0x00010300, 0x0001031e,
+ 0x00010330, 0x00010349, 0x00020000, 0x0002a6d6,
+ 0x0002f800, 0x0002fa1d, 0x0000005f, 0x0000005f,
+ 0x0000203f, 0x00002040, 0x000030fb, 0x000030fb,
+ 0x0000fe33, 0x0000fe34, 0x0000fe4d, 0x0000fe4f,
+ 0x0000ff3f, 0x0000ff3f, 0x0000ff65, 0x0000ff65,
+ 0x0000002d, 0x0000002d, 0x000000ad, 0x000000ad,
+ 0x0000058a, 0x0000058a, 0x00001806, 0x00001806,
+ 0x00002010, 0x00002015, 0x0000301c, 0x0000301c,
+ 0x00003030, 0x00003030, 0x000030a0, 0x000030a0,
+ 0x0000fe31, 0x0000fe32, 0x0000fe58, 0x0000fe58,
+ 0x0000fe63, 0x0000fe63, 0x0000ff0d, 0x0000ff0d,
+ 0x00000028, 0x00000028, 0x0000005b, 0x0000005b,
+ 0x0000007b, 0x0000007b, 0x00000f3a, 0x00000f3a,
+ 0x00000f3c, 0x00000f3c, 0x0000169b, 0x0000169b,
+ 0x0000201a, 0x0000201a, 0x0000201e, 0x0000201e,
+ 0x00002045, 0x00002045, 0x0000207d, 0x0000207d,
+ 0x0000208d, 0x0000208d, 0x00002329, 0x00002329,
+ 0x000023b4, 0x000023b4, 0x00002768, 0x00002768,
+ 0x0000276a, 0x0000276a, 0x0000276c, 0x0000276c,
+ 0x0000276e, 0x0000276e, 0x00002770, 0x00002770,
+ 0x00002772, 0x00002772, 0x00002774, 0x00002774,
+ 0x000027e6, 0x000027e6, 0x000027e8, 0x000027e8,
+ 0x000027ea, 0x000027ea, 0x00002983, 0x00002983,
+ 0x00002985, 0x00002985, 0x00002987, 0x00002987,
+ 0x00002989, 0x00002989, 0x0000298b, 0x0000298b,
+ 0x0000298d, 0x0000298d, 0x0000298f, 0x0000298f,
+ 0x00002991, 0x00002991, 0x00002993, 0x00002993,
+ 0x00002995, 0x00002995, 0x00002997, 0x00002997,
+ 0x000029d8, 0x000029d8, 0x000029da, 0x000029da,
+ 0x000029fc, 0x000029fc, 0x00003008, 0x00003008,
+ 0x0000300a, 0x0000300a, 0x0000300c, 0x0000300c,
+ 0x0000300e, 0x0000300e, 0x00003010, 0x00003010,
+ 0x00003014, 0x00003014, 0x00003016, 0x00003016,
+ 0x00003018, 0x00003018, 0x0000301a, 0x0000301a,
+ 0x0000301d, 0x0000301d, 0x0000fd3e, 0x0000fd3e,
+ 0x0000fe35, 0x0000fe35, 0x0000fe37, 0x0000fe37,
+ 0x0000fe39, 0x0000fe39, 0x0000fe3b, 0x0000fe3b,
+ 0x0000fe3d, 0x0000fe3d, 0x0000fe3f, 0x0000fe3f,
+ 0x0000fe41, 0x0000fe41, 0x0000fe43, 0x0000fe43,
+ 0x0000fe59, 0x0000fe59, 0x0000fe5b, 0x0000fe5b,
+ 0x0000fe5d, 0x0000fe5d, 0x0000ff08, 0x0000ff08,
+ 0x0000ff3b, 0x0000ff3b, 0x0000ff5b, 0x0000ff5b,
+ 0x0000ff5f, 0x0000ff5f, 0x0000ff62, 0x0000ff62,
+ 0x00000029, 0x00000029, 0x0000005d, 0x0000005d,
+ 0x0000007d, 0x0000007d, 0x00000f3b, 0x00000f3b,
+ 0x00000f3d, 0x00000f3d, 0x0000169c, 0x0000169c,
+ 0x00002046, 0x00002046, 0x0000207e, 0x0000207e,
+ 0x0000208e, 0x0000208e, 0x0000232a, 0x0000232a,
+ 0x000023b5, 0x000023b5, 0x00002769, 0x00002769,
+ 0x0000276b, 0x0000276b, 0x0000276d, 0x0000276d,
+ 0x0000276f, 0x0000276f, 0x00002771, 0x00002771,
+ 0x00002773, 0x00002773, 0x00002775, 0x00002775,
+ 0x000027e7, 0x000027e7, 0x000027e9, 0x000027e9,
+ 0x000027eb, 0x000027eb, 0x00002984, 0x00002984,
+ 0x00002986, 0x00002986, 0x00002988, 0x00002988,
+ 0x0000298a, 0x0000298a, 0x0000298c, 0x0000298c,
+ 0x0000298e, 0x0000298e, 0x00002990, 0x00002990,
+ 0x00002992, 0x00002992, 0x00002994, 0x00002994,
+ 0x00002996, 0x00002996, 0x00002998, 0x00002998,
+ 0x000029d9, 0x000029d9, 0x000029db, 0x000029db,
+ 0x000029fd, 0x000029fd, 0x00003009, 0x00003009,
+ 0x0000300b, 0x0000300b, 0x0000300d, 0x0000300d,
+ 0x0000300f, 0x0000300f, 0x00003011, 0x00003011,
+ 0x00003015, 0x00003015, 0x00003017, 0x00003017,
+ 0x00003019, 0x00003019, 0x0000301b, 0x0000301b,
+ 0x0000301e, 0x0000301f, 0x0000fd3f, 0x0000fd3f,
+ 0x0000fe36, 0x0000fe36, 0x0000fe38, 0x0000fe38,
+ 0x0000fe3a, 0x0000fe3a, 0x0000fe3c, 0x0000fe3c,
+ 0x0000fe3e, 0x0000fe3e, 0x0000fe40, 0x0000fe40,
+ 0x0000fe42, 0x0000fe42, 0x0000fe44, 0x0000fe44,
+ 0x0000fe5a, 0x0000fe5a, 0x0000fe5c, 0x0000fe5c,
+ 0x0000fe5e, 0x0000fe5e, 0x0000ff09, 0x0000ff09,
+ 0x0000ff3d, 0x0000ff3d, 0x0000ff5d, 0x0000ff5d,
+ 0x0000ff60, 0x0000ff60, 0x0000ff63, 0x0000ff63,
+ 0x00000021, 0x00000023, 0x00000025, 0x00000027,
+ 0x0000002a, 0x0000002a, 0x0000002c, 0x0000002c,
+ 0x0000002e, 0x0000002f, 0x0000003a, 0x0000003b,
+ 0x0000003f, 0x00000040, 0x0000005c, 0x0000005c,
+ 0x000000a1, 0x000000a1, 0x000000b7, 0x000000b7,
+ 0x000000bf, 0x000000bf, 0x0000037e, 0x0000037e,
+ 0x00000387, 0x00000387, 0x0000055a, 0x0000055f,
+ 0x00000589, 0x00000589, 0x000005be, 0x000005be,
+ 0x000005c0, 0x000005c0, 0x000005c3, 0x000005c3,
+ 0x000005f3, 0x000005f4, 0x0000060c, 0x0000060c,
+ 0x0000061b, 0x0000061b, 0x0000061f, 0x0000061f,
+ 0x0000066a, 0x0000066d, 0x000006d4, 0x000006d4,
+ 0x00000700, 0x0000070d, 0x00000964, 0x00000965,
+ 0x00000970, 0x00000970, 0x00000df4, 0x00000df4,
+ 0x00000e4f, 0x00000e4f, 0x00000e5a, 0x00000e5b,
+ 0x00000f04, 0x00000f12, 0x00000f85, 0x00000f85,
+ 0x0000104a, 0x0000104f, 0x000010fb, 0x000010fb,
+ 0x00001361, 0x00001368, 0x0000166d, 0x0000166e,
+ 0x000016eb, 0x000016ed, 0x00001735, 0x00001736,
+ 0x000017d4, 0x000017d6, 0x000017d8, 0x000017da,
+ 0x00001800, 0x00001805, 0x00001807, 0x0000180a,
+ 0x00002016, 0x00002017, 0x00002020, 0x00002027,
+ 0x00002030, 0x00002038, 0x0000203b, 0x0000203e,
+ 0x00002041, 0x00002043, 0x00002047, 0x00002051,
+ 0x00002057, 0x00002057, 0x000023b6, 0x000023b6,
+ 0x00003001, 0x00003003, 0x0000303d, 0x0000303d,
+ 0x0000fe30, 0x0000fe30, 0x0000fe45, 0x0000fe46,
+ 0x0000fe49, 0x0000fe4c, 0x0000fe50, 0x0000fe52,
+ 0x0000fe54, 0x0000fe57, 0x0000fe5f, 0x0000fe61,
+ 0x0000fe68, 0x0000fe68, 0x0000fe6a, 0x0000fe6b,
+ 0x0000ff01, 0x0000ff03, 0x0000ff05, 0x0000ff07,
+ 0x0000ff0a, 0x0000ff0a, 0x0000ff0c, 0x0000ff0c,
+ 0x0000ff0e, 0x0000ff0f, 0x0000ff1a, 0x0000ff1b,
+ 0x0000ff1f, 0x0000ff20, 0x0000ff3c, 0x0000ff3c,
+ 0x0000ff61, 0x0000ff61, 0x0000ff64, 0x0000ff64,
+ 0x0000002b, 0x0000002b, 0x0000003c, 0x0000003e,
+ 0x0000007c, 0x0000007c, 0x0000007e, 0x0000007e,
+ 0x000000ac, 0x000000ac, 0x000000b1, 0x000000b1,
+ 0x000000d7, 0x000000d7, 0x000000f7, 0x000000f7,
+ 0x000003f6, 0x000003f6, 0x00002044, 0x00002044,
+ 0x00002052, 0x00002052, 0x0000207a, 0x0000207c,
+ 0x0000208a, 0x0000208c, 0x00002140, 0x00002144,
+ 0x0000214b, 0x0000214b, 0x00002190, 0x00002194,
+ 0x0000219a, 0x0000219b, 0x000021a0, 0x000021a0,
+ 0x000021a3, 0x000021a3, 0x000021a6, 0x000021a6,
+ 0x000021ae, 0x000021ae, 0x000021ce, 0x000021cf,
+ 0x000021d2, 0x000021d2, 0x000021d4, 0x000021d4,
+ 0x000021f4, 0x000022ff, 0x00002308, 0x0000230b,
+ 0x00002320, 0x00002321, 0x0000237c, 0x0000237c,
+ 0x0000239b, 0x000023b3, 0x000025b7, 0x000025b7,
+ 0x000025c1, 0x000025c1, 0x000025f8, 0x000025ff,
+ 0x0000266f, 0x0000266f, 0x000027d0, 0x000027e5,
+ 0x000027f0, 0x000027ff, 0x00002900, 0x00002982,
+ 0x00002999, 0x000029d7, 0x000029dc, 0x000029fb,
+ 0x000029fe, 0x00002aff, 0x0000fb29, 0x0000fb29,
+ 0x0000fe62, 0x0000fe62, 0x0000fe64, 0x0000fe66,
+ 0x0000ff0b, 0x0000ff0b, 0x0000ff1c, 0x0000ff1e,
+ 0x0000ff5c, 0x0000ff5c, 0x0000ff5e, 0x0000ff5e,
+ 0x0000ffe2, 0x0000ffe2, 0x0000ffe9, 0x0000ffec,
+ 0x0001d6c1, 0x0001d6c1, 0x0001d6db, 0x0001d6db,
+ 0x0001d6fb, 0x0001d6fb, 0x0001d715, 0x0001d715,
+ 0x0001d735, 0x0001d735, 0x0001d74f, 0x0001d74f,
+ 0x0001d76f, 0x0001d76f, 0x0001d789, 0x0001d789,
+ 0x0001d7a9, 0x0001d7a9, 0x0001d7c3, 0x0001d7c3,
+ 0x00000024, 0x00000024, 0x000000a2, 0x000000a5,
+ 0x000009f2, 0x000009f3, 0x00000e3f, 0x00000e3f,
+ 0x000017db, 0x000017db, 0x000020a0, 0x000020b1,
+ 0x0000fdfc, 0x0000fdfc, 0x0000fe69, 0x0000fe69,
+ 0x0000ff04, 0x0000ff04, 0x0000ffe0, 0x0000ffe1,
+ 0x0000ffe5, 0x0000ffe6, 0x0000005e, 0x0000005e,
+ 0x00000060, 0x00000060, 0x000000a8, 0x000000a8,
+ 0x000000af, 0x000000af, 0x000000b4, 0x000000b4,
+ 0x000000b8, 0x000000b8, 0x000002b9, 0x000002ba,
+ 0x000002c2, 0x000002cf, 0x000002d2, 0x000002df,
+ 0x000002e5, 0x000002ed, 0x00000374, 0x00000375,
+ 0x00000384, 0x00000385, 0x00001fbd, 0x00001fbd,
+ 0x00001fbf, 0x00001fc1, 0x00001fcd, 0x00001fcf,
+ 0x00001fdd, 0x00001fdf, 0x00001fed, 0x00001fef,
+ 0x00001ffd, 0x00001ffe, 0x0000309b, 0x0000309c,
+ 0x0000ff3e, 0x0000ff3e, 0x0000ff40, 0x0000ff40,
+ 0x0000ffe3, 0x0000ffe3, 0x000000a6, 0x000000a7,
+ 0x000000a9, 0x000000a9, 0x000000ae, 0x000000ae,
+ 0x000000b0, 0x000000b0, 0x000000b6, 0x000000b6,
+ 0x00000482, 0x00000482, 0x000006e9, 0x000006e9,
+ 0x000006fd, 0x000006fe, 0x000009fa, 0x000009fa,
+ 0x00000b70, 0x00000b70, 0x00000f01, 0x00000f03,
+ 0x00000f13, 0x00000f17, 0x00000f1a, 0x00000f1f,
+ 0x00000f34, 0x00000f34, 0x00000f36, 0x00000f36,
+ 0x00000f38, 0x00000f38, 0x00000fbe, 0x00000fc5,
+ 0x00000fc7, 0x00000fcc, 0x00000fcf, 0x00000fcf,
+ 0x00002100, 0x00002101, 0x00002103, 0x00002106,
+ 0x00002108, 0x00002109, 0x00002114, 0x00002114,
+ 0x00002116, 0x00002118, 0x0000211e, 0x00002123,
+ 0x00002125, 0x00002125, 0x00002127, 0x00002127,
+ 0x00002129, 0x00002129, 0x0000212e, 0x0000212e,
+ 0x00002132, 0x00002132, 0x0000213a, 0x0000213a,
+ 0x0000214a, 0x0000214a, 0x00002195, 0x00002199,
+ 0x0000219c, 0x0000219f, 0x000021a1, 0x000021a2,
+ 0x000021a4, 0x000021a5, 0x000021a7, 0x000021ad,
+ 0x000021af, 0x000021cd, 0x000021d0, 0x000021d1,
+ 0x000021d3, 0x000021d3, 0x000021d5, 0x000021f3,
+ 0x00002300, 0x00002307, 0x0000230c, 0x0000231f,
+ 0x00002322, 0x00002328, 0x0000232b, 0x0000237b,
+ 0x0000237d, 0x0000239a, 0x000023b7, 0x000023ce,
+ 0x00002400, 0x00002426, 0x00002440, 0x0000244a,
+ 0x0000249c, 0x000024e9, 0x00002500, 0x000025b6,
+ 0x000025b8, 0x000025c0, 0x000025c2, 0x000025f7,
+ 0x00002600, 0x00002613, 0x00002616, 0x00002617,
+ 0x00002619, 0x0000266e, 0x00002670, 0x0000267d,
+ 0x00002680, 0x00002689, 0x00002701, 0x00002704,
+ 0x00002706, 0x00002709, 0x0000270c, 0x00002727,
+ 0x00002729, 0x0000274b, 0x0000274d, 0x0000274d,
+ 0x0000274f, 0x00002752, 0x00002756, 0x00002756,
+ 0x00002758, 0x0000275e, 0x00002761, 0x00002767,
+ 0x00002794, 0x00002794, 0x00002798, 0x000027af,
+ 0x000027b1, 0x000027be, 0x00002800, 0x000028ff,
+ 0x00002e80, 0x00002e99, 0x00002e9b, 0x00002ef3,
+ 0x00002f00, 0x00002fd5, 0x00002ff0, 0x00002ffb,
+ 0x00003004, 0x00003004, 0x00003012, 0x00003013,
+ 0x00003020, 0x00003020, 0x00003036, 0x00003037,
+ 0x0000303e, 0x0000303f, 0x00003190, 0x00003191,
+ 0x00003196, 0x0000319f, 0x00003200, 0x0000321c,
+ 0x0000322a, 0x00003243, 0x00003260, 0x0000327b,
+ 0x0000327f, 0x0000327f, 0x0000328a, 0x000032b0,
+ 0x000032c0, 0x000032cb, 0x000032d0, 0x000032fe,
+ 0x00003300, 0x00003376, 0x0000337b, 0x000033dd,
+ 0x000033e0, 0x000033fe, 0x0000a490, 0x0000a4c6,
+ 0x0000ffe4, 0x0000ffe4, 0x0000ffe8, 0x0000ffe8,
+ 0x0000ffed, 0x0000ffee, 0x0000fffc, 0x0000fffd,
+ 0x0001d000, 0x0001d0f5, 0x0001d100, 0x0001d126,
+ 0x0001d12a, 0x0001d164, 0x0001d16a, 0x0001d16c,
+ 0x0001d183, 0x0001d184, 0x0001d18c, 0x0001d1a9,
+ 0x0001d1ae, 0x0001d1dd, 0x00000041, 0x0000005a,
+ 0x00000061, 0x0000007a, 0x000000aa, 0x000000aa,
+ 0x000000b5, 0x000000b5, 0x000000ba, 0x000000ba,
+ 0x000000c0, 0x000000d6, 0x000000d8, 0x000000f6,
+ 0x000000f8, 0x00000220, 0x00000222, 0x00000233,
+ 0x00000250, 0x000002ad, 0x000002b0, 0x000002b8,
+ 0x000002bb, 0x000002c1, 0x000002d0, 0x000002d1,
+ 0x000002e0, 0x000002e4, 0x000002ee, 0x000002ee,
+ 0x0000037a, 0x0000037a, 0x00000386, 0x00000386,
+ 0x00000388, 0x0000038a, 0x0000038c, 0x0000038c,
+ 0x0000038e, 0x000003a1, 0x000003a3, 0x000003ce,
+ 0x000003d0, 0x000003f5, 0x00000400, 0x00000482,
+ 0x0000048a, 0x000004ce, 0x000004d0, 0x000004f5,
+ 0x000004f8, 0x000004f9, 0x00000500, 0x0000050f,
+ 0x00000531, 0x00000556, 0x00000559, 0x0000055f,
+ 0x00000561, 0x00000587, 0x00000589, 0x00000589,
+ 0x00000903, 0x00000903, 0x00000905, 0x00000939,
+ 0x0000093d, 0x00000940, 0x00000949, 0x0000094c,
+ 0x00000950, 0x00000950, 0x00000958, 0x00000961,
+ 0x00000964, 0x00000970, 0x00000982, 0x00000983,
+ 0x00000985, 0x0000098c, 0x0000098f, 0x00000990,
+ 0x00000993, 0x000009a8, 0x000009aa, 0x000009b0,
+ 0x000009b2, 0x000009b2, 0x000009b6, 0x000009b9,
+ 0x000009be, 0x000009c0, 0x000009c7, 0x000009c8,
+ 0x000009cb, 0x000009cc, 0x000009d7, 0x000009d7,
+ 0x000009dc, 0x000009dd, 0x000009df, 0x000009e1,
+ 0x000009e6, 0x000009f1, 0x000009f4, 0x000009fa,
+ 0x00000a05, 0x00000a0a, 0x00000a0f, 0x00000a10,
+ 0x00000a13, 0x00000a28, 0x00000a2a, 0x00000a30,
+ 0x00000a32, 0x00000a33, 0x00000a35, 0x00000a36,
+ 0x00000a38, 0x00000a39, 0x00000a3e, 0x00000a40,
+ 0x00000a59, 0x00000a5c, 0x00000a5e, 0x00000a5e,
+ 0x00000a66, 0x00000a6f, 0x00000a72, 0x00000a74,
+ 0x00000a83, 0x00000a83, 0x00000a85, 0x00000a8b,
+ 0x00000a8d, 0x00000a8d, 0x00000a8f, 0x00000a91,
+ 0x00000a93, 0x00000aa8, 0x00000aaa, 0x00000ab0,
+ 0x00000ab2, 0x00000ab3, 0x00000ab5, 0x00000ab9,
+ 0x00000abd, 0x00000ac0, 0x00000ac9, 0x00000ac9,
+ 0x00000acb, 0x00000acc, 0x00000ad0, 0x00000ad0,
+ 0x00000ae0, 0x00000ae0, 0x00000ae6, 0x00000aef,
+ 0x00000b02, 0x00000b03, 0x00000b05, 0x00000b0c,
+ 0x00000b0f, 0x00000b10, 0x00000b13, 0x00000b28,
+ 0x00000b2a, 0x00000b30, 0x00000b32, 0x00000b33,
+ 0x00000b36, 0x00000b39, 0x00000b3d, 0x00000b3e,
+ 0x00000b40, 0x00000b40, 0x00000b47, 0x00000b48,
+ 0x00000b4b, 0x00000b4c, 0x00000b57, 0x00000b57,
+ 0x00000b5c, 0x00000b5d, 0x00000b5f, 0x00000b61,
+ 0x00000b66, 0x00000b70, 0x00000b83, 0x00000b83,
+ 0x00000b85, 0x00000b8a, 0x00000b8e, 0x00000b90,
+ 0x00000b92, 0x00000b95, 0x00000b99, 0x00000b9a,
+ 0x00000b9c, 0x00000b9c, 0x00000b9e, 0x00000b9f,
+ 0x00000ba3, 0x00000ba4, 0x00000ba8, 0x00000baa,
+ 0x00000bae, 0x00000bb5, 0x00000bb7, 0x00000bb9,
+ 0x00000bbe, 0x00000bbf, 0x00000bc1, 0x00000bc2,
+ 0x00000bc6, 0x00000bc8, 0x00000bca, 0x00000bcc,
+ 0x00000bd7, 0x00000bd7, 0x00000be7, 0x00000bf2,
+ 0x00000c01, 0x00000c03, 0x00000c05, 0x00000c0c,
+ 0x00000c0e, 0x00000c10, 0x00000c12, 0x00000c28,
+ 0x00000c2a, 0x00000c33, 0x00000c35, 0x00000c39,
+ 0x00000c41, 0x00000c44, 0x00000c60, 0x00000c61,
+ 0x00000c66, 0x00000c6f, 0x00000c82, 0x00000c83,
+ 0x00000c85, 0x00000c8c, 0x00000c8e, 0x00000c90,
+ 0x00000c92, 0x00000ca8, 0x00000caa, 0x00000cb3,
+ 0x00000cb5, 0x00000cb9, 0x00000cbe, 0x00000cbe,
+ 0x00000cc0, 0x00000cc4, 0x00000cc7, 0x00000cc8,
+ 0x00000cca, 0x00000ccb, 0x00000cd5, 0x00000cd6,
+ 0x00000cde, 0x00000cde, 0x00000ce0, 0x00000ce1,
+ 0x00000ce6, 0x00000cef, 0x00000d02, 0x00000d03,
+ 0x00000d05, 0x00000d0c, 0x00000d0e, 0x00000d10,
+ 0x00000d12, 0x00000d28, 0x00000d2a, 0x00000d39,
+ 0x00000d3e, 0x00000d40, 0x00000d46, 0x00000d48,
+ 0x00000d4a, 0x00000d4c, 0x00000d57, 0x00000d57,
+ 0x00000d60, 0x00000d61, 0x00000d66, 0x00000d6f,
+ 0x00000d82, 0x00000d83, 0x00000d85, 0x00000d96,
+ 0x00000d9a, 0x00000db1, 0x00000db3, 0x00000dbb,
+ 0x00000dbd, 0x00000dbd, 0x00000dc0, 0x00000dc6,
+ 0x00000dcf, 0x00000dd1, 0x00000dd8, 0x00000ddf,
+ 0x00000df2, 0x00000df4, 0x00000e01, 0x00000e30,
+ 0x00000e32, 0x00000e33, 0x00000e40, 0x00000e46,
+ 0x00000e4f, 0x00000e5b, 0x00000e81, 0x00000e82,
+ 0x00000e84, 0x00000e84, 0x00000e87, 0x00000e88,
+ 0x00000e8a, 0x00000e8a, 0x00000e8d, 0x00000e8d,
+ 0x00000e94, 0x00000e97, 0x00000e99, 0x00000e9f,
+ 0x00000ea1, 0x00000ea3, 0x00000ea5, 0x00000ea5,
+ 0x00000ea7, 0x00000ea7, 0x00000eaa, 0x00000eab,
+ 0x00000ead, 0x00000eb0, 0x00000eb2, 0x00000eb3,
+ 0x00000ebd, 0x00000ebd, 0x00000ec0, 0x00000ec4,
+ 0x00000ec6, 0x00000ec6, 0x00000ed0, 0x00000ed9,
+ 0x00000edc, 0x00000edd, 0x00000f00, 0x00000f17,
+ 0x00000f1a, 0x00000f34, 0x00000f36, 0x00000f36,
+ 0x00000f38, 0x00000f38, 0x00000f3e, 0x00000f47,
+ 0x00000f49, 0x00000f6a, 0x00000f7f, 0x00000f7f,
+ 0x00000f85, 0x00000f85, 0x00000f88, 0x00000f8b,
+ 0x00000fbe, 0x00000fc5, 0x00000fc7, 0x00000fcc,
+ 0x00000fcf, 0x00000fcf, 0x00001000, 0x00001021,
+ 0x00001023, 0x00001027, 0x00001029, 0x0000102a,
+ 0x0000102c, 0x0000102c, 0x00001031, 0x00001031,
+ 0x00001038, 0x00001038, 0x00001040, 0x00001057,
+ 0x000010a0, 0x000010c5, 0x000010d0, 0x000010f8,
+ 0x000010fb, 0x000010fb, 0x00001100, 0x00001159,
+ 0x0000115f, 0x000011a2, 0x000011a8, 0x000011f9,
+ 0x00001200, 0x00001206, 0x00001208, 0x00001246,
+ 0x00001248, 0x00001248, 0x0000124a, 0x0000124d,
+ 0x00001250, 0x00001256, 0x00001258, 0x00001258,
+ 0x0000125a, 0x0000125d, 0x00001260, 0x00001286,
+ 0x00001288, 0x00001288, 0x0000128a, 0x0000128d,
+ 0x00001290, 0x000012ae, 0x000012b0, 0x000012b0,
+ 0x000012b2, 0x000012b5, 0x000012b8, 0x000012be,
+ 0x000012c0, 0x000012c0, 0x000012c2, 0x000012c5,
+ 0x000012c8, 0x000012ce, 0x000012d0, 0x000012d6,
+ 0x000012d8, 0x000012ee, 0x000012f0, 0x0000130e,
+ 0x00001310, 0x00001310, 0x00001312, 0x00001315,
+ 0x00001318, 0x0000131e, 0x00001320, 0x00001346,
+ 0x00001348, 0x0000135a, 0x00001361, 0x0000137c,
+ 0x000013a0, 0x000013f4, 0x00001401, 0x00001676,
+ 0x00001681, 0x0000169a, 0x000016a0, 0x000016f0,
+ 0x00001700, 0x0000170c, 0x0000170e, 0x00001711,
+ 0x00001720, 0x00001731, 0x00001735, 0x00001736,
+ 0x00001740, 0x00001751, 0x00001760, 0x0000176c,
+ 0x0000176e, 0x00001770, 0x00001780, 0x000017b6,
+ 0x000017be, 0x000017c5, 0x000017c7, 0x000017c8,
+ 0x000017d4, 0x000017da, 0x000017dc, 0x000017dc,
+ 0x000017e0, 0x000017e9, 0x00001810, 0x00001819,
+ 0x00001820, 0x00001877, 0x00001880, 0x000018a8,
+ 0x00001e00, 0x00001e9b, 0x00001ea0, 0x00001ef9,
+ 0x00001f00, 0x00001f15, 0x00001f18, 0x00001f1d,
+ 0x00001f20, 0x00001f45, 0x00001f48, 0x00001f4d,
+ 0x00001f50, 0x00001f57, 0x00001f59, 0x00001f59,
+ 0x00001f5b, 0x00001f5b, 0x00001f5d, 0x00001f5d,
+ 0x00001f5f, 0x00001f7d, 0x00001f80, 0x00001fb4,
+ 0x00001fb6, 0x00001fbc, 0x00001fbe, 0x00001fbe,
+ 0x00001fc2, 0x00001fc4, 0x00001fc6, 0x00001fcc,
+ 0x00001fd0, 0x00001fd3, 0x00001fd6, 0x00001fdb,
+ 0x00001fe0, 0x00001fec, 0x00001ff2, 0x00001ff4,
+ 0x00001ff6, 0x00001ffc, 0x0000200e, 0x0000200e,
+ 0x00002071, 0x00002071, 0x0000207f, 0x0000207f,
+ 0x00002102, 0x00002102, 0x00002107, 0x00002107,
+ 0x0000210a, 0x00002113, 0x00002115, 0x00002115,
+ 0x00002119, 0x0000211d, 0x00002124, 0x00002124,
+ 0x00002126, 0x00002126, 0x00002128, 0x00002128,
+ 0x0000212a, 0x0000212d, 0x0000212f, 0x00002131,
+ 0x00002133, 0x00002139, 0x0000213d, 0x0000213f,
+ 0x00002145, 0x00002149, 0x00002160, 0x00002183,
+ 0x00002336, 0x0000237a, 0x00002395, 0x00002395,
+ 0x0000249c, 0x000024e9, 0x00003005, 0x00003007,
+ 0x00003021, 0x00003029, 0x00003031, 0x00003035,
+ 0x00003038, 0x0000303c, 0x00003041, 0x00003096,
+ 0x0000309d, 0x0000309f, 0x000030a1, 0x000030fa,
+ 0x000030fc, 0x000030ff, 0x00003105, 0x0000312c,
+ 0x00003131, 0x0000318e, 0x00003190, 0x000031b7,
+ 0x000031f0, 0x0000321c, 0x00003220, 0x00003243,
+ 0x00003260, 0x0000327b, 0x0000327f, 0x000032b0,
+ 0x000032c0, 0x000032cb, 0x000032d0, 0x000032fe,
+ 0x00003300, 0x00003376, 0x0000337b, 0x000033dd,
+ 0x000033e0, 0x000033fe, 0x00003400, 0x00004db5,
+ 0x00004e00, 0x0000a48c, 0x0000ac00, 0x0000d7a3,
+ 0x0000e000, 0x0000fb06, 0x0000fb13, 0x0000fb17,
+ 0x0000ff21, 0x0000ff3a, 0x0000ff41, 0x0000ff5a,
+ 0x0000ff66, 0x0000ffbe, 0x0000ffc2, 0x0000ffc7,
+ 0x0000ffca, 0x0000ffcf, 0x0000ffd2, 0x0000ffd7,
+ 0x0000ffda, 0x0000ffdc, 0x00010000, 0x0002a6d6,
+ 0x0002f800, 0x0002fa1d, 0x000f0000, 0x000ffffd,
+ 0x00100000, 0x0010fffd, 0x000005be, 0x000005be,
+ 0x000005c0, 0x000005c0, 0x000005c3, 0x000005c3,
+ 0x000005d0, 0x000005ea, 0x000005f0, 0x000005f4,
+ 0x0000200f, 0x0000200f, 0x0000fb1d, 0x0000fb1d,
+ 0x0000fb1f, 0x0000fb28, 0x0000fb2a, 0x0000fb36,
+ 0x0000fb38, 0x0000fb3c, 0x0000fb3e, 0x0000fb3e,
+ 0x0000fb40, 0x0000fb41, 0x0000fb43, 0x0000fb44,
+ 0x0000fb46, 0x0000fb4f, 0x00000030, 0x00000039,
+ 0x000000b2, 0x000000b3, 0x000000b9, 0x000000b9,
+ 0x000006f0, 0x000006f9, 0x00002070, 0x00002070,
+ 0x00002074, 0x00002079, 0x00002080, 0x00002089,
+ 0x00002460, 0x0000249b, 0x000024ea, 0x000024ea,
+ 0x0000ff10, 0x0000ff19, 0x0001d7ce, 0x0001d7ff,
+ 0x0000002f, 0x0000002f, 0x0000ff0f, 0x0000ff0f,
+ 0x00000023, 0x00000025, 0x0000002b, 0x0000002b,
+ 0x0000002d, 0x0000002d, 0x000000a2, 0x000000a5,
+ 0x000000b0, 0x000000b1, 0x0000066a, 0x0000066a,
+ 0x000009f2, 0x000009f3, 0x00000e3f, 0x00000e3f,
+ 0x000017db, 0x000017db, 0x00002030, 0x00002034,
+ 0x0000207a, 0x0000207b, 0x0000208a, 0x0000208b,
+ 0x000020a0, 0x000020b1, 0x0000212e, 0x0000212e,
+ 0x00002212, 0x00002213, 0x0000fb29, 0x0000fb29,
+ 0x0000fe5f, 0x0000fe5f, 0x0000fe62, 0x0000fe63,
+ 0x0000fe69, 0x0000fe6a, 0x0000ff03, 0x0000ff05,
+ 0x0000ff0b, 0x0000ff0b, 0x0000ff0d, 0x0000ff0d,
+ 0x0000ffe0, 0x0000ffe1, 0x0000ffe5, 0x0000ffe6,
+ 0x00000660, 0x00000669, 0x0000066b, 0x0000066c,
+ 0x0000002c, 0x0000002c, 0x0000002e, 0x0000002e,
+ 0x0000003a, 0x0000003a, 0x000000a0, 0x000000a0,
+ 0x0000060c, 0x0000060c, 0x0000fe50, 0x0000fe50,
+ 0x0000fe52, 0x0000fe52, 0x0000fe55, 0x0000fe55,
+ 0x0000ff0c, 0x0000ff0c, 0x0000ff0e, 0x0000ff0e,
+ 0x0000ff1a, 0x0000ff1a, 0x0000000a, 0x0000000a,
+ 0x0000000d, 0x0000000d, 0x0000001c, 0x0000001e,
+ 0x00000085, 0x00000085, 0x00002029, 0x00002029,
+ 0x00000009, 0x00000009, 0x0000000b, 0x0000000b,
+ 0x0000001f, 0x0000001f, 0x0000000c, 0x0000000c,
+ 0x00000020, 0x00000020, 0x00001680, 0x00001680,
+ 0x00002000, 0x0000200a, 0x00002028, 0x00002028,
+ 0x0000202f, 0x0000202f, 0x0000205f, 0x0000205f,
+ 0x00003000, 0x00003000, 0x00000000, 0x00000008,
+ 0x0000000e, 0x0000001b, 0x00000021, 0x00000022,
+ 0x00000026, 0x0000002a, 0x0000003b, 0x00000040,
+ 0x0000005b, 0x00000060, 0x0000007b, 0x00000084,
+ 0x00000086, 0x0000009f, 0x000000a1, 0x000000a1,
+ 0x000000a6, 0x000000a9, 0x000000ab, 0x000000af,
+ 0x000000b4, 0x000000b4, 0x000000b6, 0x000000b8,
+ 0x000000bb, 0x000000bf, 0x000000d7, 0x000000d7,
+ 0x000000f7, 0x000000f7, 0x000002b9, 0x000002ba,
+ 0x000002c2, 0x000002cf, 0x000002d2, 0x000002df,
+ 0x000002e5, 0x000002ed, 0x00000300, 0x0000034f,
+ 0x00000360, 0x0000036f, 0x00000374, 0x00000375,
+ 0x0000037e, 0x0000037e, 0x00000384, 0x00000385,
+ 0x00000387, 0x00000387, 0x000003f6, 0x000003f6,
+ 0x00000483, 0x00000486, 0x00000488, 0x00000489,
+ 0x0000058a, 0x0000058a, 0x00000591, 0x000005a1,
+ 0x000005a3, 0x000005b9, 0x000005bb, 0x000005bd,
+ 0x000005bf, 0x000005bf, 0x000005c1, 0x000005c2,
+ 0x000005c4, 0x000005c4, 0x0000064b, 0x00000655,
+ 0x00000670, 0x00000670, 0x000006d6, 0x000006dc,
+ 0x000006de, 0x000006e4, 0x000006e7, 0x000006ed,
+ 0x0000070f, 0x0000070f, 0x00000711, 0x00000711,
+ 0x00000730, 0x0000074a, 0x000007a6, 0x000007b0,
+ 0x00000901, 0x00000902, 0x0000093c, 0x0000093c,
+ 0x00000941, 0x00000948, 0x0000094d, 0x0000094d,
+ 0x00000951, 0x00000954, 0x00000962, 0x00000963,
+ 0x00000981, 0x00000981, 0x000009bc, 0x000009bc,
+ 0x000009c1, 0x000009c4, 0x000009cd, 0x000009cd,
+ 0x000009e2, 0x000009e3, 0x00000a02, 0x00000a02,
+ 0x00000a3c, 0x00000a3c, 0x00000a41, 0x00000a42,
+ 0x00000a47, 0x00000a48, 0x00000a4b, 0x00000a4d,
+ 0x00000a70, 0x00000a71, 0x00000a81, 0x00000a82,
+ 0x00000abc, 0x00000abc, 0x00000ac1, 0x00000ac5,
+ 0x00000ac7, 0x00000ac8, 0x00000acd, 0x00000acd,
+ 0x00000b01, 0x00000b01, 0x00000b3c, 0x00000b3c,
+ 0x00000b3f, 0x00000b3f, 0x00000b41, 0x00000b43,
+ 0x00000b4d, 0x00000b4d, 0x00000b56, 0x00000b56,
+ 0x00000b82, 0x00000b82, 0x00000bc0, 0x00000bc0,
+ 0x00000bcd, 0x00000bcd, 0x00000c3e, 0x00000c40,
+ 0x00000c46, 0x00000c48, 0x00000c4a, 0x00000c4d,
+ 0x00000c55, 0x00000c56, 0x00000cbf, 0x00000cbf,
+ 0x00000cc6, 0x00000cc6, 0x00000ccc, 0x00000ccd,
+ 0x00000d41, 0x00000d43, 0x00000d4d, 0x00000d4d,
+ 0x00000dca, 0x00000dca, 0x00000dd2, 0x00000dd4,
+ 0x00000dd6, 0x00000dd6, 0x00000e31, 0x00000e31,
+ 0x00000e34, 0x00000e3a, 0x00000e47, 0x00000e4e,
+ 0x00000eb1, 0x00000eb1, 0x00000eb4, 0x00000eb9,
+ 0x00000ebb, 0x00000ebc, 0x00000ec8, 0x00000ecd,
+ 0x00000f18, 0x00000f19, 0x00000f35, 0x00000f35,
+ 0x00000f37, 0x00000f37, 0x00000f39, 0x00000f3d,
+ 0x00000f71, 0x00000f7e, 0x00000f80, 0x00000f84,
+ 0x00000f86, 0x00000f87, 0x00000f90, 0x00000f97,
+ 0x00000f99, 0x00000fbc, 0x00000fc6, 0x00000fc6,
+ 0x0000102d, 0x00001030, 0x00001032, 0x00001032,
+ 0x00001036, 0x00001037, 0x00001039, 0x00001039,
+ 0x00001058, 0x00001059, 0x0000169b, 0x0000169c,
+ 0x00001712, 0x00001714, 0x00001732, 0x00001734,
+ 0x00001752, 0x00001753, 0x00001772, 0x00001773,
+ 0x000017b7, 0x000017bd, 0x000017c6, 0x000017c6,
+ 0x000017c9, 0x000017d3, 0x00001800, 0x0000180e,
+ 0x000018a9, 0x000018a9, 0x00001fbd, 0x00001fbd,
+ 0x00001fbf, 0x00001fc1, 0x00001fcd, 0x00001fcf,
+ 0x00001fdd, 0x00001fdf, 0x00001fed, 0x00001fef,
+ 0x00001ffd, 0x00001ffe, 0x0000200b, 0x0000200d,
+ 0x00002010, 0x00002027, 0x0000202a, 0x0000202e,
+ 0x00002035, 0x00002052, 0x00002057, 0x00002057,
+ 0x00002060, 0x00002063, 0x0000206a, 0x0000206f,
+ 0x0000207c, 0x0000207e, 0x0000208c, 0x0000208e,
+ 0x000020d0, 0x000020ea, 0x00002100, 0x00002101,
+ 0x00002103, 0x00002106, 0x00002108, 0x00002109,
+ 0x00002114, 0x00002114, 0x00002116, 0x00002118,
+ 0x0000211e, 0x00002123, 0x00002125, 0x00002125,
+ 0x00002127, 0x00002127, 0x00002129, 0x00002129,
+ 0x00002132, 0x00002132, 0x0000213a, 0x0000213a,
+ 0x00002140, 0x00002144, 0x0000214a, 0x0000214b,
+ 0x00002153, 0x0000215f, 0x00002190, 0x00002211,
+ 0x00002214, 0x00002335, 0x0000237b, 0x00002394,
+ 0x00002396, 0x000023ce, 0x00002400, 0x00002426,
+ 0x00002440, 0x0000244a, 0x000024eb, 0x000024fe,
+ 0x00002500, 0x00002613, 0x00002616, 0x00002617,
+ 0x00002619, 0x0000267d, 0x00002680, 0x00002689,
+ 0x00002701, 0x00002704, 0x00002706, 0x00002709,
+ 0x0000270c, 0x00002727, 0x00002729, 0x0000274b,
+ 0x0000274d, 0x0000274d, 0x0000274f, 0x00002752,
+ 0x00002756, 0x00002756, 0x00002758, 0x0000275e,
+ 0x00002761, 0x00002794, 0x00002798, 0x000027af,
+ 0x000027b1, 0x000027be, 0x000027d0, 0x000027eb,
+ 0x000027f0, 0x00002aff, 0x00002e80, 0x00002e99,
+ 0x00002e9b, 0x00002ef3, 0x00002f00, 0x00002fd5,
+ 0x00002ff0, 0x00002ffb, 0x00003001, 0x00003004,
+ 0x00003008, 0x00003020, 0x0000302a, 0x00003030,
+ 0x00003036, 0x00003037, 0x0000303d, 0x0000303f,
+ 0x00003099, 0x0000309c, 0x000030a0, 0x000030a0,
+ 0x000030fb, 0x000030fb, 0x00003251, 0x0000325f,
+ 0x000032b1, 0x000032bf, 0x0000a490, 0x0000a4c6,
+ 0x0000fb1e, 0x0000fb1e, 0x0000fd3e, 0x0000fd3f,
+ 0x0000fe00, 0x0000fe0f, 0x0000fe20, 0x0000fe23,
+ 0x0000fe30, 0x0000fe46, 0x0000fe49, 0x0000fe4f,
+ 0x0000fe51, 0x0000fe51, 0x0000fe54, 0x0000fe54,
+ 0x0000fe56, 0x0000fe5e, 0x0000fe60, 0x0000fe61,
+ 0x0000fe64, 0x0000fe66, 0x0000fe68, 0x0000fe68,
+ 0x0000fe6b, 0x0000fe6b, 0x0000feff, 0x0000feff,
+ 0x0000ff01, 0x0000ff02, 0x0000ff06, 0x0000ff0a,
+ 0x0000ff1b, 0x0000ff20, 0x0000ff3b, 0x0000ff40,
+ 0x0000ff5b, 0x0000ff65, 0x0000ffe2, 0x0000ffe4,
+ 0x0000ffe8, 0x0000ffee, 0x0000fff9, 0x0000fffd,
+ 0x0001d167, 0x0001d169, 0x0001d173, 0x0001d182,
+ 0x0001d185, 0x0001d18b, 0x0001d1aa, 0x0001d1ad,
+ 0x000e0001, 0x000e0001, 0x000e0020, 0x000e007f,
+ 0x000000c0, 0x000000c5, 0x000000c7, 0x000000cf,
+ 0x000000d1, 0x000000d6, 0x000000d9, 0x000000dd,
+ 0x000000e0, 0x000000e5, 0x000000e7, 0x000000ef,
+ 0x000000f1, 0x000000f6, 0x000000f9, 0x000000fd,
+ 0x000000ff, 0x0000010f, 0x00000112, 0x00000125,
+ 0x00000128, 0x00000130, 0x00000134, 0x00000137,
+ 0x00000139, 0x0000013e, 0x00000143, 0x00000148,
+ 0x0000014c, 0x00000151, 0x00000154, 0x00000165,
+ 0x00000168, 0x0000017e, 0x000001a0, 0x000001a1,
+ 0x000001af, 0x000001b0, 0x000001cd, 0x000001dc,
+ 0x000001de, 0x000001e3, 0x000001e6, 0x000001f0,
+ 0x000001f4, 0x000001f5, 0x000001f8, 0x0000021b,
+ 0x0000021e, 0x0000021f, 0x00000226, 0x00000233,
+ 0x00000340, 0x00000341, 0x00000343, 0x00000344,
+ 0x00000374, 0x00000374, 0x0000037e, 0x0000037e,
+ 0x00000385, 0x0000038a, 0x0000038c, 0x0000038c,
+ 0x0000038e, 0x00000390, 0x000003aa, 0x000003b0,
+ 0x000003ca, 0x000003ce, 0x000003d3, 0x000003d4,
+ 0x00000400, 0x00000401, 0x00000403, 0x00000403,
+ 0x00000407, 0x00000407, 0x0000040c, 0x0000040e,
+ 0x00000419, 0x00000419, 0x00000439, 0x00000439,
+ 0x00000450, 0x00000451, 0x00000453, 0x00000453,
+ 0x00000457, 0x00000457, 0x0000045c, 0x0000045e,
+ 0x00000476, 0x00000477, 0x000004c1, 0x000004c2,
+ 0x000004d0, 0x000004d3, 0x000004d6, 0x000004d7,
+ 0x000004da, 0x000004df, 0x000004e2, 0x000004e7,
+ 0x000004ea, 0x000004f5, 0x000004f8, 0x000004f9,
+ 0x00000622, 0x00000626, 0x000006c0, 0x000006c0,
+ 0x000006c2, 0x000006c2, 0x000006d3, 0x000006d3,
+ 0x00000929, 0x00000929, 0x00000931, 0x00000931,
+ 0x00000934, 0x00000934, 0x00000958, 0x0000095f,
+ 0x000009cb, 0x000009cc, 0x000009dc, 0x000009dd,
+ 0x000009df, 0x000009df, 0x00000a33, 0x00000a33,
+ 0x00000a36, 0x00000a36, 0x00000a59, 0x00000a5b,
+ 0x00000a5e, 0x00000a5e, 0x00000b48, 0x00000b48,
+ 0x00000b4b, 0x00000b4c, 0x00000b5c, 0x00000b5d,
+ 0x00000b94, 0x00000b94, 0x00000bca, 0x00000bcc,
+ 0x00000c48, 0x00000c48, 0x00000cc0, 0x00000cc0,
+ 0x00000cc7, 0x00000cc8, 0x00000cca, 0x00000ccb,
+ 0x00000d4a, 0x00000d4c, 0x00000dda, 0x00000dda,
+ 0x00000ddc, 0x00000dde, 0x00000f43, 0x00000f43,
+ 0x00000f4d, 0x00000f4d, 0x00000f52, 0x00000f52,
+ 0x00000f57, 0x00000f57, 0x00000f5c, 0x00000f5c,
+ 0x00000f69, 0x00000f69, 0x00000f73, 0x00000f73,
+ 0x00000f75, 0x00000f76, 0x00000f78, 0x00000f78,
+ 0x00000f81, 0x00000f81, 0x00000f93, 0x00000f93,
+ 0x00000f9d, 0x00000f9d, 0x00000fa2, 0x00000fa2,
+ 0x00000fa7, 0x00000fa7, 0x00000fac, 0x00000fac,
+ 0x00000fb9, 0x00000fb9, 0x00001026, 0x00001026,
+ 0x00001e00, 0x00001e99, 0x00001e9b, 0x00001e9b,
+ 0x00001ea0, 0x00001ef9, 0x00001f00, 0x00001f15,
+ 0x00001f18, 0x00001f1d, 0x00001f20, 0x00001f45,
+ 0x00001f48, 0x00001f4d, 0x00001f50, 0x00001f57,
+ 0x00001f59, 0x00001f59, 0x00001f5b, 0x00001f5b,
+ 0x00001f5d, 0x00001f5d, 0x00001f5f, 0x00001f7d,
+ 0x00001f80, 0x00001fb4, 0x00001fb6, 0x00001fbc,
+ 0x00001fbe, 0x00001fbe, 0x00001fc1, 0x00001fc4,
+ 0x00001fc6, 0x00001fd3, 0x00001fd6, 0x00001fdb,
+ 0x00001fdd, 0x00001fef, 0x00001ff2, 0x00001ff4,
+ 0x00001ff6, 0x00001ffd, 0x00002000, 0x00002001,
+ 0x00002126, 0x00002126, 0x0000212a, 0x0000212b,
+ 0x0000219a, 0x0000219b, 0x000021ae, 0x000021ae,
+ 0x000021cd, 0x000021cf, 0x00002204, 0x00002204,
+ 0x00002209, 0x00002209, 0x0000220c, 0x0000220c,
+ 0x00002224, 0x00002224, 0x00002226, 0x00002226,
+ 0x00002241, 0x00002241, 0x00002244, 0x00002244,
+ 0x00002247, 0x00002247, 0x00002249, 0x00002249,
+ 0x00002260, 0x00002260, 0x00002262, 0x00002262,
+ 0x0000226d, 0x00002271, 0x00002274, 0x00002275,
+ 0x00002278, 0x00002279, 0x00002280, 0x00002281,
+ 0x00002284, 0x00002285, 0x00002288, 0x00002289,
+ 0x000022ac, 0x000022af, 0x000022e0, 0x000022e3,
+ 0x000022ea, 0x000022ed, 0x00002329, 0x0000232a,
+ 0x00002adc, 0x00002adc, 0x0000304c, 0x0000304c,
+ 0x0000304e, 0x0000304e, 0x00003050, 0x00003050,
+ 0x00003052, 0x00003052, 0x00003054, 0x00003054,
+ 0x00003056, 0x00003056, 0x00003058, 0x00003058,
+ 0x0000305a, 0x0000305a, 0x0000305c, 0x0000305c,
+ 0x0000305e, 0x0000305e, 0x00003060, 0x00003060,
+ 0x00003062, 0x00003062, 0x00003065, 0x00003065,
+ 0x00003067, 0x00003067, 0x00003069, 0x00003069,
+ 0x00003070, 0x00003071, 0x00003073, 0x00003074,
+ 0x00003076, 0x00003077, 0x00003079, 0x0000307a,
+ 0x0000307c, 0x0000307d, 0x00003094, 0x00003094,
+ 0x0000309e, 0x0000309e, 0x000030ac, 0x000030ac,
+ 0x000030ae, 0x000030ae, 0x000030b0, 0x000030b0,
+ 0x000030b2, 0x000030b2, 0x000030b4, 0x000030b4,
+ 0x000030b6, 0x000030b6, 0x000030b8, 0x000030b8,
+ 0x000030ba, 0x000030ba, 0x000030bc, 0x000030bc,
+ 0x000030be, 0x000030be, 0x000030c0, 0x000030c0,
+ 0x000030c2, 0x000030c2, 0x000030c5, 0x000030c5,
+ 0x000030c7, 0x000030c7, 0x000030c9, 0x000030c9,
+ 0x000030d0, 0x000030d1, 0x000030d3, 0x000030d4,
+ 0x000030d6, 0x000030d7, 0x000030d9, 0x000030da,
+ 0x000030dc, 0x000030dd, 0x000030f4, 0x000030f4,
+ 0x000030f7, 0x000030fa, 0x000030fe, 0x000030fe,
+ 0x0000f902, 0x0000fa0d, 0x0000fa10, 0x0000fa10,
+ 0x0000fa12, 0x0000fa12, 0x0000fa15, 0x0000fa1e,
+ 0x0000fa20, 0x0000fa20, 0x0000fa22, 0x0000fa22,
+ 0x0000fa25, 0x0000fa26, 0x0000fa2a, 0x0000fa2d,
+ 0x0000fa30, 0x0000fa6a, 0x0000fb1d, 0x0000fb1d,
+ 0x0000fb1f, 0x0000fb1f, 0x0000fb2a, 0x0000fb36,
+ 0x0000fb38, 0x0000fb3c, 0x0000fb3e, 0x0000fb3e,
+ 0x0000fb40, 0x0000fb41, 0x0000fb43, 0x0000fb44,
+ 0x0000fb46, 0x0000fb4e, 0x0001d15e, 0x0001d164,
+ 0x0001d1bb, 0x0001d1c0, 0x0002f800, 0x0002fa1d,
+ 0x00000000, 0x00000220, 0x00000222, 0x00000233,
+ 0x00000250, 0x000002ad, 0x000002b0, 0x000002ee,
+ 0x00000300, 0x0000034f, 0x00000360, 0x0000036f,
+ 0x00000374, 0x00000375, 0x0000037a, 0x0000037a,
+ 0x0000037e, 0x0000037e, 0x00000384, 0x0000038a,
+ 0x0000038c, 0x0000038c, 0x0000038e, 0x000003a1,
+ 0x000003a3, 0x000003ce, 0x000003d0, 0x000003f6,
+ 0x00000400, 0x00000486, 0x00000488, 0x000004ce,
+ 0x000004d0, 0x000004f5, 0x000004f8, 0x000004f9,
+ 0x00000500, 0x0000050f, 0x00000531, 0x00000556,
+ 0x00000559, 0x0000055f, 0x00000561, 0x00000587,
+ 0x00000589, 0x0000058a, 0x00000591, 0x000005a1,
+ 0x000005a3, 0x000005b9, 0x000005bb, 0x000005c4,
+ 0x000005d0, 0x000005ea, 0x000005f0, 0x000005f4,
+ 0x0000060c, 0x0000060c, 0x0000061b, 0x0000061b,
+ 0x0000061f, 0x0000061f, 0x00000621, 0x0000063a,
+ 0x00000640, 0x00000655, 0x00000660, 0x000006ed,
+ 0x000006f0, 0x000006fe, 0x00000700, 0x0000070d,
+ 0x0000070f, 0x0000072c, 0x00000730, 0x0000074a,
+ 0x00000780, 0x000007b1, 0x00000901, 0x00000903,
+ 0x00000905, 0x00000939, 0x0000093c, 0x0000094d,
+ 0x00000950, 0x00000954, 0x00000958, 0x00000970,
+ 0x00000981, 0x00000983, 0x00000985, 0x0000098c,
+ 0x0000098f, 0x00000990, 0x00000993, 0x000009a8,
+ 0x000009aa, 0x000009b0, 0x000009b2, 0x000009b2,
+ 0x000009b6, 0x000009b9, 0x000009bc, 0x000009bc,
+ 0x000009be, 0x000009c4, 0x000009c7, 0x000009c8,
+ 0x000009cb, 0x000009cd, 0x000009d7, 0x000009d7,
+ 0x000009dc, 0x000009dd, 0x000009df, 0x000009e3,
+ 0x000009e6, 0x000009fa, 0x00000a02, 0x00000a02,
+ 0x00000a05, 0x00000a0a, 0x00000a0f, 0x00000a10,
+ 0x00000a13, 0x00000a28, 0x00000a2a, 0x00000a30,
+ 0x00000a32, 0x00000a33, 0x00000a35, 0x00000a36,
+ 0x00000a38, 0x00000a39, 0x00000a3c, 0x00000a3c,
+ 0x00000a3e, 0x00000a42, 0x00000a47, 0x00000a48,
+ 0x00000a4b, 0x00000a4d, 0x00000a59, 0x00000a5c,
+ 0x00000a5e, 0x00000a5e, 0x00000a66, 0x00000a74,
+ 0x00000a81, 0x00000a83, 0x00000a85, 0x00000a8b,
+ 0x00000a8d, 0x00000a8d, 0x00000a8f, 0x00000a91,
+ 0x00000a93, 0x00000aa8, 0x00000aaa, 0x00000ab0,
+ 0x00000ab2, 0x00000ab3, 0x00000ab5, 0x00000ab9,
+ 0x00000abc, 0x00000ac5, 0x00000ac7, 0x00000ac9,
+ 0x00000acb, 0x00000acd, 0x00000ad0, 0x00000ad0,
+ 0x00000ae0, 0x00000ae0, 0x00000ae6, 0x00000aef,
+ 0x00000b01, 0x00000b03, 0x00000b05, 0x00000b0c,
+ 0x00000b0f, 0x00000b10, 0x00000b13, 0x00000b28,
+ 0x00000b2a, 0x00000b30, 0x00000b32, 0x00000b33,
+ 0x00000b36, 0x00000b39, 0x00000b3c, 0x00000b43,
+ 0x00000b47, 0x00000b48, 0x00000b4b, 0x00000b4d,
+ 0x00000b56, 0x00000b57, 0x00000b5c, 0x00000b5d,
+ 0x00000b5f, 0x00000b61, 0x00000b66, 0x00000b70,
+ 0x00000b82, 0x00000b83, 0x00000b85, 0x00000b8a,
+ 0x00000b8e, 0x00000b90, 0x00000b92, 0x00000b95,
+ 0x00000b99, 0x00000b9a, 0x00000b9c, 0x00000b9c,
+ 0x00000b9e, 0x00000b9f, 0x00000ba3, 0x00000ba4,
+ 0x00000ba8, 0x00000baa, 0x00000bae, 0x00000bb5,
+ 0x00000bb7, 0x00000bb9, 0x00000bbe, 0x00000bc2,
+ 0x00000bc6, 0x00000bc8, 0x00000bca, 0x00000bcd,
+ 0x00000bd7, 0x00000bd7, 0x00000be7, 0x00000bf2,
+ 0x00000c01, 0x00000c03, 0x00000c05, 0x00000c0c,
+ 0x00000c0e, 0x00000c10, 0x00000c12, 0x00000c28,
+ 0x00000c2a, 0x00000c33, 0x00000c35, 0x00000c39,
+ 0x00000c3e, 0x00000c44, 0x00000c46, 0x00000c48,
+ 0x00000c4a, 0x00000c4d, 0x00000c55, 0x00000c56,
+ 0x00000c60, 0x00000c61, 0x00000c66, 0x00000c6f,
+ 0x00000c82, 0x00000c83, 0x00000c85, 0x00000c8c,
+ 0x00000c8e, 0x00000c90, 0x00000c92, 0x00000ca8,
+ 0x00000caa, 0x00000cb3, 0x00000cb5, 0x00000cb9,
+ 0x00000cbe, 0x00000cc4, 0x00000cc6, 0x00000cc8,
+ 0x00000cca, 0x00000ccd, 0x00000cd5, 0x00000cd6,
+ 0x00000cde, 0x00000cde, 0x00000ce0, 0x00000ce1,
+ 0x00000ce6, 0x00000cef, 0x00000d02, 0x00000d03,
+ 0x00000d05, 0x00000d0c, 0x00000d0e, 0x00000d10,
+ 0x00000d12, 0x00000d28, 0x00000d2a, 0x00000d39,
+ 0x00000d3e, 0x00000d43, 0x00000d46, 0x00000d48,
+ 0x00000d4a, 0x00000d4d, 0x00000d57, 0x00000d57,
+ 0x00000d60, 0x00000d61, 0x00000d66, 0x00000d6f,
+ 0x00000d82, 0x00000d83, 0x00000d85, 0x00000d96,
+ 0x00000d9a, 0x00000db1, 0x00000db3, 0x00000dbb,
+ 0x00000dbd, 0x00000dbd, 0x00000dc0, 0x00000dc6,
+ 0x00000dca, 0x00000dca, 0x00000dcf, 0x00000dd4,
+ 0x00000dd6, 0x00000dd6, 0x00000dd8, 0x00000ddf,
+ 0x00000df2, 0x00000df4, 0x00000e01, 0x00000e3a,
+ 0x00000e3f, 0x00000e5b, 0x00000e81, 0x00000e82,
+ 0x00000e84, 0x00000e84, 0x00000e87, 0x00000e88,
+ 0x00000e8a, 0x00000e8a, 0x00000e8d, 0x00000e8d,
+ 0x00000e94, 0x00000e97, 0x00000e99, 0x00000e9f,
+ 0x00000ea1, 0x00000ea3, 0x00000ea5, 0x00000ea5,
+ 0x00000ea7, 0x00000ea7, 0x00000eaa, 0x00000eab,
+ 0x00000ead, 0x00000eb9, 0x00000ebb, 0x00000ebd,
+ 0x00000ec0, 0x00000ec4, 0x00000ec6, 0x00000ec6,
+ 0x00000ec8, 0x00000ecd, 0x00000ed0, 0x00000ed9,
+ 0x00000edc, 0x00000edd, 0x00000f00, 0x00000f47,
+ 0x00000f49, 0x00000f6a, 0x00000f71, 0x00000f8b,
+ 0x00000f90, 0x00000f97, 0x00000f99, 0x00000fbc,
+ 0x00000fbe, 0x00000fcc, 0x00000fcf, 0x00000fcf,
+ 0x00001000, 0x00001021, 0x00001023, 0x00001027,
+ 0x00001029, 0x0000102a, 0x0000102c, 0x00001032,
+ 0x00001036, 0x00001039, 0x00001040, 0x00001059,
+ 0x000010a0, 0x000010c5, 0x000010d0, 0x000010f8,
+ 0x000010fb, 0x000010fb, 0x00001100, 0x00001159,
+ 0x0000115f, 0x000011a2, 0x000011a8, 0x000011f9,
+ 0x00001200, 0x00001206, 0x00001208, 0x00001246,
+ 0x00001248, 0x00001248, 0x0000124a, 0x0000124d,
+ 0x00001250, 0x00001256, 0x00001258, 0x00001258,
+ 0x0000125a, 0x0000125d, 0x00001260, 0x00001286,
+ 0x00001288, 0x00001288, 0x0000128a, 0x0000128d,
+ 0x00001290, 0x000012ae, 0x000012b0, 0x000012b0,
+ 0x000012b2, 0x000012b5, 0x000012b8, 0x000012be,
+ 0x000012c0, 0x000012c0, 0x000012c2, 0x000012c5,
+ 0x000012c8, 0x000012ce, 0x000012d0, 0x000012d6,
+ 0x000012d8, 0x000012ee, 0x000012f0, 0x0000130e,
+ 0x00001310, 0x00001310, 0x00001312, 0x00001315,
+ 0x00001318, 0x0000131e, 0x00001320, 0x00001346,
+ 0x00001348, 0x0000135a, 0x00001361, 0x0000137c,
+ 0x000013a0, 0x000013f4, 0x00001401, 0x00001676,
+ 0x00001680, 0x0000169c, 0x000016a0, 0x000016f0,
+ 0x00001700, 0x0000170c, 0x0000170e, 0x00001714,
+ 0x00001720, 0x00001736, 0x00001740, 0x00001753,
+ 0x00001760, 0x0000176c, 0x0000176e, 0x00001770,
+ 0x00001772, 0x00001773, 0x00001780, 0x000017dc,
+ 0x000017e0, 0x000017e9, 0x00001800, 0x0000180e,
+ 0x00001810, 0x00001819, 0x00001820, 0x00001877,
+ 0x00001880, 0x000018a9, 0x00001e00, 0x00001e9b,
+ 0x00001ea0, 0x00001ef9, 0x00001f00, 0x00001f15,
+ 0x00001f18, 0x00001f1d, 0x00001f20, 0x00001f45,
+ 0x00001f48, 0x00001f4d, 0x00001f50, 0x00001f57,
+ 0x00001f59, 0x00001f59, 0x00001f5b, 0x00001f5b,
+ 0x00001f5d, 0x00001f5d, 0x00001f5f, 0x00001f7d,
+ 0x00001f80, 0x00001fb4, 0x00001fb6, 0x00001fc4,
+ 0x00001fc6, 0x00001fd3, 0x00001fd6, 0x00001fdb,
+ 0x00001fdd, 0x00001fef, 0x00001ff2, 0x00001ff4,
+ 0x00001ff6, 0x00001ffe, 0x00002000, 0x00002052,
+ 0x00002057, 0x00002057, 0x0000205f, 0x00002063,
+ 0x0000206a, 0x00002071, 0x00002074, 0x0000208e,
+ 0x000020a0, 0x000020b1, 0x000020d0, 0x000020ea,
+ 0x00002100, 0x0000213a, 0x0000213d, 0x0000214b,
+ 0x00002153, 0x00002183, 0x00002190, 0x000023ce,
+ 0x00002400, 0x00002426, 0x00002440, 0x0000244a,
+ 0x00002460, 0x000024fe, 0x00002500, 0x00002613,
+ 0x00002616, 0x00002617, 0x00002619, 0x0000267d,
+ 0x00002680, 0x00002689, 0x00002701, 0x00002704,
+ 0x00002706, 0x00002709, 0x0000270c, 0x00002727,
+ 0x00002729, 0x0000274b, 0x0000274d, 0x0000274d,
+ 0x0000274f, 0x00002752, 0x00002756, 0x00002756,
+ 0x00002758, 0x0000275e, 0x00002761, 0x00002794,
+ 0x00002798, 0x000027af, 0x000027b1, 0x000027be,
+ 0x000027d0, 0x000027eb, 0x000027f0, 0x00002aff,
+ 0x00002e80, 0x00002e99, 0x00002e9b, 0x00002ef3,
+ 0x00002f00, 0x00002fd5, 0x00002ff0, 0x00002ffb,
+ 0x00003000, 0x0000303f, 0x00003041, 0x00003096,
+ 0x00003099, 0x000030ff, 0x00003105, 0x0000312c,
+ 0x00003131, 0x0000318e, 0x00003190, 0x000031b7,
+ 0x000031f0, 0x0000321c, 0x00003220, 0x00003243,
+ 0x00003251, 0x0000327b, 0x0000327f, 0x000032cb,
+ 0x000032d0, 0x000032fe, 0x00003300, 0x00003376,
+ 0x0000337b, 0x000033dd, 0x000033e0, 0x000033fe,
+ 0x00003400, 0x00004db5, 0x00004e00, 0x00009fa5,
+ 0x0000a000, 0x0000a48c, 0x0000a490, 0x0000a4c6,
+ 0x0000ac00, 0x0000d7a3, 0x0000f900, 0x0000fb06,
+ 0x0000fb13, 0x0000fb17, 0x0000fb1d, 0x0000fb36,
+ 0x0000fb38, 0x0000fb3c, 0x0000fb3e, 0x0000fb3e,
+ 0x0000fb40, 0x0000fb41, 0x0000fb43, 0x0000fb44,
+ 0x0000fb46, 0x0000fbb1, 0x0000fbd3, 0x0000fd3f,
+ 0x0000fd50, 0x0000fd8f, 0x0000fd92, 0x0000fdc7,
+ 0x0000fdf0, 0x0000fdfc, 0x0000fe00, 0x0000fe0f,
+ 0x0000fe20, 0x0000fe23, 0x0000fe30, 0x0000fe46,
+ 0x0000fe49, 0x0000fe52, 0x0000fe54, 0x0000fe66,
+ 0x0000fe68, 0x0000fe6b, 0x0000fe70, 0x0000fe74,
+ 0x0000fe76, 0x0000fefc, 0x0000feff, 0x0000feff,
+ 0x0000ff01, 0x0000ffbe, 0x0000ffc2, 0x0000ffc7,
+ 0x0000ffca, 0x0000ffcf, 0x0000ffd2, 0x0000ffd7,
+ 0x0000ffda, 0x0000ffdc, 0x0000ffe0, 0x0000ffe6,
+ 0x0000ffe8, 0x0000ffee, 0x0000fff9, 0x0000fffd,
+ 0x00010300, 0x0001031e, 0x00010320, 0x00010323,
+ 0x00010330, 0x0001034a, 0x00010400, 0x00010425,
+ 0x00010428, 0x0001044d, 0x0001d000, 0x0001d0f5,
+ 0x0001d100, 0x0001d126, 0x0001d12a, 0x0001d1dd,
+ 0x0001d400, 0x0001d454, 0x0001d456, 0x0001d49c,
+ 0x0001d49e, 0x0001d49f, 0x0001d4a2, 0x0001d4a2,
+ 0x0001d4a5, 0x0001d4a6, 0x0001d4a9, 0x0001d4ac,
+ 0x0001d4ae, 0x0001d4b9, 0x0001d4bb, 0x0001d4bb,
+ 0x0001d4bd, 0x0001d4c0, 0x0001d4c2, 0x0001d4c3,
+ 0x0001d4c5, 0x0001d505, 0x0001d507, 0x0001d50a,
+ 0x0001d50d, 0x0001d514, 0x0001d516, 0x0001d51c,
+ 0x0001d51e, 0x0001d539, 0x0001d53b, 0x0001d53e,
+ 0x0001d540, 0x0001d544, 0x0001d546, 0x0001d546,
+ 0x0001d54a, 0x0001d550, 0x0001d552, 0x0001d6a3,
+ 0x0001d6a8, 0x0001d7c9, 0x0001d7ce, 0x0001d7ff,
+ 0x00020000, 0x0002a6d6, 0x0002f800, 0x0002fa1d,
+ 0x000e0001, 0x000e0001, 0x000e0020, 0x000e007f,
+ 0x000000ab, 0x000000ab, 0x00002018, 0x00002018,
+ 0x0000201b, 0x0000201c, 0x0000201f, 0x0000201f,
+ 0x00002039, 0x00002039, 0x000000bb, 0x000000bb,
+ 0x00002019, 0x00002019, 0x0000201d, 0x0000201d,
+ 0x0000203a, 0x0000203a, 0x0000061b, 0x0000061b,
+ 0x0000061f, 0x0000061f, 0x00000621, 0x0000063a,
+ 0x00000640, 0x0000064a, 0x0000066d, 0x0000066f,
+ 0x00000671, 0x000006d5, 0x000006dd, 0x000006dd,
+ 0x000006e5, 0x000006e6, 0x000006fa, 0x000006fe,
+ 0x00000700, 0x0000070d, 0x00000710, 0x00000710,
+ 0x00000712, 0x0000072c, 0x00000780, 0x000007a5,
+ 0x000007b1, 0x000007b1, 0x0000fb50, 0x0000fbb1,
+ 0x0000fbd3, 0x0000fd3d, 0x0000fd50, 0x0000fd8f,
+ 0x0000fd92, 0x0000fdc7, 0x0000fdf0, 0x0000fdfc,
+ 0x0000fe70, 0x0000fe74, 0x0000fe76, 0x0000fefc
+};
+
+static const ac_uint4 _uccase_size = 1504;
+
+static const ac_uint2 _uccase_len[2] = {745, 755};
+
+static const ac_uint4 _uccase_map[] = {
+ 0x00000041, 0x00000061, 0x00000041,
+ 0x00000042, 0x00000062, 0x00000042,
+ 0x00000043, 0x00000063, 0x00000043,
+ 0x00000044, 0x00000064, 0x00000044,
+ 0x00000045, 0x00000065, 0x00000045,
+ 0x00000046, 0x00000066, 0x00000046,
+ 0x00000047, 0x00000067, 0x00000047,
+ 0x00000048, 0x00000068, 0x00000048,
+ 0x00000049, 0x00000069, 0x00000049,
+ 0x0000004a, 0x0000006a, 0x0000004a,
+ 0x0000004b, 0x0000006b, 0x0000004b,
+ 0x0000004c, 0x0000006c, 0x0000004c,
+ 0x0000004d, 0x0000006d, 0x0000004d,
+ 0x0000004e, 0x0000006e, 0x0000004e,
+ 0x0000004f, 0x0000006f, 0x0000004f,
+ 0x00000050, 0x00000070, 0x00000050,
+ 0x00000051, 0x00000071, 0x00000051,
+ 0x00000052, 0x00000072, 0x00000052,
+ 0x00000053, 0x00000073, 0x00000053,
+ 0x00000054, 0x00000074, 0x00000054,
+ 0x00000055, 0x00000075, 0x00000055,
+ 0x00000056, 0x00000076, 0x00000056,
+ 0x00000057, 0x00000077, 0x00000057,
+ 0x00000058, 0x00000078, 0x00000058,
+ 0x00000059, 0x00000079, 0x00000059,
+ 0x0000005a, 0x0000007a, 0x0000005a,
+ 0x000000c0, 0x000000e0, 0x000000c0,
+ 0x000000c1, 0x000000e1, 0x000000c1,
+ 0x000000c2, 0x000000e2, 0x000000c2,
+ 0x000000c3, 0x000000e3, 0x000000c3,
+ 0x000000c4, 0x000000e4, 0x000000c4,
+ 0x000000c5, 0x000000e5, 0x000000c5,
+ 0x000000c6, 0x000000e6, 0x000000c6,
+ 0x000000c7, 0x000000e7, 0x000000c7,
+ 0x000000c8, 0x000000e8, 0x000000c8,
+ 0x000000c9, 0x000000e9, 0x000000c9,
+ 0x000000ca, 0x000000ea, 0x000000ca,
+ 0x000000cb, 0x000000eb, 0x000000cb,
+ 0x000000cc, 0x000000ec, 0x000000cc,
+ 0x000000cd, 0x000000ed, 0x000000cd,
+ 0x000000ce, 0x000000ee, 0x000000ce,
+ 0x000000cf, 0x000000ef, 0x000000cf,
+ 0x000000d0, 0x000000f0, 0x000000d0,
+ 0x000000d1, 0x000000f1, 0x000000d1,
+ 0x000000d2, 0x000000f2, 0x000000d2,
+ 0x000000d3, 0x000000f3, 0x000000d3,
+ 0x000000d4, 0x000000f4, 0x000000d4,
+ 0x000000d5, 0x000000f5, 0x000000d5,
+ 0x000000d6, 0x000000f6, 0x000000d6,
+ 0x000000d8, 0x000000f8, 0x000000d8,
+ 0x000000d9, 0x000000f9, 0x000000d9,
+ 0x000000da, 0x000000fa, 0x000000da,
+ 0x000000db, 0x000000fb, 0x000000db,
+ 0x000000dc, 0x000000fc, 0x000000dc,
+ 0x000000dd, 0x000000fd, 0x000000dd,
+ 0x000000de, 0x000000fe, 0x000000de,
+ 0x00000100, 0x00000101, 0x00000100,
+ 0x00000102, 0x00000103, 0x00000102,
+ 0x00000104, 0x00000105, 0x00000104,
+ 0x00000106, 0x00000107, 0x00000106,
+ 0x00000108, 0x00000109, 0x00000108,
+ 0x0000010a, 0x0000010b, 0x0000010a,
+ 0x0000010c, 0x0000010d, 0x0000010c,
+ 0x0000010e, 0x0000010f, 0x0000010e,
+ 0x00000110, 0x00000111, 0x00000110,
+ 0x00000112, 0x00000113, 0x00000112,
+ 0x00000114, 0x00000115, 0x00000114,
+ 0x00000116, 0x00000117, 0x00000116,
+ 0x00000118, 0x00000119, 0x00000118,
+ 0x0000011a, 0x0000011b, 0x0000011a,
+ 0x0000011c, 0x0000011d, 0x0000011c,
+ 0x0000011e, 0x0000011f, 0x0000011e,
+ 0x00000120, 0x00000121, 0x00000120,
+ 0x00000122, 0x00000123, 0x00000122,
+ 0x00000124, 0x00000125, 0x00000124,
+ 0x00000126, 0x00000127, 0x00000126,
+ 0x00000128, 0x00000129, 0x00000128,
+ 0x0000012a, 0x0000012b, 0x0000012a,
+ 0x0000012c, 0x0000012d, 0x0000012c,
+ 0x0000012e, 0x0000012f, 0x0000012e,
+ 0x00000130, 0x00000069, 0x00000130,
+ 0x00000132, 0x00000133, 0x00000132,
+ 0x00000134, 0x00000135, 0x00000134,
+ 0x00000136, 0x00000137, 0x00000136,
+ 0x00000139, 0x0000013a, 0x00000139,
+ 0x0000013b, 0x0000013c, 0x0000013b,
+ 0x0000013d, 0x0000013e, 0x0000013d,
+ 0x0000013f, 0x00000140, 0x0000013f,
+ 0x00000141, 0x00000142, 0x00000141,
+ 0x00000143, 0x00000144, 0x00000143,
+ 0x00000145, 0x00000146, 0x00000145,
+ 0x00000147, 0x00000148, 0x00000147,
+ 0x0000014a, 0x0000014b, 0x0000014a,
+ 0x0000014c, 0x0000014d, 0x0000014c,
+ 0x0000014e, 0x0000014f, 0x0000014e,
+ 0x00000150, 0x00000151, 0x00000150,
+ 0x00000152, 0x00000153, 0x00000152,
+ 0x00000154, 0x00000155, 0x00000154,
+ 0x00000156, 0x00000157, 0x00000156,
+ 0x00000158, 0x00000159, 0x00000158,
+ 0x0000015a, 0x0000015b, 0x0000015a,
+ 0x0000015c, 0x0000015d, 0x0000015c,
+ 0x0000015e, 0x0000015f, 0x0000015e,
+ 0x00000160, 0x00000161, 0x00000160,
+ 0x00000162, 0x00000163, 0x00000162,
+ 0x00000164, 0x00000165, 0x00000164,
+ 0x00000166, 0x00000167, 0x00000166,
+ 0x00000168, 0x00000169, 0x00000168,
+ 0x0000016a, 0x0000016b, 0x0000016a,
+ 0x0000016c, 0x0000016d, 0x0000016c,
+ 0x0000016e, 0x0000016f, 0x0000016e,
+ 0x00000170, 0x00000171, 0x00000170,
+ 0x00000172, 0x00000173, 0x00000172,
+ 0x00000174, 0x00000175, 0x00000174,
+ 0x00000176, 0x00000177, 0x00000176,
+ 0x00000178, 0x000000ff, 0x00000178,
+ 0x00000179, 0x0000017a, 0x00000179,
+ 0x0000017b, 0x0000017c, 0x0000017b,
+ 0x0000017d, 0x0000017e, 0x0000017d,
+ 0x00000181, 0x00000253, 0x00000181,
+ 0x00000182, 0x00000183, 0x00000182,
+ 0x00000184, 0x00000185, 0x00000184,
+ 0x00000186, 0x00000254, 0x00000186,
+ 0x00000187, 0x00000188, 0x00000187,
+ 0x00000189, 0x00000256, 0x00000189,
+ 0x0000018a, 0x00000257, 0x0000018a,
+ 0x0000018b, 0x0000018c, 0x0000018b,
+ 0x0000018e, 0x000001dd, 0x0000018e,
+ 0x0000018f, 0x00000259, 0x0000018f,
+ 0x00000190, 0x0000025b, 0x00000190,
+ 0x00000191, 0x00000192, 0x00000191,
+ 0x00000193, 0x00000260, 0x00000193,
+ 0x00000194, 0x00000263, 0x00000194,
+ 0x00000196, 0x00000269, 0x00000196,
+ 0x00000197, 0x00000268, 0x00000197,
+ 0x00000198, 0x00000199, 0x00000198,
+ 0x0000019c, 0x0000026f, 0x0000019c,
+ 0x0000019d, 0x00000272, 0x0000019d,
+ 0x0000019f, 0x00000275, 0x0000019f,
+ 0x000001a0, 0x000001a1, 0x000001a0,
+ 0x000001a2, 0x000001a3, 0x000001a2,
+ 0x000001a4, 0x000001a5, 0x000001a4,
+ 0x000001a6, 0x00000280, 0x000001a6,
+ 0x000001a7, 0x000001a8, 0x000001a7,
+ 0x000001a9, 0x00000283, 0x000001a9,
+ 0x000001ac, 0x000001ad, 0x000001ac,
+ 0x000001ae, 0x00000288, 0x000001ae,
+ 0x000001af, 0x000001b0, 0x000001af,
+ 0x000001b1, 0x0000028a, 0x000001b1,
+ 0x000001b2, 0x0000028b, 0x000001b2,
+ 0x000001b3, 0x000001b4, 0x000001b3,
+ 0x000001b5, 0x000001b6, 0x000001b5,
+ 0x000001b7, 0x00000292, 0x000001b7,
+ 0x000001b8, 0x000001b9, 0x000001b8,
+ 0x000001bc, 0x000001bd, 0x000001bc,
+ 0x000001c4, 0x000001c6, 0x000001c5,
+ 0x000001c7, 0x000001c9, 0x000001c8,
+ 0x000001ca, 0x000001cc, 0x000001cb,
+ 0x000001cd, 0x000001ce, 0x000001cd,
+ 0x000001cf, 0x000001d0, 0x000001cf,
+ 0x000001d1, 0x000001d2, 0x000001d1,
+ 0x000001d3, 0x000001d4, 0x000001d3,
+ 0x000001d5, 0x000001d6, 0x000001d5,
+ 0x000001d7, 0x000001d8, 0x000001d7,
+ 0x000001d9, 0x000001da, 0x000001d9,
+ 0x000001db, 0x000001dc, 0x000001db,
+ 0x000001de, 0x000001df, 0x000001de,
+ 0x000001e0, 0x000001e1, 0x000001e0,
+ 0x000001e2, 0x000001e3, 0x000001e2,
+ 0x000001e4, 0x000001e5, 0x000001e4,
+ 0x000001e6, 0x000001e7, 0x000001e6,
+ 0x000001e8, 0x000001e9, 0x000001e8,
+ 0x000001ea, 0x000001eb, 0x000001ea,
+ 0x000001ec, 0x000001ed, 0x000001ec,
+ 0x000001ee, 0x000001ef, 0x000001ee,
+ 0x000001f1, 0x000001f3, 0x000001f2,
+ 0x000001f4, 0x000001f5, 0x000001f4,
+ 0x000001f6, 0x00000195, 0x000001f6,
+ 0x000001f7, 0x000001bf, 0x000001f7,
+ 0x000001f8, 0x000001f9, 0x000001f8,
+ 0x000001fa, 0x000001fb, 0x000001fa,
+ 0x000001fc, 0x000001fd, 0x000001fc,
+ 0x000001fe, 0x000001ff, 0x000001fe,
+ 0x00000200, 0x00000201, 0x00000200,
+ 0x00000202, 0x00000203, 0x00000202,
+ 0x00000204, 0x00000205, 0x00000204,
+ 0x00000206, 0x00000207, 0x00000206,
+ 0x00000208, 0x00000209, 0x00000208,
+ 0x0000020a, 0x0000020b, 0x0000020a,
+ 0x0000020c, 0x0000020d, 0x0000020c,
+ 0x0000020e, 0x0000020f, 0x0000020e,
+ 0x00000210, 0x00000211, 0x00000210,
+ 0x00000212, 0x00000213, 0x00000212,
+ 0x00000214, 0x00000215, 0x00000214,
+ 0x00000216, 0x00000217, 0x00000216,
+ 0x00000218, 0x00000219, 0x00000218,
+ 0x0000021a, 0x0000021b, 0x0000021a,
+ 0x0000021c, 0x0000021d, 0x0000021c,
+ 0x0000021e, 0x0000021f, 0x0000021e,
+ 0x00000220, 0x0000019e, 0x00000220,
+ 0x00000222, 0x00000223, 0x00000222,
+ 0x00000224, 0x00000225, 0x00000224,
+ 0x00000226, 0x00000227, 0x00000226,
+ 0x00000228, 0x00000229, 0x00000228,
+ 0x0000022a, 0x0000022b, 0x0000022a,
+ 0x0000022c, 0x0000022d, 0x0000022c,
+ 0x0000022e, 0x0000022f, 0x0000022e,
+ 0x00000230, 0x00000231, 0x00000230,
+ 0x00000232, 0x00000233, 0x00000232,
+ 0x00000386, 0x000003ac, 0x00000386,
+ 0x00000388, 0x000003ad, 0x00000388,
+ 0x00000389, 0x000003ae, 0x00000389,
+ 0x0000038a, 0x000003af, 0x0000038a,
+ 0x0000038c, 0x000003cc, 0x0000038c,
+ 0x0000038e, 0x000003cd, 0x0000038e,
+ 0x0000038f, 0x000003ce, 0x0000038f,
+ 0x00000391, 0x000003b1, 0x00000391,
+ 0x00000392, 0x000003b2, 0x00000392,
+ 0x00000393, 0x000003b3, 0x00000393,
+ 0x00000394, 0x000003b4, 0x00000394,
+ 0x00000395, 0x000003b5, 0x00000395,
+ 0x00000396, 0x000003b6, 0x00000396,
+ 0x00000397, 0x000003b7, 0x00000397,
+ 0x00000398, 0x000003b8, 0x00000398,
+ 0x00000399, 0x000003b9, 0x00000399,
+ 0x0000039a, 0x000003ba, 0x0000039a,
+ 0x0000039b, 0x000003bb, 0x0000039b,
+ 0x0000039c, 0x000003bc, 0x0000039c,
+ 0x0000039d, 0x000003bd, 0x0000039d,
+ 0x0000039e, 0x000003be, 0x0000039e,
+ 0x0000039f, 0x000003bf, 0x0000039f,
+ 0x000003a0, 0x000003c0, 0x000003a0,
+ 0x000003a1, 0x000003c1, 0x000003a1,
+ 0x000003a3, 0x000003c3, 0x000003a3,
+ 0x000003a4, 0x000003c4, 0x000003a4,
+ 0x000003a5, 0x000003c5, 0x000003a5,
+ 0x000003a6, 0x000003c6, 0x000003a6,
+ 0x000003a7, 0x000003c7, 0x000003a7,
+ 0x000003a8, 0x000003c8, 0x000003a8,
+ 0x000003a9, 0x000003c9, 0x000003a9,
+ 0x000003aa, 0x000003ca, 0x000003aa,
+ 0x000003ab, 0x000003cb, 0x000003ab,
+ 0x000003d8, 0x000003d9, 0x000003d8,
+ 0x000003da, 0x000003db, 0x000003da,
+ 0x000003dc, 0x000003dd, 0x000003dc,
+ 0x000003de, 0x000003df, 0x000003de,
+ 0x000003e0, 0x000003e1, 0x000003e0,
+ 0x000003e2, 0x000003e3, 0x000003e2,
+ 0x000003e4, 0x000003e5, 0x000003e4,
+ 0x000003e6, 0x000003e7, 0x000003e6,
+ 0x000003e8, 0x000003e9, 0x000003e8,
+ 0x000003ea, 0x000003eb, 0x000003ea,
+ 0x000003ec, 0x000003ed, 0x000003ec,
+ 0x000003ee, 0x000003ef, 0x000003ee,
+ 0x000003f4, 0x000003b8, 0x000003f4,
+ 0x00000400, 0x00000450, 0x00000400,
+ 0x00000401, 0x00000451, 0x00000401,
+ 0x00000402, 0x00000452, 0x00000402,
+ 0x00000403, 0x00000453, 0x00000403,
+ 0x00000404, 0x00000454, 0x00000404,
+ 0x00000405, 0x00000455, 0x00000405,
+ 0x00000406, 0x00000456, 0x00000406,
+ 0x00000407, 0x00000457, 0x00000407,
+ 0x00000408, 0x00000458, 0x00000408,
+ 0x00000409, 0x00000459, 0x00000409,
+ 0x0000040a, 0x0000045a, 0x0000040a,
+ 0x0000040b, 0x0000045b, 0x0000040b,
+ 0x0000040c, 0x0000045c, 0x0000040c,
+ 0x0000040d, 0x0000045d, 0x0000040d,
+ 0x0000040e, 0x0000045e, 0x0000040e,
+ 0x0000040f, 0x0000045f, 0x0000040f,
+ 0x00000410, 0x00000430, 0x00000410,
+ 0x00000411, 0x00000431, 0x00000411,
+ 0x00000412, 0x00000432, 0x00000412,
+ 0x00000413, 0x00000433, 0x00000413,
+ 0x00000414, 0x00000434, 0x00000414,
+ 0x00000415, 0x00000435, 0x00000415,
+ 0x00000416, 0x00000436, 0x00000416,
+ 0x00000417, 0x00000437, 0x00000417,
+ 0x00000418, 0x00000438, 0x00000418,
+ 0x00000419, 0x00000439, 0x00000419,
+ 0x0000041a, 0x0000043a, 0x0000041a,
+ 0x0000041b, 0x0000043b, 0x0000041b,
+ 0x0000041c, 0x0000043c, 0x0000041c,
+ 0x0000041d, 0x0000043d, 0x0000041d,
+ 0x0000041e, 0x0000043e, 0x0000041e,
+ 0x0000041f, 0x0000043f, 0x0000041f,
+ 0x00000420, 0x00000440, 0x00000420,
+ 0x00000421, 0x00000441, 0x00000421,
+ 0x00000422, 0x00000442, 0x00000422,
+ 0x00000423, 0x00000443, 0x00000423,
+ 0x00000424, 0x00000444, 0x00000424,
+ 0x00000425, 0x00000445, 0x00000425,
+ 0x00000426, 0x00000446, 0x00000426,
+ 0x00000427, 0x00000447, 0x00000427,
+ 0x00000428, 0x00000448, 0x00000428,
+ 0x00000429, 0x00000449, 0x00000429,
+ 0x0000042a, 0x0000044a, 0x0000042a,
+ 0x0000042b, 0x0000044b, 0x0000042b,
+ 0x0000042c, 0x0000044c, 0x0000042c,
+ 0x0000042d, 0x0000044d, 0x0000042d,
+ 0x0000042e, 0x0000044e, 0x0000042e,
+ 0x0000042f, 0x0000044f, 0x0000042f,
+ 0x00000460, 0x00000461, 0x00000460,
+ 0x00000462, 0x00000463, 0x00000462,
+ 0x00000464, 0x00000465, 0x00000464,
+ 0x00000466, 0x00000467, 0x00000466,
+ 0x00000468, 0x00000469, 0x00000468,
+ 0x0000046a, 0x0000046b, 0x0000046a,
+ 0x0000046c, 0x0000046d, 0x0000046c,
+ 0x0000046e, 0x0000046f, 0x0000046e,
+ 0x00000470, 0x00000471, 0x00000470,
+ 0x00000472, 0x00000473, 0x00000472,
+ 0x00000474, 0x00000475, 0x00000474,
+ 0x00000476, 0x00000477, 0x00000476,
+ 0x00000478, 0x00000479, 0x00000478,
+ 0x0000047a, 0x0000047b, 0x0000047a,
+ 0x0000047c, 0x0000047d, 0x0000047c,
+ 0x0000047e, 0x0000047f, 0x0000047e,
+ 0x00000480, 0x00000481, 0x00000480,
+ 0x0000048a, 0x0000048b, 0x0000048a,
+ 0x0000048c, 0x0000048d, 0x0000048c,
+ 0x0000048e, 0x0000048f, 0x0000048e,
+ 0x00000490, 0x00000491, 0x00000490,
+ 0x00000492, 0x00000493, 0x00000492,
+ 0x00000494, 0x00000495, 0x00000494,
+ 0x00000496, 0x00000497, 0x00000496,
+ 0x00000498, 0x00000499, 0x00000498,
+ 0x0000049a, 0x0000049b, 0x0000049a,
+ 0x0000049c, 0x0000049d, 0x0000049c,
+ 0x0000049e, 0x0000049f, 0x0000049e,
+ 0x000004a0, 0x000004a1, 0x000004a0,
+ 0x000004a2, 0x000004a3, 0x000004a2,
+ 0x000004a4, 0x000004a5, 0x000004a4,
+ 0x000004a6, 0x000004a7, 0x000004a6,
+ 0x000004a8, 0x000004a9, 0x000004a8,
+ 0x000004aa, 0x000004ab, 0x000004aa,
+ 0x000004ac, 0x000004ad, 0x000004ac,
+ 0x000004ae, 0x000004af, 0x000004ae,
+ 0x000004b0, 0x000004b1, 0x000004b0,
+ 0x000004b2, 0x000004b3, 0x000004b2,
+ 0x000004b4, 0x000004b5, 0x000004b4,
+ 0x000004b6, 0x000004b7, 0x000004b6,
+ 0x000004b8, 0x000004b9, 0x000004b8,
+ 0x000004ba, 0x000004bb, 0x000004ba,
+ 0x000004bc, 0x000004bd, 0x000004bc,
+ 0x000004be, 0x000004bf, 0x000004be,
+ 0x000004c1, 0x000004c2, 0x000004c1,
+ 0x000004c3, 0x000004c4, 0x000004c3,
+ 0x000004c5, 0x000004c6, 0x000004c5,
+ 0x000004c7, 0x000004c8, 0x000004c7,
+ 0x000004c9, 0x000004ca, 0x000004c9,
+ 0x000004cb, 0x000004cc, 0x000004cb,
+ 0x000004cd, 0x000004ce, 0x000004cd,
+ 0x000004d0, 0x000004d1, 0x000004d0,
+ 0x000004d2, 0x000004d3, 0x000004d2,
+ 0x000004d4, 0x000004d5, 0x000004d4,
+ 0x000004d6, 0x000004d7, 0x000004d6,
+ 0x000004d8, 0x000004d9, 0x000004d8,
+ 0x000004da, 0x000004db, 0x000004da,
+ 0x000004dc, 0x000004dd, 0x000004dc,
+ 0x000004de, 0x000004df, 0x000004de,
+ 0x000004e0, 0x000004e1, 0x000004e0,
+ 0x000004e2, 0x000004e3, 0x000004e2,
+ 0x000004e4, 0x000004e5, 0x000004e4,
+ 0x000004e6, 0x000004e7, 0x000004e6,
+ 0x000004e8, 0x000004e9, 0x000004e8,
+ 0x000004ea, 0x000004eb, 0x000004ea,
+ 0x000004ec, 0x000004ed, 0x000004ec,
+ 0x000004ee, 0x000004ef, 0x000004ee,
+ 0x000004f0, 0x000004f1, 0x000004f0,
+ 0x000004f2, 0x000004f3, 0x000004f2,
+ 0x000004f4, 0x000004f5, 0x000004f4,
+ 0x000004f8, 0x000004f9, 0x000004f8,
+ 0x00000500, 0x00000501, 0x00000500,
+ 0x00000502, 0x00000503, 0x00000502,
+ 0x00000504, 0x00000505, 0x00000504,
+ 0x00000506, 0x00000507, 0x00000506,
+ 0x00000508, 0x00000509, 0x00000508,
+ 0x0000050a, 0x0000050b, 0x0000050a,
+ 0x0000050c, 0x0000050d, 0x0000050c,
+ 0x0000050e, 0x0000050f, 0x0000050e,
+ 0x00000531, 0x00000561, 0x00000531,
+ 0x00000532, 0x00000562, 0x00000532,
+ 0x00000533, 0x00000563, 0x00000533,
+ 0x00000534, 0x00000564, 0x00000534,
+ 0x00000535, 0x00000565, 0x00000535,
+ 0x00000536, 0x00000566, 0x00000536,
+ 0x00000537, 0x00000567, 0x00000537,
+ 0x00000538, 0x00000568, 0x00000538,
+ 0x00000539, 0x00000569, 0x00000539,
+ 0x0000053a, 0x0000056a, 0x0000053a,
+ 0x0000053b, 0x0000056b, 0x0000053b,
+ 0x0000053c, 0x0000056c, 0x0000053c,
+ 0x0000053d, 0x0000056d, 0x0000053d,
+ 0x0000053e, 0x0000056e, 0x0000053e,
+ 0x0000053f, 0x0000056f, 0x0000053f,
+ 0x00000540, 0x00000570, 0x00000540,
+ 0x00000541, 0x00000571, 0x00000541,
+ 0x00000542, 0x00000572, 0x00000542,
+ 0x00000543, 0x00000573, 0x00000543,
+ 0x00000544, 0x00000574, 0x00000544,
+ 0x00000545, 0x00000575, 0x00000545,
+ 0x00000546, 0x00000576, 0x00000546,
+ 0x00000547, 0x00000577, 0x00000547,
+ 0x00000548, 0x00000578, 0x00000548,
+ 0x00000549, 0x00000579, 0x00000549,
+ 0x0000054a, 0x0000057a, 0x0000054a,
+ 0x0000054b, 0x0000057b, 0x0000054b,
+ 0x0000054c, 0x0000057c, 0x0000054c,
+ 0x0000054d, 0x0000057d, 0x0000054d,
+ 0x0000054e, 0x0000057e, 0x0000054e,
+ 0x0000054f, 0x0000057f, 0x0000054f,
+ 0x00000550, 0x00000580, 0x00000550,
+ 0x00000551, 0x00000581, 0x00000551,
+ 0x00000552, 0x00000582, 0x00000552,
+ 0x00000553, 0x00000583, 0x00000553,
+ 0x00000554, 0x00000584, 0x00000554,
+ 0x00000555, 0x00000585, 0x00000555,
+ 0x00000556, 0x00000586, 0x00000556,
+ 0x00001e00, 0x00001e01, 0x00001e00,
+ 0x00001e02, 0x00001e03, 0x00001e02,
+ 0x00001e04, 0x00001e05, 0x00001e04,
+ 0x00001e06, 0x00001e07, 0x00001e06,
+ 0x00001e08, 0x00001e09, 0x00001e08,
+ 0x00001e0a, 0x00001e0b, 0x00001e0a,
+ 0x00001e0c, 0x00001e0d, 0x00001e0c,
+ 0x00001e0e, 0x00001e0f, 0x00001e0e,
+ 0x00001e10, 0x00001e11, 0x00001e10,
+ 0x00001e12, 0x00001e13, 0x00001e12,
+ 0x00001e14, 0x00001e15, 0x00001e14,
+ 0x00001e16, 0x00001e17, 0x00001e16,
+ 0x00001e18, 0x00001e19, 0x00001e18,
+ 0x00001e1a, 0x00001e1b, 0x00001e1a,
+ 0x00001e1c, 0x00001e1d, 0x00001e1c,
+ 0x00001e1e, 0x00001e1f, 0x00001e1e,
+ 0x00001e20, 0x00001e21, 0x00001e20,
+ 0x00001e22, 0x00001e23, 0x00001e22,
+ 0x00001e24, 0x00001e25, 0x00001e24,
+ 0x00001e26, 0x00001e27, 0x00001e26,
+ 0x00001e28, 0x00001e29, 0x00001e28,
+ 0x00001e2a, 0x00001e2b, 0x00001e2a,
+ 0x00001e2c, 0x00001e2d, 0x00001e2c,
+ 0x00001e2e, 0x00001e2f, 0x00001e2e,
+ 0x00001e30, 0x00001e31, 0x00001e30,
+ 0x00001e32, 0x00001e33, 0x00001e32,
+ 0x00001e34, 0x00001e35, 0x00001e34,
+ 0x00001e36, 0x00001e37, 0x00001e36,
+ 0x00001e38, 0x00001e39, 0x00001e38,
+ 0x00001e3a, 0x00001e3b, 0x00001e3a,
+ 0x00001e3c, 0x00001e3d, 0x00001e3c,
+ 0x00001e3e, 0x00001e3f, 0x00001e3e,
+ 0x00001e40, 0x00001e41, 0x00001e40,
+ 0x00001e42, 0x00001e43, 0x00001e42,
+ 0x00001e44, 0x00001e45, 0x00001e44,
+ 0x00001e46, 0x00001e47, 0x00001e46,
+ 0x00001e48, 0x00001e49, 0x00001e48,
+ 0x00001e4a, 0x00001e4b, 0x00001e4a,
+ 0x00001e4c, 0x00001e4d, 0x00001e4c,
+ 0x00001e4e, 0x00001e4f, 0x00001e4e,
+ 0x00001e50, 0x00001e51, 0x00001e50,
+ 0x00001e52, 0x00001e53, 0x00001e52,
+ 0x00001e54, 0x00001e55, 0x00001e54,
+ 0x00001e56, 0x00001e57, 0x00001e56,
+ 0x00001e58, 0x00001e59, 0x00001e58,
+ 0x00001e5a, 0x00001e5b, 0x00001e5a,
+ 0x00001e5c, 0x00001e5d, 0x00001e5c,
+ 0x00001e5e, 0x00001e5f, 0x00001e5e,
+ 0x00001e60, 0x00001e61, 0x00001e60,
+ 0x00001e62, 0x00001e63, 0x00001e62,
+ 0x00001e64, 0x00001e65, 0x00001e64,
+ 0x00001e66, 0x00001e67, 0x00001e66,
+ 0x00001e68, 0x00001e69, 0x00001e68,
+ 0x00001e6a, 0x00001e6b, 0x00001e6a,
+ 0x00001e6c, 0x00001e6d, 0x00001e6c,
+ 0x00001e6e, 0x00001e6f, 0x00001e6e,
+ 0x00001e70, 0x00001e71, 0x00001e70,
+ 0x00001e72, 0x00001e73, 0x00001e72,
+ 0x00001e74, 0x00001e75, 0x00001e74,
+ 0x00001e76, 0x00001e77, 0x00001e76,
+ 0x00001e78, 0x00001e79, 0x00001e78,
+ 0x00001e7a, 0x00001e7b, 0x00001e7a,
+ 0x00001e7c, 0x00001e7d, 0x00001e7c,
+ 0x00001e7e, 0x00001e7f, 0x00001e7e,
+ 0x00001e80, 0x00001e81, 0x00001e80,
+ 0x00001e82, 0x00001e83, 0x00001e82,
+ 0x00001e84, 0x00001e85, 0x00001e84,
+ 0x00001e86, 0x00001e87, 0x00001e86,
+ 0x00001e88, 0x00001e89, 0x00001e88,
+ 0x00001e8a, 0x00001e8b, 0x00001e8a,
+ 0x00001e8c, 0x00001e8d, 0x00001e8c,
+ 0x00001e8e, 0x00001e8f, 0x00001e8e,
+ 0x00001e90, 0x00001e91, 0x00001e90,
+ 0x00001e92, 0x00001e93, 0x00001e92,
+ 0x00001e94, 0x00001e95, 0x00001e94,
+ 0x00001ea0, 0x00001ea1, 0x00001ea0,
+ 0x00001ea2, 0x00001ea3, 0x00001ea2,
+ 0x00001ea4, 0x00001ea5, 0x00001ea4,
+ 0x00001ea6, 0x00001ea7, 0x00001ea6,
+ 0x00001ea8, 0x00001ea9, 0x00001ea8,
+ 0x00001eaa, 0x00001eab, 0x00001eaa,
+ 0x00001eac, 0x00001ead, 0x00001eac,
+ 0x00001eae, 0x00001eaf, 0x00001eae,
+ 0x00001eb0, 0x00001eb1, 0x00001eb0,
+ 0x00001eb2, 0x00001eb3, 0x00001eb2,
+ 0x00001eb4, 0x00001eb5, 0x00001eb4,
+ 0x00001eb6, 0x00001eb7, 0x00001eb6,
+ 0x00001eb8, 0x00001eb9, 0x00001eb8,
+ 0x00001eba, 0x00001ebb, 0x00001eba,
+ 0x00001ebc, 0x00001ebd, 0x00001ebc,
+ 0x00001ebe, 0x00001ebf, 0x00001ebe,
+ 0x00001ec0, 0x00001ec1, 0x00001ec0,
+ 0x00001ec2, 0x00001ec3, 0x00001ec2,
+ 0x00001ec4, 0x00001ec5, 0x00001ec4,
+ 0x00001ec6, 0x00001ec7, 0x00001ec6,
+ 0x00001ec8, 0x00001ec9, 0x00001ec8,
+ 0x00001eca, 0x00001ecb, 0x00001eca,
+ 0x00001ecc, 0x00001ecd, 0x00001ecc,
+ 0x00001ece, 0x00001ecf, 0x00001ece,
+ 0x00001ed0, 0x00001ed1, 0x00001ed0,
+ 0x00001ed2, 0x00001ed3, 0x00001ed2,
+ 0x00001ed4, 0x00001ed5, 0x00001ed4,
+ 0x00001ed6, 0x00001ed7, 0x00001ed6,
+ 0x00001ed8, 0x00001ed9, 0x00001ed8,
+ 0x00001eda, 0x00001edb, 0x00001eda,
+ 0x00001edc, 0x00001edd, 0x00001edc,
+ 0x00001ede, 0x00001edf, 0x00001ede,
+ 0x00001ee0, 0x00001ee1, 0x00001ee0,
+ 0x00001ee2, 0x00001ee3, 0x00001ee2,
+ 0x00001ee4, 0x00001ee5, 0x00001ee4,
+ 0x00001ee6, 0x00001ee7, 0x00001ee6,
+ 0x00001ee8, 0x00001ee9, 0x00001ee8,
+ 0x00001eea, 0x00001eeb, 0x00001eea,
+ 0x00001eec, 0x00001eed, 0x00001eec,
+ 0x00001eee, 0x00001eef, 0x00001eee,
+ 0x00001ef0, 0x00001ef1, 0x00001ef0,
+ 0x00001ef2, 0x00001ef3, 0x00001ef2,
+ 0x00001ef4, 0x00001ef5, 0x00001ef4,
+ 0x00001ef6, 0x00001ef7, 0x00001ef6,
+ 0x00001ef8, 0x00001ef9, 0x00001ef8,
+ 0x00001f08, 0x00001f00, 0x00001f08,
+ 0x00001f09, 0x00001f01, 0x00001f09,
+ 0x00001f0a, 0x00001f02, 0x00001f0a,
+ 0x00001f0b, 0x00001f03, 0x00001f0b,
+ 0x00001f0c, 0x00001f04, 0x00001f0c,
+ 0x00001f0d, 0x00001f05, 0x00001f0d,
+ 0x00001f0e, 0x00001f06, 0x00001f0e,
+ 0x00001f0f, 0x00001f07, 0x00001f0f,
+ 0x00001f18, 0x00001f10, 0x00001f18,
+ 0x00001f19, 0x00001f11, 0x00001f19,
+ 0x00001f1a, 0x00001f12, 0x00001f1a,
+ 0x00001f1b, 0x00001f13, 0x00001f1b,
+ 0x00001f1c, 0x00001f14, 0x00001f1c,
+ 0x00001f1d, 0x00001f15, 0x00001f1d,
+ 0x00001f28, 0x00001f20, 0x00001f28,
+ 0x00001f29, 0x00001f21, 0x00001f29,
+ 0x00001f2a, 0x00001f22, 0x00001f2a,
+ 0x00001f2b, 0x00001f23, 0x00001f2b,
+ 0x00001f2c, 0x00001f24, 0x00001f2c,
+ 0x00001f2d, 0x00001f25, 0x00001f2d,
+ 0x00001f2e, 0x00001f26, 0x00001f2e,
+ 0x00001f2f, 0x00001f27, 0x00001f2f,
+ 0x00001f38, 0x00001f30, 0x00001f38,
+ 0x00001f39, 0x00001f31, 0x00001f39,
+ 0x00001f3a, 0x00001f32, 0x00001f3a,
+ 0x00001f3b, 0x00001f33, 0x00001f3b,
+ 0x00001f3c, 0x00001f34, 0x00001f3c,
+ 0x00001f3d, 0x00001f35, 0x00001f3d,
+ 0x00001f3e, 0x00001f36, 0x00001f3e,
+ 0x00001f3f, 0x00001f37, 0x00001f3f,
+ 0x00001f48, 0x00001f40, 0x00001f48,
+ 0x00001f49, 0x00001f41, 0x00001f49,
+ 0x00001f4a, 0x00001f42, 0x00001f4a,
+ 0x00001f4b, 0x00001f43, 0x00001f4b,
+ 0x00001f4c, 0x00001f44, 0x00001f4c,
+ 0x00001f4d, 0x00001f45, 0x00001f4d,
+ 0x00001f59, 0x00001f51, 0x00001f59,
+ 0x00001f5b, 0x00001f53, 0x00001f5b,
+ 0x00001f5d, 0x00001f55, 0x00001f5d,
+ 0x00001f5f, 0x00001f57, 0x00001f5f,
+ 0x00001f68, 0x00001f60, 0x00001f68,
+ 0x00001f69, 0x00001f61, 0x00001f69,
+ 0x00001f6a, 0x00001f62, 0x00001f6a,
+ 0x00001f6b, 0x00001f63, 0x00001f6b,
+ 0x00001f6c, 0x00001f64, 0x00001f6c,
+ 0x00001f6d, 0x00001f65, 0x00001f6d,
+ 0x00001f6e, 0x00001f66, 0x00001f6e,
+ 0x00001f6f, 0x00001f67, 0x00001f6f,
+ 0x00001f88, 0x00001f80, 0x00001f88,
+ 0x00001f89, 0x00001f81, 0x00001f89,
+ 0x00001f8a, 0x00001f82, 0x00001f8a,
+ 0x00001f8b, 0x00001f83, 0x00001f8b,
+ 0x00001f8c, 0x00001f84, 0x00001f8c,
+ 0x00001f8d, 0x00001f85, 0x00001f8d,
+ 0x00001f8e, 0x00001f86, 0x00001f8e,
+ 0x00001f8f, 0x00001f87, 0x00001f8f,
+ 0x00001f98, 0x00001f90, 0x00001f98,
+ 0x00001f99, 0x00001f91, 0x00001f99,
+ 0x00001f9a, 0x00001f92, 0x00001f9a,
+ 0x00001f9b, 0x00001f93, 0x00001f9b,
+ 0x00001f9c, 0x00001f94, 0x00001f9c,
+ 0x00001f9d, 0x00001f95, 0x00001f9d,
+ 0x00001f9e, 0x00001f96, 0x00001f9e,
+ 0x00001f9f, 0x00001f97, 0x00001f9f,
+ 0x00001fa8, 0x00001fa0, 0x00001fa8,
+ 0x00001fa9, 0x00001fa1, 0x00001fa9,
+ 0x00001faa, 0x00001fa2, 0x00001faa,
+ 0x00001fab, 0x00001fa3, 0x00001fab,
+ 0x00001fac, 0x00001fa4, 0x00001fac,
+ 0x00001fad, 0x00001fa5, 0x00001fad,
+ 0x00001fae, 0x00001fa6, 0x00001fae,
+ 0x00001faf, 0x00001fa7, 0x00001faf,
+ 0x00001fb8, 0x00001fb0, 0x00001fb8,
+ 0x00001fb9, 0x00001fb1, 0x00001fb9,
+ 0x00001fba, 0x00001f70, 0x00001fba,
+ 0x00001fbb, 0x00001f71, 0x00001fbb,
+ 0x00001fbc, 0x00001fb3, 0x00001fbc,
+ 0x00001fc8, 0x00001f72, 0x00001fc8,
+ 0x00001fc9, 0x00001f73, 0x00001fc9,
+ 0x00001fca, 0x00001f74, 0x00001fca,
+ 0x00001fcb, 0x00001f75, 0x00001fcb,
+ 0x00001fcc, 0x00001fc3, 0x00001fcc,
+ 0x00001fd8, 0x00001fd0, 0x00001fd8,
+ 0x00001fd9, 0x00001fd1, 0x00001fd9,
+ 0x00001fda, 0x00001f76, 0x00001fda,
+ 0x00001fdb, 0x00001f77, 0x00001fdb,
+ 0x00001fe8, 0x00001fe0, 0x00001fe8,
+ 0x00001fe9, 0x00001fe1, 0x00001fe9,
+ 0x00001fea, 0x00001f7a, 0x00001fea,
+ 0x00001feb, 0x00001f7b, 0x00001feb,
+ 0x00001fec, 0x00001fe5, 0x00001fec,
+ 0x00001ff8, 0x00001f78, 0x00001ff8,
+ 0x00001ff9, 0x00001f79, 0x00001ff9,
+ 0x00001ffa, 0x00001f7c, 0x00001ffa,
+ 0x00001ffb, 0x00001f7d, 0x00001ffb,
+ 0x00001ffc, 0x00001ff3, 0x00001ffc,
+ 0x00002126, 0x000003c9, 0x00002126,
+ 0x0000212a, 0x0000006b, 0x0000212a,
+ 0x0000212b, 0x000000e5, 0x0000212b,
+ 0x00002160, 0x00002170, 0x00002160,
+ 0x00002161, 0x00002171, 0x00002161,
+ 0x00002162, 0x00002172, 0x00002162,
+ 0x00002163, 0x00002173, 0x00002163,
+ 0x00002164, 0x00002174, 0x00002164,
+ 0x00002165, 0x00002175, 0x00002165,
+ 0x00002166, 0x00002176, 0x00002166,
+ 0x00002167, 0x00002177, 0x00002167,
+ 0x00002168, 0x00002178, 0x00002168,
+ 0x00002169, 0x00002179, 0x00002169,
+ 0x0000216a, 0x0000217a, 0x0000216a,
+ 0x0000216b, 0x0000217b, 0x0000216b,
+ 0x0000216c, 0x0000217c, 0x0000216c,
+ 0x0000216d, 0x0000217d, 0x0000216d,
+ 0x0000216e, 0x0000217e, 0x0000216e,
+ 0x0000216f, 0x0000217f, 0x0000216f,
+ 0x000024b6, 0x000024d0, 0x000024b6,
+ 0x000024b7, 0x000024d1, 0x000024b7,
+ 0x000024b8, 0x000024d2, 0x000024b8,
+ 0x000024b9, 0x000024d3, 0x000024b9,
+ 0x000024ba, 0x000024d4, 0x000024ba,
+ 0x000024bb, 0x000024d5, 0x000024bb,
+ 0x000024bc, 0x000024d6, 0x000024bc,
+ 0x000024bd, 0x000024d7, 0x000024bd,
+ 0x000024be, 0x000024d8, 0x000024be,
+ 0x000024bf, 0x000024d9, 0x000024bf,
+ 0x000024c0, 0x000024da, 0x000024c0,
+ 0x000024c1, 0x000024db, 0x000024c1,
+ 0x000024c2, 0x000024dc, 0x000024c2,
+ 0x000024c3, 0x000024dd, 0x000024c3,
+ 0x000024c4, 0x000024de, 0x000024c4,
+ 0x000024c5, 0x000024df, 0x000024c5,
+ 0x000024c6, 0x000024e0, 0x000024c6,
+ 0x000024c7, 0x000024e1, 0x000024c7,
+ 0x000024c8, 0x000024e2, 0x000024c8,
+ 0x000024c9, 0x000024e3, 0x000024c9,
+ 0x000024ca, 0x000024e4, 0x000024ca,
+ 0x000024cb, 0x000024e5, 0x000024cb,
+ 0x000024cc, 0x000024e6, 0x000024cc,
+ 0x000024cd, 0x000024e7, 0x000024cd,
+ 0x000024ce, 0x000024e8, 0x000024ce,
+ 0x000024cf, 0x000024e9, 0x000024cf,
+ 0x0000ff21, 0x0000ff41, 0x0000ff21,
+ 0x0000ff22, 0x0000ff42, 0x0000ff22,
+ 0x0000ff23, 0x0000ff43, 0x0000ff23,
+ 0x0000ff24, 0x0000ff44, 0x0000ff24,
+ 0x0000ff25, 0x0000ff45, 0x0000ff25,
+ 0x0000ff26, 0x0000ff46, 0x0000ff26,
+ 0x0000ff27, 0x0000ff47, 0x0000ff27,
+ 0x0000ff28, 0x0000ff48, 0x0000ff28,
+ 0x0000ff29, 0x0000ff49, 0x0000ff29,
+ 0x0000ff2a, 0x0000ff4a, 0x0000ff2a,
+ 0x0000ff2b, 0x0000ff4b, 0x0000ff2b,
+ 0x0000ff2c, 0x0000ff4c, 0x0000ff2c,
+ 0x0000ff2d, 0x0000ff4d, 0x0000ff2d,
+ 0x0000ff2e, 0x0000ff4e, 0x0000ff2e,
+ 0x0000ff2f, 0x0000ff4f, 0x0000ff2f,
+ 0x0000ff30, 0x0000ff50, 0x0000ff30,
+ 0x0000ff31, 0x0000ff51, 0x0000ff31,
+ 0x0000ff32, 0x0000ff52, 0x0000ff32,
+ 0x0000ff33, 0x0000ff53, 0x0000ff33,
+ 0x0000ff34, 0x0000ff54, 0x0000ff34,
+ 0x0000ff35, 0x0000ff55, 0x0000ff35,
+ 0x0000ff36, 0x0000ff56, 0x0000ff36,
+ 0x0000ff37, 0x0000ff57, 0x0000ff37,
+ 0x0000ff38, 0x0000ff58, 0x0000ff38,
+ 0x0000ff39, 0x0000ff59, 0x0000ff39,
+ 0x0000ff3a, 0x0000ff5a, 0x0000ff3a,
+ 0x00010400, 0x00010428, 0x00010400,
+ 0x00010401, 0x00010429, 0x00010401,
+ 0x00010402, 0x0001042a, 0x00010402,
+ 0x00010403, 0x0001042b, 0x00010403,
+ 0x00010404, 0x0001042c, 0x00010404,
+ 0x00010405, 0x0001042d, 0x00010405,
+ 0x00010406, 0x0001042e, 0x00010406,
+ 0x00010407, 0x0001042f, 0x00010407,
+ 0x00010408, 0x00010430, 0x00010408,
+ 0x00010409, 0x00010431, 0x00010409,
+ 0x0001040a, 0x00010432, 0x0001040a,
+ 0x0001040b, 0x00010433, 0x0001040b,
+ 0x0001040c, 0x00010434, 0x0001040c,
+ 0x0001040d, 0x00010435, 0x0001040d,
+ 0x0001040e, 0x00010436, 0x0001040e,
+ 0x0001040f, 0x00010437, 0x0001040f,
+ 0x00010410, 0x00010438, 0x00010410,
+ 0x00010411, 0x00010439, 0x00010411,
+ 0x00010412, 0x0001043a, 0x00010412,
+ 0x00010413, 0x0001043b, 0x00010413,
+ 0x00010414, 0x0001043c, 0x00010414,
+ 0x00010415, 0x0001043d, 0x00010415,
+ 0x00010416, 0x0001043e, 0x00010416,
+ 0x00010417, 0x0001043f, 0x00010417,
+ 0x00010418, 0x00010440, 0x00010418,
+ 0x00010419, 0x00010441, 0x00010419,
+ 0x0001041a, 0x00010442, 0x0001041a,
+ 0x0001041b, 0x00010443, 0x0001041b,
+ 0x0001041c, 0x00010444, 0x0001041c,
+ 0x0001041d, 0x00010445, 0x0001041d,
+ 0x0001041e, 0x00010446, 0x0001041e,
+ 0x0001041f, 0x00010447, 0x0001041f,
+ 0x00010420, 0x00010448, 0x00010420,
+ 0x00010421, 0x00010449, 0x00010421,
+ 0x00010422, 0x0001044a, 0x00010422,
+ 0x00010423, 0x0001044b, 0x00010423,
+ 0x00010424, 0x0001044c, 0x00010424,
+ 0x00010425, 0x0001044d, 0x00010425,
+ 0x00000061, 0x00000041, 0x00000041,
+ 0x00000062, 0x00000042, 0x00000042,
+ 0x00000063, 0x00000043, 0x00000043,
+ 0x00000064, 0x00000044, 0x00000044,
+ 0x00000065, 0x00000045, 0x00000045,
+ 0x00000066, 0x00000046, 0x00000046,
+ 0x00000067, 0x00000047, 0x00000047,
+ 0x00000068, 0x00000048, 0x00000048,
+ 0x00000069, 0x00000049, 0x00000049,
+ 0x0000006a, 0x0000004a, 0x0000004a,
+ 0x0000006b, 0x0000004b, 0x0000004b,
+ 0x0000006c, 0x0000004c, 0x0000004c,
+ 0x0000006d, 0x0000004d, 0x0000004d,
+ 0x0000006e, 0x0000004e, 0x0000004e,
+ 0x0000006f, 0x0000004f, 0x0000004f,
+ 0x00000070, 0x00000050, 0x00000050,
+ 0x00000071, 0x00000051, 0x00000051,
+ 0x00000072, 0x00000052, 0x00000052,
+ 0x00000073, 0x00000053, 0x00000053,
+ 0x00000074, 0x00000054, 0x00000054,
+ 0x00000075, 0x00000055, 0x00000055,
+ 0x00000076, 0x00000056, 0x00000056,
+ 0x00000077, 0x00000057, 0x00000057,
+ 0x00000078, 0x00000058, 0x00000058,
+ 0x00000079, 0x00000059, 0x00000059,
+ 0x0000007a, 0x0000005a, 0x0000005a,
+ 0x000000b5, 0x0000039c, 0x0000039c,
+ 0x000000e0, 0x000000c0, 0x000000c0,
+ 0x000000e1, 0x000000c1, 0x000000c1,
+ 0x000000e2, 0x000000c2, 0x000000c2,
+ 0x000000e3, 0x000000c3, 0x000000c3,
+ 0x000000e4, 0x000000c4, 0x000000c4,
+ 0x000000e5, 0x000000c5, 0x000000c5,
+ 0x000000e6, 0x000000c6, 0x000000c6,
+ 0x000000e7, 0x000000c7, 0x000000c7,
+ 0x000000e8, 0x000000c8, 0x000000c8,
+ 0x000000e9, 0x000000c9, 0x000000c9,
+ 0x000000ea, 0x000000ca, 0x000000ca,
+ 0x000000eb, 0x000000cb, 0x000000cb,
+ 0x000000ec, 0x000000cc, 0x000000cc,
+ 0x000000ed, 0x000000cd, 0x000000cd,
+ 0x000000ee, 0x000000ce, 0x000000ce,
+ 0x000000ef, 0x000000cf, 0x000000cf,
+ 0x000000f0, 0x000000d0, 0x000000d0,
+ 0x000000f1, 0x000000d1, 0x000000d1,
+ 0x000000f2, 0x000000d2, 0x000000d2,
+ 0x000000f3, 0x000000d3, 0x000000d3,
+ 0x000000f4, 0x000000d4, 0x000000d4,
+ 0x000000f5, 0x000000d5, 0x000000d5,
+ 0x000000f6, 0x000000d6, 0x000000d6,
+ 0x000000f8, 0x000000d8, 0x000000d8,
+ 0x000000f9, 0x000000d9, 0x000000d9,
+ 0x000000fa, 0x000000da, 0x000000da,
+ 0x000000fb, 0x000000db, 0x000000db,
+ 0x000000fc, 0x000000dc, 0x000000dc,
+ 0x000000fd, 0x000000dd, 0x000000dd,
+ 0x000000fe, 0x000000de, 0x000000de,
+ 0x000000ff, 0x00000178, 0x00000178,
+ 0x00000101, 0x00000100, 0x00000100,
+ 0x00000103, 0x00000102, 0x00000102,
+ 0x00000105, 0x00000104, 0x00000104,
+ 0x00000107, 0x00000106, 0x00000106,
+ 0x00000109, 0x00000108, 0x00000108,
+ 0x0000010b, 0x0000010a, 0x0000010a,
+ 0x0000010d, 0x0000010c, 0x0000010c,
+ 0x0000010f, 0x0000010e, 0x0000010e,
+ 0x00000111, 0x00000110, 0x00000110,
+ 0x00000113, 0x00000112, 0x00000112,
+ 0x00000115, 0x00000114, 0x00000114,
+ 0x00000117, 0x00000116, 0x00000116,
+ 0x00000119, 0x00000118, 0x00000118,
+ 0x0000011b, 0x0000011a, 0x0000011a,
+ 0x0000011d, 0x0000011c, 0x0000011c,
+ 0x0000011f, 0x0000011e, 0x0000011e,
+ 0x00000121, 0x00000120, 0x00000120,
+ 0x00000123, 0x00000122, 0x00000122,
+ 0x00000125, 0x00000124, 0x00000124,
+ 0x00000127, 0x00000126, 0x00000126,
+ 0x00000129, 0x00000128, 0x00000128,
+ 0x0000012b, 0x0000012a, 0x0000012a,
+ 0x0000012d, 0x0000012c, 0x0000012c,
+ 0x0000012f, 0x0000012e, 0x0000012e,
+ 0x00000131, 0x00000049, 0x00000049,
+ 0x00000133, 0x00000132, 0x00000132,
+ 0x00000135, 0x00000134, 0x00000134,
+ 0x00000137, 0x00000136, 0x00000136,
+ 0x0000013a, 0x00000139, 0x00000139,
+ 0x0000013c, 0x0000013b, 0x0000013b,
+ 0x0000013e, 0x0000013d, 0x0000013d,
+ 0x00000140, 0x0000013f, 0x0000013f,
+ 0x00000142, 0x00000141, 0x00000141,
+ 0x00000144, 0x00000143, 0x00000143,
+ 0x00000146, 0x00000145, 0x00000145,
+ 0x00000148, 0x00000147, 0x00000147,
+ 0x0000014b, 0x0000014a, 0x0000014a,
+ 0x0000014d, 0x0000014c, 0x0000014c,
+ 0x0000014f, 0x0000014e, 0x0000014e,
+ 0x00000151, 0x00000150, 0x00000150,
+ 0x00000153, 0x00000152, 0x00000152,
+ 0x00000155, 0x00000154, 0x00000154,
+ 0x00000157, 0x00000156, 0x00000156,
+ 0x00000159, 0x00000158, 0x00000158,
+ 0x0000015b, 0x0000015a, 0x0000015a,
+ 0x0000015d, 0x0000015c, 0x0000015c,
+ 0x0000015f, 0x0000015e, 0x0000015e,
+ 0x00000161, 0x00000160, 0x00000160,
+ 0x00000163, 0x00000162, 0x00000162,
+ 0x00000165, 0x00000164, 0x00000164,
+ 0x00000167, 0x00000166, 0x00000166,
+ 0x00000169, 0x00000168, 0x00000168,
+ 0x0000016b, 0x0000016a, 0x0000016a,
+ 0x0000016d, 0x0000016c, 0x0000016c,
+ 0x0000016f, 0x0000016e, 0x0000016e,
+ 0x00000171, 0x00000170, 0x00000170,
+ 0x00000173, 0x00000172, 0x00000172,
+ 0x00000175, 0x00000174, 0x00000174,
+ 0x00000177, 0x00000176, 0x00000176,
+ 0x0000017a, 0x00000179, 0x00000179,
+ 0x0000017c, 0x0000017b, 0x0000017b,
+ 0x0000017e, 0x0000017d, 0x0000017d,
+ 0x0000017f, 0x00000053, 0x00000053,
+ 0x00000183, 0x00000182, 0x00000182,
+ 0x00000185, 0x00000184, 0x00000184,
+ 0x00000188, 0x00000187, 0x00000187,
+ 0x0000018c, 0x0000018b, 0x0000018b,
+ 0x00000192, 0x00000191, 0x00000191,
+ 0x00000195, 0x000001f6, 0x000001f6,
+ 0x00000199, 0x00000198, 0x00000198,
+ 0x0000019e, 0x00000220, 0x00000220,
+ 0x000001a1, 0x000001a0, 0x000001a0,
+ 0x000001a3, 0x000001a2, 0x000001a2,
+ 0x000001a5, 0x000001a4, 0x000001a4,
+ 0x000001a8, 0x000001a7, 0x000001a7,
+ 0x000001ad, 0x000001ac, 0x000001ac,
+ 0x000001b0, 0x000001af, 0x000001af,
+ 0x000001b4, 0x000001b3, 0x000001b3,
+ 0x000001b6, 0x000001b5, 0x000001b5,
+ 0x000001b9, 0x000001b8, 0x000001b8,
+ 0x000001bd, 0x000001bc, 0x000001bc,
+ 0x000001bf, 0x000001f7, 0x000001f7,
+ 0x000001c6, 0x000001c4, 0x000001c5,
+ 0x000001c9, 0x000001c7, 0x000001c8,
+ 0x000001cc, 0x000001ca, 0x000001cb,
+ 0x000001ce, 0x000001cd, 0x000001cd,
+ 0x000001d0, 0x000001cf, 0x000001cf,
+ 0x000001d2, 0x000001d1, 0x000001d1,
+ 0x000001d4, 0x000001d3, 0x000001d3,
+ 0x000001d6, 0x000001d5, 0x000001d5,
+ 0x000001d8, 0x000001d7, 0x000001d7,
+ 0x000001da, 0x000001d9, 0x000001d9,
+ 0x000001dc, 0x000001db, 0x000001db,
+ 0x000001dd, 0x0000018e, 0x0000018e,
+ 0x000001df, 0x000001de, 0x000001de,
+ 0x000001e1, 0x000001e0, 0x000001e0,
+ 0x000001e3, 0x000001e2, 0x000001e2,
+ 0x000001e5, 0x000001e4, 0x000001e4,
+ 0x000001e7, 0x000001e6, 0x000001e6,
+ 0x000001e9, 0x000001e8, 0x000001e8,
+ 0x000001eb, 0x000001ea, 0x000001ea,
+ 0x000001ed, 0x000001ec, 0x000001ec,
+ 0x000001ef, 0x000001ee, 0x000001ee,
+ 0x000001f3, 0x000001f1, 0x000001f2,
+ 0x000001f5, 0x000001f4, 0x000001f4,
+ 0x000001f9, 0x000001f8, 0x000001f8,
+ 0x000001fb, 0x000001fa, 0x000001fa,
+ 0x000001fd, 0x000001fc, 0x000001fc,
+ 0x000001ff, 0x000001fe, 0x000001fe,
+ 0x00000201, 0x00000200, 0x00000200,
+ 0x00000203, 0x00000202, 0x00000202,
+ 0x00000205, 0x00000204, 0x00000204,
+ 0x00000207, 0x00000206, 0x00000206,
+ 0x00000209, 0x00000208, 0x00000208,
+ 0x0000020b, 0x0000020a, 0x0000020a,
+ 0x0000020d, 0x0000020c, 0x0000020c,
+ 0x0000020f, 0x0000020e, 0x0000020e,
+ 0x00000211, 0x00000210, 0x00000210,
+ 0x00000213, 0x00000212, 0x00000212,
+ 0x00000215, 0x00000214, 0x00000214,
+ 0x00000217, 0x00000216, 0x00000216,
+ 0x00000219, 0x00000218, 0x00000218,
+ 0x0000021b, 0x0000021a, 0x0000021a,
+ 0x0000021d, 0x0000021c, 0x0000021c,
+ 0x0000021f, 0x0000021e, 0x0000021e,
+ 0x00000223, 0x00000222, 0x00000222,
+ 0x00000225, 0x00000224, 0x00000224,
+ 0x00000227, 0x00000226, 0x00000226,
+ 0x00000229, 0x00000228, 0x00000228,
+ 0x0000022b, 0x0000022a, 0x0000022a,
+ 0x0000022d, 0x0000022c, 0x0000022c,
+ 0x0000022f, 0x0000022e, 0x0000022e,
+ 0x00000231, 0x00000230, 0x00000230,
+ 0x00000233, 0x00000232, 0x00000232,
+ 0x00000253, 0x00000181, 0x00000181,
+ 0x00000254, 0x00000186, 0x00000186,
+ 0x00000256, 0x00000189, 0x00000189,
+ 0x00000257, 0x0000018a, 0x0000018a,
+ 0x00000259, 0x0000018f, 0x0000018f,
+ 0x0000025b, 0x00000190, 0x00000190,
+ 0x00000260, 0x00000193, 0x00000193,
+ 0x00000263, 0x00000194, 0x00000194,
+ 0x00000268, 0x00000197, 0x00000197,
+ 0x00000269, 0x00000196, 0x00000196,
+ 0x0000026f, 0x0000019c, 0x0000019c,
+ 0x00000272, 0x0000019d, 0x0000019d,
+ 0x00000275, 0x0000019f, 0x0000019f,
+ 0x00000280, 0x000001a6, 0x000001a6,
+ 0x00000283, 0x000001a9, 0x000001a9,
+ 0x00000288, 0x000001ae, 0x000001ae,
+ 0x0000028a, 0x000001b1, 0x000001b1,
+ 0x0000028b, 0x000001b2, 0x000001b2,
+ 0x00000292, 0x000001b7, 0x000001b7,
+ 0x00000345, 0x00000399, 0x00000399,
+ 0x000003ac, 0x00000386, 0x00000386,
+ 0x000003ad, 0x00000388, 0x00000388,
+ 0x000003ae, 0x00000389, 0x00000389,
+ 0x000003af, 0x0000038a, 0x0000038a,
+ 0x000003b1, 0x00000391, 0x00000391,
+ 0x000003b2, 0x00000392, 0x00000392,
+ 0x000003b3, 0x00000393, 0x00000393,
+ 0x000003b4, 0x00000394, 0x00000394,
+ 0x000003b5, 0x00000395, 0x00000395,
+ 0x000003b6, 0x00000396, 0x00000396,
+ 0x000003b7, 0x00000397, 0x00000397,
+ 0x000003b8, 0x00000398, 0x00000398,
+ 0x000003b9, 0x00000399, 0x00000399,
+ 0x000003ba, 0x0000039a, 0x0000039a,
+ 0x000003bb, 0x0000039b, 0x0000039b,
+ 0x000003bc, 0x0000039c, 0x0000039c,
+ 0x000003bd, 0x0000039d, 0x0000039d,
+ 0x000003be, 0x0000039e, 0x0000039e,
+ 0x000003bf, 0x0000039f, 0x0000039f,
+ 0x000003c0, 0x000003a0, 0x000003a0,
+ 0x000003c1, 0x000003a1, 0x000003a1,
+ 0x000003c2, 0x000003a3, 0x000003a3,
+ 0x000003c3, 0x000003a3, 0x000003a3,
+ 0x000003c4, 0x000003a4, 0x000003a4,
+ 0x000003c5, 0x000003a5, 0x000003a5,
+ 0x000003c6, 0x000003a6, 0x000003a6,
+ 0x000003c7, 0x000003a7, 0x000003a7,
+ 0x000003c8, 0x000003a8, 0x000003a8,
+ 0x000003c9, 0x000003a9, 0x000003a9,
+ 0x000003ca, 0x000003aa, 0x000003aa,
+ 0x000003cb, 0x000003ab, 0x000003ab,
+ 0x000003cc, 0x0000038c, 0x0000038c,
+ 0x000003cd, 0x0000038e, 0x0000038e,
+ 0x000003ce, 0x0000038f, 0x0000038f,
+ 0x000003d0, 0x00000392, 0x00000392,
+ 0x000003d1, 0x00000398, 0x00000398,
+ 0x000003d5, 0x000003a6, 0x000003a6,
+ 0x000003d6, 0x000003a0, 0x000003a0,
+ 0x000003d9, 0x000003d8, 0x000003d8,
+ 0x000003db, 0x000003da, 0x000003da,
+ 0x000003dd, 0x000003dc, 0x000003dc,
+ 0x000003df, 0x000003de, 0x000003de,
+ 0x000003e1, 0x000003e0, 0x000003e0,
+ 0x000003e3, 0x000003e2, 0x000003e2,
+ 0x000003e5, 0x000003e4, 0x000003e4,
+ 0x000003e7, 0x000003e6, 0x000003e6,
+ 0x000003e9, 0x000003e8, 0x000003e8,
+ 0x000003eb, 0x000003ea, 0x000003ea,
+ 0x000003ed, 0x000003ec, 0x000003ec,
+ 0x000003ef, 0x000003ee, 0x000003ee,
+ 0x000003f0, 0x0000039a, 0x0000039a,
+ 0x000003f1, 0x000003a1, 0x000003a1,
+ 0x000003f2, 0x000003a3, 0x000003a3,
+ 0x000003f5, 0x00000395, 0x00000395,
+ 0x00000430, 0x00000410, 0x00000410,
+ 0x00000431, 0x00000411, 0x00000411,
+ 0x00000432, 0x00000412, 0x00000412,
+ 0x00000433, 0x00000413, 0x00000413,
+ 0x00000434, 0x00000414, 0x00000414,
+ 0x00000435, 0x00000415, 0x00000415,
+ 0x00000436, 0x00000416, 0x00000416,
+ 0x00000437, 0x00000417, 0x00000417,
+ 0x00000438, 0x00000418, 0x00000418,
+ 0x00000439, 0x00000419, 0x00000419,
+ 0x0000043a, 0x0000041a, 0x0000041a,
+ 0x0000043b, 0x0000041b, 0x0000041b,
+ 0x0000043c, 0x0000041c, 0x0000041c,
+ 0x0000043d, 0x0000041d, 0x0000041d,
+ 0x0000043e, 0x0000041e, 0x0000041e,
+ 0x0000043f, 0x0000041f, 0x0000041f,
+ 0x00000440, 0x00000420, 0x00000420,
+ 0x00000441, 0x00000421, 0x00000421,
+ 0x00000442, 0x00000422, 0x00000422,
+ 0x00000443, 0x00000423, 0x00000423,
+ 0x00000444, 0x00000424, 0x00000424,
+ 0x00000445, 0x00000425, 0x00000425,
+ 0x00000446, 0x00000426, 0x00000426,
+ 0x00000447, 0x00000427, 0x00000427,
+ 0x00000448, 0x00000428, 0x00000428,
+ 0x00000449, 0x00000429, 0x00000429,
+ 0x0000044a, 0x0000042a, 0x0000042a,
+ 0x0000044b, 0x0000042b, 0x0000042b,
+ 0x0000044c, 0x0000042c, 0x0000042c,
+ 0x0000044d, 0x0000042d, 0x0000042d,
+ 0x0000044e, 0x0000042e, 0x0000042e,
+ 0x0000044f, 0x0000042f, 0x0000042f,
+ 0x00000450, 0x00000400, 0x00000400,
+ 0x00000451, 0x00000401, 0x00000401,
+ 0x00000452, 0x00000402, 0x00000402,
+ 0x00000453, 0x00000403, 0x00000403,
+ 0x00000454, 0x00000404, 0x00000404,
+ 0x00000455, 0x00000405, 0x00000405,
+ 0x00000456, 0x00000406, 0x00000406,
+ 0x00000457, 0x00000407, 0x00000407,
+ 0x00000458, 0x00000408, 0x00000408,
+ 0x00000459, 0x00000409, 0x00000409,
+ 0x0000045a, 0x0000040a, 0x0000040a,
+ 0x0000045b, 0x0000040b, 0x0000040b,
+ 0x0000045c, 0x0000040c, 0x0000040c,
+ 0x0000045d, 0x0000040d, 0x0000040d,
+ 0x0000045e, 0x0000040e, 0x0000040e,
+ 0x0000045f, 0x0000040f, 0x0000040f,
+ 0x00000461, 0x00000460, 0x00000460,
+ 0x00000463, 0x00000462, 0x00000462,
+ 0x00000465, 0x00000464, 0x00000464,
+ 0x00000467, 0x00000466, 0x00000466,
+ 0x00000469, 0x00000468, 0x00000468,
+ 0x0000046b, 0x0000046a, 0x0000046a,
+ 0x0000046d, 0x0000046c, 0x0000046c,
+ 0x0000046f, 0x0000046e, 0x0000046e,
+ 0x00000471, 0x00000470, 0x00000470,
+ 0x00000473, 0x00000472, 0x00000472,
+ 0x00000475, 0x00000474, 0x00000474,
+ 0x00000477, 0x00000476, 0x00000476,
+ 0x00000479, 0x00000478, 0x00000478,
+ 0x0000047b, 0x0000047a, 0x0000047a,
+ 0x0000047d, 0x0000047c, 0x0000047c,
+ 0x0000047f, 0x0000047e, 0x0000047e,
+ 0x00000481, 0x00000480, 0x00000480,
+ 0x0000048b, 0x0000048a, 0x0000048a,
+ 0x0000048d, 0x0000048c, 0x0000048c,
+ 0x0000048f, 0x0000048e, 0x0000048e,
+ 0x00000491, 0x00000490, 0x00000490,
+ 0x00000493, 0x00000492, 0x00000492,
+ 0x00000495, 0x00000494, 0x00000494,
+ 0x00000497, 0x00000496, 0x00000496,
+ 0x00000499, 0x00000498, 0x00000498,
+ 0x0000049b, 0x0000049a, 0x0000049a,
+ 0x0000049d, 0x0000049c, 0x0000049c,
+ 0x0000049f, 0x0000049e, 0x0000049e,
+ 0x000004a1, 0x000004a0, 0x000004a0,
+ 0x000004a3, 0x000004a2, 0x000004a2,
+ 0x000004a5, 0x000004a4, 0x000004a4,
+ 0x000004a7, 0x000004a6, 0x000004a6,
+ 0x000004a9, 0x000004a8, 0x000004a8,
+ 0x000004ab, 0x000004aa, 0x000004aa,
+ 0x000004ad, 0x000004ac, 0x000004ac,
+ 0x000004af, 0x000004ae, 0x000004ae,
+ 0x000004b1, 0x000004b0, 0x000004b0,
+ 0x000004b3, 0x000004b2, 0x000004b2,
+ 0x000004b5, 0x000004b4, 0x000004b4,
+ 0x000004b7, 0x000004b6, 0x000004b6,
+ 0x000004b9, 0x000004b8, 0x000004b8,
+ 0x000004bb, 0x000004ba, 0x000004ba,
+ 0x000004bd, 0x000004bc, 0x000004bc,
+ 0x000004bf, 0x000004be, 0x000004be,
+ 0x000004c2, 0x000004c1, 0x000004c1,
+ 0x000004c4, 0x000004c3, 0x000004c3,
+ 0x000004c6, 0x000004c5, 0x000004c5,
+ 0x000004c8, 0x000004c7, 0x000004c7,
+ 0x000004ca, 0x000004c9, 0x000004c9,
+ 0x000004cc, 0x000004cb, 0x000004cb,
+ 0x000004ce, 0x000004cd, 0x000004cd,
+ 0x000004d1, 0x000004d0, 0x000004d0,
+ 0x000004d3, 0x000004d2, 0x000004d2,
+ 0x000004d5, 0x000004d4, 0x000004d4,
+ 0x000004d7, 0x000004d6, 0x000004d6,
+ 0x000004d9, 0x000004d8, 0x000004d8,
+ 0x000004db, 0x000004da, 0x000004da,
+ 0x000004dd, 0x000004dc, 0x000004dc,
+ 0x000004df, 0x000004de, 0x000004de,
+ 0x000004e1, 0x000004e0, 0x000004e0,
+ 0x000004e3, 0x000004e2, 0x000004e2,
+ 0x000004e5, 0x000004e4, 0x000004e4,
+ 0x000004e7, 0x000004e6, 0x000004e6,
+ 0x000004e9, 0x000004e8, 0x000004e8,
+ 0x000004eb, 0x000004ea, 0x000004ea,
+ 0x000004ed, 0x000004ec, 0x000004ec,
+ 0x000004ef, 0x000004ee, 0x000004ee,
+ 0x000004f1, 0x000004f0, 0x000004f0,
+ 0x000004f3, 0x000004f2, 0x000004f2,
+ 0x000004f5, 0x000004f4, 0x000004f4,
+ 0x000004f9, 0x000004f8, 0x000004f8,
+ 0x00000501, 0x00000500, 0x00000500,
+ 0x00000503, 0x00000502, 0x00000502,
+ 0x00000505, 0x00000504, 0x00000504,
+ 0x00000507, 0x00000506, 0x00000506,
+ 0x00000509, 0x00000508, 0x00000508,
+ 0x0000050b, 0x0000050a, 0x0000050a,
+ 0x0000050d, 0x0000050c, 0x0000050c,
+ 0x0000050f, 0x0000050e, 0x0000050e,
+ 0x00000561, 0x00000531, 0x00000531,
+ 0x00000562, 0x00000532, 0x00000532,
+ 0x00000563, 0x00000533, 0x00000533,
+ 0x00000564, 0x00000534, 0x00000534,
+ 0x00000565, 0x00000535, 0x00000535,
+ 0x00000566, 0x00000536, 0x00000536,
+ 0x00000567, 0x00000537, 0x00000537,
+ 0x00000568, 0x00000538, 0x00000538,
+ 0x00000569, 0x00000539, 0x00000539,
+ 0x0000056a, 0x0000053a, 0x0000053a,
+ 0x0000056b, 0x0000053b, 0x0000053b,
+ 0x0000056c, 0x0000053c, 0x0000053c,
+ 0x0000056d, 0x0000053d, 0x0000053d,
+ 0x0000056e, 0x0000053e, 0x0000053e,
+ 0x0000056f, 0x0000053f, 0x0000053f,
+ 0x00000570, 0x00000540, 0x00000540,
+ 0x00000571, 0x00000541, 0x00000541,
+ 0x00000572, 0x00000542, 0x00000542,
+ 0x00000573, 0x00000543, 0x00000543,
+ 0x00000574, 0x00000544, 0x00000544,
+ 0x00000575, 0x00000545, 0x00000545,
+ 0x00000576, 0x00000546, 0x00000546,
+ 0x00000577, 0x00000547, 0x00000547,
+ 0x00000578, 0x00000548, 0x00000548,
+ 0x00000579, 0x00000549, 0x00000549,
+ 0x0000057a, 0x0000054a, 0x0000054a,
+ 0x0000057b, 0x0000054b, 0x0000054b,
+ 0x0000057c, 0x0000054c, 0x0000054c,
+ 0x0000057d, 0x0000054d, 0x0000054d,
+ 0x0000057e, 0x0000054e, 0x0000054e,
+ 0x0000057f, 0x0000054f, 0x0000054f,
+ 0x00000580, 0x00000550, 0x00000550,
+ 0x00000581, 0x00000551, 0x00000551,
+ 0x00000582, 0x00000552, 0x00000552,
+ 0x00000583, 0x00000553, 0x00000553,
+ 0x00000584, 0x00000554, 0x00000554,
+ 0x00000585, 0x00000555, 0x00000555,
+ 0x00000586, 0x00000556, 0x00000556,
+ 0x00001e01, 0x00001e00, 0x00001e00,
+ 0x00001e03, 0x00001e02, 0x00001e02,
+ 0x00001e05, 0x00001e04, 0x00001e04,
+ 0x00001e07, 0x00001e06, 0x00001e06,
+ 0x00001e09, 0x00001e08, 0x00001e08,
+ 0x00001e0b, 0x00001e0a, 0x00001e0a,
+ 0x00001e0d, 0x00001e0c, 0x00001e0c,
+ 0x00001e0f, 0x00001e0e, 0x00001e0e,
+ 0x00001e11, 0x00001e10, 0x00001e10,
+ 0x00001e13, 0x00001e12, 0x00001e12,
+ 0x00001e15, 0x00001e14, 0x00001e14,
+ 0x00001e17, 0x00001e16, 0x00001e16,
+ 0x00001e19, 0x00001e18, 0x00001e18,
+ 0x00001e1b, 0x00001e1a, 0x00001e1a,
+ 0x00001e1d, 0x00001e1c, 0x00001e1c,
+ 0x00001e1f, 0x00001e1e, 0x00001e1e,
+ 0x00001e21, 0x00001e20, 0x00001e20,
+ 0x00001e23, 0x00001e22, 0x00001e22,
+ 0x00001e25, 0x00001e24, 0x00001e24,
+ 0x00001e27, 0x00001e26, 0x00001e26,
+ 0x00001e29, 0x00001e28, 0x00001e28,
+ 0x00001e2b, 0x00001e2a, 0x00001e2a,
+ 0x00001e2d, 0x00001e2c, 0x00001e2c,
+ 0x00001e2f, 0x00001e2e, 0x00001e2e,
+ 0x00001e31, 0x00001e30, 0x00001e30,
+ 0x00001e33, 0x00001e32, 0x00001e32,
+ 0x00001e35, 0x00001e34, 0x00001e34,
+ 0x00001e37, 0x00001e36, 0x00001e36,
+ 0x00001e39, 0x00001e38, 0x00001e38,
+ 0x00001e3b, 0x00001e3a, 0x00001e3a,
+ 0x00001e3d, 0x00001e3c, 0x00001e3c,
+ 0x00001e3f, 0x00001e3e, 0x00001e3e,
+ 0x00001e41, 0x00001e40, 0x00001e40,
+ 0x00001e43, 0x00001e42, 0x00001e42,
+ 0x00001e45, 0x00001e44, 0x00001e44,
+ 0x00001e47, 0x00001e46, 0x00001e46,
+ 0x00001e49, 0x00001e48, 0x00001e48,
+ 0x00001e4b, 0x00001e4a, 0x00001e4a,
+ 0x00001e4d, 0x00001e4c, 0x00001e4c,
+ 0x00001e4f, 0x00001e4e, 0x00001e4e,
+ 0x00001e51, 0x00001e50, 0x00001e50,
+ 0x00001e53, 0x00001e52, 0x00001e52,
+ 0x00001e55, 0x00001e54, 0x00001e54,
+ 0x00001e57, 0x00001e56, 0x00001e56,
+ 0x00001e59, 0x00001e58, 0x00001e58,
+ 0x00001e5b, 0x00001e5a, 0x00001e5a,
+ 0x00001e5d, 0x00001e5c, 0x00001e5c,
+ 0x00001e5f, 0x00001e5e, 0x00001e5e,
+ 0x00001e61, 0x00001e60, 0x00001e60,
+ 0x00001e63, 0x00001e62, 0x00001e62,
+ 0x00001e65, 0x00001e64, 0x00001e64,
+ 0x00001e67, 0x00001e66, 0x00001e66,
+ 0x00001e69, 0x00001e68, 0x00001e68,
+ 0x00001e6b, 0x00001e6a, 0x00001e6a,
+ 0x00001e6d, 0x00001e6c, 0x00001e6c,
+ 0x00001e6f, 0x00001e6e, 0x00001e6e,
+ 0x00001e71, 0x00001e70, 0x00001e70,
+ 0x00001e73, 0x00001e72, 0x00001e72,
+ 0x00001e75, 0x00001e74, 0x00001e74,
+ 0x00001e77, 0x00001e76, 0x00001e76,
+ 0x00001e79, 0x00001e78, 0x00001e78,
+ 0x00001e7b, 0x00001e7a, 0x00001e7a,
+ 0x00001e7d, 0x00001e7c, 0x00001e7c,
+ 0x00001e7f, 0x00001e7e, 0x00001e7e,
+ 0x00001e81, 0x00001e80, 0x00001e80,
+ 0x00001e83, 0x00001e82, 0x00001e82,
+ 0x00001e85, 0x00001e84, 0x00001e84,
+ 0x00001e87, 0x00001e86, 0x00001e86,
+ 0x00001e89, 0x00001e88, 0x00001e88,
+ 0x00001e8b, 0x00001e8a, 0x00001e8a,
+ 0x00001e8d, 0x00001e8c, 0x00001e8c,
+ 0x00001e8f, 0x00001e8e, 0x00001e8e,
+ 0x00001e91, 0x00001e90, 0x00001e90,
+ 0x00001e93, 0x00001e92, 0x00001e92,
+ 0x00001e95, 0x00001e94, 0x00001e94,
+ 0x00001e9b, 0x00001e60, 0x00001e60,
+ 0x00001ea1, 0x00001ea0, 0x00001ea0,
+ 0x00001ea3, 0x00001ea2, 0x00001ea2,
+ 0x00001ea5, 0x00001ea4, 0x00001ea4,
+ 0x00001ea7, 0x00001ea6, 0x00001ea6,
+ 0x00001ea9, 0x00001ea8, 0x00001ea8,
+ 0x00001eab, 0x00001eaa, 0x00001eaa,
+ 0x00001ead, 0x00001eac, 0x00001eac,
+ 0x00001eaf, 0x00001eae, 0x00001eae,
+ 0x00001eb1, 0x00001eb0, 0x00001eb0,
+ 0x00001eb3, 0x00001eb2, 0x00001eb2,
+ 0x00001eb5, 0x00001eb4, 0x00001eb4,
+ 0x00001eb7, 0x00001eb6, 0x00001eb6,
+ 0x00001eb9, 0x00001eb8, 0x00001eb8,
+ 0x00001ebb, 0x00001eba, 0x00001eba,
+ 0x00001ebd, 0x00001ebc, 0x00001ebc,
+ 0x00001ebf, 0x00001ebe, 0x00001ebe,
+ 0x00001ec1, 0x00001ec0, 0x00001ec0,
+ 0x00001ec3, 0x00001ec2, 0x00001ec2,
+ 0x00001ec5, 0x00001ec4, 0x00001ec4,
+ 0x00001ec7, 0x00001ec6, 0x00001ec6,
+ 0x00001ec9, 0x00001ec8, 0x00001ec8,
+ 0x00001ecb, 0x00001eca, 0x00001eca,
+ 0x00001ecd, 0x00001ecc, 0x00001ecc,
+ 0x00001ecf, 0x00001ece, 0x00001ece,
+ 0x00001ed1, 0x00001ed0, 0x00001ed0,
+ 0x00001ed3, 0x00001ed2, 0x00001ed2,
+ 0x00001ed5, 0x00001ed4, 0x00001ed4,
+ 0x00001ed7, 0x00001ed6, 0x00001ed6,
+ 0x00001ed9, 0x00001ed8, 0x00001ed8,
+ 0x00001edb, 0x00001eda, 0x00001eda,
+ 0x00001edd, 0x00001edc, 0x00001edc,
+ 0x00001edf, 0x00001ede, 0x00001ede,
+ 0x00001ee1, 0x00001ee0, 0x00001ee0,
+ 0x00001ee3, 0x00001ee2, 0x00001ee2,
+ 0x00001ee5, 0x00001ee4, 0x00001ee4,
+ 0x00001ee7, 0x00001ee6, 0x00001ee6,
+ 0x00001ee9, 0x00001ee8, 0x00001ee8,
+ 0x00001eeb, 0x00001eea, 0x00001eea,
+ 0x00001eed, 0x00001eec, 0x00001eec,
+ 0x00001eef, 0x00001eee, 0x00001eee,
+ 0x00001ef1, 0x00001ef0, 0x00001ef0,
+ 0x00001ef3, 0x00001ef2, 0x00001ef2,
+ 0x00001ef5, 0x00001ef4, 0x00001ef4,
+ 0x00001ef7, 0x00001ef6, 0x00001ef6,
+ 0x00001ef9, 0x00001ef8, 0x00001ef8,
+ 0x00001f00, 0x00001f08, 0x00001f08,
+ 0x00001f01, 0x00001f09, 0x00001f09,
+ 0x00001f02, 0x00001f0a, 0x00001f0a,
+ 0x00001f03, 0x00001f0b, 0x00001f0b,
+ 0x00001f04, 0x00001f0c, 0x00001f0c,
+ 0x00001f05, 0x00001f0d, 0x00001f0d,
+ 0x00001f06, 0x00001f0e, 0x00001f0e,
+ 0x00001f07, 0x00001f0f, 0x00001f0f,
+ 0x00001f10, 0x00001f18, 0x00001f18,
+ 0x00001f11, 0x00001f19, 0x00001f19,
+ 0x00001f12, 0x00001f1a, 0x00001f1a,
+ 0x00001f13, 0x00001f1b, 0x00001f1b,
+ 0x00001f14, 0x00001f1c, 0x00001f1c,
+ 0x00001f15, 0x00001f1d, 0x00001f1d,
+ 0x00001f20, 0x00001f28, 0x00001f28,
+ 0x00001f21, 0x00001f29, 0x00001f29,
+ 0x00001f22, 0x00001f2a, 0x00001f2a,
+ 0x00001f23, 0x00001f2b, 0x00001f2b,
+ 0x00001f24, 0x00001f2c, 0x00001f2c,
+ 0x00001f25, 0x00001f2d, 0x00001f2d,
+ 0x00001f26, 0x00001f2e, 0x00001f2e,
+ 0x00001f27, 0x00001f2f, 0x00001f2f,
+ 0x00001f30, 0x00001f38, 0x00001f38,
+ 0x00001f31, 0x00001f39, 0x00001f39,
+ 0x00001f32, 0x00001f3a, 0x00001f3a,
+ 0x00001f33, 0x00001f3b, 0x00001f3b,
+ 0x00001f34, 0x00001f3c, 0x00001f3c,
+ 0x00001f35, 0x00001f3d, 0x00001f3d,
+ 0x00001f36, 0x00001f3e, 0x00001f3e,
+ 0x00001f37, 0x00001f3f, 0x00001f3f,
+ 0x00001f40, 0x00001f48, 0x00001f48,
+ 0x00001f41, 0x00001f49, 0x00001f49,
+ 0x00001f42, 0x00001f4a, 0x00001f4a,
+ 0x00001f43, 0x00001f4b, 0x00001f4b,
+ 0x00001f44, 0x00001f4c, 0x00001f4c,
+ 0x00001f45, 0x00001f4d, 0x00001f4d,
+ 0x00001f51, 0x00001f59, 0x00001f59,
+ 0x00001f53, 0x00001f5b, 0x00001f5b,
+ 0x00001f55, 0x00001f5d, 0x00001f5d,
+ 0x00001f57, 0x00001f5f, 0x00001f5f,
+ 0x00001f60, 0x00001f68, 0x00001f68,
+ 0x00001f61, 0x00001f69, 0x00001f69,
+ 0x00001f62, 0x00001f6a, 0x00001f6a,
+ 0x00001f63, 0x00001f6b, 0x00001f6b,
+ 0x00001f64, 0x00001f6c, 0x00001f6c,
+ 0x00001f65, 0x00001f6d, 0x00001f6d,
+ 0x00001f66, 0x00001f6e, 0x00001f6e,
+ 0x00001f67, 0x00001f6f, 0x00001f6f,
+ 0x00001f70, 0x00001fba, 0x00001fba,
+ 0x00001f71, 0x00001fbb, 0x00001fbb,
+ 0x00001f72, 0x00001fc8, 0x00001fc8,
+ 0x00001f73, 0x00001fc9, 0x00001fc9,
+ 0x00001f74, 0x00001fca, 0x00001fca,
+ 0x00001f75, 0x00001fcb, 0x00001fcb,
+ 0x00001f76, 0x00001fda, 0x00001fda,
+ 0x00001f77, 0x00001fdb, 0x00001fdb,
+ 0x00001f78, 0x00001ff8, 0x00001ff8,
+ 0x00001f79, 0x00001ff9, 0x00001ff9,
+ 0x00001f7a, 0x00001fea, 0x00001fea,
+ 0x00001f7b, 0x00001feb, 0x00001feb,
+ 0x00001f7c, 0x00001ffa, 0x00001ffa,
+ 0x00001f7d, 0x00001ffb, 0x00001ffb,
+ 0x00001f80, 0x00001f88, 0x00001f88,
+ 0x00001f81, 0x00001f89, 0x00001f89,
+ 0x00001f82, 0x00001f8a, 0x00001f8a,
+ 0x00001f83, 0x00001f8b, 0x00001f8b,
+ 0x00001f84, 0x00001f8c, 0x00001f8c,
+ 0x00001f85, 0x00001f8d, 0x00001f8d,
+ 0x00001f86, 0x00001f8e, 0x00001f8e,
+ 0x00001f87, 0x00001f8f, 0x00001f8f,
+ 0x00001f90, 0x00001f98, 0x00001f98,
+ 0x00001f91, 0x00001f99, 0x00001f99,
+ 0x00001f92, 0x00001f9a, 0x00001f9a,
+ 0x00001f93, 0x00001f9b, 0x00001f9b,
+ 0x00001f94, 0x00001f9c, 0x00001f9c,
+ 0x00001f95, 0x00001f9d, 0x00001f9d,
+ 0x00001f96, 0x00001f9e, 0x00001f9e,
+ 0x00001f97, 0x00001f9f, 0x00001f9f,
+ 0x00001fa0, 0x00001fa8, 0x00001fa8,
+ 0x00001fa1, 0x00001fa9, 0x00001fa9,
+ 0x00001fa2, 0x00001faa, 0x00001faa,
+ 0x00001fa3, 0x00001fab, 0x00001fab,
+ 0x00001fa4, 0x00001fac, 0x00001fac,
+ 0x00001fa5, 0x00001fad, 0x00001fad,
+ 0x00001fa6, 0x00001fae, 0x00001fae,
+ 0x00001fa7, 0x00001faf, 0x00001faf,
+ 0x00001fb0, 0x00001fb8, 0x00001fb8,
+ 0x00001fb1, 0x00001fb9, 0x00001fb9,
+ 0x00001fb3, 0x00001fbc, 0x00001fbc,
+ 0x00001fbe, 0x00000399, 0x00000399,
+ 0x00001fc3, 0x00001fcc, 0x00001fcc,
+ 0x00001fd0, 0x00001fd8, 0x00001fd8,
+ 0x00001fd1, 0x00001fd9, 0x00001fd9,
+ 0x00001fe0, 0x00001fe8, 0x00001fe8,
+ 0x00001fe1, 0x00001fe9, 0x00001fe9,
+ 0x00001fe5, 0x00001fec, 0x00001fec,
+ 0x00001ff3, 0x00001ffc, 0x00001ffc,
+ 0x00002170, 0x00002160, 0x00002160,
+ 0x00002171, 0x00002161, 0x00002161,
+ 0x00002172, 0x00002162, 0x00002162,
+ 0x00002173, 0x00002163, 0x00002163,
+ 0x00002174, 0x00002164, 0x00002164,
+ 0x00002175, 0x00002165, 0x00002165,
+ 0x00002176, 0x00002166, 0x00002166,
+ 0x00002177, 0x00002167, 0x00002167,
+ 0x00002178, 0x00002168, 0x00002168,
+ 0x00002179, 0x00002169, 0x00002169,
+ 0x0000217a, 0x0000216a, 0x0000216a,
+ 0x0000217b, 0x0000216b, 0x0000216b,
+ 0x0000217c, 0x0000216c, 0x0000216c,
+ 0x0000217d, 0x0000216d, 0x0000216d,
+ 0x0000217e, 0x0000216e, 0x0000216e,
+ 0x0000217f, 0x0000216f, 0x0000216f,
+ 0x000024d0, 0x000024b6, 0x000024b6,
+ 0x000024d1, 0x000024b7, 0x000024b7,
+ 0x000024d2, 0x000024b8, 0x000024b8,
+ 0x000024d3, 0x000024b9, 0x000024b9,
+ 0x000024d4, 0x000024ba, 0x000024ba,
+ 0x000024d5, 0x000024bb, 0x000024bb,
+ 0x000024d6, 0x000024bc, 0x000024bc,
+ 0x000024d7, 0x000024bd, 0x000024bd,
+ 0x000024d8, 0x000024be, 0x000024be,
+ 0x000024d9, 0x000024bf, 0x000024bf,
+ 0x000024da, 0x000024c0, 0x000024c0,
+ 0x000024db, 0x000024c1, 0x000024c1,
+ 0x000024dc, 0x000024c2, 0x000024c2,
+ 0x000024dd, 0x000024c3, 0x000024c3,
+ 0x000024de, 0x000024c4, 0x000024c4,
+ 0x000024df, 0x000024c5, 0x000024c5,
+ 0x000024e0, 0x000024c6, 0x000024c6,
+ 0x000024e1, 0x000024c7, 0x000024c7,
+ 0x000024e2, 0x000024c8, 0x000024c8,
+ 0x000024e3, 0x000024c9, 0x000024c9,
+ 0x000024e4, 0x000024ca, 0x000024ca,
+ 0x000024e5, 0x000024cb, 0x000024cb,
+ 0x000024e6, 0x000024cc, 0x000024cc,
+ 0x000024e7, 0x000024cd, 0x000024cd,
+ 0x000024e8, 0x000024ce, 0x000024ce,
+ 0x000024e9, 0x000024cf, 0x000024cf,
+ 0x0000ff41, 0x0000ff21, 0x0000ff21,
+ 0x0000ff42, 0x0000ff22, 0x0000ff22,
+ 0x0000ff43, 0x0000ff23, 0x0000ff23,
+ 0x0000ff44, 0x0000ff24, 0x0000ff24,
+ 0x0000ff45, 0x0000ff25, 0x0000ff25,
+ 0x0000ff46, 0x0000ff26, 0x0000ff26,
+ 0x0000ff47, 0x0000ff27, 0x0000ff27,
+ 0x0000ff48, 0x0000ff28, 0x0000ff28,
+ 0x0000ff49, 0x0000ff29, 0x0000ff29,
+ 0x0000ff4a, 0x0000ff2a, 0x0000ff2a,
+ 0x0000ff4b, 0x0000ff2b, 0x0000ff2b,
+ 0x0000ff4c, 0x0000ff2c, 0x0000ff2c,
+ 0x0000ff4d, 0x0000ff2d, 0x0000ff2d,
+ 0x0000ff4e, 0x0000ff2e, 0x0000ff2e,
+ 0x0000ff4f, 0x0000ff2f, 0x0000ff2f,
+ 0x0000ff50, 0x0000ff30, 0x0000ff30,
+ 0x0000ff51, 0x0000ff31, 0x0000ff31,
+ 0x0000ff52, 0x0000ff32, 0x0000ff32,
+ 0x0000ff53, 0x0000ff33, 0x0000ff33,
+ 0x0000ff54, 0x0000ff34, 0x0000ff34,
+ 0x0000ff55, 0x0000ff35, 0x0000ff35,
+ 0x0000ff56, 0x0000ff36, 0x0000ff36,
+ 0x0000ff57, 0x0000ff37, 0x0000ff37,
+ 0x0000ff58, 0x0000ff38, 0x0000ff38,
+ 0x0000ff59, 0x0000ff39, 0x0000ff39,
+ 0x0000ff5a, 0x0000ff3a, 0x0000ff3a,
+ 0x00010428, 0x00010400, 0x00010400,
+ 0x00010429, 0x00010401, 0x00010401,
+ 0x0001042a, 0x00010402, 0x00010402,
+ 0x0001042b, 0x00010403, 0x00010403,
+ 0x0001042c, 0x00010404, 0x00010404,
+ 0x0001042d, 0x00010405, 0x00010405,
+ 0x0001042e, 0x00010406, 0x00010406,
+ 0x0001042f, 0x00010407, 0x00010407,
+ 0x00010430, 0x00010408, 0x00010408,
+ 0x00010431, 0x00010409, 0x00010409,
+ 0x00010432, 0x0001040a, 0x0001040a,
+ 0x00010433, 0x0001040b, 0x0001040b,
+ 0x00010434, 0x0001040c, 0x0001040c,
+ 0x00010435, 0x0001040d, 0x0001040d,
+ 0x00010436, 0x0001040e, 0x0001040e,
+ 0x00010437, 0x0001040f, 0x0001040f,
+ 0x00010438, 0x00010410, 0x00010410,
+ 0x00010439, 0x00010411, 0x00010411,
+ 0x0001043a, 0x00010412, 0x00010412,
+ 0x0001043b, 0x00010413, 0x00010413,
+ 0x0001043c, 0x00010414, 0x00010414,
+ 0x0001043d, 0x00010415, 0x00010415,
+ 0x0001043e, 0x00010416, 0x00010416,
+ 0x0001043f, 0x00010417, 0x00010417,
+ 0x00010440, 0x00010418, 0x00010418,
+ 0x00010441, 0x00010419, 0x00010419,
+ 0x00010442, 0x0001041a, 0x0001041a,
+ 0x00010443, 0x0001041b, 0x0001041b,
+ 0x00010444, 0x0001041c, 0x0001041c,
+ 0x00010445, 0x0001041d, 0x0001041d,
+ 0x00010446, 0x0001041e, 0x0001041e,
+ 0x00010447, 0x0001041f, 0x0001041f,
+ 0x00010448, 0x00010420, 0x00010420,
+ 0x00010449, 0x00010421, 0x00010421,
+ 0x0001044a, 0x00010422, 0x00010422,
+ 0x0001044b, 0x00010423, 0x00010423,
+ 0x0001044c, 0x00010424, 0x00010424,
+ 0x0001044d, 0x00010425, 0x00010425,
+ 0x000001c5, 0x000001c4, 0x000001c6,
+ 0x000001c8, 0x000001c7, 0x000001c9,
+ 0x000001cb, 0x000001ca, 0x000001cc,
+ 0x000001f2, 0x000001f1, 0x000001f3
+};
+
+static const ac_uint4 _uccomp_size = 3684;
+
+static const ac_uint4 _uccomp_data[] = {
+ 0x0000226e, 0x00000002, 0x0000003c, 0x00000338,
+ 0x00002260, 0x00000002, 0x0000003d, 0x00000338,
+ 0x0000226f, 0x00000002, 0x0000003e, 0x00000338,
+ 0x000000c0, 0x00000002, 0x00000041, 0x00000300,
+ 0x000000c1, 0x00000002, 0x00000041, 0x00000301,
+ 0x000000c2, 0x00000002, 0x00000041, 0x00000302,
+ 0x000000c3, 0x00000002, 0x00000041, 0x00000303,
+ 0x00000100, 0x00000002, 0x00000041, 0x00000304,
+ 0x00000102, 0x00000002, 0x00000041, 0x00000306,
+ 0x00000226, 0x00000002, 0x00000041, 0x00000307,
+ 0x000000c4, 0x00000002, 0x00000041, 0x00000308,
+ 0x00001ea2, 0x00000002, 0x00000041, 0x00000309,
+ 0x000000c5, 0x00000002, 0x00000041, 0x0000030a,
+ 0x000001cd, 0x00000002, 0x00000041, 0x0000030c,
+ 0x00000200, 0x00000002, 0x00000041, 0x0000030f,
+ 0x00000202, 0x00000002, 0x00000041, 0x00000311,
+ 0x00001ea0, 0x00000002, 0x00000041, 0x00000323,
+ 0x00001e00, 0x00000002, 0x00000041, 0x00000325,
+ 0x00000104, 0x00000002, 0x00000041, 0x00000328,
+ 0x00001e02, 0x00000002, 0x00000042, 0x00000307,
+ 0x00001e04, 0x00000002, 0x00000042, 0x00000323,
+ 0x00001e06, 0x00000002, 0x00000042, 0x00000331,
+ 0x00000106, 0x00000002, 0x00000043, 0x00000301,
+ 0x00000108, 0x00000002, 0x00000043, 0x00000302,
+ 0x0000010a, 0x00000002, 0x00000043, 0x00000307,
+ 0x0000010c, 0x00000002, 0x00000043, 0x0000030c,
+ 0x000000c7, 0x00000002, 0x00000043, 0x00000327,
+ 0x00001e0a, 0x00000002, 0x00000044, 0x00000307,
+ 0x0000010e, 0x00000002, 0x00000044, 0x0000030c,
+ 0x00001e0c, 0x00000002, 0x00000044, 0x00000323,
+ 0x00001e10, 0x00000002, 0x00000044, 0x00000327,
+ 0x00001e12, 0x00000002, 0x00000044, 0x0000032d,
+ 0x00001e0e, 0x00000002, 0x00000044, 0x00000331,
+ 0x000000c8, 0x00000002, 0x00000045, 0x00000300,
+ 0x000000c9, 0x00000002, 0x00000045, 0x00000301,
+ 0x000000ca, 0x00000002, 0x00000045, 0x00000302,
+ 0x00001ebc, 0x00000002, 0x00000045, 0x00000303,
+ 0x00000112, 0x00000002, 0x00000045, 0x00000304,
+ 0x00000114, 0x00000002, 0x00000045, 0x00000306,
+ 0x00000116, 0x00000002, 0x00000045, 0x00000307,
+ 0x000000cb, 0x00000002, 0x00000045, 0x00000308,
+ 0x00001eba, 0x00000002, 0x00000045, 0x00000309,
+ 0x0000011a, 0x00000002, 0x00000045, 0x0000030c,
+ 0x00000204, 0x00000002, 0x00000045, 0x0000030f,
+ 0x00000206, 0x00000002, 0x00000045, 0x00000311,
+ 0x00001eb8, 0x00000002, 0x00000045, 0x00000323,
+ 0x00000228, 0x00000002, 0x00000045, 0x00000327,
+ 0x00000118, 0x00000002, 0x00000045, 0x00000328,
+ 0x00001e18, 0x00000002, 0x00000045, 0x0000032d,
+ 0x00001e1a, 0x00000002, 0x00000045, 0x00000330,
+ 0x00001e1e, 0x00000002, 0x00000046, 0x00000307,
+ 0x000001f4, 0x00000002, 0x00000047, 0x00000301,
+ 0x0000011c, 0x00000002, 0x00000047, 0x00000302,
+ 0x00001e20, 0x00000002, 0x00000047, 0x00000304,
+ 0x0000011e, 0x00000002, 0x00000047, 0x00000306,
+ 0x00000120, 0x00000002, 0x00000047, 0x00000307,
+ 0x000001e6, 0x00000002, 0x00000047, 0x0000030c,
+ 0x00000122, 0x00000002, 0x00000047, 0x00000327,
+ 0x00000124, 0x00000002, 0x00000048, 0x00000302,
+ 0x00001e22, 0x00000002, 0x00000048, 0x00000307,
+ 0x00001e26, 0x00000002, 0x00000048, 0x00000308,
+ 0x0000021e, 0x00000002, 0x00000048, 0x0000030c,
+ 0x00001e24, 0x00000002, 0x00000048, 0x00000323,
+ 0x00001e28, 0x00000002, 0x00000048, 0x00000327,
+ 0x00001e2a, 0x00000002, 0x00000048, 0x0000032e,
+ 0x000000cc, 0x00000002, 0x00000049, 0x00000300,
+ 0x000000cd, 0x00000002, 0x00000049, 0x00000301,
+ 0x000000ce, 0x00000002, 0x00000049, 0x00000302,
+ 0x00000128, 0x00000002, 0x00000049, 0x00000303,
+ 0x0000012a, 0x00000002, 0x00000049, 0x00000304,
+ 0x0000012c, 0x00000002, 0x00000049, 0x00000306,
+ 0x00000130, 0x00000002, 0x00000049, 0x00000307,
+ 0x000000cf, 0x00000002, 0x00000049, 0x00000308,
+ 0x00001ec8, 0x00000002, 0x00000049, 0x00000309,
+ 0x000001cf, 0x00000002, 0x00000049, 0x0000030c,
+ 0x00000208, 0x00000002, 0x00000049, 0x0000030f,
+ 0x0000020a, 0x00000002, 0x00000049, 0x00000311,
+ 0x00001eca, 0x00000002, 0x00000049, 0x00000323,
+ 0x0000012e, 0x00000002, 0x00000049, 0x00000328,
+ 0x00001e2c, 0x00000002, 0x00000049, 0x00000330,
+ 0x00000134, 0x00000002, 0x0000004a, 0x00000302,
+ 0x00001e30, 0x00000002, 0x0000004b, 0x00000301,
+ 0x000001e8, 0x00000002, 0x0000004b, 0x0000030c,
+ 0x00001e32, 0x00000002, 0x0000004b, 0x00000323,
+ 0x00000136, 0x00000002, 0x0000004b, 0x00000327,
+ 0x00001e34, 0x00000002, 0x0000004b, 0x00000331,
+ 0x00000139, 0x00000002, 0x0000004c, 0x00000301,
+ 0x0000013d, 0x00000002, 0x0000004c, 0x0000030c,
+ 0x00001e36, 0x00000002, 0x0000004c, 0x00000323,
+ 0x0000013b, 0x00000002, 0x0000004c, 0x00000327,
+ 0x00001e3c, 0x00000002, 0x0000004c, 0x0000032d,
+ 0x00001e3a, 0x00000002, 0x0000004c, 0x00000331,
+ 0x00001e3e, 0x00000002, 0x0000004d, 0x00000301,
+ 0x00001e40, 0x00000002, 0x0000004d, 0x00000307,
+ 0x00001e42, 0x00000002, 0x0000004d, 0x00000323,
+ 0x000001f8, 0x00000002, 0x0000004e, 0x00000300,
+ 0x00000143, 0x00000002, 0x0000004e, 0x00000301,
+ 0x000000d1, 0x00000002, 0x0000004e, 0x00000303,
+ 0x00001e44, 0x00000002, 0x0000004e, 0x00000307,
+ 0x00000147, 0x00000002, 0x0000004e, 0x0000030c,
+ 0x00001e46, 0x00000002, 0x0000004e, 0x00000323,
+ 0x00000145, 0x00000002, 0x0000004e, 0x00000327,
+ 0x00001e4a, 0x00000002, 0x0000004e, 0x0000032d,
+ 0x00001e48, 0x00000002, 0x0000004e, 0x00000331,
+ 0x000000d2, 0x00000002, 0x0000004f, 0x00000300,
+ 0x000000d3, 0x00000002, 0x0000004f, 0x00000301,
+ 0x000000d4, 0x00000002, 0x0000004f, 0x00000302,
+ 0x000000d5, 0x00000002, 0x0000004f, 0x00000303,
+ 0x0000014c, 0x00000002, 0x0000004f, 0x00000304,
+ 0x0000014e, 0x00000002, 0x0000004f, 0x00000306,
+ 0x0000022e, 0x00000002, 0x0000004f, 0x00000307,
+ 0x000000d6, 0x00000002, 0x0000004f, 0x00000308,
+ 0x00001ece, 0x00000002, 0x0000004f, 0x00000309,
+ 0x00000150, 0x00000002, 0x0000004f, 0x0000030b,
+ 0x000001d1, 0x00000002, 0x0000004f, 0x0000030c,
+ 0x0000020c, 0x00000002, 0x0000004f, 0x0000030f,
+ 0x0000020e, 0x00000002, 0x0000004f, 0x00000311,
+ 0x000001a0, 0x00000002, 0x0000004f, 0x0000031b,
+ 0x00001ecc, 0x00000002, 0x0000004f, 0x00000323,
+ 0x000001ea, 0x00000002, 0x0000004f, 0x00000328,
+ 0x00001e54, 0x00000002, 0x00000050, 0x00000301,
+ 0x00001e56, 0x00000002, 0x00000050, 0x00000307,
+ 0x00000154, 0x00000002, 0x00000052, 0x00000301,
+ 0x00001e58, 0x00000002, 0x00000052, 0x00000307,
+ 0x00000158, 0x00000002, 0x00000052, 0x0000030c,
+ 0x00000210, 0x00000002, 0x00000052, 0x0000030f,
+ 0x00000212, 0x00000002, 0x00000052, 0x00000311,
+ 0x00001e5a, 0x00000002, 0x00000052, 0x00000323,
+ 0x00000156, 0x00000002, 0x00000052, 0x00000327,
+ 0x00001e5e, 0x00000002, 0x00000052, 0x00000331,
+ 0x0000015a, 0x00000002, 0x00000053, 0x00000301,
+ 0x0000015c, 0x00000002, 0x00000053, 0x00000302,
+ 0x00001e60, 0x00000002, 0x00000053, 0x00000307,
+ 0x00000160, 0x00000002, 0x00000053, 0x0000030c,
+ 0x00001e62, 0x00000002, 0x00000053, 0x00000323,
+ 0x00000218, 0x00000002, 0x00000053, 0x00000326,
+ 0x0000015e, 0x00000002, 0x00000053, 0x00000327,
+ 0x00001e6a, 0x00000002, 0x00000054, 0x00000307,
+ 0x00000164, 0x00000002, 0x00000054, 0x0000030c,
+ 0x00001e6c, 0x00000002, 0x00000054, 0x00000323,
+ 0x0000021a, 0x00000002, 0x00000054, 0x00000326,
+ 0x00000162, 0x00000002, 0x00000054, 0x00000327,
+ 0x00001e70, 0x00000002, 0x00000054, 0x0000032d,
+ 0x00001e6e, 0x00000002, 0x00000054, 0x00000331,
+ 0x000000d9, 0x00000002, 0x00000055, 0x00000300,
+ 0x000000da, 0x00000002, 0x00000055, 0x00000301,
+ 0x000000db, 0x00000002, 0x00000055, 0x00000302,
+ 0x00000168, 0x00000002, 0x00000055, 0x00000303,
+ 0x0000016a, 0x00000002, 0x00000055, 0x00000304,
+ 0x0000016c, 0x00000002, 0x00000055, 0x00000306,
+ 0x000000dc, 0x00000002, 0x00000055, 0x00000308,
+ 0x00001ee6, 0x00000002, 0x00000055, 0x00000309,
+ 0x0000016e, 0x00000002, 0x00000055, 0x0000030a,
+ 0x00000170, 0x00000002, 0x00000055, 0x0000030b,
+ 0x000001d3, 0x00000002, 0x00000055, 0x0000030c,
+ 0x00000214, 0x00000002, 0x00000055, 0x0000030f,
+ 0x00000216, 0x00000002, 0x00000055, 0x00000311,
+ 0x000001af, 0x00000002, 0x00000055, 0x0000031b,
+ 0x00001ee4, 0x00000002, 0x00000055, 0x00000323,
+ 0x00001e72, 0x00000002, 0x00000055, 0x00000324,
+ 0x00000172, 0x00000002, 0x00000055, 0x00000328,
+ 0x00001e76, 0x00000002, 0x00000055, 0x0000032d,
+ 0x00001e74, 0x00000002, 0x00000055, 0x00000330,
+ 0x00001e7c, 0x00000002, 0x00000056, 0x00000303,
+ 0x00001e7e, 0x00000002, 0x00000056, 0x00000323,
+ 0x00001e80, 0x00000002, 0x00000057, 0x00000300,
+ 0x00001e82, 0x00000002, 0x00000057, 0x00000301,
+ 0x00000174, 0x00000002, 0x00000057, 0x00000302,
+ 0x00001e86, 0x00000002, 0x00000057, 0x00000307,
+ 0x00001e84, 0x00000002, 0x00000057, 0x00000308,
+ 0x00001e88, 0x00000002, 0x00000057, 0x00000323,
+ 0x00001e8a, 0x00000002, 0x00000058, 0x00000307,
+ 0x00001e8c, 0x00000002, 0x00000058, 0x00000308,
+ 0x00001ef2, 0x00000002, 0x00000059, 0x00000300,
+ 0x000000dd, 0x00000002, 0x00000059, 0x00000301,
+ 0x00000176, 0x00000002, 0x00000059, 0x00000302,
+ 0x00001ef8, 0x00000002, 0x00000059, 0x00000303,
+ 0x00000232, 0x00000002, 0x00000059, 0x00000304,
+ 0x00001e8e, 0x00000002, 0x00000059, 0x00000307,
+ 0x00000178, 0x00000002, 0x00000059, 0x00000308,
+ 0x00001ef6, 0x00000002, 0x00000059, 0x00000309,
+ 0x00001ef4, 0x00000002, 0x00000059, 0x00000323,
+ 0x00000179, 0x00000002, 0x0000005a, 0x00000301,
+ 0x00001e90, 0x00000002, 0x0000005a, 0x00000302,
+ 0x0000017b, 0x00000002, 0x0000005a, 0x00000307,
+ 0x0000017d, 0x00000002, 0x0000005a, 0x0000030c,
+ 0x00001e92, 0x00000002, 0x0000005a, 0x00000323,
+ 0x00001e94, 0x00000002, 0x0000005a, 0x00000331,
+ 0x000000e0, 0x00000002, 0x00000061, 0x00000300,
+ 0x000000e1, 0x00000002, 0x00000061, 0x00000301,
+ 0x000000e2, 0x00000002, 0x00000061, 0x00000302,
+ 0x000000e3, 0x00000002, 0x00000061, 0x00000303,
+ 0x00000101, 0x00000002, 0x00000061, 0x00000304,
+ 0x00000103, 0x00000002, 0x00000061, 0x00000306,
+ 0x00000227, 0x00000002, 0x00000061, 0x00000307,
+ 0x000000e4, 0x00000002, 0x00000061, 0x00000308,
+ 0x00001ea3, 0x00000002, 0x00000061, 0x00000309,
+ 0x000000e5, 0x00000002, 0x00000061, 0x0000030a,
+ 0x000001ce, 0x00000002, 0x00000061, 0x0000030c,
+ 0x00000201, 0x00000002, 0x00000061, 0x0000030f,
+ 0x00000203, 0x00000002, 0x00000061, 0x00000311,
+ 0x00001ea1, 0x00000002, 0x00000061, 0x00000323,
+ 0x00001e01, 0x00000002, 0x00000061, 0x00000325,
+ 0x00000105, 0x00000002, 0x00000061, 0x00000328,
+ 0x00001e03, 0x00000002, 0x00000062, 0x00000307,
+ 0x00001e05, 0x00000002, 0x00000062, 0x00000323,
+ 0x00001e07, 0x00000002, 0x00000062, 0x00000331,
+ 0x00000107, 0x00000002, 0x00000063, 0x00000301,
+ 0x00000109, 0x00000002, 0x00000063, 0x00000302,
+ 0x0000010b, 0x00000002, 0x00000063, 0x00000307,
+ 0x0000010d, 0x00000002, 0x00000063, 0x0000030c,
+ 0x000000e7, 0x00000002, 0x00000063, 0x00000327,
+ 0x00001e0b, 0x00000002, 0x00000064, 0x00000307,
+ 0x0000010f, 0x00000002, 0x00000064, 0x0000030c,
+ 0x00001e0d, 0x00000002, 0x00000064, 0x00000323,
+ 0x00001e11, 0x00000002, 0x00000064, 0x00000327,
+ 0x00001e13, 0x00000002, 0x00000064, 0x0000032d,
+ 0x00001e0f, 0x00000002, 0x00000064, 0x00000331,
+ 0x000000e8, 0x00000002, 0x00000065, 0x00000300,
+ 0x000000e9, 0x00000002, 0x00000065, 0x00000301,
+ 0x000000ea, 0x00000002, 0x00000065, 0x00000302,
+ 0x00001ebd, 0x00000002, 0x00000065, 0x00000303,
+ 0x00000113, 0x00000002, 0x00000065, 0x00000304,
+ 0x00000115, 0x00000002, 0x00000065, 0x00000306,
+ 0x00000117, 0x00000002, 0x00000065, 0x00000307,
+ 0x000000eb, 0x00000002, 0x00000065, 0x00000308,
+ 0x00001ebb, 0x00000002, 0x00000065, 0x00000309,
+ 0x0000011b, 0x00000002, 0x00000065, 0x0000030c,
+ 0x00000205, 0x00000002, 0x00000065, 0x0000030f,
+ 0x00000207, 0x00000002, 0x00000065, 0x00000311,
+ 0x00001eb9, 0x00000002, 0x00000065, 0x00000323,
+ 0x00000229, 0x00000002, 0x00000065, 0x00000327,
+ 0x00000119, 0x00000002, 0x00000065, 0x00000328,
+ 0x00001e19, 0x00000002, 0x00000065, 0x0000032d,
+ 0x00001e1b, 0x00000002, 0x00000065, 0x00000330,
+ 0x00001e1f, 0x00000002, 0x00000066, 0x00000307,
+ 0x000001f5, 0x00000002, 0x00000067, 0x00000301,
+ 0x0000011d, 0x00000002, 0x00000067, 0x00000302,
+ 0x00001e21, 0x00000002, 0x00000067, 0x00000304,
+ 0x0000011f, 0x00000002, 0x00000067, 0x00000306,
+ 0x00000121, 0x00000002, 0x00000067, 0x00000307,
+ 0x000001e7, 0x00000002, 0x00000067, 0x0000030c,
+ 0x00000123, 0x00000002, 0x00000067, 0x00000327,
+ 0x00000125, 0x00000002, 0x00000068, 0x00000302,
+ 0x00001e23, 0x00000002, 0x00000068, 0x00000307,
+ 0x00001e27, 0x00000002, 0x00000068, 0x00000308,
+ 0x0000021f, 0x00000002, 0x00000068, 0x0000030c,
+ 0x00001e25, 0x00000002, 0x00000068, 0x00000323,
+ 0x00001e29, 0x00000002, 0x00000068, 0x00000327,
+ 0x00001e2b, 0x00000002, 0x00000068, 0x0000032e,
+ 0x00001e96, 0x00000002, 0x00000068, 0x00000331,
+ 0x000000ec, 0x00000002, 0x00000069, 0x00000300,
+ 0x000000ed, 0x00000002, 0x00000069, 0x00000301,
+ 0x000000ee, 0x00000002, 0x00000069, 0x00000302,
+ 0x00000129, 0x00000002, 0x00000069, 0x00000303,
+ 0x0000012b, 0x00000002, 0x00000069, 0x00000304,
+ 0x0000012d, 0x00000002, 0x00000069, 0x00000306,
+ 0x000000ef, 0x00000002, 0x00000069, 0x00000308,
+ 0x00001ec9, 0x00000002, 0x00000069, 0x00000309,
+ 0x000001d0, 0x00000002, 0x00000069, 0x0000030c,
+ 0x00000209, 0x00000002, 0x00000069, 0x0000030f,
+ 0x0000020b, 0x00000002, 0x00000069, 0x00000311,
+ 0x00001ecb, 0x00000002, 0x00000069, 0x00000323,
+ 0x0000012f, 0x00000002, 0x00000069, 0x00000328,
+ 0x00001e2d, 0x00000002, 0x00000069, 0x00000330,
+ 0x00000135, 0x00000002, 0x0000006a, 0x00000302,
+ 0x000001f0, 0x00000002, 0x0000006a, 0x0000030c,
+ 0x00001e31, 0x00000002, 0x0000006b, 0x00000301,
+ 0x000001e9, 0x00000002, 0x0000006b, 0x0000030c,
+ 0x00001e33, 0x00000002, 0x0000006b, 0x00000323,
+ 0x00000137, 0x00000002, 0x0000006b, 0x00000327,
+ 0x00001e35, 0x00000002, 0x0000006b, 0x00000331,
+ 0x0000013a, 0x00000002, 0x0000006c, 0x00000301,
+ 0x0000013e, 0x00000002, 0x0000006c, 0x0000030c,
+ 0x00001e37, 0x00000002, 0x0000006c, 0x00000323,
+ 0x0000013c, 0x00000002, 0x0000006c, 0x00000327,
+ 0x00001e3d, 0x00000002, 0x0000006c, 0x0000032d,
+ 0x00001e3b, 0x00000002, 0x0000006c, 0x00000331,
+ 0x00001e3f, 0x00000002, 0x0000006d, 0x00000301,
+ 0x00001e41, 0x00000002, 0x0000006d, 0x00000307,
+ 0x00001e43, 0x00000002, 0x0000006d, 0x00000323,
+ 0x000001f9, 0x00000002, 0x0000006e, 0x00000300,
+ 0x00000144, 0x00000002, 0x0000006e, 0x00000301,
+ 0x000000f1, 0x00000002, 0x0000006e, 0x00000303,
+ 0x00001e45, 0x00000002, 0x0000006e, 0x00000307,
+ 0x00000148, 0x00000002, 0x0000006e, 0x0000030c,
+ 0x00001e47, 0x00000002, 0x0000006e, 0x00000323,
+ 0x00000146, 0x00000002, 0x0000006e, 0x00000327,
+ 0x00001e4b, 0x00000002, 0x0000006e, 0x0000032d,
+ 0x00001e49, 0x00000002, 0x0000006e, 0x00000331,
+ 0x000000f2, 0x00000002, 0x0000006f, 0x00000300,
+ 0x000000f3, 0x00000002, 0x0000006f, 0x00000301,
+ 0x000000f4, 0x00000002, 0x0000006f, 0x00000302,
+ 0x000000f5, 0x00000002, 0x0000006f, 0x00000303,
+ 0x0000014d, 0x00000002, 0x0000006f, 0x00000304,
+ 0x0000014f, 0x00000002, 0x0000006f, 0x00000306,
+ 0x0000022f, 0x00000002, 0x0000006f, 0x00000307,
+ 0x000000f6, 0x00000002, 0x0000006f, 0x00000308,
+ 0x00001ecf, 0x00000002, 0x0000006f, 0x00000309,
+ 0x00000151, 0x00000002, 0x0000006f, 0x0000030b,
+ 0x000001d2, 0x00000002, 0x0000006f, 0x0000030c,
+ 0x0000020d, 0x00000002, 0x0000006f, 0x0000030f,
+ 0x0000020f, 0x00000002, 0x0000006f, 0x00000311,
+ 0x000001a1, 0x00000002, 0x0000006f, 0x0000031b,
+ 0x00001ecd, 0x00000002, 0x0000006f, 0x00000323,
+ 0x000001eb, 0x00000002, 0x0000006f, 0x00000328,
+ 0x00001e55, 0x00000002, 0x00000070, 0x00000301,
+ 0x00001e57, 0x00000002, 0x00000070, 0x00000307,
+ 0x00000155, 0x00000002, 0x00000072, 0x00000301,
+ 0x00001e59, 0x00000002, 0x00000072, 0x00000307,
+ 0x00000159, 0x00000002, 0x00000072, 0x0000030c,
+ 0x00000211, 0x00000002, 0x00000072, 0x0000030f,
+ 0x00000213, 0x00000002, 0x00000072, 0x00000311,
+ 0x00001e5b, 0x00000002, 0x00000072, 0x00000323,
+ 0x00000157, 0x00000002, 0x00000072, 0x00000327,
+ 0x00001e5f, 0x00000002, 0x00000072, 0x00000331,
+ 0x0000015b, 0x00000002, 0x00000073, 0x00000301,
+ 0x0000015d, 0x00000002, 0x00000073, 0x00000302,
+ 0x00001e61, 0x00000002, 0x00000073, 0x00000307,
+ 0x00000161, 0x00000002, 0x00000073, 0x0000030c,
+ 0x00001e63, 0x00000002, 0x00000073, 0x00000323,
+ 0x00000219, 0x00000002, 0x00000073, 0x00000326,
+ 0x0000015f, 0x00000002, 0x00000073, 0x00000327,
+ 0x00001e6b, 0x00000002, 0x00000074, 0x00000307,
+ 0x00001e97, 0x00000002, 0x00000074, 0x00000308,
+ 0x00000165, 0x00000002, 0x00000074, 0x0000030c,
+ 0x00001e6d, 0x00000002, 0x00000074, 0x00000323,
+ 0x0000021b, 0x00000002, 0x00000074, 0x00000326,
+ 0x00000163, 0x00000002, 0x00000074, 0x00000327,
+ 0x00001e71, 0x00000002, 0x00000074, 0x0000032d,
+ 0x00001e6f, 0x00000002, 0x00000074, 0x00000331,
+ 0x000000f9, 0x00000002, 0x00000075, 0x00000300,
+ 0x000000fa, 0x00000002, 0x00000075, 0x00000301,
+ 0x000000fb, 0x00000002, 0x00000075, 0x00000302,
+ 0x00000169, 0x00000002, 0x00000075, 0x00000303,
+ 0x0000016b, 0x00000002, 0x00000075, 0x00000304,
+ 0x0000016d, 0x00000002, 0x00000075, 0x00000306,
+ 0x000000fc, 0x00000002, 0x00000075, 0x00000308,
+ 0x00001ee7, 0x00000002, 0x00000075, 0x00000309,
+ 0x0000016f, 0x00000002, 0x00000075, 0x0000030a,
+ 0x00000171, 0x00000002, 0x00000075, 0x0000030b,
+ 0x000001d4, 0x00000002, 0x00000075, 0x0000030c,
+ 0x00000215, 0x00000002, 0x00000075, 0x0000030f,
+ 0x00000217, 0x00000002, 0x00000075, 0x00000311,
+ 0x000001b0, 0x00000002, 0x00000075, 0x0000031b,
+ 0x00001ee5, 0x00000002, 0x00000075, 0x00000323,
+ 0x00001e73, 0x00000002, 0x00000075, 0x00000324,
+ 0x00000173, 0x00000002, 0x00000075, 0x00000328,
+ 0x00001e77, 0x00000002, 0x00000075, 0x0000032d,
+ 0x00001e75, 0x00000002, 0x00000075, 0x00000330,
+ 0x00001e7d, 0x00000002, 0x00000076, 0x00000303,
+ 0x00001e7f, 0x00000002, 0x00000076, 0x00000323,
+ 0x00001e81, 0x00000002, 0x00000077, 0x00000300,
+ 0x00001e83, 0x00000002, 0x00000077, 0x00000301,
+ 0x00000175, 0x00000002, 0x00000077, 0x00000302,
+ 0x00001e87, 0x00000002, 0x00000077, 0x00000307,
+ 0x00001e85, 0x00000002, 0x00000077, 0x00000308,
+ 0x00001e98, 0x00000002, 0x00000077, 0x0000030a,
+ 0x00001e89, 0x00000002, 0x00000077, 0x00000323,
+ 0x00001e8b, 0x00000002, 0x00000078, 0x00000307,
+ 0x00001e8d, 0x00000002, 0x00000078, 0x00000308,
+ 0x00001ef3, 0x00000002, 0x00000079, 0x00000300,
+ 0x000000fd, 0x00000002, 0x00000079, 0x00000301,
+ 0x00000177, 0x00000002, 0x00000079, 0x00000302,
+ 0x00001ef9, 0x00000002, 0x00000079, 0x00000303,
+ 0x00000233, 0x00000002, 0x00000079, 0x00000304,
+ 0x00001e8f, 0x00000002, 0x00000079, 0x00000307,
+ 0x000000ff, 0x00000002, 0x00000079, 0x00000308,
+ 0x00001ef7, 0x00000002, 0x00000079, 0x00000309,
+ 0x00001e99, 0x00000002, 0x00000079, 0x0000030a,
+ 0x00001ef5, 0x00000002, 0x00000079, 0x00000323,
+ 0x0000017a, 0x00000002, 0x0000007a, 0x00000301,
+ 0x00001e91, 0x00000002, 0x0000007a, 0x00000302,
+ 0x0000017c, 0x00000002, 0x0000007a, 0x00000307,
+ 0x0000017e, 0x00000002, 0x0000007a, 0x0000030c,
+ 0x00001e93, 0x00000002, 0x0000007a, 0x00000323,
+ 0x00001e95, 0x00000002, 0x0000007a, 0x00000331,
+ 0x00001fed, 0x00000002, 0x000000a8, 0x00000300,
+ 0x00000385, 0x00000002, 0x000000a8, 0x00000301,
+ 0x00001fc1, 0x00000002, 0x000000a8, 0x00000342,
+ 0x00001ea6, 0x00000002, 0x000000c2, 0x00000300,
+ 0x00001ea4, 0x00000002, 0x000000c2, 0x00000301,
+ 0x00001eaa, 0x00000002, 0x000000c2, 0x00000303,
+ 0x00001ea8, 0x00000002, 0x000000c2, 0x00000309,
+ 0x000001de, 0x00000002, 0x000000c4, 0x00000304,
+ 0x000001fa, 0x00000002, 0x000000c5, 0x00000301,
+ 0x000001fc, 0x00000002, 0x000000c6, 0x00000301,
+ 0x000001e2, 0x00000002, 0x000000c6, 0x00000304,
+ 0x00001e08, 0x00000002, 0x000000c7, 0x00000301,
+ 0x00001ec0, 0x00000002, 0x000000ca, 0x00000300,
+ 0x00001ebe, 0x00000002, 0x000000ca, 0x00000301,
+ 0x00001ec4, 0x00000002, 0x000000ca, 0x00000303,
+ 0x00001ec2, 0x00000002, 0x000000ca, 0x00000309,
+ 0x00001e2e, 0x00000002, 0x000000cf, 0x00000301,
+ 0x00001ed2, 0x00000002, 0x000000d4, 0x00000300,
+ 0x00001ed0, 0x00000002, 0x000000d4, 0x00000301,
+ 0x00001ed6, 0x00000002, 0x000000d4, 0x00000303,
+ 0x00001ed4, 0x00000002, 0x000000d4, 0x00000309,
+ 0x00001e4c, 0x00000002, 0x000000d5, 0x00000301,
+ 0x0000022c, 0x00000002, 0x000000d5, 0x00000304,
+ 0x00001e4e, 0x00000002, 0x000000d5, 0x00000308,
+ 0x0000022a, 0x00000002, 0x000000d6, 0x00000304,
+ 0x000001fe, 0x00000002, 0x000000d8, 0x00000301,
+ 0x000001db, 0x00000002, 0x000000dc, 0x00000300,
+ 0x000001d7, 0x00000002, 0x000000dc, 0x00000301,
+ 0x000001d5, 0x00000002, 0x000000dc, 0x00000304,
+ 0x000001d9, 0x00000002, 0x000000dc, 0x0000030c,
+ 0x00001ea7, 0x00000002, 0x000000e2, 0x00000300,
+ 0x00001ea5, 0x00000002, 0x000000e2, 0x00000301,
+ 0x00001eab, 0x00000002, 0x000000e2, 0x00000303,
+ 0x00001ea9, 0x00000002, 0x000000e2, 0x00000309,
+ 0x000001df, 0x00000002, 0x000000e4, 0x00000304,
+ 0x000001fb, 0x00000002, 0x000000e5, 0x00000301,
+ 0x000001fd, 0x00000002, 0x000000e6, 0x00000301,
+ 0x000001e3, 0x00000002, 0x000000e6, 0x00000304,
+ 0x00001e09, 0x00000002, 0x000000e7, 0x00000301,
+ 0x00001ec1, 0x00000002, 0x000000ea, 0x00000300,
+ 0x00001ebf, 0x00000002, 0x000000ea, 0x00000301,
+ 0x00001ec5, 0x00000002, 0x000000ea, 0x00000303,
+ 0x00001ec3, 0x00000002, 0x000000ea, 0x00000309,
+ 0x00001e2f, 0x00000002, 0x000000ef, 0x00000301,
+ 0x00001ed3, 0x00000002, 0x000000f4, 0x00000300,
+ 0x00001ed1, 0x00000002, 0x000000f4, 0x00000301,
+ 0x00001ed7, 0x00000002, 0x000000f4, 0x00000303,
+ 0x00001ed5, 0x00000002, 0x000000f4, 0x00000309,
+ 0x00001e4d, 0x00000002, 0x000000f5, 0x00000301,
+ 0x0000022d, 0x00000002, 0x000000f5, 0x00000304,
+ 0x00001e4f, 0x00000002, 0x000000f5, 0x00000308,
+ 0x0000022b, 0x00000002, 0x000000f6, 0x00000304,
+ 0x000001ff, 0x00000002, 0x000000f8, 0x00000301,
+ 0x000001dc, 0x00000002, 0x000000fc, 0x00000300,
+ 0x000001d8, 0x00000002, 0x000000fc, 0x00000301,
+ 0x000001d6, 0x00000002, 0x000000fc, 0x00000304,
+ 0x000001da, 0x00000002, 0x000000fc, 0x0000030c,
+ 0x00001eb0, 0x00000002, 0x00000102, 0x00000300,
+ 0x00001eae, 0x00000002, 0x00000102, 0x00000301,
+ 0x00001eb4, 0x00000002, 0x00000102, 0x00000303,
+ 0x00001eb2, 0x00000002, 0x00000102, 0x00000309,
+ 0x00001eb1, 0x00000002, 0x00000103, 0x00000300,
+ 0x00001eaf, 0x00000002, 0x00000103, 0x00000301,
+ 0x00001eb5, 0x00000002, 0x00000103, 0x00000303,
+ 0x00001eb3, 0x00000002, 0x00000103, 0x00000309,
+ 0x00001e14, 0x00000002, 0x00000112, 0x00000300,
+ 0x00001e16, 0x00000002, 0x00000112, 0x00000301,
+ 0x00001e15, 0x00000002, 0x00000113, 0x00000300,
+ 0x00001e17, 0x00000002, 0x00000113, 0x00000301,
+ 0x00001e50, 0x00000002, 0x0000014c, 0x00000300,
+ 0x00001e52, 0x00000002, 0x0000014c, 0x00000301,
+ 0x00001e51, 0x00000002, 0x0000014d, 0x00000300,
+ 0x00001e53, 0x00000002, 0x0000014d, 0x00000301,
+ 0x00001e64, 0x00000002, 0x0000015a, 0x00000307,
+ 0x00001e65, 0x00000002, 0x0000015b, 0x00000307,
+ 0x00001e66, 0x00000002, 0x00000160, 0x00000307,
+ 0x00001e67, 0x00000002, 0x00000161, 0x00000307,
+ 0x00001e78, 0x00000002, 0x00000168, 0x00000301,
+ 0x00001e79, 0x00000002, 0x00000169, 0x00000301,
+ 0x00001e7a, 0x00000002, 0x0000016a, 0x00000308,
+ 0x00001e7b, 0x00000002, 0x0000016b, 0x00000308,
+ 0x00001e9b, 0x00000002, 0x0000017f, 0x00000307,
+ 0x00001edc, 0x00000002, 0x000001a0, 0x00000300,
+ 0x00001eda, 0x00000002, 0x000001a0, 0x00000301,
+ 0x00001ee0, 0x00000002, 0x000001a0, 0x00000303,
+ 0x00001ede, 0x00000002, 0x000001a0, 0x00000309,
+ 0x00001ee2, 0x00000002, 0x000001a0, 0x00000323,
+ 0x00001edd, 0x00000002, 0x000001a1, 0x00000300,
+ 0x00001edb, 0x00000002, 0x000001a1, 0x00000301,
+ 0x00001ee1, 0x00000002, 0x000001a1, 0x00000303,
+ 0x00001edf, 0x00000002, 0x000001a1, 0x00000309,
+ 0x00001ee3, 0x00000002, 0x000001a1, 0x00000323,
+ 0x00001eea, 0x00000002, 0x000001af, 0x00000300,
+ 0x00001ee8, 0x00000002, 0x000001af, 0x00000301,
+ 0x00001eee, 0x00000002, 0x000001af, 0x00000303,
+ 0x00001eec, 0x00000002, 0x000001af, 0x00000309,
+ 0x00001ef0, 0x00000002, 0x000001af, 0x00000323,
+ 0x00001eeb, 0x00000002, 0x000001b0, 0x00000300,
+ 0x00001ee9, 0x00000002, 0x000001b0, 0x00000301,
+ 0x00001eef, 0x00000002, 0x000001b0, 0x00000303,
+ 0x00001eed, 0x00000002, 0x000001b0, 0x00000309,
+ 0x00001ef1, 0x00000002, 0x000001b0, 0x00000323,
+ 0x000001ee, 0x00000002, 0x000001b7, 0x0000030c,
+ 0x000001ec, 0x00000002, 0x000001ea, 0x00000304,
+ 0x000001ed, 0x00000002, 0x000001eb, 0x00000304,
+ 0x000001e0, 0x00000002, 0x00000226, 0x00000304,
+ 0x000001e1, 0x00000002, 0x00000227, 0x00000304,
+ 0x00001e1c, 0x00000002, 0x00000228, 0x00000306,
+ 0x00001e1d, 0x00000002, 0x00000229, 0x00000306,
+ 0x00000230, 0x00000002, 0x0000022e, 0x00000304,
+ 0x00000231, 0x00000002, 0x0000022f, 0x00000304,
+ 0x000001ef, 0x00000002, 0x00000292, 0x0000030c,
+ 0x00000344, 0x00000002, 0x00000308, 0x00000301,
+ 0x00001fba, 0x00000002, 0x00000391, 0x00000300,
+ 0x00000386, 0x00000002, 0x00000391, 0x00000301,
+ 0x00001fb9, 0x00000002, 0x00000391, 0x00000304,
+ 0x00001fb8, 0x00000002, 0x00000391, 0x00000306,
+ 0x00001f08, 0x00000002, 0x00000391, 0x00000313,
+ 0x00001f09, 0x00000002, 0x00000391, 0x00000314,
+ 0x00001fbc, 0x00000002, 0x00000391, 0x00000345,
+ 0x00001fc8, 0x00000002, 0x00000395, 0x00000300,
+ 0x00000388, 0x00000002, 0x00000395, 0x00000301,
+ 0x00001f18, 0x00000002, 0x00000395, 0x00000313,
+ 0x00001f19, 0x00000002, 0x00000395, 0x00000314,
+ 0x00001fca, 0x00000002, 0x00000397, 0x00000300,
+ 0x00000389, 0x00000002, 0x00000397, 0x00000301,
+ 0x00001f28, 0x00000002, 0x00000397, 0x00000313,
+ 0x00001f29, 0x00000002, 0x00000397, 0x00000314,
+ 0x00001fcc, 0x00000002, 0x00000397, 0x00000345,
+ 0x00001fda, 0x00000002, 0x00000399, 0x00000300,
+ 0x0000038a, 0x00000002, 0x00000399, 0x00000301,
+ 0x00001fd9, 0x00000002, 0x00000399, 0x00000304,
+ 0x00001fd8, 0x00000002, 0x00000399, 0x00000306,
+ 0x000003aa, 0x00000002, 0x00000399, 0x00000308,
+ 0x00001f38, 0x00000002, 0x00000399, 0x00000313,
+ 0x00001f39, 0x00000002, 0x00000399, 0x00000314,
+ 0x00001ff8, 0x00000002, 0x0000039f, 0x00000300,
+ 0x0000038c, 0x00000002, 0x0000039f, 0x00000301,
+ 0x00001f48, 0x00000002, 0x0000039f, 0x00000313,
+ 0x00001f49, 0x00000002, 0x0000039f, 0x00000314,
+ 0x00001fec, 0x00000002, 0x000003a1, 0x00000314,
+ 0x00001fea, 0x00000002, 0x000003a5, 0x00000300,
+ 0x0000038e, 0x00000002, 0x000003a5, 0x00000301,
+ 0x00001fe9, 0x00000002, 0x000003a5, 0x00000304,
+ 0x00001fe8, 0x00000002, 0x000003a5, 0x00000306,
+ 0x000003ab, 0x00000002, 0x000003a5, 0x00000308,
+ 0x00001f59, 0x00000002, 0x000003a5, 0x00000314,
+ 0x00001ffa, 0x00000002, 0x000003a9, 0x00000300,
+ 0x0000038f, 0x00000002, 0x000003a9, 0x00000301,
+ 0x00001f68, 0x00000002, 0x000003a9, 0x00000313,
+ 0x00001f69, 0x00000002, 0x000003a9, 0x00000314,
+ 0x00001ffc, 0x00000002, 0x000003a9, 0x00000345,
+ 0x00001fb4, 0x00000002, 0x000003ac, 0x00000345,
+ 0x00001fc4, 0x00000002, 0x000003ae, 0x00000345,
+ 0x00001f70, 0x00000002, 0x000003b1, 0x00000300,
+ 0x000003ac, 0x00000002, 0x000003b1, 0x00000301,
+ 0x00001fb1, 0x00000002, 0x000003b1, 0x00000304,
+ 0x00001fb0, 0x00000002, 0x000003b1, 0x00000306,
+ 0x00001f00, 0x00000002, 0x000003b1, 0x00000313,
+ 0x00001f01, 0x00000002, 0x000003b1, 0x00000314,
+ 0x00001fb6, 0x00000002, 0x000003b1, 0x00000342,
+ 0x00001fb3, 0x00000002, 0x000003b1, 0x00000345,
+ 0x00001f72, 0x00000002, 0x000003b5, 0x00000300,
+ 0x000003ad, 0x00000002, 0x000003b5, 0x00000301,
+ 0x00001f10, 0x00000002, 0x000003b5, 0x00000313,
+ 0x00001f11, 0x00000002, 0x000003b5, 0x00000314,
+ 0x00001f74, 0x00000002, 0x000003b7, 0x00000300,
+ 0x000003ae, 0x00000002, 0x000003b7, 0x00000301,
+ 0x00001f20, 0x00000002, 0x000003b7, 0x00000313,
+ 0x00001f21, 0x00000002, 0x000003b7, 0x00000314,
+ 0x00001fc6, 0x00000002, 0x000003b7, 0x00000342,
+ 0x00001fc3, 0x00000002, 0x000003b7, 0x00000345,
+ 0x00001f76, 0x00000002, 0x000003b9, 0x00000300,
+ 0x000003af, 0x00000002, 0x000003b9, 0x00000301,
+ 0x00001fd1, 0x00000002, 0x000003b9, 0x00000304,
+ 0x00001fd0, 0x00000002, 0x000003b9, 0x00000306,
+ 0x000003ca, 0x00000002, 0x000003b9, 0x00000308,
+ 0x00001f30, 0x00000002, 0x000003b9, 0x00000313,
+ 0x00001f31, 0x00000002, 0x000003b9, 0x00000314,
+ 0x00001fd6, 0x00000002, 0x000003b9, 0x00000342,
+ 0x00001f78, 0x00000002, 0x000003bf, 0x00000300,
+ 0x000003cc, 0x00000002, 0x000003bf, 0x00000301,
+ 0x00001f40, 0x00000002, 0x000003bf, 0x00000313,
+ 0x00001f41, 0x00000002, 0x000003bf, 0x00000314,
+ 0x00001fe4, 0x00000002, 0x000003c1, 0x00000313,
+ 0x00001fe5, 0x00000002, 0x000003c1, 0x00000314,
+ 0x00001f7a, 0x00000002, 0x000003c5, 0x00000300,
+ 0x000003cd, 0x00000002, 0x000003c5, 0x00000301,
+ 0x00001fe1, 0x00000002, 0x000003c5, 0x00000304,
+ 0x00001fe0, 0x00000002, 0x000003c5, 0x00000306,
+ 0x000003cb, 0x00000002, 0x000003c5, 0x00000308,
+ 0x00001f50, 0x00000002, 0x000003c5, 0x00000313,
+ 0x00001f51, 0x00000002, 0x000003c5, 0x00000314,
+ 0x00001fe6, 0x00000002, 0x000003c5, 0x00000342,
+ 0x00001f7c, 0x00000002, 0x000003c9, 0x00000300,
+ 0x000003ce, 0x00000002, 0x000003c9, 0x00000301,
+ 0x00001f60, 0x00000002, 0x000003c9, 0x00000313,
+ 0x00001f61, 0x00000002, 0x000003c9, 0x00000314,
+ 0x00001ff6, 0x00000002, 0x000003c9, 0x00000342,
+ 0x00001ff3, 0x00000002, 0x000003c9, 0x00000345,
+ 0x00001fd2, 0x00000002, 0x000003ca, 0x00000300,
+ 0x00000390, 0x00000002, 0x000003ca, 0x00000301,
+ 0x00001fd7, 0x00000002, 0x000003ca, 0x00000342,
+ 0x00001fe2, 0x00000002, 0x000003cb, 0x00000300,
+ 0x000003b0, 0x00000002, 0x000003cb, 0x00000301,
+ 0x00001fe7, 0x00000002, 0x000003cb, 0x00000342,
+ 0x00001ff4, 0x00000002, 0x000003ce, 0x00000345,
+ 0x000003d3, 0x00000002, 0x000003d2, 0x00000301,
+ 0x000003d4, 0x00000002, 0x000003d2, 0x00000308,
+ 0x00000407, 0x00000002, 0x00000406, 0x00000308,
+ 0x000004d0, 0x00000002, 0x00000410, 0x00000306,
+ 0x000004d2, 0x00000002, 0x00000410, 0x00000308,
+ 0x00000403, 0x00000002, 0x00000413, 0x00000301,
+ 0x00000400, 0x00000002, 0x00000415, 0x00000300,
+ 0x000004d6, 0x00000002, 0x00000415, 0x00000306,
+ 0x00000401, 0x00000002, 0x00000415, 0x00000308,
+ 0x000004c1, 0x00000002, 0x00000416, 0x00000306,
+ 0x000004dc, 0x00000002, 0x00000416, 0x00000308,
+ 0x000004de, 0x00000002, 0x00000417, 0x00000308,
+ 0x0000040d, 0x00000002, 0x00000418, 0x00000300,
+ 0x000004e2, 0x00000002, 0x00000418, 0x00000304,
+ 0x00000419, 0x00000002, 0x00000418, 0x00000306,
+ 0x000004e4, 0x00000002, 0x00000418, 0x00000308,
+ 0x0000040c, 0x00000002, 0x0000041a, 0x00000301,
+ 0x000004e6, 0x00000002, 0x0000041e, 0x00000308,
+ 0x000004ee, 0x00000002, 0x00000423, 0x00000304,
+ 0x0000040e, 0x00000002, 0x00000423, 0x00000306,
+ 0x000004f0, 0x00000002, 0x00000423, 0x00000308,
+ 0x000004f2, 0x00000002, 0x00000423, 0x0000030b,
+ 0x000004f4, 0x00000002, 0x00000427, 0x00000308,
+ 0x000004f8, 0x00000002, 0x0000042b, 0x00000308,
+ 0x000004ec, 0x00000002, 0x0000042d, 0x00000308,
+ 0x000004d1, 0x00000002, 0x00000430, 0x00000306,
+ 0x000004d3, 0x00000002, 0x00000430, 0x00000308,
+ 0x00000453, 0x00000002, 0x00000433, 0x00000301,
+ 0x00000450, 0x00000002, 0x00000435, 0x00000300,
+ 0x000004d7, 0x00000002, 0x00000435, 0x00000306,
+ 0x00000451, 0x00000002, 0x00000435, 0x00000308,
+ 0x000004c2, 0x00000002, 0x00000436, 0x00000306,
+ 0x000004dd, 0x00000002, 0x00000436, 0x00000308,
+ 0x000004df, 0x00000002, 0x00000437, 0x00000308,
+ 0x0000045d, 0x00000002, 0x00000438, 0x00000300,
+ 0x000004e3, 0x00000002, 0x00000438, 0x00000304,
+ 0x00000439, 0x00000002, 0x00000438, 0x00000306,
+ 0x000004e5, 0x00000002, 0x00000438, 0x00000308,
+ 0x0000045c, 0x00000002, 0x0000043a, 0x00000301,
+ 0x000004e7, 0x00000002, 0x0000043e, 0x00000308,
+ 0x000004ef, 0x00000002, 0x00000443, 0x00000304,
+ 0x0000045e, 0x00000002, 0x00000443, 0x00000306,
+ 0x000004f1, 0x00000002, 0x00000443, 0x00000308,
+ 0x000004f3, 0x00000002, 0x00000443, 0x0000030b,
+ 0x000004f5, 0x00000002, 0x00000447, 0x00000308,
+ 0x000004f9, 0x00000002, 0x0000044b, 0x00000308,
+ 0x000004ed, 0x00000002, 0x0000044d, 0x00000308,
+ 0x00000457, 0x00000002, 0x00000456, 0x00000308,
+ 0x00000476, 0x00000002, 0x00000474, 0x0000030f,
+ 0x00000477, 0x00000002, 0x00000475, 0x0000030f,
+ 0x000004da, 0x00000002, 0x000004d8, 0x00000308,
+ 0x000004db, 0x00000002, 0x000004d9, 0x00000308,
+ 0x000004ea, 0x00000002, 0x000004e8, 0x00000308,
+ 0x000004eb, 0x00000002, 0x000004e9, 0x00000308,
+ 0x00000622, 0x00000002, 0x00000627, 0x00000653,
+ 0x00000623, 0x00000002, 0x00000627, 0x00000654,
+ 0x00000625, 0x00000002, 0x00000627, 0x00000655,
+ 0x00000624, 0x00000002, 0x00000648, 0x00000654,
+ 0x00000626, 0x00000002, 0x0000064a, 0x00000654,
+ 0x000006c2, 0x00000002, 0x000006c1, 0x00000654,
+ 0x000006d3, 0x00000002, 0x000006d2, 0x00000654,
+ 0x000006c0, 0x00000002, 0x000006d5, 0x00000654,
+ 0x00000929, 0x00000002, 0x00000928, 0x0000093c,
+ 0x00000931, 0x00000002, 0x00000930, 0x0000093c,
+ 0x00000934, 0x00000002, 0x00000933, 0x0000093c,
+ 0x000009cb, 0x00000002, 0x000009c7, 0x000009be,
+ 0x000009cc, 0x00000002, 0x000009c7, 0x000009d7,
+ 0x00000b4b, 0x00000002, 0x00000b47, 0x00000b3e,
+ 0x00000b48, 0x00000002, 0x00000b47, 0x00000b56,
+ 0x00000b4c, 0x00000002, 0x00000b47, 0x00000b57,
+ 0x00000b94, 0x00000002, 0x00000b92, 0x00000bd7,
+ 0x00000bca, 0x00000002, 0x00000bc6, 0x00000bbe,
+ 0x00000bcc, 0x00000002, 0x00000bc6, 0x00000bd7,
+ 0x00000bcb, 0x00000002, 0x00000bc7, 0x00000bbe,
+ 0x00000c48, 0x00000002, 0x00000c46, 0x00000c56,
+ 0x00000cc0, 0x00000002, 0x00000cbf, 0x00000cd5,
+ 0x00000cca, 0x00000002, 0x00000cc6, 0x00000cc2,
+ 0x00000cc7, 0x00000002, 0x00000cc6, 0x00000cd5,
+ 0x00000cc8, 0x00000002, 0x00000cc6, 0x00000cd6,
+ 0x00000ccb, 0x00000002, 0x00000cca, 0x00000cd5,
+ 0x00000d4a, 0x00000002, 0x00000d46, 0x00000d3e,
+ 0x00000d4c, 0x00000002, 0x00000d46, 0x00000d57,
+ 0x00000d4b, 0x00000002, 0x00000d47, 0x00000d3e,
+ 0x00000dda, 0x00000002, 0x00000dd9, 0x00000dca,
+ 0x00000ddc, 0x00000002, 0x00000dd9, 0x00000dcf,
+ 0x00000dde, 0x00000002, 0x00000dd9, 0x00000ddf,
+ 0x00000ddd, 0x00000002, 0x00000ddc, 0x00000dca,
+ 0x00000f73, 0x00000002, 0x00000f71, 0x00000f72,
+ 0x00000f75, 0x00000002, 0x00000f71, 0x00000f74,
+ 0x00000f81, 0x00000002, 0x00000f71, 0x00000f80,
+ 0x00001026, 0x00000002, 0x00001025, 0x0000102e,
+ 0x00001e38, 0x00000002, 0x00001e36, 0x00000304,
+ 0x00001e39, 0x00000002, 0x00001e37, 0x00000304,
+ 0x00001e5c, 0x00000002, 0x00001e5a, 0x00000304,
+ 0x00001e5d, 0x00000002, 0x00001e5b, 0x00000304,
+ 0x00001e68, 0x00000002, 0x00001e62, 0x00000307,
+ 0x00001e69, 0x00000002, 0x00001e63, 0x00000307,
+ 0x00001eac, 0x00000002, 0x00001ea0, 0x00000302,
+ 0x00001eb6, 0x00000002, 0x00001ea0, 0x00000306,
+ 0x00001ead, 0x00000002, 0x00001ea1, 0x00000302,
+ 0x00001eb7, 0x00000002, 0x00001ea1, 0x00000306,
+ 0x00001ec6, 0x00000002, 0x00001eb8, 0x00000302,
+ 0x00001ec7, 0x00000002, 0x00001eb9, 0x00000302,
+ 0x00001ed8, 0x00000002, 0x00001ecc, 0x00000302,
+ 0x00001ed9, 0x00000002, 0x00001ecd, 0x00000302,
+ 0x00001f02, 0x00000002, 0x00001f00, 0x00000300,
+ 0x00001f04, 0x00000002, 0x00001f00, 0x00000301,
+ 0x00001f06, 0x00000002, 0x00001f00, 0x00000342,
+ 0x00001f80, 0x00000002, 0x00001f00, 0x00000345,
+ 0x00001f03, 0x00000002, 0x00001f01, 0x00000300,
+ 0x00001f05, 0x00000002, 0x00001f01, 0x00000301,
+ 0x00001f07, 0x00000002, 0x00001f01, 0x00000342,
+ 0x00001f81, 0x00000002, 0x00001f01, 0x00000345,
+ 0x00001f82, 0x00000002, 0x00001f02, 0x00000345,
+ 0x00001f83, 0x00000002, 0x00001f03, 0x00000345,
+ 0x00001f84, 0x00000002, 0x00001f04, 0x00000345,
+ 0x00001f85, 0x00000002, 0x00001f05, 0x00000345,
+ 0x00001f86, 0x00000002, 0x00001f06, 0x00000345,
+ 0x00001f87, 0x00000002, 0x00001f07, 0x00000345,
+ 0x00001f0a, 0x00000002, 0x00001f08, 0x00000300,
+ 0x00001f0c, 0x00000002, 0x00001f08, 0x00000301,
+ 0x00001f0e, 0x00000002, 0x00001f08, 0x00000342,
+ 0x00001f88, 0x00000002, 0x00001f08, 0x00000345,
+ 0x00001f0b, 0x00000002, 0x00001f09, 0x00000300,
+ 0x00001f0d, 0x00000002, 0x00001f09, 0x00000301,
+ 0x00001f0f, 0x00000002, 0x00001f09, 0x00000342,
+ 0x00001f89, 0x00000002, 0x00001f09, 0x00000345,
+ 0x00001f8a, 0x00000002, 0x00001f0a, 0x00000345,
+ 0x00001f8b, 0x00000002, 0x00001f0b, 0x00000345,
+ 0x00001f8c, 0x00000002, 0x00001f0c, 0x00000345,
+ 0x00001f8d, 0x00000002, 0x00001f0d, 0x00000345,
+ 0x00001f8e, 0x00000002, 0x00001f0e, 0x00000345,
+ 0x00001f8f, 0x00000002, 0x00001f0f, 0x00000345,
+ 0x00001f12, 0x00000002, 0x00001f10, 0x00000300,
+ 0x00001f14, 0x00000002, 0x00001f10, 0x00000301,
+ 0x00001f13, 0x00000002, 0x00001f11, 0x00000300,
+ 0x00001f15, 0x00000002, 0x00001f11, 0x00000301,
+ 0x00001f1a, 0x00000002, 0x00001f18, 0x00000300,
+ 0x00001f1c, 0x00000002, 0x00001f18, 0x00000301,
+ 0x00001f1b, 0x00000002, 0x00001f19, 0x00000300,
+ 0x00001f1d, 0x00000002, 0x00001f19, 0x00000301,
+ 0x00001f22, 0x00000002, 0x00001f20, 0x00000300,
+ 0x00001f24, 0x00000002, 0x00001f20, 0x00000301,
+ 0x00001f26, 0x00000002, 0x00001f20, 0x00000342,
+ 0x00001f90, 0x00000002, 0x00001f20, 0x00000345,
+ 0x00001f23, 0x00000002, 0x00001f21, 0x00000300,
+ 0x00001f25, 0x00000002, 0x00001f21, 0x00000301,
+ 0x00001f27, 0x00000002, 0x00001f21, 0x00000342,
+ 0x00001f91, 0x00000002, 0x00001f21, 0x00000345,
+ 0x00001f92, 0x00000002, 0x00001f22, 0x00000345,
+ 0x00001f93, 0x00000002, 0x00001f23, 0x00000345,
+ 0x00001f94, 0x00000002, 0x00001f24, 0x00000345,
+ 0x00001f95, 0x00000002, 0x00001f25, 0x00000345,
+ 0x00001f96, 0x00000002, 0x00001f26, 0x00000345,
+ 0x00001f97, 0x00000002, 0x00001f27, 0x00000345,
+ 0x00001f2a, 0x00000002, 0x00001f28, 0x00000300,
+ 0x00001f2c, 0x00000002, 0x00001f28, 0x00000301,
+ 0x00001f2e, 0x00000002, 0x00001f28, 0x00000342,
+ 0x00001f98, 0x00000002, 0x00001f28, 0x00000345,
+ 0x00001f2b, 0x00000002, 0x00001f29, 0x00000300,
+ 0x00001f2d, 0x00000002, 0x00001f29, 0x00000301,
+ 0x00001f2f, 0x00000002, 0x00001f29, 0x00000342,
+ 0x00001f99, 0x00000002, 0x00001f29, 0x00000345,
+ 0x00001f9a, 0x00000002, 0x00001f2a, 0x00000345,
+ 0x00001f9b, 0x00000002, 0x00001f2b, 0x00000345,
+ 0x00001f9c, 0x00000002, 0x00001f2c, 0x00000345,
+ 0x00001f9d, 0x00000002, 0x00001f2d, 0x00000345,
+ 0x00001f9e, 0x00000002, 0x00001f2e, 0x00000345,
+ 0x00001f9f, 0x00000002, 0x00001f2f, 0x00000345,
+ 0x00001f32, 0x00000002, 0x00001f30, 0x00000300,
+ 0x00001f34, 0x00000002, 0x00001f30, 0x00000301,
+ 0x00001f36, 0x00000002, 0x00001f30, 0x00000342,
+ 0x00001f33, 0x00000002, 0x00001f31, 0x00000300,
+ 0x00001f35, 0x00000002, 0x00001f31, 0x00000301,
+ 0x00001f37, 0x00000002, 0x00001f31, 0x00000342,
+ 0x00001f3a, 0x00000002, 0x00001f38, 0x00000300,
+ 0x00001f3c, 0x00000002, 0x00001f38, 0x00000301,
+ 0x00001f3e, 0x00000002, 0x00001f38, 0x00000342,
+ 0x00001f3b, 0x00000002, 0x00001f39, 0x00000300,
+ 0x00001f3d, 0x00000002, 0x00001f39, 0x00000301,
+ 0x00001f3f, 0x00000002, 0x00001f39, 0x00000342,
+ 0x00001f42, 0x00000002, 0x00001f40, 0x00000300,
+ 0x00001f44, 0x00000002, 0x00001f40, 0x00000301,
+ 0x00001f43, 0x00000002, 0x00001f41, 0x00000300,
+ 0x00001f45, 0x00000002, 0x00001f41, 0x00000301,
+ 0x00001f4a, 0x00000002, 0x00001f48, 0x00000300,
+ 0x00001f4c, 0x00000002, 0x00001f48, 0x00000301,
+ 0x00001f4b, 0x00000002, 0x00001f49, 0x00000300,
+ 0x00001f4d, 0x00000002, 0x00001f49, 0x00000301,
+ 0x00001f52, 0x00000002, 0x00001f50, 0x00000300,
+ 0x00001f54, 0x00000002, 0x00001f50, 0x00000301,
+ 0x00001f56, 0x00000002, 0x00001f50, 0x00000342,
+ 0x00001f53, 0x00000002, 0x00001f51, 0x00000300,
+ 0x00001f55, 0x00000002, 0x00001f51, 0x00000301,
+ 0x00001f57, 0x00000002, 0x00001f51, 0x00000342,
+ 0x00001f5b, 0x00000002, 0x00001f59, 0x00000300,
+ 0x00001f5d, 0x00000002, 0x00001f59, 0x00000301,
+ 0x00001f5f, 0x00000002, 0x00001f59, 0x00000342,
+ 0x00001f62, 0x00000002, 0x00001f60, 0x00000300,
+ 0x00001f64, 0x00000002, 0x00001f60, 0x00000301,
+ 0x00001f66, 0x00000002, 0x00001f60, 0x00000342,
+ 0x00001fa0, 0x00000002, 0x00001f60, 0x00000345,
+ 0x00001f63, 0x00000002, 0x00001f61, 0x00000300,
+ 0x00001f65, 0x00000002, 0x00001f61, 0x00000301,
+ 0x00001f67, 0x00000002, 0x00001f61, 0x00000342,
+ 0x00001fa1, 0x00000002, 0x00001f61, 0x00000345,
+ 0x00001fa2, 0x00000002, 0x00001f62, 0x00000345,
+ 0x00001fa3, 0x00000002, 0x00001f63, 0x00000345,
+ 0x00001fa4, 0x00000002, 0x00001f64, 0x00000345,
+ 0x00001fa5, 0x00000002, 0x00001f65, 0x00000345,
+ 0x00001fa6, 0x00000002, 0x00001f66, 0x00000345,
+ 0x00001fa7, 0x00000002, 0x00001f67, 0x00000345,
+ 0x00001f6a, 0x00000002, 0x00001f68, 0x00000300,
+ 0x00001f6c, 0x00000002, 0x00001f68, 0x00000301,
+ 0x00001f6e, 0x00000002, 0x00001f68, 0x00000342,
+ 0x00001fa8, 0x00000002, 0x00001f68, 0x00000345,
+ 0x00001f6b, 0x00000002, 0x00001f69, 0x00000300,
+ 0x00001f6d, 0x00000002, 0x00001f69, 0x00000301,
+ 0x00001f6f, 0x00000002, 0x00001f69, 0x00000342,
+ 0x00001fa9, 0x00000002, 0x00001f69, 0x00000345,
+ 0x00001faa, 0x00000002, 0x00001f6a, 0x00000345,
+ 0x00001fab, 0x00000002, 0x00001f6b, 0x00000345,
+ 0x00001fac, 0x00000002, 0x00001f6c, 0x00000345,
+ 0x00001fad, 0x00000002, 0x00001f6d, 0x00000345,
+ 0x00001fae, 0x00000002, 0x00001f6e, 0x00000345,
+ 0x00001faf, 0x00000002, 0x00001f6f, 0x00000345,
+ 0x00001fb2, 0x00000002, 0x00001f70, 0x00000345,
+ 0x00001fc2, 0x00000002, 0x00001f74, 0x00000345,
+ 0x00001ff2, 0x00000002, 0x00001f7c, 0x00000345,
+ 0x00001fb7, 0x00000002, 0x00001fb6, 0x00000345,
+ 0x00001fcd, 0x00000002, 0x00001fbf, 0x00000300,
+ 0x00001fce, 0x00000002, 0x00001fbf, 0x00000301,
+ 0x00001fcf, 0x00000002, 0x00001fbf, 0x00000342,
+ 0x00001fc7, 0x00000002, 0x00001fc6, 0x00000345,
+ 0x00001ff7, 0x00000002, 0x00001ff6, 0x00000345,
+ 0x00001fdd, 0x00000002, 0x00001ffe, 0x00000300,
+ 0x00001fde, 0x00000002, 0x00001ffe, 0x00000301,
+ 0x00001fdf, 0x00000002, 0x00001ffe, 0x00000342,
+ 0x0000219a, 0x00000002, 0x00002190, 0x00000338,
+ 0x0000219b, 0x00000002, 0x00002192, 0x00000338,
+ 0x000021ae, 0x00000002, 0x00002194, 0x00000338,
+ 0x000021cd, 0x00000002, 0x000021d0, 0x00000338,
+ 0x000021cf, 0x00000002, 0x000021d2, 0x00000338,
+ 0x000021ce, 0x00000002, 0x000021d4, 0x00000338,
+ 0x00002204, 0x00000002, 0x00002203, 0x00000338,
+ 0x00002209, 0x00000002, 0x00002208, 0x00000338,
+ 0x0000220c, 0x00000002, 0x0000220b, 0x00000338,
+ 0x00002224, 0x00000002, 0x00002223, 0x00000338,
+ 0x00002226, 0x00000002, 0x00002225, 0x00000338,
+ 0x00002241, 0x00000002, 0x0000223c, 0x00000338,
+ 0x00002244, 0x00000002, 0x00002243, 0x00000338,
+ 0x00002247, 0x00000002, 0x00002245, 0x00000338,
+ 0x00002249, 0x00000002, 0x00002248, 0x00000338,
+ 0x0000226d, 0x00000002, 0x0000224d, 0x00000338,
+ 0x00002262, 0x00000002, 0x00002261, 0x00000338,
+ 0x00002270, 0x00000002, 0x00002264, 0x00000338,
+ 0x00002271, 0x00000002, 0x00002265, 0x00000338,
+ 0x00002274, 0x00000002, 0x00002272, 0x00000338,
+ 0x00002275, 0x00000002, 0x00002273, 0x00000338,
+ 0x00002278, 0x00000002, 0x00002276, 0x00000338,
+ 0x00002279, 0x00000002, 0x00002277, 0x00000338,
+ 0x00002280, 0x00000002, 0x0000227a, 0x00000338,
+ 0x00002281, 0x00000002, 0x0000227b, 0x00000338,
+ 0x000022e0, 0x00000002, 0x0000227c, 0x00000338,
+ 0x000022e1, 0x00000002, 0x0000227d, 0x00000338,
+ 0x00002284, 0x00000002, 0x00002282, 0x00000338,
+ 0x00002285, 0x00000002, 0x00002283, 0x00000338,
+ 0x00002288, 0x00000002, 0x00002286, 0x00000338,
+ 0x00002289, 0x00000002, 0x00002287, 0x00000338,
+ 0x000022e2, 0x00000002, 0x00002291, 0x00000338,
+ 0x000022e3, 0x00000002, 0x00002292, 0x00000338,
+ 0x000022ac, 0x00000002, 0x000022a2, 0x00000338,
+ 0x000022ad, 0x00000002, 0x000022a8, 0x00000338,
+ 0x000022ae, 0x00000002, 0x000022a9, 0x00000338,
+ 0x000022af, 0x00000002, 0x000022ab, 0x00000338,
+ 0x000022ea, 0x00000002, 0x000022b2, 0x00000338,
+ 0x000022eb, 0x00000002, 0x000022b3, 0x00000338,
+ 0x000022ec, 0x00000002, 0x000022b4, 0x00000338,
+ 0x000022ed, 0x00000002, 0x000022b5, 0x00000338,
+ 0x00003094, 0x00000002, 0x00003046, 0x00003099,
+ 0x0000304c, 0x00000002, 0x0000304b, 0x00003099,
+ 0x0000304e, 0x00000002, 0x0000304d, 0x00003099,
+ 0x00003050, 0x00000002, 0x0000304f, 0x00003099,
+ 0x00003052, 0x00000002, 0x00003051, 0x00003099,
+ 0x00003054, 0x00000002, 0x00003053, 0x00003099,
+ 0x00003056, 0x00000002, 0x00003055, 0x00003099,
+ 0x00003058, 0x00000002, 0x00003057, 0x00003099,
+ 0x0000305a, 0x00000002, 0x00003059, 0x00003099,
+ 0x0000305c, 0x00000002, 0x0000305b, 0x00003099,
+ 0x0000305e, 0x00000002, 0x0000305d, 0x00003099,
+ 0x00003060, 0x00000002, 0x0000305f, 0x00003099,
+ 0x00003062, 0x00000002, 0x00003061, 0x00003099,
+ 0x00003065, 0x00000002, 0x00003064, 0x00003099,
+ 0x00003067, 0x00000002, 0x00003066, 0x00003099,
+ 0x00003069, 0x00000002, 0x00003068, 0x00003099,
+ 0x00003070, 0x00000002, 0x0000306f, 0x00003099,
+ 0x00003071, 0x00000002, 0x0000306f, 0x0000309a,
+ 0x00003073, 0x00000002, 0x00003072, 0x00003099,
+ 0x00003074, 0x00000002, 0x00003072, 0x0000309a,
+ 0x00003076, 0x00000002, 0x00003075, 0x00003099,
+ 0x00003077, 0x00000002, 0x00003075, 0x0000309a,
+ 0x00003079, 0x00000002, 0x00003078, 0x00003099,
+ 0x0000307a, 0x00000002, 0x00003078, 0x0000309a,
+ 0x0000307c, 0x00000002, 0x0000307b, 0x00003099,
+ 0x0000307d, 0x00000002, 0x0000307b, 0x0000309a,
+ 0x0000309e, 0x00000002, 0x0000309d, 0x00003099,
+ 0x000030f4, 0x00000002, 0x000030a6, 0x00003099,
+ 0x000030ac, 0x00000002, 0x000030ab, 0x00003099,
+ 0x000030ae, 0x00000002, 0x000030ad, 0x00003099,
+ 0x000030b0, 0x00000002, 0x000030af, 0x00003099,
+ 0x000030b2, 0x00000002, 0x000030b1, 0x00003099,
+ 0x000030b4, 0x00000002, 0x000030b3, 0x00003099,
+ 0x000030b6, 0x00000002, 0x000030b5, 0x00003099,
+ 0x000030b8, 0x00000002, 0x000030b7, 0x00003099,
+ 0x000030ba, 0x00000002, 0x000030b9, 0x00003099,
+ 0x000030bc, 0x00000002, 0x000030bb, 0x00003099,
+ 0x000030be, 0x00000002, 0x000030bd, 0x00003099,
+ 0x000030c0, 0x00000002, 0x000030bf, 0x00003099,
+ 0x000030c2, 0x00000002, 0x000030c1, 0x00003099,
+ 0x000030c5, 0x00000002, 0x000030c4, 0x00003099,
+ 0x000030c7, 0x00000002, 0x000030c6, 0x00003099,
+ 0x000030c9, 0x00000002, 0x000030c8, 0x00003099,
+ 0x000030d0, 0x00000002, 0x000030cf, 0x00003099,
+ 0x000030d1, 0x00000002, 0x000030cf, 0x0000309a,
+ 0x000030d3, 0x00000002, 0x000030d2, 0x00003099,
+ 0x000030d4, 0x00000002, 0x000030d2, 0x0000309a,
+ 0x000030d6, 0x00000002, 0x000030d5, 0x00003099,
+ 0x000030d7, 0x00000002, 0x000030d5, 0x0000309a,
+ 0x000030d9, 0x00000002, 0x000030d8, 0x00003099,
+ 0x000030da, 0x00000002, 0x000030d8, 0x0000309a,
+ 0x000030dc, 0x00000002, 0x000030db, 0x00003099,
+ 0x000030dd, 0x00000002, 0x000030db, 0x0000309a,
+ 0x000030f7, 0x00000002, 0x000030ef, 0x00003099,
+ 0x000030f8, 0x00000002, 0x000030f0, 0x00003099,
+ 0x000030f9, 0x00000002, 0x000030f1, 0x00003099,
+ 0x000030fa, 0x00000002, 0x000030f2, 0x00003099,
+ 0x000030fe, 0x00000002, 0x000030fd, 0x00003099
+};
+
+static const ac_uint4 _ucdcmp_size = 3848;
+
+static const ac_uint4 _ucdcmp_nodes[] = {
+ 0x000000c0, 0x00000000,
+ 0x000000c1, 0x00000002,
+ 0x000000c2, 0x00000004,
+ 0x000000c3, 0x00000006,
+ 0x000000c4, 0x00000008,
+ 0x000000c5, 0x0000000a,
+ 0x000000c7, 0x0000000c,
+ 0x000000c8, 0x0000000e,
+ 0x000000c9, 0x00000010,
+ 0x000000ca, 0x00000012,
+ 0x000000cb, 0x00000014,
+ 0x000000cc, 0x00000016,
+ 0x000000cd, 0x00000018,
+ 0x000000ce, 0x0000001a,
+ 0x000000cf, 0x0000001c,
+ 0x000000d1, 0x0000001e,
+ 0x000000d2, 0x00000020,
+ 0x000000d3, 0x00000022,
+ 0x000000d4, 0x00000024,
+ 0x000000d5, 0x00000026,
+ 0x000000d6, 0x00000028,
+ 0x000000d9, 0x0000002a,
+ 0x000000da, 0x0000002c,
+ 0x000000db, 0x0000002e,
+ 0x000000dc, 0x00000030,
+ 0x000000dd, 0x00000032,
+ 0x000000e0, 0x00000034,
+ 0x000000e1, 0x00000036,
+ 0x000000e2, 0x00000038,
+ 0x000000e3, 0x0000003a,
+ 0x000000e4, 0x0000003c,
+ 0x000000e5, 0x0000003e,
+ 0x000000e7, 0x00000040,
+ 0x000000e8, 0x00000042,
+ 0x000000e9, 0x00000044,
+ 0x000000ea, 0x00000046,
+ 0x000000eb, 0x00000048,
+ 0x000000ec, 0x0000004a,
+ 0x000000ed, 0x0000004c,
+ 0x000000ee, 0x0000004e,
+ 0x000000ef, 0x00000050,
+ 0x000000f1, 0x00000052,
+ 0x000000f2, 0x00000054,
+ 0x000000f3, 0x00000056,
+ 0x000000f4, 0x00000058,
+ 0x000000f5, 0x0000005a,
+ 0x000000f6, 0x0000005c,
+ 0x000000f9, 0x0000005e,
+ 0x000000fa, 0x00000060,
+ 0x000000fb, 0x00000062,
+ 0x000000fc, 0x00000064,
+ 0x000000fd, 0x00000066,
+ 0x000000ff, 0x00000068,
+ 0x00000100, 0x0000006a,
+ 0x00000101, 0x0000006c,
+ 0x00000102, 0x0000006e,
+ 0x00000103, 0x00000070,
+ 0x00000104, 0x00000072,
+ 0x00000105, 0x00000074,
+ 0x00000106, 0x00000076,
+ 0x00000107, 0x00000078,
+ 0x00000108, 0x0000007a,
+ 0x00000109, 0x0000007c,
+ 0x0000010a, 0x0000007e,
+ 0x0000010b, 0x00000080,
+ 0x0000010c, 0x00000082,
+ 0x0000010d, 0x00000084,
+ 0x0000010e, 0x00000086,
+ 0x0000010f, 0x00000088,
+ 0x00000112, 0x0000008a,
+ 0x00000113, 0x0000008c,
+ 0x00000114, 0x0000008e,
+ 0x00000115, 0x00000090,
+ 0x00000116, 0x00000092,
+ 0x00000117, 0x00000094,
+ 0x00000118, 0x00000096,
+ 0x00000119, 0x00000098,
+ 0x0000011a, 0x0000009a,
+ 0x0000011b, 0x0000009c,
+ 0x0000011c, 0x0000009e,
+ 0x0000011d, 0x000000a0,
+ 0x0000011e, 0x000000a2,
+ 0x0000011f, 0x000000a4,
+ 0x00000120, 0x000000a6,
+ 0x00000121, 0x000000a8,
+ 0x00000122, 0x000000aa,
+ 0x00000123, 0x000000ac,
+ 0x00000124, 0x000000ae,
+ 0x00000125, 0x000000b0,
+ 0x00000128, 0x000000b2,
+ 0x00000129, 0x000000b4,
+ 0x0000012a, 0x000000b6,
+ 0x0000012b, 0x000000b8,
+ 0x0000012c, 0x000000ba,
+ 0x0000012d, 0x000000bc,
+ 0x0000012e, 0x000000be,
+ 0x0000012f, 0x000000c0,
+ 0x00000130, 0x000000c2,
+ 0x00000134, 0x000000c4,
+ 0x00000135, 0x000000c6,
+ 0x00000136, 0x000000c8,
+ 0x00000137, 0x000000ca,
+ 0x00000139, 0x000000cc,
+ 0x0000013a, 0x000000ce,
+ 0x0000013b, 0x000000d0,
+ 0x0000013c, 0x000000d2,
+ 0x0000013d, 0x000000d4,
+ 0x0000013e, 0x000000d6,
+ 0x00000143, 0x000000d8,
+ 0x00000144, 0x000000da,
+ 0x00000145, 0x000000dc,
+ 0x00000146, 0x000000de,
+ 0x00000147, 0x000000e0,
+ 0x00000148, 0x000000e2,
+ 0x0000014c, 0x000000e4,
+ 0x0000014d, 0x000000e6,
+ 0x0000014e, 0x000000e8,
+ 0x0000014f, 0x000000ea,
+ 0x00000150, 0x000000ec,
+ 0x00000151, 0x000000ee,
+ 0x00000154, 0x000000f0,
+ 0x00000155, 0x000000f2,
+ 0x00000156, 0x000000f4,
+ 0x00000157, 0x000000f6,
+ 0x00000158, 0x000000f8,
+ 0x00000159, 0x000000fa,
+ 0x0000015a, 0x000000fc,
+ 0x0000015b, 0x000000fe,
+ 0x0000015c, 0x00000100,
+ 0x0000015d, 0x00000102,
+ 0x0000015e, 0x00000104,
+ 0x0000015f, 0x00000106,
+ 0x00000160, 0x00000108,
+ 0x00000161, 0x0000010a,
+ 0x00000162, 0x0000010c,
+ 0x00000163, 0x0000010e,
+ 0x00000164, 0x00000110,
+ 0x00000165, 0x00000112,
+ 0x00000168, 0x00000114,
+ 0x00000169, 0x00000116,
+ 0x0000016a, 0x00000118,
+ 0x0000016b, 0x0000011a,
+ 0x0000016c, 0x0000011c,
+ 0x0000016d, 0x0000011e,
+ 0x0000016e, 0x00000120,
+ 0x0000016f, 0x00000122,
+ 0x00000170, 0x00000124,
+ 0x00000171, 0x00000126,
+ 0x00000172, 0x00000128,
+ 0x00000173, 0x0000012a,
+ 0x00000174, 0x0000012c,
+ 0x00000175, 0x0000012e,
+ 0x00000176, 0x00000130,
+ 0x00000177, 0x00000132,
+ 0x00000178, 0x00000134,
+ 0x00000179, 0x00000136,
+ 0x0000017a, 0x00000138,
+ 0x0000017b, 0x0000013a,
+ 0x0000017c, 0x0000013c,
+ 0x0000017d, 0x0000013e,
+ 0x0000017e, 0x00000140,
+ 0x000001a0, 0x00000142,
+ 0x000001a1, 0x00000144,
+ 0x000001af, 0x00000146,
+ 0x000001b0, 0x00000148,
+ 0x000001cd, 0x0000014a,
+ 0x000001ce, 0x0000014c,
+ 0x000001cf, 0x0000014e,
+ 0x000001d0, 0x00000150,
+ 0x000001d1, 0x00000152,
+ 0x000001d2, 0x00000154,
+ 0x000001d3, 0x00000156,
+ 0x000001d4, 0x00000158,
+ 0x000001d5, 0x0000015a,
+ 0x000001d6, 0x0000015d,
+ 0x000001d7, 0x00000160,
+ 0x000001d8, 0x00000163,
+ 0x000001d9, 0x00000166,
+ 0x000001da, 0x00000169,
+ 0x000001db, 0x0000016c,
+ 0x000001dc, 0x0000016f,
+ 0x000001de, 0x00000172,
+ 0x000001df, 0x00000175,
+ 0x000001e0, 0x00000178,
+ 0x000001e1, 0x0000017b,
+ 0x000001e2, 0x0000017e,
+ 0x000001e3, 0x00000180,
+ 0x000001e6, 0x00000182,
+ 0x000001e7, 0x00000184,
+ 0x000001e8, 0x00000186,
+ 0x000001e9, 0x00000188,
+ 0x000001ea, 0x0000018a,
+ 0x000001eb, 0x0000018c,
+ 0x000001ec, 0x0000018e,
+ 0x000001ed, 0x00000191,
+ 0x000001ee, 0x00000194,
+ 0x000001ef, 0x00000196,
+ 0x000001f0, 0x00000198,
+ 0x000001f4, 0x0000019a,
+ 0x000001f5, 0x0000019c,
+ 0x000001f8, 0x0000019e,
+ 0x000001f9, 0x000001a0,
+ 0x000001fa, 0x000001a2,
+ 0x000001fb, 0x000001a5,
+ 0x000001fc, 0x000001a8,
+ 0x000001fd, 0x000001aa,
+ 0x000001fe, 0x000001ac,
+ 0x000001ff, 0x000001ae,
+ 0x00000200, 0x000001b0,
+ 0x00000201, 0x000001b2,
+ 0x00000202, 0x000001b4,
+ 0x00000203, 0x000001b6,
+ 0x00000204, 0x000001b8,
+ 0x00000205, 0x000001ba,
+ 0x00000206, 0x000001bc,
+ 0x00000207, 0x000001be,
+ 0x00000208, 0x000001c0,
+ 0x00000209, 0x000001c2,
+ 0x0000020a, 0x000001c4,
+ 0x0000020b, 0x000001c6,
+ 0x0000020c, 0x000001c8,
+ 0x0000020d, 0x000001ca,
+ 0x0000020e, 0x000001cc,
+ 0x0000020f, 0x000001ce,
+ 0x00000210, 0x000001d0,
+ 0x00000211, 0x000001d2,
+ 0x00000212, 0x000001d4,
+ 0x00000213, 0x000001d6,
+ 0x00000214, 0x000001d8,
+ 0x00000215, 0x000001da,
+ 0x00000216, 0x000001dc,
+ 0x00000217, 0x000001de,
+ 0x00000218, 0x000001e0,
+ 0x00000219, 0x000001e2,
+ 0x0000021a, 0x000001e4,
+ 0x0000021b, 0x000001e6,
+ 0x0000021e, 0x000001e8,
+ 0x0000021f, 0x000001ea,
+ 0x00000226, 0x000001ec,
+ 0x00000227, 0x000001ee,
+ 0x00000228, 0x000001f0,
+ 0x00000229, 0x000001f2,
+ 0x0000022a, 0x000001f4,
+ 0x0000022b, 0x000001f7,
+ 0x0000022c, 0x000001fa,
+ 0x0000022d, 0x000001fd,
+ 0x0000022e, 0x00000200,
+ 0x0000022f, 0x00000202,
+ 0x00000230, 0x00000204,
+ 0x00000231, 0x00000207,
+ 0x00000232, 0x0000020a,
+ 0x00000233, 0x0000020c,
+ 0x00000340, 0x0000020e,
+ 0x00000341, 0x0000020f,
+ 0x00000343, 0x00000210,
+ 0x00000344, 0x00000211,
+ 0x00000374, 0x00000213,
+ 0x0000037e, 0x00000214,
+ 0x00000385, 0x00000215,
+ 0x00000386, 0x00000217,
+ 0x00000387, 0x00000219,
+ 0x00000388, 0x0000021a,
+ 0x00000389, 0x0000021c,
+ 0x0000038a, 0x0000021e,
+ 0x0000038c, 0x00000220,
+ 0x0000038e, 0x00000222,
+ 0x0000038f, 0x00000224,
+ 0x00000390, 0x00000226,
+ 0x000003aa, 0x00000229,
+ 0x000003ab, 0x0000022b,
+ 0x000003ac, 0x0000022d,
+ 0x000003ad, 0x0000022f,
+ 0x000003ae, 0x00000231,
+ 0x000003af, 0x00000233,
+ 0x000003b0, 0x00000235,
+ 0x000003ca, 0x00000238,
+ 0x000003cb, 0x0000023a,
+ 0x000003cc, 0x0000023c,
+ 0x000003cd, 0x0000023e,
+ 0x000003ce, 0x00000240,
+ 0x000003d3, 0x00000242,
+ 0x000003d4, 0x00000244,
+ 0x00000400, 0x00000246,
+ 0x00000401, 0x00000248,
+ 0x00000403, 0x0000024a,
+ 0x00000407, 0x0000024c,
+ 0x0000040c, 0x0000024e,
+ 0x0000040d, 0x00000250,
+ 0x0000040e, 0x00000252,
+ 0x00000419, 0x00000254,
+ 0x00000439, 0x00000256,
+ 0x00000450, 0x00000258,
+ 0x00000451, 0x0000025a,
+ 0x00000453, 0x0000025c,
+ 0x00000457, 0x0000025e,
+ 0x0000045c, 0x00000260,
+ 0x0000045d, 0x00000262,
+ 0x0000045e, 0x00000264,
+ 0x00000476, 0x00000266,
+ 0x00000477, 0x00000268,
+ 0x000004c1, 0x0000026a,
+ 0x000004c2, 0x0000026c,
+ 0x000004d0, 0x0000026e,
+ 0x000004d1, 0x00000270,
+ 0x000004d2, 0x00000272,
+ 0x000004d3, 0x00000274,
+ 0x000004d6, 0x00000276,
+ 0x000004d7, 0x00000278,
+ 0x000004da, 0x0000027a,
+ 0x000004db, 0x0000027c,
+ 0x000004dc, 0x0000027e,
+ 0x000004dd, 0x00000280,
+ 0x000004de, 0x00000282,
+ 0x000004df, 0x00000284,
+ 0x000004e2, 0x00000286,
+ 0x000004e3, 0x00000288,
+ 0x000004e4, 0x0000028a,
+ 0x000004e5, 0x0000028c,
+ 0x000004e6, 0x0000028e,
+ 0x000004e7, 0x00000290,
+ 0x000004ea, 0x00000292,
+ 0x000004eb, 0x00000294,
+ 0x000004ec, 0x00000296,
+ 0x000004ed, 0x00000298,
+ 0x000004ee, 0x0000029a,
+ 0x000004ef, 0x0000029c,
+ 0x000004f0, 0x0000029e,
+ 0x000004f1, 0x000002a0,
+ 0x000004f2, 0x000002a2,
+ 0x000004f3, 0x000002a4,
+ 0x000004f4, 0x000002a6,
+ 0x000004f5, 0x000002a8,
+ 0x000004f8, 0x000002aa,
+ 0x000004f9, 0x000002ac,
+ 0x00000622, 0x000002ae,
+ 0x00000623, 0x000002b0,
+ 0x00000624, 0x000002b2,
+ 0x00000625, 0x000002b4,
+ 0x00000626, 0x000002b6,
+ 0x000006c0, 0x000002b8,
+ 0x000006c2, 0x000002ba,
+ 0x000006d3, 0x000002bc,
+ 0x00000929, 0x000002be,
+ 0x00000931, 0x000002c0,
+ 0x00000934, 0x000002c2,
+ 0x00000958, 0x000002c4,
+ 0x00000959, 0x000002c6,
+ 0x0000095a, 0x000002c8,
+ 0x0000095b, 0x000002ca,
+ 0x0000095c, 0x000002cc,
+ 0x0000095d, 0x000002ce,
+ 0x0000095e, 0x000002d0,
+ 0x0000095f, 0x000002d2,
+ 0x000009cb, 0x000002d4,
+ 0x000009cc, 0x000002d6,
+ 0x000009dc, 0x000002d8,
+ 0x000009dd, 0x000002da,
+ 0x000009df, 0x000002dc,
+ 0x00000a33, 0x000002de,
+ 0x00000a36, 0x000002e0,
+ 0x00000a59, 0x000002e2,
+ 0x00000a5a, 0x000002e4,
+ 0x00000a5b, 0x000002e6,
+ 0x00000a5e, 0x000002e8,
+ 0x00000b48, 0x000002ea,
+ 0x00000b4b, 0x000002ec,
+ 0x00000b4c, 0x000002ee,
+ 0x00000b5c, 0x000002f0,
+ 0x00000b5d, 0x000002f2,
+ 0x00000b94, 0x000002f4,
+ 0x00000bca, 0x000002f6,
+ 0x00000bcb, 0x000002f8,
+ 0x00000bcc, 0x000002fa,
+ 0x00000c48, 0x000002fc,
+ 0x00000cc0, 0x000002fe,
+ 0x00000cc7, 0x00000300,
+ 0x00000cc8, 0x00000302,
+ 0x00000cca, 0x00000304,
+ 0x00000ccb, 0x00000306,
+ 0x00000d4a, 0x00000309,
+ 0x00000d4b, 0x0000030b,
+ 0x00000d4c, 0x0000030d,
+ 0x00000dda, 0x0000030f,
+ 0x00000ddc, 0x00000311,
+ 0x00000ddd, 0x00000313,
+ 0x00000dde, 0x00000316,
+ 0x00000f43, 0x00000318,
+ 0x00000f4d, 0x0000031a,
+ 0x00000f52, 0x0000031c,
+ 0x00000f57, 0x0000031e,
+ 0x00000f5c, 0x00000320,
+ 0x00000f69, 0x00000322,
+ 0x00000f73, 0x00000324,
+ 0x00000f75, 0x00000326,
+ 0x00000f76, 0x00000328,
+ 0x00000f78, 0x0000032a,
+ 0x00000f81, 0x0000032c,
+ 0x00000f93, 0x0000032e,
+ 0x00000f9d, 0x00000330,
+ 0x00000fa2, 0x00000332,
+ 0x00000fa7, 0x00000334,
+ 0x00000fac, 0x00000336,
+ 0x00000fb9, 0x00000338,
+ 0x00001026, 0x0000033a,
+ 0x00001e00, 0x0000033c,
+ 0x00001e01, 0x0000033e,
+ 0x00001e02, 0x00000340,
+ 0x00001e03, 0x00000342,
+ 0x00001e04, 0x00000344,
+ 0x00001e05, 0x00000346,
+ 0x00001e06, 0x00000348,
+ 0x00001e07, 0x0000034a,
+ 0x00001e08, 0x0000034c,
+ 0x00001e09, 0x0000034f,
+ 0x00001e0a, 0x00000352,
+ 0x00001e0b, 0x00000354,
+ 0x00001e0c, 0x00000356,
+ 0x00001e0d, 0x00000358,
+ 0x00001e0e, 0x0000035a,
+ 0x00001e0f, 0x0000035c,
+ 0x00001e10, 0x0000035e,
+ 0x00001e11, 0x00000360,
+ 0x00001e12, 0x00000362,
+ 0x00001e13, 0x00000364,
+ 0x00001e14, 0x00000366,
+ 0x00001e15, 0x00000369,
+ 0x00001e16, 0x0000036c,
+ 0x00001e17, 0x0000036f,
+ 0x00001e18, 0x00000372,
+ 0x00001e19, 0x00000374,
+ 0x00001e1a, 0x00000376,
+ 0x00001e1b, 0x00000378,
+ 0x00001e1c, 0x0000037a,
+ 0x00001e1d, 0x0000037d,
+ 0x00001e1e, 0x00000380,
+ 0x00001e1f, 0x00000382,
+ 0x00001e20, 0x00000384,
+ 0x00001e21, 0x00000386,
+ 0x00001e22, 0x00000388,
+ 0x00001e23, 0x0000038a,
+ 0x00001e24, 0x0000038c,
+ 0x00001e25, 0x0000038e,
+ 0x00001e26, 0x00000390,
+ 0x00001e27, 0x00000392,
+ 0x00001e28, 0x00000394,
+ 0x00001e29, 0x00000396,
+ 0x00001e2a, 0x00000398,
+ 0x00001e2b, 0x0000039a,
+ 0x00001e2c, 0x0000039c,
+ 0x00001e2d, 0x0000039e,
+ 0x00001e2e, 0x000003a0,
+ 0x00001e2f, 0x000003a3,
+ 0x00001e30, 0x000003a6,
+ 0x00001e31, 0x000003a8,
+ 0x00001e32, 0x000003aa,
+ 0x00001e33, 0x000003ac,
+ 0x00001e34, 0x000003ae,
+ 0x00001e35, 0x000003b0,
+ 0x00001e36, 0x000003b2,
+ 0x00001e37, 0x000003b4,
+ 0x00001e38, 0x000003b6,
+ 0x00001e39, 0x000003b9,
+ 0x00001e3a, 0x000003bc,
+ 0x00001e3b, 0x000003be,
+ 0x00001e3c, 0x000003c0,
+ 0x00001e3d, 0x000003c2,
+ 0x00001e3e, 0x000003c4,
+ 0x00001e3f, 0x000003c6,
+ 0x00001e40, 0x000003c8,
+ 0x00001e41, 0x000003ca,
+ 0x00001e42, 0x000003cc,
+ 0x00001e43, 0x000003ce,
+ 0x00001e44, 0x000003d0,
+ 0x00001e45, 0x000003d2,
+ 0x00001e46, 0x000003d4,
+ 0x00001e47, 0x000003d6,
+ 0x00001e48, 0x000003d8,
+ 0x00001e49, 0x000003da,
+ 0x00001e4a, 0x000003dc,
+ 0x00001e4b, 0x000003de,
+ 0x00001e4c, 0x000003e0,
+ 0x00001e4d, 0x000003e3,
+ 0x00001e4e, 0x000003e6,
+ 0x00001e4f, 0x000003e9,
+ 0x00001e50, 0x000003ec,
+ 0x00001e51, 0x000003ef,
+ 0x00001e52, 0x000003f2,
+ 0x00001e53, 0x000003f5,
+ 0x00001e54, 0x000003f8,
+ 0x00001e55, 0x000003fa,
+ 0x00001e56, 0x000003fc,
+ 0x00001e57, 0x000003fe,
+ 0x00001e58, 0x00000400,
+ 0x00001e59, 0x00000402,
+ 0x00001e5a, 0x00000404,
+ 0x00001e5b, 0x00000406,
+ 0x00001e5c, 0x00000408,
+ 0x00001e5d, 0x0000040b,
+ 0x00001e5e, 0x0000040e,
+ 0x00001e5f, 0x00000410,
+ 0x00001e60, 0x00000412,
+ 0x00001e61, 0x00000414,
+ 0x00001e62, 0x00000416,
+ 0x00001e63, 0x00000418,
+ 0x00001e64, 0x0000041a,
+ 0x00001e65, 0x0000041d,
+ 0x00001e66, 0x00000420,
+ 0x00001e67, 0x00000423,
+ 0x00001e68, 0x00000426,
+ 0x00001e69, 0x00000429,
+ 0x00001e6a, 0x0000042c,
+ 0x00001e6b, 0x0000042e,
+ 0x00001e6c, 0x00000430,
+ 0x00001e6d, 0x00000432,
+ 0x00001e6e, 0x00000434,
+ 0x00001e6f, 0x00000436,
+ 0x00001e70, 0x00000438,
+ 0x00001e71, 0x0000043a,
+ 0x00001e72, 0x0000043c,
+ 0x00001e73, 0x0000043e,
+ 0x00001e74, 0x00000440,
+ 0x00001e75, 0x00000442,
+ 0x00001e76, 0x00000444,
+ 0x00001e77, 0x00000446,
+ 0x00001e78, 0x00000448,
+ 0x00001e79, 0x0000044b,
+ 0x00001e7a, 0x0000044e,
+ 0x00001e7b, 0x00000451,
+ 0x00001e7c, 0x00000454,
+ 0x00001e7d, 0x00000456,
+ 0x00001e7e, 0x00000458,
+ 0x00001e7f, 0x0000045a,
+ 0x00001e80, 0x0000045c,
+ 0x00001e81, 0x0000045e,
+ 0x00001e82, 0x00000460,
+ 0x00001e83, 0x00000462,
+ 0x00001e84, 0x00000464,
+ 0x00001e85, 0x00000466,
+ 0x00001e86, 0x00000468,
+ 0x00001e87, 0x0000046a,
+ 0x00001e88, 0x0000046c,
+ 0x00001e89, 0x0000046e,
+ 0x00001e8a, 0x00000470,
+ 0x00001e8b, 0x00000472,
+ 0x00001e8c, 0x00000474,
+ 0x00001e8d, 0x00000476,
+ 0x00001e8e, 0x00000478,
+ 0x00001e8f, 0x0000047a,
+ 0x00001e90, 0x0000047c,
+ 0x00001e91, 0x0000047e,
+ 0x00001e92, 0x00000480,
+ 0x00001e93, 0x00000482,
+ 0x00001e94, 0x00000484,
+ 0x00001e95, 0x00000486,
+ 0x00001e96, 0x00000488,
+ 0x00001e97, 0x0000048a,
+ 0x00001e98, 0x0000048c,
+ 0x00001e99, 0x0000048e,
+ 0x00001e9b, 0x00000490,
+ 0x00001ea0, 0x00000492,
+ 0x00001ea1, 0x00000494,
+ 0x00001ea2, 0x00000496,
+ 0x00001ea3, 0x00000498,
+ 0x00001ea4, 0x0000049a,
+ 0x00001ea5, 0x0000049d,
+ 0x00001ea6, 0x000004a0,
+ 0x00001ea7, 0x000004a3,
+ 0x00001ea8, 0x000004a6,
+ 0x00001ea9, 0x000004a9,
+ 0x00001eaa, 0x000004ac,
+ 0x00001eab, 0x000004af,
+ 0x00001eac, 0x000004b2,
+ 0x00001ead, 0x000004b5,
+ 0x00001eae, 0x000004b8,
+ 0x00001eaf, 0x000004bb,
+ 0x00001eb0, 0x000004be,
+ 0x00001eb1, 0x000004c1,
+ 0x00001eb2, 0x000004c4,
+ 0x00001eb3, 0x000004c7,
+ 0x00001eb4, 0x000004ca,
+ 0x00001eb5, 0x000004cd,
+ 0x00001eb6, 0x000004d0,
+ 0x00001eb7, 0x000004d3,
+ 0x00001eb8, 0x000004d6,
+ 0x00001eb9, 0x000004d8,
+ 0x00001eba, 0x000004da,
+ 0x00001ebb, 0x000004dc,
+ 0x00001ebc, 0x000004de,
+ 0x00001ebd, 0x000004e0,
+ 0x00001ebe, 0x000004e2,
+ 0x00001ebf, 0x000004e5,
+ 0x00001ec0, 0x000004e8,
+ 0x00001ec1, 0x000004eb,
+ 0x00001ec2, 0x000004ee,
+ 0x00001ec3, 0x000004f1,
+ 0x00001ec4, 0x000004f4,
+ 0x00001ec5, 0x000004f7,
+ 0x00001ec6, 0x000004fa,
+ 0x00001ec7, 0x000004fd,
+ 0x00001ec8, 0x00000500,
+ 0x00001ec9, 0x00000502,
+ 0x00001eca, 0x00000504,
+ 0x00001ecb, 0x00000506,
+ 0x00001ecc, 0x00000508,
+ 0x00001ecd, 0x0000050a,
+ 0x00001ece, 0x0000050c,
+ 0x00001ecf, 0x0000050e,
+ 0x00001ed0, 0x00000510,
+ 0x00001ed1, 0x00000513,
+ 0x00001ed2, 0x00000516,
+ 0x00001ed3, 0x00000519,
+ 0x00001ed4, 0x0000051c,
+ 0x00001ed5, 0x0000051f,
+ 0x00001ed6, 0x00000522,
+ 0x00001ed7, 0x00000525,
+ 0x00001ed8, 0x00000528,
+ 0x00001ed9, 0x0000052b,
+ 0x00001eda, 0x0000052e,
+ 0x00001edb, 0x00000531,
+ 0x00001edc, 0x00000534,
+ 0x00001edd, 0x00000537,
+ 0x00001ede, 0x0000053a,
+ 0x00001edf, 0x0000053d,
+ 0x00001ee0, 0x00000540,
+ 0x00001ee1, 0x00000543,
+ 0x00001ee2, 0x00000546,
+ 0x00001ee3, 0x00000549,
+ 0x00001ee4, 0x0000054c,
+ 0x00001ee5, 0x0000054e,
+ 0x00001ee6, 0x00000550,
+ 0x00001ee7, 0x00000552,
+ 0x00001ee8, 0x00000554,
+ 0x00001ee9, 0x00000557,
+ 0x00001eea, 0x0000055a,
+ 0x00001eeb, 0x0000055d,
+ 0x00001eec, 0x00000560,
+ 0x00001eed, 0x00000563,
+ 0x00001eee, 0x00000566,
+ 0x00001eef, 0x00000569,
+ 0x00001ef0, 0x0000056c,
+ 0x00001ef1, 0x0000056f,
+ 0x00001ef2, 0x00000572,
+ 0x00001ef3, 0x00000574,
+ 0x00001ef4, 0x00000576,
+ 0x00001ef5, 0x00000578,
+ 0x00001ef6, 0x0000057a,
+ 0x00001ef7, 0x0000057c,
+ 0x00001ef8, 0x0000057e,
+ 0x00001ef9, 0x00000580,
+ 0x00001f00, 0x00000582,
+ 0x00001f01, 0x00000584,
+ 0x00001f02, 0x00000586,
+ 0x00001f03, 0x00000589,
+ 0x00001f04, 0x0000058c,
+ 0x00001f05, 0x0000058f,
+ 0x00001f06, 0x00000592,
+ 0x00001f07, 0x00000595,
+ 0x00001f08, 0x00000598,
+ 0x00001f09, 0x0000059a,
+ 0x00001f0a, 0x0000059c,
+ 0x00001f0b, 0x0000059f,
+ 0x00001f0c, 0x000005a2,
+ 0x00001f0d, 0x000005a5,
+ 0x00001f0e, 0x000005a8,
+ 0x00001f0f, 0x000005ab,
+ 0x00001f10, 0x000005ae,
+ 0x00001f11, 0x000005b0,
+ 0x00001f12, 0x000005b2,
+ 0x00001f13, 0x000005b5,
+ 0x00001f14, 0x000005b8,
+ 0x00001f15, 0x000005bb,
+ 0x00001f18, 0x000005be,
+ 0x00001f19, 0x000005c0,
+ 0x00001f1a, 0x000005c2,
+ 0x00001f1b, 0x000005c5,
+ 0x00001f1c, 0x000005c8,
+ 0x00001f1d, 0x000005cb,
+ 0x00001f20, 0x000005ce,
+ 0x00001f21, 0x000005d0,
+ 0x00001f22, 0x000005d2,
+ 0x00001f23, 0x000005d5,
+ 0x00001f24, 0x000005d8,
+ 0x00001f25, 0x000005db,
+ 0x00001f26, 0x000005de,
+ 0x00001f27, 0x000005e1,
+ 0x00001f28, 0x000005e4,
+ 0x00001f29, 0x000005e6,
+ 0x00001f2a, 0x000005e8,
+ 0x00001f2b, 0x000005eb,
+ 0x00001f2c, 0x000005ee,
+ 0x00001f2d, 0x000005f1,
+ 0x00001f2e, 0x000005f4,
+ 0x00001f2f, 0x000005f7,
+ 0x00001f30, 0x000005fa,
+ 0x00001f31, 0x000005fc,
+ 0x00001f32, 0x000005fe,
+ 0x00001f33, 0x00000601,
+ 0x00001f34, 0x00000604,
+ 0x00001f35, 0x00000607,
+ 0x00001f36, 0x0000060a,
+ 0x00001f37, 0x0000060d,
+ 0x00001f38, 0x00000610,
+ 0x00001f39, 0x00000612,
+ 0x00001f3a, 0x00000614,
+ 0x00001f3b, 0x00000617,
+ 0x00001f3c, 0x0000061a,
+ 0x00001f3d, 0x0000061d,
+ 0x00001f3e, 0x00000620,
+ 0x00001f3f, 0x00000623,
+ 0x00001f40, 0x00000626,
+ 0x00001f41, 0x00000628,
+ 0x00001f42, 0x0000062a,
+ 0x00001f43, 0x0000062d,
+ 0x00001f44, 0x00000630,
+ 0x00001f45, 0x00000633,
+ 0x00001f48, 0x00000636,
+ 0x00001f49, 0x00000638,
+ 0x00001f4a, 0x0000063a,
+ 0x00001f4b, 0x0000063d,
+ 0x00001f4c, 0x00000640,
+ 0x00001f4d, 0x00000643,
+ 0x00001f50, 0x00000646,
+ 0x00001f51, 0x00000648,
+ 0x00001f52, 0x0000064a,
+ 0x00001f53, 0x0000064d,
+ 0x00001f54, 0x00000650,
+ 0x00001f55, 0x00000653,
+ 0x00001f56, 0x00000656,
+ 0x00001f57, 0x00000659,
+ 0x00001f59, 0x0000065c,
+ 0x00001f5b, 0x0000065e,
+ 0x00001f5d, 0x00000661,
+ 0x00001f5f, 0x00000664,
+ 0x00001f60, 0x00000667,
+ 0x00001f61, 0x00000669,
+ 0x00001f62, 0x0000066b,
+ 0x00001f63, 0x0000066e,
+ 0x00001f64, 0x00000671,
+ 0x00001f65, 0x00000674,
+ 0x00001f66, 0x00000677,
+ 0x00001f67, 0x0000067a,
+ 0x00001f68, 0x0000067d,
+ 0x00001f69, 0x0000067f,
+ 0x00001f6a, 0x00000681,
+ 0x00001f6b, 0x00000684,
+ 0x00001f6c, 0x00000687,
+ 0x00001f6d, 0x0000068a,
+ 0x00001f6e, 0x0000068d,
+ 0x00001f6f, 0x00000690,
+ 0x00001f70, 0x00000693,
+ 0x00001f71, 0x00000695,
+ 0x00001f72, 0x00000697,
+ 0x00001f73, 0x00000699,
+ 0x00001f74, 0x0000069b,
+ 0x00001f75, 0x0000069d,
+ 0x00001f76, 0x0000069f,
+ 0x00001f77, 0x000006a1,
+ 0x00001f78, 0x000006a3,
+ 0x00001f79, 0x000006a5,
+ 0x00001f7a, 0x000006a7,
+ 0x00001f7b, 0x000006a9,
+ 0x00001f7c, 0x000006ab,
+ 0x00001f7d, 0x000006ad,
+ 0x00001f80, 0x000006af,
+ 0x00001f81, 0x000006b2,
+ 0x00001f82, 0x000006b5,
+ 0x00001f83, 0x000006b9,
+ 0x00001f84, 0x000006bd,
+ 0x00001f85, 0x000006c1,
+ 0x00001f86, 0x000006c5,
+ 0x00001f87, 0x000006c9,
+ 0x00001f88, 0x000006cd,
+ 0x00001f89, 0x000006d0,
+ 0x00001f8a, 0x000006d3,
+ 0x00001f8b, 0x000006d7,
+ 0x00001f8c, 0x000006db,
+ 0x00001f8d, 0x000006df,
+ 0x00001f8e, 0x000006e3,
+ 0x00001f8f, 0x000006e7,
+ 0x00001f90, 0x000006eb,
+ 0x00001f91, 0x000006ee,
+ 0x00001f92, 0x000006f1,
+ 0x00001f93, 0x000006f5,
+ 0x00001f94, 0x000006f9,
+ 0x00001f95, 0x000006fd,
+ 0x00001f96, 0x00000701,
+ 0x00001f97, 0x00000705,
+ 0x00001f98, 0x00000709,
+ 0x00001f99, 0x0000070c,
+ 0x00001f9a, 0x0000070f,
+ 0x00001f9b, 0x00000713,
+ 0x00001f9c, 0x00000717,
+ 0x00001f9d, 0x0000071b,
+ 0x00001f9e, 0x0000071f,
+ 0x00001f9f, 0x00000723,
+ 0x00001fa0, 0x00000727,
+ 0x00001fa1, 0x0000072a,
+ 0x00001fa2, 0x0000072d,
+ 0x00001fa3, 0x00000731,
+ 0x00001fa4, 0x00000735,
+ 0x00001fa5, 0x00000739,
+ 0x00001fa6, 0x0000073d,
+ 0x00001fa7, 0x00000741,
+ 0x00001fa8, 0x00000745,
+ 0x00001fa9, 0x00000748,
+ 0x00001faa, 0x0000074b,
+ 0x00001fab, 0x0000074f,
+ 0x00001fac, 0x00000753,
+ 0x00001fad, 0x00000757,
+ 0x00001fae, 0x0000075b,
+ 0x00001faf, 0x0000075f,
+ 0x00001fb0, 0x00000763,
+ 0x00001fb1, 0x00000765,
+ 0x00001fb2, 0x00000767,
+ 0x00001fb3, 0x0000076a,
+ 0x00001fb4, 0x0000076c,
+ 0x00001fb6, 0x0000076f,
+ 0x00001fb7, 0x00000771,
+ 0x00001fb8, 0x00000774,
+ 0x00001fb9, 0x00000776,
+ 0x00001fba, 0x00000778,
+ 0x00001fbb, 0x0000077a,
+ 0x00001fbc, 0x0000077c,
+ 0x00001fbe, 0x0000077e,
+ 0x00001fc1, 0x0000077f,
+ 0x00001fc2, 0x00000781,
+ 0x00001fc3, 0x00000784,
+ 0x00001fc4, 0x00000786,
+ 0x00001fc6, 0x00000789,
+ 0x00001fc7, 0x0000078b,
+ 0x00001fc8, 0x0000078e,
+ 0x00001fc9, 0x00000790,
+ 0x00001fca, 0x00000792,
+ 0x00001fcb, 0x00000794,
+ 0x00001fcc, 0x00000796,
+ 0x00001fcd, 0x00000798,
+ 0x00001fce, 0x0000079a,
+ 0x00001fcf, 0x0000079c,
+ 0x00001fd0, 0x0000079e,
+ 0x00001fd1, 0x000007a0,
+ 0x00001fd2, 0x000007a2,
+ 0x00001fd3, 0x000007a5,
+ 0x00001fd6, 0x000007a8,
+ 0x00001fd7, 0x000007aa,
+ 0x00001fd8, 0x000007ad,
+ 0x00001fd9, 0x000007af,
+ 0x00001fda, 0x000007b1,
+ 0x00001fdb, 0x000007b3,
+ 0x00001fdd, 0x000007b5,
+ 0x00001fde, 0x000007b7,
+ 0x00001fdf, 0x000007b9,
+ 0x00001fe0, 0x000007bb,
+ 0x00001fe1, 0x000007bd,
+ 0x00001fe2, 0x000007bf,
+ 0x00001fe3, 0x000007c2,
+ 0x00001fe4, 0x000007c5,
+ 0x00001fe5, 0x000007c7,
+ 0x00001fe6, 0x000007c9,
+ 0x00001fe7, 0x000007cb,
+ 0x00001fe8, 0x000007ce,
+ 0x00001fe9, 0x000007d0,
+ 0x00001fea, 0x000007d2,
+ 0x00001feb, 0x000007d4,
+ 0x00001fec, 0x000007d6,
+ 0x00001fed, 0x000007d8,
+ 0x00001fee, 0x000007da,
+ 0x00001fef, 0x000007dc,
+ 0x00001ff2, 0x000007dd,
+ 0x00001ff3, 0x000007e0,
+ 0x00001ff4, 0x000007e2,
+ 0x00001ff6, 0x000007e5,
+ 0x00001ff7, 0x000007e7,
+ 0x00001ff8, 0x000007ea,
+ 0x00001ff9, 0x000007ec,
+ 0x00001ffa, 0x000007ee,
+ 0x00001ffb, 0x000007f0,
+ 0x00001ffc, 0x000007f2,
+ 0x00001ffd, 0x000007f4,
+ 0x00002000, 0x000007f5,
+ 0x00002001, 0x000007f6,
+ 0x00002126, 0x000007f7,
+ 0x0000212a, 0x000007f8,
+ 0x0000212b, 0x000007f9,
+ 0x0000219a, 0x000007fb,
+ 0x0000219b, 0x000007fd,
+ 0x000021ae, 0x000007ff,
+ 0x000021cd, 0x00000801,
+ 0x000021ce, 0x00000803,
+ 0x000021cf, 0x00000805,
+ 0x00002204, 0x00000807,
+ 0x00002209, 0x00000809,
+ 0x0000220c, 0x0000080b,
+ 0x00002224, 0x0000080d,
+ 0x00002226, 0x0000080f,
+ 0x00002241, 0x00000811,
+ 0x00002244, 0x00000813,
+ 0x00002247, 0x00000815,
+ 0x00002249, 0x00000817,
+ 0x00002260, 0x00000819,
+ 0x00002262, 0x0000081b,
+ 0x0000226d, 0x0000081d,
+ 0x0000226e, 0x0000081f,
+ 0x0000226f, 0x00000821,
+ 0x00002270, 0x00000823,
+ 0x00002271, 0x00000825,
+ 0x00002274, 0x00000827,
+ 0x00002275, 0x00000829,
+ 0x00002278, 0x0000082b,
+ 0x00002279, 0x0000082d,
+ 0x00002280, 0x0000082f,
+ 0x00002281, 0x00000831,
+ 0x00002284, 0x00000833,
+ 0x00002285, 0x00000835,
+ 0x00002288, 0x00000837,
+ 0x00002289, 0x00000839,
+ 0x000022ac, 0x0000083b,
+ 0x000022ad, 0x0000083d,
+ 0x000022ae, 0x0000083f,
+ 0x000022af, 0x00000841,
+ 0x000022e0, 0x00000843,
+ 0x000022e1, 0x00000845,
+ 0x000022e2, 0x00000847,
+ 0x000022e3, 0x00000849,
+ 0x000022ea, 0x0000084b,
+ 0x000022eb, 0x0000084d,
+ 0x000022ec, 0x0000084f,
+ 0x000022ed, 0x00000851,
+ 0x00002329, 0x00000853,
+ 0x0000232a, 0x00000854,
+ 0x00002adc, 0x00000855,
+ 0x0000304c, 0x00000857,
+ 0x0000304e, 0x00000859,
+ 0x00003050, 0x0000085b,
+ 0x00003052, 0x0000085d,
+ 0x00003054, 0x0000085f,
+ 0x00003056, 0x00000861,
+ 0x00003058, 0x00000863,
+ 0x0000305a, 0x00000865,
+ 0x0000305c, 0x00000867,
+ 0x0000305e, 0x00000869,
+ 0x00003060, 0x0000086b,
+ 0x00003062, 0x0000086d,
+ 0x00003065, 0x0000086f,
+ 0x00003067, 0x00000871,
+ 0x00003069, 0x00000873,
+ 0x00003070, 0x00000875,
+ 0x00003071, 0x00000877,
+ 0x00003073, 0x00000879,
+ 0x00003074, 0x0000087b,
+ 0x00003076, 0x0000087d,
+ 0x00003077, 0x0000087f,
+ 0x00003079, 0x00000881,
+ 0x0000307a, 0x00000883,
+ 0x0000307c, 0x00000885,
+ 0x0000307d, 0x00000887,
+ 0x00003094, 0x00000889,
+ 0x0000309e, 0x0000088b,
+ 0x000030ac, 0x0000088d,
+ 0x000030ae, 0x0000088f,
+ 0x000030b0, 0x00000891,
+ 0x000030b2, 0x00000893,
+ 0x000030b4, 0x00000895,
+ 0x000030b6, 0x00000897,
+ 0x000030b8, 0x00000899,
+ 0x000030ba, 0x0000089b,
+ 0x000030bc, 0x0000089d,
+ 0x000030be, 0x0000089f,
+ 0x000030c0, 0x000008a1,
+ 0x000030c2, 0x000008a3,
+ 0x000030c5, 0x000008a5,
+ 0x000030c7, 0x000008a7,
+ 0x000030c9, 0x000008a9,
+ 0x000030d0, 0x000008ab,
+ 0x000030d1, 0x000008ad,
+ 0x000030d3, 0x000008af,
+ 0x000030d4, 0x000008b1,
+ 0x000030d6, 0x000008b3,
+ 0x000030d7, 0x000008b5,
+ 0x000030d9, 0x000008b7,
+ 0x000030da, 0x000008b9,
+ 0x000030dc, 0x000008bb,
+ 0x000030dd, 0x000008bd,
+ 0x000030f4, 0x000008bf,
+ 0x000030f7, 0x000008c1,
+ 0x000030f8, 0x000008c3,
+ 0x000030f9, 0x000008c5,
+ 0x000030fa, 0x000008c7,
+ 0x000030fe, 0x000008c9,
+ 0x0000f902, 0x000008cb,
+ 0x0000f903, 0x000008cc,
+ 0x0000f904, 0x000008cd,
+ 0x0000f905, 0x000008ce,
+ 0x0000f906, 0x000008cf,
+ 0x0000f907, 0x000008d0,
+ 0x0000f908, 0x000008d1,
+ 0x0000f909, 0x000008d2,
+ 0x0000f90a, 0x000008d3,
+ 0x0000f90b, 0x000008d4,
+ 0x0000f90c, 0x000008d5,
+ 0x0000f90d, 0x000008d6,
+ 0x0000f90e, 0x000008d7,
+ 0x0000f90f, 0x000008d8,
+ 0x0000f910, 0x000008d9,
+ 0x0000f911, 0x000008da,
+ 0x0000f912, 0x000008db,
+ 0x0000f913, 0x000008dc,
+ 0x0000f914, 0x000008dd,
+ 0x0000f915, 0x000008de,
+ 0x0000f916, 0x000008df,
+ 0x0000f917, 0x000008e0,
+ 0x0000f918, 0x000008e1,
+ 0x0000f919, 0x000008e2,
+ 0x0000f91a, 0x000008e3,
+ 0x0000f91b, 0x000008e4,
+ 0x0000f91c, 0x000008e5,
+ 0x0000f91d, 0x000008e6,
+ 0x0000f91e, 0x000008e7,
+ 0x0000f91f, 0x000008e8,
+ 0x0000f920, 0x000008e9,
+ 0x0000f921, 0x000008ea,
+ 0x0000f922, 0x000008eb,
+ 0x0000f923, 0x000008ec,
+ 0x0000f924, 0x000008ed,
+ 0x0000f925, 0x000008ee,
+ 0x0000f926, 0x000008ef,
+ 0x0000f927, 0x000008f0,
+ 0x0000f928, 0x000008f1,
+ 0x0000f929, 0x000008f2,
+ 0x0000f92a, 0x000008f3,
+ 0x0000f92b, 0x000008f4,
+ 0x0000f92c, 0x000008f5,
+ 0x0000f92d, 0x000008f6,
+ 0x0000f92e, 0x000008f7,
+ 0x0000f92f, 0x000008f8,
+ 0x0000f930, 0x000008f9,
+ 0x0000f931, 0x000008fa,
+ 0x0000f932, 0x000008fb,
+ 0x0000f933, 0x000008fc,
+ 0x0000f934, 0x000008fd,
+ 0x0000f935, 0x000008fe,
+ 0x0000f936, 0x000008ff,
+ 0x0000f937, 0x00000900,
+ 0x0000f938, 0x00000901,
+ 0x0000f939, 0x00000902,
+ 0x0000f93a, 0x00000903,
+ 0x0000f93b, 0x00000904,
+ 0x0000f93c, 0x00000905,
+ 0x0000f93d, 0x00000906,
+ 0x0000f93e, 0x00000907,
+ 0x0000f93f, 0x00000908,
+ 0x0000f940, 0x00000909,
+ 0x0000f941, 0x0000090a,
+ 0x0000f942, 0x0000090b,
+ 0x0000f943, 0x0000090c,
+ 0x0000f944, 0x0000090d,
+ 0x0000f945, 0x0000090e,
+ 0x0000f946, 0x0000090f,
+ 0x0000f947, 0x00000910,
+ 0x0000f948, 0x00000911,
+ 0x0000f949, 0x00000912,
+ 0x0000f94a, 0x00000913,
+ 0x0000f94b, 0x00000914,
+ 0x0000f94c, 0x00000915,
+ 0x0000f94d, 0x00000916,
+ 0x0000f94e, 0x00000917,
+ 0x0000f94f, 0x00000918,
+ 0x0000f950, 0x00000919,
+ 0x0000f951, 0x0000091a,
+ 0x0000f952, 0x0000091b,
+ 0x0000f953, 0x0000091c,
+ 0x0000f954, 0x0000091d,
+ 0x0000f955, 0x0000091e,
+ 0x0000f956, 0x0000091f,
+ 0x0000f957, 0x00000920,
+ 0x0000f958, 0x00000921,
+ 0x0000f959, 0x00000922,
+ 0x0000f95a, 0x00000923,
+ 0x0000f95b, 0x00000924,
+ 0x0000f95c, 0x00000925,
+ 0x0000f95d, 0x00000926,
+ 0x0000f95e, 0x00000927,
+ 0x0000f95f, 0x00000928,
+ 0x0000f960, 0x00000929,
+ 0x0000f961, 0x0000092a,
+ 0x0000f962, 0x0000092b,
+ 0x0000f963, 0x0000092c,
+ 0x0000f964, 0x0000092d,
+ 0x0000f965, 0x0000092e,
+ 0x0000f966, 0x0000092f,
+ 0x0000f967, 0x00000930,
+ 0x0000f968, 0x00000931,
+ 0x0000f969, 0x00000932,
+ 0x0000f96a, 0x00000933,
+ 0x0000f96b, 0x00000934,
+ 0x0000f96c, 0x00000935,
+ 0x0000f96d, 0x00000936,
+ 0x0000f96e, 0x00000937,
+ 0x0000f96f, 0x00000938,
+ 0x0000f970, 0x00000939,
+ 0x0000f971, 0x0000093a,
+ 0x0000f972, 0x0000093b,
+ 0x0000f973, 0x0000093c,
+ 0x0000f974, 0x0000093d,
+ 0x0000f975, 0x0000093e,
+ 0x0000f976, 0x0000093f,
+ 0x0000f977, 0x00000940,
+ 0x0000f978, 0x00000941,
+ 0x0000f979, 0x00000942,
+ 0x0000f97a, 0x00000943,
+ 0x0000f97b, 0x00000944,
+ 0x0000f97c, 0x00000945,
+ 0x0000f97d, 0x00000946,
+ 0x0000f97e, 0x00000947,
+ 0x0000f97f, 0x00000948,
+ 0x0000f980, 0x00000949,
+ 0x0000f981, 0x0000094a,
+ 0x0000f982, 0x0000094b,
+ 0x0000f983, 0x0000094c,
+ 0x0000f984, 0x0000094d,
+ 0x0000f985, 0x0000094e,
+ 0x0000f986, 0x0000094f,
+ 0x0000f987, 0x00000950,
+ 0x0000f988, 0x00000951,
+ 0x0000f989, 0x00000952,
+ 0x0000f98a, 0x00000953,
+ 0x0000f98b, 0x00000954,
+ 0x0000f98c, 0x00000955,
+ 0x0000f98d, 0x00000956,
+ 0x0000f98e, 0x00000957,
+ 0x0000f98f, 0x00000958,
+ 0x0000f990, 0x00000959,
+ 0x0000f991, 0x0000095a,
+ 0x0000f992, 0x0000095b,
+ 0x0000f993, 0x0000095c,
+ 0x0000f994, 0x0000095d,
+ 0x0000f995, 0x0000095e,
+ 0x0000f996, 0x0000095f,
+ 0x0000f997, 0x00000960,
+ 0x0000f998, 0x00000961,
+ 0x0000f999, 0x00000962,
+ 0x0000f99a, 0x00000963,
+ 0x0000f99b, 0x00000964,
+ 0x0000f99c, 0x00000965,
+ 0x0000f99d, 0x00000966,
+ 0x0000f99e, 0x00000967,
+ 0x0000f99f, 0x00000968,
+ 0x0000f9a0, 0x00000969,
+ 0x0000f9a1, 0x0000096a,
+ 0x0000f9a2, 0x0000096b,
+ 0x0000f9a3, 0x0000096c,
+ 0x0000f9a4, 0x0000096d,
+ 0x0000f9a5, 0x0000096e,
+ 0x0000f9a6, 0x0000096f,
+ 0x0000f9a7, 0x00000970,
+ 0x0000f9a8, 0x00000971,
+ 0x0000f9a9, 0x00000972,
+ 0x0000f9aa, 0x00000973,
+ 0x0000f9ab, 0x00000974,
+ 0x0000f9ac, 0x00000975,
+ 0x0000f9ad, 0x00000976,
+ 0x0000f9ae, 0x00000977,
+ 0x0000f9af, 0x00000978,
+ 0x0000f9b0, 0x00000979,
+ 0x0000f9b1, 0x0000097a,
+ 0x0000f9b2, 0x0000097b,
+ 0x0000f9b3, 0x0000097c,
+ 0x0000f9b4, 0x0000097d,
+ 0x0000f9b5, 0x0000097e,
+ 0x0000f9b6, 0x0000097f,
+ 0x0000f9b7, 0x00000980,
+ 0x0000f9b8, 0x00000981,
+ 0x0000f9b9, 0x00000982,
+ 0x0000f9ba, 0x00000983,
+ 0x0000f9bb, 0x00000984,
+ 0x0000f9bc, 0x00000985,
+ 0x0000f9bd, 0x00000986,
+ 0x0000f9be, 0x00000987,
+ 0x0000f9bf, 0x00000988,
+ 0x0000f9c0, 0x00000989,
+ 0x0000f9c1, 0x0000098a,
+ 0x0000f9c2, 0x0000098b,
+ 0x0000f9c3, 0x0000098c,
+ 0x0000f9c4, 0x0000098d,
+ 0x0000f9c5, 0x0000098e,
+ 0x0000f9c6, 0x0000098f,
+ 0x0000f9c7, 0x00000990,
+ 0x0000f9c8, 0x00000991,
+ 0x0000f9c9, 0x00000992,
+ 0x0000f9ca, 0x00000993,
+ 0x0000f9cb, 0x00000994,
+ 0x0000f9cc, 0x00000995,
+ 0x0000f9cd, 0x00000996,
+ 0x0000f9ce, 0x00000997,
+ 0x0000f9cf, 0x00000998,
+ 0x0000f9d0, 0x00000999,
+ 0x0000f9d1, 0x0000099a,
+ 0x0000f9d2, 0x0000099b,
+ 0x0000f9d3, 0x0000099c,
+ 0x0000f9d4, 0x0000099d,
+ 0x0000f9d5, 0x0000099e,
+ 0x0000f9d6, 0x0000099f,
+ 0x0000f9d7, 0x000009a0,
+ 0x0000f9d8, 0x000009a1,
+ 0x0000f9d9, 0x000009a2,
+ 0x0000f9da, 0x000009a3,
+ 0x0000f9db, 0x000009a4,
+ 0x0000f9dc, 0x000009a5,
+ 0x0000f9dd, 0x000009a6,
+ 0x0000f9de, 0x000009a7,
+ 0x0000f9df, 0x000009a8,
+ 0x0000f9e0, 0x000009a9,
+ 0x0000f9e1, 0x000009aa,
+ 0x0000f9e2, 0x000009ab,
+ 0x0000f9e3, 0x000009ac,
+ 0x0000f9e4, 0x000009ad,
+ 0x0000f9e5, 0x000009ae,
+ 0x0000f9e6, 0x000009af,
+ 0x0000f9e7, 0x000009b0,
+ 0x0000f9e8, 0x000009b1,
+ 0x0000f9e9, 0x000009b2,
+ 0x0000f9ea, 0x000009b3,
+ 0x0000f9eb, 0x000009b4,
+ 0x0000f9ec, 0x000009b5,
+ 0x0000f9ed, 0x000009b6,
+ 0x0000f9ee, 0x000009b7,
+ 0x0000f9ef, 0x000009b8,
+ 0x0000f9f0, 0x000009b9,
+ 0x0000f9f1, 0x000009ba,
+ 0x0000f9f2, 0x000009bb,
+ 0x0000f9f3, 0x000009bc,
+ 0x0000f9f4, 0x000009bd,
+ 0x0000f9f5, 0x000009be,
+ 0x0000f9f6, 0x000009bf,
+ 0x0000f9f7, 0x000009c0,
+ 0x0000f9f8, 0x000009c1,
+ 0x0000f9f9, 0x000009c2,
+ 0x0000f9fa, 0x000009c3,
+ 0x0000f9fb, 0x000009c4,
+ 0x0000f9fc, 0x000009c5,
+ 0x0000f9fd, 0x000009c6,
+ 0x0000f9fe, 0x000009c7,
+ 0x0000f9ff, 0x000009c8,
+ 0x0000fa00, 0x000009c9,
+ 0x0000fa01, 0x000009ca,
+ 0x0000fa02, 0x000009cb,
+ 0x0000fa03, 0x000009cc,
+ 0x0000fa04, 0x000009cd,
+ 0x0000fa05, 0x000009ce,
+ 0x0000fa06, 0x000009cf,
+ 0x0000fa07, 0x000009d0,
+ 0x0000fa08, 0x000009d1,
+ 0x0000fa09, 0x000009d2,
+ 0x0000fa0a, 0x000009d3,
+ 0x0000fa0b, 0x000009d4,
+ 0x0000fa0c, 0x000009d5,
+ 0x0000fa0d, 0x000009d6,
+ 0x0000fa10, 0x000009d7,
+ 0x0000fa12, 0x000009d8,
+ 0x0000fa15, 0x000009d9,
+ 0x0000fa16, 0x000009da,
+ 0x0000fa17, 0x000009db,
+ 0x0000fa18, 0x000009dc,
+ 0x0000fa19, 0x000009dd,
+ 0x0000fa1a, 0x000009de,
+ 0x0000fa1b, 0x000009df,
+ 0x0000fa1c, 0x000009e0,
+ 0x0000fa1d, 0x000009e1,
+ 0x0000fa1e, 0x000009e2,
+ 0x0000fa20, 0x000009e3,
+ 0x0000fa22, 0x000009e4,
+ 0x0000fa25, 0x000009e5,
+ 0x0000fa26, 0x000009e6,
+ 0x0000fa2a, 0x000009e7,
+ 0x0000fa2b, 0x000009e8,
+ 0x0000fa2c, 0x000009e9,
+ 0x0000fa2d, 0x000009ea,
+ 0x0000fa30, 0x000009eb,
+ 0x0000fa31, 0x000009ec,
+ 0x0000fa32, 0x000009ed,
+ 0x0000fa33, 0x000009ee,
+ 0x0000fa34, 0x000009ef,
+ 0x0000fa35, 0x000009f0,
+ 0x0000fa36, 0x000009f1,
+ 0x0000fa37, 0x000009f2,
+ 0x0000fa38, 0x000009f3,
+ 0x0000fa39, 0x000009f4,
+ 0x0000fa3a, 0x000009f5,
+ 0x0000fa3b, 0x000009f6,
+ 0x0000fa3c, 0x000009f7,
+ 0x0000fa3d, 0x000009f8,
+ 0x0000fa3e, 0x000009f9,
+ 0x0000fa3f, 0x000009fa,
+ 0x0000fa40, 0x000009fb,
+ 0x0000fa41, 0x000009fc,
+ 0x0000fa42, 0x000009fd,
+ 0x0000fa43, 0x000009fe,
+ 0x0000fa44, 0x000009ff,
+ 0x0000fa45, 0x00000a00,
+ 0x0000fa46, 0x00000a01,
+ 0x0000fa47, 0x00000a02,
+ 0x0000fa48, 0x00000a03,
+ 0x0000fa49, 0x00000a04,
+ 0x0000fa4a, 0x00000a05,
+ 0x0000fa4b, 0x00000a06,
+ 0x0000fa4c, 0x00000a07,
+ 0x0000fa4d, 0x00000a08,
+ 0x0000fa4e, 0x00000a09,
+ 0x0000fa4f, 0x00000a0a,
+ 0x0000fa50, 0x00000a0b,
+ 0x0000fa51, 0x00000a0c,
+ 0x0000fa52, 0x00000a0d,
+ 0x0000fa53, 0x00000a0e,
+ 0x0000fa54, 0x00000a0f,
+ 0x0000fa55, 0x00000a10,
+ 0x0000fa56, 0x00000a11,
+ 0x0000fa57, 0x00000a12,
+ 0x0000fa58, 0x00000a13,
+ 0x0000fa59, 0x00000a14,
+ 0x0000fa5a, 0x00000a15,
+ 0x0000fa5b, 0x00000a16,
+ 0x0000fa5c, 0x00000a17,
+ 0x0000fa5d, 0x00000a18,
+ 0x0000fa5e, 0x00000a19,
+ 0x0000fa5f, 0x00000a1a,
+ 0x0000fa60, 0x00000a1b,
+ 0x0000fa61, 0x00000a1c,
+ 0x0000fa62, 0x00000a1d,
+ 0x0000fa63, 0x00000a1e,
+ 0x0000fa64, 0x00000a1f,
+ 0x0000fa65, 0x00000a20,
+ 0x0000fa66, 0x00000a21,
+ 0x0000fa67, 0x00000a22,
+ 0x0000fa68, 0x00000a23,
+ 0x0000fa69, 0x00000a24,
+ 0x0000fa6a, 0x00000a25,
+ 0x0000fb1d, 0x00000a26,
+ 0x0000fb1f, 0x00000a28,
+ 0x0000fb2a, 0x00000a2a,
+ 0x0000fb2b, 0x00000a2c,
+ 0x0000fb2c, 0x00000a2e,
+ 0x0000fb2d, 0x00000a31,
+ 0x0000fb2e, 0x00000a34,
+ 0x0000fb2f, 0x00000a36,
+ 0x0000fb30, 0x00000a38,
+ 0x0000fb31, 0x00000a3a,
+ 0x0000fb32, 0x00000a3c,
+ 0x0000fb33, 0x00000a3e,
+ 0x0000fb34, 0x00000a40,
+ 0x0000fb35, 0x00000a42,
+ 0x0000fb36, 0x00000a44,
+ 0x0000fb38, 0x00000a46,
+ 0x0000fb39, 0x00000a48,
+ 0x0000fb3a, 0x00000a4a,
+ 0x0000fb3b, 0x00000a4c,
+ 0x0000fb3c, 0x00000a4e,
+ 0x0000fb3e, 0x00000a50,
+ 0x0000fb40, 0x00000a52,
+ 0x0000fb41, 0x00000a54,
+ 0x0000fb43, 0x00000a56,
+ 0x0000fb44, 0x00000a58,
+ 0x0000fb46, 0x00000a5a,
+ 0x0000fb47, 0x00000a5c,
+ 0x0000fb48, 0x00000a5e,
+ 0x0000fb49, 0x00000a60,
+ 0x0000fb4a, 0x00000a62,
+ 0x0000fb4b, 0x00000a64,
+ 0x0000fb4c, 0x00000a66,
+ 0x0000fb4d, 0x00000a68,
+ 0x0000fb4e, 0x00000a6a,
+ 0x0001d15e, 0x00000a6c,
+ 0x0001d15f, 0x00000a6e,
+ 0x0001d160, 0x00000a70,
+ 0x0001d161, 0x00000a73,
+ 0x0001d162, 0x00000a76,
+ 0x0001d163, 0x00000a79,
+ 0x0001d164, 0x00000a7c,
+ 0x0001d1bb, 0x00000a7f,
+ 0x0001d1bc, 0x00000a81,
+ 0x0001d1bd, 0x00000a83,
+ 0x0001d1be, 0x00000a86,
+ 0x0001d1bf, 0x00000a89,
+ 0x0001d1c0, 0x00000a8c,
+ 0x0002f800, 0x00000a8f,
+ 0x0002f801, 0x00000a90,
+ 0x0002f802, 0x00000a91,
+ 0x0002f803, 0x00000a92,
+ 0x0002f804, 0x00000a93,
+ 0x0002f805, 0x00000a94,
+ 0x0002f806, 0x00000a95,
+ 0x0002f807, 0x00000a96,
+ 0x0002f808, 0x00000a97,
+ 0x0002f809, 0x00000a98,
+ 0x0002f80a, 0x00000a99,
+ 0x0002f80b, 0x00000a9a,
+ 0x0002f80c, 0x00000a9b,
+ 0x0002f80d, 0x00000a9c,
+ 0x0002f80e, 0x00000a9d,
+ 0x0002f80f, 0x00000a9e,
+ 0x0002f810, 0x00000a9f,
+ 0x0002f811, 0x00000aa0,
+ 0x0002f812, 0x00000aa1,
+ 0x0002f813, 0x00000aa2,
+ 0x0002f814, 0x00000aa3,
+ 0x0002f815, 0x00000aa4,
+ 0x0002f816, 0x00000aa5,
+ 0x0002f817, 0x00000aa6,
+ 0x0002f818, 0x00000aa7,
+ 0x0002f819, 0x00000aa8,
+ 0x0002f81a, 0x00000aa9,
+ 0x0002f81b, 0x00000aaa,
+ 0x0002f81c, 0x00000aab,
+ 0x0002f81d, 0x00000aac,
+ 0x0002f81e, 0x00000aad,
+ 0x0002f81f, 0x00000aae,
+ 0x0002f820, 0x00000aaf,
+ 0x0002f821, 0x00000ab0,
+ 0x0002f822, 0x00000ab1,
+ 0x0002f823, 0x00000ab2,
+ 0x0002f824, 0x00000ab3,
+ 0x0002f825, 0x00000ab4,
+ 0x0002f826, 0x00000ab5,
+ 0x0002f827, 0x00000ab6,
+ 0x0002f828, 0x00000ab7,
+ 0x0002f829, 0x00000ab8,
+ 0x0002f82a, 0x00000ab9,
+ 0x0002f82b, 0x00000aba,
+ 0x0002f82c, 0x00000abb,
+ 0x0002f82d, 0x00000abc,
+ 0x0002f82e, 0x00000abd,
+ 0x0002f82f, 0x00000abe,
+ 0x0002f830, 0x00000abf,
+ 0x0002f831, 0x00000ac0,
+ 0x0002f832, 0x00000ac1,
+ 0x0002f833, 0x00000ac2,
+ 0x0002f834, 0x00000ac3,
+ 0x0002f835, 0x00000ac4,
+ 0x0002f836, 0x00000ac5,
+ 0x0002f837, 0x00000ac6,
+ 0x0002f838, 0x00000ac7,
+ 0x0002f839, 0x00000ac8,
+ 0x0002f83a, 0x00000ac9,
+ 0x0002f83b, 0x00000aca,
+ 0x0002f83c, 0x00000acb,
+ 0x0002f83d, 0x00000acc,
+ 0x0002f83e, 0x00000acd,
+ 0x0002f83f, 0x00000ace,
+ 0x0002f840, 0x00000acf,
+ 0x0002f841, 0x00000ad0,
+ 0x0002f842, 0x00000ad1,
+ 0x0002f843, 0x00000ad2,
+ 0x0002f844, 0x00000ad3,
+ 0x0002f845, 0x00000ad4,
+ 0x0002f846, 0x00000ad5,
+ 0x0002f847, 0x00000ad6,
+ 0x0002f848, 0x00000ad7,
+ 0x0002f849, 0x00000ad8,
+ 0x0002f84a, 0x00000ad9,
+ 0x0002f84b, 0x00000ada,
+ 0x0002f84c, 0x00000adb,
+ 0x0002f84d, 0x00000adc,
+ 0x0002f84e, 0x00000add,
+ 0x0002f84f, 0x00000ade,
+ 0x0002f850, 0x00000adf,
+ 0x0002f851, 0x00000ae0,
+ 0x0002f852, 0x00000ae1,
+ 0x0002f853, 0x00000ae2,
+ 0x0002f854, 0x00000ae3,
+ 0x0002f855, 0x00000ae4,
+ 0x0002f856, 0x00000ae5,
+ 0x0002f857, 0x00000ae6,
+ 0x0002f858, 0x00000ae7,
+ 0x0002f859, 0x00000ae8,
+ 0x0002f85a, 0x00000ae9,
+ 0x0002f85b, 0x00000aea,
+ 0x0002f85c, 0x00000aeb,
+ 0x0002f85d, 0x00000aec,
+ 0x0002f85e, 0x00000aed,
+ 0x0002f85f, 0x00000aee,
+ 0x0002f860, 0x00000aef,
+ 0x0002f861, 0x00000af0,
+ 0x0002f862, 0x00000af1,
+ 0x0002f863, 0x00000af2,
+ 0x0002f864, 0x00000af3,
+ 0x0002f865, 0x00000af4,
+ 0x0002f866, 0x00000af5,
+ 0x0002f867, 0x00000af6,
+ 0x0002f868, 0x00000af7,
+ 0x0002f869, 0x00000af8,
+ 0x0002f86a, 0x00000af9,
+ 0x0002f86b, 0x00000afa,
+ 0x0002f86c, 0x00000afb,
+ 0x0002f86d, 0x00000afc,
+ 0x0002f86e, 0x00000afd,
+ 0x0002f86f, 0x00000afe,
+ 0x0002f870, 0x00000aff,
+ 0x0002f871, 0x00000b00,
+ 0x0002f872, 0x00000b01,
+ 0x0002f873, 0x00000b02,
+ 0x0002f874, 0x00000b03,
+ 0x0002f875, 0x00000b04,
+ 0x0002f876, 0x00000b05,
+ 0x0002f877, 0x00000b06,
+ 0x0002f878, 0x00000b07,
+ 0x0002f879, 0x00000b08,
+ 0x0002f87a, 0x00000b09,
+ 0x0002f87b, 0x00000b0a,
+ 0x0002f87c, 0x00000b0b,
+ 0x0002f87d, 0x00000b0c,
+ 0x0002f87e, 0x00000b0d,
+ 0x0002f87f, 0x00000b0e,
+ 0x0002f880, 0x00000b0f,
+ 0x0002f881, 0x00000b10,
+ 0x0002f882, 0x00000b11,
+ 0x0002f883, 0x00000b12,
+ 0x0002f884, 0x00000b13,
+ 0x0002f885, 0x00000b14,
+ 0x0002f886, 0x00000b15,
+ 0x0002f887, 0x00000b16,
+ 0x0002f888, 0x00000b17,
+ 0x0002f889, 0x00000b18,
+ 0x0002f88a, 0x00000b19,
+ 0x0002f88b, 0x00000b1a,
+ 0x0002f88c, 0x00000b1b,
+ 0x0002f88d, 0x00000b1c,
+ 0x0002f88e, 0x00000b1d,
+ 0x0002f88f, 0x00000b1e,
+ 0x0002f890, 0x00000b1f,
+ 0x0002f891, 0x00000b20,
+ 0x0002f892, 0x00000b21,
+ 0x0002f893, 0x00000b22,
+ 0x0002f894, 0x00000b23,
+ 0x0002f895, 0x00000b24,
+ 0x0002f896, 0x00000b25,
+ 0x0002f897, 0x00000b26,
+ 0x0002f898, 0x00000b27,
+ 0x0002f899, 0x00000b28,
+ 0x0002f89a, 0x00000b29,
+ 0x0002f89b, 0x00000b2a,
+ 0x0002f89c, 0x00000b2b,
+ 0x0002f89d, 0x00000b2c,
+ 0x0002f89e, 0x00000b2d,
+ 0x0002f89f, 0x00000b2e,
+ 0x0002f8a0, 0x00000b2f,
+ 0x0002f8a1, 0x00000b30,
+ 0x0002f8a2, 0x00000b31,
+ 0x0002f8a3, 0x00000b32,
+ 0x0002f8a4, 0x00000b33,
+ 0x0002f8a5, 0x00000b34,
+ 0x0002f8a6, 0x00000b35,
+ 0x0002f8a7, 0x00000b36,
+ 0x0002f8a8, 0x00000b37,
+ 0x0002f8a9, 0x00000b38,
+ 0x0002f8aa, 0x00000b39,
+ 0x0002f8ab, 0x00000b3a,
+ 0x0002f8ac, 0x00000b3b,
+ 0x0002f8ad, 0x00000b3c,
+ 0x0002f8ae, 0x00000b3d,
+ 0x0002f8af, 0x00000b3e,
+ 0x0002f8b0, 0x00000b3f,
+ 0x0002f8b1, 0x00000b40,
+ 0x0002f8b2, 0x00000b41,
+ 0x0002f8b3, 0x00000b42,
+ 0x0002f8b4, 0x00000b43,
+ 0x0002f8b5, 0x00000b44,
+ 0x0002f8b6, 0x00000b45,
+ 0x0002f8b7, 0x00000b46,
+ 0x0002f8b8, 0x00000b47,
+ 0x0002f8b9, 0x00000b48,
+ 0x0002f8ba, 0x00000b49,
+ 0x0002f8bb, 0x00000b4a,
+ 0x0002f8bc, 0x00000b4b,
+ 0x0002f8bd, 0x00000b4c,
+ 0x0002f8be, 0x00000b4d,
+ 0x0002f8bf, 0x00000b4e,
+ 0x0002f8c0, 0x00000b4f,
+ 0x0002f8c1, 0x00000b50,
+ 0x0002f8c2, 0x00000b51,
+ 0x0002f8c3, 0x00000b52,
+ 0x0002f8c4, 0x00000b53,
+ 0x0002f8c5, 0x00000b54,
+ 0x0002f8c6, 0x00000b55,
+ 0x0002f8c7, 0x00000b56,
+ 0x0002f8c8, 0x00000b57,
+ 0x0002f8c9, 0x00000b58,
+ 0x0002f8ca, 0x00000b59,
+ 0x0002f8cb, 0x00000b5a,
+ 0x0002f8cc, 0x00000b5b,
+ 0x0002f8cd, 0x00000b5c,
+ 0x0002f8ce, 0x00000b5d,
+ 0x0002f8cf, 0x00000b5e,
+ 0x0002f8d0, 0x00000b5f,
+ 0x0002f8d1, 0x00000b60,
+ 0x0002f8d2, 0x00000b61,
+ 0x0002f8d3, 0x00000b62,
+ 0x0002f8d4, 0x00000b63,
+ 0x0002f8d5, 0x00000b64,
+ 0x0002f8d6, 0x00000b65,
+ 0x0002f8d7, 0x00000b66,
+ 0x0002f8d8, 0x00000b67,
+ 0x0002f8d9, 0x00000b68,
+ 0x0002f8da, 0x00000b69,
+ 0x0002f8db, 0x00000b6a,
+ 0x0002f8dc, 0x00000b6b,
+ 0x0002f8dd, 0x00000b6c,
+ 0x0002f8de, 0x00000b6d,
+ 0x0002f8df, 0x00000b6e,
+ 0x0002f8e0, 0x00000b6f,
+ 0x0002f8e1, 0x00000b70,
+ 0x0002f8e2, 0x00000b71,
+ 0x0002f8e3, 0x00000b72,
+ 0x0002f8e4, 0x00000b73,
+ 0x0002f8e5, 0x00000b74,
+ 0x0002f8e6, 0x00000b75,
+ 0x0002f8e7, 0x00000b76,
+ 0x0002f8e8, 0x00000b77,
+ 0x0002f8e9, 0x00000b78,
+ 0x0002f8ea, 0x00000b79,
+ 0x0002f8eb, 0x00000b7a,
+ 0x0002f8ec, 0x00000b7b,
+ 0x0002f8ed, 0x00000b7c,
+ 0x0002f8ee, 0x00000b7d,
+ 0x0002f8ef, 0x00000b7e,
+ 0x0002f8f0, 0x00000b7f,
+ 0x0002f8f1, 0x00000b80,
+ 0x0002f8f2, 0x00000b81,
+ 0x0002f8f3, 0x00000b82,
+ 0x0002f8f4, 0x00000b83,
+ 0x0002f8f5, 0x00000b84,
+ 0x0002f8f6, 0x00000b85,
+ 0x0002f8f7, 0x00000b86,
+ 0x0002f8f8, 0x00000b87,
+ 0x0002f8f9, 0x00000b88,
+ 0x0002f8fa, 0x00000b89,
+ 0x0002f8fb, 0x00000b8a,
+ 0x0002f8fc, 0x00000b8b,
+ 0x0002f8fd, 0x00000b8c,
+ 0x0002f8fe, 0x00000b8d,
+ 0x0002f8ff, 0x00000b8e,
+ 0x0002f900, 0x00000b8f,
+ 0x0002f901, 0x00000b90,
+ 0x0002f902, 0x00000b91,
+ 0x0002f903, 0x00000b92,
+ 0x0002f904, 0x00000b93,
+ 0x0002f905, 0x00000b94,
+ 0x0002f906, 0x00000b95,
+ 0x0002f907, 0x00000b96,
+ 0x0002f908, 0x00000b97,
+ 0x0002f909, 0x00000b98,
+ 0x0002f90a, 0x00000b99,
+ 0x0002f90b, 0x00000b9a,
+ 0x0002f90c, 0x00000b9b,
+ 0x0002f90d, 0x00000b9c,
+ 0x0002f90e, 0x00000b9d,
+ 0x0002f90f, 0x00000b9e,
+ 0x0002f910, 0x00000b9f,
+ 0x0002f911, 0x00000ba0,
+ 0x0002f912, 0x00000ba1,
+ 0x0002f913, 0x00000ba2,
+ 0x0002f914, 0x00000ba3,
+ 0x0002f915, 0x00000ba4,
+ 0x0002f916, 0x00000ba5,
+ 0x0002f917, 0x00000ba6,
+ 0x0002f918, 0x00000ba7,
+ 0x0002f919, 0x00000ba8,
+ 0x0002f91a, 0x00000ba9,
+ 0x0002f91b, 0x00000baa,
+ 0x0002f91c, 0x00000bab,
+ 0x0002f91d, 0x00000bac,
+ 0x0002f91e, 0x00000bad,
+ 0x0002f91f, 0x00000bae,
+ 0x0002f920, 0x00000baf,
+ 0x0002f921, 0x00000bb0,
+ 0x0002f922, 0x00000bb1,
+ 0x0002f923, 0x00000bb2,
+ 0x0002f924, 0x00000bb3,
+ 0x0002f925, 0x00000bb4,
+ 0x0002f926, 0x00000bb5,
+ 0x0002f927, 0x00000bb6,
+ 0x0002f928, 0x00000bb7,
+ 0x0002f929, 0x00000bb8,
+ 0x0002f92a, 0x00000bb9,
+ 0x0002f92b, 0x00000bba,
+ 0x0002f92c, 0x00000bbb,
+ 0x0002f92d, 0x00000bbc,
+ 0x0002f92e, 0x00000bbd,
+ 0x0002f92f, 0x00000bbe,
+ 0x0002f930, 0x00000bbf,
+ 0x0002f931, 0x00000bc0,
+ 0x0002f932, 0x00000bc1,
+ 0x0002f933, 0x00000bc2,
+ 0x0002f934, 0x00000bc3,
+ 0x0002f935, 0x00000bc4,
+ 0x0002f936, 0x00000bc5,
+ 0x0002f937, 0x00000bc6,
+ 0x0002f938, 0x00000bc7,
+ 0x0002f939, 0x00000bc8,
+ 0x0002f93a, 0x00000bc9,
+ 0x0002f93b, 0x00000bca,
+ 0x0002f93c, 0x00000bcb,
+ 0x0002f93d, 0x00000bcc,
+ 0x0002f93e, 0x00000bcd,
+ 0x0002f93f, 0x00000bce,
+ 0x0002f940, 0x00000bcf,
+ 0x0002f941, 0x00000bd0,
+ 0x0002f942, 0x00000bd1,
+ 0x0002f943, 0x00000bd2,
+ 0x0002f944, 0x00000bd3,
+ 0x0002f945, 0x00000bd4,
+ 0x0002f946, 0x00000bd5,
+ 0x0002f947, 0x00000bd6,
+ 0x0002f948, 0x00000bd7,
+ 0x0002f949, 0x00000bd8,
+ 0x0002f94a, 0x00000bd9,
+ 0x0002f94b, 0x00000bda,
+ 0x0002f94c, 0x00000bdb,
+ 0x0002f94d, 0x00000bdc,
+ 0x0002f94e, 0x00000bdd,
+ 0x0002f94f, 0x00000bde,
+ 0x0002f950, 0x00000bdf,
+ 0x0002f951, 0x00000be0,
+ 0x0002f952, 0x00000be1,
+ 0x0002f953, 0x00000be2,
+ 0x0002f954, 0x00000be3,
+ 0x0002f955, 0x00000be4,
+ 0x0002f956, 0x00000be5,
+ 0x0002f957, 0x00000be6,
+ 0x0002f958, 0x00000be7,
+ 0x0002f959, 0x00000be8,
+ 0x0002f95a, 0x00000be9,
+ 0x0002f95b, 0x00000bea,
+ 0x0002f95c, 0x00000beb,
+ 0x0002f95d, 0x00000bec,
+ 0x0002f95e, 0x00000bed,
+ 0x0002f95f, 0x00000bee,
+ 0x0002f960, 0x00000bef,
+ 0x0002f961, 0x00000bf0,
+ 0x0002f962, 0x00000bf1,
+ 0x0002f963, 0x00000bf2,
+ 0x0002f964, 0x00000bf3,
+ 0x0002f965, 0x00000bf4,
+ 0x0002f966, 0x00000bf5,
+ 0x0002f967, 0x00000bf6,
+ 0x0002f968, 0x00000bf7,
+ 0x0002f969, 0x00000bf8,
+ 0x0002f96a, 0x00000bf9,
+ 0x0002f96b, 0x00000bfa,
+ 0x0002f96c, 0x00000bfb,
+ 0x0002f96d, 0x00000bfc,
+ 0x0002f96e, 0x00000bfd,
+ 0x0002f96f, 0x00000bfe,
+ 0x0002f970, 0x00000bff,
+ 0x0002f971, 0x00000c00,
+ 0x0002f972, 0x00000c01,
+ 0x0002f973, 0x00000c02,
+ 0x0002f974, 0x00000c03,
+ 0x0002f975, 0x00000c04,
+ 0x0002f976, 0x00000c05,
+ 0x0002f977, 0x00000c06,
+ 0x0002f978, 0x00000c07,
+ 0x0002f979, 0x00000c08,
+ 0x0002f97a, 0x00000c09,
+ 0x0002f97b, 0x00000c0a,
+ 0x0002f97c, 0x00000c0b,
+ 0x0002f97d, 0x00000c0c,
+ 0x0002f97e, 0x00000c0d,
+ 0x0002f97f, 0x00000c0e,
+ 0x0002f980, 0x00000c0f,
+ 0x0002f981, 0x00000c10,
+ 0x0002f982, 0x00000c11,
+ 0x0002f983, 0x00000c12,
+ 0x0002f984, 0x00000c13,
+ 0x0002f985, 0x00000c14,
+ 0x0002f986, 0x00000c15,
+ 0x0002f987, 0x00000c16,
+ 0x0002f988, 0x00000c17,
+ 0x0002f989, 0x00000c18,
+ 0x0002f98a, 0x00000c19,
+ 0x0002f98b, 0x00000c1a,
+ 0x0002f98c, 0x00000c1b,
+ 0x0002f98d, 0x00000c1c,
+ 0x0002f98e, 0x00000c1d,
+ 0x0002f98f, 0x00000c1e,
+ 0x0002f990, 0x00000c1f,
+ 0x0002f991, 0x00000c20,
+ 0x0002f992, 0x00000c21,
+ 0x0002f993, 0x00000c22,
+ 0x0002f994, 0x00000c23,
+ 0x0002f995, 0x00000c24,
+ 0x0002f996, 0x00000c25,
+ 0x0002f997, 0x00000c26,
+ 0x0002f998, 0x00000c27,
+ 0x0002f999, 0x00000c28,
+ 0x0002f99a, 0x00000c29,
+ 0x0002f99b, 0x00000c2a,
+ 0x0002f99c, 0x00000c2b,
+ 0x0002f99d, 0x00000c2c,
+ 0x0002f99e, 0x00000c2d,
+ 0x0002f99f, 0x00000c2e,
+ 0x0002f9a0, 0x00000c2f,
+ 0x0002f9a1, 0x00000c30,
+ 0x0002f9a2, 0x00000c31,
+ 0x0002f9a3, 0x00000c32,
+ 0x0002f9a4, 0x00000c33,
+ 0x0002f9a5, 0x00000c34,
+ 0x0002f9a6, 0x00000c35,
+ 0x0002f9a7, 0x00000c36,
+ 0x0002f9a8, 0x00000c37,
+ 0x0002f9a9, 0x00000c38,
+ 0x0002f9aa, 0x00000c39,
+ 0x0002f9ab, 0x00000c3a,
+ 0x0002f9ac, 0x00000c3b,
+ 0x0002f9ad, 0x00000c3c,
+ 0x0002f9ae, 0x00000c3d,
+ 0x0002f9af, 0x00000c3e,
+ 0x0002f9b0, 0x00000c3f,
+ 0x0002f9b1, 0x00000c40,
+ 0x0002f9b2, 0x00000c41,
+ 0x0002f9b3, 0x00000c42,
+ 0x0002f9b4, 0x00000c43,
+ 0x0002f9b5, 0x00000c44,
+ 0x0002f9b6, 0x00000c45,
+ 0x0002f9b7, 0x00000c46,
+ 0x0002f9b8, 0x00000c47,
+ 0x0002f9b9, 0x00000c48,
+ 0x0002f9ba, 0x00000c49,
+ 0x0002f9bb, 0x00000c4a,
+ 0x0002f9bc, 0x00000c4b,
+ 0x0002f9bd, 0x00000c4c,
+ 0x0002f9be, 0x00000c4d,
+ 0x0002f9bf, 0x00000c4e,
+ 0x0002f9c0, 0x00000c4f,
+ 0x0002f9c1, 0x00000c50,
+ 0x0002f9c2, 0x00000c51,
+ 0x0002f9c3, 0x00000c52,
+ 0x0002f9c4, 0x00000c53,
+ 0x0002f9c5, 0x00000c54,
+ 0x0002f9c6, 0x00000c55,
+ 0x0002f9c7, 0x00000c56,
+ 0x0002f9c8, 0x00000c57,
+ 0x0002f9c9, 0x00000c58,
+ 0x0002f9ca, 0x00000c59,
+ 0x0002f9cb, 0x00000c5a,
+ 0x0002f9cc, 0x00000c5b,
+ 0x0002f9cd, 0x00000c5c,
+ 0x0002f9ce, 0x00000c5d,
+ 0x0002f9cf, 0x00000c5e,
+ 0x0002f9d0, 0x00000c5f,
+ 0x0002f9d1, 0x00000c60,
+ 0x0002f9d2, 0x00000c61,
+ 0x0002f9d3, 0x00000c62,
+ 0x0002f9d4, 0x00000c63,
+ 0x0002f9d5, 0x00000c64,
+ 0x0002f9d6, 0x00000c65,
+ 0x0002f9d7, 0x00000c66,
+ 0x0002f9d8, 0x00000c67,
+ 0x0002f9d9, 0x00000c68,
+ 0x0002f9da, 0x00000c69,
+ 0x0002f9db, 0x00000c6a,
+ 0x0002f9dc, 0x00000c6b,
+ 0x0002f9dd, 0x00000c6c,
+ 0x0002f9de, 0x00000c6d,
+ 0x0002f9df, 0x00000c6e,
+ 0x0002f9e0, 0x00000c6f,
+ 0x0002f9e1, 0x00000c70,
+ 0x0002f9e2, 0x00000c71,
+ 0x0002f9e3, 0x00000c72,
+ 0x0002f9e4, 0x00000c73,
+ 0x0002f9e5, 0x00000c74,
+ 0x0002f9e6, 0x00000c75,
+ 0x0002f9e7, 0x00000c76,
+ 0x0002f9e8, 0x00000c77,
+ 0x0002f9e9, 0x00000c78,
+ 0x0002f9ea, 0x00000c79,
+ 0x0002f9eb, 0x00000c7a,
+ 0x0002f9ec, 0x00000c7b,
+ 0x0002f9ed, 0x00000c7c,
+ 0x0002f9ee, 0x00000c7d,
+ 0x0002f9ef, 0x00000c7e,
+ 0x0002f9f0, 0x00000c7f,
+ 0x0002f9f1, 0x00000c80,
+ 0x0002f9f2, 0x00000c81,
+ 0x0002f9f3, 0x00000c82,
+ 0x0002f9f4, 0x00000c83,
+ 0x0002f9f5, 0x00000c84,
+ 0x0002f9f6, 0x00000c85,
+ 0x0002f9f7, 0x00000c86,
+ 0x0002f9f8, 0x00000c87,
+ 0x0002f9f9, 0x00000c88,
+ 0x0002f9fa, 0x00000c89,
+ 0x0002f9fb, 0x00000c8a,
+ 0x0002f9fc, 0x00000c8b,
+ 0x0002f9fd, 0x00000c8c,
+ 0x0002f9fe, 0x00000c8d,
+ 0x0002f9ff, 0x00000c8e,
+ 0x0002fa00, 0x00000c8f,
+ 0x0002fa01, 0x00000c90,
+ 0x0002fa02, 0x00000c91,
+ 0x0002fa03, 0x00000c92,
+ 0x0002fa04, 0x00000c93,
+ 0x0002fa05, 0x00000c94,
+ 0x0002fa06, 0x00000c95,
+ 0x0002fa07, 0x00000c96,
+ 0x0002fa08, 0x00000c97,
+ 0x0002fa09, 0x00000c98,
+ 0x0002fa0a, 0x00000c99,
+ 0x0002fa0b, 0x00000c9a,
+ 0x0002fa0c, 0x00000c9b,
+ 0x0002fa0d, 0x00000c9c,
+ 0x0002fa0e, 0x00000c9d,
+ 0x0002fa0f, 0x00000c9e,
+ 0x0002fa10, 0x00000c9f,
+ 0x0002fa11, 0x00000ca0,
+ 0x0002fa12, 0x00000ca1,
+ 0x0002fa13, 0x00000ca2,
+ 0x0002fa14, 0x00000ca3,
+ 0x0002fa15, 0x00000ca4,
+ 0x0002fa16, 0x00000ca5,
+ 0x0002fa17, 0x00000ca6,
+ 0x0002fa18, 0x00000ca7,
+ 0x0002fa19, 0x00000ca8,
+ 0x0002fa1a, 0x00000ca9,
+ 0x0002fa1b, 0x00000caa,
+ 0x0002fa1c, 0x00000cab,
+ 0x0002fa1d, 0x00000cac,
+ 0x00000cad
+};
+
+static const ac_uint4 _ucdcmp_decomp[] = {
+ 0x00000041, 0x00000300, 0x00000041, 0x00000301,
+ 0x00000041, 0x00000302, 0x00000041, 0x00000303,
+ 0x00000041, 0x00000308, 0x00000041, 0x0000030a,
+ 0x00000043, 0x00000327, 0x00000045, 0x00000300,
+ 0x00000045, 0x00000301, 0x00000045, 0x00000302,
+ 0x00000045, 0x00000308, 0x00000049, 0x00000300,
+ 0x00000049, 0x00000301, 0x00000049, 0x00000302,
+ 0x00000049, 0x00000308, 0x0000004e, 0x00000303,
+ 0x0000004f, 0x00000300, 0x0000004f, 0x00000301,
+ 0x0000004f, 0x00000302, 0x0000004f, 0x00000303,
+ 0x0000004f, 0x00000308, 0x00000055, 0x00000300,
+ 0x00000055, 0x00000301, 0x00000055, 0x00000302,
+ 0x00000055, 0x00000308, 0x00000059, 0x00000301,
+ 0x00000061, 0x00000300, 0x00000061, 0x00000301,
+ 0x00000061, 0x00000302, 0x00000061, 0x00000303,
+ 0x00000061, 0x00000308, 0x00000061, 0x0000030a,
+ 0x00000063, 0x00000327, 0x00000065, 0x00000300,
+ 0x00000065, 0x00000301, 0x00000065, 0x00000302,
+ 0x00000065, 0x00000308, 0x00000069, 0x00000300,
+ 0x00000069, 0x00000301, 0x00000069, 0x00000302,
+ 0x00000069, 0x00000308, 0x0000006e, 0x00000303,
+ 0x0000006f, 0x00000300, 0x0000006f, 0x00000301,
+ 0x0000006f, 0x00000302, 0x0000006f, 0x00000303,
+ 0x0000006f, 0x00000308, 0x00000075, 0x00000300,
+ 0x00000075, 0x00000301, 0x00000075, 0x00000302,
+ 0x00000075, 0x00000308, 0x00000079, 0x00000301,
+ 0x00000079, 0x00000308, 0x00000041, 0x00000304,
+ 0x00000061, 0x00000304, 0x00000041, 0x00000306,
+ 0x00000061, 0x00000306, 0x00000041, 0x00000328,
+ 0x00000061, 0x00000328, 0x00000043, 0x00000301,
+ 0x00000063, 0x00000301, 0x00000043, 0x00000302,
+ 0x00000063, 0x00000302, 0x00000043, 0x00000307,
+ 0x00000063, 0x00000307, 0x00000043, 0x0000030c,
+ 0x00000063, 0x0000030c, 0x00000044, 0x0000030c,
+ 0x00000064, 0x0000030c, 0x00000045, 0x00000304,
+ 0x00000065, 0x00000304, 0x00000045, 0x00000306,
+ 0x00000065, 0x00000306, 0x00000045, 0x00000307,
+ 0x00000065, 0x00000307, 0x00000045, 0x00000328,
+ 0x00000065, 0x00000328, 0x00000045, 0x0000030c,
+ 0x00000065, 0x0000030c, 0x00000047, 0x00000302,
+ 0x00000067, 0x00000302, 0x00000047, 0x00000306,
+ 0x00000067, 0x00000306, 0x00000047, 0x00000307,
+ 0x00000067, 0x00000307, 0x00000047, 0x00000327,
+ 0x00000067, 0x00000327, 0x00000048, 0x00000302,
+ 0x00000068, 0x00000302, 0x00000049, 0x00000303,
+ 0x00000069, 0x00000303, 0x00000049, 0x00000304,
+ 0x00000069, 0x00000304, 0x00000049, 0x00000306,
+ 0x00000069, 0x00000306, 0x00000049, 0x00000328,
+ 0x00000069, 0x00000328, 0x00000049, 0x00000307,
+ 0x0000004a, 0x00000302, 0x0000006a, 0x00000302,
+ 0x0000004b, 0x00000327, 0x0000006b, 0x00000327,
+ 0x0000004c, 0x00000301, 0x0000006c, 0x00000301,
+ 0x0000004c, 0x00000327, 0x0000006c, 0x00000327,
+ 0x0000004c, 0x0000030c, 0x0000006c, 0x0000030c,
+ 0x0000004e, 0x00000301, 0x0000006e, 0x00000301,
+ 0x0000004e, 0x00000327, 0x0000006e, 0x00000327,
+ 0x0000004e, 0x0000030c, 0x0000006e, 0x0000030c,
+ 0x0000004f, 0x00000304, 0x0000006f, 0x00000304,
+ 0x0000004f, 0x00000306, 0x0000006f, 0x00000306,
+ 0x0000004f, 0x0000030b, 0x0000006f, 0x0000030b,
+ 0x00000052, 0x00000301, 0x00000072, 0x00000301,
+ 0x00000052, 0x00000327, 0x00000072, 0x00000327,
+ 0x00000052, 0x0000030c, 0x00000072, 0x0000030c,
+ 0x00000053, 0x00000301, 0x00000073, 0x00000301,
+ 0x00000053, 0x00000302, 0x00000073, 0x00000302,
+ 0x00000053, 0x00000327, 0x00000073, 0x00000327,
+ 0x00000053, 0x0000030c, 0x00000073, 0x0000030c,
+ 0x00000054, 0x00000327, 0x00000074, 0x00000327,
+ 0x00000054, 0x0000030c, 0x00000074, 0x0000030c,
+ 0x00000055, 0x00000303, 0x00000075, 0x00000303,
+ 0x00000055, 0x00000304, 0x00000075, 0x00000304,
+ 0x00000055, 0x00000306, 0x00000075, 0x00000306,
+ 0x00000055, 0x0000030a, 0x00000075, 0x0000030a,
+ 0x00000055, 0x0000030b, 0x00000075, 0x0000030b,
+ 0x00000055, 0x00000328, 0x00000075, 0x00000328,
+ 0x00000057, 0x00000302, 0x00000077, 0x00000302,
+ 0x00000059, 0x00000302, 0x00000079, 0x00000302,
+ 0x00000059, 0x00000308, 0x0000005a, 0x00000301,
+ 0x0000007a, 0x00000301, 0x0000005a, 0x00000307,
+ 0x0000007a, 0x00000307, 0x0000005a, 0x0000030c,
+ 0x0000007a, 0x0000030c, 0x0000004f, 0x0000031b,
+ 0x0000006f, 0x0000031b, 0x00000055, 0x0000031b,
+ 0x00000075, 0x0000031b, 0x00000041, 0x0000030c,
+ 0x00000061, 0x0000030c, 0x00000049, 0x0000030c,
+ 0x00000069, 0x0000030c, 0x0000004f, 0x0000030c,
+ 0x0000006f, 0x0000030c, 0x00000055, 0x0000030c,
+ 0x00000075, 0x0000030c, 0x00000055, 0x00000308,
+ 0x00000304, 0x00000075, 0x00000308, 0x00000304,
+ 0x00000055, 0x00000308, 0x00000301, 0x00000075,
+ 0x00000308, 0x00000301, 0x00000055, 0x00000308,
+ 0x0000030c, 0x00000075, 0x00000308, 0x0000030c,
+ 0x00000055, 0x00000308, 0x00000300, 0x00000075,
+ 0x00000308, 0x00000300, 0x00000041, 0x00000308,
+ 0x00000304, 0x00000061, 0x00000308, 0x00000304,
+ 0x00000041, 0x00000307, 0x00000304, 0x00000061,
+ 0x00000307, 0x00000304, 0x000000c6, 0x00000304,
+ 0x000000e6, 0x00000304, 0x00000047, 0x0000030c,
+ 0x00000067, 0x0000030c, 0x0000004b, 0x0000030c,
+ 0x0000006b, 0x0000030c, 0x0000004f, 0x00000328,
+ 0x0000006f, 0x00000328, 0x0000004f, 0x00000328,
+ 0x00000304, 0x0000006f, 0x00000328, 0x00000304,
+ 0x000001b7, 0x0000030c, 0x00000292, 0x0000030c,
+ 0x0000006a, 0x0000030c, 0x00000047, 0x00000301,
+ 0x00000067, 0x00000301, 0x0000004e, 0x00000300,
+ 0x0000006e, 0x00000300, 0x00000041, 0x0000030a,
+ 0x00000301, 0x00000061, 0x0000030a, 0x00000301,
+ 0x000000c6, 0x00000301, 0x000000e6, 0x00000301,
+ 0x000000d8, 0x00000301, 0x000000f8, 0x00000301,
+ 0x00000041, 0x0000030f, 0x00000061, 0x0000030f,
+ 0x00000041, 0x00000311, 0x00000061, 0x00000311,
+ 0x00000045, 0x0000030f, 0x00000065, 0x0000030f,
+ 0x00000045, 0x00000311, 0x00000065, 0x00000311,
+ 0x00000049, 0x0000030f, 0x00000069, 0x0000030f,
+ 0x00000049, 0x00000311, 0x00000069, 0x00000311,
+ 0x0000004f, 0x0000030f, 0x0000006f, 0x0000030f,
+ 0x0000004f, 0x00000311, 0x0000006f, 0x00000311,
+ 0x00000052, 0x0000030f, 0x00000072, 0x0000030f,
+ 0x00000052, 0x00000311, 0x00000072, 0x00000311,
+ 0x00000055, 0x0000030f, 0x00000075, 0x0000030f,
+ 0x00000055, 0x00000311, 0x00000075, 0x00000311,
+ 0x00000053, 0x00000326, 0x00000073, 0x00000326,
+ 0x00000054, 0x00000326, 0x00000074, 0x00000326,
+ 0x00000048, 0x0000030c, 0x00000068, 0x0000030c,
+ 0x00000041, 0x00000307, 0x00000061, 0x00000307,
+ 0x00000045, 0x00000327, 0x00000065, 0x00000327,
+ 0x0000004f, 0x00000308, 0x00000304, 0x0000006f,
+ 0x00000308, 0x00000304, 0x0000004f, 0x00000303,
+ 0x00000304, 0x0000006f, 0x00000303, 0x00000304,
+ 0x0000004f, 0x00000307, 0x0000006f, 0x00000307,
+ 0x0000004f, 0x00000307, 0x00000304, 0x0000006f,
+ 0x00000307, 0x00000304, 0x00000059, 0x00000304,
+ 0x00000079, 0x00000304, 0x00000300, 0x00000301,
+ 0x00000313, 0x00000308, 0x00000301, 0x000002b9,
+ 0x0000003b, 0x000000a8, 0x00000301, 0x00000391,
+ 0x00000301, 0x000000b7, 0x00000395, 0x00000301,
+ 0x00000397, 0x00000301, 0x00000399, 0x00000301,
+ 0x0000039f, 0x00000301, 0x000003a5, 0x00000301,
+ 0x000003a9, 0x00000301, 0x000003b9, 0x00000308,
+ 0x00000301, 0x00000399, 0x00000308, 0x000003a5,
+ 0x00000308, 0x000003b1, 0x00000301, 0x000003b5,
+ 0x00000301, 0x000003b7, 0x00000301, 0x000003b9,
+ 0x00000301, 0x000003c5, 0x00000308, 0x00000301,
+ 0x000003b9, 0x00000308, 0x000003c5, 0x00000308,
+ 0x000003bf, 0x00000301, 0x000003c5, 0x00000301,
+ 0x000003c9, 0x00000301, 0x000003d2, 0x00000301,
+ 0x000003d2, 0x00000308, 0x00000415, 0x00000300,
+ 0x00000415, 0x00000308, 0x00000413, 0x00000301,
+ 0x00000406, 0x00000308, 0x0000041a, 0x00000301,
+ 0x00000418, 0x00000300, 0x00000423, 0x00000306,
+ 0x00000418, 0x00000306, 0x00000438, 0x00000306,
+ 0x00000435, 0x00000300, 0x00000435, 0x00000308,
+ 0x00000433, 0x00000301, 0x00000456, 0x00000308,
+ 0x0000043a, 0x00000301, 0x00000438, 0x00000300,
+ 0x00000443, 0x00000306, 0x00000474, 0x0000030f,
+ 0x00000475, 0x0000030f, 0x00000416, 0x00000306,
+ 0x00000436, 0x00000306, 0x00000410, 0x00000306,
+ 0x00000430, 0x00000306, 0x00000410, 0x00000308,
+ 0x00000430, 0x00000308, 0x00000415, 0x00000306,
+ 0x00000435, 0x00000306, 0x000004d8, 0x00000308,
+ 0x000004d9, 0x00000308, 0x00000416, 0x00000308,
+ 0x00000436, 0x00000308, 0x00000417, 0x00000308,
+ 0x00000437, 0x00000308, 0x00000418, 0x00000304,
+ 0x00000438, 0x00000304, 0x00000418, 0x00000308,
+ 0x00000438, 0x00000308, 0x0000041e, 0x00000308,
+ 0x0000043e, 0x00000308, 0x000004e8, 0x00000308,
+ 0x000004e9, 0x00000308, 0x0000042d, 0x00000308,
+ 0x0000044d, 0x00000308, 0x00000423, 0x00000304,
+ 0x00000443, 0x00000304, 0x00000423, 0x00000308,
+ 0x00000443, 0x00000308, 0x00000423, 0x0000030b,
+ 0x00000443, 0x0000030b, 0x00000427, 0x00000308,
+ 0x00000447, 0x00000308, 0x0000042b, 0x00000308,
+ 0x0000044b, 0x00000308, 0x00000627, 0x00000653,
+ 0x00000627, 0x00000654, 0x00000648, 0x00000654,
+ 0x00000627, 0x00000655, 0x0000064a, 0x00000654,
+ 0x000006d5, 0x00000654, 0x000006c1, 0x00000654,
+ 0x000006d2, 0x00000654, 0x00000928, 0x0000093c,
+ 0x00000930, 0x0000093c, 0x00000933, 0x0000093c,
+ 0x00000915, 0x0000093c, 0x00000916, 0x0000093c,
+ 0x00000917, 0x0000093c, 0x0000091c, 0x0000093c,
+ 0x00000921, 0x0000093c, 0x00000922, 0x0000093c,
+ 0x0000092b, 0x0000093c, 0x0000092f, 0x0000093c,
+ 0x000009c7, 0x000009be, 0x000009c7, 0x000009d7,
+ 0x000009a1, 0x000009bc, 0x000009a2, 0x000009bc,
+ 0x000009af, 0x000009bc, 0x00000a32, 0x00000a3c,
+ 0x00000a38, 0x00000a3c, 0x00000a16, 0x00000a3c,
+ 0x00000a17, 0x00000a3c, 0x00000a1c, 0x00000a3c,
+ 0x00000a2b, 0x00000a3c, 0x00000b47, 0x00000b56,
+ 0x00000b47, 0x00000b3e, 0x00000b47, 0x00000b57,
+ 0x00000b21, 0x00000b3c, 0x00000b22, 0x00000b3c,
+ 0x00000b92, 0x00000bd7, 0x00000bc6, 0x00000bbe,
+ 0x00000bc7, 0x00000bbe, 0x00000bc6, 0x00000bd7,
+ 0x00000c46, 0x00000c56, 0x00000cbf, 0x00000cd5,
+ 0x00000cc6, 0x00000cd5, 0x00000cc6, 0x00000cd6,
+ 0x00000cc6, 0x00000cc2, 0x00000cc6, 0x00000cc2,
+ 0x00000cd5, 0x00000d46, 0x00000d3e, 0x00000d47,
+ 0x00000d3e, 0x00000d46, 0x00000d57, 0x00000dd9,
+ 0x00000dca, 0x00000dd9, 0x00000dcf, 0x00000dd9,
+ 0x00000dcf, 0x00000dca, 0x00000dd9, 0x00000ddf,
+ 0x00000f42, 0x00000fb7, 0x00000f4c, 0x00000fb7,
+ 0x00000f51, 0x00000fb7, 0x00000f56, 0x00000fb7,
+ 0x00000f5b, 0x00000fb7, 0x00000f40, 0x00000fb5,
+ 0x00000f71, 0x00000f72, 0x00000f71, 0x00000f74,
+ 0x00000fb2, 0x00000f80, 0x00000fb3, 0x00000f80,
+ 0x00000f71, 0x00000f80, 0x00000f92, 0x00000fb7,
+ 0x00000f9c, 0x00000fb7, 0x00000fa1, 0x00000fb7,
+ 0x00000fa6, 0x00000fb7, 0x00000fab, 0x00000fb7,
+ 0x00000f90, 0x00000fb5, 0x00001025, 0x0000102e,
+ 0x00000041, 0x00000325, 0x00000061, 0x00000325,
+ 0x00000042, 0x00000307, 0x00000062, 0x00000307,
+ 0x00000042, 0x00000323, 0x00000062, 0x00000323,
+ 0x00000042, 0x00000331, 0x00000062, 0x00000331,
+ 0x00000043, 0x00000327, 0x00000301, 0x00000063,
+ 0x00000327, 0x00000301, 0x00000044, 0x00000307,
+ 0x00000064, 0x00000307, 0x00000044, 0x00000323,
+ 0x00000064, 0x00000323, 0x00000044, 0x00000331,
+ 0x00000064, 0x00000331, 0x00000044, 0x00000327,
+ 0x00000064, 0x00000327, 0x00000044, 0x0000032d,
+ 0x00000064, 0x0000032d, 0x00000045, 0x00000304,
+ 0x00000300, 0x00000065, 0x00000304, 0x00000300,
+ 0x00000045, 0x00000304, 0x00000301, 0x00000065,
+ 0x00000304, 0x00000301, 0x00000045, 0x0000032d,
+ 0x00000065, 0x0000032d, 0x00000045, 0x00000330,
+ 0x00000065, 0x00000330, 0x00000045, 0x00000327,
+ 0x00000306, 0x00000065, 0x00000327, 0x00000306,
+ 0x00000046, 0x00000307, 0x00000066, 0x00000307,
+ 0x00000047, 0x00000304, 0x00000067, 0x00000304,
+ 0x00000048, 0x00000307, 0x00000068, 0x00000307,
+ 0x00000048, 0x00000323, 0x00000068, 0x00000323,
+ 0x00000048, 0x00000308, 0x00000068, 0x00000308,
+ 0x00000048, 0x00000327, 0x00000068, 0x00000327,
+ 0x00000048, 0x0000032e, 0x00000068, 0x0000032e,
+ 0x00000049, 0x00000330, 0x00000069, 0x00000330,
+ 0x00000049, 0x00000308, 0x00000301, 0x00000069,
+ 0x00000308, 0x00000301, 0x0000004b, 0x00000301,
+ 0x0000006b, 0x00000301, 0x0000004b, 0x00000323,
+ 0x0000006b, 0x00000323, 0x0000004b, 0x00000331,
+ 0x0000006b, 0x00000331, 0x0000004c, 0x00000323,
+ 0x0000006c, 0x00000323, 0x0000004c, 0x00000323,
+ 0x00000304, 0x0000006c, 0x00000323, 0x00000304,
+ 0x0000004c, 0x00000331, 0x0000006c, 0x00000331,
+ 0x0000004c, 0x0000032d, 0x0000006c, 0x0000032d,
+ 0x0000004d, 0x00000301, 0x0000006d, 0x00000301,
+ 0x0000004d, 0x00000307, 0x0000006d, 0x00000307,
+ 0x0000004d, 0x00000323, 0x0000006d, 0x00000323,
+ 0x0000004e, 0x00000307, 0x0000006e, 0x00000307,
+ 0x0000004e, 0x00000323, 0x0000006e, 0x00000323,
+ 0x0000004e, 0x00000331, 0x0000006e, 0x00000331,
+ 0x0000004e, 0x0000032d, 0x0000006e, 0x0000032d,
+ 0x0000004f, 0x00000303, 0x00000301, 0x0000006f,
+ 0x00000303, 0x00000301, 0x0000004f, 0x00000303,
+ 0x00000308, 0x0000006f, 0x00000303, 0x00000308,
+ 0x0000004f, 0x00000304, 0x00000300, 0x0000006f,
+ 0x00000304, 0x00000300, 0x0000004f, 0x00000304,
+ 0x00000301, 0x0000006f, 0x00000304, 0x00000301,
+ 0x00000050, 0x00000301, 0x00000070, 0x00000301,
+ 0x00000050, 0x00000307, 0x00000070, 0x00000307,
+ 0x00000052, 0x00000307, 0x00000072, 0x00000307,
+ 0x00000052, 0x00000323, 0x00000072, 0x00000323,
+ 0x00000052, 0x00000323, 0x00000304, 0x00000072,
+ 0x00000323, 0x00000304, 0x00000052, 0x00000331,
+ 0x00000072, 0x00000331, 0x00000053, 0x00000307,
+ 0x00000073, 0x00000307, 0x00000053, 0x00000323,
+ 0x00000073, 0x00000323, 0x00000053, 0x00000301,
+ 0x00000307, 0x00000073, 0x00000301, 0x00000307,
+ 0x00000053, 0x0000030c, 0x00000307, 0x00000073,
+ 0x0000030c, 0x00000307, 0x00000053, 0x00000323,
+ 0x00000307, 0x00000073, 0x00000323, 0x00000307,
+ 0x00000054, 0x00000307, 0x00000074, 0x00000307,
+ 0x00000054, 0x00000323, 0x00000074, 0x00000323,
+ 0x00000054, 0x00000331, 0x00000074, 0x00000331,
+ 0x00000054, 0x0000032d, 0x00000074, 0x0000032d,
+ 0x00000055, 0x00000324, 0x00000075, 0x00000324,
+ 0x00000055, 0x00000330, 0x00000075, 0x00000330,
+ 0x00000055, 0x0000032d, 0x00000075, 0x0000032d,
+ 0x00000055, 0x00000303, 0x00000301, 0x00000075,
+ 0x00000303, 0x00000301, 0x00000055, 0x00000304,
+ 0x00000308, 0x00000075, 0x00000304, 0x00000308,
+ 0x00000056, 0x00000303, 0x00000076, 0x00000303,
+ 0x00000056, 0x00000323, 0x00000076, 0x00000323,
+ 0x00000057, 0x00000300, 0x00000077, 0x00000300,
+ 0x00000057, 0x00000301, 0x00000077, 0x00000301,
+ 0x00000057, 0x00000308, 0x00000077, 0x00000308,
+ 0x00000057, 0x00000307, 0x00000077, 0x00000307,
+ 0x00000057, 0x00000323, 0x00000077, 0x00000323,
+ 0x00000058, 0x00000307, 0x00000078, 0x00000307,
+ 0x00000058, 0x00000308, 0x00000078, 0x00000308,
+ 0x00000059, 0x00000307, 0x00000079, 0x00000307,
+ 0x0000005a, 0x00000302, 0x0000007a, 0x00000302,
+ 0x0000005a, 0x00000323, 0x0000007a, 0x00000323,
+ 0x0000005a, 0x00000331, 0x0000007a, 0x00000331,
+ 0x00000068, 0x00000331, 0x00000074, 0x00000308,
+ 0x00000077, 0x0000030a, 0x00000079, 0x0000030a,
+ 0x0000017f, 0x00000307, 0x00000041, 0x00000323,
+ 0x00000061, 0x00000323, 0x00000041, 0x00000309,
+ 0x00000061, 0x00000309, 0x00000041, 0x00000302,
+ 0x00000301, 0x00000061, 0x00000302, 0x00000301,
+ 0x00000041, 0x00000302, 0x00000300, 0x00000061,
+ 0x00000302, 0x00000300, 0x00000041, 0x00000302,
+ 0x00000309, 0x00000061, 0x00000302, 0x00000309,
+ 0x00000041, 0x00000302, 0x00000303, 0x00000061,
+ 0x00000302, 0x00000303, 0x00000041, 0x00000323,
+ 0x00000302, 0x00000061, 0x00000323, 0x00000302,
+ 0x00000041, 0x00000306, 0x00000301, 0x00000061,
+ 0x00000306, 0x00000301, 0x00000041, 0x00000306,
+ 0x00000300, 0x00000061, 0x00000306, 0x00000300,
+ 0x00000041, 0x00000306, 0x00000309, 0x00000061,
+ 0x00000306, 0x00000309, 0x00000041, 0x00000306,
+ 0x00000303, 0x00000061, 0x00000306, 0x00000303,
+ 0x00000041, 0x00000323, 0x00000306, 0x00000061,
+ 0x00000323, 0x00000306, 0x00000045, 0x00000323,
+ 0x00000065, 0x00000323, 0x00000045, 0x00000309,
+ 0x00000065, 0x00000309, 0x00000045, 0x00000303,
+ 0x00000065, 0x00000303, 0x00000045, 0x00000302,
+ 0x00000301, 0x00000065, 0x00000302, 0x00000301,
+ 0x00000045, 0x00000302, 0x00000300, 0x00000065,
+ 0x00000302, 0x00000300, 0x00000045, 0x00000302,
+ 0x00000309, 0x00000065, 0x00000302, 0x00000309,
+ 0x00000045, 0x00000302, 0x00000303, 0x00000065,
+ 0x00000302, 0x00000303, 0x00000045, 0x00000323,
+ 0x00000302, 0x00000065, 0x00000323, 0x00000302,
+ 0x00000049, 0x00000309, 0x00000069, 0x00000309,
+ 0x00000049, 0x00000323, 0x00000069, 0x00000323,
+ 0x0000004f, 0x00000323, 0x0000006f, 0x00000323,
+ 0x0000004f, 0x00000309, 0x0000006f, 0x00000309,
+ 0x0000004f, 0x00000302, 0x00000301, 0x0000006f,
+ 0x00000302, 0x00000301, 0x0000004f, 0x00000302,
+ 0x00000300, 0x0000006f, 0x00000302, 0x00000300,
+ 0x0000004f, 0x00000302, 0x00000309, 0x0000006f,
+ 0x00000302, 0x00000309, 0x0000004f, 0x00000302,
+ 0x00000303, 0x0000006f, 0x00000302, 0x00000303,
+ 0x0000004f, 0x00000323, 0x00000302, 0x0000006f,
+ 0x00000323, 0x00000302, 0x0000004f, 0x0000031b,
+ 0x00000301, 0x0000006f, 0x0000031b, 0x00000301,
+ 0x0000004f, 0x0000031b, 0x00000300, 0x0000006f,
+ 0x0000031b, 0x00000300, 0x0000004f, 0x0000031b,
+ 0x00000309, 0x0000006f, 0x0000031b, 0x00000309,
+ 0x0000004f, 0x0000031b, 0x00000303, 0x0000006f,
+ 0x0000031b, 0x00000303, 0x0000004f, 0x0000031b,
+ 0x00000323, 0x0000006f, 0x0000031b, 0x00000323,
+ 0x00000055, 0x00000323, 0x00000075, 0x00000323,
+ 0x00000055, 0x00000309, 0x00000075, 0x00000309,
+ 0x00000055, 0x0000031b, 0x00000301, 0x00000075,
+ 0x0000031b, 0x00000301, 0x00000055, 0x0000031b,
+ 0x00000300, 0x00000075, 0x0000031b, 0x00000300,
+ 0x00000055, 0x0000031b, 0x00000309, 0x00000075,
+ 0x0000031b, 0x00000309, 0x00000055, 0x0000031b,
+ 0x00000303, 0x00000075, 0x0000031b, 0x00000303,
+ 0x00000055, 0x0000031b, 0x00000323, 0x00000075,
+ 0x0000031b, 0x00000323, 0x00000059, 0x00000300,
+ 0x00000079, 0x00000300, 0x00000059, 0x00000323,
+ 0x00000079, 0x00000323, 0x00000059, 0x00000309,
+ 0x00000079, 0x00000309, 0x00000059, 0x00000303,
+ 0x00000079, 0x00000303, 0x000003b1, 0x00000313,
+ 0x000003b1, 0x00000314, 0x000003b1, 0x00000313,
+ 0x00000300, 0x000003b1, 0x00000314, 0x00000300,
+ 0x000003b1, 0x00000313, 0x00000301, 0x000003b1,
+ 0x00000314, 0x00000301, 0x000003b1, 0x00000313,
+ 0x00000342, 0x000003b1, 0x00000314, 0x00000342,
+ 0x00000391, 0x00000313, 0x00000391, 0x00000314,
+ 0x00000391, 0x00000313, 0x00000300, 0x00000391,
+ 0x00000314, 0x00000300, 0x00000391, 0x00000313,
+ 0x00000301, 0x00000391, 0x00000314, 0x00000301,
+ 0x00000391, 0x00000313, 0x00000342, 0x00000391,
+ 0x00000314, 0x00000342, 0x000003b5, 0x00000313,
+ 0x000003b5, 0x00000314, 0x000003b5, 0x00000313,
+ 0x00000300, 0x000003b5, 0x00000314, 0x00000300,
+ 0x000003b5, 0x00000313, 0x00000301, 0x000003b5,
+ 0x00000314, 0x00000301, 0x00000395, 0x00000313,
+ 0x00000395, 0x00000314, 0x00000395, 0x00000313,
+ 0x00000300, 0x00000395, 0x00000314, 0x00000300,
+ 0x00000395, 0x00000313, 0x00000301, 0x00000395,
+ 0x00000314, 0x00000301, 0x000003b7, 0x00000313,
+ 0x000003b7, 0x00000314, 0x000003b7, 0x00000313,
+ 0x00000300, 0x000003b7, 0x00000314, 0x00000300,
+ 0x000003b7, 0x00000313, 0x00000301, 0x000003b7,
+ 0x00000314, 0x00000301, 0x000003b7, 0x00000313,
+ 0x00000342, 0x000003b7, 0x00000314, 0x00000342,
+ 0x00000397, 0x00000313, 0x00000397, 0x00000314,
+ 0x00000397, 0x00000313, 0x00000300, 0x00000397,
+ 0x00000314, 0x00000300, 0x00000397, 0x00000313,
+ 0x00000301, 0x00000397, 0x00000314, 0x00000301,
+ 0x00000397, 0x00000313, 0x00000342, 0x00000397,
+ 0x00000314, 0x00000342, 0x000003b9, 0x00000313,
+ 0x000003b9, 0x00000314, 0x000003b9, 0x00000313,
+ 0x00000300, 0x000003b9, 0x00000314, 0x00000300,
+ 0x000003b9, 0x00000313, 0x00000301, 0x000003b9,
+ 0x00000314, 0x00000301, 0x000003b9, 0x00000313,
+ 0x00000342, 0x000003b9, 0x00000314, 0x00000342,
+ 0x00000399, 0x00000313, 0x00000399, 0x00000314,
+ 0x00000399, 0x00000313, 0x00000300, 0x00000399,
+ 0x00000314, 0x00000300, 0x00000399, 0x00000313,
+ 0x00000301, 0x00000399, 0x00000314, 0x00000301,
+ 0x00000399, 0x00000313, 0x00000342, 0x00000399,
+ 0x00000314, 0x00000342, 0x000003bf, 0x00000313,
+ 0x000003bf, 0x00000314, 0x000003bf, 0x00000313,
+ 0x00000300, 0x000003bf, 0x00000314, 0x00000300,
+ 0x000003bf, 0x00000313, 0x00000301, 0x000003bf,
+ 0x00000314, 0x00000301, 0x0000039f, 0x00000313,
+ 0x0000039f, 0x00000314, 0x0000039f, 0x00000313,
+ 0x00000300, 0x0000039f, 0x00000314, 0x00000300,
+ 0x0000039f, 0x00000313, 0x00000301, 0x0000039f,
+ 0x00000314, 0x00000301, 0x000003c5, 0x00000313,
+ 0x000003c5, 0x00000314, 0x000003c5, 0x00000313,
+ 0x00000300, 0x000003c5, 0x00000314, 0x00000300,
+ 0x000003c5, 0x00000313, 0x00000301, 0x000003c5,
+ 0x00000314, 0x00000301, 0x000003c5, 0x00000313,
+ 0x00000342, 0x000003c5, 0x00000314, 0x00000342,
+ 0x000003a5, 0x00000314, 0x000003a5, 0x00000314,
+ 0x00000300, 0x000003a5, 0x00000314, 0x00000301,
+ 0x000003a5, 0x00000314, 0x00000342, 0x000003c9,
+ 0x00000313, 0x000003c9, 0x00000314, 0x000003c9,
+ 0x00000313, 0x00000300, 0x000003c9, 0x00000314,
+ 0x00000300, 0x000003c9, 0x00000313, 0x00000301,
+ 0x000003c9, 0x00000314, 0x00000301, 0x000003c9,
+ 0x00000313, 0x00000342, 0x000003c9, 0x00000314,
+ 0x00000342, 0x000003a9, 0x00000313, 0x000003a9,
+ 0x00000314, 0x000003a9, 0x00000313, 0x00000300,
+ 0x000003a9, 0x00000314, 0x00000300, 0x000003a9,
+ 0x00000313, 0x00000301, 0x000003a9, 0x00000314,
+ 0x00000301, 0x000003a9, 0x00000313, 0x00000342,
+ 0x000003a9, 0x00000314, 0x00000342, 0x000003b1,
+ 0x00000300, 0x000003b1, 0x00000301, 0x000003b5,
+ 0x00000300, 0x000003b5, 0x00000301, 0x000003b7,
+ 0x00000300, 0x000003b7, 0x00000301, 0x000003b9,
+ 0x00000300, 0x000003b9, 0x00000301, 0x000003bf,
+ 0x00000300, 0x000003bf, 0x00000301, 0x000003c5,
+ 0x00000300, 0x000003c5, 0x00000301, 0x000003c9,
+ 0x00000300, 0x000003c9, 0x00000301, 0x000003b1,
+ 0x00000313, 0x00000345, 0x000003b1, 0x00000314,
+ 0x00000345, 0x000003b1, 0x00000313, 0x00000300,
+ 0x00000345, 0x000003b1, 0x00000314, 0x00000300,
+ 0x00000345, 0x000003b1, 0x00000313, 0x00000301,
+ 0x00000345, 0x000003b1, 0x00000314, 0x00000301,
+ 0x00000345, 0x000003b1, 0x00000313, 0x00000342,
+ 0x00000345, 0x000003b1, 0x00000314, 0x00000342,
+ 0x00000345, 0x00000391, 0x00000313, 0x00000345,
+ 0x00000391, 0x00000314, 0x00000345, 0x00000391,
+ 0x00000313, 0x00000300, 0x00000345, 0x00000391,
+ 0x00000314, 0x00000300, 0x00000345, 0x00000391,
+ 0x00000313, 0x00000301, 0x00000345, 0x00000391,
+ 0x00000314, 0x00000301, 0x00000345, 0x00000391,
+ 0x00000313, 0x00000342, 0x00000345, 0x00000391,
+ 0x00000314, 0x00000342, 0x00000345, 0x000003b7,
+ 0x00000313, 0x00000345, 0x000003b7, 0x00000314,
+ 0x00000345, 0x000003b7, 0x00000313, 0x00000300,
+ 0x00000345, 0x000003b7, 0x00000314, 0x00000300,
+ 0x00000345, 0x000003b7, 0x00000313, 0x00000301,
+ 0x00000345, 0x000003b7, 0x00000314, 0x00000301,
+ 0x00000345, 0x000003b7, 0x00000313, 0x00000342,
+ 0x00000345, 0x000003b7, 0x00000314, 0x00000342,
+ 0x00000345, 0x00000397, 0x00000313, 0x00000345,
+ 0x00000397, 0x00000314, 0x00000345, 0x00000397,
+ 0x00000313, 0x00000300, 0x00000345, 0x00000397,
+ 0x00000314, 0x00000300, 0x00000345, 0x00000397,
+ 0x00000313, 0x00000301, 0x00000345, 0x00000397,
+ 0x00000314, 0x00000301, 0x00000345, 0x00000397,
+ 0x00000313, 0x00000342, 0x00000345, 0x00000397,
+ 0x00000314, 0x00000342, 0x00000345, 0x000003c9,
+ 0x00000313, 0x00000345, 0x000003c9, 0x00000314,
+ 0x00000345, 0x000003c9, 0x00000313, 0x00000300,
+ 0x00000345, 0x000003c9, 0x00000314, 0x00000300,
+ 0x00000345, 0x000003c9, 0x00000313, 0x00000301,
+ 0x00000345, 0x000003c9, 0x00000314, 0x00000301,
+ 0x00000345, 0x000003c9, 0x00000313, 0x00000342,
+ 0x00000345, 0x000003c9, 0x00000314, 0x00000342,
+ 0x00000345, 0x000003a9, 0x00000313, 0x00000345,
+ 0x000003a9, 0x00000314, 0x00000345, 0x000003a9,
+ 0x00000313, 0x00000300, 0x00000345, 0x000003a9,
+ 0x00000314, 0x00000300, 0x00000345, 0x000003a9,
+ 0x00000313, 0x00000301, 0x00000345, 0x000003a9,
+ 0x00000314, 0x00000301, 0x00000345, 0x000003a9,
+ 0x00000313, 0x00000342, 0x00000345, 0x000003a9,
+ 0x00000314, 0x00000342, 0x00000345, 0x000003b1,
+ 0x00000306, 0x000003b1, 0x00000304, 0x000003b1,
+ 0x00000300, 0x00000345, 0x000003b1, 0x00000345,
+ 0x000003b1, 0x00000301, 0x00000345, 0x000003b1,
+ 0x00000342, 0x000003b1, 0x00000342, 0x00000345,
+ 0x00000391, 0x00000306, 0x00000391, 0x00000304,
+ 0x00000391, 0x00000300, 0x00000391, 0x00000301,
+ 0x00000391, 0x00000345, 0x000003b9, 0x000000a8,
+ 0x00000342, 0x000003b7, 0x00000300, 0x00000345,
+ 0x000003b7, 0x00000345, 0x000003b7, 0x00000301,
+ 0x00000345, 0x000003b7, 0x00000342, 0x000003b7,
+ 0x00000342, 0x00000345, 0x00000395, 0x00000300,
+ 0x00000395, 0x00000301, 0x00000397, 0x00000300,
+ 0x00000397, 0x00000301, 0x00000397, 0x00000345,
+ 0x00001fbf, 0x00000300, 0x00001fbf, 0x00000301,
+ 0x00001fbf, 0x00000342, 0x000003b9, 0x00000306,
+ 0x000003b9, 0x00000304, 0x000003b9, 0x00000308,
+ 0x00000300, 0x000003b9, 0x00000308, 0x00000301,
+ 0x000003b9, 0x00000342, 0x000003b9, 0x00000308,
+ 0x00000342, 0x00000399, 0x00000306, 0x00000399,
+ 0x00000304, 0x00000399, 0x00000300, 0x00000399,
+ 0x00000301, 0x00001ffe, 0x00000300, 0x00001ffe,
+ 0x00000301, 0x00001ffe, 0x00000342, 0x000003c5,
+ 0x00000306, 0x000003c5, 0x00000304, 0x000003c5,
+ 0x00000308, 0x00000300, 0x000003c5, 0x00000308,
+ 0x00000301, 0x000003c1, 0x00000313, 0x000003c1,
+ 0x00000314, 0x000003c5, 0x00000342, 0x000003c5,
+ 0x00000308, 0x00000342, 0x000003a5, 0x00000306,
+ 0x000003a5, 0x00000304, 0x000003a5, 0x00000300,
+ 0x000003a5, 0x00000301, 0x000003a1, 0x00000314,
+ 0x000000a8, 0x00000300, 0x000000a8, 0x00000301,
+ 0x00000060, 0x000003c9, 0x00000300, 0x00000345,
+ 0x000003c9, 0x00000345, 0x000003c9, 0x00000301,
+ 0x00000345, 0x000003c9, 0x00000342, 0x000003c9,
+ 0x00000342, 0x00000345, 0x0000039f, 0x00000300,
+ 0x0000039f, 0x00000301, 0x000003a9, 0x00000300,
+ 0x000003a9, 0x00000301, 0x000003a9, 0x00000345,
+ 0x000000b4, 0x00002002, 0x00002003, 0x000003a9,
+ 0x0000004b, 0x00000041, 0x0000030a, 0x00002190,
+ 0x00000338, 0x00002192, 0x00000338, 0x00002194,
+ 0x00000338, 0x000021d0, 0x00000338, 0x000021d4,
+ 0x00000338, 0x000021d2, 0x00000338, 0x00002203,
+ 0x00000338, 0x00002208, 0x00000338, 0x0000220b,
+ 0x00000338, 0x00002223, 0x00000338, 0x00002225,
+ 0x00000338, 0x0000223c, 0x00000338, 0x00002243,
+ 0x00000338, 0x00002245, 0x00000338, 0x00002248,
+ 0x00000338, 0x0000003d, 0x00000338, 0x00002261,
+ 0x00000338, 0x0000224d, 0x00000338, 0x0000003c,
+ 0x00000338, 0x0000003e, 0x00000338, 0x00002264,
+ 0x00000338, 0x00002265, 0x00000338, 0x00002272,
+ 0x00000338, 0x00002273, 0x00000338, 0x00002276,
+ 0x00000338, 0x00002277, 0x00000338, 0x0000227a,
+ 0x00000338, 0x0000227b, 0x00000338, 0x00002282,
+ 0x00000338, 0x00002283, 0x00000338, 0x00002286,
+ 0x00000338, 0x00002287, 0x00000338, 0x000022a2,
+ 0x00000338, 0x000022a8, 0x00000338, 0x000022a9,
+ 0x00000338, 0x000022ab, 0x00000338, 0x0000227c,
+ 0x00000338, 0x0000227d, 0x00000338, 0x00002291,
+ 0x00000338, 0x00002292, 0x00000338, 0x000022b2,
+ 0x00000338, 0x000022b3, 0x00000338, 0x000022b4,
+ 0x00000338, 0x000022b5, 0x00000338, 0x00003008,
+ 0x00003009, 0x00002add, 0x00000338, 0x0000304b,
+ 0x00003099, 0x0000304d, 0x00003099, 0x0000304f,
+ 0x00003099, 0x00003051, 0x00003099, 0x00003053,
+ 0x00003099, 0x00003055, 0x00003099, 0x00003057,
+ 0x00003099, 0x00003059, 0x00003099, 0x0000305b,
+ 0x00003099, 0x0000305d, 0x00003099, 0x0000305f,
+ 0x00003099, 0x00003061, 0x00003099, 0x00003064,
+ 0x00003099, 0x00003066, 0x00003099, 0x00003068,
+ 0x00003099, 0x0000306f, 0x00003099, 0x0000306f,
+ 0x0000309a, 0x00003072, 0x00003099, 0x00003072,
+ 0x0000309a, 0x00003075, 0x00003099, 0x00003075,
+ 0x0000309a, 0x00003078, 0x00003099, 0x00003078,
+ 0x0000309a, 0x0000307b, 0x00003099, 0x0000307b,
+ 0x0000309a, 0x00003046, 0x00003099, 0x0000309d,
+ 0x00003099, 0x000030ab, 0x00003099, 0x000030ad,
+ 0x00003099, 0x000030af, 0x00003099, 0x000030b1,
+ 0x00003099, 0x000030b3, 0x00003099, 0x000030b5,
+ 0x00003099, 0x000030b7, 0x00003099, 0x000030b9,
+ 0x00003099, 0x000030bb, 0x00003099, 0x000030bd,
+ 0x00003099, 0x000030bf, 0x00003099, 0x000030c1,
+ 0x00003099, 0x000030c4, 0x00003099, 0x000030c6,
+ 0x00003099, 0x000030c8, 0x00003099, 0x000030cf,
+ 0x00003099, 0x000030cf, 0x0000309a, 0x000030d2,
+ 0x00003099, 0x000030d2, 0x0000309a, 0x000030d5,
+ 0x00003099, 0x000030d5, 0x0000309a, 0x000030d8,
+ 0x00003099, 0x000030d8, 0x0000309a, 0x000030db,
+ 0x00003099, 0x000030db, 0x0000309a, 0x000030a6,
+ 0x00003099, 0x000030ef, 0x00003099, 0x000030f0,
+ 0x00003099, 0x000030f1, 0x00003099, 0x000030f2,
+ 0x00003099, 0x000030fd, 0x00003099, 0x00008eca,
+ 0x00008cc8, 0x00006ed1, 0x00004e32, 0x000053e5,
+ 0x00009f9c, 0x00009f9c, 0x00005951, 0x000091d1,
+ 0x00005587, 0x00005948, 0x000061f6, 0x00007669,
+ 0x00007f85, 0x0000863f, 0x000087ba, 0x000088f8,
+ 0x0000908f, 0x00006a02, 0x00006d1b, 0x000070d9,
+ 0x000073de, 0x0000843d, 0x0000916a, 0x000099f1,
+ 0x00004e82, 0x00005375, 0x00006b04, 0x0000721b,
+ 0x0000862d, 0x00009e1e, 0x00005d50, 0x00006feb,
+ 0x000085cd, 0x00008964, 0x000062c9, 0x000081d8,
+ 0x0000881f, 0x00005eca, 0x00006717, 0x00006d6a,
+ 0x000072fc, 0x000090ce, 0x00004f86, 0x000051b7,
+ 0x000052de, 0x000064c4, 0x00006ad3, 0x00007210,
+ 0x000076e7, 0x00008001, 0x00008606, 0x0000865c,
+ 0x00008def, 0x00009732, 0x00009b6f, 0x00009dfa,
+ 0x0000788c, 0x0000797f, 0x00007da0, 0x000083c9,
+ 0x00009304, 0x00009e7f, 0x00008ad6, 0x000058df,
+ 0x00005f04, 0x00007c60, 0x0000807e, 0x00007262,
+ 0x000078ca, 0x00008cc2, 0x000096f7, 0x000058d8,
+ 0x00005c62, 0x00006a13, 0x00006dda, 0x00006f0f,
+ 0x00007d2f, 0x00007e37, 0x0000964b, 0x000052d2,
+ 0x0000808b, 0x000051dc, 0x000051cc, 0x00007a1c,
+ 0x00007dbe, 0x000083f1, 0x00009675, 0x00008b80,
+ 0x000062cf, 0x00006a02, 0x00008afe, 0x00004e39,
+ 0x00005be7, 0x00006012, 0x00007387, 0x00007570,
+ 0x00005317, 0x000078fb, 0x00004fbf, 0x00005fa9,
+ 0x00004e0d, 0x00006ccc, 0x00006578, 0x00007d22,
+ 0x000053c3, 0x0000585e, 0x00007701, 0x00008449,
+ 0x00008aaa, 0x00006bba, 0x00008fb0, 0x00006c88,
+ 0x000062fe, 0x000082e5, 0x000063a0, 0x00007565,
+ 0x00004eae, 0x00005169, 0x000051c9, 0x00006881,
+ 0x00007ce7, 0x0000826f, 0x00008ad2, 0x000091cf,
+ 0x000052f5, 0x00005442, 0x00005973, 0x00005eec,
+ 0x000065c5, 0x00006ffe, 0x0000792a, 0x000095ad,
+ 0x00009a6a, 0x00009e97, 0x00009ece, 0x0000529b,
+ 0x000066c6, 0x00006b77, 0x00008f62, 0x00005e74,
+ 0x00006190, 0x00006200, 0x0000649a, 0x00006f23,
+ 0x00007149, 0x00007489, 0x000079ca, 0x00007df4,
+ 0x0000806f, 0x00008f26, 0x000084ee, 0x00009023,
+ 0x0000934a, 0x00005217, 0x000052a3, 0x000054bd,
+ 0x000070c8, 0x000088c2, 0x00008aaa, 0x00005ec9,
+ 0x00005ff5, 0x0000637b, 0x00006bae, 0x00007c3e,
+ 0x00007375, 0x00004ee4, 0x000056f9, 0x00005be7,
+ 0x00005dba, 0x0000601c, 0x000073b2, 0x00007469,
+ 0x00007f9a, 0x00008046, 0x00009234, 0x000096f6,
+ 0x00009748, 0x00009818, 0x00004f8b, 0x000079ae,
+ 0x000091b4, 0x000096b8, 0x000060e1, 0x00004e86,
+ 0x000050da, 0x00005bee, 0x00005c3f, 0x00006599,
+ 0x00006a02, 0x000071ce, 0x00007642, 0x000084fc,
+ 0x0000907c, 0x00009f8d, 0x00006688, 0x0000962e,
+ 0x00005289, 0x0000677b, 0x000067f3, 0x00006d41,
+ 0x00006e9c, 0x00007409, 0x00007559, 0x0000786b,
+ 0x00007d10, 0x0000985e, 0x0000516d, 0x0000622e,
+ 0x00009678, 0x0000502b, 0x00005d19, 0x00006dea,
+ 0x00008f2a, 0x00005f8b, 0x00006144, 0x00006817,
+ 0x00007387, 0x00009686, 0x00005229, 0x0000540f,
+ 0x00005c65, 0x00006613, 0x0000674e, 0x000068a8,
+ 0x00006ce5, 0x00007406, 0x000075e2, 0x00007f79,
+ 0x000088cf, 0x000088e1, 0x000091cc, 0x000096e2,
+ 0x0000533f, 0x00006eba, 0x0000541d, 0x000071d0,
+ 0x00007498, 0x000085fa, 0x000096a3, 0x00009c57,
+ 0x00009e9f, 0x00006797, 0x00006dcb, 0x000081e8,
+ 0x00007acb, 0x00007b20, 0x00007c92, 0x000072c0,
+ 0x00007099, 0x00008b58, 0x00004ec0, 0x00008336,
+ 0x0000523a, 0x00005207, 0x00005ea6, 0x000062d3,
+ 0x00007cd6, 0x00005b85, 0x00006d1e, 0x000066b4,
+ 0x00008f3b, 0x0000884c, 0x0000964d, 0x0000898b,
+ 0x00005ed3, 0x00005140, 0x000055c0, 0x0000585a,
+ 0x00006674, 0x000051de, 0x0000732a, 0x000076ca,
+ 0x0000793c, 0x0000795e, 0x00007965, 0x0000798f,
+ 0x00009756, 0x00007cbe, 0x00007fbd, 0x00008612,
+ 0x00008af8, 0x00009038, 0x000090fd, 0x000098ef,
+ 0x000098fc, 0x00009928, 0x00009db4, 0x00004fae,
+ 0x000050e7, 0x0000514d, 0x000052c9, 0x000052e4,
+ 0x00005351, 0x0000559d, 0x00005606, 0x00005668,
+ 0x00005840, 0x000058a8, 0x00005c64, 0x00005c6e,
+ 0x00006094, 0x00006168, 0x0000618e, 0x000061f2,
+ 0x0000654f, 0x000065e2, 0x00006691, 0x00006885,
+ 0x00006d77, 0x00006e1a, 0x00006f22, 0x0000716e,
+ 0x0000722b, 0x00007422, 0x00007891, 0x0000793e,
+ 0x00007949, 0x00007948, 0x00007950, 0x00007956,
+ 0x0000795d, 0x0000798d, 0x0000798e, 0x00007a40,
+ 0x00007a81, 0x00007bc0, 0x00007df4, 0x00007e09,
+ 0x00007e41, 0x00007f72, 0x00008005, 0x000081ed,
+ 0x00008279, 0x00008279, 0x00008457, 0x00008910,
+ 0x00008996, 0x00008b01, 0x00008b39, 0x00008cd3,
+ 0x00008d08, 0x00008fb6, 0x00009038, 0x000096e3,
+ 0x000097ff, 0x0000983b, 0x000005d9, 0x000005b4,
+ 0x000005f2, 0x000005b7, 0x000005e9, 0x000005c1,
+ 0x000005e9, 0x000005c2, 0x000005e9, 0x000005bc,
+ 0x000005c1, 0x000005e9, 0x000005bc, 0x000005c2,
+ 0x000005d0, 0x000005b7, 0x000005d0, 0x000005b8,
+ 0x000005d0, 0x000005bc, 0x000005d1, 0x000005bc,
+ 0x000005d2, 0x000005bc, 0x000005d3, 0x000005bc,
+ 0x000005d4, 0x000005bc, 0x000005d5, 0x000005bc,
+ 0x000005d6, 0x000005bc, 0x000005d8, 0x000005bc,
+ 0x000005d9, 0x000005bc, 0x000005da, 0x000005bc,
+ 0x000005db, 0x000005bc, 0x000005dc, 0x000005bc,
+ 0x000005de, 0x000005bc, 0x000005e0, 0x000005bc,
+ 0x000005e1, 0x000005bc, 0x000005e3, 0x000005bc,
+ 0x000005e4, 0x000005bc, 0x000005e6, 0x000005bc,
+ 0x000005e7, 0x000005bc, 0x000005e8, 0x000005bc,
+ 0x000005e9, 0x000005bc, 0x000005ea, 0x000005bc,
+ 0x000005d5, 0x000005b9, 0x000005d1, 0x000005bf,
+ 0x000005db, 0x000005bf, 0x000005e4, 0x000005bf,
+ 0x0001d157, 0x0001d165, 0x0001d158, 0x0001d165,
+ 0x0001d158, 0x0001d165, 0x0001d16e, 0x0001d158,
+ 0x0001d165, 0x0001d16f, 0x0001d158, 0x0001d165,
+ 0x0001d170, 0x0001d158, 0x0001d165, 0x0001d171,
+ 0x0001d158, 0x0001d165, 0x0001d172, 0x0001d1b9,
+ 0x0001d165, 0x0001d1ba, 0x0001d165, 0x0001d1b9,
+ 0x0001d165, 0x0001d16e, 0x0001d1ba, 0x0001d165,
+ 0x0001d16e, 0x0001d1b9, 0x0001d165, 0x0001d16f,
+ 0x0001d1ba, 0x0001d165, 0x0001d16f, 0x00004e3d,
+ 0x00004e38, 0x00004e41, 0x00020122, 0x00004f60,
+ 0x00004fae, 0x00004fbb, 0x00005002, 0x0000507a,
+ 0x00005099, 0x000050e7, 0x000050cf, 0x0000349e,
+ 0x0002063a, 0x0000514d, 0x00005154, 0x00005164,
+ 0x00005177, 0x0002051c, 0x000034b9, 0x00005167,
+ 0x0000518d, 0x0002054b, 0x00005197, 0x000051a4,
+ 0x00004ecc, 0x000051ac, 0x000051b5, 0x000291df,
+ 0x000051f5, 0x00005203, 0x000034df, 0x0000523b,
+ 0x00005246, 0x00005272, 0x00005277, 0x00003515,
+ 0x000052c7, 0x000052c9, 0x000052e4, 0x000052fa,
+ 0x00005305, 0x00005306, 0x00005317, 0x00005349,
+ 0x00005351, 0x0000535a, 0x00005373, 0x0000537d,
+ 0x0000537f, 0x0000537f, 0x0000537f, 0x00020a2c,
+ 0x00007070, 0x000053ca, 0x000053df, 0x00020b63,
+ 0x000053eb, 0x000053f1, 0x00005406, 0x0000549e,
+ 0x00005438, 0x00005448, 0x00005468, 0x000054a2,
+ 0x000054f6, 0x00005510, 0x00005553, 0x00005563,
+ 0x00005584, 0x00005584, 0x00005599, 0x000055ab,
+ 0x000055b3, 0x000055c2, 0x00005716, 0x00005606,
+ 0x00005717, 0x00005651, 0x00005674, 0x00005207,
+ 0x000058ee, 0x000057ce, 0x000057f4, 0x0000580d,
+ 0x0000578b, 0x00005832, 0x00005831, 0x000058ac,
+ 0x000214e4, 0x000058f2, 0x000058f7, 0x00005906,
+ 0x0000591a, 0x00005922, 0x00005962, 0x000216a8,
+ 0x000216ea, 0x000059ec, 0x00005a1b, 0x00005a27,
+ 0x000059d8, 0x00005a66, 0x000036ee, 0x0002136a,
+ 0x00005b08, 0x00005b3e, 0x00005b3e, 0x000219c8,
+ 0x00005bc3, 0x00005bd8, 0x00005be7, 0x00005bf3,
+ 0x00021b18, 0x00005bff, 0x00005c06, 0x00005f33,
+ 0x00005c22, 0x00003781, 0x00005c60, 0x00005c6e,
+ 0x00005cc0, 0x00005c8d, 0x00021de4, 0x00005d43,
+ 0x00021de6, 0x00005d6e, 0x00005d6b, 0x00005d7c,
+ 0x00005de1, 0x00005de2, 0x0000382f, 0x00005dfd,
+ 0x00005e28, 0x00005e3d, 0x00005e69, 0x00003862,
+ 0x00022183, 0x0000387c, 0x00005eb0, 0x00005eb3,
+ 0x00005eb6, 0x00005eca, 0x0002a392, 0x00005efe,
+ 0x00022331, 0x00022331, 0x00008201, 0x00005f22,
+ 0x00005f22, 0x000038c7, 0x000232b8, 0x000261da,
+ 0x00005f62, 0x00005f6b, 0x000038e3, 0x00005f9a,
+ 0x00005fcd, 0x00005fd7, 0x00005ff9, 0x00006081,
+ 0x0000393a, 0x0000391c, 0x00006094, 0x000226d4,
+ 0x000060c7, 0x00006148, 0x0000614c, 0x0000614e,
+ 0x0000614c, 0x0000617a, 0x0000618e, 0x000061b2,
+ 0x000061a4, 0x000061af, 0x000061de, 0x000061f2,
+ 0x000061f6, 0x00006210, 0x0000621b, 0x0000625d,
+ 0x000062b1, 0x000062d4, 0x00006350, 0x00022b0c,
+ 0x0000633d, 0x000062fc, 0x00006368, 0x00006383,
+ 0x000063e4, 0x00022bf1, 0x00006422, 0x000063c5,
+ 0x000063a9, 0x00003a2e, 0x00006469, 0x0000647e,
+ 0x0000649d, 0x00006477, 0x00003a6c, 0x0000654f,
+ 0x0000656c, 0x0002300a, 0x000065e3, 0x000066f8,
+ 0x00006649, 0x00003b19, 0x00006691, 0x00003b08,
+ 0x00003ae4, 0x00005192, 0x00005195, 0x00006700,
+ 0x0000669c, 0x000080ad, 0x000043d9, 0x00006717,
+ 0x0000671b, 0x00006721, 0x0000675e, 0x00006753,
+ 0x000233c3, 0x00003b49, 0x000067fa, 0x00006785,
+ 0x00006852, 0x00006885, 0x0002346d, 0x0000688e,
+ 0x0000681f, 0x00006914, 0x00003b9d, 0x00006942,
+ 0x000069a3, 0x000069ea, 0x00006aa8, 0x000236a3,
+ 0x00006adb, 0x00003c18, 0x00006b21, 0x000238a7,
+ 0x00006b54, 0x00003c4e, 0x00006b72, 0x00006b9f,
+ 0x00006bba, 0x00006bbb, 0x00023a8d, 0x00021d0b,
+ 0x00023afa, 0x00006c4e, 0x00023cbc, 0x00006cbf,
+ 0x00006ccd, 0x00006c67, 0x00006d16, 0x00006d3e,
+ 0x00006d77, 0x00006d41, 0x00006d69, 0x00006d78,
+ 0x00006d85, 0x00023d1e, 0x00006d34, 0x00006e2f,
+ 0x00006e6e, 0x00003d33, 0x00006ecb, 0x00006ec7,
+ 0x00023ed1, 0x00006df9, 0x00006f6e, 0x00023f5e,
+ 0x00023f8e, 0x00006fc6, 0x00007039, 0x0000701e,
+ 0x0000701b, 0x00003d96, 0x0000704a, 0x0000707d,
+ 0x00007077, 0x000070ad, 0x00020525, 0x00007145,
+ 0x00024263, 0x0000719c, 0x000043ab, 0x00007228,
+ 0x00007235, 0x00007250, 0x00024608, 0x00007280,
+ 0x00007295, 0x00024735, 0x00024814, 0x0000737a,
+ 0x0000738b, 0x00003eac, 0x000073a5, 0x00003eb8,
+ 0x00003eb8, 0x00007447, 0x0000745c, 0x00007471,
+ 0x00007485, 0x000074ca, 0x00003f1b, 0x00007524,
+ 0x00024c36, 0x0000753e, 0x00024c92, 0x00007570,
+ 0x0002219f, 0x00007610, 0x00024fa1, 0x00024fb8,
+ 0x00025044, 0x00003ffc, 0x00004008, 0x000076f4,
+ 0x000250f3, 0x000250f2, 0x00025119, 0x00025133,
+ 0x0000771e, 0x0000771f, 0x0000771f, 0x0000774a,
+ 0x00004039, 0x0000778b, 0x00004046, 0x00004096,
+ 0x0002541d, 0x0000784e, 0x0000788c, 0x000078cc,
+ 0x000040e3, 0x00025626, 0x00007956, 0x0002569a,
+ 0x000256c5, 0x0000798f, 0x000079eb, 0x0000412f,
+ 0x00007a40, 0x00007a4a, 0x00007a4f, 0x0002597c,
+ 0x00025aa7, 0x00025aa7, 0x00007aae, 0x00004202,
+ 0x00025bab, 0x00007bc6, 0x00007bc9, 0x00004227,
+ 0x00025c80, 0x00007cd2, 0x000042a0, 0x00007ce8,
+ 0x00007ce3, 0x00007d00, 0x00025f86, 0x00007d63,
+ 0x00004301, 0x00007dc7, 0x00007e02, 0x00007e45,
+ 0x00004334, 0x00026228, 0x00026247, 0x00004359,
+ 0x000262d9, 0x00007f7a, 0x0002633e, 0x00007f95,
+ 0x00007ffa, 0x00008005, 0x000264da, 0x00026523,
+ 0x00008060, 0x000265a8, 0x00008070, 0x0002335f,
+ 0x000043d5, 0x000080b2, 0x00008103, 0x0000440b,
+ 0x0000813e, 0x00005ab5, 0x000267a7, 0x000267b5,
+ 0x00023393, 0x0002339c, 0x00008201, 0x00008204,
+ 0x00008f9e, 0x0000446b, 0x00008291, 0x0000828b,
+ 0x0000829d, 0x000052b3, 0x000082b1, 0x000082b3,
+ 0x000082bd, 0x000082e6, 0x00026b3c, 0x000082e5,
+ 0x0000831d, 0x00008363, 0x000083ad, 0x00008323,
+ 0x000083bd, 0x000083e7, 0x00008457, 0x00008353,
+ 0x000083ca, 0x000083cc, 0x000083dc, 0x00026c36,
+ 0x00026d6b, 0x00026cd5, 0x0000452b, 0x000084f1,
+ 0x000084f3, 0x00008516, 0x000273ca, 0x00008564,
+ 0x00026f2c, 0x0000455d, 0x00004561, 0x00026fb1,
+ 0x000270d2, 0x0000456b, 0x00008650, 0x0000865c,
+ 0x00008667, 0x00008669, 0x000086a9, 0x00008688,
+ 0x0000870e, 0x000086e2, 0x00008779, 0x00008728,
+ 0x0000876b, 0x00008786, 0x00004d57, 0x000087e1,
+ 0x00008801, 0x000045f9, 0x00008860, 0x00008863,
+ 0x00027667, 0x000088d7, 0x000088de, 0x00004635,
+ 0x000088fa, 0x000034bb, 0x000278ae, 0x00027966,
+ 0x000046be, 0x000046c7, 0x00008aa0, 0x00008aed,
+ 0x00008b8a, 0x00008c55, 0x00027ca8, 0x00008cab,
+ 0x00008cc1, 0x00008d1b, 0x00008d77, 0x00027f2f,
+ 0x00020804, 0x00008dcb, 0x00008dbc, 0x00008df0,
+ 0x000208de, 0x00008ed4, 0x00008f38, 0x000285d2,
+ 0x000285ed, 0x00009094, 0x000090f1, 0x00009111,
+ 0x0002872e, 0x0000911b, 0x00009238, 0x000092d7,
+ 0x000092d8, 0x0000927c, 0x000093f9, 0x00009415,
+ 0x00028bfa, 0x0000958b, 0x00004995, 0x000095b7,
+ 0x00028d77, 0x000049e6, 0x000096c3, 0x00005db2,
+ 0x00009723, 0x00029145, 0x0002921a, 0x00004a6e,
+ 0x00004a76, 0x000097e0, 0x0002940a, 0x00004ab2,
+ 0x00029496, 0x0000980b, 0x0000980b, 0x00009829,
+ 0x000295b6, 0x000098e2, 0x00004b33, 0x00009929,
+ 0x000099a7, 0x000099c2, 0x000099fe, 0x00004bce,
+ 0x00029b30, 0x00009b12, 0x00009c40, 0x00009cfd,
+ 0x00004cce, 0x00004ced, 0x00009d67, 0x0002a0ce,
+ 0x00004cf8, 0x0002a105, 0x0002a20e, 0x0002a291,
+ 0x00009ebb, 0x00004d56, 0x00009ef9, 0x00009efe,
+ 0x00009f05, 0x00009f0f, 0x00009f16, 0x00009f3b,
+ 0x0002a600
+};
+
+static const ac_uint4 _uckdcmp_size = 10282;
+
+static const ac_uint4 _uckdcmp_nodes[] = {
+ 0x000000a0, 0x00000000,
+ 0x000000a8, 0x00000001,
+ 0x000000aa, 0x00000003,
+ 0x000000af, 0x00000004,
+ 0x000000b2, 0x00000006,
+ 0x000000b3, 0x00000007,
+ 0x000000b4, 0x00000008,
+ 0x000000b5, 0x0000000a,
+ 0x000000b8, 0x0000000b,
+ 0x000000b9, 0x0000000d,
+ 0x000000ba, 0x0000000e,
+ 0x000000bc, 0x0000000f,
+ 0x000000bd, 0x00000012,
+ 0x000000be, 0x00000015,
+ 0x000000c0, 0x00000018,
+ 0x000000c1, 0x0000001a,
+ 0x000000c2, 0x0000001c,
+ 0x000000c3, 0x0000001e,
+ 0x000000c4, 0x00000020,
+ 0x000000c5, 0x00000022,
+ 0x000000c7, 0x00000024,
+ 0x000000c8, 0x00000026,
+ 0x000000c9, 0x00000028,
+ 0x000000ca, 0x0000002a,
+ 0x000000cb, 0x0000002c,
+ 0x000000cc, 0x0000002e,
+ 0x000000cd, 0x00000030,
+ 0x000000ce, 0x00000032,
+ 0x000000cf, 0x00000034,
+ 0x000000d1, 0x00000036,
+ 0x000000d2, 0x00000038,
+ 0x000000d3, 0x0000003a,
+ 0x000000d4, 0x0000003c,
+ 0x000000d5, 0x0000003e,
+ 0x000000d6, 0x00000040,
+ 0x000000d9, 0x00000042,
+ 0x000000da, 0x00000044,
+ 0x000000db, 0x00000046,
+ 0x000000dc, 0x00000048,
+ 0x000000dd, 0x0000004a,
+ 0x000000e0, 0x0000004c,
+ 0x000000e1, 0x0000004e,
+ 0x000000e2, 0x00000050,
+ 0x000000e3, 0x00000052,
+ 0x000000e4, 0x00000054,
+ 0x000000e5, 0x00000056,
+ 0x000000e7, 0x00000058,
+ 0x000000e8, 0x0000005a,
+ 0x000000e9, 0x0000005c,
+ 0x000000ea, 0x0000005e,
+ 0x000000eb, 0x00000060,
+ 0x000000ec, 0x00000062,
+ 0x000000ed, 0x00000064,
+ 0x000000ee, 0x00000066,
+ 0x000000ef, 0x00000068,
+ 0x000000f1, 0x0000006a,
+ 0x000000f2, 0x0000006c,
+ 0x000000f3, 0x0000006e,
+ 0x000000f4, 0x00000070,
+ 0x000000f5, 0x00000072,
+ 0x000000f6, 0x00000074,
+ 0x000000f9, 0x00000076,
+ 0x000000fa, 0x00000078,
+ 0x000000fb, 0x0000007a,
+ 0x000000fc, 0x0000007c,
+ 0x000000fd, 0x0000007e,
+ 0x000000ff, 0x00000080,
+ 0x00000100, 0x00000082,
+ 0x00000101, 0x00000084,
+ 0x00000102, 0x00000086,
+ 0x00000103, 0x00000088,
+ 0x00000104, 0x0000008a,
+ 0x00000105, 0x0000008c,
+ 0x00000106, 0x0000008e,
+ 0x00000107, 0x00000090,
+ 0x00000108, 0x00000092,
+ 0x00000109, 0x00000094,
+ 0x0000010a, 0x00000096,
+ 0x0000010b, 0x00000098,
+ 0x0000010c, 0x0000009a,
+ 0x0000010d, 0x0000009c,
+ 0x0000010e, 0x0000009e,
+ 0x0000010f, 0x000000a0,
+ 0x00000112, 0x000000a2,
+ 0x00000113, 0x000000a4,
+ 0x00000114, 0x000000a6,
+ 0x00000115, 0x000000a8,
+ 0x00000116, 0x000000aa,
+ 0x00000117, 0x000000ac,
+ 0x00000118, 0x000000ae,
+ 0x00000119, 0x000000b0,
+ 0x0000011a, 0x000000b2,
+ 0x0000011b, 0x000000b4,
+ 0x0000011c, 0x000000b6,
+ 0x0000011d, 0x000000b8,
+ 0x0000011e, 0x000000ba,
+ 0x0000011f, 0x000000bc,
+ 0x00000120, 0x000000be,
+ 0x00000121, 0x000000c0,
+ 0x00000122, 0x000000c2,
+ 0x00000123, 0x000000c4,
+ 0x00000124, 0x000000c6,
+ 0x00000125, 0x000000c8,
+ 0x00000128, 0x000000ca,
+ 0x00000129, 0x000000cc,
+ 0x0000012a, 0x000000ce,
+ 0x0000012b, 0x000000d0,
+ 0x0000012c, 0x000000d2,
+ 0x0000012d, 0x000000d4,
+ 0x0000012e, 0x000000d6,
+ 0x0000012f, 0x000000d8,
+ 0x00000130, 0x000000da,
+ 0x00000132, 0x000000dc,
+ 0x00000133, 0x000000de,
+ 0x00000134, 0x000000e0,
+ 0x00000135, 0x000000e2,
+ 0x00000136, 0x000000e4,
+ 0x00000137, 0x000000e6,
+ 0x00000139, 0x000000e8,
+ 0x0000013a, 0x000000ea,
+ 0x0000013b, 0x000000ec,
+ 0x0000013c, 0x000000ee,
+ 0x0000013d, 0x000000f0,
+ 0x0000013e, 0x000000f2,
+ 0x0000013f, 0x000000f4,
+ 0x00000140, 0x000000f6,
+ 0x00000143, 0x000000f8,
+ 0x00000144, 0x000000fa,
+ 0x00000145, 0x000000fc,
+ 0x00000146, 0x000000fe,
+ 0x00000147, 0x00000100,
+ 0x00000148, 0x00000102,
+ 0x00000149, 0x00000104,
+ 0x0000014c, 0x00000106,
+ 0x0000014d, 0x00000108,
+ 0x0000014e, 0x0000010a,
+ 0x0000014f, 0x0000010c,
+ 0x00000150, 0x0000010e,
+ 0x00000151, 0x00000110,
+ 0x00000154, 0x00000112,
+ 0x00000155, 0x00000114,
+ 0x00000156, 0x00000116,
+ 0x00000157, 0x00000118,
+ 0x00000158, 0x0000011a,
+ 0x00000159, 0x0000011c,
+ 0x0000015a, 0x0000011e,
+ 0x0000015b, 0x00000120,
+ 0x0000015c, 0x00000122,
+ 0x0000015d, 0x00000124,
+ 0x0000015e, 0x00000126,
+ 0x0000015f, 0x00000128,
+ 0x00000160, 0x0000012a,
+ 0x00000161, 0x0000012c,
+ 0x00000162, 0x0000012e,
+ 0x00000163, 0x00000130,
+ 0x00000164, 0x00000132,
+ 0x00000165, 0x00000134,
+ 0x00000168, 0x00000136,
+ 0x00000169, 0x00000138,
+ 0x0000016a, 0x0000013a,
+ 0x0000016b, 0x0000013c,
+ 0x0000016c, 0x0000013e,
+ 0x0000016d, 0x00000140,
+ 0x0000016e, 0x00000142,
+ 0x0000016f, 0x00000144,
+ 0x00000170, 0x00000146,
+ 0x00000171, 0x00000148,
+ 0x00000172, 0x0000014a,
+ 0x00000173, 0x0000014c,
+ 0x00000174, 0x0000014e,
+ 0x00000175, 0x00000150,
+ 0x00000176, 0x00000152,
+ 0x00000177, 0x00000154,
+ 0x00000178, 0x00000156,
+ 0x00000179, 0x00000158,
+ 0x0000017a, 0x0000015a,
+ 0x0000017b, 0x0000015c,
+ 0x0000017c, 0x0000015e,
+ 0x0000017d, 0x00000160,
+ 0x0000017e, 0x00000162,
+ 0x0000017f, 0x00000164,
+ 0x000001a0, 0x00000165,
+ 0x000001a1, 0x00000167,
+ 0x000001af, 0x00000169,
+ 0x000001b0, 0x0000016b,
+ 0x000001c4, 0x0000016d,
+ 0x000001c5, 0x00000170,
+ 0x000001c6, 0x00000173,
+ 0x000001c7, 0x00000176,
+ 0x000001c8, 0x00000178,
+ 0x000001c9, 0x0000017a,
+ 0x000001ca, 0x0000017c,
+ 0x000001cb, 0x0000017e,
+ 0x000001cc, 0x00000180,
+ 0x000001cd, 0x00000182,
+ 0x000001ce, 0x00000184,
+ 0x000001cf, 0x00000186,
+ 0x000001d0, 0x00000188,
+ 0x000001d1, 0x0000018a,
+ 0x000001d2, 0x0000018c,
+ 0x000001d3, 0x0000018e,
+ 0x000001d4, 0x00000190,
+ 0x000001d5, 0x00000192,
+ 0x000001d6, 0x00000195,
+ 0x000001d7, 0x00000198,
+ 0x000001d8, 0x0000019b,
+ 0x000001d9, 0x0000019e,
+ 0x000001da, 0x000001a1,
+ 0x000001db, 0x000001a4,
+ 0x000001dc, 0x000001a7,
+ 0x000001de, 0x000001aa,
+ 0x000001df, 0x000001ad,
+ 0x000001e0, 0x000001b0,
+ 0x000001e1, 0x000001b3,
+ 0x000001e2, 0x000001b6,
+ 0x000001e3, 0x000001b8,
+ 0x000001e6, 0x000001ba,
+ 0x000001e7, 0x000001bc,
+ 0x000001e8, 0x000001be,
+ 0x000001e9, 0x000001c0,
+ 0x000001ea, 0x000001c2,
+ 0x000001eb, 0x000001c4,
+ 0x000001ec, 0x000001c6,
+ 0x000001ed, 0x000001c9,
+ 0x000001ee, 0x000001cc,
+ 0x000001ef, 0x000001ce,
+ 0x000001f0, 0x000001d0,
+ 0x000001f1, 0x000001d2,
+ 0x000001f2, 0x000001d4,
+ 0x000001f3, 0x000001d6,
+ 0x000001f4, 0x000001d8,
+ 0x000001f5, 0x000001da,
+ 0x000001f8, 0x000001dc,
+ 0x000001f9, 0x000001de,
+ 0x000001fa, 0x000001e0,
+ 0x000001fb, 0x000001e3,
+ 0x000001fc, 0x000001e6,
+ 0x000001fd, 0x000001e8,
+ 0x000001fe, 0x000001ea,
+ 0x000001ff, 0x000001ec,
+ 0x00000200, 0x000001ee,
+ 0x00000201, 0x000001f0,
+ 0x00000202, 0x000001f2,
+ 0x00000203, 0x000001f4,
+ 0x00000204, 0x000001f6,
+ 0x00000205, 0x000001f8,
+ 0x00000206, 0x000001fa,
+ 0x00000207, 0x000001fc,
+ 0x00000208, 0x000001fe,
+ 0x00000209, 0x00000200,
+ 0x0000020a, 0x00000202,
+ 0x0000020b, 0x00000204,
+ 0x0000020c, 0x00000206,
+ 0x0000020d, 0x00000208,
+ 0x0000020e, 0x0000020a,
+ 0x0000020f, 0x0000020c,
+ 0x00000210, 0x0000020e,
+ 0x00000211, 0x00000210,
+ 0x00000212, 0x00000212,
+ 0x00000213, 0x00000214,
+ 0x00000214, 0x00000216,
+ 0x00000215, 0x00000218,
+ 0x00000216, 0x0000021a,
+ 0x00000217, 0x0000021c,
+ 0x00000218, 0x0000021e,
+ 0x00000219, 0x00000220,
+ 0x0000021a, 0x00000222,
+ 0x0000021b, 0x00000224,
+ 0x0000021e, 0x00000226,
+ 0x0000021f, 0x00000228,
+ 0x00000226, 0x0000022a,
+ 0x00000227, 0x0000022c,
+ 0x00000228, 0x0000022e,
+ 0x00000229, 0x00000230,
+ 0x0000022a, 0x00000232,
+ 0x0000022b, 0x00000235,
+ 0x0000022c, 0x00000238,
+ 0x0000022d, 0x0000023b,
+ 0x0000022e, 0x0000023e,
+ 0x0000022f, 0x00000240,
+ 0x00000230, 0x00000242,
+ 0x00000231, 0x00000245,
+ 0x00000232, 0x00000248,
+ 0x00000233, 0x0000024a,
+ 0x000002b0, 0x0000024c,
+ 0x000002b1, 0x0000024d,
+ 0x000002b2, 0x0000024e,
+ 0x000002b3, 0x0000024f,
+ 0x000002b4, 0x00000250,
+ 0x000002b5, 0x00000251,
+ 0x000002b6, 0x00000252,
+ 0x000002b7, 0x00000253,
+ 0x000002b8, 0x00000254,
+ 0x000002d8, 0x00000255,
+ 0x000002d9, 0x00000257,
+ 0x000002da, 0x00000259,
+ 0x000002db, 0x0000025b,
+ 0x000002dc, 0x0000025d,
+ 0x000002dd, 0x0000025f,
+ 0x000002e0, 0x00000261,
+ 0x000002e1, 0x00000262,
+ 0x000002e2, 0x00000263,
+ 0x000002e3, 0x00000264,
+ 0x000002e4, 0x00000265,
+ 0x00000340, 0x00000266,
+ 0x00000341, 0x00000267,
+ 0x00000343, 0x00000268,
+ 0x00000344, 0x00000269,
+ 0x00000374, 0x0000026b,
+ 0x0000037a, 0x0000026c,
+ 0x0000037e, 0x0000026e,
+ 0x00000384, 0x0000026f,
+ 0x00000385, 0x00000271,
+ 0x00000386, 0x00000274,
+ 0x00000387, 0x00000276,
+ 0x00000388, 0x00000277,
+ 0x00000389, 0x00000279,
+ 0x0000038a, 0x0000027b,
+ 0x0000038c, 0x0000027d,
+ 0x0000038e, 0x0000027f,
+ 0x0000038f, 0x00000281,
+ 0x00000390, 0x00000283,
+ 0x000003aa, 0x00000286,
+ 0x000003ab, 0x00000288,
+ 0x000003ac, 0x0000028a,
+ 0x000003ad, 0x0000028c,
+ 0x000003ae, 0x0000028e,
+ 0x000003af, 0x00000290,
+ 0x000003b0, 0x00000292,
+ 0x000003ca, 0x00000295,
+ 0x000003cb, 0x00000297,
+ 0x000003cc, 0x00000299,
+ 0x000003cd, 0x0000029b,
+ 0x000003ce, 0x0000029d,
+ 0x000003d0, 0x0000029f,
+ 0x000003d1, 0x000002a0,
+ 0x000003d2, 0x000002a1,
+ 0x000003d3, 0x000002a2,
+ 0x000003d4, 0x000002a4,
+ 0x000003d5, 0x000002a6,
+ 0x000003d6, 0x000002a7,
+ 0x000003f0, 0x000002a8,
+ 0x000003f1, 0x000002a9,
+ 0x000003f2, 0x000002aa,
+ 0x000003f4, 0x000002ab,
+ 0x000003f5, 0x000002ac,
+ 0x00000400, 0x000002ad,
+ 0x00000401, 0x000002af,
+ 0x00000403, 0x000002b1,
+ 0x00000407, 0x000002b3,
+ 0x0000040c, 0x000002b5,
+ 0x0000040d, 0x000002b7,
+ 0x0000040e, 0x000002b9,
+ 0x00000419, 0x000002bb,
+ 0x00000439, 0x000002bd,
+ 0x00000450, 0x000002bf,
+ 0x00000451, 0x000002c1,
+ 0x00000453, 0x000002c3,
+ 0x00000457, 0x000002c5,
+ 0x0000045c, 0x000002c7,
+ 0x0000045d, 0x000002c9,
+ 0x0000045e, 0x000002cb,
+ 0x00000476, 0x000002cd,
+ 0x00000477, 0x000002cf,
+ 0x000004c1, 0x000002d1,
+ 0x000004c2, 0x000002d3,
+ 0x000004d0, 0x000002d5,
+ 0x000004d1, 0x000002d7,
+ 0x000004d2, 0x000002d9,
+ 0x000004d3, 0x000002db,
+ 0x000004d6, 0x000002dd,
+ 0x000004d7, 0x000002df,
+ 0x000004da, 0x000002e1,
+ 0x000004db, 0x000002e3,
+ 0x000004dc, 0x000002e5,
+ 0x000004dd, 0x000002e7,
+ 0x000004de, 0x000002e9,
+ 0x000004df, 0x000002eb,
+ 0x000004e2, 0x000002ed,
+ 0x000004e3, 0x000002ef,
+ 0x000004e4, 0x000002f1,
+ 0x000004e5, 0x000002f3,
+ 0x000004e6, 0x000002f5,
+ 0x000004e7, 0x000002f7,
+ 0x000004ea, 0x000002f9,
+ 0x000004eb, 0x000002fb,
+ 0x000004ec, 0x000002fd,
+ 0x000004ed, 0x000002ff,
+ 0x000004ee, 0x00000301,
+ 0x000004ef, 0x00000303,
+ 0x000004f0, 0x00000305,
+ 0x000004f1, 0x00000307,
+ 0x000004f2, 0x00000309,
+ 0x000004f3, 0x0000030b,
+ 0x000004f4, 0x0000030d,
+ 0x000004f5, 0x0000030f,
+ 0x000004f8, 0x00000311,
+ 0x000004f9, 0x00000313,
+ 0x00000587, 0x00000315,
+ 0x00000622, 0x00000317,
+ 0x00000623, 0x00000319,
+ 0x00000624, 0x0000031b,
+ 0x00000625, 0x0000031d,
+ 0x00000626, 0x0000031f,
+ 0x00000675, 0x00000321,
+ 0x00000676, 0x00000323,
+ 0x00000677, 0x00000325,
+ 0x00000678, 0x00000327,
+ 0x000006c0, 0x00000329,
+ 0x000006c2, 0x0000032b,
+ 0x000006d3, 0x0000032d,
+ 0x00000929, 0x0000032f,
+ 0x00000931, 0x00000331,
+ 0x00000934, 0x00000333,
+ 0x00000958, 0x00000335,
+ 0x00000959, 0x00000337,
+ 0x0000095a, 0x00000339,
+ 0x0000095b, 0x0000033b,
+ 0x0000095c, 0x0000033d,
+ 0x0000095d, 0x0000033f,
+ 0x0000095e, 0x00000341,
+ 0x0000095f, 0x00000343,
+ 0x000009cb, 0x00000345,
+ 0x000009cc, 0x00000347,
+ 0x000009dc, 0x00000349,
+ 0x000009dd, 0x0000034b,
+ 0x000009df, 0x0000034d,
+ 0x00000a33, 0x0000034f,
+ 0x00000a36, 0x00000351,
+ 0x00000a59, 0x00000353,
+ 0x00000a5a, 0x00000355,
+ 0x00000a5b, 0x00000357,
+ 0x00000a5e, 0x00000359,
+ 0x00000b48, 0x0000035b,
+ 0x00000b4b, 0x0000035d,
+ 0x00000b4c, 0x0000035f,
+ 0x00000b5c, 0x00000361,
+ 0x00000b5d, 0x00000363,
+ 0x00000b94, 0x00000365,
+ 0x00000bca, 0x00000367,
+ 0x00000bcb, 0x00000369,
+ 0x00000bcc, 0x0000036b,
+ 0x00000c48, 0x0000036d,
+ 0x00000cc0, 0x0000036f,
+ 0x00000cc7, 0x00000371,
+ 0x00000cc8, 0x00000373,
+ 0x00000cca, 0x00000375,
+ 0x00000ccb, 0x00000377,
+ 0x00000d4a, 0x0000037a,
+ 0x00000d4b, 0x0000037c,
+ 0x00000d4c, 0x0000037e,
+ 0x00000dda, 0x00000380,
+ 0x00000ddc, 0x00000382,
+ 0x00000ddd, 0x00000384,
+ 0x00000dde, 0x00000387,
+ 0x00000e33, 0x00000389,
+ 0x00000eb3, 0x0000038b,
+ 0x00000edc, 0x0000038d,
+ 0x00000edd, 0x0000038f,
+ 0x00000f0c, 0x00000391,
+ 0x00000f43, 0x00000392,
+ 0x00000f4d, 0x00000394,
+ 0x00000f52, 0x00000396,
+ 0x00000f57, 0x00000398,
+ 0x00000f5c, 0x0000039a,
+ 0x00000f69, 0x0000039c,
+ 0x00000f73, 0x0000039e,
+ 0x00000f75, 0x000003a0,
+ 0x00000f76, 0x000003a2,
+ 0x00000f77, 0x000003a4,
+ 0x00000f78, 0x000003a7,
+ 0x00000f79, 0x000003a9,
+ 0x00000f81, 0x000003ac,
+ 0x00000f93, 0x000003ae,
+ 0x00000f9d, 0x000003b0,
+ 0x00000fa2, 0x000003b2,
+ 0x00000fa7, 0x000003b4,
+ 0x00000fac, 0x000003b6,
+ 0x00000fb9, 0x000003b8,
+ 0x00001026, 0x000003ba,
+ 0x00001e00, 0x000003bc,
+ 0x00001e01, 0x000003be,
+ 0x00001e02, 0x000003c0,
+ 0x00001e03, 0x000003c2,
+ 0x00001e04, 0x000003c4,
+ 0x00001e05, 0x000003c6,
+ 0x00001e06, 0x000003c8,
+ 0x00001e07, 0x000003ca,
+ 0x00001e08, 0x000003cc,
+ 0x00001e09, 0x000003cf,
+ 0x00001e0a, 0x000003d2,
+ 0x00001e0b, 0x000003d4,
+ 0x00001e0c, 0x000003d6,
+ 0x00001e0d, 0x000003d8,
+ 0x00001e0e, 0x000003da,
+ 0x00001e0f, 0x000003dc,
+ 0x00001e10, 0x000003de,
+ 0x00001e11, 0x000003e0,
+ 0x00001e12, 0x000003e2,
+ 0x00001e13, 0x000003e4,
+ 0x00001e14, 0x000003e6,
+ 0x00001e15, 0x000003e9,
+ 0x00001e16, 0x000003ec,
+ 0x00001e17, 0x000003ef,
+ 0x00001e18, 0x000003f2,
+ 0x00001e19, 0x000003f4,
+ 0x00001e1a, 0x000003f6,
+ 0x00001e1b, 0x000003f8,
+ 0x00001e1c, 0x000003fa,
+ 0x00001e1d, 0x000003fd,
+ 0x00001e1e, 0x00000400,
+ 0x00001e1f, 0x00000402,
+ 0x00001e20, 0x00000404,
+ 0x00001e21, 0x00000406,
+ 0x00001e22, 0x00000408,
+ 0x00001e23, 0x0000040a,
+ 0x00001e24, 0x0000040c,
+ 0x00001e25, 0x0000040e,
+ 0x00001e26, 0x00000410,
+ 0x00001e27, 0x00000412,
+ 0x00001e28, 0x00000414,
+ 0x00001e29, 0x00000416,
+ 0x00001e2a, 0x00000418,
+ 0x00001e2b, 0x0000041a,
+ 0x00001e2c, 0x0000041c,
+ 0x00001e2d, 0x0000041e,
+ 0x00001e2e, 0x00000420,
+ 0x00001e2f, 0x00000423,
+ 0x00001e30, 0x00000426,
+ 0x00001e31, 0x00000428,
+ 0x00001e32, 0x0000042a,
+ 0x00001e33, 0x0000042c,
+ 0x00001e34, 0x0000042e,
+ 0x00001e35, 0x00000430,
+ 0x00001e36, 0x00000432,
+ 0x00001e37, 0x00000434,
+ 0x00001e38, 0x00000436,
+ 0x00001e39, 0x00000439,
+ 0x00001e3a, 0x0000043c,
+ 0x00001e3b, 0x0000043e,
+ 0x00001e3c, 0x00000440,
+ 0x00001e3d, 0x00000442,
+ 0x00001e3e, 0x00000444,
+ 0x00001e3f, 0x00000446,
+ 0x00001e40, 0x00000448,
+ 0x00001e41, 0x0000044a,
+ 0x00001e42, 0x0000044c,
+ 0x00001e43, 0x0000044e,
+ 0x00001e44, 0x00000450,
+ 0x00001e45, 0x00000452,
+ 0x00001e46, 0x00000454,
+ 0x00001e47, 0x00000456,
+ 0x00001e48, 0x00000458,
+ 0x00001e49, 0x0000045a,
+ 0x00001e4a, 0x0000045c,
+ 0x00001e4b, 0x0000045e,
+ 0x00001e4c, 0x00000460,
+ 0x00001e4d, 0x00000463,
+ 0x00001e4e, 0x00000466,
+ 0x00001e4f, 0x00000469,
+ 0x00001e50, 0x0000046c,
+ 0x00001e51, 0x0000046f,
+ 0x00001e52, 0x00000472,
+ 0x00001e53, 0x00000475,
+ 0x00001e54, 0x00000478,
+ 0x00001e55, 0x0000047a,
+ 0x00001e56, 0x0000047c,
+ 0x00001e57, 0x0000047e,
+ 0x00001e58, 0x00000480,
+ 0x00001e59, 0x00000482,
+ 0x00001e5a, 0x00000484,
+ 0x00001e5b, 0x00000486,
+ 0x00001e5c, 0x00000488,
+ 0x00001e5d, 0x0000048b,
+ 0x00001e5e, 0x0000048e,
+ 0x00001e5f, 0x00000490,
+ 0x00001e60, 0x00000492,
+ 0x00001e61, 0x00000494,
+ 0x00001e62, 0x00000496,
+ 0x00001e63, 0x00000498,
+ 0x00001e64, 0x0000049a,
+ 0x00001e65, 0x0000049d,
+ 0x00001e66, 0x000004a0,
+ 0x00001e67, 0x000004a3,
+ 0x00001e68, 0x000004a6,
+ 0x00001e69, 0x000004a9,
+ 0x00001e6a, 0x000004ac,
+ 0x00001e6b, 0x000004ae,
+ 0x00001e6c, 0x000004b0,
+ 0x00001e6d, 0x000004b2,
+ 0x00001e6e, 0x000004b4,
+ 0x00001e6f, 0x000004b6,
+ 0x00001e70, 0x000004b8,
+ 0x00001e71, 0x000004ba,
+ 0x00001e72, 0x000004bc,
+ 0x00001e73, 0x000004be,
+ 0x00001e74, 0x000004c0,
+ 0x00001e75, 0x000004c2,
+ 0x00001e76, 0x000004c4,
+ 0x00001e77, 0x000004c6,
+ 0x00001e78, 0x000004c8,
+ 0x00001e79, 0x000004cb,
+ 0x00001e7a, 0x000004ce,
+ 0x00001e7b, 0x000004d1,
+ 0x00001e7c, 0x000004d4,
+ 0x00001e7d, 0x000004d6,
+ 0x00001e7e, 0x000004d8,
+ 0x00001e7f, 0x000004da,
+ 0x00001e80, 0x000004dc,
+ 0x00001e81, 0x000004de,
+ 0x00001e82, 0x000004e0,
+ 0x00001e83, 0x000004e2,
+ 0x00001e84, 0x000004e4,
+ 0x00001e85, 0x000004e6,
+ 0x00001e86, 0x000004e8,
+ 0x00001e87, 0x000004ea,
+ 0x00001e88, 0x000004ec,
+ 0x00001e89, 0x000004ee,
+ 0x00001e8a, 0x000004f0,
+ 0x00001e8b, 0x000004f2,
+ 0x00001e8c, 0x000004f4,
+ 0x00001e8d, 0x000004f6,
+ 0x00001e8e, 0x000004f8,
+ 0x00001e8f, 0x000004fa,
+ 0x00001e90, 0x000004fc,
+ 0x00001e91, 0x000004fe,
+ 0x00001e92, 0x00000500,
+ 0x00001e93, 0x00000502,
+ 0x00001e94, 0x00000504,
+ 0x00001e95, 0x00000506,
+ 0x00001e96, 0x00000508,
+ 0x00001e97, 0x0000050a,
+ 0x00001e98, 0x0000050c,
+ 0x00001e99, 0x0000050e,
+ 0x00001e9a, 0x00000510,
+ 0x00001e9b, 0x00000512,
+ 0x00001ea0, 0x00000514,
+ 0x00001ea1, 0x00000516,
+ 0x00001ea2, 0x00000518,
+ 0x00001ea3, 0x0000051a,
+ 0x00001ea4, 0x0000051c,
+ 0x00001ea5, 0x0000051f,
+ 0x00001ea6, 0x00000522,
+ 0x00001ea7, 0x00000525,
+ 0x00001ea8, 0x00000528,
+ 0x00001ea9, 0x0000052b,
+ 0x00001eaa, 0x0000052e,
+ 0x00001eab, 0x00000531,
+ 0x00001eac, 0x00000534,
+ 0x00001ead, 0x00000537,
+ 0x00001eae, 0x0000053a,
+ 0x00001eaf, 0x0000053d,
+ 0x00001eb0, 0x00000540,
+ 0x00001eb1, 0x00000543,
+ 0x00001eb2, 0x00000546,
+ 0x00001eb3, 0x00000549,
+ 0x00001eb4, 0x0000054c,
+ 0x00001eb5, 0x0000054f,
+ 0x00001eb6, 0x00000552,
+ 0x00001eb7, 0x00000555,
+ 0x00001eb8, 0x00000558,
+ 0x00001eb9, 0x0000055a,
+ 0x00001eba, 0x0000055c,
+ 0x00001ebb, 0x0000055e,
+ 0x00001ebc, 0x00000560,
+ 0x00001ebd, 0x00000562,
+ 0x00001ebe, 0x00000564,
+ 0x00001ebf, 0x00000567,
+ 0x00001ec0, 0x0000056a,
+ 0x00001ec1, 0x0000056d,
+ 0x00001ec2, 0x00000570,
+ 0x00001ec3, 0x00000573,
+ 0x00001ec4, 0x00000576,
+ 0x00001ec5, 0x00000579,
+ 0x00001ec6, 0x0000057c,
+ 0x00001ec7, 0x0000057f,
+ 0x00001ec8, 0x00000582,
+ 0x00001ec9, 0x00000584,
+ 0x00001eca, 0x00000586,
+ 0x00001ecb, 0x00000588,
+ 0x00001ecc, 0x0000058a,
+ 0x00001ecd, 0x0000058c,
+ 0x00001ece, 0x0000058e,
+ 0x00001ecf, 0x00000590,
+ 0x00001ed0, 0x00000592,
+ 0x00001ed1, 0x00000595,
+ 0x00001ed2, 0x00000598,
+ 0x00001ed3, 0x0000059b,
+ 0x00001ed4, 0x0000059e,
+ 0x00001ed5, 0x000005a1,
+ 0x00001ed6, 0x000005a4,
+ 0x00001ed7, 0x000005a7,
+ 0x00001ed8, 0x000005aa,
+ 0x00001ed9, 0x000005ad,
+ 0x00001eda, 0x000005b0,
+ 0x00001edb, 0x000005b3,
+ 0x00001edc, 0x000005b6,
+ 0x00001edd, 0x000005b9,
+ 0x00001ede, 0x000005bc,
+ 0x00001edf, 0x000005bf,
+ 0x00001ee0, 0x000005c2,
+ 0x00001ee1, 0x000005c5,
+ 0x00001ee2, 0x000005c8,
+ 0x00001ee3, 0x000005cb,
+ 0x00001ee4, 0x000005ce,
+ 0x00001ee5, 0x000005d0,
+ 0x00001ee6, 0x000005d2,
+ 0x00001ee7, 0x000005d4,
+ 0x00001ee8, 0x000005d6,
+ 0x00001ee9, 0x000005d9,
+ 0x00001eea, 0x000005dc,
+ 0x00001eeb, 0x000005df,
+ 0x00001eec, 0x000005e2,
+ 0x00001eed, 0x000005e5,
+ 0x00001eee, 0x000005e8,
+ 0x00001eef, 0x000005eb,
+ 0x00001ef0, 0x000005ee,
+ 0x00001ef1, 0x000005f1,
+ 0x00001ef2, 0x000005f4,
+ 0x00001ef3, 0x000005f6,
+ 0x00001ef4, 0x000005f8,
+ 0x00001ef5, 0x000005fa,
+ 0x00001ef6, 0x000005fc,
+ 0x00001ef7, 0x000005fe,
+ 0x00001ef8, 0x00000600,
+ 0x00001ef9, 0x00000602,
+ 0x00001f00, 0x00000604,
+ 0x00001f01, 0x00000606,
+ 0x00001f02, 0x00000608,
+ 0x00001f03, 0x0000060b,
+ 0x00001f04, 0x0000060e,
+ 0x00001f05, 0x00000611,
+ 0x00001f06, 0x00000614,
+ 0x00001f07, 0x00000617,
+ 0x00001f08, 0x0000061a,
+ 0x00001f09, 0x0000061c,
+ 0x00001f0a, 0x0000061e,
+ 0x00001f0b, 0x00000621,
+ 0x00001f0c, 0x00000624,
+ 0x00001f0d, 0x00000627,
+ 0x00001f0e, 0x0000062a,
+ 0x00001f0f, 0x0000062d,
+ 0x00001f10, 0x00000630,
+ 0x00001f11, 0x00000632,
+ 0x00001f12, 0x00000634,
+ 0x00001f13, 0x00000637,
+ 0x00001f14, 0x0000063a,
+ 0x00001f15, 0x0000063d,
+ 0x00001f18, 0x00000640,
+ 0x00001f19, 0x00000642,
+ 0x00001f1a, 0x00000644,
+ 0x00001f1b, 0x00000647,
+ 0x00001f1c, 0x0000064a,
+ 0x00001f1d, 0x0000064d,
+ 0x00001f20, 0x00000650,
+ 0x00001f21, 0x00000652,
+ 0x00001f22, 0x00000654,
+ 0x00001f23, 0x00000657,
+ 0x00001f24, 0x0000065a,
+ 0x00001f25, 0x0000065d,
+ 0x00001f26, 0x00000660,
+ 0x00001f27, 0x00000663,
+ 0x00001f28, 0x00000666,
+ 0x00001f29, 0x00000668,
+ 0x00001f2a, 0x0000066a,
+ 0x00001f2b, 0x0000066d,
+ 0x00001f2c, 0x00000670,
+ 0x00001f2d, 0x00000673,
+ 0x00001f2e, 0x00000676,
+ 0x00001f2f, 0x00000679,
+ 0x00001f30, 0x0000067c,
+ 0x00001f31, 0x0000067e,
+ 0x00001f32, 0x00000680,
+ 0x00001f33, 0x00000683,
+ 0x00001f34, 0x00000686,
+ 0x00001f35, 0x00000689,
+ 0x00001f36, 0x0000068c,
+ 0x00001f37, 0x0000068f,
+ 0x00001f38, 0x00000692,
+ 0x00001f39, 0x00000694,
+ 0x00001f3a, 0x00000696,
+ 0x00001f3b, 0x00000699,
+ 0x00001f3c, 0x0000069c,
+ 0x00001f3d, 0x0000069f,
+ 0x00001f3e, 0x000006a2,
+ 0x00001f3f, 0x000006a5,
+ 0x00001f40, 0x000006a8,
+ 0x00001f41, 0x000006aa,
+ 0x00001f42, 0x000006ac,
+ 0x00001f43, 0x000006af,
+ 0x00001f44, 0x000006b2,
+ 0x00001f45, 0x000006b5,
+ 0x00001f48, 0x000006b8,
+ 0x00001f49, 0x000006ba,
+ 0x00001f4a, 0x000006bc,
+ 0x00001f4b, 0x000006bf,
+ 0x00001f4c, 0x000006c2,
+ 0x00001f4d, 0x000006c5,
+ 0x00001f50, 0x000006c8,
+ 0x00001f51, 0x000006ca,
+ 0x00001f52, 0x000006cc,
+ 0x00001f53, 0x000006cf,
+ 0x00001f54, 0x000006d2,
+ 0x00001f55, 0x000006d5,
+ 0x00001f56, 0x000006d8,
+ 0x00001f57, 0x000006db,
+ 0x00001f59, 0x000006de,
+ 0x00001f5b, 0x000006e0,
+ 0x00001f5d, 0x000006e3,
+ 0x00001f5f, 0x000006e6,
+ 0x00001f60, 0x000006e9,
+ 0x00001f61, 0x000006eb,
+ 0x00001f62, 0x000006ed,
+ 0x00001f63, 0x000006f0,
+ 0x00001f64, 0x000006f3,
+ 0x00001f65, 0x000006f6,
+ 0x00001f66, 0x000006f9,
+ 0x00001f67, 0x000006fc,
+ 0x00001f68, 0x000006ff,
+ 0x00001f69, 0x00000701,
+ 0x00001f6a, 0x00000703,
+ 0x00001f6b, 0x00000706,
+ 0x00001f6c, 0x00000709,
+ 0x00001f6d, 0x0000070c,
+ 0x00001f6e, 0x0000070f,
+ 0x00001f6f, 0x00000712,
+ 0x00001f70, 0x00000715,
+ 0x00001f71, 0x00000717,
+ 0x00001f72, 0x00000719,
+ 0x00001f73, 0x0000071b,
+ 0x00001f74, 0x0000071d,
+ 0x00001f75, 0x0000071f,
+ 0x00001f76, 0x00000721,
+ 0x00001f77, 0x00000723,
+ 0x00001f78, 0x00000725,
+ 0x00001f79, 0x00000727,
+ 0x00001f7a, 0x00000729,
+ 0x00001f7b, 0x0000072b,
+ 0x00001f7c, 0x0000072d,
+ 0x00001f7d, 0x0000072f,
+ 0x00001f80, 0x00000731,
+ 0x00001f81, 0x00000734,
+ 0x00001f82, 0x00000737,
+ 0x00001f83, 0x0000073b,
+ 0x00001f84, 0x0000073f,
+ 0x00001f85, 0x00000743,
+ 0x00001f86, 0x00000747,
+ 0x00001f87, 0x0000074b,
+ 0x00001f88, 0x0000074f,
+ 0x00001f89, 0x00000752,
+ 0x00001f8a, 0x00000755,
+ 0x00001f8b, 0x00000759,
+ 0x00001f8c, 0x0000075d,
+ 0x00001f8d, 0x00000761,
+ 0x00001f8e, 0x00000765,
+ 0x00001f8f, 0x00000769,
+ 0x00001f90, 0x0000076d,
+ 0x00001f91, 0x00000770,
+ 0x00001f92, 0x00000773,
+ 0x00001f93, 0x00000777,
+ 0x00001f94, 0x0000077b,
+ 0x00001f95, 0x0000077f,
+ 0x00001f96, 0x00000783,
+ 0x00001f97, 0x00000787,
+ 0x00001f98, 0x0000078b,
+ 0x00001f99, 0x0000078e,
+ 0x00001f9a, 0x00000791,
+ 0x00001f9b, 0x00000795,
+ 0x00001f9c, 0x00000799,
+ 0x00001f9d, 0x0000079d,
+ 0x00001f9e, 0x000007a1,
+ 0x00001f9f, 0x000007a5,
+ 0x00001fa0, 0x000007a9,
+ 0x00001fa1, 0x000007ac,
+ 0x00001fa2, 0x000007af,
+ 0x00001fa3, 0x000007b3,
+ 0x00001fa4, 0x000007b7,
+ 0x00001fa5, 0x000007bb,
+ 0x00001fa6, 0x000007bf,
+ 0x00001fa7, 0x000007c3,
+ 0x00001fa8, 0x000007c7,
+ 0x00001fa9, 0x000007ca,
+ 0x00001faa, 0x000007cd,
+ 0x00001fab, 0x000007d1,
+ 0x00001fac, 0x000007d5,
+ 0x00001fad, 0x000007d9,
+ 0x00001fae, 0x000007dd,
+ 0x00001faf, 0x000007e1,
+ 0x00001fb0, 0x000007e5,
+ 0x00001fb1, 0x000007e7,
+ 0x00001fb2, 0x000007e9,
+ 0x00001fb3, 0x000007ec,
+ 0x00001fb4, 0x000007ee,
+ 0x00001fb6, 0x000007f1,
+ 0x00001fb7, 0x000007f3,
+ 0x00001fb8, 0x000007f6,
+ 0x00001fb9, 0x000007f8,
+ 0x00001fba, 0x000007fa,
+ 0x00001fbb, 0x000007fc,
+ 0x00001fbc, 0x000007fe,
+ 0x00001fbd, 0x00000800,
+ 0x00001fbe, 0x00000802,
+ 0x00001fbf, 0x00000803,
+ 0x00001fc0, 0x00000805,
+ 0x00001fc1, 0x00000807,
+ 0x00001fc2, 0x0000080a,
+ 0x00001fc3, 0x0000080d,
+ 0x00001fc4, 0x0000080f,
+ 0x00001fc6, 0x00000812,
+ 0x00001fc7, 0x00000814,
+ 0x00001fc8, 0x00000817,
+ 0x00001fc9, 0x00000819,
+ 0x00001fca, 0x0000081b,
+ 0x00001fcb, 0x0000081d,
+ 0x00001fcc, 0x0000081f,
+ 0x00001fcd, 0x00000821,
+ 0x00001fce, 0x00000824,
+ 0x00001fcf, 0x00000827,
+ 0x00001fd0, 0x0000082a,
+ 0x00001fd1, 0x0000082c,
+ 0x00001fd2, 0x0000082e,
+ 0x00001fd3, 0x00000831,
+ 0x00001fd6, 0x00000834,
+ 0x00001fd7, 0x00000836,
+ 0x00001fd8, 0x00000839,
+ 0x00001fd9, 0x0000083b,
+ 0x00001fda, 0x0000083d,
+ 0x00001fdb, 0x0000083f,
+ 0x00001fdd, 0x00000841,
+ 0x00001fde, 0x00000844,
+ 0x00001fdf, 0x00000847,
+ 0x00001fe0, 0x0000084a,
+ 0x00001fe1, 0x0000084c,
+ 0x00001fe2, 0x0000084e,
+ 0x00001fe3, 0x00000851,
+ 0x00001fe4, 0x00000854,
+ 0x00001fe5, 0x00000856,
+ 0x00001fe6, 0x00000858,
+ 0x00001fe7, 0x0000085a,
+ 0x00001fe8, 0x0000085d,
+ 0x00001fe9, 0x0000085f,
+ 0x00001fea, 0x00000861,
+ 0x00001feb, 0x00000863,
+ 0x00001fec, 0x00000865,
+ 0x00001fed, 0x00000867,
+ 0x00001fee, 0x0000086a,
+ 0x00001fef, 0x0000086d,
+ 0x00001ff2, 0x0000086e,
+ 0x00001ff3, 0x00000871,
+ 0x00001ff4, 0x00000873,
+ 0x00001ff6, 0x00000876,
+ 0x00001ff7, 0x00000878,
+ 0x00001ff8, 0x0000087b,
+ 0x00001ff9, 0x0000087d,
+ 0x00001ffa, 0x0000087f,
+ 0x00001ffb, 0x00000881,
+ 0x00001ffc, 0x00000883,
+ 0x00001ffd, 0x00000885,
+ 0x00001ffe, 0x00000887,
+ 0x00002000, 0x00000889,
+ 0x00002001, 0x0000088a,
+ 0x00002002, 0x0000088b,
+ 0x00002003, 0x0000088c,
+ 0x00002004, 0x0000088d,
+ 0x00002005, 0x0000088e,
+ 0x00002006, 0x0000088f,
+ 0x00002007, 0x00000890,
+ 0x00002008, 0x00000891,
+ 0x00002009, 0x00000892,
+ 0x0000200a, 0x00000893,
+ 0x00002011, 0x00000894,
+ 0x00002017, 0x00000895,
+ 0x00002024, 0x00000897,
+ 0x00002025, 0x00000898,
+ 0x00002026, 0x0000089a,
+ 0x0000202f, 0x0000089d,
+ 0x00002033, 0x0000089e,
+ 0x00002034, 0x000008a0,
+ 0x00002036, 0x000008a3,
+ 0x00002037, 0x000008a5,
+ 0x0000203c, 0x000008a8,
+ 0x0000203e, 0x000008aa,
+ 0x00002047, 0x000008ac,
+ 0x00002048, 0x000008ae,
+ 0x00002049, 0x000008b0,
+ 0x00002057, 0x000008b2,
+ 0x0000205f, 0x000008b6,
+ 0x00002070, 0x000008b7,
+ 0x00002071, 0x000008b8,
+ 0x00002074, 0x000008b9,
+ 0x00002075, 0x000008ba,
+ 0x00002076, 0x000008bb,
+ 0x00002077, 0x000008bc,
+ 0x00002078, 0x000008bd,
+ 0x00002079, 0x000008be,
+ 0x0000207a, 0x000008bf,
+ 0x0000207b, 0x000008c0,
+ 0x0000207c, 0x000008c1,
+ 0x0000207d, 0x000008c2,
+ 0x0000207e, 0x000008c3,
+ 0x0000207f, 0x000008c4,
+ 0x00002080, 0x000008c5,
+ 0x00002081, 0x000008c6,
+ 0x00002082, 0x000008c7,
+ 0x00002083, 0x000008c8,
+ 0x00002084, 0x000008c9,
+ 0x00002085, 0x000008ca,
+ 0x00002086, 0x000008cb,
+ 0x00002087, 0x000008cc,
+ 0x00002088, 0x000008cd,
+ 0x00002089, 0x000008ce,
+ 0x0000208a, 0x000008cf,
+ 0x0000208b, 0x000008d0,
+ 0x0000208c, 0x000008d1,
+ 0x0000208d, 0x000008d2,
+ 0x0000208e, 0x000008d3,
+ 0x000020a8, 0x000008d4,
+ 0x00002100, 0x000008d6,
+ 0x00002101, 0x000008d9,
+ 0x00002102, 0x000008dc,
+ 0x00002103, 0x000008dd,
+ 0x00002105, 0x000008df,
+ 0x00002106, 0x000008e2,
+ 0x00002107, 0x000008e5,
+ 0x00002109, 0x000008e6,
+ 0x0000210a, 0x000008e8,
+ 0x0000210b, 0x000008e9,
+ 0x0000210c, 0x000008ea,
+ 0x0000210d, 0x000008eb,
+ 0x0000210e, 0x000008ec,
+ 0x0000210f, 0x000008ed,
+ 0x00002110, 0x000008ee,
+ 0x00002111, 0x000008ef,
+ 0x00002112, 0x000008f0,
+ 0x00002113, 0x000008f1,
+ 0x00002115, 0x000008f2,
+ 0x00002116, 0x000008f3,
+ 0x00002119, 0x000008f5,
+ 0x0000211a, 0x000008f6,
+ 0x0000211b, 0x000008f7,
+ 0x0000211c, 0x000008f8,
+ 0x0000211d, 0x000008f9,
+ 0x00002120, 0x000008fa,
+ 0x00002121, 0x000008fc,
+ 0x00002122, 0x000008ff,
+ 0x00002124, 0x00000901,
+ 0x00002126, 0x00000902,
+ 0x00002128, 0x00000903,
+ 0x0000212a, 0x00000904,
+ 0x0000212b, 0x00000905,
+ 0x0000212c, 0x00000907,
+ 0x0000212d, 0x00000908,
+ 0x0000212f, 0x00000909,
+ 0x00002130, 0x0000090a,
+ 0x00002131, 0x0000090b,
+ 0x00002133, 0x0000090c,
+ 0x00002134, 0x0000090d,
+ 0x00002135, 0x0000090e,
+ 0x00002136, 0x0000090f,
+ 0x00002137, 0x00000910,
+ 0x00002138, 0x00000911,
+ 0x00002139, 0x00000912,
+ 0x0000213d, 0x00000913,
+ 0x0000213e, 0x00000914,
+ 0x0000213f, 0x00000915,
+ 0x00002140, 0x00000916,
+ 0x00002145, 0x00000917,
+ 0x00002146, 0x00000918,
+ 0x00002147, 0x00000919,
+ 0x00002148, 0x0000091a,
+ 0x00002149, 0x0000091b,
+ 0x00002153, 0x0000091c,
+ 0x00002154, 0x0000091f,
+ 0x00002155, 0x00000922,
+ 0x00002156, 0x00000925,
+ 0x00002157, 0x00000928,
+ 0x00002158, 0x0000092b,
+ 0x00002159, 0x0000092e,
+ 0x0000215a, 0x00000931,
+ 0x0000215b, 0x00000934,
+ 0x0000215c, 0x00000937,
+ 0x0000215d, 0x0000093a,
+ 0x0000215e, 0x0000093d,
+ 0x0000215f, 0x00000940,
+ 0x00002160, 0x00000942,
+ 0x00002161, 0x00000943,
+ 0x00002162, 0x00000945,
+ 0x00002163, 0x00000948,
+ 0x00002164, 0x0000094a,
+ 0x00002165, 0x0000094b,
+ 0x00002166, 0x0000094d,
+ 0x00002167, 0x00000950,
+ 0x00002168, 0x00000954,
+ 0x00002169, 0x00000956,
+ 0x0000216a, 0x00000957,
+ 0x0000216b, 0x00000959,
+ 0x0000216c, 0x0000095c,
+ 0x0000216d, 0x0000095d,
+ 0x0000216e, 0x0000095e,
+ 0x0000216f, 0x0000095f,
+ 0x00002170, 0x00000960,
+ 0x00002171, 0x00000961,
+ 0x00002172, 0x00000963,
+ 0x00002173, 0x00000966,
+ 0x00002174, 0x00000968,
+ 0x00002175, 0x00000969,
+ 0x00002176, 0x0000096b,
+ 0x00002177, 0x0000096e,
+ 0x00002178, 0x00000972,
+ 0x00002179, 0x00000974,
+ 0x0000217a, 0x00000975,
+ 0x0000217b, 0x00000977,
+ 0x0000217c, 0x0000097a,
+ 0x0000217d, 0x0000097b,
+ 0x0000217e, 0x0000097c,
+ 0x0000217f, 0x0000097d,
+ 0x0000219a, 0x0000097e,
+ 0x0000219b, 0x00000980,
+ 0x000021ae, 0x00000982,
+ 0x000021cd, 0x00000984,
+ 0x000021ce, 0x00000986,
+ 0x000021cf, 0x00000988,
+ 0x00002204, 0x0000098a,
+ 0x00002209, 0x0000098c,
+ 0x0000220c, 0x0000098e,
+ 0x00002224, 0x00000990,
+ 0x00002226, 0x00000992,
+ 0x0000222c, 0x00000994,
+ 0x0000222d, 0x00000996,
+ 0x0000222f, 0x00000999,
+ 0x00002230, 0x0000099b,
+ 0x00002241, 0x0000099e,
+ 0x00002244, 0x000009a0,
+ 0x00002247, 0x000009a2,
+ 0x00002249, 0x000009a4,
+ 0x00002260, 0x000009a6,
+ 0x00002262, 0x000009a8,
+ 0x0000226d, 0x000009aa,
+ 0x0000226e, 0x000009ac,
+ 0x0000226f, 0x000009ae,
+ 0x00002270, 0x000009b0,
+ 0x00002271, 0x000009b2,
+ 0x00002274, 0x000009b4,
+ 0x00002275, 0x000009b6,
+ 0x00002278, 0x000009b8,
+ 0x00002279, 0x000009ba,
+ 0x00002280, 0x000009bc,
+ 0x00002281, 0x000009be,
+ 0x00002284, 0x000009c0,
+ 0x00002285, 0x000009c2,
+ 0x00002288, 0x000009c4,
+ 0x00002289, 0x000009c6,
+ 0x000022ac, 0x000009c8,
+ 0x000022ad, 0x000009ca,
+ 0x000022ae, 0x000009cc,
+ 0x000022af, 0x000009ce,
+ 0x000022e0, 0x000009d0,
+ 0x000022e1, 0x000009d2,
+ 0x000022e2, 0x000009d4,
+ 0x000022e3, 0x000009d6,
+ 0x000022ea, 0x000009d8,
+ 0x000022eb, 0x000009da,
+ 0x000022ec, 0x000009dc,
+ 0x000022ed, 0x000009de,
+ 0x00002329, 0x000009e0,
+ 0x0000232a, 0x000009e1,
+ 0x00002460, 0x000009e2,
+ 0x00002461, 0x000009e3,
+ 0x00002462, 0x000009e4,
+ 0x00002463, 0x000009e5,
+ 0x00002464, 0x000009e6,
+ 0x00002465, 0x000009e7,
+ 0x00002466, 0x000009e8,
+ 0x00002467, 0x000009e9,
+ 0x00002468, 0x000009ea,
+ 0x00002469, 0x000009eb,
+ 0x0000246a, 0x000009ed,
+ 0x0000246b, 0x000009ef,
+ 0x0000246c, 0x000009f1,
+ 0x0000246d, 0x000009f3,
+ 0x0000246e, 0x000009f5,
+ 0x0000246f, 0x000009f7,
+ 0x00002470, 0x000009f9,
+ 0x00002471, 0x000009fb,
+ 0x00002472, 0x000009fd,
+ 0x00002473, 0x000009ff,
+ 0x00002474, 0x00000a01,
+ 0x00002475, 0x00000a04,
+ 0x00002476, 0x00000a07,
+ 0x00002477, 0x00000a0a,
+ 0x00002478, 0x00000a0d,
+ 0x00002479, 0x00000a10,
+ 0x0000247a, 0x00000a13,
+ 0x0000247b, 0x00000a16,
+ 0x0000247c, 0x00000a19,
+ 0x0000247d, 0x00000a1c,
+ 0x0000247e, 0x00000a20,
+ 0x0000247f, 0x00000a24,
+ 0x00002480, 0x00000a28,
+ 0x00002481, 0x00000a2c,
+ 0x00002482, 0x00000a30,
+ 0x00002483, 0x00000a34,
+ 0x00002484, 0x00000a38,
+ 0x00002485, 0x00000a3c,
+ 0x00002486, 0x00000a40,
+ 0x00002487, 0x00000a44,
+ 0x00002488, 0x00000a48,
+ 0x00002489, 0x00000a4a,
+ 0x0000248a, 0x00000a4c,
+ 0x0000248b, 0x00000a4e,
+ 0x0000248c, 0x00000a50,
+ 0x0000248d, 0x00000a52,
+ 0x0000248e, 0x00000a54,
+ 0x0000248f, 0x00000a56,
+ 0x00002490, 0x00000a58,
+ 0x00002491, 0x00000a5a,
+ 0x00002492, 0x00000a5d,
+ 0x00002493, 0x00000a60,
+ 0x00002494, 0x00000a63,
+ 0x00002495, 0x00000a66,
+ 0x00002496, 0x00000a69,
+ 0x00002497, 0x00000a6c,
+ 0x00002498, 0x00000a6f,
+ 0x00002499, 0x00000a72,
+ 0x0000249a, 0x00000a75,
+ 0x0000249b, 0x00000a78,
+ 0x0000249c, 0x00000a7b,
+ 0x0000249d, 0x00000a7e,
+ 0x0000249e, 0x00000a81,
+ 0x0000249f, 0x00000a84,
+ 0x000024a0, 0x00000a87,
+ 0x000024a1, 0x00000a8a,
+ 0x000024a2, 0x00000a8d,
+ 0x000024a3, 0x00000a90,
+ 0x000024a4, 0x00000a93,
+ 0x000024a5, 0x00000a96,
+ 0x000024a6, 0x00000a99,
+ 0x000024a7, 0x00000a9c,
+ 0x000024a8, 0x00000a9f,
+ 0x000024a9, 0x00000aa2,
+ 0x000024aa, 0x00000aa5,
+ 0x000024ab, 0x00000aa8,
+ 0x000024ac, 0x00000aab,
+ 0x000024ad, 0x00000aae,
+ 0x000024ae, 0x00000ab1,
+ 0x000024af, 0x00000ab4,
+ 0x000024b0, 0x00000ab7,
+ 0x000024b1, 0x00000aba,
+ 0x000024b2, 0x00000abd,
+ 0x000024b3, 0x00000ac0,
+ 0x000024b4, 0x00000ac3,
+ 0x000024b5, 0x00000ac6,
+ 0x000024b6, 0x00000ac9,
+ 0x000024b7, 0x00000aca,
+ 0x000024b8, 0x00000acb,
+ 0x000024b9, 0x00000acc,
+ 0x000024ba, 0x00000acd,
+ 0x000024bb, 0x00000ace,
+ 0x000024bc, 0x00000acf,
+ 0x000024bd, 0x00000ad0,
+ 0x000024be, 0x00000ad1,
+ 0x000024bf, 0x00000ad2,
+ 0x000024c0, 0x00000ad3,
+ 0x000024c1, 0x00000ad4,
+ 0x000024c2, 0x00000ad5,
+ 0x000024c3, 0x00000ad6,
+ 0x000024c4, 0x00000ad7,
+ 0x000024c5, 0x00000ad8,
+ 0x000024c6, 0x00000ad9,
+ 0x000024c7, 0x00000ada,
+ 0x000024c8, 0x00000adb,
+ 0x000024c9, 0x00000adc,
+ 0x000024ca, 0x00000add,
+ 0x000024cb, 0x00000ade,
+ 0x000024cc, 0x00000adf,
+ 0x000024cd, 0x00000ae0,
+ 0x000024ce, 0x00000ae1,
+ 0x000024cf, 0x00000ae2,
+ 0x000024d0, 0x00000ae3,
+ 0x000024d1, 0x00000ae4,
+ 0x000024d2, 0x00000ae5,
+ 0x000024d3, 0x00000ae6,
+ 0x000024d4, 0x00000ae7,
+ 0x000024d5, 0x00000ae8,
+ 0x000024d6, 0x00000ae9,
+ 0x000024d7, 0x00000aea,
+ 0x000024d8, 0x00000aeb,
+ 0x000024d9, 0x00000aec,
+ 0x000024da, 0x00000aed,
+ 0x000024db, 0x00000aee,
+ 0x000024dc, 0x00000aef,
+ 0x000024dd, 0x00000af0,
+ 0x000024de, 0x00000af1,
+ 0x000024df, 0x00000af2,
+ 0x000024e0, 0x00000af3,
+ 0x000024e1, 0x00000af4,
+ 0x000024e2, 0x00000af5,
+ 0x000024e3, 0x00000af6,
+ 0x000024e4, 0x00000af7,
+ 0x000024e5, 0x00000af8,
+ 0x000024e6, 0x00000af9,
+ 0x000024e7, 0x00000afa,
+ 0x000024e8, 0x00000afb,
+ 0x000024e9, 0x00000afc,
+ 0x000024ea, 0x00000afd,
+ 0x00002a0c, 0x00000afe,
+ 0x00002a74, 0x00000b02,
+ 0x00002a75, 0x00000b05,
+ 0x00002a76, 0x00000b07,
+ 0x00002adc, 0x00000b0a,
+ 0x00002e9f, 0x00000b0c,
+ 0x00002ef3, 0x00000b0d,
+ 0x00002f00, 0x00000b0e,
+ 0x00002f01, 0x00000b0f,
+ 0x00002f02, 0x00000b10,
+ 0x00002f03, 0x00000b11,
+ 0x00002f04, 0x00000b12,
+ 0x00002f05, 0x00000b13,
+ 0x00002f06, 0x00000b14,
+ 0x00002f07, 0x00000b15,
+ 0x00002f08, 0x00000b16,
+ 0x00002f09, 0x00000b17,
+ 0x00002f0a, 0x00000b18,
+ 0x00002f0b, 0x00000b19,
+ 0x00002f0c, 0x00000b1a,
+ 0x00002f0d, 0x00000b1b,
+ 0x00002f0e, 0x00000b1c,
+ 0x00002f0f, 0x00000b1d,
+ 0x00002f10, 0x00000b1e,
+ 0x00002f11, 0x00000b1f,
+ 0x00002f12, 0x00000b20,
+ 0x00002f13, 0x00000b21,
+ 0x00002f14, 0x00000b22,
+ 0x00002f15, 0x00000b23,
+ 0x00002f16, 0x00000b24,
+ 0x00002f17, 0x00000b25,
+ 0x00002f18, 0x00000b26,
+ 0x00002f19, 0x00000b27,
+ 0x00002f1a, 0x00000b28,
+ 0x00002f1b, 0x00000b29,
+ 0x00002f1c, 0x00000b2a,
+ 0x00002f1d, 0x00000b2b,
+ 0x00002f1e, 0x00000b2c,
+ 0x00002f1f, 0x00000b2d,
+ 0x00002f20, 0x00000b2e,
+ 0x00002f21, 0x00000b2f,
+ 0x00002f22, 0x00000b30,
+ 0x00002f23, 0x00000b31,
+ 0x00002f24, 0x00000b32,
+ 0x00002f25, 0x00000b33,
+ 0x00002f26, 0x00000b34,
+ 0x00002f27, 0x00000b35,
+ 0x00002f28, 0x00000b36,
+ 0x00002f29, 0x00000b37,
+ 0x00002f2a, 0x00000b38,
+ 0x00002f2b, 0x00000b39,
+ 0x00002f2c, 0x00000b3a,
+ 0x00002f2d, 0x00000b3b,
+ 0x00002f2e, 0x00000b3c,
+ 0x00002f2f, 0x00000b3d,
+ 0x00002f30, 0x00000b3e,
+ 0x00002f31, 0x00000b3f,
+ 0x00002f32, 0x00000b40,
+ 0x00002f33, 0x00000b41,
+ 0x00002f34, 0x00000b42,
+ 0x00002f35, 0x00000b43,
+ 0x00002f36, 0x00000b44,
+ 0x00002f37, 0x00000b45,
+ 0x00002f38, 0x00000b46,
+ 0x00002f39, 0x00000b47,
+ 0x00002f3a, 0x00000b48,
+ 0x00002f3b, 0x00000b49,
+ 0x00002f3c, 0x00000b4a,
+ 0x00002f3d, 0x00000b4b,
+ 0x00002f3e, 0x00000b4c,
+ 0x00002f3f, 0x00000b4d,
+ 0x00002f40, 0x00000b4e,
+ 0x00002f41, 0x00000b4f,
+ 0x00002f42, 0x00000b50,
+ 0x00002f43, 0x00000b51,
+ 0x00002f44, 0x00000b52,
+ 0x00002f45, 0x00000b53,
+ 0x00002f46, 0x00000b54,
+ 0x00002f47, 0x00000b55,
+ 0x00002f48, 0x00000b56,
+ 0x00002f49, 0x00000b57,
+ 0x00002f4a, 0x00000b58,
+ 0x00002f4b, 0x00000b59,
+ 0x00002f4c, 0x00000b5a,
+ 0x00002f4d, 0x00000b5b,
+ 0x00002f4e, 0x00000b5c,
+ 0x00002f4f, 0x00000b5d,
+ 0x00002f50, 0x00000b5e,
+ 0x00002f51, 0x00000b5f,
+ 0x00002f52, 0x00000b60,
+ 0x00002f53, 0x00000b61,
+ 0x00002f54, 0x00000b62,
+ 0x00002f55, 0x00000b63,
+ 0x00002f56, 0x00000b64,
+ 0x00002f57, 0x00000b65,
+ 0x00002f58, 0x00000b66,
+ 0x00002f59, 0x00000b67,
+ 0x00002f5a, 0x00000b68,
+ 0x00002f5b, 0x00000b69,
+ 0x00002f5c, 0x00000b6a,
+ 0x00002f5d, 0x00000b6b,
+ 0x00002f5e, 0x00000b6c,
+ 0x00002f5f, 0x00000b6d,
+ 0x00002f60, 0x00000b6e,
+ 0x00002f61, 0x00000b6f,
+ 0x00002f62, 0x00000b70,
+ 0x00002f63, 0x00000b71,
+ 0x00002f64, 0x00000b72,
+ 0x00002f65, 0x00000b73,
+ 0x00002f66, 0x00000b74,
+ 0x00002f67, 0x00000b75,
+ 0x00002f68, 0x00000b76,
+ 0x00002f69, 0x00000b77,
+ 0x00002f6a, 0x00000b78,
+ 0x00002f6b, 0x00000b79,
+ 0x00002f6c, 0x00000b7a,
+ 0x00002f6d, 0x00000b7b,
+ 0x00002f6e, 0x00000b7c,
+ 0x00002f6f, 0x00000b7d,
+ 0x00002f70, 0x00000b7e,
+ 0x00002f71, 0x00000b7f,
+ 0x00002f72, 0x00000b80,
+ 0x00002f73, 0x00000b81,
+ 0x00002f74, 0x00000b82,
+ 0x00002f75, 0x00000b83,
+ 0x00002f76, 0x00000b84,
+ 0x00002f77, 0x00000b85,
+ 0x00002f78, 0x00000b86,
+ 0x00002f79, 0x00000b87,
+ 0x00002f7a, 0x00000b88,
+ 0x00002f7b, 0x00000b89,
+ 0x00002f7c, 0x00000b8a,
+ 0x00002f7d, 0x00000b8b,
+ 0x00002f7e, 0x00000b8c,
+ 0x00002f7f, 0x00000b8d,
+ 0x00002f80, 0x00000b8e,
+ 0x00002f81, 0x00000b8f,
+ 0x00002f82, 0x00000b90,
+ 0x00002f83, 0x00000b91,
+ 0x00002f84, 0x00000b92,
+ 0x00002f85, 0x00000b93,
+ 0x00002f86, 0x00000b94,
+ 0x00002f87, 0x00000b95,
+ 0x00002f88, 0x00000b96,
+ 0x00002f89, 0x00000b97,
+ 0x00002f8a, 0x00000b98,
+ 0x00002f8b, 0x00000b99,
+ 0x00002f8c, 0x00000b9a,
+ 0x00002f8d, 0x00000b9b,
+ 0x00002f8e, 0x00000b9c,
+ 0x00002f8f, 0x00000b9d,
+ 0x00002f90, 0x00000b9e,
+ 0x00002f91, 0x00000b9f,
+ 0x00002f92, 0x00000ba0,
+ 0x00002f93, 0x00000ba1,
+ 0x00002f94, 0x00000ba2,
+ 0x00002f95, 0x00000ba3,
+ 0x00002f96, 0x00000ba4,
+ 0x00002f97, 0x00000ba5,
+ 0x00002f98, 0x00000ba6,
+ 0x00002f99, 0x00000ba7,
+ 0x00002f9a, 0x00000ba8,
+ 0x00002f9b, 0x00000ba9,
+ 0x00002f9c, 0x00000baa,
+ 0x00002f9d, 0x00000bab,
+ 0x00002f9e, 0x00000bac,
+ 0x00002f9f, 0x00000bad,
+ 0x00002fa0, 0x00000bae,
+ 0x00002fa1, 0x00000baf,
+ 0x00002fa2, 0x00000bb0,
+ 0x00002fa3, 0x00000bb1,
+ 0x00002fa4, 0x00000bb2,
+ 0x00002fa5, 0x00000bb3,
+ 0x00002fa6, 0x00000bb4,
+ 0x00002fa7, 0x00000bb5,
+ 0x00002fa8, 0x00000bb6,
+ 0x00002fa9, 0x00000bb7,
+ 0x00002faa, 0x00000bb8,
+ 0x00002fab, 0x00000bb9,
+ 0x00002fac, 0x00000bba,
+ 0x00002fad, 0x00000bbb,
+ 0x00002fae, 0x00000bbc,
+ 0x00002faf, 0x00000bbd,
+ 0x00002fb0, 0x00000bbe,
+ 0x00002fb1, 0x00000bbf,
+ 0x00002fb2, 0x00000bc0,
+ 0x00002fb3, 0x00000bc1,
+ 0x00002fb4, 0x00000bc2,
+ 0x00002fb5, 0x00000bc3,
+ 0x00002fb6, 0x00000bc4,
+ 0x00002fb7, 0x00000bc5,
+ 0x00002fb8, 0x00000bc6,
+ 0x00002fb9, 0x00000bc7,
+ 0x00002fba, 0x00000bc8,
+ 0x00002fbb, 0x00000bc9,
+ 0x00002fbc, 0x00000bca,
+ 0x00002fbd, 0x00000bcb,
+ 0x00002fbe, 0x00000bcc,
+ 0x00002fbf, 0x00000bcd,
+ 0x00002fc0, 0x00000bce,
+ 0x00002fc1, 0x00000bcf,
+ 0x00002fc2, 0x00000bd0,
+ 0x00002fc3, 0x00000bd1,
+ 0x00002fc4, 0x00000bd2,
+ 0x00002fc5, 0x00000bd3,
+ 0x00002fc6, 0x00000bd4,
+ 0x00002fc7, 0x00000bd5,
+ 0x00002fc8, 0x00000bd6,
+ 0x00002fc9, 0x00000bd7,
+ 0x00002fca, 0x00000bd8,
+ 0x00002fcb, 0x00000bd9,
+ 0x00002fcc, 0x00000bda,
+ 0x00002fcd, 0x00000bdb,
+ 0x00002fce, 0x00000bdc,
+ 0x00002fcf, 0x00000bdd,
+ 0x00002fd0, 0x00000bde,
+ 0x00002fd1, 0x00000bdf,
+ 0x00002fd2, 0x00000be0,
+ 0x00002fd3, 0x00000be1,
+ 0x00002fd4, 0x00000be2,
+ 0x00002fd5, 0x00000be3,
+ 0x00003000, 0x00000be4,
+ 0x00003036, 0x00000be5,
+ 0x00003038, 0x00000be6,
+ 0x00003039, 0x00000be7,
+ 0x0000303a, 0x00000be8,
+ 0x0000304c, 0x00000be9,
+ 0x0000304e, 0x00000beb,
+ 0x00003050, 0x00000bed,
+ 0x00003052, 0x00000bef,
+ 0x00003054, 0x00000bf1,
+ 0x00003056, 0x00000bf3,
+ 0x00003058, 0x00000bf5,
+ 0x0000305a, 0x00000bf7,
+ 0x0000305c, 0x00000bf9,
+ 0x0000305e, 0x00000bfb,
+ 0x00003060, 0x00000bfd,
+ 0x00003062, 0x00000bff,
+ 0x00003065, 0x00000c01,
+ 0x00003067, 0x00000c03,
+ 0x00003069, 0x00000c05,
+ 0x00003070, 0x00000c07,
+ 0x00003071, 0x00000c09,
+ 0x00003073, 0x00000c0b,
+ 0x00003074, 0x00000c0d,
+ 0x00003076, 0x00000c0f,
+ 0x00003077, 0x00000c11,
+ 0x00003079, 0x00000c13,
+ 0x0000307a, 0x00000c15,
+ 0x0000307c, 0x00000c17,
+ 0x0000307d, 0x00000c19,
+ 0x00003094, 0x00000c1b,
+ 0x0000309b, 0x00000c1d,
+ 0x0000309c, 0x00000c1f,
+ 0x0000309e, 0x00000c21,
+ 0x0000309f, 0x00000c23,
+ 0x000030ac, 0x00000c25,
+ 0x000030ae, 0x00000c27,
+ 0x000030b0, 0x00000c29,
+ 0x000030b2, 0x00000c2b,
+ 0x000030b4, 0x00000c2d,
+ 0x000030b6, 0x00000c2f,
+ 0x000030b8, 0x00000c31,
+ 0x000030ba, 0x00000c33,
+ 0x000030bc, 0x00000c35,
+ 0x000030be, 0x00000c37,
+ 0x000030c0, 0x00000c39,
+ 0x000030c2, 0x00000c3b,
+ 0x000030c5, 0x00000c3d,
+ 0x000030c7, 0x00000c3f,
+ 0x000030c9, 0x00000c41,
+ 0x000030d0, 0x00000c43,
+ 0x000030d1, 0x00000c45,
+ 0x000030d3, 0x00000c47,
+ 0x000030d4, 0x00000c49,
+ 0x000030d6, 0x00000c4b,
+ 0x000030d7, 0x00000c4d,
+ 0x000030d9, 0x00000c4f,
+ 0x000030da, 0x00000c51,
+ 0x000030dc, 0x00000c53,
+ 0x000030dd, 0x00000c55,
+ 0x000030f4, 0x00000c57,
+ 0x000030f7, 0x00000c59,
+ 0x000030f8, 0x00000c5b,
+ 0x000030f9, 0x00000c5d,
+ 0x000030fa, 0x00000c5f,
+ 0x000030fe, 0x00000c61,
+ 0x000030ff, 0x00000c63,
+ 0x00003131, 0x00000c65,
+ 0x00003132, 0x00000c66,
+ 0x00003133, 0x00000c67,
+ 0x00003134, 0x00000c68,
+ 0x00003135, 0x00000c69,
+ 0x00003136, 0x00000c6a,
+ 0x00003137, 0x00000c6b,
+ 0x00003138, 0x00000c6c,
+ 0x00003139, 0x00000c6d,
+ 0x0000313a, 0x00000c6e,
+ 0x0000313b, 0x00000c6f,
+ 0x0000313c, 0x00000c70,
+ 0x0000313d, 0x00000c71,
+ 0x0000313e, 0x00000c72,
+ 0x0000313f, 0x00000c73,
+ 0x00003140, 0x00000c74,
+ 0x00003141, 0x00000c75,
+ 0x00003142, 0x00000c76,
+ 0x00003143, 0x00000c77,
+ 0x00003144, 0x00000c78,
+ 0x00003145, 0x00000c79,
+ 0x00003146, 0x00000c7a,
+ 0x00003147, 0x00000c7b,
+ 0x00003148, 0x00000c7c,
+ 0x00003149, 0x00000c7d,
+ 0x0000314a, 0x00000c7e,
+ 0x0000314b, 0x00000c7f,
+ 0x0000314c, 0x00000c80,
+ 0x0000314d, 0x00000c81,
+ 0x0000314e, 0x00000c82,
+ 0x0000314f, 0x00000c83,
+ 0x00003150, 0x00000c84,
+ 0x00003151, 0x00000c85,
+ 0x00003152, 0x00000c86,
+ 0x00003153, 0x00000c87,
+ 0x00003154, 0x00000c88,
+ 0x00003155, 0x00000c89,
+ 0x00003156, 0x00000c8a,
+ 0x00003157, 0x00000c8b,
+ 0x00003158, 0x00000c8c,
+ 0x00003159, 0x00000c8d,
+ 0x0000315a, 0x00000c8e,
+ 0x0000315b, 0x00000c8f,
+ 0x0000315c, 0x00000c90,
+ 0x0000315d, 0x00000c91,
+ 0x0000315e, 0x00000c92,
+ 0x0000315f, 0x00000c93,
+ 0x00003160, 0x00000c94,
+ 0x00003161, 0x00000c95,
+ 0x00003162, 0x00000c96,
+ 0x00003163, 0x00000c97,
+ 0x00003164, 0x00000c98,
+ 0x00003165, 0x00000c99,
+ 0x00003166, 0x00000c9a,
+ 0x00003167, 0x00000c9b,
+ 0x00003168, 0x00000c9c,
+ 0x00003169, 0x00000c9d,
+ 0x0000316a, 0x00000c9e,
+ 0x0000316b, 0x00000c9f,
+ 0x0000316c, 0x00000ca0,
+ 0x0000316d, 0x00000ca1,
+ 0x0000316e, 0x00000ca2,
+ 0x0000316f, 0x00000ca3,
+ 0x00003170, 0x00000ca4,
+ 0x00003171, 0x00000ca5,
+ 0x00003172, 0x00000ca6,
+ 0x00003173, 0x00000ca7,
+ 0x00003174, 0x00000ca8,
+ 0x00003175, 0x00000ca9,
+ 0x00003176, 0x00000caa,
+ 0x00003177, 0x00000cab,
+ 0x00003178, 0x00000cac,
+ 0x00003179, 0x00000cad,
+ 0x0000317a, 0x00000cae,
+ 0x0000317b, 0x00000caf,
+ 0x0000317c, 0x00000cb0,
+ 0x0000317d, 0x00000cb1,
+ 0x0000317e, 0x00000cb2,
+ 0x0000317f, 0x00000cb3,
+ 0x00003180, 0x00000cb4,
+ 0x00003181, 0x00000cb5,
+ 0x00003182, 0x00000cb6,
+ 0x00003183, 0x00000cb7,
+ 0x00003184, 0x00000cb8,
+ 0x00003185, 0x00000cb9,
+ 0x00003186, 0x00000cba,
+ 0x00003187, 0x00000cbb,
+ 0x00003188, 0x00000cbc,
+ 0x00003189, 0x00000cbd,
+ 0x0000318a, 0x00000cbe,
+ 0x0000318b, 0x00000cbf,
+ 0x0000318c, 0x00000cc0,
+ 0x0000318d, 0x00000cc1,
+ 0x0000318e, 0x00000cc2,
+ 0x00003192, 0x00000cc3,
+ 0x00003193, 0x00000cc4,
+ 0x00003194, 0x00000cc5,
+ 0x00003195, 0x00000cc6,
+ 0x00003196, 0x00000cc7,
+ 0x00003197, 0x00000cc8,
+ 0x00003198, 0x00000cc9,
+ 0x00003199, 0x00000cca,
+ 0x0000319a, 0x00000ccb,
+ 0x0000319b, 0x00000ccc,
+ 0x0000319c, 0x00000ccd,
+ 0x0000319d, 0x00000cce,
+ 0x0000319e, 0x00000ccf,
+ 0x0000319f, 0x00000cd0,
+ 0x00003200, 0x00000cd1,
+ 0x00003201, 0x00000cd4,
+ 0x00003202, 0x00000cd7,
+ 0x00003203, 0x00000cda,
+ 0x00003204, 0x00000cdd,
+ 0x00003205, 0x00000ce0,
+ 0x00003206, 0x00000ce3,
+ 0x00003207, 0x00000ce6,
+ 0x00003208, 0x00000ce9,
+ 0x00003209, 0x00000cec,
+ 0x0000320a, 0x00000cef,
+ 0x0000320b, 0x00000cf2,
+ 0x0000320c, 0x00000cf5,
+ 0x0000320d, 0x00000cf8,
+ 0x0000320e, 0x00000cfb,
+ 0x0000320f, 0x00000cff,
+ 0x00003210, 0x00000d03,
+ 0x00003211, 0x00000d07,
+ 0x00003212, 0x00000d0b,
+ 0x00003213, 0x00000d0f,
+ 0x00003214, 0x00000d13,
+ 0x00003215, 0x00000d17,
+ 0x00003216, 0x00000d1b,
+ 0x00003217, 0x00000d1f,
+ 0x00003218, 0x00000d23,
+ 0x00003219, 0x00000d27,
+ 0x0000321a, 0x00000d2b,
+ 0x0000321b, 0x00000d2f,
+ 0x0000321c, 0x00000d33,
+ 0x00003220, 0x00000d37,
+ 0x00003221, 0x00000d3a,
+ 0x00003222, 0x00000d3d,
+ 0x00003223, 0x00000d40,
+ 0x00003224, 0x00000d43,
+ 0x00003225, 0x00000d46,
+ 0x00003226, 0x00000d49,
+ 0x00003227, 0x00000d4c,
+ 0x00003228, 0x00000d4f,
+ 0x00003229, 0x00000d52,
+ 0x0000322a, 0x00000d55,
+ 0x0000322b, 0x00000d58,
+ 0x0000322c, 0x00000d5b,
+ 0x0000322d, 0x00000d5e,
+ 0x0000322e, 0x00000d61,
+ 0x0000322f, 0x00000d64,
+ 0x00003230, 0x00000d67,
+ 0x00003231, 0x00000d6a,
+ 0x00003232, 0x00000d6d,
+ 0x00003233, 0x00000d70,
+ 0x00003234, 0x00000d73,
+ 0x00003235, 0x00000d76,
+ 0x00003236, 0x00000d79,
+ 0x00003237, 0x00000d7c,
+ 0x00003238, 0x00000d7f,
+ 0x00003239, 0x00000d82,
+ 0x0000323a, 0x00000d85,
+ 0x0000323b, 0x00000d88,
+ 0x0000323c, 0x00000d8b,
+ 0x0000323d, 0x00000d8e,
+ 0x0000323e, 0x00000d91,
+ 0x0000323f, 0x00000d94,
+ 0x00003240, 0x00000d97,
+ 0x00003241, 0x00000d9a,
+ 0x00003242, 0x00000d9d,
+ 0x00003243, 0x00000da0,
+ 0x00003251, 0x00000da3,
+ 0x00003252, 0x00000da5,
+ 0x00003253, 0x00000da7,
+ 0x00003254, 0x00000da9,
+ 0x00003255, 0x00000dab,
+ 0x00003256, 0x00000dad,
+ 0x00003257, 0x00000daf,
+ 0x00003258, 0x00000db1,
+ 0x00003259, 0x00000db3,
+ 0x0000325a, 0x00000db5,
+ 0x0000325b, 0x00000db7,
+ 0x0000325c, 0x00000db9,
+ 0x0000325d, 0x00000dbb,
+ 0x0000325e, 0x00000dbd,
+ 0x0000325f, 0x00000dbf,
+ 0x00003260, 0x00000dc1,
+ 0x00003261, 0x00000dc2,
+ 0x00003262, 0x00000dc3,
+ 0x00003263, 0x00000dc4,
+ 0x00003264, 0x00000dc5,
+ 0x00003265, 0x00000dc6,
+ 0x00003266, 0x00000dc7,
+ 0x00003267, 0x00000dc8,
+ 0x00003268, 0x00000dc9,
+ 0x00003269, 0x00000dca,
+ 0x0000326a, 0x00000dcb,
+ 0x0000326b, 0x00000dcc,
+ 0x0000326c, 0x00000dcd,
+ 0x0000326d, 0x00000dce,
+ 0x0000326e, 0x00000dcf,
+ 0x0000326f, 0x00000dd1,
+ 0x00003270, 0x00000dd3,
+ 0x00003271, 0x00000dd5,
+ 0x00003272, 0x00000dd7,
+ 0x00003273, 0x00000dd9,
+ 0x00003274, 0x00000ddb,
+ 0x00003275, 0x00000ddd,
+ 0x00003276, 0x00000ddf,
+ 0x00003277, 0x00000de1,
+ 0x00003278, 0x00000de3,
+ 0x00003279, 0x00000de5,
+ 0x0000327a, 0x00000de7,
+ 0x0000327b, 0x00000de9,
+ 0x00003280, 0x00000deb,
+ 0x00003281, 0x00000dec,
+ 0x00003282, 0x00000ded,
+ 0x00003283, 0x00000dee,
+ 0x00003284, 0x00000def,
+ 0x00003285, 0x00000df0,
+ 0x00003286, 0x00000df1,
+ 0x00003287, 0x00000df2,
+ 0x00003288, 0x00000df3,
+ 0x00003289, 0x00000df4,
+ 0x0000328a, 0x00000df5,
+ 0x0000328b, 0x00000df6,
+ 0x0000328c, 0x00000df7,
+ 0x0000328d, 0x00000df8,
+ 0x0000328e, 0x00000df9,
+ 0x0000328f, 0x00000dfa,
+ 0x00003290, 0x00000dfb,
+ 0x00003291, 0x00000dfc,
+ 0x00003292, 0x00000dfd,
+ 0x00003293, 0x00000dfe,
+ 0x00003294, 0x00000dff,
+ 0x00003295, 0x00000e00,
+ 0x00003296, 0x00000e01,
+ 0x00003297, 0x00000e02,
+ 0x00003298, 0x00000e03,
+ 0x00003299, 0x00000e04,
+ 0x0000329a, 0x00000e05,
+ 0x0000329b, 0x00000e06,
+ 0x0000329c, 0x00000e07,
+ 0x0000329d, 0x00000e08,
+ 0x0000329e, 0x00000e09,
+ 0x0000329f, 0x00000e0a,
+ 0x000032a0, 0x00000e0b,
+ 0x000032a1, 0x00000e0c,
+ 0x000032a2, 0x00000e0d,
+ 0x000032a3, 0x00000e0e,
+ 0x000032a4, 0x00000e0f,
+ 0x000032a5, 0x00000e10,
+ 0x000032a6, 0x00000e11,
+ 0x000032a7, 0x00000e12,
+ 0x000032a8, 0x00000e13,
+ 0x000032a9, 0x00000e14,
+ 0x000032aa, 0x00000e15,
+ 0x000032ab, 0x00000e16,
+ 0x000032ac, 0x00000e17,
+ 0x000032ad, 0x00000e18,
+ 0x000032ae, 0x00000e19,
+ 0x000032af, 0x00000e1a,
+ 0x000032b0, 0x00000e1b,
+ 0x000032b1, 0x00000e1c,
+ 0x000032b2, 0x00000e1e,
+ 0x000032b3, 0x00000e20,
+ 0x000032b4, 0x00000e22,
+ 0x000032b5, 0x00000e24,
+ 0x000032b6, 0x00000e26,
+ 0x000032b7, 0x00000e28,
+ 0x000032b8, 0x00000e2a,
+ 0x000032b9, 0x00000e2c,
+ 0x000032ba, 0x00000e2e,
+ 0x000032bb, 0x00000e30,
+ 0x000032bc, 0x00000e32,
+ 0x000032bd, 0x00000e34,
+ 0x000032be, 0x00000e36,
+ 0x000032bf, 0x00000e38,
+ 0x000032c0, 0x00000e3a,
+ 0x000032c1, 0x00000e3c,
+ 0x000032c2, 0x00000e3e,
+ 0x000032c3, 0x00000e40,
+ 0x000032c4, 0x00000e42,
+ 0x000032c5, 0x00000e44,
+ 0x000032c6, 0x00000e46,
+ 0x000032c7, 0x00000e48,
+ 0x000032c8, 0x00000e4a,
+ 0x000032c9, 0x00000e4c,
+ 0x000032ca, 0x00000e4f,
+ 0x000032cb, 0x00000e52,
+ 0x000032d0, 0x00000e55,
+ 0x000032d1, 0x00000e56,
+ 0x000032d2, 0x00000e57,
+ 0x000032d3, 0x00000e58,
+ 0x000032d4, 0x00000e59,
+ 0x000032d5, 0x00000e5a,
+ 0x000032d6, 0x00000e5b,
+ 0x000032d7, 0x00000e5c,
+ 0x000032d8, 0x00000e5d,
+ 0x000032d9, 0x00000e5e,
+ 0x000032da, 0x00000e5f,
+ 0x000032db, 0x00000e60,
+ 0x000032dc, 0x00000e61,
+ 0x000032dd, 0x00000e62,
+ 0x000032de, 0x00000e63,
+ 0x000032df, 0x00000e64,
+ 0x000032e0, 0x00000e65,
+ 0x000032e1, 0x00000e66,
+ 0x000032e2, 0x00000e67,
+ 0x000032e3, 0x00000e68,
+ 0x000032e4, 0x00000e69,
+ 0x000032e5, 0x00000e6a,
+ 0x000032e6, 0x00000e6b,
+ 0x000032e7, 0x00000e6c,
+ 0x000032e8, 0x00000e6d,
+ 0x000032e9, 0x00000e6e,
+ 0x000032ea, 0x00000e6f,
+ 0x000032eb, 0x00000e70,
+ 0x000032ec, 0x00000e71,
+ 0x000032ed, 0x00000e72,
+ 0x000032ee, 0x00000e73,
+ 0x000032ef, 0x00000e74,
+ 0x000032f0, 0x00000e75,
+ 0x000032f1, 0x00000e76,
+ 0x000032f2, 0x00000e77,
+ 0x000032f3, 0x00000e78,
+ 0x000032f4, 0x00000e79,
+ 0x000032f5, 0x00000e7a,
+ 0x000032f6, 0x00000e7b,
+ 0x000032f7, 0x00000e7c,
+ 0x000032f8, 0x00000e7d,
+ 0x000032f9, 0x00000e7e,
+ 0x000032fa, 0x00000e7f,
+ 0x000032fb, 0x00000e80,
+ 0x000032fc, 0x00000e81,
+ 0x000032fd, 0x00000e82,
+ 0x000032fe, 0x00000e83,
+ 0x00003300, 0x00000e84,
+ 0x00003301, 0x00000e89,
+ 0x00003302, 0x00000e8d,
+ 0x00003303, 0x00000e92,
+ 0x00003304, 0x00000e95,
+ 0x00003305, 0x00000e9a,
+ 0x00003306, 0x00000e9d,
+ 0x00003307, 0x00000ea0,
+ 0x00003308, 0x00000ea6,
+ 0x00003309, 0x00000eaa,
+ 0x0000330a, 0x00000ead,
+ 0x0000330b, 0x00000eb0,
+ 0x0000330c, 0x00000eb3,
+ 0x0000330d, 0x00000eb7,
+ 0x0000330e, 0x00000ebb,
+ 0x0000330f, 0x00000ebf,
+ 0x00003310, 0x00000ec3,
+ 0x00003311, 0x00000ec7,
+ 0x00003312, 0x00000ecb,
+ 0x00003313, 0x00000ecf,
+ 0x00003314, 0x00000ed5,
+ 0x00003315, 0x00000ed7,
+ 0x00003316, 0x00000edd,
+ 0x00003317, 0x00000ee3,
+ 0x00003318, 0x00000ee8,
+ 0x00003319, 0x00000eec,
+ 0x0000331a, 0x00000ef2,
+ 0x0000331b, 0x00000ef8,
+ 0x0000331c, 0x00000efc,
+ 0x0000331d, 0x00000eff,
+ 0x0000331e, 0x00000f02,
+ 0x0000331f, 0x00000f06,
+ 0x00003320, 0x00000f0a,
+ 0x00003321, 0x00000f0f,
+ 0x00003322, 0x00000f14,
+ 0x00003323, 0x00000f17,
+ 0x00003324, 0x00000f1a,
+ 0x00003325, 0x00000f1e,
+ 0x00003326, 0x00000f21,
+ 0x00003327, 0x00000f24,
+ 0x00003328, 0x00000f26,
+ 0x00003329, 0x00000f28,
+ 0x0000332a, 0x00000f2b,
+ 0x0000332b, 0x00000f2e,
+ 0x0000332c, 0x00000f34,
+ 0x0000332d, 0x00000f38,
+ 0x0000332e, 0x00000f3d,
+ 0x0000332f, 0x00000f43,
+ 0x00003330, 0x00000f47,
+ 0x00003331, 0x00000f4a,
+ 0x00003332, 0x00000f4d,
+ 0x00003333, 0x00000f53,
+ 0x00003334, 0x00000f57,
+ 0x00003335, 0x00000f5d,
+ 0x00003336, 0x00000f60,
+ 0x00003337, 0x00000f65,
+ 0x00003338, 0x00000f68,
+ 0x00003339, 0x00000f6c,
+ 0x0000333a, 0x00000f6f,
+ 0x0000333b, 0x00000f73,
+ 0x0000333c, 0x00000f78,
+ 0x0000333d, 0x00000f7c,
+ 0x0000333e, 0x00000f81,
+ 0x0000333f, 0x00000f85,
+ 0x00003340, 0x00000f87,
+ 0x00003341, 0x00000f8c,
+ 0x00003342, 0x00000f8f,
+ 0x00003343, 0x00000f92,
+ 0x00003344, 0x00000f96,
+ 0x00003345, 0x00000f99,
+ 0x00003346, 0x00000f9c,
+ 0x00003347, 0x00000f9f,
+ 0x00003348, 0x00000fa4,
+ 0x00003349, 0x00000fa8,
+ 0x0000334a, 0x00000faa,
+ 0x0000334b, 0x00000fb0,
+ 0x0000334c, 0x00000fb3,
+ 0x0000334d, 0x00000fb8,
+ 0x0000334e, 0x00000fbc,
+ 0x0000334f, 0x00000fc0,
+ 0x00003350, 0x00000fc3,
+ 0x00003351, 0x00000fc6,
+ 0x00003352, 0x00000fca,
+ 0x00003353, 0x00000fcc,
+ 0x00003354, 0x00000fd0,
+ 0x00003355, 0x00000fd5,
+ 0x00003356, 0x00000fd7,
+ 0x00003357, 0x00000fdd,
+ 0x00003358, 0x00000fe0,
+ 0x00003359, 0x00000fe2,
+ 0x0000335a, 0x00000fe4,
+ 0x0000335b, 0x00000fe6,
+ 0x0000335c, 0x00000fe8,
+ 0x0000335d, 0x00000fea,
+ 0x0000335e, 0x00000fec,
+ 0x0000335f, 0x00000fee,
+ 0x00003360, 0x00000ff0,
+ 0x00003361, 0x00000ff2,
+ 0x00003362, 0x00000ff4,
+ 0x00003363, 0x00000ff7,
+ 0x00003364, 0x00000ffa,
+ 0x00003365, 0x00000ffd,
+ 0x00003366, 0x00001000,
+ 0x00003367, 0x00001003,
+ 0x00003368, 0x00001006,
+ 0x00003369, 0x00001009,
+ 0x0000336a, 0x0000100c,
+ 0x0000336b, 0x0000100f,
+ 0x0000336c, 0x00001012,
+ 0x0000336d, 0x00001015,
+ 0x0000336e, 0x00001018,
+ 0x0000336f, 0x0000101b,
+ 0x00003370, 0x0000101e,
+ 0x00003371, 0x00001021,
+ 0x00003372, 0x00001024,
+ 0x00003373, 0x00001026,
+ 0x00003374, 0x00001028,
+ 0x00003375, 0x0000102b,
+ 0x00003376, 0x0000102d,
+ 0x0000337b, 0x0000102f,
+ 0x0000337c, 0x00001031,
+ 0x0000337d, 0x00001033,
+ 0x0000337e, 0x00001035,
+ 0x0000337f, 0x00001037,
+ 0x00003380, 0x0000103b,
+ 0x00003381, 0x0000103d,
+ 0x00003382, 0x0000103f,
+ 0x00003383, 0x00001041,
+ 0x00003384, 0x00001043,
+ 0x00003385, 0x00001045,
+ 0x00003386, 0x00001047,
+ 0x00003387, 0x00001049,
+ 0x00003388, 0x0000104b,
+ 0x00003389, 0x0000104e,
+ 0x0000338a, 0x00001052,
+ 0x0000338b, 0x00001054,
+ 0x0000338c, 0x00001056,
+ 0x0000338d, 0x00001058,
+ 0x0000338e, 0x0000105a,
+ 0x0000338f, 0x0000105c,
+ 0x00003390, 0x0000105e,
+ 0x00003391, 0x00001060,
+ 0x00003392, 0x00001063,
+ 0x00003393, 0x00001066,
+ 0x00003394, 0x00001069,
+ 0x00003395, 0x0000106c,
+ 0x00003396, 0x0000106e,
+ 0x00003397, 0x00001070,
+ 0x00003398, 0x00001072,
+ 0x00003399, 0x00001074,
+ 0x0000339a, 0x00001076,
+ 0x0000339b, 0x00001078,
+ 0x0000339c, 0x0000107a,
+ 0x0000339d, 0x0000107c,
+ 0x0000339e, 0x0000107e,
+ 0x0000339f, 0x00001080,
+ 0x000033a0, 0x00001083,
+ 0x000033a1, 0x00001086,
+ 0x000033a2, 0x00001088,
+ 0x000033a3, 0x0000108b,
+ 0x000033a4, 0x0000108e,
+ 0x000033a5, 0x00001091,
+ 0x000033a6, 0x00001093,
+ 0x000033a7, 0x00001096,
+ 0x000033a8, 0x00001099,
+ 0x000033a9, 0x0000109d,
+ 0x000033aa, 0x0000109f,
+ 0x000033ab, 0x000010a2,
+ 0x000033ac, 0x000010a5,
+ 0x000033ad, 0x000010a8,
+ 0x000033ae, 0x000010ab,
+ 0x000033af, 0x000010b0,
+ 0x000033b0, 0x000010b6,
+ 0x000033b1, 0x000010b8,
+ 0x000033b2, 0x000010ba,
+ 0x000033b3, 0x000010bc,
+ 0x000033b4, 0x000010be,
+ 0x000033b5, 0x000010c0,
+ 0x000033b6, 0x000010c2,
+ 0x000033b7, 0x000010c4,
+ 0x000033b8, 0x000010c6,
+ 0x000033b9, 0x000010c8,
+ 0x000033ba, 0x000010ca,
+ 0x000033bb, 0x000010cc,
+ 0x000033bc, 0x000010ce,
+ 0x000033bd, 0x000010d0,
+ 0x000033be, 0x000010d2,
+ 0x000033bf, 0x000010d4,
+ 0x000033c0, 0x000010d6,
+ 0x000033c1, 0x000010d8,
+ 0x000033c2, 0x000010da,
+ 0x000033c3, 0x000010de,
+ 0x000033c4, 0x000010e0,
+ 0x000033c5, 0x000010e2,
+ 0x000033c6, 0x000010e4,
+ 0x000033c7, 0x000010e8,
+ 0x000033c8, 0x000010eb,
+ 0x000033c9, 0x000010ed,
+ 0x000033ca, 0x000010ef,
+ 0x000033cb, 0x000010f1,
+ 0x000033cc, 0x000010f3,
+ 0x000033cd, 0x000010f5,
+ 0x000033ce, 0x000010f7,
+ 0x000033cf, 0x000010f9,
+ 0x000033d0, 0x000010fb,
+ 0x000033d1, 0x000010fd,
+ 0x000033d2, 0x000010ff,
+ 0x000033d3, 0x00001102,
+ 0x000033d4, 0x00001104,
+ 0x000033d5, 0x00001106,
+ 0x000033d6, 0x00001109,
+ 0x000033d7, 0x0000110c,
+ 0x000033d8, 0x0000110e,
+ 0x000033d9, 0x00001112,
+ 0x000033da, 0x00001115,
+ 0x000033db, 0x00001117,
+ 0x000033dc, 0x00001119,
+ 0x000033dd, 0x0000111b,
+ 0x000033e0, 0x0000111d,
+ 0x000033e1, 0x0000111f,
+ 0x000033e2, 0x00001121,
+ 0x000033e3, 0x00001123,
+ 0x000033e4, 0x00001125,
+ 0x000033e5, 0x00001127,
+ 0x000033e6, 0x00001129,
+ 0x000033e7, 0x0000112b,
+ 0x000033e8, 0x0000112d,
+ 0x000033e9, 0x0000112f,
+ 0x000033ea, 0x00001132,
+ 0x000033eb, 0x00001135,
+ 0x000033ec, 0x00001138,
+ 0x000033ed, 0x0000113b,
+ 0x000033ee, 0x0000113e,
+ 0x000033ef, 0x00001141,
+ 0x000033f0, 0x00001144,
+ 0x000033f1, 0x00001147,
+ 0x000033f2, 0x0000114a,
+ 0x000033f3, 0x0000114d,
+ 0x000033f4, 0x00001150,
+ 0x000033f5, 0x00001153,
+ 0x000033f6, 0x00001156,
+ 0x000033f7, 0x00001159,
+ 0x000033f8, 0x0000115c,
+ 0x000033f9, 0x0000115f,
+ 0x000033fa, 0x00001162,
+ 0x000033fb, 0x00001165,
+ 0x000033fc, 0x00001168,
+ 0x000033fd, 0x0000116b,
+ 0x000033fe, 0x0000116e,
+ 0x0000f902, 0x00001171,
+ 0x0000f903, 0x00001172,
+ 0x0000f904, 0x00001173,
+ 0x0000f905, 0x00001174,
+ 0x0000f906, 0x00001175,
+ 0x0000f907, 0x00001176,
+ 0x0000f908, 0x00001177,
+ 0x0000f909, 0x00001178,
+ 0x0000f90a, 0x00001179,
+ 0x0000f90b, 0x0000117a,
+ 0x0000f90c, 0x0000117b,
+ 0x0000f90d, 0x0000117c,
+ 0x0000f90e, 0x0000117d,
+ 0x0000f90f, 0x0000117e,
+ 0x0000f910, 0x0000117f,
+ 0x0000f911, 0x00001180,
+ 0x0000f912, 0x00001181,
+ 0x0000f913, 0x00001182,
+ 0x0000f914, 0x00001183,
+ 0x0000f915, 0x00001184,
+ 0x0000f916, 0x00001185,
+ 0x0000f917, 0x00001186,
+ 0x0000f918, 0x00001187,
+ 0x0000f919, 0x00001188,
+ 0x0000f91a, 0x00001189,
+ 0x0000f91b, 0x0000118a,
+ 0x0000f91c, 0x0000118b,
+ 0x0000f91d, 0x0000118c,
+ 0x0000f91e, 0x0000118d,
+ 0x0000f91f, 0x0000118e,
+ 0x0000f920, 0x0000118f,
+ 0x0000f921, 0x00001190,
+ 0x0000f922, 0x00001191,
+ 0x0000f923, 0x00001192,
+ 0x0000f924, 0x00001193,
+ 0x0000f925, 0x00001194,
+ 0x0000f926, 0x00001195,
+ 0x0000f927, 0x00001196,
+ 0x0000f928, 0x00001197,
+ 0x0000f929, 0x00001198,
+ 0x0000f92a, 0x00001199,
+ 0x0000f92b, 0x0000119a,
+ 0x0000f92c, 0x0000119b,
+ 0x0000f92d, 0x0000119c,
+ 0x0000f92e, 0x0000119d,
+ 0x0000f92f, 0x0000119e,
+ 0x0000f930, 0x0000119f,
+ 0x0000f931, 0x000011a0,
+ 0x0000f932, 0x000011a1,
+ 0x0000f933, 0x000011a2,
+ 0x0000f934, 0x000011a3,
+ 0x0000f935, 0x000011a4,
+ 0x0000f936, 0x000011a5,
+ 0x0000f937, 0x000011a6,
+ 0x0000f938, 0x000011a7,
+ 0x0000f939, 0x000011a8,
+ 0x0000f93a, 0x000011a9,
+ 0x0000f93b, 0x000011aa,
+ 0x0000f93c, 0x000011ab,
+ 0x0000f93d, 0x000011ac,
+ 0x0000f93e, 0x000011ad,
+ 0x0000f93f, 0x000011ae,
+ 0x0000f940, 0x000011af,
+ 0x0000f941, 0x000011b0,
+ 0x0000f942, 0x000011b1,
+ 0x0000f943, 0x000011b2,
+ 0x0000f944, 0x000011b3,
+ 0x0000f945, 0x000011b4,
+ 0x0000f946, 0x000011b5,
+ 0x0000f947, 0x000011b6,
+ 0x0000f948, 0x000011b7,
+ 0x0000f949, 0x000011b8,
+ 0x0000f94a, 0x000011b9,
+ 0x0000f94b, 0x000011ba,
+ 0x0000f94c, 0x000011bb,
+ 0x0000f94d, 0x000011bc,
+ 0x0000f94e, 0x000011bd,
+ 0x0000f94f, 0x000011be,
+ 0x0000f950, 0x000011bf,
+ 0x0000f951, 0x000011c0,
+ 0x0000f952, 0x000011c1,
+ 0x0000f953, 0x000011c2,
+ 0x0000f954, 0x000011c3,
+ 0x0000f955, 0x000011c4,
+ 0x0000f956, 0x000011c5,
+ 0x0000f957, 0x000011c6,
+ 0x0000f958, 0x000011c7,
+ 0x0000f959, 0x000011c8,
+ 0x0000f95a, 0x000011c9,
+ 0x0000f95b, 0x000011ca,
+ 0x0000f95c, 0x000011cb,
+ 0x0000f95d, 0x000011cc,
+ 0x0000f95e, 0x000011cd,
+ 0x0000f95f, 0x000011ce,
+ 0x0000f960, 0x000011cf,
+ 0x0000f961, 0x000011d0,
+ 0x0000f962, 0x000011d1,
+ 0x0000f963, 0x000011d2,
+ 0x0000f964, 0x000011d3,
+ 0x0000f965, 0x000011d4,
+ 0x0000f966, 0x000011d5,
+ 0x0000f967, 0x000011d6,
+ 0x0000f968, 0x000011d7,
+ 0x0000f969, 0x000011d8,
+ 0x0000f96a, 0x000011d9,
+ 0x0000f96b, 0x000011da,
+ 0x0000f96c, 0x000011db,
+ 0x0000f96d, 0x000011dc,
+ 0x0000f96e, 0x000011dd,
+ 0x0000f96f, 0x000011de,
+ 0x0000f970, 0x000011df,
+ 0x0000f971, 0x000011e0,
+ 0x0000f972, 0x000011e1,
+ 0x0000f973, 0x000011e2,
+ 0x0000f974, 0x000011e3,
+ 0x0000f975, 0x000011e4,
+ 0x0000f976, 0x000011e5,
+ 0x0000f977, 0x000011e6,
+ 0x0000f978, 0x000011e7,
+ 0x0000f979, 0x000011e8,
+ 0x0000f97a, 0x000011e9,
+ 0x0000f97b, 0x000011ea,
+ 0x0000f97c, 0x000011eb,
+ 0x0000f97d, 0x000011ec,
+ 0x0000f97e, 0x000011ed,
+ 0x0000f97f, 0x000011ee,
+ 0x0000f980, 0x000011ef,
+ 0x0000f981, 0x000011f0,
+ 0x0000f982, 0x000011f1,
+ 0x0000f983, 0x000011f2,
+ 0x0000f984, 0x000011f3,
+ 0x0000f985, 0x000011f4,
+ 0x0000f986, 0x000011f5,
+ 0x0000f987, 0x000011f6,
+ 0x0000f988, 0x000011f7,
+ 0x0000f989, 0x000011f8,
+ 0x0000f98a, 0x000011f9,
+ 0x0000f98b, 0x000011fa,
+ 0x0000f98c, 0x000011fb,
+ 0x0000f98d, 0x000011fc,
+ 0x0000f98e, 0x000011fd,
+ 0x0000f98f, 0x000011fe,
+ 0x0000f990, 0x000011ff,
+ 0x0000f991, 0x00001200,
+ 0x0000f992, 0x00001201,
+ 0x0000f993, 0x00001202,
+ 0x0000f994, 0x00001203,
+ 0x0000f995, 0x00001204,
+ 0x0000f996, 0x00001205,
+ 0x0000f997, 0x00001206,
+ 0x0000f998, 0x00001207,
+ 0x0000f999, 0x00001208,
+ 0x0000f99a, 0x00001209,
+ 0x0000f99b, 0x0000120a,
+ 0x0000f99c, 0x0000120b,
+ 0x0000f99d, 0x0000120c,
+ 0x0000f99e, 0x0000120d,
+ 0x0000f99f, 0x0000120e,
+ 0x0000f9a0, 0x0000120f,
+ 0x0000f9a1, 0x00001210,
+ 0x0000f9a2, 0x00001211,
+ 0x0000f9a3, 0x00001212,
+ 0x0000f9a4, 0x00001213,
+ 0x0000f9a5, 0x00001214,
+ 0x0000f9a6, 0x00001215,
+ 0x0000f9a7, 0x00001216,
+ 0x0000f9a8, 0x00001217,
+ 0x0000f9a9, 0x00001218,
+ 0x0000f9aa, 0x00001219,
+ 0x0000f9ab, 0x0000121a,
+ 0x0000f9ac, 0x0000121b,
+ 0x0000f9ad, 0x0000121c,
+ 0x0000f9ae, 0x0000121d,
+ 0x0000f9af, 0x0000121e,
+ 0x0000f9b0, 0x0000121f,
+ 0x0000f9b1, 0x00001220,
+ 0x0000f9b2, 0x00001221,
+ 0x0000f9b3, 0x00001222,
+ 0x0000f9b4, 0x00001223,
+ 0x0000f9b5, 0x00001224,
+ 0x0000f9b6, 0x00001225,
+ 0x0000f9b7, 0x00001226,
+ 0x0000f9b8, 0x00001227,
+ 0x0000f9b9, 0x00001228,
+ 0x0000f9ba, 0x00001229,
+ 0x0000f9bb, 0x0000122a,
+ 0x0000f9bc, 0x0000122b,
+ 0x0000f9bd, 0x0000122c,
+ 0x0000f9be, 0x0000122d,
+ 0x0000f9bf, 0x0000122e,
+ 0x0000f9c0, 0x0000122f,
+ 0x0000f9c1, 0x00001230,
+ 0x0000f9c2, 0x00001231,
+ 0x0000f9c3, 0x00001232,
+ 0x0000f9c4, 0x00001233,
+ 0x0000f9c5, 0x00001234,
+ 0x0000f9c6, 0x00001235,
+ 0x0000f9c7, 0x00001236,
+ 0x0000f9c8, 0x00001237,
+ 0x0000f9c9, 0x00001238,
+ 0x0000f9ca, 0x00001239,
+ 0x0000f9cb, 0x0000123a,
+ 0x0000f9cc, 0x0000123b,
+ 0x0000f9cd, 0x0000123c,
+ 0x0000f9ce, 0x0000123d,
+ 0x0000f9cf, 0x0000123e,
+ 0x0000f9d0, 0x0000123f,
+ 0x0000f9d1, 0x00001240,
+ 0x0000f9d2, 0x00001241,
+ 0x0000f9d3, 0x00001242,
+ 0x0000f9d4, 0x00001243,
+ 0x0000f9d5, 0x00001244,
+ 0x0000f9d6, 0x00001245,
+ 0x0000f9d7, 0x00001246,
+ 0x0000f9d8, 0x00001247,
+ 0x0000f9d9, 0x00001248,
+ 0x0000f9da, 0x00001249,
+ 0x0000f9db, 0x0000124a,
+ 0x0000f9dc, 0x0000124b,
+ 0x0000f9dd, 0x0000124c,
+ 0x0000f9de, 0x0000124d,
+ 0x0000f9df, 0x0000124e,
+ 0x0000f9e0, 0x0000124f,
+ 0x0000f9e1, 0x00001250,
+ 0x0000f9e2, 0x00001251,
+ 0x0000f9e3, 0x00001252,
+ 0x0000f9e4, 0x00001253,
+ 0x0000f9e5, 0x00001254,
+ 0x0000f9e6, 0x00001255,
+ 0x0000f9e7, 0x00001256,
+ 0x0000f9e8, 0x00001257,
+ 0x0000f9e9, 0x00001258,
+ 0x0000f9ea, 0x00001259,
+ 0x0000f9eb, 0x0000125a,
+ 0x0000f9ec, 0x0000125b,
+ 0x0000f9ed, 0x0000125c,
+ 0x0000f9ee, 0x0000125d,
+ 0x0000f9ef, 0x0000125e,
+ 0x0000f9f0, 0x0000125f,
+ 0x0000f9f1, 0x00001260,
+ 0x0000f9f2, 0x00001261,
+ 0x0000f9f3, 0x00001262,
+ 0x0000f9f4, 0x00001263,
+ 0x0000f9f5, 0x00001264,
+ 0x0000f9f6, 0x00001265,
+ 0x0000f9f7, 0x00001266,
+ 0x0000f9f8, 0x00001267,
+ 0x0000f9f9, 0x00001268,
+ 0x0000f9fa, 0x00001269,
+ 0x0000f9fb, 0x0000126a,
+ 0x0000f9fc, 0x0000126b,
+ 0x0000f9fd, 0x0000126c,
+ 0x0000f9fe, 0x0000126d,
+ 0x0000f9ff, 0x0000126e,
+ 0x0000fa00, 0x0000126f,
+ 0x0000fa01, 0x00001270,
+ 0x0000fa02, 0x00001271,
+ 0x0000fa03, 0x00001272,
+ 0x0000fa04, 0x00001273,
+ 0x0000fa05, 0x00001274,
+ 0x0000fa06, 0x00001275,
+ 0x0000fa07, 0x00001276,
+ 0x0000fa08, 0x00001277,
+ 0x0000fa09, 0x00001278,
+ 0x0000fa0a, 0x00001279,
+ 0x0000fa0b, 0x0000127a,
+ 0x0000fa0c, 0x0000127b,
+ 0x0000fa0d, 0x0000127c,
+ 0x0000fa10, 0x0000127d,
+ 0x0000fa12, 0x0000127e,
+ 0x0000fa15, 0x0000127f,
+ 0x0000fa16, 0x00001280,
+ 0x0000fa17, 0x00001281,
+ 0x0000fa18, 0x00001282,
+ 0x0000fa19, 0x00001283,
+ 0x0000fa1a, 0x00001284,
+ 0x0000fa1b, 0x00001285,
+ 0x0000fa1c, 0x00001286,
+ 0x0000fa1d, 0x00001287,
+ 0x0000fa1e, 0x00001288,
+ 0x0000fa20, 0x00001289,
+ 0x0000fa22, 0x0000128a,
+ 0x0000fa25, 0x0000128b,
+ 0x0000fa26, 0x0000128c,
+ 0x0000fa2a, 0x0000128d,
+ 0x0000fa2b, 0x0000128e,
+ 0x0000fa2c, 0x0000128f,
+ 0x0000fa2d, 0x00001290,
+ 0x0000fa30, 0x00001291,
+ 0x0000fa31, 0x00001292,
+ 0x0000fa32, 0x00001293,
+ 0x0000fa33, 0x00001294,
+ 0x0000fa34, 0x00001295,
+ 0x0000fa35, 0x00001296,
+ 0x0000fa36, 0x00001297,
+ 0x0000fa37, 0x00001298,
+ 0x0000fa38, 0x00001299,
+ 0x0000fa39, 0x0000129a,
+ 0x0000fa3a, 0x0000129b,
+ 0x0000fa3b, 0x0000129c,
+ 0x0000fa3c, 0x0000129d,
+ 0x0000fa3d, 0x0000129e,
+ 0x0000fa3e, 0x0000129f,
+ 0x0000fa3f, 0x000012a0,
+ 0x0000fa40, 0x000012a1,
+ 0x0000fa41, 0x000012a2,
+ 0x0000fa42, 0x000012a3,
+ 0x0000fa43, 0x000012a4,
+ 0x0000fa44, 0x000012a5,
+ 0x0000fa45, 0x000012a6,
+ 0x0000fa46, 0x000012a7,
+ 0x0000fa47, 0x000012a8,
+ 0x0000fa48, 0x000012a9,
+ 0x0000fa49, 0x000012aa,
+ 0x0000fa4a, 0x000012ab,
+ 0x0000fa4b, 0x000012ac,
+ 0x0000fa4c, 0x000012ad,
+ 0x0000fa4d, 0x000012ae,
+ 0x0000fa4e, 0x000012af,
+ 0x0000fa4f, 0x000012b0,
+ 0x0000fa50, 0x000012b1,
+ 0x0000fa51, 0x000012b2,
+ 0x0000fa52, 0x000012b3,
+ 0x0000fa53, 0x000012b4,
+ 0x0000fa54, 0x000012b5,
+ 0x0000fa55, 0x000012b6,
+ 0x0000fa56, 0x000012b7,
+ 0x0000fa57, 0x000012b8,
+ 0x0000fa58, 0x000012b9,
+ 0x0000fa59, 0x000012ba,
+ 0x0000fa5a, 0x000012bb,
+ 0x0000fa5b, 0x000012bc,
+ 0x0000fa5c, 0x000012bd,
+ 0x0000fa5d, 0x000012be,
+ 0x0000fa5e, 0x000012bf,
+ 0x0000fa5f, 0x000012c0,
+ 0x0000fa60, 0x000012c1,
+ 0x0000fa61, 0x000012c2,
+ 0x0000fa62, 0x000012c3,
+ 0x0000fa63, 0x000012c4,
+ 0x0000fa64, 0x000012c5,
+ 0x0000fa65, 0x000012c6,
+ 0x0000fa66, 0x000012c7,
+ 0x0000fa67, 0x000012c8,
+ 0x0000fa68, 0x000012c9,
+ 0x0000fa69, 0x000012ca,
+ 0x0000fa6a, 0x000012cb,
+ 0x0000fb00, 0x000012cc,
+ 0x0000fb01, 0x000012ce,
+ 0x0000fb02, 0x000012d0,
+ 0x0000fb03, 0x000012d2,
+ 0x0000fb04, 0x000012d5,
+ 0x0000fb05, 0x000012d8,
+ 0x0000fb06, 0x000012da,
+ 0x0000fb13, 0x000012dc,
+ 0x0000fb14, 0x000012de,
+ 0x0000fb15, 0x000012e0,
+ 0x0000fb16, 0x000012e2,
+ 0x0000fb17, 0x000012e4,
+ 0x0000fb1d, 0x000012e6,
+ 0x0000fb1f, 0x000012e8,
+ 0x0000fb20, 0x000012ea,
+ 0x0000fb21, 0x000012eb,
+ 0x0000fb22, 0x000012ec,
+ 0x0000fb23, 0x000012ed,
+ 0x0000fb24, 0x000012ee,
+ 0x0000fb25, 0x000012ef,
+ 0x0000fb26, 0x000012f0,
+ 0x0000fb27, 0x000012f1,
+ 0x0000fb28, 0x000012f2,
+ 0x0000fb29, 0x000012f3,
+ 0x0000fb2a, 0x000012f4,
+ 0x0000fb2b, 0x000012f6,
+ 0x0000fb2c, 0x000012f8,
+ 0x0000fb2d, 0x000012fb,
+ 0x0000fb2e, 0x000012fe,
+ 0x0000fb2f, 0x00001300,
+ 0x0000fb30, 0x00001302,
+ 0x0000fb31, 0x00001304,
+ 0x0000fb32, 0x00001306,
+ 0x0000fb33, 0x00001308,
+ 0x0000fb34, 0x0000130a,
+ 0x0000fb35, 0x0000130c,
+ 0x0000fb36, 0x0000130e,
+ 0x0000fb38, 0x00001310,
+ 0x0000fb39, 0x00001312,
+ 0x0000fb3a, 0x00001314,
+ 0x0000fb3b, 0x00001316,
+ 0x0000fb3c, 0x00001318,
+ 0x0000fb3e, 0x0000131a,
+ 0x0000fb40, 0x0000131c,
+ 0x0000fb41, 0x0000131e,
+ 0x0000fb43, 0x00001320,
+ 0x0000fb44, 0x00001322,
+ 0x0000fb46, 0x00001324,
+ 0x0000fb47, 0x00001326,
+ 0x0000fb48, 0x00001328,
+ 0x0000fb49, 0x0000132a,
+ 0x0000fb4a, 0x0000132c,
+ 0x0000fb4b, 0x0000132e,
+ 0x0000fb4c, 0x00001330,
+ 0x0000fb4d, 0x00001332,
+ 0x0000fb4e, 0x00001334,
+ 0x0000fb4f, 0x00001336,
+ 0x0000fb50, 0x00001338,
+ 0x0000fb51, 0x00001339,
+ 0x0000fb52, 0x0000133a,
+ 0x0000fb53, 0x0000133b,
+ 0x0000fb54, 0x0000133c,
+ 0x0000fb55, 0x0000133d,
+ 0x0000fb56, 0x0000133e,
+ 0x0000fb57, 0x0000133f,
+ 0x0000fb58, 0x00001340,
+ 0x0000fb59, 0x00001341,
+ 0x0000fb5a, 0x00001342,
+ 0x0000fb5b, 0x00001343,
+ 0x0000fb5c, 0x00001344,
+ 0x0000fb5d, 0x00001345,
+ 0x0000fb5e, 0x00001346,
+ 0x0000fb5f, 0x00001347,
+ 0x0000fb60, 0x00001348,
+ 0x0000fb61, 0x00001349,
+ 0x0000fb62, 0x0000134a,
+ 0x0000fb63, 0x0000134b,
+ 0x0000fb64, 0x0000134c,
+ 0x0000fb65, 0x0000134d,
+ 0x0000fb66, 0x0000134e,
+ 0x0000fb67, 0x0000134f,
+ 0x0000fb68, 0x00001350,
+ 0x0000fb69, 0x00001351,
+ 0x0000fb6a, 0x00001352,
+ 0x0000fb6b, 0x00001353,
+ 0x0000fb6c, 0x00001354,
+ 0x0000fb6d, 0x00001355,
+ 0x0000fb6e, 0x00001356,
+ 0x0000fb6f, 0x00001357,
+ 0x0000fb70, 0x00001358,
+ 0x0000fb71, 0x00001359,
+ 0x0000fb72, 0x0000135a,
+ 0x0000fb73, 0x0000135b,
+ 0x0000fb74, 0x0000135c,
+ 0x0000fb75, 0x0000135d,
+ 0x0000fb76, 0x0000135e,
+ 0x0000fb77, 0x0000135f,
+ 0x0000fb78, 0x00001360,
+ 0x0000fb79, 0x00001361,
+ 0x0000fb7a, 0x00001362,
+ 0x0000fb7b, 0x00001363,
+ 0x0000fb7c, 0x00001364,
+ 0x0000fb7d, 0x00001365,
+ 0x0000fb7e, 0x00001366,
+ 0x0000fb7f, 0x00001367,
+ 0x0000fb80, 0x00001368,
+ 0x0000fb81, 0x00001369,
+ 0x0000fb82, 0x0000136a,
+ 0x0000fb83, 0x0000136b,
+ 0x0000fb84, 0x0000136c,
+ 0x0000fb85, 0x0000136d,
+ 0x0000fb86, 0x0000136e,
+ 0x0000fb87, 0x0000136f,
+ 0x0000fb88, 0x00001370,
+ 0x0000fb89, 0x00001371,
+ 0x0000fb8a, 0x00001372,
+ 0x0000fb8b, 0x00001373,
+ 0x0000fb8c, 0x00001374,
+ 0x0000fb8d, 0x00001375,
+ 0x0000fb8e, 0x00001376,
+ 0x0000fb8f, 0x00001377,
+ 0x0000fb90, 0x00001378,
+ 0x0000fb91, 0x00001379,
+ 0x0000fb92, 0x0000137a,
+ 0x0000fb93, 0x0000137b,
+ 0x0000fb94, 0x0000137c,
+ 0x0000fb95, 0x0000137d,
+ 0x0000fb96, 0x0000137e,
+ 0x0000fb97, 0x0000137f,
+ 0x0000fb98, 0x00001380,
+ 0x0000fb99, 0x00001381,
+ 0x0000fb9a, 0x00001382,
+ 0x0000fb9b, 0x00001383,
+ 0x0000fb9c, 0x00001384,
+ 0x0000fb9d, 0x00001385,
+ 0x0000fb9e, 0x00001386,
+ 0x0000fb9f, 0x00001387,
+ 0x0000fba0, 0x00001388,
+ 0x0000fba1, 0x00001389,
+ 0x0000fba2, 0x0000138a,
+ 0x0000fba3, 0x0000138b,
+ 0x0000fba4, 0x0000138c,
+ 0x0000fba5, 0x0000138e,
+ 0x0000fba6, 0x00001390,
+ 0x0000fba7, 0x00001391,
+ 0x0000fba8, 0x00001392,
+ 0x0000fba9, 0x00001393,
+ 0x0000fbaa, 0x00001394,
+ 0x0000fbab, 0x00001395,
+ 0x0000fbac, 0x00001396,
+ 0x0000fbad, 0x00001397,
+ 0x0000fbae, 0x00001398,
+ 0x0000fbaf, 0x00001399,
+ 0x0000fbb0, 0x0000139a,
+ 0x0000fbb1, 0x0000139c,
+ 0x0000fbd3, 0x0000139e,
+ 0x0000fbd4, 0x0000139f,
+ 0x0000fbd5, 0x000013a0,
+ 0x0000fbd6, 0x000013a1,
+ 0x0000fbd7, 0x000013a2,
+ 0x0000fbd8, 0x000013a3,
+ 0x0000fbd9, 0x000013a4,
+ 0x0000fbda, 0x000013a5,
+ 0x0000fbdb, 0x000013a6,
+ 0x0000fbdc, 0x000013a7,
+ 0x0000fbdd, 0x000013a8,
+ 0x0000fbde, 0x000013aa,
+ 0x0000fbdf, 0x000013ab,
+ 0x0000fbe0, 0x000013ac,
+ 0x0000fbe1, 0x000013ad,
+ 0x0000fbe2, 0x000013ae,
+ 0x0000fbe3, 0x000013af,
+ 0x0000fbe4, 0x000013b0,
+ 0x0000fbe5, 0x000013b1,
+ 0x0000fbe6, 0x000013b2,
+ 0x0000fbe7, 0x000013b3,
+ 0x0000fbe8, 0x000013b4,
+ 0x0000fbe9, 0x000013b5,
+ 0x0000fbea, 0x000013b6,
+ 0x0000fbeb, 0x000013b9,
+ 0x0000fbec, 0x000013bc,
+ 0x0000fbed, 0x000013bf,
+ 0x0000fbee, 0x000013c2,
+ 0x0000fbef, 0x000013c5,
+ 0x0000fbf0, 0x000013c8,
+ 0x0000fbf1, 0x000013cb,
+ 0x0000fbf2, 0x000013ce,
+ 0x0000fbf3, 0x000013d1,
+ 0x0000fbf4, 0x000013d4,
+ 0x0000fbf5, 0x000013d7,
+ 0x0000fbf6, 0x000013da,
+ 0x0000fbf7, 0x000013dd,
+ 0x0000fbf8, 0x000013e0,
+ 0x0000fbf9, 0x000013e3,
+ 0x0000fbfa, 0x000013e6,
+ 0x0000fbfb, 0x000013e9,
+ 0x0000fbfc, 0x000013ec,
+ 0x0000fbfd, 0x000013ed,
+ 0x0000fbfe, 0x000013ee,
+ 0x0000fbff, 0x000013ef,
+ 0x0000fc00, 0x000013f0,
+ 0x0000fc01, 0x000013f3,
+ 0x0000fc02, 0x000013f6,
+ 0x0000fc03, 0x000013f9,
+ 0x0000fc04, 0x000013fc,
+ 0x0000fc05, 0x000013ff,
+ 0x0000fc06, 0x00001401,
+ 0x0000fc07, 0x00001403,
+ 0x0000fc08, 0x00001405,
+ 0x0000fc09, 0x00001407,
+ 0x0000fc0a, 0x00001409,
+ 0x0000fc0b, 0x0000140b,
+ 0x0000fc0c, 0x0000140d,
+ 0x0000fc0d, 0x0000140f,
+ 0x0000fc0e, 0x00001411,
+ 0x0000fc0f, 0x00001413,
+ 0x0000fc10, 0x00001415,
+ 0x0000fc11, 0x00001417,
+ 0x0000fc12, 0x00001419,
+ 0x0000fc13, 0x0000141b,
+ 0x0000fc14, 0x0000141d,
+ 0x0000fc15, 0x0000141f,
+ 0x0000fc16, 0x00001421,
+ 0x0000fc17, 0x00001423,
+ 0x0000fc18, 0x00001425,
+ 0x0000fc19, 0x00001427,
+ 0x0000fc1a, 0x00001429,
+ 0x0000fc1b, 0x0000142b,
+ 0x0000fc1c, 0x0000142d,
+ 0x0000fc1d, 0x0000142f,
+ 0x0000fc1e, 0x00001431,
+ 0x0000fc1f, 0x00001433,
+ 0x0000fc20, 0x00001435,
+ 0x0000fc21, 0x00001437,
+ 0x0000fc22, 0x00001439,
+ 0x0000fc23, 0x0000143b,
+ 0x0000fc24, 0x0000143d,
+ 0x0000fc25, 0x0000143f,
+ 0x0000fc26, 0x00001441,
+ 0x0000fc27, 0x00001443,
+ 0x0000fc28, 0x00001445,
+ 0x0000fc29, 0x00001447,
+ 0x0000fc2a, 0x00001449,
+ 0x0000fc2b, 0x0000144b,
+ 0x0000fc2c, 0x0000144d,
+ 0x0000fc2d, 0x0000144f,
+ 0x0000fc2e, 0x00001451,
+ 0x0000fc2f, 0x00001453,
+ 0x0000fc30, 0x00001455,
+ 0x0000fc31, 0x00001457,
+ 0x0000fc32, 0x00001459,
+ 0x0000fc33, 0x0000145b,
+ 0x0000fc34, 0x0000145d,
+ 0x0000fc35, 0x0000145f,
+ 0x0000fc36, 0x00001461,
+ 0x0000fc37, 0x00001463,
+ 0x0000fc38, 0x00001465,
+ 0x0000fc39, 0x00001467,
+ 0x0000fc3a, 0x00001469,
+ 0x0000fc3b, 0x0000146b,
+ 0x0000fc3c, 0x0000146d,
+ 0x0000fc3d, 0x0000146f,
+ 0x0000fc3e, 0x00001471,
+ 0x0000fc3f, 0x00001473,
+ 0x0000fc40, 0x00001475,
+ 0x0000fc41, 0x00001477,
+ 0x0000fc42, 0x00001479,
+ 0x0000fc43, 0x0000147b,
+ 0x0000fc44, 0x0000147d,
+ 0x0000fc45, 0x0000147f,
+ 0x0000fc46, 0x00001481,
+ 0x0000fc47, 0x00001483,
+ 0x0000fc48, 0x00001485,
+ 0x0000fc49, 0x00001487,
+ 0x0000fc4a, 0x00001489,
+ 0x0000fc4b, 0x0000148b,
+ 0x0000fc4c, 0x0000148d,
+ 0x0000fc4d, 0x0000148f,
+ 0x0000fc4e, 0x00001491,
+ 0x0000fc4f, 0x00001493,
+ 0x0000fc50, 0x00001495,
+ 0x0000fc51, 0x00001497,
+ 0x0000fc52, 0x00001499,
+ 0x0000fc53, 0x0000149b,
+ 0x0000fc54, 0x0000149d,
+ 0x0000fc55, 0x0000149f,
+ 0x0000fc56, 0x000014a1,
+ 0x0000fc57, 0x000014a3,
+ 0x0000fc58, 0x000014a5,
+ 0x0000fc59, 0x000014a7,
+ 0x0000fc5a, 0x000014a9,
+ 0x0000fc5b, 0x000014ab,
+ 0x0000fc5c, 0x000014ad,
+ 0x0000fc5d, 0x000014af,
+ 0x0000fc5e, 0x000014b1,
+ 0x0000fc5f, 0x000014b4,
+ 0x0000fc60, 0x000014b7,
+ 0x0000fc61, 0x000014ba,
+ 0x0000fc62, 0x000014bd,
+ 0x0000fc63, 0x000014c0,
+ 0x0000fc64, 0x000014c3,
+ 0x0000fc65, 0x000014c6,
+ 0x0000fc66, 0x000014c9,
+ 0x0000fc67, 0x000014cc,
+ 0x0000fc68, 0x000014cf,
+ 0x0000fc69, 0x000014d2,
+ 0x0000fc6a, 0x000014d5,
+ 0x0000fc6b, 0x000014d7,
+ 0x0000fc6c, 0x000014d9,
+ 0x0000fc6d, 0x000014db,
+ 0x0000fc6e, 0x000014dd,
+ 0x0000fc6f, 0x000014df,
+ 0x0000fc70, 0x000014e1,
+ 0x0000fc71, 0x000014e3,
+ 0x0000fc72, 0x000014e5,
+ 0x0000fc73, 0x000014e7,
+ 0x0000fc74, 0x000014e9,
+ 0x0000fc75, 0x000014eb,
+ 0x0000fc76, 0x000014ed,
+ 0x0000fc77, 0x000014ef,
+ 0x0000fc78, 0x000014f1,
+ 0x0000fc79, 0x000014f3,
+ 0x0000fc7a, 0x000014f5,
+ 0x0000fc7b, 0x000014f7,
+ 0x0000fc7c, 0x000014f9,
+ 0x0000fc7d, 0x000014fb,
+ 0x0000fc7e, 0x000014fd,
+ 0x0000fc7f, 0x000014ff,
+ 0x0000fc80, 0x00001501,
+ 0x0000fc81, 0x00001503,
+ 0x0000fc82, 0x00001505,
+ 0x0000fc83, 0x00001507,
+ 0x0000fc84, 0x00001509,
+ 0x0000fc85, 0x0000150b,
+ 0x0000fc86, 0x0000150d,
+ 0x0000fc87, 0x0000150f,
+ 0x0000fc88, 0x00001511,
+ 0x0000fc89, 0x00001513,
+ 0x0000fc8a, 0x00001515,
+ 0x0000fc8b, 0x00001517,
+ 0x0000fc8c, 0x00001519,
+ 0x0000fc8d, 0x0000151b,
+ 0x0000fc8e, 0x0000151d,
+ 0x0000fc8f, 0x0000151f,
+ 0x0000fc90, 0x00001521,
+ 0x0000fc91, 0x00001523,
+ 0x0000fc92, 0x00001525,
+ 0x0000fc93, 0x00001527,
+ 0x0000fc94, 0x00001529,
+ 0x0000fc95, 0x0000152b,
+ 0x0000fc96, 0x0000152d,
+ 0x0000fc97, 0x0000152f,
+ 0x0000fc98, 0x00001532,
+ 0x0000fc99, 0x00001535,
+ 0x0000fc9a, 0x00001538,
+ 0x0000fc9b, 0x0000153b,
+ 0x0000fc9c, 0x0000153e,
+ 0x0000fc9d, 0x00001540,
+ 0x0000fc9e, 0x00001542,
+ 0x0000fc9f, 0x00001544,
+ 0x0000fca0, 0x00001546,
+ 0x0000fca1, 0x00001548,
+ 0x0000fca2, 0x0000154a,
+ 0x0000fca3, 0x0000154c,
+ 0x0000fca4, 0x0000154e,
+ 0x0000fca5, 0x00001550,
+ 0x0000fca6, 0x00001552,
+ 0x0000fca7, 0x00001554,
+ 0x0000fca8, 0x00001556,
+ 0x0000fca9, 0x00001558,
+ 0x0000fcaa, 0x0000155a,
+ 0x0000fcab, 0x0000155c,
+ 0x0000fcac, 0x0000155e,
+ 0x0000fcad, 0x00001560,
+ 0x0000fcae, 0x00001562,
+ 0x0000fcaf, 0x00001564,
+ 0x0000fcb0, 0x00001566,
+ 0x0000fcb1, 0x00001568,
+ 0x0000fcb2, 0x0000156a,
+ 0x0000fcb3, 0x0000156c,
+ 0x0000fcb4, 0x0000156e,
+ 0x0000fcb5, 0x00001570,
+ 0x0000fcb6, 0x00001572,
+ 0x0000fcb7, 0x00001574,
+ 0x0000fcb8, 0x00001576,
+ 0x0000fcb9, 0x00001578,
+ 0x0000fcba, 0x0000157a,
+ 0x0000fcbb, 0x0000157c,
+ 0x0000fcbc, 0x0000157e,
+ 0x0000fcbd, 0x00001580,
+ 0x0000fcbe, 0x00001582,
+ 0x0000fcbf, 0x00001584,
+ 0x0000fcc0, 0x00001586,
+ 0x0000fcc1, 0x00001588,
+ 0x0000fcc2, 0x0000158a,
+ 0x0000fcc3, 0x0000158c,
+ 0x0000fcc4, 0x0000158e,
+ 0x0000fcc5, 0x00001590,
+ 0x0000fcc6, 0x00001592,
+ 0x0000fcc7, 0x00001594,
+ 0x0000fcc8, 0x00001596,
+ 0x0000fcc9, 0x00001598,
+ 0x0000fcca, 0x0000159a,
+ 0x0000fccb, 0x0000159c,
+ 0x0000fccc, 0x0000159e,
+ 0x0000fccd, 0x000015a0,
+ 0x0000fcce, 0x000015a2,
+ 0x0000fccf, 0x000015a4,
+ 0x0000fcd0, 0x000015a6,
+ 0x0000fcd1, 0x000015a8,
+ 0x0000fcd2, 0x000015aa,
+ 0x0000fcd3, 0x000015ac,
+ 0x0000fcd4, 0x000015ae,
+ 0x0000fcd5, 0x000015b0,
+ 0x0000fcd6, 0x000015b2,
+ 0x0000fcd7, 0x000015b4,
+ 0x0000fcd8, 0x000015b6,
+ 0x0000fcd9, 0x000015b8,
+ 0x0000fcda, 0x000015ba,
+ 0x0000fcdb, 0x000015bc,
+ 0x0000fcdc, 0x000015be,
+ 0x0000fcdd, 0x000015c0,
+ 0x0000fcde, 0x000015c2,
+ 0x0000fcdf, 0x000015c4,
+ 0x0000fce0, 0x000015c7,
+ 0x0000fce1, 0x000015ca,
+ 0x0000fce2, 0x000015cc,
+ 0x0000fce3, 0x000015ce,
+ 0x0000fce4, 0x000015d0,
+ 0x0000fce5, 0x000015d2,
+ 0x0000fce6, 0x000015d4,
+ 0x0000fce7, 0x000015d6,
+ 0x0000fce8, 0x000015d8,
+ 0x0000fce9, 0x000015da,
+ 0x0000fcea, 0x000015dc,
+ 0x0000fceb, 0x000015de,
+ 0x0000fcec, 0x000015e0,
+ 0x0000fced, 0x000015e2,
+ 0x0000fcee, 0x000015e4,
+ 0x0000fcef, 0x000015e6,
+ 0x0000fcf0, 0x000015e8,
+ 0x0000fcf1, 0x000015ea,
+ 0x0000fcf2, 0x000015ec,
+ 0x0000fcf3, 0x000015ef,
+ 0x0000fcf4, 0x000015f2,
+ 0x0000fcf5, 0x000015f5,
+ 0x0000fcf6, 0x000015f7,
+ 0x0000fcf7, 0x000015f9,
+ 0x0000fcf8, 0x000015fb,
+ 0x0000fcf9, 0x000015fd,
+ 0x0000fcfa, 0x000015ff,
+ 0x0000fcfb, 0x00001601,
+ 0x0000fcfc, 0x00001603,
+ 0x0000fcfd, 0x00001605,
+ 0x0000fcfe, 0x00001607,
+ 0x0000fcff, 0x00001609,
+ 0x0000fd00, 0x0000160b,
+ 0x0000fd01, 0x0000160d,
+ 0x0000fd02, 0x0000160f,
+ 0x0000fd03, 0x00001611,
+ 0x0000fd04, 0x00001613,
+ 0x0000fd05, 0x00001615,
+ 0x0000fd06, 0x00001617,
+ 0x0000fd07, 0x00001619,
+ 0x0000fd08, 0x0000161b,
+ 0x0000fd09, 0x0000161d,
+ 0x0000fd0a, 0x0000161f,
+ 0x0000fd0b, 0x00001621,
+ 0x0000fd0c, 0x00001623,
+ 0x0000fd0d, 0x00001625,
+ 0x0000fd0e, 0x00001627,
+ 0x0000fd0f, 0x00001629,
+ 0x0000fd10, 0x0000162b,
+ 0x0000fd11, 0x0000162d,
+ 0x0000fd12, 0x0000162f,
+ 0x0000fd13, 0x00001631,
+ 0x0000fd14, 0x00001633,
+ 0x0000fd15, 0x00001635,
+ 0x0000fd16, 0x00001637,
+ 0x0000fd17, 0x00001639,
+ 0x0000fd18, 0x0000163b,
+ 0x0000fd19, 0x0000163d,
+ 0x0000fd1a, 0x0000163f,
+ 0x0000fd1b, 0x00001641,
+ 0x0000fd1c, 0x00001643,
+ 0x0000fd1d, 0x00001645,
+ 0x0000fd1e, 0x00001647,
+ 0x0000fd1f, 0x00001649,
+ 0x0000fd20, 0x0000164b,
+ 0x0000fd21, 0x0000164d,
+ 0x0000fd22, 0x0000164f,
+ 0x0000fd23, 0x00001651,
+ 0x0000fd24, 0x00001653,
+ 0x0000fd25, 0x00001655,
+ 0x0000fd26, 0x00001657,
+ 0x0000fd27, 0x00001659,
+ 0x0000fd28, 0x0000165b,
+ 0x0000fd29, 0x0000165d,
+ 0x0000fd2a, 0x0000165f,
+ 0x0000fd2b, 0x00001661,
+ 0x0000fd2c, 0x00001663,
+ 0x0000fd2d, 0x00001665,
+ 0x0000fd2e, 0x00001667,
+ 0x0000fd2f, 0x00001669,
+ 0x0000fd30, 0x0000166b,
+ 0x0000fd31, 0x0000166d,
+ 0x0000fd32, 0x0000166f,
+ 0x0000fd33, 0x00001671,
+ 0x0000fd34, 0x00001673,
+ 0x0000fd35, 0x00001675,
+ 0x0000fd36, 0x00001677,
+ 0x0000fd37, 0x00001679,
+ 0x0000fd38, 0x0000167b,
+ 0x0000fd39, 0x0000167d,
+ 0x0000fd3a, 0x0000167f,
+ 0x0000fd3b, 0x00001681,
+ 0x0000fd3c, 0x00001683,
+ 0x0000fd3d, 0x00001685,
+ 0x0000fd50, 0x00001687,
+ 0x0000fd51, 0x0000168a,
+ 0x0000fd52, 0x0000168d,
+ 0x0000fd53, 0x00001690,
+ 0x0000fd54, 0x00001693,
+ 0x0000fd55, 0x00001696,
+ 0x0000fd56, 0x00001699,
+ 0x0000fd57, 0x0000169c,
+ 0x0000fd58, 0x0000169f,
+ 0x0000fd59, 0x000016a2,
+ 0x0000fd5a, 0x000016a5,
+ 0x0000fd5b, 0x000016a8,
+ 0x0000fd5c, 0x000016ab,
+ 0x0000fd5d, 0x000016ae,
+ 0x0000fd5e, 0x000016b1,
+ 0x0000fd5f, 0x000016b4,
+ 0x0000fd60, 0x000016b7,
+ 0x0000fd61, 0x000016ba,
+ 0x0000fd62, 0x000016bd,
+ 0x0000fd63, 0x000016c0,
+ 0x0000fd64, 0x000016c3,
+ 0x0000fd65, 0x000016c6,
+ 0x0000fd66, 0x000016c9,
+ 0x0000fd67, 0x000016cc,
+ 0x0000fd68, 0x000016cf,
+ 0x0000fd69, 0x000016d2,
+ 0x0000fd6a, 0x000016d5,
+ 0x0000fd6b, 0x000016d8,
+ 0x0000fd6c, 0x000016db,
+ 0x0000fd6d, 0x000016de,
+ 0x0000fd6e, 0x000016e1,
+ 0x0000fd6f, 0x000016e4,
+ 0x0000fd70, 0x000016e7,
+ 0x0000fd71, 0x000016ea,
+ 0x0000fd72, 0x000016ed,
+ 0x0000fd73, 0x000016f0,
+ 0x0000fd74, 0x000016f3,
+ 0x0000fd75, 0x000016f6,
+ 0x0000fd76, 0x000016f9,
+ 0x0000fd77, 0x000016fc,
+ 0x0000fd78, 0x000016ff,
+ 0x0000fd79, 0x00001702,
+ 0x0000fd7a, 0x00001705,
+ 0x0000fd7b, 0x00001708,
+ 0x0000fd7c, 0x0000170b,
+ 0x0000fd7d, 0x0000170e,
+ 0x0000fd7e, 0x00001711,
+ 0x0000fd7f, 0x00001714,
+ 0x0000fd80, 0x00001717,
+ 0x0000fd81, 0x0000171a,
+ 0x0000fd82, 0x0000171d,
+ 0x0000fd83, 0x00001720,
+ 0x0000fd84, 0x00001723,
+ 0x0000fd85, 0x00001726,
+ 0x0000fd86, 0x00001729,
+ 0x0000fd87, 0x0000172c,
+ 0x0000fd88, 0x0000172f,
+ 0x0000fd89, 0x00001732,
+ 0x0000fd8a, 0x00001735,
+ 0x0000fd8b, 0x00001738,
+ 0x0000fd8c, 0x0000173b,
+ 0x0000fd8d, 0x0000173e,
+ 0x0000fd8e, 0x00001741,
+ 0x0000fd8f, 0x00001744,
+ 0x0000fd92, 0x00001747,
+ 0x0000fd93, 0x0000174a,
+ 0x0000fd94, 0x0000174d,
+ 0x0000fd95, 0x00001750,
+ 0x0000fd96, 0x00001753,
+ 0x0000fd97, 0x00001756,
+ 0x0000fd98, 0x00001759,
+ 0x0000fd99, 0x0000175c,
+ 0x0000fd9a, 0x0000175f,
+ 0x0000fd9b, 0x00001762,
+ 0x0000fd9c, 0x00001765,
+ 0x0000fd9d, 0x00001768,
+ 0x0000fd9e, 0x0000176b,
+ 0x0000fd9f, 0x0000176e,
+ 0x0000fda0, 0x00001771,
+ 0x0000fda1, 0x00001774,
+ 0x0000fda2, 0x00001777,
+ 0x0000fda3, 0x0000177a,
+ 0x0000fda4, 0x0000177d,
+ 0x0000fda5, 0x00001780,
+ 0x0000fda6, 0x00001783,
+ 0x0000fda7, 0x00001786,
+ 0x0000fda8, 0x00001789,
+ 0x0000fda9, 0x0000178c,
+ 0x0000fdaa, 0x0000178f,
+ 0x0000fdab, 0x00001792,
+ 0x0000fdac, 0x00001795,
+ 0x0000fdad, 0x00001798,
+ 0x0000fdae, 0x0000179b,
+ 0x0000fdaf, 0x0000179e,
+ 0x0000fdb0, 0x000017a1,
+ 0x0000fdb1, 0x000017a4,
+ 0x0000fdb2, 0x000017a7,
+ 0x0000fdb3, 0x000017aa,
+ 0x0000fdb4, 0x000017ad,
+ 0x0000fdb5, 0x000017b0,
+ 0x0000fdb6, 0x000017b3,
+ 0x0000fdb7, 0x000017b6,
+ 0x0000fdb8, 0x000017b9,
+ 0x0000fdb9, 0x000017bc,
+ 0x0000fdba, 0x000017bf,
+ 0x0000fdbb, 0x000017c2,
+ 0x0000fdbc, 0x000017c5,
+ 0x0000fdbd, 0x000017c8,
+ 0x0000fdbe, 0x000017cb,
+ 0x0000fdbf, 0x000017ce,
+ 0x0000fdc0, 0x000017d1,
+ 0x0000fdc1, 0x000017d4,
+ 0x0000fdc2, 0x000017d7,
+ 0x0000fdc3, 0x000017da,
+ 0x0000fdc4, 0x000017dd,
+ 0x0000fdc5, 0x000017e0,
+ 0x0000fdc6, 0x000017e3,
+ 0x0000fdc7, 0x000017e6,
+ 0x0000fdf0, 0x000017e9,
+ 0x0000fdf1, 0x000017ec,
+ 0x0000fdf2, 0x000017ef,
+ 0x0000fdf3, 0x000017f3,
+ 0x0000fdf4, 0x000017f7,
+ 0x0000fdf5, 0x000017fb,
+ 0x0000fdf6, 0x000017ff,
+ 0x0000fdf7, 0x00001803,
+ 0x0000fdf8, 0x00001807,
+ 0x0000fdf9, 0x0000180b,
+ 0x0000fdfa, 0x0000180e,
+ 0x0000fdfb, 0x00001820,
+ 0x0000fdfc, 0x00001828,
+ 0x0000fe30, 0x0000182c,
+ 0x0000fe31, 0x0000182e,
+ 0x0000fe32, 0x0000182f,
+ 0x0000fe33, 0x00001830,
+ 0x0000fe34, 0x00001831,
+ 0x0000fe35, 0x00001832,
+ 0x0000fe36, 0x00001833,
+ 0x0000fe37, 0x00001834,
+ 0x0000fe38, 0x00001835,
+ 0x0000fe39, 0x00001836,
+ 0x0000fe3a, 0x00001837,
+ 0x0000fe3b, 0x00001838,
+ 0x0000fe3c, 0x00001839,
+ 0x0000fe3d, 0x0000183a,
+ 0x0000fe3e, 0x0000183b,
+ 0x0000fe3f, 0x0000183c,
+ 0x0000fe40, 0x0000183d,
+ 0x0000fe41, 0x0000183e,
+ 0x0000fe42, 0x0000183f,
+ 0x0000fe43, 0x00001840,
+ 0x0000fe44, 0x00001841,
+ 0x0000fe49, 0x00001842,
+ 0x0000fe4a, 0x00001844,
+ 0x0000fe4b, 0x00001846,
+ 0x0000fe4c, 0x00001848,
+ 0x0000fe4d, 0x0000184a,
+ 0x0000fe4e, 0x0000184b,
+ 0x0000fe4f, 0x0000184c,
+ 0x0000fe50, 0x0000184d,
+ 0x0000fe51, 0x0000184e,
+ 0x0000fe52, 0x0000184f,
+ 0x0000fe54, 0x00001850,
+ 0x0000fe55, 0x00001851,
+ 0x0000fe56, 0x00001852,
+ 0x0000fe57, 0x00001853,
+ 0x0000fe58, 0x00001854,
+ 0x0000fe59, 0x00001855,
+ 0x0000fe5a, 0x00001856,
+ 0x0000fe5b, 0x00001857,
+ 0x0000fe5c, 0x00001858,
+ 0x0000fe5d, 0x00001859,
+ 0x0000fe5e, 0x0000185a,
+ 0x0000fe5f, 0x0000185b,
+ 0x0000fe60, 0x0000185c,
+ 0x0000fe61, 0x0000185d,
+ 0x0000fe62, 0x0000185e,
+ 0x0000fe63, 0x0000185f,
+ 0x0000fe64, 0x00001860,
+ 0x0000fe65, 0x00001861,
+ 0x0000fe66, 0x00001862,
+ 0x0000fe68, 0x00001863,
+ 0x0000fe69, 0x00001864,
+ 0x0000fe6a, 0x00001865,
+ 0x0000fe6b, 0x00001866,
+ 0x0000fe70, 0x00001867,
+ 0x0000fe71, 0x00001869,
+ 0x0000fe72, 0x0000186b,
+ 0x0000fe74, 0x0000186d,
+ 0x0000fe76, 0x0000186f,
+ 0x0000fe77, 0x00001871,
+ 0x0000fe78, 0x00001873,
+ 0x0000fe79, 0x00001875,
+ 0x0000fe7a, 0x00001877,
+ 0x0000fe7b, 0x00001879,
+ 0x0000fe7c, 0x0000187b,
+ 0x0000fe7d, 0x0000187d,
+ 0x0000fe7e, 0x0000187f,
+ 0x0000fe7f, 0x00001881,
+ 0x0000fe80, 0x00001883,
+ 0x0000fe81, 0x00001884,
+ 0x0000fe82, 0x00001886,
+ 0x0000fe83, 0x00001888,
+ 0x0000fe84, 0x0000188a,
+ 0x0000fe85, 0x0000188c,
+ 0x0000fe86, 0x0000188e,
+ 0x0000fe87, 0x00001890,
+ 0x0000fe88, 0x00001892,
+ 0x0000fe89, 0x00001894,
+ 0x0000fe8a, 0x00001896,
+ 0x0000fe8b, 0x00001898,
+ 0x0000fe8c, 0x0000189a,
+ 0x0000fe8d, 0x0000189c,
+ 0x0000fe8e, 0x0000189d,
+ 0x0000fe8f, 0x0000189e,
+ 0x0000fe90, 0x0000189f,
+ 0x0000fe91, 0x000018a0,
+ 0x0000fe92, 0x000018a1,
+ 0x0000fe93, 0x000018a2,
+ 0x0000fe94, 0x000018a3,
+ 0x0000fe95, 0x000018a4,
+ 0x0000fe96, 0x000018a5,
+ 0x0000fe97, 0x000018a6,
+ 0x0000fe98, 0x000018a7,
+ 0x0000fe99, 0x000018a8,
+ 0x0000fe9a, 0x000018a9,
+ 0x0000fe9b, 0x000018aa,
+ 0x0000fe9c, 0x000018ab,
+ 0x0000fe9d, 0x000018ac,
+ 0x0000fe9e, 0x000018ad,
+ 0x0000fe9f, 0x000018ae,
+ 0x0000fea0, 0x000018af,
+ 0x0000fea1, 0x000018b0,
+ 0x0000fea2, 0x000018b1,
+ 0x0000fea3, 0x000018b2,
+ 0x0000fea4, 0x000018b3,
+ 0x0000fea5, 0x000018b4,
+ 0x0000fea6, 0x000018b5,
+ 0x0000fea7, 0x000018b6,
+ 0x0000fea8, 0x000018b7,
+ 0x0000fea9, 0x000018b8,
+ 0x0000feaa, 0x000018b9,
+ 0x0000feab, 0x000018ba,
+ 0x0000feac, 0x000018bb,
+ 0x0000fead, 0x000018bc,
+ 0x0000feae, 0x000018bd,
+ 0x0000feaf, 0x000018be,
+ 0x0000feb0, 0x000018bf,
+ 0x0000feb1, 0x000018c0,
+ 0x0000feb2, 0x000018c1,
+ 0x0000feb3, 0x000018c2,
+ 0x0000feb4, 0x000018c3,
+ 0x0000feb5, 0x000018c4,
+ 0x0000feb6, 0x000018c5,
+ 0x0000feb7, 0x000018c6,
+ 0x0000feb8, 0x000018c7,
+ 0x0000feb9, 0x000018c8,
+ 0x0000feba, 0x000018c9,
+ 0x0000febb, 0x000018ca,
+ 0x0000febc, 0x000018cb,
+ 0x0000febd, 0x000018cc,
+ 0x0000febe, 0x000018cd,
+ 0x0000febf, 0x000018ce,
+ 0x0000fec0, 0x000018cf,
+ 0x0000fec1, 0x000018d0,
+ 0x0000fec2, 0x000018d1,
+ 0x0000fec3, 0x000018d2,
+ 0x0000fec4, 0x000018d3,
+ 0x0000fec5, 0x000018d4,
+ 0x0000fec6, 0x000018d5,
+ 0x0000fec7, 0x000018d6,
+ 0x0000fec8, 0x000018d7,
+ 0x0000fec9, 0x000018d8,
+ 0x0000feca, 0x000018d9,
+ 0x0000fecb, 0x000018da,
+ 0x0000fecc, 0x000018db,
+ 0x0000fecd, 0x000018dc,
+ 0x0000fece, 0x000018dd,
+ 0x0000fecf, 0x000018de,
+ 0x0000fed0, 0x000018df,
+ 0x0000fed1, 0x000018e0,
+ 0x0000fed2, 0x000018e1,
+ 0x0000fed3, 0x000018e2,
+ 0x0000fed4, 0x000018e3,
+ 0x0000fed5, 0x000018e4,
+ 0x0000fed6, 0x000018e5,
+ 0x0000fed7, 0x000018e6,
+ 0x0000fed8, 0x000018e7,
+ 0x0000fed9, 0x000018e8,
+ 0x0000feda, 0x000018e9,
+ 0x0000fedb, 0x000018ea,
+ 0x0000fedc, 0x000018eb,
+ 0x0000fedd, 0x000018ec,
+ 0x0000fede, 0x000018ed,
+ 0x0000fedf, 0x000018ee,
+ 0x0000fee0, 0x000018ef,
+ 0x0000fee1, 0x000018f0,
+ 0x0000fee2, 0x000018f1,
+ 0x0000fee3, 0x000018f2,
+ 0x0000fee4, 0x000018f3,
+ 0x0000fee5, 0x000018f4,
+ 0x0000fee6, 0x000018f5,
+ 0x0000fee7, 0x000018f6,
+ 0x0000fee8, 0x000018f7,
+ 0x0000fee9, 0x000018f8,
+ 0x0000feea, 0x000018f9,
+ 0x0000feeb, 0x000018fa,
+ 0x0000feec, 0x000018fb,
+ 0x0000feed, 0x000018fc,
+ 0x0000feee, 0x000018fd,
+ 0x0000feef, 0x000018fe,
+ 0x0000fef0, 0x000018ff,
+ 0x0000fef1, 0x00001900,
+ 0x0000fef2, 0x00001901,
+ 0x0000fef3, 0x00001902,
+ 0x0000fef4, 0x00001903,
+ 0x0000fef5, 0x00001904,
+ 0x0000fef6, 0x00001907,
+ 0x0000fef7, 0x0000190a,
+ 0x0000fef8, 0x0000190d,
+ 0x0000fef9, 0x00001910,
+ 0x0000fefa, 0x00001913,
+ 0x0000fefb, 0x00001916,
+ 0x0000fefc, 0x00001918,
+ 0x0000ff01, 0x0000191a,
+ 0x0000ff02, 0x0000191b,
+ 0x0000ff03, 0x0000191c,
+ 0x0000ff04, 0x0000191d,
+ 0x0000ff05, 0x0000191e,
+ 0x0000ff06, 0x0000191f,
+ 0x0000ff07, 0x00001920,
+ 0x0000ff08, 0x00001921,
+ 0x0000ff09, 0x00001922,
+ 0x0000ff0a, 0x00001923,
+ 0x0000ff0b, 0x00001924,
+ 0x0000ff0c, 0x00001925,
+ 0x0000ff0d, 0x00001926,
+ 0x0000ff0e, 0x00001927,
+ 0x0000ff0f, 0x00001928,
+ 0x0000ff10, 0x00001929,
+ 0x0000ff11, 0x0000192a,
+ 0x0000ff12, 0x0000192b,
+ 0x0000ff13, 0x0000192c,
+ 0x0000ff14, 0x0000192d,
+ 0x0000ff15, 0x0000192e,
+ 0x0000ff16, 0x0000192f,
+ 0x0000ff17, 0x00001930,
+ 0x0000ff18, 0x00001931,
+ 0x0000ff19, 0x00001932,
+ 0x0000ff1a, 0x00001933,
+ 0x0000ff1b, 0x00001934,
+ 0x0000ff1c, 0x00001935,
+ 0x0000ff1d, 0x00001936,
+ 0x0000ff1e, 0x00001937,
+ 0x0000ff1f, 0x00001938,
+ 0x0000ff20, 0x00001939,
+ 0x0000ff21, 0x0000193a,
+ 0x0000ff22, 0x0000193b,
+ 0x0000ff23, 0x0000193c,
+ 0x0000ff24, 0x0000193d,
+ 0x0000ff25, 0x0000193e,
+ 0x0000ff26, 0x0000193f,
+ 0x0000ff27, 0x00001940,
+ 0x0000ff28, 0x00001941,
+ 0x0000ff29, 0x00001942,
+ 0x0000ff2a, 0x00001943,
+ 0x0000ff2b, 0x00001944,
+ 0x0000ff2c, 0x00001945,
+ 0x0000ff2d, 0x00001946,
+ 0x0000ff2e, 0x00001947,
+ 0x0000ff2f, 0x00001948,
+ 0x0000ff30, 0x00001949,
+ 0x0000ff31, 0x0000194a,
+ 0x0000ff32, 0x0000194b,
+ 0x0000ff33, 0x0000194c,
+ 0x0000ff34, 0x0000194d,
+ 0x0000ff35, 0x0000194e,
+ 0x0000ff36, 0x0000194f,
+ 0x0000ff37, 0x00001950,
+ 0x0000ff38, 0x00001951,
+ 0x0000ff39, 0x00001952,
+ 0x0000ff3a, 0x00001953,
+ 0x0000ff3b, 0x00001954,
+ 0x0000ff3c, 0x00001955,
+ 0x0000ff3d, 0x00001956,
+ 0x0000ff3e, 0x00001957,
+ 0x0000ff3f, 0x00001958,
+ 0x0000ff40, 0x00001959,
+ 0x0000ff41, 0x0000195a,
+ 0x0000ff42, 0x0000195b,
+ 0x0000ff43, 0x0000195c,
+ 0x0000ff44, 0x0000195d,
+ 0x0000ff45, 0x0000195e,
+ 0x0000ff46, 0x0000195f,
+ 0x0000ff47, 0x00001960,
+ 0x0000ff48, 0x00001961,
+ 0x0000ff49, 0x00001962,
+ 0x0000ff4a, 0x00001963,
+ 0x0000ff4b, 0x00001964,
+ 0x0000ff4c, 0x00001965,
+ 0x0000ff4d, 0x00001966,
+ 0x0000ff4e, 0x00001967,
+ 0x0000ff4f, 0x00001968,
+ 0x0000ff50, 0x00001969,
+ 0x0000ff51, 0x0000196a,
+ 0x0000ff52, 0x0000196b,
+ 0x0000ff53, 0x0000196c,
+ 0x0000ff54, 0x0000196d,
+ 0x0000ff55, 0x0000196e,
+ 0x0000ff56, 0x0000196f,
+ 0x0000ff57, 0x00001970,
+ 0x0000ff58, 0x00001971,
+ 0x0000ff59, 0x00001972,
+ 0x0000ff5a, 0x00001973,
+ 0x0000ff5b, 0x00001974,
+ 0x0000ff5c, 0x00001975,
+ 0x0000ff5d, 0x00001976,
+ 0x0000ff5e, 0x00001977,
+ 0x0000ff5f, 0x00001978,
+ 0x0000ff60, 0x00001979,
+ 0x0000ff61, 0x0000197a,
+ 0x0000ff62, 0x0000197b,
+ 0x0000ff63, 0x0000197c,
+ 0x0000ff64, 0x0000197d,
+ 0x0000ff65, 0x0000197e,
+ 0x0000ff66, 0x0000197f,
+ 0x0000ff67, 0x00001980,
+ 0x0000ff68, 0x00001981,
+ 0x0000ff69, 0x00001982,
+ 0x0000ff6a, 0x00001983,
+ 0x0000ff6b, 0x00001984,
+ 0x0000ff6c, 0x00001985,
+ 0x0000ff6d, 0x00001986,
+ 0x0000ff6e, 0x00001987,
+ 0x0000ff6f, 0x00001988,
+ 0x0000ff70, 0x00001989,
+ 0x0000ff71, 0x0000198a,
+ 0x0000ff72, 0x0000198b,
+ 0x0000ff73, 0x0000198c,
+ 0x0000ff74, 0x0000198d,
+ 0x0000ff75, 0x0000198e,
+ 0x0000ff76, 0x0000198f,
+ 0x0000ff77, 0x00001990,
+ 0x0000ff78, 0x00001991,
+ 0x0000ff79, 0x00001992,
+ 0x0000ff7a, 0x00001993,
+ 0x0000ff7b, 0x00001994,
+ 0x0000ff7c, 0x00001995,
+ 0x0000ff7d, 0x00001996,
+ 0x0000ff7e, 0x00001997,
+ 0x0000ff7f, 0x00001998,
+ 0x0000ff80, 0x00001999,
+ 0x0000ff81, 0x0000199a,
+ 0x0000ff82, 0x0000199b,
+ 0x0000ff83, 0x0000199c,
+ 0x0000ff84, 0x0000199d,
+ 0x0000ff85, 0x0000199e,
+ 0x0000ff86, 0x0000199f,
+ 0x0000ff87, 0x000019a0,
+ 0x0000ff88, 0x000019a1,
+ 0x0000ff89, 0x000019a2,
+ 0x0000ff8a, 0x000019a3,
+ 0x0000ff8b, 0x000019a4,
+ 0x0000ff8c, 0x000019a5,
+ 0x0000ff8d, 0x000019a6,
+ 0x0000ff8e, 0x000019a7,
+ 0x0000ff8f, 0x000019a8,
+ 0x0000ff90, 0x000019a9,
+ 0x0000ff91, 0x000019aa,
+ 0x0000ff92, 0x000019ab,
+ 0x0000ff93, 0x000019ac,
+ 0x0000ff94, 0x000019ad,
+ 0x0000ff95, 0x000019ae,
+ 0x0000ff96, 0x000019af,
+ 0x0000ff97, 0x000019b0,
+ 0x0000ff98, 0x000019b1,
+ 0x0000ff99, 0x000019b2,
+ 0x0000ff9a, 0x000019b3,
+ 0x0000ff9b, 0x000019b4,
+ 0x0000ff9c, 0x000019b5,
+ 0x0000ff9d, 0x000019b6,
+ 0x0000ff9e, 0x000019b7,
+ 0x0000ff9f, 0x000019b8,
+ 0x0000ffa0, 0x000019b9,
+ 0x0000ffa1, 0x000019ba,
+ 0x0000ffa2, 0x000019bb,
+ 0x0000ffa3, 0x000019bc,
+ 0x0000ffa4, 0x000019bd,
+ 0x0000ffa5, 0x000019be,
+ 0x0000ffa6, 0x000019bf,
+ 0x0000ffa7, 0x000019c0,
+ 0x0000ffa8, 0x000019c1,
+ 0x0000ffa9, 0x000019c2,
+ 0x0000ffaa, 0x000019c3,
+ 0x0000ffab, 0x000019c4,
+ 0x0000ffac, 0x000019c5,
+ 0x0000ffad, 0x000019c6,
+ 0x0000ffae, 0x000019c7,
+ 0x0000ffaf, 0x000019c8,
+ 0x0000ffb0, 0x000019c9,
+ 0x0000ffb1, 0x000019ca,
+ 0x0000ffb2, 0x000019cb,
+ 0x0000ffb3, 0x000019cc,
+ 0x0000ffb4, 0x000019cd,
+ 0x0000ffb5, 0x000019ce,
+ 0x0000ffb6, 0x000019cf,
+ 0x0000ffb7, 0x000019d0,
+ 0x0000ffb8, 0x000019d1,
+ 0x0000ffb9, 0x000019d2,
+ 0x0000ffba, 0x000019d3,
+ 0x0000ffbb, 0x000019d4,
+ 0x0000ffbc, 0x000019d5,
+ 0x0000ffbd, 0x000019d6,
+ 0x0000ffbe, 0x000019d7,
+ 0x0000ffc2, 0x000019d8,
+ 0x0000ffc3, 0x000019d9,
+ 0x0000ffc4, 0x000019da,
+ 0x0000ffc5, 0x000019db,
+ 0x0000ffc6, 0x000019dc,
+ 0x0000ffc7, 0x000019dd,
+ 0x0000ffca, 0x000019de,
+ 0x0000ffcb, 0x000019df,
+ 0x0000ffcc, 0x000019e0,
+ 0x0000ffcd, 0x000019e1,
+ 0x0000ffce, 0x000019e2,
+ 0x0000ffcf, 0x000019e3,
+ 0x0000ffd2, 0x000019e4,
+ 0x0000ffd3, 0x000019e5,
+ 0x0000ffd4, 0x000019e6,
+ 0x0000ffd5, 0x000019e7,
+ 0x0000ffd6, 0x000019e8,
+ 0x0000ffd7, 0x000019e9,
+ 0x0000ffda, 0x000019ea,
+ 0x0000ffdb, 0x000019eb,
+ 0x0000ffdc, 0x000019ec,
+ 0x0000ffe0, 0x000019ed,
+ 0x0000ffe1, 0x000019ee,
+ 0x0000ffe2, 0x000019ef,
+ 0x0000ffe3, 0x000019f0,
+ 0x0000ffe4, 0x000019f2,
+ 0x0000ffe5, 0x000019f3,
+ 0x0000ffe6, 0x000019f4,
+ 0x0000ffe8, 0x000019f5,
+ 0x0000ffe9, 0x000019f6,
+ 0x0000ffea, 0x000019f7,
+ 0x0000ffeb, 0x000019f8,
+ 0x0000ffec, 0x000019f9,
+ 0x0000ffed, 0x000019fa,
+ 0x0000ffee, 0x000019fb,
+ 0x0001d15e, 0x000019fc,
+ 0x0001d15f, 0x000019fe,
+ 0x0001d160, 0x00001a00,
+ 0x0001d161, 0x00001a03,
+ 0x0001d162, 0x00001a06,
+ 0x0001d163, 0x00001a09,
+ 0x0001d164, 0x00001a0c,
+ 0x0001d1bb, 0x00001a0f,
+ 0x0001d1bc, 0x00001a11,
+ 0x0001d1bd, 0x00001a13,
+ 0x0001d1be, 0x00001a16,
+ 0x0001d1bf, 0x00001a19,
+ 0x0001d1c0, 0x00001a1c,
+ 0x0001d400, 0x00001a1f,
+ 0x0001d401, 0x00001a20,
+ 0x0001d402, 0x00001a21,
+ 0x0001d403, 0x00001a22,
+ 0x0001d404, 0x00001a23,
+ 0x0001d405, 0x00001a24,
+ 0x0001d406, 0x00001a25,
+ 0x0001d407, 0x00001a26,
+ 0x0001d408, 0x00001a27,
+ 0x0001d409, 0x00001a28,
+ 0x0001d40a, 0x00001a29,
+ 0x0001d40b, 0x00001a2a,
+ 0x0001d40c, 0x00001a2b,
+ 0x0001d40d, 0x00001a2c,
+ 0x0001d40e, 0x00001a2d,
+ 0x0001d40f, 0x00001a2e,
+ 0x0001d410, 0x00001a2f,
+ 0x0001d411, 0x00001a30,
+ 0x0001d412, 0x00001a31,
+ 0x0001d413, 0x00001a32,
+ 0x0001d414, 0x00001a33,
+ 0x0001d415, 0x00001a34,
+ 0x0001d416, 0x00001a35,
+ 0x0001d417, 0x00001a36,
+ 0x0001d418, 0x00001a37,
+ 0x0001d419, 0x00001a38,
+ 0x0001d41a, 0x00001a39,
+ 0x0001d41b, 0x00001a3a,
+ 0x0001d41c, 0x00001a3b,
+ 0x0001d41d, 0x00001a3c,
+ 0x0001d41e, 0x00001a3d,
+ 0x0001d41f, 0x00001a3e,
+ 0x0001d420, 0x00001a3f,
+ 0x0001d421, 0x00001a40,
+ 0x0001d422, 0x00001a41,
+ 0x0001d423, 0x00001a42,
+ 0x0001d424, 0x00001a43,
+ 0x0001d425, 0x00001a44,
+ 0x0001d426, 0x00001a45,
+ 0x0001d427, 0x00001a46,
+ 0x0001d428, 0x00001a47,
+ 0x0001d429, 0x00001a48,
+ 0x0001d42a, 0x00001a49,
+ 0x0001d42b, 0x00001a4a,
+ 0x0001d42c, 0x00001a4b,
+ 0x0001d42d, 0x00001a4c,
+ 0x0001d42e, 0x00001a4d,
+ 0x0001d42f, 0x00001a4e,
+ 0x0001d430, 0x00001a4f,
+ 0x0001d431, 0x00001a50,
+ 0x0001d432, 0x00001a51,
+ 0x0001d433, 0x00001a52,
+ 0x0001d434, 0x00001a53,
+ 0x0001d435, 0x00001a54,
+ 0x0001d436, 0x00001a55,
+ 0x0001d437, 0x00001a56,
+ 0x0001d438, 0x00001a57,
+ 0x0001d439, 0x00001a58,
+ 0x0001d43a, 0x00001a59,
+ 0x0001d43b, 0x00001a5a,
+ 0x0001d43c, 0x00001a5b,
+ 0x0001d43d, 0x00001a5c,
+ 0x0001d43e, 0x00001a5d,
+ 0x0001d43f, 0x00001a5e,
+ 0x0001d440, 0x00001a5f,
+ 0x0001d441, 0x00001a60,
+ 0x0001d442, 0x00001a61,
+ 0x0001d443, 0x00001a62,
+ 0x0001d444, 0x00001a63,
+ 0x0001d445, 0x00001a64,
+ 0x0001d446, 0x00001a65,
+ 0x0001d447, 0x00001a66,
+ 0x0001d448, 0x00001a67,
+ 0x0001d449, 0x00001a68,
+ 0x0001d44a, 0x00001a69,
+ 0x0001d44b, 0x00001a6a,
+ 0x0001d44c, 0x00001a6b,
+ 0x0001d44d, 0x00001a6c,
+ 0x0001d44e, 0x00001a6d,
+ 0x0001d44f, 0x00001a6e,
+ 0x0001d450, 0x00001a6f,
+ 0x0001d451, 0x00001a70,
+ 0x0001d452, 0x00001a71,
+ 0x0001d453, 0x00001a72,
+ 0x0001d454, 0x00001a73,
+ 0x0001d456, 0x00001a74,
+ 0x0001d457, 0x00001a75,
+ 0x0001d458, 0x00001a76,
+ 0x0001d459, 0x00001a77,
+ 0x0001d45a, 0x00001a78,
+ 0x0001d45b, 0x00001a79,
+ 0x0001d45c, 0x00001a7a,
+ 0x0001d45d, 0x00001a7b,
+ 0x0001d45e, 0x00001a7c,
+ 0x0001d45f, 0x00001a7d,
+ 0x0001d460, 0x00001a7e,
+ 0x0001d461, 0x00001a7f,
+ 0x0001d462, 0x00001a80,
+ 0x0001d463, 0x00001a81,
+ 0x0001d464, 0x00001a82,
+ 0x0001d465, 0x00001a83,
+ 0x0001d466, 0x00001a84,
+ 0x0001d467, 0x00001a85,
+ 0x0001d468, 0x00001a86,
+ 0x0001d469, 0x00001a87,
+ 0x0001d46a, 0x00001a88,
+ 0x0001d46b, 0x00001a89,
+ 0x0001d46c, 0x00001a8a,
+ 0x0001d46d, 0x00001a8b,
+ 0x0001d46e, 0x00001a8c,
+ 0x0001d46f, 0x00001a8d,
+ 0x0001d470, 0x00001a8e,
+ 0x0001d471, 0x00001a8f,
+ 0x0001d472, 0x00001a90,
+ 0x0001d473, 0x00001a91,
+ 0x0001d474, 0x00001a92,
+ 0x0001d475, 0x00001a93,
+ 0x0001d476, 0x00001a94,
+ 0x0001d477, 0x00001a95,
+ 0x0001d478, 0x00001a96,
+ 0x0001d479, 0x00001a97,
+ 0x0001d47a, 0x00001a98,
+ 0x0001d47b, 0x00001a99,
+ 0x0001d47c, 0x00001a9a,
+ 0x0001d47d, 0x00001a9b,
+ 0x0001d47e, 0x00001a9c,
+ 0x0001d47f, 0x00001a9d,
+ 0x0001d480, 0x00001a9e,
+ 0x0001d481, 0x00001a9f,
+ 0x0001d482, 0x00001aa0,
+ 0x0001d483, 0x00001aa1,
+ 0x0001d484, 0x00001aa2,
+ 0x0001d485, 0x00001aa3,
+ 0x0001d486, 0x00001aa4,
+ 0x0001d487, 0x00001aa5,
+ 0x0001d488, 0x00001aa6,
+ 0x0001d489, 0x00001aa7,
+ 0x0001d48a, 0x00001aa8,
+ 0x0001d48b, 0x00001aa9,
+ 0x0001d48c, 0x00001aaa,
+ 0x0001d48d, 0x00001aab,
+ 0x0001d48e, 0x00001aac,
+ 0x0001d48f, 0x00001aad,
+ 0x0001d490, 0x00001aae,
+ 0x0001d491, 0x00001aaf,
+ 0x0001d492, 0x00001ab0,
+ 0x0001d493, 0x00001ab1,
+ 0x0001d494, 0x00001ab2,
+ 0x0001d495, 0x00001ab3,
+ 0x0001d496, 0x00001ab4,
+ 0x0001d497, 0x00001ab5,
+ 0x0001d498, 0x00001ab6,
+ 0x0001d499, 0x00001ab7,
+ 0x0001d49a, 0x00001ab8,
+ 0x0001d49b, 0x00001ab9,
+ 0x0001d49c, 0x00001aba,
+ 0x0001d49e, 0x00001abb,
+ 0x0001d49f, 0x00001abc,
+ 0x0001d4a2, 0x00001abd,
+ 0x0001d4a5, 0x00001abe,
+ 0x0001d4a6, 0x00001abf,
+ 0x0001d4a9, 0x00001ac0,
+ 0x0001d4aa, 0x00001ac1,
+ 0x0001d4ab, 0x00001ac2,
+ 0x0001d4ac, 0x00001ac3,
+ 0x0001d4ae, 0x00001ac4,
+ 0x0001d4af, 0x00001ac5,
+ 0x0001d4b0, 0x00001ac6,
+ 0x0001d4b1, 0x00001ac7,
+ 0x0001d4b2, 0x00001ac8,
+ 0x0001d4b3, 0x00001ac9,
+ 0x0001d4b4, 0x00001aca,
+ 0x0001d4b5, 0x00001acb,
+ 0x0001d4b6, 0x00001acc,
+ 0x0001d4b7, 0x00001acd,
+ 0x0001d4b8, 0x00001ace,
+ 0x0001d4b9, 0x00001acf,
+ 0x0001d4bb, 0x00001ad0,
+ 0x0001d4bd, 0x00001ad1,
+ 0x0001d4be, 0x00001ad2,
+ 0x0001d4bf, 0x00001ad3,
+ 0x0001d4c0, 0x00001ad4,
+ 0x0001d4c2, 0x00001ad5,
+ 0x0001d4c3, 0x00001ad6,
+ 0x0001d4c5, 0x00001ad7,
+ 0x0001d4c6, 0x00001ad8,
+ 0x0001d4c7, 0x00001ad9,
+ 0x0001d4c8, 0x00001ada,
+ 0x0001d4c9, 0x00001adb,
+ 0x0001d4ca, 0x00001adc,
+ 0x0001d4cb, 0x00001add,
+ 0x0001d4cc, 0x00001ade,
+ 0x0001d4cd, 0x00001adf,
+ 0x0001d4ce, 0x00001ae0,
+ 0x0001d4cf, 0x00001ae1,
+ 0x0001d4d0, 0x00001ae2,
+ 0x0001d4d1, 0x00001ae3,
+ 0x0001d4d2, 0x00001ae4,
+ 0x0001d4d3, 0x00001ae5,
+ 0x0001d4d4, 0x00001ae6,
+ 0x0001d4d5, 0x00001ae7,
+ 0x0001d4d6, 0x00001ae8,
+ 0x0001d4d7, 0x00001ae9,
+ 0x0001d4d8, 0x00001aea,
+ 0x0001d4d9, 0x00001aeb,
+ 0x0001d4da, 0x00001aec,
+ 0x0001d4db, 0x00001aed,
+ 0x0001d4dc, 0x00001aee,
+ 0x0001d4dd, 0x00001aef,
+ 0x0001d4de, 0x00001af0,
+ 0x0001d4df, 0x00001af1,
+ 0x0001d4e0, 0x00001af2,
+ 0x0001d4e1, 0x00001af3,
+ 0x0001d4e2, 0x00001af4,
+ 0x0001d4e3, 0x00001af5,
+ 0x0001d4e4, 0x00001af6,
+ 0x0001d4e5, 0x00001af7,
+ 0x0001d4e6, 0x00001af8,
+ 0x0001d4e7, 0x00001af9,
+ 0x0001d4e8, 0x00001afa,
+ 0x0001d4e9, 0x00001afb,
+ 0x0001d4ea, 0x00001afc,
+ 0x0001d4eb, 0x00001afd,
+ 0x0001d4ec, 0x00001afe,
+ 0x0001d4ed, 0x00001aff,
+ 0x0001d4ee, 0x00001b00,
+ 0x0001d4ef, 0x00001b01,
+ 0x0001d4f0, 0x00001b02,
+ 0x0001d4f1, 0x00001b03,
+ 0x0001d4f2, 0x00001b04,
+ 0x0001d4f3, 0x00001b05,
+ 0x0001d4f4, 0x00001b06,
+ 0x0001d4f5, 0x00001b07,
+ 0x0001d4f6, 0x00001b08,
+ 0x0001d4f7, 0x00001b09,
+ 0x0001d4f8, 0x00001b0a,
+ 0x0001d4f9, 0x00001b0b,
+ 0x0001d4fa, 0x00001b0c,
+ 0x0001d4fb, 0x00001b0d,
+ 0x0001d4fc, 0x00001b0e,
+ 0x0001d4fd, 0x00001b0f,
+ 0x0001d4fe, 0x00001b10,
+ 0x0001d4ff, 0x00001b11,
+ 0x0001d500, 0x00001b12,
+ 0x0001d501, 0x00001b13,
+ 0x0001d502, 0x00001b14,
+ 0x0001d503, 0x00001b15,
+ 0x0001d504, 0x00001b16,
+ 0x0001d505, 0x00001b17,
+ 0x0001d507, 0x00001b18,
+ 0x0001d508, 0x00001b19,
+ 0x0001d509, 0x00001b1a,
+ 0x0001d50a, 0x00001b1b,
+ 0x0001d50d, 0x00001b1c,
+ 0x0001d50e, 0x00001b1d,
+ 0x0001d50f, 0x00001b1e,
+ 0x0001d510, 0x00001b1f,
+ 0x0001d511, 0x00001b20,
+ 0x0001d512, 0x00001b21,
+ 0x0001d513, 0x00001b22,
+ 0x0001d514, 0x00001b23,
+ 0x0001d516, 0x00001b24,
+ 0x0001d517, 0x00001b25,
+ 0x0001d518, 0x00001b26,
+ 0x0001d519, 0x00001b27,
+ 0x0001d51a, 0x00001b28,
+ 0x0001d51b, 0x00001b29,
+ 0x0001d51c, 0x00001b2a,
+ 0x0001d51e, 0x00001b2b,
+ 0x0001d51f, 0x00001b2c,
+ 0x0001d520, 0x00001b2d,
+ 0x0001d521, 0x00001b2e,
+ 0x0001d522, 0x00001b2f,
+ 0x0001d523, 0x00001b30,
+ 0x0001d524, 0x00001b31,
+ 0x0001d525, 0x00001b32,
+ 0x0001d526, 0x00001b33,
+ 0x0001d527, 0x00001b34,
+ 0x0001d528, 0x00001b35,
+ 0x0001d529, 0x00001b36,
+ 0x0001d52a, 0x00001b37,
+ 0x0001d52b, 0x00001b38,
+ 0x0001d52c, 0x00001b39,
+ 0x0001d52d, 0x00001b3a,
+ 0x0001d52e, 0x00001b3b,
+ 0x0001d52f, 0x00001b3c,
+ 0x0001d530, 0x00001b3d,
+ 0x0001d531, 0x00001b3e,
+ 0x0001d532, 0x00001b3f,
+ 0x0001d533, 0x00001b40,
+ 0x0001d534, 0x00001b41,
+ 0x0001d535, 0x00001b42,
+ 0x0001d536, 0x00001b43,
+ 0x0001d537, 0x00001b44,
+ 0x0001d538, 0x00001b45,
+ 0x0001d539, 0x00001b46,
+ 0x0001d53b, 0x00001b47,
+ 0x0001d53c, 0x00001b48,
+ 0x0001d53d, 0x00001b49,
+ 0x0001d53e, 0x00001b4a,
+ 0x0001d540, 0x00001b4b,
+ 0x0001d541, 0x00001b4c,
+ 0x0001d542, 0x00001b4d,
+ 0x0001d543, 0x00001b4e,
+ 0x0001d544, 0x00001b4f,
+ 0x0001d546, 0x00001b50,
+ 0x0001d54a, 0x00001b51,
+ 0x0001d54b, 0x00001b52,
+ 0x0001d54c, 0x00001b53,
+ 0x0001d54d, 0x00001b54,
+ 0x0001d54e, 0x00001b55,
+ 0x0001d54f, 0x00001b56,
+ 0x0001d550, 0x00001b57,
+ 0x0001d552, 0x00001b58,
+ 0x0001d553, 0x00001b59,
+ 0x0001d554, 0x00001b5a,
+ 0x0001d555, 0x00001b5b,
+ 0x0001d556, 0x00001b5c,
+ 0x0001d557, 0x00001b5d,
+ 0x0001d558, 0x00001b5e,
+ 0x0001d559, 0x00001b5f,
+ 0x0001d55a, 0x00001b60,
+ 0x0001d55b, 0x00001b61,
+ 0x0001d55c, 0x00001b62,
+ 0x0001d55d, 0x00001b63,
+ 0x0001d55e, 0x00001b64,
+ 0x0001d55f, 0x00001b65,
+ 0x0001d560, 0x00001b66,
+ 0x0001d561, 0x00001b67,
+ 0x0001d562, 0x00001b68,
+ 0x0001d563, 0x00001b69,
+ 0x0001d564, 0x00001b6a,
+ 0x0001d565, 0x00001b6b,
+ 0x0001d566, 0x00001b6c,
+ 0x0001d567, 0x00001b6d,
+ 0x0001d568, 0x00001b6e,
+ 0x0001d569, 0x00001b6f,
+ 0x0001d56a, 0x00001b70,
+ 0x0001d56b, 0x00001b71,
+ 0x0001d56c, 0x00001b72,
+ 0x0001d56d, 0x00001b73,
+ 0x0001d56e, 0x00001b74,
+ 0x0001d56f, 0x00001b75,
+ 0x0001d570, 0x00001b76,
+ 0x0001d571, 0x00001b77,
+ 0x0001d572, 0x00001b78,
+ 0x0001d573, 0x00001b79,
+ 0x0001d574, 0x00001b7a,
+ 0x0001d575, 0x00001b7b,
+ 0x0001d576, 0x00001b7c,
+ 0x0001d577, 0x00001b7d,
+ 0x0001d578, 0x00001b7e,
+ 0x0001d579, 0x00001b7f,
+ 0x0001d57a, 0x00001b80,
+ 0x0001d57b, 0x00001b81,
+ 0x0001d57c, 0x00001b82,
+ 0x0001d57d, 0x00001b83,
+ 0x0001d57e, 0x00001b84,
+ 0x0001d57f, 0x00001b85,
+ 0x0001d580, 0x00001b86,
+ 0x0001d581, 0x00001b87,
+ 0x0001d582, 0x00001b88,
+ 0x0001d583, 0x00001b89,
+ 0x0001d584, 0x00001b8a,
+ 0x0001d585, 0x00001b8b,
+ 0x0001d586, 0x00001b8c,
+ 0x0001d587, 0x00001b8d,
+ 0x0001d588, 0x00001b8e,
+ 0x0001d589, 0x00001b8f,
+ 0x0001d58a, 0x00001b90,
+ 0x0001d58b, 0x00001b91,
+ 0x0001d58c, 0x00001b92,
+ 0x0001d58d, 0x00001b93,
+ 0x0001d58e, 0x00001b94,
+ 0x0001d58f, 0x00001b95,
+ 0x0001d590, 0x00001b96,
+ 0x0001d591, 0x00001b97,
+ 0x0001d592, 0x00001b98,
+ 0x0001d593, 0x00001b99,
+ 0x0001d594, 0x00001b9a,
+ 0x0001d595, 0x00001b9b,
+ 0x0001d596, 0x00001b9c,
+ 0x0001d597, 0x00001b9d,
+ 0x0001d598, 0x00001b9e,
+ 0x0001d599, 0x00001b9f,
+ 0x0001d59a, 0x00001ba0,
+ 0x0001d59b, 0x00001ba1,
+ 0x0001d59c, 0x00001ba2,
+ 0x0001d59d, 0x00001ba3,
+ 0x0001d59e, 0x00001ba4,
+ 0x0001d59f, 0x00001ba5,
+ 0x0001d5a0, 0x00001ba6,
+ 0x0001d5a1, 0x00001ba7,
+ 0x0001d5a2, 0x00001ba8,
+ 0x0001d5a3, 0x00001ba9,
+ 0x0001d5a4, 0x00001baa,
+ 0x0001d5a5, 0x00001bab,
+ 0x0001d5a6, 0x00001bac,
+ 0x0001d5a7, 0x00001bad,
+ 0x0001d5a8, 0x00001bae,
+ 0x0001d5a9, 0x00001baf,
+ 0x0001d5aa, 0x00001bb0,
+ 0x0001d5ab, 0x00001bb1,
+ 0x0001d5ac, 0x00001bb2,
+ 0x0001d5ad, 0x00001bb3,
+ 0x0001d5ae, 0x00001bb4,
+ 0x0001d5af, 0x00001bb5,
+ 0x0001d5b0, 0x00001bb6,
+ 0x0001d5b1, 0x00001bb7,
+ 0x0001d5b2, 0x00001bb8,
+ 0x0001d5b3, 0x00001bb9,
+ 0x0001d5b4, 0x00001bba,
+ 0x0001d5b5, 0x00001bbb,
+ 0x0001d5b6, 0x00001bbc,
+ 0x0001d5b7, 0x00001bbd,
+ 0x0001d5b8, 0x00001bbe,
+ 0x0001d5b9, 0x00001bbf,
+ 0x0001d5ba, 0x00001bc0,
+ 0x0001d5bb, 0x00001bc1,
+ 0x0001d5bc, 0x00001bc2,
+ 0x0001d5bd, 0x00001bc3,
+ 0x0001d5be, 0x00001bc4,
+ 0x0001d5bf, 0x00001bc5,
+ 0x0001d5c0, 0x00001bc6,
+ 0x0001d5c1, 0x00001bc7,
+ 0x0001d5c2, 0x00001bc8,
+ 0x0001d5c3, 0x00001bc9,
+ 0x0001d5c4, 0x00001bca,
+ 0x0001d5c5, 0x00001bcb,
+ 0x0001d5c6, 0x00001bcc,
+ 0x0001d5c7, 0x00001bcd,
+ 0x0001d5c8, 0x00001bce,
+ 0x0001d5c9, 0x00001bcf,
+ 0x0001d5ca, 0x00001bd0,
+ 0x0001d5cb, 0x00001bd1,
+ 0x0001d5cc, 0x00001bd2,
+ 0x0001d5cd, 0x00001bd3,
+ 0x0001d5ce, 0x00001bd4,
+ 0x0001d5cf, 0x00001bd5,
+ 0x0001d5d0, 0x00001bd6,
+ 0x0001d5d1, 0x00001bd7,
+ 0x0001d5d2, 0x00001bd8,
+ 0x0001d5d3, 0x00001bd9,
+ 0x0001d5d4, 0x00001bda,
+ 0x0001d5d5, 0x00001bdb,
+ 0x0001d5d6, 0x00001bdc,
+ 0x0001d5d7, 0x00001bdd,
+ 0x0001d5d8, 0x00001bde,
+ 0x0001d5d9, 0x00001bdf,
+ 0x0001d5da, 0x00001be0,
+ 0x0001d5db, 0x00001be1,
+ 0x0001d5dc, 0x00001be2,
+ 0x0001d5dd, 0x00001be3,
+ 0x0001d5de, 0x00001be4,
+ 0x0001d5df, 0x00001be5,
+ 0x0001d5e0, 0x00001be6,
+ 0x0001d5e1, 0x00001be7,
+ 0x0001d5e2, 0x00001be8,
+ 0x0001d5e3, 0x00001be9,
+ 0x0001d5e4, 0x00001bea,
+ 0x0001d5e5, 0x00001beb,
+ 0x0001d5e6, 0x00001bec,
+ 0x0001d5e7, 0x00001bed,
+ 0x0001d5e8, 0x00001bee,
+ 0x0001d5e9, 0x00001bef,
+ 0x0001d5ea, 0x00001bf0,
+ 0x0001d5eb, 0x00001bf1,
+ 0x0001d5ec, 0x00001bf2,
+ 0x0001d5ed, 0x00001bf3,
+ 0x0001d5ee, 0x00001bf4,
+ 0x0001d5ef, 0x00001bf5,
+ 0x0001d5f0, 0x00001bf6,
+ 0x0001d5f1, 0x00001bf7,
+ 0x0001d5f2, 0x00001bf8,
+ 0x0001d5f3, 0x00001bf9,
+ 0x0001d5f4, 0x00001bfa,
+ 0x0001d5f5, 0x00001bfb,
+ 0x0001d5f6, 0x00001bfc,
+ 0x0001d5f7, 0x00001bfd,
+ 0x0001d5f8, 0x00001bfe,
+ 0x0001d5f9, 0x00001bff,
+ 0x0001d5fa, 0x00001c00,
+ 0x0001d5fb, 0x00001c01,
+ 0x0001d5fc, 0x00001c02,
+ 0x0001d5fd, 0x00001c03,
+ 0x0001d5fe, 0x00001c04,
+ 0x0001d5ff, 0x00001c05,
+ 0x0001d600, 0x00001c06,
+ 0x0001d601, 0x00001c07,
+ 0x0001d602, 0x00001c08,
+ 0x0001d603, 0x00001c09,
+ 0x0001d604, 0x00001c0a,
+ 0x0001d605, 0x00001c0b,
+ 0x0001d606, 0x00001c0c,
+ 0x0001d607, 0x00001c0d,
+ 0x0001d608, 0x00001c0e,
+ 0x0001d609, 0x00001c0f,
+ 0x0001d60a, 0x00001c10,
+ 0x0001d60b, 0x00001c11,
+ 0x0001d60c, 0x00001c12,
+ 0x0001d60d, 0x00001c13,
+ 0x0001d60e, 0x00001c14,
+ 0x0001d60f, 0x00001c15,
+ 0x0001d610, 0x00001c16,
+ 0x0001d611, 0x00001c17,
+ 0x0001d612, 0x00001c18,
+ 0x0001d613, 0x00001c19,
+ 0x0001d614, 0x00001c1a,
+ 0x0001d615, 0x00001c1b,
+ 0x0001d616, 0x00001c1c,
+ 0x0001d617, 0x00001c1d,
+ 0x0001d618, 0x00001c1e,
+ 0x0001d619, 0x00001c1f,
+ 0x0001d61a, 0x00001c20,
+ 0x0001d61b, 0x00001c21,
+ 0x0001d61c, 0x00001c22,
+ 0x0001d61d, 0x00001c23,
+ 0x0001d61e, 0x00001c24,
+ 0x0001d61f, 0x00001c25,
+ 0x0001d620, 0x00001c26,
+ 0x0001d621, 0x00001c27,
+ 0x0001d622, 0x00001c28,
+ 0x0001d623, 0x00001c29,
+ 0x0001d624, 0x00001c2a,
+ 0x0001d625, 0x00001c2b,
+ 0x0001d626, 0x00001c2c,
+ 0x0001d627, 0x00001c2d,
+ 0x0001d628, 0x00001c2e,
+ 0x0001d629, 0x00001c2f,
+ 0x0001d62a, 0x00001c30,
+ 0x0001d62b, 0x00001c31,
+ 0x0001d62c, 0x00001c32,
+ 0x0001d62d, 0x00001c33,
+ 0x0001d62e, 0x00001c34,
+ 0x0001d62f, 0x00001c35,
+ 0x0001d630, 0x00001c36,
+ 0x0001d631, 0x00001c37,
+ 0x0001d632, 0x00001c38,
+ 0x0001d633, 0x00001c39,
+ 0x0001d634, 0x00001c3a,
+ 0x0001d635, 0x00001c3b,
+ 0x0001d636, 0x00001c3c,
+ 0x0001d637, 0x00001c3d,
+ 0x0001d638, 0x00001c3e,
+ 0x0001d639, 0x00001c3f,
+ 0x0001d63a, 0x00001c40,
+ 0x0001d63b, 0x00001c41,
+ 0x0001d63c, 0x00001c42,
+ 0x0001d63d, 0x00001c43,
+ 0x0001d63e, 0x00001c44,
+ 0x0001d63f, 0x00001c45,
+ 0x0001d640, 0x00001c46,
+ 0x0001d641, 0x00001c47,
+ 0x0001d642, 0x00001c48,
+ 0x0001d643, 0x00001c49,
+ 0x0001d644, 0x00001c4a,
+ 0x0001d645, 0x00001c4b,
+ 0x0001d646, 0x00001c4c,
+ 0x0001d647, 0x00001c4d,
+ 0x0001d648, 0x00001c4e,
+ 0x0001d649, 0x00001c4f,
+ 0x0001d64a, 0x00001c50,
+ 0x0001d64b, 0x00001c51,
+ 0x0001d64c, 0x00001c52,
+ 0x0001d64d, 0x00001c53,
+ 0x0001d64e, 0x00001c54,
+ 0x0001d64f, 0x00001c55,
+ 0x0001d650, 0x00001c56,
+ 0x0001d651, 0x00001c57,
+ 0x0001d652, 0x00001c58,
+ 0x0001d653, 0x00001c59,
+ 0x0001d654, 0x00001c5a,
+ 0x0001d655, 0x00001c5b,
+ 0x0001d656, 0x00001c5c,
+ 0x0001d657, 0x00001c5d,
+ 0x0001d658, 0x00001c5e,
+ 0x0001d659, 0x00001c5f,
+ 0x0001d65a, 0x00001c60,
+ 0x0001d65b, 0x00001c61,
+ 0x0001d65c, 0x00001c62,
+ 0x0001d65d, 0x00001c63,
+ 0x0001d65e, 0x00001c64,
+ 0x0001d65f, 0x00001c65,
+ 0x0001d660, 0x00001c66,
+ 0x0001d661, 0x00001c67,
+ 0x0001d662, 0x00001c68,
+ 0x0001d663, 0x00001c69,
+ 0x0001d664, 0x00001c6a,
+ 0x0001d665, 0x00001c6b,
+ 0x0001d666, 0x00001c6c,
+ 0x0001d667, 0x00001c6d,
+ 0x0001d668, 0x00001c6e,
+ 0x0001d669, 0x00001c6f,
+ 0x0001d66a, 0x00001c70,
+ 0x0001d66b, 0x00001c71,
+ 0x0001d66c, 0x00001c72,
+ 0x0001d66d, 0x00001c73,
+ 0x0001d66e, 0x00001c74,
+ 0x0001d66f, 0x00001c75,
+ 0x0001d670, 0x00001c76,
+ 0x0001d671, 0x00001c77,
+ 0x0001d672, 0x00001c78,
+ 0x0001d673, 0x00001c79,
+ 0x0001d674, 0x00001c7a,
+ 0x0001d675, 0x00001c7b,
+ 0x0001d676, 0x00001c7c,
+ 0x0001d677, 0x00001c7d,
+ 0x0001d678, 0x00001c7e,
+ 0x0001d679, 0x00001c7f,
+ 0x0001d67a, 0x00001c80,
+ 0x0001d67b, 0x00001c81,
+ 0x0001d67c, 0x00001c82,
+ 0x0001d67d, 0x00001c83,
+ 0x0001d67e, 0x00001c84,
+ 0x0001d67f, 0x00001c85,
+ 0x0001d680, 0x00001c86,
+ 0x0001d681, 0x00001c87,
+ 0x0001d682, 0x00001c88,
+ 0x0001d683, 0x00001c89,
+ 0x0001d684, 0x00001c8a,
+ 0x0001d685, 0x00001c8b,
+ 0x0001d686, 0x00001c8c,
+ 0x0001d687, 0x00001c8d,
+ 0x0001d688, 0x00001c8e,
+ 0x0001d689, 0x00001c8f,
+ 0x0001d68a, 0x00001c90,
+ 0x0001d68b, 0x00001c91,
+ 0x0001d68c, 0x00001c92,
+ 0x0001d68d, 0x00001c93,
+ 0x0001d68e, 0x00001c94,
+ 0x0001d68f, 0x00001c95,
+ 0x0001d690, 0x00001c96,
+ 0x0001d691, 0x00001c97,
+ 0x0001d692, 0x00001c98,
+ 0x0001d693, 0x00001c99,
+ 0x0001d694, 0x00001c9a,
+ 0x0001d695, 0x00001c9b,
+ 0x0001d696, 0x00001c9c,
+ 0x0001d697, 0x00001c9d,
+ 0x0001d698, 0x00001c9e,
+ 0x0001d699, 0x00001c9f,
+ 0x0001d69a, 0x00001ca0,
+ 0x0001d69b, 0x00001ca1,
+ 0x0001d69c, 0x00001ca2,
+ 0x0001d69d, 0x00001ca3,
+ 0x0001d69e, 0x00001ca4,
+ 0x0001d69f, 0x00001ca5,
+ 0x0001d6a0, 0x00001ca6,
+ 0x0001d6a1, 0x00001ca7,
+ 0x0001d6a2, 0x00001ca8,
+ 0x0001d6a3, 0x00001ca9,
+ 0x0001d6a8, 0x00001caa,
+ 0x0001d6a9, 0x00001cab,
+ 0x0001d6aa, 0x00001cac,
+ 0x0001d6ab, 0x00001cad,
+ 0x0001d6ac, 0x00001cae,
+ 0x0001d6ad, 0x00001caf,
+ 0x0001d6ae, 0x00001cb0,
+ 0x0001d6af, 0x00001cb1,
+ 0x0001d6b0, 0x00001cb2,
+ 0x0001d6b1, 0x00001cb3,
+ 0x0001d6b2, 0x00001cb4,
+ 0x0001d6b3, 0x00001cb5,
+ 0x0001d6b4, 0x00001cb6,
+ 0x0001d6b5, 0x00001cb7,
+ 0x0001d6b6, 0x00001cb8,
+ 0x0001d6b7, 0x00001cb9,
+ 0x0001d6b8, 0x00001cba,
+ 0x0001d6b9, 0x00001cbb,
+ 0x0001d6ba, 0x00001cbc,
+ 0x0001d6bb, 0x00001cbd,
+ 0x0001d6bc, 0x00001cbe,
+ 0x0001d6bd, 0x00001cbf,
+ 0x0001d6be, 0x00001cc0,
+ 0x0001d6bf, 0x00001cc1,
+ 0x0001d6c0, 0x00001cc2,
+ 0x0001d6c1, 0x00001cc3,
+ 0x0001d6c2, 0x00001cc4,
+ 0x0001d6c3, 0x00001cc5,
+ 0x0001d6c4, 0x00001cc6,
+ 0x0001d6c5, 0x00001cc7,
+ 0x0001d6c6, 0x00001cc8,
+ 0x0001d6c7, 0x00001cc9,
+ 0x0001d6c8, 0x00001cca,
+ 0x0001d6c9, 0x00001ccb,
+ 0x0001d6ca, 0x00001ccc,
+ 0x0001d6cb, 0x00001ccd,
+ 0x0001d6cc, 0x00001cce,
+ 0x0001d6cd, 0x00001ccf,
+ 0x0001d6ce, 0x00001cd0,
+ 0x0001d6cf, 0x00001cd1,
+ 0x0001d6d0, 0x00001cd2,
+ 0x0001d6d1, 0x00001cd3,
+ 0x0001d6d2, 0x00001cd4,
+ 0x0001d6d3, 0x00001cd5,
+ 0x0001d6d4, 0x00001cd6,
+ 0x0001d6d5, 0x00001cd7,
+ 0x0001d6d6, 0x00001cd8,
+ 0x0001d6d7, 0x00001cd9,
+ 0x0001d6d8, 0x00001cda,
+ 0x0001d6d9, 0x00001cdb,
+ 0x0001d6da, 0x00001cdc,
+ 0x0001d6db, 0x00001cdd,
+ 0x0001d6dc, 0x00001cde,
+ 0x0001d6dd, 0x00001cdf,
+ 0x0001d6de, 0x00001ce0,
+ 0x0001d6df, 0x00001ce1,
+ 0x0001d6e0, 0x00001ce2,
+ 0x0001d6e1, 0x00001ce3,
+ 0x0001d6e2, 0x00001ce4,
+ 0x0001d6e3, 0x00001ce5,
+ 0x0001d6e4, 0x00001ce6,
+ 0x0001d6e5, 0x00001ce7,
+ 0x0001d6e6, 0x00001ce8,
+ 0x0001d6e7, 0x00001ce9,
+ 0x0001d6e8, 0x00001cea,
+ 0x0001d6e9, 0x00001ceb,
+ 0x0001d6ea, 0x00001cec,
+ 0x0001d6eb, 0x00001ced,
+ 0x0001d6ec, 0x00001cee,
+ 0x0001d6ed, 0x00001cef,
+ 0x0001d6ee, 0x00001cf0,
+ 0x0001d6ef, 0x00001cf1,
+ 0x0001d6f0, 0x00001cf2,
+ 0x0001d6f1, 0x00001cf3,
+ 0x0001d6f2, 0x00001cf4,
+ 0x0001d6f3, 0x00001cf5,
+ 0x0001d6f4, 0x00001cf6,
+ 0x0001d6f5, 0x00001cf7,
+ 0x0001d6f6, 0x00001cf8,
+ 0x0001d6f7, 0x00001cf9,
+ 0x0001d6f8, 0x00001cfa,
+ 0x0001d6f9, 0x00001cfb,
+ 0x0001d6fa, 0x00001cfc,
+ 0x0001d6fb, 0x00001cfd,
+ 0x0001d6fc, 0x00001cfe,
+ 0x0001d6fd, 0x00001cff,
+ 0x0001d6fe, 0x00001d00,
+ 0x0001d6ff, 0x00001d01,
+ 0x0001d700, 0x00001d02,
+ 0x0001d701, 0x00001d03,
+ 0x0001d702, 0x00001d04,
+ 0x0001d703, 0x00001d05,
+ 0x0001d704, 0x00001d06,
+ 0x0001d705, 0x00001d07,
+ 0x0001d706, 0x00001d08,
+ 0x0001d707, 0x00001d09,
+ 0x0001d708, 0x00001d0a,
+ 0x0001d709, 0x00001d0b,
+ 0x0001d70a, 0x00001d0c,
+ 0x0001d70b, 0x00001d0d,
+ 0x0001d70c, 0x00001d0e,
+ 0x0001d70d, 0x00001d0f,
+ 0x0001d70e, 0x00001d10,
+ 0x0001d70f, 0x00001d11,
+ 0x0001d710, 0x00001d12,
+ 0x0001d711, 0x00001d13,
+ 0x0001d712, 0x00001d14,
+ 0x0001d713, 0x00001d15,
+ 0x0001d714, 0x00001d16,
+ 0x0001d715, 0x00001d17,
+ 0x0001d716, 0x00001d18,
+ 0x0001d717, 0x00001d19,
+ 0x0001d718, 0x00001d1a,
+ 0x0001d719, 0x00001d1b,
+ 0x0001d71a, 0x00001d1c,
+ 0x0001d71b, 0x00001d1d,
+ 0x0001d71c, 0x00001d1e,
+ 0x0001d71d, 0x00001d1f,
+ 0x0001d71e, 0x00001d20,
+ 0x0001d71f, 0x00001d21,
+ 0x0001d720, 0x00001d22,
+ 0x0001d721, 0x00001d23,
+ 0x0001d722, 0x00001d24,
+ 0x0001d723, 0x00001d25,
+ 0x0001d724, 0x00001d26,
+ 0x0001d725, 0x00001d27,
+ 0x0001d726, 0x00001d28,
+ 0x0001d727, 0x00001d29,
+ 0x0001d728, 0x00001d2a,
+ 0x0001d729, 0x00001d2b,
+ 0x0001d72a, 0x00001d2c,
+ 0x0001d72b, 0x00001d2d,
+ 0x0001d72c, 0x00001d2e,
+ 0x0001d72d, 0x00001d2f,
+ 0x0001d72e, 0x00001d30,
+ 0x0001d72f, 0x00001d31,
+ 0x0001d730, 0x00001d32,
+ 0x0001d731, 0x00001d33,
+ 0x0001d732, 0x00001d34,
+ 0x0001d733, 0x00001d35,
+ 0x0001d734, 0x00001d36,
+ 0x0001d735, 0x00001d37,
+ 0x0001d736, 0x00001d38,
+ 0x0001d737, 0x00001d39,
+ 0x0001d738, 0x00001d3a,
+ 0x0001d739, 0x00001d3b,
+ 0x0001d73a, 0x00001d3c,
+ 0x0001d73b, 0x00001d3d,
+ 0x0001d73c, 0x00001d3e,
+ 0x0001d73d, 0x00001d3f,
+ 0x0001d73e, 0x00001d40,
+ 0x0001d73f, 0x00001d41,
+ 0x0001d740, 0x00001d42,
+ 0x0001d741, 0x00001d43,
+ 0x0001d742, 0x00001d44,
+ 0x0001d743, 0x00001d45,
+ 0x0001d744, 0x00001d46,
+ 0x0001d745, 0x00001d47,
+ 0x0001d746, 0x00001d48,
+ 0x0001d747, 0x00001d49,
+ 0x0001d748, 0x00001d4a,
+ 0x0001d749, 0x00001d4b,
+ 0x0001d74a, 0x00001d4c,
+ 0x0001d74b, 0x00001d4d,
+ 0x0001d74c, 0x00001d4e,
+ 0x0001d74d, 0x00001d4f,
+ 0x0001d74e, 0x00001d50,
+ 0x0001d74f, 0x00001d51,
+ 0x0001d750, 0x00001d52,
+ 0x0001d751, 0x00001d53,
+ 0x0001d752, 0x00001d54,
+ 0x0001d753, 0x00001d55,
+ 0x0001d754, 0x00001d56,
+ 0x0001d755, 0x00001d57,
+ 0x0001d756, 0x00001d58,
+ 0x0001d757, 0x00001d59,
+ 0x0001d758, 0x00001d5a,
+ 0x0001d759, 0x00001d5b,
+ 0x0001d75a, 0x00001d5c,
+ 0x0001d75b, 0x00001d5d,
+ 0x0001d75c, 0x00001d5e,
+ 0x0001d75d, 0x00001d5f,
+ 0x0001d75e, 0x00001d60,
+ 0x0001d75f, 0x00001d61,
+ 0x0001d760, 0x00001d62,
+ 0x0001d761, 0x00001d63,
+ 0x0001d762, 0x00001d64,
+ 0x0001d763, 0x00001d65,
+ 0x0001d764, 0x00001d66,
+ 0x0001d765, 0x00001d67,
+ 0x0001d766, 0x00001d68,
+ 0x0001d767, 0x00001d69,
+ 0x0001d768, 0x00001d6a,
+ 0x0001d769, 0x00001d6b,
+ 0x0001d76a, 0x00001d6c,
+ 0x0001d76b, 0x00001d6d,
+ 0x0001d76c, 0x00001d6e,
+ 0x0001d76d, 0x00001d6f,
+ 0x0001d76e, 0x00001d70,
+ 0x0001d76f, 0x00001d71,
+ 0x0001d770, 0x00001d72,
+ 0x0001d771, 0x00001d73,
+ 0x0001d772, 0x00001d74,
+ 0x0001d773, 0x00001d75,
+ 0x0001d774, 0x00001d76,
+ 0x0001d775, 0x00001d77,
+ 0x0001d776, 0x00001d78,
+ 0x0001d777, 0x00001d79,
+ 0x0001d778, 0x00001d7a,
+ 0x0001d779, 0x00001d7b,
+ 0x0001d77a, 0x00001d7c,
+ 0x0001d77b, 0x00001d7d,
+ 0x0001d77c, 0x00001d7e,
+ 0x0001d77d, 0x00001d7f,
+ 0x0001d77e, 0x00001d80,
+ 0x0001d77f, 0x00001d81,
+ 0x0001d780, 0x00001d82,
+ 0x0001d781, 0x00001d83,
+ 0x0001d782, 0x00001d84,
+ 0x0001d783, 0x00001d85,
+ 0x0001d784, 0x00001d86,
+ 0x0001d785, 0x00001d87,
+ 0x0001d786, 0x00001d88,
+ 0x0001d787, 0x00001d89,
+ 0x0001d788, 0x00001d8a,
+ 0x0001d789, 0x00001d8b,
+ 0x0001d78a, 0x00001d8c,
+ 0x0001d78b, 0x00001d8d,
+ 0x0001d78c, 0x00001d8e,
+ 0x0001d78d, 0x00001d8f,
+ 0x0001d78e, 0x00001d90,
+ 0x0001d78f, 0x00001d91,
+ 0x0001d790, 0x00001d92,
+ 0x0001d791, 0x00001d93,
+ 0x0001d792, 0x00001d94,
+ 0x0001d793, 0x00001d95,
+ 0x0001d794, 0x00001d96,
+ 0x0001d795, 0x00001d97,
+ 0x0001d796, 0x00001d98,
+ 0x0001d797, 0x00001d99,
+ 0x0001d798, 0x00001d9a,
+ 0x0001d799, 0x00001d9b,
+ 0x0001d79a, 0x00001d9c,
+ 0x0001d79b, 0x00001d9d,
+ 0x0001d79c, 0x00001d9e,
+ 0x0001d79d, 0x00001d9f,
+ 0x0001d79e, 0x00001da0,
+ 0x0001d79f, 0x00001da1,
+ 0x0001d7a0, 0x00001da2,
+ 0x0001d7a1, 0x00001da3,
+ 0x0001d7a2, 0x00001da4,
+ 0x0001d7a3, 0x00001da5,
+ 0x0001d7a4, 0x00001da6,
+ 0x0001d7a5, 0x00001da7,
+ 0x0001d7a6, 0x00001da8,
+ 0x0001d7a7, 0x00001da9,
+ 0x0001d7a8, 0x00001daa,
+ 0x0001d7a9, 0x00001dab,
+ 0x0001d7aa, 0x00001dac,
+ 0x0001d7ab, 0x00001dad,
+ 0x0001d7ac, 0x00001dae,
+ 0x0001d7ad, 0x00001daf,
+ 0x0001d7ae, 0x00001db0,
+ 0x0001d7af, 0x00001db1,
+ 0x0001d7b0, 0x00001db2,
+ 0x0001d7b1, 0x00001db3,
+ 0x0001d7b2, 0x00001db4,
+ 0x0001d7b3, 0x00001db5,
+ 0x0001d7b4, 0x00001db6,
+ 0x0001d7b5, 0x00001db7,
+ 0x0001d7b6, 0x00001db8,
+ 0x0001d7b7, 0x00001db9,
+ 0x0001d7b8, 0x00001dba,
+ 0x0001d7b9, 0x00001dbb,
+ 0x0001d7ba, 0x00001dbc,
+ 0x0001d7bb, 0x00001dbd,
+ 0x0001d7bc, 0x00001dbe,
+ 0x0001d7bd, 0x00001dbf,
+ 0x0001d7be, 0x00001dc0,
+ 0x0001d7bf, 0x00001dc1,
+ 0x0001d7c0, 0x00001dc2,
+ 0x0001d7c1, 0x00001dc3,
+ 0x0001d7c2, 0x00001dc4,
+ 0x0001d7c3, 0x00001dc5,
+ 0x0001d7c4, 0x00001dc6,
+ 0x0001d7c5, 0x00001dc7,
+ 0x0001d7c6, 0x00001dc8,
+ 0x0001d7c7, 0x00001dc9,
+ 0x0001d7c8, 0x00001dca,
+ 0x0001d7c9, 0x00001dcb,
+ 0x0001d7ce, 0x00001dcc,
+ 0x0001d7cf, 0x00001dcd,
+ 0x0001d7d0, 0x00001dce,
+ 0x0001d7d1, 0x00001dcf,
+ 0x0001d7d2, 0x00001dd0,
+ 0x0001d7d3, 0x00001dd1,
+ 0x0001d7d4, 0x00001dd2,
+ 0x0001d7d5, 0x00001dd3,
+ 0x0001d7d6, 0x00001dd4,
+ 0x0001d7d7, 0x00001dd5,
+ 0x0001d7d8, 0x00001dd6,
+ 0x0001d7d9, 0x00001dd7,
+ 0x0001d7da, 0x00001dd8,
+ 0x0001d7db, 0x00001dd9,
+ 0x0001d7dc, 0x00001dda,
+ 0x0001d7dd, 0x00001ddb,
+ 0x0001d7de, 0x00001ddc,
+ 0x0001d7df, 0x00001ddd,
+ 0x0001d7e0, 0x00001dde,
+ 0x0001d7e1, 0x00001ddf,
+ 0x0001d7e2, 0x00001de0,
+ 0x0001d7e3, 0x00001de1,
+ 0x0001d7e4, 0x00001de2,
+ 0x0001d7e5, 0x00001de3,
+ 0x0001d7e6, 0x00001de4,
+ 0x0001d7e7, 0x00001de5,
+ 0x0001d7e8, 0x00001de6,
+ 0x0001d7e9, 0x00001de7,
+ 0x0001d7ea, 0x00001de8,
+ 0x0001d7eb, 0x00001de9,
+ 0x0001d7ec, 0x00001dea,
+ 0x0001d7ed, 0x00001deb,
+ 0x0001d7ee, 0x00001dec,
+ 0x0001d7ef, 0x00001ded,
+ 0x0001d7f0, 0x00001dee,
+ 0x0001d7f1, 0x00001def,
+ 0x0001d7f2, 0x00001df0,
+ 0x0001d7f3, 0x00001df1,
+ 0x0001d7f4, 0x00001df2,
+ 0x0001d7f5, 0x00001df3,
+ 0x0001d7f6, 0x00001df4,
+ 0x0001d7f7, 0x00001df5,
+ 0x0001d7f8, 0x00001df6,
+ 0x0001d7f9, 0x00001df7,
+ 0x0001d7fa, 0x00001df8,
+ 0x0001d7fb, 0x00001df9,
+ 0x0001d7fc, 0x00001dfa,
+ 0x0001d7fd, 0x00001dfb,
+ 0x0001d7fe, 0x00001dfc,
+ 0x0001d7ff, 0x00001dfd,
+ 0x0002f800, 0x00001dfe,
+ 0x0002f801, 0x00001dff,
+ 0x0002f802, 0x00001e00,
+ 0x0002f803, 0x00001e01,
+ 0x0002f804, 0x00001e02,
+ 0x0002f805, 0x00001e03,
+ 0x0002f806, 0x00001e04,
+ 0x0002f807, 0x00001e05,
+ 0x0002f808, 0x00001e06,
+ 0x0002f809, 0x00001e07,
+ 0x0002f80a, 0x00001e08,
+ 0x0002f80b, 0x00001e09,
+ 0x0002f80c, 0x00001e0a,
+ 0x0002f80d, 0x00001e0b,
+ 0x0002f80e, 0x00001e0c,
+ 0x0002f80f, 0x00001e0d,
+ 0x0002f810, 0x00001e0e,
+ 0x0002f811, 0x00001e0f,
+ 0x0002f812, 0x00001e10,
+ 0x0002f813, 0x00001e11,
+ 0x0002f814, 0x00001e12,
+ 0x0002f815, 0x00001e13,
+ 0x0002f816, 0x00001e14,
+ 0x0002f817, 0x00001e15,
+ 0x0002f818, 0x00001e16,
+ 0x0002f819, 0x00001e17,
+ 0x0002f81a, 0x00001e18,
+ 0x0002f81b, 0x00001e19,
+ 0x0002f81c, 0x00001e1a,
+ 0x0002f81d, 0x00001e1b,
+ 0x0002f81e, 0x00001e1c,
+ 0x0002f81f, 0x00001e1d,
+ 0x0002f820, 0x00001e1e,
+ 0x0002f821, 0x00001e1f,
+ 0x0002f822, 0x00001e20,
+ 0x0002f823, 0x00001e21,
+ 0x0002f824, 0x00001e22,
+ 0x0002f825, 0x00001e23,
+ 0x0002f826, 0x00001e24,
+ 0x0002f827, 0x00001e25,
+ 0x0002f828, 0x00001e26,
+ 0x0002f829, 0x00001e27,
+ 0x0002f82a, 0x00001e28,
+ 0x0002f82b, 0x00001e29,
+ 0x0002f82c, 0x00001e2a,
+ 0x0002f82d, 0x00001e2b,
+ 0x0002f82e, 0x00001e2c,
+ 0x0002f82f, 0x00001e2d,
+ 0x0002f830, 0x00001e2e,
+ 0x0002f831, 0x00001e2f,
+ 0x0002f832, 0x00001e30,
+ 0x0002f833, 0x00001e31,
+ 0x0002f834, 0x00001e32,
+ 0x0002f835, 0x00001e33,
+ 0x0002f836, 0x00001e34,
+ 0x0002f837, 0x00001e35,
+ 0x0002f838, 0x00001e36,
+ 0x0002f839, 0x00001e37,
+ 0x0002f83a, 0x00001e38,
+ 0x0002f83b, 0x00001e39,
+ 0x0002f83c, 0x00001e3a,
+ 0x0002f83d, 0x00001e3b,
+ 0x0002f83e, 0x00001e3c,
+ 0x0002f83f, 0x00001e3d,
+ 0x0002f840, 0x00001e3e,
+ 0x0002f841, 0x00001e3f,
+ 0x0002f842, 0x00001e40,
+ 0x0002f843, 0x00001e41,
+ 0x0002f844, 0x00001e42,
+ 0x0002f845, 0x00001e43,
+ 0x0002f846, 0x00001e44,
+ 0x0002f847, 0x00001e45,
+ 0x0002f848, 0x00001e46,
+ 0x0002f849, 0x00001e47,
+ 0x0002f84a, 0x00001e48,
+ 0x0002f84b, 0x00001e49,
+ 0x0002f84c, 0x00001e4a,
+ 0x0002f84d, 0x00001e4b,
+ 0x0002f84e, 0x00001e4c,
+ 0x0002f84f, 0x00001e4d,
+ 0x0002f850, 0x00001e4e,
+ 0x0002f851, 0x00001e4f,
+ 0x0002f852, 0x00001e50,
+ 0x0002f853, 0x00001e51,
+ 0x0002f854, 0x00001e52,
+ 0x0002f855, 0x00001e53,
+ 0x0002f856, 0x00001e54,
+ 0x0002f857, 0x00001e55,
+ 0x0002f858, 0x00001e56,
+ 0x0002f859, 0x00001e57,
+ 0x0002f85a, 0x00001e58,
+ 0x0002f85b, 0x00001e59,
+ 0x0002f85c, 0x00001e5a,
+ 0x0002f85d, 0x00001e5b,
+ 0x0002f85e, 0x00001e5c,
+ 0x0002f85f, 0x00001e5d,
+ 0x0002f860, 0x00001e5e,
+ 0x0002f861, 0x00001e5f,
+ 0x0002f862, 0x00001e60,
+ 0x0002f863, 0x00001e61,
+ 0x0002f864, 0x00001e62,
+ 0x0002f865, 0x00001e63,
+ 0x0002f866, 0x00001e64,
+ 0x0002f867, 0x00001e65,
+ 0x0002f868, 0x00001e66,
+ 0x0002f869, 0x00001e67,
+ 0x0002f86a, 0x00001e68,
+ 0x0002f86b, 0x00001e69,
+ 0x0002f86c, 0x00001e6a,
+ 0x0002f86d, 0x00001e6b,
+ 0x0002f86e, 0x00001e6c,
+ 0x0002f86f, 0x00001e6d,
+ 0x0002f870, 0x00001e6e,
+ 0x0002f871, 0x00001e6f,
+ 0x0002f872, 0x00001e70,
+ 0x0002f873, 0x00001e71,
+ 0x0002f874, 0x00001e72,
+ 0x0002f875, 0x00001e73,
+ 0x0002f876, 0x00001e74,
+ 0x0002f877, 0x00001e75,
+ 0x0002f878, 0x00001e76,
+ 0x0002f879, 0x00001e77,
+ 0x0002f87a, 0x00001e78,
+ 0x0002f87b, 0x00001e79,
+ 0x0002f87c, 0x00001e7a,
+ 0x0002f87d, 0x00001e7b,
+ 0x0002f87e, 0x00001e7c,
+ 0x0002f87f, 0x00001e7d,
+ 0x0002f880, 0x00001e7e,
+ 0x0002f881, 0x00001e7f,
+ 0x0002f882, 0x00001e80,
+ 0x0002f883, 0x00001e81,
+ 0x0002f884, 0x00001e82,
+ 0x0002f885, 0x00001e83,
+ 0x0002f886, 0x00001e84,
+ 0x0002f887, 0x00001e85,
+ 0x0002f888, 0x00001e86,
+ 0x0002f889, 0x00001e87,
+ 0x0002f88a, 0x00001e88,
+ 0x0002f88b, 0x00001e89,
+ 0x0002f88c, 0x00001e8a,
+ 0x0002f88d, 0x00001e8b,
+ 0x0002f88e, 0x00001e8c,
+ 0x0002f88f, 0x00001e8d,
+ 0x0002f890, 0x00001e8e,
+ 0x0002f891, 0x00001e8f,
+ 0x0002f892, 0x00001e90,
+ 0x0002f893, 0x00001e91,
+ 0x0002f894, 0x00001e92,
+ 0x0002f895, 0x00001e93,
+ 0x0002f896, 0x00001e94,
+ 0x0002f897, 0x00001e95,
+ 0x0002f898, 0x00001e96,
+ 0x0002f899, 0x00001e97,
+ 0x0002f89a, 0x00001e98,
+ 0x0002f89b, 0x00001e99,
+ 0x0002f89c, 0x00001e9a,
+ 0x0002f89d, 0x00001e9b,
+ 0x0002f89e, 0x00001e9c,
+ 0x0002f89f, 0x00001e9d,
+ 0x0002f8a0, 0x00001e9e,
+ 0x0002f8a1, 0x00001e9f,
+ 0x0002f8a2, 0x00001ea0,
+ 0x0002f8a3, 0x00001ea1,
+ 0x0002f8a4, 0x00001ea2,
+ 0x0002f8a5, 0x00001ea3,
+ 0x0002f8a6, 0x00001ea4,
+ 0x0002f8a7, 0x00001ea5,
+ 0x0002f8a8, 0x00001ea6,
+ 0x0002f8a9, 0x00001ea7,
+ 0x0002f8aa, 0x00001ea8,
+ 0x0002f8ab, 0x00001ea9,
+ 0x0002f8ac, 0x00001eaa,
+ 0x0002f8ad, 0x00001eab,
+ 0x0002f8ae, 0x00001eac,
+ 0x0002f8af, 0x00001ead,
+ 0x0002f8b0, 0x00001eae,
+ 0x0002f8b1, 0x00001eaf,
+ 0x0002f8b2, 0x00001eb0,
+ 0x0002f8b3, 0x00001eb1,
+ 0x0002f8b4, 0x00001eb2,
+ 0x0002f8b5, 0x00001eb3,
+ 0x0002f8b6, 0x00001eb4,
+ 0x0002f8b7, 0x00001eb5,
+ 0x0002f8b8, 0x00001eb6,
+ 0x0002f8b9, 0x00001eb7,
+ 0x0002f8ba, 0x00001eb8,
+ 0x0002f8bb, 0x00001eb9,
+ 0x0002f8bc, 0x00001eba,
+ 0x0002f8bd, 0x00001ebb,
+ 0x0002f8be, 0x00001ebc,
+ 0x0002f8bf, 0x00001ebd,
+ 0x0002f8c0, 0x00001ebe,
+ 0x0002f8c1, 0x00001ebf,
+ 0x0002f8c2, 0x00001ec0,
+ 0x0002f8c3, 0x00001ec1,
+ 0x0002f8c4, 0x00001ec2,
+ 0x0002f8c5, 0x00001ec3,
+ 0x0002f8c6, 0x00001ec4,
+ 0x0002f8c7, 0x00001ec5,
+ 0x0002f8c8, 0x00001ec6,
+ 0x0002f8c9, 0x00001ec7,
+ 0x0002f8ca, 0x00001ec8,
+ 0x0002f8cb, 0x00001ec9,
+ 0x0002f8cc, 0x00001eca,
+ 0x0002f8cd, 0x00001ecb,
+ 0x0002f8ce, 0x00001ecc,
+ 0x0002f8cf, 0x00001ecd,
+ 0x0002f8d0, 0x00001ece,
+ 0x0002f8d1, 0x00001ecf,
+ 0x0002f8d2, 0x00001ed0,
+ 0x0002f8d3, 0x00001ed1,
+ 0x0002f8d4, 0x00001ed2,
+ 0x0002f8d5, 0x00001ed3,
+ 0x0002f8d6, 0x00001ed4,
+ 0x0002f8d7, 0x00001ed5,
+ 0x0002f8d8, 0x00001ed6,
+ 0x0002f8d9, 0x00001ed7,
+ 0x0002f8da, 0x00001ed8,
+ 0x0002f8db, 0x00001ed9,
+ 0x0002f8dc, 0x00001eda,
+ 0x0002f8dd, 0x00001edb,
+ 0x0002f8de, 0x00001edc,
+ 0x0002f8df, 0x00001edd,
+ 0x0002f8e0, 0x00001ede,
+ 0x0002f8e1, 0x00001edf,
+ 0x0002f8e2, 0x00001ee0,
+ 0x0002f8e3, 0x00001ee1,
+ 0x0002f8e4, 0x00001ee2,
+ 0x0002f8e5, 0x00001ee3,
+ 0x0002f8e6, 0x00001ee4,
+ 0x0002f8e7, 0x00001ee5,
+ 0x0002f8e8, 0x00001ee6,
+ 0x0002f8e9, 0x00001ee7,
+ 0x0002f8ea, 0x00001ee8,
+ 0x0002f8eb, 0x00001ee9,
+ 0x0002f8ec, 0x00001eea,
+ 0x0002f8ed, 0x00001eeb,
+ 0x0002f8ee, 0x00001eec,
+ 0x0002f8ef, 0x00001eed,
+ 0x0002f8f0, 0x00001eee,
+ 0x0002f8f1, 0x00001eef,
+ 0x0002f8f2, 0x00001ef0,
+ 0x0002f8f3, 0x00001ef1,
+ 0x0002f8f4, 0x00001ef2,
+ 0x0002f8f5, 0x00001ef3,
+ 0x0002f8f6, 0x00001ef4,
+ 0x0002f8f7, 0x00001ef5,
+ 0x0002f8f8, 0x00001ef6,
+ 0x0002f8f9, 0x00001ef7,
+ 0x0002f8fa, 0x00001ef8,
+ 0x0002f8fb, 0x00001ef9,
+ 0x0002f8fc, 0x00001efa,
+ 0x0002f8fd, 0x00001efb,
+ 0x0002f8fe, 0x00001efc,
+ 0x0002f8ff, 0x00001efd,
+ 0x0002f900, 0x00001efe,
+ 0x0002f901, 0x00001eff,
+ 0x0002f902, 0x00001f00,
+ 0x0002f903, 0x00001f01,
+ 0x0002f904, 0x00001f02,
+ 0x0002f905, 0x00001f03,
+ 0x0002f906, 0x00001f04,
+ 0x0002f907, 0x00001f05,
+ 0x0002f908, 0x00001f06,
+ 0x0002f909, 0x00001f07,
+ 0x0002f90a, 0x00001f08,
+ 0x0002f90b, 0x00001f09,
+ 0x0002f90c, 0x00001f0a,
+ 0x0002f90d, 0x00001f0b,
+ 0x0002f90e, 0x00001f0c,
+ 0x0002f90f, 0x00001f0d,
+ 0x0002f910, 0x00001f0e,
+ 0x0002f911, 0x00001f0f,
+ 0x0002f912, 0x00001f10,
+ 0x0002f913, 0x00001f11,
+ 0x0002f914, 0x00001f12,
+ 0x0002f915, 0x00001f13,
+ 0x0002f916, 0x00001f14,
+ 0x0002f917, 0x00001f15,
+ 0x0002f918, 0x00001f16,
+ 0x0002f919, 0x00001f17,
+ 0x0002f91a, 0x00001f18,
+ 0x0002f91b, 0x00001f19,
+ 0x0002f91c, 0x00001f1a,
+ 0x0002f91d, 0x00001f1b,
+ 0x0002f91e, 0x00001f1c,
+ 0x0002f91f, 0x00001f1d,
+ 0x0002f920, 0x00001f1e,
+ 0x0002f921, 0x00001f1f,
+ 0x0002f922, 0x00001f20,
+ 0x0002f923, 0x00001f21,
+ 0x0002f924, 0x00001f22,
+ 0x0002f925, 0x00001f23,
+ 0x0002f926, 0x00001f24,
+ 0x0002f927, 0x00001f25,
+ 0x0002f928, 0x00001f26,
+ 0x0002f929, 0x00001f27,
+ 0x0002f92a, 0x00001f28,
+ 0x0002f92b, 0x00001f29,
+ 0x0002f92c, 0x00001f2a,
+ 0x0002f92d, 0x00001f2b,
+ 0x0002f92e, 0x00001f2c,
+ 0x0002f92f, 0x00001f2d,
+ 0x0002f930, 0x00001f2e,
+ 0x0002f931, 0x00001f2f,
+ 0x0002f932, 0x00001f30,
+ 0x0002f933, 0x00001f31,
+ 0x0002f934, 0x00001f32,
+ 0x0002f935, 0x00001f33,
+ 0x0002f936, 0x00001f34,
+ 0x0002f937, 0x00001f35,
+ 0x0002f938, 0x00001f36,
+ 0x0002f939, 0x00001f37,
+ 0x0002f93a, 0x00001f38,
+ 0x0002f93b, 0x00001f39,
+ 0x0002f93c, 0x00001f3a,
+ 0x0002f93d, 0x00001f3b,
+ 0x0002f93e, 0x00001f3c,
+ 0x0002f93f, 0x00001f3d,
+ 0x0002f940, 0x00001f3e,
+ 0x0002f941, 0x00001f3f,
+ 0x0002f942, 0x00001f40,
+ 0x0002f943, 0x00001f41,
+ 0x0002f944, 0x00001f42,
+ 0x0002f945, 0x00001f43,
+ 0x0002f946, 0x00001f44,
+ 0x0002f947, 0x00001f45,
+ 0x0002f948, 0x00001f46,
+ 0x0002f949, 0x00001f47,
+ 0x0002f94a, 0x00001f48,
+ 0x0002f94b, 0x00001f49,
+ 0x0002f94c, 0x00001f4a,
+ 0x0002f94d, 0x00001f4b,
+ 0x0002f94e, 0x00001f4c,
+ 0x0002f94f, 0x00001f4d,
+ 0x0002f950, 0x00001f4e,
+ 0x0002f951, 0x00001f4f,
+ 0x0002f952, 0x00001f50,
+ 0x0002f953, 0x00001f51,
+ 0x0002f954, 0x00001f52,
+ 0x0002f955, 0x00001f53,
+ 0x0002f956, 0x00001f54,
+ 0x0002f957, 0x00001f55,
+ 0x0002f958, 0x00001f56,
+ 0x0002f959, 0x00001f57,
+ 0x0002f95a, 0x00001f58,
+ 0x0002f95b, 0x00001f59,
+ 0x0002f95c, 0x00001f5a,
+ 0x0002f95d, 0x00001f5b,
+ 0x0002f95e, 0x00001f5c,
+ 0x0002f95f, 0x00001f5d,
+ 0x0002f960, 0x00001f5e,
+ 0x0002f961, 0x00001f5f,
+ 0x0002f962, 0x00001f60,
+ 0x0002f963, 0x00001f61,
+ 0x0002f964, 0x00001f62,
+ 0x0002f965, 0x00001f63,
+ 0x0002f966, 0x00001f64,
+ 0x0002f967, 0x00001f65,
+ 0x0002f968, 0x00001f66,
+ 0x0002f969, 0x00001f67,
+ 0x0002f96a, 0x00001f68,
+ 0x0002f96b, 0x00001f69,
+ 0x0002f96c, 0x00001f6a,
+ 0x0002f96d, 0x00001f6b,
+ 0x0002f96e, 0x00001f6c,
+ 0x0002f96f, 0x00001f6d,
+ 0x0002f970, 0x00001f6e,
+ 0x0002f971, 0x00001f6f,
+ 0x0002f972, 0x00001f70,
+ 0x0002f973, 0x00001f71,
+ 0x0002f974, 0x00001f72,
+ 0x0002f975, 0x00001f73,
+ 0x0002f976, 0x00001f74,
+ 0x0002f977, 0x00001f75,
+ 0x0002f978, 0x00001f76,
+ 0x0002f979, 0x00001f77,
+ 0x0002f97a, 0x00001f78,
+ 0x0002f97b, 0x00001f79,
+ 0x0002f97c, 0x00001f7a,
+ 0x0002f97d, 0x00001f7b,
+ 0x0002f97e, 0x00001f7c,
+ 0x0002f97f, 0x00001f7d,
+ 0x0002f980, 0x00001f7e,
+ 0x0002f981, 0x00001f7f,
+ 0x0002f982, 0x00001f80,
+ 0x0002f983, 0x00001f81,
+ 0x0002f984, 0x00001f82,
+ 0x0002f985, 0x00001f83,
+ 0x0002f986, 0x00001f84,
+ 0x0002f987, 0x00001f85,
+ 0x0002f988, 0x00001f86,
+ 0x0002f989, 0x00001f87,
+ 0x0002f98a, 0x00001f88,
+ 0x0002f98b, 0x00001f89,
+ 0x0002f98c, 0x00001f8a,
+ 0x0002f98d, 0x00001f8b,
+ 0x0002f98e, 0x00001f8c,
+ 0x0002f98f, 0x00001f8d,
+ 0x0002f990, 0x00001f8e,
+ 0x0002f991, 0x00001f8f,
+ 0x0002f992, 0x00001f90,
+ 0x0002f993, 0x00001f91,
+ 0x0002f994, 0x00001f92,
+ 0x0002f995, 0x00001f93,
+ 0x0002f996, 0x00001f94,
+ 0x0002f997, 0x00001f95,
+ 0x0002f998, 0x00001f96,
+ 0x0002f999, 0x00001f97,
+ 0x0002f99a, 0x00001f98,
+ 0x0002f99b, 0x00001f99,
+ 0x0002f99c, 0x00001f9a,
+ 0x0002f99d, 0x00001f9b,
+ 0x0002f99e, 0x00001f9c,
+ 0x0002f99f, 0x00001f9d,
+ 0x0002f9a0, 0x00001f9e,
+ 0x0002f9a1, 0x00001f9f,
+ 0x0002f9a2, 0x00001fa0,
+ 0x0002f9a3, 0x00001fa1,
+ 0x0002f9a4, 0x00001fa2,
+ 0x0002f9a5, 0x00001fa3,
+ 0x0002f9a6, 0x00001fa4,
+ 0x0002f9a7, 0x00001fa5,
+ 0x0002f9a8, 0x00001fa6,
+ 0x0002f9a9, 0x00001fa7,
+ 0x0002f9aa, 0x00001fa8,
+ 0x0002f9ab, 0x00001fa9,
+ 0x0002f9ac, 0x00001faa,
+ 0x0002f9ad, 0x00001fab,
+ 0x0002f9ae, 0x00001fac,
+ 0x0002f9af, 0x00001fad,
+ 0x0002f9b0, 0x00001fae,
+ 0x0002f9b1, 0x00001faf,
+ 0x0002f9b2, 0x00001fb0,
+ 0x0002f9b3, 0x00001fb1,
+ 0x0002f9b4, 0x00001fb2,
+ 0x0002f9b5, 0x00001fb3,
+ 0x0002f9b6, 0x00001fb4,
+ 0x0002f9b7, 0x00001fb5,
+ 0x0002f9b8, 0x00001fb6,
+ 0x0002f9b9, 0x00001fb7,
+ 0x0002f9ba, 0x00001fb8,
+ 0x0002f9bb, 0x00001fb9,
+ 0x0002f9bc, 0x00001fba,
+ 0x0002f9bd, 0x00001fbb,
+ 0x0002f9be, 0x00001fbc,
+ 0x0002f9bf, 0x00001fbd,
+ 0x0002f9c0, 0x00001fbe,
+ 0x0002f9c1, 0x00001fbf,
+ 0x0002f9c2, 0x00001fc0,
+ 0x0002f9c3, 0x00001fc1,
+ 0x0002f9c4, 0x00001fc2,
+ 0x0002f9c5, 0x00001fc3,
+ 0x0002f9c6, 0x00001fc4,
+ 0x0002f9c7, 0x00001fc5,
+ 0x0002f9c8, 0x00001fc6,
+ 0x0002f9c9, 0x00001fc7,
+ 0x0002f9ca, 0x00001fc8,
+ 0x0002f9cb, 0x00001fc9,
+ 0x0002f9cc, 0x00001fca,
+ 0x0002f9cd, 0x00001fcb,
+ 0x0002f9ce, 0x00001fcc,
+ 0x0002f9cf, 0x00001fcd,
+ 0x0002f9d0, 0x00001fce,
+ 0x0002f9d1, 0x00001fcf,
+ 0x0002f9d2, 0x00001fd0,
+ 0x0002f9d3, 0x00001fd1,
+ 0x0002f9d4, 0x00001fd2,
+ 0x0002f9d5, 0x00001fd3,
+ 0x0002f9d6, 0x00001fd4,
+ 0x0002f9d7, 0x00001fd5,
+ 0x0002f9d8, 0x00001fd6,
+ 0x0002f9d9, 0x00001fd7,
+ 0x0002f9da, 0x00001fd8,
+ 0x0002f9db, 0x00001fd9,
+ 0x0002f9dc, 0x00001fda,
+ 0x0002f9dd, 0x00001fdb,
+ 0x0002f9de, 0x00001fdc,
+ 0x0002f9df, 0x00001fdd,
+ 0x0002f9e0, 0x00001fde,
+ 0x0002f9e1, 0x00001fdf,
+ 0x0002f9e2, 0x00001fe0,
+ 0x0002f9e3, 0x00001fe1,
+ 0x0002f9e4, 0x00001fe2,
+ 0x0002f9e5, 0x00001fe3,
+ 0x0002f9e6, 0x00001fe4,
+ 0x0002f9e7, 0x00001fe5,
+ 0x0002f9e8, 0x00001fe6,
+ 0x0002f9e9, 0x00001fe7,
+ 0x0002f9ea, 0x00001fe8,
+ 0x0002f9eb, 0x00001fe9,
+ 0x0002f9ec, 0x00001fea,
+ 0x0002f9ed, 0x00001feb,
+ 0x0002f9ee, 0x00001fec,
+ 0x0002f9ef, 0x00001fed,
+ 0x0002f9f0, 0x00001fee,
+ 0x0002f9f1, 0x00001fef,
+ 0x0002f9f2, 0x00001ff0,
+ 0x0002f9f3, 0x00001ff1,
+ 0x0002f9f4, 0x00001ff2,
+ 0x0002f9f5, 0x00001ff3,
+ 0x0002f9f6, 0x00001ff4,
+ 0x0002f9f7, 0x00001ff5,
+ 0x0002f9f8, 0x00001ff6,
+ 0x0002f9f9, 0x00001ff7,
+ 0x0002f9fa, 0x00001ff8,
+ 0x0002f9fb, 0x00001ff9,
+ 0x0002f9fc, 0x00001ffa,
+ 0x0002f9fd, 0x00001ffb,
+ 0x0002f9fe, 0x00001ffc,
+ 0x0002f9ff, 0x00001ffd,
+ 0x0002fa00, 0x00001ffe,
+ 0x0002fa01, 0x00001fff,
+ 0x0002fa02, 0x00002000,
+ 0x0002fa03, 0x00002001,
+ 0x0002fa04, 0x00002002,
+ 0x0002fa05, 0x00002003,
+ 0x0002fa06, 0x00002004,
+ 0x0002fa07, 0x00002005,
+ 0x0002fa08, 0x00002006,
+ 0x0002fa09, 0x00002007,
+ 0x0002fa0a, 0x00002008,
+ 0x0002fa0b, 0x00002009,
+ 0x0002fa0c, 0x0000200a,
+ 0x0002fa0d, 0x0000200b,
+ 0x0002fa0e, 0x0000200c,
+ 0x0002fa0f, 0x0000200d,
+ 0x0002fa10, 0x0000200e,
+ 0x0002fa11, 0x0000200f,
+ 0x0002fa12, 0x00002010,
+ 0x0002fa13, 0x00002011,
+ 0x0002fa14, 0x00002012,
+ 0x0002fa15, 0x00002013,
+ 0x0002fa16, 0x00002014,
+ 0x0002fa17, 0x00002015,
+ 0x0002fa18, 0x00002016,
+ 0x0002fa19, 0x00002017,
+ 0x0002fa1a, 0x00002018,
+ 0x0002fa1b, 0x00002019,
+ 0x0002fa1c, 0x0000201a,
+ 0x0002fa1d, 0x0000201b,
+ 0x0000201c
+};
+
+static const ac_uint4 _uckdcmp_decomp[] = {
+ 0x00000020, 0x00000020, 0x00000308, 0x00000061,
+ 0x00000020, 0x00000304, 0x00000032, 0x00000033,
+ 0x00000020, 0x00000301, 0x000003bc, 0x00000020,
+ 0x00000327, 0x00000031, 0x0000006f, 0x00000031,
+ 0x00002044, 0x00000034, 0x00000031, 0x00002044,
+ 0x00000032, 0x00000033, 0x00002044, 0x00000034,
+ 0x00000041, 0x00000300, 0x00000041, 0x00000301,
+ 0x00000041, 0x00000302, 0x00000041, 0x00000303,
+ 0x00000041, 0x00000308, 0x00000041, 0x0000030a,
+ 0x00000043, 0x00000327, 0x00000045, 0x00000300,
+ 0x00000045, 0x00000301, 0x00000045, 0x00000302,
+ 0x00000045, 0x00000308, 0x00000049, 0x00000300,
+ 0x00000049, 0x00000301, 0x00000049, 0x00000302,
+ 0x00000049, 0x00000308, 0x0000004e, 0x00000303,
+ 0x0000004f, 0x00000300, 0x0000004f, 0x00000301,
+ 0x0000004f, 0x00000302, 0x0000004f, 0x00000303,
+ 0x0000004f, 0x00000308, 0x00000055, 0x00000300,
+ 0x00000055, 0x00000301, 0x00000055, 0x00000302,
+ 0x00000055, 0x00000308, 0x00000059, 0x00000301,
+ 0x00000061, 0x00000300, 0x00000061, 0x00000301,
+ 0x00000061, 0x00000302, 0x00000061, 0x00000303,
+ 0x00000061, 0x00000308, 0x00000061, 0x0000030a,
+ 0x00000063, 0x00000327, 0x00000065, 0x00000300,
+ 0x00000065, 0x00000301, 0x00000065, 0x00000302,
+ 0x00000065, 0x00000308, 0x00000069, 0x00000300,
+ 0x00000069, 0x00000301, 0x00000069, 0x00000302,
+ 0x00000069, 0x00000308, 0x0000006e, 0x00000303,
+ 0x0000006f, 0x00000300, 0x0000006f, 0x00000301,
+ 0x0000006f, 0x00000302, 0x0000006f, 0x00000303,
+ 0x0000006f, 0x00000308, 0x00000075, 0x00000300,
+ 0x00000075, 0x00000301, 0x00000075, 0x00000302,
+ 0x00000075, 0x00000308, 0x00000079, 0x00000301,
+ 0x00000079, 0x00000308, 0x00000041, 0x00000304,
+ 0x00000061, 0x00000304, 0x00000041, 0x00000306,
+ 0x00000061, 0x00000306, 0x00000041, 0x00000328,
+ 0x00000061, 0x00000328, 0x00000043, 0x00000301,
+ 0x00000063, 0x00000301, 0x00000043, 0x00000302,
+ 0x00000063, 0x00000302, 0x00000043, 0x00000307,
+ 0x00000063, 0x00000307, 0x00000043, 0x0000030c,
+ 0x00000063, 0x0000030c, 0x00000044, 0x0000030c,
+ 0x00000064, 0x0000030c, 0x00000045, 0x00000304,
+ 0x00000065, 0x00000304, 0x00000045, 0x00000306,
+ 0x00000065, 0x00000306, 0x00000045, 0x00000307,
+ 0x00000065, 0x00000307, 0x00000045, 0x00000328,
+ 0x00000065, 0x00000328, 0x00000045, 0x0000030c,
+ 0x00000065, 0x0000030c, 0x00000047, 0x00000302,
+ 0x00000067, 0x00000302, 0x00000047, 0x00000306,
+ 0x00000067, 0x00000306, 0x00000047, 0x00000307,
+ 0x00000067, 0x00000307, 0x00000047, 0x00000327,
+ 0x00000067, 0x00000327, 0x00000048, 0x00000302,
+ 0x00000068, 0x00000302, 0x00000049, 0x00000303,
+ 0x00000069, 0x00000303, 0x00000049, 0x00000304,
+ 0x00000069, 0x00000304, 0x00000049, 0x00000306,
+ 0x00000069, 0x00000306, 0x00000049, 0x00000328,
+ 0x00000069, 0x00000328, 0x00000049, 0x00000307,
+ 0x00000049, 0x0000004a, 0x00000069, 0x0000006a,
+ 0x0000004a, 0x00000302, 0x0000006a, 0x00000302,
+ 0x0000004b, 0x00000327, 0x0000006b, 0x00000327,
+ 0x0000004c, 0x00000301, 0x0000006c, 0x00000301,
+ 0x0000004c, 0x00000327, 0x0000006c, 0x00000327,
+ 0x0000004c, 0x0000030c, 0x0000006c, 0x0000030c,
+ 0x0000004c, 0x000000b7, 0x0000006c, 0x000000b7,
+ 0x0000004e, 0x00000301, 0x0000006e, 0x00000301,
+ 0x0000004e, 0x00000327, 0x0000006e, 0x00000327,
+ 0x0000004e, 0x0000030c, 0x0000006e, 0x0000030c,
+ 0x000002bc, 0x0000006e, 0x0000004f, 0x00000304,
+ 0x0000006f, 0x00000304, 0x0000004f, 0x00000306,
+ 0x0000006f, 0x00000306, 0x0000004f, 0x0000030b,
+ 0x0000006f, 0x0000030b, 0x00000052, 0x00000301,
+ 0x00000072, 0x00000301, 0x00000052, 0x00000327,
+ 0x00000072, 0x00000327, 0x00000052, 0x0000030c,
+ 0x00000072, 0x0000030c, 0x00000053, 0x00000301,
+ 0x00000073, 0x00000301, 0x00000053, 0x00000302,
+ 0x00000073, 0x00000302, 0x00000053, 0x00000327,
+ 0x00000073, 0x00000327, 0x00000053, 0x0000030c,
+ 0x00000073, 0x0000030c, 0x00000054, 0x00000327,
+ 0x00000074, 0x00000327, 0x00000054, 0x0000030c,
+ 0x00000074, 0x0000030c, 0x00000055, 0x00000303,
+ 0x00000075, 0x00000303, 0x00000055, 0x00000304,
+ 0x00000075, 0x00000304, 0x00000055, 0x00000306,
+ 0x00000075, 0x00000306, 0x00000055, 0x0000030a,
+ 0x00000075, 0x0000030a, 0x00000055, 0x0000030b,
+ 0x00000075, 0x0000030b, 0x00000055, 0x00000328,
+ 0x00000075, 0x00000328, 0x00000057, 0x00000302,
+ 0x00000077, 0x00000302, 0x00000059, 0x00000302,
+ 0x00000079, 0x00000302, 0x00000059, 0x00000308,
+ 0x0000005a, 0x00000301, 0x0000007a, 0x00000301,
+ 0x0000005a, 0x00000307, 0x0000007a, 0x00000307,
+ 0x0000005a, 0x0000030c, 0x0000007a, 0x0000030c,
+ 0x00000073, 0x0000004f, 0x0000031b, 0x0000006f,
+ 0x0000031b, 0x00000055, 0x0000031b, 0x00000075,
+ 0x0000031b, 0x00000044, 0x0000005a, 0x0000030c,
+ 0x00000044, 0x0000007a, 0x0000030c, 0x00000064,
+ 0x0000007a, 0x0000030c, 0x0000004c, 0x0000004a,
+ 0x0000004c, 0x0000006a, 0x0000006c, 0x0000006a,
+ 0x0000004e, 0x0000004a, 0x0000004e, 0x0000006a,
+ 0x0000006e, 0x0000006a, 0x00000041, 0x0000030c,
+ 0x00000061, 0x0000030c, 0x00000049, 0x0000030c,
+ 0x00000069, 0x0000030c, 0x0000004f, 0x0000030c,
+ 0x0000006f, 0x0000030c, 0x00000055, 0x0000030c,
+ 0x00000075, 0x0000030c, 0x00000055, 0x00000308,
+ 0x00000304, 0x00000075, 0x00000308, 0x00000304,
+ 0x00000055, 0x00000308, 0x00000301, 0x00000075,
+ 0x00000308, 0x00000301, 0x00000055, 0x00000308,
+ 0x0000030c, 0x00000075, 0x00000308, 0x0000030c,
+ 0x00000055, 0x00000308, 0x00000300, 0x00000075,
+ 0x00000308, 0x00000300, 0x00000041, 0x00000308,
+ 0x00000304, 0x00000061, 0x00000308, 0x00000304,
+ 0x00000041, 0x00000307, 0x00000304, 0x00000061,
+ 0x00000307, 0x00000304, 0x000000c6, 0x00000304,
+ 0x000000e6, 0x00000304, 0x00000047, 0x0000030c,
+ 0x00000067, 0x0000030c, 0x0000004b, 0x0000030c,
+ 0x0000006b, 0x0000030c, 0x0000004f, 0x00000328,
+ 0x0000006f, 0x00000328, 0x0000004f, 0x00000328,
+ 0x00000304, 0x0000006f, 0x00000328, 0x00000304,
+ 0x000001b7, 0x0000030c, 0x00000292, 0x0000030c,
+ 0x0000006a, 0x0000030c, 0x00000044, 0x0000005a,
+ 0x00000044, 0x0000007a, 0x00000064, 0x0000007a,
+ 0x00000047, 0x00000301, 0x00000067, 0x00000301,
+ 0x0000004e, 0x00000300, 0x0000006e, 0x00000300,
+ 0x00000041, 0x0000030a, 0x00000301, 0x00000061,
+ 0x0000030a, 0x00000301, 0x000000c6, 0x00000301,
+ 0x000000e6, 0x00000301, 0x000000d8, 0x00000301,
+ 0x000000f8, 0x00000301, 0x00000041, 0x0000030f,
+ 0x00000061, 0x0000030f, 0x00000041, 0x00000311,
+ 0x00000061, 0x00000311, 0x00000045, 0x0000030f,
+ 0x00000065, 0x0000030f, 0x00000045, 0x00000311,
+ 0x00000065, 0x00000311, 0x00000049, 0x0000030f,
+ 0x00000069, 0x0000030f, 0x00000049, 0x00000311,
+ 0x00000069, 0x00000311, 0x0000004f, 0x0000030f,
+ 0x0000006f, 0x0000030f, 0x0000004f, 0x00000311,
+ 0x0000006f, 0x00000311, 0x00000052, 0x0000030f,
+ 0x00000072, 0x0000030f, 0x00000052, 0x00000311,
+ 0x00000072, 0x00000311, 0x00000055, 0x0000030f,
+ 0x00000075, 0x0000030f, 0x00000055, 0x00000311,
+ 0x00000075, 0x00000311, 0x00000053, 0x00000326,
+ 0x00000073, 0x00000326, 0x00000054, 0x00000326,
+ 0x00000074, 0x00000326, 0x00000048, 0x0000030c,
+ 0x00000068, 0x0000030c, 0x00000041, 0x00000307,
+ 0x00000061, 0x00000307, 0x00000045, 0x00000327,
+ 0x00000065, 0x00000327, 0x0000004f, 0x00000308,
+ 0x00000304, 0x0000006f, 0x00000308, 0x00000304,
+ 0x0000004f, 0x00000303, 0x00000304, 0x0000006f,
+ 0x00000303, 0x00000304, 0x0000004f, 0x00000307,
+ 0x0000006f, 0x00000307, 0x0000004f, 0x00000307,
+ 0x00000304, 0x0000006f, 0x00000307, 0x00000304,
+ 0x00000059, 0x00000304, 0x00000079, 0x00000304,
+ 0x00000068, 0x00000266, 0x0000006a, 0x00000072,
+ 0x00000279, 0x0000027b, 0x00000281, 0x00000077,
+ 0x00000079, 0x00000020, 0x00000306, 0x00000020,
+ 0x00000307, 0x00000020, 0x0000030a, 0x00000020,
+ 0x00000328, 0x00000020, 0x00000303, 0x00000020,
+ 0x0000030b, 0x00000263, 0x0000006c, 0x00000073,
+ 0x00000078, 0x00000295, 0x00000300, 0x00000301,
+ 0x00000313, 0x00000308, 0x00000301, 0x000002b9,
+ 0x00000020, 0x00000345, 0x0000003b, 0x00000020,
+ 0x00000301, 0x00000020, 0x00000308, 0x00000301,
+ 0x00000391, 0x00000301, 0x000000b7, 0x00000395,
+ 0x00000301, 0x00000397, 0x00000301, 0x00000399,
+ 0x00000301, 0x0000039f, 0x00000301, 0x000003a5,
+ 0x00000301, 0x000003a9, 0x00000301, 0x000003b9,
+ 0x00000308, 0x00000301, 0x00000399, 0x00000308,
+ 0x000003a5, 0x00000308, 0x000003b1, 0x00000301,
+ 0x000003b5, 0x00000301, 0x000003b7, 0x00000301,
+ 0x000003b9, 0x00000301, 0x000003c5, 0x00000308,
+ 0x00000301, 0x000003b9, 0x00000308, 0x000003c5,
+ 0x00000308, 0x000003bf, 0x00000301, 0x000003c5,
+ 0x00000301, 0x000003c9, 0x00000301, 0x000003b2,
+ 0x000003b8, 0x000003a5, 0x000003a5, 0x00000301,
+ 0x000003a5, 0x00000308, 0x000003c6, 0x000003c0,
+ 0x000003ba, 0x000003c1, 0x000003c2, 0x00000398,
+ 0x000003b5, 0x00000415, 0x00000300, 0x00000415,
+ 0x00000308, 0x00000413, 0x00000301, 0x00000406,
+ 0x00000308, 0x0000041a, 0x00000301, 0x00000418,
+ 0x00000300, 0x00000423, 0x00000306, 0x00000418,
+ 0x00000306, 0x00000438, 0x00000306, 0x00000435,
+ 0x00000300, 0x00000435, 0x00000308, 0x00000433,
+ 0x00000301, 0x00000456, 0x00000308, 0x0000043a,
+ 0x00000301, 0x00000438, 0x00000300, 0x00000443,
+ 0x00000306, 0x00000474, 0x0000030f, 0x00000475,
+ 0x0000030f, 0x00000416, 0x00000306, 0x00000436,
+ 0x00000306, 0x00000410, 0x00000306, 0x00000430,
+ 0x00000306, 0x00000410, 0x00000308, 0x00000430,
+ 0x00000308, 0x00000415, 0x00000306, 0x00000435,
+ 0x00000306, 0x000004d8, 0x00000308, 0x000004d9,
+ 0x00000308, 0x00000416, 0x00000308, 0x00000436,
+ 0x00000308, 0x00000417, 0x00000308, 0x00000437,
+ 0x00000308, 0x00000418, 0x00000304, 0x00000438,
+ 0x00000304, 0x00000418, 0x00000308, 0x00000438,
+ 0x00000308, 0x0000041e, 0x00000308, 0x0000043e,
+ 0x00000308, 0x000004e8, 0x00000308, 0x000004e9,
+ 0x00000308, 0x0000042d, 0x00000308, 0x0000044d,
+ 0x00000308, 0x00000423, 0x00000304, 0x00000443,
+ 0x00000304, 0x00000423, 0x00000308, 0x00000443,
+ 0x00000308, 0x00000423, 0x0000030b, 0x00000443,
+ 0x0000030b, 0x00000427, 0x00000308, 0x00000447,
+ 0x00000308, 0x0000042b, 0x00000308, 0x0000044b,
+ 0x00000308, 0x00000565, 0x00000582, 0x00000627,
+ 0x00000653, 0x00000627, 0x00000654, 0x00000648,
+ 0x00000654, 0x00000627, 0x00000655, 0x0000064a,
+ 0x00000654, 0x00000627, 0x00000674, 0x00000648,
+ 0x00000674, 0x000006c7, 0x00000674, 0x0000064a,
+ 0x00000674, 0x000006d5, 0x00000654, 0x000006c1,
+ 0x00000654, 0x000006d2, 0x00000654, 0x00000928,
+ 0x0000093c, 0x00000930, 0x0000093c, 0x00000933,
+ 0x0000093c, 0x00000915, 0x0000093c, 0x00000916,
+ 0x0000093c, 0x00000917, 0x0000093c, 0x0000091c,
+ 0x0000093c, 0x00000921, 0x0000093c, 0x00000922,
+ 0x0000093c, 0x0000092b, 0x0000093c, 0x0000092f,
+ 0x0000093c, 0x000009c7, 0x000009be, 0x000009c7,
+ 0x000009d7, 0x000009a1, 0x000009bc, 0x000009a2,
+ 0x000009bc, 0x000009af, 0x000009bc, 0x00000a32,
+ 0x00000a3c, 0x00000a38, 0x00000a3c, 0x00000a16,
+ 0x00000a3c, 0x00000a17, 0x00000a3c, 0x00000a1c,
+ 0x00000a3c, 0x00000a2b, 0x00000a3c, 0x00000b47,
+ 0x00000b56, 0x00000b47, 0x00000b3e, 0x00000b47,
+ 0x00000b57, 0x00000b21, 0x00000b3c, 0x00000b22,
+ 0x00000b3c, 0x00000b92, 0x00000bd7, 0x00000bc6,
+ 0x00000bbe, 0x00000bc7, 0x00000bbe, 0x00000bc6,
+ 0x00000bd7, 0x00000c46, 0x00000c56, 0x00000cbf,
+ 0x00000cd5, 0x00000cc6, 0x00000cd5, 0x00000cc6,
+ 0x00000cd6, 0x00000cc6, 0x00000cc2, 0x00000cc6,
+ 0x00000cc2, 0x00000cd5, 0x00000d46, 0x00000d3e,
+ 0x00000d47, 0x00000d3e, 0x00000d46, 0x00000d57,
+ 0x00000dd9, 0x00000dca, 0x00000dd9, 0x00000dcf,
+ 0x00000dd9, 0x00000dcf, 0x00000dca, 0x00000dd9,
+ 0x00000ddf, 0x00000e4d, 0x00000e32, 0x00000ecd,
+ 0x00000eb2, 0x00000eab, 0x00000e99, 0x00000eab,
+ 0x00000ea1, 0x00000f0b, 0x00000f42, 0x00000fb7,
+ 0x00000f4c, 0x00000fb7, 0x00000f51, 0x00000fb7,
+ 0x00000f56, 0x00000fb7, 0x00000f5b, 0x00000fb7,
+ 0x00000f40, 0x00000fb5, 0x00000f71, 0x00000f72,
+ 0x00000f71, 0x00000f74, 0x00000fb2, 0x00000f80,
+ 0x00000fb2, 0x00000f71, 0x00000f80, 0x00000fb3,
+ 0x00000f80, 0x00000fb3, 0x00000f71, 0x00000f80,
+ 0x00000f71, 0x00000f80, 0x00000f92, 0x00000fb7,
+ 0x00000f9c, 0x00000fb7, 0x00000fa1, 0x00000fb7,
+ 0x00000fa6, 0x00000fb7, 0x00000fab, 0x00000fb7,
+ 0x00000f90, 0x00000fb5, 0x00001025, 0x0000102e,
+ 0x00000041, 0x00000325, 0x00000061, 0x00000325,
+ 0x00000042, 0x00000307, 0x00000062, 0x00000307,
+ 0x00000042, 0x00000323, 0x00000062, 0x00000323,
+ 0x00000042, 0x00000331, 0x00000062, 0x00000331,
+ 0x00000043, 0x00000327, 0x00000301, 0x00000063,
+ 0x00000327, 0x00000301, 0x00000044, 0x00000307,
+ 0x00000064, 0x00000307, 0x00000044, 0x00000323,
+ 0x00000064, 0x00000323, 0x00000044, 0x00000331,
+ 0x00000064, 0x00000331, 0x00000044, 0x00000327,
+ 0x00000064, 0x00000327, 0x00000044, 0x0000032d,
+ 0x00000064, 0x0000032d, 0x00000045, 0x00000304,
+ 0x00000300, 0x00000065, 0x00000304, 0x00000300,
+ 0x00000045, 0x00000304, 0x00000301, 0x00000065,
+ 0x00000304, 0x00000301, 0x00000045, 0x0000032d,
+ 0x00000065, 0x0000032d, 0x00000045, 0x00000330,
+ 0x00000065, 0x00000330, 0x00000045, 0x00000327,
+ 0x00000306, 0x00000065, 0x00000327, 0x00000306,
+ 0x00000046, 0x00000307, 0x00000066, 0x00000307,
+ 0x00000047, 0x00000304, 0x00000067, 0x00000304,
+ 0x00000048, 0x00000307, 0x00000068, 0x00000307,
+ 0x00000048, 0x00000323, 0x00000068, 0x00000323,
+ 0x00000048, 0x00000308, 0x00000068, 0x00000308,
+ 0x00000048, 0x00000327, 0x00000068, 0x00000327,
+ 0x00000048, 0x0000032e, 0x00000068, 0x0000032e,
+ 0x00000049, 0x00000330, 0x00000069, 0x00000330,
+ 0x00000049, 0x00000308, 0x00000301, 0x00000069,
+ 0x00000308, 0x00000301, 0x0000004b, 0x00000301,
+ 0x0000006b, 0x00000301, 0x0000004b, 0x00000323,
+ 0x0000006b, 0x00000323, 0x0000004b, 0x00000331,
+ 0x0000006b, 0x00000331, 0x0000004c, 0x00000323,
+ 0x0000006c, 0x00000323, 0x0000004c, 0x00000323,
+ 0x00000304, 0x0000006c, 0x00000323, 0x00000304,
+ 0x0000004c, 0x00000331, 0x0000006c, 0x00000331,
+ 0x0000004c, 0x0000032d, 0x0000006c, 0x0000032d,
+ 0x0000004d, 0x00000301, 0x0000006d, 0x00000301,
+ 0x0000004d, 0x00000307, 0x0000006d, 0x00000307,
+ 0x0000004d, 0x00000323, 0x0000006d, 0x00000323,
+ 0x0000004e, 0x00000307, 0x0000006e, 0x00000307,
+ 0x0000004e, 0x00000323, 0x0000006e, 0x00000323,
+ 0x0000004e, 0x00000331, 0x0000006e, 0x00000331,
+ 0x0000004e, 0x0000032d, 0x0000006e, 0x0000032d,
+ 0x0000004f, 0x00000303, 0x00000301, 0x0000006f,
+ 0x00000303, 0x00000301, 0x0000004f, 0x00000303,
+ 0x00000308, 0x0000006f, 0x00000303, 0x00000308,
+ 0x0000004f, 0x00000304, 0x00000300, 0x0000006f,
+ 0x00000304, 0x00000300, 0x0000004f, 0x00000304,
+ 0x00000301, 0x0000006f, 0x00000304, 0x00000301,
+ 0x00000050, 0x00000301, 0x00000070, 0x00000301,
+ 0x00000050, 0x00000307, 0x00000070, 0x00000307,
+ 0x00000052, 0x00000307, 0x00000072, 0x00000307,
+ 0x00000052, 0x00000323, 0x00000072, 0x00000323,
+ 0x00000052, 0x00000323, 0x00000304, 0x00000072,
+ 0x00000323, 0x00000304, 0x00000052, 0x00000331,
+ 0x00000072, 0x00000331, 0x00000053, 0x00000307,
+ 0x00000073, 0x00000307, 0x00000053, 0x00000323,
+ 0x00000073, 0x00000323, 0x00000053, 0x00000301,
+ 0x00000307, 0x00000073, 0x00000301, 0x00000307,
+ 0x00000053, 0x0000030c, 0x00000307, 0x00000073,
+ 0x0000030c, 0x00000307, 0x00000053, 0x00000323,
+ 0x00000307, 0x00000073, 0x00000323, 0x00000307,
+ 0x00000054, 0x00000307, 0x00000074, 0x00000307,
+ 0x00000054, 0x00000323, 0x00000074, 0x00000323,
+ 0x00000054, 0x00000331, 0x00000074, 0x00000331,
+ 0x00000054, 0x0000032d, 0x00000074, 0x0000032d,
+ 0x00000055, 0x00000324, 0x00000075, 0x00000324,
+ 0x00000055, 0x00000330, 0x00000075, 0x00000330,
+ 0x00000055, 0x0000032d, 0x00000075, 0x0000032d,
+ 0x00000055, 0x00000303, 0x00000301, 0x00000075,
+ 0x00000303, 0x00000301, 0x00000055, 0x00000304,
+ 0x00000308, 0x00000075, 0x00000304, 0x00000308,
+ 0x00000056, 0x00000303, 0x00000076, 0x00000303,
+ 0x00000056, 0x00000323, 0x00000076, 0x00000323,
+ 0x00000057, 0x00000300, 0x00000077, 0x00000300,
+ 0x00000057, 0x00000301, 0x00000077, 0x00000301,
+ 0x00000057, 0x00000308, 0x00000077, 0x00000308,
+ 0x00000057, 0x00000307, 0x00000077, 0x00000307,
+ 0x00000057, 0x00000323, 0x00000077, 0x00000323,
+ 0x00000058, 0x00000307, 0x00000078, 0x00000307,
+ 0x00000058, 0x00000308, 0x00000078, 0x00000308,
+ 0x00000059, 0x00000307, 0x00000079, 0x00000307,
+ 0x0000005a, 0x00000302, 0x0000007a, 0x00000302,
+ 0x0000005a, 0x00000323, 0x0000007a, 0x00000323,
+ 0x0000005a, 0x00000331, 0x0000007a, 0x00000331,
+ 0x00000068, 0x00000331, 0x00000074, 0x00000308,
+ 0x00000077, 0x0000030a, 0x00000079, 0x0000030a,
+ 0x00000061, 0x000002be, 0x00000073, 0x00000307,
+ 0x00000041, 0x00000323, 0x00000061, 0x00000323,
+ 0x00000041, 0x00000309, 0x00000061, 0x00000309,
+ 0x00000041, 0x00000302, 0x00000301, 0x00000061,
+ 0x00000302, 0x00000301, 0x00000041, 0x00000302,
+ 0x00000300, 0x00000061, 0x00000302, 0x00000300,
+ 0x00000041, 0x00000302, 0x00000309, 0x00000061,
+ 0x00000302, 0x00000309, 0x00000041, 0x00000302,
+ 0x00000303, 0x00000061, 0x00000302, 0x00000303,
+ 0x00000041, 0x00000323, 0x00000302, 0x00000061,
+ 0x00000323, 0x00000302, 0x00000041, 0x00000306,
+ 0x00000301, 0x00000061, 0x00000306, 0x00000301,
+ 0x00000041, 0x00000306, 0x00000300, 0x00000061,
+ 0x00000306, 0x00000300, 0x00000041, 0x00000306,
+ 0x00000309, 0x00000061, 0x00000306, 0x00000309,
+ 0x00000041, 0x00000306, 0x00000303, 0x00000061,
+ 0x00000306, 0x00000303, 0x00000041, 0x00000323,
+ 0x00000306, 0x00000061, 0x00000323, 0x00000306,
+ 0x00000045, 0x00000323, 0x00000065, 0x00000323,
+ 0x00000045, 0x00000309, 0x00000065, 0x00000309,
+ 0x00000045, 0x00000303, 0x00000065, 0x00000303,
+ 0x00000045, 0x00000302, 0x00000301, 0x00000065,
+ 0x00000302, 0x00000301, 0x00000045, 0x00000302,
+ 0x00000300, 0x00000065, 0x00000302, 0x00000300,
+ 0x00000045, 0x00000302, 0x00000309, 0x00000065,
+ 0x00000302, 0x00000309, 0x00000045, 0x00000302,
+ 0x00000303, 0x00000065, 0x00000302, 0x00000303,
+ 0x00000045, 0x00000323, 0x00000302, 0x00000065,
+ 0x00000323, 0x00000302, 0x00000049, 0x00000309,
+ 0x00000069, 0x00000309, 0x00000049, 0x00000323,
+ 0x00000069, 0x00000323, 0x0000004f, 0x00000323,
+ 0x0000006f, 0x00000323, 0x0000004f, 0x00000309,
+ 0x0000006f, 0x00000309, 0x0000004f, 0x00000302,
+ 0x00000301, 0x0000006f, 0x00000302, 0x00000301,
+ 0x0000004f, 0x00000302, 0x00000300, 0x0000006f,
+ 0x00000302, 0x00000300, 0x0000004f, 0x00000302,
+ 0x00000309, 0x0000006f, 0x00000302, 0x00000309,
+ 0x0000004f, 0x00000302, 0x00000303, 0x0000006f,
+ 0x00000302, 0x00000303, 0x0000004f, 0x00000323,
+ 0x00000302, 0x0000006f, 0x00000323, 0x00000302,
+ 0x0000004f, 0x0000031b, 0x00000301, 0x0000006f,
+ 0x0000031b, 0x00000301, 0x0000004f, 0x0000031b,
+ 0x00000300, 0x0000006f, 0x0000031b, 0x00000300,
+ 0x0000004f, 0x0000031b, 0x00000309, 0x0000006f,
+ 0x0000031b, 0x00000309, 0x0000004f, 0x0000031b,
+ 0x00000303, 0x0000006f, 0x0000031b, 0x00000303,
+ 0x0000004f, 0x0000031b, 0x00000323, 0x0000006f,
+ 0x0000031b, 0x00000323, 0x00000055, 0x00000323,
+ 0x00000075, 0x00000323, 0x00000055, 0x00000309,
+ 0x00000075, 0x00000309, 0x00000055, 0x0000031b,
+ 0x00000301, 0x00000075, 0x0000031b, 0x00000301,
+ 0x00000055, 0x0000031b, 0x00000300, 0x00000075,
+ 0x0000031b, 0x00000300, 0x00000055, 0x0000031b,
+ 0x00000309, 0x00000075, 0x0000031b, 0x00000309,
+ 0x00000055, 0x0000031b, 0x00000303, 0x00000075,
+ 0x0000031b, 0x00000303, 0x00000055, 0x0000031b,
+ 0x00000323, 0x00000075, 0x0000031b, 0x00000323,
+ 0x00000059, 0x00000300, 0x00000079, 0x00000300,
+ 0x00000059, 0x00000323, 0x00000079, 0x00000323,
+ 0x00000059, 0x00000309, 0x00000079, 0x00000309,
+ 0x00000059, 0x00000303, 0x00000079, 0x00000303,
+ 0x000003b1, 0x00000313, 0x000003b1, 0x00000314,
+ 0x000003b1, 0x00000313, 0x00000300, 0x000003b1,
+ 0x00000314, 0x00000300, 0x000003b1, 0x00000313,
+ 0x00000301, 0x000003b1, 0x00000314, 0x00000301,
+ 0x000003b1, 0x00000313, 0x00000342, 0x000003b1,
+ 0x00000314, 0x00000342, 0x00000391, 0x00000313,
+ 0x00000391, 0x00000314, 0x00000391, 0x00000313,
+ 0x00000300, 0x00000391, 0x00000314, 0x00000300,
+ 0x00000391, 0x00000313, 0x00000301, 0x00000391,
+ 0x00000314, 0x00000301, 0x00000391, 0x00000313,
+ 0x00000342, 0x00000391, 0x00000314, 0x00000342,
+ 0x000003b5, 0x00000313, 0x000003b5, 0x00000314,
+ 0x000003b5, 0x00000313, 0x00000300, 0x000003b5,
+ 0x00000314, 0x00000300, 0x000003b5, 0x00000313,
+ 0x00000301, 0x000003b5, 0x00000314, 0x00000301,
+ 0x00000395, 0x00000313, 0x00000395, 0x00000314,
+ 0x00000395, 0x00000313, 0x00000300, 0x00000395,
+ 0x00000314, 0x00000300, 0x00000395, 0x00000313,
+ 0x00000301, 0x00000395, 0x00000314, 0x00000301,
+ 0x000003b7, 0x00000313, 0x000003b7, 0x00000314,
+ 0x000003b7, 0x00000313, 0x00000300, 0x000003b7,
+ 0x00000314, 0x00000300, 0x000003b7, 0x00000313,
+ 0x00000301, 0x000003b7, 0x00000314, 0x00000301,
+ 0x000003b7, 0x00000313, 0x00000342, 0x000003b7,
+ 0x00000314, 0x00000342, 0x00000397, 0x00000313,
+ 0x00000397, 0x00000314, 0x00000397, 0x00000313,
+ 0x00000300, 0x00000397, 0x00000314, 0x00000300,
+ 0x00000397, 0x00000313, 0x00000301, 0x00000397,
+ 0x00000314, 0x00000301, 0x00000397, 0x00000313,
+ 0x00000342, 0x00000397, 0x00000314, 0x00000342,
+ 0x000003b9, 0x00000313, 0x000003b9, 0x00000314,
+ 0x000003b9, 0x00000313, 0x00000300, 0x000003b9,
+ 0x00000314, 0x00000300, 0x000003b9, 0x00000313,
+ 0x00000301, 0x000003b9, 0x00000314, 0x00000301,
+ 0x000003b9, 0x00000313, 0x00000342, 0x000003b9,
+ 0x00000314, 0x00000342, 0x00000399, 0x00000313,
+ 0x00000399, 0x00000314, 0x00000399, 0x00000313,
+ 0x00000300, 0x00000399, 0x00000314, 0x00000300,
+ 0x00000399, 0x00000313, 0x00000301, 0x00000399,
+ 0x00000314, 0x00000301, 0x00000399, 0x00000313,
+ 0x00000342, 0x00000399, 0x00000314, 0x00000342,
+ 0x000003bf, 0x00000313, 0x000003bf, 0x00000314,
+ 0x000003bf, 0x00000313, 0x00000300, 0x000003bf,
+ 0x00000314, 0x00000300, 0x000003bf, 0x00000313,
+ 0x00000301, 0x000003bf, 0x00000314, 0x00000301,
+ 0x0000039f, 0x00000313, 0x0000039f, 0x00000314,
+ 0x0000039f, 0x00000313, 0x00000300, 0x0000039f,
+ 0x00000314, 0x00000300, 0x0000039f, 0x00000313,
+ 0x00000301, 0x0000039f, 0x00000314, 0x00000301,
+ 0x000003c5, 0x00000313, 0x000003c5, 0x00000314,
+ 0x000003c5, 0x00000313, 0x00000300, 0x000003c5,
+ 0x00000314, 0x00000300, 0x000003c5, 0x00000313,
+ 0x00000301, 0x000003c5, 0x00000314, 0x00000301,
+ 0x000003c5, 0x00000313, 0x00000342, 0x000003c5,
+ 0x00000314, 0x00000342, 0x000003a5, 0x00000314,
+ 0x000003a5, 0x00000314, 0x00000300, 0x000003a5,
+ 0x00000314, 0x00000301, 0x000003a5, 0x00000314,
+ 0x00000342, 0x000003c9, 0x00000313, 0x000003c9,
+ 0x00000314, 0x000003c9, 0x00000313, 0x00000300,
+ 0x000003c9, 0x00000314, 0x00000300, 0x000003c9,
+ 0x00000313, 0x00000301, 0x000003c9, 0x00000314,
+ 0x00000301, 0x000003c9, 0x00000313, 0x00000342,
+ 0x000003c9, 0x00000314, 0x00000342, 0x000003a9,
+ 0x00000313, 0x000003a9, 0x00000314, 0x000003a9,
+ 0x00000313, 0x00000300, 0x000003a9, 0x00000314,
+ 0x00000300, 0x000003a9, 0x00000313, 0x00000301,
+ 0x000003a9, 0x00000314, 0x00000301, 0x000003a9,
+ 0x00000313, 0x00000342, 0x000003a9, 0x00000314,
+ 0x00000342, 0x000003b1, 0x00000300, 0x000003b1,
+ 0x00000301, 0x000003b5, 0x00000300, 0x000003b5,
+ 0x00000301, 0x000003b7, 0x00000300, 0x000003b7,
+ 0x00000301, 0x000003b9, 0x00000300, 0x000003b9,
+ 0x00000301, 0x000003bf, 0x00000300, 0x000003bf,
+ 0x00000301, 0x000003c5, 0x00000300, 0x000003c5,
+ 0x00000301, 0x000003c9, 0x00000300, 0x000003c9,
+ 0x00000301, 0x000003b1, 0x00000313, 0x00000345,
+ 0x000003b1, 0x00000314, 0x00000345, 0x000003b1,
+ 0x00000313, 0x00000300, 0x00000345, 0x000003b1,
+ 0x00000314, 0x00000300, 0x00000345, 0x000003b1,
+ 0x00000313, 0x00000301, 0x00000345, 0x000003b1,
+ 0x00000314, 0x00000301, 0x00000345, 0x000003b1,
+ 0x00000313, 0x00000342, 0x00000345, 0x000003b1,
+ 0x00000314, 0x00000342, 0x00000345, 0x00000391,
+ 0x00000313, 0x00000345, 0x00000391, 0x00000314,
+ 0x00000345, 0x00000391, 0x00000313, 0x00000300,
+ 0x00000345, 0x00000391, 0x00000314, 0x00000300,
+ 0x00000345, 0x00000391, 0x00000313, 0x00000301,
+ 0x00000345, 0x00000391, 0x00000314, 0x00000301,
+ 0x00000345, 0x00000391, 0x00000313, 0x00000342,
+ 0x00000345, 0x00000391, 0x00000314, 0x00000342,
+ 0x00000345, 0x000003b7, 0x00000313, 0x00000345,
+ 0x000003b7, 0x00000314, 0x00000345, 0x000003b7,
+ 0x00000313, 0x00000300, 0x00000345, 0x000003b7,
+ 0x00000314, 0x00000300, 0x00000345, 0x000003b7,
+ 0x00000313, 0x00000301, 0x00000345, 0x000003b7,
+ 0x00000314, 0x00000301, 0x00000345, 0x000003b7,
+ 0x00000313, 0x00000342, 0x00000345, 0x000003b7,
+ 0x00000314, 0x00000342, 0x00000345, 0x00000397,
+ 0x00000313, 0x00000345, 0x00000397, 0x00000314,
+ 0x00000345, 0x00000397, 0x00000313, 0x00000300,
+ 0x00000345, 0x00000397, 0x00000314, 0x00000300,
+ 0x00000345, 0x00000397, 0x00000313, 0x00000301,
+ 0x00000345, 0x00000397, 0x00000314, 0x00000301,
+ 0x00000345, 0x00000397, 0x00000313, 0x00000342,
+ 0x00000345, 0x00000397, 0x00000314, 0x00000342,
+ 0x00000345, 0x000003c9, 0x00000313, 0x00000345,
+ 0x000003c9, 0x00000314, 0x00000345, 0x000003c9,
+ 0x00000313, 0x00000300, 0x00000345, 0x000003c9,
+ 0x00000314, 0x00000300, 0x00000345, 0x000003c9,
+ 0x00000313, 0x00000301, 0x00000345, 0x000003c9,
+ 0x00000314, 0x00000301, 0x00000345, 0x000003c9,
+ 0x00000313, 0x00000342, 0x00000345, 0x000003c9,
+ 0x00000314, 0x00000342, 0x00000345, 0x000003a9,
+ 0x00000313, 0x00000345, 0x000003a9, 0x00000314,
+ 0x00000345, 0x000003a9, 0x00000313, 0x00000300,
+ 0x00000345, 0x000003a9, 0x00000314, 0x00000300,
+ 0x00000345, 0x000003a9, 0x00000313, 0x00000301,
+ 0x00000345, 0x000003a9, 0x00000314, 0x00000301,
+ 0x00000345, 0x000003a9, 0x00000313, 0x00000342,
+ 0x00000345, 0x000003a9, 0x00000314, 0x00000342,
+ 0x00000345, 0x000003b1, 0x00000306, 0x000003b1,
+ 0x00000304, 0x000003b1, 0x00000300, 0x00000345,
+ 0x000003b1, 0x00000345, 0x000003b1, 0x00000301,
+ 0x00000345, 0x000003b1, 0x00000342, 0x000003b1,
+ 0x00000342, 0x00000345, 0x00000391, 0x00000306,
+ 0x00000391, 0x00000304, 0x00000391, 0x00000300,
+ 0x00000391, 0x00000301, 0x00000391, 0x00000345,
+ 0x00000020, 0x00000313, 0x000003b9, 0x00000020,
+ 0x00000313, 0x00000020, 0x00000342, 0x00000020,
+ 0x00000308, 0x00000342, 0x000003b7, 0x00000300,
+ 0x00000345, 0x000003b7, 0x00000345, 0x000003b7,
+ 0x00000301, 0x00000345, 0x000003b7, 0x00000342,
+ 0x000003b7, 0x00000342, 0x00000345, 0x00000395,
+ 0x00000300, 0x00000395, 0x00000301, 0x00000397,
+ 0x00000300, 0x00000397, 0x00000301, 0x00000397,
+ 0x00000345, 0x00000020, 0x00000313, 0x00000300,
+ 0x00000020, 0x00000313, 0x00000301, 0x00000020,
+ 0x00000313, 0x00000342, 0x000003b9, 0x00000306,
+ 0x000003b9, 0x00000304, 0x000003b9, 0x00000308,
+ 0x00000300, 0x000003b9, 0x00000308, 0x00000301,
+ 0x000003b9, 0x00000342, 0x000003b9, 0x00000308,
+ 0x00000342, 0x00000399, 0x00000306, 0x00000399,
+ 0x00000304, 0x00000399, 0x00000300, 0x00000399,
+ 0x00000301, 0x00000020, 0x00000314, 0x00000300,
+ 0x00000020, 0x00000314, 0x00000301, 0x00000020,
+ 0x00000314, 0x00000342, 0x000003c5, 0x00000306,
+ 0x000003c5, 0x00000304, 0x000003c5, 0x00000308,
+ 0x00000300, 0x000003c5, 0x00000308, 0x00000301,
+ 0x000003c1, 0x00000313, 0x000003c1, 0x00000314,
+ 0x000003c5, 0x00000342, 0x000003c5, 0x00000308,
+ 0x00000342, 0x000003a5, 0x00000306, 0x000003a5,
+ 0x00000304, 0x000003a5, 0x00000300, 0x000003a5,
+ 0x00000301, 0x000003a1, 0x00000314, 0x00000020,
+ 0x00000308, 0x00000300, 0x00000020, 0x00000308,
+ 0x00000301, 0x00000060, 0x000003c9, 0x00000300,
+ 0x00000345, 0x000003c9, 0x00000345, 0x000003c9,
+ 0x00000301, 0x00000345, 0x000003c9, 0x00000342,
+ 0x000003c9, 0x00000342, 0x00000345, 0x0000039f,
+ 0x00000300, 0x0000039f, 0x00000301, 0x000003a9,
+ 0x00000300, 0x000003a9, 0x00000301, 0x000003a9,
+ 0x00000345, 0x00000020, 0x00000301, 0x00000020,
+ 0x00000314, 0x00000020, 0x00000020, 0x00000020,
+ 0x00000020, 0x00000020, 0x00000020, 0x00000020,
+ 0x00000020, 0x00000020, 0x00000020, 0x00000020,
+ 0x00002010, 0x00000020, 0x00000333, 0x0000002e,
+ 0x0000002e, 0x0000002e, 0x0000002e, 0x0000002e,
+ 0x0000002e, 0x00000020, 0x00002032, 0x00002032,
+ 0x00002032, 0x00002032, 0x00002032, 0x00002035,
+ 0x00002035, 0x00002035, 0x00002035, 0x00002035,
+ 0x00000021, 0x00000021, 0x00000020, 0x00000305,
+ 0x0000003f, 0x0000003f, 0x0000003f, 0x00000021,
+ 0x00000021, 0x0000003f, 0x00002032, 0x00002032,
+ 0x00002032, 0x00002032, 0x00000020, 0x00000030,
+ 0x00000069, 0x00000034, 0x00000035, 0x00000036,
+ 0x00000037, 0x00000038, 0x00000039, 0x0000002b,
+ 0x00002212, 0x0000003d, 0x00000028, 0x00000029,
+ 0x0000006e, 0x00000030, 0x00000031, 0x00000032,
+ 0x00000033, 0x00000034, 0x00000035, 0x00000036,
+ 0x00000037, 0x00000038, 0x00000039, 0x0000002b,
+ 0x00002212, 0x0000003d, 0x00000028, 0x00000029,
+ 0x00000052, 0x00000073, 0x00000061, 0x0000002f,
+ 0x00000063, 0x00000061, 0x0000002f, 0x00000073,
+ 0x00000043, 0x000000b0, 0x00000043, 0x00000063,
+ 0x0000002f, 0x0000006f, 0x00000063, 0x0000002f,
+ 0x00000075, 0x00000190, 0x000000b0, 0x00000046,
+ 0x00000067, 0x00000048, 0x00000048, 0x00000048,
+ 0x00000068, 0x00000127, 0x00000049, 0x00000049,
+ 0x0000004c, 0x0000006c, 0x0000004e, 0x0000004e,
+ 0x0000006f, 0x00000050, 0x00000051, 0x00000052,
+ 0x00000052, 0x00000052, 0x00000053, 0x0000004d,
+ 0x00000054, 0x00000045, 0x0000004c, 0x00000054,
+ 0x0000004d, 0x0000005a, 0x000003a9, 0x0000005a,
+ 0x0000004b, 0x00000041, 0x0000030a, 0x00000042,
+ 0x00000043, 0x00000065, 0x00000045, 0x00000046,
+ 0x0000004d, 0x0000006f, 0x000005d0, 0x000005d1,
+ 0x000005d2, 0x000005d3, 0x00000069, 0x000003b3,
+ 0x00000393, 0x000003a0, 0x00002211, 0x00000044,
+ 0x00000064, 0x00000065, 0x00000069, 0x0000006a,
+ 0x00000031, 0x00002044, 0x00000033, 0x00000032,
+ 0x00002044, 0x00000033, 0x00000031, 0x00002044,
+ 0x00000035, 0x00000032, 0x00002044, 0x00000035,
+ 0x00000033, 0x00002044, 0x00000035, 0x00000034,
+ 0x00002044, 0x00000035, 0x00000031, 0x00002044,
+ 0x00000036, 0x00000035, 0x00002044, 0x00000036,
+ 0x00000031, 0x00002044, 0x00000038, 0x00000033,
+ 0x00002044, 0x00000038, 0x00000035, 0x00002044,
+ 0x00000038, 0x00000037, 0x00002044, 0x00000038,
+ 0x00000031, 0x00002044, 0x00000049, 0x00000049,
+ 0x00000049, 0x00000049, 0x00000049, 0x00000049,
+ 0x00000049, 0x00000056, 0x00000056, 0x00000056,
+ 0x00000049, 0x00000056, 0x00000049, 0x00000049,
+ 0x00000056, 0x00000049, 0x00000049, 0x00000049,
+ 0x00000049, 0x00000058, 0x00000058, 0x00000058,
+ 0x00000049, 0x00000058, 0x00000049, 0x00000049,
+ 0x0000004c, 0x00000043, 0x00000044, 0x0000004d,
+ 0x00000069, 0x00000069, 0x00000069, 0x00000069,
+ 0x00000069, 0x00000069, 0x00000069, 0x00000076,
+ 0x00000076, 0x00000076, 0x00000069, 0x00000076,
+ 0x00000069, 0x00000069, 0x00000076, 0x00000069,
+ 0x00000069, 0x00000069, 0x00000069, 0x00000078,
+ 0x00000078, 0x00000078, 0x00000069, 0x00000078,
+ 0x00000069, 0x00000069, 0x0000006c, 0x00000063,
+ 0x00000064, 0x0000006d, 0x00002190, 0x00000338,
+ 0x00002192, 0x00000338, 0x00002194, 0x00000338,
+ 0x000021d0, 0x00000338, 0x000021d4, 0x00000338,
+ 0x000021d2, 0x00000338, 0x00002203, 0x00000338,
+ 0x00002208, 0x00000338, 0x0000220b, 0x00000338,
+ 0x00002223, 0x00000338, 0x00002225, 0x00000338,
+ 0x0000222b, 0x0000222b, 0x0000222b, 0x0000222b,
+ 0x0000222b, 0x0000222e, 0x0000222e, 0x0000222e,
+ 0x0000222e, 0x0000222e, 0x0000223c, 0x00000338,
+ 0x00002243, 0x00000338, 0x00002245, 0x00000338,
+ 0x00002248, 0x00000338, 0x0000003d, 0x00000338,
+ 0x00002261, 0x00000338, 0x0000224d, 0x00000338,
+ 0x0000003c, 0x00000338, 0x0000003e, 0x00000338,
+ 0x00002264, 0x00000338, 0x00002265, 0x00000338,
+ 0x00002272, 0x00000338, 0x00002273, 0x00000338,
+ 0x00002276, 0x00000338, 0x00002277, 0x00000338,
+ 0x0000227a, 0x00000338, 0x0000227b, 0x00000338,
+ 0x00002282, 0x00000338, 0x00002283, 0x00000338,
+ 0x00002286, 0x00000338, 0x00002287, 0x00000338,
+ 0x000022a2, 0x00000338, 0x000022a8, 0x00000338,
+ 0x000022a9, 0x00000338, 0x000022ab, 0x00000338,
+ 0x0000227c, 0x00000338, 0x0000227d, 0x00000338,
+ 0x00002291, 0x00000338, 0x00002292, 0x00000338,
+ 0x000022b2, 0x00000338, 0x000022b3, 0x00000338,
+ 0x000022b4, 0x00000338, 0x000022b5, 0x00000338,
+ 0x00003008, 0x00003009, 0x00000031, 0x00000032,
+ 0x00000033, 0x00000034, 0x00000035, 0x00000036,
+ 0x00000037, 0x00000038, 0x00000039, 0x00000031,
+ 0x00000030, 0x00000031, 0x00000031, 0x00000031,
+ 0x00000032, 0x00000031, 0x00000033, 0x00000031,
+ 0x00000034, 0x00000031, 0x00000035, 0x00000031,
+ 0x00000036, 0x00000031, 0x00000037, 0x00000031,
+ 0x00000038, 0x00000031, 0x00000039, 0x00000032,
+ 0x00000030, 0x00000028, 0x00000031, 0x00000029,
+ 0x00000028, 0x00000032, 0x00000029, 0x00000028,
+ 0x00000033, 0x00000029, 0x00000028, 0x00000034,
+ 0x00000029, 0x00000028, 0x00000035, 0x00000029,
+ 0x00000028, 0x00000036, 0x00000029, 0x00000028,
+ 0x00000037, 0x00000029, 0x00000028, 0x00000038,
+ 0x00000029, 0x00000028, 0x00000039, 0x00000029,
+ 0x00000028, 0x00000031, 0x00000030, 0x00000029,
+ 0x00000028, 0x00000031, 0x00000031, 0x00000029,
+ 0x00000028, 0x00000031, 0x00000032, 0x00000029,
+ 0x00000028, 0x00000031, 0x00000033, 0x00000029,
+ 0x00000028, 0x00000031, 0x00000034, 0x00000029,
+ 0x00000028, 0x00000031, 0x00000035, 0x00000029,
+ 0x00000028, 0x00000031, 0x00000036, 0x00000029,
+ 0x00000028, 0x00000031, 0x00000037, 0x00000029,
+ 0x00000028, 0x00000031, 0x00000038, 0x00000029,
+ 0x00000028, 0x00000031, 0x00000039, 0x00000029,
+ 0x00000028, 0x00000032, 0x00000030, 0x00000029,
+ 0x00000031, 0x0000002e, 0x00000032, 0x0000002e,
+ 0x00000033, 0x0000002e, 0x00000034, 0x0000002e,
+ 0x00000035, 0x0000002e, 0x00000036, 0x0000002e,
+ 0x00000037, 0x0000002e, 0x00000038, 0x0000002e,
+ 0x00000039, 0x0000002e, 0x00000031, 0x00000030,
+ 0x0000002e, 0x00000031, 0x00000031, 0x0000002e,
+ 0x00000031, 0x00000032, 0x0000002e, 0x00000031,
+ 0x00000033, 0x0000002e, 0x00000031, 0x00000034,
+ 0x0000002e, 0x00000031, 0x00000035, 0x0000002e,
+ 0x00000031, 0x00000036, 0x0000002e, 0x00000031,
+ 0x00000037, 0x0000002e, 0x00000031, 0x00000038,
+ 0x0000002e, 0x00000031, 0x00000039, 0x0000002e,
+ 0x00000032, 0x00000030, 0x0000002e, 0x00000028,
+ 0x00000061, 0x00000029, 0x00000028, 0x00000062,
+ 0x00000029, 0x00000028, 0x00000063, 0x00000029,
+ 0x00000028, 0x00000064, 0x00000029, 0x00000028,
+ 0x00000065, 0x00000029, 0x00000028, 0x00000066,
+ 0x00000029, 0x00000028, 0x00000067, 0x00000029,
+ 0x00000028, 0x00000068, 0x00000029, 0x00000028,
+ 0x00000069, 0x00000029, 0x00000028, 0x0000006a,
+ 0x00000029, 0x00000028, 0x0000006b, 0x00000029,
+ 0x00000028, 0x0000006c, 0x00000029, 0x00000028,
+ 0x0000006d, 0x00000029, 0x00000028, 0x0000006e,
+ 0x00000029, 0x00000028, 0x0000006f, 0x00000029,
+ 0x00000028, 0x00000070, 0x00000029, 0x00000028,
+ 0x00000071, 0x00000029, 0x00000028, 0x00000072,
+ 0x00000029, 0x00000028, 0x00000073, 0x00000029,
+ 0x00000028, 0x00000074, 0x00000029, 0x00000028,
+ 0x00000075, 0x00000029, 0x00000028, 0x00000076,
+ 0x00000029, 0x00000028, 0x00000077, 0x00000029,
+ 0x00000028, 0x00000078, 0x00000029, 0x00000028,
+ 0x00000079, 0x00000029, 0x00000028, 0x0000007a,
+ 0x00000029, 0x00000041, 0x00000042, 0x00000043,
+ 0x00000044, 0x00000045, 0x00000046, 0x00000047,
+ 0x00000048, 0x00000049, 0x0000004a, 0x0000004b,
+ 0x0000004c, 0x0000004d, 0x0000004e, 0x0000004f,
+ 0x00000050, 0x00000051, 0x00000052, 0x00000053,
+ 0x00000054, 0x00000055, 0x00000056, 0x00000057,
+ 0x00000058, 0x00000059, 0x0000005a, 0x00000061,
+ 0x00000062, 0x00000063, 0x00000064, 0x00000065,
+ 0x00000066, 0x00000067, 0x00000068, 0x00000069,
+ 0x0000006a, 0x0000006b, 0x0000006c, 0x0000006d,
+ 0x0000006e, 0x0000006f, 0x00000070, 0x00000071,
+ 0x00000072, 0x00000073, 0x00000074, 0x00000075,
+ 0x00000076, 0x00000077, 0x00000078, 0x00000079,
+ 0x0000007a, 0x00000030, 0x0000222b, 0x0000222b,
+ 0x0000222b, 0x0000222b, 0x0000003a, 0x0000003a,
+ 0x0000003d, 0x0000003d, 0x0000003d, 0x0000003d,
+ 0x0000003d, 0x0000003d, 0x00002add, 0x00000338,
+ 0x00006bcd, 0x00009f9f, 0x00004e00, 0x00004e28,
+ 0x00004e36, 0x00004e3f, 0x00004e59, 0x00004e85,
+ 0x00004e8c, 0x00004ea0, 0x00004eba, 0x0000513f,
+ 0x00005165, 0x0000516b, 0x00005182, 0x00005196,
+ 0x000051ab, 0x000051e0, 0x000051f5, 0x00005200,
+ 0x0000529b, 0x000052f9, 0x00005315, 0x0000531a,
+ 0x00005338, 0x00005341, 0x0000535c, 0x00005369,
+ 0x00005382, 0x000053b6, 0x000053c8, 0x000053e3,
+ 0x000056d7, 0x0000571f, 0x000058eb, 0x00005902,
+ 0x0000590a, 0x00005915, 0x00005927, 0x00005973,
+ 0x00005b50, 0x00005b80, 0x00005bf8, 0x00005c0f,
+ 0x00005c22, 0x00005c38, 0x00005c6e, 0x00005c71,
+ 0x00005ddb, 0x00005de5, 0x00005df1, 0x00005dfe,
+ 0x00005e72, 0x00005e7a, 0x00005e7f, 0x00005ef4,
+ 0x00005efe, 0x00005f0b, 0x00005f13, 0x00005f50,
+ 0x00005f61, 0x00005f73, 0x00005fc3, 0x00006208,
+ 0x00006236, 0x0000624b, 0x0000652f, 0x00006534,
+ 0x00006587, 0x00006597, 0x000065a4, 0x000065b9,
+ 0x000065e0, 0x000065e5, 0x000066f0, 0x00006708,
+ 0x00006728, 0x00006b20, 0x00006b62, 0x00006b79,
+ 0x00006bb3, 0x00006bcb, 0x00006bd4, 0x00006bdb,
+ 0x00006c0f, 0x00006c14, 0x00006c34, 0x0000706b,
+ 0x0000722a, 0x00007236, 0x0000723b, 0x0000723f,
+ 0x00007247, 0x00007259, 0x0000725b, 0x000072ac,
+ 0x00007384, 0x00007389, 0x000074dc, 0x000074e6,
+ 0x00007518, 0x0000751f, 0x00007528, 0x00007530,
+ 0x0000758b, 0x00007592, 0x00007676, 0x0000767d,
+ 0x000076ae, 0x000076bf, 0x000076ee, 0x000077db,
+ 0x000077e2, 0x000077f3, 0x0000793a, 0x000079b8,
+ 0x000079be, 0x00007a74, 0x00007acb, 0x00007af9,
+ 0x00007c73, 0x00007cf8, 0x00007f36, 0x00007f51,
+ 0x00007f8a, 0x00007fbd, 0x00008001, 0x0000800c,
+ 0x00008012, 0x00008033, 0x0000807f, 0x00008089,
+ 0x000081e3, 0x000081ea, 0x000081f3, 0x000081fc,
+ 0x0000820c, 0x0000821b, 0x0000821f, 0x0000826e,
+ 0x00008272, 0x00008278, 0x0000864d, 0x0000866b,
+ 0x00008840, 0x0000884c, 0x00008863, 0x0000897e,
+ 0x0000898b, 0x000089d2, 0x00008a00, 0x00008c37,
+ 0x00008c46, 0x00008c55, 0x00008c78, 0x00008c9d,
+ 0x00008d64, 0x00008d70, 0x00008db3, 0x00008eab,
+ 0x00008eca, 0x00008f9b, 0x00008fb0, 0x00008fb5,
+ 0x00009091, 0x00009149, 0x000091c6, 0x000091cc,
+ 0x000091d1, 0x00009577, 0x00009580, 0x0000961c,
+ 0x000096b6, 0x000096b9, 0x000096e8, 0x00009751,
+ 0x0000975e, 0x00009762, 0x00009769, 0x000097cb,
+ 0x000097ed, 0x000097f3, 0x00009801, 0x000098a8,
+ 0x000098db, 0x000098df, 0x00009996, 0x00009999,
+ 0x000099ac, 0x00009aa8, 0x00009ad8, 0x00009adf,
+ 0x00009b25, 0x00009b2f, 0x00009b32, 0x00009b3c,
+ 0x00009b5a, 0x00009ce5, 0x00009e75, 0x00009e7f,
+ 0x00009ea5, 0x00009ebb, 0x00009ec3, 0x00009ecd,
+ 0x00009ed1, 0x00009ef9, 0x00009efd, 0x00009f0e,
+ 0x00009f13, 0x00009f20, 0x00009f3b, 0x00009f4a,
+ 0x00009f52, 0x00009f8d, 0x00009f9c, 0x00009fa0,
+ 0x00000020, 0x00003012, 0x00005341, 0x00005344,
+ 0x00005345, 0x0000304b, 0x00003099, 0x0000304d,
+ 0x00003099, 0x0000304f, 0x00003099, 0x00003051,
+ 0x00003099, 0x00003053, 0x00003099, 0x00003055,
+ 0x00003099, 0x00003057, 0x00003099, 0x00003059,
+ 0x00003099, 0x0000305b, 0x00003099, 0x0000305d,
+ 0x00003099, 0x0000305f, 0x00003099, 0x00003061,
+ 0x00003099, 0x00003064, 0x00003099, 0x00003066,
+ 0x00003099, 0x00003068, 0x00003099, 0x0000306f,
+ 0x00003099, 0x0000306f, 0x0000309a, 0x00003072,
+ 0x00003099, 0x00003072, 0x0000309a, 0x00003075,
+ 0x00003099, 0x00003075, 0x0000309a, 0x00003078,
+ 0x00003099, 0x00003078, 0x0000309a, 0x0000307b,
+ 0x00003099, 0x0000307b, 0x0000309a, 0x00003046,
+ 0x00003099, 0x00000020, 0x00003099, 0x00000020,
+ 0x0000309a, 0x0000309d, 0x00003099, 0x00003088,
+ 0x0000308a, 0x000030ab, 0x00003099, 0x000030ad,
+ 0x00003099, 0x000030af, 0x00003099, 0x000030b1,
+ 0x00003099, 0x000030b3, 0x00003099, 0x000030b5,
+ 0x00003099, 0x000030b7, 0x00003099, 0x000030b9,
+ 0x00003099, 0x000030bb, 0x00003099, 0x000030bd,
+ 0x00003099, 0x000030bf, 0x00003099, 0x000030c1,
+ 0x00003099, 0x000030c4, 0x00003099, 0x000030c6,
+ 0x00003099, 0x000030c8, 0x00003099, 0x000030cf,
+ 0x00003099, 0x000030cf, 0x0000309a, 0x000030d2,
+ 0x00003099, 0x000030d2, 0x0000309a, 0x000030d5,
+ 0x00003099, 0x000030d5, 0x0000309a, 0x000030d8,
+ 0x00003099, 0x000030d8, 0x0000309a, 0x000030db,
+ 0x00003099, 0x000030db, 0x0000309a, 0x000030a6,
+ 0x00003099, 0x000030ef, 0x00003099, 0x000030f0,
+ 0x00003099, 0x000030f1, 0x00003099, 0x000030f2,
+ 0x00003099, 0x000030fd, 0x00003099, 0x000030b3,
+ 0x000030c8, 0x00001100, 0x00001101, 0x000011aa,
+ 0x00001102, 0x000011ac, 0x000011ad, 0x00001103,
+ 0x00001104, 0x00001105, 0x000011b0, 0x000011b1,
+ 0x000011b2, 0x000011b3, 0x000011b4, 0x000011b5,
+ 0x0000111a, 0x00001106, 0x00001107, 0x00001108,
+ 0x00001121, 0x00001109, 0x0000110a, 0x0000110b,
+ 0x0000110c, 0x0000110d, 0x0000110e, 0x0000110f,
+ 0x00001110, 0x00001111, 0x00001112, 0x00001161,
+ 0x00001162, 0x00001163, 0x00001164, 0x00001165,
+ 0x00001166, 0x00001167, 0x00001168, 0x00001169,
+ 0x0000116a, 0x0000116b, 0x0000116c, 0x0000116d,
+ 0x0000116e, 0x0000116f, 0x00001170, 0x00001171,
+ 0x00001172, 0x00001173, 0x00001174, 0x00001175,
+ 0x00001160, 0x00001114, 0x00001115, 0x000011c7,
+ 0x000011c8, 0x000011cc, 0x000011ce, 0x000011d3,
+ 0x000011d7, 0x000011d9, 0x0000111c, 0x000011dd,
+ 0x000011df, 0x0000111d, 0x0000111e, 0x00001120,
+ 0x00001122, 0x00001123, 0x00001127, 0x00001129,
+ 0x0000112b, 0x0000112c, 0x0000112d, 0x0000112e,
+ 0x0000112f, 0x00001132, 0x00001136, 0x00001140,
+ 0x00001147, 0x0000114c, 0x000011f1, 0x000011f2,
+ 0x00001157, 0x00001158, 0x00001159, 0x00001184,
+ 0x00001185, 0x00001188, 0x00001191, 0x00001192,
+ 0x00001194, 0x0000119e, 0x000011a1, 0x00004e00,
+ 0x00004e8c, 0x00004e09, 0x000056db, 0x00004e0a,
+ 0x00004e2d, 0x00004e0b, 0x00007532, 0x00004e59,
+ 0x00004e19, 0x00004e01, 0x00005929, 0x00005730,
+ 0x00004eba, 0x00000028, 0x00001100, 0x00000029,
+ 0x00000028, 0x00001102, 0x00000029, 0x00000028,
+ 0x00001103, 0x00000029, 0x00000028, 0x00001105,
+ 0x00000029, 0x00000028, 0x00001106, 0x00000029,
+ 0x00000028, 0x00001107, 0x00000029, 0x00000028,
+ 0x00001109, 0x00000029, 0x00000028, 0x0000110b,
+ 0x00000029, 0x00000028, 0x0000110c, 0x00000029,
+ 0x00000028, 0x0000110e, 0x00000029, 0x00000028,
+ 0x0000110f, 0x00000029, 0x00000028, 0x00001110,
+ 0x00000029, 0x00000028, 0x00001111, 0x00000029,
+ 0x00000028, 0x00001112, 0x00000029, 0x00000028,
+ 0x00001100, 0x00001161, 0x00000029, 0x00000028,
+ 0x00001102, 0x00001161, 0x00000029, 0x00000028,
+ 0x00001103, 0x00001161, 0x00000029, 0x00000028,
+ 0x00001105, 0x00001161, 0x00000029, 0x00000028,
+ 0x00001106, 0x00001161, 0x00000029, 0x00000028,
+ 0x00001107, 0x00001161, 0x00000029, 0x00000028,
+ 0x00001109, 0x00001161, 0x00000029, 0x00000028,
+ 0x0000110b, 0x00001161, 0x00000029, 0x00000028,
+ 0x0000110c, 0x00001161, 0x00000029, 0x00000028,
+ 0x0000110e, 0x00001161, 0x00000029, 0x00000028,
+ 0x0000110f, 0x00001161, 0x00000029, 0x00000028,
+ 0x00001110, 0x00001161, 0x00000029, 0x00000028,
+ 0x00001111, 0x00001161, 0x00000029, 0x00000028,
+ 0x00001112, 0x00001161, 0x00000029, 0x00000028,
+ 0x0000110c, 0x0000116e, 0x00000029, 0x00000028,
+ 0x00004e00, 0x00000029, 0x00000028, 0x00004e8c,
+ 0x00000029, 0x00000028, 0x00004e09, 0x00000029,
+ 0x00000028, 0x000056db, 0x00000029, 0x00000028,
+ 0x00004e94, 0x00000029, 0x00000028, 0x0000516d,
+ 0x00000029, 0x00000028, 0x00004e03, 0x00000029,
+ 0x00000028, 0x0000516b, 0x00000029, 0x00000028,
+ 0x00004e5d, 0x00000029, 0x00000028, 0x00005341,
+ 0x00000029, 0x00000028, 0x00006708, 0x00000029,
+ 0x00000028, 0x0000706b, 0x00000029, 0x00000028,
+ 0x00006c34, 0x00000029, 0x00000028, 0x00006728,
+ 0x00000029, 0x00000028, 0x000091d1, 0x00000029,
+ 0x00000028, 0x0000571f, 0x00000029, 0x00000028,
+ 0x000065e5, 0x00000029, 0x00000028, 0x0000682a,
+ 0x00000029, 0x00000028, 0x00006709, 0x00000029,
+ 0x00000028, 0x0000793e, 0x00000029, 0x00000028,
+ 0x0000540d, 0x00000029, 0x00000028, 0x00007279,
+ 0x00000029, 0x00000028, 0x00008ca1, 0x00000029,
+ 0x00000028, 0x0000795d, 0x00000029, 0x00000028,
+ 0x000052b4, 0x00000029, 0x00000028, 0x00004ee3,
+ 0x00000029, 0x00000028, 0x0000547c, 0x00000029,
+ 0x00000028, 0x00005b66, 0x00000029, 0x00000028,
+ 0x000076e3, 0x00000029, 0x00000028, 0x00004f01,
+ 0x00000029, 0x00000028, 0x00008cc7, 0x00000029,
+ 0x00000028, 0x00005354, 0x00000029, 0x00000028,
+ 0x0000796d, 0x00000029, 0x00000028, 0x00004f11,
+ 0x00000029, 0x00000028, 0x000081ea, 0x00000029,
+ 0x00000028, 0x000081f3, 0x00000029, 0x00000032,
+ 0x00000031, 0x00000032, 0x00000032, 0x00000032,
+ 0x00000033, 0x00000032, 0x00000034, 0x00000032,
+ 0x00000035, 0x00000032, 0x00000036, 0x00000032,
+ 0x00000037, 0x00000032, 0x00000038, 0x00000032,
+ 0x00000039, 0x00000033, 0x00000030, 0x00000033,
+ 0x00000031, 0x00000033, 0x00000032, 0x00000033,
+ 0x00000033, 0x00000033, 0x00000034, 0x00000033,
+ 0x00000035, 0x00001100, 0x00001102, 0x00001103,
+ 0x00001105, 0x00001106, 0x00001107, 0x00001109,
+ 0x0000110b, 0x0000110c, 0x0000110e, 0x0000110f,
+ 0x00001110, 0x00001111, 0x00001112, 0x00001100,
+ 0x00001161, 0x00001102, 0x00001161, 0x00001103,
+ 0x00001161, 0x00001105, 0x00001161, 0x00001106,
+ 0x00001161, 0x00001107, 0x00001161, 0x00001109,
+ 0x00001161, 0x0000110b, 0x00001161, 0x0000110c,
+ 0x00001161, 0x0000110e, 0x00001161, 0x0000110f,
+ 0x00001161, 0x00001110, 0x00001161, 0x00001111,
+ 0x00001161, 0x00001112, 0x00001161, 0x00004e00,
+ 0x00004e8c, 0x00004e09, 0x000056db, 0x00004e94,
+ 0x0000516d, 0x00004e03, 0x0000516b, 0x00004e5d,
+ 0x00005341, 0x00006708, 0x0000706b, 0x00006c34,
+ 0x00006728, 0x000091d1, 0x0000571f, 0x000065e5,
+ 0x0000682a, 0x00006709, 0x0000793e, 0x0000540d,
+ 0x00007279, 0x00008ca1, 0x0000795d, 0x000052b4,
+ 0x000079d8, 0x00007537, 0x00005973, 0x00009069,
+ 0x0000512a, 0x00005370, 0x00006ce8, 0x00009805,
+ 0x00004f11, 0x00005199, 0x00006b63, 0x00004e0a,
+ 0x00004e2d, 0x00004e0b, 0x00005de6, 0x000053f3,
+ 0x0000533b, 0x00005b97, 0x00005b66, 0x000076e3,
+ 0x00004f01, 0x00008cc7, 0x00005354, 0x0000591c,
+ 0x00000033, 0x00000036, 0x00000033, 0x00000037,
+ 0x00000033, 0x00000038, 0x00000033, 0x00000039,
+ 0x00000034, 0x00000030, 0x00000034, 0x00000031,
+ 0x00000034, 0x00000032, 0x00000034, 0x00000033,
+ 0x00000034, 0x00000034, 0x00000034, 0x00000035,
+ 0x00000034, 0x00000036, 0x00000034, 0x00000037,
+ 0x00000034, 0x00000038, 0x00000034, 0x00000039,
+ 0x00000035, 0x00000030, 0x00000031, 0x00006708,
+ 0x00000032, 0x00006708, 0x00000033, 0x00006708,
+ 0x00000034, 0x00006708, 0x00000035, 0x00006708,
+ 0x00000036, 0x00006708, 0x00000037, 0x00006708,
+ 0x00000038, 0x00006708, 0x00000039, 0x00006708,
+ 0x00000031, 0x00000030, 0x00006708, 0x00000031,
+ 0x00000031, 0x00006708, 0x00000031, 0x00000032,
+ 0x00006708, 0x000030a2, 0x000030a4, 0x000030a6,
+ 0x000030a8, 0x000030aa, 0x000030ab, 0x000030ad,
+ 0x000030af, 0x000030b1, 0x000030b3, 0x000030b5,
+ 0x000030b7, 0x000030b9, 0x000030bb, 0x000030bd,
+ 0x000030bf, 0x000030c1, 0x000030c4, 0x000030c6,
+ 0x000030c8, 0x000030ca, 0x000030cb, 0x000030cc,
+ 0x000030cd, 0x000030ce, 0x000030cf, 0x000030d2,
+ 0x000030d5, 0x000030d8, 0x000030db, 0x000030de,
+ 0x000030df, 0x000030e0, 0x000030e1, 0x000030e2,
+ 0x000030e4, 0x000030e6, 0x000030e8, 0x000030e9,
+ 0x000030ea, 0x000030eb, 0x000030ec, 0x000030ed,
+ 0x000030ef, 0x000030f0, 0x000030f1, 0x000030f2,
+ 0x000030a2, 0x000030cf, 0x0000309a, 0x000030fc,
+ 0x000030c8, 0x000030a2, 0x000030eb, 0x000030d5,
+ 0x000030a1, 0x000030a2, 0x000030f3, 0x000030d8,
+ 0x0000309a, 0x000030a2, 0x000030a2, 0x000030fc,
+ 0x000030eb, 0x000030a4, 0x000030cb, 0x000030f3,
+ 0x000030af, 0x00003099, 0x000030a4, 0x000030f3,
+ 0x000030c1, 0x000030a6, 0x000030a9, 0x000030f3,
+ 0x000030a8, 0x000030b9, 0x000030af, 0x000030fc,
+ 0x000030c8, 0x00003099, 0x000030a8, 0x000030fc,
+ 0x000030ab, 0x000030fc, 0x000030aa, 0x000030f3,
+ 0x000030b9, 0x000030aa, 0x000030fc, 0x000030e0,
+ 0x000030ab, 0x000030a4, 0x000030ea, 0x000030ab,
+ 0x000030e9, 0x000030c3, 0x000030c8, 0x000030ab,
+ 0x000030ed, 0x000030ea, 0x000030fc, 0x000030ab,
+ 0x00003099, 0x000030ed, 0x000030f3, 0x000030ab,
+ 0x00003099, 0x000030f3, 0x000030de, 0x000030ad,
+ 0x00003099, 0x000030ab, 0x00003099, 0x000030ad,
+ 0x00003099, 0x000030cb, 0x000030fc, 0x000030ad,
+ 0x000030e5, 0x000030ea, 0x000030fc, 0x000030ad,
+ 0x00003099, 0x000030eb, 0x000030bf, 0x00003099,
+ 0x000030fc, 0x000030ad, 0x000030ed, 0x000030ad,
+ 0x000030ed, 0x000030af, 0x00003099, 0x000030e9,
+ 0x000030e0, 0x000030ad, 0x000030ed, 0x000030e1,
+ 0x000030fc, 0x000030c8, 0x000030eb, 0x000030ad,
+ 0x000030ed, 0x000030ef, 0x000030c3, 0x000030c8,
+ 0x000030af, 0x00003099, 0x000030e9, 0x000030e0,
+ 0x000030af, 0x00003099, 0x000030e9, 0x000030e0,
+ 0x000030c8, 0x000030f3, 0x000030af, 0x000030eb,
+ 0x000030bb, 0x00003099, 0x000030a4, 0x000030ed,
+ 0x000030af, 0x000030ed, 0x000030fc, 0x000030cd,
+ 0x000030b1, 0x000030fc, 0x000030b9, 0x000030b3,
+ 0x000030eb, 0x000030ca, 0x000030b3, 0x000030fc,
+ 0x000030db, 0x0000309a, 0x000030b5, 0x000030a4,
+ 0x000030af, 0x000030eb, 0x000030b5, 0x000030f3,
+ 0x000030c1, 0x000030fc, 0x000030e0, 0x000030b7,
+ 0x000030ea, 0x000030f3, 0x000030af, 0x00003099,
+ 0x000030bb, 0x000030f3, 0x000030c1, 0x000030bb,
+ 0x000030f3, 0x000030c8, 0x000030bf, 0x00003099,
+ 0x000030fc, 0x000030b9, 0x000030c6, 0x00003099,
+ 0x000030b7, 0x000030c8, 0x00003099, 0x000030eb,
+ 0x000030c8, 0x000030f3, 0x000030ca, 0x000030ce,
+ 0x000030ce, 0x000030c3, 0x000030c8, 0x000030cf,
+ 0x000030a4, 0x000030c4, 0x000030cf, 0x0000309a,
+ 0x000030fc, 0x000030bb, 0x000030f3, 0x000030c8,
+ 0x000030cf, 0x0000309a, 0x000030fc, 0x000030c4,
+ 0x000030cf, 0x00003099, 0x000030fc, 0x000030ec,
+ 0x000030eb, 0x000030d2, 0x0000309a, 0x000030a2,
+ 0x000030b9, 0x000030c8, 0x000030eb, 0x000030d2,
+ 0x0000309a, 0x000030af, 0x000030eb, 0x000030d2,
+ 0x0000309a, 0x000030b3, 0x000030d2, 0x00003099,
+ 0x000030eb, 0x000030d5, 0x000030a1, 0x000030e9,
+ 0x000030c3, 0x000030c8, 0x00003099, 0x000030d5,
+ 0x000030a3, 0x000030fc, 0x000030c8, 0x000030d5,
+ 0x00003099, 0x000030c3, 0x000030b7, 0x000030a7,
+ 0x000030eb, 0x000030d5, 0x000030e9, 0x000030f3,
+ 0x000030d8, 0x000030af, 0x000030bf, 0x000030fc,
+ 0x000030eb, 0x000030d8, 0x0000309a, 0x000030bd,
+ 0x000030d8, 0x0000309a, 0x000030cb, 0x000030d2,
+ 0x000030d8, 0x000030eb, 0x000030c4, 0x000030d8,
+ 0x0000309a, 0x000030f3, 0x000030b9, 0x000030d8,
+ 0x0000309a, 0x000030fc, 0x000030b7, 0x00003099,
+ 0x000030d8, 0x00003099, 0x000030fc, 0x000030bf,
+ 0x000030db, 0x0000309a, 0x000030a4, 0x000030f3,
+ 0x000030c8, 0x000030db, 0x00003099, 0x000030eb,
+ 0x000030c8, 0x000030db, 0x000030f3, 0x000030db,
+ 0x0000309a, 0x000030f3, 0x000030c8, 0x00003099,
+ 0x000030db, 0x000030fc, 0x000030eb, 0x000030db,
+ 0x000030fc, 0x000030f3, 0x000030de, 0x000030a4,
+ 0x000030af, 0x000030ed, 0x000030de, 0x000030a4,
+ 0x000030eb, 0x000030de, 0x000030c3, 0x000030cf,
+ 0x000030de, 0x000030eb, 0x000030af, 0x000030de,
+ 0x000030f3, 0x000030b7, 0x000030e7, 0x000030f3,
+ 0x000030df, 0x000030af, 0x000030ed, 0x000030f3,
+ 0x000030df, 0x000030ea, 0x000030df, 0x000030ea,
+ 0x000030cf, 0x00003099, 0x000030fc, 0x000030eb,
+ 0x000030e1, 0x000030ab, 0x00003099, 0x000030e1,
+ 0x000030ab, 0x00003099, 0x000030c8, 0x000030f3,
+ 0x000030e1, 0x000030fc, 0x000030c8, 0x000030eb,
+ 0x000030e4, 0x000030fc, 0x000030c8, 0x00003099,
+ 0x000030e4, 0x000030fc, 0x000030eb, 0x000030e6,
+ 0x000030a2, 0x000030f3, 0x000030ea, 0x000030c3,
+ 0x000030c8, 0x000030eb, 0x000030ea, 0x000030e9,
+ 0x000030eb, 0x000030d2, 0x0000309a, 0x000030fc,
+ 0x000030eb, 0x000030fc, 0x000030d5, 0x00003099,
+ 0x000030eb, 0x000030ec, 0x000030e0, 0x000030ec,
+ 0x000030f3, 0x000030c8, 0x000030b1, 0x00003099,
+ 0x000030f3, 0x000030ef, 0x000030c3, 0x000030c8,
+ 0x00000030, 0x000070b9, 0x00000031, 0x000070b9,
+ 0x00000032, 0x000070b9, 0x00000033, 0x000070b9,
+ 0x00000034, 0x000070b9, 0x00000035, 0x000070b9,
+ 0x00000036, 0x000070b9, 0x00000037, 0x000070b9,
+ 0x00000038, 0x000070b9, 0x00000039, 0x000070b9,
+ 0x00000031, 0x00000030, 0x000070b9, 0x00000031,
+ 0x00000031, 0x000070b9, 0x00000031, 0x00000032,
+ 0x000070b9, 0x00000031, 0x00000033, 0x000070b9,
+ 0x00000031, 0x00000034, 0x000070b9, 0x00000031,
+ 0x00000035, 0x000070b9, 0x00000031, 0x00000036,
+ 0x000070b9, 0x00000031, 0x00000037, 0x000070b9,
+ 0x00000031, 0x00000038, 0x000070b9, 0x00000031,
+ 0x00000039, 0x000070b9, 0x00000032, 0x00000030,
+ 0x000070b9, 0x00000032, 0x00000031, 0x000070b9,
+ 0x00000032, 0x00000032, 0x000070b9, 0x00000032,
+ 0x00000033, 0x000070b9, 0x00000032, 0x00000034,
+ 0x000070b9, 0x00000068, 0x00000050, 0x00000061,
+ 0x00000064, 0x00000061, 0x00000041, 0x00000055,
+ 0x00000062, 0x00000061, 0x00000072, 0x0000006f,
+ 0x00000056, 0x00000070, 0x00000063, 0x00005e73,
+ 0x00006210, 0x0000662d, 0x0000548c, 0x00005927,
+ 0x00006b63, 0x0000660e, 0x00006cbb, 0x0000682a,
+ 0x00005f0f, 0x00004f1a, 0x0000793e, 0x00000070,
+ 0x00000041, 0x0000006e, 0x00000041, 0x000003bc,
+ 0x00000041, 0x0000006d, 0x00000041, 0x0000006b,
+ 0x00000041, 0x0000004b, 0x00000042, 0x0000004d,
+ 0x00000042, 0x00000047, 0x00000042, 0x00000063,
+ 0x00000061, 0x0000006c, 0x0000006b, 0x00000063,
+ 0x00000061, 0x0000006c, 0x00000070, 0x00000046,
+ 0x0000006e, 0x00000046, 0x000003bc, 0x00000046,
+ 0x000003bc, 0x00000067, 0x0000006d, 0x00000067,
+ 0x0000006b, 0x00000067, 0x00000048, 0x0000007a,
+ 0x0000006b, 0x00000048, 0x0000007a, 0x0000004d,
+ 0x00000048, 0x0000007a, 0x00000047, 0x00000048,
+ 0x0000007a, 0x00000054, 0x00000048, 0x0000007a,
+ 0x000003bc, 0x0000006c, 0x0000006d, 0x0000006c,
+ 0x00000064, 0x0000006c, 0x0000006b, 0x0000006c,
+ 0x00000066, 0x0000006d, 0x0000006e, 0x0000006d,
+ 0x000003bc, 0x0000006d, 0x0000006d, 0x0000006d,
+ 0x00000063, 0x0000006d, 0x0000006b, 0x0000006d,
+ 0x0000006d, 0x0000006d, 0x00000032, 0x00000063,
+ 0x0000006d, 0x00000032, 0x0000006d, 0x00000032,
+ 0x0000006b, 0x0000006d, 0x00000032, 0x0000006d,
+ 0x0000006d, 0x00000033, 0x00000063, 0x0000006d,
+ 0x00000033, 0x0000006d, 0x00000033, 0x0000006b,
+ 0x0000006d, 0x00000033, 0x0000006d, 0x00002215,
+ 0x00000073, 0x0000006d, 0x00002215, 0x00000073,
+ 0x00000032, 0x00000050, 0x00000061, 0x0000006b,
+ 0x00000050, 0x00000061, 0x0000004d, 0x00000050,
+ 0x00000061, 0x00000047, 0x00000050, 0x00000061,
+ 0x00000072, 0x00000061, 0x00000064, 0x00000072,
+ 0x00000061, 0x00000064, 0x00002215, 0x00000073,
+ 0x00000072, 0x00000061, 0x00000064, 0x00002215,
+ 0x00000073, 0x00000032, 0x00000070, 0x00000073,
+ 0x0000006e, 0x00000073, 0x000003bc, 0x00000073,
+ 0x0000006d, 0x00000073, 0x00000070, 0x00000056,
+ 0x0000006e, 0x00000056, 0x000003bc, 0x00000056,
+ 0x0000006d, 0x00000056, 0x0000006b, 0x00000056,
+ 0x0000004d, 0x00000056, 0x00000070, 0x00000057,
+ 0x0000006e, 0x00000057, 0x000003bc, 0x00000057,
+ 0x0000006d, 0x00000057, 0x0000006b, 0x00000057,
+ 0x0000004d, 0x00000057, 0x0000006b, 0x000003a9,
+ 0x0000004d, 0x000003a9, 0x00000061, 0x0000002e,
+ 0x0000006d, 0x0000002e, 0x00000042, 0x00000071,
+ 0x00000063, 0x00000063, 0x00000063, 0x00000064,
+ 0x00000043, 0x00002215, 0x0000006b, 0x00000067,
+ 0x00000043, 0x0000006f, 0x0000002e, 0x00000064,
+ 0x00000042, 0x00000047, 0x00000079, 0x00000068,
+ 0x00000061, 0x00000048, 0x00000050, 0x00000069,
+ 0x0000006e, 0x0000004b, 0x0000004b, 0x0000004b,
+ 0x0000004d, 0x0000006b, 0x00000074, 0x0000006c,
+ 0x0000006d, 0x0000006c, 0x0000006e, 0x0000006c,
+ 0x0000006f, 0x00000067, 0x0000006c, 0x00000078,
+ 0x0000006d, 0x00000062, 0x0000006d, 0x00000069,
+ 0x0000006c, 0x0000006d, 0x0000006f, 0x0000006c,
+ 0x00000050, 0x00000048, 0x00000070, 0x0000002e,
+ 0x0000006d, 0x0000002e, 0x00000050, 0x00000050,
+ 0x0000004d, 0x00000050, 0x00000052, 0x00000073,
+ 0x00000072, 0x00000053, 0x00000076, 0x00000057,
+ 0x00000062, 0x00000031, 0x000065e5, 0x00000032,
+ 0x000065e5, 0x00000033, 0x000065e5, 0x00000034,
+ 0x000065e5, 0x00000035, 0x000065e5, 0x00000036,
+ 0x000065e5, 0x00000037, 0x000065e5, 0x00000038,
+ 0x000065e5, 0x00000039, 0x000065e5, 0x00000031,
+ 0x00000030, 0x000065e5, 0x00000031, 0x00000031,
+ 0x000065e5, 0x00000031, 0x00000032, 0x000065e5,
+ 0x00000031, 0x00000033, 0x000065e5, 0x00000031,
+ 0x00000034, 0x000065e5, 0x00000031, 0x00000035,
+ 0x000065e5, 0x00000031, 0x00000036, 0x000065e5,
+ 0x00000031, 0x00000037, 0x000065e5, 0x00000031,
+ 0x00000038, 0x000065e5, 0x00000031, 0x00000039,
+ 0x000065e5, 0x00000032, 0x00000030, 0x000065e5,
+ 0x00000032, 0x00000031, 0x000065e5, 0x00000032,
+ 0x00000032, 0x000065e5, 0x00000032, 0x00000033,
+ 0x000065e5, 0x00000032, 0x00000034, 0x000065e5,
+ 0x00000032, 0x00000035, 0x000065e5, 0x00000032,
+ 0x00000036, 0x000065e5, 0x00000032, 0x00000037,
+ 0x000065e5, 0x00000032, 0x00000038, 0x000065e5,
+ 0x00000032, 0x00000039, 0x000065e5, 0x00000033,
+ 0x00000030, 0x000065e5, 0x00000033, 0x00000031,
+ 0x000065e5, 0x00008eca, 0x00008cc8, 0x00006ed1,
+ 0x00004e32, 0x000053e5, 0x00009f9c, 0x00009f9c,
+ 0x00005951, 0x000091d1, 0x00005587, 0x00005948,
+ 0x000061f6, 0x00007669, 0x00007f85, 0x0000863f,
+ 0x000087ba, 0x000088f8, 0x0000908f, 0x00006a02,
+ 0x00006d1b, 0x000070d9, 0x000073de, 0x0000843d,
+ 0x0000916a, 0x000099f1, 0x00004e82, 0x00005375,
+ 0x00006b04, 0x0000721b, 0x0000862d, 0x00009e1e,
+ 0x00005d50, 0x00006feb, 0x000085cd, 0x00008964,
+ 0x000062c9, 0x000081d8, 0x0000881f, 0x00005eca,
+ 0x00006717, 0x00006d6a, 0x000072fc, 0x000090ce,
+ 0x00004f86, 0x000051b7, 0x000052de, 0x000064c4,
+ 0x00006ad3, 0x00007210, 0x000076e7, 0x00008001,
+ 0x00008606, 0x0000865c, 0x00008def, 0x00009732,
+ 0x00009b6f, 0x00009dfa, 0x0000788c, 0x0000797f,
+ 0x00007da0, 0x000083c9, 0x00009304, 0x00009e7f,
+ 0x00008ad6, 0x000058df, 0x00005f04, 0x00007c60,
+ 0x0000807e, 0x00007262, 0x000078ca, 0x00008cc2,
+ 0x000096f7, 0x000058d8, 0x00005c62, 0x00006a13,
+ 0x00006dda, 0x00006f0f, 0x00007d2f, 0x00007e37,
+ 0x0000964b, 0x000052d2, 0x0000808b, 0x000051dc,
+ 0x000051cc, 0x00007a1c, 0x00007dbe, 0x000083f1,
+ 0x00009675, 0x00008b80, 0x000062cf, 0x00006a02,
+ 0x00008afe, 0x00004e39, 0x00005be7, 0x00006012,
+ 0x00007387, 0x00007570, 0x00005317, 0x000078fb,
+ 0x00004fbf, 0x00005fa9, 0x00004e0d, 0x00006ccc,
+ 0x00006578, 0x00007d22, 0x000053c3, 0x0000585e,
+ 0x00007701, 0x00008449, 0x00008aaa, 0x00006bba,
+ 0x00008fb0, 0x00006c88, 0x000062fe, 0x000082e5,
+ 0x000063a0, 0x00007565, 0x00004eae, 0x00005169,
+ 0x000051c9, 0x00006881, 0x00007ce7, 0x0000826f,
+ 0x00008ad2, 0x000091cf, 0x000052f5, 0x00005442,
+ 0x00005973, 0x00005eec, 0x000065c5, 0x00006ffe,
+ 0x0000792a, 0x000095ad, 0x00009a6a, 0x00009e97,
+ 0x00009ece, 0x0000529b, 0x000066c6, 0x00006b77,
+ 0x00008f62, 0x00005e74, 0x00006190, 0x00006200,
+ 0x0000649a, 0x00006f23, 0x00007149, 0x00007489,
+ 0x000079ca, 0x00007df4, 0x0000806f, 0x00008f26,
+ 0x000084ee, 0x00009023, 0x0000934a, 0x00005217,
+ 0x000052a3, 0x000054bd, 0x000070c8, 0x000088c2,
+ 0x00008aaa, 0x00005ec9, 0x00005ff5, 0x0000637b,
+ 0x00006bae, 0x00007c3e, 0x00007375, 0x00004ee4,
+ 0x000056f9, 0x00005be7, 0x00005dba, 0x0000601c,
+ 0x000073b2, 0x00007469, 0x00007f9a, 0x00008046,
+ 0x00009234, 0x000096f6, 0x00009748, 0x00009818,
+ 0x00004f8b, 0x000079ae, 0x000091b4, 0x000096b8,
+ 0x000060e1, 0x00004e86, 0x000050da, 0x00005bee,
+ 0x00005c3f, 0x00006599, 0x00006a02, 0x000071ce,
+ 0x00007642, 0x000084fc, 0x0000907c, 0x00009f8d,
+ 0x00006688, 0x0000962e, 0x00005289, 0x0000677b,
+ 0x000067f3, 0x00006d41, 0x00006e9c, 0x00007409,
+ 0x00007559, 0x0000786b, 0x00007d10, 0x0000985e,
+ 0x0000516d, 0x0000622e, 0x00009678, 0x0000502b,
+ 0x00005d19, 0x00006dea, 0x00008f2a, 0x00005f8b,
+ 0x00006144, 0x00006817, 0x00007387, 0x00009686,
+ 0x00005229, 0x0000540f, 0x00005c65, 0x00006613,
+ 0x0000674e, 0x000068a8, 0x00006ce5, 0x00007406,
+ 0x000075e2, 0x00007f79, 0x000088cf, 0x000088e1,
+ 0x000091cc, 0x000096e2, 0x0000533f, 0x00006eba,
+ 0x0000541d, 0x000071d0, 0x00007498, 0x000085fa,
+ 0x000096a3, 0x00009c57, 0x00009e9f, 0x00006797,
+ 0x00006dcb, 0x000081e8, 0x00007acb, 0x00007b20,
+ 0x00007c92, 0x000072c0, 0x00007099, 0x00008b58,
+ 0x00004ec0, 0x00008336, 0x0000523a, 0x00005207,
+ 0x00005ea6, 0x000062d3, 0x00007cd6, 0x00005b85,
+ 0x00006d1e, 0x000066b4, 0x00008f3b, 0x0000884c,
+ 0x0000964d, 0x0000898b, 0x00005ed3, 0x00005140,
+ 0x000055c0, 0x0000585a, 0x00006674, 0x000051de,
+ 0x0000732a, 0x000076ca, 0x0000793c, 0x0000795e,
+ 0x00007965, 0x0000798f, 0x00009756, 0x00007cbe,
+ 0x00007fbd, 0x00008612, 0x00008af8, 0x00009038,
+ 0x000090fd, 0x000098ef, 0x000098fc, 0x00009928,
+ 0x00009db4, 0x00004fae, 0x000050e7, 0x0000514d,
+ 0x000052c9, 0x000052e4, 0x00005351, 0x0000559d,
+ 0x00005606, 0x00005668, 0x00005840, 0x000058a8,
+ 0x00005c64, 0x00005c6e, 0x00006094, 0x00006168,
+ 0x0000618e, 0x000061f2, 0x0000654f, 0x000065e2,
+ 0x00006691, 0x00006885, 0x00006d77, 0x00006e1a,
+ 0x00006f22, 0x0000716e, 0x0000722b, 0x00007422,
+ 0x00007891, 0x0000793e, 0x00007949, 0x00007948,
+ 0x00007950, 0x00007956, 0x0000795d, 0x0000798d,
+ 0x0000798e, 0x00007a40, 0x00007a81, 0x00007bc0,
+ 0x00007df4, 0x00007e09, 0x00007e41, 0x00007f72,
+ 0x00008005, 0x000081ed, 0x00008279, 0x00008279,
+ 0x00008457, 0x00008910, 0x00008996, 0x00008b01,
+ 0x00008b39, 0x00008cd3, 0x00008d08, 0x00008fb6,
+ 0x00009038, 0x000096e3, 0x000097ff, 0x0000983b,
+ 0x00000066, 0x00000066, 0x00000066, 0x00000069,
+ 0x00000066, 0x0000006c, 0x00000066, 0x00000066,
+ 0x00000069, 0x00000066, 0x00000066, 0x0000006c,
+ 0x00000073, 0x00000074, 0x00000073, 0x00000074,
+ 0x00000574, 0x00000576, 0x00000574, 0x00000565,
+ 0x00000574, 0x0000056b, 0x0000057e, 0x00000576,
+ 0x00000574, 0x0000056d, 0x000005d9, 0x000005b4,
+ 0x000005f2, 0x000005b7, 0x000005e2, 0x000005d0,
+ 0x000005d3, 0x000005d4, 0x000005db, 0x000005dc,
+ 0x000005dd, 0x000005e8, 0x000005ea, 0x0000002b,
+ 0x000005e9, 0x000005c1, 0x000005e9, 0x000005c2,
+ 0x000005e9, 0x000005bc, 0x000005c1, 0x000005e9,
+ 0x000005bc, 0x000005c2, 0x000005d0, 0x000005b7,
+ 0x000005d0, 0x000005b8, 0x000005d0, 0x000005bc,
+ 0x000005d1, 0x000005bc, 0x000005d2, 0x000005bc,
+ 0x000005d3, 0x000005bc, 0x000005d4, 0x000005bc,
+ 0x000005d5, 0x000005bc, 0x000005d6, 0x000005bc,
+ 0x000005d8, 0x000005bc, 0x000005d9, 0x000005bc,
+ 0x000005da, 0x000005bc, 0x000005db, 0x000005bc,
+ 0x000005dc, 0x000005bc, 0x000005de, 0x000005bc,
+ 0x000005e0, 0x000005bc, 0x000005e1, 0x000005bc,
+ 0x000005e3, 0x000005bc, 0x000005e4, 0x000005bc,
+ 0x000005e6, 0x000005bc, 0x000005e7, 0x000005bc,
+ 0x000005e8, 0x000005bc, 0x000005e9, 0x000005bc,
+ 0x000005ea, 0x000005bc, 0x000005d5, 0x000005b9,
+ 0x000005d1, 0x000005bf, 0x000005db, 0x000005bf,
+ 0x000005e4, 0x000005bf, 0x000005d0, 0x000005dc,
+ 0x00000671, 0x00000671, 0x0000067b, 0x0000067b,
+ 0x0000067b, 0x0000067b, 0x0000067e, 0x0000067e,
+ 0x0000067e, 0x0000067e, 0x00000680, 0x00000680,
+ 0x00000680, 0x00000680, 0x0000067a, 0x0000067a,
+ 0x0000067a, 0x0000067a, 0x0000067f, 0x0000067f,
+ 0x0000067f, 0x0000067f, 0x00000679, 0x00000679,
+ 0x00000679, 0x00000679, 0x000006a4, 0x000006a4,
+ 0x000006a4, 0x000006a4, 0x000006a6, 0x000006a6,
+ 0x000006a6, 0x000006a6, 0x00000684, 0x00000684,
+ 0x00000684, 0x00000684, 0x00000683, 0x00000683,
+ 0x00000683, 0x00000683, 0x00000686, 0x00000686,
+ 0x00000686, 0x00000686, 0x00000687, 0x00000687,
+ 0x00000687, 0x00000687, 0x0000068d, 0x0000068d,
+ 0x0000068c, 0x0000068c, 0x0000068e, 0x0000068e,
+ 0x00000688, 0x00000688, 0x00000698, 0x00000698,
+ 0x00000691, 0x00000691, 0x000006a9, 0x000006a9,
+ 0x000006a9, 0x000006a9, 0x000006af, 0x000006af,
+ 0x000006af, 0x000006af, 0x000006b3, 0x000006b3,
+ 0x000006b3, 0x000006b3, 0x000006b1, 0x000006b1,
+ 0x000006b1, 0x000006b1, 0x000006ba, 0x000006ba,
+ 0x000006bb, 0x000006bb, 0x000006bb, 0x000006bb,
+ 0x000006d5, 0x00000654, 0x000006d5, 0x00000654,
+ 0x000006c1, 0x000006c1, 0x000006c1, 0x000006c1,
+ 0x000006be, 0x000006be, 0x000006be, 0x000006be,
+ 0x000006d2, 0x000006d2, 0x000006d2, 0x00000654,
+ 0x000006d2, 0x00000654, 0x000006ad, 0x000006ad,
+ 0x000006ad, 0x000006ad, 0x000006c7, 0x000006c7,
+ 0x000006c6, 0x000006c6, 0x000006c8, 0x000006c8,
+ 0x000006c7, 0x00000674, 0x000006cb, 0x000006cb,
+ 0x000006c5, 0x000006c5, 0x000006c9, 0x000006c9,
+ 0x000006d0, 0x000006d0, 0x000006d0, 0x000006d0,
+ 0x00000649, 0x00000649, 0x0000064a, 0x00000654,
+ 0x00000627, 0x0000064a, 0x00000654, 0x00000627,
+ 0x0000064a, 0x00000654, 0x000006d5, 0x0000064a,
+ 0x00000654, 0x000006d5, 0x0000064a, 0x00000654,
+ 0x00000648, 0x0000064a, 0x00000654, 0x00000648,
+ 0x0000064a, 0x00000654, 0x000006c7, 0x0000064a,
+ 0x00000654, 0x000006c7, 0x0000064a, 0x00000654,
+ 0x000006c6, 0x0000064a, 0x00000654, 0x000006c6,
+ 0x0000064a, 0x00000654, 0x000006c8, 0x0000064a,
+ 0x00000654, 0x000006c8, 0x0000064a, 0x00000654,
+ 0x000006d0, 0x0000064a, 0x00000654, 0x000006d0,
+ 0x0000064a, 0x00000654, 0x000006d0, 0x0000064a,
+ 0x00000654, 0x00000649, 0x0000064a, 0x00000654,
+ 0x00000649, 0x0000064a, 0x00000654, 0x00000649,
+ 0x000006cc, 0x000006cc, 0x000006cc, 0x000006cc,
+ 0x0000064a, 0x00000654, 0x0000062c, 0x0000064a,
+ 0x00000654, 0x0000062d, 0x0000064a, 0x00000654,
+ 0x00000645, 0x0000064a, 0x00000654, 0x00000649,
+ 0x0000064a, 0x00000654, 0x0000064a, 0x00000628,
+ 0x0000062c, 0x00000628, 0x0000062d, 0x00000628,
+ 0x0000062e, 0x00000628, 0x00000645, 0x00000628,
+ 0x00000649, 0x00000628, 0x0000064a, 0x0000062a,
+ 0x0000062c, 0x0000062a, 0x0000062d, 0x0000062a,
+ 0x0000062e, 0x0000062a, 0x00000645, 0x0000062a,
+ 0x00000649, 0x0000062a, 0x0000064a, 0x0000062b,
+ 0x0000062c, 0x0000062b, 0x00000645, 0x0000062b,
+ 0x00000649, 0x0000062b, 0x0000064a, 0x0000062c,
+ 0x0000062d, 0x0000062c, 0x00000645, 0x0000062d,
+ 0x0000062c, 0x0000062d, 0x00000645, 0x0000062e,
+ 0x0000062c, 0x0000062e, 0x0000062d, 0x0000062e,
+ 0x00000645, 0x00000633, 0x0000062c, 0x00000633,
+ 0x0000062d, 0x00000633, 0x0000062e, 0x00000633,
+ 0x00000645, 0x00000635, 0x0000062d, 0x00000635,
+ 0x00000645, 0x00000636, 0x0000062c, 0x00000636,
+ 0x0000062d, 0x00000636, 0x0000062e, 0x00000636,
+ 0x00000645, 0x00000637, 0x0000062d, 0x00000637,
+ 0x00000645, 0x00000638, 0x00000645, 0x00000639,
+ 0x0000062c, 0x00000639, 0x00000645, 0x0000063a,
+ 0x0000062c, 0x0000063a, 0x00000645, 0x00000641,
+ 0x0000062c, 0x00000641, 0x0000062d, 0x00000641,
+ 0x0000062e, 0x00000641, 0x00000645, 0x00000641,
+ 0x00000649, 0x00000641, 0x0000064a, 0x00000642,
+ 0x0000062d, 0x00000642, 0x00000645, 0x00000642,
+ 0x00000649, 0x00000642, 0x0000064a, 0x00000643,
+ 0x00000627, 0x00000643, 0x0000062c, 0x00000643,
+ 0x0000062d, 0x00000643, 0x0000062e, 0x00000643,
+ 0x00000644, 0x00000643, 0x00000645, 0x00000643,
+ 0x00000649, 0x00000643, 0x0000064a, 0x00000644,
+ 0x0000062c, 0x00000644, 0x0000062d, 0x00000644,
+ 0x0000062e, 0x00000644, 0x00000645, 0x00000644,
+ 0x00000649, 0x00000644, 0x0000064a, 0x00000645,
+ 0x0000062c, 0x00000645, 0x0000062d, 0x00000645,
+ 0x0000062e, 0x00000645, 0x00000645, 0x00000645,
+ 0x00000649, 0x00000645, 0x0000064a, 0x00000646,
+ 0x0000062c, 0x00000646, 0x0000062d, 0x00000646,
+ 0x0000062e, 0x00000646, 0x00000645, 0x00000646,
+ 0x00000649, 0x00000646, 0x0000064a, 0x00000647,
+ 0x0000062c, 0x00000647, 0x00000645, 0x00000647,
+ 0x00000649, 0x00000647, 0x0000064a, 0x0000064a,
+ 0x0000062c, 0x0000064a, 0x0000062d, 0x0000064a,
+ 0x0000062e, 0x0000064a, 0x00000645, 0x0000064a,
+ 0x00000649, 0x0000064a, 0x0000064a, 0x00000630,
+ 0x00000670, 0x00000631, 0x00000670, 0x00000649,
+ 0x00000670, 0x00000020, 0x0000064c, 0x00000651,
+ 0x00000020, 0x0000064d, 0x00000651, 0x00000020,
+ 0x0000064e, 0x00000651, 0x00000020, 0x0000064f,
+ 0x00000651, 0x00000020, 0x00000650, 0x00000651,
+ 0x00000020, 0x00000651, 0x00000670, 0x0000064a,
+ 0x00000654, 0x00000631, 0x0000064a, 0x00000654,
+ 0x00000632, 0x0000064a, 0x00000654, 0x00000645,
+ 0x0000064a, 0x00000654, 0x00000646, 0x0000064a,
+ 0x00000654, 0x00000649, 0x0000064a, 0x00000654,
+ 0x0000064a, 0x00000628, 0x00000631, 0x00000628,
+ 0x00000632, 0x00000628, 0x00000645, 0x00000628,
+ 0x00000646, 0x00000628, 0x00000649, 0x00000628,
+ 0x0000064a, 0x0000062a, 0x00000631, 0x0000062a,
+ 0x00000632, 0x0000062a, 0x00000645, 0x0000062a,
+ 0x00000646, 0x0000062a, 0x00000649, 0x0000062a,
+ 0x0000064a, 0x0000062b, 0x00000631, 0x0000062b,
+ 0x00000632, 0x0000062b, 0x00000645, 0x0000062b,
+ 0x00000646, 0x0000062b, 0x00000649, 0x0000062b,
+ 0x0000064a, 0x00000641, 0x00000649, 0x00000641,
+ 0x0000064a, 0x00000642, 0x00000649, 0x00000642,
+ 0x0000064a, 0x00000643, 0x00000627, 0x00000643,
+ 0x00000644, 0x00000643, 0x00000645, 0x00000643,
+ 0x00000649, 0x00000643, 0x0000064a, 0x00000644,
+ 0x00000645, 0x00000644, 0x00000649, 0x00000644,
+ 0x0000064a, 0x00000645, 0x00000627, 0x00000645,
+ 0x00000645, 0x00000646, 0x00000631, 0x00000646,
+ 0x00000632, 0x00000646, 0x00000645, 0x00000646,
+ 0x00000646, 0x00000646, 0x00000649, 0x00000646,
+ 0x0000064a, 0x00000649, 0x00000670, 0x0000064a,
+ 0x00000631, 0x0000064a, 0x00000632, 0x0000064a,
+ 0x00000645, 0x0000064a, 0x00000646, 0x0000064a,
+ 0x00000649, 0x0000064a, 0x0000064a, 0x0000064a,
+ 0x00000654, 0x0000062c, 0x0000064a, 0x00000654,
+ 0x0000062d, 0x0000064a, 0x00000654, 0x0000062e,
+ 0x0000064a, 0x00000654, 0x00000645, 0x0000064a,
+ 0x00000654, 0x00000647, 0x00000628, 0x0000062c,
+ 0x00000628, 0x0000062d, 0x00000628, 0x0000062e,
+ 0x00000628, 0x00000645, 0x00000628, 0x00000647,
+ 0x0000062a, 0x0000062c, 0x0000062a, 0x0000062d,
+ 0x0000062a, 0x0000062e, 0x0000062a, 0x00000645,
+ 0x0000062a, 0x00000647, 0x0000062b, 0x00000645,
+ 0x0000062c, 0x0000062d, 0x0000062c, 0x00000645,
+ 0x0000062d, 0x0000062c, 0x0000062d, 0x00000645,
+ 0x0000062e, 0x0000062c, 0x0000062e, 0x00000645,
+ 0x00000633, 0x0000062c, 0x00000633, 0x0000062d,
+ 0x00000633, 0x0000062e, 0x00000633, 0x00000645,
+ 0x00000635, 0x0000062d, 0x00000635, 0x0000062e,
+ 0x00000635, 0x00000645, 0x00000636, 0x0000062c,
+ 0x00000636, 0x0000062d, 0x00000636, 0x0000062e,
+ 0x00000636, 0x00000645, 0x00000637, 0x0000062d,
+ 0x00000638, 0x00000645, 0x00000639, 0x0000062c,
+ 0x00000639, 0x00000645, 0x0000063a, 0x0000062c,
+ 0x0000063a, 0x00000645, 0x00000641, 0x0000062c,
+ 0x00000641, 0x0000062d, 0x00000641, 0x0000062e,
+ 0x00000641, 0x00000645, 0x00000642, 0x0000062d,
+ 0x00000642, 0x00000645, 0x00000643, 0x0000062c,
+ 0x00000643, 0x0000062d, 0x00000643, 0x0000062e,
+ 0x00000643, 0x00000644, 0x00000643, 0x00000645,
+ 0x00000644, 0x0000062c, 0x00000644, 0x0000062d,
+ 0x00000644, 0x0000062e, 0x00000644, 0x00000645,
+ 0x00000644, 0x00000647, 0x00000645, 0x0000062c,
+ 0x00000645, 0x0000062d, 0x00000645, 0x0000062e,
+ 0x00000645, 0x00000645, 0x00000646, 0x0000062c,
+ 0x00000646, 0x0000062d, 0x00000646, 0x0000062e,
+ 0x00000646, 0x00000645, 0x00000646, 0x00000647,
+ 0x00000647, 0x0000062c, 0x00000647, 0x00000645,
+ 0x00000647, 0x00000670, 0x0000064a, 0x0000062c,
+ 0x0000064a, 0x0000062d, 0x0000064a, 0x0000062e,
+ 0x0000064a, 0x00000645, 0x0000064a, 0x00000647,
+ 0x0000064a, 0x00000654, 0x00000645, 0x0000064a,
+ 0x00000654, 0x00000647, 0x00000628, 0x00000645,
+ 0x00000628, 0x00000647, 0x0000062a, 0x00000645,
+ 0x0000062a, 0x00000647, 0x0000062b, 0x00000645,
+ 0x0000062b, 0x00000647, 0x00000633, 0x00000645,
+ 0x00000633, 0x00000647, 0x00000634, 0x00000645,
+ 0x00000634, 0x00000647, 0x00000643, 0x00000644,
+ 0x00000643, 0x00000645, 0x00000644, 0x00000645,
+ 0x00000646, 0x00000645, 0x00000646, 0x00000647,
+ 0x0000064a, 0x00000645, 0x0000064a, 0x00000647,
+ 0x00000640, 0x0000064e, 0x00000651, 0x00000640,
+ 0x0000064f, 0x00000651, 0x00000640, 0x00000650,
+ 0x00000651, 0x00000637, 0x00000649, 0x00000637,
+ 0x0000064a, 0x00000639, 0x00000649, 0x00000639,
+ 0x0000064a, 0x0000063a, 0x00000649, 0x0000063a,
+ 0x0000064a, 0x00000633, 0x00000649, 0x00000633,
+ 0x0000064a, 0x00000634, 0x00000649, 0x00000634,
+ 0x0000064a, 0x0000062d, 0x00000649, 0x0000062d,
+ 0x0000064a, 0x0000062c, 0x00000649, 0x0000062c,
+ 0x0000064a, 0x0000062e, 0x00000649, 0x0000062e,
+ 0x0000064a, 0x00000635, 0x00000649, 0x00000635,
+ 0x0000064a, 0x00000636, 0x00000649, 0x00000636,
+ 0x0000064a, 0x00000634, 0x0000062c, 0x00000634,
+ 0x0000062d, 0x00000634, 0x0000062e, 0x00000634,
+ 0x00000645, 0x00000634, 0x00000631, 0x00000633,
+ 0x00000631, 0x00000635, 0x00000631, 0x00000636,
+ 0x00000631, 0x00000637, 0x00000649, 0x00000637,
+ 0x0000064a, 0x00000639, 0x00000649, 0x00000639,
+ 0x0000064a, 0x0000063a, 0x00000649, 0x0000063a,
+ 0x0000064a, 0x00000633, 0x00000649, 0x00000633,
+ 0x0000064a, 0x00000634, 0x00000649, 0x00000634,
+ 0x0000064a, 0x0000062d, 0x00000649, 0x0000062d,
+ 0x0000064a, 0x0000062c, 0x00000649, 0x0000062c,
+ 0x0000064a, 0x0000062e, 0x00000649, 0x0000062e,
+ 0x0000064a, 0x00000635, 0x00000649, 0x00000635,
+ 0x0000064a, 0x00000636, 0x00000649, 0x00000636,
+ 0x0000064a, 0x00000634, 0x0000062c, 0x00000634,
+ 0x0000062d, 0x00000634, 0x0000062e, 0x00000634,
+ 0x00000645, 0x00000634, 0x00000631, 0x00000633,
+ 0x00000631, 0x00000635, 0x00000631, 0x00000636,
+ 0x00000631, 0x00000634, 0x0000062c, 0x00000634,
+ 0x0000062d, 0x00000634, 0x0000062e, 0x00000634,
+ 0x00000645, 0x00000633, 0x00000647, 0x00000634,
+ 0x00000647, 0x00000637, 0x00000645, 0x00000633,
+ 0x0000062c, 0x00000633, 0x0000062d, 0x00000633,
+ 0x0000062e, 0x00000634, 0x0000062c, 0x00000634,
+ 0x0000062d, 0x00000634, 0x0000062e, 0x00000637,
+ 0x00000645, 0x00000638, 0x00000645, 0x00000627,
+ 0x0000064b, 0x00000627, 0x0000064b, 0x0000062a,
+ 0x0000062c, 0x00000645, 0x0000062a, 0x0000062d,
+ 0x0000062c, 0x0000062a, 0x0000062d, 0x0000062c,
+ 0x0000062a, 0x0000062d, 0x00000645, 0x0000062a,
+ 0x0000062e, 0x00000645, 0x0000062a, 0x00000645,
+ 0x0000062c, 0x0000062a, 0x00000645, 0x0000062d,
+ 0x0000062a, 0x00000645, 0x0000062e, 0x0000062c,
+ 0x00000645, 0x0000062d, 0x0000062c, 0x00000645,
+ 0x0000062d, 0x0000062d, 0x00000645, 0x0000064a,
+ 0x0000062d, 0x00000645, 0x00000649, 0x00000633,
+ 0x0000062d, 0x0000062c, 0x00000633, 0x0000062c,
+ 0x0000062d, 0x00000633, 0x0000062c, 0x00000649,
+ 0x00000633, 0x00000645, 0x0000062d, 0x00000633,
+ 0x00000645, 0x0000062d, 0x00000633, 0x00000645,
+ 0x0000062c, 0x00000633, 0x00000645, 0x00000645,
+ 0x00000633, 0x00000645, 0x00000645, 0x00000635,
+ 0x0000062d, 0x0000062d, 0x00000635, 0x0000062d,
+ 0x0000062d, 0x00000635, 0x00000645, 0x00000645,
+ 0x00000634, 0x0000062d, 0x00000645, 0x00000634,
+ 0x0000062d, 0x00000645, 0x00000634, 0x0000062c,
+ 0x0000064a, 0x00000634, 0x00000645, 0x0000062e,
+ 0x00000634, 0x00000645, 0x0000062e, 0x00000634,
+ 0x00000645, 0x00000645, 0x00000634, 0x00000645,
+ 0x00000645, 0x00000636, 0x0000062d, 0x00000649,
+ 0x00000636, 0x0000062e, 0x00000645, 0x00000636,
+ 0x0000062e, 0x00000645, 0x00000637, 0x00000645,
+ 0x0000062d, 0x00000637, 0x00000645, 0x0000062d,
+ 0x00000637, 0x00000645, 0x00000645, 0x00000637,
+ 0x00000645, 0x0000064a, 0x00000639, 0x0000062c,
+ 0x00000645, 0x00000639, 0x00000645, 0x00000645,
+ 0x00000639, 0x00000645, 0x00000645, 0x00000639,
+ 0x00000645, 0x00000649, 0x0000063a, 0x00000645,
+ 0x00000645, 0x0000063a, 0x00000645, 0x0000064a,
+ 0x0000063a, 0x00000645, 0x00000649, 0x00000641,
+ 0x0000062e, 0x00000645, 0x00000641, 0x0000062e,
+ 0x00000645, 0x00000642, 0x00000645, 0x0000062d,
+ 0x00000642, 0x00000645, 0x00000645, 0x00000644,
+ 0x0000062d, 0x00000645, 0x00000644, 0x0000062d,
+ 0x0000064a, 0x00000644, 0x0000062d, 0x00000649,
+ 0x00000644, 0x0000062c, 0x0000062c, 0x00000644,
+ 0x0000062c, 0x0000062c, 0x00000644, 0x0000062e,
+ 0x00000645, 0x00000644, 0x0000062e, 0x00000645,
+ 0x00000644, 0x00000645, 0x0000062d, 0x00000644,
+ 0x00000645, 0x0000062d, 0x00000645, 0x0000062d,
+ 0x0000062c, 0x00000645, 0x0000062d, 0x00000645,
+ 0x00000645, 0x0000062d, 0x0000064a, 0x00000645,
+ 0x0000062c, 0x0000062d, 0x00000645, 0x0000062c,
+ 0x00000645, 0x00000645, 0x0000062e, 0x0000062c,
+ 0x00000645, 0x0000062e, 0x00000645, 0x00000645,
+ 0x0000062c, 0x0000062e, 0x00000647, 0x00000645,
+ 0x0000062c, 0x00000647, 0x00000645, 0x00000645,
+ 0x00000646, 0x0000062d, 0x00000645, 0x00000646,
+ 0x0000062d, 0x00000649, 0x00000646, 0x0000062c,
+ 0x00000645, 0x00000646, 0x0000062c, 0x00000645,
+ 0x00000646, 0x0000062c, 0x00000649, 0x00000646,
+ 0x00000645, 0x0000064a, 0x00000646, 0x00000645,
+ 0x00000649, 0x0000064a, 0x00000645, 0x00000645,
+ 0x0000064a, 0x00000645, 0x00000645, 0x00000628,
+ 0x0000062e, 0x0000064a, 0x0000062a, 0x0000062c,
+ 0x0000064a, 0x0000062a, 0x0000062c, 0x00000649,
+ 0x0000062a, 0x0000062e, 0x0000064a, 0x0000062a,
+ 0x0000062e, 0x00000649, 0x0000062a, 0x00000645,
+ 0x0000064a, 0x0000062a, 0x00000645, 0x00000649,
+ 0x0000062c, 0x00000645, 0x0000064a, 0x0000062c,
+ 0x0000062d, 0x00000649, 0x0000062c, 0x00000645,
+ 0x00000649, 0x00000633, 0x0000062e, 0x00000649,
+ 0x00000635, 0x0000062d, 0x0000064a, 0x00000634,
+ 0x0000062d, 0x0000064a, 0x00000636, 0x0000062d,
+ 0x0000064a, 0x00000644, 0x0000062c, 0x0000064a,
+ 0x00000644, 0x00000645, 0x0000064a, 0x0000064a,
+ 0x0000062d, 0x0000064a, 0x0000064a, 0x0000062c,
+ 0x0000064a, 0x0000064a, 0x00000645, 0x0000064a,
+ 0x00000645, 0x00000645, 0x0000064a, 0x00000642,
+ 0x00000645, 0x0000064a, 0x00000646, 0x0000062d,
+ 0x0000064a, 0x00000642, 0x00000645, 0x0000062d,
+ 0x00000644, 0x0000062d, 0x00000645, 0x00000639,
+ 0x00000645, 0x0000064a, 0x00000643, 0x00000645,
+ 0x0000064a, 0x00000646, 0x0000062c, 0x0000062d,
+ 0x00000645, 0x0000062e, 0x0000064a, 0x00000644,
+ 0x0000062c, 0x00000645, 0x00000643, 0x00000645,
+ 0x00000645, 0x00000644, 0x0000062c, 0x00000645,
+ 0x00000646, 0x0000062c, 0x0000062d, 0x0000062c,
+ 0x0000062d, 0x0000064a, 0x0000062d, 0x0000062c,
+ 0x0000064a, 0x00000645, 0x0000062c, 0x0000064a,
+ 0x00000641, 0x00000645, 0x0000064a, 0x00000628,
+ 0x0000062d, 0x0000064a, 0x00000643, 0x00000645,
+ 0x00000645, 0x00000639, 0x0000062c, 0x00000645,
+ 0x00000635, 0x00000645, 0x00000645, 0x00000633,
+ 0x0000062e, 0x0000064a, 0x00000646, 0x0000062c,
+ 0x0000064a, 0x00000635, 0x00000644, 0x000006d2,
+ 0x00000642, 0x00000644, 0x000006d2, 0x00000627,
+ 0x00000644, 0x00000644, 0x00000647, 0x00000627,
+ 0x00000643, 0x00000628, 0x00000631, 0x00000645,
+ 0x0000062d, 0x00000645, 0x0000062f, 0x00000635,
+ 0x00000644, 0x00000639, 0x00000645, 0x00000631,
+ 0x00000633, 0x00000648, 0x00000644, 0x00000639,
+ 0x00000644, 0x0000064a, 0x00000647, 0x00000648,
+ 0x00000633, 0x00000644, 0x00000645, 0x00000635,
+ 0x00000644, 0x00000649, 0x00000635, 0x00000644,
+ 0x00000649, 0x00000020, 0x00000627, 0x00000644,
+ 0x00000644, 0x00000647, 0x00000020, 0x00000639,
+ 0x00000644, 0x0000064a, 0x00000647, 0x00000020,
+ 0x00000648, 0x00000633, 0x00000644, 0x00000645,
+ 0x0000062c, 0x00000644, 0x00000020, 0x0000062c,
+ 0x00000644, 0x00000627, 0x00000644, 0x00000647,
+ 0x00000631, 0x000006cc, 0x00000627, 0x00000644,
+ 0x0000002e, 0x0000002e, 0x00002014, 0x00002013,
+ 0x0000005f, 0x0000005f, 0x00000028, 0x00000029,
+ 0x0000007b, 0x0000007d, 0x00003014, 0x00003015,
+ 0x00003010, 0x00003011, 0x0000300a, 0x0000300b,
+ 0x00003008, 0x00003009, 0x0000300c, 0x0000300d,
+ 0x0000300e, 0x0000300f, 0x00000020, 0x00000305,
+ 0x00000020, 0x00000305, 0x00000020, 0x00000305,
+ 0x00000020, 0x00000305, 0x0000005f, 0x0000005f,
+ 0x0000005f, 0x0000002c, 0x00003001, 0x0000002e,
+ 0x0000003b, 0x0000003a, 0x0000003f, 0x00000021,
+ 0x00002014, 0x00000028, 0x00000029, 0x0000007b,
+ 0x0000007d, 0x00003014, 0x00003015, 0x00000023,
+ 0x00000026, 0x0000002a, 0x0000002b, 0x0000002d,
+ 0x0000003c, 0x0000003e, 0x0000003d, 0x0000005c,
+ 0x00000024, 0x00000025, 0x00000040, 0x00000020,
+ 0x0000064b, 0x00000640, 0x0000064b, 0x00000020,
+ 0x0000064c, 0x00000020, 0x0000064d, 0x00000020,
+ 0x0000064e, 0x00000640, 0x0000064e, 0x00000020,
+ 0x0000064f, 0x00000640, 0x0000064f, 0x00000020,
+ 0x00000650, 0x00000640, 0x00000650, 0x00000020,
+ 0x00000651, 0x00000640, 0x00000651, 0x00000020,
+ 0x00000652, 0x00000640, 0x00000652, 0x00000621,
+ 0x00000627, 0x00000653, 0x00000627, 0x00000653,
+ 0x00000627, 0x00000654, 0x00000627, 0x00000654,
+ 0x00000648, 0x00000654, 0x00000648, 0x00000654,
+ 0x00000627, 0x00000655, 0x00000627, 0x00000655,
+ 0x0000064a, 0x00000654, 0x0000064a, 0x00000654,
+ 0x0000064a, 0x00000654, 0x0000064a, 0x00000654,
+ 0x00000627, 0x00000627, 0x00000628, 0x00000628,
+ 0x00000628, 0x00000628, 0x00000629, 0x00000629,
+ 0x0000062a, 0x0000062a, 0x0000062a, 0x0000062a,
+ 0x0000062b, 0x0000062b, 0x0000062b, 0x0000062b,
+ 0x0000062c, 0x0000062c, 0x0000062c, 0x0000062c,
+ 0x0000062d, 0x0000062d, 0x0000062d, 0x0000062d,
+ 0x0000062e, 0x0000062e, 0x0000062e, 0x0000062e,
+ 0x0000062f, 0x0000062f, 0x00000630, 0x00000630,
+ 0x00000631, 0x00000631, 0x00000632, 0x00000632,
+ 0x00000633, 0x00000633, 0x00000633, 0x00000633,
+ 0x00000634, 0x00000634, 0x00000634, 0x00000634,
+ 0x00000635, 0x00000635, 0x00000635, 0x00000635,
+ 0x00000636, 0x00000636, 0x00000636, 0x00000636,
+ 0x00000637, 0x00000637, 0x00000637, 0x00000637,
+ 0x00000638, 0x00000638, 0x00000638, 0x00000638,
+ 0x00000639, 0x00000639, 0x00000639, 0x00000639,
+ 0x0000063a, 0x0000063a, 0x0000063a, 0x0000063a,
+ 0x00000641, 0x00000641, 0x00000641, 0x00000641,
+ 0x00000642, 0x00000642, 0x00000642, 0x00000642,
+ 0x00000643, 0x00000643, 0x00000643, 0x00000643,
+ 0x00000644, 0x00000644, 0x00000644, 0x00000644,
+ 0x00000645, 0x00000645, 0x00000645, 0x00000645,
+ 0x00000646, 0x00000646, 0x00000646, 0x00000646,
+ 0x00000647, 0x00000647, 0x00000647, 0x00000647,
+ 0x00000648, 0x00000648, 0x00000649, 0x00000649,
+ 0x0000064a, 0x0000064a, 0x0000064a, 0x0000064a,
+ 0x00000644, 0x00000627, 0x00000653, 0x00000644,
+ 0x00000627, 0x00000653, 0x00000644, 0x00000627,
+ 0x00000654, 0x00000644, 0x00000627, 0x00000654,
+ 0x00000644, 0x00000627, 0x00000655, 0x00000644,
+ 0x00000627, 0x00000655, 0x00000644, 0x00000627,
+ 0x00000644, 0x00000627, 0x00000021, 0x00000022,
+ 0x00000023, 0x00000024, 0x00000025, 0x00000026,
+ 0x00000027, 0x00000028, 0x00000029, 0x0000002a,
+ 0x0000002b, 0x0000002c, 0x0000002d, 0x0000002e,
+ 0x0000002f, 0x00000030, 0x00000031, 0x00000032,
+ 0x00000033, 0x00000034, 0x00000035, 0x00000036,
+ 0x00000037, 0x00000038, 0x00000039, 0x0000003a,
+ 0x0000003b, 0x0000003c, 0x0000003d, 0x0000003e,
+ 0x0000003f, 0x00000040, 0x00000041, 0x00000042,
+ 0x00000043, 0x00000044, 0x00000045, 0x00000046,
+ 0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+ 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+ 0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+ 0x00000053, 0x00000054, 0x00000055, 0x00000056,
+ 0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+ 0x0000005b, 0x0000005c, 0x0000005d, 0x0000005e,
+ 0x0000005f, 0x00000060, 0x00000061, 0x00000062,
+ 0x00000063, 0x00000064, 0x00000065, 0x00000066,
+ 0x00000067, 0x00000068, 0x00000069, 0x0000006a,
+ 0x0000006b, 0x0000006c, 0x0000006d, 0x0000006e,
+ 0x0000006f, 0x00000070, 0x00000071, 0x00000072,
+ 0x00000073, 0x00000074, 0x00000075, 0x00000076,
+ 0x00000077, 0x00000078, 0x00000079, 0x0000007a,
+ 0x0000007b, 0x0000007c, 0x0000007d, 0x0000007e,
+ 0x00002985, 0x00002986, 0x00003002, 0x0000300c,
+ 0x0000300d, 0x00003001, 0x000030fb, 0x000030f2,
+ 0x000030a1, 0x000030a3, 0x000030a5, 0x000030a7,
+ 0x000030a9, 0x000030e3, 0x000030e5, 0x000030e7,
+ 0x000030c3, 0x000030fc, 0x000030a2, 0x000030a4,
+ 0x000030a6, 0x000030a8, 0x000030aa, 0x000030ab,
+ 0x000030ad, 0x000030af, 0x000030b1, 0x000030b3,
+ 0x000030b5, 0x000030b7, 0x000030b9, 0x000030bb,
+ 0x000030bd, 0x000030bf, 0x000030c1, 0x000030c4,
+ 0x000030c6, 0x000030c8, 0x000030ca, 0x000030cb,
+ 0x000030cc, 0x000030cd, 0x000030ce, 0x000030cf,
+ 0x000030d2, 0x000030d5, 0x000030d8, 0x000030db,
+ 0x000030de, 0x000030df, 0x000030e0, 0x000030e1,
+ 0x000030e2, 0x000030e4, 0x000030e6, 0x000030e8,
+ 0x000030e9, 0x000030ea, 0x000030eb, 0x000030ec,
+ 0x000030ed, 0x000030ef, 0x000030f3, 0x00003099,
+ 0x0000309a, 0x00001160, 0x00001100, 0x00001101,
+ 0x000011aa, 0x00001102, 0x000011ac, 0x000011ad,
+ 0x00001103, 0x00001104, 0x00001105, 0x000011b0,
+ 0x000011b1, 0x000011b2, 0x000011b3, 0x000011b4,
+ 0x000011b5, 0x0000111a, 0x00001106, 0x00001107,
+ 0x00001108, 0x00001121, 0x00001109, 0x0000110a,
+ 0x0000110b, 0x0000110c, 0x0000110d, 0x0000110e,
+ 0x0000110f, 0x00001110, 0x00001111, 0x00001112,
+ 0x00001161, 0x00001162, 0x00001163, 0x00001164,
+ 0x00001165, 0x00001166, 0x00001167, 0x00001168,
+ 0x00001169, 0x0000116a, 0x0000116b, 0x0000116c,
+ 0x0000116d, 0x0000116e, 0x0000116f, 0x00001170,
+ 0x00001171, 0x00001172, 0x00001173, 0x00001174,
+ 0x00001175, 0x000000a2, 0x000000a3, 0x000000ac,
+ 0x00000020, 0x00000304, 0x000000a6, 0x000000a5,
+ 0x000020a9, 0x00002502, 0x00002190, 0x00002191,
+ 0x00002192, 0x00002193, 0x000025a0, 0x000025cb,
+ 0x0001d157, 0x0001d165, 0x0001d158, 0x0001d165,
+ 0x0001d158, 0x0001d165, 0x0001d16e, 0x0001d158,
+ 0x0001d165, 0x0001d16f, 0x0001d158, 0x0001d165,
+ 0x0001d170, 0x0001d158, 0x0001d165, 0x0001d171,
+ 0x0001d158, 0x0001d165, 0x0001d172, 0x0001d1b9,
+ 0x0001d165, 0x0001d1ba, 0x0001d165, 0x0001d1b9,
+ 0x0001d165, 0x0001d16e, 0x0001d1ba, 0x0001d165,
+ 0x0001d16e, 0x0001d1b9, 0x0001d165, 0x0001d16f,
+ 0x0001d1ba, 0x0001d165, 0x0001d16f, 0x00000041,
+ 0x00000042, 0x00000043, 0x00000044, 0x00000045,
+ 0x00000046, 0x00000047, 0x00000048, 0x00000049,
+ 0x0000004a, 0x0000004b, 0x0000004c, 0x0000004d,
+ 0x0000004e, 0x0000004f, 0x00000050, 0x00000051,
+ 0x00000052, 0x00000053, 0x00000054, 0x00000055,
+ 0x00000056, 0x00000057, 0x00000058, 0x00000059,
+ 0x0000005a, 0x00000061, 0x00000062, 0x00000063,
+ 0x00000064, 0x00000065, 0x00000066, 0x00000067,
+ 0x00000068, 0x00000069, 0x0000006a, 0x0000006b,
+ 0x0000006c, 0x0000006d, 0x0000006e, 0x0000006f,
+ 0x00000070, 0x00000071, 0x00000072, 0x00000073,
+ 0x00000074, 0x00000075, 0x00000076, 0x00000077,
+ 0x00000078, 0x00000079, 0x0000007a, 0x00000041,
+ 0x00000042, 0x00000043, 0x00000044, 0x00000045,
+ 0x00000046, 0x00000047, 0x00000048, 0x00000049,
+ 0x0000004a, 0x0000004b, 0x0000004c, 0x0000004d,
+ 0x0000004e, 0x0000004f, 0x00000050, 0x00000051,
+ 0x00000052, 0x00000053, 0x00000054, 0x00000055,
+ 0x00000056, 0x00000057, 0x00000058, 0x00000059,
+ 0x0000005a, 0x00000061, 0x00000062, 0x00000063,
+ 0x00000064, 0x00000065, 0x00000066, 0x00000067,
+ 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+ 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+ 0x00000071, 0x00000072, 0x00000073, 0x00000074,
+ 0x00000075, 0x00000076, 0x00000077, 0x00000078,
+ 0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+ 0x00000043, 0x00000044, 0x00000045, 0x00000046,
+ 0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+ 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+ 0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+ 0x00000053, 0x00000054, 0x00000055, 0x00000056,
+ 0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+ 0x00000061, 0x00000062, 0x00000063, 0x00000064,
+ 0x00000065, 0x00000066, 0x00000067, 0x00000068,
+ 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+ 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+ 0x00000071, 0x00000072, 0x00000073, 0x00000074,
+ 0x00000075, 0x00000076, 0x00000077, 0x00000078,
+ 0x00000079, 0x0000007a, 0x00000041, 0x00000043,
+ 0x00000044, 0x00000047, 0x0000004a, 0x0000004b,
+ 0x0000004e, 0x0000004f, 0x00000050, 0x00000051,
+ 0x00000053, 0x00000054, 0x00000055, 0x00000056,
+ 0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+ 0x00000061, 0x00000062, 0x00000063, 0x00000064,
+ 0x00000066, 0x00000068, 0x00000069, 0x0000006a,
+ 0x0000006b, 0x0000006d, 0x0000006e, 0x00000070,
+ 0x00000071, 0x00000072, 0x00000073, 0x00000074,
+ 0x00000075, 0x00000076, 0x00000077, 0x00000078,
+ 0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+ 0x00000043, 0x00000044, 0x00000045, 0x00000046,
+ 0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+ 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+ 0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+ 0x00000053, 0x00000054, 0x00000055, 0x00000056,
+ 0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+ 0x00000061, 0x00000062, 0x00000063, 0x00000064,
+ 0x00000065, 0x00000066, 0x00000067, 0x00000068,
+ 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+ 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+ 0x00000071, 0x00000072, 0x00000073, 0x00000074,
+ 0x00000075, 0x00000076, 0x00000077, 0x00000078,
+ 0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+ 0x00000044, 0x00000045, 0x00000046, 0x00000047,
+ 0x0000004a, 0x0000004b, 0x0000004c, 0x0000004d,
+ 0x0000004e, 0x0000004f, 0x00000050, 0x00000051,
+ 0x00000053, 0x00000054, 0x00000055, 0x00000056,
+ 0x00000057, 0x00000058, 0x00000059, 0x00000061,
+ 0x00000062, 0x00000063, 0x00000064, 0x00000065,
+ 0x00000066, 0x00000067, 0x00000068, 0x00000069,
+ 0x0000006a, 0x0000006b, 0x0000006c, 0x0000006d,
+ 0x0000006e, 0x0000006f, 0x00000070, 0x00000071,
+ 0x00000072, 0x00000073, 0x00000074, 0x00000075,
+ 0x00000076, 0x00000077, 0x00000078, 0x00000079,
+ 0x0000007a, 0x00000041, 0x00000042, 0x00000044,
+ 0x00000045, 0x00000046, 0x00000047, 0x00000049,
+ 0x0000004a, 0x0000004b, 0x0000004c, 0x0000004d,
+ 0x0000004f, 0x00000053, 0x00000054, 0x00000055,
+ 0x00000056, 0x00000057, 0x00000058, 0x00000059,
+ 0x00000061, 0x00000062, 0x00000063, 0x00000064,
+ 0x00000065, 0x00000066, 0x00000067, 0x00000068,
+ 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+ 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+ 0x00000071, 0x00000072, 0x00000073, 0x00000074,
+ 0x00000075, 0x00000076, 0x00000077, 0x00000078,
+ 0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+ 0x00000043, 0x00000044, 0x00000045, 0x00000046,
+ 0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+ 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+ 0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+ 0x00000053, 0x00000054, 0x00000055, 0x00000056,
+ 0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+ 0x00000061, 0x00000062, 0x00000063, 0x00000064,
+ 0x00000065, 0x00000066, 0x00000067, 0x00000068,
+ 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+ 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+ 0x00000071, 0x00000072, 0x00000073, 0x00000074,
+ 0x00000075, 0x00000076, 0x00000077, 0x00000078,
+ 0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+ 0x00000043, 0x00000044, 0x00000045, 0x00000046,
+ 0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+ 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+ 0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+ 0x00000053, 0x00000054, 0x00000055, 0x00000056,
+ 0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+ 0x00000061, 0x00000062, 0x00000063, 0x00000064,
+ 0x00000065, 0x00000066, 0x00000067, 0x00000068,
+ 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+ 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+ 0x00000071, 0x00000072, 0x00000073, 0x00000074,
+ 0x00000075, 0x00000076, 0x00000077, 0x00000078,
+ 0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+ 0x00000043, 0x00000044, 0x00000045, 0x00000046,
+ 0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+ 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+ 0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+ 0x00000053, 0x00000054, 0x00000055, 0x00000056,
+ 0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+ 0x00000061, 0x00000062, 0x00000063, 0x00000064,
+ 0x00000065, 0x00000066, 0x00000067, 0x00000068,
+ 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+ 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+ 0x00000071, 0x00000072, 0x00000073, 0x00000074,
+ 0x00000075, 0x00000076, 0x00000077, 0x00000078,
+ 0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+ 0x00000043, 0x00000044, 0x00000045, 0x00000046,
+ 0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+ 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+ 0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+ 0x00000053, 0x00000054, 0x00000055, 0x00000056,
+ 0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+ 0x00000061, 0x00000062, 0x00000063, 0x00000064,
+ 0x00000065, 0x00000066, 0x00000067, 0x00000068,
+ 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+ 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+ 0x00000071, 0x00000072, 0x00000073, 0x00000074,
+ 0x00000075, 0x00000076, 0x00000077, 0x00000078,
+ 0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+ 0x00000043, 0x00000044, 0x00000045, 0x00000046,
+ 0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+ 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+ 0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+ 0x00000053, 0x00000054, 0x00000055, 0x00000056,
+ 0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+ 0x00000061, 0x00000062, 0x00000063, 0x00000064,
+ 0x00000065, 0x00000066, 0x00000067, 0x00000068,
+ 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+ 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+ 0x00000071, 0x00000072, 0x00000073, 0x00000074,
+ 0x00000075, 0x00000076, 0x00000077, 0x00000078,
+ 0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+ 0x00000043, 0x00000044, 0x00000045, 0x00000046,
+ 0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+ 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+ 0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+ 0x00000053, 0x00000054, 0x00000055, 0x00000056,
+ 0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+ 0x00000061, 0x00000062, 0x00000063, 0x00000064,
+ 0x00000065, 0x00000066, 0x00000067, 0x00000068,
+ 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+ 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+ 0x00000071, 0x00000072, 0x00000073, 0x00000074,
+ 0x00000075, 0x00000076, 0x00000077, 0x00000078,
+ 0x00000079, 0x0000007a, 0x00000391, 0x00000392,
+ 0x00000393, 0x00000394, 0x00000395, 0x00000396,
+ 0x00000397, 0x00000398, 0x00000399, 0x0000039a,
+ 0x0000039b, 0x0000039c, 0x0000039d, 0x0000039e,
+ 0x0000039f, 0x000003a0, 0x000003a1, 0x00000398,
+ 0x000003a3, 0x000003a4, 0x000003a5, 0x000003a6,
+ 0x000003a7, 0x000003a8, 0x000003a9, 0x00002207,
+ 0x000003b1, 0x000003b2, 0x000003b3, 0x000003b4,
+ 0x000003b5, 0x000003b6, 0x000003b7, 0x000003b8,
+ 0x000003b9, 0x000003ba, 0x000003bb, 0x000003bc,
+ 0x000003bd, 0x000003be, 0x000003bf, 0x000003c0,
+ 0x000003c1, 0x000003c2, 0x000003c3, 0x000003c4,
+ 0x000003c5, 0x000003c6, 0x000003c7, 0x000003c8,
+ 0x000003c9, 0x00002202, 0x000003b5, 0x000003b8,
+ 0x000003ba, 0x000003c6, 0x000003c1, 0x000003c0,
+ 0x00000391, 0x00000392, 0x00000393, 0x00000394,
+ 0x00000395, 0x00000396, 0x00000397, 0x00000398,
+ 0x00000399, 0x0000039a, 0x0000039b, 0x0000039c,
+ 0x0000039d, 0x0000039e, 0x0000039f, 0x000003a0,
+ 0x000003a1, 0x00000398, 0x000003a3, 0x000003a4,
+ 0x000003a5, 0x000003a6, 0x000003a7, 0x000003a8,
+ 0x000003a9, 0x00002207, 0x000003b1, 0x000003b2,
+ 0x000003b3, 0x000003b4, 0x000003b5, 0x000003b6,
+ 0x000003b7, 0x000003b8, 0x000003b9, 0x000003ba,
+ 0x000003bb, 0x000003bc, 0x000003bd, 0x000003be,
+ 0x000003bf, 0x000003c0, 0x000003c1, 0x000003c2,
+ 0x000003c3, 0x000003c4, 0x000003c5, 0x000003c6,
+ 0x000003c7, 0x000003c8, 0x000003c9, 0x00002202,
+ 0x000003b5, 0x000003b8, 0x000003ba, 0x000003c6,
+ 0x000003c1, 0x000003c0, 0x00000391, 0x00000392,
+ 0x00000393, 0x00000394, 0x00000395, 0x00000396,
+ 0x00000397, 0x00000398, 0x00000399, 0x0000039a,
+ 0x0000039b, 0x0000039c, 0x0000039d, 0x0000039e,
+ 0x0000039f, 0x000003a0, 0x000003a1, 0x00000398,
+ 0x000003a3, 0x000003a4, 0x000003a5, 0x000003a6,
+ 0x000003a7, 0x000003a8, 0x000003a9, 0x00002207,
+ 0x000003b1, 0x000003b2, 0x000003b3, 0x000003b4,
+ 0x000003b5, 0x000003b6, 0x000003b7, 0x000003b8,
+ 0x000003b9, 0x000003ba, 0x000003bb, 0x000003bc,
+ 0x000003bd, 0x000003be, 0x000003bf, 0x000003c0,
+ 0x000003c1, 0x000003c2, 0x000003c3, 0x000003c4,
+ 0x000003c5, 0x000003c6, 0x000003c7, 0x000003c8,
+ 0x000003c9, 0x00002202, 0x000003b5, 0x000003b8,
+ 0x000003ba, 0x000003c6, 0x000003c1, 0x000003c0,
+ 0x00000391, 0x00000392, 0x00000393, 0x00000394,
+ 0x00000395, 0x00000396, 0x00000397, 0x00000398,
+ 0x00000399, 0x0000039a, 0x0000039b, 0x0000039c,
+ 0x0000039d, 0x0000039e, 0x0000039f, 0x000003a0,
+ 0x000003a1, 0x00000398, 0x000003a3, 0x000003a4,
+ 0x000003a5, 0x000003a6, 0x000003a7, 0x000003a8,
+ 0x000003a9, 0x00002207, 0x000003b1, 0x000003b2,
+ 0x000003b3, 0x000003b4, 0x000003b5, 0x000003b6,
+ 0x000003b7, 0x000003b8, 0x000003b9, 0x000003ba,
+ 0x000003bb, 0x000003bc, 0x000003bd, 0x000003be,
+ 0x000003bf, 0x000003c0, 0x000003c1, 0x000003c2,
+ 0x000003c3, 0x000003c4, 0x000003c5, 0x000003c6,
+ 0x000003c7, 0x000003c8, 0x000003c9, 0x00002202,
+ 0x000003b5, 0x000003b8, 0x000003ba, 0x000003c6,
+ 0x000003c1, 0x000003c0, 0x00000391, 0x00000392,
+ 0x00000393, 0x00000394, 0x00000395, 0x00000396,
+ 0x00000397, 0x00000398, 0x00000399, 0x0000039a,
+ 0x0000039b, 0x0000039c, 0x0000039d, 0x0000039e,
+ 0x0000039f, 0x000003a0, 0x000003a1, 0x00000398,
+ 0x000003a3, 0x000003a4, 0x000003a5, 0x000003a6,
+ 0x000003a7, 0x000003a8, 0x000003a9, 0x00002207,
+ 0x000003b1, 0x000003b2, 0x000003b3, 0x000003b4,
+ 0x000003b5, 0x000003b6, 0x000003b7, 0x000003b8,
+ 0x000003b9, 0x000003ba, 0x000003bb, 0x000003bc,
+ 0x000003bd, 0x000003be, 0x000003bf, 0x000003c0,
+ 0x000003c1, 0x000003c2, 0x000003c3, 0x000003c4,
+ 0x000003c5, 0x000003c6, 0x000003c7, 0x000003c8,
+ 0x000003c9, 0x00002202, 0x000003b5, 0x000003b8,
+ 0x000003ba, 0x000003c6, 0x000003c1, 0x000003c0,
+ 0x00000030, 0x00000031, 0x00000032, 0x00000033,
+ 0x00000034, 0x00000035, 0x00000036, 0x00000037,
+ 0x00000038, 0x00000039, 0x00000030, 0x00000031,
+ 0x00000032, 0x00000033, 0x00000034, 0x00000035,
+ 0x00000036, 0x00000037, 0x00000038, 0x00000039,
+ 0x00000030, 0x00000031, 0x00000032, 0x00000033,
+ 0x00000034, 0x00000035, 0x00000036, 0x00000037,
+ 0x00000038, 0x00000039, 0x00000030, 0x00000031,
+ 0x00000032, 0x00000033, 0x00000034, 0x00000035,
+ 0x00000036, 0x00000037, 0x00000038, 0x00000039,
+ 0x00000030, 0x00000031, 0x00000032, 0x00000033,
+ 0x00000034, 0x00000035, 0x00000036, 0x00000037,
+ 0x00000038, 0x00000039, 0x00004e3d, 0x00004e38,
+ 0x00004e41, 0x00020122, 0x00004f60, 0x00004fae,
+ 0x00004fbb, 0x00005002, 0x0000507a, 0x00005099,
+ 0x000050e7, 0x000050cf, 0x0000349e, 0x0002063a,
+ 0x0000514d, 0x00005154, 0x00005164, 0x00005177,
+ 0x0002051c, 0x000034b9, 0x00005167, 0x0000518d,
+ 0x0002054b, 0x00005197, 0x000051a4, 0x00004ecc,
+ 0x000051ac, 0x000051b5, 0x000291df, 0x000051f5,
+ 0x00005203, 0x000034df, 0x0000523b, 0x00005246,
+ 0x00005272, 0x00005277, 0x00003515, 0x000052c7,
+ 0x000052c9, 0x000052e4, 0x000052fa, 0x00005305,
+ 0x00005306, 0x00005317, 0x00005349, 0x00005351,
+ 0x0000535a, 0x00005373, 0x0000537d, 0x0000537f,
+ 0x0000537f, 0x0000537f, 0x00020a2c, 0x00007070,
+ 0x000053ca, 0x000053df, 0x00020b63, 0x000053eb,
+ 0x000053f1, 0x00005406, 0x0000549e, 0x00005438,
+ 0x00005448, 0x00005468, 0x000054a2, 0x000054f6,
+ 0x00005510, 0x00005553, 0x00005563, 0x00005584,
+ 0x00005584, 0x00005599, 0x000055ab, 0x000055b3,
+ 0x000055c2, 0x00005716, 0x00005606, 0x00005717,
+ 0x00005651, 0x00005674, 0x00005207, 0x000058ee,
+ 0x000057ce, 0x000057f4, 0x0000580d, 0x0000578b,
+ 0x00005832, 0x00005831, 0x000058ac, 0x000214e4,
+ 0x000058f2, 0x000058f7, 0x00005906, 0x0000591a,
+ 0x00005922, 0x00005962, 0x000216a8, 0x000216ea,
+ 0x000059ec, 0x00005a1b, 0x00005a27, 0x000059d8,
+ 0x00005a66, 0x000036ee, 0x0002136a, 0x00005b08,
+ 0x00005b3e, 0x00005b3e, 0x000219c8, 0x00005bc3,
+ 0x00005bd8, 0x00005be7, 0x00005bf3, 0x00021b18,
+ 0x00005bff, 0x00005c06, 0x00005f33, 0x00005c22,
+ 0x00003781, 0x00005c60, 0x00005c6e, 0x00005cc0,
+ 0x00005c8d, 0x00021de4, 0x00005d43, 0x00021de6,
+ 0x00005d6e, 0x00005d6b, 0x00005d7c, 0x00005de1,
+ 0x00005de2, 0x0000382f, 0x00005dfd, 0x00005e28,
+ 0x00005e3d, 0x00005e69, 0x00003862, 0x00022183,
+ 0x0000387c, 0x00005eb0, 0x00005eb3, 0x00005eb6,
+ 0x00005eca, 0x0002a392, 0x00005efe, 0x00022331,
+ 0x00022331, 0x00008201, 0x00005f22, 0x00005f22,
+ 0x000038c7, 0x000232b8, 0x000261da, 0x00005f62,
+ 0x00005f6b, 0x000038e3, 0x00005f9a, 0x00005fcd,
+ 0x00005fd7, 0x00005ff9, 0x00006081, 0x0000393a,
+ 0x0000391c, 0x00006094, 0x000226d4, 0x000060c7,
+ 0x00006148, 0x0000614c, 0x0000614e, 0x0000614c,
+ 0x0000617a, 0x0000618e, 0x000061b2, 0x000061a4,
+ 0x000061af, 0x000061de, 0x000061f2, 0x000061f6,
+ 0x00006210, 0x0000621b, 0x0000625d, 0x000062b1,
+ 0x000062d4, 0x00006350, 0x00022b0c, 0x0000633d,
+ 0x000062fc, 0x00006368, 0x00006383, 0x000063e4,
+ 0x00022bf1, 0x00006422, 0x000063c5, 0x000063a9,
+ 0x00003a2e, 0x00006469, 0x0000647e, 0x0000649d,
+ 0x00006477, 0x00003a6c, 0x0000654f, 0x0000656c,
+ 0x0002300a, 0x000065e3, 0x000066f8, 0x00006649,
+ 0x00003b19, 0x00006691, 0x00003b08, 0x00003ae4,
+ 0x00005192, 0x00005195, 0x00006700, 0x0000669c,
+ 0x000080ad, 0x000043d9, 0x00006717, 0x0000671b,
+ 0x00006721, 0x0000675e, 0x00006753, 0x000233c3,
+ 0x00003b49, 0x000067fa, 0x00006785, 0x00006852,
+ 0x00006885, 0x0002346d, 0x0000688e, 0x0000681f,
+ 0x00006914, 0x00003b9d, 0x00006942, 0x000069a3,
+ 0x000069ea, 0x00006aa8, 0x000236a3, 0x00006adb,
+ 0x00003c18, 0x00006b21, 0x000238a7, 0x00006b54,
+ 0x00003c4e, 0x00006b72, 0x00006b9f, 0x00006bba,
+ 0x00006bbb, 0x00023a8d, 0x00021d0b, 0x00023afa,
+ 0x00006c4e, 0x00023cbc, 0x00006cbf, 0x00006ccd,
+ 0x00006c67, 0x00006d16, 0x00006d3e, 0x00006d77,
+ 0x00006d41, 0x00006d69, 0x00006d78, 0x00006d85,
+ 0x00023d1e, 0x00006d34, 0x00006e2f, 0x00006e6e,
+ 0x00003d33, 0x00006ecb, 0x00006ec7, 0x00023ed1,
+ 0x00006df9, 0x00006f6e, 0x00023f5e, 0x00023f8e,
+ 0x00006fc6, 0x00007039, 0x0000701e, 0x0000701b,
+ 0x00003d96, 0x0000704a, 0x0000707d, 0x00007077,
+ 0x000070ad, 0x00020525, 0x00007145, 0x00024263,
+ 0x0000719c, 0x000043ab, 0x00007228, 0x00007235,
+ 0x00007250, 0x00024608, 0x00007280, 0x00007295,
+ 0x00024735, 0x00024814, 0x0000737a, 0x0000738b,
+ 0x00003eac, 0x000073a5, 0x00003eb8, 0x00003eb8,
+ 0x00007447, 0x0000745c, 0x00007471, 0x00007485,
+ 0x000074ca, 0x00003f1b, 0x00007524, 0x00024c36,
+ 0x0000753e, 0x00024c92, 0x00007570, 0x0002219f,
+ 0x00007610, 0x00024fa1, 0x00024fb8, 0x00025044,
+ 0x00003ffc, 0x00004008, 0x000076f4, 0x000250f3,
+ 0x000250f2, 0x00025119, 0x00025133, 0x0000771e,
+ 0x0000771f, 0x0000771f, 0x0000774a, 0x00004039,
+ 0x0000778b, 0x00004046, 0x00004096, 0x0002541d,
+ 0x0000784e, 0x0000788c, 0x000078cc, 0x000040e3,
+ 0x00025626, 0x00007956, 0x0002569a, 0x000256c5,
+ 0x0000798f, 0x000079eb, 0x0000412f, 0x00007a40,
+ 0x00007a4a, 0x00007a4f, 0x0002597c, 0x00025aa7,
+ 0x00025aa7, 0x00007aae, 0x00004202, 0x00025bab,
+ 0x00007bc6, 0x00007bc9, 0x00004227, 0x00025c80,
+ 0x00007cd2, 0x000042a0, 0x00007ce8, 0x00007ce3,
+ 0x00007d00, 0x00025f86, 0x00007d63, 0x00004301,
+ 0x00007dc7, 0x00007e02, 0x00007e45, 0x00004334,
+ 0x00026228, 0x00026247, 0x00004359, 0x000262d9,
+ 0x00007f7a, 0x0002633e, 0x00007f95, 0x00007ffa,
+ 0x00008005, 0x000264da, 0x00026523, 0x00008060,
+ 0x000265a8, 0x00008070, 0x0002335f, 0x000043d5,
+ 0x000080b2, 0x00008103, 0x0000440b, 0x0000813e,
+ 0x00005ab5, 0x000267a7, 0x000267b5, 0x00023393,
+ 0x0002339c, 0x00008201, 0x00008204, 0x00008f9e,
+ 0x0000446b, 0x00008291, 0x0000828b, 0x0000829d,
+ 0x000052b3, 0x000082b1, 0x000082b3, 0x000082bd,
+ 0x000082e6, 0x00026b3c, 0x000082e5, 0x0000831d,
+ 0x00008363, 0x000083ad, 0x00008323, 0x000083bd,
+ 0x000083e7, 0x00008457, 0x00008353, 0x000083ca,
+ 0x000083cc, 0x000083dc, 0x00026c36, 0x00026d6b,
+ 0x00026cd5, 0x0000452b, 0x000084f1, 0x000084f3,
+ 0x00008516, 0x000273ca, 0x00008564, 0x00026f2c,
+ 0x0000455d, 0x00004561, 0x00026fb1, 0x000270d2,
+ 0x0000456b, 0x00008650, 0x0000865c, 0x00008667,
+ 0x00008669, 0x000086a9, 0x00008688, 0x0000870e,
+ 0x000086e2, 0x00008779, 0x00008728, 0x0000876b,
+ 0x00008786, 0x00004d57, 0x000087e1, 0x00008801,
+ 0x000045f9, 0x00008860, 0x00008863, 0x00027667,
+ 0x000088d7, 0x000088de, 0x00004635, 0x000088fa,
+ 0x000034bb, 0x000278ae, 0x00027966, 0x000046be,
+ 0x000046c7, 0x00008aa0, 0x00008aed, 0x00008b8a,
+ 0x00008c55, 0x00027ca8, 0x00008cab, 0x00008cc1,
+ 0x00008d1b, 0x00008d77, 0x00027f2f, 0x00020804,
+ 0x00008dcb, 0x00008dbc, 0x00008df0, 0x000208de,
+ 0x00008ed4, 0x00008f38, 0x000285d2, 0x000285ed,
+ 0x00009094, 0x000090f1, 0x00009111, 0x0002872e,
+ 0x0000911b, 0x00009238, 0x000092d7, 0x000092d8,
+ 0x0000927c, 0x000093f9, 0x00009415, 0x00028bfa,
+ 0x0000958b, 0x00004995, 0x000095b7, 0x00028d77,
+ 0x000049e6, 0x000096c3, 0x00005db2, 0x00009723,
+ 0x00029145, 0x0002921a, 0x00004a6e, 0x00004a76,
+ 0x000097e0, 0x0002940a, 0x00004ab2, 0x00029496,
+ 0x0000980b, 0x0000980b, 0x00009829, 0x000295b6,
+ 0x000098e2, 0x00004b33, 0x00009929, 0x000099a7,
+ 0x000099c2, 0x000099fe, 0x00004bce, 0x00029b30,
+ 0x00009b12, 0x00009c40, 0x00009cfd, 0x00004cce,
+ 0x00004ced, 0x00009d67, 0x0002a0ce, 0x00004cf8,
+ 0x0002a105, 0x0002a20e, 0x0002a291, 0x00009ebb,
+ 0x00004d56, 0x00009ef9, 0x00009efe, 0x00009f05,
+ 0x00009f0f, 0x00009f16, 0x00009f3b, 0x0002a600
+};
+
+static const ac_uint4 _uccmcl_size = 489;
+
+static const ac_uint4 _uccmcl_nodes[] = {
+ 0x00000300, 0x00000314, 0x000000e6, 0x00000315,
+ 0x00000315, 0x000000e8, 0x00000316, 0x00000319,
+ 0x000000dc, 0x0000031a, 0x0000031a, 0x000000e8,
+ 0x0000031b, 0x0000031b, 0x000000d8, 0x0000031c,
+ 0x00000320, 0x000000dc, 0x00000321, 0x00000322,
+ 0x000000ca, 0x00000323, 0x00000326, 0x000000dc,
+ 0x00000327, 0x00000328, 0x000000ca, 0x00000329,
+ 0x00000333, 0x000000dc, 0x00000334, 0x00000338,
+ 0x00000001, 0x00000339, 0x0000033c, 0x000000dc,
+ 0x0000033d, 0x00000344, 0x000000e6, 0x00000345,
+ 0x00000345, 0x000000f0, 0x00000346, 0x00000346,
+ 0x000000e6, 0x00000347, 0x00000349, 0x000000dc,
+ 0x0000034a, 0x0000034c, 0x000000e6, 0x0000034d,
+ 0x0000034e, 0x000000dc, 0x00000360, 0x00000361,
+ 0x000000ea, 0x00000362, 0x00000362, 0x000000e9,
+ 0x00000363, 0x0000036f, 0x000000e6, 0x00000483,
+ 0x00000486, 0x000000e6, 0x00000591, 0x00000591,
+ 0x000000dc, 0x00000592, 0x00000595, 0x000000e6,
+ 0x00000596, 0x00000596, 0x000000dc, 0x00000597,
+ 0x00000599, 0x000000e6, 0x0000059a, 0x0000059a,
+ 0x000000de, 0x0000059b, 0x0000059b, 0x000000dc,
+ 0x0000059c, 0x000005a1, 0x000000e6, 0x000005a3,
+ 0x000005a7, 0x000000dc, 0x000005a8, 0x000005a9,
+ 0x000000e6, 0x000005aa, 0x000005aa, 0x000000dc,
+ 0x000005ab, 0x000005ac, 0x000000e6, 0x000005ad,
+ 0x000005ad, 0x000000de, 0x000005ae, 0x000005ae,
+ 0x000000e4, 0x000005af, 0x000005af, 0x000000e6,
+ 0x000005b0, 0x000005b0, 0x0000000a, 0x000005b1,
+ 0x000005b1, 0x0000000b, 0x000005b2, 0x000005b2,
+ 0x0000000c, 0x000005b3, 0x000005b3, 0x0000000d,
+ 0x000005b4, 0x000005b4, 0x0000000e, 0x000005b5,
+ 0x000005b5, 0x0000000f, 0x000005b6, 0x000005b6,
+ 0x00000010, 0x000005b7, 0x000005b7, 0x00000011,
+ 0x000005b8, 0x000005b8, 0x00000012, 0x000005b9,
+ 0x000005b9, 0x00000013, 0x000005bb, 0x000005bb,
+ 0x00000014, 0x000005bc, 0x000005bc, 0x00000015,
+ 0x000005bd, 0x000005bd, 0x00000016, 0x000005bf,
+ 0x000005bf, 0x00000017, 0x000005c1, 0x000005c1,
+ 0x00000018, 0x000005c2, 0x000005c2, 0x00000019,
+ 0x000005c4, 0x000005c4, 0x000000e6, 0x0000064b,
+ 0x0000064b, 0x0000001b, 0x0000064c, 0x0000064c,
+ 0x0000001c, 0x0000064d, 0x0000064d, 0x0000001d,
+ 0x0000064e, 0x0000064e, 0x0000001e, 0x0000064f,
+ 0x0000064f, 0x0000001f, 0x00000650, 0x00000650,
+ 0x00000020, 0x00000651, 0x00000651, 0x00000021,
+ 0x00000652, 0x00000652, 0x00000022, 0x00000653,
+ 0x00000654, 0x000000e6, 0x00000655, 0x00000655,
+ 0x000000dc, 0x00000670, 0x00000670, 0x00000023,
+ 0x000006d6, 0x000006dc, 0x000000e6, 0x000006df,
+ 0x000006e2, 0x000000e6, 0x000006e3, 0x000006e3,
+ 0x000000dc, 0x000006e4, 0x000006e4, 0x000000e6,
+ 0x000006e7, 0x000006e8, 0x000000e6, 0x000006ea,
+ 0x000006ea, 0x000000dc, 0x000006eb, 0x000006ec,
+ 0x000000e6, 0x000006ed, 0x000006ed, 0x000000dc,
+ 0x00000711, 0x00000711, 0x00000024, 0x00000730,
+ 0x00000730, 0x000000e6, 0x00000731, 0x00000731,
+ 0x000000dc, 0x00000732, 0x00000733, 0x000000e6,
+ 0x00000734, 0x00000734, 0x000000dc, 0x00000735,
+ 0x00000736, 0x000000e6, 0x00000737, 0x00000739,
+ 0x000000dc, 0x0000073a, 0x0000073a, 0x000000e6,
+ 0x0000073b, 0x0000073c, 0x000000dc, 0x0000073d,
+ 0x0000073d, 0x000000e6, 0x0000073e, 0x0000073e,
+ 0x000000dc, 0x0000073f, 0x00000741, 0x000000e6,
+ 0x00000742, 0x00000742, 0x000000dc, 0x00000743,
+ 0x00000743, 0x000000e6, 0x00000744, 0x00000744,
+ 0x000000dc, 0x00000745, 0x00000745, 0x000000e6,
+ 0x00000746, 0x00000746, 0x000000dc, 0x00000747,
+ 0x00000747, 0x000000e6, 0x00000748, 0x00000748,
+ 0x000000dc, 0x00000749, 0x0000074a, 0x000000e6,
+ 0x0000093c, 0x0000093c, 0x00000007, 0x0000094d,
+ 0x0000094d, 0x00000009, 0x00000951, 0x00000951,
+ 0x000000e6, 0x00000952, 0x00000952, 0x000000dc,
+ 0x00000953, 0x00000954, 0x000000e6, 0x000009bc,
+ 0x000009bc, 0x00000007, 0x000009cd, 0x000009cd,
+ 0x00000009, 0x00000a3c, 0x00000a3c, 0x00000007,
+ 0x00000a4d, 0x00000a4d, 0x00000009, 0x00000abc,
+ 0x00000abc, 0x00000007, 0x00000acd, 0x00000acd,
+ 0x00000009, 0x00000b3c, 0x00000b3c, 0x00000007,
+ 0x00000b4d, 0x00000b4d, 0x00000009, 0x00000bcd,
+ 0x00000bcd, 0x00000009, 0x00000c4d, 0x00000c4d,
+ 0x00000009, 0x00000c55, 0x00000c55, 0x00000054,
+ 0x00000c56, 0x00000c56, 0x0000005b, 0x00000ccd,
+ 0x00000ccd, 0x00000009, 0x00000d4d, 0x00000d4d,
+ 0x00000009, 0x00000dca, 0x00000dca, 0x00000009,
+ 0x00000e38, 0x00000e39, 0x00000067, 0x00000e3a,
+ 0x00000e3a, 0x00000009, 0x00000e48, 0x00000e4b,
+ 0x0000006b, 0x00000eb8, 0x00000eb9, 0x00000076,
+ 0x00000ec8, 0x00000ecb, 0x0000007a, 0x00000f18,
+ 0x00000f19, 0x000000dc, 0x00000f35, 0x00000f35,
+ 0x000000dc, 0x00000f37, 0x00000f37, 0x000000dc,
+ 0x00000f39, 0x00000f39, 0x000000d8, 0x00000f71,
+ 0x00000f71, 0x00000081, 0x00000f72, 0x00000f72,
+ 0x00000082, 0x00000f74, 0x00000f74, 0x00000084,
+ 0x00000f7a, 0x00000f7d, 0x00000082, 0x00000f80,
+ 0x00000f80, 0x00000082, 0x00000f82, 0x00000f83,
+ 0x000000e6, 0x00000f84, 0x00000f84, 0x00000009,
+ 0x00000f86, 0x00000f87, 0x000000e6, 0x00000fc6,
+ 0x00000fc6, 0x000000dc, 0x00001037, 0x00001037,
+ 0x00000007, 0x00001039, 0x00001039, 0x00000009,
+ 0x00001714, 0x00001714, 0x00000009, 0x00001734,
+ 0x00001734, 0x00000009, 0x000017d2, 0x000017d2,
+ 0x00000009, 0x000018a9, 0x000018a9, 0x000000e4,
+ 0x000020d0, 0x000020d1, 0x000000e6, 0x000020d2,
+ 0x000020d3, 0x00000001, 0x000020d4, 0x000020d7,
+ 0x000000e6, 0x000020d8, 0x000020da, 0x00000001,
+ 0x000020db, 0x000020dc, 0x000000e6, 0x000020e1,
+ 0x000020e1, 0x000000e6, 0x000020e5, 0x000020e6,
+ 0x00000001, 0x000020e7, 0x000020e7, 0x000000e6,
+ 0x000020e8, 0x000020e8, 0x000000dc, 0x000020e9,
+ 0x000020e9, 0x000000e6, 0x000020ea, 0x000020ea,
+ 0x00000001, 0x0000302a, 0x0000302a, 0x000000da,
+ 0x0000302b, 0x0000302b, 0x000000e4, 0x0000302c,
+ 0x0000302c, 0x000000e8, 0x0000302d, 0x0000302d,
+ 0x000000de, 0x0000302e, 0x0000302f, 0x000000e0,
+ 0x00003099, 0x0000309a, 0x00000008, 0x0000fb1e,
+ 0x0000fb1e, 0x0000001a, 0x0000fe20, 0x0000fe23,
+ 0x000000e6, 0x0001d165, 0x0001d166, 0x000000d8,
+ 0x0001d167, 0x0001d169, 0x00000001, 0x0001d16d,
+ 0x0001d16d, 0x000000e2, 0x0001d16e, 0x0001d172,
+ 0x000000d8, 0x0001d17b, 0x0001d182, 0x000000dc,
+ 0x0001d185, 0x0001d189, 0x000000e6, 0x0001d18a,
+ 0x0001d18b, 0x000000dc, 0x0001d1aa, 0x0001d1ad,
+ 0x000000e6
+};
+
+static const ac_uint4 _ucnum_size = 1066;
+
+static const ac_uint4 _ucnum_nodes[] = {
+ 0x00000030, 0x00000000, 0x00000031, 0x00000002,
+ 0x00000032, 0x00000004, 0x00000033, 0x00000006,
+ 0x00000034, 0x00000008, 0x00000035, 0x0000000a,
+ 0x00000036, 0x0000000c, 0x00000037, 0x0000000e,
+ 0x00000038, 0x00000010, 0x00000039, 0x00000012,
+ 0x000000b2, 0x00000004, 0x000000b3, 0x00000006,
+ 0x000000b9, 0x00000002, 0x000000bc, 0x00000014,
+ 0x000000bd, 0x00000016, 0x000000be, 0x00000018,
+ 0x00000660, 0x00000000, 0x00000661, 0x00000002,
+ 0x00000662, 0x00000004, 0x00000663, 0x00000006,
+ 0x00000664, 0x00000008, 0x00000665, 0x0000000a,
+ 0x00000666, 0x0000000c, 0x00000667, 0x0000000e,
+ 0x00000668, 0x00000010, 0x00000669, 0x00000012,
+ 0x000006f0, 0x00000000, 0x000006f1, 0x00000002,
+ 0x000006f2, 0x00000004, 0x000006f3, 0x00000006,
+ 0x000006f4, 0x00000008, 0x000006f5, 0x0000000a,
+ 0x000006f6, 0x0000000c, 0x000006f7, 0x0000000e,
+ 0x000006f8, 0x00000010, 0x000006f9, 0x00000012,
+ 0x00000966, 0x00000000, 0x00000967, 0x00000002,
+ 0x00000968, 0x00000004, 0x00000969, 0x00000006,
+ 0x0000096a, 0x00000008, 0x0000096b, 0x0000000a,
+ 0x0000096c, 0x0000000c, 0x0000096d, 0x0000000e,
+ 0x0000096e, 0x00000010, 0x0000096f, 0x00000012,
+ 0x000009e6, 0x00000000, 0x000009e7, 0x00000002,
+ 0x000009e8, 0x00000004, 0x000009e9, 0x00000006,
+ 0x000009ea, 0x00000008, 0x000009eb, 0x0000000a,
+ 0x000009ec, 0x0000000c, 0x000009ed, 0x0000000e,
+ 0x000009ee, 0x00000010, 0x000009ef, 0x00000012,
+ 0x000009f4, 0x00000002, 0x000009f5, 0x00000004,
+ 0x000009f6, 0x00000006, 0x000009f7, 0x00000008,
+ 0x000009f9, 0x0000001a, 0x00000a66, 0x00000000,
+ 0x00000a67, 0x00000002, 0x00000a68, 0x00000004,
+ 0x00000a69, 0x00000006, 0x00000a6a, 0x00000008,
+ 0x00000a6b, 0x0000000a, 0x00000a6c, 0x0000000c,
+ 0x00000a6d, 0x0000000e, 0x00000a6e, 0x00000010,
+ 0x00000a6f, 0x00000012, 0x00000ae6, 0x00000000,
+ 0x00000ae7, 0x00000002, 0x00000ae8, 0x00000004,
+ 0x00000ae9, 0x00000006, 0x00000aea, 0x00000008,
+ 0x00000aeb, 0x0000000a, 0x00000aec, 0x0000000c,
+ 0x00000aed, 0x0000000e, 0x00000aee, 0x00000010,
+ 0x00000aef, 0x00000012, 0x00000b66, 0x00000000,
+ 0x00000b67, 0x00000002, 0x00000b68, 0x00000004,
+ 0x00000b69, 0x00000006, 0x00000b6a, 0x00000008,
+ 0x00000b6b, 0x0000000a, 0x00000b6c, 0x0000000c,
+ 0x00000b6d, 0x0000000e, 0x00000b6e, 0x00000010,
+ 0x00000b6f, 0x00000012, 0x00000be7, 0x00000002,
+ 0x00000be8, 0x00000004, 0x00000be9, 0x00000006,
+ 0x00000bea, 0x00000008, 0x00000beb, 0x0000000a,
+ 0x00000bec, 0x0000000c, 0x00000bed, 0x0000000e,
+ 0x00000bee, 0x00000010, 0x00000bef, 0x00000012,
+ 0x00000bf0, 0x0000001c, 0x00000bf1, 0x0000001e,
+ 0x00000bf2, 0x00000020, 0x00000c66, 0x00000000,
+ 0x00000c67, 0x00000002, 0x00000c68, 0x00000004,
+ 0x00000c69, 0x00000006, 0x00000c6a, 0x00000008,
+ 0x00000c6b, 0x0000000a, 0x00000c6c, 0x0000000c,
+ 0x00000c6d, 0x0000000e, 0x00000c6e, 0x00000010,
+ 0x00000c6f, 0x00000012, 0x00000ce6, 0x00000000,
+ 0x00000ce7, 0x00000002, 0x00000ce8, 0x00000004,
+ 0x00000ce9, 0x00000006, 0x00000cea, 0x00000008,
+ 0x00000ceb, 0x0000000a, 0x00000cec, 0x0000000c,
+ 0x00000ced, 0x0000000e, 0x00000cee, 0x00000010,
+ 0x00000cef, 0x00000012, 0x00000d66, 0x00000000,
+ 0x00000d67, 0x00000002, 0x00000d68, 0x00000004,
+ 0x00000d69, 0x00000006, 0x00000d6a, 0x00000008,
+ 0x00000d6b, 0x0000000a, 0x00000d6c, 0x0000000c,
+ 0x00000d6d, 0x0000000e, 0x00000d6e, 0x00000010,
+ 0x00000d6f, 0x00000012, 0x00000e50, 0x00000000,
+ 0x00000e51, 0x00000002, 0x00000e52, 0x00000004,
+ 0x00000e53, 0x00000006, 0x00000e54, 0x00000008,
+ 0x00000e55, 0x0000000a, 0x00000e56, 0x0000000c,
+ 0x00000e57, 0x0000000e, 0x00000e58, 0x00000010,
+ 0x00000e59, 0x00000012, 0x00000ed0, 0x00000000,
+ 0x00000ed1, 0x00000002, 0x00000ed2, 0x00000004,
+ 0x00000ed3, 0x00000006, 0x00000ed4, 0x00000008,
+ 0x00000ed5, 0x0000000a, 0x00000ed6, 0x0000000c,
+ 0x00000ed7, 0x0000000e, 0x00000ed8, 0x00000010,
+ 0x00000ed9, 0x00000012, 0x00000f20, 0x00000000,
+ 0x00000f21, 0x00000002, 0x00000f22, 0x00000004,
+ 0x00000f23, 0x00000006, 0x00000f24, 0x00000008,
+ 0x00000f25, 0x0000000a, 0x00000f26, 0x0000000c,
+ 0x00000f27, 0x0000000e, 0x00000f28, 0x00000010,
+ 0x00000f29, 0x00000012, 0x00000f2a, 0x00000016,
+ 0x00000f2b, 0x00000022, 0x00000f2c, 0x00000024,
+ 0x00000f2d, 0x00000026, 0x00000f2e, 0x00000028,
+ 0x00000f2f, 0x0000002a, 0x00000f30, 0x0000002c,
+ 0x00000f31, 0x0000002e, 0x00000f32, 0x00000030,
+ 0x00000f33, 0x00000032, 0x00001040, 0x00000000,
+ 0x00001041, 0x00000002, 0x00001042, 0x00000004,
+ 0x00001043, 0x00000006, 0x00001044, 0x00000008,
+ 0x00001045, 0x0000000a, 0x00001046, 0x0000000c,
+ 0x00001047, 0x0000000e, 0x00001048, 0x00000010,
+ 0x00001049, 0x00000012, 0x00001369, 0x00000002,
+ 0x0000136a, 0x00000004, 0x0000136b, 0x00000006,
+ 0x0000136c, 0x00000008, 0x0000136d, 0x0000000a,
+ 0x0000136e, 0x0000000c, 0x0000136f, 0x0000000e,
+ 0x00001370, 0x00000010, 0x00001371, 0x00000012,
+ 0x00001372, 0x0000001c, 0x00001373, 0x00000034,
+ 0x00001374, 0x00000036, 0x00001375, 0x00000038,
+ 0x00001376, 0x0000003a, 0x00001377, 0x0000003c,
+ 0x00001378, 0x0000003e, 0x00001379, 0x00000040,
+ 0x0000137a, 0x00000042, 0x0000137b, 0x0000001e,
+ 0x0000137c, 0x00000044, 0x000016ee, 0x00000046,
+ 0x000016ef, 0x00000048, 0x000016f0, 0x0000004a,
+ 0x000017e0, 0x00000000, 0x000017e1, 0x00000002,
+ 0x000017e2, 0x00000004, 0x000017e3, 0x00000006,
+ 0x000017e4, 0x00000008, 0x000017e5, 0x0000000a,
+ 0x000017e6, 0x0000000c, 0x000017e7, 0x0000000e,
+ 0x000017e8, 0x00000010, 0x000017e9, 0x00000012,
+ 0x00001810, 0x00000000, 0x00001811, 0x00000002,
+ 0x00001812, 0x00000004, 0x00001813, 0x00000006,
+ 0x00001814, 0x00000008, 0x00001815, 0x0000000a,
+ 0x00001816, 0x0000000c, 0x00001817, 0x0000000e,
+ 0x00001818, 0x00000010, 0x00001819, 0x00000012,
+ 0x00002070, 0x00000000, 0x00002074, 0x00000008,
+ 0x00002075, 0x0000000a, 0x00002076, 0x0000000c,
+ 0x00002077, 0x0000000e, 0x00002078, 0x00000010,
+ 0x00002079, 0x00000012, 0x00002080, 0x00000000,
+ 0x00002081, 0x00000002, 0x00002082, 0x00000004,
+ 0x00002083, 0x00000006, 0x00002084, 0x00000008,
+ 0x00002085, 0x0000000a, 0x00002086, 0x0000000c,
+ 0x00002087, 0x0000000e, 0x00002088, 0x00000010,
+ 0x00002089, 0x00000012, 0x00002153, 0x0000004c,
+ 0x00002154, 0x0000004e, 0x00002155, 0x00000050,
+ 0x00002156, 0x00000052, 0x00002157, 0x00000054,
+ 0x00002158, 0x00000056, 0x00002159, 0x00000058,
+ 0x0000215a, 0x0000005a, 0x0000215b, 0x0000005c,
+ 0x0000215c, 0x0000005e, 0x0000215d, 0x00000060,
+ 0x0000215e, 0x00000062, 0x0000215f, 0x00000002,
+ 0x00002160, 0x00000002, 0x00002161, 0x00000004,
+ 0x00002162, 0x00000006, 0x00002163, 0x00000008,
+ 0x00002164, 0x0000000a, 0x00002165, 0x0000000c,
+ 0x00002166, 0x0000000e, 0x00002167, 0x00000010,
+ 0x00002168, 0x00000012, 0x00002169, 0x0000001c,
+ 0x0000216a, 0x00000064, 0x0000216b, 0x00000066,
+ 0x0000216c, 0x0000003a, 0x0000216d, 0x0000001e,
+ 0x0000216e, 0x00000068, 0x0000216f, 0x00000020,
+ 0x00002170, 0x00000002, 0x00002171, 0x00000004,
+ 0x00002172, 0x00000006, 0x00002173, 0x00000008,
+ 0x00002174, 0x0000000a, 0x00002175, 0x0000000c,
+ 0x00002176, 0x0000000e, 0x00002177, 0x00000010,
+ 0x00002178, 0x00000012, 0x00002179, 0x0000001c,
+ 0x0000217a, 0x00000064, 0x0000217b, 0x00000066,
+ 0x0000217c, 0x0000003a, 0x0000217d, 0x0000001e,
+ 0x0000217e, 0x00000068, 0x0000217f, 0x00000020,
+ 0x00002180, 0x00000020, 0x00002181, 0x0000006a,
+ 0x00002182, 0x00000044, 0x00002460, 0x00000002,
+ 0x00002461, 0x00000004, 0x00002462, 0x00000006,
+ 0x00002463, 0x00000008, 0x00002464, 0x0000000a,
+ 0x00002465, 0x0000000c, 0x00002466, 0x0000000e,
+ 0x00002467, 0x00000010, 0x00002468, 0x00000012,
+ 0x00002469, 0x0000001c, 0x0000246a, 0x00000064,
+ 0x0000246b, 0x00000066, 0x0000246c, 0x0000006c,
+ 0x0000246d, 0x0000006e, 0x0000246e, 0x00000070,
+ 0x0000246f, 0x0000001a, 0x00002470, 0x00000046,
+ 0x00002471, 0x00000048, 0x00002472, 0x0000004a,
+ 0x00002473, 0x00000034, 0x00002474, 0x00000002,
+ 0x00002475, 0x00000004, 0x00002476, 0x00000006,
+ 0x00002477, 0x00000008, 0x00002478, 0x0000000a,
+ 0x00002479, 0x0000000c, 0x0000247a, 0x0000000e,
+ 0x0000247b, 0x00000010, 0x0000247c, 0x00000012,
+ 0x0000247d, 0x0000001c, 0x0000247e, 0x00000064,
+ 0x0000247f, 0x00000066, 0x00002480, 0x0000006c,
+ 0x00002481, 0x0000006e, 0x00002482, 0x00000070,
+ 0x00002483, 0x0000001a, 0x00002484, 0x00000046,
+ 0x00002485, 0x00000048, 0x00002486, 0x0000004a,
+ 0x00002487, 0x00000034, 0x00002488, 0x00000002,
+ 0x00002489, 0x00000004, 0x0000248a, 0x00000006,
+ 0x0000248b, 0x00000008, 0x0000248c, 0x0000000a,
+ 0x0000248d, 0x0000000c, 0x0000248e, 0x0000000e,
+ 0x0000248f, 0x00000010, 0x00002490, 0x00000012,
+ 0x00002491, 0x0000001c, 0x00002492, 0x00000064,
+ 0x00002493, 0x00000066, 0x00002494, 0x0000006c,
+ 0x00002495, 0x0000006e, 0x00002496, 0x00000070,
+ 0x00002497, 0x0000001a, 0x00002498, 0x00000046,
+ 0x00002499, 0x00000048, 0x0000249a, 0x0000004a,
+ 0x0000249b, 0x00000034, 0x000024ea, 0x00000000,
+ 0x000024eb, 0x00000064, 0x000024ec, 0x00000066,
+ 0x000024ed, 0x0000006c, 0x000024ee, 0x0000006e,
+ 0x000024ef, 0x00000070, 0x000024f0, 0x0000001a,
+ 0x000024f1, 0x00000046, 0x000024f2, 0x00000048,
+ 0x000024f3, 0x0000004a, 0x000024f4, 0x00000034,
+ 0x000024f5, 0x00000002, 0x000024f6, 0x00000004,
+ 0x000024f7, 0x00000006, 0x000024f8, 0x00000008,
+ 0x000024f9, 0x0000000a, 0x000024fa, 0x0000000c,
+ 0x000024fb, 0x0000000e, 0x000024fc, 0x00000010,
+ 0x000024fd, 0x00000012, 0x000024fe, 0x0000001c,
+ 0x00002776, 0x00000002, 0x00002777, 0x00000004,
+ 0x00002778, 0x00000006, 0x00002779, 0x00000008,
+ 0x0000277a, 0x0000000a, 0x0000277b, 0x0000000c,
+ 0x0000277c, 0x0000000e, 0x0000277d, 0x00000010,
+ 0x0000277e, 0x00000012, 0x0000277f, 0x0000001c,
+ 0x00002780, 0x00000002, 0x00002781, 0x00000004,
+ 0x00002782, 0x00000006, 0x00002783, 0x00000008,
+ 0x00002784, 0x0000000a, 0x00002785, 0x0000000c,
+ 0x00002786, 0x0000000e, 0x00002787, 0x00000010,
+ 0x00002788, 0x00000012, 0x00002789, 0x0000001c,
+ 0x0000278a, 0x00000002, 0x0000278b, 0x00000004,
+ 0x0000278c, 0x00000006, 0x0000278d, 0x00000008,
+ 0x0000278e, 0x0000000a, 0x0000278f, 0x0000000c,
+ 0x00002790, 0x0000000e, 0x00002791, 0x00000010,
+ 0x00002792, 0x00000012, 0x00002793, 0x0000001c,
+ 0x00003007, 0x00000000, 0x00003021, 0x00000002,
+ 0x00003022, 0x00000004, 0x00003023, 0x00000006,
+ 0x00003024, 0x00000008, 0x00003025, 0x0000000a,
+ 0x00003026, 0x0000000c, 0x00003027, 0x0000000e,
+ 0x00003028, 0x00000010, 0x00003029, 0x00000012,
+ 0x00003038, 0x0000001c, 0x00003039, 0x00000034,
+ 0x0000303a, 0x00000036, 0x00003192, 0x00000002,
+ 0x00003193, 0x00000004, 0x00003194, 0x00000006,
+ 0x00003195, 0x00000008, 0x00003220, 0x00000002,
+ 0x00003221, 0x00000004, 0x00003222, 0x00000006,
+ 0x00003223, 0x00000008, 0x00003224, 0x0000000a,
+ 0x00003225, 0x0000000c, 0x00003226, 0x0000000e,
+ 0x00003227, 0x00000010, 0x00003228, 0x00000012,
+ 0x00003229, 0x0000001c, 0x00003251, 0x00000072,
+ 0x00003252, 0x00000074, 0x00003253, 0x00000076,
+ 0x00003254, 0x00000078, 0x00003255, 0x0000007a,
+ 0x00003256, 0x0000007c, 0x00003257, 0x0000007e,
+ 0x00003258, 0x00000080, 0x00003259, 0x00000082,
+ 0x0000325a, 0x00000036, 0x0000325b, 0x00000084,
+ 0x0000325c, 0x00000086, 0x0000325d, 0x00000088,
+ 0x0000325e, 0x0000008a, 0x0000325f, 0x0000008c,
+ 0x00003280, 0x00000002, 0x00003281, 0x00000004,
+ 0x00003282, 0x00000006, 0x00003283, 0x00000008,
+ 0x00003284, 0x0000000a, 0x00003285, 0x0000000c,
+ 0x00003286, 0x0000000e, 0x00003287, 0x00000010,
+ 0x00003288, 0x00000012, 0x00003289, 0x0000001c,
+ 0x000032b1, 0x0000008e, 0x000032b2, 0x00000090,
+ 0x000032b3, 0x00000092, 0x000032b4, 0x00000094,
+ 0x000032b5, 0x00000038, 0x000032b6, 0x00000096,
+ 0x000032b7, 0x00000098, 0x000032b8, 0x0000009a,
+ 0x000032b9, 0x0000009c, 0x000032ba, 0x0000009e,
+ 0x000032bb, 0x000000a0, 0x000032bc, 0x000000a2,
+ 0x000032bd, 0x000000a4, 0x000032be, 0x000000a6,
+ 0x000032bf, 0x0000003a, 0x0000ff10, 0x00000000,
+ 0x0000ff11, 0x00000002, 0x0000ff12, 0x00000004,
+ 0x0000ff13, 0x00000006, 0x0000ff14, 0x00000008,
+ 0x0000ff15, 0x0000000a, 0x0000ff16, 0x0000000c,
+ 0x0000ff17, 0x0000000e, 0x0000ff18, 0x00000010,
+ 0x0000ff19, 0x00000012, 0x00010320, 0x00000002,
+ 0x00010321, 0x0000000a, 0x00010322, 0x0000001c,
+ 0x00010323, 0x0000003a, 0x0001d7ce, 0x00000000,
+ 0x0001d7cf, 0x00000002, 0x0001d7d0, 0x00000004,
+ 0x0001d7d1, 0x00000006, 0x0001d7d2, 0x00000008,
+ 0x0001d7d3, 0x0000000a, 0x0001d7d4, 0x0000000c,
+ 0x0001d7d5, 0x0000000e, 0x0001d7d6, 0x00000010,
+ 0x0001d7d7, 0x00000012, 0x0001d7d8, 0x00000000,
+ 0x0001d7d9, 0x00000002, 0x0001d7da, 0x00000004,
+ 0x0001d7db, 0x00000006, 0x0001d7dc, 0x00000008,
+ 0x0001d7dd, 0x0000000a, 0x0001d7de, 0x0000000c,
+ 0x0001d7df, 0x0000000e, 0x0001d7e0, 0x00000010,
+ 0x0001d7e1, 0x00000012, 0x0001d7e2, 0x00000000,
+ 0x0001d7e3, 0x00000002, 0x0001d7e4, 0x00000004,
+ 0x0001d7e5, 0x00000006, 0x0001d7e6, 0x00000008,
+ 0x0001d7e7, 0x0000000a, 0x0001d7e8, 0x0000000c,
+ 0x0001d7e9, 0x0000000e, 0x0001d7ea, 0x00000010,
+ 0x0001d7eb, 0x00000012, 0x0001d7ec, 0x00000000,
+ 0x0001d7ed, 0x00000002, 0x0001d7ee, 0x00000004,
+ 0x0001d7ef, 0x00000006, 0x0001d7f0, 0x00000008,
+ 0x0001d7f1, 0x0000000a, 0x0001d7f2, 0x0000000c,
+ 0x0001d7f3, 0x0000000e, 0x0001d7f4, 0x00000010,
+ 0x0001d7f5, 0x00000012, 0x0001d7f6, 0x00000000,
+ 0x0001d7f7, 0x00000002, 0x0001d7f8, 0x00000004,
+ 0x0001d7f9, 0x00000006, 0x0001d7fa, 0x00000008,
+ 0x0001d7fb, 0x0000000a, 0x0001d7fc, 0x0000000c,
+ 0x0001d7fd, 0x0000000e, 0x0001d7fe, 0x00000010,
+ 0x0001d7ff, 0x00000012
+};
+
+static const short _ucnum_vals[] = {
+ 0x0000, 0x0001, 0x0001, 0x0001, 0x0002, 0x0001, 0x0003, 0x0001,
+ 0x0004, 0x0001, 0x0005, 0x0001, 0x0006, 0x0001, 0x0007, 0x0001,
+ 0x0008, 0x0001, 0x0009, 0x0001, 0x0001, 0x0004, 0x0001, 0x0002,
+ 0x0003, 0x0004, 0x0010, 0x0001, 0x000a, 0x0001, 0x0064, 0x0001,
+ 0x03e8, 0x0001, 0x0003, 0x0002, 0x0005, 0x0002, 0x0007, 0x0002,
+ 0x0009, 0x0002, 0x000b, 0x0002, 0x000d, 0x0002, 0x000f, 0x0002,
+ 0x0011, 0x0002, -1, 0x0002, 0x0014, 0x0001, 0x001e, 0x0001,
+ 0x0028, 0x0001, 0x0032, 0x0001, 0x003c, 0x0001, 0x0046, 0x0001,
+ 0x0050, 0x0001, 0x005a, 0x0001, 0x2710, 0x0001, 0x0011, 0x0001,
+ 0x0012, 0x0001, 0x0013, 0x0001, 0x0001, 0x0003, 0x0002, 0x0003,
+ 0x0001, 0x0005, 0x0002, 0x0005, 0x0003, 0x0005, 0x0004, 0x0005,
+ 0x0001, 0x0006, 0x0005, 0x0006, 0x0001, 0x0008, 0x0003, 0x0008,
+ 0x0005, 0x0008, 0x0007, 0x0008, 0x000b, 0x0001, 0x000c, 0x0001,
+ 0x01f4, 0x0001, 0x1388, 0x0001, 0x000d, 0x0001, 0x000e, 0x0001,
+ 0x000f, 0x0001, 0x0015, 0x0001, 0x0016, 0x0001, 0x0017, 0x0001,
+ 0x0018, 0x0001, 0x0019, 0x0001, 0x001a, 0x0001, 0x001b, 0x0001,
+ 0x001c, 0x0001, 0x001d, 0x0001, 0x001f, 0x0001, 0x0020, 0x0001,
+ 0x0021, 0x0001, 0x0022, 0x0001, 0x0023, 0x0001, 0x0024, 0x0001,
+ 0x0025, 0x0001, 0x0026, 0x0001, 0x0027, 0x0001, 0x0029, 0x0001,
+ 0x002a, 0x0001, 0x002b, 0x0001, 0x002c, 0x0001, 0x002d, 0x0001,
+ 0x002e, 0x0001, 0x002f, 0x0001, 0x0030, 0x0001, 0x0031, 0x0001
+};
+
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucstr.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucstr.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ucstr.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,445 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucstr.c,v 1.34.2.4 2007/01/02 21:43:51 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <ac/bytes.h>
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/stdlib.h>
+
+#include <lber_pvt.h>
+
+#include <ldap_utf8.h>
+#include <ldap_pvt_uc.h>
+
+#define malloc(x) ber_memalloc_x(x,ctx)
+#define realloc(x,y) ber_memrealloc_x(x,y,ctx)
+#define free(x) ber_memfree_x(x,ctx)
+
+int ucstrncmp(
+ const ldap_unicode_t *u1,
+ const ldap_unicode_t *u2,
+ ber_len_t n )
+{
+ for(; 0 < n; ++u1, ++u2, --n ) {
+ if( *u1 != *u2 ) {
+ return *u1 < *u2 ? -1 : +1;
+ }
+ if ( *u1 == 0 ) {
+ return 0;
+ }
+ }
+ return 0;
+}
+
+int ucstrncasecmp(
+ const ldap_unicode_t *u1,
+ const ldap_unicode_t *u2,
+ ber_len_t n )
+{
+ for(; 0 < n; ++u1, ++u2, --n ) {
+ ldap_unicode_t uu1 = uctolower( *u1 );
+ ldap_unicode_t uu2 = uctolower( *u2 );
+
+ if( uu1 != uu2 ) {
+ return uu1 < uu2 ? -1 : +1;
+ }
+ if ( uu1 == 0 ) {
+ return 0;
+ }
+ }
+ return 0;
+}
+
+ldap_unicode_t * ucstrnchr(
+ const ldap_unicode_t *u,
+ ber_len_t n,
+ ldap_unicode_t c )
+{
+ for(; 0 < n; ++u, --n ) {
+ if( *u == c ) {
+ return (ldap_unicode_t *) u;
+ }
+ }
+
+ return NULL;
+}
+
+ldap_unicode_t * ucstrncasechr(
+ const ldap_unicode_t *u,
+ ber_len_t n,
+ ldap_unicode_t c )
+{
+ c = uctolower( c );
+ for(; 0 < n; ++u, --n ) {
+ if( uctolower( *u ) == c ) {
+ return (ldap_unicode_t *) u;
+ }
+ }
+
+ return NULL;
+}
+
+void ucstr2upper(
+ ldap_unicode_t *u,
+ ber_len_t n )
+{
+ for(; 0 < n; ++u, --n ) {
+ *u = uctoupper( *u );
+ }
+}
+
+struct berval * UTF8bvnormalize(
+ struct berval *bv,
+ struct berval *newbv,
+ unsigned flags,
+ void *ctx )
+{
+ int i, j, len, clen, outpos, ucsoutlen, outsize, last;
+ char *out, *outtmp, *s;
+ ac_uint4 *ucs, *p, *ucsout;
+
+ static unsigned char mask[] = {
+ 0, 0x7f, 0x1f, 0x0f, 0x07, 0x03, 0x01 };
+
+ unsigned casefold = flags & LDAP_UTF8_CASEFOLD;
+ unsigned approx = flags & LDAP_UTF8_APPROX;
+
+ if ( bv == NULL ) {
+ return NULL;
+ }
+
+ s = bv->bv_val;
+ len = bv->bv_len;
+
+ if ( len == 0 ) {
+ return ber_dupbv_x( newbv, bv, ctx );
+ }
+
+ /* Should first check to see if string is already in proper
+ * normalized form. This is almost as time consuming as
+ * the normalization though.
+ */
+
+ /* finish off everything up to character before first non-ascii */
+ if ( LDAP_UTF8_ISASCII( s ) ) {
+ if ( casefold ) {
+ outsize = len + 7;
+ out = (char *) malloc( outsize );
+ if ( out == NULL ) {
+ return NULL;
+ }
+ outpos = 0;
+
+ for ( i = 1; (i < len) && LDAP_UTF8_ISASCII(s + i); i++ ) {
+ out[outpos++] = TOLOWER( s[i-1] );
+ }
+ if ( i == len ) {
+ out[outpos++] = TOLOWER( s[len-1] );
+ out[outpos] = '\0';
+ return ber_str2bv( out, outpos, 0, newbv);
+ }
+ } else {
+ for ( i = 1; (i < len) && LDAP_UTF8_ISASCII(s + i); i++ ) {
+ /* empty */
+ }
+
+ if ( i == len ) {
+ return ber_str2bv_x( s, len, 1, newbv, ctx );
+ }
+
+ outsize = len + 7;
+ out = (char *) malloc( outsize );
+ if ( out == NULL ) {
+ return NULL;
+ }
+ outpos = i - 1;
+ memcpy(out, s, outpos);
+ }
+ } else {
+ outsize = len + 7;
+ out = (char *) malloc( outsize );
+ if ( out == NULL ) {
+ return NULL;
+ }
+ outpos = 0;
+ i = 0;
+ }
+
+ p = ucs = malloc( len * sizeof(*ucs) );
+ if ( ucs == NULL ) {
+ free(out);
+ return NULL;
+ }
+
+ /* convert character before first non-ascii to ucs-4 */
+ if ( i > 0 ) {
+ *p = casefold ? TOLOWER( s[i-1] ) : s[i-1];
+ p++;
+ }
+
+ /* s[i] is now first non-ascii character */
+ for (;;) {
+ /* s[i] is non-ascii */
+ /* convert everything up to next ascii to ucs-4 */
+ while ( i < len ) {
+ clen = LDAP_UTF8_CHARLEN2( s + i, clen );
+ if ( clen == 0 ) {
+ free( ucs );
+ free( out );
+ return NULL;
+ }
+ if ( clen == 1 ) {
+ /* ascii */
+ break;
+ }
+ *p = s[i] & mask[clen];
+ i++;
+ for( j = 1; j < clen; j++ ) {
+ if ( (s[i] & 0xc0) != 0x80 ) {
+ free( ucs );
+ free( out );
+ return NULL;
+ }
+ *p <<= 6;
+ *p |= s[i] & 0x3f;
+ i++;
+ }
+ if ( casefold ) {
+ *p = uctolower( *p );
+ }
+ p++;
+ }
+ /* normalize ucs of length p - ucs */
+ uccompatdecomp( ucs, p - ucs, &ucsout, &ucsoutlen, ctx );
+ if ( approx ) {
+ for ( j = 0; j < ucsoutlen; j++ ) {
+ if ( ucsout[j] < 0x80 ) {
+ out[outpos++] = ucsout[j];
+ }
+ }
+ } else {
+ ucsoutlen = uccanoncomp( ucsout, ucsoutlen );
+ /* convert ucs to utf-8 and store in out */
+ for ( j = 0; j < ucsoutlen; j++ ) {
+ /* allocate more space if not enough room for
+ 6 bytes and terminator */
+ if ( outsize - outpos < 7 ) {
+ outsize = ucsoutlen - j + outpos + 6;
+ outtmp = (char *) realloc( out, outsize );
+ if ( outtmp == NULL ) {
+ free( out );
+ free( ucs );
+ free( ucsout );
+ return NULL;
+ }
+ out = outtmp;
+ }
+ outpos += ldap_x_ucs4_to_utf8( ucsout[j], &out[outpos] );
+ }
+ }
+
+ free( ucsout );
+ ucsout = NULL;
+
+ if ( i == len ) {
+ break;
+ }
+
+ last = i;
+
+ /* Allocate more space in out if necessary */
+ if (len - i >= outsize - outpos) {
+ outsize += 1 + ((len - i) - (outsize - outpos));
+ outtmp = (char *) realloc(out, outsize);
+ if (outtmp == NULL) {
+ free(out);
+ free(ucs);
+ return NULL;
+ }
+ out = outtmp;
+ }
+
+ /* s[i] is ascii */
+ /* finish off everything up to char before next non-ascii */
+ for ( i++; (i < len) && LDAP_UTF8_ISASCII(s + i); i++ ) {
+ out[outpos++] = casefold ? TOLOWER( s[i-1] ) : s[i-1];
+ }
+ if ( i == len ) {
+ out[outpos++] = casefold ? TOLOWER( s[len-1] ) : s[len-1];
+ break;
+ }
+
+ /* convert character before next non-ascii to ucs-4 */
+ *ucs = casefold ? TOLOWER( s[i-1] ) : s[i-1];
+ p = ucs + 1;
+ }
+
+ free( ucs );
+ out[outpos] = '\0';
+ return ber_str2bv( out, outpos, 0, newbv );
+}
+
+/* compare UTF8-strings, optionally ignore casing */
+/* slow, should be optimized */
+int UTF8bvnormcmp(
+ struct berval *bv1,
+ struct berval *bv2,
+ unsigned flags,
+ void *ctx )
+{
+ int i, l1, l2, len, ulen, res = 0;
+ char *s1, *s2, *done;
+ ac_uint4 *ucs, *ucsout1, *ucsout2;
+
+ unsigned casefold = flags & LDAP_UTF8_CASEFOLD;
+ unsigned norm1 = flags & LDAP_UTF8_ARG1NFC;
+ unsigned norm2 = flags & LDAP_UTF8_ARG2NFC;
+
+ if (bv1 == NULL) {
+ return bv2 == NULL ? 0 : -1;
+
+ } else if (bv2 == NULL) {
+ return 1;
+ }
+
+ l1 = bv1->bv_len;
+ l2 = bv2->bv_len;
+
+ len = (l1 < l2) ? l1 : l2;
+ if (len == 0) {
+ return l1 == 0 ? (l2 == 0 ? 0 : -1) : 1;
+ }
+
+ s1 = bv1->bv_val;
+ s2 = bv2->bv_val;
+ done = s1 + len;
+
+ while ( (s1 < done) && LDAP_UTF8_ISASCII(s1) && LDAP_UTF8_ISASCII(s2) ) {
+ if (casefold) {
+ char c1 = TOLOWER(*s1);
+ char c2 = TOLOWER(*s2);
+ res = c1 - c2;
+ } else {
+ res = *s1 - *s2;
+ }
+ s1++;
+ s2++;
+ if (res) {
+ /* done unless next character in s1 or s2 is non-ascii */
+ if (s1 < done) {
+ if (!LDAP_UTF8_ISASCII(s1) || !LDAP_UTF8_ISASCII(s2)) {
+ break;
+ }
+ } else if (((len < l1) && !LDAP_UTF8_ISASCII(s1)) ||
+ ((len < l2) && !LDAP_UTF8_ISASCII(s2)))
+ {
+ break;
+ }
+ return res;
+ }
+ }
+
+ /* We have encountered non-ascii or strings equal up to len */
+
+ /* set i to number of iterations */
+ i = s1 - done + len;
+ /* passed through loop at least once? */
+ if (i > 0) {
+ if (!res && (s1 == done) &&
+ ((len == l1) || LDAP_UTF8_ISASCII(s1)) &&
+ ((len == l2) || LDAP_UTF8_ISASCII(s2))) {
+ /* all ascii and equal up to len */
+ return l1 - l2;
+ }
+
+ /* rewind one char, and do normalized compare from there */
+ s1--;
+ s2--;
+ l1 -= i - 1;
+ l2 -= i - 1;
+ }
+
+ /* Should first check to see if strings are already in
+ * proper normalized form.
+ */
+ ucs = malloc( ( ( norm1 || l1 > l2 ) ? l1 : l2 ) * sizeof(*ucs) );
+ if ( ucs == NULL ) {
+ return l1 > l2 ? 1 : -1; /* what to do??? */
+ }
+
+ /*
+ * XXYYZ: we convert to ucs4 even though -llunicode
+ * expects ucs2 in an ac_uint4
+ */
+
+ /* convert and normalize 1st string */
+ for ( i = 0, ulen = 0; i < l1; i += len, ulen++ ) {
+ ucs[ulen] = ldap_x_utf8_to_ucs4( s1 + i );
+ if ( ucs[ulen] == LDAP_UCS4_INVALID ) {
+ free( ucs );
+ return -1; /* what to do??? */
+ }
+ len = LDAP_UTF8_CHARLEN( s1 + i );
+ }
+
+ if ( norm1 ) {
+ ucsout1 = ucs;
+ l1 = ulen;
+ ucs = malloc( l2 * sizeof(*ucs) );
+ if ( ucs == NULL ) {
+ free( ucsout1 );
+ return l1 > l2 ? 1 : -1; /* what to do??? */
+ }
+ } else {
+ uccompatdecomp( ucs, ulen, &ucsout1, &l1, ctx );
+ l1 = uccanoncomp( ucsout1, l1 );
+ }
+
+ /* convert and normalize 2nd string */
+ for ( i = 0, ulen = 0; i < l2; i += len, ulen++ ) {
+ ucs[ulen] = ldap_x_utf8_to_ucs4( s2 + i );
+ if ( ucs[ulen] == LDAP_UCS4_INVALID ) {
+ free( ucsout1 );
+ free( ucs );
+ return 1; /* what to do??? */
+ }
+ len = LDAP_UTF8_CHARLEN( s2 + i );
+ }
+
+ if ( norm2 ) {
+ ucsout2 = ucs;
+ l2 = ulen;
+ } else {
+ uccompatdecomp( ucs, ulen, &ucsout2, &l2, ctx );
+ l2 = uccanoncomp( ucsout2, l2 );
+ free( ucs );
+ }
+
+ res = casefold
+ ? ucstrncasecmp( ucsout1, ucsout2, l1 < l2 ? l1 : l2 )
+ : ucstrncmp( ucsout1, ucsout2, l1 < l2 ? l1 : l2 );
+ free( ucsout1 );
+ free( ucsout2 );
+
+ if ( res != 0 ) {
+ return res;
+ }
+ if ( l1 == l2 ) {
+ return 0;
+ }
+ return l1 > l2 ? 1 : -1;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/README
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,212 @@
+#
+# $Id: README,v 1.3 1999/09/21 15:47:43 mleisher Exp $
+#
+# Copyright 1997, 1998, 1999 Computing Research Labs,
+# New Mexico State University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+# OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+
+ Unicode and Regular Expressions
+ Version 0.5
+
+This is a simple regular expression package for matching against Unicode text
+in UCS2 form. The implementation of this URE package is a variation on the
+RE->DFA algorithm done by Mark Hopkins (markh at csd4.csd.uwm.edu). Mark
+Hopkins' algorithm had the virtue of being very simple, so it was used as a
+model.
+
+---------------------------------------------------------------------------
+
+Assumptions:
+
+ o Regular expression and text already normalized.
+
+ o Conversion to lower case assumes a 1-1 mapping.
+
+Definitions:
+
+ Separator - any one of U+2028, U+2029, '\n', '\r'.
+
+Operators:
+ . - match any character.
+ * - match zero or more of the last subexpression.
+ + - match one or more of the last subexpression.
+ ? - match zero or one of the last subexpression.
+ () - subexpression grouping.
+
+ Notes:
+
+ o The "." operator normally does not match separators, but a flag is
+ available for the ure_exec() function that will allow this operator to
+ match a separator.
+
+Literals and Constants:
+
+ c - literal UCS2 character.
+ \x.... - hexadecimal number of up to 4 digits.
+ \X.... - hexadecimal number of up to 4 digits.
+ \u.... - hexadecimal number of up to 4 digits.
+ \U.... - hexadecimal number of up to 4 digits.
+
+Character classes:
+
+ [...] - Character class.
+ [^...] - Negated character class.
+ \pN1,N2,...,Nn - Character properties class.
+ \PN1,N2,...,Nn - Negated character properties class.
+
+ POSIX character classes recognized:
+
+ :alnum:
+ :alpha:
+ :cntrl:
+ :digit:
+ :graph:
+ :lower:
+ :print:
+ :punct:
+ :space:
+ :upper:
+ :xdigit:
+
+ Notes:
+
+ o Character property classes are \p or \P followed by a comma separated
+ list of integers between 1 and 32. These integers are references to
+ the following character properties:
+
+ N Character Property
+ --------------------------
+ 1 _URE_NONSPACING
+ 2 _URE_COMBINING
+ 3 _URE_NUMDIGIT
+ 4 _URE_NUMOTHER
+ 5 _URE_SPACESEP
+ 6 _URE_LINESEP
+ 7 _URE_PARASEP
+ 8 _URE_CNTRL
+ 9 _URE_PUA
+ 10 _URE_UPPER
+ 11 _URE_LOWER
+ 12 _URE_TITLE
+ 13 _URE_MODIFIER
+ 14 _URE_OTHERLETTER
+ 15 _URE_DASHPUNCT
+ 16 _URE_OPENPUNCT
+ 17 _URE_CLOSEPUNCT
+ 18 _URE_OTHERPUNCT
+ 19 _URE_MATHSYM
+ 20 _URE_CURRENCYSYM
+ 21 _URE_OTHERSYM
+ 22 _URE_LTR
+ 23 _URE_RTL
+ 24 _URE_EURONUM
+ 25 _URE_EURONUMSEP
+ 26 _URE_EURONUMTERM
+ 27 _URE_ARABNUM
+ 28 _URE_COMMONSEP
+ 29 _URE_BLOCKSEP
+ 30 _URE_SEGMENTSEP
+ 31 _URE_WHITESPACE
+ 32 _URE_OTHERNEUT
+
+ o Character classes can contain literals, constants, and character
+ property classes. Example:
+
+ [abc\U10A\p1,3,4]
+
+---------------------------------------------------------------------------
+
+Before using URE
+----------------
+Before URE is used, two functions need to be created. One to check if a
+character matches a set of URE character properties, and one to convert a
+character to lower case.
+
+Stubs for these function are located in the urestubs.c file.
+
+Using URE
+---------
+
+Sample pseudo-code fragment.
+
+ ure_buffer_t rebuf;
+ ure_dfa_t dfa;
+ ucs2_t *re, *text;
+ unsigned long relen, textlen;
+ unsigned long match_start, match_end;
+
+ /*
+ * Allocate the dynamic storage needed to compile regular expressions.
+ */
+ rebuf = ure_buffer_create();
+
+ for each regular expression in a list {
+ re = next regular expression;
+ relen = length(re);
+
+ /*
+ * Compile the regular expression with the case insensitive flag
+ * turned on.
+ */
+ dfa = ure_compile(re, relen, 1, rebuf);
+
+ /*
+ * Look for the first match in some text. The matching will be done
+ * in a case insensitive manner because the expression was compiled
+ * with the case insensitive flag on.
+ */
+ if (ure_exec(dfa, 0, text, textlen, &match_start, &match_end))
+ printf("MATCH: %ld %ld\n", match_start, match_end);
+
+ /*
+ * Look for the first match in some text, ignoring non-spacing
+ * characters.
+ */
+ if (ure_exec(dfa, URE_IGNORE_NONSPACING, text, textlen,
+ &match_start, &match_end))
+ printf("MATCH: %ld %ld\n", match_start, match_end);
+
+ /*
+ * Free the DFA.
+ */
+ ure_free_dfa(dfa);
+ }
+
+ /*
+ * Free the dynamic storage used for compiling the expressions.
+ */
+ ure_free_buffer(rebuf);
+
+---------------------------------------------------------------------------
+
+Mark Leisher <mleisher at crl.nmsu.edu>
+29 March 1997
+
+===========================================================================
+
+CHANGES
+-------
+
+Version: 0.5
+Date : 21 September 1999
+==========================
+ 1. Added copyright stuff and put in CVS.
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/ure.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/ure.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/ure.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2131 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/ure.c,v 1.15.2.3 2007/01/02 21:43:51 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Copyright 1997, 1998, 1999 Computing Research Labs,
+ * New Mexico State University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+/* $Id: ure.c,v 1.2 1999/09/21 15:47:43 mleisher Exp $" */
+
+#include "portable.h"
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include "ure.h"
+
+/*
+ * Flags used internally in the DFA.
+ */
+#define _URE_DFA_CASEFOLD 0x01
+#define _URE_DFA_BLANKLINE 0x02
+
+static unsigned long cclass_flags[] = {
+ 0,
+ _URE_NONSPACING,
+ _URE_COMBINING,
+ _URE_NUMDIGIT,
+ _URE_NUMOTHER,
+ _URE_SPACESEP,
+ _URE_LINESEP,
+ _URE_PARASEP,
+ _URE_CNTRL,
+ _URE_PUA,
+ _URE_UPPER,
+ _URE_LOWER,
+ _URE_TITLE,
+ _URE_MODIFIER,
+ _URE_OTHERLETTER,
+ _URE_DASHPUNCT,
+ _URE_OPENPUNCT,
+ _URE_CLOSEPUNCT,
+ _URE_OTHERPUNCT,
+ _URE_MATHSYM,
+ _URE_CURRENCYSYM,
+ _URE_OTHERSYM,
+ _URE_LTR,
+ _URE_RTL,
+ _URE_EURONUM,
+ _URE_EURONUMSEP,
+ _URE_EURONUMTERM,
+ _URE_ARABNUM,
+ _URE_COMMONSEP,
+ _URE_BLOCKSEP,
+ _URE_SEGMENTSEP,
+ _URE_WHITESPACE,
+ _URE_OTHERNEUT,
+};
+
+/*
+ * Symbol types for the DFA.
+ */
+#define _URE_ANY_CHAR 1
+#define _URE_CHAR 2
+#define _URE_CCLASS 3
+#define _URE_NCCLASS 4
+#define _URE_BOL_ANCHOR 5
+#define _URE_EOL_ANCHOR 6
+
+/*
+ * Op codes for converting the NFA to a DFA.
+ */
+#define _URE_SYMBOL 10
+#define _URE_PAREN 11
+#define _URE_QUEST 12
+#define _URE_STAR 13
+#define _URE_PLUS 14
+#define _URE_ONE 15
+#define _URE_AND 16
+#define _URE_OR 17
+
+#define _URE_NOOP 0xffff
+
+#define _URE_REGSTART 0x8000
+#define _URE_REGEND 0x4000
+
+/*
+ * Structure used to handle a compacted range of characters.
+ */
+typedef struct {
+ ucs4_t min_code;
+ ucs4_t max_code;
+} _ure_range_t;
+
+typedef struct {
+ _ure_range_t *ranges;
+ ucs2_t ranges_used;
+ ucs2_t ranges_size;
+} _ure_ccl_t;
+
+typedef union {
+ ucs4_t chr;
+ _ure_ccl_t ccl;
+} _ure_sym_t;
+
+/*
+ * This is a general element structure used for expressions and stack
+ * elements.
+ */
+typedef struct {
+ ucs2_t reg;
+ ucs2_t onstack;
+ ucs2_t type;
+ ucs2_t lhs;
+ ucs2_t rhs;
+} _ure_elt_t;
+
+/*
+ * This is a structure used to track a list or a stack of states.
+ */
+typedef struct {
+ ucs2_t *slist;
+ ucs2_t slist_size;
+ ucs2_t slist_used;
+} _ure_stlist_t;
+
+/*
+ * Structure to track the list of unique states for a symbol
+ * during reduction.
+ */
+typedef struct {
+ ucs2_t id;
+ ucs2_t type;
+ unsigned long mods;
+ unsigned long props;
+ _ure_sym_t sym;
+ _ure_stlist_t states;
+} _ure_symtab_t;
+
+/*
+ * Structure to hold a single state.
+ */
+typedef struct {
+ ucs2_t id;
+ ucs2_t accepting;
+ ucs2_t pad;
+ _ure_stlist_t st;
+ _ure_elt_t *trans;
+ ucs2_t trans_size;
+ ucs2_t trans_used;
+} _ure_state_t;
+
+/*
+ * Structure used for keeping lists of states.
+ */
+typedef struct {
+ _ure_state_t *states;
+ ucs2_t states_size;
+ ucs2_t states_used;
+} _ure_statetable_t;
+
+/*
+ * Structure to track pairs of DFA states when equivalent states are
+ * merged.
+ */
+typedef struct {
+ ucs2_t l;
+ ucs2_t r;
+} _ure_equiv_t;
+
+/*
+ * Structure used for constructing the NFA and reducing to a minimal DFA.
+ */
+typedef struct _ure_buffer_t {
+ int reducing;
+ int error;
+ unsigned long flags;
+
+ _ure_stlist_t stack;
+
+ /*
+ * Table of unique symbols encountered.
+ */
+ _ure_symtab_t *symtab;
+ ucs2_t symtab_size;
+ ucs2_t symtab_used;
+
+ /*
+ * Tracks the unique expressions generated for the NFA and when the NFA is
+ * reduced.
+ */
+ _ure_elt_t *expr;
+ ucs2_t expr_used;
+ ucs2_t expr_size;
+
+ /*
+ * The reduced table of unique groups of NFA states.
+ */
+ _ure_statetable_t states;
+
+ /*
+ * Tracks states when equivalent states are merged.
+ */
+ _ure_equiv_t *equiv;
+ ucs2_t equiv_used;
+ ucs2_t equiv_size;
+} _ure_buffer_t;
+
+typedef struct {
+ ucs2_t symbol;
+ ucs2_t next_state;
+} _ure_trans_t;
+
+typedef struct {
+ ucs2_t accepting;
+ ucs2_t ntrans;
+ _ure_trans_t *trans;
+} _ure_dstate_t;
+
+typedef struct _ure_dfa_t {
+ unsigned long flags;
+
+ _ure_symtab_t *syms;
+ ucs2_t nsyms;
+
+ _ure_dstate_t *states;
+ ucs2_t nstates;
+
+ _ure_trans_t *trans;
+ ucs2_t ntrans;
+} _ure_dfa_t;
+
+/*************************************************************************
+ *
+ * Functions.
+ *
+ *************************************************************************/
+
+static void
+_ure_memmove(char *dest, char *src, unsigned long bytes)
+{
+ long i, j;
+
+ i = (long) bytes;
+ j = i & 7;
+ i = (i + 7) >> 3;
+
+ /*
+ * Do a memmove using Ye Olde Duff's Device for efficiency.
+ */
+ if (src < dest) {
+ src += bytes;
+ dest += bytes;
+
+ switch (j) {
+ case 0: do {
+ *--dest = *--src;
+ case 7: *--dest = *--src;
+ case 6: *--dest = *--src;
+ case 5: *--dest = *--src;
+ case 4: *--dest = *--src;
+ case 3: *--dest = *--src;
+ case 2: *--dest = *--src;
+ case 1: *--dest = *--src;
+ } while (--i > 0);
+ }
+ } else if (src > dest) {
+ switch (j) {
+ case 0: do {
+ *dest++ = *src++;
+ case 7: *dest++ = *src++;
+ case 6: *dest++ = *src++;
+ case 5: *dest++ = *src++;
+ case 4: *dest++ = *src++;
+ case 3: *dest++ = *src++;
+ case 2: *dest++ = *src++;
+ case 1: *dest++ = *src++;
+ } while (--i > 0);
+ }
+ }
+}
+
+static void
+_ure_push(ucs2_t v, _ure_buffer_t *b)
+{
+ _ure_stlist_t *s;
+
+ if (b == 0)
+ return;
+
+ /*
+ * If the `reducing' parameter is non-zero, check to see if the value
+ * passed is already on the stack.
+ */
+ if (b->reducing != 0 && b->expr[v].onstack != 0)
+ return;
+
+ s = &b->stack;
+ if (s->slist_used == s->slist_size) {
+ if (s->slist_size == 0)
+ s->slist = (ucs2_t *) malloc(sizeof(ucs2_t) << 3);
+ else
+ s->slist = (ucs2_t *) realloc((char *) s->slist,
+ sizeof(ucs2_t) * (s->slist_size + 8));
+ s->slist_size += 8;
+ }
+ s->slist[s->slist_used++] = v;
+
+ /*
+ * If the `reducing' parameter is non-zero, flag the element as being on
+ * the stack.
+ */
+ if (b->reducing != 0)
+ b->expr[v].onstack = 1;
+}
+
+static ucs2_t
+_ure_peek(_ure_buffer_t *b)
+{
+ if (b == 0 || b->stack.slist_used == 0)
+ return _URE_NOOP;
+
+ return b->stack.slist[b->stack.slist_used - 1];
+}
+
+static ucs2_t
+_ure_pop(_ure_buffer_t *b)
+{
+ ucs2_t v;
+
+ if (b == 0 || b->stack.slist_used == 0)
+ return _URE_NOOP;
+
+ v = b->stack.slist[--b->stack.slist_used];
+ if (b->reducing)
+ b->expr[v].onstack = 0;
+
+ return v;
+}
+
+/*************************************************************************
+ *
+ * Start symbol parse functions.
+ *
+ *************************************************************************/
+
+/*
+ * Parse a comma-separated list of integers that represent character
+ * properties. Combine them into a mask that is returned in the `mask'
+ * variable, and return the number of characters consumed.
+ */
+static unsigned long
+_ure_prop_list(ucs2_t *pp, unsigned long limit, unsigned long *mask,
+ _ure_buffer_t *b)
+{
+ unsigned long n, m;
+ ucs2_t *sp, *ep;
+
+ sp = pp;
+ ep = sp + limit;
+
+ for (m = n = 0; b->error == _URE_OK && sp < ep; sp++) {
+ if (*sp == ',') {
+ /*
+ * Encountered a comma, so select the next character property flag
+ * and reset the number.
+ */
+ m |= cclass_flags[n];
+ n = 0;
+ } else if (*sp >= '0' && *sp <= '9')
+ /*
+ * Encountered a digit, so start or continue building the cardinal
+ * that represents the character property flag.
+ */
+ n = (n * 10) + (*sp - '0');
+ else
+ /*
+ * Encountered something that is not part of the property list.
+ * Indicate that we are done.
+ */
+ break;
+
+ /*
+ * If a property number greater than 32 occurs, then there is a
+ * problem. Most likely a missing comma separator.
+ */
+ if (n > 32)
+ b->error = _URE_INVALID_PROPERTY;
+ }
+
+ if (n != 0)
+ m |= cclass_flags[n];
+
+ /*
+ * Set the mask that represents the group of character properties.
+ */
+ *mask = m;
+
+ /*
+ * Return the number of characters consumed.
+ */
+ return sp - pp;
+}
+
+/*
+ * Collect a hex number with 1 to 4 digits and return the number
+ * of characters used.
+ */
+static unsigned long
+_ure_hex(ucs2_t *np, unsigned long limit, ucs4_t *n)
+{
+ ucs2_t i;
+ ucs2_t *sp, *ep;
+ ucs4_t nn;
+
+ sp = np;
+ ep = sp + limit;
+
+ for (nn = 0, i = 0; i < 4 && sp < ep; i++, sp++) {
+ if (*sp >= '0' && *sp <= '9')
+ nn = (nn << 4) + (*sp - '0');
+ else if (*sp >= 'A' && *sp <= 'F')
+ nn = (nn << 4) + ((*sp - 'A') + 10);
+ else if (*sp >= 'a' && *sp <= 'f')
+ nn = (nn << 4) + ((*sp - 'a') + 10);
+ else
+ /*
+ * Encountered something that is not a hex digit.
+ */
+ break;
+ }
+
+ /*
+ * Assign the character code collected and return the number of
+ * characters used.
+ */
+ *n = nn;
+
+ return sp - np;
+}
+
+/*
+ * Insert a range into a character class, removing duplicates and ordering
+ * them in increasing range-start order.
+ */
+static void
+_ure_add_range(_ure_ccl_t *ccl, _ure_range_t *r, _ure_buffer_t *b)
+{
+ ucs2_t i;
+ ucs4_t tmp;
+ _ure_range_t *rp;
+
+ /*
+ * If the `casefold' flag is set, then make sure both endpoints of the
+ * range are converted to lower case.
+ */
+ if (b->flags & _URE_DFA_CASEFOLD) {
+ r->min_code = _ure_tolower(r->min_code);
+ r->max_code = _ure_tolower(r->max_code);
+ }
+
+ /*
+ * Swap the range endpoints if they are not in increasing order.
+ */
+ if (r->min_code > r->max_code) {
+ tmp = r->min_code;
+ r->min_code = r->max_code;
+ r->max_code = tmp;
+ }
+
+ for (i = 0, rp = ccl->ranges;
+ i < ccl->ranges_used && r->min_code < rp->min_code; i++, rp++) ;
+
+ /*
+ * Check for a duplicate.
+ */
+ if (i < ccl->ranges_used &&
+ r->min_code == rp->min_code && r->max_code == rp->max_code)
+ return;
+
+ if (ccl->ranges_used == ccl->ranges_size) {
+ if (ccl->ranges_size == 0)
+ ccl->ranges = (_ure_range_t *) malloc(sizeof(_ure_range_t) << 3);
+ else
+ ccl->ranges = (_ure_range_t *)
+ realloc((char *) ccl->ranges,
+ sizeof(_ure_range_t) * (ccl->ranges_size + 8));
+ ccl->ranges_size += 8;
+ }
+
+ rp = ccl->ranges + ccl->ranges_used;
+
+ if (i < ccl->ranges_used)
+ _ure_memmove((char *) (rp + 1), (char *) rp,
+ sizeof(_ure_range_t) * (ccl->ranges_used - i));
+
+ ccl->ranges_used++;
+ rp->min_code = r->min_code;
+ rp->max_code = r->max_code;
+}
+
+#define _URE_ALPHA_MASK (_URE_UPPER|_URE_LOWER|_URE_OTHERLETTER|\
+_URE_MODIFIER|_URE_TITLE|_URE_NONSPACING|_URE_COMBINING)
+#define _URE_ALNUM_MASK (_URE_ALPHA_MASK|_URE_NUMDIGIT)
+#define _URE_PUNCT_MASK (_URE_DASHPUNCT|_URE_OPENPUNCT|_URE_CLOSEPUNCT|\
+_URE_OTHERPUNCT)
+#define _URE_GRAPH_MASK (_URE_NUMDIGIT|_URE_NUMOTHER|_URE_ALPHA_MASK|\
+_URE_MATHSYM|_URE_CURRENCYSYM|_URE_OTHERSYM)
+#define _URE_PRINT_MASK (_URE_GRAPH_MASK|_URE_SPACESEP)
+#define _URE_SPACE_MASK (_URE_SPACESEP|_URE_LINESEP|_URE_PARASEP)
+
+typedef void (*_ure_cclsetup_t)(
+ _ure_symtab_t *sym,
+ unsigned long mask,
+ _ure_buffer_t *b
+);
+
+typedef struct {
+ ucs2_t key;
+ unsigned long len;
+ unsigned long next;
+ _ure_cclsetup_t func;
+ unsigned long mask;
+} _ure_trie_t;
+
+static void
+_ure_ccl_setup(_ure_symtab_t *sym, unsigned long mask, _ure_buffer_t *b)
+{
+ sym->props |= mask;
+}
+
+static void
+_ure_space_setup(_ure_symtab_t *sym, unsigned long mask, _ure_buffer_t *b)
+{
+ _ure_range_t range;
+
+ sym->props |= mask;
+
+ /*
+ * Add the additional characters needed for handling isspace().
+ */
+ range.min_code = range.max_code = '\t';
+ _ure_add_range(&sym->sym.ccl, &range, b);
+ range.min_code = range.max_code = '\r';
+ _ure_add_range(&sym->sym.ccl, &range, b);
+ range.min_code = range.max_code = '\n';
+ _ure_add_range(&sym->sym.ccl, &range, b);
+ range.min_code = range.max_code = '\f';
+ _ure_add_range(&sym->sym.ccl, &range, b);
+ range.min_code = range.max_code = 0xfeff;
+ _ure_add_range(&sym->sym.ccl, &range, b);
+}
+
+static void
+_ure_xdigit_setup(_ure_symtab_t *sym, unsigned long mask, _ure_buffer_t *b)
+{
+ _ure_range_t range;
+
+ /*
+ * Add the additional characters needed for handling isxdigit().
+ */
+ range.min_code = '0';
+ range.max_code = '9';
+ _ure_add_range(&sym->sym.ccl, &range, b);
+ range.min_code = 'A';
+ range.max_code = 'F';
+ _ure_add_range(&sym->sym.ccl, &range, b);
+ range.min_code = 'a';
+ range.max_code = 'f';
+ _ure_add_range(&sym->sym.ccl, &range, b);
+}
+
+static _ure_trie_t cclass_trie[] = {
+ {0x003a, 1, 1, 0, 0},
+ {0x0061, 9, 10, 0, 0},
+ {0x0063, 8, 19, 0, 0},
+ {0x0064, 7, 24, 0, 0},
+ {0x0067, 6, 29, 0, 0},
+ {0x006c, 5, 34, 0, 0},
+ {0x0070, 4, 39, 0, 0},
+ {0x0073, 3, 49, 0, 0},
+ {0x0075, 2, 54, 0, 0},
+ {0x0078, 1, 59, 0, 0},
+ {0x006c, 1, 11, 0, 0},
+ {0x006e, 2, 13, 0, 0},
+ {0x0070, 1, 16, 0, 0},
+ {0x0075, 1, 14, 0, 0},
+ {0x006d, 1, 15, 0, 0},
+ {0x003a, 1, 16, _ure_ccl_setup, _URE_ALNUM_MASK},
+ {0x0068, 1, 17, 0, 0},
+ {0x0061, 1, 18, 0, 0},
+ {0x003a, 1, 19, _ure_ccl_setup, _URE_ALPHA_MASK},
+ {0x006e, 1, 20, 0, 0},
+ {0x0074, 1, 21, 0, 0},
+ {0x0072, 1, 22, 0, 0},
+ {0x006c, 1, 23, 0, 0},
+ {0x003a, 1, 24, _ure_ccl_setup, _URE_CNTRL},
+ {0x0069, 1, 25, 0, 0},
+ {0x0067, 1, 26, 0, 0},
+ {0x0069, 1, 27, 0, 0},
+ {0x0074, 1, 28, 0, 0},
+ {0x003a, 1, 29, _ure_ccl_setup, _URE_NUMDIGIT},
+ {0x0072, 1, 30, 0, 0},
+ {0x0061, 1, 31, 0, 0},
+ {0x0070, 1, 32, 0, 0},
+ {0x0068, 1, 33, 0, 0},
+ {0x003a, 1, 34, _ure_ccl_setup, _URE_GRAPH_MASK},
+ {0x006f, 1, 35, 0, 0},
+ {0x0077, 1, 36, 0, 0},
+ {0x0065, 1, 37, 0, 0},
+ {0x0072, 1, 38, 0, 0},
+ {0x003a, 1, 39, _ure_ccl_setup, _URE_LOWER},
+ {0x0072, 2, 41, 0, 0},
+ {0x0075, 1, 45, 0, 0},
+ {0x0069, 1, 42, 0, 0},
+ {0x006e, 1, 43, 0, 0},
+ {0x0074, 1, 44, 0, 0},
+ {0x003a, 1, 45, _ure_ccl_setup, _URE_PRINT_MASK},
+ {0x006e, 1, 46, 0, 0},
+ {0x0063, 1, 47, 0, 0},
+ {0x0074, 1, 48, 0, 0},
+ {0x003a, 1, 49, _ure_ccl_setup, _URE_PUNCT_MASK},
+ {0x0070, 1, 50, 0, 0},
+ {0x0061, 1, 51, 0, 0},
+ {0x0063, 1, 52, 0, 0},
+ {0x0065, 1, 53, 0, 0},
+ {0x003a, 1, 54, _ure_space_setup, _URE_SPACE_MASK},
+ {0x0070, 1, 55, 0, 0},
+ {0x0070, 1, 56, 0, 0},
+ {0x0065, 1, 57, 0, 0},
+ {0x0072, 1, 58, 0, 0},
+ {0x003a, 1, 59, _ure_ccl_setup, _URE_UPPER},
+ {0x0064, 1, 60, 0, 0},
+ {0x0069, 1, 61, 0, 0},
+ {0x0067, 1, 62, 0, 0},
+ {0x0069, 1, 63, 0, 0},
+ {0x0074, 1, 64, 0, 0},
+ {0x003a, 1, 65, _ure_xdigit_setup, 0},
+};
+
+/*
+ * Probe for one of the POSIX colon delimited character classes in the static
+ * trie.
+ */
+static unsigned long
+_ure_posix_ccl(ucs2_t *cp, unsigned long limit, _ure_symtab_t *sym,
+ _ure_buffer_t *b)
+{
+ int i;
+ unsigned long n;
+ _ure_trie_t *tp;
+ ucs2_t *sp, *ep;
+
+ /*
+ * If the number of characters left is less than 7, then this cannot be
+ * interpreted as one of the colon delimited classes.
+ */
+ if (limit < 7)
+ return 0;
+
+ sp = cp;
+ ep = sp + limit;
+ tp = cclass_trie;
+ for (i = 0; sp < ep && i < 8; i++, sp++) {
+ n = tp->len;
+
+ for (; n > 0 && tp->key != *sp; tp++, n--) ;
+
+ if (n == 0)
+ return 0;
+
+ if (*sp == ':' && (i == 6 || i == 7)) {
+ sp++;
+ break;
+ }
+ if (sp + 1 < ep)
+ tp = cclass_trie + tp->next;
+ }
+ if (tp->func == 0)
+ return 0;
+
+ (*tp->func)(sym, tp->mask, b);
+
+ return sp - cp;
+}
+
+/*
+ * Construct a list of ranges and return the number of characters consumed.
+ */
+static unsigned long
+_ure_cclass(ucs2_t *cp, unsigned long limit, _ure_symtab_t *symp,
+ _ure_buffer_t *b)
+{
+ int range_end;
+ unsigned long n;
+ ucs2_t *sp, *ep;
+ ucs4_t c, last;
+ _ure_ccl_t *cclp;
+ _ure_range_t range;
+
+ sp = cp;
+ ep = sp + limit;
+
+ if (*sp == '^') {
+ symp->type = _URE_NCCLASS;
+ sp++;
+ } else
+ symp->type = _URE_CCLASS;
+
+ for (last = 0, range_end = 0;
+ b->error == _URE_OK && sp < ep && *sp != ']'; ) {
+ c = *sp++;
+ if (c == '\\') {
+ if (sp == ep) {
+ /*
+ * The EOS was encountered when expecting the reverse solidus
+ * to be followed by the character it is escaping. Set an
+ * error code and return the number of characters consumed up
+ * to this point.
+ */
+ b->error = _URE_UNEXPECTED_EOS;
+ return sp - cp;
+ }
+
+ c = *sp++;
+ switch (c) {
+ case 'a':
+ c = 0x07;
+ break;
+ case 'b':
+ c = 0x08;
+ break;
+ case 'f':
+ c = 0x0c;
+ break;
+ case 'n':
+ c = 0x0a;
+ break;
+ case 'r':
+ c = 0x0d;
+ break;
+ case 't':
+ c = 0x09;
+ break;
+ case 'v':
+ c = 0x0b;
+ break;
+ case 'p':
+ case 'P':
+ sp += _ure_prop_list(sp, ep - sp, &symp->props, b);
+ /*
+ * Invert the bit mask of the properties if this is a negated
+ * character class or if 'P' is used to specify a list of
+ * character properties that should *not* match in a
+ * character class.
+ */
+ if (c == 'P')
+ symp->props = ~symp->props;
+ continue;
+ break;
+ case 'x':
+ case 'X':
+ case 'u':
+ case 'U':
+ if (sp < ep &&
+ ((*sp >= '0' && *sp <= '9') ||
+ (*sp >= 'A' && *sp <= 'F') ||
+ (*sp >= 'a' && *sp <= 'f')))
+ sp += _ure_hex(sp, ep - sp, &c);
+ }
+ } else if (c == ':') {
+ /*
+ * Probe for a POSIX colon delimited character class.
+ */
+ sp--;
+ if ((n = _ure_posix_ccl(sp, ep - sp, symp, b)) == 0)
+ sp++;
+ else {
+ sp += n;
+ continue;
+ }
+ }
+
+ cclp = &symp->sym.ccl;
+
+ /*
+ * Check to see if the current character is a low surrogate that needs
+ * to be combined with a preceding high surrogate.
+ */
+ if (last != 0) {
+ if (c >= 0xdc00 && c <= 0xdfff)
+ /*
+ * Construct the UTF16 character code.
+ */
+ c = 0x10000 + (((last & 0x03ff) << 10) | (c & 0x03ff));
+ else {
+ /*
+ * Add the isolated high surrogate to the range.
+ */
+ if (range_end == 1)
+ range.max_code = last & 0xffff;
+ else
+ range.min_code = range.max_code = last & 0xffff;
+
+ _ure_add_range(cclp, &range, b);
+ range_end = 0;
+ }
+ }
+
+ /*
+ * Clear the last character code.
+ */
+ last = 0;
+
+ /*
+ * This slightly awkward code handles the different cases needed to
+ * construct a range.
+ */
+ if (c >= 0xd800 && c <= 0xdbff) {
+ /*
+ * If the high surrogate is followed by a range indicator, simply
+ * add it as the range start. Otherwise, save it in case the next
+ * character is a low surrogate.
+ */
+ if (*sp == '-') {
+ sp++;
+ range.min_code = c;
+ range_end = 1;
+ } else
+ last = c;
+ } else if (range_end == 1) {
+ range.max_code = c;
+ _ure_add_range(cclp, &range, b);
+ range_end = 0;
+ } else {
+ range.min_code = range.max_code = c;
+ if (*sp == '-') {
+ sp++;
+ range_end = 1;
+ } else
+ _ure_add_range(cclp, &range, b);
+ }
+ }
+
+ if (sp < ep && *sp == ']')
+ sp++;
+ else
+ /*
+ * The parse was not terminated by the character class close symbol
+ * (']'), so set an error code.
+ */
+ b->error = _URE_CCLASS_OPEN;
+
+ return sp - cp;
+}
+
+/*
+ * Probe for a low surrogate hex code.
+ */
+static unsigned long
+_ure_probe_ls(ucs2_t *ls, unsigned long limit, ucs4_t *c)
+{
+ ucs4_t i, code;
+ ucs2_t *sp, *ep;
+
+ for (i = code = 0, sp = ls, ep = sp + limit; i < 4 && sp < ep; sp++) {
+ if (*sp >= '0' && *sp <= '9')
+ code = (code << 4) + (*sp - '0');
+ else if (*sp >= 'A' && *sp <= 'F')
+ code = (code << 4) + ((*sp - 'A') + 10);
+ else if (*sp >= 'a' && *sp <= 'f')
+ code = (code << 4) + ((*sp - 'a') + 10);
+ else
+ break;
+ }
+
+ *c = code;
+ return (0xdc00 <= code && code <= 0xdfff) ? sp - ls : 0;
+}
+
+static unsigned long
+_ure_compile_symbol(ucs2_t *sym, unsigned long limit, _ure_symtab_t *symp,
+ _ure_buffer_t *b)
+{
+ ucs4_t c;
+ ucs2_t *sp, *ep;
+
+ sp = sym;
+ ep = sym + limit;
+
+ if ((c = *sp++) == '\\') {
+
+ if (sp == ep) {
+ /*
+ * The EOS was encountered when expecting the reverse solidus to
+ * be followed by the character it is escaping. Set an error code
+ * and return the number of characters consumed up to this point.
+ */
+ b->error = _URE_UNEXPECTED_EOS;
+ return sp - sym;
+ }
+
+ c = *sp++;
+ switch (c) {
+ case 'p':
+ case 'P':
+ symp->type = (c == 'p') ? _URE_CCLASS : _URE_NCCLASS;
+ sp += _ure_prop_list(sp, ep - sp, &symp->props, b);
+ break;
+ case 'a':
+ symp->type = _URE_CHAR;
+ symp->sym.chr = 0x07;
+ break;
+ case 'b':
+ symp->type = _URE_CHAR;
+ symp->sym.chr = 0x08;
+ break;
+ case 'f':
+ symp->type = _URE_CHAR;
+ symp->sym.chr = 0x0c;
+ break;
+ case 'n':
+ symp->type = _URE_CHAR;
+ symp->sym.chr = 0x0a;
+ break;
+ case 'r':
+ symp->type = _URE_CHAR;
+ symp->sym.chr = 0x0d;
+ break;
+ case 't':
+ symp->type = _URE_CHAR;
+ symp->sym.chr = 0x09;
+ break;
+ case 'v':
+ symp->type = _URE_CHAR;
+ symp->sym.chr = 0x0b;
+ break;
+ case 'x':
+ case 'X':
+ case 'u':
+ case 'U':
+ /*
+ * Collect between 1 and 4 digits representing a UCS2 code. Fall
+ * through to the next case.
+ */
+ if (sp < ep &&
+ ((*sp >= '0' && *sp <= '9') ||
+ (*sp >= 'A' && *sp <= 'F') ||
+ (*sp >= 'a' && *sp <= 'f')))
+ sp += _ure_hex(sp, ep - sp, &c);
+ /* FALLTHROUGH */
+ default:
+ /*
+ * Simply add an escaped character here.
+ */
+ symp->type = _URE_CHAR;
+ symp->sym.chr = c;
+ }
+ } else if (c == '^' || c == '$')
+ /*
+ * Handle the BOL and EOL anchors. This actually consists simply of
+ * setting a flag that indicates that the user supplied anchor match
+ * function should be called. This needs to be done instead of simply
+ * matching line/paragraph separators because beginning-of-text and
+ * end-of-text tests are needed as well.
+ */
+ symp->type = (c == '^') ? _URE_BOL_ANCHOR : _URE_EOL_ANCHOR;
+ else if (c == '[')
+ /*
+ * Construct a character class.
+ */
+ sp += _ure_cclass(sp, ep - sp, symp, b);
+ else if (c == '.')
+ symp->type = _URE_ANY_CHAR;
+ else {
+ symp->type = _URE_CHAR;
+ symp->sym.chr = c;
+ }
+
+ /*
+ * If the symbol type happens to be a character and is a high surrogate,
+ * then probe forward to see if it is followed by a low surrogate that
+ * needs to be added.
+ */
+ if (sp < ep && symp->type == _URE_CHAR &&
+ 0xd800 <= symp->sym.chr && symp->sym.chr <= 0xdbff) {
+
+ if (0xdc00 <= *sp && *sp <= 0xdfff) {
+ symp->sym.chr = 0x10000 + (((symp->sym.chr & 0x03ff) << 10) |
+ (*sp & 0x03ff));
+ sp++;
+ } else if (*sp == '\\' && (*(sp + 1) == 'x' || *(sp + 1) == 'X' ||
+ *(sp + 1) == 'u' || *(sp + 1) == 'U')) {
+ sp += _ure_probe_ls(sp + 2, ep - (sp + 2), &c);
+ if (0xdc00 <= c && c <= 0xdfff) {
+ /*
+ * Take into account the \[xu] in front of the hex code.
+ */
+ sp += 2;
+ symp->sym.chr = 0x10000 + (((symp->sym.chr & 0x03ff) << 10) |
+ (c & 0x03ff));
+ }
+ }
+ }
+
+ /*
+ * Last, make sure any _URE_CHAR type symbols are changed to lower case if
+ * the `casefold' flag is set.
+ */
+ if ((b->flags & _URE_DFA_CASEFOLD) && symp->type == _URE_CHAR)
+ symp->sym.chr = _ure_tolower(symp->sym.chr);
+
+ /*
+ * If the symbol constructed is anything other than one of the anchors,
+ * make sure the _URE_DFA_BLANKLINE flag is removed.
+ */
+ if (symp->type != _URE_BOL_ANCHOR && symp->type != _URE_EOL_ANCHOR)
+ b->flags &= ~_URE_DFA_BLANKLINE;
+
+ /*
+ * Return the number of characters consumed.
+ */
+ return sp - sym;
+}
+
+static int
+_ure_sym_neq(_ure_symtab_t *a, _ure_symtab_t *b)
+{
+ if (a->type != b->type || a->mods != b->mods || a->props != b->props)
+ return 1;
+
+ if (a->type == _URE_CCLASS || a->type == _URE_NCCLASS) {
+ if (a->sym.ccl.ranges_used != b->sym.ccl.ranges_used)
+ return 1;
+ if (a->sym.ccl.ranges_used > 0 &&
+ memcmp((char *) a->sym.ccl.ranges, (char *) b->sym.ccl.ranges,
+ sizeof(_ure_range_t) * a->sym.ccl.ranges_used) != 0)
+ return 1;
+ } else if (a->type == _URE_CHAR && a->sym.chr != b->sym.chr)
+ return 1;
+ return 0;
+}
+
+/*
+ * Construct a symbol, but only keep unique symbols.
+ */
+static ucs2_t
+_ure_make_symbol(ucs2_t *sym, unsigned long limit, unsigned long *consumed,
+ _ure_buffer_t *b)
+{
+ ucs2_t i;
+ _ure_symtab_t *sp, symbol;
+
+ /*
+ * Build the next symbol so we can test to see if it is already in the
+ * symbol table.
+ */
+ (void) memset((char *) &symbol, '\0', sizeof(_ure_symtab_t));
+ *consumed = _ure_compile_symbol(sym, limit, &symbol, b);
+
+ /*
+ * Check to see if the symbol exists.
+ */
+ for (i = 0, sp = b->symtab;
+ i < b->symtab_used && _ure_sym_neq(&symbol, sp); i++, sp++) ;
+
+ if (i < b->symtab_used) {
+ /*
+ * Free up any ranges used for the symbol.
+ */
+ if ((symbol.type == _URE_CCLASS || symbol.type == _URE_NCCLASS) &&
+ symbol.sym.ccl.ranges_size > 0)
+ free((char *) symbol.sym.ccl.ranges);
+
+ return b->symtab[i].id;
+ }
+
+ /*
+ * Need to add the new symbol.
+ */
+ if (b->symtab_used == b->symtab_size) {
+ if (b->symtab_size == 0)
+ b->symtab = (_ure_symtab_t *) malloc(sizeof(_ure_symtab_t) << 3);
+ else
+ b->symtab = (_ure_symtab_t *)
+ realloc((char *) b->symtab,
+ sizeof(_ure_symtab_t) * (b->symtab_size + 8));
+ sp = b->symtab + b->symtab_size;
+ (void) memset((char *) sp, '\0', sizeof(_ure_symtab_t) << 3);
+ b->symtab_size += 8;
+ }
+
+ symbol.id = b->symtab_used++;
+ (void) AC_MEMCPY((char *) &b->symtab[symbol.id], (char *) &symbol,
+ sizeof(_ure_symtab_t));
+
+ return symbol.id;
+}
+
+/*************************************************************************
+ *
+ * End symbol parse functions.
+ *
+ *************************************************************************/
+
+static ucs2_t
+_ure_make_expr(ucs2_t type, ucs2_t lhs, ucs2_t rhs, _ure_buffer_t *b)
+{
+ ucs2_t i;
+
+ if (b == 0)
+ return _URE_NOOP;
+
+ /*
+ * Determine if the expression already exists or not.
+ */
+ for (i = 0; i < b->expr_used; i++) {
+ if (b->expr[i].type == type && b->expr[i].lhs == lhs &&
+ b->expr[i].rhs == rhs)
+ break;
+ }
+ if (i < b->expr_used)
+ return i;
+
+ /*
+ * Need to add a new expression.
+ */
+ if (b->expr_used == b->expr_size) {
+ if (b->expr_size == 0)
+ b->expr = (_ure_elt_t *) malloc(sizeof(_ure_elt_t) << 3);
+ else
+ b->expr = (_ure_elt_t *)
+ realloc((char *) b->expr,
+ sizeof(_ure_elt_t) * (b->expr_size + 8));
+ b->expr_size += 8;
+ }
+
+ b->expr[b->expr_used].onstack = 0;
+ b->expr[b->expr_used].type = type;
+ b->expr[b->expr_used].lhs = lhs;
+ b->expr[b->expr_used].rhs = rhs;
+
+ return b->expr_used++;
+}
+
+static unsigned char spmap[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+#define _ure_isspecial(cc) ((cc) > 0x20 && (cc) < 0x7f && \
+ (spmap[(cc) >> 3] & (1 << ((cc) & 7))))
+
+/*
+ * Convert the regular expression into an NFA in a form that will be easy to
+ * reduce to a DFA. The starting state for the reduction will be returned.
+ */
+static ucs2_t
+_ure_re2nfa(ucs2_t *re, unsigned long relen, _ure_buffer_t *b)
+{
+ ucs2_t c, state, top, sym, *sp, *ep;
+ unsigned long used;
+
+ state = _URE_NOOP;
+
+ sp = re;
+ ep = sp + relen;
+ while (b->error == _URE_OK && sp < ep) {
+ c = *sp++;
+ switch (c) {
+ case '(':
+ _ure_push(_URE_PAREN, b);
+ break;
+ case ')':
+ /*
+ * Check for the case of too many close parentheses.
+ */
+ if (_ure_peek(b) == _URE_NOOP) {
+ b->error = _URE_UNBALANCED_GROUP;
+ break;
+ }
+
+ while ((top = _ure_peek(b)) == _URE_AND || top == _URE_OR)
+ /*
+ * Make an expression with the AND or OR operator and its right
+ * hand side.
+ */
+ state = _ure_make_expr(_ure_pop(b), _ure_pop(b), state, b);
+
+ /*
+ * Remove the _URE_PAREN off the stack.
+ */
+ (void) _ure_pop(b);
+ break;
+ case '*':
+ state = _ure_make_expr(_URE_STAR, state, _URE_NOOP, b);
+ break;
+ case '+':
+ state = _ure_make_expr(_URE_PLUS, state, _URE_NOOP, b);
+ break;
+ case '?':
+ state = _ure_make_expr(_URE_QUEST, state, _URE_NOOP, b);
+ break;
+ case '|':
+ while ((top = _ure_peek(b)) == _URE_AND || top == _URE_OR)
+ /*
+ * Make an expression with the AND or OR operator and its right
+ * hand side.
+ */
+ state = _ure_make_expr(_ure_pop(b), _ure_pop(b), state, b);
+
+ _ure_push(state, b);
+ _ure_push(_URE_OR, b);
+ break;
+ default:
+ sp--;
+ sym = _ure_make_symbol(sp, ep - sp, &used, b);
+ sp += used;
+ state = _ure_make_expr(_URE_SYMBOL, sym, _URE_NOOP, b);
+ break;
+ }
+
+ if (c != '(' && c != '|' && sp < ep &&
+ (!_ure_isspecial(*sp) || *sp == '(')) {
+ _ure_push(state, b);
+ _ure_push(_URE_AND, b);
+ }
+ }
+ while ((top = _ure_peek(b)) == _URE_AND || top == _URE_OR)
+ /*
+ * Make an expression with the AND or OR operator and its right
+ * hand side.
+ */
+ state = _ure_make_expr(_ure_pop(b), _ure_pop(b), state, b);
+
+ if (b->stack.slist_used > 0)
+ b->error = _URE_UNBALANCED_GROUP;
+
+ return (b->error == _URE_OK) ? state : _URE_NOOP;
+}
+
+static void
+_ure_add_symstate(ucs2_t sym, ucs2_t state, _ure_buffer_t *b)
+{
+ ucs2_t i, *stp;
+ _ure_symtab_t *sp;
+
+ /*
+ * Locate the symbol in the symbol table so the state can be added.
+ * If the symbol doesn't exist, then a real problem exists.
+ */
+ for (i = 0, sp = b->symtab; i < b->symtab_used && sym != sp->id;
+ i++, sp++) ;
+
+ /*
+ * Now find out if the state exists in the symbol's state list.
+ */
+ for (i = 0, stp = sp->states.slist;
+ i < sp->states.slist_used && state > *stp; i++, stp++) ;
+
+ if (i == sp->states.slist_used || state < *stp) {
+ /*
+ * Need to add the state in order.
+ */
+ if (sp->states.slist_used == sp->states.slist_size) {
+ if (sp->states.slist_size == 0)
+ sp->states.slist = (ucs2_t *) malloc(sizeof(ucs2_t) << 3);
+ else
+ sp->states.slist = (ucs2_t *)
+ realloc((char *) sp->states.slist,
+ sizeof(ucs2_t) * (sp->states.slist_size + 8));
+ sp->states.slist_size += 8;
+ }
+ if (i < sp->states.slist_used)
+ (void) _ure_memmove((char *) (sp->states.slist + i + 1),
+ (char *) (sp->states.slist + i),
+ sizeof(ucs2_t) * (sp->states.slist_used - i));
+ sp->states.slist[i] = state;
+ sp->states.slist_used++;
+ }
+}
+
+static ucs2_t
+_ure_add_state(ucs2_t nstates, ucs2_t *states, _ure_buffer_t *b)
+{
+ ucs2_t i;
+ _ure_state_t *sp;
+
+ for (i = 0, sp = b->states.states; i < b->states.states_used; i++, sp++) {
+ if (sp->st.slist_used == nstates &&
+ memcmp((char *) states, (char *) sp->st.slist,
+ sizeof(ucs2_t) * nstates) == 0)
+ break;
+ }
+
+ if (i == b->states.states_used) {
+ /*
+ * Need to add a new DFA state (set of NFA states).
+ */
+ if (b->states.states_used == b->states.states_size) {
+ if (b->states.states_size == 0)
+ b->states.states = (_ure_state_t *)
+ malloc(sizeof(_ure_state_t) << 3);
+ else
+ b->states.states = (_ure_state_t *)
+ realloc((char *) b->states.states,
+ sizeof(_ure_state_t) * (b->states.states_size + 8));
+ sp = b->states.states + b->states.states_size;
+ (void) memset((char *) sp, '\0', sizeof(_ure_state_t) << 3);
+ b->states.states_size += 8;
+ }
+
+ sp = b->states.states + b->states.states_used++;
+ sp->id = i;
+
+ if (sp->st.slist_used + nstates > sp->st.slist_size) {
+ if (sp->st.slist_size == 0)
+ sp->st.slist = (ucs2_t *)
+ malloc(sizeof(ucs2_t) * (sp->st.slist_used + nstates));
+ else
+ sp->st.slist = (ucs2_t *)
+ realloc((char *) sp->st.slist,
+ sizeof(ucs2_t) * (sp->st.slist_used + nstates));
+ sp->st.slist_size = sp->st.slist_used + nstates;
+ }
+ sp->st.slist_used = nstates;
+ (void) AC_MEMCPY((char *) sp->st.slist, (char *) states,
+ sizeof(ucs2_t) * nstates);
+ }
+
+ /*
+ * Return the ID of the DFA state representing a group of NFA states.
+ */
+ return i;
+}
+
+static void
+_ure_reduce(ucs2_t start, _ure_buffer_t *b)
+{
+ ucs2_t i, j, state, eval, syms, rhs;
+ ucs2_t s1, s2, ns1, ns2;
+ _ure_state_t *sp;
+ _ure_symtab_t *smp;
+
+ b->reducing = 1;
+
+ /*
+ * Add the starting state for the reduction.
+ */
+ _ure_add_state(1, &start, b);
+
+ /*
+ * Process each set of NFA states that get created.
+ */
+ for (i = 0; i < b->states.states_used; i++) {
+ sp = b->states.states + i;
+
+ /*
+ * Push the current states on the stack.
+ */
+ for (j = 0; j < sp->st.slist_used; j++)
+ _ure_push(sp->st.slist[j], b);
+
+ /*
+ * Reduce the NFA states.
+ */
+ for (j = sp->accepting = syms = 0; j < b->stack.slist_used; j++) {
+ state = b->stack.slist[j];
+ eval = 1;
+
+ /*
+ * This inner loop is the iterative equivalent of recursively
+ * reducing subexpressions generated as a result of a reduction.
+ */
+ while (eval) {
+ switch (b->expr[state].type) {
+ case _URE_SYMBOL:
+ ns1 = _ure_make_expr(_URE_ONE, _URE_NOOP, _URE_NOOP, b);
+ _ure_add_symstate(b->expr[state].lhs, ns1, b);
+ syms++;
+ eval = 0;
+ break;
+ case _URE_ONE:
+ sp->accepting = 1;
+ eval = 0;
+ break;
+ case _URE_QUEST:
+ s1 = b->expr[state].lhs;
+ ns1 = _ure_make_expr(_URE_ONE, _URE_NOOP, _URE_NOOP, b);
+ state = _ure_make_expr(_URE_OR, ns1, s1, b);
+ break;
+ case _URE_PLUS:
+ s1 = b->expr[state].lhs;
+ ns1 = _ure_make_expr(_URE_STAR, s1, _URE_NOOP, b);
+ state = _ure_make_expr(_URE_AND, s1, ns1, b);
+ break;
+ case _URE_STAR:
+ s1 = b->expr[state].lhs;
+ ns1 = _ure_make_expr(_URE_ONE, _URE_NOOP, _URE_NOOP, b);
+ ns2 = _ure_make_expr(_URE_PLUS, s1, _URE_NOOP, b);
+ state = _ure_make_expr(_URE_OR, ns1, ns2, b);
+ break;
+ case _URE_OR:
+ s1 = b->expr[state].lhs;
+ s2 = b->expr[state].rhs;
+ _ure_push(s1, b);
+ _ure_push(s2, b);
+ eval = 0;
+ break;
+ case _URE_AND:
+ s1 = b->expr[state].lhs;
+ s2 = b->expr[state].rhs;
+ switch (b->expr[s1].type) {
+ case _URE_SYMBOL:
+ _ure_add_symstate(b->expr[s1].lhs, s2, b);
+ syms++;
+ eval = 0;
+ break;
+ case _URE_ONE:
+ state = s2;
+ break;
+ case _URE_QUEST:
+ ns1 = b->expr[s1].lhs;
+ ns2 = _ure_make_expr(_URE_AND, ns1, s2, b);
+ state = _ure_make_expr(_URE_OR, s2, ns2, b);
+ break;
+ case _URE_PLUS:
+ ns1 = b->expr[s1].lhs;
+ ns2 = _ure_make_expr(_URE_OR, s2, state, b);
+ state = _ure_make_expr(_URE_AND, ns1, ns2, b);
+ break;
+ case _URE_STAR:
+ ns1 = b->expr[s1].lhs;
+ ns2 = _ure_make_expr(_URE_AND, ns1, state, b);
+ state = _ure_make_expr(_URE_OR, s2, ns2, b);
+ break;
+ case _URE_OR:
+ ns1 = b->expr[s1].lhs;
+ ns2 = b->expr[s1].rhs;
+ ns1 = _ure_make_expr(_URE_AND, ns1, s2, b);
+ ns2 = _ure_make_expr(_URE_AND, ns2, s2, b);
+ state = _ure_make_expr(_URE_OR, ns1, ns2, b);
+ break;
+ case _URE_AND:
+ ns1 = b->expr[s1].lhs;
+ ns2 = b->expr[s1].rhs;
+ ns2 = _ure_make_expr(_URE_AND, ns2, s2, b);
+ state = _ure_make_expr(_URE_AND, ns1, ns2, b);
+ break;
+ }
+ }
+ }
+ }
+
+ /*
+ * Clear the state stack.
+ */
+ while (_ure_pop(b) != _URE_NOOP) ;
+
+ /*
+ * Reset the state pointer because the reduction may have moved it
+ * during a reallocation.
+ */
+ sp = b->states.states + i;
+
+ /*
+ * Generate the DFA states for the symbols collected during the
+ * current reduction.
+ */
+ if (sp->trans_used + syms > sp->trans_size) {
+ if (sp->trans_size == 0)
+ sp->trans = (_ure_elt_t *)
+ malloc(sizeof(_ure_elt_t) * (sp->trans_used + syms));
+ else
+ sp->trans = (_ure_elt_t *)
+ realloc((char *) sp->trans,
+ sizeof(_ure_elt_t) * (sp->trans_used + syms));
+ sp->trans_size = sp->trans_used + syms;
+ }
+
+ /*
+ * Go through the symbol table and generate the DFA state transitions
+ * for each symbol that has collected NFA states.
+ */
+ for (j = syms = 0, smp = b->symtab; j < b->symtab_used; j++, smp++) {
+ sp = b->states.states + i;
+
+ if (smp->states.slist_used > 0) {
+ sp->trans[syms].lhs = smp->id;
+ rhs = _ure_add_state(smp->states.slist_used,
+ smp->states.slist, b);
+ /*
+ * Reset the state pointer in case the reallocation moves it
+ * in memory.
+ */
+ sp = b->states.states + i;
+ sp->trans[syms].rhs = rhs;
+
+ smp->states.slist_used = 0;
+ syms++;
+ }
+ }
+
+ /*
+ * Set the number of transitions actually used.
+ */
+ sp->trans_used = syms;
+ }
+ b->reducing = 0;
+}
+
+static void
+_ure_add_equiv(ucs2_t l, ucs2_t r, _ure_buffer_t *b)
+{
+ ucs2_t tmp;
+
+ l = b->states.states[l].id;
+ r = b->states.states[r].id;
+
+ if (l == r)
+ return;
+
+ if (l > r) {
+ tmp = l;
+ l = r;
+ r = tmp;
+ }
+
+ /*
+ * Check to see if the equivalence pair already exists.
+ */
+ for (tmp = 0; tmp < b->equiv_used &&
+ (b->equiv[tmp].l != l || b->equiv[tmp].r != r);
+ tmp++) ;
+
+ if (tmp < b->equiv_used)
+ return;
+
+ if (b->equiv_used == b->equiv_size) {
+ if (b->equiv_size == 0)
+ b->equiv = (_ure_equiv_t *) malloc(sizeof(_ure_equiv_t) << 3);
+ else
+ b->equiv = (_ure_equiv_t *) realloc((char *) b->equiv,
+ sizeof(_ure_equiv_t) *
+ (b->equiv_size + 8));
+ b->equiv_size += 8;
+ }
+ b->equiv[b->equiv_used].l = l;
+ b->equiv[b->equiv_used].r = r;
+ b->equiv_used++;
+}
+
+/*
+ * Merge the DFA states that are equivalent.
+ */
+static void
+_ure_merge_equiv(_ure_buffer_t *b)
+{
+ ucs2_t i, j, k, eq, done;
+ _ure_state_t *sp1, *sp2, *ls, *rs;
+
+ for (i = 0; i < b->states.states_used; i++) {
+ sp1 = b->states.states + i;
+ if (sp1->id != i)
+ continue;
+ for (j = 0; j < i; j++) {
+ sp2 = b->states.states + j;
+ if (sp2->id != j)
+ continue;
+ b->equiv_used = 0;
+ _ure_add_equiv(i, j, b);
+ for (eq = 0, done = 0; eq < b->equiv_used; eq++) {
+ ls = b->states.states + b->equiv[eq].l;
+ rs = b->states.states + b->equiv[eq].r;
+ if (ls->accepting != rs->accepting ||
+ ls->trans_used != rs->trans_used) {
+ done = 1;
+ break;
+ }
+ for (k = 0; k < ls->trans_used &&
+ ls->trans[k].lhs == rs->trans[k].lhs; k++) ;
+ if (k < ls->trans_used) {
+ done = 1;
+ break;
+ }
+
+ for (k = 0; k < ls->trans_used; k++)
+ _ure_add_equiv(ls->trans[k].rhs, rs->trans[k].rhs, b);
+ }
+ if (done == 0)
+ break;
+ }
+ for (eq = 0; j < i && eq < b->equiv_used; eq++)
+ b->states.states[b->equiv[eq].r].id =
+ b->states.states[b->equiv[eq].l].id;
+ }
+
+ /*
+ * Renumber the states appropriately.
+ */
+ for (i = eq = 0, sp1 = b->states.states; i < b->states.states_used;
+ sp1++, i++)
+ sp1->id = (sp1->id == i) ? eq++ : b->states.states[sp1->id].id;
+}
+
+/*************************************************************************
+ *
+ * API.
+ *
+ *************************************************************************/
+
+ure_buffer_t
+ure_buffer_create(void)
+{
+ ure_buffer_t b;
+
+ b = (ure_buffer_t) calloc(1, sizeof(_ure_buffer_t));
+
+ return b;
+}
+
+void
+ure_buffer_free(ure_buffer_t buf)
+{
+ unsigned long i;
+
+ if (buf == 0)
+ return;
+
+ if (buf->stack.slist_size > 0)
+ free((char *) buf->stack.slist);
+
+ if (buf->expr_size > 0)
+ free((char *) buf->expr);
+
+ for (i = 0; i < buf->symtab_size; i++) {
+ if (buf->symtab[i].states.slist_size > 0)
+ free((char *) buf->symtab[i].states.slist);
+ }
+
+ if (buf->symtab_size > 0)
+ free((char *) buf->symtab);
+
+ for (i = 0; i < buf->states.states_size; i++) {
+ if (buf->states.states[i].trans_size > 0)
+ free((char *) buf->states.states[i].trans);
+ if (buf->states.states[i].st.slist_size > 0)
+ free((char *) buf->states.states[i].st.slist);
+ }
+
+ if (buf->states.states_size > 0)
+ free((char *) buf->states.states);
+
+ if (buf->equiv_size > 0)
+ free((char *) buf->equiv);
+
+ free((char *) buf);
+}
+
+ure_dfa_t
+ure_compile(ucs2_t *re, unsigned long relen, int casefold, ure_buffer_t buf)
+{
+ ucs2_t i, j, state;
+ _ure_state_t *sp;
+ _ure_dstate_t *dsp;
+ _ure_trans_t *tp;
+ ure_dfa_t dfa;
+
+ if (re == 0 || *re == 0 || relen == 0 || buf == 0)
+ return 0;
+
+ /*
+ * Reset the various fields of the compilation buffer. Default the flags
+ * to indicate the presense of the "^$" pattern. If any other pattern
+ * occurs, then this flag will be removed. This is done to catch this
+ * special pattern and handle it specially when matching.
+ */
+ buf->flags = _URE_DFA_BLANKLINE | ((casefold) ? _URE_DFA_CASEFOLD : 0);
+ buf->reducing = 0;
+ buf->stack.slist_used = 0;
+ buf->expr_used = 0;
+
+ for (i = 0; i < buf->symtab_used; i++)
+ buf->symtab[i].states.slist_used = 0;
+ buf->symtab_used = 0;
+
+ for (i = 0; i < buf->states.states_used; i++) {
+ buf->states.states[i].st.slist_used = 0;
+ buf->states.states[i].trans_used = 0;
+ }
+ buf->states.states_used = 0;
+
+ /*
+ * Construct the NFA. If this stage returns a 0, then an error occured or
+ * an empty expression was passed.
+ */
+ if ((state = _ure_re2nfa(re, relen, buf)) == _URE_NOOP)
+ return 0;
+
+ /*
+ * Do the expression reduction to get the initial DFA.
+ */
+ _ure_reduce(state, buf);
+
+ /*
+ * Merge all the equivalent DFA states.
+ */
+ _ure_merge_equiv(buf);
+
+ /*
+ * Construct the minimal DFA.
+ */
+ dfa = (ure_dfa_t) malloc(sizeof(_ure_dfa_t));
+ (void) memset((char *) dfa, '\0', sizeof(_ure_dfa_t));
+
+ dfa->flags = buf->flags & (_URE_DFA_CASEFOLD|_URE_DFA_BLANKLINE);
+
+ /*
+ * Free up the NFA state groups and transfer the symbols from the buffer
+ * to the DFA.
+ */
+ for (i = 0; i < buf->symtab_size; i++) {
+ if (buf->symtab[i].states.slist_size > 0)
+ free((char *) buf->symtab[i].states.slist);
+ }
+ dfa->syms = buf->symtab;
+ dfa->nsyms = buf->symtab_used;
+
+ buf->symtab_used = buf->symtab_size = 0;
+
+ /*
+ * Collect the total number of states and transitions needed for the DFA.
+ */
+ for (i = state = 0, sp = buf->states.states; i < buf->states.states_used;
+ i++, sp++) {
+ if (sp->id == state) {
+ dfa->nstates++;
+ dfa->ntrans += sp->trans_used;
+ state++;
+ }
+ }
+
+ /*
+ * Allocate enough space for the states and transitions.
+ */
+ dfa->states = (_ure_dstate_t *) malloc(sizeof(_ure_dstate_t) *
+ dfa->nstates);
+ dfa->trans = (_ure_trans_t *) malloc(sizeof(_ure_trans_t) * dfa->ntrans);
+
+ /*
+ * Actually transfer the DFA states from the buffer.
+ */
+ dsp = dfa->states;
+ tp = dfa->trans;
+ for (i = state = 0, sp = buf->states.states; i < buf->states.states_used;
+ i++, sp++) {
+ if (sp->id == state) {
+ dsp->trans = tp;
+ dsp->ntrans = sp->trans_used;
+ dsp->accepting = sp->accepting;
+
+ /*
+ * Add the transitions for the state.
+ */
+ for (j = 0; j < dsp->ntrans; j++, tp++) {
+ tp->symbol = sp->trans[j].lhs;
+ tp->next_state = buf->states.states[sp->trans[j].rhs].id;
+ }
+
+ dsp++;
+ state++;
+ }
+ }
+
+ return dfa;
+}
+
+void
+ure_dfa_free(ure_dfa_t dfa)
+{
+ ucs2_t i;
+
+ if (dfa == 0)
+ return;
+
+ for (i = 0; i < dfa->nsyms; i++) {
+ if ((dfa->syms[i].type == _URE_CCLASS ||
+ dfa->syms[i].type == _URE_NCCLASS) &&
+ dfa->syms[i].sym.ccl.ranges_size > 0)
+ free((char *) dfa->syms[i].sym.ccl.ranges);
+ }
+ if (dfa->nsyms > 0)
+ free((char *) dfa->syms);
+
+ if (dfa->nstates > 0)
+ free((char *) dfa->states);
+ if (dfa->ntrans > 0)
+ free((char *) dfa->trans);
+ free((char *) dfa);
+}
+
+void
+ure_write_dfa(ure_dfa_t dfa, FILE *out)
+{
+ ucs2_t i, j, k, h, l;
+ _ure_dstate_t *sp;
+ _ure_symtab_t *sym;
+ _ure_range_t *rp;
+
+ if (dfa == 0 || out == 0)
+ return;
+
+ /*
+ * Write all the different character classes.
+ */
+ for (i = 0, sym = dfa->syms; i < dfa->nsyms; i++, sym++) {
+ if (sym->type == _URE_CCLASS || sym->type == _URE_NCCLASS) {
+ fprintf(out, "C%hd = ", sym->id);
+ if (sym->sym.ccl.ranges_used > 0) {
+ putc('[', out);
+ if (sym->type == _URE_NCCLASS)
+ putc('^', out);
+ }
+ if (sym->props != 0) {
+ if (sym->type == _URE_NCCLASS)
+ fprintf(out, "\\P");
+ else
+ fprintf(out, "\\p");
+ for (k = h = 0; k < 32; k++) {
+ if (sym->props & (1 << k)) {
+ if (h != 0)
+ putc(',', out);
+ fprintf(out, "%hd", k + 1);
+ h = 1;
+ }
+ }
+ }
+ /*
+ * Dump the ranges.
+ */
+ for (k = 0, rp = sym->sym.ccl.ranges;
+ k < sym->sym.ccl.ranges_used; k++, rp++) {
+ /*
+ * Check for UTF16 characters.
+ */
+ if (0x10000 <= rp->min_code &&
+ rp->min_code <= 0x10ffff) {
+ h = (ucs2_t) (((rp->min_code - 0x10000) >> 10) + 0xd800);
+ l = (ucs2_t) (((rp->min_code - 0x10000) & 1023) + 0xdc00);
+ fprintf(out, "\\x%04hX\\x%04hX", h, l);
+ } else
+ fprintf(out, "\\x%04lX", rp->min_code & 0xffff);
+ if (rp->max_code != rp->min_code) {
+ putc('-', out);
+ if (rp->max_code >= 0x10000 &&
+ rp->max_code <= 0x10ffff) {
+ h = (ucs2_t) (((rp->max_code - 0x10000) >> 10) + 0xd800);
+ l = (ucs2_t) (((rp->max_code - 0x10000) & 1023) + 0xdc00);
+ fprintf(out, "\\x%04hX\\x%04hX", h, l);
+ } else
+ fprintf(out, "\\x%04lX", rp->max_code & 0xffff);
+ }
+ }
+ if (sym->sym.ccl.ranges_used > 0)
+ putc(']', out);
+ putc('\n', out);
+ }
+ }
+
+ for (i = 0, sp = dfa->states; i < dfa->nstates; i++, sp++) {
+ fprintf(out, "S%hd = ", i);
+ if (sp->accepting) {
+ fprintf(out, "1 ");
+ if (sp->ntrans)
+ fprintf(out, "| ");
+ }
+ for (j = 0; j < sp->ntrans; j++) {
+ if (j > 0)
+ fprintf(out, "| ");
+
+ sym = dfa->syms + sp->trans[j].symbol;
+ switch (sym->type) {
+ case _URE_CHAR:
+ if (0x10000 <= sym->sym.chr && sym->sym.chr <= 0x10ffff) {
+ /*
+ * Take care of UTF16 characters.
+ */
+ h = (ucs2_t) (((sym->sym.chr - 0x10000) >> 10) + 0xd800);
+ l = (ucs2_t) (((sym->sym.chr - 0x10000) & 1023) + 0xdc00);
+ fprintf(out, "\\x%04hX\\x%04hX ", h, l);
+ } else
+ fprintf(out, "\\x%04lX ", sym->sym.chr & 0xffff);
+ break;
+ case _URE_ANY_CHAR:
+ fprintf(out, "<any> ");
+ break;
+ case _URE_BOL_ANCHOR:
+ fprintf(out, "<bol-anchor> ");
+ break;
+ case _URE_EOL_ANCHOR:
+ fprintf(out, "<eol-anchor> ");
+ break;
+ case _URE_CCLASS:
+ case _URE_NCCLASS:
+ fprintf(out, "[C%hd] ", sym->id);
+ break;
+ }
+ fprintf(out, "S%hd", sp->trans[j].next_state);
+ if (j + 1 < sp->ntrans)
+ putc(' ', out);
+ }
+ putc('\n', out);
+ }
+}
+
+#define _ure_issep(cc) ((cc) == '\n' || (cc) == '\r' || (cc) == 0x2028 ||\
+ (cc) == 0x2029)
+
+int
+ure_exec(ure_dfa_t dfa, int flags, ucs2_t *text, unsigned long textlen,
+ unsigned long *match_start, unsigned long *match_end)
+{
+ int i, j, matched, found, skip;
+ unsigned long ms, me;
+ ucs4_t c;
+ ucs2_t *sp, *ep, *lp;
+ _ure_dstate_t *stp;
+ _ure_symtab_t *sym;
+ _ure_range_t *rp;
+
+ if (dfa == 0 || text == 0)
+ return 0;
+
+ /*
+ * Handle the special case of an empty string matching the "^$" pattern.
+ */
+ if (textlen == 0 && (dfa->flags & _URE_DFA_BLANKLINE)) {
+ *match_start = *match_end = 0;
+ return 1;
+ }
+
+ sp = text;
+ ep = sp + textlen;
+
+ ms = me = ~0;
+
+ stp = dfa->states;
+
+ for (found = skip = 0; found == 0 && sp < ep; ) {
+ lp = sp;
+ c = *sp++;
+
+ /*
+ * Check to see if this is a high surrogate that should be
+ * combined with a following low surrogate.
+ */
+ if (sp < ep && 0xd800 <= c && c <= 0xdbff &&
+ 0xdc00 <= *sp && *sp <= 0xdfff)
+ c = 0x10000 + (((c & 0x03ff) << 10) | (*sp++ & 0x03ff));
+
+ /*
+ * Determine if the character is non-spacing and should be skipped.
+ */
+ if (_ure_matches_properties(_URE_NONSPACING, c) &&
+ (flags & URE_IGNORE_NONSPACING)) {
+ sp++;
+ continue;
+ }
+
+ if (dfa->flags & _URE_DFA_CASEFOLD)
+ c = _ure_tolower(c);
+
+ /*
+ * See if one of the transitions matches.
+ */
+ for (i = 0, matched = 0; matched == 0 && i < stp->ntrans; i++) {
+ sym = dfa->syms + stp->trans[i].symbol;
+ switch (sym->type) {
+ case _URE_ANY_CHAR:
+ if ((flags & URE_DOT_MATCHES_SEPARATORS) ||
+ !_ure_issep(c))
+ matched = 1;
+ break;
+ case _URE_CHAR:
+ if (c == sym->sym.chr)
+ matched = 1;
+ break;
+ case _URE_BOL_ANCHOR:
+ if (lp == text) {
+ sp = lp;
+ matched = 1;
+ } else if (_ure_issep(c)) {
+ if (c == '\r' && sp < ep && *sp == '\n')
+ sp++;
+ lp = sp;
+ matched = 1;
+ }
+ break;
+ case _URE_EOL_ANCHOR:
+ if (_ure_issep(c)) {
+ /*
+ * Put the pointer back before the separator so the match
+ * end position will be correct. This case will also
+ * cause the `sp' pointer to be advanced over the current
+ * separator once the match end point has been recorded.
+ */
+ sp = lp;
+ matched = 1;
+ }
+ break;
+ case _URE_CCLASS:
+ case _URE_NCCLASS:
+ if (sym->props != 0)
+ matched = _ure_matches_properties(sym->props, c);
+ for (j = 0, rp = sym->sym.ccl.ranges;
+ j < sym->sym.ccl.ranges_used; j++, rp++) {
+ if (rp->min_code <= c && c <= rp->max_code)
+ matched = 1;
+ }
+ if (sym->type == _URE_NCCLASS)
+ matched = !matched;
+ break;
+ }
+
+ if (matched) {
+ if (ms == ~0UL)
+ ms = lp - text;
+ else
+ me = sp - text;
+ stp = dfa->states + stp->trans[i].next_state;
+
+ /*
+ * If the match was an EOL anchor, adjust the pointer past the
+ * separator that caused the match. The correct match
+ * position has been recorded already.
+ */
+ if (sym->type == _URE_EOL_ANCHOR) {
+ /*
+ * Skip the character that caused the match.
+ */
+ sp++;
+
+ /*
+ * Handle the infamous CRLF situation.
+ */
+ if (sp < ep && c == '\r' && *sp == '\n')
+ sp++;
+ }
+ }
+ }
+
+ if (matched == 0) {
+ if (stp->accepting == 0) {
+ /*
+ * If the last state was not accepting, then reset
+ * and start over.
+ */
+ stp = dfa->states;
+ ms = me = ~0;
+ } else
+ /*
+ * The last state was accepting, so terminate the matching
+ * loop to avoid more work.
+ */
+ found = 1;
+ } else if (sp == ep) {
+ if (!stp->accepting) {
+ /*
+ * This ugly hack is to make sure the end-of-line anchors
+ * match when the source text hits the end. This is only done
+ * if the last subexpression matches.
+ */
+ for (i = 0; found == 0 && i < stp->ntrans; i++) {
+ sym = dfa->syms + stp->trans[i].symbol;
+ if (sym->type ==_URE_EOL_ANCHOR) {
+ stp = dfa->states + stp->trans[i].next_state;
+ if (stp->accepting) {
+ me = sp - text;
+ found = 1;
+ } else
+ break;
+ }
+ }
+ } else {
+ /*
+ * Make sure any conditions that match all the way to the end
+ * of the string match.
+ */
+ found = 1;
+ me = sp - text;
+ }
+ }
+ }
+
+ if (found == 0)
+ ms = me = ~0;
+
+ *match_start = ms;
+ *match_end = me;
+
+ return (ms != ~0UL) ? 1 : 0;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/ure.h
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/ure.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/ure.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,154 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/ure.h,v 1.11.2.3 2007/01/02 21:43:51 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Copyright 1997, 1998, 1999 Computing Research Labs,
+ * New Mexico State University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+/* $Id: ure.h,v 1.2 1999/09/21 15:47:44 mleisher Exp $ */
+
+#ifndef _h_ure
+#define _h_ure
+
+#include "portable.h"
+
+
+#include <stdio.h>
+
+LDAP_BEGIN_DECL
+
+/*
+ * Set of character class flags.
+ */
+#define _URE_NONSPACING 0x00000001
+#define _URE_COMBINING 0x00000002
+#define _URE_NUMDIGIT 0x00000004
+#define _URE_NUMOTHER 0x00000008
+#define _URE_SPACESEP 0x00000010
+#define _URE_LINESEP 0x00000020
+#define _URE_PARASEP 0x00000040
+#define _URE_CNTRL 0x00000080
+#define _URE_PUA 0x00000100
+
+#define _URE_UPPER 0x00000200
+#define _URE_LOWER 0x00000400
+#define _URE_TITLE 0x00000800
+#define _URE_MODIFIER 0x00001000
+#define _URE_OTHERLETTER 0x00002000
+#define _URE_DASHPUNCT 0x00004000
+#define _URE_OPENPUNCT 0x00008000
+#define _URE_CLOSEPUNCT 0x00010000
+#define _URE_OTHERPUNCT 0x00020000
+#define _URE_MATHSYM 0x00040000
+#define _URE_CURRENCYSYM 0x00080000
+#define _URE_OTHERSYM 0x00100000
+
+#define _URE_LTR 0x00200000
+#define _URE_RTL 0x00400000
+
+#define _URE_EURONUM 0x00800000
+#define _URE_EURONUMSEP 0x01000000
+#define _URE_EURONUMTERM 0x02000000
+#define _URE_ARABNUM 0x04000000
+#define _URE_COMMONSEP 0x08000000
+
+#define _URE_BLOCKSEP 0x10000000
+#define _URE_SEGMENTSEP 0x20000000
+
+#define _URE_WHITESPACE 0x40000000
+#define _URE_OTHERNEUT 0x80000000
+
+/*
+ * Error codes.
+ */
+#define _URE_OK 0
+#define _URE_UNEXPECTED_EOS -1
+#define _URE_CCLASS_OPEN -2
+#define _URE_UNBALANCED_GROUP -3
+#define _URE_INVALID_PROPERTY -4
+
+/*
+ * Options that can be combined for searching.
+ */
+#define URE_IGNORE_NONSPACING 0x01
+#define URE_DOT_MATCHES_SEPARATORS 0x02
+
+typedef unsigned long ucs4_t;
+typedef unsigned short ucs2_t;
+
+/*
+ * Opaque type for memory used when compiling expressions.
+ */
+typedef struct _ure_buffer_t *ure_buffer_t;
+
+/*
+ * Opaque type for the minimal DFA used when matching.
+ */
+typedef struct _ure_dfa_t *ure_dfa_t;
+
+/*************************************************************************
+ *
+ * API.
+ *
+ *************************************************************************/
+
+LDAP_LUNICODE_F (ure_buffer_t) ure_buffer_create LDAP_P((void));
+
+LDAP_LUNICODE_F (void) ure_buffer_free LDAP_P((ure_buffer_t buf));
+
+LDAP_LUNICODE_F (ure_dfa_t)
+ure_compile LDAP_P((ucs2_t *re, unsigned long relen,
+ int casefold, ure_buffer_t buf));
+
+LDAP_LUNICODE_F (void) ure_dfa_free LDAP_P((ure_dfa_t dfa));
+
+LDAP_LUNICODE_F (void) ure_write_dfa LDAP_P((ure_dfa_t dfa, FILE *out));
+
+LDAP_LUNICODE_F (int)
+ure_exec LDAP_P((ure_dfa_t dfa, int flags, ucs2_t *text,
+ unsigned long textlen, unsigned long *match_start,
+ unsigned long *match_end));
+
+/*************************************************************************
+ *
+ * Prototypes for stub functions used for URE. These need to be rewritten to
+ * use the Unicode support available on the system.
+ *
+ *************************************************************************/
+
+LDAP_LUNICODE_F (ucs4_t) _ure_tolower LDAP_P((ucs4_t c));
+
+LDAP_LUNICODE_F (int)
+_ure_matches_properties LDAP_P((unsigned long props, ucs4_t c));
+
+LDAP_END_DECL
+
+#endif /* _h_ure */
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/urestubs.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/urestubs.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/ure/urestubs.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,127 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/urestubs.c,v 1.12.2.3 2007/01/02 21:43:51 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/*
+ * Copyright 1997, 1998, 1999 Computing Research Labs,
+ * New Mexico State University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+/* $Id: urestubs.c,v 1.2 1999/09/21 15:47:44 mleisher Exp $" */
+
+#include "portable.h"
+#include <ac/bytes.h>
+
+#include "ure.h"
+
+#ifdef _MSC_VER
+# include "../ucdata/ucdata.h"
+#else
+# include "ucdata.h"
+#endif
+
+/*
+ * This file contains stub routines needed by the URE package to test
+ * character properties and other Unicode implementation specific details.
+ */
+
+/*
+ * This routine should return the lower case equivalent for the character or,
+ * if there is no lower case quivalent, the character itself.
+ */
+ucs4_t _ure_tolower(ucs4_t c)
+{
+ return uctoupper(c);
+}
+
+static struct ucmaskmap {
+ unsigned long mask1;
+ unsigned long mask2;
+} masks[32] = {
+ { UC_MN, 0 }, /* _URE_NONSPACING */
+ { UC_MC, 0 }, /* _URE_COMBINING */
+ { UC_ND, 0 }, /* _URE_NUMDIGIT */
+ { UC_NL|UC_NO, 0 }, /* _URE_NUMOTHER */
+ { UC_ZS, 0 }, /* _URE_SPACESEP */
+ { UC_ZL, 0 }, /* _URE_LINESEP */
+ { UC_ZP, 0 }, /* _URE_PARASEP */
+ { UC_CC, 0 }, /* _URE_CNTRL */
+ { UC_CO, 0 }, /* _URE_PUA */
+
+ { UC_LU, 0 }, /* _URE_UPPER */
+ { UC_LL, 0 }, /* _URE_LOWER */
+ { UC_LT, 0 }, /* _URE_TITLE */
+ { UC_LM, 0 }, /* _URE_MODIFIER */
+ { UC_LO, 0 }, /* _URE_OTHERLETTER */
+ { UC_PD, 0 }, /* _URE_DASHPUNCT */
+ { UC_PS, 0 }, /* _URE_OPENPUNCT */
+ { UC_PC, 0 }, /* _URE_CLOSEPUNCT */
+ { UC_PO, 0 }, /* _URE_OTHERPUNCT */
+ { UC_SM, 0 }, /* _URE_MATHSYM */
+ { UC_SC, 0 }, /* _URE_CURRENCYSYM */
+ { UC_SO, 0 }, /* _URE_OTHERSYM */
+
+ { UC_L, 0 }, /* _URE_LTR */
+ { UC_R, 0 }, /* _URE_RTL */
+
+ { 0, UC_EN }, /* _URE_EURONUM */
+ { 0, UC_ES }, /* _URE_EURONUMSEP */
+ { 0, UC_ET }, /* _URE_EURONUMTERM */
+ { 0, UC_AN }, /* _URE_ARABNUM */
+ { 0, UC_CS }, /* _URE_COMMONSEP */
+
+ { 0, UC_B }, /* _URE_BLOCKSEP */
+ { 0, UC_S }, /* _URE_SEGMENTSEP */
+
+ { 0, UC_WS }, /* _URE_WHITESPACE */
+ { 0, UC_ON } /* _URE_OTHERNEUT */
+};
+
+
+/*
+ * This routine takes a set of URE character property flags (see ure.h) along
+ * with a character and tests to see if the character has one or more of those
+ * properties.
+ */
+int
+_ure_matches_properties(unsigned long props, ucs4_t c)
+{
+ int i;
+ unsigned long mask1=0, mask2=0;
+
+ for( i=0; i<32; i++ ) {
+ if( props & (1 << i) ) {
+ mask1 |= masks[i].mask1;
+ mask2 |= masks[i].mask2;
+ }
+ }
+
+ return ucisprop( mask1, mask2, c );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/README
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,121 @@
+#
+# $Id: README,v 1.1 1999/09/21 15:45:17 mleisher Exp $
+#
+# Copyright 1997, 1998, 1999 Computing Research Labs,
+# New Mexico State University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+# OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+ Unicode and Boyer-Moore Searching
+ Version 0.2
+
+UTBM (Unicode Tuned Boyer-Moore) is a simple package that provides tuned
+Boyer-Moore searches on Unicode UCS2 text (handles high and low surrogates).
+
+---------------------------------------------------------------------------
+
+Assumptions:
+
+ o Search pattern and text already normalized in some fasion.
+
+ o Upper, lower, and title case conversions are one-to-one.
+
+ o For conversions between upper, lower, and title case, UCS2 characters
+ always convert to other UCS2 characters, and UTF-16 characters always
+ convert to other UTF-16 characters.
+
+Flags:
+
+ UTBM provides three processing flags:
+
+ o UTBM_CASEFOLD - search in a case-insensitive manner.
+
+ o UTBM_IGNORE_NONSPACING - ignore non-spacing characters in the pattern and
+ the text.
+
+ o UTBM_SPACE_COMPRESS - view as a *single space*, sequential groups of
+ U+2028, U+2029, '\n', '\r', '\t', and any
+ character identified as a space by the Unicode
+ support on the platform.
+
+ This flag also causes all characters identified
+ as control by the Unicode support on the
+ platform to be ignored (except for '\n', '\r',
+ and '\t').
+
+---------------------------------------------------------------------------
+
+Before using UTBM
+-----------------
+Before UTBM is used, some functions need to be created. The "utbmstub.c" file
+contains stubs that need to be rewritten so they work with the Unicode support
+on the platform on which this package is being used.
+
+Using UTBM
+----------
+
+Sample pseudo-code fragment.
+
+ utbm_pattern_t pat;
+ ucs2_t *pattern, *text;
+ unsigned long patternlen, textlen;
+ unsigned long flags, match_start, match_end;
+
+ /*
+ * Allocate the dynamic storage needed for a search pattern.
+ */
+ pat = utbm_create_pattern();
+
+ /*
+ * Set the search flags desired.
+ */
+ flags = UTBM_CASEFOLD|UTBM_IGNORE_NONSPACING;
+
+ /*
+ * Compile the search pattern.
+ */
+ utbm_compile(pattern, patternlen, flags, pat);
+
+ /*
+ * Find the first occurance of the search pattern in the text.
+ */
+ if (utbm_exec(pat, text, textlen, &match_start, &match_end))
+ printf("MATCH: %ld %ld\n", match_start, match_end);
+
+ /*
+ * Free the dynamic storage used for the search pattern.
+ */
+ ure_free_pattern(pat);
+
+---------------------------------------------------------------------------
+
+Mark Leisher <mleisher at crl.nmsu.edu>
+2 May 1997
+
+===========================================================================
+
+CHANGES
+-------
+
+Version: 0.2
+Date : 21 September 1999
+==========================
+ 1. Added copyright stuff and put in CVS.
+
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/utbm.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/utbm.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/utbm.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,472 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbm.c,v 1.5.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Copyright 1997, 1998, 1999 Computing Research Labs,
+ * New Mexico State University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+/* $Id: utbm.c,v 1.1 1999/09/21 15:45:17 mleisher Exp $ */
+
+/*
+ * Assumptions:
+ * 1. Case conversions of UTF-16 characters must also be UTF-16 characters.
+ * 2. Case conversions are all one-to-one.
+ * 3. Text and pattern have already been normalized in some fashion.
+ */
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include "utbm.h"
+
+/*
+ * Single pattern character.
+ */
+typedef struct {
+ ucs4_t lc;
+ ucs4_t uc;
+ ucs4_t tc;
+} _utbm_char_t;
+
+typedef struct {
+ _utbm_char_t *ch;
+ unsigned long skip;
+} _utbm_skip_t;
+
+typedef struct _utbm_pattern_t {
+ unsigned long flags;
+
+ _utbm_char_t *pat;
+ unsigned long pat_used;
+ unsigned long pat_size;
+ unsigned long patlen;
+
+ _utbm_skip_t *skip;
+ unsigned long skip_used;
+ unsigned long skip_size;
+
+ unsigned long md4;
+} _utbm_pattern_t;
+
+/*************************************************************************
+ *
+ * Support functions.
+ *
+ *************************************************************************/
+
+/*
+ * Routine to look up the skip value for a character.
+ */
+static unsigned long
+_utbm_skip(utbm_pattern_t p, ucs2_t *start, ucs2_t *end)
+{
+ unsigned long i;
+ ucs4_t c1, c2;
+ _utbm_skip_t *sp;
+
+ if (start >= end)
+ return 0;
+
+ c1 = *start;
+ c2 = (start + 1 < end) ? *(start + 1) : ~0;
+ if (0xd800 <= c1 && c1 <= 0xdbff && 0xdc00 <= c2 && c2 <= 0xdfff)
+ c1 = 0x10000 + (((c1 & 0x03ff) << 10) | (c2 & 0x03ff));
+
+ for (i = 0, sp = p->skip; i < p->skip_used; i++, sp++) {
+ if (!((c1 ^ sp->ch->uc) & (c1 ^ sp->ch->lc) & (c1 ^ sp->ch->tc))) {
+ return ((unsigned long) (end - start) < sp->skip) ?
+ end - start : sp->skip;
+ }
+ }
+ return p->patlen;
+}
+
+static int
+_utbm_match(utbm_pattern_t pat, ucs2_t *text, ucs2_t *start, ucs2_t *end,
+ unsigned long *match_start, unsigned long *match_end)
+{
+ int check_space;
+ ucs4_t c1, c2;
+ unsigned long count;
+ _utbm_char_t *cp;
+
+ /*
+ * Set the potential match endpoint first.
+ */
+ *match_end = (start - text) + 1;
+
+ c1 = *start;
+ c2 = (start + 1 < end) ? *(start + 1) : ~0;
+ if (0xd800 <= c1 && c1 <= 0xdbff && 0xdc00 <= c2 && c2 <= 0xdfff) {
+ c1 = 0x10000 + (((c1 & 0x03ff) << 10) | (c2 & 0x03ff));
+ /*
+ * Adjust the match end point to occur after the UTF-16 character.
+ */
+ *match_end = *match_end + 1;
+ }
+
+ if (pat->pat_used == 1) {
+ *match_start = start - text;
+ return 1;
+ }
+
+ /*
+ * Compare backward.
+ */
+ cp = pat->pat + (pat->pat_used - 1);
+
+ for (count = pat->patlen; start > text && count > 0;) {
+ /*
+ * Ignore non-spacing characters if indicated.
+ */
+ if (pat->flags & UTBM_IGNORE_NONSPACING) {
+ while (start > text && _utbm_nonspacing(c1)) {
+ c2 = *--start;
+ c1 = (start - 1 > text) ? *(start - 1) : ~0;
+ if (0xdc00 <= c2 && c2 <= 0xdfff &&
+ 0xd800 <= c1 && c1 <= 0xdbff) {
+ c1 = 0x10000 + (((c1 & 0x03ff) << 10) | (c2 & 0x03ff));
+ start--;
+ } else
+ c1 = c2;
+ }
+ }
+
+ /*
+ * Handle space compression if indicated.
+ */
+ if (pat->flags & UTBM_SPACE_COMPRESS) {
+ check_space = 0;
+ while (start > text &&
+ (_utbm_isspace(c1, 1) || _utbm_iscntrl(c1))) {
+ check_space = _utbm_isspace(c1, 1);
+ c2 = *--start;
+ c1 = (start - 1 > text) ? *(start - 1) : ~0;
+ if (0xdc00 <= c2 && c2 <= 0xdfff &&
+ 0xd800 <= c1 && c1 <= 0xdbff) {
+ c1 = 0x10000 + (((c1 & 0x03ff) << 10) | (c2 & 0x03ff));
+ start--;
+ } else
+ c1 = c2;
+ }
+ /*
+ * Handle things if space compression was indicated and one or
+ * more member characters were found.
+ */
+ if (check_space) {
+ if (cp->uc != ' ')
+ return 0;
+ cp--;
+ count--;
+ }
+ }
+
+ /*
+ * Handle the normal comparison cases.
+ */
+ if (count > 0 && ((c1 ^ cp->uc) & (c1 ^ cp->lc) & (c1 ^ cp->tc)))
+ return 0;
+
+ count -= (c1 >= 0x10000) ? 2 : 1;
+ if (count > 0) {
+ cp--;
+
+ /*
+ * Get the next preceding character.
+ */
+ if (start > text) {
+ c2 = *--start;
+ c1 = (start - 1 > text) ? *(start - 1) : ~0;
+ if (0xdc00 <= c2 && c2 <= 0xdfff &&
+ 0xd800 <= c1 && c1 <= 0xdbff) {
+ c1 = 0x10000 + (((c1 & 0x03ff) << 10) | (c2 & 0x03ff));
+ start--;
+ } else
+ c1 = c2;
+ }
+ }
+ }
+
+ /*
+ * Set the match start position.
+ */
+ *match_start = start - text;
+ return 1;
+}
+
+/*************************************************************************
+ *
+ * API.
+ *
+ *************************************************************************/
+
+utbm_pattern_t
+utbm_create_pattern(void)
+{
+ utbm_pattern_t p;
+
+ p = (utbm_pattern_t) malloc(sizeof(_utbm_pattern_t));
+ (void) memset((char *) p, '\0', sizeof(_utbm_pattern_t));
+ return p;
+}
+
+void
+utbm_free_pattern(utbm_pattern_t pattern)
+{
+ if (pattern == 0)
+ return;
+
+ if (pattern->pat_size > 0)
+ free((char *) pattern->pat);
+
+ if (pattern->skip_size > 0)
+ free((char *) pattern->skip);
+
+ free((char *) pattern);
+}
+
+void
+utbm_compile(ucs2_t *pat, unsigned long patlen, unsigned long flags,
+ utbm_pattern_t p)
+{
+ int have_space;
+ unsigned long i, j, k, slen;
+ _utbm_char_t *cp;
+ _utbm_skip_t *sp;
+ ucs4_t c1, c2, sentinel;
+
+ if (p == 0 || pat == 0 || *pat == 0 || patlen == 0)
+ return;
+
+ /*
+ * Reset the pattern buffer.
+ */
+ p->patlen = p->pat_used = p->skip_used = 0;
+
+ /*
+ * Set the flags.
+ */
+ p->flags = flags;
+
+ /*
+ * Initialize the extra skip flag.
+ */
+ p->md4 = 1;
+
+ /*
+ * Allocate more storage if necessary.
+ */
+ if (patlen > p->pat_size) {
+ if (p->pat_size == 0) {
+ p->pat = (_utbm_char_t *) malloc(sizeof(_utbm_char_t) * patlen);
+ p->skip = (_utbm_skip_t *) malloc(sizeof(_utbm_skip_t) * patlen);
+ } else {
+ p->pat = (_utbm_char_t *)
+ realloc((char *) p->pat, sizeof(_utbm_char_t) * patlen);
+ p->skip = (_utbm_skip_t *)
+ realloc((char *) p->skip, sizeof(_utbm_skip_t) * patlen);
+ }
+ p->pat_size = p->skip_size = patlen;
+ }
+
+ /*
+ * Preprocess the pattern to remove controls (if specified) and determine
+ * case.
+ */
+ for (have_space = 0, cp = p->pat, i = 0; i < patlen; i++) {
+ c1 = pat[i];
+ c2 = (i + 1 < patlen) ? pat[i + 1] : ~0;
+ if (0xd800 <= c1 && c1 <= 0xdbff && 0xdc00 <= c2 && c2 <= 0xdfff)
+ c1 = 0x10000 + (((c1 & 0x03ff) << 10) | (c2 & 0x03ff));
+
+ /*
+ * Make sure the `have_space' flag is turned off if the character
+ * is not an appropriate one.
+ */
+ if (!_utbm_isspace(c1, flags & UTBM_SPACE_COMPRESS))
+ have_space = 0;
+
+ /*
+ * If non-spacing characters should be ignored, do it here.
+ */
+ if ((flags & UTBM_IGNORE_NONSPACING) && _utbm_nonspacing(c1))
+ continue;
+
+ /*
+ * Check if spaces and controls need to be compressed.
+ */
+ if (flags & UTBM_SPACE_COMPRESS) {
+ if (_utbm_isspace(c1, 1)) {
+ if (!have_space) {
+ /*
+ * Add a space and set the flag.
+ */
+ cp->uc = cp->lc = cp->tc = ' ';
+ cp++;
+
+ /*
+ * Increase the real pattern length.
+ */
+ p->patlen++;
+ sentinel = ' ';
+ have_space = 1;
+ }
+ continue;
+ }
+
+ /*
+ * Ignore all control characters.
+ */
+ if (_utbm_iscntrl(c1))
+ continue;
+ }
+
+ /*
+ * Add the character.
+ */
+ if (flags & UTBM_CASEFOLD) {
+ cp->uc = _utbm_toupper(c1);
+ cp->lc = _utbm_tolower(c1);
+ cp->tc = _utbm_totitle(c1);
+ } else
+ cp->uc = cp->lc = cp->tc = c1;
+
+ /*
+ * Set the sentinel character.
+ */
+ sentinel = cp->uc;
+
+ /*
+ * Move to the next character.
+ */
+ cp++;
+
+ /*
+ * Increase the real pattern length appropriately.
+ */
+ p->patlen += (c1 >= 0x10000) ? 2 : 1;
+
+ /*
+ * Increment the loop index for UTF-16 characters.
+ */
+ i += (c1 >= 0x10000) ? 1 : 0;
+
+ }
+
+ /*
+ * Set the number of characters actually used.
+ */
+ p->pat_used = cp - p->pat;
+
+ /*
+ * Go through and construct the skip array and determine the actual length
+ * of the pattern in UCS2 terms.
+ */
+ slen = p->patlen - 1;
+ cp = p->pat;
+ for (i = k = 0; i < p->pat_used; i++, cp++) {
+ /*
+ * Locate the character in the skip array.
+ */
+ for (sp = p->skip, j = 0;
+ j < p->skip_used && sp->ch->uc != cp->uc; j++, sp++) ;
+
+ /*
+ * If the character is not found, set the new skip element and
+ * increase the number of skip elements.
+ */
+ if (j == p->skip_used) {
+ sp->ch = cp;
+ p->skip_used++;
+ }
+
+ /*
+ * Set the updated skip value. If the character is UTF-16 and is
+ * not the last one in the pattern, add one to its skip value.
+ */
+ sp->skip = slen - k;
+ if (cp->uc >= 0x10000 && k + 2 < slen)
+ sp->skip++;
+
+ /*
+ * Set the new extra skip for the sentinel character.
+ */
+ if (((cp->uc >= 0x10000 && k + 2 <= slen) || k + 1 <= slen) &&
+ cp->uc == sentinel)
+ p->md4 = slen - k;
+
+ /*
+ * Increase the actual index.
+ */
+ k += (cp->uc >= 0x10000) ? 2 : 1;
+ }
+}
+
+int
+utbm_exec(utbm_pattern_t pat, ucs2_t *text, unsigned long textlen,
+ unsigned long *match_start, unsigned long *match_end)
+{
+ unsigned long k;
+ ucs2_t *start, *end;
+
+ if (pat == 0 || pat->pat_used == 0 || text == 0 || textlen == 0 ||
+ textlen < pat->patlen)
+ return 0;
+
+ start = text + pat->patlen;
+ end = text + textlen;
+
+ /*
+ * Adjust the start point if it points to a low surrogate.
+ */
+ if (0xdc00 <= *start && *start <= 0xdfff &&
+ 0xd800 <= *(start - 1) && *(start - 1) <= 0xdbff)
+ start--;
+
+ while (start < end) {
+ while ((k = _utbm_skip(pat, start, end))) {
+ start += k;
+ if (start < end && 0xdc00 <= *start && *start <= 0xdfff &&
+ 0xd800 <= *(start - 1) && *(start - 1) <= 0xdbff)
+ start--;
+ }
+
+ if (start < end &&
+ _utbm_match(pat, text, start, end, match_start, match_end))
+ return 1;
+
+ start += pat->md4;
+ if (start < end && 0xdc00 <= *start && *start <= 0xdfff &&
+ 0xd800 <= *(start - 1) && *(start - 1) <= 0xdbff)
+ start--;
+ }
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/utbm.h
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/utbm.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/utbm.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,114 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbm.h,v 1.6.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Copyright 1997, 1998, 1999 Computing Research Labs,
+ * New Mexico State University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+/* $Id: utbm.h,v 1.1 1999/09/21 15:45:18 mleisher Exp $ */
+
+#ifndef _h_utbm
+#define _h_utbm
+
+#include "portable.h"
+
+LDAP_BEGIN_DECL
+
+/*************************************************************************
+ *
+ * Types.
+ *
+ *************************************************************************/
+
+/*
+ * Fundamental character types.
+ */
+typedef unsigned long ucs4_t;
+typedef unsigned short ucs2_t;
+
+/*
+ * An opaque type used for the search pattern.
+ */
+typedef struct _utbm_pattern_t *utbm_pattern_t;
+
+/*************************************************************************
+ *
+ * Flags.
+ *
+ *************************************************************************/
+
+#define UTBM_CASEFOLD 0x01
+#define UTBM_IGNORE_NONSPACING 0x02
+#define UTBM_SPACE_COMPRESS 0x04
+
+/*************************************************************************
+ *
+ * API.
+ *
+ *************************************************************************/
+
+LDAP_LUNICODE_F (utbm_pattern_t) utbm_create_pattern LDAP_P((void));
+
+LDAP_LUNICODE_F (void) utbm_free_pattern LDAP_P((utbm_pattern_t pattern));
+
+LDAP_LUNICODE_F (void)
+utbm_compile LDAP_P((ucs2_t *pat, unsigned long patlen,
+ unsigned long flags, utbm_pattern_t pattern));
+
+LDAP_LUNICODE_F (int)
+utbm_exec LDAP_P((utbm_pattern_t pat, ucs2_t *text,
+ unsigned long textlen, unsigned long *match_start,
+ unsigned long *match_end));
+
+/*************************************************************************
+ *
+ * Prototypes for the stub functions needed.
+ *
+ *************************************************************************/
+
+LDAP_LUNICODE_F (int) _utbm_isspace LDAP_P((ucs4_t c, int compress));
+
+LDAP_LUNICODE_F (int) _utbm_iscntrl LDAP_P((ucs4_t c));
+
+LDAP_LUNICODE_F (int) _utbm_nonspacing LDAP_P((ucs4_t c));
+
+LDAP_LUNICODE_F (ucs4_t) _utbm_tolower LDAP_P((ucs4_t c));
+
+LDAP_LUNICODE_F (ucs4_t) _utbm_toupper LDAP_P((ucs4_t c));
+
+LDAP_LUNICODE_F (ucs4_t) _utbm_totitle LDAP_P((ucs4_t c));
+
+LDAP_END_DECL
+
+#endif
+
+
+#endif /* _h_utbm */
Added: openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/utbmstub.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/utbmstub.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblunicode/utbm/utbmstub.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,105 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbmstub.c,v 1.4.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Copyright 1997, 1998, 1999 Computing Research Labs,
+ * New Mexico State University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+/* $Id: utbmstub.c,v 1.1 1999/09/21 15:45:18 mleisher Exp $ */
+
+#include "utbm.h"
+
+/*
+ * This should be redefined to use the `isspace' function available in the
+ * Unicode support on the platform where this is being used.
+ */
+#define _platform_isspace(x) 0
+
+/*
+ * Return non-zero for any character that should be considered the equivalent
+ * of a space character. Return zero otherwise.
+ */
+int
+_utbm_isspace(ucs4_t c, int compress)
+{
+ if (compress)
+ return (c == 0x09 || c == 0x0a || c == 0x0d ||
+ c == 0x2028 || c == 0x2029 || _platform_isspace(c)) ? 1 : 0;
+
+ return _platform_isspace(c);
+
+}
+
+/*
+ * Return non-zero if the character is a control character, or zero otherwise.
+ */
+int
+_utbm_iscntrl(ucs4_t c)
+{
+ return 0;
+}
+
+/*
+ * Return non-zero if the character is a non-spacing character, or zero
+ * otherwise.
+ */
+int
+_utbm_nonspacing(ucs4_t c)
+{
+ return 0;
+}
+
+/*
+ * Convert a character to lower case.
+ */
+ucs4_t
+_utbm_tolower(ucs4_t c)
+{
+ return c;
+}
+
+/*
+ * Convert a character to upper case.
+ */
+ucs4_t
+_utbm_toupper(ucs4_t c)
+{
+ return c;
+}
+
+/*
+ * Convert a character to title case.
+ */
+ucs4_t
+_utbm_totitle(ucs4_t c)
+{
+ return c;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,59 @@
+# Makefile for -llutil
+# $OpenLDAP: pkg/ldap/libraries/liblutil/Makefile.in,v 1.33.2.5 2007/01/02 21:43:52 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+LIBRARY = liblutil.a
+PROGRAM = testavl
+
+LDAP_INCDIR= ../../include
+LDAP_LIBDIR= ../../libraries
+
+NT_SRCS = ntservice.c
+NT_OBJS = ntservice.o slapdmsg.res
+
+UNIX_SRCS = detach.c
+UNIX_OBJS = detach.o
+
+XLIBS = $(LIBRARY) $(LDAP_LIBLBER_LA)
+
+SRCS = base64.c csn.c entropy.c sasl.c signal.c hash.c passfile.c \
+ md5.c passwd.c sha1.c getpass.c lockf.c utils.c uuid.c sockpair.c \
+ avl.c tavl.c ldif.c fetch.c \
+ testavl.c \
+ @LIBSRCS@ $(@PLAT at _SRCS)
+
+OBJS = base64.o csn.o entropy.o sasl.o signal.o hash.o passfile.o \
+ md5.o passwd.o sha1.o getpass.o lockf.o utils.o uuid.o sockpair.o \
+ avl.o tavl.o ldif.o fetch.o \
+ @LIBOBJS@ $(@PLAT at _OBJS)
+
+testavl: $(XLIBS) testavl.o
+ (LTLINK) -o $@ testavl.o $(LIBS)
+
+testtavl: $(XLIBS) testtavl.o
+ (LTLINK) -o $@ testtavl.o $(LIBS)
+
+# These rules are for a Mingw32 build, specifically.
+# It's ok for them to be here because the clean rule is harmless, and
+# slapdmsg.res won't get built unless it's declared in OBJS.
+
+slapdmsg.bin: FORCE
+ @if [ ! -f $@ ]; then cp $(srcdir)/$@ .; fi
+
+slapdmsg.res: slapdmsg.rc slapdmsg.bin
+ windres $< -O coff -o $@
+
+clean-local:
+ $(RM) *.res
+
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/avl.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/avl.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/avl.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,665 @@
+/* avl.c - routines to implement an avl tree */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/avl.c,v 1.3.2.5 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1993 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP). Additional significant contributors
+ * include:
+ * Howard Y. Chu
+ * Hallvard B. Furuseth
+ * Kurt D. Zeilenga
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#ifdef CSRIMALLOC
+#define ber_memalloc malloc
+#define ber_memrealloc realloc
+#define ber_memfree free
+#else
+#include "lber.h"
+#endif
+
+#define AVL_INTERNAL
+#include "avl.h"
+
+static const int avl_bfs[] = {LH, RH};
+
+/*
+ * avl_insert -- insert a node containing data data into the avl tree
+ * with root root. fcmp is a function to call to compare the data portion
+ * of two nodes. it should take two arguments and return <, >, or == 0,
+ * depending on whether its first argument is <, >, or == its second
+ * argument (like strcmp, e.g.). fdup is a function to call when a duplicate
+ * node is inserted. it should return 0, or -1 and its return value
+ * will be the return value from avl_insert in the case of a duplicate node.
+ * the function will be called with the original node's data as its first
+ * argument and with the incoming duplicate node's data as its second
+ * argument. this could be used, for example, to keep a count with each
+ * node.
+ *
+ * NOTE: this routine may malloc memory
+ */
+int
+avl_insert( Avlnode ** root, void *data, AVL_CMP fcmp, AVL_DUP fdup )
+{
+ Avlnode *t, *p, *s, *q, *r;
+ int a, cmp, ncmp;
+
+ if ( *root == NULL ) {
+ if (( r = (Avlnode *) ber_memalloc( sizeof( Avlnode ))) == NULL ) {
+ return( -1 );
+ }
+ r->avl_link[0] = r->avl_link[1] = NULL;
+ r->avl_data = data;
+ r->avl_bf = EH;
+ *root = r;
+
+ return( 0 );
+ }
+
+ t = NULL;
+ s = p = *root;
+
+ /* find insertion point */
+ while (1) {
+ cmp = fcmp( data, p->avl_data );
+ if ( cmp == 0 )
+ return (*fdup)( p->avl_data, data );
+
+ cmp = (cmp > 0);
+ q = p->avl_link[cmp];
+ if (q == NULL) {
+ /* insert */
+ if (( q = (Avlnode *) ber_memalloc( sizeof( Avlnode ))) == NULL ) {
+ return( -1 );
+ }
+ q->avl_link[0] = q->avl_link[1] = NULL;
+ q->avl_data = data;
+ q->avl_bf = EH;
+
+ p->avl_link[cmp] = q;
+ break;
+ } else if ( q->avl_bf ) {
+ t = p;
+ s = q;
+ }
+ p = q;
+ }
+
+ /* adjust balance factors */
+ cmp = fcmp( data, s->avl_data ) > 0;
+ r = p = s->avl_link[cmp];
+ a = avl_bfs[cmp];
+
+ while ( p != q ) {
+ cmp = fcmp( data, p->avl_data ) > 0;
+ p->avl_bf = avl_bfs[cmp];
+ p = p->avl_link[cmp];
+ }
+
+ /* checks and balances */
+
+ if ( s->avl_bf == EH ) {
+ s->avl_bf = a;
+ return 0;
+ } else if ( s->avl_bf == -a ) {
+ s->avl_bf = EH;
+ return 0;
+ } else if ( s->avl_bf == a ) {
+ cmp = (a > 0);
+ ncmp = !cmp;
+ if ( r->avl_bf == a ) {
+ /* single rotation */
+ p = r;
+ s->avl_link[cmp] = r->avl_link[ncmp];
+ r->avl_link[ncmp] = s;
+ s->avl_bf = 0;
+ r->avl_bf = 0;
+ } else if ( r->avl_bf == -a ) {
+ /* double rotation */
+ p = r->avl_link[ncmp];
+ r->avl_link[ncmp] = p->avl_link[cmp];
+ p->avl_link[cmp] = r;
+ s->avl_link[cmp] = p->avl_link[ncmp];
+ p->avl_link[ncmp] = s;
+
+ if ( p->avl_bf == a ) {
+ s->avl_bf = -a;
+ r->avl_bf = 0;
+ } else if ( p->avl_bf == -a ) {
+ s->avl_bf = 0;
+ r->avl_bf = a;
+ } else {
+ s->avl_bf = 0;
+ r->avl_bf = 0;
+ }
+ p->avl_bf = 0;
+ }
+ /* Update parent */
+ if ( t == NULL )
+ *root = p;
+ else if ( s == t->avl_right )
+ t->avl_right = p;
+ else
+ t->avl_left = p;
+ }
+
+ return 0;
+}
+
+void*
+avl_delete( Avlnode **root, void* data, AVL_CMP fcmp )
+{
+ Avlnode *p, *q, *r, *top;
+ int side, side_bf, shorter, nside;
+
+ /* parent stack */
+ Avlnode *pptr[sizeof(void *)*8];
+ unsigned char pdir[sizeof(void *)*8];
+ int depth = 0;
+
+ if ( *root == NULL )
+ return NULL;
+
+ p = *root;
+
+ while (1) {
+ side = fcmp( data, p->avl_data );
+ if ( !side )
+ break;
+ side = ( side > 0 );
+ pdir[depth] = side;
+ pptr[depth++] = p;
+
+ p = p->avl_link[side];
+ if ( p == NULL )
+ return p;
+ }
+ data = p->avl_data;
+
+ /* If this node has two children, swap so we are deleting a node with
+ * at most one child.
+ */
+ if ( p->avl_link[0] && p->avl_link[1] ) {
+
+ /* find the immediate predecessor <q> */
+ q = p->avl_link[0];
+ side = depth;
+ pdir[depth++] = 0;
+ while (q->avl_link[1]) {
+ pdir[depth] = 1;
+ pptr[depth++] = q;
+ q = q->avl_link[1];
+ }
+ /* swap links */
+ r = p->avl_link[0];
+ p->avl_link[0] = q->avl_link[0];
+ q->avl_link[0] = r;
+
+ q->avl_link[1] = p->avl_link[1];
+ p->avl_link[1] = NULL;
+
+ q->avl_bf = p->avl_bf;
+
+ /* fix stack positions: old parent of p points to q */
+ pptr[side] = q;
+ if ( side ) {
+ r = pptr[side-1];
+ r->avl_link[pdir[side-1]] = q;
+ } else {
+ *root = q;
+ }
+ /* new parent of p points to p */
+ if ( depth-side > 1 ) {
+ r = pptr[depth-1];
+ r->avl_link[1] = p;
+ } else {
+ q->avl_link[0] = p;
+ }
+ }
+
+ /* now <p> has at most one child, get it */
+ q = p->avl_link[0] ? p->avl_link[0] : p->avl_link[1];
+
+ ber_memfree( p );
+
+ if ( !depth ) {
+ *root = q;
+ return data;
+ }
+
+ /* set the child into p's parent */
+ depth--;
+ p = pptr[depth];
+ side = pdir[depth];
+ p->avl_link[side] = q;
+
+ top = NULL;
+ shorter = 1;
+
+ while ( shorter ) {
+ p = pptr[depth];
+ side = pdir[depth];
+ nside = !side;
+ side_bf = avl_bfs[side];
+
+ /* case 1: height unchanged */
+ if ( p->avl_bf == EH ) {
+ /* Tree is now heavier on opposite side */
+ p->avl_bf = avl_bfs[nside];
+ shorter = 0;
+
+ } else if ( p->avl_bf == side_bf ) {
+ /* case 2: taller subtree shortened, height reduced */
+ p->avl_bf = EH;
+ } else {
+ /* case 3: shorter subtree shortened */
+ if ( depth )
+ top = pptr[depth-1]; /* p->parent; */
+ else
+ top = NULL;
+ /* set <q> to the taller of the two subtrees of <p> */
+ q = p->avl_link[nside];
+ if ( q->avl_bf == EH ) {
+ /* case 3a: height unchanged, single rotate */
+ p->avl_link[nside] = q->avl_link[side];
+ q->avl_link[side] = p;
+ shorter = 0;
+ q->avl_bf = side_bf;
+ p->avl_bf = (- side_bf);
+
+ } else if ( q->avl_bf == p->avl_bf ) {
+ /* case 3b: height reduced, single rotate */
+ p->avl_link[nside] = q->avl_link[side];
+ q->avl_link[side] = p;
+ shorter = 1;
+ q->avl_bf = EH;
+ p->avl_bf = EH;
+
+ } else {
+ /* case 3c: height reduced, balance factors opposite */
+ r = q->avl_link[side];
+ q->avl_link[side] = r->avl_link[nside];
+ r->avl_link[nside] = q;
+
+ p->avl_link[nside] = r->avl_link[side];
+ r->avl_link[side] = p;
+
+ if ( r->avl_bf == side_bf ) {
+ q->avl_bf = (- side_bf);
+ p->avl_bf = EH;
+ } else if ( r->avl_bf == (- side_bf)) {
+ q->avl_bf = EH;
+ p->avl_bf = side_bf;
+ } else {
+ q->avl_bf = EH;
+ p->avl_bf = EH;
+ }
+ r->avl_bf = EH;
+ q = r;
+ }
+ /* a rotation has caused <q> (or <r> in case 3c) to become
+ * the root. let <p>'s former parent know this.
+ */
+ if ( top == NULL ) {
+ *root = q;
+ } else if (top->avl_link[0] == p) {
+ top->avl_link[0] = q;
+ } else {
+ top->avl_link[1] = q;
+ }
+ /* end case 3 */
+ p = q;
+ }
+ if ( !depth )
+ break;
+ depth--;
+ } /* end while(shorter) */
+
+ return data;
+}
+
+static int
+avl_inapply( Avlnode *root, AVL_APPLY fn, void* arg, int stopflag )
+{
+ if ( root == 0 )
+ return( AVL_NOMORE );
+
+ if ( root->avl_left != 0 )
+ if ( avl_inapply( root->avl_left, fn, arg, stopflag )
+ == stopflag )
+ return( stopflag );
+
+ if ( (*fn)( root->avl_data, arg ) == stopflag )
+ return( stopflag );
+
+ if ( root->avl_right == 0 )
+ return( AVL_NOMORE );
+ else
+ return( avl_inapply( root->avl_right, fn, arg, stopflag ) );
+}
+
+static int
+avl_postapply( Avlnode *root, AVL_APPLY fn, void* arg, int stopflag )
+{
+ if ( root == 0 )
+ return( AVL_NOMORE );
+
+ if ( root->avl_left != 0 )
+ if ( avl_postapply( root->avl_left, fn, arg, stopflag )
+ == stopflag )
+ return( stopflag );
+
+ if ( root->avl_right != 0 )
+ if ( avl_postapply( root->avl_right, fn, arg, stopflag )
+ == stopflag )
+ return( stopflag );
+
+ return( (*fn)( root->avl_data, arg ) );
+}
+
+static int
+avl_preapply( Avlnode *root, AVL_APPLY fn, void* arg, int stopflag )
+{
+ if ( root == 0 )
+ return( AVL_NOMORE );
+
+ if ( (*fn)( root->avl_data, arg ) == stopflag )
+ return( stopflag );
+
+ if ( root->avl_left != 0 )
+ if ( avl_preapply( root->avl_left, fn, arg, stopflag )
+ == stopflag )
+ return( stopflag );
+
+ if ( root->avl_right == 0 )
+ return( AVL_NOMORE );
+ else
+ return( avl_preapply( root->avl_right, fn, arg, stopflag ) );
+}
+
+/*
+ * avl_apply -- avl tree root is traversed, function fn is called with
+ * arguments arg and the data portion of each node. if fn returns stopflag,
+ * the traversal is cut short, otherwise it continues. Do not use -6 as
+ * a stopflag, as this is what is used to indicate the traversal ran out
+ * of nodes.
+ */
+
+int
+avl_apply( Avlnode *root, AVL_APPLY fn, void* arg, int stopflag, int type )
+{
+ switch ( type ) {
+ case AVL_INORDER:
+ return( avl_inapply( root, fn, arg, stopflag ) );
+ case AVL_PREORDER:
+ return( avl_preapply( root, fn, arg, stopflag ) );
+ case AVL_POSTORDER:
+ return( avl_postapply( root, fn, arg, stopflag ) );
+ default:
+ fprintf( stderr, "Invalid traversal type %d\n", type );
+ return( -1 );
+ }
+
+ /* NOTREACHED */
+}
+
+/*
+ * avl_prefixapply - traverse avl tree root, applying function fprefix
+ * to any nodes that match. fcmp is called with data as its first arg
+ * and the current node's data as its second arg. it should return
+ * 0 if they match, < 0 if data is less, and > 0 if data is greater.
+ * the idea is to efficiently find all nodes that are prefixes of
+ * some key... Like avl_apply, this routine also takes a stopflag
+ * and will return prematurely if fmatch returns this value. Otherwise,
+ * AVL_NOMORE is returned.
+ */
+
+int
+avl_prefixapply(
+ Avlnode *root,
+ void* data,
+ AVL_CMP fmatch,
+ void* marg,
+ AVL_CMP fcmp,
+ void* carg,
+ int stopflag
+)
+{
+ int cmp;
+
+ if ( root == 0 )
+ return( AVL_NOMORE );
+
+ cmp = (*fcmp)( data, root->avl_data /* , carg */);
+ if ( cmp == 0 ) {
+ if ( (*fmatch)( root->avl_data, marg ) == stopflag )
+ return( stopflag );
+
+ if ( root->avl_left != 0 )
+ if ( avl_prefixapply( root->avl_left, data, fmatch,
+ marg, fcmp, carg, stopflag ) == stopflag )
+ return( stopflag );
+
+ if ( root->avl_right != 0 )
+ return( avl_prefixapply( root->avl_right, data, fmatch,
+ marg, fcmp, carg, stopflag ) );
+ else
+ return( AVL_NOMORE );
+
+ } else if ( cmp < 0 ) {
+ if ( root->avl_left != 0 )
+ return( avl_prefixapply( root->avl_left, data, fmatch,
+ marg, fcmp, carg, stopflag ) );
+ } else {
+ if ( root->avl_right != 0 )
+ return( avl_prefixapply( root->avl_right, data, fmatch,
+ marg, fcmp, carg, stopflag ) );
+ }
+
+ return( AVL_NOMORE );
+}
+
+/*
+ * avl_free -- traverse avltree root, freeing the memory it is using.
+ * the dfree() is called to free the data portion of each node. The
+ * number of items actually freed is returned.
+ */
+
+int
+avl_free( Avlnode *root, AVL_FREE dfree )
+{
+ int nleft, nright;
+
+ if ( root == 0 )
+ return( 0 );
+
+ nleft = nright = 0;
+ if ( root->avl_left != 0 )
+ nleft = avl_free( root->avl_left, dfree );
+
+ if ( root->avl_right != 0 )
+ nright = avl_free( root->avl_right, dfree );
+
+ if ( dfree )
+ (*dfree)( root->avl_data );
+ ber_memfree( root );
+
+ return( nleft + nright + 1 );
+}
+
+/*
+ * avl_find -- search avltree root for a node with data data. the function
+ * cmp is used to compare things. it is called with data as its first arg
+ * and the current node data as its second. it should return 0 if they match,
+ * < 0 if arg1 is less than arg2 and > 0 if arg1 is greater than arg2.
+ */
+
+Avlnode *
+avl_find2( Avlnode *root, const void *data, AVL_CMP fcmp )
+{
+ int cmp;
+
+ while ( root != 0 && (cmp = (*fcmp)( data, root->avl_data )) != 0 ) {
+ cmp = cmp > 0;
+ root = root->avl_link[cmp];
+ }
+ return root;
+}
+
+void*
+avl_find( Avlnode *root, const void* data, AVL_CMP fcmp )
+{
+ int cmp;
+
+ while ( root != 0 && (cmp = (*fcmp)( data, root->avl_data )) != 0 ) {
+ cmp = cmp > 0;
+ root = root->avl_link[cmp];
+ }
+
+ return( root ? root->avl_data : 0 );
+}
+
+/*
+ * avl_find_lin -- search avltree root linearly for a node with data data.
+ * the function cmp is used to compare things. it is called with data as its
+ * first arg and the current node data as its second. it should return 0 if
+ * they match, non-zero otherwise.
+ */
+
+void*
+avl_find_lin( Avlnode *root, const void* data, AVL_CMP fcmp )
+{
+ void* res;
+
+ if ( root == 0 )
+ return( NULL );
+
+ if ( (*fcmp)( data, root->avl_data ) == 0 )
+ return( root->avl_data );
+
+ if ( root->avl_left != 0 )
+ if ( (res = avl_find_lin( root->avl_left, data, fcmp ))
+ != NULL )
+ return( res );
+
+ if ( root->avl_right == 0 )
+ return( NULL );
+ else
+ return( avl_find_lin( root->avl_right, data, fcmp ) );
+}
+
+/* NON-REENTRANT INTERFACE */
+
+static void* *avl_list;
+static int avl_maxlist;
+static int avl_nextlist;
+
+#define AVL_GRABSIZE 100
+
+/* ARGSUSED */
+static int
+avl_buildlist( void* data, void* arg )
+{
+ static int slots;
+
+ if ( avl_list == (void* *) 0 ) {
+ avl_list = (void* *) ber_memalloc(AVL_GRABSIZE * sizeof(void*));
+ slots = AVL_GRABSIZE;
+ avl_maxlist = 0;
+ } else if ( avl_maxlist == slots ) {
+ slots += AVL_GRABSIZE;
+ avl_list = (void* *) ber_memrealloc( (char *) avl_list,
+ (unsigned) slots * sizeof(void*));
+ }
+
+ avl_list[ avl_maxlist++ ] = data;
+
+ return( 0 );
+}
+
+/*
+ * avl_getfirst() and avl_getnext() are provided as alternate tree
+ * traversal methods, to be used when a single function cannot be
+ * provided to be called with every node in the tree. avl_getfirst()
+ * traverses the tree and builds a linear list of all the nodes,
+ * returning the first node. avl_getnext() returns the next thing
+ * on the list built by avl_getfirst(). This means that avl_getfirst()
+ * can take a while, and that the tree should not be messed with while
+ * being traversed in this way, and that multiple traversals (even of
+ * different trees) cannot be active at once.
+ */
+
+void*
+avl_getfirst( Avlnode *root )
+{
+ if ( avl_list ) {
+ ber_memfree( (char *) avl_list);
+ avl_list = (void* *) 0;
+ }
+ avl_maxlist = 0;
+ avl_nextlist = 0;
+
+ if ( root == 0 )
+ return( 0 );
+
+ (void) avl_apply( root, avl_buildlist, (void*) 0, -1, AVL_INORDER );
+
+ return( avl_list[ avl_nextlist++ ] );
+}
+
+void*
+avl_getnext( void )
+{
+ if ( avl_list == 0 )
+ return( 0 );
+
+ if ( avl_nextlist == avl_maxlist ) {
+ ber_memfree( (void*) avl_list);
+ avl_list = (void* *) 0;
+ return( 0 );
+ }
+
+ return( avl_list[ avl_nextlist++ ] );
+}
+
+/* end non-reentrant code */
+
+
+int
+avl_dup_error( void* left, void* right )
+{
+ return( -1 );
+}
+
+int
+avl_dup_ok( void* left, void* right )
+{
+ return( 0 );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/base64.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/base64.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/base64.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,308 @@
+/* base64.c -- routines to encode/decode base64 data */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/base64.c,v 1.13.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * Portions Copyright 1995 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996, 1998 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+/* This work is based upon Base64 routines (developed by IBM) found
+ * Berkeley Internet Name Daemon (BIND) as distributed by ISC. They
+ * were adapted for inclusion in OpenLDAP Software by Kurt D. Zeilenga.
+ */
+
+#include "portable.h"
+
+#include <ac/assert.h>
+#include <ac/stdlib.h>
+#include <ac/ctype.h>
+#include <ac/string.h>
+
+/* include socket.h to get sys/types.h and/or winsock2.h */
+#include <ac/socket.h>
+
+#include "lutil.h"
+
+static const char Base64[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+static const char Pad64 = '=';
+
+/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt)
+ The following encoding technique is taken from RFC 1521 by Borenstein
+ and Freed. It is reproduced here in a slightly edited form for
+ convenience.
+
+ A 65-character subset of US-ASCII is used, enabling 6 bits to be
+ represented per printable character. (The extra 65th character, "=",
+ is used to signify a special processing function.)
+
+ The encoding process represents 24-bit groups of input bits as output
+ strings of 4 encoded characters. Proceeding from left to right, a
+ 24-bit input group is formed by concatenating 3 8-bit input groups.
+ These 24 bits are then treated as 4 concatenated 6-bit groups, each
+ of which is translated into a single digit in the base64 alphabet.
+
+ Each 6-bit group is used as an index into an array of 64 printable
+ characters. The character referenced by the index is placed in the
+ output string.
+
+ Table 1: The Base64 Alphabet
+
+ Value Encoding Value Encoding Value Encoding Value Encoding
+ 0 A 17 R 34 i 51 z
+ 1 B 18 S 35 j 52 0
+ 2 C 19 T 36 k 53 1
+ 3 D 20 U 37 l 54 2
+ 4 E 21 V 38 m 55 3
+ 5 F 22 W 39 n 56 4
+ 6 G 23 X 40 o 57 5
+ 7 H 24 Y 41 p 58 6
+ 8 I 25 Z 42 q 59 7
+ 9 J 26 a 43 r 60 8
+ 10 K 27 b 44 s 61 9
+ 11 L 28 c 45 t 62 +
+ 12 M 29 d 46 u 63 /
+ 13 N 30 e 47 v
+ 14 O 31 f 48 w (pad) =
+ 15 P 32 g 49 x
+ 16 Q 33 h 50 y
+
+ Special processing is performed if fewer than 24 bits are available
+ at the end of the data being encoded. A full encoding quantum is
+ always completed at the end of a quantity. When fewer than 24 input
+ bits are available in an input group, zero bits are added (on the
+ right) to form an integral number of 6-bit groups. Padding at the
+ end of the data is performed using the '=' character.
+
+ Since all base64 input is an integral number of octets, only the
+ -------------------------------------------------
+ following cases can arise:
+
+ (1) the final quantum of encoding input is an integral
+ multiple of 24 bits; here, the final unit of encoded
+ output will be an integral multiple of 4 characters
+ with no "=" padding,
+ (2) the final quantum of encoding input is exactly 8 bits;
+ here, the final unit of encoded output will be two
+ characters followed by two "=" padding characters, or
+ (3) the final quantum of encoding input is exactly 16 bits;
+ here, the final unit of encoded output will be three
+ characters followed by one "=" padding character.
+ */
+
+int
+lutil_b64_ntop(
+ u_char const *src,
+ size_t srclength,
+ char *target,
+ size_t targsize)
+{
+ size_t datalength = 0;
+ u_char input[3];
+ u_char output[4];
+ size_t i;
+
+ while (2 < srclength) {
+ input[0] = *src++;
+ input[1] = *src++;
+ input[2] = *src++;
+ srclength -= 3;
+
+ output[0] = input[0] >> 2;
+ output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
+ output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
+ output[3] = input[2] & 0x3f;
+ assert(output[0] < 64);
+ assert(output[1] < 64);
+ assert(output[2] < 64);
+ assert(output[3] < 64);
+
+ if (datalength + 4 > targsize)
+ return (-1);
+ target[datalength++] = Base64[output[0]];
+ target[datalength++] = Base64[output[1]];
+ target[datalength++] = Base64[output[2]];
+ target[datalength++] = Base64[output[3]];
+ }
+
+ /* Now we worry about padding. */
+ if (0 != srclength) {
+ /* Get what's left. */
+ input[0] = input[1] = input[2] = '\0';
+ for (i = 0; i < srclength; i++)
+ input[i] = *src++;
+
+ output[0] = input[0] >> 2;
+ output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
+ output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
+ assert(output[0] < 64);
+ assert(output[1] < 64);
+ assert(output[2] < 64);
+
+ if (datalength + 4 > targsize)
+ return (-1);
+ target[datalength++] = Base64[output[0]];
+ target[datalength++] = Base64[output[1]];
+ if (srclength == 1)
+ target[datalength++] = Pad64;
+ else
+ target[datalength++] = Base64[output[2]];
+ target[datalength++] = Pad64;
+ }
+ if (datalength >= targsize)
+ return (-1);
+ target[datalength] = '\0'; /* Returned value doesn't count \0. */
+ return (datalength);
+}
+
+/* skips all whitespace anywhere.
+ converts characters, four at a time, starting at (or after)
+ src from base - 64 numbers into three 8 bit bytes in the target area.
+ it returns the number of data bytes stored at the target, or -1 on error.
+ */
+
+int
+lutil_b64_pton(
+ char const *src,
+ u_char *target,
+ size_t targsize)
+{
+ int tarindex, state, ch;
+ char *pos;
+
+ state = 0;
+ tarindex = 0;
+
+ while ((ch = *src++) != '\0') {
+ if (isascii(ch) && isspace(ch)) /* Skip whitespace anywhere. */
+ continue;
+
+ if (ch == Pad64)
+ break;
+
+ pos = strchr(Base64, ch);
+ if (pos == 0) /* A non-base64 character. */
+ return (-1);
+
+ switch (state) {
+ case 0:
+ if (target) {
+ if ((size_t)tarindex >= targsize)
+ return (-1);
+ target[tarindex] = (pos - Base64) << 2;
+ }
+ state = 1;
+ break;
+ case 1:
+ if (target) {
+ if ((size_t)tarindex + 1 >= targsize)
+ return (-1);
+ target[tarindex] |= (pos - Base64) >> 4;
+ target[tarindex+1] = ((pos - Base64) & 0x0f)
+ << 4 ;
+ }
+ tarindex++;
+ state = 2;
+ break;
+ case 2:
+ if (target) {
+ if ((size_t)tarindex + 1 >= targsize)
+ return (-1);
+ target[tarindex] |= (pos - Base64) >> 2;
+ target[tarindex+1] = ((pos - Base64) & 0x03)
+ << 6;
+ }
+ tarindex++;
+ state = 3;
+ break;
+ case 3:
+ if (target) {
+ if ((size_t)tarindex >= targsize)
+ return (-1);
+ target[tarindex] |= (pos - Base64);
+ }
+ tarindex++;
+ state = 0;
+ break;
+ default:
+ abort();
+ }
+ }
+
+ /*
+ * We are done decoding Base-64 chars. Let's see if we ended
+ * on a byte boundary, and/or with erroneous trailing characters.
+ */
+
+ if (ch == Pad64) { /* We got a pad char. */
+ ch = *src++; /* Skip it, get next. */
+ switch (state) {
+ case 0: /* Invalid = in first position */
+ case 1: /* Invalid = in second position */
+ return (-1);
+
+ case 2: /* Valid, means one byte of info */
+ /* Skip any number of spaces. */
+ for ((void)NULL; ch != '\0'; ch = *src++)
+ if (! (isascii(ch) && isspace(ch)))
+ break;
+ /* Make sure there is another trailing = sign. */
+ if (ch != Pad64)
+ return (-1);
+ ch = *src++; /* Skip the = */
+ /* Fall through to "single trailing =" case. */
+ /* FALLTHROUGH */
+
+ case 3: /* Valid, means two bytes of info */
+ /*
+ * We know this char is an =. Is there anything but
+ * whitespace after it?
+ */
+ for ((void)NULL; ch != '\0'; ch = *src++)
+ if (! (isascii(ch) && isspace(ch)))
+ return (-1);
+
+ /*
+ * Now make sure for cases 2 and 3 that the "extra"
+ * bits that slopped past the last full byte were
+ * zeros. If we don't check them, they become a
+ * subliminal channel.
+ */
+ if (target && target[tarindex] != 0)
+ return (-1);
+ }
+ } else {
+ /*
+ * We ended by seeing the end of the string. Make sure we
+ * have no partial bytes lying around.
+ */
+ if (state != 0)
+ return (-1);
+ }
+
+ return (tarindex);
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/csn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/csn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/csn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,99 @@
+/* csn.c - Change Sequence Number routines */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/csn.c,v 1.11.2.4 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2000-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright 2000, John E. Schimmel, All rights reserved.
+ * This software is not subject to any license of Mirapoint, Inc.
+ *
+ * This is free software; you can redistribute and use it
+ * under the same terms as OpenLDAP itself.
+ */
+/* This work was developed by John E. Schimmel and adapted for
+ * inclusion in OpenLDAP Software by Kurt D. Zeilenga.
+ */
+
+/* This file contains routines to generate a change sequence number.
+ * Every add, delete, and modification is given a unique identifier
+ * for use in resolving conflicts during replication operations.
+ *
+ * These routines are (loosly) based upon draft-ietf-ldup-model-03.txt,
+ * A WORK IN PROGRESS. The format will likely change.
+ *
+ * The format of a CSN string is: yyyymmddhhmmssz#s#r#c
+ * where s is a counter of operations within a timeslice, r is
+ * the replica id (normally zero), and c is a counter of
+ * modifications within this operation. s, r, and c are
+ * represented in hex and zero padded to lengths of 6, 2, and
+ * 6, respectively.
+ *
+ * Calls to this routine MUST be serialized with other calls
+ * to gmtime().
+ */
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/time.h>
+
+#include <lutil.h>
+
+size_t
+lutil_csnstr(char *buf, size_t len, unsigned int replica, unsigned int mod)
+{
+ static time_t csntime;
+ static unsigned int csnop;
+
+ time_t t;
+ unsigned int op;
+ struct tm *ltm;
+#ifdef HAVE_GMTIME_R
+ struct tm ltm_buf;
+#endif
+ int n;
+
+ time( &t );
+ if ( t > csntime ) {
+ csntime = t;
+ csnop = 0;
+ }
+ op = csnop++;
+
+#ifdef HAVE_GMTIME_R
+ ltm = gmtime_r( &t, <m_buf );
+#else
+ ltm = gmtime( &t );
+#endif
+ n = snprintf( buf, len,
+ "%4d%02d%02d%02d%02d%02dZ#%06x#%02x#%06x",
+ ltm->tm_year + 1900, ltm->tm_mon + 1, ltm->tm_mday, ltm->tm_hour,
+ ltm->tm_min, ltm->tm_sec, op, replica, mod );
+
+ if( n < 0 ) return 0;
+ return ( (size_t) n < len ) ? n : 0;
+}
+
+#ifdef TEST
+int
+main(int argc, char **argv)
+{
+ char buf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
+
+ if ( ! lutil_csnstr( buf, (size_t) 10, 0, 0 ) ) {
+ fprintf(stderr, "failed lutil_csnstr\n");
+ }
+ if ( ! lutil_csnstr( buf, sizeof(buf), 0, 0 ) ) {
+ fprintf(stderr, "failed lutil_csnstr\n");
+ }
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/detach.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/detach.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/detach.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,142 @@
+/* detach.c -- routines to daemonize a process */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/detach.c,v 1.16.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/*
+ * Copyright (c) 1990, 1994 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* This work was originally developed by the University of Michigan
+ * and distributed as part of U-MICH LDAP.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/signal.h>
+#include <ac/socket.h>
+#include <ac/unistd.h>
+
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+
+#include "lutil.h"
+
+void
+lutil_detach( int debug, int do_close )
+{
+ int i, sd, nbits;
+
+#ifdef HAVE_SYSCONF
+ nbits = sysconf( _SC_OPEN_MAX );
+#elif HAVE_GETDTABLESIZE
+ nbits = getdtablesize();
+#else
+ nbits = FD_SETSIZE;
+#endif
+
+#ifdef FD_SETSIZE
+ if ( nbits > FD_SETSIZE ) {
+ nbits = FD_SETSIZE;
+ }
+#endif /* FD_SETSIZE */
+
+ if ( debug == 0 ) {
+ for ( i = 0; i < 5; i++ ) {
+#if HAVE_THR
+ switch ( fork1() )
+#else
+ switch ( fork() )
+#endif
+ {
+ case -1:
+ sleep( 5 );
+ continue;
+
+ case 0:
+ break;
+
+ default:
+ _exit( EXIT_SUCCESS );
+ }
+ break;
+ }
+
+ if ( (sd = open( "/dev/null", O_RDWR )) == -1 &&
+ (sd = open( "/dev/null", O_RDONLY )) == -1 &&
+ /* Panic -- open *something* */
+ (sd = open( "/", O_RDONLY )) == -1 ) {
+ perror("/dev/null");
+ } else {
+ /* redirect stdin, stdout, stderr to /dev/null */
+ dup2( sd, STDIN_FILENO );
+ dup2( sd, STDOUT_FILENO );
+ dup2( sd, STDERR_FILENO );
+
+ switch( sd ) {
+ default:
+ close( sd );
+ case STDIN_FILENO:
+ case STDOUT_FILENO:
+ case STDERR_FILENO:
+ break;
+ }
+ }
+
+ if ( do_close ) {
+ /* close everything else */
+ for ( i = 0; i < nbits; i++ ) {
+ if( i != STDIN_FILENO &&
+ i != STDOUT_FILENO &&
+ i != STDERR_FILENO )
+ {
+ close( i );
+ }
+ }
+ }
+
+#ifdef CHDIR_TO_ROOT
+ (void) chdir( "/" );
+#endif
+
+#ifdef HAVE_SETSID
+ (void) setsid();
+#elif TIOCNOTTY
+ if ( (sd = open( "/dev/tty", O_RDWR )) != -1 ) {
+ (void) ioctl( sd, TIOCNOTTY, NULL );
+ (void) close( sd );
+ }
+#endif
+ }
+
+#ifdef SIGPIPE
+ (void) SIGNAL( SIGPIPE, SIG_IGN );
+#endif
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/entropy.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/entropy.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/entropy.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,170 @@
+/* entropy.c -- routines for providing pseudo-random data */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/entropy.c,v 1.27.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This work was initially developed by Kurt D. Zeilenga for
+ * inclusion in OpenLDAP Software based, in part, on publically
+ * available works (as noted below).
+ */
+
+#include "portable.h"
+
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#ifdef HAVE_PROCESS_H
+#include <process.h>
+#endif
+
+#include <fcntl.h>
+
+#include <lutil.h>
+#include <lutil_md5.h>
+
+/*
+ * lutil_entropy() provides nbytes of entropy in buf.
+ * Quality offerred is suitable for one-time uses, such as "once" keys.
+ * Values may not be suitable for multi-time uses.
+ *
+ * Note: Callers are encouraged to provide additional bytes of
+ * of entropy in the buf argument. This information is used in
+ * fallback mode to improve the quality of bytes returned.
+ *
+ * This routinue should be extended to support additional sources
+ * of entropy.
+ */
+int lutil_entropy( unsigned char *buf, ber_len_t nbytes )
+{
+ if( nbytes == 0 ) return 0;
+
+#ifdef URANDOM_DEVICE
+#define URANDOM_NREADS 4
+ /* Linux and *BSD offer a urandom device */
+ {
+ int rc, fd, n=0;
+
+ fd = open( URANDOM_DEVICE, O_RDONLY );
+
+ if( fd < 0 ) return -1;
+
+ do {
+ rc = read( fd, buf, nbytes );
+ if( rc <= 0 ) break;
+
+ buf+=rc;
+ nbytes-=rc;
+
+ if( ++n >= URANDOM_NREADS ) break;
+ } while( nbytes > 0 );
+
+ close(fd);
+ return nbytes > 0 ? -1 : 0;
+ }
+#elif PROV_RSA_FULL
+ {
+ /* Not used since _WIN32_WINNT not set... */
+ HCRYPTPROV hProv = 0;
+
+ /* Get handle to user default provider */
+ if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) {
+ return -1;
+ }
+
+ /* Generate random initialization vector */
+ if(!CryptGenRandom(hProv, (DWORD) nbytes, (BYTE *) buf)) {
+ return -1;
+ }
+
+ /* Release provider handle */
+ if(hProv != 0) CryptReleaseContext(hProv, 0);
+
+ return 0;
+ }
+#else
+ {
+ /* based upon Phil Karn's "practical randomness" idea
+ * but implementation 100% OpenLDAP. So don't blame Phil.
+ *
+ * Worse case is that this is a MD5 hash of a counter, if
+ * MD5 is a strong cryptographic hash, this should be fairly
+ * resistant to attack
+ */
+
+ /*
+ * the caller may need to provide external synchronization OR
+ * provide entropy (in buf) to ensure quality results as
+ * access to this counter may not be atomic.
+ */
+ static int counter = 0;
+ ber_len_t n;
+
+ struct rdata_s {
+ int counter;
+
+ unsigned char *buf;
+ struct rdata_s *stack;
+
+ pid_t pid;
+
+#ifdef HAVE_GETTIMEOFDAY
+ struct timeval tv;
+#else
+ time_t time;
+#endif
+
+ unsigned long junk; /* purposely not initialized */
+ } rdata;
+
+ /* make sure rdata differs for each process */
+ rdata.pid = getpid();
+
+ /* make sure rdata differs for each program */
+ rdata.buf = buf;
+ rdata.stack = &rdata;
+
+ for( n = 0; n < nbytes; n += 16 ) {
+ struct lutil_MD5Context ctx;
+ unsigned char digest[16];
+
+ /* poor resolution */
+#ifdef HAVE_GETTIMEOFDAY
+ (void) gettimeofday( &rdata.tv, NULL );
+#else
+ (void) time( &rdata.time );
+#endif
+
+ /* make sure rdata differs */
+ rdata.counter = ++counter;
+ rdata.pid++;
+ rdata.junk++;
+
+ lutil_MD5Init( &ctx );
+ lutil_MD5Update( &ctx, (unsigned char *) &rdata, sizeof( rdata ) );
+
+ /* allow caller to provided additional entropy */
+ lutil_MD5Update( &ctx, buf, nbytes );
+
+ lutil_MD5Final( digest, &ctx );
+
+ AC_MEMCPY( &buf[n], digest,
+ nbytes - n >= 16 ? 16 : nbytes - n );
+ }
+
+ return 0;
+ }
+#endif
+ return -1;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/fetch.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/fetch.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/fetch.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,126 @@
+/* fetch.c - routines for fetching data at URLs */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/fetch.c,v 1.2.2.8 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This work was initially developed by Kurt D. Zeilenga for
+ * inclusion in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/time.h>
+
+#ifdef HAVE_FETCH
+#include <fetch.h>
+#endif
+
+#include "ldap_log.h"
+#include "lber_pvt.h"
+#include "ldap_pvt.h"
+#include "ldap_config.h"
+#include "ldif.h"
+
+FILE *
+ldif_open_url(
+ LDAP_CONST char *urlstr )
+{
+ FILE *url;
+ char *p = NULL;
+#ifdef HAVE_FETCH
+ url = fetchGetURL( (char*) urlstr, "" );
+
+#else
+ if( strncasecmp( "file:", urlstr, sizeof("file:")-1 ) == 0 ) {
+ p = urlstr + sizeof("file:")-1;
+
+ /* we don't check for LDAP_DIRSEP since URLs should contain '/' */
+ if ( p[0] == '/' && p[1] == '/' ) {
+ p += 2;
+ /* path must be absolute if authority is present */
+ if ( p[0] != '/' )
+ return NULL;
+ }
+
+ p = ber_strdup( p );
+ ldap_pvt_hex_unescape( p );
+
+ url = fopen( p, "rb" );
+
+ ber_memfree( p );
+ } else {
+ return NULL;
+ }
+#endif
+ return url;
+}
+
+int
+ldif_fetch_url(
+ LDAP_CONST char *urlstr,
+ char **valuep,
+ ber_len_t *vlenp )
+{
+ FILE *url;
+ char buffer[1024];
+ char *p = NULL;
+ size_t total;
+ size_t bytes;
+
+ *valuep = NULL;
+ *vlenp = 0;
+
+ url = ldif_open_url( urlstr );
+
+ if( url == NULL ) {
+ return -1;
+ }
+
+ total = 0;
+
+ while( (bytes = fread( buffer, 1, sizeof(buffer), url )) != 0 ) {
+ char *newp = ber_memrealloc( p, total + bytes + 1 );
+ if( newp == NULL ) {
+ ber_memfree( p );
+ fclose( url );
+ return -1;
+ }
+ p = newp;
+ AC_MEMCPY( &p[total], buffer, bytes );
+ total += bytes;
+ }
+
+ fclose( url );
+
+ if( total == 0 ) {
+ char *newp = ber_memrealloc( p, 1 );
+ if( newp == NULL ) {
+ ber_memfree( p );
+ return -1;
+ }
+ p = newp;
+ }
+
+ p[total] = '\0';
+ *valuep = p;
+ *vlenp = total;
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/getopt.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/getopt.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/getopt.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,136 @@
+/* getopt.c -- replacement getopt(3) routines */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/getopt.c,v 1.14.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This work is based upon the public-domain getopt(3) routines
+ * developed by AT&T. Modified by Kurt D. Zeilenga for inclusion
+ * into OpenLDAP Software. Significant contributors include:
+ * Howard Chu
+ */
+
+#include "portable.h"
+
+#ifndef HAVE_GETOPT
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif
+
+#include "lutil.h"
+
+#ifndef STDERR_FILENO
+#define STDERR_FILENO 2
+#endif
+
+int opterr = 1;
+int optind = 1;
+int optopt;
+char * optarg;
+
+#ifdef HAVE_EBCDIC
+extern int _trans_argv;
+#endif
+
+static void ERR (char * const argv[], const char * s, char c)
+{
+#ifdef DF_TRACE_DEBUG
+printf("DF_TRACE_DEBUG: static void ERR () in getopt.c\n");
+#endif
+ if (opterr)
+ {
+ char *ptr, outbuf[4096];
+
+ ptr = lutil_strncopy(outbuf, argv[0], sizeof(outbuf) - 2);
+ ptr = lutil_strncopy(ptr, s, sizeof(outbuf)-2 -(ptr-outbuf));
+ *ptr++ = c;
+ *ptr++ = '\n';
+#ifdef HAVE_EBCDIC
+ __atoe_l(outbuf, ptr - outbuf);
+#endif
+ (void) write(STDERR_FILENO,outbuf,ptr - outbuf);
+ }
+}
+
+int getopt (int argc, char * const argv [], const char * opts)
+{
+ static int sp = 1, error = (int) '?';
+ static char sw = '-', eos = '\0', arg = ':';
+ register char c, * cp;
+
+#ifdef DF_TRACE_DEBUG
+printf("DF_TRACE_DEBUG: int getopt () in getopt.c\n");
+#endif
+
+#ifdef HAVE_EBCDIC
+ if (_trans_argv) {
+ int i;
+ for (i=0; i<argc; i++) __etoa(argv[i]);
+ _trans_argv = 0;
+ }
+#endif
+ if (sp == 1)
+ {
+ if (optind >= argc || argv[optind][0] != sw
+ || argv[optind][1] == eos)
+ return EOF;
+ else if (strcmp(argv[optind],"--") == 0)
+ {
+ optind++;
+ return EOF;
+ }
+ }
+ c = argv[optind][sp];
+ optopt = (int) c;
+ if (c == arg || (cp = strchr(opts,c)) == NULL)
+ {
+ ERR(argv,_(": illegal option--"),c);
+ if (argv[optind][++sp] == eos)
+ {
+ optind++;
+ sp = 1;
+ }
+ return error;
+ }
+ else if (*++cp == arg)
+ {
+ if (argv[optind][sp + 1] != eos)
+ optarg = &argv[optind++][sp + 1];
+ else if (++optind >= argc)
+ {
+ ERR(argv,_(": option requires an argument--"),c);
+ sp = 1;
+ return error;
+ }
+ else
+ optarg = argv[optind++];
+ sp = 1;
+ }
+ else
+ {
+ if (argv[optind][++sp] == eos)
+ {
+ sp = 1;
+ optind++;
+ }
+ optarg = NULL;
+ }
+ return (int) c;
+}
+#endif /* HAVE_GETOPT */
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/getpass.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/getpass.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/getpass.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,177 @@
+/* getpass.c -- get password from user */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpass.c,v 1.15.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1992, 1993 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* This work was originally developed by the University of Michigan
+ * and distributed as part of U-MICH LDAP. It was adapted for use in
+ * -llutil by Kurt D. Zeilenga.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/signal.h>
+#include <ac/string.h>
+#include <ac/termios.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#ifdef NEED_GETPASSPHRASE
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#ifdef HAVE_CONIO_H
+#include <conio.h>
+#endif
+
+#include <lber.h>
+#include <ldap.h>
+
+#include "ldap_defaults.h"
+
+char *
+lutil_getpass( const char *prompt )
+{
+#if !defined(HAVE_POSIX_TERMIOS) && !defined(HAVE_SGTTY_H)
+ static char buf[256];
+ int i, c;
+
+ if( prompt == NULL ) prompt = _("Password: ");
+
+#ifdef DEBUG
+ if (debug & D_TRACE)
+ printf("->getpass(%s)\n", prompt);
+#endif
+
+ printf("%s", prompt);
+ i = 0;
+ while ( (c = getch()) != EOF && c != '\n' && c != '\r' )
+ buf[i++] = c;
+ if ( c == EOF )
+ return( NULL );
+ buf[i] = '\0';
+ return (buf);
+#else
+ int no_pass = 0;
+ char i, j, k;
+ TERMIO_TYPE ttyb;
+ TERMFLAG_TYPE flags;
+ static char pbuf[513];
+ register char *p;
+ register int c;
+ FILE *fi;
+ RETSIGTYPE (*sig)( int sig );
+
+ if( prompt == NULL ) prompt = _("Password: ");
+
+#ifdef DEBUG
+ if (debug & D_TRACE)
+ printf("->getpass(%s)\n", prompt);
+#endif
+ /*
+ * Stolen from the getpass() routine. Can't use the plain
+ * getpass() for two reasons. One is that LDAP passwords
+ * can be really, really long - much longer than 8 chars.
+ * The second is that we like to make this client available
+ * out of inetd via a Merit asynch port, and we need to be
+ * able to do telnet control codes to turn on and off line
+ * blanking.
+ */
+ if ((fi = fdopen(open("/dev/tty", 2), "r")) == NULL)
+ fi = stdin;
+ else
+ setbuf(fi, (char *)NULL);
+ sig = SIGNAL (SIGINT, SIG_IGN);
+ if (fi != stdin) {
+ if (GETATTR(fileno(fi), &ttyb) < 0)
+ perror("GETATTR");
+ }
+ flags = GETFLAGS( ttyb );
+ SETFLAGS( ttyb, flags & ~ECHO );
+ if (fi != stdin) {
+ if (SETATTR(fileno(fi), &ttyb) < 0)
+ perror("SETATTR");
+ }
+
+ /* blank the line if through Merit */
+ if (fi == stdin) {
+ printf("%c%c%c", 255, 251, 1);
+ fflush(stdout);
+ (void) scanf("%c%c%c", &i, &j, &k);
+ fflush(stdin);
+ }
+
+ /* fetch the password */
+ fprintf(stdout, "%s", prompt);
+ fflush(stdout);
+ for (p=pbuf; (c = getc(fi))!='\n' && c!=EOF;) {
+ if (c == '\r')
+ break;
+ if (p < &pbuf[512])
+ *p++ = c;
+ }
+ if (c == EOF)
+ no_pass = 1;
+ else {
+ *p = '\0';
+ if (*(p - 1) == '\r')
+ *(p - 1) = '\0';
+ }
+
+ /* unblank the line if through Merit */
+ if (fi == stdin) {
+ printf("%c%c%c", 255, 252, 1);
+ fflush(stdout);
+ (void) scanf("%c%c%c", &i, &j, &k);
+ fflush(stdin);
+ printf("\n"); fflush(stdout);
+ }
+ fprintf(stdout, "\n");
+ fflush(stdout);
+
+ /* tidy up */
+ SETFLAGS( ttyb, flags );
+ if (fi != stdin) {
+ if (SETATTR(fileno(fi), &ttyb) < 0)
+ perror("SETATTR");
+ }
+ (void) SIGNAL (SIGINT, sig);
+ if (fi != stdin)
+ (void) fclose(fi);
+ else
+ i = getchar();
+ if (no_pass)
+ return(NULL);
+ return(pbuf);
+#endif
+}
+
+#endif /* !NEED_GETPASSPHRASE */
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/getpeereid.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/getpeereid.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/getpeereid.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,188 @@
+/* getpeereid.c */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpeereid.c,v 1.13.2.9 2007/04/02 23:21:36 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#ifndef HAVE_GETPEEREID
+
+#include <sys/types.h>
+#include <ac/unistd.h>
+
+#include <ac/socket.h>
+#include <ac/errno.h>
+
+#if HAVE_SYS_UCRED_H
+#if HAVE_GRP_H
+#include <grp.h> /* for NGROUPS on Tru64 5.1 */
+#endif
+#include <sys/ucred.h>
+#endif
+
+/* Disabled due to ITS#4893, will revisit in release 2.4 */
+#if 0 /* !defined(SO_PEERCRED) && !defined(LOCAL_PEERCRED) && \
+ defined(HAVE_SENDMSG) && (defined(HAVE_STRUCT_MSGHDR_MSG_ACCRIGHTSLEN) || \
+ defined(HAVE_STRUCT_MSGHDR_MSG_CONTROL)) */
+#define DO_SENDMSG
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif
+#include <sys/stat.h>
+#endif
+
+#include <stdlib.h>
+
+
+int getpeereid( int s, uid_t *euid, gid_t *egid )
+{
+#ifdef LDAP_PF_LOCAL
+#if defined( SO_PEERCRED )
+ struct ucred peercred;
+ socklen_t peercredlen = sizeof peercred;
+
+ if(( getsockopt( s, SOL_SOCKET, SO_PEERCRED,
+ (void *)&peercred, &peercredlen ) == 0 )
+ && ( peercredlen == sizeof peercred ))
+ {
+ *euid = peercred.uid;
+ *egid = peercred.gid;
+ return 0;
+ }
+
+#elif defined( LOCAL_PEERCRED )
+ struct xucred peercred;
+ socklen_t peercredlen = sizeof peercred;
+
+ if(( getsockopt( s, LOCAL_PEERCRED, 1,
+ (void *)&peercred, &peercredlen ) == 0 )
+ && ( peercred.cr_version == XUCRED_VERSION ))
+ {
+ *euid = peercred.cr_uid;
+ *egid = peercred.cr_gid;
+ return 0;
+ }
+#elif defined( DO_SENDMSG )
+ char dummy[8];
+ int err, fd[2];
+ struct iovec iov;
+ struct msghdr msg = {0};
+# ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+# ifndef CMSG_SPACE
+# define CMSG_SPACE(len) (_CMSG_ALIGN(sizeof(struct cmsghdr)) + _CMSG_ALIGN(len))
+# endif
+# ifndef CMSG_LEN
+# define CMSG_LEN(len) (_CMSG_ALIGN(sizeof(struct cmsghdr)) + (len))
+# endif
+ union {
+ struct cmsghdr cm;
+ unsigned char control[CMSG_SPACE(sizeof(int))];
+ } control_un;
+ struct cmsghdr *cmsg;
+# endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+ struct stat st;
+
+ msg.msg_name = NULL;
+ msg.msg_namelen = 0;
+
+ iov.iov_base = dummy;
+ iov.iov_len = sizeof dummy;
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+# ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ msg.msg_control = control_un.control;
+ msg.msg_controllen = sizeof( control_un.control );
+
+ cmsg = CMSG_FIRSTHDR( &msg );
+
+ /*
+ * AIX returns a bogus file descriptor if recvmsg() is
+ * called with MSG_PEEK (is this a bug?). Hence we need
+ * to receive the Abandon PDU.
+ */
+ if( recvmsg( s, &msg, MSG_WAITALL ) >= 0 &&
+ cmsg->cmsg_len == CMSG_LEN( sizeof(int) ) &&
+ cmsg->cmsg_level == SOL_SOCKET &&
+ cmsg->cmsg_type == SCM_RIGHTS )
+# else
+ msg.msg_accrights = (char *)fd;
+ msg.msg_accrightslen = sizeof(fd);
+ if( recvmsg( s, &msg, MSG_PEEK) >= 0 && msg.msg_accrightslen == sizeof(int) )
+# endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL*/
+ {
+ /* We must receive a valid descriptor, it must be a pipe,
+ * and it must only be accessible by its owner.
+ */
+# ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ fd[0] = (*(int *)CMSG_DATA( cmsg ));
+# endif
+ err = fstat( fd[0], &st );
+ close(fd[0]);
+ if( err == 0 && S_ISFIFO(st.st_mode) &&
+ ((st.st_mode & (S_IRWXG|S_IRWXO)) == 0))
+ {
+ *euid = st.st_uid;
+ *egid = st.st_gid;
+ return 0;
+ }
+ }
+#elif defined(SOCKCREDSIZE)
+ struct msghdr msg;
+ socklen_t crmsgsize;
+ void *crmsg;
+ struct cmsghdr *cmp;
+ struct sockcred *sc;
+
+ memset(&msg, 0, sizeof msg);
+ crmsgsize = CMSG_SPACE(SOCKCREDSIZE(NGROUPS));
+ if (crmsgsize == 0) goto sc_err;
+ crmsg = malloc(crmsgsize);
+ if (crmsg == NULL) goto sc_err;
+ memset(crmsg, 0, crmsgsize);
+
+ msg.msg_control = crmsg;
+ msg.msg_controllen = crmsgsize;
+
+ if (recvmsg(s, &msg, 0) < 0) {
+ free(crmsg);
+ goto sc_err;
+ }
+
+ if (msg.msg_controllen == 0 || (msg.msg_flags & MSG_CTRUNC) != 0) {
+ free(crmsg);
+ goto sc_err;
+ }
+
+ cmp = CMSG_FIRSTHDR(&msg);
+ if (cmp->cmsg_level != SOL_SOCKET || cmp->cmsg_type != SCM_CREDS) {
+ printf("nocreds\n");
+ goto sc_err;
+ }
+
+ sc = (struct sockcred *)(void *)CMSG_DATA(cmp);
+
+ *euid = sc->sc_euid;
+ *egid = sc->sc_egid;
+
+ free(crmsg);
+ return 0;
+
+sc_err:
+#endif
+#endif /* LDAP_PF_LOCAL */
+
+ return -1;
+}
+
+#endif /* HAVE_GETPEEREID */
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/hash.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/hash.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/hash.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,77 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/hash.c,v 1.6.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2000-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/* This implements the Fowler / Noll / Vo (FNV-1) hash algorithm.
+ * A summary of the algorithm can be found at:
+ * http://www.isthe.com/chongo/tech/comp/fnv/index.html
+ */
+
+#include "portable.h"
+
+#include <lutil_hash.h>
+
+/* offset and prime for 32-bit FNV-1 */
+#define HASH_OFFSET 0x811c9dc5U
+#define HASH_PRIME 16777619
+
+
+/*
+ * Initialize context
+ */
+void
+lutil_HASHInit( struct lutil_HASHContext *ctx )
+{
+ ctx->hash = HASH_OFFSET;
+}
+
+/*
+ * Update hash
+ */
+void
+lutil_HASHUpdate(
+ struct lutil_HASHContext *ctx,
+ const unsigned char *buf,
+ ber_len_t len )
+{
+ const unsigned char *p, *e;
+ ber_uint_t h;
+
+ p = buf;
+ e = &buf[len];
+
+ h = ctx->hash;
+
+ while( p < e ) {
+ h *= HASH_PRIME;
+ h ^= *p++;
+ }
+
+ ctx->hash = h;
+}
+
+/*
+ * Save hash
+ */
+void
+lutil_HASHFinal( unsigned char *digest, struct lutil_HASHContext *ctx )
+{
+ ber_uint_t h = ctx->hash;
+
+ digest[0] = h & 0xffU;
+ digest[1] = (h>>8) & 0xffU;
+ digest[2] = (h>>16) & 0xffU;
+ digest[3] = (h>>24) & 0xffU;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/ldif.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/ldif.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/ldif.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,898 @@
+/* ldif.c - routines for dealing with LDIF files */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/ldif.c,v 1.2.2.11 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission. This
+ * software is provided ``as is'' without express or implied warranty.
+ */
+/* This work was originally developed by the University of Michigan
+ * and distributed as part of U-MICH LDAP.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/ctype.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/time.h>
+
+int ldif_debug = 0;
+
+#include "ldap_log.h"
+#include "lber_pvt.h"
+#include "ldif.h"
+
+#define RIGHT2 0x03
+#define RIGHT4 0x0f
+#define CONTINUED_LINE_MARKER '\r'
+
+#ifdef CSRIMALLOC
+#define ber_memalloc malloc
+#define ber_memcalloc calloc
+#define ber_memrealloc realloc
+#define ber_strdup strdup
+#endif
+
+static const char nib2b64[0x40] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+static const unsigned char b642nib[0x80] = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
+ 0x3c, 0x3d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+ 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
+ 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+ 0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
+ 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+ 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
+ 0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff
+};
+
+/*
+ * ldif_parse_line - takes a line of the form "type:[:] value" and splits it
+ * into components "type" and "value". if a double colon separates type from
+ * value, then value is encoded in base 64, and parse_line un-decodes it
+ * (in place) before returning. The type and value are stored in malloc'd
+ * memory which must be freed by the caller.
+ *
+ * ldif_parse_line2 - operates in-place on input buffer, returning type
+ * in-place. Will return value in-place if possible, (must malloc for
+ * fetched URLs). If freeval is NULL, all return data will be malloc'd
+ * and the input line will be unmodified. Otherwise freeval is set to
+ * True if the value was malloc'd.
+ */
+
+int
+ldif_parse_line(
+ LDAP_CONST char *line,
+ char **typep,
+ char **valuep,
+ ber_len_t *vlenp
+)
+{
+ struct berval type, value;
+ int rc = ldif_parse_line2( (char *)line, &type, &value, NULL );
+
+ *typep = type.bv_val;
+ *valuep = value.bv_val;
+ *vlenp = value.bv_len;
+ return rc;
+}
+
+int
+ldif_parse_line2(
+ char *line,
+ struct berval *type,
+ struct berval *value,
+ int *freeval
+)
+{
+ char *s, *p, *d;
+ char nib;
+ int b64, url;
+
+ BER_BVZERO( type );
+ BER_BVZERO( value );
+
+ /* skip any leading space */
+ while ( isspace( (unsigned char) *line ) ) {
+ line++;
+ }
+
+ if ( freeval ) {
+ *freeval = 0;
+ } else {
+ line = ber_strdup( line );
+
+ if( line == NULL ) {
+ ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
+ _("ldif_parse_line: line malloc failed\n"));
+ return( -1 );
+ }
+ }
+
+ type->bv_val = line;
+
+ s = strchr( type->bv_val, ':' );
+
+ if ( s == NULL ) {
+ ber_pvt_log_printf( LDAP_DEBUG_PARSE, ldif_debug,
+ _("ldif_parse_line: missing ':' after %s\n"),
+ type->bv_val );
+ if ( !freeval ) ber_memfree( line );
+ return( -1 );
+ }
+
+ /* trim any space between type and : */
+ for ( p = &s[-1]; p > type->bv_val && isspace( * (unsigned char *) p ); p-- ) {
+ *p = '\0';
+ }
+ *s++ = '\0';
+ type->bv_len = s - type->bv_val - 1;
+
+ url = 0;
+ b64 = 0;
+
+ if ( *s == '<' ) {
+ s++;
+ url = 1;
+
+ } else if ( *s == ':' ) {
+ /* base 64 encoded value */
+ s++;
+ b64 = 1;
+ }
+
+ /* skip space between : and value */
+ while ( isspace( (unsigned char) *s ) ) {
+ s++;
+ }
+
+ /* check for continued line markers that should be deleted */
+ for ( p = s, d = s; *p; p++ ) {
+ if ( *p != CONTINUED_LINE_MARKER )
+ *d++ = *p;
+ }
+ *d = '\0';
+
+ if ( b64 ) {
+ char *byte = s;
+
+ if ( *s == '\0' ) {
+ /* no value is present, error out */
+ ber_pvt_log_printf( LDAP_DEBUG_PARSE, ldif_debug,
+ _("ldif_parse_line: %s missing base64 value\n"),
+ type->bv_val );
+ if ( !freeval ) ber_memfree( line );
+ return( -1 );
+ }
+
+ byte = value->bv_val = s;
+
+ for ( p = s, value->bv_len = 0; p < d; p += 4, value->bv_len += 3 ) {
+ int i;
+ for ( i = 0; i < 4; i++ ) {
+ if ( p[i] != '=' && (p[i] & 0x80 ||
+ b642nib[ p[i] & 0x7f ] > 0x3f) ) {
+ ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
+ _("ldif_parse_line: %s: invalid base64 encoding"
+ " char (%c) 0x%x\n"),
+ type->bv_val, p[i], p[i] );
+ if ( !freeval ) ber_memfree( line );
+ return( -1 );
+ }
+ }
+
+ /* first digit */
+ nib = b642nib[ p[0] & 0x7f ];
+ byte[0] = nib << 2;
+ /* second digit */
+ nib = b642nib[ p[1] & 0x7f ];
+ byte[0] |= nib >> 4;
+ byte[1] = (nib & RIGHT4) << 4;
+ /* third digit */
+ if ( p[2] == '=' ) {
+ value->bv_len += 1;
+ break;
+ }
+ nib = b642nib[ p[2] & 0x7f ];
+ byte[1] |= nib >> 2;
+ byte[2] = (nib & RIGHT2) << 6;
+ /* fourth digit */
+ if ( p[3] == '=' ) {
+ value->bv_len += 2;
+ break;
+ }
+ nib = b642nib[ p[3] & 0x7f ];
+ byte[2] |= nib;
+
+ byte += 3;
+ }
+ s[ value->bv_len ] = '\0';
+
+ } else if ( url ) {
+ if ( *s == '\0' ) {
+ /* no value is present, error out */
+ ber_pvt_log_printf( LDAP_DEBUG_PARSE, ldif_debug,
+ _("ldif_parse_line: %s missing URL value\n"),
+ type->bv_val );
+ if ( !freeval ) ber_memfree( line );
+ return( -1 );
+ }
+
+ if( ldif_fetch_url( s, &value->bv_val, &value->bv_len ) ) {
+ ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
+ _("ldif_parse_line: %s: URL \"%s\" fetch failed\n"),
+ type->bv_val, s );
+ if ( !freeval ) ber_memfree( line );
+ return( -1 );
+ }
+ if ( freeval ) *freeval = 1;
+
+ } else {
+ value->bv_val = s;
+ value->bv_len = (int) (d - s);
+ }
+
+ if ( !freeval ) {
+ struct berval bv = *type;
+
+ ber_dupbv( type, &bv );
+
+ if( BER_BVISNULL( type )) {
+ ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
+ _("ldif_parse_line: type malloc failed\n"));
+ if( url ) ber_memfree( value->bv_val );
+ ber_memfree( line );
+ return( -1 );
+ }
+
+ if( !url ) {
+ bv = *value;
+ ber_dupbv( value, &bv );
+ if( BER_BVISNULL( value )) {
+ ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
+ _("ldif_parse_line: value malloc failed\n"));
+ ber_memfree( type->bv_val );
+ ber_memfree( line );
+ return( -1 );
+ }
+ }
+
+ ber_memfree( line );
+ }
+
+ return( 0 );
+}
+
+/*
+ * ldif_getline - return the next "line" (minus newline) of input from a
+ * string buffer of lines separated by newlines, terminated by \n\n
+ * or \0. this routine handles continued lines, bundling them into
+ * a single big line before returning. if a line begins with a white
+ * space character, it is a continuation of the previous line. the white
+ * space character (nb: only one char), and preceeding newline are changed
+ * into CONTINUED_LINE_MARKER chars, to be deleted later by the
+ * ldif_parse_line() routine above.
+ *
+ * ldif_getline will skip over any line which starts '#'.
+ *
+ * ldif_getline takes a pointer to a pointer to the buffer on the first call,
+ * which it updates and must be supplied on subsequent calls.
+ */
+
+int
+ldif_countlines( LDAP_CONST char *buf )
+{
+ char *nl;
+ int ret = 0;
+
+ if ( !buf ) return ret;
+
+ for ( nl = strchr(buf, '\n'); nl; nl = strchr(nl, '\n') ) {
+ nl++;
+ if ( *nl != ' ' ) ret++;
+ }
+ return ret;
+}
+
+char *
+ldif_getline( char **next )
+{
+ char *line;
+
+ do {
+ if ( *next == NULL || **next == '\n' || **next == '\0' ) {
+ return( NULL );
+ }
+
+ line = *next;
+
+ while ( (*next = strchr( *next, '\n' )) != NULL ) {
+#if CONTINUED_LINE_MARKER != '\r'
+ if ( (*next)[-1] == '\r' ) {
+ (*next)[-1] = CONTINUED_LINE_MARKER;
+ }
+#endif
+
+ if ( (*next)[1] != ' ' ) {
+ if ( (*next)[1] == '\r' && (*next)[2] == '\n' ) {
+ *(*next)++ = '\0';
+ }
+ *(*next)++ = '\0';
+ break;
+ }
+
+ **next = CONTINUED_LINE_MARKER;
+ (*next)[1] = CONTINUED_LINE_MARKER;
+ (*next)++;
+ }
+ } while( *line == '#' );
+
+ return( line );
+}
+
+/*
+ * name and OID of attributeTypes that must be base64 encoded in any case
+ */
+typedef struct must_b64_encode_s {
+ struct berval name;
+ struct berval oid;
+} must_b64_encode_s;
+
+static must_b64_encode_s default_must_b64_encode[] = {
+ { BER_BVC( "userPassword" ), BER_BVC( "2.5.4.35" ) },
+ { BER_BVNULL, BER_BVNULL }
+};
+
+static must_b64_encode_s *must_b64_encode = default_must_b64_encode;
+
+/*
+ * register name and OID of attributeTypes that must always be base64
+ * encoded
+ *
+ * NOTE: this routine mallocs memory in a static struct which must
+ * be explicitly freed when no longer required
+ */
+int
+ldif_must_b64_encode_register( LDAP_CONST char *name, LDAP_CONST char *oid )
+{
+ int i;
+ ber_len_t len;
+
+ assert( must_b64_encode != NULL );
+ assert( name != NULL );
+ assert( oid != NULL );
+
+ len = strlen( name );
+
+ for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ ) {
+ if ( len != must_b64_encode[i].name.bv_len ) {
+ continue;
+ }
+
+ if ( strcasecmp( name, must_b64_encode[i].name.bv_val ) == 0 ) {
+ break;
+ }
+ }
+
+ if ( !BER_BVISNULL( &must_b64_encode[i].name ) ) {
+ return 1;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ )
+ /* just count */ ;
+
+ if ( must_b64_encode == default_must_b64_encode ) {
+ must_b64_encode = ber_memalloc( sizeof( must_b64_encode_s ) * ( i + 2 ) );
+
+ for ( i = 0; !BER_BVISNULL( &default_must_b64_encode[i].name ); i++ ) {
+ ber_dupbv( &must_b64_encode[i].name, &default_must_b64_encode[i].name );
+ ber_dupbv( &must_b64_encode[i].oid, &default_must_b64_encode[i].oid );
+ }
+
+ } else {
+ must_b64_encode_s *tmp;
+
+ tmp = ber_memrealloc( must_b64_encode,
+ sizeof( must_b64_encode_s ) * ( i + 2 ) );
+ if ( tmp == NULL ) {
+ return 1;
+ }
+ must_b64_encode = tmp;
+ }
+
+ ber_str2bv( name, len, 1, &must_b64_encode[i].name );
+ ber_str2bv( oid, 0, 1, &must_b64_encode[i].oid );
+
+ BER_BVZERO( &must_b64_encode[i + 1].name );
+
+ return 0;
+}
+
+void
+ldif_must_b64_encode_release( void )
+{
+ int i;
+
+ assert( must_b64_encode != NULL );
+
+ if ( must_b64_encode == default_must_b64_encode ) {
+ return;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ ) {
+ ber_memfree( must_b64_encode[i].name.bv_val );
+ ber_memfree( must_b64_encode[i].oid.bv_val );
+ }
+
+ ber_memfree( must_b64_encode );
+
+ must_b64_encode = default_must_b64_encode;
+}
+
+/*
+ * returns 1 iff the string corresponds to the name or the OID of any
+ * of the attributeTypes listed in must_b64_encode
+ */
+static int
+ldif_must_b64_encode( LDAP_CONST char *s )
+{
+ int i;
+ struct berval bv;
+
+ assert( must_b64_encode != NULL );
+ assert( s != NULL );
+
+ ber_str2bv( s, 0, 0, &bv );
+
+ for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ ) {
+ if ( ber_bvstrcasecmp( &must_b64_encode[i].name, &bv ) == 0
+ || ber_bvcmp( &must_b64_encode[i].oid, &bv ) == 0 )
+ {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+/* compatibility with U-Mich off by one bug */
+#define LDIF_KLUDGE 1
+
+void
+ldif_sput(
+ char **out,
+ int type,
+ LDAP_CONST char *name,
+ LDAP_CONST char *val,
+ ber_len_t vlen )
+{
+ const unsigned char *byte, *stop;
+ unsigned char buf[3];
+ unsigned long bits;
+ char *save;
+ int pad;
+ int namelen = 0;
+
+ ber_len_t savelen;
+ ber_len_t len=0;
+ ber_len_t i;
+
+ /* prefix */
+ switch( type ) {
+ case LDIF_PUT_COMMENT:
+ *(*out)++ = '#';
+ len++;
+
+ if( vlen ) {
+ *(*out)++ = ' ';
+ len++;
+ }
+
+ break;
+
+ case LDIF_PUT_SEP:
+ *(*out)++ = '\n';
+ return;
+ }
+
+ /* name (attribute type) */
+ if( name != NULL ) {
+ /* put the name + ":" */
+ namelen = strlen(name);
+ strcpy(*out, name);
+ *out += namelen;
+ len += namelen;
+
+ if( type != LDIF_PUT_COMMENT ) {
+ *(*out)++ = ':';
+ len++;
+ }
+
+ }
+#ifdef LDAP_DEBUG
+ else {
+ assert( type == LDIF_PUT_COMMENT );
+ }
+#endif
+
+ if( vlen == 0 ) {
+ *(*out)++ = '\n';
+ return;
+ }
+
+ switch( type ) {
+ case LDIF_PUT_NOVALUE:
+ *(*out)++ = '\n';
+ return;
+
+ case LDIF_PUT_URL: /* url value */
+ *(*out)++ = '<';
+ len++;
+ break;
+
+ case LDIF_PUT_B64: /* base64 value */
+ *(*out)++ = ':';
+ len++;
+ break;
+ }
+
+ switch( type ) {
+ case LDIF_PUT_TEXT:
+ case LDIF_PUT_URL:
+ case LDIF_PUT_B64:
+ *(*out)++ = ' ';
+ len++;
+ /* fall-thru */
+
+ case LDIF_PUT_COMMENT:
+ /* pre-encoded names */
+ for ( i=0; i < vlen; i++ ) {
+ if ( len > LDIF_LINE_WIDTH ) {
+ *(*out)++ = '\n';
+ *(*out)++ = ' ';
+ len = 1;
+ }
+
+ *(*out)++ = val[i];
+ len++;
+ }
+ *(*out)++ = '\n';
+ return;
+ }
+
+ save = *out;
+ savelen = len;
+
+ *(*out)++ = ' ';
+ len++;
+
+ stop = (const unsigned char *) (val + vlen);
+
+ if ( type == LDIF_PUT_VALUE
+ && isgraph( (unsigned char) val[0] ) && val[0] != ':' && val[0] != '<'
+ && isgraph( (unsigned char) val[vlen-1] )
+#ifndef LDAP_BINARY_DEBUG
+ && strstr( name, ";binary" ) == NULL
+#endif
+#ifndef LDAP_PASSWD_DEBUG
+ && !ldif_must_b64_encode( name )
+#endif
+ ) {
+ int b64 = 0;
+
+ for ( byte = (const unsigned char *) val; byte < stop;
+ byte++, len++ )
+ {
+ if ( !isascii( *byte ) || !isprint( *byte ) ) {
+ b64 = 1;
+ break;
+ }
+ if ( len > LDIF_LINE_WIDTH+LDIF_KLUDGE ) {
+ *(*out)++ = '\n';
+ *(*out)++ = ' ';
+ len = 1;
+ }
+ *(*out)++ = *byte;
+ }
+
+ if( !b64 ) {
+ *(*out)++ = '\n';
+ return;
+ }
+ }
+
+ *out = save;
+ *(*out)++ = ':';
+ *(*out)++ = ' ';
+ len = savelen + 2;
+
+ /* convert to base 64 (3 bytes => 4 base 64 digits) */
+ for ( byte = (const unsigned char *) val;
+ byte < stop - 2;
+ byte += 3 )
+ {
+ bits = (byte[0] & 0xff) << 16;
+ bits |= (byte[1] & 0xff) << 8;
+ bits |= (byte[2] & 0xff);
+
+ for ( i = 0; i < 4; i++, len++, bits <<= 6 ) {
+ if ( len > LDIF_LINE_WIDTH+LDIF_KLUDGE ) {
+ *(*out)++ = '\n';
+ *(*out)++ = ' ';
+ len = 1;
+ }
+
+ /* get b64 digit from high order 6 bits */
+ *(*out)++ = nib2b64[ (bits & 0xfc0000L) >> 18 ];
+ }
+ }
+
+ /* add padding if necessary */
+ if ( byte < stop ) {
+ for ( i = 0; byte + i < stop; i++ ) {
+ buf[i] = byte[i];
+ }
+ for ( pad = 0; i < 3; i++, pad++ ) {
+ buf[i] = '\0';
+ }
+ byte = buf;
+ bits = (byte[0] & 0xff) << 16;
+ bits |= (byte[1] & 0xff) << 8;
+ bits |= (byte[2] & 0xff);
+
+ for ( i = 0; i < 4; i++, len++, bits <<= 6 ) {
+ if ( len > LDIF_LINE_WIDTH+LDIF_KLUDGE ) {
+ *(*out)++ = '\n';
+ *(*out)++ = ' ';
+ len = 1;
+ }
+
+ if( i + pad < 4 ) {
+ /* get b64 digit from low order 6 bits */
+ *(*out)++ = nib2b64[ (bits & 0xfc0000L) >> 18 ];
+ } else {
+ *(*out)++ = '=';
+ }
+ }
+ }
+ *(*out)++ = '\n';
+}
+
+
+/*
+ * ldif_type_and_value return BER malloc'd, zero-terminated LDIF line
+ */
+char *
+ldif_put(
+ int type,
+ LDAP_CONST char *name,
+ LDAP_CONST char *val,
+ ber_len_t vlen )
+{
+ char *buf, *p;
+ ber_len_t nlen;
+
+ nlen = ( name != NULL ) ? strlen( name ) : 0;
+
+ buf = (char *) ber_memalloc( LDIF_SIZE_NEEDED( nlen, vlen ) + 1 );
+
+ if ( buf == NULL ) {
+ ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
+ _("ldif_type_and_value: malloc failed!"));
+ return NULL;
+ }
+
+ p = buf;
+ ldif_sput( &p, type, name, val, vlen );
+ *p = '\0';
+
+ return( buf );
+}
+
+int ldif_is_not_printable(
+ LDAP_CONST char *val,
+ ber_len_t vlen )
+{
+ if( vlen == 0 || val == NULL ) {
+ return -1;
+ }
+
+ if( isgraph( (unsigned char) val[0] ) && val[0] != ':' && val[0] != '<' &&
+ isgraph( (unsigned char) val[vlen-1] ) )
+ {
+ ber_len_t i;
+
+ for ( i = 0; val[i]; i++ ) {
+ if ( !isascii( val[i] ) || !isprint( (unsigned char) val[i] ) ) {
+ return 1;
+ }
+ }
+
+ return 0;
+ }
+
+ return 1;
+}
+
+LDIFFP *
+ldif_open(
+ LDAP_CONST char *file,
+ LDAP_CONST char *mode
+)
+{
+ FILE *fp = fopen( file, mode );
+ LDIFFP *lfp = NULL;
+
+ if ( fp ) {
+ lfp = ber_memalloc( sizeof( LDIFFP ));
+ lfp->fp = fp;
+ lfp->prev = NULL;
+ }
+ return lfp;
+}
+
+void
+ldif_close(
+ LDIFFP *lfp
+)
+{
+ LDIFFP *prev;
+
+ while ( lfp ) {
+ fclose( lfp->fp );
+ prev = lfp->prev;
+ ber_memfree( lfp );
+ lfp = prev;
+ }
+}
+
+#define LDIF_MAXLINE 4096
+/*
+ * ldif_read_record - read an ldif record. Return 1 for success, 0 for EOF.
+ */
+int
+ldif_read_record(
+ LDIFFP *lfp,
+ int *lno, /* ptr to line number counter */
+ char **bufp, /* ptr to malloced output buffer */
+ int *buflenp ) /* ptr to length of *bufp */
+{
+ char linebuf[LDIF_MAXLINE], *line, *nbufp;
+ ber_len_t lcur = 0, len, linesize;
+ int last_ch = '\n', found_entry = 0, stop, top_comment = 0;
+
+ line = linebuf;
+ linesize = sizeof( linebuf );
+
+ for ( stop = 0; !stop; last_ch = line[len-1] ) {
+ /* If we're at the end of this file, see if we should pop
+ * back to a previous file. (return from an include)
+ */
+ while ( feof( lfp->fp )) {
+ if ( lfp->prev ) {
+ LDIFFP *tmp = lfp->prev;
+ fclose( lfp->fp );
+ *lfp = *tmp;
+ ber_memfree( tmp );
+ } else {
+ stop = 1;
+ break;
+ }
+ }
+ if ( stop )
+ break;
+
+ if ( fgets( line, linesize, lfp->fp ) == NULL ) {
+ stop = 1;
+ /* Add \n in case the file does not end with newline */
+ line = "\n";
+ }
+ len = strlen( line );
+
+ if ( last_ch == '\n' ) {
+ (*lno)++;
+
+ if ( line[0] == '\n' ||
+ ( line[0] == '\r' && line[1] == '\n' )) {
+ if ( !found_entry ) {
+ lcur = 0;
+ top_comment = 0;
+ continue;
+ }
+ break;
+ }
+
+ if ( !found_entry ) {
+ if ( line[0] == '#' ) {
+ top_comment = 1;
+ } else if ( ! ( top_comment && line[0] == ' ' ) ) {
+ /* Found a new entry */
+ found_entry = 1;
+
+ if ( isdigit( (unsigned char) line[0] ) ) {
+ /* skip index */
+ continue;
+ }
+ if ( !strncasecmp( line, "include:",
+ STRLENOF("include:"))) {
+ FILE *fp2;
+ char *ptr;
+ found_entry = 0;
+
+ if ( line[len-1] == '\n' ) {
+ len--;
+ line[len] = '\0';
+ }
+ if ( line[len-1] == '\r' ) {
+ len--;
+ line[len] = '\0';
+ }
+
+ ptr = line + STRLENOF("include:");
+ while (isspace((unsigned char) *ptr)) ptr++;
+ fp2 = ldif_open_url( ptr );
+ if ( fp2 ) {
+ LDIFFP *lnew = ber_memalloc( sizeof( LDIFFP ));
+ lnew->prev = lfp->prev;
+ lnew->fp = lfp->fp;
+ lfp->prev = lnew;
+ lfp->fp = fp2;
+ line[len] = '\n';
+ len++;
+ continue;
+ } else {
+ /* We failed to open the file, this should
+ * be reported as an error somehow.
+ */
+ break;
+ }
+ }
+ }
+ }
+ }
+
+ if ( *buflenp - lcur <= len ) {
+ *buflenp += len + LDIF_MAXLINE;
+ nbufp = ber_memrealloc( *bufp, *buflenp );
+ if( nbufp == NULL ) {
+ return 0;
+ }
+ *bufp = nbufp;
+ }
+ strcpy( *bufp + lcur, line );
+ lcur += len;
+ }
+
+ return( found_entry );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/lockf.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/lockf.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/lockf.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,118 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/lockf.c,v 1.13.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * File Locking Routines
+ *
+ * Implementations (in order of preference)
+ * - lockf
+ * - fcntl
+ * - flock
+ *
+ * Other implementations will be added as needed.
+ *
+ * NOTE: lutil_lockf() MUST block until an exclusive lock is acquired.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/unistd.h>
+
+#undef LOCK_API
+
+#if HAVE_LOCKF && defined(F_LOCK)
+# define USE_LOCKF 1
+# define LOCK_API "lockf"
+#endif
+
+#if !defined(LOCK_API) && HAVE_FCNTL
+# ifdef HAVE_FCNTL_H
+# include <fcntl.h>
+# endif
+# ifdef F_WRLCK
+# define USE_FCNTL 1
+# define LOCK_API "fcntl"
+# endif
+#endif
+
+#if !defined(LOCK_API) && HAVE_FLOCK
+# if HAVE_SYS_FILE_H
+# include <sys/file.h>
+# endif
+# define USE_FLOCK 1
+# define LOCK_API "flock"
+#endif
+
+#if !defined(USE_LOCKF) && !defined(USE_FCNTL) && !defined(USE_FLOCK)
+int lutil_lockf ( int fd ) {
+ fd = fd;
+ return 0;
+}
+
+int lutil_unlockf ( int fd ) {
+ fd = fd;
+ return 0;
+}
+#endif
+
+#ifdef USE_LOCKF
+int lutil_lockf ( int fd ) {
+ /* use F_LOCK instead of F_TLOCK, ie: block */
+ return lockf( fd, F_LOCK, 0 );
+}
+
+int lutil_unlockf ( int fd ) {
+ return lockf( fd, F_ULOCK, 0 );
+}
+#endif
+
+#ifdef USE_FCNTL
+int lutil_lockf ( int fd ) {
+ struct flock file_lock;
+
+ memset( &file_lock, '\0', sizeof( file_lock ) );
+ file_lock.l_type = F_WRLCK;
+ file_lock.l_whence = SEEK_SET;
+ file_lock.l_start = 0;
+ file_lock.l_len = 0;
+
+ /* use F_SETLKW instead of F_SETLK, ie: block */
+ return( fcntl( fd, F_SETLKW, &file_lock ) );
+}
+
+int lutil_unlockf ( int fd ) {
+ struct flock file_lock;
+
+ memset( &file_lock, '\0', sizeof( file_lock ) );
+ file_lock.l_type = F_UNLCK;
+ file_lock.l_whence = SEEK_SET;
+ file_lock.l_start = 0;
+ file_lock.l_len = 0;
+
+ return( fcntl ( fd, F_SETLKW, &file_lock ) );
+}
+#endif
+
+#ifdef USE_FLOCK
+int lutil_lockf ( int fd ) {
+ /* use LOCK_EX instead of LOCK_EX|LOCK_NB, ie: block */
+ return flock( fd, LOCK_EX );
+}
+
+int lutil_unlockf ( int fd ) {
+ return flock( fd, LOCK_UN );
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/md5.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/md5.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/md5.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,332 @@
+/* md5.c -- MD5 message-digest algorithm */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/md5.c,v 1.17.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This work was adapted for inclusion in OpenLDAP Software by
+ * Kurt D. Zeilenga based upon code developed by Colin Plumb
+ * and subsequently modified by Jim Kingdon.
+ */
+
+/*
+ * This code implements the MD5 message-digest algorithm.
+ * The algorithm is due to Ron Rivest. This code was
+ * written by Colin Plumb in 1993, no copyright is claimed.
+ * This code is in the public domain; do with it what you wish.
+ *
+ * Equivalent code is available from RSA Data Security, Inc.
+ * This code has been tested against that, and is equivalent,
+ * except that you don't need to include two pages of legalese
+ * with every copy.
+ *
+ * To compute the message digest of a chunk of bytes, declare an
+ * MD5Context structure, pass it to MD5Init, call MD5Update as
+ * needed on buffers full of bytes, and then call MD5Final, which
+ * will fill a supplied 16-byte array with the digest.
+ */
+
+/* This code was modified in 1997 by Jim Kingdon of Cyclic Software to
+ not require an integer type which is exactly 32 bits. This work
+ draws on the changes for the same purpose by Tatu Ylonen
+ <ylo at cs.hut.fi> as part of SSH, but since I didn't actually use
+ that code, there is no copyright issue. I hereby disclaim
+ copyright in any changes I have made; this code remains in the
+ public domain. */
+
+#include "portable.h"
+
+#include <ac/string.h>
+
+/* include socket.h to get sys/types.h and/or winsock2.h */
+#include <ac/socket.h>
+
+#include <lutil_md5.h>
+
+/* Little-endian byte-swapping routines. Note that these do not
+ depend on the size of datatypes such as ber_uint_t, nor do they require
+ us to detect the endianness of the machine we are running on. It
+ is possible they should be macros for speed, but I would be
+ surprised if they were a performance bottleneck for MD5. */
+
+static ber_uint_t
+getu32( const unsigned char *addr )
+{
+ return (((((unsigned long)addr[3] << 8) | addr[2]) << 8)
+ | addr[1]) << 8 | addr[0];
+}
+
+static void
+putu32( ber_uint_t data, unsigned char *addr )
+{
+ addr[0] = (unsigned char)data;
+ addr[1] = (unsigned char)(data >> 8);
+ addr[2] = (unsigned char)(data >> 16);
+ addr[3] = (unsigned char)(data >> 24);
+}
+
+/*
+ * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
+ * initialization constants.
+ */
+void
+lutil_MD5Init( struct lutil_MD5Context *ctx )
+{
+ ctx->buf[0] = 0x67452301;
+ ctx->buf[1] = 0xefcdab89;
+ ctx->buf[2] = 0x98badcfe;
+ ctx->buf[3] = 0x10325476;
+
+ ctx->bits[0] = 0;
+ ctx->bits[1] = 0;
+}
+
+/*
+ * Update context to reflect the concatenation of another buffer full
+ * of bytes.
+ */
+void
+lutil_MD5Update(
+ struct lutil_MD5Context *ctx,
+ const unsigned char *buf,
+ ber_len_t len
+)
+{
+ ber_uint_t t;
+
+ /* Update bitcount */
+
+ t = ctx->bits[0];
+ if ((ctx->bits[0] = (t + ((ber_uint_t)len << 3)) & 0xffffffff) < t)
+ ctx->bits[1]++; /* Carry from low to high */
+ ctx->bits[1] += len >> 29;
+
+ t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */
+
+ /* Handle any leading odd-sized chunks */
+
+ if ( t ) {
+ unsigned char *p = ctx->in + t;
+
+ t = 64-t;
+ if (len < t) {
+ AC_MEMCPY(p, buf, len);
+ return;
+ }
+ AC_MEMCPY(p, buf, t);
+ lutil_MD5Transform(ctx->buf, ctx->in);
+ buf += t;
+ len -= t;
+ }
+
+ /* Process data in 64-byte chunks */
+
+ while (len >= 64) {
+ AC_MEMCPY(ctx->in, buf, 64);
+ lutil_MD5Transform(ctx->buf, ctx->in);
+ buf += 64;
+ len -= 64;
+ }
+
+ /* Handle any remaining bytes of data. */
+
+ AC_MEMCPY(ctx->in, buf, len);
+}
+
+/*
+ * Final wrapup - pad to 64-byte boundary with the bit pattern
+ * 1 0* (64-bit count of bits processed, MSB-first)
+ */
+void
+lutil_MD5Final( unsigned char *digest, struct lutil_MD5Context *ctx )
+{
+ unsigned count;
+ unsigned char *p;
+
+ /* Compute number of bytes mod 64 */
+ count = (ctx->bits[0] >> 3) & 0x3F;
+
+ /* Set the first char of padding to 0x80. This is safe since there is
+ always at least one byte free */
+ p = ctx->in + count;
+ *p++ = 0x80;
+
+ /* Bytes of padding needed to make 64 bytes */
+ count = 64 - 1 - count;
+
+ /* Pad out to 56 mod 64 */
+ if (count < 8) {
+ /* Two lots of padding: Pad the first block to 64 bytes */
+ memset(p, '\0', count);
+ lutil_MD5Transform(ctx->buf, ctx->in);
+
+ /* Now fill the next block with 56 bytes */
+ memset(ctx->in, '\0', 56);
+ } else {
+ /* Pad block to 56 bytes */
+ memset(p, '\0', count-8);
+ }
+
+ /* Append length in bits and transform */
+ putu32(ctx->bits[0], ctx->in + 56);
+ putu32(ctx->bits[1], ctx->in + 60);
+
+ lutil_MD5Transform(ctx->buf, ctx->in);
+ putu32(ctx->buf[0], digest);
+ putu32(ctx->buf[1], digest + 4);
+ putu32(ctx->buf[2], digest + 8);
+ putu32(ctx->buf[3], digest + 12);
+ memset(ctx, '\0', sizeof(ctx)); /* In case it's sensitive */
+}
+
+#ifndef ASM_MD5
+
+/* The four core functions - F1 is optimized somewhat */
+
+/* #define F1(x, y, z) (x & y | ~x & z) */
+#define F1(x, y, z) (z ^ (x & (y ^ z)))
+#define F2(x, y, z) F1(z, x, y)
+#define F3(x, y, z) (x ^ y ^ z)
+#define F4(x, y, z) (y ^ (x | ~z))
+
+/* This is the central step in the MD5 algorithm. */
+#define MD5STEP(f, w, x, y, z, data, s) \
+ ( w += f(x, y, z) + data, w &= 0xffffffff, w = w<<s | w>>(32-s), w += x )
+
+/*
+ * The core of the MD5 algorithm, this alters an existing MD5 hash to
+ * reflect the addition of 16 longwords of new data. MD5Update blocks
+ * the data and converts bytes into longwords for this routine.
+ */
+void
+lutil_MD5Transform( ber_uint_t *buf, const unsigned char *inraw )
+{
+ register ber_uint_t a, b, c, d;
+ ber_uint_t in[16];
+ int i;
+
+ for (i = 0; i < 16; ++i)
+ in[i] = getu32 (inraw + 4 * i);
+
+ a = buf[0];
+ b = buf[1];
+ c = buf[2];
+ d = buf[3];
+
+ MD5STEP(F1, a, b, c, d, in[ 0]+0xd76aa478, 7);
+ MD5STEP(F1, d, a, b, c, in[ 1]+0xe8c7b756, 12);
+ MD5STEP(F1, c, d, a, b, in[ 2]+0x242070db, 17);
+ MD5STEP(F1, b, c, d, a, in[ 3]+0xc1bdceee, 22);
+ MD5STEP(F1, a, b, c, d, in[ 4]+0xf57c0faf, 7);
+ MD5STEP(F1, d, a, b, c, in[ 5]+0x4787c62a, 12);
+ MD5STEP(F1, c, d, a, b, in[ 6]+0xa8304613, 17);
+ MD5STEP(F1, b, c, d, a, in[ 7]+0xfd469501, 22);
+ MD5STEP(F1, a, b, c, d, in[ 8]+0x698098d8, 7);
+ MD5STEP(F1, d, a, b, c, in[ 9]+0x8b44f7af, 12);
+ MD5STEP(F1, c, d, a, b, in[10]+0xffff5bb1, 17);
+ MD5STEP(F1, b, c, d, a, in[11]+0x895cd7be, 22);
+ MD5STEP(F1, a, b, c, d, in[12]+0x6b901122, 7);
+ MD5STEP(F1, d, a, b, c, in[13]+0xfd987193, 12);
+ MD5STEP(F1, c, d, a, b, in[14]+0xa679438e, 17);
+ MD5STEP(F1, b, c, d, a, in[15]+0x49b40821, 22);
+
+ MD5STEP(F2, a, b, c, d, in[ 1]+0xf61e2562, 5);
+ MD5STEP(F2, d, a, b, c, in[ 6]+0xc040b340, 9);
+ MD5STEP(F2, c, d, a, b, in[11]+0x265e5a51, 14);
+ MD5STEP(F2, b, c, d, a, in[ 0]+0xe9b6c7aa, 20);
+ MD5STEP(F2, a, b, c, d, in[ 5]+0xd62f105d, 5);
+ MD5STEP(F2, d, a, b, c, in[10]+0x02441453, 9);
+ MD5STEP(F2, c, d, a, b, in[15]+0xd8a1e681, 14);
+ MD5STEP(F2, b, c, d, a, in[ 4]+0xe7d3fbc8, 20);
+ MD5STEP(F2, a, b, c, d, in[ 9]+0x21e1cde6, 5);
+ MD5STEP(F2, d, a, b, c, in[14]+0xc33707d6, 9);
+ MD5STEP(F2, c, d, a, b, in[ 3]+0xf4d50d87, 14);
+ MD5STEP(F2, b, c, d, a, in[ 8]+0x455a14ed, 20);
+ MD5STEP(F2, a, b, c, d, in[13]+0xa9e3e905, 5);
+ MD5STEP(F2, d, a, b, c, in[ 2]+0xfcefa3f8, 9);
+ MD5STEP(F2, c, d, a, b, in[ 7]+0x676f02d9, 14);
+ MD5STEP(F2, b, c, d, a, in[12]+0x8d2a4c8a, 20);
+
+ MD5STEP(F3, a, b, c, d, in[ 5]+0xfffa3942, 4);
+ MD5STEP(F3, d, a, b, c, in[ 8]+0x8771f681, 11);
+ MD5STEP(F3, c, d, a, b, in[11]+0x6d9d6122, 16);
+ MD5STEP(F3, b, c, d, a, in[14]+0xfde5380c, 23);
+ MD5STEP(F3, a, b, c, d, in[ 1]+0xa4beea44, 4);
+ MD5STEP(F3, d, a, b, c, in[ 4]+0x4bdecfa9, 11);
+ MD5STEP(F3, c, d, a, b, in[ 7]+0xf6bb4b60, 16);
+ MD5STEP(F3, b, c, d, a, in[10]+0xbebfbc70, 23);
+ MD5STEP(F3, a, b, c, d, in[13]+0x289b7ec6, 4);
+ MD5STEP(F3, d, a, b, c, in[ 0]+0xeaa127fa, 11);
+ MD5STEP(F3, c, d, a, b, in[ 3]+0xd4ef3085, 16);
+ MD5STEP(F3, b, c, d, a, in[ 6]+0x04881d05, 23);
+ MD5STEP(F3, a, b, c, d, in[ 9]+0xd9d4d039, 4);
+ MD5STEP(F3, d, a, b, c, in[12]+0xe6db99e5, 11);
+ MD5STEP(F3, c, d, a, b, in[15]+0x1fa27cf8, 16);
+ MD5STEP(F3, b, c, d, a, in[ 2]+0xc4ac5665, 23);
+
+ MD5STEP(F4, a, b, c, d, in[ 0]+0xf4292244, 6);
+ MD5STEP(F4, d, a, b, c, in[ 7]+0x432aff97, 10);
+ MD5STEP(F4, c, d, a, b, in[14]+0xab9423a7, 15);
+ MD5STEP(F4, b, c, d, a, in[ 5]+0xfc93a039, 21);
+ MD5STEP(F4, a, b, c, d, in[12]+0x655b59c3, 6);
+ MD5STEP(F4, d, a, b, c, in[ 3]+0x8f0ccc92, 10);
+ MD5STEP(F4, c, d, a, b, in[10]+0xffeff47d, 15);
+ MD5STEP(F4, b, c, d, a, in[ 1]+0x85845dd1, 21);
+ MD5STEP(F4, a, b, c, d, in[ 8]+0x6fa87e4f, 6);
+ MD5STEP(F4, d, a, b, c, in[15]+0xfe2ce6e0, 10);
+ MD5STEP(F4, c, d, a, b, in[ 6]+0xa3014314, 15);
+ MD5STEP(F4, b, c, d, a, in[13]+0x4e0811a1, 21);
+ MD5STEP(F4, a, b, c, d, in[ 4]+0xf7537e82, 6);
+ MD5STEP(F4, d, a, b, c, in[11]+0xbd3af235, 10);
+ MD5STEP(F4, c, d, a, b, in[ 2]+0x2ad7d2bb, 15);
+ MD5STEP(F4, b, c, d, a, in[ 9]+0xeb86d391, 21);
+
+ buf[0] += a;
+ buf[1] += b;
+ buf[2] += c;
+ buf[3] += d;
+}
+#endif
+
+#ifdef TEST
+/* Simple test program. Can use it to manually run the tests from
+ RFC1321 for example. */
+#include <stdio.h>
+
+int
+main (int argc, char **argv )
+{
+ struct lutil_MD5Context context;
+ unsigned char checksum[LUTIL_MD5_BYTES];
+ int i;
+ int j;
+
+ if (argc < 2)
+ {
+ fprintf (stderr, "usage: %s string-to-hash\n", argv[0]);
+ return EXIT_FAILURE;
+ }
+ for (j = 1; j < argc; ++j)
+ {
+ printf ("MD5 (\"%s\") = ", argv[j]);
+ lutil_MD5Init (&context);
+ lutil_MD5Update (&context, argv[j], strlen (argv[j]));
+ lutil_MD5Final (checksum, &context);
+ for (i = 0; i < LUTIL_MD5_BYTES; i++)
+ {
+ printf ("%02x", (unsigned int) checksum[i]);
+ }
+ printf ("\n");
+ }
+ return EXIT_SUCCESS;
+}
+#endif /* TEST */
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/memcmp.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/memcmp.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/memcmp.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,33 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/memcmp.c,v 1.6.2.4 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <ac/string.h>
+
+/*
+ * Memory Compare
+ */
+int
+(lutil_memcmp)(const void *v1, const void *v2, size_t n)
+{
+ if (n != 0) {
+ const unsigned char *s1=v1, *s2=v2;
+ do {
+ if (*s1++ != *s2++) return *--s1 - *--s2;
+ } while (--n != 0);
+ }
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/ntservice.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/ntservice.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/ntservice.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,510 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/ntservice.c,v 1.29.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * NT Service manager utilities for OpenLDAP services
+ */
+
+#include "portable.h"
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+
+#include <stdio.h>
+
+#include <windows.h>
+#include <winsvc.h>
+
+#include <ldap.h>
+
+#include "ldap_log.h"
+#include "ldap_pvt_thread.h"
+
+
+#include "ldap_defaults.h"
+
+#include "slapdmsg.h"
+
+#define SCM_NOTIFICATION_INTERVAL 5000
+#define THIRTY_SECONDS (30 * 1000)
+
+int is_NT_Service; /* is this is an NT service? */
+
+SERVICE_STATUS lutil_ServiceStatus;
+SERVICE_STATUS_HANDLE hlutil_ServiceStatus;
+
+ldap_pvt_thread_cond_t started_event, stopped_event;
+ldap_pvt_thread_t start_status_tid, stop_status_tid;
+
+void (*stopfunc)(int);
+
+static char *GetLastErrorString( void );
+
+int lutil_srv_install(LPCTSTR lpszServiceName, LPCTSTR lpszDisplayName,
+ LPCTSTR lpszBinaryPathName, int auto_start)
+{
+ HKEY hKey;
+ DWORD dwValue, dwDisposition;
+ SC_HANDLE schSCManager, schService;
+ char *sp = strchr( lpszBinaryPathName, ' ');
+
+ if ( sp ) *sp = '\0';
+ fprintf( stderr, "The install path is %s.\n", lpszBinaryPathName );
+ if ( sp ) *sp = ' ';
+ if ((schSCManager = OpenSCManager( NULL, NULL, SC_MANAGER_CONNECT|SC_MANAGER_CREATE_SERVICE ) ) != NULL )
+ {
+ if ((schService = CreateService(
+ schSCManager,
+ lpszServiceName,
+ lpszDisplayName,
+ SERVICE_ALL_ACCESS,
+ SERVICE_WIN32_OWN_PROCESS,
+ auto_start ? SERVICE_AUTO_START : SERVICE_DEMAND_START,
+ SERVICE_ERROR_NORMAL,
+ lpszBinaryPathName,
+ NULL, NULL, NULL, NULL, NULL)) != NULL)
+ {
+ char regpath[132];
+ CloseServiceHandle(schService);
+ CloseServiceHandle(schSCManager);
+
+ snprintf( regpath, sizeof regpath,
+ "SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\%s",
+ lpszServiceName );
+ /* Create the registry key for event logging to the Windows NT event log. */
+ if ( RegCreateKeyEx(HKEY_LOCAL_MACHINE,
+ regpath, 0,
+ "REG_SZ", REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey,
+ &dwDisposition) != ERROR_SUCCESS)
+ {
+ fprintf( stderr, "RegCreateKeyEx() failed. GetLastError=%lu (%s)\n", GetLastError(), GetLastErrorString() );
+ RegCloseKey(hKey);
+ return(0);
+ }
+ if ( sp ) *sp = '\0';
+ if ( RegSetValueEx(hKey, "EventMessageFile", 0, REG_EXPAND_SZ, lpszBinaryPathName, strlen(lpszBinaryPathName) + 1) != ERROR_SUCCESS)
+ {
+ fprintf( stderr, "RegSetValueEx(EventMessageFile) failed. GetLastError=%lu (%s)\n", GetLastError(), GetLastErrorString() );
+ RegCloseKey(hKey);
+ return(0);
+ }
+
+ dwValue = EVENTLOG_ERROR_TYPE | EVENTLOG_WARNING_TYPE | EVENTLOG_INFORMATION_TYPE;
+ if ( RegSetValueEx(hKey, "TypesSupported", 0, REG_DWORD, (LPBYTE) &dwValue, sizeof(DWORD)) != ERROR_SUCCESS)
+ {
+ fprintf( stderr, "RegCreateKeyEx(TypesSupported) failed. GetLastError=%lu (%s)\n", GetLastError(), GetLastErrorString() );
+ RegCloseKey(hKey);
+ return(0);
+ }
+ RegCloseKey(hKey);
+ return(1);
+ }
+ else
+ {
+ fprintf( stderr, "CreateService() failed. GetLastError=%lu (%s)\n", GetLastError(), GetLastErrorString() );
+ CloseServiceHandle(schSCManager);
+ return(0);
+ }
+ }
+ else
+ fprintf( stderr, "OpenSCManager() failed. GetLastError=%lu (%s)\n", GetLastError(), GetLastErrorString() );
+ return(0);
+}
+
+
+int lutil_srv_remove(LPCTSTR lpszServiceName, LPCTSTR lpszBinaryPathName)
+{
+ SC_HANDLE schSCManager, schService;
+
+ fprintf( stderr, "The installed path is %s.\n", lpszBinaryPathName );
+ if ((schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT|SC_MANAGER_CREATE_SERVICE)) != NULL )
+ {
+ if ((schService = OpenService(schSCManager, lpszServiceName, DELETE)) != NULL)
+ {
+ if ( DeleteService(schService) == TRUE)
+ {
+ CloseServiceHandle(schService);
+ CloseServiceHandle(schSCManager);
+ return(1);
+ } else {
+ fprintf( stderr, "DeleteService() failed. GetLastError=%lu (%s)\n", GetLastError(), GetLastErrorString() );
+ fprintf( stderr, "The %s service has not been removed.\n", lpszBinaryPathName);
+ CloseServiceHandle(schService);
+ CloseServiceHandle(schSCManager);
+ return(0);
+ }
+ } else {
+ fprintf( stderr, "OpenService() failed. GetLastError=%lu (%s)\n", GetLastError(), GetLastErrorString() );
+ CloseServiceHandle(schSCManager);
+ return(0);
+ }
+ }
+ else
+ fprintf( stderr, "OpenSCManager() failed. GetLastError=%lu (%s)\n", GetLastError(), GetLastErrorString() );
+ return(0);
+}
+
+
+#if 0 /* unused */
+DWORD
+svc_installed (LPTSTR lpszServiceName, LPTSTR lpszBinaryPathName)
+{
+ char buf[256];
+ HKEY key;
+ DWORD rc;
+ DWORD type;
+ long len;
+
+ strcpy(buf, TEXT("SYSTEM\\CurrentControlSet\\Services\\"));
+ strcat(buf, lpszServiceName);
+ if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, buf, 0, KEY_QUERY_VALUE, &key) != ERROR_SUCCESS)
+ return(-1);
+
+ rc = 0;
+ if (lpszBinaryPathName) {
+ len = sizeof(buf);
+ if (RegQueryValueEx(key, "ImagePath", NULL, &type, buf, &len) == ERROR_SUCCESS) {
+ if (strcmp(lpszBinaryPathName, buf))
+ rc = -1;
+ }
+ }
+ RegCloseKey(key);
+ return(rc);
+}
+
+
+DWORD
+svc_running (LPTSTR lpszServiceName)
+{
+ SC_HANDLE service;
+ SC_HANDLE scm;
+ DWORD rc;
+ SERVICE_STATUS ss;
+
+ if (!(scm = OpenSCManager(NULL, NULL, GENERIC_READ)))
+ return(GetLastError());
+
+ rc = 1;
+ service = OpenService(scm, lpszServiceName, SERVICE_QUERY_STATUS);
+ if (service) {
+ if (!QueryServiceStatus(service, &ss))
+ rc = GetLastError();
+ else if (ss.dwCurrentState != SERVICE_STOPPED)
+ rc = 0;
+ CloseServiceHandle(service);
+ }
+ CloseServiceHandle(scm);
+ return(rc);
+}
+#endif
+
+static void *start_status_routine( void *ptr )
+{
+ DWORD wait_result;
+ int done = 0;
+
+ while ( !done )
+ {
+ wait_result = WaitForSingleObject( started_event, SCM_NOTIFICATION_INTERVAL );
+ switch ( wait_result )
+ {
+ case WAIT_ABANDONED:
+ case WAIT_OBJECT_0:
+ /* the object that we were waiting for has been destroyed (ABANDONED) or
+ * signalled (TIMEOUT_0). We can assume that the startup process is
+ * complete and tell the Service Control Manager that we are now runnng */
+ lutil_ServiceStatus.dwCurrentState = SERVICE_RUNNING;
+ lutil_ServiceStatus.dwWin32ExitCode = NO_ERROR;
+ lutil_ServiceStatus.dwCheckPoint++;
+ lutil_ServiceStatus.dwWaitHint = 1000;
+ SetServiceStatus(hlutil_ServiceStatus, &lutil_ServiceStatus);
+ done = 1;
+ break;
+ case WAIT_TIMEOUT:
+ /* We've waited for the required time, so send an update to the Service Control
+ * Manager saying to wait again. */
+ lutil_ServiceStatus.dwCheckPoint++;
+ lutil_ServiceStatus.dwWaitHint = SCM_NOTIFICATION_INTERVAL * 2;
+ SetServiceStatus(hlutil_ServiceStatus, &lutil_ServiceStatus);
+ break;
+ case WAIT_FAILED:
+ /* theres been some problem with WaitForSingleObject so tell the Service
+ * Control Manager to wait 30 seconds before deploying its assasin and
+ * then leave the thread. */
+ lutil_ServiceStatus.dwCheckPoint++;
+ lutil_ServiceStatus.dwWaitHint = THIRTY_SECONDS;
+ SetServiceStatus(hlutil_ServiceStatus, &lutil_ServiceStatus);
+ done = 1;
+ break;
+ }
+ }
+ ldap_pvt_thread_exit(NULL);
+ return NULL;
+}
+
+
+
+static void *stop_status_routine( void *ptr )
+{
+ DWORD wait_result;
+ int done = 0;
+
+ while ( !done )
+ {
+ wait_result = WaitForSingleObject( stopped_event, SCM_NOTIFICATION_INTERVAL );
+ switch ( wait_result )
+ {
+ case WAIT_ABANDONED:
+ case WAIT_OBJECT_0:
+ /* the object that we were waiting for has been destroyed (ABANDONED) or
+ * signalled (TIMEOUT_0). The shutting down process is therefore complete
+ * and the final SERVICE_STOPPED message will be sent to the service control
+ * manager prior to the process terminating. */
+ done = 1;
+ break;
+ case WAIT_TIMEOUT:
+ /* We've waited for the required time, so send an update to the Service Control
+ * Manager saying to wait again. */
+ lutil_ServiceStatus.dwCheckPoint++;
+ lutil_ServiceStatus.dwWaitHint = SCM_NOTIFICATION_INTERVAL * 2;
+ SetServiceStatus(hlutil_ServiceStatus, &lutil_ServiceStatus);
+ break;
+ case WAIT_FAILED:
+ /* theres been some problem with WaitForSingleObject so tell the Service
+ * Control Manager to wait 30 seconds before deploying its assasin and
+ * then leave the thread. */
+ lutil_ServiceStatus.dwCheckPoint++;
+ lutil_ServiceStatus.dwWaitHint = THIRTY_SECONDS;
+ SetServiceStatus(hlutil_ServiceStatus, &lutil_ServiceStatus);
+ done = 1;
+ break;
+ }
+ }
+ ldap_pvt_thread_exit(NULL);
+ return NULL;
+}
+
+
+
+static void WINAPI lutil_ServiceCtrlHandler( IN DWORD Opcode)
+{
+ switch (Opcode)
+ {
+ case SERVICE_CONTROL_STOP:
+ case SERVICE_CONTROL_SHUTDOWN:
+
+ lutil_ServiceStatus.dwCurrentState = SERVICE_STOP_PENDING;
+ lutil_ServiceStatus.dwCheckPoint++;
+ lutil_ServiceStatus.dwWaitHint = SCM_NOTIFICATION_INTERVAL * 2;
+ SetServiceStatus(hlutil_ServiceStatus, &lutil_ServiceStatus);
+
+ ldap_pvt_thread_cond_init( &stopped_event );
+ if ( stopped_event == NULL )
+ {
+ /* the event was not created. We will ask the service control manager for 30
+ * seconds to shutdown */
+ lutil_ServiceStatus.dwCheckPoint++;
+ lutil_ServiceStatus.dwWaitHint = THIRTY_SECONDS;
+ SetServiceStatus(hlutil_ServiceStatus, &lutil_ServiceStatus);
+ }
+ else
+ {
+ /* start a thread to report the progress to the service control manager
+ * until the stopped_event is fired. */
+ if ( ldap_pvt_thread_create( &stop_status_tid, 0, stop_status_routine, NULL ) == 0 )
+ {
+
+ }
+ else {
+ /* failed to create the thread that tells the Service Control Manager that the
+ * service stopping is proceeding.
+ * tell the Service Control Manager to wait another 30 seconds before deploying its
+ * assasin. */
+ lutil_ServiceStatus.dwCheckPoint++;
+ lutil_ServiceStatus.dwWaitHint = THIRTY_SECONDS;
+ SetServiceStatus(hlutil_ServiceStatus, &lutil_ServiceStatus);
+ }
+ }
+ stopfunc( -1 );
+ break;
+
+ case SERVICE_CONTROL_INTERROGATE:
+ SetServiceStatus(hlutil_ServiceStatus, &lutil_ServiceStatus);
+ break;
+ }
+ return;
+}
+
+void *lutil_getRegParam( char *svc, char *value )
+{
+ HKEY hkey;
+ char path[255];
+ DWORD vType;
+ static char vValue[1024];
+ DWORD valLen = sizeof( vValue );
+
+ if ( svc != NULL )
+ snprintf ( path, sizeof path, "SOFTWARE\\%s", svc );
+ else
+ snprintf ( path, sizeof path, "SOFTWARE\\OpenLDAP\\Parameters" );
+
+ if ( RegOpenKeyEx( HKEY_LOCAL_MACHINE, path, 0, KEY_READ, &hkey ) != ERROR_SUCCESS )
+ {
+ return NULL;
+ }
+
+ if ( RegQueryValueEx( hkey, value, NULL, &vType, vValue, &valLen ) != ERROR_SUCCESS )
+ {
+ RegCloseKey( hkey );
+ return NULL;
+ }
+ RegCloseKey( hkey );
+
+ switch ( vType )
+ {
+ case REG_BINARY:
+ case REG_DWORD:
+ return (void*)&vValue;
+ case REG_SZ:
+ return (void*)&vValue;
+ }
+ return (void*)NULL;
+}
+
+void lutil_LogStartedEvent( char *svc, int slap_debug, char *configfile, char *urls )
+{
+ char *Inserts[5];
+ WORD i = 0, j;
+ HANDLE hEventLog;
+
+ hEventLog = RegisterEventSource( NULL, svc );
+
+ Inserts[i] = (char *)malloc( 20 );
+ itoa( slap_debug, Inserts[i++], 10 );
+ Inserts[i++] = strdup( configfile );
+ Inserts[i++] = strdup( urls ? urls : "ldap:///" );
+
+ ReportEvent( hEventLog, EVENTLOG_INFORMATION_TYPE, 0,
+ MSG_SVC_STARTED, NULL, i, 0, (LPCSTR *) Inserts, NULL );
+
+ for ( j = 0; j < i; j++ )
+ ldap_memfree( Inserts[j] );
+ DeregisterEventSource( hEventLog );
+}
+
+
+
+void lutil_LogStoppedEvent( char *svc )
+{
+ HANDLE hEventLog;
+
+ hEventLog = RegisterEventSource( NULL, svc );
+ ReportEvent( hEventLog, EVENTLOG_INFORMATION_TYPE, 0,
+ MSG_SVC_STOPPED, NULL, 0, 0, NULL, NULL );
+ DeregisterEventSource( hEventLog );
+}
+
+
+void lutil_CommenceStartupProcessing( char *lpszServiceName,
+ void (*stopper)(int) )
+{
+ hlutil_ServiceStatus = RegisterServiceCtrlHandler( lpszServiceName, (LPHANDLER_FUNCTION)lutil_ServiceCtrlHandler);
+
+ stopfunc = stopper;
+
+ /* initialize the Service Status structure */
+ lutil_ServiceStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
+ lutil_ServiceStatus.dwCurrentState = SERVICE_START_PENDING;
+ lutil_ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN;
+ lutil_ServiceStatus.dwWin32ExitCode = NO_ERROR;
+ lutil_ServiceStatus.dwServiceSpecificExitCode = 0;
+ lutil_ServiceStatus.dwCheckPoint = 1;
+ lutil_ServiceStatus.dwWaitHint = SCM_NOTIFICATION_INTERVAL * 2;
+
+ SetServiceStatus(hlutil_ServiceStatus, &lutil_ServiceStatus);
+
+ /* start up a thread to keep sending SERVICE_START_PENDING to the Service Control Manager
+ * until the slapd listener is completed and listening. Only then should we send
+ * SERVICE_RUNNING to the Service Control Manager. */
+ ldap_pvt_thread_cond_init( &started_event );
+ if ( started_event == NULL)
+ {
+ /* failed to create the event to determine when the startup process is complete so
+ * tell the Service Control Manager to wait another 30 seconds before deploying its
+ * assasin */
+ lutil_ServiceStatus.dwCheckPoint++;
+ lutil_ServiceStatus.dwWaitHint = THIRTY_SECONDS;
+ SetServiceStatus(hlutil_ServiceStatus, &lutil_ServiceStatus);
+ }
+ else
+ {
+ /* start a thread to report the progress to the service control manager
+ * until the started_event is fired. */
+ if ( ldap_pvt_thread_create( &start_status_tid, 0, start_status_routine, NULL ) == 0 )
+ {
+
+ }
+ else {
+ /* failed to create the thread that tells the Service Control Manager that the
+ * service startup is proceeding.
+ * tell the Service Control Manager to wait another 30 seconds before deploying its
+ * assasin. */
+ lutil_ServiceStatus.dwCheckPoint++;
+ lutil_ServiceStatus.dwWaitHint = THIRTY_SECONDS;
+ SetServiceStatus(hlutil_ServiceStatus, &lutil_ServiceStatus);
+ }
+ }
+}
+
+void lutil_ReportShutdownComplete( )
+{
+ if ( is_NT_Service )
+ {
+ /* stop sending SERVICE_STOP_PENDING messages to the Service Control Manager */
+ ldap_pvt_thread_cond_signal( &stopped_event );
+ ldap_pvt_thread_cond_destroy( &stopped_event );
+
+ /* wait for the thread sending the SERVICE_STOP_PENDING messages to the Service Control Manager to die.
+ * if the wait fails then put ourselves to sleep for half the Service Control Manager update interval */
+ if (ldap_pvt_thread_join( stop_status_tid, (void *) NULL ) == -1)
+ ldap_pvt_thread_sleep( SCM_NOTIFICATION_INTERVAL / 2 );
+
+ lutil_ServiceStatus.dwCurrentState = SERVICE_STOPPED;
+ lutil_ServiceStatus.dwCheckPoint++;
+ lutil_ServiceStatus.dwWaitHint = SCM_NOTIFICATION_INTERVAL;
+ SetServiceStatus(hlutil_ServiceStatus, &lutil_ServiceStatus);
+ }
+}
+
+static char *GetErrorString( int err )
+{
+ static char msgBuf[1024];
+
+ FormatMessage(
+ FORMAT_MESSAGE_FROM_SYSTEM,
+ NULL,
+ err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+ msgBuf, 1024, NULL );
+
+ return msgBuf;
+}
+
+static char *GetLastErrorString( void )
+{
+ return GetErrorString( GetLastError() );
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/passfile.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/passfile.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/passfile.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,106 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/passfile.c,v 1.6.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/ctype.h>
+#include <ac/string.h>
+
+#ifdef HAVE_FSTAT
+#include <sys/types.h>
+#include <sys/stat.h>
+#endif /* HAVE_FSTAT */
+
+#include <lber.h>
+#include <lutil.h>
+
+/* Get a password from a file. */
+int
+lutil_get_filed_password(
+ const char *filename,
+ struct berval *passwd )
+{
+ size_t nread, nleft, nr;
+ FILE *f = fopen( filename, "r" );
+
+ if( f == NULL ) {
+ perror( filename );
+ return -1;
+ }
+
+ passwd->bv_val = NULL;
+ passwd->bv_len = 4196;
+
+#ifdef HAVE_FSTAT
+ {
+ struct stat sb;
+ if ( fstat( fileno( f ), &sb ) == 0 ) {
+ if( sb.st_mode & 006 ) {
+ fprintf( stderr, _("Warning: Password file %s"
+ " is publicly readable/writeable\n"),
+ filename );
+ }
+
+ passwd->bv_len = sb.st_size;
+ }
+ }
+#endif /* HAVE_FSTAT */
+
+ passwd->bv_val = (char *) malloc( passwd->bv_len + 1 );
+ if( passwd->bv_val == NULL ) {
+ perror( filename );
+ return -1;
+ }
+
+ nread = 0;
+ nleft = passwd->bv_len;
+ do {
+ if( nleft == 0 ) {
+ /* double the buffer size */
+ char *p = (char *) realloc( passwd->bv_val,
+ 2 * passwd->bv_len + 1 );
+ if( p == NULL ) {
+ free( passwd->bv_val );
+ passwd->bv_val = NULL;
+ passwd->bv_len = 0;
+ return -1;
+ }
+ nleft = passwd->bv_len;
+ passwd->bv_len *= 2;
+ passwd->bv_val = p;
+ }
+
+ nr = fread( &passwd->bv_val[nread], 1, nleft, f );
+
+ if( nr < nleft && ferror( f ) ) {
+ free( passwd->bv_val );
+ passwd->bv_val = NULL;
+ passwd->bv_len = 0;
+ return -1;
+ }
+
+ nread += nr;
+ nleft -= nr;
+ } while ( !feof(f) );
+
+ passwd->bv_len = nread;
+ passwd->bv_val[nread] = '\0';
+
+ fclose( f );
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/passwd.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/passwd.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/passwd.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1129 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/passwd.c,v 1.92.2.11 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * int lutil_passwd(
+ * const struct berval *passwd,
+ * const struct berval *cred,
+ * const char **schemes )
+ *
+ * Returns true if user supplied credentials (cred) matches
+ * the stored password (passwd).
+ *
+ * Due to the use of the crypt(3) function
+ * this routine is NOT thread-safe.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#if defined(SLAPD_LMHASH)
+# include <openssl/des.h>
+#endif /* SLAPD_LMHASH */
+
+#include <ac/param.h>
+
+#ifdef SLAPD_CRYPT
+# include <ac/crypt.h>
+
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_STRUCT_PASSWD_PW_PASSWD )
+# ifdef HAVE_SHADOW_H
+# include <shadow.h>
+# endif
+# ifdef HAVE_PWD_H
+# include <pwd.h>
+# endif
+# ifdef HAVE_AIX_SECURITY
+# include <userpw.h>
+# endif
+# endif
+#endif
+
+#include <lber.h>
+
+#include "ldap_pvt.h"
+#include "lber_pvt.h"
+
+#include "lutil_md5.h"
+#include "lutil_sha1.h"
+#include "lutil.h"
+
+static const unsigned char crypt64[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890./";
+
+#ifdef SLAPD_CRYPT
+static char *salt_format = NULL;
+static lutil_cryptfunc lutil_crypt;
+lutil_cryptfunc *lutil_cryptptr = lutil_crypt;
+#endif
+
+/* KLUDGE:
+ * chk_fn is NULL iff name is {CLEARTEXT}
+ * otherwise, things will break
+ */
+struct pw_scheme {
+ struct berval name;
+ LUTIL_PASSWD_CHK_FUNC *chk_fn;
+ LUTIL_PASSWD_HASH_FUNC *hash_fn;
+};
+
+struct pw_slist {
+ struct pw_slist *next;
+ struct pw_scheme s;
+};
+
+/* password check routines */
+
+#define SALT_SIZE 4
+
+static LUTIL_PASSWD_CHK_FUNC chk_md5;
+static LUTIL_PASSWD_CHK_FUNC chk_smd5;
+static LUTIL_PASSWD_HASH_FUNC hash_smd5;
+static LUTIL_PASSWD_HASH_FUNC hash_md5;
+
+
+#ifdef LUTIL_SHA1_BYTES
+static LUTIL_PASSWD_CHK_FUNC chk_ssha1;
+static LUTIL_PASSWD_CHK_FUNC chk_sha1;
+static LUTIL_PASSWD_HASH_FUNC hash_sha1;
+static LUTIL_PASSWD_HASH_FUNC hash_ssha1;
+#endif
+
+#ifdef SLAPD_LMHASH
+static LUTIL_PASSWD_CHK_FUNC chk_lanman;
+static LUTIL_PASSWD_HASH_FUNC hash_lanman;
+#endif
+
+#ifdef SLAPD_CRYPT
+static LUTIL_PASSWD_CHK_FUNC chk_crypt;
+static LUTIL_PASSWD_HASH_FUNC hash_crypt;
+
+#if defined( HAVE_GETPWNAM ) && defined( HAVE_STRUCT_PASSWD_PW_PASSWD )
+static LUTIL_PASSWD_CHK_FUNC chk_unix;
+#endif
+#endif
+
+/* password hash routines */
+
+#ifdef SLAPD_CLEARTEXT
+static LUTIL_PASSWD_HASH_FUNC hash_clear;
+#endif
+
+static struct pw_slist *pw_schemes;
+static int pw_inited;
+
+static const struct pw_scheme pw_schemes_default[] =
+{
+#ifdef LUTIL_SHA1_BYTES
+ { BER_BVC("{SSHA}"), chk_ssha1, hash_ssha1 },
+ { BER_BVC("{SHA}"), chk_sha1, hash_sha1 },
+#endif
+
+ { BER_BVC("{SMD5}"), chk_smd5, hash_smd5 },
+ { BER_BVC("{MD5}"), chk_md5, hash_md5 },
+
+#ifdef SLAPD_LMHASH
+ { BER_BVC("{LANMAN}"), chk_lanman, hash_lanman },
+#endif /* SLAPD_LMHASH */
+
+#ifdef SLAPD_CRYPT
+ { BER_BVC("{CRYPT}"), chk_crypt, hash_crypt },
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_STRUCT_PASSWD_PW_PASSWD )
+ { BER_BVC("{UNIX}"), chk_unix, NULL },
+# endif
+#endif
+
+#ifdef SLAPD_CLEARTEXT
+ /* pseudo scheme */
+ { BER_BVC("{CLEARTEXT}"), NULL, hash_clear },
+#endif
+
+ { BER_BVNULL, NULL, NULL }
+};
+
+int lutil_passwd_add(
+ struct berval *scheme,
+ LUTIL_PASSWD_CHK_FUNC *chk,
+ LUTIL_PASSWD_HASH_FUNC *hash )
+{
+ struct pw_slist *ptr;
+
+ if (!pw_inited) lutil_passwd_init();
+
+ ptr = ber_memalloc( sizeof( struct pw_slist ));
+ if (!ptr) return -1;
+ ptr->next = pw_schemes;
+ ptr->s.name = *scheme;
+ ptr->s.chk_fn = chk;
+ ptr->s.hash_fn = hash;
+ pw_schemes = ptr;
+ return 0;
+}
+
+void lutil_passwd_init()
+{
+ struct pw_scheme *s;
+
+ pw_inited = 1;
+
+ for( s=(struct pw_scheme *)pw_schemes_default; s->name.bv_val; s++) {
+ if ( lutil_passwd_add( &s->name, s->chk_fn, s->hash_fn ) ) break;
+ }
+}
+
+void lutil_passwd_destroy()
+{
+ struct pw_slist *ptr, *next;
+
+ for( ptr=pw_schemes; ptr; ptr=next ) {
+ next = ptr->next;
+ ber_memfree( ptr );
+ }
+}
+
+static const struct pw_scheme *get_scheme(
+ const char* scheme )
+{
+ struct pw_slist *pws;
+ struct berval bv;
+
+ if (!pw_inited) lutil_passwd_init();
+
+ bv.bv_val = strchr( scheme, '}' );
+ if ( !bv.bv_val )
+ return NULL;
+
+ bv.bv_len = bv.bv_val - scheme + 1;
+ bv.bv_val = (char *) scheme;
+
+ for( pws=pw_schemes; pws; pws=pws->next ) {
+ if ( ber_bvstrcasecmp(&bv, &pws->s.name ) == 0 ) {
+ return &(pws->s);
+ }
+ }
+
+ return NULL;
+}
+
+int lutil_passwd_scheme(
+ const char* scheme )
+{
+ if( scheme == NULL ) {
+ return 0;
+ }
+
+ return get_scheme(scheme) != NULL;
+}
+
+
+static int is_allowed_scheme(
+ const char* scheme,
+ const char** schemes )
+{
+ int i;
+
+ if( schemes == NULL ) return 1;
+
+ for( i=0; schemes[i] != NULL; i++ ) {
+ if( strcasecmp( scheme, schemes[i] ) == 0 ) {
+ return 1;
+ }
+ }
+ return 0;
+}
+
+static struct berval *passwd_scheme(
+ const struct pw_scheme *scheme,
+ const struct berval * passwd,
+ struct berval *bv,
+ const char** allowed )
+{
+ if( !is_allowed_scheme( scheme->name.bv_val, allowed ) ) {
+ return NULL;
+ }
+
+ if( passwd->bv_len >= scheme->name.bv_len ) {
+ if( strncasecmp( passwd->bv_val, scheme->name.bv_val, scheme->name.bv_len ) == 0 ) {
+ bv->bv_val = &passwd->bv_val[scheme->name.bv_len];
+ bv->bv_len = passwd->bv_len - scheme->name.bv_len;
+
+ return bv;
+ }
+ }
+
+ return NULL;
+}
+
+/*
+ * Return 0 if creds are good.
+ */
+int
+lutil_passwd(
+ const struct berval *passwd, /* stored passwd */
+ const struct berval *cred, /* user cred */
+ const char **schemes,
+ const char **text )
+{
+ struct pw_slist *pws;
+
+ if ( text ) *text = NULL;
+
+ if (cred == NULL || cred->bv_len == 0 ||
+ passwd == NULL || passwd->bv_len == 0 )
+ {
+ return -1;
+ }
+
+ if (!pw_inited) lutil_passwd_init();
+
+ for( pws=pw_schemes; pws; pws=pws->next ) {
+ if( pws->s.chk_fn ) {
+ struct berval x;
+ struct berval *p = passwd_scheme( &(pws->s),
+ passwd, &x, schemes );
+
+ if( p != NULL ) {
+ return (pws->s.chk_fn)( &(pws->s.name), p, cred, text );
+ }
+ }
+ }
+
+#ifdef SLAPD_CLEARTEXT
+ /* Do we think there is a scheme specifier here that we
+ * didn't recognize? Assume a scheme name is at least 1 character.
+ */
+ if (( passwd->bv_val[0] == '{' ) &&
+ ( ber_bvchr( passwd, '}' ) > passwd->bv_val+1 ))
+ {
+ return 1;
+ }
+ if( is_allowed_scheme("{CLEARTEXT}", schemes ) ) {
+ return ( passwd->bv_len == cred->bv_len ) ?
+ memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
+ : 1;
+ }
+#endif
+ return 1;
+}
+
+int lutil_passwd_generate( struct berval *pw, ber_len_t len )
+{
+
+ if( len < 1 ) return -1;
+
+ pw->bv_len = len;
+ pw->bv_val = ber_memalloc( len + 1 );
+
+ if( pw->bv_val == NULL ) {
+ return -1;
+ }
+
+ if( lutil_entropy( (unsigned char *) pw->bv_val, pw->bv_len) < 0 ) {
+ return -1;
+ }
+
+ for( len = 0; len < pw->bv_len; len++ ) {
+ pw->bv_val[len] = crypt64[
+ pw->bv_val[len] % (sizeof(crypt64)-1) ];
+ }
+
+ pw->bv_val[len] = '\0';
+
+ return 0;
+}
+
+int lutil_passwd_hash(
+ const struct berval * passwd,
+ const char * method,
+ struct berval *hash,
+ const char **text )
+{
+ const struct pw_scheme *sc = get_scheme( method );
+
+ hash->bv_val = NULL;
+ hash->bv_len = 0;
+
+ if( sc == NULL ) {
+ if( text ) *text = "scheme not recognized";
+ return -1;
+ }
+
+ if( ! sc->hash_fn ) {
+ if( text ) *text = "scheme provided no hash function";
+ return -1;
+ }
+
+ if( text ) *text = NULL;
+
+ return (sc->hash_fn)( &sc->name, passwd, hash, text );
+}
+
+/* pw_string is only called when SLAPD_LMHASH or SLAPD_CRYPT is defined */
+#if defined(SLAPD_LMHASH) || defined(SLAPD_CRYPT)
+static int pw_string(
+ const struct berval *sc,
+ struct berval *passwd )
+{
+ struct berval pw;
+
+ pw.bv_len = sc->bv_len + passwd->bv_len;
+ pw.bv_val = ber_memalloc( pw.bv_len + 1 );
+
+ if( pw.bv_val == NULL ) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ AC_MEMCPY( pw.bv_val, sc->bv_val, sc->bv_len );
+ AC_MEMCPY( &pw.bv_val[sc->bv_len], passwd->bv_val, passwd->bv_len );
+
+ pw.bv_val[pw.bv_len] = '\0';
+ *passwd = pw;
+
+ return LUTIL_PASSWD_OK;
+}
+#endif /* SLAPD_LMHASH || SLAPD_CRYPT */
+
+static int pw_string64(
+ const struct berval *sc,
+ const struct berval *hash,
+ struct berval *b64,
+ const struct berval *salt )
+{
+ int rc;
+ struct berval string;
+ size_t b64len;
+
+ if( salt ) {
+ /* need to base64 combined string */
+ string.bv_len = hash->bv_len + salt->bv_len;
+ string.bv_val = ber_memalloc( string.bv_len + 1 );
+
+ if( string.bv_val == NULL ) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ AC_MEMCPY( string.bv_val, hash->bv_val,
+ hash->bv_len );
+ AC_MEMCPY( &string.bv_val[hash->bv_len], salt->bv_val,
+ salt->bv_len );
+ string.bv_val[string.bv_len] = '\0';
+
+ } else {
+ string = *hash;
+ }
+
+ b64len = LUTIL_BASE64_ENCODE_LEN( string.bv_len ) + 1;
+ b64->bv_len = b64len + sc->bv_len;
+ b64->bv_val = ber_memalloc( b64->bv_len + 1 );
+
+ if( b64->bv_val == NULL ) {
+ if( salt ) ber_memfree( string.bv_val );
+ return LUTIL_PASSWD_ERR;
+ }
+
+ AC_MEMCPY(b64->bv_val, sc->bv_val, sc->bv_len);
+
+ rc = lutil_b64_ntop(
+ (unsigned char *) string.bv_val, string.bv_len,
+ &b64->bv_val[sc->bv_len], b64len );
+
+ if( salt ) ber_memfree( string.bv_val );
+
+ if( rc < 0 ) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ /* recompute length */
+ b64->bv_len = sc->bv_len + rc;
+ assert( strlen(b64->bv_val) == b64->bv_len );
+ return LUTIL_PASSWD_OK;
+}
+
+/* PASSWORD CHECK ROUTINES */
+
+#ifdef LUTIL_SHA1_BYTES
+static int chk_ssha1(
+ const struct berval *sc,
+ const struct berval * passwd,
+ const struct berval * cred,
+ const char **text )
+{
+ lutil_SHA1_CTX SHA1context;
+ unsigned char SHA1digest[LUTIL_SHA1_BYTES];
+ int rc;
+ unsigned char *orig_pass = NULL;
+
+ /* safety check -- must have some salt */
+ if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(SHA1digest)) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ /* decode base64 password */
+ orig_pass = (unsigned char *) ber_memalloc( (size_t) (
+ LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) );
+
+ if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
+
+ rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
+
+ /* safety check -- must have some salt */
+ if (rc <= (int)(sizeof(SHA1digest))) {
+ ber_memfree(orig_pass);
+ return LUTIL_PASSWD_ERR;
+ }
+
+ /* hash credentials with salt */
+ lutil_SHA1Init(&SHA1context);
+ lutil_SHA1Update(&SHA1context,
+ (const unsigned char *) cred->bv_val, cred->bv_len);
+ lutil_SHA1Update(&SHA1context,
+ (const unsigned char *) &orig_pass[sizeof(SHA1digest)],
+ rc - sizeof(SHA1digest));
+ lutil_SHA1Final(SHA1digest, &SHA1context);
+
+ /* compare */
+ rc = memcmp((char *)orig_pass, (char *)SHA1digest, sizeof(SHA1digest));
+ ber_memfree(orig_pass);
+ return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
+static int chk_sha1(
+ const struct berval *sc,
+ const struct berval * passwd,
+ const struct berval * cred,
+ const char **text )
+{
+ lutil_SHA1_CTX SHA1context;
+ unsigned char SHA1digest[LUTIL_SHA1_BYTES];
+ int rc;
+ unsigned char *orig_pass = NULL;
+
+ /* safety check */
+ if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) < sizeof(SHA1digest)) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ /* base64 un-encode password */
+ orig_pass = (unsigned char *) ber_memalloc( (size_t) (
+ LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) );
+
+ if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
+
+ rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
+
+ if( rc != sizeof(SHA1digest) ) {
+ ber_memfree(orig_pass);
+ return LUTIL_PASSWD_ERR;
+ }
+
+ /* hash credentials with salt */
+ lutil_SHA1Init(&SHA1context);
+ lutil_SHA1Update(&SHA1context,
+ (const unsigned char *) cred->bv_val, cred->bv_len);
+ lutil_SHA1Final(SHA1digest, &SHA1context);
+
+ /* compare */
+ rc = memcmp((char *)orig_pass, (char *)SHA1digest, sizeof(SHA1digest));
+ ber_memfree(orig_pass);
+ return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+#endif
+
+static int chk_smd5(
+ const struct berval *sc,
+ const struct berval * passwd,
+ const struct berval * cred,
+ const char **text )
+{
+ lutil_MD5_CTX MD5context;
+ unsigned char MD5digest[LUTIL_MD5_BYTES];
+ int rc;
+ unsigned char *orig_pass = NULL;
+
+ /* safety check */
+ if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(MD5digest)) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ /* base64 un-encode password */
+ orig_pass = (unsigned char *) ber_memalloc( (size_t) (
+ LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) );
+
+ if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
+
+ rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
+
+ if (rc <= (int)(sizeof(MD5digest))) {
+ ber_memfree(orig_pass);
+ return LUTIL_PASSWD_ERR;
+ }
+
+ /* hash credentials with salt */
+ lutil_MD5Init(&MD5context);
+ lutil_MD5Update(&MD5context,
+ (const unsigned char *) cred->bv_val,
+ cred->bv_len );
+ lutil_MD5Update(&MD5context,
+ &orig_pass[sizeof(MD5digest)],
+ rc - sizeof(MD5digest));
+ lutil_MD5Final(MD5digest, &MD5context);
+
+ /* compare */
+ rc = memcmp((char *)orig_pass, (char *)MD5digest, sizeof(MD5digest));
+ ber_memfree(orig_pass);
+ return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
+static int chk_md5(
+ const struct berval *sc,
+ const struct berval * passwd,
+ const struct berval * cred,
+ const char **text )
+{
+ lutil_MD5_CTX MD5context;
+ unsigned char MD5digest[LUTIL_MD5_BYTES];
+ int rc;
+ unsigned char *orig_pass = NULL;
+
+ /* safety check */
+ if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) < sizeof(MD5digest)) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ /* base64 un-encode password */
+ orig_pass = (unsigned char *) ber_memalloc( (size_t) (
+ LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) );
+
+ if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
+
+ rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
+ if ( rc != sizeof(MD5digest) ) {
+ ber_memfree(orig_pass);
+ return LUTIL_PASSWD_ERR;
+ }
+
+ /* hash credentials with salt */
+ lutil_MD5Init(&MD5context);
+ lutil_MD5Update(&MD5context,
+ (const unsigned char *) cred->bv_val,
+ cred->bv_len );
+ lutil_MD5Final(MD5digest, &MD5context);
+
+ /* compare */
+ rc = memcmp((char *)orig_pass, (char *)MD5digest, sizeof(MD5digest));
+ ber_memfree(orig_pass);
+ return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
+#ifdef SLAPD_LMHASH
+/* pseudocode from RFC2433
+ * A.2 LmPasswordHash()
+ *
+ * LmPasswordHash(
+ * IN 0-to-14-oem-char Password,
+ * OUT 16-octet PasswordHash )
+ * {
+ * Set UcasePassword to the uppercased Password
+ * Zero pad UcasePassword to 14 characters
+ *
+ * DesHash( 1st 7-octets of UcasePassword,
+ * giving 1st 8-octets of PasswordHash )
+ *
+ * DesHash( 2nd 7-octets of UcasePassword,
+ * giving 2nd 8-octets of PasswordHash )
+ * }
+ *
+ *
+ * A.3 DesHash()
+ *
+ * DesHash(
+ * IN 7-octet Clear,
+ * OUT 8-octet Cypher )
+ * {
+ * *
+ * * Make Cypher an irreversibly encrypted form of Clear by
+ * * encrypting known text using Clear as the secret key.
+ * * The known text consists of the string
+ * *
+ * * KGS!@#$%
+ * *
+ *
+ * Set StdText to "KGS!@#$%"
+ * DesEncrypt( StdText, Clear, giving Cypher )
+ * }
+ *
+ *
+ * A.4 DesEncrypt()
+ *
+ * DesEncrypt(
+ * IN 8-octet Clear,
+ * IN 7-octet Key,
+ * OUT 8-octet Cypher )
+ * {
+ * *
+ * * Use the DES encryption algorithm [4] in ECB mode [9]
+ * * to encrypt Clear into Cypher such that Cypher can
+ * * only be decrypted back to Clear by providing Key.
+ * * Note that the DES algorithm takes as input a 64-bit
+ * * stream where the 8th, 16th, 24th, etc. bits are
+ * * parity bits ignored by the encrypting algorithm.
+ * * Unless you write your own DES to accept 56-bit input
+ * * without parity, you will need to insert the parity bits
+ * * yourself.
+ * *
+ * }
+ */
+
+static void lmPasswd_to_key(
+ const char *lmPasswd,
+ des_cblock *key)
+{
+ const unsigned char *lpw = (const unsigned char *) lmPasswd;
+ unsigned char *k = (unsigned char *) key;
+
+ /* make room for parity bits */
+ k[0] = lpw[0];
+ k[1] = ((lpw[0] & 0x01) << 7) | (lpw[1] >> 1);
+ k[2] = ((lpw[1] & 0x03) << 6) | (lpw[2] >> 2);
+ k[3] = ((lpw[2] & 0x07) << 5) | (lpw[3] >> 3);
+ k[4] = ((lpw[3] & 0x0F) << 4) | (lpw[4] >> 4);
+ k[5] = ((lpw[4] & 0x1F) << 3) | (lpw[5] >> 5);
+ k[6] = ((lpw[5] & 0x3F) << 2) | (lpw[6] >> 6);
+ k[7] = ((lpw[6] & 0x7F) << 1);
+
+ des_set_odd_parity( key );
+}
+
+static int chk_lanman(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ const struct berval *cred,
+ const char **text )
+{
+ int i;
+ char UcasePassword[15];
+ des_cblock key;
+ des_key_schedule schedule;
+ des_cblock StdText = "KGS!@#$%";
+ des_cblock PasswordHash1, PasswordHash2;
+ char PasswordHash[33], storedPasswordHash[33];
+
+ for( i=0; i<cred->bv_len; i++) {
+ if(cred->bv_val[i] == '\0') {
+ return LUTIL_PASSWD_ERR; /* NUL character in password */
+ }
+ }
+
+ if( cred->bv_val[i] != '\0' ) {
+ return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
+ }
+
+ strncpy( UcasePassword, cred->bv_val, 14 );
+ UcasePassword[14] = '\0';
+ ldap_pvt_str2upper( UcasePassword );
+
+ lmPasswd_to_key( UcasePassword, &key );
+ des_set_key_unchecked( &key, schedule );
+ des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );
+
+ lmPasswd_to_key( &UcasePassword[7], &key );
+ des_set_key_unchecked( &key, schedule );
+ des_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );
+
+ sprintf( PasswordHash, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+ PasswordHash1[0],PasswordHash1[1],PasswordHash1[2],PasswordHash1[3],
+ PasswordHash1[4],PasswordHash1[5],PasswordHash1[6],PasswordHash1[7],
+ PasswordHash2[0],PasswordHash2[1],PasswordHash2[2],PasswordHash2[3],
+ PasswordHash2[4],PasswordHash2[5],PasswordHash2[6],PasswordHash2[7] );
+
+ /* as a precaution convert stored password hash to lower case */
+ strncpy( storedPasswordHash, passwd->bv_val, 32 );
+ storedPasswordHash[32] = '\0';
+ ldap_pvt_str2lower( storedPasswordHash );
+
+ return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+#endif /* SLAPD_LMHASH */
+
+#ifdef SLAPD_CRYPT
+static int lutil_crypt(
+ const char *key,
+ const char *salt,
+ char **hash )
+{
+ char *cr = crypt( key, salt );
+ int rc;
+
+ if( cr == NULL || cr[0] == '\0' ) {
+ /* salt must have been invalid */
+ rc = LUTIL_PASSWD_ERR;
+ } else {
+ if ( hash ) {
+ *hash = ber_strdup( cr );
+ rc = LUTIL_PASSWD_OK;
+ } else {
+ rc = strcmp( salt, cr ) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+ }
+ }
+ return rc;
+}
+
+static int chk_crypt(
+ const struct berval *sc,
+ const struct berval * passwd,
+ const struct berval * cred,
+ const char **text )
+{
+ unsigned int i;
+
+ for( i=0; i<cred->bv_len; i++) {
+ if(cred->bv_val[i] == '\0') {
+ return LUTIL_PASSWD_ERR; /* NUL character in password */
+ }
+ }
+
+ if( cred->bv_val[i] != '\0' ) {
+ return LUTIL_PASSWD_ERR; /* cred must behave like a string */
+ }
+
+ if( passwd->bv_len < 2 ) {
+ return LUTIL_PASSWD_ERR; /* passwd must be at least two characters long */
+ }
+
+ for( i=0; i<passwd->bv_len; i++) {
+ if(passwd->bv_val[i] == '\0') {
+ return LUTIL_PASSWD_ERR; /* NUL character in password */
+ }
+ }
+
+ if( passwd->bv_val[i] != '\0' ) {
+ return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
+ }
+
+ return lutil_cryptptr( cred->bv_val, passwd->bv_val, NULL );
+}
+
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_STRUCT_PASSWD_PW_PASSWD )
+static int chk_unix(
+ const struct berval *sc,
+ const struct berval * passwd,
+ const struct berval * cred,
+ const char **text )
+{
+ unsigned int i;
+ char *pw;
+
+ for( i=0; i<cred->bv_len; i++) {
+ if(cred->bv_val[i] == '\0') {
+ return LUTIL_PASSWD_ERR; /* NUL character in password */
+ }
+ }
+ if( cred->bv_val[i] != '\0' ) {
+ return LUTIL_PASSWD_ERR; /* cred must behave like a string */
+ }
+
+ for( i=0; i<passwd->bv_len; i++) {
+ if(passwd->bv_val[i] == '\0') {
+ return LUTIL_PASSWD_ERR; /* NUL character in password */
+ }
+ }
+
+ if( passwd->bv_val[i] != '\0' ) {
+ return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
+ }
+
+ {
+ struct passwd *pwd = getpwnam(passwd->bv_val);
+
+ if(pwd == NULL) {
+ return LUTIL_PASSWD_ERR; /* not found */
+ }
+
+ pw = pwd->pw_passwd;
+ }
+# ifdef HAVE_GETSPNAM
+ {
+ struct spwd *spwd = getspnam(passwd->bv_val);
+
+ if(spwd != NULL) {
+ pw = spwd->sp_pwdp;
+ }
+ }
+# endif
+# ifdef HAVE_AIX_SECURITY
+ {
+ struct userpw *upw = getuserpw(passwd->bv_val);
+
+ if (upw != NULL) {
+ pw = upw->upw_passwd;
+ }
+ }
+# endif
+
+ if( pw == NULL || pw[0] == '\0' || pw[1] == '\0' ) {
+ /* password must must be at least two characters long */
+ return LUTIL_PASSWD_ERR;
+ }
+
+ return lutil_cryptptr( cred->bv_val, pw, NULL );
+}
+# endif
+#endif
+
+/* PASSWORD GENERATION ROUTINES */
+
+#ifdef LUTIL_SHA1_BYTES
+static int hash_ssha1(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text )
+{
+ lutil_SHA1_CTX SHA1context;
+ unsigned char SHA1digest[LUTIL_SHA1_BYTES];
+ char saltdata[SALT_SIZE];
+ struct berval digest;
+ struct berval salt;
+
+ digest.bv_val = (char *) SHA1digest;
+ digest.bv_len = sizeof(SHA1digest);
+ salt.bv_val = saltdata;
+ salt.bv_len = sizeof(saltdata);
+
+ if( lutil_entropy( (unsigned char *) salt.bv_val, salt.bv_len) < 0 ) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ lutil_SHA1Init( &SHA1context );
+ lutil_SHA1Update( &SHA1context,
+ (const unsigned char *)passwd->bv_val, passwd->bv_len );
+ lutil_SHA1Update( &SHA1context,
+ (const unsigned char *)salt.bv_val, salt.bv_len );
+ lutil_SHA1Final( SHA1digest, &SHA1context );
+
+ return pw_string64( scheme, &digest, hash, &salt);
+}
+
+static int hash_sha1(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text )
+{
+ lutil_SHA1_CTX SHA1context;
+ unsigned char SHA1digest[LUTIL_SHA1_BYTES];
+ struct berval digest;
+ digest.bv_val = (char *) SHA1digest;
+ digest.bv_len = sizeof(SHA1digest);
+
+ lutil_SHA1Init( &SHA1context );
+ lutil_SHA1Update( &SHA1context,
+ (const unsigned char *)passwd->bv_val, passwd->bv_len );
+ lutil_SHA1Final( SHA1digest, &SHA1context );
+
+ return pw_string64( scheme, &digest, hash, NULL);
+}
+#endif
+
+static int hash_smd5(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text )
+{
+ lutil_MD5_CTX MD5context;
+ unsigned char MD5digest[LUTIL_MD5_BYTES];
+ char saltdata[SALT_SIZE];
+ struct berval digest;
+ struct berval salt;
+
+ digest.bv_val = (char *) MD5digest;
+ digest.bv_len = sizeof(MD5digest);
+ salt.bv_val = saltdata;
+ salt.bv_len = sizeof(saltdata);
+
+ if( lutil_entropy( (unsigned char *) salt.bv_val, salt.bv_len) < 0 ) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ lutil_MD5Init( &MD5context );
+ lutil_MD5Update( &MD5context,
+ (const unsigned char *) passwd->bv_val, passwd->bv_len );
+ lutil_MD5Update( &MD5context,
+ (const unsigned char *) salt.bv_val, salt.bv_len );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ return pw_string64( scheme, &digest, hash, &salt );
+}
+
+static int hash_md5(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text )
+{
+ lutil_MD5_CTX MD5context;
+ unsigned char MD5digest[LUTIL_MD5_BYTES];
+
+ struct berval digest;
+
+ digest.bv_val = (char *) MD5digest;
+ digest.bv_len = sizeof(MD5digest);
+
+ lutil_MD5Init( &MD5context );
+ lutil_MD5Update( &MD5context,
+ (const unsigned char *) passwd->bv_val, passwd->bv_len );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ return pw_string64( scheme, &digest, hash, NULL );
+;
+}
+
+#ifdef SLAPD_LMHASH
+static int hash_lanman(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text )
+{
+
+ int i;
+ char UcasePassword[15];
+ des_cblock key;
+ des_key_schedule schedule;
+ des_cblock StdText = "KGS!@#$%";
+ des_cblock PasswordHash1, PasswordHash2;
+ char PasswordHash[33];
+
+ for( i=0; i<passwd->bv_len; i++) {
+ if(passwd->bv_val[i] == '\0') {
+ return LUTIL_PASSWD_ERR; /* NUL character in password */
+ }
+ }
+
+ if( passwd->bv_val[i] != '\0' ) {
+ return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
+ }
+
+ strncpy( UcasePassword, passwd->bv_val, 14 );
+ UcasePassword[14] = '\0';
+ ldap_pvt_str2upper( UcasePassword );
+
+ lmPasswd_to_key( UcasePassword, &key );
+ des_set_key_unchecked( &key, schedule );
+ des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );
+
+ lmPasswd_to_key( &UcasePassword[7], &key );
+ des_set_key_unchecked( &key, schedule );
+ des_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );
+
+ sprintf( PasswordHash, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+ PasswordHash1[0],PasswordHash1[1],PasswordHash1[2],PasswordHash1[3],
+ PasswordHash1[4],PasswordHash1[5],PasswordHash1[6],PasswordHash1[7],
+ PasswordHash2[0],PasswordHash2[1],PasswordHash2[2],PasswordHash2[3],
+ PasswordHash2[4],PasswordHash2[5],PasswordHash2[6],PasswordHash2[7] );
+
+ hash->bv_val = PasswordHash;
+ hash->bv_len = 32;
+
+ return pw_string( scheme, hash );
+}
+#endif /* SLAPD_LMHASH */
+
+#ifdef SLAPD_CRYPT
+static int hash_crypt(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text )
+{
+ unsigned char salt[32]; /* salt suitable for most anything */
+ unsigned int i;
+ char *save;
+ int rc;
+
+ for( i=0; i<passwd->bv_len; i++) {
+ if(passwd->bv_val[i] == '\0') {
+ return LUTIL_PASSWD_ERR; /* NUL character in password */
+ }
+ }
+
+ if( passwd->bv_val[i] != '\0' ) {
+ return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
+ }
+
+ if( lutil_entropy( salt, sizeof( salt ) ) < 0 ) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ for( i=0; i< ( sizeof(salt) - 1 ); i++ ) {
+ salt[i] = crypt64[ salt[i] % (sizeof(crypt64)-1) ];
+ }
+ salt[sizeof( salt ) - 1 ] = '\0';
+
+ if( salt_format != NULL ) {
+ /* copy the salt we made into entropy before snprintfing
+ it back into the salt */
+ char entropy[sizeof(salt)];
+ strcpy( entropy, (char *) salt );
+ snprintf( (char *) salt, sizeof(entropy), salt_format, entropy );
+ }
+
+ rc = lutil_cryptptr( passwd->bv_val, (char *) salt, &hash->bv_val );
+ if ( rc != LUTIL_PASSWD_OK ) return rc;
+
+ if( hash->bv_val == NULL ) return -1;
+
+ hash->bv_len = strlen( hash->bv_val );
+
+ save = hash->bv_val;
+
+ if( hash->bv_len == 0 ) {
+ rc = LUTIL_PASSWD_ERR;
+ } else {
+ rc = pw_string( scheme, hash );
+ }
+ ber_memfree( save );
+ return rc;
+}
+#endif
+
+int lutil_salt_format(const char *format)
+{
+#ifdef SLAPD_CRYPT
+ free( salt_format );
+
+ salt_format = format != NULL ? ber_strdup( format ) : NULL;
+#endif
+
+ return 0;
+}
+
+#ifdef SLAPD_CLEARTEXT
+static int hash_clear(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text )
+{
+ ber_dupbv( hash, (struct berval *)passwd );
+ return LUTIL_PASSWD_OK;
+}
+#endif
+
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/ptest.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/ptest.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/ptest.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,112 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/ptest.c,v 1.10.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/signal.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include <lber.h>
+
+#include "lutil.h"
+
+/*
+ * Password Test Program
+ */
+
+static char *hash[] = {
+#ifdef SLAP_AUTHPASSWD
+ "SHA1", "MD5",
+#else
+#ifdef SLAPD_CRYPT
+ "{CRYPT}",
+#endif
+ "{SSHA}", "{SMD5}",
+ "{SHA}", "{MD5}",
+ "{BOGUS}",
+#endif
+ NULL
+};
+
+static struct berval pw[] = {
+ { sizeof("secret")-1, "secret" },
+ { sizeof("binary\0secret")-1, "binary\0secret" },
+ { 0, NULL }
+};
+
+int
+main( int argc, char *argv[] )
+{
+ int i, j, rc;
+ struct berval *passwd;
+#ifdef SLAP_AUTHPASSWD
+ struct berval *salt;
+#endif
+ struct berval bad;
+ bad.bv_val = "bad password";
+ bad.bv_len = sizeof("bad password")-1;
+
+ for( i= 0; hash[i]; i++ ) {
+ for( j = 0; pw[j].bv_len; j++ ) {
+#ifdef SLAP_AUTHPASSWD
+ rc = lutil_authpasswd_hash( &pw[j],
+ &passwd, &salt, hash[i] );
+
+ if( rc )
+#else
+ passwd = lutil_passwd_hash( &pw[j], hash[i] );
+
+ if( passwd == NULL )
+#endif
+ {
+ printf("%s generate fail: %s (%d)\n",
+ hash[i], pw[j].bv_val, pw[j].bv_len );
+ continue;
+ }
+
+
+#ifdef SLAP_AUTHPASSWD
+ rc = lutil_authpasswd( &pw[j], passwd, salt, NULL );
+#else
+ rc = lutil_passwd( passwd, &pw[j], NULL );
+#endif
+
+ printf("%s (%d): %s (%d)\t(%d) %s\n",
+ pw[j].bv_val, pw[j].bv_len, passwd->bv_val, passwd->bv_len,
+ rc, rc == 0 ? "OKAY" : "BAD" );
+
+#ifdef SLAP_AUTHPASSWD
+ rc = lutil_authpasswd( passwd, salt, &bad, NULL );
+#else
+ rc = lutil_passwd( passwd, &bad, NULL );
+#endif
+
+ printf("%s (%d): %s (%d)\t(%d) %s\n",
+ bad.bv_val, bad.bv_len, passwd->bv_val, passwd->bv_len,
+ rc, rc != 0 ? "OKAY" : "BAD" );
+ }
+
+ printf("\n");
+ }
+
+ return EXIT_SUCCESS;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/sasl.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/sasl.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/sasl.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,232 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/sasl.c,v 1.20.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#ifdef HAVE_CYRUS_SASL
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#ifdef HAVE_SASL_SASL_H
+#include <sasl/sasl.h>
+#else
+#include <sasl.h>
+#endif
+
+#include <ldap.h>
+#include "ldap_pvt.h"
+#include "lutil_ldap.h"
+
+
+typedef struct lutil_sasl_defaults_s {
+ char *mech;
+ char *realm;
+ char *authcid;
+ char *passwd;
+ char *authzid;
+ char **resps;
+ int nresps;
+} lutilSASLdefaults;
+
+
+void
+lutil_sasl_freedefs(
+ void *defaults )
+{
+ lutilSASLdefaults *defs = defaults;
+
+ if (defs->mech) ber_memfree(defs->mech);
+ if (defs->realm) ber_memfree(defs->realm);
+ if (defs->authcid) ber_memfree(defs->authcid);
+ if (defs->passwd) ber_memfree(defs->passwd);
+ if (defs->authzid) ber_memfree(defs->authzid);
+ if (defs->resps) ldap_charray_free(defs->resps);
+
+ ber_memfree(defs);
+}
+
+void *
+lutil_sasl_defaults(
+ LDAP *ld,
+ char *mech,
+ char *realm,
+ char *authcid,
+ char *passwd,
+ char *authzid )
+{
+ lutilSASLdefaults *defaults;
+
+ defaults = ber_memalloc( sizeof( lutilSASLdefaults ) );
+
+ if( defaults == NULL ) return NULL;
+
+ defaults->mech = mech ? ber_strdup(mech) : NULL;
+ defaults->realm = realm ? ber_strdup(realm) : NULL;
+ defaults->authcid = authcid ? ber_strdup(authcid) : NULL;
+ defaults->passwd = passwd ? ber_strdup(passwd) : NULL;
+ defaults->authzid = authzid ? ber_strdup(authzid) : NULL;
+
+ if( defaults->mech == NULL ) {
+ ldap_get_option( ld, LDAP_OPT_X_SASL_MECH, &defaults->mech );
+ }
+ if( defaults->realm == NULL ) {
+ ldap_get_option( ld, LDAP_OPT_X_SASL_REALM, &defaults->realm );
+ }
+ if( defaults->authcid == NULL ) {
+ ldap_get_option( ld, LDAP_OPT_X_SASL_AUTHCID, &defaults->authcid );
+ }
+ if( defaults->authzid == NULL ) {
+ ldap_get_option( ld, LDAP_OPT_X_SASL_AUTHZID, &defaults->authzid );
+ }
+ defaults->resps = NULL;
+ defaults->nresps = 0;
+
+ return defaults;
+}
+
+static int interaction(
+ unsigned flags,
+ sasl_interact_t *interact,
+ lutilSASLdefaults *defaults )
+{
+ const char *dflt = interact->defresult;
+ char input[1024];
+
+ int noecho=0;
+ int challenge=0;
+
+ switch( interact->id ) {
+ case SASL_CB_GETREALM:
+ if( defaults ) dflt = defaults->realm;
+ break;
+ case SASL_CB_AUTHNAME:
+ if( defaults ) dflt = defaults->authcid;
+ break;
+ case SASL_CB_PASS:
+ if( defaults ) dflt = defaults->passwd;
+ noecho = 1;
+ break;
+ case SASL_CB_USER:
+ if( defaults ) dflt = defaults->authzid;
+ break;
+ case SASL_CB_NOECHOPROMPT:
+ noecho = 1;
+ challenge = 1;
+ break;
+ case SASL_CB_ECHOPROMPT:
+ challenge = 1;
+ break;
+ }
+
+ if( dflt && !*dflt ) dflt = NULL;
+
+ if( flags != LDAP_SASL_INTERACTIVE &&
+ ( dflt || interact->id == SASL_CB_USER ) )
+ {
+ goto use_default;
+ }
+
+ if( flags == LDAP_SASL_QUIET ) {
+ /* don't prompt */
+ return LDAP_OTHER;
+ }
+
+ if( challenge ) {
+ if( interact->challenge ) {
+ fprintf( stderr, _("Challenge: %s\n"), interact->challenge );
+ }
+ }
+
+ if( dflt ) {
+ fprintf( stderr, _("Default: %s\n"), dflt );
+ }
+
+ snprintf( input, sizeof input, "%s: ",
+ interact->prompt ? interact->prompt : _("Interact") );
+
+ if( noecho ) {
+ interact->result = (char *) getpassphrase( input );
+ interact->len = interact->result
+ ? strlen( interact->result ) : 0;
+
+ } else {
+ /* prompt user */
+ fputs( input, stderr );
+
+ /* get input */
+ interact->result = fgets( input, sizeof(input), stdin );
+
+ if( interact->result == NULL ) {
+ interact->len = 0;
+ return LDAP_UNAVAILABLE;
+ }
+
+ /* len of input */
+ interact->len = strlen(input);
+
+ if( interact->len > 0 && input[interact->len - 1] == '\n' ) {
+ /* input includes '\n', trim it */
+ interact->len--;
+ input[interact->len] = '\0';
+ }
+ }
+
+
+ if( interact->len > 0 ) {
+ /* duplicate */
+ char *p = (char *)interact->result;
+ ldap_charray_add(&defaults->resps, interact->result);
+ interact->result = defaults->resps[defaults->nresps++];
+
+ /* zap */
+ memset( p, '\0', interact->len );
+
+ } else {
+use_default:
+ /* input must be empty */
+ interact->result = (dflt && *dflt) ? dflt : "";
+ interact->len = strlen( interact->result );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int lutil_sasl_interact(
+ LDAP *ld,
+ unsigned flags,
+ void *defaults,
+ void *in )
+{
+ sasl_interact_t *interact = in;
+
+ if( ld == NULL ) return LDAP_PARAM_ERROR;
+
+ if( flags == LDAP_SASL_INTERACTIVE ) {
+ fputs( _("SASL Interaction\n"), stderr );
+ }
+
+ while( interact->id != SASL_CB_LIST_END ) {
+ int rc = interaction( flags, interact, defaults );
+
+ if( rc ) return rc;
+ interact++;
+ }
+
+ return LDAP_SUCCESS;
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/setproctitle.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/setproctitle.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/setproctitle.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,78 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/setproctitle.c,v 1.13.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990,1991 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#ifndef HAVE_SETPROCTITLE
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/setproctitle.h>
+#include <ac/string.h>
+#include <ac/stdarg.h>
+
+char **Argv; /* pointer to original (main's) argv */
+int Argc; /* original argc */
+
+/*
+ * takes a printf-style format string (fmt) and up to three parameters (a,b,c)
+ * this clobbers the original argv...
+ */
+
+/* VARARGS */
+void setproctitle( const char *fmt, ... )
+{
+ static char *endargv = (char *)0;
+ char *s;
+ int i;
+ char buf[ 1024 ];
+ va_list ap;
+
+ va_start(ap, fmt);
+
+ buf[sizeof(buf) - 1] = '\0';
+ vsnprintf( buf, sizeof(buf)-1, fmt, ap );
+
+ va_end(ap);
+
+ if ( endargv == (char *)0 ) {
+ /* set pointer to end of original argv */
+ endargv = Argv[ Argc-1 ] + strlen( Argv[ Argc-1 ] );
+ }
+ /* make ps print "([prog name])" */
+ s = Argv[0];
+ *s++ = '-';
+ i = strlen( buf );
+ if ( i > endargv - s - 2 ) {
+ i = endargv - s - 2;
+ buf[ i ] = '\0';
+ }
+ strcpy( s, buf );
+ s += i;
+ while ( s < endargv ) *s++ = ' ';
+}
+#endif /* NOSETPROCTITLE */
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/sha1.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/sha1.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/sha1.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,288 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/sha1.c,v 1.24.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This work was derived from code developed by Steve Reid and
+ * adapted for use in OpenLDAP by Kurt D. Zeilenga.
+ */
+
+
+/* Acquired from:
+ * $OpenBSD: sha1.c,v 1.9 1997/07/23 21:12:32 kstailey Exp $ */
+/*
+ * SHA-1 in C
+ * By Steve Reid <steve at edmweb.com>
+ * 100% Public Domain
+ *
+ * Test Vectors (from FIPS PUB 180-1)
+ * "abc"
+ * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
+ * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
+ * A million repetitions of "a"
+ * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
+ */
+/*
+ * This code assumes uint32 is 32 bits and char is 8 bits
+ */
+
+#include "portable.h"
+#include <ac/param.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/bytes.h>
+
+#include "lutil_sha1.h"
+
+#ifdef LUTIL_SHA1_BYTES
+
+/* undefining this will cause pointer alignment errors */
+#define SHA1HANDSOFF /* Copies data before messing with it. */
+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+
+/*
+ * blk0() and blk() perform the initial expand.
+ * I got the idea of expanding during the round function from SSLeay
+ */
+#if BYTE_ORDER == LITTLE_ENDIAN
+# define blk0(i) (block[i] = (rol(block[i],24)&0xFF00FF00) \
+ |(rol(block[i],8)&0x00FF00FF))
+#else
+# define blk0(i) block[i]
+#endif
+#define blk(i) (block[i&15] = rol(block[(i+13)&15]^block[(i+8)&15] \
+ ^block[(i+2)&15]^block[i&15],1))
+
+/*
+ * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1
+ */
+#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
+#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
+#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
+
+
+/*
+ * Hash a single 512-bit block. This is the core of the algorithm.
+ */
+void
+lutil_SHA1Transform( uint32 *state, const unsigned char *buffer )
+{
+ uint32 a, b, c, d, e;
+
+#ifdef SHA1HANDSOFF
+ uint32 block[16];
+ (void)AC_MEMCPY(block, buffer, 64);
+#else
+ uint32 *block = (u_int32 *) buffer;
+#endif
+
+ /* Copy context->state[] to working vars */
+ a = state[0];
+ b = state[1];
+ c = state[2];
+ d = state[3];
+ e = state[4];
+
+ /* 4 rounds of 20 operations each. Loop unrolled. */
+ R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
+ R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
+ R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
+ R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
+ R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
+ R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
+ R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
+ R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
+ R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
+ R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
+ R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
+ R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
+ R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
+ R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
+ R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
+ R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
+ R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
+ R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
+ R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
+ R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
+
+ /* Add the working vars back into context.state[] */
+ state[0] += a;
+ state[1] += b;
+ state[2] += c;
+ state[3] += d;
+ state[4] += e;
+
+ /* Wipe variables */
+ a = b = c = d = e = 0;
+}
+
+
+/*
+ * lutil_SHA1Init - Initialize new context
+ */
+void
+lutil_SHA1Init( lutil_SHA1_CTX *context )
+{
+
+ /* SHA1 initialization constants */
+ context->state[0] = 0x67452301;
+ context->state[1] = 0xEFCDAB89;
+ context->state[2] = 0x98BADCFE;
+ context->state[3] = 0x10325476;
+ context->state[4] = 0xC3D2E1F0;
+ context->count[0] = context->count[1] = 0;
+}
+
+
+/*
+ * Run your data through this.
+ */
+void
+lutil_SHA1Update(
+ lutil_SHA1_CTX *context,
+ const unsigned char *data,
+ uint32 len
+)
+{
+ u_int i, j;
+
+ j = context->count[0];
+ if ((context->count[0] += len << 3) < j)
+ context->count[1] += (len>>29)+1;
+ j = (j >> 3) & 63;
+ if ((j + len) > 63) {
+ (void)AC_MEMCPY(&context->buffer[j], data, (i = 64-j));
+ lutil_SHA1Transform(context->state, context->buffer);
+ for ( ; i + 63 < len; i += 64)
+ lutil_SHA1Transform(context->state, &data[i]);
+ j = 0;
+ } else {
+ i = 0;
+ }
+ (void)AC_MEMCPY(&context->buffer[j], &data[i], len - i);
+}
+
+
+/*
+ * Add padding and return the message digest.
+ */
+void
+lutil_SHA1Final( unsigned char *digest, lutil_SHA1_CTX *context )
+{
+ u_int i;
+ unsigned char finalcount[8];
+
+ for (i = 0; i < 8; i++) {
+ finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
+ >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
+ }
+ lutil_SHA1Update(context, (unsigned char *)"\200", 1);
+ while ((context->count[0] & 504) != 448)
+ lutil_SHA1Update(context, (unsigned char *)"\0", 1);
+ lutil_SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
+
+ if (digest) {
+ for (i = 0; i < 20; i++)
+ digest[i] = (unsigned char)
+ ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
+ }
+}
+
+
+/* sha1hl.c
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk at login.dkuug.dk> wrote this file. As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: sha1hl.c,v 1.1 1997/07/12 20:06:03 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <ac/errno.h>
+#include <ac/unistd.h>
+
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+
+/* ARGSUSED */
+char *
+lutil_SHA1End( lutil_SHA1_CTX *ctx, char *buf )
+{
+ int i;
+ char *p = buf;
+ unsigned char digest[20];
+ static const char hex[]="0123456789abcdef";
+
+ if (p == NULL && (p = malloc(41)) == NULL)
+ return 0;
+
+ lutil_SHA1Final(digest,ctx);
+ for (i = 0; i < 20; i++) {
+ p[i + i] = hex[digest[i] >> 4];
+ p[i + i + 1] = hex[digest[i] & 0x0f];
+ }
+ p[i + i] = '\0';
+ return(p);
+}
+
+char *
+lutil_SHA1File( char *filename, char *buf )
+{
+ unsigned char buffer[BUFSIZ];
+ lutil_SHA1_CTX ctx;
+ int fd, num, oerrno;
+
+ lutil_SHA1Init(&ctx);
+
+ if ((fd = open(filename,O_RDONLY)) < 0)
+ return(0);
+
+ while ((num = read(fd, buffer, sizeof(buffer))) > 0)
+ lutil_SHA1Update(&ctx, buffer, num);
+
+ oerrno = errno;
+ close(fd);
+ errno = oerrno;
+ return(num < 0 ? 0 : lutil_SHA1End(&ctx, buf));
+}
+
+char *
+lutil_SHA1Data( const unsigned char *data, size_t len, char *buf )
+{
+ lutil_SHA1_CTX ctx;
+
+ lutil_SHA1Init(&ctx);
+ lutil_SHA1Update(&ctx, data, len);
+ return(lutil_SHA1End(&ctx, buf));
+}
+
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/signal.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/signal.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/signal.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,41 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/signal.c,v 1.8.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#ifdef HAVE_SIGACTION
+#include <ac/string.h>
+#include <ac/signal.h>
+
+lutil_sig_t
+lutil_sigaction(int sig, lutil_sig_t func)
+{
+ struct sigaction action, oaction;
+
+ memset( &action, '\0', sizeof(action) );
+
+ action.sa_handler = func;
+ sigemptyset( &action.sa_mask );
+#ifdef SA_RESTART
+ action.sa_flags |= SA_RESTART;
+#endif
+
+ if( sigaction( sig, &action, &oaction ) != 0 ) {
+ return NULL;
+ }
+
+ return oaction.sa_handler;
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/slapdmsg.bin
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-2.3.35/libraries/liblutil/slapdmsg.bin
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/slapdmsg.h
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/slapdmsg.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/slapdmsg.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,65 @@
+//
+// This file contains message strings for the OpenLDAP slapd service.
+//
+// This file should be compiled as follows
+// mc -v slapdmsg.mc -r $(IntDir)
+// rc /v /r $(IntDir)\slapdmsg.rc
+// The mc (message compiler) command generates the .rc and .h files from this file. The
+// rc (resource compiler) takes the .rc file and produces a .res file that can be linked
+// with the final executable application. The application is then registered as a message
+// source with by creating the appropriate entries in the system registry.
+//
+//
+// Values are 32 bit values layed out as follows:
+//
+// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
+// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
+// +---+-+-+-----------------------+-------------------------------+
+// |Sev|C|R| Facility | Code |
+// +---+-+-+-----------------------+-------------------------------+
+//
+// where
+//
+// Sev - is the severity code
+//
+// 00 - Success
+// 01 - Informational
+// 10 - Warning
+// 11 - Error
+//
+// C - is the Customer code flag
+//
+// R - is a reserved bit
+//
+// Facility - is the facility code
+//
+// Code - is the facility's status code
+//
+//
+// Define the facility codes
+//
+
+
+//
+// Define the severity codes
+//
+
+
+//
+// MessageId: MSG_SVC_STARTED
+//
+// MessageText:
+//
+// OpenLDAP service started. debuglevel=%1, conffile=%2, urls=%3
+//
+#define MSG_SVC_STARTED 0x40000500L
+
+//
+// MessageId: MSG_SVC_STOPPED
+//
+// MessageText:
+//
+// OpenLDAP service stopped.
+//
+#define MSG_SVC_STOPPED 0x40000501L
+
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/slapdmsg.mc
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/slapdmsg.mc (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/slapdmsg.mc 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,28 @@
+;//
+;// This file contains message strings for the OpenLDAP slapd service.
+;//
+;// This file should be compiled as follows
+;// mc -v slapdmsg.mc -r $(IntDir)
+;// rc /v /r $(IntDir)\slapdmsg.rc
+;// The mc (message compiler) command generates the .rc and .h files from this file. The
+;// rc (resource compiler) takes the .rc file and produces a .res file that can be linked
+;// with the final executable application. The application is then registered as a message
+;// source with by creating the appropriate entries in the system registry.
+;//
+
+MessageID=0x500
+Severity=Informational
+SymbolicName=MSG_SVC_STARTED
+Facility=Application
+Language=English
+OpenLDAP service started. debuglevel=%1, conffile=%2, urls=%3
+.
+
+
+MessageID=0x501
+Severity=Informational
+SymbolicName=MSG_SVC_STOPPED
+Facility=Application
+Language=English
+OpenLDAP service stopped.
+.
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/slapdmsg.rc
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/slapdmsg.rc (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/slapdmsg.rc 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2 @@
+LANGUAGE 0x9,0x1
+1 11 slapdmsg.bin
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/sockpair.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/sockpair.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/sockpair.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,77 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/sockpair.c,v 1.15.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+#include <ac/socket.h>
+#include <ac/unistd.h>
+
+#include <lutil.h>
+
+/* Return a pair of socket descriptors that are connected to each other.
+ * The returned descriptors are suitable for use with select(). The two
+ * descriptors may or may not be identical; the function may return
+ * the same descriptor number in both slots. It is guaranteed that
+ * data written on sds[1] will be readable on sds[0]. The returned
+ * descriptors may be datagram oriented, so data should be written
+ * in reasonably small pieces and read all at once. On Unix systems
+ * this function is best implemented using a single pipe() call.
+ */
+
+int lutil_pair( ber_socket_t sds[2] )
+{
+#ifdef USE_PIPE
+ return pipe( sds );
+#else
+ struct sockaddr_in si;
+ int rc, len = sizeof(si);
+ ber_socket_t sd;
+
+ sd = socket( AF_INET, SOCK_DGRAM, 0 );
+ if ( sd == AC_SOCKET_INVALID ) {
+ return sd;
+ }
+
+ (void) memset( (void*) &si, '\0', len );
+ si.sin_family = AF_INET;
+ si.sin_port = 0;
+ si.sin_addr.s_addr = htonl( INADDR_LOOPBACK );
+
+ rc = bind( sd, (struct sockaddr *)&si, len );
+ if ( rc == AC_SOCKET_ERROR ) {
+ tcp_close(sd);
+ return rc;
+ }
+
+ rc = getsockname( sd, (struct sockaddr *)&si, &len );
+ if ( rc == AC_SOCKET_ERROR ) {
+ tcp_close(sd);
+ return rc;
+ }
+
+ rc = connect( sd, (struct sockaddr *)&si, len );
+ if ( rc == AC_SOCKET_ERROR ) {
+ tcp_close(sd);
+ return rc;
+ }
+
+ sds[0] = sd;
+#if !HAVE_WINSOCK
+ sds[1] = dup( sds[0] );
+#else
+ sds[1] = sds[0];
+#endif
+ return 0;
+#endif
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/tavl.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/tavl.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/tavl.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,497 @@
+/* avl.c - routines to implement an avl tree */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/tavl.c,v 1.10.2.4 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005-2007 The OpenLDAP Foundation.
+ * Portions Copyright (c) 2005 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#ifdef CSRIMALLOC
+#define ber_memalloc malloc
+#define ber_memrealloc realloc
+#define ber_memfree free
+#else
+#include "lber.h"
+#endif
+
+#define AVL_INTERNAL
+#include "avl.h"
+
+static const int avl_bfs[] = {LH, RH};
+
+/*
+ * Threaded AVL trees - for fast in-order traversal of nodes.
+ */
+/*
+ * tavl_insert -- insert a node containing data data into the avl tree
+ * with root root. fcmp is a function to call to compare the data portion
+ * of two nodes. it should take two arguments and return <, >, or == 0,
+ * depending on whether its first argument is <, >, or == its second
+ * argument (like strcmp, e.g.). fdup is a function to call when a duplicate
+ * node is inserted. it should return 0, or -1 and its return value
+ * will be the return value from avl_insert in the case of a duplicate node.
+ * the function will be called with the original node's data as its first
+ * argument and with the incoming duplicate node's data as its second
+ * argument. this could be used, for example, to keep a count with each
+ * node.
+ *
+ * NOTE: this routine may malloc memory
+ */
+int
+tavl_insert( Avlnode ** root, void *data, AVL_CMP fcmp, AVL_DUP fdup )
+{
+ Avlnode *t, *p, *s, *q, *r;
+ int a, cmp, ncmp;
+
+ if ( *root == NULL ) {
+ if (( r = (Avlnode *) ber_memalloc( sizeof( Avlnode ))) == NULL ) {
+ return( -1 );
+ }
+ r->avl_link[0] = r->avl_link[1] = NULL;
+ r->avl_data = data;
+ r->avl_bf = EH;
+ r->avl_bits[0] = r->avl_bits[1] = AVL_THREAD;
+ *root = r;
+
+ return( 0 );
+ }
+
+ t = NULL;
+ s = p = *root;
+
+ /* find insertion point */
+ while (1) {
+ cmp = fcmp( data, p->avl_data );
+ if ( cmp == 0 )
+ return (*fdup)( p->avl_data, data );
+
+ cmp = (cmp > 0);
+ q = avl_child( p, cmp );
+ if (q == NULL) {
+ /* insert */
+ if (( q = (Avlnode *) ber_memalloc( sizeof( Avlnode ))) == NULL ) {
+ return( -1 );
+ }
+ q->avl_link[cmp] = p->avl_link[cmp];
+ q->avl_link[!cmp] = p;
+ q->avl_data = data;
+ q->avl_bf = EH;
+ q->avl_bits[0] = q->avl_bits[1] = AVL_THREAD;
+
+ p->avl_link[cmp] = q;
+ p->avl_bits[cmp] = AVL_CHILD;
+ break;
+ } else if ( q->avl_bf ) {
+ t = p;
+ s = q;
+ }
+ p = q;
+ }
+
+ /* adjust balance factors */
+ cmp = fcmp( data, s->avl_data ) > 0;
+ r = p = s->avl_link[cmp];
+ a = avl_bfs[cmp];
+
+ while ( p != q ) {
+ cmp = fcmp( data, p->avl_data ) > 0;
+ p->avl_bf = avl_bfs[cmp];
+ p = p->avl_link[cmp];
+ }
+
+ /* checks and balances */
+
+ if ( s->avl_bf == EH ) {
+ s->avl_bf = a;
+ return 0;
+ } else if ( s->avl_bf == -a ) {
+ s->avl_bf = EH;
+ return 0;
+ } else if ( s->avl_bf == a ) {
+ cmp = (a > 0);
+ ncmp = !cmp;
+ if ( r->avl_bf == a ) {
+ /* single rotation */
+ p = r;
+ if ( r->avl_bits[ncmp] == AVL_THREAD ) {
+ r->avl_bits[ncmp] = AVL_CHILD;
+ s->avl_bits[cmp] = AVL_THREAD;
+ } else {
+ s->avl_link[cmp] = r->avl_link[ncmp];
+ r->avl_link[ncmp] = s;
+ }
+ s->avl_bf = 0;
+ r->avl_bf = 0;
+ } else if ( r->avl_bf == -a ) {
+ /* double rotation */
+ p = r->avl_link[ncmp];
+ if ( p->avl_bits[cmp] == AVL_THREAD ) {
+ p->avl_bits[cmp] = AVL_CHILD;
+ r->avl_bits[ncmp] = AVL_THREAD;
+ } else {
+ r->avl_link[ncmp] = p->avl_link[cmp];
+ p->avl_link[cmp] = r;
+ }
+ if ( p->avl_bits[ncmp] == AVL_THREAD ) {
+ p->avl_bits[ncmp] = AVL_CHILD;
+ s->avl_link[cmp] = p;
+ s->avl_bits[cmp] = AVL_THREAD;
+ } else {
+ s->avl_link[cmp] = p->avl_link[ncmp];
+ p->avl_link[ncmp] = s;
+ }
+ if ( p->avl_bf == a ) {
+ s->avl_bf = -a;
+ r->avl_bf = 0;
+ } else if ( p->avl_bf == -a ) {
+ s->avl_bf = 0;
+ r->avl_bf = a;
+ } else {
+ s->avl_bf = 0;
+ r->avl_bf = 0;
+ }
+ p->avl_bf = 0;
+ }
+ /* Update parent */
+ if ( t == NULL )
+ *root = p;
+ else if ( s == t->avl_right )
+ t->avl_right = p;
+ else
+ t->avl_left = p;
+ }
+
+ return 0;
+}
+
+void*
+tavl_delete( Avlnode **root, void* data, AVL_CMP fcmp )
+{
+ Avlnode *p, *q, *r, *top;
+ int side, side_bf, shorter, nside = -1;
+
+ /* parent stack */
+ Avlnode *pptr[sizeof(void *)*8];
+ unsigned char pdir[sizeof(void *)*8];
+ int depth = 0;
+
+ if ( *root == NULL )
+ return NULL;
+
+ p = *root;
+
+ while (1) {
+ side = fcmp( data, p->avl_data );
+ if ( !side )
+ break;
+ side = ( side > 0 );
+ pdir[depth] = side;
+ pptr[depth++] = p;
+
+ if ( p->avl_bits[side] == AVL_THREAD )
+ return NULL;
+ p = p->avl_link[side];
+ }
+ data = p->avl_data;
+
+ /* If this node has two children, swap so we are deleting a node with
+ * at most one child.
+ */
+ if ( p->avl_bits[0] == AVL_CHILD && p->avl_bits[1] == AVL_CHILD &&
+ p->avl_link[0] && p->avl_link[1] ) {
+
+ /* find the immediate predecessor <q> */
+ q = p->avl_link[0];
+ side = depth;
+ pdir[depth++] = 0;
+ while (q->avl_bits[1] == AVL_CHILD && q->avl_link[1]) {
+ pdir[depth] = 1;
+ pptr[depth++] = q;
+ q = q->avl_link[1];
+ }
+ /* swap links */
+ r = p->avl_link[0];
+ p->avl_link[0] = q->avl_link[0];
+ q->avl_link[0] = r;
+
+ q->avl_link[1] = p->avl_link[1];
+ p->avl_link[1] = q;
+
+ p->avl_bits[0] = q->avl_bits[0];
+ p->avl_bits[1] = q->avl_bits[1];
+ q->avl_bits[0] = q->avl_bits[1] = AVL_CHILD;
+
+ q->avl_bf = p->avl_bf;
+
+ /* fix stack positions: old parent of p points to q */
+ pptr[side] = q;
+ if ( side ) {
+ r = pptr[side-1];
+ r->avl_link[pdir[side-1]] = q;
+ } else {
+ *root = q;
+ }
+ /* new parent of p points to p */
+ if ( depth-side > 1 ) {
+ r = pptr[depth-1];
+ r->avl_link[1] = p;
+ } else {
+ q->avl_link[0] = p;
+ }
+
+ /* fix right subtree: successor of p points to q */
+ r = q->avl_link[1];
+ while ( r->avl_bits[0] == AVL_CHILD && r->avl_link[0] )
+ r = r->avl_link[0];
+ r->avl_link[0] = q;
+ }
+
+ /* now <p> has at most one child, get it */
+ if ( p->avl_link[0] && p->avl_bits[0] == AVL_CHILD ) {
+ q = p->avl_link[0];
+ /* Preserve thread continuity */
+ r = p->avl_link[1];
+ nside = 1;
+ } else if ( p->avl_link[1] && p->avl_bits[1] == AVL_CHILD ) {
+ q = p->avl_link[1];
+ r = p->avl_link[0];
+ nside = 0;
+ } else {
+ q = NULL;
+ if ( depth > 0 )
+ r = p->avl_link[pdir[depth-1]];
+ else
+ r = NULL;
+ }
+
+ ber_memfree( p );
+
+ if ( !depth ) {
+ *root = q;
+ return data;
+ }
+
+ /* set the child into p's parent */
+ depth--;
+ p = pptr[depth];
+ side = pdir[depth];
+ p->avl_link[side] = q;
+
+ /* Update child thread */
+ if ( q ) {
+ for ( ; q->avl_bits[nside] == AVL_CHILD && q->avl_link[nside];
+ q = q->avl_link[nside] ) ;
+ q->avl_link[nside] = r;
+ } else {
+ p->avl_bits[side] = AVL_THREAD;
+ p->avl_link[side] = r;
+ }
+
+ top = NULL;
+ shorter = 1;
+
+ while ( shorter ) {
+ p = pptr[depth];
+ side = pdir[depth];
+ nside = !side;
+ side_bf = avl_bfs[side];
+
+ /* case 1: height unchanged */
+ if ( p->avl_bf == EH ) {
+ /* Tree is now heavier on opposite side */
+ p->avl_bf = avl_bfs[nside];
+ shorter = 0;
+
+ } else if ( p->avl_bf == side_bf ) {
+ /* case 2: taller subtree shortened, height reduced */
+ p->avl_bf = EH;
+ } else {
+ /* case 3: shorter subtree shortened */
+ if ( depth )
+ top = pptr[depth-1]; /* p->parent; */
+ else
+ top = NULL;
+ /* set <q> to the taller of the two subtrees of <p> */
+ q = p->avl_link[nside];
+ if ( q->avl_bf == EH ) {
+ /* case 3a: height unchanged, single rotate */
+ if ( q->avl_bits[side] == AVL_THREAD ) {
+ q->avl_bits[side] = AVL_CHILD;
+ p->avl_bits[nside] = AVL_THREAD;
+ } else {
+ p->avl_link[nside] = q->avl_link[side];
+ q->avl_link[side] = p;
+ }
+ shorter = 0;
+ q->avl_bf = side_bf;
+ p->avl_bf = (- side_bf);
+
+ } else if ( q->avl_bf == p->avl_bf ) {
+ /* case 3b: height reduced, single rotate */
+ if ( q->avl_bits[side] == AVL_THREAD ) {
+ q->avl_bits[side] = AVL_CHILD;
+ p->avl_bits[nside] = AVL_THREAD;
+ } else {
+ p->avl_link[nside] = q->avl_link[side];
+ q->avl_link[side] = p;
+ }
+ shorter = 1;
+ q->avl_bf = EH;
+ p->avl_bf = EH;
+
+ } else {
+ /* case 3c: height reduced, balance factors opposite */
+ r = q->avl_link[side];
+ if ( r->avl_bits[nside] == AVL_THREAD ) {
+ r->avl_bits[nside] = AVL_CHILD;
+ q->avl_bits[side] = AVL_THREAD;
+ } else {
+ q->avl_link[side] = r->avl_link[nside];
+ r->avl_link[nside] = q;
+ }
+
+ if ( r->avl_bits[side] == AVL_THREAD ) {
+ r->avl_bits[side] = AVL_CHILD;
+ p->avl_bits[nside] = AVL_THREAD;
+ p->avl_link[nside] = r;
+ } else {
+ p->avl_link[nside] = r->avl_link[side];
+ r->avl_link[side] = p;
+ }
+
+ if ( r->avl_bf == side_bf ) {
+ q->avl_bf = (- side_bf);
+ p->avl_bf = EH;
+ } else if ( r->avl_bf == (- side_bf)) {
+ q->avl_bf = EH;
+ p->avl_bf = side_bf;
+ } else {
+ q->avl_bf = EH;
+ p->avl_bf = EH;
+ }
+ r->avl_bf = EH;
+ q = r;
+ }
+ /* a rotation has caused <q> (or <r> in case 3c) to become
+ * the root. let <p>'s former parent know this.
+ */
+ if ( top == NULL ) {
+ *root = q;
+ } else if (top->avl_link[0] == p) {
+ top->avl_link[0] = q;
+ } else {
+ top->avl_link[1] = q;
+ }
+ /* end case 3 */
+ p = q;
+ }
+ if ( !depth )
+ break;
+ depth--;
+ } /* end while(shorter) */
+
+ return data;
+}
+
+/*
+ * tavl_free -- traverse avltree root, freeing the memory it is using.
+ * the dfree() is called to free the data portion of each node. The
+ * number of items actually freed is returned.
+ */
+
+int
+tavl_free( Avlnode *root, AVL_FREE dfree )
+{
+ int nleft, nright;
+
+ if ( root == 0 )
+ return( 0 );
+
+ nleft = tavl_free( avl_lchild( root ), dfree );
+
+ nright = tavl_free( avl_rchild( root ), dfree );
+
+ if ( dfree )
+ (*dfree)( root->avl_data );
+ ber_memfree( root );
+
+ return( nleft + nright + 1 );
+}
+
+/*
+ * tavl_find -- search avltree root for a node with data data. the function
+ * cmp is used to compare things. it is called with data as its first arg
+ * and the current node data as its second. it should return 0 if they match,
+ * < 0 if arg1 is less than arg2 and > 0 if arg1 is greater than arg2.
+ */
+
+Avlnode *
+tavl_find2( Avlnode *root, const void *data, AVL_CMP fcmp )
+{
+ int cmp;
+
+ while ( root != 0 && (cmp = (*fcmp)( data, root->avl_data )) != 0 ) {
+ cmp = cmp > 0;
+ root = avl_child( root, cmp );
+ }
+ return root;
+}
+
+void*
+tavl_find( Avlnode *root, const void* data, AVL_CMP fcmp )
+{
+ int cmp;
+
+ while ( root != 0 && (cmp = (*fcmp)( data, root->avl_data )) != 0 ) {
+ cmp = cmp > 0;
+ root = avl_child( root, cmp );
+ }
+
+ return( root ? root->avl_data : 0 );
+}
+
+/* Return the leftmost or rightmost node in the tree */
+Avlnode *
+tavl_end( Avlnode *root, int dir )
+{
+ if ( root ) {
+ while ( root->avl_bits[dir] == AVL_CHILD )
+ root = root->avl_link[dir];
+ }
+ return root;
+}
+
+/* Return the next node in the given direction */
+Avlnode *
+tavl_next( Avlnode *root, int dir )
+{
+ if ( root ) {
+ int c = root->avl_bits[dir];
+
+ root = root->avl_link[dir];
+ if ( c == AVL_CHILD ) {
+ dir ^= 1;
+ while ( root->avl_bits[dir] == AVL_CHILD )
+ root = root->avl_link[dir];
+ }
+ }
+ return root;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/testavl.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/testavl.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/testavl.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,150 @@
+/* testavl.c - Test Tim Howes AVL code */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/testavl.c,v 1.2.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1993 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+
+#define AVL_INTERNAL
+#define AVL_NONREENTRANT
+#include "avl.h"
+
+static void ravl_print LDAP_P(( Avlnode *root, int depth ));
+static void myprint LDAP_P(( Avlnode *root ));
+static int avl_strcmp LDAP_P(( const void *s, const void *t ));
+
+int
+main( int argc, char **argv )
+{
+ Avlnode *tree = NULL;
+ char command[ 10 ];
+ char name[ 80 ];
+ char *p;
+
+ printf( "> " );
+ while ( fgets( command, sizeof( command ), stdin ) != NULL ) {
+ switch( *command ) {
+ case 'n': /* new tree */
+ ( void ) avl_free( tree, free );
+ tree = NULL;
+ break;
+ case 'p': /* print */
+ ( void ) myprint( tree );
+ break;
+ case 't': /* traverse with first, next */
+#ifdef AVL_NONREENTRANT
+ printf( "***\n" );
+ for ( p = (char * ) avl_getfirst( tree );
+ p != NULL;
+ p = (char *) avl_getnext())
+ printf( "%s\n", p );
+ printf( "***\n" );
+#else
+ printf( "*** reentrant interface not implemented ***" );
+#endif
+ break;
+ case 'f': /* find */
+ printf( "data? " );
+ if ( fgets( name, sizeof( name ), stdin ) == NULL )
+ exit( EXIT_SUCCESS );
+ name[ strlen( name ) - 1 ] = '\0';
+ if ( (p = (char *) avl_find( tree, name, avl_strcmp ))
+ == NULL )
+ printf( "Not found.\n\n" );
+ else
+ printf( "%s\n\n", p );
+ break;
+ case 'i': /* insert */
+ printf( "data? " );
+ if ( fgets( name, sizeof( name ), stdin ) == NULL )
+ exit( EXIT_SUCCESS );
+ name[ strlen( name ) - 1 ] = '\0';
+ if ( avl_insert( &tree, strdup( name ), avl_strcmp,
+ avl_dup_error ) != 0 )
+ printf( "\nNot inserted!\n" );
+ break;
+ case 'd': /* delete */
+ printf( "data? " );
+ if ( fgets( name, sizeof( name ), stdin ) == NULL )
+ exit( EXIT_SUCCESS );
+ name[ strlen( name ) - 1 ] = '\0';
+ if ( avl_delete( &tree, name, avl_strcmp ) == NULL )
+ printf( "\nNot found!\n" );
+ break;
+ case 'q': /* quit */
+ exit( EXIT_SUCCESS );
+ break;
+ case '\n':
+ break;
+ default:
+ printf("Commands: insert, delete, print, new, quit\n");
+ }
+
+ printf( "> " );
+ }
+
+ return( 0 );
+}
+
+static void ravl_print( Avlnode *root, int depth )
+{
+ int i;
+
+ if ( root == 0 )
+ return;
+
+ ravl_print( root->avl_right, depth+1 );
+
+ for ( i = 0; i < depth; i++ )
+ printf( " " );
+ printf( "%s %d\n", (char *) root->avl_data, root->avl_bf );
+
+ ravl_print( root->avl_left, depth+1 );
+}
+
+static void myprint( Avlnode *root )
+{
+ printf( "********\n" );
+
+ if ( root == 0 )
+ printf( "\tNULL\n" );
+ else
+ ravl_print( root, 0 );
+
+ printf( "********\n" );
+}
+
+static int avl_strcmp( const void *s, const void *t )
+{
+ return strcmp( s, t );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/utils.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/utils.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/utils.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,511 @@
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/utils.c,v 1.24.2.9 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/unistd.h>
+#include <ac/time.h>
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#include <lutil.h>
+#include <ldap_defaults.h>
+
+#ifdef HAVE_EBCDIC
+int _trans_argv = 1;
+#endif
+
+#ifdef _WIN32
+/* Some Windows versions accept both forward and backslashes in
+ * directory paths, but we always use backslashes when generating
+ * and parsing...
+ */
+void lutil_slashpath( char *path )
+{
+ char *c, *p;
+
+ p = path;
+ while (( c=strchr( p, '/' ))) {
+ *c++ = '\\';
+ p = c;
+ }
+}
+#endif
+
+char* lutil_progname( const char* name, int argc, char *argv[] )
+{
+ char *progname;
+
+ if(argc == 0) {
+ return (char *)name;
+ }
+
+#ifdef HAVE_EBCDIC
+ if (_trans_argv) {
+ int i;
+ for (i=0; i<argc; i++) __etoa(argv[i]);
+ _trans_argv = 0;
+ }
+#endif
+ LUTIL_SLASHPATH( argv[0] );
+ progname = strrchr ( argv[0], *LDAP_DIRSEP );
+ progname = progname ? &progname[1] : argv[0];
+ return progname;
+}
+
+#if 0
+size_t lutil_gentime( char *s, size_t smax, const struct tm *tm )
+{
+ size_t ret;
+#ifdef HAVE_EBCDIC
+/* We've been compiling in ASCII so far, but we want EBCDIC now since
+ * strftime only understands EBCDIC input.
+ */
+#pragma convlit(suspend)
+#endif
+ ret = strftime( s, smax, "%Y%m%d%H%M%SZ", tm );
+#ifdef HAVE_EBCDIC
+#pragma convlit(resume)
+ __etoa( s );
+#endif
+ return ret;
+}
+#endif
+
+size_t lutil_localtime( char *s, size_t smax, const struct tm *tm, long delta )
+{
+ size_t ret;
+ char *p;
+
+ if ( smax < 16 ) { /* YYYYmmddHHMMSSZ */
+ return 0;
+ }
+
+#ifdef HAVE_EBCDIC
+/* We've been compiling in ASCII so far, but we want EBCDIC now since
+ * strftime only understands EBCDIC input.
+ */
+#pragma convlit(suspend)
+#endif
+ ret = strftime( s, smax, "%Y%m%d%H%M%SZ", tm );
+#ifdef HAVE_EBCDIC
+#pragma convlit(resume)
+ __etoa( s );
+#endif
+ if ( delta == 0 || ret == 0 ) {
+ return ret;
+ }
+
+ if ( smax < 20 ) { /* YYYYmmddHHMMSS+HHMM */
+ return 0;
+ }
+
+ p = s + 14;
+
+ if ( delta < 0 ) {
+ p[ 0 ] = '-';
+ delta = -delta;
+ } else {
+ p[ 0 ] = '+';
+ }
+ p++;
+
+ snprintf( p, smax - 15, "%02ld%02ld", delta / 3600,
+ ( delta % 3600 ) / 60 );
+
+ return ret + 5;
+}
+
+int lutil_tm2time( struct lutil_tm *tm, struct lutil_timet *tt )
+{
+ static int moffset[12] = {
+ 0, 31, 59, 90, 120,
+ 151, 181, 212, 243,
+ 273, 304, 334 };
+ int sec;
+
+ tt->tt_usec = tm->tm_usec;
+
+ /* special case 0000/01/01+00:00:00 is returned as zero */
+ if ( tm->tm_year == -1900 && tm->tm_mon == 0 && tm->tm_mday == 1 &&
+ tm->tm_hour == 0 && tm->tm_min == 0 && tm->tm_sec == 0 ) {
+ tt->tt_sec = 0;
+ tt->tt_gsec = 0;
+ return 0;
+ }
+
+ /* tm->tm_year is years since 1900 */
+ /* calculate days from years since 1970 (epoch) */
+ tt->tt_sec = tm->tm_year - 70;
+ tt->tt_sec *= 365L;
+
+ /* count leap days in preceding years */
+ tt->tt_sec += ((tm->tm_year -69) >> 2);
+
+ /* calculate days from months */
+ tt->tt_sec += moffset[tm->tm_mon];
+
+ /* add in this year's leap day, if any */
+ if (((tm->tm_year & 3) == 0) && (tm->tm_mon > 1)) {
+ tt->tt_sec ++;
+ }
+
+ /* add in days in this month */
+ tt->tt_sec += (tm->tm_mday - 1);
+
+ /* this function can handle a range of about 17408 years... */
+ /* 86400 seconds in a day, divided by 128 = 675 */
+ tt->tt_sec *= 675;
+
+ /* move high 7 bits into tt_gsec */
+ tt->tt_gsec = tt->tt_sec >> 25;
+ tt->tt_sec -= tt->tt_gsec << 25;
+
+ /* get hours */
+ sec = tm->tm_hour;
+
+ /* convert to minutes */
+ sec *= 60L;
+ sec += tm->tm_min;
+
+ /* convert to seconds */
+ sec *= 60L;
+ sec += tm->tm_sec;
+
+ /* add remaining seconds */
+ tt->tt_sec <<= 7;
+ tt->tt_sec += sec;
+
+ /* return success */
+ return 0;
+}
+
+int lutil_parsetime( char *atm, struct lutil_tm *tm )
+{
+ while (atm && tm) {
+ char *ptr = atm;
+ unsigned i, fracs;
+
+ /* Is the stamp reasonably long? */
+ for (i=0; isdigit((unsigned char) atm[i]); i++);
+ if (i < sizeof("00000101000000")-1)
+ break;
+
+ /*
+ * parse the time into a struct tm
+ */
+ /* 4 digit year to year - 1900 */
+ tm->tm_year = *ptr++ - '0';
+ tm->tm_year *= 10; tm->tm_year += *ptr++ - '0';
+ tm->tm_year *= 10; tm->tm_year += *ptr++ - '0';
+ tm->tm_year *= 10; tm->tm_year += *ptr++ - '0';
+ tm->tm_year -= 1900;
+ /* month 01-12 to 0-11 */
+ tm->tm_mon = *ptr++ - '0';
+ tm->tm_mon *=10; tm->tm_mon += *ptr++ - '0';
+ if (tm->tm_mon < 1 || tm->tm_mon > 12) break;
+ tm->tm_mon--;
+
+ /* day of month 01-31 */
+ tm->tm_mday = *ptr++ - '0';
+ tm->tm_mday *=10; tm->tm_mday += *ptr++ - '0';
+ if (tm->tm_mday < 1 || tm->tm_mday > 31) break;
+
+ /* Hour 00-23 */
+ tm->tm_hour = *ptr++ - '0';
+ tm->tm_hour *=10; tm->tm_hour += *ptr++ - '0';
+ if (tm->tm_hour < 0 || tm->tm_hour > 23) break;
+
+ /* Minute 00-59 */
+ tm->tm_min = *ptr++ - '0';
+ tm->tm_min *=10; tm->tm_min += *ptr++ - '0';
+ if (tm->tm_min < 0 || tm->tm_min > 59) break;
+
+ /* Second 00-61 */
+ tm->tm_sec = *ptr++ - '0';
+ tm->tm_sec *=10; tm->tm_sec += *ptr++ - '0';
+ if (tm->tm_sec < 0 || tm->tm_sec > 61) break;
+
+ /* Fractions of seconds */
+ if ( *ptr == '.' ) {
+ ptr++;
+ for (i = 0, fracs = 0; isdigit((unsigned char) *ptr); ) {
+ i*=10; i+= *ptr++ - '0';
+ fracs++;
+ }
+ tm->tm_usec = i;
+ if (i) {
+ for (i = fracs; i<6; i++)
+ tm->tm_usec *= 10;
+ }
+ }
+
+ /* Must be UTC */
+ if (*ptr != 'Z') break;
+
+ return 0;
+ }
+ return -1;
+}
+
+/* strcopy is like strcpy except it returns a pointer to the trailing NUL of
+ * the result string. This allows fast construction of catenated strings
+ * without the overhead of strlen/strcat.
+ */
+char *
+lutil_strcopy(
+ char *a,
+ const char *b
+)
+{
+ if (!a || !b)
+ return a;
+
+ while ((*a++ = *b++)) ;
+ return a-1;
+}
+
+/* strncopy is like strcpy except it returns a pointer to the trailing NUL of
+ * the result string. This allows fast construction of catenated strings
+ * without the overhead of strlen/strcat.
+ */
+char *
+lutil_strncopy(
+ char *a,
+ const char *b,
+ size_t n
+)
+{
+ if (!a || !b || n == 0)
+ return a;
+
+ while ((*a++ = *b++) && n-- > 0) ;
+ return a-1;
+}
+
+#ifndef HAVE_MKSTEMP
+int mkstemp( char * template )
+{
+#ifdef HAVE_MKTEMP
+ return open ( mktemp ( template ), O_RDWR|O_CREAT|O_EXCL, 0600 );
+#else
+ return -1;
+#endif
+}
+#endif
+
+/*
+ * Memory Reverse Search
+ */
+void *
+lutil_memrchr(const void *b, int c, size_t n)
+{
+ if (n != 0) {
+ const unsigned char *s, *bb = b, cc = c;
+
+ for ( s = bb + n; s > bb; ) {
+ if ( *--s == cc ) {
+ return (void *) s;
+ }
+ }
+ }
+
+ return NULL;
+}
+
+int
+lutil_atoix( int *v, const char *s, int x )
+{
+ char *next;
+ long i;
+
+ assert( s != NULL );
+ assert( v != NULL );
+
+ i = strtol( s, &next, x );
+ if ( next == s || next[ 0 ] != '\0' ) {
+ return -1;
+ }
+
+ if ( (long)(int)i != i ) {
+ return 1;
+ }
+
+ *v = (int)i;
+
+ return 0;
+}
+
+int
+lutil_atoux( unsigned *v, const char *s, int x )
+{
+ char *next;
+ unsigned long u;
+
+ assert( s != NULL );
+ assert( v != NULL );
+
+ /* strtoul() has an odd interface */
+ if ( s[ 0 ] == '-' ) {
+ return -1;
+ }
+
+ u = strtoul( s, &next, x );
+ if ( next == s || next[ 0 ] != '\0' ) {
+ return -1;
+ }
+
+ if ( (unsigned long)(unsigned)u != u ) {
+ return 1;
+ }
+
+ *v = u;
+
+ return 0;
+}
+
+int
+lutil_atolx( long *v, const char *s, int x )
+{
+ char *next;
+ long l;
+
+ assert( s != NULL );
+ assert( v != NULL );
+
+ l = strtol( s, &next, x );
+ if ( next == s || next[ 0 ] != '\0' ) {
+ return -1;
+ }
+
+ *v = l;
+
+ return 0;
+}
+
+int
+lutil_atoulx( unsigned long *v, const char *s, int x )
+{
+ char *next;
+ unsigned long ul;
+
+ assert( s != NULL );
+ assert( v != NULL );
+
+ /* strtoul() has an odd interface */
+ if ( s[ 0 ] == '-' ) {
+ return -1;
+ }
+
+ ul = strtoul( s, &next, x );
+ if ( next == s || next[ 0 ] != '\0' ) {
+ return -1;
+ }
+
+ *v = ul;
+
+ return 0;
+}
+
+static char time_unit[] = "dhms";
+
+int
+lutil_parse_time(
+ const char *in,
+ unsigned long *tp )
+{
+ unsigned long t = 0;
+ char *s,
+ *next;
+ int sofar = -1,
+ scale[] = { 86400, 3600, 60, 1 };
+
+ *tp = 0;
+
+ for ( s = (char *)in; s[ 0 ] != '\0'; ) {
+ unsigned long u;
+ char *what;
+
+ /* strtoul() has an odd interface */
+ if ( s[ 0 ] == '-' ) {
+ return -1;
+ }
+
+ u = strtoul( s, &next, 10 );
+ if ( next == s ) {
+ return -1;
+ }
+
+ if ( next[ 0 ] == '\0' ) {
+ /* assume seconds */
+ t += u;
+ break;
+ }
+
+ what = strchr( time_unit, next[ 0 ] );
+ if ( what == NULL ) {
+ return -1;
+ }
+
+ if ( what - time_unit <= sofar ) {
+ return -1;
+ }
+
+ sofar = what - time_unit;
+ t += u * scale[ sofar ];
+
+ s = &next[ 1 ];
+ }
+
+ *tp = t;
+ return 0;
+}
+
+int
+lutil_unparse_time(
+ char *buf,
+ size_t buflen,
+ unsigned long t )
+{
+ int len, i;
+ unsigned long v[ 4 ];
+
+ v[ 0 ] = t/86400;
+ v[ 1 ] = (t%86400)/3600;
+ v[ 2 ] = (t%3600)/60;
+ v[ 3 ] = t%60;
+
+ for ( i = 0; i < 4; i++ ) {
+ if ( v[i] > 0 || i == 3 ) {
+ len = snprintf( buf, buflen, "%lu%c", v[ i ], time_unit[ i ] );
+ if ( len < 0 || (unsigned)len >= buflen ) {
+ return -1;
+ }
+ buflen -= len;
+ buf += len;
+ }
+ }
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/liblutil/uuid.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/liblutil/uuid.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/liblutil/uuid.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,410 @@
+/* uuid.c -- Universally Unique Identifier routines */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/uuid.c,v 1.25.2.4 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2000-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright 2000, John E. Schimmel, All rights reserved.
+ * This software is not subject to any license of Mirapoint, Inc.
+ *
+ * This is free software; you can redistribute and use it
+ * under the same terms as OpenLDAP itself.
+ */
+/* This work was initially developed by John E. Schimmel and adapted
+ * for inclusion in OpenLDAP Software by Kurt D. Zeilenga.
+ */
+
+/*
+ * Sorry this file is so scary, but it needs to run on a wide range of
+ * platforms. The only exported routine is lutil_uuidstr() which is all
+ * that LDAP cares about. It generates a new uuid and returns it in
+ * in string form.
+ */
+#include "portable.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <sys/types.h>
+
+#include <ac/stdlib.h>
+#include <ac/string.h> /* get memcmp() */
+
+#ifdef HAVE_UUID_TO_STR
+# include <sys/uuid.h>
+#elif defined( _WIN32 )
+# include <rpc.h>
+#else
+# include <ac/socket.h>
+# include <ac/time.h>
+# ifdef HAVE_SYS_SYSCTL_H
+# include <net/if.h>
+# include <sys/sysctl.h>
+# include <net/route.h>
+# endif
+#endif
+
+#include <lutil.h>
+
+/* not needed for Windows */
+#if !defined(HAVE_UUID_TO_STR) && !defined(_WIN32)
+static unsigned char *
+lutil_eaddr( void )
+{
+ static unsigned char zero[6];
+ static unsigned char eaddr[6];
+
+#ifdef HAVE_SYS_SYSCTL_H
+ size_t needed;
+ int mib[6];
+ char *buf, *next, *lim;
+ struct if_msghdr *ifm;
+ struct sockaddr_dl *sdl;
+
+ if (memcmp(eaddr, zero, sizeof(eaddr))) {
+ return eaddr;
+ }
+
+ mib[0] = CTL_NET;
+ mib[1] = PF_ROUTE;
+ mib[3] = 0;
+ mib[3] = 0;
+ mib[4] = NET_RT_IFLIST;
+ mib[5] = 0;
+
+ if (sysctl(mib, sizeof(mib), NULL, &needed, NULL, 0) < 0) {
+ return NULL;
+ }
+
+ buf = malloc(needed);
+ if( buf == NULL ) return NULL;
+
+ if (sysctl(mib, sizeof(mib), buf, &needed, NULL, 0) < 0) {
+ free(buf);
+ return NULL;
+ }
+
+ lim = buf + needed;
+ for (next = buf; next < lim; next += ifm->ifm_msglen) {
+ ifm = (struct if_msghdr *)next;
+ sdl = (struct sockaddr_dl *)(ifm + 1);
+
+ if ( sdl->sdl_family != AF_LINK || sdl->sdl_alen == 6 ) {
+ AC_MEMCPY(eaddr,
+ (unsigned char *)sdl->sdl_data + sdl->sdl_nlen,
+ sizeof(eaddr));
+ free(buf);
+ return eaddr;
+ }
+ }
+
+ free(buf);
+ return NULL;
+
+#elif defined( SIOCGIFADDR ) && defined( AFLINK )
+ char buf[sizeof(struct ifreq) * 32];
+ struct ifconf ifc;
+ struct ifreq *ifr;
+ struct sockaddr *sa;
+ struct sockaddr_dl *sdl;
+ unsigned char *p;
+ int s, i;
+
+ if (memcmp(eaddr, zero, sizeof(eaddr))) {
+ return eaddr;
+ }
+
+ s = socket( AF_INET, SOCK_DGRAM, 0 );
+ if ( s < 0 ) {
+ return NULL;
+ }
+
+ ifc.ifc_len = sizeof( buf );
+ ifc.ifc_buf = buf;
+ memset( buf, 0, sizeof( buf ) );
+
+ i = ioctl( s, SIOCGIFCONF, (char *)&ifc );
+ close( s );
+
+ if( i < 0 ) {
+ return NULL;
+ }
+
+ for ( i = 0; i < ifc.ifc_len; ) {
+ ifr = (struct ifreq *)&ifc.ifc_buf[i];
+ sa = &ifr->ifr_addr;
+
+ if ( sa->sa_len > sizeof( ifr->ifr_addr ) ) {
+ i += sizeof( ifr->ifr_name ) + sa->sa_len;
+ } else {
+ i += sizeof( *ifr );
+ }
+
+ if ( sa->sa_family != AF_LINK ) {
+ continue;
+ }
+
+ sdl = (struct sockaddr_dl *)sa;
+
+ if ( sdl->sdl_alen == 6 ) {
+ AC_MEMCPY(eaddr,
+ (unsigned char *)sdl->sdl_data + sdl->sdl_nlen,
+ sizeof(eaddr));
+ return eaddr;
+ }
+ }
+
+ return NULL;
+
+#else
+ if (memcmp(eaddr, zero, sizeof(eaddr)) == 0) {
+ /* XXX - who knows? */
+ lutil_entropy( eaddr, sizeof(eaddr) );
+ eaddr[0] |= 0x01; /* turn it into a multicast address */
+ }
+
+ return eaddr;
+#endif
+}
+
+#if (ULONG_MAX >> 31 >> 31) > 1 || defined HAVE_LONG_LONG
+
+#if (ULONG_MAX >> 31 >> 31) > 1
+ typedef unsigned long UI64;
+ /* 100 usec intervals from 10/10/1582 to 1/1/1970 */
+# define UUID_TPLUS 0x01B21DD2138140ul
+#else
+ typedef unsigned long long UI64;
+# define UUID_TPLUS 0x01B21DD2138140ull
+#endif
+
+#define high32(i) ((unsigned long) ((i) >> 32))
+#define low32(i) ((unsigned long) (i) & 0xFFFFFFFFul)
+#define set_add64(res, i) ((res) += (i))
+#define set_add64l(res, i) ((res) += (i))
+#define mul64ll(i1, i2) ((UI64) (i1) * (i2))
+
+#else /* ! (ULONG_MAX >= 64 bits || HAVE_LONG_LONG) */
+
+typedef struct {
+ unsigned long high, low;
+} UI64;
+
+static const UI64 UUID_TPLUS = { 0x01B21Dul, 0xD2138140ul };
+
+#define high32(i) ((i).high)
+#define low32(i) ((i).low)
+
+/* res += ui64 */
+#define set_add64(res, ui64) \
+{ \
+ res.high += ui64.high; \
+ res.low = (res.low + ui64.low) & 0xFFFFFFFFul; \
+ if (res.low < ui64.low) res.high++; \
+}
+
+/* res += ul32 */
+#define set_add64l(res, ul32) \
+{ \
+ res.low = (res.low + ul32) & 0xFFFFFFFFul; \
+ if (res.low < ul32) res.high++; \
+}
+
+/* compute i1 * i2 */
+static UI64
+mul64ll(unsigned long i1, unsigned long i2)
+{
+ const unsigned int high1 = (i1 >> 16), low1 = (i1 & 0xffff);
+ const unsigned int high2 = (i2 >> 16), low2 = (i2 & 0xffff);
+
+ UI64 res;
+ unsigned long tmp;
+
+ res.high = (unsigned long) high1 * high2;
+ res.low = (unsigned long) low1 * low2;
+
+ tmp = (unsigned long) low1 * high2;
+ res.high += (tmp >> 16);
+ tmp = (tmp << 16) & 0xFFFFFFFFul;
+ res.low = (res.low + tmp) & 0xFFFFFFFFul;
+ if (res.low < tmp)
+ res.high++;
+
+ tmp = (unsigned long) low2 * high1;
+ res.high += (tmp >> 16);
+ tmp = (tmp << 16) & 0xFFFFFFFFul;
+ res.low = (res.low + tmp) & 0xFFFFFFFFul;
+ if (res.low < tmp)
+ res.high++;
+
+ return res;
+}
+
+#endif /* ULONG_MAX >= 64 bits || HAVE_LONG_LONG */
+
+#endif /* !HAVE_UUID_TO_STR && !_WIN32 */
+
+/*
+** All we really care about is an ISO UUID string. The format of a UUID is:
+** field octet note
+** time_low 0-3 low field of the timestamp
+** time_mid 4-5 middle field of timestamp
+** time_hi_and_version 6-7 high field of timestamp and
+** version number
+** clock_seq_hi_and_resv 8 high field of clock sequence
+** and variant
+** clock_seq_low 9 low field of clock sequence
+** node 10-15 spacially unique identifier
+**
+** We use DCE version one, and the DCE variant. Our unique identifier is
+** the first ethernet address on the system.
+*/
+size_t
+lutil_uuidstr( char *buf, size_t len )
+{
+#ifdef HAVE_UUID_TO_STR
+ uuid_t uu = {0};
+ unsigned rc;
+ char *s;
+ size_t l;
+
+ uuid_create( &uu, &rc );
+ if ( rc != uuid_s_ok ) {
+ return 0;
+ }
+
+ uuid_to_str( &uu, &s, &rc );
+ if ( rc != uuid_s_ok ) {
+ return 0;
+ }
+
+ l = strlen( s );
+ if ( l >= len ) {
+ free( s );
+ return 0;
+ }
+
+ strncpy( buf, s, len );
+ free( s );
+
+ return l;
+
+#elif defined( _WIN32 )
+ UUID uuid;
+ unsigned char *uuidstr;
+ size_t uuidlen;
+
+ if( UuidCreate( &uuid ) != RPC_S_OK ) {
+ return 0;
+ }
+
+ if( UuidToString( &uuid, &uuidstr ) != RPC_S_OK ) {
+ return 0;
+ }
+
+ uuidlen = strlen( uuidstr );
+ if( uuidlen >= len ) {
+ return 0;
+ }
+
+ strncpy( buf, uuidstr, len );
+ RpcStringFree( &uuidstr );
+
+ return uuidlen;
+
+#else
+ struct timeval tv;
+ UI64 tl;
+ unsigned char *nl;
+ unsigned short t2, t3, s1;
+ unsigned long t1, tl_high;
+ unsigned int rc;
+
+ /*
+ * Theoretically we should delay if seq wraps within 100usec but for now
+ * systems are not fast enough to worry about it.
+ */
+ static int inited = 0;
+ static unsigned short seq;
+
+ if (!inited) {
+ lutil_entropy( (unsigned char *) &seq, sizeof(seq) );
+ inited++;
+ }
+
+#ifdef HAVE_GETTIMEOFDAY
+ gettimeofday( &tv, 0 );
+#else
+ time( &tv.tv_sec );
+ tv.tv_usec = 0;
+#endif
+
+ tl = mul64ll(tv.tv_sec, 10000000UL);
+ set_add64l(tl, tv.tv_usec * 10UL);
+ set_add64(tl, UUID_TPLUS);
+
+ nl = lutil_eaddr();
+
+ t1 = low32(tl); /* time_low */
+ tl_high = high32(tl);
+ t2 = tl_high & 0xffff; /* time_mid */
+ t3 = ((tl_high >> 16) & 0x0fff) | 0x1000; /* time_hi_and_version */
+ s1 = ( ++seq & 0x1fff ) | 0x8000; /* clock_seq_and_reserved */
+
+ rc = snprintf( buf, len,
+ "%08lx-%04x-%04x-%04x-%02x%02x%02x%02x%02x%02x",
+ t1, (unsigned) t2, (unsigned) t3, (unsigned) s1,
+ (unsigned) nl[0], (unsigned) nl[1],
+ (unsigned) nl[2], (unsigned) nl[3],
+ (unsigned) nl[4], (unsigned) nl[5] );
+
+ return rc < len ? rc : 0;
+#endif
+}
+
+#ifdef TEST
+int
+main(int argc, char **argv)
+{
+ char buf1[8], buf2[64];
+
+#ifndef HAVE_UUID_TO_STR
+ unsigned char *p = lutil_eaddr();
+
+ if( p ) {
+ printf( "Ethernet Address: %02x:%02x:%02x:%02x:%02x:%02x\n",
+ (unsigned) p[0], (unsigned) p[1], (unsigned) p[2],
+ (unsigned) p[3], (unsigned) p[4], (unsigned) p[5]);
+ }
+#endif
+
+ if ( lutil_uuidstr( buf1, sizeof( buf1 ) ) ) {
+ printf( "UUID: %s\n", buf1 );
+ } else {
+ fprintf( stderr, "too short: %ld\n", (long) sizeof( buf1 ) );
+ }
+
+ if ( lutil_uuidstr( buf2, sizeof( buf2 ) ) ) {
+ printf( "UUID: %s\n", buf2 );
+ } else {
+ fprintf( stderr, "too short: %ld\n", (long) sizeof( buf2 ) );
+ }
+
+ if ( lutil_uuidstr( buf2, sizeof( buf2 ) ) ) {
+ printf( "UUID: %s\n", buf2 );
+ } else {
+ fprintf( stderr, "too short: %ld\n", (long) sizeof( buf2 ) );
+ }
+
+ return 0;
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/Copyright
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/Copyright (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/Copyright 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,23 @@
+/******************************************************************************
+ *
+ * Copyright (C) 2000 Pierangelo Masarati, <ando at sys-net.it>
+ * All rights reserved.
+ *
+ * Permission is granted to anyone to use this software for any purpose
+ * on any computer system, and to alter it and redistribute it, subject
+ * to the following restrictions:
+ *
+ * 1. The author is not responsible for the consequences of use of this
+ * software, no matter how awful, even if they arise from flaws in it.
+ *
+ * 2. The origin of this software must not be misrepresented, either by
+ * explicit claim or by omission. Since few users ever read sources,
+ * credits should appear in the documentation.
+ *
+ * 3. Altered versions must be plainly marked as such, and must not be
+ * misrepresented as being the original software. Since few users
+ * ever read sources, credits should appear in the documentation.
+ *
+ * 4. This notice may not be removed or altered.
+ *
+ ******************************************************************************/
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,37 @@
+# LIBREWRITE
+# $OpenLDAP: pkg/ldap/libraries/librewrite/Makefile.in,v 1.10.2.5 2007/01/02 21:43:52 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## Copyright 2000-2001 Pierangelo Masarati <ando at sys-net.it>
+##
+
+SRCS = config.c context.c info.c ldapmap.c map.c params.c rule.c \
+ session.c subst.c var.c xmap.c \
+ parse.c rewrite.c
+XSRCS = version.c
+OBJS = config.o context.o info.o ldapmap.o map.o params.o rule.o \
+ session.o subst.o var.o xmap.o
+
+LDAP_INCDIR= ../../include
+LDAP_LIBDIR= ../../libraries
+
+LIBRARY = librewrite.a
+PROGRAMS = rewrite
+XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) \
+ $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS)
+XXXLIBS = $(LTHREAD_LIBS)
+
+rewrite: $(XLIBS) rewrite.o parse.o
+ $(LTLINK) -o $@ rewrite.o parse.o $(LIBS)
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/RATIONALE
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/RATIONALE (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/RATIONALE 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2 @@
+The workings of the rewrite library are described in the
+REWRITING section of the slapd-meta(5) manual page.
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/config.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/config.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/config.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,441 @@
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/config.c,v 1.10.2.5 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#include <portable.h>
+
+#include "rewrite-int.h"
+#include "rewrite-map.h"
+
+/*
+ * Parses a plugin map
+ */
+static int
+rewrite_parse_builtin_map(
+ struct rewrite_info *info,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+);
+
+/*
+ * Parses a config line and takes actions to fit content in rewrite structure;
+ * lines handled are of the form:
+ *
+ * rewriteEngine {on|off}
+ * rewriteMaxPasses numPasses [numPassesPerRule]
+ * rewriteContext contextName [alias aliasedContextName]
+ * rewriteRule pattern substPattern [ruleFlags]
+ * rewriteMap mapType mapName [mapArgs]
+ * rewriteParam paramName paramValue
+ */
+int
+rewrite_parse(
+ struct rewrite_info *info,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ int rc = -1;
+
+ assert( info != NULL );
+ assert( fname != NULL );
+ assert( argv != NULL );
+ assert( argc > 0 );
+
+ /*
+ * Switch on the rewrite engine
+ */
+ if ( strcasecmp( argv[ 0 ], "rewriteEngine" ) == 0 ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] rewriteEngine needs 'state'\n%s",
+ fname, lineno, "" );
+ return -1;
+
+ } else if ( argc > 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] extra fields in rewriteEngine"
+ " will be discarded\n%s",
+ fname, lineno, "" );
+ }
+
+ if ( strcasecmp( argv[ 1 ], "on" ) == 0 ) {
+ info->li_state = REWRITE_ON;
+
+ } else if ( strcasecmp( argv[ 1 ], "off" ) == 0 ) {
+ info->li_state = REWRITE_OFF;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] unknown 'state' in rewriteEngine;"
+ " assuming 'on'\n%s",
+ fname, lineno, "" );
+ info->li_state = REWRITE_ON;
+ }
+ rc = REWRITE_SUCCESS;
+
+ /*
+ * Alter max passes
+ */
+ } else if ( strcasecmp( argv[ 0 ], "rewriteMaxPasses" ) == 0 ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] rewriteMaxPasses needs 'value'\n%s",
+ fname, lineno, "" );
+ return -1;
+ }
+
+ if ( lutil_atoi( &info->li_max_passes, argv[ 1 ] ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] unable to parse rewriteMaxPasses=\"%s\"\n",
+ fname, lineno, argv[ 1 ] );
+ return -1;
+ }
+
+ if ( info->li_max_passes <= 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] negative or null rewriteMaxPasses\n",
+ fname, lineno, 0 );
+ return -1;
+ }
+
+ if ( argc > 2 ) {
+ if ( lutil_atoi( &info->li_max_passes_per_rule, argv[ 2 ] ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] unable to parse rewriteMaxPassesPerRule=\"%s\"\n",
+ fname, lineno, argv[ 2 ] );
+ return -1;
+ }
+
+ if ( info->li_max_passes_per_rule <= 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] negative or null rewriteMaxPassesPerRule\n",
+ fname, lineno, 0 );
+ return -1;
+ }
+
+ } else {
+ info->li_max_passes_per_rule = info->li_max_passes;
+ }
+ rc = REWRITE_SUCCESS;
+
+ /*
+ * Start a new rewrite context and set current context
+ */
+ } else if ( strcasecmp( argv[ 0 ], "rewriteContext" ) == 0 ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] rewriteContext needs 'name'\n%s",
+ fname, lineno, "" );
+ return -1;
+ }
+
+ /*
+ * Checks for existence (lots of contexts should be
+ * available by default ...)
+ */
+ rewrite_int_curr_context = rewrite_context_find( info, argv[ 1 ] );
+ if ( rewrite_int_curr_context == NULL ) {
+ rewrite_int_curr_context = rewrite_context_create( info,
+ argv[ 1 ] );
+ }
+ if ( rewrite_int_curr_context == NULL ) {
+ return -1;
+ }
+
+ if ( argc > 2 ) {
+
+ /*
+ * A context can alias another (e.g., the `builtin'
+ * contexts for backend operations, if not defined,
+ * alias the `default' rewrite context (with the
+ * notable exception of the searchResult context,
+ * which can be undefined)
+ */
+ if ( strcasecmp( argv[ 2 ], "alias" ) == 0 ) {
+ struct rewrite_context *aliased;
+
+ if ( argc == 3 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] rewriteContext"
+ " needs 'name' after"
+ " 'alias'\n%s",
+ fname, lineno, "" );
+ return -1;
+
+ } else if ( argc > 4 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] extra fields in"
+ " rewriteContext"
+ " after aliased name"
+ " will be"
+ " discarded\n%s",
+ fname, lineno, "" );
+ }
+
+ aliased = rewrite_context_find( info,
+ argv[ 3 ] );
+ if ( aliased == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] aliased"
+ " rewriteContext '%s'"
+ " does not exists\n",
+ fname, lineno,
+ argv[ 3 ] );
+ return -1;
+ }
+
+ rewrite_int_curr_context->lc_alias = aliased;
+ rewrite_int_curr_context = aliased;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] extra fields"
+ " in rewriteContext"
+ " will be discarded\n%s",
+ fname, lineno, "" );
+ }
+ }
+ rc = REWRITE_SUCCESS;
+
+ /*
+ * Compile a rule in current context
+ */
+ } else if ( strcasecmp( argv[ 0 ], "rewriteRule" ) == 0 ) {
+ if ( argc < 3 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] rewriteRule needs 'pattern'"
+ " 'subst' ['flags']\n%s",
+ fname, lineno, "" );
+ return -1;
+
+ } else if ( argc > 4 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] extra fields in rewriteRule"
+ " will be discarded\n%s",
+ fname, lineno, "" );
+ }
+
+ if ( rewrite_int_curr_context == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] rewriteRule outside a"
+ " context; will add to default\n%s",
+ fname, lineno, "" );
+ rewrite_int_curr_context = rewrite_context_find( info,
+ REWRITE_DEFAULT_CONTEXT );
+
+ /*
+ * Default context MUST exist in a properly initialized
+ * struct rewrite_info
+ */
+ assert( rewrite_int_curr_context != NULL );
+ }
+
+ rc = rewrite_rule_compile( info, rewrite_int_curr_context, argv[ 1 ],
+ argv[ 2 ], ( argc == 4 ? argv[ 3 ] : "" ) );
+
+ /*
+ * Add a plugin map to the map tree
+ */
+ } else if ( strcasecmp( argv[ 0 ], "rewriteMap" ) == 0 ) {
+ if ( argc < 3 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] rewriteMap needs at least 'type'"
+ " and 'name' ['args']\n%s",
+ fname, lineno, "" );
+ return -1;
+ }
+
+ rc = rewrite_parse_builtin_map( info, fname, lineno,
+ argc, argv );
+
+ /*
+ * Set the value of a global scope parameter
+ */
+ } else if ( strcasecmp( argv[ 0 ], "rewriteParam" ) == 0 ) {
+ if ( argc < 3 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] rewriteParam needs 'name'"
+ " and 'value'\n%s",
+ fname, lineno, "" );
+ return -1;
+ }
+
+ rc = rewrite_param_set( info, argv[ 1 ], argv[ 2 ] );
+
+ /*
+ * Error
+ */
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] unknown command '%s'\n",
+ fname, lineno, "" );
+ return -1;
+ }
+
+ return rc;
+}
+
+/*
+ * Compares two maps
+ */
+static int
+rewrite_builtin_map_cmp(
+ const void *c1,
+ const void *c2
+)
+{
+ const struct rewrite_builtin_map *m1, *m2;
+
+ m1 = ( const struct rewrite_builtin_map * )c1;
+ m2 = ( const struct rewrite_builtin_map * )c2;
+
+ assert( m1 != NULL );
+ assert( m2 != NULL );
+ assert( m1->lb_name != NULL );
+ assert( m2->lb_name != NULL );
+
+ return strcasecmp( m1->lb_name, m2->lb_name );
+}
+
+/*
+ * Duplicate map ?
+ */
+static int
+rewrite_builtin_map_dup(
+ void *c1,
+ void *c2
+)
+{
+ struct rewrite_builtin_map *m1, *m2;
+
+ m1 = ( struct rewrite_builtin_map * )c1;
+ m2 = ( struct rewrite_builtin_map * )c2;
+
+ assert( m1 != NULL );
+ assert( m2 != NULL );
+ assert( m1->lb_name != NULL );
+ assert( m2->lb_name != NULL );
+
+ return ( strcasecmp( m1->lb_name, m2->lb_name ) == 0 ? -1 : 0 );
+}
+
+/*
+ * Adds a map to the info map tree
+ */
+static int
+rewrite_builtin_map_insert(
+ struct rewrite_info *info,
+ struct rewrite_builtin_map *map
+)
+{
+ /*
+ * May need a mutex?
+ */
+ return avl_insert( &info->li_maps, ( caddr_t )map,
+ rewrite_builtin_map_cmp,
+ rewrite_builtin_map_dup );
+}
+
+/*
+ * Retrieves a map
+ */
+struct rewrite_builtin_map *
+rewrite_builtin_map_find(
+ struct rewrite_info *info,
+ const char *name
+)
+{
+ struct rewrite_builtin_map tmp;
+
+ assert( info != NULL );
+ assert( name != NULL );
+
+ tmp.lb_name = ( char * )name;
+
+ return ( struct rewrite_builtin_map * )avl_find( info->li_maps,
+ ( caddr_t )&tmp, rewrite_builtin_map_cmp );
+}
+
+/*
+ * Parses a plugin map
+ */
+static int
+rewrite_parse_builtin_map(
+ struct rewrite_info *info,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ struct rewrite_builtin_map *map;
+
+#define MAP_TYPE 1
+#define MAP_NAME 2
+
+ assert( info != NULL );
+ assert( fname != NULL );
+ assert( argc > 2 );
+ assert( argv != NULL );
+ assert( strcasecmp( argv[ 0 ], "rewriteMap" ) == 0 );
+
+ map = calloc( sizeof( struct rewrite_builtin_map ), 1 );
+ if ( map == NULL ) {
+ return REWRITE_ERR;
+ }
+
+ map->lb_name = strdup( argv[ MAP_NAME ] );
+ if ( map->lb_name == NULL ) {
+ free( map );
+ return REWRITE_ERR;
+ }
+
+ /*
+ * Built-in ldap map
+ */
+ if ( strcasecmp( argv[ MAP_TYPE ], "ldap" ) == 0 ) {
+ map->lb_type = REWRITE_BUILTIN_MAP_LDAP;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ if ( ldap_pvt_thread_mutex_init( & map->lb_mutex ) ) {
+ free( map->lb_name );
+ free( map );
+ return REWRITE_ERR;
+ }
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ map->lb_private = map_ldap_parse( info, fname, lineno,
+ argc - 3, argv + 3 );
+
+ /*
+ * Error
+ */
+ } else {
+ free( map );
+ Debug( LDAP_DEBUG_ANY, "[%s:%d] unknown map type\n%s",
+ fname, lineno, "" );
+ return -1;
+ }
+
+ return rewrite_builtin_map_insert( info, map );
+}
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/context.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/context.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/context.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,474 @@
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/context.c,v 1.11.2.4 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#include <portable.h>
+
+#include "rewrite-int.h"
+
+/*
+ * Compares two struct rewrite_context based on the name;
+ * used by avl stuff
+ */
+static int
+rewrite_context_cmp(
+ const void *c1,
+ const void *c2
+)
+{
+ const struct rewrite_context *lc1, *lc2;
+
+ lc1 = (const struct rewrite_context *)c1;
+ lc2 = (const struct rewrite_context *)c2;
+
+ assert( c1 != NULL );
+ assert( c2 != NULL );
+ assert( lc1->lc_name != NULL );
+ assert( lc2->lc_name != NULL );
+
+ return strcasecmp( lc1->lc_name, lc2->lc_name );
+}
+
+/*
+ * Returns -1 in case a duplicate struct rewrite_context
+ * has been inserted; used by avl stuff
+ */
+static int
+rewrite_context_dup(
+ void *c1,
+ void *c2
+ )
+{
+ struct rewrite_context *lc1, *lc2;
+
+ lc1 = (struct rewrite_context *)c1;
+ lc2 = (struct rewrite_context *)c2;
+
+ assert( c1 != NULL );
+ assert( c2 != NULL );
+ assert( lc1->lc_name != NULL );
+ assert( lc2->lc_name != NULL );
+
+ return( strcasecmp( lc1->lc_name, lc2->lc_name) == 0 ? -1 : 0 );
+}
+
+/*
+ * Finds the context named rewriteContext in the context tree
+ */
+struct rewrite_context *
+rewrite_context_find(
+ struct rewrite_info *info,
+ const char *rewriteContext
+)
+{
+ struct rewrite_context *context, c;
+
+ assert( info != NULL );
+ assert( rewriteContext != NULL );
+
+ /*
+ * Fetches the required rewrite context
+ */
+ c.lc_name = (char *)rewriteContext;
+ context = (struct rewrite_context *)avl_find( info->li_context,
+ (caddr_t)&c, rewrite_context_cmp );
+ if ( context == NULL ) {
+ return NULL;
+ }
+
+ /*
+ * De-aliases the context if required
+ */
+ if ( context->lc_alias ) {
+ return context->lc_alias;
+ }
+
+ return context;
+}
+
+/*
+ * Creates a new context called rewriteContext and stores in into the tree
+ */
+struct rewrite_context *
+rewrite_context_create(
+ struct rewrite_info *info,
+ const char *rewriteContext
+)
+{
+ struct rewrite_context *context;
+ int rc;
+
+ assert( info != NULL );
+ assert( rewriteContext != NULL );
+
+ context = calloc( sizeof( struct rewrite_context ), 1 );
+ if ( context == NULL ) {
+ return NULL;
+ }
+
+ /*
+ * Context name
+ */
+ context->lc_name = strdup( rewriteContext );
+ if ( context->lc_name == NULL ) {
+ free( context );
+ return NULL;
+ }
+
+ /*
+ * The first, empty rule
+ */
+ context->lc_rule = calloc( sizeof( struct rewrite_rule ), 1 );
+ if ( context->lc_rule == NULL ) {
+ free( context->lc_name );
+ free( context );
+ return NULL;
+ }
+ memset( context->lc_rule, 0, sizeof( struct rewrite_rule ) );
+
+ /*
+ * Add context to tree
+ */
+ rc = avl_insert( &info->li_context, (caddr_t)context,
+ rewrite_context_cmp, rewrite_context_dup );
+ if ( rc == -1 ) {
+ free( context->lc_rule );
+ free( context->lc_name );
+ free( context );
+ return NULL;
+ }
+
+ return context;
+}
+
+/*
+ * Finds the next rule according to a goto action statement,
+ * or null in case of error.
+ * Helper for rewrite_context_apply.
+ */
+static struct rewrite_rule *
+rewrite_action_goto(
+ struct rewrite_action *action,
+ struct rewrite_rule *rule
+)
+{
+ int n;
+
+ assert( action != NULL );
+ assert( action->la_args != NULL );
+ assert( rule != NULL );
+
+ n = ((int *)action->la_args)[ 0 ];
+
+ if ( n > 0 ) {
+ for ( ; n > 1 && rule != NULL ; n-- ) {
+ rule = rule->lr_next;
+ }
+ } else if ( n <= 0 ) {
+ for ( ; n < 1 && rule != NULL ; n++ ) {
+ rule = rule->lr_prev;
+ }
+ }
+
+ return rule;
+}
+
+/*
+ * Rewrites string according to context; may return:
+ * OK: fine; if *result != NULL rule matched and rewrite succeeded.
+ * STOP: fine, rule matched; stop processing following rules
+ * UNWILL: rule matched; force 'unwilling to perform'
+ */
+int
+rewrite_context_apply(
+ struct rewrite_info *info,
+ struct rewrite_op *op,
+ struct rewrite_context *context,
+ const char *string,
+ char **result
+)
+{
+ struct rewrite_rule *rule;
+ char *s, *res = NULL;
+ int return_code = REWRITE_REGEXEC_OK;
+
+ assert( info != NULL );
+ assert( op != NULL );
+ assert( context != NULL );
+ assert( context->lc_rule != NULL );
+ assert( string != NULL );
+ assert( result != NULL );
+
+ op->lo_depth++;
+ assert( op->lo_depth > 0 );
+
+ Debug( LDAP_DEBUG_TRACE, "==> rewrite_context_apply"
+ " [depth=%d] string='%s'\n",
+ op->lo_depth, string, 0 );
+
+ s = (char *)string;
+
+ for ( rule = context->lc_rule->lr_next;
+ rule != NULL && op->lo_num_passes < info->li_max_passes;
+ rule = rule->lr_next, op->lo_num_passes++ ) {
+ int rc;
+
+ /*
+ * Apply a single rule
+ */
+ rc = rewrite_rule_apply( info, op, rule, s, &res );
+
+ /*
+ * A rule may return:
+ * OK with result != NULL if matched
+ * ERR if anything was wrong
+ * UNWILLING if the server should drop the request
+ * the latter case in honored immediately;
+ * the other two may require some special actions to take
+ * place.
+ */
+ switch ( rc ) {
+
+ case REWRITE_REGEXEC_ERR:
+ Debug( LDAP_DEBUG_ANY, "==> rewrite_context_apply"
+ " error ...\n", 0, 0, 0);
+
+ /*
+ * Checks for special actions to be taken
+ * in case of error ...
+ */
+ if ( rule->lr_action != NULL ) {
+ struct rewrite_action *action;
+ int do_continue = 0;
+
+ for ( action = rule->lr_action;
+ action != NULL;
+ action = action->la_next ) {
+ switch ( action->la_type ) {
+
+ /*
+ * This action takes precedence
+ * over the others in case of failure
+ */
+ case REWRITE_ACTION_IGNORE_ERR:
+ Debug( LDAP_DEBUG_ANY,
+ "==> rewrite_context_apply"
+ " ignoring error ...\n", 0, 0, 0 );
+ do_continue = 1;
+ break;
+
+ /*
+ * Goto is honored only if it comes
+ * after ignore error
+ */
+ case REWRITE_ACTION_GOTO:
+ if ( do_continue ) {
+ rule = rewrite_action_goto( action, rule );
+ if ( rule == NULL ) {
+ return_code = REWRITE_REGEXEC_ERR;
+ goto rc_end_of_context;
+ }
+ }
+ break;
+
+ /*
+ * Other actions are ignored
+ */
+ default:
+ break;
+ }
+ }
+
+ if ( do_continue ) {
+ if ( rule->lr_next == NULL ) {
+ res = s;
+ }
+ goto rc_continue;
+ }
+ }
+
+ /*
+ * Default behavior is to bail out ...
+ */
+ return_code = REWRITE_REGEXEC_ERR;
+ goto rc_end_of_context;
+
+ /*
+ * OK means there were no errors or special return codes;
+ * if res is defined, it means the rule matched and we
+ * got a sucessful rewriting
+ */
+ case REWRITE_REGEXEC_OK:
+
+ /*
+ * It matched! Check for actions ...
+ */
+ if ( res != NULL ) {
+ struct rewrite_action *action;
+
+ if ( s != string && s != res ) {
+ free( s );
+ }
+ s = res;
+
+ for ( action = rule->lr_action;
+ action != NULL;
+ action = action->la_next ) {
+
+ switch ( action->la_type ) {
+
+ /*
+ * This ends the rewrite context
+ * successfully
+ */
+ case REWRITE_ACTION_STOP:
+ goto rc_end_of_context;
+
+ /*
+ * This instructs the server to return
+ * an `unwilling to perform' error
+ * message
+ */
+ case REWRITE_ACTION_UNWILLING:
+ return_code = REWRITE_REGEXEC_UNWILLING;
+ goto rc_end_of_context;
+
+ /*
+ * This causes the processing to
+ * jump n rules back and forth
+ */
+ case REWRITE_ACTION_GOTO:
+ rule = rewrite_action_goto( action, rule );
+ if ( rule == NULL ) {
+ return_code = REWRITE_REGEXEC_ERR;
+ goto rc_end_of_context;
+ }
+ break;
+
+ /*
+ * This ends the rewrite context
+ * and returns a user-defined
+ * error code
+ */
+ case REWRITE_ACTION_USER:
+ return_code = ((int *)action->la_args)[ 0 ];
+ goto rc_end_of_context;
+
+ default:
+ /* ... */
+ break;
+ }
+ }
+
+ /*
+ * If result was OK and string didn't match,
+ * in case of last rule we need to set the
+ * result back to the string
+ */
+ } else if ( rule->lr_next == NULL ) {
+ res = s;
+ }
+
+ break;
+
+ /*
+ * A STOP has propagated ...
+ */
+ case REWRITE_REGEXEC_STOP:
+ goto rc_end_of_context;
+
+ /*
+ * This will instruct the server to return
+ * an `unwilling to perform' error message
+ */
+ case REWRITE_REGEXEC_UNWILLING:
+ return_code = REWRITE_REGEXEC_UNWILLING;
+ goto rc_end_of_context;
+
+ /*
+ * A user-defined error code has propagated ...
+ */
+ default:
+ assert( rc >= REWRITE_REGEXEC_USER );
+ goto rc_end_of_context;
+
+ }
+
+rc_continue:; /* sent here by actions that require to continue */
+
+ }
+
+rc_end_of_context:;
+ *result = res;
+
+ Debug( LDAP_DEBUG_TRACE, "==> rewrite_context_apply"
+ " [depth=%d] res={%d,'%s'}\n",
+ op->lo_depth, return_code, ( res ? res : "NULL" ) );
+
+ assert( op->lo_depth > 0 );
+ op->lo_depth--;
+
+ return return_code;
+}
+
+void
+rewrite_context_free(
+ void *tmp
+)
+{
+ struct rewrite_context *context = (struct rewrite_context *)tmp;
+
+ assert( tmp != NULL );
+
+ rewrite_context_destroy( &context );
+}
+
+int
+rewrite_context_destroy(
+ struct rewrite_context **pcontext
+)
+{
+ struct rewrite_context *context;
+ struct rewrite_rule *r;
+
+ assert( pcontext != NULL );
+ assert( *pcontext != NULL );
+
+ context = *pcontext;
+
+ assert( context->lc_rule != NULL );
+
+ for ( r = context->lc_rule->lr_next; r; ) {
+ struct rewrite_rule *cr = r;
+
+ r = r->lr_next;
+ rewrite_rule_destroy( &cr );
+ }
+
+ free( context->lc_rule );
+ context->lc_rule = NULL;
+
+ assert( context->lc_name != NULL );
+ free( context->lc_name );
+ context->lc_name = NULL;
+
+ free( context );
+ *pcontext = NULL;
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/info.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/info.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/info.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,284 @@
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/info.c,v 1.11.2.4 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#include <portable.h>
+
+#include "rewrite-int.h"
+
+/*
+ * Global data
+ */
+
+/*
+ * This becomes the running context for subsequent calls to
+ * rewrite_parse; it can be altered only by a
+ * rewriteContext config line or by a change in info.
+ */
+struct rewrite_context *rewrite_int_curr_context = NULL;
+
+/*
+ * Inits the info
+ */
+struct rewrite_info *
+rewrite_info_init(
+ int mode
+)
+{
+ struct rewrite_info *info;
+ struct rewrite_context *context;
+
+ switch ( mode ) {
+ case REWRITE_MODE_ERR:
+ case REWRITE_MODE_OK:
+ case REWRITE_MODE_COPY_INPUT:
+ case REWRITE_MODE_USE_DEFAULT:
+ break;
+ default:
+ mode = REWRITE_MODE_USE_DEFAULT;
+ break;
+ /* return NULL */
+ }
+
+ /*
+ * Resets the running context for parsing ...
+ */
+ rewrite_int_curr_context = NULL;
+
+ info = calloc( sizeof( struct rewrite_info ), 1 );
+ if ( info == NULL ) {
+ return NULL;
+ }
+
+ info->li_state = REWRITE_DEFAULT;
+ info->li_max_passes = REWRITE_MAX_PASSES;
+ info->li_max_passes_per_rule = REWRITE_MAX_PASSES;
+ info->li_rewrite_mode = mode;
+
+ /*
+ * Add the default (empty) rule
+ */
+ context = rewrite_context_create( info, REWRITE_DEFAULT_CONTEXT );
+ if ( context == NULL ) {
+ free( info );
+ return NULL;
+ }
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ if ( ldap_pvt_thread_rdwr_init( &info->li_cookies_mutex ) ) {
+ avl_free( info->li_context, rewrite_context_free );
+ free( info );
+ return NULL;
+ }
+ if ( ldap_pvt_thread_rdwr_init( &info->li_params_mutex ) ) {
+ ldap_pvt_thread_rdwr_destroy( &info->li_cookies_mutex );
+ avl_free( info->li_context, rewrite_context_free );
+ free( info );
+ return NULL;
+ }
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ return info;
+}
+
+/*
+ * Cleans up the info structure
+ */
+int
+rewrite_info_delete(
+ struct rewrite_info **pinfo
+)
+{
+ struct rewrite_info *info;
+
+ assert( pinfo != NULL );
+ assert( *pinfo != NULL );
+
+ info = *pinfo;
+
+ if ( info->li_context ) {
+ avl_free( info->li_context, rewrite_context_free );
+ }
+ info->li_context = NULL;
+
+ if ( info->li_maps ) {
+ avl_free( info->li_maps, rewrite_builtin_map_free );
+ }
+ info->li_maps = NULL;
+
+ rewrite_session_destroy( info );
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_destroy( &info->li_cookies_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ rewrite_param_destroy( info );
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_destroy( &info->li_params_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ free( info );
+ *pinfo = NULL;
+
+ return REWRITE_SUCCESS;
+}
+
+/*
+ * Rewrites a string according to context.
+ * If the engine is off, OK is returned, but the return string will be NULL.
+ * In case of 'unwilling to perform', UNWILLING is returned, and the
+ * return string will also be null. The same in case of error.
+ * Otherwise, OK is returned, and result will hold a newly allocated string
+ * with the rewriting.
+ *
+ * What to do in case of non-existing rewrite context is still an issue.
+ * Four possibilities:
+ * - error,
+ * - ok with NULL result,
+ * - ok with copy of string as result,
+ * - use the default rewrite context.
+ */
+int
+rewrite(
+ struct rewrite_info *info,
+ const char *rewriteContext,
+ const char *string,
+ char **result
+)
+{
+ return rewrite_session( info, rewriteContext,
+ string, NULL, result );
+}
+
+int
+rewrite_session(
+ struct rewrite_info *info,
+ const char *rewriteContext,
+ const char *string,
+ const void *cookie,
+ char **result
+)
+{
+ struct rewrite_context *context;
+ struct rewrite_op op = { 0, 0, NULL, NULL, NULL };
+ int rc;
+
+ assert( info != NULL );
+ assert( rewriteContext != NULL );
+ assert( string != NULL );
+ assert( result != NULL );
+
+ /*
+ * cookie can be null; means: don't care about session stuff
+ */
+
+ *result = NULL;
+ op.lo_cookie = cookie;
+
+ /*
+ * Engine not on means no failure, but explicit no rewriting
+ */
+ if ( info->li_state != REWRITE_ON ) {
+ rc = REWRITE_REGEXEC_OK;
+ goto rc_return;
+ }
+
+ /*
+ * Undefined context means no rewriting also
+ * (conservative, are we sure it's what we want?)
+ */
+ context = rewrite_context_find( info, rewriteContext );
+ if ( context == NULL ) {
+ switch ( info->li_rewrite_mode ) {
+ case REWRITE_MODE_ERR:
+ rc = REWRITE_REGEXEC_ERR;
+ goto rc_return;
+
+ case REWRITE_MODE_OK:
+ rc = REWRITE_REGEXEC_OK;
+ goto rc_return;
+
+ case REWRITE_MODE_COPY_INPUT:
+ *result = strdup( string );
+ rc = REWRITE_REGEXEC_OK;
+ goto rc_return;
+
+ case REWRITE_MODE_USE_DEFAULT:
+ context = rewrite_context_find( info,
+ REWRITE_DEFAULT_CONTEXT );
+ break;
+ }
+ }
+
+#if 0 /* FIXME: not used anywhere! (debug? then, why strdup?) */
+ op.lo_string = strdup( string );
+ if ( op.lo_string == NULL ) {
+ rc = REWRITE_REGEXEC_ERR;
+ goto rc_return;
+ }
+#endif
+
+ /*
+ * Applies rewrite context
+ */
+ rc = rewrite_context_apply( info, &op, context, string, result );
+ assert( op.lo_depth == 0 );
+
+#if 0 /* FIXME: not used anywhere! (debug? then, why strdup?) */
+ free( op.lo_string );
+#endif
+
+ switch ( rc ) {
+ /*
+ * Success
+ */
+ case REWRITE_REGEXEC_OK:
+ case REWRITE_REGEXEC_STOP:
+ /*
+ * If rewrite succeeded return OK regardless of how
+ * the successful rewriting was obtained!
+ */
+ rc = REWRITE_REGEXEC_OK;
+ break;
+
+
+ /*
+ * Internal or forced error, return = NULL; rc already OK.
+ */
+ case REWRITE_REGEXEC_UNWILLING:
+ case REWRITE_REGEXEC_ERR:
+ if ( *result != NULL ) {
+ if ( *result != string ) {
+ free( *result );
+ }
+ *result = NULL;
+ }
+
+ default:
+ break;
+ }
+
+rc_return:;
+ if ( op.lo_vars ) {
+ rewrite_var_delete( op.lo_vars );
+ }
+
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/ldapmap.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/ldapmap.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/ldapmap.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,378 @@
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/ldapmap.c,v 1.9.2.5 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#include <portable.h>
+
+#define LDAP_DEPRECATED 1
+#include "rewrite-int.h"
+#include "rewrite-map.h"
+
+/*
+ * LDAP map data structure
+ */
+struct ldap_map_data {
+ char *lm_url;
+ LDAPURLDesc *lm_lud;
+ int lm_attrsonly;
+ char *lm_binddn;
+ char *lm_bindpw;
+
+#define MAP_LDAP_EVERYTIME 0x00
+#define MAP_LDAP_NOW 0x01
+#define MAP_LDAP_LATER 0x02
+ int lm_when;
+
+ LDAP *lm_ld;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_t lm_mutex;
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+};
+
+static void
+map_ldap_free(
+ struct ldap_map_data *data
+)
+{
+ assert( data != NULL );
+
+ if ( data->lm_url != NULL ) {
+ free( data->lm_url );
+ }
+
+ if ( data->lm_lud != NULL ) {
+ ldap_free_urldesc( data->lm_lud );
+ }
+
+ if ( data->lm_binddn != NULL ) {
+ free( data->lm_binddn );
+ }
+
+ if ( data->lm_bindpw != NULL ) {
+ free( data->lm_bindpw );
+ }
+
+ if ( data->lm_when != MAP_LDAP_EVERYTIME && data->lm_ld != NULL ) {
+ ldap_unbind_s( data->lm_ld );
+ }
+
+ free( data );
+}
+
+void *
+map_ldap_parse(
+ struct rewrite_info *info,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ struct ldap_map_data *data;
+ char *p;
+
+ assert( info != NULL );
+ assert( fname != NULL );
+ assert( argv != NULL );
+
+ data = calloc( sizeof( struct ldap_map_data ), 1 );
+ if ( data == NULL ) {
+ return NULL;
+ }
+
+ if ( argc < 1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] ldap map needs URI\n%s",
+ fname, lineno, "" );
+ free( data );
+ return NULL;
+ }
+
+ data->lm_url = strdup( argv[ 0 ] );
+ if ( data->lm_url == NULL ) {
+ map_ldap_free( data );
+ return NULL;
+ }
+
+ if ( ldap_url_parse( argv[ 0 ], &data->lm_lud ) != REWRITE_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "[%s:%d] illegal URI '%s'\n",
+ fname, lineno, argv[ 0 ] );
+ map_ldap_free( data );
+ return NULL;
+ }
+
+ p = strchr( data->lm_url, '/' );
+ assert( p[ 1 ] == '/' );
+ if ( ( p = strchr( p + 2, '/' ) ) != NULL ) {
+ p[ 0 ] = '\0';
+ }
+
+ if ( strcasecmp( data->lm_lud->lud_attrs[ 0 ], "dn" ) == 0 ) {
+ data->lm_attrsonly = 1;
+ }
+
+ for ( argc--, argv++; argc > 0; argc--, argv++ ) {
+ if ( strncasecmp( argv[ 0 ], "binddn=", 7 ) == 0 ) {
+ char *p = argv[ 0 ] + 7;
+ int l;
+
+ if ( p[ 0 ] == '\"' || p [ 0 ] == '\'' ) {
+ l = strlen( p ) - 2;
+ p++;
+ if ( p[ l ] != p[ 0 ] ) {
+ map_ldap_free( data );
+ return NULL;
+ }
+ } else {
+ l = strlen( p );
+ }
+
+ data->lm_binddn = strdup( p );
+ if ( data->lm_binddn == NULL ) {
+ map_ldap_free( data );
+ return NULL;
+ }
+
+ if ( data->lm_binddn[ l ] == '\"'
+ || data->lm_binddn[ l ] == '\'' ) {
+ data->lm_binddn[ l ] = '\0';
+ }
+ } else if ( strncasecmp( argv[ 0 ], "bindpw=", 7 ) == 0 ) {
+ data->lm_bindpw = strdup( argv[ 0 ] + 7 );
+ if ( data->lm_bindpw == NULL ) {
+ map_ldap_free( data );
+ return NULL;
+ }
+ } else if ( strncasecmp( argv[ 0 ], "bindwhen=", 9 ) == 0 ) {
+ char *p = argv[ 0 ] + 9;
+
+ if ( strcasecmp( p, "now" ) == 0 ) {
+ int rc;
+
+ data->lm_when = MAP_LDAP_NOW;
+
+ /*
+ * Init LDAP handler ...
+ */
+ rc = ldap_initialize( &data->lm_ld, data->lm_url );
+ if ( rc != LDAP_SUCCESS ) {
+ map_ldap_free( data );
+ return NULL;
+ }
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_init( &data->lm_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ } else if ( strcasecmp( p, "later" ) == 0 ) {
+ data->lm_when = MAP_LDAP_LATER;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_init( &data->lm_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ } else if ( strcasecmp( p, "everytime" ) == 0 ) {
+ data->lm_when = MAP_LDAP_EVERYTIME;
+ } else {
+ /* ignore ... */
+ }
+ }
+ }
+
+ return ( void * )data;
+}
+
+int
+map_ldap_apply(
+ struct rewrite_builtin_map *map,
+ const char *filter,
+ struct berval *val
+
+)
+{
+ LDAP *ld;
+ LDAPMessage *res = NULL, *entry;
+ char **values;
+ int rc;
+ struct ldap_map_data *data = ( struct ldap_map_data * )map->lb_private;
+ LDAPURLDesc *lud = data->lm_lud;
+
+ int first_try = 1;
+
+ assert( map != NULL );
+ assert( map->lb_type == REWRITE_BUILTIN_MAP_LDAP );
+ assert( map->lb_private != NULL );
+ assert( filter != NULL );
+ assert( val != NULL );
+
+ val->bv_val = NULL;
+ val->bv_len = 0;
+
+ if ( data->lm_when == MAP_LDAP_EVERYTIME ) {
+ rc = ldap_initialize( &ld, data->lm_url );
+
+ } else {
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_lock( &data->lm_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ rc = LDAP_SUCCESS;
+
+ if ( data->lm_when == MAP_LDAP_LATER && data->lm_ld == NULL ) {
+ rc = ldap_initialize( &data->lm_ld, data->lm_url );
+ }
+
+ ld = data->lm_ld;
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ rc = REWRITE_ERR;
+ goto rc_return;
+ }
+
+do_bind:;
+ if ( data->lm_binddn != NULL ) {
+ rc = ldap_simple_bind_s( ld, data->lm_binddn, data->lm_bindpw );
+ if ( rc == LDAP_SERVER_DOWN && first_try ) {
+ first_try = 0;
+ if ( ldap_initialize( &ld, data->lm_url ) != LDAP_SUCCESS ) {
+ rc = REWRITE_ERR;
+ goto rc_return;
+ }
+ goto do_bind;
+
+ } else if ( rc != REWRITE_SUCCESS ) {
+ rc = REWRITE_ERR;
+ goto rc_return;
+ }
+ }
+
+ rc = ldap_search_s( ld, lud->lud_dn, lud->lud_scope, ( char * )filter,
+ lud->lud_attrs, data->lm_attrsonly, &res );
+ if ( rc == LDAP_SERVER_DOWN && first_try ) {
+ first_try = 0;
+ if ( ldap_initialize( &ld, data->lm_url ) != LDAP_SUCCESS ) {
+ rc = REWRITE_ERR;
+ goto rc_return;
+ }
+ goto do_bind;
+
+ } else if ( rc != REWRITE_SUCCESS ) {
+ rc = REWRITE_ERR;
+ goto rc_return;
+ }
+
+ if ( ldap_count_entries( ld, res ) != 1 ) {
+ ldap_msgfree( res );
+ rc = REWRITE_ERR;
+ goto rc_return;
+ }
+
+ entry = ldap_first_entry( ld, res );
+ assert( entry != NULL );
+
+ if ( data->lm_attrsonly == 1 ) {
+ /*
+ * dn is newly allocated, so there's no need to strdup it
+ */
+ val->bv_val = ldap_get_dn( ld, entry );
+
+ } else {
+ values = ldap_get_values( ld, entry, lud->lud_attrs[ 0 ] );
+ if ( values == NULL || values[ 0 ] == NULL ) {
+ if ( values != NULL ) {
+ ldap_value_free( values );
+ }
+ ldap_msgfree( res );
+ rc = REWRITE_ERR;
+ goto rc_return;
+ }
+ val->bv_val = strdup( values[ 0 ] );
+ ldap_value_free( values );
+ }
+
+ ldap_msgfree( res );
+
+ if ( val->bv_val == NULL ) {
+ rc = REWRITE_ERR;
+ goto rc_return;
+ }
+ val->bv_len = strlen( val->bv_val );
+
+rc_return:;
+ if ( data->lm_when == MAP_LDAP_EVERYTIME ) {
+ if ( ld != NULL ) {
+ ldap_unbind_s( ld );
+ }
+
+ } else {
+ data->lm_ld = ld;
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_unlock( &data->lm_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+ }
+
+ return rc;
+}
+
+int
+map_ldap_destroy(
+ struct rewrite_builtin_map **pmap
+)
+{
+ struct ldap_map_data *data;
+
+ assert( pmap != NULL );
+ assert( *pmap != NULL );
+
+ data = ( struct ldap_map_data * )(*pmap)->lb_private;
+
+ if ( data->lm_when != MAP_LDAP_EVERYTIME && data->lm_ld != NULL ) {
+ ldap_unbind_s( data->lm_ld );
+ data->lm_ld = NULL;
+ }
+
+ if ( data->lm_lud ) {
+ ldap_free_urldesc( data->lm_lud );
+ data->lm_lud = NULL;
+ }
+
+ if ( data->lm_url ) {
+ free( data->lm_url );
+ data->lm_url = NULL;
+ }
+
+ if ( data->lm_binddn ) {
+ free( data->lm_binddn );
+ data->lm_binddn = NULL;
+ }
+
+ if (data->lm_bindpw ) {
+ memset( data->lm_bindpw, 0, strlen( data->lm_bindpw ) );
+ free( data->lm_bindpw );
+ data->lm_bindpw = NULL;
+ }
+
+ free( data );
+ (*pmap)->lb_private = NULL;
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/map.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/map.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/map.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,497 @@
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/map.c,v 1.18.2.5 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#include <portable.h>
+
+#include <stdio.h>
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#include "rewrite-int.h"
+#include "rewrite-map.h"
+
+struct rewrite_map *
+rewrite_map_parse(
+ struct rewrite_info *info,
+ const char *string,
+ const char **currpos
+)
+{
+ struct rewrite_map *map = NULL;
+ struct rewrite_subst *subst = NULL;
+ char *s, *begin = NULL, *end;
+ const char *p;
+ int l, cnt, mtx = 0, rc = 0;
+
+ assert( info != NULL );
+ assert( string != NULL );
+ assert( currpos != NULL );
+
+ *currpos = NULL;
+
+ /*
+ * Go to the end of the map invocation (the right closing brace)
+ */
+ for ( p = string, cnt = 1; p[ 0 ] != '\0' && cnt > 0; p++ ) {
+ if ( IS_REWRITE_SUBMATCH_ESCAPE( p[ 0 ] ) ) {
+ /*
+ * '%' marks the beginning of a new map
+ */
+ if ( p[ 1 ] == '{' ) {
+ cnt++;
+ /*
+ * '%' followed by a digit may mark the beginning
+ * of an old map
+ */
+ } else if ( isdigit( (unsigned char) p[ 1 ] ) && p[ 2 ] == '{' ) {
+ cnt++;
+ p++;
+ }
+
+ if ( p[ 1 ] != '\0' ) {
+ p++;
+ }
+
+ } else if ( p[ 0 ] == '}' ) {
+ cnt--;
+ }
+ }
+ if ( cnt != 0 ) {
+ return NULL;
+ }
+ *currpos = p;
+
+ /*
+ * Copy the map invocation
+ */
+ l = p - string - 1;
+ s = calloc( sizeof( char ), l + 1 );
+ AC_MEMCPY( s, string, l );
+ s[ l ] = 0;
+
+ /*
+ * Isolate the map name (except for variable deref)
+ */
+ switch ( s[ 0 ] ) {
+ case REWRITE_OPERATOR_VARIABLE_GET:
+ case REWRITE_OPERATOR_PARAM_GET:
+ break;
+
+ default:
+ begin = strchr( s, '(' );
+ if ( begin == NULL ) {
+ rc = -1;
+ goto cleanup;
+ }
+ begin[ 0 ] = '\0';
+ begin++;
+ break;
+ }
+
+ /*
+ * Check for special map types
+ */
+ p = s;
+ switch ( p[ 0 ] ) {
+ case REWRITE_OPERATOR_SUBCONTEXT:
+ case REWRITE_OPERATOR_COMMAND:
+ case REWRITE_OPERATOR_VARIABLE_SET:
+ case REWRITE_OPERATOR_VARIABLE_GET:
+ case REWRITE_OPERATOR_PARAM_GET:
+ p++;
+ break;
+ }
+
+ /*
+ * Variable set and get may be repeated to indicate session-wide
+ * instead of operation-wide variables
+ */
+ switch ( p[ 0 ] ) {
+ case REWRITE_OPERATOR_VARIABLE_SET:
+ case REWRITE_OPERATOR_VARIABLE_GET:
+ p++;
+ break;
+ }
+
+ /*
+ * Variable get token can be appended to variable set to mean store
+ * AND rewrite
+ */
+ if ( p[ 0 ] == REWRITE_OPERATOR_VARIABLE_GET ) {
+ p++;
+ }
+
+ /*
+ * Check the syntax of the variable name
+ */
+ if ( !isalpha( (unsigned char) p[ 0 ] ) ) {
+ rc = -1;
+ goto cleanup;
+ }
+ for ( p++; p[ 0 ] != '\0'; p++ ) {
+ if ( !isalnum( (unsigned char) p[ 0 ] ) ) {
+ rc = -1;
+ goto cleanup;
+ }
+ }
+
+ /*
+ * Isolate the argument of the map (except for variable deref)
+ */
+ switch ( s[ 0 ] ) {
+ case REWRITE_OPERATOR_VARIABLE_GET:
+ case REWRITE_OPERATOR_PARAM_GET:
+ break;
+
+ default:
+ end = strrchr( begin, ')' );
+ if ( end == NULL ) {
+ rc = -1;
+ goto cleanup;
+ }
+ end[ 0 ] = '\0';
+
+ /*
+ * Compile the substitution pattern of the map argument
+ */
+ subst = rewrite_subst_compile( info, begin );
+ if ( subst == NULL ) {
+ rc = -1;
+ goto cleanup;
+ }
+ break;
+ }
+
+ /*
+ * Create the map
+ */
+ map = calloc( sizeof( struct rewrite_map ), 1 );
+ if ( map == NULL ) {
+ rc = -1;
+ goto cleanup;
+ }
+ memset( map, 0, sizeof( struct rewrite_map ) );
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ if ( ldap_pvt_thread_mutex_init( &map->lm_mutex ) ) {
+ rc = -1;
+ goto cleanup;
+ }
+ ++mtx;
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ /*
+ * No subst for variable deref
+ */
+ switch ( s[ 0 ] ) {
+ case REWRITE_OPERATOR_VARIABLE_GET:
+ case REWRITE_OPERATOR_PARAM_GET:
+ break;
+
+ default:
+ map->lm_subst = subst;
+ break;
+ }
+
+ /*
+ * Parses special map types
+ */
+ switch ( s[ 0 ] ) {
+
+ /*
+ * Subcontext
+ */
+ case REWRITE_OPERATOR_SUBCONTEXT: /* '>' */
+
+ /*
+ * Fetch the rewrite context
+ * it MUST have been defined previously
+ */
+ map->lm_type = REWRITE_MAP_SUBCONTEXT;
+ map->lm_name = strdup( s + 1 );
+ map->lm_data = rewrite_context_find( info, s + 1 );
+ if ( map->lm_data == NULL ) {
+ rc = -1;
+ goto cleanup;
+ }
+ break;
+
+ /*
+ * External command (not implemented yet)
+ */
+ case REWRITE_OPERATOR_COMMAND: /* '|' */
+ rc = -1;
+ goto cleanup;
+
+ /*
+ * Variable set
+ */
+ case REWRITE_OPERATOR_VARIABLE_SET: /* '&' */
+ if ( s[ 1 ] == REWRITE_OPERATOR_VARIABLE_SET ) {
+ if ( s[ 2 ] == REWRITE_OPERATOR_VARIABLE_GET ) {
+ map->lm_type = REWRITE_MAP_SETW_SESN_VAR;
+ map->lm_name = strdup( s + 3 );
+ } else {
+ map->lm_type = REWRITE_MAP_SET_SESN_VAR;
+ map->lm_name = strdup( s + 2 );
+ }
+ } else {
+ if ( s[ 1 ] == REWRITE_OPERATOR_VARIABLE_GET ) {
+ map->lm_type = REWRITE_MAP_SETW_OP_VAR;
+ map->lm_name = strdup( s + 2 );
+ } else {
+ map->lm_type = REWRITE_MAP_SET_OP_VAR;
+ map->lm_name = strdup( s + 1 );
+ }
+ }
+ break;
+
+ /*
+ * Variable dereference
+ */
+ case REWRITE_OPERATOR_VARIABLE_GET: /* '*' */
+ if ( s[ 1 ] == REWRITE_OPERATOR_VARIABLE_GET ) {
+ map->lm_type = REWRITE_MAP_GET_SESN_VAR;
+ map->lm_name = strdup( s + 2 );
+ } else {
+ map->lm_type = REWRITE_MAP_GET_OP_VAR;
+ map->lm_name = strdup( s + 1 );
+ }
+ break;
+
+ /*
+ * Parameter
+ */
+ case REWRITE_OPERATOR_PARAM_GET: /* '$' */
+ map->lm_type = REWRITE_MAP_GET_PARAM;
+ map->lm_name = strdup( s + 1 );
+ break;
+
+ /*
+ * Built-in map
+ */
+ default:
+ map->lm_type = REWRITE_MAP_BUILTIN;
+ map->lm_name = strdup( s );
+ map->lm_data = rewrite_builtin_map_find( info, s );
+ if ( map->lm_data == NULL ) {
+ rc = -1;
+ goto cleanup;
+ }
+ break;
+
+ }
+
+cleanup:
+ free( s );
+ if ( rc ) {
+ if ( subst != NULL ) {
+ free( subst );
+ }
+ if ( map ) {
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ if ( mtx ) {
+ ldap_pvt_thread_mutex_destroy( &map->lm_mutex );
+ }
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ if ( map->lm_name ) {
+ free( map->lm_name );
+ map->lm_name = NULL;
+ }
+ free( map );
+ map = NULL;
+ }
+ }
+
+ return map;
+}
+
+/*
+ * Applies the new map type
+ */
+int
+rewrite_map_apply(
+ struct rewrite_info *info,
+ struct rewrite_op *op,
+ struct rewrite_map *map,
+ struct berval *key,
+ struct berval *val
+)
+{
+ int rc = REWRITE_SUCCESS;
+
+ assert( info != NULL );
+ assert( op != NULL );
+ assert( map != NULL );
+ assert( key != NULL );
+ assert( val != NULL );
+
+ val->bv_val = NULL;
+ val->bv_len = 0;
+
+ switch ( map->lm_type ) {
+ case REWRITE_MAP_SUBCONTEXT:
+ rc = rewrite_context_apply( info, op,
+ ( struct rewrite_context * )map->lm_data,
+ key->bv_val, &val->bv_val );
+ if ( val->bv_val != NULL ) {
+ if ( val->bv_val == key->bv_val ) {
+ val->bv_len = key->bv_len;
+ key->bv_val = NULL;
+ } else {
+ val->bv_len = strlen( val->bv_val );
+ }
+ }
+ break;
+
+ case REWRITE_MAP_SET_OP_VAR:
+ case REWRITE_MAP_SETW_OP_VAR:
+ rc = rewrite_var_set( &op->lo_vars, map->lm_name,
+ key->bv_val, 1 )
+ ? REWRITE_SUCCESS : REWRITE_ERR;
+ if ( map->lm_type == REWRITE_MAP_SET_OP_VAR ) {
+ val->bv_val = strdup( "" );
+ } else {
+ val->bv_val = strdup( key->bv_val );
+ val->bv_len = key->bv_len;
+ }
+ break;
+
+ case REWRITE_MAP_GET_OP_VAR: {
+ struct rewrite_var *var;
+
+ var = rewrite_var_find( op->lo_vars, map->lm_name );
+ if ( var == NULL ) {
+ rc = REWRITE_ERR;
+ } else {
+ val->bv_val = strdup( var->lv_value.bv_val );
+ val->bv_len = var->lv_value.bv_len;
+ }
+ break;
+ }
+
+ case REWRITE_MAP_SET_SESN_VAR:
+ case REWRITE_MAP_SETW_SESN_VAR:
+ if ( op->lo_cookie == NULL ) {
+ rc = REWRITE_ERR;
+ break;
+ }
+ rc = rewrite_session_var_set( info, op->lo_cookie,
+ map->lm_name, key->bv_val );
+ if ( map->lm_type == REWRITE_MAP_SET_SESN_VAR ) {
+ val->bv_val = strdup( "" );
+ } else {
+ val->bv_val = strdup( key->bv_val );
+ val->bv_len = key->bv_len;
+ }
+ break;
+
+ case REWRITE_MAP_GET_SESN_VAR:
+ rc = rewrite_session_var_get( info, op->lo_cookie,
+ map->lm_name, val );
+ break;
+
+ case REWRITE_MAP_GET_PARAM:
+ rc = rewrite_param_get( info, map->lm_name, val );
+ break;
+
+ case REWRITE_MAP_BUILTIN: {
+ struct rewrite_builtin_map *bmap = map->lm_data;
+
+ switch ( bmap->lb_type ) {
+ case REWRITE_BUILTIN_MAP_LDAP:
+ rc = map_ldap_apply( bmap, key->bv_val, val );
+ break;
+ default:
+ rc = REWRITE_ERR;
+ break;
+ }
+ break;
+ }
+
+ default:
+ rc = REWRITE_ERR;
+ break;
+ }
+
+ return rc;
+}
+
+void
+rewrite_builtin_map_free(
+ void *tmp
+)
+{
+ struct rewrite_builtin_map *map = ( struct rewrite_builtin_map * )tmp;
+
+ assert( map != NULL );
+
+ switch ( map->lb_type ) {
+ case REWRITE_BUILTIN_MAP_LDAP:
+ map_ldap_destroy( &map );
+ break;
+
+ default:
+ assert(0);
+ break;
+ }
+
+ free( map->lb_name );
+ free( map );
+}
+
+int
+rewrite_map_destroy(
+ struct rewrite_map **pmap
+)
+{
+ struct rewrite_map *map;
+
+ assert( pmap != NULL );
+ assert( *pmap != NULL );
+
+ map = *pmap;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_lock( &map->lm_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ if ( map->lm_name ) {
+ free( map->lm_name );
+ map->lm_name = NULL;
+ }
+
+ if ( map->lm_subst ) {
+ rewrite_subst_destroy( &map->lm_subst );
+ }
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_unlock( &map->lm_mutex );
+ ldap_pvt_thread_mutex_destroy( &map->lm_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ free( map );
+ *pmap = NULL;
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/params.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/params.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/params.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,151 @@
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/params.c,v 1.7.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#include <portable.h>
+
+#include "rewrite-int.h"
+
+/*
+ * Defines and inits a variable with global scope
+ */
+int
+rewrite_param_set(
+ struct rewrite_info *info,
+ const char *name,
+ const char *value
+)
+{
+ struct rewrite_var *var;
+
+ assert( info != NULL );
+ assert( name != NULL );
+ assert( value != NULL );
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wlock( &info->li_params_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ var = rewrite_var_find( info->li_params, name );
+ if ( var != NULL ) {
+ assert( var->lv_value.bv_val != NULL );
+ free( var->lv_value.bv_val );
+ var->lv_value.bv_val = strdup( value );
+ var->lv_value.bv_len = strlen( value );
+ } else {
+ var = rewrite_var_insert( &info->li_params, name, value );
+ if ( var == NULL ) {
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wunlock( &info->li_params_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+ return REWRITE_ERR;
+ }
+ }
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wunlock( &info->li_params_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ return REWRITE_SUCCESS;
+}
+
+/*
+ * Gets a var with global scope
+ */
+int
+rewrite_param_get(
+ struct rewrite_info *info,
+ const char *name,
+ struct berval *value
+)
+{
+ struct rewrite_var *var;
+
+ assert( info != NULL );
+ assert( name != NULL );
+ assert( value != NULL );
+
+ value->bv_val = NULL;
+ value->bv_len = 0;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_rlock( &info->li_params_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ var = rewrite_var_find( info->li_params, name );
+ if ( var == NULL ) {
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_runlock( &info->li_params_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ return REWRITE_ERR;
+ } else {
+ value->bv_val = strdup( var->lv_value.bv_val );
+ value->bv_len = var->lv_value.bv_len;
+ }
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_runlock( &info->li_params_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ return REWRITE_SUCCESS;
+}
+
+static void
+rewrite_param_free(
+ void *tmp
+)
+{
+ struct rewrite_var *var = ( struct rewrite_var * )tmp;
+ assert( var != NULL );
+
+ assert( var->lv_name != NULL );
+ assert( var->lv_value.bv_val != NULL );
+
+ free( var->lv_name );
+ free( var->lv_value.bv_val );
+ free( var );
+}
+
+/*
+ * Destroys the parameter tree
+ */
+int
+rewrite_param_destroy(
+ struct rewrite_info *info
+)
+{
+ int count;
+
+ assert( info != NULL );
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wlock( &info->li_params_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ count = avl_free( info->li_params, rewrite_param_free );
+ info->li_params = NULL;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wunlock( &info->li_params_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ return REWRITE_SUCCESS;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/parse.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/parse.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/parse.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,124 @@
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/parse.c,v 1.7.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#include <portable.h>
+
+#include <stdio.h>
+
+#include "rewrite-int.h"
+
+static int
+parse_line(
+ char **argv,
+ int *argc,
+ int maxargs,
+ char *buf
+)
+{
+ char *p, *begin;
+ int in_quoted_field = 0, cnt = 0;
+ char quote = '\0';
+
+ for ( p = buf; isspace( (unsigned char) p[ 0 ] ); p++ );
+
+ if ( p[ 0 ] == '#' ) {
+ return 0;
+ }
+
+ for ( begin = p; p[ 0 ] != '\0'; p++ ) {
+ if ( p[ 0 ] == '\\' && p[ 1 ] != '\0' ) {
+ p++;
+ } else if ( p[ 0 ] == '\'' || p[ 0 ] == '\"') {
+ if ( in_quoted_field && p[ 0 ] == quote ) {
+ in_quoted_field = 1 - in_quoted_field;
+ quote = '\0';
+ p[ 0 ] = '\0';
+ argv[ cnt ] = begin;
+ if ( ++cnt == maxargs ) {
+ *argc = cnt;
+ return 1;
+ }
+ for ( p++; isspace( (unsigned char) p[ 0 ] ); p++ );
+ begin = p;
+ p--;
+
+ } else if ( !in_quoted_field ) {
+ if ( p != begin ) {
+ return -1;
+ }
+ begin++;
+ in_quoted_field = 1 - in_quoted_field;
+ quote = p[ 0 ];
+ }
+ } else if ( isspace( (unsigned char) p[ 0 ] ) && !in_quoted_field ) {
+ p[ 0 ] = '\0';
+ argv[ cnt ] = begin;
+
+ if ( ++cnt == maxargs ) {
+ *argc = cnt;
+ return 1;
+ }
+
+ for ( p++; isspace( (unsigned char) p[ 0 ] ); p++ );
+ begin = p;
+ p--;
+ }
+ }
+
+ *argc = cnt;
+
+ return 1;
+}
+
+int
+rewrite_read(
+ FILE *fin,
+ struct rewrite_info *info
+)
+{
+ char buf[ 1024 ];
+ char *argv[11];
+ int argc, lineno;
+
+ /*
+ * Empty rule at the beginning of the context
+ */
+
+ for ( lineno = 0; fgets( buf, sizeof( buf ), fin ); lineno++ ) {
+ switch ( parse_line( argv, &argc, sizeof( argv ) - 1, buf ) ) {
+ case -1:
+ return REWRITE_ERR;
+ case 0:
+ break;
+ case 1:
+ if ( strncasecmp( argv[ 0 ], "rewrite", 7 ) == 0 ) {
+ int rc;
+ rc = rewrite_parse( info, "file", lineno,
+ argc, argv );
+ if ( rc != REWRITE_SUCCESS ) {
+ return rc;
+ }
+ }
+ break;
+ }
+ }
+
+ return REWRITE_SUCCESS;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/rewrite-int.h
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/rewrite-int.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/rewrite-int.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,618 @@
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite-int.h,v 1.15.2.6 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#ifndef REWRITE_INT_H
+#define REWRITE_INT_H
+
+/*
+ * These are required by every file of the library, so they're included here
+ */
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/syslog.h>
+#include <ac/regex.h>
+#include <ac/socket.h>
+#include <ac/unistd.h>
+#include <ac/ctype.h>
+
+#include <lber.h>
+#include <ldap.h>
+#include "../libldap/ldap-int.h"
+#include <lutil.h>
+#include <avl.h>
+
+#include <rewrite.h>
+
+/* Uncomment to use ldap pvt threads */
+#define USE_REWRITE_LDAP_PVT_THREADS
+#include <ldap_pvt_thread.h>
+
+/*
+ * For details, see RATIONALE.
+ */
+
+#define REWRITE_MAX_MATCH 11 /* 0: overall string; 1-9: submatches */
+#define REWRITE_MAX_PASSES 100
+
+/*
+ * Submatch escape char
+ */
+/* the '\' conflicts with slapd.conf parsing */
+/* #define REWRITE_SUBMATCH_ESCAPE '\\' */
+#define REWRITE_SUBMATCH_ESCAPE_ORIG '%'
+#define REWRITE_SUBMATCH_ESCAPE '$'
+#define IS_REWRITE_SUBMATCH_ESCAPE(c) \
+ ((c) == REWRITE_SUBMATCH_ESCAPE || (c) == REWRITE_SUBMATCH_ESCAPE_ORIG)
+
+/*
+ * REGEX flags
+ */
+
+#define REWRITE_FLAG_HONORCASE 'C'
+#define REWRITE_FLAG_BASICREGEX 'R'
+
+/*
+ * Action flags
+ */
+#define REWRITE_FLAG_EXECONCE ':'
+#define REWRITE_FLAG_STOP '@'
+#define REWRITE_FLAG_UNWILLING '#'
+#define REWRITE_FLAG_GOTO 'G' /* requires an arg */
+#define REWRITE_FLAG_USER 'U' /* requires an arg */
+#define REWRITE_FLAG_MAX_PASSES 'M' /* requires an arg */
+#define REWRITE_FLAG_IGNORE_ERR 'I'
+
+/*
+ * Map operators
+ */
+#define REWRITE_OPERATOR_SUBCONTEXT '>'
+#define REWRITE_OPERATOR_COMMAND '|'
+#define REWRITE_OPERATOR_VARIABLE_SET '&'
+#define REWRITE_OPERATOR_VARIABLE_GET '*'
+#define REWRITE_OPERATOR_PARAM_GET '$'
+
+
+/***********
+ * PRIVATE *
+ ***********/
+
+/*
+ * Action
+ */
+struct rewrite_action {
+ struct rewrite_action *la_next;
+
+#define REWRITE_ACTION_STOP 0x0001
+#define REWRITE_ACTION_UNWILLING 0x0002
+#define REWRITE_ACTION_GOTO 0x0003
+#define REWRITE_ACTION_IGNORE_ERR 0x0004
+#define REWRITE_ACTION_USER 0x0005
+ int la_type;
+ void *la_args;
+};
+
+/*
+ * Map
+ */
+struct rewrite_map {
+
+ /*
+ * Legacy stuff
+ */
+#define REWRITE_MAP_XFILEMAP 0x0001 /* Rough implementation! */
+#define REWRITE_MAP_XPWDMAP 0x0002 /* uid -> gecos */
+#define REWRITE_MAP_XLDAPMAP 0x0003 /* Not implemented yet! */
+
+ /*
+ * Maps with args
+ */
+#define REWRITE_MAP_SUBCONTEXT 0x0101
+
+#define REWRITE_MAP_SET_OP_VAR 0x0102
+#define REWRITE_MAP_SETW_OP_VAR 0x0103
+#define REWRITE_MAP_GET_OP_VAR 0x0104
+#define REWRITE_MAP_SET_SESN_VAR 0x0105
+#define REWRITE_MAP_SETW_SESN_VAR 0x0106
+#define REWRITE_MAP_GET_SESN_VAR 0x0107
+#define REWRITE_MAP_GET_PARAM 0x0108
+#define REWRITE_MAP_BUILTIN 0x0109
+ int lm_type;
+
+ char *lm_name;
+ void *lm_data;
+
+ /*
+ * Old maps store private data in _lm_args;
+ * new maps store the substitution pattern in _lm_subst
+ */
+ union {
+ void *_lm_args;
+ struct rewrite_subst *_lm_subst;
+ } lm_union;
+#define lm_args lm_union._lm_args
+#define lm_subst lm_union._lm_subst
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_t lm_mutex;
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+};
+
+/*
+ * Builtin maps
+ */
+struct rewrite_builtin_map {
+#define REWRITE_BUILTIN_MAP_LDAP 0x0201
+ int lb_type;
+ char *lb_name;
+ void *lb_private;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_t lb_mutex;
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+};
+
+/*
+ * Submatch substitution
+ */
+struct rewrite_submatch {
+#define REWRITE_SUBMATCH_ASIS 0x0000
+#define REWRITE_SUBMATCH_XMAP 0x0001
+#define REWRITE_SUBMATCH_MAP_W_ARG 0x0002
+ int ls_type;
+ struct rewrite_map *ls_map;
+ int ls_submatch;
+ /*
+ * The first one represents the index of the submatch in case
+ * the map has single submatch as argument;
+ * the latter represents the map argument scheme in case
+ * the map has substitution string argument form
+ */
+};
+
+/*
+ * Pattern substitution
+ */
+struct rewrite_subst {
+ size_t lt_subs_len;
+ struct berval *lt_subs;
+
+ int lt_num_submatch;
+ struct rewrite_submatch *lt_submatch;
+};
+
+/*
+ * Rule
+ */
+struct rewrite_rule {
+ struct rewrite_rule *lr_next;
+ struct rewrite_rule *lr_prev;
+
+ char *lr_pattern;
+ char *lr_subststring;
+ char *lr_flagstring;
+ regex_t lr_regex;
+
+ /*
+ * I was thinking about some kind of per-rule mutex, but there's
+ * probably no need, because rules after compilation are only read;
+ * however, I need to check whether regexec is reentrant ...
+ */
+
+ struct rewrite_subst *lr_subst;
+
+#define REWRITE_REGEX_ICASE REG_ICASE
+#define REWRITE_REGEX_EXTENDED REG_EXTENDED
+ int lr_flags;
+
+#define REWRITE_RECURSE 0x0001
+#define REWRITE_EXEC_ONCE 0x0002
+ int lr_mode;
+ int lr_max_passes;
+
+ struct rewrite_action *lr_action;
+};
+
+/*
+ * Rewrite Context (set of rules)
+ */
+struct rewrite_context {
+ char *lc_name;
+ struct rewrite_context *lc_alias;
+ struct rewrite_rule *lc_rule;
+};
+
+/*
+ * Session
+ */
+struct rewrite_session {
+ void *ls_cookie;
+ Avlnode *ls_vars;
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_t ls_vars_mutex;
+ ldap_pvt_thread_mutex_t ls_mutex;
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+ int ls_count;
+};
+
+/*
+ * Variable
+ */
+struct rewrite_var {
+ char *lv_name;
+ int lv_flags;
+ struct berval lv_value;
+};
+
+/*
+ * Operation
+ */
+struct rewrite_op {
+ int lo_num_passes;
+ int lo_depth;
+#if 0 /* FIXME: not used anywhere! (debug? then, why strdup?) */
+ char *lo_string;
+#endif
+ char *lo_result;
+ Avlnode *lo_vars;
+ const void *lo_cookie;
+};
+
+
+/**********
+ * PUBLIC *
+ **********/
+
+/*
+ * Rewrite info
+ */
+struct rewrite_info {
+ Avlnode *li_context;
+ Avlnode *li_maps;
+ /*
+ * No global mutex because maps are read only at
+ * config time
+ */
+ Avlnode *li_params;
+ Avlnode *li_cookies;
+ int li_num_cookies;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_t li_params_mutex;
+ ldap_pvt_thread_rdwr_t li_cookies_mutex;
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ /*
+ * Default to `off';
+ * use `rewriteEngine {on|off}' directive to alter
+ */
+ int li_state;
+
+ /*
+ * Defaults to REWRITE_MAXPASSES;
+ * use `rewriteMaxPasses numPasses' directive to alter
+ */
+#define REWRITE_MAXPASSES 100
+ int li_max_passes;
+ int li_max_passes_per_rule;
+
+ /*
+ * Behavior in case a NULL or non-existent context is required
+ */
+ int li_rewrite_mode;
+};
+
+/***********
+ * PRIVATE *
+ ***********/
+
+LDAP_REWRITE_V (struct rewrite_context*) rewrite_int_curr_context;
+
+/*
+ * Maps
+ */
+
+/*
+ * Parses a map (also in legacy 'x' version)
+ */
+LDAP_REWRITE_F (struct rewrite_map *)
+rewrite_map_parse(
+ struct rewrite_info *info,
+ const char *s,
+ const char **end
+);
+
+LDAP_REWRITE_F (struct rewrite_map *)
+rewrite_xmap_parse(
+ struct rewrite_info *info,
+ const char *s,
+ const char **end
+);
+
+/*
+ * Resolves key in val by means of map (also in legacy 'x' version)
+ */
+LDAP_REWRITE_F (int)
+rewrite_map_apply(
+ struct rewrite_info *info,
+ struct rewrite_op *op,
+ struct rewrite_map *map,
+ struct berval *key,
+ struct berval *val
+);
+
+LDAP_REWRITE_F (int)
+rewrite_xmap_apply(
+ struct rewrite_info *info,
+ struct rewrite_op *op,
+ struct rewrite_map *map,
+ struct berval *key,
+ struct berval *val
+);
+
+LDAP_REWRITE_F (int)
+rewrite_map_destroy(
+ struct rewrite_map **map
+);
+
+LDAP_REWRITE_F (int)
+rewrite_xmap_destroy(
+ struct rewrite_map **map
+);
+
+LDAP_REWRITE_F (void)
+rewrite_builtin_map_free(
+ void *map
+);
+/*
+ * Submatch substitution
+ */
+
+/*
+ * Compiles a substitution pattern
+ */
+LDAP_REWRITE_F (struct rewrite_subst *)
+rewrite_subst_compile(
+ struct rewrite_info *info,
+ const char *result
+);
+
+/*
+ * Substitutes a portion of rewritten string according to substitution
+ * pattern using submatches
+ */
+LDAP_REWRITE_F (int)
+rewrite_subst_apply(
+ struct rewrite_info *info,
+ struct rewrite_op *op,
+ struct rewrite_subst *subst,
+ const char *string,
+ const regmatch_t *match,
+ struct berval *val
+);
+
+LDAP_REWRITE_F (int)
+rewrite_subst_destroy(
+ struct rewrite_subst **subst
+);
+
+
+/*
+ * Rules
+ */
+
+/*
+ * Compiles the rule and appends it at the running context
+ */
+LDAP_REWRITE_F (int)
+rewrite_rule_compile(
+ struct rewrite_info *info,
+ struct rewrite_context *context,
+ const char *pattern,
+ const char *result,
+ const char *flagstring
+);
+
+/*
+ * Rewrites string according to rule; may return:
+ * REWRITE_REGEXEC_OK: fine; if *result != NULL rule matched
+ * and rewrite succeeded.
+ * REWRITE_REGEXEC_STOP: fine, rule matched; stop processing
+ * following rules
+ * REWRITE_REGEXEC_UNWILL: rule matched; force 'unwilling to perform'
+ * REWRITE_REGEXEC_ERR: an error occurred
+ */
+LDAP_REWRITE_F (int)
+rewrite_rule_apply(
+ struct rewrite_info *info,
+ struct rewrite_op *op,
+ struct rewrite_rule *rule,
+ const char *string,
+ char **result
+);
+
+LDAP_REWRITE_F (int)
+rewrite_rule_destroy(
+ struct rewrite_rule **rule
+);
+
+/*
+ * Sessions
+ */
+
+/*
+ * Fetches a struct rewrite_session
+ */
+LDAP_REWRITE_F (struct rewrite_session *)
+rewrite_session_find(
+ struct rewrite_info *info,
+ const void *cookie
+);
+
+/*
+ * Defines and inits a variable with session scope
+ */
+LDAP_REWRITE_F (int)
+rewrite_session_var_set_f(
+ struct rewrite_info *info,
+ const void *cookie,
+ const char *name,
+ const char *value,
+ int flags
+);
+
+/*
+ * Gets a var with session scope
+ */
+LDAP_REWRITE_F (int)
+rewrite_session_var_get(
+ struct rewrite_info *info,
+ const void *cookie,
+ const char *name,
+ struct berval *val
+);
+
+/*
+ * Deletes a session
+ */
+LDAP_REWRITE_F (int)
+rewrite_session_delete(
+ struct rewrite_info *info,
+ const void *cookie
+);
+
+/*
+ * Destroys the cookie tree
+ */
+LDAP_REWRITE_F (int)
+rewrite_session_destroy(
+ struct rewrite_info *info
+);
+
+
+/*
+ * Vars
+ */
+
+/*
+ * Finds a var
+ */
+LDAP_REWRITE_F (struct rewrite_var *)
+rewrite_var_find(
+ Avlnode *tree,
+ const char *name
+);
+
+/*
+ * Replaces the value of a variable
+ */
+LDAP_REWRITE_F (int)
+rewrite_var_replace(
+ struct rewrite_var *var,
+ const char *value,
+ int flags
+);
+
+/*
+ * Inserts a newly created var
+ */
+LDAP_REWRITE_F (struct rewrite_var *)
+rewrite_var_insert_f(
+ Avlnode **tree,
+ const char *name,
+ const char *value,
+ int flags
+);
+
+#define rewrite_var_insert(tree, name, value) \
+ rewrite_var_insert_f((tree), (name), (value), \
+ REWRITE_VAR_UPDATE|REWRITE_VAR_COPY_NAME|REWRITE_VAR_COPY_VALUE)
+
+/*
+ * Sets/inserts a var
+ */
+LDAP_REWRITE_F (struct rewrite_var *)
+rewrite_var_set_f(
+ Avlnode **tree,
+ const char *name,
+ const char *value,
+ int flags
+);
+
+#define rewrite_var_set(tree, name, value, insert) \
+ rewrite_var_set_f((tree), (name), (value), \
+ REWRITE_VAR_UPDATE|REWRITE_VAR_COPY_NAME|REWRITE_VAR_COPY_VALUE|((insert)? REWRITE_VAR_INSERT : 0))
+
+/*
+ * Deletes a var tree
+ */
+LDAP_REWRITE_F (int)
+rewrite_var_delete(
+ Avlnode *tree
+);
+
+
+/*
+ * Contexts
+ */
+
+/*
+ * Finds the context named rewriteContext in the context tree
+ */
+LDAP_REWRITE_F (struct rewrite_context *)
+rewrite_context_find(
+ struct rewrite_info *info,
+ const char *rewriteContext
+);
+
+/*
+ * Creates a new context called rewriteContext and stores in into the tree
+ */
+LDAP_REWRITE_F (struct rewrite_context *)
+rewrite_context_create(
+ struct rewrite_info *info,
+ const char *rewriteContext
+);
+
+/*
+ * Rewrites string according to context; may return:
+ * OK: fine; if *result != NULL rule matched and rewrite succeeded.
+ * STOP: fine, rule matched; stop processing following rules
+ * UNWILL: rule matched; force 'unwilling to perform'
+ */
+LDAP_REWRITE_F (int)
+rewrite_context_apply(
+ struct rewrite_info *info,
+ struct rewrite_op *op,
+ struct rewrite_context *context,
+ const char *string,
+ char **result
+);
+
+LDAP_REWRITE_F (int)
+rewrite_context_destroy(
+ struct rewrite_context **context
+);
+
+LDAP_REWRITE_F (void)
+rewrite_context_free(
+ void *tmp
+);
+
+#endif /* REWRITE_INT_H */
+
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/rewrite-map.h
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/rewrite-map.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/rewrite-map.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,54 @@
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite-map.h,v 1.5.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#ifndef MAP_H
+#define MAP_H
+
+/*
+ * Retrieves a builtin map
+ */
+LDAP_REWRITE_F (struct rewrite_builtin_map *)
+rewrite_builtin_map_find(
+ struct rewrite_info *info,
+ const char *name
+);
+
+
+/*
+ * LDAP map
+ */
+LDAP_REWRITE_F (void *)
+map_ldap_parse(
+ struct rewrite_info *info,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+);
+
+LDAP_REWRITE_F (int)
+map_ldap_apply( struct rewrite_builtin_map *map,
+ const char *filter,
+ struct berval *val
+);
+
+LDAP_REWRITE_F (int)
+map_ldap_destroy( struct rewrite_builtin_map **map );
+
+#endif /* MAP_H */
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/rewrite.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/rewrite.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/rewrite.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,195 @@
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite.c,v 1.12.2.4 2007/01/02 21:43:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#include <portable.h>
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/syslog.h>
+#include <ac/regex.h>
+#include <ac/socket.h>
+#include <ac/unistd.h>
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <stdio.h>
+
+#include <rewrite.h>
+#include <lutil.h>
+#include <ldap.h>
+
+int ldap_debug;
+int ldap_syslog;
+int ldap_syslog_level;
+
+static void
+apply(
+ FILE *fin,
+ const char *rewriteContext,
+ const char *arg
+)
+{
+ struct rewrite_info *info;
+ char *string, *sep, *result = NULL;
+ int rc;
+ void *cookie = &info;
+
+ info = rewrite_info_init( REWRITE_MODE_ERR );
+
+ if ( rewrite_read( fin, info ) != 0 ) {
+ exit( EXIT_FAILURE );
+ }
+
+ rewrite_param_set( info, "prog", "rewrite" );
+
+ rewrite_session_init( info, cookie );
+
+ string = (char *)arg;
+ for ( sep = strchr( rewriteContext, ',' );
+ rewriteContext != NULL;
+ rewriteContext = sep,
+ sep ? sep = strchr( rewriteContext, ',' ) : NULL )
+ {
+ char *errmsg = "";
+
+ if ( sep != NULL ) {
+ sep[ 0 ] = '\0';
+ sep++;
+ }
+ /* rc = rewrite( info, rewriteContext, string, &result ); */
+ rc = rewrite_session( info, rewriteContext, string,
+ cookie, &result );
+
+ switch ( rc ) {
+ case REWRITE_REGEXEC_OK:
+ errmsg = "ok";
+ break;
+
+ case REWRITE_REGEXEC_ERR:
+ errmsg = "error";
+ break;
+
+ case REWRITE_REGEXEC_STOP:
+ errmsg = "stop";
+ break;
+
+ case REWRITE_REGEXEC_UNWILLING:
+ errmsg = "unwilling to perform";
+ break;
+
+ default:
+ if (rc >= REWRITE_REGEXEC_USER) {
+ errmsg = "user-defined";
+ } else {
+ errmsg = "unknown";
+ }
+ break;
+ }
+
+ fprintf( stdout, "%s -> %s [%d:%s]\n", string,
+ ( result ? result : "(null)" ),
+ rc, errmsg );
+ if ( result == NULL ) {
+ break;
+ }
+ if ( string != arg && string != result ) {
+ free( string );
+ }
+ string = result;
+ }
+
+ if ( result && result != arg ) {
+ free( result );
+ }
+
+ rewrite_session_delete( info, cookie );
+
+ rewrite_info_delete( &info );
+}
+
+int
+main( int argc, char *argv[] )
+{
+ FILE *fin = NULL;
+ char *rewriteContext = REWRITE_DEFAULT_CONTEXT;
+ int debug = 0;
+
+ while ( 1 ) {
+ int opt = getopt( argc, argv, "d:f:hr:" );
+
+ if ( opt == EOF ) {
+ break;
+ }
+
+ switch ( opt ) {
+ case 'd':
+ if ( lutil_atoi( &debug, optarg ) != 0 ) {
+ fprintf( stderr, "illegal log level '%s'\n",
+ optarg );
+ exit( EXIT_FAILURE );
+ }
+ break;
+
+ case 'f':
+ fin = fopen( optarg, "r" );
+ if ( fin == NULL ) {
+ fprintf( stderr, "unable to open file '%s'\n",
+ optarg );
+ exit( EXIT_FAILURE );
+ }
+ break;
+
+ case 'h':
+ fprintf( stderr,
+ "usage: rewrite [options] string\n"
+ "\n"
+ "\t\t-f file\t\tconfiguration file\n"
+ "\t\t-r rule[s]\tlist of comma-separated rules\n"
+ "\n"
+ "\tsyntax:\n"
+ "\t\trewriteEngine\t{on|off}\n"
+ "\t\trewriteContext\tcontextName [alias aliasedContextName]\n"
+ "\t\trewriteRule\tpattern subst [flags]\n"
+ "\n"
+ );
+ exit( EXIT_SUCCESS );
+
+ case 'r':
+ rewriteContext = optarg;
+ break;
+ }
+ }
+
+ if ( debug != 0 ) {
+ ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &debug);
+ ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &debug);
+ }
+
+ if ( optind >= argc ) {
+ return -1;
+ }
+
+ apply( ( fin ? fin : stdin ), rewriteContext, argv[ optind ] );
+
+ if ( fin ) {
+ fclose( fin );
+ }
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/rule.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/rule.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/rule.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,498 @@
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/rule.c,v 1.14.2.8 2007/01/02 21:43:53 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#include <portable.h>
+
+#include "rewrite-int.h"
+
+/*
+ * Appends a rule to the double linked list of rules
+ * Helper for rewrite_rule_compile
+ */
+static int
+append_rule(
+ struct rewrite_context *context,
+ struct rewrite_rule *rule
+)
+{
+ struct rewrite_rule *r;
+
+ assert( context != NULL );
+ assert( context->lc_rule != NULL );
+ assert( rule != NULL );
+
+ for ( r = context->lc_rule; r->lr_next != NULL; r = r->lr_next );
+ r->lr_next = rule;
+ rule->lr_prev = r;
+
+ return REWRITE_SUCCESS;
+}
+
+/*
+ * Appends an action to the linked list of actions
+ * Helper for rewrite_rule_compile
+ */
+static int
+append_action(
+ struct rewrite_action **pbase,
+ struct rewrite_action *action
+)
+{
+ struct rewrite_action **pa;
+
+ assert( pbase != NULL );
+ assert( action != NULL );
+
+ for ( pa = pbase; *pa != NULL; pa = &(*pa)->la_next );
+ *pa = action;
+
+ return REWRITE_SUCCESS;
+}
+
+static int
+destroy_action(
+ struct rewrite_action **paction
+)
+{
+ struct rewrite_action *action;
+
+ assert( paction != NULL );
+ assert( *paction != NULL );
+
+ action = *paction;
+
+ /* do something */
+ switch ( action->la_type ) {
+ case REWRITE_FLAG_GOTO:
+ case REWRITE_FLAG_USER: {
+ int *pi = (int *)action->la_args;
+
+ if ( pi ) {
+ free( pi );
+ }
+ break;
+ }
+
+ default:
+ break;
+ }
+
+ free( action );
+ *paction = NULL;
+
+ return 0;
+}
+
+static void
+destroy_actions(
+ struct rewrite_action *paction
+)
+{
+ struct rewrite_action *next;
+
+ for (; paction; paction = next) {
+ next = paction->la_next;
+ destroy_action( &paction );
+ }
+}
+
+/*
+ */
+int
+rewrite_rule_compile(
+ struct rewrite_info *info,
+ struct rewrite_context *context,
+ const char *pattern,
+ const char *result,
+ const char *flagstring
+)
+{
+ int flags = REWRITE_REGEX_EXTENDED | REWRITE_REGEX_ICASE;
+ int mode = REWRITE_RECURSE;
+ int max_passes = info->li_max_passes_per_rule;
+
+ struct rewrite_rule *rule = NULL;
+ struct rewrite_subst *subst = NULL;
+ struct rewrite_action *action = NULL, *first_action = NULL;
+
+ const char *p;
+
+ assert( info != NULL );
+ assert( context != NULL );
+ assert( pattern != NULL );
+ assert( result != NULL );
+
+ /*
+ * A null flagstring should be allowed
+ */
+
+ /*
+ * Take care of substitution string
+ */
+ subst = rewrite_subst_compile( info, result );
+ if ( subst == NULL ) {
+ return REWRITE_ERR;
+ }
+
+ /*
+ * Take care of flags
+ */
+ for ( p = flagstring; p[ 0 ] != '\0'; p++ ) {
+ switch( p[ 0 ] ) {
+
+ /*
+ * REGEX flags
+ */
+ case REWRITE_FLAG_HONORCASE: /* 'C' */
+ /*
+ * Honor case (default is case insensitive)
+ */
+ flags &= ~REWRITE_REGEX_ICASE;
+ break;
+
+ case REWRITE_FLAG_BASICREGEX: /* 'R' */
+ /*
+ * Use POSIX Basic Regular Expression syntax
+ * instead of POSIX Extended Regular Expression
+ * syntax (default)
+ */
+ flags &= ~REWRITE_REGEX_EXTENDED;
+ break;
+
+ /*
+ * Execution mode flags
+ */
+ case REWRITE_FLAG_EXECONCE: /* ':' */
+ /*
+ * Apply rule once only
+ */
+ mode &= ~REWRITE_RECURSE;
+ mode |= REWRITE_EXEC_ONCE;
+ break;
+
+ /*
+ * Special action flags
+ */
+ case REWRITE_FLAG_STOP: /* '@' */
+ /*
+ * Bail out after applying rule
+ */
+ action = calloc( sizeof( struct rewrite_action ), 1 );
+ if ( action == NULL ) {
+ goto fail;
+ }
+
+ action->la_type = REWRITE_ACTION_STOP;
+ break;
+
+ case REWRITE_FLAG_UNWILLING: /* '#' */
+ /*
+ * Matching objs will be marked as gone!
+ */
+ action = calloc( sizeof( struct rewrite_action ), 1 );
+ if ( action == NULL ) {
+ goto fail;
+ }
+
+ mode &= ~REWRITE_RECURSE;
+ mode |= REWRITE_EXEC_ONCE;
+ action->la_type = REWRITE_ACTION_UNWILLING;
+ break;
+
+ case REWRITE_FLAG_GOTO: /* 'G' */
+ /*
+ * After applying rule, jump N rules
+ */
+
+ case REWRITE_FLAG_USER: { /* 'U' */
+ /*
+ * After applying rule, return user-defined
+ * error code
+ */
+ char *next = NULL;
+ int *d;
+
+ if ( p[ 1 ] != '{' ) {
+ goto fail;
+ }
+
+ d = malloc( sizeof( int ) );
+ if ( d == NULL ) {
+ goto fail;
+ }
+
+ d[ 0 ] = strtol( &p[ 2 ], &next, 0 );
+ if ( next == &p[ 2 ] || next[0] != '}' ) {
+ free( d );
+ goto fail;
+ }
+
+ action = calloc( sizeof( struct rewrite_action ), 1 );
+ if ( action == NULL ) {
+ free( d );
+ goto fail;
+ }
+ switch ( p[ 0 ] ) {
+ case REWRITE_FLAG_GOTO:
+ action->la_type = REWRITE_ACTION_GOTO;
+ break;
+
+ case REWRITE_FLAG_USER:
+ action->la_type = REWRITE_ACTION_USER;
+ break;
+
+ default:
+ assert(0);
+ }
+
+ action->la_args = (void *)d;
+
+ p = next; /* p is incremented by the for ... */
+
+ break;
+ }
+
+ case REWRITE_FLAG_MAX_PASSES: { /* 'U' */
+ /*
+ * Set the number of max passes per rule
+ */
+ char *next = NULL;
+
+ if ( p[ 1 ] != '{' ) {
+ goto fail;
+ }
+
+ max_passes = strtol( &p[ 2 ], &next, 0 );
+ if ( next == &p[ 2 ] || next[0] != '}' ) {
+ goto fail;
+ }
+
+ if ( max_passes < 1 ) {
+ /* FIXME: nonsense ... */
+ max_passes = 1;
+ }
+
+ p = next; /* p is incremented by the for ... */
+
+ break;
+ }
+
+ case REWRITE_FLAG_IGNORE_ERR: /* 'I' */
+ /*
+ * Ignore errors!
+ */
+ action = calloc( sizeof( struct rewrite_action ), 1 );
+ if ( action == NULL ) {
+ goto fail;
+ }
+
+ action->la_type = REWRITE_ACTION_IGNORE_ERR;
+ break;
+
+ /*
+ * Other flags ...
+ */
+ default:
+ /*
+ * Unimplemented feature (complain only)
+ */
+ break;
+ }
+
+ /*
+ * Stupid way to append to a list ...
+ */
+ if ( action != NULL ) {
+ append_action( &first_action, action );
+ action = NULL;
+ }
+ }
+
+ /*
+ * Finally, rule allocation
+ */
+ rule = calloc( sizeof( struct rewrite_rule ), 1 );
+ if ( rule == NULL ) {
+ goto fail;
+ }
+
+ /*
+ * REGEX compilation (luckily I don't need to take care of this ...)
+ */
+ if ( regcomp( &rule->lr_regex, ( char * )pattern, flags ) != 0 ) {
+ free( rule );
+ goto fail;
+ }
+
+ /*
+ * Just to remember them ...
+ */
+ rule->lr_pattern = strdup( pattern );
+ rule->lr_subststring = strdup( result );
+ rule->lr_flagstring = strdup( flagstring );
+
+ /*
+ * Load compiled data into rule
+ */
+ rule->lr_subst = subst;
+
+ /*
+ * Set various parameters
+ */
+ rule->lr_flags = flags; /* don't really need any longer ... */
+ rule->lr_mode = mode;
+ rule->lr_max_passes = max_passes;
+ rule->lr_action = first_action;
+
+ /*
+ * Append rule at the end of the rewrite context
+ */
+ append_rule( context, rule );
+
+ return REWRITE_SUCCESS;
+
+fail:
+ destroy_actions( first_action );
+ free( subst );
+ return REWRITE_ERR;
+}
+
+/*
+ * Rewrites string according to rule; may return:
+ * OK: fine; if *result != NULL rule matched and rewrite succeeded.
+ * STOP: fine, rule matched; stop processing following rules
+ * UNWILL: rule matched; force 'unwilling to perform'
+ */
+int
+rewrite_rule_apply(
+ struct rewrite_info *info,
+ struct rewrite_op *op,
+ struct rewrite_rule *rule,
+ const char *arg,
+ char **result
+ )
+{
+ size_t nmatch = REWRITE_MAX_MATCH;
+ regmatch_t match[ REWRITE_MAX_MATCH ];
+
+ int rc = REWRITE_SUCCESS;
+
+ char *string;
+ int strcnt = 0;
+ struct berval val = { 0, NULL };
+
+ assert( info != NULL );
+ assert( op != NULL );
+ assert( rule != NULL );
+ assert( arg != NULL );
+ assert( result != NULL );
+
+ *result = NULL;
+
+ string = (char *)arg;
+
+ /*
+ * In case recursive match is required (default)
+ */
+recurse:;
+
+ Debug( LDAP_DEBUG_TRACE, "==> rewrite_rule_apply"
+ " rule='%s' string='%s' [%d pass(es)]\n",
+ rule->lr_pattern, string, strcnt + 1 );
+
+ op->lo_num_passes++;
+
+ rc = regexec( &rule->lr_regex, string, nmatch, match, 0 );
+ if ( rc != 0 ) {
+ if ( *result == NULL && string != arg ) {
+ free( string );
+ }
+
+ /*
+ * No match is OK; *result = NULL means no match
+ */
+ return REWRITE_REGEXEC_OK;
+ }
+
+ rc = rewrite_subst_apply( info, op, rule->lr_subst, string,
+ match, &val );
+
+ *result = val.bv_val;
+ val.bv_val = NULL;
+ if ( string != arg ) {
+ free( string );
+ string = NULL;
+ }
+
+ if ( rc != REWRITE_REGEXEC_OK ) {
+ return rc;
+ }
+
+ if ( ( rule->lr_mode & REWRITE_RECURSE ) == REWRITE_RECURSE
+ && op->lo_num_passes < info->li_max_passes
+ && ++strcnt < rule->lr_max_passes ) {
+ string = *result;
+
+ goto recurse;
+ }
+
+ return REWRITE_REGEXEC_OK;
+}
+
+int
+rewrite_rule_destroy(
+ struct rewrite_rule **prule
+ )
+{
+ struct rewrite_rule *rule;
+
+ assert( prule != NULL );
+ assert( *prule != NULL );
+
+ rule = *prule;
+
+ if ( rule->lr_pattern ) {
+ free( rule->lr_pattern );
+ rule->lr_pattern = NULL;
+ }
+
+ if ( rule->lr_subststring ) {
+ free( rule->lr_subststring );
+ rule->lr_subststring = NULL;
+ }
+
+ if ( rule->lr_flagstring ) {
+ free( rule->lr_flagstring );
+ rule->lr_flagstring = NULL;
+ }
+
+ if ( rule->lr_subst ) {
+ rewrite_subst_destroy( &rule->lr_subst );
+ }
+
+ regfree( &rule->lr_regex );
+
+ destroy_actions( rule->lr_action );
+
+ free( rule );
+ *prule = NULL;
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/session.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/session.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/session.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,420 @@
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/session.c,v 1.11.2.7 2007/01/02 21:43:53 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#include <portable.h>
+
+#include "rewrite-int.h"
+
+/*
+ * Compares two cookies
+ */
+static int
+rewrite_cookie_cmp(
+ const void *c1,
+ const void *c2
+)
+{
+ const struct rewrite_session *s1, *s2;
+
+ s1 = ( const struct rewrite_session * )c1;
+ s2 = ( const struct rewrite_session * )c2;
+
+ assert( s1 != NULL );
+ assert( s2 != NULL );
+ assert( s1->ls_cookie != NULL );
+ assert( s2->ls_cookie != NULL );
+
+ return ( ( s1->ls_cookie < s2->ls_cookie ) ? -1 :
+ ( ( s1->ls_cookie > s2->ls_cookie ) ? 1 : 0 ) );
+}
+
+/*
+ * Duplicate cookies?
+ */
+static int
+rewrite_cookie_dup(
+ void *c1,
+ void *c2
+)
+{
+ struct rewrite_session *s1, *s2;
+
+ s1 = ( struct rewrite_session * )c1;
+ s2 = ( struct rewrite_session * )c2;
+
+ assert( s1 != NULL );
+ assert( s2 != NULL );
+ assert( s1->ls_cookie != NULL );
+ assert( s2->ls_cookie != NULL );
+
+ assert( s1->ls_cookie != s2->ls_cookie );
+
+ return ( ( s1->ls_cookie == s2->ls_cookie ) ? -1 : 0 );
+}
+
+/*
+ * Inits a session
+ */
+struct rewrite_session *
+rewrite_session_init(
+ struct rewrite_info *info,
+ const void *cookie
+)
+{
+ struct rewrite_session *session, tmp;
+ int rc;
+
+ assert( info != NULL );
+ assert( cookie != NULL );
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wlock( &info->li_cookies_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ tmp.ls_cookie = ( void * )cookie;
+ session = ( struct rewrite_session * )avl_find( info->li_cookies,
+ ( caddr_t )&tmp, rewrite_cookie_cmp );
+ if ( session ) {
+ session->ls_count++;
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wunlock( &info->li_cookies_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+ return session;
+ }
+
+ session = calloc( sizeof( struct rewrite_session ), 1 );
+ if ( session == NULL ) {
+ return NULL;
+ }
+ session->ls_cookie = ( void * )cookie;
+ session->ls_count = 1;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ if ( ldap_pvt_thread_mutex_init( &session->ls_mutex ) ) {
+ free( session );
+ return NULL;
+ }
+ if ( ldap_pvt_thread_rdwr_init( &session->ls_vars_mutex ) ) {
+ ldap_pvt_thread_mutex_destroy( &session->ls_mutex );
+ free( session );
+ return NULL;
+ }
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ rc = avl_insert( &info->li_cookies, ( caddr_t )session,
+ rewrite_cookie_cmp, rewrite_cookie_dup );
+ info->li_num_cookies++;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wunlock( &info->li_cookies_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ if ( rc != 0 ) {
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_destroy( &session->ls_vars_mutex );
+ ldap_pvt_thread_mutex_destroy( &session->ls_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ free( session );
+ return NULL;
+ }
+
+ return session;
+}
+
+/*
+ * Fetches a session
+ */
+struct rewrite_session *
+rewrite_session_find(
+ struct rewrite_info *info,
+ const void *cookie
+)
+{
+ struct rewrite_session *session, tmp;
+
+ assert( info != NULL );
+ assert( cookie != NULL );
+
+ tmp.ls_cookie = ( void * )cookie;
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_rlock( &info->li_cookies_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+ session = ( struct rewrite_session * )avl_find( info->li_cookies,
+ ( caddr_t )&tmp, rewrite_cookie_cmp );
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ if ( session ) {
+ ldap_pvt_thread_mutex_lock( &session->ls_mutex );
+ }
+ ldap_pvt_thread_rdwr_runlock( &info->li_cookies_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ return session;
+}
+
+/*
+ * Returns a session
+ */
+void
+rewrite_session_return(
+ struct rewrite_info *info,
+ struct rewrite_session *session
+)
+{
+ assert( session != NULL );
+ ldap_pvt_thread_mutex_unlock( &session->ls_mutex );
+}
+
+/*
+ * Defines and inits a var with session scope
+ */
+int
+rewrite_session_var_set_f(
+ struct rewrite_info *info,
+ const void *cookie,
+ const char *name,
+ const char *value,
+ int flags
+)
+{
+ struct rewrite_session *session;
+ struct rewrite_var *var;
+
+ assert( info != NULL );
+ assert( cookie != NULL );
+ assert( name != NULL );
+ assert( value != NULL );
+
+ session = rewrite_session_find( info, cookie );
+ if ( session == NULL ) {
+ session = rewrite_session_init( info, cookie );
+ if ( session == NULL ) {
+ return REWRITE_ERR;
+ }
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_lock( &session->ls_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+ }
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wlock( &session->ls_vars_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ var = rewrite_var_find( session->ls_vars, name );
+ if ( var != NULL ) {
+ assert( var->lv_value.bv_val != NULL );
+
+ (void)rewrite_var_replace( var, value, flags );
+
+ } else {
+ var = rewrite_var_insert_f( &session->ls_vars, name, value, flags );
+ if ( var == NULL ) {
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wunlock( &session->ls_vars_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+ rewrite_session_return( info, session );
+ return REWRITE_ERR;
+ }
+ }
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wunlock( &session->ls_vars_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ rewrite_session_return( info, session );
+
+ return REWRITE_SUCCESS;
+}
+
+/*
+ * Gets a var with session scope
+ */
+int
+rewrite_session_var_get(
+ struct rewrite_info *info,
+ const void *cookie,
+ const char *name,
+ struct berval *value
+)
+{
+ struct rewrite_session *session;
+ struct rewrite_var *var;
+
+ assert( info != NULL );
+ assert( cookie != NULL );
+ assert( name != NULL );
+ assert( value != NULL );
+
+ value->bv_val = NULL;
+ value->bv_len = 0;
+
+ if ( cookie == NULL ) {
+ return REWRITE_ERR;
+ }
+
+ session = rewrite_session_find( info, cookie );
+ if ( session == NULL ) {
+ return REWRITE_ERR;
+ }
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_rlock( &session->ls_vars_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ var = rewrite_var_find( session->ls_vars, name );
+ if ( var == NULL ) {
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_runlock( &session->ls_vars_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ rewrite_session_return( info, session );
+
+ return REWRITE_ERR;
+ } else {
+ value->bv_val = strdup( var->lv_value.bv_val );
+ value->bv_len = var->lv_value.bv_len;
+ }
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_runlock( &session->ls_vars_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ rewrite_session_return( info, session );
+
+ return REWRITE_SUCCESS;
+}
+
+static void
+rewrite_session_clean( void *v_session )
+{
+ struct rewrite_session *session = (struct rewrite_session *)v_session;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wlock( &session->ls_vars_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ rewrite_var_delete( session->ls_vars );
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wunlock( &session->ls_vars_mutex );
+ ldap_pvt_thread_rdwr_destroy( &session->ls_vars_mutex );
+ ldap_pvt_thread_mutex_unlock( &session->ls_mutex );
+ ldap_pvt_thread_mutex_destroy( &session->ls_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+}
+
+static void
+rewrite_session_free( void *v_session )
+{
+ struct rewrite_session *session = (struct rewrite_session *)v_session;
+
+ ldap_pvt_thread_mutex_lock( &session->ls_mutex );
+ rewrite_session_clean( v_session );
+ free( v_session );
+}
+
+/*
+ * Deletes a session
+ */
+int
+rewrite_session_delete(
+ struct rewrite_info *info,
+ const void *cookie
+)
+{
+ struct rewrite_session *session, tmp = { 0 };
+
+ assert( info != NULL );
+ assert( cookie != NULL );
+
+ session = rewrite_session_find( info, cookie );
+
+ if ( session == NULL ) {
+ return REWRITE_SUCCESS;
+ }
+
+ if ( --session->ls_count > 0 ) {
+ rewrite_session_return( info, session );
+ return REWRITE_SUCCESS;
+ }
+
+ rewrite_session_clean( session );
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wlock( &info->li_cookies_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ assert( info->li_num_cookies > 0 );
+ info->li_num_cookies--;
+
+ /*
+ * There is nothing to delete in the return value
+ */
+ tmp.ls_cookie = ( void * )cookie;
+ avl_delete( &info->li_cookies, ( caddr_t )&tmp, rewrite_cookie_cmp );
+
+ free( session );
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wunlock( &info->li_cookies_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ return REWRITE_SUCCESS;
+}
+
+/*
+ * Destroys the cookie tree
+ */
+int
+rewrite_session_destroy(
+ struct rewrite_info *info
+)
+{
+ int count;
+
+ assert( info != NULL );
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wlock( &info->li_cookies_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ /*
+ * Should call per-session destruction routine ...
+ */
+
+ count = avl_free( info->li_cookies, rewrite_session_free );
+ info->li_cookies = NULL;
+
+#if 0
+ fprintf( stderr, "count = %d; num_cookies = %d\n",
+ count, info->li_num_cookies );
+#endif
+
+ assert( count == info->li_num_cookies );
+ info->li_num_cookies = 0;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_rdwr_wunlock( &info->li_cookies_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ return REWRITE_SUCCESS;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/subst.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/subst.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/subst.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,501 @@
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/subst.c,v 1.19.2.4 2007/01/02 21:43:53 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#include <portable.h>
+
+#include "rewrite-int.h"
+
+/*
+ * Compiles a substitution pattern
+ */
+struct rewrite_subst *
+rewrite_subst_compile(
+ struct rewrite_info *info,
+ const char *str
+)
+{
+ size_t subs_len;
+ struct berval *subs = NULL, *tmps;
+ struct rewrite_submatch *submatch = NULL;
+
+ struct rewrite_subst *s = NULL;
+
+ char *result, *begin, *p;
+ int nsub = 0, l;
+
+ assert( info != NULL );
+ assert( str != NULL );
+
+ result = strdup( str );
+ if ( result == NULL ) {
+ return NULL;
+ }
+
+ /*
+ * Take care of substitution string
+ */
+ for ( p = begin = result, subs_len = 0; p[ 0 ] != '\0'; p++ ) {
+
+ /*
+ * Keep only single escapes '%'
+ */
+ if ( !IS_REWRITE_SUBMATCH_ESCAPE( p[ 0 ] ) ) {
+ continue;
+ }
+
+ if ( IS_REWRITE_SUBMATCH_ESCAPE( p[ 1 ] ) ) {
+ /* Pull &p[1] over p, including the trailing '\0' */
+ AC_MEMCPY((char *)p, &p[ 1 ], strlen( p ) );
+ continue;
+ }
+
+ tmps = ( struct berval * )realloc( subs,
+ sizeof( struct berval )*( nsub + 1 ) );
+ if ( tmps == NULL ) {
+ goto cleanup;
+ }
+ subs = tmps;
+
+ /*
+ * I think an `if l > 0' at runtime is better outside than
+ * inside a function call ...
+ */
+ l = p - begin;
+ if ( l > 0 ) {
+ subs_len += l;
+ subs[ nsub ].bv_len = l;
+ subs[ nsub ].bv_val = malloc( l + 1 );
+ if ( subs[ nsub ].bv_val == NULL ) {
+ goto cleanup;
+ }
+ AC_MEMCPY( subs[ nsub ].bv_val, begin, l );
+ subs[ nsub ].bv_val[ l ] = '\0';
+ } else {
+ subs[ nsub ].bv_val = NULL;
+ subs[ nsub ].bv_len = 0;
+ }
+
+ /*
+ * Substitution pattern
+ */
+ if ( isdigit( (unsigned char) p[ 1 ] ) ) {
+ struct rewrite_submatch *tmpsm;
+ int d = p[ 1 ] - '0';
+
+ /*
+ * Add a new value substitution scheme
+ */
+
+ tmpsm = ( struct rewrite_submatch * )realloc( submatch,
+ sizeof( struct rewrite_submatch )*( nsub + 1 ) );
+ if ( tmpsm == NULL ) {
+ goto cleanup;
+ }
+ submatch = tmpsm;
+ submatch[ nsub ].ls_submatch = d;
+
+ /*
+ * If there is no argument, use default
+ * (substitute substring as is)
+ */
+ if ( p[ 2 ] != '{' ) {
+ submatch[ nsub ].ls_type =
+ REWRITE_SUBMATCH_ASIS;
+ submatch[ nsub ].ls_map = NULL;
+ begin = ++p + 1;
+
+ } else {
+ struct rewrite_map *map;
+
+ submatch[ nsub ].ls_type =
+ REWRITE_SUBMATCH_XMAP;
+
+ map = rewrite_xmap_parse( info,
+ p + 3, (const char **)&begin );
+ if ( map == NULL ) {
+ goto cleanup;
+ }
+ submatch[ nsub ].ls_map = map;
+ p = begin - 1;
+ }
+
+ /*
+ * Map with args ...
+ */
+ } else if ( p[ 1 ] == '{' ) {
+ struct rewrite_map *map;
+ struct rewrite_submatch *tmpsm;
+
+ map = rewrite_map_parse( info, p + 2,
+ (const char **)&begin );
+ if ( map == NULL ) {
+ goto cleanup;
+ }
+ p = begin - 1;
+
+ /*
+ * Add a new value substitution scheme
+ */
+ tmpsm = ( struct rewrite_submatch * )realloc( submatch,
+ sizeof( struct rewrite_submatch )*( nsub + 1 ) );
+ if ( tmpsm == NULL ) {
+ goto cleanup;
+ }
+ submatch = tmpsm;
+ submatch[ nsub ].ls_type =
+ REWRITE_SUBMATCH_MAP_W_ARG;
+ submatch[ nsub ].ls_map = map;
+
+ /*
+ * Escape '%' ...
+ */
+ } else if ( p[ 1 ] == '%' ) {
+ AC_MEMCPY( &p[ 1 ], &p[ 2 ], strlen( &p[ 1 ] ) );
+ continue;
+
+ } else {
+ goto cleanup;
+ }
+
+ nsub++;
+ }
+
+ /*
+ * Last part of string
+ */
+ tmps = (struct berval * )realloc( subs, sizeof( struct berval )*( nsub + 1 ) );
+ if ( tmps == NULL ) {
+ /*
+ * XXX need to free the value subst stuff!
+ */
+ free( subs );
+ goto cleanup;
+ }
+ subs = tmps;
+ l = p - begin;
+ if ( l > 0 ) {
+ subs_len += l;
+ subs[ nsub ].bv_len = l;
+ subs[ nsub ].bv_val = malloc( l + 1 );
+ AC_MEMCPY( subs[ nsub ].bv_val, begin, l );
+ subs[ nsub ].bv_val[ l ] = '\0';
+ } else {
+ subs[ nsub ].bv_val = NULL;
+ subs[ nsub ].bv_len = 0;
+ }
+
+ s = calloc( sizeof( struct rewrite_subst ), 1 );
+ if ( s == NULL ) {
+ goto cleanup;
+ }
+
+ s->lt_subs_len = subs_len;
+ s->lt_subs = subs;
+ s->lt_num_submatch = nsub;
+ s->lt_submatch = submatch;
+
+cleanup:;
+ free( result );
+
+ return s;
+}
+
+/*
+ * Copies the match referred to by submatch and fetched in string by match.
+ * Helper for rewrite_rule_apply.
+ */
+static int
+submatch_copy(
+ struct rewrite_submatch *submatch,
+ const char *string,
+ const regmatch_t *match,
+ struct berval *val
+)
+{
+ int c, l;
+ const char *s;
+
+ assert( submatch != NULL );
+ assert( submatch->ls_type == REWRITE_SUBMATCH_ASIS
+ || submatch->ls_type == REWRITE_SUBMATCH_XMAP );
+ assert( string != NULL );
+ assert( match != NULL );
+ assert( val != NULL );
+ assert( val->bv_val == NULL );
+
+ c = submatch->ls_submatch;
+ s = string + match[ c ].rm_so;
+ l = match[ c ].rm_eo - match[ c ].rm_so;
+
+ val->bv_len = l;
+ val->bv_val = malloc( l + 1 );
+ if ( val->bv_val == NULL ) {
+ return REWRITE_ERR;
+ }
+
+ AC_MEMCPY( val->bv_val, s, l );
+ val->bv_val[ l ] = '\0';
+
+ return REWRITE_SUCCESS;
+}
+
+/*
+ * Substitutes a portion of rewritten string according to substitution
+ * pattern using submatches
+ */
+int
+rewrite_subst_apply(
+ struct rewrite_info *info,
+ struct rewrite_op *op,
+ struct rewrite_subst *subst,
+ const char *string,
+ const regmatch_t *match,
+ struct berval *val
+)
+{
+ struct berval *submatch = NULL;
+ char *res = NULL;
+ int n = 0, l, cl;
+ int rc = REWRITE_REGEXEC_OK;
+
+ assert( info != NULL );
+ assert( op != NULL );
+ assert( subst != NULL );
+ assert( string != NULL );
+ assert( match != NULL );
+ assert( val != NULL );
+
+ assert( val->bv_val == NULL );
+
+ val->bv_val = NULL;
+ val->bv_len = 0;
+
+ /*
+ * Prepare room for submatch expansion
+ */
+ if ( subst->lt_num_submatch > 0 ) {
+ submatch = calloc( sizeof( struct berval ),
+ subst->lt_num_submatch );
+ if ( submatch == NULL ) {
+ return REWRITE_REGEXEC_ERR;
+ }
+ }
+
+ /*
+ * Resolve submatches (simple subst, map expansion and so).
+ */
+ for ( n = 0, l = 0; n < subst->lt_num_submatch; n++ ) {
+ struct berval key = { 0, NULL };
+
+ submatch[ n ].bv_val = NULL;
+
+ /*
+ * Get key
+ */
+ switch ( subst->lt_submatch[ n ].ls_type ) {
+ case REWRITE_SUBMATCH_ASIS:
+ case REWRITE_SUBMATCH_XMAP:
+ rc = submatch_copy( &subst->lt_submatch[ n ],
+ string, match, &key );
+ if ( rc != REWRITE_SUCCESS ) {
+ rc = REWRITE_REGEXEC_ERR;
+ goto cleanup;
+ }
+ break;
+
+ case REWRITE_SUBMATCH_MAP_W_ARG:
+ switch ( subst->lt_submatch[ n ].ls_map->lm_type ) {
+ case REWRITE_MAP_GET_OP_VAR:
+ case REWRITE_MAP_GET_SESN_VAR:
+ case REWRITE_MAP_GET_PARAM:
+ rc = REWRITE_SUCCESS;
+ break;
+
+ default:
+ rc = rewrite_subst_apply( info, op,
+ subst->lt_submatch[ n ].ls_map->lm_subst,
+ string, match, &key);
+ }
+
+ if ( rc != REWRITE_SUCCESS ) {
+ goto cleanup;
+ }
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY, "Not Implemented\n", 0, 0, 0 );
+ rc = REWRITE_ERR;
+ break;
+ }
+
+ if ( rc != REWRITE_SUCCESS ) {
+ rc = REWRITE_REGEXEC_ERR;
+ goto cleanup;
+ }
+
+ /*
+ * Resolve key
+ */
+ switch ( subst->lt_submatch[ n ].ls_type ) {
+ case REWRITE_SUBMATCH_ASIS:
+ submatch[ n ] = key;
+ rc = REWRITE_SUCCESS;
+ break;
+
+ case REWRITE_SUBMATCH_XMAP:
+ rc = rewrite_xmap_apply( info, op,
+ subst->lt_submatch[ n ].ls_map,
+ &key, &submatch[ n ] );
+ free( key.bv_val );
+ key.bv_val = NULL;
+ break;
+
+ case REWRITE_SUBMATCH_MAP_W_ARG:
+ rc = rewrite_map_apply( info, op,
+ subst->lt_submatch[ n ].ls_map,
+ &key, &submatch[ n ] );
+ free( key.bv_val );
+ key.bv_val = NULL;
+ break;
+
+ default:
+ /*
+ * When implemented, this might return the
+ * exit status of a rewrite context,
+ * which may include a stop, or an
+ * unwilling to perform
+ */
+ rc = REWRITE_ERR;
+ break;
+ }
+
+ if ( rc != REWRITE_SUCCESS ) {
+ rc = REWRITE_REGEXEC_ERR;
+ goto cleanup;
+ }
+
+ /*
+ * Increment the length of the resulting string
+ */
+ l += submatch[ n ].bv_len;
+ }
+
+ /*
+ * Alloc result buffer
+ */
+ l += subst->lt_subs_len;
+ res = malloc( l + 1 );
+ if ( res == NULL ) {
+ rc = REWRITE_REGEXEC_ERR;
+ goto cleanup;
+ }
+
+ /*
+ * Apply submatches (possibly resolved thru maps)
+ */
+ for ( n = 0, cl = 0; n < subst->lt_num_submatch; n++ ) {
+ if ( subst->lt_subs[ n ].bv_val != NULL ) {
+ AC_MEMCPY( res + cl, subst->lt_subs[ n ].bv_val,
+ subst->lt_subs[ n ].bv_len );
+ cl += subst->lt_subs[ n ].bv_len;
+ }
+ AC_MEMCPY( res + cl, submatch[ n ].bv_val,
+ submatch[ n ].bv_len );
+ cl += submatch[ n ].bv_len;
+ }
+ if ( subst->lt_subs[ n ].bv_val != NULL ) {
+ AC_MEMCPY( res + cl, subst->lt_subs[ n ].bv_val,
+ subst->lt_subs[ n ].bv_len );
+ cl += subst->lt_subs[ n ].bv_len;
+ }
+ res[ cl ] = '\0';
+
+ val->bv_val = res;
+ val->bv_len = l;
+
+cleanup:;
+ if ( submatch ) {
+ for ( ; --n >= 0; ) {
+ if ( submatch[ n ].bv_val ) {
+ free( submatch[ n ].bv_val );
+ }
+ }
+ free( submatch );
+ }
+
+ return rc;
+}
+
+/*
+ * frees data
+ */
+int
+rewrite_subst_destroy(
+ struct rewrite_subst **psubst
+)
+{
+ int n;
+ struct rewrite_subst *subst;
+
+ assert( psubst != NULL );
+ assert( *psubst != NULL );
+
+ subst = *psubst;
+
+ for ( n = 0; n < subst->lt_num_submatch; n++ ) {
+ if ( subst->lt_subs[ n ].bv_val ) {
+ free( subst->lt_subs[ n ].bv_val );
+ subst->lt_subs[ n ].bv_val = NULL;
+ }
+
+ switch ( subst->lt_submatch[ n ].ls_type ) {
+ case REWRITE_SUBMATCH_ASIS:
+ break;
+
+ case REWRITE_SUBMATCH_XMAP:
+ rewrite_xmap_destroy( &subst->lt_submatch[ n ].ls_map );
+ break;
+
+ case REWRITE_SUBMATCH_MAP_W_ARG:
+ rewrite_map_destroy( &subst->lt_submatch[ n ].ls_map );
+ break;
+
+ default:
+ break;
+ }
+ }
+
+ free( subst->lt_submatch );
+ subst->lt_submatch = NULL;
+
+ /* last one */
+ if ( subst->lt_subs[ n ].bv_val ) {
+ free( subst->lt_subs[ n ].bv_val );
+ subst->lt_subs[ n ].bv_val = NULL;
+ }
+
+ free( subst->lt_subs );
+ subst->lt_subs = NULL;
+
+ free( subst );
+ *psubst = NULL;
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/var.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/var.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/var.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,265 @@
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/var.c,v 1.11.2.3 2007/01/02 21:43:53 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#include <portable.h>
+
+#include "rewrite-int.h"
+
+/*
+ * Compares two vars
+ */
+static int
+rewrite_var_cmp(
+ const void *c1,
+ const void *c2
+)
+{
+ const struct rewrite_var *v1, *v2;
+
+ v1 = ( const struct rewrite_var * )c1;
+ v2 = ( const struct rewrite_var * )c2;
+
+ assert( v1 != NULL );
+ assert( v2 != NULL );
+ assert( v1->lv_name != NULL );
+ assert( v2->lv_name != NULL );
+
+ return strcasecmp( v1->lv_name, v2->lv_name );
+}
+
+/*
+ * Duplicate var ?
+ */
+static int
+rewrite_var_dup(
+ void *c1,
+ void *c2
+)
+{
+ struct rewrite_var *v1, *v2;
+
+ v1 = ( struct rewrite_var * )c1;
+ v2 = ( struct rewrite_var * )c2;
+
+ assert( v1 != NULL );
+ assert( v2 != NULL );
+ assert( v1->lv_name != NULL );
+ assert( v2->lv_name != NULL );
+
+ return ( strcasecmp( v1->lv_name, v2->lv_name ) == 0 ? -1 : 0 );
+}
+
+/*
+ * Frees a var
+ */
+static void
+rewrite_var_free(
+ void *v_var
+)
+{
+ struct rewrite_var *var = v_var;
+ assert( var != NULL );
+
+ assert( var->lv_name != NULL );
+ assert( var->lv_value.bv_val != NULL );
+
+ if ( var->lv_flags & REWRITE_VAR_COPY_NAME )
+ free( var->lv_name );
+ if ( var->lv_flags & REWRITE_VAR_COPY_VALUE )
+ free( var->lv_value.bv_val );
+ free( var );
+}
+
+/*
+ * Deletes a var tree
+ */
+int
+rewrite_var_delete(
+ Avlnode *tree
+)
+{
+ avl_free( tree, rewrite_var_free );
+ return REWRITE_SUCCESS;
+}
+
+/*
+ * Finds a var
+ */
+struct rewrite_var *
+rewrite_var_find(
+ Avlnode *tree,
+ const char *name
+)
+{
+ struct rewrite_var var;
+
+ assert( name != NULL );
+
+ var.lv_name = ( char * )name;
+ return ( struct rewrite_var * )avl_find( tree,
+ ( caddr_t )&var, rewrite_var_cmp );
+}
+
+int
+rewrite_var_replace(
+ struct rewrite_var *var,
+ const char *value,
+ int flags
+)
+{
+ ber_len_t len = strlen( value );
+
+ if ( var->lv_flags & REWRITE_VAR_COPY_VALUE ) {
+ if ( flags & REWRITE_VAR_COPY_VALUE ) {
+ if ( len <= var->lv_value.bv_len ) {
+ AC_MEMCPY(var->lv_value.bv_val, value, len + 1);
+
+ } else {
+ free( var->lv_value.bv_val );
+ var->lv_value.bv_val = strdup( value );
+ }
+
+ } else {
+ free( var->lv_value.bv_val );
+ var->lv_value.bv_val = (char *)value;
+ var->lv_flags &= ~REWRITE_VAR_COPY_VALUE;
+ }
+
+ } else {
+ if ( flags & REWRITE_VAR_COPY_VALUE ) {
+ var->lv_value.bv_val = strdup( value );
+ var->lv_flags |= REWRITE_VAR_COPY_VALUE;
+
+ } else {
+ var->lv_value.bv_val = (char *)value;
+ }
+ }
+
+ var->lv_value.bv_len = len;
+
+ return 0;
+}
+
+/*
+ * Inserts a newly created var
+ */
+struct rewrite_var *
+rewrite_var_insert_f(
+ Avlnode **tree,
+ const char *name,
+ const char *value,
+ int flags
+)
+{
+ struct rewrite_var *var;
+ int rc = 0;
+
+ assert( tree != NULL );
+ assert( name != NULL );
+ assert( value != NULL );
+
+ var = rewrite_var_find( *tree, name );
+ if ( var != NULL ) {
+ if ( flags & REWRITE_VAR_UPDATE ) {
+ (void)rewrite_var_replace( var, value, flags );
+ goto cleanup;
+ }
+ rc = -1;
+ goto cleanup;
+ }
+
+ var = calloc( sizeof( struct rewrite_var ), 1 );
+ if ( var == NULL ) {
+ return NULL;
+ }
+
+ memset( var, 0, sizeof( struct rewrite_var ) );
+
+ if ( flags & REWRITE_VAR_COPY_NAME ) {
+ var->lv_name = strdup( name );
+ if ( var->lv_name == NULL ) {
+ rc = -1;
+ goto cleanup;
+ }
+ var->lv_flags |= REWRITE_VAR_COPY_NAME;
+
+ } else {
+ var->lv_name = (char *)name;
+ }
+
+ if ( flags & REWRITE_VAR_COPY_VALUE ) {
+ var->lv_value.bv_val = strdup( value );
+ if ( var->lv_value.bv_val == NULL ) {
+ rc = -1;
+ goto cleanup;
+ }
+ var->lv_flags |= REWRITE_VAR_COPY_VALUE;
+
+ } else {
+ var->lv_value.bv_val = (char *)value;
+ }
+ var->lv_value.bv_len = strlen( value );
+ rc = avl_insert( tree, ( caddr_t )var,
+ rewrite_var_cmp, rewrite_var_dup );
+
+cleanup:;
+ if ( rc != 0 && var ) {
+ avl_delete( tree, ( caddr_t )var, rewrite_var_cmp );
+ rewrite_var_free( var );
+ var = NULL;
+ }
+
+ return var;
+}
+
+/*
+ * Sets/inserts a var
+ */
+struct rewrite_var *
+rewrite_var_set_f(
+ Avlnode **tree,
+ const char *name,
+ const char *value,
+ int flags
+)
+{
+ struct rewrite_var *var;
+
+ assert( tree != NULL );
+ assert( name != NULL );
+ assert( value != NULL );
+
+ var = rewrite_var_find( *tree, name );
+ if ( var == NULL ) {
+ if ( flags & REWRITE_VAR_INSERT ) {
+ return rewrite_var_insert_f( tree, name, value, flags );
+
+ } else {
+ return NULL;
+ }
+
+ } else {
+ assert( var->lv_value.bv_val != NULL );
+
+ (void)rewrite_var_replace( var, value, flags );
+ }
+
+ return var;
+}
+
Added: openldap/vendor/openldap-2.3.35/libraries/librewrite/xmap.c
===================================================================
--- openldap/vendor/openldap-2.3.35/libraries/librewrite/xmap.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/libraries/librewrite/xmap.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,500 @@
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/xmap.c,v 1.6.2.7 2007/01/02 21:43:53 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Pierangelo Masarati for
+ * inclusion in OpenLDAP Software.
+ */
+
+#include <portable.h>
+
+#include <stdio.h>
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#define LDAP_DEPRECATED 1
+#include "rewrite-int.h"
+#include "rewrite-map.h"
+
+/*
+ * Global data
+ */
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ldap_pvt_thread_mutex_t xpasswd_mutex;
+static int xpasswd_mutex_init = 0;
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+/*
+ * Map parsing
+ * NOTE: these are old-fashion maps; new maps will be parsed on separate
+ * config lines, and referred by name.
+ */
+struct rewrite_map *
+rewrite_xmap_parse(
+ struct rewrite_info *info,
+ const char *s,
+ const char **currpos
+)
+{
+ struct rewrite_map *map;
+
+ assert( info != NULL );
+ assert( s != NULL );
+ assert( currpos != NULL );
+
+ Debug( LDAP_DEBUG_ARGS, "rewrite_xmap_parse: %s\n%s%s",
+ s, "", "" );
+
+ *currpos = NULL;
+
+ map = calloc( sizeof( struct rewrite_map ), 1 );
+ if ( map == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "rewrite_xmap_parse:"
+ " calloc failed\n%s%s%s", "", "", "" );
+ return NULL;
+ }
+
+ /*
+ * Experimental passwd map:
+ * replaces the uid with the matching gecos from /etc/passwd file
+ */
+ if ( strncasecmp(s, "xpasswd", 7 ) == 0 ) {
+ map->lm_type = REWRITE_MAP_XPWDMAP;
+ map->lm_name = strdup( "xpasswd" );
+
+ assert( s[7] == '}' );
+ *currpos = s + 8;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ if ( !xpasswd_mutex_init ) {
+ if ( ldap_pvt_thread_mutex_init( &xpasswd_mutex ) ) {
+ free( map );
+ return NULL;
+ }
+ }
+ ++xpasswd_mutex_init;
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ /* Don't really care if fails */
+ return map;
+
+ /*
+ * Experimental file map:
+ * looks up key in a `key value' ascii file
+ */
+ } else if ( strncasecmp( s, "xfile", 5 ) == 0 ) {
+ char *filename;
+ const char *p;
+ int l;
+ int c = 5;
+
+ map->lm_type = REWRITE_MAP_XFILEMAP;
+
+ if ( s[ c ] != '(' ) {
+ free( map );
+ return NULL;
+ }
+
+ /* Must start with '/' for security concerns */
+ c++;
+ if ( s[ c ] != '/' ) {
+ free( map );
+ return NULL;
+ }
+
+ for ( p = s + c; p[ 0 ] != '\0' && p[ 0 ] != ')'; p++ );
+ if ( p[ 0 ] != ')' ) {
+ free( map );
+ return NULL;
+ }
+
+ l = p - s - c;
+ filename = calloc( sizeof( char ), l + 1 );
+ AC_MEMCPY( filename, s + c, l );
+ filename[ l ] = '\0';
+
+ map->lm_args = ( void * )fopen( filename, "r" );
+ free( filename );
+
+ if ( map->lm_args == NULL ) {
+ free( map );
+ return NULL;
+ }
+
+ *currpos = p + 1;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ if ( ldap_pvt_thread_mutex_init( &map->lm_mutex ) ) {
+ fclose( ( FILE * )map->lm_args );
+ free( map );
+ return NULL;
+ }
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ return map;
+
+ /*
+ * Experimental ldap map:
+ * looks up key on the fly (not implemented!)
+ */
+ } else if ( strncasecmp(s, "xldap", 5 ) == 0 ) {
+ char *p;
+ char *url;
+ int l, rc;
+ int c = 5;
+ LDAPURLDesc *lud;
+
+ if ( s[ c ] != '(' ) {
+ free( map );
+ return NULL;
+ }
+ c++;
+
+ p = strchr( s, '}' );
+ if ( p == NULL ) {
+ free( map );
+ return NULL;
+ }
+ p--;
+
+ *currpos = p + 2;
+
+ /*
+ * Add two bytes for urlencoding of '%s'
+ */
+ l = p - s - c;
+ url = calloc( sizeof( char ), l + 3 );
+ AC_MEMCPY( url, s + c, l );
+ url[ l ] = '\0';
+
+ /*
+ * Urlencodes the '%s' for ldap_url_parse
+ */
+ p = strchr( url, '%' );
+ if ( p != NULL ) {
+ AC_MEMCPY( p + 3, p + 1, strlen( p + 1 ) + 1 );
+ p[ 1 ] = '2';
+ p[ 2 ] = '5';
+ }
+
+ rc = ldap_url_parse( url, &lud );
+ free( url );
+
+ if ( rc != LDAP_SUCCESS ) {
+ free( map );
+ return NULL;
+ }
+ assert( lud != NULL );
+
+ map->lm_args = ( void * )lud;
+ map->lm_type = REWRITE_MAP_XLDAPMAP;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ if ( ldap_pvt_thread_mutex_init( &map->lm_mutex ) ) {
+ ldap_free_urldesc( lud );
+ free( map );
+ return NULL;
+ }
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ return map;
+
+ /* Unhandled map */
+ }
+
+ free( map );
+ return NULL;
+}
+
+/*
+ * Map key -> value resolution
+ * NOTE: these are old-fashion maps; new maps will be parsed on separate
+ * config lines, and referred by name.
+ */
+int
+rewrite_xmap_apply(
+ struct rewrite_info *info,
+ struct rewrite_op *op,
+ struct rewrite_map *map,
+ struct berval *key,
+ struct berval *val
+)
+{
+ int rc = REWRITE_SUCCESS;
+
+ assert( info != NULL );
+ assert( op != NULL );
+ assert( map != NULL );
+ assert( key != NULL );
+ assert( val != NULL );
+
+ val->bv_val = NULL;
+ val->bv_len = 0;
+
+ switch ( map->lm_type ) {
+#ifdef HAVE_GETPWNAM
+ case REWRITE_MAP_XPWDMAP: {
+ struct passwd *pwd;
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_lock( &xpasswd_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ pwd = getpwnam( key->bv_val );
+ if ( pwd == NULL ) {
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_unlock( &xpasswd_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ rc = LDAP_NO_SUCH_OBJECT;
+ break;
+ }
+
+#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
+ if ( pwd->pw_gecos != NULL && pwd->pw_gecos[0] != '\0' ) {
+ int l = strlen( pwd->pw_gecos );
+
+ val->bv_val = strdup( pwd->pw_gecos );
+ if ( val->bv_val == NULL ) {
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_unlock( &xpasswd_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ rc = REWRITE_ERR;
+ break;
+ }
+ val->bv_len = l;
+ } else
+#endif /* HAVE_STRUCT_PASSWD_PW_GECOS */
+ {
+ val->bv_val = strdup( key->bv_val );
+ val->bv_len = key->bv_len;
+ }
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_unlock( &xpasswd_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ break;
+ }
+#endif /* HAVE_GETPWNAM*/
+
+ case REWRITE_MAP_XFILEMAP: {
+ char buf[1024];
+
+ if ( map->lm_args == NULL ) {
+ rc = REWRITE_ERR;
+ break;
+ }
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_lock( &map->lm_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ rewind( ( FILE * )map->lm_args );
+
+ while ( fgets( buf, sizeof( buf ), ( FILE * )map->lm_args ) ) {
+ char *p;
+ int blen;
+
+ blen = strlen( buf );
+ if ( buf[ blen - 1 ] == '\n' ) {
+ buf[ blen - 1 ] = '\0';
+ }
+
+ p = strtok( buf, " " );
+ if ( p == NULL ) {
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_unlock( &map->lm_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+ rc = REWRITE_ERR;
+ goto rc_return;
+ }
+ if ( strcasecmp( p, key->bv_val ) == 0
+ && ( p = strtok( NULL, "" ) ) ) {
+ val->bv_val = strdup( p );
+ if ( val->bv_val == NULL ) {
+ return REWRITE_ERR;
+ }
+
+ val->bv_len = strlen( p );
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_unlock( &map->lm_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ goto rc_return;
+ }
+ }
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_unlock( &map->lm_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ rc = REWRITE_ERR;
+
+ break;
+ }
+
+ case REWRITE_MAP_XLDAPMAP: {
+ LDAP *ld;
+ char filter[1024];
+ LDAPMessage *res = NULL, *entry;
+ LDAPURLDesc *lud = ( LDAPURLDesc * )map->lm_args;
+ int attrsonly = 0;
+ char **values;
+
+ assert( lud != NULL );
+
+ /*
+ * No mutex because there is no write on the map data
+ */
+
+ ld = ldap_init( lud->lud_host, lud->lud_port );
+ if ( ld == NULL ) {
+ rc = REWRITE_ERR;
+ goto rc_return;
+ }
+
+ snprintf( filter, sizeof( filter ), lud->lud_filter,
+ key->bv_val );
+
+ if ( strcasecmp( lud->lud_attrs[ 0 ], "dn" ) == 0 ) {
+ attrsonly = 1;
+ }
+ rc = ldap_search_s( ld, lud->lud_dn, lud->lud_scope,
+ filter, lud->lud_attrs, attrsonly, &res );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_unbind( ld );
+ rc = REWRITE_ERR;
+ goto rc_return;
+ }
+
+ if ( ldap_count_entries( ld, res ) != 1 ) {
+ ldap_unbind( ld );
+ rc = REWRITE_ERR;
+ goto rc_return;
+ }
+
+ entry = ldap_first_entry( ld, res );
+ if ( entry == NULL ) {
+ ldap_msgfree( res );
+ ldap_unbind( ld );
+ rc = REWRITE_ERR;
+ goto rc_return;
+ }
+ if ( attrsonly == 1 ) {
+ val->bv_val = ldap_get_dn( ld, entry );
+ if ( val->bv_val == NULL ) {
+ ldap_msgfree( res );
+ ldap_unbind( ld );
+ rc = REWRITE_ERR;
+ goto rc_return;
+ }
+ } else {
+ values = ldap_get_values( ld, entry,
+ lud->lud_attrs[0] );
+ if ( values == NULL ) {
+ ldap_msgfree( res );
+ ldap_unbind( ld );
+ rc = REWRITE_ERR;
+ goto rc_return;
+ }
+ val->bv_val = strdup( values[ 0 ] );
+ ldap_value_free( values );
+ }
+ val->bv_len = strlen( val->bv_val );
+
+ ldap_msgfree( res );
+ ldap_unbind( ld );
+
+ rc = REWRITE_SUCCESS;
+ }
+ }
+
+rc_return:;
+ return rc;
+}
+
+int
+rewrite_xmap_destroy(
+ struct rewrite_map **pmap
+)
+{
+ struct rewrite_map *map;
+
+ assert( pmap != NULL );
+ assert( *pmap != NULL );
+
+ map = *pmap;
+
+ switch ( map->lm_type ) {
+ case REWRITE_MAP_XPWDMAP:
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ --xpasswd_mutex_init;
+ if ( !xpasswd_mutex_init ) {
+ ldap_pvt_thread_mutex_destroy( &xpasswd_mutex );
+ }
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ break;
+
+ case REWRITE_MAP_XFILEMAP:
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_lock( &map->lm_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ if ( map->lm_args ) {
+ fclose( ( FILE * )map->lm_args );
+ map->lm_args = NULL;
+ }
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_unlock( &map->lm_mutex );
+ ldap_pvt_thread_mutex_destroy( &map->lm_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+ break;
+
+ case REWRITE_MAP_XLDAPMAP:
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_lock( &map->lm_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+
+ if ( map->lm_args ) {
+ ldap_free_urldesc( ( LDAPURLDesc * )map->lm_args );
+ map->lm_args = NULL;
+ }
+
+#ifdef USE_REWRITE_LDAP_PVT_THREADS
+ ldap_pvt_thread_mutex_unlock( &map->lm_mutex );
+ ldap_pvt_thread_mutex_destroy( &map->lm_mutex );
+#endif /* USE_REWRITE_LDAP_PVT_THREADS */
+ break;
+
+ default:
+ break;
+
+ }
+
+ free( map->lm_name );
+ free( map );
+ *pmap = NULL;
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,17 @@
+# servers Makefile.in for OpenLDAP
+# $OpenLDAP: pkg/ldap/servers/Makefile.in,v 1.9.2.4 2007/01/02 21:43:53 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SUBDIRS= slapd slurpd
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/DB_CONFIG
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/DB_CONFIG (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/DB_CONFIG 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,28 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1.2.3 2006/08/17 17:36:19 kurt Exp $
+# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases.
+#
+# See Sleepycat Berkeley DB documentation
+# <http://www.sleepycat.com/docs/ref/env/db_config.html>
+# for detail description of DB_CONFIG syntax and semantics.
+#
+# Hints can also be found in the OpenLDAP Software FAQ
+# <http://www.openldap.org/faq/index.cgi?file=2>
+# in particular:
+# <http://www.openldap.org/faq/index.cgi?file=1075>
+
+# Note: most DB_CONFIG settings will take effect only upon rebuilding
+# the DB environment.
+
+# one 0.25 GB cache
+set_cachesize 0 268435456 1
+
+# Data Directory
+#set_data_dir db
+
+# Transaction Log settings
+set_lg_regionmax 262144
+set_lg_bsize 2097152
+#set_lg_dir logs
+
+# Note: special DB_CONFIG flags are no longer needed for "quick"
+# slapadd(8) or slapindex(8) access (see their -q option).
Added: openldap/vendor/openldap-2.3.35/servers/slapd/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,445 @@
+## Makefile.in for slapd
+# $OpenLDAP: pkg/ldap/servers/slapd/Makefile.in,v 1.163.2.13 2007/02/14 15:59:43 hyc Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SLAPTOOLS=slapadd slapcat slapdn slapindex slappasswd slaptest slapauth slapacl
+PROGRAMS=slapd $(SLAPTOOLS)
+XPROGRAMS=sslapd libbackends.a .backend liboverlays.a
+XSRCS=version.c
+
+SUBDIRS=back-* shell-backends slapi overlays
+
+NT_SRCS = nt_svc.c
+NT_OBJS = nt_svc.o ../../libraries/liblutil/slapdmsg.res
+
+SRCS = main.c globals.c bconfig.c config.c daemon.c \
+ connection.c search.c filter.c add.c cr.c \
+ attr.c entry.c backend.c result.c operation.c \
+ dn.c compare.c modify.c delete.c modrdn.c ch_malloc.c \
+ value.c ava.c bind.c unbind.c abandon.c filterentry.c \
+ phonetic.c acl.c str2filter.c aclparse.c init.c user.c \
+ repl.c lock.c controls.c extended.c kerberos.c passwd.c \
+ schema.c schema_check.c schema_init.c schema_prep.c \
+ schemaparse.c ad.c at.c mr.c syntax.c oc.c saslauthz.c \
+ oidm.c starttls.c index.c sets.c referral.c root_dse.c \
+ sasl.c module.c mra.c mods.c sl_malloc.c zn_malloc.c limits.c \
+ operational.c matchedValues.c cancel.c syncrepl.c \
+ backglue.c backover.c ctxcsn.c ldapsync.c frontend.c \
+ slapadd.c slapcat.c slapcommon.c slapdn.c slapindex.c \
+ slappasswd.c slaptest.c slapauth.c slapacl.c component.c \
+ aci.c alock.c \
+ $(@PLAT at _SRCS)
+
+OBJS = main.o globals.o bconfig.o config.o daemon.o \
+ connection.o search.o filter.o add.o cr.o \
+ attr.o entry.o backend.o backends.o result.o operation.o \
+ dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o \
+ value.o ava.o bind.o unbind.o abandon.o filterentry.o \
+ phonetic.o acl.o str2filter.o aclparse.o init.o user.o \
+ repl.o lock.o controls.o extended.o kerberos.o passwd.o \
+ schema.o schema_check.o schema_init.o schema_prep.o \
+ schemaparse.o ad.o at.o mr.o syntax.o oc.o saslauthz.o \
+ oidm.o starttls.o index.o sets.o referral.o root_dse.o \
+ sasl.o module.o mra.o mods.o sl_malloc.o zn_malloc.o limits.o \
+ operational.o matchedValues.o cancel.o syncrepl.o \
+ backglue.o backover.o ctxcsn.o ldapsync.o frontend.o \
+ slapadd.o slapcat.o slapcommon.o slapdn.o slapindex.o \
+ slappasswd.o slaptest.o slapauth.o slapacl.o component.o \
+ aci.o alock.o \
+ $(@PLAT at _OBJS)
+
+LDAP_INCDIR= ../../include -I$(srcdir) -I$(srcdir)/slapi -I.
+LDAP_LIBDIR= ../../libraries
+
+SLAP_DIR=
+SLAPD_STATIC_DEPENDS=@SLAPD_NO_STATIC@ libbackends.a liboverlays.a
+SLAPD_STATIC_BACKENDS=@SLAPD_STATIC_BACKENDS@
+SLAPD_DYNAMIC_BACKENDS=@SLAPD_DYNAMIC_BACKENDS@
+
+SLAPI_LIBS=@LIBSLAPI@ @SLAPI_LIBS@
+
+XDEFS = $(MODULES_CPPFLAGS)
+XLDFLAGS = $(MODULES_LDFLAGS)
+
+XLIBS = $(SLAPD_STATIC_DEPENDS) $(SLAPD_L) $(MODULES_LIBS)
+XXLIBS = $(SLAPD_LIBS) $(SECURITY_LIBS) $(LUTIL_LIBS)
+XXXLIBS = $(LTHREAD_LIBS) $(SLAPI_LIBS)
+
+BUILD_OPT = "--enable-slapd"
+BUILD_SRV = @BUILD_SLAPD@
+
+all-local-srv: all-cffiles
+
+NT_SLAPD_DEPENDS = slapd.exp
+NT_SLAPD_OBJECTS = slapd.exp symdummy.o $(OBJS) version.o
+
+UNIX_SLAPD_DEPENDS = $(SLAPD_STATIC_DEPENDS) version.o $(SLAPD_L)
+UNIX_SLAPD_OBJECTS = $(OBJS) version.o
+
+SLAPD_DEPENDS = $(@PLAT at _SLAPD_DEPENDS)
+SLAPD_OBJECTS = $(@PLAT at _SLAPD_OBJECTS)
+
+# Notes about slapd for Windows
+# =============================
+# slapd.exe must export all of its global symbols, just like a DLL.
+# The purpose of this is to allow dynamic modules (dynamic backends
+# or external dynamic modules) to bind with the symbols at run-time.
+#
+# Exporting symbols from an .EXE is a bit tricky and involves multiple
+# steps. First a .DEF file must be generated. The .DEF file indicates
+# the set of symbols that are to be exported. Many times, it's possible
+# to manually create this file with an editor. However, with slapd,
+# we want to export EVERY global symbol that it knows about (NOT including
+# symbols that are imported from other DLLs). The set of symbols to
+# export INCLUDES symbols from all static libraries that slapd gets
+# linked with, e.g. avl, ldbm, lunicode, lutil, etc. This list
+# will also include liblber and libldap_r if they were built as static
+# libraries. ALSO included will be symbols from other STATIC libraries
+# outside the domain of the OpenLDAP source tree, e.g. regex, ltdl,
+# crypto, ssl, sasl, etc. (If these libraries are dynamic, we won't want
+# to include their symbols in the list). The correct set of symbols
+# CAN be determined at build time. The slapd.def target automatically
+# determines the correct set of symbols and generates the slapd.def file.
+#
+# The slapd.def file, serving multiple purposes, will:
+#
+# 1) be used to generate libslapd.a, the import library for slapd.exe.
+#
+# 2) be used to generate the symdummy.c file.
+#
+# 3) be used to help create slapd.exp, the binary-formated slapd export file.
+#
+# The import library is used by dynamic modules at link time. With this
+# library, dynamic modules indicate to the linker that it will resolve
+# these symbols from the slapd.exe binary at run-time. Of course, whenever
+# a module imports dynamic symbols, those symbols should be marked with
+# the __declspec(dllimport) directive in the header files that the dynamic
+# modules build with. In OpenLDAP, this is handled automatically in the
+# header files. (See ldap_cdefs.h for an explanation). Writers of
+# dynamic backend modules should keep in mind that slapd.exe might export
+# other global symbols that are not part of OpenLDAP (e.g. regex, ltdl,
+# crypto, ssl, sasl, etc.) When a writer actually uses (i.e. imports) these
+# symbols, he must verify that the header files from these external packages
+# include a mechanism to mark imported symbols with the __declspec(dllimport)
+# directive. Whether or not such a mechanism exists, the writer must be
+# able to include these directives appropriately when their symbols are
+# being imported from slapd.exe. The directive is not completely necessary
+# for functions, but it is required for variables.
+#
+# The symdummy.c file basically references EVERY symbol available to slapd.exe,
+# including symbols that slapd.exe never actually refereneced. The file
+# is compiled and included at link time. Without this object file, slapd.exe
+# would NOT export symbols that it never referenced. The reason that these
+# symbols must still be exported is because a dynamic module may want to
+# use a symbol even if it had not been referenced by slapd.exe.
+#
+
+#
+# slapd.def REALLY depends upon all slapd objects and all static libraries
+# included in $(LIBS), including static libraries outside of OpenLDAP.
+# When slapd.def is built, the absolute paths to all static libraries
+# (both inside and outside of OpenLDAP) are generated. We don't have
+# any way to include this generated list as a dependency of slapd.def (sigh).
+# Thus, we do the best we can by depending on version.o, which depends
+# on its own very long list of dependencies.
+#
+slapd.def: libbackends.a liboverlays.a version.o
+ @for i in $(LDFLAGS) ; do \
+ path=`expr "$$i" : "-L\(.*\)"`; \
+ if test $$? != 0; then continue; fi; \
+ paths="$$paths $$path"; \
+ done; \
+ objs=""; \
+ for i in $(OBJS) version.o $(LIBS) ; do \
+ obj="" ; \
+ case $$i in \
+ -l*) \
+ done="" ;\
+ base=`expr "$$i" : "-l\(.*\)"`; \
+ for p in $$paths ; do \
+ for ext in la dll dll.a a ; do \
+ path=$$p/lib$$base.$$ext; \
+ test ! -f $$path && continue; \
+ if test $$ext = la ; then \
+ for t in dlname old_library ; do \
+ line=`grep "^$$t=" $$path`; \
+ lib=`expr "$$line" : "[^']*'\(.*\)'"`; \
+ test -n "$$lib" && test -f $$p/$$lib && \
+ path=$$p/$$lib && break; \
+ done; \
+ test $$t = dlname && ext=dll; \
+ test $$t = old_library && ext=a; \
+ fi; \
+ if test $$ext = a ; then \
+ obj=$$path; \
+ fi; \
+ done=done; \
+ break; \
+ done; \
+ test -n "$$done" && break; \
+ done; \
+ test -z "$$obj" && continue; \
+ ;; \
+ *.la) \
+ if test -n "$(LTSTATIC)"; then \
+ base=`expr "$$i" : ".*/\(.*\).la"`; \
+ path=`expr "$$i" : "\(.*/\).*"`; \
+ obj=$$path.libs/$$base.a; \
+ fi; \
+ ;; \
+ *.dll.a) \
+ ;; \
+ *.o | *.a) \
+ obj=$$i; \
+ esac; \
+ objs="$$objs $$obj"; \
+ done; \
+ echo dlltool --exclude-symbols main,ServiceMain at 8 --export-all-symbols \
+ --output-def $@.tmp $$objs; \
+ dlltool --exclude-symbols main,ServiceMain at 8 --export-all-symbols \
+ --output-def $@.tmp $$objs;
+ echo EXPORTS > $@
+ $(SED) -e 1,2d -e 's/ @ [0-9][0-9]*//' $@.tmp | sort >> $@
+ $(RM) $@.tmp
+
+symdummy.c: slapd.def
+ $(RM) $@
+ @echo "generating $@..."; \
+ echo "static void never_called() {" > $@.tmp; \
+ cat $< | while read line; \
+ do \
+ set dummy $$line; \
+ case $$# in \
+ 3) \
+ echo "int $$2();" >> $@; \
+ echo "$$2();" >> $@.tmp; \
+ ;; \
+ 4) \
+ echo "extern int $$2;" >> $@; \
+ echo "$$2 = 0;" >> $@.tmp; \
+ ;; \
+ esac; \
+ done; \
+ echo "" >> $@; \
+ echo "}" >> $@.tmp; \
+ cat $@.tmp >> $@; \
+ $(RM) $@.tmp
+
+libslapd.a: symdummy.o
+ dlltool --dllname slapd.exe --input-def slapd.def --output-lib $@
+
+slapd.exp: libslapd.a
+ @echo $(LTLINK) -Wl,--base-file,slapd.base -o slapd \
+ $(OBJS) symdummy.o version.o $(LIBS) $(WRAP_LIBS); \
+ $(LTLINK) -Wl,--base-file,slapd.base -o slapd \
+ $(OBJS) symdummy.o version.o $(LIBS) $(WRAP_LIBS)
+ $(RM) slapd.exe
+ @echo dlltool --dllname slapd.exe --input-def slapd.def \
+ --base-file slapd.base --output-exp $@; \
+ dlltool --dllname slapd.exe --input-def slapd.def \
+ --base-file slapd.base --output-exp $@; \
+ echo $(LTLINK) -Wl,--base-file,slapd.base -o slapd $@ \
+ $(OBJS) symdummy.o version.o $(LIBS) $(WRAP_LIBS); \
+ $(LTLINK) -Wl,--base-file,slapd.base -o slapd $@ \
+ $(OBJS) symdummy.o version.o $(LIBS) $(WRAP_LIBS)
+ $(RM) slapd.exe
+ @echo dlltool --dllname slapd.exe --input-def slapd.def \
+ --base-file slapd.base --output-exp $@; \
+ dlltool --dllname slapd.exe --input-def slapd.def \
+ --base-file slapd.base --output-exp $@
+
+slapi/.libs/libslapi.a: FORCE
+ (cd slapi; $(MAKE) $(MFLAGS) all)
+
+libslapi.a: slapi/.libs/libslapi.a
+ cp slapi/.libs/libslapi.a .
+
+slapd: $(SLAPD_DEPENDS) @LIBSLAPI@
+ $(LTLINK) -o $@ $(SLAPD_OBJECTS) $(LIBS) \
+ $(WRAP_LIBS)
+ $(RM) $(SLAPTOOLS)
+ for i in $(SLAPTOOLS); do \
+ $(LN_S) slapd$(EXEEXT) $$i$(EXEEXT); done
+
+
+sslapd: version.o
+ $(LTLINK) -static -o $@ $(OBJS) version.o $(LIBS) $(WRAP_LIBS)
+
+dummy $(SLAPD_DYNAMIC_BACKENDS): slapd
+ cd $@; $(MAKE) $(MFLAGS) all
+ @touch $@
+
+dynamic_overlays: slapd
+ cd overlays; $(MAKE) $(MFLAGS) dynamic
+
+#
+# In Windows, dynamic backends have to be built after slapd. For this
+# reason, we only build static backends now and dynamic backends later.
+#
+.backend: FORCE
+ @if test -n "$(SLAPD_STATIC_BACKENDS)"; then \
+ echo "building static backends..."; \
+ for i in XX $(SLAPD_STATIC_BACKENDS); do \
+ if test $$i != XX; then \
+ echo " "; echo " cd $$i; $(MAKE) $(MFLAGS) all"; \
+ ( cd $$i; $(MAKE) $(MFLAGS) all ); \
+ if test $$? != 0; then exit 1; fi; \
+ fi; \
+ done; \
+ echo " "; \
+ fi
+
+libbackends.a: .backend
+ @$(RM) -r tmp
+ @$(MKDIR) tmp
+ @-for i in back-*/*.a; do \
+ ( \
+ cd tmp; \
+ $(AR) x ../$$i; \
+ pre=`echo $$i | $(SED) -e 's/\/.*$$//' -e 's/back-//'`; \
+ for j in *.o; do \
+ mv $$j $${pre}$$j; \
+ done; \
+ $(AR) ruv libbackends.a *.o 2>&1 | grep -v truncated; \
+ $(RM) *.o __.SYMDEF ________64ELEL_ ; \
+ echo "added backend library $$i"; \
+ echo ""; \
+ ); \
+ done
+ @mv -f tmp/libbackends.a ./libbackends.a
+ @$(RM) -r tmp
+ @if test ! -z "$(RANLIB)" ; then \
+ $(RANLIB) libbackends.a; \
+ fi
+ @ls -l libbackends.a; echo ""
+
+liboverlays.a: FORCE
+ cd overlays; $(MAKE) $(MFLAGS) static
+
+version.c: Makefile
+ @-$(RM) $@
+ $(MKVERSION) -s -n Versionstr slapd > $@
+
+version.o: version.c $(OBJS) $(SLAPD_LIBDEPEND)
+
+backends.o: backends.c $(srcdir)/slap.h
+
+depend-local-srv: FORCE
+ @for i in $(SUBDIRS); do \
+ if test -d $$i && test -f $$i/Makefile ; then \
+ echo; echo " cd $$i; $(MAKE) $(MFLAGS) depend"; \
+ ( cd $$i; $(MAKE) $(MFLAGS) depend ); \
+ if test $$? != 0 ; then exit 1; fi ; \
+ fi; \
+ done
+ @echo ""
+
+clean-local:
+ $(RM) *.exp *.def *.base *.a *.objs symdummy.c
+
+veryclean-local:
+ $(RM) backends.c
+
+clean-local-srv: FORCE
+ @for i in $(SUBDIRS); do \
+ if test -d $$i && test -f $$i/Makefile ; then \
+ echo; echo " cd $$i; $(MAKE) $(MFLAGS) clean"; \
+ ( cd $$i; $(MAKE) $(MFLAGS) clean ); \
+ if test $$? != 0 ; then exit 1; fi ; \
+ fi; \
+ done
+ $(RM) *.tmp all-cffiles
+
+veryclean-local-srv: FORCE
+ @for i in $(SUBDIRS); do \
+ if test -d $$i && test -f $$i/Makefile ; then \
+ echo; echo " cd $$i; $(MAKE) $(MFLAGS) clean"; \
+ ( cd $$i; $(MAKE) $(MFLAGS) veryclean ); \
+ fi; \
+ done
+
+install-local-srv: install-slapd install-tools \
+ install-conf install-db-config install-schema install-tools
+
+install-slapd: FORCE
+ -$(MKDIR) $(DESTDIR)$(libexecdir)
+ -$(MKDIR) $(DESTDIR)$(localstatedir)/run
+ $(LTINSTALL) $(INSTALLFLAGS) $(STRIP) -m 755 \
+ slapd$(EXEEXT) $(DESTDIR)$(libexecdir)
+ @for i in $(SUBDIRS); do \
+ if test -d $$i && test -f $$i/Makefile ; then \
+ echo; echo " cd $$i; $(MAKE) $(MFLAGS) install"; \
+ ( cd $$i; $(MAKE) $(MFLAGS) install ); \
+ if test $$? != 0 ; then exit 1; fi ; \
+ fi; \
+ done
+
+all-cffiles: slapd $(SLAPD_DYNAMIC_BACKENDS) dynamic_overlays
+ @if test $(PLAT) = NT; then \
+ sysconfdir=`cygpath -w $(sysconfdir) | \
+ $(SED) -e 's/\\\\/\\\\\\\\\\\\\\\\/g'`; \
+ localstatedir=`cygpath -w $(localstatedir) | \
+ $(SED) -e 's/\\\\/\\\\\\\\\\\\\\\\/g'`; \
+ moduledir=`cygpath -w $(moduledir) | \
+ $(SED) -e 's/\\\\/\\\\\\\\\\\\\\\\/g'`; \
+ else \
+ sysconfdir=$(sysconfdir); \
+ localstatedir=$(localstatedir); \
+ moduledir=$(moduledir); \
+ fi; \
+ $(SED) -e "s;%SYSCONFDIR%;$$sysconfdir;" \
+ -e "s;%LOCALSTATEDIR%;$$localstatedir;" \
+ -e "s;%MODULEDIR%;$$moduledir;" \
+ $(srcdir)/slapd.conf > slapd.conf.tmp ; \
+ touch all-cffiles
+
+install-schema: FORCE
+ @if test -d $(DESTDIR)$(schemadir) ; then \
+ echo "MOVING EXISTING SCHEMA DIR to $(DESTDIR)$(schemadir).$$$$" ; \
+ mv $(DESTDIR)$(schemadir) $(DESTDIR)$(schemadir).$$$$ ; \
+ fi
+ $(MKDIR) $(DESTDIR)$(schemadir)
+ @SD=$(DESTDIR)$(schemadir) ; \
+ files=`cd $(srcdir)/schema ; echo README *.ldif *.schema` ; \
+ for i in $$files ; do \
+ echo $(INSTALL) $(INSTALLFLAGS) -m 444 schema/$$i $$SD/$$i ; \
+ $(INSTALL) $(INSTALLFLAGS) -m 444 $(srcdir)/schema/$$i $$SD/$$i ; \
+ done
+
+install-conf: FORCE
+ @-$(MKDIR) $(DESTDIR)$(sysconfdir)
+ $(INSTALL) $(INSTALLFLAGS) -m 600 slapd.conf.tmp $(DESTDIR)$(sysconfdir)/slapd.conf.default
+ if test ! -f $(DESTDIR)$(sysconfdir)/slapd.conf; then \
+ echo "installing slapd.conf in $(sysconfdir)"; \
+ echo "$(INSTALL) $(INSTALLFLAGS) -m 600 slapd.conf.tmp $(DESTDIR)$(sysconfdir)/slapd.conf"; \
+ $(INSTALL) $(INSTALLFLAGS) -m 600 slapd.conf.tmp $(DESTDIR)$(sysconfdir)/slapd.conf; \
+ else \
+ echo "PRESERVING EXISTING CONFIGURATION FILE $(DESTDIR)$(sysconfdir)/slapd.conf" ; \
+ fi
+
+install-db-config: FORCE
+ @-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir)
+ @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data
+ $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \
+ $(DESTDIR)$(localstatedir)/openldap-data/DB_CONFIG.example
+ $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \
+ $(DESTDIR)$(sysconfdir)/DB_CONFIG.example
+
+install-tools: FORCE
+ -$(MKDIR) $(DESTDIR)$(sbindir)
+ for i in $(SLAPTOOLS); do \
+ $(RM) $(DESTDIR)$(sbindir)/$$i$(EXEEXT); \
+ $(LN_S) -f $(DESTDIR)$(libexecdir)/slapd$(EXEEXT) $(DESTDIR)$(sbindir)/$$i$(EXEEXT); \
+ done
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/abandon.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/abandon.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/abandon.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,120 @@
+/* abandon.c - decode and handle an ldap abandon operation */
+/* $OpenLDAP: pkg/ldap/servers/slapd/abandon.c,v 1.45.2.8 2007/01/02 21:43:53 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+int
+do_abandon( Operation *op, SlapReply *rs )
+{
+ ber_int_t id;
+ Operation *o;
+
+ Debug( LDAP_DEBUG_TRACE, "do_abandon\n", 0, 0, 0 );
+
+ /*
+ * Parse the abandon request. It looks like this:
+ *
+ * AbandonRequest := MessageID
+ */
+
+ if ( ber_scanf( op->o_ber, "i", &id ) == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, "do_abandon: ber_scanf failed\n", 0, 0 ,0 );
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
+ return SLAPD_DISCONNECT;
+ }
+
+ Statslog( LDAP_DEBUG_STATS, "%s ABANDON msg=%ld\n",
+ op->o_log_prefix, (long) id, 0, 0, 0 );
+
+ if( get_ctrls( op, rs, 0 ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "do_abandon: get_ctrls failed\n", 0, 0 ,0 );
+ return rs->sr_err;
+ }
+
+ Debug( LDAP_DEBUG_ARGS, "do_abandon: id=%ld\n", (long) id, 0 ,0 );
+
+ if( id <= 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "do_abandon: bad msgid %ld\n", (long) id, 0, 0 );
+ return LDAP_SUCCESS;
+ }
+
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+ /*
+ * find the operation being abandoned and set the o_abandon
+ * flag. It's up to the backend to periodically check this
+ * flag and abort the operation at a convenient time.
+ */
+
+ LDAP_STAILQ_FOREACH( o, &op->o_conn->c_ops, o_next ) {
+ if ( o->o_msgid == id ) {
+ o->o_abandon = 1;
+ break;
+ }
+ }
+
+ if ( o ) {
+ op->orn_msgid = id;
+
+ op->o_bd = frontendDB;
+ rs->sr_err = frontendDB->be_abandon( op, rs );
+
+ } else {
+ LDAP_STAILQ_FOREACH( o, &op->o_conn->c_pending_ops, o_next ) {
+ if ( o->o_msgid == id ) {
+ LDAP_STAILQ_REMOVE( &op->o_conn->c_pending_ops,
+ o, slap_op, o_next );
+ LDAP_STAILQ_NEXT(o, o_next) = NULL;
+ op->o_conn->c_n_ops_pending--;
+ slap_op_free( o );
+ break;
+ }
+ }
+ }
+
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+
+ Debug( LDAP_DEBUG_TRACE, "do_abandon: op=%ld %sfound\n",
+ (long) id, o ? "" : "not ", 0 );
+ return rs->sr_err;
+}
+
+int
+fe_op_abandon( Operation *op, SlapReply *rs )
+{
+ LDAP_STAILQ_FOREACH( op->o_bd, &backendDB, be_next ) {
+ if ( op->o_bd->be_abandon ) {
+ (void)op->o_bd->be_abandon( op, rs );
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/aci.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/aci.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/aci.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1711 @@
+/* aci.c - routines to parse and check acl's */
+/* $OpenLDAP: pkg/ldap/servers/slapd/aci.c,v 1.1.2.9 2007/02/13 22:41:20 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_ACI_ENABLED
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/regex.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include "slap.h"
+#include "lber_pvt.h"
+#include "lutil.h"
+
+#define ACI_BUF_SIZE 1024 /* use most appropriate size */
+
+enum {
+ ACI_BV_ENTRY,
+ ACI_BV_CHILDREN,
+ ACI_BV_ONELEVEL,
+ ACI_BV_SUBTREE,
+
+ ACI_BV_BR_ENTRY,
+ ACI_BV_BR_ALL,
+
+ ACI_BV_ACCESS_ID,
+ ACI_BV_PUBLIC,
+ ACI_BV_USERS,
+ ACI_BV_SELF,
+ ACI_BV_DNATTR,
+ ACI_BV_GROUP,
+ ACI_BV_ROLE,
+ ACI_BV_SET,
+ ACI_BV_SET_REF,
+
+ ACI_BV_GRANT,
+ ACI_BV_DENY,
+
+ ACI_BV_GROUP_CLASS,
+ ACI_BV_GROUP_ATTR,
+ ACI_BV_ROLE_CLASS,
+ ACI_BV_ROLE_ATTR,
+
+ ACI_BV_SET_ATTR,
+
+ ACI_BV_LAST
+};
+
+static const struct berval aci_bv[] = {
+ /* scope */
+ BER_BVC("entry"),
+ BER_BVC("children"),
+ BER_BVC("onelevel"),
+ BER_BVC("subtree"),
+
+ /* */
+ BER_BVC("[entry]"),
+ BER_BVC("[all]"),
+
+ /* type */
+ BER_BVC("access-id"),
+ BER_BVC("public"),
+ BER_BVC("users"),
+ BER_BVC("self"),
+ BER_BVC("dnattr"),
+ BER_BVC("group"),
+ BER_BVC("role"),
+ BER_BVC("set"),
+ BER_BVC("set-ref"),
+
+ /* actions */
+ BER_BVC("grant"),
+ BER_BVC("deny"),
+
+ /* schema */
+ BER_BVC(SLAPD_GROUP_CLASS),
+ BER_BVC(SLAPD_GROUP_ATTR),
+ BER_BVC(SLAPD_ROLE_CLASS),
+ BER_BVC(SLAPD_ROLE_ATTR),
+
+ BER_BVC(SLAPD_ACI_SET_ATTR),
+
+ BER_BVNULL
+};
+
+#ifdef SLAP_DYNACL
+static
+#endif /* SLAP_DYNACL */
+AttributeDescription *slap_ad_aci;
+
+static int
+OpenLDAPaciValidate(
+ Syntax *syntax,
+ struct berval *val );
+
+static int
+OpenLDAPaciPretty(
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *out,
+ void *ctx );
+
+static int
+OpenLDAPaciNormalize(
+ slap_mask_t use,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *out,
+ void *ctx );
+
+#define OpenLDAPaciMatch octetStringMatch
+
+static int
+aci_list_map_rights(
+ struct berval *list )
+{
+ struct berval bv;
+ slap_access_t mask;
+ int i;
+
+ ACL_INIT( mask );
+ for ( i = 0; acl_get_part( list, i, ',', &bv ) >= 0; i++ ) {
+ if ( bv.bv_len <= 0 ) {
+ continue;
+ }
+
+ switch ( *bv.bv_val ) {
+ case 'x':
+ /* **** NOTE: draft-ietf-ldapext-aci-model-0.3.txt does not
+ * define any equivalent to the AUTH right, so I've just used
+ * 'x' for now.
+ */
+ ACL_PRIV_SET(mask, ACL_PRIV_AUTH);
+ break;
+ case 'd':
+ /* **** NOTE: draft-ietf-ldapext-aci-model-0.3.txt defines
+ * the right 'd' to mean "delete"; we hijack it to mean
+ * "disclose" for consistency wuith the rest of slapd.
+ */
+ ACL_PRIV_SET(mask, ACL_PRIV_DISCLOSE);
+ break;
+ case 'c':
+ ACL_PRIV_SET(mask, ACL_PRIV_COMPARE);
+ break;
+ case 's':
+ /* **** NOTE: draft-ietf-ldapext-aci-model-0.3.txt defines
+ * the right 's' to mean "set", but in the examples states
+ * that the right 's' means "search". The latter definition
+ * is used here.
+ */
+ ACL_PRIV_SET(mask, ACL_PRIV_SEARCH);
+ break;
+ case 'r':
+ ACL_PRIV_SET(mask, ACL_PRIV_READ);
+ break;
+ case 'w':
+ ACL_PRIV_SET(mask, ACL_PRIV_WRITE);
+ break;
+ default:
+ break;
+ }
+
+ }
+
+ return mask;
+}
+
+static int
+aci_list_has_attr(
+ struct berval *list,
+ const struct berval *attr,
+ struct berval *val )
+{
+ struct berval bv, left, right;
+ int i;
+
+ for ( i = 0; acl_get_part( list, i, ',', &bv ) >= 0; i++ ) {
+ if ( acl_get_part(&bv, 0, '=', &left ) < 0
+ || acl_get_part( &bv, 1, '=', &right ) < 0 )
+ {
+ if ( ber_bvstrcasecmp( attr, &bv ) == 0 ) {
+ return(1);
+ }
+
+ } else if ( val == NULL ) {
+ if ( ber_bvstrcasecmp( attr, &left ) == 0 ) {
+ return(1);
+ }
+
+ } else {
+ if ( ber_bvstrcasecmp( attr, &left ) == 0 ) {
+ /* FIXME: this is also totally undocumented! */
+ /* this is experimental code that implements a
+ * simple (prefix) match of the attribute value.
+ * the ACI draft does not provide for aci's that
+ * apply to specific values, but it would be
+ * nice to have. If the <attr> part of an aci's
+ * rights list is of the form <attr>=<value>,
+ * that means the aci applies only to attrs with
+ * the given value. Furthermore, if the attr is
+ * of the form <attr>=<value>*, then <value> is
+ * treated as a prefix, and the aci applies to
+ * any value with that prefix.
+ *
+ * Ideally, this would allow r.e. matches.
+ */
+ if ( acl_get_part( &right, 0, '*', &left ) < 0
+ || right.bv_len <= left.bv_len )
+ {
+ if ( ber_bvstrcasecmp( val, &right ) == 0 ) {
+ return 1;
+ }
+
+ } else if ( val->bv_len >= left.bv_len ) {
+ if ( strncasecmp( val->bv_val, left.bv_val, left.bv_len ) == 0 ) {
+ return(1);
+ }
+ }
+ }
+ }
+ }
+
+ return 0;
+}
+
+static slap_access_t
+aci_list_get_attr_rights(
+ struct berval *list,
+ const struct berval *attr,
+ struct berval *val )
+{
+ struct berval bv;
+ slap_access_t mask;
+ int i;
+
+ /* loop through each rights/attr pair, skip first part (action) */
+ ACL_INIT(mask);
+ for ( i = 1; acl_get_part( list, i + 1, ';', &bv ) >= 0; i += 2 ) {
+ if ( aci_list_has_attr( &bv, attr, val ) == 0 ) {
+ continue;
+ }
+
+ if ( acl_get_part( list, i, ';', &bv ) < 0 ) {
+ continue;
+ }
+
+ mask |= aci_list_map_rights( &bv );
+ }
+
+ return mask;
+}
+
+static int
+aci_list_get_rights(
+ struct berval *list,
+ const struct berval *attr,
+ struct berval *val,
+ slap_access_t *grant,
+ slap_access_t *deny )
+{
+ struct berval perm, actn;
+ slap_access_t *mask;
+ int i, found;
+
+ if ( attr == NULL || BER_BVISEMPTY( attr ) ) {
+ attr = &aci_bv[ ACI_BV_ENTRY ];
+ }
+
+ found = 0;
+ ACL_INIT(*grant);
+ ACL_INIT(*deny);
+ /* loop through each permissions clause */
+ for ( i = 0; acl_get_part( list, i, '$', &perm ) >= 0; i++ ) {
+ if ( acl_get_part( &perm, 0, ';', &actn ) < 0 ) {
+ continue;
+ }
+
+ if ( ber_bvstrcasecmp( &aci_bv[ ACI_BV_GRANT ], &actn ) == 0 ) {
+ mask = grant;
+
+ } else if ( ber_bvstrcasecmp( &aci_bv[ ACI_BV_DENY ], &actn ) == 0 ) {
+ mask = deny;
+
+ } else {
+ continue;
+ }
+
+ found = 1;
+ *mask |= aci_list_get_attr_rights( &perm, attr, val );
+ *mask |= aci_list_get_attr_rights( &perm, &aci_bv[ ACI_BV_BR_ALL ], NULL );
+ }
+
+ return found;
+}
+
+static int
+aci_group_member (
+ struct berval *subj,
+ const struct berval *defgrpoc,
+ const struct berval *defgrpat,
+ Operation *op,
+ Entry *e,
+ int nmatch,
+ regmatch_t *matches
+)
+{
+ struct berval subjdn;
+ struct berval grpoc;
+ struct berval grpat;
+ ObjectClass *grp_oc = NULL;
+ AttributeDescription *grp_ad = NULL;
+ const char *text;
+ int rc;
+
+ /* format of string is "{group|role}/objectClassValue/groupAttrName" */
+ if ( acl_get_part( subj, 0, '/', &subjdn ) < 0 ) {
+ return 0;
+ }
+
+ if ( acl_get_part( subj, 1, '/', &grpoc ) < 0 ) {
+ grpoc = *defgrpoc;
+ }
+
+ if ( acl_get_part( subj, 2, '/', &grpat ) < 0 ) {
+ grpat = *defgrpat;
+ }
+
+ rc = slap_bv2ad( &grpat, &grp_ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ rc = 0;
+ goto done;
+ }
+ rc = 0;
+
+ grp_oc = oc_bvfind( &grpoc );
+
+ if ( grp_oc != NULL && grp_ad != NULL ) {
+ char buf[ ACI_BUF_SIZE ];
+ struct berval bv, ndn;
+
+ bv.bv_len = sizeof( buf ) - 1;
+ bv.bv_val = (char *)&buf;
+ if ( acl_string_expand( &bv, &subjdn,
+ e->e_ndn, nmatch, matches ) )
+ {
+ rc = LDAP_OTHER;
+ goto done;
+ }
+
+ if ( dnNormalize( 0, NULL, NULL, &bv, &ndn, op->o_tmpmemctx ) == LDAP_SUCCESS )
+ {
+ rc = ( backend_group( op, e, &ndn, &op->o_ndn,
+ grp_oc, grp_ad ) == 0 );
+ slap_sl_free( ndn.bv_val, op->o_tmpmemctx );
+ }
+ }
+
+done:
+ return rc;
+}
+
+int
+aci_mask(
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ struct berval *aci,
+ int nmatch,
+ regmatch_t *matches,
+ slap_access_t *grant,
+ slap_access_t *deny,
+ slap_aci_scope_t asserted_scope )
+{
+ struct berval bv,
+ scope,
+ perms,
+ type,
+ opts,
+ sdn;
+ int rc;
+
+
+ assert( !BER_BVISNULL( &desc->ad_cname ) );
+
+ /* parse an aci of the form:
+ oid # scope # action;rights;attr;rights;attr
+ $ action;rights;attr;rights;attr # type # subject
+
+ [NOTE: the following comment is very outdated,
+ as the draft version it refers to (Ando, 2004-11-20)].
+
+ See draft-ietf-ldapext-aci-model-04.txt section 9.1 for
+ a full description of the format for this attribute.
+ Differences: "this" in the draft is "self" here, and
+ "self" and "public" is in the position of type.
+
+ <scope> = {entry|children|subtree}
+ <type> = {public|users|access-id|subtree|onelevel|children|
+ self|dnattr|group|role|set|set-ref}
+
+ This routine now supports scope={ENTRY,CHILDREN}
+ with the semantics:
+ - ENTRY applies to "entry" and "subtree";
+ - CHILDREN applies to "children" and "subtree"
+ */
+
+ /* check that the aci has all 5 components */
+ if ( acl_get_part( aci, 4, '#', NULL ) < 0 ) {
+ return 0;
+ }
+
+ /* check that the aci family is supported */
+ /* FIXME: the OID is ignored? */
+ if ( acl_get_part( aci, 0, '#', &bv ) < 0 ) {
+ return 0;
+ }
+
+ /* check that the scope matches */
+ if ( acl_get_part( aci, 1, '#', &scope ) < 0 ) {
+ return 0;
+ }
+
+ /* note: scope can be either ENTRY or CHILDREN;
+ * they respectively match "entry" and "children" in bv
+ * both match "subtree" */
+ switch ( asserted_scope ) {
+ case SLAP_ACI_SCOPE_ENTRY:
+ if ( ber_bvcmp( &scope, &aci_bv[ ACI_BV_ENTRY ] ) != 0
+ && ber_bvstrcasecmp( &scope, &aci_bv[ ACI_BV_SUBTREE ] ) != 0 )
+ {
+ return 0;
+ }
+ break;
+
+ case SLAP_ACI_SCOPE_CHILDREN:
+ if ( ber_bvcmp( &scope, &aci_bv[ ACI_BV_CHILDREN ] ) != 0
+ && ber_bvstrcasecmp( &scope, &aci_bv[ ACI_BV_SUBTREE ] ) != 0 )
+ {
+ return 0;
+ }
+ break;
+
+ case SLAP_ACI_SCOPE_SUBTREE:
+ /* TODO: add assertion? */
+ return 0;
+ }
+
+ /* get the list of permissions clauses, bail if empty */
+ if ( acl_get_part( aci, 2, '#', &perms ) <= 0 ) {
+ assert( 0 );
+ return 0;
+ }
+
+ /* check if any permissions allow desired access */
+ if ( aci_list_get_rights( &perms, &desc->ad_cname, val, grant, deny ) == 0 ) {
+ return 0;
+ }
+
+ /* see if we have a DN match */
+ if ( acl_get_part( aci, 3, '#', &type ) < 0 ) {
+ assert( 0 );
+ return 0;
+ }
+
+ /* see if we have a public (i.e. anonymous) access */
+ if ( ber_bvcmp( &aci_bv[ ACI_BV_PUBLIC ], &type ) == 0 ) {
+ return 1;
+ }
+
+ /* otherwise require an identity */
+ if ( BER_BVISNULL( &op->o_ndn ) || BER_BVISEMPTY( &op->o_ndn ) ) {
+ return 0;
+ }
+
+ /* see if we have a users access */
+ if ( ber_bvcmp( &aci_bv[ ACI_BV_USERS ], &type ) == 0 ) {
+ return 1;
+ }
+
+ /* NOTE: this may fail if a DN contains a valid '#' (unescaped);
+ * just grab all the berval up to its end (ITS#3303).
+ * NOTE: the problem could be solved by providing the DN with
+ * the embedded '#' encoded as hexpairs: "cn=Foo#Bar" would
+ * become "cn=Foo\23Bar" and be safely used by aci_mask(). */
+#if 0
+ if ( acl_get_part( aci, 4, '#', &sdn ) < 0 ) {
+ return 0;
+ }
+#endif
+ sdn.bv_val = type.bv_val + type.bv_len + STRLENOF( "#" );
+ sdn.bv_len = aci->bv_len - ( sdn.bv_val - aci->bv_val );
+
+ /* get the type options, if any */
+ if ( acl_get_part( &type, 1, '/', &opts ) > 0 ) {
+ opts.bv_len = type.bv_len - ( opts.bv_val - type.bv_val );
+ type.bv_len = opts.bv_val - type.bv_val - 1;
+
+ } else {
+ BER_BVZERO( &opts );
+ }
+
+ if ( ber_bvcmp( &aci_bv[ ACI_BV_ACCESS_ID ], &type ) == 0 ) {
+ return dn_match( &op->o_ndn, &sdn );
+
+ } else if ( ber_bvcmp( &aci_bv[ ACI_BV_SUBTREE ], &type ) == 0 ) {
+ return dnIsSuffix( &op->o_ndn, &sdn );
+
+ } else if ( ber_bvcmp( &aci_bv[ ACI_BV_ONELEVEL ], &type ) == 0 ) {
+ struct berval pdn;
+
+ dnParent( &sdn, &pdn );
+
+ return dn_match( &op->o_ndn, &pdn );
+
+ } else if ( ber_bvcmp( &aci_bv[ ACI_BV_CHILDREN ], &type ) == 0 ) {
+ return ( !dn_match( &op->o_ndn, &sdn ) && dnIsSuffix( &op->o_ndn, &sdn ) );
+
+ } else if ( ber_bvcmp( &aci_bv[ ACI_BV_SELF ], &type ) == 0 ) {
+ return dn_match( &op->o_ndn, &e->e_nname );
+
+ } else if ( ber_bvcmp( &aci_bv[ ACI_BV_DNATTR ], &type ) == 0 ) {
+ Attribute *at;
+ AttributeDescription *ad = NULL;
+ const char *text;
+
+ rc = slap_bv2ad( &sdn, &ad, &text );
+ assert( rc == LDAP_SUCCESS );
+
+ rc = 0;
+ for ( at = attrs_find( e->e_attrs, ad );
+ at != NULL;
+ at = attrs_find( at->a_next, ad ) )
+ {
+ if ( value_find_ex( ad,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ at->a_nvals,
+ &op->o_ndn, op->o_tmpmemctx ) == 0 )
+ {
+ rc = 1;
+ break;
+ }
+ }
+
+ return rc;
+
+ } else if ( ber_bvcmp( &aci_bv[ ACI_BV_GROUP ], &type ) == 0 ) {
+ struct berval oc,
+ at;
+
+ if ( BER_BVISNULL( &opts ) ) {
+ oc = aci_bv[ ACI_BV_GROUP_CLASS ];
+ at = aci_bv[ ACI_BV_GROUP_ATTR ];
+
+ } else {
+ if ( acl_get_part( &opts, 0, '/', &oc ) < 0 ) {
+ assert( 0 );
+ }
+
+ if ( acl_get_part( &opts, 1, '/', &at ) < 0 ) {
+ at = aci_bv[ ACI_BV_GROUP_ATTR ];
+ }
+ }
+
+ if ( aci_group_member( &sdn, &oc, &at, op, e, nmatch, matches ) )
+ {
+ return 1;
+ }
+
+ } else if ( ber_bvcmp( &aci_bv[ ACI_BV_ROLE ], &type ) == 0 ) {
+ struct berval oc,
+ at;
+
+ if ( BER_BVISNULL( &opts ) ) {
+ oc = aci_bv[ ACI_BV_ROLE_CLASS ];
+ at = aci_bv[ ACI_BV_ROLE_ATTR ];
+
+ } else {
+ if ( acl_get_part( &opts, 0, '/', &oc ) < 0 ) {
+ assert( 0 );
+ }
+
+ if ( acl_get_part( &opts, 1, '/', &at ) < 0 ) {
+ at = aci_bv[ ACI_BV_ROLE_ATTR ];
+ }
+ }
+
+ if ( aci_group_member( &sdn, &oc, &at, op, e, nmatch, matches ) )
+ {
+ return 1;
+ }
+
+ } else if ( ber_bvcmp( &aci_bv[ ACI_BV_SET ], &type ) == 0 ) {
+ if ( acl_match_set( &sdn, op, e, NULL ) ) {
+ return 1;
+ }
+
+ } else if ( ber_bvcmp( &aci_bv[ ACI_BV_SET_REF ], &type ) == 0 ) {
+ if ( acl_match_set( &sdn, op, e, (struct berval *)&aci_bv[ ACI_BV_SET_ATTR ] ) ) {
+ return 1;
+ }
+
+ } else {
+ /* it passed normalization! */
+ assert( 0 );
+ }
+
+ return 0;
+}
+
+int
+aci_init( void )
+{
+ /* OpenLDAP eXperimental Syntax */
+ static slap_syntax_defs_rec aci_syntax_def = {
+ "( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
+ SLAP_SYNTAX_HIDE,
+ OpenLDAPaciValidate,
+ OpenLDAPaciPretty
+ };
+ static slap_mrule_defs_rec aci_mr_def = {
+ "( 1.3.6.1.4.1.4203.666.4.2 NAME 'OpenLDAPaciMatch' "
+ "SYNTAX 1.3.6.1.4.1.4203.666.2.1 )",
+ SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
+ NULL, OpenLDAPaciNormalize, OpenLDAPaciMatch,
+ NULL, NULL,
+ NULL
+ };
+ static struct {
+ char *name;
+ char *desc;
+ slap_mask_t flags;
+ AttributeDescription **ad;
+ } aci_at = {
+ "OpenLDAPaci", "( 1.3.6.1.4.1.4203.666.1.5 "
+ "NAME 'OpenLDAPaci' "
+ "DESC 'OpenLDAP access control information (experimental)' "
+ "EQUALITY OpenLDAPaciMatch "
+ "SYNTAX 1.3.6.1.4.1.4203.666.2.1 "
+ "USAGE directoryOperation )",
+ SLAP_AT_HIDE,
+ &slap_ad_aci
+ };
+
+ LDAPAttributeType *at;
+ AttributeType *sat;
+ int rc;
+ const char *text;
+
+ /* ACI syntax */
+ rc = register_syntax( &aci_syntax_def );
+ if ( rc != 0 ) {
+ return rc;
+ }
+
+ /* ACI equality rule */
+ rc = register_matching_rule( &aci_mr_def );
+ if ( rc != 0 ) {
+ return rc;
+ }
+
+ /* ACI attribute */
+ at = ldap_str2attributetype( aci_at.desc,
+ &rc, &text, LDAP_SCHEMA_ALLOW_ALL );
+ if ( !at ) {
+ Debug( LDAP_DEBUG_ANY,
+ "aci_init: AttributeType \"%s\" parse failed: %s %s\n",
+ aci_at.name, ldap_scherr2str( rc ), text );
+ return rc;
+ }
+
+ rc = at_add( at, 0, &sat, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_attributetype_free( at );
+ Debug( LDAP_DEBUG_ANY,
+ "aci_init: AttributeType \"%s\" load failed: %s %s\n",
+ aci_at.name, scherr2str( rc ), text );
+ return rc;
+ }
+ ldap_memfree( at );
+
+ rc = slap_str2ad( aci_at.name,
+ aci_at.ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "aci_init: unable to find AttributeDescription "
+ "\"%s\": %d (%s)\n",
+ aci_at.name, rc, text );
+ return 1;
+ }
+
+ /* install flags */
+ sat->sat_flags |= aci_at.flags;
+
+ return rc;
+}
+
+#ifdef SLAP_DYNACL
+static int
+dynacl_aci_parse(
+ const char *fname,
+ int lineno,
+ const char *opts,
+ slap_style_t sty,
+ const char *right,
+ void **privp )
+{
+ AttributeDescription *ad = NULL;
+ const char *text = NULL;
+
+ if ( sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE ) {
+ fprintf( stderr, "%s: line %d: "
+ "inappropriate style \"%s\" in \"aci\" by clause\n",
+ fname, lineno, style_strings[sty] );
+ return -1;
+ }
+
+ if ( right != NULL && *right != '\0' ) {
+ if ( slap_str2ad( right, &ad, &text ) != LDAP_SUCCESS ) {
+ fprintf( stderr,
+ "%s: line %d: aci \"%s\": %s\n",
+ fname, lineno, right, text );
+ return -1;
+ }
+
+ } else {
+ ad = slap_ad_aci;
+ }
+
+ if ( !is_at_syntax( ad->ad_type, SLAPD_ACI_SYNTAX) ) {
+ fprintf( stderr, "%s: line %d: "
+ "aci \"%s\": inappropriate syntax: %s\n",
+ fname, lineno, right,
+ ad->ad_type->sat_syntax_oid );
+ return -1;
+ }
+
+ *privp = (void *)ad;
+
+ return 0;
+}
+
+static int
+dynacl_aci_unparse( void *priv, struct berval *bv )
+{
+ AttributeDescription *ad = ( AttributeDescription * )priv;
+ char *ptr;
+
+ assert( ad != NULL );
+
+ bv->bv_val = ch_malloc( STRLENOF(" aci=") + ad->ad_cname.bv_len + 1 );
+ ptr = lutil_strcopy( bv->bv_val, " aci=" );
+ ptr = lutil_strcopy( ptr, ad->ad_cname.bv_val );
+ bv->bv_len = ptr - bv->bv_val;
+
+ return 0;
+}
+
+static int
+dynacl_aci_mask(
+ void *priv,
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ int nmatch,
+ regmatch_t *matches,
+ slap_access_t *grantp,
+ slap_access_t *denyp )
+{
+ AttributeDescription *ad = ( AttributeDescription * )priv;
+ Attribute *at;
+ slap_access_t tgrant, tdeny, grant, deny;
+#ifdef LDAP_DEBUG
+ char accessmaskbuf[ACCESSMASK_MAXLEN];
+ char accessmaskbuf1[ACCESSMASK_MAXLEN];
+#endif /* LDAP_DEBUG */
+
+ if ( BER_BVISEMPTY( &e->e_nname ) ) {
+ /* no ACIs in the root DSE */
+ return -1;
+ }
+
+ /* start out with nothing granted, nothing denied */
+ ACL_INIT(tgrant);
+ ACL_INIT(tdeny);
+
+ /* get the aci attribute */
+ at = attr_find( e->e_attrs, ad );
+ if ( at != NULL ) {
+ int i;
+
+ /* the aci is an multi-valued attribute. The
+ * rights are determined by OR'ing the individual
+ * rights given by the acis.
+ */
+ for ( i = 0; !BER_BVISNULL( &at->a_nvals[i] ); i++ ) {
+ if ( aci_mask( op, e, desc, val, &at->a_nvals[i],
+ nmatch, matches, &grant, &deny,
+ SLAP_ACI_SCOPE_ENTRY ) != 0 )
+ {
+ tgrant |= grant;
+ tdeny |= deny;
+ }
+ }
+
+ Debug( LDAP_DEBUG_ACL, " <= aci_mask grant %s deny %s\n",
+ accessmask2str( tgrant, accessmaskbuf, 1 ),
+ accessmask2str( tdeny, accessmaskbuf1, 1 ), 0 );
+ }
+
+ /* If the entry level aci didn't contain anything valid for the
+ * current operation, climb up the tree and evaluate the
+ * acis with scope set to subtree
+ */
+ if ( tgrant == ACL_PRIV_NONE && tdeny == ACL_PRIV_NONE ) {
+ struct berval parent_ndn;
+
+ dnParent( &e->e_nname, &parent_ndn );
+ while ( !BER_BVISEMPTY( &parent_ndn ) ){
+ int i;
+ BerVarray bvals = NULL;
+ int ret, stop;
+
+ /* to solve the chicken'n'egg problem of accessing
+ * the OpenLDAPaci attribute, the direct access
+ * to the entry's attribute is unchecked; however,
+ * further accesses to OpenLDAPaci values in the
+ * ancestors occur through backend_attribute(), i.e.
+ * with the identity of the operation, requiring
+ * further access checking. For uniformity, this
+ * makes further requests occur as the rootdn, if
+ * any, i.e. searching for the OpenLDAPaci attribute
+ * is considered an internal search. If this is not
+ * acceptable, then the same check needs be performed
+ * when accessing the entry's attribute. */
+ struct berval save_o_dn, save_o_ndn;
+
+ if ( !BER_BVISNULL( &op->o_bd->be_rootndn ) ) {
+ save_o_dn = op->o_dn;
+ save_o_ndn = op->o_ndn;
+
+ op->o_dn = op->o_bd->be_rootdn;
+ op->o_ndn = op->o_bd->be_rootndn;
+ }
+
+ Debug( LDAP_DEBUG_ACL, " checking ACI of \"%s\"\n", parent_ndn.bv_val, 0, 0 );
+ ret = backend_attribute( op, NULL, &parent_ndn, ad, &bvals, ACL_AUTH );
+
+ if ( !BER_BVISNULL( &op->o_bd->be_rootndn ) ) {
+ op->o_dn = save_o_dn;
+ op->o_ndn = save_o_ndn;
+ }
+
+ switch ( ret ) {
+ case LDAP_SUCCESS :
+ stop = 0;
+ if ( !bvals ) {
+ break;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &bvals[i] ); i++ ) {
+ if ( aci_mask( op, e, desc, val,
+ &bvals[i],
+ nmatch, matches,
+ &grant, &deny,
+ SLAP_ACI_SCOPE_CHILDREN ) != 0 )
+ {
+ tgrant |= grant;
+ tdeny |= deny;
+ /* evaluation stops as soon as either a "deny" or a
+ * "grant" directive matches.
+ */
+ if ( tgrant != ACL_PRIV_NONE || tdeny != ACL_PRIV_NONE ) {
+ stop = 1;
+ }
+ }
+ Debug( LDAP_DEBUG_ACL, "<= aci_mask grant %s deny %s\n",
+ accessmask2str( tgrant, accessmaskbuf, 1 ),
+ accessmask2str( tdeny, accessmaskbuf1, 1 ), 0 );
+ }
+ break;
+
+ case LDAP_NO_SUCH_ATTRIBUTE:
+ /* just go on if the aci-Attribute is not present in
+ * the current entry
+ */
+ Debug( LDAP_DEBUG_ACL, "no such attribute\n", 0, 0, 0 );
+ stop = 0;
+ break;
+
+ case LDAP_NO_SUCH_OBJECT:
+ /* We have reached the base object */
+ Debug( LDAP_DEBUG_ACL, "no such object\n", 0, 0, 0 );
+ stop = 1;
+ break;
+
+ default:
+ stop = 1;
+ break;
+ }
+
+ if ( stop ) {
+ break;
+ }
+ dnParent( &parent_ndn, &parent_ndn );
+ }
+ }
+
+ *grantp = tgrant;
+ *denyp = tdeny;
+
+ return 0;
+}
+
+/* need to register this at some point */
+static slap_dynacl_t dynacl_aci = {
+ "aci",
+ dynacl_aci_parse,
+ dynacl_aci_unparse,
+ dynacl_aci_mask,
+ NULL,
+ NULL,
+ NULL
+};
+
+int
+dynacl_aci_init( void )
+{
+ int rc;
+
+ rc = aci_init();
+
+ if ( rc == 0 ) {
+ rc = slap_dynacl_register( &dynacl_aci );
+ }
+
+ return rc;
+}
+
+#endif /* SLAP_DYNACL */
+
+/* ACI syntax validation */
+
+/*
+ * Matches given berval to array of bervals
+ * Returns:
+ * >=0 if one if the array elements equals to this berval
+ * -1 if string was not found in array
+ */
+static int
+bv_getcaseidx(
+ struct berval *bv,
+ const struct berval *arr[] )
+{
+ int i;
+
+ if ( BER_BVISEMPTY( bv ) ) {
+ return -1;
+ }
+
+ for ( i = 0; arr[ i ] != NULL ; i++ ) {
+ if ( ber_bvstrcasecmp( bv, arr[ i ] ) == 0 ) {
+ return i;
+ }
+ }
+
+ return -1;
+}
+
+
+/* Returns what have left in input berval after current sub */
+static void
+bv_get_tail(
+ struct berval *val,
+ struct berval *sub,
+ struct berval *tail )
+{
+ int head_len;
+
+ tail->bv_val = sub->bv_val + sub->bv_len;
+ head_len = (unsigned long) tail->bv_val - (unsigned long) val->bv_val;
+ tail->bv_len = val->bv_len - head_len;
+}
+
+
+/*
+ * aci is accepted in following form:
+ * oid#scope#rights#type#subject
+ * Where:
+ * oid := numeric OID
+ * scope := entry|children
+ * rights := right[[$right]...]
+ * right := (grant|deny);action
+ * action := perms;attr[[;perms;attr]...]
+ * perms := perm[[,perm]...]
+ * perm := c|s|r|w|x
+ * attr := attributeType|"[all]"
+ * type := public|users|self|dnattr|group|role|set|set-ref|
+ * access_id|subtree|onelevel|children
+ */
+static int
+OpenLDAPaciValidatePerms(
+ struct berval *perms )
+{
+ int i;
+
+ for ( i = 0; i < perms->bv_len; ) {
+ switch ( perms->bv_val[ i ] ) {
+ case 'x':
+ case 'd':
+ case 'c':
+ case 's':
+ case 'r':
+ case 'w':
+ break;
+
+ default:
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if ( ++i == perms->bv_len ) {
+ return LDAP_SUCCESS;
+ }
+
+ while ( i < perms->bv_len && perms->bv_val[ i ] == ' ' )
+ i++;
+
+ assert( i != perms->bv_len );
+
+ if ( perms->bv_val[ i ] != ',' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ do {
+ i++;
+ } while ( perms->bv_val[ i ] == ' ' );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static const struct berval *ACIgrantdeny[] = {
+ &aci_bv[ ACI_BV_GRANT ],
+ &aci_bv[ ACI_BV_DENY ],
+ NULL
+};
+
+static int
+OpenLDAPaciValidateRight(
+ struct berval *action )
+{
+ struct berval bv = BER_BVNULL;
+ int i;
+
+ /* grant|deny */
+ if ( acl_get_part( action, 0, ';', &bv ) < 0 ||
+ bv_getcaseidx( &bv, ACIgrantdeny ) == -1 )
+ {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ for ( i = 0; acl_get_part( action, i + 1, ';', &bv ) >= 0; i++ ) {
+ if ( i & 1 ) {
+ /* perms */
+ if ( OpenLDAPaciValidatePerms( &bv ) != LDAP_SUCCESS )
+ {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ } else {
+ /* attr */
+ AttributeDescription *ad = NULL;
+ const char *text = NULL;
+
+ /* could be "[all]" or an attribute description */
+ if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ALL ] ) == 0 ) {
+ continue;
+ }
+
+ /* "[entry]" is tolerated for backward compatibility */
+ if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ENTRY ] ) == 0 ) {
+ continue;
+ }
+
+ if ( slap_bv2ad( &bv, &ad, &text ) != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+ }
+
+ /* "perms;attr" go in pairs */
+ if ( i > 0 && ( i & 1 ) == 0 ) {
+ return LDAP_SUCCESS;
+
+ } else {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+OpenLDAPaciNormalizeRight(
+ struct berval *action,
+ struct berval *naction,
+ void *ctx )
+{
+ struct berval grantdeny,
+ perms = BER_BVNULL,
+ bv = BER_BVNULL;
+ int idx,
+ i;
+
+ /* grant|deny */
+ if ( acl_get_part( action, 0, ';', &grantdeny ) < 0 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ idx = bv_getcaseidx( &grantdeny, ACIgrantdeny );
+ if ( idx == -1 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ ber_dupbv_x( naction, (struct berval *)ACIgrantdeny[ idx ], ctx );
+
+ for ( i = 1; acl_get_part( action, i, ';', &bv ) >= 0; i++ ) {
+ if ( i & 1 ) {
+ /* perms */
+ if ( OpenLDAPaciValidatePerms( &bv ) != LDAP_SUCCESS )
+ {
+ return LDAP_INVALID_SYNTAX;
+ }
+ perms = bv;
+
+ } else {
+ /* attr */
+ char *ptr;
+
+ /* could be "[all]" or an attribute description */
+ if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ALL ] ) == 0 ) {
+ bv = aci_bv[ ACI_BV_BR_ALL ];
+
+ /* "[entry]" is tolerated for backward compatibility */
+ } else if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ENTRY ] ) == 0 ) {
+ bv = aci_bv[ ACI_BV_ENTRY ];
+
+ } else {
+ AttributeDescription *ad = NULL;
+ const char *text = NULL;
+ int rc;
+
+ rc = slap_bv2ad( &bv, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ bv = ad->ad_cname;
+ }
+
+ naction->bv_val = ber_memrealloc_x( naction->bv_val,
+ naction->bv_len + STRLENOF( ";" )
+ + perms.bv_len + STRLENOF( ";" )
+ + bv.bv_len + 1,
+ ctx );
+
+ ptr = &naction->bv_val[ naction->bv_len ];
+ ptr[ 0 ] = ';';
+ ptr++;
+ ptr = lutil_strncopy( ptr, perms.bv_val, perms.bv_len );
+ ptr[ 0 ] = ';';
+ ptr++;
+ ptr = lutil_strncopy( ptr, bv.bv_val, bv.bv_len );
+ ptr[ 0 ] = '\0';
+ naction->bv_len += STRLENOF( ";" ) + perms.bv_len
+ + STRLENOF( ";" ) + bv.bv_len;
+ }
+ }
+
+ /* perms;attr go in pairs */
+ if ( i > 1 && ( i & 1 ) ) {
+ return LDAP_SUCCESS;
+
+ } else {
+ return LDAP_INVALID_SYNTAX;
+ }
+}
+
+static int
+OpenLDAPaciValidateRights(
+ struct berval *actions )
+
+{
+ struct berval bv = BER_BVNULL;
+ int i;
+
+ for ( i = 0; acl_get_part( actions, i, '$', &bv ) >= 0; i++ ) {
+ if ( OpenLDAPaciValidateRight( &bv ) != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+OpenLDAPaciNormalizeRights(
+ struct berval *actions,
+ struct berval *nactions,
+ void *ctx )
+
+{
+ struct berval bv = BER_BVNULL;
+ int i;
+
+ BER_BVZERO( nactions );
+ for ( i = 0; acl_get_part( actions, i, '$', &bv ) >= 0; i++ ) {
+ int rc;
+ struct berval nbv;
+
+ rc = OpenLDAPaciNormalizeRight( &bv, &nbv, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ ber_memfree_x( nactions->bv_val, ctx );
+ BER_BVZERO( nactions );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if ( i == 0 ) {
+ *nactions = nbv;
+
+ } else {
+ nactions->bv_val = ber_memrealloc_x( nactions->bv_val,
+ nactions->bv_len + STRLENOF( "$" )
+ + nbv.bv_len + 1,
+ ctx );
+ nactions->bv_val[ nactions->bv_len ] = '$';
+ AC_MEMCPY( &nactions->bv_val[ nactions->bv_len + 1 ],
+ nbv.bv_val, nbv.bv_len + 1 );
+ ber_memfree_x( nbv.bv_val, ctx );
+ nactions->bv_len += STRLENOF( "$" ) + nbv.bv_len;
+ }
+ BER_BVZERO( &nbv );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static const struct berval *OpenLDAPaciscopes[] = {
+ &aci_bv[ ACI_BV_ENTRY ],
+ &aci_bv[ ACI_BV_CHILDREN ],
+ &aci_bv[ ACI_BV_SUBTREE ],
+
+ NULL
+};
+
+static const struct berval *OpenLDAPacitypes[] = {
+ /* DN-valued */
+ &aci_bv[ ACI_BV_GROUP ],
+ &aci_bv[ ACI_BV_ROLE ],
+
+/* set to one past the last DN-valued type with options (/) */
+#define LAST_OPTIONAL 2
+
+ &aci_bv[ ACI_BV_ACCESS_ID ],
+ &aci_bv[ ACI_BV_SUBTREE ],
+ &aci_bv[ ACI_BV_ONELEVEL ],
+ &aci_bv[ ACI_BV_CHILDREN ],
+
+/* set to one past the last DN-valued type */
+#define LAST_DNVALUED 6
+
+ /* non DN-valued */
+ &aci_bv[ ACI_BV_DNATTR ],
+ &aci_bv[ ACI_BV_PUBLIC ],
+ &aci_bv[ ACI_BV_USERS ],
+ &aci_bv[ ACI_BV_SELF ],
+ &aci_bv[ ACI_BV_SET ],
+ &aci_bv[ ACI_BV_SET_REF ],
+
+ NULL
+};
+
+static int
+OpenLDAPaciValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+ struct berval oid = BER_BVNULL,
+ scope = BER_BVNULL,
+ rights = BER_BVNULL,
+ type = BER_BVNULL,
+ subject = BER_BVNULL;
+ int idx;
+
+ if ( BER_BVISEMPTY( val ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* oid */
+ if ( acl_get_part( val, 0, '#', &oid ) < 0 ||
+ numericoidValidate( NULL, &oid ) != LDAP_SUCCESS )
+ {
+ /* NOTE: the numericoidValidate() is rather pedantic;
+ * I'd replace it with X-ORDERED VALUES so that
+ * it's guaranteed values are maintained and used
+ * in the desired order */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* scope */
+ if ( acl_get_part( val, 1, '#', &scope ) < 0 ||
+ bv_getcaseidx( &scope, OpenLDAPaciscopes ) == -1 )
+ {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* rights */
+ if ( acl_get_part( val, 2, '#', &rights ) < 0 ||
+ OpenLDAPaciValidateRights( &rights ) != LDAP_SUCCESS )
+ {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* type */
+ if ( acl_get_part( val, 3, '#', &type ) < 0 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ idx = bv_getcaseidx( &type, OpenLDAPacitypes );
+ if ( idx == -1 ) {
+ struct berval isgr;
+
+ if ( acl_get_part( &type, 0, '/', &isgr ) < 0 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ idx = bv_getcaseidx( &isgr, OpenLDAPacitypes );
+ if ( idx == -1 || idx >= LAST_OPTIONAL ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ /* subject */
+ bv_get_tail( val, &type, &subject );
+ if ( subject.bv_val[ 0 ] != '#' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if ( idx >= LAST_DNVALUED ) {
+ if ( OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_DNATTR ] ) {
+ AttributeDescription *ad = NULL;
+ const char *text = NULL;
+ int rc;
+
+ rc = slap_bv2ad( &subject, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if ( ad->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName ) {
+ /* FIXME: allow nameAndOptionalUID? */
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ /* not a DN */
+ return LDAP_SUCCESS;
+
+ } else if ( OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_GROUP ]
+ || OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_ROLE ] )
+ {
+ /* do {group|role}/oc/at check */
+ struct berval ocbv = BER_BVNULL,
+ atbv = BER_BVNULL;
+
+ ocbv.bv_val = ber_bvchr( &type, '/' );
+ if ( ocbv.bv_val != NULL ) {
+ ocbv.bv_val++;
+ ocbv.bv_len = type.bv_len
+ - ( ocbv.bv_val - type.bv_val );
+
+ atbv.bv_val = ber_bvchr( &ocbv, '/' );
+ if ( atbv.bv_val != NULL ) {
+ AttributeDescription *ad = NULL;
+ const char *text = NULL;
+ int rc;
+
+ atbv.bv_val++;
+ atbv.bv_len = type.bv_len
+ - ( atbv.bv_val - type.bv_val );
+ ocbv.bv_len = atbv.bv_val - ocbv.bv_val - 1;
+
+ rc = slap_bv2ad( &atbv, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ if ( oc_bvfind( &ocbv ) == NULL ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+ }
+
+ if ( BER_BVISEMPTY( &subject ) ) {
+ /* empty DN invalid */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ subject.bv_val++;
+ subject.bv_len--;
+
+ /* FIXME: pass DN syntax? */
+ return dnValidate( NULL, &subject );
+}
+
+static int
+OpenLDAPaciPrettyNormal(
+ struct berval *val,
+ struct berval *out,
+ void *ctx,
+ int normalize )
+{
+ struct berval oid = BER_BVNULL,
+ scope = BER_BVNULL,
+ rights = BER_BVNULL,
+ nrights = BER_BVNULL,
+ type = BER_BVNULL,
+ ntype = BER_BVNULL,
+ subject = BER_BVNULL,
+ nsubject = BER_BVNULL;
+ int idx,
+ rc = LDAP_SUCCESS,
+ freesubject = 0,
+ freetype = 0;
+ char *ptr;
+
+ BER_BVZERO( out );
+
+ if ( BER_BVISEMPTY( val ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* oid: if valid, it's already normalized */
+ if ( acl_get_part( val, 0, '#', &oid ) < 0 ||
+ numericoidValidate( NULL, &oid ) != LDAP_SUCCESS )
+ {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* scope: normalize by replacing with OpenLDAPaciscopes */
+ if ( acl_get_part( val, 1, '#', &scope ) < 0 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ idx = bv_getcaseidx( &scope, OpenLDAPaciscopes );
+ if ( idx == -1 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ scope = *OpenLDAPaciscopes[ idx ];
+
+ /* rights */
+ if ( acl_get_part( val, 2, '#', &rights ) < 0 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ if ( OpenLDAPaciNormalizeRights( &rights, &nrights, ctx )
+ != LDAP_SUCCESS )
+ {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* type */
+ if ( acl_get_part( val, 3, '#', &type ) < 0 ) {
+ rc = LDAP_INVALID_SYNTAX;
+ goto cleanup;
+ }
+ idx = bv_getcaseidx( &type, OpenLDAPacitypes );
+ if ( idx == -1 ) {
+ struct berval isgr;
+
+ if ( acl_get_part( &type, 0, '/', &isgr ) < 0 ) {
+ rc = LDAP_INVALID_SYNTAX;
+ goto cleanup;
+ }
+
+ idx = bv_getcaseidx( &isgr, OpenLDAPacitypes );
+ if ( idx == -1 || idx >= LAST_OPTIONAL ) {
+ rc = LDAP_INVALID_SYNTAX;
+ goto cleanup;
+ }
+ }
+ ntype = *OpenLDAPacitypes[ idx ];
+
+ /* subject */
+ bv_get_tail( val, &type, &subject );
+
+ if ( BER_BVISEMPTY( &subject ) || subject.bv_val[ 0 ] != '#' ) {
+ rc = LDAP_INVALID_SYNTAX;
+ goto cleanup;
+ }
+
+ subject.bv_val++;
+ subject.bv_len--;
+
+ if ( idx < LAST_DNVALUED ) {
+ /* FIXME: pass DN syntax? */
+ if ( normalize ) {
+ rc = dnNormalize( 0, NULL, NULL,
+ &subject, &nsubject, ctx );
+ } else {
+ rc = dnPretty( NULL, &subject, &nsubject, ctx );
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ freesubject = 1;
+
+ } else {
+ goto cleanup;
+ }
+
+ if ( OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_GROUP ]
+ || OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_ROLE ] )
+ {
+ /* do {group|role}/oc/at check */
+ struct berval ocbv = BER_BVNULL,
+ atbv = BER_BVNULL;
+
+ ocbv.bv_val = ber_bvchr( &type, '/' );
+ if ( ocbv.bv_val != NULL ) {
+ ObjectClass *oc = NULL;
+ AttributeDescription *ad = NULL;
+ const char *text = NULL;
+ int rc;
+ struct berval bv;
+
+ bv.bv_len = ntype.bv_len;
+
+ ocbv.bv_val++;
+ ocbv.bv_len = type.bv_len - ( ocbv.bv_val - type.bv_val );
+
+ atbv.bv_val = ber_bvchr( &ocbv, '/' );
+ if ( atbv.bv_val != NULL ) {
+ atbv.bv_val++;
+ atbv.bv_len = type.bv_len
+ - ( atbv.bv_val - type.bv_val );
+ ocbv.bv_len = atbv.bv_val - ocbv.bv_val - 1;
+
+ rc = slap_bv2ad( &atbv, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ rc = LDAP_INVALID_SYNTAX;
+ goto cleanup;
+ }
+
+ bv.bv_len += STRLENOF( "/" ) + ad->ad_cname.bv_len;
+ }
+
+ oc = oc_bvfind( &ocbv );
+ if ( oc == NULL ) {
+ rc = LDAP_INVALID_SYNTAX;
+ goto cleanup;
+ }
+
+ bv.bv_len += STRLENOF( "/" ) + oc->soc_cname.bv_len;
+ bv.bv_val = ber_memalloc_x( bv.bv_len + 1, ctx );
+
+ ptr = bv.bv_val;
+ ptr = lutil_strncopy( ptr, ntype.bv_val, ntype.bv_len );
+ ptr[ 0 ] = '/';
+ ptr++;
+ ptr = lutil_strncopy( ptr,
+ oc->soc_cname.bv_val,
+ oc->soc_cname.bv_len );
+ if ( ad != NULL ) {
+ ptr[ 0 ] = '/';
+ ptr++;
+ ptr = lutil_strncopy( ptr,
+ ad->ad_cname.bv_val,
+ ad->ad_cname.bv_len );
+ }
+ ptr[ 0 ] = '\0';
+
+ ntype = bv;
+ freetype = 1;
+ }
+ }
+
+ } else if ( OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_DNATTR ] ) {
+ AttributeDescription *ad = NULL;
+ const char *text = NULL;
+ int rc;
+
+ rc = slap_bv2ad( &subject, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ rc = LDAP_INVALID_SYNTAX;
+ goto cleanup;
+ }
+
+ if ( ad->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName ) {
+ /* FIXME: allow nameAndOptionalUID? */
+ rc = LDAP_INVALID_SYNTAX;
+ goto cleanup;
+ }
+
+ nsubject = ad->ad_cname;
+ }
+
+
+ out->bv_len =
+ oid.bv_len + STRLENOF( "#" )
+ + scope.bv_len + STRLENOF( "#" )
+ + nrights.bv_len + STRLENOF( "#" )
+ + ntype.bv_len + STRLENOF( "#" )
+ + nsubject.bv_len;
+
+ out->bv_val = ber_memalloc_x( out->bv_len + 1, ctx );
+ ptr = lutil_strncopy( out->bv_val, oid.bv_val, oid.bv_len );
+ ptr[ 0 ] = '#';
+ ptr++;
+ ptr = lutil_strncopy( ptr, scope.bv_val, scope.bv_len );
+ ptr[ 0 ] = '#';
+ ptr++;
+ ptr = lutil_strncopy( ptr, nrights.bv_val, nrights.bv_len );
+ ptr[ 0 ] = '#';
+ ptr++;
+ ptr = lutil_strncopy( ptr, ntype.bv_val, ntype.bv_len );
+ ptr[ 0 ] = '#';
+ ptr++;
+ if ( !BER_BVISNULL( &nsubject ) ) {
+ ptr = lutil_strncopy( ptr, nsubject.bv_val, nsubject.bv_len );
+ }
+ ptr[ 0 ] = '\0';
+
+cleanup:;
+ if ( freesubject ) {
+ ber_memfree_x( nsubject.bv_val, ctx );
+ }
+
+ if ( freetype ) {
+ ber_memfree_x( ntype.bv_val, ctx );
+ }
+
+ if ( !BER_BVISNULL( &nrights ) ) {
+ ber_memfree_x( nrights.bv_val, ctx );
+ }
+
+ return rc;
+}
+
+static int
+OpenLDAPaciPretty(
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *out,
+ void *ctx )
+{
+ return OpenLDAPaciPrettyNormal( val, out, ctx, 0 );
+}
+
+static int
+OpenLDAPaciNormalize(
+ slap_mask_t use,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *out,
+ void *ctx )
+{
+ return OpenLDAPaciPrettyNormal( val, out, ctx, 1 );
+}
+
+#if SLAPD_ACI_ENABLED == SLAPD_MOD_DYNAMIC
+/*
+ * FIXME: need config and Makefile.am code to ease building
+ * as dynamic module
+ */
+int
+init_module( int argc, char *argv[] )
+{
+ return slap_dynacl_register();
+}
+#endif /* SLAPD_ACI_ENABLED == SLAPD_MOD_DYNAMIC */
+
+#endif /* SLAPD_ACI_ENABLED */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/acl.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/acl.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/acl.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2953 @@
+/* acl.c - routines to parse and check acl's */
+/* $OpenLDAP: pkg/ldap/servers/slapd/acl.c,v 1.250.2.28 2007/04/01 21:31:25 quanah Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/regex.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "sets.h"
+#include "lber_pvt.h"
+#include "lutil.h"
+
+#define ACL_BUF_SIZE 1024 /* use most appropriate size */
+
+static const struct berval acl_bv_ip_eq = BER_BVC( "IP=" );
+#ifdef LDAP_PF_LOCAL
+static const struct berval acl_bv_path_eq = BER_BVC("PATH=");
+#endif /* LDAP_PF_LOCAL */
+
+static AccessControl * slap_acl_get(
+ AccessControl *ac, int *count,
+ Operation *op, Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ int nmatch, regmatch_t *matches,
+ AccessControlState *state );
+
+static slap_control_t slap_acl_mask(
+ AccessControl *ac, slap_mask_t *mask,
+ Operation *op, Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ int nmatch,
+ regmatch_t *matches,
+ int count,
+ AccessControlState *state );
+
+static int regex_matches(
+ struct berval *pat, char *str, char *buf,
+ int nmatch, regmatch_t *matches);
+
+typedef struct AclSetCookie {
+ SetCookie asc_cookie;
+#define asc_op asc_cookie.set_op
+ Entry *asc_e;
+} AclSetCookie;
+
+SLAP_SET_GATHER acl_set_gather;
+SLAP_SET_GATHER acl_set_gather2;
+
+/*
+ * access_allowed - check whether op->o_ndn is allowed the requested access
+ * to entry e, attribute attr, value val. if val is null, access to
+ * the whole attribute is assumed (all values).
+ *
+ * This routine loops through all access controls and calls
+ * slap_acl_mask() on each applicable access control.
+ * The loop exits when a definitive answer is reached or
+ * or no more controls remain.
+ *
+ * returns:
+ * 0 access denied
+ * 1 access granted
+ *
+ * Notes:
+ * - can be legally called with op == NULL
+ * - can be legally called with op->o_bd == NULL
+ */
+
+#ifdef SLAP_OVERLAY_ACCESS
+int
+slap_access_always_allowed(
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *maskp )
+{
+ assert( maskp != NULL );
+
+ /* assign all */
+ ACL_LVL_ASSIGN_MANAGE( *maskp );
+
+ return 1;
+}
+
+int
+slap_access_allowed(
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *maskp )
+{
+ int ret = 1;
+ int count;
+ AccessControl *a = NULL;
+
+#ifdef LDAP_DEBUG
+ char accessmaskbuf[ACCESSMASK_MAXLEN];
+#endif
+ slap_mask_t mask;
+ slap_control_t control;
+ slap_access_t access_level;
+ const char *attr;
+ regmatch_t matches[MAXREMATCHES];
+ int st_same_attr = 0;
+
+ assert( op != NULL );
+ assert( e != NULL );
+ assert( desc != NULL );
+ assert( maskp != NULL );
+
+ access_level = ACL_LEVEL( access );
+ attr = desc->ad_cname.bv_val;
+
+ assert( attr != NULL );
+
+ ACL_INIT( mask );
+
+ /* grant database root access */
+ if ( be_isroot( op ) ) {
+ Debug( LDAP_DEBUG_ACL, "<= root access granted\n", 0, 0, 0 );
+ mask = ACL_LVL_MANAGE;
+ goto done;
+ }
+
+ /*
+ * no-user-modification operational attributes are ignored
+ * by ACL_WRITE checking as any found here are not provided
+ * by the user
+ *
+ * NOTE: but they are not ignored for ACL_MANAGE, because
+ * if we get here it means a non-root user is trying to
+ * manage data, so we need to check its privileges.
+ */
+ if ( access_level == ACL_WRITE
+ && is_at_no_user_mod( desc->ad_type )
+ && desc != slap_schema.si_ad_entry
+ && desc != slap_schema.si_ad_children )
+ {
+ Debug( LDAP_DEBUG_ACL, "NoUserMod Operational attribute:"
+ " %s access granted\n",
+ attr, 0, 0 );
+ goto done;
+ }
+
+ /* use backend default access if no backend acls */
+ if ( op->o_bd->be_acl == NULL ) {
+ int i;
+
+ Debug( LDAP_DEBUG_ACL,
+ "=> slap_access_allowed: backend default %s "
+ "access %s to \"%s\"\n",
+ access2str( access ),
+ op->o_bd->be_dfltaccess >= access_level ? "granted" : "denied",
+ op->o_dn.bv_val ? op->o_dn.bv_val : "(anonymous)" );
+ ret = op->o_bd->be_dfltaccess >= access_level;
+
+ mask = ACL_PRIV_LEVEL;
+ for ( i = ACL_NONE; i <= op->o_bd->be_dfltaccess; i++ ) {
+ ACL_PRIV_SET( mask, ACL_ACCESS2PRIV( i ) );
+ }
+
+ goto done;
+ }
+
+ ret = 0;
+ control = ACL_BREAK;
+
+ if ( st_same_attr ) {
+ assert( state->as_vd_acl != NULL );
+
+ a = state->as_vd_acl;
+ count = state->as_vd_acl_count;
+ if ( !ACL_IS_INVALID( state->as_vd_acl_mask ) ) {
+ mask = state->as_vd_acl_mask;
+ AC_MEMCPY( matches, state->as_vd_acl_matches, sizeof(matches) );
+ goto vd_access;
+ }
+
+ } else {
+ if ( state ) state->as_vi_acl = NULL;
+ a = NULL;
+ ACL_PRIV_ASSIGN( mask, *maskp );
+ count = 0;
+ memset( matches, '\0', sizeof( matches ) );
+ }
+
+ while ( ( a = slap_acl_get( a, &count, op, e, desc, val,
+ MAXREMATCHES, matches, state ) ) != NULL )
+ {
+ int i;
+
+ for ( i = 0; i < MAXREMATCHES && matches[i].rm_so > 0; i++ ) {
+ Debug( LDAP_DEBUG_ACL, "=> match[%d]: %d %d ", i,
+ (int)matches[i].rm_so, (int)matches[i].rm_eo );
+ if ( matches[i].rm_so <= matches[0].rm_eo ) {
+ int n;
+ for ( n = matches[i].rm_so; n < matches[i].rm_eo; n++ ) {
+ Debug( LDAP_DEBUG_ACL, "%c", e->e_ndn[n], 0, 0 );
+ }
+ }
+ Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
+ }
+
+ if ( state ) {
+ if ( state->as_vi_acl == a &&
+ ( state->as_recorded & ACL_STATE_RECORDED_NV ) )
+ {
+ Debug( LDAP_DEBUG_ACL,
+ "=> slap_access_allowed: result from state (%s)\n",
+ attr, 0, 0 );
+ ret = state->as_result;
+ goto done;
+ } else {
+ Debug( LDAP_DEBUG_ACL,
+ "=> slap_access_allowed: no res from state (%s)\n",
+ attr, 0, 0 );
+ }
+ }
+
+vd_access:
+ control = slap_acl_mask( a, &mask, op,
+ e, desc, val, MAXREMATCHES, matches, count, state );
+
+ if ( control != ACL_BREAK ) {
+ break;
+ }
+
+ memset( matches, '\0', sizeof( matches ) );
+ }
+
+ if ( ACL_IS_INVALID( mask ) ) {
+ Debug( LDAP_DEBUG_ACL,
+ "=> slap_access_allowed: \"%s\" (%s) invalid!\n",
+ e->e_dn, attr, 0 );
+ ACL_PRIV_ASSIGN( mask, *maskp );
+
+ } else if ( control == ACL_BREAK ) {
+ Debug( LDAP_DEBUG_ACL,
+ "=> slap_access_allowed: no more rules\n", 0, 0, 0 );
+
+ goto done;
+ }
+
+ ret = ACL_GRANT( mask, access );
+
+ Debug( LDAP_DEBUG_ACL,
+ "=> slap_access_allowed: %s access %s by %s\n",
+ access2str( access ), ret ? "granted" : "denied",
+ accessmask2str( mask, accessmaskbuf, 1 ) );
+
+done:
+ ACL_PRIV_ASSIGN( *maskp, mask );
+ return ret;
+}
+
+int
+fe_access_allowed(
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *maskp )
+{
+ BackendDB *be_orig;
+ int rc;
+
+ /*
+ * NOTE: control gets here if FIXME
+ * if an appropriate backend cannot be selected for the operation,
+ * we assume that the frontend should handle this
+ * FIXME: should select_backend() take care of this,
+ * and return frontendDB instead of NULL? maybe for some value
+ * of the flags?
+ */
+ be_orig = op->o_bd;
+
+ if ( op->o_bd == NULL ) {
+ op->o_bd = select_backend( &op->o_req_ndn, 0, 0 );
+ if ( op->o_bd == NULL )
+ op->o_bd = frontendDB;
+ }
+ rc = slap_access_allowed( op, e, desc, val, access, state, maskp );
+ op->o_bd = be_orig;
+
+ return rc;
+}
+
+int
+access_allowed_mask(
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *maskp )
+{
+ int ret = 1;
+ AccessControl *a = NULL;
+ int be_null = 0;
+
+#ifdef LDAP_DEBUG
+ char accessmaskbuf[ACCESSMASK_MAXLEN];
+#endif
+ slap_mask_t mask;
+ slap_access_t access_level;
+ const char *attr;
+ int st_same_attr = 0;
+ static AccessControlState state_init = ACL_STATE_INIT;
+
+ assert( e != NULL );
+ assert( desc != NULL );
+
+ access_level = ACL_LEVEL( access );
+
+ assert( access_level > ACL_NONE );
+
+ ACL_INIT( mask );
+ if ( maskp ) ACL_INVALIDATE( *maskp );
+
+ attr = desc->ad_cname.bv_val;
+
+ assert( attr != NULL );
+
+ if ( op ) {
+ if ( op->o_is_auth_check &&
+ ( access_level == ACL_SEARCH || access_level == ACL_READ ) )
+ {
+ access = ACL_AUTH;
+
+ } else if ( get_manageDIT( op ) && access_level == ACL_WRITE &&
+ desc == slap_schema.si_ad_entry )
+ {
+ access = ACL_MANAGE;
+ }
+ }
+
+ if ( state ) {
+ if ( state->as_vd_ad == desc ) {
+ if ( state->as_recorded ) {
+ if ( ( state->as_recorded & ACL_STATE_RECORDED_NV ) &&
+ val == NULL )
+ {
+ return state->as_result;
+
+ } else if ( ( state->as_recorded & ACL_STATE_RECORDED_VD ) &&
+ val != NULL && state->as_vd_acl == NULL )
+ {
+ return state->as_result;
+ }
+ }
+ st_same_attr = 1;
+ } else {
+ *state = state_init;
+ }
+
+ state->as_vd_ad = desc;
+ }
+
+ Debug( LDAP_DEBUG_ACL,
+ "=> access_allowed: %s access to \"%s\" \"%s\" requested\n",
+ access2str( access ), e->e_dn, attr );
+
+ if ( op == NULL ) {
+ /* no-op call */
+ goto done;
+ }
+
+ if ( op->o_bd == NULL ) {
+ op->o_bd = LDAP_STAILQ_FIRST( &backendDB );
+ be_null = 1;
+
+#ifdef LDAP_DEVEL
+ /*
+ * FIXME: experimental; use first backend rules
+ * iff there is no global_acl (ITS#3100) */
+ if ( frontendDB->be_acl != NULL ) {
+ op->o_bd = frontendDB;
+ }
+#endif /* LDAP_DEVEL */
+ }
+ assert( op->o_bd != NULL );
+
+ /* this is enforced in backend_add() */
+ if ( op->o_bd->bd_info->bi_access_allowed ) {
+ /* delegate to backend */
+ ret = op->o_bd->bd_info->bi_access_allowed( op, e,
+ desc, val, access, state, &mask );
+
+ } else {
+ /* use default (but pass through frontend
+ * for global ACL overlays) */
+ ret = frontendDB->bd_info->bi_access_allowed( op, e,
+ desc, val, access, state, &mask );
+ }
+
+ if ( !ret ) {
+ if ( ACL_IS_INVALID( mask ) ) {
+ Debug( LDAP_DEBUG_ACL,
+ "=> access_allowed: \"%s\" (%s) invalid!\n",
+ e->e_dn, attr, 0 );
+ ACL_INIT( mask );
+
+ } else {
+ Debug( LDAP_DEBUG_ACL,
+ "=> access_allowed: no more rules\n", 0, 0, 0 );
+
+ goto done;
+ }
+ }
+
+ Debug( LDAP_DEBUG_ACL,
+ "=> access_allowed: %s access %s by %s\n",
+ access2str( access ), ret ? "granted" : "denied",
+ accessmask2str( mask, accessmaskbuf, 1 ) );
+
+done:
+ if ( state != NULL ) {
+ /* If not value-dependent, save ACL in case of more attrs */
+ if ( !( state->as_recorded & ACL_STATE_RECORDED_VD ) ) {
+ state->as_vi_acl = a;
+ state->as_result = ret;
+ }
+ state->as_recorded |= ACL_STATE_RECORDED;
+ }
+ if ( be_null ) op->o_bd = NULL;
+ if ( maskp ) ACL_PRIV_ASSIGN( *maskp, mask );
+ return ret;
+}
+
+#else /* !SLAP_OVERLAY_ACCESS */
+
+int
+access_allowed_mask(
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *maskp )
+{
+ int ret = 1;
+ int count;
+ AccessControl *a = NULL;
+ Backend *be;
+ int be_null = 0;
+
+#ifdef LDAP_DEBUG
+ char accessmaskbuf[ACCESSMASK_MAXLEN];
+#endif
+ slap_mask_t mask;
+ slap_control_t control;
+ slap_access_t access_level;
+ const char *attr;
+ regmatch_t matches[MAXREMATCHES];
+ int st_same_attr = 0;
+ static AccessControlState state_init = ACL_STATE_INIT;
+
+ assert( e != NULL );
+ assert( desc != NULL );
+
+ access_level = ACL_LEVEL( access );
+
+ assert( access_level > ACL_NONE );
+ if ( maskp ) ACL_INVALIDATE( *maskp );
+
+ attr = desc->ad_cname.bv_val;
+
+ assert( attr != NULL );
+
+ if ( op ) {
+ if ( op->o_is_auth_check &&
+ ( access_level == ACL_SEARCH || access_level == ACL_READ ) )
+ {
+ access = ACL_AUTH;
+
+ } else if ( get_manageDIT( op ) && access_level == ACL_WRITE &&
+ desc == slap_schema.si_ad_entry )
+ {
+ access = ACL_MANAGE;
+ }
+ }
+
+ if ( state ) {
+ if ( state->as_vd_ad == desc ) {
+ if ( state->as_recorded ) {
+ if ( ( state->as_recorded & ACL_STATE_RECORDED_NV ) &&
+ val == NULL )
+ {
+ return state->as_result;
+
+ } else if ( ( state->as_recorded & ACL_STATE_RECORDED_VD ) &&
+ val != NULL && state->as_vd_acl == NULL )
+ {
+ return state->as_result;
+ }
+ }
+ st_same_attr = 1;
+ } else {
+ *state = state_init;
+ }
+
+ state->as_vd_ad=desc;
+ }
+
+ Debug( LDAP_DEBUG_ACL,
+ "=> access_allowed: %s access to \"%s\" \"%s\" requested\n",
+ access2str( access ), e->e_dn, attr );
+
+ if ( op == NULL ) {
+ /* no-op call */
+ goto done;
+ }
+
+ be = op->o_bd;
+ if ( be == NULL ) {
+ be = LDAP_STAILQ_FIRST(&backendDB);
+ be_null = 1;
+#ifdef LDAP_DEVEL
+ /*
+ * FIXME: experimental; use first backend rules
+ * iff there is no global_acl (ITS#3100) */
+ if ( frontendDB->be_acl == NULL )
+#endif
+ {
+ op->o_bd = be;
+ }
+ }
+ assert( be != NULL );
+
+ /* grant database root access */
+ if ( be_isroot( op ) ) {
+ Debug( LDAP_DEBUG_ACL, "<= root access granted\n", 0, 0, 0 );
+ if ( maskp ) {
+ mask = ACL_LVL_MANAGE;
+ }
+
+ goto done;
+ }
+
+ /*
+ * no-user-modification operational attributes are ignored
+ * by ACL_WRITE checking as any found here are not provided
+ * by the user
+ *
+ * NOTE: but they are not ignored for ACL_MANAGE, because
+ * if we get here it means a non-root user is trying to
+ * manage data, so we need to check its privileges.
+ */
+ if ( access_level == ACL_WRITE && is_at_no_user_mod( desc->ad_type )
+ && desc != slap_schema.si_ad_entry
+ && desc != slap_schema.si_ad_children )
+ {
+ Debug( LDAP_DEBUG_ACL, "NoUserMod Operational attribute:"
+ " %s access granted\n",
+ attr, 0, 0 );
+ goto done;
+ }
+
+ /* use backend default access if no backend acls */
+ if ( be->be_acl == NULL ) {
+ Debug( LDAP_DEBUG_ACL,
+ "=> access_allowed: backend default %s "
+ "access %s to \"%s\"\n",
+ access2str( access ),
+ be->be_dfltaccess >= access_level ? "granted" : "denied",
+ op->o_dn.bv_val ? op->o_dn.bv_val : "(anonymous)" );
+ ret = be->be_dfltaccess >= access_level;
+
+ if ( maskp ) {
+ int i;
+
+ mask = ACL_PRIV_LEVEL;
+ for ( i = ACL_NONE; i <= be->be_dfltaccess; i++ ) {
+ mask |= ACL_ACCESS2PRIV( i );
+ }
+ }
+
+ goto done;
+
+#ifdef notdef
+ /* be is always non-NULL */
+ /* use global default access if no global acls */
+ } else if ( be == NULL && frontendDB->be_acl == NULL ) {
+ Debug( LDAP_DEBUG_ACL,
+ "=> access_allowed: global default %s access %s to \"%s\"\n",
+ access2str( access ),
+ frontendDB->be_dfltaccess >= access_level ?
+ "granted" : "denied", op->o_dn.bv_val );
+ ret = frontendDB->be_dfltaccess >= access_level;
+
+ if ( maskp ) {
+ int i;
+
+ mask = ACL_PRIV_LEVEL;
+ for ( i = ACL_NONE; i <= global_default_access; i++ ) {
+ mask |= ACL_ACCESS2PRIV( i );
+ }
+ }
+
+ goto done;
+#endif
+ }
+
+ ret = 0;
+ control = ACL_BREAK;
+
+ if ( st_same_attr ) {
+ assert( state->as_vd_acl != NULL );
+
+ a = state->as_vd_acl;
+ count = state->as_vd_acl_count;
+ if ( !ACL_IS_INVALID( state->as_vd_acl_mask ) ) {
+ mask = state->as_vd_acl_mask;
+ AC_MEMCPY( matches, state->as_vd_acl_matches, sizeof(matches) );
+ goto vd_access;
+ }
+
+ } else {
+ if ( state ) state->as_vi_acl = NULL;
+ a = NULL;
+ ACL_INIT(mask);
+ count = 0;
+ memset( matches, '\0', sizeof(matches) );
+ }
+
+ while ( ( a = slap_acl_get( a, &count, op, e, desc, val,
+ MAXREMATCHES, matches, state ) ) != NULL )
+ {
+ int i;
+
+ for ( i = 0; i < MAXREMATCHES && matches[i].rm_so > 0; i++ ) {
+ Debug( LDAP_DEBUG_ACL, "=> match[%d]: %d %d ", i,
+ (int)matches[i].rm_so, (int)matches[i].rm_eo );
+ if ( matches[i].rm_so <= matches[0].rm_eo ) {
+ int n;
+ for ( n = matches[i].rm_so; n < matches[i].rm_eo; n++ ) {
+ Debug( LDAP_DEBUG_ACL, "%c", e->e_ndn[n], 0, 0 );
+ }
+ }
+ Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
+ }
+
+ if ( state ) {
+ if ( state->as_vi_acl == a &&
+ ( state->as_recorded & ACL_STATE_RECORDED_NV ) )
+ {
+ Debug( LDAP_DEBUG_ACL,
+ "access_allowed: result from state (%s)\n",
+ attr, 0, 0 );
+ ret = state->as_result;
+ goto done;
+ } else {
+ Debug( LDAP_DEBUG_ACL,
+ "access_allowed: no res from state (%s)\n",
+ attr, 0, 0 );
+ }
+ }
+
+vd_access:
+ control = slap_acl_mask( a, &mask, op,
+ e, desc, val, MAXREMATCHES, matches, count, state );
+
+ if ( control != ACL_BREAK ) {
+ break;
+ }
+
+ memset( matches, '\0', sizeof(matches) );
+ }
+
+ if ( ACL_IS_INVALID( mask ) ) {
+ Debug( LDAP_DEBUG_ACL,
+ "=> access_allowed: \"%s\" (%s) invalid!\n",
+ e->e_dn, attr, 0 );
+ ACL_INIT(mask);
+
+ } else if ( control == ACL_BREAK ) {
+ Debug( LDAP_DEBUG_ACL,
+ "=> access_allowed: no more rules\n", 0, 0, 0 );
+
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_ACL,
+ "=> access_allowed: %s access %s by %s\n",
+ access2str( access ),
+ ACL_GRANT(mask, access) ? "granted" : "denied",
+ accessmask2str( mask, accessmaskbuf, 1 ) );
+
+ ret = ACL_GRANT(mask, access);
+
+done:
+ if ( state != NULL ) {
+ /* If not value-dependent, save ACL in case of more attrs */
+ if ( !( state->as_recorded & ACL_STATE_RECORDED_VD ) ) {
+ state->as_vi_acl = a;
+ state->as_result = ret;
+ }
+ state->as_recorded |= ACL_STATE_RECORDED;
+ }
+ if ( be_null ) op->o_bd = NULL;
+ if ( maskp ) *maskp = mask;
+ return ret;
+}
+
+#endif /* SLAP_OVERLAY_ACCESS */
+
+/*
+ * slap_acl_get - return the acl applicable to entry e, attribute
+ * attr. the acl returned is suitable for use in subsequent calls to
+ * acl_access_allowed().
+ */
+
+static AccessControl *
+slap_acl_get(
+ AccessControl *a,
+ int *count,
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ int nmatch,
+ regmatch_t *matches,
+ AccessControlState *state )
+{
+ const char *attr;
+ int dnlen, patlen;
+ AccessControl *prev;
+
+ assert( e != NULL );
+ assert( count != NULL );
+ assert( desc != NULL );
+
+ attr = desc->ad_cname.bv_val;
+
+ assert( attr != NULL );
+
+ if( a == NULL ) {
+ if( op->o_bd == NULL ) {
+ a = frontendDB->be_acl;
+ } else {
+ a = op->o_bd->be_acl;
+ }
+ prev = NULL;
+
+ assert( a != NULL );
+
+ } else {
+ prev = a;
+ a = a->acl_next;
+ }
+
+ dnlen = e->e_nname.bv_len;
+
+ for ( ; a != NULL; a = a->acl_next ) {
+ (*count) ++;
+
+ if ( a->acl_dn_pat.bv_len || ( a->acl_dn_style != ACL_STYLE_REGEX )) {
+ if ( a->acl_dn_style == ACL_STYLE_REGEX ) {
+ Debug( LDAP_DEBUG_ACL, "=> dnpat: [%d] %s nsub: %d\n",
+ *count, a->acl_dn_pat.bv_val, (int) a->acl_dn_re.re_nsub );
+ if (regexec(&a->acl_dn_re, e->e_ndn, nmatch, matches, 0))
+ continue;
+
+ } else {
+ Debug( LDAP_DEBUG_ACL, "=> dn: [%d] %s\n",
+ *count, a->acl_dn_pat.bv_val, 0 );
+ patlen = a->acl_dn_pat.bv_len;
+ if ( dnlen < patlen )
+ continue;
+
+ if ( a->acl_dn_style == ACL_STYLE_BASE ) {
+ /* base dn -- entire object DN must match */
+ if ( dnlen != patlen )
+ continue;
+
+ } else if ( a->acl_dn_style == ACL_STYLE_ONE ) {
+ ber_len_t rdnlen = 0;
+ int sep = 0;
+
+ if ( dnlen <= patlen )
+ continue;
+
+ if ( patlen > 0 ) {
+ if ( !DN_SEPARATOR( e->e_ndn[dnlen - patlen - 1] ) )
+ continue;
+ sep = 1;
+ }
+
+ rdnlen = dn_rdnlen( NULL, &e->e_nname );
+ if ( rdnlen != dnlen - patlen - sep )
+ continue;
+
+ } else if ( a->acl_dn_style == ACL_STYLE_SUBTREE ) {
+ if ( dnlen > patlen && !DN_SEPARATOR( e->e_ndn[dnlen - patlen - 1] ) )
+ continue;
+
+ } else if ( a->acl_dn_style == ACL_STYLE_CHILDREN ) {
+ if ( dnlen <= patlen )
+ continue;
+ if ( !DN_SEPARATOR( e->e_ndn[dnlen - patlen - 1] ) )
+ continue;
+ }
+
+ if ( strcmp( a->acl_dn_pat.bv_val, e->e_ndn + dnlen - patlen ) != 0 )
+ continue;
+ }
+
+ Debug( LDAP_DEBUG_ACL, "=> acl_get: [%d] matched\n",
+ *count, 0, 0 );
+ }
+
+ if ( a->acl_attrs && !ad_inlist( desc, a->acl_attrs ) ) {
+ matches[0].rm_so = matches[0].rm_eo = -1;
+ continue;
+ }
+
+ /* Is this ACL only for a specific value? */
+ if ( a->acl_attrval.bv_len ) {
+ if ( val == NULL ) {
+ continue;
+ }
+
+ if( state && !( state->as_recorded & ACL_STATE_RECORDED_VD )) {
+ state->as_recorded |= ACL_STATE_RECORDED_VD;
+ state->as_vd_acl = a;
+ state->as_vd_acl_count = *count;
+ state->as_vd_access = a->acl_access;
+ state->as_vd_access_count = 1;
+ ACL_INVALIDATE( state->as_vd_acl_mask );
+ }
+
+ if ( a->acl_attrval_style == ACL_STYLE_REGEX ) {
+ Debug( LDAP_DEBUG_ACL,
+ "acl_get: valpat %s\n",
+ a->acl_attrval.bv_val, 0, 0 );
+ if ( regexec( &a->acl_attrval_re, val->bv_val, 0, NULL, 0 ) )
+ {
+ continue;
+ }
+
+ } else {
+ int match = 0;
+ const char *text;
+ Debug( LDAP_DEBUG_ACL,
+ "acl_get: val %s\n",
+ a->acl_attrval.bv_val, 0, 0 );
+
+ if ( a->acl_attrs[0].an_desc->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName ) {
+ if (value_match( &match, desc,
+ a->acl_attrval_mr, 0,
+ val, &a->acl_attrval, &text ) != LDAP_SUCCESS ||
+ match )
+ continue;
+
+ } else {
+ int patlen, vdnlen;
+
+ patlen = a->acl_attrval.bv_len;
+ vdnlen = val->bv_len;
+
+ if ( vdnlen < patlen )
+ continue;
+
+ if ( a->acl_attrval_style == ACL_STYLE_BASE ) {
+ if ( vdnlen > patlen )
+ continue;
+
+ } else if ( a->acl_attrval_style == ACL_STYLE_ONE ) {
+ ber_len_t rdnlen = 0;
+
+ if ( !DN_SEPARATOR( val->bv_val[vdnlen - patlen - 1] ) )
+ continue;
+
+ rdnlen = dn_rdnlen( NULL, val );
+ if ( rdnlen != vdnlen - patlen - 1 )
+ continue;
+
+ } else if ( a->acl_attrval_style == ACL_STYLE_SUBTREE ) {
+ if ( vdnlen > patlen && !DN_SEPARATOR( val->bv_val[vdnlen - patlen - 1] ) )
+ continue;
+
+ } else if ( a->acl_attrval_style == ACL_STYLE_CHILDREN ) {
+ if ( vdnlen <= patlen )
+ continue;
+
+ if ( !DN_SEPARATOR( val->bv_val[vdnlen - patlen - 1] ) )
+ continue;
+ }
+
+ if ( strcmp( a->acl_attrval.bv_val, val->bv_val + vdnlen - patlen ) )
+ continue;
+ }
+ }
+ }
+
+ if ( a->acl_filter != NULL ) {
+ ber_int_t rc = test_filter( NULL, e, a->acl_filter );
+ if ( rc != LDAP_COMPARE_TRUE ) {
+ continue;
+ }
+ }
+
+ Debug( LDAP_DEBUG_ACL, "=> acl_get: [%d] attr %s\n",
+ *count, attr, 0);
+ return a;
+ }
+
+ Debug( LDAP_DEBUG_ACL, "<= acl_get: done.\n", 0, 0, 0 );
+ return( NULL );
+}
+
+/*
+ * Record value-dependent access control state
+*/
+ #define ACL_RECORD_VALUE_STATE do { \
+ if( state && !( state->as_recorded & ACL_STATE_RECORDED_VD )) { \
+ state->as_recorded |= ACL_STATE_RECORDED_VD; \
+ state->as_vd_acl = a; \
+ AC_MEMCPY( state->as_vd_acl_matches, matches, \
+ sizeof( state->as_vd_acl_matches )) ; \
+ state->as_vd_acl_count = count; \
+ state->as_vd_access = b; \
+ state->as_vd_access_count = i; \
+ }\
+ } while( 0 )
+
+static int
+acl_mask_dn(
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ AccessControl *a,
+ int nmatch,
+ regmatch_t *matches,
+ slap_dn_access *bdn,
+ struct berval *opndn )
+{
+ /*
+ * if access applies to the entry itself, and the
+ * user is bound as somebody in the same namespace as
+ * the entry, OR the given dn matches the dn pattern
+ */
+ /*
+ * NOTE: styles "anonymous", "users" and "self"
+ * have been moved to enum slap_style_t, whose
+ * value is set in a_dn_style; however, the string
+ * is maintained in a_dn_pat.
+ */
+
+ if ( bdn->a_style == ACL_STYLE_ANONYMOUS ) {
+ if ( !BER_BVISEMPTY( opndn ) ) {
+ return 1;
+ }
+
+ } else if ( bdn->a_style == ACL_STYLE_USERS ) {
+ if ( BER_BVISEMPTY( opndn ) ) {
+ return 1;
+ }
+
+ } else if ( bdn->a_style == ACL_STYLE_SELF ) {
+ struct berval ndn, selfndn;
+ int level;
+
+ if ( BER_BVISEMPTY( opndn ) || BER_BVISNULL( &e->e_nname ) ) {
+ return 1;
+ }
+
+ level = bdn->a_self_level;
+ if ( level < 0 ) {
+ selfndn = *opndn;
+ ndn = e->e_nname;
+ level = -level;
+
+ } else {
+ ndn = *opndn;
+ selfndn = e->e_nname;
+ }
+
+ for ( ; level > 0; level-- ) {
+ if ( BER_BVISEMPTY( &ndn ) ) {
+ break;
+ }
+ dnParent( &ndn, &ndn );
+ }
+
+ if ( BER_BVISEMPTY( &ndn ) || !dn_match( &ndn, &selfndn ) )
+ {
+ return 1;
+ }
+
+ } else if ( bdn->a_style == ACL_STYLE_REGEX ) {
+ if ( !ber_bvccmp( &bdn->a_pat, '*' ) ) {
+ int tmp_nmatch;
+ regmatch_t tmp_matches[2],
+ *tmp_matchesp = tmp_matches;
+
+ int rc = 0;
+
+ switch ( a->acl_dn_style ) {
+ case ACL_STYLE_REGEX:
+ if ( !BER_BVISNULL( &a->acl_dn_pat ) ) {
+ tmp_matchesp = matches;
+ tmp_nmatch = nmatch;
+ break;
+ }
+ /* FALLTHRU: applies also to ACL_STYLE_REGEX when pattern is "*" */
+
+ case ACL_STYLE_BASE:
+ tmp_matches[0].rm_so = 0;
+ tmp_matches[0].rm_eo = e->e_nname.bv_len;
+ tmp_nmatch = 1;
+ break;
+
+ case ACL_STYLE_ONE:
+ case ACL_STYLE_SUBTREE:
+ case ACL_STYLE_CHILDREN:
+ tmp_matches[0].rm_so = 0;
+ tmp_matches[0].rm_eo = e->e_nname.bv_len;
+ tmp_matches[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
+ tmp_matches[1].rm_eo = e->e_nname.bv_len;
+ tmp_nmatch = 2;
+ break;
+
+ default:
+ /* error */
+ rc = 1;
+ break;
+ }
+
+ if ( rc ) {
+ return 1;
+ }
+
+ if ( !regex_matches( &bdn->a_pat, opndn->bv_val,
+ e->e_ndn, tmp_nmatch, tmp_matchesp ) )
+ {
+ return 1;
+ }
+ }
+
+ } else {
+ struct berval pat;
+ ber_len_t patlen, odnlen;
+ int got_match = 0;
+
+ if ( e->e_dn == NULL )
+ return 1;
+
+ if ( bdn->a_expand ) {
+ struct berval bv;
+ char buf[ACL_BUF_SIZE];
+
+ int tmp_nmatch;
+ regmatch_t tmp_matches[2],
+ *tmp_matchesp = tmp_matches;
+
+ int rc = 0;
+
+ bv.bv_len = sizeof( buf ) - 1;
+ bv.bv_val = buf;
+
+ switch ( a->acl_dn_style ) {
+ case ACL_STYLE_REGEX:
+ if ( !BER_BVISNULL( &a->acl_dn_pat ) ) {
+ tmp_matchesp = matches;
+ tmp_nmatch = nmatch;
+ break;
+ }
+ /* FALLTHRU: applies also to ACL_STYLE_REGEX when pattern is "*" */
+
+ case ACL_STYLE_BASE:
+ tmp_matches[0].rm_so = 0;
+ tmp_matches[0].rm_eo = e->e_nname.bv_len;
+ tmp_nmatch = 1;
+ break;
+
+ case ACL_STYLE_ONE:
+ case ACL_STYLE_SUBTREE:
+ case ACL_STYLE_CHILDREN:
+ tmp_matches[0].rm_so = 0;
+ tmp_matches[0].rm_eo = e->e_nname.bv_len;
+ tmp_matches[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
+ tmp_matches[1].rm_eo = e->e_nname.bv_len;
+ tmp_nmatch = 2;
+ break;
+
+ default:
+ /* error */
+ rc = 1;
+ break;
+ }
+
+ if ( rc ) {
+ return 1;
+ }
+
+ if ( acl_string_expand( &bv, &bdn->a_pat,
+ e->e_nname.bv_val,
+ tmp_nmatch, tmp_matchesp ) )
+ {
+ return 1;
+ }
+
+ if ( dnNormalize(0, NULL, NULL, &bv,
+ &pat, op->o_tmpmemctx )
+ != LDAP_SUCCESS )
+ {
+ /* did not expand to a valid dn */
+ return 1;
+ }
+
+ } else {
+ pat = bdn->a_pat;
+ }
+
+ patlen = pat.bv_len;
+ odnlen = opndn->bv_len;
+ if ( odnlen < patlen ) {
+ goto dn_match_cleanup;
+
+ }
+
+ if ( bdn->a_style == ACL_STYLE_BASE ) {
+ /* base dn -- entire object DN must match */
+ if ( odnlen != patlen ) {
+ goto dn_match_cleanup;
+ }
+
+ } else if ( bdn->a_style == ACL_STYLE_ONE ) {
+ ber_len_t rdnlen = 0;
+
+ if ( odnlen <= patlen ) {
+ goto dn_match_cleanup;
+ }
+
+ if ( !DN_SEPARATOR( opndn->bv_val[odnlen - patlen - 1] ) ) {
+ goto dn_match_cleanup;
+ }
+
+ rdnlen = dn_rdnlen( NULL, opndn );
+ if ( rdnlen - ( odnlen - patlen - 1 ) != 0 ) {
+ goto dn_match_cleanup;
+ }
+
+ } else if ( bdn->a_style == ACL_STYLE_SUBTREE ) {
+ if ( odnlen > patlen && !DN_SEPARATOR( opndn->bv_val[odnlen - patlen - 1] ) ) {
+ goto dn_match_cleanup;
+ }
+
+ } else if ( bdn->a_style == ACL_STYLE_CHILDREN ) {
+ if ( odnlen <= patlen ) {
+ goto dn_match_cleanup;
+ }
+
+ if ( !DN_SEPARATOR( opndn->bv_val[odnlen - patlen - 1] ) ) {
+ goto dn_match_cleanup;
+ }
+
+ } else if ( bdn->a_style == ACL_STYLE_LEVEL ) {
+ int level = bdn->a_level;
+ struct berval ndn;
+
+ if ( odnlen <= patlen ) {
+ goto dn_match_cleanup;
+ }
+
+ if ( level > 0 && !DN_SEPARATOR( opndn->bv_val[odnlen - patlen - 1] ) )
+ {
+ goto dn_match_cleanup;
+ }
+
+ ndn = *opndn;
+ for ( ; level > 0; level-- ) {
+ if ( BER_BVISEMPTY( &ndn ) ) {
+ goto dn_match_cleanup;
+ }
+ dnParent( &ndn, &ndn );
+ if ( ndn.bv_len < patlen ) {
+ goto dn_match_cleanup;
+ }
+ }
+
+ if ( ndn.bv_len != patlen ) {
+ goto dn_match_cleanup;
+ }
+ }
+
+ got_match = !strcmp( pat.bv_val, &opndn->bv_val[ odnlen - patlen ] );
+
+dn_match_cleanup:;
+ if ( pat.bv_val != bdn->a_pat.bv_val ) {
+ slap_sl_free( pat.bv_val, op->o_tmpmemctx );
+ }
+
+ if ( !got_match ) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+static int
+acl_mask_dnattr(
+ Operation *op,
+ Entry *e,
+ struct berval *val,
+ AccessControl *a,
+ Access *b,
+ int i,
+ regmatch_t *matches,
+ int count,
+ AccessControlState *state,
+ slap_dn_access *bdn,
+ struct berval *opndn )
+{
+ Attribute *at;
+ struct berval bv;
+ int rc, match = 0;
+ const char *text;
+ const char *attr = bdn->a_at->ad_cname.bv_val;
+
+ assert( attr != NULL );
+
+ if ( BER_BVISEMPTY( opndn ) ) {
+ return 1;
+ }
+
+ Debug( LDAP_DEBUG_ACL, "<= check a_dn_at: %s\n", attr, 0, 0 );
+ bv = *opndn;
+
+ /* see if asker is listed in dnattr */
+ for ( at = attrs_find( e->e_attrs, bdn->a_at );
+ at != NULL;
+ at = attrs_find( at->a_next, bdn->a_at ) )
+ {
+ if ( value_find_ex( bdn->a_at,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ at->a_nvals,
+ &bv, op->o_tmpmemctx ) == 0 )
+ {
+ /* found it */
+ match = 1;
+ break;
+ }
+ }
+
+ if ( match ) {
+ /* have a dnattr match. if this is a self clause then
+ * the target must also match the op dn.
+ */
+ if ( bdn->a_self ) {
+ /* check if the target is an attribute. */
+ if ( val == NULL ) return 1;
+
+ /* target is attribute, check if the attribute value
+ * is the op dn.
+ */
+ rc = value_match( &match, bdn->a_at,
+ bdn->a_at->ad_type->sat_equality, 0,
+ val, &bv, &text );
+ /* on match error or no match, fail the ACL clause */
+ if ( rc != LDAP_SUCCESS || match != 0 )
+ return 1;
+ }
+
+ } else {
+ /* no dnattr match, check if this is a self clause */
+ if ( ! bdn->a_self )
+ return 1;
+
+ ACL_RECORD_VALUE_STATE;
+
+ /* this is a self clause, check if the target is an
+ * attribute.
+ */
+ if ( val == NULL )
+ return 1;
+
+ /* target is attribute, check if the attribute value
+ * is the op dn.
+ */
+ rc = value_match( &match, bdn->a_at,
+ bdn->a_at->ad_type->sat_equality, 0,
+ val, &bv, &text );
+
+ /* on match error or no match, fail the ACL clause */
+ if ( rc != LDAP_SUCCESS || match != 0 )
+ return 1;
+ }
+
+ return 0;
+}
+
+
+/*
+ * slap_acl_mask - modifies mask based upon the given acl and the
+ * requested access to entry e, attribute attr, value val. if val
+ * is null, access to the whole attribute is assumed (all values).
+ *
+ * returns 0 access NOT allowed
+ * 1 access allowed
+ */
+
+static slap_control_t
+slap_acl_mask(
+ AccessControl *a,
+ slap_mask_t *mask,
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ int nmatch,
+ regmatch_t *matches,
+ int count,
+ AccessControlState *state )
+{
+ int i;
+ Access *b;
+#ifdef LDAP_DEBUG
+ char accessmaskbuf[ACCESSMASK_MAXLEN];
+#endif /* DEBUG */
+ const char *attr;
+ slap_mask_t a2pmask = ACL_ACCESS2PRIV( *mask );
+
+ assert( a != NULL );
+ assert( mask != NULL );
+ assert( desc != NULL );
+
+ attr = desc->ad_cname.bv_val;
+
+ assert( attr != NULL );
+
+ Debug( LDAP_DEBUG_ACL,
+ "=> acl_mask: access to entry \"%s\", attr \"%s\" requested\n",
+ e->e_dn, attr, 0 );
+
+ Debug( LDAP_DEBUG_ACL,
+ "=> acl_mask: to %s by \"%s\", (%s) \n",
+ val ? "value" : "all values",
+ op->o_ndn.bv_val ? op->o_ndn.bv_val : "",
+ accessmask2str( *mask, accessmaskbuf, 1 ) );
+
+
+ if( state && ( state->as_recorded & ACL_STATE_RECORDED_VD )
+ && state->as_vd_acl == a )
+ {
+ b = state->as_vd_access;
+ i = state->as_vd_access_count;
+
+ } else {
+ b = a->acl_access;
+ i = 1;
+ }
+
+ for ( ; b != NULL; b = b->a_next, i++ ) {
+ slap_mask_t oldmask, modmask;
+
+ ACL_INVALIDATE( modmask );
+
+ /* AND <who> clauses */
+ if ( !BER_BVISEMPTY( &b->a_dn_pat ) ) {
+ Debug( LDAP_DEBUG_ACL, "<= check a_dn_pat: %s\n",
+ b->a_dn_pat.bv_val, 0, 0);
+ /*
+ * if access applies to the entry itself, and the
+ * user is bound as somebody in the same namespace as
+ * the entry, OR the given dn matches the dn pattern
+ */
+ /*
+ * NOTE: styles "anonymous", "users" and "self"
+ * have been moved to enum slap_style_t, whose
+ * value is set in a_dn_style; however, the string
+ * is maintained in a_dn_pat.
+ */
+
+ if ( acl_mask_dn( op, e, desc, val, a, nmatch, matches,
+ &b->a_dn, &op->o_ndn ) )
+ {
+ continue;
+ }
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_realdn_pat ) ) {
+ struct berval ndn;
+
+ Debug( LDAP_DEBUG_ACL, "<= check a_realdn_pat: %s\n",
+ b->a_realdn_pat.bv_val, 0, 0);
+ /*
+ * if access applies to the entry itself, and the
+ * user is bound as somebody in the same namespace as
+ * the entry, OR the given dn matches the dn pattern
+ */
+ /*
+ * NOTE: styles "anonymous", "users" and "self"
+ * have been moved to enum slap_style_t, whose
+ * value is set in a_dn_style; however, the string
+ * is maintained in a_dn_pat.
+ */
+
+ if ( op->o_conn && !BER_BVISNULL( &op->o_conn->c_ndn ) )
+ {
+ ndn = op->o_conn->c_ndn;
+ } else {
+ ndn = op->o_ndn;
+ }
+
+ if ( acl_mask_dn( op, e, desc, val, a, nmatch, matches,
+ &b->a_realdn, &ndn ) )
+ {
+ continue;
+ }
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_sockurl_pat ) ) {
+ if ( ! op->o_conn->c_listener ) {
+ continue;
+ }
+ Debug( LDAP_DEBUG_ACL, "<= check a_sockurl_pat: %s\n",
+ b->a_sockurl_pat.bv_val, 0, 0 );
+
+ if ( !ber_bvccmp( &b->a_sockurl_pat, '*' ) ) {
+ if ( b->a_sockurl_style == ACL_STYLE_REGEX) {
+ if (!regex_matches( &b->a_sockurl_pat, op->o_conn->c_listener_url.bv_val,
+ e->e_ndn, nmatch, matches ) )
+ {
+ continue;
+ }
+
+ } else if ( b->a_sockurl_style == ACL_STYLE_EXPAND ) {
+ struct berval bv;
+ char buf[ACL_BUF_SIZE];
+
+ bv.bv_len = sizeof( buf ) - 1;
+ bv.bv_val = buf;
+ if ( acl_string_expand( &bv, &b->a_sockurl_pat,
+ e->e_ndn, nmatch, matches ) )
+ {
+ continue;
+ }
+
+ if ( ber_bvstrcasecmp( &bv, &op->o_conn->c_listener_url ) != 0 )
+ {
+ continue;
+ }
+
+ } else {
+ if ( ber_bvstrcasecmp( &b->a_sockurl_pat, &op->o_conn->c_listener_url ) != 0 )
+ {
+ continue;
+ }
+ }
+ }
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_domain_pat ) ) {
+ if ( !op->o_conn->c_peer_domain.bv_val ) {
+ continue;
+ }
+ Debug( LDAP_DEBUG_ACL, "<= check a_domain_pat: %s\n",
+ b->a_domain_pat.bv_val, 0, 0 );
+ if ( !ber_bvccmp( &b->a_domain_pat, '*' ) ) {
+ if ( b->a_domain_style == ACL_STYLE_REGEX) {
+ if (!regex_matches( &b->a_domain_pat, op->o_conn->c_peer_domain.bv_val,
+ e->e_ndn, nmatch, matches ) )
+ {
+ continue;
+ }
+ } else {
+ char buf[ACL_BUF_SIZE];
+
+ struct berval cmp = op->o_conn->c_peer_domain;
+ struct berval pat = b->a_domain_pat;
+
+ if ( b->a_domain_expand ) {
+ struct berval bv;
+
+ bv.bv_len = sizeof(buf) - 1;
+ bv.bv_val = buf;
+
+ if ( acl_string_expand(&bv, &b->a_domain_pat,
+ e->e_ndn, nmatch, matches) )
+ {
+ continue;
+ }
+ pat = bv;
+ }
+
+ if ( b->a_domain_style == ACL_STYLE_SUBTREE ) {
+ int offset = cmp.bv_len - pat.bv_len;
+ if ( offset < 0 ) {
+ continue;
+ }
+
+ if ( offset == 1 || ( offset > 1 && cmp.bv_val[ offset - 1 ] != '.' ) ) {
+ continue;
+ }
+
+ /* trim the domain */
+ cmp.bv_val = &cmp.bv_val[ offset ];
+ cmp.bv_len -= offset;
+ }
+
+ if ( ber_bvstrcasecmp( &pat, &cmp ) != 0 ) {
+ continue;
+ }
+ }
+ }
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_peername_pat ) ) {
+ if ( !op->o_conn->c_peer_name.bv_val ) {
+ continue;
+ }
+ Debug( LDAP_DEBUG_ACL, "<= check a_peername_path: %s\n",
+ b->a_peername_pat.bv_val, 0, 0 );
+ if ( !ber_bvccmp( &b->a_peername_pat, '*' ) ) {
+ if ( b->a_peername_style == ACL_STYLE_REGEX ) {
+ if (!regex_matches( &b->a_peername_pat, op->o_conn->c_peer_name.bv_val,
+ e->e_ndn, nmatch, matches ) )
+ {
+ continue;
+ }
+
+ } else {
+ /* try exact match */
+ if ( b->a_peername_style == ACL_STYLE_BASE ) {
+ if ( ber_bvstrcasecmp( &b->a_peername_pat, &op->o_conn->c_peer_name ) != 0 ) {
+ continue;
+ }
+
+ } else if ( b->a_peername_style == ACL_STYLE_EXPAND ) {
+ struct berval bv;
+ char buf[ACL_BUF_SIZE];
+
+ bv.bv_len = sizeof( buf ) - 1;
+ bv.bv_val = buf;
+ if ( acl_string_expand( &bv, &b->a_peername_pat,
+ e->e_ndn, nmatch, matches ) )
+ {
+ continue;
+ }
+
+ if ( ber_bvstrcasecmp( &bv, &op->o_conn->c_peer_name ) != 0 ) {
+ continue;
+ }
+
+ /* extract IP and try exact match */
+ } else if ( b->a_peername_style == ACL_STYLE_IP ) {
+ char *port;
+ char buf[] = "255.255.255.255";
+ struct berval ip;
+ unsigned long addr;
+ int port_number = -1;
+
+ if ( strncasecmp( op->o_conn->c_peer_name.bv_val,
+ acl_bv_ip_eq.bv_val,
+ acl_bv_ip_eq.bv_len ) != 0 )
+ continue;
+
+ ip.bv_val = op->o_conn->c_peer_name.bv_val + acl_bv_ip_eq.bv_len;
+ ip.bv_len = op->o_conn->c_peer_name.bv_len - acl_bv_ip_eq.bv_len;
+
+ port = strrchr( ip.bv_val, ':' );
+ if ( port ) {
+ ip.bv_len = port - ip.bv_val;
+ ++port;
+ if ( lutil_atoi( &port_number, port ) != 0 )
+ continue;
+ }
+
+ /* the port check can be anticipated here */
+ if ( b->a_peername_port != -1 && port_number != b->a_peername_port )
+ continue;
+
+ /* address longer than expected? */
+ if ( ip.bv_len >= sizeof(buf) )
+ continue;
+
+ AC_MEMCPY( buf, ip.bv_val, ip.bv_len );
+ buf[ ip.bv_len ] = '\0';
+
+ addr = inet_addr( buf );
+
+ /* unable to convert? */
+ if ( addr == (unsigned long)(-1) )
+ continue;
+
+ if ( (addr & b->a_peername_mask) != b->a_peername_addr )
+ continue;
+
+#ifdef LDAP_PF_LOCAL
+ /* extract path and try exact match */
+ } else if ( b->a_peername_style == ACL_STYLE_PATH ) {
+ struct berval path;
+
+ if ( strncmp( op->o_conn->c_peer_name.bv_val,
+ acl_bv_path_eq.bv_val,
+ acl_bv_path_eq.bv_len ) != 0 )
+ continue;
+
+ path.bv_val = op->o_conn->c_peer_name.bv_val
+ + acl_bv_path_eq.bv_len;
+ path.bv_len = op->o_conn->c_peer_name.bv_len
+ - acl_bv_path_eq.bv_len;
+
+ if ( ber_bvcmp( &b->a_peername_pat, &path ) != 0 )
+ continue;
+
+#endif /* LDAP_PF_LOCAL */
+
+ /* exact match (very unlikely...) */
+ } else if ( ber_bvcmp( &op->o_conn->c_peer_name, &b->a_peername_pat ) != 0 ) {
+ continue;
+ }
+ }
+ }
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_sockname_pat ) ) {
+ if ( BER_BVISNULL( &op->o_conn->c_sock_name ) ) {
+ continue;
+ }
+ Debug( LDAP_DEBUG_ACL, "<= check a_sockname_path: %s\n",
+ b->a_sockname_pat.bv_val, 0, 0 );
+ if ( !ber_bvccmp( &b->a_sockname_pat, '*' ) ) {
+ if ( b->a_sockname_style == ACL_STYLE_REGEX) {
+ if (!regex_matches( &b->a_sockname_pat, op->o_conn->c_sock_name.bv_val,
+ e->e_ndn, nmatch, matches ) )
+ {
+ continue;
+ }
+
+ } else if ( b->a_sockname_style == ACL_STYLE_EXPAND ) {
+ struct berval bv;
+ char buf[ACL_BUF_SIZE];
+
+ bv.bv_len = sizeof( buf ) - 1;
+ bv.bv_val = buf;
+ if ( acl_string_expand( &bv, &b->a_sockname_pat,
+ e->e_ndn, nmatch, matches ) )
+ {
+ continue;
+ }
+
+ if ( ber_bvstrcasecmp( &bv, &op->o_conn->c_sock_name ) != 0 ) {
+ continue;
+ }
+
+ } else {
+ if ( ber_bvstrcasecmp( &b->a_sockname_pat, &op->o_conn->c_sock_name ) != 0 ) {
+ continue;
+ }
+ }
+ }
+ }
+
+ if ( b->a_dn_at != NULL ) {
+ if ( acl_mask_dnattr( op, e, val, a, b, i,
+ matches, count, state,
+ &b->a_dn, &op->o_ndn ) )
+ {
+ continue;
+ }
+ }
+
+ if ( b->a_realdn_at != NULL ) {
+ struct berval ndn;
+
+ if ( op->o_conn && !BER_BVISNULL( &op->o_conn->c_ndn ) )
+ {
+ ndn = op->o_conn->c_ndn;
+ } else {
+ ndn = op->o_ndn;
+ }
+
+ if ( acl_mask_dnattr( op, e, val, a, b, i,
+ matches, count, state,
+ &b->a_realdn, &ndn ) )
+ {
+ continue;
+ }
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_group_pat ) ) {
+ struct berval bv;
+ struct berval ndn = BER_BVNULL;
+ int rc;
+
+ if ( op->o_ndn.bv_len == 0 ) {
+ continue;
+ }
+
+ Debug( LDAP_DEBUG_ACL, "<= check a_group_pat: %s\n",
+ b->a_group_pat.bv_val, 0, 0 );
+
+ /* b->a_group is an unexpanded entry name, expanded it should be an
+ * entry with objectclass group* and we test to see if odn is one of
+ * the values in the attribute group
+ */
+ /* see if asker is listed in dnattr */
+ if ( b->a_group_style == ACL_STYLE_EXPAND ) {
+ char buf[ACL_BUF_SIZE];
+ int tmp_nmatch;
+ regmatch_t tmp_matches[2],
+ *tmp_matchesp = tmp_matches;
+
+ bv.bv_len = sizeof(buf) - 1;
+ bv.bv_val = buf;
+
+ rc = 0;
+
+ switch ( a->acl_dn_style ) {
+ case ACL_STYLE_REGEX:
+ if ( !BER_BVISNULL( &a->acl_dn_pat ) ) {
+ tmp_matchesp = matches;
+ tmp_nmatch = nmatch;
+ break;
+ }
+
+ /* FALLTHRU: applies also to ACL_STYLE_REGEX when pattern is "*" */
+ case ACL_STYLE_BASE:
+ tmp_matches[0].rm_so = 0;
+ tmp_matches[0].rm_eo = e->e_nname.bv_len;
+ tmp_nmatch = 1;
+ break;
+
+ case ACL_STYLE_ONE:
+ case ACL_STYLE_SUBTREE:
+ case ACL_STYLE_CHILDREN:
+ tmp_matches[0].rm_so = 0;
+ tmp_matches[0].rm_eo = e->e_nname.bv_len;
+ tmp_matches[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
+ tmp_matches[1].rm_eo = e->e_nname.bv_len;
+ tmp_nmatch = 2;
+ break;
+
+ default:
+ /* error */
+ rc = 1;
+ break;
+ }
+
+ if ( rc ) {
+ continue;
+ }
+
+ if ( acl_string_expand( &bv, &b->a_group_pat,
+ e->e_nname.bv_val,
+ tmp_nmatch, tmp_matchesp ) )
+ {
+ continue;
+ }
+
+ if ( dnNormalize( 0, NULL, NULL, &bv, &ndn,
+ op->o_tmpmemctx ) != LDAP_SUCCESS )
+ {
+ /* did not expand to a valid dn */
+ continue;
+ }
+
+ bv = ndn;
+
+ } else {
+ bv = b->a_group_pat;
+ }
+
+ rc = backend_group( op, e, &bv, &op->o_ndn,
+ b->a_group_oc, b->a_group_at );
+
+ if ( ndn.bv_val ) {
+ slap_sl_free( ndn.bv_val, op->o_tmpmemctx );
+ }
+
+ if ( rc != 0 ) {
+ continue;
+ }
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_set_pat ) ) {
+ struct berval bv;
+ char buf[ACL_BUF_SIZE];
+
+ Debug( LDAP_DEBUG_ACL, "<= check a_set_pat: %s\n",
+ b->a_set_pat.bv_val, 0, 0 );
+
+ if ( b->a_set_style == ACL_STYLE_EXPAND ) {
+ int tmp_nmatch;
+ regmatch_t tmp_matches[2],
+ *tmp_matchesp = tmp_matches;
+ int rc = 0;
+
+ bv.bv_len = sizeof( buf ) - 1;
+ bv.bv_val = buf;
+
+ rc = 0;
+
+ switch ( a->acl_dn_style ) {
+ case ACL_STYLE_REGEX:
+ if ( !BER_BVISNULL( &a->acl_dn_pat ) ) {
+ tmp_matchesp = matches;
+ tmp_nmatch = nmatch;
+ break;
+ }
+
+ /* FALLTHRU: applies also to ACL_STYLE_REGEX when pattern is "*" */
+ case ACL_STYLE_BASE:
+ tmp_matches[0].rm_so = 0;
+ tmp_matches[0].rm_eo = e->e_nname.bv_len;
+ tmp_nmatch = 1;
+ break;
+
+ case ACL_STYLE_ONE:
+ case ACL_STYLE_SUBTREE:
+ case ACL_STYLE_CHILDREN:
+ tmp_matches[0].rm_so = 0;
+ tmp_matches[0].rm_eo = e->e_nname.bv_len;
+ tmp_matches[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
+ tmp_matches[1].rm_eo = e->e_nname.bv_len;
+ tmp_nmatch = 2;
+ break;
+
+ default:
+ /* error */
+ rc = 1;
+ break;
+ }
+
+ if ( rc ) {
+ continue;
+ }
+
+ if ( acl_string_expand( &bv, &b->a_set_pat,
+ e->e_nname.bv_val,
+ tmp_nmatch, tmp_matchesp ) )
+ {
+ continue;
+ }
+
+ } else {
+ bv = b->a_set_pat;
+ }
+
+ if ( acl_match_set( &bv, op, e, NULL ) == 0 ) {
+ continue;
+ }
+ }
+
+ if ( b->a_authz.sai_ssf ) {
+ Debug( LDAP_DEBUG_ACL, "<= check a_authz.sai_ssf: ACL %u > OP %u\n",
+ b->a_authz.sai_ssf, op->o_ssf, 0 );
+ if ( b->a_authz.sai_ssf > op->o_ssf ) {
+ continue;
+ }
+ }
+
+ if ( b->a_authz.sai_transport_ssf ) {
+ Debug( LDAP_DEBUG_ACL,
+ "<= check a_authz.sai_transport_ssf: ACL %u > OP %u\n",
+ b->a_authz.sai_transport_ssf, op->o_transport_ssf, 0 );
+ if ( b->a_authz.sai_transport_ssf > op->o_transport_ssf ) {
+ continue;
+ }
+ }
+
+ if ( b->a_authz.sai_tls_ssf ) {
+ Debug( LDAP_DEBUG_ACL,
+ "<= check a_authz.sai_tls_ssf: ACL %u > OP %u\n",
+ b->a_authz.sai_tls_ssf, op->o_tls_ssf, 0 );
+ if ( b->a_authz.sai_tls_ssf > op->o_tls_ssf ) {
+ continue;
+ }
+ }
+
+ if ( b->a_authz.sai_sasl_ssf ) {
+ Debug( LDAP_DEBUG_ACL,
+ "<= check a_authz.sai_sasl_ssf: ACL %u > OP %u\n",
+ b->a_authz.sai_sasl_ssf, op->o_sasl_ssf, 0 );
+ if ( b->a_authz.sai_sasl_ssf > op->o_sasl_ssf ) {
+ continue;
+ }
+ }
+
+ /* check for the "self" modifier in the <access> field */
+ if ( b->a_dn.a_self ) {
+ const char *dummy;
+ int rc, match = 0;
+
+ ACL_RECORD_VALUE_STATE;
+
+ /* must have DN syntax */
+ if ( desc->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName &&
+ !is_at_syntax( desc->ad_type, SLAPD_NAMEUID_SYNTAX )) continue;
+
+ /* check if the target is an attribute. */
+ if ( val == NULL ) continue;
+
+ /* a DN must be present */
+ if ( BER_BVISEMPTY( &op->o_ndn ) ) {
+ continue;
+ }
+
+ /* target is attribute, check if the attribute value
+ * is the op dn.
+ */
+ rc = value_match( &match, desc,
+ desc->ad_type->sat_equality, 0,
+ val, &op->o_ndn, &dummy );
+ /* on match error or no match, fail the ACL clause */
+ if ( rc != LDAP_SUCCESS || match != 0 )
+ continue;
+ }
+#ifdef SLAP_DYNACL
+ if ( b->a_dynacl ) {
+ slap_dynacl_t *da;
+ slap_access_t tgrant, tdeny;
+
+ Debug( LDAP_DEBUG_ACL, "<= check a_dynacl\n",
+ 0, 0, 0 );
+
+ /* this case works different from the others above.
+ * since dynamic ACL's themselves give permissions, we need
+ * to first check b->a_access_mask, the ACL's access level.
+ */
+ /* first check if the right being requested
+ * is allowed by the ACL clause.
+ */
+ if ( ! ACL_PRIV_ISSET( b->a_access_mask, a2pmask ) ) {
+ continue;
+ }
+
+ /* start out with nothing granted, nothing denied */
+ ACL_INVALIDATE(tgrant);
+ ACL_INVALIDATE(tdeny);
+
+ for ( da = b->a_dynacl; da; da = da->da_next ) {
+ slap_access_t grant,
+ deny;
+
+ ACL_INVALIDATE(grant);
+ ACL_INVALIDATE(deny);
+
+ Debug( LDAP_DEBUG_ACL, " <= check a_dynacl: %s\n",
+ da->da_name, 0, 0 );
+
+ (void)( *da->da_mask )( da->da_private, op, e, desc, val, nmatch, matches, &grant, &deny );
+
+ tgrant |= grant;
+ tdeny |= deny;
+ }
+
+ /* remove anything that the ACL clause does not allow */
+ tgrant &= b->a_access_mask & ACL_PRIV_MASK;
+ tdeny &= ACL_PRIV_MASK;
+
+ /* see if we have anything to contribute */
+ if( ACL_IS_INVALID(tgrant) && ACL_IS_INVALID(tdeny) ) {
+ continue;
+ }
+
+ /* this could be improved by changing slap_acl_mask so that it can deal with
+ * by clauses that return grant/deny pairs. Right now, it does either
+ * additive or subtractive rights, but not both at the same time. So,
+ * we need to combine the grant/deny pair into a single rights mask in
+ * a smart way: if either grant or deny is "empty", then we use the
+ * opposite as is, otherwise we remove any denied rights from the grant
+ * rights mask and construct an additive mask.
+ */
+ if (ACL_IS_INVALID(tdeny)) {
+ modmask = tgrant | ACL_PRIV_ADDITIVE;
+
+ } else if (ACL_IS_INVALID(tgrant)) {
+ modmask = tdeny | ACL_PRIV_SUBSTRACTIVE;
+
+ } else {
+ modmask = (tgrant & ~tdeny) | ACL_PRIV_ADDITIVE;
+ }
+
+ } else
+#else /* !SLAP_DYNACL */
+
+ /* NOTE: this entire block can be eliminated when SLAP_DYNACL
+ * moves outside of LDAP_DEVEL */
+#ifdef SLAPD_ACI_ENABLED
+ if ( b->a_aci_at != NULL ) {
+ Attribute *at;
+ slap_access_t grant, deny, tgrant, tdeny;
+ struct berval parent_ndn;
+ BerVarray bvals = NULL;
+ int ret, stop;
+#ifdef LDAP_DEBUG
+ char accessmaskbuf1[ACCESSMASK_MAXLEN];
+#endif /* DEBUG */
+
+ Debug( LDAP_DEBUG_ACL, " <= check a_aci_at: %s\n",
+ b->a_aci_at->ad_cname.bv_val, 0, 0 );
+
+ /* this case works different from the others above.
+ * since aci's themselves give permissions, we need
+ * to first check b->a_access_mask, the ACL's access level.
+ */
+
+ if ( BER_BVISEMPTY( &e->e_nname ) ) {
+ /* no ACIs in the root DSE */
+ continue;
+ }
+
+ /* first check if the right being requested
+ * is allowed by the ACL clause.
+ */
+ if ( ! ACL_GRANT( b->a_access_mask, *mask ) ) {
+ continue;
+ }
+ /* start out with nothing granted, nothing denied */
+ ACL_INIT(tgrant);
+ ACL_INIT(tdeny);
+
+ /* get the aci attribute */
+ at = attr_find( e->e_attrs, b->a_aci_at );
+ if ( at != NULL ) {
+#if 0
+ /* FIXME: this breaks acl caching;
+ * see also ACL_RECORD_VALUE_STATE below */
+ ACL_RECORD_VALUE_STATE;
+#endif
+ /* the aci is an multi-valued attribute. The
+ * rights are determined by OR'ing the individual
+ * rights given by the acis.
+ */
+ for ( i = 0; !BER_BVISNULL( &at->a_nvals[i] ); i++ ) {
+ if ( aci_mask( op,
+ e, desc, val,
+ &at->a_nvals[i],
+ nmatch, matches,
+ &grant, &deny, SLAP_ACI_SCOPE_ENTRY ) != 0 )
+ {
+ tgrant |= grant;
+ tdeny |= deny;
+ }
+ }
+ Debug(LDAP_DEBUG_ACL, "<= aci_mask grant %s deny %s\n",
+ accessmask2str(tgrant, accessmaskbuf, 1),
+ accessmask2str(tdeny, accessmaskbuf1, 1), 0);
+
+ }
+ /* If the entry level aci didn't contain anything valid for the
+ * current operation, climb up the tree and evaluate the
+ * acis with scope set to subtree
+ */
+ if ( (tgrant == ACL_PRIV_NONE) && (tdeny == ACL_PRIV_NONE) ) {
+ dnParent( &e->e_nname, &parent_ndn );
+ while ( !BER_BVISEMPTY( &parent_ndn ) ) {
+ Debug(LDAP_DEBUG_ACL, "checking ACI of %s\n", parent_ndn.bv_val, 0, 0);
+ ret = backend_attribute(op, NULL, &parent_ndn, b->a_aci_at, &bvals, ACL_AUTH);
+ switch(ret){
+ case LDAP_SUCCESS :
+ stop = 0;
+ if (!bvals){
+ break;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &bvals[i] ); i++ ) {
+#if 0
+ /* FIXME: this breaks acl caching;
+ * see also ACL_RECORD_VALUE_STATE above */
+ ACL_RECORD_VALUE_STATE;
+#endif
+ if ( aci_mask( op, e, desc, val, &bvals[i],
+ nmatch, matches,
+ &grant, &deny, SLAP_ACI_SCOPE_CHILDREN ) != 0 )
+ {
+ tgrant |= grant;
+ tdeny |= deny;
+ /* evaluation stops as soon as either a "deny" or a
+ * "grant" directive matches.
+ */
+ if( (tgrant != ACL_PRIV_NONE) || (tdeny != ACL_PRIV_NONE) ){
+ stop = 1;
+ }
+ }
+ Debug(LDAP_DEBUG_ACL, "<= aci_mask grant %s deny %s\n",
+ accessmask2str(tgrant, accessmaskbuf, 1),
+ accessmask2str(tdeny, accessmaskbuf1, 1), 0);
+ }
+ break;
+
+ case LDAP_NO_SUCH_ATTRIBUTE:
+ /* just go on if the aci-Attribute is not present in
+ * the current entry
+ */
+ Debug(LDAP_DEBUG_ACL, "no such attribute\n", 0, 0, 0);
+ stop = 0;
+ break;
+
+ case LDAP_NO_SUCH_OBJECT:
+ /* We have reached the base object */
+ Debug(LDAP_DEBUG_ACL, "no such object\n", 0, 0, 0);
+ stop = 1;
+ break;
+
+ default:
+ stop = 1;
+ break;
+ }
+ if (stop){
+ break;
+ }
+ dnParent( &parent_ndn, &parent_ndn );
+ }
+ }
+
+
+ /* remove anything that the ACL clause does not allow */
+ tgrant &= b->a_access_mask & ACL_PRIV_MASK;
+ tdeny &= ACL_PRIV_MASK;
+
+ /* see if we have anything to contribute */
+ if( ACL_IS_INVALID(tgrant) && ACL_IS_INVALID(tdeny) ) {
+ continue;
+ }
+
+ /* this could be improved by changing slap_acl_mask so that it can deal with
+ * by clauses that return grant/deny pairs. Right now, it does either
+ * additive or subtractive rights, but not both at the same time. So,
+ * we need to combine the grant/deny pair into a single rights mask in
+ * a smart way: if either grant or deny is "empty", then we use the
+ * opposite as is, otherwise we remove any denied rights from the grant
+ * rights mask and construct an additive mask.
+ */
+ if (ACL_IS_INVALID(tdeny)) {
+ modmask = tgrant | ACL_PRIV_ADDITIVE;
+
+ } else if (ACL_IS_INVALID(tgrant)) {
+ modmask = tdeny | ACL_PRIV_SUBSTRACTIVE;
+
+ } else {
+ modmask = (tgrant & ~tdeny) | ACL_PRIV_ADDITIVE;
+ }
+
+ } else
+#endif /* SLAPD_ACI_ENABLED */
+#endif /* !SLAP_DYNACL */
+ {
+ modmask = b->a_access_mask;
+ }
+
+ Debug( LDAP_DEBUG_ACL,
+ "<= acl_mask: [%d] applying %s (%s)\n",
+ i, accessmask2str( modmask, accessmaskbuf, 1 ),
+ b->a_type == ACL_CONTINUE
+ ? "continue"
+ : b->a_type == ACL_BREAK
+ ? "break"
+ : "stop" );
+ /* save old mask */
+ oldmask = *mask;
+
+ if( ACL_IS_ADDITIVE(modmask) ) {
+ /* add privs */
+ ACL_PRIV_SET( *mask, modmask );
+
+ /* cleanup */
+ ACL_PRIV_CLR( *mask, ~ACL_PRIV_MASK );
+
+ } else if( ACL_IS_SUBTRACTIVE(modmask) ) {
+ /* substract privs */
+ ACL_PRIV_CLR( *mask, modmask );
+
+ /* cleanup */
+ ACL_PRIV_CLR( *mask, ~ACL_PRIV_MASK );
+
+ } else {
+ /* assign privs */
+ *mask = modmask;
+ }
+
+ a2pmask = *mask;
+
+ Debug( LDAP_DEBUG_ACL,
+ "<= acl_mask: [%d] mask: %s\n",
+ i, accessmask2str(*mask, accessmaskbuf, 1), 0 );
+
+ if( b->a_type == ACL_CONTINUE ) {
+ continue;
+
+ } else if ( b->a_type == ACL_BREAK ) {
+ return ACL_BREAK;
+
+ } else {
+ return ACL_STOP;
+ }
+ }
+
+ /* implicit "by * none" clause */
+ ACL_INIT(*mask);
+
+ Debug( LDAP_DEBUG_ACL,
+ "<= acl_mask: no more <who> clauses, returning %s (stop)\n",
+ accessmask2str(*mask, accessmaskbuf, 1), 0, 0 );
+ return ACL_STOP;
+}
+
+/*
+ * acl_check_modlist - check access control on the given entry to see if
+ * it allows the given modifications by the user associated with op.
+ * returns 1 if mods allowed ok
+ * 0 mods not allowed
+ */
+
+int
+acl_check_modlist(
+ Operation *op,
+ Entry *e,
+ Modifications *mlist )
+{
+ struct berval *bv;
+ AccessControlState state = ACL_STATE_INIT;
+ Backend *be;
+ int be_null = 0;
+ int ret = 1; /* default is access allowed */
+
+ be = op->o_bd;
+ if ( be == NULL ) {
+ be = LDAP_STAILQ_FIRST(&backendDB);
+ be_null = 1;
+ op->o_bd = be;
+ }
+ assert( be != NULL );
+
+ /* short circuit root database access */
+ if ( be_isroot( op ) ) {
+ Debug( LDAP_DEBUG_ACL,
+ "<= acl_access_allowed: granted to database root\n",
+ 0, 0, 0 );
+ goto done;
+ }
+
+ /* use backend default access if no backend acls */
+ if( op->o_bd != NULL && op->o_bd->be_acl == NULL ) {
+ Debug( LDAP_DEBUG_ACL,
+ "=> access_allowed: backend default %s access %s to \"%s\"\n",
+ access2str( ACL_WRITE ),
+ op->o_bd->be_dfltaccess >= ACL_WRITE
+ ? "granted" : "denied",
+ op->o_dn.bv_val );
+ ret = (op->o_bd->be_dfltaccess >= ACL_WRITE);
+ goto done;
+ }
+
+ for ( ; mlist != NULL; mlist = mlist->sml_next ) {
+ /*
+ * Internal mods are ignored by ACL_WRITE checking
+ */
+ if ( mlist->sml_flags & SLAP_MOD_INTERNAL ) {
+ Debug( LDAP_DEBUG_ACL, "acl: internal mod %s:"
+ " modify access granted\n",
+ mlist->sml_desc->ad_cname.bv_val, 0, 0 );
+ continue;
+ }
+
+ /*
+ * no-user-modification operational attributes are ignored
+ * by ACL_WRITE checking as any found here are not provided
+ * by the user
+ */
+ if ( is_at_no_user_mod( mlist->sml_desc->ad_type )
+ && ! ( mlist->sml_flags & SLAP_MOD_MANAGING ) )
+ {
+ Debug( LDAP_DEBUG_ACL, "acl: no-user-mod %s:"
+ " modify access granted\n",
+ mlist->sml_desc->ad_cname.bv_val, 0, 0 );
+ continue;
+ }
+
+ switch ( mlist->sml_op ) {
+ case LDAP_MOD_REPLACE:
+ case LDAP_MOD_INCREMENT:
+ /*
+ * We must check both permission to delete the whole
+ * attribute and permission to add the specific attributes.
+ * This prevents abuse from selfwriters.
+ */
+ if ( ! access_allowed( op, e,
+ mlist->sml_desc, NULL,
+ ( mlist->sml_flags & SLAP_MOD_MANAGING ) ? ACL_MANAGE : ACL_WDEL,
+ &state ) )
+ {
+ ret = 0;
+ goto done;
+ }
+
+ if ( mlist->sml_values == NULL ) break;
+
+ /* fall thru to check value to add */
+
+ case LDAP_MOD_ADD:
+ assert( mlist->sml_values != NULL );
+
+ for ( bv = mlist->sml_nvalues
+ ? mlist->sml_nvalues : mlist->sml_values;
+ bv->bv_val != NULL; bv++ )
+ {
+ if ( ! access_allowed( op, e,
+ mlist->sml_desc, bv,
+ ( mlist->sml_flags & SLAP_MOD_MANAGING ) ? ACL_MANAGE : ACL_WADD,
+ &state ) )
+ {
+ ret = 0;
+ goto done;
+ }
+ }
+ break;
+
+ case LDAP_MOD_DELETE:
+ if ( mlist->sml_values == NULL ) {
+ if ( ! access_allowed( op, e,
+ mlist->sml_desc, NULL,
+ ( mlist->sml_flags & SLAP_MOD_MANAGING ) ? ACL_MANAGE : ACL_WDEL,
+ NULL ) )
+ {
+ ret = 0;
+ goto done;
+ }
+ break;
+ }
+ for ( bv = mlist->sml_nvalues
+ ? mlist->sml_nvalues : mlist->sml_values;
+ bv->bv_val != NULL; bv++ )
+ {
+ if ( ! access_allowed( op, e,
+ mlist->sml_desc, bv,
+ ( mlist->sml_flags & SLAP_MOD_MANAGING ) ? ACL_MANAGE : ACL_WDEL,
+ &state ) )
+ {
+ ret = 0;
+ goto done;
+ }
+ }
+ break;
+
+ case SLAP_MOD_SOFTADD:
+ /* allow adding attribute via modrdn thru */
+ break;
+
+ default:
+ assert( 0 );
+ /* not reached */
+ ret = 0;
+ break;
+ }
+ }
+
+done:
+ if (be_null) op->o_bd = NULL;
+ return( ret );
+}
+
+int
+acl_get_part(
+ struct berval *list,
+ int ix,
+ char sep,
+ struct berval *bv )
+{
+ int len;
+ char *p;
+
+ if ( bv ) {
+ BER_BVZERO( bv );
+ }
+ len = list->bv_len;
+ p = list->bv_val;
+ while ( len >= 0 && --ix >= 0 ) {
+ while ( --len >= 0 && *p++ != sep )
+ ;
+ }
+ while ( len >= 0 && *p == ' ' ) {
+ len--;
+ p++;
+ }
+ if ( len < 0 ) {
+ return -1;
+ }
+
+ if ( !bv ) {
+ return 0;
+ }
+
+ bv->bv_val = p;
+ while ( --len >= 0 && *p != sep ) {
+ bv->bv_len++;
+ p++;
+ }
+ while ( bv->bv_len > 0 && *--p == ' ' ) {
+ bv->bv_len--;
+ }
+
+ return bv->bv_len;
+}
+
+typedef struct acl_set_gather_t {
+ SetCookie *cookie;
+ BerVarray bvals;
+} acl_set_gather_t;
+
+static int
+acl_set_cb_gather( Operation *op, SlapReply *rs )
+{
+ acl_set_gather_t *p = (acl_set_gather_t *)op->o_callback->sc_private;
+
+ if ( rs->sr_type == REP_SEARCH ) {
+ BerValue bvals[ 2 ];
+ BerVarray bvalsp = NULL;
+ int j;
+
+ for ( j = 0; !BER_BVISNULL( &rs->sr_attrs[ j ].an_name ); j++ ) {
+ AttributeDescription *desc = rs->sr_attrs[ j ].an_desc;
+
+ if ( desc == slap_schema.si_ad_entryDN ) {
+ bvalsp = bvals;
+ bvals[ 0 ] = rs->sr_entry->e_nname;
+ BER_BVZERO( &bvals[ 1 ] );
+
+ } else {
+ Attribute *a;
+
+ a = attr_find( rs->sr_entry->e_attrs, desc );
+ if ( a != NULL ) {
+ int i;
+
+ for ( i = 0; !BER_BVISNULL( &a->a_nvals[ i ] ); i++ )
+ ;
+
+ bvalsp = a->a_nvals;
+ }
+ }
+ }
+
+ if ( bvalsp ) {
+ p->bvals = slap_set_join( p->cookie, p->bvals,
+ ( '|' | SLAP_SET_RREF ), bvalsp );
+ }
+
+ } else {
+ assert( rs->sr_type == REP_RESULT );
+ }
+
+ return 0;
+}
+
+BerVarray
+acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *desc )
+{
+ AclSetCookie *cp = (AclSetCookie *)cookie;
+ int rc = 0;
+ LDAPURLDesc *ludp = NULL;
+ Operation op2 = { 0 };
+ SlapReply rs = {REP_RESULT};
+ AttributeName anlist[ 2 ], *anlistp = NULL;
+ int nattrs = 0;
+ slap_callback cb = { NULL, acl_set_cb_gather, NULL, NULL };
+ acl_set_gather_t p = { 0 };
+ const char *text = NULL;
+ static struct berval defaultFilter_bv = BER_BVC( "(objectClass=*)" );
+
+ /* this routine needs to return the bervals instead of
+ * plain strings, since syntax is not known. It should
+ * also return the syntax or some "comparison cookie".
+ */
+ if ( strncasecmp( name->bv_val, "ldap:///", STRLENOF( "ldap:///" ) ) != 0 ) {
+ return acl_set_gather2( cookie, name, desc );
+ }
+
+ rc = ldap_url_parse( name->bv_val, &ludp );
+ if ( rc != LDAP_URL_SUCCESS ) {
+ rc = LDAP_PROTOCOL_ERROR;
+ goto url_done;
+ }
+
+ if ( ( ludp->lud_host && ludp->lud_host[0] ) || ludp->lud_exts )
+ {
+ /* host part must be empty */
+ /* extensions parts must be empty */
+ rc = LDAP_PROTOCOL_ERROR;
+ goto url_done;
+ }
+
+ /* Grab the searchbase and see if an appropriate database can be found */
+ ber_str2bv( ludp->lud_dn, 0, 0, &op2.o_req_dn );
+ rc = dnNormalize( 0, NULL, NULL, &op2.o_req_dn,
+ &op2.o_req_ndn, cp->asc_op->o_tmpmemctx );
+ BER_BVZERO( &op2.o_req_dn );
+ if ( rc != LDAP_SUCCESS ) {
+ goto url_done;
+ }
+
+ op2.o_bd = select_backend( &op2.o_req_ndn, 0, 1 );
+ if ( ( op2.o_bd == NULL ) || ( op2.o_bd->be_search == NULL ) ) {
+ rc = LDAP_NO_SUCH_OBJECT;
+ goto url_done;
+ }
+
+ /* Grab the filter */
+ if ( ludp->lud_filter ) {
+ ber_str2bv_x( ludp->lud_filter, 0, 0, &op2.ors_filterstr,
+ cp->asc_op->o_tmpmemctx );
+
+ } else {
+ op2.ors_filterstr = defaultFilter_bv;
+ }
+
+ op2.ors_filter = str2filter_x( cp->asc_op, op2.ors_filterstr.bv_val );
+ if ( op2.ors_filter == NULL ) {
+ rc = LDAP_PROTOCOL_ERROR;
+ goto url_done;
+ }
+
+ /* Grab the scope */
+ op2.ors_scope = ludp->lud_scope;
+
+ /* Grap the attributes */
+ if ( ludp->lud_attrs ) {
+ for ( ; ludp->lud_attrs[ nattrs ]; nattrs++ )
+ ;
+
+ anlistp = slap_sl_malloc( sizeof( AttributeName ) * ( nattrs + 2 ),
+ cp->asc_op->o_tmpmemctx );
+
+ for ( ; ludp->lud_attrs[ nattrs ]; nattrs++ ) {
+ ber_str2bv( ludp->lud_attrs[ nattrs ], 0, 0, &anlistp[ nattrs ].an_name );
+ anlistp[ nattrs ].an_desc = NULL;
+ rc = slap_bv2ad( &anlistp[ nattrs ].an_name,
+ &anlistp[ nattrs ].an_desc, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ goto url_done;
+ }
+ }
+
+ } else {
+ anlistp = anlist;
+ }
+
+ anlistp[ nattrs ].an_name = desc->ad_cname;
+ anlistp[ nattrs ].an_desc = desc;
+
+ BER_BVZERO( &anlistp[ nattrs + 1 ].an_name );
+
+ p.cookie = cookie;
+
+ op2.o_hdr = cp->asc_op->o_hdr;
+ op2.o_tag = LDAP_REQ_SEARCH;
+ op2.o_ndn = op2.o_bd->be_rootndn;
+ op2.o_callback = &cb;
+ slap_op_time( &op2.o_time, &op2.o_tincr );
+ op2.o_do_not_cache = 1;
+ op2.o_is_auth_check = 0;
+ ber_dupbv_x( &op2.o_req_dn, &op2.o_req_ndn, cp->asc_op->o_tmpmemctx );
+ op2.ors_slimit = SLAP_NO_LIMIT;
+ op2.ors_tlimit = SLAP_NO_LIMIT;
+ op2.ors_attrs = anlistp;
+ op2.ors_attrsonly = 0;
+ op2.o_private = cp->asc_op->o_private;
+
+ cb.sc_private = &p;
+
+ rc = op2.o_bd->be_search( &op2, &rs );
+ if ( rc != 0 ) {
+ goto url_done;
+ }
+
+url_done:;
+ if ( op2.ors_filter ) {
+ filter_free_x( cp->asc_op, op2.ors_filter );
+ }
+ if ( !BER_BVISNULL( &op2.o_req_ndn ) ) {
+ slap_sl_free( op2.o_req_ndn.bv_val, cp->asc_op->o_tmpmemctx );
+ }
+ if ( !BER_BVISNULL( &op2.o_req_dn ) ) {
+ slap_sl_free( op2.o_req_dn.bv_val, cp->asc_op->o_tmpmemctx );
+ }
+ if ( ludp ) {
+ ldap_free_urldesc( ludp );
+ }
+ if ( anlistp && anlistp != anlist ) {
+ slap_sl_free( anlistp, cp->asc_op->o_tmpmemctx );
+ }
+
+ return p.bvals;
+}
+
+BerVarray
+acl_set_gather2( SetCookie *cookie, struct berval *name, AttributeDescription *desc )
+{
+ AclSetCookie *cp = (AclSetCookie *)cookie;
+ BerVarray bvals = NULL;
+ struct berval ndn;
+ int rc = 0;
+
+ /* this routine needs to return the bervals instead of
+ * plain strings, since syntax is not known. It should
+ * also return the syntax or some "comparison cookie".
+ */
+ rc = dnNormalize( 0, NULL, NULL, name, &ndn, cp->asc_op->o_tmpmemctx );
+ if ( rc == LDAP_SUCCESS ) {
+ if ( desc == slap_schema.si_ad_entryDN ) {
+ bvals = (BerVarray)slap_sl_malloc( sizeof( BerValue ) * 2,
+ cp->asc_op->o_tmpmemctx );
+ bvals[ 0 ] = ndn;
+ BER_BVZERO( &bvals[ 1 ] );
+ BER_BVZERO( &ndn );
+
+ } else {
+ backend_attribute( cp->asc_op,
+ cp->asc_e, &ndn, desc, &bvals, ACL_NONE );
+ }
+
+ if ( !BER_BVISNULL( &ndn ) ) {
+ slap_sl_free( ndn.bv_val, cp->asc_op->o_tmpmemctx );
+ }
+ }
+
+ return bvals;
+}
+
+int
+acl_match_set (
+ struct berval *subj,
+ Operation *op,
+ Entry *e,
+ struct berval *default_set_attribute )
+{
+ struct berval set = BER_BVNULL;
+ int rc = 0;
+ AclSetCookie cookie;
+
+ if ( default_set_attribute == NULL ) {
+ ber_dupbv_x( &set, subj, op->o_tmpmemctx );
+
+ } else {
+ struct berval subjdn, ndn = BER_BVNULL;
+ struct berval setat;
+ BerVarray bvals=NULL;
+ const char *text;
+ AttributeDescription *desc = NULL;
+
+ /* format of string is "entry/setAttrName" */
+ if ( acl_get_part( subj, 0, '/', &subjdn ) < 0 ) {
+ return 0;
+ }
+
+ if ( acl_get_part( subj, 1, '/', &setat ) < 0 ) {
+ setat = *default_set_attribute;
+ }
+
+ /*
+ * NOTE: dnNormalize honors the ber_len field
+ * as the length of the dn to be normalized
+ */
+ if ( slap_bv2ad( &setat, &desc, &text ) == LDAP_SUCCESS ) {
+ if ( dnNormalize( 0, NULL, NULL, &subjdn, &ndn, op->o_tmpmemctx ) == LDAP_SUCCESS )
+ {
+ backend_attribute( op, e, &ndn, desc, &bvals, ACL_NONE );
+ if ( bvals != NULL && !BER_BVISNULL( &bvals[0] ) ) {
+ int i;
+
+ set = bvals[0];
+ BER_BVZERO( &bvals[0] );
+ for ( i = 1; !BER_BVISNULL( &bvals[i] ); i++ )
+ /* count */ ;
+ bvals[0].bv_val = bvals[i-1].bv_val;
+ BER_BVZERO( &bvals[i-1] );
+ }
+ ber_bvarray_free_x( bvals, op->o_tmpmemctx );
+ slap_sl_free( ndn.bv_val, op->o_tmpmemctx );
+ }
+ }
+ }
+
+ if ( !BER_BVISNULL( &set ) ) {
+ cookie.asc_op = op;
+ cookie.asc_e = e;
+ rc = ( slap_set_filter(
+ acl_set_gather,
+ (SetCookie *)&cookie, &set,
+ &op->o_ndn, &e->e_nname, NULL ) > 0 );
+ slap_sl_free( set.bv_val, op->o_tmpmemctx );
+ }
+
+ return(rc);
+}
+
+#ifdef SLAP_DYNACL
+
+/*
+ * dynamic ACL infrastructure
+ */
+static slap_dynacl_t *da_list = NULL;
+
+int
+slap_dynacl_register( slap_dynacl_t *da )
+{
+ slap_dynacl_t *tmp;
+
+ for ( tmp = da_list; tmp; tmp = tmp->da_next ) {
+ if ( strcasecmp( da->da_name, tmp->da_name ) == 0 ) {
+ break;
+ }
+ }
+
+ if ( tmp != NULL ) {
+ return -1;
+ }
+
+ if ( da->da_mask == NULL ) {
+ return -1;
+ }
+
+ da->da_private = NULL;
+ da->da_next = da_list;
+ da_list = da;
+
+ return 0;
+}
+
+static slap_dynacl_t *
+slap_dynacl_next( slap_dynacl_t *da )
+{
+ if ( da ) {
+ return da->da_next;
+ }
+ return da_list;
+}
+
+slap_dynacl_t *
+slap_dynacl_get( const char *name )
+{
+ slap_dynacl_t *da;
+
+ for ( da = slap_dynacl_next( NULL ); da; da = slap_dynacl_next( da ) ) {
+ if ( strcasecmp( da->da_name, name ) == 0 ) {
+ break;
+ }
+ }
+
+ return da;
+}
+#endif /* SLAP_DYNACL */
+
+/*
+ * statically built-in dynamic ACL initialization
+ */
+static int (*acl_init_func[])( void ) = {
+#ifdef SLAPD_ACI_ENABLED
+#ifdef SLAP_DYNACL
+ dynacl_aci_init,
+#else /* !SLAP_DYNACL */
+ aci_init,
+#endif /* !SLAP_DYNACL */
+#endif /* SLAPD_ACI_ENABLED */
+
+ NULL
+};
+
+int
+acl_init( void )
+{
+ int i, rc;
+
+ for ( i = 0; acl_init_func[ i ] != NULL; i++ ) {
+ rc = (*(acl_init_func[ i ]))();
+ if ( rc != 0 ) {
+ return rc;
+ }
+ }
+
+ return 0;
+}
+
+int
+acl_string_expand(
+ struct berval *bv,
+ struct berval *pat,
+ char *match,
+ int nmatch,
+ regmatch_t *matches)
+{
+ ber_len_t size;
+ char *sp;
+ char *dp;
+ int flag;
+
+ size = 0;
+ bv->bv_val[0] = '\0';
+ bv->bv_len--; /* leave space for lone $ */
+
+ flag = 0;
+ for ( dp = bv->bv_val, sp = pat->bv_val; size < bv->bv_len &&
+ sp < pat->bv_val + pat->bv_len ; sp++ )
+ {
+ /* did we previously see a $ */
+ if ( flag ) {
+ if ( flag == 1 && *sp == '$' ) {
+ *dp++ = '$';
+ size++;
+ flag = 0;
+
+ } else if ( flag == 1 && *sp == '{' /*'}'*/) {
+ flag = 2;
+
+ } else if ( *sp >= '0' && *sp <= '9' ) {
+ int n;
+ int i;
+ int l;
+
+ n = *sp - '0';
+
+ if ( flag == 2 ) {
+ for ( sp++; *sp != '\0' && *sp != /*'{'*/ '}'; sp++ ) {
+ if ( *sp >= '0' && *sp <= '9' ) {
+ n = 10*n + ( *sp - '0' );
+ }
+ }
+
+ if ( *sp != /*'{'*/ '}' ) {
+ /* FIXME: error */
+ return 1;
+ }
+ }
+
+ if ( n >= nmatch ) {
+ /* FIXME: error */
+ return 1;
+ }
+
+ *dp = '\0';
+ i = matches[n].rm_so;
+ l = matches[n].rm_eo;
+ for ( ; size < bv->bv_len && i < l; size++, i++ ) {
+ *dp++ = match[i];
+ }
+ *dp = '\0';
+
+ flag = 0;
+ }
+ } else {
+ if (*sp == '$') {
+ flag = 1;
+ } else {
+ *dp++ = *sp;
+ size++;
+ }
+ }
+ }
+
+ if ( flag ) {
+ /* must have ended with a single $ */
+ *dp++ = '$';
+ size++;
+ }
+
+ *dp = '\0';
+ bv->bv_len = size;
+
+ Debug( LDAP_DEBUG_TRACE, "=> acl_string_expand: pattern: %.*s\n", (int)pat->bv_len, pat->bv_val, 0 );
+ Debug( LDAP_DEBUG_TRACE, "=> acl_string_expand: expanded: %s\n", bv->bv_val, 0, 0 );
+
+ return 0;
+}
+
+static int
+regex_matches(
+ struct berval *pat, /* pattern to expand and match against */
+ char *str, /* string to match against pattern */
+ char *buf, /* buffer with $N expansion variables */
+ int nmatch, /* size of the matches array */
+ regmatch_t *matches /* offsets in buffer for $N expansion variables */
+)
+{
+ regex_t re;
+ char newbuf[ACL_BUF_SIZE];
+ struct berval bv;
+ int rc;
+
+ bv.bv_len = sizeof( newbuf ) - 1;
+ bv.bv_val = newbuf;
+
+ if (str == NULL) {
+ str = "";
+ };
+
+ acl_string_expand( &bv, pat, buf, nmatch, matches );
+ rc = regcomp( &re, newbuf, REG_EXTENDED|REG_ICASE );
+ if ( rc ) {
+ char error[ACL_BUF_SIZE];
+ regerror( rc, &re, error, sizeof( error ) );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "compile( \"%s\", \"%s\") failed %s\n",
+ pat->bv_val, str, error );
+ return( 0 );
+ }
+
+ rc = regexec( &re, str, 0, NULL, 0 );
+ regfree( &re );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "=> regex_matches: string: %s\n", str, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE,
+ "=> regex_matches: rc: %d %s\n",
+ rc, !rc ? "matches" : "no matches", 0 );
+ return( !rc );
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/aclparse.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/aclparse.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/aclparse.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2874 @@
+/* aclparse.c - routines to parse and check acl's */
+/* $OpenLDAP: pkg/ldap/servers/slapd/aclparse.c,v 1.145.2.21 2007/01/02 21:43:53 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/regex.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include "slap.h"
+#include "lber_pvt.h"
+#include "lutil.h"
+
+static const char style_base[] = "base";
+char *style_strings[] = {
+ "regex",
+ "expand",
+ "exact",
+ "one",
+ "subtree",
+ "children",
+ "level",
+ "attrof",
+ "anonymous",
+ "users",
+ "self",
+ "ip",
+ "path",
+ NULL
+};
+
+static void split(char *line, int splitchar, char **left, char **right);
+static void access_append(Access **l, Access *a);
+static int acl_usage(void);
+
+static void acl_regex_normalized_dn(const char *src, struct berval *pat);
+
+#ifdef LDAP_DEBUG
+static void print_acl(Backend *be, AccessControl *a);
+#endif
+
+static int check_scope( BackendDB *be, AccessControl *a );
+
+#ifdef SLAP_DYNACL
+static int
+slap_dynacl_config(
+ const char *fname,
+ int lineno,
+ Access *b,
+ const char *name,
+ const char *opts,
+ slap_style_t sty,
+ const char *right )
+{
+ slap_dynacl_t *da, *tmp;
+ int rc = 0;
+
+ for ( da = b->a_dynacl; da; da = da->da_next ) {
+ if ( strcasecmp( da->da_name, name ) == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: dynacl \"%s\" already specified.\n",
+ fname, lineno, name );
+ return acl_usage();
+ }
+ }
+
+ da = slap_dynacl_get( name );
+ if ( da == NULL ) {
+ return -1;
+ }
+
+ tmp = ch_malloc( sizeof( slap_dynacl_t ) );
+ *tmp = *da;
+
+ if ( tmp->da_parse ) {
+ rc = ( *tmp->da_parse )( fname, lineno, opts, sty, right, &tmp->da_private );
+ if ( rc ) {
+ ch_free( tmp );
+ return rc;
+ }
+ }
+
+ tmp->da_next = b->a_dynacl;
+ b->a_dynacl = tmp;
+
+ return 0;
+}
+#endif /* SLAP_DYNACL */
+
+static void
+regtest(const char *fname, int lineno, char *pat) {
+ int e;
+ regex_t re;
+
+ char buf[ SLAP_TEXT_BUFLEN ];
+ unsigned size;
+
+ char *sp;
+ char *dp;
+ int flag;
+
+ sp = pat;
+ dp = buf;
+ size = 0;
+ buf[0] = '\0';
+
+ for (size = 0, flag = 0; (size < sizeof(buf)) && *sp; sp++) {
+ if (flag) {
+ if (*sp == '$'|| (*sp >= '0' && *sp <= '9')) {
+ *dp++ = *sp;
+ size++;
+ }
+ flag = 0;
+
+ } else {
+ if (*sp == '$') {
+ flag = 1;
+ } else {
+ *dp++ = *sp;
+ size++;
+ }
+ }
+ }
+
+ *dp = '\0';
+ if ( size >= (sizeof(buf) - 1) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: regular expression \"%s\" too large\n",
+ fname, lineno, pat );
+ (void)acl_usage();
+ exit( EXIT_FAILURE );
+ }
+
+ if ((e = regcomp(&re, buf, REG_EXTENDED|REG_ICASE))) {
+ char error[ SLAP_TEXT_BUFLEN ];
+
+ regerror(e, &re, error, sizeof(error));
+
+ snprintf( buf, sizeof( buf ),
+ "regular expression \"%s\" bad because of %s",
+ pat, error );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: %s\n",
+ fname, lineno, buf );
+ acl_usage();
+ exit( EXIT_FAILURE );
+ }
+ regfree(&re);
+}
+
+/*
+ * Experimental
+ *
+ * Check if the pattern of an ACL, if any, matches the scope
+ * of the backend it is defined within.
+ */
+#define ACL_SCOPE_UNKNOWN (-2)
+#define ACL_SCOPE_ERR (-1)
+#define ACL_SCOPE_OK (0)
+#define ACL_SCOPE_PARTIAL (1)
+#define ACL_SCOPE_WARN (2)
+
+static int
+check_scope( BackendDB *be, AccessControl *a )
+{
+ ber_len_t patlen;
+ struct berval dn;
+
+ dn = be->be_nsuffix[0];
+
+ if ( BER_BVISEMPTY( &dn ) ) {
+ return ACL_SCOPE_OK;
+ }
+
+ if ( !BER_BVISEMPTY( &a->acl_dn_pat ) ||
+ a->acl_dn_style != ACL_STYLE_REGEX )
+ {
+ slap_style_t style = a->acl_dn_style;
+
+ if ( style == ACL_STYLE_REGEX ) {
+ char dnbuf[SLAP_LDAPDN_MAXLEN + 2];
+ char rebuf[SLAP_LDAPDN_MAXLEN + 1];
+ ber_len_t rebuflen;
+ regex_t re;
+ int rc;
+
+ /* add trailing '$' to database suffix to form
+ * a simple trial regex pattern "<suffix>$" */
+ AC_MEMCPY( dnbuf, be->be_nsuffix[0].bv_val,
+ be->be_nsuffix[0].bv_len );
+ dnbuf[be->be_nsuffix[0].bv_len] = '$';
+ dnbuf[be->be_nsuffix[0].bv_len + 1] = '\0';
+
+ if ( regcomp( &re, dnbuf, REG_EXTENDED|REG_ICASE ) ) {
+ return ACL_SCOPE_WARN;
+ }
+
+ /* remove trailing ')$', if any, from original
+ * regex pattern */
+ rebuflen = a->acl_dn_pat.bv_len;
+ AC_MEMCPY( rebuf, a->acl_dn_pat.bv_val, rebuflen + 1 );
+ if ( rebuf[rebuflen - 1] == '$' ) {
+ rebuf[--rebuflen] = '\0';
+ }
+ while ( rebuflen > be->be_nsuffix[0].bv_len && rebuf[rebuflen - 1] == ')' ) {
+ rebuf[--rebuflen] = '\0';
+ }
+ if ( rebuflen == be->be_nsuffix[0].bv_len ) {
+ rc = ACL_SCOPE_WARN;
+ goto regex_done;
+ }
+
+ /* not a clear indication of scoping error, though */
+ rc = regexec( &re, rebuf, 0, NULL, 0 )
+ ? ACL_SCOPE_WARN : ACL_SCOPE_OK;
+
+regex_done:;
+ regfree( &re );
+ return rc;
+ }
+
+ patlen = a->acl_dn_pat.bv_len;
+ /* If backend suffix is longer than pattern,
+ * it is a potential mismatch (in the sense
+ * that a superior naming context could
+ * match */
+ if ( dn.bv_len > patlen ) {
+ /* base is blatantly wrong */
+ if ( style == ACL_STYLE_BASE ) return ACL_SCOPE_ERR;
+
+ /* a style of one can be wrong if there is
+ * more than one level between the suffix
+ * and the pattern */
+ if ( style == ACL_STYLE_ONE ) {
+ ber_len_t rdnlen = 0;
+ int sep = 0;
+
+ if ( patlen > 0 ) {
+ if ( !DN_SEPARATOR( dn.bv_val[dn.bv_len - patlen - 1] )) {
+ return ACL_SCOPE_ERR;
+ }
+ sep = 1;
+ }
+
+ rdnlen = dn_rdnlen( NULL, &dn );
+ if ( rdnlen != dn.bv_len - patlen - sep )
+ return ACL_SCOPE_ERR;
+ }
+
+ /* if the trailing part doesn't match,
+ * then it's an error */
+ if ( strcmp( a->acl_dn_pat.bv_val,
+ &dn.bv_val[dn.bv_len - patlen] ) != 0 )
+ {
+ return ACL_SCOPE_ERR;
+ }
+
+ return ACL_SCOPE_PARTIAL;
+ }
+
+ switch ( style ) {
+ case ACL_STYLE_BASE:
+ case ACL_STYLE_ONE:
+ case ACL_STYLE_CHILDREN:
+ case ACL_STYLE_SUBTREE:
+ break;
+
+ default:
+ assert( 0 );
+ break;
+ }
+
+ if ( dn.bv_len < patlen &&
+ !DN_SEPARATOR( a->acl_dn_pat.bv_val[patlen - dn.bv_len - 1] ))
+ {
+ return ACL_SCOPE_ERR;
+ }
+
+ if ( strcmp( &a->acl_dn_pat.bv_val[patlen - dn.bv_len], dn.bv_val )
+ != 0 )
+ {
+ return ACL_SCOPE_ERR;
+ }
+
+ return ACL_SCOPE_OK;
+ }
+
+ return ACL_SCOPE_UNKNOWN;
+}
+
+int
+parse_acl(
+ Backend *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv,
+ int pos )
+{
+ int i;
+ char *left, *right, *style;
+ struct berval bv;
+ AccessControl *a;
+ Access *b;
+ int rc;
+ const char *text;
+
+ a = NULL;
+ for ( i = 1; i < argc; i++ ) {
+ /* to clause - select which entries are protected */
+ if ( strcasecmp( argv[i], "to" ) == 0 ) {
+ if ( a != NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "only one to clause allowed in access line\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+ a = (AccessControl *) ch_calloc( 1, sizeof(AccessControl) );
+ for ( ++i; i < argc; i++ ) {
+ if ( strcasecmp( argv[i], "by" ) == 0 ) {
+ i--;
+ break;
+ }
+
+ if ( strcasecmp( argv[i], "*" ) == 0 ) {
+ if ( !BER_BVISEMPTY( &a->acl_dn_pat ) ||
+ a->acl_dn_style != ACL_STYLE_REGEX )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: dn pattern"
+ " already specified in to clause.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ ber_str2bv( "*", STRLENOF( "*" ), 1, &a->acl_dn_pat );
+ continue;
+ }
+
+ split( argv[i], '=', &left, &right );
+ split( left, '.', &left, &style );
+
+ if ( right == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "missing \"=\" in \"%s\" in to clause\n",
+ fname, lineno, left );
+ return acl_usage();
+ }
+
+ if ( strcasecmp( left, "dn" ) == 0 ) {
+ if ( !BER_BVISEMPTY( &a->acl_dn_pat ) ||
+ a->acl_dn_style != ACL_STYLE_REGEX )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: dn pattern"
+ " already specified in to clause.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ if ( style == NULL || *style == '\0' ||
+ strcasecmp( style, "baseObject" ) == 0 ||
+ strcasecmp( style, "base" ) == 0 ||
+ strcasecmp( style, "exact" ) == 0 )
+ {
+ a->acl_dn_style = ACL_STYLE_BASE;
+ ber_str2bv( right, 0, 1, &a->acl_dn_pat );
+
+ } else if ( strcasecmp( style, "oneLevel" ) == 0 ||
+ strcasecmp( style, "one" ) == 0 )
+ {
+ a->acl_dn_style = ACL_STYLE_ONE;
+ ber_str2bv( right, 0, 1, &a->acl_dn_pat );
+
+ } else if ( strcasecmp( style, "subtree" ) == 0 ||
+ strcasecmp( style, "sub" ) == 0 )
+ {
+ if( *right == '\0' ) {
+ ber_str2bv( "*", STRLENOF( "*" ), 1, &a->acl_dn_pat );
+
+ } else {
+ a->acl_dn_style = ACL_STYLE_SUBTREE;
+ ber_str2bv( right, 0, 1, &a->acl_dn_pat );
+ }
+
+ } else if ( strcasecmp( style, "children" ) == 0 ) {
+ a->acl_dn_style = ACL_STYLE_CHILDREN;
+ ber_str2bv( right, 0, 1, &a->acl_dn_pat );
+
+ } else if ( strcasecmp( style, "regex" ) == 0 ) {
+ a->acl_dn_style = ACL_STYLE_REGEX;
+
+ if ( *right == '\0' ) {
+ /* empty regex should match empty DN */
+ a->acl_dn_style = ACL_STYLE_BASE;
+ ber_str2bv( right, 0, 1, &a->acl_dn_pat );
+
+ } else if ( strcmp(right, "*") == 0
+ || strcmp(right, ".*") == 0
+ || strcmp(right, ".*$") == 0
+ || strcmp(right, "^.*") == 0
+ || strcmp(right, "^.*$") == 0
+ || strcmp(right, ".*$$") == 0
+ || strcmp(right, "^.*$$") == 0 )
+ {
+ ber_str2bv( "*", STRLENOF("*"), 1, &a->acl_dn_pat );
+
+ } else {
+ acl_regex_normalized_dn( right, &a->acl_dn_pat );
+ }
+
+ } else {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "unknown dn style \"%s\" in to clause\n",
+ fname, lineno, style );
+ return acl_usage();
+ }
+
+ continue;
+ }
+
+ if ( strcasecmp( left, "filter" ) == 0 ) {
+ if ( (a->acl_filter = str2filter( right )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: bad filter \"%s\" in to clause\n",
+ fname, lineno, right );
+ return acl_usage();
+ }
+
+ } else if ( strcasecmp( left, "attr" ) == 0 /* TOLERATED */
+ || strcasecmp( left, "attrs" ) == 0 ) /* DOCUMENTED */
+ {
+ if ( strcasecmp( left, "attr" ) == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"attr\" "
+ "is deprecated (and undocumented); "
+ "use \"attrs\" instead.\n",
+ fname, lineno, 0 );
+ }
+
+ a->acl_attrs = str2anlist( a->acl_attrs,
+ right, "," );
+ if ( a->acl_attrs == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unknown attr \"%s\" in to clause\n",
+ fname, lineno, right );
+ return acl_usage();
+ }
+
+ } else if ( strncasecmp( left, "val", 3 ) == 0 ) {
+ struct berval bv;
+ char *mr;
+
+ if ( !BER_BVISEMPTY( &a->acl_attrval ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: attr val already specified in to clause.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+ if ( a->acl_attrs == NULL || !BER_BVISEMPTY( &a->acl_attrs[1].an_name ) )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: attr val requires a single attribute.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ ber_str2bv( right, 0, 0, &bv );
+ a->acl_attrval_style = ACL_STYLE_BASE;
+
+ mr = strchr( left, '/' );
+ if ( mr != NULL ) {
+ mr[ 0 ] = '\0';
+ mr++;
+
+ a->acl_attrval_mr = mr_find( mr );
+ if ( a->acl_attrval_mr == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "invalid matching rule \"%s\".\n",
+ fname, lineno, mr );
+ return acl_usage();
+ }
+
+ if( !mr_usable_with_at( a->acl_attrval_mr, a->acl_attrs[ 0 ].an_desc->ad_type ) )
+ {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "matching rule \"%s\" use "
+ "with attr \"%s\" not appropriate.",
+ mr, a->acl_attrs[ 0 ].an_name.bv_val );
+
+
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
+ fname, lineno, buf );
+ return acl_usage();
+ }
+ }
+
+ if ( style != NULL ) {
+ if ( strcasecmp( style, "regex" ) == 0 ) {
+ int e = regcomp( &a->acl_attrval_re, bv.bv_val,
+ REG_EXTENDED | REG_ICASE | REG_NOSUB );
+ if ( e ) {
+ char err[SLAP_TEXT_BUFLEN],
+ buf[ SLAP_TEXT_BUFLEN ];
+
+ regerror( e, &a->acl_attrval_re, err, sizeof( err ) );
+
+ snprintf( buf, sizeof( buf ),
+ "regular expression \"%s\" bad because of %s",
+ right, err );
+
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
+ fname, lineno, buf );
+ return acl_usage();
+ }
+ a->acl_attrval_style = ACL_STYLE_REGEX;
+
+ } else {
+ /* FIXME: if the attribute has DN syntax, we might
+ * allow one, subtree and children styles as well */
+ if ( !strcasecmp( style, "base" ) ||
+ !strcasecmp( style, "exact" ) ) {
+ a->acl_attrval_style = ACL_STYLE_BASE;
+
+ } else if ( a->acl_attrs[0].an_desc->ad_type->
+ sat_syntax == slap_schema.si_syn_distinguishedName )
+ {
+ if ( !strcasecmp( style, "baseObject" ) ||
+ !strcasecmp( style, "base" ) )
+ {
+ a->acl_attrval_style = ACL_STYLE_BASE;
+ } else if ( !strcasecmp( style, "onelevel" ) ||
+ !strcasecmp( style, "one" ) )
+ {
+ a->acl_attrval_style = ACL_STYLE_ONE;
+ } else if ( !strcasecmp( style, "subtree" ) ||
+ !strcasecmp( style, "sub" ) )
+ {
+ a->acl_attrval_style = ACL_STYLE_SUBTREE;
+ } else if ( !strcasecmp( style, "children" ) ) {
+ a->acl_attrval_style = ACL_STYLE_CHILDREN;
+ } else {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ /* FIXME: should be an error */
+
+ snprintf( buf, sizeof( buf ),
+ "unknown val.<style> \"%s\" "
+ "for attributeType \"%s\" with DN syntax"
+#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
+ "; using \"base\""
+#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
+ SLAPD_CONF_UNKNOWN_IGNORED ".",
+ style,
+ a->acl_attrs[0].an_desc->ad_cname.bv_val );
+
+ Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL,
+ "%s: line %d: %s\n",
+ fname, lineno, buf );
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ return acl_usage();
+#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
+ a->acl_attrval_style = ACL_STYLE_BASE;
+ }
+
+ rc = dnNormalize( 0, NULL, NULL, &bv, &a->acl_attrval, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "unable to normalize DN \"%s\" "
+ "for attributeType \"%s\" (%d).",
+ bv.bv_val,
+ a->acl_attrs[0].an_desc->ad_cname.bv_val,
+ rc );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: %s\n",
+ fname, lineno, buf );
+ return acl_usage();
+ }
+
+ } else {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ /* FIXME: should be an error */
+
+ snprintf( buf, sizeof( buf ),
+ "unknown val.<style> \"%s\" "
+ "for attributeType \"%s\""
+#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
+ "; using \"exact\""
+#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
+ SLAPD_CONF_UNKNOWN_IGNORED ".",
+ style, a->acl_attrs[0].an_desc->ad_cname.bv_val );
+ Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL,
+ "%s: line %d: %s\n",
+ fname, lineno, buf );
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ return acl_usage();
+#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
+ a->acl_attrval_style = ACL_STYLE_BASE;
+ }
+ }
+ }
+
+ /* Check for appropriate matching rule */
+ if ( a->acl_attrval_style == ACL_STYLE_REGEX ) {
+ ber_dupbv( &a->acl_attrval, &bv );
+
+ } else if ( BER_BVISNULL( &a->acl_attrval ) ) {
+ int rc;
+ const char *text;
+
+ if ( a->acl_attrval_mr == NULL ) {
+ a->acl_attrval_mr = a->acl_attrs[ 0 ].an_desc->ad_type->sat_equality;
+ }
+
+ if ( a->acl_attrval_mr == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "attr \"%s\" does not have an EQUALITY matching rule.\n",
+ fname, lineno, a->acl_attrs[ 0 ].an_name.bv_val );
+ return acl_usage();
+ }
+
+ rc = asserted_value_validate_normalize(
+ a->acl_attrs[ 0 ].an_desc,
+ a->acl_attrval_mr,
+ SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ &bv,
+ &a->acl_attrval,
+ &text,
+ NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ), "%s: line %d: "
+ " attr \"%s\" normalization failed (%d: %s)",
+ fname, lineno,
+ a->acl_attrs[ 0 ].an_name.bv_val, rc, text );
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: %s.\n",
+ fname, lineno, buf );
+ return acl_usage();
+ }
+ }
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: expecting <what> got \"%s\"\n",
+ fname, lineno, left );
+ return acl_usage();
+ }
+ }
+
+ if ( !BER_BVISNULL( &a->acl_dn_pat ) &&
+ ber_bvccmp( &a->acl_dn_pat, '*' ) )
+ {
+ free( a->acl_dn_pat.bv_val );
+ BER_BVZERO( &a->acl_dn_pat );
+ a->acl_dn_style = ACL_STYLE_REGEX;
+ }
+
+ if ( !BER_BVISEMPTY( &a->acl_dn_pat ) ||
+ a->acl_dn_style != ACL_STYLE_REGEX )
+ {
+ if ( a->acl_dn_style != ACL_STYLE_REGEX ) {
+ struct berval bv;
+ rc = dnNormalize( 0, NULL, NULL, &a->acl_dn_pat, &bv, NULL);
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: bad DN \"%s\" in to DN clause\n",
+ fname, lineno, a->acl_dn_pat.bv_val );
+ return acl_usage();
+ }
+ free( a->acl_dn_pat.bv_val );
+ a->acl_dn_pat = bv;
+
+ } else {
+ int e = regcomp( &a->acl_dn_re, a->acl_dn_pat.bv_val,
+ REG_EXTENDED | REG_ICASE );
+ if ( e ) {
+ char err[ SLAP_TEXT_BUFLEN ],
+ buf[ SLAP_TEXT_BUFLEN ];
+
+ regerror( e, &a->acl_dn_re, err, sizeof( err ) );
+ snprintf( buf, sizeof( buf ),
+ "regular expression \"%s\" bad because of %s",
+ right, err );
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
+ fname, lineno, buf );
+ return acl_usage();
+ }
+ }
+ }
+
+ /* by clause - select who has what access to entries */
+ } else if ( strcasecmp( argv[i], "by" ) == 0 ) {
+ if ( a == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "to clause required before by clause in access line\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ /*
+ * by clause consists of <who> and <access>
+ */
+
+ b = (Access *) ch_calloc( 1, sizeof(Access) );
+
+ ACL_INVALIDATE( b->a_access_mask );
+
+ if ( ++i == argc ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: premature EOL: expecting <who>\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ /* get <who> */
+ for ( ; i < argc; i++ ) {
+ slap_style_t sty = ACL_STYLE_REGEX;
+ char *style_modifier = NULL;
+ char *style_level = NULL;
+ int level = 0;
+ int expand = 0;
+ slap_dn_access *bdn = &b->a_dn;
+ int is_realdn = 0;
+
+ split( argv[i], '=', &left, &right );
+ split( left, '.', &left, &style );
+ if ( style ) {
+ split( style, ',', &style, &style_modifier );
+
+ if ( strncasecmp( style, "level", STRLENOF( "level" ) ) == 0 ) {
+ split( style, '{', &style, &style_level );
+ if ( style_level != NULL ) {
+ char *p = strchr( style_level, '}' );
+ if ( p == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: premature eol: "
+ "expecting closing '}' in \"level{n}\"\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ } else if ( p == style_level ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: empty level "
+ "in \"level{n}\"\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+ p[0] = '\0';
+ }
+ }
+ }
+
+ if ( style == NULL || *style == '\0' ||
+ strcasecmp( style, "exact" ) == 0 ||
+ strcasecmp( style, "baseObject" ) == 0 ||
+ strcasecmp( style, "base" ) == 0 )
+ {
+ sty = ACL_STYLE_BASE;
+
+ } else if ( strcasecmp( style, "onelevel" ) == 0 ||
+ strcasecmp( style, "one" ) == 0 )
+ {
+ sty = ACL_STYLE_ONE;
+
+ } else if ( strcasecmp( style, "subtree" ) == 0 ||
+ strcasecmp( style, "sub" ) == 0 )
+ {
+ sty = ACL_STYLE_SUBTREE;
+
+ } else if ( strcasecmp( style, "children" ) == 0 ) {
+ sty = ACL_STYLE_CHILDREN;
+
+ } else if ( strcasecmp( style, "level" ) == 0 )
+ {
+ if ( lutil_atoi( &level, style_level ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse level "
+ "in \"level{n}\"\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ sty = ACL_STYLE_LEVEL;
+
+ } else if ( strcasecmp( style, "regex" ) == 0 ) {
+ sty = ACL_STYLE_REGEX;
+
+ } else if ( strcasecmp( style, "expand" ) == 0 ) {
+ sty = ACL_STYLE_EXPAND;
+
+ } else if ( strcasecmp( style, "ip" ) == 0 ) {
+ sty = ACL_STYLE_IP;
+
+ } else if ( strcasecmp( style, "path" ) == 0 ) {
+ sty = ACL_STYLE_PATH;
+#ifndef LDAP_PF_LOCAL
+ Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL,
+ "%s: line %d: "
+ "\"path\" style modifier is useless without local"
+ SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ fname, lineno, 0 );
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ return acl_usage();
+#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
+#endif /* LDAP_PF_LOCAL */
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unknown style \"%s\" in by clause\n",
+ fname, lineno, style );
+ return acl_usage();
+ }
+
+ if ( style_modifier &&
+ strcasecmp( style_modifier, "expand" ) == 0 )
+ {
+ switch ( sty ) {
+ case ACL_STYLE_REGEX:
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"regex\" style implies "
+ "\"expand\" modifier"
+ SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ fname, lineno, 0 );
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ return acl_usage();
+#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
+ break;
+
+ case ACL_STYLE_EXPAND:
+ break;
+
+ default:
+ /* we'll see later if it's pertinent */
+ expand = 1;
+ break;
+ }
+ }
+
+ /* expand in <who> needs regex in <what> */
+ if ( ( sty == ACL_STYLE_EXPAND || expand )
+ && a->acl_dn_style != ACL_STYLE_REGEX )
+ {
+ Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL, "%s: line %d: "
+ "\"expand\" style or modifier used "
+ "in conjunction with "
+ "a non-regex <what> clause"
+ SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ fname, lineno, 0 );
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ return acl_usage();
+#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
+ }
+
+ if ( strncasecmp( left, "real", STRLENOF( "real" ) ) == 0 ) {
+ is_realdn = 1;
+ bdn = &b->a_realdn;
+ left += STRLENOF( "real" );
+ }
+
+ if ( strcasecmp( left, "*" ) == 0 ) {
+ if ( is_realdn ) {
+ return acl_usage();
+ }
+
+ ber_str2bv( "*", STRLENOF( "*" ), 1, &bv );
+ sty = ACL_STYLE_REGEX;
+
+ } else if ( strcasecmp( left, "anonymous" ) == 0 ) {
+ ber_str2bv("anonymous", STRLENOF( "anonymous" ), 1, &bv);
+ sty = ACL_STYLE_ANONYMOUS;
+
+ } else if ( strcasecmp( left, "users" ) == 0 ) {
+ ber_str2bv("users", STRLENOF( "users" ), 1, &bv);
+ sty = ACL_STYLE_USERS;
+
+ } else if ( strcasecmp( left, "self" ) == 0 ) {
+ ber_str2bv("self", STRLENOF( "self" ), 1, &bv);
+ sty = ACL_STYLE_SELF;
+
+ } else if ( strcasecmp( left, "dn" ) == 0 ) {
+ if ( sty == ACL_STYLE_REGEX ) {
+ bdn->a_style = ACL_STYLE_REGEX;
+ if ( right == NULL ) {
+ /* no '=' */
+ ber_str2bv("users",
+ STRLENOF( "users" ),
+ 1, &bv);
+ bdn->a_style = ACL_STYLE_USERS;
+
+ } else if (*right == '\0' ) {
+ /* dn="" */
+ ber_str2bv("anonymous",
+ STRLENOF( "anonymous" ),
+ 1, &bv);
+ bdn->a_style = ACL_STYLE_ANONYMOUS;
+
+ } else if ( strcmp( right, "*" ) == 0 ) {
+ /* dn=* */
+ /* any or users? users for now */
+ ber_str2bv("users",
+ STRLENOF( "users" ),
+ 1, &bv);
+ bdn->a_style = ACL_STYLE_USERS;
+
+ } else if ( strcmp( right, ".+" ) == 0
+ || strcmp( right, "^.+" ) == 0
+ || strcmp( right, ".+$" ) == 0
+ || strcmp( right, "^.+$" ) == 0
+ || strcmp( right, ".+$$" ) == 0
+ || strcmp( right, "^.+$$" ) == 0 )
+ {
+ ber_str2bv("users",
+ STRLENOF( "users" ),
+ 1, &bv);
+ bdn->a_style = ACL_STYLE_USERS;
+
+ } else if ( strcmp( right, ".*" ) == 0
+ || strcmp( right, "^.*" ) == 0
+ || strcmp( right, ".*$" ) == 0
+ || strcmp( right, "^.*$" ) == 0
+ || strcmp( right, ".*$$" ) == 0
+ || strcmp( right, "^.*$$" ) == 0 )
+ {
+ ber_str2bv("*",
+ STRLENOF( "*" ),
+ 1, &bv);
+
+ } else {
+ acl_regex_normalized_dn( right, &bv );
+ if ( !ber_bvccmp( &bv, '*' ) ) {
+ regtest( fname, lineno, bv.bv_val );
+ }
+ }
+
+ } else if ( right == NULL || *right == '\0' ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "missing \"=\" in (or value after) \"%s\" "
+ "in by clause\n",
+ fname, lineno, left );
+ return acl_usage();
+
+ } else {
+ ber_str2bv( right, 0, 1, &bv );
+ }
+
+ } else {
+ BER_BVZERO( &bv );
+ }
+
+ if ( !BER_BVISNULL( &bv ) ) {
+ if ( !BER_BVISEMPTY( &bdn->a_pat ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: dn pattern already specified.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ if ( sty != ACL_STYLE_REGEX &&
+ sty != ACL_STYLE_ANONYMOUS &&
+ sty != ACL_STYLE_USERS &&
+ sty != ACL_STYLE_SELF &&
+ expand == 0 )
+ {
+ rc = dnNormalize(0, NULL, NULL,
+ &bv, &bdn->a_pat, NULL);
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: bad DN \"%s\" in by DN clause\n",
+ fname, lineno, bv.bv_val );
+ return acl_usage();
+ }
+ free( bv.bv_val );
+ if ( sty == ACL_STYLE_BASE
+ && be != NULL
+ && !BER_BVISNULL( &be->be_rootndn )
+ && dn_match( &bdn->a_pat, &be->be_rootndn ) )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: rootdn is always granted "
+ "unlimited privileges.\n",
+ fname, lineno, 0 );
+ }
+
+ } else {
+ bdn->a_pat = bv;
+ }
+ bdn->a_style = sty;
+ if ( expand ) {
+ char *exp;
+ int gotit = 0;
+
+ for ( exp = strchr( bdn->a_pat.bv_val, '$' );
+ exp && (ber_len_t)(exp - bdn->a_pat.bv_val)
+ < bdn->a_pat.bv_len;
+ exp = strchr( exp, '$' ) )
+ {
+ if ( isdigit( exp[ 1 ] ) ) {
+ gotit = 1;
+ break;
+ }
+ }
+
+ if ( gotit == 1 ) {
+ bdn->a_expand = expand;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"expand\" used "
+ "with no expansions in \"pattern\""
+ SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ fname, lineno, 0 );
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ return acl_usage();
+#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
+ }
+ }
+ if ( sty == ACL_STYLE_SELF ) {
+ bdn->a_self_level = level;
+
+ } else {
+ if ( level < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: bad negative level \"%d\" "
+ "in by DN clause\n",
+ fname, lineno, level );
+ return acl_usage();
+ } else if ( level == 1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"onelevel\" should be used "
+ "instead of \"level{1}\" in by DN clause\n",
+ fname, lineno, 0 );
+ } else if ( level == 0 && sty == ACL_STYLE_LEVEL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"base\" should be used "
+ "instead of \"level{0}\" in by DN clause\n",
+ fname, lineno, 0 );
+ }
+
+ bdn->a_level = level;
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "dnattr" ) == 0 ) {
+ if ( right == NULL || right[0] == '\0' ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "missing \"=\" in (or value after) \"%s\" "
+ "in by clause\n",
+ fname, lineno, left );
+ return acl_usage();
+ }
+
+ if( bdn->a_at != NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: dnattr already specified.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ rc = slap_str2ad( right, &bdn->a_at, &text );
+
+ if( rc != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "dnattr \"%s\": %s",
+ right, text );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: %s\n",
+ fname, lineno, buf );
+ return acl_usage();
+ }
+
+
+ if( !is_at_syntax( bdn->a_at->ad_type,
+ SLAPD_DN_SYNTAX ) &&
+ !is_at_syntax( bdn->a_at->ad_type,
+ SLAPD_NAMEUID_SYNTAX ))
+ {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "dnattr \"%s\": "
+ "inappropriate syntax: %s\n",
+ right,
+ bdn->a_at->ad_type->sat_syntax_oid );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: %s\n",
+ fname, lineno, buf );
+ return acl_usage();
+ }
+
+ if( bdn->a_at->ad_type->sat_equality == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: dnattr \"%s\": "
+ "inappropriate matching (no EQUALITY)\n",
+ fname, lineno, right );
+ return acl_usage();
+ }
+
+ continue;
+ }
+
+ if ( strncasecmp( left, "group", STRLENOF( "group" ) ) == 0 ) {
+ char *name = NULL;
+ char *value = NULL;
+
+ switch ( sty ) {
+ case ACL_STYLE_REGEX:
+ /* legacy, tolerated */
+ Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL,
+ "%s: line %d: "
+ "deprecated group style \"regex\"; "
+ "use \"expand\" instead.\n",
+ fname, lineno, 0 );
+ sty = ACL_STYLE_EXPAND;
+ break;
+
+ case ACL_STYLE_BASE:
+ /* legal, traditional */
+ case ACL_STYLE_EXPAND:
+ /* legal, substring expansion; supersedes regex */
+ break;
+
+ default:
+ /* unknown */
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: "
+ "inappropriate style \"%s\" in by clause.\n",
+ fname, lineno, style );
+ return acl_usage();
+ }
+
+ if ( right == NULL || right[0] == '\0' ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: "
+ "missing \"=\" in (or value after) \"%s\" "
+ "in by clause.\n",
+ fname, lineno, left );
+ return acl_usage();
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_group_pat ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: group pattern already specified.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ /* format of string is
+ "group/objectClassValue/groupAttrName" */
+ if ( ( value = strchr(left, '/') ) != NULL ) {
+ *value++ = '\0';
+ if ( *value && ( name = strchr( value, '/' ) ) != NULL ) {
+ *name++ = '\0';
+ }
+ }
+
+ b->a_group_style = sty;
+ if ( sty == ACL_STYLE_EXPAND ) {
+ acl_regex_normalized_dn( right, &bv );
+ if ( !ber_bvccmp( &bv, '*' ) ) {
+ regtest( fname, lineno, bv.bv_val );
+ }
+ b->a_group_pat = bv;
+
+ } else {
+ ber_str2bv( right, 0, 0, &bv );
+ rc = dnNormalize( 0, NULL, NULL, &bv,
+ &b->a_group_pat, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: bad DN \"%s\".\n",
+ fname, lineno, right );
+ return acl_usage();
+ }
+ }
+
+ if ( value && *value ) {
+ b->a_group_oc = oc_find( value );
+ *--value = '/';
+
+ if ( b->a_group_oc == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: group objectclass "
+ "\"%s\" unknown.\n",
+ fname, lineno, value );
+ return acl_usage();
+ }
+
+ } else {
+ b->a_group_oc = oc_find( SLAPD_GROUP_CLASS );
+
+ if( b->a_group_oc == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: group default objectclass "
+ "\"%s\" unknown.\n",
+ fname, lineno, SLAPD_GROUP_CLASS );
+ return acl_usage();
+ }
+ }
+
+ if ( is_object_subclass( slap_schema.si_oc_referral,
+ b->a_group_oc ) )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: group objectclass \"%s\" "
+ "is subclass of referral.\n",
+ fname, lineno, value );
+ return acl_usage();
+ }
+
+ if ( is_object_subclass( slap_schema.si_oc_alias,
+ b->a_group_oc ) )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: group objectclass \"%s\" "
+ "is subclass of alias.\n",
+ fname, lineno, value );
+ return acl_usage();
+ }
+
+ if ( name && *name ) {
+ rc = slap_str2ad( name, &b->a_group_at, &text );
+
+ if( rc != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "group \"%s\": %s.",
+ right, text );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: %s\n",
+ fname, lineno, buf );
+ return acl_usage();
+ }
+ *--name = '/';
+
+ } else {
+ rc = slap_str2ad( SLAPD_GROUP_ATTR, &b->a_group_at, &text );
+
+ if ( rc != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "group \"%s\": %s.",
+ SLAPD_GROUP_ATTR, text );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: %s\n",
+ fname, lineno, buf );
+ return acl_usage();
+ }
+ }
+
+ if ( !is_at_syntax( b->a_group_at->ad_type,
+ SLAPD_DN_SYNTAX ) &&
+ !is_at_syntax( b->a_group_at->ad_type,
+ SLAPD_NAMEUID_SYNTAX ) &&
+ !is_at_subtype( b->a_group_at->ad_type, slap_schema.si_ad_labeledURI->ad_type ) )
+ {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "group \"%s\": inappropriate syntax: %s.",
+ right,
+ b->a_group_at->ad_type->sat_syntax_oid );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: %s\n",
+ fname, lineno, buf );
+ return acl_usage();
+ }
+
+
+ {
+ int rc;
+ struct berval vals[2];
+
+ ber_str2bv( b->a_group_oc->soc_oid, 0, 0, &vals[0] );
+ BER_BVZERO( &vals[1] );
+
+ rc = oc_check_allowed( b->a_group_at->ad_type,
+ vals, NULL );
+
+ if( rc != 0 ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "group: \"%s\" not allowed by \"%s\".",
+ b->a_group_at->ad_cname.bv_val,
+ b->a_group_oc->soc_oid );
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
+ fname, lineno, buf );
+ return acl_usage();
+ }
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "peername" ) == 0 ) {
+ switch ( sty ) {
+ case ACL_STYLE_REGEX:
+ case ACL_STYLE_BASE:
+ /* legal, traditional */
+ case ACL_STYLE_EXPAND:
+ /* cheap replacement to regex for simple expansion */
+ case ACL_STYLE_IP:
+ case ACL_STYLE_PATH:
+ /* legal, peername specific */
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause.\n",
+ fname, lineno, style );
+ return acl_usage();
+ }
+
+ if ( right == NULL || right[0] == '\0' ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "missing \"=\" in (or value after) \"%s\" "
+ "in by clause.\n",
+ fname, lineno, left );
+ return acl_usage();
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_peername_pat ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "peername pattern already specified.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ b->a_peername_style = sty;
+ if ( sty == ACL_STYLE_REGEX ) {
+ acl_regex_normalized_dn( right, &bv );
+ if ( !ber_bvccmp( &bv, '*' ) ) {
+ regtest( fname, lineno, bv.bv_val );
+ }
+ b->a_peername_pat = bv;
+
+ } else {
+ ber_str2bv( right, 0, 1, &b->a_peername_pat );
+
+ if ( sty == ACL_STYLE_IP ) {
+ char *addr = NULL,
+ *mask = NULL,
+ *port = NULL;
+
+ split( right, '{', &addr, &port );
+ split( addr, '%', &addr, &mask );
+
+ b->a_peername_addr = inet_addr( addr );
+ if ( b->a_peername_addr == (unsigned long)(-1) ) {
+ /* illegal address */
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "illegal peername address \"%s\".\n",
+ fname, lineno, addr );
+ return acl_usage();
+ }
+
+ b->a_peername_mask = (unsigned long)(-1);
+ if ( mask != NULL ) {
+ b->a_peername_mask = inet_addr( mask );
+ if ( b->a_peername_mask ==
+ (unsigned long)(-1) )
+ {
+ /* illegal mask */
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "illegal peername address mask "
+ "\"%s\".\n",
+ fname, lineno, mask );
+ return acl_usage();
+ }
+ }
+
+ b->a_peername_port = -1;
+ if ( port ) {
+ char *end = NULL;
+
+ b->a_peername_port = strtol( port, &end, 10 );
+ if ( end == port || end[0] != '}' ) {
+ /* illegal port */
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "illegal peername port specification "
+ "\"{%s}\".\n",
+ fname, lineno, port );
+ return acl_usage();
+ }
+ }
+ }
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "sockname" ) == 0 ) {
+ switch ( sty ) {
+ case ACL_STYLE_REGEX:
+ case ACL_STYLE_BASE:
+ /* legal, traditional */
+ case ACL_STYLE_EXPAND:
+ /* cheap replacement to regex for simple expansion */
+ break;
+
+ default:
+ /* unknown */
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause\n",
+ fname, lineno, style );
+ return acl_usage();
+ }
+
+ if ( right == NULL || right[0] == '\0' ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "missing \"=\" in (or value after) \"%s\" "
+ "in by clause\n",
+ fname, lineno, left );
+ return acl_usage();
+ }
+
+ if ( !BER_BVISNULL( &b->a_sockname_pat ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "sockname pattern already specified.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ b->a_sockname_style = sty;
+ if ( sty == ACL_STYLE_REGEX ) {
+ acl_regex_normalized_dn( right, &bv );
+ if ( !ber_bvccmp( &bv, '*' ) ) {
+ regtest( fname, lineno, bv.bv_val );
+ }
+ b->a_sockname_pat = bv;
+
+ } else {
+ ber_str2bv( right, 0, 1, &b->a_sockname_pat );
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "domain" ) == 0 ) {
+ switch ( sty ) {
+ case ACL_STYLE_REGEX:
+ case ACL_STYLE_BASE:
+ case ACL_STYLE_SUBTREE:
+ /* legal, traditional */
+ break;
+
+ case ACL_STYLE_EXPAND:
+ /* tolerated: means exact,expand */
+ if ( expand ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: "
+ "\"expand\" modifier "
+ "with \"expand\" style.\n",
+ fname, lineno, 0 );
+ }
+ sty = ACL_STYLE_BASE;
+ expand = 1;
+ break;
+
+ default:
+ /* unknown */
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause.\n",
+ fname, lineno, style );
+ return acl_usage();
+ }
+
+ if ( right == NULL || right[0] == '\0' ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "missing \"=\" in (or value after) \"%s\" "
+ "in by clause.\n",
+ fname, lineno, left );
+ return acl_usage();
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_domain_pat ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: domain pattern already specified.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ b->a_domain_style = sty;
+ b->a_domain_expand = expand;
+ if ( sty == ACL_STYLE_REGEX ) {
+ acl_regex_normalized_dn( right, &bv );
+ if ( !ber_bvccmp( &bv, '*' ) ) {
+ regtest( fname, lineno, bv.bv_val );
+ }
+ b->a_domain_pat = bv;
+
+ } else {
+ ber_str2bv( right, 0, 1, &b->a_domain_pat );
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "sockurl" ) == 0 ) {
+ switch ( sty ) {
+ case ACL_STYLE_REGEX:
+ case ACL_STYLE_BASE:
+ /* legal, traditional */
+ case ACL_STYLE_EXPAND:
+ /* cheap replacement to regex for simple expansion */
+ break;
+
+ default:
+ /* unknown */
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause.\n",
+ fname, lineno, style );
+ return acl_usage();
+ }
+
+ if ( right == NULL || right[0] == '\0' ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "missing \"=\" in (or value after) \"%s\" "
+ "in by clause.\n",
+ fname, lineno, left );
+ return acl_usage();
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_sockurl_pat ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: sockurl pattern already specified.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ b->a_sockurl_style = sty;
+ if ( sty == ACL_STYLE_REGEX ) {
+ acl_regex_normalized_dn( right, &bv );
+ if ( !ber_bvccmp( &bv, '*' ) ) {
+ regtest( fname, lineno, bv.bv_val );
+ }
+ b->a_sockurl_pat = bv;
+
+ } else {
+ ber_str2bv( right, 0, 1, &b->a_sockurl_pat );
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "set" ) == 0 ) {
+ switch ( sty ) {
+ /* deprecated */
+ case ACL_STYLE_REGEX:
+ Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL,
+ "%s: line %d: "
+ "deprecated set style "
+ "\"regex\" in <by> clause; "
+ "use \"expand\" instead.\n",
+ fname, lineno, 0 );
+ sty = ACL_STYLE_EXPAND;
+ /* FALLTHRU */
+
+ case ACL_STYLE_BASE:
+ case ACL_STYLE_EXPAND:
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause.\n",
+ fname, lineno, style );
+ return acl_usage();
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_set_pat ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: set attribute already specified.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ if ( right == NULL || *right == '\0' ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: no set is defined.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ b->a_set_style = sty;
+ ber_str2bv( right, 0, 1, &b->a_set_pat );
+
+ continue;
+ }
+
+#ifdef SLAP_DYNACL
+ {
+ char *name = NULL,
+ *opts = NULL;
+
+ if ( strcasecmp( left, "aci" ) == 0 ) {
+ name = "aci";
+
+ } else if ( strncasecmp( left, "dynacl/", STRLENOF( "dynacl/" ) ) == 0 ) {
+ name = &left[ STRLENOF( "dynacl/" ) ];
+ opts = strchr( name, '/' );
+ if ( opts ) {
+ opts[ 0 ] = '\0';
+ opts++;
+ }
+ }
+
+ if ( name ) {
+ if ( slap_dynacl_config( fname, lineno, b, name, opts, sty, right ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "unable to configure dynacl \"%s\".\n",
+ fname, lineno, name );
+ return acl_usage();
+ }
+
+ continue;
+ }
+ }
+#else /* ! SLAP_DYNACL */
+
+#ifdef SLAPD_ACI_ENABLED
+ if ( strcasecmp( left, "aci" ) == 0 ) {
+ if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause.\n",
+ fname, lineno, style );
+ return acl_usage();
+ }
+
+ if( b->a_aci_at != NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: ACI attribute already specified.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ if ( right != NULL && *right != '\0' ) {
+ rc = slap_str2ad( right, &b->a_aci_at, &text );
+
+ if( rc != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "aci \"%s\": %s.",
+ right, text );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: %s\n",
+ fname, lineno, buf );
+ return acl_usage();
+ }
+
+ } else {
+ b->a_aci_at = slap_ad_aci;
+ }
+
+ if( !is_at_syntax( b->a_aci_at->ad_type,
+ SLAPD_ACI_SYNTAX) )
+ {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "ACI \"%s\": inappropriate syntax: %s.",
+ right,
+ b->a_aci_at->ad_type->sat_syntax_oid );
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
+ fname, lineno, buf );
+ return acl_usage();
+ }
+
+ continue;
+ }
+#endif /* SLAPD_ACI_ENABLED */
+#endif /* ! SLAP_DYNACL */
+
+ if ( strcasecmp( left, "ssf" ) == 0 ) {
+ if ( sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause.\n",
+ fname, lineno, style );
+ return acl_usage();
+ }
+
+ if ( b->a_authz.sai_ssf ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: ssf attribute already specified.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ if ( right == NULL || *right == '\0' ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: no ssf is defined.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ if ( lutil_atou( &b->a_authz.sai_ssf, right ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse ssf value (%s).\n",
+ fname, lineno, right );
+ return acl_usage();
+ }
+
+ if ( !b->a_authz.sai_ssf ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: invalid ssf value (%s).\n",
+ fname, lineno, right );
+ return acl_usage();
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "transport_ssf" ) == 0 ) {
+ if ( sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause.\n",
+ fname, lineno, style );
+ return acl_usage();
+ }
+
+ if ( b->a_authz.sai_transport_ssf ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "transport_ssf attribute already specified.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ if ( right == NULL || *right == '\0' ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: no transport_ssf is defined.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ if ( lutil_atou( &b->a_authz.sai_transport_ssf, right ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "unable to parse transport_ssf value (%s).\n",
+ fname, lineno, right );
+ return acl_usage();
+ }
+
+ if ( !b->a_authz.sai_transport_ssf ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: invalid transport_ssf value (%s).\n",
+ fname, lineno, right );
+ return acl_usage();
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "tls_ssf" ) == 0 ) {
+ if ( sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause.\n",
+ fname, lineno, style );
+ return acl_usage();
+ }
+
+ if ( b->a_authz.sai_tls_ssf ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "tls_ssf attribute already specified.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ if ( right == NULL || *right == '\0' ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: no tls_ssf is defined\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ if ( lutil_atou( &b->a_authz.sai_tls_ssf, right ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "unable to parse tls_ssf value (%s).\n",
+ fname, lineno, right );
+ return acl_usage();
+ }
+
+ if ( !b->a_authz.sai_tls_ssf ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: invalid tls_ssf value (%s).\n",
+ fname, lineno, right );
+ return acl_usage();
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "sasl_ssf" ) == 0 ) {
+ if ( sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause.\n",
+ fname, lineno, style );
+ return acl_usage();
+ }
+
+ if ( b->a_authz.sai_sasl_ssf ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "sasl_ssf attribute already specified.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ if ( right == NULL || *right == '\0' ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: no sasl_ssf is defined.\n",
+ fname, lineno, 0 );
+ return acl_usage();
+ }
+
+ if ( lutil_atou( &b->a_authz.sai_sasl_ssf, right ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "unable to parse sasl_ssf value (%s).\n",
+ fname, lineno, right );
+ return acl_usage();
+ }
+
+ if ( !b->a_authz.sai_sasl_ssf ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: invalid sasl_ssf value (%s).\n",
+ fname, lineno, right );
+ return acl_usage();
+ }
+ continue;
+ }
+
+ if ( right != NULL ) {
+ /* unsplit */
+ right[-1] = '=';
+ }
+ break;
+ }
+
+ if ( i == argc || ( strcasecmp( left, "stop" ) == 0 ) ) {
+ /* out of arguments or plain stop */
+
+ ACL_PRIV_ASSIGN( b->a_access_mask, ACL_PRIV_ADDITIVE );
+ b->a_type = ACL_STOP;
+
+ access_append( &a->acl_access, b );
+ continue;
+ }
+
+ if ( strcasecmp( left, "continue" ) == 0 ) {
+ /* plain continue */
+
+ ACL_PRIV_ASSIGN( b->a_access_mask, ACL_PRIV_ADDITIVE );
+ b->a_type = ACL_CONTINUE;
+
+ access_append( &a->acl_access, b );
+ continue;
+ }
+
+ if ( strcasecmp( left, "break" ) == 0 ) {
+ /* plain continue */
+
+ ACL_PRIV_ASSIGN(b->a_access_mask, ACL_PRIV_ADDITIVE);
+ b->a_type = ACL_BREAK;
+
+ access_append( &a->acl_access, b );
+ continue;
+ }
+
+ if ( strcasecmp( left, "by" ) == 0 ) {
+ /* we've gone too far */
+ --i;
+ ACL_PRIV_ASSIGN( b->a_access_mask, ACL_PRIV_ADDITIVE );
+ b->a_type = ACL_STOP;
+
+ access_append( &a->acl_access, b );
+ continue;
+ }
+
+ /* get <access> */
+ if ( strncasecmp( left, "self", STRLENOF( "self" ) ) == 0 ) {
+ b->a_dn_self = 1;
+ ACL_PRIV_ASSIGN( b->a_access_mask, str2accessmask( &left[ STRLENOF( "self" ) ] ) );
+
+ } else if ( strncasecmp( left, "realself", STRLENOF( "realself" ) ) == 0 ) {
+ b->a_realdn_self = 1;
+ ACL_PRIV_ASSIGN( b->a_access_mask, str2accessmask( &left[ STRLENOF( "realself" ) ] ) );
+
+ } else {
+ ACL_PRIV_ASSIGN( b->a_access_mask, str2accessmask( left ) );
+ }
+
+ if ( ACL_IS_INVALID( b->a_access_mask ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: expecting <access> got \"%s\".\n",
+ fname, lineno, left );
+ return acl_usage();
+ }
+
+ b->a_type = ACL_STOP;
+
+ if ( ++i == argc ) {
+ /* out of arguments or plain stop */
+ access_append( &a->acl_access, b );
+ continue;
+ }
+
+ if ( strcasecmp( argv[i], "continue" ) == 0 ) {
+ /* plain continue */
+ b->a_type = ACL_CONTINUE;
+
+ } else if ( strcasecmp( argv[i], "break" ) == 0 ) {
+ /* plain continue */
+ b->a_type = ACL_BREAK;
+
+ } else if ( strcasecmp( argv[i], "stop" ) != 0 ) {
+ /* gone to far */
+ i--;
+ }
+
+ access_append( &a->acl_access, b );
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: expecting \"to\" "
+ "or \"by\" got \"%s\"\n",
+ fname, lineno, argv[i] );
+ return acl_usage();
+ }
+ }
+
+ /* if we have no real access clause, complain and do nothing */
+ if ( a == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "warning: no access clause(s) "
+ "specified in access line"
+ SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ fname, lineno, 0 );
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ return acl_usage();
+#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
+
+ } else {
+#ifdef LDAP_DEBUG
+ if ( ldap_debug & LDAP_DEBUG_ACL ) {
+ print_acl( be, a );
+ }
+#endif
+
+ if ( a->acl_access == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "warning: no by clause(s) "
+ "specified in access line"
+ SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ fname, lineno, 0 );
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ return acl_usage();
+#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
+ }
+
+ if ( be != NULL ) {
+ if ( be->be_nsuffix == NULL ) {
+ Debug( LDAP_DEBUG_ACL, "%s: line %d: warning: "
+ "scope checking needs suffix before ACLs.\n",
+ fname, lineno, 0 );
+ /* go ahead, since checking is not authoritative */
+ } else if ( !BER_BVISNULL( &be->be_nsuffix[ 1 ] ) ) {
+ Debug( LDAP_DEBUG_ACL, "%s: line %d: warning: "
+ "scope checking only applies to single-valued "
+ "suffix databases\n",
+ fname, lineno, 0 );
+ /* go ahead, since checking is not authoritative */
+ } else {
+ switch ( check_scope( be, a ) ) {
+ case ACL_SCOPE_UNKNOWN:
+ Debug( LDAP_DEBUG_ACL, "%s: line %d: warning: "
+ "cannot assess the validity of the ACL scope within "
+ "backend naming context\n",
+ fname, lineno, 0 );
+ break;
+
+ case ACL_SCOPE_WARN:
+ Debug( LDAP_DEBUG_ACL, "%s: line %d: warning: "
+ "ACL could be out of scope within backend naming context\n",
+ fname, lineno, 0 );
+ break;
+
+ case ACL_SCOPE_PARTIAL:
+ Debug( LDAP_DEBUG_ACL, "%s: line %d: warning: "
+ "ACL appears to be partially out of scope within "
+ "backend naming context\n",
+ fname, lineno, 0 );
+ break;
+
+ case ACL_SCOPE_ERR:
+ Debug( LDAP_DEBUG_ACL, "%s: line %d: warning: "
+ "ACL appears to be out of scope within "
+ "backend naming context\n",
+ fname, lineno, 0 );
+ break;
+
+ default:
+ break;
+ }
+ }
+ acl_append( &be->be_acl, a, pos );
+
+ } else {
+ acl_append( &frontendDB->be_acl, a, pos );
+ }
+ }
+
+ return 0;
+}
+
+char *
+accessmask2str( slap_mask_t mask, char *buf, int debug )
+{
+ int none = 1;
+ char *ptr = buf;
+
+ assert( buf != NULL );
+
+ if ( ACL_IS_INVALID( mask ) ) {
+ return "invalid";
+ }
+
+ buf[0] = '\0';
+
+ if ( ACL_IS_LEVEL( mask ) ) {
+ if ( ACL_LVL_IS_NONE(mask) ) {
+ ptr = lutil_strcopy( ptr, "none" );
+
+ } else if ( ACL_LVL_IS_DISCLOSE(mask) ) {
+ ptr = lutil_strcopy( ptr, "disclose" );
+
+ } else if ( ACL_LVL_IS_AUTH(mask) ) {
+ ptr = lutil_strcopy( ptr, "auth" );
+
+ } else if ( ACL_LVL_IS_COMPARE(mask) ) {
+ ptr = lutil_strcopy( ptr, "compare" );
+
+ } else if ( ACL_LVL_IS_SEARCH(mask) ) {
+ ptr = lutil_strcopy( ptr, "search" );
+
+ } else if ( ACL_LVL_IS_READ(mask) ) {
+ ptr = lutil_strcopy( ptr, "read" );
+
+ } else if ( ACL_LVL_IS_WRITE(mask) ) {
+ ptr = lutil_strcopy( ptr, "write" );
+
+ } else if ( ACL_LVL_IS_WADD(mask) ) {
+ ptr = lutil_strcopy( ptr, "add" );
+
+ } else if ( ACL_LVL_IS_WDEL(mask) ) {
+ ptr = lutil_strcopy( ptr, "delete" );
+
+ } else if ( ACL_LVL_IS_MANAGE(mask) ) {
+ ptr = lutil_strcopy( ptr, "manage" );
+
+ } else {
+ ptr = lutil_strcopy( ptr, "unknown" );
+ }
+
+ if ( !debug ) {
+ *ptr = '\0';
+ return buf;
+ }
+ *ptr++ = '(';
+ }
+
+ if( ACL_IS_ADDITIVE( mask ) ) {
+ *ptr++ = '+';
+
+ } else if( ACL_IS_SUBTRACTIVE( mask ) ) {
+ *ptr++ = '-';
+
+ } else {
+ *ptr++ = '=';
+ }
+
+ if ( ACL_PRIV_ISSET(mask, ACL_PRIV_MANAGE) ) {
+ none = 0;
+ *ptr++ = 'm';
+ }
+
+ if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WRITE) ) {
+ none = 0;
+ *ptr++ = 'w';
+
+ } else if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WADD) ) {
+ none = 0;
+ *ptr++ = 'a';
+
+ } else if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WDEL) ) {
+ none = 0;
+ *ptr++ = 'z';
+ }
+
+ if ( ACL_PRIV_ISSET(mask, ACL_PRIV_READ) ) {
+ none = 0;
+ *ptr++ = 'r';
+ }
+
+ if ( ACL_PRIV_ISSET(mask, ACL_PRIV_SEARCH) ) {
+ none = 0;
+ *ptr++ = 's';
+ }
+
+ if ( ACL_PRIV_ISSET(mask, ACL_PRIV_COMPARE) ) {
+ none = 0;
+ *ptr++ = 'c';
+ }
+
+ if ( ACL_PRIV_ISSET(mask, ACL_PRIV_AUTH) ) {
+ none = 0;
+ *ptr++ = 'x';
+ }
+
+ if ( ACL_PRIV_ISSET(mask, ACL_PRIV_DISCLOSE) ) {
+ none = 0;
+ *ptr++ = 'd';
+ }
+
+ if ( none && ACL_PRIV_ISSET(mask, ACL_PRIV_NONE) ) {
+ none = 0;
+ *ptr++ = '0';
+ }
+
+ if ( none ) {
+ ptr = buf;
+ }
+
+ if ( ACL_IS_LEVEL( mask ) ) {
+ *ptr++ = ')';
+ }
+
+ *ptr = '\0';
+
+ return buf;
+}
+
+slap_mask_t
+str2accessmask( const char *str )
+{
+ slap_mask_t mask;
+
+ if( !ASCII_ALPHA(str[0]) ) {
+ int i;
+
+ if ( str[0] == '=' ) {
+ ACL_INIT(mask);
+
+ } else if( str[0] == '+' ) {
+ ACL_PRIV_ASSIGN(mask, ACL_PRIV_ADDITIVE);
+
+ } else if( str[0] == '-' ) {
+ ACL_PRIV_ASSIGN(mask, ACL_PRIV_SUBSTRACTIVE);
+
+ } else {
+ ACL_INVALIDATE(mask);
+ return mask;
+ }
+
+ for( i=1; str[i] != '\0'; i++ ) {
+ if( TOLOWER((unsigned char) str[i]) == 'm' ) {
+ ACL_PRIV_SET(mask, ACL_PRIV_MANAGE);
+
+ } else if( TOLOWER((unsigned char) str[i]) == 'w' ) {
+ ACL_PRIV_SET(mask, ACL_PRIV_WRITE);
+
+ } else if( TOLOWER((unsigned char) str[i]) == 'a' ) {
+ ACL_PRIV_SET(mask, ACL_PRIV_WADD);
+
+ } else if( TOLOWER((unsigned char) str[i]) == 'z' ) {
+ ACL_PRIV_SET(mask, ACL_PRIV_WDEL);
+
+ } else if( TOLOWER((unsigned char) str[i]) == 'r' ) {
+ ACL_PRIV_SET(mask, ACL_PRIV_READ);
+
+ } else if( TOLOWER((unsigned char) str[i]) == 's' ) {
+ ACL_PRIV_SET(mask, ACL_PRIV_SEARCH);
+
+ } else if( TOLOWER((unsigned char) str[i]) == 'c' ) {
+ ACL_PRIV_SET(mask, ACL_PRIV_COMPARE);
+
+ } else if( TOLOWER((unsigned char) str[i]) == 'x' ) {
+ ACL_PRIV_SET(mask, ACL_PRIV_AUTH);
+
+ } else if( TOLOWER((unsigned char) str[i]) == 'd' ) {
+ ACL_PRIV_SET(mask, ACL_PRIV_DISCLOSE);
+
+ } else if( str[i] != '0' ) {
+ ACL_INVALIDATE(mask);
+ return mask;
+ }
+ }
+
+ return mask;
+ }
+
+ if ( strcasecmp( str, "none" ) == 0 ) {
+ ACL_LVL_ASSIGN_NONE(mask);
+
+ } else if ( strcasecmp( str, "disclose" ) == 0 ) {
+ ACL_LVL_ASSIGN_DISCLOSE(mask);
+
+ } else if ( strcasecmp( str, "auth" ) == 0 ) {
+ ACL_LVL_ASSIGN_AUTH(mask);
+
+ } else if ( strcasecmp( str, "compare" ) == 0 ) {
+ ACL_LVL_ASSIGN_COMPARE(mask);
+
+ } else if ( strcasecmp( str, "search" ) == 0 ) {
+ ACL_LVL_ASSIGN_SEARCH(mask);
+
+ } else if ( strcasecmp( str, "read" ) == 0 ) {
+ ACL_LVL_ASSIGN_READ(mask);
+
+ } else if ( strcasecmp( str, "add" ) == 0 ) {
+ ACL_LVL_ASSIGN_WADD(mask);
+
+ } else if ( strcasecmp( str, "delete" ) == 0 ) {
+ ACL_LVL_ASSIGN_WDEL(mask);
+
+ } else if ( strcasecmp( str, "write" ) == 0 ) {
+ ACL_LVL_ASSIGN_WRITE(mask);
+
+ } else if ( strcasecmp( str, "manage" ) == 0 ) {
+ ACL_LVL_ASSIGN_MANAGE(mask);
+
+ } else {
+ ACL_INVALIDATE( mask );
+ }
+
+ return mask;
+}
+
+static int
+acl_usage( void )
+{
+ char *access =
+ "<access clause> ::= access to <what> "
+ "[ by <who> [ <access> ] [ <control> ] ]+ \n";
+ char *what =
+ "<what> ::= * | dn[.<dnstyle>=<DN>] [filter=<filter>] [attrs=<attrspec>]\n"
+ "<attrspec> ::= <attrname> [val[/<matchingRule>][.<attrstyle>]=<value>] | <attrlist>\n"
+ "<attrlist> ::= <attr> [ , <attrlist> ]\n"
+ "<attr> ::= <attrname> | @<objectClass> | !<objectClass> | entry | children\n";
+
+ char *who =
+ "<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ]\n"
+ "\t[ realanonymous | realusers | realself | realdn[.<dnstyle>]=<DN> ]\n"
+ "\t[dnattr=<attrname>]\n"
+ "\t[realdnattr=<attrname>]\n"
+ "\t[group[/<objectclass>[/<attrname>]][.<style>]=<group>]\n"
+ "\t[peername[.<peernamestyle>]=<peer>] [sockname[.<style>]=<name>]\n"
+ "\t[domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>]\n"
+#ifdef SLAP_DYNACL
+ "\t[dynacl/<name>[/<options>][.<dynstyle>][=<pattern>]]\n"
+#else /* ! SLAP_DYNACL */
+#ifdef SLAPD_ACI_ENABLED
+ "\t[aci[=<attrname>]]\n"
+#endif /* SLAPD_ACI_ENABLED */
+#endif /* ! SLAP_DYNACL */
+ "\t[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]\n"
+ "<style> ::= exact | regex | base(Object)\n"
+ "<dnstyle> ::= base(Object) | one(level) | sub(tree) | children | "
+ "exact | regex\n"
+ "<attrstyle> ::= exact | regex | base(Object) | one(level) | "
+ "sub(tree) | children\n"
+ "<peernamestyle> ::= exact | regex | ip | path\n"
+ "<domainstyle> ::= exact | regex | base(Object) | sub(tree)\n"
+ "<access> ::= [[real]self]{<level>|<priv>}\n"
+ "<level> ::= none|disclose|auth|compare|search|read|{write|add|delete}|manage\n"
+ "<priv> ::= {=|+|-}{0|d|x|c|s|r|{w|a|z}|m}+\n"
+ "<control> ::= [ stop | continue | break ]\n"
+#ifdef SLAP_DYNACL
+#ifdef SLAPD_ACI_ENABLED
+ "dynacl:\n"
+ "\t<name>=ACI\t<pattern>=<attrname>\n"
+#endif /* SLAPD_ACI_ENABLED */
+#endif /* ! SLAP_DYNACL */
+ "";
+
+ Debug( LDAP_DEBUG_ANY, "%s%s%s\n", access, what, who );
+
+ return 1;
+}
+
+/*
+ * Set pattern to a "normalized" DN from src.
+ * At present it simply eats the (optional) space after
+ * a RDN separator (,)
+ * Eventually will evolve in a more complete normalization
+ */
+static void
+acl_regex_normalized_dn(
+ const char *src,
+ struct berval *pattern )
+{
+ char *str, *p;
+ ber_len_t len;
+
+ str = ch_strdup( src );
+ len = strlen( src );
+
+ for ( p = str; p && p[0]; p++ ) {
+ /* escape */
+ if ( p[0] == '\\' && p[1] ) {
+ /*
+ * if escaping a hex pair we should
+ * increment p twice; however, in that
+ * case the second hex number does
+ * no harm
+ */
+ p++;
+ }
+
+ if ( p[0] == ',' && p[1] == ' ' ) {
+ char *q;
+
+ /*
+ * too much space should be an error if we are pedantic
+ */
+ for ( q = &p[2]; q[0] == ' '; q++ ) {
+ /* DO NOTHING */ ;
+ }
+ AC_MEMCPY( p+1, q, len-(q-str)+1);
+ }
+ }
+ pattern->bv_val = str;
+ pattern->bv_len = p - str;
+
+ return;
+}
+
+static void
+split(
+ char *line,
+ int splitchar,
+ char **left,
+ char **right )
+{
+ *left = line;
+ if ( (*right = strchr( line, splitchar )) != NULL ) {
+ *((*right)++) = '\0';
+ }
+}
+
+static void
+access_append( Access **l, Access *a )
+{
+ for ( ; *l != NULL; l = &(*l)->a_next ) {
+ ; /* Empty */
+ }
+
+ *l = a;
+}
+
+void
+acl_append( AccessControl **l, AccessControl *a, int pos )
+{
+ int i;
+
+ for (i=0 ; i != pos && *l != NULL; l = &(*l)->acl_next, i++ ) {
+ ; /* Empty */
+ }
+ if ( *l && a )
+ a->acl_next = *l;
+ *l = a;
+}
+
+static void
+access_free( Access *a )
+{
+ if ( !BER_BVISNULL( &a->a_dn_pat ) ) {
+ free( a->a_dn_pat.bv_val );
+ }
+ if ( !BER_BVISNULL( &a->a_realdn_pat ) ) {
+ free( a->a_realdn_pat.bv_val );
+ }
+ if ( !BER_BVISNULL( &a->a_peername_pat ) ) {
+ free( a->a_peername_pat.bv_val );
+ }
+ if ( !BER_BVISNULL( &a->a_sockname_pat ) ) {
+ free( a->a_sockname_pat.bv_val );
+ }
+ if ( !BER_BVISNULL( &a->a_domain_pat ) ) {
+ free( a->a_domain_pat.bv_val );
+ }
+ if ( !BER_BVISNULL( &a->a_sockurl_pat ) ) {
+ free( a->a_sockurl_pat.bv_val );
+ }
+ if ( !BER_BVISNULL( &a->a_set_pat ) ) {
+ free( a->a_set_pat.bv_val );
+ }
+ if ( !BER_BVISNULL( &a->a_group_pat ) ) {
+ free( a->a_group_pat.bv_val );
+ }
+#ifdef SLAP_DYNACL
+ if ( a->a_dynacl != NULL ) {
+ slap_dynacl_t *da;
+ for ( da = a->a_dynacl; da; ) {
+ slap_dynacl_t *tmp = da;
+
+ da = da->da_next;
+
+ if ( tmp->da_destroy ) {
+ tmp->da_destroy( tmp->da_private );
+ }
+
+ ch_free( tmp );
+ }
+ }
+#endif /* SLAP_DYNACL */
+ free( a );
+}
+
+void
+acl_free( AccessControl *a )
+{
+ Access *n;
+ AttributeName *an;
+
+ if ( a->acl_filter ) {
+ filter_free( a->acl_filter );
+ }
+ if ( !BER_BVISNULL( &a->acl_dn_pat ) ) {
+ if ( a->acl_dn_style == ACL_STYLE_REGEX ) {
+ regfree( &a->acl_dn_re );
+ }
+ free ( a->acl_dn_pat.bv_val );
+ }
+ if ( a->acl_attrs ) {
+ for ( an = a->acl_attrs; !BER_BVISNULL( &an->an_name ); an++ ) {
+ free( an->an_name.bv_val );
+ }
+ free( a->acl_attrs );
+ }
+ for ( ; a->acl_access; a->acl_access = n ) {
+ n = a->acl_access->a_next;
+ access_free( a->acl_access );
+ }
+ free( a );
+}
+
+/* Because backend_startup uses acl_append to tack on the global_acl to
+ * the end of each backend's acl, we cannot just take one argument and
+ * merrily free our way to the end of the list. backend_destroy calls us
+ * with the be_acl in arg1, and global_acl in arg2 to give us a stopping
+ * point. config_destroy calls us with global_acl in arg1 and NULL in
+ * arg2, so we then proceed to polish off the global_acl.
+ */
+void
+acl_destroy( AccessControl *a, AccessControl *end )
+{
+ AccessControl *n;
+
+ for ( ; a && a != end; a = n ) {
+ n = a->acl_next;
+ acl_free( a );
+ }
+}
+
+char *
+access2str( slap_access_t access )
+{
+ if ( access == ACL_NONE ) {
+ return "none";
+
+ } else if ( access == ACL_DISCLOSE ) {
+ return "disclose";
+
+ } else if ( access == ACL_AUTH ) {
+ return "auth";
+
+ } else if ( access == ACL_COMPARE ) {
+ return "compare";
+
+ } else if ( access == ACL_SEARCH ) {
+ return "search";
+
+ } else if ( access == ACL_READ ) {
+ return "read";
+
+ } else if ( access == ACL_WRITE ) {
+ return "write";
+
+ } else if ( access == ACL_WADD ) {
+ return "add";
+
+ } else if ( access == ACL_WDEL ) {
+ return "delete";
+
+ } else if ( access == ACL_MANAGE ) {
+ return "manage";
+
+ }
+
+ return "unknown";
+}
+
+slap_access_t
+str2access( const char *str )
+{
+ if ( strcasecmp( str, "none" ) == 0 ) {
+ return ACL_NONE;
+
+ } else if ( strcasecmp( str, "disclose" ) == 0 ) {
+#ifndef SLAP_ACL_HONOR_DISCLOSE
+ Debug( LDAP_DEBUG_ACL, "str2access: warning, "
+ "\"disclose\" privilege disabled.\n",
+ 0, 0, 0 );
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ return ACL_DISCLOSE;
+
+ } else if ( strcasecmp( str, "auth" ) == 0 ) {
+ return ACL_AUTH;
+
+ } else if ( strcasecmp( str, "compare" ) == 0 ) {
+ return ACL_COMPARE;
+
+ } else if ( strcasecmp( str, "search" ) == 0 ) {
+ return ACL_SEARCH;
+
+ } else if ( strcasecmp( str, "read" ) == 0 ) {
+ return ACL_READ;
+
+ } else if ( strcasecmp( str, "write" ) == 0 ) {
+ return ACL_WRITE;
+
+ } else if ( strcasecmp( str, "add" ) == 0 ) {
+ return ACL_WADD;
+
+ } else if ( strcasecmp( str, "delete" ) == 0 ) {
+ return ACL_WDEL;
+
+ } else if ( strcasecmp( str, "manage" ) == 0 ) {
+ return ACL_MANAGE;
+ }
+
+ return( ACL_INVALID_ACCESS );
+}
+
+#define ACLBUF_MAXLEN 8192
+
+static char aclbuf[ACLBUF_MAXLEN];
+
+static char *
+dnaccess2text( slap_dn_access *bdn, char *ptr, int is_realdn )
+{
+ *ptr++ = ' ';
+
+ if ( is_realdn ) {
+ ptr = lutil_strcopy( ptr, "real" );
+ }
+
+ if ( ber_bvccmp( &bdn->a_pat, '*' ) ||
+ bdn->a_style == ACL_STYLE_ANONYMOUS ||
+ bdn->a_style == ACL_STYLE_USERS ||
+ bdn->a_style == ACL_STYLE_SELF )
+ {
+ if ( is_realdn ) {
+ assert( ! ber_bvccmp( &bdn->a_pat, '*' ) );
+ }
+
+ ptr = lutil_strcopy( ptr, bdn->a_pat.bv_val );
+ if ( bdn->a_style == ACL_STYLE_SELF && bdn->a_self_level != 0 ) {
+ int n = sprintf( ptr, ".level{%d}", bdn->a_self_level );
+ if ( n > 0 ) {
+ ptr += n;
+ } /* else ? */
+ }
+
+ } else {
+ ptr = lutil_strcopy( ptr, "dn." );
+ if ( bdn->a_style == ACL_STYLE_BASE )
+ ptr = lutil_strcopy( ptr, style_base );
+ else
+ ptr = lutil_strcopy( ptr, style_strings[bdn->a_style] );
+ if ( bdn->a_style == ACL_STYLE_LEVEL ) {
+ int n = sprintf( ptr, "{%d}", bdn->a_level );
+ if ( n > 0 ) {
+ ptr += n;
+ } /* else ? */
+ }
+ if ( bdn->a_expand ) {
+ ptr = lutil_strcopy( ptr, ",expand" );
+ }
+ *ptr++ = '=';
+ *ptr++ = '"';
+ ptr = lutil_strcopy( ptr, bdn->a_pat.bv_val );
+ *ptr++ = '"';
+ }
+ return ptr;
+}
+
+static char *
+access2text( Access *b, char *ptr )
+{
+ char maskbuf[ACCESSMASK_MAXLEN];
+
+ ptr = lutil_strcopy( ptr, "\tby" );
+
+ if ( !BER_BVISEMPTY( &b->a_dn_pat ) ) {
+ ptr = dnaccess2text( &b->a_dn, ptr, 0 );
+ }
+ if ( b->a_dn_at ) {
+ ptr = lutil_strcopy( ptr, " dnattr=" );
+ ptr = lutil_strcopy( ptr, b->a_dn_at->ad_cname.bv_val );
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_realdn_pat ) ) {
+ ptr = dnaccess2text( &b->a_realdn, ptr, 1 );
+ }
+ if ( b->a_realdn_at ) {
+ ptr = lutil_strcopy( ptr, " realdnattr=" );
+ ptr = lutil_strcopy( ptr, b->a_realdn_at->ad_cname.bv_val );
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_group_pat ) ) {
+ ptr = lutil_strcopy( ptr, " group/" );
+ ptr = lutil_strcopy( ptr, b->a_group_oc ?
+ b->a_group_oc->soc_cname.bv_val : SLAPD_GROUP_CLASS );
+ *ptr++ = '/';
+ ptr = lutil_strcopy( ptr, b->a_group_at ?
+ b->a_group_at->ad_cname.bv_val : SLAPD_GROUP_ATTR );
+ *ptr++ = '.';
+ ptr = lutil_strcopy( ptr, style_strings[b->a_group_style] );
+ *ptr++ = '=';
+ *ptr++ = '"';
+ ptr = lutil_strcopy( ptr, b->a_group_pat.bv_val );
+ *ptr++ = '"';
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_peername_pat ) ) {
+ ptr = lutil_strcopy( ptr, " peername" );
+ *ptr++ = '.';
+ ptr = lutil_strcopy( ptr, style_strings[b->a_peername_style] );
+ *ptr++ = '=';
+ *ptr++ = '"';
+ ptr = lutil_strcopy( ptr, b->a_peername_pat.bv_val );
+ *ptr++ = '"';
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_sockname_pat ) ) {
+ ptr = lutil_strcopy( ptr, " sockname" );
+ *ptr++ = '.';
+ ptr = lutil_strcopy( ptr, style_strings[b->a_sockname_style] );
+ *ptr++ = '=';
+ *ptr++ = '"';
+ ptr = lutil_strcopy( ptr, b->a_sockname_pat.bv_val );
+ *ptr++ = '"';
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_domain_pat ) ) {
+ ptr = lutil_strcopy( ptr, " domain" );
+ *ptr++ = '.';
+ ptr = lutil_strcopy( ptr, style_strings[b->a_domain_style] );
+ if ( b->a_domain_expand ) {
+ ptr = lutil_strcopy( ptr, ",expand" );
+ }
+ *ptr++ = '=';
+ ptr = lutil_strcopy( ptr, b->a_domain_pat.bv_val );
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_sockurl_pat ) ) {
+ ptr = lutil_strcopy( ptr, " sockurl" );
+ *ptr++ = '.';
+ ptr = lutil_strcopy( ptr, style_strings[b->a_sockurl_style] );
+ *ptr++ = '=';
+ *ptr++ = '"';
+ ptr = lutil_strcopy( ptr, b->a_sockurl_pat.bv_val );
+ *ptr++ = '"';
+ }
+
+ if ( !BER_BVISEMPTY( &b->a_set_pat ) ) {
+ ptr = lutil_strcopy( ptr, " set" );
+ *ptr++ = '.';
+ ptr = lutil_strcopy( ptr, style_strings[b->a_set_style] );
+ *ptr++ = '=';
+ *ptr++ = '"';
+ ptr = lutil_strcopy( ptr, b->a_set_pat.bv_val );
+ *ptr++ = '"';
+ }
+
+#ifdef SLAP_DYNACL
+ if ( b->a_dynacl ) {
+ slap_dynacl_t *da;
+
+ for ( da = b->a_dynacl; da; da = da->da_next ) {
+ if ( da->da_unparse ) {
+ struct berval bv = BER_BVNULL;
+ (void)( *da->da_unparse )( da->da_private, &bv );
+ assert( !BER_BVISNULL( &bv ) );
+ ptr = lutil_strcopy( ptr, bv.bv_val );
+ ch_free( bv.bv_val );
+ }
+ }
+ }
+#else /* ! SLAP_DYNACL */
+#ifdef SLAPD_ACI_ENABLED
+ if ( b->a_aci_at != NULL ) {
+ ptr = lutil_strcopy( ptr, " aci=" );
+ ptr = lutil_strcopy( ptr, b->a_aci_at->ad_cname.bv_val );
+ }
+#endif
+#endif /* SLAP_DYNACL */
+
+ /* Security Strength Factors */
+ if ( b->a_authz.sai_ssf ) {
+ ptr += sprintf( ptr, " ssf=%u",
+ b->a_authz.sai_ssf );
+ }
+ if ( b->a_authz.sai_transport_ssf ) {
+ ptr += sprintf( ptr, " transport_ssf=%u",
+ b->a_authz.sai_transport_ssf );
+ }
+ if ( b->a_authz.sai_tls_ssf ) {
+ ptr += sprintf( ptr, " tls_ssf=%u",
+ b->a_authz.sai_tls_ssf );
+ }
+ if ( b->a_authz.sai_sasl_ssf ) {
+ ptr += sprintf( ptr, " sasl_ssf=%u",
+ b->a_authz.sai_sasl_ssf );
+ }
+
+ *ptr++ = ' ';
+ if ( b->a_dn_self ) {
+ ptr = lutil_strcopy( ptr, "self" );
+ } else if ( b->a_realdn_self ) {
+ ptr = lutil_strcopy( ptr, "realself" );
+ }
+ ptr = lutil_strcopy( ptr, accessmask2str( b->a_access_mask, maskbuf, 0 ));
+ if ( !maskbuf[0] ) ptr--;
+
+ if( b->a_type == ACL_BREAK ) {
+ ptr = lutil_strcopy( ptr, " break" );
+
+ } else if( b->a_type == ACL_CONTINUE ) {
+ ptr = lutil_strcopy( ptr, " continue" );
+
+ } else if( b->a_type != ACL_STOP ) {
+ ptr = lutil_strcopy( ptr, " unknown-control" );
+ } else {
+ if ( !maskbuf[0] ) ptr = lutil_strcopy( ptr, " stop" );
+ }
+ *ptr++ = '\n';
+
+ return ptr;
+}
+
+void
+acl_unparse( AccessControl *a, struct berval *bv )
+{
+ Access *b;
+ char *ptr;
+ int to = 0;
+
+ bv->bv_val = aclbuf;
+ bv->bv_len = 0;
+
+ ptr = bv->bv_val;
+
+ ptr = lutil_strcopy( ptr, "to" );
+ if ( !BER_BVISNULL( &a->acl_dn_pat ) ) {
+ to++;
+ ptr = lutil_strcopy( ptr, " dn." );
+ if ( a->acl_dn_style == ACL_STYLE_BASE )
+ ptr = lutil_strcopy( ptr, style_base );
+ else
+ ptr = lutil_strcopy( ptr, style_strings[a->acl_dn_style] );
+ *ptr++ = '=';
+ *ptr++ = '"';
+ ptr = lutil_strcopy( ptr, a->acl_dn_pat.bv_val );
+ ptr = lutil_strcopy( ptr, "\"\n" );
+ }
+
+ if ( a->acl_filter != NULL ) {
+ struct berval bv = BER_BVNULL;
+
+ to++;
+ filter2bv( a->acl_filter, &bv );
+ ptr = lutil_strcopy( ptr, " filter=\"" );
+ ptr = lutil_strcopy( ptr, bv.bv_val );
+ *ptr++ = '"';
+ *ptr++ = '\n';
+ ch_free( bv.bv_val );
+ }
+
+ if ( a->acl_attrs != NULL ) {
+ int first = 1;
+ AttributeName *an;
+ to++;
+
+ ptr = lutil_strcopy( ptr, " attrs=" );
+ for ( an = a->acl_attrs; an && !BER_BVISNULL( &an->an_name ); an++ ) {
+ if ( ! first ) *ptr++ = ',';
+ if (an->an_oc) {
+ *ptr++ = an->an_oc_exclude ? '!' : '@';
+ ptr = lutil_strcopy( ptr, an->an_oc->soc_cname.bv_val );
+
+ } else {
+ ptr = lutil_strcopy( ptr, an->an_name.bv_val );
+ }
+ first = 0;
+ }
+ *ptr++ = '\n';
+ }
+
+ if ( !BER_BVISEMPTY( &a->acl_attrval ) ) {
+ to++;
+ ptr = lutil_strcopy( ptr, " val." );
+ if ( a->acl_attrval_style == ACL_STYLE_BASE &&
+ a->acl_attrs[0].an_desc->ad_type->sat_syntax ==
+ slap_schema.si_syn_distinguishedName )
+ ptr = lutil_strcopy( ptr, style_base );
+ else
+ ptr = lutil_strcopy( ptr, style_strings[a->acl_attrval_style] );
+ *ptr++ = '=';
+ *ptr++ = '"';
+ ptr = lutil_strcopy( ptr, a->acl_attrval.bv_val );
+ *ptr++ = '"';
+ *ptr++ = '\n';
+ }
+
+ if( !to ) {
+ ptr = lutil_strcopy( ptr, " *\n" );
+ }
+
+ for ( b = a->acl_access; b != NULL; b = b->a_next ) {
+ ptr = access2text( b, ptr );
+ }
+ *ptr = '\0';
+ bv->bv_len = ptr - bv->bv_val;
+}
+
+#ifdef LDAP_DEBUG
+static void
+print_acl( Backend *be, AccessControl *a )
+{
+ struct berval bv;
+
+ acl_unparse( a, &bv );
+ fprintf( stderr, "%s ACL: access %s\n",
+ be == NULL ? "Global" : "Backend", bv.bv_val );
+}
+#endif /* LDAP_DEBUG */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/ad.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/ad.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/ad.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1240 @@
+/* ad.c - routines for dealing with attribute descriptions */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ad.c,v 1.74.2.16 2007/03/05 15:19:00 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "slap.h"
+#include "lutil.h"
+
+static AttributeName anlist_no_attrs[] = {
+ { BER_BVC( LDAP_NO_ATTRS ), NULL, 0, NULL },
+ { BER_BVNULL, NULL, 0, NULL }
+};
+
+static AttributeName anlist_all_user_attributes[] = {
+ { BER_BVC( LDAP_ALL_USER_ATTRIBUTES ), NULL, 0, NULL },
+ { BER_BVNULL, NULL, 0, NULL }
+};
+
+static AttributeName anlist_all_operational_attributes[] = {
+ { BER_BVC( LDAP_ALL_OPERATIONAL_ATTRIBUTES ), NULL, 0, NULL },
+ { BER_BVNULL, NULL, 0, NULL }
+};
+
+static AttributeName anlist_all_attributes[] = {
+ { BER_BVC( LDAP_ALL_USER_ATTRIBUTES ), NULL, 0, NULL },
+ { BER_BVC( LDAP_ALL_OPERATIONAL_ATTRIBUTES ), NULL, 0, NULL },
+ { BER_BVNULL, NULL, 0, NULL }
+};
+
+AttributeName *slap_anlist_no_attrs = anlist_no_attrs;
+AttributeName *slap_anlist_all_user_attributes = anlist_all_user_attributes;
+AttributeName *slap_anlist_all_operational_attributes = anlist_all_operational_attributes;
+AttributeName *slap_anlist_all_attributes = anlist_all_attributes;
+
+typedef struct Attr_option {
+ struct berval name; /* option name or prefix */
+ int prefix; /* NAME is a tag and range prefix */
+} Attr_option;
+
+static Attr_option lang_option = { { sizeof("lang-")-1, "lang-" }, 1 };
+
+/* Options sorted by name, and number of options */
+static Attr_option *options = &lang_option;
+static int option_count = 1;
+
+static Attr_option *ad_find_option_definition( const char *opt, int optlen );
+
+static int ad_keystring(
+ struct berval *bv )
+{
+ ber_len_t i;
+
+ if( !AD_LEADCHAR( bv->bv_val[0] ) ) {
+ return 1;
+ }
+
+ for( i=1; i<bv->bv_len; i++ ) {
+ if( !AD_CHAR( bv->bv_val[i] ) ) {
+ return 1;
+ }
+ }
+ return 0;
+}
+
+void ad_destroy( AttributeDescription *ad )
+{
+ AttributeDescription *n;
+
+ for (; ad != NULL; ad = n) {
+ n = ad->ad_next;
+ ldap_memfree( ad );
+ }
+}
+
+/* Is there an AttributeDescription for this type that uses these tags? */
+AttributeDescription * ad_find_tags(
+ AttributeType *type,
+ struct berval *tags )
+{
+ AttributeDescription *ad;
+
+ ldap_pvt_thread_mutex_lock( &type->sat_ad_mutex );
+ for (ad = type->sat_ad; ad; ad=ad->ad_next)
+ {
+ if (ad->ad_tags.bv_len == tags->bv_len &&
+ !strcasecmp(ad->ad_tags.bv_val, tags->bv_val))
+ break;
+ }
+ ldap_pvt_thread_mutex_unlock( &type->sat_ad_mutex );
+ return ad;
+}
+
+int slap_str2ad(
+ const char *str,
+ AttributeDescription **ad,
+ const char **text )
+{
+ struct berval bv;
+ bv.bv_val = (char *) str;
+ bv.bv_len = strlen( str );
+
+ return slap_bv2ad( &bv, ad, text );
+}
+
+static char *strchrlen(
+ const char *beg,
+ const char *end,
+ const char ch,
+ int *len )
+{
+ const char *p;
+
+ for( p=beg; *p && p < end; p++ ) {
+ if( *p == ch ) {
+ *len = p - beg;
+ return (char *) p;
+ }
+ }
+
+ *len = p - beg;
+ return NULL;
+}
+
+int slap_bv2ad(
+ struct berval *bv,
+ AttributeDescription **ad,
+ const char **text )
+{
+ int rtn = LDAP_UNDEFINED_TYPE;
+ AttributeDescription desc, *d2;
+ char *name, *options, *optn;
+ char *opt, *next;
+ int ntags;
+ int tagslen;
+
+ /* hardcoded limits for speed */
+#define MAX_TAGGING_OPTIONS 128
+ struct berval tags[MAX_TAGGING_OPTIONS+1];
+#define MAX_TAGS_LEN 1024
+ char tagbuf[MAX_TAGS_LEN];
+
+ assert( ad != NULL );
+ assert( *ad == NULL ); /* temporary */
+
+ if( bv == NULL || BER_BVISNULL( bv ) || BER_BVISEMPTY( bv ) ) {
+ *text = "empty AttributeDescription";
+ return rtn;
+ }
+
+ /* make sure description is IA5 */
+ if( ad_keystring( bv ) ) {
+ *text = "AttributeDescription contains inappropriate characters";
+ return rtn;
+ }
+
+ /* find valid base attribute type; parse in place */
+ memset( &desc, 0, sizeof( desc ) );
+ desc.ad_cname = *bv;
+ name = bv->bv_val;
+ options = ber_bvchr( bv, ';' );
+ if ( options != NULL && (unsigned) ( options - name ) < bv->bv_len ) {
+ /* don't go past the end of the berval! */
+ desc.ad_cname.bv_len = options - name;
+ } else {
+ options = NULL;
+ }
+ desc.ad_type = at_bvfind( &desc.ad_cname );
+ if( desc.ad_type == NULL ) {
+ *text = "attribute type undefined";
+ return rtn;
+ }
+
+ if( is_at_operational( desc.ad_type ) && options != NULL ) {
+ *text = "operational attribute with options undefined";
+ return rtn;
+ }
+
+ /*
+ * parse options in place
+ */
+ ntags = 0;
+ memset( tags, 0, sizeof( tags ));
+ tagslen = 0;
+ optn = bv->bv_val + bv->bv_len;
+
+ for( opt=options; opt != NULL; opt=next ) {
+ int optlen;
+ opt++;
+ next = strchrlen( opt, optn, ';', &optlen );
+
+ if( optlen == 0 ) {
+ *text = "zero length option is invalid";
+ return rtn;
+
+ } else if ( optlen == sizeof("binary")-1 &&
+ strncasecmp( opt, "binary", sizeof("binary")-1 ) == 0 )
+ {
+ /* binary option */
+ if( slap_ad_is_binary( &desc ) ) {
+ *text = "option \"binary\" specified multiple times";
+ return rtn;
+ }
+
+ if( !slap_syntax_is_binary( desc.ad_type->sat_syntax )) {
+ /* not stored in binary, disallow option */
+ *text = "option \"binary\" not supported with type";
+ return rtn;
+ }
+
+ desc.ad_flags |= SLAP_DESC_BINARY;
+ continue;
+
+ } else if ( ad_find_option_definition( opt, optlen ) ) {
+ int i;
+
+ if( opt[optlen-1] == '-' ) {
+ desc.ad_flags |= SLAP_DESC_TAG_RANGE;
+ }
+
+ if( ntags >= MAX_TAGGING_OPTIONS ) {
+ *text = "too many tagging options";
+ return rtn;
+ }
+
+ /*
+ * tags should be presented in sorted order,
+ * so run the array in reverse.
+ */
+ for( i=ntags-1; i>=0; i-- ) {
+ int rc;
+
+ rc = strncasecmp( opt, tags[i].bv_val,
+ (unsigned) optlen < tags[i].bv_len
+ ? (unsigned) optlen : tags[i].bv_len );
+
+ if( rc == 0 && (unsigned)optlen == tags[i].bv_len ) {
+ /* duplicate (ignore) */
+ goto done;
+
+ } else if ( rc > 0 ||
+ ( rc == 0 && (unsigned)optlen > tags[i].bv_len ))
+ {
+ AC_MEMCPY( &tags[i+2], &tags[i+1],
+ (ntags-i-1)*sizeof(struct berval) );
+ tags[i+1].bv_val = opt;
+ tags[i+1].bv_len = optlen;
+ goto done;
+ }
+ }
+
+ if( ntags ) {
+ AC_MEMCPY( &tags[1], &tags[0],
+ ntags*sizeof(struct berval) );
+ }
+ tags[0].bv_val = opt;
+ tags[0].bv_len = optlen;
+
+done:;
+ tagslen += optlen + 1;
+ ntags++;
+
+ } else {
+ *text = "unrecognized option";
+ return rtn;
+ }
+ }
+
+ if( ntags > 0 ) {
+ int i;
+
+ if( tagslen > MAX_TAGS_LEN ) {
+ *text = "tagging options too long";
+ return rtn;
+ }
+
+ desc.ad_tags.bv_val = tagbuf;
+ tagslen = 0;
+
+ for( i=0; i<ntags; i++ ) {
+ AC_MEMCPY( &desc.ad_tags.bv_val[tagslen],
+ tags[i].bv_val, tags[i].bv_len );
+
+ tagslen += tags[i].bv_len;
+ desc.ad_tags.bv_val[tagslen++] = ';';
+ }
+
+ desc.ad_tags.bv_val[--tagslen] = '\0';
+ desc.ad_tags.bv_len = tagslen;
+ }
+
+ /* see if a matching description is already cached */
+ for (d2 = desc.ad_type->sat_ad; d2; d2=d2->ad_next) {
+ if( d2->ad_flags != desc.ad_flags ) {
+ continue;
+ }
+ if( d2->ad_tags.bv_len != desc.ad_tags.bv_len ) {
+ continue;
+ }
+ if( d2->ad_tags.bv_len == 0 ) {
+ break;
+ }
+ if( strncasecmp( d2->ad_tags.bv_val, desc.ad_tags.bv_val,
+ desc.ad_tags.bv_len ) == 0 )
+ {
+ break;
+ }
+ }
+
+ /* Not found, add new one */
+ while (d2 == NULL) {
+ size_t dlen = 0;
+ ldap_pvt_thread_mutex_lock( &desc.ad_type->sat_ad_mutex );
+ /* check again now that we've locked */
+ for (d2 = desc.ad_type->sat_ad; d2; d2=d2->ad_next) {
+ if (d2->ad_flags != desc.ad_flags)
+ continue;
+ if (d2->ad_tags.bv_len != desc.ad_tags.bv_len)
+ continue;
+ if (d2->ad_tags.bv_len == 0)
+ break;
+ if (strncasecmp(d2->ad_tags.bv_val, desc.ad_tags.bv_val,
+ desc.ad_tags.bv_len) == 0)
+ break;
+ }
+ if (d2) {
+ ldap_pvt_thread_mutex_unlock( &desc.ad_type->sat_ad_mutex );
+ break;
+ }
+
+ /* Allocate a single contiguous block. If there are no
+ * options, we just need space for the AttrDesc structure.
+ * Otherwise, we need to tack on the full name length +
+ * options length, + maybe tagging options length again.
+ */
+ if (desc.ad_tags.bv_len || desc.ad_flags != SLAP_DESC_NONE) {
+ dlen = desc.ad_type->sat_cname.bv_len + 1;
+ if (desc.ad_tags.bv_len) {
+ dlen += 1+desc.ad_tags.bv_len;
+ }
+ if( slap_ad_is_binary( &desc ) ) {
+ dlen += sizeof(";binary")+desc.ad_tags.bv_len;
+ }
+ }
+
+ d2 = ch_malloc(sizeof(AttributeDescription) + dlen);
+ d2->ad_next = NULL;
+ d2->ad_type = desc.ad_type;
+ d2->ad_flags = desc.ad_flags;
+ d2->ad_cname.bv_len = desc.ad_type->sat_cname.bv_len;
+ d2->ad_tags.bv_len = desc.ad_tags.bv_len;
+
+ if (dlen == 0) {
+ d2->ad_cname.bv_val = d2->ad_type->sat_cname.bv_val;
+ d2->ad_tags.bv_val = NULL;
+ } else {
+ char *cp, *op, *lp;
+ int j;
+ d2->ad_cname.bv_val = (char *)(d2+1);
+ strcpy(d2->ad_cname.bv_val, d2->ad_type->sat_cname.bv_val);
+ cp = d2->ad_cname.bv_val + d2->ad_cname.bv_len;
+ if( slap_ad_is_binary( &desc ) ) {
+ op = cp;
+ lp = NULL;
+ if( desc.ad_tags.bv_len ) {
+ lp = desc.ad_tags.bv_val;
+ while( strncasecmp(lp, "binary", sizeof("binary")-1) < 0
+ && (lp = strchr( lp, ';' )) != NULL )
+ ++lp;
+ if( lp != desc.ad_tags.bv_val ) {
+ *cp++ = ';';
+ j = (lp
+ ? (unsigned) (lp - desc.ad_tags.bv_val - 1)
+ : strlen( desc.ad_tags.bv_val ));
+ cp = lutil_strncopy(cp, desc.ad_tags.bv_val, j);
+ }
+ }
+ cp = lutil_strcopy(cp, ";binary");
+ if( lp != NULL ) {
+ *cp++ = ';';
+ cp = lutil_strcopy(cp, lp);
+ }
+ d2->ad_cname.bv_len = cp - d2->ad_cname.bv_val;
+ if( desc.ad_tags.bv_len )
+ ldap_pvt_str2lower(op);
+ j = 1;
+ } else {
+ j = 0;
+ }
+ if( desc.ad_tags.bv_len ) {
+ lp = d2->ad_cname.bv_val + d2->ad_cname.bv_len + j;
+ if ( j == 0 )
+ *lp++ = ';';
+ d2->ad_tags.bv_val = lp;
+ strcpy(lp, desc.ad_tags.bv_val);
+ ldap_pvt_str2lower(lp);
+ if( j == 0 )
+ d2->ad_cname.bv_len += 1 + desc.ad_tags.bv_len;
+ }
+ }
+ /* Add new desc to list. We always want the bare Desc with
+ * no options to stay at the head of the list, assuming
+ * that one will be used most frequently.
+ */
+ if (desc.ad_type->sat_ad == NULL || dlen == 0) {
+ d2->ad_next = desc.ad_type->sat_ad;
+ desc.ad_type->sat_ad = d2;
+ } else {
+ d2->ad_next = desc.ad_type->sat_ad->ad_next;
+ desc.ad_type->sat_ad->ad_next = d2;
+ }
+ ldap_pvt_thread_mutex_unlock( &desc.ad_type->sat_ad_mutex );
+ }
+
+ if( *ad == NULL ) {
+ *ad = d2;
+ } else {
+ **ad = *d2;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int is_ad_subtags(
+ struct berval *subtagsbv,
+ struct berval *suptagsbv )
+{
+ const char *suptags, *supp, *supdelimp, *supn;
+ const char *subtags, *subp, *subdelimp, *subn;
+ int suplen, sublen;
+
+ subtags =subtagsbv->bv_val;
+ suptags =suptagsbv->bv_val;
+ subn = subtags + subtagsbv->bv_len;
+ supn = suptags + suptagsbv->bv_len;
+
+ for( supp=suptags ; supp; supp=supdelimp ) {
+ supdelimp = strchrlen( supp, supn, ';', &suplen );
+ if( supdelimp ) supdelimp++;
+
+ for( subp=subtags ; subp; subp=subdelimp ) {
+ subdelimp = strchrlen( subp, subn, ';', &sublen );
+ if( subdelimp ) subdelimp++;
+
+ if ( suplen > sublen
+ ? ( suplen-1 == sublen && supp[suplen-1] == '-'
+ && strncmp( supp, subp, sublen ) == 0 )
+ : ( ( suplen == sublen || supp[suplen-1] == '-' )
+ && strncmp( supp, subp, suplen ) == 0 ) )
+ {
+ goto match;
+ }
+ }
+
+ return 0;
+match:;
+ }
+ return 1;
+}
+
+int is_ad_subtype(
+ AttributeDescription *sub,
+ AttributeDescription *super
+)
+{
+ AttributeType *a;
+ int lr;
+
+ for ( a = sub->ad_type; a; a=a->sat_sup ) {
+ if ( a == super->ad_type ) break;
+ }
+ if( !a ) {
+ return 0;
+ }
+
+ /* ensure sub does support all flags of super */
+ lr = sub->ad_tags.bv_len ? SLAP_DESC_TAG_RANGE : 0;
+ if(( super->ad_flags & ( sub->ad_flags | lr )) != super->ad_flags ) {
+ return 0;
+ }
+
+ /* check for tagging options */
+ if ( super->ad_tags.bv_len == 0 )
+ return 1;
+ if ( sub->ad_tags.bv_len == 0 )
+ return 0;
+
+ return is_ad_subtags( &sub->ad_tags, &super->ad_tags );
+}
+
+int ad_inlist(
+ AttributeDescription *desc,
+ AttributeName *attrs )
+{
+ if (! attrs ) return 0;
+
+ for( ; attrs->an_name.bv_val; attrs++ ) {
+ AttributeType *a;
+ ObjectClass *oc;
+
+ if ( attrs->an_desc ) {
+ int lr;
+
+ if ( desc == attrs->an_desc ) {
+ return 1;
+ }
+
+ /*
+ * EXTENSION: if requested description is preceeded by
+ * a '-' character, do not match on subtypes.
+ */
+ if ( attrs->an_name.bv_val[0] == '-' ) {
+ continue;
+ }
+
+ /* Is this a subtype of the requested attr? */
+ for (a = desc->ad_type; a; a=a->sat_sup) {
+ if ( a == attrs->an_desc->ad_type )
+ break;
+ }
+ if ( !a ) {
+ continue;
+ }
+ /* Does desc support all the requested flags? */
+ lr = desc->ad_tags.bv_len ? SLAP_DESC_TAG_RANGE : 0;
+ if(( attrs->an_desc->ad_flags & (desc->ad_flags | lr))
+ != attrs->an_desc->ad_flags ) {
+ continue;
+ }
+ /* Do the descs have compatible tags? */
+ if ( attrs->an_desc->ad_tags.bv_len == 0 ) {
+ return 1;
+ }
+ if ( desc->ad_tags.bv_len == 0) {
+ continue;
+ }
+ if ( is_ad_subtags( &desc->ad_tags,
+ &attrs->an_desc->ad_tags ) ) {
+ return 1;
+ }
+ continue;
+ }
+
+ if ( ber_bvccmp( &attrs->an_name, '*' ) ) {
+ if ( !is_at_operational( desc->ad_type ) ) {
+ return 1;
+ }
+ continue;
+ }
+
+ if ( ber_bvccmp( &attrs->an_name, '+' ) ) {
+ if ( is_at_operational( desc->ad_type ) ) {
+ return 1;
+ }
+ continue;
+ }
+
+ /*
+ * EXTENSION: see if requested description is @objectClass
+ * if so, return attributes which the class requires/allows
+ * else if requested description is !objectClass, return
+ * attributes which the class does not require/allow
+ */
+ oc = attrs->an_oc;
+ if( oc == NULL && attrs->an_name.bv_val ) {
+ switch( attrs->an_name.bv_val[0] ) {
+ case '@': /* @objectClass */
+ case '+': /* +objectClass (deprecated) */
+ case '!': { /* exclude */
+ struct berval ocname;
+ ocname.bv_len = attrs->an_name.bv_len - 1;
+ ocname.bv_val = &attrs->an_name.bv_val[1];
+ oc = oc_bvfind( &ocname );
+ attrs->an_oc_exclude = 0;
+ if ( oc && attrs->an_name.bv_val[0] == '!' ) {
+ attrs->an_oc_exclude = 1;
+ }
+ } break;
+
+ default: /* old (deprecated) way */
+ oc = oc_bvfind( &attrs->an_name );
+ }
+ attrs->an_oc = oc;
+ }
+ if( oc != NULL ) {
+ if ( attrs->an_oc_exclude ) {
+ if ( oc == slap_schema.si_oc_extensibleObject ) {
+ /* extensibleObject allows the return of anything */
+ return 0;
+ }
+
+ if( oc->soc_required ) {
+ /* allow return of required attributes */
+ int i;
+
+ for ( i = 0; oc->soc_required[i] != NULL; i++ ) {
+ for (a = desc->ad_type; a; a=a->sat_sup) {
+ if ( a == oc->soc_required[i] ) {
+ return 0;
+ }
+ }
+ }
+ }
+
+ if( oc->soc_allowed ) {
+ /* allow return of allowed attributes */
+ int i;
+ for ( i = 0; oc->soc_allowed[i] != NULL; i++ ) {
+ for (a = desc->ad_type; a; a=a->sat_sup) {
+ if ( a == oc->soc_allowed[i] ) {
+ return 0;
+ }
+ }
+ }
+ }
+
+ return 1;
+ }
+
+ if ( oc == slap_schema.si_oc_extensibleObject ) {
+ /* extensibleObject allows the return of anything */
+ return 1;
+ }
+
+ if( oc->soc_required ) {
+ /* allow return of required attributes */
+ int i;
+
+ for ( i = 0; oc->soc_required[i] != NULL; i++ ) {
+ for (a = desc->ad_type; a; a=a->sat_sup) {
+ if ( a == oc->soc_required[i] ) {
+ return 1;
+ }
+ }
+ }
+ }
+
+ if( oc->soc_allowed ) {
+ /* allow return of allowed attributes */
+ int i;
+ for ( i = 0; oc->soc_allowed[i] != NULL; i++ ) {
+ for (a = desc->ad_type; a; a=a->sat_sup) {
+ if ( a == oc->soc_allowed[i] ) {
+ return 1;
+ }
+ }
+ }
+ }
+
+ } else {
+ const char *text;
+
+ /* give it a chance of being retrieved by a proxy... */
+ (void)slap_bv2undef_ad( &attrs->an_name,
+ &attrs->an_desc, &text,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+ }
+ }
+
+ return 0;
+}
+
+
+int slap_str2undef_ad(
+ const char *str,
+ AttributeDescription **ad,
+ const char **text,
+ unsigned flags )
+{
+ struct berval bv;
+ bv.bv_val = (char *) str;
+ bv.bv_len = strlen( str );
+
+ return slap_bv2undef_ad( &bv, ad, text, flags );
+}
+
+int slap_bv2undef_ad(
+ struct berval *bv,
+ AttributeDescription **ad,
+ const char **text,
+ unsigned flags )
+{
+ AttributeDescription *desc;
+ AttributeType *at;
+
+ assert( ad != NULL );
+
+ if( bv == NULL || bv->bv_len == 0 ) {
+ *text = "empty AttributeDescription";
+ return LDAP_UNDEFINED_TYPE;
+ }
+
+ /* make sure description is IA5 */
+ if( ad_keystring( bv ) ) {
+ *text = "AttributeDescription contains inappropriate characters";
+ return LDAP_UNDEFINED_TYPE;
+ }
+
+ /* use the appropriate type */
+ if ( flags & SLAP_AD_PROXIED ) {
+ at = slap_schema.si_at_proxied;
+
+ } else {
+ at = slap_schema.si_at_undefined;
+ }
+
+ for( desc = at->sat_ad; desc; desc=desc->ad_next ) {
+ if( desc->ad_cname.bv_len == bv->bv_len &&
+ !strcasecmp( desc->ad_cname.bv_val, bv->bv_val ) )
+ {
+ break;
+ }
+ }
+
+ if( !desc ) {
+ if ( flags & SLAP_AD_NOINSERT ) {
+ *text = NULL;
+ return LDAP_UNDEFINED_TYPE;
+ }
+
+ desc = ch_malloc(sizeof(AttributeDescription) + 1 +
+ bv->bv_len);
+
+ desc->ad_flags = SLAP_DESC_NONE;
+ BER_BVZERO( &desc->ad_tags );
+
+ desc->ad_cname.bv_len = bv->bv_len;
+ desc->ad_cname.bv_val = (char *)(desc+1);
+ strcpy(desc->ad_cname.bv_val, bv->bv_val);
+
+ /* canonical to upper case */
+ ldap_pvt_str2upper( desc->ad_cname.bv_val );
+
+ /* shouldn't we protect this for concurrency? */
+ desc->ad_type = at;
+ ldap_pvt_thread_mutex_lock( &ad_undef_mutex );
+ desc->ad_next = desc->ad_type->sat_ad;
+ desc->ad_type->sat_ad = desc;
+ ldap_pvt_thread_mutex_unlock( &ad_undef_mutex );
+
+ Debug( LDAP_DEBUG_ANY,
+ "%s attributeDescription \"%s\" inserted.\n",
+ ( flags & SLAP_AD_PROXIED ) ? "PROXIED" : "UNKNOWN",
+ desc->ad_cname.bv_val, 0 );
+ }
+
+ if( !*ad ) {
+ *ad = desc;
+ } else {
+ **ad = *desc;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+undef_promote(
+ AttributeType *at,
+ char *name,
+ AttributeType *nat )
+{
+ AttributeDescription **u_ad, **n_ad;
+
+ /* Get to last ad on the new type */
+ for ( n_ad = &nat->sat_ad; *n_ad; n_ad = &(*n_ad)->ad_next ) ;
+
+ for ( u_ad = &at->sat_ad; *u_ad; ) {
+ struct berval bv;
+
+ ber_str2bv( name, 0, 0, &bv );
+
+ /* remove iff undef == name or undef == name;tag */
+ if ( (*u_ad)->ad_cname.bv_len >= bv.bv_len
+ && strncasecmp( (*u_ad)->ad_cname.bv_val, bv.bv_val, bv.bv_len ) == 0
+ && ( (*u_ad)->ad_cname.bv_val[ bv.bv_len ] == '\0'
+ || (*u_ad)->ad_cname.bv_val[ bv.bv_len ] == ';' ) )
+ {
+ AttributeDescription *tmp = *u_ad;
+
+ *u_ad = (*u_ad)->ad_next;
+
+ tmp->ad_next = NULL;
+ *n_ad = tmp;
+ n_ad = &tmp->ad_next;
+ } else {
+ u_ad = &(*u_ad)->ad_next;
+ }
+ }
+
+ return 0;
+}
+
+int
+slap_ad_undef_promote(
+ char *name,
+ AttributeType *at )
+{
+ int rc;
+
+ ldap_pvt_thread_mutex_lock( &ad_undef_mutex );
+
+ rc = undef_promote( slap_schema.si_at_undefined, name, at );
+ if ( rc == 0 ) {
+ rc = undef_promote( slap_schema.si_at_proxied, name, at );
+ }
+
+ ldap_pvt_thread_mutex_unlock( &ad_undef_mutex );
+
+ return rc;
+}
+
+int
+an_find(
+ AttributeName *a,
+ struct berval *s
+)
+{
+ if( a == NULL ) return 0;
+
+ for ( ; a->an_name.bv_val; a++ ) {
+ if ( a->an_name.bv_len != s->bv_len) continue;
+ if ( strcasecmp( s->bv_val, a->an_name.bv_val ) == 0 ) {
+ return( 1 );
+ }
+ }
+
+ return( 0 );
+}
+
+/*
+ * Convert a delimited string into a list of AttributeNames; add
+ * on to an existing list if it was given. If the string is not
+ * a valid attribute name, if a '-' is prepended it is skipped
+ * and the remaining name is tried again; if a '@' (or '+') is
+ * prepended, an objectclass name is searched instead; if a '!'
+ * is prepended, the objectclass name is negated.
+ *
+ * NOTE: currently, if a valid attribute name is not found, the
+ * same string is also checked as valid objectclass name; however,
+ * this behavior is deprecated.
+ */
+AttributeName *
+str2anlist( AttributeName *an, char *in, const char *brkstr )
+{
+ char *str;
+ char *s;
+ char *lasts;
+ int i, j;
+ const char *text;
+ AttributeName *anew;
+
+ /* find last element in list */
+ i = 0;
+ if ( an != NULL ) {
+ for ( i = 0; !BER_BVISNULL( &an[ i ].an_name ) ; i++)
+ ;
+ }
+
+ /* protect the input string from strtok */
+ str = ch_strdup( in );
+
+ /* Count words in string */
+ j = 1;
+ for ( s = str; *s; s++ ) {
+ if ( strchr( brkstr, *s ) != NULL ) {
+ j++;
+ }
+ }
+
+ an = ch_realloc( an, ( i + j + 1 ) * sizeof( AttributeName ) );
+ anew = an + i;
+ for ( s = ldap_pvt_strtok( str, brkstr, &lasts );
+ s != NULL;
+ s = ldap_pvt_strtok( NULL, brkstr, &lasts ) )
+ {
+ /* put a stop mark */
+ BER_BVZERO( &anew[1].an_name );
+
+ anew->an_desc = NULL;
+ anew->an_oc = NULL;
+ anew->an_oc_exclude = 0;
+ ber_str2bv(s, 0, 1, &anew->an_name);
+ slap_bv2ad(&anew->an_name, &anew->an_desc, &text);
+ if ( !anew->an_desc ) {
+ switch( anew->an_name.bv_val[0] ) {
+ case '-': {
+ struct berval adname;
+ adname.bv_len = anew->an_name.bv_len - 1;
+ adname.bv_val = &anew->an_name.bv_val[1];
+ slap_bv2ad(&adname, &anew->an_desc, &text);
+ if ( !anew->an_desc ) {
+ goto reterr;
+ }
+ } break;
+
+ case '@':
+ case '+': /* (deprecated) */
+ case '!': {
+ struct berval ocname;
+ ocname.bv_len = anew->an_name.bv_len - 1;
+ ocname.bv_val = &anew->an_name.bv_val[1];
+ anew->an_oc = oc_bvfind( &ocname );
+ if ( !anew->an_oc ) {
+ goto reterr;
+ }
+
+ if ( anew->an_name.bv_val[0] == '!' ) {
+ anew->an_oc_exclude = 1;
+ }
+ } break;
+
+ default:
+ /* old (deprecated) way */
+ anew->an_oc = oc_bvfind( &anew->an_name );
+ if ( !anew->an_oc ) {
+ goto reterr;
+ }
+ }
+ }
+ anew++;
+ }
+
+ BER_BVZERO( &anew->an_name );
+ free( str );
+ return( an );
+
+reterr:
+ for ( i = 0; an[i].an_name.bv_val; i++ ) {
+ free( an[i].an_name.bv_val );
+ }
+ free( an );
+ /*
+ * overwrites input string
+ * on error!
+ */
+ strcpy( in, s );
+ free( str );
+ return NULL;
+}
+
+char **anlist2charray_x( AttributeName *an, int dup, void *ctx )
+{
+ char **attrs;
+ int i;
+
+ if ( an != NULL ) {
+ for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ )
+ ;
+ attrs = (char **) slap_sl_malloc( (i + 1) * sizeof(char *), ctx );
+ for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) {
+ if ( dup )
+ attrs[i] = ch_strdup( an[i].an_name.bv_val );
+ else
+ attrs[i] = an[i].an_name.bv_val;
+ }
+ attrs[i] = NULL;
+ } else {
+ attrs = NULL;
+ }
+
+ return attrs;
+}
+
+char **anlist2charray( AttributeName *an, int dup )
+{
+ return anlist2charray_x( an, dup, NULL );
+}
+
+char**
+anlist2attrs( AttributeName * anlist )
+{
+ int i, j, k = 0;
+ int n;
+ char **attrs;
+ ObjectClass *oc;
+
+ if ( anlist == NULL )
+ return NULL;
+
+ for ( i = 0; anlist[i].an_name.bv_val; i++ ) {
+ if ( ( oc = anlist[i].an_oc ) ) {
+ for ( j = 0; oc->soc_required && oc->soc_required[j]; j++ ) ;
+ k += j;
+ for ( j = 0; oc->soc_allowed && oc->soc_allowed[j]; j++ ) ;
+ k += j;
+ }
+ }
+
+ if ( i == 0 )
+ return NULL;
+
+ attrs = anlist2charray( anlist, 1 );
+
+ n = i;
+
+ if ( k )
+ attrs = (char **) ch_realloc( attrs, (i + k + 1) * sizeof( char * ));
+
+ for ( i = 0; anlist[i].an_name.bv_val; i++ ) {
+ if ( ( oc = anlist[i].an_oc ) ) {
+ for ( j = 0; oc->soc_required && oc->soc_required[j]; j++ ) {
+ attrs[n++] = ch_strdup(
+ oc->soc_required[j]->sat_cname.bv_val );
+ }
+ for ( j = 0; oc->soc_allowed && oc->soc_allowed[j]; j++ ) {
+ attrs[n++] = ch_strdup(
+ oc->soc_allowed[j]->sat_cname.bv_val );
+ }
+ }
+ }
+
+ if ( attrs )
+ attrs[n] = NULL;
+
+ i = 0;
+ while ( attrs && attrs[i] ) {
+ if ( *attrs[i] == '@' ) {
+ ch_free( attrs[i] );
+ for ( j = i; attrs[j]; j++ ) {
+ attrs[j] = attrs[j+1];
+ }
+ } else {
+ i++;
+ }
+ }
+
+ for ( i = 0; attrs && attrs[i]; i++ ) {
+ j = i + 1;
+ while ( attrs && attrs[j] ) {
+ if ( !strcmp( attrs[i], attrs[j] )) {
+ ch_free( attrs[j] );
+ for ( k = j; attrs && attrs[k]; k++ ) {
+ attrs[k] = attrs[k+1];
+ }
+ } else {
+ j++;
+ }
+ }
+ }
+
+ if ( i != n )
+ attrs = (char **) ch_realloc( attrs, (i+1) * sizeof( char * ));
+
+ return attrs;
+}
+
+#define LBUFSIZ 80
+AttributeName*
+file2anlist( AttributeName *an, const char *fname, const char *brkstr )
+{
+ FILE *fp;
+ char *line = NULL;
+ char *lcur = NULL;
+ char *c;
+ size_t lmax = LBUFSIZ;
+
+ fp = fopen( fname, "r" );
+ if ( fp == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "get_attrs_from_file: failed to open attribute list file "
+ "\"%s\": %s\n", fname, strerror(errno), 0 );
+ return NULL;
+ }
+
+ lcur = line = (char *) ch_malloc( lmax );
+ if ( !line ) {
+ Debug( LDAP_DEBUG_ANY,
+ "get_attrs_from_file: could not allocate memory\n",
+ 0, 0, 0 );
+ fclose(fp);
+ return NULL;
+ }
+
+ while ( fgets( lcur, LBUFSIZ, fp ) != NULL ) {
+ if ( ( c = strchr( lcur, '\n' ) ) ) {
+ if ( c == line ) {
+ *c = '\0';
+ } else if ( *(c-1) == '\r' ) {
+ *(c-1) = '\0';
+ } else {
+ *c = '\0';
+ }
+ } else {
+ lmax += LBUFSIZ;
+ line = (char *) ch_realloc( line, lmax );
+ if ( !line ) {
+ Debug( LDAP_DEBUG_ANY,
+ "get_attrs_from_file: could not allocate memory\n",
+ 0, 0, 0 );
+ fclose(fp);
+ return NULL;
+ }
+ lcur = line + strlen( line );
+ continue;
+ }
+ an = str2anlist( an, line, brkstr );
+ if ( an == NULL )
+ return NULL;
+ lcur = line;
+ }
+ ch_free( line );
+ fclose(fp);
+ return an;
+}
+#undef LBUFSIZ
+
+/* Define an attribute option. */
+int
+ad_define_option( const char *name, const char *fname, int lineno )
+{
+ int i;
+ unsigned int optlen;
+
+ if ( options == &lang_option ) {
+ options = NULL;
+ option_count = 0;
+ }
+ if ( name == NULL )
+ return 0;
+
+ optlen = 0;
+ do {
+ if ( !DESC_CHAR( name[optlen] ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: illegal option name \"%s\"\n",
+ fname, lineno, name );
+ return 1;
+ }
+ } while ( name[++optlen] );
+
+ options = ch_realloc( options,
+ (option_count+1) * sizeof(Attr_option) );
+
+ if ( strcasecmp( name, "binary" ) == 0
+ || ad_find_option_definition( name, optlen ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: option \"%s\" is already defined\n",
+ fname, lineno, name );
+ return 1;
+ }
+
+ for ( i = option_count; i; --i ) {
+ if ( strcasecmp( name, options[i-1].name.bv_val ) >= 0 )
+ break;
+ options[i] = options[i-1];
+ }
+
+ options[i].name.bv_val = ch_strdup( name );
+ options[i].name.bv_len = optlen;
+ options[i].prefix = (name[optlen-1] == '-');
+
+ if ( i != option_count &&
+ options[i].prefix &&
+ optlen < options[i+1].name.bv_len &&
+ strncasecmp( name, options[i+1].name.bv_val, optlen ) == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: option \"%s\" overrides previous option\n",
+ fname, lineno, name );
+ return 1;
+ }
+
+ option_count++;
+ return 0;
+}
+
+void
+ad_unparse_options( BerVarray *res )
+{
+ int i;
+ for ( i = 0; i < option_count; i++ ) {
+ value_add_one( res, &options[i].name );
+ }
+}
+
+/* Find the definition of the option name or prefix matching the arguments */
+static Attr_option *
+ad_find_option_definition( const char *opt, int optlen )
+{
+ int top = 0, bot = option_count;
+ while ( top < bot ) {
+ int mid = (top + bot) / 2;
+ int mlen = options[mid].name.bv_len;
+ char *mname = options[mid].name.bv_val;
+ int j;
+ if ( optlen < mlen ) {
+ j = strncasecmp( opt, mname, optlen ) - 1;
+ } else {
+ j = strncasecmp( opt, mname, mlen );
+ if ( j==0 && (optlen==mlen || options[mid].prefix) )
+ return &options[mid];
+ }
+ if ( j < 0 )
+ bot = mid;
+ else
+ top = mid + 1;
+ }
+ return NULL;
+}
+
+MatchingRule *ad_mr(
+ AttributeDescription *ad,
+ unsigned usage )
+{
+ switch( usage & SLAP_MR_TYPE_MASK ) {
+ case SLAP_MR_NONE:
+ case SLAP_MR_EQUALITY:
+ return ad->ad_type->sat_equality;
+ break;
+ case SLAP_MR_ORDERING:
+ return ad->ad_type->sat_ordering;
+ break;
+ case SLAP_MR_SUBSTR:
+ return ad->ad_type->sat_substr;
+ break;
+ case SLAP_MR_EXT:
+ default:
+ assert( 0 /* ad_mr: bad usage */);
+ }
+ return NULL;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/add.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/add.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/add.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,752 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/add.c,v 1.208.2.18 2007/01/03 08:50:41 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/socket.h>
+
+#include "lutil.h"
+#include "slap.h"
+
+int
+do_add( Operation *op, SlapReply *rs )
+{
+ BerElement *ber = op->o_ber;
+ char *last;
+ struct berval dn = BER_BVNULL;
+ ber_len_t len;
+ ber_tag_t tag;
+ Modifications *modlist = NULL;
+ Modifications **modtail = &modlist;
+ Modifications tmp;
+ char textbuf[ SLAP_TEXT_BUFLEN ];
+ size_t textlen = sizeof( textbuf );
+ int rc = 0;
+ int freevals = 1;
+
+ Debug( LDAP_DEBUG_TRACE, "do_add\n", 0, 0, 0 );
+ /*
+ * Parse the add request. It looks like this:
+ *
+ * AddRequest := [APPLICATION 14] SEQUENCE {
+ * name DistinguishedName,
+ * attrs SEQUENCE OF SEQUENCE {
+ * type AttributeType,
+ * values SET OF AttributeValue
+ * }
+ * }
+ */
+
+ /* get the name */
+ if ( ber_scanf( ber, "{m", /*}*/ &dn ) == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, "do_add: ber_scanf failed\n", 0, 0, 0 );
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
+ return SLAPD_DISCONNECT;
+ }
+
+ op->ora_e = (Entry *) ch_calloc( 1, sizeof(Entry) );
+
+ rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn,
+ op->o_tmpmemctx );
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "do_add: invalid dn (%s)\n", dn.bv_val, 0, 0 );
+ send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
+ goto done;
+ }
+
+ ber_dupbv( &op->ora_e->e_name, &op->o_req_dn );
+ ber_dupbv( &op->ora_e->e_nname, &op->o_req_ndn );
+
+ Debug( LDAP_DEBUG_ARGS, "do_add: dn (%s)\n", op->ora_e->e_dn, 0, 0 );
+
+ /* get the attrs */
+ for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
+ tag = ber_next_element( ber, &len, last ) )
+ {
+ Modifications *mod;
+ ber_tag_t rtag;
+
+ tmp.sml_nvalues = NULL;
+
+ rtag = ber_scanf( ber, "{m{W}}", &tmp.sml_type, &tmp.sml_values );
+
+ if ( rtag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, "do_add: decoding error\n", 0, 0, 0 );
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
+ rs->sr_err = SLAPD_DISCONNECT;
+ goto done;
+ }
+
+ if ( tmp.sml_values == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "no values for type %s\n",
+ tmp.sml_type.bv_val, 0, 0 );
+ send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
+ "no values for attribute type" );
+ goto done;
+ }
+
+ mod = (Modifications *) ch_malloc( sizeof(Modifications) );
+ mod->sml_op = LDAP_MOD_ADD;
+ mod->sml_flags = 0;
+ mod->sml_next = NULL;
+ mod->sml_desc = NULL;
+ mod->sml_type = tmp.sml_type;
+ mod->sml_values = tmp.sml_values;
+ mod->sml_nvalues = NULL;
+
+ *modtail = mod;
+ modtail = &mod->sml_next;
+ }
+
+ if ( ber_scanf( ber, /*{*/ "}") == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, "do_add: ber_scanf failed\n", 0, 0, 0 );
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
+ rs->sr_err = SLAPD_DISCONNECT;
+ goto done;
+ }
+
+ if ( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "do_add: get_ctrls failed\n", 0, 0, 0 );
+ goto done;
+ }
+
+ if ( modlist == NULL ) {
+ send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
+ "no attributes provided" );
+ goto done;
+ }
+
+ Statslog( LDAP_DEBUG_STATS, "%s ADD dn=\"%s\"\n",
+ op->o_log_prefix, op->ora_e->e_name.bv_val, 0, 0, 0 );
+
+ if ( dn_match( &op->ora_e->e_nname, &slap_empty_bv ) ) {
+ /* protocolError may be a more appropriate error */
+ send_ldap_error( op, rs, LDAP_ALREADY_EXISTS,
+ "root DSE already exists" );
+ goto done;
+
+ } else if ( dn_match( &op->ora_e->e_nname, &frontendDB->be_schemandn ) ) {
+ send_ldap_error( op, rs, LDAP_ALREADY_EXISTS,
+ "subschema subentry already exists" );
+ goto done;
+ }
+
+ rs->sr_err = slap_mods_check( modlist, &rs->sr_text,
+ textbuf, textlen, NULL );
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto done;
+ }
+
+ /* temporary; remove if not invoking backend function */
+ op->ora_modlist = modlist;
+
+ /* call this so global overlays/SLAPI have access to ora_e */
+ rs->sr_err = slap_mods2entry( op->ora_modlist, &op->ora_e,
+ 1, 0, &rs->sr_text, textbuf, textlen );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto done;
+ }
+
+ freevals = 0;
+
+ op->o_bd = frontendDB;
+ rc = frontendDB->be_add( op, rs );
+ if ( rc == 0 ) {
+ if ( op->ora_e != NULL && op->o_private != NULL ) {
+ BackendDB *bd = op->o_bd;
+
+ op->o_bd = (BackendDB *)op->o_private;
+ op->o_private = NULL;
+
+ be_entry_release_w( op, op->ora_e );
+
+ op->ora_e = NULL;
+ op->o_bd = bd;
+ op->o_private = NULL;
+ }
+ }
+
+done:;
+ if ( modlist != NULL ) {
+ /* in case of error, free the values as well */
+ slap_mods_free( modlist, freevals );
+ }
+
+ if ( op->ora_e != NULL ) {
+ entry_free( op->ora_e );
+ }
+ op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+
+ return rc;
+}
+
+int
+fe_op_add( Operation *op, SlapReply *rs )
+{
+ int manageDSAit;
+ Modifications *modlist = op->ora_modlist;
+ Modifications **modtail = &modlist;
+ int rc = 0;
+ BackendDB *op_be, *bd = op->o_bd;
+ char textbuf[ SLAP_TEXT_BUFLEN ];
+ size_t textlen = sizeof( textbuf );
+
+ manageDSAit = get_manageDSAit( op );
+
+ /*
+ * We could be serving multiple database backends. Select the
+ * appropriate one, or send a referral to our "referral server"
+ * if we don't hold it.
+ */
+ op->o_bd = select_backend( &op->ora_e->e_nname, manageDSAit, 1 );
+ if ( op->o_bd == NULL ) {
+ op->o_bd = bd;
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->ora_e->e_name, LDAP_SCOPE_DEFAULT );
+ if ( !rs->sr_ref ) rs->sr_ref = default_referral;
+ if ( rs->sr_ref ) {
+ rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+
+ if ( rs->sr_ref != default_referral ) {
+ ber_bvarray_free( rs->sr_ref );
+ }
+ } else {
+ op->o_bd = frontendDB;
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "no global superior knowledge" );
+ op->o_bd = NULL;
+ }
+ goto done;
+ }
+
+ /* If we've got a glued backend, check the real backend */
+ op_be = op->o_bd;
+ if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
+ op->o_bd = select_backend( &op->ora_e->e_nname, manageDSAit, 0 );
+ }
+
+ /* check restrictions */
+ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto done;
+ }
+
+ /* check for referrals */
+ if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ rs->sr_err = slap_mods_obsolete_check( op, modlist,
+ &rs->sr_text, textbuf, textlen );
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto done;
+ }
+
+ /*
+ * do the add if 1 && (2 || 3)
+ * 1) there is an add function implemented in this backend;
+ * 2) this backend is master for what it holds;
+ * 3) it's a replica and the dn supplied is the updatedn.
+ */
+ if ( op->o_bd->be_add ) {
+ /* do the update here */
+ int repl_user = be_isupdate( op );
+#ifndef SLAPD_MULTIMASTER
+ if ( !SLAP_SHADOW(op->o_bd) || repl_user )
+#endif
+ {
+ int update = !BER_BVISEMPTY( &op->o_bd->be_update_ndn );
+ slap_callback cb = { NULL, slap_replog_cb, NULL, NULL };
+
+ op->o_bd = op_be;
+
+ if ( !update ) {
+ rs->sr_err = slap_mods_no_user_mod_check( op, modlist,
+ &rs->sr_text, textbuf, textlen );
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto done;
+ }
+ }
+
+ if ( !repl_user ) {
+ /* go to the last mod */
+ for ( modtail = &modlist;
+ *modtail != NULL;
+ modtail = &(*modtail)->sml_next )
+ {
+ assert( (*modtail)->sml_op == LDAP_MOD_ADD );
+ assert( (*modtail)->sml_desc != NULL );
+ }
+
+
+ /* check for unmodifiable attributes */
+ rs->sr_err = slap_mods_no_repl_user_mod_check( op,
+ modlist, &rs->sr_text, textbuf, textlen );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto done;
+ }
+
+#if 0 /* This is a no-op since *modtail is NULL */
+ rs->sr_err = slap_mods2entry( *modtail, &op->ora_e,
+ 0, 0, &rs->sr_text, textbuf, textlen );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto done;
+ }
+#endif
+ }
+
+#ifdef SLAPD_MULTIMASTER
+ if ( !repl_user )
+#endif
+ {
+ cb.sc_next = op->o_callback;
+ op->o_callback = &cb;
+ }
+ rc = op->o_bd->be_add( op, rs );
+ if ( rc == LDAP_SUCCESS ) {
+ /* NOTE: be_entry_release_w() is
+ * called by do_add(), so that global
+ * overlays on the way back can
+ * at least read the entry */
+ op->o_private = op->o_bd;
+ }
+
+#ifndef SLAPD_MULTIMASTER
+ } else {
+ BerVarray defref = NULL;
+
+ defref = op->o_bd->be_update_refs
+ ? op->o_bd->be_update_refs : default_referral;
+
+ if ( defref != NULL ) {
+ rs->sr_ref = referral_rewrite( defref,
+ NULL, &op->ora_e->e_name, LDAP_SCOPE_DEFAULT );
+ if ( rs->sr_ref == NULL ) rs->sr_ref = defref;
+ rs->sr_err = LDAP_REFERRAL;
+ if (!rs->sr_ref) rs->sr_ref = default_referral;
+ send_ldap_result( op, rs );
+
+ if ( rs->sr_ref != default_referral ) {
+ ber_bvarray_free( rs->sr_ref );
+ }
+ } else {
+ send_ldap_error( op, rs,
+ LDAP_UNWILLING_TO_PERFORM,
+ "shadow context; no update referral" );
+ }
+#endif /* SLAPD_MULTIMASTER */
+ }
+ } else {
+ Debug( LDAP_DEBUG_ARGS, " do_add: no backend support\n", 0, 0, 0 );
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "operation not supported within namingContext" );
+ }
+
+done:;
+ op->o_bd = bd;
+ return rc;
+}
+
+int
+slap_mods2entry(
+ Modifications *mods,
+ Entry **e,
+ int initial,
+ int dup,
+ const char **text,
+ char *textbuf, size_t textlen )
+{
+ Attribute **tail;
+
+ if ( initial ) {
+ assert( (*e)->e_attrs == NULL );
+ }
+
+ for ( tail = &(*e)->e_attrs; *tail != NULL; tail = &(*tail)->a_next )
+ ;
+
+ *text = textbuf;
+
+ for( ; mods != NULL; mods = mods->sml_next ) {
+ Attribute *attr;
+
+ assert( mods->sml_desc != NULL );
+
+ attr = attr_find( (*e)->e_attrs, mods->sml_desc );
+
+ if( attr != NULL ) {
+#define SLURPD_FRIENDLY
+#ifdef SLURPD_FRIENDLY
+ ber_len_t i,j;
+
+ if ( !initial ) {
+ /*
+ * This check allows overlays to override operational
+ * attributes by setting them directly in the entry.
+ * We assume slap_mods_no_user_mod_check() was called
+ * with the user modifications.
+ */
+ *text = NULL;
+ return LDAP_SUCCESS;
+ }
+
+ for( i=0; attr->a_vals[i].bv_val; i++ ) {
+ /* count them */
+ }
+ for( j=0; mods->sml_values[j].bv_val; j++ ) {
+ /* count them */
+ }
+ j++; /* NULL */
+
+ attr->a_vals = ch_realloc( attr->a_vals,
+ sizeof( struct berval ) * (i+j) );
+
+ /* checked for duplicates in slap_mods_check */
+
+ if ( dup ) {
+ for ( j = 0; mods->sml_values[j].bv_val; j++ ) {
+ ber_dupbv( &attr->a_vals[i+j], &mods->sml_values[j] );
+ }
+ BER_BVZERO( &attr->a_vals[i+j] );
+ j++;
+ } else {
+ AC_MEMCPY( &attr->a_vals[i], mods->sml_values,
+ sizeof( struct berval ) * j );
+ }
+
+ if( mods->sml_nvalues ) {
+ attr->a_nvals = ch_realloc( attr->a_nvals,
+ sizeof( struct berval ) * (i+j) );
+ if ( dup ) {
+ for ( j = 0; mods->sml_nvalues[j].bv_val; j++ ) {
+ ber_dupbv( &attr->a_nvals[i+j], &mods->sml_nvalues[j] );
+ }
+ BER_BVZERO( &attr->a_nvals[i+j] );
+ } else {
+ AC_MEMCPY( &attr->a_nvals[i], mods->sml_nvalues,
+ sizeof( struct berval ) * j );
+ }
+ } else {
+ attr->a_nvals = attr->a_vals;
+ }
+
+ continue;
+#else
+ snprintf( textbuf, textlen,
+ "attribute '%s' provided more than once",
+ mods->sml_desc->ad_cname.bv_val );
+ *text = textbuf;
+ return LDAP_TYPE_OR_VALUE_EXISTS;
+#endif
+ }
+
+#if 0 /* checked for duplicates in slap_mods_check */
+ if( mods->sml_values[1].bv_val != NULL ) {
+ /* check for duplicates */
+ int i, j, rc, match;
+ MatchingRule *mr = mods->sml_desc->ad_type->sat_equality;
+
+ for ( i = 1; mods->sml_values[i].bv_val != NULL; i++ ) {
+ /* test asserted values against themselves */
+ for( j = 0; j < i; j++ ) {
+ rc = ordered_value_match( &match, mods->sml_desc, mr,
+ SLAP_MR_EQUALITY
+ | SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX
+ | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH
+ | SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
+ mods->sml_nvalues
+ ? &mods->sml_nvalues[i]
+ : &mods->sml_values[i],
+ mods->sml_nvalues
+ ? &mods->sml_nvalues[j]
+ : &mods->sml_values[j],
+ text );
+
+ if ( rc == LDAP_SUCCESS && match == 0 ) {
+ /* value exists already */
+ snprintf( textbuf, textlen,
+ "%s: value #%d provided more than once",
+ mods->sml_desc->ad_cname.bv_val, j );
+ *text = textbuf;
+ return LDAP_TYPE_OR_VALUE_EXISTS;
+
+ } else if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ }
+ }
+ }
+#endif
+
+ attr = ch_calloc( 1, sizeof(Attribute) );
+
+ /* move ad to attr structure */
+ attr->a_desc = mods->sml_desc;
+
+ /* move values to attr structure */
+ if ( dup ) {
+ int i;
+ for ( i = 0; mods->sml_values[i].bv_val; i++ ) /* EMPTY */;
+ attr->a_vals = (BerVarray) ch_calloc( i+1, sizeof( BerValue ));
+ for ( i = 0; mods->sml_values[i].bv_val; i++ ) {
+ ber_dupbv( &attr->a_vals[i], &mods->sml_values[i] );
+ }
+ BER_BVZERO( &attr->a_vals[i] );
+ } else {
+ attr->a_vals = mods->sml_values;
+ }
+
+ if ( mods->sml_nvalues ) {
+ if ( dup ) {
+ int i;
+ for ( i = 0; mods->sml_nvalues[i].bv_val; i++ ) /* EMPTY */;
+ attr->a_nvals = (BerVarray) ch_calloc( i+1, sizeof( BerValue ));
+ for ( i = 0; mods->sml_nvalues[i].bv_val; i++ ) {
+ ber_dupbv( &attr->a_nvals[i], &mods->sml_nvalues[i] );
+ }
+ BER_BVZERO( &attr->a_nvals[i] );
+ } else {
+ attr->a_nvals = mods->sml_nvalues;
+ }
+ } else {
+ attr->a_nvals = attr->a_vals;
+ }
+
+ *tail = attr;
+ tail = &attr->a_next;
+ }
+
+ *text = NULL;
+
+ return LDAP_SUCCESS;
+}
+
+int
+slap_entry2mods(
+ Entry *e,
+ Modifications **mods,
+ const char **text,
+ char *textbuf, size_t textlen )
+{
+ Modifications *modhead = NULL;
+ Modifications *mod;
+ Modifications **modtail = &modhead;
+ Attribute *a_new;
+ AttributeDescription *a_new_desc;
+ int i, count;
+
+ a_new = e->e_attrs;
+
+ while ( a_new != NULL ) {
+ a_new_desc = a_new->a_desc;
+ mod = (Modifications *) malloc( sizeof( Modifications ));
+
+ mod->sml_op = LDAP_MOD_REPLACE;
+ mod->sml_flags = 0;
+
+ mod->sml_type = a_new_desc->ad_cname;
+
+ for ( count = 0; a_new->a_vals[count].bv_val; count++ ) /* EMPTY */;
+
+ mod->sml_values = (struct berval*) malloc(
+ (count+1) * sizeof( struct berval) );
+
+ /* see slap_mods_check() comments...
+ * if a_vals == a_nvals, there is no normalizer.
+ * in this case, mod->sml_nvalues must be left NULL.
+ */
+ if ( a_new->a_vals != a_new->a_nvals ) {
+ mod->sml_nvalues = (struct berval*) malloc(
+ (count+1) * sizeof( struct berval) );
+ } else {
+ mod->sml_nvalues = NULL;
+ }
+
+ for ( i = 0; i < count; i++ ) {
+ ber_dupbv(mod->sml_values+i, a_new->a_vals+i);
+ if ( mod->sml_nvalues ) {
+ ber_dupbv( mod->sml_nvalues+i, a_new->a_nvals+i );
+ }
+ }
+
+ mod->sml_values[count].bv_val = NULL;
+ mod->sml_values[count].bv_len = 0;
+
+ if ( mod->sml_nvalues ) {
+ mod->sml_nvalues[count].bv_val = NULL;
+ mod->sml_nvalues[count].bv_len = 0;
+ }
+
+ mod->sml_desc = a_new_desc;
+ mod->sml_next =NULL;
+ *modtail = mod;
+ modtail = &mod->sml_next;
+ a_new = a_new->a_next;
+ }
+
+ *mods = modhead;
+
+ return LDAP_SUCCESS;
+}
+
+int slap_add_opattrs(
+ Operation *op,
+ const char **text,
+ char *textbuf,
+ size_t textlen,
+ int manage_ctxcsn )
+{
+ struct berval name, timestamp, csn = BER_BVNULL;
+ struct berval nname, tmp;
+ char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+ char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
+ Attribute *a;
+
+ a = attr_find( op->ora_e->e_attrs,
+ slap_schema.si_ad_structuralObjectClass );
+
+ if ( !a ) {
+ Attribute *oc;
+ int rc;
+
+ oc = attr_find( op->ora_e->e_attrs, slap_schema.si_ad_objectClass );
+ if ( oc ) {
+ rc = structural_class( oc->a_vals, &tmp, NULL, text,
+ textbuf, textlen );
+ if( rc != LDAP_SUCCESS ) return rc;
+
+ attr_merge_one( op->ora_e, slap_schema.si_ad_structuralObjectClass,
+ &tmp, NULL );
+ }
+ }
+
+ if ( SLAP_LASTMOD( op->o_bd ) ) {
+ char *ptr;
+ int gotcsn = 0;
+ timestamp.bv_val = timebuf;
+
+ a = attr_find( op->ora_e->e_attrs, slap_schema.si_ad_entryCSN );
+ if ( a ) {
+ gotcsn = 1;
+ csn = a->a_vals[0];
+ }
+ if ( BER_BVISEMPTY( &op->o_csn )) {
+ if ( !gotcsn ) {
+ csn.bv_val = csnbuf;
+ csn.bv_len = sizeof(csnbuf);
+ slap_get_csn( op, &csn, manage_ctxcsn );
+ } else {
+ if ( manage_ctxcsn )
+ slap_queue_csn( op, &csn );
+ }
+ } else {
+ csn = op->o_csn;
+ }
+ ptr = ber_bvchr( &csn, '#' );
+ if ( ptr ) {
+ timestamp.bv_len = ptr - csn.bv_val;
+ if ( timestamp.bv_len >= sizeof(timebuf) )
+ timestamp.bv_len = sizeof(timebuf) - 1;
+ strncpy( timebuf, csn.bv_val, timestamp.bv_len );
+ timebuf[timestamp.bv_len] = '\0';
+ } else {
+ time_t now = slap_get_time();
+
+ timestamp.bv_len = sizeof(timebuf);
+
+ slap_timestamp( &now, ×tamp );
+ }
+
+ if ( BER_BVISEMPTY( &op->o_dn ) ) {
+ BER_BVSTR( &name, SLAPD_ANONYMOUS );
+ nname = name;
+ } else {
+ name = op->o_dn;
+ nname = op->o_ndn;
+ }
+
+ a = attr_find( op->ora_e->e_attrs,
+ slap_schema.si_ad_entryUUID );
+ if ( !a ) {
+ char uuidbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
+
+ tmp.bv_len = lutil_uuidstr( uuidbuf, sizeof( uuidbuf ) );
+ tmp.bv_val = uuidbuf;
+
+ attr_merge_normalize_one( op->ora_e,
+ slap_schema.si_ad_entryUUID, &tmp, op->o_tmpmemctx );
+ }
+
+ a = attr_find( op->ora_e->e_attrs,
+ slap_schema.si_ad_creatorsName );
+ if ( !a ) {
+ attr_merge_one( op->ora_e,
+ slap_schema.si_ad_creatorsName, &name, &nname );
+ }
+
+ a = attr_find( op->ora_e->e_attrs,
+ slap_schema.si_ad_createTimestamp );
+ if ( !a ) {
+ attr_merge_one( op->ora_e,
+ slap_schema.si_ad_createTimestamp, ×tamp, NULL );
+ }
+
+ if ( !gotcsn ) {
+ attr_merge_one( op->ora_e,
+ slap_schema.si_ad_entryCSN, &csn, NULL );
+ }
+
+ a = attr_find( op->ora_e->e_attrs,
+ slap_schema.si_ad_modifiersName );
+ if ( !a ) {
+ attr_merge_one( op->ora_e,
+ slap_schema.si_ad_modifiersName, &name, &nname );
+ }
+
+ a = attr_find( op->ora_e->e_attrs,
+ slap_schema.si_ad_modifyTimestamp );
+ if ( !a ) {
+ attr_merge_one( op->ora_e,
+ slap_schema.si_ad_modifyTimestamp, ×tamp, NULL );
+ }
+
+ }
+ return LDAP_SUCCESS;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/alock.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/alock.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/alock.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,646 @@
+/* alock.c - access lock library */
+/* $OpenLDAP: pkg/ldap/servers/slapd/alock.c,v 1.2.2.5 2007/01/02 21:43:54 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004-2005 Symas Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Matthew Backes at Symas
+ * Corporation for inclusion in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#if SLAPD_BDB || SLAPD_HDB || SLAPD_LDBM
+
+#include "alock.h"
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/errno.h>
+#include <ac/assert.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/file.h>
+#include <fcntl.h>
+
+#ifdef _WIN32
+#include <stdio.h>
+#include <io.h>
+#include <sys/locking.h>
+#endif
+
+
+static int
+alock_grab_lock ( int fd, int slot )
+{
+ int res;
+
+#if defined( HAVE_LOCKF )
+ res = lseek (fd, (off_t) (ALOCK_SLOT_SIZE * slot), SEEK_SET);
+ if (res == -1) return -1;
+ res = lockf (fd, F_LOCK, (off_t) ALOCK_SLOT_SIZE);
+#elif defined( HAVE_FCNTL )
+ struct flock lock_info;
+ (void) memset ((void *) &lock_info, 0, sizeof (struct flock));
+
+ lock_info.l_type = F_WRLCK;
+ lock_info.l_whence = SEEK_SET;
+ lock_info.l_start = (off_t) (ALOCK_SLOT_SIZE * slot);
+ lock_info.l_len = (off_t) ALOCK_SLOT_SIZE;
+
+ res = fcntl (fd, F_SETLKW, &lock_info);
+#elif defined( _WIN32 )
+ if( _lseek( fd, (ALOCK_SLOT_SIZE * slot), SEEK_SET ) < 0 )
+ return -1;
+ /*
+ * _lock will try for the lock once per second, returning EDEADLOCK
+ * after ten tries. We just loop until we either get the lock
+ * or some other error is returned.
+ */
+ while((res = _locking( fd, _LK_LOCK, ALOCK_SLOT_SIZE )) < 0 ) {
+ if( errno != EDEADLOCK )
+ break;
+ }
+#else
+# error alock needs lockf, fcntl, or _locking
+#endif
+ if (res == -1) {
+ assert (errno != EDEADLK);
+ return -1;
+ }
+ return 0;
+}
+
+static int
+alock_release_lock ( int fd, int slot )
+{
+ int res;
+
+#if defined( HAVE_LOCKF )
+ res = lseek (fd, (off_t) (ALOCK_SLOT_SIZE * slot), SEEK_SET);
+ if (res == -1) return -1;
+ res = lockf (fd, F_ULOCK, (off_t) ALOCK_SLOT_SIZE);
+ if (res == -1) return -1;
+#elif defined ( HAVE_FCNTL )
+ struct flock lock_info;
+ (void) memset ((void *) &lock_info, 0, sizeof (struct flock));
+
+ lock_info.l_type = F_UNLCK;
+ lock_info.l_whence = SEEK_SET;
+ lock_info.l_start = (off_t) (ALOCK_SLOT_SIZE * slot);
+ lock_info.l_len = (off_t) ALOCK_SLOT_SIZE;
+
+ res = fcntl (fd, F_SETLKW, &lock_info);
+ if (res == -1) return -1;
+#elif defined( _WIN32 )
+ res = _lseek (fd, (ALOCK_SLOT_SIZE * slot), SEEK_SET);
+ if (res == -1) return -1;
+ res = _locking( fd, _LK_UNLCK, ALOCK_SLOT_SIZE );
+ if (res == -1) return -1;
+#else
+# error alock needs lockf, fcntl, or _locking
+#endif
+
+ return 0;
+}
+
+static int
+alock_test_lock ( int fd, int slot )
+{
+ int res;
+
+#if defined( HAVE_LOCKF )
+ res = lseek (fd, (off_t) (ALOCK_SLOT_SIZE * slot), SEEK_SET);
+ if (res == -1) return -1;
+
+ res = lockf (fd, F_TEST, (off_t) ALOCK_SLOT_SIZE);
+ if (res == -1) {
+ if (errno == EACCES || errno == EAGAIN) {
+ return ALOCK_LOCKED;
+ } else {
+ return -1;
+ }
+ }
+#elif defined( HAVE_FCNTL )
+ struct flock lock_info;
+ (void) memset ((void *) &lock_info, 0, sizeof (struct flock));
+
+ lock_info.l_type = F_WRLCK;
+ lock_info.l_whence = SEEK_SET;
+ lock_info.l_start = (off_t) (ALOCK_SLOT_SIZE * slot);
+ lock_info.l_len = (off_t) ALOCK_SLOT_SIZE;
+
+ res = fcntl (fd, F_GETLK, &lock_info);
+ if (res == -1) return -1;
+
+ if (lock_info.l_type != F_UNLCK) return ALOCK_LOCKED;
+#elif defined( _WIN32 )
+ res = _lseek (fd, (ALOCK_SLOT_SIZE * slot), SEEK_SET);
+ if (res == -1) return -1;
+ res = _locking( fd, _LK_NBLCK, ALOCK_SLOT_SIZE );
+ _locking( fd, _LK_UNLCK, ALOCK_SLOT_SIZE );
+ if (res == -1) {
+ if( errno == EACCES ) {
+ return ALOCK_LOCKED;
+ } else {
+ return -1;
+ }
+ }
+#else
+# error alock needs lockf, fcntl, or _locking
+#endif
+
+ return 0;
+}
+
+/* Read a 64bit LE value */
+static unsigned long int
+alock_read_iattr ( unsigned char * bufptr )
+{
+ unsigned long int val = 0;
+ int count;
+
+ assert (bufptr != NULL);
+
+ bufptr += sizeof (unsigned long int);
+ for (count=0; count <= sizeof (unsigned long int); ++count) {
+ val <<= 8;
+ val += (unsigned long int) *bufptr--;
+ }
+
+ return val;
+}
+
+/* Write a 64bit LE value */
+static void
+alock_write_iattr ( unsigned char * bufptr,
+ unsigned long int val )
+{
+ int count;
+
+ assert (bufptr != NULL);
+
+ for (count=0; count < 8; ++count) {
+ *bufptr++ = (unsigned char) (val & 0xff);
+ val >>= 8;
+ }
+}
+
+static int
+alock_read_slot ( alock_info_t * info,
+ alock_slot_t * slot_data )
+{
+ unsigned char slotbuf [ALOCK_SLOT_SIZE];
+ int res, size, size_total, err;
+
+ assert (info != NULL);
+ assert (slot_data != NULL);
+ assert (info->al_slot > 0);
+
+ res = lseek (info->al_fd,
+ (off_t) (ALOCK_SLOT_SIZE * info->al_slot),
+ SEEK_SET);
+ if (res == -1) return -1;
+
+ size_total = 0;
+ while (size_total < ALOCK_SLOT_SIZE) {
+ size = read (info->al_fd,
+ slotbuf + size_total,
+ ALOCK_SLOT_SIZE - size_total);
+ if (size == 0) return -1;
+ if (size < 0) {
+ err = errno;
+ if (err != EINTR && err != EAGAIN) return -1;
+ } else {
+ size_total += size;
+ }
+ }
+
+ if (alock_read_iattr (slotbuf) != ALOCK_MAGIC) {
+ return 1;
+ }
+ slot_data->al_lock = alock_read_iattr (slotbuf+8);
+ slot_data->al_stamp = alock_read_iattr (slotbuf+16);
+ slot_data->al_pid = alock_read_iattr (slotbuf+24);
+
+ if (slot_data->al_appname) free (slot_data->al_appname);
+ slot_data->al_appname = calloc (1, ALOCK_MAX_APPNAME);
+ strncpy (slot_data->al_appname, (char *)slotbuf+32, ALOCK_MAX_APPNAME-1);
+ (slot_data->al_appname) [ALOCK_MAX_APPNAME-1] = '\0';
+
+ return 0;
+}
+
+static int
+alock_write_slot ( alock_info_t * info,
+ alock_slot_t * slot_data )
+{
+ unsigned char slotbuf [ALOCK_SLOT_SIZE];
+ int res, size, size_total, err;
+
+ assert (info != NULL);
+ assert (slot_data != NULL);
+ assert (info->al_slot > 0);
+
+ (void) memset ((void *) slotbuf, 0, ALOCK_SLOT_SIZE);
+
+ alock_write_iattr (slotbuf, ALOCK_MAGIC);
+ assert (alock_read_iattr (slotbuf) == ALOCK_MAGIC);
+ alock_write_iattr (slotbuf+8, slot_data->al_lock);
+ alock_write_iattr (slotbuf+16, slot_data->al_stamp);
+ alock_write_iattr (slotbuf+24, slot_data->al_pid);
+
+ strncpy ((char *)slotbuf+32, slot_data->al_appname, ALOCK_MAX_APPNAME-1);
+ slotbuf[ALOCK_SLOT_SIZE-1] = '\0';
+
+ res = lseek (info->al_fd,
+ (off_t) (ALOCK_SLOT_SIZE * info->al_slot),
+ SEEK_SET);
+ if (res == -1) return -1;
+
+ size_total = 0;
+ while (size_total < ALOCK_SLOT_SIZE) {
+ size = write (info->al_fd,
+ slotbuf + size_total,
+ ALOCK_SLOT_SIZE - size_total);
+ if (size == 0) return -1;
+ if (size < 0) {
+ err = errno;
+ if (err != EINTR && err != EAGAIN) return -1;
+ } else {
+ size_total += size;
+ }
+ }
+
+ return 0;
+}
+
+static int
+alock_query_slot ( alock_info_t * info )
+{
+ int res, nosave;
+ alock_slot_t slot_data;
+
+ assert (info != NULL);
+ assert (info->al_slot > 0);
+
+ (void) memset ((void *) &slot_data, 0, sizeof (alock_slot_t));
+ alock_read_slot (info, &slot_data);
+
+ if (slot_data.al_appname != NULL) free (slot_data.al_appname);
+ slot_data.al_appname = NULL;
+
+ nosave = slot_data.al_lock & ALOCK_NOSAVE;
+
+ if ((slot_data.al_lock & ALOCK_SMASK) == ALOCK_UNLOCKED)
+ return slot_data.al_lock;
+
+ res = alock_test_lock (info->al_fd, info->al_slot);
+ if (res < 0) return -1;
+ if (res > 0) {
+ if ((slot_data.al_lock & ALOCK_SMASK) == ALOCK_UNIQUE) {
+ return slot_data.al_lock;
+ } else {
+ return ALOCK_LOCKED | nosave;
+ }
+ }
+
+ return ALOCK_DIRTY | nosave;
+}
+
+int
+alock_open ( alock_info_t * info,
+ const char * appname,
+ const char * envdir,
+ int locktype )
+{
+ struct stat statbuf;
+ alock_info_t scan_info;
+ alock_slot_t slot_data;
+ char * filename;
+ int res, max_slot;
+ int dirty_count, live_count, nosave;
+
+ assert (info != NULL);
+ assert (appname != NULL);
+ assert (envdir != NULL);
+ assert ((locktype & ALOCK_SMASK) >= 1 && (locktype & ALOCK_SMASK) <= 2);
+
+ slot_data.al_lock = locktype;
+ slot_data.al_stamp = time(NULL);
+ slot_data.al_pid = getpid();
+ slot_data.al_appname = calloc (1, ALOCK_MAX_APPNAME);
+ strncpy (slot_data.al_appname, appname, ALOCK_MAX_APPNAME-1);
+ slot_data.al_appname [ALOCK_MAX_APPNAME-1] = '\0';
+
+ filename = calloc (1, strlen (envdir) + strlen ("/alock") + 1);
+ strcpy (filename, envdir);
+ strcat (filename, "/alock");
+ info->al_fd = open (filename, O_CREAT|O_RDWR, 0666);
+ free (filename);
+ if (info->al_fd < 0) {
+ free (slot_data.al_appname);
+ return ALOCK_UNSTABLE;
+ }
+ info->al_slot = 0;
+
+ res = alock_grab_lock (info->al_fd, 0);
+ if (res == -1) {
+ close (info->al_fd);
+ free (slot_data.al_appname);
+ return ALOCK_UNSTABLE;
+ }
+
+ res = fstat (info->al_fd, &statbuf);
+ if (res == -1) {
+ close (info->al_fd);
+ free (slot_data.al_appname);
+ return ALOCK_UNSTABLE;
+ }
+
+ max_slot = (statbuf.st_size + ALOCK_SLOT_SIZE - 1) / ALOCK_SLOT_SIZE;
+ dirty_count = 0;
+ live_count = 0;
+ nosave = 0;
+ scan_info.al_fd = info->al_fd;
+ for (scan_info.al_slot = 1;
+ scan_info.al_slot < max_slot;
+ ++ scan_info.al_slot) {
+ if (scan_info.al_slot != info->al_slot) {
+ res = alock_query_slot (&scan_info);
+
+ if (res & ALOCK_NOSAVE) {
+ nosave = ALOCK_NOSAVE;
+ res ^= ALOCK_NOSAVE;
+ }
+ if (res == ALOCK_UNLOCKED
+ && info->al_slot == 0) {
+ info->al_slot = scan_info.al_slot;
+
+ } else if (res == ALOCK_LOCKED) {
+ ++live_count;
+
+ } else if (res == ALOCK_UNIQUE
+ && locktype == ALOCK_UNIQUE) {
+ close (info->al_fd);
+ free (slot_data.al_appname);
+ return ALOCK_BUSY;
+
+ } else if (res == ALOCK_DIRTY) {
+ ++dirty_count;
+
+ } else if (res == -1) {
+ close (info->al_fd);
+ free (slot_data.al_appname);
+ return ALOCK_UNSTABLE;
+
+ }
+ }
+ }
+
+ if (dirty_count && live_count) {
+ close (info->al_fd);
+ free (slot_data.al_appname);
+ return ALOCK_UNSTABLE;
+ }
+
+ if (info->al_slot == 0) info->al_slot = max_slot + 1;
+ res = alock_grab_lock (info->al_fd,
+ info->al_slot);
+ if (res == -1) {
+ close (info->al_fd);
+ free (slot_data.al_appname);
+ return ALOCK_UNSTABLE;
+ }
+ res = alock_write_slot (info, &slot_data);
+ free (slot_data.al_appname);
+ if (res == -1) {
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+ }
+
+ res = alock_release_lock (info->al_fd, 0);
+ if (res == -1) {
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+ }
+
+ if (dirty_count) return ALOCK_RECOVER | nosave;
+ return ALOCK_CLEAN | nosave;
+}
+
+int
+alock_scan ( alock_info_t * info )
+{
+ struct stat statbuf;
+ alock_info_t scan_info;
+ int res, max_slot;
+ int dirty_count, live_count, nosave;
+
+ assert (info != NULL);
+
+ scan_info.al_fd = info->al_fd;
+
+ res = alock_grab_lock (info->al_fd, 0);
+ if (res == -1) {
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+ }
+
+ res = fstat (info->al_fd, &statbuf);
+ if (res == -1) {
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+ }
+
+ max_slot = (statbuf.st_size + ALOCK_SLOT_SIZE - 1) / ALOCK_SLOT_SIZE;
+ dirty_count = 0;
+ live_count = 0;
+ nosave = 0;
+ for (scan_info.al_slot = 1;
+ scan_info.al_slot < max_slot;
+ ++ scan_info.al_slot) {
+ if (scan_info.al_slot != info->al_slot) {
+ res = alock_query_slot (&scan_info);
+
+ if (res & ALOCK_NOSAVE) {
+ nosave = ALOCK_NOSAVE;
+ res ^= ALOCK_NOSAVE;
+ }
+
+ if (res == ALOCK_LOCKED) {
+ ++live_count;
+
+ } else if (res == ALOCK_DIRTY) {
+ ++dirty_count;
+
+ } else if (res == -1) {
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+
+ }
+ }
+ }
+
+ res = alock_release_lock (info->al_fd, 0);
+ if (res == -1) {
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+ }
+
+ if (dirty_count) {
+ if (live_count) {
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+ } else {
+ return ALOCK_RECOVER | nosave;
+ }
+ }
+
+ return ALOCK_CLEAN | nosave;
+}
+
+int
+alock_close ( alock_info_t * info )
+{
+ alock_slot_t slot_data;
+ int res;
+
+ if ( !info->al_slot )
+ return ALOCK_CLEAN;
+
+ (void) memset ((void *) &slot_data, 0, sizeof(alock_slot_t));
+
+ res = alock_grab_lock (info->al_fd, 0);
+ if (res == -1) {
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+ }
+
+ /* mark our slot as clean */
+ res = alock_read_slot (info, &slot_data);
+ if (res == -1) {
+ close (info->al_fd);
+ if (slot_data.al_appname != NULL)
+ free (slot_data.al_appname);
+ return ALOCK_UNSTABLE;
+ }
+ slot_data.al_lock = ALOCK_UNLOCKED | (slot_data.al_lock & ALOCK_NOSAVE);
+ res = alock_write_slot (info, &slot_data);
+ if (res == -1) {
+ close (info->al_fd);
+ if (slot_data.al_appname != NULL)
+ free (slot_data.al_appname);
+ return ALOCK_UNSTABLE;
+ }
+ if (slot_data.al_appname != NULL) {
+ free (slot_data.al_appname);
+ slot_data.al_appname = NULL;
+ }
+
+ res = alock_release_lock (info->al_fd, info->al_slot);
+ if (res == -1) {
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+ }
+ res = alock_release_lock (info->al_fd, 0);
+ if (res == -1) {
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+ }
+
+ res = close (info->al_fd);
+ if (res == -1) return ALOCK_UNSTABLE;
+
+ return ALOCK_CLEAN;
+}
+
+int
+alock_recover ( alock_info_t * info )
+{
+ struct stat statbuf;
+ alock_slot_t slot_data;
+ alock_info_t scan_info;
+ int res, max_slot;
+
+ assert (info != NULL);
+
+ scan_info.al_fd = info->al_fd;
+
+ (void) memset ((void *) &slot_data, 0, sizeof(alock_slot_t));
+
+ res = alock_grab_lock (info->al_fd, 0);
+ if (res == -1) {
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+ }
+
+ res = fstat (info->al_fd, &statbuf);
+ if (res == -1) {
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+ }
+
+ max_slot = (statbuf.st_size + ALOCK_SLOT_SIZE - 1) / ALOCK_SLOT_SIZE;
+ for (scan_info.al_slot = 1;
+ scan_info.al_slot < max_slot;
+ ++ scan_info.al_slot) {
+ if (scan_info.al_slot != info->al_slot) {
+ res = alock_query_slot (&scan_info) & ~ALOCK_NOSAVE;
+
+ if (res == ALOCK_LOCKED
+ || res == ALOCK_UNIQUE) {
+ /* recovery attempt on an active db? */
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+
+ } else if (res == ALOCK_DIRTY) {
+ /* mark it clean */
+ res = alock_read_slot (&scan_info, &slot_data);
+ if (res == -1) {
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+ }
+ slot_data.al_lock = ALOCK_UNLOCKED;
+ res = alock_write_slot (&scan_info, &slot_data);
+ if (res == -1) {
+ close (info->al_fd);
+ if (slot_data.al_appname != NULL)
+ free (slot_data.al_appname);
+ return ALOCK_UNSTABLE;
+ }
+ if (slot_data.al_appname != NULL) {
+ free (slot_data.al_appname);
+ slot_data.al_appname = NULL;
+ }
+
+ } else if (res == -1) {
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+
+ }
+ }
+ }
+
+ res = alock_release_lock (info->al_fd, 0);
+ if (res == -1) {
+ close (info->al_fd);
+ return ALOCK_UNSTABLE;
+ }
+
+ return ALOCK_CLEAN;
+}
+
+#endif /* SLAPD_BDB || SLAPD_HDB */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/alock.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/alock.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/alock.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,74 @@
+/* alock.h - access lock header */
+/* $OpenLDAP: pkg/ldap/servers/slapd/alock.h,v 1.1.2.4 2007/01/02 21:43:54 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004-2005 Symas Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Matthew Backes at Symas
+ * Corporation for inclusion in OpenLDAP Software.
+ */
+
+#ifndef _ALOCK_H_
+#define _ALOCK_H_
+
+#include "portable.h"
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+/* environment states (all the slots together) */
+#define ALOCK_CLEAN (0)
+#define ALOCK_RECOVER (1)
+#define ALOCK_BUSY (2)
+#define ALOCK_UNSTABLE (3)
+
+/* lock user types and states */
+#define ALOCK_UNLOCKED (0)
+#define ALOCK_LOCKED (1)
+#define ALOCK_UNIQUE (2)
+#define ALOCK_DIRTY (3)
+
+#define ALOCK_SMASK 3
+
+/* lock/state where recovery is not available */
+#define ALOCK_NOSAVE 4
+
+/* constants */
+#define ALOCK_SLOT_SIZE (1024)
+#define ALOCK_SLOT_IATTRS (4)
+#define ALOCK_MAX_APPNAME (ALOCK_SLOT_SIZE - 8 * ALOCK_SLOT_IATTRS)
+#define ALOCK_MAGIC (0x12345678)
+
+LDAP_BEGIN_DECL
+
+typedef struct alock_info {
+ int al_fd;
+ int al_slot;
+} alock_info_t;
+
+typedef struct alock_slot {
+ unsigned int al_lock;
+ time_t al_stamp;
+ pid_t al_pid;
+ char * al_appname;
+} alock_slot_t;
+
+LDAP_SLAPD_F (int) alock_open LDAP_P(( alock_info_t * info, const char * appname,
+ const char * envdir, int locktype ));
+LDAP_SLAPD_F (int) alock_scan LDAP_P(( alock_info_t * info ));
+LDAP_SLAPD_F (int) alock_close LDAP_P(( alock_info_t * info ));
+LDAP_SLAPD_F (int) alock_recover LDAP_P(( alock_info_t * info ));
+
+LDAP_END_DECL
+
+#endif
Added: openldap/vendor/openldap-2.3.35/servers/slapd/at.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/at.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/at.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,893 @@
+/* at.c - routines for dealing with attribute types */
+/* $OpenLDAP: pkg/ldap/servers/slapd/at.c,v 1.62.2.10 2007/01/02 21:43:54 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "slap.h"
+
+
+int is_at_syntax(
+ AttributeType *at,
+ const char *oid )
+{
+ for( ; at != NULL; at = at->sat_sup ) {
+ if( at->sat_syntax_oid ) {
+ return ( strcmp( at->sat_syntax_oid, oid ) == 0 );
+ }
+ }
+
+ return 0;
+}
+
+int is_at_subtype(
+ AttributeType *sub,
+ AttributeType *sup )
+{
+ for( ; sub != NULL; sub = sub->sat_sup ) {
+ if( sub == sup ) return 1;
+ }
+
+ return 0;
+}
+
+struct aindexrec {
+ struct berval air_name;
+ AttributeType *air_at;
+};
+
+static Avlnode *attr_index = NULL;
+static Avlnode *attr_cache = NULL;
+static LDAP_STAILQ_HEAD(ATList, slap_attribute_type) attr_list
+ = LDAP_STAILQ_HEAD_INITIALIZER(attr_list);
+
+int at_oc_cache;
+
+static int
+attr_index_cmp(
+ const void *v_air1,
+ const void *v_air2 )
+{
+ const struct aindexrec *air1 = v_air1;
+ const struct aindexrec *air2 = v_air2;
+ int i = air1->air_name.bv_len - air2->air_name.bv_len;
+ if (i) return i;
+ return (strcasecmp( air1->air_name.bv_val, air2->air_name.bv_val ));
+}
+
+static int
+attr_index_name_cmp(
+ const void *v_type,
+ const void *v_air )
+{
+ const struct berval *type = v_type;
+ const struct aindexrec *air = v_air;
+ int i = type->bv_len - air->air_name.bv_len;
+ if (i) return i;
+ return (strncasecmp( type->bv_val, air->air_name.bv_val, type->bv_len ));
+}
+
+AttributeType *
+at_find( const char *name )
+{
+ struct berval bv;
+
+ bv.bv_val = (char *)name;
+ bv.bv_len = strlen( name );
+
+ return at_bvfind( &bv );
+}
+
+AttributeType *
+at_bvfind( struct berval *name )
+{
+ struct aindexrec *air;
+
+ if ( attr_cache ) {
+ air = avl_find( attr_cache, name, attr_index_name_cmp );
+ if ( air ) return air->air_at;
+ }
+
+ air = avl_find( attr_index, name, attr_index_name_cmp );
+
+ if ( air && ( slapMode & SLAP_TOOL_MODE ) && at_oc_cache ) {
+ avl_insert( &attr_cache, (caddr_t) air,
+ attr_index_cmp, avl_dup_error );
+ }
+
+ return air != NULL ? air->air_at : NULL;
+}
+
+int
+at_append_to_list(
+ AttributeType *sat,
+ AttributeType ***listp )
+{
+ AttributeType **list;
+ AttributeType **list1;
+ int size;
+
+ list = *listp;
+ if ( !list ) {
+ size = 2;
+ list = ch_calloc(size, sizeof(AttributeType *));
+ if ( !list ) {
+ return -1;
+ }
+ } else {
+ size = 0;
+ list1 = *listp;
+ while ( *list1 ) {
+ size++;
+ list1++;
+ }
+ size += 2;
+ list1 = ch_realloc(list, size*sizeof(AttributeType *));
+ if ( !list1 ) {
+ return -1;
+ }
+ list = list1;
+ }
+ list[size-2] = sat;
+ list[size-1] = NULL;
+ *listp = list;
+ return 0;
+}
+
+int
+at_delete_from_list(
+ int pos,
+ AttributeType ***listp )
+{
+ AttributeType **list;
+ AttributeType **list1;
+ int i;
+ int j;
+
+ if ( pos < 0 ) {
+ return -2;
+ }
+ list = *listp;
+ for ( i=0; list[i]; i++ )
+ ;
+ if ( pos >= i ) {
+ return -2;
+ }
+ for ( i=pos, j=pos+1; list[j]; i++, j++ ) {
+ list[i] = list[j];
+ }
+ list[i] = NULL;
+ /* Tell the runtime this can be shrinked */
+ list1 = ch_realloc(list, (i+1)*sizeof(AttributeType **));
+ if ( !list1 ) {
+ return -1;
+ }
+ *listp = list1;
+ return 0;
+}
+
+int
+at_find_in_list(
+ AttributeType *sat,
+ AttributeType **list )
+{
+ int i;
+
+ if ( !list ) {
+ return -1;
+ }
+ for ( i=0; list[i]; i++ ) {
+ if ( sat == list[i] ) {
+ return i;
+ }
+ }
+ return -1;
+}
+
+void
+at_destroy( void )
+{
+ AttributeType *a;
+ avl_free(attr_index, ldap_memfree);
+
+ while( !LDAP_STAILQ_EMPTY(&attr_list) ) {
+ a = LDAP_STAILQ_FIRST(&attr_list);
+ LDAP_STAILQ_REMOVE_HEAD(&attr_list, sat_next);
+
+ if ( a->sat_equality ) {
+ MatchingRule *mr;
+
+ mr = mr_find( a->sat_equality->smr_oid );
+ assert( mr != NULL );
+ if ( mr != a->sat_equality ) {
+ ch_free( a->sat_equality );
+ a->sat_equality = NULL;
+ }
+ }
+
+ assert( a->sat_syntax != NULL );
+ if ( a->sat_syntax != NULL ) {
+ Syntax *syn;
+
+ syn = syn_find( a->sat_syntax->ssyn_oid );
+ assert( syn != NULL );
+ if ( syn != a->sat_syntax ) {
+ ch_free( a->sat_syntax );
+ a->sat_syntax = NULL;
+ }
+ }
+
+ if ( a->sat_oidmacro ) ldap_memfree( a->sat_oidmacro );
+ if ( a->sat_subtypes ) ldap_memfree( a->sat_subtypes );
+ ad_destroy(a->sat_ad);
+ ldap_pvt_thread_mutex_destroy(&a->sat_ad_mutex);
+ ldap_attributetype_free((LDAPAttributeType *)a);
+ }
+
+ if ( slap_schema.si_at_undefined ) {
+ ad_destroy(slap_schema.si_at_undefined->sat_ad);
+ }
+
+ if ( slap_schema.si_at_proxied ) {
+ ad_destroy(slap_schema.si_at_proxied->sat_ad);
+ }
+}
+
+int
+at_start( AttributeType **at )
+{
+ assert( at != NULL );
+
+ *at = LDAP_STAILQ_FIRST(&attr_list);
+
+ return (*at != NULL);
+}
+
+int
+at_next( AttributeType **at )
+{
+ assert( at != NULL );
+
+#if 1 /* pedantic check */
+ {
+ AttributeType *tmp = NULL;
+
+ LDAP_STAILQ_FOREACH(tmp,&attr_list,sat_next) {
+ if ( tmp == *at ) {
+ break;
+ }
+ }
+
+ assert( tmp != NULL );
+ }
+#endif
+
+ *at = LDAP_STAILQ_NEXT(*at,sat_next);
+
+ return (*at != NULL);
+}
+
+/*
+ * check whether the two attributeTypes actually __are__ identical,
+ * or rather inconsistent
+ */
+static int
+at_check_dup(
+ AttributeType *sat,
+ AttributeType *new_sat )
+{
+ if ( new_sat->sat_oid != NULL ) {
+ if ( sat->sat_oid == NULL ) {
+ return SLAP_SCHERR_ATTR_INCONSISTENT;
+ }
+
+ if ( strcmp( sat->sat_oid, new_sat->sat_oid ) != 0 ) {
+ return SLAP_SCHERR_ATTR_INCONSISTENT;
+ }
+
+ } else {
+ if ( sat->sat_oid != NULL ) {
+ return SLAP_SCHERR_ATTR_INCONSISTENT;
+ }
+ }
+
+ if ( new_sat->sat_names ) {
+ int i;
+
+ if ( sat->sat_names == NULL ) {
+ return SLAP_SCHERR_ATTR_INCONSISTENT;
+ }
+
+ for ( i = 0; new_sat->sat_names[ i ]; i++ ) {
+ if ( sat->sat_names[ i ] == NULL ) {
+ return SLAP_SCHERR_ATTR_INCONSISTENT;
+ }
+
+ if ( strcasecmp( sat->sat_names[ i ],
+ new_sat->sat_names[ i ] ) != 0 )
+ {
+ return SLAP_SCHERR_ATTR_INCONSISTENT;
+ }
+ }
+ } else {
+ if ( sat->sat_names != NULL ) {
+ return SLAP_SCHERR_ATTR_INCONSISTENT;
+ }
+ }
+
+ return SLAP_SCHERR_ATTR_DUP;
+}
+
+
+static int
+at_insert(
+ AttributeType *sat,
+ const char **err )
+{
+ struct aindexrec *air;
+ char **names = NULL;
+
+
+ if ( sat->sat_oid ) {
+ air = (struct aindexrec *)
+ ch_calloc( 1, sizeof(struct aindexrec) );
+ ber_str2bv( sat->sat_oid, 0, 0, &air->air_name );
+ air->air_at = sat;
+ if ( avl_insert( &attr_index, (caddr_t) air,
+ attr_index_cmp, avl_dup_error ) )
+ {
+ AttributeType *old_sat;
+ int rc;
+
+ *err = sat->sat_oid;
+
+ old_sat = at_bvfind( &air->air_name );
+ assert( old_sat != NULL );
+ rc = at_check_dup( old_sat, sat );
+
+ ldap_memfree( air );
+
+ return rc;
+ }
+ /* FIX: temporal consistency check */
+ at_bvfind( &air->air_name );
+ }
+
+ names = sat->sat_names;
+ if ( names ) {
+ while ( *names ) {
+ air = (struct aindexrec *)
+ ch_calloc( 1, sizeof(struct aindexrec) );
+ ber_str2bv( *names, 0, 0, &air->air_name );
+ air->air_at = sat;
+ if ( avl_insert( &attr_index, (caddr_t) air,
+ attr_index_cmp, avl_dup_error ) )
+ {
+ AttributeType *old_sat;
+ int rc;
+
+ *err = *names;
+
+ old_sat = at_bvfind( &air->air_name );
+ assert( old_sat != NULL );
+ rc = at_check_dup( old_sat, sat );
+
+ ldap_memfree(air);
+
+ while ( names > sat->sat_names ) {
+ struct aindexrec tmpair;
+
+ names--;
+ ber_str2bv( *names, 0, 0, &tmpair.air_name );
+ tmpair.air_at = sat;
+ air = (struct aindexrec *)avl_delete( &attr_index,
+ (caddr_t)&tmpair, attr_index_cmp );
+ assert( air != NULL );
+ ldap_memfree( air );
+ }
+
+ if ( sat->sat_oid ) {
+ struct aindexrec tmpair;
+
+ ber_str2bv( sat->sat_oid, 0, 0, &tmpair.air_name );
+ tmpair.air_at = sat;
+ air = (struct aindexrec *)avl_delete( &attr_index,
+ (caddr_t)&tmpair, attr_index_cmp );
+ assert( air != NULL );
+ ldap_memfree( air );
+ }
+
+ return rc;
+ }
+ /* FIX: temporal consistency check */
+ at_bvfind(&air->air_name);
+ names++;
+ }
+ }
+
+ if ( sat->sat_oid ) {
+ slap_ad_undef_promote( sat->sat_oid, sat );
+ }
+
+ names = sat->sat_names;
+ if ( names ) {
+ while ( *names ) {
+ slap_ad_undef_promote( *names, sat );
+ names++;
+ }
+ }
+
+ LDAP_STAILQ_INSERT_TAIL( &attr_list, sat, sat_next );
+
+ return 0;
+}
+
+int
+at_add(
+ LDAPAttributeType *at,
+ int user,
+ AttributeType **rsat,
+ const char **err )
+{
+ AttributeType *sat = NULL;
+ MatchingRule *mr = NULL;
+ Syntax *syn = NULL;
+ int i;
+ int code = LDAP_SUCCESS;
+ char *cname = NULL;
+ char *oidm = NULL;
+
+ if ( !OID_LEADCHAR( at->at_oid[0] )) {
+ char *oid;
+
+ /* Expand OID macros */
+ oid = oidm_find( at->at_oid );
+ if ( !oid ) {
+ *err = at->at_oid;
+ return SLAP_SCHERR_OIDM;
+ }
+ if ( oid != at->at_oid ) {
+ oidm = at->at_oid;
+ at->at_oid = oid;
+ }
+ }
+
+ if ( at->at_syntax_oid && !OID_LEADCHAR( at->at_syntax_oid[0] )) {
+ char *oid;
+
+ /* Expand OID macros */
+ oid = oidm_find( at->at_syntax_oid );
+ if ( !oid ) {
+ *err = at->at_syntax_oid;
+ code = SLAP_SCHERR_OIDM;
+ goto error_return;
+ }
+ if ( oid != at->at_syntax_oid ) {
+ ldap_memfree( at->at_syntax_oid );
+ at->at_syntax_oid = oid;
+ }
+ }
+
+ if ( at->at_names && at->at_names[0] ) {
+ int i;
+
+ for( i=0; at->at_names[i]; i++ ) {
+ if( !slap_valid_descr( at->at_names[i] ) ) {
+ *err = at->at_names[i];
+ code = SLAP_SCHERR_BAD_DESCR;
+ goto error_return;
+ }
+ }
+
+ cname = at->at_names[0];
+
+ } else if ( at->at_oid ) {
+ cname = at->at_oid;
+
+ } else {
+ *err = "";
+ code = SLAP_SCHERR_ATTR_INCOMPLETE;
+ goto error_return;
+ }
+
+ *err = cname;
+
+ if ( !at->at_usage && at->at_no_user_mod ) {
+ /* user attribute must be modifable */
+ code = SLAP_SCHERR_ATTR_BAD_USAGE;
+ goto error_return;
+ }
+
+ if ( at->at_collective ) {
+ if( at->at_usage ) {
+ /* collective attributes cannot be operational */
+ code = SLAP_SCHERR_ATTR_BAD_USAGE;
+ goto error_return;
+ }
+
+ if( at->at_single_value ) {
+ /* collective attributes cannot be single-valued */
+ code = SLAP_SCHERR_ATTR_BAD_USAGE;
+ goto error_return;
+ }
+ }
+
+ sat = (AttributeType *) ch_calloc( 1, sizeof(AttributeType) );
+ AC_MEMCPY( &sat->sat_atype, at, sizeof(LDAPAttributeType));
+
+ sat->sat_cname.bv_val = cname;
+ sat->sat_cname.bv_len = strlen( cname );
+ sat->sat_oidmacro = oidm;
+ ldap_pvt_thread_mutex_init(&sat->sat_ad_mutex);
+
+ if ( at->at_sup_oid ) {
+ AttributeType *supsat = at_find(at->at_sup_oid);
+
+ if ( supsat == NULL ) {
+ *err = at->at_sup_oid;
+ code = SLAP_SCHERR_ATTR_NOT_FOUND;
+ goto error_return;
+ }
+
+ sat->sat_sup = supsat;
+
+ if ( at_append_to_list(sat, &supsat->sat_subtypes) ) {
+ code = SLAP_SCHERR_OUTOFMEM;
+ goto error_return;
+ }
+
+ if ( sat->sat_usage != supsat->sat_usage ) {
+ /* subtypes must have same usage as their SUP */
+ code = SLAP_SCHERR_ATTR_BAD_USAGE;
+ goto error_return;
+ }
+
+ if ( supsat->sat_obsolete && !sat->sat_obsolete ) {
+ /* subtypes must be obsolete if super is */
+ code = SLAP_SCHERR_ATTR_BAD_SUP;
+ goto error_return;
+ }
+
+ if ( sat->sat_flags & SLAP_AT_FINAL ) {
+ /* cannot subtype a "final" attribute type */
+ code = SLAP_SCHERR_ATTR_BAD_SUP;
+ goto error_return;
+ }
+ }
+
+ /*
+ * Inherit definitions from superiors. We only check the
+ * direct superior since that one has already inherited from
+ * its own superiorss
+ */
+ if ( sat->sat_sup ) {
+ sat->sat_syntax = sat->sat_sup->sat_syntax;
+ sat->sat_equality = sat->sat_sup->sat_equality;
+ sat->sat_approx = sat->sat_sup->sat_approx;
+ sat->sat_ordering = sat->sat_sup->sat_ordering;
+ sat->sat_substr = sat->sat_sup->sat_substr;
+ }
+
+ /*
+ * check for X-ORDERED attributes
+ */
+ if ( sat->sat_extensions ) {
+ for (i=0; sat->sat_extensions[i]; i++) {
+ if (!strcasecmp( sat->sat_extensions[i]->lsei_name,
+ "X-ORDERED" ) && sat->sat_extensions[i]->lsei_values ) {
+ if ( !strcasecmp( sat->sat_extensions[i]->lsei_values[0],
+ "VALUES" )) {
+ sat->sat_flags |= SLAP_AT_ORDERED_VAL;
+ break;
+ } else if ( !strcasecmp( sat->sat_extensions[i]->lsei_values[0],
+ "SIBLINGS" )) {
+ sat->sat_flags |= SLAP_AT_ORDERED_SIB;
+ break;
+ }
+ }
+ }
+ }
+
+ if ( !user )
+ sat->sat_flags |= SLAP_AT_HARDCODE;
+
+ if ( at->at_syntax_oid ) {
+ syn = syn_find(sat->sat_syntax_oid);
+ if ( syn == NULL ) {
+ *err = sat->sat_syntax_oid;
+ code = SLAP_SCHERR_SYN_NOT_FOUND;
+ goto error_return;
+ }
+
+ if( sat->sat_syntax != NULL && sat->sat_syntax != syn ) {
+ code = SLAP_SCHERR_ATTR_BAD_SUP;
+ goto error_return;
+ }
+
+ sat->sat_syntax = syn;
+
+ } else if ( sat->sat_syntax == NULL ) {
+ code = SLAP_SCHERR_ATTR_INCOMPLETE;
+ goto error_return;
+ }
+
+ if ( sat->sat_equality_oid ) {
+ mr = mr_find(sat->sat_equality_oid);
+
+ if( mr == NULL ) {
+ *err = sat->sat_equality_oid;
+ code = SLAP_SCHERR_MR_NOT_FOUND;
+ goto error_return;
+ }
+
+ if(( mr->smr_usage & SLAP_MR_EQUALITY ) != SLAP_MR_EQUALITY ) {
+ *err = sat->sat_equality_oid;
+ code = SLAP_SCHERR_ATTR_BAD_MR;
+ goto error_return;
+ }
+
+ if( sat->sat_syntax != mr->smr_syntax ) {
+ if( mr->smr_compat_syntaxes == NULL ) {
+ *err = sat->sat_equality_oid;
+ code = SLAP_SCHERR_ATTR_BAD_MR;
+ goto error_return;
+ }
+
+ for(i=0; mr->smr_compat_syntaxes[i]; i++) {
+ if( sat->sat_syntax == mr->smr_compat_syntaxes[i] ) {
+ i = -1;
+ break;
+ }
+ }
+
+ if( i >= 0 ) {
+ *err = sat->sat_equality_oid;
+ code = SLAP_SCHERR_ATTR_BAD_MR;
+ goto error_return;
+ }
+ }
+
+ sat->sat_equality = mr;
+ sat->sat_approx = mr->smr_associated;
+ }
+
+ if ( sat->sat_ordering_oid ) {
+ if( !sat->sat_equality ) {
+ *err = sat->sat_ordering_oid;
+ code = SLAP_SCHERR_ATTR_BAD_MR;
+ goto error_return;
+ }
+
+ mr = mr_find(sat->sat_ordering_oid);
+
+ if( mr == NULL ) {
+ *err = sat->sat_ordering_oid;
+ code = SLAP_SCHERR_MR_NOT_FOUND;
+ goto error_return;
+ }
+
+ if(( mr->smr_usage & SLAP_MR_ORDERING ) != SLAP_MR_ORDERING ) {
+ *err = sat->sat_ordering_oid;
+ code = SLAP_SCHERR_ATTR_BAD_MR;
+ goto error_return;
+ }
+
+ if( sat->sat_syntax != mr->smr_syntax ) {
+ if( mr->smr_compat_syntaxes == NULL ) {
+ *err = sat->sat_ordering_oid;
+ code = SLAP_SCHERR_ATTR_BAD_MR;
+ goto error_return;
+ }
+
+ for(i=0; mr->smr_compat_syntaxes[i]; i++) {
+ if( sat->sat_syntax == mr->smr_compat_syntaxes[i] ) {
+ i = -1;
+ break;
+ }
+ }
+
+ if( i >= 0 ) {
+ *err = sat->sat_ordering_oid;
+ code = SLAP_SCHERR_ATTR_BAD_MR;
+ goto error_return;
+ }
+ }
+
+ sat->sat_ordering = mr;
+ }
+
+ if ( sat->sat_substr_oid ) {
+ if( !sat->sat_equality ) {
+ *err = sat->sat_substr_oid;
+ code = SLAP_SCHERR_ATTR_BAD_MR;
+ goto error_return;
+ }
+
+ mr = mr_find(sat->sat_substr_oid);
+
+ if( mr == NULL ) {
+ *err = sat->sat_substr_oid;
+ code = SLAP_SCHERR_MR_NOT_FOUND;
+ goto error_return;
+ }
+
+ if(( mr->smr_usage & SLAP_MR_SUBSTR ) != SLAP_MR_SUBSTR ) {
+ *err = sat->sat_substr_oid;
+ code = SLAP_SCHERR_ATTR_BAD_MR;
+ goto error_return;
+ }
+
+ /* due to funky LDAP builtin substring rules,
+ * we check against the equality rule assertion
+ * syntax and compat syntaxes instead of those
+ * associated with the substrings rule.
+ */
+ if( sat->sat_syntax != sat->sat_equality->smr_syntax ) {
+ if( sat->sat_equality->smr_compat_syntaxes == NULL ) {
+ *err = sat->sat_substr_oid;
+ code = SLAP_SCHERR_ATTR_BAD_MR;
+ goto error_return;
+ }
+
+ for(i=0; sat->sat_equality->smr_compat_syntaxes[i]; i++) {
+ if( sat->sat_syntax ==
+ sat->sat_equality->smr_compat_syntaxes[i] )
+ {
+ i = -1;
+ break;
+ }
+ }
+
+ if( i >= 0 ) {
+ *err = sat->sat_substr_oid;
+ code = SLAP_SCHERR_ATTR_BAD_MR;
+ goto error_return;
+ }
+ }
+
+ sat->sat_substr = mr;
+ }
+
+ code = at_insert( sat, err );
+ if ( code != 0 ) {
+error_return:;
+ if ( sat ) {
+ ldap_pvt_thread_mutex_destroy( &sat->sat_ad_mutex );
+ ch_free( sat );
+ }
+
+ if ( oidm ) {
+ SLAP_FREE( at->at_oid );
+ at->at_oid = oidm;
+ }
+
+ } else if ( rsat ) {
+ *rsat = sat;
+ }
+
+ return code;
+}
+
+#ifdef LDAP_DEBUG
+#ifdef SLAPD_UNUSED
+static int
+at_index_printnode( void *v_air, void *ignore )
+{
+ struct aindexrec *air = v_air;
+ printf("%s = %s\n",
+ air->air_name.bv_val,
+ ldap_attributetype2str(&air->air_at->sat_atype) );
+ return( 0 );
+}
+
+static void
+at_index_print( void )
+{
+ printf("Printing attribute type index:\n");
+ (void) avl_apply( attr_index, at_index_printnode, 0, -1, AVL_INORDER );
+}
+#endif
+#endif
+
+void
+at_unparse( BerVarray *res, AttributeType *start, AttributeType *end, int sys )
+{
+ AttributeType *at;
+ int i, num;
+ struct berval bv, *bva = NULL, idx;
+ char ibuf[32];
+
+ if ( !start )
+ start = LDAP_STAILQ_FIRST( &attr_list );
+
+ /* count the result size */
+ i = 0;
+ for ( at=start; at; at=LDAP_STAILQ_NEXT(at, sat_next)) {
+ if ( sys && !(at->sat_flags & SLAP_AT_HARDCODE)) continue;
+ i++;
+ if ( at == end ) break;
+ }
+ if (!i) return;
+
+ num = i;
+ bva = ch_malloc( (num+1) * sizeof(struct berval) );
+ BER_BVZERO( bva );
+ idx.bv_val = ibuf;
+ if ( sys ) {
+ idx.bv_len = 0;
+ ibuf[0] = '\0';
+ }
+ i = 0;
+ for ( at=start; at; at=LDAP_STAILQ_NEXT(at, sat_next)) {
+ LDAPAttributeType lat, *latp;
+ if ( sys && !(at->sat_flags & SLAP_AT_HARDCODE)) continue;
+ if ( at->sat_oidmacro ) {
+ lat = at->sat_atype;
+ lat.at_oid = at->sat_oidmacro;
+ latp = ⪫
+ } else {
+ latp = &at->sat_atype;
+ }
+ if ( ldap_attributetype2bv( latp, &bv ) == NULL ) {
+ ber_bvarray_free( bva );
+ }
+ if ( !sys ) {
+ idx.bv_len = sprintf(idx.bv_val, "{%d}", i);
+ }
+ bva[i].bv_len = idx.bv_len + bv.bv_len;
+ bva[i].bv_val = ch_malloc( bva[i].bv_len + 1 );
+ strcpy( bva[i].bv_val, ibuf );
+ strcpy( bva[i].bv_val + idx.bv_len, bv.bv_val );
+ i++;
+ bva[i].bv_val = NULL;
+ ldap_memfree( bv.bv_val );
+ if ( at == end ) break;
+ }
+ *res = bva;
+}
+
+int
+at_schema_info( Entry *e )
+{
+ AttributeDescription *ad_attributeTypes = slap_schema.si_ad_attributeTypes;
+ AttributeType *at;
+ struct berval val;
+ struct berval nval;
+
+ LDAP_STAILQ_FOREACH(at,&attr_list,sat_next) {
+ if( at->sat_flags & SLAP_AT_HIDE ) continue;
+
+ if ( ldap_attributetype2bv( &at->sat_atype, &val ) == NULL ) {
+ return -1;
+ }
+
+ ber_str2bv( at->sat_oid, 0, 0, &nval );
+
+ if( attr_merge_one( e, ad_attributeTypes, &val, &nval ) )
+ {
+ return -1;
+ }
+ ldap_memfree( val.bv_val );
+ }
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/attr.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/attr.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/attr.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,401 @@
+/* attr.c - routines for dealing with attributes */
+/* $OpenLDAP: pkg/ldap/servers/slapd/attr.c,v 1.100.2.12 2007/02/21 21:32:21 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#include <ac/ctype.h>
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "slap.h"
+
+Attribute *
+attr_alloc( AttributeDescription *ad )
+{
+ Attribute *a = ch_malloc( sizeof(Attribute) );
+
+ a->a_desc = ad;
+ a->a_next = NULL;
+ a->a_flags = 0;
+ a->a_vals = NULL;
+ a->a_nvals = NULL;
+#ifdef LDAP_COMP_MATCH
+ a->a_comp_data = NULL;
+#endif
+
+ return a;
+}
+
+void
+attr_free( Attribute *a )
+{
+ if ( a->a_nvals && a->a_nvals != a->a_vals ) {
+ ber_bvarray_free( a->a_nvals );
+ }
+ /* a_vals may be equal to slap_dummy_bv, a static empty berval;
+ * this is used as a placeholder for attributes that do not carry
+ * values, e.g. when proxying search entries with the "attrsonly"
+ * bit set. */
+ if ( a->a_vals != &slap_dummy_bv ) {
+ ber_bvarray_free( a->a_vals );
+ }
+ free( a );
+}
+
+#ifdef LDAP_COMP_MATCH
+void
+comp_tree_free( Attribute *a )
+{
+ Attribute *next;
+
+ for( ; a != NULL ; a = next ) {
+ next = a->a_next;
+ if ( component_destructor && a->a_comp_data ) {
+ if ( a->a_comp_data->cd_mem_op )
+ component_destructor( a->a_comp_data->cd_mem_op );
+ free ( a->a_comp_data );
+ }
+ }
+}
+#endif
+
+void
+attrs_free( Attribute *a )
+{
+ Attribute *next;
+
+ for( ; a != NULL ; a = next ) {
+ next = a->a_next;
+ attr_free( a );
+ }
+}
+
+Attribute *
+attr_dup( Attribute *a )
+{
+ Attribute *tmp;
+
+ if ( a == NULL) return NULL;
+
+ tmp = attr_alloc( a->a_desc );
+
+ if ( a->a_vals != NULL ) {
+ int i;
+
+ for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) {
+ /* EMPTY */ ;
+ }
+
+ tmp->a_vals = ch_malloc( (i + 1) * sizeof(struct berval) );
+ for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) {
+ ber_dupbv( &tmp->a_vals[i], &a->a_vals[i] );
+ if ( BER_BVISNULL( &tmp->a_vals[i] ) ) break;
+ /* FIXME: error? */
+ }
+ BER_BVZERO( &tmp->a_vals[i] );
+
+ /* a_nvals must be non null; it may be equal to a_vals */
+ assert( a->a_nvals != NULL );
+
+ if ( a->a_nvals != a->a_vals ) {
+ int j;
+
+ tmp->a_nvals = ch_malloc( (i + 1) * sizeof(struct berval) );
+ for ( j = 0; !BER_BVISNULL( &a->a_nvals[j] ); j++ ) {
+ assert( j < i );
+ ber_dupbv( &tmp->a_nvals[j], &a->a_nvals[j] );
+ if ( BER_BVISNULL( &tmp->a_nvals[j] ) ) break;
+ /* FIXME: error? */
+ }
+ assert( j == i );
+ BER_BVZERO( &tmp->a_nvals[j] );
+
+ } else {
+ tmp->a_nvals = tmp->a_vals;
+ }
+
+ } else {
+ tmp->a_vals = NULL;
+ tmp->a_nvals = NULL;
+ }
+ return tmp;
+}
+
+Attribute *
+attrs_dup( Attribute *a )
+{
+ Attribute *tmp, **next;
+
+ if( a == NULL ) return NULL;
+
+ tmp = NULL;
+ next = &tmp;
+
+ for( ; a != NULL ; a = a->a_next ) {
+ *next = attr_dup( a );
+ next = &((*next)->a_next);
+ }
+ *next = NULL;
+
+ return tmp;
+}
+
+
+/*
+ * attr_merge - merge the given type and value with the list of
+ * attributes in attrs.
+ *
+ * nvals must be NULL if the attribute has no normalizer.
+ * In this case, a->a_nvals will be set equal to a->a_vals.
+ *
+ * returns 0 everything went ok
+ * -1 trouble
+ */
+
+int
+attr_merge(
+ Entry *e,
+ AttributeDescription *desc,
+ BerVarray vals,
+ BerVarray nvals )
+{
+ int rc;
+
+ Attribute **a;
+
+ for ( a = &e->e_attrs; *a != NULL; a = &(*a)->a_next ) {
+ if ( (*a)->a_desc == desc ) {
+ break;
+ }
+ }
+
+ if ( *a == NULL ) {
+ *a = attr_alloc( desc );
+ } else {
+ /*
+ * FIXME: if the attribute already exists, the presence
+ * of nvals and the value of (*a)->a_nvals must be consistent
+ */
+ assert( ( nvals == NULL && (*a)->a_nvals == (*a)->a_vals )
+ || ( nvals != NULL && (
+ ( (*a)->a_vals == NULL && (*a)->a_nvals == NULL )
+ || ( (*a)->a_nvals != (*a)->a_vals ) ) ) );
+ }
+
+ rc = value_add( &(*a)->a_vals, vals );
+
+ if ( rc == LDAP_SUCCESS ) {
+ if ( nvals ) {
+ rc = value_add( &(*a)->a_nvals, nvals );
+ /* FIXME: what if rc != LDAP_SUCCESS ? */
+ } else {
+ (*a)->a_nvals = (*a)->a_vals;
+ }
+ }
+
+ return rc;
+}
+
+int
+attr_merge_normalize(
+ Entry *e,
+ AttributeDescription *desc,
+ BerVarray vals,
+ void *memctx )
+{
+ BerVarray nvals = NULL;
+ int rc;
+
+ if ( desc->ad_type->sat_equality &&
+ desc->ad_type->sat_equality->smr_normalize )
+ {
+ int i;
+
+ for ( i = 0; !BER_BVISNULL( &vals[i] ); i++ );
+
+ nvals = slap_sl_calloc( sizeof(struct berval), i + 1, memctx );
+ for ( i = 0; !BER_BVISNULL( &vals[i] ); i++ ) {
+ rc = (*desc->ad_type->sat_equality->smr_normalize)(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ desc->ad_type->sat_syntax,
+ desc->ad_type->sat_equality,
+ &vals[i], &nvals[i], memctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ BER_BVZERO( &nvals[i + 1] );
+ goto error_return;
+ }
+ }
+ BER_BVZERO( &nvals[i] );
+ }
+
+ rc = attr_merge( e, desc, vals, nvals );
+
+error_return:;
+ if ( nvals != NULL ) {
+ ber_bvarray_free_x( nvals, memctx );
+ }
+ return rc;
+}
+
+int
+attr_merge_one(
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ struct berval *nval )
+{
+ int rc;
+ Attribute **a;
+
+ for ( a = &e->e_attrs; *a != NULL; a = &(*a)->a_next ) {
+ if ( (*a)->a_desc == desc ) {
+ break;
+ }
+ }
+
+ if ( *a == NULL ) {
+ *a = attr_alloc( desc );
+ }
+
+ rc = value_add_one( &(*a)->a_vals, val );
+
+ if ( rc == LDAP_SUCCESS ) {
+ if ( nval ) {
+ rc = value_add_one( &(*a)->a_nvals, nval );
+ /* FIXME: what if rc != LDAP_SUCCESS ? */
+ } else {
+ (*a)->a_nvals = (*a)->a_vals;
+ }
+ }
+ return rc;
+}
+
+int
+attr_merge_normalize_one(
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ void *memctx )
+{
+ struct berval nval;
+ struct berval *nvalp = NULL;
+ int rc;
+
+ if ( desc->ad_type->sat_equality &&
+ desc->ad_type->sat_equality->smr_normalize )
+ {
+ rc = (*desc->ad_type->sat_equality->smr_normalize)(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ desc->ad_type->sat_syntax,
+ desc->ad_type->sat_equality,
+ val, &nval, memctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ nvalp = &nval;
+ }
+
+ rc = attr_merge_one( e, desc, val, nvalp );
+ if ( nvalp != NULL ) {
+ slap_sl_free( nval.bv_val, memctx );
+ }
+ return rc;
+}
+
+/*
+ * attrs_find - find attribute(s) by AttributeDescription
+ * returns next attribute which is subtype of provided description.
+ */
+
+Attribute *
+attrs_find(
+ Attribute *a,
+ AttributeDescription *desc )
+{
+ for ( ; a != NULL; a = a->a_next ) {
+ if ( is_ad_subtype( a->a_desc, desc ) ) {
+ return( a );
+ }
+ }
+
+ return( NULL );
+}
+
+/*
+ * attr_find - find attribute by type
+ */
+
+Attribute *
+attr_find(
+ Attribute *a,
+ AttributeDescription *desc )
+{
+ for ( ; a != NULL; a = a->a_next ) {
+ if ( a->a_desc == desc ) {
+ return( a );
+ }
+ }
+
+ return( NULL );
+}
+
+/*
+ * attr_delete - delete the attribute type in list pointed to by attrs
+ * return 0 deleted ok
+ * 1 not found in list a
+ * -1 something bad happened
+ */
+
+int
+attr_delete(
+ Attribute **attrs,
+ AttributeDescription *desc )
+{
+ Attribute **a;
+
+ for ( a = attrs; *a != NULL; a = &(*a)->a_next ) {
+ if ( (*a)->a_desc == desc ) {
+ Attribute *save = *a;
+ *a = (*a)->a_next;
+ attr_free( save );
+
+ return LDAP_SUCCESS;
+ }
+ }
+
+ return LDAP_NO_SUCH_ATTRIBUTE;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/ava.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/ava.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/ava.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,125 @@
+/* ava.c - routines for dealing with attribute value assertions */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ava.c,v 1.40.2.6 2007/01/02 21:43:54 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+#ifdef LDAP_COMP_MATCH
+#include "component.h"
+#endif
+
+void
+ava_free(
+ Operation *op,
+ AttributeAssertion *ava,
+ int freeit )
+{
+#ifdef LDAP_COMP_MATCH
+ if ( ava->aa_cf && ava->aa_cf->cf_ca->ca_comp_data.cd_mem_op )
+ nibble_mem_free ( ava->aa_cf->cf_ca->ca_comp_data.cd_mem_op );
+#endif
+ op->o_tmpfree( ava->aa_value.bv_val, op->o_tmpmemctx );
+ if ( freeit ) op->o_tmpfree( (char *) ava, op->o_tmpmemctx );
+}
+
+int
+get_ava(
+ Operation *op,
+ BerElement *ber,
+ AttributeAssertion **ava,
+ unsigned usage,
+ const char **text )
+{
+ int rc;
+ ber_tag_t rtag;
+ struct berval type, value;
+ AttributeAssertion *aa;
+#ifdef LDAP_COMP_MATCH
+ AttributeAliasing* a_alias = NULL;
+#endif
+
+ rtag = ber_scanf( ber, "{mm}", &type, &value );
+
+ if( rtag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, " get_ava ber_scanf\n", 0, 0, 0 );
+ *text = "Error decoding attribute value assertion";
+ return SLAPD_DISCONNECT;
+ }
+
+ aa = op->o_tmpalloc( sizeof( AttributeAssertion ), op->o_tmpmemctx );
+ aa->aa_desc = NULL;
+ aa->aa_value.bv_val = NULL;
+#ifdef LDAP_COMP_MATCH
+ aa->aa_cf = NULL;
+#endif
+
+ rc = slap_bv2ad( &type, &aa->aa_desc, text );
+
+ if( rc != LDAP_SUCCESS ) {
+ rc = slap_bv2undef_ad( &type, &aa->aa_desc, text,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_FILTER,
+ "get_ava: unknown attributeType %s\n", type.bv_val, 0, 0 );
+ op->o_tmpfree( aa, op->o_tmpmemctx );
+ return rc;
+ }
+ }
+
+ rc = asserted_value_validate_normalize(
+ aa->aa_desc, ad_mr(aa->aa_desc, usage),
+ usage, &value, &aa->aa_value, text, op->o_tmpmemctx );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_FILTER,
+ "get_ava: illegal value for attributeType %s\n", type.bv_val, 0, 0 );
+ op->o_tmpfree( aa, op->o_tmpmemctx );
+ return rc;
+ }
+
+#ifdef LDAP_COMP_MATCH
+ if( is_aliased_attribute ) {
+ a_alias = is_aliased_attribute ( aa->aa_desc );
+ if ( a_alias ) {
+ rc = get_aliased_filter_aa ( op, aa, a_alias, text );
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_FILTER,
+ "get_ava:Invalid Attribute Aliasing\n", 0, 0, 0 );
+ return rc;
+ }
+ }
+ }
+#endif
+ *ava = aa;
+ return LDAP_SUCCESS;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,53 @@
+# Makefile.in for back-bdb
+# $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/Makefile.in,v 1.29.2.5 2007/01/02 21:43:59 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SRCS = init.c tools.c config.c \
+ add.c bind.c compare.c delete.c modify.c modrdn.c search.c \
+ extended.c referral.c operational.c \
+ attr.c index.c key.c dbcache.c filterindex.c \
+ dn2entry.c dn2id.c error.c id2entry.c idl.c \
+ nextid.c cache.c trans.c
+
+OBJS = init.lo tools.lo config.lo \
+ add.lo bind.lo compare.lo delete.lo modify.lo modrdn.lo search.lo \
+ extended.lo referral.lo operational.lo \
+ attr.lo index.lo key.lo dbcache.lo filterindex.lo \
+ dn2entry.lo dn2id.lo error.lo id2entry.lo idl.lo \
+ nextid.lo cache.lo trans.lo
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-bdb"
+BUILD_MOD = @BUILD_BDB@
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(@BUILD_BDB at _DEFS)
+MOD_LIBS = $(LDBM_LIBS)
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+
+LIBBASE = back_bdb
+
+XINCPATH = -I.. -I$(srcdir)/..
+XDEFS = $(MODULES_CPPFLAGS)
+
+all-local-lib: ../.backend
+
+../.backend: lib$(LIBBASE).a
+ @touch $@
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/add.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/add.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/add.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,425 @@
+/* add.c - ldap BerkeleyDB back-end add routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/add.c,v 1.126.2.16 2007/01/02 21:43:59 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-bdb.h"
+
+int
+bdb_add(Operation *op, SlapReply *rs )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ struct berval pdn;
+ Entry *p = NULL;
+ EntryInfo *ei;
+ char textbuf[SLAP_TEXT_BUFLEN];
+ size_t textlen = sizeof textbuf;
+ AttributeDescription *children = slap_schema.si_ad_children;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
+ DB_TXN *ltid = NULL, *lt2;
+ struct bdb_op_info opinfo = {0};
+ int subentry;
+ u_int32_t locker = 0;
+ DB_LOCK lock;
+
+ int num_retries = 0;
+
+ LDAPControl **postread_ctrl = NULL;
+ LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
+ int num_ctrls = 0;
+
+ Debug(LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(bdb_add) ": %s\n",
+ op->oq_add.rs_e->e_name.bv_val, 0, 0);
+
+ ctrls[num_ctrls] = 0;
+
+ /* add opattrs to shadow as well, only missing attrs will actually
+ * be added; helps compatibility with older OL versions */
+ rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": entry failed op attrs add: "
+ "%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
+ goto return_results;
+ }
+
+ /* check entry's schema */
+ rs->sr_err = entry_schema_check( op, op->oq_add.rs_e, NULL,
+ get_manageDIT(op), &rs->sr_text, textbuf, textlen );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": entry failed schema check: "
+ "%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
+ goto return_results;
+ }
+
+ subentry = is_entry_subentry( op->oq_add.rs_e );
+
+ /*
+ * acquire an ID outside of the operation transaction
+ * to avoid serializing adds.
+ */
+ rs->sr_err = bdb_next_id( op->o_bd, NULL, &op->oq_add.rs_e->e_id );
+ if( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": next_id failed (%d)\n",
+ rs->sr_err, 0, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+
+ if( 0 ) {
+retry: /* transaction retry */
+ if( p ) {
+ /* free parent and reader lock */
+ if ( p != (Entry *)&slap_entry_root ) {
+ bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
+ }
+ p = NULL;
+ }
+ rs->sr_err = TXN_ABORT( ltid );
+ ltid = NULL;
+ op->o_private = NULL;
+ op->o_do_not_cache = opinfo.boi_acl_cache;
+ if( rs->sr_err != 0 ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+ if ( op->o_abandon ) {
+ rs->sr_err = SLAPD_ABANDON;
+ goto return_results;
+ }
+ bdb_trans_backoff( ++num_retries );
+ }
+
+ /* begin transaction */
+ rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, <id,
+ bdb->bi_db_opflags );
+ rs->sr_text = NULL;
+ if( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": txn_begin failed: %s (%d)\n",
+ db_strerror(rs->sr_err), rs->sr_err, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+
+ locker = TXN_ID ( ltid );
+
+ opinfo.boi_bdb = op->o_bd;
+ opinfo.boi_txn = ltid;
+ opinfo.boi_locker = locker;
+ opinfo.boi_err = 0;
+ opinfo.boi_acl_cache = op->o_do_not_cache;
+ op->o_private = &opinfo;
+
+ /*
+ * Get the parent dn and see if the corresponding entry exists.
+ */
+ if ( be_issuffix( op->o_bd, &op->oq_add.rs_e->e_nname ) ) {
+ pdn = slap_empty_bv;
+ } else {
+ dnParent( &op->oq_add.rs_e->e_nname, &pdn );
+ }
+
+ /* get entry or parent */
+ rs->sr_err = bdb_dn2entry( op, ltid, &op->ora_e->e_nname, &ei,
+ 1, locker, &lock );
+ switch( rs->sr_err ) {
+ case 0:
+ rs->sr_err = LDAP_ALREADY_EXISTS;
+ goto return_results;
+ case DB_NOTFOUND:
+ break;
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ case LDAP_BUSY:
+ rs->sr_text = "ldap server busy";
+ goto return_results;
+ default:
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+
+ p = ei->bei_e;
+ if ( !p )
+ p = (Entry *)&slap_entry_root;
+
+ if ( !bvmatch( &pdn, &p->e_nname ) ) {
+ rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
+ op->o_tmpmemctx );
+ rs->sr_ref = is_entry_referral( p )
+ ? get_entry_referrals( op, p )
+ : NULL;
+ bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
+ p = NULL;
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": parent "
+ "does not exist\n", 0, 0, 0 );
+
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
+ goto return_results;
+ }
+
+ rs->sr_err = access_allowed( op, p,
+ children, NULL, ACL_WADD, NULL );
+
+ if ( ! rs->sr_err ) {
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": no write access to parent\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "no write access to parent";
+ goto return_results;;
+ }
+
+ if ( is_entry_subentry( p ) ) {
+ /* parent is a subentry, don't allow add */
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": parent is subentry\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
+ rs->sr_text = "parent is a subentry";
+ goto return_results;;
+ }
+ if ( is_entry_alias( p ) ) {
+ /* parent is an alias, don't allow add */
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": parent is alias\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_ALIAS_PROBLEM;
+ rs->sr_text = "parent is an alias";
+ goto return_results;;
+ }
+
+ if ( is_entry_referral( p ) ) {
+ /* parent is a referral, don't allow add */
+ rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
+ op->o_tmpmemctx );
+ rs->sr_ref = get_entry_referrals( op, p );
+ bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
+ p = NULL;
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": parent is referral\n",
+ 0, 0, 0 );
+
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
+ goto return_results;
+ }
+
+ if ( subentry ) {
+ /* FIXME: */
+ /* parent must be an administrative point of the required kind */
+ }
+
+ /* free parent and reader lock */
+ if ( p != (Entry *)&slap_entry_root ) {
+ bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
+ }
+ p = NULL;
+
+ rs->sr_err = access_allowed( op, op->oq_add.rs_e,
+ entry, NULL, ACL_WADD, NULL );
+
+ if ( ! rs->sr_err ) {
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": no write access to entry\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "no write access to entry";
+ goto return_results;;
+ }
+
+ /* nested transaction */
+ rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2,
+ bdb->bi_db_opflags );
+ rs->sr_text = NULL;
+ if( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": txn_begin(2) failed: "
+ "%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+
+ /* dn2id index */
+ rs->sr_err = bdb_dn2id_add( op, lt2, ei, op->oq_add.rs_e );
+ if ( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": dn2id_add failed: %s (%d)\n",
+ db_strerror(rs->sr_err), rs->sr_err, 0 );
+
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ case DB_KEYEXIST:
+ rs->sr_err = LDAP_ALREADY_EXISTS;
+ break;
+ default:
+ rs->sr_err = LDAP_OTHER;
+ }
+ goto return_results;
+ }
+
+ /* attribute indexes */
+ rs->sr_err = bdb_index_entry_add( op, lt2, op->oq_add.rs_e );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": index_entry_add failed\n",
+ 0, 0, 0 );
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ default:
+ rs->sr_err = LDAP_OTHER;
+ }
+ rs->sr_text = "index generation failed";
+ goto return_results;
+ }
+
+ /* id2entry index */
+ rs->sr_err = bdb_id2entry_add( op->o_bd, lt2, op->oq_add.rs_e );
+ if ( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": id2entry_add failed\n",
+ 0, 0, 0 );
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ default:
+ rs->sr_err = LDAP_OTHER;
+ }
+ rs->sr_text = "entry store failed";
+ goto return_results;
+ }
+
+ if ( TXN_COMMIT( lt2, 0 ) != 0 ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "txn_commit(2) failed";
+ goto return_results;
+ }
+
+ /* post-read */
+ if( op->o_postread ) {
+ if( postread_ctrl == NULL ) {
+ postread_ctrl = &ctrls[num_ctrls++];
+ ctrls[num_ctrls] = NULL;
+ }
+ if ( slap_read_controls( op, rs, op->oq_add.rs_e,
+ &slap_post_read_bv, postread_ctrl ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_add) ": post-read "
+ "failed!\n", 0, 0, 0 );
+ goto return_results;
+ }
+ }
+
+ if ( op->o_noop ) {
+ if (( rs->sr_err=TXN_ABORT( ltid )) != 0 ) {
+ rs->sr_text = "txn_abort (no-op) failed";
+ } else {
+ rs->sr_err = LDAP_X_NO_OPERATION;
+ ltid = NULL;
+ goto return_results;
+ }
+
+ } else {
+ struct berval nrdn;
+ Entry *e = entry_dup( op->ora_e );
+
+ /* pick the RDN if not suffix; otherwise pick the entire DN */
+ if (pdn.bv_len) {
+ nrdn.bv_val = e->e_nname.bv_val;
+ nrdn.bv_len = pdn.bv_val - op->ora_e->e_nname.bv_val - 1;
+ } else {
+ nrdn = e->e_nname;
+ }
+
+ bdb_cache_add( bdb, ei, e, &nrdn, locker );
+
+ if(( rs->sr_err=TXN_COMMIT( ltid, 0 )) != 0 ) {
+ rs->sr_text = "txn_commit failed";
+ } else {
+ rs->sr_err = LDAP_SUCCESS;
+ }
+ }
+
+ ltid = NULL;
+ op->o_private = NULL;
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": %s : %s (%d)\n",
+ rs->sr_text, db_strerror(rs->sr_err), rs->sr_err );
+ rs->sr_err = LDAP_OTHER;
+ goto return_results;
+ }
+
+ Debug(LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": added%s id=%08lx dn=\"%s\"\n",
+ op->o_noop ? " (no-op)" : "",
+ op->oq_add.rs_e->e_id, op->oq_add.rs_e->e_dn );
+
+ rs->sr_text = NULL;
+ if( num_ctrls ) rs->sr_ctrls = ctrls;
+
+return_results:
+ send_ldap_result( op, rs );
+ slap_graduate_commit_csn( op );
+
+ if( ltid != NULL ) {
+ TXN_ABORT( ltid );
+ }
+ op->o_private = NULL;
+
+ if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
+ slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+ slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
+ }
+
+ if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
+ TXN_CHECKPOINT( bdb->bi_dbenv,
+ bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
+ }
+ return rs->sr_err;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/attr.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/attr.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/attr.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,386 @@
+/* attr.c - backend routines for dealing with attributes */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/attr.c,v 1.19.2.10 2007/01/02 21:43:59 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-bdb.h"
+#include "lutil.h"
+
+/* Find the ad, return -1 if not found,
+ * set point for insertion if ins is non-NULL
+ */
+int
+bdb_attr_slot( struct bdb_info *bdb, AttributeDescription *ad, unsigned *ins )
+{
+ unsigned base = 0, cursor = 0;
+ unsigned n = bdb->bi_nattrs;
+ int val = 0;
+
+ while ( 0 < n ) {
+ int pivot = n >> 1;
+ cursor = base + pivot;
+
+ val = SLAP_PTRCMP( ad, bdb->bi_attrs[cursor]->ai_desc );
+ if ( val < 0 ) {
+ n = pivot;
+ } else if ( val > 0 ) {
+ base = cursor + 1;
+ n -= pivot + 1;
+ } else {
+ return cursor;
+ }
+ }
+ if ( ins ) {
+ if ( val > 0 )
+ ++cursor;
+ *ins = cursor;
+ }
+ return -1;
+}
+
+static int
+ainfo_insert( struct bdb_info *bdb, AttrInfo *a )
+{
+ unsigned x;
+ int i = bdb_attr_slot( bdb, a->ai_desc, &x );
+
+ /* Is it a dup? */
+ if ( i >= 0 )
+ return -1;
+
+ bdb->bi_attrs = ch_realloc( bdb->bi_attrs, ( bdb->bi_nattrs+1 ) *
+ sizeof( AttrInfo * ));
+ if ( x < bdb->bi_nattrs )
+ AC_MEMCPY( &bdb->bi_attrs[x+1], &bdb->bi_attrs[x],
+ ( bdb->bi_nattrs - x ) * sizeof( AttrInfo *));
+ bdb->bi_attrs[x] = a;
+ bdb->bi_nattrs++;
+ return 0;
+}
+
+AttrInfo *
+bdb_attr_mask(
+ struct bdb_info *bdb,
+ AttributeDescription *desc )
+{
+ int i = bdb_attr_slot( bdb, desc, NULL );
+ return i < 0 ? NULL : bdb->bi_attrs[i];
+}
+
+int
+bdb_attr_index_config(
+ struct bdb_info *bdb,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+ int rc;
+ int i;
+ slap_mask_t mask;
+ char **attrs;
+ char **indexes = NULL;
+
+ attrs = ldap_str2charray( argv[0], "," );
+
+ if( attrs == NULL ) {
+ fprintf( stderr, "%s: line %d: "
+ "no attributes specified: %s\n",
+ fname, lineno, argv[0] );
+ return LDAP_PARAM_ERROR;
+ }
+
+ if ( argc > 1 ) {
+ indexes = ldap_str2charray( argv[1], "," );
+
+ if( indexes == NULL ) {
+ fprintf( stderr, "%s: line %d: "
+ "no indexes specified: %s\n",
+ fname, lineno, argv[1] );
+ return LDAP_PARAM_ERROR;
+ }
+ }
+
+ if( indexes == NULL ) {
+ mask = bdb->bi_defaultmask;
+
+ } else {
+ mask = 0;
+
+ for ( i = 0; indexes[i] != NULL; i++ ) {
+ slap_mask_t index;
+ rc = slap_str2index( indexes[i], &index );
+
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: line %d: "
+ "index type \"%s\" undefined\n",
+ fname, lineno, indexes[i] );
+ return LDAP_PARAM_ERROR;
+ }
+
+ mask |= index;
+ }
+ }
+
+ if( !mask ) {
+ fprintf( stderr, "%s: line %d: "
+ "no indexes selected\n",
+ fname, lineno );
+ return LDAP_PARAM_ERROR;
+ }
+
+ for ( i = 0; attrs[i] != NULL; i++ ) {
+ AttrInfo *a;
+ AttributeDescription *ad;
+ const char *text;
+#ifdef LDAP_COMP_MATCH
+ ComponentReference* cr = NULL;
+ AttrInfo *a_cr = NULL;
+#endif
+
+ if( strcasecmp( attrs[i], "default" ) == 0 ) {
+ bdb->bi_defaultmask |= mask;
+ continue;
+ }
+
+#ifdef LDAP_COMP_MATCH
+ if ( is_component_reference( attrs[i] ) ) {
+ rc = extract_component_reference( attrs[i], &cr );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: line %d: "
+ "index component reference\"%s\" undefined\n",
+ fname, lineno, attrs[i] );
+ return rc;
+ }
+ cr->cr_indexmask = mask;
+ /*
+ * After extracting a component reference
+ * only the name of a attribute will be remaining
+ */
+ } else {
+ cr = NULL;
+ }
+#endif
+ a = (AttrInfo *) ch_malloc( sizeof(AttrInfo) );
+
+#ifdef LDAP_COMP_MATCH
+ a->ai_cr = NULL;
+#endif
+ ad = NULL;
+ rc = slap_str2ad( attrs[i], &ad, &text );
+
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: line %d: "
+ "index attribute \"%s\" undefined\n",
+ fname, lineno, attrs[i] );
+ return rc;
+ }
+
+ if( slap_ad_is_binary( ad ) ) {
+ fprintf( stderr, "%s: line %d: "
+ "index of attribute \"%s\" disallowed\n",
+ fname, lineno, attrs[i] );
+ return LDAP_UNWILLING_TO_PERFORM;
+ }
+
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_APPROX ) && !(
+ ad->ad_type->sat_approx
+ && ad->ad_type->sat_approx->smr_indexer
+ && ad->ad_type->sat_approx->smr_filter ) )
+ {
+ fprintf( stderr, "%s: line %d: "
+ "approx index of attribute \"%s\" disallowed\n",
+ fname, lineno, attrs[i] );
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_EQUALITY ) && !(
+ ad->ad_type->sat_equality
+ && ad->ad_type->sat_equality->smr_indexer
+ && ad->ad_type->sat_equality->smr_filter ) )
+ {
+ fprintf( stderr, "%s: line %d: "
+ "equality index of attribute \"%s\" disallowed\n",
+ fname, lineno, attrs[i] );
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_SUBSTR ) && !(
+ ad->ad_type->sat_substr
+ && ad->ad_type->sat_substr->smr_indexer
+ && ad->ad_type->sat_substr->smr_filter ) )
+ {
+ fprintf( stderr, "%s: line %d: "
+ "substr index of attribute \"%s\" disallowed\n",
+ fname, lineno, attrs[i] );
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ Debug( LDAP_DEBUG_CONFIG, "index %s 0x%04lx\n",
+ ad->ad_cname.bv_val, mask, 0 );
+
+ a->ai_desc = ad;
+
+ if ( bdb->bi_flags & BDB_IS_OPEN ) {
+ a->ai_indexmask = 0;
+ a->ai_newmask = mask;
+ } else {
+ a->ai_indexmask = mask;
+ a->ai_newmask = 0;
+ }
+
+#ifdef LDAP_COMP_MATCH
+ if ( cr ) {
+ a_cr = bdb_attr_mask( bdb, ad );
+ if ( a_cr ) {
+ /*
+ * AttrInfo is already in AVL
+ * just add the extracted component reference
+ * in the AttrInfo
+ */
+ rc = insert_component_reference( cr, &a_cr->ai_cr );
+ if ( rc != LDAP_SUCCESS) {
+ fprintf( stderr, " error during inserting component reference in %s ", attrs[i]);
+ return LDAP_PARAM_ERROR;
+ }
+ continue;
+ } else {
+ rc = insert_component_reference( cr, &a->ai_cr );
+ if ( rc != LDAP_SUCCESS) {
+ fprintf( stderr, " error during inserting component reference in %s ", attrs[i]);
+ return LDAP_PARAM_ERROR;
+ }
+ }
+ }
+#endif
+ rc = ainfo_insert( bdb, a );
+ if( rc ) {
+ if ( bdb->bi_flags & BDB_IS_OPEN ) {
+ AttrInfo *b = bdb_attr_mask( bdb, ad );
+ /* If we were editing this attr, reset it */
+ b->ai_indexmask &= ~BDB_INDEX_DELETING;
+ /* If this is leftover from a previous add, commit it */
+ if ( b->ai_newmask )
+ b->ai_indexmask = b->ai_newmask;
+ b->ai_newmask = a->ai_newmask;
+ ch_free( a );
+ continue;
+ }
+ fprintf( stderr, "%s: line %d: duplicate index definition "
+ "for attr \"%s\"" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ fname, lineno, attrs[i] );
+
+ return LDAP_PARAM_ERROR;
+ }
+ }
+
+ ldap_charray_free( attrs );
+ if ( indexes != NULL ) ldap_charray_free( indexes );
+
+ return LDAP_SUCCESS;
+}
+
+static int
+bdb_attr_index_unparser( void *v1, void *v2 )
+{
+ AttrInfo *ai = v1;
+ BerVarray *bva = v2;
+ struct berval bv;
+ char *ptr;
+
+ slap_index2bvlen( ai->ai_indexmask, &bv );
+ if ( bv.bv_len ) {
+ bv.bv_len += ai->ai_desc->ad_cname.bv_len + 1;
+ ptr = ch_malloc( bv.bv_len+1 );
+ bv.bv_val = lutil_strcopy( ptr, ai->ai_desc->ad_cname.bv_val );
+ *bv.bv_val++ = ' ';
+ slap_index2bv( ai->ai_indexmask, &bv );
+ bv.bv_val = ptr;
+ ber_bvarray_add( bva, &bv );
+ }
+ return 0;
+}
+
+static AttributeDescription addef = { NULL, NULL, BER_BVC("default") };
+static AttrInfo aidef = { &addef };
+
+void
+bdb_attr_index_unparse( struct bdb_info *bdb, BerVarray *bva )
+{
+ int i;
+
+ if ( bdb->bi_defaultmask ) {
+ aidef.ai_indexmask = bdb->bi_defaultmask;
+ bdb_attr_index_unparser( &aidef, bva );
+ }
+ for ( i=0; i<bdb->bi_nattrs; i++ )
+ bdb_attr_index_unparser( bdb->bi_attrs[i], bva );
+}
+
+void
+bdb_attr_info_free( AttrInfo *ai )
+{
+#ifdef LDAP_COMP_MATCH
+ free( ai->ai_cr );
+#endif
+ free( ai );
+}
+
+void
+bdb_attr_index_destroy( struct bdb_info *bdb )
+{
+ int i;
+
+ for ( i=0; i<bdb->bi_nattrs; i++ )
+ bdb_attr_info_free( bdb->bi_attrs[i] );
+
+ free( bdb->bi_attrs );
+}
+
+void bdb_attr_index_free( struct bdb_info *bdb, AttributeDescription *ad )
+{
+ int i;
+
+ i = bdb_attr_slot( bdb, ad, NULL );
+ if ( i >= 0 ) {
+ bdb_attr_info_free( bdb->bi_attrs[i] );
+ bdb->bi_nattrs--;
+ for (; i<bdb->bi_nattrs; i++)
+ bdb->bi_attrs[i] = bdb->bi_attrs[i+1];
+ }
+}
+
+void bdb_attr_flush( struct bdb_info *bdb )
+{
+ int i;
+
+ for ( i=0; i<bdb->bi_nattrs; i++ ) {
+ if ( bdb->bi_attrs[i]->ai_indexmask & BDB_INDEX_DELETING ) {
+ int j;
+ bdb_attr_info_free( bdb->bi_attrs[i] );
+ bdb->bi_nattrs--;
+ for (j=i; j<bdb->bi_nattrs; j++)
+ bdb->bi_attrs[j] = bdb->bi_attrs[j+1];
+ i--;
+ }
+ }
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/back-bdb.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/back-bdb.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/back-bdb.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,320 @@
+/* back-bdb.h - bdb back-end header file */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/back-bdb.h,v 1.117.2.13 2007/01/03 04:36:04 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _BACK_BDB_H_
+#define _BACK_BDB_H_
+
+#include <portable.h>
+#include "slap.h"
+#include <db.h>
+#include "alock.h"
+
+LDAP_BEGIN_DECL
+
+#define DB_VERSION_FULL ((DB_VERSION_MAJOR << 24) | (DB_VERSION_MINOR << 16) | DB_VERSION_PATCH)
+
+#define DN_BASE_PREFIX SLAP_INDEX_EQUALITY_PREFIX
+#define DN_ONE_PREFIX '%'
+#define DN_SUBTREE_PREFIX '@'
+
+#define DBTzero(t) (memset((t), 0, sizeof(DBT)))
+#define DBT2bv(t,bv) ((bv)->bv_val = (t)->data, \
+ (bv)->bv_len = (t)->size)
+#define bv2DBT(bv,t) ((t)->data = (bv)->bv_val, \
+ (t)->size = (bv)->bv_len )
+
+#define BDB_TXN_RETRIES 16
+
+#define BDB_MAX_ADD_LOOP 30
+
+#define BDB_SUFFIX ".bdb"
+#define BDB_ID2ENTRY 0
+#define BDB_DN2ID 1
+#define BDB_NDB 2
+
+/* The bdb on-disk entry format is pretty space-inefficient. Average
+ * sized user entries are 3-4K each. You need at least two entries to
+ * fit into a single database page, more is better. 64K is BDB's
+ * upper bound. Smaller pages are better for concurrency.
+ */
+#ifndef BDB_ID2ENTRY_PAGESIZE
+#define BDB_ID2ENTRY_PAGESIZE 16384
+#endif
+
+#ifndef BDB_PAGESIZE
+#define BDB_PAGESIZE 4096 /* BDB's original default */
+#endif
+
+#define DEFAULT_CACHE_SIZE 1000
+
+/* The default search IDL stack cache depth */
+#define DEFAULT_SEARCH_STACK_DEPTH 16
+
+/* The minimum we can function with */
+#define MINIMUM_SEARCH_STACK_DEPTH 8
+
+typedef struct bdb_idl_cache_entry_s {
+ struct berval kstr;
+ ID *idl;
+ DB *db;
+ struct bdb_idl_cache_entry_s* idl_lru_prev;
+ struct bdb_idl_cache_entry_s* idl_lru_next;
+} bdb_idl_cache_entry_t;
+
+/* BDB backend specific entry info */
+typedef struct bdb_entry_info {
+ struct bdb_entry_info *bei_parent;
+ ID bei_id;
+
+ /* we use the bei_id as a lockobj, but we need to make the size != 4
+ * to avoid conflicting with BDB's internal locks. So add a byte here
+ * that is always zero.
+ */
+ char bei_lockpad;
+
+ short bei_state;
+#define CACHE_ENTRY_DELETED 1
+#define CACHE_ENTRY_NO_KIDS 2
+#define CACHE_ENTRY_NOT_LINKED 4
+#define CACHE_ENTRY_NO_GRANDKIDS 8
+#define CACHE_ENTRY_LOADING 0x10
+#define CACHE_ENTRY_WALKING 0x20
+#define CACHE_ENTRY_ONELEVEL 0x40
+
+ /*
+ * remaining fields require backend cache lock to access
+ */
+ struct berval bei_nrdn;
+#ifdef BDB_HIER
+ struct berval bei_rdn;
+ int bei_modrdns; /* track renames */
+ int bei_ckids; /* number of kids cached */
+ int bei_dkids; /* number of kids on-disk, plus 1 */
+#endif
+ Entry *bei_e;
+ Avlnode *bei_kids;
+#ifdef SLAP_ZONE_ALLOC
+ struct bdb_info *bei_bdb;
+ int bei_zseq;
+#endif
+ ldap_pvt_thread_mutex_t bei_kids_mutex;
+
+ struct bdb_entry_info *bei_lrunext; /* for cache lru list */
+ struct bdb_entry_info *bei_lruprev;
+} EntryInfo;
+#undef BEI
+#define BEI(e) ((EntryInfo *) ((e)->e_private))
+
+/* for the in-core cache of entries */
+typedef struct bdb_cache {
+ int c_maxsize;
+ int c_cursize;
+ int c_minfree;
+ int c_eiused; /* EntryInfo's in use */
+ int c_leaves; /* EntryInfo leaf nodes */
+ EntryInfo c_dntree;
+ EntryInfo *c_eifree; /* free list */
+ Avlnode *c_idtree;
+ EntryInfo *c_lruhead; /* lru - add accessed entries here */
+ EntryInfo *c_lrutail; /* lru - rem lru entries from here */
+ ldap_pvt_thread_rdwr_t c_rwlock;
+ ldap_pvt_thread_mutex_t lru_head_mutex;
+ ldap_pvt_thread_mutex_t lru_tail_mutex;
+ u_int32_t c_locker; /* used by lru cleaner */
+#ifdef SLAP_ZONE_ALLOC
+ void *c_zctx;
+#endif
+} Cache;
+
+#define CACHE_READ_LOCK 0
+#define CACHE_WRITE_LOCK 1
+
+#define BDB_INDICES 128
+
+struct bdb_db_info {
+ char *bdi_name;
+ DB *bdi_db;
+};
+
+/* From ldap_rq.h */
+struct re_s;
+
+struct bdb_info {
+ DB_ENV *bi_dbenv;
+
+ /* DB_ENV parameters */
+ /* The DB_ENV can be tuned via DB_CONFIG */
+ char *bi_dbenv_home;
+ u_int32_t bi_dbenv_xflags; /* extra flags */
+ int bi_dbenv_mode;
+
+ int bi_ndatabases;
+ struct bdb_db_info **bi_databases;
+ ldap_pvt_thread_mutex_t bi_database_mutex;
+ int bi_db_opflags; /* db-specific flags */
+
+ slap_mask_t bi_defaultmask;
+ Cache bi_cache;
+ struct bdb_attrinfo **bi_attrs;
+ int bi_nattrs;
+ void *bi_search_stack;
+ int bi_search_stack_depth;
+ int bi_linear_index;
+
+ int bi_txn_cp;
+ u_int32_t bi_txn_cp_min;
+ u_int32_t bi_txn_cp_kbyte;
+ struct re_s *bi_txn_cp_task;
+ struct re_s *bi_index_task;
+
+ int bi_lock_detect;
+ long bi_shm_key;
+
+ ID bi_lastid;
+ ldap_pvt_thread_mutex_t bi_lastid_mutex;
+ int bi_idl_cache_max_size;
+ int bi_idl_cache_size;
+ Avlnode *bi_idl_tree;
+ bdb_idl_cache_entry_t *bi_idl_lru_head;
+ bdb_idl_cache_entry_t *bi_idl_lru_tail;
+ ldap_pvt_thread_rdwr_t bi_idl_tree_rwlock;
+ ldap_pvt_thread_mutex_t bi_idl_tree_lrulock;
+ alock_info_t bi_alock_info;
+ char *bi_db_config_path;
+ BerVarray bi_db_config;
+ int bi_flags;
+#define BDB_IS_OPEN 0x01
+#define BDB_HAS_CONFIG 0x02
+#define BDB_UPD_CONFIG 0x04
+#define BDB_DEL_INDEX 0x08
+#define BDB_RE_OPEN 0x10
+#ifdef BDB_HIER
+ int bi_modrdns; /* number of modrdns completed */
+ ldap_pvt_thread_mutex_t bi_modrdns_mutex;
+#endif
+};
+
+#define bi_id2entry bi_databases[BDB_ID2ENTRY]
+#define bi_dn2id bi_databases[BDB_DN2ID]
+
+struct bdb_lock_info {
+ struct bdb_lock_info *bli_next;
+ ID bli_id;
+ DB_LOCK bli_lock;
+};
+
+struct bdb_op_info {
+ BackendDB* boi_bdb;
+ DB_TXN* boi_txn;
+ u_int32_t boi_err;
+ u_int32_t boi_locker;
+ int boi_acl_cache;
+ struct bdb_lock_info *boi_locks; /* used when no txn */
+};
+
+#define DB_OPEN(db, file, name, type, flags, mode) \
+ (db)->open(db, file, name, type, flags, mode)
+
+#if DB_VERSION_MAJOR < 4
+#define LOCK_DETECT(env,f,t,a) lock_detect(env, f, t, a)
+#define LOCK_GET(env,i,f,o,m,l) lock_get(env, i, f, o, m, l)
+#define LOCK_PUT(env,l) lock_put(env, l)
+#define TXN_CHECKPOINT(env,k,m,f) txn_checkpoint(env, k, m, f)
+#define TXN_BEGIN(env,p,t,f) txn_begin((env), p, t, f)
+#define TXN_PREPARE(txn,gid) txn_prepare((txn), (gid))
+#define TXN_COMMIT(txn,f) txn_commit((txn), (f))
+#define TXN_ABORT(txn) txn_abort((txn))
+#define TXN_ID(txn) txn_id(txn)
+#define XLOCK_ID(env, locker) lock_id(env, locker)
+#define XLOCK_ID_FREE(env, locker) lock_id_free(env, locker)
+#else
+#define LOCK_DETECT(env,f,t,a) (env)->lock_detect(env, f, t, a)
+#define LOCK_GET(env,i,f,o,m,l) (env)->lock_get(env, i, f, o, m, l)
+#define LOCK_PUT(env,l) (env)->lock_put(env, l)
+#define TXN_CHECKPOINT(env,k,m,f) (env)->txn_checkpoint(env, k, m, f)
+#define TXN_BEGIN(env,p,t,f) (env)->txn_begin((env), p, t, f)
+#define TXN_PREPARE(txn,g) (txn)->prepare((txn), (g))
+#define TXN_COMMIT(txn,f) (txn)->commit((txn), (f))
+#define TXN_ABORT(txn) (txn)->abort((txn))
+#define TXN_ID(txn) (txn)->id(txn)
+#define XLOCK_ID(env, locker) (env)->lock_id(env, locker)
+#define XLOCK_ID_FREE(env, locker) (env)->lock_id_free(env, locker)
+
+/* BDB 4.1.17 adds txn arg to db->open */
+#if DB_VERSION_FULL >= 0x04010011
+#undef DB_OPEN
+#define DB_OPEN(db, file, name, type, flags, mode) \
+ (db)->open(db, NULL, file, name, type, flags, mode)
+#endif
+
+#endif
+
+#define BDB_REUSE_LOCKERS
+
+#define BDB_CSN_COMMIT 0
+#define BDB_CSN_ABORT 1
+#define BDB_CSN_RETRY 2
+
+/* Copy an ID "src" to pointer "dst" in big-endian byte order */
+#define BDB_ID2DISK( src, dst ) \
+ do { int i0; ID tmp; unsigned char *_p; \
+ tmp = (src); _p = (unsigned char *)(dst); \
+ for ( i0=sizeof(ID)-1; i0>=0; i0-- ) { \
+ _p[i0] = tmp & 0xff; tmp >>= 8; \
+ } \
+ } while(0)
+
+/* Copy a pointer "src" to a pointer "dst" from big-endian to native order */
+#define BDB_DISK2ID( src, dst ) \
+ do { int i0; ID tmp = 0; unsigned char *_p; \
+ _p = (unsigned char *)(src); \
+ for ( i0=0; i0<sizeof(ID); i0++ ) { \
+ tmp <<= 8; tmp |= *_p++; \
+ } *(dst) = tmp; \
+ } while (0)
+
+LDAP_END_DECL
+
+/* for the cache of attribute information (which are indexed, etc.) */
+typedef struct bdb_attrinfo {
+ AttributeDescription *ai_desc; /* attribute description cn;lang-en */
+ slap_mask_t ai_indexmask; /* how the attr is indexed */
+ slap_mask_t ai_newmask; /* new settings to replace old mask */
+#ifdef LDAP_COMP_MATCH
+ ComponentReference* ai_cr; /*component indexing*/
+#endif
+} AttrInfo;
+
+/* These flags must not clash with SLAP_INDEX flags or ops in slap.h! */
+#define BDB_INDEX_DELETING 0x8000U /* index is being modified */
+#define BDB_INDEX_UPDATE_OP 0x03 /* performing an index update */
+
+/* For slapindex to record which attrs in an entry belong to which
+ * index database
+ */
+typedef struct AttrList {
+ struct AttrList *next;
+ Attribute *attr;
+} AttrList;
+
+typedef struct IndexRec {
+ AttrInfo *ai;
+ AttrList *attrs;
+} IndexRec;
+
+#include "proto-bdb.h"
+
+#endif /* _BACK_BDB_H_ */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/bind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/bind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/bind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,213 @@
+/* bind.c - bdb backend bind routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/bind.c,v 1.41.2.4 2007/01/02 21:43:59 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/krb.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include "back-bdb.h"
+
+int
+bdb_bind( Operation *op, SlapReply *rs )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ Entry *e;
+ Attribute *a;
+ EntryInfo *ei;
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ char krbname[MAX_K_NAME_SZ + 1];
+ AttributeDescription *krbattr = slap_schema.si_ad_krbName;
+ struct berval krbval;
+ AUTH_DAT ad;
+#endif
+
+ AttributeDescription *password = slap_schema.si_ad_userPassword;
+
+ u_int32_t locker;
+ DB_LOCK lock;
+
+ Debug( LDAP_DEBUG_ARGS,
+ "==> " LDAP_XSTRING(bdb_bind) ": dn: %s\n",
+ op->o_req_dn.bv_val, 0, 0);
+
+ /* allow noauth binds */
+ if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op )) {
+ ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) );
+ /* front end will send result */
+ return LDAP_SUCCESS;
+ }
+
+ rs->sr_err = LOCK_ID(bdb->bi_dbenv, &locker);
+ switch(rs->sr_err) {
+ case 0:
+ break;
+ default:
+ rs->sr_text = "internal error";
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ }
+
+dn2entry_retry:
+ /* get entry with reader lock */
+ rs->sr_err = bdb_dn2entry( op, NULL, &op->o_req_ndn, &ei, 1,
+ locker, &lock );
+
+ switch(rs->sr_err) {
+ case DB_NOTFOUND:
+ case 0:
+ break;
+ case LDAP_BUSY:
+ send_ldap_error( op, rs, LDAP_BUSY, "ldap_server_busy" );
+ LOCK_ID_FREE(bdb->bi_dbenv, locker);
+ return LDAP_BUSY;
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto dn2entry_retry;
+ default:
+ send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
+ LOCK_ID_FREE(bdb->bi_dbenv, locker);
+ return rs->sr_err;
+ }
+
+ e = ei->bei_e;
+ if ( rs->sr_err == DB_NOTFOUND ) {
+ if( e != NULL ) {
+ bdb_cache_return_entry_r( bdb->bi_dbenv,
+ &bdb->bi_cache, e, &lock );
+ e = NULL;
+ }
+
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ send_ldap_result( op, rs );
+
+ LOCK_ID_FREE(bdb->bi_dbenv, locker);
+
+ return rs->sr_err;
+ }
+
+ ber_dupbv( &op->oq_bind.rb_edn, &e->e_name );
+
+ /* check for deleted */
+ if ( is_entry_subentry( e ) ) {
+ /* entry is an subentry, don't allow bind */
+ Debug( LDAP_DEBUG_TRACE, "entry is subentry\n", 0,
+ 0, 0 );
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ goto done;
+ }
+
+ if ( is_entry_alias( e ) ) {
+ /* entry is an alias, don't allow bind */
+ Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ goto done;
+ }
+
+ if ( is_entry_referral( e ) ) {
+ Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
+ 0, 0 );
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ goto done;
+ }
+
+ switch ( op->oq_bind.rb_method ) {
+ case LDAP_AUTH_SIMPLE:
+ a = attr_find( e->e_attrs, password );
+ if ( a == NULL ) {
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ goto done;
+ }
+
+ if ( slap_passwd_check( op, e, a, &op->oq_bind.rb_cred,
+ &rs->sr_text ) != 0 )
+ {
+ /* failure; stop front end from sending result */
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ goto done;
+ }
+
+ rs->sr_err = 0;
+ break;
+
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ case LDAP_AUTH_KRBV41:
+ if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad )
+ != LDAP_SUCCESS )
+ {
+ rs->sr_err = LDAP_INVALID_CREDENTIALS,
+ goto done;
+ }
+
+ rs->sr_err = access_allowed( op, e,
+ krbattr, NULL, ACL_AUTH, NULL );
+ if ( ! rs->sr_err ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS,
+ goto done;
+ }
+
+ krbval.bv_len = sprintf( krbname, "%s%s%s@%s", ad.pname,
+ *ad.pinst ? "." : "", ad.pinst, ad.prealm );
+
+ if ( (a = attr_find( e->e_attrs, krbattr )) == NULL ) {
+ /*
+ * no krbname values present: check against DN
+ */
+ if ( strcasecmp( op->o_req_dn.bv_val, krbname ) == 0 ) {
+ rs->sr_err = 0;
+ break;
+ }
+ rs->sr_err = LDAP_INAPPROPRIATE_AUTH,
+ goto done;
+
+ } else { /* look for krbname match */
+ krbval.bv_val = krbname;
+
+ if ( value_find( a->a_desc, a->a_vals, &krbval ) != 0 ) {
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ goto done;
+ }
+ }
+ rs->sr_err = 0;
+ break;
+#endif
+
+ default:
+ assert( 0 ); /* should not be unreachable */
+ rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED;
+ rs->sr_text = "authentication method not supported";
+ }
+
+done:
+ /* free entry and reader lock */
+ if( e != NULL ) {
+ bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
+ }
+
+ LOCK_ID_FREE(bdb->bi_dbenv, locker);
+
+ if ( rs->sr_err ) {
+ send_ldap_result( op, rs );
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ }
+ /* front end will send result on success (rs->sr_err==0) */
+ return rs->sr_err;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/cache.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/cache.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/cache.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1381 @@
+/* cache.c - routines to maintain an in-core cache of entries */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/cache.c,v 1.88.2.21 2007/01/25 12:42:38 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/errno.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+#include "back-bdb.h"
+
+#include "ldap_rq.h"
+
+#ifdef BDB_HIER
+#define bdb_cache_lru_add hdb_cache_lru_add
+#endif
+static void bdb_cache_lru_add( struct bdb_info *bdb, EntryInfo *ei );
+
+static int bdb_cache_delete_internal(Cache *cache, EntryInfo *e, int decr);
+#ifdef LDAP_DEBUG
+#ifdef SLAPD_UNUSED
+static void bdb_lru_print(Cache *cache);
+#endif
+#endif
+
+static EntryInfo *
+bdb_cache_entryinfo_new( Cache *cache )
+{
+ EntryInfo *ei = NULL;
+
+ if ( cache->c_eifree ) {
+ ldap_pvt_thread_rdwr_wlock( &cache->c_rwlock );
+ if ( cache->c_eifree ) {
+ ei = cache->c_eifree;
+ cache->c_eifree = ei->bei_lrunext;
+ }
+ ldap_pvt_thread_rdwr_wunlock( &cache->c_rwlock );
+ }
+ if ( ei ) {
+ ei->bei_lrunext = NULL;
+ ei->bei_state = 0;
+ } else {
+ ei = ch_calloc(1, sizeof(struct bdb_entry_info));
+ ldap_pvt_thread_mutex_init( &ei->bei_kids_mutex );
+ }
+
+ return ei;
+}
+
+/* Atomically release and reacquire a lock */
+int
+bdb_cache_entry_db_relock(
+ DB_ENV *env,
+ u_int32_t locker,
+ EntryInfo *ei,
+ int rw,
+ int tryOnly,
+ DB_LOCK *lock )
+{
+#ifdef NO_THREADS
+ return 0;
+#else
+ int rc;
+ DBT lockobj;
+ DB_LOCKREQ list[2];
+
+ if ( !lock ) return 0;
+
+ lockobj.data = &ei->bei_id;
+ lockobj.size = sizeof(ei->bei_id) + 1;
+
+ list[0].op = DB_LOCK_PUT;
+ list[0].lock = *lock;
+ list[1].op = DB_LOCK_GET;
+ list[1].lock = *lock;
+ list[1].mode = rw ? DB_LOCK_WRITE : DB_LOCK_READ;
+ list[1].obj = &lockobj;
+ rc = env->lock_vec(env, locker, tryOnly ? DB_LOCK_NOWAIT : 0,
+ list, 2, NULL );
+
+ if (rc && !tryOnly) {
+ Debug( LDAP_DEBUG_TRACE,
+ "bdb_cache_entry_db_relock: entry %ld, rw %d, rc %d\n",
+ ei->bei_id, rw, rc );
+ } else {
+ *lock = list[1].lock;
+ }
+ return rc;
+#endif
+}
+
+static int
+bdb_cache_entry_db_lock( DB_ENV *env, u_int32_t locker, EntryInfo *ei,
+ int rw, int tryOnly, DB_LOCK *lock )
+{
+#ifdef NO_THREADS
+ return 0;
+#else
+ int rc;
+ DBT lockobj;
+ int db_rw;
+
+ if ( !lock ) return 0;
+
+ if (rw)
+ db_rw = DB_LOCK_WRITE;
+ else
+ db_rw = DB_LOCK_READ;
+
+ lockobj.data = &ei->bei_id;
+ lockobj.size = sizeof(ei->bei_id) + 1;
+
+ rc = LOCK_GET(env, locker, tryOnly ? DB_LOCK_NOWAIT : 0,
+ &lockobj, db_rw, lock);
+ if (rc && !tryOnly) {
+ Debug( LDAP_DEBUG_TRACE,
+ "bdb_cache_entry_db_lock: entry %ld, rw %d, rc %d\n",
+ ei->bei_id, rw, rc );
+ }
+ return rc;
+#endif /* NO_THREADS */
+}
+
+int
+bdb_cache_entry_db_unlock ( DB_ENV *env, DB_LOCK *lock )
+{
+#ifdef NO_THREADS
+ return 0;
+#else
+ int rc;
+
+ if ( !lock || lock->mode == DB_LOCK_NG ) return 0;
+
+ rc = LOCK_PUT ( env, lock );
+ return rc;
+#endif
+}
+
+static int
+bdb_cache_entryinfo_destroy( EntryInfo *e )
+{
+ ldap_pvt_thread_mutex_destroy( &e->bei_kids_mutex );
+ free( e->bei_nrdn.bv_val );
+#ifdef BDB_HIER
+ free( e->bei_rdn.bv_val );
+#endif
+ free( e );
+ return 0;
+}
+
+#define LRU_DELETE( cache, ei ) do { \
+ if ( (ei)->bei_lruprev != NULL ) { \
+ (ei)->bei_lruprev->bei_lrunext = (ei)->bei_lrunext; \
+ } else { \
+ (cache)->c_lruhead = (ei)->bei_lrunext; \
+ } \
+ if ( (ei)->bei_lrunext != NULL ) { \
+ (ei)->bei_lrunext->bei_lruprev = (ei)->bei_lruprev; \
+ } else { \
+ (cache)->c_lrutail = (ei)->bei_lruprev; \
+ } \
+ (ei)->bei_lrunext = (ei)->bei_lruprev = NULL; \
+} while(0)
+
+#define LRU_ADD( cache, ei ) do { \
+ (ei)->bei_lrunext = (cache)->c_lruhead; \
+ if ( (ei)->bei_lrunext != NULL ) { \
+ (ei)->bei_lrunext->bei_lruprev = (ei); \
+ } \
+ (cache)->c_lruhead = (ei); \
+ (ei)->bei_lruprev = NULL; \
+ if ( !ldap_pvt_thread_mutex_trylock( &(cache)->lru_tail_mutex )) { \
+ if ( (cache)->c_lrutail == NULL ) \
+ (cache)->c_lrutail = (ei); \
+ ldap_pvt_thread_mutex_unlock( &(cache)->lru_tail_mutex ); \
+ } \
+} while(0)
+
+/* Do a length-ordered sort on normalized RDNs */
+static int
+bdb_rdn_cmp( const void *v_e1, const void *v_e2 )
+{
+ const EntryInfo *e1 = v_e1, *e2 = v_e2;
+ int rc = e1->bei_nrdn.bv_len - e2->bei_nrdn.bv_len;
+ if (rc == 0) {
+ rc = strncmp( e1->bei_nrdn.bv_val, e2->bei_nrdn.bv_val,
+ e1->bei_nrdn.bv_len );
+ }
+ return rc;
+}
+
+static int
+bdb_id_cmp( const void *v_e1, const void *v_e2 )
+{
+ const EntryInfo *e1 = v_e1, *e2 = v_e2;
+ return e1->bei_id - e2->bei_id;
+}
+
+/* Create an entryinfo in the cache. Caller must release the locks later.
+ */
+static int
+bdb_entryinfo_add_internal(
+ struct bdb_info *bdb,
+ EntryInfo *ei,
+ EntryInfo **res )
+{
+ EntryInfo *ei2 = NULL;
+
+ *res = NULL;
+
+ ei2 = bdb_cache_entryinfo_new( &bdb->bi_cache );
+
+ ldap_pvt_thread_rdwr_wlock( &bdb->bi_cache.c_rwlock );
+ bdb_cache_entryinfo_lock( ei->bei_parent );
+
+ ei2->bei_id = ei->bei_id;
+ ei2->bei_parent = ei->bei_parent;
+#ifdef BDB_HIER
+ ei2->bei_rdn = ei->bei_rdn;
+#endif
+#ifdef SLAP_ZONE_ALLOC
+ ei2->bei_bdb = bdb;
+#endif
+
+ /* Add to cache ID tree */
+ if (avl_insert( &bdb->bi_cache.c_idtree, ei2, bdb_id_cmp, avl_dup_error )) {
+ EntryInfo *eix;
+ eix = avl_find( bdb->bi_cache.c_idtree, ei2, bdb_id_cmp );
+ bdb_cache_entryinfo_destroy( ei2 );
+ ei2 = eix;
+#ifdef BDB_HIER
+ /* It got freed above because its value was
+ * assigned to ei2.
+ */
+ ei->bei_rdn.bv_val = NULL;
+#endif
+ } else {
+ bdb->bi_cache.c_eiused++;
+ ber_dupbv( &ei2->bei_nrdn, &ei->bei_nrdn );
+
+ /* This is a new leaf node. But if parent had no kids, then it was
+ * a leaf and we would be decrementing that. So, only increment if
+ * the parent already has kids.
+ */
+ if ( ei->bei_parent->bei_kids || !ei->bei_parent->bei_id )
+ bdb->bi_cache.c_leaves++;
+ avl_insert( &ei->bei_parent->bei_kids, ei2, bdb_rdn_cmp,
+ avl_dup_error );
+#ifdef BDB_HIER
+ ei->bei_parent->bei_ckids++;
+#endif
+ }
+
+ *res = ei2;
+ return 0;
+}
+
+/* Find the EntryInfo for the requested DN. If the DN cannot be found, return
+ * the info for its closest ancestor. *res should be NULL to process a
+ * complete DN starting from the tree root. Otherwise *res must be the
+ * immediate parent of the requested DN, and only the RDN will be searched.
+ * The EntryInfo is locked upon return and must be unlocked by the caller.
+ */
+int
+bdb_cache_find_ndn(
+ Operation *op,
+ DB_TXN *txn,
+ struct berval *ndn,
+ EntryInfo **res )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ EntryInfo ei, *eip, *ei2;
+ int rc = 0;
+ char *ptr;
+
+ /* this function is always called with normalized DN */
+ if ( *res ) {
+ /* we're doing a onelevel search for an RDN */
+ ei.bei_nrdn.bv_val = ndn->bv_val;
+ ei.bei_nrdn.bv_len = dn_rdnlen( op->o_bd, ndn );
+ eip = *res;
+ } else {
+ /* we're searching a full DN from the root */
+ ptr = ndn->bv_val + ndn->bv_len - op->o_bd->be_nsuffix[0].bv_len;
+ ei.bei_nrdn.bv_val = ptr;
+ ei.bei_nrdn.bv_len = op->o_bd->be_nsuffix[0].bv_len;
+ /* Skip to next rdn if suffix is empty */
+ if ( ei.bei_nrdn.bv_len == 0 ) {
+ for (ptr = ei.bei_nrdn.bv_val - 2; ptr > ndn->bv_val
+ && !DN_SEPARATOR(*ptr); ptr--) /* empty */;
+ if ( ptr >= ndn->bv_val ) {
+ if (DN_SEPARATOR(*ptr)) ptr++;
+ ei.bei_nrdn.bv_len = ei.bei_nrdn.bv_val - ptr;
+ ei.bei_nrdn.bv_val = ptr;
+ }
+ }
+ eip = &bdb->bi_cache.c_dntree;
+ }
+
+ for ( bdb_cache_entryinfo_lock( eip ); eip; ) {
+ ei.bei_parent = eip;
+ ei2 = (EntryInfo *)avl_find( eip->bei_kids, &ei, bdb_rdn_cmp );
+ if ( !ei2 ) {
+ int len = ei.bei_nrdn.bv_len;
+
+ if ( BER_BVISEMPTY( ndn )) {
+ *res = eip;
+ return LDAP_SUCCESS;
+ }
+
+ ei.bei_nrdn.bv_len = ndn->bv_len -
+ (ei.bei_nrdn.bv_val - ndn->bv_val);
+ bdb_cache_entryinfo_unlock( eip );
+
+ rc = bdb_dn2id( op, txn, &ei.bei_nrdn, &ei );
+ if (rc) {
+ bdb_cache_entryinfo_lock( eip );
+ *res = eip;
+ return rc;
+ }
+
+ /* DN exists but needs to be added to cache */
+ ei.bei_nrdn.bv_len = len;
+ rc = bdb_entryinfo_add_internal( bdb, &ei, &ei2 );
+ /* add_internal left eip and c_rwlock locked */
+ ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
+ if ( rc ) {
+ *res = eip;
+ return rc;
+ }
+ } else if ( ei2->bei_state & CACHE_ENTRY_DELETED ) {
+ /* In the midst of deleting? Give it a chance to
+ * complete.
+ */
+ bdb_cache_entryinfo_unlock( eip );
+ ldap_pvt_thread_yield();
+ bdb_cache_entryinfo_lock( eip );
+ *res = eip;
+ return DB_NOTFOUND;
+ }
+ bdb_cache_entryinfo_unlock( eip );
+ bdb_cache_entryinfo_lock( ei2 );
+
+ eip = ei2;
+
+ /* Advance to next lower RDN */
+ for (ptr = ei.bei_nrdn.bv_val - 2; ptr > ndn->bv_val
+ && !DN_SEPARATOR(*ptr); ptr--) /* empty */;
+ if ( ptr >= ndn->bv_val ) {
+ if (DN_SEPARATOR(*ptr)) ptr++;
+ ei.bei_nrdn.bv_len = ei.bei_nrdn.bv_val - ptr - 1;
+ ei.bei_nrdn.bv_val = ptr;
+ }
+ if ( ptr < ndn->bv_val ) {
+ *res = eip;
+ break;
+ }
+ }
+
+ return rc;
+}
+
+#ifdef BDB_HIER
+/* Walk up the tree from a child node, looking for an ID that's already
+ * been linked into the cache.
+ */
+int
+hdb_cache_find_parent(
+ Operation *op,
+ DB_TXN *txn,
+ u_int32_t locker,
+ ID id,
+ EntryInfo **res )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ EntryInfo ei, eip, *ei2 = NULL, *ein = NULL, *eir = NULL;
+ int rc;
+ int addlru = 0;
+
+ ei.bei_id = id;
+ ei.bei_kids = NULL;
+ ei.bei_ckids = 0;
+
+ for (;;) {
+ rc = hdb_dn2id_parent( op, txn, locker, &ei, &eip.bei_id );
+ if ( rc ) break;
+
+ /* Save the previous node, if any */
+ ei2 = ein;
+
+ /* Create a new node for the current ID */
+ ein = bdb_cache_entryinfo_new( &bdb->bi_cache );
+ ein->bei_id = ei.bei_id;
+ ein->bei_kids = ei.bei_kids;
+ ein->bei_nrdn = ei.bei_nrdn;
+ ein->bei_rdn = ei.bei_rdn;
+ ein->bei_ckids = ei.bei_ckids;
+#ifdef SLAP_ZONE_ALLOC
+ ein->bei_bdb = bdb;
+#endif
+ ei.bei_ckids = 0;
+
+ /* This node is not fully connected yet */
+ ein->bei_state = CACHE_ENTRY_NOT_LINKED;
+
+ /* Insert this node into the ID tree */
+ ldap_pvt_thread_rdwr_wlock( &bdb->bi_cache.c_rwlock );
+ if ( avl_insert( &bdb->bi_cache.c_idtree, (caddr_t)ein,
+ bdb_id_cmp, avl_dup_error ) ) {
+
+ /* Someone else created this node just before us.
+ * Free our new copy and use the existing one.
+ */
+ bdb_cache_entryinfo_destroy( ein );
+ ein = (EntryInfo *)avl_find( bdb->bi_cache.c_idtree,
+ (caddr_t) &ei, bdb_id_cmp );
+
+ /* Link in any kids we've already processed */
+ if ( ei2 ) {
+ bdb_cache_entryinfo_lock( ein );
+ avl_insert( &ein->bei_kids, (caddr_t)ei2,
+ bdb_rdn_cmp, avl_dup_error );
+ ein->bei_ckids++;
+ bdb_cache_entryinfo_unlock( ein );
+ }
+ addlru = 0;
+
+ }
+
+ /* If this is the first time, save this node
+ * to be returned later.
+ */
+ if ( eir == NULL ) eir = ein;
+
+ /* If there was a previous node, link it to this one */
+ if ( ei2 ) ei2->bei_parent = ein;
+
+ /* Look for this node's parent */
+ if ( eip.bei_id ) {
+ ei2 = (EntryInfo *) avl_find( bdb->bi_cache.c_idtree,
+ (caddr_t) &eip, bdb_id_cmp );
+ } else {
+ ei2 = &bdb->bi_cache.c_dntree;
+ }
+ bdb->bi_cache.c_eiused++;
+ if ( ei2 && ( ei2->bei_kids || !ei2->bei_id ))
+ bdb->bi_cache.c_leaves++;
+ ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
+
+ if ( addlru ) {
+ ldap_pvt_thread_mutex_lock( &bdb->bi_cache.lru_head_mutex );
+ bdb_cache_lru_add( bdb, ein );
+ }
+ addlru = 1;
+
+ /* Got the parent, link in and we're done. */
+ if ( ei2 ) {
+ bdb_cache_entryinfo_lock( ei2 );
+ ein->bei_parent = ei2;
+ avl_insert( &ei2->bei_kids, (caddr_t)ein, bdb_rdn_cmp,
+ avl_dup_error);
+ ei2->bei_ckids++;
+ bdb_cache_entryinfo_unlock( ei2 );
+ bdb_cache_entryinfo_lock( eir );
+
+ /* Reset all the state info */
+ for (ein = eir; ein != ei2; ein=ein->bei_parent)
+ ein->bei_state &= ~CACHE_ENTRY_NOT_LINKED;
+ *res = eir;
+ break;
+ }
+ ei.bei_kids = NULL;
+ ei.bei_id = eip.bei_id;
+ ei.bei_ckids = 1;
+ avl_insert( &ei.bei_kids, (caddr_t)ein, bdb_rdn_cmp,
+ avl_dup_error );
+ }
+ return rc;
+}
+
+/* Used by hdb_dn2idl when loading the EntryInfo for all the children
+ * of a given node
+ */
+int hdb_cache_load(
+ struct bdb_info *bdb,
+ EntryInfo *ei,
+ EntryInfo **res )
+{
+ EntryInfo *ei2;
+ int rc;
+
+ /* See if we already have this one */
+ bdb_cache_entryinfo_lock( ei->bei_parent );
+ ei2 = (EntryInfo *)avl_find( ei->bei_parent->bei_kids, ei, bdb_rdn_cmp );
+ bdb_cache_entryinfo_unlock( ei->bei_parent );
+
+ if ( !ei2 ) {
+ /* Not found, add it */
+ struct berval bv;
+
+ /* bei_rdn was not malloc'd before, do it now */
+ ber_dupbv( &bv, &ei->bei_rdn );
+ ei->bei_rdn = bv;
+
+ rc = bdb_entryinfo_add_internal( bdb, ei, res );
+ bdb_cache_entryinfo_unlock( ei->bei_parent );
+ ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
+ } else {
+ /* Found, return it */
+ *res = ei2;
+ return 0;
+ }
+ return rc;
+}
+#endif
+
+/* caller must have lru_head_mutex locked. mutex
+ * will be unlocked on return.
+ */
+static void
+bdb_cache_lru_add(
+ struct bdb_info *bdb,
+ EntryInfo *ei )
+{
+ DB_LOCK lock, *lockp;
+ EntryInfo *elru, *elprev;
+ int count = 0;
+
+ LRU_ADD( &bdb->bi_cache, ei );
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.lru_head_mutex );
+
+ /* See if we're above the cache size limit */
+ if ( bdb->bi_cache.c_cursize <= bdb->bi_cache.c_maxsize )
+ return;
+
+ if ( bdb->bi_cache.c_locker ) {
+ lockp = &lock;
+ } else {
+ lockp = NULL;
+ }
+
+ /* Don't bother if we can't get the lock */
+ if ( ldap_pvt_thread_mutex_trylock( &bdb->bi_cache.lru_tail_mutex ) )
+ return;
+
+ /* Look for an unused entry to remove */
+ for (elru = bdb->bi_cache.c_lrutail; elru; elru = elprev ) {
+ elprev = elru->bei_lruprev;
+
+ /* If we can successfully writelock it, then
+ * the object is idle.
+ */
+ if ( bdb_cache_entry_db_lock( bdb->bi_dbenv,
+ bdb->bi_cache.c_locker, elru, 1, 1, lockp ) == 0 ) {
+
+
+ /* If this node is in the process of linking into the cache,
+ * or this node is being deleted, skip it.
+ */
+ if ( elru->bei_state &
+ ( CACHE_ENTRY_NOT_LINKED | CACHE_ENTRY_DELETED )) {
+ bdb_cache_entry_db_unlock( bdb->bi_dbenv, lockp );
+ continue;
+ }
+ /* Free entry for this node if it's present */
+ if ( elru->bei_e ) {
+ elru->bei_e->e_private = NULL;
+#ifdef SLAP_ZONE_ALLOC
+ bdb_entry_return( bdb, elru->bei_e, elru->bei_zseq );
+#else
+ bdb_entry_return( elru->bei_e );
+#endif
+ elru->bei_e = NULL;
+ count++;
+ }
+ /* ITS#4010 if we're in slapcat, and this node is a leaf
+ * node, free it.
+ *
+ * FIXME: we need to do this for slapd as well, (which is
+ * why we compute bi_cache.c_leaves now) but at the moment
+ * we can't because it causes unresolvable deadlocks.
+ */
+ if ( slapMode & SLAP_TOOL_READONLY ) {
+ if ( !elru->bei_kids ) {
+ /* This does LRU_DELETE for us */
+ bdb_cache_delete_internal( &bdb->bi_cache, elru, 0 );
+ bdb_cache_delete_cleanup( &bdb->bi_cache, elru );
+ }
+ /* Leave node on LRU list for a future pass */
+ } else {
+ LRU_DELETE( &bdb->bi_cache, elru );
+ }
+ bdb_cache_entry_db_unlock( bdb->bi_dbenv, lockp );
+
+ if ( count >= bdb->bi_cache.c_minfree ) {
+ ldap_pvt_thread_rdwr_wlock( &bdb->bi_cache.c_rwlock );
+ bdb->bi_cache.c_cursize -= count;
+ ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
+ break;
+ }
+ }
+ }
+
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.lru_tail_mutex );
+}
+
+EntryInfo *
+bdb_cache_find_info(
+ struct bdb_info *bdb,
+ ID id )
+{
+ EntryInfo ei = { 0 },
+ *ei2;
+
+ ei.bei_id = id;
+
+ ldap_pvt_thread_rdwr_rlock( &bdb->bi_cache.c_rwlock );
+ ei2 = (EntryInfo *) avl_find( bdb->bi_cache.c_idtree,
+ (caddr_t) &ei, bdb_id_cmp );
+ ldap_pvt_thread_rdwr_runlock( &bdb->bi_cache.c_rwlock );
+ return ei2;
+}
+
+/*
+ * cache_find_id - find an entry in the cache, given id.
+ * The entry is locked for Read upon return. Call with islocked TRUE if
+ * the supplied *eip was already locked.
+ */
+
+int
+bdb_cache_find_id(
+ Operation *op,
+ DB_TXN *tid,
+ ID id,
+ EntryInfo **eip,
+ int islocked,
+ u_int32_t locker,
+ DB_LOCK *lock )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ Entry *ep = NULL;
+ int rc = 0, load = 0;
+ EntryInfo ei = { 0 };
+
+ ei.bei_id = id;
+
+#ifdef SLAP_ZONE_ALLOC
+ slap_zh_rlock(bdb->bi_cache.c_zctx);
+#endif
+ /* If we weren't given any info, see if we have it already cached */
+ if ( !*eip ) {
+again: ldap_pvt_thread_rdwr_rlock( &bdb->bi_cache.c_rwlock );
+ *eip = (EntryInfo *) avl_find( bdb->bi_cache.c_idtree,
+ (caddr_t) &ei, bdb_id_cmp );
+ if ( *eip ) {
+ /* If the lock attempt fails, the info is in use */
+ if ( ldap_pvt_thread_mutex_trylock(
+ &(*eip)->bei_kids_mutex )) {
+ ldap_pvt_thread_rdwr_runlock( &bdb->bi_cache.c_rwlock );
+ /* If this node is being deleted, treat
+ * as if the delete has already finished
+ */
+ if ( (*eip)->bei_state & CACHE_ENTRY_DELETED ) {
+ return DB_NOTFOUND;
+ }
+ /* otherwise, wait for the info to free up */
+ ldap_pvt_thread_yield();
+ goto again;
+ }
+ /* If this info isn't hooked up to its parent yet,
+ * unlock and wait for it to be fully initialized
+ */
+ if ( (*eip)->bei_state & CACHE_ENTRY_NOT_LINKED ) {
+ bdb_cache_entryinfo_unlock( *eip );
+ ldap_pvt_thread_rdwr_runlock( &bdb->bi_cache.c_rwlock );
+ ldap_pvt_thread_yield();
+ goto again;
+ }
+ islocked = 1;
+ }
+ ldap_pvt_thread_rdwr_runlock( &bdb->bi_cache.c_rwlock );
+ }
+
+ /* See if the ID exists in the database; add it to the cache if so */
+ if ( !*eip ) {
+#ifndef BDB_HIER
+ rc = bdb_id2entry( op->o_bd, tid, locker, id, &ep );
+ if ( rc == 0 ) {
+ rc = bdb_cache_find_ndn( op, tid,
+ &ep->e_nname, eip );
+ if ( *eip ) islocked = 1;
+ if ( rc ) {
+ ep->e_private = NULL;
+#ifdef SLAP_ZONE_ALLOC
+ bdb_entry_return( bdb, ep, (*eip)->bei_zseq );
+#else
+ bdb_entry_return( ep );
+#endif
+ ep = NULL;
+ }
+ }
+#else
+ rc = hdb_cache_find_parent(op, tid, locker, id, eip );
+ if ( rc == 0 ) islocked = 1;
+#endif
+ }
+
+ /* Ok, we found the info, do we have the entry? */
+ if ( rc == 0 ) {
+ if ( (*eip)->bei_state & CACHE_ENTRY_DELETED ) {
+ rc = DB_NOTFOUND;
+ } else {
+ /* Make sure only one thread tries to load the entry */
+load1:
+#ifdef SLAP_ZONE_ALLOC
+ if ((*eip)->bei_e && !slap_zn_validate(
+ bdb->bi_cache.c_zctx, (*eip)->bei_e, (*eip)->bei_zseq)) {
+ (*eip)->bei_e = NULL;
+ (*eip)->bei_zseq = 0;
+ }
+#endif
+ if ( !(*eip)->bei_e && !((*eip)->bei_state & CACHE_ENTRY_LOADING)) {
+ load = 1;
+ (*eip)->bei_state |= CACHE_ENTRY_LOADING;
+ }
+ if ( islocked ) {
+ bdb_cache_entryinfo_unlock( *eip );
+ islocked = 0;
+ }
+ rc = bdb_cache_entry_db_lock( bdb->bi_dbenv, locker, *eip, 0, 0, lock );
+ if ( (*eip)->bei_state & CACHE_ENTRY_DELETED ) {
+ rc = DB_NOTFOUND;
+ bdb_cache_entry_db_unlock( bdb->bi_dbenv, lock );
+ } else if ( rc == 0 ) {
+ if ( load ) {
+ /* Give up original read lock, obtain write lock
+ */
+ if ( rc == 0 ) {
+ rc = bdb_cache_entry_db_relock( bdb->bi_dbenv, locker,
+ *eip, 1, 0, lock );
+ }
+ if ( rc == 0 && !ep) {
+ rc = bdb_id2entry( op->o_bd, tid, locker, id, &ep );
+ }
+ if ( rc == 0 ) {
+ ep->e_private = *eip;
+#ifdef BDB_HIER
+ bdb_fix_dn( ep, 0 );
+#endif
+ (*eip)->bei_e = ep;
+#ifdef SLAP_ZONE_ALLOC
+ (*eip)->bei_zseq = *((ber_len_t *)ep - 2);
+#endif
+ ep = NULL;
+ }
+ bdb_cache_entryinfo_lock( *eip );
+ (*eip)->bei_state ^= CACHE_ENTRY_LOADING;
+ bdb_cache_entryinfo_unlock( *eip );
+ if ( rc == 0 ) {
+ /* If we succeeded, downgrade back to a readlock. */
+ rc = bdb_cache_entry_db_relock( bdb->bi_dbenv, locker,
+ *eip, 0, 0, lock );
+ } else {
+ /* Otherwise, release the lock. */
+ bdb_cache_entry_db_unlock( bdb->bi_dbenv, lock );
+ }
+ } else if ( !(*eip)->bei_e ) {
+ /* Some other thread is trying to load the entry,
+ * give it a chance to finish.
+ */
+ bdb_cache_entry_db_unlock( bdb->bi_dbenv, lock );
+ ldap_pvt_thread_yield();
+ bdb_cache_entryinfo_lock( *eip );
+ islocked = 1;
+ goto load1;
+#ifdef BDB_HIER
+ } else {
+ /* Check for subtree renames
+ */
+ rc = bdb_fix_dn( (*eip)->bei_e, 1 );
+ if ( rc ) {
+ bdb_cache_entry_db_relock( bdb->bi_dbenv,
+ locker, *eip, 1, 0, lock );
+ /* check again in case other modifier did it already */
+ if ( bdb_fix_dn( (*eip)->bei_e, 1 ) )
+ rc = bdb_fix_dn( (*eip)->bei_e, 2 );
+ bdb_cache_entry_db_relock( bdb->bi_dbenv,
+ locker, *eip, 0, 0, lock );
+ }
+#endif
+ }
+
+ }
+ }
+ }
+ if ( islocked ) {
+ bdb_cache_entryinfo_unlock( *eip );
+ }
+ if ( ep ) {
+ ep->e_private = NULL;
+#ifdef SLAP_ZONE_ALLOC
+ bdb_entry_return( bdb, ep, (*eip)->bei_zseq );
+#else
+ bdb_entry_return( ep );
+#endif
+ }
+ if ( rc == 0 ) {
+
+ if ( load ) {
+ ldap_pvt_thread_rdwr_wlock( &bdb->bi_cache.c_rwlock );
+ bdb->bi_cache.c_cursize++;
+ ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
+ }
+
+ ldap_pvt_thread_mutex_lock( &bdb->bi_cache.lru_head_mutex );
+
+ /* If the LRU list has only one entry and this is it, it
+ * doesn't need to be added again.
+ */
+ if ( bdb->bi_cache.c_lruhead == bdb->bi_cache.c_lrutail &&
+ bdb->bi_cache.c_lruhead == *eip ) {
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.lru_head_mutex );
+ } else {
+ /* if entry is on LRU list, remove from old spot */
+ if ( (*eip)->bei_lrunext || (*eip)->bei_lruprev ) {
+ ldap_pvt_thread_mutex_lock( &bdb->bi_cache.lru_tail_mutex );
+ LRU_DELETE( &bdb->bi_cache, *eip );
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.lru_tail_mutex );
+ }
+ /* lru_head_mutex is unlocked for us */
+ bdb_cache_lru_add( bdb, *eip );
+ }
+ }
+
+#ifdef SLAP_ZONE_ALLOC
+ if (rc == 0 && (*eip)->bei_e) {
+ slap_zn_rlock(bdb->bi_cache.c_zctx, (*eip)->bei_e);
+ }
+ slap_zh_runlock(bdb->bi_cache.c_zctx);
+#endif
+ return rc;
+}
+
+int
+bdb_cache_children(
+ Operation *op,
+ DB_TXN *txn,
+ Entry *e )
+{
+ int rc;
+
+ if ( BEI(e)->bei_kids ) {
+ return 0;
+ }
+ if ( BEI(e)->bei_state & CACHE_ENTRY_NO_KIDS ) {
+ return DB_NOTFOUND;
+ }
+ rc = bdb_dn2id_children( op, txn, e );
+ if ( rc == DB_NOTFOUND ) {
+ BEI(e)->bei_state |= CACHE_ENTRY_NO_KIDS | CACHE_ENTRY_NO_GRANDKIDS;
+ }
+ return rc;
+}
+
+/* Update the cache after a successful database Add. */
+int
+bdb_cache_add(
+ struct bdb_info *bdb,
+ EntryInfo *eip,
+ Entry *e,
+ struct berval *nrdn,
+ u_int32_t locker )
+{
+ EntryInfo *new, ei;
+ DB_LOCK lock;
+ int rc;
+#ifdef BDB_HIER
+ struct berval rdn = e->e_name;
+#endif
+
+ ei.bei_id = e->e_id;
+ ei.bei_parent = eip;
+ ei.bei_nrdn = *nrdn;
+ ei.bei_lockpad = 0;
+
+ /* Lock this entry so that bdb_add can run to completion.
+ * It can only fail if BDB has run out of lock resources.
+ */
+ rc = bdb_cache_entry_db_lock( bdb->bi_dbenv, locker, &ei, 1, 0, &lock );
+ if ( rc ) {
+ bdb_cache_entryinfo_unlock( eip );
+ return rc;
+ }
+
+#ifdef BDB_HIER
+ if ( nrdn->bv_len != e->e_nname.bv_len ) {
+ char *ptr = ber_bvchr( &rdn, ',' );
+ assert( ptr != NULL );
+ rdn.bv_len = ptr - rdn.bv_val;
+ }
+ ber_dupbv( &ei.bei_rdn, &rdn );
+ if ( eip->bei_dkids ) eip->bei_dkids++;
+#endif
+
+ rc = bdb_entryinfo_add_internal( bdb, &ei, &new );
+ /* bdb_csn_commit can cause this when adding the database root entry */
+ if ( new->bei_e ) {
+ new->bei_e->e_private = NULL;
+#ifdef SLAP_ZONE_ALLOC
+ bdb_entry_return( bdb, new->bei_e, new->bei_zseq );
+#else
+ bdb_entry_return( new->bei_e );
+#endif
+ }
+ new->bei_e = e;
+ e->e_private = new;
+ new->bei_state = CACHE_ENTRY_NO_KIDS | CACHE_ENTRY_NO_GRANDKIDS;
+ eip->bei_state &= ~CACHE_ENTRY_NO_KIDS;
+ if (eip->bei_parent) {
+ eip->bei_parent->bei_state &= ~CACHE_ENTRY_NO_GRANDKIDS;
+ }
+ bdb_cache_entryinfo_unlock( eip );
+
+ ++bdb->bi_cache.c_cursize;
+ ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
+
+ /* set lru mutex */
+ ldap_pvt_thread_mutex_lock( &bdb->bi_cache.lru_head_mutex );
+
+ /* lru_head_mutex is unlocked for us */
+ bdb_cache_lru_add( bdb, new );
+
+ return rc;
+}
+
+int
+bdb_cache_modify(
+ Entry *e,
+ Attribute *newAttrs,
+ DB_ENV *env,
+ u_int32_t locker,
+ DB_LOCK *lock )
+{
+ EntryInfo *ei = BEI(e);
+ int rc;
+ /* Get write lock on data */
+ rc = bdb_cache_entry_db_relock( env, locker, ei, 1, 0, lock );
+
+ /* If we've done repeated mods on a cached entry, then e_attrs
+ * is no longer contiguous with the entry, and must be freed.
+ */
+ if ( ! rc ) {
+ if ( (void *)e->e_attrs != (void *)(e+1) ) {
+ attrs_free( e->e_attrs );
+ }
+ e->e_attrs = newAttrs;
+ }
+ return rc;
+}
+
+/*
+ * Change the rdn in the entryinfo. Also move to a new parent if needed.
+ */
+int
+bdb_cache_modrdn(
+ struct bdb_info *bdb,
+ Entry *e,
+ struct berval *nrdn,
+ Entry *new,
+ EntryInfo *ein,
+ u_int32_t locker,
+ DB_LOCK *lock )
+{
+ EntryInfo *ei = BEI(e), *pei;
+ int rc;
+#ifdef BDB_HIER
+ struct berval rdn;
+#endif
+
+ /* Get write lock on data */
+ rc = bdb_cache_entry_db_relock( bdb->bi_dbenv, locker, ei, 1, 0, lock );
+ if ( rc ) return rc;
+
+ /* If we've done repeated mods on a cached entry, then e_attrs
+ * is no longer contiguous with the entry, and must be freed.
+ */
+ if ( (void *)e->e_attrs != (void *)(e+1) ) {
+ attrs_free( e->e_attrs );
+ }
+ e->e_attrs = new->e_attrs;
+ if( e->e_nname.bv_val < e->e_bv.bv_val ||
+ e->e_nname.bv_val > e->e_bv.bv_val + e->e_bv.bv_len )
+ {
+ ch_free(e->e_name.bv_val);
+ ch_free(e->e_nname.bv_val);
+ }
+ e->e_name = new->e_name;
+ e->e_nname = new->e_nname;
+
+ /* Lock the parent's kids AVL tree */
+ pei = ei->bei_parent;
+ bdb_cache_entryinfo_lock( pei );
+ avl_delete( &pei->bei_kids, (caddr_t) ei, bdb_rdn_cmp );
+ free( ei->bei_nrdn.bv_val );
+ ber_dupbv( &ei->bei_nrdn, nrdn );
+
+ if ( !pei->bei_kids )
+ pei->bei_state |= CACHE_ENTRY_NO_KIDS | CACHE_ENTRY_NO_GRANDKIDS;
+
+#ifdef BDB_HIER
+ free( ei->bei_rdn.bv_val );
+
+ rdn = e->e_name;
+ if ( nrdn->bv_len != e->e_nname.bv_len ) {
+ char *ptr = ber_bvchr(&rdn, ',');
+ assert( ptr != NULL );
+ rdn.bv_len = ptr - rdn.bv_val;
+ }
+ ber_dupbv( &ei->bei_rdn, &rdn );
+ pei->bei_ckids--;
+ if ( pei->bei_dkids ) pei->bei_dkids--;
+#endif
+
+ if (!ein) {
+ ein = ei->bei_parent;
+ } else {
+ ei->bei_parent = ein;
+ bdb_cache_entryinfo_unlock( pei );
+ bdb_cache_entryinfo_lock( ein );
+ }
+ /* parent now has kids */
+ if ( ein->bei_state & CACHE_ENTRY_NO_KIDS )
+ ein->bei_state ^= CACHE_ENTRY_NO_KIDS;
+#ifdef BDB_HIER
+ /* parent might now have grandkids */
+ if ( ein->bei_state & CACHE_ENTRY_NO_GRANDKIDS &&
+ !(ei->bei_state & (CACHE_ENTRY_NO_KIDS)))
+ ein->bei_state ^= CACHE_ENTRY_NO_GRANDKIDS;
+
+ {
+ /* Record the generation number of this change */
+ ldap_pvt_thread_mutex_lock( &bdb->bi_modrdns_mutex );
+ bdb->bi_modrdns++;
+ ei->bei_modrdns = bdb->bi_modrdns;
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_modrdns_mutex );
+ }
+ ein->bei_ckids++;
+ if ( ein->bei_dkids ) ein->bei_dkids++;
+#endif
+ avl_insert( &ein->bei_kids, ei, bdb_rdn_cmp, avl_dup_error );
+ bdb_cache_entryinfo_unlock( ein );
+ return rc;
+}
+/*
+ * cache_delete - delete the entry e from the cache.
+ *
+ * returns: 0 e was deleted ok
+ * 1 e was not in the cache
+ * -1 something bad happened
+ */
+int
+bdb_cache_delete(
+ Cache *cache,
+ Entry *e,
+ DB_ENV *env,
+ u_int32_t locker,
+ DB_LOCK *lock )
+{
+ EntryInfo *ei = BEI(e);
+ int rc;
+
+ assert( e->e_private != NULL );
+
+ /* Set this early, warn off any queriers */
+ ei->bei_state |= CACHE_ENTRY_DELETED;
+
+ /* Lock the entry's info */
+ bdb_cache_entryinfo_lock( ei );
+
+ /* Get write lock on the data */
+ rc = bdb_cache_entry_db_relock( env, locker, ei, 1, 0, lock );
+ if ( rc ) {
+ /* couldn't lock, undo and give up */
+ ei->bei_state ^= CACHE_ENTRY_DELETED;
+ bdb_cache_entryinfo_unlock( ei );
+ return rc;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "====> bdb_cache_delete( %ld )\n",
+ e->e_id, 0, 0 );
+
+ /* set lru mutex */
+ ldap_pvt_thread_mutex_lock( &cache->lru_tail_mutex );
+
+ /* set cache write lock */
+ ldap_pvt_thread_rdwr_wlock( &cache->c_rwlock );
+
+ rc = bdb_cache_delete_internal( cache, e->e_private, 1 );
+
+ /* free cache write lock */
+ ldap_pvt_thread_rdwr_wunlock( &cache->c_rwlock );
+
+ /* free lru mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->lru_tail_mutex );
+
+ /* Leave entry info locked */
+
+ return( rc );
+}
+
+void
+bdb_cache_delete_cleanup(
+ Cache *cache,
+ EntryInfo *ei )
+{
+ if ( ei->bei_e ) {
+ ei->bei_e->e_private = NULL;
+#ifdef SLAP_ZONE_ALLOC
+ bdb_entry_return( ei->bei_bdb, ei->bei_e, ei->bei_zseq );
+#else
+ bdb_entry_return( ei->bei_e );
+#endif
+ ei->bei_e = NULL;
+ }
+
+ free( ei->bei_nrdn.bv_val );
+ ei->bei_nrdn.bv_val = NULL;
+#ifdef BDB_HIER
+ free( ei->bei_rdn.bv_val );
+ ei->bei_rdn.bv_val = NULL;
+ ei->bei_modrdns = 0;
+ ei->bei_ckids = 0;
+ ei->bei_dkids = 0;
+#endif
+ ei->bei_parent = NULL;
+ ei->bei_kids = NULL;
+ ei->bei_lruprev = NULL;
+
+ ldap_pvt_thread_rdwr_wlock( &cache->c_rwlock );
+ ei->bei_lrunext = cache->c_eifree;
+ cache->c_eifree = ei;
+ ldap_pvt_thread_rdwr_wunlock( &cache->c_rwlock );
+ bdb_cache_entryinfo_unlock( ei );
+}
+
+static int
+bdb_cache_delete_internal(
+ Cache *cache,
+ EntryInfo *e,
+ int decr )
+{
+ int rc = 0; /* return code */
+
+ /* Lock the parent's kids tree */
+ bdb_cache_entryinfo_lock( e->bei_parent );
+
+#ifdef BDB_HIER
+ e->bei_parent->bei_ckids--;
+ if ( decr && e->bei_parent->bei_dkids ) e->bei_parent->bei_dkids--;
+#endif
+ /* dn tree */
+ if ( avl_delete( &e->bei_parent->bei_kids, (caddr_t) e, bdb_rdn_cmp )
+ == NULL )
+ {
+ rc = -1;
+ }
+ if ( e->bei_parent->bei_kids )
+ cache->c_leaves--;
+
+ /* id tree */
+ if ( avl_delete( &cache->c_idtree, (caddr_t) e, bdb_id_cmp ) == NULL ) {
+ rc = -1;
+ }
+
+ if ( rc == 0 ){
+ cache->c_eiused--;
+
+ /* lru */
+ LRU_DELETE( cache, e );
+ if ( e->bei_e ) cache->c_cursize--;
+ }
+
+ bdb_cache_entryinfo_unlock( e->bei_parent );
+
+ return( rc );
+}
+
+static void
+bdb_entryinfo_release( void *data )
+{
+ EntryInfo *ei = (EntryInfo *)data;
+ if ( ei->bei_kids ) {
+ avl_free( ei->bei_kids, NULL );
+ }
+ if ( ei->bei_e ) {
+ ei->bei_e->e_private = NULL;
+#ifdef SLAP_ZONE_ALLOC
+ bdb_entry_return( ei->bei_bdb, ei->bei_e, ei->bei_zseq );
+#else
+ bdb_entry_return( ei->bei_e );
+#endif
+ }
+ bdb_cache_entryinfo_destroy( ei );
+}
+
+void
+bdb_cache_release_all( Cache *cache )
+{
+ /* set cache write lock */
+ ldap_pvt_thread_rdwr_wlock( &cache->c_rwlock );
+ /* set lru mutex */
+ ldap_pvt_thread_mutex_lock( &cache->lru_tail_mutex );
+
+ Debug( LDAP_DEBUG_TRACE, "====> bdb_cache_release_all\n", 0, 0, 0 );
+
+ avl_free( cache->c_dntree.bei_kids, NULL );
+ avl_free( cache->c_idtree, bdb_entryinfo_release );
+ for (;cache->c_eifree;cache->c_eifree = cache->c_lruhead) {
+ cache->c_lruhead = cache->c_eifree->bei_lrunext;
+ bdb_cache_entryinfo_destroy(cache->c_eifree);
+ }
+ cache->c_cursize = 0;
+ cache->c_eiused = 0;
+ cache->c_leaves = 0;
+ cache->c_idtree = NULL;
+ cache->c_lruhead = NULL;
+ cache->c_lrutail = NULL;
+ cache->c_dntree.bei_kids = NULL;
+
+ /* free lru mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->lru_tail_mutex );
+ /* free cache write lock */
+ ldap_pvt_thread_rdwr_wunlock( &cache->c_rwlock );
+}
+
+#ifdef LDAP_DEBUG
+#ifdef SLAPD_UNUSED
+static void
+bdb_lru_print( Cache *cache )
+{
+ EntryInfo *e;
+
+ fprintf( stderr, "LRU queue (head to tail):\n" );
+ for ( e = cache->c_lruhead; e != NULL; e = e->bei_lrunext ) {
+ fprintf( stderr, "\trdn \"%20s\" id %ld\n",
+ e->bei_nrdn.bv_val, e->bei_id );
+ }
+ fprintf( stderr, "LRU queue (tail to head):\n" );
+ for ( e = cache->c_lrutail; e != NULL; e = e->bei_lruprev ) {
+ fprintf( stderr, "\trdn \"%20s\" id %ld\n",
+ e->bei_nrdn.bv_val, e->bei_id );
+ }
+}
+#endif
+#endif
+
+#ifdef BDB_REUSE_LOCKERS
+static void
+bdb_locker_id_free( void *key, void *data )
+{
+ DB_ENV *env = key;
+ u_int32_t lockid = (long)data;
+ int rc;
+
+ rc = XLOCK_ID_FREE( env, lockid );
+ if ( rc == EINVAL ) {
+ DB_LOCKREQ lr;
+ Debug( LDAP_DEBUG_ANY,
+ "bdb_locker_id_free: %lu err %s(%d)\n",
+ (unsigned long) lockid, db_strerror(rc), rc );
+ /* release all locks held by this locker. */
+ lr.op = DB_LOCK_PUT_ALL;
+ lr.obj = NULL;
+ env->lock_vec( env, lockid, 0, &lr, 1, NULL );
+ XLOCK_ID_FREE( env, lockid );
+ }
+}
+
+/* free up any keys used by the main thread */
+void
+bdb_locker_flush( DB_ENV *env )
+{
+ void *data;
+ void *ctx = ldap_pvt_thread_pool_context();
+
+ if ( !ldap_pvt_thread_pool_getkey( ctx, env, &data, NULL ) ) {
+ ldap_pvt_thread_pool_setkey( ctx, env, NULL, NULL );
+ bdb_locker_id_free( env, data );
+ }
+}
+
+int
+bdb_locker_id( Operation *op, DB_ENV *env, u_int32_t *locker )
+{
+ int i, rc;
+ u_int32_t lockid;
+ void *data;
+ void *ctx;
+
+ if ( !env || !locker ) return -1;
+
+ /* If no op was provided, try to find the ctx anyway... */
+ if ( op ) {
+ ctx = op->o_threadctx;
+ } else {
+ ctx = ldap_pvt_thread_pool_context();
+ }
+
+ /* Shouldn't happen unless we're single-threaded */
+ if ( !ctx ) {
+ *locker = 0;
+ return 0;
+ }
+
+ if ( ldap_pvt_thread_pool_getkey( ctx, env, &data, NULL ) ) {
+ for ( i=0, rc=1; rc != 0 && i<4; i++ ) {
+ rc = XLOCK_ID( env, &lockid );
+ if (rc) ldap_pvt_thread_yield();
+ }
+ if ( rc != 0) {
+ return rc;
+ }
+ data = (void *)((long)lockid);
+ if ( ( rc = ldap_pvt_thread_pool_setkey( ctx, env,
+ data, bdb_locker_id_free ) ) ) {
+ XLOCK_ID_FREE( env, lockid );
+ Debug( LDAP_DEBUG_ANY, "bdb_locker_id: err %s(%d)\n",
+ db_strerror(rc), rc, 0 );
+
+ return rc;
+ }
+ } else {
+ lockid = (long)data;
+ }
+ *locker = lockid;
+ return 0;
+}
+#endif /* BDB_REUSE_LOCKERS */
+
+void
+bdb_cache_delete_entry(
+ struct bdb_info *bdb,
+ EntryInfo *ei,
+ u_int32_t locker,
+ DB_LOCK *lock )
+{
+ ldap_pvt_thread_rdwr_wlock( &bdb->bi_cache.c_rwlock );
+ if ( bdb_cache_entry_db_lock( bdb->bi_dbenv, bdb->bi_cache.c_locker, ei, 1, 1, lock ) == 0 )
+ {
+ if ( ei->bei_e && !(ei->bei_state & CACHE_ENTRY_NOT_LINKED )) {
+ LRU_DELETE( &bdb->bi_cache, ei );
+ ei->bei_e->e_private = NULL;
+#ifdef SLAP_ZONE_ALLOC
+ bdb_entry_return( bdb, ei->bei_e, ei->bei_zseq );
+#else
+ bdb_entry_return( ei->bei_e );
+#endif
+ ei->bei_e = NULL;
+ --bdb->bi_cache.c_cursize;
+ }
+ bdb_cache_entry_db_unlock( bdb->bi_dbenv, lock );
+ }
+ ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/compare.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/compare.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/compare.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,203 @@
+/* compare.c - bdb backend compare routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/compare.c,v 1.44.2.4 2007/01/02 21:43:59 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-bdb.h"
+
+int
+bdb_compare( Operation *op, SlapReply *rs )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ Entry *e = NULL;
+ EntryInfo *ei;
+ Attribute *a;
+ int manageDSAit = get_manageDSAit( op );
+
+ u_int32_t locker;
+ DB_LOCK lock;
+
+ rs->sr_err = LOCK_ID(bdb->bi_dbenv, &locker);
+ switch(rs->sr_err) {
+ case 0:
+ break;
+ default:
+ send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
+ return rs->sr_err;
+ }
+
+dn2entry_retry:
+ /* get entry */
+ rs->sr_err = bdb_dn2entry( op, NULL, &op->o_req_ndn, &ei, 1,
+ locker, &lock );
+
+ switch( rs->sr_err ) {
+ case DB_NOTFOUND:
+ case 0:
+ break;
+ case LDAP_BUSY:
+ rs->sr_text = "ldap server busy";
+ goto return_results;
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto dn2entry_retry;
+ default:
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+
+ e = ei->bei_e;
+ if ( rs->sr_err == DB_NOTFOUND ) {
+ if ( e != NULL ) {
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* return referral only if "disclose" is granted on the object */
+ if ( ! access_allowed( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ rs->sr_matched = ch_strdup( e->e_dn );
+ rs->sr_ref = is_entry_referral( e )
+ ? get_entry_referrals( op, e )
+ : NULL;
+ rs->sr_err = LDAP_REFERRAL;
+ }
+
+ bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
+ e = NULL;
+
+ } else {
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ rs->sr_err = rs->sr_ref ? LDAP_REFERRAL : LDAP_NO_SUCH_OBJECT;
+ }
+
+ send_ldap_result( op, rs );
+
+ ber_bvarray_free( rs->sr_ref );
+ free( (char *)rs->sr_matched );
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+
+ goto done;
+ }
+
+ if (!manageDSAit && is_entry_referral( e ) ) {
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* return referral only if "disclose" is granted on the object */
+ if ( !access_allowed( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ /* entry is a referral, don't allow compare */
+ rs->sr_ref = get_entry_referrals( op, e );
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_matched = e->e_name.bv_val;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 );
+
+ send_ldap_result( op, rs );
+
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+ goto done;
+ }
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+ {
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !access_allowed( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ }
+ goto return_results;
+ }
+
+ if ( !access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
+ &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL ) )
+ {
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* return error only if "disclose"
+ * is granted on the object */
+ if ( !access_allowed( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ }
+ goto return_results;
+ }
+
+ rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
+
+ for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
+ a != NULL;
+ a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
+ {
+ rs->sr_err = LDAP_COMPARE_FALSE;
+
+ if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ a->a_nvals, &op->oq_compare.rs_ava->aa_value,
+ op->o_tmpmemctx ) == 0 )
+ {
+ rs->sr_err = LDAP_COMPARE_TRUE;
+ break;
+ }
+ }
+
+return_results:
+ send_ldap_result( op, rs );
+
+ switch ( rs->sr_err ) {
+ case LDAP_COMPARE_FALSE:
+ case LDAP_COMPARE_TRUE:
+ rs->sr_err = LDAP_SUCCESS;
+ break;
+ }
+
+done:
+ /* free entry */
+ if ( e != NULL ) {
+ bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache,
+ e, &lock );
+ }
+
+ LOCK_ID_FREE ( bdb->bi_dbenv, locker );
+ return rs->sr_err;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/config.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/config.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/config.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,698 @@
+/* config.c - bdb backend configuration file routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/config.c,v 1.43.2.17 2007/01/02 21:43:59 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/ctype.h>
+#include <ac/string.h>
+
+#include "back-bdb.h"
+
+#include "config.h"
+
+#include "lutil.h"
+#include "ldap_rq.h"
+
+#ifdef DB_DIRTY_READ
+# define SLAP_BDB_ALLOW_DIRTY_READ
+#endif
+
+#define bdb_cf_gen BDB_SYMBOL(cf_gen)
+#define bdb_cf_cleanup BDB_SYMBOL(cf_cleanup)
+#define bdb_checkpoint BDB_SYMBOL(checkpoint)
+#define bdb_online_index BDB_SYMBOL(online_index)
+
+static ConfigDriver bdb_cf_gen;
+
+enum {
+ BDB_CHKPT = 1,
+ BDB_CONFIG,
+ BDB_DIRECTORY,
+ BDB_NOSYNC,
+ BDB_DIRTYR,
+ BDB_INDEX,
+ BDB_LOCKD,
+ BDB_SSTACK
+};
+
+static ConfigTable bdbcfg[] = {
+ { "directory", "dir", 2, 2, 0, ARG_STRING|ARG_MAGIC|BDB_DIRECTORY,
+ bdb_cf_gen, "( OLcfgDbAt:0.1 NAME 'olcDbDirectory' "
+ "DESC 'Directory for database content' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "cachefree", "size", 2, 2, 0, ARG_INT|ARG_OFFSET,
+ (void *)offsetof(struct bdb_info, bi_cache.c_minfree),
+ "( OLcfgDbAt:1.11 NAME 'olcDbCacheFree' "
+ "DESC 'Number of extra entries to free when max is reached' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "cachesize", "size", 2, 2, 0, ARG_INT|ARG_OFFSET,
+ (void *)offsetof(struct bdb_info, bi_cache.c_maxsize),
+ "( OLcfgDbAt:1.1 NAME 'olcDbCacheSize' "
+ "DESC 'Entry cache size in entries' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "checkpoint", "kbyte> <min", 3, 3, 0, ARG_MAGIC|BDB_CHKPT,
+ bdb_cf_gen, "( OLcfgDbAt:1.2 NAME 'olcDbCheckpoint' "
+ "DESC 'Database checkpoint interval in kbytes and minutes' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )",NULL, NULL },
+ { "dbconfig", "DB_CONFIG setting", 1, 0, 0, ARG_MAGIC|BDB_CONFIG,
+ bdb_cf_gen, "( OLcfgDbAt:1.3 NAME 'olcDbConfig' "
+ "DESC 'BerkeleyDB DB_CONFIG configuration directives' "
+ "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
+ { "dbnosync", NULL, 1, 2, 0, ARG_ON_OFF|ARG_MAGIC|BDB_NOSYNC,
+ bdb_cf_gen, "( OLcfgDbAt:1.4 NAME 'olcDbNoSync' "
+ "DESC 'Disable synchronous database writes' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { "dirtyread", NULL, 1, 2, 0,
+#ifdef SLAP_BDB_ALLOW_DIRTY_READ
+ ARG_ON_OFF|ARG_MAGIC|BDB_DIRTYR, bdb_cf_gen,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgDbAt:1.5 NAME 'olcDbDirtyRead' "
+ "DESC 'Allow reads of uncommitted data' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { "idlcachesize", "size", 2, 2, 0, ARG_INT|ARG_OFFSET,
+ (void *)offsetof(struct bdb_info,bi_idl_cache_max_size),
+ "( OLcfgDbAt:1.6 NAME 'olcDbIDLcacheSize' "
+ "DESC 'IDL cache size in IDLs' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "index", "attr> <[pres,eq,approx,sub]", 2, 3, 0, ARG_MAGIC|BDB_INDEX,
+ bdb_cf_gen, "( OLcfgDbAt:0.2 NAME 'olcDbIndex' "
+ "DESC 'Attribute index parameters' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "linearindex", NULL, 1, 2, 0, ARG_ON_OFF|ARG_OFFSET,
+ (void *)offsetof(struct bdb_info, bi_linear_index),
+ "( OLcfgDbAt:1.7 NAME 'olcDbLinearIndex' "
+ "DESC 'Index attributes one at a time' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { "lockdetect", "policy", 2, 2, 0, ARG_MAGIC|BDB_LOCKD,
+ bdb_cf_gen, "( OLcfgDbAt:1.8 NAME 'olcDbLockDetect' "
+ "DESC 'Deadlock detection algorithm' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "mode", "mode", 2, 2, 0, ARG_INT|ARG_OFFSET,
+ (void *)offsetof(struct bdb_info, bi_dbenv_mode),
+ "( OLcfgDbAt:0.3 NAME 'olcDbMode' "
+ "DESC 'Unix permissions of database files' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "searchstack", "depth", 2, 2, 0, ARG_INT|ARG_MAGIC|BDB_SSTACK,
+ bdb_cf_gen, "( OLcfgDbAt:1.9 NAME 'olcDbSearchStack' "
+ "DESC 'Depth of search stack in IDLs' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "shm_key", "key", 2, 2, 0, ARG_INT|ARG_OFFSET,
+ (void *)offsetof(struct bdb_info, bi_shm_key),
+ "( OLcfgDbAt:1.10 NAME 'olcDbShmKey' "
+ "DESC 'Key for shared memory region' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { NULL, NULL, 0, 0, 0, ARG_IGNORED,
+ NULL, NULL, NULL, NULL }
+};
+
+static ConfigOCs bdbocs[] = {
+ {
+#ifdef BDB_HIER
+ "( OLcfgDbOc:1.2 "
+ "NAME 'olcHdbConfig' "
+ "DESC 'HDB backend configuration' "
+#else
+ "( OLcfgDbOc:1.1 "
+ "NAME 'olcBdbConfig' "
+ "DESC 'BDB backend configuration' "
+#endif
+ "SUP olcDatabaseConfig "
+ "MUST olcDbDirectory "
+ "MAY ( olcDbCacheSize $ olcDbCheckpoint $ olcDbConfig $ "
+ "olcDbNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ "
+ "olcDbIndex $ olcDbLinearIndex $ olcDbLockDetect $ "
+ "olcDbMode $ olcDbSearchStack $ olcDbShmKey $ "
+ " olcDbCacheFree ) )",
+ Cft_Database, bdbcfg },
+ { NULL, 0, NULL }
+};
+
+static slap_verbmasks bdb_lockd[] = {
+ { BER_BVC("default"), DB_LOCK_DEFAULT },
+ { BER_BVC("oldest"), DB_LOCK_OLDEST },
+ { BER_BVC("random"), DB_LOCK_RANDOM },
+ { BER_BVC("youngest"), DB_LOCK_YOUNGEST },
+ { BER_BVC("fewest"), DB_LOCK_MINLOCKS },
+ { BER_BVNULL, 0 }
+};
+
+/* perform periodic checkpoints */
+static void *
+bdb_checkpoint( void *ctx, void *arg )
+{
+ struct re_s *rtask = arg;
+ struct bdb_info *bdb = rtask->arg;
+
+ TXN_CHECKPOINT( bdb->bi_dbenv, bdb->bi_txn_cp_kbyte,
+ bdb->bi_txn_cp_min, 0 );
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ ldap_pvt_runqueue_stoptask( &slapd_rq, rtask );
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+ return NULL;
+}
+
+/* reindex entries on the fly */
+static void *
+bdb_online_index( void *ctx, void *arg )
+{
+ struct re_s *rtask = arg;
+ BackendDB *be = rtask->arg;
+ struct bdb_info *bdb = be->be_private;
+
+ Connection conn = {0};
+ OperationBuffer opbuf;
+ Operation *op = (Operation *) &opbuf;
+
+ DBC *curs;
+ DBT key, data;
+ DB_TXN *txn;
+ DB_LOCK lock;
+ u_int32_t locker;
+ ID id, nid;
+ EntryInfo *ei;
+ int rc, getnext = 1;
+ int i;
+
+ connection_fake_init( &conn, op, ctx );
+
+ op->o_bd = be;
+
+ DBTzero( &key );
+ DBTzero( &data );
+
+ id = 1;
+ key.data = &nid;
+ key.size = key.ulen = sizeof(ID);
+ key.flags = DB_DBT_USERMEM;
+
+ data.flags = DB_DBT_USERMEM | DB_DBT_PARTIAL;
+ data.dlen = data.ulen = 0;
+
+ while ( 1 ) {
+ if ( slapd_shutdown )
+ break;
+
+ rc = TXN_BEGIN( bdb->bi_dbenv, NULL, &txn, bdb->bi_db_opflags );
+ if ( rc )
+ break;
+ locker = TXN_ID( txn );
+ if ( getnext ) {
+ getnext = 0;
+ BDB_ID2DISK( id, &nid );
+ rc = bdb->bi_id2entry->bdi_db->cursor(
+ bdb->bi_id2entry->bdi_db, txn, &curs, bdb->bi_db_opflags );
+ if ( rc ) {
+ TXN_ABORT( txn );
+ break;
+ }
+ rc = curs->c_get( curs, &key, &data, DB_SET_RANGE );
+ curs->c_close( curs );
+ if ( rc ) {
+ TXN_ABORT( txn );
+ if ( rc == DB_NOTFOUND )
+ rc = 0;
+ if ( rc == DB_LOCK_DEADLOCK ) {
+ ldap_pvt_thread_yield();
+ continue;
+ }
+ break;
+ }
+ BDB_DISK2ID( &nid, &id );
+ }
+
+ ei = NULL;
+ rc = bdb_cache_find_id( op, txn, id, &ei, 0, locker, &lock );
+ if ( rc ) {
+ TXN_ABORT( txn );
+ if ( rc == DB_LOCK_DEADLOCK ) {
+ ldap_pvt_thread_yield();
+ continue;
+ }
+ if ( rc == DB_NOTFOUND ) {
+ id++;
+ getnext = 1;
+ continue;
+ }
+ break;
+ }
+ if ( ei->bei_e ) {
+ rc = bdb_index_entry( op, txn, BDB_INDEX_UPDATE_OP, ei->bei_e );
+ if ( rc == DB_LOCK_DEADLOCK ) {
+ TXN_ABORT( txn );
+ ldap_pvt_thread_yield();
+ continue;
+ }
+ if ( rc == 0 ) {
+ rc = TXN_COMMIT( txn, 0 );
+ txn = NULL;
+ }
+ if ( rc )
+ break;
+ }
+ id++;
+ getnext = 1;
+ }
+
+ for ( i = 0; i < bdb->bi_nattrs; i++ ) {
+ if ( bdb->bi_attrs[ i ]->ai_indexmask & BDB_INDEX_DELETING
+ || bdb->bi_attrs[ i ]->ai_newmask == 0 )
+ {
+ continue;
+ }
+ bdb->bi_attrs[ i ]->ai_indexmask = bdb->bi_attrs[ i ]->ai_newmask;
+ bdb->bi_attrs[ i ]->ai_newmask = 0;
+ }
+
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ ldap_pvt_runqueue_stoptask( &slapd_rq, rtask );
+ bdb->bi_index_task = NULL;
+ ldap_pvt_runqueue_remove( &slapd_rq, rtask );
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+
+ return NULL;
+}
+
+/* Cleanup loose ends after Modify completes */
+static int
+bdb_cf_cleanup( ConfigArgs *c )
+{
+ struct bdb_info *bdb = c->be->be_private;
+ int rc = 0;
+
+ if ( bdb->bi_flags & BDB_UPD_CONFIG ) {
+ if ( bdb->bi_db_config ) {
+ int i;
+ FILE *f = fopen( bdb->bi_db_config_path, "w" );
+ if ( f ) {
+ for (i=0; bdb->bi_db_config[i].bv_val; i++)
+ fprintf( f, "%s\n", bdb->bi_db_config[i].bv_val );
+ fclose( f );
+ }
+ } else {
+ unlink( bdb->bi_db_config_path );
+ }
+ bdb->bi_flags ^= BDB_UPD_CONFIG;
+ }
+
+ if ( bdb->bi_flags & BDB_DEL_INDEX ) {
+ bdb_attr_flush( bdb );
+ bdb->bi_flags ^= BDB_DEL_INDEX;
+ }
+
+ if ( bdb->bi_flags & BDB_RE_OPEN ) {
+ bdb->bi_flags ^= BDB_RE_OPEN;
+ rc = c->be->bd_info->bi_db_close( c->be );
+ if ( rc == 0 )
+ rc = c->be->bd_info->bi_db_open( c->be );
+ /* If this fails, we need to restart */
+ if ( rc ) {
+ slapd_shutdown = 2;
+ Debug( LDAP_DEBUG_ANY, LDAP_XSTRING(bdb_cf_cleanup)
+ ": failed to reopen database, rc=%d", rc, 0, 0 );
+ }
+ }
+ return rc;
+}
+
+static int
+bdb_cf_gen(ConfigArgs *c)
+{
+ struct bdb_info *bdb = c->be->be_private;
+ int rc;
+
+ if ( c->op == SLAP_CONFIG_EMIT ) {
+ rc = 0;
+ switch( c->type ) {
+ case BDB_CHKPT:
+ if (bdb->bi_txn_cp ) {
+ char buf[64];
+ struct berval bv;
+ bv.bv_len = sprintf( buf, "%d %d", bdb->bi_txn_cp_kbyte,
+ bdb->bi_txn_cp_min );
+ bv.bv_val = buf;
+ value_add_one( &c->rvalue_vals, &bv );
+ } else{
+ rc = 1;
+ }
+ break;
+
+ case BDB_DIRECTORY:
+ if ( bdb->bi_dbenv_home ) {
+ c->value_string = ch_strdup( bdb->bi_dbenv_home );
+ } else {
+ rc = 1;
+ }
+ break;
+
+ case BDB_CONFIG:
+ if (( slapMode&SLAP_SERVER_MODE ) && !( bdb->bi_flags&BDB_IS_OPEN )
+ && !bdb->bi_db_config ) {
+ char buf[SLAP_TEXT_BUFLEN];
+ FILE *f = fopen( bdb->bi_db_config_path, "r" );
+ struct berval bv;
+
+ if ( f ) {
+ bdb->bi_flags |= BDB_HAS_CONFIG;
+ while ( fgets( buf, sizeof(buf), f )) {
+ ber_str2bv( buf, 0, 1, &bv );
+ if ( bv.bv_len > 0 && bv.bv_val[bv.bv_len-1] == '\n' ) {
+ bv.bv_len--;
+ bv.bv_val[bv.bv_len] = '\0';
+ }
+ /* shouldn't need this, but ... */
+ if ( bv.bv_len > 0 && bv.bv_val[bv.bv_len-1] == '\r' ) {
+ bv.bv_len--;
+ bv.bv_val[bv.bv_len] = '\0';
+ }
+ ber_bvarray_add( &bdb->bi_db_config, &bv );
+ }
+ fclose( f );
+ }
+ }
+ if ( bdb->bi_db_config ) {
+ int i;
+ struct berval bv;
+
+ bv.bv_val = c->log;
+ for (i=0; !BER_BVISNULL(&bdb->bi_db_config[i]); i++) {
+ bv.bv_len = sprintf( bv.bv_val, "{%d}%s", i,
+ bdb->bi_db_config[i].bv_val );
+ value_add_one( &c->rvalue_vals, &bv );
+ }
+ }
+ if ( !c->rvalue_vals ) rc = 1;
+ break;
+
+ case BDB_NOSYNC:
+ if ( bdb->bi_dbenv_xflags & DB_TXN_NOSYNC )
+ c->value_int = 1;
+ break;
+
+ case BDB_INDEX:
+ bdb_attr_index_unparse( bdb, &c->rvalue_vals );
+ if ( !c->rvalue_vals ) rc = 1;
+ break;
+
+ case BDB_LOCKD:
+ rc = 1;
+ if ( bdb->bi_lock_detect != DB_LOCK_DEFAULT ) {
+ int i;
+ for (i=0; !BER_BVISNULL(&bdb_lockd[i].word); i++) {
+ if ( bdb->bi_lock_detect == bdb_lockd[i].mask ) {
+ value_add_one( &c->rvalue_vals, &bdb_lockd[i].word );
+ rc = 0;
+ break;
+ }
+ }
+ }
+ break;
+
+ case BDB_SSTACK:
+ c->value_int = bdb->bi_search_stack_depth;
+ break;
+ }
+ return rc;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ rc = 0;
+ switch( c->type ) {
+ /* single-valued no-ops */
+ case BDB_LOCKD:
+ case BDB_SSTACK:
+ break;
+
+ case BDB_CHKPT:
+ if ( bdb->bi_txn_cp_task ) {
+ struct re_s *re = bdb->bi_txn_cp_task;
+ bdb->bi_txn_cp_task = NULL;
+ if ( ldap_pvt_runqueue_isrunning( &slapd_rq, re ))
+ ldap_pvt_runqueue_stoptask( &slapd_rq, re );
+ ldap_pvt_runqueue_remove( &slapd_rq, re );
+ }
+ bdb->bi_txn_cp = 0;
+ break;
+ case BDB_CONFIG:
+ if ( c->valx < 0 ) {
+ ber_bvarray_free( bdb->bi_db_config );
+ bdb->bi_db_config = NULL;
+ } else {
+ int i = c->valx;
+ ch_free( bdb->bi_db_config[i].bv_val );
+ for (; bdb->bi_db_config[i].bv_val; i++)
+ bdb->bi_db_config[i] = bdb->bi_db_config[i+1];
+ }
+ bdb->bi_flags |= BDB_UPD_CONFIG;
+ c->cleanup = bdb_cf_cleanup;
+ break;
+ case BDB_DIRECTORY:
+ bdb->bi_flags |= BDB_RE_OPEN;
+ bdb->bi_flags ^= BDB_HAS_CONFIG;
+ ch_free( bdb->bi_dbenv_home );
+ bdb->bi_dbenv_home = NULL;
+ ch_free( bdb->bi_db_config_path );
+ bdb->bi_db_config_path = NULL;
+ c->cleanup = bdb_cf_cleanup;
+ ldap_pvt_thread_pool_purgekey( bdb->bi_dbenv );
+ ldap_pvt_thread_pool_purgekey( ((char *)bdb->bi_dbenv) + 1 );
+ break;
+ case BDB_NOSYNC:
+ bdb->bi_dbenv->set_flags( bdb->bi_dbenv, DB_TXN_NOSYNC, 0 );
+ break;
+ case BDB_INDEX:
+ if ( c->valx == -1 ) {
+ int i;
+
+ /* delete all (FIXME) */
+ for ( i = 0; i < bdb->bi_nattrs; i++ ) {
+ bdb->bi_attrs[i]->ai_indexmask |= BDB_INDEX_DELETING;
+ }
+ bdb->bi_flags |= BDB_DEL_INDEX;
+ c->cleanup = bdb_cf_cleanup;
+
+ } else {
+ struct berval bv, def = BER_BVC("default");
+ char *ptr;
+
+ for (ptr = c->line; !isspace( *ptr ); ptr++);
+
+ bv.bv_val = c->line;
+ bv.bv_len = ptr - bv.bv_val;
+ if ( bvmatch( &bv, &def )) {
+ bdb->bi_defaultmask = 0;
+
+ } else {
+ int i;
+ char **attrs;
+ char sep;
+
+ sep = bv.bv_val[ bv.bv_len ];
+ bv.bv_val[ bv.bv_len ] = '\0';
+ attrs = ldap_str2charray( bv.bv_val, "," );
+
+ for ( i = 0; attrs[ i ]; i++ ) {
+ AttributeDescription *ad = NULL;
+ const char *text;
+ AttrInfo *ai;
+
+ slap_str2ad( attrs[ i ], &ad, &text );
+ /* if we got here... */
+ assert( ad != NULL );
+
+ ai = bdb_attr_mask( bdb, ad );
+ /* if we got here... */
+ assert( ai != NULL );
+
+ ai->ai_indexmask |= BDB_INDEX_DELETING;
+ bdb->bi_flags |= BDB_DEL_INDEX;
+ c->cleanup = bdb_cf_cleanup;
+ }
+
+ bv.bv_val[ bv.bv_len ] = sep;
+ ldap_charray_free( attrs );
+ }
+ }
+ break;
+ }
+ return rc;
+ }
+
+ switch( c->type ) {
+ case BDB_CHKPT: {
+ long l;
+ bdb->bi_txn_cp = 1;
+ if ( lutil_atolx( &l, c->argv[1], 0 ) != 0 ) {
+ fprintf( stderr, "%s: "
+ "invalid kbyte \"%s\" in \"checkpoint\".\n",
+ c->log, c->argv[1] );
+ return 1;
+ }
+ bdb->bi_txn_cp_kbyte = l;
+ if ( lutil_atolx( &l, c->argv[2], 0 ) != 0 ) {
+ fprintf( stderr, "%s: "
+ "invalid minutes \"%s\" in \"checkpoint\".\n",
+ c->log, c->argv[2] );
+ return 1;
+ }
+ bdb->bi_txn_cp_min = l;
+ /* If we're in server mode and time-based checkpointing is enabled,
+ * submit a task to perform periodic checkpoints.
+ */
+ if ((slapMode & SLAP_SERVER_MODE) && bdb->bi_txn_cp_min ) {
+ struct re_s *re = bdb->bi_txn_cp_task;
+ if ( re ) {
+ re->interval.tv_sec = bdb->bi_txn_cp_min * 60;
+ } else {
+ if ( c->be->be_suffix == NULL || BER_BVISNULL( &c->be->be_suffix[0] ) ) {
+ fprintf( stderr, "%s: "
+ "\"checkpoint\" must occur after \"suffix\".\n",
+ c->log );
+ return 1;
+ }
+ bdb->bi_txn_cp_task = ldap_pvt_runqueue_insert( &slapd_rq,
+ bdb->bi_txn_cp_min * 60, bdb_checkpoint, bdb,
+ LDAP_XSTRING(bdb_checkpoint), c->be->be_suffix[0].bv_val );
+ }
+ }
+ } break;
+
+ case BDB_CONFIG: {
+ char *ptr = c->line;
+ struct berval bv;
+
+ if ( c->op == SLAP_CONFIG_ADD ) {
+ ptr += STRLENOF("dbconfig");
+ while (!isspace(*ptr)) ptr++;
+ while (isspace(*ptr)) ptr++;
+ }
+
+ if ( bdb->bi_flags & BDB_IS_OPEN ) {
+ bdb->bi_flags |= BDB_UPD_CONFIG;
+ c->cleanup = bdb_cf_cleanup;
+ } else {
+ /* If we're just starting up...
+ */
+ FILE *f;
+ /* If a DB_CONFIG file exists, or we don't know the path
+ * to the DB_CONFIG file, ignore these directives
+ */
+ if (( bdb->bi_flags & BDB_HAS_CONFIG ) || !bdb->bi_db_config_path )
+ break;
+ f = fopen( bdb->bi_db_config_path, "a" );
+ if ( f ) {
+ /* FIXME: EBCDIC probably needs special handling */
+ fprintf( f, "%s\n", ptr );
+ fclose( f );
+ }
+ }
+ ber_str2bv( ptr, 0, 1, &bv );
+ ber_bvarray_add( &bdb->bi_db_config, &bv );
+ }
+ break;
+
+ case BDB_DIRECTORY: {
+ FILE *f;
+ char *ptr;
+
+ if ( bdb->bi_dbenv_home )
+ ch_free( bdb->bi_dbenv_home );
+ bdb->bi_dbenv_home = c->value_string;
+
+ /* See if a DB_CONFIG file already exists here */
+ if ( bdb->bi_db_config_path )
+ ch_free( bdb->bi_db_config_path );
+ bdb->bi_db_config_path = ch_malloc( strlen( bdb->bi_dbenv_home ) +
+ STRLENOF(LDAP_DIRSEP) + STRLENOF("DB_CONFIG") + 1 );
+ ptr = lutil_strcopy( bdb->bi_db_config_path, bdb->bi_dbenv_home );
+ *ptr++ = LDAP_DIRSEP[0];
+ strcpy( ptr, "DB_CONFIG" );
+
+ f = fopen( bdb->bi_db_config_path, "r" );
+ if ( f ) {
+ bdb->bi_flags |= BDB_HAS_CONFIG;
+ fclose(f);
+ }
+ }
+ break;
+
+ case BDB_NOSYNC:
+ if ( c->value_int )
+ bdb->bi_dbenv_xflags |= DB_TXN_NOSYNC;
+ else
+ bdb->bi_dbenv_xflags &= ~DB_TXN_NOSYNC;
+ if ( bdb->bi_flags & BDB_IS_OPEN ) {
+ bdb->bi_dbenv->set_flags( bdb->bi_dbenv, DB_TXN_NOSYNC,
+ c->value_int );
+ }
+ break;
+
+ case BDB_INDEX:
+ rc = bdb_attr_index_config( bdb, c->fname, c->lineno,
+ c->argc - 1, &c->argv[1] );
+
+ if( rc != LDAP_SUCCESS ) return 1;
+ if (( bdb->bi_flags & BDB_IS_OPEN ) && !bdb->bi_index_task ) {
+ /* Start the task as soon as we finish here. Set a long
+ * interval (10 hours) so that it only gets scheduled once.
+ */
+ if ( c->be->be_suffix == NULL || BER_BVISNULL( &c->be->be_suffix[0] ) ) {
+ fprintf( stderr, "%s: "
+ "\"index\" must occur after \"suffix\".\n",
+ c->log );
+ return 1;
+ }
+ bdb->bi_index_task = ldap_pvt_runqueue_insert( &slapd_rq, 36000,
+ bdb_online_index, c->be,
+ LDAP_XSTRING(bdb_online_index), c->be->be_suffix[0].bv_val );
+ }
+ break;
+
+ case BDB_LOCKD:
+ rc = verb_to_mask( c->argv[1], bdb_lockd );
+ if ( BER_BVISNULL(&bdb_lockd[rc].word) ) {
+ fprintf( stderr, "%s: "
+ "bad policy (%s) in \"lockDetect <policy>\" line\n",
+ c->log, c->argv[1] );
+ return 1;
+ }
+ bdb->bi_lock_detect = rc;
+ break;
+
+ case BDB_SSTACK:
+ if ( c->value_int < MINIMUM_SEARCH_STACK_DEPTH ) {
+ fprintf( stderr,
+ "%s: depth %d too small, using %d\n",
+ c->log, c->value_int, MINIMUM_SEARCH_STACK_DEPTH );
+ c->value_int = MINIMUM_SEARCH_STACK_DEPTH;
+ }
+ bdb->bi_search_stack_depth = c->value_int;
+ break;
+ }
+ return 0;
+}
+
+int bdb_back_init_cf( BackendInfo *bi )
+{
+ int rc;
+ bi->bi_cf_ocs = bdbocs;
+
+ rc = config_register_schema( bdbcfg, bdbocs );
+ if ( rc ) return rc;
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/dbcache.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/dbcache.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/dbcache.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,153 @@
+/* dbcache.c - manage cache of open databases */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dbcache.c,v 1.38.2.5 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <sys/stat.h>
+
+#include "slap.h"
+#include "back-bdb.h"
+#include "lutil_hash.h"
+
+#ifdef BDB_INDEX_USE_HASH
+/* Pass-thru hash function. Since the indexer is already giving us hash
+ * values as keys, we don't need BDB to re-hash them.
+ */
+static u_int32_t
+bdb_db_hash(
+ DB *db,
+ const void *bytes,
+ u_int32_t length
+)
+{
+ u_int32_t ret = 0;
+ unsigned char *dst = (unsigned char *)&ret;
+ const unsigned char *src = (const unsigned char *)bytes;
+
+ if ( length > sizeof(u_int32_t) )
+ length = sizeof(u_int32_t);
+
+ while ( length ) {
+ *dst++ = *src++;
+ length--;
+ }
+ return ret;
+}
+#define BDB_INDEXTYPE DB_HASH
+#else
+#define BDB_INDEXTYPE DB_BTREE
+#endif
+
+int
+bdb_db_cache(
+ Backend *be,
+ const char *name,
+ DB **dbout )
+{
+ int i, flags;
+ int rc;
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ struct bdb_db_info *db;
+ char *file;
+
+ *dbout = NULL;
+
+ for( i=BDB_NDB; i < bdb->bi_ndatabases; i++ ) {
+ if( !strcmp( bdb->bi_databases[i]->bdi_name, name) ) {
+ *dbout = bdb->bi_databases[i]->bdi_db;
+ return 0;
+ }
+ }
+
+ ldap_pvt_thread_mutex_lock( &bdb->bi_database_mutex );
+
+ /* check again! may have been added by another thread */
+ for( i=BDB_NDB; i < bdb->bi_ndatabases; i++ ) {
+ if( !strcmp( bdb->bi_databases[i]->bdi_name, name) ) {
+ *dbout = bdb->bi_databases[i]->bdi_db;
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_database_mutex );
+ return 0;
+ }
+ }
+
+ if( i >= BDB_INDICES ) {
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_database_mutex );
+ return -1;
+ }
+
+ db = (struct bdb_db_info *) ch_calloc(1, sizeof(struct bdb_db_info));
+
+ db->bdi_name = ch_strdup( name );
+
+ rc = db_create( &db->bdi_db, bdb->bi_dbenv, 0 );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "bdb_db_cache: db_create(%s) failed: %s (%d)\n",
+ bdb->bi_dbenv_home, db_strerror(rc), rc );
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_database_mutex );
+ return rc;
+ }
+
+ rc = db->bdi_db->set_pagesize( db->bdi_db, BDB_PAGESIZE );
+#ifdef BDB_INDEX_USE_HASH
+ rc = db->bdi_db->set_h_hash( db->bdi_db, bdb_db_hash );
+#endif
+ rc = db->bdi_db->set_flags( db->bdi_db, DB_DUP | DB_DUPSORT );
+
+ file = ch_malloc( strlen( name ) + sizeof(BDB_SUFFIX) );
+ sprintf( file, "%s" BDB_SUFFIX, name );
+
+#ifdef HAVE_EBCDIC
+ __atoe( file );
+#endif
+ flags = DB_CREATE | DB_THREAD;
+#ifdef DB_AUTO_COMMIT
+ if ( !( slapMode & SLAP_TOOL_QUICK ))
+ flags |= DB_AUTO_COMMIT;
+#endif
+ /* Cannot Truncate when Transactions are in use */
+ if ( (slapMode & (SLAP_TOOL_QUICK|SLAP_TRUNCATE_MODE)) ==
+ (SLAP_TOOL_QUICK|SLAP_TRUNCATE_MODE))
+ flags |= DB_TRUNCATE;
+
+ rc = DB_OPEN( db->bdi_db,
+ file, NULL /* name */,
+ BDB_INDEXTYPE, bdb->bi_db_opflags | flags, bdb->bi_dbenv_mode );
+
+ ch_free( file );
+
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "bdb_db_cache: db_open(%s) failed: %s (%d)\n",
+ name, db_strerror(rc), rc );
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_database_mutex );
+ return rc;
+ }
+
+ bdb->bi_databases[i] = db;
+ bdb->bi_ndatabases = i+1;
+
+ *dbout = db->bdi_db;
+
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_database_mutex );
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/delete.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/delete.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/delete.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,540 @@
+/* delete.c - bdb backend delete routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/delete.c,v 1.132.2.10 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "lutil.h"
+#include "back-bdb.h"
+
+int
+bdb_delete( Operation *op, SlapReply *rs )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ Entry *matched = NULL;
+ struct berval pdn = {0, NULL};
+ Entry *e = NULL;
+ Entry *p = NULL;
+ EntryInfo *ei = NULL, *eip = NULL;
+ int manageDSAit = get_manageDSAit( op );
+ AttributeDescription *children = slap_schema.si_ad_children;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
+ DB_TXN *ltid = NULL, *lt2;
+ struct bdb_op_info opinfo = {0};
+ ID eid;
+
+ u_int32_t locker = 0;
+ DB_LOCK lock, plock;
+
+ int num_retries = 0;
+
+ int rc;
+
+ LDAPControl **preread_ctrl = NULL;
+ LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
+ int num_ctrls = 0;
+
+ int parent_is_glue = 0;
+ int parent_is_leaf = 0;
+
+ ctrls[num_ctrls] = 0;
+
+ Debug( LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(bdb_delete) ": %s\n",
+ op->o_req_dn.bv_val, 0, 0 );
+
+ /* allocate CSN */
+ if ( BER_BVISEMPTY( &op->o_csn )) {
+ struct berval csn;
+ char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
+
+ csn.bv_val = csnbuf;
+ csn.bv_len = sizeof(csnbuf);
+ slap_get_csn( op, &csn, 1 );
+ }
+
+ if( 0 ) {
+retry: /* transaction retry */
+ if( e != NULL ) {
+ bdb_unlocked_cache_return_entry_w(&bdb->bi_cache, e);
+ e = NULL;
+ }
+ if( p != NULL ) {
+ bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
+ p = NULL;
+ }
+ Debug( LDAP_DEBUG_TRACE,
+ "==> " LDAP_XSTRING(bdb_delete) ": retrying...\n",
+ 0, 0, 0 );
+ rs->sr_err = TXN_ABORT( ltid );
+ ltid = NULL;
+ op->o_private = NULL;
+ op->o_do_not_cache = opinfo.boi_acl_cache;
+ if( rs->sr_err != 0 ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+ if ( op->o_abandon ) {
+ rs->sr_err = SLAPD_ABANDON;
+ goto return_results;
+ }
+ parent_is_glue = 0;
+ parent_is_leaf = 0;
+ bdb_trans_backoff( ++num_retries );
+ }
+
+ /* begin transaction */
+ rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, <id,
+ bdb->bi_db_opflags );
+ rs->sr_text = NULL;
+ if( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_delete) ": txn_begin failed: "
+ "%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+
+ locker = TXN_ID ( ltid );
+
+ opinfo.boi_bdb = op->o_bd;
+ opinfo.boi_txn = ltid;
+ opinfo.boi_locker = locker;
+ opinfo.boi_err = 0;
+ opinfo.boi_acl_cache = op->o_do_not_cache;
+ op->o_private = &opinfo;
+
+ if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
+ dnParent( &op->o_req_ndn, &pdn );
+ }
+
+ /* get entry */
+ rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei, 1,
+ locker, &lock );
+
+ switch( rs->sr_err ) {
+ case 0:
+ case DB_NOTFOUND:
+ break;
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ case LDAP_BUSY:
+ rs->sr_text = "ldap server busy";
+ goto return_results;
+ default:
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+
+ if ( rs->sr_err == 0 ) {
+ e = ei->bei_e;
+ eip = ei->bei_parent;
+ } else {
+ matched = ei->bei_e;
+ }
+
+ /* FIXME : dn2entry() should return non-glue entry */
+ if ( e == NULL || ( !manageDSAit && is_entry_glue( e ))) {
+ Debug( LDAP_DEBUG_ARGS,
+ "<=- " LDAP_XSTRING(bdb_delete) ": no such object %s\n",
+ op->o_req_dn.bv_val, 0, 0);
+
+ if ( matched != NULL ) {
+ rs->sr_matched = ch_strdup( matched->e_dn );
+ rs->sr_ref = is_entry_referral( matched )
+ ? get_entry_referrals( op, matched )
+ : NULL;
+ bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, matched);
+ matched = NULL;
+
+ } else {
+ rs->sr_ref = referral_rewrite( default_referral, NULL,
+ &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ }
+
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
+ goto return_results;
+ }
+
+ rc = bdb_cache_find_id( op, ltid, eip->bei_id, &eip, 0, locker, &plock );
+ switch( rc ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ case 0:
+ case DB_NOTFOUND:
+ break;
+ default:
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+ if ( eip ) p = eip->bei_e;
+
+ if ( pdn.bv_len != 0 ) {
+ if( p == NULL || !bvmatch( &pdn, &p->e_nname )) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_delete) ": parent "
+ "does not exist\n", 0, 0, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "could not locate parent of entry";
+ goto return_results;
+ }
+
+ /* check parent for "children" acl */
+ rs->sr_err = access_allowed( op, p,
+ children, NULL, ACL_WDEL, NULL );
+
+ if ( !rs->sr_err ) {
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_delete) ": no write "
+ "access to parent\n", 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "no write access to parent";
+ goto return_results;
+ }
+
+ } else {
+ /* no parent, must be root to delete */
+ if( ! be_isroot( op ) ) {
+ if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
+ || be_shadow_update( op ) ) {
+ p = (Entry *)&slap_entry_root;
+
+ /* check parent for "children" acl */
+ rs->sr_err = access_allowed( op, p,
+ children, NULL, ACL_WDEL, NULL );
+
+ p = NULL;
+
+ if ( !rs->sr_err ) {
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_delete)
+ ": no access to parent\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "no write access to parent";
+ goto return_results;
+ }
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_delete)
+ ": no parent and not root\n", 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+ }
+ }
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ goto return_results;
+ }
+
+ rs->sr_err = access_allowed( op, e,
+ entry, NULL, ACL_WDEL, NULL );
+
+ if ( !rs->sr_err ) {
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_delete) ": no write access "
+ "to entry\n", 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "no write access to entry";
+ goto return_results;
+ }
+
+ if ( !manageDSAit && is_entry_referral( e ) ) {
+ /* entry is a referral, don't allow delete */
+ rs->sr_ref = get_entry_referrals( op, e );
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_delete) ": entry is referral\n",
+ 0, 0, 0 );
+
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_matched = ch_strdup( e->e_name.bv_val );
+ rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
+ goto return_results;
+ }
+
+ /* pre-read */
+ if( op->o_preread ) {
+ if( preread_ctrl == NULL ) {
+ preread_ctrl = &ctrls[num_ctrls++];
+ ctrls[num_ctrls] = NULL;
+ }
+ if( slap_read_controls( op, rs, e,
+ &slap_pre_read_bv, preread_ctrl ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_delete) ": pre-read "
+ "failed!\n", 0, 0, 0 );
+ goto return_results;
+ }
+ }
+
+ /* nested transaction */
+ rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2,
+ bdb->bi_db_opflags );
+ rs->sr_text = NULL;
+ if( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_delete) ": txn_begin(2) failed: "
+ "%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+
+ /* Can't do it if we have kids */
+ rs->sr_err = bdb_cache_children( op, lt2, e );
+ if( rs->sr_err != DB_NOTFOUND ) {
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ case 0:
+ Debug(LDAP_DEBUG_ARGS,
+ "<=- " LDAP_XSTRING(bdb_delete)
+ ": non-leaf %s\n",
+ op->o_req_dn.bv_val, 0, 0);
+ rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
+ rs->sr_text = "subordinate objects must be deleted first";
+ break;
+ default:
+ Debug(LDAP_DEBUG_ARGS,
+ "<=- " LDAP_XSTRING(bdb_delete)
+ ": has_children failed: %s (%d)\n",
+ db_strerror(rs->sr_err), rs->sr_err, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ }
+ goto return_results;
+ }
+
+ /* delete from dn2id */
+ rs->sr_err = bdb_dn2id_delete( op, lt2, eip, e );
+ if ( rs->sr_err != 0 ) {
+ Debug(LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_delete) ": dn2id failed: "
+ "%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+ rs->sr_text = "DN index delete failed";
+ rs->sr_err = LDAP_OTHER;
+ goto return_results;
+ }
+
+ /* delete indices for old attributes */
+ rs->sr_err = bdb_index_entry_del( op, lt2, e );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug(LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_delete) ": index failed: "
+ "%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+ rs->sr_text = "entry index delete failed";
+ rs->sr_err = LDAP_OTHER;
+ goto return_results;
+ }
+
+ /* fixup delete CSN */
+ if ( !SLAP_SHADOW( op->o_bd )) {
+ struct berval vals[2];
+ vals[0] = op->o_csn;
+ BER_BVZERO( vals+1 );
+ rs->sr_err = bdb_index_values( op, lt2, slap_schema.si_ad_entryCSN,
+ vals, 0, SLAP_INDEX_ADD_OP );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+ rs->sr_text = "entryCSN index update failed";
+ rs->sr_err = LDAP_OTHER;
+ goto return_results;
+ }
+ }
+
+ /* delete from id2entry */
+ rs->sr_err = bdb_id2entry_delete( op->o_bd, lt2, e );
+ if ( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_delete) ": id2entry failed: "
+ "%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+ rs->sr_text = "entry delete failed";
+ rs->sr_err = LDAP_OTHER;
+ goto return_results;
+ }
+
+ if ( pdn.bv_len != 0 ) {
+ parent_is_glue = is_entry_glue(p);
+ rs->sr_err = bdb_cache_children( op, lt2, p );
+ if ( rs->sr_err != DB_NOTFOUND ) {
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ case 0:
+ break;
+ default:
+ Debug(LDAP_DEBUG_ARGS,
+ "<=- " LDAP_XSTRING(bdb_delete)
+ ": has_children failed: %s (%d)\n",
+ db_strerror(rs->sr_err), rs->sr_err, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+ parent_is_leaf = 1;
+ }
+ bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
+ p = NULL;
+ }
+
+ if ( TXN_COMMIT( lt2, 0 ) != 0 ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "txn_commit(2) failed";
+ goto return_results;
+ }
+
+ eid = e->e_id;
+
+#if 0 /* Do we want to reclaim deleted IDs? */
+ ldap_pvt_thread_mutex_lock( &bdb->bi_lastid_mutex );
+ if ( e->e_id == bdb->bi_lastid ) {
+ bdb_last_id( op->o_bd, ltid );
+ }
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_lastid_mutex );
+#endif
+
+ if( op->o_noop ) {
+ if ( ( rs->sr_err = TXN_ABORT( ltid ) ) != 0 ) {
+ rs->sr_text = "txn_abort (no-op) failed";
+ } else {
+ rs->sr_err = LDAP_X_NO_OPERATION;
+ ltid = NULL;
+ goto return_results;
+ }
+ } else {
+ rc = bdb_cache_delete( &bdb->bi_cache, e, bdb->bi_dbenv,
+ locker, &lock );
+ switch( rc ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ rs->sr_err = TXN_COMMIT( ltid, 0 );
+ }
+ ltid = NULL;
+ op->o_private = NULL;
+
+ if( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_delete) ": txn_%s failed: %s (%d)\n",
+ op->o_noop ? "abort (no-op)" : "commit",
+ db_strerror(rs->sr_err), rs->sr_err );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "commit failed";
+
+ goto return_results;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_delete) ": deleted%s id=%08lx dn=\"%s\"\n",
+ op->o_noop ? " (no-op)" : "",
+ eid, op->o_req_dn.bv_val );
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ if( num_ctrls ) rs->sr_ctrls = ctrls;
+
+return_results:
+ if ( rs->sr_err == LDAP_SUCCESS && parent_is_glue && parent_is_leaf ) {
+ op->o_delete_glue_parent = 1;
+ }
+
+ if ( p )
+ bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
+
+ /* free entry */
+ if( e != NULL ) {
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ /* Free the EntryInfo and the Entry */
+ bdb_cache_delete_cleanup( &bdb->bi_cache, BEI(e) );
+ } else {
+ bdb_unlocked_cache_return_entry_w(&bdb->bi_cache, e);
+ }
+ }
+
+ if( ltid != NULL ) {
+ TXN_ABORT( ltid );
+ }
+ op->o_private = NULL;
+
+ send_ldap_result( op, rs );
+ slap_graduate_commit_csn( op );
+
+ if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
+ slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+ slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
+ }
+
+ if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
+ TXN_CHECKPOINT( bdb->bi_dbenv,
+ bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
+ }
+ return rs->sr_err;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/dn2entry.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/dn2entry.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/dn2entry.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,85 @@
+/* dn2entry.c - routines to deal with the dn2id / id2entry glue */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dn2entry.c,v 1.25.2.5 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-bdb.h"
+
+/*
+ * dn2entry - look up dn in the cache/indexes and return the corresponding
+ * entry. If the requested DN is not found and matched is TRUE, return info
+ * for the closest ancestor of the DN. Otherwise e is NULL.
+ */
+
+int
+bdb_dn2entry(
+ Operation *op,
+ DB_TXN *tid,
+ struct berval *dn,
+ EntryInfo **e,
+ int matched,
+ u_int32_t locker,
+ DB_LOCK *lock )
+{
+ EntryInfo *ei = NULL;
+ int rc, rc2;
+
+ Debug(LDAP_DEBUG_TRACE, "bdb_dn2entry(\"%s\")\n",
+ dn->bv_val, 0, 0 );
+
+ *e = NULL;
+
+ rc = bdb_cache_find_ndn( op, tid, dn, &ei );
+ if ( rc ) {
+ if ( matched && rc == DB_NOTFOUND ) {
+ /* Set the return value, whether we have its entry
+ * or not.
+ */
+ *e = ei;
+ if ( ei && ei->bei_id ) {
+ rc2 = bdb_cache_find_id( op, tid, ei->bei_id,
+ &ei, 1, locker, lock );
+ if ( rc2 ) rc = rc2;
+ } else if ( ei ) {
+ bdb_cache_entryinfo_unlock( ei );
+ memset( lock, 0, sizeof( *lock ));
+ lock->mode = DB_LOCK_NG;
+ }
+ } else if ( ei ) {
+ bdb_cache_entryinfo_unlock( ei );
+ }
+ } else {
+ rc = bdb_cache_find_id( op, tid, ei->bei_id, &ei, 1,
+ locker, lock );
+ if ( rc == 0 ) {
+ *e = ei;
+ } else if ( matched && rc == DB_NOTFOUND ) {
+ /* always return EntryInfo */
+ if ( ei->bei_parent ) {
+ ei = ei->bei_parent;
+ rc2 = bdb_cache_find_id( op, tid, ei->bei_id, &ei, 1,
+ locker, lock );
+ if ( rc2 ) rc = rc2;
+ }
+ *e = ei;
+ }
+ }
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/dn2id.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/dn2id.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/dn2id.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1129 @@
+/* dn2id.c - routines to deal with the dn2id index */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dn2id.c,v 1.106.2.15 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-bdb.h"
+#include "idl.h"
+#include "lutil.h"
+
+#ifndef BDB_HIER
+int
+bdb_dn2id_add(
+ Operation *op,
+ DB_TXN *txn,
+ EntryInfo *eip,
+ Entry *e )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db = bdb->bi_dn2id->bdi_db;
+ int rc;
+ DBT key, data;
+ ID nid;
+ char *buf;
+ struct berval ptr, pdn;
+
+ Debug( LDAP_DEBUG_TRACE, "=> bdb_dn2id_add( \"%s\", 0x%08lx )\n",
+ e->e_ndn, (long) e->e_id, 0 );
+ assert( e->e_id != NOID );
+
+ DBTzero( &key );
+ key.size = e->e_nname.bv_len + 2;
+ key.ulen = key.size;
+ key.flags = DB_DBT_USERMEM;
+ buf = op->o_tmpalloc( key.size, op->o_tmpmemctx );
+ key.data = buf;
+ buf[0] = DN_BASE_PREFIX;
+ ptr.bv_val = buf + 1;
+ ptr.bv_len = e->e_nname.bv_len;
+ AC_MEMCPY( ptr.bv_val, e->e_nname.bv_val, e->e_nname.bv_len );
+ ptr.bv_val[ptr.bv_len] = '\0';
+
+ DBTzero( &data );
+ data.data = &nid;
+ data.size = sizeof( nid );
+ BDB_ID2DISK( e->e_id, &nid );
+
+ /* store it -- don't override */
+ rc = db->put( db, txn, &key, &data, DB_NOOVERWRITE );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "=> bdb_dn2id_add: put failed: %s %d\n",
+ db_strerror(rc), rc, 0 );
+ goto done;
+ }
+
+#ifndef BDB_MULTIPLE_SUFFIXES
+ if( !be_issuffix( op->o_bd, &ptr ))
+#endif
+ {
+ buf[0] = DN_SUBTREE_PREFIX;
+ rc = db->put( db, txn, &key, &data, DB_NOOVERWRITE );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "=> bdb_dn2id_add: subtree (%s) put failed: %d\n",
+ ptr.bv_val, rc, 0 );
+ goto done;
+ }
+
+#ifdef BDB_MULTIPLE_SUFFIXES
+ if( !be_issuffix( op->o_bd, &ptr ))
+#endif
+ {
+ dnParent( &ptr, &pdn );
+
+ key.size = pdn.bv_len + 2;
+ key.ulen = key.size;
+ pdn.bv_val[-1] = DN_ONE_PREFIX;
+ key.data = pdn.bv_val-1;
+ ptr = pdn;
+
+ rc = bdb_idl_insert_key( op->o_bd, db, txn, &key, e->e_id );
+
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "=> bdb_dn2id_add: parent (%s) insert failed: %d\n",
+ ptr.bv_val, rc, 0 );
+ goto done;
+ }
+ }
+
+#ifndef BDB_MULTIPLE_SUFFIXES
+ while( !be_issuffix( op->o_bd, &ptr ))
+#else
+ for (;;)
+#endif
+ {
+ ptr.bv_val[-1] = DN_SUBTREE_PREFIX;
+
+ rc = bdb_idl_insert_key( op->o_bd, db, txn, &key, e->e_id );
+
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "=> bdb_dn2id_add: subtree (%s) insert failed: %d\n",
+ ptr.bv_val, rc, 0 );
+ break;
+ }
+#ifdef BDB_MULTIPLE_SUFFIXES
+ if( be_issuffix( op->o_bd, &ptr )) break;
+#endif
+ dnParent( &ptr, &pdn );
+
+ key.size = pdn.bv_len + 2;
+ key.ulen = key.size;
+ key.data = pdn.bv_val - 1;
+ ptr = pdn;
+ }
+ }
+
+done:
+ op->o_tmpfree( buf, op->o_tmpmemctx );
+ Debug( LDAP_DEBUG_TRACE, "<= bdb_dn2id_add: %d\n", rc, 0, 0 );
+ return rc;
+}
+
+int
+bdb_dn2id_delete(
+ Operation *op,
+ DB_TXN *txn,
+ EntryInfo *eip,
+ Entry *e )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db = bdb->bi_dn2id->bdi_db;
+ int rc;
+ DBT key;
+ char *buf;
+ struct berval pdn, ptr;
+
+ Debug( LDAP_DEBUG_TRACE, "=> bdb_dn2id_delete( \"%s\", 0x%08lx )\n",
+ e->e_ndn, e->e_id, 0 );
+
+ DBTzero( &key );
+ key.size = e->e_nname.bv_len + 2;
+ buf = op->o_tmpalloc( key.size, op->o_tmpmemctx );
+ key.data = buf;
+ key.flags = DB_DBT_USERMEM;
+ buf[0] = DN_BASE_PREFIX;
+ ptr.bv_val = buf+1;
+ ptr.bv_len = e->e_nname.bv_len;
+ AC_MEMCPY( ptr.bv_val, e->e_nname.bv_val, e->e_nname.bv_len );
+ ptr.bv_val[ptr.bv_len] = '\0';
+
+ /* delete it */
+ rc = db->del( db, txn, &key, 0 );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "=> bdb_dn2id_delete: delete failed: %s %d\n",
+ db_strerror(rc), rc, 0 );
+ goto done;
+ }
+
+#ifndef BDB_MULTIPLE_SUFFIXES
+ if( !be_issuffix( op->o_bd, &ptr ))
+#endif
+ {
+ buf[0] = DN_SUBTREE_PREFIX;
+ rc = bdb_idl_delete_key( op->o_bd, db, txn, &key, e->e_id );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "=> bdb_dn2id_delete: subtree (%s) delete failed: %d\n",
+ ptr.bv_val, rc, 0 );
+ goto done;
+ }
+
+#ifdef BDB_MULTIPLE_SUFFIXES
+ if( !be_issuffix( op->o_bd, &ptr ))
+#endif
+ {
+ dnParent( &ptr, &pdn );
+
+ key.size = pdn.bv_len + 2;
+ key.ulen = key.size;
+ pdn.bv_val[-1] = DN_ONE_PREFIX;
+ key.data = pdn.bv_val - 1;
+ ptr = pdn;
+
+ rc = bdb_idl_delete_key( op->o_bd, db, txn, &key, e->e_id );
+
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "=> bdb_dn2id_delete: parent (%s) delete failed: %d\n",
+ ptr.bv_val, rc, 0 );
+ goto done;
+ }
+ }
+
+#ifndef BDB_MULTIPLE_SUFFIXES
+ while( !be_issuffix( op->o_bd, &ptr ))
+#else
+ for (;;)
+#endif
+ {
+ ptr.bv_val[-1] = DN_SUBTREE_PREFIX;
+
+ rc = bdb_idl_delete_key( op->o_bd, db, txn, &key, e->e_id );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "=> bdb_dn2id_delete: subtree (%s) delete failed: %d\n",
+ ptr.bv_val, rc, 0 );
+ goto done;
+ }
+#ifdef BDB_MULTIPLE_SUFFIXES
+ if( be_issuffix( op->o_bd, &ptr )) break;
+#endif
+ dnParent( &ptr, &pdn );
+
+ key.size = pdn.bv_len + 2;
+ key.ulen = key.size;
+ key.data = pdn.bv_val - 1;
+ ptr = pdn;
+ }
+ }
+
+done:
+ op->o_tmpfree( buf, op->o_tmpmemctx );
+ Debug( LDAP_DEBUG_TRACE, "<= bdb_dn2id_delete %d\n", rc, 0, 0 );
+ return rc;
+}
+
+int
+bdb_dn2id(
+ Operation *op,
+ DB_TXN *txn,
+ struct berval *dn,
+ EntryInfo *ei )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db = bdb->bi_dn2id->bdi_db;
+ int rc;
+ DBT key, data;
+ ID nid;
+
+ Debug( LDAP_DEBUG_TRACE, "=> bdb_dn2id(\"%s\")\n", dn->bv_val, 0, 0 );
+ DBTzero( &key );
+ key.size = dn->bv_len + 2;
+ key.data = op->o_tmpalloc( key.size, op->o_tmpmemctx );
+ ((char *)key.data)[0] = DN_BASE_PREFIX;
+ AC_MEMCPY( &((char *)key.data)[1], dn->bv_val, key.size - 1 );
+
+ /* store the ID */
+ DBTzero( &data );
+ data.data = &nid;
+ data.ulen = sizeof(ID);
+ data.flags = DB_DBT_USERMEM;
+
+ /* fetch it */
+ rc = db->get( db, txn, &key, &data, bdb->bi_db_opflags );
+
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_TRACE, "<= bdb_dn2id: get failed: %s (%d)\n",
+ db_strerror( rc ), rc, 0 );
+ } else {
+ BDB_DISK2ID( &nid, &ei->bei_id );
+ Debug( LDAP_DEBUG_TRACE, "<= bdb_dn2id: got id=0x%08lx\n",
+ ei->bei_id, 0, 0 );
+ }
+
+ op->o_tmpfree( key.data, op->o_tmpmemctx );
+ return rc;
+}
+
+int
+bdb_dn2id_children(
+ Operation *op,
+ DB_TXN *txn,
+ Entry *e )
+{
+ DBT key, data;
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db = bdb->bi_dn2id->bdi_db;
+ ID id;
+ int rc;
+
+ Debug( LDAP_DEBUG_TRACE, "=> bdb_dn2id_children(\"%s\")\n",
+ e->e_nname.bv_val, 0, 0 );
+ DBTzero( &key );
+ key.size = e->e_nname.bv_len + 2;
+ key.data = op->o_tmpalloc( key.size, op->o_tmpmemctx );
+ ((char *)key.data)[0] = DN_ONE_PREFIX;
+ AC_MEMCPY( &((char *)key.data)[1], e->e_nname.bv_val, key.size - 1 );
+
+ if ( bdb->bi_idl_cache_size ) {
+ rc = bdb_idl_cache_get( bdb, db, &key, NULL );
+ if ( rc != LDAP_NO_SUCH_OBJECT ) {
+ op->o_tmpfree( key.data, op->o_tmpmemctx );
+ return rc;
+ }
+ }
+ /* we actually could do a empty get... */
+ DBTzero( &data );
+ data.data = &id;
+ data.ulen = sizeof(id);
+ data.flags = DB_DBT_USERMEM;
+ data.doff = 0;
+ data.dlen = sizeof(id);
+
+ rc = db->get( db, txn, &key, &data, bdb->bi_db_opflags );
+ op->o_tmpfree( key.data, op->o_tmpmemctx );
+
+ Debug( LDAP_DEBUG_TRACE, "<= bdb_dn2id_children(\"%s\"): %s (%d)\n",
+ e->e_nname.bv_val,
+ rc == 0 ? "" : ( rc == DB_NOTFOUND ? "no " :
+ db_strerror(rc) ), rc );
+
+ return rc;
+}
+
+int
+bdb_dn2idl(
+ Operation *op,
+ Entry *e,
+ ID *ids,
+ ID *stack )
+{
+ int rc;
+ DBT key;
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db = bdb->bi_dn2id->bdi_db;
+ int prefix = ( op->ors_scope == LDAP_SCOPE_ONELEVEL )
+ ? DN_ONE_PREFIX : DN_SUBTREE_PREFIX;
+
+ Debug( LDAP_DEBUG_TRACE, "=> bdb_dn2idl(\"%s\")\n",
+ e->e_nname.bv_val, 0, 0 );
+
+#ifndef BDB_MULTIPLE_SUFFIXES
+ if ( prefix == DN_SUBTREE_PREFIX && BEI(e)->bei_parent->bei_id == 0 ) {
+ BDB_IDL_ALL(bdb, ids);
+ return 0;
+ }
+#endif
+
+ DBTzero( &key );
+ key.size = e->e_nname.bv_len + 2;
+ key.ulen = key.size;
+ key.flags = DB_DBT_USERMEM;
+ key.data = op->o_tmpalloc( key.size, op->o_tmpmemctx );
+ ((char *)key.data)[0] = prefix;
+ AC_MEMCPY( &((char *)key.data)[1], e->e_nname.bv_val, key.size - 1 );
+
+ BDB_IDL_ZERO( ids );
+ rc = bdb_idl_fetch_key( op->o_bd, db, NULL, &key, ids, NULL, 0 );
+
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_dn2idl: get failed: %s (%d)\n",
+ db_strerror( rc ), rc, 0 );
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_dn2idl: id=%ld first=%ld last=%ld\n",
+ (long) ids[0],
+ (long) BDB_IDL_FIRST( ids ), (long) BDB_IDL_LAST( ids ) );
+ }
+
+ op->o_tmpfree( key.data, op->o_tmpmemctx );
+ return rc;
+}
+
+#else /* BDB_HIER */
+/* Management routines for a hierarchically structured database.
+ *
+ * Instead of a ldbm-style dn2id database, we use a hierarchical one. Each
+ * entry in this database is a struct diskNode, keyed by entryID and with
+ * the data containing the RDN and entryID of the node's children. We use
+ * a B-Tree with sorted duplicates to store all the children of a node under
+ * the same key. Also, the first item under the key contains the entry's own
+ * rdn and the ID of the node's parent, to allow bottom-up tree traversal as
+ * well as top-down. To keep this info first in the list, the high bit of all
+ * subsequent nrdnlen's is always set. This means we can only accomodate
+ * RDNs up to length 32767, but that's fine since full DNs are already
+ * restricted to 8192.
+ *
+ * The diskNode is a variable length structure. This definition is not
+ * directly usable for in-memory manipulation.
+ */
+typedef struct diskNode {
+ unsigned char nrdnlen[2];
+ char nrdn[1];
+ char rdn[1]; /* variable placement */
+ unsigned char entryID[sizeof(ID)]; /* variable placement */
+} diskNode;
+
+/* This function constructs a full DN for a given entry.
+ */
+int hdb_fix_dn(
+ Entry *e,
+ int checkit )
+{
+ EntryInfo *ei;
+ int rlen = 0, nrlen = 0;
+ char *ptr, *nptr;
+ int max = 0;
+
+ if ( !e->e_id )
+ return 0;
+
+ /* count length of all DN components */
+ for ( ei = BEI(e); ei && ei->bei_id; ei=ei->bei_parent ) {
+ rlen += ei->bei_rdn.bv_len + 1;
+ nrlen += ei->bei_nrdn.bv_len + 1;
+ if (ei->bei_modrdns > max) max = ei->bei_modrdns;
+ }
+
+ /* See if the entry DN was invalidated by a subtree rename */
+ if ( checkit ) {
+ if ( BEI(e)->bei_modrdns >= max ) {
+ return 0;
+ }
+ /* We found a mismatch, tell the caller to lock it */
+ if ( checkit == 1 ) {
+ return 1;
+ }
+ /* checkit == 2. do the fix. */
+ free( e->e_name.bv_val );
+ free( e->e_nname.bv_val );
+ }
+
+ e->e_name.bv_len = rlen - 1;
+ e->e_nname.bv_len = nrlen - 1;
+ e->e_name.bv_val = ch_malloc(rlen);
+ e->e_nname.bv_val = ch_malloc(nrlen);
+ ptr = e->e_name.bv_val;
+ nptr = e->e_nname.bv_val;
+ for ( ei = BEI(e); ei && ei->bei_id; ei=ei->bei_parent ) {
+ ptr = lutil_strcopy(ptr, ei->bei_rdn.bv_val);
+ nptr = lutil_strcopy(nptr, ei->bei_nrdn.bv_val);
+ if ( ei->bei_parent ) {
+ *ptr++ = ',';
+ *nptr++ = ',';
+ }
+ }
+ BEI(e)->bei_modrdns = max;
+ ptr[-1] = '\0';
+ nptr[-1] = '\0';
+
+ return 0;
+}
+
+/* We add two elements to the DN2ID database - a data item under the parent's
+ * entryID containing the child's RDN and entryID, and an item under the
+ * child's entryID containing the parent's entryID.
+ */
+int
+hdb_dn2id_add(
+ Operation *op,
+ DB_TXN *txn,
+ EntryInfo *eip,
+ Entry *e )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db = bdb->bi_dn2id->bdi_db;
+ DBT key, data;
+ ID nid;
+ int rc, rlen, nrlen;
+ diskNode *d;
+ char *ptr;
+
+ nrlen = dn_rdnlen( op->o_bd, &e->e_nname );
+ if (nrlen) {
+ rlen = dn_rdnlen( op->o_bd, &e->e_name );
+ } else {
+ nrlen = e->e_nname.bv_len;
+ rlen = e->e_name.bv_len;
+ }
+
+ d = op->o_tmpalloc(sizeof(diskNode) + rlen + nrlen, op->o_tmpmemctx);
+ d->nrdnlen[1] = nrlen & 0xff;
+ d->nrdnlen[0] = (nrlen >> 8) | 0x80;
+ ptr = lutil_strncopy( d->nrdn, e->e_nname.bv_val, nrlen );
+ *ptr++ = '\0';
+ ptr = lutil_strncopy( ptr, e->e_name.bv_val, rlen );
+ *ptr++ = '\0';
+ BDB_ID2DISK( e->e_id, ptr );
+
+ DBTzero(&key);
+ DBTzero(&data);
+ key.size = sizeof(ID);
+ key.flags = DB_DBT_USERMEM;
+ BDB_ID2DISK( eip->bei_id, &nid );
+
+ key.data = &nid;
+
+ /* Need to make dummy root node once. Subsequent attempts
+ * will fail harmlessly.
+ */
+ if ( eip->bei_id == 0 ) {
+ diskNode dummy = {{0, 0}, "", "", ""};
+ data.data = &dummy;
+ data.size = sizeof(diskNode);
+ data.flags = DB_DBT_USERMEM;
+
+ db->put( db, txn, &key, &data, DB_NODUPDATA );
+ }
+
+ data.data = d;
+ data.size = sizeof(diskNode) + rlen + nrlen;
+ data.flags = DB_DBT_USERMEM;
+
+ rc = db->put( db, txn, &key, &data, DB_NODUPDATA );
+
+ if (rc == 0) {
+ BDB_ID2DISK( e->e_id, &nid );
+ BDB_ID2DISK( eip->bei_id, ptr );
+ d->nrdnlen[0] ^= 0x80;
+
+ rc = db->put( db, txn, &key, &data, DB_NODUPDATA );
+ }
+
+ /* Update all parents' IDL cache entries */
+ if ( rc == 0 && bdb->bi_idl_cache_size ) {
+ ID tmp[2];
+ char *ptr = ((char *)&tmp[1])-1;
+ key.data = ptr;
+ key.size = sizeof(ID)+1;
+ tmp[1] = eip->bei_id;
+ *ptr = DN_ONE_PREFIX;
+ bdb_idl_cache_add_id( bdb, db, &key, e->e_id );
+ *ptr = DN_SUBTREE_PREFIX;
+ for (; eip && eip->bei_parent->bei_id; eip = eip->bei_parent) {
+ tmp[1] = eip->bei_id;
+ bdb_idl_cache_add_id( bdb, db, &key, e->e_id );
+ }
+ }
+ op->o_tmpfree( d, op->o_tmpmemctx );
+
+ return rc;
+}
+
+int
+hdb_dn2id_delete(
+ Operation *op,
+ DB_TXN *txn,
+ EntryInfo *eip,
+ Entry *e )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db = bdb->bi_dn2id->bdi_db;
+ DBT key, data;
+ DBC *cursor;
+ diskNode *d;
+ int rc;
+ ID nid;
+ unsigned char dlen[2];
+
+ DBTzero(&key);
+ key.size = sizeof(ID);
+ key.ulen = key.size;
+ key.flags = DB_DBT_USERMEM;
+ BDB_ID2DISK( eip->bei_id, &nid );
+
+ DBTzero(&data);
+ data.size = sizeof(diskNode) + BEI(e)->bei_nrdn.bv_len - sizeof(ID) - 1;
+ data.ulen = data.size;
+ data.dlen = data.size;
+ data.flags = DB_DBT_USERMEM | DB_DBT_PARTIAL;
+
+ key.data = &nid;
+ rc = db->cursor( db, txn, &cursor, bdb->bi_db_opflags );
+ if ( rc ) return rc;
+
+ d = op->o_tmpalloc( data.size, op->o_tmpmemctx );
+ d->nrdnlen[1] = BEI(e)->bei_nrdn.bv_len & 0xff;
+ d->nrdnlen[0] = (BEI(e)->bei_nrdn.bv_len >> 8) | 0x80;
+ dlen[0] = d->nrdnlen[0];
+ dlen[1] = d->nrdnlen[1];
+ strcpy( d->nrdn, BEI(e)->bei_nrdn.bv_val );
+ data.data = d;
+
+ /* Delete our ID from the parent's list */
+ rc = cursor->c_get( cursor, &key, &data, DB_GET_BOTH_RANGE );
+ if ( rc == 0 ) {
+ if ( dlen[1] == d->nrdnlen[1] && dlen[0] == d->nrdnlen[0] &&
+ !strcmp( d->nrdn, BEI(e)->bei_nrdn.bv_val ))
+ rc = cursor->c_del( cursor, 0 );
+ else
+ rc = DB_NOTFOUND;
+ }
+
+ /* Delete our ID from the tree. With sorted duplicates, this
+ * will leave any child nodes still hanging around. This is OK
+ * for modrdn, which will add our info back in later.
+ */
+ if ( rc == 0 ) {
+ BDB_ID2DISK( e->e_id, &nid );
+ rc = cursor->c_get( cursor, &key, &data, DB_SET );
+ if ( rc == 0 )
+ rc = cursor->c_del( cursor, 0 );
+ }
+ cursor->c_close( cursor );
+ op->o_tmpfree( d, op->o_tmpmemctx );
+
+ /* Delete IDL cache entries */
+ if ( rc == 0 && bdb->bi_idl_cache_size ) {
+ ID tmp[2];
+ char *ptr = ((char *)&tmp[1])-1;
+ key.data = ptr;
+ key.size = sizeof(ID)+1;
+ tmp[1] = eip->bei_id;
+ *ptr = DN_ONE_PREFIX;
+ bdb_idl_cache_del_id( bdb, db, &key, e->e_id );
+ *ptr = DN_SUBTREE_PREFIX;
+ for (; eip && eip->bei_parent->bei_id; eip = eip->bei_parent) {
+ tmp[1] = eip->bei_id;
+ bdb_idl_cache_del_id( bdb, db, &key, e->e_id );
+ }
+ }
+ return rc;
+}
+
+
+int
+hdb_dn2id(
+ Operation *op,
+ DB_TXN *txn,
+ struct berval *in,
+ EntryInfo *ei )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db = bdb->bi_dn2id->bdi_db;
+ DBT key, data;
+ DBC *cursor;
+ int rc = 0, nrlen;
+ diskNode *d;
+ char *ptr;
+ unsigned char dlen[2];
+ ID idp, parentID;
+
+ nrlen = dn_rdnlen( op->o_bd, in );
+ if (!nrlen) nrlen = in->bv_len;
+
+ DBTzero(&key);
+ key.size = sizeof(ID);
+ key.data = &idp;
+ key.ulen = sizeof(ID);
+ key.flags = DB_DBT_USERMEM;
+ parentID = ( ei->bei_parent != NULL ) ? ei->bei_parent->bei_id : 0;
+ BDB_ID2DISK( parentID, &idp );
+
+ DBTzero(&data);
+ data.size = sizeof(diskNode) + nrlen - sizeof(ID) - 1;
+ data.ulen = data.size * 3;
+ data.dlen = data.ulen;
+ data.flags = DB_DBT_USERMEM | DB_DBT_PARTIAL;
+
+ rc = db->cursor( db, txn, &cursor, bdb->bi_db_opflags );
+ if ( rc ) return rc;
+
+ d = op->o_tmpalloc( data.size * 3, op->o_tmpmemctx );
+ d->nrdnlen[1] = nrlen & 0xff;
+ d->nrdnlen[0] = (nrlen >> 8) | 0x80;
+ dlen[0] = d->nrdnlen[0];
+ dlen[1] = d->nrdnlen[1];
+ ptr = lutil_strncopy( d->nrdn, in->bv_val, nrlen );
+ *ptr = '\0';
+ data.data = d;
+
+ rc = cursor->c_get( cursor, &key, &data, DB_GET_BOTH_RANGE );
+ if ( rc == 0 && (dlen[1] != d->nrdnlen[1] || dlen[0] != d->nrdnlen[0] ||
+ strncmp( d->nrdn, in->bv_val, nrlen ))) {
+ rc = DB_NOTFOUND;
+ }
+ if ( rc == 0 ) {
+ ptr = (char *) data.data + data.size - sizeof(ID);
+ BDB_DISK2ID( ptr, &ei->bei_id );
+ ei->bei_rdn.bv_len = data.size - sizeof(diskNode) - nrlen;
+ ptr = d->nrdn + nrlen + 1;
+ ber_str2bv( ptr, ei->bei_rdn.bv_len, 1, &ei->bei_rdn );
+ if ( ei->bei_parent != NULL && !ei->bei_parent->bei_dkids ) {
+ db_recno_t dkids;
+ /* How many children does the parent have? */
+ /* FIXME: do we need to lock the parent
+ * entryinfo? Seems safe...
+ */
+ cursor->c_count( cursor, &dkids, 0 );
+ ei->bei_parent->bei_dkids = dkids;
+ }
+ }
+ cursor->c_close( cursor );
+ op->o_tmpfree( d, op->o_tmpmemctx );
+
+ return rc;
+}
+
+int
+hdb_dn2id_parent(
+ Operation *op,
+ DB_TXN *txn,
+ u_int32_t locker,
+ EntryInfo *ei,
+ ID *idp )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db = bdb->bi_dn2id->bdi_db;
+ DBT key, data;
+ DBC *cursor;
+ int rc = 0;
+ diskNode *d;
+ char *ptr;
+ ID nid;
+
+ DBTzero(&key);
+ key.size = sizeof(ID);
+ key.data = &nid;
+ key.ulen = sizeof(ID);
+ key.flags = DB_DBT_USERMEM;
+ BDB_ID2DISK( ei->bei_id, &nid );
+
+ DBTzero(&data);
+ data.flags = DB_DBT_USERMEM;
+
+ rc = db->cursor( db, txn, &cursor, bdb->bi_db_opflags );
+ if ( rc ) return rc;
+ if ( !txn && locker ) {
+ cursor->locker = locker;
+ }
+
+ data.ulen = sizeof(diskNode) + (SLAP_LDAPDN_MAXLEN * 2);
+ d = op->o_tmpalloc( data.ulen, op->o_tmpmemctx );
+ data.data = d;
+
+ rc = cursor->c_get( cursor, &key, &data, DB_SET );
+ if ( rc == 0 ) {
+ if (d->nrdnlen[0] & 0x80) {
+ rc = LDAP_OTHER;
+ } else {
+ db_recno_t dkids;
+ ptr = (char *) data.data + data.size - sizeof(ID);
+ BDB_DISK2ID( ptr, idp );
+ ei->bei_nrdn.bv_len = (d->nrdnlen[0] << 8) | d->nrdnlen[1];
+ ber_str2bv( d->nrdn, ei->bei_nrdn.bv_len, 1, &ei->bei_nrdn );
+ ei->bei_rdn.bv_len = data.size - sizeof(diskNode) -
+ ei->bei_nrdn.bv_len;
+ ptr = d->nrdn + ei->bei_nrdn.bv_len + 1;
+ ber_str2bv( ptr, ei->bei_rdn.bv_len, 1, &ei->bei_rdn );
+ /* How many children does this node have? */
+ cursor->c_count( cursor, &dkids, 0 );
+ ei->bei_dkids = dkids;
+ }
+ }
+ cursor->c_close( cursor );
+ op->o_tmpfree( d, op->o_tmpmemctx );
+ return rc;
+}
+
+int
+hdb_dn2id_children(
+ Operation *op,
+ DB_TXN *txn,
+ Entry *e )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db = bdb->bi_dn2id->bdi_db;
+ DBT key, data;
+ DBC *cursor;
+ int rc;
+ ID id;
+ diskNode d;
+
+ DBTzero(&key);
+ key.size = sizeof(ID);
+ key.data = &e->e_id;
+ key.flags = DB_DBT_USERMEM;
+ BDB_ID2DISK( e->e_id, &id );
+
+ /* IDL cache is in host byte order */
+ if ( bdb->bi_idl_cache_size ) {
+ rc = bdb_idl_cache_get( bdb, db, &key, NULL );
+ if ( rc != LDAP_NO_SUCH_OBJECT ) {
+ return rc;
+ }
+ }
+
+ key.data = &id;
+ DBTzero(&data);
+ data.data = &d;
+ data.ulen = sizeof(d);
+ data.flags = DB_DBT_USERMEM | DB_DBT_PARTIAL;
+ data.dlen = sizeof(d);
+
+ rc = db->cursor( db, txn, &cursor, bdb->bi_db_opflags );
+ if ( rc ) return rc;
+
+ rc = cursor->c_get( cursor, &key, &data, DB_SET );
+ if ( rc == 0 ) {
+ db_recno_t dkids;
+ rc = cursor->c_count( cursor, &dkids, 0 );
+ if ( rc == 0 ) {
+ BEI(e)->bei_dkids = dkids;
+ if ( dkids < 2 ) rc = DB_NOTFOUND;
+ }
+ }
+ cursor->c_close( cursor );
+ return rc;
+}
+
+/* bdb_dn2idl:
+ * We can't just use bdb_idl_fetch_key because
+ * 1 - our data items are longer than just an entry ID
+ * 2 - our data items are sorted alphabetically by nrdn, not by ID.
+ *
+ * We descend the tree recursively, so we define this cookie
+ * to hold our necessary state information. The bdb_dn2idl_internal
+ * function uses this cookie when calling itself.
+ */
+
+struct dn2id_cookie {
+ struct bdb_info *bdb;
+ Operation *op;
+ EntryInfo *ei;
+ ID *ids;
+ ID *tmp;
+ ID *buf;
+ DB *db;
+ DBC *dbc;
+ DBT key;
+ DBT data;
+ ID dbuf;
+ ID id;
+ ID nid;
+ int rc;
+ int depth;
+ char need_sort;
+ char prefix;
+};
+
+static int
+apply_func(
+ void *data,
+ void *arg )
+{
+ EntryInfo *ei = data;
+ ID *idl = arg;
+
+ bdb_idl_append_one( idl, ei->bei_id );
+ return 0;
+}
+
+static int
+hdb_dn2idl_internal(
+ struct dn2id_cookie *cx
+)
+{
+ BDB_IDL_ZERO( cx->tmp );
+
+ if ( cx->bdb->bi_idl_cache_size ) {
+ char *ptr = ((char *)&cx->id)-1;
+
+ cx->key.data = ptr;
+ cx->key.size = sizeof(ID)+1;
+ if ( cx->prefix == DN_SUBTREE_PREFIX ) {
+ ID *ids = cx->depth ? cx->tmp : cx->ids;
+ *ptr = cx->prefix;
+ cx->rc = bdb_idl_cache_get(cx->bdb, cx->db, &cx->key, ids);
+ if ( cx->rc == LDAP_SUCCESS ) {
+ if ( cx->depth ) {
+ bdb_idl_append( cx->ids, cx->tmp );
+ cx->need_sort = 1;
+ }
+ return cx->rc;
+ }
+ }
+ *ptr = DN_ONE_PREFIX;
+ cx->rc = bdb_idl_cache_get(cx->bdb, cx->db, &cx->key, cx->tmp);
+ if ( cx->rc == LDAP_SUCCESS ) {
+ goto gotit;
+ }
+ if ( cx->rc == DB_NOTFOUND ) {
+ return cx->rc;
+ }
+ }
+
+ bdb_cache_entryinfo_lock( cx->ei );
+
+ /* If number of kids in the cache differs from on-disk, load
+ * up all the kids from the database
+ */
+ if ( cx->ei->bei_ckids+1 != cx->ei->bei_dkids ) {
+ EntryInfo ei;
+ db_recno_t dkids = cx->ei->bei_dkids;
+ ei.bei_parent = cx->ei;
+
+ /* Only one thread should load the cache */
+ while ( cx->ei->bei_state & CACHE_ENTRY_ONELEVEL ) {
+ bdb_cache_entryinfo_unlock( cx->ei );
+ ldap_pvt_thread_yield();
+ bdb_cache_entryinfo_lock( cx->ei );
+ if ( cx->ei->bei_ckids+1 == cx->ei->bei_dkids ) {
+ goto synced;
+ }
+ }
+
+ cx->ei->bei_state |= CACHE_ENTRY_ONELEVEL;
+
+ bdb_cache_entryinfo_unlock( cx->ei );
+
+ cx->rc = cx->db->cursor( cx->db, NULL, &cx->dbc,
+ cx->bdb->bi_db_opflags );
+ if ( cx->rc )
+ goto done_one;
+
+ cx->data.data = &cx->dbuf;
+ cx->data.ulen = sizeof(ID);
+ cx->data.dlen = sizeof(ID);
+ cx->data.flags = DB_DBT_USERMEM | DB_DBT_PARTIAL;
+
+ /* The first item holds the parent ID. Ignore it. */
+ cx->key.data = &cx->nid;
+ cx->key.size = sizeof(ID);
+ cx->rc = cx->dbc->c_get( cx->dbc, &cx->key, &cx->data, DB_SET );
+ if ( cx->rc ) {
+ cx->dbc->c_close( cx->dbc );
+ goto done_one;
+ }
+
+ /* If the on-disk count is zero we've never checked it.
+ * Count it now.
+ */
+ if ( !dkids ) {
+ cx->dbc->c_count( cx->dbc, &dkids, 0 );
+ cx->ei->bei_dkids = dkids;
+ }
+
+ cx->data.data = cx->buf;
+ cx->data.ulen = BDB_IDL_UM_SIZE * sizeof(ID);
+ cx->data.flags = DB_DBT_USERMEM;
+
+ if ( dkids > 1 ) {
+ /* Fetch the rest of the IDs in a loop... */
+ while ( (cx->rc = cx->dbc->c_get( cx->dbc, &cx->key, &cx->data,
+ DB_MULTIPLE | DB_NEXT_DUP )) == 0 ) {
+ u_int8_t *j;
+ size_t len;
+ void *ptr;
+ DB_MULTIPLE_INIT( ptr, &cx->data );
+ while (ptr) {
+ DB_MULTIPLE_NEXT( ptr, &cx->data, j, len );
+ if (j) {
+ EntryInfo *ei2;
+ diskNode *d = (diskNode *)j;
+ short nrlen;
+
+ BDB_DISK2ID( j + len - sizeof(ID), &ei.bei_id );
+ nrlen = ((d->nrdnlen[0] ^ 0x80) << 8) | d->nrdnlen[1];
+ ei.bei_nrdn.bv_len = nrlen;
+ /* nrdn/rdn are set in-place.
+ * hdb_cache_load will copy them as needed
+ */
+ ei.bei_nrdn.bv_val = d->nrdn;
+ ei.bei_rdn.bv_len = len - sizeof(diskNode)
+ - ei.bei_nrdn.bv_len;
+ ei.bei_rdn.bv_val = d->nrdn + ei.bei_nrdn.bv_len + 1;
+ bdb_idl_append_one( cx->tmp, ei.bei_id );
+ hdb_cache_load( cx->bdb, &ei, &ei2 );
+ }
+ }
+ }
+ }
+
+ cx->rc = cx->dbc->c_close( cx->dbc );
+done_one:
+ bdb_cache_entryinfo_lock( cx->ei );
+ cx->ei->bei_state ^= CACHE_ENTRY_ONELEVEL;
+ bdb_cache_entryinfo_unlock( cx->ei );
+ if ( cx->rc )
+ return cx->rc;
+
+ } else {
+ /* The in-memory cache is in sync with the on-disk data.
+ * do we have any kids?
+ */
+synced:
+ cx->rc = 0;
+ if ( cx->ei->bei_ckids > 0 ) {
+ /* Walk the kids tree; order is irrelevant since bdb_idl_sort
+ * will sort it later.
+ */
+ avl_apply( cx->ei->bei_kids, apply_func,
+ cx->tmp, -1, AVL_POSTORDER );
+ }
+ bdb_cache_entryinfo_unlock( cx->ei );
+ }
+
+ if ( !BDB_IDL_IS_RANGE( cx->tmp ) && cx->tmp[0] > 3 )
+ bdb_idl_sort( cx->tmp, cx->buf );
+ if ( cx->bdb->bi_idl_cache_max_size && !BDB_IDL_IS_ZERO( cx->tmp )) {
+ char *ptr = ((char *)&cx->id)-1;
+ cx->key.data = ptr;
+ cx->key.size = sizeof(ID)+1;
+ *ptr = DN_ONE_PREFIX;
+ bdb_idl_cache_put( cx->bdb, cx->db, &cx->key, cx->tmp, cx->rc );
+ }
+
+gotit:
+ if ( !BDB_IDL_IS_ZERO( cx->tmp )) {
+ if ( cx->prefix == DN_SUBTREE_PREFIX ) {
+ bdb_idl_append( cx->ids, cx->tmp );
+ cx->need_sort = 1;
+ if ( !(cx->ei->bei_state & CACHE_ENTRY_NO_GRANDKIDS)) {
+ ID *save, idcurs;
+ EntryInfo *ei = cx->ei;
+ int nokids = 1;
+ save = cx->op->o_tmpalloc( BDB_IDL_SIZEOF( cx->tmp ),
+ cx->op->o_tmpmemctx );
+ BDB_IDL_CPY( save, cx->tmp );
+
+ idcurs = 0;
+ cx->depth++;
+ for ( cx->id = bdb_idl_first( save, &idcurs );
+ cx->id != NOID;
+ cx->id = bdb_idl_next( save, &idcurs )) {
+ cx->ei = bdb_cache_find_info( cx->bdb, cx->id );
+ if ( !cx->ei ||
+ ( cx->ei->bei_state & CACHE_ENTRY_NO_KIDS ))
+ continue;
+
+ BDB_ID2DISK( cx->id, &cx->nid );
+ hdb_dn2idl_internal( cx );
+ if ( !BDB_IDL_IS_ZERO( cx->tmp ))
+ nokids = 0;
+ }
+ cx->depth--;
+ cx->op->o_tmpfree( save, cx->op->o_tmpmemctx );
+ if ( nokids ) ei->bei_state |= CACHE_ENTRY_NO_GRANDKIDS;
+ }
+ /* Make sure caller knows it had kids! */
+ cx->tmp[0]=1;
+
+ cx->rc = 0;
+ } else {
+ BDB_IDL_CPY( cx->ids, cx->tmp );
+ }
+ }
+ return cx->rc;
+}
+
+int
+hdb_dn2idl(
+ Operation *op,
+ Entry *e,
+ ID *ids,
+ ID *stack )
+{
+ struct bdb_info *bdb = (struct bdb_info *)op->o_bd->be_private;
+ struct dn2id_cookie cx;
+
+ Debug( LDAP_DEBUG_TRACE, "=> hdb_dn2idl(\"%s\")\n",
+ e->e_nname.bv_val, 0, 0 );
+
+#ifndef BDB_MULTIPLE_SUFFIXES
+ if ( op->ors_scope != LDAP_SCOPE_ONELEVEL &&
+ BEI(e)->bei_parent->bei_id == 0 )
+ {
+ BDB_IDL_ALL( bdb, ids );
+ return 0;
+ }
+#endif
+
+ cx.id = e->e_id;
+ BDB_ID2DISK( cx.id, &cx.nid );
+ cx.ei = e->e_id ? BEI(e) : &bdb->bi_cache.c_dntree;
+ cx.bdb = bdb;
+ cx.db = cx.bdb->bi_dn2id->bdi_db;
+ cx.prefix = (op->ors_scope == LDAP_SCOPE_ONELEVEL) ?
+ DN_ONE_PREFIX : DN_SUBTREE_PREFIX;
+ cx.ids = ids;
+ cx.tmp = stack;
+ cx.buf = stack + BDB_IDL_UM_SIZE;
+ cx.op = op;
+ cx.need_sort = 0;
+ cx.depth = 0;
+
+ if ( cx.prefix == DN_SUBTREE_PREFIX ) {
+ ids[0] = 1;
+ ids[1] = cx.id;
+ } else {
+ BDB_IDL_ZERO( ids );
+ }
+ if ( cx.ei->bei_state & CACHE_ENTRY_NO_KIDS )
+ return LDAP_SUCCESS;
+
+ DBTzero(&cx.key);
+ cx.key.ulen = sizeof(ID);
+ cx.key.size = sizeof(ID);
+ cx.key.flags = DB_DBT_USERMEM;
+
+ DBTzero(&cx.data);
+
+ hdb_dn2idl_internal(&cx);
+ if ( cx.need_sort ) {
+ char *ptr = ((char *)&cx.id)-1;
+ if ( !BDB_IDL_IS_RANGE( cx.ids ) && cx.ids[0] > 3 )
+ bdb_idl_sort( cx.ids, cx.tmp );
+ cx.key.data = ptr;
+ cx.key.size = sizeof(ID)+1;
+ *ptr = cx.prefix;
+ cx.id = e->e_id;
+ bdb_idl_cache_put( cx.bdb, cx.db, &cx.key, cx.ids, cx.rc );
+ }
+
+ if ( cx.rc == DB_NOTFOUND )
+ cx.rc = LDAP_SUCCESS;
+
+ return cx.rc;
+}
+#endif /* BDB_HIER */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/error.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/error.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/error.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,62 @@
+/* error.c - BDB errcall routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/error.c,v 1.15.2.4 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-bdb.h"
+
+#if DB_VERSION_FULL < 0x04030000
+void bdb_errcall( const char *pfx, char * msg )
+#else
+void bdb_errcall( const DB_ENV *env, const char *pfx, const char * msg )
+#endif
+{
+#ifdef HAVE_EBCDIC
+ if ( msg[0] > 0x7f )
+ __etoa( msg );
+#endif
+ Debug( LDAP_DEBUG_ANY, "bdb(%s): %s\n", pfx, msg, 0 );
+}
+
+#if DB_VERSION_FULL >= 0x04030000
+void bdb_msgcall( const DB_ENV *env, const char *msg )
+{
+#ifdef HAVE_EBCDIC
+ if ( msg[0] > 0x7f )
+ __etoa( msg );
+#endif
+ Debug( LDAP_DEBUG_TRACE, "bdb: %s\n", msg, 0, 0 );
+}
+#endif
+
+#ifdef HAVE_EBCDIC
+
+#undef db_strerror
+
+/* Not re-entrant! */
+char *ebcdic_dberror( int rc )
+{
+ static char msg[1024];
+
+ strcpy( msg, db_strerror( rc ) );
+ __etoa( msg );
+ return msg;
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/extended.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/extended.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/extended.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,54 @@
+/* extended.c - bdb backend extended routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/extended.c,v 1.16.2.3 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-bdb.h"
+#include "lber_pvt.h"
+
+static struct exop {
+ struct berval *oid;
+ BI_op_extended *extended;
+} exop_table[] = {
+ { NULL, NULL }
+};
+
+int
+bdb_extended( Operation *op, SlapReply *rs )
+/* struct berval *reqoid,
+ struct berval *reqdata,
+ char **rspoid,
+ struct berval **rspdata,
+ LDAPControl *** rspctrls,
+ const char** text,
+ BerVarray *refs
+) */
+{
+ int i;
+
+ for( i=0; exop_table[i].extended != NULL; i++ ) {
+ if( ber_bvcmp( exop_table[i].oid, &op->oq_extended.rs_reqoid ) == 0 ) {
+ return (exop_table[i].extended)( op, rs );
+ }
+ }
+
+ rs->sr_text = "not supported within naming context";
+ return LDAP_UNWILLING_TO_PERFORM;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/filterindex.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/filterindex.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/filterindex.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1082 @@
+/* filterindex.c - generate the list of candidate entries from a filter */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/filterindex.c,v 1.51.2.10 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-bdb.h"
+#include "idl.h"
+#ifdef LDAP_COMP_MATCH
+#include <component.h>
+#endif
+
+static int presence_candidates(
+ Operation *op,
+ AttributeDescription *desc,
+ ID *ids );
+
+static int equality_candidates(
+ Operation *op,
+ AttributeAssertion *ava,
+ ID *ids,
+ ID *tmp );
+static int inequality_candidates(
+ Operation *op,
+ AttributeAssertion *ava,
+ ID *ids,
+ ID *tmp,
+ int gtorlt );
+static int approx_candidates(
+ Operation *op,
+ AttributeAssertion *ava,
+ ID *ids,
+ ID *tmp );
+static int substring_candidates(
+ Operation *op,
+ SubstringsAssertion *sub,
+ ID *ids,
+ ID *tmp );
+
+static int list_candidates(
+ Operation *op,
+ Filter *flist,
+ int ftype,
+ ID *ids,
+ ID *tmp,
+ ID *stack );
+
+#ifdef LDAP_COMP_MATCH
+static int
+ext_candidates(
+ Operation *op,
+ MatchingRuleAssertion *mra,
+ ID *ids,
+ ID *tmp,
+ ID *stack);
+
+static int
+comp_candidates (
+ Operation *op,
+ MatchingRuleAssertion *mra,
+ ComponentFilter *f,
+ ID *ids,
+ ID *tmp,
+ ID *stack);
+
+static int
+ava_comp_candidates (
+ Operation *op,
+ AttributeAssertion *ava,
+ AttributeAliasing *aa,
+ ID *ids,
+ ID *tmp,
+ ID *stack);
+#endif
+
+int
+bdb_filter_candidates(
+ Operation *op,
+ Filter *f,
+ ID *ids,
+ ID *tmp,
+ ID *stack )
+{
+ int rc = 0;
+#ifdef LDAP_COMP_MATCH
+ AttributeAliasing *aa;
+#endif
+ Debug( LDAP_DEBUG_FILTER, "=> bdb_filter_candidates\n", 0, 0, 0 );
+
+ switch ( f->f_choice ) {
+ case SLAPD_FILTER_COMPUTED:
+ switch( f->f_result ) {
+ case SLAPD_COMPARE_UNDEFINED:
+ /* This technically is not the same as FALSE, but it
+ * certainly will produce no matches.
+ */
+ /* FALL THRU */
+ case LDAP_COMPARE_FALSE:
+ BDB_IDL_ZERO( ids );
+ break;
+ case LDAP_COMPARE_TRUE: {
+ struct bdb_info *bdb = (struct bdb_info *)op->o_bd->be_private;
+ BDB_IDL_ALL( bdb, ids );
+ } break;
+ case LDAP_SUCCESS:
+ /* this is a pre-computed scope, leave it alone */
+ break;
+ }
+ break;
+ case LDAP_FILTER_PRESENT:
+ Debug( LDAP_DEBUG_FILTER, "\tPRESENT\n", 0, 0, 0 );
+ rc = presence_candidates( op, f->f_desc, ids );
+ break;
+
+ case LDAP_FILTER_EQUALITY:
+ Debug( LDAP_DEBUG_FILTER, "\tEQUALITY\n", 0, 0, 0 );
+#ifdef LDAP_COMP_MATCH
+ if ( is_aliased_attribute && ( aa = is_aliased_attribute ( f->f_ava->aa_desc ) ) ) {
+ rc = ava_comp_candidates ( op, f->f_ava, aa, ids, tmp, stack );
+ }
+ else
+#endif
+ {
+ rc = equality_candidates( op, f->f_ava, ids, tmp );
+ }
+ break;
+
+ case LDAP_FILTER_APPROX:
+ Debug( LDAP_DEBUG_FILTER, "\tAPPROX\n", 0, 0, 0 );
+ rc = approx_candidates( op, f->f_ava, ids, tmp );
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ Debug( LDAP_DEBUG_FILTER, "\tSUBSTRINGS\n", 0, 0, 0 );
+ rc = substring_candidates( op, f->f_sub, ids, tmp );
+ break;
+
+ case LDAP_FILTER_GE:
+ /* if no GE index, use pres */
+ Debug( LDAP_DEBUG_FILTER, "\tGE\n", 0, 0, 0 );
+ if( f->f_ava->aa_desc->ad_type->sat_ordering &&
+ ( f->f_ava->aa_desc->ad_type->sat_ordering->smr_usage & SLAP_MR_ORDERED_INDEX ) )
+ rc = inequality_candidates( op, f->f_ava, ids, tmp, LDAP_FILTER_GE );
+ else
+ rc = presence_candidates( op, f->f_ava->aa_desc, ids );
+ break;
+
+ case LDAP_FILTER_LE:
+ /* if no LE index, use pres */
+ Debug( LDAP_DEBUG_FILTER, "\tLE\n", 0, 0, 0 );
+ if( f->f_ava->aa_desc->ad_type->sat_ordering &&
+ ( f->f_ava->aa_desc->ad_type->sat_ordering->smr_usage & SLAP_MR_ORDERED_INDEX ) )
+ rc = inequality_candidates( op, f->f_ava, ids, tmp, LDAP_FILTER_LE );
+ else
+ rc = presence_candidates( op, f->f_ava->aa_desc, ids );
+ break;
+
+ case LDAP_FILTER_NOT:
+ /* no indexing to support NOT filters */
+ Debug( LDAP_DEBUG_FILTER, "\tNOT\n", 0, 0, 0 );
+ { struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ BDB_IDL_ALL( bdb, ids );
+ }
+ break;
+
+ case LDAP_FILTER_AND:
+ Debug( LDAP_DEBUG_FILTER, "\tAND\n", 0, 0, 0 );
+ rc = list_candidates( op,
+ f->f_and, LDAP_FILTER_AND, ids, tmp, stack );
+ break;
+
+ case LDAP_FILTER_OR:
+ Debug( LDAP_DEBUG_FILTER, "\tOR\n", 0, 0, 0 );
+ rc = list_candidates( op,
+ f->f_or, LDAP_FILTER_OR, ids, tmp, stack );
+ break;
+#ifdef LDAP_COMP_MATCH
+ case LDAP_FILTER_EXT:
+ Debug( LDAP_DEBUG_FILTER, "\tEXT\n", 0, 0, 0 );
+ rc = ext_candidates( op, f->f_mra, ids, tmp, stack );
+ break;
+#endif
+ default:
+ Debug( LDAP_DEBUG_FILTER, "\tUNKNOWN %lu\n",
+ (unsigned long) f->f_choice, 0, 0 );
+ /* Must not return NULL, otherwise extended filters break */
+ { struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ BDB_IDL_ALL( bdb, ids );
+ }
+ }
+
+ Debug( LDAP_DEBUG_FILTER,
+ "<= bdb_filter_candidates: id=%ld first=%ld last=%ld\n",
+ (long) ids[0],
+ (long) BDB_IDL_FIRST( ids ),
+ (long) BDB_IDL_LAST( ids ) );
+
+ return rc;
+}
+
+#ifdef LDAP_COMP_MATCH
+static int
+comp_list_candidates(
+ Operation *op,
+ MatchingRuleAssertion* mra,
+ ComponentFilter *flist,
+ int ftype,
+ ID *ids,
+ ID *tmp,
+ ID *save )
+{
+ int rc = 0;
+ ComponentFilter *f;
+
+ Debug( LDAP_DEBUG_FILTER, "=> comp_list_candidates 0x%x\n", ftype, 0, 0 );
+ for ( f = flist; f != NULL; f = f->cf_next ) {
+ /* ignore precomputed scopes */
+ if ( f->cf_choice == SLAPD_FILTER_COMPUTED &&
+ f->cf_result == LDAP_SUCCESS ) {
+ continue;
+ }
+ BDB_IDL_ZERO( save );
+ rc = comp_candidates( op, mra, f, save, tmp, save+BDB_IDL_UM_SIZE );
+
+ if ( rc != 0 ) {
+ if ( ftype == LDAP_COMP_FILTER_AND ) {
+ rc = 0;
+ continue;
+ }
+ break;
+ }
+
+ if ( ftype == LDAP_COMP_FILTER_AND ) {
+ if ( f == flist ) {
+ BDB_IDL_CPY( ids, save );
+ } else {
+ bdb_idl_intersection( ids, save );
+ }
+ if( BDB_IDL_IS_ZERO( ids ) )
+ break;
+ } else {
+ if ( f == flist ) {
+ BDB_IDL_CPY( ids, save );
+ } else {
+ bdb_idl_union( ids, save );
+ }
+ }
+ }
+
+ if( rc == LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_FILTER,
+ "<= comp_list_candidates: id=%ld first=%ld last=%ld\n",
+ (long) ids[0],
+ (long) BDB_IDL_FIRST(ids),
+ (long) BDB_IDL_LAST(ids) );
+
+ } else {
+ Debug( LDAP_DEBUG_FILTER,
+ "<= comp_list_candidates: undefined rc=%d\n",
+ rc, 0, 0 );
+ }
+
+ return rc;
+}
+
+static int
+comp_equality_candidates (
+ Operation *op,
+ MatchingRuleAssertion *mra,
+ ComponentAssertion *ca,
+ ID *ids,
+ ID *tmp,
+ ID *stack)
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db;
+ int i;
+ int rc;
+ slap_mask_t mask;
+ struct berval prefix = {0, NULL};
+ struct berval *keys = NULL;
+ MatchingRule *mr = mra->ma_rule;
+ Syntax *sat_syntax;
+ ComponentReference* cr_list, *cr;
+ AttrInfo *ai;
+
+ BDB_IDL_ALL( bdb, ids );
+
+ if ( !ca->ca_comp_ref )
+ return 0;
+
+ ai = bdb_attr_mask( op->o_bd->be_private, mra->ma_desc );
+ if( ai ) {
+ cr_list = ai->ai_cr;
+ }
+ else {
+ return 0;
+ }
+ /* find a component reference to be indexed */
+ sat_syntax = ca->ca_ma_rule->smr_syntax;
+ for ( cr = cr_list ; cr ; cr = cr->cr_next ) {
+ if ( cr->cr_string.bv_len == ca->ca_comp_ref->cr_string.bv_len &&
+ strncmp( cr->cr_string.bv_val, ca->ca_comp_ref->cr_string.bv_val,cr->cr_string.bv_len ) == 0 )
+ break;
+ }
+
+ if ( !cr )
+ return 0;
+
+ rc = bdb_index_param( op->o_bd, mra->ma_desc, LDAP_FILTER_EQUALITY,
+ &db, &mask, &prefix );
+
+ if( rc != LDAP_SUCCESS ) {
+ return 0;
+ }
+ if ( db == NULL ) {
+ return 0;
+ }
+
+ if( !mr ) {
+ return 0;
+ }
+
+ if( !mr->smr_filter ) {
+ return 0;
+ }
+
+ rc = (ca->ca_ma_rule->smr_filter)(
+ LDAP_FILTER_EQUALITY,
+ cr->cr_indexmask,
+ sat_syntax,
+ ca->ca_ma_rule,
+ &prefix,
+ &ca->ca_ma_value,
+ &keys, op->o_tmpmemctx );
+
+ if( rc != LDAP_SUCCESS ) {
+ return 0;
+ }
+
+ if( keys == NULL ) {
+ return 0;
+ }
+ for ( i= 0; keys[i].bv_val != NULL; i++ ) {
+ rc = bdb_key_read( op->o_bd, db, NULL, &keys[i], tmp, NULL, 0 );
+
+ if( rc == DB_NOTFOUND ) {
+ BDB_IDL_ZERO( ids );
+ rc = 0;
+ break;
+ } else if( rc != LDAP_SUCCESS ) {
+ break;
+ }
+
+ if( BDB_IDL_IS_ZERO( tmp ) ) {
+ BDB_IDL_ZERO( ids );
+ break;
+ }
+
+ if ( i == 0 ) {
+ BDB_IDL_CPY( ids, tmp );
+ } else {
+ bdb_idl_intersection( ids, tmp );
+ }
+
+ if( BDB_IDL_IS_ZERO( ids ) )
+ break;
+ }
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "<= comp_equality_candidates: id=%ld, first=%ld, last=%ld\n",
+ (long) ids[0],
+ (long) BDB_IDL_FIRST(ids),
+ (long) BDB_IDL_LAST(ids) );
+ return( rc );
+}
+
+static int
+ava_comp_candidates (
+ Operation *op,
+ AttributeAssertion *ava,
+ AttributeAliasing *aa,
+ ID *ids,
+ ID *tmp,
+ ID *stack )
+{
+ MatchingRuleAssertion mra;
+
+ mra.ma_rule = ava->aa_desc->ad_type->sat_equality;
+ if ( !mra.ma_rule ) {
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ BDB_IDL_ALL( bdb, ids );
+ return 0;
+ }
+ mra.ma_desc = aa->aa_aliased_ad;
+ mra.ma_rule = ava->aa_desc->ad_type->sat_equality;
+
+ return comp_candidates ( op, &mra, ava->aa_cf, ids, tmp, stack );
+}
+
+static int
+comp_candidates (
+ Operation *op,
+ MatchingRuleAssertion *mra,
+ ComponentFilter *f,
+ ID *ids,
+ ID *tmp,
+ ID *stack)
+{
+ int rc;
+
+ if ( !f ) return LDAP_PROTOCOL_ERROR;
+
+ Debug( LDAP_DEBUG_FILTER, "comp_candidates\n", 0, 0, 0 );
+ switch ( f->cf_choice ) {
+ case SLAPD_FILTER_COMPUTED:
+ rc = f->cf_result;
+ break;
+ case LDAP_COMP_FILTER_AND:
+ rc = comp_list_candidates( op, mra, f->cf_and, LDAP_COMP_FILTER_AND, ids, tmp, stack );
+ break;
+ case LDAP_COMP_FILTER_OR:
+ rc = comp_list_candidates( op, mra, f->cf_or, LDAP_COMP_FILTER_OR, ids, tmp, stack );
+ break;
+ case LDAP_COMP_FILTER_NOT:
+ /* No component indexing supported for NOT filter */
+ Debug( LDAP_DEBUG_FILTER, "\tComponent NOT\n", 0, 0, 0 );
+ {
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ BDB_IDL_ALL( bdb, ids );
+ }
+ rc = LDAP_PROTOCOL_ERROR;
+ break;
+ case LDAP_COMP_FILTER_ITEM:
+ rc = comp_equality_candidates( op, mra, f->cf_ca, ids, tmp, stack );
+ break;
+ default:
+ {
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ BDB_IDL_ALL( bdb, ids );
+ }
+ rc = LDAP_PROTOCOL_ERROR;
+ }
+
+ return( rc );
+}
+
+static int
+ext_candidates(
+ Operation *op,
+ MatchingRuleAssertion *mra,
+ ID *ids,
+ ID *tmp,
+ ID *stack)
+{
+ /*
+ * Currently Only Component Indexing for componentFilterMatch is supported
+ * Indexing for an extensible filter is not supported yet
+ */
+ if ( !mra->ma_cf ) {
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ BDB_IDL_ALL( bdb, ids );
+ return 0;
+ }
+
+ return comp_candidates ( op, mra, mra->ma_cf, ids, tmp, stack);
+}
+#endif
+
+static int
+list_candidates(
+ Operation *op,
+ Filter *flist,
+ int ftype,
+ ID *ids,
+ ID *tmp,
+ ID *save )
+{
+ int rc = 0;
+ Filter *f;
+
+ Debug( LDAP_DEBUG_FILTER, "=> bdb_list_candidates 0x%x\n", ftype, 0, 0 );
+ for ( f = flist; f != NULL; f = f->f_next ) {
+ /* ignore precomputed scopes */
+ if ( f->f_choice == SLAPD_FILTER_COMPUTED &&
+ f->f_result == LDAP_SUCCESS ) {
+ continue;
+ }
+ BDB_IDL_ZERO( save );
+ rc = bdb_filter_candidates( op, f, save, tmp,
+ save+BDB_IDL_UM_SIZE );
+
+ if ( rc != 0 ) {
+ if ( ftype == LDAP_FILTER_AND ) {
+ rc = 0;
+ continue;
+ }
+ break;
+ }
+
+
+ if ( ftype == LDAP_FILTER_AND ) {
+ if ( f == flist ) {
+ BDB_IDL_CPY( ids, save );
+ } else {
+ bdb_idl_intersection( ids, save );
+ }
+ if( BDB_IDL_IS_ZERO( ids ) )
+ break;
+ } else {
+ if ( f == flist ) {
+ BDB_IDL_CPY( ids, save );
+ } else {
+ bdb_idl_union( ids, save );
+ }
+ }
+ }
+
+ if( rc == LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_FILTER,
+ "<= bdb_list_candidates: id=%ld first=%ld last=%ld\n",
+ (long) ids[0],
+ (long) BDB_IDL_FIRST(ids),
+ (long) BDB_IDL_LAST(ids) );
+
+ } else {
+ Debug( LDAP_DEBUG_FILTER,
+ "<= bdb_list_candidates: undefined rc=%d\n",
+ rc, 0, 0 );
+ }
+
+ return rc;
+}
+
+static int
+presence_candidates(
+ Operation *op,
+ AttributeDescription *desc,
+ ID *ids )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db;
+ int rc;
+ slap_mask_t mask;
+ struct berval prefix = {0, NULL};
+
+ Debug( LDAP_DEBUG_TRACE, "=> bdb_presence_candidates (%s)\n",
+ desc->ad_cname.bv_val, 0, 0 );
+
+ BDB_IDL_ALL( bdb, ids );
+
+ if( desc == slap_schema.si_ad_objectClass ) {
+ return 0;
+ }
+
+ rc = bdb_index_param( op->o_bd, desc, LDAP_FILTER_PRESENT,
+ &db, &mask, &prefix );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_presence_candidates: (%s) index_param "
+ "returned=%d\n",
+ desc->ad_cname.bv_val, rc, 0 );
+ return 0;
+ }
+
+ if( db == NULL ) {
+ /* not indexed */
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_presence_candidates: (%s) not indexed\n",
+ desc->ad_cname.bv_val, 0, 0 );
+ return 0;
+ }
+
+ if( prefix.bv_val == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_presence_candidates: (%s) no prefix\n",
+ desc->ad_cname.bv_val, 0, 0 );
+ return -1;
+ }
+
+ rc = bdb_key_read( op->o_bd, db, NULL, &prefix, ids, NULL, 0 );
+
+ if( rc == DB_NOTFOUND ) {
+ BDB_IDL_ZERO( ids );
+ rc = 0;
+ } else if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_presense_candidates: (%s) "
+ "key read failed (%d)\n",
+ desc->ad_cname.bv_val, rc, 0 );
+ goto done;
+ }
+
+ Debug(LDAP_DEBUG_TRACE,
+ "<= bdb_presence_candidates: id=%ld first=%ld last=%ld\n",
+ (long) ids[0],
+ (long) BDB_IDL_FIRST(ids),
+ (long) BDB_IDL_LAST(ids) );
+
+done:
+ return rc;
+}
+
+static int
+equality_candidates(
+ Operation *op,
+ AttributeAssertion *ava,
+ ID *ids,
+ ID *tmp )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db;
+ int i;
+ int rc;
+ slap_mask_t mask;
+ struct berval prefix = {0, NULL};
+ struct berval *keys = NULL;
+ MatchingRule *mr;
+
+ Debug( LDAP_DEBUG_TRACE, "=> bdb_equality_candidates (%s)\n",
+ ava->aa_desc->ad_cname.bv_val, 0, 0 );
+
+ BDB_IDL_ALL( bdb, ids );
+
+ rc = bdb_index_param( op->o_bd, ava->aa_desc, LDAP_FILTER_EQUALITY,
+ &db, &mask, &prefix );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= bdb_equality_candidates: (%s) "
+ "index_param failed (%d)\n",
+ ava->aa_desc->ad_cname.bv_val, rc, 0 );
+ return 0;
+ }
+
+ if ( db == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= bdb_equality_candidates: (%s) not indexed\n",
+ ava->aa_desc->ad_cname.bv_val, 0, 0 );
+ return 0;
+ }
+
+ mr = ava->aa_desc->ad_type->sat_equality;
+ if( !mr ) {
+ return 0;
+ }
+
+ if( !mr->smr_filter ) {
+ return 0;
+ }
+
+ rc = (mr->smr_filter)(
+ LDAP_FILTER_EQUALITY,
+ mask,
+ ava->aa_desc->ad_type->sat_syntax,
+ mr,
+ &prefix,
+ &ava->aa_value,
+ &keys, op->o_tmpmemctx );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_equality_candidates: (%s, %s) "
+ "MR filter failed (%d)\n",
+ prefix.bv_val, ava->aa_desc->ad_cname.bv_val, rc );
+ return 0;
+ }
+
+ if( keys == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_equality_candidates: (%s) no keys\n",
+ ava->aa_desc->ad_cname.bv_val, 0, 0 );
+ return 0;
+ }
+
+ for ( i= 0; keys[i].bv_val != NULL; i++ ) {
+ rc = bdb_key_read( op->o_bd, db, NULL, &keys[i], tmp, NULL, 0 );
+
+ if( rc == DB_NOTFOUND ) {
+ BDB_IDL_ZERO( ids );
+ rc = 0;
+ break;
+ } else if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_equality_candidates: (%s) "
+ "key read failed (%d)\n",
+ ava->aa_desc->ad_cname.bv_val, rc, 0 );
+ break;
+ }
+
+ if( BDB_IDL_IS_ZERO( tmp ) ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_equality_candidates: (%s) NULL\n",
+ ava->aa_desc->ad_cname.bv_val, 0, 0 );
+ BDB_IDL_ZERO( ids );
+ break;
+ }
+
+ if ( i == 0 ) {
+ BDB_IDL_CPY( ids, tmp );
+ } else {
+ bdb_idl_intersection( ids, tmp );
+ }
+
+ if( BDB_IDL_IS_ZERO( ids ) )
+ break;
+ }
+
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_equality_candidates: id=%ld, first=%ld, last=%ld\n",
+ (long) ids[0],
+ (long) BDB_IDL_FIRST(ids),
+ (long) BDB_IDL_LAST(ids) );
+ return( rc );
+}
+
+
+static int
+approx_candidates(
+ Operation *op,
+ AttributeAssertion *ava,
+ ID *ids,
+ ID *tmp )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db;
+ int i;
+ int rc;
+ slap_mask_t mask;
+ struct berval prefix = {0, NULL};
+ struct berval *keys = NULL;
+ MatchingRule *mr;
+
+ Debug( LDAP_DEBUG_TRACE, "=> bdb_approx_candidates (%s)\n",
+ ava->aa_desc->ad_cname.bv_val, 0, 0 );
+
+ BDB_IDL_ALL( bdb, ids );
+
+ rc = bdb_index_param( op->o_bd, ava->aa_desc, LDAP_FILTER_APPROX,
+ &db, &mask, &prefix );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= bdb_approx_candidates: (%s) "
+ "index_param failed (%d)\n",
+ ava->aa_desc->ad_cname.bv_val, rc, 0 );
+ return 0;
+ }
+
+ if ( db == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= bdb_approx_candidates: (%s) not indexed\n",
+ ava->aa_desc->ad_cname.bv_val, 0, 0 );
+ return 0;
+ }
+
+ mr = ava->aa_desc->ad_type->sat_approx;
+ if( !mr ) {
+ /* no approx matching rule, try equality matching rule */
+ mr = ava->aa_desc->ad_type->sat_equality;
+ }
+
+ if( !mr ) {
+ return 0;
+ }
+
+ if( !mr->smr_filter ) {
+ return 0;
+ }
+
+ rc = (mr->smr_filter)(
+ LDAP_FILTER_APPROX,
+ mask,
+ ava->aa_desc->ad_type->sat_syntax,
+ mr,
+ &prefix,
+ &ava->aa_value,
+ &keys, op->o_tmpmemctx );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_approx_candidates: (%s, %s) "
+ "MR filter failed (%d)\n",
+ prefix.bv_val, ava->aa_desc->ad_cname.bv_val, rc );
+ return 0;
+ }
+
+ if( keys == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_approx_candidates: (%s) no keys (%s)\n",
+ prefix.bv_val, ava->aa_desc->ad_cname.bv_val, 0 );
+ return 0;
+ }
+
+ for ( i= 0; keys[i].bv_val != NULL; i++ ) {
+ rc = bdb_key_read( op->o_bd, db, NULL, &keys[i], tmp, NULL, 0 );
+
+ if( rc == DB_NOTFOUND ) {
+ BDB_IDL_ZERO( ids );
+ rc = 0;
+ break;
+ } else if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_approx_candidates: (%s) "
+ "key read failed (%d)\n",
+ ava->aa_desc->ad_cname.bv_val, rc, 0 );
+ break;
+ }
+
+ if( BDB_IDL_IS_ZERO( tmp ) ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_approx_candidates: (%s) NULL\n",
+ ava->aa_desc->ad_cname.bv_val, 0, 0 );
+ BDB_IDL_ZERO( ids );
+ break;
+ }
+
+ if ( i == 0 ) {
+ BDB_IDL_CPY( ids, tmp );
+ } else {
+ bdb_idl_intersection( ids, tmp );
+ }
+
+ if( BDB_IDL_IS_ZERO( ids ) )
+ break;
+ }
+
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+
+ Debug( LDAP_DEBUG_TRACE, "<= bdb_approx_candidates %ld, first=%ld, last=%ld\n",
+ (long) ids[0],
+ (long) BDB_IDL_FIRST(ids),
+ (long) BDB_IDL_LAST(ids) );
+ return( rc );
+}
+
+static int
+substring_candidates(
+ Operation *op,
+ SubstringsAssertion *sub,
+ ID *ids,
+ ID *tmp )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db;
+ int i;
+ int rc;
+ slap_mask_t mask;
+ struct berval prefix = {0, NULL};
+ struct berval *keys = NULL;
+ MatchingRule *mr;
+
+ Debug( LDAP_DEBUG_TRACE, "=> bdb_substring_candidates (%s)\n",
+ sub->sa_desc->ad_cname.bv_val, 0, 0 );
+
+ BDB_IDL_ALL( bdb, ids );
+
+ rc = bdb_index_param( op->o_bd, sub->sa_desc, LDAP_FILTER_SUBSTRINGS,
+ &db, &mask, &prefix );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= bdb_substring_candidates: (%s) "
+ "index_param failed (%d)\n",
+ sub->sa_desc->ad_cname.bv_val, rc, 0 );
+ return 0;
+ }
+
+ if ( db == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= bdb_substring_candidates: (%s) not indexed\n",
+ sub->sa_desc->ad_cname.bv_val, 0, 0 );
+ return 0;
+ }
+
+ mr = sub->sa_desc->ad_type->sat_substr;
+
+ if( !mr ) {
+ return 0;
+ }
+
+ if( !mr->smr_filter ) {
+ return 0;
+ }
+
+ rc = (mr->smr_filter)(
+ LDAP_FILTER_SUBSTRINGS,
+ mask,
+ sub->sa_desc->ad_type->sat_syntax,
+ mr,
+ &prefix,
+ sub,
+ &keys, op->o_tmpmemctx );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_substring_candidates: (%s) "
+ "MR filter failed (%d)\n",
+ sub->sa_desc->ad_cname.bv_val, rc, 0 );
+ return 0;
+ }
+
+ if( keys == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_substring_candidates: (0x%04lx) no keys (%s)\n",
+ mask, sub->sa_desc->ad_cname.bv_val, 0 );
+ return 0;
+ }
+
+ for ( i= 0; keys[i].bv_val != NULL; i++ ) {
+ rc = bdb_key_read( op->o_bd, db, NULL, &keys[i], tmp, NULL, 0 );
+
+ if( rc == DB_NOTFOUND ) {
+ BDB_IDL_ZERO( ids );
+ rc = 0;
+ break;
+ } else if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_substring_candidates: (%s) "
+ "key read failed (%d)\n",
+ sub->sa_desc->ad_cname.bv_val, rc, 0 );
+ break;
+ }
+
+ if( BDB_IDL_IS_ZERO( tmp ) ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_substring_candidates: (%s) NULL\n",
+ sub->sa_desc->ad_cname.bv_val, 0, 0 );
+ BDB_IDL_ZERO( ids );
+ break;
+ }
+
+ if ( i == 0 ) {
+ BDB_IDL_CPY( ids, tmp );
+ } else {
+ bdb_idl_intersection( ids, tmp );
+ }
+
+ if( BDB_IDL_IS_ZERO( ids ) )
+ break;
+ }
+
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+
+ Debug( LDAP_DEBUG_TRACE, "<= bdb_substring_candidates: %ld, first=%ld, last=%ld\n",
+ (long) ids[0],
+ (long) BDB_IDL_FIRST(ids),
+ (long) BDB_IDL_LAST(ids) );
+ return( rc );
+}
+
+static int
+inequality_candidates(
+ Operation *op,
+ AttributeAssertion *ava,
+ ID *ids,
+ ID *tmp,
+ int gtorlt )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ DB *db;
+ int rc;
+ slap_mask_t mask;
+ struct berval prefix = {0, NULL};
+ struct berval *keys = NULL;
+ MatchingRule *mr;
+ DBC * cursor = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "=> bdb_inequality_candidates (%s)\n",
+ ava->aa_desc->ad_cname.bv_val, 0, 0 );
+
+ BDB_IDL_ALL( bdb, ids );
+
+ rc = bdb_index_param( op->o_bd, ava->aa_desc, LDAP_FILTER_EQUALITY,
+ &db, &mask, &prefix );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= bdb_inequality_candidates: (%s) "
+ "index_param failed (%d)\n",
+ ava->aa_desc->ad_cname.bv_val, rc, 0 );
+ return 0;
+ }
+
+ if ( db == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= bdb_inequality_candidates: (%s) not indexed\n",
+ ava->aa_desc->ad_cname.bv_val, 0, 0 );
+ return 0;
+ }
+
+ mr = ava->aa_desc->ad_type->sat_equality;
+ if( !mr ) {
+ return 0;
+ }
+
+ if( !mr->smr_filter ) {
+ return 0;
+ }
+
+ rc = (mr->smr_filter)(
+ LDAP_FILTER_EQUALITY,
+ mask,
+ ava->aa_desc->ad_type->sat_syntax,
+ mr,
+ &prefix,
+ &ava->aa_value,
+ &keys, op->o_tmpmemctx );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_inequality_candidates: (%s, %s) "
+ "MR filter failed (%d)\n",
+ prefix.bv_val, ava->aa_desc->ad_cname.bv_val, rc );
+ return 0;
+ }
+
+ if( keys == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_inequality_candidates: (%s) no keys\n",
+ ava->aa_desc->ad_cname.bv_val, 0, 0 );
+ return 0;
+ }
+
+ BDB_IDL_ZERO( ids );
+ while(1) {
+ rc = bdb_key_read( op->o_bd, db, NULL, &keys[0], tmp, &cursor, gtorlt );
+
+ if( rc == DB_NOTFOUND ) {
+ rc = 0;
+ break;
+ } else if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_inequality_candidates: (%s) "
+ "key read failed (%d)\n",
+ ava->aa_desc->ad_cname.bv_val, rc, 0 );
+ break;
+ }
+
+ if( BDB_IDL_IS_ZERO( tmp ) ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_inequality_candidates: (%s) NULL\n",
+ ava->aa_desc->ad_cname.bv_val, 0, 0 );
+ break;
+ }
+
+ bdb_idl_union( ids, tmp );
+
+ if( op->ors_limit && op->ors_limit->lms_s_unchecked != -1 &&
+ BDB_IDL_N( ids ) >= (unsigned) op->ors_limit->lms_s_unchecked ) {
+ cursor->c_close( cursor );
+ break;
+ }
+ }
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "<= bdb_inequality_candidates: id=%ld, first=%ld, last=%ld\n",
+ (long) ids[0],
+ (long) BDB_IDL_FIRST(ids),
+ (long) BDB_IDL_LAST(ids) );
+ return( rc );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/id2entry.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/id2entry.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/id2entry.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,440 @@
+/* id2entry.c - routines to deal with the id2entry database */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/id2entry.c,v 1.62.2.10 2007/01/25 12:39:23 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-bdb.h"
+
+static int bdb_id2entry_put(
+ BackendDB *be,
+ DB_TXN *tid,
+ Entry *e,
+ int flag )
+{
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ DB *db = bdb->bi_id2entry->bdi_db;
+ DBT key, data;
+ struct berval bv;
+ int rc;
+ ID nid;
+#ifdef BDB_HIER
+ struct berval odn, ondn;
+
+ /* We only store rdns, and they go in the dn2id database. */
+
+ odn = e->e_name; ondn = e->e_nname;
+
+ e->e_name = slap_empty_bv;
+ e->e_nname = slap_empty_bv;
+#endif
+ DBTzero( &key );
+
+ /* Store ID in BigEndian format */
+ key.data = &nid;
+ key.size = sizeof(ID);
+ BDB_ID2DISK( e->e_id, &nid );
+
+ rc = entry_encode( e, &bv );
+#ifdef BDB_HIER
+ e->e_name = odn; e->e_nname = ondn;
+#endif
+ if( rc != LDAP_SUCCESS ) {
+ return -1;
+ }
+
+ DBTzero( &data );
+ bv2DBT( &bv, &data );
+
+ rc = db->put( db, tid, &key, &data, flag );
+
+ free( bv.bv_val );
+ return rc;
+}
+
+/*
+ * This routine adds (or updates) an entry on disk.
+ * The cache should be already be updated.
+ */
+
+
+int bdb_id2entry_add(
+ BackendDB *be,
+ DB_TXN *tid,
+ Entry *e )
+{
+ return bdb_id2entry_put(be, tid, e, DB_NOOVERWRITE);
+}
+
+int bdb_id2entry_update(
+ BackendDB *be,
+ DB_TXN *tid,
+ Entry *e )
+{
+ return bdb_id2entry_put(be, tid, e, 0);
+}
+
+int bdb_id2entry(
+ BackendDB *be,
+ DB_TXN *tid,
+ u_int32_t locker,
+ ID id,
+ Entry **e )
+{
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ DB *db = bdb->bi_id2entry->bdi_db;
+ DBT key, data;
+ DBC *cursor;
+ struct berval bv;
+ int rc = 0;
+ ID nid;
+
+ *e = NULL;
+
+ DBTzero( &key );
+ key.data = &nid;
+ key.size = sizeof(ID);
+ BDB_ID2DISK( id, &nid );
+
+ DBTzero( &data );
+ data.flags = DB_DBT_MALLOC;
+
+ /* fetch it */
+ rc = db->cursor( db, tid, &cursor, bdb->bi_db_opflags );
+ if ( rc ) return rc;
+
+ /* Use our own locker if needed */
+ if ( !tid && locker )
+ cursor->locker = locker;
+
+ rc = cursor->c_get( cursor, &key, &data, DB_SET );
+ cursor->c_close( cursor );
+
+ if( rc != 0 ) {
+ return rc;
+ }
+
+ DBT2bv( &data, &bv );
+
+#ifdef SLAP_ZONE_ALLOC
+ rc = entry_decode(&bv, e, bdb->bi_cache.c_zctx);
+#else
+ rc = entry_decode(&bv, e);
+#endif
+
+ if( rc == 0 ) {
+ (*e)->e_id = id;
+ } else {
+ /* only free on error. On success, the entry was
+ * decoded in place.
+ */
+#ifndef SLAP_ZONE_ALLOC
+ ch_free(data.data);
+#endif
+ }
+#ifdef SLAP_ZONE_ALLOC
+ ch_free(data.data);
+#endif
+
+ return rc;
+}
+
+int bdb_id2entry_delete(
+ BackendDB *be,
+ DB_TXN *tid,
+ Entry *e )
+{
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ DB *db = bdb->bi_id2entry->bdi_db;
+ DBT key;
+ int rc;
+ ID nid;
+
+ DBTzero( &key );
+ key.data = &nid;
+ key.size = sizeof(ID);
+ BDB_ID2DISK( e->e_id, &nid );
+
+ /* delete from database */
+ rc = db->del( db, tid, &key, 0 );
+
+ return rc;
+}
+
+#ifdef SLAP_ZONE_ALLOC
+int bdb_entry_return(
+ struct bdb_info *bdb,
+ Entry *e,
+ int zseq
+)
+#else
+int bdb_entry_return(
+ Entry *e
+)
+#endif
+{
+#ifdef SLAP_ZONE_ALLOC
+ if (!slap_zn_validate(bdb->bi_cache.c_zctx, e, zseq)) {
+ return 0;
+ }
+#endif
+ /* Our entries are allocated in two blocks; the data comes from
+ * the db itself and the Entry structure and associated pointers
+ * are allocated in entry_decode. The db data pointer is saved
+ * in e_bv. Since the Entry structure is allocated as a single
+ * block, e_attrs is always a fixed offset from e. The exception
+ * is when an entry has been modified, in which case we also need
+ * to free e_attrs.
+ */
+
+#ifdef LDAP_COMP_MATCH
+ comp_tree_free( e->e_attrs );
+#endif
+ if( !e->e_bv.bv_val ) { /* Entry added by do_add */
+ entry_free( e );
+ return 0;
+ }
+ if( (void *) e->e_attrs != (void *) (e+1)) {
+ attrs_free( e->e_attrs );
+ }
+
+ /* See if the DNs were changed by modrdn */
+ if( e->e_nname.bv_val < e->e_bv.bv_val || e->e_nname.bv_val >
+ e->e_bv.bv_val + e->e_bv.bv_len ) {
+ ch_free(e->e_name.bv_val);
+ ch_free(e->e_nname.bv_val);
+ e->e_name.bv_val = NULL;
+ e->e_nname.bv_val = NULL;
+ }
+#ifndef SLAP_ZONE_ALLOC
+ /* In tool mode the e_bv buffer is realloc'd, leave it alone */
+ if( !(slapMode & SLAP_TOOL_MODE) ) {
+ free( e->e_bv.bv_val );
+ }
+#endif /* !SLAP_ZONE_ALLOC */
+
+#ifdef SLAP_ZONE_ALLOC
+ slap_zn_free( e, bdb->bi_cache.c_zctx );
+#else
+ free( e );
+#endif
+
+ return 0;
+}
+
+int bdb_entry_release(
+ Operation *op,
+ Entry *e,
+ int rw )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ struct bdb_op_info *boi = NULL;
+
+ /* slapMode : SLAP_SERVER_MODE, SLAP_TOOL_MODE,
+ SLAP_TRUNCATE_MODE, SLAP_UNDEFINED_MODE */
+
+ if ( slapMode == SLAP_SERVER_MODE ) {
+ /* If not in our cache, just free it */
+ if ( !e->e_private ) {
+#ifdef SLAP_ZONE_ALLOC
+ return bdb_entry_return( bdb, e, -1 );
+#else
+ return bdb_entry_return( e );
+#endif
+ }
+ /* free entry and reader or writer lock */
+ boi = (struct bdb_op_info *)op->o_private;
+
+ /* lock is freed with txn */
+ if ( !boi || boi->boi_txn ) {
+ bdb_unlocked_cache_return_entry_rw( &bdb->bi_cache, e, rw );
+ } else {
+ struct bdb_lock_info *bli, *prev;
+ for ( prev=(struct bdb_lock_info *)&boi->boi_locks,
+ bli = boi->boi_locks; bli; prev=bli, bli=bli->bli_next ) {
+ if ( bli->bli_id == e->e_id ) {
+ bdb_cache_return_entry_rw( bdb->bi_dbenv, &bdb->bi_cache,
+ e, rw, &bli->bli_lock );
+ prev->bli_next = bli->bli_next;
+ op->o_tmpfree( bli, op->o_tmpmemctx );
+ break;
+ }
+ }
+ if ( !boi->boi_locks ) {
+ op->o_tmpfree( boi, op->o_tmpmemctx );
+ op->o_private = NULL;
+ }
+ }
+ } else {
+#ifdef SLAP_ZONE_ALLOC
+ int zseq = -1;
+ if (e->e_private != NULL) {
+ BEI(e)->bei_e = NULL;
+ zseq = BEI(e)->bei_zseq;
+ }
+#else
+ if (e->e_private != NULL)
+ BEI(e)->bei_e = NULL;
+#endif
+ e->e_private = NULL;
+#ifdef SLAP_ZONE_ALLOC
+ bdb_entry_return ( bdb, e, zseq );
+#else
+ bdb_entry_return ( e );
+#endif
+ }
+
+ return 0;
+}
+
+/* return LDAP_SUCCESS IFF we can retrieve the specified entry.
+ */
+int bdb_entry_get(
+ Operation *op,
+ struct berval *ndn,
+ ObjectClass *oc,
+ AttributeDescription *at,
+ int rw,
+ Entry **ent )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ struct bdb_op_info *boi = NULL;
+ DB_TXN *txn = NULL;
+ Entry *e = NULL;
+ EntryInfo *ei;
+ int rc;
+ const char *at_name = at ? at->ad_cname.bv_val : "(null)";
+
+ u_int32_t locker = 0;
+ DB_LOCK lock;
+ int free_lock_id = 0;
+
+ Debug( LDAP_DEBUG_ARGS,
+ "=> bdb_entry_get: ndn: \"%s\"\n", ndn->bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_ARGS,
+ "=> bdb_entry_get: oc: \"%s\", at: \"%s\"\n",
+ oc ? oc->soc_cname.bv_val : "(null)", at_name, 0);
+
+ if( op ) boi = (struct bdb_op_info *) op->o_private;
+ if( boi != NULL && op->o_bd->be_private == boi->boi_bdb->be_private ) {
+ txn = boi->boi_txn;
+ locker = boi->boi_locker;
+ }
+
+ if ( txn != NULL ) {
+ locker = TXN_ID ( txn );
+ } else if ( !locker ) {
+ rc = LOCK_ID ( bdb->bi_dbenv, &locker );
+ free_lock_id = 1;
+ switch(rc) {
+ case 0:
+ break;
+ default:
+ return LDAP_OTHER;
+ }
+ }
+
+dn2entry_retry:
+ /* can we find entry */
+ rc = bdb_dn2entry( op, txn, ndn, &ei, 0, locker, &lock );
+ switch( rc ) {
+ case DB_NOTFOUND:
+ case 0:
+ break;
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ /* the txn must abort and retry */
+ if ( txn ) {
+ boi->boi_err = rc;
+ return LDAP_BUSY;
+ }
+ ldap_pvt_thread_yield();
+ goto dn2entry_retry;
+ default:
+ if ( boi ) boi->boi_err = rc;
+ if ( free_lock_id ) {
+ LOCK_ID_FREE( bdb->bi_dbenv, locker );
+ }
+ return (rc != LDAP_BUSY) ? LDAP_OTHER : LDAP_BUSY;
+ }
+ if (ei) e = ei->bei_e;
+ if (e == NULL) {
+ Debug( LDAP_DEBUG_ACL,
+ "=> bdb_entry_get: cannot find entry: \"%s\"\n",
+ ndn->bv_val, 0, 0 );
+ if ( free_lock_id ) {
+ LOCK_ID_FREE( bdb->bi_dbenv, locker );
+ }
+ return LDAP_NO_SUCH_OBJECT;
+ }
+
+ Debug( LDAP_DEBUG_ACL,
+ "=> bdb_entry_get: found entry: \"%s\"\n",
+ ndn->bv_val, 0, 0 );
+
+ if ( oc && !is_entry_objectclass( e, oc, 0 )) {
+ Debug( LDAP_DEBUG_ACL,
+ "<= bdb_entry_get: failed to find objectClass %s\n",
+ oc->soc_cname.bv_val, 0, 0 );
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ goto return_results;
+ }
+
+return_results:
+ if( rc != LDAP_SUCCESS ) {
+ /* free entry */
+ bdb_cache_return_entry_rw(bdb->bi_dbenv, &bdb->bi_cache, e, rw, &lock);
+
+ } else {
+ if ( slapMode == SLAP_SERVER_MODE ) {
+ *ent = e;
+ /* big drag. we need a place to store a read lock so we can
+ * release it later?? If we're in a txn, nothing is needed
+ * here because the locks will go away with the txn.
+ */
+ if ( op ) {
+ if ( !boi ) {
+ boi = op->o_tmpcalloc(1,sizeof(struct bdb_op_info),op->o_tmpmemctx);
+ boi->boi_bdb = op->o_bd;
+ op->o_private = boi;
+ }
+ if ( !boi->boi_txn ) {
+ struct bdb_lock_info *bli;
+ bli = op->o_tmpalloc( sizeof(struct bdb_lock_info),
+ op->o_tmpmemctx );
+ bli->bli_next = boi->boi_locks;
+ bli->bli_id = e->e_id;
+ bli->bli_lock = lock;
+ boi->boi_locks = bli;
+ }
+ }
+ } else {
+ *ent = entry_dup( e );
+ bdb_cache_return_entry_rw(bdb->bi_dbenv, &bdb->bi_cache, e, rw, &lock);
+ }
+ }
+
+ if ( free_lock_id ) {
+ LOCK_ID_FREE( bdb->bi_dbenv, locker );
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "bdb_entry_get: rc=%d\n",
+ rc, 0, 0 );
+ return(rc);
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/idl.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/idl.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/idl.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1554 @@
+/* idl.c - ldap id list handling routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/idl.c,v 1.94.2.15 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-bdb.h"
+#include "idl.h"
+
+#define IDL_MAX(x,y) ( x > y ? x : y )
+#define IDL_MIN(x,y) ( x < y ? x : y )
+
+#define IDL_CMP(x,y) ( x < y ? -1 : ( x > y ? 1 : 0 ) )
+
+#define IDL_LRU_DELETE( bdb, e ) do { \
+ if ( e->idl_lru_prev != NULL ) { \
+ e->idl_lru_prev->idl_lru_next = e->idl_lru_next; \
+ } else { \
+ bdb->bi_idl_lru_head = e->idl_lru_next; \
+ } \
+ if ( e->idl_lru_next != NULL ) { \
+ e->idl_lru_next->idl_lru_prev = e->idl_lru_prev; \
+ } else { \
+ bdb->bi_idl_lru_tail = e->idl_lru_prev; \
+ } \
+} while ( 0 )
+
+#define IDL_LRU_ADD( bdb, e ) do { \
+ e->idl_lru_next = bdb->bi_idl_lru_head; \
+ if ( e->idl_lru_next != NULL ) { \
+ e->idl_lru_next->idl_lru_prev = (e); \
+ } \
+ (bdb)->bi_idl_lru_head = (e); \
+ e->idl_lru_prev = NULL; \
+ if ( (bdb)->bi_idl_lru_tail == NULL ) { \
+ (bdb)->bi_idl_lru_tail = (e); \
+ } \
+} while ( 0 )
+
+static int
+bdb_idl_entry_cmp( const void *v_idl1, const void *v_idl2 )
+{
+ const bdb_idl_cache_entry_t *idl1 = v_idl1, *idl2 = v_idl2;
+ int rc;
+
+ if ((rc = SLAP_PTRCMP( idl1->db, idl2->db ))) return rc;
+ if ((rc = idl1->kstr.bv_len - idl2->kstr.bv_len )) return rc;
+ return ( memcmp ( idl1->kstr.bv_val, idl2->kstr.bv_val , idl1->kstr.bv_len ) );
+}
+
+#if IDL_DEBUG > 0
+static void idl_check( ID *ids )
+{
+ if( BDB_IDL_IS_RANGE( ids ) ) {
+ assert( BDB_IDL_RANGE_FIRST(ids) <= BDB_IDL_RANGE_LAST(ids) );
+ } else {
+ ID i;
+ for( i=1; i < ids[0]; i++ ) {
+ assert( ids[i+1] > ids[i] );
+ }
+ }
+}
+
+#if IDL_DEBUG > 1
+static void idl_dump( ID *ids )
+{
+ if( BDB_IDL_IS_RANGE( ids ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "IDL: range ( %ld - %ld )\n",
+ (long) BDB_IDL_RANGE_FIRST( ids ),
+ (long) BDB_IDL_RANGE_LAST( ids ) );
+
+ } else {
+ ID i;
+ Debug( LDAP_DEBUG_ANY, "IDL: size %ld", (long) ids[0], 0, 0 );
+
+ for( i=1; i<=ids[0]; i++ ) {
+ if( i % 16 == 1 ) {
+ Debug( LDAP_DEBUG_ANY, "\n", 0, 0, 0 );
+ }
+ Debug( LDAP_DEBUG_ANY, " %02lx", (long) ids[i], 0, 0 );
+ }
+
+ Debug( LDAP_DEBUG_ANY, "\n", 0, 0, 0 );
+ }
+
+ idl_check( ids );
+}
+#endif /* IDL_DEBUG > 1 */
+#endif /* IDL_DEBUG > 0 */
+
+unsigned bdb_idl_search( ID *ids, ID id )
+{
+#define IDL_BINARY_SEARCH 1
+#ifdef IDL_BINARY_SEARCH
+ /*
+ * binary search of id in ids
+ * if found, returns position of id
+ * if not found, returns first postion greater than id
+ */
+ unsigned base = 0;
+ unsigned cursor = 0;
+ int val = 0;
+ unsigned n = ids[0];
+
+#if IDL_DEBUG > 0
+ idl_check( ids );
+#endif
+
+ while( 0 < n ) {
+ int pivot = n >> 1;
+ cursor = base + pivot;
+ val = IDL_CMP( id, ids[cursor + 1] );
+
+ if( val < 0 ) {
+ n = pivot;
+
+ } else if ( val > 0 ) {
+ base = cursor + 1;
+ n -= pivot + 1;
+
+ } else {
+ return cursor + 1;
+ }
+ }
+
+ if( val > 0 ) {
+ return cursor + 2;
+ } else {
+ return cursor + 1;
+ }
+
+#else
+ /* (reverse) linear search */
+ int i;
+
+#if IDL_DEBUG > 0
+ idl_check( ids );
+#endif
+
+ for( i=ids[0]; i; i-- ) {
+ if( id > ids[i] ) {
+ break;
+ }
+ }
+
+ return i+1;
+#endif
+}
+
+int bdb_idl_insert( ID *ids, ID id )
+{
+ unsigned x;
+
+#if IDL_DEBUG > 1
+ Debug( LDAP_DEBUG_ANY, "insert: %04lx at %d\n", (long) id, x, 0 );
+ idl_dump( ids );
+#elif IDL_DEBUG > 0
+ idl_check( ids );
+#endif
+
+ if (BDB_IDL_IS_RANGE( ids )) {
+ /* if already in range, treat as a dup */
+ if (id >= BDB_IDL_FIRST(ids) && id <= BDB_IDL_LAST(ids))
+ return -1;
+ if (id < BDB_IDL_FIRST(ids))
+ ids[1] = id;
+ else if (id > BDB_IDL_LAST(ids))
+ ids[2] = id;
+ return 0;
+ }
+
+ x = bdb_idl_search( ids, id );
+ assert( x > 0 );
+
+ if( x < 1 ) {
+ /* internal error */
+ return -2;
+ }
+
+ if ( x <= ids[0] && ids[x] == id ) {
+ /* duplicate */
+ return -1;
+ }
+
+ if ( ++ids[0] >= BDB_IDL_DB_MAX ) {
+ if( id < ids[1] ) {
+ ids[1] = id;
+ ids[2] = ids[ids[0]-1];
+ } else if ( ids[ids[0]-1] < id ) {
+ ids[2] = id;
+ } else {
+ ids[2] = ids[ids[0]-1];
+ }
+ ids[0] = NOID;
+
+ } else {
+ /* insert id */
+ AC_MEMCPY( &ids[x+1], &ids[x], (ids[0]-x) * sizeof(ID) );
+ ids[x] = id;
+ }
+
+#if IDL_DEBUG > 1
+ idl_dump( ids );
+#elif IDL_DEBUG > 0
+ idl_check( ids );
+#endif
+
+ return 0;
+}
+
+static int bdb_idl_delete( ID *ids, ID id )
+{
+ unsigned x;
+
+#if IDL_DEBUG > 1
+ Debug( LDAP_DEBUG_ANY, "delete: %04lx at %d\n", (long) id, x, 0 );
+ idl_dump( ids );
+#elif IDL_DEBUG > 0
+ idl_check( ids );
+#endif
+
+ if (BDB_IDL_IS_RANGE( ids )) {
+ /* If deleting a range boundary, adjust */
+ if ( ids[1] == id )
+ ids[1]++;
+ else if ( ids[2] == id )
+ ids[2]--;
+ /* deleting from inside a range is a no-op */
+
+ /* If the range has collapsed, re-adjust */
+ if ( ids[1] > ids[2] )
+ ids[0] = 0;
+ else if ( ids[1] == ids[2] )
+ ids[1] = 1;
+ return 0;
+ }
+
+ x = bdb_idl_search( ids, id );
+ assert( x > 0 );
+
+ if( x <= 0 ) {
+ /* internal error */
+ return -2;
+ }
+
+ if( x > ids[0] || ids[x] != id ) {
+ /* not found */
+ return -1;
+
+ } else if ( --ids[0] == 0 ) {
+ if( x != 1 ) {
+ return -3;
+ }
+
+ } else {
+ AC_MEMCPY( &ids[x], &ids[x+1], (1+ids[0]-x) * sizeof(ID) );
+ }
+
+#if IDL_DEBUG > 1
+ idl_dump( ids );
+#elif IDL_DEBUG > 0
+ idl_check( ids );
+#endif
+
+ return 0;
+}
+
+static char *
+bdb_show_key(
+ DBT *key,
+ char *buf )
+{
+ if ( key->size == 4 /* LUTIL_HASH_BYTES */ ) {
+ unsigned char *c = key->data;
+ sprintf( buf, "[%02x%02x%02x%02x]", c[0], c[1], c[2], c[3] );
+ return buf;
+ } else {
+ return key->data;
+ }
+}
+
+/* Find a db/key pair in the IDL cache. If ids is non-NULL,
+ * copy the cached IDL into it, otherwise just return the status.
+ */
+int
+bdb_idl_cache_get(
+ struct bdb_info *bdb,
+ DB *db,
+ DBT *key,
+ ID *ids )
+{
+ bdb_idl_cache_entry_t idl_tmp;
+ bdb_idl_cache_entry_t *matched_idl_entry;
+ int rc = LDAP_NO_SUCH_OBJECT;
+
+ DBT2bv( key, &idl_tmp.kstr );
+ idl_tmp.db = db;
+ ldap_pvt_thread_rdwr_rlock( &bdb->bi_idl_tree_rwlock );
+ matched_idl_entry = avl_find( bdb->bi_idl_tree, &idl_tmp,
+ bdb_idl_entry_cmp );
+ if ( matched_idl_entry != NULL ) {
+ if ( matched_idl_entry->idl && ids )
+ BDB_IDL_CPY( ids, matched_idl_entry->idl );
+ ldap_pvt_thread_mutex_lock( &bdb->bi_idl_tree_lrulock );
+ IDL_LRU_DELETE( bdb, matched_idl_entry );
+ IDL_LRU_ADD( bdb, matched_idl_entry );
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_idl_tree_lrulock );
+ if ( matched_idl_entry->idl )
+ rc = LDAP_SUCCESS;
+ else
+ rc = DB_NOTFOUND;
+ }
+ ldap_pvt_thread_rdwr_runlock( &bdb->bi_idl_tree_rwlock );
+
+ return rc;
+}
+
+void
+bdb_idl_cache_put(
+ struct bdb_info *bdb,
+ DB *db,
+ DBT *key,
+ ID *ids,
+ int rc )
+{
+ bdb_idl_cache_entry_t idl_tmp;
+ bdb_idl_cache_entry_t *ee;
+
+ if ( rc == DB_NOTFOUND || BDB_IDL_IS_ZERO( ids ))
+ return;
+
+ DBT2bv( key, &idl_tmp.kstr );
+
+ ee = (bdb_idl_cache_entry_t *) ch_malloc(
+ sizeof( bdb_idl_cache_entry_t ) );
+ ee->db = db;
+ ee->idl = (ID*) ch_malloc( BDB_IDL_SIZEOF ( ids ) );
+ BDB_IDL_CPY( ee->idl, ids );
+
+ ee->idl_lru_prev = NULL;
+ ee->idl_lru_next = NULL;
+ ber_dupbv( &ee->kstr, &idl_tmp.kstr );
+ ldap_pvt_thread_rdwr_wlock( &bdb->bi_idl_tree_rwlock );
+ if ( avl_insert( &bdb->bi_idl_tree, (caddr_t) ee,
+ bdb_idl_entry_cmp, avl_dup_error ))
+ {
+ ch_free( ee->kstr.bv_val );
+ ch_free( ee->idl );
+ ch_free( ee );
+ ldap_pvt_thread_rdwr_wunlock( &bdb->bi_idl_tree_rwlock );
+ return;
+ }
+ ldap_pvt_thread_mutex_lock( &bdb->bi_idl_tree_lrulock );
+ IDL_LRU_ADD( bdb, ee );
+ if ( ++bdb->bi_idl_cache_size > bdb->bi_idl_cache_max_size ) {
+ int i = 0;
+ while ( bdb->bi_idl_lru_tail != NULL && i < 10 ) {
+ ee = bdb->bi_idl_lru_tail;
+ if ( avl_delete( &bdb->bi_idl_tree, (caddr_t) ee,
+ bdb_idl_entry_cmp ) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "=> bdb_idl_cache_put: "
+ "AVL delete failed\n",
+ 0, 0, 0 );
+ }
+ IDL_LRU_DELETE( bdb, ee );
+ i++;
+ --bdb->bi_idl_cache_size;
+ ch_free( ee->kstr.bv_val );
+ ch_free( ee->idl );
+ ch_free( ee );
+ }
+ }
+
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_idl_tree_lrulock );
+ ldap_pvt_thread_rdwr_wunlock( &bdb->bi_idl_tree_rwlock );
+}
+
+void
+bdb_idl_cache_del(
+ struct bdb_info *bdb,
+ DB *db,
+ DBT *key )
+{
+ bdb_idl_cache_entry_t *matched_idl_entry, idl_tmp;
+ DBT2bv( key, &idl_tmp.kstr );
+ idl_tmp.db = db;
+ ldap_pvt_thread_rdwr_wlock( &bdb->bi_idl_tree_rwlock );
+ matched_idl_entry = avl_find( bdb->bi_idl_tree, &idl_tmp,
+ bdb_idl_entry_cmp );
+ if ( matched_idl_entry != NULL ) {
+ if ( avl_delete( &bdb->bi_idl_tree, (caddr_t) matched_idl_entry,
+ bdb_idl_entry_cmp ) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "=> bdb_idl_cache_del: "
+ "AVL delete failed\n",
+ 0, 0, 0 );
+ }
+ --bdb->bi_idl_cache_size;
+ ldap_pvt_thread_mutex_lock( &bdb->bi_idl_tree_lrulock );
+ IDL_LRU_DELETE( bdb, matched_idl_entry );
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_idl_tree_lrulock );
+ free( matched_idl_entry->kstr.bv_val );
+ if ( matched_idl_entry->idl )
+ free( matched_idl_entry->idl );
+ free( matched_idl_entry );
+ }
+ ldap_pvt_thread_rdwr_wunlock( &bdb->bi_idl_tree_rwlock );
+}
+
+void
+bdb_idl_cache_add_id(
+ struct bdb_info *bdb,
+ DB *db,
+ DBT *key,
+ ID id )
+{
+ bdb_idl_cache_entry_t *cache_entry, idl_tmp;
+ DBT2bv( key, &idl_tmp.kstr );
+ idl_tmp.db = db;
+ ldap_pvt_thread_rdwr_wlock( &bdb->bi_idl_tree_rwlock );
+ cache_entry = avl_find( bdb->bi_idl_tree, &idl_tmp,
+ bdb_idl_entry_cmp );
+ if ( cache_entry != NULL ) {
+ if ( !BDB_IDL_IS_RANGE( cache_entry->idl ) &&
+ cache_entry->idl[0] < BDB_IDL_DB_MAX ) {
+ size_t s = BDB_IDL_SIZEOF( cache_entry->idl ) + sizeof(ID);
+ cache_entry->idl = ch_realloc( cache_entry->idl, s );
+ }
+ bdb_idl_insert( cache_entry->idl, id );
+ }
+ ldap_pvt_thread_rdwr_wunlock( &bdb->bi_idl_tree_rwlock );
+}
+
+void
+bdb_idl_cache_del_id(
+ struct bdb_info *bdb,
+ DB *db,
+ DBT *key,
+ ID id )
+{
+ bdb_idl_cache_entry_t *cache_entry, idl_tmp;
+ DBT2bv( key, &idl_tmp.kstr );
+ idl_tmp.db = db;
+ ldap_pvt_thread_rdwr_wlock( &bdb->bi_idl_tree_rwlock );
+ cache_entry = avl_find( bdb->bi_idl_tree, &idl_tmp,
+ bdb_idl_entry_cmp );
+ if ( cache_entry != NULL ) {
+ bdb_idl_delete( cache_entry->idl, id );
+ if ( cache_entry->idl[0] == 0 ) {
+ if ( avl_delete( &bdb->bi_idl_tree, (caddr_t) cache_entry,
+ bdb_idl_entry_cmp ) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "=> bdb_idl_cache_del: "
+ "AVL delete failed\n",
+ 0, 0, 0 );
+ }
+ --bdb->bi_idl_cache_size;
+ ldap_pvt_thread_mutex_lock( &bdb->bi_idl_tree_lrulock );
+ IDL_LRU_DELETE( bdb, cache_entry );
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_idl_tree_lrulock );
+ free( cache_entry->kstr.bv_val );
+ free( cache_entry->idl );
+ free( cache_entry );
+ }
+ }
+ ldap_pvt_thread_rdwr_wunlock( &bdb->bi_idl_tree_rwlock );
+}
+
+int
+bdb_idl_fetch_key(
+ BackendDB *be,
+ DB *db,
+ DB_TXN *tid,
+ DBT *key,
+ ID *ids,
+ DBC **saved_cursor,
+ int get_flag )
+{
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ int rc;
+ DBT data, key2, *kptr;
+ DBC *cursor;
+ ID *i;
+ void *ptr;
+ size_t len;
+ int rc2;
+ int flags = bdb->bi_db_opflags | DB_MULTIPLE;
+ int opflag;
+
+ /* If using BerkeleyDB 4.0, the buf must be large enough to
+ * grab the entire IDL in one get(), otherwise BDB will leak
+ * resources on subsequent get's. We can safely call get()
+ * twice - once for the data, and once to get the DB_NOTFOUND
+ * result meaning there's no more data. See ITS#2040 for details.
+ * This bug is fixed in BDB 4.1 so a smaller buffer will work if
+ * stack space is too limited.
+ *
+ * configure now requires Berkeley DB 4.1.
+ */
+#if DB_VERSION_FULL < 0x04010000
+# define BDB_ENOUGH 5
+#else
+ /* We sometimes test with tiny IDLs, and BDB always wants buffers
+ * that are at least one page in size.
+ */
+# if BDB_IDL_DB_SIZE < 4096
+# define BDB_ENOUGH 2048
+# else
+# define BDB_ENOUGH 1
+# endif
+#endif
+ ID buf[BDB_IDL_DB_SIZE*BDB_ENOUGH];
+
+ char keybuf[16];
+
+ Debug( LDAP_DEBUG_ARGS,
+ "bdb_idl_fetch_key: %s\n",
+ bdb_show_key( key, keybuf ), 0, 0 );
+
+ assert( ids != NULL );
+
+ if ( saved_cursor && *saved_cursor ) {
+ opflag = DB_NEXT;
+ } else if ( get_flag == LDAP_FILTER_GE ) {
+ opflag = DB_SET_RANGE;
+ } else if ( get_flag == LDAP_FILTER_LE ) {
+ opflag = DB_FIRST;
+ } else {
+ opflag = DB_SET;
+ }
+
+ /* only non-range lookups can use the IDL cache */
+ if ( bdb->bi_idl_cache_size && opflag == DB_SET ) {
+ rc = bdb_idl_cache_get( bdb, db, key, ids );
+ if ( rc != LDAP_NO_SUCH_OBJECT ) return rc;
+ }
+
+ DBTzero( &data );
+
+ data.data = buf;
+ data.ulen = sizeof(buf);
+ data.flags = DB_DBT_USERMEM;
+
+ /* If we're not reusing an existing cursor, get a new one */
+ if( opflag != DB_NEXT ) {
+ rc = db->cursor( db, tid, &cursor, bdb->bi_db_opflags );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "=> bdb_idl_fetch_key: "
+ "cursor failed: %s (%d)\n", db_strerror(rc), rc, 0 );
+ return rc;
+ }
+ } else {
+ cursor = *saved_cursor;
+ }
+
+ /* If this is a LE lookup, save original key so we can determine
+ * when to stop. If this is a GE lookup, save the key since it
+ * will be overwritten.
+ */
+ if ( get_flag == LDAP_FILTER_LE || get_flag == LDAP_FILTER_GE ) {
+ DBTzero( &key2 );
+ key2.flags = DB_DBT_USERMEM;
+ key2.ulen = sizeof(keybuf);
+ key2.data = keybuf;
+ key2.size = key->size;
+ AC_MEMCPY( keybuf, key->data, key->size );
+ kptr = &key2;
+ } else {
+ kptr = key;
+ }
+ len = key->size;
+ rc = cursor->c_get( cursor, kptr, &data, flags | opflag );
+
+ /* skip presence key on range inequality lookups */
+ while (rc == 0 && kptr->size != len) {
+ rc = cursor->c_get( cursor, kptr, &data, flags | DB_NEXT_NODUP );
+ }
+ /* If we're doing a LE compare and the new key is greater than
+ * our search key, we're done
+ */
+ if (rc == 0 && get_flag == LDAP_FILTER_LE && memcmp( kptr->data,
+ key->data, key->size ) > 0 ) {
+ rc = DB_NOTFOUND;
+ }
+ if (rc == 0) {
+ i = ids;
+ while (rc == 0) {
+ u_int8_t *j;
+
+ DB_MULTIPLE_INIT( ptr, &data );
+ while (ptr) {
+ DB_MULTIPLE_NEXT(ptr, &data, j, len);
+ if (j) {
+ ++i;
+ BDB_DISK2ID( j, i );
+ }
+ }
+ rc = cursor->c_get( cursor, key, &data, flags | DB_NEXT_DUP );
+ }
+ if ( rc == DB_NOTFOUND ) rc = 0;
+ ids[0] = i - ids;
+ /* On disk, a range is denoted by 0 in the first element */
+ if (ids[1] == 0) {
+ if (ids[0] != BDB_IDL_RANGE_SIZE) {
+ Debug( LDAP_DEBUG_ANY, "=> bdb_idl_fetch_key: "
+ "range size mismatch: expected %d, got %ld\n",
+ BDB_IDL_RANGE_SIZE, ids[0], 0 );
+ cursor->c_close( cursor );
+ return -1;
+ }
+ BDB_IDL_RANGE( ids, ids[2], ids[3] );
+ }
+ data.size = BDB_IDL_SIZEOF(ids);
+ }
+
+ if ( saved_cursor && rc == 0 ) {
+ if ( !*saved_cursor )
+ *saved_cursor = cursor;
+ rc2 = 0;
+ }
+ else
+ rc2 = cursor->c_close( cursor );
+ if (rc2) {
+ Debug( LDAP_DEBUG_ANY, "=> bdb_idl_fetch_key: "
+ "close failed: %s (%d)\n", db_strerror(rc2), rc2, 0 );
+ return rc2;
+ }
+
+ if( rc == DB_NOTFOUND ) {
+ return rc;
+
+ } else if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "=> bdb_idl_fetch_key: "
+ "get failed: %s (%d)\n",
+ db_strerror(rc), rc, 0 );
+ return rc;
+
+ } else if ( data.size == 0 || data.size % sizeof( ID ) ) {
+ /* size not multiple of ID size */
+ Debug( LDAP_DEBUG_ANY, "=> bdb_idl_fetch_key: "
+ "odd size: expected %ld multiple, got %ld\n",
+ (long) sizeof( ID ), (long) data.size, 0 );
+ return -1;
+
+ } else if ( data.size != BDB_IDL_SIZEOF(ids) ) {
+ /* size mismatch */
+ Debug( LDAP_DEBUG_ANY, "=> bdb_idl_fetch_key: "
+ "get size mismatch: expected %ld, got %ld\n",
+ (long) ((1 + ids[0]) * sizeof( ID )), (long) data.size, 0 );
+ return -1;
+ }
+
+ if ( bdb->bi_idl_cache_max_size ) {
+ bdb_idl_cache_put( bdb, db, key, ids, rc );
+ }
+
+ return rc;
+}
+
+
+int
+bdb_idl_insert_key(
+ BackendDB *be,
+ DB *db,
+ DB_TXN *tid,
+ DBT *key,
+ ID id )
+{
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ int rc;
+ DBT data;
+ DBC *cursor;
+ ID lo, hi, nlo, nhi, nid;
+ char *err;
+
+ {
+ char buf[16];
+ Debug( LDAP_DEBUG_ARGS,
+ "bdb_idl_insert_key: %lx %s\n",
+ (long) id, bdb_show_key( key, buf ), 0 );
+ }
+
+ assert( id != NOID );
+
+ if ( bdb->bi_idl_cache_size ) {
+ bdb_idl_cache_del( bdb, db, key );
+ }
+
+ DBTzero( &data );
+ data.size = sizeof( ID );
+ data.ulen = data.size;
+ data.flags = DB_DBT_USERMEM;
+
+ BDB_ID2DISK( id, &nid );
+
+ rc = db->cursor( db, tid, &cursor, bdb->bi_db_opflags );
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "=> bdb_idl_insert_key: "
+ "cursor failed: %s (%d)\n", db_strerror(rc), rc, 0 );
+ return rc;
+ }
+ data.data = &nlo;
+ /* Fetch the first data item for this key, to see if it
+ * exists and if it's a range.
+ */
+ rc = cursor->c_get( cursor, key, &data, DB_SET );
+ err = "c_get";
+ if ( rc == 0 ) {
+ if ( nlo != 0 ) {
+ /* not a range, count the number of items */
+ db_recno_t count;
+ rc = cursor->c_count( cursor, &count, 0 );
+ if ( rc != 0 ) {
+ err = "c_count";
+ goto fail;
+ }
+ if ( count >= BDB_IDL_DB_MAX ) {
+ /* No room, convert to a range */
+ DBT key2 = *key;
+ db_recno_t i;
+
+ key2.dlen = key2.ulen;
+ key2.flags |= DB_DBT_PARTIAL;
+
+ BDB_DISK2ID( &nlo, &lo );
+ data.data = &nhi;
+
+ rc = cursor->c_get( cursor, &key2, &data, DB_NEXT_NODUP );
+ if ( rc != 0 && rc != DB_NOTFOUND ) {
+ err = "c_get next_nodup";
+ goto fail;
+ }
+ if ( rc == DB_NOTFOUND ) {
+ rc = cursor->c_get( cursor, key, &data, DB_LAST );
+ if ( rc != 0 ) {
+ err = "c_get last";
+ goto fail;
+ }
+ } else {
+ rc = cursor->c_get( cursor, key, &data, DB_PREV );
+ if ( rc != 0 ) {
+ err = "c_get prev";
+ goto fail;
+ }
+ }
+ BDB_DISK2ID( &nhi, &hi );
+ /* Update hi/lo if needed, then delete all the items
+ * between lo and hi
+ */
+ if ( id < lo ) {
+ lo = id;
+ nlo = nid;
+ } else if ( id > hi ) {
+ hi = id;
+ nhi = nid;
+ }
+ data.data = &nid;
+ /* Don't fetch anything, just position cursor */
+ data.flags = DB_DBT_USERMEM | DB_DBT_PARTIAL;
+ data.dlen = data.ulen = 0;
+ rc = cursor->c_get( cursor, key, &data, DB_SET );
+ if ( rc != 0 ) {
+ err = "c_get 2";
+ goto fail;
+ }
+ rc = cursor->c_del( cursor, 0 );
+ if ( rc != 0 ) {
+ err = "c_del range1";
+ goto fail;
+ }
+ /* Delete all the records */
+ for ( i=1; i<count; i++ ) {
+ rc = cursor->c_get( cursor, &key2, &data, DB_NEXT_DUP );
+ if ( rc != 0 ) {
+ err = "c_get next_dup";
+ goto fail;
+ }
+ rc = cursor->c_del( cursor, 0 );
+ if ( rc != 0 ) {
+ err = "c_del range";
+ goto fail;
+ }
+ }
+ /* Store the range marker */
+ data.size = data.ulen = sizeof(ID);
+ data.flags = DB_DBT_USERMEM;
+ nid = 0;
+ rc = cursor->c_put( cursor, key, &data, DB_KEYFIRST );
+ if ( rc != 0 ) {
+ err = "c_put range";
+ goto fail;
+ }
+ nid = nlo;
+ rc = cursor->c_put( cursor, key, &data, DB_KEYLAST );
+ if ( rc != 0 ) {
+ err = "c_put lo";
+ goto fail;
+ }
+ nid = nhi;
+ rc = cursor->c_put( cursor, key, &data, DB_KEYLAST );
+ if ( rc != 0 ) {
+ err = "c_put hi";
+ goto fail;
+ }
+ } else {
+ /* There's room, just store it */
+ goto put1;
+ }
+ } else {
+ /* It's a range, see if we need to rewrite
+ * the boundaries
+ */
+ hi = id;
+ data.data = &nlo;
+ rc = cursor->c_get( cursor, key, &data, DB_NEXT_DUP );
+ if ( rc != 0 ) {
+ err = "c_get lo";
+ goto fail;
+ }
+ BDB_DISK2ID( &nlo, &lo );
+ if ( id > lo ) {
+ data.data = &nhi;
+ rc = cursor->c_get( cursor, key, &data, DB_NEXT_DUP );
+ if ( rc != 0 ) {
+ err = "c_get hi";
+ goto fail;
+ }
+ BDB_DISK2ID( &nhi, &hi );
+ }
+ if ( id < lo || id > hi ) {
+ /* Delete the current lo/hi */
+ rc = cursor->c_del( cursor, 0 );
+ if ( rc != 0 ) {
+ err = "c_del";
+ goto fail;
+ }
+ data.data = &nid;
+ rc = cursor->c_put( cursor, key, &data, DB_KEYFIRST );
+ if ( rc != 0 ) {
+ err = "c_put lo/hi";
+ goto fail;
+ }
+ }
+ }
+ } else if ( rc == DB_NOTFOUND ) {
+put1: data.data = &nid;
+ rc = cursor->c_put( cursor, key, &data, DB_NODUPDATA );
+ /* Don't worry if it's already there */
+ if ( rc != 0 && rc != DB_KEYEXIST ) {
+ err = "c_put id";
+ goto fail;
+ }
+ } else {
+ /* initial c_get failed, nothing was done */
+fail:
+ Debug( LDAP_DEBUG_ANY, "=> bdb_idl_insert_key: "
+ "%s failed: %s (%d)\n", err, db_strerror(rc), rc );
+ cursor->c_close( cursor );
+ return rc;
+ }
+ rc = cursor->c_close( cursor );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "=> bdb_idl_insert_key: "
+ "c_close failed: %s (%d)\n",
+ db_strerror(rc), rc, 0 );
+ }
+ return rc;
+}
+
+int
+bdb_idl_delete_key(
+ BackendDB *be,
+ DB *db,
+ DB_TXN *tid,
+ DBT *key,
+ ID id )
+{
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ int rc;
+ DBT data;
+ DBC *cursor;
+ ID lo, hi, tmp, nid, nlo, nhi;
+ char *err;
+
+ {
+ char buf[16];
+ Debug( LDAP_DEBUG_ARGS,
+ "bdb_idl_delete_key: %lx %s\n",
+ (long) id, bdb_show_key( key, buf ), 0 );
+ }
+ assert( id != NOID );
+
+ if ( bdb->bi_idl_cache_max_size ) {
+ bdb_idl_cache_del( bdb, db, key );
+ }
+
+ BDB_ID2DISK( id, &nid );
+
+ DBTzero( &data );
+ data.data = &tmp;
+ data.size = sizeof( id );
+ data.ulen = data.size;
+ data.flags = DB_DBT_USERMEM;
+
+ rc = db->cursor( db, tid, &cursor, bdb->bi_db_opflags );
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "=> bdb_idl_delete_key: "
+ "cursor failed: %s (%d)\n", db_strerror(rc), rc, 0 );
+ return rc;
+ }
+ /* Fetch the first data item for this key, to see if it
+ * exists and if it's a range.
+ */
+ rc = cursor->c_get( cursor, key, &data, DB_SET );
+ err = "c_get";
+ if ( rc == 0 ) {
+ if ( tmp != 0 ) {
+ /* Not a range, just delete it */
+ if (tmp != nid) {
+ /* position to correct item */
+ tmp = nid;
+ rc = cursor->c_get( cursor, key, &data, DB_GET_BOTH );
+ if ( rc != 0 ) {
+ err = "c_get id";
+ goto fail;
+ }
+ }
+ rc = cursor->c_del( cursor, 0 );
+ if ( rc != 0 ) {
+ err = "c_del id";
+ goto fail;
+ }
+ } else {
+ /* It's a range, see if we need to rewrite
+ * the boundaries
+ */
+ data.data = &nlo;
+ rc = cursor->c_get( cursor, key, &data, DB_NEXT_DUP );
+ if ( rc != 0 ) {
+ err = "c_get lo";
+ goto fail;
+ }
+ BDB_DISK2ID( &nlo, &lo );
+ data.data = &nhi;
+ rc = cursor->c_get( cursor, key, &data, DB_NEXT_DUP );
+ if ( rc != 0 ) {
+ err = "c_get hi";
+ goto fail;
+ }
+ BDB_DISK2ID( &nhi, &hi );
+ if ( id == lo || id == hi ) {
+ if ( id == lo ) {
+ id++;
+ lo = id;
+ } else if ( id == hi ) {
+ id--;
+ hi = id;
+ }
+ if ( lo >= hi ) {
+ /* The range has collapsed... */
+ rc = db->del( db, tid, key, 0 );
+ if ( rc != 0 ) {
+ err = "del";
+ goto fail;
+ }
+ } else {
+ if ( id == lo ) {
+ /* reposition on lo slot */
+ data.data = &nlo;
+ cursor->c_get( cursor, key, &data, DB_PREV );
+ }
+ rc = cursor->c_del( cursor, 0 );
+ if ( rc != 0 ) {
+ err = "c_del";
+ goto fail;
+ }
+ }
+ if ( lo <= hi ) {
+ BDB_ID2DISK( id, &nid );
+ data.data = &nid;
+ rc = cursor->c_put( cursor, key, &data, DB_KEYFIRST );
+ if ( rc != 0 ) {
+ err = "c_put lo/hi";
+ goto fail;
+ }
+ }
+ }
+ }
+ } else {
+ /* initial c_get failed, nothing was done */
+fail:
+ if ( rc != DB_NOTFOUND ) {
+ Debug( LDAP_DEBUG_ANY, "=> bdb_idl_delete_key: "
+ "%s failed: %s (%d)\n", err, db_strerror(rc), rc );
+ }
+ cursor->c_close( cursor );
+ return rc;
+ }
+ rc = cursor->c_close( cursor );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "=> bdb_idl_delete_key: c_close failed: %s (%d)\n",
+ db_strerror(rc), rc, 0 );
+ }
+
+ return rc;
+}
+
+
+/*
+ * idl_intersection - return a = a intersection b
+ */
+int
+bdb_idl_intersection(
+ ID *a,
+ ID *b )
+{
+ ID ida, idb;
+ ID idmax, idmin;
+ ID cursora = 0, cursorb = 0, cursorc;
+ int swap = 0;
+
+ if ( BDB_IDL_IS_ZERO( a ) || BDB_IDL_IS_ZERO( b ) ) {
+ a[0] = 0;
+ return 0;
+ }
+
+ idmin = IDL_MAX( BDB_IDL_FIRST(a), BDB_IDL_FIRST(b) );
+ idmax = IDL_MIN( BDB_IDL_LAST(a), BDB_IDL_LAST(b) );
+ if ( idmin > idmax ) {
+ a[0] = 0;
+ return 0;
+ } else if ( idmin == idmax ) {
+ a[0] = 1;
+ a[1] = idmin;
+ return 0;
+ }
+
+ if ( BDB_IDL_IS_RANGE( a ) ) {
+ if ( BDB_IDL_IS_RANGE(b) ) {
+ /* If both are ranges, just shrink the boundaries */
+ a[1] = idmin;
+ a[2] = idmax;
+ return 0;
+ } else {
+ /* Else swap so that b is the range, a is a list */
+ ID *tmp = a;
+ a = b;
+ b = tmp;
+ swap = 1;
+ }
+ }
+
+ /* If a range completely covers the list, the result is
+ * just the list. If idmin to idmax is contiguous, just
+ * turn it into a range.
+ */
+ if ( BDB_IDL_IS_RANGE( b )
+ && BDB_IDL_FIRST( b ) <= BDB_IDL_FIRST( a )
+ && BDB_IDL_LAST( b ) >= BDB_IDL_LAST( a ) ) {
+ if (idmax - idmin + 1 == a[0])
+ {
+ a[0] = NOID;
+ a[1] = idmin;
+ a[2] = idmax;
+ }
+ goto done;
+ }
+
+ /* Fine, do the intersection one element at a time.
+ * First advance to idmin in both IDLs.
+ */
+ cursora = cursorb = idmin;
+ ida = bdb_idl_first( a, &cursora );
+ idb = bdb_idl_first( b, &cursorb );
+ cursorc = 0;
+
+ while( ida <= idmax || idb <= idmax ) {
+ if( ida == idb ) {
+ a[++cursorc] = ida;
+ ida = bdb_idl_next( a, &cursora );
+ idb = bdb_idl_next( b, &cursorb );
+ } else if ( ida < idb ) {
+ ida = bdb_idl_next( a, &cursora );
+ } else {
+ idb = bdb_idl_next( b, &cursorb );
+ }
+ }
+ a[0] = cursorc;
+done:
+ if (swap)
+ BDB_IDL_CPY( b, a );
+
+ return 0;
+}
+
+
+/*
+ * idl_union - return a = a union b
+ */
+int
+bdb_idl_union(
+ ID *a,
+ ID *b )
+{
+ ID ida, idb;
+ ID cursora = 0, cursorb = 0, cursorc;
+
+ if ( BDB_IDL_IS_ZERO( b ) ) {
+ return 0;
+ }
+
+ if ( BDB_IDL_IS_ZERO( a ) ) {
+ BDB_IDL_CPY( a, b );
+ return 0;
+ }
+
+ if ( BDB_IDL_IS_RANGE( a ) || BDB_IDL_IS_RANGE(b) ) {
+over: ida = IDL_MIN( BDB_IDL_FIRST(a), BDB_IDL_FIRST(b) );
+ idb = IDL_MAX( BDB_IDL_LAST(a), BDB_IDL_LAST(b) );
+ a[0] = NOID;
+ a[1] = ida;
+ a[2] = idb;
+ return 0;
+ }
+
+ ida = bdb_idl_first( a, &cursora );
+ idb = bdb_idl_first( b, &cursorb );
+
+ cursorc = b[0];
+
+ /* The distinct elements of a are cat'd to b */
+ while( ida != NOID || idb != NOID ) {
+ if ( ida < idb ) {
+ if( ++cursorc > BDB_IDL_UM_MAX ) {
+ goto over;
+ }
+ b[cursorc] = ida;
+ ida = bdb_idl_next( a, &cursora );
+
+ } else {
+ if ( ida == idb )
+ ida = bdb_idl_next( a, &cursora );
+ idb = bdb_idl_next( b, &cursorb );
+ }
+ }
+
+ /* b is copied back to a in sorted order */
+ a[0] = cursorc;
+ cursora = 1;
+ cursorb = 1;
+ cursorc = b[0]+1;
+ while (cursorb <= b[0] || cursorc <= a[0]) {
+ if (cursorc > a[0])
+ idb = NOID;
+ else
+ idb = b[cursorc];
+ if (cursorb <= b[0] && b[cursorb] < idb)
+ a[cursora++] = b[cursorb++];
+ else {
+ a[cursora++] = idb;
+ cursorc++;
+ }
+ }
+
+ return 0;
+}
+
+
+#if 0
+/*
+ * bdb_idl_notin - return a intersection ~b (or a minus b)
+ */
+int
+bdb_idl_notin(
+ ID *a,
+ ID *b,
+ ID *ids )
+{
+ ID ida, idb;
+ ID cursora = 0, cursorb = 0;
+
+ if( BDB_IDL_IS_ZERO( a ) ||
+ BDB_IDL_IS_ZERO( b ) ||
+ BDB_IDL_IS_RANGE( b ) )
+ {
+ BDB_IDL_CPY( ids, a );
+ return 0;
+ }
+
+ if( BDB_IDL_IS_RANGE( a ) ) {
+ BDB_IDL_CPY( ids, a );
+ return 0;
+ }
+
+ ida = bdb_idl_first( a, &cursora ),
+ idb = bdb_idl_first( b, &cursorb );
+
+ ids[0] = 0;
+
+ while( ida != NOID ) {
+ if ( idb == NOID ) {
+ /* we could shortcut this */
+ ids[++ids[0]] = ida;
+ ida = bdb_idl_next( a, &cursora );
+
+ } else if ( ida < idb ) {
+ ids[++ids[0]] = ida;
+ ida = bdb_idl_next( a, &cursora );
+
+ } else if ( ida > idb ) {
+ idb = bdb_idl_next( b, &cursorb );
+
+ } else {
+ ida = bdb_idl_next( a, &cursora );
+ idb = bdb_idl_next( b, &cursorb );
+ }
+ }
+
+ return 0;
+}
+#endif
+
+ID bdb_idl_first( ID *ids, ID *cursor )
+{
+ ID pos;
+
+ if ( ids[0] == 0 ) {
+ *cursor = NOID;
+ return NOID;
+ }
+
+ if ( BDB_IDL_IS_RANGE( ids ) ) {
+ if( *cursor < ids[1] ) {
+ *cursor = ids[1];
+ }
+ return *cursor;
+ }
+
+ if ( *cursor == 0 )
+ pos = 1;
+ else
+ pos = bdb_idl_search( ids, *cursor );
+
+ if( pos > ids[0] ) {
+ return NOID;
+ }
+
+ *cursor = pos;
+ return ids[pos];
+}
+
+ID bdb_idl_next( ID *ids, ID *cursor )
+{
+ if ( BDB_IDL_IS_RANGE( ids ) ) {
+ if( ids[2] < ++(*cursor) ) {
+ return NOID;
+ }
+ return *cursor;
+ }
+
+ if ( ++(*cursor) <= ids[0] ) {
+ return ids[*cursor];
+ }
+
+ return NOID;
+}
+
+#ifdef BDB_HIER
+
+/* Add one ID to an unsorted list. We ensure that the first element is the
+ * minimum and the last element is the maximum, for fast range compaction.
+ * this means IDLs up to length 3 are always sorted...
+ */
+int bdb_idl_append_one( ID *ids, ID id )
+{
+ if (BDB_IDL_IS_RANGE( ids )) {
+ /* if already in range, treat as a dup */
+ if (id >= BDB_IDL_FIRST(ids) && id <= BDB_IDL_LAST(ids))
+ return -1;
+ if (id < BDB_IDL_FIRST(ids))
+ ids[1] = id;
+ else if (id > BDB_IDL_LAST(ids))
+ ids[2] = id;
+ return 0;
+ }
+ if ( ids[0] ) {
+ ID tmp;
+
+ if (id < ids[1]) {
+ tmp = ids[1];
+ ids[1] = id;
+ id = tmp;
+ }
+ if ( ids[0] > 1 && id < ids[ids[0]] ) {
+ tmp = ids[ids[0]];
+ ids[ids[0]] = id;
+ id = tmp;
+ }
+ }
+ ids[0]++;
+ if ( ids[0] >= BDB_IDL_UM_MAX ) {
+ ids[0] = NOID;
+ ids[2] = id;
+ } else {
+ ids[ids[0]] = id;
+ }
+ return 0;
+}
+
+/* Append sorted list b to sorted list a. The result is unsorted but
+ * a[1] is the min of the result and a[a[0]] is the max.
+ */
+int bdb_idl_append( ID *a, ID *b )
+{
+ ID ida, idb, tmp, swap = 0;
+
+ if ( BDB_IDL_IS_ZERO( b ) ) {
+ return 0;
+ }
+
+ if ( BDB_IDL_IS_ZERO( a ) ) {
+ BDB_IDL_CPY( a, b );
+ return 0;
+ }
+
+ ida = BDB_IDL_LAST( a );
+ idb = BDB_IDL_LAST( b );
+ if ( BDB_IDL_IS_RANGE( a ) || BDB_IDL_IS_RANGE(b) ||
+ a[0] + b[0] >= BDB_IDL_UM_MAX ) {
+ a[2] = IDL_MAX( ida, idb );
+ a[1] = IDL_MIN( a[1], b[1] );
+ a[0] = NOID;
+ return 0;
+ }
+
+ if ( b[0] > 1 && ida > idb ) {
+ swap = idb;
+ a[a[0]] = idb;
+ b[b[0]] = ida;
+ }
+
+ if ( b[1] < a[1] ) {
+ tmp = a[1];
+ a[1] = b[1];
+ } else {
+ tmp = b[1];
+ }
+ a[0]++;
+ a[a[0]] = tmp;
+
+ if ( b[0] > 1 ) {
+ int i = b[0] - 1;
+ AC_MEMCPY(a+a[0]+1, b+2, i * sizeof(ID));
+ a[0] += i;
+ }
+ if ( swap ) {
+ b[b[0]] = swap;
+ }
+ return 0;
+}
+
+#if 1
+
+/* Quicksort + Insertion sort for small arrays */
+
+#define SMALL 8
+#define SWAP(a,b) itmp=(a);(a)=(b);(b)=itmp
+
+void
+bdb_idl_sort( ID *ids, ID *tmp )
+{
+ int *istack = (int *)tmp;
+ int i,j,k,l,ir,jstack;
+ ID a, itmp;
+
+ if ( BDB_IDL_IS_RANGE( ids ))
+ return;
+
+ ir = ids[0];
+ l = 1;
+ jstack = 0;
+ for(;;) {
+ if (ir - l < SMALL) { /* Insertion sort */
+ for (j=l+1;j<=ir;j++) {
+ a = ids[j];
+ for (i=j-1;i>=1;i--) {
+ if (ids[i] <= a) break;
+ ids[i+1] = ids[i];
+ }
+ ids[i+1] = a;
+ }
+ if (jstack == 0) break;
+ ir = istack[jstack--];
+ l = istack[jstack--];
+ } else {
+ k = (l + ir) >> 1; /* Choose median of left, center, right */
+ SWAP(ids[k], ids[l+1]);
+ if (ids[l] > ids[ir]) {
+ SWAP(ids[l], ids[ir]);
+ }
+ if (ids[l+1] > ids[ir]) {
+ SWAP(ids[l+1], ids[ir]);
+ }
+ if (ids[l] > ids[l+1]) {
+ SWAP(ids[l], ids[l+1]);
+ }
+ i = l+1;
+ j = ir;
+ a = ids[l+1];
+ for(;;) {
+ do i++; while(ids[i] < a);
+ do j--; while(ids[j] > a);
+ if (j < i) break;
+ SWAP(ids[i],ids[j]);
+ }
+ ids[l+1] = ids[j];
+ ids[j] = a;
+ jstack += 2;
+ if (ir-i+1 >= j-1) {
+ istack[jstack] = ir;
+ istack[jstack-1] = i;
+ ir = j-1;
+ } else {
+ istack[jstack] = j-1;
+ istack[jstack-1] = l;
+ l = i;
+ }
+ }
+ }
+}
+
+#else
+
+/* 8 bit Radix sort + insertion sort
+ *
+ * based on code from http://www.cubic.org/docs/radix.htm
+ * with improvements by mbackes at symas.com and hyc at symas.com
+ *
+ * This code is O(n) but has a relatively high constant factor. For lists
+ * up to ~50 Quicksort is slightly faster; up to ~100 they are even.
+ * Much faster than quicksort for lists longer than ~100. Insertion
+ * sort is actually superior for lists <50.
+ */
+
+#define BUCKETS (1<<8)
+#define SMALL 50
+
+void
+bdb_idl_sort( ID *ids, ID *tmp )
+{
+ int count, soft_limit, phase = 0, size = ids[0];
+ ID *idls[2];
+ unsigned char *maxv = (unsigned char *)&ids[size];
+
+ if ( BDB_IDL_IS_RANGE( ids ))
+ return;
+
+ /* Use insertion sort for small lists */
+ if ( size <= SMALL ) {
+ int i,j;
+ ID a;
+
+ for (j=1;j<=size;j++) {
+ a = ids[j];
+ for (i=j-1;i>=1;i--) {
+ if (ids[i] <= a) break;
+ ids[i+1] = ids[i];
+ }
+ ids[i+1] = a;
+ }
+ return;
+ }
+
+ tmp[0] = size;
+ idls[0] = ids;
+ idls[1] = tmp;
+
+#if BYTE_ORDER == BIG_ENDIAN
+ for (soft_limit = 0; !maxv[soft_limit]; soft_limit++);
+#else
+ for (soft_limit = sizeof(ID)-1; !maxv[soft_limit]; soft_limit--);
+#endif
+
+ for (
+#if BYTE_ORDER == BIG_ENDIAN
+ count = sizeof(ID)-1; count >= soft_limit; --count
+#else
+ count = 0; count <= soft_limit; ++count
+#endif
+ ) {
+ unsigned int num[BUCKETS], * np, n, sum;
+ int i;
+ ID *sp, *source, *dest;
+ unsigned char *bp, *source_start;
+
+ source = idls[phase]+1;
+ dest = idls[phase^1]+1;
+ source_start = ((unsigned char *) source) + count;
+
+ np = num;
+ for ( i = BUCKETS; i > 0; --i ) *np++ = 0;
+
+ /* count occurences of every byte value */
+ bp = source_start;
+ for ( i = size; i > 0; --i, bp += sizeof(ID) )
+ num[*bp]++;
+
+ /* transform count into index by summing elements and storing
+ * into same array
+ */
+ sum = 0;
+ np = num;
+ for ( i = BUCKETS; i > 0; --i ) {
+ n = *np;
+ *np++ = sum;
+ sum += n;
+ }
+
+ /* fill dest with the right values in the right place */
+ bp = source_start;
+ sp = source;
+ for ( i = size; i > 0; --i, bp += sizeof(ID) ) {
+ np = num + *bp;
+ dest[*np] = *sp++;
+ ++(*np);
+ }
+ phase ^= 1;
+ }
+
+ /* copy back from temp if needed */
+ if ( phase ) {
+ ids++; tmp++;
+ for ( count = 0; count < size; ++count )
+ *ids++ = *tmp++;
+ }
+}
+#endif /* Quick vs Radix */
+
+#endif /* BDB_HIER */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/idl.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/idl.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/idl.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,74 @@
+/* idl.h - ldap bdb back-end ID list header file */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/idl.h,v 1.16.2.4 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _BDB_IDL_H_
+#define _BDB_IDL_H_
+
+/* IDL sizes - likely should be even bigger
+ * limiting factors: sizeof(ID), thread stack size
+ */
+#define BDB_IDL_LOGN 16 /* DB_SIZE is 2^16, UM_SIZE is 2^17 */
+#define BDB_IDL_DB_SIZE (1<<BDB_IDL_LOGN)
+#define BDB_IDL_UM_SIZE (1<<(BDB_IDL_LOGN+1))
+#define BDB_IDL_UM_SIZEOF (BDB_IDL_UM_SIZE * sizeof(ID))
+
+#define BDB_IDL_DB_MAX (BDB_IDL_DB_SIZE-1)
+
+#define BDB_IDL_UM_MAX (BDB_IDL_UM_SIZE-1)
+
+#define BDB_IDL_IS_RANGE(ids) ((ids)[0] == NOID)
+#define BDB_IDL_RANGE_SIZE (3)
+#define BDB_IDL_RANGE_SIZEOF (BDB_IDL_RANGE_SIZE * sizeof(ID))
+#define BDB_IDL_SIZEOF(ids) ((BDB_IDL_IS_RANGE(ids) \
+ ? BDB_IDL_RANGE_SIZE : ((ids)[0]+1)) * sizeof(ID))
+
+#define BDB_IDL_RANGE_FIRST(ids) ((ids)[1])
+#define BDB_IDL_RANGE_LAST(ids) ((ids)[2])
+
+#define BDB_IDL_RANGE( ids, f, l ) \
+ do { \
+ (ids)[0] = NOID; \
+ (ids)[1] = (f); \
+ (ids)[2] = (l); \
+ } while(0)
+
+#define BDB_IDL_ZERO(ids) \
+ do { \
+ (ids)[0] = 0; \
+ (ids)[1] = 0; \
+ (ids)[2] = 0; \
+ } while(0)
+
+#define BDB_IDL_IS_ZERO(ids) ( (ids)[0] == 0 )
+#define BDB_IDL_IS_ALL( range, ids ) ( (ids)[0] == NOID \
+ && (ids)[1] <= (range)[1] && (range)[2] <= (ids)[2] )
+
+#define BDB_IDL_CPY( dst, src ) (AC_MEMCPY( dst, src, BDB_IDL_SIZEOF( src ) ))
+
+#define BDB_IDL_ID( bdb, ids, id ) BDB_IDL_RANGE( ids, id, ((bdb)->bi_lastid) )
+#define BDB_IDL_ALL( bdb, ids ) BDB_IDL_RANGE( ids, 1, ((bdb)->bi_lastid) )
+
+#define BDB_IDL_FIRST( ids ) ( ids[1] )
+#define BDB_IDL_LAST( ids ) ( BDB_IDL_IS_RANGE(ids) \
+ ? ids[2] : ids[ids[0]] )
+
+#define BDB_IDL_N( ids ) ( BDB_IDL_IS_RANGE(ids) \
+ ? (ids[2]-ids[1])+1 : ids[0] )
+
+LDAP_BEGIN_DECL
+LDAP_END_DECL
+
+#endif
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/index.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/index.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/index.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,553 @@
+/* index.c - routines for dealing with attribute indexes */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/index.c,v 1.46.2.10 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-bdb.h"
+#include "lutil_hash.h"
+
+static char presence_keyval[LUTIL_HASH_BYTES] = {0,0,0,1};
+static struct berval presence_key = {LUTIL_HASH_BYTES, presence_keyval};
+
+static AttrInfo *index_mask(
+ Backend *be,
+ AttributeDescription *desc,
+ struct berval *atname )
+{
+ AttributeType *at;
+ AttrInfo *ai = bdb_attr_mask( be->be_private, desc );
+
+ if( ai ) {
+ *atname = desc->ad_cname;
+ return ai;
+ }
+
+ /* If there is a tagging option, did we ever index the base
+ * type? If so, check for mask, otherwise it's not there.
+ */
+ if( slap_ad_is_tagged( desc ) && desc != desc->ad_type->sat_ad ) {
+ /* has tagging option */
+ ai = bdb_attr_mask( be->be_private, desc->ad_type->sat_ad );
+
+ if ( ai && !( ai->ai_indexmask & SLAP_INDEX_NOTAGS ) ) {
+ *atname = desc->ad_type->sat_cname;
+ return ai;
+ }
+ }
+
+ /* see if supertype defined mask for its subtypes */
+ for( at = desc->ad_type; at != NULL ; at = at->sat_sup ) {
+ /* If no AD, we've never indexed this type */
+ if ( !at->sat_ad ) continue;
+
+ ai = bdb_attr_mask( be->be_private, at->sat_ad );
+
+ if ( ai && !( ai->ai_indexmask & SLAP_INDEX_NOSUBTYPES ) ) {
+ *atname = at->sat_cname;
+ return ai;
+ }
+ }
+
+ return 0;
+}
+
+int bdb_index_is_indexed(
+ Backend *be,
+ AttributeDescription *desc )
+{
+ AttrInfo *ai;
+ struct berval prefix;
+
+ ai = index_mask( be, desc, &prefix );
+
+ if( !ai )
+ return LDAP_INAPPROPRIATE_MATCHING;
+
+ return LDAP_SUCCESS;
+}
+
+/* This function is only called when evaluating search filters.
+ */
+int bdb_index_param(
+ Backend *be,
+ AttributeDescription *desc,
+ int ftype,
+ DB **dbp,
+ slap_mask_t *maskp,
+ struct berval *prefixp )
+{
+ AttrInfo *ai;
+ int rc;
+ slap_mask_t mask;
+ DB *db;
+
+ ai = index_mask( be, desc, prefixp );
+
+ if( !ai ) {
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+ mask = ai->ai_indexmask;
+
+ rc = bdb_db_cache( be, prefixp->bv_val, &db );
+
+ if( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ switch( ftype ) {
+ case LDAP_FILTER_PRESENT:
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_PRESENT ) ) {
+ *prefixp = presence_key;
+ goto done;
+ }
+ break;
+
+ case LDAP_FILTER_APPROX:
+ if ( desc->ad_type->sat_approx ) {
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_APPROX ) ) {
+ goto done;
+ }
+ break;
+ }
+
+ /* Use EQUALITY rule and index for approximate match */
+ /* fall thru */
+
+ case LDAP_FILTER_EQUALITY:
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_EQUALITY ) ) {
+ goto done;
+ }
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_SUBSTR ) ) {
+ goto done;
+ }
+ break;
+
+ default:
+ return LDAP_OTHER;
+ }
+
+ return LDAP_INAPPROPRIATE_MATCHING;
+
+done:
+ *dbp = db;
+ *maskp = mask;
+ return LDAP_SUCCESS;
+}
+
+static int indexer(
+ Operation *op,
+ DB_TXN *txn,
+ AttributeDescription *ad,
+ struct berval *atname,
+ BerVarray vals,
+ ID id,
+ int opid,
+ slap_mask_t mask )
+{
+ int rc, i;
+ DB *db;
+ struct berval *keys;
+
+ assert( mask != 0 );
+
+ rc = bdb_db_cache( op->o_bd, atname->bv_val, &db );
+
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "bdb_index_read: Could not open DB %s\n",
+ atname->bv_val, 0, 0 );
+ return LDAP_OTHER;
+ }
+
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_PRESENT ) ) {
+ rc = bdb_key_change( op->o_bd, db, txn, &presence_key, id, opid );
+ if( rc ) {
+ goto done;
+ }
+ }
+
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_EQUALITY ) ) {
+ rc = ad->ad_type->sat_equality->smr_indexer(
+ LDAP_FILTER_EQUALITY,
+ mask,
+ ad->ad_type->sat_syntax,
+ ad->ad_type->sat_equality,
+ atname, vals, &keys, op->o_tmpmemctx );
+
+ if( rc == LDAP_SUCCESS && keys != NULL ) {
+ for( i=0; keys[i].bv_val != NULL; i++ ) {
+ rc = bdb_key_change( op->o_bd, db, txn, &keys[i], id, opid );
+ if( rc ) {
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+ goto done;
+ }
+ }
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+ }
+ rc = LDAP_SUCCESS;
+ }
+
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_APPROX ) ) {
+ rc = ad->ad_type->sat_approx->smr_indexer(
+ LDAP_FILTER_APPROX,
+ mask,
+ ad->ad_type->sat_syntax,
+ ad->ad_type->sat_approx,
+ atname, vals, &keys, op->o_tmpmemctx );
+
+ if( rc == LDAP_SUCCESS && keys != NULL ) {
+ for( i=0; keys[i].bv_val != NULL; i++ ) {
+ rc = bdb_key_change( op->o_bd, db, txn, &keys[i], id, opid );
+ if( rc ) {
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+ goto done;
+ }
+ }
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+ }
+
+ rc = LDAP_SUCCESS;
+ }
+
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_SUBSTR ) ) {
+ rc = ad->ad_type->sat_substr->smr_indexer(
+ LDAP_FILTER_SUBSTRINGS,
+ mask,
+ ad->ad_type->sat_syntax,
+ ad->ad_type->sat_substr,
+ atname, vals, &keys, op->o_tmpmemctx );
+
+ if( rc == LDAP_SUCCESS && keys != NULL ) {
+ for( i=0; keys[i].bv_val != NULL; i++ ) {
+ rc = bdb_key_change( op->o_bd, db, txn, &keys[i], id, opid );
+ if( rc ) {
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+ goto done;
+ }
+ }
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+ }
+
+ rc = LDAP_SUCCESS;
+ }
+
+done:
+ switch( rc ) {
+ /* The callers all know how to deal with these results */
+ case 0:
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ break;
+ /* Anything else is bad news */
+ default:
+ rc = LDAP_OTHER;
+ }
+ return rc;
+}
+
+static int index_at_values(
+ Operation *op,
+ DB_TXN *txn,
+ AttributeDescription *ad,
+ AttributeType *type,
+ struct berval *tags,
+ BerVarray vals,
+ ID id,
+ int opid )
+{
+ int rc;
+ slap_mask_t mask = 0;
+ int ixop = opid;
+ AttrInfo *ai = NULL;
+
+ if ( opid == BDB_INDEX_UPDATE_OP )
+ ixop = SLAP_INDEX_ADD_OP;
+
+ if( type->sat_sup ) {
+ /* recurse */
+ rc = index_at_values( op, txn, NULL,
+ type->sat_sup, tags,
+ vals, id, opid );
+
+ if( rc ) return rc;
+ }
+
+ /* If this type has no AD, we've never used it before */
+ if( type->sat_ad ) {
+ ai = bdb_attr_mask( op->o_bd->be_private, type->sat_ad );
+ if ( ai ) {
+#ifdef LDAP_COMP_MATCH
+ /* component indexing */
+ if ( ai->ai_cr ) {
+ ComponentReference *cr;
+ for( cr = ai->ai_cr ; cr ; cr = cr->cr_next ) {
+ rc = indexer( op, txn, cr->cr_ad, &type->sat_cname,
+ cr->cr_nvals, id, ixop,
+ cr->cr_indexmask );
+ }
+ }
+#endif
+ ad = type->sat_ad;
+ /* If we're updating the index, just set the new bits that aren't
+ * already in the old mask.
+ */
+ if ( opid == BDB_INDEX_UPDATE_OP )
+ mask = ai->ai_newmask & ~ai->ai_indexmask;
+ else
+ /* For regular updates, if there is a newmask use it. Otherwise
+ * just use the old mask.
+ */
+ mask = ai->ai_newmask ? ai->ai_newmask : ai->ai_indexmask;
+ if( mask ) {
+ rc = indexer( op, txn, ad, &type->sat_cname,
+ vals, id, ixop, mask );
+
+ if( rc ) return rc;
+ }
+ }
+ }
+
+ if( tags->bv_len ) {
+ AttributeDescription *desc;
+
+ desc = ad_find_tags( type, tags );
+ if( desc ) {
+ ai = bdb_attr_mask( op->o_bd->be_private, desc );
+
+ if( ai ) {
+ if ( opid == BDB_INDEX_UPDATE_OP )
+ mask = ai->ai_newmask & ~ai->ai_indexmask;
+ else
+ mask = ai->ai_newmask ? ai->ai_newmask : ai->ai_indexmask;
+ if ( mask ) {
+ rc = indexer( op, txn, desc, &desc->ad_cname,
+ vals, id, ixop, mask );
+
+ if( rc ) {
+ return rc;
+ }
+ }
+ }
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int bdb_index_values(
+ Operation *op,
+ DB_TXN *txn,
+ AttributeDescription *desc,
+ BerVarray vals,
+ ID id,
+ int opid )
+{
+ int rc;
+
+ /* Never index ID 0 */
+ if ( id == 0 )
+ return 0;
+
+ rc = index_at_values( op, txn, desc,
+ desc->ad_type, &desc->ad_tags,
+ vals, id, opid );
+
+ return rc;
+}
+
+/* Get the list of which indices apply to this attr */
+int
+bdb_index_recset(
+ struct bdb_info *bdb,
+ Attribute *a,
+ AttributeType *type,
+ struct berval *tags,
+ IndexRec *ir )
+{
+ int rc, slot;
+ AttrList *al;
+
+ if( type->sat_sup ) {
+ /* recurse */
+ rc = bdb_index_recset( bdb, a, type->sat_sup, tags, ir );
+ if( rc ) return rc;
+ }
+ /* If this type has no AD, we've never used it before */
+ if( type->sat_ad ) {
+ slot = bdb_attr_slot( bdb, type->sat_ad, NULL );
+ if ( slot >= 0 ) {
+ ir[slot].ai = bdb->bi_attrs[slot];
+ al = ch_malloc( sizeof( AttrList ));
+ al->attr = a;
+ al->next = ir[slot].attrs;
+ ir[slot].attrs = al;
+ }
+ }
+ if( tags->bv_len ) {
+ AttributeDescription *desc;
+
+ desc = ad_find_tags( type, tags );
+ if( desc ) {
+ slot = bdb_attr_slot( bdb, desc, NULL );
+ if ( slot >= 0 ) {
+ ir[slot].ai = bdb->bi_attrs[slot];
+ al = ch_malloc( sizeof( AttrList ));
+ al->attr = a;
+ al->next = ir[slot].attrs;
+ ir[slot].attrs = al;
+ }
+ }
+ }
+ return LDAP_SUCCESS;
+}
+
+/* Apply the indices for the recset */
+int bdb_index_recrun(
+ Operation *op,
+ struct bdb_info *bdb,
+ IndexRec *ir0,
+ ID id,
+ int base )
+{
+ IndexRec *ir;
+ AttrList *al;
+ int i, rc = 0;
+
+ for (i=base; i<bdb->bi_nattrs; i+=slap_tool_thread_max) {
+ ir = ir0 + i;
+ if ( !ir->ai ) continue;
+ while (( al = ir->attrs )) {
+ ir->attrs = al->next;
+ rc = indexer( op, NULL, ir->ai->ai_desc,
+ &ir->ai->ai_desc->ad_type->sat_cname,
+ al->attr->a_nvals, id, SLAP_INDEX_ADD_OP,
+ ir->ai->ai_indexmask );
+ free( al );
+ if ( rc ) break;
+ }
+ }
+ return rc;
+}
+
+int
+bdb_index_entry(
+ Operation *op,
+ DB_TXN *txn,
+ int opid,
+ Entry *e )
+{
+ int rc;
+ Attribute *ap = e->e_attrs;
+#ifdef LDAP_COMP_MATCH
+ ComponentReference *cr_list = NULL;
+ ComponentReference *cr = NULL, *dupped_cr = NULL;
+ void* decoded_comp;
+ ComponentSyntaxInfo* csi_attr;
+ Syntax* syn;
+ AttributeType* at;
+ int i, num_attr;
+ void* mem_op;
+ struct berval value = {0};
+#endif
+
+ Debug( LDAP_DEBUG_TRACE, "=> index_entry_%s( %ld, \"%s\" )\n",
+ opid == SLAP_INDEX_DELETE_OP ? "del" : "add",
+ (long) e->e_id, e->e_dn );
+
+ /* add each attribute to the indexes */
+ for ( ; ap != NULL; ap = ap->a_next ) {
+#ifdef LDAP_COMP_MATCH
+ AttrInfo *ai;
+ /* see if attribute has components to be indexed */
+ ai = bdb_attr_mask( op->o_bd->be_private, ap->a_desc->ad_type->sat_ad );
+ if ( ai ) cr_list = ai->ai_cr;
+ else cr_list = NULL;
+ if ( attr_converter && cr_list ) {
+ syn = ap->a_desc->ad_type->sat_syntax;
+ ap->a_comp_data = op->o_tmpalloc( sizeof( ComponentData ), op->o_tmpmemctx );
+ /* Memory chunk(nibble) pre-allocation for decoders */
+ mem_op = nibble_mem_allocator ( 1024*16, 1024*4 );
+ ap->a_comp_data->cd_mem_op = mem_op;
+ for( cr = cr_list ; cr ; cr = cr->cr_next ) {
+ /* count how many values in an attribute */
+ for( num_attr=0; ap->a_vals[num_attr].bv_val != NULL; num_attr++ );
+ num_attr++;
+ cr->cr_nvals = (BerVarray)op->o_tmpalloc( sizeof( struct berval )*num_attr, op->o_tmpmemctx );
+ for( i=0; ap->a_vals[i].bv_val != NULL; i++ ) {
+ /* decoding attribute value */
+ decoded_comp = attr_converter ( ap, syn, &ap->a_vals[i] );
+ if ( !decoded_comp )
+ return LDAP_DECODING_ERROR;
+ /* extracting the referenced component */
+ dupped_cr = dup_comp_ref( op, cr );
+ csi_attr = ((ComponentSyntaxInfo*)decoded_comp)->csi_comp_desc->cd_extract_i( mem_op, dupped_cr, decoded_comp );
+ if ( !csi_attr )
+ return LDAP_DECODING_ERROR;
+ cr->cr_asn_type_id = csi_attr->csi_comp_desc->cd_type_id;
+ cr->cr_ad = (AttributeDescription*)get_component_description ( cr->cr_asn_type_id );
+ if ( !cr->cr_ad )
+ return LDAP_INVALID_SYNTAX;
+ at = cr->cr_ad->ad_type;
+ /* encoding the value of component in GSER */
+ rc = component_encoder( mem_op, csi_attr, &value );
+ if ( rc != LDAP_SUCCESS )
+ return LDAP_ENCODING_ERROR;
+ /* Normalize the encoded component values */
+ if ( at->sat_equality && at->sat_equality->smr_normalize ) {
+ rc = at->sat_equality->smr_normalize (
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ at->sat_syntax, at->sat_equality,
+ &value, &cr->cr_nvals[i], op->o_tmpmemctx );
+ } else {
+ cr->cr_nvals[i] = value;
+ }
+ }
+ /* The end of BerVarray */
+ cr->cr_nvals[num_attr-1].bv_val = NULL;
+ cr->cr_nvals[num_attr-1].bv_len = 0;
+ }
+ op->o_tmpfree( ap->a_comp_data, op->o_tmpmemctx );
+ nibble_mem_free ( mem_op );
+ ap->a_comp_data = NULL;
+ }
+#endif
+ rc = bdb_index_values( op, txn, ap->a_desc,
+ ap->a_nvals, e->e_id, opid );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= index_entry_%s( %ld, \"%s\" ) failure\n",
+ opid == SLAP_INDEX_ADD_OP ? "add" : "del",
+ (long) e->e_id, e->e_dn );
+ return rc;
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<= index_entry_%s( %ld, \"%s\" ) success\n",
+ opid == SLAP_INDEX_DELETE_OP ? "del" : "add",
+ (long) e->e_id, e->e_dn );
+
+ return LDAP_SUCCESS;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/init.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/init.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/init.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,699 @@
+/* init.c - initialize bdb backend */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/init.c,v 1.177.2.28 2007/02/24 19:28:11 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/stdlib.h>
+#include <ac/errno.h>
+#include <sys/stat.h>
+#include "back-bdb.h"
+#include <lutil.h>
+#include <ldap_rq.h>
+#include "alock.h"
+
+static const struct bdbi_database {
+ char *file;
+ char *name;
+ int type;
+ int flags;
+} bdbi_databases[] = {
+ { "id2entry" BDB_SUFFIX, "id2entry", DB_BTREE, 0 },
+ { "dn2id" BDB_SUFFIX, "dn2id", DB_BTREE, 0 },
+ { NULL, NULL, 0, 0 }
+};
+
+typedef void * db_malloc(size_t);
+typedef void * db_realloc(void *, size_t);
+
+#define bdb_db_init BDB_SYMBOL(db_init)
+#define bdb_db_open BDB_SYMBOL(db_open)
+#define bdb_db_close BDB_SYMBOL(db_close)
+
+static int
+bdb_db_init( BackendDB *be )
+{
+ struct bdb_info *bdb;
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_db_init) ": Initializing " BDB_UCTYPE " database\n",
+ 0, 0, 0 );
+
+ /* allocate backend-database-specific stuff */
+ bdb = (struct bdb_info *) ch_calloc( 1, sizeof(struct bdb_info) );
+
+ /* DBEnv parameters */
+ bdb->bi_dbenv_home = ch_strdup( SLAPD_DEFAULT_DB_DIR );
+ bdb->bi_dbenv_xflags = 0;
+ bdb->bi_dbenv_mode = SLAPD_DEFAULT_DB_MODE;
+
+ bdb->bi_cache.c_maxsize = DEFAULT_CACHE_SIZE;
+ bdb->bi_cache.c_minfree = 1;
+
+ bdb->bi_lock_detect = DB_LOCK_DEFAULT;
+ bdb->bi_search_stack_depth = DEFAULT_SEARCH_STACK_DEPTH;
+ bdb->bi_search_stack = NULL;
+
+ ldap_pvt_thread_mutex_init( &bdb->bi_database_mutex );
+ ldap_pvt_thread_mutex_init( &bdb->bi_lastid_mutex );
+#ifdef BDB_HIER
+ ldap_pvt_thread_mutex_init( &bdb->bi_modrdns_mutex );
+#endif
+ ldap_pvt_thread_mutex_init( &bdb->bi_cache.lru_head_mutex );
+ ldap_pvt_thread_mutex_init( &bdb->bi_cache.lru_tail_mutex );
+ ldap_pvt_thread_mutex_init( &bdb->bi_cache.c_dntree.bei_kids_mutex );
+ ldap_pvt_thread_rdwr_init ( &bdb->bi_cache.c_rwlock );
+ ldap_pvt_thread_rdwr_init( &bdb->bi_idl_tree_rwlock );
+ ldap_pvt_thread_mutex_init( &bdb->bi_idl_tree_lrulock );
+
+ be->be_private = bdb;
+ be->be_cf_ocs = be->bd_info->bi_cf_ocs;
+
+ return 0;
+}
+
+static int
+bdb_db_close( BackendDB *be );
+
+static int
+bdb_db_open( BackendDB *be )
+{
+ int rc, i;
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ struct stat stat1, stat2;
+ u_int32_t flags;
+ char path[MAXPATHLEN];
+ char *dbhome;
+ int do_recover = 0, do_alock_recover = 0, open_env = 1;
+ int alockt, quick = 0;
+
+ if ( be->be_suffix == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": need suffix\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ Debug( LDAP_DEBUG_ARGS,
+ LDAP_XSTRING(bdb_db_open) ": %s\n",
+ be->be_suffix[0].bv_val, 0, 0 );
+
+#ifndef BDB_MULTIPLE_SUFFIXES
+ if ( be->be_suffix[1].bv_val ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": only one suffix allowed\n", 0, 0, 0 );
+ return -1;
+ }
+#endif
+
+ /* Check existence of dbenv_home. Any error means trouble */
+ rc = stat( bdb->bi_dbenv_home, &stat1 );
+ if( rc !=0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": Cannot access database directory %s (%d)\n",
+ bdb->bi_dbenv_home, errno, 0 );
+ return -1;
+ }
+
+ /* Perform database use arbitration/recovery logic */
+ alockt = (slapMode & SLAP_TOOL_READONLY) ? ALOCK_LOCKED : ALOCK_UNIQUE;
+ if ( slapMode & SLAP_TOOL_QUICK ) {
+ alockt |= ALOCK_NOSAVE;
+ quick = 1;
+ }
+
+ rc = alock_open( &bdb->bi_alock_info,
+ "slapd",
+ bdb->bi_dbenv_home, alockt );
+
+ /* alockt is TRUE if the existing environment was created in Quick mode */
+ alockt = (rc & ALOCK_NOSAVE) ? 1 : 0;
+ rc &= ~ALOCK_NOSAVE;
+
+ if( rc == ALOCK_RECOVER ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": unclean shutdown detected;"
+ " attempting recovery.\n",
+ 0, 0, 0 );
+ do_alock_recover = 1;
+ do_recover = DB_RECOVER;
+ } else if( rc == ALOCK_BUSY ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": database already in use\n",
+ 0, 0, 0 );
+ return -1;
+ } else if( rc != ALOCK_CLEAN ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": alock package is unstable\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ /*
+ * The DB_CONFIG file may have changed. If so, recover the
+ * database so that new settings are put into effect. Also
+ * note the possible absence of DB_CONFIG in the log.
+ */
+ if( stat( bdb->bi_db_config_path, &stat1 ) == 0 ) {
+ if ( !do_recover ) {
+ char *ptr = lutil_strcopy(path, bdb->bi_dbenv_home);
+ *ptr++ = LDAP_DIRSEP[0];
+ strcpy( ptr, "__db.001" );
+ if( stat( path, &stat2 ) == 0 ) {
+ if( stat2.st_mtime < stat1.st_mtime ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": DB_CONFIG for suffix %s has changed.\n"
+ "Performing database recovery to activate new settings.\n",
+ be->be_suffix[0].bv_val, 0, 0 );
+ do_recover = DB_RECOVER;
+ }
+ }
+ }
+ }
+ else {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": Warning - No DB_CONFIG file found "
+ "in directory %s: (%d)\n"
+ "Expect poor performance for suffix %s.\n",
+ bdb->bi_dbenv_home, errno, be->be_suffix[0].bv_val );
+ }
+
+ /* Always let slapcat run, regardless of environment state.
+ * This can be used to cause a cache flush after an unclean
+ * shutdown.
+ */
+ if ( do_recover && ( slapMode & SLAP_TOOL_READONLY )) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": Recovery skipped in read-only mode. "
+ "Run manual recovery if errors are encountered.\n",
+ 0, 0, 0 );
+ do_recover = 0;
+ quick = alockt;
+ }
+
+ /* An existing environment in Quick mode has nothing to recover. */
+ if ( alockt && do_recover ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": cannot recover, database must be reinitialized.\n",
+ 0, 0, 0 );
+ rc = -1;
+ goto fail;
+ }
+
+ rc = db_env_create( &bdb->bi_dbenv, 0 );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": db_env_create failed: %s (%d)\n",
+ db_strerror(rc), rc, 0 );
+ goto fail;
+ }
+
+#ifdef HAVE_EBCDIC
+ strcpy( path, bdb->bi_dbenv_home );
+ __atoe( path );
+ dbhome = path;
+#else
+ dbhome = bdb->bi_dbenv_home;
+#endif
+
+ /* If existing environment is clean but doesn't support
+ * currently requested modes, remove it.
+ */
+ if ( !do_recover && ( alockt ^ quick )) {
+shm_retry:
+ rc = bdb->bi_dbenv->remove( bdb->bi_dbenv, dbhome, DB_FORCE );
+ if ( rc ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": dbenv remove failed: %s (%d)\n",
+ db_strerror(rc), rc, 0 );
+ bdb->bi_dbenv = NULL;
+ goto fail;
+ }
+ rc = db_env_create( &bdb->bi_dbenv, 0 );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": db_env_create failed: %s (%d)\n",
+ db_strerror(rc), rc, 0 );
+ goto fail;
+ }
+ }
+
+ bdb->bi_dbenv->set_errpfx( bdb->bi_dbenv, be->be_suffix[0].bv_val );
+ bdb->bi_dbenv->set_errcall( bdb->bi_dbenv, bdb_errcall );
+
+ bdb->bi_dbenv->set_lk_detect( bdb->bi_dbenv, bdb->bi_lock_detect );
+
+ /* One long-lived TXN per thread, two TXNs per write op */
+ bdb->bi_dbenv->set_tx_max( bdb->bi_dbenv, connection_pool_max * 3 );
+
+ if( bdb->bi_dbenv_xflags != 0 ) {
+ rc = bdb->bi_dbenv->set_flags( bdb->bi_dbenv,
+ bdb->bi_dbenv_xflags, 1);
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": dbenv_set_flags failed: %s (%d)\n",
+ db_strerror(rc), rc, 0 );
+ goto fail;
+ }
+ }
+
+#define BDB_TXN_FLAGS (DB_INIT_LOCK | DB_INIT_LOG | DB_INIT_TXN)
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_db_open) ": dbenv_open(%s)\n",
+ bdb->bi_dbenv_home, 0, 0);
+
+ flags = DB_INIT_MPOOL | DB_CREATE | DB_THREAD;
+
+ if ( !quick )
+ flags |= BDB_TXN_FLAGS;
+
+ /* If a key was set, use shared memory for the BDB environment */
+ if ( bdb->bi_shm_key ) {
+ bdb->bi_dbenv->set_shm_key( bdb->bi_dbenv, bdb->bi_shm_key );
+ flags |= DB_SYSTEM_MEM;
+ }
+ rc = bdb->bi_dbenv->open( bdb->bi_dbenv, dbhome,
+ flags | do_recover, bdb->bi_dbenv_mode );
+
+ if ( rc ) {
+ /* Regular open failed, probably a missing shm environment.
+ * Start over, do a recovery.
+ */
+ if ( !do_recover && bdb->bi_shm_key ) {
+ bdb->bi_dbenv->close( bdb->bi_dbenv, 0 );
+ rc = db_env_create( &bdb->bi_dbenv, 0 );
+ if( rc == 0 ) {
+ Debug( LDAP_DEBUG_ANY, LDAP_XSTRING(bdb_db_open)
+ ": Shared memory env open failed, assuming stale env\n",
+ 0, 0, 0 );
+ goto shm_retry;
+ }
+ }
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": Database cannot be %s, err %d. "
+ "Restore from backup!\n",
+ do_recover ? "recovered" : "opened", rc, 0);
+ goto fail;
+ }
+
+ if ( do_alock_recover && alock_recover (&bdb->bi_alock_info) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": alock_recover failed\n",
+ 0, 0, 0 );
+ rc = -1;
+ goto fail;
+ }
+
+#ifdef SLAP_ZONE_ALLOC
+ if ( bdb->bi_cache.c_maxsize ) {
+ bdb->bi_cache.c_zctx = slap_zn_mem_create(
+ SLAP_ZONE_INITSIZE,
+ SLAP_ZONE_MAXSIZE,
+ SLAP_ZONE_DELTA,
+ SLAP_ZONE_SIZE);
+ }
+#endif
+
+ if ( bdb->bi_idl_cache_max_size ) {
+ bdb->bi_idl_tree = NULL;
+ bdb->bi_idl_cache_size = 0;
+ }
+
+ flags = DB_THREAD | bdb->bi_db_opflags;
+
+#ifdef DB_AUTO_COMMIT
+ if ( !quick )
+ flags |= DB_AUTO_COMMIT;
+#endif
+
+ bdb->bi_databases = (struct bdb_db_info **) ch_malloc(
+ BDB_INDICES * sizeof(struct bdb_db_info *) );
+
+ /* open (and create) main database */
+ for( i = 0; bdbi_databases[i].name; i++ ) {
+ struct bdb_db_info *db;
+
+ db = (struct bdb_db_info *) ch_calloc(1, sizeof(struct bdb_db_info));
+
+ rc = db_create( &db->bdi_db, bdb->bi_dbenv, 0 );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": db_create(%s) failed: %s (%d)\n",
+ bdb->bi_dbenv_home, db_strerror(rc), rc );
+ goto fail;
+ }
+
+ if( i == BDB_ID2ENTRY ) {
+ if ( slapMode & SLAP_TOOL_MODE )
+ db->bdi_db->mpf->set_priority( db->bdi_db->mpf,
+ DB_PRIORITY_VERY_LOW );
+
+ rc = db->bdi_db->set_pagesize( db->bdi_db,
+ BDB_ID2ENTRY_PAGESIZE );
+ if ( slapMode & SLAP_TOOL_READMAIN ) {
+ flags |= DB_RDONLY;
+ } else {
+ flags |= DB_CREATE;
+ }
+ } else {
+ rc = db->bdi_db->set_flags( db->bdi_db,
+ DB_DUP | DB_DUPSORT );
+#ifndef BDB_HIER
+ if ( slapMode & SLAP_TOOL_READONLY ) {
+ flags |= DB_RDONLY;
+ } else {
+ flags |= DB_CREATE;
+ }
+#else
+ if ( slapMode & (SLAP_TOOL_READONLY|SLAP_TOOL_READMAIN) ) {
+ flags |= DB_RDONLY;
+ } else {
+ flags |= DB_CREATE;
+ }
+#endif
+ rc = db->bdi_db->set_pagesize( db->bdi_db,
+ BDB_PAGESIZE );
+ }
+
+#ifdef HAVE_EBCDIC
+ strcpy( path, bdbi_databases[i].file );
+ __atoe( path );
+ rc = DB_OPEN( db->bdi_db,
+ path,
+ /* bdbi_databases[i].name, */ NULL,
+ bdbi_databases[i].type,
+ bdbi_databases[i].flags | flags,
+ bdb->bi_dbenv_mode );
+#else
+ rc = DB_OPEN( db->bdi_db,
+ bdbi_databases[i].file,
+ /* bdbi_databases[i].name, */ NULL,
+ bdbi_databases[i].type,
+ bdbi_databases[i].flags | flags,
+ bdb->bi_dbenv_mode );
+#endif
+
+ if ( rc != 0 ) {
+ char buf[SLAP_TEXT_BUFLEN];
+
+ snprintf( buf, sizeof(buf), "%s/%s",
+ bdb->bi_dbenv_home, bdbi_databases[i].file );
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": db_open(%s) failed: %s (%d)\n",
+ buf, db_strerror(rc), rc );
+ db->bdi_db->close( db->bdi_db, 0 );
+ goto fail;
+ }
+
+ flags &= ~(DB_CREATE | DB_RDONLY);
+ db->bdi_name = bdbi_databases[i].name;
+ bdb->bi_databases[i] = db;
+ }
+
+ bdb->bi_databases[i] = NULL;
+ bdb->bi_ndatabases = i;
+
+ /* get nextid */
+ rc = bdb_last_id( be, NULL );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_db_open) ": last_id(%s) failed: %s (%d)\n",
+ bdb->bi_dbenv_home, db_strerror(rc), rc );
+ goto fail;
+ }
+
+ if ( !quick ) {
+ XLOCK_ID(bdb->bi_dbenv, &bdb->bi_cache.c_locker);
+ }
+
+ bdb->bi_flags |= BDB_IS_OPEN;
+
+ return 0;
+
+fail:
+ bdb_db_close( be );
+ return rc;
+}
+
+static int
+bdb_db_close( BackendDB *be )
+{
+ int rc;
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ struct bdb_db_info *db;
+ bdb_idl_cache_entry_t *entry, *next_entry;
+
+ bdb->bi_flags &= ~BDB_IS_OPEN;
+
+ ber_bvarray_free( bdb->bi_db_config );
+ bdb->bi_db_config = NULL;
+
+ while( bdb->bi_databases && bdb->bi_ndatabases-- ) {
+ db = bdb->bi_databases[bdb->bi_ndatabases];
+ rc = db->bdi_db->close( db->bdi_db, 0 );
+ /* Lower numbered names are not strdup'd */
+ if( bdb->bi_ndatabases >= BDB_NDB )
+ free( db->bdi_name );
+ free( db );
+ }
+ free( bdb->bi_databases );
+ bdb->bi_databases = NULL;
+
+ bdb_cache_release_all (&bdb->bi_cache);
+
+ if ( bdb->bi_idl_cache_max_size ) {
+ avl_free( bdb->bi_idl_tree, NULL );
+ bdb->bi_idl_tree = NULL;
+ entry = bdb->bi_idl_lru_head;
+ while ( entry != NULL ) {
+ next_entry = entry->idl_lru_next;
+ if ( entry->idl )
+ free( entry->idl );
+ free( entry->kstr.bv_val );
+ free( entry );
+ entry = next_entry;
+ }
+ bdb->bi_idl_lru_head = bdb->bi_idl_lru_tail = NULL;
+ }
+
+ /* close db environment */
+ if( bdb->bi_dbenv ) {
+ /* Free cache locker if we enabled locking */
+ if ( !( slapMode & SLAP_TOOL_QUICK )) {
+ XLOCK_ID_FREE(bdb->bi_dbenv, bdb->bi_cache.c_locker);
+ bdb->bi_cache.c_locker = 0;
+ }
+#ifdef BDB_REUSE_LOCKERS
+ bdb_locker_flush( bdb->bi_dbenv );
+#endif
+ /* force a checkpoint, but not if we were ReadOnly,
+ * and not in Quick mode since there are no transactions there.
+ */
+ if ( !( slapMode & ( SLAP_TOOL_QUICK|SLAP_TOOL_READONLY ))) {
+ rc = TXN_CHECKPOINT( bdb->bi_dbenv, 0, 0, DB_FORCE );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "bdb_db_close: txn_checkpoint failed: %s (%d)\n",
+ db_strerror(rc), rc, 0 );
+ }
+ }
+
+ rc = bdb->bi_dbenv->close( bdb->bi_dbenv, 0 );
+ bdb->bi_dbenv = NULL;
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "bdb_db_close: close failed: %s (%d)\n",
+ db_strerror(rc), rc, 0 );
+ return rc;
+ }
+ }
+
+ rc = alock_close( &bdb->bi_alock_info );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "bdb_db_close: alock_close failed\n", 0, 0, 0 );
+ return -1;
+ }
+
+ return 0;
+}
+
+static int
+bdb_db_destroy( BackendDB *be )
+{
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+
+ if( bdb->bi_dbenv_home ) ch_free( bdb->bi_dbenv_home );
+ if( bdb->bi_db_config_path ) ch_free( bdb->bi_db_config_path );
+
+ bdb_attr_index_destroy( bdb );
+
+ ldap_pvt_thread_rdwr_destroy ( &bdb->bi_cache.c_rwlock );
+ ldap_pvt_thread_mutex_destroy( &bdb->bi_cache.lru_head_mutex );
+ ldap_pvt_thread_mutex_destroy( &bdb->bi_cache.lru_tail_mutex );
+ ldap_pvt_thread_mutex_destroy( &bdb->bi_cache.c_dntree.bei_kids_mutex );
+#ifdef BDB_HIER
+ ldap_pvt_thread_mutex_destroy( &bdb->bi_modrdns_mutex );
+#endif
+ ldap_pvt_thread_mutex_destroy( &bdb->bi_lastid_mutex );
+ ldap_pvt_thread_mutex_destroy( &bdb->bi_database_mutex );
+ ldap_pvt_thread_rdwr_destroy( &bdb->bi_idl_tree_rwlock );
+ ldap_pvt_thread_mutex_destroy( &bdb->bi_idl_tree_lrulock );
+
+ ch_free( bdb );
+ be->be_private = NULL;
+
+ return 0;
+}
+
+int
+bdb_back_initialize(
+ BackendInfo *bi )
+{
+ int rc;
+
+ static char *controls[] = {
+ LDAP_CONTROL_ASSERT,
+ LDAP_CONTROL_MANAGEDSAIT,
+ LDAP_CONTROL_NOOP,
+ LDAP_CONTROL_PAGEDRESULTS,
+ LDAP_CONTROL_PRE_READ,
+ LDAP_CONTROL_POST_READ,
+ LDAP_CONTROL_SUBENTRIES,
+ LDAP_CONTROL_X_PERMISSIVE_MODIFY,
+ NULL
+ };
+
+ /* initialize the underlying database system */
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_back_initialize) ": initialize "
+ BDB_UCTYPE " backend\n", 0, 0, 0 );
+
+ bi->bi_flags |=
+ SLAP_BFLAG_INCREMENT |
+ SLAP_BFLAG_SUBENTRIES |
+ SLAP_BFLAG_ALIASES |
+ SLAP_BFLAG_REFERRALS;
+
+ bi->bi_controls = controls;
+
+ { /* version check */
+ int major, minor, patch, ver;
+ char *version = db_version( &major, &minor, &patch );
+#ifdef HAVE_EBCDIC
+ char v2[1024];
+
+ /* All our stdio does an ASCII to EBCDIC conversion on
+ * the output. Strings from the BDB library are already
+ * in EBCDIC; we have to go back and forth...
+ */
+ strcpy( v2, version );
+ __etoa( v2 );
+ version = v2;
+#endif
+
+ ver = (major << 24) | (minor << 16) | patch;
+ if( ver != DB_VERSION_FULL ) {
+ /* fail if a versions don't match */
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_back_initialize) ": "
+ "BDB library version mismatch:"
+ " expected " DB_VERSION_STRING ","
+ " got %s\n", version, 0, 0 );
+ return -1;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_back_initialize)
+ ": %s\n", version, 0, 0 );
+ }
+
+ db_env_set_func_free( ber_memfree );
+ db_env_set_func_malloc( (db_malloc *)ber_memalloc );
+ db_env_set_func_realloc( (db_realloc *)ber_memrealloc );
+#ifndef NO_THREAD
+ /* This is a no-op on a NO_THREAD build. Leave the default
+ * alone so that BDB will sleep on interprocess conflicts.
+ */
+ db_env_set_func_yield( ldap_pvt_thread_yield );
+#endif
+
+ bi->bi_open = 0;
+ bi->bi_close = 0;
+ bi->bi_config = 0;
+ bi->bi_destroy = 0;
+
+ bi->bi_db_init = bdb_db_init;
+ bi->bi_db_config = config_generic_wrapper;
+ bi->bi_db_open = bdb_db_open;
+ bi->bi_db_close = bdb_db_close;
+ bi->bi_db_destroy = bdb_db_destroy;
+
+ bi->bi_op_add = bdb_add;
+ bi->bi_op_bind = bdb_bind;
+ bi->bi_op_compare = bdb_compare;
+ bi->bi_op_delete = bdb_delete;
+ bi->bi_op_modify = bdb_modify;
+ bi->bi_op_modrdn = bdb_modrdn;
+ bi->bi_op_search = bdb_search;
+
+ bi->bi_op_unbind = 0;
+
+ bi->bi_extended = bdb_extended;
+
+ bi->bi_chk_referrals = bdb_referrals;
+ bi->bi_operational = bdb_operational;
+ bi->bi_has_subordinates = bdb_hasSubordinates;
+ bi->bi_entry_release_rw = bdb_entry_release;
+ bi->bi_entry_get_rw = bdb_entry_get;
+
+ /*
+ * hooks for slap tools
+ */
+ bi->bi_tool_entry_open = bdb_tool_entry_open;
+ bi->bi_tool_entry_close = bdb_tool_entry_close;
+ bi->bi_tool_entry_first = bdb_tool_entry_next;
+ bi->bi_tool_entry_next = bdb_tool_entry_next;
+ bi->bi_tool_entry_get = bdb_tool_entry_get;
+ bi->bi_tool_entry_put = bdb_tool_entry_put;
+ bi->bi_tool_entry_reindex = bdb_tool_entry_reindex;
+ bi->bi_tool_sync = 0;
+ bi->bi_tool_dn2id_get = bdb_tool_dn2id_get;
+ bi->bi_tool_id2entry_get = bdb_tool_id2entry_get;
+ bi->bi_tool_entry_modify = bdb_tool_entry_modify;
+
+ bi->bi_connection_init = 0;
+ bi->bi_connection_destroy = 0;
+
+ rc = bdb_back_init_cf( bi );
+
+ return rc;
+}
+
+#if (SLAPD_BDB == SLAPD_MOD_DYNAMIC && !defined(BDB_HIER)) || \
+ (SLAPD_HDB == SLAPD_MOD_DYNAMIC && defined(BDB_HIER))
+
+/* conditionally define the init_module() function */
+#ifdef BDB_HIER
+SLAP_BACKEND_INIT_MODULE( hdb )
+#else /* !BDB_HIER */
+SLAP_BACKEND_INIT_MODULE( bdb )
+#endif /* !BDB_HIER */
+
+#endif /* SLAPD_[BH]DB == SLAPD_MOD_DYNAMIC */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/key.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/key.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/key.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,104 @@
+/* index.c - routines for dealing with attribute indexes */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/key.c,v 1.16.2.4 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-bdb.h"
+#include "idl.h"
+
+/* read a key */
+int
+bdb_key_read(
+ Backend *be,
+ DB *db,
+ DB_TXN *txn,
+ struct berval *k,
+ ID *ids,
+ DBC **saved_cursor,
+ int get_flag
+)
+{
+ int rc;
+ DBT key;
+
+ Debug( LDAP_DEBUG_TRACE, "=> key_read\n", 0, 0, 0 );
+
+ DBTzero( &key );
+ bv2DBT(k,&key);
+ key.ulen = key.size;
+ key.flags = DB_DBT_USERMEM;
+
+ rc = bdb_idl_fetch_key( be, db, txn, &key, ids, saved_cursor, get_flag );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "<= bdb_index_read: failed (%d)\n",
+ rc, 0, 0 );
+ } else {
+ Debug( LDAP_DEBUG_TRACE, "<= bdb_index_read %ld candidates\n",
+ (long) BDB_IDL_N(ids), 0, 0 );
+ }
+
+ return rc;
+}
+
+/* Add or remove stuff from index files */
+int
+bdb_key_change(
+ Backend *be,
+ DB *db,
+ DB_TXN *txn,
+ struct berval *k,
+ ID id,
+ int op
+)
+{
+ int rc;
+ DBT key;
+
+ Debug( LDAP_DEBUG_TRACE, "=> key_change(%s,%lx)\n",
+ op == SLAP_INDEX_ADD_OP ? "ADD":"DELETE", (long) id, 0 );
+
+ DBTzero( &key );
+ bv2DBT(k,&key);
+ key.ulen = key.size;
+ key.flags = DB_DBT_USERMEM;
+
+ if (op == SLAP_INDEX_ADD_OP) {
+ /* Add values */
+
+#ifdef BDB_TOOL_IDL_CACHING
+ if ( slapMode & SLAP_TOOL_QUICK )
+ rc = bdb_tool_idl_add( be, db, txn, &key, id );
+ else
+#endif
+ rc = bdb_idl_insert_key( be, db, txn, &key, id );
+ if ( rc == DB_KEYEXIST ) rc = 0;
+ } else {
+ /* Delete values */
+ rc = bdb_idl_delete_key( be, db, txn, &key, id );
+ if ( rc == DB_NOTFOUND ) rc = 0;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<= key_change %d\n", rc, 0, 0 );
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/modify.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/modify.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/modify.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,619 @@
+/* modify.c - bdb backend modify routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/modify.c,v 1.124.2.16 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "back-bdb.h"
+
+static struct berval scbva[] = {
+ BER_BVC("glue"),
+ BER_BVNULL
+};
+
+int bdb_modify_internal(
+ Operation *op,
+ DB_TXN *tid,
+ Modifications *modlist,
+ Entry *e,
+ const char **text,
+ char *textbuf,
+ size_t textlen )
+{
+ int rc, err;
+ Modification *mod;
+ Modifications *ml;
+ Attribute *save_attrs;
+ Attribute *ap;
+ int glue_attr_delete = 0;
+
+ Debug( LDAP_DEBUG_TRACE, "bdb_modify_internal: 0x%08lx: %s\n",
+ e->e_id, e->e_dn, 0);
+
+ if ( !acl_check_modlist( op, e, modlist )) {
+ return LDAP_INSUFFICIENT_ACCESS;
+ }
+
+ /* save_attrs will be disposed of by bdb_cache_modify */
+ save_attrs = e->e_attrs;
+ e->e_attrs = attrs_dup( e->e_attrs );
+
+ for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
+ int match;
+ mod = &ml->sml_mod;
+ switch( mod->sm_op ) {
+ case LDAP_MOD_ADD:
+ case LDAP_MOD_REPLACE:
+ if ( mod->sm_desc == slap_schema.si_ad_structuralObjectClass ) {
+ value_match( &match, slap_schema.si_ad_structuralObjectClass,
+ slap_schema.si_ad_structuralObjectClass->
+ ad_type->sat_equality,
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ &mod->sm_values[0], &scbva[0], text );
+ if ( !match ) glue_attr_delete = 1;
+ }
+ }
+ if ( glue_attr_delete )
+ break;
+ }
+
+ if ( glue_attr_delete ) {
+ Attribute **app = &e->e_attrs;
+ while ( *app != NULL ) {
+ if ( !is_at_operational( (*app)->a_desc->ad_type )) {
+ Attribute *save = *app;
+ *app = (*app)->a_next;
+ attr_free( save );
+ continue;
+ }
+ app = &(*app)->a_next;
+ }
+ }
+
+ for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
+ mod = &ml->sml_mod;
+
+ switch ( mod->sm_op ) {
+ case LDAP_MOD_ADD:
+ Debug(LDAP_DEBUG_ARGS,
+ "bdb_modify_internal: add %s\n",
+ mod->sm_desc->ad_cname.bv_val, 0, 0);
+ err = modify_add_values( e, mod, get_permissiveModify(op),
+ text, textbuf, textlen );
+ if( err != LDAP_SUCCESS ) {
+ Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: %d %s\n",
+ err, *text, 0);
+ }
+ break;
+
+ case LDAP_MOD_DELETE:
+ if ( glue_attr_delete ) {
+ err = LDAP_SUCCESS;
+ break;
+ }
+
+ Debug(LDAP_DEBUG_ARGS,
+ "bdb_modify_internal: delete %s\n",
+ mod->sm_desc->ad_cname.bv_val, 0, 0);
+ err = modify_delete_values( e, mod, get_permissiveModify(op),
+ text, textbuf, textlen );
+ assert( err != LDAP_TYPE_OR_VALUE_EXISTS );
+ if( err != LDAP_SUCCESS ) {
+ Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: %d %s\n",
+ err, *text, 0);
+ }
+ break;
+
+ case LDAP_MOD_REPLACE:
+ Debug(LDAP_DEBUG_ARGS,
+ "bdb_modify_internal: replace %s\n",
+ mod->sm_desc->ad_cname.bv_val, 0, 0);
+ err = modify_replace_values( e, mod, get_permissiveModify(op),
+ text, textbuf, textlen );
+ if( err != LDAP_SUCCESS ) {
+ Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: %d %s\n",
+ err, *text, 0);
+ }
+ break;
+
+ case LDAP_MOD_INCREMENT:
+ Debug(LDAP_DEBUG_ARGS,
+ "bdb_modify_internal: increment %s\n",
+ mod->sm_desc->ad_cname.bv_val, 0, 0);
+ err = modify_increment_values( e, mod, get_permissiveModify(op),
+ text, textbuf, textlen );
+ if( err != LDAP_SUCCESS ) {
+ Debug(LDAP_DEBUG_ARGS,
+ "bdb_modify_internal: %d %s\n",
+ err, *text, 0);
+ }
+ break;
+
+ case SLAP_MOD_SOFTADD:
+ Debug(LDAP_DEBUG_ARGS,
+ "bdb_modify_internal: softadd %s\n",
+ mod->sm_desc->ad_cname.bv_val, 0, 0);
+ /* Avoid problems in index_add_mods()
+ * We need to add index if necessary.
+ */
+ mod->sm_op = LDAP_MOD_ADD;
+
+ err = modify_add_values( e, mod, get_permissiveModify(op),
+ text, textbuf, textlen );
+
+ mod->sm_op = SLAP_MOD_SOFTADD;
+
+ if ( err == LDAP_TYPE_OR_VALUE_EXISTS ) {
+ err = LDAP_SUCCESS;
+ }
+
+ if( err != LDAP_SUCCESS ) {
+ Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: %d %s\n",
+ err, *text, 0);
+ }
+ break;
+
+ default:
+ Debug(LDAP_DEBUG_ANY, "bdb_modify_internal: invalid op %d\n",
+ mod->sm_op, 0, 0);
+ *text = "Invalid modify operation";
+ err = LDAP_OTHER;
+ Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: %d %s\n",
+ err, *text, 0);
+ }
+
+ if ( err != LDAP_SUCCESS ) {
+ attrs_free( e->e_attrs );
+ e->e_attrs = save_attrs;
+ /* unlock entry, delete from cache */
+ return err;
+ }
+
+ /* If objectClass was modified, reset the flags */
+ if ( mod->sm_desc == slap_schema.si_ad_objectClass ) {
+ e->e_ocflags = 0;
+ }
+
+ if ( glue_attr_delete ) e->e_ocflags = 0;
+
+ /* check if modified attribute was indexed
+ * but not in case of NOOP... */
+ err = bdb_index_is_indexed( op->o_bd, mod->sm_desc );
+ if ( err == LDAP_SUCCESS && !op->o_noop ) {
+ ap = attr_find( save_attrs, mod->sm_desc );
+ if ( ap ) ap->a_flags |= SLAP_ATTR_IXDEL;
+
+ ap = attr_find( e->e_attrs, mod->sm_desc );
+ if ( ap ) ap->a_flags |= SLAP_ATTR_IXADD;
+ }
+ }
+
+ /* check that the entry still obeys the schema */
+ rc = entry_schema_check( op, e, save_attrs, get_manageDIT(op),
+ text, textbuf, textlen );
+ if ( rc != LDAP_SUCCESS || op->o_noop ) {
+ attrs_free( e->e_attrs );
+ /* clear the indexing flags */
+ for ( ap = save_attrs; ap != NULL; ap = ap->a_next ) {
+ ap->a_flags = 0;
+ }
+ e->e_attrs = save_attrs;
+
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "entry failed schema check: %s\n",
+ *text, 0, 0 );
+ }
+
+ /* if NOOP then silently revert to saved attrs */
+ return rc;
+ }
+
+ /* update the indices of the modified attributes */
+
+ /* start with deleting the old index entries */
+ for ( ap = save_attrs; ap != NULL; ap = ap->a_next ) {
+ if ( ap->a_flags & SLAP_ATTR_IXDEL ) {
+ rc = bdb_index_values( op, tid, ap->a_desc,
+ ap->a_nvals,
+ e->e_id, SLAP_INDEX_DELETE_OP );
+ if ( rc != LDAP_SUCCESS ) {
+ attrs_free( e->e_attrs );
+ e->e_attrs = save_attrs;
+ Debug( LDAP_DEBUG_ANY,
+ "Attribute index delete failure",
+ 0, 0, 0 );
+ return rc;
+ }
+ ap->a_flags &= ~SLAP_ATTR_IXDEL;
+ }
+ }
+
+ /* add the new index entries */
+ for ( ap = e->e_attrs; ap != NULL; ap = ap->a_next ) {
+ if (ap->a_flags & SLAP_ATTR_IXADD) {
+ rc = bdb_index_values( op, tid, ap->a_desc,
+ ap->a_nvals,
+ e->e_id, SLAP_INDEX_ADD_OP );
+ if ( rc != LDAP_SUCCESS ) {
+ attrs_free( e->e_attrs );
+ e->e_attrs = save_attrs;
+ Debug( LDAP_DEBUG_ANY,
+ "Attribute index add failure",
+ 0, 0, 0 );
+ return rc;
+ }
+ ap->a_flags &= ~SLAP_ATTR_IXADD;
+ }
+ }
+
+ return rc;
+}
+
+
+int
+bdb_modify( Operation *op, SlapReply *rs )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ Entry *e = NULL;
+ EntryInfo *ei = NULL;
+ int manageDSAit = get_manageDSAit( op );
+ char textbuf[SLAP_TEXT_BUFLEN];
+ size_t textlen = sizeof textbuf;
+ DB_TXN *ltid = NULL, *lt2;
+ struct bdb_op_info opinfo = {0};
+ Entry dummy = {0};
+ int fakeroot = 0;
+
+ u_int32_t locker = 0;
+ DB_LOCK lock;
+
+ int num_retries = 0;
+
+ LDAPControl **preread_ctrl = NULL;
+ LDAPControl **postread_ctrl = NULL;
+ LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
+ int num_ctrls = 0;
+
+ int rc;
+
+ Debug( LDAP_DEBUG_ARGS, LDAP_XSTRING(bdb_modify) ": %s\n",
+ op->o_req_dn.bv_val, 0, 0 );
+
+ ctrls[num_ctrls] = NULL;
+
+ slap_mods_opattrs( op, &op->orm_modlist, 1 );
+
+ if( 0 ) {
+retry: /* transaction retry */
+ if ( dummy.e_attrs ) {
+ attrs_free( dummy.e_attrs );
+ dummy.e_attrs = NULL;
+ }
+ if( e != NULL ) {
+ bdb_unlocked_cache_return_entry_w(&bdb->bi_cache, e);
+ e = NULL;
+ }
+ Debug(LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modify) ": retrying...\n", 0, 0, 0);
+
+ rs->sr_err = TXN_ABORT( ltid );
+ ltid = NULL;
+ op->o_private = NULL;
+ op->o_do_not_cache = opinfo.boi_acl_cache;
+ if( rs->sr_err != 0 ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+ if ( op->o_abandon ) {
+ rs->sr_err = SLAPD_ABANDON;
+ goto return_results;
+ }
+ bdb_trans_backoff( ++num_retries );
+ }
+
+ /* begin transaction */
+ rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, <id,
+ bdb->bi_db_opflags );
+ rs->sr_text = NULL;
+ if( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modify) ": txn_begin failed: "
+ "%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+
+ locker = TXN_ID ( ltid );
+
+ opinfo.boi_bdb = op->o_bd;
+ opinfo.boi_txn = ltid;
+ opinfo.boi_locker = locker;
+ opinfo.boi_err = 0;
+ opinfo.boi_acl_cache = op->o_do_not_cache;
+ op->o_private = &opinfo;
+
+ /* get entry or ancestor */
+ rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei, 1,
+ locker, &lock );
+
+ if ( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modify) ": dn2entry failed (%d)\n",
+ rs->sr_err, 0, 0 );
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ case DB_NOTFOUND:
+ if ( BER_BVISEMPTY( &op->o_req_ndn )) {
+ struct berval gluebv = BER_BVC("glue");
+ e = ch_calloc( 1, sizeof(Entry));
+ e->e_name.bv_val = ch_strdup( "" );
+ ber_dupbv( &e->e_nname, &e->e_name );
+ attr_merge_one( e, slap_schema.si_ad_objectClass,
+ &gluebv, NULL );
+ attr_merge_one( e, slap_schema.si_ad_structuralObjectClass,
+ &gluebv, NULL );
+ e->e_private = ei;
+ fakeroot = 1;
+ rs->sr_err = 0;
+ }
+ break;
+ case LDAP_BUSY:
+ rs->sr_text = "ldap server busy";
+ goto return_results;
+ default:
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+ }
+
+ if ( !fakeroot ) {
+ e = ei->bei_e;
+ }
+
+ /* acquire and lock entry */
+ /* FIXME: dn2entry() should return non-glue entry */
+ if (( rs->sr_err == DB_NOTFOUND ) ||
+ ( !manageDSAit && e && is_entry_glue( e )))
+ {
+ if ( e != NULL ) {
+ rs->sr_matched = ch_strdup( e->e_dn );
+ rs->sr_ref = is_entry_referral( e )
+ ? get_entry_referrals( op, e )
+ : NULL;
+ bdb_unlocked_cache_return_entry_r (&bdb->bi_cache, e);
+ e = NULL;
+
+ } else {
+ rs->sr_ref = referral_rewrite( default_referral, NULL,
+ &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ }
+
+ rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+
+ if ( rs->sr_ref != default_referral ) {
+ ber_bvarray_free( rs->sr_ref );
+ }
+ free( (char *)rs->sr_matched );
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+
+ goto done;
+ }
+
+ if ( !manageDSAit && is_entry_referral( e ) ) {
+ /* entry is a referral, don't allow modify */
+ rs->sr_ref = get_entry_referrals( op, e );
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modify) ": entry is referral\n",
+ 0, 0, 0 );
+
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_matched = e->e_name.bv_val;
+ send_ldap_result( op, rs );
+
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+ goto done;
+ }
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ goto return_results;
+ }
+
+ if( op->o_preread ) {
+ if( preread_ctrl == NULL ) {
+ preread_ctrl = &ctrls[num_ctrls++];
+ ctrls[num_ctrls] = NULL;
+ }
+ if ( slap_read_controls( op, rs, e,
+ &slap_pre_read_bv, preread_ctrl ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_modify) ": pre-read failed!\n",
+ 0, 0, 0 );
+ goto return_results;
+ }
+ }
+
+ /* nested transaction */
+ rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2, bdb->bi_db_opflags );
+ rs->sr_text = NULL;
+ if( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modify) ": txn_begin(2) failed: " "%s (%d)\n",
+ db_strerror(rs->sr_err), rs->sr_err, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+ /* Modify the entry */
+ dummy = *e;
+ rs->sr_err = bdb_modify_internal( op, lt2, op->oq_modify.rs_modlist,
+ &dummy, &rs->sr_text, textbuf, textlen );
+
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modify) ": modify failed (%d)\n",
+ rs->sr_err, 0, 0 );
+ if ( (rs->sr_err == LDAP_INSUFFICIENT_ACCESS) && opinfo.boi_err ) {
+ rs->sr_err = opinfo.boi_err;
+ }
+ /* Only free attrs if they were dup'd. */
+ if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+ goto return_results;
+ }
+
+ /* change the entry itself */
+ rs->sr_err = bdb_id2entry_update( op->o_bd, lt2, &dummy );
+ if ( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modify) ": id2entry update failed " "(%d)\n",
+ rs->sr_err, 0, 0 );
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+ rs->sr_text = "entry update failed";
+ goto return_results;
+ }
+
+ if ( TXN_COMMIT( lt2, 0 ) != 0 ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "txn_commit(2) failed";
+ goto return_results;
+ }
+
+ if( op->o_postread ) {
+ if( postread_ctrl == NULL ) {
+ postread_ctrl = &ctrls[num_ctrls++];
+ ctrls[num_ctrls] = NULL;
+ }
+ if( slap_read_controls( op, rs, &dummy,
+ &slap_post_read_bv, postread_ctrl ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_modify)
+ ": post-read failed!\n", 0, 0, 0 );
+ goto return_results;
+ }
+ }
+
+ if( op->o_noop ) {
+ if ( ( rs->sr_err = TXN_ABORT( ltid ) ) != 0 ) {
+ rs->sr_text = "txn_abort (no-op) failed";
+ } else {
+ rs->sr_err = LDAP_X_NO_OPERATION;
+ ltid = NULL;
+ goto return_results;
+ }
+ } else {
+ /* may have changed in bdb_modify_internal() */
+ e->e_ocflags = dummy.e_ocflags;
+ if ( fakeroot ) {
+ e->e_private = NULL;
+ entry_free( e );
+ e = NULL;
+ attrs_free( dummy.e_attrs );
+
+ } else {
+ rc = bdb_cache_modify( e, dummy.e_attrs, bdb->bi_dbenv, locker, &lock );
+ switch( rc ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+ }
+ dummy.e_attrs = NULL;
+
+ rs->sr_err = TXN_COMMIT( ltid, 0 );
+ }
+ ltid = NULL;
+ op->o_private = NULL;
+
+ if( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modify) ": txn_%s failed: %s (%d)\n",
+ op->o_noop ? "abort (no-op)" : "commit",
+ db_strerror(rs->sr_err), rs->sr_err );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "commit failed";
+
+ goto return_results;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modify) ": updated%s id=%08lx dn=\"%s\"\n",
+ op->o_noop ? " (no-op)" : "",
+ dummy.e_id, op->o_req_dn.bv_val );
+
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ if( num_ctrls ) rs->sr_ctrls = ctrls;
+
+return_results:
+ if( dummy.e_attrs ) {
+ attrs_free( dummy.e_attrs );
+ }
+ send_ldap_result( op, rs );
+
+ if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
+ TXN_CHECKPOINT( bdb->bi_dbenv,
+ bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
+ }
+
+done:
+ slap_graduate_commit_csn( op );
+
+ if( ltid != NULL ) {
+ TXN_ABORT( ltid );
+ }
+ op->o_private = NULL;
+
+ if( e != NULL ) {
+ bdb_unlocked_cache_return_entry_w (&bdb->bi_cache, e);
+ }
+
+ if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
+ slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+ slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
+ }
+ if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
+ slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+ slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
+ }
+ return rs->sr_err;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/modrdn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/modrdn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/modrdn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,838 @@
+/* modrdn.c - bdb backend modrdn routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/modrdn.c,v 1.160.2.12 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-bdb.h"
+
+int
+bdb_modrdn( Operation *op, SlapReply *rs )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ AttributeDescription *children = slap_schema.si_ad_children;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
+ struct berval p_dn, p_ndn;
+ struct berval new_dn = {0, NULL}, new_ndn = {0, NULL};
+ Entry *e = NULL;
+ Entry *p = NULL;
+ EntryInfo *ei = NULL, *eip = NULL, *nei = NULL, *neip = NULL;
+ /* LDAP v2 supporting correct attribute handling. */
+ LDAPRDN new_rdn = NULL;
+ LDAPRDN old_rdn = NULL;
+ char textbuf[SLAP_TEXT_BUFLEN];
+ size_t textlen = sizeof textbuf;
+ DB_TXN *ltid = NULL, *lt2;
+ struct bdb_op_info opinfo = {0};
+ Entry dummy = {0};
+
+ Entry *np = NULL; /* newSuperior Entry */
+ struct berval *np_dn = NULL; /* newSuperior dn */
+ struct berval *np_ndn = NULL; /* newSuperior ndn */
+ struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
+
+ /* Used to interface with bdb_modify_internal() */
+ Modifications *mod = NULL; /* Used to delete old rdn */
+
+ int manageDSAit = get_manageDSAit( op );
+
+ u_int32_t locker = 0;
+ DB_LOCK lock, plock, nplock;
+
+ int num_retries = 0;
+
+ LDAPControl **preread_ctrl = NULL;
+ LDAPControl **postread_ctrl = NULL;
+ LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
+ int num_ctrls = 0;
+
+ int rc;
+
+ int parent_is_glue = 0;
+ int parent_is_leaf = 0;
+
+ ctrls[num_ctrls] = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "==>" LDAP_XSTRING(bdb_modrdn) "(%s,%s,%s)\n",
+ op->o_req_dn.bv_val,op->oq_modrdn.rs_newrdn.bv_val,
+ op->oq_modrdn.rs_newSup ? op->oq_modrdn.rs_newSup->bv_val : "NULL" );
+
+ if( 0 ) {
+retry: /* transaction retry */
+ if ( dummy.e_attrs ) {
+ attrs_free( dummy.e_attrs );
+ dummy.e_attrs = NULL;
+ }
+ if (e != NULL) {
+ bdb_unlocked_cache_return_entry_w(&bdb->bi_cache, e);
+ e = NULL;
+ }
+ if (p != NULL) {
+ bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
+ p = NULL;
+ }
+ if (np != NULL) {
+ bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, np);
+ np = NULL;
+ }
+ Debug( LDAP_DEBUG_TRACE, "==>" LDAP_XSTRING(bdb_modrdn)
+ ": retrying...\n", 0, 0, 0 );
+
+ rs->sr_err = TXN_ABORT( ltid );
+ ltid = NULL;
+ op->o_private = NULL;
+ op->o_do_not_cache = opinfo.boi_acl_cache;
+ if( rs->sr_err != 0 ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+ if ( op->o_abandon ) {
+ rs->sr_err = SLAPD_ABANDON;
+ goto return_results;
+ }
+ parent_is_glue = 0;
+ parent_is_leaf = 0;
+ bdb_trans_backoff( ++num_retries );
+ }
+
+ /* begin transaction */
+ rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, <id,
+ bdb->bi_db_opflags );
+ rs->sr_text = NULL;
+ if( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn) ": txn_begin failed: "
+ "%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+
+ locker = TXN_ID ( ltid );
+
+ opinfo.boi_bdb = op->o_bd;
+ opinfo.boi_txn = ltid;
+ opinfo.boi_locker = locker;
+ opinfo.boi_err = 0;
+ opinfo.boi_acl_cache = op->o_do_not_cache;
+ op->o_private = &opinfo;
+
+ /* get entry */
+ rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei, 1,
+ locker, &lock );
+
+ switch( rs->sr_err ) {
+ case 0:
+ case DB_NOTFOUND:
+ break;
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ case LDAP_BUSY:
+ rs->sr_text = "ldap server busy";
+ goto return_results;
+ default:
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+
+ e = ei->bei_e;
+ /* FIXME: dn2entry() should return non-glue entry */
+ if (( rs->sr_err == DB_NOTFOUND ) ||
+ ( !manageDSAit && e && is_entry_glue( e )))
+ {
+ if( e != NULL ) {
+ rs->sr_matched = ch_strdup( e->e_dn );
+ rs->sr_ref = is_entry_referral( e )
+ ? get_entry_referrals( op, e )
+ : NULL;
+ bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, e);
+ e = NULL;
+
+ } else {
+ rs->sr_ref = referral_rewrite( default_referral, NULL,
+ &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ }
+
+ rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+
+ ber_bvarray_free( rs->sr_ref );
+ free( (char *)rs->sr_matched );
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+
+ goto done;
+ }
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ goto return_results;
+ }
+
+ /* check write on old entry */
+ rs->sr_err = access_allowed( op, e, entry, NULL, ACL_WRITE, NULL );
+ if ( ! rs->sr_err ) {
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
+ 0, 0 );
+ rs->sr_text = "no write access to old entry";
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+
+#ifndef BDB_HIER
+ rs->sr_err = bdb_cache_children( op, ltid, e );
+ if ( rs->sr_err != DB_NOTFOUND ) {
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ case 0:
+ Debug(LDAP_DEBUG_ARGS,
+ "<=- " LDAP_XSTRING(bdb_modrdn)
+ ": non-leaf %s\n",
+ op->o_req_dn.bv_val, 0, 0);
+ rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
+ rs->sr_text = "subtree rename not supported";
+ break;
+ default:
+ Debug(LDAP_DEBUG_ARGS,
+ "<=- " LDAP_XSTRING(bdb_modrdn)
+ ": has_children failed: %s (%d)\n",
+ db_strerror(rs->sr_err), rs->sr_err, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ }
+ goto return_results;
+ }
+ ei->bei_state |= CACHE_ENTRY_NO_KIDS;
+#endif
+
+ if (!manageDSAit && is_entry_referral( e ) ) {
+ /* parent is a referral, don't allow add */
+ rs->sr_ref = get_entry_referrals( op, e );
+
+ Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_modrdn)
+ ": entry %s is referral\n", e->e_dn, 0, 0 );
+
+ rs->sr_err = LDAP_REFERRAL,
+ rs->sr_matched = e->e_name.bv_val;
+ send_ldap_result( op, rs );
+
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+ goto done;
+ }
+
+ if ( be_issuffix( op->o_bd, &e->e_nname ) ) {
+#ifdef BDB_MULTIPLE_SUFFIXES
+ /* Allow renaming one suffix entry to another */
+ p_ndn = slap_empty_bv;
+#else
+ /* There can only be one suffix entry */
+ rs->sr_err = LDAP_NAMING_VIOLATION;
+ rs->sr_text = "cannot rename suffix entry";
+ goto return_results;
+#endif
+ } else {
+ dnParent( &e->e_nname, &p_ndn );
+ }
+ np_ndn = &p_ndn;
+ if ( p_ndn.bv_len != 0 ) {
+ /* Make sure parent entry exist and we can write its
+ * children.
+ */
+ eip = ei->bei_parent;
+ rs->sr_err = bdb_cache_find_id( op, ltid,
+ eip->bei_id, &eip, 0, locker, &plock );
+
+ switch( rs->sr_err ) {
+ case 0:
+ case DB_NOTFOUND:
+ break;
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ case LDAP_BUSY:
+ rs->sr_text = "ldap server busy";
+ goto return_results;
+ default:
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+
+ p = eip->bei_e;
+ if( p == NULL) {
+ Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_modrdn)
+ ": parent does not exist\n", 0, 0, 0);
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "old entry's parent does not exist";
+ goto return_results;
+ }
+ } else {
+ p = (Entry *)&slap_entry_root;
+ }
+
+ /* check parent for "children" acl */
+ rs->sr_err = access_allowed( op, p,
+ children, NULL,
+ op->oq_modrdn.rs_newSup == NULL ?
+ ACL_WRITE : ACL_WDEL,
+ NULL );
+
+ if ( !p_ndn.bv_len )
+ p = NULL;
+
+ if ( ! rs->sr_err ) {
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
+ 0, 0 );
+ rs->sr_text = "no write access to old parent's children";
+ goto return_results;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn) ": wr to children "
+ "of entry %s OK\n", p_ndn.bv_val, 0, 0 );
+
+ if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
+ p_dn = slap_empty_bv;
+ } else {
+ dnParent( &e->e_name, &p_dn );
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn) ": parent dn=%s\n",
+ p_dn.bv_val, 0, 0 );
+
+ new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
+
+ if ( op->oq_modrdn.rs_newSup != NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn)
+ ": new parent \"%s\" requested...\n",
+ op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
+
+ /* newSuperior == oldParent? */
+ if( dn_match( &p_ndn, op->oq_modrdn.rs_nnewSup ) ) {
+ Debug( LDAP_DEBUG_TRACE, "bdb_back_modrdn: "
+ "new parent \"%s\" same as the old parent \"%s\"\n",
+ op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
+ op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
+ }
+ }
+
+ /* There's a BDB_MULTIPLE_SUFFIXES case here that this code doesn't
+ * support. E.g., two suffixes dc=foo,dc=com and dc=bar,dc=net.
+ * We do not allow modDN
+ * dc=foo,dc=com
+ * newrdn dc=bar
+ * newsup dc=net
+ * and we probably should. But since MULTIPLE_SUFFIXES is deprecated
+ * I'm ignoring this problem for now.
+ */
+ if ( op->oq_modrdn.rs_newSup != NULL ) {
+ if ( op->oq_modrdn.rs_newSup->bv_len ) {
+ np_dn = op->oq_modrdn.rs_newSup;
+ np_ndn = op->oq_modrdn.rs_nnewSup;
+
+ /* newSuperior == oldParent? - checked above */
+ /* newSuperior == entry being moved?, if so ==> ERROR */
+ if ( dnIsSuffix( np_ndn, &e->e_nname )) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = "new superior not found";
+ goto return_results;
+ }
+ /* Get Entry with dn=newSuperior. Does newSuperior exist? */
+
+ rs->sr_err = bdb_dn2entry( op, ltid, np_ndn,
+ &neip, 0, locker, &nplock );
+
+ switch( rs->sr_err ) {
+ case 0: np = neip->bei_e;
+ case DB_NOTFOUND:
+ break;
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ case LDAP_BUSY:
+ rs->sr_text = "ldap server busy";
+ goto return_results;
+ default:
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+
+ if( np == NULL) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn)
+ ": newSup(ndn=%s) not here!\n",
+ np_ndn->bv_val, 0, 0);
+ rs->sr_text = "new superior not found";
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ goto return_results;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn)
+ ": wr to new parent OK np=%p, id=%ld\n",
+ (void *) np, (long) np->e_id, 0 );
+
+ /* check newSuperior for "children" acl */
+ rs->sr_err = access_allowed( op, np, children,
+ NULL, ACL_WADD, NULL );
+
+ if( ! rs->sr_err ) {
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn)
+ ": no wr to newSup children\n",
+ 0, 0, 0 );
+ rs->sr_text = "no write access to new superior's children";
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+
+ if ( is_entry_alias( np ) ) {
+ /* parent is an alias, don't allow add */
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn)
+ ": entry is alias\n",
+ 0, 0, 0 );
+ rs->sr_text = "new superior is an alias";
+ rs->sr_err = LDAP_ALIAS_PROBLEM;
+ goto return_results;
+ }
+
+ if ( is_entry_referral( np ) ) {
+ /* parent is a referral, don't allow add */
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn)
+ ": entry is referral\n",
+ 0, 0, 0 );
+ rs->sr_text = "new superior is a referral";
+ rs->sr_err = LDAP_OTHER;
+ goto return_results;
+ }
+
+ } else {
+ np_dn = NULL;
+
+ /* no parent, modrdn entry directly under root */
+ if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
+ || be_isupdate( op ) ) {
+ np = (Entry *)&slap_entry_root;
+
+ /* check parent for "children" acl */
+ rs->sr_err = access_allowed( op, np,
+ children, NULL, ACL_WADD, NULL );
+
+ np = NULL;
+
+ if ( ! rs->sr_err ) {
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ Debug( LDAP_DEBUG_TRACE,
+ "no access to new superior\n",
+ 0, 0, 0 );
+ rs->sr_text =
+ "no write access to new superior's children";
+ goto return_results;
+ }
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn)
+ ": wr to new parent's children OK\n",
+ 0, 0, 0 );
+
+ new_parent_dn = np_dn;
+ }
+
+ /* Build target dn and make sure target entry doesn't exist already. */
+ if (!new_dn.bv_val) {
+ build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL );
+ }
+
+ if (!new_ndn.bv_val) {
+ struct berval bv = {0, NULL};
+ dnNormalize( 0, NULL, NULL, &new_dn, &bv, op->o_tmpmemctx );
+ ber_dupbv( &new_ndn, &bv );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_modrdn) ": new ndn=%s\n",
+ new_ndn.bv_val, 0, 0 );
+
+ /* Shortcut the search */
+ nei = neip ? neip : eip;
+ rs->sr_err = bdb_cache_find_ndn ( op, ltid, &new_ndn, &nei );
+ if ( nei ) bdb_cache_entryinfo_unlock( nei );
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ case DB_NOTFOUND:
+ break;
+ case 0:
+ rs->sr_err = LDAP_ALREADY_EXISTS;
+ goto return_results;
+ default:
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+
+ /* Get attribute type and attribute value of our new rdn, we will
+ * need to add that to our new entry
+ */
+ if ( !new_rdn && ldap_bv2rdn_x( &op->oq_modrdn.rs_newrdn, &new_rdn,
+ (char **)&rs->sr_text, LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn) ": can't figure out "
+ "type(s)/values(s) of newrdn\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_INVALID_DN_SYNTAX;
+ rs->sr_text = "unknown type(s) used in RDN";
+ goto return_results;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn)
+ ": new_rdn_type=\"%s\", new_rdn_val=\"%s\"\n",
+ new_rdn[ 0 ]->la_attr.bv_val,
+ new_rdn[ 0 ]->la_value.bv_val, 0 );
+
+ if ( op->oq_modrdn.rs_deleteoldrdn ) {
+ if ( !old_rdn && ldap_bv2rdn_x( &op->o_req_dn, &old_rdn,
+ (char **)&rs->sr_text, LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn) ": can't figure out "
+ "the old_rdn type(s)/value(s)\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "cannot parse RDN from old DN";
+ goto return_results;
+ }
+ }
+
+ /* prepare modlist of modifications from old/new rdn */
+ if (!mod) {
+ rs->sr_err = slap_modrdn2mods( op, rs, e, old_rdn, new_rdn, &mod );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ goto return_results;
+ }
+ }
+
+ if( op->o_preread ) {
+ if( preread_ctrl == NULL ) {
+ preread_ctrl = &ctrls[num_ctrls++];
+ ctrls[num_ctrls] = NULL;
+ }
+ if( slap_read_controls( op, rs, e,
+ &slap_pre_read_bv, preread_ctrl ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_modrdn)
+ ": post-read failed!\n", 0, 0, 0 );
+ goto return_results;
+ }
+ }
+
+ /* nested transaction */
+ rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2, bdb->bi_db_opflags );
+ rs->sr_text = NULL;
+ if( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn)
+ ": txn_begin(2) failed: %s (%d)\n",
+ db_strerror(rs->sr_err), rs->sr_err, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+
+ /* delete old DN */
+ rs->sr_err = bdb_dn2id_delete( op, lt2, eip, e );
+ if ( rs->sr_err != 0 ) {
+ Debug(LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_modrdn)
+ ": dn2id del failed: %s (%d)\n",
+ db_strerror(rs->sr_err), rs->sr_err, 0 );
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "DN index delete fail";
+ goto return_results;
+ }
+
+ /* copy the entry, then override some fields */
+ dummy = *e;
+ dummy.e_name = new_dn;
+ dummy.e_nname = new_ndn;
+ dummy.e_attrs = NULL;
+
+ /* add new DN */
+ rs->sr_err = bdb_dn2id_add( op, lt2, neip ? neip : eip, &dummy );
+ if ( rs->sr_err != 0 ) {
+ Debug(LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_modrdn)
+ ": dn2id add failed: %s (%d)\n",
+ db_strerror(rs->sr_err), rs->sr_err, 0 );
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "DN index add failed";
+ goto return_results;
+ }
+
+ dummy.e_attrs = e->e_attrs;
+
+ /* modify entry */
+ rs->sr_err = bdb_modify_internal( op, lt2, &mod[0], &dummy,
+ &rs->sr_text, textbuf, textlen );
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ Debug(LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_modrdn)
+ ": modify failed: %s (%d)\n",
+ db_strerror(rs->sr_err), rs->sr_err, 0 );
+ if ( ( rs->sr_err == LDAP_INSUFFICIENT_ACCESS ) && opinfo.boi_err ) {
+ rs->sr_err = opinfo.boi_err;
+ }
+ if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+ goto return_results;
+ }
+
+ /* id2entry index */
+ rs->sr_err = bdb_id2entry_update( op->o_bd, lt2, &dummy );
+ if ( rs->sr_err != 0 ) {
+ Debug(LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_modrdn)
+ ": id2entry failed: %s (%d)\n",
+ db_strerror(rs->sr_err), rs->sr_err, 0 );
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "entry update failed";
+ goto return_results;
+ }
+
+ if ( p_ndn.bv_len != 0 ) {
+ parent_is_glue = is_entry_glue(p);
+ rs->sr_err = bdb_cache_children( op, lt2, p );
+ if ( rs->sr_err != DB_NOTFOUND ) {
+ switch( rs->sr_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ case 0:
+ break;
+ default:
+ Debug(LDAP_DEBUG_ARGS,
+ "<=- " LDAP_XSTRING(bdb_modrdn)
+ ": has_children failed: %s (%d)\n",
+ db_strerror(rs->sr_err), rs->sr_err, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+ parent_is_leaf = 1;
+ }
+ bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
+ p = NULL;
+ }
+
+ if ( TXN_COMMIT( lt2, 0 ) != 0 ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "txn_commit(2) failed";
+ goto return_results;
+ }
+
+ if( op->o_postread ) {
+ if( postread_ctrl == NULL ) {
+ postread_ctrl = &ctrls[num_ctrls++];
+ ctrls[num_ctrls] = NULL;
+ }
+ if( slap_read_controls( op, rs, &dummy,
+ &slap_post_read_bv, postread_ctrl ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- " LDAP_XSTRING(bdb_modrdn)
+ ": post-read failed!\n", 0, 0, 0 );
+ goto return_results;
+ }
+ }
+
+ if( op->o_noop ) {
+ if(( rs->sr_err=TXN_ABORT( ltid )) != 0 ) {
+ rs->sr_text = "txn_abort (no-op) failed";
+ } else {
+ rs->sr_err = LDAP_X_NO_OPERATION;
+ ltid = NULL;
+ goto return_results;
+ }
+
+ } else {
+ rc = bdb_cache_modrdn( bdb, e, &op->orr_nnewrdn, &dummy, neip,
+ locker, &lock );
+ switch( rc ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+ dummy.e_attrs = NULL;
+ new_dn.bv_val = NULL;
+ new_ndn.bv_val = NULL;
+
+ if(( rs->sr_err=TXN_COMMIT( ltid, 0 )) != 0 ) {
+ rs->sr_text = "txn_commit failed";
+ } else {
+ rs->sr_err = LDAP_SUCCESS;
+ }
+ }
+
+ ltid = NULL;
+ op->o_private = NULL;
+
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn) ": %s : %s (%d)\n",
+ rs->sr_text, db_strerror(rs->sr_err), rs->sr_err );
+ rs->sr_err = LDAP_OTHER;
+
+ goto return_results;
+ }
+
+ Debug(LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn)
+ ": rdn modified%s id=%08lx dn=\"%s\"\n",
+ op->o_noop ? " (no-op)" : "",
+ dummy.e_id, op->o_req_dn.bv_val );
+ rs->sr_text = NULL;
+ if( num_ctrls ) rs->sr_ctrls = ctrls;
+
+return_results:
+ if ( dummy.e_attrs ) {
+ attrs_free( dummy.e_attrs );
+ }
+ send_ldap_result( op, rs );
+
+ if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
+ TXN_CHECKPOINT( bdb->bi_dbenv,
+ bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
+ }
+
+ if ( rs->sr_err == LDAP_SUCCESS && parent_is_glue && parent_is_leaf ) {
+ op->o_delete_glue_parent = 1;
+ }
+
+done:
+ slap_graduate_commit_csn( op );
+
+ if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
+ if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
+
+ /* LDAP v2 supporting correct attribute handling. */
+ if ( new_rdn != NULL ) {
+ ldap_rdnfree_x( new_rdn, op->o_tmpmemctx );
+ }
+
+ if ( old_rdn != NULL ) {
+ ldap_rdnfree_x( old_rdn, op->o_tmpmemctx );
+ }
+
+ if( mod != NULL ) {
+ slap_modrdn2mods_free( mod );
+ }
+
+ /* LDAP v3 Support */
+ if( np != NULL ) {
+ /* free new parent and reader lock */
+ bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, np);
+ }
+
+ if( p != NULL ) {
+ /* free parent and reader lock */
+ bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
+ }
+
+ /* free entry */
+ if( e != NULL ) {
+ bdb_unlocked_cache_return_entry_w( &bdb->bi_cache, e);
+ }
+
+ if( ltid != NULL ) {
+ TXN_ABORT( ltid );
+ }
+ op->o_private = NULL;
+
+ if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
+ slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+ slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
+ }
+ if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
+ slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+ slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
+ }
+ return rs->sr_err;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/nextid.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/nextid.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/nextid.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,80 @@
+/* init.c - initialize bdb backend */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/nextid.c,v 1.23.2.4 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-bdb.h"
+
+int bdb_next_id( BackendDB *be, DB_TXN *tid, ID *out )
+{
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+
+ ldap_pvt_thread_mutex_lock( &bdb->bi_lastid_mutex );
+ *out = ++bdb->bi_lastid;
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_lastid_mutex );
+
+ return 0;
+}
+
+int bdb_last_id( BackendDB *be, DB_TXN *tid )
+{
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ int rc;
+ ID id = 0;
+ unsigned char idbuf[sizeof(ID)];
+ DBT key, data;
+ DBC *cursor;
+
+ DBTzero( &key );
+ key.flags = DB_DBT_USERMEM;
+ key.data = (char *) idbuf;
+ key.ulen = sizeof( idbuf );
+
+ DBTzero( &data );
+ data.flags = DB_DBT_USERMEM | DB_DBT_PARTIAL;
+
+ /* Get a read cursor */
+ rc = bdb->bi_id2entry->bdi_db->cursor( bdb->bi_id2entry->bdi_db,
+ tid, &cursor, 0 );
+
+ if (rc == 0) {
+ rc = cursor->c_get(cursor, &key, &data, DB_LAST);
+ cursor->c_close(cursor);
+ }
+
+ switch(rc) {
+ case DB_NOTFOUND:
+ rc = 0;
+ break;
+ case 0:
+ BDB_DISK2ID( idbuf, &id );
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "=> bdb_last_id: get failed: %s (%d)\n",
+ db_strerror(rc), rc, 0 );
+ goto done;
+ }
+
+ bdb->bi_lastid = id;
+
+done:
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/operational.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/operational.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/operational.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,112 @@
+/* operational.c - bdb backend operational attributes function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/operational.c,v 1.24.2.5 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-bdb.h"
+
+/*
+ * sets *hasSubordinates to LDAP_COMPARE_TRUE/LDAP_COMPARE_FALSE
+ * if the entry has children or not.
+ */
+int
+bdb_hasSubordinates(
+ Operation *op,
+ Entry *e,
+ int *hasSubordinates )
+{
+ int rc;
+
+ assert( e != NULL );
+
+ /* NOTE: this should never happen, but it actually happens
+ * when using back-relay; until we find a better way to
+ * preserve entry's private information while rewriting it,
+ * let's disable the hasSubordinate feature for back-relay.
+ */
+ if ( BEI( e ) == NULL ) {
+ return LDAP_OTHER;
+ }
+
+retry:
+ /* FIXME: we can no longer assume the entry's e_private
+ * field is correctly populated; so we need to reacquire
+ * it with reader lock */
+ rc = bdb_cache_children( op, NULL, e );
+
+ switch( rc ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+
+ case 0:
+ *hasSubordinates = LDAP_COMPARE_TRUE;
+ break;
+
+ case DB_NOTFOUND:
+ *hasSubordinates = LDAP_COMPARE_FALSE;
+ rc = LDAP_SUCCESS;
+ break;
+
+ default:
+ Debug(LDAP_DEBUG_ARGS,
+ "<=- " LDAP_XSTRING(bdb_hasSubordinates)
+ ": has_children failed: %s (%d)\n",
+ db_strerror(rc), rc, 0 );
+ rc = LDAP_OTHER;
+ }
+
+ return rc;
+}
+
+/*
+ * sets the supported operational attributes (if required)
+ */
+int
+bdb_operational(
+ Operation *op,
+ SlapReply *rs )
+{
+ Attribute **ap;
+
+ assert( rs->sr_entry != NULL );
+
+ for ( ap = &rs->sr_operational_attrs; *ap; ap = &(*ap)->a_next )
+ /* just count */ ;
+
+ if ( SLAP_OPATTRS( rs->sr_attr_flags ) ||
+ ad_inlist( slap_schema.si_ad_hasSubordinates, rs->sr_attrs ) )
+ {
+ int hasSubordinates, rc;
+
+ rc = bdb_hasSubordinates( op, rs->sr_entry, &hasSubordinates );
+ if ( rc == LDAP_SUCCESS ) {
+ *ap = slap_operational_hasSubordinate( hasSubordinates == LDAP_COMPARE_TRUE );
+ assert( *ap != NULL );
+
+ ap = &(*ap)->a_next;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/proto-bdb.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/proto-bdb.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/proto-bdb.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,661 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/proto-bdb.h,v 1.111.2.11 2007/01/25 12:42:38 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _PROTO_BDB_H
+#define _PROTO_BDB_H
+
+LDAP_BEGIN_DECL
+
+#ifdef BDB_HIER
+#define BDB_SYMBOL(x) LDAP_CONCAT(hdb_,x)
+#define BDB_UCTYPE "HDB"
+#else
+#define BDB_SYMBOL(x) LDAP_CONCAT(bdb_,x)
+#define BDB_UCTYPE "BDB"
+#endif
+
+/*
+ * attr.c
+ */
+
+#define bdb_attr_mask BDB_SYMBOL(attr_mask)
+#define bdb_attr_flush BDB_SYMBOL(attr_flush)
+#define bdb_attr_slot BDB_SYMBOL(attr_slot)
+#define bdb_attr_index_config BDB_SYMBOL(attr_index_config)
+#define bdb_attr_index_destroy BDB_SYMBOL(attr_index_destroy)
+#define bdb_attr_index_free BDB_SYMBOL(attr_index_free)
+#define bdb_attr_index_unparse BDB_SYMBOL(attr_index_unparse)
+#define bdb_attr_info_free BDB_SYMBOL(attr_info_free)
+
+AttrInfo *bdb_attr_mask( struct bdb_info *bdb,
+ AttributeDescription *desc );
+
+void bdb_attr_flush( struct bdb_info *bdb );
+
+int bdb_attr_slot( struct bdb_info *bdb,
+ AttributeDescription *desc, unsigned *insert );
+
+int bdb_attr_index_config LDAP_P(( struct bdb_info *bdb,
+ const char *fname, int lineno,
+ int argc, char **argv ));
+
+void bdb_attr_index_unparse LDAP_P(( struct bdb_info *bdb, BerVarray *bva ));
+void bdb_attr_index_destroy LDAP_P(( struct bdb_info *bdb ));
+void bdb_attr_index_free LDAP_P(( struct bdb_info *bdb,
+ AttributeDescription *ad ));
+
+void bdb_attr_info_free( AttrInfo *ai );
+
+/*
+ * config.c
+ */
+
+#define bdb_back_init_cf BDB_SYMBOL(back_init_cf)
+
+int bdb_back_init_cf( BackendInfo *bi );
+
+/*
+ * dbcache.c
+ */
+#define bdb_db_cache BDB_SYMBOL(db_cache)
+
+int
+bdb_db_cache(
+ Backend *be,
+ const char *name,
+ DB **db );
+
+/*
+ * dn2entry.c
+ */
+#define bdb_dn2entry BDB_SYMBOL(dn2entry)
+
+int bdb_dn2entry LDAP_P(( Operation *op, DB_TXN *tid,
+ struct berval *dn, EntryInfo **e, int matched,
+ u_int32_t locker, DB_LOCK *lock ));
+
+/*
+ * dn2id.c
+ */
+#define bdb_dn2id BDB_SYMBOL(dn2id)
+#define bdb_dn2id_add BDB_SYMBOL(dn2id_add)
+#define bdb_dn2id_delete BDB_SYMBOL(dn2id_delete)
+#define bdb_dn2id_children BDB_SYMBOL(dn2id_children)
+#define bdb_dn2idl BDB_SYMBOL(dn2idl)
+
+int bdb_dn2id(
+ Operation *op,
+ DB_TXN *tid,
+ struct berval *dn,
+ EntryInfo *ei );
+
+int bdb_dn2id_add(
+ Operation *op,
+ DB_TXN *tid,
+ EntryInfo *eip,
+ Entry *e );
+
+int bdb_dn2id_delete(
+ Operation *op,
+ DB_TXN *tid,
+ EntryInfo *eip,
+ Entry *e );
+
+int bdb_dn2id_children(
+ Operation *op,
+ DB_TXN *tid,
+ Entry *e );
+
+int bdb_dn2idl(
+ Operation *op,
+ Entry *e,
+ ID *ids,
+ ID *stack );
+
+#ifdef BDB_HIER
+#define bdb_dn2id_parent BDB_SYMBOL(dn2id_parent)
+#define bdb_fix_dn BDB_SYMBOL(fix_dn)
+
+int bdb_dn2id_parent(
+ Operation *op,
+ DB_TXN *txn,
+ u_int32_t locker,
+ EntryInfo *ei,
+ ID *idp );
+
+int bdb_fix_dn( Entry *e, int checkit );
+#endif
+
+
+/*
+ * error.c
+ */
+#define bdb_errcall BDB_SYMBOL(errcall)
+
+#if DB_VERSION_FULL < 0x04030000
+void bdb_errcall( const char *pfx, char * msg );
+#else
+#define bdb_msgcall BDB_SYMBOL(msgcall)
+void bdb_errcall( const DB_ENV *env, const char *pfx, const char * msg );
+void bdb_msgcall( const DB_ENV *env, const char * msg );
+#endif
+
+#ifdef HAVE_EBCDIC
+#define ebcdic_dberror BDB_SYMBOL(ebcdic_dberror)
+
+char *ebcdic_dberror( int rc );
+#define db_strerror(x) ebcdic_dberror(x)
+#endif
+
+/*
+ * filterentry.c
+ */
+#define bdb_filter_candidates BDB_SYMBOL(filter_candidates)
+
+int bdb_filter_candidates(
+ Operation *op,
+ Filter *f,
+ ID *ids,
+ ID *tmp,
+ ID *stack );
+
+/*
+ * id2entry.c
+ */
+#define bdb_id2entry BDB_SYMBOL(id2entry)
+#define bdb_id2entry_add BDB_SYMBOL(id2entry_add)
+#define bdb_id2entry_update BDB_SYMBOL(id2entry_update)
+#define bdb_id2entry_delete BDB_SYMBOL(id2entry_delete)
+
+int bdb_id2entry_add(
+ BackendDB *be,
+ DB_TXN *tid,
+ Entry *e );
+
+int bdb_id2entry_update(
+ BackendDB *be,
+ DB_TXN *tid,
+ Entry *e );
+
+int bdb_id2entry_delete(
+ BackendDB *be,
+ DB_TXN *tid,
+ Entry *e);
+
+#ifdef SLAP_ZONE_ALLOC
+#else
+int bdb_id2entry(
+ BackendDB *be,
+ DB_TXN *tid,
+ u_int32_t locker,
+ ID id,
+ Entry **e);
+#endif
+
+#define bdb_entry_free BDB_SYMBOL(entry_free)
+#define bdb_entry_return BDB_SYMBOL(entry_return)
+#define bdb_entry_release BDB_SYMBOL(entry_release)
+#define bdb_entry_get BDB_SYMBOL(entry_get)
+
+void bdb_entry_free ( Entry *e );
+#ifdef SLAP_ZONE_ALLOC
+int bdb_entry_return( struct bdb_info *bdb, Entry *e, int seqno );
+#else
+int bdb_entry_return( Entry *e );
+#endif
+BI_entry_release_rw bdb_entry_release;
+BI_entry_get_rw bdb_entry_get;
+
+
+/*
+ * idl.c
+ */
+
+#define bdb_idl_cache_get BDB_SYMBOL(idl_cache_get)
+#define bdb_idl_cache_put BDB_SYMBOL(idl_cache_put)
+#define bdb_idl_cache_del BDB_SYMBOL(idl_cache_del)
+#define bdb_idl_cache_add_id BDB_SYMBOL(idl_cache_add_id)
+#define bdb_idl_cache_del_id BDB_SYMBOL(idl_cache_del_id)
+
+int bdb_idl_cache_get(
+ struct bdb_info *bdb,
+ DB *db,
+ DBT *key,
+ ID *ids );
+
+void
+bdb_idl_cache_put(
+ struct bdb_info *bdb,
+ DB *db,
+ DBT *key,
+ ID *ids,
+ int rc );
+
+void
+bdb_idl_cache_del(
+ struct bdb_info *bdb,
+ DB *db,
+ DBT *key );
+
+void
+bdb_idl_cache_add_id(
+ struct bdb_info *bdb,
+ DB *db,
+ DBT *key,
+ ID id );
+
+void
+bdb_idl_cache_del_id(
+ struct bdb_info *bdb,
+ DB *db,
+ DBT *key,
+ ID id );
+
+#define bdb_idl_first BDB_SYMBOL(idl_first)
+#define bdb_idl_next BDB_SYMBOL(idl_next)
+#define bdb_idl_search BDB_SYMBOL(idl_search)
+#define bdb_idl_insert BDB_SYMBOL(idl_insert)
+#define bdb_idl_intersection BDB_SYMBOL(idl_intersection)
+#define bdb_idl_union BDB_SYMBOL(idl_union)
+#define bdb_idl_sort BDB_SYMBOL(idl_sort)
+#define bdb_idl_append BDB_SYMBOL(idl_append)
+#define bdb_idl_append_one BDB_SYMBOL(idl_append_one)
+
+#define bdb_idl_fetch_key BDB_SYMBOL(idl_fetch_key)
+#define bdb_idl_insert_key BDB_SYMBOL(idl_insert_key)
+#define bdb_idl_delete_key BDB_SYMBOL(idl_delete_key)
+
+unsigned bdb_idl_search( ID *ids, ID id );
+
+int bdb_idl_fetch_key(
+ BackendDB *be,
+ DB *db,
+ DB_TXN *tid,
+ DBT *key,
+ ID *ids,
+ DBC **saved_cursor,
+ int get_flag );
+
+int bdb_idl_insert( ID *ids, ID id );
+
+int bdb_idl_insert_key(
+ BackendDB *be,
+ DB *db,
+ DB_TXN *txn,
+ DBT *key,
+ ID id );
+
+int bdb_idl_delete_key(
+ BackendDB *be,
+ DB *db,
+ DB_TXN *txn,
+ DBT *key,
+ ID id );
+
+int
+bdb_idl_intersection(
+ ID *a,
+ ID *b );
+
+int
+bdb_idl_union(
+ ID *a,
+ ID *b );
+
+ID bdb_idl_first( ID *ids, ID *cursor );
+ID bdb_idl_next( ID *ids, ID *cursor );
+
+void bdb_idl_sort( ID *ids, ID *tmp );
+int bdb_idl_append( ID *a, ID *b );
+int bdb_idl_append_one( ID *ids, ID id );
+
+
+/*
+ * index.c
+ */
+#define bdb_index_is_indexed BDB_SYMBOL(index_is_indexed)
+#define bdb_index_param BDB_SYMBOL(index_param)
+#define bdb_index_values BDB_SYMBOL(index_values)
+#define bdb_index_entry BDB_SYMBOL(index_entry)
+#define bdb_index_recset BDB_SYMBOL(index_recset)
+#define bdb_index_recrun BDB_SYMBOL(index_recrun)
+
+extern int
+bdb_index_is_indexed LDAP_P((
+ Backend *be,
+ AttributeDescription *desc ));
+
+extern int
+bdb_index_param LDAP_P((
+ Backend *be,
+ AttributeDescription *desc,
+ int ftype,
+ DB **db,
+ slap_mask_t *mask,
+ struct berval *prefix ));
+
+extern int
+bdb_index_values LDAP_P((
+ Operation *op,
+ DB_TXN *txn,
+ AttributeDescription *desc,
+ BerVarray vals,
+ ID id,
+ int opid ));
+
+extern int
+bdb_index_recset LDAP_P((
+ struct bdb_info *bdb,
+ Attribute *a,
+ AttributeType *type,
+ struct berval *tags,
+ IndexRec *ir ));
+
+extern int
+bdb_index_recrun LDAP_P((
+ Operation *op,
+ struct bdb_info *bdb,
+ IndexRec *ir,
+ ID id,
+ int base ));
+
+int bdb_index_entry LDAP_P(( Operation *op, DB_TXN *t, int r, Entry *e ));
+
+#define bdb_index_entry_add(op,t,e) \
+ bdb_index_entry((op),(t),SLAP_INDEX_ADD_OP,(e))
+#define bdb_index_entry_del(op,t,e) \
+ bdb_index_entry((op),(t),SLAP_INDEX_DELETE_OP,(e))
+
+/*
+ * key.c
+ */
+#define bdb_key_read BDB_SYMBOL(key_read)
+#define bdb_key_change BDB_SYMBOL(key_change)
+
+extern int
+bdb_key_read(
+ Backend *be,
+ DB *db,
+ DB_TXN *txn,
+ struct berval *k,
+ ID *ids,
+ DBC **saved_cursor,
+ int get_flags );
+
+extern int
+bdb_key_change(
+ Backend *be,
+ DB *db,
+ DB_TXN *txn,
+ struct berval *k,
+ ID id,
+ int op );
+
+/*
+ * nextid.c
+ */
+#define bdb_next_id BDB_SYMBOL(next_id)
+#define bdb_last_id BDB_SYMBOL(last_id)
+
+int bdb_next_id( BackendDB *be, DB_TXN *tid, ID *id );
+int bdb_last_id( BackendDB *be, DB_TXN *tid );
+
+/*
+ * modify.c
+ */
+#define bdb_modify_internal BDB_SYMBOL(modify_internal)
+
+int bdb_modify_internal(
+ Operation *op,
+ DB_TXN *tid,
+ Modifications *modlist,
+ Entry *e,
+ const char **text,
+ char *textbuf,
+ size_t textlen );
+
+
+/*
+ * cache.c
+ */
+#define bdb_cache_entry_db_unlock BDB_SYMBOL(cache_entry_db_unlock)
+
+#define bdb_cache_entryinfo_lock(e) \
+ ldap_pvt_thread_mutex_lock( &(e)->bei_kids_mutex )
+#define bdb_cache_entryinfo_unlock(e) \
+ ldap_pvt_thread_mutex_unlock( &(e)->bei_kids_mutex )
+
+/* What a mess. Hopefully the current cache scheme will stabilize
+ * and we can trim out all of this stuff.
+ */
+#if 0
+void bdb_cache_return_entry_rw( DB_ENV *env, Cache *cache, Entry *e,
+ int rw, DB_LOCK *lock );
+#else
+#define bdb_cache_return_entry_rw( env, cache, e, rw, lock ) \
+ bdb_cache_entry_db_unlock( env, lock )
+#define bdb_cache_return_entry( env, lock ) \
+ bdb_cache_entry_db_unlock( env, lock )
+#endif
+#define bdb_cache_return_entry_r(env, c, e, l) \
+ bdb_cache_return_entry_rw((env), (c), (e), 0, (l))
+#define bdb_cache_return_entry_w(env, c, e, l) \
+ bdb_cache_return_entry_rw((env), (c), (e), 1, (l))
+#if 0
+void bdb_unlocked_cache_return_entry_rw( Cache *cache, Entry *e, int rw );
+#else
+#define bdb_unlocked_cache_return_entry_rw( a, b, c ) ((void)0)
+#endif
+#define bdb_unlocked_cache_return_entry_r( c, e ) \
+ bdb_unlocked_cache_return_entry_rw((c), (e), 0)
+#define bdb_unlocked_cache_return_entry_w( c, e ) \
+ bdb_unlocked_cache_return_entry_rw((c), (e), 1)
+
+#define bdb_cache_add BDB_SYMBOL(cache_add)
+#define bdb_cache_children BDB_SYMBOL(cache_children)
+#define bdb_cache_delete BDB_SYMBOL(cache_delete)
+#define bdb_cache_delete_cleanup BDB_SYMBOL(cache_delete_cleanup)
+#define bdb_cache_find_id BDB_SYMBOL(cache_find_id)
+#define bdb_cache_find_info BDB_SYMBOL(cache_find_info)
+#define bdb_cache_find_ndn BDB_SYMBOL(cache_find_ndn)
+#define bdb_cache_find_parent BDB_SYMBOL(cache_find_parent)
+#define bdb_cache_modify BDB_SYMBOL(cache_modify)
+#define bdb_cache_modrdn BDB_SYMBOL(cache_modrdn)
+#define bdb_cache_release_all BDB_SYMBOL(cache_release_all)
+#define bdb_cache_delete_entry BDB_SYMBOL(cache_delete_entry)
+
+int bdb_cache_children(
+ Operation *op,
+ DB_TXN *txn,
+ Entry *e
+);
+int bdb_cache_add(
+ struct bdb_info *bdb,
+ EntryInfo *pei,
+ Entry *e,
+ struct berval *nrdn,
+ u_int32_t locker
+);
+int bdb_cache_modrdn(
+ struct bdb_info *bdb,
+ Entry *e,
+ struct berval *nrdn,
+ Entry *new,
+ EntryInfo *ein,
+ u_int32_t locker,
+ DB_LOCK *lock
+);
+int bdb_cache_modify(
+ Entry *e,
+ Attribute *newAttrs,
+ DB_ENV *env,
+ u_int32_t locker,
+ DB_LOCK *lock
+);
+int bdb_cache_find_ndn(
+ Operation *op,
+ DB_TXN *txn,
+ struct berval *ndn,
+ EntryInfo **res
+);
+EntryInfo * bdb_cache_find_info(
+ struct bdb_info *bdb,
+ ID id
+);
+int bdb_cache_find_id(
+ Operation *op,
+ DB_TXN *tid,
+ ID id,
+ EntryInfo **eip,
+ int islocked,
+ u_int32_t locker,
+ DB_LOCK *lock
+);
+int
+bdb_cache_find_parent(
+ Operation *op,
+ DB_TXN *txn,
+ u_int32_t locker,
+ ID id,
+ EntryInfo **res
+);
+int bdb_cache_delete(
+ Cache *cache,
+ Entry *e,
+ DB_ENV *env,
+ u_int32_t locker,
+ DB_LOCK *lock
+);
+void bdb_cache_delete_cleanup(
+ Cache *cache,
+ EntryInfo *ei
+);
+void bdb_cache_release_all( Cache *cache );
+void bdb_cache_delete_entry(
+ struct bdb_info *bdb,
+ EntryInfo *ei,
+ u_int32_t locker,
+ DB_LOCK *lock
+);
+
+#ifdef BDB_HIER
+int hdb_cache_load(
+ struct bdb_info *bdb,
+ EntryInfo *ei,
+ EntryInfo **res
+);
+#endif
+
+#define bdb_cache_entry_db_relock BDB_SYMBOL(cache_entry_db_relock)
+int bdb_cache_entry_db_relock(
+ DB_ENV *env,
+ u_int32_t locker,
+ EntryInfo *ei,
+ int rw,
+ int tryOnly,
+ DB_LOCK *lock );
+
+int bdb_cache_entry_db_unlock(
+ DB_ENV *env,
+ DB_LOCK *lock );
+
+#ifdef BDB_REUSE_LOCKERS
+
+#define bdb_locker_id BDB_SYMBOL(locker_id)
+#define bdb_locker_flush BDB_SYMBOL(locker_flush)
+int bdb_locker_id( Operation *op, DB_ENV *env, u_int32_t *locker );
+void bdb_locker_flush( DB_ENV *env );
+
+#define LOCK_ID_FREE(env, locker) ((void)0)
+#define LOCK_ID(env, locker) bdb_locker_id(op, env, locker)
+
+#else
+
+#define LOCK_ID_FREE(env, locker) XLOCK_ID_FREE(env, locker)
+#define LOCK_ID(env, locker) XLOCK_ID(env, locker)
+
+#endif
+
+/*
+ * trans.c
+ */
+#define bdb_trans_backoff BDB_SYMBOL(trans_backoff)
+
+void
+bdb_trans_backoff( int num_retries );
+
+/*
+ * former external.h
+ */
+
+#define bdb_back_initialize BDB_SYMBOL(back_initialize)
+#define bdb_db_config BDB_SYMBOL(db_config)
+#define bdb_add BDB_SYMBOL(add)
+#define bdb_bind BDB_SYMBOL(bind)
+#define bdb_compare BDB_SYMBOL(compare)
+#define bdb_delete BDB_SYMBOL(delete)
+#define bdb_modify BDB_SYMBOL(modify)
+#define bdb_modrdn BDB_SYMBOL(modrdn)
+#define bdb_search BDB_SYMBOL(search)
+#define bdb_extended BDB_SYMBOL(extended)
+#define bdb_referrals BDB_SYMBOL(referrals)
+#define bdb_operational BDB_SYMBOL(operational)
+#define bdb_hasSubordinates BDB_SYMBOL(hasSubordinates)
+#define bdb_tool_entry_open BDB_SYMBOL(tool_entry_open)
+#define bdb_tool_entry_close BDB_SYMBOL(tool_entry_close)
+#define bdb_tool_entry_next BDB_SYMBOL(tool_entry_next)
+#define bdb_tool_entry_get BDB_SYMBOL(tool_entry_get)
+#define bdb_tool_entry_put BDB_SYMBOL(tool_entry_put)
+#define bdb_tool_entry_reindex BDB_SYMBOL(tool_entry_reindex)
+#define bdb_tool_dn2id_get BDB_SYMBOL(tool_dn2id_get)
+#define bdb_tool_id2entry_get BDB_SYMBOL(tool_id2entry_get)
+#define bdb_tool_entry_modify BDB_SYMBOL(tool_entry_modify)
+#define bdb_tool_idl_add BDB_SYMBOL(tool_idl_add)
+
+extern BI_init bdb_back_initialize;
+
+extern BI_db_config bdb_db_config;
+
+extern BI_op_add bdb_add;
+extern BI_op_bind bdb_bind;
+extern BI_op_compare bdb_compare;
+extern BI_op_delete bdb_delete;
+extern BI_op_modify bdb_modify;
+extern BI_op_modrdn bdb_modrdn;
+extern BI_op_search bdb_search;
+extern BI_op_extended bdb_extended;
+
+extern BI_chk_referrals bdb_referrals;
+
+extern BI_operational bdb_operational;
+
+extern BI_has_subordinates bdb_hasSubordinates;
+
+/* tools.c */
+extern BI_tool_entry_open bdb_tool_entry_open;
+extern BI_tool_entry_close bdb_tool_entry_close;
+extern BI_tool_entry_next bdb_tool_entry_next;
+extern BI_tool_entry_get bdb_tool_entry_get;
+extern BI_tool_entry_put bdb_tool_entry_put;
+extern BI_tool_entry_reindex bdb_tool_entry_reindex;
+extern BI_tool_dn2id_get bdb_tool_dn2id_get;
+extern BI_tool_id2entry_get bdb_tool_id2entry_get;
+extern BI_tool_entry_modify bdb_tool_entry_modify;
+
+int bdb_tool_idl_add( BackendDB *be, DB *db, DB_TXN *txn, DBT *key, ID id );
+
+LDAP_END_DECL
+
+#endif /* _PROTO_BDB_H */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/referral.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/referral.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/referral.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,162 @@
+/* referral.c - BDB backend referral handler */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/referral.c,v 1.36.2.6 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-bdb.h"
+
+int
+bdb_referrals( Operation *op, SlapReply *rs )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ Entry *e = NULL;
+ EntryInfo *ei;
+ int rc = LDAP_SUCCESS;
+
+ u_int32_t locker;
+ DB_LOCK lock;
+
+ if( op->o_tag == LDAP_REQ_SEARCH ) {
+ /* let search take care of itself */
+ return rc;
+ }
+
+ if( get_manageDSAit( op ) ) {
+ /* let op take care of DSA management */
+ return rc;
+ }
+
+ rc = LOCK_ID(bdb->bi_dbenv, &locker);
+ switch(rc) {
+ case 0:
+ break;
+ default:
+ return LDAP_OTHER;
+ }
+
+dn2entry_retry:
+ /* get entry */
+ rc = bdb_dn2entry( op, NULL, &op->o_req_ndn, &ei, 1, locker, &lock );
+
+ /* bdb_dn2entry() may legally leave ei == NULL
+ * if rc != 0 and rc != DB_NOTFOUND
+ */
+ if ( ei ) {
+ e = ei->bei_e;
+ }
+
+ switch(rc) {
+ case DB_NOTFOUND:
+ case 0:
+ break;
+ case LDAP_BUSY:
+ send_ldap_error( op, rs, LDAP_BUSY, "ldap server busy" );
+ LOCK_ID_FREE ( bdb->bi_dbenv, locker );
+ return LDAP_BUSY;
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto dn2entry_retry;
+ default:
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_referrals)
+ ": dn2entry failed: %s (%d)\n",
+ db_strerror(rc), rc, 0 );
+ send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
+ LOCK_ID_FREE ( bdb->bi_dbenv, locker );
+ return rs->sr_err;
+ }
+
+ if ( rc == DB_NOTFOUND ) {
+ rc = 0;
+ rs->sr_matched = NULL;
+ if ( e != NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_referrals)
+ ": op=%ld target=\"%s\" matched=\"%s\"\n",
+ (long) op->o_tag, op->o_req_dn.bv_val, e->e_name.bv_val );
+
+ if( is_entry_referral( e ) ) {
+ BerVarray ref = get_entry_referrals( op, e );
+ rc = LDAP_OTHER;
+ rs->sr_ref = referral_rewrite( ref, NULL,
+ &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ ber_bvarray_free( ref );
+ if ( rs->sr_ref ) {
+ rs->sr_matched = ber_strdup_x(
+ e->e_name.bv_val, op->o_tmpmemctx );
+ }
+ }
+
+ bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
+ e = NULL;
+ } else if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) && default_referral != NULL ) {
+ rc = LDAP_OTHER;
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ }
+
+ if( rs->sr_ref != NULL ) {
+ /* send referrals */
+ rc = rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ } else if ( rc != LDAP_SUCCESS ) {
+ rs->sr_err = rc;
+ rs->sr_text = rs->sr_matched ? "bad referral object" : NULL;
+ send_ldap_result( op, rs );
+ }
+
+ LOCK_ID_FREE ( bdb->bi_dbenv, locker );
+ if (rs->sr_matched) {
+ op->o_tmpfree( (char *)rs->sr_matched, op->o_tmpmemctx );
+ rs->sr_matched = NULL;
+ }
+ return rc;
+ }
+
+ if ( is_entry_referral( e ) ) {
+ /* entry is a referral */
+ BerVarray refs = get_entry_referrals( op, e );
+ rs->sr_ref = referral_rewrite(
+ refs, &e->e_name, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_referrals)
+ ": op=%ld target=\"%s\" matched=\"%s\"\n",
+ (long) op->o_tag, op->o_req_dn.bv_val, e->e_name.bv_val );
+
+ rs->sr_matched = e->e_name.bv_val;
+ if( rs->sr_ref != NULL ) {
+ rc = rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ } else {
+ send_ldap_error( op, rs, LDAP_OTHER, "bad referral object" );
+ rc = rs->sr_err;
+ }
+
+ rs->sr_matched = NULL;
+ ber_bvarray_free( refs );
+ }
+
+ bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
+ LOCK_ID_FREE ( bdb->bi_dbenv, locker );
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/search.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/search.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/search.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1301 @@
+/* search.c - search operation */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/search.c,v 1.221.2.15 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-bdb.h"
+#include "idl.h"
+
+static int base_candidate(
+ BackendDB *be,
+ Entry *e,
+ ID *ids );
+
+static int search_candidates(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e,
+ u_int32_t locker,
+ ID *ids,
+ ID *scopes );
+
+static int parse_paged_cookie( Operation *op, SlapReply *rs );
+
+static void send_paged_response(
+ Operation *op,
+ SlapReply *rs,
+ ID *lastid,
+ int tentries );
+
+/* Dereference aliases for a single alias entry. Return the final
+ * dereferenced entry on success, NULL on any failure.
+ */
+static Entry * deref_base (
+ Operation *op,
+ SlapReply *rs,
+ Entry *e,
+ Entry **matched,
+ u_int32_t locker,
+ DB_LOCK *lock,
+ ID *tmp,
+ ID *visited )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ struct berval ndn;
+ EntryInfo *ei;
+ DB_LOCK lockr;
+
+ rs->sr_err = LDAP_ALIAS_DEREF_PROBLEM;
+ rs->sr_text = "maximum deref depth exceeded";
+
+ for (;;) {
+ /* Remember the last entry we looked at, so we can
+ * report broken links
+ */
+ *matched = e;
+
+ if (BDB_IDL_N(tmp) >= op->o_bd->be_max_deref_depth) {
+ e = NULL;
+ break;
+ }
+
+ /* If this is part of a subtree or onelevel search,
+ * have we seen this ID before? If so, quit.
+ */
+ if ( visited && bdb_idl_insert( visited, e->e_id ) ) {
+ e = NULL;
+ break;
+ }
+
+ /* If we've seen this ID during this deref iteration,
+ * we've hit a loop.
+ */
+ if ( bdb_idl_insert( tmp, e->e_id ) ) {
+ rs->sr_err = LDAP_ALIAS_PROBLEM;
+ rs->sr_text = "circular alias";
+ e = NULL;
+ break;
+ }
+
+ /* If there was a problem getting the aliasedObjectName,
+ * get_alias_dn will have set the error status.
+ */
+ if ( get_alias_dn(e, &ndn, &rs->sr_err, &rs->sr_text) ) {
+ e = NULL;
+ break;
+ }
+
+ rs->sr_err = bdb_dn2entry( op, NULL, &ndn, &ei,
+ 0, locker, &lockr );
+
+ if ( ei ) {
+ e = ei->bei_e;
+ } else {
+ e = NULL;
+ }
+
+ if (!e) {
+ rs->sr_err = LDAP_ALIAS_PROBLEM;
+ rs->sr_text = "aliasedObject not found";
+ break;
+ }
+
+ /* Free the previous entry, continue to work with the
+ * one we just retrieved.
+ */
+ bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache,
+ *matched, lock);
+ *lock = lockr;
+
+ /* We found a regular entry. Return this to the caller. The
+ * entry is still locked for Read.
+ */
+ if (!is_entry_alias(e)) {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ break;
+ }
+ }
+ return e;
+}
+
+/* Look for and dereference all aliases within the search scope. Adds
+ * the dereferenced entries to the "ids" list. Requires "stack" to be
+ * able to hold 8 levels of DB_SIZE IDLs. Of course we're hardcoded to
+ * require a minimum of 8 UM_SIZE IDLs so this is never a problem.
+ */
+static int search_aliases(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e,
+ u_int32_t locker,
+ ID *ids,
+ ID *scopes,
+ ID *stack )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ ID *aliases, *curscop, *subscop, *visited, *newsubs, *oldsubs, *tmp;
+ ID cursora, ida, cursoro, ido, *subscop2;
+ Entry *matched, *a;
+ EntryInfo *ei;
+ struct berval bv_alias = BER_BVC( "alias" );
+#ifdef LDAP_COMP_MATCH
+ AttributeAssertion aa_alias = { NULL, BER_BVNULL, NULL };
+#else
+ AttributeAssertion aa_alias = { NULL, BER_BVNULL };
+#endif
+ Filter af;
+ DB_LOCK locka, lockr;
+ int first = 1;
+
+ aliases = stack; /* IDL of all aliases in the database */
+ curscop = aliases + BDB_IDL_DB_SIZE; /* Aliases in the current scope */
+ subscop = curscop + BDB_IDL_DB_SIZE; /* The current scope */
+ visited = subscop + BDB_IDL_DB_SIZE; /* IDs we've seen in this search */
+ newsubs = visited + BDB_IDL_DB_SIZE; /* New subtrees we've added */
+ oldsubs = newsubs + BDB_IDL_DB_SIZE; /* Subtrees added previously */
+ tmp = oldsubs + BDB_IDL_DB_SIZE; /* Scratch space for deref_base() */
+
+ /* A copy of subscop, because subscop gets clobbered by
+ * the bdb_idl_union/intersection routines
+ */
+ subscop2 = tmp + BDB_IDL_DB_SIZE;
+
+ af.f_choice = LDAP_FILTER_EQUALITY;
+ af.f_ava = &aa_alias;
+ af.f_av_desc = slap_schema.si_ad_objectClass;
+ af.f_av_value = bv_alias;
+ af.f_next = NULL;
+
+ /* Find all aliases in database */
+ BDB_IDL_ZERO( aliases );
+ rs->sr_err = bdb_filter_candidates( op, &af, aliases,
+ curscop, visited );
+ if (rs->sr_err != LDAP_SUCCESS) {
+ return rs->sr_err;
+ }
+ oldsubs[0] = 1;
+ oldsubs[1] = e->e_id;
+
+ BDB_IDL_ZERO( ids );
+ BDB_IDL_ZERO( visited );
+ BDB_IDL_ZERO( newsubs );
+
+ cursoro = 0;
+ ido = bdb_idl_first( oldsubs, &cursoro );
+
+ for (;;) {
+ /* Set curscop to only the aliases in the current scope. Start with
+ * all the aliases, obtain the IDL for the current scope, and then
+ * get the intersection of these two IDLs. Add the current scope
+ * to the cumulative list of candidates.
+ */
+ BDB_IDL_CPY( curscop, aliases );
+ rs->sr_err = bdb_dn2idl( op, e, subscop,
+ subscop2+BDB_IDL_DB_SIZE );
+ if (first) {
+ first = 0;
+ } else {
+ bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache, e, &locka);
+ }
+ BDB_IDL_CPY(subscop2, subscop);
+ rs->sr_err = bdb_idl_intersection(curscop, subscop);
+ bdb_idl_union( ids, subscop2 );
+
+ /* Dereference all of the aliases in the current scope. */
+ cursora = 0;
+ for (ida = bdb_idl_first(curscop, &cursora); ida != NOID;
+ ida = bdb_idl_next(curscop, &cursora))
+ {
+ ei = NULL;
+retry1:
+ rs->sr_err = bdb_cache_find_id(op, NULL,
+ ida, &ei, 0, locker, &lockr );
+ if (rs->sr_err != LDAP_SUCCESS) {
+ if ( rs->sr_err == DB_LOCK_DEADLOCK ||
+ rs->sr_err == DB_LOCK_NOTGRANTED ) goto retry1;
+ continue;
+ }
+ a = ei->bei_e;
+
+ /* This should only happen if the curscop IDL has maxed out and
+ * turned into a range that spans IDs indiscriminately
+ */
+ if (!is_entry_alias(a)) {
+ bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache,
+ a, &lockr);
+ continue;
+ }
+
+ /* Actually dereference the alias */
+ BDB_IDL_ZERO(tmp);
+ a = deref_base( op, rs, a, &matched, locker, &lockr,
+ tmp, visited );
+ if (a) {
+ /* If the target was not already in our current candidates,
+ * make note of it in the newsubs list. Also
+ * set it in the scopes list so that bdb_search
+ * can check it.
+ */
+ if (bdb_idl_insert(ids, a->e_id) == 0) {
+ bdb_idl_insert(newsubs, a->e_id);
+ bdb_idl_insert(scopes, a->e_id);
+ }
+ bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache,
+ a, &lockr);
+
+ } else if (matched) {
+ /* Alias could not be dereferenced, or it deref'd to
+ * an ID we've already seen. Ignore it.
+ */
+ bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache,
+ matched, &lockr );
+ rs->sr_text = NULL;
+ }
+ }
+ /* If this is a OneLevel search, we're done; oldsubs only had one
+ * ID in it. For a Subtree search, oldsubs may be a list of scope IDs.
+ */
+ if ( op->ors_scope == LDAP_SCOPE_ONELEVEL ) break;
+nextido:
+ ido = bdb_idl_next( oldsubs, &cursoro );
+
+ /* If we're done processing the old scopes, did we add any new
+ * scopes in this iteration? If so, go back and do those now.
+ */
+ if (ido == NOID) {
+ if (BDB_IDL_IS_ZERO(newsubs)) break;
+ BDB_IDL_CPY(oldsubs, newsubs);
+ BDB_IDL_ZERO(newsubs);
+ cursoro = 0;
+ ido = bdb_idl_first( oldsubs, &cursoro );
+ }
+
+ /* Find the entry corresponding to the next scope. If it can't
+ * be found, ignore it and move on. This should never happen;
+ * we should never see the ID of an entry that doesn't exist.
+ * Set the name so that the scope's IDL can be retrieved.
+ */
+ ei = NULL;
+sameido:
+ rs->sr_err = bdb_cache_find_id(op, NULL, ido, &ei,
+ 0, locker, &locka );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ if ( rs->sr_err == DB_LOCK_DEADLOCK ||
+ rs->sr_err == DB_LOCK_NOTGRANTED )
+ goto sameido;
+ goto nextido;
+ }
+ e = ei->bei_e;
+ }
+ return rs->sr_err;
+}
+
+int
+bdb_search( Operation *op, SlapReply *rs )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ time_t stoptime;
+ ID id, cursor;
+ ID candidates[BDB_IDL_UM_SIZE];
+ ID scopes[BDB_IDL_DB_SIZE];
+ Entry *e = NULL, base, e_root = {0};
+ Entry *matched = NULL;
+ EntryInfo *ei, ei_root = {0};
+ struct berval realbase = BER_BVNULL;
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ slap_mask_t mask;
+#endif
+ int manageDSAit;
+ int tentries = 0;
+ ID lastid = NOID;
+ AttributeName *attrs;
+
+ u_int32_t locker = 0;
+ DB_LOCK lock;
+ struct bdb_op_info *opinfo = NULL;
+ DB_TXN *ltid = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "=> " LDAP_XSTRING(bdb_search) "\n", 0, 0, 0);
+ attrs = op->oq_search.rs_attrs;
+
+ opinfo = (struct bdb_op_info *) op->o_private;
+
+ manageDSAit = get_manageDSAit( op );
+
+ if ( opinfo && opinfo->boi_txn ) {
+ ltid = opinfo->boi_txn;
+ locker = TXN_ID( ltid );
+ } else {
+ rs->sr_err = LOCK_ID( bdb->bi_dbenv, &locker );
+
+ switch(rs->sr_err) {
+ case 0:
+ break;
+ default:
+ send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
+ return rs->sr_err;
+ }
+ }
+
+ if ( op->o_req_ndn.bv_len == 0 ) {
+ /* DIT root special case */
+ ei_root.bei_e = &e_root;
+ ei_root.bei_parent = &ei_root;
+ e_root.e_private = &ei_root;
+ e_root.e_id = 0;
+ BER_BVSTR( &e_root.e_nname, "" );
+ BER_BVSTR( &e_root.e_name, "" );
+ ei = &ei_root;
+ rs->sr_err = LDAP_SUCCESS;
+ } else {
+ if ( op->ors_deref & LDAP_DEREF_FINDING ) {
+ BDB_IDL_ZERO(candidates);
+ }
+dn2entry_retry:
+ /* get entry with reader lock */
+ rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei,
+ 1, locker, &lock );
+ }
+
+ switch(rs->sr_err) {
+ case DB_NOTFOUND:
+ matched = ei->bei_e;
+ break;
+ case 0:
+ e = ei->bei_e;
+ break;
+ case LDAP_BUSY:
+ send_ldap_error( op, rs, LDAP_BUSY, "ldap server busy" );
+ if ( !opinfo )
+ LOCK_ID_FREE (bdb->bi_dbenv, locker );
+ return LDAP_BUSY;
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto dn2entry_retry;
+ default:
+ send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
+ if ( !opinfo )
+ LOCK_ID_FREE (bdb->bi_dbenv, locker );
+ return rs->sr_err;
+ }
+
+ if ( op->ors_deref & LDAP_DEREF_FINDING ) {
+ if ( matched && is_entry_alias( matched )) {
+ struct berval stub;
+
+ stub.bv_val = op->o_req_ndn.bv_val;
+ stub.bv_len = op->o_req_ndn.bv_len - matched->e_nname.bv_len - 1;
+ e = deref_base( op, rs, matched, &matched, locker, &lock,
+ candidates, NULL );
+ if ( e ) {
+ build_new_dn( &op->o_req_ndn, &e->e_nname, &stub,
+ op->o_tmpmemctx );
+ bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache,
+ e, &lock);
+ matched = NULL;
+ goto dn2entry_retry;
+ }
+ } else if ( e && is_entry_alias( e )) {
+ e = deref_base( op, rs, e, &matched, locker, &lock,
+ candidates, NULL );
+ }
+ }
+
+ if ( e == NULL ) {
+ struct berval matched_dn = BER_BVNULL;
+
+ if ( matched != NULL ) {
+ BerVarray erefs = NULL;
+
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* return referral only if "disclose"
+ * is granted on the object */
+ if ( ! access_allowed( op, matched,
+ slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ ber_dupbv( &matched_dn, &matched->e_name );
+
+ erefs = is_entry_referral( matched )
+ ? get_entry_referrals( op, matched )
+ : NULL;
+ if ( rs->sr_err == DB_NOTFOUND )
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_matched = matched_dn.bv_val;
+ }
+
+#ifdef SLAP_ZONE_ALLOC
+ slap_zn_runlock(bdb->bi_cache.c_zctx, matched);
+#endif
+ bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache,
+ matched, &lock);
+ matched = NULL;
+
+ if ( erefs ) {
+ rs->sr_ref = referral_rewrite( erefs, &matched_dn,
+ &op->o_req_dn, op->oq_search.rs_scope );
+ ber_bvarray_free( erefs );
+ }
+
+ } else {
+#ifdef SLAP_ZONE_ALLOC
+ slap_zn_runlock(bdb->bi_cache.c_zctx, matched);
+#endif
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, op->oq_search.rs_scope );
+ rs->sr_err = rs->sr_ref != NULL ? LDAP_REFERRAL : LDAP_NO_SUCH_OBJECT;
+ }
+
+ send_ldap_result( op, rs );
+
+ if ( !opinfo )
+ LOCK_ID_FREE (bdb->bi_dbenv, locker );
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ if ( !BER_BVISNULL( &matched_dn ) ) {
+ ber_memfree( matched_dn.bv_val );
+ rs->sr_matched = NULL;
+ }
+ return rs->sr_err;
+ }
+
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* NOTE: __NEW__ "search" access is required
+ * on searchBase object */
+ if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_SEARCH, NULL, &mask ) )
+ {
+ if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ }
+
+#ifdef SLAP_ZONE_ALLOC
+ slap_zn_runlock(bdb->bi_cache.c_zctx, e);
+#endif
+ if ( e != &e_root ) {
+ bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
+ }
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
+ if ( !manageDSAit && e != &e_root && is_entry_referral( e ) ) {
+ /* entry is a referral, don't allow add */
+ struct berval matched_dn = BER_BVNULL;
+ BerVarray erefs = NULL;
+
+ ber_dupbv( &matched_dn, &e->e_name );
+ erefs = get_entry_referrals( op, e );
+
+ rs->sr_err = LDAP_REFERRAL;
+
+#ifdef SLAP_ZONE_ALLOC
+ slap_zn_runlock(bdb->bi_cache.c_zctx, e);
+#endif
+ bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
+ e = NULL;
+
+ if ( erefs ) {
+ rs->sr_ref = referral_rewrite( erefs, &matched_dn,
+ &op->o_req_dn, op->oq_search.rs_scope );
+ ber_bvarray_free( erefs );
+
+ if ( !rs->sr_ref ) {
+ rs->sr_text = "bad_referral object";
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_search) ": entry is referral\n",
+ 0, 0, 0 );
+
+ rs->sr_matched = matched_dn.bv_val;
+ send_ldap_result( op, rs );
+
+ if ( !opinfo ) {
+ LOCK_ID_FREE (bdb->bi_dbenv, locker );
+ }
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ ber_memfree( matched_dn.bv_val );
+ rs->sr_matched = NULL;
+ return 1;
+ }
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+#ifdef SLAP_ZONE_ALLOC
+ slap_zn_runlock(bdb->bi_cache.c_zctx, e);
+#endif
+ if ( e != &e_root ) {
+ bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
+ }
+ send_ldap_result( op, rs );
+ return 1;
+ }
+
+ /* compute it anyway; root does not use it */
+ stoptime = op->o_time + op->ors_tlimit;
+
+ /* need normalized dn below */
+ ber_dupbv( &realbase, &e->e_nname );
+
+ /* Copy info to base, must free entry before accessing the database
+ * in search_candidates, to avoid deadlocks.
+ */
+ base.e_private = e->e_private;
+ base.e_nname = realbase;
+ base.e_id = e->e_id;
+
+#ifdef SLAP_ZONE_ALLOC
+ slap_zn_runlock(bdb->bi_cache.c_zctx, e);
+#endif
+ if ( e != &e_root ) {
+ bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
+ }
+ e = NULL;
+
+ /* select candidates */
+ if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
+ rs->sr_err = base_candidate( op->o_bd, &base, candidates );
+
+ } else {
+ BDB_IDL_ZERO( candidates );
+ BDB_IDL_ZERO( scopes );
+ rs->sr_err = search_candidates( op, rs, &base,
+ locker, candidates, scopes );
+ }
+
+ /* start cursor at beginning of candidates.
+ */
+ cursor = 0;
+
+ if ( candidates[0] == 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_search) ": no candidates\n",
+ 0, 0, 0 );
+
+ goto nochange;
+ }
+
+ /* if not root and candidates exceed to-be-checked entries, abort */
+ if ( op->ors_limit /* isroot == FALSE */ &&
+ op->ors_limit->lms_s_unchecked != -1 &&
+ BDB_IDL_N(candidates) > (unsigned) op->ors_limit->lms_s_unchecked )
+ {
+ rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+ send_ldap_result( op, rs );
+ rs->sr_err = LDAP_SUCCESS;
+ goto done;
+ }
+
+ if ( op->ors_limit == NULL /* isroot == TRUE */ ||
+ !op->ors_limit->lms_s_pr_hide )
+ {
+ tentries = BDB_IDL_N(candidates);
+ }
+
+ if ( get_pagedresults( op ) > SLAP_CONTROL_IGNORED ) {
+ PagedResultsState *ps = op->o_pagedresults_state;
+ /* deferred cookie parsing */
+ rs->sr_err = parse_paged_cookie( op, rs );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto done;
+ }
+
+ if ( (ID)( ps->ps_cookie ) == 0 ) {
+ id = bdb_idl_first( candidates, &cursor );
+
+ } else {
+ if ( ps->ps_size == 0 ) {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = "search abandoned by pagedResult size=0";
+ send_ldap_result( op, rs );
+ goto done;
+ }
+ for ( id = bdb_idl_first( candidates, &cursor );
+ id != NOID &&
+ id <= (ID)( ps->ps_cookie );
+ id = bdb_idl_next( candidates, &cursor ) )
+ {
+ /* empty */;
+ }
+ }
+
+ if ( cursor == NOID ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_search)
+ ": no paged results candidates\n",
+ 0, 0, 0 );
+ send_paged_response( op, rs, &lastid, 0 );
+
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+ goto loop_begin;
+ }
+
+ for ( id = bdb_idl_first( candidates, &cursor );
+ id != NOID ; id = bdb_idl_next( candidates, &cursor ) )
+ {
+ int scopeok;
+
+loop_begin:
+
+ /* check for abandon */
+ if ( op->o_abandon ) {
+ rs->sr_err = SLAPD_ABANDON;
+ goto done;
+ }
+
+ /* check time limit */
+ if ( op->ors_tlimit != SLAP_NO_LIMIT
+ && slap_get_time() > stoptime )
+ {
+ rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
+ rs->sr_ref = rs->sr_v2ref;
+ send_ldap_result( op, rs );
+ rs->sr_err = LDAP_SUCCESS;
+ goto done;
+ }
+
+fetch_entry_retry:
+ /* get the entry with reader lock */
+ ei = NULL;
+ rs->sr_err = bdb_cache_find_id( op, ltid,
+ id, &ei, 0, locker, &lock );
+
+ if (rs->sr_err == LDAP_BUSY) {
+ rs->sr_text = "ldap server busy";
+ send_ldap_result( op, rs );
+ goto done;
+
+ } else if ( rs->sr_err == DB_LOCK_DEADLOCK
+ || rs->sr_err == DB_LOCK_NOTGRANTED )
+ {
+ goto fetch_entry_retry;
+ }
+
+ if ( ei && rs->sr_err == LDAP_SUCCESS ) {
+ e = ei->bei_e;
+ } else {
+ e = NULL;
+ }
+
+ if ( e == NULL ) {
+ if( !BDB_IDL_IS_RANGE(candidates) ) {
+ /* only complain for non-range IDLs */
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_search)
+ ": candidate %ld not found\n",
+ (long) id, 0, 0 );
+ }
+
+ goto loop_continue;
+ }
+
+ rs->sr_entry = e;
+
+ if ( is_entry_subentry( e ) ) {
+ if( op->oq_search.rs_scope != LDAP_SCOPE_BASE ) {
+ if(!get_subentries_visibility( op )) {
+ /* only subentries are visible */
+ goto loop_continue;
+ }
+
+ } else if ( get_subentries( op ) &&
+ !get_subentries_visibility( op ))
+ {
+ /* only subentries are visible */
+ goto loop_continue;
+ }
+
+ } else if ( get_subentries_visibility( op )) {
+ /* only subentries are visible */
+ goto loop_continue;
+ }
+
+ /* Does this candidate actually satisfy the search scope?
+ *
+ * Note that we don't lock access to the bei_parent pointer.
+ * Since only leaf nodes can be deleted, the parent of any
+ * node will always be a valid node. Also since we have
+ * a Read lock on the data, it cannot be renamed out of the
+ * scope while we are looking at it, and unless we're using
+ * BDB_HIER, its parents cannot be moved either.
+ */
+ scopeok = 0;
+ switch( op->ors_scope ) {
+ case LDAP_SCOPE_BASE:
+ /* This is always true, yes? */
+ if ( id == base.e_id ) scopeok = 1;
+ break;
+
+ case LDAP_SCOPE_ONELEVEL:
+ if ( ei->bei_parent->bei_id == base.e_id ) scopeok = 1;
+ break;
+
+#ifdef LDAP_SCOPE_CHILDREN
+ case LDAP_SCOPE_CHILDREN:
+ if ( id == base.e_id ) break;
+ /* Fall-thru */
+#endif
+ case LDAP_SCOPE_SUBTREE: {
+ EntryInfo *tmp;
+ for ( tmp = BEI(e); tmp; tmp = tmp->bei_parent ) {
+ if ( tmp->bei_id == base.e_id ) {
+ scopeok = 1;
+ break;
+ }
+ }
+ } break;
+ }
+
+ /* aliases were already dereferenced in candidate list */
+ if ( op->ors_deref & LDAP_DEREF_SEARCHING ) {
+ /* but if the search base is an alias, and we didn't
+ * deref it when finding, return it.
+ */
+ if ( is_entry_alias(e) &&
+ ((op->ors_deref & LDAP_DEREF_FINDING) ||
+ !bvmatch(&e->e_nname, &op->o_req_ndn)))
+ {
+ goto loop_continue;
+ }
+
+ /* scopes is only non-empty for onelevel or subtree */
+ if ( !scopeok && BDB_IDL_N(scopes) ) {
+ unsigned x;
+ if ( op->ors_scope == LDAP_SCOPE_ONELEVEL ) {
+ x = bdb_idl_search( scopes, e->e_id );
+ if ( scopes[x] == e->e_id ) scopeok = 1;
+ } else {
+ /* subtree, walk up the tree */
+ EntryInfo *tmp = BEI(e);
+ for (;tmp->bei_parent; tmp=tmp->bei_parent) {
+ x = bdb_idl_search( scopes, tmp->bei_id );
+ if ( scopes[x] == tmp->bei_id ) {
+ scopeok = 1;
+ break;
+ }
+ }
+ }
+ }
+ }
+
+ /* Not in scope, ignore it */
+ if ( !scopeok )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_search)
+ ": %ld scope not okay\n",
+ (long) id, 0, 0 );
+ goto loop_continue;
+ }
+
+ /*
+ * if it's a referral, add it to the list of referrals. only do
+ * this for non-base searches, and don't check the filter
+ * explicitly here since it's only a candidate anyway.
+ */
+ if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE
+ && is_entry_referral( e ) )
+ {
+ BerVarray erefs = get_entry_referrals( op, e );
+ rs->sr_ref = referral_rewrite( erefs, &e->e_name, NULL,
+ op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL
+ ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
+
+ send_search_reference( op, rs );
+
+ ber_bvarray_free( rs->sr_ref );
+ ber_bvarray_free( erefs );
+ rs->sr_ref = NULL;
+
+ goto loop_continue;
+ }
+
+ if ( !manageDSAit && is_entry_glue( e )) {
+ goto loop_continue;
+ }
+
+ /* if it matches the filter and scope, send it */
+ rs->sr_err = test_filter( op, rs->sr_entry, op->oq_search.rs_filter );
+
+ if ( rs->sr_err == LDAP_COMPARE_TRUE ) {
+ /* check size limit */
+ if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
+ if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) {
+#ifdef SLAP_ZONE_ALLOC
+ slap_zn_runlock(bdb->bi_cache.c_zctx, e);
+#endif
+ bdb_cache_return_entry_r( bdb->bi_dbenv,
+ &bdb->bi_cache, e, &lock );
+ e = NULL;
+ send_paged_response( op, rs, &lastid, tentries );
+ goto done;
+ }
+ lastid = id;
+ }
+
+ if (e) {
+ /* safe default */
+ rs->sr_attrs = op->oq_search.rs_attrs;
+ rs->sr_operational_attrs = NULL;
+ rs->sr_ctrls = NULL;
+ rs->sr_flags = 0;
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_err = send_search_entry( op, rs );
+
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS: /* entry sent ok */
+ break;
+ default: /* entry not sent */
+ break;
+ case LDAP_UNAVAILABLE:
+ case LDAP_SIZELIMIT_EXCEEDED:
+#ifdef SLAP_ZONE_ALLOC
+ slap_zn_runlock(bdb->bi_cache.c_zctx, e);
+#endif
+ bdb_cache_return_entry_r(bdb->bi_dbenv,
+ &bdb->bi_cache, e, &lock);
+ e = NULL;
+ rs->sr_entry = NULL;
+ if ( rs->sr_err == LDAP_SIZELIMIT_EXCEEDED ) {
+ rs->sr_ref = rs->sr_v2ref;
+ send_ldap_result( op, rs );
+ rs->sr_err = LDAP_SUCCESS;
+
+ } else {
+ rs->sr_err = LDAP_OTHER;
+ }
+ goto done;
+ }
+ }
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_search)
+ ": %ld does not match filter\n",
+ (long) id, 0, 0 );
+ }
+
+loop_continue:
+ if( e != NULL ) {
+ /* free reader lock */
+#ifdef SLAP_ZONE_ALLOC
+ slap_zn_runlock(bdb->bi_cache.c_zctx, e);
+#endif
+ bdb_cache_return_entry_r( bdb->bi_dbenv,
+ &bdb->bi_cache, e , &lock );
+ e = NULL;
+ rs->sr_entry = NULL;
+ }
+ }
+
+nochange:
+ rs->sr_ctrls = NULL;
+ rs->sr_ref = rs->sr_v2ref;
+ rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS : LDAP_REFERRAL;
+ rs->sr_rspoid = NULL;
+ if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
+ send_paged_response( op, rs, NULL, 0 );
+ } else {
+ send_ldap_result( op, rs );
+ }
+
+ rs->sr_err = LDAP_SUCCESS;
+
+done:
+ if ( !opinfo )
+ LOCK_ID_FREE( bdb->bi_dbenv, locker );
+
+ if( rs->sr_v2ref ) {
+ ber_bvarray_free( rs->sr_v2ref );
+ rs->sr_v2ref = NULL;
+ }
+ if( realbase.bv_val ) ch_free( realbase.bv_val );
+
+ return rs->sr_err;
+}
+
+
+static int base_candidate(
+ BackendDB *be,
+ Entry *e,
+ ID *ids )
+{
+ Debug(LDAP_DEBUG_ARGS, "base_candidates: base: \"%s\" (0x%08lx)\n",
+ e->e_nname.bv_val, (long) e->e_id, 0);
+
+ ids[0] = 1;
+ ids[1] = e->e_id;
+ return 0;
+}
+
+/* Look for "objectClass Present" in this filter.
+ * Also count depth of filter tree while we're at it.
+ */
+static int oc_filter(
+ Filter *f,
+ int cur,
+ int *max )
+{
+ int rc = 0;
+
+ assert( f != NULL );
+
+ if( cur > *max ) *max = cur;
+
+ switch( f->f_choice ) {
+ case LDAP_FILTER_PRESENT:
+ if (f->f_desc == slap_schema.si_ad_objectClass) {
+ rc = 1;
+ }
+ break;
+
+ case LDAP_FILTER_AND:
+ case LDAP_FILTER_OR:
+ cur++;
+ for ( f=f->f_and; f; f=f->f_next ) {
+ (void) oc_filter(f, cur, max);
+ }
+ break;
+
+ default:
+ break;
+ }
+ return rc;
+}
+
+static void search_stack_free( void *key, void *data )
+{
+ ber_memfree_x(data, NULL);
+}
+
+static void *search_stack( Operation *op )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ void *ret = NULL;
+
+ if ( op->o_threadctx ) {
+ ldap_pvt_thread_pool_getkey( op->o_threadctx, search_stack,
+ &ret, NULL );
+ } else {
+ ret = bdb->bi_search_stack;
+ }
+
+ if ( !ret ) {
+ ret = ch_malloc( bdb->bi_search_stack_depth * BDB_IDL_UM_SIZE
+ * sizeof( ID ) );
+ if ( op->o_threadctx ) {
+ ldap_pvt_thread_pool_setkey( op->o_threadctx, search_stack,
+ ret, search_stack_free );
+ } else {
+ bdb->bi_search_stack = ret;
+ }
+ }
+ return ret;
+}
+
+static int search_candidates(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e,
+ u_int32_t locker,
+ ID *ids,
+ ID *scopes )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ int rc, depth = 1;
+ Filter f, rf, xf, nf;
+ ID *stack;
+#ifdef LDAP_COMP_MATCH
+ AttributeAssertion aa_ref = { NULL, BER_BVNULL, NULL };
+#else
+ AttributeAssertion aa_ref = { NULL, BER_BVNULL };
+#endif
+ Filter sf;
+#ifdef LDAP_COMP_MATCH
+ AttributeAssertion aa_subentry = { NULL, BER_BVNULL, NULL };
+#else
+ AttributeAssertion aa_subentry = { NULL, BER_BVNULL };
+#endif
+
+ /*
+ * This routine takes as input a filter (user-filter)
+ * and rewrites it as follows:
+ * (&(scope=DN)[(objectClass=subentry)]
+ * (|[(objectClass=referral)(objectClass=alias)](user-filter))
+ */
+
+ Debug(LDAP_DEBUG_TRACE,
+ "search_candidates: base=\"%s\" (0x%08lx) scope=%d\n",
+ e->e_nname.bv_val, (long) e->e_id, op->oq_search.rs_scope );
+
+ xf.f_or = op->oq_search.rs_filter;
+ xf.f_choice = LDAP_FILTER_OR;
+ xf.f_next = NULL;
+
+ /* If the user's filter uses objectClass=*,
+ * these clauses are redundant.
+ */
+ if (!oc_filter(op->oq_search.rs_filter, 1, &depth)
+ && !get_subentries_visibility(op)) {
+ if( !get_manageDSAit(op) && !get_domainScope(op) ) {
+ /* match referral objects */
+ struct berval bv_ref = BER_BVC( "referral" );
+ rf.f_choice = LDAP_FILTER_EQUALITY;
+ rf.f_ava = &aa_ref;
+ rf.f_av_desc = slap_schema.si_ad_objectClass;
+ rf.f_av_value = bv_ref;
+ rf.f_next = xf.f_or;
+ xf.f_or = &rf;
+ depth++;
+ }
+ }
+
+ f.f_next = NULL;
+ f.f_choice = LDAP_FILTER_AND;
+ f.f_and = &nf;
+ /* Dummy; we compute scope separately now */
+ nf.f_choice = SLAPD_FILTER_COMPUTED;
+ nf.f_result = LDAP_SUCCESS;
+ nf.f_next = ( xf.f_or == op->oq_search.rs_filter )
+ ? op->oq_search.rs_filter : &xf ;
+ /* Filter depth increased again, adding dummy clause */
+ depth++;
+
+ if( get_subentries_visibility( op ) ) {
+ struct berval bv_subentry = BER_BVC( "subentry" );
+ sf.f_choice = LDAP_FILTER_EQUALITY;
+ sf.f_ava = &aa_subentry;
+ sf.f_av_desc = slap_schema.si_ad_objectClass;
+ sf.f_av_value = bv_subentry;
+ sf.f_next = nf.f_next;
+ nf.f_next = &sf;
+ }
+
+ /* Allocate IDL stack, plus 1 more for former tmp */
+ if ( depth+1 > bdb->bi_search_stack_depth ) {
+ stack = ch_malloc( (depth + 1) * BDB_IDL_UM_SIZE * sizeof( ID ) );
+ } else {
+ stack = search_stack( op );
+ }
+
+ if( op->ors_deref & LDAP_DEREF_SEARCHING ) {
+ rc = search_aliases( op, rs, e, locker, ids, scopes, stack );
+ } else {
+ rc = bdb_dn2idl( op, e, ids, stack );
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ rc = bdb_filter_candidates( op, &f, ids,
+ stack, stack+BDB_IDL_UM_SIZE );
+ }
+
+ if ( depth+1 > bdb->bi_search_stack_depth ) {
+ ch_free( stack );
+ }
+
+ if( rc ) {
+ Debug(LDAP_DEBUG_TRACE,
+ "bdb_search_candidates: failed (rc=%d)\n",
+ rc, NULL, NULL );
+
+ } else {
+ Debug(LDAP_DEBUG_TRACE,
+ "bdb_search_candidates: id=%ld first=%ld last=%ld\n",
+ (long) ids[0],
+ (long) BDB_IDL_FIRST(ids),
+ (long) BDB_IDL_LAST(ids) );
+ }
+
+ return rc;
+}
+
+static int
+parse_paged_cookie( Operation *op, SlapReply *rs )
+{
+ LDAPControl **c;
+ int rc = LDAP_SUCCESS;
+ ber_tag_t tag;
+ ber_int_t size;
+ BerElement *ber;
+ struct berval cookie = BER_BVNULL;
+ PagedResultsState *ps = op->o_pagedresults_state;
+
+ /* this function must be invoked only if the pagedResults
+ * control has been detected, parsed and partially checked
+ * by the frontend */
+ assert( get_pagedresults( op ) > SLAP_CONTROL_IGNORED );
+
+ /* look for the appropriate ctrl structure */
+ for ( c = op->o_ctrls; c[0] != NULL; c++ ) {
+ if ( strcmp( c[0]->ldctl_oid, LDAP_CONTROL_PAGEDRESULTS ) == 0 )
+ {
+ break;
+ }
+ }
+
+ if ( c[0] == NULL ) {
+ rs->sr_text = "missing pagedResults control";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ /* Tested by frontend */
+ assert( c[0]->ldctl_value.bv_len > 0 );
+
+ /* Parse the control value
+ * realSearchControlValue ::= SEQUENCE {
+ * size INTEGER (0..maxInt),
+ * -- requested page size from client
+ * -- result set size estimate from server
+ * cookie OCTET STRING
+ * }
+ */
+ ber = ber_init( &c[0]->ldctl_value );
+ if ( ber == NULL ) {
+ rs->sr_text = "internal error";
+ return LDAP_OTHER;
+ }
+
+ tag = ber_scanf( ber, "{im}", &size, &cookie );
+
+ /* Tested by frontend */
+ assert( tag != LBER_ERROR );
+ assert( size >= 0 );
+
+ /* cookie decoding/checks deferred to backend... */
+ if ( cookie.bv_len ) {
+ PagedResultsCookie reqcookie;
+ if( cookie.bv_len != sizeof( reqcookie ) ) {
+ /* bad cookie */
+ rs->sr_text = "paged results cookie is invalid";
+ rc = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+
+ AC_MEMCPY( &reqcookie, cookie.bv_val, sizeof( reqcookie ));
+
+ if ( reqcookie > ps->ps_cookie ) {
+ /* bad cookie */
+ rs->sr_text = "paged results cookie is invalid";
+ rc = LDAP_PROTOCOL_ERROR;
+ goto done;
+
+ } else if ( reqcookie < ps->ps_cookie ) {
+ rs->sr_text = "paged results cookie is invalid or old";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ goto done;
+ }
+
+ } else {
+ /* Initial request. Initialize state. */
+#if 0
+ if ( op->o_conn->c_pagedresults_state.ps_cookie != 0 ) {
+ /* There's another pagedResults control on the
+ * same connection; reject new pagedResults controls
+ * (allowed by RFC2696) */
+ rs->sr_text = "paged results cookie unavailable; try later";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ goto done;
+ }
+#endif
+ ps->ps_cookie = 0;
+ ps->ps_count = 0;
+ }
+
+done:;
+ (void)ber_free( ber, 1 );
+
+ return rc;
+}
+
+static void
+send_paged_response(
+ Operation *op,
+ SlapReply *rs,
+ ID *lastid,
+ int tentries )
+{
+ LDAPControl ctrl, *ctrls[2];
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ PagedResultsCookie respcookie;
+ struct berval cookie;
+
+ Debug(LDAP_DEBUG_ARGS,
+ "send_paged_response: lastid=0x%08lx nentries=%d\n",
+ lastid ? *lastid : 0, rs->sr_nentries, NULL );
+
+ BER_BVZERO( &ctrl.ldctl_value );
+ ctrls[0] = &ctrl;
+ ctrls[1] = NULL;
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+
+ if ( lastid ) {
+ respcookie = ( PagedResultsCookie )(*lastid);
+ cookie.bv_len = sizeof( respcookie );
+ cookie.bv_val = (char *)&respcookie;
+
+ } else {
+ respcookie = ( PagedResultsCookie )0;
+ BER_BVSTR( &cookie, "" );
+ }
+
+ op->o_conn->c_pagedresults_state.ps_cookie = respcookie;
+ op->o_conn->c_pagedresults_state.ps_count =
+ ((PagedResultsState *)op->o_pagedresults_state)->ps_count +
+ rs->sr_nentries;
+
+ /* return size of 0 -- no estimate */
+ ber_printf( ber, "{iO}", 0, &cookie );
+
+ if ( ber_flatten2( ber, &ctrls[0]->ldctl_value, 0 ) == -1 ) {
+ goto done;
+ }
+
+ ctrls[0]->ldctl_oid = LDAP_CONTROL_PAGEDRESULTS;
+ ctrls[0]->ldctl_iscritical = 0;
+
+ rs->sr_ctrls = ctrls;
+ rs->sr_err = LDAP_SUCCESS;
+ send_ldap_result( op, rs );
+ rs->sr_ctrls = NULL;
+
+done:
+ (void) ber_free_buf( ber );
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/tools.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/tools.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/tools.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1032 @@
+/* tools.c - tools for slap tools */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/tools.c,v 1.72.2.16 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#define AVL_INTERNAL
+#include "back-bdb.h"
+#include "idl.h"
+
+static DBC *cursor = NULL;
+static DBT key, data;
+
+typedef struct dn_id {
+ ID id;
+ struct berval dn;
+} dn_id;
+
+#define HOLE_SIZE 4096
+static dn_id hbuf[HOLE_SIZE], *holes = hbuf;
+static unsigned nhmax = HOLE_SIZE;
+static unsigned nholes;
+
+static int index_nattrs;
+
+#ifdef BDB_TOOL_IDL_CACHING
+#define bdb_tool_idl_cmp BDB_SYMBOL(tool_idl_cmp)
+#define bdb_tool_idl_flush_one BDB_SYMBOL(tool_idl_flush_one)
+#define bdb_tool_idl_flush BDB_SYMBOL(tool_idl_flush)
+
+static int bdb_tool_idl_flush( BackendDB *be );
+
+#define IDBLOCK 1024
+
+typedef struct bdb_tool_idl_cache_entry {
+ struct bdb_tool_idl_cache_entry *next;
+ ID ids[IDBLOCK];
+} bdb_tool_idl_cache_entry;
+
+typedef struct bdb_tool_idl_cache {
+ struct berval kstr;
+ bdb_tool_idl_cache_entry *head, *tail;
+ ID first, last;
+ int count;
+} bdb_tool_idl_cache;
+
+static bdb_tool_idl_cache_entry *bdb_tool_idl_free_list;
+#endif /* BDB_TOOL_IDL_CACHING */
+
+static ID bdb_tool_ix_id;
+static Operation *bdb_tool_ix_op;
+static int *bdb_tool_index_threads, bdb_tool_index_tcount;
+static void *bdb_tool_index_rec;
+static struct bdb_info *bdb_tool_info;
+static ldap_pvt_thread_mutex_t bdb_tool_index_mutex;
+static ldap_pvt_thread_cond_t bdb_tool_index_cond;
+
+static void * bdb_tool_index_task( void *ctx, void *ptr );
+
+int bdb_tool_entry_open(
+ BackendDB *be, int mode )
+{
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+
+ /* initialize key and data thangs */
+ DBTzero( &key );
+ DBTzero( &data );
+ key.flags = DB_DBT_REALLOC;
+ data.flags = DB_DBT_REALLOC;
+
+ if (cursor == NULL) {
+ int rc = bdb->bi_id2entry->bdi_db->cursor(
+ bdb->bi_id2entry->bdi_db, NULL, &cursor,
+ bdb->bi_db_opflags );
+ if( rc != 0 ) {
+ return -1;
+ }
+ }
+
+ /* Set up for threaded slapindex */
+ if (( slapMode & (SLAP_TOOL_QUICK|SLAP_TOOL_READONLY)) == SLAP_TOOL_QUICK
+ && bdb->bi_nattrs ) {
+ if ( !bdb_tool_info ) {
+ int i;
+ ldap_pvt_thread_mutex_init( &bdb_tool_index_mutex );
+ ldap_pvt_thread_cond_init( &bdb_tool_index_cond );
+ bdb_tool_index_threads = ch_malloc( slap_tool_thread_max * sizeof( int ));
+ bdb_tool_index_rec = ch_malloc( bdb->bi_nattrs * sizeof( IndexRec ));
+ bdb_tool_index_tcount = slap_tool_thread_max - 1;
+ for (i=1; i<slap_tool_thread_max; i++) {
+ int *ptr = ch_malloc( sizeof( int ));
+ *ptr = i;
+ ldap_pvt_thread_pool_submit( &connection_pool,
+ bdb_tool_index_task, ptr );
+ }
+ }
+ bdb_tool_info = bdb;
+ }
+
+ return 0;
+}
+
+int bdb_tool_entry_close(
+ BackendDB *be )
+{
+ if ( bdb_tool_info ) {
+ slapd_shutdown = 1;
+ ldap_pvt_thread_mutex_lock( &bdb_tool_index_mutex );
+ bdb_tool_index_tcount = slap_tool_thread_max - 1;
+ ldap_pvt_thread_cond_broadcast( &bdb_tool_index_cond );
+ ldap_pvt_thread_mutex_unlock( &bdb_tool_index_mutex );
+ }
+
+ if( key.data ) {
+ ch_free( key.data );
+ key.data = NULL;
+ }
+ if( data.data ) {
+ ch_free( data.data );
+ data.data = NULL;
+ }
+
+ if( cursor ) {
+ cursor->c_close( cursor );
+ cursor = NULL;
+ }
+
+#ifdef BDB_TOOL_IDL_CACHING
+ bdb_tool_idl_flush( be );
+#endif
+
+ if( nholes ) {
+ unsigned i;
+ fprintf( stderr, "Error, entries missing!\n");
+ for (i=0; i<nholes; i++) {
+ fprintf(stderr, " entry %ld: %s\n",
+ holes[i].id, holes[i].dn.bv_val);
+ }
+ return -1;
+ }
+
+ return 0;
+}
+
+ID bdb_tool_entry_next(
+ BackendDB *be )
+{
+ int rc;
+ ID id;
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+
+ assert( be != NULL );
+ assert( slapMode & SLAP_TOOL_MODE );
+ assert( bdb != NULL );
+
+ rc = cursor->c_get( cursor, &key, &data, DB_NEXT );
+
+ if( rc != 0 ) {
+ /* If we're doing linear indexing and there are more attrs to
+ * index, and we're at the end of the database, start over.
+ */
+ if ( index_nattrs && rc == DB_NOTFOUND ) {
+ /* optional - do a checkpoint here? */
+ bdb_attr_info_free( bdb->bi_attrs[0] );
+ bdb->bi_attrs[0] = bdb->bi_attrs[index_nattrs];
+ index_nattrs--;
+ rc = cursor->c_get( cursor, &key, &data, DB_FIRST );
+ if ( rc ) {
+ return NOID;
+ }
+ } else {
+ return NOID;
+ }
+ }
+
+ if( data.data == NULL ) {
+ return NOID;
+ }
+
+ BDB_DISK2ID( key.data, &id );
+ return id;
+}
+
+ID bdb_tool_dn2id_get(
+ Backend *be,
+ struct berval *dn
+)
+{
+ Operation op = {0};
+ Opheader ohdr = {0};
+ EntryInfo *ei = NULL;
+ int rc;
+
+ if ( BER_BVISEMPTY(dn) )
+ return 0;
+
+ op.o_hdr = &ohdr;
+ op.o_bd = be;
+ op.o_tmpmemctx = NULL;
+ op.o_tmpmfuncs = &ch_mfuncs;
+
+ rc = bdb_cache_find_ndn( &op, NULL, dn, &ei );
+ if ( ei ) bdb_cache_entryinfo_unlock( ei );
+ if ( rc == DB_NOTFOUND )
+ return NOID;
+
+ return ei->bei_id;
+}
+
+int bdb_tool_id2entry_get(
+ Backend *be,
+ ID id,
+ Entry **e
+)
+{
+ int rc = bdb_id2entry( be, NULL, 0, id, e );
+
+ if ( rc == DB_NOTFOUND && id == 0 ) {
+ Entry *dummy = ch_calloc( 1, sizeof(Entry) );
+ struct berval gluebv = BER_BVC("glue");
+ dummy->e_name.bv_val = ch_strdup( "" );
+ dummy->e_nname.bv_val = ch_strdup( "" );
+ attr_merge_one( dummy, slap_schema.si_ad_objectClass, &gluebv, NULL );
+ attr_merge_one( dummy, slap_schema.si_ad_structuralObjectClass,
+ &gluebv, NULL );
+ *e = dummy;
+ rc = LDAP_SUCCESS;
+ }
+ return rc;
+}
+
+Entry* bdb_tool_entry_get( BackendDB *be, ID id )
+{
+ int rc;
+ Entry *e = NULL;
+ struct berval bv;
+
+ assert( be != NULL );
+ assert( slapMode & SLAP_TOOL_MODE );
+ assert( data.data != NULL );
+
+ DBT2bv( &data, &bv );
+
+#ifdef SLAP_ZONE_ALLOC
+ /* FIXME: will add ctx later */
+ rc = entry_decode( &bv, &e, NULL );
+#else
+ rc = entry_decode( &bv, &e );
+#endif
+
+ if( rc == LDAP_SUCCESS ) {
+ e->e_id = id;
+ }
+#ifdef BDB_HIER
+ if ( slapMode & SLAP_TOOL_READONLY ) {
+ EntryInfo *ei = NULL;
+ Operation op = {0};
+ Opheader ohdr = {0};
+
+ op.o_hdr = &ohdr;
+ op.o_bd = be;
+ op.o_tmpmemctx = NULL;
+ op.o_tmpmfuncs = &ch_mfuncs;
+
+ rc = bdb_cache_find_parent( &op, NULL, cursor->locker, id, &ei );
+ if ( rc == LDAP_SUCCESS ) {
+ bdb_cache_entryinfo_unlock( ei );
+ e->e_private = ei;
+ ei->bei_e = e;
+ bdb_fix_dn( e, 0 );
+ ei->bei_e = NULL;
+ e->e_private = NULL;
+ }
+ }
+#endif
+ return e;
+}
+
+static int bdb_tool_next_id(
+ Operation *op,
+ DB_TXN *tid,
+ Entry *e,
+ struct berval *text,
+ int hole )
+{
+ struct berval dn = e->e_name;
+ struct berval ndn = e->e_nname;
+ struct berval pdn, npdn;
+ EntryInfo *ei = NULL, eidummy;
+ int rc;
+
+ if (ndn.bv_len == 0) {
+ e->e_id = 0;
+ return 0;
+ }
+
+ rc = bdb_cache_find_ndn( op, tid, &ndn, &ei );
+ if ( ei ) bdb_cache_entryinfo_unlock( ei );
+ if ( rc == DB_NOTFOUND ) {
+ if ( !be_issuffix( op->o_bd, &ndn ) ) {
+ ID eid = e->e_id;
+ dnParent( &dn, &pdn );
+ dnParent( &ndn, &npdn );
+ e->e_name = pdn;
+ e->e_nname = npdn;
+ rc = bdb_tool_next_id( op, tid, e, text, 1 );
+ e->e_name = dn;
+ e->e_nname = ndn;
+ if ( rc ) {
+ return rc;
+ }
+ /* If parent didn't exist, it was created just now
+ * and its ID is now in e->e_id. Make sure the current
+ * entry gets added under the new parent ID.
+ */
+ if ( eid != e->e_id ) {
+ eidummy.bei_id = e->e_id;
+ ei = &eidummy;
+ }
+ }
+ rc = bdb_next_id( op->o_bd, tid, &e->e_id );
+ if ( rc ) {
+ snprintf( text->bv_val, text->bv_len,
+ "next_id failed: %s (%d)",
+ db_strerror(rc), rc );
+ Debug( LDAP_DEBUG_ANY,
+ "=> bdb_tool_next_id: %s\n", text->bv_val, 0, 0 );
+ return rc;
+ }
+ rc = bdb_dn2id_add( op, tid, ei, e );
+ if ( rc ) {
+ snprintf( text->bv_val, text->bv_len,
+ "dn2id_add failed: %s (%d)",
+ db_strerror(rc), rc );
+ Debug( LDAP_DEBUG_ANY,
+ "=> bdb_tool_next_id: %s\n", text->bv_val, 0, 0 );
+ } else if ( hole ) {
+ if ( nholes == nhmax - 1 ) {
+ if ( holes == hbuf ) {
+ holes = ch_malloc( nhmax * sizeof(dn_id) * 2 );
+ AC_MEMCPY( holes, hbuf, sizeof(hbuf) );
+ } else {
+ holes = ch_realloc( holes, nhmax * sizeof(dn_id) * 2 );
+ }
+ nhmax *= 2;
+ }
+ ber_dupbv( &holes[nholes].dn, &ndn );
+ holes[nholes++].id = e->e_id;
+ }
+ } else if ( !hole ) {
+ unsigned i;
+
+ e->e_id = ei->bei_id;
+
+ for ( i=0; i<nholes; i++) {
+ if ( holes[i].id == e->e_id ) {
+ int j;
+ free(holes[i].dn.bv_val);
+ for (j=i;j<nholes;j++) holes[j] = holes[j+1];
+ holes[j].id = 0;
+ nholes--;
+ break;
+ } else if ( holes[i].id > e->e_id ) {
+ break;
+ }
+ }
+ }
+ return rc;
+}
+
+static int
+bdb_tool_index_add(
+ Operation *op,
+ DB_TXN *txn,
+ Entry *e )
+{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+
+ if (!bdb->bi_nattrs)
+ return 0;
+
+ if ( slapMode & SLAP_TOOL_QUICK ) {
+ IndexRec *ir;
+ int i, rc;
+ Attribute *a;
+
+ ir = bdb_tool_index_rec;
+ memset(ir, 0, bdb->bi_nattrs * sizeof( IndexRec ));
+
+ for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+ rc = bdb_index_recset( bdb, a, a->a_desc->ad_type,
+ &a->a_desc->ad_tags, ir );
+ if ( rc )
+ return rc;
+ }
+ bdb_tool_ix_id = e->e_id;
+ bdb_tool_ix_op = op;
+ ldap_pvt_thread_mutex_lock( &bdb_tool_index_mutex );
+ /* Wait for all threads to be ready */
+ while ( bdb_tool_index_tcount ) {
+ ldap_pvt_thread_mutex_unlock( &bdb_tool_index_mutex );
+ ldap_pvt_thread_yield();
+ ldap_pvt_thread_mutex_lock( &bdb_tool_index_mutex );
+ }
+ for ( i=1; i<slap_tool_thread_max; i++ )
+ bdb_tool_index_threads[i] = LDAP_BUSY;
+ bdb_tool_index_tcount = slap_tool_thread_max - 1;
+ ldap_pvt_thread_cond_broadcast( &bdb_tool_index_cond );
+ ldap_pvt_thread_mutex_unlock( &bdb_tool_index_mutex );
+ rc = bdb_index_recrun( op, bdb, ir, e->e_id, 0 );
+ if ( rc )
+ return rc;
+ for ( i=1; i<slap_tool_thread_max; i++ ) {
+ if ( bdb_tool_index_threads[i] == LDAP_BUSY ) {
+ ldap_pvt_thread_yield();
+ i--;
+ continue;
+ }
+ if ( bdb_tool_index_threads[i] )
+ return bdb_tool_index_threads[i];
+ }
+ return 0;
+ } else {
+ return bdb_index_entry_add( op, txn, e );
+ }
+}
+
+ID bdb_tool_entry_put(
+ BackendDB *be,
+ Entry *e,
+ struct berval *text )
+{
+ int rc;
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ DB_TXN *tid = NULL;
+ Operation op = {0};
+ Opheader ohdr = {0};
+
+ assert( be != NULL );
+ assert( slapMode & SLAP_TOOL_MODE );
+
+ assert( text != NULL );
+ assert( text->bv_val != NULL );
+ assert( text->bv_val[0] == '\0' ); /* overconservative? */
+
+ Debug( LDAP_DEBUG_TRACE, "=> " LDAP_XSTRING(bdb_tool_entry_put)
+ "( %ld, \"%s\" )\n", (long) e->e_id, e->e_dn, 0 );
+
+ if (! (slapMode & SLAP_TOOL_QUICK)) {
+ rc = TXN_BEGIN( bdb->bi_dbenv, NULL, &tid,
+ bdb->bi_db_opflags );
+ if( rc != 0 ) {
+ snprintf( text->bv_val, text->bv_len,
+ "txn_begin failed: %s (%d)",
+ db_strerror(rc), rc );
+ Debug( LDAP_DEBUG_ANY,
+ "=> " LDAP_XSTRING(bdb_tool_entry_put) ": %s\n",
+ text->bv_val, 0, 0 );
+ return NOID;
+ }
+ }
+
+ op.o_hdr = &ohdr;
+ op.o_bd = be;
+ op.o_tmpmemctx = NULL;
+ op.o_tmpmfuncs = &ch_mfuncs;
+
+ /* add dn2id indices */
+ rc = bdb_tool_next_id( &op, tid, e, text, 0 );
+ if( rc != 0 ) {
+ goto done;
+ }
+
+ if ( !bdb->bi_linear_index )
+ rc = bdb_tool_index_add( &op, tid, e );
+ if( rc != 0 ) {
+ snprintf( text->bv_val, text->bv_len,
+ "index_entry_add failed: %s (%d)",
+ db_strerror(rc), rc );
+ Debug( LDAP_DEBUG_ANY,
+ "=> " LDAP_XSTRING(bdb_tool_entry_put) ": %s\n",
+ text->bv_val, 0, 0 );
+ goto done;
+ }
+
+ /* id2entry index */
+ rc = bdb_id2entry_add( be, tid, e );
+ if( rc != 0 ) {
+ snprintf( text->bv_val, text->bv_len,
+ "id2entry_add failed: %s (%d)",
+ db_strerror(rc), rc );
+ Debug( LDAP_DEBUG_ANY,
+ "=> " LDAP_XSTRING(bdb_tool_entry_put) ": %s\n",
+ text->bv_val, 0, 0 );
+ goto done;
+ }
+
+done:
+ if( rc == 0 ) {
+ if ( !( slapMode & SLAP_TOOL_QUICK )) {
+ rc = TXN_COMMIT( tid, 0 );
+ if( rc != 0 ) {
+ snprintf( text->bv_val, text->bv_len,
+ "txn_commit failed: %s (%d)",
+ db_strerror(rc), rc );
+ Debug( LDAP_DEBUG_ANY,
+ "=> " LDAP_XSTRING(bdb_tool_entry_put) ": %s\n",
+ text->bv_val, 0, 0 );
+ e->e_id = NOID;
+ }
+ }
+
+ } else {
+ if ( !( slapMode & SLAP_TOOL_QUICK )) {
+ TXN_ABORT( tid );
+ snprintf( text->bv_val, text->bv_len,
+ "txn_aborted! %s (%d)",
+ db_strerror(rc), rc );
+ Debug( LDAP_DEBUG_ANY,
+ "=> " LDAP_XSTRING(bdb_tool_entry_put) ": %s\n",
+ text->bv_val, 0, 0 );
+ }
+ e->e_id = NOID;
+ }
+
+ return e->e_id;
+}
+
+int bdb_tool_entry_reindex(
+ BackendDB *be,
+ ID id )
+{
+ struct bdb_info *bi = (struct bdb_info *) be->be_private;
+ int rc;
+ Entry *e;
+ DB_TXN *tid = NULL;
+ Operation op = {0};
+ Opheader ohdr = {0};
+
+ Debug( LDAP_DEBUG_ARGS,
+ "=> " LDAP_XSTRING(bdb_tool_entry_reindex) "( %ld )\n",
+ (long) id, 0, 0 );
+
+ /* No indexes configured, nothing to do. Could return an
+ * error here to shortcut things.
+ */
+ if (!bi->bi_attrs) {
+ return 0;
+ }
+
+ /* Get the first attribute to index */
+ if (bi->bi_linear_index && !index_nattrs) {
+ index_nattrs = bi->bi_nattrs - 1;
+ bi->bi_nattrs = 1;
+ }
+
+ e = bdb_tool_entry_get( be, id );
+
+ if( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_tool_entry_reindex)
+ ": could not locate id=%ld\n",
+ (long) id, 0, 0 );
+ return -1;
+ }
+
+ if (! (slapMode & SLAP_TOOL_QUICK)) {
+ rc = TXN_BEGIN( bi->bi_dbenv, NULL, &tid, bi->bi_db_opflags );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "=> " LDAP_XSTRING(bdb_tool_entry_reindex) ": "
+ "txn_begin failed: %s (%d)\n",
+ db_strerror(rc), rc, 0 );
+ goto done;
+ }
+ }
+
+ /*
+ * just (re)add them for now
+ * assume that some other routine (not yet implemented)
+ * will zap index databases
+ *
+ */
+
+ Debug( LDAP_DEBUG_TRACE,
+ "=> " LDAP_XSTRING(bdb_tool_entry_reindex) "( %ld, \"%s\" )\n",
+ (long) id, e->e_dn, 0 );
+
+ op.o_hdr = &ohdr;
+ op.o_bd = be;
+ op.o_tmpmemctx = NULL;
+ op.o_tmpmfuncs = &ch_mfuncs;
+
+ rc = bdb_tool_index_add( &op, tid, e );
+
+done:
+ if( rc == 0 ) {
+ if (! (slapMode & SLAP_TOOL_QUICK)) {
+ rc = TXN_COMMIT( tid, 0 );
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "=> " LDAP_XSTRING(bdb_tool_entry_reindex)
+ ": txn_commit failed: %s (%d)\n",
+ db_strerror(rc), rc, 0 );
+ e->e_id = NOID;
+ }
+ }
+
+ } else {
+ if (! (slapMode & SLAP_TOOL_QUICK)) {
+ TXN_ABORT( tid );
+ Debug( LDAP_DEBUG_ANY,
+ "=> " LDAP_XSTRING(bdb_tool_entry_reindex)
+ ": txn_aborted! %s (%d)\n",
+ db_strerror(rc), rc, 0 );
+ }
+ e->e_id = NOID;
+ }
+ bdb_entry_release( &op, e, 0 );
+
+ return rc;
+}
+
+ID bdb_tool_entry_modify(
+ BackendDB *be,
+ Entry *e,
+ struct berval *text )
+{
+ int rc;
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ DB_TXN *tid = NULL;
+ Operation op = {0};
+ Opheader ohdr = {0};
+
+ assert( be != NULL );
+ assert( slapMode & SLAP_TOOL_MODE );
+
+ assert( text != NULL );
+ assert( text->bv_val != NULL );
+ assert( text->bv_val[0] == '\0' ); /* overconservative? */
+
+ assert ( e->e_id != NOID );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "=> " LDAP_XSTRING(bdb_tool_entry_modify) "( %ld, \"%s\" )\n",
+ (long) e->e_id, e->e_dn, 0 );
+
+ if (! (slapMode & SLAP_TOOL_QUICK)) {
+ rc = TXN_BEGIN( bdb->bi_dbenv, NULL, &tid,
+ bdb->bi_db_opflags );
+ if( rc != 0 ) {
+ snprintf( text->bv_val, text->bv_len,
+ "txn_begin failed: %s (%d)",
+ db_strerror(rc), rc );
+ Debug( LDAP_DEBUG_ANY,
+ "=> " LDAP_XSTRING(bdb_tool_entry_modify) ": %s\n",
+ text->bv_val, 0, 0 );
+ return NOID;
+ }
+ }
+
+ op.o_hdr = &ohdr;
+ op.o_bd = be;
+ op.o_tmpmemctx = NULL;
+ op.o_tmpmfuncs = &ch_mfuncs;
+
+ /* id2entry index */
+ rc = bdb_id2entry_update( be, tid, e );
+ if( rc != 0 ) {
+ snprintf( text->bv_val, text->bv_len,
+ "id2entry_add failed: %s (%d)",
+ db_strerror(rc), rc );
+ Debug( LDAP_DEBUG_ANY,
+ "=> " LDAP_XSTRING(bdb_tool_entry_modify) ": %s\n",
+ text->bv_val, 0, 0 );
+ goto done;
+ }
+
+done:
+ if( rc == 0 ) {
+ if (! (slapMode & SLAP_TOOL_QUICK)) {
+ rc = TXN_COMMIT( tid, 0 );
+ if( rc != 0 ) {
+ snprintf( text->bv_val, text->bv_len,
+ "txn_commit failed: %s (%d)",
+ db_strerror(rc), rc );
+ Debug( LDAP_DEBUG_ANY,
+ "=> " LDAP_XSTRING(bdb_tool_entry_modify) ": "
+ "%s\n", text->bv_val, 0, 0 );
+ e->e_id = NOID;
+ }
+ }
+
+ } else {
+ if (! (slapMode & SLAP_TOOL_QUICK)) {
+ TXN_ABORT( tid );
+ snprintf( text->bv_val, text->bv_len,
+ "txn_aborted! %s (%d)",
+ db_strerror(rc), rc );
+ Debug( LDAP_DEBUG_ANY,
+ "=> " LDAP_XSTRING(bdb_tool_entry_modify) ": %s\n",
+ text->bv_val, 0, 0 );
+ }
+ e->e_id = NOID;
+ }
+
+ return e->e_id;
+}
+
+#ifdef BDB_TOOL_IDL_CACHING
+static int
+bdb_tool_idl_cmp( const void *v1, const void *v2 )
+{
+ const bdb_tool_idl_cache *c1 = v1, *c2 = v2;
+ int rc;
+
+ if (( rc = c1->kstr.bv_len - c2->kstr.bv_len )) return rc;
+ return memcmp( c1->kstr.bv_val, c2->kstr.bv_val, c1->kstr.bv_len );
+}
+
+static int
+bdb_tool_idl_flush_one( void *v1, void *arg )
+{
+ bdb_tool_idl_cache *ic = v1;
+ DB *db = arg;
+ struct bdb_info *bdb = bdb_tool_info;
+ bdb_tool_idl_cache_entry *ice;
+ DBC *curs;
+ DBT key, data;
+ int i, rc;
+ ID id, nid;
+
+ /* Freshly allocated, ignore it */
+ if ( !ic->head && ic->count <= BDB_IDL_DB_SIZE ) {
+ return 0;
+ }
+
+ rc = db->cursor( db, NULL, &curs, 0 );
+ if ( rc )
+ return -1;
+
+ DBTzero( &key );
+ DBTzero( &data );
+
+ bv2DBT( &ic->kstr, &key );
+
+ data.size = data.ulen = sizeof( ID );
+ data.flags = DB_DBT_USERMEM;
+ data.data = &nid;
+
+ rc = curs->c_get( curs, &key, &data, DB_SET );
+ /* If key already exists and we're writing a range... */
+ if ( rc == 0 && ic->count > BDB_IDL_DB_SIZE ) {
+ /* If it's not currently a range, must delete old info */
+ if ( nid ) {
+ /* Skip lo */
+ while ( curs->c_get( curs, &key, &data, DB_NEXT_DUP ) == 0 )
+ curs->c_del( curs, 0 );
+
+ nid = 0;
+ /* Store range marker */
+ curs->c_put( curs, &key, &data, DB_KEYFIRST );
+ } else {
+
+ /* Skip lo */
+ rc = curs->c_get( curs, &key, &data, DB_NEXT_DUP );
+
+ /* Get hi */
+ rc = curs->c_get( curs, &key, &data, DB_NEXT_DUP );
+
+ /* Delete hi */
+ curs->c_del( curs, 0 );
+ }
+ BDB_ID2DISK( ic->last, &nid );
+ curs->c_put( curs, &key, &data, DB_KEYLAST );
+ rc = 0;
+ } else if ( rc && rc != DB_NOTFOUND ) {
+ rc = -1;
+ } else if ( ic->count > BDB_IDL_DB_SIZE ) {
+ /* range, didn't exist before */
+ nid = 0;
+ rc = curs->c_put( curs, &key, &data, DB_KEYLAST );
+ if ( rc == 0 ) {
+ BDB_ID2DISK( ic->first, &nid );
+ rc = curs->c_put( curs, &key, &data, DB_KEYLAST );
+ if ( rc == 0 ) {
+ BDB_ID2DISK( ic->last, &nid );
+ rc = curs->c_put( curs, &key, &data, DB_KEYLAST );
+ }
+ }
+ if ( rc ) {
+ rc = -1;
+ }
+ } else {
+ int n;
+
+ /* Just a normal write */
+ rc = 0;
+ for ( ice = ic->head, n=0; ice; ice = ice->next, n++ ) {
+ int end;
+ if ( ice->next ) {
+ end = IDBLOCK;
+ } else {
+ end = ic->count & (IDBLOCK-1);
+ if ( !end )
+ end = IDBLOCK;
+ }
+ for ( i=0; i<end; i++ ) {
+ if ( !ice->ids[i] ) continue;
+ BDB_ID2DISK( ice->ids[i], &nid );
+ rc = curs->c_put( curs, &key, &data, DB_NODUPDATA );
+ if ( rc ) {
+ if ( rc == DB_KEYEXIST ) {
+ rc = 0;
+ continue;
+ }
+ rc = -1;
+ break;
+ }
+ }
+ if ( rc ) {
+ rc = -1;
+ break;
+ }
+ }
+ if ( ic->head ) {
+ ldap_pvt_thread_mutex_lock( &bdb->bi_idl_tree_lrulock );
+ ic->tail->next = bdb_tool_idl_free_list;
+ bdb_tool_idl_free_list = ic->head;
+ bdb->bi_idl_cache_size -= n;
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_idl_tree_lrulock );
+ }
+ }
+ if ( ic != db->app_private ) {
+ ch_free( ic );
+ } else {
+ ic->head = ic->tail = NULL;
+ }
+ curs->c_close( curs );
+ return rc;
+}
+
+static int
+bdb_tool_idl_flush_db( DB *db, bdb_tool_idl_cache *ic )
+{
+ Avlnode *root = db->app_private;
+ int rc;
+
+ db->app_private = ic;
+ rc = avl_apply( root, bdb_tool_idl_flush_one, db, -1, AVL_INORDER );
+ avl_free( root, NULL );
+ db->app_private = NULL;
+ if ( rc != -1 )
+ rc = 0;
+ return rc;
+}
+
+static int
+bdb_tool_idl_flush( BackendDB *be )
+{
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ DB *db;
+ Avlnode *root;
+ int i, rc = 0;
+
+ for ( i=BDB_NDB; i < bdb->bi_ndatabases; i++ ) {
+ db = bdb->bi_databases[i]->bdi_db;
+ if ( !db->app_private ) continue;
+ rc = bdb_tool_idl_flush_db( db, NULL );
+ if ( rc )
+ break;
+ }
+ if ( !rc ) {
+ bdb->bi_idl_cache_size = 0;
+ }
+ return rc;
+}
+
+int bdb_tool_idl_add(
+ BackendDB *be,
+ DB *db,
+ DB_TXN *txn,
+ DBT *key,
+ ID id )
+{
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ bdb_tool_idl_cache *ic, itmp;
+ bdb_tool_idl_cache_entry *ice;
+ int rc;
+
+ if ( !bdb->bi_idl_cache_max_size )
+ return bdb_idl_insert_key( be, db, txn, key, id );
+
+ DBT2bv( key, &itmp.kstr );
+
+ ic = avl_find( (Avlnode *)db->app_private, &itmp, bdb_tool_idl_cmp );
+
+ /* No entry yet, create one */
+ if ( !ic ) {
+ DBC *curs;
+ DBT data;
+ ID nid;
+ int rc;
+
+ ic = ch_malloc( sizeof( bdb_tool_idl_cache ) + itmp.kstr.bv_len );
+ ic->kstr.bv_len = itmp.kstr.bv_len;
+ ic->kstr.bv_val = (char *)(ic+1);
+ AC_MEMCPY( ic->kstr.bv_val, itmp.kstr.bv_val, ic->kstr.bv_len );
+ ic->head = ic->tail = NULL;
+ ic->last = 0;
+ ic->count = 0;
+ avl_insert( (Avlnode **)&db->app_private, ic, bdb_tool_idl_cmp,
+ avl_dup_error );
+
+ /* load existing key count here */
+ rc = db->cursor( db, NULL, &curs, 0 );
+ if ( rc ) return rc;
+
+ data.ulen = sizeof( ID );
+ data.flags = DB_DBT_USERMEM;
+ data.data = &nid;
+ rc = curs->c_get( curs, key, &data, DB_SET );
+ if ( rc == 0 ) {
+ if ( nid == 0 ) {
+ ic->count = BDB_IDL_DB_SIZE+1;
+ } else {
+ db_recno_t count;
+
+ curs->c_count( curs, &count, 0 );
+ ic->count = count;
+ BDB_DISK2ID( &nid, &ic->first );
+ }
+ }
+ curs->c_close( curs );
+ }
+ /* are we a range already? */
+ if ( ic->count > BDB_IDL_DB_SIZE ) {
+ ic->last = id;
+ return 0;
+ /* Are we at the limit, and converting to a range? */
+ } else if ( ic->count == BDB_IDL_DB_SIZE ) {
+ int n;
+ for ( ice = ic->head, n=0; ice; ice = ice->next, n++ )
+ /* counting */ ;
+ if ( n ) {
+ ldap_pvt_thread_mutex_lock( &bdb->bi_idl_tree_lrulock );
+ ic->tail->next = bdb_tool_idl_free_list;
+ bdb_tool_idl_free_list = ic->head;
+ bdb->bi_idl_cache_size -= n;
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_idl_tree_lrulock );
+ }
+ ic->head = ic->tail = NULL;
+ ic->last = id;
+ ic->count++;
+ return 0;
+ }
+ /* No free block, create that too */
+ if ( !ic->tail || ( ic->count & (IDBLOCK-1)) == 0) {
+ ice = NULL;
+ ldap_pvt_thread_mutex_lock( &bdb->bi_idl_tree_lrulock );
+ if ( bdb->bi_idl_cache_size >= bdb->bi_idl_cache_max_size ) {
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_idl_tree_lrulock );
+ rc = bdb_tool_idl_flush_db( db, ic );
+ if ( rc )
+ return rc;
+ avl_insert( (Avlnode **)&db->app_private, ic, bdb_tool_idl_cmp,
+ avl_dup_error );
+ ldap_pvt_thread_mutex_lock( &bdb->bi_idl_tree_lrulock );
+ }
+ bdb->bi_idl_cache_size++;
+ if ( bdb_tool_idl_free_list ) {
+ ice = bdb_tool_idl_free_list;
+ bdb_tool_idl_free_list = ice->next;
+ }
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_idl_tree_lrulock );
+ if ( !ice ) {
+ ice = ch_malloc( sizeof( bdb_tool_idl_cache_entry ));
+ }
+ memset( ice, 0, sizeof( *ice ));
+ if ( !ic->head ) {
+ ic->head = ice;
+ } else {
+ ic->tail->next = ice;
+ }
+ ic->tail = ice;
+ if ( !ic->count )
+ ic->first = id;
+ }
+ ice = ic->tail;
+ ice->ids[ ic->count & (IDBLOCK-1) ] = id;
+ ic->count++;
+
+ return 0;
+}
+#endif
+
+static void *
+bdb_tool_index_task( void *ctx, void *ptr )
+{
+ int base = *(int *)ptr;
+
+ free( ptr );
+ while ( 1 ) {
+ ldap_pvt_thread_mutex_lock( &bdb_tool_index_mutex );
+ bdb_tool_index_tcount--;
+ ldap_pvt_thread_cond_wait( &bdb_tool_index_cond,
+ &bdb_tool_index_mutex );
+ ldap_pvt_thread_mutex_unlock( &bdb_tool_index_mutex );
+ if ( slapd_shutdown )
+ break;
+
+ bdb_tool_index_threads[base] = bdb_index_recrun( bdb_tool_ix_op,
+ bdb_tool_info, bdb_tool_index_rec, bdb_tool_ix_id, base );
+ }
+
+ return NULL;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/trans.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/trans.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-bdb/trans.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,56 @@
+/* trans.c - bdb backend transaction routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/trans.c,v 1.6.2.3 2007/01/02 21:44:00 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-bdb.h"
+#include "lber_pvt.h"
+#include "lutil.h"
+
+
+/* Congestion avoidance code
+ * for Deadlock Rollback
+ */
+
+void
+bdb_trans_backoff( int num_retries )
+{
+ int i;
+ int delay = 0;
+ int pow_retries = 1;
+ unsigned long key = 0;
+ unsigned long max_key = -1;
+ struct timeval timeout;
+
+ lutil_entropy( (unsigned char *) &key, sizeof( unsigned long ));
+
+ for ( i = 0; i < num_retries; i++ ) {
+ if ( i >= 5 ) break;
+ pow_retries *= 4;
+ }
+
+ delay = 16384 * (key * (double) pow_retries / (double) max_key);
+ delay = delay ? delay : 1;
+
+ Debug( LDAP_DEBUG_TRACE, "delay = %d, num_retries = %d\n", delay, num_retries, 0 );
+
+ timeout.tv_sec = delay / 1000000;
+ timeout.tv_usec = delay % 1000000;
+ select( 0, NULL, NULL, NULL, &timeout );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,46 @@
+# Makefile.in for back-dnssrv
+# $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/Makefile.in,v 1.12.2.4 2007/01/02 21:44:01 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## Portions Copyright 1998-2003 Kurt D. Zeilenga.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# ACKNOWLEDGEMENTS:
+# The DNSSRV backend was written by Kurt D. Zeilenga.
+#
+
+SRCS = init.c bind.c search.c config.c referral.c
+OBJS = init.lo bind.lo search.lo config.lo referral.lo
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-dnssrv"
+BUILD_MOD = @BUILD_DNSSRV@
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(@BUILD_DNSSRV at _DEFS)
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+
+LIBBASE = back_dnssrv
+
+XINCPATH = -I.. -I$(srcdir)/..
+XDEFS = $(MODULES_CPPFLAGS)
+
+all-local-lib: ../.backend
+
+../.backend: lib$(LIBBASE).a
+ @touch $@
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/bind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/bind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/bind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,67 @@
+/* bind.c - DNS SRV backend bind function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/bind.c,v 1.19.2.5 2007/01/02 21:44:01 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2000-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by Kurt D. Zeilenga for inclusion
+ * in OpenLDAP Software.
+ */
+
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "proto-dnssrv.h"
+
+int
+dnssrv_back_bind(
+ Operation *op,
+ SlapReply *rs )
+{
+ Debug( LDAP_DEBUG_TRACE, "DNSSRV: bind %s (%d)\n",
+ op->o_req_dn.bv_val == NULL ? "" : op->o_req_dn.bv_val,
+ op->oq_bind.rb_method, NULL );
+
+ if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE &&
+ !BER_BVISNULL( &op->oq_bind.rb_cred ) &&
+ !BER_BVISEMPTY( &op->oq_bind.rb_cred ) )
+ {
+ Statslog( LDAP_DEBUG_STATS,
+ "%s DNSSRV BIND dn=\"%s\" provided passwd\n",
+ op->o_log_prefix,
+ BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val , 0, 0, 0 );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "DNSSRV: BIND dn=\"%s\" provided cleartext password\n",
+ BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val, 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "you shouldn't send strangers your password" );
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE, "DNSSRV: BIND dn=\"%s\"\n",
+ BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val, 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "anonymous bind expected" );
+ }
+
+ return 1;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/compare.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/compare.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/compare.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,46 @@
+/* compare.c - DNS SRV backend compare function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/compare.c,v 1.16.2.4 2007/01/02 21:44:01 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2000-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by Kurt D. Zeilenga for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "proto-dnssrv.h"
+
+int
+dnssrv_back_compare(
+ Operation *op,
+ SlapReply *rs
+)
+{
+#if 0
+ assert( get_manageDSAit( op ) );
+#endif
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "Operation not supported within naming context" );
+
+ /* not implemented */
+ return 1;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/config.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/config.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/config.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,52 @@
+/* config.c - DNS SRV backend configuration file routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/config.c,v 1.13.2.5 2007/01/02 21:44:01 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2000-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by Kurt D. Zeilenga for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "proto-dnssrv.h"
+
+int
+dnssrv_back_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+#if 0
+ struct ldapinfo *li = (struct ldapinfo *) be->be_private;
+
+ if ( li == NULL ) {
+ fprintf( stderr, "%s: line %d: DNSSRV backend info is null!\n",
+ fname, lineno );
+ return( 1 );
+ }
+#endif
+
+ /* no configuration options (yet) */
+ return SLAP_CONF_UNKNOWN;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/init.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/init.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/init.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,112 @@
+/* init.c - initialize ldap backend */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/init.c,v 1.24.2.6 2007/01/02 21:44:01 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2000-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by Kurt D. Zeilenga for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "proto-dnssrv.h"
+
+int
+dnssrv_back_initialize(
+ BackendInfo *bi )
+{
+ static char *controls[] = {
+ LDAP_CONTROL_MANAGEDSAIT,
+ NULL
+ };
+
+ bi->bi_controls = controls;
+
+ bi->bi_open = dnssrv_back_open;
+ bi->bi_config = 0;
+ bi->bi_close = 0;
+ bi->bi_destroy = 0;
+
+ bi->bi_db_init = 0;
+ bi->bi_db_destroy = 0;
+ bi->bi_db_config = dnssrv_back_db_config;
+ bi->bi_db_open = 0;
+ bi->bi_db_close = 0;
+
+ bi->bi_chk_referrals = dnssrv_back_referrals;
+
+ bi->bi_op_bind = dnssrv_back_bind;
+ bi->bi_op_search = dnssrv_back_search;
+ bi->bi_op_compare = 0 /* dnssrv_back_compare */;
+ bi->bi_op_modify = 0;
+ bi->bi_op_modrdn = 0;
+ bi->bi_op_add = 0;
+ bi->bi_op_delete = 0;
+ bi->bi_op_abandon = 0;
+ bi->bi_op_unbind = 0;
+
+ bi->bi_extended = 0;
+
+ bi->bi_connection_init = 0;
+ bi->bi_connection_destroy = 0;
+
+#ifdef SLAP_OVERLAY_ACCESS
+ bi->bi_access_allowed = slap_access_always_allowed;
+#endif /* SLAP_OVERLAY_ACCESS */
+
+ return 0;
+}
+
+AttributeDescription *ad_dc;
+AttributeDescription *ad_associatedDomain;
+
+int
+dnssrv_back_open(
+ BackendInfo *bi )
+{
+ const char *text;
+
+ (void)slap_str2ad( "dc", &ad_dc, &text );
+ (void)slap_str2ad( "associatedDomain", &ad_associatedDomain, &text );
+
+ return 0;
+}
+
+int
+dnssrv_back_db_init(
+ Backend *be )
+{
+ return 0;
+}
+
+int
+dnssrv_back_db_destroy(
+ Backend *be )
+{
+ return 0;
+}
+
+#if SLAPD_DNSSRV == SLAPD_MOD_DYNAMIC
+
+/* conditionally define the init_module() function */
+SLAP_BACKEND_INIT_MODULE( dnssrv )
+
+#endif /* SLAPD_DNSSRV == SLAPD_MOD_DYNAMIC */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/proto-dnssrv.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/proto-dnssrv.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/proto-dnssrv.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,46 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/proto-dnssrv.h,v 1.2.2.5 2007/01/02 21:44:01 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by Kurt D. Zeilenga for inclusion
+ * in OpenLDAP Software.
+ */
+
+#ifndef PROTO_DNSSRV_H
+#define PROTO_DNSSRV_H
+
+LDAP_BEGIN_DECL
+
+extern BI_init dnssrv_back_initialize;
+
+extern BI_open dnssrv_back_open;
+extern BI_close dnssrv_back_close;
+extern BI_destroy dnssrv_back_destroy;
+
+extern BI_db_init dnssrv_back_db_init;
+extern BI_db_destroy dnssrv_back_db_destroy;
+extern BI_db_config dnssrv_back_db_config;
+
+extern BI_op_bind dnssrv_back_bind;
+extern BI_op_search dnssrv_back_search;
+extern BI_op_compare dnssrv_back_compare;
+
+extern BI_chk_referrals dnssrv_back_referrals;
+
+extern AttributeDescription *ad_dc;
+extern AttributeDescription *ad_associatedDomain;
+
+LDAP_END_DECL
+
+#endif /* PROTO_DNSSRV_H */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/referral.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/referral.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/referral.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,131 @@
+/* referral.c - DNS SRV backend referral handler */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/referral.c,v 1.17.2.6 2007/01/02 21:44:01 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2000-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by Kurt D. Zeilenga for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "proto-dnssrv.h"
+
+int
+dnssrv_back_referrals(
+ Operation *op,
+ SlapReply *rs )
+{
+ int i;
+ int rc = LDAP_OTHER;
+ char *domain = NULL;
+ char *hostlist = NULL;
+ char **hosts = NULL;
+ BerVarray urls = NULL;
+
+ if ( BER_BVISEMPTY( &op->o_req_dn ) ) {
+#ifdef LDAP_DEVEL
+ /* FIXME: need some means to determine whether the database
+ * is a glue instance */
+ if ( SLAP_GLUE_INSTANCE( op->o_bd ) ) {
+ return LDAP_SUCCESS;
+ }
+#endif /* LDAP_DEVEL */
+
+ rs->sr_text = "DNS SRV operation upon null (empty) DN disallowed";
+ return LDAP_UNWILLING_TO_PERFORM;
+ }
+
+ if( get_manageDSAit( op ) ) {
+ if( op->o_tag == LDAP_REQ_SEARCH ) {
+ return LDAP_SUCCESS;
+ }
+
+ rs->sr_text = "DNS SRV problem processing manageDSAit control";
+ return LDAP_OTHER;
+ }
+
+ if( ldap_dn2domain( op->o_req_dn.bv_val, &domain ) || domain == NULL ) {
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_ref = default_referral;
+ send_ldap_result( op, rs );
+ rs->sr_ref = NULL;
+ return LDAP_REFERRAL;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> domain=\"%s\"\n",
+ op->o_req_dn.bv_val, domain, 0 );
+
+ i = ldap_domain2hostlist( domain, &hostlist );
+ if ( i ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "DNSSRV: domain2hostlist(%s) returned %d\n",
+ domain, i, 0 );
+ rs->sr_text = "no DNS SRV RR available for DN";
+ rc = LDAP_NO_SUCH_OBJECT;
+ goto done;
+ }
+
+ hosts = ldap_str2charray( hostlist, " " );
+
+ if( hosts == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "DNSSRV: str2charrary error\n", 0, 0, 0 );
+ rs->sr_text = "problem processing DNS SRV records for DN";
+ goto done;
+ }
+
+ for( i=0; hosts[i] != NULL; i++) {
+ struct berval url;
+
+ url.bv_len = STRLENOF( "ldap://" ) + strlen( hosts[i] );
+ url.bv_val = ch_malloc( url.bv_len + 1 );
+
+ strcpy( url.bv_val, "ldap://" );
+ strcpy( &url.bv_val[STRLENOF( "ldap://" )], hosts[i] );
+
+ if ( ber_bvarray_add( &urls, &url ) < 0 ) {
+ free( url.bv_val );
+ rs->sr_text = "problem processing DNS SRV records for DN";
+ goto done;
+ }
+ }
+
+ Statslog( LDAP_DEBUG_STATS,
+ "%s DNSSRV p=%d dn=\"%s\" url=\"%s\"\n",
+ op->o_log_prefix, op->o_protocol,
+ op->o_req_dn.bv_val, urls[0].bv_val, 0 );
+
+ Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> url=\"%s\"\n",
+ op->o_req_dn.bv_val, urls[0].bv_val, 0 );
+
+ rs->sr_ref = urls;
+ send_ldap_error( op, rs, LDAP_REFERRAL,
+ "DNS SRV generated referrals" );
+ rs->sr_ref = NULL;
+ rc = LDAP_REFERRAL;
+
+done:
+ if( domain != NULL ) ch_free( domain );
+ if( hostlist != NULL ) ch_free( hostlist );
+ if( hosts != NULL ) ldap_charray_free( hosts );
+ ber_bvarray_free( urls );
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/search.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/search.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-dnssrv/search.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,242 @@
+/* search.c - DNS SRV backend search function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/search.c,v 1.35.2.6 2007/01/02 21:44:01 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2000-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by Kurt D. Zeilenga for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "slap.h"
+#include "proto-dnssrv.h"
+
+int
+dnssrv_back_search(
+ Operation *op,
+ SlapReply *rs )
+{
+ int i;
+ int rc;
+ char *domain = NULL;
+ char *hostlist = NULL;
+ char **hosts = NULL;
+ char *refdn;
+ struct berval nrefdn = BER_BVNULL;
+ BerVarray urls = NULL;
+ int manageDSAit;
+
+ rs->sr_ref = NULL;
+
+ if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
+#ifdef LDAP_DEVEL
+ /* FIXME: need some means to determine whether the database
+ * is a glue instance; if we got here with empty DN, then
+ * we passed this same test in dnssrv_back_referrals() */
+ if ( !SLAP_GLUE_INSTANCE( op->o_bd ) ) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "DNS SRV operation upon null (empty) DN disallowed";
+
+ } else {
+ rs->sr_err = LDAP_SUCCESS;
+ }
+ goto done;
+#endif /* LDAP_DEVEL */
+ }
+
+ manageDSAit = get_manageDSAit( op );
+ /*
+ * FIXME: we may return a referral if manageDSAit is not set
+ */
+ if ( !manageDSAit ) {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "manageDSAit must be set" );
+ goto done;
+ }
+
+ if( ldap_dn2domain( op->o_req_dn.bv_val, &domain ) || domain == NULL ) {
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_ref = default_referral;
+ send_ldap_result( op, rs );
+ rs->sr_ref = NULL;
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> domain=\"%s\"\n",
+ op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", domain, 0 );
+
+ if( ( rc = ldap_domain2hostlist( domain, &hostlist ) ) ) {
+ Debug( LDAP_DEBUG_TRACE, "DNSSRV: domain2hostlist returned %d\n",
+ rc, 0, 0 );
+ send_ldap_error( op, rs, LDAP_NO_SUCH_OBJECT,
+ "no DNS SRV RR available for DN" );
+ goto done;
+ }
+
+ hosts = ldap_str2charray( hostlist, " " );
+
+ if( hosts == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "DNSSRV: str2charrary error\n", 0, 0, 0 );
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "problem processing DNS SRV records for DN" );
+ goto done;
+ }
+
+ for( i=0; hosts[i] != NULL; i++) {
+ struct berval url;
+
+ url.bv_len = STRLENOF( "ldap://" ) + strlen(hosts[i]);
+ url.bv_val = ch_malloc( url.bv_len + 1 );
+
+ strcpy( url.bv_val, "ldap://" );
+ strcpy( &url.bv_val[STRLENOF( "ldap://" )], hosts[i] );
+
+ if( ber_bvarray_add( &urls, &url ) < 0 ) {
+ free( url.bv_val );
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "problem processing DNS SRV records for DN" );
+ goto done;
+ }
+ }
+
+ Statslog( LDAP_DEBUG_STATS,
+ "%s DNSSRV p=%d dn=\"%s\" url=\"%s\"\n",
+ op->o_log_prefix, op->o_protocol,
+ op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", urls[0].bv_val, 0 );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "DNSSRV: ManageDSAit scope=%d dn=\"%s\" -> url=\"%s\"\n",
+ op->oq_search.rs_scope,
+ op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "",
+ urls[0].bv_val );
+
+ rc = ldap_domain2dn(domain, &refdn);
+
+ if( rc != LDAP_SUCCESS ) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "DNS SRV problem processing manageDSAit control" );
+ goto done;
+
+ } else {
+ struct berval bv;
+ bv.bv_val = refdn;
+ bv.bv_len = strlen( refdn );
+
+ rc = dnNormalize( 0, NULL, NULL, &bv, &nrefdn, op->o_tmpmemctx );
+ if( rc != LDAP_SUCCESS ) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "DNS SRV problem processing manageDSAit control" );
+ goto done;
+ }
+ }
+
+ if( !dn_match( &nrefdn, &op->o_req_ndn ) ) {
+ /* requested dn is subordinate */
+
+ Debug( LDAP_DEBUG_TRACE,
+ "DNSSRV: dn=\"%s\" subordinate to refdn=\"%s\"\n",
+ op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "",
+ refdn == NULL ? "" : refdn,
+ NULL );
+
+ rs->sr_matched = refdn;
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ send_ldap_result( op, rs );
+ rs->sr_matched = NULL;
+
+ } else if ( op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
+ send_ldap_error( op, rs, LDAP_SUCCESS, NULL );
+
+ } else {
+ Entry e = { 0 };
+ AttributeDescription *ad_objectClass
+ = slap_schema.si_ad_objectClass;
+ AttributeDescription *ad_ref = slap_schema.si_ad_ref;
+ e.e_name.bv_val = strdup( op->o_req_dn.bv_val );
+ e.e_name.bv_len = op->o_req_dn.bv_len;
+ e.e_nname.bv_val = strdup( op->o_req_ndn.bv_val );
+ e.e_nname.bv_len = op->o_req_ndn.bv_len;
+
+ e.e_attrs = NULL;
+ e.e_private = NULL;
+
+ attr_merge_one( &e, ad_objectClass, &slap_schema.si_oc_referral->soc_cname, NULL );
+ attr_merge_one( &e, ad_objectClass, &slap_schema.si_oc_extensibleObject->soc_cname, NULL );
+
+ if ( ad_dc ) {
+ char *p;
+ struct berval bv;
+
+ bv.bv_val = domain;
+
+ p = strchr( bv.bv_val, '.' );
+
+ if ( p == bv.bv_val ) {
+ bv.bv_len = 1;
+
+ } else if ( p != NULL ) {
+ bv.bv_len = p - bv.bv_val;
+
+ } else {
+ bv.bv_len = strlen( bv.bv_val );
+ }
+
+ attr_merge_normalize_one( &e, ad_dc, &bv, NULL );
+ }
+
+ if ( ad_associatedDomain ) {
+ struct berval bv;
+
+ ber_str2bv( domain, 0, 0, &bv );
+ attr_merge_normalize_one( &e, ad_associatedDomain, &bv, NULL );
+ }
+
+ attr_merge_normalize_one( &e, ad_ref, urls, NULL );
+
+ rc = test_filter( op, &e, op->oq_search.rs_filter );
+
+ if( rc == LDAP_COMPARE_TRUE ) {
+ rs->sr_entry = &e;
+ rs->sr_attrs = op->oq_search.rs_attrs;
+ rs->sr_flags = REP_ENTRY_MODIFIABLE;
+ send_search_entry( op, rs );
+ rs->sr_entry = NULL;
+ rs->sr_attrs = NULL;
+ }
+
+ entry_clean( &e );
+
+ rs->sr_err = LDAP_SUCCESS;
+ send_ldap_result( op, rs );
+ }
+
+ if ( refdn ) free( refdn );
+ if ( nrefdn.bv_val ) free( nrefdn.bv_val );
+
+done:
+ if( domain != NULL ) ch_free( domain );
+ if( hostlist != NULL ) ch_free( hostlist );
+ if( hosts != NULL ) ldap_charray_free( hosts );
+ if( urls != NULL ) ber_bvarray_free( urls );
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-hdb/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-hdb/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-hdb/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,68 @@
+# Makefile for back-hdb
+# $OpenLDAP: pkg/ldap/servers/slapd/back-hdb/Makefile.in,v 1.9.2.5 2007/01/02 21:44:01 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Copyright 2003 Howard Chu @ Symas Corp. See master COPYRIGHT file for terms.
+
+XXDIR = $(srcdir)/../back-bdb
+
+XXSRCS = init.c tools.c config.c \
+ add.c bind.c compare.c delete.c modify.c modrdn.c search.c \
+ extended.c referral.c operational.c \
+ attr.c index.c key.c dbcache.c filterindex.c trans.c \
+ dn2entry.c dn2id.c error.c id2entry.c idl.c nextid.c cache.c
+SRCS = $(XXSRCS)
+OBJS = init.lo tools.lo config.lo \
+ add.lo bind.lo compare.lo delete.lo modify.lo modrdn.lo search.lo \
+ extended.lo referral.lo operational.lo \
+ attr.lo index.lo key.lo dbcache.lo filterindex.lo trans.lo \
+ dn2entry.lo dn2id.lo error.lo id2entry.lo idl.lo nextid.lo cache.lo
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-hdb"
+BUILD_MOD = @BUILD_HDB@
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(@BUILD_HDB at _DEFS)
+MOD_LIBS = $(LDBM_LIBS)
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+
+.links : Makefile
+ @for i in $(XXSRCS); do \
+ $(RM) $$i; \
+ $(LN_S) $(XXDIR)/$$i . ; \
+ done
+ touch .links
+
+$(XXSRCS) : .links
+
+LIBBASE = back_hdb
+
+XINCPATH = -I.. -I$(srcdir)/.. -I$(srcdir) -I$(XXDIR)
+XDEFS = $(MODULES_CPPFLAGS)
+
+depend-common: .links
+
+all-local-lib: ../.backend
+
+../.backend: lib$(LIBBASE).a
+ @touch $@
+
+veryclean-local: FORCE
+ $(RM) $(XXSRCS) .links
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-hdb/back-bdb.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-hdb/back-bdb.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-hdb/back-bdb.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,31 @@
+/* back-bdb.h - hdb back-end header file */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-hdb/back-bdb.h,v 1.3.2.3 2007/01/02 21:44:01 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2003 Howard Chu @ Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by Howard Chu for inclusion
+ * in OpenLDAP Software.
+ */
+
+#ifndef _BACK_HDB_H_
+#define _BACK_HDB_H_
+
+#ifndef BDB_HIER
+#define BDB_HIER 1
+#endif
+
+#include "../back-bdb/back-bdb.h"
+
+#endif /* _BACK_HDB_H_ */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,43 @@
+# Makefile.in for back-ldap
+# $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/Makefile.in,v 1.26.2.3 2007/01/02 21:44:01 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SRCS = init.c config.c search.c bind.c unbind.c add.c compare.c \
+ delete.c modify.c modrdn.c extended.c chain.c
+OBJS = init.lo config.lo search.lo bind.lo unbind.lo add.lo compare.lo \
+ delete.lo modify.lo modrdn.lo extended.lo chain.lo
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-ldap"
+BUILD_MOD = @BUILD_LDAP@
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(@BUILD_LDAP at _DEFS)
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+
+LIBBASE = back_ldap
+
+XINCPATH = -I.. -I$(srcdir)/..
+XDEFS = $(MODULES_CPPFLAGS)
+
+all-local-lib: ../.backend
+
+../.backend: lib$(LIBBASE).a
+ @touch $@
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/TODO.proxy
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/TODO.proxy (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/TODO.proxy 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,101 @@
+back-proxy
+
+A proxy that handles a pool of URI associated to a unique suffix.
+Each request is spread over the different URIs and results are
+masqueraded to appear as coming from a unique server.
+
+Suppose a company has two branches, whose existing DS have URIs
+
+"ldap://ldap.branch1.com/o=Branch 1, c=US"
+"ldap://ldap.branch2.it/o=Branch 2, c=IT"
+
+and it wants to propose to the outer world as a unique URI
+
+"ldap://ldap.company.net/dc=company, dc=net"
+
+It could do some rewriting to map everything that comes in with a base DN
+of "o=Branch 1, dc=company, dc=net" as the URI of the Branch 1, and
+everything that comes in with a base DN of "o=Branch 2, dc=company, dc=net"
+as the URI of Branch 2, and by rewriting all the DNs back to the new, uniform
+base. Everything that comes in with a base DN of "dc=company, dc=net" should
+be handled locally and propagated to the two branch URIs if a subtree
+(or at least onelevel) search is required.
+
+Operations:
+
+- bind
+- unbind
+- search
+- compare
+- add
+- modify
+- modrdn
+- delete
+- abandon
+
+The input of each operation may be related to:
+
+ exact DN exact parent ancestor
+-------------------------------------------------------------
+bind x
+unbind
+search x x x
+compare x
+add x
+modify x
+modrdn x
+delete x
+abandon
+
+The backend must rely on a DN fetching mechanism. Each operation requires
+to determine as early as possible which URI will be able to satisfy it.
+Apart from searches, which by definition are usually allowed to return
+multiple results, and apart from unbind and abandon, which do not return any
+result, all the remaining operations require the related entry to be unique.
+
+A major problem isposed by the uniqueness of the DNs. As far as the suffixes
+are masqueraded by a common suffix, the DNs are no longer guaranteed to be
+unique. This backend relies on the assumption that the uniqueness of the
+DNs is guaranteed.
+
+Two layers of depth in DN fetching are envisaged.
+The first layer is provided by a backend-side cache made of previously
+retrieved entries. The cache relates each RDN (i.e. the DN apart from the
+common suffix) to the pool of URIs that are expected to contain a subset
+of its children.
+
+The second layer is provided by a fetching function that spawns a search for
+each URI in the pool determined by the cache if the correct URI has not been
+directly determined.
+
+Note that, as the remote servers may have been updated by some direct
+operation, this mechanism does not guarantee the uniqueness of the result.
+So write operations will require to skip the cache search and to perform
+the exaustive search of all the URIs unless some hint mechanism is provided
+to the backend (e.g. a server is read-only).
+
+Again, the lag between the fetching of the required DN and the actual
+read/write may result in a failure; however, this applies to any LDAP
+operation AFAIK.
+
+- bind
+if updates are to be strictly honored, a bind operation is performed against
+each URI; otherwise, it is performed against the URIs resulting from a
+cache-level DN fetch.
+
+- unbind
+nothing to say; all the open handles related to the connection are reset.
+
+- search
+if updates are to be strictly honored, a search operation is performed agaist
+each URI. Note that this needs be performed also when the backend suffix
+is used as base. In case the base is stricter, the URI pool may be restricted
+by performing a cache DN fetch of the base first.
+
+- compare
+the same applies to the compare DN.
+
+- add
+this operation is delicate. Unless the DN up to the top-level part excluded
+can be uniquely associated to a URI, and unless its uniqueness can be trusted,
+no add operation should be allowed.
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/add.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/add.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/add.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,136 @@
+/* add.c - ldap backend add function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/add.c,v 1.53.2.11 2007/01/13 11:19:06 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldap.h"
+
+int
+ldap_back_add(
+ Operation *op,
+ SlapReply *rs )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+
+ ldapconn_t *lc = NULL;
+ int i = 0,
+ j = 0;
+ Attribute *a;
+ LDAPMod **attrs = NULL,
+ *attrs2 = NULL;
+ ber_int_t msgid;
+ int isupdate;
+ ldap_back_send_t retrying = LDAP_BACK_RETRYING;
+ LDAPControl **ctrls = NULL;
+
+ rs->sr_err = LDAP_SUCCESS;
+
+ Debug( LDAP_DEBUG_ARGS, "==> ldap_back_add(\"%s\")\n",
+ op->o_req_dn.bv_val, 0, 0 );
+
+ if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ lc = NULL;
+ goto cleanup;
+ }
+
+ /* Count number of attributes in entry */
+ for ( i = 1, a = op->oq_add.rs_e->e_attrs; a; i++, a = a->a_next )
+ /* just count attrs */ ;
+
+ /* Create array of LDAPMods for ldap_add() */
+ attrs = (LDAPMod **)ch_malloc( sizeof( LDAPMod * )*i
+ + sizeof( LDAPMod )*( i - 1 ) );
+ attrs2 = ( LDAPMod * )&attrs[ i ];
+
+ isupdate = be_shadow_update( op );
+ for ( i = 0, a = op->oq_add.rs_e->e_attrs; a; a = a->a_next ) {
+ if ( !isupdate && !get_manageDIT( op ) && a->a_desc->ad_type->sat_no_user_mod )
+ {
+ continue;
+ }
+
+ attrs[ i ] = &attrs2[ i ];
+ attrs[ i ]->mod_op = LDAP_MOD_BVALUES;
+ attrs[ i ]->mod_type = a->a_desc->ad_cname.bv_val;
+
+ for ( j = 0; a->a_vals[ j ].bv_val; j++ )
+ /* just count vals */ ;
+ attrs[i]->mod_vals.modv_bvals =
+ ch_malloc( ( j + 1 )*sizeof( struct berval * ) );
+ for ( j = 0; a->a_vals[ j ].bv_val; j++ ) {
+ attrs[ i ]->mod_vals.modv_bvals[ j ] = &a->a_vals[ j ];
+ }
+ attrs[ i ]->mod_vals.modv_bvals[ j ] = NULL;
+ i++;
+ }
+ attrs[ i ] = NULL;
+
+retry:
+ ctrls = op->o_ctrls;
+ rs->sr_err = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+ li->li_version, &li->li_idassert, op, rs, &ctrls );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ rs->sr_err = ldap_add_ext( lc->lc_ld, op->o_req_dn.bv_val, attrs,
+ ctrls, NULL, &msgid );
+ rs->sr_err = ldap_back_op_result( lc, op, rs, msgid,
+ li->li_timeout[ SLAP_OP_ADD ],
+ ( LDAP_BACK_SENDRESULT | retrying ) );
+ if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
+ retrying &= ~LDAP_BACK_RETRYING;
+ if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ /* if the identity changed, there might be need to re-authz */
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ goto retry;
+ }
+ }
+
+cleanup:
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
+ if ( attrs ) {
+ for ( --i; i >= 0; --i ) {
+ ch_free( attrs[ i ]->mod_vals.modv_bvals );
+ }
+ ch_free( attrs );
+ }
+
+ if ( lc ) {
+ ldap_back_release_conn( li, lc );
+ }
+
+ Debug( LDAP_DEBUG_ARGS, "<== ldap_back_add(\"%s\"): %d\n",
+ op->o_req_dn.bv_val, rs->sr_err, 0 );
+
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/back-ldap.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/back-ldap.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/back-ldap.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,399 @@
+/* back-ldap.h - ldap backend header file */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/back-ldap.h,v 1.63.2.23 2007/01/27 23:56:43 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#ifndef SLAPD_LDAP_H
+#define SLAPD_LDAP_H
+
+LDAP_BEGIN_DECL
+
+struct ldapinfo_t;
+
+enum {
+ /* even numbers are connection types */
+ LDAP_BACK_PCONN_FIRST = 0,
+ LDAP_BACK_PCONN_ROOTDN = LDAP_BACK_PCONN_FIRST,
+ LDAP_BACK_PCONN_ANON = 2,
+ LDAP_BACK_PCONN_BIND = 4,
+
+ /* add the TLS bit */
+ LDAP_BACK_PCONN_TLS = 0x1U,
+
+ LDAP_BACK_PCONN_ROOTDN_TLS = (LDAP_BACK_PCONN_ROOTDN|LDAP_BACK_PCONN_TLS),
+ LDAP_BACK_PCONN_ANON_TLS = (LDAP_BACK_PCONN_ANON|LDAP_BACK_PCONN_TLS),
+ LDAP_BACK_PCONN_BIND_TLS = (LDAP_BACK_PCONN_BIND|LDAP_BACK_PCONN_TLS),
+
+ LDAP_BACK_PCONN_LAST
+};
+
+typedef struct ldapconn_t {
+ Connection *lc_conn;
+#define LDAP_BACK_CONN2PRIV(lc) ((unsigned long)(lc)->lc_conn)
+#define LDAP_BACK_PCONN_ISPRIV(lc) ((void *)(lc)->lc_conn >= (void *)LDAP_BACK_PCONN_FIRST \
+ && (void *)(lc)->lc_conn < (void *)LDAP_BACK_PCONN_LAST)
+#define LDAP_BACK_PCONN_ISROOTDN(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \
+ && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_ANON))
+#define LDAP_BACK_PCONN_ISANON(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \
+ && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_BIND) \
+ && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_ANON))
+#define LDAP_BACK_PCONN_ISBIND(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \
+ && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_BIND))
+#define LDAP_BACK_PCONN_ISTLS(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \
+ && (LDAP_BACK_CONN2PRIV((lc)) & LDAP_BACK_PCONN_TLS))
+#define LDAP_BACK_PCONN_ID(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) ? \
+ ( -1 - (long)(lc)->lc_conn ) : (lc)->lc_conn->c_connid )
+#ifdef HAVE_TLS
+#define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
+ ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN))
+#define LDAP_BACK_PCONN_ANON_SET(lc, op) \
+ ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ANON_TLS : (void *) LDAP_BACK_PCONN_ANON))
+#define LDAP_BACK_PCONN_BIND_SET(lc, op) \
+ ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_BIND_TLS : (void *) LDAP_BACK_PCONN_BIND))
+#else /* ! HAVE_TLS */
+#define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
+ ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ROOTDN)
+#define LDAP_BACK_PCONN_ANON_SET(lc, op) \
+ ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ANON)
+#define LDAP_BACK_PCONN_BIND_SET(lc, op) \
+ ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_BIND)
+#endif /* ! HAVE_TLS */
+#define LDAP_BACK_PCONN_SET(lc, op) \
+ (BER_BVISEMPTY(&(op)->o_ndn) ? \
+ LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op)))
+
+ LDAP *lc_ld;
+ struct berval lc_cred;
+ struct berval lc_bound_ndn;
+ struct berval lc_local_ndn;
+ unsigned lc_lcflags;
+#define LDAP_BACK_CONN_ISSET_F(fp,f) (*(fp) & (f))
+#define LDAP_BACK_CONN_SET_F(fp,f) (*(fp) |= (f))
+#define LDAP_BACK_CONN_CLEAR_F(fp,f) (*(fp) &= ~(f))
+#define LDAP_BACK_CONN_CPY_F(fp,f,mfp) \
+ do { \
+ if ( ((f) & *(mfp)) == (f) ) { \
+ *(fp) |= (f); \
+ } else { \
+ *(fp) &= ~(f); \
+ } \
+ } while ( 0 )
+
+#define LDAP_BACK_CONN_ISSET(lc,f) LDAP_BACK_CONN_ISSET_F(&(lc)->lc_lcflags, (f))
+#define LDAP_BACK_CONN_SET(lc,f) LDAP_BACK_CONN_SET_F(&(lc)->lc_lcflags, (f))
+#define LDAP_BACK_CONN_CLEAR(lc,f) LDAP_BACK_CONN_CLEAR_F(&(lc)->lc_lcflags, (f))
+#define LDAP_BACK_CONN_CPY(lc,f,mlc) LDAP_BACK_CONN_CPY_F(&(lc)->lc_lcflags, (f), &(mlc)->lc_lcflags)
+
+/* 0xFFF00000U are reserved for back-meta */
+
+#define LDAP_BACK_FCONN_ISBOUND (0x00000001U)
+#define LDAP_BACK_FCONN_ISANON (0x00000002U)
+#define LDAP_BACK_FCONN_ISBMASK (LDAP_BACK_FCONN_ISBOUND|LDAP_BACK_FCONN_ISANON)
+#define LDAP_BACK_FCONN_ISPRIV (0x00000004U)
+#define LDAP_BACK_FCONN_ISTLS (0x00000008U)
+#define LDAP_BACK_FCONN_BINDING (0x00000010U)
+#define LDAP_BACK_FCONN_TAINTED (0x00000020U)
+#define LDAP_BACK_FCONN_ABANDON (0x00000040U)
+#define LDAP_BACK_FCONN_ISIDASR (0x00000080U)
+#define LDAP_BACK_FCONN_CACHED (0x00000100U)
+
+#define LDAP_BACK_CONN_ISBOUND(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISBOUND)
+#define LDAP_BACK_CONN_ISBOUND_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISBOUND)
+#define LDAP_BACK_CONN_ISBOUND_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISBMASK)
+#define LDAP_BACK_CONN_ISBOUND_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISBOUND, (mlc))
+#define LDAP_BACK_CONN_ISANON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISANON)
+#define LDAP_BACK_CONN_ISANON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISANON)
+#define LDAP_BACK_CONN_ISANON_CLEAR(lc) LDAP_BACK_CONN_ISBOUND_CLEAR((lc))
+#define LDAP_BACK_CONN_ISANON_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISANON, (mlc))
+#define LDAP_BACK_CONN_ISPRIV(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISPRIV)
+#define LDAP_BACK_CONN_ISPRIV_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISPRIV)
+#define LDAP_BACK_CONN_ISPRIV_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISPRIV)
+#define LDAP_BACK_CONN_ISPRIV_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISPRIV, (mlc))
+#define LDAP_BACK_CONN_ISTLS(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISTLS)
+#define LDAP_BACK_CONN_ISTLS_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISTLS)
+#define LDAP_BACK_CONN_ISTLS_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISTLS)
+#define LDAP_BACK_CONN_ISTLS_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISTLS, (mlc))
+#define LDAP_BACK_CONN_BINDING(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_BINDING)
+#define LDAP_BACK_CONN_BINDING_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_BINDING)
+#define LDAP_BACK_CONN_BINDING_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_BINDING)
+#define LDAP_BACK_CONN_TAINTED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_TAINTED)
+#define LDAP_BACK_CONN_TAINTED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_TAINTED)
+#define LDAP_BACK_CONN_TAINTED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_TAINTED)
+#define LDAP_BACK_CONN_ABANDON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ABANDON)
+#define LDAP_BACK_CONN_ABANDON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ABANDON)
+#define LDAP_BACK_CONN_ABANDON_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ABANDON)
+#define LDAP_BACK_CONN_ISIDASSERT(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISIDASR)
+#define LDAP_BACK_CONN_ISIDASSERT_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISIDASR)
+#define LDAP_BACK_CONN_ISIDASSERT_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISIDASR)
+#define LDAP_BACK_CONN_ISIDASSERT_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISIDASR, (mlc))
+#define LDAP_BACK_CONN_CACHED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_CACHED)
+#define LDAP_BACK_CONN_CACHED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_CACHED)
+#define LDAP_BACK_CONN_CACHED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED)
+
+ unsigned lc_refcnt;
+ unsigned lc_flags;
+ time_t lc_create_time;
+ time_t lc_time;
+
+ LDAP_TAILQ_ENTRY(ldapconn_t) lc_q;
+} ldapconn_t;
+
+typedef struct ldap_avl_info_t {
+ ldap_pvt_thread_mutex_t lai_mutex;
+ Avlnode *lai_tree;
+} ldap_avl_info_t;
+
+typedef struct slap_retry_info_t {
+ time_t *ri_interval;
+ int *ri_num;
+ int ri_idx;
+ int ri_count;
+ time_t ri_last;
+
+#define SLAP_RETRYNUM_FOREVER (-1) /* retry forever */
+#define SLAP_RETRYNUM_TAIL (-2) /* end of retrynum array */
+#define SLAP_RETRYNUM_VALID(n) ((n) >= SLAP_RETRYNUM_FOREVER) /* valid retrynum */
+#define SLAP_RETRYNUM_FINITE(n) ((n) > SLAP_RETRYNUM_FOREVER) /* not forever */
+} slap_retry_info_t;
+
+/*
+ * identity assertion modes
+ */
+typedef enum {
+ LDAP_BACK_IDASSERT_LEGACY = 1,
+ LDAP_BACK_IDASSERT_NOASSERT,
+ LDAP_BACK_IDASSERT_ANONYMOUS,
+ LDAP_BACK_IDASSERT_SELF,
+ LDAP_BACK_IDASSERT_OTHERDN,
+ LDAP_BACK_IDASSERT_OTHERID
+} slap_idassert_mode_t;
+
+/* ID assert stuff */
+typedef struct slap_idassert_t {
+ slap_idassert_mode_t si_mode;
+#define li_idassert_mode li_idassert.si_mode
+
+ slap_bindconf si_bc;
+#define li_idassert_authcID li_idassert.si_bc.sb_authcId
+#define li_idassert_authcDN li_idassert.si_bc.sb_binddn
+#define li_idassert_passwd li_idassert.si_bc.sb_cred
+#define li_idassert_authzID li_idassert.si_bc.sb_authzId
+#define li_idassert_authmethod li_idassert.si_bc.sb_method
+#define li_idassert_sasl_mech li_idassert.si_bc.sb_saslmech
+#define li_idassert_sasl_realm li_idassert.si_bc.sb_realm
+#define li_idassert_secprops li_idassert.si_bc.sb_secprops
+#define li_idassert_tls li_idassert.si_bc.sb_tls
+
+ unsigned si_flags;
+#define LDAP_BACK_AUTH_NONE (0x00U)
+#define LDAP_BACK_AUTH_NATIVE_AUTHZ (0x01U)
+#define LDAP_BACK_AUTH_OVERRIDE (0x02U)
+#define LDAP_BACK_AUTH_PRESCRIPTIVE (0x04U)
+#define LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ (0x08U)
+#define LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND (0x10U)
+#define LDAP_BACK_AUTH_AUTHZ_ALL (0x20U)
+#define li_idassert_flags li_idassert.si_flags
+
+ BerVarray si_authz;
+#define li_idassert_authz li_idassert.si_authz
+} slap_idassert_t;
+
+/*
+ * Hook to allow mucking with ldapinfo_t when quarantine is over
+ */
+typedef int (*ldap_back_quarantine_f)( struct ldapinfo_t *, void * );
+
+typedef struct ldapinfo_t {
+ /* li_uri: the string that goes into ldap_initialize()
+ * TODO: use li_acl.sb_uri instead */
+ char *li_uri;
+ /* li_bvuri: an array of each single URI that is equivalent;
+ * to be checked for the presence of a certain item */
+ BerVarray li_bvuri;
+ ldap_pvt_thread_mutex_t li_uri_mutex;
+
+ LDAP_REBIND_PROC *li_rebind_f;
+ void *li_urllist_p;
+
+ slap_bindconf li_acl;
+#define li_acl_authcID li_acl.sb_authcId
+#define li_acl_authcDN li_acl.sb_binddn
+#define li_acl_passwd li_acl.sb_cred
+#define li_acl_authzID li_acl.sb_authzId
+#define li_acl_authmethod li_acl.sb_method
+#define li_acl_sasl_mech li_acl.sb_saslmech
+#define li_acl_sasl_realm li_acl.sb_realm
+#define li_acl_secprops li_acl.sb_secprops
+
+ /* ID assert stuff */
+ slap_idassert_t li_idassert;
+ /* end of ID assert stuff */
+
+ int li_nretries;
+#define LDAP_BACK_RETRY_UNDEFINED (-2)
+#define LDAP_BACK_RETRY_FOREVER (-1)
+#define LDAP_BACK_RETRY_NEVER (0)
+#define LDAP_BACK_RETRY_DEFAULT (3)
+
+ unsigned li_flags;
+
+/* 0xFFF00000U are reserved for back-meta */
+
+#define LDAP_BACK_F_NONE (0x00000000U)
+#define LDAP_BACK_F_SAVECRED (0x00000001U)
+#define LDAP_BACK_F_USE_TLS (0x00000002U)
+#define LDAP_BACK_F_PROPAGATE_TLS (0x00000004U)
+#define LDAP_BACK_F_TLS_CRITICAL (0x00000008U)
+#define LDAP_BACK_F_TLS_LDAPS (0x00000010U)
+
+#define LDAP_BACK_F_TLS_USE_MASK (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL)
+#define LDAP_BACK_F_TLS_PROPAGATE_MASK (LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL)
+#define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK|LDAP_BACK_F_TLS_LDAPS)
+#define LDAP_BACK_F_CHASE_REFERRALS (0x00000020U)
+#define LDAP_BACK_F_PROXY_WHOAMI (0x00000040U)
+
+#define LDAP_BACK_F_T_F (0x00000080U)
+#define LDAP_BACK_F_T_F_DISCOVER (0x00000100U)
+#define LDAP_BACK_F_T_F_MASK (LDAP_BACK_F_T_F)
+#define LDAP_BACK_F_T_F_MASK2 (LDAP_BACK_F_T_F_MASK|LDAP_BACK_F_T_F_DISCOVER)
+
+#define LDAP_BACK_F_MONITOR (0x00000200U)
+#define LDAP_BACK_F_SINGLECONN (0x00000400U)
+#define LDAP_BACK_F_USE_TEMPORARIES (0x00000800U)
+
+#define LDAP_BACK_F_ISOPEN (0x00001000U)
+
+#define LDAP_BACK_F_CANCEL_ABANDON (0x00000000U)
+#define LDAP_BACK_F_CANCEL_IGNORE (0x00002000U)
+#define LDAP_BACK_F_CANCEL_EXOP (0x00004000U)
+#define LDAP_BACK_F_CANCEL_EXOP_DISCOVER (0x00008000U)
+#define LDAP_BACK_F_CANCEL_MASK (LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP)
+#define LDAP_BACK_F_CANCEL_MASK2 (LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER)
+
+#define LDAP_BACK_F_QUARANTINE (0x00010000U)
+
+#define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) )
+#define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) )
+
+#define LDAP_BACK_ISSET(li,f) LDAP_BACK_ISSET_F( (li)->li_flags, (f) )
+#define LDAP_BACK_ISMASK(li,m,f) LDAP_BACK_ISMASK_F( (li)->li_flags, (m), (f) )
+
+#define LDAP_BACK_SAVECRED(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SAVECRED )
+#define LDAP_BACK_USE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TLS )
+#define LDAP_BACK_PROPAGATE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROPAGATE_TLS )
+#define LDAP_BACK_TLS_CRITICAL(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_TLS_CRITICAL )
+#define LDAP_BACK_CHASE_REFERRALS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_CHASE_REFERRALS )
+#define LDAP_BACK_PROXY_WHOAMI(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROXY_WHOAMI )
+
+#define LDAP_BACK_USE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_USE_TLS )
+#define LDAP_BACK_PROPAGATE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_PROPAGATE_TLS )
+#define LDAP_BACK_TLS_CRITICAL_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_TLS_CRITICAL )
+
+#define LDAP_BACK_T_F(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F )
+#define LDAP_BACK_T_F_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER )
+
+#define LDAP_BACK_MONITOR(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_MONITOR )
+#define LDAP_BACK_SINGLECONN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SINGLECONN )
+#define LDAP_BACK_USE_TEMPORARIES(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TEMPORARIES)
+
+#define LDAP_BACK_ISOPEN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ISOPEN )
+
+#define LDAP_BACK_ABANDON(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_ABANDON )
+#define LDAP_BACK_IGNORE(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE )
+#define LDAP_BACK_CANCEL(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP )
+#define LDAP_BACK_CANCEL_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER )
+
+#define LDAP_BACK_QUARANTINE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE )
+
+ int li_version;
+
+ /* cached connections;
+ * special conns are in tailq rather than in tree */
+ ldap_avl_info_t li_conninfo;
+ struct {
+ int lic_num;
+ LDAP_TAILQ_HEAD(lc_conn_priv_q, ldapconn_t) lic_priv;
+ } li_conn_priv[ LDAP_BACK_PCONN_LAST ];
+ int li_conn_priv_max;
+#define LDAP_BACK_CONN_PRIV_MIN (1)
+#define LDAP_BACK_CONN_PRIV_MAX (256)
+ /* must be between LDAP_BACK_CONN_PRIV_MIN
+ * and LDAP_BACK_CONN_PRIV_MAX ! */
+#define LDAP_BACK_CONN_PRIV_DEFAULT (16)
+
+ sig_atomic_t li_isquarantined;
+#define LDAP_BACK_FQ_NO (0)
+#define LDAP_BACK_FQ_YES (1)
+#define LDAP_BACK_FQ_RETRYING (2)
+
+ slap_retry_info_t li_quarantine;
+ ldap_pvt_thread_mutex_t li_quarantine_mutex;
+ ldap_back_quarantine_f li_quarantine_f;
+ void *li_quarantine_p;
+
+ time_t li_network_timeout;
+ time_t li_conn_ttl;
+ time_t li_idle_timeout;
+ time_t li_timeout[ SLAP_OP_LAST ];
+} ldapinfo_t;
+
+typedef enum ldap_back_send_t {
+ LDAP_BACK_DONTSEND = 0x00,
+ LDAP_BACK_SENDOK = 0x01,
+ LDAP_BACK_SENDERR = 0x02,
+ LDAP_BACK_SENDRESULT = (LDAP_BACK_SENDOK|LDAP_BACK_SENDERR),
+ LDAP_BACK_BINDING = 0x04,
+
+ LDAP_BACK_BIND_DONTSEND = (LDAP_BACK_BINDING),
+ LDAP_BACK_BIND_SOK = (LDAP_BACK_BINDING|LDAP_BACK_SENDOK),
+ LDAP_BACK_BIND_SERR = (LDAP_BACK_BINDING|LDAP_BACK_SENDERR),
+ LDAP_BACK_BIND_SRES = (LDAP_BACK_BINDING|LDAP_BACK_SENDRESULT),
+
+ LDAP_BACK_RETRYING = 0x08,
+ LDAP_BACK_RETRY_DONTSEND = (LDAP_BACK_RETRYING),
+ LDAP_BACK_RETRY_SOK = (LDAP_BACK_RETRYING|LDAP_BACK_SENDOK),
+ LDAP_BACK_RETRY_SERR = (LDAP_BACK_RETRYING|LDAP_BACK_SENDERR),
+ LDAP_BACK_RETRY_SRES = (LDAP_BACK_RETRYING|LDAP_BACK_SENDRESULT),
+
+ LDAP_BACK_GETCONN = 0x10
+} ldap_back_send_t;
+
+/* define to use asynchronous StartTLS */
+#define SLAP_STARTTLS_ASYNCHRONOUS
+
+/* timeout to use when calling ldap_result() */
+#define LDAP_BACK_RESULT_TIMEOUT (0)
+#define LDAP_BACK_RESULT_UTIMEOUT (100000)
+#define LDAP_BACK_TV_SET(tv) \
+ do { \
+ (tv)->tv_sec = LDAP_BACK_RESULT_TIMEOUT; \
+ (tv)->tv_usec = LDAP_BACK_RESULT_UTIMEOUT; \
+ } while ( 0 )
+
+#ifndef LDAP_BACK_PRINT_CONNTREE
+#define LDAP_BACK_PRINT_CONNTREE 0
+#endif /* !LDAP_BACK_PRINT_CONNTREE */
+
+LDAP_END_DECL
+
+#include "proto-ldap.h"
+
+#endif /* SLAPD_LDAP_H */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/bind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/bind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/bind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2430 @@
+/* bind.c - ldap backend bind function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/bind.c,v 1.85.2.36 2007/03/19 14:52:17 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#define AVL_INTERNAL
+#include "slap.h"
+#include "back-ldap.h"
+#undef ldap_debug /* silence a warning in ldap-int.h */
+#include "../../../libraries/libldap/ldap-int.h"
+
+#include "lutil_ldap.h"
+
+#define LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ "2.16.840.1.113730.3.4.12"
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+static void
+ldap_back_ravl_print( Avlnode *root, int depth )
+{
+ int i;
+ ldapconn_t *lc;
+
+ if ( root == 0 ) {
+ return;
+ }
+
+ ldap_back_ravl_print( root->avl_right, depth+1 );
+
+ for ( i = 0; i < depth; i++ ) {
+ fprintf( stderr, "-" );
+ }
+
+ lc = root->avl_data;
+ fprintf( stderr, "lc=%p local=\"%s\" conn=%p %s refcnt=%d flags=0x%08x\n",
+ (void *)lc,
+ lc->lc_local_ndn.bv_val ? lc->lc_local_ndn.bv_val : "",
+ (void *)lc->lc_conn,
+ avl_bf2str( root->avl_bf ), lc->lc_refcnt, lc->lc_lcflags );
+
+ ldap_back_ravl_print( root->avl_left, depth+1 );
+}
+
+static char* priv2str[] = {
+ "privileged",
+ "privileged/TLS",
+ "anonymous",
+ "anonymous/TLS",
+ "bind",
+ "bind/TLS",
+ NULL
+};
+
+void
+ldap_back_print_conntree( ldapinfo_t *li, char *msg )
+{
+ int c;
+
+ fprintf( stderr, "========> %s\n", msg );
+
+ for ( c = LDAP_BACK_PCONN_FIRST; c < LDAP_BACK_PCONN_LAST; c++ ) {
+ int i = 0;
+ ldapconn_t *lc;
+
+ fprintf( stderr, " %s[%d]\n", priv2str[ c ], li->li_conn_priv[ c ].lic_num );
+
+ LDAP_TAILQ_FOREACH( lc, &li->li_conn_priv[ c ].lic_priv, lc_q )
+ {
+ fprintf( stderr, " [%d] lc=%p local=\"%s\" conn=%p refcnt=%d flags=0x%08x\n",
+ i,
+ (void *)lc,
+ lc->lc_local_ndn.bv_val ? lc->lc_local_ndn.bv_val : "",
+ (void *)lc->lc_conn, lc->lc_refcnt, lc->lc_lcflags );
+ i++;
+ }
+ }
+
+ if ( li->li_conninfo.lai_tree == 0 ) {
+ fprintf( stderr, "\t(empty)\n" );
+
+ } else {
+ ldap_back_ravl_print( li->li_conninfo.lai_tree, 0 );
+ }
+
+ fprintf( stderr, "<======== %s\n", msg );
+}
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
+static int
+ldap_back_freeconn( ldapinfo_t *li, ldapconn_t *lc, int dolock );
+
+static ldapconn_t *
+ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok,
+ struct berval *binddn, struct berval *bindcred );
+
+static int
+ldap_back_is_proxy_authz( Operation *op, SlapReply *rs, ldap_back_send_t sendok,
+ struct berval *binddn, struct berval *bindcred );
+
+static int
+ldap_back_proxy_authz_bind( ldapconn_t *lc, Operation *op, SlapReply *rs,
+ ldap_back_send_t sendok, struct berval *binddn, struct berval *bindcred );
+
+static int
+ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs,
+ ldap_back_send_t sendok );
+
+static int
+ldap_back_conndnlc_cmp( const void *c1, const void *c2 );
+
+ldapconn_t *
+ldap_back_conn_delete( ldapinfo_t *li, ldapconn_t *lc )
+{
+ if ( LDAP_BACK_PCONN_ISPRIV( lc ) ) {
+ if ( LDAP_BACK_CONN_CACHED( lc ) ) {
+ assert( lc->lc_q.tqe_prev != NULL );
+ assert( li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_num > 0 );
+ li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_num--;
+ LDAP_TAILQ_REMOVE( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv, lc, lc_q );
+ LDAP_TAILQ_ENTRY_INIT( lc, lc_q );
+ LDAP_BACK_CONN_CACHED_CLEAR( lc );
+
+ } else {
+ assert( LDAP_BACK_CONN_TAINTED( lc ) );
+ assert( lc->lc_q.tqe_prev == NULL );
+ }
+
+ } else {
+ ldapconn_t *tmplc = NULL;
+
+ if ( LDAP_BACK_CONN_CACHED( lc ) ) {
+ assert( !LDAP_BACK_CONN_TAINTED( lc ) );
+ tmplc = avl_delete( &li->li_conninfo.lai_tree, (caddr_t)lc,
+ ldap_back_conndnlc_cmp );
+ assert( tmplc == lc );
+ LDAP_BACK_CONN_CACHED_CLEAR( lc );
+ }
+
+ assert( LDAP_BACK_CONN_TAINTED( lc ) || tmplc == lc );
+ }
+
+ return lc;
+}
+
+int
+ldap_back_bind( Operation *op, SlapReply *rs )
+{
+ ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
+ ldapconn_t *lc;
+
+ int rc = 0;
+ ber_int_t msgid;
+ ldap_back_send_t retrying = LDAP_BACK_RETRYING;
+
+ lc = ldap_back_getconn( op, rs, LDAP_BACK_BIND_SERR, NULL, NULL );
+ if ( !lc ) {
+ return rs->sr_err;
+ }
+
+ /* we can do (almost) whatever we want with this conn,
+ * because either it's temporary, or it's marked as binding */
+ if ( !BER_BVISNULL( &lc->lc_bound_ndn ) ) {
+ ch_free( lc->lc_bound_ndn.bv_val );
+ BER_BVZERO( &lc->lc_bound_ndn );
+ }
+ if ( !BER_BVISNULL( &lc->lc_cred ) ) {
+ memset( lc->lc_cred.bv_val, 0, lc->lc_cred.bv_len );
+ ch_free( lc->lc_cred.bv_val );
+ BER_BVZERO( &lc->lc_cred );
+ }
+ LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+
+retry:;
+ /* method is always LDAP_AUTH_SIMPLE if we got here */
+ rs->sr_err = ldap_sasl_bind( lc->lc_ld, op->o_req_dn.bv_val,
+ LDAP_SASL_SIMPLE,
+ &op->orb_cred, op->o_ctrls, NULL, &msgid );
+ /* FIXME: should we always retry, or only when piping the bind
+ * in the "override" connection pool? */
+ rc = ldap_back_op_result( lc, op, rs, msgid,
+ li->li_timeout[ SLAP_OP_BIND ],
+ LDAP_BACK_BIND_SERR | retrying );
+ if ( rc == LDAP_UNAVAILABLE && retrying ) {
+ retrying &= ~LDAP_BACK_RETRYING;
+ if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_BIND_SERR ) ) {
+ goto retry;
+ }
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ /* If defined, proxyAuthz will be used also when
+ * back-ldap is the authorizing backend; for this
+ * purpose, after a successful bind the connection
+ * is left for further binds, and further operations
+ * on this client connection will use a default
+ * connection with identity assertion */
+ /* NOTE: use with care */
+ if ( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
+ ldap_back_release_conn( li, lc );
+ return( rc );
+ }
+
+ /* rebind is now done inside ldap_back_proxy_authz_bind()
+ * in case of success */
+ LDAP_BACK_CONN_ISBOUND_SET( lc );
+ ber_dupbv( &lc->lc_bound_ndn, &op->o_req_ndn );
+
+ if ( !BER_BVISNULL( &lc->lc_cred ) ) {
+ memset( lc->lc_cred.bv_val, 0,
+ lc->lc_cred.bv_len );
+ }
+
+ if ( LDAP_BACK_SAVECRED( li ) ) {
+ ber_bvreplace( &lc->lc_cred, &op->orb_cred );
+ ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc );
+
+ } else {
+ lc->lc_cred.bv_len = 0;
+ }
+ }
+
+ /* must re-insert if local DN changed as result of bind */
+ if ( !LDAP_BACK_CONN_ISBOUND( lc )
+ || ( !dn_match( &op->o_req_ndn, &lc->lc_local_ndn )
+ && !LDAP_BACK_PCONN_ISPRIV( lc ) ) )
+ {
+ int lerr = -1;
+ ldapconn_t *tmplc;
+
+ /* wait for all other ops to release the connection */
+retry_lock:;
+ ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+ if ( lc->lc_refcnt > 1 ) {
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+ ldap_pvt_thread_yield();
+ goto retry_lock;
+ }
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+ ldap_back_print_conntree( li, ">>> ldap_back_bind" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
+ assert( lc->lc_refcnt == 1 );
+ ldap_back_conn_delete( li, lc );
+
+ /* delete all cached connections with the current connection */
+ if ( LDAP_BACK_SINGLECONN( li ) ) {
+ while ( ( tmplc = avl_delete( &li->li_conninfo.lai_tree, (caddr_t)lc, ldap_back_conn_cmp ) ) != NULL )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "=>ldap_back_bind: destroying conn %ld (refcnt=%u)\n",
+ LDAP_BACK_PCONN_ID( lc ), lc->lc_refcnt, 0 );
+
+ if ( tmplc->lc_refcnt != 0 ) {
+ /* taint it */
+ LDAP_BACK_CONN_TAINTED_SET( tmplc );
+ LDAP_BACK_CONN_CACHED_CLEAR( tmplc );
+
+ } else {
+ /*
+ * Needs a test because the handler may be corrupted,
+ * and calling ldap_unbind on a corrupted header results
+ * in a segmentation fault
+ */
+ ldap_back_conn_free( tmplc );
+ }
+ }
+ }
+
+ if ( LDAP_BACK_CONN_ISBOUND( lc ) ) {
+ ber_bvreplace( &lc->lc_local_ndn, &op->o_req_ndn );
+ if ( be_isroot_dn( op->o_bd, &op->o_req_ndn ) ) {
+ LDAP_BACK_PCONN_ROOTDN_SET( lc, op );
+ }
+ lerr = avl_insert( &li->li_conninfo.lai_tree, (caddr_t)lc,
+ ldap_back_conndn_cmp, ldap_back_conndn_dup );
+ }
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+ ldap_back_print_conntree( li, "<<< ldap_back_bind" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+ switch ( lerr ) {
+ case 0:
+ LDAP_BACK_CONN_CACHED_SET( lc );
+ break;
+
+ case -1:
+ /* duplicate; someone else successfully bound
+ * on the same connection with the same identity;
+ * we can do this because lc_refcnt == 1 */
+ ldap_back_conn_free( lc );
+ lc = NULL;
+ }
+ }
+
+ if ( lc != NULL ) {
+ ldap_back_release_conn( li, lc );
+ }
+
+ return( rc );
+}
+
+/*
+ * ldap_back_conndn_cmp
+ *
+ * compares two ldapconn_t based on the value of the conn pointer
+ * and of the local DN; used by avl stuff for insert, lookup
+ * and direct delete
+ */
+int
+ldap_back_conndn_cmp( const void *c1, const void *c2 )
+{
+ const ldapconn_t *lc1 = (const ldapconn_t *)c1;
+ const ldapconn_t *lc2 = (const ldapconn_t *)c2;
+ int rc;
+
+ /* If local DNs don't match, it is definitely not a match */
+ /* For shared sessions, conn is NULL. Only explicitly
+ * bound sessions will have non-NULL conn.
+ */
+ rc = SLAP_PTRCMP( lc1->lc_conn, lc2->lc_conn );
+ if ( rc == 0 ) {
+ rc = ber_bvcmp( &lc1->lc_local_ndn, &lc2->lc_local_ndn );
+ }
+
+ return rc;
+}
+
+/*
+ * ldap_back_conndnlc_cmp
+ *
+ * compares two ldapconn_t based on the value of the conn pointer,
+ * the local DN and the lc pointer; used by avl stuff for insert, lookup
+ * and direct delete
+ */
+static int
+ldap_back_conndnlc_cmp( const void *c1, const void *c2 )
+{
+ const ldapconn_t *lc1 = (const ldapconn_t *)c1;
+ const ldapconn_t *lc2 = (const ldapconn_t *)c2;
+ int rc;
+
+ /* If local DNs don't match, it is definitely not a match */
+ /* For shared sessions, conn is NULL. Only explicitly
+ * bound sessions will have non-NULL conn.
+ */
+ rc = SLAP_PTRCMP( lc1->lc_conn, lc2->lc_conn );
+ if ( rc == 0 ) {
+ rc = ber_bvcmp( &lc1->lc_local_ndn, &lc2->lc_local_ndn );
+ if ( rc == 0 ) {
+ rc = SLAP_PTRCMP( lc1, lc2 );
+ }
+ }
+
+ return rc;
+}
+
+/*
+ * ldap_back_conn_cmp
+ *
+ * compares two ldapconn_t based on the value of the conn pointer;
+ * used by avl stuff for delete of all conns with the same connid
+ */
+int
+ldap_back_conn_cmp( const void *c1, const void *c2 )
+{
+ const ldapconn_t *lc1 = (const ldapconn_t *)c1;
+ const ldapconn_t *lc2 = (const ldapconn_t *)c2;
+
+ /* For shared sessions, conn is NULL. Only explicitly
+ * bound sessions will have non-NULL conn.
+ */
+ return SLAP_PTRCMP( lc1->lc_conn, lc2->lc_conn );
+}
+
+/*
+ * ldap_back_conndn_dup
+ *
+ * returns -1 in case a duplicate ldapconn_t has been inserted;
+ * used by avl stuff
+ */
+int
+ldap_back_conndn_dup( void *c1, void *c2 )
+{
+ ldapconn_t *lc1 = (ldapconn_t *)c1;
+ ldapconn_t *lc2 = (ldapconn_t *)c2;
+
+ /* Cannot have more than one shared session with same DN */
+ if ( lc1->lc_conn == lc2->lc_conn &&
+ dn_match( &lc1->lc_local_ndn, &lc2->lc_local_ndn ) )
+ {
+ return -1;
+ }
+
+ return 0;
+}
+
+static int
+ldap_back_freeconn( ldapinfo_t *li, ldapconn_t *lc, int dolock )
+{
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+ }
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+ ldap_back_print_conntree( li, ">>> ldap_back_freeconn" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
+ (void)ldap_back_conn_delete( li, lc );
+
+ if ( lc->lc_refcnt == 0 ) {
+ ldap_back_conn_free( (void *)lc );
+ }
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+ ldap_back_print_conntree( li, "<<< ldap_back_freeconn" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+ }
+
+ return 0;
+}
+
+#ifdef HAVE_TLS
+static int
+ldap_back_start_tls(
+ LDAP *ld,
+ int protocol,
+ int *is_tls,
+ const char *url,
+ unsigned flags,
+ int retries,
+ const char **text )
+{
+ int rc = LDAP_SUCCESS;
+
+ /* start TLS ("tls-[try-]{start,propagate}" statements) */
+ if ( ( LDAP_BACK_USE_TLS_F( flags ) || ( *is_tls && LDAP_BACK_PROPAGATE_TLS_F( flags ) ) )
+ && !ldap_is_ldaps_url( url ) )
+ {
+#ifdef SLAP_STARTTLS_ASYNCHRONOUS
+ /*
+ * use asynchronous StartTLS
+ * in case, chase referral (not implemented yet)
+ */
+ int msgid;
+
+ if ( protocol == 0 ) {
+ ldap_get_option( ld, LDAP_OPT_PROTOCOL_VERSION,
+ (void *)&protocol );
+ }
+
+ if ( protocol < LDAP_VERSION3 ) {
+ /* we should rather bail out... */
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ *text = "invalid protocol version";
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ rc = ldap_start_tls( ld, NULL, NULL, &msgid );
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ LDAPMessage *res = NULL;
+ struct timeval tv;
+
+ LDAP_BACK_TV_SET( &tv );
+
+retry:;
+ rc = ldap_result( ld, msgid, LDAP_MSG_ALL, &tv, &res );
+ if ( rc < 0 ) {
+ rc = LDAP_UNAVAILABLE;
+
+ } else if ( rc == 0 ) {
+ if ( retries != LDAP_BACK_RETRY_NEVER ) {
+ ldap_pvt_thread_yield();
+ if ( retries > 0 ) {
+ retries--;
+ }
+ LDAP_BACK_TV_SET( &tv );
+ goto retry;
+ }
+ rc = LDAP_UNAVAILABLE;
+
+ } else if ( rc == LDAP_RES_EXTENDED ) {
+ struct berval *data = NULL;
+
+ rc = ldap_parse_extended_result( ld, res,
+ NULL, &data, 0 );
+ if ( rc == LDAP_SUCCESS ) {
+ int err;
+ rc = ldap_parse_result( ld, res, &err,
+ NULL, NULL, NULL, NULL, 1 );
+ if ( rc == LDAP_SUCCESS ) {
+ rc = err;
+ }
+ res = NULL;
+
+ /* FIXME: in case a referral
+ * is returned, should we try
+ * using it instead of the
+ * configured URI? */
+ if ( rc == LDAP_SUCCESS ) {
+ rc = ldap_install_tls( ld );
+
+ } else if ( rc == LDAP_REFERRAL ) {
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ *text = "unwilling to chase referral returned by Start TLS exop";
+ }
+
+ if ( data ) {
+ if ( data->bv_val ) {
+ ber_memfree( data->bv_val );
+ }
+ ber_memfree( data );
+ }
+ }
+
+ } else {
+ rc = LDAP_OTHER;
+ }
+
+ if ( res != NULL ) {
+ ldap_msgfree( res );
+ }
+ }
+#else /* ! SLAP_STARTTLS_ASYNCHRONOUS */
+ /*
+ * use synchronous StartTLS
+ */
+ rc = ldap_start_tls_s( ld, NULL, NULL );
+#endif /* ! SLAP_STARTTLS_ASYNCHRONOUS */
+
+ /* if StartTLS is requested, only attempt it if the URL
+ * is not "ldaps://"; this may occur not only in case
+ * of misconfiguration, but also when used in the chain
+ * overlay, where the "uri" can be parsed out of a referral */
+ switch ( rc ) {
+ case LDAP_SUCCESS:
+ *is_tls = 1;
+ break;
+
+ case LDAP_SERVER_DOWN:
+ break;
+
+ default:
+ if ( LDAP_BACK_TLS_CRITICAL_F( flags ) ) {
+ *text = "could not start TLS";
+ break;
+ }
+
+ /* in case Start TLS is not critical */
+ *is_tls = 0;
+ rc = LDAP_SUCCESS;
+ break;
+ }
+
+ } else {
+ *is_tls = 0;
+ }
+
+ return rc;
+}
+#endif /* HAVE_TLS */
+
+static int
+ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+ int version;
+ LDAP *ld = NULL;
+#ifdef HAVE_TLS
+ int is_tls = op->o_conn->c_is_tls;
+ time_t lc_time = (time_t)(-1);
+#endif /* HAVE_TLS */
+
+ ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
+ rs->sr_err = ldap_initialize( &ld, li->li_uri );
+ ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ goto error_return;
+ }
+
+ /* Set LDAP version. This will always succeed: If the client
+ * bound with a particular version, then so can we.
+ */
+ if ( li->li_version != 0 ) {
+ version = li->li_version;
+
+ } else if ( op->o_protocol != 0 ) {
+ version = op->o_protocol;
+
+ } else {
+ /* assume it's an internal op; set to LDAPv3 */
+ version = LDAP_VERSION3;
+ }
+ ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, (const void *)&version );
+
+ /* automatically chase referrals ("chase-referrals [{yes|no}]" statement) */
+ ldap_set_option( ld, LDAP_OPT_REFERRALS,
+ LDAP_BACK_CHASE_REFERRALS( li ) ? LDAP_OPT_ON : LDAP_OPT_OFF );
+
+ if ( li->li_network_timeout > 0 ) {
+ struct timeval tv;
+
+ tv.tv_sec = li->li_network_timeout;
+ tv.tv_usec = 0;
+ ldap_set_option( ld, LDAP_OPT_NETWORK_TIMEOUT, (const void *)&tv );
+ }
+
+#ifdef HAVE_TLS
+ ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
+ rs->sr_err = ldap_back_start_tls( ld, op->o_protocol, &is_tls,
+ li->li_uri, li->li_flags, li->li_nretries, &rs->sr_text );
+ ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ ldap_unbind_ext( ld, NULL, NULL );
+ rs->sr_text = "Start TLS failed";
+ goto error_return;
+
+ } else if ( li->li_idle_timeout ) {
+ /* only touch when activity actually took place... */
+ lc_time = op->o_time;
+ }
+#endif /* HAVE_TLS */
+
+ lc->lc_ld = ld;
+ lc->lc_refcnt = 1;
+#ifdef HAVE_TLS
+ if ( is_tls ) {
+ LDAP_BACK_CONN_ISTLS_SET( lc );
+ } else {
+ LDAP_BACK_CONN_ISTLS_CLEAR( lc );
+ }
+ if ( lc_time != (time_t)(-1) ) {
+ lc->lc_time = lc_time;
+ }
+#endif /* HAVE_TLS */
+
+error_return:;
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ rs->sr_err = slap_map_api2result( rs );
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ if ( rs->sr_text == NULL ) {
+ rs->sr_text = "Proxy connection initialization failed";
+ }
+ send_ldap_result( op, rs );
+ }
+
+ } else {
+ if ( li->li_conn_ttl > 0 ) {
+ lc->lc_create_time = op->o_time;
+ }
+ }
+
+ return rs->sr_err;
+}
+
+static ldapconn_t *
+ldap_back_getconn(
+ Operation *op,
+ SlapReply *rs,
+ ldap_back_send_t sendok,
+ struct berval *binddn,
+ struct berval *bindcred )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+ ldapconn_t *lc = NULL,
+ lc_curr = { 0 };
+ int refcnt = 1,
+ lookupconn = !( sendok & LDAP_BACK_BINDING );
+
+ /* if the server is quarantined, and
+ * - the current interval did not expire yet, or
+ * - no more retries should occur,
+ * don't return the connection */
+ if ( li->li_isquarantined ) {
+ slap_retry_info_t *ri = &li->li_quarantine;
+ int dont_retry = 1;
+
+ if ( li->li_quarantine.ri_interval ) {
+ ldap_pvt_thread_mutex_lock( &li->li_quarantine_mutex );
+ if ( li->li_isquarantined == LDAP_BACK_FQ_YES ) {
+ dont_retry = ( ri->ri_num[ ri->ri_idx ] == SLAP_RETRYNUM_TAIL
+ || slap_get_time() < ri->ri_last + ri->ri_interval[ ri->ri_idx ] );
+ if ( !dont_retry ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: ldap_back_getconn quarantine "
+ "retry block #%d try #%d.\n",
+ op->o_log_prefix, ri->ri_idx, ri->ri_count );
+ li->li_isquarantined = LDAP_BACK_FQ_RETRYING;
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &li->li_quarantine_mutex );
+ }
+
+ if ( dont_retry ) {
+ rs->sr_err = LDAP_UNAVAILABLE;
+ if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+ rs->sr_text = "Target is quarantined";
+ send_ldap_result( op, rs );
+ }
+ return NULL;
+ }
+ }
+
+ /* Internal searches are privileged and shared. So is root. */
+ if ( op->o_do_not_cache || be_isroot( op ) ) {
+ LDAP_BACK_CONN_ISPRIV_SET( &lc_curr );
+ lc_curr.lc_local_ndn = op->o_bd->be_rootndn;
+ LDAP_BACK_PCONN_ROOTDN_SET( &lc_curr, op );
+
+ } else {
+ struct berval tmpbinddn,
+ tmpbindcred,
+ save_o_dn,
+ save_o_ndn;
+ int isproxyauthz;
+
+ /* need cleanup */
+ if ( binddn == NULL ) {
+ binddn = &tmpbinddn;
+ }
+ if ( bindcred == NULL ) {
+ bindcred = &tmpbindcred;
+ }
+ if ( op->o_tag == LDAP_REQ_BIND ) {
+ save_o_dn = op->o_dn;
+ save_o_ndn = op->o_ndn;
+ op->o_dn = op->o_req_dn;
+ op->o_ndn = op->o_req_ndn;
+ }
+ isproxyauthz = ldap_back_is_proxy_authz( op, rs, sendok, binddn, bindcred );
+ if ( op->o_tag == LDAP_REQ_BIND ) {
+ op->o_dn = save_o_dn;
+ op->o_ndn = save_o_ndn;
+ }
+ if ( isproxyauthz == -1 ) {
+ return NULL;
+ }
+
+ lc_curr.lc_local_ndn = op->o_ndn;
+ /* Explicit binds must not be shared;
+ * however, explicit binds are piped in a special connection
+ * when idassert is to occur with "override" set */
+ if ( op->o_tag == LDAP_REQ_BIND && !isproxyauthz ) {
+ lc_curr.lc_conn = op->o_conn;
+
+ } else {
+ if ( isproxyauthz && !( sendok & LDAP_BACK_BINDING ) ) {
+ lc_curr.lc_local_ndn = *binddn;
+ LDAP_BACK_PCONN_ROOTDN_SET( &lc_curr, op );
+ LDAP_BACK_CONN_ISIDASSERT_SET( &lc_curr );
+
+ } else if ( isproxyauthz && ( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) {
+ lc_curr.lc_local_ndn = slap_empty_bv;
+ LDAP_BACK_PCONN_BIND_SET( &lc_curr, op );
+ LDAP_BACK_CONN_ISIDASSERT_SET( &lc_curr );
+ lookupconn = 1;
+
+ } else if ( SLAP_IS_AUTHZ_BACKEND( op ) ) {
+ lc_curr.lc_conn = op->o_conn;
+
+ } else {
+ LDAP_BACK_PCONN_ANON_SET( &lc_curr, op );
+ }
+ }
+ }
+
+ /* Explicit Bind requests always get their own conn */
+ if ( lookupconn ) {
+retry_lock:
+ ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+ if ( LDAP_BACK_PCONN_ISPRIV( &lc_curr ) ) {
+ /* lookup a conn that's not binding */
+ LDAP_TAILQ_FOREACH( lc,
+ &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( &lc_curr ) ].lic_priv,
+ lc_q )
+ {
+ if ( !LDAP_BACK_CONN_BINDING( lc ) && lc->lc_refcnt == 0 ) {
+ break;
+ }
+ }
+
+ if ( lc != NULL ) {
+ if ( lc != LDAP_TAILQ_LAST( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv,
+ ldapconn_t, lc_q ) )
+ {
+ LDAP_TAILQ_REMOVE( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv,
+ lc, lc_q );
+ LDAP_TAILQ_ENTRY_INIT( lc, lc_q );
+ LDAP_TAILQ_INSERT_TAIL( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv,
+ lc, lc_q );
+ }
+
+ } else if ( !LDAP_BACK_USE_TEMPORARIES( li )
+ && li->li_conn_priv[ LDAP_BACK_CONN2PRIV( &lc_curr ) ].lic_num == li->li_conn_priv_max )
+ {
+ lc = LDAP_TAILQ_FIRST( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( &lc_curr ) ].lic_priv );
+ }
+
+ } else {
+
+ /* Searches for a ldapconn in the avl tree */
+ lc = (ldapconn_t *)avl_find( li->li_conninfo.lai_tree,
+ (caddr_t)&lc_curr, ldap_back_conndn_cmp );
+ }
+
+ if ( lc != NULL ) {
+ /* Don't reuse connections while they're still binding */
+ if ( LDAP_BACK_CONN_BINDING( lc ) ) {
+ if ( !LDAP_BACK_USE_TEMPORARIES( li ) ) {
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+
+ ldap_pvt_thread_yield();
+ goto retry_lock;
+ }
+ lc = NULL;
+ }
+
+ if ( lc != NULL ) {
+ if ( op->o_tag == LDAP_REQ_BIND ) {
+ /* right now, this is the only possible case */
+ assert( ( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) );
+ LDAP_BACK_CONN_BINDING_SET( lc );
+ }
+
+ refcnt = ++lc->lc_refcnt;
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+ }
+
+ /* Looks like we didn't get a bind. Open a new session... */
+ if ( lc == NULL ) {
+ lc = (ldapconn_t *)ch_calloc( 1, sizeof( ldapconn_t ) );
+ lc->lc_flags = li->li_flags;
+ lc->lc_lcflags = lc_curr.lc_lcflags;
+ if ( ldap_back_prepare_conn( lc, op, rs, sendok ) != LDAP_SUCCESS ) {
+ ch_free( lc );
+ return NULL;
+ }
+
+ if ( sendok & LDAP_BACK_BINDING ) {
+ LDAP_BACK_CONN_BINDING_SET( lc );
+ }
+
+ lc->lc_conn = lc_curr.lc_conn;
+ ber_dupbv( &lc->lc_local_ndn, &lc_curr.lc_local_ndn );
+
+ /*
+ * the rationale is: connections as the rootdn are privileged,
+ * so acl_authcDN is to be used; however, in some cases
+ * one already configured identity assertion with a highly
+ * privileged idassert_authcDN, so if acl_authcDN is NULL
+ * and idassert_authcDN is not, use the second instead.
+ *
+ * might change in the future, because it's preferable
+ * to make clear what identity is being used, since
+ * the only drawback is that one risks to configure
+ * the same identity twice...
+ */
+ if ( LDAP_BACK_CONN_ISPRIV( &lc_curr ) ) {
+ if ( BER_BVISNULL( &li->li_acl_authcDN ) && !BER_BVISNULL( &li->li_idassert_authcDN ) ) {
+ ber_dupbv( &lc->lc_bound_ndn, &li->li_idassert_authcDN );
+ ber_dupbv( &lc->lc_cred, &li->li_idassert_passwd );
+
+ } else {
+ ber_dupbv( &lc->lc_bound_ndn, &li->li_acl_authcDN );
+ ber_dupbv( &lc->lc_cred, &li->li_acl_passwd );
+ }
+ LDAP_BACK_CONN_ISPRIV_SET( lc );
+
+ } else if ( LDAP_BACK_CONN_ISIDASSERT( &lc_curr ) ) {
+ if ( !LDAP_BACK_PCONN_ISBIND( &lc_curr ) ) {
+ ber_dupbv( &lc->lc_bound_ndn, &li->li_idassert_authcDN );
+ ber_dupbv( &lc->lc_cred, &li->li_idassert_passwd );
+ }
+ LDAP_BACK_CONN_ISIDASSERT_SET( lc );
+
+ } else {
+ BER_BVZERO( &lc->lc_cred );
+ BER_BVZERO( &lc->lc_bound_ndn );
+ if ( !BER_BVISEMPTY( &op->o_ndn )
+ && SLAP_IS_AUTHZ_BACKEND( op ) )
+ {
+ ber_dupbv( &lc->lc_bound_ndn, &op->o_ndn );
+ }
+ }
+
+#ifdef HAVE_TLS
+ /* if start TLS failed but it was not mandatory,
+ * check if the non-TLS connection was already
+ * in cache; in case, destroy the newly created
+ * connection and use the existing one */
+ if ( LDAP_BACK_PCONN_ISTLS( lc )
+ && !ldap_tls_inplace( lc->lc_ld ) )
+ {
+ ldapconn_t *tmplc = NULL;
+ int idx = LDAP_BACK_CONN2PRIV( &lc_curr ) - 1;
+
+ ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+ LDAP_TAILQ_FOREACH( tmplc,
+ &li->li_conn_priv[ idx ].lic_priv,
+ lc_q )
+ {
+ if ( !LDAP_BACK_CONN_BINDING( tmplc ) ) {
+ break;
+ }
+ }
+
+ if ( tmplc != NULL ) {
+ refcnt = ++tmplc->lc_refcnt;
+ ldap_back_conn_free( lc );
+ lc = tmplc;
+ }
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+
+ if ( tmplc != NULL ) {
+ goto done;
+ }
+ }
+#endif /* HAVE_TLS */
+
+ /* Inserts the newly created ldapconn in the avl tree */
+ ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+
+ LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+
+ assert( lc->lc_refcnt == 1 );
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+ ldap_back_print_conntree( li, ">>> ldap_back_getconn(insert)" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
+ if ( LDAP_BACK_PCONN_ISPRIV( lc ) ) {
+ if ( li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_num < li->li_conn_priv_max ) {
+ LDAP_TAILQ_INSERT_TAIL( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv, lc, lc_q );
+ li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_num++;
+ LDAP_BACK_CONN_CACHED_SET( lc );
+
+ } else {
+ LDAP_BACK_CONN_TAINTED_SET( lc );
+ }
+ rs->sr_err = 0;
+
+ } else {
+ rs->sr_err = avl_insert( &li->li_conninfo.lai_tree, (caddr_t)lc,
+ ldap_back_conndn_cmp, ldap_back_conndn_dup );
+ LDAP_BACK_CONN_CACHED_SET( lc );
+ }
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+ ldap_back_print_conntree( li, "<<< ldap_back_getconn(insert)" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+
+ if ( StatslogTest( LDAP_DEBUG_TRACE ) ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "lc=%p inserted refcnt=%u rc=%d",
+ (void *)lc, refcnt, rs->sr_err );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "=>ldap_back_getconn: %s: %s\n",
+ op->o_log_prefix, buf, 0 );
+ }
+
+ if ( !LDAP_BACK_PCONN_ISPRIV( lc ) ) {
+ /* Err could be -1 in case a duplicate ldapconn is inserted */
+ switch ( rs->sr_err ) {
+ case 0:
+ break;
+
+ case -1:
+ LDAP_BACK_CONN_CACHED_CLEAR( lc );
+ if ( !( sendok & LDAP_BACK_BINDING ) && !LDAP_BACK_USE_TEMPORARIES( li ) ) {
+ /* duplicate: free and try to get the newly created one */
+ ldap_back_conn_free( lc );
+ lc = NULL;
+ goto retry_lock;
+ }
+
+ /* taint connection, so that it'll be freed when released */
+ LDAP_BACK_CONN_TAINTED_SET( lc );
+ break;
+
+ default:
+ LDAP_BACK_CONN_CACHED_CLEAR( lc );
+ ldap_back_conn_free( lc );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "Proxy bind collision";
+ if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+ send_ldap_result( op, rs );
+ }
+ return NULL;
+ }
+ }
+
+ } else {
+ int expiring = 0;
+
+ if ( ( li->li_idle_timeout != 0 && op->o_time > lc->lc_time + li->li_idle_timeout )
+ || ( li->li_conn_ttl != 0 && op->o_time > lc->lc_create_time + li->li_conn_ttl ) )
+ {
+ expiring = 1;
+
+ /* let it be used, but taint/delete it so that
+ * no-one else can look it up any further */
+ ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+ ldap_back_print_conntree( li, ">>> ldap_back_getconn(timeout)" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
+ (void)ldap_back_conn_delete( li, lc );
+ LDAP_BACK_CONN_TAINTED_SET( lc );
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+ ldap_back_print_conntree( li, "<<< ldap_back_getconn(timeout)" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+ }
+
+ if ( StatslogTest( LDAP_DEBUG_TRACE ) ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "conn %p fetched refcnt=%u%s",
+ (void *)lc, refcnt,
+ expiring ? " expiring" : "" );
+ Debug( LDAP_DEBUG_TRACE,
+ "=>ldap_back_getconn: %s.\n", buf, 0, 0 );
+ }
+ }
+
+#ifdef HAVE_TLS
+done:;
+#endif /* HAVE_TLS */
+
+ return lc;
+}
+
+void
+ldap_back_release_conn_lock(
+ ldapinfo_t *li,
+ ldapconn_t **lcp,
+ int dolock )
+{
+
+ ldapconn_t *lc = *lcp;
+
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+ }
+ assert( lc->lc_refcnt > 0 );
+ LDAP_BACK_CONN_BINDING_CLEAR( lc );
+ lc->lc_refcnt--;
+ if ( LDAP_BACK_CONN_TAINTED( lc ) ) {
+ ldap_back_freeconn( li, lc, 0 );
+ *lcp = NULL;
+ }
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+ }
+}
+
+void
+ldap_back_quarantine(
+ Operation *op,
+ SlapReply *rs )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+
+ slap_retry_info_t *ri = &li->li_quarantine;
+
+ ldap_pvt_thread_mutex_lock( &li->li_quarantine_mutex );
+
+ if ( rs->sr_err == LDAP_UNAVAILABLE ) {
+ time_t new_last = slap_get_time();
+
+ switch ( li->li_isquarantined ) {
+ case LDAP_BACK_FQ_NO:
+ if ( ri->ri_last == new_last ) {
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_ANY,
+ "%s: ldap_back_quarantine enter.\n",
+ op->o_log_prefix, 0, 0 );
+
+ ri->ri_idx = 0;
+ ri->ri_count = 0;
+ break;
+
+ case LDAP_BACK_FQ_RETRYING:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: ldap_back_quarantine block #%d try #%d failed.\n",
+ op->o_log_prefix, ri->ri_idx, ri->ri_count );
+
+ ++ri->ri_count;
+ if ( ri->ri_num[ ri->ri_idx ] != SLAP_RETRYNUM_FOREVER
+ && ri->ri_count == ri->ri_num[ ri->ri_idx ] )
+ {
+ ri->ri_count = 0;
+ ++ri->ri_idx;
+ }
+ break;
+
+ default:
+ break;
+ }
+
+ li->li_isquarantined = LDAP_BACK_FQ_YES;
+ ri->ri_last = new_last;
+
+ } else if ( li->li_isquarantined != LDAP_BACK_FQ_NO ) {
+ if ( ri->ri_last == slap_get_time() ) {
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_ANY,
+ "%s: ldap_back_quarantine exit (%d) err=%d.\n",
+ op->o_log_prefix, li->li_isquarantined, rs->sr_err );
+
+ if ( li->li_quarantine_f ) {
+ (void)li->li_quarantine_f( li, li->li_quarantine_p );
+ }
+
+ ri->ri_count = 0;
+ ri->ri_idx = 0;
+ li->li_isquarantined = LDAP_BACK_FQ_NO;
+ }
+
+done:;
+ ldap_pvt_thread_mutex_unlock( &li->li_quarantine_mutex );
+}
+
+/*
+ * ldap_back_dobind_int
+ *
+ * Note: dolock indicates whether li->li_conninfo.lai_mutex must be locked or not
+ */
+static int
+ldap_back_dobind_int(
+ ldapconn_t **lcp,
+ Operation *op,
+ SlapReply *rs,
+ ldap_back_send_t sendok,
+ int retries,
+ int dolock )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+
+ ldapconn_t *lc;
+ struct berval binddn = slap_empty_bv,
+ bindcred = slap_empty_bv;
+
+ int rc = 0,
+ isbound,
+ binding = 0;
+ ber_int_t msgid;
+
+ assert( lcp != NULL );
+ assert( retries >= 0 );
+
+ if ( sendok & LDAP_BACK_GETCONN ) {
+ assert( *lcp == NULL );
+
+ lc = ldap_back_getconn( op, rs, sendok, &binddn, &bindcred );
+ if ( lc == NULL ) {
+ return 0;
+ }
+ *lcp = lc;
+
+ } else {
+ lc = *lcp;
+ }
+
+ assert( lc != NULL );
+
+retry_lock:;
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+ }
+
+ if ( binding == 0 ) {
+ /* check if already bound */
+ rc = isbound = LDAP_BACK_CONN_ISBOUND( lc );
+ if ( isbound ) {
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+ }
+ return rc;
+ }
+
+ if ( LDAP_BACK_CONN_BINDING( lc ) ) {
+ /* if someone else is about to bind it, give up and retry */
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+ }
+ ldap_pvt_thread_yield();
+ goto retry_lock;
+
+ } else {
+ /* otherwise this thread will bind it */
+ LDAP_BACK_CONN_BINDING_SET( lc );
+ binding = 1;
+ }
+ }
+
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+ }
+
+ /*
+ * FIXME: we need to let clients use proxyAuthz
+ * otherwise we cannot do symmetric pools of servers;
+ * we have to live with the fact that a user can
+ * authorize itself as any ID that is allowed
+ * by the authzTo directive of the "proxyauthzdn".
+ */
+ /*
+ * NOTE: current Proxy Authorization specification
+ * and implementation do not allow proxy authorization
+ * control to be provided with Bind requests
+ */
+ /*
+ * if no bind took place yet, but the connection is bound
+ * and the "idassert-authcDN" (or other ID) is set,
+ * then bind as the asserting identity and explicitly
+ * add the proxyAuthz control to every operation with the
+ * dn bound to the connection as control value.
+ * This is done also if this is the authrizing backend,
+ * but the "override" flag is given to idassert.
+ * It allows to use SASL bind and yet proxyAuthz users
+ */
+ if ( LDAP_BACK_CONN_ISIDASSERT( lc ) ) {
+ if ( BER_BVISEMPTY( &binddn ) && BER_BVISEMPTY( &bindcred ) ) {
+ /* if we got here, it shouldn't return result */
+ rc = ldap_back_is_proxy_authz( op, rs,
+ LDAP_BACK_DONTSEND, &binddn, &bindcred );
+ assert( rc == 1 );
+ }
+ rc = ldap_back_proxy_authz_bind( lc, op, rs, sendok, &binddn, &bindcred );
+ goto done;
+ }
+
+#ifdef HAVE_CYRUS_SASL
+ if ( LDAP_BACK_CONN_ISPRIV( lc )
+ && li->li_acl_authmethod == LDAP_AUTH_SASL )
+ {
+ void *defaults = NULL;
+
+ if ( li->li_acl_secprops != NULL ) {
+ rc = ldap_set_option( lc->lc_ld,
+ LDAP_OPT_X_SASL_SECPROPS, li->li_acl_secprops );
+
+ if ( rc != LDAP_OPT_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "Error: ldap_set_option "
+ "(SECPROPS,\"%s\") failed!\n",
+ li->li_acl_secprops, 0, 0 );
+ goto done;
+ }
+ }
+
+ defaults = lutil_sasl_defaults( lc->lc_ld,
+ li->li_acl_sasl_mech.bv_val,
+ li->li_acl_sasl_realm.bv_val,
+ li->li_acl_authcID.bv_val,
+ li->li_acl_passwd.bv_val,
+ NULL );
+
+ rs->sr_err = ldap_sasl_interactive_bind_s( lc->lc_ld,
+ li->li_acl_authcDN.bv_val,
+ li->li_acl_sasl_mech.bv_val, NULL, NULL,
+ LDAP_SASL_QUIET, lutil_sasl_interact,
+ defaults );
+
+ lutil_sasl_freedefs( defaults );
+
+ rs->sr_err = slap_map_api2result( rs );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ }
+
+ } else {
+ LDAP_BACK_CONN_ISBOUND_SET( lc );
+ }
+
+ if ( LDAP_BACK_QUARANTINE( li ) ) {
+ ldap_back_quarantine( op, rs );
+ }
+
+ goto done;
+ }
+#endif /* HAVE_CYRUS_SASL */
+
+retry:;
+ rs->sr_err = ldap_sasl_bind( lc->lc_ld,
+ BER_BVISNULL( &lc->lc_cred ) ? "" : lc->lc_bound_ndn.bv_val,
+ LDAP_SASL_SIMPLE, &lc->lc_cred,
+ NULL, NULL, &msgid );
+
+ if ( rs->sr_err == LDAP_SERVER_DOWN ) {
+ if ( retries != LDAP_BACK_RETRY_NEVER ) {
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+ }
+
+ assert( lc->lc_refcnt > 0 );
+ if ( lc->lc_refcnt == 1 ) {
+ ldap_unbind_ext( lc->lc_ld, NULL, NULL );
+ lc->lc_ld = NULL;
+
+ /* lc here must be the regular lc, reset and ready for init */
+ rs->sr_err = ldap_back_prepare_conn( lc, op, rs, sendok );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ sendok &= ~LDAP_BACK_SENDERR;
+ lc->lc_refcnt = 0;
+ }
+ }
+
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+ }
+
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ if ( retries > 0 ) {
+ retries--;
+ }
+ goto retry;
+ }
+ }
+
+ assert( lc->lc_refcnt == 1 );
+ lc->lc_refcnt = 0;
+ ldap_back_freeconn( li, lc, dolock );
+ *lcp = NULL;
+ rs->sr_err = slap_map_api2result( rs );
+
+ if ( LDAP_BACK_QUARANTINE( li ) ) {
+ ldap_back_quarantine( op, rs );
+ }
+
+ if ( rs->sr_err != LDAP_SUCCESS &&
+ ( sendok & LDAP_BACK_SENDERR ) )
+ {
+ rs->sr_text = "Internal proxy bind failure";
+ send_ldap_result( op, rs );
+ }
+
+ return 0;
+ }
+
+ rc = ldap_back_op_result( lc, op, rs, msgid,
+ -1, ( sendok | LDAP_BACK_BINDING ) );
+ if ( rc == LDAP_SUCCESS ) {
+ LDAP_BACK_CONN_ISBOUND_SET( lc );
+ }
+
+done:;
+ LDAP_BACK_CONN_BINDING_CLEAR( lc );
+ rc = LDAP_BACK_CONN_ISBOUND( lc );
+ if ( !rc ) {
+ ldap_back_release_conn_lock( li, lcp, dolock );
+
+ } else if ( LDAP_BACK_SAVECRED( li ) ) {
+ ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc );
+ }
+
+ return rc;
+}
+
+/*
+ * ldap_back_dobind
+ *
+ * Note: dolock indicates whether li->li_conninfo.lai_mutex must be locked or not
+ */
+int
+ldap_back_dobind( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+
+ return ldap_back_dobind_int( lcp, op, rs,
+ ( sendok | LDAP_BACK_GETCONN ), li->li_nretries, 1 );
+}
+
+/*
+ * ldap_back_default_rebind
+ *
+ * This is a callback used for chasing referrals using the same
+ * credentials as the original user on this session.
+ */
+int
+ldap_back_default_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request,
+ ber_int_t msgid, void *params )
+{
+ ldapconn_t *lc = (ldapconn_t *)params;
+
+#ifdef HAVE_TLS
+ /* ... otherwise we couldn't get here */
+ assert( lc != NULL );
+
+ if ( !ldap_tls_inplace( ld ) ) {
+ int is_tls = LDAP_BACK_CONN_ISTLS( lc ),
+ rc;
+ const char *text = NULL;
+
+ rc = ldap_back_start_tls( ld, 0, &is_tls, url, lc->lc_flags,
+ LDAP_BACK_RETRY_DEFAULT, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ }
+#endif /* HAVE_TLS */
+
+ /* FIXME: add checks on the URL/identity? */
+
+ return ldap_sasl_bind_s( ld,
+ BER_BVISNULL( &lc->lc_cred ) ? "" : lc->lc_bound_ndn.bv_val,
+ LDAP_SASL_SIMPLE, &lc->lc_cred, NULL, NULL, NULL );
+}
+
+int
+ldap_back_cancel(
+ ldapconn_t *lc,
+ Operation *op,
+ SlapReply *rs,
+ ber_int_t msgid,
+ ldap_back_send_t sendok )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+
+ /* default behavior */
+ if ( LDAP_BACK_ABANDON( li ) ) {
+ return ldap_abandon_ext( lc->lc_ld, msgid, NULL, NULL );
+ }
+
+ if ( LDAP_BACK_CANCEL( li ) ) {
+ /* FIXME: asynchronous? */
+ return ldap_cancel_s( lc->lc_ld, msgid, NULL, NULL );
+ }
+
+ assert( 0 );
+
+ return LDAP_OTHER;
+}
+
+int
+ldap_back_op_result(
+ ldapconn_t *lc,
+ Operation *op,
+ SlapReply *rs,
+ ber_int_t msgid,
+ time_t timeout,
+ ldap_back_send_t sendok )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+
+ char *match = NULL;
+ char *text = NULL;
+ char **refs = NULL;
+ LDAPControl **ctrls = NULL;
+
+#define ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE)
+
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ rs->sr_ref = NULL;
+ rs->sr_ctrls = NULL;
+
+ /* if the error recorded in the reply corresponds
+ * to a successful state, get the error from the
+ * remote server response */
+ if ( ERR_OK( rs->sr_err ) ) {
+ int rc;
+ struct timeval tv;
+ LDAPMessage *res = NULL;
+ time_t stoptime = (time_t)(-1);
+ int timeout_err = op->o_protocol >= LDAP_VERSION3 ?
+ LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
+ const char *timeout_text = "Operation timed out";
+
+ /* if timeout is not specified, compute and use
+ * the one specific to the ongoing operation */
+ if ( timeout == (time_t)(-1) ) {
+ slap_op_t opidx = slap_req2op( op->o_tag );
+
+ if ( opidx == SLAP_OP_SEARCH ) {
+ if ( op->ors_tlimit <= 0 ) {
+ timeout = 0;
+
+ } else {
+ timeout = op->ors_tlimit;
+ timeout_err = LDAP_TIMELIMIT_EXCEEDED;
+ timeout_text = NULL;
+ }
+
+ } else {
+ timeout = li->li_timeout[ opidx ];
+ }
+ }
+
+ /* better than nothing :) */
+ if ( timeout == 0 ) {
+ if ( li->li_idle_timeout ) {
+ timeout = li->li_idle_timeout;
+
+ } else if ( li->li_conn_ttl ) {
+ timeout = li->li_conn_ttl;
+ }
+ }
+
+ if ( timeout ) {
+ stoptime = op->o_time + timeout;
+ }
+
+ LDAP_BACK_TV_SET( &tv );
+
+retry:;
+ /* if result parsing fails, note the failure reason */
+ rc = ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, &tv, &res );
+ switch ( rc ) {
+ case 0:
+ if ( timeout && slap_get_time() > stoptime ) {
+ if ( sendok & LDAP_BACK_BINDING ) {
+ ldap_unbind_ext( lc->lc_ld, NULL, NULL );
+ lc->lc_ld = NULL;
+
+ /* let it be used, but taint/delete it so that
+ * no-one else can look it up any further */
+ ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+ ldap_back_print_conntree( li, ">>> ldap_back_getconn(timeout)" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
+ (void)ldap_back_conn_delete( li, lc );
+ LDAP_BACK_CONN_TAINTED_SET( lc );
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+ ldap_back_print_conntree( li, "<<< ldap_back_getconn(timeout)" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+
+ } else {
+ (void)ldap_back_cancel( lc, op, rs, msgid, sendok );
+ }
+ rs->sr_err = timeout_err;
+ rs->sr_text = timeout_text;
+ break;
+ }
+
+ /* timeout == 0 */
+ LDAP_BACK_TV_SET( &tv );
+ ldap_pvt_thread_yield();
+ goto retry;
+
+ case -1:
+ ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER,
+ &rs->sr_err );
+ break;
+
+
+ /* otherwise get the result; if it is not
+ * LDAP_SUCCESS, record it in the reply
+ * structure (this includes
+ * LDAP_COMPARE_{TRUE|FALSE}) */
+ default:
+ /* only touch when activity actually took place... */
+ if ( li->li_idle_timeout && lc ) {
+ lc->lc_time = op->o_time;
+ }
+
+ rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
+ &match, &text, &refs, &ctrls, 1 );
+ rs->sr_text = text;
+ if ( rc != LDAP_SUCCESS ) {
+ rs->sr_err = rc;
+ }
+
+ /* RFC 4511: referrals can only appear
+ * if result code is LDAP_REFERRAL */
+ if ( refs != NULL
+ && refs[ 0 ] != NULL
+ && refs[ 0 ][ 0 ] != '\0' )
+ {
+ if ( rs->sr_err != LDAP_REFERRAL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s ldap_back_op_result: "
+ "got referrals with err=%d\n",
+ op->o_log_prefix,
+ rs->sr_err, 0 );
+
+ } else {
+ int i;
+
+ for ( i = 0; refs[ i ] != NULL; i++ )
+ /* count */ ;
+ rs->sr_ref = op->o_tmpalloc( sizeof( struct berval ) * ( i + 1 ),
+ op->o_tmpmemctx );
+ for ( i = 0; refs[ i ] != NULL; i++ ) {
+ ber_str2bv( refs[ i ], 0, 0, &rs->sr_ref[ i ] );
+ }
+ BER_BVZERO( &rs->sr_ref[ i ] );
+ }
+
+ } else if ( rs->sr_err == LDAP_REFERRAL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s ldap_back_op_result: "
+ "got err=%d with null "
+ "or empty referrals\n",
+ op->o_log_prefix,
+ rs->sr_err, 0 );
+
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ }
+
+ if ( ctrls != NULL ) {
+ rs->sr_ctrls = ctrls;
+ }
+ }
+ }
+
+ /* if the error in the reply structure is not
+ * LDAP_SUCCESS, try to map it from client
+ * to server error */
+ if ( !ERR_OK( rs->sr_err ) ) {
+ rs->sr_err = slap_map_api2result( rs );
+
+ /* internal ops ( op->o_conn == NULL )
+ * must not reply to client */
+ if ( op->o_conn && !op->o_do_not_cache && match ) {
+
+ /* record the (massaged) matched
+ * DN into the reply structure */
+ rs->sr_matched = match;
+ }
+ }
+
+ if ( rs->sr_err == LDAP_UNAVAILABLE ) {
+ if ( !( sendok & LDAP_BACK_RETRYING ) ) {
+ if ( LDAP_BACK_QUARANTINE( li ) ) {
+ ldap_back_quarantine( op, rs );
+ }
+ if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+ if ( rs->sr_text == NULL ) rs->sr_text = "Proxy operation retry failed";
+ send_ldap_result( op, rs );
+ }
+ }
+
+ } else if ( op->o_conn &&
+ ( ( ( sendok & LDAP_BACK_SENDOK ) && ERR_OK( rs->sr_err ) )
+ || ( ( sendok & LDAP_BACK_SENDERR ) && rs->sr_err != LDAP_SUCCESS ) ) )
+ {
+ send_ldap_result( op, rs );
+ }
+
+ if ( match ) {
+ if ( rs->sr_matched != match ) {
+ free( (char *)rs->sr_matched );
+ }
+ rs->sr_matched = NULL;
+ ldap_memfree( match );
+ }
+
+ if ( text ) {
+ ldap_memfree( text );
+ }
+ rs->sr_text = NULL;
+
+ if ( rs->sr_ref ) {
+ op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
+ rs->sr_ref = NULL;
+ }
+
+ if ( refs ) {
+ ber_memvfree( (void **)refs );
+ }
+
+ if ( ctrls ) {
+ assert( rs->sr_ctrls != NULL );
+ ldap_controls_free( ctrls );
+ rs->sr_ctrls = NULL;
+ }
+
+ return( ERR_OK( rs->sr_err ) ? LDAP_SUCCESS : rs->sr_err );
+}
+
+/* return true if bound, false if failed */
+int
+ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+ int rc = 0;
+
+ assert( lcp != NULL );
+ assert( *lcp != NULL );
+
+ ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+
+ if ( (*lcp)->lc_refcnt == 1 ) {
+ int binding = LDAP_BACK_CONN_BINDING( *lcp );
+
+ ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
+ Debug( LDAP_DEBUG_ANY,
+ "%s ldap_back_retry: retrying URI=\"%s\" DN=\"%s\"\n",
+ op->o_log_prefix, li->li_uri,
+ BER_BVISNULL( &(*lcp)->lc_bound_ndn ) ?
+ "" : (*lcp)->lc_bound_ndn.bv_val );
+ ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
+
+ ldap_unbind_ext( (*lcp)->lc_ld, NULL, NULL );
+ (*lcp)->lc_ld = NULL;
+ LDAP_BACK_CONN_ISBOUND_CLEAR( (*lcp) );
+
+ /* lc here must be the regular lc, reset and ready for init */
+ rc = ldap_back_prepare_conn( *lcp, op, rs, sendok );
+ if ( rc != LDAP_SUCCESS ) {
+ /* freeit, because lc_refcnt == 1 */
+ (*lcp)->lc_refcnt = 0;
+ (void)ldap_back_freeconn( li, *lcp, 0 );
+ *lcp = NULL;
+ rc = 0;
+
+ } else if ( ( sendok & LDAP_BACK_BINDING ) ) {
+ if ( binding ) {
+ LDAP_BACK_CONN_BINDING_SET( *lcp );
+ }
+ rc = 1;
+
+ } else {
+ rc = ldap_back_dobind_int( lcp, op, rs, sendok, 0, 0 );
+ if ( rc == 0 && *lcp != NULL ) {
+ /* freeit, because lc_refcnt == 1 */
+ (*lcp)->lc_refcnt = 0;
+ LDAP_BACK_CONN_TAINTED_SET( *lcp );
+ (void)ldap_back_freeconn( li, *lcp, 0 );
+ *lcp = NULL;
+ }
+ }
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_back_retry: conn %p refcnt=%u unable to retry.\n",
+ (void *)(*lcp), (*lcp)->lc_refcnt, 0 );
+
+ LDAP_BACK_CONN_TAINTED_SET( *lcp );
+ ldap_back_release_conn_lock( li, lcp, 0 );
+ assert( *lcp == NULL );
+
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ rs->sr_err = LDAP_UNAVAILABLE;
+ rs->sr_text = "Unable to retry";
+ send_ldap_result( op, rs );
+ }
+ }
+
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+
+ return rc;
+}
+
+static int
+ldap_back_is_proxy_authz( Operation *op, SlapReply *rs, ldap_back_send_t sendok,
+ struct berval *binddn, struct berval *bindcred )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+ struct berval ndn;
+ int dobind = 0;
+
+ if ( op->o_conn == NULL || op->o_do_not_cache ) {
+ goto done;
+ }
+
+ /* don't proxyAuthz if protocol is not LDAPv3 */
+ switch ( li->li_version ) {
+ case LDAP_VERSION3:
+ break;
+
+ case 0:
+ if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) {
+ break;
+ }
+ /* fall thru */
+
+ default:
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ dobind = -1;
+ }
+ goto done;
+ }
+
+ /* safe default */
+ *binddn = slap_empty_bv;
+ *bindcred = slap_empty_bv;
+
+ if ( !BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+ ndn = op->o_conn->c_ndn;
+
+ } else {
+ ndn = op->o_ndn;
+ }
+
+ switch ( li->li_idassert_mode ) {
+ case LDAP_BACK_IDASSERT_LEGACY:
+ if ( !BER_BVISNULL( &ndn ) && !BER_BVISEMPTY( &ndn ) ) {
+ if ( !BER_BVISNULL( &li->li_idassert_authcDN ) && !BER_BVISEMPTY( &li->li_idassert_authcDN ) )
+ {
+ *binddn = li->li_idassert_authcDN;
+ *bindcred = li->li_idassert_passwd;
+ dobind = 1;
+ }
+ }
+ break;
+
+ default:
+ /* NOTE: rootdn can always idassert */
+ if ( BER_BVISNULL( &ndn )
+ && li->li_idassert_authz == NULL
+ && !( li->li_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) )
+ {
+ if ( li->li_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
+ rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ dobind = -1;
+ }
+
+ } else {
+ rs->sr_err = LDAP_SUCCESS;
+ *binddn = slap_empty_bv;
+ *bindcred = slap_empty_bv;
+ break;
+ }
+
+ goto done;
+
+ } else if ( li->li_idassert_authz && !be_isroot( op ) ) {
+ struct berval authcDN;
+
+ if ( BER_BVISNULL( &ndn ) ) {
+ authcDN = slap_empty_bv;
+
+ } else {
+ authcDN = ndn;
+ }
+ rs->sr_err = slap_sasl_matches( op, li->li_idassert_authz,
+ &authcDN, &authcDN );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ if ( li->li_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ dobind = -1;
+ }
+
+ } else {
+ rs->sr_err = LDAP_SUCCESS;
+ *binddn = slap_empty_bv;
+ *bindcred = slap_empty_bv;
+ break;
+ }
+
+ goto done;
+ }
+ }
+
+ *binddn = li->li_idassert_authcDN;
+ *bindcred = li->li_idassert_passwd;
+ dobind = 1;
+ break;
+ }
+
+done:;
+ return dobind;
+}
+
+static int
+ldap_back_proxy_authz_bind(
+ ldapconn_t *lc,
+ Operation *op,
+ SlapReply *rs,
+ ldap_back_send_t sendok,
+ struct berval *binddn,
+ struct berval *bindcred )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+ struct berval ndn;
+ int msgid;
+ int rc;
+
+ if ( !BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+ ndn = op->o_conn->c_ndn;
+
+ } else {
+ ndn = op->o_ndn;
+ }
+
+ if ( li->li_idassert_authmethod == LDAP_AUTH_SASL ) {
+#ifdef HAVE_CYRUS_SASL
+ void *defaults = NULL;
+ struct berval authzID = BER_BVNULL;
+ int freeauthz = 0;
+
+ /* if SASL supports native authz, prepare for it */
+ if ( ( !op->o_do_not_cache || !op->o_is_auth_check ) &&
+ ( li->li_idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ ) )
+ {
+ switch ( li->li_idassert_mode ) {
+ case LDAP_BACK_IDASSERT_OTHERID:
+ case LDAP_BACK_IDASSERT_OTHERDN:
+ authzID = li->li_idassert_authzID;
+ break;
+
+ case LDAP_BACK_IDASSERT_ANONYMOUS:
+ BER_BVSTR( &authzID, "dn:" );
+ break;
+
+ case LDAP_BACK_IDASSERT_SELF:
+ if ( BER_BVISNULL( &ndn ) ) {
+ /* connection is not authc'd, so don't idassert */
+ BER_BVSTR( &authzID, "dn:" );
+ break;
+ }
+ authzID.bv_len = STRLENOF( "dn:" ) + ndn.bv_len;
+ authzID.bv_val = slap_sl_malloc( authzID.bv_len + 1, op->o_tmpmemctx );
+ AC_MEMCPY( authzID.bv_val, "dn:", STRLENOF( "dn:" ) );
+ AC_MEMCPY( authzID.bv_val + STRLENOF( "dn:" ),
+ ndn.bv_val, ndn.bv_len + 1 );
+ freeauthz = 1;
+ break;
+
+ default:
+ break;
+ }
+ }
+
+ if ( li->li_idassert_secprops != NULL ) {
+ rs->sr_err = ldap_set_option( lc->lc_ld,
+ LDAP_OPT_X_SASL_SECPROPS,
+ (void *)li->li_idassert_secprops );
+
+ if ( rs->sr_err != LDAP_OPT_SUCCESS ) {
+ rs->sr_err = LDAP_OTHER;
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ }
+ LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+ goto done;
+ }
+ }
+
+ defaults = lutil_sasl_defaults( lc->lc_ld,
+ li->li_idassert_sasl_mech.bv_val,
+ li->li_idassert_sasl_realm.bv_val,
+ li->li_idassert_authcID.bv_val,
+ li->li_idassert_passwd.bv_val,
+ authzID.bv_val );
+
+ rs->sr_err = ldap_sasl_interactive_bind_s( lc->lc_ld, binddn->bv_val,
+ li->li_idassert_sasl_mech.bv_val, NULL, NULL,
+ LDAP_SASL_QUIET, lutil_sasl_interact,
+ defaults );
+
+ rs->sr_err = slap_map_api2result( rs );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ }
+
+ } else {
+ LDAP_BACK_CONN_ISBOUND_SET( lc );
+ }
+
+ lutil_sasl_freedefs( defaults );
+ if ( freeauthz ) {
+ slap_sl_free( authzID.bv_val, op->o_tmpmemctx );
+ }
+
+ goto done;
+#endif /* HAVE_CYRUS_SASL */
+ }
+
+ switch ( li->li_idassert_authmethod ) {
+ case LDAP_AUTH_NONE:
+ /* FIXME: do we really need this? */
+ BER_BVSTR( binddn, "" );
+ BER_BVSTR( bindcred, "" );
+ /* fallthru */
+
+ case LDAP_AUTH_SIMPLE:
+ rs->sr_err = ldap_sasl_bind( lc->lc_ld,
+ binddn->bv_val, LDAP_SASL_SIMPLE,
+ bindcred, NULL, NULL, &msgid );
+ rc = ldap_back_op_result( lc, op, rs, msgid,
+ -1, ( sendok | LDAP_BACK_BINDING ) );
+ break;
+
+ default:
+ /* unsupported! */
+ LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+ rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED;
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ }
+ goto done;
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ /* set rebind stuff in case of successful proxyAuthz bind,
+ * so that referral chasing is attempted using the right
+ * identity */
+ LDAP_BACK_CONN_ISBOUND_SET( lc );
+ ber_bvreplace( &lc->lc_bound_ndn, binddn );
+
+ if ( !BER_BVISNULL( &lc->lc_cred ) ) {
+ memset( lc->lc_cred.bv_val, 0,
+ lc->lc_cred.bv_len );
+ }
+
+ if ( LDAP_BACK_SAVECRED( li ) ) {
+ ber_bvreplace( &lc->lc_cred, bindcred );
+ ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc );
+
+ } else {
+ lc->lc_cred.bv_len = 0;
+ }
+ }
+done:;
+ return LDAP_BACK_CONN_ISBOUND( lc );
+}
+
+/*
+ * ldap_back_proxy_authz_ctrl() prepends a proxyAuthz control
+ * to existing server-side controls if required; if not,
+ * the existing server-side controls are placed in *pctrls.
+ * The caller, after using the controls in client API
+ * operations, if ( *pctrls != op->o_ctrls ), should
+ * free( (*pctrls)[ 0 ] ) and free( *pctrls ).
+ * The function returns success if the control could
+ * be added if required, or if it did nothing; in the future,
+ * it might return some error if it failed.
+ *
+ * if no bind took place yet, but the connection is bound
+ * and the "proxyauthzdn" is set, then bind as "proxyauthzdn"
+ * and explicitly add proxyAuthz the control to every operation
+ * with the dn bound to the connection as control value.
+ *
+ * If no server-side controls are defined for the operation,
+ * simply add the proxyAuthz control; otherwise, if the
+ * proxyAuthz control is not already set, add it as
+ * the first one
+ *
+ * FIXME: is controls order significant for security?
+ * ANSWER: controls ordering and interoperability
+ * must be indicated by the specs of each control; if none
+ * is specified, the order is irrelevant.
+ */
+int
+ldap_back_proxy_authz_ctrl(
+ struct berval *bound_ndn,
+ int version,
+ slap_idassert_t *si,
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl ***pctrls )
+{
+ LDAPControl **ctrls = NULL;
+ int i = 0;
+ slap_idassert_mode_t mode;
+ struct berval assertedID,
+ ndn;
+ int isroot = 0;
+
+ *pctrls = NULL;
+
+ rs->sr_err = LDAP_SUCCESS;
+
+ /* don't proxyAuthz if protocol is not LDAPv3 */
+ switch ( version ) {
+ case LDAP_VERSION3:
+ break;
+
+ case 0:
+ if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) {
+ break;
+ }
+ /* fall thru */
+
+ default:
+ goto done;
+ }
+
+ /* FIXME: SASL/EXTERNAL over ldapi:// doesn't honor the authcID,
+ * but if it is not set this test fails. We need a different
+ * means to detect if idassert is enabled */
+ if ( ( BER_BVISNULL( &si->si_bc.sb_authcId ) || BER_BVISEMPTY( &si->si_bc.sb_authcId ) )
+ && ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) ) )
+ {
+ goto done;
+ }
+
+ if ( !op->o_conn || op->o_do_not_cache || ( isroot = be_isroot( op ) ) ) {
+ goto done;
+ }
+
+ if ( op->o_tag == LDAP_REQ_BIND ) {
+ ndn = op->o_req_ndn;
+
+ } else if ( !BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+ ndn = op->o_conn->c_ndn;
+
+ } else {
+ ndn = op->o_ndn;
+ }
+
+ if ( si->si_mode == LDAP_BACK_IDASSERT_LEGACY ) {
+ if ( op->o_proxy_authz ) {
+ /*
+ * FIXME: we do not want to perform proxyAuthz
+ * on behalf of the client, because this would
+ * be performed with "proxyauthzdn" privileges.
+ *
+ * This might actually be too strict, since
+ * the "proxyauthzdn" authzTo, and each entry's
+ * authzFrom attributes may be crafted
+ * to avoid unwanted proxyAuthz to take place.
+ */
+#if 0
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "proxyAuthz not allowed within namingContext";
+#endif
+ goto done;
+ }
+
+ if ( !BER_BVISNULL( bound_ndn ) ) {
+ goto done;
+ }
+
+ if ( BER_BVISNULL( &ndn ) ) {
+ goto done;
+ }
+
+ if ( BER_BVISNULL( &si->si_bc.sb_binddn ) ) {
+ goto done;
+ }
+
+ } else if ( si->si_bc.sb_method == LDAP_AUTH_SASL ) {
+ if ( ( si->si_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ ) )
+ {
+ /* already asserted in SASL via native authz */
+ goto done;
+ }
+
+ } else if ( si->si_authz && !isroot ) {
+ int rc;
+ struct berval authcDN;
+
+ if ( BER_BVISNULL( &ndn ) ) {
+ authcDN = slap_empty_bv;
+ } else {
+ authcDN = ndn;
+ }
+ rc = slap_sasl_matches( op, si->si_authz,
+ &authcDN, & authcDN );
+ if ( rc != LDAP_SUCCESS ) {
+ if ( si->si_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
+ /* ndn is not authorized
+ * to use idassert */
+ rs->sr_err = rc;
+ }
+ goto done;
+ }
+ }
+
+ if ( op->o_proxy_authz ) {
+ /*
+ * FIXME: we can:
+ * 1) ignore the already set proxyAuthz control
+ * 2) leave it in place, and don't set ours
+ * 3) add both
+ * 4) reject the operation
+ *
+ * option (4) is very drastic
+ * option (3) will make the remote server reject
+ * the operation, thus being equivalent to (4)
+ * option (2) will likely break the idassert
+ * assumptions, so we cannot accept it;
+ * option (1) means that we are contradicting
+ * the client's reques.
+ *
+ * I think (4) is the only correct choice.
+ */
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "proxyAuthz not allowed within namingContext";
+ }
+
+ if ( op->o_is_auth_check ) {
+ mode = LDAP_BACK_IDASSERT_NOASSERT;
+
+ } else {
+ mode = si->si_mode;
+ }
+
+ switch ( mode ) {
+ case LDAP_BACK_IDASSERT_LEGACY:
+ /* original behavior:
+ * assert the client's identity */
+ case LDAP_BACK_IDASSERT_SELF:
+ assertedID = ndn;
+ break;
+
+ case LDAP_BACK_IDASSERT_ANONYMOUS:
+ /* assert "anonymous" */
+ assertedID = slap_empty_bv;
+ break;
+
+ case LDAP_BACK_IDASSERT_NOASSERT:
+ /* don't assert; bind as proxyauthzdn */
+ goto done;
+
+ case LDAP_BACK_IDASSERT_OTHERID:
+ case LDAP_BACK_IDASSERT_OTHERDN:
+ /* assert idassert DN */
+ assertedID = si->si_bc.sb_authzId;
+ break;
+
+ default:
+ assert( 0 );
+ }
+
+ /* if we got here, "" is allowed to proxyAuthz */
+ if ( BER_BVISNULL( &assertedID ) ) {
+ assertedID = slap_empty_bv;
+ }
+
+ /* don't idassert the bound DN (ITS#4497) */
+ if ( dn_match( &assertedID, bound_ndn ) ) {
+ goto done;
+ }
+
+ if ( op->o_ctrls ) {
+ for ( i = 0; op->o_ctrls[ i ]; i++ )
+ /* just count ctrls */ ;
+ }
+
+ ctrls = op->o_tmpalloc( sizeof( LDAPControl * ) * (i + 2) + sizeof( LDAPControl ),
+ op->o_tmpmemctx );
+ ctrls[ 0 ] = (LDAPControl *)&ctrls[ i + 2 ];
+
+ ctrls[ 0 ]->ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
+ ctrls[ 0 ]->ldctl_iscritical = 1;
+
+ switch ( si->si_mode ) {
+ /* already in u:ID or dn:DN form */
+ case LDAP_BACK_IDASSERT_OTHERID:
+ case LDAP_BACK_IDASSERT_OTHERDN:
+ ber_dupbv_x( &ctrls[ 0 ]->ldctl_value, &assertedID, op->o_tmpmemctx );
+ break;
+
+ /* needs the dn: prefix */
+ default:
+ ctrls[ 0 ]->ldctl_value.bv_len = assertedID.bv_len + STRLENOF( "dn:" );
+ ctrls[ 0 ]->ldctl_value.bv_val = op->o_tmpalloc( ctrls[ 0 ]->ldctl_value.bv_len + 1,
+ op->o_tmpmemctx );
+ AC_MEMCPY( ctrls[ 0 ]->ldctl_value.bv_val, "dn:", STRLENOF( "dn:" ) );
+ AC_MEMCPY( &ctrls[ 0 ]->ldctl_value.bv_val[ STRLENOF( "dn:" ) ],
+ assertedID.bv_val, assertedID.bv_len + 1 );
+ break;
+ }
+
+ /* Older versions of <draft-weltman-ldapv3-proxy> required
+ * to encode the value of the authzID (and called it proxyDN);
+ * this hack provides compatibility with those DSAs that
+ * implement it this way */
+ if ( si->si_flags & LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND ) {
+ struct berval authzID = ctrls[ 0 ]->ldctl_value;
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ ber_tag_t tag;
+
+ ber_init2( ber, 0, LBER_USE_DER );
+ ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+
+ tag = ber_printf( ber, "O", &authzID );
+ if ( tag == LBER_ERROR ) {
+ rs->sr_err = LDAP_OTHER;
+ goto free_ber;
+ }
+
+ if ( ber_flatten2( ber, &ctrls[ 0 ]->ldctl_value, 1 ) == -1 ) {
+ rs->sr_err = LDAP_OTHER;
+ goto free_ber;
+ }
+
+free_ber:;
+ op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
+ ber_free_buf( ber );
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ op->o_tmpfree( ctrls, op->o_tmpmemctx );
+ ctrls = NULL;
+ goto done;
+ }
+
+ } else if ( si->si_flags & LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ ) {
+ struct berval authzID = ctrls[ 0 ]->ldctl_value,
+ tmp;
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ ber_tag_t tag;
+
+ if ( strncasecmp( authzID.bv_val, "dn:", STRLENOF( "dn:" ) ) != 0 ) {
+ op->o_tmpfree( ctrls[ 0 ]->ldctl_value.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( ctrls, op->o_tmpmemctx );
+ ctrls = NULL;
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+
+ tmp = authzID;
+ tmp.bv_val += STRLENOF( "dn:" );
+ tmp.bv_len -= STRLENOF( "dn:" );
+
+ ber_init2( ber, 0, LBER_USE_DER );
+ ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+
+ /* apparently, Mozilla API encodes this
+ * as "SEQUENCE { LDAPDN }" */
+ tag = ber_printf( ber, "{O}", &tmp );
+ if ( tag == LBER_ERROR ) {
+ rs->sr_err = LDAP_OTHER;
+ goto free_ber2;
+ }
+
+ if ( ber_flatten2( ber, &ctrls[ 0 ]->ldctl_value, 1 ) == -1 ) {
+ rs->sr_err = LDAP_OTHER;
+ goto free_ber2;
+ }
+
+free_ber2:;
+ op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
+ ber_free_buf( ber );
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ op->o_tmpfree( ctrls, op->o_tmpmemctx );
+ ctrls = NULL;
+ goto done;
+ }
+
+ ctrls[ 0 ]->ldctl_oid = LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ;
+ }
+
+ if ( op->o_ctrls ) {
+ for ( i = 0; op->o_ctrls[ i ]; i++ ) {
+ ctrls[ i + 1 ] = op->o_ctrls[ i ];
+ }
+ }
+ ctrls[ i + 1 ] = NULL;
+
+done:;
+ if ( ctrls == NULL ) {
+ ctrls = op->o_ctrls;
+ }
+
+ *pctrls = ctrls;
+
+ return rs->sr_err;
+}
+
+int
+ldap_back_proxy_authz_ctrl_free( Operation *op, LDAPControl ***pctrls )
+{
+ LDAPControl **ctrls = *pctrls;
+
+ /* we assume that the first control is the proxyAuthz
+ * added by back-ldap, so it's the only one we explicitly
+ * free */
+ if ( ctrls && ctrls != op->o_ctrls ) {
+ assert( ctrls[ 0 ] != NULL );
+
+ if ( !BER_BVISNULL( &ctrls[ 0 ]->ldctl_value ) ) {
+ op->o_tmpfree( ctrls[ 0 ]->ldctl_value.bv_val, op->o_tmpmemctx );
+ }
+
+ op->o_tmpfree( ctrls, op->o_tmpmemctx );
+ }
+
+ *pctrls = NULL;
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/chain.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/chain.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/chain.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2063 @@
+/* chain.c - chain LDAP operations */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/chain.c,v 1.12.2.22 2007/02/01 21:20:21 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software.
+ * This work was subsequently modified by Pierangelo Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "lutil.h"
+#include "slap.h"
+#include "back-ldap.h"
+#include "config.h"
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+#define SLAP_CHAINING_DEFAULT LDAP_CHAINING_PREFERRED
+#define SLAP_CH_RESOLVE_SHIFT SLAP_CONTROL_SHIFT
+#define SLAP_CH_RESOLVE_MASK (0x3 << SLAP_CH_RESOLVE_SHIFT)
+#define SLAP_CH_RESOLVE_CHAINING_PREFERRED (LDAP_CHAINING_PREFERRED << SLAP_CH_RESOLVE_SHIFT)
+#define SLAP_CH_RESOLVE_CHAINING_REQUIRED (LDAP_CHAINING_REQUIRED << SLAP_CH_RESOLVE_SHIFT)
+#define SLAP_CH_RESOLVE_REFERRALS_PREFERRED (LDAP_REFERRALS_PREFERRED << SLAP_CH_RESOLVE_SHIFT)
+#define SLAP_CH_RESOLVE_REFERRALS_REQUIRED (LDAP_REFERRALS_REQUIRED << SLAP_CH_RESOLVE_SHIFT)
+#define SLAP_CH_RESOLVE_DEFAULT (SLAP_CHAINING_DEFAULT << SLAP_CH_RESOLVE_SHIFT)
+#define SLAP_CH_CONTINUATION_SHIFT (SLAP_CH_RESOLVE_SHIFT + 2)
+#define SLAP_CH_CONTINUATION_MASK (0x3 << SLAP_CH_CONTINUATION_SHIFT)
+#define SLAP_CH_CONTINUATION_CHAINING_PREFERRED (LDAP_CHAINING_PREFERRED << SLAP_CH_CONTINUATION_SHIFT)
+#define SLAP_CH_CONTINUATION_CHAINING_REQUIRED (LDAP_CHAINING_REQUIRED << SLAP_CH_CONTINUATION_SHIFT)
+#define SLAP_CH_CONTINUATION_REFERRALS_PREFERRED (LDAP_REFERRALS_PREFERRED << SLAP_CH_CONTINUATION_SHIFT)
+#define SLAP_CH_CONTINUATION_REFERRALS_REQUIRED (LDAP_REFERRALS_REQUIRED << SLAP_CH_CONTINUATION_SHIFT)
+#define SLAP_CH_CONTINUATION_DEFAULT (SLAP_CHAINING_DEFAULT << SLAP_CH_CONTINUATION_SHIFT)
+
+#define o_chaining o_ctrlflag[sc_chainingBehavior]
+#define get_chaining(op) ((op)->o_chaining & SLAP_CONTROL_MASK)
+#define get_chainingBehavior(op) ((op)->o_chaining & (SLAP_CH_RESOLVE_MASK|SLAP_CH_CONTINUATION_MASK))
+#define get_resolveBehavior(op) ((op)->o_chaining & SLAP_CH_RESOLVE_MASK)
+#define get_continuationBehavior(op) ((op)->o_chaining & SLAP_CH_CONTINUATION_MASK)
+
+static int sc_chainingBehavior;
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+typedef enum {
+ LDAP_CH_NONE = 0,
+ LDAP_CH_RES,
+ LDAP_CH_ERR
+} ldap_chain_status_t;
+static BackendInfo *lback;
+
+typedef struct ldap_chain_t {
+ /*
+ * A "template" ldapinfo_t gets all common configuration items;
+ * then, for each configured URI, an entry is created in the tree;
+ * all the specific configuration items get in the current URI
+ * structure.
+ *
+ * Then, for each referral, extract the URI and lookup the
+ * related structure. If configured to do so, allow URIs
+ * not found in the structure to create a temporary one
+ * that chains anonymously; maybe it can also be added to
+ * the tree? Should be all configurable.
+ */
+
+ /* "common" configuration info (anything occurring before an "uri") */
+ ldapinfo_t *lc_common_li;
+
+ /* current configuration info */
+ ldapinfo_t *lc_cfg_li;
+
+ /* tree of configured[/generated?] "uri" info */
+ ldap_avl_info_t lc_lai;
+
+ /* max depth in nested referrals chaining */
+ int lc_max_depth;
+
+ unsigned lc_flags;
+#define LDAP_CHAIN_F_NONE (0x00U)
+#define LDAP_CHAIN_F_CHAINING (0x01U)
+#define LDAP_CHAIN_F_CACHE_URI (0x02U)
+#define LDAP_CHAIN_F_RETURN_ERR (0x04U)
+
+#define LDAP_CHAIN_ISSET(lc, f) ( ( (lc)->lc_flags & (f) ) == (f) )
+#define LDAP_CHAIN_CHAINING( lc ) LDAP_CHAIN_ISSET( (lc), LDAP_CHAIN_F_CHAINING )
+#define LDAP_CHAIN_CACHE_URI( lc ) LDAP_CHAIN_ISSET( (lc), LDAP_CHAIN_F_CACHE_URI )
+#define LDAP_CHAIN_RETURN_ERR( lc ) LDAP_CHAIN_ISSET( (lc), LDAP_CHAIN_F_RETURN_ERR )
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ LDAPControl lc_chaining_ctrl;
+ char lc_chaining_ctrlflag;
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+} ldap_chain_t;
+
+static int ldap_chain_db_init_common( BackendDB *be );
+static int ldap_chain_db_init_one( BackendDB *be );
+static int ldap_chain_db_open_one( BackendDB *be );
+#define ldap_chain_db_close_one(be) (0)
+#define ldap_chain_db_destroy_one(be) (lback)->bi_db_destroy( (be) )
+
+typedef struct ldap_chain_cb_t {
+ ldap_chain_status_t lb_status;
+ ldap_chain_t *lb_lc;
+ BI_op_func *lb_op_f;
+ int lb_depth;
+} ldap_chain_cb_t;
+
+static int
+ldap_chain_op(
+ Operation *op,
+ SlapReply *rs,
+ BI_op_func *op_f,
+ BerVarray ref,
+ int depth );
+
+static int
+ldap_chain_search(
+ Operation *op,
+ SlapReply *rs,
+ BerVarray ref,
+ int depth );
+
+static slap_overinst ldapchain;
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+static int
+chaining_control_add(
+ ldap_chain_t *lc,
+ Operation *op,
+ LDAPControl ***oldctrlsp )
+{
+ LDAPControl **ctrls = NULL;
+ int c = 0;
+
+ *oldctrlsp = op->o_ctrls;
+
+ /* default chaining control not defined */
+ if ( !LDAP_CHAIN_CHAINING( lc ) ) {
+ return 0;
+ }
+
+ /* already present */
+ if ( get_chaining( op ) > SLAP_CONTROL_IGNORED ) {
+ return 0;
+ }
+
+ /* FIXME: check other incompatibilities */
+
+ /* add to other controls */
+ if ( op->o_ctrls ) {
+ for ( c = 0; op->o_ctrls[ c ]; c++ )
+ /* count them */ ;
+ }
+
+ ctrls = ch_calloc( sizeof( LDAPControl *), c + 2 );
+ ctrls[ 0 ] = &lc->lc_chaining_ctrl;
+ if ( op->o_ctrls ) {
+ for ( c = 0; op->o_ctrls[ c ]; c++ ) {
+ ctrls[ c + 1 ] = op->o_ctrls[ c ];
+ }
+ }
+ ctrls[ c + 1 ] = NULL;
+
+ op->o_ctrls = ctrls;
+
+ op->o_chaining = lc->lc_chaining_ctrlflag;
+
+ return 0;
+}
+
+static int
+chaining_control_remove(
+ Operation *op,
+ LDAPControl ***oldctrlsp )
+{
+ LDAPControl **oldctrls = *oldctrlsp;
+
+ /* we assume that the first control is the chaining control
+ * added by the chain overlay, so it's the only one we explicitly
+ * free */
+ if ( op->o_ctrls != oldctrls ) {
+ assert( op->o_ctrls != NULL );
+ assert( op->o_ctrls[ 0 ] != NULL );
+
+ free( op->o_ctrls );
+
+ op->o_chaining = 0;
+ op->o_ctrls = oldctrls;
+ }
+
+ *oldctrlsp = NULL;
+
+ return 0;
+}
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+static int
+ldap_chain_uri_cmp( const void *c1, const void *c2 )
+{
+ const ldapinfo_t *li1 = (const ldapinfo_t *)c1;
+ const ldapinfo_t *li2 = (const ldapinfo_t *)c2;
+
+ assert( li1->li_bvuri != NULL );
+ assert( !BER_BVISNULL( &li1->li_bvuri[ 0 ] ) );
+ assert( BER_BVISNULL( &li1->li_bvuri[ 1 ] ) );
+
+ assert( li2->li_bvuri != NULL );
+ assert( !BER_BVISNULL( &li2->li_bvuri[ 0 ] ) );
+ assert( BER_BVISNULL( &li2->li_bvuri[ 1 ] ) );
+
+ /* If local DNs don't match, it is definitely not a match */
+ return ber_bvcmp( &li1->li_bvuri[ 0 ], &li2->li_bvuri[ 0 ] );
+}
+
+static int
+ldap_chain_uri_dup( void *c1, void *c2 )
+{
+ ldapinfo_t *li1 = (ldapinfo_t *)c1;
+ ldapinfo_t *li2 = (ldapinfo_t *)c2;
+
+ assert( li1->li_bvuri != NULL );
+ assert( !BER_BVISNULL( &li1->li_bvuri[ 0 ] ) );
+ assert( BER_BVISNULL( &li1->li_bvuri[ 1 ] ) );
+
+ assert( li2->li_bvuri != NULL );
+ assert( !BER_BVISNULL( &li2->li_bvuri[ 0 ] ) );
+ assert( BER_BVISNULL( &li2->li_bvuri[ 1 ] ) );
+
+ /* Cannot have more than one shared session with same DN */
+ if ( ber_bvcmp( &li1->li_bvuri[ 0 ], &li2->li_bvuri[ 0 ] ) == 0 ) {
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * Search specific response that strips entryDN from entries
+ */
+static int
+ldap_chain_cb_search_response( Operation *op, SlapReply *rs )
+{
+ ldap_chain_cb_t *lb = (ldap_chain_cb_t *)op->o_callback->sc_private;
+
+ assert( op->o_tag == LDAP_REQ_SEARCH );
+
+ /* if in error, don't proceed any further */
+ if ( lb->lb_status == LDAP_CH_ERR ) {
+ return 0;
+ }
+
+ if ( rs->sr_type == REP_SEARCH ) {
+ Attribute **ap = &rs->sr_entry->e_attrs;
+
+ for ( ; *ap != NULL; ap = &(*ap)->a_next ) {
+ /* will be generated later by frontend
+ * (a cleaner solution would be that
+ * the frontend checks if it already exists */
+ if ( ad_cmp( (*ap)->a_desc, slap_schema.si_ad_entryDN ) == 0 )
+ {
+ Attribute *a = *ap;
+
+ *ap = (*ap)->a_next;
+ attr_free( a );
+
+ /* there SHOULD be one only! */
+ break;
+ }
+ }
+
+ /* tell the frontend not to add generated
+ * operational attributes */
+ rs->sr_flags |= REP_NO_OPERATIONALS;
+
+ return SLAP_CB_CONTINUE;
+
+ } else if ( rs->sr_type == REP_SEARCHREF ) {
+ /* if we get it here, it means the library was unable
+ * to chase the referral... */
+ if ( lb->lb_depth < lb->lb_lc->lc_max_depth && rs->sr_ref != NULL ) {
+ rs->sr_err = ldap_chain_search( op, rs, rs->sr_ref, lb->lb_depth );
+ }
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ if ( rs->sr_err == LDAP_REFERRAL && get_chaining( op ) > SLAP_CONTROL_IGNORED ) {
+ switch ( get_continuationBehavior( op ) ) {
+ case SLAP_CH_RESOLVE_CHAINING_REQUIRED:
+ lb->lb_status = LDAP_CH_ERR;
+ return rs->sr_err = LDAP_X_CANNOT_CHAIN;
+
+ default:
+ break;
+ }
+ }
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+ return SLAP_CB_CONTINUE;
+
+ } else if ( rs->sr_type == REP_RESULT ) {
+ if ( rs->sr_err == LDAP_REFERRAL
+ && lb->lb_depth < lb->lb_lc->lc_max_depth
+ && rs->sr_ref != NULL )
+ {
+ rs->sr_err = ldap_chain_op( op, rs, lb->lb_op_f, rs->sr_ref, lb->lb_depth );
+ }
+
+ /* back-ldap tried to send result */
+ lb->lb_status = LDAP_CH_RES;
+ }
+
+ return 0;
+}
+
+/*
+ * Dummy response that simply traces if back-ldap tried to send
+ * anything to the client
+ */
+static int
+ldap_chain_cb_response( Operation *op, SlapReply *rs )
+{
+ ldap_chain_cb_t *lb = (ldap_chain_cb_t *)op->o_callback->sc_private;
+
+ /* if in error, don't proceed any further */
+ if ( lb->lb_status == LDAP_CH_ERR ) {
+ return 0;
+ }
+
+ if ( rs->sr_type == REP_RESULT ) {
+retry:;
+ switch ( rs->sr_err ) {
+ case LDAP_COMPARE_TRUE:
+ case LDAP_COMPARE_FALSE:
+ if ( op->o_tag != LDAP_REQ_COMPARE ) {
+ return rs->sr_err;
+ }
+ /* fallthru */
+
+ case LDAP_SUCCESS:
+ lb->lb_status = LDAP_CH_RES;
+ break;
+
+ case LDAP_REFERRAL:
+ if ( lb->lb_depth < lb->lb_lc->lc_max_depth && rs->sr_ref != NULL ) {
+ rs->sr_err = ldap_chain_op( op, rs, lb->lb_op_f, rs->sr_ref, lb->lb_depth );
+ goto retry;
+ }
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ if ( get_chaining( op ) > SLAP_CONTROL_IGNORED ) {
+ switch ( get_continuationBehavior( op ) ) {
+ case SLAP_CH_RESOLVE_CHAINING_REQUIRED:
+ lb->lb_status = LDAP_CH_ERR;
+ return rs->sr_err = LDAP_X_CANNOT_CHAIN;
+
+ default:
+ break;
+ }
+ }
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+ break;
+
+ default:
+ return rs->sr_err;
+ }
+
+ } else if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_SEARCH )
+ {
+ /* strip the entryDN attribute, but keep returning results */
+ (void)ldap_chain_cb_search_response( op, rs );
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+ldap_chain_op(
+ Operation *op,
+ SlapReply *rs,
+ BI_op_func *op_f,
+ BerVarray ref,
+ int depth )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ ldap_chain_cb_t *lb = (ldap_chain_cb_t *)op->o_callback->sc_private;
+ ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
+ ldapinfo_t li = { 0 }, *lip = NULL;
+ struct berval bvuri[ 2 ] = { { 0 } };
+
+ /* NOTE: returned if ref is empty... */
+ int rc = LDAP_OTHER,
+ first_rc;
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ LDAPControl **ctrls = NULL;
+
+ (void)chaining_control_add( lc, op, &ctrls );
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+ li.li_bvuri = bvuri;
+ first_rc = -1;
+ for ( ; !BER_BVISNULL( ref ); ref++ ) {
+ SlapReply rs2 = { 0 };
+ LDAPURLDesc *srv = NULL;
+ struct berval save_req_dn = op->o_req_dn,
+ save_req_ndn = op->o_req_ndn,
+ dn,
+ pdn = BER_BVNULL,
+ ndn = BER_BVNULL;
+ int temporary = 0;
+
+ /* We're setting the URI of the first referral;
+ * what if there are more?
+
+Document: RFC 4511
+
+4.1.10. Referral
+ ...
+ If the client wishes to progress the operation, it MUST follow the
+ referral by contacting one of the supported services. If multiple
+ URIs are present, the client assumes that any supported URI may be
+ used to progress the operation.
+
+ * so we actually need to follow exactly one,
+ * and we can assume any is fine.
+ */
+
+ /* parse reference and use
+ * proto://[host][:port]/ only */
+ rc = ldap_url_parse_ext( ref->bv_val, &srv );
+ if ( rc != LDAP_URL_SUCCESS ) {
+ /* try next */
+ rc = LDAP_OTHER;
+ continue;
+ }
+
+ /* normalize DN */
+ ber_str2bv( srv->lud_dn, 0, 0, &dn );
+ rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, op->o_tmpmemctx );
+ if ( rc == LDAP_SUCCESS ) {
+ /* remove DN essentially because later on
+ * ldap_initialize() will parse the URL
+ * as a comma-separated URL list */
+ srv->lud_dn = "";
+ srv->lud_scope = LDAP_SCOPE_DEFAULT;
+ li.li_uri = ldap_url_desc2str( srv );
+ srv->lud_dn = dn.bv_val;
+ }
+ ldap_free_urldesc( srv );
+
+ if ( rc != LDAP_SUCCESS ) {
+ /* try next */
+ rc = LDAP_OTHER;
+ continue;
+ }
+
+ if ( li.li_uri == NULL ) {
+ /* try next */
+ rc = LDAP_OTHER;
+ goto further_cleanup;
+ }
+
+ op->o_req_dn = pdn;
+ op->o_req_ndn = ndn;
+
+ ber_str2bv( li.li_uri, 0, 0, &li.li_bvuri[ 0 ] );
+
+ /* Searches for a ldapinfo in the avl tree */
+ ldap_pvt_thread_mutex_lock( &lc->lc_lai.lai_mutex );
+ lip = (ldapinfo_t *)avl_find( lc->lc_lai.lai_tree,
+ (caddr_t)&li, ldap_chain_uri_cmp );
+ ldap_pvt_thread_mutex_unlock( &lc->lc_lai.lai_mutex );
+
+ if ( lip != NULL ) {
+ op->o_bd->be_private = (void *)lip;
+
+ } else {
+ rc = ldap_chain_db_init_one( op->o_bd );
+ if ( rc != 0 ) {
+ goto cleanup;
+ }
+ lip = (ldapinfo_t *)op->o_bd->be_private;
+ lip->li_uri = li.li_uri;
+ lip->li_bvuri = bvuri;
+ rc = ldap_chain_db_open_one( op->o_bd );
+ if ( rc != 0 ) {
+ lip->li_uri = NULL;
+ lip->li_bvuri = NULL;
+ (void)ldap_chain_db_destroy_one( op->o_bd );
+ goto cleanup;
+ }
+
+ if ( LDAP_CHAIN_CACHE_URI( lc ) ) {
+ ldap_pvt_thread_mutex_lock( &lc->lc_lai.lai_mutex );
+ if ( avl_insert( &lc->lc_lai.lai_tree,
+ (caddr_t)lip, ldap_chain_uri_cmp, ldap_chain_uri_dup ) )
+ {
+ /* someone just inserted another;
+ * don't bother, use this and then
+ * just free it */
+ temporary = 1;
+ }
+ ldap_pvt_thread_mutex_unlock( &lc->lc_lai.lai_mutex );
+
+ } else {
+ temporary = 1;
+ }
+ }
+
+ lb->lb_op_f = op_f;
+ lb->lb_depth = depth + 1;
+
+ rc = op_f( op, &rs2 );
+
+ /* note the first error */
+ if ( first_rc == -1 ) {
+ first_rc = rc;
+ }
+
+cleanup:;
+ ldap_memfree( li.li_uri );
+ li.li_uri = NULL;
+
+ if ( temporary ) {
+ lip->li_uri = NULL;
+ lip->li_bvuri = NULL;
+ (void)ldap_chain_db_close_one( op->o_bd );
+ (void)ldap_chain_db_destroy_one( op->o_bd );
+ }
+
+further_cleanup:;
+ if ( !BER_BVISNULL( &pdn ) ) {
+ op->o_tmpfree( pdn.bv_val, op->o_tmpmemctx );
+ }
+ op->o_req_dn = save_req_dn;
+
+ if ( !BER_BVISNULL( &ndn ) ) {
+ op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
+ }
+ op->o_req_ndn = save_req_ndn;
+
+ if ( rc == LDAP_SUCCESS && rs2.sr_err == LDAP_SUCCESS ) {
+ *rs = rs2;
+ break;
+ }
+
+ rc = rs2.sr_err;
+ }
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ (void)chaining_control_remove( op, &ctrls );
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+ if ( rc != LDAP_SUCCESS && first_rc > 0 ) {
+ rc = first_rc;
+ }
+
+ return rc;
+}
+
+static int
+ldap_chain_search(
+ Operation *op,
+ SlapReply *rs,
+ BerVarray ref,
+ int depth )
+
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ ldap_chain_cb_t *lb = (ldap_chain_cb_t *)op->o_callback->sc_private;
+ ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
+ ldapinfo_t li = { 0 }, *lip = NULL;
+ struct berval bvuri[ 2 ] = { { 0 } };
+
+ struct berval odn = op->o_req_dn,
+ ondn = op->o_req_ndn;
+ slap_response *save_response = op->o_callback->sc_response;
+
+ int rc = LDAP_OTHER,
+ first_rc = -1;
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ LDAPControl **ctrls = NULL;
+
+ (void)chaining_control_add( lc, op, &ctrls );
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+ rs->sr_type = REP_SEARCH;
+
+ op->o_callback->sc_response = ldap_chain_cb_search_response;
+
+ /* if we parse the URI then by no means
+ * we can cache stuff or reuse connections,
+ * because in back-ldap there's no caching
+ * based on the URI value, which is supposed
+ * to be set once for all (correct?) */
+ li.li_bvuri = bvuri;
+ for ( ; !BER_BVISNULL( &ref[0] ); ref++ ) {
+ SlapReply rs2 = { 0 };
+ LDAPURLDesc *srv;
+ struct berval save_req_dn = op->o_req_dn,
+ save_req_ndn = op->o_req_ndn,
+ dn,
+ pdn = BER_BVNULL,
+ ndn = BER_BVNULL;
+ int temporary = 0;
+
+ /* parse reference and use
+ * proto://[host][:port]/ only */
+ rc = ldap_url_parse_ext( ref[0].bv_val, &srv );
+ if ( rc != LDAP_URL_SUCCESS ) {
+ /* try next */
+ rs->sr_err = LDAP_OTHER;
+ continue;
+ }
+
+ /* normalize DN */
+ ber_str2bv( srv->lud_dn, 0, 0, &dn );
+ rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, op->o_tmpmemctx );
+ if ( rc == LDAP_SUCCESS ) {
+ /* remove DN essentially because later on
+ * ldap_initialize() will parse the URL
+ * as a comma-separated URL list */
+ srv->lud_dn = "";
+ srv->lud_scope = LDAP_SCOPE_DEFAULT;
+ li.li_uri = ldap_url_desc2str( srv );
+ srv->lud_dn = dn.bv_val;
+ }
+ ldap_free_urldesc( srv );
+
+ if ( rc != LDAP_SUCCESS ) {
+ /* try next */
+ rc = LDAP_OTHER;
+ continue;
+ }
+
+ if ( li.li_uri == NULL ) {
+ /* try next */
+ rc = LDAP_OTHER;
+ goto further_cleanup;
+ }
+
+ op->o_req_dn = pdn;
+ op->o_req_ndn = ndn;
+
+ ber_str2bv( li.li_uri, 0, 0, &li.li_bvuri[ 0 ] );
+
+ /* Searches for a ldapinfo in the avl tree */
+ ldap_pvt_thread_mutex_lock( &lc->lc_lai.lai_mutex );
+ lip = (ldapinfo_t *)avl_find( lc->lc_lai.lai_tree,
+ (caddr_t)&li, ldap_chain_uri_cmp );
+ ldap_pvt_thread_mutex_unlock( &lc->lc_lai.lai_mutex );
+
+ if ( lip != NULL ) {
+ op->o_bd->be_private = (void *)lip;
+
+ } else {
+ /* if none is found, create a temporary... */
+ rc = ldap_chain_db_init_one( op->o_bd );
+ if ( rc != 0 ) {
+ goto cleanup;
+ }
+ lip = (ldapinfo_t *)op->o_bd->be_private;
+ lip->li_uri = li.li_uri;
+ lip->li_bvuri = bvuri;
+ rc = ldap_chain_db_open_one( op->o_bd );
+ if ( rc != 0 ) {
+ lip->li_uri = NULL;
+ lip->li_bvuri = NULL;
+ (void)ldap_chain_db_destroy_one( op->o_bd );
+ goto cleanup;
+ }
+
+ if ( LDAP_CHAIN_CACHE_URI( lc ) ) {
+ ldap_pvt_thread_mutex_lock( &lc->lc_lai.lai_mutex );
+ if ( avl_insert( &lc->lc_lai.lai_tree,
+ (caddr_t)lip, ldap_chain_uri_cmp, ldap_chain_uri_dup ) )
+ {
+ /* someone just inserted another;
+ * don't bother, use this and then
+ * just free it */
+ temporary = 1;
+ }
+ ldap_pvt_thread_mutex_unlock( &lc->lc_lai.lai_mutex );
+
+ } else {
+ temporary = 1;
+ }
+ }
+
+ lb->lb_op_f = lback->bi_op_search;
+ lb->lb_depth = depth + 1;
+
+ /* FIXME: should we also copy filter and scope?
+ * according to RFC3296, no */
+ rc = lback->bi_op_search( op, &rs2 );
+ if ( first_rc == -1 ) {
+ first_rc = rc;
+ }
+
+cleanup:;
+ ldap_memfree( li.li_uri );
+ li.li_uri = NULL;
+
+ op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+
+ if ( temporary ) {
+ lip->li_uri = NULL;
+ lip->li_bvuri = NULL;
+ (void)ldap_chain_db_close_one( op->o_bd );
+ (void)ldap_chain_db_destroy_one( op->o_bd );
+ }
+
+further_cleanup:;
+ if ( !BER_BVISNULL( &pdn ) ) {
+ op->o_tmpfree( pdn.bv_val, op->o_tmpmemctx );
+ }
+ op->o_req_dn = save_req_dn;
+
+ if ( !BER_BVISNULL( &ndn ) ) {
+ op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
+ }
+ op->o_req_ndn = save_req_ndn;
+
+ if ( rc == LDAP_SUCCESS && rs2.sr_err == LDAP_SUCCESS ) {
+ *rs = rs2;
+ break;
+ }
+
+ rc = rs2.sr_err;
+ }
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ (void)chaining_control_remove( op, &ctrls );
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+ op->o_req_dn = odn;
+ op->o_req_ndn = ondn;
+ op->o_callback->sc_response = save_response;
+ rs->sr_type = REP_SEARCHREF;
+ rs->sr_entry = NULL;
+
+ if ( rc != LDAP_SUCCESS ) {
+ /* couldn't chase any of the referrals */
+ if ( first_rc != -1 ) {
+ rc = first_rc;
+
+ } else {
+ rc = SLAP_CB_CONTINUE;
+ }
+ }
+
+ return rc;
+}
+
+static int
+ldap_chain_response( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
+ BackendDB db, *bd = op->o_bd;
+ ldap_chain_cb_t lb = { 0 };
+ slap_callback *sc = op->o_callback,
+ sc2 = { 0 };
+ int rc = 0;
+ char *text = NULL;
+ const char *matched;
+ BerVarray ref;
+ struct berval ndn = op->o_ndn;
+
+ int sr_err = rs->sr_err;
+ slap_reply_t sr_type = rs->sr_type;
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ slap_mask_t chain_mask = 0;
+ ber_len_t chain_shift = 0;
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+ if ( rs->sr_err != LDAP_REFERRAL && rs->sr_type != REP_SEARCHREF ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ if ( rs->sr_err == LDAP_REFERRAL && get_chaining( op ) > SLAP_CONTROL_IGNORED ) {
+ switch ( get_resolveBehavior( op ) ) {
+ case SLAP_CH_RESOLVE_REFERRALS_PREFERRED:
+ case SLAP_CH_RESOLVE_REFERRALS_REQUIRED:
+ return SLAP_CB_CONTINUE;
+
+ default:
+ chain_mask = SLAP_CH_RESOLVE_MASK;
+ chain_shift = SLAP_CH_RESOLVE_SHIFT;
+ break;
+ }
+
+ } else if ( rs->sr_type == REP_SEARCHREF && get_chaining( op ) > SLAP_CONTROL_IGNORED ) {
+ switch ( get_continuationBehavior( op ) ) {
+ case SLAP_CH_CONTINUATION_REFERRALS_PREFERRED:
+ case SLAP_CH_CONTINUATION_REFERRALS_REQUIRED:
+ return SLAP_CB_CONTINUE;
+
+ default:
+ chain_mask = SLAP_CH_CONTINUATION_MASK;
+ chain_shift = SLAP_CH_CONTINUATION_SHIFT;
+ break;
+ }
+ }
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+ /*
+ * TODO: add checks on who/when chain operations; e.g.:
+ * a) what identities are authorized
+ * b) what request DN (e.g. only chain requests rooted at <DN>)
+ * c) what referral URIs
+ * d) what protocol scheme (e.g. only ldaps://)
+ * e) what ssf
+ */
+
+ db = *op->o_bd;
+ op->o_bd = &db;
+
+ text = rs->sr_text;
+ rs->sr_text = NULL;
+ matched = rs->sr_matched;
+ rs->sr_matched = NULL;
+ ref = rs->sr_ref;
+ rs->sr_ref = NULL;
+
+ /* we need this to know if back-ldap returned any result */
+ lb.lb_lc = lc;
+ sc2.sc_private = &lb;
+ sc2.sc_response = ldap_chain_cb_response;
+ op->o_callback = &sc2;
+
+ /* Chaining can be performed by a privileged user on behalf
+ * of normal users, using the ProxyAuthz control, by exploiting
+ * the identity assertion feature of back-ldap; see idassert-*
+ * directives in slapd-ldap(5).
+ *
+ * FIXME: the idassert-authcDN is one, will it be fine regardless
+ * of the URI we obtain from the referral?
+ */
+
+ switch ( op->o_tag ) {
+ case LDAP_REQ_BIND: {
+ struct berval rndn = op->o_req_ndn;
+ Connection *conn = op->o_conn;
+
+ /* FIXME: can we really get a referral for binds? */
+ op->o_req_ndn = slap_empty_bv;
+ op->o_conn = NULL;
+ rc = ldap_chain_op( op, rs, lback->bi_op_bind, ref, 0 );
+ op->o_req_ndn = rndn;
+ op->o_conn = conn;
+ }
+ break;
+
+ case LDAP_REQ_ADD:
+ rc = ldap_chain_op( op, rs, lback->bi_op_add, ref, 0 );
+ break;
+
+ case LDAP_REQ_DELETE:
+ rc = ldap_chain_op( op, rs, lback->bi_op_delete, ref, 0 );
+ break;
+
+ case LDAP_REQ_MODRDN:
+ rc = ldap_chain_op( op, rs, lback->bi_op_modrdn, ref, 0 );
+ break;
+
+ case LDAP_REQ_MODIFY:
+ rc = ldap_chain_op( op, rs, lback->bi_op_modify, ref, 0 );
+ break;
+
+ case LDAP_REQ_COMPARE:
+ rc = ldap_chain_op( op, rs, lback->bi_op_compare, ref, 0 );
+ if ( rs->sr_err == LDAP_COMPARE_TRUE || rs->sr_err == LDAP_COMPARE_FALSE ) {
+ rc = LDAP_SUCCESS;
+ }
+ break;
+
+ case LDAP_REQ_SEARCH:
+ if ( rs->sr_type == REP_SEARCHREF ) {
+ rc = ldap_chain_search( op, rs, ref, 0 );
+
+ } else {
+ /* we might get here before any database actually
+ * performed a search; in those cases, we need
+ * to check limits, to make sure safe defaults
+ * are in place */
+ if ( op->ors_limit != NULL || limits_check( op, rs ) == 0 ) {
+ rc = ldap_chain_op( op, rs, lback->bi_op_search, ref, 0 );
+
+ } else {
+ rc = SLAP_CB_CONTINUE;
+ }
+ }
+ break;
+
+ case LDAP_REQ_EXTENDED:
+ rc = ldap_chain_op( op, rs, lback->bi_extended, ref, 0 );
+ /* FIXME: ldap_back_extended() by design
+ * doesn't send result; frontend is expected
+ * to send it... */
+ /* FIXME: what about chaining? */
+ if ( rc != SLAPD_ABANDON ) {
+ send_ldap_extended( op, rs );
+ rc = LDAP_SUCCESS;
+ }
+ lb.lb_status = LDAP_CH_RES;
+ break;
+
+ default:
+ rc = SLAP_CB_CONTINUE;
+ break;
+ }
+
+ switch ( rc ) {
+ case SLAPD_ABANDON:
+ goto dont_chain;
+
+ case LDAP_SUCCESS:
+ case LDAP_REFERRAL:
+ /* slapd-ldap sent response */
+ if ( !op->o_abandon && lb.lb_status != LDAP_CH_RES ) {
+ /* FIXME: should we send response? */
+ Debug( LDAP_DEBUG_ANY,
+ "%s: ldap_chain_response: "
+ "overlay should have sent result.\n",
+ op->o_log_prefix, 0, 0 );
+ }
+ break;
+
+ default:
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ if ( lb.lb_status == LDAP_CH_ERR && rs->sr_err == LDAP_X_CANNOT_CHAIN ) {
+ goto cannot_chain;
+ }
+
+ switch ( ( get_chainingBehavior( op ) & chain_mask ) >> chain_shift ) {
+ case LDAP_CHAINING_REQUIRED:
+cannot_chain:;
+ op->o_callback = NULL;
+ send_ldap_error( op, rs, LDAP_X_CANNOT_CHAIN,
+ "operation cannot be completed without chaining" );
+ goto dont_chain;
+
+ default:
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+ if ( LDAP_CHAIN_RETURN_ERR( lc ) ) {
+ rs->sr_err = rc;
+ rs->sr_type = sr_type;
+
+ } else {
+ rc = SLAP_CB_CONTINUE;
+ rs->sr_err = sr_err;
+ rs->sr_type = sr_type;
+ rs->sr_text = text;
+ rs->sr_matched = matched;
+ rs->sr_ref = ref;
+ }
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ break;
+ }
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+ }
+
+ if ( lb.lb_status == LDAP_CH_NONE && rc != SLAPD_ABANDON ) {
+ op->o_callback = NULL;
+ rc = rs->sr_err = slap_map_api2result( rs );
+ send_ldap_result( op, rs );
+ }
+
+dont_chain:;
+ rs->sr_err = sr_err;
+ rs->sr_type = sr_type;
+ rs->sr_text = text;
+ rs->sr_matched = matched;
+ rs->sr_ref = ref;
+ op->o_bd = bd;
+ op->o_callback = sc;
+ op->o_ndn = ndn;
+
+ return rc;
+}
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+static int
+ldap_chain_parse_ctrl(
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl );
+
+static int
+str2chain( const char *s )
+{
+ if ( strcasecmp( s, "chainingPreferred" ) == 0 ) {
+ return LDAP_CHAINING_PREFERRED;
+
+ } else if ( strcasecmp( s, "chainingRequired" ) == 0 ) {
+ return LDAP_CHAINING_REQUIRED;
+
+ } else if ( strcasecmp( s, "referralsPreferred" ) == 0 ) {
+ return LDAP_REFERRALS_PREFERRED;
+
+ } else if ( strcasecmp( s, "referralsRequired" ) == 0 ) {
+ return LDAP_REFERRALS_REQUIRED;
+ }
+
+ return -1;
+}
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+/*
+ * configuration...
+ */
+
+enum {
+ CH_CHAINING = 1,
+ CH_CACHE_URI,
+ CH_MAX_DEPTH,
+ CH_RETURN_ERR,
+
+ CH_LAST
+};
+
+static ConfigDriver chain_cf_gen;
+static ConfigCfAdd chain_cfadd;
+static ConfigLDAPadd chain_ldadd;
+
+static ConfigTable chaincfg[] = {
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ { "chain-chaining", "args",
+ 2, 4, 0, ARG_MAGIC|ARG_BERVAL|CH_CHAINING, chain_cf_gen,
+ "( OLcfgOvAt:3.1 NAME 'olcChainingBehavior' "
+ "DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chaining)' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+ { "chain-cache-uri", "TRUE/FALSE",
+ 2, 2, 0, ARG_MAGIC|ARG_ON_OFF|CH_CACHE_URI, chain_cf_gen,
+ "( OLcfgOvAt:3.2 NAME 'olcChainCacheURI' "
+ "DESC 'Enables caching of URIs not present in configuration' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { "chain-max-depth", "args",
+ 2, 2, 0, ARG_MAGIC|ARG_INT|CH_MAX_DEPTH, chain_cf_gen,
+ "( OLcfgOvAt:3.3 NAME 'olcChainMaxReferralDepth' "
+ "DESC 'max referral depth' "
+ "SYNTAX OMsInteger "
+ "EQUALITY integerMatch "
+ "SINGLE-VALUE )", NULL, NULL },
+ { "chain-return-error", "TRUE/FALSE",
+ 2, 2, 0, ARG_MAGIC|ARG_ON_OFF|CH_RETURN_ERR, chain_cf_gen,
+ "( OLcfgOvAt:3.4 NAME 'olcChainReturnError' "
+ "DESC 'Errors are returned instead of the original referral' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs chainocs[] = {
+ { "( OLcfgOvOc:3.1 "
+ "NAME 'olcChainConfig' "
+ "DESC 'Chain configuration' "
+ "SUP olcOverlayConfig "
+ "MAY ( "
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ "olcChainingBehavior $ "
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+ "olcChainCacheURI $ "
+ "olcChainMaxReferralDepth $ "
+ "olcChainReturnError "
+ ") )",
+ Cft_Overlay, chaincfg, NULL, chain_cfadd },
+ { "( OLcfgOvOc:3.2 "
+ "NAME 'olcChainDatabase' "
+ "DESC 'Chain remote server configuration' "
+ "AUXILIARY )",
+ Cft_Misc, chaincfg, chain_ldadd },
+ { NULL, 0, NULL }
+};
+
+static int
+chain_ldadd( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
+{
+ slap_overinst *on;
+ ldap_chain_t *lc;
+
+ ldapinfo_t *li;
+
+ AttributeDescription *ad = NULL;
+ Attribute *at;
+ const char *text;
+
+ int rc;
+
+ if ( p->ce_type != Cft_Overlay
+ || !p->ce_bi
+ || p->ce_bi->bi_cf_ocs != chainocs )
+ {
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+
+ on = (slap_overinst *)p->ce_bi;
+ lc = (ldap_chain_t *)on->on_bi.bi_private;
+
+ assert( ca->be == NULL );
+ ca->be = (BackendDB *)ch_calloc( 1, sizeof( BackendDB ) );
+
+ ca->be->bd_info = (BackendInfo *)on;
+
+ rc = slap_str2ad( "olcDbURI", &ad, &text );
+ assert( rc == LDAP_SUCCESS );
+
+ at = attr_find( e->e_attrs, ad );
+ if ( lc->lc_common_li == NULL && at != NULL ) {
+ /* FIXME: we should generate an empty default entry
+ * if none is supplied */
+ Debug( LDAP_DEBUG_ANY, "slapd-chain: "
+ "first underlying database \"%s\" "
+ "cannot contain attribute \"%s\".\n",
+ e->e_name.bv_val, ad->ad_cname.bv_val, 0 );
+ rc = LDAP_CONSTRAINT_VIOLATION;
+ goto done;
+
+ } else if ( lc->lc_common_li != NULL && at == NULL ) {
+ /* FIXME: we should generate an empty default entry
+ * if none is supplied */
+ Debug( LDAP_DEBUG_ANY, "slapd-chain: "
+ "subsequent underlying database \"%s\" "
+ "must contain attribute \"%s\".\n",
+ e->e_name.bv_val, ad->ad_cname.bv_val, 0 );
+ rc = LDAP_CONSTRAINT_VIOLATION;
+ goto done;
+ }
+
+ if ( lc->lc_common_li == NULL ) {
+ rc = ldap_chain_db_init_common( ca->be );
+
+ } else {
+ rc = ldap_chain_db_init_one( ca->be );
+ }
+
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "slapd-chain: "
+ "unable to init %sunderlying database \"%s\".\n",
+ lc->lc_common_li == NULL ? "common " : "", e->e_name.bv_val, 0 );
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+
+ li = ca->be->be_private;
+
+ if ( lc->lc_common_li == NULL ) {
+ lc->lc_common_li = li;
+
+ } else {
+ li->li_uri = ch_strdup( at->a_vals[ 0 ].bv_val );
+ value_add_one( &li->li_bvuri, &at->a_vals[ 0 ] );
+ if ( avl_insert( &lc->lc_lai.lai_tree, (caddr_t)li,
+ ldap_chain_uri_cmp, ldap_chain_uri_dup ) )
+ {
+ Debug( LDAP_DEBUG_ANY, "slapd-chain: "
+ "database \"%s\" insert failed.\n",
+ e->e_name.bv_val, 0, 0 );
+ rc = LDAP_CONSTRAINT_VIOLATION;
+ goto done;
+ }
+ }
+
+done:;
+ if ( rc != LDAP_SUCCESS ) {
+ (void)ldap_chain_db_destroy_one( ca->be );
+ ch_free( ca->be );
+ ca->be = NULL;
+ }
+
+ return rc;
+}
+
+typedef struct ldap_chain_cfadd_apply_t {
+ Operation *op;
+ SlapReply *rs;
+ Entry *p;
+ ConfigArgs *ca;
+ int count;
+} ldap_chain_cfadd_apply_t;
+
+static int
+ldap_chain_cfadd_apply( void *datum, void *arg )
+{
+ ldapinfo_t *li = (ldapinfo_t *)datum;
+ ldap_chain_cfadd_apply_t *lca = (ldap_chain_cfadd_apply_t *)arg;
+
+ struct berval bv;
+
+ /* FIXME: should not hardcode "olcDatabase" here */
+ bv.bv_len = snprintf( lca->ca->msg, sizeof( lca->ca->msg ),
+ "olcDatabase={%d}%s", lca->count, lback->bi_type );
+ bv.bv_val = lca->ca->msg;
+
+ lca->ca->be->be_private = (void *)li;
+ config_build_entry( lca->op, lca->rs, lca->p->e_private, lca->ca,
+ &bv, lback->bi_cf_ocs, &chainocs[1] );
+
+ lca->count++;
+
+ return 0;
+}
+
+static int
+chain_cfadd( Operation *op, SlapReply *rs, Entry *p, ConfigArgs *ca )
+{
+ CfEntryInfo *pe = p->e_private;
+ slap_overinst *on = (slap_overinst *)pe->ce_bi;
+ ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
+ void *priv = (void *)ca->be->be_private;
+
+ if ( lback->bi_cf_ocs ) {
+ ldap_chain_cfadd_apply_t lca = { 0 };
+
+ lca.op = op;
+ lca.rs = rs;
+ lca.p = p;
+ lca.ca = ca;
+ lca.count = 0;
+
+ (void)ldap_chain_cfadd_apply( (void *)lc->lc_common_li, (void *)&lca );
+
+ (void)avl_apply( lc->lc_lai.lai_tree, ldap_chain_cfadd_apply,
+ &lca, 1, AVL_INORDER );
+
+ ca->be->be_private = priv;
+ }
+
+ return 0;
+}
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+static slap_verbmasks chaining_mode[] = {
+ { BER_BVC("referralsRequired"), LDAP_REFERRALS_REQUIRED },
+ { BER_BVC("referralsPreferred"), LDAP_REFERRALS_PREFERRED },
+ { BER_BVC("chainingRequired"), LDAP_CHAINING_REQUIRED },
+ { BER_BVC("chainingPreferred"), LDAP_CHAINING_PREFERRED },
+ { BER_BVNULL, 0 }
+};
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+static int
+chain_cf_gen( ConfigArgs *c )
+{
+ slap_overinst *on = (slap_overinst *)c->bi;
+ ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
+
+ int rc = 0;
+
+ if ( c->op == SLAP_CONFIG_EMIT ) {
+ switch( c->type ) {
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ case CH_CHAINING: {
+ struct berval resolve = BER_BVNULL,
+ continuation = BER_BVNULL;
+
+ if ( !LDAP_CHAIN_CHAINING( lc ) ) {
+ return 1;
+ }
+
+ enum_to_verb( chaining_mode, ( ( lc->lc_chaining_ctrlflag & SLAP_CH_RESOLVE_MASK ) >> SLAP_CH_RESOLVE_SHIFT ), &resolve );
+ enum_to_verb( chaining_mode, ( ( lc->lc_chaining_ctrlflag & SLAP_CH_CONTINUATION_MASK ) >> SLAP_CH_CONTINUATION_SHIFT ), &continuation );
+
+ c->value_bv.bv_len = STRLENOF( "resolve=" ) + resolve.bv_len
+ + STRLENOF( " " )
+ + STRLENOF( "continuation=" ) + continuation.bv_len;
+ c->value_bv.bv_val = ch_malloc( c->value_bv.bv_len + 1 );
+ snprintf( c->value_bv.bv_val, c->value_bv.bv_len + 1,
+ "resolve=%s continuation=%s",
+ resolve.bv_val, continuation.bv_val );
+
+ if ( lc->lc_chaining_ctrl.ldctl_iscritical ) {
+ c->value_bv.bv_val = ch_realloc( c->value_bv.bv_val,
+ c->value_bv.bv_len + STRLENOF( " critical" ) + 1 );
+ AC_MEMCPY( &c->value_bv.bv_val[ c->value_bv.bv_len ],
+ " critical", STRLENOF( " critical" ) + 1 );
+ c->value_bv.bv_len += STRLENOF( " critical" );
+ }
+
+ break;
+ }
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+ case CH_CACHE_URI:
+ c->value_int = LDAP_CHAIN_CACHE_URI( lc );
+ break;
+
+ case CH_MAX_DEPTH:
+ c->value_int = lc->lc_max_depth;
+ break;
+
+ case CH_RETURN_ERR:
+ c->value_int = LDAP_CHAIN_RETURN_ERR( lc );
+ break;
+
+ default:
+ assert( 0 );
+ rc = 1;
+ }
+ return rc;
+
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ switch( c->type ) {
+ case CH_CHAINING:
+ return 1;
+
+ case CH_CACHE_URI:
+ lc->lc_flags &= ~LDAP_CHAIN_F_CACHE_URI;
+ break;
+
+ case CH_MAX_DEPTH:
+ c->value_int = 0;
+ break;
+
+ case CH_RETURN_ERR:
+ lc->lc_flags &= ~LDAP_CHAIN_F_RETURN_ERR;
+ break;
+
+ default:
+ return 1;
+ }
+ return rc;
+ }
+
+ switch( c->type ) {
+ case CH_CHAINING: {
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ char **argv = c->argv;
+ int argc = c->argc;
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ int resolve = -1,
+ continuation = -1,
+ iscritical = 0;
+ Operation op = { 0 };
+ SlapReply rs = { 0 };
+
+ lc->lc_chaining_ctrlflag = 0;
+
+ for ( argc--, argv++; argc > 0; argc--, argv++ ) {
+ if ( strncasecmp( argv[ 0 ], "resolve=", STRLENOF( "resolve=" ) ) == 0 ) {
+ resolve = str2chain( argv[ 0 ] + STRLENOF( "resolve=" ) );
+ if ( resolve == -1 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: "
+ "illegal <resolve> value %s "
+ "in \"chain-chaining>\".\n",
+ c->log, argv[ 0 ], 0 );
+ return 1;
+ }
+
+ } else if ( strncasecmp( argv[ 0 ], "continuation=", STRLENOF( "continuation=" ) ) == 0 ) {
+ continuation = str2chain( argv[ 0 ] + STRLENOF( "continuation=" ) );
+ if ( continuation == -1 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: "
+ "illegal <continuation> value %s "
+ "in \"chain-chaining\".\n",
+ c->log, argv[ 0 ], 0 );
+ return 1;
+ }
+
+ } else if ( strcasecmp( argv[ 0 ], "critical" ) == 0 ) {
+ iscritical = 1;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY, "%s: "
+ "unknown option in \"chain-chaining\".\n",
+ c->log, 0, 0 );
+ return 1;
+ }
+ }
+
+ if ( resolve != -1 || continuation != -1 ) {
+ int err;
+
+ if ( resolve == -1 ) {
+ /* default */
+ resolve = SLAP_CHAINING_DEFAULT;
+ }
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+
+ err = ber_printf( ber, "{e" /* } */, resolve );
+ if ( err == -1 ) {
+ ber_free( ber, 1 );
+ Debug( LDAP_DEBUG_ANY, "%s: "
+ "chaining behavior control encoding error!\n",
+ c->log, 0, 0 );
+ return 1;
+ }
+
+ if ( continuation > -1 ) {
+ err = ber_printf( ber, "e", continuation );
+ if ( err == -1 ) {
+ ber_free( ber, 1 );
+ Debug( LDAP_DEBUG_ANY, "%s: "
+ "chaining behavior control encoding error!\n",
+ c->log, 0, 0 );
+ return 1;
+ }
+ }
+
+ err = ber_printf( ber, /* { */ "N}" );
+ if ( err == -1 ) {
+ ber_free( ber, 1 );
+ Debug( LDAP_DEBUG_ANY, "%s: "
+ "chaining behavior control encoding error!\n",
+ c->log, 0, 0 );
+ return 1;
+ }
+
+ if ( ber_flatten2( ber, &lc->lc_chaining_ctrl.ldctl_value, 0 ) == -1 ) {
+ exit( EXIT_FAILURE );
+ }
+
+ } else {
+ BER_BVZERO( &lc->lc_chaining_ctrl.ldctl_value );
+ }
+
+ lc->lc_chaining_ctrl.ldctl_oid = LDAP_CONTROL_X_CHAINING_BEHAVIOR;
+ lc->lc_chaining_ctrl.ldctl_iscritical = iscritical;
+
+ if ( ldap_chain_parse_ctrl( &op, &rs, &lc->lc_chaining_ctrl ) != LDAP_SUCCESS )
+ {
+ Debug( LDAP_DEBUG_ANY, "%s: "
+ "unable to parse chaining control%s%s.\n",
+ c->log, rs.sr_text ? ": " : "",
+ rs.sr_text ? rs.sr_text : "" );
+ return 1;
+ }
+
+ lc->lc_chaining_ctrlflag = op.o_chaining;
+
+ lc->lc_flags |= LDAP_CHAIN_F_CHAINING;
+
+ rc = 0;
+#else /* ! LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+ Debug( LDAP_DEBUG_ANY, "%s: "
+ "\"chaining\" control unsupported (ignored).\n",
+ c->log, 0, 0 );
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+ } break;
+
+ case CH_CACHE_URI:
+ if ( c->value_int ) {
+ lc->lc_flags |= LDAP_CHAIN_F_CACHE_URI;
+ } else {
+ lc->lc_flags &= ~LDAP_CHAIN_F_CACHE_URI;
+ }
+ break;
+
+ case CH_MAX_DEPTH:
+ if ( c->value_int < 0 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "<%s> invalid max referral depth %d",
+ c->argv[0], c->value_int );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ rc = 1;
+ break;
+ }
+ lc->lc_max_depth = c->value_int;
+
+ case CH_RETURN_ERR:
+ if ( c->value_int ) {
+ lc->lc_flags |= LDAP_CHAIN_F_RETURN_ERR;
+ } else {
+ lc->lc_flags &= ~LDAP_CHAIN_F_RETURN_ERR;
+ }
+ break;
+
+ default:
+ assert( 0 );
+ return 1;
+ }
+ return rc;
+}
+
+static int
+ldap_chain_db_init(
+ BackendDB *be )
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ ldap_chain_t *lc = NULL;
+
+ if ( lback == NULL ) {
+ static BackendInfo lback2;
+
+ lback = backend_info( "ldap" );
+
+ if ( lback == NULL ) {
+ return 1;
+ }
+
+ lback2 = *lback;
+ lback2.bi_type = ldapchain.on_bi.bi_type;
+ lback = &lback2;
+ }
+
+ lc = ch_malloc( sizeof( ldap_chain_t ) );
+ if ( lc == NULL ) {
+ return 1;
+ }
+ memset( lc, 0, sizeof( ldap_chain_t ) );
+ lc->lc_max_depth = 1;
+ ldap_pvt_thread_mutex_init( &lc->lc_lai.lai_mutex );
+
+ on->on_bi.bi_private = (void *)lc;
+
+ return 0;
+}
+
+static int
+ldap_chain_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
+
+ int rc = SLAP_CONF_UNKNOWN;
+
+ if ( lc->lc_common_li == NULL ) {
+ void *be_private = be->be_private;
+ ldap_chain_db_init_common( be );
+ lc->lc_common_li = lc->lc_cfg_li = (ldapinfo_t *)be->be_private;
+ be->be_private = be_private;
+ }
+
+ /* Something for the chain database? */
+ if ( strncasecmp( argv[ 0 ], "chain-", STRLENOF( "chain-" ) ) == 0 ) {
+ char *save_argv0 = argv[ 0 ];
+ BackendInfo *bd_info = be->bd_info;
+ void *be_private = be->be_private;
+ ConfigOCs *be_cf_ocs = be->be_cf_ocs;
+ static char *allowed_argv[] = {
+ /* special: put URI here, so in the meanwhile
+ * it detects whether a new URI is being provided */
+ "uri",
+ "nretries",
+ "timeout",
+ /* flags */
+ "tls",
+ /* FIXME: maybe rebind-as-user should be allowed
+ * only within known URIs... */
+ "rebind-as-user",
+ "chase-referrals",
+ "t-f-support",
+ "proxy-whoami",
+ NULL
+ };
+ int which_argv = -1;
+
+ argv[ 0 ] += STRLENOF( "chain-" );
+
+ for ( which_argv = 0; allowed_argv[ which_argv ]; which_argv++ ) {
+ if ( strcasecmp( argv[ 0 ], allowed_argv[ which_argv ] ) == 0 ) {
+ break;
+ }
+ }
+
+ if ( allowed_argv[ which_argv ] == NULL ) {
+ which_argv = -1;
+
+ if ( lc->lc_cfg_li == lc->lc_common_li ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"%s\" only allowed within a URI directive.\n.",
+ fname, lineno, argv[ 0 ] );
+ return 1;
+ }
+ }
+
+ if ( which_argv == 0 ) {
+ rc = ldap_chain_db_init_one( be );
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "underlying slapd-ldap initialization failed.\n.",
+ fname, lineno, 0 );
+ return 1;
+ }
+ lc->lc_cfg_li = be->be_private;
+ }
+
+ /* TODO: add checks on what other slapd-ldap(5) args
+ * should be put in the template; this is not quite
+ * harmful, because attributes that shouldn't don't
+ * get actually used, but the user should at least
+ * be warned.
+ */
+
+ be->bd_info = lback;
+ be->be_private = (void *)lc->lc_cfg_li;
+ be->be_cf_ocs = lback->bi_cf_ocs;
+
+ rc = config_generic_wrapper( be, fname, lineno, argc, argv );
+
+ argv[ 0 ] = save_argv0;
+ be->be_cf_ocs = be_cf_ocs;
+ be->be_private = be_private;
+ be->bd_info = bd_info;
+
+ if ( which_argv == 0 ) {
+private_destroy:;
+ if ( rc != 0 ) {
+ BackendDB db = *be;
+
+ db.bd_info = lback;
+ db.be_private = (void *)lc->lc_cfg_li;
+ ldap_chain_db_destroy_one( &db );
+ lc->lc_cfg_li = NULL;
+
+ } else {
+ if ( lc->lc_cfg_li->li_bvuri == NULL
+ || BER_BVISNULL( &lc->lc_cfg_li->li_bvuri[ 0 ] )
+ || !BER_BVISNULL( &lc->lc_cfg_li->li_bvuri[ 1 ] ) )
+ {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "no URI list allowed in slapo-chain.\n",
+ fname, lineno, 0 );
+ rc = 1;
+ goto private_destroy;
+ }
+
+ if ( avl_insert( &lc->lc_lai.lai_tree,
+ (caddr_t)lc->lc_cfg_li,
+ ldap_chain_uri_cmp, ldap_chain_uri_dup ) )
+ {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "duplicate URI in slapo-chain.\n",
+ fname, lineno, 0 );
+ rc = 1;
+ goto private_destroy;
+ }
+ }
+ }
+ }
+
+ return rc;
+}
+
+enum db_which {
+ db_open = 0,
+ db_close,
+ db_destroy,
+
+ db_last
+};
+
+typedef struct ldap_chain_db_apply_t {
+ BackendDB *be;
+ BI_db_func *func;
+} ldap_chain_db_apply_t;
+
+static int
+ldap_chain_db_apply( void *datum, void *arg )
+{
+ ldapinfo_t *li = (ldapinfo_t *)datum;
+ ldap_chain_db_apply_t *lca = (ldap_chain_db_apply_t *)arg;
+
+ lca->be->be_private = (void *)li;
+
+ return lca->func( lca->be );
+}
+
+static int
+ldap_chain_db_func(
+ BackendDB *be,
+ enum db_which which
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
+
+ int rc = 0;
+
+ if ( lc ) {
+ BI_db_func *func = (&lback->bi_db_open)[ which ];
+
+ if ( func != NULL && lc->lc_common_li != NULL ) {
+ BackendDB db = *be;
+
+ db.bd_info = lback;
+ db.be_private = lc->lc_common_li;
+
+ rc = func( &db );
+
+ if ( rc != 0 ) {
+ return rc;
+ }
+
+ if ( lc->lc_lai.lai_tree != NULL ) {
+ ldap_chain_db_apply_t lca;
+
+ lca.be = &db;
+ lca.func = func;
+
+ rc = avl_apply( lc->lc_lai.lai_tree,
+ ldap_chain_db_apply, (void *)&lca,
+ 1, AVL_INORDER ) != AVL_NOMORE;
+ }
+ }
+ }
+
+ return rc;
+}
+
+static int
+ldap_chain_db_open(
+ BackendDB *be )
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
+ int rc = 0;
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ rc = overlay_register_control( be, LDAP_CONTROL_X_CHAINING_BEHAVIOR );
+ if ( rc != 0 ) {
+ return rc;
+ }
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+ if ( lc->lc_common_li == NULL ) {
+ void *be_private = be->be_private;
+ ldap_chain_db_init_common( be );
+ lc->lc_common_li = lc->lc_cfg_li = (ldapinfo_t *)be->be_private;
+ be->be_private = be_private;
+ }
+
+ /* filter out and restore monitoring */
+ rc = ldap_chain_db_func( be, db_open );
+
+ return rc;
+}
+
+static int
+ldap_chain_db_close(
+ BackendDB *be )
+{
+ return ldap_chain_db_func( be, db_close );
+}
+
+static int
+ldap_chain_db_destroy(
+ BackendDB *be )
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
+
+ int rc;
+
+ rc = ldap_chain_db_func( be, db_destroy );
+
+ if ( lc ) {
+ avl_free( lc->lc_lai.lai_tree, NULL );
+ ldap_pvt_thread_mutex_destroy( &lc->lc_lai.lai_mutex );
+ ch_free( lc );
+ }
+
+ return rc;
+}
+
+/*
+ * inits one instance of the slapd-ldap backend, and stores
+ * the private info in be_private of the arg
+ */
+static int
+ldap_chain_db_init_common(
+ BackendDB *be )
+{
+ BackendInfo *bi = be->bd_info;
+ ldapinfo_t *li;
+ int rc;
+
+ be->bd_info = lback;
+ be->be_private = NULL;
+ rc = lback->bi_db_init( be );
+ if ( rc != 0 ) {
+ return rc;
+ }
+ li = (ldapinfo_t *)be->be_private;
+
+ be->bd_info = bi;
+
+ return 0;
+}
+
+/*
+ * inits one instance of the slapd-ldap backend, stores
+ * the private info in be_private of the arg and fills
+ * selected fields with data from the template.
+ *
+ * NOTE: add checks about the other fields of the template,
+ * which are ignored and SHOULD NOT be configured by the user.
+ */
+static int
+ldap_chain_db_init_one(
+ BackendDB *be )
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
+
+ BackendInfo *bi = be->bd_info;
+ ldapinfo_t *li;
+
+ slap_op_t t;
+
+ be->bd_info = lback;
+ be->be_private = NULL;
+ t = lback->bi_db_init( be );
+ if ( t != 0 ) {
+ return t;
+ }
+ li = (ldapinfo_t *)be->be_private;
+
+ /* copy common data */
+ li->li_nretries = lc->lc_common_li->li_nretries;
+ li->li_flags = lc->lc_common_li->li_flags;
+ li->li_version = lc->lc_common_li->li_version;
+ for ( t = 0; t < SLAP_OP_LAST; t++ ) {
+ li->li_timeout[ t ] = lc->lc_common_li->li_timeout[ t ];
+ }
+ be->bd_info = bi;
+
+ return 0;
+}
+
+static int
+ldap_chain_db_open_one(
+ BackendDB *be )
+{
+ return lback->bi_db_open( be );
+}
+
+typedef struct ldap_chain_conn_apply_t {
+ BackendDB *be;
+ Connection *conn;
+} ldap_chain_conn_apply_t;
+
+static int
+ldap_chain_conn_apply( void *datum, void *arg )
+{
+ ldapinfo_t *li = (ldapinfo_t *)datum;
+ ldap_chain_conn_apply_t *lca = (ldap_chain_conn_apply_t *)arg;
+
+ lca->be->be_private = (void *)li;
+
+ return lback->bi_connection_destroy( lca->be, lca->conn );
+}
+
+static int
+ldap_chain_connection_destroy(
+ BackendDB *be,
+ Connection *conn
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
+ void *private = be->be_private;
+ ldap_chain_conn_apply_t lca;
+ int rc;
+
+ be->be_private = NULL;
+ lca.be = be;
+ lca.conn = conn;
+ ldap_pvt_thread_mutex_lock( &lc->lc_lai.lai_mutex );
+ rc = avl_apply( lc->lc_lai.lai_tree, ldap_chain_conn_apply,
+ (void *)&lca, 1, AVL_INORDER ) != AVL_NOMORE;
+ ldap_pvt_thread_mutex_unlock( &lc->lc_lai.lai_mutex );
+ be->be_private = private;
+
+ return rc;
+}
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+static int
+ldap_chain_parse_ctrl(
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ ber_tag_t tag;
+ BerElement *ber;
+ ber_int_t mode,
+ behavior;
+
+ if ( get_chaining( op ) != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "Chaining behavior control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( op->o_pagedresults != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "Chaining behavior control specified with pagedResults control";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
+ mode = (SLAP_CH_RESOLVE_DEFAULT|SLAP_CH_CONTINUATION_DEFAULT);
+
+ } else {
+ ber_len_t len;
+
+ /* Parse the control value
+ * ChainingBehavior ::= SEQUENCE {
+ * resolveBehavior Behavior OPTIONAL,
+ * continuationBehavior Behavior OPTIONAL }
+ *
+ * Behavior :: = ENUMERATED {
+ * chainingPreferred (0),
+ * chainingRequired (1),
+ * referralsPreferred (2),
+ * referralsRequired (3) }
+ */
+
+ ber = ber_init( &ctrl->ldctl_value );
+ if( ber == NULL ) {
+ rs->sr_text = "internal error";
+ return LDAP_OTHER;
+ }
+
+ tag = ber_scanf( ber, "{e" /* } */, &behavior );
+ /* FIXME: since the whole SEQUENCE is optional,
+ * should we accept no enumerations at all? */
+ if ( tag != LBER_ENUMERATED ) {
+ rs->sr_text = "Chaining behavior control: resolveBehavior decoding error";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ switch ( behavior ) {
+ case LDAP_CHAINING_PREFERRED:
+ mode = SLAP_CH_RESOLVE_CHAINING_PREFERRED;
+ break;
+
+ case LDAP_CHAINING_REQUIRED:
+ mode = SLAP_CH_RESOLVE_CHAINING_REQUIRED;
+ break;
+
+ case LDAP_REFERRALS_PREFERRED:
+ mode = SLAP_CH_RESOLVE_REFERRALS_PREFERRED;
+ break;
+
+ case LDAP_REFERRALS_REQUIRED:
+ mode = SLAP_CH_RESOLVE_REFERRALS_REQUIRED;
+ break;
+
+ default:
+ rs->sr_text = "Chaining behavior control: unknown resolveBehavior";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ tag = ber_peek_tag( ber, &len );
+ if ( tag == LBER_ENUMERATED ) {
+ tag = ber_scanf( ber, "e", &behavior );
+ if ( tag == LBER_ERROR ) {
+ rs->sr_text = "Chaining behavior control: continuationBehavior decoding error";
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+
+ if ( tag == LBER_DEFAULT ) {
+ mode |= SLAP_CH_CONTINUATION_DEFAULT;
+
+ } else {
+ switch ( behavior ) {
+ case LDAP_CHAINING_PREFERRED:
+ mode |= SLAP_CH_CONTINUATION_CHAINING_PREFERRED;
+ break;
+
+ case LDAP_CHAINING_REQUIRED:
+ mode |= SLAP_CH_CONTINUATION_CHAINING_REQUIRED;
+ break;
+
+ case LDAP_REFERRALS_PREFERRED:
+ mode |= SLAP_CH_CONTINUATION_REFERRALS_PREFERRED;
+ break;
+
+ case LDAP_REFERRALS_REQUIRED:
+ mode |= SLAP_CH_CONTINUATION_REFERRALS_REQUIRED;
+ break;
+
+ default:
+ rs->sr_text = "Chaining behavior control: unknown continuationBehavior";
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+
+ if ( ( ber_scanf( ber, /* { */ "}") ) == LBER_ERROR ) {
+ rs->sr_text = "Chaining behavior control: decoding error";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ (void) ber_free( ber, 1 );
+ }
+
+ op->o_chaining = mode | ( ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL );
+
+ return LDAP_SUCCESS;
+}
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+static slap_overinst ldapchain;
+
+int
+chain_init( void )
+{
+ int rc;
+
+ /* Make sure we don't exceed the bits reserved for userland */
+ config_check_userland( CH_LAST );
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ rc = register_supported_control( LDAP_CONTROL_X_CHAINING_BEHAVIOR,
+ /* SLAP_CTRL_GLOBAL| */ SLAP_CTRL_ACCESS|SLAP_CTRL_HIDE, NULL,
+ ldap_chain_parse_ctrl, &sc_chainingBehavior );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "slapd-chain: "
+ "unable to register chaining behavior control: %d.\n",
+ rc, 0, 0 );
+ return rc;
+ }
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+ ldapchain.on_bi.bi_type = "chain";
+ ldapchain.on_bi.bi_db_init = ldap_chain_db_init;
+ ldapchain.on_bi.bi_db_config = ldap_chain_db_config;
+ ldapchain.on_bi.bi_db_open = ldap_chain_db_open;
+ ldapchain.on_bi.bi_db_close = ldap_chain_db_close;
+ ldapchain.on_bi.bi_db_destroy = ldap_chain_db_destroy;
+
+ ldapchain.on_bi.bi_connection_destroy = ldap_chain_connection_destroy;
+
+ ldapchain.on_response = ldap_chain_response;
+
+ ldapchain.on_bi.bi_cf_ocs = chainocs;
+
+ rc = config_register_schema( chaincfg, chainocs );
+ if ( rc ) {
+ return rc;
+ }
+
+ return overlay_register( &ldapchain );
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/compare.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/compare.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/compare.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,85 @@
+/* compare.c - ldap backend compare function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/compare.c,v 1.52.2.11 2007/01/13 11:19:06 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldap.h"
+
+int
+ldap_back_compare(
+ Operation *op,
+ SlapReply *rs )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+
+ ldapconn_t *lc = NULL;
+ ber_int_t msgid;
+ ldap_back_send_t retrying = LDAP_BACK_RETRYING;
+ LDAPControl **ctrls = NULL;
+ int rc = LDAP_SUCCESS;
+
+ if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ lc = NULL;
+ goto cleanup;
+ }
+
+retry:
+ ctrls = op->o_ctrls;
+ rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+ li->li_version, &li->li_idassert, op, rs, &ctrls );
+ if ( rc != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ rs->sr_err = ldap_compare_ext( lc->lc_ld, op->o_req_dn.bv_val,
+ op->orc_ava->aa_desc->ad_cname.bv_val,
+ &op->orc_ava->aa_value,
+ ctrls, NULL, &msgid );
+ rc = ldap_back_op_result( lc, op, rs, msgid,
+ li->li_timeout[ SLAP_OP_COMPARE ],
+ ( LDAP_BACK_SENDRESULT | retrying ) );
+ if ( rc == LDAP_UNAVAILABLE && retrying ) {
+ retrying &= ~LDAP_BACK_RETRYING;
+ if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ /* if the identity changed, there might be need to re-authz */
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ goto retry;
+ }
+ }
+
+cleanup:
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
+ if ( lc != NULL ) {
+ ldap_back_release_conn( li, lc );
+ }
+
+ return rs->sr_err;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/config.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/config.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/config.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2005 @@
+/* config.c - ldap backend configuration file routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/config.c,v 1.73.2.24 2007/01/27 23:56:43 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "config.h"
+#include "back-ldap.h"
+#include "lutil.h"
+#include "ldif.h"
+#undef ldap_debug
+/* for advanced URL parsing */
+#include "../../../libraries/libldap/ldap-int.h"
+
+static SLAP_EXTOP_MAIN_FN ldap_back_exop_whoami;
+
+static ConfigDriver ldap_back_cf_gen;
+
+enum {
+ LDAP_BACK_CFG_URI = 1,
+ LDAP_BACK_CFG_TLS,
+ LDAP_BACK_CFG_ACL_AUTHCDN,
+ LDAP_BACK_CFG_ACL_PASSWD,
+ LDAP_BACK_CFG_ACL_METHOD,
+ LDAP_BACK_CFG_ACL_BIND,
+ LDAP_BACK_CFG_IDASSERT_MODE,
+ LDAP_BACK_CFG_IDASSERT_AUTHCDN,
+ LDAP_BACK_CFG_IDASSERT_PASSWD,
+ LDAP_BACK_CFG_IDASSERT_AUTHZFROM,
+ LDAP_BACK_CFG_IDASSERT_METHOD,
+ LDAP_BACK_CFG_IDASSERT_BIND,
+ LDAP_BACK_CFG_REBIND,
+ LDAP_BACK_CFG_CHASE,
+ LDAP_BACK_CFG_T_F,
+ LDAP_BACK_CFG_WHOAMI,
+ LDAP_BACK_CFG_TIMEOUT,
+ LDAP_BACK_CFG_IDLE_TIMEOUT,
+ LDAP_BACK_CFG_CONN_TTL,
+ LDAP_BACK_CFG_NETWORK_TIMEOUT,
+ LDAP_BACK_CFG_VERSION,
+ LDAP_BACK_CFG_SINGLECONN,
+ LDAP_BACK_CFG_USETEMP,
+ LDAP_BACK_CFG_CONNPOOLMAX,
+ LDAP_BACK_CFG_CANCEL,
+ LDAP_BACK_CFG_QUARANTINE,
+ LDAP_BACK_CFG_REWRITE,
+
+ LDAP_BACK_CFG_LAST
+};
+
+static ConfigTable ldapcfg[] = {
+ { "uri", "uri", 2, 2, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_URI,
+ ldap_back_cf_gen, "( OLcfgDbAt:0.14 "
+ "NAME 'olcDbURI' "
+ "DESC 'URI (list) for remote DSA' "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "tls", "what", 2, 2, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_TLS,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.1 "
+ "NAME 'olcDbStartTLS' "
+ "DESC 'StartTLS' "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "acl-authcDN", "DN", 2, 2, 0,
+ ARG_DN|ARG_MAGIC|LDAP_BACK_CFG_ACL_AUTHCDN,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.2 "
+ "NAME 'olcDbACLAuthcDn' "
+ "DESC 'Remote ACL administrative identity' "
+ "OBSOLETE "
+ "SYNTAX OMsDN "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ /* deprecated, will be removed; aliases "acl-authcDN" */
+ { "binddn", "DN", 2, 2, 0,
+ ARG_DN|ARG_MAGIC|LDAP_BACK_CFG_ACL_AUTHCDN,
+ ldap_back_cf_gen, NULL, NULL, NULL },
+ { "acl-passwd", "cred", 2, 2, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_ACL_PASSWD,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.3 "
+ "NAME 'olcDbACLPasswd' "
+ "DESC 'Remote ACL administrative identity credentials' "
+ "OBSOLETE "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ /* deprecated, will be removed; aliases "acl-passwd" */
+ { "bindpw", "cred", 2, 2, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_ACL_PASSWD,
+ ldap_back_cf_gen, NULL, NULL, NULL },
+ /* deprecated, will be removed; aliases "acl-bind" */
+ { "acl-method", "args", 2, 0, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_ACL_METHOD,
+ ldap_back_cf_gen, NULL, NULL, NULL },
+ { "acl-bind", "args", 2, 0, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_ACL_BIND,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.4 "
+ "NAME 'olcDbACLBind' "
+ "DESC 'Remote ACL administrative identity auth bind configuration' "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "idassert-authcDN", "DN", 2, 2, 0,
+ ARG_DN|ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_AUTHCDN,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.5 "
+ "NAME 'olcDbIDAssertAuthcDn' "
+ "DESC 'Remote Identity Assertion administrative identity' "
+ "OBSOLETE "
+ "SYNTAX OMsDN "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ /* deprecated, will be removed; partially aliases "idassert-authcDN" */
+ { "proxyauthzdn", "DN", 2, 2, 0,
+ ARG_DN|ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_AUTHCDN,
+ ldap_back_cf_gen, NULL, NULL, NULL },
+ { "idassert-passwd", "cred", 2, 2, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_PASSWD,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.6 "
+ "NAME 'olcDbIDAssertPasswd' "
+ "DESC 'Remote Identity Assertion administrative identity credentials' "
+ "OBSOLETE "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ /* deprecated, will be removed; partially aliases "idassert-passwd" */
+ { "proxyauthzpw", "cred", 2, 2, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_PASSWD,
+ ldap_back_cf_gen, NULL, NULL, NULL },
+ { "idassert-bind", "args", 2, 0, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_BIND,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.7 "
+ "NAME 'olcDbIDAssertBind' "
+ "DESC 'Remote Identity Assertion administrative identity auth bind configuration' "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "idassert-method", "args", 2, 0, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_METHOD,
+ ldap_back_cf_gen, NULL, NULL, NULL },
+ { "idassert-mode", "mode>|u:<user>|[dn:]<DN", 2, 0, 0,
+ ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_MODE,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.8 "
+ "NAME 'olcDbIDAssertMode' "
+ "DESC 'Remote Identity Assertion mode' "
+ "OBSOLETE "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE)",
+ NULL, NULL },
+ { "idassert-authzFrom", "authzRule", 2, 2, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_AUTHZFROM,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.9 "
+ "NAME 'olcDbIDAssertAuthzFrom' "
+ "DESC 'Remote Identity Assertion authz rules' "
+ "SYNTAX OMsDirectoryString "
+ "X-ORDERED 'VALUES' )",
+ NULL, NULL },
+ { "rebind-as-user", "NO|yes", 1, 2, 0,
+ ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_REBIND,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.10 "
+ "NAME 'olcDbRebindAsUser' "
+ "DESC 'Rebind as user' "
+ "SYNTAX OMsBoolean "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "chase-referrals", "YES|no", 2, 2, 0,
+ ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_CHASE,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.11 "
+ "NAME 'olcDbChaseReferrals' "
+ "DESC 'Chase referrals' "
+ "SYNTAX OMsBoolean "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "t-f-support", "NO|yes|discover", 2, 2, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_T_F,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.12 "
+ "NAME 'olcDbTFSupport' "
+ "DESC 'Absolute filters support' "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "proxy-whoami", "NO|yes", 1, 2, 0,
+ ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_WHOAMI,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.13 "
+ "NAME 'olcDbProxyWhoAmI' "
+ "DESC 'Proxy whoAmI exop' "
+ "SYNTAX OMsBoolean "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "timeout", "timeout(list)", 2, 0, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_TIMEOUT,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.14 "
+ "NAME 'olcDbTimeout' "
+ "DESC 'Per-operation timeouts' "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "idle-timeout", "timeout", 2, 0, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_IDLE_TIMEOUT,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.15 "
+ "NAME 'olcDbIdleTimeout' "
+ "DESC 'connection idle timeout' "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "conn-ttl", "ttl", 2, 0, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_CONN_TTL,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.16 "
+ "NAME 'olcDbConnTtl' "
+ "DESC 'connection ttl' "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "network-timeout", "timeout", 2, 0, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_NETWORK_TIMEOUT,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.17 "
+ "NAME 'olcDbNetworkTimeout' "
+ "DESC 'connection network timeout' "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "protocol-version", "version", 2, 0, 0,
+ ARG_MAGIC|ARG_INT|LDAP_BACK_CFG_VERSION,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.18 "
+ "NAME 'olcDbProtocolVersion' "
+ "DESC 'protocol version' "
+ "SYNTAX OMsInteger "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "single-conn", "TRUE/FALSE", 2, 0, 0,
+ ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_SINGLECONN,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.19 "
+ "NAME 'olcDbSingleConn' "
+ "DESC 'cache a single connection per identity' "
+ "SYNTAX OMsBoolean "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "cancel", "ABANDON|ignore|exop", 2, 0, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_CANCEL,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.20 "
+ "NAME 'olcDbCancel' "
+ "DESC 'abandon/ignore/exop operations when appropriate' "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "quarantine", "retrylist", 2, 0, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_QUARANTINE,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.21 "
+ "NAME 'olcDbQuarantine' "
+ "DESC 'Quarantine database if connection fails and retry according to rule' "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "use-temporary-conn", "TRUE/FALSE", 2, 0, 0,
+ ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_USETEMP,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.22 "
+ "NAME 'olcDbUseTemporaryConn' "
+ "DESC 'Use temporary connections if the cached one is busy' "
+ "SYNTAX OMsBoolean "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "conn-pool-max", "<n>", 2, 0, 0,
+ ARG_MAGIC|ARG_INT|LDAP_BACK_CFG_CONNPOOLMAX,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.23 "
+ "NAME 'olcDbConnectionPoolMax' "
+ "DESC 'Max size of privileged connections pool' "
+ "SYNTAX OMsInteger "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "suffixmassage", "[virtual]> <real", 2, 3, 0,
+ ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
+ ldap_back_cf_gen, NULL, NULL, NULL },
+ { "map", "attribute|objectClass> [*|<local>] *|<remote", 3, 4, 0,
+ ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
+ ldap_back_cf_gen, NULL, NULL, NULL },
+ { "rewrite", "<arglist>", 2, 4, STRLENOF( "rewrite" ),
+ ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
+ ldap_back_cf_gen, NULL, NULL, NULL },
+ { NULL, NULL, 0, 0, 0, ARG_IGNORED,
+ NULL, NULL, NULL, NULL }
+};
+
+static ConfigOCs ldapocs[] = {
+ { "( OLcfgDbOc:3.1 "
+ "NAME 'olcLDAPConfig' "
+ "DESC 'LDAP backend configuration' "
+ "SUP olcDatabaseConfig "
+ "MAY ( olcDbURI "
+ "$ olcDbStartTLS "
+ "$ olcDbACLAuthcDn "
+ "$ olcDbACLPasswd "
+ "$ olcDbACLBind "
+ "$ olcDbIDAssertAuthcDn "
+ "$ olcDbIDAssertPasswd "
+ "$ olcDbIDAssertBind "
+ "$ olcDbIDAssertMode "
+ "$ olcDbIDAssertAuthzFrom "
+ "$ olcDbRebindAsUser "
+ "$ olcDbChaseReferrals "
+ "$ olcDbTFSupport "
+ "$ olcDbProxyWhoAmI "
+ "$ olcDbTimeout "
+ "$ olcDbIdleTimeout "
+ "$ olcDbSingleConn "
+ "$ olcDbCancel "
+ "$ olcDbQuarantine "
+ "$ olcDbUseTemporaryConn "
+ "$ olcDbConnectionPoolMax "
+ ") )",
+ Cft_Database, ldapcfg},
+ { NULL, 0, NULL }
+};
+
+static slap_verbmasks idassert_mode[] = {
+ { BER_BVC("self"), LDAP_BACK_IDASSERT_SELF },
+ { BER_BVC("anonymous"), LDAP_BACK_IDASSERT_ANONYMOUS },
+ { BER_BVC("none"), LDAP_BACK_IDASSERT_NOASSERT },
+ { BER_BVC("legacy"), LDAP_BACK_IDASSERT_LEGACY },
+ { BER_BVNULL, 0 }
+};
+
+static slap_verbmasks tls_mode[] = {
+ { BER_BVC( "propagate" ), LDAP_BACK_F_TLS_PROPAGATE_MASK },
+ { BER_BVC( "try-propagate" ), LDAP_BACK_F_PROPAGATE_TLS },
+ { BER_BVC( "start" ), LDAP_BACK_F_TLS_USE_MASK },
+ { BER_BVC( "try-start" ), LDAP_BACK_F_USE_TLS },
+ { BER_BVC( "none" ), LDAP_BACK_F_NONE },
+ { BER_BVNULL, 0 }
+};
+
+static slap_verbmasks t_f_mode[] = {
+ { BER_BVC( "yes" ), LDAP_BACK_F_T_F },
+ { BER_BVC( "discover" ), LDAP_BACK_F_T_F_DISCOVER },
+ { BER_BVC( "no" ), LDAP_BACK_F_NONE },
+ { BER_BVNULL, 0 }
+};
+
+static slap_verbmasks cancel_mode[] = {
+#if 0 /* needs ldap_int_discard(), 2.4 */
+ { BER_BVC( "ignore" ), LDAP_BACK_F_CANCEL_IGNORE },
+#endif
+ { BER_BVC( "exop" ), LDAP_BACK_F_CANCEL_EXOP },
+ { BER_BVC( "exop-discover" ), LDAP_BACK_F_CANCEL_EXOP_DISCOVER },
+ { BER_BVC( "abandon" ), LDAP_BACK_F_CANCEL_ABANDON },
+ { BER_BVNULL, 0 }
+};
+
+/* see enum in slap.h */
+static slap_cf_aux_table timeout_table[] = {
+ { BER_BVC("bind="), SLAP_OP_BIND * sizeof( time_t ), 'u', 0, NULL },
+ /* unbind makes no sense */
+ { BER_BVC("add="), SLAP_OP_ADD * sizeof( time_t ), 'u', 0, NULL },
+ { BER_BVC("delete="), SLAP_OP_DELETE * sizeof( time_t ), 'u', 0, NULL },
+ { BER_BVC("modrdn="), SLAP_OP_MODRDN * sizeof( time_t ), 'u', 0, NULL },
+ { BER_BVC("modify="), SLAP_OP_MODIFY * sizeof( time_t ), 'u', 0, NULL },
+ { BER_BVC("compare="), SLAP_OP_COMPARE * sizeof( time_t ), 'u', 0, NULL },
+ { BER_BVC("search="), SLAP_OP_SEARCH * sizeof( time_t ), 'u', 0, NULL },
+ /* abandon makes little sense */
+#if 0 /* not implemented yet */
+ { BER_BVC("extended="), SLAP_OP_EXTENDED * sizeof( time_t ), 'u', 0, NULL },
+#endif
+ { BER_BVNULL, 0, 0, 0, NULL }
+};
+
+int
+slap_retry_info_parse(
+ char *in,
+ slap_retry_info_t *ri,
+ char *buf,
+ ber_len_t buflen )
+{
+ char **retrylist = NULL;
+ int rc = 0;
+ int i;
+
+ slap_str2clist( &retrylist, in, " ;" );
+ if ( retrylist == NULL ) {
+ return 1;
+ }
+
+ for ( i = 0; retrylist[ i ] != NULL; i++ )
+ /* count */ ;
+
+ ri->ri_interval = ch_calloc( sizeof( time_t ), i + 1 );
+ ri->ri_num = ch_calloc( sizeof( int ), i + 1 );
+
+ for ( i = 0; retrylist[ i ] != NULL; i++ ) {
+ unsigned long t;
+ char *sep = strchr( retrylist[ i ], ',' );
+
+ if ( sep == NULL ) {
+ snprintf( buf, buflen,
+ "missing comma in retry pattern #%d \"%s\"",
+ i, retrylist[ i ] );
+ rc = 1;
+ goto done;
+ }
+
+ *sep++ = '\0';
+
+ if ( lutil_parse_time( retrylist[ i ], &t ) ) {
+ snprintf( buf, buflen,
+ "unable to parse interval #%d \"%s\"",
+ i, retrylist[ i ] );
+ rc = 1;
+ goto done;
+ }
+ ri->ri_interval[ i ] = (time_t)t;
+
+ if ( strcmp( sep, "+" ) == 0 ) {
+ if ( retrylist[ i + 1 ] != NULL ) {
+ snprintf( buf, buflen,
+ "extra cruft after retry pattern "
+ "#%d \"%s,+\" with \"forever\" mark",
+ i, retrylist[ i ] );
+ rc = 1;
+ goto done;
+ }
+ ri->ri_num[ i ] = SLAP_RETRYNUM_FOREVER;
+
+ } else if ( lutil_atoi( &ri->ri_num[ i ], sep ) ) {
+ snprintf( buf, buflen,
+ "unable to parse retry num #%d \"%s\"",
+ i, sep );
+ rc = 1;
+ goto done;
+ }
+ }
+
+ ri->ri_num[ i ] = SLAP_RETRYNUM_TAIL;
+
+ ri->ri_idx = 0;
+ ri->ri_count = 0;
+ ri->ri_last = (time_t)(-1);
+
+done:;
+ ldap_charray_free( retrylist );
+
+ if ( rc ) {
+ slap_retry_info_destroy( ri );
+ }
+
+ return rc;
+}
+
+int
+slap_retry_info_unparse(
+ slap_retry_info_t *ri,
+ struct berval *bvout )
+{
+ int i;
+ char buf[ BUFSIZ * 2 ],
+ *ptr = buf;
+ struct berval bv = BER_BVNULL;
+
+ assert( ri != NULL );
+ assert( bvout != NULL );
+
+ BER_BVZERO( bvout );
+
+#define WHATSLEFT ( sizeof( buf ) - ( ptr - buf ) )
+
+ for ( i = 0; ri->ri_num[ i ] != SLAP_RETRYNUM_TAIL; i++ ) {
+ if ( i > 0 ) {
+ if ( WHATSLEFT <= 1 ) {
+ return 1;
+ }
+ *ptr++ = ';';
+ }
+
+ if ( lutil_unparse_time( ptr, WHATSLEFT, (long)ri->ri_interval[i] ) ) {
+ return 1;
+ }
+ ptr += strlen( ptr );
+
+ if ( WHATSLEFT <= 1 ) {
+ return 1;
+ }
+ *ptr++ = ',';
+
+ if ( ri->ri_num[i] == SLAP_RETRYNUM_FOREVER ) {
+ if ( WHATSLEFT <= 1 ) {
+ return 1;
+ }
+ *ptr++ = '+';
+
+ } else {
+ ptr += snprintf( ptr, WHATSLEFT, "%d", ri->ri_num[i] );
+ if ( WHATSLEFT <= 0 ) {
+ return 1;
+ }
+ }
+ }
+
+ bv.bv_val = buf;
+ bv.bv_len = ptr - buf;
+
+ ber_dupbv( bvout, &bv );
+
+ return 0;
+}
+
+void
+slap_retry_info_destroy(
+ slap_retry_info_t *ri )
+{
+ assert( ri != NULL );
+
+ assert( ri->ri_interval != NULL );
+ ch_free( ri->ri_interval );
+ ri->ri_interval = NULL;
+
+ assert( ri->ri_num != NULL );
+ ch_free( ri->ri_num );
+ ri->ri_num = NULL;
+}
+
+static int
+slap_idassert_authzfrom_parse( ConfigArgs *c, slap_idassert_t *si )
+{
+ struct berval bv;
+
+ if ( strcmp( c->argv[ 1 ], "*" ) == 0
+ || strcmp( c->argv[ 1 ], "dn:*" ) == 0
+ || strcasecmp( c->argv[ 1 ], "dn.regex:.*" ) == 0 )
+ {
+ if ( si->si_authz != NULL ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"idassert-authzFrom <authz>\": "
+ "\"%s\" conflicts with existing authz rules",
+ c->argv[ 1 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+
+ si->si_flags |= LDAP_BACK_AUTH_AUTHZ_ALL;
+
+ return 0;
+
+ } else if ( ( si->si_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"idassert-authzFrom <authz>\": "
+ "\"<authz>\" conflicts with \"*\"" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+
+#ifdef SLAP_AUTHZ_SYNTAX
+ {
+ struct berval in;
+ int rc;
+
+ ber_str2bv( c->argv[ 1 ], 0, 0, &in );
+ rc = authzNormalize( 0, NULL, NULL, &in, &bv, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"idassert-authzFrom <authz>\": "
+ "invalid syntax" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ }
+#else /* !SLAP_AUTHZ_SYNTAX */
+ ber_str2bv( c->argv[ 1 ], 0, 1, &bv );
+#endif /* !SLAP_AUTHZ_SYNTAX */
+
+ ber_bvarray_add( &si->si_authz, &bv );
+
+ return 0;
+}
+
+static int
+slap_idassert_parse( ConfigArgs *c, slap_idassert_t *si )
+{
+ int i;
+
+ for ( i = 1; i < c->argc; i++ ) {
+ if ( strncasecmp( c->argv[ i ], "mode=", STRLENOF( "mode=" ) ) == 0 ) {
+ char *argvi = c->argv[ i ] + STRLENOF( "mode=" );
+ int j;
+
+ j = verb_to_mask( argvi, idassert_mode );
+ if ( BER_BVISNULL( &idassert_mode[ j ].word ) ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"idassert-bind <args>\": "
+ "unknown mode \"%s\"",
+ argvi );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+
+ si->si_mode = idassert_mode[ j ].mask;
+
+ } else if ( strncasecmp( c->argv[ i ], "authz=", STRLENOF( "authz=" ) ) == 0 ) {
+ char *argvi = c->argv[ i ] + STRLENOF( "authz=" );
+
+ if ( strcasecmp( argvi, "native" ) == 0 ) {
+ if ( si->si_bc.sb_method != LDAP_AUTH_SASL ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"idassert-bind <args>\": "
+ "authz=\"native\" incompatible "
+ "with auth method" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ si->si_flags |= LDAP_BACK_AUTH_NATIVE_AUTHZ;
+
+ } else if ( strcasecmp( argvi, "proxyAuthz" ) == 0 ) {
+ si->si_flags &= ~LDAP_BACK_AUTH_NATIVE_AUTHZ;
+
+ } else {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"idassert-bind <args>\": "
+ "unknown authz \"%s\"",
+ argvi );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+
+ } else if ( strncasecmp( c->argv[ i ], "flags=", STRLENOF( "flags=" ) ) == 0 ) {
+ char *argvi = c->argv[ i ] + STRLENOF( "flags=" );
+ char **flags = ldap_str2charray( argvi, "," );
+ int j, err = 0;
+
+ if ( flags == NULL ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"idassert-bind <args>\": "
+ "unable to parse flags \"%s\"",
+ argvi );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+
+ for ( j = 0; flags[ j ] != NULL; j++ ) {
+
+ if ( strcasecmp( flags[ j ], "override" ) == 0 ) {
+ si->si_flags |= LDAP_BACK_AUTH_OVERRIDE;
+
+ } else if ( strcasecmp( flags[ j ], "prescriptive" ) == 0 ) {
+ si->si_flags |= LDAP_BACK_AUTH_PRESCRIPTIVE;
+
+ } else if ( strcasecmp( flags[ j ], "non-prescriptive" ) == 0 ) {
+ si->si_flags &= ( ~LDAP_BACK_AUTH_PRESCRIPTIVE );
+
+ } else if ( strcasecmp( flags[ j ], "obsolete-proxy-authz" ) == 0 ) {
+ if ( si->si_flags & LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: \"obsolete-proxy-authz\" flag "
+ "in \"idassert-mode <args>\" "
+ "incompatible with previously issued \"obsolete-encoding-workaround\" flag.\n",
+ c->log, 0, 0 );
+ err = 1;
+ break;
+
+ } else {
+ si->si_flags |= LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ;
+ }
+
+ } else if ( strcasecmp( flags[ j ], "obsolete-encoding-workaround" ) == 0 ) {
+ if ( si->si_flags & LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: \"obsolete-encoding-workaround\" flag "
+ "in \"idassert-mode <args>\" "
+ "incompatible with previously issued \"obsolete-proxy-authz\" flag.\n",
+ c->log, 0, 0 );
+ err = 1;
+ break;
+
+ } else {
+ si->si_flags |= LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND;
+ }
+
+ } else {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"idassert-bind <args>\": "
+ "unknown flag \"%s\"",
+ flags[ j ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ err = 1;
+ break;
+ }
+ }
+
+ ldap_charray_free( flags );
+ if ( err ) {
+ return 1;
+ }
+
+ } else if ( bindconf_parse( c->argv[ i ], &si->si_bc ) ) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+/* NOTE: temporary, until back-meta is ported to back-config */
+int
+slap_idassert_authzfrom_parse_cf( const char *fname, int lineno, const char *arg, slap_idassert_t *si )
+{
+ ConfigArgs c = { 0 };
+ char *argv[ 3 ];
+
+ snprintf( c.log, sizeof( c.log ), "%s: line %d", fname, lineno );
+ c.argc = 2;
+ c.argv = argv;
+ argv[ 0 ] = "idassert-authzFrom";
+ argv[ 1 ] = (char *)arg;
+ argv[ 2 ] = NULL;
+
+ return slap_idassert_authzfrom_parse( &c, si );
+}
+
+int
+slap_idassert_parse_cf( const char *fname, int lineno, int argc, char *argv[], slap_idassert_t *si )
+{
+ ConfigArgs c = { 0 };
+
+ snprintf( c.log, sizeof( c.log ), "%s: line %d", fname, lineno );
+ c.argc = argc;
+ c.argv = argv;
+
+ return slap_idassert_parse( &c, si );
+}
+
+static int
+ldap_back_cf_gen( ConfigArgs *c )
+{
+ ldapinfo_t *li = ( ldapinfo_t * )c->be->be_private;
+ int rc = 0;
+ int i;
+
+ if ( c->op == SLAP_CONFIG_EMIT ) {
+ struct berval bv = BER_BVNULL;
+
+ if ( li == NULL ) {
+ return 1;
+ }
+
+ switch( c->type ) {
+ case LDAP_BACK_CFG_URI:
+ if ( li->li_uri != NULL ) {
+ struct berval bv, bv2;
+
+ ber_str2bv( li->li_uri, 0, 0, &bv );
+ bv2.bv_len = bv.bv_len + STRLENOF( "\"\"" );
+ bv2.bv_val = ch_malloc( bv2.bv_len + 1 );
+ snprintf( bv2.bv_val, bv2.bv_len + 1,
+ "\"%s\"", bv.bv_val );
+ ber_bvarray_add( &c->rvalue_vals, &bv2 );
+
+ } else {
+ rc = 1;
+ }
+ break;
+
+ case LDAP_BACK_CFG_TLS:
+ enum_to_verb( tls_mode, ( li->li_flags & LDAP_BACK_F_TLS_MASK ), &bv );
+ assert( !BER_BVISNULL( &bv ) );
+ value_add_one( &c->rvalue_vals, &bv );
+ break;
+
+ case LDAP_BACK_CFG_ACL_AUTHCDN:
+ case LDAP_BACK_CFG_ACL_PASSWD:
+ case LDAP_BACK_CFG_ACL_METHOD:
+ /* handled by LDAP_BACK_CFG_ACL_BIND */
+ rc = 1;
+ break;
+
+ case LDAP_BACK_CFG_ACL_BIND: {
+ int i;
+
+ if ( li->li_acl_authmethod == LDAP_AUTH_NONE ) {
+ return 1;
+ }
+
+ bindconf_unparse( &li->li_acl, &bv );
+
+ for ( i = 0; isspace( (unsigned char) bv.bv_val[ i ] ); i++ )
+ /* count spaces */ ;
+
+ if ( i ) {
+ bv.bv_len -= i;
+ AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ],
+ bv.bv_len + 1 );
+ }
+
+ ber_bvarray_add( &c->rvalue_vals, &bv );
+ break;
+ }
+
+ case LDAP_BACK_CFG_IDASSERT_MODE:
+ case LDAP_BACK_CFG_IDASSERT_AUTHCDN:
+ case LDAP_BACK_CFG_IDASSERT_PASSWD:
+ case LDAP_BACK_CFG_IDASSERT_METHOD:
+ /* handled by LDAP_BACK_CFG_IDASSERT_BIND */
+ rc = 1;
+ break;
+
+ case LDAP_BACK_CFG_IDASSERT_AUTHZFROM: {
+ int i;
+
+ if ( li->li_idassert_authz == NULL ) {
+ if ( ( li->li_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) ) {
+ BER_BVSTR( &bv, "*" );
+ value_add_one( &c->rvalue_vals, &bv );
+
+ } else {
+ rc = 1;
+ }
+ break;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &li->li_idassert_authz[ i ] ); i++ )
+ {
+ value_add_one( &c->rvalue_vals, &li->li_idassert_authz[ i ] );
+ }
+ break;
+ }
+
+ case LDAP_BACK_CFG_IDASSERT_BIND: {
+ int i;
+ struct berval bc = BER_BVNULL;
+ char *ptr;
+
+ if ( li->li_idassert_authmethod == LDAP_AUTH_NONE ) {
+ return 1;
+ }
+
+ if ( li->li_idassert_authmethod != LDAP_AUTH_NONE ) {
+ ber_len_t len;
+
+ switch ( li->li_idassert_mode ) {
+ case LDAP_BACK_IDASSERT_OTHERID:
+ case LDAP_BACK_IDASSERT_OTHERDN:
+ break;
+
+ default: {
+ struct berval mode = BER_BVNULL;
+
+ enum_to_verb( idassert_mode, li->li_idassert_mode, &mode );
+ if ( BER_BVISNULL( &mode ) ) {
+ /* there's something wrong... */
+ assert( 0 );
+ rc = 1;
+
+ } else {
+ bv.bv_len = STRLENOF( "mode=" ) + mode.bv_len;
+ bv.bv_val = ch_malloc( bv.bv_len + 1 );
+
+ ptr = lutil_strcopy( bv.bv_val, "mode=" );
+ ptr = lutil_strcopy( ptr, mode.bv_val );
+ }
+ break;
+ }
+ }
+
+ if ( li->li_idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ ) {
+ len = bv.bv_len + STRLENOF( "authz=native" );
+
+ if ( !BER_BVISEMPTY( &bv ) ) {
+ len += STRLENOF( " " );
+ }
+
+ bv.bv_val = ch_realloc( bv.bv_val, len + 1 );
+
+ ptr = &bv.bv_val[ bv.bv_len ];
+
+ if ( !BER_BVISEMPTY( &bv ) ) {
+ ptr = lutil_strcopy( ptr, " " );
+ }
+
+ (void)lutil_strcopy( ptr, "authz=native" );
+ }
+
+ len = bv.bv_len + STRLENOF( "flags=non-prescriptive,override,obsolete-encoding-workaround" );
+ /* flags */
+ if ( !BER_BVISEMPTY( &bv ) ) {
+ len += STRLENOF( " " );
+ }
+
+ bv.bv_val = ch_realloc( bv.bv_val, len + 1 );
+
+ ptr = &bv.bv_val[ bv.bv_len ];
+
+ if ( !BER_BVISEMPTY( &bv ) ) {
+ ptr = lutil_strcopy( ptr, " " );
+ }
+
+ ptr = lutil_strcopy( ptr, "flags=" );
+
+ if ( li->li_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
+ ptr = lutil_strcopy( ptr, "prescriptive" );
+ } else {
+ ptr = lutil_strcopy( ptr, "non-prescriptive" );
+ }
+
+ if ( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
+ ptr = lutil_strcopy( ptr, ",override" );
+ }
+
+ if ( li->li_idassert_flags & LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ ) {
+ ptr = lutil_strcopy( ptr, ",obsolete-proxy-authz" );
+
+ } else if ( li->li_idassert_flags & LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND ) {
+ ptr = lutil_strcopy( ptr, ",obsolete-encoding-workaround" );
+ }
+
+ bv.bv_len = ( ptr - bv.bv_val );
+ /* end-of-flags */
+ }
+
+ bindconf_unparse( &li->li_idassert.si_bc, &bc );
+
+ if ( !BER_BVISNULL( &bv ) ) {
+ ber_len_t len = bv.bv_len + bc.bv_len;
+
+ bv.bv_val = ch_realloc( bv.bv_val, len + 1 );
+
+ assert( bc.bv_val[ 0 ] == ' ' );
+
+ ptr = lutil_strcopy( &bv.bv_val[ bv.bv_len ], bc.bv_val );
+ free( bc.bv_val );
+ bv.bv_len = ptr - bv.bv_val;
+
+ } else {
+ for ( i = 0; isspace( (unsigned char) bc.bv_val[ i ] ); i++ )
+ /* count spaces */ ;
+
+ if ( i ) {
+ bc.bv_len -= i;
+ AC_MEMCPY( bc.bv_val, &bc.bv_val[ i ], bc.bv_len + 1 );
+ }
+
+ bv = bc;
+ }
+
+ ber_bvarray_add( &c->rvalue_vals, &bv );
+
+ break;
+ }
+
+ case LDAP_BACK_CFG_REBIND:
+ c->value_int = LDAP_BACK_SAVECRED( li );
+ break;
+
+ case LDAP_BACK_CFG_CHASE:
+ c->value_int = LDAP_BACK_CHASE_REFERRALS( li );
+ break;
+
+ case LDAP_BACK_CFG_T_F:
+ enum_to_verb( t_f_mode, (li->li_flags & LDAP_BACK_F_T_F_MASK2), &bv );
+ if ( BER_BVISNULL( &bv ) ) {
+ /* there's something wrong... */
+ assert( 0 );
+ rc = 1;
+
+ } else {
+ value_add_one( &c->rvalue_vals, &bv );
+ }
+ break;
+
+ case LDAP_BACK_CFG_WHOAMI:
+ c->value_int = LDAP_BACK_PROXY_WHOAMI( li );
+ break;
+
+ case LDAP_BACK_CFG_TIMEOUT:
+ BER_BVZERO( &bv );
+
+ for ( i = 0; i < SLAP_OP_LAST; i++ ) {
+ if ( li->li_timeout[ i ] != 0 ) {
+ break;
+ }
+ }
+
+ if ( i == SLAP_OP_LAST ) {
+ return 1;
+ }
+
+ slap_cf_aux_table_unparse( li->li_timeout, &bv, timeout_table );
+
+ if ( BER_BVISNULL( &bv ) ) {
+ return 1;
+ }
+
+ for ( i = 0; isspace( (unsigned char) bv.bv_val[ i ] ); i++ )
+ /* count spaces */ ;
+
+ if ( i ) {
+ bv.bv_len -= i;
+ AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ],
+ bv.bv_len + 1 );
+ }
+
+ ber_bvarray_add( &c->rvalue_vals, &bv );
+ break;
+
+ case LDAP_BACK_CFG_IDLE_TIMEOUT: {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ if ( li->li_idle_timeout == 0 ) {
+ return 1;
+ }
+
+ lutil_unparse_time( buf, sizeof( buf ), li->li_idle_timeout );
+ ber_str2bv( buf, 0, 0, &bv );
+ value_add_one( &c->rvalue_vals, &bv );
+ } break;
+
+ case LDAP_BACK_CFG_CONN_TTL: {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ if ( li->li_conn_ttl == 0 ) {
+ return 1;
+ }
+
+ lutil_unparse_time( buf, sizeof( buf ), li->li_conn_ttl );
+ ber_str2bv( buf, 0, 0, &bv );
+ value_add_one( &c->rvalue_vals, &bv );
+ } break;
+
+ case LDAP_BACK_CFG_NETWORK_TIMEOUT: {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ if ( li->li_network_timeout == 0 ) {
+ return 1;
+ }
+
+ snprintf( buf, sizeof( buf ), "%ld",
+ (long)li->li_network_timeout );
+ ber_str2bv( buf, 0, 0, &bv );
+ value_add_one( &c->rvalue_vals, &bv );
+ } break;
+
+ case LDAP_BACK_CFG_VERSION:
+ if ( li->li_version == 0 ) {
+ return 1;
+ }
+
+ c->value_int = li->li_version;
+ break;
+
+ case LDAP_BACK_CFG_SINGLECONN:
+ c->value_int = LDAP_BACK_SINGLECONN( li );
+ break;
+
+ case LDAP_BACK_CFG_USETEMP:
+ c->value_int = LDAP_BACK_USE_TEMPORARIES( li );
+ break;
+
+ case LDAP_BACK_CFG_CONNPOOLMAX:
+ c->value_int = li->li_conn_priv_max;
+ break;
+
+ case LDAP_BACK_CFG_CANCEL: {
+ slap_mask_t mask = LDAP_BACK_F_CANCEL_MASK2;
+
+ if ( LDAP_BACK_CANCEL_DISCOVER( li ) ) {
+ mask &= ~LDAP_BACK_F_CANCEL_EXOP;
+ }
+ enum_to_verb( cancel_mode, (li->li_flags & mask), &bv );
+ if ( BER_BVISNULL( &bv ) ) {
+ /* there's something wrong... */
+ assert( 0 );
+ rc = 1;
+
+ } else {
+ value_add_one( &c->rvalue_vals, &bv );
+ }
+ } break;
+
+ case LDAP_BACK_CFG_QUARANTINE:
+ if ( !LDAP_BACK_QUARANTINE( li ) ) {
+ rc = 1;
+ break;
+ }
+
+ rc = slap_retry_info_unparse( &li->li_quarantine, &bv );
+ if ( rc == 0 ) {
+ ber_bvarray_add( &c->rvalue_vals, &bv );
+ }
+ break;
+
+ default:
+ /* FIXME: we need to handle all... */
+ assert( 0 );
+ break;
+ }
+ return rc;
+
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ switch( c->type ) {
+ case LDAP_BACK_CFG_URI:
+ if ( li->li_uri != NULL ) {
+ ch_free( li->li_uri );
+ li->li_uri = NULL;
+
+ assert( li->li_bvuri != NULL );
+ ber_bvarray_free( li->li_bvuri );
+ li->li_bvuri = NULL;
+ }
+
+ /* better cleanup the cached connections... */
+ /* NOTE: don't worry about locking: if we got here,
+ * other threads are suspended. */
+ if ( li->li_conninfo.lai_tree != NULL ) {
+ avl_free( li->li_conninfo.lai_tree, ldap_back_conn_free );
+ li->li_conninfo.lai_tree = NULL;
+ }
+
+ break;
+
+ case LDAP_BACK_CFG_TLS:
+ rc = 1;
+ break;
+
+ case LDAP_BACK_CFG_ACL_AUTHCDN:
+ case LDAP_BACK_CFG_ACL_PASSWD:
+ case LDAP_BACK_CFG_ACL_METHOD:
+ /* handled by LDAP_BACK_CFG_ACL_BIND */
+ rc = 1;
+ break;
+
+ case LDAP_BACK_CFG_ACL_BIND:
+ bindconf_free( &li->li_acl );
+ break;
+
+ case LDAP_BACK_CFG_IDASSERT_MODE:
+ case LDAP_BACK_CFG_IDASSERT_AUTHCDN:
+ case LDAP_BACK_CFG_IDASSERT_PASSWD:
+ case LDAP_BACK_CFG_IDASSERT_METHOD:
+ /* handled by LDAP_BACK_CFG_IDASSERT_BIND */
+ rc = 1;
+ break;
+
+ case LDAP_BACK_CFG_IDASSERT_AUTHZFROM:
+ if ( li->li_idassert_authz != NULL ) {
+ ber_bvarray_free( li->li_idassert_authz );
+ li->li_idassert_authz = NULL;
+ }
+ break;
+
+ case LDAP_BACK_CFG_IDASSERT_BIND:
+ bindconf_free( &li->li_idassert.si_bc );
+ break;
+
+ case LDAP_BACK_CFG_REBIND:
+ case LDAP_BACK_CFG_CHASE:
+ case LDAP_BACK_CFG_T_F:
+ case LDAP_BACK_CFG_WHOAMI:
+ case LDAP_BACK_CFG_CANCEL:
+ rc = 1;
+ break;
+
+ case LDAP_BACK_CFG_TIMEOUT:
+ for ( i = 0; i < SLAP_OP_LAST; i++ ) {
+ li->li_timeout[ i ] = 0;
+ }
+ break;
+
+ case LDAP_BACK_CFG_IDLE_TIMEOUT:
+ li->li_idle_timeout = 0;
+ break;
+
+ case LDAP_BACK_CFG_CONN_TTL:
+ li->li_conn_ttl = 0;
+ break;
+
+ case LDAP_BACK_CFG_NETWORK_TIMEOUT:
+ li->li_network_timeout = 0;
+ break;
+
+ case LDAP_BACK_CFG_VERSION:
+ li->li_version = 0;
+ break;
+
+ case LDAP_BACK_CFG_SINGLECONN:
+ li->li_flags &= ~LDAP_BACK_F_SINGLECONN;
+ break;
+
+ case LDAP_BACK_CFG_USETEMP:
+ li->li_flags &= ~LDAP_BACK_F_USE_TEMPORARIES;
+ break;
+
+ case LDAP_BACK_CFG_CONNPOOLMAX:
+ li->li_conn_priv_max = LDAP_BACK_CONN_PRIV_MIN;
+ break;
+
+ case LDAP_BACK_CFG_QUARANTINE:
+ if ( !LDAP_BACK_QUARANTINE( li ) ) {
+ break;
+ }
+
+ slap_retry_info_destroy( &li->li_quarantine );
+ ldap_pvt_thread_mutex_destroy( &li->li_quarantine_mutex );
+ li->li_isquarantined = 0;
+ li->li_flags &= ~LDAP_BACK_F_QUARANTINE;
+ break;
+
+ default:
+ /* FIXME: we need to handle all... */
+ assert( 0 );
+ break;
+ }
+ return rc;
+
+ }
+
+ switch( c->type ) {
+ case LDAP_BACK_CFG_URI: {
+ LDAPURLDesc *tmpludp, *lud;
+ char **urllist = NULL;
+ int urlrc = LDAP_URL_SUCCESS, i;
+
+ if ( li->li_uri != NULL ) {
+ ch_free( li->li_uri );
+ li->li_uri = NULL;
+
+ assert( li->li_bvuri != NULL );
+ ber_bvarray_free( li->li_bvuri );
+ li->li_bvuri = NULL;
+ }
+
+ /* PARANOID: DN and more are not required nor allowed */
+ urlrc = ldap_url_parselist_ext( &lud, c->argv[ 1 ], ", \t" );
+ if ( urlrc != LDAP_URL_SUCCESS ) {
+ char *why;
+
+ switch ( urlrc ) {
+ case LDAP_URL_ERR_MEM:
+ why = "no memory";
+ break;
+ case LDAP_URL_ERR_PARAM:
+ why = "parameter is bad";
+ break;
+ case LDAP_URL_ERR_BADSCHEME:
+ why = "URL doesn't begin with \"[c]ldap[si]://\"";
+ break;
+ case LDAP_URL_ERR_BADENCLOSURE:
+ why = "URL is missing trailing \">\"";
+ break;
+ case LDAP_URL_ERR_BADURL:
+ why = "URL is bad";
+ break;
+ case LDAP_URL_ERR_BADHOST:
+ why = "host/port is bad";
+ break;
+ case LDAP_URL_ERR_BADATTRS:
+ why = "bad (or missing) attributes";
+ break;
+ case LDAP_URL_ERR_BADSCOPE:
+ why = "scope string is invalid (or missing)";
+ break;
+ case LDAP_URL_ERR_BADFILTER:
+ why = "bad or missing filter";
+ break;
+ case LDAP_URL_ERR_BADEXTS:
+ why = "bad or missing extensions";
+ break;
+ default:
+ why = "unknown reason";
+ break;
+ }
+ snprintf( c->msg, sizeof( c->msg),
+ "unable to parse uri \"%s\" "
+ "in \"uri <uri>\" line: %s",
+ c->value_string, why );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ urlrc = 1;
+ goto done_url;
+ }
+
+ for ( i = 0, tmpludp = lud;
+ tmpludp;
+ i++, tmpludp = tmpludp->lud_next )
+ {
+ if ( ( tmpludp->lud_dn != NULL
+ && tmpludp->lud_dn[0] != '\0' )
+ || tmpludp->lud_attrs != NULL
+ /* || tmpludp->lud_scope != LDAP_SCOPE_DEFAULT */
+ || tmpludp->lud_filter != NULL
+ || tmpludp->lud_exts != NULL )
+ {
+ snprintf( c->msg, sizeof( c->msg ),
+ "warning, only protocol, "
+ "host and port allowed "
+ "in \"uri <uri>\" statement "
+ "for uri #%d of \"%s\"",
+ i, c->argv[ 1 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ }
+ }
+
+ for ( i = 0, tmpludp = lud;
+ tmpludp;
+ i++, tmpludp = tmpludp->lud_next )
+ /* just count */
+ ;
+ urllist = ch_calloc( sizeof( char * ), i + 1 );
+
+ for ( i = 0, tmpludp = lud;
+ tmpludp;
+ i++, tmpludp = tmpludp->lud_next )
+ {
+ LDAPURLDesc tmplud;
+
+ tmplud = *tmpludp;
+ tmplud.lud_dn = "";
+ tmplud.lud_attrs = NULL;
+ tmplud.lud_filter = NULL;
+ if ( !ldap_is_ldapi_url( tmplud.lud_scheme ) ) {
+ tmplud.lud_exts = NULL;
+ tmplud.lud_crit_exts = 0;
+ }
+
+ urllist[ i ] = ldap_url_desc2str( &tmplud );
+
+ if ( urllist[ i ] == NULL ) {
+ snprintf( c->msg, sizeof( c->msg),
+ "unable to rebuild uri "
+ "in \"uri <uri>\" statement "
+ "for \"%s\"",
+ c->argv[ 1 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ urlrc = 1;
+ goto done_url;
+ }
+ }
+
+ li->li_uri = ldap_charray2str( urllist, " " );
+ for ( i = 0; urllist[ i ] != NULL; i++ ) {
+ struct berval bv;
+
+ ber_str2bv( urllist[ i ], 0, 0, &bv );
+ ber_bvarray_add( &li->li_bvuri, &bv );
+ urllist[ i ] = NULL;
+ }
+ ldap_memfree( urllist );
+ urllist = NULL;
+
+done_url:;
+ if ( urllist ) {
+ ldap_charray_free( urllist );
+ }
+ if ( lud ) {
+ ldap_free_urllist( lud );
+ }
+ if ( urlrc != LDAP_URL_SUCCESS ) {
+ return 1;
+ }
+ break;
+ }
+
+ case LDAP_BACK_CFG_TLS:
+ i = verb_to_mask( c->argv[1], tls_mode );
+ if ( BER_BVISNULL( &tls_mode[i].word ) ) {
+ return 1;
+ }
+ li->li_flags &= ~LDAP_BACK_F_TLS_MASK;
+ li->li_flags |= tls_mode[i].mask;
+ break;
+
+ case LDAP_BACK_CFG_ACL_AUTHCDN:
+ switch ( li->li_acl_authmethod ) {
+ case LDAP_AUTH_NONE:
+ li->li_acl_authmethod = LDAP_AUTH_SIMPLE;
+ break;
+
+ case LDAP_AUTH_SIMPLE:
+ break;
+
+ default:
+ snprintf( c->msg, sizeof( c->msg),
+ "\"acl-authcDN <DN>\" incompatible "
+ "with auth method %d",
+ li->li_acl_authmethod );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ if ( !BER_BVISNULL( &li->li_acl_authcDN ) ) {
+ free( li->li_acl_authcDN.bv_val );
+ }
+ ber_memfree_x( c->value_dn.bv_val, NULL );
+ li->li_acl_authcDN = c->value_ndn;
+ BER_BVZERO( &c->value_dn );
+ BER_BVZERO( &c->value_ndn );
+ break;
+
+ case LDAP_BACK_CFG_ACL_PASSWD:
+ switch ( li->li_acl_authmethod ) {
+ case LDAP_AUTH_NONE:
+ li->li_acl_authmethod = LDAP_AUTH_SIMPLE;
+ break;
+
+ case LDAP_AUTH_SIMPLE:
+ break;
+
+ default:
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"acl-passwd <cred>\" incompatible "
+ "with auth method %d",
+ li->li_acl_authmethod );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ if ( !BER_BVISNULL( &li->li_acl_passwd ) ) {
+ free( li->li_acl_passwd.bv_val );
+ }
+ ber_str2bv( c->argv[ 1 ], 0, 1, &li->li_acl_passwd );
+ break;
+
+ case LDAP_BACK_CFG_ACL_METHOD:
+ case LDAP_BACK_CFG_ACL_BIND:
+ for ( i = 1; i < c->argc; i++ ) {
+ if ( bindconf_parse( c->argv[ i ], &li->li_acl ) ) {
+ return 1;
+ }
+ }
+ break;
+
+ case LDAP_BACK_CFG_IDASSERT_MODE:
+ i = verb_to_mask( c->argv[1], idassert_mode );
+ if ( BER_BVISNULL( &idassert_mode[i].word ) ) {
+ if ( strncasecmp( c->argv[1], "u:", STRLENOF( "u:" ) ) == 0 ) {
+ li->li_idassert_mode = LDAP_BACK_IDASSERT_OTHERID;
+ ber_str2bv( c->argv[1], 0, 1, &li->li_idassert_authzID );
+ li->li_idassert_authzID.bv_val[ 0 ] = 'u';
+
+ } else {
+ struct berval id, ndn;
+
+ ber_str2bv( c->argv[1], 0, 0, &id );
+
+ if ( strncasecmp( c->argv[1], "dn:", STRLENOF( "dn:" ) ) == 0 ) {
+ id.bv_val += STRLENOF( "dn:" );
+ id.bv_len -= STRLENOF( "dn:" );
+ }
+
+ rc = dnNormalize( 0, NULL, NULL, &id, &ndn, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: idassert ID \"%s\" is not a valid DN\n",
+ c->fname, c->lineno, c->argv[1] );
+ return 1;
+ }
+
+ li->li_idassert_authzID.bv_len = STRLENOF( "dn:" ) + ndn.bv_len;
+ li->li_idassert_authzID.bv_val = ch_malloc( li->li_idassert_authzID.bv_len + 1 );
+ AC_MEMCPY( li->li_idassert_authzID.bv_val, "dn:", STRLENOF( "dn:" ) );
+ AC_MEMCPY( &li->li_idassert_authzID.bv_val[ STRLENOF( "dn:" ) ], ndn.bv_val, ndn.bv_len + 1 );
+ ch_free( ndn.bv_val );
+
+ li->li_idassert_mode = LDAP_BACK_IDASSERT_OTHERDN;
+ }
+
+ } else {
+ li->li_idassert_mode = idassert_mode[i].mask;
+ }
+
+ if ( c->argc > 2 ) {
+ int i;
+
+ for ( i = 2; i < c->argc; i++ ) {
+ if ( strcasecmp( c->argv[ i ], "override" ) == 0 ) {
+ li->li_idassert_flags |= LDAP_BACK_AUTH_OVERRIDE;
+
+ } else if ( strcasecmp( c->argv[ i ], "prescriptive" ) == 0 ) {
+ li->li_idassert_flags |= LDAP_BACK_AUTH_PRESCRIPTIVE;
+
+ } else if ( strcasecmp( c->argv[ i ], "non-prescriptive" ) == 0 ) {
+ li->li_idassert_flags &= ( ~LDAP_BACK_AUTH_PRESCRIPTIVE );
+
+ } else if ( strcasecmp( c->argv[ i ], "obsolete-proxy-authz" ) == 0 ) {
+ if ( li->li_idassert_flags & LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"obsolete-proxy-authz\" flag "
+ "in \"idassert-mode <args>\" "
+ "incompatible with previously issued \"obsolete-encoding-workaround\" flag.\n",
+ c->fname, c->lineno, 0 );
+ return 1;
+ }
+ li->li_idassert_flags |= LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ;
+
+ } else if ( strcasecmp( c->argv[ i ], "obsolete-encoding-workaround" ) == 0 ) {
+ if ( li->li_idassert_flags & LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"obsolete-encoding-workaround\" flag "
+ "in \"idassert-mode <args>\" "
+ "incompatible with previously issued \"obsolete-proxy-authz\" flag.\n",
+ c->fname, c->lineno, 0 );
+ return 1;
+ }
+ li->li_idassert_flags |= LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unknown flag #%d "
+ "in \"idassert-mode <args> "
+ "[<flags>]\" line.\n",
+ c->fname, c->lineno, i - 2 );
+ return 1;
+ }
+ }
+ }
+ break;
+
+ case LDAP_BACK_CFG_IDASSERT_AUTHCDN:
+ switch ( li->li_idassert_authmethod ) {
+ case LDAP_AUTH_NONE:
+ li->li_idassert_authmethod = LDAP_AUTH_SIMPLE;
+ break;
+
+ case LDAP_AUTH_SIMPLE:
+ break;
+
+ default:
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"idassert-authcDN <DN>\" incompatible "
+ "with auth method %d",
+ li->li_idassert_authmethod );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ if ( !BER_BVISNULL( &li->li_idassert_authcDN ) ) {
+ free( li->li_idassert_authcDN.bv_val );
+ }
+ ber_memfree_x( c->value_dn.bv_val, NULL );
+ li->li_idassert_authcDN = c->value_ndn;
+ BER_BVZERO( &c->value_dn );
+ BER_BVZERO( &c->value_ndn );
+ break;
+
+ case LDAP_BACK_CFG_IDASSERT_PASSWD:
+ switch ( li->li_idassert_authmethod ) {
+ case LDAP_AUTH_NONE:
+ li->li_idassert_authmethod = LDAP_AUTH_SIMPLE;
+ break;
+
+ case LDAP_AUTH_SIMPLE:
+ break;
+
+ default:
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"idassert-passwd <cred>\" incompatible "
+ "with auth method %d",
+ li->li_idassert_authmethod );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ if ( !BER_BVISNULL( &li->li_idassert_passwd ) ) {
+ free( li->li_idassert_passwd.bv_val );
+ }
+ ber_str2bv( c->argv[ 1 ], 0, 1, &li->li_idassert_passwd );
+ break;
+
+ case LDAP_BACK_CFG_IDASSERT_AUTHZFROM:
+ rc = slap_idassert_authzfrom_parse( c, &li->li_idassert );
+ break;
+
+ case LDAP_BACK_CFG_IDASSERT_METHOD:
+ /* no longer supported */
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"idassert-method <args>\": "
+ "no longer supported; use \"idassert-bind\"" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+
+ case LDAP_BACK_CFG_IDASSERT_BIND:
+ rc = slap_idassert_parse( c, &li->li_idassert );
+ break;
+
+ case LDAP_BACK_CFG_REBIND:
+ if ( c->argc == 1 || c->value_int ) {
+ li->li_flags |= LDAP_BACK_F_SAVECRED;
+
+ } else {
+ li->li_flags &= ~LDAP_BACK_F_SAVECRED;
+ }
+ break;
+
+ case LDAP_BACK_CFG_CHASE:
+ if ( c->argc == 1 || c->value_int ) {
+ li->li_flags |= LDAP_BACK_F_CHASE_REFERRALS;
+
+ } else {
+ li->li_flags &= ~LDAP_BACK_F_CHASE_REFERRALS;
+ }
+ break;
+
+ case LDAP_BACK_CFG_T_F: {
+ slap_mask_t mask;
+
+ i = verb_to_mask( c->argv[1], t_f_mode );
+ if ( BER_BVISNULL( &t_f_mode[i].word ) ) {
+ return 1;
+ }
+
+ mask = t_f_mode[i].mask;
+
+ if ( LDAP_BACK_ISOPEN( li )
+ && mask == LDAP_BACK_F_T_F_DISCOVER
+ && !LDAP_BACK_T_F( li ) )
+ {
+ int rc;
+
+ if ( li->li_uri == NULL ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "need URI to discover \"cancel\" support "
+ "in \"cancel exop-discover\"" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+
+ rc = slap_discover_feature( li->li_uri, li->li_version,
+ slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
+ LDAP_FEATURE_ABSOLUTE_FILTERS );
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ mask |= LDAP_BACK_F_T_F;
+ }
+ }
+
+ li->li_flags &= ~LDAP_BACK_F_T_F_MASK2;
+ li->li_flags |= mask;
+ } break;
+
+ case LDAP_BACK_CFG_WHOAMI:
+ if ( c->argc == 1 || c->value_int ) {
+ li->li_flags |= LDAP_BACK_F_PROXY_WHOAMI;
+ load_extop( (struct berval *)&slap_EXOP_WHOAMI,
+ 0, ldap_back_exop_whoami );
+
+ } else {
+ li->li_flags &= ~LDAP_BACK_F_PROXY_WHOAMI;
+ }
+ break;
+
+ case LDAP_BACK_CFG_TIMEOUT:
+ for ( i = 1; i < c->argc; i++ ) {
+ if ( isdigit( (unsigned char) c->argv[ i ][ 0 ] ) ) {
+ int j;
+ unsigned u;
+
+ if ( lutil_atoux( &u, c->argv[ i ], 0 ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg),
+ "unable to parse timeout \"%s\"",
+ c->argv[ i ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+
+ for ( j = 0; j < SLAP_OP_LAST; j++ ) {
+ li->li_timeout[ j ] = u;
+ }
+
+ continue;
+ }
+
+ if ( slap_cf_aux_table_parse( c->argv[ i ], li->li_timeout, timeout_table, "slapd-ldap timeout" ) ) {
+ snprintf( c->msg, sizeof( c->msg),
+ "unable to parse timeout \"%s\"",
+ c->argv[ i ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ }
+ break;
+
+ case LDAP_BACK_CFG_IDLE_TIMEOUT: {
+ unsigned long t;
+
+ if ( lutil_parse_time( c->argv[ 1 ], &t ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg),
+ "unable to parse idle timeout \"%s\"",
+ c->argv[ 1 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ li->li_idle_timeout = (time_t)t;
+ } break;
+
+ case LDAP_BACK_CFG_CONN_TTL: {
+ unsigned long t;
+
+ if ( lutil_parse_time( c->argv[ 1 ], &t ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg),
+ "unable to parse conn ttl\"%s\"",
+ c->argv[ 1 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ li->li_conn_ttl = (time_t)t;
+ } break;
+
+ case LDAP_BACK_CFG_NETWORK_TIMEOUT: {
+ unsigned long t;
+
+ if ( lutil_parse_time( c->argv[ 1 ], &t ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg),
+ "unable to parse network timeout \"%s\"",
+ c->argv[ 1 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ li->li_network_timeout = (time_t)t;
+ } break;
+
+ case LDAP_BACK_CFG_VERSION:
+ if ( c->value_int != 0 && ( c->value_int < LDAP_VERSION_MIN || c->value_int > LDAP_VERSION_MAX ) ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "unsupported version \"%s\" "
+ "in \"protocol-version <version>\"",
+ c->argv[ 1 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+
+ li->li_version = c->value_int;
+ break;
+
+ case LDAP_BACK_CFG_SINGLECONN:
+ if ( c->value_int ) {
+ li->li_flags |= LDAP_BACK_F_SINGLECONN;
+
+ } else {
+ li->li_flags &= ~LDAP_BACK_F_SINGLECONN;
+ }
+ break;
+
+ case LDAP_BACK_CFG_USETEMP:
+ if ( c->value_int ) {
+ li->li_flags |= LDAP_BACK_F_USE_TEMPORARIES;
+
+ } else {
+ li->li_flags &= ~LDAP_BACK_F_USE_TEMPORARIES;
+ }
+ break;
+
+ case LDAP_BACK_CFG_CONNPOOLMAX:
+ if ( c->value_int < LDAP_BACK_CONN_PRIV_MIN
+ || c->value_int > LDAP_BACK_CONN_PRIV_MAX )
+ {
+ snprintf( c->msg, sizeof( c->msg ),
+ "invalid max size " "of privileged "
+ "connections pool \"%s\" "
+ "in \"conn-pool-max <n> "
+ "(must be between %d and %d)\"",
+ c->argv[ 1 ],
+ LDAP_BACK_CONN_PRIV_MIN,
+ LDAP_BACK_CONN_PRIV_MAX );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ li->li_conn_priv_max = c->value_int;
+ break;
+
+ case LDAP_BACK_CFG_CANCEL: {
+ slap_mask_t mask;
+
+ i = verb_to_mask( c->argv[1], cancel_mode );
+ if ( BER_BVISNULL( &cancel_mode[i].word ) ) {
+ return 1;
+ }
+
+ mask = cancel_mode[i].mask;
+
+ if ( LDAP_BACK_ISOPEN( li )
+ && mask == LDAP_BACK_F_CANCEL_EXOP_DISCOVER
+ && !LDAP_BACK_CANCEL( li ) )
+ {
+ int rc;
+
+ if ( li->li_uri == NULL ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "need URI to discover \"cancel\" support "
+ "in \"cancel exop-discover\"" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+
+ rc = slap_discover_feature( li->li_uri, li->li_version,
+ slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
+ LDAP_EXOP_CANCEL );
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ mask |= LDAP_BACK_F_CANCEL_EXOP;
+ }
+ }
+
+ li->li_flags &= ~LDAP_BACK_F_CANCEL_MASK2;
+ li->li_flags |= mask;
+ } break;
+
+ case LDAP_BACK_CFG_QUARANTINE:
+ if ( LDAP_BACK_QUARANTINE( li ) ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "quarantine already defined" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ rc = slap_retry_info_parse( c->argv[1], &li->li_quarantine,
+ c->msg, sizeof( c->msg ) );
+ if ( rc ) {
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+
+ } else {
+ ldap_pvt_thread_mutex_init( &li->li_quarantine_mutex );
+ /* give it a chance to retry if the pattern gets reset
+ * via back-config */
+ li->li_isquarantined = 0;
+ li->li_flags |= LDAP_BACK_F_QUARANTINE;
+ }
+ break;
+
+ case LDAP_BACK_CFG_REWRITE:
+ snprintf( c->msg, sizeof( c->msg ),
+ "rewrite/remap capabilities have been moved "
+ "to the \"rwm\" overlay; see slapo-rwm(5) "
+ "for details (hint: add \"overlay rwm\" "
+ "and prefix all directives with \"rwm-\")" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+
+ default:
+ /* FIXME: try to catch inconsistencies */
+ assert( 0 );
+ break;
+ }
+
+ return rc;
+}
+
+int
+ldap_back_init_cf( BackendInfo *bi )
+{
+ int rc;
+ AttributeDescription *ad = NULL;
+ const char *text;
+
+ /* Make sure we don't exceed the bits reserved for userland */
+ config_check_userland( LDAP_BACK_CFG_LAST );
+
+ bi->bi_cf_ocs = ldapocs;
+
+ rc = config_register_schema( ldapcfg, ldapocs );
+ if ( rc ) {
+ return rc;
+ }
+
+ /* setup olcDbAclPasswd and olcDbIDAssertPasswd
+ * to be base64-encoded when written in LDIF form;
+ * basically, we don't care if it fails */
+ rc = slap_str2ad( "olcDbACLPasswd", &ad, &text );
+ if ( rc ) {
+ Debug( LDAP_DEBUG_ANY, "config_back_initialize: "
+ "warning, unable to get \"olcDbACLPasswd\" "
+ "attribute description: %d: %s\n",
+ rc, text, 0 );
+ } else {
+ (void)ldif_must_b64_encode_register( ad->ad_cname.bv_val,
+ ad->ad_type->sat_oid );
+ }
+
+ ad = NULL;
+ rc = slap_str2ad( "olcDbIDAssertPasswd", &ad, &text );
+ if ( rc ) {
+ Debug( LDAP_DEBUG_ANY, "config_back_initialize: "
+ "warning, unable to get \"olcDbIDAssertPasswd\" "
+ "attribute description: %d: %s\n",
+ rc, text, 0 );
+ } else {
+ (void)ldif_must_b64_encode_register( ad->ad_cname.bv_val,
+ ad->ad_type->sat_oid );
+ }
+
+ return 0;
+}
+
+
+static int
+ldap_back_exop_whoami(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct berval *bv = NULL;
+
+ if ( op->oq_extended.rs_reqdata != NULL ) {
+ /* no request data should be provided */
+ rs->sr_text = "no request data expected";
+ return rs->sr_err = LDAP_PROTOCOL_ERROR;
+ }
+
+ Statslog( LDAP_DEBUG_STATS, "%s WHOAMI\n",
+ op->o_log_prefix, 0, 0, 0, 0 );
+
+ rs->sr_err = backend_check_restrictions( op, rs,
+ (struct berval *)&slap_EXOP_WHOAMI );
+ if( rs->sr_err != LDAP_SUCCESS ) return rs->sr_err;
+
+ /* if auth'd by back-ldap and request is proxied, forward it */
+ if ( op->o_conn->c_authz_backend
+ && !strcmp( op->o_conn->c_authz_backend->be_type, "ldap" )
+ && !dn_match( &op->o_ndn, &op->o_conn->c_ndn ) )
+ {
+ ldapconn_t *lc = NULL;
+ LDAPControl c, *ctrls[2] = {NULL, NULL};
+ LDAPMessage *res;
+ Operation op2 = *op;
+ ber_int_t msgid;
+ int doretry = 1;
+ char *ptr;
+
+ ctrls[0] = &c;
+ op2.o_ndn = op->o_conn->c_ndn;
+ if ( !ldap_back_dobind( &lc, &op2, rs, LDAP_BACK_SENDERR ) ) {
+ return -1;
+ }
+ c.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
+ c.ldctl_iscritical = 1;
+ c.ldctl_value.bv_val = op->o_tmpalloc(
+ op->o_ndn.bv_len + STRLENOF( "dn:" ) + 1,
+ op->o_tmpmemctx );
+ c.ldctl_value.bv_len = op->o_ndn.bv_len + 3;
+ ptr = c.ldctl_value.bv_val;
+ ptr = lutil_strcopy( ptr, "dn:" );
+ ptr = lutil_strncopy( ptr, op->o_ndn.bv_val, op->o_ndn.bv_len );
+ ptr[ 0 ] = '\0';
+
+retry:
+ rs->sr_err = ldap_whoami( lc->lc_ld, ctrls, NULL, &msgid );
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
+ ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER,
+ &rs->sr_err );
+ if ( rs->sr_err == LDAP_SERVER_DOWN && doretry ) {
+ doretry = 0;
+ if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ goto retry;
+ }
+ }
+
+ } else {
+ /* NOTE: are we sure "bv" will be malloc'ed
+ * with the appropriate memory? */
+ rs->sr_err = ldap_parse_whoami( lc->lc_ld, res, &bv );
+ ldap_msgfree(res);
+ }
+ }
+ op->o_tmpfree( c.ldctl_value.bv_val, op->o_tmpmemctx );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ rs->sr_err = slap_map_api2result( rs );
+ }
+
+ if ( lc != NULL ) {
+ ldap_back_release_conn( (ldapinfo_t *)op2.o_bd->be_private, lc );
+ }
+
+ } else {
+ /* else just do the same as before */
+ bv = (struct berval *) ch_malloc( sizeof( struct berval ) );
+ if ( !BER_BVISEMPTY( &op->o_dn ) ) {
+ bv->bv_len = op->o_dn.bv_len + STRLENOF( "dn:" );
+ bv->bv_val = ch_malloc( bv->bv_len + 1 );
+ AC_MEMCPY( bv->bv_val, "dn:", STRLENOF( "dn:" ) );
+ AC_MEMCPY( &bv->bv_val[ STRLENOF( "dn:" ) ], op->o_dn.bv_val,
+ op->o_dn.bv_len );
+ bv->bv_val[ bv->bv_len ] = '\0';
+
+ } else {
+ bv->bv_len = 0;
+ bv->bv_val = NULL;
+ }
+ }
+
+ rs->sr_rspdata = bv;
+ return rs->sr_err;
+}
+
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/delete.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/delete.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/delete.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,83 @@
+/* delete.c - ldap backend delete function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/delete.c,v 1.37.2.13 2007/01/17 20:57:10 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldap.h"
+
+int
+ldap_back_delete(
+ Operation *op,
+ SlapReply *rs )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+
+ ldapconn_t *lc = NULL;
+ ber_int_t msgid;
+ LDAPControl **ctrls = NULL;
+ ldap_back_send_t retrying = LDAP_BACK_RETRYING;
+ int rc = LDAP_SUCCESS;
+
+ if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ return rs->sr_err;
+ }
+
+retry:
+ ctrls = op->o_ctrls;
+ rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+ li->li_version, &li->li_idassert, op, rs, &ctrls );
+ if ( rc != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ rc = rs->sr_err;
+ goto cleanup;
+ }
+
+ rs->sr_err = ldap_delete_ext( lc->lc_ld, op->o_req_dn.bv_val,
+ ctrls, NULL, &msgid );
+ rc = ldap_back_op_result( lc, op, rs, msgid,
+ li->li_timeout[ SLAP_OP_DELETE ],
+ ( LDAP_BACK_SENDRESULT | retrying ) );
+ if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
+ retrying &= ~LDAP_BACK_RETRYING;
+ if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ /* if the identity changed, there might be need to re-authz */
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ goto retry;
+ }
+ }
+
+cleanup:
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
+ if ( lc != NULL ) {
+ ldap_back_release_conn( li, lc );
+ }
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/extended.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/extended.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/extended.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,344 @@
+/* extended.c - ldap backend extended routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/extended.c,v 1.22.2.17 2007/01/13 11:19:07 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-ldap.h"
+#include "lber_pvt.h"
+
+static BI_op_extended ldap_back_exop_passwd;
+static BI_op_extended ldap_back_exop_generic;
+
+static struct exop {
+ struct berval oid;
+ BI_op_extended *extended;
+} exop_table[] = {
+ { BER_BVC(LDAP_EXOP_MODIFY_PASSWD), ldap_back_exop_passwd },
+ { BER_BVNULL, NULL }
+};
+
+static int
+ldap_back_extended_one( Operation *op, SlapReply *rs, BI_op_extended exop )
+{
+ ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
+
+ ldapconn_t *lc = NULL;
+ LDAPControl **oldctrls = NULL;
+ int rc;
+
+ /* FIXME: this needs to be called here, so it is
+ * called twice; maybe we could avoid the
+ * ldap_back_dobind() call inside each extended()
+ * call ... */
+ if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ return -1;
+ }
+
+ oldctrls = op->o_ctrls;
+ if ( ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+ li->li_version, &li->li_idassert, op, rs, &op->o_ctrls ) )
+ {
+ op->o_ctrls = oldctrls;
+ send_ldap_extended( op, rs );
+ rs->sr_text = NULL;
+ /* otherwise frontend resends result */
+ rc = rs->sr_err = SLAPD_ABANDON;
+ goto done;
+ }
+
+ rc = exop( op, rs );
+
+ if ( op->o_ctrls && op->o_ctrls != oldctrls ) {
+ free( op->o_ctrls[ 0 ] );
+ free( op->o_ctrls );
+ }
+ op->o_ctrls = oldctrls;
+
+done:;
+ if ( lc != NULL ) {
+ ldap_back_release_conn( li, lc );
+ }
+
+ return rc;
+}
+
+int
+ldap_back_extended(
+ Operation *op,
+ SlapReply *rs )
+{
+ int i;
+
+ for ( i = 0; exop_table[i].extended != NULL; i++ ) {
+ if ( bvmatch( &exop_table[i].oid, &op->oq_extended.rs_reqoid ) )
+ {
+ return ldap_back_extended_one( op, rs, exop_table[i].extended );
+ }
+ }
+
+ /* if we get here, the exop is known; the best that we can do
+ * is pass it thru as is */
+ /* FIXME: maybe a list of OIDs to pass thru would be safer */
+ return ldap_back_extended_one( op, rs, ldap_back_exop_generic );
+}
+
+static int
+ldap_back_exop_passwd(
+ Operation *op,
+ SlapReply *rs )
+{
+ ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
+
+ ldapconn_t *lc = NULL;
+ req_pwdexop_s *qpw = &op->oq_pwdexop;
+ LDAPMessage *res;
+ ber_int_t msgid;
+ int rc, isproxy;
+ int do_retry = 1;
+ char *text = NULL;
+
+ if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ return -1;
+ }
+
+ isproxy = ber_bvcmp( &op->o_req_ndn, &op->o_ndn );
+
+ Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_passwd(\"%s\")%s\n",
+ op->o_req_dn.bv_val, isproxy ? " (proxy)" : "", 0 );
+
+retry:
+ rc = ldap_passwd( lc->lc_ld, isproxy ? &op->o_req_dn : NULL,
+ qpw->rs_old.bv_val ? &qpw->rs_old : NULL,
+ qpw->rs_new.bv_val ? &qpw->rs_new : NULL,
+ op->o_ctrls, NULL, &msgid );
+
+ if ( rc == LDAP_SUCCESS ) {
+ if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
+ ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
+ rs->sr_err = rc;
+
+ } else {
+ /* only touch when activity actually took place... */
+ if ( li->li_idle_timeout && lc ) {
+ lc->lc_time = op->o_time;
+ }
+
+ /* sigh. parse twice, because parse_passwd
+ * doesn't give us the err / match / msg info.
+ */
+ rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
+ (char **)&rs->sr_matched,
+ &text,
+ NULL, NULL, 0 );
+#ifndef LDAP_NULL_IS_NULL
+ if ( rs->sr_matched && rs->sr_matched[ 0 ] == '\0' ) {
+ free( (char *)rs->sr_matched );
+ rs->sr_matched = NULL;
+ }
+ if ( rs->sr_text && rs->sr_text[ 0 ] == '\0' ) {
+ free( (char *)rs->sr_text );
+ rs->sr_text = NULL;
+ }
+#endif /* LDAP_NULL_IS_NULL */
+
+ if ( rc == LDAP_SUCCESS ) {
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ struct berval newpw;
+
+ /* this never happens because
+ * the frontend is generating
+ * the new password, so when
+ * the passwd exop is proxied,
+ * it never delegates password
+ * generation to the remote server
+ */
+ rc = ldap_parse_passwd( lc->lc_ld, res,
+ &newpw );
+ if ( rc == LDAP_SUCCESS &&
+ !BER_BVISNULL( &newpw ) )
+ {
+ rs->sr_type = REP_EXTENDED;
+ rs->sr_rspdata = slap_passwd_return( &newpw );
+ free( newpw.bv_val );
+ }
+
+ } else {
+ rc = rs->sr_err;
+ }
+ }
+ ldap_msgfree( res );
+ }
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ rs->sr_err = slap_map_api2result( rs );
+ if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
+ do_retry = 0;
+ if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ goto retry;
+ }
+ }
+
+ if ( LDAP_BACK_QUARANTINE( li ) ) {
+ ldap_back_quarantine( op, rs );
+ }
+
+ if ( text ) rs->sr_text = text;
+ send_ldap_extended( op, rs );
+ /* otherwise frontend resends result */
+ rc = rs->sr_err = SLAPD_ABANDON;
+
+ } else if ( LDAP_BACK_QUARANTINE( li ) ) {
+ ldap_back_quarantine( op, rs );
+ }
+
+ /* these have to be freed anyway... */
+ if ( rs->sr_matched ) {
+ free( (char *)rs->sr_matched );
+ rs->sr_matched = NULL;
+ }
+
+ if ( text ) {
+ free( text );
+ rs->sr_text = NULL;
+ }
+
+ if ( lc != NULL ) {
+ ldap_back_release_conn( li, lc );
+ }
+
+ return rc;
+}
+
+static int
+ldap_back_exop_generic(
+ Operation *op,
+ SlapReply *rs )
+{
+ ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
+
+ ldapconn_t *lc = NULL;
+ LDAPMessage *res;
+ ber_int_t msgid;
+ int rc;
+ int do_retry = 1;
+ char *text = NULL;
+
+ if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ return -1;
+ }
+
+ Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_generic(%s, \"%s\")\n",
+ op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 );
+
+retry:
+ rc = ldap_extended_operation( lc->lc_ld,
+ op->ore_reqoid.bv_val, op->ore_reqdata,
+ op->o_ctrls, NULL, &msgid );
+
+ if ( rc == LDAP_SUCCESS ) {
+ if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
+ ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
+ rs->sr_err = rc;
+
+ } else {
+ /* only touch when activity actually took place... */
+ if ( li->li_idle_timeout && lc ) {
+ lc->lc_time = op->o_time;
+ }
+
+ /* sigh. parse twice, because parse_passwd
+ * doesn't give us the err / match / msg info.
+ */
+ rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
+ (char **)&rs->sr_matched,
+ &text,
+ NULL, NULL, 0 );
+#ifndef LDAP_NULL_IS_NULL
+ if ( rs->sr_matched && rs->sr_matched[ 0 ] == '\0' ) {
+ free( (char *)rs->sr_matched );
+ rs->sr_matched = NULL;
+ }
+ if ( rs->sr_text && rs->sr_text[ 0 ] == '\0' ) {
+ free( (char *)rs->sr_text );
+ rs->sr_text = NULL;
+ }
+#endif /* LDAP_NULL_IS_NULL */
+ if ( rc == LDAP_SUCCESS ) {
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ rc = ldap_parse_extended_result( lc->lc_ld, res,
+ (char **)&rs->sr_rspoid, &rs->sr_rspdata, 0 );
+ if ( rc == LDAP_SUCCESS ) {
+ rs->sr_type = REP_EXTENDED;
+ }
+
+ } else {
+ rc = rs->sr_err;
+ }
+ }
+ ldap_msgfree( res );
+ }
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ rs->sr_err = slap_map_api2result( rs );
+ if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
+ do_retry = 0;
+ if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ goto retry;
+ }
+ }
+
+ if ( LDAP_BACK_QUARANTINE( li ) ) {
+ ldap_back_quarantine( op, rs );
+ }
+
+ if ( text ) rs->sr_text = text;
+ send_ldap_extended( op, rs );
+ /* otherwise frontend resends result */
+ rc = rs->sr_err = SLAPD_ABANDON;
+
+ } else if ( LDAP_BACK_QUARANTINE( li ) ) {
+ ldap_back_quarantine( op, rs );
+ }
+
+ /* these have to be freed anyway... */
+ if ( rs->sr_matched ) {
+ free( (char *)rs->sr_matched );
+ rs->sr_matched = NULL;
+ }
+
+ if ( text ) {
+ free( text );
+ rs->sr_text = NULL;
+ }
+
+ if ( lc != NULL ) {
+ ldap_back_release_conn( li, lc );
+ }
+
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/init.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/init.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/init.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,310 @@
+/* init.c - initialize ldap backend */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/init.c,v 1.79.2.13 2007/01/05 09:47:10 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldap.h"
+
+int
+ldap_back_open( BackendInfo *bi )
+{
+ bi->bi_controls = slap_known_controls;
+ return 0;
+}
+
+int
+ldap_back_initialize( BackendInfo *bi )
+{
+ bi->bi_open = ldap_back_open;
+ bi->bi_config = 0;
+ bi->bi_close = 0;
+ bi->bi_destroy = 0;
+
+ bi->bi_db_init = ldap_back_db_init;
+ bi->bi_db_config = config_generic_wrapper;
+ bi->bi_db_open = ldap_back_db_open;
+ bi->bi_db_close = 0;
+ bi->bi_db_destroy = ldap_back_db_destroy;
+
+ bi->bi_op_bind = ldap_back_bind;
+ bi->bi_op_unbind = 0;
+ bi->bi_op_search = ldap_back_search;
+ bi->bi_op_compare = ldap_back_compare;
+ bi->bi_op_modify = ldap_back_modify;
+ bi->bi_op_modrdn = ldap_back_modrdn;
+ bi->bi_op_add = ldap_back_add;
+ bi->bi_op_delete = ldap_back_delete;
+ bi->bi_op_abandon = 0;
+
+ bi->bi_extended = ldap_back_extended;
+
+ bi->bi_chk_referrals = 0;
+ bi->bi_entry_get_rw = ldap_back_entry_get;
+
+ bi->bi_connection_init = 0;
+ bi->bi_connection_destroy = ldap_back_conn_destroy;
+
+ if ( chain_init() ) {
+ return -1;
+ }
+
+ return ldap_back_init_cf( bi );
+}
+
+int
+ldap_back_db_init( Backend *be )
+{
+ ldapinfo_t *li;
+ unsigned i;
+
+ li = (ldapinfo_t *)ch_calloc( 1, sizeof( ldapinfo_t ) );
+ if ( li == NULL ) {
+ return -1;
+ }
+
+ li->li_rebind_f = ldap_back_default_rebind;
+ ldap_pvt_thread_mutex_init( &li->li_uri_mutex );
+
+ BER_BVZERO( &li->li_acl_authcID );
+ BER_BVZERO( &li->li_acl_authcDN );
+ BER_BVZERO( &li->li_acl_passwd );
+
+ li->li_acl_authmethod = LDAP_AUTH_NONE;
+ BER_BVZERO( &li->li_acl_sasl_mech );
+ li->li_acl.sb_tls = SB_TLS_DEFAULT;
+
+ li->li_idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
+
+ BER_BVZERO( &li->li_idassert_authcID );
+ BER_BVZERO( &li->li_idassert_authcDN );
+ BER_BVZERO( &li->li_idassert_passwd );
+
+ BER_BVZERO( &li->li_idassert_authzID );
+
+ li->li_idassert_authmethod = LDAP_AUTH_NONE;
+ BER_BVZERO( &li->li_idassert_sasl_mech );
+ li->li_idassert_tls = SB_TLS_DEFAULT;
+
+ /* by default, use proxyAuthz control on each operation */
+ li->li_idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE;
+
+ li->li_idassert_authz = NULL;
+
+ /* initialize flags */
+ li->li_flags = LDAP_BACK_F_CHASE_REFERRALS;
+
+ /* initialize version */
+ li->li_version = LDAP_VERSION3;
+
+ ldap_pvt_thread_mutex_init( &li->li_conninfo.lai_mutex );
+
+ for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+ li->li_conn_priv[ i ].lic_num = 0;
+ LDAP_TAILQ_INIT( &li->li_conn_priv[ i ].lic_priv );
+ }
+ li->li_conn_priv_max = LDAP_BACK_CONN_PRIV_DEFAULT;
+
+ be->be_private = li;
+ SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_NOLASTMOD;
+
+ be->be_cf_ocs = be->bd_info->bi_cf_ocs;
+
+ return 0;
+}
+
+int
+ldap_back_db_open( BackendDB *be )
+{
+ ldapinfo_t *li = (ldapinfo_t *)be->be_private;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_back_db_open: URI=%s\n",
+ li->li_uri != NULL ? li->li_uri : "", 0, 0 );
+
+ /* by default, use proxyAuthz control on each operation */
+ switch ( li->li_idassert_mode ) {
+ case LDAP_BACK_IDASSERT_LEGACY:
+ case LDAP_BACK_IDASSERT_SELF:
+ /* however, since admin connections are pooled and shared,
+ * only static authzIDs can be native */
+ li->li_idassert_flags &= ~LDAP_BACK_AUTH_NATIVE_AUTHZ;
+ break;
+
+ default:
+ break;
+ }
+
+ if ( LDAP_BACK_T_F_DISCOVER( li ) && !LDAP_BACK_T_F( li ) ) {
+ int rc;
+
+ rc = slap_discover_feature( li->li_uri, li->li_version,
+ slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
+ LDAP_FEATURE_ABSOLUTE_FILTERS );
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ li->li_flags |= LDAP_BACK_F_T_F;
+ }
+ }
+
+ if ( LDAP_BACK_CANCEL_DISCOVER( li ) && !LDAP_BACK_CANCEL( li ) ) {
+ int rc;
+
+ rc = slap_discover_feature( li->li_uri, li->li_version,
+ slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
+ LDAP_EXOP_CANCEL );
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ li->li_flags |= LDAP_BACK_F_CANCEL_EXOP;
+ }
+ }
+
+ li->li_flags |= LDAP_BACK_F_ISOPEN;
+
+ return 0;
+}
+
+void
+ldap_back_conn_free( void *v_lc )
+{
+ ldapconn_t *lc = v_lc;
+
+ if ( lc->lc_ld != NULL ) {
+ ldap_unbind_ext( lc->lc_ld, NULL, NULL );
+ }
+ if ( !BER_BVISNULL( &lc->lc_bound_ndn ) ) {
+ ch_free( lc->lc_bound_ndn.bv_val );
+ }
+ if ( !BER_BVISNULL( &lc->lc_cred ) ) {
+ memset( lc->lc_cred.bv_val, 0, lc->lc_cred.bv_len );
+ ch_free( lc->lc_cred.bv_val );
+ }
+ if ( !BER_BVISNULL( &lc->lc_local_ndn ) ) {
+ ch_free( lc->lc_local_ndn.bv_val );
+ }
+ lc->lc_q.tqe_prev = NULL;
+ lc->lc_q.tqe_next = NULL;
+ ch_free( lc );
+}
+
+int
+ldap_back_db_destroy( Backend *be )
+{
+ if ( be->be_private ) {
+ ldapinfo_t *li = ( ldapinfo_t * )be->be_private;
+ unsigned i;
+
+ ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+
+ if ( li->li_uri != NULL ) {
+ ch_free( li->li_uri );
+ li->li_uri = NULL;
+
+ assert( li->li_bvuri != NULL );
+ ber_bvarray_free( li->li_bvuri );
+ li->li_bvuri = NULL;
+ }
+ if ( !BER_BVISNULL( &li->li_acl_authcID ) ) {
+ ch_free( li->li_acl_authcID.bv_val );
+ BER_BVZERO( &li->li_acl_authcID );
+ }
+ if ( !BER_BVISNULL( &li->li_acl_authcDN ) ) {
+ ch_free( li->li_acl_authcDN.bv_val );
+ BER_BVZERO( &li->li_acl_authcDN );
+ }
+ if ( !BER_BVISNULL( &li->li_acl_passwd ) ) {
+ ch_free( li->li_acl_passwd.bv_val );
+ BER_BVZERO( &li->li_acl_passwd );
+ }
+ if ( !BER_BVISNULL( &li->li_acl_sasl_mech ) ) {
+ ch_free( li->li_acl_sasl_mech.bv_val );
+ BER_BVZERO( &li->li_acl_sasl_mech );
+ }
+ if ( !BER_BVISNULL( &li->li_acl_sasl_realm ) ) {
+ ch_free( li->li_acl_sasl_realm.bv_val );
+ BER_BVZERO( &li->li_acl_sasl_realm );
+ }
+ if ( !BER_BVISNULL( &li->li_idassert_authcID ) ) {
+ ch_free( li->li_idassert_authcID.bv_val );
+ BER_BVZERO( &li->li_idassert_authcID );
+ }
+ if ( !BER_BVISNULL( &li->li_idassert_authcDN ) ) {
+ ch_free( li->li_idassert_authcDN.bv_val );
+ BER_BVZERO( &li->li_idassert_authcDN );
+ }
+ if ( !BER_BVISNULL( &li->li_idassert_passwd ) ) {
+ ch_free( li->li_idassert_passwd.bv_val );
+ BER_BVZERO( &li->li_idassert_passwd );
+ }
+ if ( !BER_BVISNULL( &li->li_idassert_authzID ) ) {
+ ch_free( li->li_idassert_authzID.bv_val );
+ BER_BVZERO( &li->li_idassert_authzID );
+ }
+ if ( !BER_BVISNULL( &li->li_idassert_sasl_mech ) ) {
+ ch_free( li->li_idassert_sasl_mech.bv_val );
+ BER_BVZERO( &li->li_idassert_sasl_mech );
+ }
+ if ( !BER_BVISNULL( &li->li_idassert_sasl_realm ) ) {
+ ch_free( li->li_idassert_sasl_realm.bv_val );
+ BER_BVZERO( &li->li_idassert_sasl_realm );
+ }
+ if ( li->li_idassert_authz != NULL ) {
+ ber_bvarray_free( li->li_idassert_authz );
+ li->li_idassert_authz = NULL;
+ }
+ if ( li->li_conninfo.lai_tree ) {
+ avl_free( li->li_conninfo.lai_tree, ldap_back_conn_free );
+ }
+ for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+ while ( !LDAP_TAILQ_EMPTY( &li->li_conn_priv[ i ].lic_priv ) ) {
+ ldapconn_t *lc = LDAP_TAILQ_FIRST( &li->li_conn_priv[ i ].lic_priv );
+
+ LDAP_TAILQ_REMOVE( &li->li_conn_priv[ i ].lic_priv, lc, lc_q );
+ ldap_back_conn_free( lc );
+ }
+ }
+ if ( LDAP_BACK_QUARANTINE( li ) ) {
+ slap_retry_info_destroy( &li->li_quarantine );
+ ldap_pvt_thread_mutex_destroy( &li->li_quarantine_mutex );
+ }
+
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+ ldap_pvt_thread_mutex_destroy( &li->li_conninfo.lai_mutex );
+ ldap_pvt_thread_mutex_destroy( &li->li_uri_mutex );
+ }
+
+ ch_free( be->be_private );
+
+ return 0;
+}
+
+#if SLAPD_LDAP == SLAPD_MOD_DYNAMIC
+
+/* conditionally define the init_module() function */
+SLAP_BACKEND_INIT_MODULE( ldap )
+
+#endif /* SLAPD_LDAP == SLAPD_MOD_DYNAMIC */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/modify.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/modify.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/modify.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,138 @@
+/* modify.c - ldap backend modify function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/modify.c,v 1.58.2.14 2007/01/13 11:19:07 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldap.h"
+
+int
+ldap_back_modify(
+ Operation *op,
+ SlapReply *rs )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+
+ ldapconn_t *lc = NULL;
+ LDAPMod **modv = NULL,
+ *mods = NULL;
+ Modifications *ml;
+ int i, j, rc;
+ ber_int_t msgid;
+ int isupdate;
+ ldap_back_send_t retrying = LDAP_BACK_RETRYING;
+ LDAPControl **ctrls = NULL;
+
+ if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ return rs->sr_err;
+ }
+
+ for ( i = 0, ml = op->oq_modify.rs_modlist; ml; i++, ml = ml->sml_next )
+ /* just count mods */ ;
+
+ modv = (LDAPMod **)ch_malloc( ( i + 1 )*sizeof( LDAPMod * )
+ + i*sizeof( LDAPMod ) );
+ if ( modv == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto cleanup;
+ }
+ mods = (LDAPMod *)&modv[ i + 1 ];
+
+ isupdate = be_shadow_update( op );
+ for ( i = 0, ml = op->oq_modify.rs_modlist; ml; ml = ml->sml_next ) {
+ if ( !isupdate && !get_manageDIT( op ) && ml->sml_desc->ad_type->sat_no_user_mod )
+ {
+ continue;
+ }
+
+ modv[ i ] = &mods[ i ];
+ mods[ i ].mod_op = ( ml->sml_op | LDAP_MOD_BVALUES );
+ mods[ i ].mod_type = ml->sml_desc->ad_cname.bv_val;
+
+ if ( ml->sml_values != NULL ) {
+ if ( ml->sml_values == NULL ) {
+ continue;
+ }
+
+ for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )
+ /* just count mods */ ;
+ mods[ i ].mod_bvalues =
+ (struct berval **)ch_malloc( ( j + 1 )*sizeof( struct berval * ) );
+ for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )
+ {
+ mods[ i ].mod_bvalues[ j ] = &ml->sml_values[ j ];
+ }
+ mods[ i ].mod_bvalues[ j ] = NULL;
+
+ } else {
+ mods[ i ].mod_bvalues = NULL;
+ }
+
+ i++;
+ }
+ modv[ i ] = 0;
+
+retry:;
+ ctrls = op->o_ctrls;
+ rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+ li->li_version, &li->li_idassert, op, rs, &ctrls );
+ if ( rc != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ rc = -1;
+ goto cleanup;
+ }
+
+ rs->sr_err = ldap_modify_ext( lc->lc_ld, op->o_req_dn.bv_val, modv,
+ ctrls, NULL, &msgid );
+ rc = ldap_back_op_result( lc, op, rs, msgid,
+ li->li_timeout[ SLAP_OP_MODIFY ],
+ ( LDAP_BACK_SENDRESULT | retrying ) );
+ if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
+ retrying &= ~LDAP_BACK_RETRYING;
+ if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ /* if the identity changed, there might be need to re-authz */
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ goto retry;
+ }
+ }
+
+cleanup:;
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
+ for ( i = 0; modv[ i ]; i++ ) {
+ ch_free( modv[ i ]->mod_bvalues );
+ }
+ ch_free( modv );
+
+ if ( lc != NULL ) {
+ ldap_back_release_conn( li, lc );
+ }
+
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/modrdn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/modrdn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/modrdn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,109 @@
+/* modrdn.c - ldap backend modrdn function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/modrdn.c,v 1.38.2.14 2007/01/17 20:57:10 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-ldap.h"
+
+int
+ldap_back_modrdn(
+ Operation *op,
+ SlapReply *rs )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+
+ ldapconn_t *lc = NULL;
+ ber_int_t msgid;
+ LDAPControl **ctrls = NULL;
+ ldap_back_send_t retrying = LDAP_BACK_RETRYING;
+ int rc = LDAP_SUCCESS;
+ char *newSup = NULL;
+
+ if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ return rs->sr_err;
+ }
+
+ if ( op->orr_newSup ) {
+ /* needs LDAPv3 */
+ switch ( li->li_version ) {
+ case LDAP_VERSION3:
+ break;
+
+ case 0:
+ if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) {
+ break;
+ }
+ /* fall thru */
+
+ default:
+ /* op->o_protocol cannot be anything but LDAPv3,
+ * otherwise wouldn't be here */
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ newSup = op->orr_newSup->bv_val;
+ }
+
+retry:
+ ctrls = op->o_ctrls;
+ rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+ li->li_version, &li->li_idassert, op, rs, &ctrls );
+ if ( rc != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ rc = -1;
+ goto cleanup;
+ }
+
+ rs->sr_err = ldap_rename( lc->lc_ld, op->o_req_dn.bv_val,
+ op->orr_newrdn.bv_val, newSup,
+ op->orr_deleteoldrdn, ctrls, NULL, &msgid );
+ rc = ldap_back_op_result( lc, op, rs, msgid,
+ li->li_timeout[ SLAP_OP_MODRDN ],
+ ( LDAP_BACK_SENDRESULT | retrying ) );
+ if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
+ retrying &= ~LDAP_BACK_RETRYING;
+ if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ /* if the identity changed, there might be need to re-authz */
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ goto retry;
+ }
+ }
+
+cleanup:
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
+ if ( lc != NULL ) {
+ ldap_back_release_conn( li, lc );
+ }
+
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/proto-ldap.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/proto-ldap.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/proto-ldap.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,106 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/proto-ldap.h,v 1.3.2.13 2007/01/13 11:19:07 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#ifndef PROTO_LDAP_H
+#define PROTO_LDAP_H
+
+LDAP_BEGIN_DECL
+
+extern BI_init ldap_back_initialize;
+
+extern BI_open ldap_back_open;
+extern BI_close ldap_back_close;
+extern BI_destroy ldap_back_destroy;
+
+extern BI_db_init ldap_back_db_init;
+extern BI_db_open ldap_back_db_open;
+extern BI_db_destroy ldap_back_db_destroy;
+
+extern BI_op_bind ldap_back_bind;
+extern BI_op_search ldap_back_search;
+extern BI_op_compare ldap_back_compare;
+extern BI_op_modify ldap_back_modify;
+extern BI_op_modrdn ldap_back_modrdn;
+extern BI_op_add ldap_back_add;
+extern BI_op_delete ldap_back_delete;
+extern BI_op_abandon ldap_back_abandon;
+extern BI_op_extended ldap_back_extended;
+
+extern BI_connection_destroy ldap_back_conn_destroy;
+
+extern BI_entry_get_rw ldap_back_entry_get;
+
+void ldap_back_release_conn_lock( ldapinfo_t *li, ldapconn_t **lcp, int dolock );
+#define ldap_back_release_conn(li, lc) ldap_back_release_conn_lock((li), &(lc), 1)
+int ldap_back_dobind( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok );
+int ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok );
+int ldap_back_map_result( SlapReply *rs );
+int ldap_back_op_result( ldapconn_t *lc, Operation *op, SlapReply *rs,
+ ber_int_t msgid, time_t timeout, ldap_back_send_t sendok );
+int ldap_back_cancel( ldapconn_t *lc, Operation *op, SlapReply *rs, ber_int_t msgid, ldap_back_send_t sendok );
+
+int ldap_back_init_cf( BackendInfo *bi );
+
+extern int ldap_back_conndn_cmp( const void *c1, const void *c2);
+extern int ldap_back_conn_cmp( const void *c1, const void *c2);
+extern int ldap_back_conndn_dup( void *c1, void *c2 );
+extern void ldap_back_conn_free( void *c );
+
+extern ldapconn_t * ldap_back_conn_delete( ldapinfo_t *li, ldapconn_t *lc );
+
+extern int
+ldap_back_proxy_authz_ctrl(
+ struct berval *bound_ndn,
+ int version,
+ slap_idassert_t *si,
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl ***pctrls );
+
+extern int
+ldap_back_proxy_authz_ctrl_free(
+ Operation *op,
+ LDAPControl ***pctrls );
+
+extern void
+ldap_back_quarantine(
+ Operation *op,
+ SlapReply *rs );
+
+#ifdef LDAP_BACK_PRINT_CONNTREE
+extern void
+ldap_back_print_conntree( ldapinfo_t *li, char *msg );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
+extern void slap_retry_info_destroy( slap_retry_info_t *ri );
+extern int slap_retry_info_parse( char *in, slap_retry_info_t *ri,
+ char *buf, ber_len_t buflen );
+extern int slap_retry_info_unparse( slap_retry_info_t *ri, struct berval *bvout );
+
+extern int slap_idassert_authzfrom_parse_cf( const char *fname, int lineno, const char *arg, slap_idassert_t *si );
+extern int slap_idassert_parse_cf( const char *fname, int lineno, int argc, char *argv[], slap_idassert_t *si );
+
+extern int chain_init( void );
+
+extern LDAP_REBIND_PROC ldap_back_default_rebind;
+
+LDAP_END_DECL
+
+#endif /* PROTO_LDAP_H */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/search.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/search.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/search.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,889 @@
+/* search.c - ldap backend search function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/search.c,v 1.148.2.38 2007/03/09 16:23:16 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "slap.h"
+#include "back-ldap.h"
+#undef ldap_debug /* silence a warning in ldap-int.h */
+#include "../../../libraries/libldap/ldap-int.h"
+
+#include "lutil.h"
+
+static int
+ldap_build_entry( Operation *op, LDAPMessage *e, Entry *ent,
+ struct berval *bdn );
+
+/*
+ * Quick'n'dirty rewrite of filter in case of error, to deal with
+ * <draft-zeilenga-ldap-t-f>.
+ */
+static int
+ldap_back_munge_filter(
+ Operation *op,
+ struct berval *filter )
+{
+ ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
+
+ char *ptr;
+ int gotit = 0;
+
+ Debug( LDAP_DEBUG_ARGS, "=> ldap_back_munge_filter \"%s\"\n",
+ filter->bv_val, 0, 0 );
+
+ for ( ptr = strstr( filter->bv_val, "(?=" );
+ ptr;
+ ptr = strstr( ptr, "(?=" ) )
+ {
+ static struct berval
+ bv_true = BER_BVC( "(?=true)" ),
+ bv_false = BER_BVC( "(?=false)" ),
+ bv_undefined = BER_BVC( "(?=undefined)" ),
+ bv_t = BER_BVC( "(&)" ),
+ bv_f = BER_BVC( "(|)" ),
+ bv_T = BER_BVC( "(objectClass=*)" ),
+ bv_F = BER_BVC( "(!(objectClass=*))" );
+ struct berval *oldbv = NULL,
+ *newbv = NULL,
+ oldfilter = BER_BVNULL;
+
+ if ( strncmp( ptr, bv_true.bv_val, bv_true.bv_len ) == 0 ) {
+ oldbv = &bv_true;
+ if ( LDAP_BACK_T_F( li ) ) {
+ newbv = &bv_t;
+
+ } else {
+ newbv = &bv_T;
+ }
+
+ } else if ( strncmp( ptr, bv_false.bv_val, bv_false.bv_len ) == 0 )
+ {
+ oldbv = &bv_false;
+ if ( LDAP_BACK_T_F( li ) ) {
+ newbv = &bv_f;
+
+ } else {
+ newbv = &bv_F;
+ }
+
+ } else if ( strncmp( ptr, bv_undefined.bv_val, bv_undefined.bv_len ) == 0 )
+ {
+ oldbv = &bv_undefined;
+ newbv = &bv_F;
+
+ } else {
+ gotit = 0;
+ goto done;
+ }
+
+ oldfilter = *filter;
+ if ( newbv->bv_len > oldbv->bv_len ) {
+ filter->bv_len += newbv->bv_len - oldbv->bv_len;
+ if ( filter->bv_val == op->ors_filterstr.bv_val ) {
+ filter->bv_val = op->o_tmpalloc( filter->bv_len + 1,
+ op->o_tmpmemctx );
+
+ AC_MEMCPY( filter->bv_val, op->ors_filterstr.bv_val,
+ op->ors_filterstr.bv_len + 1 );
+
+ } else {
+ filter->bv_val = op->o_tmprealloc( filter->bv_val,
+ filter->bv_len + 1, op->o_tmpmemctx );
+ }
+
+ ptr = filter->bv_val + ( ptr - oldfilter.bv_val );
+ }
+
+ AC_MEMCPY( &ptr[ newbv->bv_len ],
+ &ptr[ oldbv->bv_len ],
+ oldfilter.bv_len - ( ptr - filter->bv_val ) - oldbv->bv_len + 1 );
+ AC_MEMCPY( ptr, newbv->bv_val, newbv->bv_len );
+
+ ptr += newbv->bv_len;
+ gotit = 1;
+ }
+
+done:;
+ Debug( LDAP_DEBUG_ARGS, "<= ldap_back_munge_filter \"%s\" (%d)\n",
+ filter->bv_val, gotit, 0 );
+
+ return gotit;
+}
+
+int
+ldap_back_search(
+ Operation *op,
+ SlapReply *rs )
+{
+ ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
+
+ ldapconn_t *lc = NULL;
+ struct timeval tv;
+ time_t stoptime = (time_t)(-1);
+ LDAPMessage *res,
+ *e;
+ int rc = 0,
+ msgid;
+ struct berval match = BER_BVNULL,
+ filter = BER_BVNULL;
+ int free_filter = 0;
+ int i;
+ char **attrs = NULL;
+ int freetext = 0;
+ int do_retry = 1, dont_retry = 0;
+ LDAPControl **ctrls = NULL;
+ char **references = NULL;
+
+ /* FIXME: shouldn't this be null? */
+ const char *save_matched = rs->sr_matched;
+
+ if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ return rs->sr_err;
+ }
+
+ /*
+ * FIXME: in case of values return filter, we might want
+ * to map attrs and maybe rewrite value
+ */
+
+ /* should we check return values? */
+ if ( op->ors_deref != -1 ) {
+ ldap_set_option( lc->lc_ld, LDAP_OPT_DEREF,
+ (void *)&op->ors_deref );
+ }
+
+ if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
+ tv.tv_sec = op->ors_tlimit;
+ tv.tv_usec = 0;
+ stoptime = op->o_time + op->ors_tlimit;
+
+ } else {
+ LDAP_BACK_TV_SET( &tv );
+ }
+
+ if ( op->ors_attrs ) {
+ for ( i = 0; !BER_BVISNULL( &op->ors_attrs[i].an_name ); i++ )
+ /* just count attrs */ ;
+
+ attrs = ch_malloc( ( i + 1 )*sizeof( char * ) );
+ if ( attrs == NULL ) {
+ rs->sr_err = LDAP_NO_MEMORY;
+ rc = -1;
+ goto finish;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &op->ors_attrs[i].an_name ); i++ ) {
+ attrs[ i ] = op->ors_attrs[i].an_name.bv_val;
+ }
+ attrs[ i ] = NULL;
+ }
+
+ ctrls = op->o_ctrls;
+ rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+ li->li_version, &li->li_idassert, op, rs, &ctrls );
+ if ( rc != LDAP_SUCCESS ) {
+ goto finish;
+ }
+
+ /* deal with <draft-zeilenga-ldap-t-f> filters */
+ filter = op->ors_filterstr;
+retry:
+ rs->sr_err = ldap_search_ext( lc->lc_ld, op->o_req_dn.bv_val,
+ op->ors_scope, filter.bv_val,
+ attrs, op->ors_attrsonly, ctrls, NULL,
+ tv.tv_sec ? &tv : NULL,
+ op->ors_slimit, &msgid );
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ switch ( rs->sr_err ) {
+ case LDAP_SERVER_DOWN:
+ if ( do_retry ) {
+ do_retry = 0;
+ if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_DONTSEND ) ) {
+ goto retry;
+ }
+ }
+
+ if ( lc == NULL ) {
+ /* reset by ldap_back_retry ... */
+ rs->sr_err = slap_map_api2result( rs );
+
+ } else {
+ rc = ldap_back_op_result( lc, op, rs, msgid, 0, LDAP_BACK_DONTSEND );
+ }
+
+ goto finish;
+
+ case LDAP_FILTER_ERROR:
+ if ( ldap_back_munge_filter( op, &filter ) ) {
+ free_filter = 1;
+ goto retry;
+ }
+
+ /* invalid filters return success with no data */
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ goto finish;
+
+ default:
+ rs->sr_err = slap_map_api2result( rs );
+ rs->sr_text = NULL;
+ goto finish;
+ }
+ }
+
+ /* if needed, initialize timeout */
+ if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
+ if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
+ tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
+ tv.tv_usec = 0;
+ }
+ }
+
+ /* We pull apart the ber result, stuff it into a slapd entry, and
+ * let send_search_entry stuff it back into ber format. Slow & ugly,
+ * but this is necessary for version matching, and for ACL processing.
+ */
+
+ for ( rc = -2; rc != -1; rc = ldap_result( lc->lc_ld, msgid, LDAP_MSG_ONE, &tv, &res ) )
+ {
+ /* check for abandon */
+ if ( op->o_abandon || LDAP_BACK_CONN_ABANDON( lc ) ) {
+ if ( rc > 0 ) {
+ ldap_msgfree( res );
+ }
+ (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
+ rc = SLAPD_ABANDON;
+ goto finish;
+ }
+
+ if ( rc == 0 || rc == -2 ) {
+ ldap_pvt_thread_yield();
+
+ /* check timeout */
+ if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
+ if ( rc == 0 ) {
+ (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
+ rs->sr_text = "Operation timed out";
+ rc = rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
+ LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
+ goto finish;
+ }
+
+ } else {
+ LDAP_BACK_TV_SET( &tv );
+ }
+
+ /* check time limit */
+ if ( op->ors_tlimit != SLAP_NO_LIMIT
+ && slap_get_time() > stoptime )
+ {
+ (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
+ rc = rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
+ goto finish;
+ }
+ continue;
+
+ } else {
+ /* only touch when activity actually took place... */
+ if ( li->li_idle_timeout && lc ) {
+ lc->lc_time = op->o_time;
+ }
+
+ /* don't retry any more */
+ dont_retry = 1;
+ }
+
+
+ if ( rc == LDAP_RES_SEARCH_ENTRY ) {
+ Entry ent = { 0 };
+ struct berval bdn = BER_BVNULL;
+
+ do_retry = 0;
+
+ e = ldap_first_entry( lc->lc_ld, res );
+ rc = ldap_build_entry( op, e, &ent, &bdn );
+ if ( rc == LDAP_SUCCESS ) {
+ rs->sr_entry = &ent;
+ rs->sr_attrs = op->ors_attrs;
+ rs->sr_operational_attrs = NULL;
+ rs->sr_flags = 0;
+ rs->sr_err = LDAP_SUCCESS;
+ rc = rs->sr_err = send_search_entry( op, rs );
+ if ( !BER_BVISNULL( &ent.e_name ) ) {
+ assert( ent.e_name.bv_val != bdn.bv_val );
+ op->o_tmpfree( ent.e_name.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &ent.e_name );
+ }
+ if ( !BER_BVISNULL( &ent.e_nname ) ) {
+ op->o_tmpfree( ent.e_nname.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &ent.e_nname );
+ }
+ entry_clean( &ent );
+ }
+ ldap_msgfree( res );
+ if ( rc != LDAP_SUCCESS ) {
+ if ( rc == LDAP_UNAVAILABLE ) {
+ rc = rs->sr_err = LDAP_OTHER;
+ } else {
+ (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
+ }
+ goto finish;
+ }
+
+ } else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
+ do_retry = 0;
+ rc = ldap_parse_reference( lc->lc_ld, res,
+ &references, &rs->sr_ctrls, 1 );
+
+ if ( rc != LDAP_SUCCESS ) {
+ continue;
+ }
+
+ /* FIXME: there MUST be at least one */
+ if ( references && references[ 0 ] && references[ 0 ][ 0 ] ) {
+ int cnt;
+
+ for ( cnt = 0; references[ cnt ]; cnt++ )
+ /* NO OP */ ;
+
+ /* FIXME: there MUST be at least one */
+ rs->sr_ref = op->o_tmpalloc( ( cnt + 1 ) * sizeof( struct berval ),
+ op->o_tmpmemctx );
+
+ for ( cnt = 0; references[ cnt ]; cnt++ ) {
+ ber_str2bv( references[ cnt ], 0, 0, &rs->sr_ref[ cnt ] );
+ }
+ BER_BVZERO( &rs->sr_ref[ cnt ] );
+
+ /* ignore return value by now */
+ ( void )send_search_reference( op, rs );
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s ldap_back_search: "
+ "got SEARCH_REFERENCE "
+ "with no referrals\n",
+ op->o_log_prefix, 0, 0 );
+ }
+
+ /* cleanup */
+ if ( references ) {
+ ber_memvfree( (void **)references );
+ op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
+ rs->sr_ref = NULL;
+ references = NULL;
+ }
+
+ if ( rs->sr_ctrls ) {
+ ldap_controls_free( rs->sr_ctrls );
+ rs->sr_ctrls = NULL;
+ }
+
+ } else {
+ char *err = NULL;
+
+ rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
+ &match.bv_val, &err,
+ &references, &rs->sr_ctrls, 1 );
+ if ( rc != LDAP_SUCCESS ) {
+ rs->sr_err = rc;
+ }
+ rs->sr_err = slap_map_api2result( rs );
+ if ( err ) {
+ rs->sr_text = err;
+ freetext = 1;
+ }
+
+ /* RFC 4511: referrals can only appear
+ * if result code is LDAP_REFERRAL */
+ if ( references
+ && references[ 0 ]
+ && references[ 0 ][ 0 ] )
+ {
+ if ( rs->sr_err != LDAP_REFERRAL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s ldap_back_search: "
+ "got referrals with err=%d\n",
+ op->o_log_prefix,
+ rs->sr_err, 0 );
+
+ } else {
+ int cnt;
+
+ for ( cnt = 0; references[ cnt ]; cnt++ )
+ /* NO OP */ ;
+
+ rs->sr_ref = op->o_tmpalloc( ( cnt + 1 ) * sizeof( struct berval ),
+ op->o_tmpmemctx );
+
+ for ( cnt = 0; references[ cnt ]; cnt++ ) {
+ /* duplicating ...*/
+ ber_str2bv( references[ cnt ], 0, 0, &rs->sr_ref[ cnt ] );
+ }
+ BER_BVZERO( &rs->sr_ref[ cnt ] );
+ }
+
+ } else if ( rs->sr_err == LDAP_REFERRAL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s ldap_back_search: "
+ "got err=%d with null "
+ "or empty referrals\n",
+ op->o_log_prefix,
+ rs->sr_err, 0 );
+
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ }
+
+ if ( match.bv_val != NULL ) {
+#ifndef LDAP_NULL_IS_NULL
+ if ( match.bv_val[ 0 ] == '\0' ) {
+ LDAP_FREE( match.bv_val );
+ BER_BVZERO( &match );
+ } else
+#endif /* LDAP_NULL_IS_NULL */
+ {
+ match.bv_len = strlen( match.bv_val );
+ }
+ }
+#ifndef LDAP_NULL_IS_NULL
+ if ( rs->sr_text != NULL && rs->sr_text[ 0 ] == '\0' ) {
+ LDAP_FREE( (char *)rs->sr_text );
+ rs->sr_text = NULL;
+ }
+#endif /* LDAP_NULL_IS_NULL */
+
+ rc = 0;
+ break;
+ }
+
+ /* if needed, restore timeout */
+ if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
+ if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
+ tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
+ tv.tv_usec = 0;
+ }
+ }
+ }
+
+ if ( rc == -1 && dont_retry == 0 ) {
+ if ( do_retry ) {
+ do_retry = 0;
+ if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_DONTSEND ) ) {
+ goto retry;
+ }
+ }
+ rs->sr_err = LDAP_SERVER_DOWN;
+ rs->sr_err = slap_map_api2result( rs );
+ goto finish;
+ }
+
+ /*
+ * Rewrite the matched portion of the search base, if required
+ */
+ if ( !BER_BVISNULL( &match ) && !BER_BVISEMPTY( &match ) ) {
+ struct berval pmatch;
+
+ if ( dnPretty( NULL, &match, &pmatch, op->o_tmpmemctx ) == LDAP_SUCCESS ) {
+ rs->sr_matched = pmatch.bv_val;
+ LDAP_FREE( match.bv_val );
+
+ } else {
+ rs->sr_matched = match.bv_val;
+ }
+ }
+
+ if ( rs->sr_v2ref ) {
+ rs->sr_err = LDAP_REFERRAL;
+ }
+
+finish:;
+ if ( LDAP_BACK_QUARANTINE( li ) ) {
+ ldap_back_quarantine( op, rs );
+ }
+
+#if 0
+ /* let send_ldap_result play cleanup handlers (ITS#4645) */
+ if ( rc != SLAPD_ABANDON )
+#endif
+ {
+ send_ldap_result( op, rs );
+ }
+
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
+ if ( rs->sr_ctrls ) {
+ ldap_controls_free( rs->sr_ctrls );
+ rs->sr_ctrls = NULL;
+ }
+
+ if ( rs->sr_matched != NULL && rs->sr_matched != save_matched ) {
+ if ( rs->sr_matched != match.bv_val ) {
+ ber_memfree_x( (char *)rs->sr_matched, op->o_tmpmemctx );
+
+ } else {
+ LDAP_FREE( match.bv_val );
+ }
+ rs->sr_matched = save_matched;
+ }
+
+ if ( free_filter ) {
+ op->o_tmpfree( filter.bv_val, op->o_tmpmemctx );
+ }
+
+ if ( rs->sr_text ) {
+ if ( freetext ) {
+ LDAP_FREE( (char *)rs->sr_text );
+ }
+ rs->sr_text = NULL;
+ }
+
+ if ( rs->sr_ref ) {
+ op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
+ rs->sr_ref = NULL;
+ }
+
+ if ( references ) {
+ ber_memvfree( (void **)references );
+ }
+
+ if ( attrs ) {
+ ch_free( attrs );
+ }
+
+ if ( lc != NULL ) {
+ ldap_back_release_conn( li, lc );
+ }
+
+ return rs->sr_err;
+}
+
+static int
+ldap_build_entry(
+ Operation *op,
+ LDAPMessage *e,
+ Entry *ent,
+ struct berval *bdn )
+{
+ struct berval a;
+ BerElement ber = *e->lm_ber;
+ Attribute *attr, **attrp;
+ const char *text;
+ int last;
+
+ /* safe assumptions ... */
+ assert( ent != NULL );
+ BER_BVZERO( &ent->e_bv );
+
+ if ( ber_scanf( &ber, "{m{", bdn ) == LBER_ERROR ) {
+ return LDAP_DECODING_ERROR;
+ }
+
+ /*
+ * Note: this may fail if the target host(s) schema differs
+ * from the one known to the meta, and a DN with unknown
+ * attributes is returned.
+ *
+ * FIXME: should we log anything, or delegate to dnNormalize?
+ */
+ /* Note: if the distinguished values or the naming attributes
+ * change, should we massage them as well?
+ */
+ if ( dnPrettyNormal( NULL, bdn, &ent->e_name, &ent->e_nname,
+ op->o_tmpmemctx ) != LDAP_SUCCESS )
+ {
+ return LDAP_INVALID_DN_SYNTAX;
+ }
+
+ attrp = &ent->e_attrs;
+
+ while ( ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
+ int i;
+ slap_syntax_validate_func *validate;
+ slap_syntax_transform_func *pretty;
+
+ attr = (Attribute *)ch_malloc( sizeof( Attribute ) );
+ if ( attr == NULL ) {
+ continue;
+ }
+ attr->a_flags = 0;
+ attr->a_next = 0;
+ attr->a_desc = NULL;
+ if ( slap_bv2ad( &a, &attr->a_desc, &text )
+ != LDAP_SUCCESS )
+ {
+ if ( slap_bv2undef_ad( &a, &attr->a_desc, &text,
+ SLAP_AD_PROXIED ) != LDAP_SUCCESS )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "%s ldap_build_entry: "
+ "slap_bv2undef_ad(%s): %s\n",
+ op->o_log_prefix, a.bv_val, text );
+ ch_free( attr );
+ continue;
+ }
+ }
+
+ /* no subschemaSubentry */
+ if ( attr->a_desc == slap_schema.si_ad_subschemaSubentry
+ || attr->a_desc == slap_schema.si_ad_entryDN )
+ {
+
+ /*
+ * We eat target's subschemaSubentry because
+ * a search for this value is likely not
+ * to resolve to the appropriate backend;
+ * later, the local subschemaSubentry is
+ * added.
+ *
+ * We also eat entryDN because the frontend
+ * will reattach it without checking if already
+ * present...
+ */
+ ( void )ber_scanf( &ber, "x" /* [W] */ );
+
+ ch_free( attr );
+ continue;
+ }
+
+ if ( ber_scanf( &ber, "[W]", &attr->a_vals ) == LBER_ERROR
+ || attr->a_vals == NULL )
+ {
+ /*
+ * Note: attr->a_vals can be null when using
+ * values result filter
+ */
+ attr->a_vals = (struct berval *)&slap_dummy_bv;
+ last = 0;
+
+ } else {
+ for ( last = 0; !BER_BVISNULL( &attr->a_vals[ last ] ); last++ )
+ /* just count vals */ ;
+ }
+
+ validate = attr->a_desc->ad_type->sat_syntax->ssyn_validate;
+ pretty = attr->a_desc->ad_type->sat_syntax->ssyn_pretty;
+
+ if ( !validate && !pretty ) {
+ attr->a_nvals = NULL;
+ attr_free( attr );
+ goto next_attr;
+ }
+
+ for ( i = 0; i < last; i++ ) {
+ struct berval pval;
+ int rc;
+
+ if ( pretty ) {
+ rc = pretty( attr->a_desc->ad_type->sat_syntax,
+ &attr->a_vals[i], &pval, NULL );
+
+ } else {
+ rc = validate( attr->a_desc->ad_type->sat_syntax,
+ &attr->a_vals[i] );
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ /* check if, by chance, it's an undefined objectClass */
+ if ( attr->a_desc == slap_schema.si_ad_objectClass &&
+ oc_bvfind_undef( &attr->a_vals[i] ) != NULL )
+ {
+ ber_dupbv( &pval, &attr->a_vals[i] );
+
+ } else {
+ attr->a_nvals = NULL;
+ attr_free( attr );
+ goto next_attr;
+ }
+ }
+
+ if ( pretty ) {
+ LBER_FREE( attr->a_vals[i].bv_val );
+ attr->a_vals[i] = pval;
+ }
+ }
+
+ if ( last && attr->a_desc->ad_type->sat_equality &&
+ attr->a_desc->ad_type->sat_equality->smr_normalize )
+ {
+ attr->a_nvals = ch_malloc( ( last + 1 )*sizeof( struct berval ) );
+ for ( i = 0; i < last; i++ ) {
+ int rc;
+
+ /*
+ * check that each value is valid per syntax
+ * and pretty if appropriate
+ */
+ rc = attr->a_desc->ad_type->sat_equality->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ attr->a_desc->ad_type->sat_syntax,
+ attr->a_desc->ad_type->sat_equality,
+ &attr->a_vals[i], &attr->a_nvals[i],
+ NULL );
+
+ if ( rc != LDAP_SUCCESS ) {
+ BER_BVZERO( &attr->a_nvals[i] );
+ ch_free( attr );
+ goto next_attr;
+ }
+ }
+ BER_BVZERO( &attr->a_nvals[i] );
+
+ } else {
+ attr->a_nvals = attr->a_vals;
+ }
+ *attrp = attr;
+ attrp = &attr->a_next;
+
+next_attr:;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/* return 0 IFF we can retrieve the entry with ndn
+ */
+int
+ldap_back_entry_get(
+ Operation *op,
+ struct berval *ndn,
+ ObjectClass *oc,
+ AttributeDescription *at,
+ int rw,
+ Entry **ent )
+{
+ ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
+
+ ldapconn_t *lc = NULL;
+ int rc = 1,
+ do_not_cache;
+ struct berval bdn;
+ LDAPMessage *result = NULL,
+ *e = NULL;
+ char *attr[3], **attrp = NULL;
+ char *filter = NULL;
+ SlapReply rs;
+ int do_retry = 1;
+ LDAPControl **ctrls = NULL;
+
+ *ent = NULL;
+
+ /* Tell getconn this is a privileged op */
+ do_not_cache = op->o_do_not_cache;
+ op->o_do_not_cache = 1;
+ if ( !ldap_back_dobind( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
+ op->o_do_not_cache = do_not_cache;
+ return rs.sr_err;
+ }
+ op->o_do_not_cache = do_not_cache;
+
+ if ( at ) {
+ attrp = attr;
+ if ( oc && at != slap_schema.si_ad_objectClass ) {
+ attr[0] = slap_schema.si_ad_objectClass->ad_cname.bv_val;
+ attr[1] = at->ad_cname.bv_val;
+ attr[2] = NULL;
+
+ } else {
+ attr[0] = at->ad_cname.bv_val;
+ attr[1] = NULL;
+ }
+ }
+
+ if ( oc ) {
+ char *ptr;
+
+ filter = ch_malloc( STRLENOF( "(objectclass=)" )
+ + oc->soc_cname.bv_len + 1 );
+ ptr = lutil_strcopy( filter, "(objectclass=" );
+ ptr = lutil_strcopy( ptr, oc->soc_cname.bv_val );
+ *ptr++ = ')';
+ *ptr++ = '\0';
+ }
+
+retry:
+ ctrls = op->o_ctrls;
+ rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+ li->li_version, &li->li_idassert, op, &rs, &ctrls );
+ if ( rc != LDAP_SUCCESS ) {
+ goto cleanup;
+ }
+
+ rc = ldap_search_ext_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
+ attrp, 0, ctrls, NULL,
+ NULL, LDAP_NO_LIMIT, &result );
+ if ( rc != LDAP_SUCCESS ) {
+ if ( rc == LDAP_SERVER_DOWN && do_retry ) {
+ do_retry = 0;
+ if ( ldap_back_retry( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
+ /* if the identity changed, there might be need to re-authz */
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ goto retry;
+ }
+ }
+ goto cleanup;
+ }
+
+ e = ldap_first_entry( lc->lc_ld, result );
+ if ( e == NULL ) {
+ /* the entry exists, but it doesn't match the filter? */
+ goto cleanup;
+ }
+
+ *ent = ch_calloc( 1, sizeof( Entry ) );
+ if ( *ent == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto cleanup;
+ }
+
+ rc = ldap_build_entry( op, e, *ent, &bdn );
+
+ if ( rc != LDAP_SUCCESS ) {
+ entry_free( *ent );
+ *ent = NULL;
+ }
+
+cleanup:
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
+ if ( result ) {
+ ldap_msgfree( result );
+ }
+
+ if ( filter ) {
+ ch_free( filter );
+ }
+
+ if ( lc != NULL ) {
+ ldap_back_release_conn( li, lc );
+ }
+
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/unbind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/unbind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldap/unbind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,78 @@
+/* unbind.c - ldap backend unbind function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/unbind.c,v 1.24.2.10 2007/01/17 23:03:20 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-ldap.h"
+
+int
+ldap_back_conn_destroy(
+ Backend *be,
+ Connection *conn
+)
+{
+ ldapinfo_t *li = (ldapinfo_t *) be->be_private;
+ ldapconn_t *lc = NULL, lc_curr;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "=>ldap_back_conn_destroy: fetching conn %ld\n",
+ conn->c_connid, 0, 0 );
+
+ lc_curr.lc_conn = conn;
+
+ ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+#if LDAP_BACK_PRINT_CONNTREE > 0
+ ldap_back_print_conntree( li, ">>> ldap_back_conn_destroy" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+ while ( ( lc = avl_delete( &li->li_conninfo.lai_tree, (caddr_t)&lc_curr, ldap_back_conn_cmp ) ) != NULL )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "=>ldap_back_conn_destroy: destroying conn %ld "
+ "refcnt=%d flags=0x%08x\n",
+ LDAP_BACK_PCONN_ID( lc ),
+ lc->lc_refcnt, lc->lc_lcflags );
+
+ if ( lc->lc_refcnt > 0 ) {
+ /* someone else might be accessing the connection;
+ * mark for deletion */
+ LDAP_BACK_CONN_CACHED_CLEAR( lc );
+ LDAP_BACK_CONN_TAINTED_SET( lc );
+
+ } else {
+ ldap_back_conn_free( lc );
+ }
+ }
+#if LDAP_BACK_PRINT_CONNTREE > 0
+ ldap_back_print_conntree( li, "<<< ldap_back_conn_destroy" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,54 @@
+# Makefile.in for back-ldbm
+# $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/Makefile.in,v 1.39.2.3 2007/01/02 21:44:02 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SRCS = idl.c add.c search.c cache.c dbcache.c dn2id.c entry.c \
+ id2entry.c index.c id2children.c nextid.c \
+ compare.c modify.c modrdn.c delete.c init.c \
+ config.c bind.c attr.c filterindex.c close.c \
+ alias.c tools.c key.c extended.c \
+ referral.c operational.c ldbm.c
+OBJS = idl.lo add.lo search.lo cache.lo dbcache.lo dn2id.lo entry.lo \
+ id2entry.lo index.lo id2children.lo nextid.lo \
+ compare.lo modify.lo modrdn.lo delete.lo init.lo \
+ config.lo bind.lo attr.lo filterindex.lo close.lo \
+ alias.lo tools.lo key.lo extended.lo \
+ referral.lo operational.lo ldbm.lo
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-ldbm"
+BUILD_MOD = @BUILD_LDBM@
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(@BUILD_LDBM at _DEFS)
+MOD_LIBS = $(LDBM_LIBS)
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+
+LIBBASE = back_ldbm
+
+XINCPATH = -I.. -I$(srcdir)/..
+XDEFS = $(MODULES_CPPFLAGS)
+XXSRCS = $(@BUILD_LDBM at _SRCS)
+
+all-local-lib: ../.backend
+
+../.backend: lib$(LIBBASE).a
+ @touch $@
+
+depend-common: $(XXSRCS)
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/add.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/add.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/add.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,352 @@
+/* add.c - ldap ldbm back-end add routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/add.c,v 1.92.2.8 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
+
+static int
+ldbm_csn_cb(
+ Operation *op,
+ SlapReply *rs )
+{
+ op->o_callback = op->o_callback->sc_next;
+ slap_graduate_commit_csn( op );
+ return SLAP_CB_CONTINUE;
+}
+
+int
+ldbm_back_add(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
+ struct berval pdn;
+ Entry *p = NULL;
+ ID id = NOID;
+ AttributeDescription *children = slap_schema.si_ad_children;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
+ char textbuf[SLAP_TEXT_BUFLEN];
+ size_t textlen = sizeof textbuf;
+ slap_callback cb = { NULL };
+#ifdef LDBM_SUBENTRIES
+ int subentry;
+#endif
+
+ Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_add: %s\n",
+ op->o_req_dn.bv_val, 0, 0);
+
+ rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "entry failed op attrs add: %s (%d)\n",
+ rs->sr_text, rs->sr_err, 0 );
+ goto return_results;
+ }
+
+ cb.sc_cleanup = ldbm_csn_cb;
+ cb.sc_next = op->o_callback;
+ op->o_callback = &cb;
+
+ rs->sr_err = entry_schema_check( op, op->oq_add.rs_e, NULL,
+ get_manageDIT(op), &rs->sr_text, textbuf, textlen );
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "entry failed schema check: %s\n",
+ rs->sr_text, 0, 0 );
+
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ }
+ rs->sr_text = NULL;
+
+#ifdef LDBM_SUBENTRIES
+ subentry = is_entry_subentry( op->oq_add.rs_e );
+#endif
+
+ if ( !access_allowed( op, op->oq_add.rs_e,
+ entry, NULL, ACL_WADD, NULL ) )
+ {
+ Debug( LDAP_DEBUG_TRACE, "no write access to entry\n", 0,
+ 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
+ "no write access to entry" );
+
+ return LDAP_INSUFFICIENT_ACCESS;
+ }
+
+ /* grab giant lock for writing */
+ ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
+
+ rs->sr_err = dn2id( op->o_bd, &op->o_req_ndn, &id );
+ if ( rs->sr_err || id != NOID ) {
+ /* if (rs->sr_err) something bad happened to ldbm cache */
+ ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+ rs->sr_err = rs->sr_err ? LDAP_OTHER : LDAP_ALREADY_EXISTS;
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ }
+
+ /*
+ * Get the parent dn and see if the corresponding entry exists.
+ * If the parent does not exist, only allow the "root" user to
+ * add the entry.
+ */
+
+ if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
+ pdn = slap_empty_bv;
+ } else {
+ dnParent( &op->o_req_ndn, &pdn );
+ }
+
+ if( pdn.bv_len ) {
+ Entry *matched = NULL;
+
+ /* get parent with writer lock */
+ if ( (p = dn2entry_w( op->o_bd, &pdn, &matched )) == NULL ) {
+ if ( matched != NULL ) {
+ rs->sr_matched = ch_strdup( matched->e_dn );
+ rs->sr_ref = is_entry_referral( matched )
+ ? get_entry_referrals( op, matched )
+ : NULL;
+ cache_return_entry_r( &li->li_cache, matched );
+
+ } else {
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ }
+
+ ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+
+ Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
+ 0, 0, 0 );
+
+ rs->sr_text = rs->sr_ref
+ ? "parent is referral" : "parent does not exist";
+ rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+
+ ber_bvarray_free( rs->sr_ref );
+ free( (char *)rs->sr_matched );
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+ return rs->sr_err;
+ }
+
+ if ( ! access_allowed( op, p, children, NULL, ACL_WADD, NULL ) ) {
+ /* free parent and writer lock */
+ cache_return_entry_w( &li->li_cache, p );
+ ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+
+ Debug( LDAP_DEBUG_TRACE, "no write access to parent\n", 0,
+ 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
+ "no write access to parent" );
+
+ return LDAP_INSUFFICIENT_ACCESS;
+ }
+
+#ifdef LDBM_SUBENTRIES
+ if ( is_entry_subentry( p )) {
+ Debug( LDAP_DEBUG_TRACE, "bdb_add: parent is subentry\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
+ rs->sr_text = "parent is a subentry";
+ goto return_results;
+ }
+#endif
+
+ if ( is_entry_alias( p ) ) {
+ /* parent is an alias, don't allow add */
+
+ /* free parent and writer lock */
+ cache_return_entry_w( &li->li_cache, p );
+ ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+
+ Debug( LDAP_DEBUG_TRACE, "parent is alias\n", 0,
+ 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
+ "parent is an alias" );
+
+ return LDAP_ALIAS_PROBLEM;
+ }
+
+ if ( is_entry_referral( p ) ) {
+ /* parent is a referral, don't allow add */
+ rs->sr_matched = ch_strdup( p->e_dn );
+ rs->sr_ref = is_entry_referral( p )
+ ? get_entry_referrals( op, p )
+ : NULL;
+
+ /* free parent and writer lock */
+ cache_return_entry_w( &li->li_cache, p );
+ ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+
+ Debug( LDAP_DEBUG_TRACE, "parent is referral\n", 0,
+ 0, 0 );
+ rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+
+ ber_bvarray_free( rs->sr_ref );
+ free( (char *)rs->sr_matched );
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+ return rs->sr_err;
+ }
+
+#ifdef LDBM_SUBENTRIES
+ if ( subentry ) {
+ /* FIXME: */
+ /* parent must be an administrative point of the required kind */
+ }
+#endif
+
+ } else {
+ assert( pdn.bv_val == NULL || *pdn.bv_val == '\0' );
+
+ if (( !be_isroot(op) && !be_shadow_update(op) )
+ && !is_entry_glue( op->oq_add.rs_e ))
+ {
+ ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+
+ Debug( LDAP_DEBUG_TRACE, "%s add denied\n",
+ pdn.bv_val == NULL ? "suffix" : "entry at root", 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_NO_SUCH_OBJECT, NULL );
+ return LDAP_NO_SUCH_OBJECT;
+ }
+ }
+
+ if ( next_id( op->o_bd, &op->oq_add.rs_e->e_id ) ) {
+ if( p != NULL) {
+ /* free parent and writer lock */
+ cache_return_entry_w( &li->li_cache, p );
+ }
+
+ ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+
+ Debug( LDAP_DEBUG_ANY, "ldbm_add: next_id failed\n",
+ 0, 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "next_id add failed" );
+
+ return LDAP_OTHER;
+ }
+
+ /*
+ * Try to add the entry to the cache, assign it a new dnid.
+ */
+ rs->sr_err = cache_add_entry_rw( &li->li_cache, op->oq_add.rs_e,
+ CACHE_WRITE_LOCK );
+
+ if ( rs->sr_err != 0 ) {
+ if( p != NULL) {
+ /* free parent and writer lock */
+ cache_return_entry_w( &li->li_cache, p );
+ }
+
+ ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+
+ Debug( LDAP_DEBUG_ANY, "cache_add_entry_lock failed\n", 0, 0,
+ 0 );
+
+ rs->sr_text = rs->sr_err > 0 ? NULL : "cache add failed";
+ rs->sr_err = rs->sr_err > 0 ? LDAP_ALREADY_EXISTS : LDAP_OTHER;
+ send_ldap_result( op, rs );
+
+ return rs->sr_err;
+ }
+
+ rs->sr_err = -1;
+
+ /* attribute indexes */
+ if ( index_entry_add( op, op->oq_add.rs_e ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "index_entry_add failed\n", 0,
+ 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "index generation failed" );
+
+ goto return_results;
+ }
+
+ /* dn2id index */
+ if ( dn2id_add( op->o_bd, &op->oq_add.rs_e->e_nname,
+ op->oq_add.rs_e->e_id ) != 0 )
+ {
+ Debug( LDAP_DEBUG_TRACE, "dn2id_add failed\n", 0,
+ 0, 0 );
+ /* FIXME: delete attr indices? */
+
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "DN index generation failed" );
+
+ goto return_results;
+ }
+
+ /* id2entry index */
+ if ( id2entry_add( op->o_bd, op->oq_add.rs_e ) != 0 ) {
+ Debug( LDAP_DEBUG_TRACE, "id2entry_add failed\n", 0,
+ 0, 0 );
+
+ /* FIXME: delete attr indices? */
+ (void) dn2id_delete( op->o_bd, &op->oq_add.rs_e->e_nname,
+ op->oq_add.rs_e->e_id );
+
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "entry store failed" );
+
+ goto return_results;
+ }
+
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ send_ldap_result( op, rs );
+
+ /* marks the entry as committed, so it is added to the cache;
+ * otherwise it is removed from the cache, but not destroyed;
+ * it will be destroyed by the caller */
+ cache_entry_commit( op->oq_add.rs_e );
+
+return_results:;
+ if (p != NULL) {
+ /* free parent and writer lock */
+ cache_return_entry_w( &li->li_cache, p );
+ }
+
+ if ( rs->sr_err ) {
+ /*
+ * in case of error, writer lock is freed
+ * and entry's private data is destroyed.
+ * otherwise, this is done when entry is released
+ */
+ cache_return_entry_w( &li->li_cache, op->oq_add.rs_e );
+ ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+ }
+
+ return( rs->sr_err );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/alias.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/alias.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/alias.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,240 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/alias.c,v 1.47.2.4 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+#include "slap.h"
+#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
+
+
+static void new_superior(
+ struct berval *dn,
+ struct berval *oldSup,
+ struct berval *newSup,
+ struct berval *res );
+
+static int dnlist_subordinate(
+ BerVarray dnlist,
+ struct berval *dn );
+
+Entry *deref_internal_r(
+ Backend* be,
+ Entry* alias,
+ struct berval* dn_in,
+ int* err,
+ Entry** matched,
+ const char** text )
+{
+ struct berval dn;
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+ Entry *entry;
+ Entry *sup;
+ unsigned depth;
+ BerVarray dnlist;
+
+ assert( ( alias != NULL && dn_in == NULL )
+ || ( alias == NULL && dn_in != NULL ) );
+
+ *matched = NULL;
+ *err = LDAP_NO_SUCH_OBJECT;
+ *text = NULL;
+
+ if( alias == NULL ) {
+ ber_dupbv( &dn, dn_in );
+ entry = dn2entry_r( be, &dn, &sup );
+
+ } else {
+ ber_dupbv( &dn, &alias->e_nname );
+ entry = alias;
+ sup = NULL;
+ }
+
+ dnlist = NULL;
+ ber_bvarray_add( &dnlist, &dn );
+
+ for( depth=0 ; ; depth++ ) {
+ if( entry != NULL ) {
+ Entry *newe;
+ struct berval aliasDN;
+
+ /* have entry, may be an alias */
+
+ if( !is_entry_alias( entry ) ) {
+ /* entry is not an alias */
+ break;
+ }
+
+ /* entry is alias */
+ if( depth > be->be_max_deref_depth ) {
+ *matched = entry;
+ entry = NULL;
+ *err = LDAP_ALIAS_DEREF_PROBLEM;
+ *text = "maximum deref depth exceeded";
+ break;
+ }
+
+ /* deref entry */
+ if( get_alias_dn( entry, &aliasDN, err, text )) {
+ *matched = entry;
+ entry = NULL;
+ break;
+ }
+
+ /* check if aliasDN is a subordinate of any DN in our list */
+ if( dnlist_subordinate( dnlist, &aliasDN ) ) {
+ ch_free( aliasDN.bv_val );
+ *matched = entry;
+ entry = NULL;
+ *err = LDAP_ALIAS_PROBLEM;
+ *text = "circular alias";
+ break;
+ }
+
+ /* attempt to dereference alias */
+
+ newe = dn2entry_r( be, &aliasDN, &sup );
+ ch_free( aliasDN.bv_val );
+
+ if( newe != NULL ) {
+ cache_return_entry_r(&li->li_cache, entry );
+ entry = newe;
+ ber_dupbv( &dn, &entry->e_nname );
+ ber_bvarray_add( &dnlist, &dn );
+ continue;
+ }
+
+ if ( sup != NULL ) {
+ cache_return_entry_r(&li->li_cache, entry );
+ entry = NULL;
+ continue;
+ }
+
+ /* no newe and no superior, we're done */
+ break;
+
+ } else if( sup != NULL ) {
+ /* have superior, may be an alias */
+ Entry *newe;
+ Entry *newSup;
+ struct berval supDN;
+ struct berval aliasDN;
+
+ if( !is_entry_alias( sup ) ) {
+ /* entry is not an alias */
+ *matched = sup;
+ sup = NULL;
+ break;
+ }
+
+ /* entry is alias */
+ if( depth > be->be_max_deref_depth ) {
+ *matched = sup;
+ entry = NULL;
+ *err = LDAP_ALIAS_DEREF_PROBLEM;
+ *text = "maximum deref depth exceeded";
+ break;
+ }
+
+ /* deref entry */
+ if( get_alias_dn( sup, &supDN, err, text )) {
+ *matched = sup;
+ break;
+ }
+
+ new_superior( &dn, &sup->e_nname, &supDN, &aliasDN );
+ free(supDN.bv_val);
+
+ /* check if aliasDN is a subordinate of any DN in our list */
+ if( dnlist_subordinate( dnlist, &aliasDN ) ) {
+ free(aliasDN.bv_val);
+ *matched = entry;
+ entry = NULL;
+ *err = LDAP_ALIAS_PROBLEM;
+ *text = "subordinate circular alias";
+ break;
+ }
+
+ /* attempt to dereference alias */
+ newe = dn2entry_r( be, &aliasDN, &newSup );
+
+ if( newe != NULL ) {
+ free(aliasDN.bv_val);
+ cache_return_entry_r(&li->li_cache, sup );
+ entry = newe;
+ ber_dupbv( &dn, &entry->e_nname );
+ ber_bvarray_add( &dnlist, &dn );
+ continue;
+ }
+
+ if ( newSup != NULL ) {
+ cache_return_entry_r(&li->li_cache, sup );
+ sup = newSup;
+ ber_dupbv( &dn, &aliasDN );
+ continue;
+ }
+
+ break;
+
+ } else {
+ /* no newe and no superior, we're done */
+ break;
+ }
+ }
+
+ ber_bvarray_free( dnlist );
+ return entry;
+}
+
+
+static void new_superior(
+ struct berval *dn,
+ struct berval *oldSup,
+ struct berval *newSup,
+ struct berval *newDN )
+{
+ size_t dnlen, olen, nlen;
+ assert( dn && oldSup && newSup && newDN );
+
+ dnlen = dn->bv_len;
+ olen = oldSup->bv_len;
+ nlen = newSup->bv_len;
+
+ newDN->bv_val = ch_malloc( dnlen - olen + nlen + 1 );
+
+ AC_MEMCPY( newDN->bv_val, dn->bv_val, dnlen - olen );
+ AC_MEMCPY( &newDN->bv_val[dnlen - olen], newSup->bv_val, nlen );
+ newDN->bv_val[dnlen - olen + nlen] = '\0';
+
+ return;
+}
+
+static int dnlist_subordinate(
+ BerVarray dnlist,
+ struct berval *dn )
+{
+ assert( dnlist != NULL );
+
+ for( ; dnlist->bv_val != NULL; dnlist++ ) {
+ if( dnIsSuffix( dnlist, dn ) ) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/attr.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/attr.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/attr.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,221 @@
+/* attr.c - backend routines for dealing with attributes */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/attr.c,v 1.39.2.4 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+
+/* for the cache of attribute information (which are indexed, etc.) */
+typedef struct ldbm_attrinfo {
+ AttributeDescription *ai_desc; /* attribute description cn;lang-en */
+ slap_mask_t ai_indexmask; /* how the attr is indexed */
+} AttrInfo;
+
+static int
+ainfo_type_cmp(
+ const void *v_desc,
+ const void *v_a
+)
+{
+ const AttributeDescription *desc = v_desc;
+ const AttrInfo *a = v_a;
+ return SLAP_PTRCMP(desc, a->ai_desc);
+}
+
+static int
+ainfo_cmp(
+ const void *v_a,
+ const void *v_b
+)
+{
+ const AttrInfo *a = v_a, *b = v_b;
+ return SLAP_PTRCMP(a->ai_desc, b->ai_desc);
+}
+
+void
+attr_mask(
+ struct ldbminfo *li,
+ AttributeDescription *desc,
+ slap_mask_t *indexmask )
+{
+ AttrInfo *a;
+
+ a = avl_find( li->li_attrs, desc, ainfo_type_cmp );
+
+ *indexmask = a != NULL ? a->ai_indexmask : 0;
+}
+
+int
+attr_index_config(
+ struct ldbminfo *li,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+ int rc;
+ int i;
+ slap_mask_t mask;
+ char **attrs;
+ char **indexes = NULL;
+
+ attrs = ldap_str2charray( argv[0], "," );
+
+ if( attrs == NULL ) {
+ fprintf( stderr, "%s: line %d: "
+ "no attributes specified: %s\n",
+ fname, lineno, argv[0] );
+ return LDAP_PARAM_ERROR;
+ }
+
+ if ( argc > 1 ) {
+ indexes = ldap_str2charray( argv[1], "," );
+
+ if( indexes == NULL ) {
+ fprintf( stderr, "%s: line %d: "
+ "no indexes specified: %s\n",
+ fname, lineno, argv[1] );
+ return LDAP_PARAM_ERROR;
+ }
+ }
+
+ if( indexes == NULL ) {
+ mask = li->li_defaultmask;
+
+ } else {
+ mask = 0;
+
+ for ( i = 0; indexes[i] != NULL; i++ ) {
+ slap_mask_t index;
+ rc = slap_str2index( indexes[i], &index );
+
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: line %d: "
+ "index type \"%s\" undefined\n",
+ fname, lineno, indexes[i] );
+ return LDAP_PARAM_ERROR;
+ }
+
+ mask |= index;
+ }
+ }
+
+ if( !mask ) {
+ fprintf( stderr, "%s: line %d: "
+ "no indexes selected\n",
+ fname, lineno );
+ return LDAP_PARAM_ERROR;
+ }
+
+ for ( i = 0; attrs[i] != NULL; i++ ) {
+ AttrInfo *a;
+ AttributeDescription *ad;
+ const char *text;
+
+ if( strcasecmp( attrs[i], "default" ) == 0 ) {
+ li->li_defaultmask = mask;
+ continue;
+ }
+
+ a = (AttrInfo *) ch_malloc( sizeof(AttrInfo) );
+
+ ad = NULL;
+ rc = slap_str2ad( attrs[i], &ad, &text );
+
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: line %d: "
+ "index attribute \"%s\" undefined\n",
+ fname, lineno, attrs[i] );
+ return rc;
+ }
+
+ if( slap_ad_is_binary( ad ) ) {
+ fprintf( stderr, "%s: line %d: "
+ "index of attribute \"%s\" disallowed\n",
+ fname, lineno, attrs[i] );
+ return LDAP_UNWILLING_TO_PERFORM;
+ }
+
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_APPROX ) && !(
+ ad->ad_type->sat_approx
+ && ad->ad_type->sat_approx->smr_indexer
+ && ad->ad_type->sat_approx->smr_filter ) )
+ {
+ fprintf( stderr, "%s: line %d: "
+ "approx index of attribute \"%s\" disallowed\n",
+ fname, lineno, attrs[i] );
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_EQUALITY ) && !(
+ ad->ad_type->sat_equality
+ && ad->ad_type->sat_equality->smr_indexer
+ && ad->ad_type->sat_equality->smr_filter ) )
+ {
+ fprintf( stderr, "%s: line %d: "
+ "equality index of attribute \"%s\" disallowed\n",
+ fname, lineno, attrs[i] );
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_SUBSTR ) && !(
+ ad->ad_type->sat_substr
+ && ad->ad_type->sat_substr->smr_indexer
+ && ad->ad_type->sat_substr->smr_filter ) )
+ {
+ fprintf( stderr, "%s: line %d: "
+ "substr index of attribute \"%s\" disallowed\n",
+ fname, lineno, attrs[i] );
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ Debug( LDAP_DEBUG_CONFIG, "index %s 0x%04lx\n",
+ ad->ad_cname.bv_val, mask, 0 );
+
+
+ a->ai_desc = ad;
+
+ a->ai_indexmask = mask;
+
+ rc = avl_insert( &li->li_attrs, (caddr_t) a,
+ ainfo_cmp, avl_dup_error );
+
+ if( rc ) {
+ fprintf( stderr, "%s: line %d: duplicate index definition "
+ "for attr \"%s\"" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ fname, lineno, attrs[i] );
+
+ return LDAP_PARAM_ERROR;
+ }
+ }
+
+ ldap_charray_free( attrs );
+ if ( indexes != NULL ) ldap_charray_free( indexes );
+
+ return LDAP_SUCCESS;
+}
+
+void
+attr_index_destroy( Avlnode *tree )
+{
+ avl_free( tree, free );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/back-ldbm.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/back-ldbm.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/back-ldbm.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,163 @@
+/* back-ldbm.h - ldap ldbm back-end header file */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/back-ldbm.h,v 1.64.2.5 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _BACK_LDBM_H_
+#define _BACK_LDBM_H_
+
+#include "ldbm.h"
+#include "alock.h"
+
+LDAP_BEGIN_DECL
+
+#define LDBM_SUBENTRIES 1
+
+#define DEFAULT_CACHE_SIZE 1000
+
+#if defined(HAVE_BERKELEY_DB) && DB_VERSION_MAJOR >= 2
+# define DEFAULT_DBCACHE_SIZE (100 * DEFAULT_DB_PAGE_SIZE)
+#else
+# define DEFAULT_DBCACHE_SIZE 100000
+#endif
+
+#define DN_BASE_PREFIX SLAP_INDEX_EQUALITY_PREFIX
+#define DN_ONE_PREFIX '%'
+#define DN_SUBTREE_PREFIX '@'
+
+/*
+ * there is a single index for each attribute. these prefixes ensure
+ * that there is no collision among keys.
+ */
+
+/* allow PREFIX + byte for continuate number */
+#define SLAP_INDEX_CONT_SIZE ( sizeof(SLAP_INDEX_CONT_PREFIX) + sizeof(unsigned char) )
+
+#define DEFAULT_BLOCKSIZE 8192
+
+/*
+ * This structure represents an id block on disk and an id list
+ * in core.
+ *
+ * The fields have the following meanings:
+ *
+ * b_nmax maximum number of ids in this block. if this is == ALLIDSBLOCK,
+ * then this block represents all ids.
+ * b_nids current number of ids in use in this block. if this
+ * is == INDBLOCK, then this block is an indirect block
+ * containing a list of other blocks containing actual ids.
+ * the list is terminated by an id of NOID.
+ * b_ids a list of the actual ids themselves
+ */
+
+typedef ID ID_BLOCK;
+
+#define ID_BLOCK_NMAX_OFFSET 0
+#define ID_BLOCK_NIDS_OFFSET 1
+#define ID_BLOCK_IDS_OFFSET 2
+
+/* all ID_BLOCK macros operate on a pointer to a ID_BLOCK */
+
+#define ID_BLOCK_NMAX(b) ((b)[ID_BLOCK_NMAX_OFFSET])
+
+/* Use this macro to get the value, but not to set it.
+ * By default this is identical to above.
+ */
+#define ID_BLOCK_NMAXN(b) ID_BLOCK_NMAX(b)
+#define ID_BLOCK_NIDS(b) ((b)[ID_BLOCK_NIDS_OFFSET])
+#define ID_BLOCK_ID(b, n) ((b)[ID_BLOCK_IDS_OFFSET+(n)])
+
+#define ID_BLOCK_NOID(b, n) (ID_BLOCK_ID((b),(n)) == NOID)
+
+#define ID_BLOCK_ALLIDS_VALUE 0
+#define ID_BLOCK_ALLIDS(b) (ID_BLOCK_NMAX(b) == ID_BLOCK_ALLIDS_VALUE)
+
+#define ID_BLOCK_INDIRECT_VALUE 0
+#define ID_BLOCK_INDIRECT(b) (ID_BLOCK_NIDS(b) == ID_BLOCK_INDIRECT_VALUE)
+
+#define USE_INDIRECT_NIDS 1
+
+#ifdef USE_INDIRECT_NIDS
+/*
+ * Use the high bit of ID_BLOCK_NMAX to indicate an INDIRECT block, thus
+ * freeing up the ID_BLOCK_NIDS to store an actual count. This allows us
+ * to use binary search on INDIRECT blocks.
+ */
+#undef ID_BLOCK_NMAXN
+#define ID_BLOCK_NMAXN(b) ((b)[ID_BLOCK_NMAX_OFFSET]&0x7fffffff)
+#undef ID_BLOCK_INDIRECT_VALUE
+#define ID_BLOCK_INDIRECT_VALUE 0x80000000
+#undef ID_BLOCK_INDIRECT
+#define ID_BLOCK_INDIRECT(b) (ID_BLOCK_NMAX(b) & ID_BLOCK_INDIRECT_VALUE)
+
+#endif /* USE_INDIRECT_NIDS */
+
+/* for the in-core cache of entries */
+typedef struct ldbm_cache {
+ int c_maxsize;
+ int c_cursize;
+ Avlnode *c_dntree;
+ Avlnode *c_idtree;
+ Entry *c_lruhead; /* lru - add accessed entries here */
+ Entry *c_lrutail; /* lru - rem lru entries from here */
+ ldap_pvt_thread_mutex_t c_mutex;
+} Cache;
+
+#define CACHE_READ_LOCK 0
+#define CACHE_WRITE_LOCK 1
+
+/* for the cache of open index files */
+typedef struct ldbm_dbcache {
+ int dbc_refcnt;
+ int dbc_maxids;
+ int dbc_maxindirect;
+ int dbc_dirty;
+ int dbc_flags;
+ time_t dbc_lastref;
+ long dbc_blksize;
+ char *dbc_name;
+ LDBM dbc_db;
+ ldap_pvt_thread_mutex_t dbc_write_mutex;
+} DBCache;
+
+#define MAXDBCACHE 128
+
+struct ldbminfo {
+ ldap_pvt_thread_rdwr_t li_giant_rwlock;
+ ID li_nextid;
+ int li_mode;
+ slap_mask_t li_defaultmask;
+ char *li_directory;
+ Cache li_cache;
+ Avlnode *li_attrs;
+ int li_dblocking; /* lock databases */
+ int li_dbwritesync; /* write sync */
+ int li_dbcachesize;
+ DBCache li_dbcache[MAXDBCACHE];
+ ldap_pvt_thread_mutex_t li_dbcache_mutex;
+ ldap_pvt_thread_cond_t li_dbcache_cv;
+ DB_ENV *li_dbenv;
+ int li_envdirok;
+ int li_dbsyncfreq;
+ int li_dbsyncwaitn;
+ int li_dbsyncwaitinterval;
+ int li_dbsyncwaitcount;
+ alock_info_t li_alock_info;
+};
+
+LDAP_END_DECL
+
+#include "proto-back-ldbm.h"
+
+#endif /* _back_ldbm_h_ */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/bind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/bind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/bind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,196 @@
+/* bind.c - ldbm backend bind and unbind routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/bind.c,v 1.75.2.3 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/krb.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
+
+int
+ldbm_back_bind(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
+ Entry *e;
+ Attribute *a;
+ int rc;
+ Entry *matched;
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ char krbname[MAX_K_NAME_SZ + 1];
+ AttributeDescription *krbattr = slap_schema.si_ad_krbName;
+ AUTH_DAT ad;
+#endif
+
+ AttributeDescription *password = slap_schema.si_ad_userPassword;
+
+ Debug(LDAP_DEBUG_ARGS,
+ "==> ldbm_back_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0);
+
+ if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op ) ) {
+ ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) );
+ /* front end will send result */
+ return LDAP_SUCCESS;
+ }
+
+ /* grab giant lock for reading */
+ ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
+
+ /* get entry with reader lock */
+ if ( (e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) {
+ if( matched != NULL ) {
+ cache_return_entry_r( &li->li_cache, matched );
+ }
+ ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
+
+ /* allow noauth binds */
+ rc = 1;
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ }
+
+ /* check for deleted */
+#ifdef LDBM_SUBENTRIES
+ if ( is_entry_subentry( e ) ) {
+ /* entry is an subentry, don't allow bind */
+ Debug( LDAP_DEBUG_TRACE,
+ "entry is subentry\n", 0, 0, 0 );
+ rc = LDAP_INVALID_CREDENTIALS;
+ goto return_results;
+ }
+#endif
+
+ if ( is_entry_alias( e ) ) {
+ /* entry is an alias, don't allow bind */
+ Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
+
+#if 1
+ rc = LDAP_INVALID_CREDENTIALS;
+#else
+ rs->sr_text = "entry is alias";
+ rc = LDAP_ALIAS_PROBLEM;
+#endif
+ goto return_results;
+ }
+
+ if ( is_entry_referral( e ) ) {
+ /* entry is a referral, don't allow bind */
+ Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 );
+
+ rc = LDAP_INVALID_CREDENTIALS;
+ goto return_results;
+ }
+
+ switch ( op->oq_bind.rb_method ) {
+ case LDAP_AUTH_SIMPLE:
+ if ( (a = attr_find( e->e_attrs, password )) == NULL ) {
+ /* stop front end from sending result */
+ rc = LDAP_INVALID_CREDENTIALS;
+ goto return_results;
+ }
+
+ if ( slap_passwd_check( op, e, a, &op->oq_bind.rb_cred,
+ &rs->sr_text ) != 0 )
+ {
+ /* failure; stop front end from sending result */
+ rc = LDAP_INVALID_CREDENTIALS;
+ goto return_results;
+ }
+
+ rc = 0;
+ break;
+
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ case LDAP_AUTH_KRBV41:
+ if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad )
+ != LDAP_SUCCESS )
+ {
+ rc = LDAP_INVALID_CREDENTIALS;
+ goto return_results;
+ }
+
+ if ( ! access_allowed( op, e,
+ krbattr, NULL, ACL_AUTH, NULL ) )
+ {
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+
+ sprintf( krbname, "%s%s%s@%s", ad.pname, *ad.pinst ? "."
+ : "", ad.pinst, ad.prealm );
+
+ if ( (a = attr_find( e->e_attrs, krbattr )) == NULL ) {
+ /*
+ * no krbname values present: check against DN
+ */
+ if ( strcasecmp( op->o_req_dn.bv_val, krbname ) == 0 ) {
+ rc = 0;
+ break;
+ }
+ rc = LDAP_INAPPROPRIATE_AUTH;
+ goto return_results;
+
+ } else { /* look for krbname match */
+ struct berval krbval;
+
+ krbval.bv_val = krbname;
+ krbval.bv_len = strlen( krbname );
+
+ if ( value_find( a->a_desc, a->a_vals, &krbval ) != 0 ) {
+ rc = LDAP_INVALID_CREDENTIALS;
+ goto return_results;
+ }
+ }
+ rc = 0;
+ break;
+#endif
+
+ default:
+ assert( 0 ); /* should not be reachable */
+ rs->sr_text = "authentication method not supported";
+ rc = LDAP_STRONG_AUTH_NOT_SUPPORTED;
+ goto return_results;
+ }
+
+ ber_dupbv( &op->oq_bind.rb_edn, &e->e_name );
+
+return_results:;
+ /* free entry and reader lock */
+ cache_return_entry_r( &li->li_cache, e );
+ ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
+
+ if ( rc ) {
+ rs->sr_err = rc;
+ send_ldap_result( op, rs );
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ }
+
+ /* front end will send result on success (rc==0) */
+ return( rc );
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/cache.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/cache.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/cache.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,675 @@
+/* cache.c - routines to maintain an in-core cache of entries */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/cache.c,v 1.66.2.5 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/errno.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+#include "back-ldbm.h"
+
+/* LDBM backend specific entry info -- visible only to the cache */
+typedef struct ldbm_entry_info {
+ /*
+ * These items are specific to the LDBM backend and should
+ * be hidden. Backend cache lock required to access.
+ */
+ int lei_state; /* for the cache */
+#define CACHE_ENTRY_UNDEFINED 0
+#define CACHE_ENTRY_CREATING 1
+#define CACHE_ENTRY_READY 2
+#define CACHE_ENTRY_DELETED 3
+#define CACHE_ENTRY_COMMITTED 4
+
+ int lei_refcnt; /* # threads ref'ing this entry */
+ Entry *lei_lrunext; /* for cache lru list */
+ Entry *lei_lruprev;
+} EntryInfo;
+#undef LEI
+#define LEI(e) ((EntryInfo *) ((e)->e_private))
+
+static int cache_delete_entry_internal(Cache *cache, Entry *e);
+#ifdef LDAP_DEBUG
+#ifdef SLAPD_UNUSED
+static void lru_print(Cache *cache);
+#endif
+#endif
+
+static int
+cache_entry_private_init( Entry*e )
+{
+ assert( e->e_private == NULL );
+
+ if( e->e_private != NULL ) {
+ /* this should never happen */
+ return 1;
+ }
+
+ e->e_private = ch_calloc(1, sizeof(struct ldbm_entry_info));
+
+ return 0;
+}
+
+/*
+ * marks an entry in CREATING state as committed, so it is really returned
+ * to the cache. Otherwise an entry in CREATING state is removed.
+ * Makes e_private be destroyed at the following cache_return_entry_w,
+ * but lets the entry untouched (owned by someone else)
+ */
+void
+cache_entry_commit( Entry *e )
+{
+ assert( e != NULL );
+ assert( e->e_private != NULL );
+ assert( LEI(e)->lei_state == CACHE_ENTRY_CREATING );
+ /* assert( LEI(e)->lei_refcnt == 1 ); */
+
+ LEI(e)->lei_state = CACHE_ENTRY_COMMITTED;
+}
+
+static int
+cache_entry_private_destroy( Entry*e )
+{
+ assert( e->e_private != NULL );
+
+ free( e->e_private );
+ e->e_private = NULL;
+ return 0;
+}
+
+void
+cache_return_entry_rw( Cache *cache, Entry *e, int rw )
+{
+ ID id;
+ int refcnt, freeit = 1;
+
+ if ( slapMode != SLAP_SERVER_MODE ) {
+ return;
+ }
+
+ /* set cache mutex */
+ ldap_pvt_thread_mutex_lock( &cache->c_mutex );
+
+ assert( e->e_private != NULL );
+
+ id = e->e_id;
+ refcnt = --LEI(e)->lei_refcnt;
+
+ /*
+ * if the entry is returned when in CREATING state, it is deleted
+ * but not freed because it may belong to someone else (do_add,
+ * for instance)
+ */
+ if ( LEI(e)->lei_state == CACHE_ENTRY_CREATING ) {
+ cache_delete_entry_internal( cache, e );
+ freeit = 0;
+ /* now the entry is in DELETED state */
+ }
+
+ if ( LEI(e)->lei_state == CACHE_ENTRY_COMMITTED ) {
+ LEI(e)->lei_state = CACHE_ENTRY_READY;
+
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "====> cache_return_entry_%s( %ld ): created (%d)\n",
+ rw ? "w" : "r", id, refcnt );
+
+ } else if ( LEI(e)->lei_state == CACHE_ENTRY_DELETED ) {
+ if( refcnt > 0 ) {
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "====> cache_return_entry_%s( %ld ): delete pending (%d)\n",
+ rw ? "w" : "r", id, refcnt );
+
+ } else {
+ cache_entry_private_destroy( e );
+ if ( freeit ) {
+ entry_free( e );
+ }
+
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "====> cache_return_entry_%s( %ld ): deleted (%d)\n",
+ rw ? "w" : "r", id, refcnt );
+ }
+
+ } else {
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "====> cache_return_entry_%s( %ld ): returned (%d)\n",
+ rw ? "w" : "r", id, refcnt);
+ }
+}
+
+#define LRU_DELETE( cache, e ) do { \
+ if ( LEI(e)->lei_lruprev != NULL ) { \
+ LEI(LEI(e)->lei_lruprev)->lei_lrunext = LEI(e)->lei_lrunext; \
+ } else { \
+ (cache)->c_lruhead = LEI(e)->lei_lrunext; \
+ } \
+ if ( LEI(e)->lei_lrunext != NULL ) { \
+ LEI(LEI(e)->lei_lrunext)->lei_lruprev = LEI(e)->lei_lruprev; \
+ } else { \
+ (cache)->c_lrutail = LEI(e)->lei_lruprev; \
+ } \
+} while(0)
+
+#define LRU_ADD( cache, e ) do { \
+ LEI(e)->lei_lrunext = (cache)->c_lruhead; \
+ if ( LEI(e)->lei_lrunext != NULL ) { \
+ LEI(LEI(e)->lei_lrunext)->lei_lruprev = (e); \
+ } \
+ (cache)->c_lruhead = (e); \
+ LEI(e)->lei_lruprev = NULL; \
+ if ( (cache)->c_lrutail == NULL ) { \
+ (cache)->c_lrutail = (e); \
+ } \
+} while(0)
+
+/*
+ * cache_add_entry_rw - create and lock an entry in the cache
+ * returns: 0 entry has been created and locked
+ * 1 entry already existed
+ * -1 something bad happened
+ */
+int
+cache_add_entry_rw(
+ Cache *cache,
+ Entry *e,
+ int rw
+)
+{
+ int i, rc;
+ Entry *ee;
+
+ /* set cache mutex */
+ ldap_pvt_thread_mutex_lock( &cache->c_mutex );
+
+ assert( e->e_private == NULL );
+
+ if( cache_entry_private_init(e) != 0 ) {
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+
+ Debug( LDAP_DEBUG_ANY,
+ "====> cache_add_entry( %ld ): \"%s\": private init failed!\n",
+ e->e_id, e->e_dn, 0 );
+
+ return( -1 );
+ }
+
+ if ( avl_insert( &cache->c_dntree, (caddr_t) e,
+ entry_dn_cmp, avl_dup_error ) != 0 )
+ {
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "====> cache_add_entry( %ld ): \"%s\": already in dn cache\n",
+ e->e_id, e->e_dn, 0 );
+
+ cache_entry_private_destroy(e);
+
+ return( 1 );
+ }
+
+ /* id tree */
+ if ( avl_insert( &cache->c_idtree, (caddr_t) e,
+ entry_id_cmp, avl_dup_error ) != 0 )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "====> cache_add_entry( %ld ): \"%s\": already in id cache\n",
+ e->e_id, e->e_dn, 0 );
+
+ /* delete from dn tree inserted above */
+ if ( avl_delete( &cache->c_dntree, (caddr_t) e,
+ entry_dn_cmp ) == NULL )
+ {
+ Debug( LDAP_DEBUG_ANY, "====> can't delete from dn cache\n",
+ 0, 0, 0 );
+ }
+
+ cache_entry_private_destroy(e);
+
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+ return( -1 );
+ }
+
+ /* put the entry into 'CREATING' state */
+ /* will be marked after when entry is returned */
+ LEI(e)->lei_state = CACHE_ENTRY_CREATING;
+ LEI(e)->lei_refcnt = 1;
+
+ /* lru */
+ LRU_ADD( cache, e );
+ if ( ++cache->c_cursize > cache->c_maxsize ) {
+ /*
+ * find the lru entry not currently in use and delete it.
+ * in case a lot of entries are in use, only look at the
+ * first 10 on the tail of the list.
+ */
+ i = 0;
+ while ( cache->c_lrutail != NULL &&
+ LEI(cache->c_lrutail)->lei_refcnt != 0 &&
+ i < 10 )
+ {
+ /* move this in-use entry to the front of the q */
+ ee = cache->c_lrutail;
+ LRU_DELETE( cache, ee );
+ LRU_ADD( cache, ee );
+ i++;
+ }
+
+ /*
+ * found at least one to delete - try to get back under
+ * the max cache size.
+ */
+ while ( cache->c_lrutail != NULL &&
+ LEI(cache->c_lrutail)->lei_refcnt == 0 &&
+ cache->c_cursize > cache->c_maxsize )
+ {
+ e = cache->c_lrutail;
+
+ /* delete from cache and lru q */
+ /* XXX do we need rc ? */
+ rc = cache_delete_entry_internal( cache, e );
+ cache_entry_private_destroy( e );
+ entry_free( e );
+ }
+ }
+
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+ return( 0 );
+}
+
+/*
+ * cache_update_entry - update a LOCKED entry which has been deleted.
+ * returns: 0 entry has been created and locked
+ * 1 entry already existed
+ * -1 something bad happened
+ */
+int
+cache_update_entry(
+ Cache *cache,
+ Entry *e
+)
+{
+ int i, rc;
+ Entry *ee;
+
+ /* set cache mutex */
+ ldap_pvt_thread_mutex_lock( &cache->c_mutex );
+
+ assert( e->e_private != NULL );
+
+ if ( avl_insert( &cache->c_dntree, (caddr_t) e,
+ entry_dn_cmp, avl_dup_error ) != 0 )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "====> cache_update_entry( %ld ): \"%s\": already in dn cache\n",
+ e->e_id, e->e_dn, 0 );
+
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+ return( 1 );
+ }
+
+ /* id tree */
+ if ( avl_insert( &cache->c_idtree, (caddr_t) e,
+ entry_id_cmp, avl_dup_error ) != 0 )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "====> cache_update_entry( %ld ): \"%s\": already in id cache\n",
+ e->e_id, e->e_dn, 0 );
+
+ /* delete from dn tree inserted above */
+ if ( avl_delete( &cache->c_dntree, (caddr_t) e,
+ entry_dn_cmp ) == NULL )
+ {
+ Debug( LDAP_DEBUG_ANY, "====> can't delete from dn cache\n",
+ 0, 0, 0 );
+ }
+
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+ return( -1 );
+ }
+
+ /* put the entry into 'CREATING' state */
+ /* will be marked after when entry is returned */
+ LEI(e)->lei_state = CACHE_ENTRY_CREATING;
+
+ /* lru */
+ LRU_ADD( cache, e );
+ if ( ++cache->c_cursize > cache->c_maxsize ) {
+ /*
+ * find the lru entry not currently in use and delete it.
+ * in case a lot of entries are in use, only look at the
+ * first 10 on the tail of the list.
+ */
+ i = 0;
+ while ( cache->c_lrutail != NULL &&
+ LEI(cache->c_lrutail)->lei_refcnt != 0 &&
+ i < 10 )
+ {
+ /* move this in-use entry to the front of the q */
+ ee = cache->c_lrutail;
+ LRU_DELETE( cache, ee );
+ LRU_ADD( cache, ee );
+ i++;
+ }
+
+ /*
+ * found at least one to delete - try to get back under
+ * the max cache size.
+ */
+ while ( cache->c_lrutail != NULL &&
+ LEI(cache->c_lrutail)->lei_refcnt == 0 &&
+ cache->c_cursize > cache->c_maxsize )
+ {
+ e = cache->c_lrutail;
+
+ /* delete from cache and lru q */
+ /* XXX do we need rc ? */
+ rc = cache_delete_entry_internal( cache, e );
+ cache_entry_private_destroy( e );
+ entry_free( e );
+ }
+ }
+
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+ return( 0 );
+}
+
+ID
+cache_find_entry_ndn2id(
+ Backend *be,
+ Cache *cache,
+ struct berval *ndn
+)
+{
+ Entry e, *ep;
+ ID id;
+ int count = 0;
+
+ /* this function is always called with normalized DN */
+ e.e_nname = *ndn;
+
+try_again:
+ /* set cache mutex */
+ ldap_pvt_thread_mutex_lock( &cache->c_mutex );
+
+ if ( (ep = (Entry *) avl_find( cache->c_dntree, (caddr_t) &e,
+ entry_dn_cmp )) != NULL )
+ {
+ int state;
+ count++;
+
+ /*
+ * ep now points to an unlocked entry
+ * we do not need to lock the entry if we only
+ * check the state, refcnt, LRU, and id.
+ */
+ assert( ep->e_private != NULL );
+
+ /* save id */
+ id = ep->e_id;
+ state = LEI(ep)->lei_state;
+
+ /*
+ * entry is deleted or not fully created yet
+ */
+ if ( state != CACHE_ENTRY_READY ) {
+ assert(state != CACHE_ENTRY_UNDEFINED);
+
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+
+ Debug(LDAP_DEBUG_TRACE,
+ "====> cache_find_entry_ndn2id(\"%s\"): %ld (not ready) %d\n",
+ ndn->bv_val, id, state);
+
+ ldap_pvt_thread_yield();
+ goto try_again;
+ }
+
+ /* lru */
+ LRU_DELETE( cache, ep );
+ LRU_ADD( cache, ep );
+
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+
+ Debug(LDAP_DEBUG_TRACE,
+ "====> cache_find_entry_ndn2id(\"%s\"): %ld (%d tries)\n",
+ ndn->bv_val, id, count);
+
+ } else {
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+ id = NOID;
+ }
+
+ return( id );
+}
+
+/*
+ * cache_find_entry_id - find an entry in the cache, given id
+ */
+
+Entry *
+cache_find_entry_id(
+ Cache *cache,
+ ID id,
+ int rw
+)
+{
+ Entry e;
+ Entry *ep;
+ int count = 0;
+
+ e.e_id = id;
+
+try_again:
+ /* set cache mutex */
+ ldap_pvt_thread_mutex_lock( &cache->c_mutex );
+
+ if ( (ep = (Entry *) avl_find( cache->c_idtree, (caddr_t) &e,
+ entry_id_cmp )) != NULL )
+ {
+ int state;
+ ID ep_id;
+
+ count++;
+
+ assert( ep->e_private != NULL );
+
+ ep_id = ep->e_id;
+ state = LEI(ep)->lei_state;
+
+ /*
+ * entry is deleted or not fully created yet
+ */
+ if ( state != CACHE_ENTRY_READY ) {
+ assert(state != CACHE_ENTRY_UNDEFINED);
+
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+
+ Debug(LDAP_DEBUG_TRACE,
+ "====> cache_find_entry_id( %ld ): %ld (not ready) %d\n",
+ id, ep_id, state);
+
+ ldap_pvt_thread_yield();
+ goto try_again;
+ }
+
+ /* lru */
+ LRU_DELETE( cache, ep );
+ LRU_ADD( cache, ep );
+
+ LEI(ep)->lei_refcnt++;
+
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+
+ Debug(LDAP_DEBUG_TRACE,
+ "====> cache_find_entry_id( %ld ) \"%s\" (found) (%d tries)\n",
+ ep_id, ep->e_dn, count);
+
+ return( ep );
+ }
+
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+
+ return( NULL );
+}
+
+/*
+ * cache_delete_entry - delete the entry e from the cache. the caller
+ * should have obtained e (increasing its ref count) via a call to one
+ * of the cache_find_* routines. the caller should *not* call the
+ * cache_return_entry() routine prior to calling cache_delete_entry().
+ * it performs this function.
+ *
+ * returns: 0 e was deleted ok
+ * 1 e was not in the cache
+ * -1 something bad happened
+ */
+int
+cache_delete_entry(
+ Cache *cache,
+ Entry *e
+)
+{
+ int rc;
+
+ /* set cache mutex */
+ ldap_pvt_thread_mutex_lock( &cache->c_mutex );
+
+ assert( e->e_private != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, "====> cache_delete_entry( %ld )\n",
+ e->e_id, 0, 0 );
+
+ rc = cache_delete_entry_internal( cache, e );
+
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+ return( rc );
+}
+
+static int
+cache_delete_entry_internal(
+ Cache *cache,
+ Entry *e
+)
+{
+ int rc = 0; /* return code */
+
+ /* dn tree */
+ if ( avl_delete( &cache->c_dntree, (caddr_t) e, entry_dn_cmp ) == NULL )
+ {
+ rc = -1;
+ }
+
+ /* id tree */
+ if ( avl_delete( &cache->c_idtree, (caddr_t) e, entry_id_cmp ) == NULL )
+ {
+ rc = -1;
+ }
+
+ if (rc != 0) {
+ return rc;
+ }
+
+ /* lru */
+ LRU_DELETE( cache, e );
+ cache->c_cursize--;
+
+ /*
+ * flag entry to be freed later by a call to cache_return_entry()
+ */
+ LEI(e)->lei_state = CACHE_ENTRY_DELETED;
+
+ return( 0 );
+}
+
+void
+cache_release_all( Cache *cache )
+{
+ Entry *e;
+ int rc;
+
+ /* set cache mutex */
+ ldap_pvt_thread_mutex_lock( &cache->c_mutex );
+
+ Debug( LDAP_DEBUG_TRACE, "====> cache_release_all\n", 0, 0, 0 );
+
+
+ while ( (e = cache->c_lrutail) != NULL && LEI(e)->lei_refcnt == 0 ) {
+ /* delete from cache and lru q */
+ /* XXX do we need rc ? */
+ rc = cache_delete_entry_internal( cache, e );
+ cache_entry_private_destroy( e );
+ entry_free( e );
+ }
+
+ if ( cache->c_cursize ) {
+ Debug( LDAP_DEBUG_TRACE, "Entry-cache could not be emptied\n", 0, 0, 0 );
+ }
+
+ /* free cache mutex */
+ ldap_pvt_thread_mutex_unlock( &cache->c_mutex );
+}
+
+#ifdef LDAP_DEBUG
+#ifdef SLAPD_UNUSED
+static void
+lru_print( Cache *cache )
+{
+ Entry *e;
+
+ fprintf( stderr, "LRU queue (head to tail):\n" );
+ for ( e = cache->c_lruhead; e != NULL; e = LEI(e)->lei_lrunext ) {
+ fprintf( stderr, "\tdn \"%20s\" id %ld refcnt %d\n",
+ e->e_dn, e->e_id, LEI(e)->lei_refcnt );
+ }
+ fprintf( stderr, "LRU queue (tail to head):\n" );
+ for ( e = cache->c_lrutail; e != NULL; e = LEI(e)->lei_lruprev ) {
+ fprintf( stderr, "\tdn \"%20s\" id %ld refcnt %d\n",
+ e->e_dn, e->e_id, LEI(e)->lei_refcnt );
+ }
+}
+#endif
+#endif
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/close.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/close.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/close.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,43 @@
+/* close.c - close ldbm backend */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/close.c,v 1.19.2.6 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+
+int
+ldbm_back_db_close( Backend *be )
+{
+ struct ldbminfo *li = be->be_private;
+
+ Debug( LDAP_DEBUG_TRACE, "ldbm backend syncing\n", 0, 0, 0 );
+
+ ldbm_cache_flush_all( be );
+ Debug( LDAP_DEBUG_TRACE, "ldbm backend done syncing\n", 0, 0, 0 );
+
+ cache_release_all( &li->li_cache );
+ if ( alock_close( &li->li_alock_info )) {
+ Debug( LDAP_DEBUG_ANY,
+ "ldbm_back_db_close: alock_close failed\n", 0, 0, 0 );
+ }
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/compare.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/compare.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/compare.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,133 @@
+/* compare.c - ldbm backend compare routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/compare.c,v 1.49.2.7 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
+
+int
+ldbm_back_compare(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
+ Entry *matched;
+ Entry *e;
+ Attribute *a;
+ int manageDSAit = get_manageDSAit( op );
+
+ rs->sr_matched = NULL;
+ rs->sr_ref = NULL;
+
+ /* grab giant lock for reading */
+ ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
+
+ /* get entry with reader lock */
+ e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched );
+ if ( e == NULL ) {
+ if ( matched != NULL ) {
+ rs->sr_matched = ch_strdup( matched->e_dn );
+ rs->sr_ref = is_entry_referral( matched )
+ ? get_entry_referrals( op, matched )
+ : NULL;
+ cache_return_entry_r( &li->li_cache, matched );
+ } else {
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ }
+
+ ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
+
+ rs->sr_err = LDAP_REFERRAL;
+ goto return_results;
+ }
+
+ if ( !manageDSAit && is_entry_referral( e ) ) {
+ struct berval bv;
+
+ /* entry is a referral, don't allow add */
+ rs->sr_ref = get_entry_referrals( op, e );
+
+ Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
+ 0, 0 );
+
+
+ rs->sr_err = LDAP_REFERRAL;
+ ber_dupbv_x( &bv, &e->e_name, op->o_tmpmemctx );
+ rs->sr_matched = bv.bv_val;
+
+ goto return_results;
+ }
+
+ if ( ! access_allowed( op, e,
+ op->oq_compare.rs_ava->aa_desc, &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL ) )
+ {
+ send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
+ NULL );
+ goto return_results;
+ }
+
+ rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
+
+ for(a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
+ a != NULL;
+ a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ))
+ {
+ rs->sr_err = LDAP_COMPARE_FALSE;
+
+ if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ a->a_nvals, &op->oq_compare.rs_ava->aa_value,
+ op->o_tmpmemctx ) == 0 )
+ {
+ rs->sr_err = LDAP_COMPARE_TRUE;
+ break;
+ }
+ }
+
+return_results:;
+ if ( e ) cache_return_entry_r( &li->li_cache, e );
+ ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
+
+ send_ldap_result( op, rs );
+
+ switch ( rs->sr_err ) {
+ case LDAP_COMPARE_FALSE:
+ case LDAP_COMPARE_TRUE:
+ rs->sr_err = LDAP_SUCCESS;
+ break;
+ }
+
+ if ( rs->sr_ref != NULL ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+
+ if ( rs->sr_matched != NULL ) {
+ op->o_tmpfree( (char *)rs->sr_matched, op->o_tmpmemctx );
+ rs->sr_matched = NULL;
+ }
+
+ return rs->sr_err;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/config.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/config.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/config.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,188 @@
+/* config.c - ldbm backend configuration file routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/config.c,v 1.37.2.5 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+#include "lutil.h"
+
+int
+ldbm_back_db_config(
+ Backend *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ int rc;
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+
+ if ( li == NULL ) {
+ fprintf( stderr, "%s: line %d: ldbm database info is null!\n",
+ fname, lineno );
+ return( 1 );
+ }
+
+ /* directory where database files live */
+ if ( strcasecmp( argv[0], "directory" ) == 0 ) {
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing dir in \"directory <dir>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+ if ( li->li_directory )
+ free( li->li_directory );
+ li->li_directory = ch_strdup( argv[1] );
+
+ /* mode with which to create new database files */
+ } else if ( strcasecmp( argv[0], "mode" ) == 0 ) {
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing mode in \"mode <mode>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+ if ( lutil_atoix( &li->li_mode, argv[1], 0 ) != 0 ) {
+ fprintf( stderr,
+ "%s: line %d: unable to parse mode=\"%s\" in \"mode <mode>\" line\n",
+ fname, lineno, argv[1] );
+ return( 1 );
+ }
+
+ /* attribute to index */
+ } else if ( strcasecmp( argv[0], "index" ) == 0 ) {
+ if ( argc < 2 ) {
+ fprintf( stderr,
+"%s: line %d: missing attr in \"index <attr> [pres,eq,approx,sub]\" line\n",
+ fname, lineno );
+ return( 1 );
+ } else if ( argc > 3 ) {
+ fprintf( stderr,
+"%s: line %d: extra junk after \"index <attr> [pres,eq,approx,sub]\" line" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ fname, lineno );
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ return( 1 );
+#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
+ }
+ rc = attr_index_config( li, fname, lineno, argc - 1, &argv[1] );
+
+ if( rc != LDAP_SUCCESS ) return 1;
+
+ /* size of the cache in entries */
+ } else if ( strcasecmp( argv[0], "cachesize" ) == 0 ) {
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing size in \"cachesize <size>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+ if ( lutil_atoi( &li->li_cache.c_maxsize, argv[1] ) != 0 ) {
+ fprintf( stderr,
+ "%s: line %d: unable to parse cachesize \"%s\"\n",
+ fname, lineno, argv[1] );
+ return( 1 );
+ }
+
+ /* size of each dbcache in bytes */
+ } else if ( strcasecmp( argv[0], "dbcachesize" ) == 0 ) {
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing size in \"dbcachesize <size>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+ if ( lutil_atoi( &li->li_dbcachesize, argv[1] ) ) {
+ fprintf( stderr,
+ "%s: line %d: unable to parse dbcachesize \"%s\"\n",
+ fname, lineno, argv[1] );
+ return( 1 );
+ }
+
+ /* no locking (not safe) */
+ } else if ( strcasecmp( argv[0], "dbnolocking" ) == 0 ) {
+ li->li_dblocking = 0;
+
+ /* no write sync (not safe) */
+ } else if ( ( strcasecmp( argv[0], "dbnosync" ) == 0 )
+ || ( strcasecmp( argv[0], "dbcachenowsync" ) == 0 ) )
+ {
+ li->li_dbwritesync = 0;
+
+ /* run sync thread */
+ } else if ( strcasecmp( argv[0], "dbsync" ) == 0 ) {
+#ifndef NO_THREADS
+ int i;
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing frquency value in \"dbsync <frequency> [<wait-times> [wait-interval]]\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( lutil_atoi( &i, argv[1] ) != 0 || i < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: frquency value (%d) invalid \"dbsync <frequency> [<wait-times> [wait-interval]]\" line\n",
+ fname, lineno, i );
+ return 1;
+ }
+
+ li->li_dbsyncfreq = i;
+
+ if ( argc > 2 ) {
+ if ( lutil_atoi( &i, argv[2] ) != 0 || i < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: frquency value (%d) invalid \"dbsync <frequency> [<wait-times> [wait-interval]]\" line\n",
+ fname, lineno, i );
+ return 1;
+ }
+ li ->li_dbsyncwaitn = i;
+ }
+
+ if ( argc > 3 ) {
+ if ( lutil_atoi( &i, argv[3] ) != 0 || i <= 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: frquency value (%d) invalid \"dbsync <frequency> [<wait-times> [wait-interval]]\" line\n",
+ fname, lineno, i );
+ return 1;
+ }
+ li ->li_dbsyncwaitinterval = i;
+ }
+
+ /* turn off writesync when sync policy is in place */
+ li->li_dbwritesync = 0;
+
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "\"dbsync\" policies not supported in non-threaded environments\n", 0, 0, 0);
+ return 1;
+#endif
+
+
+ /* anything else */
+ } else {
+ return SLAP_CONF_UNKNOWN;
+ }
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/dbcache.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/dbcache.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/dbcache.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,356 @@
+/* ldbmcache.c - maintain a cache of open ldbm files */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/dbcache.c,v 1.57.2.5 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+#include <sys/stat.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+#include <ldap_rq.h>
+
+DBCache *
+ldbm_cache_open(
+ Backend *be,
+ const char *name,
+ const char *suffix,
+ int flags
+)
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+ int i, lru, empty;
+ time_t oldtime;
+ char buf[MAXPATHLEN];
+#ifdef HAVE_STRUCT_STAT_ST_BLKSIZE
+ struct stat st;
+#endif
+
+ if (li->li_envdirok)
+ sprintf( buf, "%s%s", name, suffix );
+ else
+ sprintf( buf, "%s" LDAP_DIRSEP "%s%s",
+ li->li_directory, name, suffix );
+
+ if( li->li_dblocking ) {
+ flags |= LDBM_LOCKING;
+ } else {
+ flags |= LDBM_NOLOCKING;
+ }
+
+ if( li->li_dbwritesync ) {
+ flags |= LDBM_SYNC;
+ } else {
+ flags |= LDBM_NOSYNC;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "=> ldbm_cache_open( \"%s\", %d, %o )\n", buf,
+ flags, li->li_mode );
+
+
+ empty = MAXDBCACHE;
+
+ ldap_pvt_thread_mutex_lock( &li->li_dbcache_mutex );
+ do {
+ lru = 0;
+ oldtime = 1;
+ for ( i = 0; i < MAXDBCACHE; i++ ) {
+ /* see if this slot is free */
+ if ( li->li_dbcache[i].dbc_name == NULL) {
+ if (empty == MAXDBCACHE)
+ empty = i;
+ continue;
+ }
+
+ if ( strcmp( li->li_dbcache[i].dbc_name, buf ) == 0 ) {
+ /* already open - return it */
+ if (li->li_dbcache[i].dbc_flags != flags
+ && li->li_dbcache[i].dbc_refcnt == 0)
+ {
+ /* we don't want to use an open cache with different
+ * permissions (esp. if we need write but the open
+ * cache is read-only). So close this one if
+ * possible, and re-open below.
+ *
+ * FIXME: what about the case where the refcount
+ * is > 0? right now, we're using it anyway and
+ * just praying. Can there be more than one open
+ * cache to the same db?
+ *
+ * Also, it's really only necessary to compare the
+ * read-only flag, instead of all of the flags,
+ * but for now I'm checking all of them.
+ */
+ lru = i;
+ empty = MAXDBCACHE;
+ break;
+ }
+ li->li_dbcache[i].dbc_refcnt++;
+ Debug( LDAP_DEBUG_TRACE,
+ "<= ldbm_cache_open (cache %d)\n", i, 0, 0 );
+
+ ldap_pvt_thread_mutex_unlock( &li->li_dbcache_mutex );
+ return( &li->li_dbcache[i] );
+ }
+
+ /* keep track of lru db */
+ if (( li->li_dbcache[i].dbc_refcnt == 0 ) &&
+ (( oldtime == 1 ) ||
+ ( li->li_dbcache[i].dbc_lastref < oldtime )) )
+ {
+ lru = i;
+ oldtime = li->li_dbcache[i].dbc_lastref;
+ }
+ }
+
+ i = empty;
+ if ( i == MAXDBCACHE ) {
+ /* no empty slots, not already open - close lru and use that slot */
+ if ( li->li_dbcache[lru].dbc_refcnt == 0 ) {
+ i = lru;
+ ldbm_close( li->li_dbcache[i].dbc_db );
+ free( li->li_dbcache[i].dbc_name );
+ li->li_dbcache[i].dbc_name = NULL;
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "ldbm_cache_open no unused db to close - waiting\n",
+ 0, 0, 0 );
+
+ ldap_pvt_thread_cond_wait( &li->li_dbcache_cv,
+ &li->li_dbcache_mutex );
+ /* after waiting for a free slot, go back to square
+ * one: look for an open cache for this db, or an
+ * empty slot, or an unref'ed cache, or wait again.
+ */
+ }
+ }
+ } while (i == MAXDBCACHE);
+
+ if ( (li->li_dbcache[i].dbc_db = ldbm_open( li->li_dbenv, buf, flags, li->li_mode,
+ li->li_dbcachesize )) == NULL )
+ {
+ int err = errno;
+ Debug( LDAP_DEBUG_TRACE,
+ "<= ldbm_cache_open NULL \"%s\" errno=%d reason=\"%s\")\n",
+ buf, err, err > -1 && err < sys_nerr ?
+ sys_errlist[err] : "unknown" );
+
+ ldap_pvt_thread_mutex_unlock( &li->li_dbcache_mutex );
+ return( NULL );
+ }
+ li->li_dbcache[i].dbc_name = ch_strdup( buf );
+ li->li_dbcache[i].dbc_refcnt = 1;
+ li->li_dbcache[i].dbc_lastref = slap_get_time();
+ li->li_dbcache[i].dbc_flags = flags;
+ li->li_dbcache[i].dbc_dirty = 0;
+#ifdef HAVE_STRUCT_STAT_ST_BLKSIZE
+ if ( stat( buf, &st ) == 0 ) {
+ li->li_dbcache[i].dbc_blksize = st.st_blksize;
+ } else
+#endif
+ {
+ li->li_dbcache[i].dbc_blksize = DEFAULT_BLOCKSIZE;
+ }
+ li->li_dbcache[i].dbc_maxids = (li->li_dbcache[i].dbc_blksize /
+ sizeof(ID)) - ID_BLOCK_IDS_OFFSET;
+ li->li_dbcache[i].dbc_maxindirect = ( SLAPD_LDBM_MIN_MAXIDS /
+ li->li_dbcache[i].dbc_maxids ) + 1;
+
+ assert( li->li_dbcache[i].dbc_maxindirect < 256 );
+
+ Debug( LDAP_DEBUG_ARGS,
+ "ldbm_cache_open (blksize %ld) (maxids %d) (maxindirect %d)\n",
+ li->li_dbcache[i].dbc_blksize, li->li_dbcache[i].dbc_maxids,
+ li->li_dbcache[i].dbc_maxindirect );
+
+ Debug( LDAP_DEBUG_TRACE, "<= ldbm_cache_open (opened %d)\n", i, 0, 0 );
+
+ ldap_pvt_thread_mutex_init( &li->li_dbcache[i].dbc_write_mutex );
+
+ ldap_pvt_thread_mutex_unlock( &li->li_dbcache_mutex );
+ return( &li->li_dbcache[i] );
+}
+
+void
+ldbm_cache_close( Backend *be, DBCache *db )
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+
+ if( li->li_dbwritesync && db->dbc_dirty ) {
+ ldbm_sync( db->dbc_db );
+ db->dbc_dirty = 0;
+ }
+
+ ldap_pvt_thread_mutex_lock( &li->li_dbcache_mutex );
+ if ( --db->dbc_refcnt <= 0 ) {
+ db->dbc_refcnt = 0;
+ ldap_pvt_thread_cond_signal( &li->li_dbcache_cv );
+ }
+ ldap_pvt_thread_mutex_unlock( &li->li_dbcache_mutex );
+}
+
+void
+ldbm_cache_really_close( Backend *be, DBCache *db )
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+
+ ldap_pvt_thread_mutex_lock( &li->li_dbcache_mutex );
+ if ( --db->dbc_refcnt <= 0 ) {
+ db->dbc_refcnt = 0;
+ ldap_pvt_thread_cond_signal( &li->li_dbcache_cv );
+ ldbm_close( db->dbc_db );
+ free( db->dbc_name );
+ db->dbc_name = NULL;
+ ldap_pvt_thread_mutex_destroy( &db->dbc_write_mutex );
+ }
+ ldap_pvt_thread_mutex_unlock( &li->li_dbcache_mutex );
+}
+
+void
+ldbm_cache_flush_all( Backend *be )
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+ int i;
+
+ ldap_pvt_thread_mutex_lock( &li->li_dbcache_mutex );
+ for ( i = 0; i < MAXDBCACHE; i++ ) {
+ if ( li->li_dbcache[i].dbc_name != NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "ldbm flushing db (%s)\n",
+ li->li_dbcache[i].dbc_name, 0, 0 );
+
+ ldbm_sync( li->li_dbcache[i].dbc_db );
+ li->li_dbcache[i].dbc_dirty = 0;
+ if ( li->li_dbcache[i].dbc_refcnt != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "refcnt = %d, couldn't close db (%s)\n",
+ li->li_dbcache[i].dbc_refcnt,
+ li->li_dbcache[i].dbc_name, 0 );
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm closing db (%s)\n",
+ li->li_dbcache[i].dbc_name, 0, 0 );
+
+ ldap_pvt_thread_cond_signal( &li->li_dbcache_cv );
+ ldbm_close( li->li_dbcache[i].dbc_db );
+ free( li->li_dbcache[i].dbc_name );
+ li->li_dbcache[i].dbc_name = NULL;
+ }
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &li->li_dbcache_mutex );
+}
+
+void
+ldbm_cache_sync( Backend *be )
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+ int i;
+ int do_log = 1;
+
+ ldap_pvt_thread_mutex_lock( &li->li_dbcache_mutex );
+ for ( i = 0; i < MAXDBCACHE; i++ ) {
+ if ( li->li_dbcache[i].dbc_name != NULL && li->li_dbcache[i].dbc_dirty ) {
+ if ( do_log ) {
+ do_log = 0;
+ Debug( LDAP_DEBUG_TRACE, "syncing %s\n",
+ li->li_directory, 0, 0 );
+ }
+ Debug( LDAP_DEBUG_TRACE, "ldbm syncing db (%s)\n",
+ li->li_dbcache[i].dbc_name, 0, 0 );
+ ldbm_sync( li->li_dbcache[i].dbc_db );
+ li->li_dbcache[i].dbc_dirty = 0;
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &li->li_dbcache_mutex );
+}
+
+#if 0 /* macro in proto-back-ldbm.h */
+Datum
+ldbm_cache_fetch(
+ DBCache *db,
+ Datum key
+)
+{
+ return ldbm_fetch( db->dbc_db, key );
+}
+#endif /* 0 */
+
+int
+ldbm_cache_store(
+ DBCache *db,
+ Datum key,
+ Datum data,
+ int flags
+)
+{
+ int rc;
+
+ db->dbc_dirty = 1;
+ rc = ldbm_store( db->dbc_db, key, data, flags );
+
+ return( rc );
+}
+
+int
+ldbm_cache_delete(
+ DBCache *db,
+ Datum key
+)
+{
+ int rc;
+
+ db->dbc_dirty = 1;
+ rc = ldbm_delete( db->dbc_db, key );
+
+ return( rc );
+}
+
+void *
+ldbm_cache_sync_daemon(
+ void *ctx,
+ void *arg
+)
+{
+ struct re_s *rtask = arg;
+ Backend *be = rtask->arg;
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+
+ /* If server is idle, or we've already waited the limit */
+ if ( li->li_dbsyncwaitcount == li->li_dbsyncwaitn ||
+ ldap_pvt_thread_pool_backload(&connection_pool) < 2 ) {
+ rtask->interval.tv_sec = li->li_dbsyncfreq;
+ li->li_dbsyncwaitcount = 0;
+ ldbm_cache_sync( be );
+ } else {
+ rtask->interval.tv_sec = li->li_dbsyncwaitinterval;
+ li->li_dbsyncwaitcount++;
+ Debug( LDAP_DEBUG_TRACE, "delay #%d syncing %s\n",
+ li->li_dbsyncwaitcount, li->li_directory, 0 );
+ }
+
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ ldap_pvt_runqueue_stoptask( &slapd_rq, rtask );
+ ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 );
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+ return NULL;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/delete.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/delete.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/delete.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,223 @@
+/* delete.c - ldbm backend delete routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/delete.c,v 1.80.2.6 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
+#include "lutil.h"
+
+int
+ldbm_back_delete(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
+ Entry *matched;
+ struct berval pdn;
+ Entry *e, *p = NULL;
+ int rc = -1;
+ int manageDSAit = get_manageDSAit( op );
+ AttributeDescription *children = slap_schema.si_ad_children;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
+
+ Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_delete: %s\n", op->o_req_dn.bv_val, 0, 0);
+
+ /* grab giant lock for writing */
+ ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
+
+ /* allocate CSN */
+ if ( BER_BVISEMPTY( &op->o_csn )) {
+ struct berval csn;
+ char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
+
+ csn.bv_val = csnbuf;
+ csn.bv_len = sizeof(csnbuf);
+ slap_get_csn( op, &csn, 1 );
+ }
+
+ /* get entry with writer lock */
+ e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
+
+ /* FIXME : dn2entry() should return non-glue entry */
+ if ( e == NULL || ( !manageDSAit && is_entry_glue( e ))) {
+ Debug(LDAP_DEBUG_ARGS, "<=- ldbm_back_delete: no such object %s\n",
+ op->o_req_dn.bv_val, 0, 0);
+
+ if ( matched != NULL ) {
+ rs->sr_matched = ch_strdup( matched->e_dn );
+ rs->sr_ref = is_entry_referral( matched )
+ ? get_entry_referrals( op, matched )
+ : NULL;
+ cache_return_entry_r( &li->li_cache, matched );
+
+ } else {
+ rs->sr_ref = referral_rewrite( default_referral, NULL,
+ &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ }
+
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_flags |= REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
+ goto return_results;
+ }
+
+ /* check entry for "entry" acl */
+ if ( ! access_allowed( op, e, entry, NULL, ACL_WDEL, NULL ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- ldbm_back_delete: no write access to entry\n", 0,
+ 0, 0 );
+
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "no write access to entry";
+ goto return_results;
+ }
+
+ if ( !manageDSAit && is_entry_referral( e ) ) {
+ /* parent is a referral, don't allow add */
+ /* parent is an alias, don't allow add */
+ rs->sr_ref = get_entry_referrals( op, e );
+
+ Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
+ 0, 0 );
+
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_matched = ch_strdup( e->e_name.bv_val );
+ rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
+ goto return_results;
+ }
+
+ if ( has_children( op->o_bd, e ) ) {
+ Debug(LDAP_DEBUG_ARGS, "<=- ldbm_back_delete: non leaf %s\n",
+ op->o_req_dn.bv_val, 0, 0);
+
+ rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
+ rs->sr_text = "subordinate objects must be deleted first";
+ goto return_results;
+ }
+
+ /* delete from parent's id2children entry */
+ if( !be_issuffix( op->o_bd, &e->e_nname ) && (dnParent( &e->e_nname, &pdn ),
+ pdn.bv_len) ) {
+ if( (p = dn2entry_w( op->o_bd, &pdn, NULL )) == NULL) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- ldbm_back_delete: parent does not exist\n",
+ 0, 0, 0);
+
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "could not locate parent of entry";
+ goto return_results;
+ }
+
+ /* check parent for "children" acl */
+ if ( ! access_allowed( op, p,
+ children, NULL, ACL_WDEL, NULL ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- ldbm_back_delete: no access to parent\n", 0,
+ 0, 0 );
+
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "no write access to parent";
+ goto return_results;
+ }
+
+ } else {
+ /* no parent, must be root to delete */
+ if( ! be_isroot( op ) ) {
+ if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
+ || be_shadow_update( op ) ) {
+ p = (Entry *)&slap_entry_root;
+
+ rc = access_allowed( op, p,
+ children, NULL, ACL_WDEL, NULL );
+ p = NULL;
+
+ /* check parent for "children" acl */
+ if ( ! rc ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- ldbm_back_delete: no "
+ "access to parent\n", 0, 0, 0 );
+
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "no write access to parent";
+ goto return_results;
+ }
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- ldbm_back_delete: no parent & "
+ "not root\n", 0, 0, 0);
+
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+ }
+ }
+
+ /* delete from dn2id mapping */
+ if ( dn2id_delete( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
+ Debug(LDAP_DEBUG_ARGS,
+ "<=- ldbm_back_delete: operations error %s\n",
+ op->o_req_dn.bv_val, 0, 0);
+
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "DN index delete failed";
+ goto return_results;
+ }
+
+ /* delete from disk and cache */
+ if ( id2entry_delete( op->o_bd, e ) != 0 ) {
+ Debug(LDAP_DEBUG_ARGS,
+ "<=- ldbm_back_delete: operations error %s\n",
+ op->o_req_dn.bv_val, 0, 0);
+
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "entry delete failed";
+ goto return_results;
+ }
+
+ /* delete attribute indices */
+ (void) index_entry_del( op, e );
+
+ rs->sr_err = LDAP_SUCCESS;
+
+return_results:;
+ rc = rs->sr_err;
+
+ if( p != NULL ) {
+ /* free parent and writer lock */
+ cache_return_entry_w( &li->li_cache, p );
+ }
+
+ if ( e != NULL ) {
+ /* free entry and writer lock */
+ cache_return_entry_w( &li->li_cache, e );
+ }
+
+ ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+
+ send_ldap_result( op, rs );
+ slap_graduate_commit_csn( op );
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/dn2id.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/dn2id.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/dn2id.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,371 @@
+/* dn2id.c - routines to deal with the dn2id index */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/dn2id.c,v 1.70.2.4 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
+
+int
+dn2id_add(
+ Backend *be,
+ struct berval *dn,
+ ID id
+)
+{
+ int rc, flags;
+ DBCache *db;
+ Datum key, data;
+ char *buf;
+ struct berval ptr, pdn;
+
+ Debug( LDAP_DEBUG_TRACE, "=> dn2id_add( \"%s\", %ld )\n", dn->bv_val, id, 0 );
+
+ assert( id != NOID );
+
+ db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT );
+ if ( db == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Could not open/create dn2id%s\n",
+ LDBM_SUFFIX, 0, 0 );
+
+ return( -1 );
+ }
+
+ ldbm_datum_init( key );
+ key.dsize = dn->bv_len + 2;
+ buf = ch_malloc( key.dsize );
+ key.dptr = buf;
+ buf[0] = DN_BASE_PREFIX;
+ ptr.bv_val = buf + 1;
+ ptr.bv_len = dn->bv_len;
+ AC_MEMCPY( ptr.bv_val, dn->bv_val, dn->bv_len );
+ ptr.bv_val[ dn->bv_len ] = '\0';
+
+ ldbm_datum_init( data );
+ data.dptr = (char *) &id;
+ data.dsize = sizeof(ID);
+
+ flags = LDBM_INSERT;
+ rc = ldbm_cache_store( db, key, data, flags );
+
+ if ( rc != -1 && !be_issuffix( be, &ptr )) {
+ buf[0] = DN_SUBTREE_PREFIX;
+ ldap_pvt_thread_mutex_lock( &db->dbc_write_mutex );
+ rc = idl_insert_key( be, db, key, id );
+ ldap_pvt_thread_mutex_unlock( &db->dbc_write_mutex );
+
+ if ( rc != -1 ) {
+ dnParent( &ptr, &pdn );
+
+ pdn.bv_val[-1] = DN_ONE_PREFIX;
+ key.dsize = pdn.bv_len + 2;
+ key.dptr = pdn.bv_val - 1;
+ ptr = pdn;
+ ldap_pvt_thread_mutex_lock( &db->dbc_write_mutex );
+ rc = idl_insert_key( be, db, key, id );
+ ldap_pvt_thread_mutex_unlock( &db->dbc_write_mutex );
+ }
+ }
+
+ while ( rc != -1 && !be_issuffix( be, &ptr )) {
+ ptr.bv_val[-1] = DN_SUBTREE_PREFIX;
+
+ ldap_pvt_thread_mutex_lock( &db->dbc_write_mutex );
+ rc = idl_insert_key( be, db, key, id );
+ ldap_pvt_thread_mutex_unlock( &db->dbc_write_mutex );
+
+ if( rc != 0 ) break;
+ dnParent( &ptr, &pdn );
+ key.dsize = pdn.bv_len + 2;
+ key.dptr = pdn.bv_val - 1;
+ ptr = pdn;
+ }
+
+ free( buf );
+ ldbm_cache_close( be, db );
+
+ Debug( LDAP_DEBUG_TRACE, "<= dn2id_add %d\n", rc, 0, 0 );
+
+ return( rc );
+}
+
+int
+dn2id(
+ Backend *be,
+ struct berval *dn,
+ ID *idp
+)
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+ DBCache *db;
+ Datum key, data;
+ unsigned char *tmp;
+
+ Debug( LDAP_DEBUG_TRACE, "=> dn2id( \"%s\" )\n", dn->bv_val, 0, 0 );
+
+ assert( idp != NULL );
+
+ /* first check the cache */
+ *idp = cache_find_entry_ndn2id( be, &li->li_cache, dn );
+ if ( *idp != NOID ) {
+ Debug( LDAP_DEBUG_TRACE, "<= dn2id %ld (in cache)\n", *idp,
+ 0, 0 );
+
+ return( 0 );
+ }
+
+ db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT );
+ if ( db == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "<= dn2id could not open dn2id%s\n",
+ LDBM_SUFFIX, 0, 0 );
+ /*
+ * return code !0 if ldbm cache open failed;
+ * callers should handle this
+ */
+ *idp = NOID;
+ return( -1 );
+ }
+
+ ldbm_datum_init( key );
+
+ key.dsize = dn->bv_len + 2;
+ key.dptr = ch_malloc( key.dsize );
+ tmp = (unsigned char *)key.dptr;
+ tmp[0] = DN_BASE_PREFIX;
+ tmp++;
+ AC_MEMCPY( tmp, dn->bv_val, dn->bv_len );
+ tmp[dn->bv_len] = '\0';
+
+ data = ldbm_cache_fetch( db, key );
+
+ ldbm_cache_close( be, db );
+
+ free( key.dptr );
+
+ if ( data.dptr == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "<= dn2id NOID\n", 0, 0, 0 );
+
+ *idp = NOID;
+ return( 0 );
+ }
+
+ AC_MEMCPY( (char *) idp, data.dptr, sizeof(ID) );
+
+ assert( *idp != NOID );
+
+ ldbm_datum_free( db->dbc_db, data );
+
+ Debug( LDAP_DEBUG_TRACE, "<= dn2id %ld\n", *idp, 0, 0 );
+
+ return( 0 );
+}
+
+int
+dn2idl(
+ Backend *be,
+ struct berval *dn,
+ int prefix,
+ ID_BLOCK **idlp
+)
+{
+ DBCache *db;
+ Datum key;
+ unsigned char *tmp;
+
+ Debug( LDAP_DEBUG_TRACE, "=> dn2idl( \"%c%s\" )\n", prefix, dn->bv_val, 0 );
+
+ assert( idlp != NULL );
+ *idlp = NULL;
+
+ if ( prefix == DN_SUBTREE_PREFIX && be_issuffix(be, dn) ) {
+ *idlp = idl_allids( be );
+ return 0;
+ }
+
+ db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT );
+ if ( db == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "<= dn2idl could not open dn2id%s\n",
+ LDBM_SUFFIX, 0, 0 );
+
+ return -1;
+ }
+
+ ldbm_datum_init( key );
+
+ key.dsize = dn->bv_len + 2;
+ key.dptr = ch_malloc( key.dsize );
+ tmp = (unsigned char *)key.dptr;
+ tmp[0] = prefix;
+ tmp++;
+ AC_MEMCPY( tmp, dn->bv_val, dn->bv_len );
+ tmp[dn->bv_len] = '\0';
+
+ *idlp = idl_fetch( be, db, key );
+
+ ldbm_cache_close( be, db );
+
+ free( key.dptr );
+
+ return( 0 );
+}
+
+
+int
+dn2id_delete(
+ Backend *be,
+ struct berval *dn,
+ ID id
+)
+{
+ DBCache *db;
+ Datum key;
+ int rc;
+ char *buf;
+ struct berval ptr, pdn;
+
+ Debug( LDAP_DEBUG_TRACE, "=> dn2id_delete( \"%s\", %ld )\n", dn->bv_val, id, 0 );
+
+
+ assert( id != NOID );
+
+ db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT );
+ if ( db == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= dn2id_delete could not open dn2id%s\n", LDBM_SUFFIX,
+ 0, 0 );
+
+ return( -1 );
+ }
+
+ ldbm_datum_init( key );
+ key.dsize = dn->bv_len + 2;
+ buf = ch_malloc( key.dsize );
+ key.dptr = buf;
+ buf[0] = DN_BASE_PREFIX;
+ ptr.bv_val = buf + 1;
+ ptr.bv_len = dn->bv_len;
+ AC_MEMCPY( ptr.bv_val, dn->bv_val, dn->bv_len );
+ ptr.bv_val[dn->bv_len] = '\0';
+
+ rc = ldbm_cache_delete( db, key );
+
+ if( !be_issuffix( be, &ptr )) {
+ buf[0] = DN_SUBTREE_PREFIX;
+ ldap_pvt_thread_mutex_lock( &db->dbc_write_mutex );
+ (void) idl_delete_key( be, db, key, id );
+ ldap_pvt_thread_mutex_unlock( &db->dbc_write_mutex );
+
+ dnParent( &ptr, &pdn );
+
+ pdn.bv_val[-1] = DN_ONE_PREFIX;
+ key.dsize = pdn.bv_len + 2;
+ key.dptr = pdn.bv_val - 1;
+ ptr = pdn;
+
+ ldap_pvt_thread_mutex_lock( &db->dbc_write_mutex );
+ (void) idl_delete_key( be, db, key, id );
+ ldap_pvt_thread_mutex_unlock( &db->dbc_write_mutex );
+ }
+
+ while ( rc != -1 && !be_issuffix( be, &ptr )) {
+ ptr.bv_val[-1] = DN_SUBTREE_PREFIX;
+
+ ldap_pvt_thread_mutex_lock( &db->dbc_write_mutex );
+ (void) idl_delete_key( be, db, key, id );
+ ldap_pvt_thread_mutex_unlock( &db->dbc_write_mutex );
+
+ dnParent( &ptr, &pdn );
+ key.dsize = pdn.bv_len + 2;
+ key.dptr = pdn.bv_val - 1;
+ ptr = pdn;
+ }
+
+ free( buf );
+
+ ldbm_cache_close( be, db );
+
+ Debug( LDAP_DEBUG_TRACE, "<= dn2id_delete %d\n", rc, 0, 0 );
+
+ return( rc );
+}
+
+/*
+ * dn2entry - look up dn in the cache/indexes and return the corresponding
+ * entry.
+ */
+
+Entry *
+dn2entry_rw(
+ Backend *be,
+ struct berval *dn,
+ Entry **matched,
+ int rw
+)
+{
+ ID id;
+ Entry *e = NULL;
+ struct berval pdn;
+
+ Debug(LDAP_DEBUG_TRACE, "dn2entry_%s: dn: \"%s\"\n",
+ rw ? "w" : "r", dn->bv_val, 0);
+
+
+ if( matched != NULL ) {
+ /* caller cares about match */
+ *matched = NULL;
+ }
+
+ if ( dn2id( be, dn, &id ) ) {
+ /* something bad happened to ldbm cache */
+ return( NULL );
+
+ }
+
+ if ( id != NOID ) {
+ /* try to return the entry */
+ if ((e = id2entry_rw( be, id, rw )) != NULL ) {
+ return( e );
+ }
+
+ Debug(LDAP_DEBUG_ANY,
+ "dn2entry_%s: no entry for valid id (%ld), dn \"%s\"\n",
+ rw ? "w" : "r", id, dn->bv_val);
+
+ /* must have been deleted from underneath us */
+ /* treat as if NOID was found */
+ }
+
+ /* caller doesn't care about match */
+ if( matched == NULL ) return NULL;
+
+ /* entry does not exist - see how much of the dn does exist */
+ if ( !be_issuffix( be, dn ) && (dnParent( dn, &pdn ), pdn.bv_len) ) {
+ /* get entry with reader lock */
+ if ((e = dn2entry_r( be, &pdn, matched )) != NULL )
+ {
+ *matched = e;
+ }
+ }
+
+ return NULL;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/entry.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/entry.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/entry.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,140 @@
+/* entry.c - ldbm backend entry_release routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/entry.c,v 1.21.2.5 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
+
+
+int
+ldbm_back_entry_release_rw(
+ Operation *op,
+ Entry *e,
+ int rw
+)
+{
+ struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
+
+ if ( slapMode == SLAP_SERVER_MODE ) {
+ /* free entry and reader or writer lock */
+ cache_return_entry_rw( &li->li_cache, e, rw );
+ /* only do_add calls here with a write lock.
+ * get_entry doesn't obtain the giant lock, because its
+ * caller has already obtained it.
+ */
+ if( rw ) {
+ ldap_pvt_thread_rdwr_wunlock( &li->li_giant_rwlock );
+ }
+#if 0
+ else {
+ ldap_pvt_thread_rdwr_runlock( &li->li_giant_rwlock );
+ }
+#endif
+
+ } else {
+ if ( e->e_private ) {
+ free( e->e_private );
+ e->e_private = NULL;
+ }
+ entry_free( e );
+ }
+
+ return 0;
+}
+
+/* return LDAP_SUCCESS IFF we can retrieve the specified entry.
+ */
+int ldbm_back_entry_get(
+ Operation *op,
+ struct berval *ndn,
+ ObjectClass *oc,
+ AttributeDescription *at,
+ int rw,
+ Entry **ent )
+{
+ struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
+ Entry *e;
+ int rc;
+ const char *at_name = at ? at->ad_cname.bv_val : "(null)";
+
+ Debug( LDAP_DEBUG_ARGS,
+ "=> ldbm_back_entry_get: ndn: \"%s\"\n", ndn->bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_ARGS,
+ "=> ldbm_back_entry_get: oc: \"%s\", at: \"%s\"\n",
+ oc ? oc->soc_cname.bv_val : "(null)", at_name, 0);
+
+ /* don't grab the giant lock - our caller has already gotten it. */
+
+ /* can we find entry */
+ e = dn2entry_rw( op->o_bd, ndn, NULL, rw );
+ if (e == NULL) {
+ Debug( LDAP_DEBUG_ACL,
+ "=> ldbm_back_entry_get: cannot find entry: \"%s\"\n",
+ ndn->bv_val, 0, 0 );
+ return LDAP_NO_SUCH_OBJECT;
+ }
+
+ Debug( LDAP_DEBUG_ACL,
+ "=> ldbm_back_entry_get: found entry: \"%s\"\n",
+ ndn->bv_val, 0, 0 );
+
+#ifdef BDB_ALIASES
+ /* find attribute values */
+ if( is_entry_alias( e ) ) {
+ Debug( LDAP_DEBUG_ACL,
+ "<= ldbm_back_entry_get: entry is an alias\n", 0, 0, 0 );
+ rc = LDAP_ALIAS_PROBLEM;
+ goto return_results;
+ }
+#endif
+
+ if( is_entry_referral( e ) ) {
+ Debug( LDAP_DEBUG_ACL,
+ "<= ldbm_back_entry_get: entry is a referral\n", 0, 0, 0 );
+ rc = LDAP_REFERRAL;
+ goto return_results;
+ }
+
+ if ( oc && !is_entry_objectclass( e, oc, 0 )) {
+ Debug( LDAP_DEBUG_ACL,
+ "<= ldbm_back_entry_get: failed to find objectClass %s\n",
+ oc->soc_cname.bv_val, 0, 0 );
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ goto return_results;
+ }
+
+ rc = LDAP_SUCCESS;
+
+return_results:
+ if( rc != LDAP_SUCCESS ) {
+ /* free entry */
+ cache_return_entry_rw(&li->li_cache, e, rw);
+ } else {
+ *ent = e;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_entry_get: rc=%d\n",
+ rc, 0, 0 );
+ return(rc);
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/extended.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/extended.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/extended.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,52 @@
+/* extended.c - ldbm backend extended routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/extended.c,v 1.18.2.3 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
+#include "lber_pvt.h"
+
+struct exop {
+ struct berval *oid;
+ BI_op_extended *extended;
+} exop_table[] = {
+ { NULL, NULL }
+};
+
+int
+ldbm_back_extended(
+ Operation *op,
+ SlapReply *rs )
+{
+ int i;
+
+ for( i=0; exop_table[i].extended != NULL; i++ ) {
+ if( ber_bvcmp( exop_table[i].oid, &op->oq_extended.rs_reqoid ) == 0 ) {
+ return exop_table[i].extended( op, rs );
+ }
+ }
+
+ rs->sr_text = "not supported within naming context";
+ return LDAP_UNWILLING_TO_PERFORM;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/filterindex.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/filterindex.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/filterindex.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,684 @@
+/* filterindex.c - generate the list of candidate entries from a filter */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/filterindex.c,v 1.53.2.3 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+
+static ID_BLOCK *presence_candidates(
+ Operation *op,
+ AttributeDescription *desc );
+static ID_BLOCK *equality_candidates(
+ Operation *op, AttributeAssertion *ava );
+static ID_BLOCK *approx_candidates(
+ Operation *op, AttributeAssertion *ava );
+static ID_BLOCK *substring_candidates(
+ Operation *op,
+ SubstringsAssertion *sub );
+static ID_BLOCK *list_candidates(
+ Operation *op,
+ Filter *flist,
+ int ftype );
+
+ID_BLOCK *
+filter_candidates(
+ Operation *op,
+ Filter *f
+)
+{
+ char *sub = "SUBTREE";
+ ID_BLOCK *result;
+
+ Debug( LDAP_DEBUG_TRACE, "=> filter_candidates\n", 0, 0, 0 );
+
+
+ result = NULL;
+ switch ( f->f_choice ) {
+ case SLAPD_FILTER_COMPUTED:
+ switch( f->f_result ) {
+ case SLAPD_COMPARE_UNDEFINED:
+ /* This technically is not the same as FALSE, but it
+ * certainly will produce no matches.
+ */
+ /* FALLTHRU */
+ case LDAP_COMPARE_FALSE:
+ result = NULL;
+ break;
+ case LDAP_COMPARE_TRUE:
+ result = idl_allids( op->o_bd );
+ break;
+ }
+ break;
+
+ case SLAPD_FILTER_DN_ONE:
+ Debug( LDAP_DEBUG_FILTER, "\tDN ONE\n", 0, 0, 0 );
+
+ /* an error is treated as an empty list */
+ if ( dn2idl( op->o_bd, f->f_dn, DN_ONE_PREFIX, &result ) != 0
+ && result != NULL ) {
+ idl_free( result );
+ result = NULL;
+ }
+ break;
+
+#ifdef SLAPD_FILTER_DN_CHILDREN
+ case SLAPD_FILTER_DN_CHILDREN:
+ sub = "CHILDREN";
+#endif
+ case SLAPD_FILTER_DN_SUBTREE:
+ Debug( LDAP_DEBUG_FILTER,
+ "\tDN %s\n", sub, 0, 0 );
+
+ /* an error is treated as an empty list */
+ if ( dn2idl( op->o_bd, f->f_dn, DN_SUBTREE_PREFIX, &result ) != 0
+ && result != NULL ) {
+ idl_free( result );
+ result = NULL;
+ }
+ break;
+
+ case LDAP_FILTER_PRESENT:
+ Debug( LDAP_DEBUG_FILTER, "\tPRESENT\n", 0, 0, 0 );
+
+ result = presence_candidates( op, f->f_desc );
+ break;
+
+ case LDAP_FILTER_EQUALITY:
+ Debug( LDAP_DEBUG_FILTER, "\tEQUALITY\n", 0, 0, 0 );
+
+ result = equality_candidates( op, f->f_ava );
+ break;
+
+ case LDAP_FILTER_APPROX:
+ Debug( LDAP_DEBUG_FILTER, "\tAPPROX\n", 0, 0, 0 );
+
+ result = approx_candidates( op, f->f_ava );
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ Debug( LDAP_DEBUG_FILTER, "\tSUBSTRINGS\n", 0, 0, 0 );
+
+ result = substring_candidates( op, f->f_sub );
+ break;
+
+ case LDAP_FILTER_GE:
+ Debug( LDAP_DEBUG_FILTER, "\tGE\n", 0, 0, 0 );
+
+ result = presence_candidates( op, f->f_ava->aa_desc );
+ break;
+
+ case LDAP_FILTER_LE:
+ Debug( LDAP_DEBUG_FILTER, "\tLE\n", 0, 0, 0 );
+
+ result = presence_candidates( op, f->f_ava->aa_desc );
+ break;
+
+ case LDAP_FILTER_AND:
+ Debug( LDAP_DEBUG_FILTER, "\tAND\n", 0, 0, 0 );
+
+ result = list_candidates( op, f->f_and, LDAP_FILTER_AND );
+ break;
+
+ case LDAP_FILTER_OR:
+ Debug( LDAP_DEBUG_FILTER, "\tOR\n", 0, 0, 0 );
+
+ result = list_candidates( op, f->f_or, LDAP_FILTER_OR );
+ break;
+
+ case LDAP_FILTER_NOT:
+ Debug( LDAP_DEBUG_FILTER, "\tNOT\n", 0, 0, 0 );
+
+ /*
+ * As candidates lists may contain entries which do
+ * not match the assertion, negation of the inner candidate
+ * list could result in matching entries be excluded from
+ * the returned candidate list.
+ */
+ result = idl_allids( op->o_bd );
+ break;
+ default:
+ Debug( LDAP_DEBUG_FILTER, "\tUNKNOWN\n", 0, 0, 0 );
+ /* unknown filters must not return NULL, to allow
+ * extended filter processing to be done later.
+ */
+ result = idl_allids( op->o_bd );
+ break;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<= filter_candidates %ld\n",
+ result ? ID_BLOCK_NIDS(result) : 0, 0, 0 );
+
+ return( result );
+}
+
+static ID_BLOCK *
+presence_candidates(
+ Operation *op,
+ AttributeDescription *desc
+)
+{
+ ID_BLOCK *idl;
+ DBCache *db;
+ int rc;
+ char *dbname;
+ slap_mask_t mask;
+ struct berval prefix = {0, NULL};
+
+ Debug( LDAP_DEBUG_TRACE, "=> presence_candidates\n", 0, 0, 0 );
+
+ idl = idl_allids( op->o_bd );
+
+ if( desc == slap_schema.si_ad_objectClass ) {
+ return idl;
+ }
+
+ rc = index_param( op->o_bd, desc, LDAP_FILTER_PRESENT,
+ &dbname, &mask, &prefix );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= presence_candidates: index_param returned=%d\n",
+ rc, 0, 0 );
+
+ return idl;
+ }
+
+ if( dbname == NULL ) {
+ /* not indexed */
+ Debug( LDAP_DEBUG_TRACE,
+ "<= presense_candidates: not indexed\n",
+ 0, 0, 0 );
+
+ return idl;
+ }
+
+ db = ldbm_cache_open( op->o_bd, dbname, LDBM_SUFFIX, LDBM_WRCREAT );
+
+ if ( db == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= presense_candidates db open failed (%s%s)\n",
+ dbname, LDBM_SUFFIX, 0 );
+
+ return idl;
+ }
+
+ if( prefix.bv_val != NULL ) {
+ idl_free( idl );
+ idl = NULL;
+
+ rc = key_read( op->o_bd, db, &prefix, &idl );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= presense_candidates key read failed (%d)\n",
+ rc, 0, 0 );
+
+
+ } else if( idl == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= presense_candidates NULL\n",
+ 0, 0, 0 );
+
+ }
+ }
+
+ ldbm_cache_close( op->o_bd, db );
+
+ Debug( LDAP_DEBUG_TRACE, "<= presence_candidates %ld\n",
+ idl ? ID_BLOCK_NIDS(idl) : 0, 0, 0 );
+
+ return( idl );
+}
+
+static ID_BLOCK *
+equality_candidates(
+ Operation *op,
+ AttributeAssertion *ava
+)
+{
+ ID_BLOCK *idl;
+ DBCache *db;
+ int i;
+ int rc;
+ char *dbname;
+ slap_mask_t mask;
+ struct berval prefix = {0, NULL};
+ struct berval *keys = NULL;
+ MatchingRule *mr;
+
+ Debug( LDAP_DEBUG_TRACE, "=> equality_candidates\n", 0, 0, 0 );
+
+
+ idl = idl_allids( op->o_bd );
+
+ rc = index_param( op->o_bd, ava->aa_desc, LDAP_FILTER_EQUALITY,
+ &dbname, &mask, &prefix );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= equality_candidates: index_param returned=%d\n",
+ rc, 0, 0 );
+
+ return idl;
+ }
+
+ if( dbname == NULL ) {
+ /* not indexed */
+ Debug( LDAP_DEBUG_TRACE,
+ "<= equality_candidates: not indexed\n",
+ 0, 0, 0 );
+
+ return idl;
+ }
+
+ mr = ava->aa_desc->ad_type->sat_equality;
+ if( !mr ) {
+ return idl;
+ }
+
+ if( !mr->smr_filter ) {
+ return idl;
+ }
+
+ rc = (mr->smr_filter)(
+ LDAP_FILTER_EQUALITY,
+ mask,
+ ava->aa_desc->ad_type->sat_syntax,
+ mr,
+ &prefix,
+ &ava->aa_value,
+ &keys, op->o_tmpmemctx );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= equality_candidates: (%s%s) MR filter failed (%d)\n",
+ dbname, LDBM_SUFFIX, rc );
+
+ return idl;
+ }
+
+ if( keys == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= equality_candidates: no keys (%s%s)\n",
+ dbname, LDBM_SUFFIX, 0 );
+
+ return idl;
+ }
+
+ db = ldbm_cache_open( op->o_bd, dbname, LDBM_SUFFIX, LDBM_WRCREAT );
+
+ if ( db == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= equality_candidates db open failed (%s%s)\n",
+ dbname, LDBM_SUFFIX, 0 );
+
+ return idl;
+ }
+
+ for ( i= 0; keys[i].bv_val != NULL; i++ ) {
+ ID_BLOCK *save;
+ ID_BLOCK *tmp;
+
+ rc = key_read( op->o_bd, db, &keys[i], &tmp );
+
+ if( rc != LDAP_SUCCESS ) {
+ idl_free( idl );
+ idl = NULL;
+ Debug( LDAP_DEBUG_TRACE,
+ "<= equality_candidates key read failed (%d)\n",
+ rc, 0, 0 );
+
+ break;
+ }
+
+ if( tmp == NULL ) {
+ idl_free( idl );
+ idl = NULL;
+ Debug( LDAP_DEBUG_TRACE,
+ "<= equality_candidates NULL\n",
+ 0, 0, 0 );
+
+ break;
+ }
+
+ save = idl;
+ idl = idl_intersection( op->o_bd, idl, tmp );
+ idl_free( save );
+ idl_free( tmp );
+
+ if( idl == NULL ) break;
+ }
+
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+
+ ldbm_cache_close( op->o_bd, db );
+
+
+ Debug( LDAP_DEBUG_TRACE, "<= equality_candidates %ld\n",
+ idl ? ID_BLOCK_NIDS(idl) : 0, 0, 0 );
+
+ return( idl );
+}
+
+static ID_BLOCK *
+approx_candidates(
+ Operation *op,
+ AttributeAssertion *ava
+)
+{
+ ID_BLOCK *idl;
+ DBCache *db;
+ int i;
+ int rc;
+ char *dbname;
+ slap_mask_t mask;
+ struct berval prefix = {0, NULL};
+ struct berval *keys = NULL;
+ MatchingRule *mr;
+
+ Debug( LDAP_DEBUG_TRACE, "=> approx_candidates\n", 0, 0, 0 );
+
+
+ idl = idl_allids( op->o_bd );
+
+ rc = index_param( op->o_bd, ava->aa_desc, LDAP_FILTER_APPROX,
+ &dbname, &mask, &prefix );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= approx_candidates: index_param returned=%d\n",
+ rc, 0, 0 );
+
+ return idl;
+ }
+
+ if( dbname == NULL ) {
+ /* not indexed */
+ Debug( LDAP_DEBUG_ANY,
+ "<= approx_candidates: not indexed\n",
+ 0, 0, 0 );
+
+ return idl;
+ }
+
+ mr = ava->aa_desc->ad_type->sat_approx;
+ if( !mr ) {
+ /* no approx matching rule, try equality matching rule */
+ mr = ava->aa_desc->ad_type->sat_equality;
+ }
+
+ if( !mr ) {
+ return idl;
+ }
+
+ if( !mr->smr_filter ) {
+ return idl;
+ }
+
+ rc = (mr->smr_filter)(
+ LDAP_FILTER_APPROX,
+ mask,
+ ava->aa_desc->ad_type->sat_syntax,
+ mr,
+ &prefix,
+ &ava->aa_value,
+ &keys, op->o_tmpmemctx );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= approx_candidates: (%s%s) MR filter failed (%d)\n",
+ dbname, LDBM_SUFFIX, rc );
+
+ return idl;
+ }
+
+ if( keys == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= approx_candidates: no keys (%s%s)\n",
+ dbname, LDBM_SUFFIX, 0 );
+
+ return idl;
+ }
+
+ db = ldbm_cache_open( op->o_bd, dbname, LDBM_SUFFIX, LDBM_WRCREAT );
+
+ if ( db == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= approx_candidates db open failed (%s%s)\n",
+ dbname, LDBM_SUFFIX, 0 );
+
+ return idl;
+ }
+
+ for ( i= 0; keys[i].bv_val != NULL; i++ ) {
+ ID_BLOCK *save;
+ ID_BLOCK *tmp;
+
+ rc = key_read( op->o_bd, db, &keys[i], &tmp );
+
+ if( rc != LDAP_SUCCESS ) {
+ idl_free( idl );
+ idl = NULL;
+ Debug( LDAP_DEBUG_TRACE, "<= approx_candidates key read failed (%d)\n",
+ rc, 0, 0 );
+
+ break;
+ }
+
+ if( tmp == NULL ) {
+ idl_free( idl );
+ idl = NULL;
+ Debug( LDAP_DEBUG_TRACE, "<= approx_candidates NULL\n",
+ 0, 0, 0 );
+
+ break;
+ }
+
+ save = idl;
+ idl = idl_intersection( op->o_bd, idl, tmp );
+ idl_free( save );
+ idl_free( tmp );
+
+ if( idl == NULL ) break;
+ }
+
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+
+ ldbm_cache_close( op->o_bd, db );
+
+ Debug( LDAP_DEBUG_TRACE, "<= approx_candidates %ld\n",
+ idl ? ID_BLOCK_NIDS(idl) : 0, 0, 0 );
+
+ return( idl );
+}
+
+static ID_BLOCK *
+list_candidates(
+ Operation *op,
+ Filter *flist,
+ int ftype
+)
+{
+ ID_BLOCK *idl, *tmp, *tmp2;
+ Filter *f;
+
+ Debug( LDAP_DEBUG_TRACE, "=> list_candidates 0x%x\n", ftype, 0, 0 );
+
+
+ idl = NULL;
+ for ( f = flist; f != NULL; f = f->f_next ) {
+ if ( (tmp = filter_candidates( op, f )) == NULL &&
+ ftype == LDAP_FILTER_AND ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= list_candidates NULL\n", 0, 0, 0 );
+
+ idl_free( idl );
+ return( NULL );
+ }
+
+ tmp2 = idl;
+ if ( idl == NULL ) {
+ idl = tmp;
+ } else if ( ftype == LDAP_FILTER_AND ) {
+ idl = idl_intersection( op->o_bd, idl, tmp );
+ idl_free( tmp );
+ idl_free( tmp2 );
+ } else {
+ idl = idl_union( op->o_bd, idl, tmp );
+ idl_free( tmp );
+ idl_free( tmp2 );
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<= list_candidates %ld\n",
+ idl ? ID_BLOCK_NIDS(idl) : 0, 0, 0 );
+
+ return( idl );
+}
+
+static ID_BLOCK *
+substring_candidates(
+ Operation *op,
+ SubstringsAssertion *sub
+)
+{
+ ID_BLOCK *idl;
+ DBCache *db;
+ int i;
+ int rc;
+ char *dbname;
+ slap_mask_t mask;
+ struct berval prefix = {0, NULL};
+ struct berval *keys = NULL;
+ MatchingRule *mr;
+
+ Debug( LDAP_DEBUG_TRACE, "=> substrings_candidates\n", 0, 0, 0 );
+
+
+ idl = idl_allids( op->o_bd );
+
+ rc = index_param( op->o_bd, sub->sa_desc, LDAP_FILTER_SUBSTRINGS,
+ &dbname, &mask, &prefix );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= substrings_candidates: index_param returned=%d\n",
+ rc, 0, 0 );
+
+ return idl;
+ }
+
+ if( dbname == NULL ) {
+ /* not indexed */
+ Debug( LDAP_DEBUG_ANY,
+ "<= substrings_candidates: not indexed\n",
+ 0, 0, 0 );
+
+ return idl;
+ }
+
+ mr = sub->sa_desc->ad_type->sat_substr;
+
+ if( !mr ) {
+ return idl;
+ }
+
+ if( !mr->smr_filter ) {
+ return idl;
+ }
+
+ rc = (mr->smr_filter)(
+ LDAP_FILTER_SUBSTRINGS,
+ mask,
+ sub->sa_desc->ad_type->sat_syntax,
+ mr,
+ &prefix,
+ sub,
+ &keys, op->o_tmpmemctx );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= substrings_candidates: (%s%s) MR filter failed (%d)\n",
+ dbname, LDBM_SUFFIX, rc );
+
+ return idl;
+ }
+
+ if( keys == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= substrings_candidates: (0x%04lx) no keys (%s%s)\n",
+ mask, dbname, LDBM_SUFFIX );
+
+ return idl;
+ }
+
+ db = ldbm_cache_open( op->o_bd, dbname, LDBM_SUFFIX, LDBM_WRCREAT );
+
+ if ( db == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= substrings_candidates db open failed (%s%s)\n",
+ dbname, LDBM_SUFFIX, 0 );
+
+ return idl;
+ }
+
+ for ( i= 0; keys[i].bv_val != NULL; i++ ) {
+ ID_BLOCK *save;
+ ID_BLOCK *tmp;
+
+ rc = key_read( op->o_bd, db, &keys[i], &tmp );
+
+ if( rc != LDAP_SUCCESS ) {
+ idl_free( idl );
+ idl = NULL;
+ Debug( LDAP_DEBUG_TRACE, "<= substrings_candidates key read failed (%d)\n",
+ rc, 0, 0 );
+
+ break;
+ }
+
+ if( tmp == NULL ) {
+ idl_free( idl );
+ idl = NULL;
+ Debug( LDAP_DEBUG_TRACE, "<= substrings_candidates NULL\n",
+ 0, 0, 0 );
+
+ break;
+ }
+
+ save = idl;
+ idl = idl_intersection( op->o_bd, idl, tmp );
+ idl_free( save );
+ idl_free( tmp );
+
+ if( idl == NULL ) break;
+ }
+
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+
+ ldbm_cache_close( op->o_bd, db );
+
+ Debug( LDAP_DEBUG_TRACE, "<= substrings_candidates %ld\n",
+ idl ? ID_BLOCK_NIDS(idl) : 0, 0, 0 );
+
+ return( idl );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/id2children.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/id2children.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/id2children.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,71 @@
+/* id2children.c - routines to deal with the id2children index */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/id2children.c,v 1.31.2.3 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+
+int
+has_children(
+ Backend *be,
+ Entry *p
+)
+{
+ DBCache *db;
+ Datum key;
+ int rc = 0;
+ ID_BLOCK *idl;
+
+ ldbm_datum_init( key );
+
+ Debug( LDAP_DEBUG_TRACE, "=> has_children( %ld )\n", p->e_id , 0, 0 );
+
+
+ if ( (db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX,
+ LDBM_WRCREAT )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= has_children -1 could not open \"dn2id%s\"\n",
+ LDBM_SUFFIX, 0, 0 );
+
+ return( 0 );
+ }
+
+ key.dsize = strlen( p->e_ndn ) + 2;
+ key.dptr = ch_malloc( key.dsize );
+ sprintf( key.dptr, "%c%s", DN_ONE_PREFIX, p->e_ndn );
+
+ idl = idl_fetch( be, db, key );
+
+ free( key.dptr );
+
+ ldbm_cache_close( be, db );
+
+ if( idl != NULL ) {
+ idl_free( idl );
+ rc = 1;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<= has_children( %ld ): %s\n",
+ p->e_id, rc ? "yes" : "no", 0 );
+
+ return( rc );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/id2entry.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/id2entry.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/id2entry.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,234 @@
+/* id2entry.c - routines to deal with the id2entry index */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/id2entry.c,v 1.38.2.4 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+
+/*
+ * This routine adds (or updates) an entry on disk.
+ * The cache should already be updated.
+ */
+
+int
+id2entry_add( Backend *be, Entry *e )
+{
+ DBCache *db;
+ Datum key, data;
+ int len, rc, flags;
+#ifndef WORDS_BIGENDIAN
+ ID id;
+#endif
+
+ ldbm_datum_init( key );
+ ldbm_datum_init( data );
+
+ Debug( LDAP_DEBUG_TRACE, "=> id2entry_add( %ld, \"%s\" )\n", e->e_id,
+ e->e_dn, 0 );
+
+
+ if ( (db = ldbm_cache_open( be, "id2entry", LDBM_SUFFIX, LDBM_WRCREAT ))
+ == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Could not open/create id2entry%s\n",
+ LDBM_SUFFIX, 0, 0 );
+
+ return( -1 );
+ }
+
+#ifdef WORDS_BIGENDIAN
+ key.dptr = (char *) &e->e_id;
+#else
+ id = htonl(e->e_id);
+ key.dptr = (char *) &id;
+#endif
+ key.dsize = sizeof(ID);
+
+ ldap_pvt_thread_mutex_lock( &entry2str_mutex );
+ data.dptr = entry2str( e, &len );
+ data.dsize = len + 1;
+
+ /* store it */
+ flags = LDBM_REPLACE;
+ rc = ldbm_cache_store( db, key, data, flags );
+
+ ldap_pvt_thread_mutex_unlock( &entry2str_mutex );
+
+ ldbm_cache_close( be, db );
+
+ Debug( LDAP_DEBUG_TRACE, "<= id2entry_add %d\n", rc, 0, 0 );
+
+
+ return( rc );
+}
+
+int
+id2entry_delete( Backend *be, Entry *e )
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+ DBCache *db;
+ Datum key;
+ int rc;
+#ifndef WORDS_BIGENDIAN
+ ID id;
+#endif
+
+ Debug(LDAP_DEBUG_TRACE, "=> id2entry_delete( %ld, \"%s\" )\n", e->e_id,
+ e->e_dn, 0 );
+
+
+#ifdef notdef
+#ifdef LDAP_RDWR_DEBUG
+ /* check for writer lock */
+ assert(ldap_pvt_thread_rdwr_writers(&e->e_rdwr) == 1);
+#endif
+#endif
+
+ ldbm_datum_init( key );
+
+ if ( (db = ldbm_cache_open( be, "id2entry", LDBM_SUFFIX, LDBM_WRCREAT ))
+ == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Could not open/create id2entry%s\n",
+ LDBM_SUFFIX, 0, 0 );
+
+ return( -1 );
+ }
+
+ if ( cache_delete_entry( &li->li_cache, e ) != 0 ) {
+ Debug(LDAP_DEBUG_ANY, "could not delete %ld (%s) from cache\n",
+ e->e_id, e->e_dn, 0 );
+
+ }
+
+#ifdef WORDS_BIGENDIAN
+ key.dptr = (char *) &e->e_id;
+#else
+ id = htonl(e->e_id);
+ key.dptr = (char *) &id;
+#endif
+ key.dsize = sizeof(ID);
+
+ rc = ldbm_cache_delete( db, key );
+
+ ldbm_cache_close( be, db );
+
+ Debug( LDAP_DEBUG_TRACE, "<= id2entry_delete %d\n", rc, 0, 0 );
+
+ return( rc );
+}
+
+/* returns entry with reader/writer lock */
+Entry *
+id2entry_rw( Backend *be, ID id, int rw )
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+ DBCache *db;
+ Datum key, data;
+ Entry *e;
+#ifndef WORDS_BIGENDIAN
+ ID id2;
+#endif
+
+ ldbm_datum_init( key );
+ ldbm_datum_init( data );
+
+ Debug( LDAP_DEBUG_TRACE, "=> id2entry_%s( %ld )\n",
+ rw ? "w" : "r", id, 0 );
+
+
+ if ( (e = cache_find_entry_id( &li->li_cache, id, rw )) != NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s( %ld ) 0x%lx (cache)\n",
+ rw ? "w" : "r", id, (unsigned long) e );
+
+ return( e );
+ }
+
+ if ( (db = ldbm_cache_open( be, "id2entry", LDBM_SUFFIX, LDBM_WRCREAT ))
+ == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Could not open id2entry%s\n",
+ LDBM_SUFFIX, 0, 0 );
+
+ return( NULL );
+ }
+
+#ifdef WORDS_BIGENDIAN
+ key.dptr = (char *) &id;
+#else
+ id2 = htonl(id);
+ key.dptr = (char *) &id2;
+#endif
+ key.dsize = sizeof(ID);
+
+ data = ldbm_cache_fetch( db, key );
+
+ if ( data.dptr == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s( %ld ) not found\n",
+ rw ? "w" : "r", id, 0 );
+
+ ldbm_cache_close( be, db );
+ return( NULL );
+ }
+
+ e = str2entry2( data.dptr, 0 );
+ ldbm_datum_free( db->dbc_db, data );
+ ldbm_cache_close( be, db );
+
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s( %ld ) (failed)\n",
+ rw ? "w" : "r", id, 0 );
+
+ return( NULL );
+ }
+
+ e->e_id = id;
+
+ if ( slapMode == SLAP_SERVER_MODE
+ && cache_add_entry_rw( &li->li_cache, e, rw ) != 0 )
+ {
+ entry_free( e );
+
+ /* XXX this is a kludge.
+ * maybe the entry got added underneath us
+ * There are many underlying race condtions in the cache/disk code.
+ */
+ if ( (e = cache_find_entry_id( &li->li_cache, id, rw )) != NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s( %ld ) 0x%lx (cache)\n",
+ rw ? "w" : "r", id, (unsigned long) e );
+
+ return( e );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s( %ld ) (cache add failed)\n",
+ rw ? "w" : "r", id, 0 );
+
+ return NULL;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s( %ld ) 0x%lx (disk)\n",
+ rw ? "w" : "r", id, (unsigned long) e );
+
+ if ( slapMode == SLAP_SERVER_MODE ) {
+ /* marks the entry as committed, so it will get added to the cache
+ * when the lock is released */
+ cache_entry_commit( e );
+ }
+
+ return( e );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/idl.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/idl.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/idl.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1263 @@
+/* idl.c - ldap id list handling routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/idl.c,v 1.86.2.4 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+
+static ID_BLOCK* idl_dup( ID_BLOCK *idl );
+
+static void cont_alloc( Datum *cont, Datum *key )
+{
+ ldbm_datum_init( *cont );
+ cont->dsize = 1 + sizeof(ID) + key->dsize;
+ cont->dptr = ch_malloc( cont->dsize );
+
+ * (unsigned char *) cont->dptr = SLAP_INDEX_CONT_PREFIX;
+
+ AC_MEMCPY( &((unsigned char *)cont->dptr)[1 + sizeof(ID)],
+ key->dptr, key->dsize );
+}
+
+static void cont_id( Datum *cont, ID id )
+{
+ unsigned int i;
+
+ for( i=1; i <= sizeof(id); i++) {
+ ((unsigned char *)cont->dptr)[i] = (unsigned char)(id & 0xFF);
+ id >>= 8;
+ }
+
+}
+
+static void cont_free( Datum *cont )
+{
+ ch_free( cont->dptr );
+}
+
+#ifdef LDBM_DEBUG_IDL
+static void idl_check(ID_BLOCK *idl)
+{
+ int i, max;
+ ID_BLOCK last;
+
+ if( ID_BLOCK_ALLIDS(idl) )
+ {
+ return;
+ }
+#ifndef USE_INDIRECT_NIDS
+ if( ID_BLOCK_INDIRECT(idl) )
+ {
+ for ( max = 0; !ID_BLOCK_NOID(idl, max); max++ ) ;
+ } else
+#endif
+ {
+ max = ID_BLOCK_NIDS(idl);
+ }
+ if ( max <= 1 )
+ {
+ return;
+ }
+
+ for( last = ID_BLOCK_ID(idl, 0), i = 1;
+ i < max;
+ last = ID_BLOCK_ID(idl, i), i++ )
+ {
+ assert (last < ID_BLOCK_ID(idl, i) );
+ }
+}
+#endif
+
+/* Allocate an ID_BLOCK with room for nids ids */
+ID_BLOCK *
+idl_alloc( unsigned int nids )
+{
+ ID_BLOCK *new;
+
+ /* nmax + nids + space for the ids */
+ new = (ID_BLOCK *) ch_calloc( (ID_BLOCK_IDS_OFFSET + nids), sizeof(ID) );
+ ID_BLOCK_NMAX(new) = nids;
+ ID_BLOCK_NIDS(new) = 0;
+
+ return( new );
+}
+
+
+/* Allocate an empty ALLIDS ID_BLOCK */
+ID_BLOCK *
+idl_allids( Backend *be )
+{
+ ID_BLOCK *idl;
+ ID id;
+
+ idl = idl_alloc( 0 );
+ ID_BLOCK_NMAX(idl) = ID_BLOCK_ALLIDS_VALUE;
+ if ( next_id_get( be, &id ) ) {
+ idl_free( idl );
+ return NULL;
+ }
+ ID_BLOCK_NIDS(idl) = id;
+
+ return( idl );
+}
+
+/* Free an ID_BLOCK */
+void
+idl_free( ID_BLOCK *idl )
+{
+ if ( idl == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "idl_free: called with NULL pointer\n",
+ 0, 0, 0 );
+
+ return;
+ }
+
+ free( (char *) idl );
+}
+
+
+/* Fetch an single ID_BLOCK from the cache */
+static ID_BLOCK *
+idl_fetch_one(
+ Backend *be,
+ DBCache *db,
+ Datum key
+)
+{
+ Datum data;
+ ID_BLOCK *idl;
+
+ /* Debug( LDAP_DEBUG_TRACE, "=> idl_fetch_one\n", 0, 0, 0 ); */
+
+ data = ldbm_cache_fetch( db, key );
+
+ if( data.dptr == NULL ) {
+ return NULL;
+ }
+
+ idl = (ID_BLOCK *) data.dptr;
+ if ( ID_BLOCK_ALLIDS(idl) ) {
+ /* make sure we have the current value of highest id */
+ idl = idl_allids( be );
+ } else {
+ idl = idl_dup((ID_BLOCK *) data.dptr);
+ }
+
+ ldbm_datum_free( db->dbc_db, data );
+
+ return idl;
+}
+
+
+/* Fetch a set of ID_BLOCKs from the cache
+ * if not INDIRECT
+ * if block return is an ALLIDS block,
+ * return an new ALLIDS block
+ * otherwise
+ * return block
+ * construct super block from all blocks referenced by INDIRECT block
+ * return super block
+ */
+ID_BLOCK *
+idl_fetch(
+ Backend *be,
+ DBCache *db,
+ Datum key
+)
+{
+ Datum data;
+ ID_BLOCK *idl;
+ ID_BLOCK **tmp;
+ unsigned i, nids, nblocks;
+
+ idl = idl_fetch_one( be, db, key );
+
+ if ( idl == NULL ) {
+ return NULL;
+ }
+
+ if ( ID_BLOCK_ALLIDS(idl) ) {
+ /* all ids block */
+ return( idl );
+ }
+
+ if ( ! ID_BLOCK_INDIRECT( idl ) ) {
+ /* regular block */
+ return( idl );
+ }
+
+ /*
+ * this is an indirect block which points to other blocks.
+ * we need to read in all the blocks it points to and construct
+ * a big id list containing all the ids, which we will return.
+ */
+
+#ifndef USE_INDIRECT_NIDS
+ /* count the number of blocks & allocate space for pointers to them */
+ for ( nblocks = 0; !ID_BLOCK_NOID(idl, nblocks); nblocks++ )
+ ; /* NULL */
+#else
+ nblocks = ID_BLOCK_NIDS(idl);
+#endif
+ tmp = (ID_BLOCK **) ch_malloc( nblocks * sizeof(ID_BLOCK *) );
+
+ /* read in all the blocks */
+ cont_alloc( &data, &key );
+ nids = 0;
+ for ( i = 0; i < nblocks; i++ ) {
+ cont_id( &data, ID_BLOCK_ID(idl, i) );
+
+ if ( (tmp[i] = idl_fetch_one( be, db, data )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "idl_fetch: one returned NULL\n", 0, 0, 0 );
+
+ continue;
+ }
+
+ nids += ID_BLOCK_NIDS(tmp[i]);
+ }
+ cont_free( &data );
+ idl_free( idl );
+
+ /* allocate space for the big block */
+ idl = idl_alloc( nids );
+ ID_BLOCK_NIDS(idl) = nids;
+ nids = 0;
+
+ /* copy in all the ids from the component blocks */
+ for ( i = 0; i < nblocks; i++ ) {
+ if ( tmp[i] == NULL ) {
+ continue;
+ }
+
+ AC_MEMCPY(
+ (char *) &ID_BLOCK_ID(idl, nids),
+ (char *) &ID_BLOCK_ID(tmp[i], 0),
+ ID_BLOCK_NIDS(tmp[i]) * sizeof(ID) );
+ nids += ID_BLOCK_NIDS(tmp[i]);
+
+ idl_free( tmp[i] );
+ }
+ free( (char *) tmp );
+
+ assert( ID_BLOCK_NIDS(idl) == nids );
+
+#ifdef LDBM_DEBUG_IDL
+ idl_check(idl);
+#endif
+
+ Debug( LDAP_DEBUG_TRACE, "<= idl_fetch %ld ids (%ld max)\n",
+ ID_BLOCK_NIDS(idl), ID_BLOCK_NMAXN(idl), 0 );
+
+ return( idl );
+}
+
+
+/* store a single block */
+static int
+idl_store(
+ Backend *be,
+ DBCache *db,
+ Datum key,
+ ID_BLOCK *idl
+)
+{
+ int rc, flags;
+ Datum data;
+
+#ifdef LDBM_DEBUG_IDL
+ idl_check(idl);
+#endif
+
+ ldbm_datum_init( data );
+
+ /* Debug( LDAP_DEBUG_TRACE, "=> idl_store\n", 0, 0, 0 ); */
+
+ data.dptr = (char *) idl;
+ data.dsize = (ID_BLOCK_IDS_OFFSET + ID_BLOCK_NMAXN(idl)) * sizeof(ID);
+
+ flags = LDBM_REPLACE;
+ rc = ldbm_cache_store( db, key, data, flags );
+
+ /* Debug( LDAP_DEBUG_TRACE, "<= idl_store %d\n", rc, 0, 0 ); */
+ return( rc );
+}
+
+/* Binary search for id in block, return index
+ * an index is always returned, even with no match. If no
+ * match, the returned index is the insertion point.
+ */
+static unsigned int
+idl_find(
+ ID_BLOCK *b,
+ ID id
+)
+{
+ int lo=0, hi=ID_BLOCK_NIDS(b)-1, nr=0;
+
+ for (;lo<=hi;)
+ {
+ nr = ( lo + hi ) / 2;
+ if (ID_BLOCK_ID(b, nr) == id)
+ break;
+ if (ID_BLOCK_ID(b, nr) > id)
+ hi = nr - 1;
+ else
+ lo = nr + 1;
+ }
+ return nr;
+}
+
+/* split the block at id
+ * locate ID greater than or equal to id.
+ */
+static void
+idl_split_block(
+ ID_BLOCK *b,
+ ID id,
+ ID_BLOCK **right,
+ ID_BLOCK **left
+)
+{
+ unsigned int nr, nl;
+
+ /* find where to split the block */
+ nr = idl_find(b, id);
+ if ( ID_BLOCK_ID(b,nr) < id )
+ nr++;
+
+ nl = ID_BLOCK_NIDS(b) - nr;
+
+ *right = idl_alloc( nr == 0 ? 1 : nr );
+ *left = idl_alloc( nl + (nr == 0 ? 0 : 1));
+
+ /*
+ * everything before the id being inserted in the first block
+ * unless there is nothing, in which case the id being inserted
+ * goes there.
+ */
+ if ( nr == 0 ) {
+ ID_BLOCK_NIDS(*right) = 1;
+ ID_BLOCK_ID(*right, 0) = id;
+ } else {
+ AC_MEMCPY(
+ (char *) &ID_BLOCK_ID(*right, 0),
+ (char *) &ID_BLOCK_ID(b, 0),
+ nr * sizeof(ID) );
+ ID_BLOCK_NIDS(*right) = nr;
+ ID_BLOCK_ID(*left, 0) = id;
+ }
+
+ /* the id being inserted & everything after in the second block */
+ AC_MEMCPY(
+ (char *) &ID_BLOCK_ID(*left, (nr == 0 ? 0 : 1)),
+ (char *) &ID_BLOCK_ID(b, nr),
+ nl * sizeof(ID) );
+ ID_BLOCK_NIDS(*left) = nl + (nr == 0 ? 0 : 1);
+
+#ifdef LDBM_DEBUG_IDL
+ idl_check(*right);
+ idl_check(*left);
+#endif
+}
+
+
+/*
+ * idl_change_first - called when an indirect block's first key has
+ * changed, meaning it needs to be stored under a new key, and the
+ * header block pointing to it needs updating.
+ */
+static int
+idl_change_first(
+ Backend *be,
+ DBCache *db,
+ Datum hkey, /* header block key */
+ ID_BLOCK *h, /* header block */
+ int pos, /* pos in h to update */
+ Datum bkey, /* data block key */
+ ID_BLOCK *b /* data block */
+)
+{
+ int rc;
+
+ /* Debug( LDAP_DEBUG_TRACE, "=> idl_change_first\n", 0, 0, 0 ); */
+
+ /* delete old key block */
+ if ( (rc = ldbm_cache_delete( db, bkey )) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "idl_change_first: ldbm_cache_delete returned %d\n",
+ rc, 0, 0 );
+
+ return( rc );
+ }
+
+ /* write block with new key */
+ cont_id( &bkey, ID_BLOCK_ID(b, 0) );
+
+ if ( (rc = idl_store( be, db, bkey, b )) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "idl_change_first: idl_store returned %d\n", rc, 0, 0 );
+
+ return( rc );
+ }
+
+ /* update + write indirect header block */
+ ID_BLOCK_ID(h, pos) = ID_BLOCK_ID(b, 0);
+ if ( (rc = idl_store( be, db, hkey, h )) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "idl_change_first: idl_store returned %d\n", rc, 0, 0 );
+
+ return( rc );
+ }
+
+ return( 0 );
+}
+
+
+int
+idl_insert_key(
+ Backend *be,
+ DBCache *db,
+ Datum key,
+ ID id
+)
+{
+ int i, j, first, rc = 0;
+ ID_BLOCK *idl, *tmp, *tmp2, *tmp3;
+ Datum k2;
+
+ if ( (idl = idl_fetch_one( be, db, key )) == NULL ) {
+ idl = idl_alloc( 1 );
+ ID_BLOCK_ID(idl, ID_BLOCK_NIDS(idl)++) = id;
+ rc = idl_store( be, db, key, idl );
+
+ idl_free( idl );
+ return( rc );
+ }
+
+ if ( ID_BLOCK_ALLIDS( idl ) ) {
+ /* ALLIDS */
+ idl_free( idl );
+ return 0;
+ }
+
+ if ( ! ID_BLOCK_INDIRECT( idl ) ) {
+ /* regular block */
+ switch ( idl_insert( &idl, id, db->dbc_maxids ) ) {
+ case 0: /* id inserted - store the updated block */
+ case 1:
+ rc = idl_store( be, db, key, idl );
+ break;
+
+ case 2: /* id already there - nothing to do */
+ rc = 0;
+ break;
+
+ case 3: /* id not inserted - block must be split */
+ /* check threshold for marking this an all-id block */
+ if ( db->dbc_maxindirect < 2 ) {
+ idl_free( idl );
+ idl = idl_allids( be );
+ rc = idl_store( be, db, key, idl );
+ break;
+ }
+
+ idl_split_block( idl, id, &tmp, &tmp2 );
+ idl_free( idl );
+
+ /* create the header indirect block */
+#ifndef USE_INDIRECT_NIDS
+ idl = idl_alloc( 3 );
+ ID_BLOCK_NMAX(idl) = 3;
+ ID_BLOCK_NIDS(idl) = ID_BLOCK_INDIRECT_VALUE;
+ ID_BLOCK_ID(idl, 0) = ID_BLOCK_ID(tmp, 0);
+ ID_BLOCK_ID(idl, 1) = ID_BLOCK_ID(tmp2, 0);
+ ID_BLOCK_ID(idl, 2) = NOID;
+#else
+ idl = idl_alloc( 2 );
+ ID_BLOCK_NMAX(idl) = 2 | ID_BLOCK_INDIRECT_VALUE;
+ ID_BLOCK_NIDS(idl) = 2;
+ ID_BLOCK_ID(idl, 0) = ID_BLOCK_ID(tmp, 0);
+ ID_BLOCK_ID(idl, 1) = ID_BLOCK_ID(tmp2, 0);
+#endif
+
+ /* store it */
+ rc = idl_store( be, db, key, idl );
+
+ cont_alloc( &k2, &key );
+ cont_id( &k2, ID_BLOCK_ID(tmp, 0) );
+
+ rc = idl_store( be, db, k2, tmp );
+
+ cont_id( &k2, ID_BLOCK_ID(tmp2, 0) );
+ rc = idl_store( be, db, k2, tmp2 );
+
+ cont_free( &k2 );
+
+ idl_free( tmp );
+ idl_free( tmp2 );
+ break;
+ }
+
+ idl_free( idl );
+ return( rc );
+ }
+
+ /*
+ * this is an indirect block which points to other blocks.
+ * we need to read in the block into which the id should be
+ * inserted, then insert the id and store the block. we might
+ * have to split the block if it is full, which means we also
+ * need to write a new "header" block.
+ */
+
+#ifndef USE_INDIRECT_NIDS
+ /* select the block to try inserting into *//* XXX linear search XXX */
+ for ( i = 0; !ID_BLOCK_NOID(idl, i) && id >= ID_BLOCK_ID(idl, i); i++ )
+ ; /* NULL */
+#else
+ i = idl_find(idl, id);
+ if (ID_BLOCK_ID(idl, i) <= id)
+ i++;
+#endif
+ if ( i != 0 ) {
+ i--;
+ first = 0;
+ } else {
+ first = 1;
+ }
+
+ /* At this point, the following condition must be true:
+ * ID_BLOCK_ID(idl, i) <= id && id < ID_BLOCK_ID(idl, i+1)
+ * except when i is the first or the last block.
+ */
+
+ /* get the block */
+ cont_alloc( &k2, &key );
+ cont_id( &k2, ID_BLOCK_ID(idl, i) );
+
+ if ( (tmp = idl_fetch_one( be, db, k2 )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "idl_insert_key: nonexistent continuation block\n",
+ 0, 0, 0 );
+
+ cont_free( &k2 );
+ idl_free( idl );
+ return( -1 );
+ }
+
+ /* insert the id */
+ switch ( idl_insert( &tmp, id, db->dbc_maxids ) ) {
+ case 0: /* id inserted ok */
+ if ( (rc = idl_store( be, db, k2, tmp )) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "idl_insert_key: idl_store returned %d\n", rc, 0, 0 );
+
+ }
+ break;
+
+ case 1: /* id inserted - first id in block has changed */
+ /*
+ * key for this block has changed, so we have to
+ * write the block under the new key, delete the
+ * old key block + update and write the indirect
+ * header block.
+ */
+
+ rc = idl_change_first( be, db, key, idl, i, k2, tmp );
+ break;
+
+ case 2: /* id not inserted - already there, do nothing */
+ rc = 0;
+ break;
+
+ case 3: /* id not inserted - block is full */
+ /*
+ * first, see if it will fit in the next block,
+ * without splitting, unless we're trying to insert
+ * into the beginning of the first block.
+ */
+
+#ifndef USE_INDIRECT_NIDS
+ /* is there a next block? */
+ if ( !first && !ID_BLOCK_NOID(idl, i + 1) ) {
+#else
+ if ( !first && (unsigned long)(i + 1) < ID_BLOCK_NIDS(idl) ) {
+#endif
+ Datum k3;
+ /* read it in */
+ cont_alloc( &k3, &key );
+ cont_id( &k3, ID_BLOCK_ID(idl, i + 1) );
+ if ( (tmp2 = idl_fetch_one( be, db, k3 )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "idl_insert_key: idl_fetch_one returned NULL\n",
+ 0, 0, 0 );
+
+ /* split the original block */
+ cont_free( &k3 );
+ goto split;
+ }
+
+ /* If the new id is less than the last id in the
+ * current block, it must not be put into the next
+ * block. Push the last id of the current block
+ * into the next block instead.
+ */
+ if (id < ID_BLOCK_ID(tmp, ID_BLOCK_NIDS(tmp) - 1)) {
+ ID id2 = ID_BLOCK_ID(tmp, ID_BLOCK_NIDS(tmp) - 1);
+
+ --ID_BLOCK_NIDS(tmp);
+ /* This must succeed since we just popped one
+ * ID off the end of it.
+ */
+ rc = idl_insert( &tmp, id, db->dbc_maxids );
+
+ if ( (rc = idl_store( be, db, k2, tmp )) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "idl_insert_key: idl_store returned %d\n", rc, 0, 0 );
+
+ }
+
+ id = id2;
+ /* This new id will necessarily be inserted
+ * as the first id of the next block by the
+ * following switch() statement.
+ */
+ }
+
+ switch ( (rc = idl_insert( &tmp2, id,
+ db->dbc_maxids )) ) {
+ case 1: /* id inserted first in block */
+ rc = idl_change_first( be, db, key, idl,
+ i + 1, k3, tmp2 );
+ /* FALL */
+
+ case 2: /* id already there - how? */
+ case 0: /* id inserted: this can never be
+ * the result of idl_insert, because
+ * we guaranteed that idl_change_first
+ * will always be called.
+ */
+ if ( rc == 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "idl_insert_key: id %ld already in next block\n",
+ id, 0, 0 );
+
+ }
+
+ idl_free( tmp );
+ idl_free( tmp2 );
+ cont_free( &k3 );
+ cont_free( &k2 );
+ idl_free( idl );
+ return( 0 );
+
+ case 3: /* split the original block */
+ break;
+ }
+
+ idl_free( tmp2 );
+ cont_free( &k3 );
+ }
+
+split:
+ /*
+ * must split the block, write both new blocks + update
+ * and write the indirect header block.
+ */
+
+ rc = 0; /* optimistic */
+
+
+#ifndef USE_INDIRECT_NIDS
+ /* count how many indirect blocks *//* XXX linear count XXX */
+ for ( j = 0; !ID_BLOCK_NOID(idl, j); j++ )
+ ; /* NULL */
+#else
+ j = ID_BLOCK_NIDS(idl);
+#endif
+
+ /* check it against all-id thresholed */
+ if ( j + 1 > db->dbc_maxindirect ) {
+ /*
+ * we've passed the all-id threshold, meaning
+ * that this set of blocks should be replaced
+ * by a single "all-id" block. our job: delete
+ * all the indirect blocks, and replace the header
+ * block by an all-id block.
+ */
+
+ /* delete all indirect blocks */
+#ifndef USE_INDIRECT_NIDS
+ for ( j = 0; !ID_BLOCK_NOID(idl, j); j++ ) {
+#else
+ for ( j = 0; (unsigned long) j < ID_BLOCK_NIDS(idl); j++ ) {
+#endif
+ cont_id( &k2, ID_BLOCK_ID(idl, j) );
+
+ rc = ldbm_cache_delete( db, k2 );
+ }
+
+ /* store allid block in place of header block */
+ idl_free( idl );
+ idl = idl_allids( be );
+ rc = idl_store( be, db, key, idl );
+
+ cont_free( &k2 );
+ idl_free( idl );
+ idl_free( tmp );
+ return( rc );
+ }
+
+ idl_split_block( tmp, id, &tmp2, &tmp3 );
+ idl_free( tmp );
+
+ /* create a new updated indirect header block */
+ tmp = idl_alloc( ID_BLOCK_NMAXN(idl) + 1 );
+#ifndef USE_INDIRECT_NIDS
+ ID_BLOCK_NIDS(tmp) = ID_BLOCK_INDIRECT_VALUE;
+#else
+ ID_BLOCK_NMAX(tmp) |= ID_BLOCK_INDIRECT_VALUE;
+#endif
+ /* everything up to the split block */
+ AC_MEMCPY(
+ (char *) &ID_BLOCK_ID(tmp, 0),
+ (char *) &ID_BLOCK_ID(idl, 0),
+ i * sizeof(ID) );
+ /* the two new blocks */
+ ID_BLOCK_ID(tmp, i) = ID_BLOCK_ID(tmp2, 0);
+ ID_BLOCK_ID(tmp, i + 1) = ID_BLOCK_ID(tmp3, 0);
+ /* everything after the split block */
+#ifndef USE_INDIRECT_NIDS
+ AC_MEMCPY(
+ (char *) &ID_BLOCK_ID(tmp, i + 2),
+ (char *) &ID_BLOCK_ID(idl, i + 1),
+ (ID_BLOCK_NMAXN(idl) - i - 1) * sizeof(ID) );
+#else
+ AC_MEMCPY(
+ (char *) &ID_BLOCK_ID(tmp, i + 2),
+ (char *) &ID_BLOCK_ID(idl, i + 1),
+ (ID_BLOCK_NIDS(idl) - i - 1) * sizeof(ID) );
+ ID_BLOCK_NIDS(tmp) = ID_BLOCK_NIDS(idl) + 1;
+#endif
+
+ /* store the header block */
+ rc = idl_store( be, db, key, tmp );
+
+ /* store the first id block */
+ cont_id( &k2, ID_BLOCK_ID(tmp2, 0) );
+ rc = idl_store( be, db, k2, tmp2 );
+
+ /* store the second id block */
+ cont_id( &k2, ID_BLOCK_ID(tmp3, 0) );
+ rc = idl_store( be, db, k2, tmp3 );
+
+ idl_free( tmp2 );
+ idl_free( tmp3 );
+ break;
+ }
+
+ cont_free( &k2 );
+ idl_free( tmp );
+ idl_free( idl );
+ return( rc );
+}
+
+
+/*
+ * idl_insert - insert an id into an id list.
+ *
+ * returns
+ * 0 id inserted
+ * 1 id inserted, first id in block has changed
+ * 2 id not inserted, already there
+ * 3 id not inserted, block must be split
+ */
+int
+idl_insert( ID_BLOCK **idl, ID id, unsigned int maxids )
+{
+ unsigned int i;
+
+ if ( ID_BLOCK_ALLIDS( *idl ) ) {
+ return( 2 ); /* already there */
+ }
+
+ /* is it already there? */
+ i = idl_find(*idl, id);
+ if ( ID_BLOCK_ID(*idl, i) == id ) {
+ return( 2 ); /* already there */
+ }
+ if ( ID_BLOCK_NIDS(*idl) && ID_BLOCK_ID(*idl, i) < id )
+ i++;
+
+ /* do we need to make room for it? */
+ if ( ID_BLOCK_NIDS(*idl) == ID_BLOCK_NMAXN(*idl) ) {
+ /* make room or indicate block needs splitting */
+ if ( ID_BLOCK_NMAXN(*idl) >= maxids ) {
+ return( 3 ); /* block needs splitting */
+ }
+
+ ID_BLOCK_NMAX(*idl) *= 2;
+ if ( ID_BLOCK_NMAXN(*idl) > maxids ) {
+ ID_BLOCK_NMAX(*idl) = maxids;
+ }
+ *idl = (ID_BLOCK *) ch_realloc( (char *) *idl,
+ (ID_BLOCK_NMAXN(*idl) + ID_BLOCK_IDS_OFFSET) * sizeof(ID) );
+ }
+
+ /* make a slot for the new id */
+ AC_MEMCPY( &ID_BLOCK_ID(*idl, i+1), &ID_BLOCK_ID(*idl, i),
+ (ID_BLOCK_NIDS(*idl) - i) * sizeof(ID) );
+
+ ID_BLOCK_ID(*idl, i) = id;
+ ID_BLOCK_NIDS(*idl)++;
+ (void) memset(
+ (char *) &ID_BLOCK_ID((*idl), ID_BLOCK_NIDS(*idl)),
+ '\0',
+ (ID_BLOCK_NMAXN(*idl) - ID_BLOCK_NIDS(*idl)) * sizeof(ID) );
+
+#ifdef LDBM_DEBUG_IDL
+ idl_check(*idl);
+#endif
+
+ return( i == 0 ? 1 : 0 ); /* inserted - first id changed or not */
+}
+
+
+int
+idl_delete_key (
+ Backend *be,
+ DBCache *db,
+ Datum key,
+ ID id
+)
+{
+ Datum data;
+ ID_BLOCK *idl;
+ unsigned i;
+ int j, nids;
+
+ if ( (idl = idl_fetch_one( be, db, key ) ) == NULL )
+ {
+ /* It wasn't found. Hmm... */
+ return -1;
+ }
+
+ if ( ID_BLOCK_ALLIDS( idl ) ) {
+ idl_free( idl );
+ return 0;
+ }
+
+ if ( ! ID_BLOCK_INDIRECT( idl ) ) {
+ i = idl_find(idl, id);
+ if ( ID_BLOCK_ID(idl, i) == id ) {
+ if( --ID_BLOCK_NIDS(idl) == 0 ) {
+ ldbm_cache_delete( db, key );
+
+ } else {
+ AC_MEMCPY(
+ &ID_BLOCK_ID(idl, i),
+ &ID_BLOCK_ID(idl, i+1),
+ (ID_BLOCK_NIDS(idl)-i) * sizeof(ID) );
+
+ ID_BLOCK_ID(idl, ID_BLOCK_NIDS(idl)) = NOID;
+
+ idl_store( be, db, key, idl );
+ }
+
+ idl_free( idl );
+ return 0;
+ }
+ /* We didn't find the ID. Hmmm... */
+ idl_free( idl );
+ return -1;
+ }
+
+ /* We have to go through an indirect block and find the ID
+ in the list of IDL's
+ */
+ cont_alloc( &data, &key );
+#ifndef USE_INDIRECT_NIDS
+ for ( nids = 0; !ID_BLOCK_NOID(idl, nids); nids++ ) {
+ ; /* Empty */
+ }
+
+ for ( j = 0; j<nids; j++ )
+#else
+ nids = ID_BLOCK_NIDS(idl);
+ j = idl_find(idl, id);
+ if ( ID_BLOCK_ID(idl, j) > id ) j--;
+ for (; j>=0; j = -1 ) /* execute once */
+#endif
+ {
+ ID_BLOCK *tmp;
+ cont_id( &data, ID_BLOCK_ID(idl, j) );
+
+ if ( (tmp = idl_fetch_one( be, db, data )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "idl_delete_key: idl_fetch of returned NULL\n", 0, 0, 0 );
+
+ continue;
+ }
+ /*
+ Now try to find the ID in tmp
+ */
+
+ i = idl_find(tmp, id);
+ if ( ID_BLOCK_ID(tmp, i) == id )
+ {
+ AC_MEMCPY(
+ &ID_BLOCK_ID(tmp, i),
+ &ID_BLOCK_ID(tmp, i+1),
+ (ID_BLOCK_NIDS(tmp)-(i+1)) * sizeof(ID));
+ ID_BLOCK_ID(tmp, ID_BLOCK_NIDS(tmp)-1 ) = NOID;
+ ID_BLOCK_NIDS(tmp)--;
+
+ if ( ID_BLOCK_NIDS(tmp) ) {
+ idl_store ( be, db, data, tmp );
+
+ } else {
+ ldbm_cache_delete( db, data );
+ AC_MEMCPY(
+ &ID_BLOCK_ID(idl, j),
+ &ID_BLOCK_ID(idl, j+1),
+ (nids-(j+1)) * sizeof(ID));
+ ID_BLOCK_ID(idl, nids-1) = NOID;
+ nids--;
+#ifdef USE_INDIRECT_NIDS
+ ID_BLOCK_NIDS(idl)--;
+#endif
+ if ( ! nids )
+ ldbm_cache_delete( db, key );
+ else
+ idl_store( be, db, key, idl );
+ }
+ idl_free( tmp );
+ cont_free( &data );
+ idl_free( idl );
+ return 0;
+ }
+ idl_free( tmp );
+ }
+
+ cont_free( &data );
+ idl_free( idl );
+ return -1;
+}
+
+
+/* return a duplicate of a single ID_BLOCK */
+static ID_BLOCK *
+idl_dup( ID_BLOCK *idl )
+{
+ ID_BLOCK *new;
+
+ if ( idl == NULL ) {
+ return( NULL );
+ }
+
+ new = idl_alloc( ID_BLOCK_NMAXN(idl) );
+
+ AC_MEMCPY(
+ (char *) new,
+ (char *) idl,
+ (ID_BLOCK_NMAXN(idl) + ID_BLOCK_IDS_OFFSET) * sizeof(ID) );
+
+#ifdef LDBM_DEBUG_IDL
+ idl_check(new);
+#endif
+
+ return( new );
+}
+
+
+/* return the smaller ID_BLOCK */
+static ID_BLOCK *
+idl_min( ID_BLOCK *a, ID_BLOCK *b )
+{
+ return( ID_BLOCK_NIDS(a) > ID_BLOCK_NIDS(b) ? b : a );
+}
+
+
+/*
+ * idl_intersection - return a intersection b
+ */
+ID_BLOCK *
+idl_intersection(
+ Backend *be,
+ ID_BLOCK *a,
+ ID_BLOCK *b
+)
+{
+ unsigned int ai, bi, ni;
+ ID_BLOCK *n;
+
+ if ( a == NULL || b == NULL ) {
+ return( NULL );
+ }
+ if ( ID_BLOCK_ALLIDS( a ) ) {
+ return( idl_dup( b ) );
+ }
+ if ( ID_BLOCK_ALLIDS( b ) ) {
+ return( idl_dup( a ) );
+ }
+ if ( ID_BLOCK_NIDS(a) == 0 || ID_BLOCK_NIDS(b) == 0 ) {
+ return( NULL );
+ }
+
+ n = idl_dup( idl_min( a, b ) );
+
+#ifdef LDBM_DEBUG_IDL
+ idl_check(a);
+ idl_check(b);
+#endif
+
+ for ( ni = 0, ai = 0, bi = 0; ; ) {
+ if ( ID_BLOCK_ID(b, bi) == ID_BLOCK_ID(a, ai) ) {
+ ID_BLOCK_ID(n, ni++) = ID_BLOCK_ID(a, ai);
+ ai++;
+ bi++;
+ if ( ai >= ID_BLOCK_NIDS(a) || bi >= ID_BLOCK_NIDS(b) )
+ break;
+ } else if ( ID_BLOCK_ID(a, ai) < ID_BLOCK_ID(b, bi) ) {
+ ai++;
+ if ( ai >= ID_BLOCK_NIDS(a) )
+ break;
+ } else {
+ bi++;
+ if ( bi >= ID_BLOCK_NIDS(b) )
+ break;
+ }
+ }
+
+ if ( ni == 0 ) {
+ idl_free( n );
+ return( NULL );
+ }
+ ID_BLOCK_NIDS(n) = ni;
+
+#ifdef LDBM_DEBUG_IDL
+ idl_check(n);
+#endif
+
+ return( n );
+}
+
+
+/*
+ * idl_union - return a union b
+ */
+ID_BLOCK *
+idl_union(
+ Backend *be,
+ ID_BLOCK *a,
+ ID_BLOCK *b
+)
+{
+ unsigned int ai, bi, ni;
+ ID_BLOCK *n;
+
+ if ( a == NULL ) {
+ return( idl_dup( b ) );
+ }
+ if ( b == NULL ) {
+ return( idl_dup( a ) );
+ }
+ if ( ID_BLOCK_ALLIDS( a ) || ID_BLOCK_ALLIDS( b ) ) {
+ return( idl_allids( be ) );
+ }
+
+#ifdef LDBM_DEBUG_IDL
+ idl_check(a);
+ idl_check(b);
+#endif
+
+ if ( ID_BLOCK_NIDS(b) < ID_BLOCK_NIDS(a) ) {
+ n = a;
+ a = b;
+ b = n;
+ }
+
+ n = idl_alloc( ID_BLOCK_NIDS(a) + ID_BLOCK_NIDS(b) );
+
+ for ( ni = 0, ai = 0, bi = 0;
+ ai < ID_BLOCK_NIDS(a) && bi < ID_BLOCK_NIDS(b);
+ )
+ {
+ if ( ID_BLOCK_ID(a, ai) < ID_BLOCK_ID(b, bi) ) {
+ ID_BLOCK_ID(n, ni++) = ID_BLOCK_ID(a, ai++);
+
+ } else if ( ID_BLOCK_ID(b, bi) < ID_BLOCK_ID(a, ai) ) {
+ ID_BLOCK_ID(n, ni++) = ID_BLOCK_ID(b, bi++);
+
+ } else {
+ ID_BLOCK_ID(n, ni++) = ID_BLOCK_ID(a, ai);
+ ai++, bi++;
+ }
+ }
+
+ for ( ; ai < ID_BLOCK_NIDS(a); ai++ ) {
+ ID_BLOCK_ID(n, ni++) = ID_BLOCK_ID(a, ai);
+ }
+ for ( ; bi < ID_BLOCK_NIDS(b); bi++ ) {
+ ID_BLOCK_ID(n, ni++) = ID_BLOCK_ID(b, bi);
+ }
+ ID_BLOCK_NIDS(n) = ni;
+
+#ifdef LDBM_DEBUG_IDL
+ idl_check(n);
+#endif
+
+ return( n );
+}
+
+
+/*
+ * idl_notin - return a intersection ~b (or a minus b)
+ */
+ID_BLOCK *
+idl_notin(
+ Backend *be,
+ ID_BLOCK *a,
+ ID_BLOCK *b
+)
+{
+ unsigned int ni, ai, bi;
+ ID_BLOCK *n;
+
+ if ( a == NULL ) {
+ return( NULL );
+ }
+ if ( b == NULL || ID_BLOCK_ALLIDS( b )) {
+ return( idl_dup( a ) );
+ }
+
+ if ( ID_BLOCK_ALLIDS( a ) ) {
+ n = idl_alloc( SLAPD_LDBM_MIN_MAXIDS );
+ ni = 0;
+
+ for ( ai = 1, bi = 0;
+ ai < ID_BLOCK_NIDS(a) && ni < ID_BLOCK_NMAXN(n) && bi < ID_BLOCK_NMAXN(b);
+ ai++ )
+ {
+ if ( ID_BLOCK_ID(b, bi) == ai ) {
+ bi++;
+ } else {
+ ID_BLOCK_ID(n, ni++) = ai;
+ }
+ }
+
+ for ( ; ai < ID_BLOCK_NIDS(a) && ni < ID_BLOCK_NMAXN(n); ai++ ) {
+ ID_BLOCK_ID(n, ni++) = ai;
+ }
+
+ if ( ni == ID_BLOCK_NMAXN(n) ) {
+ idl_free( n );
+ return( idl_allids( be ) );
+ } else {
+ ID_BLOCK_NIDS(n) = ni;
+ return( n );
+ }
+ }
+
+ n = idl_dup( a );
+
+ ni = 0;
+ for ( ai = 0, bi = 0; ai < ID_BLOCK_NIDS(a); ai++ ) {
+ for ( ;
+ bi < ID_BLOCK_NIDS(b) && ID_BLOCK_ID(b, bi) < ID_BLOCK_ID(a, ai);
+ bi++ )
+ {
+ ; /* NULL */
+ }
+
+ if ( bi == ID_BLOCK_NIDS(b) ) {
+ break;
+ }
+
+ if ( ID_BLOCK_ID(b, bi) != ID_BLOCK_ID(a, ai) ) {
+ ID_BLOCK_ID(n, ni++) = ID_BLOCK_ID(a, ai);
+ }
+ }
+
+ for ( ; ai < ID_BLOCK_NIDS(a); ai++ ) {
+ ID_BLOCK_ID(n, ni++) = ID_BLOCK_ID(a, ai);
+ }
+ ID_BLOCK_NIDS(n) = ni;
+
+#ifdef LDBM_DEBUG_IDL
+ idl_check(n);
+#endif
+
+ return( n );
+}
+
+/* return the first ID in the block
+ * if ALLIDS block
+ * NIDS > 1 return 1
+ * otherwise return NOID
+ * otherwise return first ID
+ *
+ * cursor is set to 1
+ */
+ID
+idl_firstid( ID_BLOCK *idl, ID *cursor )
+{
+ *cursor = 1;
+
+ if ( idl == NULL || ID_BLOCK_NIDS(idl) == 0 ) {
+ return( NOID );
+ }
+
+ if ( ID_BLOCK_ALLIDS( idl ) ) {
+ return( ID_BLOCK_NIDS(idl) > 1 ? 1 : NOID );
+ }
+
+ return( ID_BLOCK_ID(idl, 0) );
+}
+
+/* return next ID
+ * if ALLIDS block, cursor is id.
+ * increment id
+ * if id < NIDS return id
+ * otherwise NOID.
+ * otherwise cursor is index into block
+ * if index < nids
+ * return id at index then increment
+ */
+ID
+idl_nextid( ID_BLOCK *idl, ID *cursor )
+{
+ if ( ID_BLOCK_ALLIDS( idl ) ) {
+ if( ++(*cursor) < ID_BLOCK_NIDS(idl) ) {
+ return *cursor;
+ } else {
+ return NOID;
+ }
+ }
+
+ if ( *cursor < ID_BLOCK_NIDS(idl) ) {
+ return( ID_BLOCK_ID(idl, (*cursor)++) );
+ }
+
+ return( NOID );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/index.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/index.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/index.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,327 @@
+/* index.c - routines for dealing with attribute indexes */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/index.c,v 1.88.2.3 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+
+static slap_mask_t index_mask(
+ Backend *be,
+ AttributeDescription *desc,
+ char **dbname,
+ struct berval *atname )
+{
+ AttributeType *at;
+ slap_mask_t mask = 0;
+
+ attr_mask( be->be_private, desc, &mask );
+
+ if( mask ) {
+ *atname = desc->ad_cname;
+ *dbname = desc->ad_cname.bv_val;
+ return mask;
+ }
+
+ /* If there is a tagging option, did we ever index the base
+ * type? If so, check for mask, otherwise it's not there.
+ */
+ if( slap_ad_is_tagged( desc ) && desc != desc->ad_type->sat_ad ) {
+ /* has tagging option */
+ attr_mask( be->be_private, desc->ad_type->sat_ad, &mask );
+
+ if( mask && ( mask ^ SLAP_INDEX_NOTAGS ) ) {
+ *atname = desc->ad_type->sat_cname;
+ *dbname = desc->ad_type->sat_cname.bv_val;
+ return mask;
+ }
+ }
+
+ /* see if supertype defined mask for its subtypes */
+ for( at = desc->ad_type->sat_sup; at != NULL ; at = at->sat_sup ) {
+ /* If no AD, we've never indexed this type */
+ if (!at->sat_ad)
+ continue;
+
+ attr_mask( be->be_private, at->sat_ad, &mask );
+
+ if( mask && ( mask ^ SLAP_INDEX_NOSUBTYPES ) ) {
+ *atname = at->sat_cname;
+ *dbname = at->sat_cname.bv_val;
+ return mask;
+ }
+ }
+
+ return 0;
+}
+
+int index_is_indexed(
+ Backend *be,
+ AttributeDescription *desc )
+{
+ slap_mask_t mask;
+ char *dbname;
+ struct berval prefix;
+
+ mask = index_mask( be, desc, &dbname, &prefix );
+
+ if( mask == 0 ) {
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int index_param(
+ Backend *be,
+ AttributeDescription *desc,
+ int ftype,
+ char **dbnamep,
+ slap_mask_t *maskp,
+ struct berval *prefixp )
+{
+ slap_mask_t mask;
+ char *dbname;
+
+ mask = index_mask( be, desc, &dbname, prefixp );
+
+ if( mask == 0 ) {
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ switch( ftype ) {
+ case LDAP_FILTER_PRESENT:
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_PRESENT ) ) {
+ goto done;
+ }
+ break;
+
+ case LDAP_FILTER_APPROX:
+ if ( desc->ad_type->sat_approx ) {
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_APPROX ) ) {
+ goto done;
+ }
+ break;
+ }
+
+ /* Use EQUALITY rule and index for approximate match */
+ /* fall thru */
+
+ case LDAP_FILTER_EQUALITY:
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_EQUALITY ) ) {
+ goto done;
+ }
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_SUBSTR ) ) {
+ goto done;
+ }
+ break;
+
+ default:
+ return LDAP_OTHER;
+ }
+
+ return LDAP_INAPPROPRIATE_MATCHING;
+
+done:
+ *dbnamep = dbname;
+ *maskp = mask;
+ return LDAP_SUCCESS;
+}
+
+static int indexer(
+ Operation *op,
+ char *dbname,
+ struct berval *atname,
+ BerVarray vals,
+ ID id,
+ int opid,
+ slap_mask_t mask )
+{
+ int rc, i;
+ const char *text;
+ DBCache *db;
+ AttributeDescription *ad = NULL;
+ struct berval *keys;
+
+ assert( mask );
+
+ rc = slap_bv2ad( atname, &ad, &text );
+
+ if( rc != LDAP_SUCCESS ) return rc;
+
+ db = ldbm_cache_open( op->o_bd, dbname, LDBM_SUFFIX, LDBM_WRCREAT );
+
+ if ( db == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= index_read NULL (could not open %s%s)\n",
+ dbname, LDBM_SUFFIX, 0 );
+
+ return LDAP_OTHER;
+ }
+
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_PRESENT ) ) {
+ key_change( op->o_bd, db, atname, id, opid );
+ }
+
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_EQUALITY ) ) {
+ rc = ad->ad_type->sat_equality->smr_indexer(
+ LDAP_FILTER_EQUALITY,
+ mask,
+ ad->ad_type->sat_syntax,
+ ad->ad_type->sat_equality,
+ atname, vals, &keys, op->o_tmpmemctx );
+
+ if( rc == LDAP_SUCCESS && keys != NULL ) {
+ for( i=0; keys[i].bv_val != NULL; i++ ) {
+ key_change( op->o_bd, db, &keys[i], id, opid );
+ }
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+ }
+ }
+
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_APPROX ) ) {
+ rc = ad->ad_type->sat_approx->smr_indexer(
+ LDAP_FILTER_APPROX,
+ mask,
+ ad->ad_type->sat_syntax,
+ ad->ad_type->sat_approx,
+ atname, vals, &keys, op->o_tmpmemctx );
+
+ if( rc == LDAP_SUCCESS && keys != NULL ) {
+ for( i=0; keys[i].bv_val != NULL; i++ ) {
+ key_change( op->o_bd, db, &keys[i], id, opid );
+ }
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+ }
+ }
+
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_SUBSTR ) ) {
+ rc = ad->ad_type->sat_substr->smr_indexer(
+ LDAP_FILTER_SUBSTRINGS,
+ mask,
+ ad->ad_type->sat_syntax,
+ ad->ad_type->sat_substr,
+ atname, vals, &keys, op->o_tmpmemctx );
+
+ if( rc == LDAP_SUCCESS && keys != NULL ) {
+ for( i=0; keys[i].bv_val != NULL; i++ ) {
+ key_change( op->o_bd, db, &keys[i], id, opid );
+ }
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+ }
+ }
+
+ ldbm_cache_close( op->o_bd, db );
+
+ return LDAP_SUCCESS;
+}
+
+static int index_at_values(
+ Operation *op,
+ AttributeType *type,
+ struct berval *tags,
+ BerVarray vals,
+ ID id,
+ int opid )
+{
+ slap_mask_t mask = 0;
+
+ if( type->sat_sup ) {
+ /* recurse */
+ (void) index_at_values( op,
+ type->sat_sup, tags,
+ vals, id, opid );
+ }
+
+ /* If this type has no AD, we've never used it before */
+ if( type->sat_ad ) {
+ attr_mask( op->o_bd->be_private, type->sat_ad, &mask );
+ }
+
+ if( mask ) {
+ indexer( op, type->sat_cname.bv_val,
+ &type->sat_cname,
+ vals, id, opid,
+ mask );
+ }
+
+ if( tags->bv_len ) {
+ AttributeDescription *desc;
+
+ mask = 0;
+
+ desc = ad_find_tags(type, tags);
+ if( desc ) {
+ attr_mask( op->o_bd->be_private, desc, &mask );
+ }
+
+ if( mask ) {
+ indexer( op, desc->ad_cname.bv_val, &desc->ad_cname,
+ vals, id, opid,
+ mask );
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int index_values(
+ Operation *op,
+ AttributeDescription *desc,
+ BerVarray vals,
+ ID id,
+ int opid )
+{
+ (void) index_at_values( op,
+ desc->ad_type, &desc->ad_tags,
+ vals, id, opid );
+
+ return LDAP_SUCCESS;
+}
+
+int
+index_entry(
+ Operation *op,
+ int opid,
+ Entry *e )
+{
+ Attribute *ap = e->e_attrs;
+ Debug( LDAP_DEBUG_TRACE, "=> index_entry_%s( %ld, \"%s\" )\n",
+ opid == SLAP_INDEX_ADD_OP ? "add" : "del",
+ e->e_id, e->e_dn );
+
+ /* add each attribute to the indexes */
+ for ( ; ap != NULL; ap = ap->a_next ) {
+ index_values( op, ap->a_desc,
+ ap->a_nvals,
+ e->e_id, opid );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<= index_entry_%s( %ld, \"%s\" ) success\n",
+ opid == SLAP_INDEX_ADD_OP ? "add" : "del",
+ e->e_id, e->e_dn );
+
+ return LDAP_SUCCESS;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/init.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/init.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/init.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,268 @@
+/* init.c - initialize ldbm backend */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/init.c,v 1.96.2.8 2007/01/02 21:44:02 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+#include <ldap_rq.h>
+
+int
+ldbm_back_initialize(
+ BackendInfo *bi
+)
+{
+ static char *controls[] = {
+ LDAP_CONTROL_MANAGEDSAIT,
+ LDAP_CONTROL_X_PERMISSIVE_MODIFY,
+ NULL
+ };
+
+ bi->bi_controls = controls;
+
+ bi->bi_flags |=
+ SLAP_BFLAG_INCREMENT |
+#ifdef LDBM_SUBENTRIES
+ SLAP_BFLAG_SUBENTRIES |
+#endif
+ SLAP_BFLAG_ALIASES |
+ SLAP_BFLAG_REFERRALS;
+
+ bi->bi_open = ldbm_back_open;
+ bi->bi_config = NULL;
+ bi->bi_close = ldbm_back_close;
+ bi->bi_destroy = ldbm_back_destroy;
+
+ bi->bi_db_init = ldbm_back_db_init;
+ bi->bi_db_config = ldbm_back_db_config;
+ bi->bi_db_open = ldbm_back_db_open;
+ bi->bi_db_close = ldbm_back_db_close;
+ bi->bi_db_destroy = ldbm_back_db_destroy;
+
+ bi->bi_op_bind = ldbm_back_bind;
+ bi->bi_op_unbind = 0;
+ bi->bi_op_search = ldbm_back_search;
+ bi->bi_op_compare = ldbm_back_compare;
+ bi->bi_op_modify = ldbm_back_modify;
+ bi->bi_op_modrdn = ldbm_back_modrdn;
+ bi->bi_op_add = ldbm_back_add;
+ bi->bi_op_delete = ldbm_back_delete;
+ bi->bi_op_abandon = 0;
+
+ bi->bi_extended = ldbm_back_extended;
+
+ bi->bi_entry_release_rw = ldbm_back_entry_release_rw;
+ bi->bi_entry_get_rw = ldbm_back_entry_get;
+ bi->bi_chk_referrals = ldbm_back_referrals;
+ bi->bi_operational = ldbm_back_operational;
+ bi->bi_has_subordinates = ldbm_back_hasSubordinates;
+
+ /*
+ * hooks for slap tools
+ */
+ bi->bi_tool_entry_open = ldbm_tool_entry_open;
+ bi->bi_tool_entry_close = ldbm_tool_entry_close;
+ bi->bi_tool_entry_first = ldbm_tool_entry_first;
+ bi->bi_tool_entry_next = ldbm_tool_entry_next;
+ bi->bi_tool_entry_get = ldbm_tool_entry_get;
+ bi->bi_tool_entry_put = ldbm_tool_entry_put;
+ bi->bi_tool_entry_reindex = ldbm_tool_entry_reindex;
+ bi->bi_tool_sync = ldbm_tool_sync;
+
+ bi->bi_tool_dn2id_get = 0;
+ bi->bi_tool_id2entry_get = 0;
+ bi->bi_tool_entry_modify = 0;
+
+ bi->bi_connection_init = 0;
+ bi->bi_connection_destroy = 0;
+
+ return 0;
+}
+
+int
+ldbm_back_destroy(
+ BackendInfo *bi
+)
+{
+ return 0;
+}
+
+int
+ldbm_back_open(
+ BackendInfo *bi
+)
+{
+ int rc;
+
+ /* initialize the underlying database system */
+ rc = ldbm_initialize( NULL );
+ return rc;
+}
+
+int
+ldbm_back_close(
+ BackendInfo *bi
+)
+{
+ /* terminate the underlying database system */
+ ldbm_shutdown();
+ return 0;
+}
+
+int
+ldbm_back_db_init(
+ Backend *be
+)
+{
+ struct ldbminfo *li;
+
+ /* allocate backend-database-specific stuff */
+ li = (struct ldbminfo *) ch_calloc( 1, sizeof(struct ldbminfo) );
+
+ /* arrange to read nextid later (on first request for it) */
+ li->li_nextid = NOID;
+
+ /* default cache size */
+ li->li_cache.c_maxsize = DEFAULT_CACHE_SIZE;
+
+ /* default database cache size */
+ li->li_dbcachesize = DEFAULT_DBCACHE_SIZE;
+
+ /* default db mode is with locking */
+ li->li_dblocking = 1;
+
+ /* default db mode is with write synchronization */
+ li->li_dbwritesync = 1;
+
+ /* default file creation mode */
+ li->li_mode = SLAPD_DEFAULT_DB_MODE;
+
+ /* default database directory */
+ li->li_directory = ch_strdup( SLAPD_DEFAULT_DB_DIR );
+
+ /* DB_ENV environment pointer for DB3 */
+ li->li_dbenv = 0;
+
+ /* envdirok is turned on by ldbm_initialize_env if DB3 */
+ li->li_envdirok = 0;
+
+ /* syncfreq is 0 if disabled, or # seconds */
+ li->li_dbsyncfreq = 0;
+
+ /* wait up to dbsyncwaitn times if server is busy */
+ li->li_dbsyncwaitn = 12;
+
+ /* delay interval */
+ li->li_dbsyncwaitinterval = 5;
+
+ /* current wait counter */
+ li->li_dbsyncwaitcount = 0;
+
+ /* initialize various mutex locks & condition variables */
+ ldap_pvt_thread_rdwr_init( &li->li_giant_rwlock );
+ ldap_pvt_thread_mutex_init( &li->li_cache.c_mutex );
+ ldap_pvt_thread_mutex_init( &li->li_dbcache_mutex );
+ ldap_pvt_thread_cond_init( &li->li_dbcache_cv );
+
+ be->be_private = li;
+
+ return 0;
+}
+
+int
+ldbm_back_db_open(
+ BackendDB *be
+)
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+ int rc;
+
+ rc = alock_open( &li->li_alock_info, "slapd",
+ li->li_directory, ALOCK_UNIQUE );
+ if ( rc == ALOCK_BUSY ) {
+ Debug( LDAP_DEBUG_ANY,
+ "ldbm_back_db_open: database already in use\n",
+ 0, 0, 0 );
+ return -1;
+ } else if ( rc == ALOCK_RECOVER ) {
+ Debug( LDAP_DEBUG_ANY,
+ "ldbm_back_db_open: unclean shutdown detected;"
+ " database may be inconsistent!\n",
+ 0, 0, 0 );
+ rc = alock_recover( &li->li_alock_info );
+ }
+ if ( rc != ALOCK_CLEAN ) {
+ Debug( LDAP_DEBUG_ANY,
+ "ldbm_back_db_open: alock package is unstable;"
+ " database may be inconsistent!\n",
+ 0, 0, 0 );
+ }
+ li->li_dbenv = ldbm_initialize_env( li->li_directory,
+ li->li_dbcachesize, &li->li_envdirok );
+
+ /* If we're in server mode and a sync frequency was set,
+ * submit a task to perform periodic db syncs.
+ */
+ if (( slapMode & SLAP_SERVER_MODE ) && li->li_dbsyncfreq > 0 )
+ {
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ ldap_pvt_runqueue_insert( &slapd_rq, li->li_dbsyncfreq,
+ ldbm_cache_sync_daemon, be,
+ "ldbm_cache_sync", be->be_suffix[0].bv_val );
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+ }
+
+ return 0;
+}
+
+int
+ldbm_back_db_destroy(
+ BackendDB *be
+)
+{
+ /* should free/destroy every in be_private */
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+
+ if (li->li_dbenv)
+ ldbm_shutdown_env(li->li_dbenv);
+
+ free( li->li_directory );
+ attr_index_destroy( li->li_attrs );
+
+ ldap_pvt_thread_rdwr_destroy( &li->li_giant_rwlock );
+ ldap_pvt_thread_mutex_destroy( &li->li_cache.c_mutex );
+ ldap_pvt_thread_mutex_destroy( &li->li_dbcache_mutex );
+ ldap_pvt_thread_cond_destroy( &li->li_dbcache_cv );
+
+ free( be->be_private );
+ be->be_private = NULL;
+
+ return 0;
+}
+
+#if SLAPD_LDBM == SLAPD_MOD_DYNAMIC
+
+/* conditionally define the init_module() function */
+SLAP_BACKEND_INIT_MODULE( ldbm )
+
+#endif /* SLAPD_LDBM == SLAPD_MOD_DYNAMIC */
+
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/key.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/key.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/key.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,95 @@
+/* index.c - routines for dealing with attribute indexes */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/key.c,v 1.9.2.3 2007/01/02 21:44:03 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+
+/* read a key */
+int
+key_read(
+ Backend *be,
+ DBCache *db,
+ struct berval *k,
+ ID_BLOCK **idout
+)
+{
+ Datum key;
+ ID_BLOCK *idl;
+
+ Debug( LDAP_DEBUG_TRACE, "=> key_read\n", 0, 0, 0 );
+
+
+ ldbm_datum_init( key );
+ key.dptr = k->bv_val;
+ key.dsize = k->bv_len;
+
+ idl = idl_fetch( be, db, key );
+
+ Debug( LDAP_DEBUG_TRACE, "<= index_read %ld candidates\n",
+ idl ? ID_BLOCK_NIDS(idl) : 0, 0, 0 );
+
+
+ *idout = idl;
+ return LDAP_SUCCESS;
+}
+
+/* Add or remove stuff from index files */
+int
+key_change(
+ Backend *be,
+ DBCache *db,
+ struct berval *k,
+ ID id,
+ int op
+)
+{
+ int rc;
+ Datum key;
+
+ Debug( LDAP_DEBUG_TRACE, "=> key_change(%s,%lx)\n",
+ op == SLAP_INDEX_ADD_OP ? "ADD":"DELETE", (long) id, 0 );
+
+
+ ldbm_datum_init( key );
+ key.dptr = k->bv_val;
+ key.dsize = k->bv_len;
+
+ ldap_pvt_thread_mutex_lock( &db->dbc_write_mutex );
+ if (op == SLAP_INDEX_ADD_OP) {
+ /* Add values */
+ rc = idl_insert_key( be, db, key, id );
+
+ } else {
+ /* Delete values */
+ rc = idl_delete_key( be, db, key, id );
+ }
+ ldap_pvt_thread_mutex_unlock( &db->dbc_write_mutex );
+
+
+ Debug( LDAP_DEBUG_TRACE, "<= key_change %d\n", rc, 0, 0 );
+
+
+ ldap_pvt_thread_yield();
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/ldbm.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/ldbm.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/ldbm.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1211 @@
+/* ldbm.c - ldap dbm compatibility routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/ldbm.c,v 1.4.2.4 2007/01/02 21:44:03 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * Portions Copyright 1998-2001 Net Boolean Incorporated.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP). Additional significant contributors
+ * include:
+ * Gary Williams
+ * Howard Chu
+ * Juan Gomez
+ * Kurt D. Zeilenga
+ * Kurt Spanier
+ * Mark Whitehouse
+ * Randy Kundee
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_LDBM
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/errno.h>
+
+#include "ldbm.h"
+#include "ldap_pvt_thread.h"
+
+void
+ldbm_datum_free( LDBM ldbm, Datum data )
+{
+ if ( data.dptr ) {
+ free( data.dptr );
+ memset( &data, '\0', sizeof( Datum ));
+ data.dptr = NULL;
+ }
+}
+
+Datum
+ldbm_datum_dup( LDBM ldbm, Datum data )
+{
+ Datum dup;
+
+ ldbm_datum_init( dup );
+
+ if ( data.dsize == 0 ) {
+ dup.dsize = 0;
+ dup.dptr = NULL;
+
+ return( dup );
+ }
+ dup.dsize = data.dsize;
+
+ if ( (dup.dptr = (char *) malloc( data.dsize )) != NULL ) {
+ AC_MEMCPY( dup.dptr, data.dptr, data.dsize );
+ }
+
+ return( dup );
+}
+
+static int ldbm_initialized = 0;
+
+#if defined( USE_BERKELEY_CDB )
+ /* not currently supported */
+#define LDBM_RWLOCK_INIT ((void) 0)
+#define LDBM_RWLOCK_DESTROY ((void) 0)
+#define LDBM_WLOCK ((void) 0)
+#define LDBM_WUNLOCK ((void) 0)
+#define LDBM_RLOCK ((void) 0)
+#define LDBM_RUNLOCK ((void) 0)
+
+#elif defined( HAVE_BERKELEY_DB_THREAD )
+static ldap_pvt_thread_rdwr_t ldbm_big_rdwr;
+#define LDBM_RWLOCK_INIT (ldap_pvt_thread_rdwr_init( &ldbm_big_rdwr ))
+#define LDBM_RWLOCK_DESTROY (ldap_pvt_thread_rdwr_destroy( &ldbm_big_rdwr ))
+#define LDBM_WLOCK (ldap_pvt_thread_rdwr_wlock(&ldbm_big_rdwr))
+#define LDBM_WUNLOCK (ldap_pvt_thread_rdwr_wunlock(&ldbm_big_rdwr))
+#define LDBM_RLOCK (ldap_pvt_thread_rdwr_rlock(&ldbm_big_rdwr))
+#define LDBM_RUNLOCK (ldap_pvt_thread_rdwr_runlock(&ldbm_big_rdwr))
+
+#else
+static ldap_pvt_thread_mutex_t ldbm_big_mutex;
+#define LDBM_RWLOCK_INIT (ldap_pvt_thread_mutex_init( &ldbm_big_mutex ))
+#define LDBM_RWLOCK_DESTROY (ldap_pvt_thread_mutex_destroy( &ldbm_big_mutex ))
+#define LDBM_WLOCK (ldap_pvt_thread_mutex_lock(&ldbm_big_mutex))
+#define LDBM_WUNLOCK (ldap_pvt_thread_mutex_unlock(&ldbm_big_mutex))
+#define LDBM_RLOCK LDBM_WLOCK
+#define LDBM_RUNLOCK LDBM_WUNLOCK
+#endif
+
+#if !defined( HAVE_BERKELEY_DB ) || (DB_VERSION_MAJOR < 3)
+ /* a dbEnv for BERKELEYv2 */
+DB_ENV *ldbm_Env = NULL; /* real or fake, depending on db and version */
+#endif
+
+/* Let's make the version comparisons a little easier... */
+#undef DB_VERSION_X
+#ifdef HAVE_BERKELEY_DB
+#define DB_VERSION_X ((DB_VERSION_MAJOR<<16)|(DB_VERSION_MINOR<<8)|DB_VERSION_PATCH)
+#endif
+
+/*******************************************************************
+ * *
+ * Create some special functions to initialize Berkeley DB for *
+ * versions greater than 2. *
+ * *
+ *******************************************************************/
+#if defined( HAVE_BERKELEY_DB ) && (DB_VERSION_MAJOR >= 2)
+
+void *
+ldbm_malloc( size_t size )
+{
+ /* likely should use ber_mem* routines */
+ return( calloc( 1, size ) );
+}
+
+#ifdef LDAP_SYSLOG
+#include <ac/syslog.h>
+#endif
+
+static void
+#if DB_VERSION_X < 0x040300
+ldbm_db_errcall( const char *prefix, char *message )
+#else
+ldbm_db_errcall( const DB_ENV *env, const char *prefix, char *message )
+#endif
+{
+#ifdef LDAP_SYSLOG
+ syslog( LOG_INFO, "ldbm: %s %s", prefix, message );
+#endif
+}
+
+int ldbm_initialize( const char* home )
+{
+#if DB_VERSION_MAJOR < 3
+ int err;
+ u_int32_t envFlags;
+#endif
+
+ if(ldbm_initialized++) return 1;
+
+ {
+ char *version;
+#ifdef HAVE_EBCDIC
+ char v2[1024];
+#endif
+ int major, minor, patch;
+ version = db_version( &major, &minor, &patch );
+#ifdef HAVE_EBCDIC
+ strcpy( v2, version );
+ __etoa( v2 );
+ version = v2;
+#endif
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+#ifdef LDAP_SYSLOG
+ syslog( LOG_INFO,
+ "ldbm_initialize(): version mismatch\nexpected: %s\ngot: %s\n",
+ DB_VERSION_STRING, version );
+#endif
+ return 1;
+ }
+ }
+
+#if DB_VERSION_MAJOR < 3
+ ldbm_Env = calloc( 1, sizeof( DB_ENV ));
+
+ if( ldbm_Env == NULL ) return 1;
+
+ ldbm_Env->db_errcall = ldbm_db_errcall;
+ ldbm_Env->db_errpfx = "==>";
+
+ envFlags = DB_CREATE | DB_USE_ENVIRON;
+
+ /* add optional flags */
+#ifdef DB_PRIVATE
+ envFlags |= DB_PRIVATE;
+#endif
+#ifdef HAVE_BERKELEY_DB_THREAD
+ envFlags |= DB_THREAD;
+#endif
+
+ err = db_appinit( home, NULL, ldbm_Env, envFlags );
+
+ if ( err ) {
+#ifdef LDAP_SYSLOG
+ syslog( LOG_INFO, "ldbm_initialize(): "
+ "FATAL error (%d) in db_appinit()\n", err );
+#endif
+ return( 1 );
+ }
+#endif
+
+ LDBM_RWLOCK_INIT;
+
+ return 0;
+}
+
+int ldbm_shutdown( void )
+{
+ if( !ldbm_initialized ) return 1;
+
+#if DB_VERSION_MAJOR < 3
+ db_appexit( ldbm_Env );
+#endif
+
+ LDBM_RWLOCK_DESTROY;
+ return 0;
+}
+
+#else /* some DB other than Berkeley V2 or greater */
+
+int ldbm_initialize( const char * home )
+{
+ if(ldbm_initialized++) return 1;
+
+ LDBM_RWLOCK_INIT;
+
+ return 0;
+}
+
+int ldbm_shutdown( void )
+{
+ if( !ldbm_initialized ) return 1;
+
+ LDBM_RWLOCK_DESTROY;
+
+ return 0;
+}
+
+#endif /* HAVE_BERKELEY_DB */
+
+#if defined( HAVE_BERKELEY_DB ) && (DB_VERSION_MAJOR >= 3)
+
+DB_ENV *ldbm_initialize_env(const char *home, int dbcachesize, int *envdirok)
+{
+ DB_ENV *env = NULL;
+ int err;
+ u_int32_t envFlags;
+#ifdef HAVE_EBCDIC
+ char n2[2048];
+#endif
+
+ err = db_env_create( &env, 0 );
+
+ if ( err ) {
+#ifdef LDAP_SYSLOG
+ syslog( LOG_INFO, "ldbm_initialize_env(): "
+ "FATAL error in db_env_create() : %s (%d)\n",
+ db_strerror( err ), err );
+#endif
+ return NULL;
+ }
+
+#if DB_VERSION_X >= 0x030300
+ /* This interface appeared in 3.3 */
+ env->set_alloc( env, ldbm_malloc, NULL, NULL );
+#endif
+
+ env->set_errcall( env, ldbm_db_errcall );
+ env->set_errpfx( env, "==>" );
+ if (dbcachesize) {
+ env->set_cachesize( env, 0, dbcachesize, 0 );
+ }
+
+ envFlags = DB_CREATE | DB_INIT_MPOOL | DB_USE_ENVIRON;
+#ifdef DB_PRIVATE
+ envFlags |= DB_PRIVATE;
+#endif
+#ifdef DB_MPOOL_PRIVATE
+ envFlags |= DB_MPOOL_PRIVATE;
+#endif
+#ifdef HAVE_BERKELEY_DB_THREAD
+ envFlags |= DB_THREAD;
+#endif
+
+#ifdef HAVE_EBCDIC
+ strncpy(n2, home, sizeof(n2)-1);
+ n2[sizeof(n2)-1] = '\0';
+ __atoe(n2);
+ home = n2;
+#endif
+#if DB_VERSION_X >= 0x030100
+ err = env->open( env, home, envFlags, 0 );
+#else
+ /* 3.0.x requires an extra argument */
+ err = env->open( env, home, NULL, envFlags, 0 );
+#endif
+
+ if ( err != 0 ) {
+#ifdef LDAP_SYSLOG
+ syslog( LOG_INFO, "ldbm_initialize_env(): "
+ "FATAL error in dbEnv->open() : %s (%d)\n",
+ db_strerror( err ), err );
+#endif
+ env->close( env, 0 );
+ return NULL;
+ }
+
+ *envdirok = 1;
+ return env;
+}
+
+void ldbm_shutdown_env(DB_ENV *env)
+{
+ env->close( env, 0 );
+}
+
+#else
+
+DB_ENV *ldbm_initialize_env(const char *home, int dbcachesize, int *envdirok)
+{
+ return ldbm_Env;
+}
+
+void ldbm_shutdown_env(DB_ENV *env)
+{
+}
+
+#endif
+
+#if defined( LDBM_USE_DBHASH ) || defined( LDBM_USE_DBBTREE )
+
+/*****************************************************************
+ * *
+ * use berkeley db hash or btree package *
+ * *
+ *****************************************************************/
+
+LDBM
+ldbm_open( DB_ENV *env, char *name, int rw, int mode, int dbcachesize )
+{
+ LDBM ret = NULL;
+#ifdef HAVE_EBCDIC
+ char n2[2048];
+#endif
+
+#if DB_VERSION_MAJOR >= 3
+ int err;
+
+ LDBM_WLOCK;
+
+ err = db_create( &ret, env, 0 );
+ if ( err != 0 ) {
+ (void)ret->close(ret, 0);
+ LDBM_WUNLOCK;
+
+ return NULL;
+ }
+
+#if DB_VERSION_X < 0x030300
+ ret->set_malloc( ret, ldbm_malloc );
+#endif
+
+ ret->set_pagesize( ret, DEFAULT_DB_PAGE_SIZE );
+
+ /* likely should use ber_mem* routines */
+
+#ifdef HAVE_EBCDIC
+ strncpy(n2, name, sizeof(n2)-1);
+ n2[sizeof(n2)-1] = '\0';
+ __atoe(n2);
+ name = n2;
+#endif
+#if DB_VERSION_X >= 0x040111
+ err = ret->open( ret, NULL, name, NULL, DB_TYPE, rw, mode);
+#else
+ err = ret->open( ret, name, NULL, DB_TYPE, rw, mode);
+#endif
+
+ if ( err != 0 ) {
+ int tmp = errno;
+ (void)ret->close(ret, 0);
+ errno = tmp;
+
+ LDBM_WUNLOCK;
+ return NULL;
+ }
+
+ LDBM_WUNLOCK;
+
+#elif DB_VERSION_MAJOR >= 2
+ DB_INFO dbinfo;
+
+ memset( &dbinfo, '\0', sizeof( dbinfo ));
+
+#if DB_VERSION_MAJOR == 2 && DB_VERSION_MINOR == 4
+ /*
+ * BerkeleyDB 2.4 do not allow db_cachesize
+ * to be specified if an DB_ENV is.
+ */
+#else
+ /* set db_cachesize of MPOOL is NOT being used. */
+ if (( ldbm_Env == NULL ) || ( ldbm_Env->mp_info == NULL )) {
+ dbinfo.db_cachesize = dbcachesize;
+ }
+#endif
+
+ dbinfo.db_pagesize = DEFAULT_DB_PAGE_SIZE;
+ dbinfo.db_malloc = ldbm_malloc;
+
+ LDBM_WLOCK;
+ (void) db_open( name, DB_TYPE, rw, mode, ldbm_Env, &dbinfo, &ret );
+ LDBM_WUNLOCK;
+
+#else
+ void *info;
+ BTREEINFO binfo;
+ HASHINFO hinfo;
+
+ if ( DB_TYPE == DB_HASH ) {
+ memset( (char *) &hinfo, '\0', sizeof(hinfo) );
+ hinfo.cachesize = dbcachesize;
+ info = &hinfo;
+ } else if ( DB_TYPE == DB_BTREE ) {
+ memset( (char *) &binfo, '\0', sizeof(binfo) );
+ binfo.cachesize = dbcachesize;
+ info = &binfo;
+ } else {
+ info = NULL;
+ }
+
+ LDBM_WLOCK;
+ ret = dbopen( name, rw, mode, DB_TYPE, info );
+ LDBM_WUNLOCK;
+#endif
+
+ return ret;
+}
+
+void
+ldbm_close( LDBM ldbm )
+{
+ LDBM_WLOCK;
+#if DB_VERSION_MAJOR >= 2
+ ldbm->close( ldbm, 0 );
+#else
+ ldbm->close( ldbm );
+#endif
+ LDBM_WUNLOCK;
+}
+
+void
+ldbm_sync( LDBM ldbm )
+{
+ LDBM_WLOCK;
+ (*ldbm->sync)( ldbm, 0 );
+ LDBM_WUNLOCK;
+}
+
+Datum
+ldbm_fetch( LDBM ldbm, Datum key )
+{
+ Datum data;
+ int rc;
+
+ LDBM_RLOCK;
+
+#if DB_VERSION_MAJOR >= 2
+ ldbm_datum_init( data );
+
+ data.flags = DB_DBT_MALLOC;
+
+ if ( (rc = ldbm->get( ldbm, NULL, &key, &data, 0 )) != 0 ) {
+ ldbm_datum_free( ldbm, data );
+ data.dptr = NULL;
+ data.dsize = 0;
+ }
+#else
+ if ( (rc = ldbm->get( ldbm, &key, &data, 0 )) == 0 ) {
+ /* Berkeley DB 1.85 don't malloc the data for us */
+ /* duplicate it for to ensure reentrancy */
+ data = ldbm_datum_dup( ldbm, data );
+ } else {
+ data.dptr = NULL;
+ data.dsize = 0;
+ }
+#endif
+
+ LDBM_RUNLOCK;
+
+ return( data );
+}
+
+int
+ldbm_store( LDBM ldbm, Datum key, Datum data, int flags )
+{
+ int rc;
+
+ LDBM_WLOCK;
+
+#if DB_VERSION_MAJOR >= 2
+ rc = ldbm->put( ldbm, NULL, &key, &data, flags & ~LDBM_SYNC );
+ rc = (-1) * rc;
+#else
+ rc = ldbm->put( ldbm, &key, &data, flags & ~LDBM_SYNC );
+#endif
+
+ if ( flags & LDBM_SYNC )
+ ldbm->sync( ldbm, 0 );
+
+ LDBM_WUNLOCK;
+
+ return( rc );
+}
+
+int
+ldbm_delete( LDBM ldbm, Datum key )
+{
+ int rc;
+
+ LDBM_WLOCK;
+
+#if DB_VERSION_MAJOR >= 2
+ rc = ldbm->del( ldbm, NULL, &key, 0 );
+ rc = (-1) * rc;
+#else
+ rc = ldbm->del( ldbm, &key, 0 );
+#endif
+ ldbm->sync( ldbm, 0 );
+
+ LDBM_WUNLOCK;
+
+ return( rc );
+}
+
+Datum
+ldbm_firstkey( LDBM ldbm, LDBMCursor **dbch )
+{
+ Datum key, data;
+ int rc;
+
+#if DB_VERSION_MAJOR >= 2
+ LDBMCursor *dbci;
+
+ ldbm_datum_init( key );
+ ldbm_datum_init( data );
+
+ key.flags = data.flags = DB_DBT_MALLOC;
+
+ LDBM_RLOCK;
+
+ /* acquire a cursor for the DB */
+# if DB_VERSION_X >= 0x020600
+ rc = ldbm->cursor( ldbm, NULL, &dbci, 0 );
+# else
+ rc = ldbm->cursor( ldbm, NULL, &dbci );
+# endif
+
+ if( rc ) {
+ key.dptr = NULL;
+ } else {
+ *dbch = dbci;
+ if ( dbci->c_get( dbci, &key, &data, DB_NEXT ) == 0 ) {
+ ldbm_datum_free( ldbm, data );
+ } else {
+ key.dptr = NULL;
+ key.dsize = 0;
+ }
+ }
+
+ LDBM_RUNLOCK;
+
+#else
+ LDBM_RLOCK;
+
+ rc = ldbm->seq( ldbm, &key, &data, R_FIRST );
+
+ if ( rc == 0 ) {
+ key = ldbm_datum_dup( ldbm, key );
+ } else {
+ key.dptr = NULL;
+ key.dsize = 0;
+ }
+
+ LDBM_RUNLOCK;
+#endif
+
+ return( key );
+}
+
+Datum
+ldbm_nextkey( LDBM ldbm, Datum key, LDBMCursor *dbcp )
+{
+ int rc;
+ Datum data;
+
+ LDBM_RLOCK;
+
+#if DB_VERSION_MAJOR >= 2
+ ldbm_datum_init( data );
+
+ ldbm_datum_free( ldbm, key );
+ key.flags = data.flags = DB_DBT_MALLOC;
+
+ rc = dbcp->c_get( dbcp, &key, &data, DB_NEXT );
+ if ( rc == 0 ) {
+ ldbm_datum_free( ldbm, data );
+ } else
+#else
+ rc = ldbm->seq( ldbm, &key, &data, R_NEXT );
+
+ if ( rc == 0 ) {
+ key = ldbm_datum_dup( ldbm, key );
+ } else
+#endif
+ {
+ key.dptr = NULL;
+ key.dsize = 0;
+ }
+
+ LDBM_RUNLOCK;
+ return( key );
+}
+
+int
+ldbm_errno( LDBM ldbm )
+{
+ return( errno );
+}
+
+/******************************************************************
+ * *
+ * END Berkeley section *
+ * *
+ ******************************************************************/
+
+#elif defined( HAVE_GDBM )
+
+#ifdef HAVE_STRUCT_STAT_ST_BLKSIZE
+#include <sys/stat.h>
+#endif
+
+/*****************************************************************
+ * *
+ * use gdbm *
+ * *
+ *****************************************************************/
+
+LDBM
+ldbm_open( DB_ENV *env, char *name, int rw, int mode, int dbcachesize )
+{
+ LDBM db;
+#ifdef HAVE_STRUCT_STAT_ST_BLKSIZE
+ struct stat st;
+#endif
+#ifdef HAVE_EBCDIC
+ char n2[2048];
+
+ strncpy(n2, name, sizeof(n2)-1);
+ n2[sizeof(n2)-1] = '\0';
+ __atoe(n2);
+ name = n2;
+#endif
+
+ LDBM_WLOCK;
+
+ if ( (db = gdbm_open( name, 0, rw | GDBM_FAST, mode, 0 )) == NULL ) {
+ LDBM_WUNLOCK;
+ return( NULL );
+ }
+
+#ifdef HAVE_STRUCT_STAT_ST_BLKSIZE
+ if ( dbcachesize > 0 && stat( name, &st ) == 0 ) {
+ dbcachesize /= st.st_blksize;
+ if( dbcachesize == 0 ) dbcachesize = 1;
+ gdbm_setopt( db, GDBM_CACHESIZE, &dbcachesize, sizeof(int) );
+ }
+#else
+ if ( dbcachesize > 0 ) {
+ dbcachesize /= 4096;
+ if( dbcachesize == 0 ) dbcachesize = 1;
+ gdbm_setopt( db, GDBM_CACHESIZE, &dbcachesize, sizeof(int) );
+ }
+#endif
+
+ LDBM_WUNLOCK;
+
+ return( db );
+}
+
+void
+ldbm_close( LDBM ldbm )
+{
+ LDBM_WLOCK;
+ gdbm_close( ldbm );
+ LDBM_WUNLOCK;
+}
+
+void
+ldbm_sync( LDBM ldbm )
+{
+ LDBM_WLOCK;
+ gdbm_sync( ldbm );
+ LDBM_WUNLOCK;
+}
+
+Datum
+ldbm_fetch( LDBM ldbm, Datum key )
+{
+ Datum d;
+
+ LDBM_RLOCK;
+ d = gdbm_fetch( ldbm, key );
+ LDBM_RUNLOCK;
+
+ return d;
+}
+
+int
+ldbm_store( LDBM ldbm, Datum key, Datum data, int flags )
+{
+ int rc;
+
+ LDBM_WLOCK;
+ rc = gdbm_store( ldbm, key, data, flags & ~LDBM_SYNC );
+ if ( flags & LDBM_SYNC )
+ gdbm_sync( ldbm );
+ LDBM_WUNLOCK;
+
+ return( rc );
+}
+
+int
+ldbm_delete( LDBM ldbm, Datum key )
+{
+ int rc;
+
+ LDBM_WLOCK;
+ rc = gdbm_delete( ldbm, key );
+ gdbm_sync( ldbm );
+ LDBM_WUNLOCK;
+
+ return( rc );
+}
+
+Datum
+ldbm_firstkey( LDBM ldbm, LDBMCursor **dbcp )
+{
+ Datum d;
+
+ LDBM_RLOCK;
+ d = gdbm_firstkey( ldbm );
+ LDBM_RUNLOCK;
+
+ if ( d.dptr != NULL ) {
+ *dbcp = (Datum *) malloc( sizeof( Datum ) );
+ **dbcp = ldbm_datum_dup( ldbm, d );
+ }
+
+ return d;
+}
+
+Datum
+ldbm_nextkey( LDBM ldbm, Datum key, LDBMCursor *dbcp )
+{
+ Datum d;
+
+ LDBM_RLOCK;
+ d = gdbm_nextkey( ldbm, *dbcp );
+ LDBM_RUNLOCK;
+
+ ldbm_datum_free( ldbm, *dbcp );
+
+ if ( d.dptr != NULL ) {
+ *dbcp = ldbm_datum_dup( ldbm, d );
+ } else {
+ free( dbcp );
+ }
+
+ return d;
+}
+
+int
+ldbm_errno( LDBM ldbm )
+{
+ int err;
+
+ LDBM_WLOCK;
+ err = gdbm_errno;
+ LDBM_WUNLOCK;
+
+ return( err );
+}
+
+#elif HAVE_MDBM
+
+/* MMAPED DBM HASHING DATABASE */
+
+#include <ac/string.h>
+
+/* #define MDBM_DEBUG */
+
+#ifdef MDBM_DEBUG
+#include <stdio.h>
+#endif
+
+#define NO_NULL_KEY
+/* #define MDBM_CHAIN */
+
+#ifdef MDBM_CHAIN
+
+/* Use chaining */
+
+#define mdbm_store mdbm_chain_store
+#define mdbm_fetch mdbm_chain_fetch
+#define mdbm_delete mdbm_chain_delete
+#define mdbm_first mdbm_chain_first
+#define mdbm_next mdbm_chain_next
+
+#endif
+
+#define MDBM_PG_SZ (4*1024)
+
+/*****************************************************************
+ * *
+ * use mdbm *
+ * *
+ *****************************************************************/
+
+LDBM
+ldbm_open( DB_ENV *env, char *name, int rw, int mode, int dbcachesize )
+{
+ LDBM db;
+
+#ifdef MDBM_DEBUG
+ fprintf( stdout,
+ "==>(mdbm)ldbm_open(name=%s,rw=%x,mode=%x,cachesize=%d)\n",
+ name ? name : "NULL", rw, mode, dbcachesize );
+ fflush( stdout );
+#endif
+
+ LDBM_WLOCK; /* We need locking here, this is the only non-thread
+ * safe function we have. */
+
+ if ( (db = mdbm_open( name, rw, mode, MDBM_PG_SZ )) == NULL ) {
+ LDBM_WUNLOCK;
+#ifdef MDBM_DEBUG
+ fprintf( stdout, "<==(mdbm)ldbm_open(db=NULL)\n" );
+ fflush( stdout );
+#endif
+ return( NULL );
+ }
+
+#ifdef MDBM_CHAIN
+ (void)mdbm_set_chain(db);
+#endif
+
+ LDBM_WUNLOCK;
+
+#ifdef MDBM_DEBUG
+ fprintf( stdout, "<==(mdbm)ldbm_open(db=%p)\n", db );
+ fflush( stdout );
+#endif
+
+ return( db );
+}
+
+void
+ldbm_close( LDBM ldbm )
+{
+ /* Open and close are not reentrant so we need to use locks here */
+
+#ifdef MDBM_DEBUG
+ fprintf( stdout,
+ "==>(mdbm)ldbm_close(db=%p)\n", ldbm );
+ fflush( stdout );
+#endif
+
+ LDBM_WLOCK;
+ mdbm_close( ldbm );
+ LDBM_WUNLOCK;
+
+#ifdef MDBM_DEBUG
+ fprintf( stdout, "<==(mdbm)ldbm_close()\n" );
+ fflush( stdout );
+#endif
+}
+
+void
+ldbm_sync( LDBM ldbm )
+{
+ /* XXX: Not sure if this is re-entrant need to check code, if so
+ * you can leave LOCKS out.
+ */
+
+ LDBM_WLOCK;
+ mdbm_sync( ldbm );
+ LDBM_WUNLOCK;
+}
+
+#define MAX_MDBM_RETRY 5
+
+Datum
+ldbm_fetch( LDBM ldbm, Datum key )
+{
+ Datum d;
+ kvpair k;
+ int retry = 0;
+
+ /* This hack is needed because MDBM does not take keys
+ * which begin with NULL when working in the chaining
+ * mode.
+ */
+
+#ifdef NO_NULL_KEY
+ k.key.dsize = key.dsize + 1;
+ k.key.dptr = malloc(k.key.dsize);
+ *(k.key.dptr) = 'l';
+ AC_MEMCPY( (void *)(k.key.dptr + 1), key.dptr, key.dsize );
+#else
+ k.key = key;
+#endif
+
+ k.val.dptr = NULL;
+ k.val.dsize = 0;
+
+ /* LDBM_RLOCK; */
+ do {
+ d = mdbm_fetch( ldbm, k );
+
+ if ( d.dsize > 0 ) {
+ if ( k.val.dptr != NULL ) {
+ free( k.val.dptr );
+ }
+
+ if ( (k.val.dptr = malloc( d.dsize )) != NULL ) {
+ k.val.dsize = d.dsize;
+ d = mdbm_fetch( ldbm, k );
+
+ } else {
+ d.dsize = 0;
+ break;
+ }
+ }/* if ( d.dsize > 0 ) */
+ } while ((d.dsize > k.val.dsize) && (++retry < MAX_MDBM_RETRY));
+ /* LDBM_RUNLOCK; */
+
+#ifdef NO_NULL_KEY
+ free(k.key.dptr);
+#endif
+
+ return d;
+}
+
+int
+ldbm_store( LDBM ldbm, Datum key, Datum data, int flags )
+{
+ int rc;
+ Datum int_key; /* Internal key */
+
+#ifdef MDBM_DEBUG
+ fprintf( stdout,
+ "==>(mdbm)ldbm_store(db=%p, key(dptr=%p,sz=%d), data(dptr=%p,sz=%d), flags=%x)\n",
+ ldbm, key.dptr, key.dsize, data.dptr, data.dsize, flags );
+ fflush( stdout );
+#endif
+
+ /* LDBM_WLOCK; */
+
+#ifdef NO_NULL_KEY
+ int_key.dsize = key.dsize + 1;
+ int_key.dptr = malloc( int_key.dsize );
+ *(int_key.dptr) = 'l'; /* Must not be NULL !*/
+ AC_MEMCPY( (void *)(int_key.dptr + 1), key.dptr, key.dsize );
+#else
+ int_key = key;
+#endif
+
+ rc = mdbm_store( ldbm, int_key, data, flags );
+ if ( flags & LDBM_SYNC ) {
+ mdbm_sync( ldbm );
+ }
+
+ /* LDBM_WUNLOCK; */
+
+#ifdef MDBM_DEBUG
+ fprintf( stdout, "<==(mdbm)ldbm_store(rc=%d)\n", rc );
+ fflush( stdout );
+#endif
+
+#ifdef NO_NULL_KEY
+ free(int_key.dptr);
+#endif
+
+ return( rc );
+}
+
+int
+ldbm_delete( LDBM ldbm, Datum key )
+{
+ int rc;
+ Datum int_key;
+
+ /* LDBM_WLOCK; */
+
+#ifdef NO_NULL_KEY
+ int_key.dsize = key.dsize + 1;
+ int_key.dptr = malloc(int_key.dsize);
+ *(int_key.dptr) = 'l';
+ AC_MEMCPY( (void *)(int_key.dptr + 1), key.dptr, key.dsize );
+#else
+ int_key = key;
+#endif
+
+ rc = mdbm_delete( ldbm, int_key );
+
+ /* LDBM_WUNLOCK; */
+#ifdef NO_NULL_KEY
+ free(int_key.dptr);
+#endif
+
+ return( rc );
+}
+
+static Datum
+ldbm_get_next( LDBM ldbm, kvpair (*fptr)(MDBM *, kvpair) )
+{
+ kvpair out;
+ kvpair in;
+ Datum ret;
+ size_t sz = MDBM_PAGE_SIZE(ldbm);
+#ifdef NO_NULL_KEY
+ int delta = 1;
+#else
+ int delta = 0;
+#endif
+
+ /* LDBM_RLOCK; */
+
+ in.key.dsize = sz; /* Assume first key in one pg */
+ in.key.dptr = malloc(sz);
+
+ in.val.dptr = NULL; /* Don't need data just key */
+ in.val.dsize = 0;
+
+ ret.dptr = NULL;
+ ret.dsize = NULL;
+
+ out = fptr( ldbm, in );
+
+ if (out.key.dsize > 0) {
+ ret.dsize = out.key.dsize - delta;
+
+ if ((ret.dptr = (char *)malloc(ret.dsize)) == NULL) {
+ ret.dsize = 0;
+ ret.dptr = NULL;
+
+ } else {
+ AC_MEMCPY(ret.dptr, (void *)(out.key.dptr + delta),
+ ret.dsize );
+ }
+ }
+
+ /* LDBM_RUNLOCK; */
+
+ free(in.key.dptr);
+ return ret;
+}
+
+Datum
+ldbm_firstkey( LDBM ldbm, LDBMCursor **dbcp )
+{
+ return ldbm_get_next( ldbm, mdbm_first );
+}
+
+Datum
+ldbm_nextkey( LDBM ldbm, Datum key, LDBMCursor *dbcp )
+{
+ /* XXX:
+ * don't know if this will affect the LDAP server operation
+ * but mdbm cannot take and input key.
+ */
+
+ return ldbm_get_next( ldbm, mdbm_next );
+}
+
+int
+ldbm_errno( LDBM ldbm )
+{
+ /* XXX: best we can do with current mdbm interface */
+ return( errno );
+}
+
+#elif defined( HAVE_NDBM )
+
+/*****************************************************************
+ * *
+ * if no gdbm or mdbm, fall back to using ndbm, the standard unix thing *
+ * *
+ *****************************************************************/
+
+/* ARGSUSED */
+LDBM
+ldbm_open( DB_ENV *env, char *name, int rw, int mode, int dbcachesize )
+{
+ LDBM ldbm;
+
+ LDBM_WLOCK;
+ ldbm = dbm_open( name, rw, mode );
+ LDBM_WUNLOCK;
+
+ return( ldbm );
+}
+
+void
+ldbm_close( LDBM ldbm )
+{
+ LDBM_WLOCK;
+ dbm_close( ldbm );
+ LDBM_WUNLOCK;
+}
+
+/* ARGSUSED */
+void
+ldbm_sync( LDBM ldbm )
+{
+ return;
+}
+
+Datum
+ldbm_fetch( LDBM ldbm, Datum key )
+{
+ Datum d;
+
+ LDBM_RLOCK;
+ d = ldbm_datum_dup( ldbm, dbm_fetch( ldbm, key ) );
+ LDBM_RUNLOCK;
+
+ return d;
+}
+
+int
+ldbm_store( LDBM ldbm, Datum key, Datum data, int flags )
+{
+ int rc;
+
+ LDBM_WLOCK;
+ rc = dbm_store( ldbm, key, data, flags );
+ LDBM_WUNLOCK;
+
+ return rc;
+}
+
+int
+ldbm_delete( LDBM ldbm, Datum key )
+{
+ int rc;
+
+ LDBM_WLOCK;
+ rc = dbm_delete( ldbm, key );
+ LDBM_WUNLOCK;
+
+ return rc;
+}
+
+Datum
+ldbm_firstkey( LDBM ldbm, LDBMCursor **dbcp )
+{
+ Datum d;
+
+ LDBM_RLOCK;
+ d = dbm_firstkey( ldbm );
+ LDBM_RUNLOCK;
+
+ return d;
+}
+
+Datum
+ldbm_nextkey( LDBM ldbm, Datum key, LDBMCursor *dbcp )
+{
+ Datum d;
+
+ LDBM_RLOCK;
+ d = dbm_nextkey( ldbm );
+ LDBM_RUNLOCK;
+
+ return d;
+}
+
+int
+ldbm_errno( LDBM ldbm )
+{
+ int err;
+
+ LDBM_WLOCK;
+ err = dbm_error( ldbm );
+ LDBM_WUNLOCK;
+
+ return err;
+}
+
+#endif /* ndbm */
+#endif /* ldbm */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/ldbm.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/ldbm.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/ldbm.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,278 @@
+/* ldbm.h - ldap dbm compatibility routine header file */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/ldbm.h,v 1.2.2.3 2007/01/02 21:44:03 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _LDBM_H_
+#define _LDBM_H_
+
+#include <ldap_cdefs.h>
+#include <ac/string.h>
+
+/* dummy DB_ENV for non Berkeley DB */
+#if !defined( LDBM_USE_DBBTREE ) && !defined( LDBM_USE_DBHASH )
+# define DB_ENV void
+#endif
+
+#if defined( LDBM_USE_DBBTREE ) || defined( LDBM_USE_DBHASH )
+
+/*****************************************************************
+ * *
+ * use berkeley db btree or hash package *
+ * *
+ *****************************************************************/
+#include <sys/types.h>
+#include <limits.h>
+#include <fcntl.h>
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# ifdef HAVE_DB1_DB_H
+# include <db1/db.h>
+# else
+# include <db.h>
+# endif
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+#ifndef DB_VERSION_MINOR
+# define DB_VERSION_MINOR 85
+#endif
+
+#if DB_VERSION_MAJOR >= 2
+# define R_NOOVERWRITE DB_NOOVERWRITE
+# ifndef DEFAULT_DB_PAGE_SIZE
+# define DEFAULT_DB_PAGE_SIZE 4096
+# endif
+#else
+# define DB_ENV void
+#endif
+
+
+LDAP_BEGIN_DECL
+
+typedef DBT Datum;
+#define dsize size
+#define dptr data
+
+typedef DB *LDBM;
+
+
+/* for ldbm_open */
+#if DB_VERSION_MAJOR >= 2
+typedef DBC LDBMCursor;
+
+# define LDBM_READER DB_RDONLY
+# define LDBM_WRITER 0x00000 /* hopefully */
+# if defined( HAVE_BERKELEY_DB_THREAD )
+# define LDBM_WRCREAT (DB_NOMMAP|DB_CREATE|DB_THREAD)
+# define LDBM_NEWDB (DB_TRUNCATE|DB_CREATE|DB_THREAD)
+# else
+# define LDBM_WRCREAT (DB_NOMMAP|DB_CREATE)
+# define LDBM_NEWDB (DB_TRUNCATE|DB_CREATE)
+# endif
+
+#else
+typedef void LDBMCursor;
+# define LDBM_READER O_RDONLY
+# define LDBM_WRITER O_RDWR
+# define LDBM_WRCREAT (O_RDWR|O_CREAT)
+# define LDBM_NEWDB (O_RDWR|O_TRUNC|O_CREAT)
+#endif
+
+LDAP_END_DECL
+
+/* for ldbm_open */
+#define LDBM_NOSYNC 0
+#define LDBM_SYNC 0
+#define LDBM_LOCKING 0
+#define LDBM_NOLOCKING 0
+
+/* for ldbm_insert */
+#define LDBM_INSERT R_NOOVERWRITE
+#define LDBM_REPLACE 0
+
+#ifdef LDBM_USE_DBBTREE
+# define LDBM_ORDERED 1
+# define LDBM_SUFFIX ".dbb"
+# define DB_TYPE DB_BTREE
+#else
+# define LDBM_SUFFIX ".dbh"
+# define DB_TYPE DB_HASH
+#endif
+
+#elif defined( HAVE_GDBM )
+
+/*****************************************************************
+ * *
+ * use gdbm if possible *
+ * *
+ *****************************************************************/
+
+#include <gdbm.h>
+
+LDAP_BEGIN_DECL
+
+typedef datum Datum;
+typedef Datum LDBMCursor;
+typedef GDBM_FILE LDBM;
+
+LDAP_END_DECL
+
+/* for ldbm_open */
+#define LDBM_READER GDBM_READER
+#define LDBM_WRITER GDBM_WRITER
+#define LDBM_WRCREAT GDBM_WRCREAT
+#define LDBM_NEWDB GDBM_NEWDB
+
+#ifdef GDBM_FAST
+#define LDBM_NOSYNC GDBM_FAST
+#else
+#define LDBM_NOSYNC 0
+#endif
+
+#ifdef GDBM_SYNC
+#define LDBM_SYNC GDBM_SYNC
+#else
+#define LDBM_SYNC 0
+#endif
+
+#define LDBM_LOCKING 0
+#ifdef GDBM_NOLOCK
+#define LDBM_NOLOCKING GDBM_NOLOCK
+#else
+#define LDBM_NOLOCKING 0
+#endif
+
+#define LDBM_SUFFIX ".gdbm"
+
+/* for ldbm_insert */
+#define LDBM_INSERT GDBM_INSERT
+#define LDBM_REPLACE GDBM_REPLACE
+
+#elif defined( HAVE_MDBM )
+
+/*****************************************************************
+ * *
+ * use mdbm if possible *
+ * *
+ *****************************************************************/
+
+#include <mdbm.h>
+
+LDAP_BEGIN_DECL
+
+typedef datum Datum;
+typedef int LDBMCursor;
+typedef MDBM *LDBM;
+
+LDAP_END_DECL
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+/* for ldbm_open */
+#define LDBM_READER O_RDONLY
+#define LDBM_WRITER O_RDWR
+#define LDBM_WRCREAT (O_RDWR|O_CREAT)
+#define LDBM_NEWDB (O_RDWR|O_TRUNC|O_CREAT)
+
+#define LDBM_SYNC 0
+#define LDBM_NOSYNC 0
+#define LDBM_LOCKING 0
+#define LDBM_NOLOCKING 0
+
+#define LDBM_SUFFIX ".mdbm"
+
+/* for ldbm_insert */
+#define LDBM_INSERT MDBM_INSERT
+#define LDBM_REPLACE MDBM_REPLACE
+
+#elif defined( HAVE_NDBM )
+
+/*****************************************************************
+ * *
+ * if none of the above use ndbm, the standard unix thing *
+ * *
+ *****************************************************************/
+
+#include <ndbm.h>
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+LDAP_BEGIN_DECL
+
+typedef datum Datum;
+typedef int LDBMCursor;
+typedef DBM *LDBM;
+
+LDAP_END_DECL
+
+/* for ldbm_open */
+#define LDBM_READER O_RDONLY
+#define LDBM_WRITER O_WRONLY
+#define LDBM_WRCREAT (O_RDWR|O_CREAT)
+#define LDBM_NEWDB (O_RDWR|O_TRUNC|O_CREAT)
+
+#define LDBM_NOSYNC 0
+#define LDBM_SYNC 0
+#define LDBM_NOLOCK 0
+#define LDBM_SYNC 0
+
+#define LDBM_SUFFIX ".ndbm"
+
+/* for ldbm_insert */
+#define LDBM_INSERT DBM_INSERT
+#define LDBM_REPLACE DBM_REPLACE
+
+#endif
+
+LDAP_BEGIN_DECL
+
+LDAP_LDBM_F (int) ldbm_initialize( const char * );
+LDAP_LDBM_F (int) ldbm_shutdown( void );
+
+LDAP_LDBM_F (DB_ENV*) ldbm_initialize_env(const char *, int dbcachesize, int *envdirok);
+LDAP_LDBM_F (void) ldbm_shutdown_env(DB_ENV *);
+
+LDAP_LDBM_F (int) ldbm_errno( LDBM ldbm );
+LDAP_LDBM_F (LDBM) ldbm_open( DB_ENV *env, char *name, int rw, int mode, int dbcachesize );
+LDAP_LDBM_F (void) ldbm_close( LDBM ldbm );
+LDAP_LDBM_F (void) ldbm_sync( LDBM ldbm );
+LDAP_LDBM_F (void) ldbm_datum_free( LDBM ldbm, Datum data );
+LDAP_LDBM_F (Datum) ldbm_datum_dup( LDBM ldbm, Datum data );
+LDAP_LDBM_F (Datum) ldbm_fetch( LDBM ldbm, Datum key );
+LDAP_LDBM_F (int) ldbm_store( LDBM ldbm, Datum key, Datum data, int flags );
+LDAP_LDBM_F (int) ldbm_delete( LDBM ldbm, Datum key );
+
+LDAP_LDBM_F (Datum) ldbm_firstkey( LDBM ldbm, LDBMCursor **cursor );
+LDAP_LDBM_F (Datum) ldbm_nextkey( LDBM ldbm, Datum key, LDBMCursor *cursor );
+
+/* initialization of Datum structures */
+#if defined( HAVE_BERKELEY_DB ) && (DB_VERSION_MAJOR >= 2)
+ LDAP_LDBM_F (void *) ldbm_malloc( size_t size );
+# define ldbm_datum_init(d) ((void)memset(&(d), '\0', sizeof(Datum)))
+#else
+# define ldbm_datum_init(d) ((void)0)
+#endif /* HAVE_BERKELEY_DB */
+
+LDAP_END_DECL
+
+#endif /* _ldbm_h_ */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/modify.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/modify.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/modify.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,305 @@
+/* modify.c - ldbm backend modify routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/modify.c,v 1.115.2.9 2007/01/02 21:44:03 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/time.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
+
+/* We need this function because of LDAP modrdn. If we do not
+ * add this there would be a bunch of code replication here
+ * and there and of course the likelihood of bugs increases.
+ * Juan C. Gomez (gomez at engr.sgi.com) 05/18/99
+ */
+int ldbm_modify_internal(
+ Operation *op,
+ Modifications *modlist,
+ Entry *e,
+ const char **text,
+ char *textbuf,
+ size_t textlen )
+{
+ int rc = LDAP_SUCCESS;
+ Modification *mod;
+ Modifications *ml;
+ Attribute *save_attrs;
+ Attribute *ap;
+
+ Debug(LDAP_DEBUG_TRACE,
+ "ldbm_modify_internal: %s\n",
+ e->e_name.bv_val,
+ get_permissiveModify(op) ? " (permissive)" : "",
+ 0 );
+
+ if ( !acl_check_modlist( op, e, modlist )) {
+ return LDAP_INSUFFICIENT_ACCESS;
+ }
+
+ save_attrs = e->e_attrs;
+ e->e_attrs = attrs_dup( e->e_attrs );
+
+ for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
+ mod = &ml->sml_mod;
+
+ switch ( mod->sm_op ) {
+ case LDAP_MOD_ADD:
+ Debug(LDAP_DEBUG_ARGS,
+ "ldbm_modify_internal: add\n", 0, 0, 0);
+
+ rc = modify_add_values( e, mod, get_permissiveModify( op ),
+ text, textbuf, textlen );
+ if( rc != LDAP_SUCCESS ) {
+ Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: %d %s\n",
+ rc, *text, 0);
+ }
+ break;
+
+ case LDAP_MOD_DELETE:
+ Debug(LDAP_DEBUG_ARGS,
+ "ldbm_modify_internal: delete\n", 0, 0, 0);
+
+ rc = modify_delete_values( e, mod, get_permissiveModify( op ),
+ text, textbuf, textlen );
+ assert( rc != LDAP_TYPE_OR_VALUE_EXISTS );
+ if( rc != LDAP_SUCCESS ) {
+ Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: %d %s\n",
+ rc, *text, 0);
+ }
+ break;
+
+ case LDAP_MOD_REPLACE:
+ Debug(LDAP_DEBUG_ARGS,
+ "ldbm_modify_internal: replace\n", 0, 0, 0);
+
+ rc = modify_replace_values( e, mod, get_permissiveModify( op ),
+ text, textbuf, textlen );
+ if( rc != LDAP_SUCCESS ) {
+ Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: %d %s\n",
+ rc, *text, 0);
+ }
+ break;
+
+ case LDAP_MOD_INCREMENT:
+ Debug(LDAP_DEBUG_ARGS,
+ "ldbm_modify_internal: increment\n",0,0,0);
+
+ rc = modify_increment_values( e, mod, get_permissiveModify( op ),
+ text, textbuf, textlen );
+ if( rc != LDAP_SUCCESS ) {
+ Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: %d %s\n",
+ rc, *text, 0);
+ }
+ break;
+
+ case SLAP_MOD_SOFTADD:
+ Debug(LDAP_DEBUG_ARGS,
+ "ldbm_modify_internal: softadd\n", 0, 0, 0);
+
+ /* Avoid problems in index_add_mods()
+ * We need to add index if necessary.
+ */
+ mod->sm_op = LDAP_MOD_ADD;
+
+ rc = modify_add_values( e, mod, get_permissiveModify( op ),
+ text, textbuf, textlen );
+ mod->sm_op = SLAP_MOD_SOFTADD;
+ if ( rc == LDAP_TYPE_OR_VALUE_EXISTS ) {
+ rc = LDAP_SUCCESS;
+ }
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: %d %s\n",
+ rc, *text, 0);
+ }
+ break;
+
+ default:
+ Debug(LDAP_DEBUG_ANY, "ldbm_modify_internal: invalid op %d\n",
+ mod->sm_op, 0, 0);
+
+ rc = LDAP_OTHER;
+ *text = "Invalid modify operation";
+ Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: %d %s\n",
+ rc, *text, 0);
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ goto exit;
+ }
+
+ /* If objectClass was modified, reset the flags */
+ if ( mod->sm_desc == slap_schema.si_ad_objectClass ) {
+ e->e_ocflags = 0;
+ }
+
+ /* check if modified attribute was indexed */
+ rc = index_is_indexed( op->o_bd, mod->sm_desc );
+ if ( rc == LDAP_SUCCESS ) {
+ ap = attr_find( save_attrs, mod->sm_desc );
+ if ( ap ) ap->a_flags |= SLAP_ATTR_IXDEL;
+
+ ap = attr_find( e->e_attrs, mod->sm_desc );
+ if ( ap ) ap->a_flags |= SLAP_ATTR_IXADD;
+ }
+ }
+
+ /* check that the entry still obeys the schema */
+ rc = entry_schema_check( op, e, save_attrs, get_manageDIT(op),
+ text, textbuf, textlen );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "entry failed schema check: %s\n",
+ *text, 0, 0 );
+
+ goto exit;
+ }
+
+ /* check for abandon */
+ if ( op->o_abandon ) {
+ rc = SLAPD_ABANDON;
+ goto exit;
+ }
+
+ /* update the indices of the modified attributes */
+
+ /* start with deleting the old index entries */
+ for ( ap = save_attrs; ap != NULL; ap = ap->a_next ) {
+ if ( ap->a_flags & SLAP_ATTR_IXDEL ) {
+ rc = index_values( op, ap->a_desc,
+ ap->a_nvals,
+ e->e_id, SLAP_INDEX_DELETE_OP );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "ldbm_modify_internal: Attribute index delete failure\n",
+ 0, 0, 0 );
+ goto exit;
+ }
+ ap->a_flags &= ~SLAP_ATTR_IXDEL;
+ }
+ }
+
+ /* add the new index entries */
+ for ( ap = e->e_attrs; ap != NULL; ap = ap->a_next ) {
+ if ( ap->a_flags & SLAP_ATTR_IXADD ) {
+ rc = index_values( op, ap->a_desc,
+ ap->a_nvals,
+ e->e_id, SLAP_INDEX_ADD_OP );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "ldbm_modify_internal: Attribute index add failure\n",
+ 0, 0, 0 );
+ goto exit;
+ }
+ ap->a_flags &= ~SLAP_ATTR_IXADD;
+ }
+ }
+
+exit:
+ if ( rc == LDAP_SUCCESS ) {
+ attrs_free( save_attrs );
+ } else {
+ for ( ap = save_attrs; ap; ap = ap->a_next ) {
+ ap->a_flags = 0;
+ }
+ attrs_free( e->e_attrs );
+ e->e_attrs = save_attrs;
+ }
+
+ return rc;
+}
+
+int
+ldbm_back_modify(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
+ Entry *matched;
+ Entry *e;
+ int manageDSAit = get_manageDSAit( op );
+ char textbuf[SLAP_TEXT_BUFLEN];
+ size_t textlen = sizeof textbuf;
+
+ Debug(LDAP_DEBUG_ARGS, "ldbm_back_modify:\n", 0, 0, 0);
+
+ slap_mods_opattrs( op, &op->orm_modlist, 1 );
+
+ /* grab giant lock for writing */
+ ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
+
+ /* acquire and lock entry */
+ e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
+
+ /* FIXME: dn2entry() should return non-glue entry */
+ if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) {
+ if ( matched != NULL ) {
+ rs->sr_matched = ber_strdup_x( matched->e_dn, op->o_tmpmemctx );
+ rs->sr_ref = is_entry_referral( matched )
+ ? get_entry_referrals( op, matched )
+ : NULL;
+ cache_return_entry_r( &li->li_cache, matched );
+ } else {
+ rs->sr_ref = referral_rewrite( default_referral, NULL,
+ &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ }
+
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
+ goto return_results;
+ }
+
+ if ( !manageDSAit && is_entry_referral( e ) ) {
+ /* parent is a referral, don't allow add */
+ /* parent is an alias, don't allow add */
+ rs->sr_ref = get_entry_referrals( op, e );
+
+ Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
+ 0, 0 );
+
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_matched = ber_strdup_x( e->e_name.bv_val, op->o_tmpmemctx );
+ rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
+ goto return_results;
+ }
+
+ /* Modify the entry */
+ rs->sr_err = ldbm_modify_internal( op, op->oq_modify.rs_modlist, e,
+ &rs->sr_text, textbuf, textlen );
+
+ /* change the entry itself */
+ if( rs->sr_err == LDAP_SUCCESS ) {
+ if ( id2entry_add( op->o_bd, e ) != 0 ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "id2entry failure";
+ }
+ }
+
+return_results:;
+ if( e != NULL ) cache_return_entry_w( &li->li_cache, e );
+ ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+
+ send_ldap_result( op, rs );
+ slap_graduate_commit_csn( op );
+
+ rs->sr_text = NULL;
+ return rs->sr_err;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/modrdn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/modrdn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/modrdn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,506 @@
+/* modrdn.c - ldbm backend modrdn routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/modrdn.c,v 1.153.2.9 2007/01/02 21:44:03 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright 1999, Juan C. Gomez, All rights reserved.
+ * This software is not subject to any license of Silicon Graphics
+ * Inc. or Purdue University.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * without restriction or fee of any kind as long as this notice
+ * is preserved.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
+
+int
+ldbm_back_modrdn(
+ Operation *op,
+ SlapReply *rs )
+{
+ AttributeDescription *children = slap_schema.si_ad_children;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
+ struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
+ struct berval p_dn, p_ndn;
+ struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
+ struct berval old_ndn = BER_BVNULL;
+ Entry *e, *p = NULL;
+ Entry *matched;
+ /* LDAP v2 supporting correct attribute handling. */
+ LDAPRDN new_rdn = NULL;
+ LDAPRDN old_rdn = NULL;
+ int rc_id = 0;
+ ID id = NOID;
+ char textbuf[SLAP_TEXT_BUFLEN];
+ size_t textlen = sizeof textbuf;
+ /* Added to support newSuperior */
+ Entry *np = NULL; /* newSuperior Entry */
+ struct berval *np_ndn = NULL; /* newSuperior ndn */
+ struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
+ /* Used to interface with ldbm_modify_internal() */
+ Modifications *mod = NULL; /* Used to delete old/add new rdn */
+ int manageDSAit = get_manageDSAit( op );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "==>ldbm_back_modrdn: dn: %s newSuperior=%s\n",
+ op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "NULL",
+ ( op->oq_modrdn.rs_newSup && op->oq_modrdn.rs_newSup->bv_len )
+ ? op->oq_modrdn.rs_newSup->bv_val : "NULL", 0 );
+
+ /* grab giant lock for writing */
+ ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
+
+ e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
+
+ /* get entry with writer lock */
+ /* FIXME: dn2entry() should return non-glue entry */
+ if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) {
+ if ( matched != NULL ) {
+ rs->sr_matched = strdup( matched->e_dn );
+ rs->sr_ref = is_entry_referral( matched )
+ ? get_entry_referrals( op, matched )
+ : NULL;
+ cache_return_entry_r( &li->li_cache, matched );
+ } else {
+ rs->sr_ref = referral_rewrite( default_referral, NULL,
+ &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ }
+
+ ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+
+ rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+
+ if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
+ free( (char *)rs->sr_matched );
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+ return rs->sr_err;
+ }
+
+ /* check entry for "entry" acl */
+ if ( ! access_allowed( op, e, entry, NULL, ACL_WRITE, NULL ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- ldbm_back_modrdn: no write access to entry\n", 0,
+ 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
+ "no write access to entry" );
+
+ goto return_results;
+ }
+
+ if (!manageDSAit && is_entry_referral( e ) ) {
+ /* parent is a referral, don't allow add */
+ /* parent is an alias, don't allow add */
+ rs->sr_ref = get_entry_referrals( op, e );
+
+ Debug( LDAP_DEBUG_TRACE, "entry %s is referral\n", e->e_dn,
+ 0, 0 );
+
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_matched = e->e_name.bv_val;
+ send_ldap_result( op, rs );
+
+ if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+ goto return_results;
+ }
+
+ if ( has_children( op->o_bd, e ) ) {
+ Debug( LDAP_DEBUG_TRACE, "entry %s has children\n", e->e_dn,
+ 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_NOT_ALLOWED_ON_NONLEAF,
+ "subtree rename not supported" );
+ goto return_results;
+ }
+
+ if ( be_issuffix( op->o_bd, &e->e_nname ) ) {
+ p_ndn = slap_empty_bv ;
+ } else {
+ dnParent( &e->e_nname, &p_ndn );
+ }
+
+ if ( p_ndn.bv_len != 0 ) {
+ /* Make sure parent entry exist and we can write its
+ * children.
+ */
+
+ if( (p = dn2entry_w( op->o_bd, &p_ndn, NULL )) == NULL) {
+ Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
+ 0, 0, 0);
+
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "parent entry does not exist" );
+
+ goto return_results;
+ }
+ } else {
+ p = (Entry *)&slap_entry_root;
+ }
+
+ /* check parent for "children" acl */
+ rs->sr_err = access_allowed( op, p, children, NULL,
+ op->oq_modrdn.rs_newSup != NULL ?
+ ACL_WDEL : ACL_WRITE,
+ NULL );
+
+ if ( BER_BVISEMPTY( &p_ndn ))
+ p = NULL;
+
+ if ( !rs->sr_err )
+ {
+ Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
+ 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
+ NULL );
+ goto return_results;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: wr to children of entry %s OK\n",
+ p_ndn.bv_val, 0, 0 );
+
+ if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
+ p_dn = slap_empty_bv;
+ } else {
+ dnParent( &e->e_name, &p_dn );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: parent dn=%s\n",
+ p_dn.bv_val, 0, 0 );
+
+ new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
+
+ if ( op->oq_modrdn.rs_newSup != NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: new parent \"%s\" requested...\n",
+ op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
+
+ np_ndn = op->oq_modrdn.rs_nnewSup;
+
+ /* newSuperior == oldParent? */
+ if ( dn_match( &p_ndn, np_ndn ) ) {
+ Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: "
+ "new parent\"%s\" seems to be the same as the "
+ "old parent \"%s\"\n",
+ op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
+
+ op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
+ }
+ }
+
+ if ( op->oq_modrdn.rs_newSup != NULL ) {
+ /* newSuperior == entry being moved?, if so ==> ERROR */
+ /* Get Entry with dn=newSuperior. Does newSuperior exist? */
+
+ if ( op->oq_modrdn.rs_nnewSup->bv_len ) {
+ if( (np = dn2entry_w( op->o_bd, np_ndn, NULL )) == NULL) {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: newSup(ndn=%s) not here!\n",
+ np_ndn->bv_val, 0, 0);
+
+ send_ldap_error( op, rs, LDAP_NO_SUCH_OBJECT,
+ "newSuperior not found" );
+ goto return_results;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n",
+ (void *) np, np->e_id, 0 );
+
+ /* check newSuperior for "children" acl */
+ if ( !access_allowed( op, np, children, NULL,
+ ACL_WADD, NULL ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: no wr to newSup children\n",
+ 0, 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
+ goto return_results;
+ }
+
+ if ( is_entry_alias( np ) ) {
+ /* parent is an alias, don't allow add */
+ Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
+
+
+ send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
+ "newSuperior is an alias" );
+
+ goto return_results;
+ }
+
+ if ( is_entry_referral( np ) ) {
+ /* parent is a referral, don't allow add */
+ Debug( LDAP_DEBUG_TRACE, "entry (%s) is referral\n",
+ np->e_dn, 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "newSuperior is a referral" );
+
+ goto return_results;
+ }
+
+ } else {
+ if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
+ || be_shadow_update( op ) ) {
+ int can_access;
+ np = (Entry *)&slap_entry_root;
+
+ can_access = access_allowed( op, np,
+ children, NULL, ACL_WADD, NULL );
+ np = NULL;
+
+ /* check parent for "children" acl */
+ if ( ! can_access ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- ldbm_back_modrdn: no "
+ "access to new superior\n", 0, 0, 0 );
+
+ send_ldap_error( op, rs,
+ LDAP_INSUFFICIENT_ACCESS,
+ NULL );
+ goto return_results;
+ }
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- ldbm_back_modrdn: \"\" "
+ "not allowed as new superior\n",
+ 0, 0, 0);
+
+ send_ldap_error( op, rs,
+ LDAP_INSUFFICIENT_ACCESS,
+ NULL );
+ goto return_results;
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: wr to new parent's children OK\n",
+ 0, 0, 0 );
+
+ new_parent_dn = op->oq_modrdn.rs_newSup;
+ }
+
+ /* Build target dn and make sure target entry doesn't exist already. */
+ build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL );
+ dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL );
+
+ Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new ndn=%s\n",
+ new_ndn.bv_val, 0, 0 );
+
+ /* check for abandon */
+ if ( op->o_abandon ) {
+ rs->sr_err = SLAPD_ABANDON;
+ goto return_results;
+ }
+
+ if ( ( rc_id = dn2id ( op->o_bd, &new_ndn, &id ) ) || id != NOID ) {
+ /* if (rc_id) something bad happened to ldbm cache */
+ rs->sr_err = rc_id ? LDAP_OTHER : LDAP_ALREADY_EXISTS;
+ send_ldap_result( op, rs );
+ goto return_results;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: new ndn=%s does not exist\n",
+ new_ndn.bv_val, 0, 0 );
+
+ /* Get attribute type and attribute value of our new rdn, we will
+ * need to add that to our new entry
+ */
+ if ( ldap_bv2rdn( &op->oq_modrdn.rs_newrdn, &new_rdn, (char **)&rs->sr_text,
+ LDAP_DN_FORMAT_LDAP ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: can't figure out "
+ "type(s)/values(s) of newrdn\n",
+ 0, 0, 0 );
+ send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX,
+ "unknown type(s) used in RDN" );
+ goto return_results;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: new_rdn_type=\"%s\", "
+ "new_rdn_val=\"%s\"\n",
+ new_rdn[ 0 ]->la_attr.bv_val,
+ new_rdn[ 0 ]->la_value.bv_val, 0 );
+
+ if ( op->oq_modrdn.rs_deleteoldrdn ) {
+ if ( ldap_bv2rdn( &op->o_req_dn, &old_rdn, (char **)&rs->sr_text,
+ LDAP_DN_FORMAT_LDAP ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: can't figure out "
+ "the old_rdn type(s)/value(s)\n",
+ 0, 0, 0 );
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "cannot parse RDN from old DN" );
+ goto return_results;
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DN_X500\n",
+ 0, 0, 0 );
+
+ if ( slap_modrdn2mods( op, rs, e, old_rdn, new_rdn, &mod ) != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto return_results;
+ }
+
+ /* check for abandon */
+ if ( op->o_abandon ) {
+ rs->sr_err = SLAPD_ABANDON;
+ goto return_results;
+ }
+
+ (void) cache_delete_entry( &li->li_cache, e );
+
+ free( e->e_dn );
+ old_ndn = e->e_nname;
+ e->e_name = new_dn;
+ e->e_nname = new_ndn;
+ new_dn.bv_val = NULL;
+ new_ndn.bv_val = NULL;
+
+ /* NOTE: after this you must not free new_dn or new_ndn!
+ * They are used by cache.
+ */
+
+ /* modify memory copy of entry */
+ rs->sr_err = ldbm_modify_internal( op, &mod[0], e,
+ &rs->sr_text, textbuf, textlen );
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS:
+ break;
+
+ default:
+ send_ldap_result( op, rs );
+ /* FALLTHRU */
+ case SLAPD_ABANDON:
+ goto return_results;
+ }
+
+ /*
+ * NOTE: the backend MUST delete then add the entry,
+ * otherwise indexing may get hosed
+ * FIXME: if a new ID was used, the add could be done first.
+ * that would be safer.
+ */
+
+ /* delete old one */
+ if ( dn2id_delete( op->o_bd, &old_ndn, e->e_id ) != 0 ) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "DN index delete fail" );
+ goto return_results;
+ }
+
+ /* add new one */
+ if ( dn2id_add( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
+ /* try to repair old entry - probably hopeless */
+ if( dn2id_add( op->o_bd, &old_ndn, e->e_id) != 0 ) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "DN index add and repair failed" );
+ } else {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "DN index add failed" );
+ }
+ goto return_results;
+ }
+
+ /* id2entry index */
+ if ( id2entry_add( op->o_bd, e ) != 0 ) {
+ /* Try to undo */
+ int rc;
+ rc = dn2id_delete( op->o_bd, &e->e_nname, e->e_id );
+ rc |= dn2id_add( op->o_bd, &old_ndn, e->e_id );
+ if( rc ) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "entry update and repair failed" );
+ } else {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "entry update failed" );
+ }
+ goto return_results;
+ }
+
+ (void) cache_update_entry( &li->li_cache, e );
+
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ send_ldap_result( op, rs );
+ cache_entry_commit( e );
+
+return_results:
+ slap_graduate_commit_csn( op );
+ if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
+ if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
+ if( old_ndn.bv_val != NULL ) free( old_ndn.bv_val );
+
+ /* LDAP v2 supporting correct attribute handling. */
+ if ( new_rdn != NULL ) {
+ ldap_rdnfree( new_rdn );
+ }
+ if ( old_rdn != NULL ) {
+ ldap_rdnfree( old_rdn );
+ }
+ if ( mod != NULL ) {
+ Modifications *tmp;
+ for (; mod; mod = tmp ) {
+ /* slap_modrdn2mods does things one way,
+ * slap_mods_opattrs does it differently
+ */
+ if ( mod->sml_op != SLAP_MOD_SOFTADD &&
+ mod->sml_op != LDAP_MOD_DELETE ) break;
+ if ( mod->sml_nvalues ) free( mod->sml_nvalues[0].bv_val );
+ tmp = mod->sml_next;
+ free( mod );
+ }
+ slap_mods_free( mod, 1 );
+ }
+
+ /* LDAP v3 Support */
+ if( np != NULL ) {
+ /* free new parent and writer lock */
+ cache_return_entry_w( &li->li_cache, np );
+ }
+
+ if( p != NULL ) {
+ /* free parent and writer lock */
+ cache_return_entry_w( &li->li_cache, p );
+ }
+
+ /* free entry and writer lock */
+ cache_return_entry_w( &li->li_cache, e );
+ ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+ rs->sr_text = NULL;
+ return( rs->sr_err );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/nextid.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/nextid.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/nextid.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,135 @@
+/* nextid.c - keep track of the next id to be given out */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/nextid.c,v 1.36.2.4 2007/01/02 21:44:03 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/param.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+
+static int
+next_id_read( Backend *be, ID *idp )
+{
+ Datum key, data;
+ DBCache *db;
+
+ *idp = NOID;
+
+ if ( (db = ldbm_cache_open( be, "nextid", LDBM_SUFFIX, LDBM_WRCREAT ))
+ == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Could not open/create nextid" LDBM_SUFFIX "\n",
+ 0, 0, 0 );
+
+ return( -1 );
+ }
+
+ ldbm_datum_init( key );
+ key.dptr = (char *) idp;
+ key.dsize = sizeof(ID);
+
+ data = ldbm_cache_fetch( db, key );
+
+ if( data.dptr != NULL ) {
+ AC_MEMCPY( idp, data.dptr, sizeof( ID ) );
+ ldbm_datum_free( db->dbc_db, data );
+
+ } else {
+ *idp = 1;
+ }
+
+ ldbm_cache_close( be, db );
+ return( 0 );
+}
+
+int
+next_id_write( Backend *be, ID id )
+{
+ Datum key, data;
+ DBCache *db;
+ ID noid = NOID;
+ int flags, rc = 0;
+
+ if ( (db = ldbm_cache_open( be, "nextid", LDBM_SUFFIX, LDBM_WRCREAT ))
+ == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Could not open/create nextid" LDBM_SUFFIX "\n",
+ 0, 0, 0 );
+
+ return( -1 );
+ }
+
+ ldbm_datum_init( key );
+ ldbm_datum_init( data );
+
+ key.dptr = (char *) &noid;
+ key.dsize = sizeof(ID);
+
+ data.dptr = (char *) &id;
+ data.dsize = sizeof(ID);
+
+ flags = LDBM_REPLACE;
+ if ( ldbm_cache_store( db, key, data, flags ) != 0 ) {
+ rc = -1;
+ }
+
+ ldbm_cache_close( be, db );
+ return( rc );
+}
+
+int
+next_id_get( Backend *be, ID *idp )
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+ int rc = 0;
+
+ *idp = NOID;
+
+ if ( li->li_nextid == NOID ) {
+ if ( ( rc = next_id_read( be, idp ) ) ) {
+ return( rc );
+ }
+ li->li_nextid = *idp;
+ }
+
+ *idp = li->li_nextid;
+
+ return( rc );
+}
+
+int
+next_id( Backend *be, ID *idp )
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+ int rc = 0;
+
+ if ( li->li_nextid == NOID ) {
+ if ( ( rc = next_id_read( be, idp ) ) ) {
+ return( rc );
+ }
+ li->li_nextid = *idp;
+ }
+
+ *idp = li->li_nextid++;
+ if ( next_id_write( be, li->li_nextid ) ) {
+ rc = -1;
+ }
+
+ return( rc );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/operational.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/operational.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/operational.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,77 @@
+/* operational.c - ldbm backend operational attributes function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/operational.c,v 1.12.2.4 2007/01/02 21:44:03 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
+
+/*
+ * sets *hasSubordinates to LDAP_COMPARE_TRUE/LDAP_COMPARE_FALSE
+ * if the entry has children or not.
+ */
+int
+ldbm_back_hasSubordinates(
+ Operation *op,
+ Entry *e,
+ int *hasSubordinates )
+{
+ if ( has_children( op->o_bd, e ) ) {
+ *hasSubordinates = LDAP_COMPARE_TRUE;
+
+ } else {
+ *hasSubordinates = LDAP_COMPARE_FALSE;
+ }
+
+ return 0;
+}
+
+/*
+ * sets the supported operational attributes (if required)
+ */
+int
+ldbm_back_operational(
+ Operation *op,
+ SlapReply *rs )
+{
+ Attribute **ap;
+
+ assert( rs->sr_entry != NULL );
+
+ for ( ap = &rs->sr_operational_attrs; *ap; ap = &(*ap)->a_next )
+ /* just count */ ;
+
+ if ( SLAP_OPATTRS( rs->sr_attr_flags ) ||
+ ad_inlist( slap_schema.si_ad_hasSubordinates, rs->sr_attrs ) )
+ {
+ int hs;
+
+ hs = has_children( op->o_bd, rs->sr_entry );
+ *ap = slap_operational_hasSubordinate( hs );
+ assert( *ap != NULL );
+
+ ap = &(*ap)->a_next;
+ }
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/proto-back-ldbm.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/proto-back-ldbm.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/proto-back-ldbm.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,263 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h,v 1.79.2.4 2007/01/02 21:44:03 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _PROTO_BACK_LDBM
+#define _PROTO_BACK_LDBM
+
+#include <ldap_cdefs.h>
+
+LDAP_BEGIN_DECL
+
+/*
+ * alias.c
+ */
+Entry *deref_internal_r LDAP_P((
+ Backend *be,
+ Entry *e,
+ struct berval *dn,
+ int *err,
+ Entry **matched,
+ const char **text ));
+
+#define deref_entry_r( be, e, err, matched, text ) \
+ deref_internal_r( be, e, NULL, err, matched, text )
+#define deref_dn_r( be, dn, err, matched, text ) \
+ deref_internal_r( be, NULL, dn, err, matched, text)
+
+/*
+ * attr.c
+ */
+
+void attr_mask LDAP_P(( struct ldbminfo *li,
+ AttributeDescription *desc,
+ slap_mask_t *indexmask ));
+
+int attr_index_config LDAP_P(( struct ldbminfo *li,
+ const char *fname, int lineno,
+ int argc, char **argv ));
+void attr_index_destroy LDAP_P(( Avlnode *tree ));
+
+/*
+ * cache.c
+ */
+
+int cache_add_entry_rw LDAP_P(( Cache *cache, Entry *e, int rw ));
+int cache_update_entry LDAP_P(( Cache *cache, Entry *e ));
+void cache_return_entry_rw LDAP_P(( Cache *cache, Entry *e, int rw ));
+#define cache_return_entry_r(c, e) cache_return_entry_rw((c), (e), 0)
+#define cache_return_entry_w(c, e) cache_return_entry_rw((c), (e), 1)
+void cache_entry_commit LDAP_P(( Entry *e ));
+
+ID cache_find_entry_ndn2id LDAP_P(( Backend *be, Cache *cache, struct berval *ndn ));
+Entry * cache_find_entry_id LDAP_P(( Cache *cache, ID id, int rw ));
+int cache_delete_entry LDAP_P(( Cache *cache, Entry *e ));
+void cache_release_all LDAP_P(( Cache *cache ));
+
+/*
+ * dbcache.c
+ */
+
+DBCache * ldbm_cache_open LDAP_P(( Backend *be,
+ const char *name, const char *suffix, int flags ));
+void ldbm_cache_close LDAP_P(( Backend *be, DBCache *db ));
+void ldbm_cache_really_close LDAP_P(( Backend *be, DBCache *db ));
+void ldbm_cache_flush_all LDAP_P(( Backend *be ));
+void ldbm_cache_sync LDAP_P(( Backend *be ));
+#if 0 /* replaced by macro */
+Datum ldbm_cache_fetch LDAP_P(( DBCache *db, Datum key ));
+#else /* 1 */
+#define ldbm_cache_fetch( db, key ) ldbm_fetch( (db)->dbc_db, (key) )
+#endif /* 1 */
+int ldbm_cache_store LDAP_P(( DBCache *db, Datum key, Datum data, int flags ));
+int ldbm_cache_delete LDAP_P(( DBCache *db, Datum key ));
+void *ldbm_cache_sync_daemon LDAP_P(( void *ctx, void *arg ));
+
+/*
+ * dn2id.c
+ */
+
+int dn2id_add LDAP_P(( Backend *be, struct berval *dn, ID id ));
+int dn2id LDAP_P(( Backend *be, struct berval *dn, ID *idp ));
+int dn2idl LDAP_P(( Backend *be, struct berval *dn, int prefix, ID_BLOCK **idlp ));
+int dn2id_delete LDAP_P(( Backend *be, struct berval *dn, ID id ));
+
+Entry * dn2entry_rw LDAP_P(( Backend *be, struct berval *dn, Entry **matched, int rw ));
+#define dn2entry_r(be, dn, m) dn2entry_rw((be), (dn), (m), 0)
+#define dn2entry_w(be, dn, m) dn2entry_rw((be), (dn), (m), 1)
+
+/*
+ * entry.c
+ */
+BI_entry_release_rw ldbm_back_entry_release_rw;
+BI_entry_get_rw ldbm_back_entry_get;
+
+/*
+ * filterindex.c
+ */
+
+ID_BLOCK * filter_candidates LDAP_P(( Operation *op, Filter *f ));
+
+/*
+ * id2children.c
+ */
+
+int id2children_add LDAP_P(( Backend *be, Entry *p, Entry *e ));
+int id2children_remove LDAP_P(( Backend *be, Entry *p, Entry *e ));
+int has_children LDAP_P(( Backend *be, Entry *p ));
+
+/*
+ * id2entry.c
+ */
+
+int id2entry_add LDAP_P(( Backend *be, Entry *e ));
+int id2entry_delete LDAP_P(( Backend *be, Entry *e ));
+
+Entry * id2entry_rw LDAP_P(( Backend *be, ID id, int rw ));
+#define id2entry_r(be, id) id2entry_rw((be), (id), 0)
+#define id2entry_w(be, id) id2entry_rw((be), (id), 1)
+
+/*
+ * idl.c
+ */
+
+ID_BLOCK * idl_alloc LDAP_P(( unsigned int nids ));
+ID_BLOCK * idl_allids LDAP_P(( Backend *be ));
+void idl_free LDAP_P(( ID_BLOCK *idl ));
+ID_BLOCK * idl_fetch LDAP_P(( Backend *be, DBCache *db, Datum key ));
+int idl_insert_key LDAP_P(( Backend *be, DBCache *db, Datum key, ID id ));
+int idl_insert LDAP_P(( ID_BLOCK **idl, ID id, unsigned int maxids ));
+int idl_delete_key LDAP_P(( Backend *be, DBCache *db, Datum key, ID id ));
+ID_BLOCK * idl_intersection LDAP_P(( Backend *be, ID_BLOCK *a, ID_BLOCK *b ));
+ID_BLOCK * idl_union LDAP_P(( Backend *be, ID_BLOCK *a, ID_BLOCK *b ));
+ID_BLOCK * idl_notin LDAP_P(( Backend *be, ID_BLOCK *a, ID_BLOCK *b ));
+ID idl_firstid LDAP_P(( ID_BLOCK *idl, ID *cursor ));
+ID idl_nextid LDAP_P(( ID_BLOCK *idl, ID *cursor ));
+
+/*
+ * index.c
+ */
+extern int
+index_is_indexed LDAP_P((
+ Backend *be,
+ AttributeDescription *desc ));
+
+extern int
+index_param LDAP_P((
+ Backend *be,
+ AttributeDescription *desc,
+ int ftype,
+ char **dbname,
+ slap_mask_t *mask,
+ struct berval *prefix ));
+
+extern int
+index_values LDAP_P((
+ Operation *op,
+ AttributeDescription *desc,
+ BerVarray vals,
+ ID id,
+ int opid ));
+
+int index_entry LDAP_P(( Operation *op, int r, Entry *e ));
+#define index_entry_add(be,e) index_entry((be),SLAP_INDEX_ADD_OP,(e))
+#define index_entry_del(be,e) index_entry((be),SLAP_INDEX_DELETE_OP,(e))
+
+
+/*
+ * key.c
+ */
+extern int
+key_change LDAP_P((
+ Backend *be,
+ DBCache *db,
+ struct berval *k,
+ ID id,
+ int op ));
+extern int
+key_read LDAP_P((
+ Backend *be,
+ DBCache *db,
+ struct berval *k,
+ ID_BLOCK **idout ));
+
+/*
+ * modify.c
+ * These prototypes are placed here because they are used by modify and
+ * modify rdn which are implemented in different files.
+ *
+ * We need ldbm_internal_modify here because of LDAP modrdn & modify use
+ * it. If we do not add this, there would be a bunch of code replication
+ * here and there and of course the likelihood of bugs increases.
+ * Juan C. Gomez (gomez at engr.sgi.com) 05/18/99
+ *
+ */
+
+/* returns LDAP error code indicating error OR SLAPD_ABANDON */
+int ldbm_modify_internal LDAP_P(( Operation *op,
+ Modifications *mods, Entry *e,
+ const char **text, char *textbuf, size_t textlen ));
+
+/*
+ * nextid.c
+ */
+
+int next_id LDAP_P(( Backend *be, ID *idp ));
+int next_id_get LDAP_P(( Backend *be, ID *idp ));
+int next_id_write LDAP_P(( Backend *be, ID id ));
+
+/*
+ * former external.h
+ */
+
+extern BI_init ldbm_back_initialize;
+
+extern BI_open ldbm_back_open;
+extern BI_close ldbm_back_close;
+extern BI_destroy ldbm_back_destroy;
+
+extern BI_db_init ldbm_back_db_init;
+extern BI_db_open ldbm_back_db_open;
+extern BI_db_close ldbm_back_db_close;
+extern BI_db_destroy ldbm_back_db_destroy;
+extern BI_db_config ldbm_back_db_config;
+
+extern BI_op_extended ldbm_back_extended;
+extern BI_op_bind ldbm_back_bind;
+extern BI_op_search ldbm_back_search;
+extern BI_op_compare ldbm_back_compare;
+extern BI_op_modify ldbm_back_modify;
+extern BI_op_modrdn ldbm_back_modrdn;
+extern BI_op_add ldbm_back_add;
+extern BI_op_delete ldbm_back_delete;
+
+extern BI_operational ldbm_back_operational;
+extern BI_has_subordinates ldbm_back_hasSubordinates;
+
+/* hooks for slap tools */
+extern BI_tool_entry_open ldbm_tool_entry_open;
+extern BI_tool_entry_close ldbm_tool_entry_close;
+extern BI_tool_entry_first ldbm_tool_entry_first;
+extern BI_tool_entry_next ldbm_tool_entry_next;
+extern BI_tool_entry_get ldbm_tool_entry_get;
+extern BI_tool_entry_put ldbm_tool_entry_put;
+
+extern BI_tool_entry_reindex ldbm_tool_entry_reindex;
+extern BI_tool_sync ldbm_tool_sync;
+
+extern BI_chk_referrals ldbm_back_referrals;
+
+LDAP_END_DECL
+
+#endif /* _PROTO_BACK_LDBM */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/referral.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/referral.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/referral.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,127 @@
+/* referral.c - LDBM backend referral handler */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/referral.c,v 1.24.2.4 2007/01/02 21:44:03 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+
+int
+ldbm_back_referrals(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
+ Entry *e, *matched;
+ int rc = LDAP_SUCCESS;
+
+ if( op->o_tag == LDAP_REQ_SEARCH ) {
+ /* let search take care of itself */
+ return LDAP_SUCCESS;
+ }
+
+ if( get_manageDSAit( op ) ) {
+ /* let op take care of DSA management */
+ return LDAP_SUCCESS;
+ }
+
+ /* grab giant lock for reading */
+ ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
+
+ /* get entry with reader lock */
+ e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched );
+ if ( e == NULL ) {
+ if ( matched != NULL ) {
+ rs->sr_matched = ch_strdup( matched->e_dn );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
+ op->o_tag, op->o_req_dn.bv_val, rs->sr_matched );
+
+ if ( is_entry_referral( matched ) ) {
+ rc = rs->sr_err = LDAP_OTHER;
+ rs->sr_ref = get_entry_referrals( op, matched );
+ }
+
+ cache_return_entry_r( &li->li_cache, matched );
+
+ } else if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) && default_referral != NULL ) {
+ rc = rs->sr_err = LDAP_OTHER;
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ }
+
+ ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
+
+ if ( rs->sr_ref != NULL ) {
+ /* send referrals */
+ rc = rs->sr_err = LDAP_REFERRAL;
+
+ } else {
+ rs->sr_text = rs->sr_matched ? "bad referral object" : "bad default referral";
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ }
+
+ if ( rs->sr_matched ) free( (char *)rs->sr_matched );
+ if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
+ rs->sr_text = NULL;
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+
+ return rc;
+ }
+
+ if ( is_entry_referral( e ) ) {
+ /* entry is a referral */
+ BerVarray refs = get_entry_referrals( op, e );
+ rs->sr_ref = referral_rewrite(
+ refs, &e->e_name, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
+ op->o_tag, op->o_req_dn.bv_val, e->e_dn );
+
+ rs->sr_matched = e->e_name.bv_val;
+ if( rs->sr_ref != NULL ) {
+ rc = rs->sr_err = LDAP_REFERRAL;
+ rs->sr_text = NULL;
+
+ } else {
+ rc = rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "bad referral object";
+ }
+ send_ldap_result( op, rs );
+
+ if ( refs != NULL ) ber_bvarray_free( refs );
+ rs->sr_err = rc;
+ rs->sr_ref = NULL;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ }
+
+ cache_return_entry_r( &li->li_cache, e );
+ ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/search.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/search.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/search.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,577 @@
+/* search.c - ldbm backend search function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/search.c,v 1.128.2.8 2007/01/02 21:44:03 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
+
+static ID_BLOCK *base_candidate(
+ Backend *be, Entry *e );
+
+static ID_BLOCK *search_candidates(
+ Operation *op, Entry *e, Filter *filter,
+ int scope, int deref, int manageDSAit );
+
+
+int
+ldbm_back_search(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
+ int rc;
+ time_t stoptime;
+ ID_BLOCK *candidates;
+ ID id, cursor;
+ Entry *e;
+ Entry *matched = NULL;
+ struct berval realbase = BER_BVNULL;
+ int manageDSAit = get_manageDSAit( op );
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ slap_mask_t mask;
+#endif
+
+ Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
+
+ /* grab giant lock for reading */
+ ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
+
+ if ( op->o_req_ndn.bv_len == 0 ) {
+ /* DIT root special case */
+ e = (Entry *) &slap_entry_root;
+
+ /* need normalized dn below */
+ ber_dupbv( &realbase, &e->e_nname );
+
+ candidates = search_candidates( op, e, op->ors_filter,
+ op->ors_scope, op->ors_deref,
+ manageDSAit || get_domainScope(op) );
+
+ goto searchit;
+
+ } else if ( op->ors_deref & LDAP_DEREF_FINDING ) {
+ /* deref dn and get entry with reader lock */
+ e = deref_dn_r( op->o_bd, &op->o_req_ndn,
+ &rs->sr_err, &matched, &rs->sr_text );
+
+ if( rs->sr_err == LDAP_NO_SUCH_OBJECT ) rs->sr_err = LDAP_REFERRAL;
+
+ } else {
+ /* get entry with reader lock */
+ e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched );
+ rs->sr_err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
+ rs->sr_text = NULL;
+ }
+
+ if ( e == NULL ) {
+ struct berval matched_dn = BER_BVNULL;
+
+ if ( matched != NULL ) {
+ BerVarray erefs = NULL;
+
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( ! access_allowed( op, matched,
+ slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ ber_dupbv( &matched_dn, &matched->e_name );
+
+ erefs = is_entry_referral( matched )
+ ? get_entry_referrals( op, matched )
+ : NULL;
+ }
+
+ cache_return_entry_r( &li->li_cache, matched );
+
+ if ( erefs ) {
+ rs->sr_ref = referral_rewrite( erefs, &matched_dn,
+ &op->o_req_dn, op->ors_scope );
+
+ ber_bvarray_free( erefs );
+ }
+
+ } else {
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, op->ors_scope );
+ }
+
+ ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
+
+ rs->sr_matched = matched_dn.bv_val;
+ send_ldap_result( op, rs );
+
+ ber_bvarray_free( rs->sr_ref );
+ ber_memfree( matched_dn.bv_val );
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+ return rs->sr_err;
+ }
+
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* NOTE: __NEW__ "search" access is required
+ * on searchBase object */
+ if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_SEARCH, NULL, &mask ) )
+ {
+ if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ }
+
+ cache_return_entry_r( &li->li_cache, e );
+ ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
+
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
+ if ( !manageDSAit && is_entry_referral( e ) ) {
+ /* entry is a referral, don't allow add */
+ struct berval matched_dn = BER_BVNULL;
+ BerVarray erefs = NULL;
+
+ rs->sr_ref = NULL;
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "bad referral object";
+
+ ber_dupbv( &matched_dn, &e->e_name );
+ erefs = get_entry_referrals( op, e );
+
+ cache_return_entry_r( &li->li_cache, e );
+ ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
+
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_search: entry is referral\n",
+ 0, 0, 0 );
+
+ if ( erefs ) {
+ rs->sr_ref = referral_rewrite( erefs, &matched_dn,
+ &op->o_req_dn, op->ors_scope );
+
+ ber_bvarray_free( erefs );
+
+ if ( rs->sr_ref ) {
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_text = NULL;
+ }
+ }
+
+ rs->sr_matched = matched_dn.bv_val;
+ send_ldap_result( op, rs );
+ ber_bvarray_free( rs->sr_ref );
+ ber_memfree( matched_dn.bv_val );
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+ return rs->sr_err;
+ }
+
+ if ( is_entry_alias( e ) ) {
+ /* don't deref */
+ op->ors_deref = LDAP_DEREF_NEVER;
+ }
+
+ if ( op->ors_scope == LDAP_SCOPE_BASE ) {
+ candidates = base_candidate( op->o_bd, e );
+
+ } else {
+ candidates = search_candidates( op, e, op->ors_filter,
+ op->ors_scope, op->ors_deref, manageDSAit );
+ }
+
+ /* need normalized dn below */
+ ber_dupbv( &realbase, &e->e_nname );
+
+ cache_return_entry_r( &li->li_cache, e );
+
+searchit:
+ if ( candidates == NULL ) {
+ /* no candidates */
+ Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
+ 0, 0, 0 );
+
+ rs->sr_err = LDAP_SUCCESS;
+ send_ldap_result( op, rs );
+
+ rc = LDAP_SUCCESS;
+ goto done;
+ }
+
+ /* if candidates exceed to-be-checked entries, abort */
+ if ( op->ors_limit /* isroot == FALSE */
+ && op->ors_limit->lms_s_unchecked != -1
+ && ID_BLOCK_NIDS( candidates ) > (unsigned) op->ors_limit->lms_s_unchecked )
+ {
+ send_ldap_error( op, rs, LDAP_ADMINLIMIT_EXCEEDED, NULL );
+ rc = LDAP_SUCCESS;
+ goto done;
+ }
+
+ /* compute it anyway; root does not use it */
+ stoptime = op->o_time + op->ors_tlimit;
+ rs->sr_attrs = op->ors_attrs;
+
+ for ( id = idl_firstid( candidates, &cursor ); id != NOID;
+ id = idl_nextid( candidates, &cursor ) )
+ {
+ int scopeok = 0;
+ int result = 0;
+
+ /* check for abandon */
+ if ( op->o_abandon ) {
+ rc = SLAPD_ABANDON;
+ goto done;
+ }
+
+ /* check time limit */
+ if ( op->ors_tlimit != SLAP_NO_LIMIT
+ && slap_get_time() > stoptime )
+ {
+ rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
+ send_ldap_result( op, rs );
+ rc = LDAP_SUCCESS;
+ goto done;
+ }
+
+ /* get the entry with reader lock */
+ e = id2entry_r( op->o_bd, id );
+
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_search: candidate %ld not found\n",
+ id, 0, 0 );
+
+ goto loop_continue;
+ }
+
+ rs->sr_entry = e;
+
+#ifdef LDBM_SUBENTRIES
+ if ( is_entry_subentry( e ) ) {
+ if( op->ors_scope != LDAP_SCOPE_BASE ) {
+ if(!get_subentries_visibility( op )) {
+ /* only subentries are visible */
+ goto loop_continue;
+ }
+ } else if ( get_subentries( op ) &&
+ !get_subentries_visibility( op ))
+ {
+ /* only subentries are visible */
+ goto loop_continue;
+ }
+ } else if ( get_subentries_visibility( op )) {
+ /* only subentries are visible */
+ goto loop_continue;
+ }
+#endif
+
+ if ( op->ors_deref & LDAP_DEREF_SEARCHING &&
+ is_entry_alias( e ) )
+ {
+ Entry *matched;
+ int err;
+ const char *text;
+
+ e = deref_entry_r( op->o_bd, e, &err, &matched, &text );
+
+ if( e == NULL ) {
+ e = matched;
+ goto loop_continue;
+ }
+
+ if( e->e_id == id ) {
+ /* circular loop */
+ goto loop_continue;
+ }
+
+ /* need to skip alias which deref into scope */
+ if( op->ors_scope == LDAP_SCOPE_ONELEVEL ) {
+ struct berval pdn;
+ dnParent( &e->e_nname, &pdn );
+ if ( ber_bvcmp( &pdn, &realbase ) ) {
+ goto loop_continue;
+ }
+
+ } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
+ /* alias is within scope */
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_search: alias \"%s\" in subtree\n",
+ e->e_dn, 0, 0 );
+
+ goto loop_continue;
+ }
+
+ rs->sr_entry = e;
+
+ scopeok = 1;
+ }
+
+ /*
+ * If it's a referral, add it to the list of referrals.
+ * Only do this for non-base searches, and don't check
+ * the filter explicitly here since it's only a candidate
+ * anyway.
+ */
+ if ( !manageDSAit && op->ors_scope != LDAP_SCOPE_BASE &&
+ is_entry_referral( e ) )
+ {
+ struct berval dn;
+
+ /* check scope */
+ if ( !scopeok && op->ors_scope == LDAP_SCOPE_ONELEVEL ) {
+ if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
+ dnParent( &e->e_nname, &dn );
+ scopeok = dn_match( &dn, &realbase );
+ } else {
+ scopeok = (realbase.bv_len == 0);
+ }
+
+ } else if ( !scopeok
+ && op->ors_scope == LDAP_SCOPE_SUBTREE )
+ {
+ scopeok = dnIsSuffix( &e->e_nname, &realbase );
+
+#ifdef LDAP_SCOPE_SUBORDINATE
+ } else if ( !scopeok
+ && op->ors_scope == LDAP_SCOPE_SUBORDINATE )
+ {
+ scopeok = !dn_match( &e->e_nname, &realbase )
+ && dnIsSuffix( &e->e_nname, &realbase );
+#endif
+
+ } else {
+ scopeok = 1;
+ }
+
+ if( scopeok ) {
+ BerVarray erefs = get_entry_referrals( op, e );
+ rs->sr_ref = referral_rewrite( erefs,
+ &e->e_name, NULL,
+ op->ors_scope == LDAP_SCOPE_ONELEVEL
+ ? LDAP_SCOPE_BASE
+ : LDAP_SCOPE_SUBTREE );
+
+ ber_bvarray_free( erefs );
+
+ send_search_reference( op, rs );
+
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_search: candidate referral %ld scope not okay\n",
+ id, 0, 0 );
+ }
+
+ goto loop_continue;
+ }
+
+ if ( !manageDSAit && is_entry_glue( e )) {
+ goto loop_continue;
+ }
+
+ /* if it matches the filter and scope, send it */
+ result = test_filter( op, e, op->ors_filter );
+
+ if ( result == LDAP_COMPARE_TRUE ) {
+ struct berval dn;
+
+ /* check scope */
+ if ( !scopeok && op->ors_scope == LDAP_SCOPE_ONELEVEL ) {
+ if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
+ dnParent( &e->e_nname, &dn );
+ scopeok = dn_match( &dn, &realbase );
+ } else {
+ scopeok = (realbase.bv_len == 0);
+ }
+
+ } else if ( !scopeok &&
+ op->ors_scope == LDAP_SCOPE_SUBTREE )
+ {
+ scopeok = dnIsSuffix( &e->e_nname, &realbase );
+
+ } else if ( !scopeok &&
+ op->ors_scope == LDAP_SCOPE_SUBORDINATE )
+ {
+ scopeok = !dn_match( &e->e_nname, &realbase )
+ && dnIsSuffix( &e->e_nname, &realbase );
+
+ } else {
+ scopeok = 1;
+ }
+
+ if ( scopeok ) {
+ if (e) {
+ rs->sr_flags = 0;
+ rs->sr_err = send_search_entry( op, rs );
+
+ switch ( rs->sr_err ) {
+ case LDAP_UNAVAILABLE: /* connection closed */
+ cache_return_entry_r( &li->li_cache, e );
+ rc = LDAP_SUCCESS;
+ goto done;
+ case LDAP_SIZELIMIT_EXCEEDED:
+ cache_return_entry_r( &li->li_cache, e );
+ rc = rs->sr_err;
+ rs->sr_entry = NULL;
+ send_ldap_result( op, rs );
+ rc = LDAP_SUCCESS;
+ goto done;
+ }
+ }
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_search: candidate entry %ld scope not okay\n",
+ id, 0, 0 );
+ }
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_search: candidate entry %ld does not match filter\n",
+ id, 0, 0 );
+ }
+
+loop_continue:
+ if( e != NULL ) {
+ /* free reader lock */
+ cache_return_entry_r( &li->li_cache, e );
+ }
+
+ ldap_pvt_thread_yield();
+ }
+
+ rs->sr_err = rs->sr_v2ref ? LDAP_REFERRAL : LDAP_SUCCESS;
+ rs->sr_ref = rs->sr_v2ref;
+ send_ldap_result( op, rs );
+
+ rc = LDAP_SUCCESS;
+
+done:
+ ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
+
+ if( candidates != NULL )
+ idl_free( candidates );
+
+ if( rs->sr_v2ref ) ber_bvarray_free( rs->sr_v2ref );
+ if( realbase.bv_val ) free( realbase.bv_val );
+
+ return rc;
+}
+
+static ID_BLOCK *
+base_candidate(
+ Backend *be,
+ Entry *e )
+{
+ ID_BLOCK *idl;
+
+ Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
+ e->e_dn, 0, 0);
+
+
+ idl = idl_alloc( 1 );
+ idl_insert( &idl, e->e_id, 1 );
+
+ return( idl );
+}
+
+static ID_BLOCK *
+search_candidates(
+ Operation *op,
+ Entry *e,
+ Filter *filter,
+ int scope,
+ int deref,
+ int manageDSAit )
+{
+ ID_BLOCK *candidates;
+ Filter f, fand, rf, af, xf;
+ AttributeAssertion aa_ref, aa_alias;
+ struct berval bv_ref = { sizeof("referral")-1, "referral" };
+ struct berval bv_alias = { sizeof("alias")-1, "alias" };
+#ifdef LDBM_SUBENTRIES
+ Filter sf;
+ AttributeAssertion aa_subentry;
+#endif
+
+ Debug(LDAP_DEBUG_TRACE,
+ "search_candidates: base=\"%s\" s=%d d=%d\n",
+ e->e_ndn, scope, deref );
+
+
+ xf.f_or = filter;
+ xf.f_choice = LDAP_FILTER_OR;
+ xf.f_next = NULL;
+
+ if( !manageDSAit ) {
+ /* match referrals */
+ rf.f_choice = LDAP_FILTER_EQUALITY;
+ rf.f_ava = &aa_ref;
+ rf.f_av_desc = slap_schema.si_ad_objectClass;
+ rf.f_av_value = bv_ref;
+ rf.f_next = xf.f_or;
+ xf.f_or = &rf;
+ }
+
+ if( deref & LDAP_DEREF_SEARCHING ) {
+ /* match aliases */
+ af.f_choice = LDAP_FILTER_EQUALITY;
+ af.f_ava = &aa_alias;
+ af.f_av_desc = slap_schema.si_ad_objectClass;
+ af.f_av_value = bv_alias;
+ af.f_next = xf.f_or;
+ xf.f_or = ⁡
+ }
+
+ f.f_next = NULL;
+ f.f_choice = LDAP_FILTER_AND;
+ f.f_and = &fand;
+ fand.f_choice = scope == LDAP_SCOPE_ONELEVEL
+ ? SLAPD_FILTER_DN_ONE
+ : SLAPD_FILTER_DN_SUBTREE;
+ fand.f_dn = &e->e_nname;
+ fand.f_next = xf.f_or == filter ? filter : &xf ;
+
+#ifdef LDBM_SUBENTRIES
+ if ( get_subentries_visibility( op )) {
+ struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" };
+ sf.f_choice = LDAP_FILTER_EQUALITY;
+ sf.f_ava = &aa_subentry;
+ sf.f_av_desc = slap_schema.si_ad_objectClass;
+ sf.f_av_value = bv_subentry;
+ sf.f_next = fand.f_next;
+ fand.f_next = &sf;
+ }
+#endif
+
+ candidates = filter_candidates( op, &f );
+ return( candidates );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/tools.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/tools.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldbm/tools.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,316 @@
+/* tools.c - tools for slap tools */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/tools.c,v 1.43.2.5 2007/01/02 21:44:03 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldbm.h"
+
+static LDBMCursor *cursorp = NULL;
+static DBCache *id2entry = NULL;
+
+int ldbm_tool_entry_open(
+ BackendDB *be, int mode )
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+ int flags;
+
+ assert( slapMode & SLAP_TOOL_MODE );
+ assert( id2entry == NULL );
+
+ switch( mode ) {
+ case 1:
+ flags = LDBM_WRCREAT;
+ break;
+ case 2:
+#ifdef TRUNCATE_MODE
+ flags = LDBM_NEWDB;
+#else
+ flags = LDBM_WRCREAT;
+#endif
+ break;
+ default:
+ flags = LDBM_READER;
+ }
+
+ li->li_dbwritesync = 0;
+
+ if ( (id2entry = ldbm_cache_open( be, "id2entry", LDBM_SUFFIX, flags ))
+ == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Could not open/create id2entry" LDBM_SUFFIX "\n",
+ 0, 0, 0 );
+
+ return( -1 );
+ }
+
+ return 0;
+}
+
+int ldbm_tool_entry_close(
+ BackendDB *be )
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+
+ assert( slapMode & SLAP_TOOL_MODE );
+ assert( id2entry != NULL );
+
+ ldbm_cache_close( be, id2entry );
+ li->li_dbwritesync = 1;
+ id2entry = NULL;
+
+ return 0;
+}
+
+ID ldbm_tool_entry_first(
+ BackendDB *be )
+{
+ Datum key;
+ ID id;
+
+ assert( slapMode & SLAP_TOOL_MODE );
+ assert( id2entry != NULL );
+
+ key = ldbm_firstkey( id2entry->dbc_db, &cursorp );
+
+ if( key.dptr == NULL ) {
+ return NOID;
+ }
+
+ AC_MEMCPY( &id, key.dptr, key.dsize );
+#ifndef WORDS_BIGENDIAN
+ id = ntohl( id );
+#endif
+
+ ldbm_datum_free( id2entry->dbc_db, key );
+
+ return id;
+}
+
+ID ldbm_tool_entry_next(
+ BackendDB *be )
+{
+ Datum key;
+ ID id;
+
+ assert( slapMode & SLAP_TOOL_MODE );
+ assert( id2entry != NULL );
+
+ /* allow for NEXTID */
+ ldbm_datum_init( key );
+
+ key = ldbm_nextkey( id2entry->dbc_db, key, cursorp );
+
+ if( key.dptr == NULL ) {
+ return NOID;
+ }
+
+ AC_MEMCPY( &id, key.dptr, key.dsize );
+#ifndef WORDS_BIGENDIAN
+ id = ntohl( id );
+#endif
+
+ ldbm_datum_free( id2entry->dbc_db, key );
+
+ return id;
+}
+
+Entry* ldbm_tool_entry_get( BackendDB *be, ID id )
+{
+ Entry *e;
+ Datum key, data;
+#ifndef WORDS_BIGENDIAN
+ ID id2;
+#endif
+ assert( slapMode & SLAP_TOOL_MODE );
+ assert( id2entry != NULL );
+
+ ldbm_datum_init( key );
+
+#ifndef WORDS_BIGENDIAN
+ id2 = htonl( id );
+ key.dptr = (char *) &id2;
+#else
+ key.dptr = (char *) &id;
+#endif
+ key.dsize = sizeof(ID);
+
+ data = ldbm_cache_fetch( id2entry, key );
+
+ if ( data.dptr == NULL ) {
+ return NULL;
+ }
+
+ e = str2entry2( data.dptr, 0 );
+ ldbm_datum_free( id2entry->dbc_db, data );
+
+ if( e != NULL ) {
+ e->e_id = id;
+ }
+
+ return e;
+}
+
+ID ldbm_tool_entry_put(
+ BackendDB *be,
+ Entry *e,
+ struct berval *text )
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+ Datum key, data;
+ int rc, len;
+ ID id;
+ Operation op = {0};
+ Opheader ohdr = {0};
+
+ assert( slapMode & SLAP_TOOL_MODE );
+ assert( id2entry != NULL );
+
+ assert( text != NULL );
+ assert( text->bv_val != NULL );
+ assert( text->bv_val[0] == '\0' ); /* overconservative? */
+
+ if ( next_id_get( be, &id ) || id == NOID ) {
+ strncpy( text->bv_val, "unable to get nextid", text->bv_len );
+ return NOID;
+ }
+
+ e->e_id = li->li_nextid++;
+
+ Debug( LDAP_DEBUG_TRACE, "=> ldbm_tool_entry_put( %ld, \"%s\" )\n",
+ e->e_id, e->e_dn, 0 );
+
+ if ( dn2id( be, &e->e_nname, &id ) ) {
+ /* something bad happened to ldbm cache */
+ strncpy( text->bv_val, "ldbm cache corrupted", text->bv_len );
+ return NOID;
+ }
+
+ if( id != NOID ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= ldbm_tool_entry_put: \"%s\" already exists (id=%ld)\n",
+ e->e_ndn, id, 0 );
+ strncpy( text->bv_val, "already exists", text->bv_len );
+ return NOID;
+ }
+
+ op.o_hdr = &ohdr;
+ op.o_bd = be;
+ op.o_tmpmemctx = NULL;
+ op.o_tmpmfuncs = &ch_mfuncs;
+
+ rc = index_entry_add( &op, e );
+ if( rc != 0 ) {
+ strncpy( text->bv_val, "index add failed", text->bv_len );
+ return NOID;
+ }
+
+ rc = dn2id_add( be, &e->e_nname, e->e_id );
+ if( rc != 0 ) {
+ strncpy( text->bv_val, "dn2id add failed", text->bv_len );
+ return NOID;
+ }
+
+ ldbm_datum_init( key );
+ ldbm_datum_init( data );
+
+#ifndef WORDS_BIGENDIAN
+ id = htonl( e->e_id );
+ key.dptr = (char *) &id;
+#else
+ key.dptr = (char *) &e->e_id;
+#endif
+ key.dsize = sizeof(ID);
+
+ data.dptr = entry2str( e, &len );
+ data.dsize = len + 1;
+
+ /* store it */
+ rc = ldbm_cache_store( id2entry, key, data, LDBM_REPLACE );
+
+ if( rc != 0 ) {
+ (void) dn2id_delete( be, &e->e_nname, e->e_id );
+ strncpy( text->bv_val, "cache store failed", text->bv_len );
+ return NOID;
+ }
+
+ return e->e_id;
+}
+
+int ldbm_tool_entry_reindex(
+ BackendDB *be,
+ ID id )
+{
+ int rc;
+ Entry *e;
+ Operation op = {0};
+ Opheader ohdr = {0};
+
+ Debug( LDAP_DEBUG_ARGS, "=> ldbm_tool_entry_reindex( %ld )\n",
+ (long) id, 0, 0 );
+
+
+ e = ldbm_tool_entry_get( be, id );
+
+ if( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "ldbm_tool_entry_reindex:: could not locate id=%ld\n",
+ (long) id, 0, 0 );
+
+ return -1;
+ }
+
+ /*
+ * just (re)add them for now
+ * assume that some other routine (not yet implemented)
+ * will zap index databases
+ *
+ */
+
+ Debug( LDAP_DEBUG_TRACE, "=> ldbm_tool_entry_reindex( %ld, \"%s\" )\n",
+ id, e->e_dn, 0 );
+
+ dn2id_add( be, &e->e_nname, e->e_id );
+
+ op.o_hdr = &ohdr;
+ op.o_bd = be;
+ op.o_tmpmemctx = NULL;
+ op.o_tmpmfuncs = &ch_mfuncs;
+ rc = index_entry_add( &op, e );
+
+ entry_free( e );
+
+ return rc;
+}
+
+int ldbm_tool_sync( BackendDB *be )
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+
+ assert( slapMode & SLAP_TOOL_MODE );
+
+ if ( li->li_nextid != NOID ) {
+ if ( next_id_write( be, li->li_nextid ) ) {
+ return( -1 );
+ }
+ }
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldif/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldif/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldif/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,41 @@
+# Makefile.in for back-ldif
+# $OpenLDAP: pkg/ldap/servers/slapd/back-ldif/Makefile.in,v 1.1.2.4 2007/01/02 21:44:03 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2005-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SRCS = ldif.c
+OBJS = ldif.lo
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-ldif"
+BUILD_MOD = yes
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(yes_DEFS)
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+
+LIBBASE = back_ldif
+
+XINCPATH = -I.. -I$(srcdir)/..
+XDEFS = $(MODULES_CPPFLAGS)
+
+all-local-lib: ../.backend
+
+../.backend: lib$(LIBBASE).a
+ @touch $@
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-ldif/ldif.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-ldif/ldif.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-ldif/ldif.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1327 @@
+/* ldif.c - the ldif backend */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldif/ldif.c,v 1.1.2.22 2007/01/02 21:44:03 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by Eric Stokes for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+#include <stdio.h>
+#include <ac/string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <ac/dirent.h>
+#include <fcntl.h>
+#include <ac/errno.h>
+#include <ac/unistd.h>
+#include "slap.h"
+#include "lutil.h"
+#include "config.h"
+
+typedef struct enumCookie {
+ Operation *op;
+ SlapReply *rs;
+ Entry **entries;
+ int elen;
+ int eind;
+} enumCookie;
+
+struct ldif_info {
+ struct berval li_base_path;
+ enumCookie li_tool_cookie;
+ ID li_tool_current;
+ ldap_pvt_thread_rdwr_t li_rdwr;
+};
+
+#ifdef _WIN32
+#define mkdir(a,b) mkdir(a)
+#endif
+
+#define LDIF ".ldif"
+
+#define IX_DNL '{'
+#define IX_DNR '}'
+#ifndef IX_FSL
+#define IX_FSL IX_DNL
+#define IX_FSR IX_DNR
+#endif
+
+#define ENTRY_BUFF_INCREMENT 500
+
+static ConfigTable ldifcfg[] = {
+ { "directory", "dir", 2, 2, 0, ARG_BERVAL|ARG_OFFSET,
+ (void *)offsetof(struct ldif_info, li_base_path),
+ "( OLcfgDbAt:0.1 NAME 'olcDbDirectory' "
+ "DESC 'Directory for database content' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { NULL, NULL, 0, 0, 0, ARG_IGNORED,
+ NULL, NULL, NULL, NULL }
+};
+
+static ConfigOCs ldifocs[] = {
+ { "( OLcfgDbOc:2.1 "
+ "NAME 'olcLdifConfig' "
+ "DESC 'LDIF backend configuration' "
+ "SUP olcDatabaseConfig "
+ "MUST ( olcDbDirectory ) )", Cft_Database, ldifcfg },
+ { NULL, 0, NULL }
+};
+
+static void
+dn2path(struct berval * dn, struct berval * suffixdn, struct berval * base_path,
+ struct berval *res)
+{
+ char *ptr, *sep, *end;
+
+ assert( dn != NULL );
+ assert( !BER_BVISNULL( dn ) );
+ assert( suffixdn != NULL );
+ assert( !BER_BVISNULL( suffixdn ) );
+ assert( dnIsSuffix( dn, suffixdn ) );
+
+ res->bv_len = dn->bv_len + base_path->bv_len + 1 + STRLENOF( LDIF );
+ res->bv_val = ch_malloc( res->bv_len + 1 );
+ ptr = lutil_strcopy( res->bv_val, base_path->bv_val );
+ *ptr++ = LDAP_DIRSEP[0];
+ ptr = lutil_strcopy( ptr, suffixdn->bv_val );
+ end = dn->bv_val + dn->bv_len - suffixdn->bv_len - 1;
+ while ( end > dn->bv_val ) {
+ for (sep = end-1; sep >=dn->bv_val && !DN_SEPARATOR( *sep ); sep--);
+ *ptr++ = LDAP_DIRSEP[0];
+ ptr = lutil_strncopy( ptr, sep+1, end-sep-1 );
+ end = sep;
+ }
+ strcpy(ptr, LDIF);
+#if IX_FSL != IX_DNL
+ ptr = res->bv_val;
+ while( ptr=strchr(ptr, IX_DNL) ) {
+ *ptr++ = IX_FSL;
+ ptr = strchr(ptr, IX_DNR);
+ if ( ptr )
+ *ptr++ = IX_FSR;
+ else
+ break;
+ }
+#endif
+}
+
+static char * slurp_file(int fd) {
+ int read_chars_total = 0;
+ int read_chars = 0;
+ int entry_size;
+ char * entry;
+ char * entry_pos;
+ struct stat st;
+
+ fstat(fd, &st);
+ entry_size = st.st_size;
+ entry = ch_malloc( entry_size+1 );
+ entry_pos = entry;
+
+ while(1) {
+ read_chars = read(fd, (void *) entry_pos, entry_size - read_chars_total);
+ if(read_chars == -1) {
+ SLAP_FREE(entry);
+ return NULL;
+ }
+ if(read_chars == 0) {
+ entry[read_chars_total] = '\0';
+ break;
+ }
+ else {
+ read_chars_total += read_chars;
+ entry_pos += read_chars;
+ }
+ }
+ return entry;
+}
+
+static int spew_file(int fd, char * spew, int len) {
+ int writeres = 0;
+
+ while(len > 0) {
+ writeres = write(fd, spew, len);
+ if(writeres == -1) {
+ Debug( LDAP_DEBUG_ANY, "could not spew write: %s\n",
+ STRERROR( errno ), 0, 0 );
+ return -1;
+ }
+ else {
+ spew += writeres;
+ len -= writeres;
+ }
+ }
+ return writeres;
+}
+
+static int spew_entry(Entry * e, struct berval * path) {
+ int rs;
+ int openres;
+ int spew_res;
+ int entry_length;
+ char * entry_as_string;
+
+ openres = open(path->bv_val, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR | S_IWUSR);
+ if(openres == -1) {
+ if(errno == ENOENT)
+ rs = LDAP_NO_SUCH_OBJECT;
+ else
+ rs = LDAP_UNWILLING_TO_PERFORM;
+ Debug( LDAP_DEBUG_ANY, "could not open \"%s\": %s\n",
+ path->bv_val, STRERROR( errno ), 0 );
+ }
+ else {
+ struct berval rdn;
+ int tmp;
+
+ /* Only save the RDN onto disk */
+ dnRdn( &e->e_name, &rdn );
+ if ( rdn.bv_len != e->e_name.bv_len ) {
+ e->e_name.bv_val[rdn.bv_len] = '\0';
+ tmp = e->e_name.bv_len;
+ e->e_name.bv_len = rdn.bv_len;
+ rdn.bv_len = tmp;
+ }
+
+ entry_as_string = entry2str(e, &entry_length);
+
+ /* Restore full DN */
+ if ( rdn.bv_len != e->e_name.bv_len ) {
+ e->e_name.bv_val[e->e_name.bv_len] = ',';
+ e->e_name.bv_len = rdn.bv_len;
+ }
+
+ if(entry_as_string == NULL) {
+ rs = LDAP_UNWILLING_TO_PERFORM;
+ close(openres);
+ }
+ else {
+ spew_res = spew_file(openres, entry_as_string, entry_length);
+ close(openres);
+ if(spew_res == -1)
+ rs = LDAP_UNWILLING_TO_PERFORM;
+ else
+ rs = LDAP_SUCCESS;
+ }
+ }
+ return rs;
+}
+
+static Entry * get_entry_for_fd(int fd,
+ struct berval *pdn,
+ struct berval *pndn)
+{
+ char * entry = (char *) slurp_file(fd);
+ Entry * ldentry = NULL;
+
+ /* error reading file */
+ if(entry == NULL) {
+ goto return_value;
+ }
+
+ ldentry = str2entry(entry);
+ if ( ldentry ) {
+ struct berval rdn;
+ rdn = ldentry->e_name;
+ build_new_dn( &ldentry->e_name, pdn, &rdn, NULL );
+ ch_free( rdn.bv_val );
+ rdn = ldentry->e_nname;
+ build_new_dn( &ldentry->e_nname, pndn, &rdn, NULL );
+ ch_free( rdn.bv_val );
+ }
+
+ return_value:
+ if(fd != -1) {
+ if(close(fd) != 0) {
+ /* log error */
+ }
+ }
+ if(entry != NULL)
+ SLAP_FREE(entry);
+ return ldentry;
+}
+
+static Entry * get_entry(Operation *op, struct berval *base_path) {
+ struct berval path, pdn, pndn;
+ int fd;
+
+ dnParent(&op->o_req_dn, &pdn);
+ dnParent(&op->o_req_ndn, &pndn);
+ dn2path(&op->o_req_ndn, op->o_bd->be_nsuffix, base_path, &path);
+ fd = open(path.bv_val, O_RDONLY);
+ /* error opening file (mebbe should log error) */
+ if ( fd == -1 && ( errno != ENOENT || op->o_tag != LDAP_REQ_ADD ) ) {
+ Debug( LDAP_DEBUG_ANY, "failed to open file \"%s\": %s\n",
+ path.bv_val, STRERROR(errno), 0 );
+ }
+
+ if(path.bv_val != NULL)
+ SLAP_FREE(path.bv_val);
+
+ if ( fd != -1 ) {
+ return get_entry_for_fd(fd, &pdn, &pndn);
+ }
+
+ return NULL;
+}
+
+static void fullpath(struct berval *base, struct berval *name, struct berval *res) {
+ char *ptr;
+ res->bv_len = name->bv_len + base->bv_len + 1;
+ res->bv_val = ch_malloc( res->bv_len + 1 );
+ strcpy(res->bv_val, base->bv_val);
+ ptr = res->bv_val + base->bv_len;
+ *ptr++ = LDAP_DIRSEP[0];
+ strcpy(ptr, name->bv_val);
+}
+
+typedef struct bvlist {
+ struct bvlist *next;
+ struct berval bv;
+ struct berval num;
+ unsigned int inum;
+ int off;
+} bvlist;
+
+
+static int r_enum_tree(enumCookie *ck, struct berval *path,
+ struct berval *pdn, struct berval *pndn)
+{
+ Entry *e;
+ int fd, rc = LDAP_SUCCESS;
+
+ fd = open( path->bv_val, O_RDONLY );
+ if ( fd < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "=> ldif_enum_tree: failed to open %s: %s\n",
+ path->bv_val, STRERROR(errno), 0 );
+ return LDAP_NO_SUCH_OBJECT;
+ }
+
+ e = get_entry_for_fd(fd, pdn, pndn);
+ if ( !e ) {
+ Debug( LDAP_DEBUG_ANY,
+ "=> ldif_enum_tree: failed to read entry for %s\n",
+ path->bv_val, 0, 0 );
+ return LDAP_BUSY;
+ }
+
+ if ( ck->op->ors_scope == LDAP_SCOPE_BASE ||
+ ck->op->ors_scope == LDAP_SCOPE_SUBTREE ) {
+ /* Send right away? */
+ if ( ck->rs ) {
+ /*
+ * if it's a referral, add it to the list of referrals. only do
+ * this for non-base searches, and don't check the filter
+ * explicitly here since it's only a candidate anyway.
+ */
+ if ( !get_manageDSAit( ck->op )
+ && ck->op->ors_scope != LDAP_SCOPE_BASE
+ && is_entry_referral( e ) )
+ {
+ BerVarray erefs = get_entry_referrals( ck->op, e );
+ ck->rs->sr_ref = referral_rewrite( erefs,
+ &e->e_name, NULL,
+ ck->op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL
+ ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
+
+ ck->rs->sr_entry = e;
+ rc = send_search_reference( ck->op, ck->rs );
+ ber_bvarray_free( ck->rs->sr_ref );
+ ber_bvarray_free( erefs );
+ ck->rs->sr_ref = NULL;
+ ck->rs->sr_entry = NULL;
+
+ } else if ( test_filter( ck->op, e, ck->op->ors_filter ) == LDAP_COMPARE_TRUE )
+ {
+ ck->rs->sr_entry = e;
+ ck->rs->sr_attrs = ck->op->ors_attrs;
+ ck->rs->sr_flags = REP_ENTRY_MODIFIABLE;
+ rc = send_search_entry(ck->op, ck->rs);
+ ck->rs->sr_entry = NULL;
+ }
+ fd = 1;
+ if ( rc )
+ goto done;
+ } else {
+ /* Queueing up for tool mode */
+ if(ck->entries == NULL) {
+ ck->entries = (Entry **) ch_malloc(sizeof(Entry *) * ENTRY_BUFF_INCREMENT);
+ ck->elen = ENTRY_BUFF_INCREMENT;
+ }
+ if(ck->eind >= ck->elen) { /* grow entries if necessary */
+ ck->entries = (Entry **) ch_realloc(ck->entries, sizeof(Entry *) * (ck->elen) * 2);
+ ck->elen *= 2;
+ }
+
+ ck->entries[ck->eind++] = e;
+ fd = 0;
+ }
+ } else {
+ fd = 1;
+ }
+
+ if ( ck->op->ors_scope != LDAP_SCOPE_BASE ) {
+ DIR * dir_of_path;
+ bvlist *list = NULL, *ptr;
+
+ path->bv_len -= STRLENOF( LDIF );
+ path->bv_val[path->bv_len] = '\0';
+
+ dir_of_path = opendir(path->bv_val);
+ if(dir_of_path == NULL) { /* can't open directory */
+ if ( errno != ENOENT ) {
+ /* it shouldn't be treated as an error
+ * only if the directory doesn't exist */
+ rc = LDAP_BUSY;
+ Debug( LDAP_DEBUG_ANY,
+ "=> ldif_enum_tree: failed to opendir %s (%d)\n",
+ path->bv_val, errno, 0 );
+ }
+ goto done;
+ }
+
+ while(1) {
+ struct berval fname, itmp;
+ struct dirent * dir;
+ bvlist *bvl, **prev;
+
+ dir = readdir(dir_of_path);
+ if(dir == NULL) break; /* end of the directory */
+ fname.bv_len = strlen( dir->d_name );
+ if ( fname.bv_len <= STRLENOF( LDIF ))
+ continue;
+ if ( strcmp( dir->d_name + (fname.bv_len - STRLENOF(LDIF)), LDIF))
+ continue;
+ fname.bv_val = dir->d_name;
+
+ bvl = ch_malloc( sizeof(bvlist) );
+ ber_dupbv( &bvl->bv, &fname );
+ BER_BVZERO( &bvl->num );
+ itmp.bv_val = strchr( bvl->bv.bv_val, IX_FSL );
+ if ( itmp.bv_val ) {
+ char *ptr;
+ itmp.bv_val++;
+ ptr = strchr( itmp.bv_val, IX_FSR );
+ if ( ptr ) {
+ itmp.bv_len = ptr - itmp.bv_val;
+ ber_dupbv( &bvl->num, &itmp );
+ bvl->inum = strtol( itmp.bv_val, NULL, 0 );
+ itmp.bv_val[0] = '\0';
+ bvl->off = itmp.bv_val - bvl->bv.bv_val;
+ }
+ }
+
+ for (prev = &list; (ptr = *prev) != NULL; prev = &ptr->next) {
+ int cmp = strcmp( bvl->bv.bv_val, ptr->bv.bv_val );
+ if ( !cmp && bvl->num.bv_val )
+ cmp = bvl->inum - ptr->inum;
+ if ( cmp < 0 )
+ break;
+ }
+ *prev = bvl;
+ bvl->next = ptr;
+
+ }
+ closedir(dir_of_path);
+
+ if (ck->op->ors_scope == LDAP_SCOPE_ONELEVEL)
+ ck->op->ors_scope = LDAP_SCOPE_BASE;
+ else if ( ck->op->ors_scope == LDAP_SCOPE_SUBORDINATE)
+ ck->op->ors_scope = LDAP_SCOPE_SUBTREE;
+
+ while ( ( ptr = list ) ) {
+ struct berval fpath;
+
+ list = ptr->next;
+
+ if ( rc == LDAP_SUCCESS ) {
+ if ( ptr->num.bv_val )
+ AC_MEMCPY( ptr->bv.bv_val + ptr->off, ptr->num.bv_val,
+ ptr->num.bv_len );
+ fullpath( path, &ptr->bv, &fpath );
+ rc = r_enum_tree(ck, &fpath, &e->e_name, &e->e_nname );
+ free(fpath.bv_val);
+ }
+ if ( ptr->num.bv_val )
+ free( ptr->num.bv_val );
+ free(ptr->bv.bv_val);
+ free(ptr);
+ }
+ }
+done:
+ if ( fd ) entry_free( e );
+ return rc;
+}
+
+static int
+enum_tree(
+ enumCookie *ck
+)
+{
+ struct ldif_info *ni = (struct ldif_info *) ck->op->o_bd->be_private;
+ struct berval path;
+ struct berval pdn, pndn;
+ int rc;
+
+ dnParent( &ck->op->o_req_dn, &pdn );
+ dnParent( &ck->op->o_req_ndn, &pndn );
+ dn2path( &ck->op->o_req_ndn, &ck->op->o_bd->be_nsuffix[0], &ni->li_base_path, &path);
+ rc = r_enum_tree(ck, &path, &pdn, &pndn);
+ ch_free( path.bv_val );
+ return rc;
+}
+
+/* Get the parent path plus the LDIF suffix */
+static void get_parent_path(struct berval * dnpath, struct berval *res) {
+ int dnpathlen = dnpath->bv_len;
+ int i;
+
+ for(i = dnpathlen;i>0;i--) /* find the first path seperator */
+ if(dnpath->bv_val[i] == LDAP_DIRSEP[0])
+ break;
+ res->bv_len = i;
+ res->bv_val = ch_malloc( res->bv_len + 1 + STRLENOF(LDIF) );
+ strncpy(res->bv_val, dnpath->bv_val, i);
+ strcpy(res->bv_val+i, LDIF);
+ res->bv_val[i] = '\0';
+}
+
+static int apply_modify_to_entry(Entry * entry,
+ Modifications * modlist,
+ Operation * op,
+ SlapReply * rs)
+{
+ char textbuf[SLAP_TEXT_BUFLEN];
+ int rc = modlist ? LDAP_UNWILLING_TO_PERFORM : LDAP_SUCCESS;
+ int is_oc = 0;
+ Modification *mods = NULL;
+
+ if (!acl_check_modlist(op, entry, modlist)) {
+ return LDAP_INSUFFICIENT_ACCESS;
+ }
+
+ for (; modlist != NULL; modlist = modlist->sml_next) {
+ mods = &modlist->sml_mod;
+
+ if ( mods->sm_desc == slap_schema.si_ad_objectClass ) {
+ is_oc = 1;
+ }
+ switch (mods->sm_op) {
+ case LDAP_MOD_ADD:
+ rc = modify_add_values(entry, mods,
+ get_permissiveModify(op),
+ &rs->sr_text, textbuf,
+ sizeof( textbuf ) );
+ break;
+
+ case LDAP_MOD_DELETE:
+ rc = modify_delete_values(entry, mods,
+ get_permissiveModify(op),
+ &rs->sr_text, textbuf,
+ sizeof( textbuf ) );
+ break;
+
+ case LDAP_MOD_REPLACE:
+ rc = modify_replace_values(entry, mods,
+ get_permissiveModify(op),
+ &rs->sr_text, textbuf,
+ sizeof( textbuf ) );
+ break;
+
+ case LDAP_MOD_INCREMENT:
+ rc = modify_increment_values( entry,
+ mods, get_permissiveModify(op),
+ &rs->sr_text, textbuf,
+ sizeof( textbuf ) );
+ break;
+
+ break;
+
+ case SLAP_MOD_SOFTADD:
+ mods->sm_op = LDAP_MOD_ADD;
+ rc = modify_add_values(entry, mods,
+ get_permissiveModify(op),
+ &rs->sr_text, textbuf,
+ sizeof( textbuf ) );
+ mods->sm_op = SLAP_MOD_SOFTADD;
+ if (rc == LDAP_TYPE_OR_VALUE_EXISTS) {
+ rc = LDAP_SUCCESS;
+ }
+ break;
+ default:
+ break;
+ }
+ if(rc != LDAP_SUCCESS) break;
+ }
+
+ if(rc == LDAP_SUCCESS) {
+ if ( is_oc ) {
+ entry->e_ocflags = 0;
+ }
+ /* check that the entry still obeys the schema */
+ rc = entry_schema_check( op, entry, NULL, 0,
+ &rs->sr_text, textbuf, sizeof( textbuf ) );
+ }
+
+ return rc;
+}
+
+int
+ldif_back_referrals( Operation *op, SlapReply *rs )
+{
+ struct ldif_info *ni = NULL;
+ Entry *entry;
+ int rc = LDAP_SUCCESS;
+
+#if 0
+ if ( op->o_tag == LDAP_REQ_SEARCH ) {
+ /* let search take care of itself */
+ return rc;
+ }
+#endif
+
+ if ( get_manageDSAit( op ) ) {
+ /* let op take care of DSA management */
+ return rc;
+ }
+
+ ni = (struct ldif_info *)op->o_bd->be_private;
+ ldap_pvt_thread_rdwr_rlock( &ni->li_rdwr );
+ entry = (Entry *)get_entry( op, &ni->li_base_path );
+
+ /* no object is found for them */
+ if ( entry == NULL ) {
+ struct berval odn = op->o_req_dn;
+ struct berval ondn = op->o_req_ndn;
+
+ struct berval pndn = op->o_req_ndn;
+
+ for ( ; entry == NULL; ) {
+ dnParent( &pndn, &pndn );
+
+ if ( !dnIsSuffix( &pndn, &op->o_bd->be_nsuffix[0] ) ) {
+ break;
+ }
+
+ op->o_req_dn = pndn;
+ op->o_req_ndn = pndn;
+
+ entry = (Entry *)get_entry( op, &ni->li_base_path );
+ }
+
+ ldap_pvt_thread_rdwr_runlock( &ni->li_rdwr );
+
+ op->o_req_dn = odn;
+ op->o_req_ndn = ondn;
+
+ rc = LDAP_SUCCESS;
+ rs->sr_matched = NULL;
+ if ( entry != NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldif_back_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
+ (long) op->o_tag, op->o_req_dn.bv_val, entry->e_name.bv_val );
+
+ if ( is_entry_referral( entry ) ) {
+ rc = LDAP_OTHER;
+ rs->sr_ref = get_entry_referrals( op, entry );
+ if ( rs->sr_ref ) {
+ rs->sr_matched = ber_strdup_x(
+ entry->e_name.bv_val, op->o_tmpmemctx );
+ }
+ }
+
+ entry_free(entry);
+
+ } else if ( default_referral != NULL ) {
+ rc = LDAP_OTHER;
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ }
+
+ if ( rs->sr_ref != NULL ) {
+ /* send referrals */
+ rc = rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+
+ } else if ( rc != LDAP_SUCCESS ) {
+ rs->sr_err = rc;
+ rs->sr_text = rs->sr_matched ? "bad referral object" : NULL;
+ send_ldap_result( op, rs );
+ }
+
+ if ( rs->sr_matched ) {
+ op->o_tmpfree( (char *)rs->sr_matched, op->o_tmpmemctx );
+ rs->sr_matched = NULL;
+ }
+
+ return rc;
+ }
+
+ ldap_pvt_thread_rdwr_runlock( &ni->li_rdwr );
+
+ if ( is_entry_referral( entry ) ) {
+ /* entry is a referral */
+ BerVarray refs = get_entry_referrals( op, entry );
+ rs->sr_ref = referral_rewrite(
+ refs, &entry->e_name, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "ldif_back_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
+ (long) op->o_tag, op->o_req_dn.bv_val, entry->e_name.bv_val );
+
+ rs->sr_matched = entry->e_name.bv_val;
+ if ( rs->sr_ref != NULL ) {
+ rc = rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+
+ } else {
+ send_ldap_error( op, rs, LDAP_OTHER, "bad referral object" );
+ rc = rs->sr_err;
+ }
+
+ rs->sr_matched = NULL;
+ ber_bvarray_free( refs );
+ }
+
+ entry_free( entry );
+
+ return rc;
+}
+
+static int
+ldif_back_bind( Operation *op, SlapReply *rs )
+{
+ struct ldif_info *ni = NULL;
+ Attribute * a = NULL;
+ AttributeDescription *password = slap_schema.si_ad_userPassword;
+ int return_val = 0;
+ Entry * entry = NULL;
+
+ ni = (struct ldif_info *) op->o_bd->be_private;
+ ldap_pvt_thread_rdwr_rlock(&ni->li_rdwr);
+ entry = (Entry *) get_entry(op, &ni->li_base_path);
+
+ /* no object is found for them */
+ if(entry == NULL) {
+ if(be_isroot_pw(op)) {
+ rs->sr_err = return_val = LDAP_SUCCESS;
+ } else {
+ rs->sr_err = return_val = LDAP_INVALID_CREDENTIALS;
+ }
+ goto return_result;
+ }
+
+ /* they don't have userpassword */
+ if((a = attr_find(entry->e_attrs, password)) == NULL) {
+ rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
+ return_val = 1;
+ goto return_result;
+ }
+
+ /* authentication actually failed */
+ if(slap_passwd_check(op, entry, a, &op->oq_bind.rb_cred,
+ &rs->sr_text) != 0) {
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ return_val = 1;
+ goto return_result;
+ }
+
+ /* let the front-end send success */
+ return_val = 0;
+ goto return_result;
+
+ return_result:
+ ldap_pvt_thread_rdwr_runlock(&ni->li_rdwr);
+ if(return_val != 0)
+ send_ldap_result( op, rs );
+ if(entry != NULL)
+ entry_free(entry);
+ return return_val;
+}
+
+static int ldif_back_search(Operation *op, SlapReply *rs)
+{
+ struct ldif_info *ni = (struct ldif_info *) op->o_bd->be_private;
+ enumCookie ck = { NULL, NULL, NULL, 0, 0 };
+
+ ck.op = op;
+ ck.rs = rs;
+ ldap_pvt_thread_rdwr_rlock(&ni->li_rdwr);
+ rs->sr_err = enum_tree( &ck );
+ ldap_pvt_thread_rdwr_runlock(&ni->li_rdwr);
+ send_ldap_result(op, rs);
+
+ return rs->sr_err;
+}
+
+static int ldif_back_add(Operation *op, SlapReply *rs) {
+ struct ldif_info *ni = (struct ldif_info *) op->o_bd->be_private;
+ Entry * e = op->ora_e;
+ struct berval dn = e->e_nname;
+ struct berval leaf_path = BER_BVNULL;
+ struct stat stats;
+ int statres;
+ char textbuf[SLAP_TEXT_BUFLEN];
+
+ Debug( LDAP_DEBUG_TRACE, "ldif_back_add: \"%s\"\n", dn.bv_val, 0, 0);
+ slap_add_opattrs( op, &rs->sr_text, textbuf, sizeof( textbuf ), 1 );
+
+ rs->sr_err = entry_schema_check(op, e, NULL, 0,
+ &rs->sr_text, textbuf, sizeof( textbuf ) );
+ if ( rs->sr_err != LDAP_SUCCESS ) goto send_res;
+
+ ldap_pvt_thread_rdwr_wlock(&ni->li_rdwr);
+
+ dn2path(&dn, &op->o_bd->be_nsuffix[0], &ni->li_base_path, &leaf_path);
+
+ if(leaf_path.bv_val != NULL) {
+ struct berval base = BER_BVNULL;
+ /* build path to container and ldif of container */
+ get_parent_path(&leaf_path, &base);
+
+ statres = stat(base.bv_val, &stats); /* check if container exists */
+ if(statres == -1 && errno == ENOENT) { /* container missing */
+ base.bv_val[base.bv_len] = '.';
+ statres = stat(base.bv_val, &stats); /* check for leaf node */
+ base.bv_val[base.bv_len] = '\0';
+ if(statres == -1 && errno == ENOENT) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT; /* parent doesn't exist */
+ rs->sr_text = "Parent does not exist";
+ }
+ else if(statres != -1) { /* create parent */
+ int mkdirres = mkdir(base.bv_val, 0750);
+ if(mkdirres == -1) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "Could not create parent folder";
+ Debug( LDAP_DEBUG_ANY, "could not create folder \"%s\": %s\n",
+ base.bv_val, STRERROR( errno ), 0 );
+ }
+ }
+ else
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ }/* container was possibly created, move on to add the entry */
+ if(rs->sr_err == LDAP_SUCCESS) {
+ statres = stat(leaf_path.bv_val, &stats);
+ if(statres == -1 && errno == ENOENT) {
+ ldap_pvt_thread_mutex_lock(&entry2str_mutex);
+ rs->sr_err = (int) spew_entry(e, &leaf_path);
+ ldap_pvt_thread_mutex_unlock(&entry2str_mutex);
+ }
+ else if ( statres == -1 ) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ Debug( LDAP_DEBUG_ANY, "could not stat file \"%s\": %s\n",
+ leaf_path.bv_val, STRERROR( errno ), 0 );
+ }
+ else /* it already exists */
+ rs->sr_err = LDAP_ALREADY_EXISTS;
+ }
+ SLAP_FREE(base.bv_val);
+ SLAP_FREE(leaf_path.bv_val);
+ }
+
+ ldap_pvt_thread_rdwr_wunlock(&ni->li_rdwr);
+
+send_res:
+ Debug( LDAP_DEBUG_TRACE,
+ "ldif_back_add: err: %d text: %s\n", rs->sr_err, rs->sr_text ?
+ rs->sr_text : "", 0);
+ send_ldap_result(op, rs);
+ slap_graduate_commit_csn( op );
+ return 0;
+}
+
+static int ldif_back_modify(Operation *op, SlapReply *rs) {
+ struct ldif_info *ni = (struct ldif_info *) op->o_bd->be_private;
+ Modifications * modlst = op->orm_modlist;
+ struct berval path = BER_BVNULL;
+ Entry * entry = NULL;
+ int spew_res;
+
+ slap_mods_opattrs( op, &op->orm_modlist, 1 );
+
+ ldap_pvt_thread_rdwr_wlock(&ni->li_rdwr);
+ dn2path(&op->o_req_ndn, &op->o_bd->be_nsuffix[0], &ni->li_base_path,
+ &path);
+ entry = (Entry *) get_entry(op, &ni->li_base_path);
+
+ if(entry != NULL) {
+ rs->sr_err = apply_modify_to_entry(entry, modlst, op, rs);
+ if(rs->sr_err == LDAP_SUCCESS) {
+ int save_errno;
+ ldap_pvt_thread_mutex_lock(&entry2str_mutex);
+ spew_res = spew_entry(entry, &path);
+ save_errno = errno;
+ ldap_pvt_thread_mutex_unlock(&entry2str_mutex);
+ if(spew_res == -1) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s ldif_back_modify: could not output entry \"%s\": %s\n",
+ op->o_log_prefix, entry->e_name.bv_val, STRERROR( save_errno ) );
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ }
+ }
+ }
+ else {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ }
+
+ if(entry != NULL)
+ entry_free(entry);
+ if(path.bv_val != NULL)
+ SLAP_FREE(path.bv_val);
+ rs->sr_text = NULL;
+ ldap_pvt_thread_rdwr_wunlock(&ni->li_rdwr);
+ send_ldap_result(op, rs);
+ slap_graduate_commit_csn( op );
+ return 0;
+}
+
+static int ldif_back_delete(Operation *op, SlapReply *rs) {
+ struct ldif_info *ni = (struct ldif_info *) op->o_bd->be_private;
+ struct berval path = BER_BVNULL;
+ int res = 0;
+
+ if ( BER_BVISEMPTY( &op->o_csn )) {
+ struct berval csn;
+ char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
+
+ csn.bv_val = csnbuf;
+ csn.bv_len = sizeof( csnbuf );
+ slap_get_csn( op, &csn, 1 );
+ }
+
+ ldap_pvt_thread_rdwr_wlock(&ni->li_rdwr);
+ dn2path(&op->o_req_ndn, &op->o_bd->be_nsuffix[0], &ni->li_base_path, &path);
+
+ path.bv_val[path.bv_len - STRLENOF(LDIF)] = '\0';
+ res = rmdir(path.bv_val);
+ path.bv_val[path.bv_len - STRLENOF(LDIF)] = '.';
+ if ( res && errno != ENOENT ) {
+ rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
+ } else {
+ res = unlink(path.bv_val);
+ }
+
+ if(res == -1) {
+ if(errno == ENOENT)
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ else
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ }
+ else
+ rs->sr_err = LDAP_SUCCESS;
+
+ SLAP_FREE(path.bv_val);
+ ldap_pvt_thread_rdwr_wunlock(&ni->li_rdwr);
+ send_ldap_result(op, rs);
+ slap_graduate_commit_csn( op );
+ return 0;
+}
+
+
+static int move_entry(Entry * entry, struct berval * ndn,
+ struct berval * newndn, struct berval * suffixdn,
+ struct berval * base_path) {
+ int res;
+ int exists_res;
+ struct berval path;
+ struct berval newpath;
+
+ dn2path(ndn, suffixdn, base_path, &path);
+ dn2path(newndn, suffixdn, base_path, &newpath);
+
+ if((entry == NULL || path.bv_val == NULL) || newpath.bv_val == NULL) {
+ /* some object doesn't exist */
+ res = LDAP_NO_SUCH_OBJECT;
+ }
+ else { /* do the modrdn */
+ exists_res = open(newpath.bv_val, O_RDONLY);
+ if(exists_res == -1 && errno == ENOENT) {
+ ldap_pvt_thread_mutex_lock( &entry2str_mutex );
+ res = spew_entry(entry, &newpath);
+ if(res != -1) {
+ /* if this fails we should log something bad */
+ res = unlink(path.bv_val);
+ res = LDAP_SUCCESS;
+ }
+ else {
+ if(errno == ENOENT)
+ res = LDAP_NO_SUCH_OBJECT;
+ else
+ res = LDAP_UNWILLING_TO_PERFORM;
+ unlink(newpath.bv_val); /* in case file was created */
+ }
+ ldap_pvt_thread_mutex_unlock( &entry2str_mutex );
+ }
+ else if(exists_res) {
+ int close_res = close(exists_res);
+ res = LDAP_ALREADY_EXISTS;
+ if(close_res == -1) {
+ /* log heinous error */
+ }
+ }
+ else {
+ res = LDAP_UNWILLING_TO_PERFORM;
+ }
+ }
+
+ if(newpath.bv_val != NULL)
+ SLAP_FREE(newpath.bv_val);
+ if(path.bv_val != NULL)
+ SLAP_FREE(path.bv_val);
+ return res;
+}
+
+static int ldif_back_modrdn(Operation *op, SlapReply *rs) {
+ struct ldif_info *ni = (struct ldif_info *) op->o_bd->be_private;
+ struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
+ struct berval p_dn, bv = BER_BVNULL;
+ Entry * entry = NULL;
+ LDAPRDN new_rdn = NULL;
+ LDAPRDN old_rdn = NULL;
+ Modifications * mods = NULL;
+ int res;
+
+ ldap_pvt_thread_rdwr_wlock( &ni->li_rdwr );
+ entry = (Entry *) get_entry(op, &ni->li_base_path);
+
+ /* build the mods to the entry */
+ if(entry != NULL) {
+ if(ldap_bv2rdn(&op->oq_modrdn.rs_newrdn, &new_rdn,
+ (char **)&rs->sr_text, LDAP_DN_FORMAT_LDAP)) {
+ rs->sr_err = LDAP_INVALID_DN_SYNTAX;
+ }
+ else if(op->oq_modrdn.rs_deleteoldrdn &&
+ ldap_bv2rdn(&op->o_req_dn, &old_rdn, (char **)&rs->sr_text,
+ LDAP_DN_FORMAT_LDAP)) {
+ rs->sr_err = LDAP_OTHER;
+ }
+ else { /* got both rdns successfully, ready to build mods */
+ if(slap_modrdn2mods(op, rs, entry, old_rdn, new_rdn, &mods)
+ != LDAP_SUCCESS) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ }
+ else { /* built mods successfully */
+
+ /* build new dn, and new ndn for the entry */
+ if(op->oq_modrdn.rs_newSup != NULL) {
+ struct berval op_dn = op->o_req_dn,
+ op_ndn = op->o_req_ndn;
+ Entry *np;
+
+ /* new superior */
+ p_dn = *op->oq_modrdn.rs_newSup;
+ op->o_req_dn = *op->oq_modrdn.rs_newSup;
+ op->o_req_ndn = *op->oq_modrdn.rs_nnewSup;
+ np = (Entry *)get_entry( op, &ni->li_base_path );
+ op->o_req_dn = op_dn;
+ op->o_req_ndn = op_ndn;
+ if ( np == NULL ) {
+ goto no_such_object;
+ }
+ entry_free( np );
+ } else {
+ dnParent(&entry->e_name, &p_dn);
+ }
+ build_new_dn(&new_dn, &p_dn, &op->oq_modrdn.rs_newrdn, NULL);
+ dnNormalize( 0, NULL, NULL, &new_dn, &bv, op->o_tmpmemctx );
+ ber_dupbv( &new_ndn, &bv );
+ entry->e_name = new_dn;
+ entry->e_nname = new_ndn;
+
+ /* perform the modifications */
+ res = apply_modify_to_entry(entry, mods, op, rs);
+ if(res == LDAP_SUCCESS) {
+ rs->sr_err = move_entry(entry, &op->o_req_ndn,
+ &new_ndn,
+ &op->o_bd->be_nsuffix[0],
+ &ni->li_base_path);
+ } else {
+ rs->sr_err = res;
+ }
+ }
+ }
+ } else {
+no_such_object:;
+ /* entry was null */
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ }
+
+ if ( entry != NULL ) {
+ entry_free(entry);
+ }
+ rs->sr_text = "";
+ ldap_pvt_thread_rdwr_wunlock( &ni->li_rdwr );
+ send_ldap_result(op, rs);
+ slap_graduate_commit_csn( op );
+ return 0;
+}
+
+/* return LDAP_SUCCESS IFF we can retrieve the specified entry.
+ */
+int ldif_back_entry_get(
+ Operation *op,
+ struct berval *ndn,
+ ObjectClass *oc,
+ AttributeDescription *at,
+ int rw,
+ Entry **ent )
+{
+ struct ldif_info *ni = (struct ldif_info *) op->o_bd->be_private;
+ struct berval op_dn = op->o_req_dn, op_ndn = op->o_req_ndn;
+
+ assert( ndn != NULL );
+ assert( !BER_BVISNULL( ndn ) );
+
+ ldap_pvt_thread_rdwr_rlock( &ni->li_rdwr );
+ op->o_req_dn = *ndn;
+ op->o_req_ndn = *ndn;
+ *ent = (Entry *) get_entry( op, &ni->li_base_path );
+ op->o_req_dn = op_dn;
+ op->o_req_ndn = op_ndn;
+ ldap_pvt_thread_rdwr_runlock( &ni->li_rdwr );
+
+ if ( *ent && oc && !is_entry_objectclass_or_sub( *ent, oc ) ) {
+ entry_free( *ent );
+ *ent = NULL;
+ }
+
+ return ( *ent == NULL ? 1 : 0 );
+}
+
+static int ldif_tool_entry_open(BackendDB * be, int mode) {
+ struct ldif_info *ni = (struct ldif_info *) be->be_private;
+ ni->li_tool_current = 0;
+ return 0;
+}
+
+static int ldif_tool_entry_close(BackendDB * be) {
+ struct ldif_info *ni = (struct ldif_info *) be->be_private;
+
+ SLAP_FREE(ni->li_tool_cookie.entries);
+ return 0;
+}
+
+static ID
+ldif_tool_entry_first(BackendDB *be)
+{
+ struct ldif_info *ni = (struct ldif_info *) be->be_private;
+ ID id = 1; /* first entry in the array of entries shifted by one */
+
+ ni->li_tool_current = 1;
+ if(ni->li_tool_cookie.entries == NULL) {
+ Operation op = {0};
+
+ op.o_bd = be;
+ op.o_req_dn = *be->be_suffix;
+ op.o_req_ndn = *be->be_nsuffix;
+ op.ors_scope = LDAP_SCOPE_SUBTREE;
+ ni->li_tool_cookie.op = &op;
+ (void)enum_tree( &ni->li_tool_cookie );
+ ni->li_tool_cookie.op = NULL;
+ }
+ return id;
+}
+
+static ID ldif_tool_entry_next(BackendDB *be)
+{
+ struct ldif_info *ni = (struct ldif_info *) be->be_private;
+ ni->li_tool_current += 1;
+ if(ni->li_tool_current > ni->li_tool_cookie.eind)
+ return NOID;
+ else
+ return ni->li_tool_current;
+}
+
+static Entry * ldif_tool_entry_get(BackendDB * be, ID id) {
+ struct ldif_info *ni = (struct ldif_info *) be->be_private;
+ Entry * e;
+
+ if(id > ni->li_tool_cookie.eind || id < 1)
+ return NULL;
+ else {
+ e = ni->li_tool_cookie.entries[id - 1];
+ ni->li_tool_cookie.entries[id - 1] = NULL;
+ return e;
+ }
+}
+
+static ID ldif_tool_entry_put(BackendDB * be, Entry * e, struct berval *text) {
+ struct ldif_info *ni = (struct ldif_info *) be->be_private;
+ struct berval dn = e->e_nname;
+ struct berval leaf_path = BER_BVNULL;
+ struct stat stats;
+ int statres;
+ int res = LDAP_SUCCESS;
+
+ dn2path(&dn, &be->be_nsuffix[0], &ni->li_base_path, &leaf_path);
+
+ if(leaf_path.bv_val != NULL) {
+ struct berval base = BER_BVNULL;
+ /* build path to container, and path to ldif of container */
+ get_parent_path(&leaf_path, &base);
+
+ statres = stat(base.bv_val, &stats); /* check if container exists */
+ if(statres == -1 && errno == ENOENT) { /* container missing */
+ base.bv_val[base.bv_len] = '.';
+ statres = stat(base.bv_val, &stats); /* check for leaf node */
+ base.bv_val[base.bv_len] = '\0';
+ if(statres == -1 && errno == ENOENT) {
+ res = LDAP_NO_SUCH_OBJECT; /* parent doesn't exist */
+ }
+ else if(statres != -1) { /* create parent */
+ int mkdirres = mkdir(base.bv_val, 0750);
+ if(mkdirres == -1) {
+ res = LDAP_UNWILLING_TO_PERFORM;
+ }
+ }
+ else
+ res = LDAP_UNWILLING_TO_PERFORM;
+ }/* container was possibly created, move on to add the entry */
+ if(res == LDAP_SUCCESS) {
+ statres = stat(leaf_path.bv_val, &stats);
+ if(statres == -1 && errno == ENOENT) {
+ res = (int) spew_entry(e, &leaf_path);
+ }
+ else /* it already exists */
+ res = LDAP_ALREADY_EXISTS;
+ }
+ SLAP_FREE(base.bv_val);
+ SLAP_FREE(leaf_path.bv_val);
+ }
+
+ if(res == LDAP_SUCCESS) {
+ return 1;
+ }
+ else
+ return NOID;
+}
+
+static int
+ldif_back_db_init( BackendDB *be )
+{
+ struct ldif_info *ni;
+
+ ni = ch_calloc( 1, sizeof(struct ldif_info) );
+ be->be_private = ni;
+ be->be_cf_ocs = ldifocs;
+ ldap_pvt_thread_rdwr_init(&ni->li_rdwr);
+ return 0;
+}
+
+static int
+ldif_back_db_destroy(
+ Backend *be
+ )
+{
+ struct ldif_info *ni = be->be_private;
+
+ ch_free(ni->li_base_path.bv_val);
+ ldap_pvt_thread_rdwr_destroy(&ni->li_rdwr);
+ free( be->be_private );
+ return 0;
+}
+
+static int
+ldif_back_db_open(
+ Backend *be
+ )
+{
+ struct ldif_info *ni = (struct ldif_info *) be->be_private;
+ if( BER_BVISEMPTY(&ni->li_base_path)) {/* missing base path */
+ Debug( LDAP_DEBUG_ANY, "missing base path for back-ldif\n", 0, 0, 0);
+ return 1;
+ }
+ return 0;
+}
+
+int
+ldif_back_initialize(
+ BackendInfo *bi
+ )
+{
+ static char *controls[] = {
+ LDAP_CONTROL_MANAGEDSAIT,
+ NULL
+ };
+ int rc;
+
+ bi->bi_flags |=
+ SLAP_BFLAG_INCREMENT |
+ SLAP_BFLAG_REFERRALS;
+
+ bi->bi_controls = controls;
+
+ bi->bi_open = 0;
+ bi->bi_close = 0;
+ bi->bi_config = 0;
+ bi->bi_destroy = 0;
+
+ bi->bi_db_init = ldif_back_db_init;
+ bi->bi_db_config = config_generic_wrapper;
+ bi->bi_db_open = ldif_back_db_open;
+ bi->bi_db_close = 0;
+ bi->bi_db_destroy = ldif_back_db_destroy;
+
+ bi->bi_op_bind = ldif_back_bind;
+ bi->bi_op_unbind = 0;
+ bi->bi_op_search = ldif_back_search;
+ bi->bi_op_compare = 0;
+ bi->bi_op_modify = ldif_back_modify;
+ bi->bi_op_modrdn = ldif_back_modrdn;
+ bi->bi_op_add = ldif_back_add;
+ bi->bi_op_delete = ldif_back_delete;
+ bi->bi_op_abandon = 0;
+
+ bi->bi_extended = 0;
+
+ bi->bi_chk_referrals = ldif_back_referrals;
+
+ bi->bi_connection_init = 0;
+ bi->bi_connection_destroy = 0;
+
+ bi->bi_entry_get_rw = ldif_back_entry_get;
+
+#if 0 /* NOTE: uncomment to completely disable access control */
+#ifdef SLAP_OVERLAY_ACCESS
+ bi->bi_access_allowed = slap_access_always_allowed;
+#endif /* SLAP_OVERLAY_ACCESS */
+#endif
+
+ bi->bi_tool_entry_open = ldif_tool_entry_open;
+ bi->bi_tool_entry_close = ldif_tool_entry_close;
+ bi->bi_tool_entry_first = ldif_tool_entry_first;
+ bi->bi_tool_entry_next = ldif_tool_entry_next;
+ bi->bi_tool_entry_get = ldif_tool_entry_get;
+ bi->bi_tool_entry_put = ldif_tool_entry_put;
+ bi->bi_tool_entry_reindex = 0;
+ bi->bi_tool_sync = 0;
+
+ bi->bi_tool_dn2id_get = 0;
+ bi->bi_tool_id2entry_get = 0;
+ bi->bi_tool_entry_modify = 0;
+
+ bi->bi_cf_ocs = ldifocs;
+
+ rc = config_register_schema( ldifcfg, ldifocs );
+ if ( rc ) return rc;
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,45 @@
+# Makefile.in for back-meta
+# $OpenLDAP: pkg/ldap/servers/slapd/back-meta/Makefile.in,v 1.12.2.7 2007/01/02 21:44:03 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SRCS = init.c config.c search.c bind.c unbind.c add.c compare.c \
+ delete.c modify.c modrdn.c suffixmassage.c map.c \
+ conn.c candidates.c dncache.c
+OBJS = init.lo config.lo search.lo bind.lo unbind.lo add.lo compare.lo \
+ delete.lo modify.lo modrdn.lo suffixmassage.lo map.lo \
+ conn.lo candidates.lo dncache.lo
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-meta"
+BUILD_MOD = @BUILD_META@
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(@BUILD_META at _DEFS)
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+
+LIBBASE = back_meta
+
+XINCPATH = -I.. -I$(srcdir)/..
+XDEFS = $(MODULES_CPPFLAGS)
+
+all-local-lib: ../.backend
+
+../.backend: lib$(LIBBASE).a
+ @touch $@
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/add.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/add.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/add.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,212 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/add.c,v 1.27.2.17 2007/01/13 11:19:07 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+
+int
+meta_back_add( Operation *op, SlapReply *rs )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metatarget_t *mt;
+ metaconn_t *mc;
+ int i, candidate = -1;
+ int isupdate;
+ Attribute *a;
+ LDAPMod **attrs;
+ struct berval mdn = BER_BVNULL, mapped;
+ dncookie dc;
+ int msgid;
+ int do_retry = 1;
+ LDAPControl **ctrls = NULL;
+
+ Debug(LDAP_DEBUG_ARGS, "==> meta_back_add: %s\n",
+ op->o_req_dn.bv_val, 0, 0 );
+
+ /*
+ * get the current connection
+ */
+ mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
+ if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
+ return rs->sr_err;
+ }
+
+ assert( mc->mc_conns[ candidate ].msc_ld != NULL );
+
+ /*
+ * Rewrite the add dn, if needed
+ */
+ mt = mi->mi_targets[ candidate ];
+ dc.target = mt;
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "addDN";
+
+ if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+ send_ldap_result( op, rs );
+ goto done;
+ }
+
+ /* Count number of attributes in entry ( +1 ) */
+ for ( i = 1, a = op->ora_e->e_attrs; a; i++, a = a->a_next );
+
+ /* Create array of LDAPMods for ldap_add() */
+ attrs = ch_malloc( sizeof( LDAPMod * )*i );
+
+ dc.ctx = "addAttrDN";
+ isupdate = be_shadow_update( op );
+ for ( i = 0, a = op->ora_e->e_attrs; a; a = a->a_next ) {
+ int j, is_oc = 0;
+
+ if ( !isupdate && !get_manageDIT( op ) && a->a_desc->ad_type->sat_no_user_mod )
+ {
+ continue;
+ }
+
+ if ( a->a_desc == slap_schema.si_ad_objectClass
+ || a->a_desc == slap_schema.si_ad_structuralObjectClass )
+ {
+ is_oc = 1;
+ mapped = a->a_desc->ad_cname;
+
+ } else {
+ ldap_back_map( &mt->mt_rwmap.rwm_at,
+ &a->a_desc->ad_cname, &mapped, BACKLDAP_MAP );
+ if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
+ continue;
+ }
+ }
+
+ attrs[ i ] = ch_malloc( sizeof( LDAPMod ) );
+ if ( attrs[ i ] == NULL ) {
+ continue;
+ }
+ attrs[ i ]->mod_op = LDAP_MOD_BVALUES;
+ attrs[ i ]->mod_type = mapped.bv_val;
+
+ if ( is_oc ) {
+ for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ )
+ ;
+
+ attrs[ i ]->mod_bvalues =
+ (struct berval **)ch_malloc( ( j + 1 ) *
+ sizeof( struct berval * ) );
+
+ for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); ) {
+ struct ldapmapping *mapping;
+
+ ldap_back_mapping( &mt->mt_rwmap.rwm_oc,
+ &a->a_vals[ j ], &mapping, BACKLDAP_MAP );
+
+ if ( mapping == NULL ) {
+ if ( mt->mt_rwmap.rwm_oc.drop_missing ) {
+ continue;
+ }
+ attrs[ i ]->mod_bvalues[ j ] = &a->a_vals[ j ];
+
+ } else {
+ attrs[ i ]->mod_bvalues[ j ] = &mapping->dst;
+ }
+ j++;
+ }
+ attrs[ i ]->mod_bvalues[ j ] = NULL;
+
+ } else {
+ /*
+ * FIXME: dn-valued attrs should be rewritten
+ * to allow their use in ACLs at the back-ldap
+ * level.
+ */
+ if ( a->a_desc->ad_type->sat_syntax ==
+ slap_schema.si_syn_distinguishedName )
+ {
+ (void)ldap_dnattr_rewrite( &dc, a->a_vals );
+ if ( a->a_vals == NULL ) {
+ continue;
+ }
+ }
+
+ for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ )
+ ;
+
+ attrs[ i ]->mod_bvalues = ch_malloc( ( j + 1 ) * sizeof( struct berval * ) );
+ for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ ) {
+ attrs[ i ]->mod_bvalues[ j ] = &a->a_vals[ j ];
+ }
+ attrs[ i ]->mod_bvalues[ j ] = NULL;
+ }
+ i++;
+ }
+ attrs[ i ] = NULL;
+
+retry:;
+ ctrls = op->o_ctrls;
+ if ( ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
+ mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ) != LDAP_SUCCESS )
+ {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ rs->sr_err = ldap_add_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
+ attrs, ctrls, NULL, &msgid );
+ rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
+ mt->mt_timeout[ SLAP_OP_ADD ], LDAP_BACK_SENDRESULT );
+ if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
+ do_retry = 0;
+ if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
+ /* if the identity changed, there might be need to re-authz */
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ goto retry;
+ }
+ }
+
+cleanup:;
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
+ for ( --i; i >= 0; --i ) {
+ free( attrs[ i ]->mod_bvalues );
+ free( attrs[ i ] );
+ }
+ free( attrs );
+ if ( mdn.bv_val != op->ora_e->e_dn ) {
+ free( mdn.bv_val );
+ BER_BVZERO( &mdn );
+ }
+
+done:;
+ if ( mc ) {
+ meta_back_release_conn( mi, mc );
+ }
+
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/back-meta.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/back-meta.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/back-meta.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,586 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/back-meta.h,v 1.23.2.22 2007/01/27 23:56:43 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#ifndef SLAPD_LDAP_H
+#error "include servers/slapd/back-ldap/back-ldap.h before this file!"
+#endif /* SLAPD_LDAP_H */
+
+#ifndef SLAPD_META_H
+#define SLAPD_META_H
+
+#include "proto-meta.h"
+
+/* String rewrite library */
+#include "rewrite.h"
+LDAP_BEGIN_DECL
+
+/*
+ * Set META_BACK_PRINT_CONNTREE larger than 0 to dump the connection tree (debug only)
+ */
+#ifndef META_BACK_PRINT_CONNTREE
+#define META_BACK_PRINT_CONNTREE 0
+#endif /* !META_BACK_PRINT_CONNTREE */
+
+struct slap_conn;
+struct slap_op;
+
+/* from back-ldap.h before rwm removal */
+struct ldapmap {
+ int drop_missing;
+
+ Avlnode *map;
+ Avlnode *remap;
+};
+
+struct ldapmapping {
+ struct berval src;
+ struct berval dst;
+};
+
+struct ldaprwmap {
+ /*
+ * DN rewriting
+ */
+#ifdef ENABLE_REWRITE
+ struct rewrite_info *rwm_rw;
+#else /* !ENABLE_REWRITE */
+ /* some time the suffix massaging without librewrite
+ * will be disabled */
+ BerVarray rwm_suffix_massage;
+#endif /* !ENABLE_REWRITE */
+
+ /*
+ * Attribute/objectClass mapping
+ */
+ struct ldapmap rwm_oc;
+ struct ldapmap rwm_at;
+};
+
+/* Whatever context ldap_back_dn_massage needs... */
+typedef struct dncookie {
+ struct metatarget_t *target;
+
+#ifdef ENABLE_REWRITE
+ Connection *conn;
+ char *ctx;
+ SlapReply *rs;
+#else
+ int normalized;
+ int tofrom;
+#endif
+} dncookie;
+
+int ldap_back_dn_massage(dncookie *dc, struct berval *dn,
+ struct berval *res);
+
+extern int ldap_back_conn_cmp( const void *c1, const void *c2);
+extern int ldap_back_conn_dup( void *c1, void *c2 );
+extern void ldap_back_conn_free( void *c );
+
+/* attributeType/objectClass mapping */
+int mapping_cmp (const void *, const void *);
+int mapping_dup (void *, void *);
+
+void ldap_back_map_init ( struct ldapmap *lm, struct ldapmapping ** );
+int ldap_back_mapping ( struct ldapmap *map, struct berval *s,
+ struct ldapmapping **m, int remap );
+void ldap_back_map ( struct ldapmap *map, struct berval *s, struct berval *m,
+ int remap );
+#define BACKLDAP_MAP 0
+#define BACKLDAP_REMAP 1
+char *
+ldap_back_map_filter(
+ struct ldapmap *at_map,
+ struct ldapmap *oc_map,
+ struct berval *f,
+ int remap );
+
+int
+ldap_back_map_attrs(
+ struct ldapmap *at_map,
+ AttributeName *a,
+ int remap,
+ char ***mapped_attrs );
+
+extern int ldap_back_map_config(
+ struct ldapmap *oc_map,
+ struct ldapmap *at_map,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv );
+
+extern int
+ldap_back_filter_map_rewrite(
+ dncookie *dc,
+ Filter *f,
+ struct berval *fstr,
+ int remap );
+
+/* suffix massaging by means of librewrite */
+#ifdef ENABLE_REWRITE
+extern int
+suffix_massage_config( struct rewrite_info *info,
+ struct berval *pvnc,
+ struct berval *nvnc,
+ struct berval *prnc,
+ struct berval *nrnc );
+#endif /* ENABLE_REWRITE */
+extern int
+ldap_back_referral_result_rewrite(
+ dncookie *dc,
+ BerVarray a_vals );
+extern int
+ldap_dnattr_rewrite(
+ dncookie *dc,
+ BerVarray a_vals );
+extern int
+ldap_dnattr_result_rewrite(
+ dncookie *dc,
+ BerVarray a_vals );
+
+/* (end of) from back-ldap.h before rwm removal */
+
+/*
+ * A metasingleconn_t can be in the following, mutually exclusive states:
+ *
+ * - none (0x0U)
+ * - creating META_BACK_FCONN_CREATING
+ * - initialized META_BACK_FCONN_INITED
+ * - binding LDAP_BACK_FCONN_BINDING
+ * - bound/anonymous LDAP_BACK_FCONN_ISBOUND/LDAP_BACK_FCONN_ISANON
+ *
+ * possible modifiers are:
+ *
+ * - privileged LDAP_BACK_FCONN_ISPRIV
+ * - privileged, TLS LDAP_BACK_FCONN_ISTLS
+ * - subjected to idassert LDAP_BACK_FCONN_ISIDASR
+ * - tainted LDAP_BACK_FCONN_TAINTED
+ */
+
+#define META_BACK_FCONN_INITED (0x00100000U)
+#define META_BACK_FCONN_CREATING (0x00200000U)
+
+#define META_BACK_CONN_INITED(lc) LDAP_BACK_CONN_ISSET((lc), META_BACK_FCONN_INITED)
+#define META_BACK_CONN_INITED_SET(lc) LDAP_BACK_CONN_SET((lc), META_BACK_FCONN_INITED)
+#define META_BACK_CONN_INITED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), META_BACK_FCONN_INITED)
+#define META_BACK_CONN_INITED_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), META_BACK_FCONN_INITED, (mlc))
+#define META_BACK_CONN_CREATING(lc) LDAP_BACK_CONN_ISSET((lc), META_BACK_FCONN_CREATING)
+#define META_BACK_CONN_CREATING_SET(lc) LDAP_BACK_CONN_SET((lc), META_BACK_FCONN_CREATING)
+#define META_BACK_CONN_CREATING_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), META_BACK_FCONN_CREATING)
+#define META_BACK_CONN_CREATING_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), META_BACK_FCONN_CREATING, (mlc))
+
+struct metainfo_t;
+
+#define META_NOT_CANDIDATE ((ber_tag_t)0x0)
+#define META_CANDIDATE ((ber_tag_t)0x1)
+#define META_BINDING ((ber_tag_t)0x2)
+#define META_RETRYING ((ber_tag_t)0x4)
+
+typedef struct metasingleconn_t {
+#define META_CND_ISSET(rs,f) ( ( (rs)->sr_tag & (f) ) == (f) )
+#define META_CND_SET(rs,f) ( (rs)->sr_tag |= (f) )
+#define META_CND_CLEAR(rs,f) ( (rs)->sr_tag &= ~(f) )
+
+#define META_CANDIDATE_RESET(rs) ( (rs)->sr_tag = 0 )
+#define META_IS_CANDIDATE(rs) META_CND_ISSET( (rs), META_CANDIDATE )
+#define META_CANDIDATE_SET(rs) META_CND_SET( (rs), META_CANDIDATE )
+#define META_CANDIDATE_CLEAR(rs) META_CND_CLEAR( (rs), META_CANDIDATE )
+#define META_IS_BINDING(rs) META_CND_ISSET( (rs), META_BINDING )
+#define META_BINDING_SET(rs) META_CND_SET( (rs), META_BINDING )
+#define META_BINDING_CLEAR(rs) META_CND_CLEAR( (rs), META_BINDING )
+#define META_IS_RETRYING(rs) META_CND_ISSET( (rs), META_RETRYING )
+#define META_RETRYING_SET(rs) META_CND_SET( (rs), META_RETRYING )
+#define META_RETRYING_CLEAR(rs) META_CND_CLEAR( (rs), META_RETRYING )
+
+ LDAP *msc_ld;
+ time_t msc_time;
+ struct berval msc_bound_ndn;
+ struct berval msc_cred;
+ unsigned msc_mscflags;
+ /* NOTE: lc_lcflags is redefined to msc_mscflags to reuse the macros
+ * defined for back-ldap */
+#define lc_lcflags msc_mscflags
+} metasingleconn_t;
+
+typedef struct metaconn_t {
+ struct slap_conn *mc_conn;
+#define lc_conn mc_conn
+ unsigned mc_refcnt;
+
+ time_t mc_create_time;
+ time_t mc_time;
+
+ struct berval mc_local_ndn;
+ /* NOTE: msc_mscflags is used to recycle the #define
+ * in metasingleconn_t */
+ unsigned msc_mscflags;
+
+ /*
+ * means that the connection is bound;
+ * of course only one target actually is ...
+ */
+ int mc_authz_target;
+#define META_BOUND_NONE (-1)
+#define META_BOUND_ALL (-2)
+
+ struct metainfo_t *mc_info;
+
+ LDAP_TAILQ_ENTRY(metaconn_t) mc_q;
+
+ /* supersedes the connection stuff */
+ metasingleconn_t mc_conns[ 1 ];
+ /* NOTE: mc_conns must be last, because
+ * the required number of conns is malloc'ed
+ * in one block with the metaconn_t structure */
+} metaconn_t;
+
+typedef struct metatarget_t {
+ char *mt_uri;
+ ldap_pvt_thread_mutex_t mt_uri_mutex;
+
+ /* TODO: we might want to enable different strategies
+ * for different targets */
+ LDAP_REBIND_PROC *mt_rebind_f;
+ void *mt_urllist_p;
+
+ BerVarray mt_subtree_exclude;
+ int mt_scope;
+
+ struct berval mt_psuffix; /* pretty suffix */
+ struct berval mt_nsuffix; /* normalized suffix */
+
+ struct berval mt_binddn;
+ struct berval mt_bindpw;
+
+ slap_idassert_t mt_idassert;
+#define mt_idassert_mode mt_idassert.si_mode
+#define mt_idassert_authcID mt_idassert.si_bc.sb_authcId
+#define mt_idassert_authcDN mt_idassert.si_bc.sb_binddn
+#define mt_idassert_passwd mt_idassert.si_bc.sb_cred
+#define mt_idassert_authzID mt_idassert.si_bc.sb_authzId
+#define mt_idassert_authmethod mt_idassert.si_bc.sb_method
+#define mt_idassert_sasl_mech mt_idassert.si_bc.sb_saslmech
+#define mt_idassert_sasl_realm mt_idassert.si_bc.sb_realm
+#define mt_idassert_secprops mt_idassert.si_bc.sb_secprops
+#define mt_idassert_tls mt_idassert.si_bc.sb_tls
+#define mt_idassert_flags mt_idassert.si_flags
+#define mt_idassert_authz mt_idassert.si_authz
+
+ int mt_nretries;
+#define META_RETRY_UNDEFINED (-2)
+#define META_RETRY_FOREVER (-1)
+#define META_RETRY_NEVER (0)
+#define META_RETRY_DEFAULT (10)
+
+ struct ldaprwmap mt_rwmap;
+
+ sig_atomic_t mt_isquarantined;
+ slap_retry_info_t mt_quarantine;
+ ldap_pvt_thread_mutex_t mt_quarantine_mutex;
+
+ unsigned mt_flags;
+#define META_BACK_TGT_ISSET(mt,f) ( ( (mt)->mt_flags & (f) ) == (f) )
+#define META_BACK_TGT_ISMASK(mt,m,f) ( ( (mt)->mt_flags & (m) ) == (f) )
+
+#define META_BACK_TGT_T_F(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F )
+#define META_BACK_TGT_T_F_DISCOVER(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER )
+
+#define META_BACK_TGT_ABANDON(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_ABANDON )
+#define META_BACK_TGT_IGNORE(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE )
+#define META_BACK_TGT_CANCEL(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP )
+#define META_BACK_TGT_CANCEL_DISCOVER(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER )
+#define META_BACK_TGT_QUARANTINE(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_QUARANTINE )
+
+ int mt_version;
+ time_t mt_network_timeout;
+ struct timeval mt_bind_timeout;
+#define META_BIND_TIMEOUT LDAP_BACK_RESULT_UTIMEOUT
+ time_t mt_timeout[ SLAP_OP_LAST ];
+} metatarget_t;
+
+typedef struct metadncache_t {
+ ldap_pvt_thread_mutex_t mutex;
+ Avlnode *tree;
+
+#define META_DNCACHE_DISABLED (0)
+#define META_DNCACHE_FOREVER ((time_t)(-1))
+ time_t ttl; /* seconds; 0: no cache, -1: no expiry */
+} metadncache_t;
+
+typedef struct metacandidates_t {
+ int mc_ntargets;
+ SlapReply *mc_candidates;
+} metacandidates_t;
+
+/*
+ * Hook to allow mucking with metainfo_t/metatarget_t when quarantine is over
+ */
+typedef int (*meta_back_quarantine_f)( struct metainfo_t *, int target, void * );
+
+typedef struct metainfo_t {
+ int mi_ntargets;
+ int mi_defaulttarget;
+#define META_DEFAULT_TARGET_NONE (-1)
+ int mi_nretries;
+
+ metatarget_t **mi_targets;
+ metacandidates_t *mi_candidates;
+
+ LDAP_REBIND_PROC *mi_rebind_f;
+
+ metadncache_t mi_cache;
+
+ /* cached connections;
+ * special conns are in tailq rather than in tree */
+ ldap_avl_info_t mi_conninfo;
+ struct {
+ int mic_num;
+ LDAP_TAILQ_HEAD(mc_conn_priv_q, metaconn_t) mic_priv;
+ } mi_conn_priv[ LDAP_BACK_PCONN_LAST ];
+ int mi_conn_priv_max;
+
+ /* NOTE: quarantine uses the connection mutex */
+ slap_retry_info_t mi_quarantine;
+ meta_back_quarantine_f mi_quarantine_f;
+ void *mi_quarantine_p;
+
+ unsigned mi_flags;
+#define li_flags mi_flags
+/* uses flags as defined in <back-ldap/back-ldap.h> */
+#define META_BACK_F_ONERR_STOP (0x00100000U)
+#define META_BACK_F_ONERR_REPORT (0x00200000U)
+#define META_BACK_F_ONERR_MASK (META_BACK_F_ONERR_STOP|META_BACK_F_ONERR_REPORT)
+#define META_BACK_F_DEFER_ROOTDN_BIND (0x00400000U)
+#define META_BACK_F_PROXYAUTHZ_ALWAYS (0x00800000U) /* users always proxyauthz */
+#define META_BACK_F_PROXYAUTHZ_ANON (0x01000000U) /* anonymous always proxyauthz */
+#define META_BACK_F_PROXYAUTHZ_NOANON (0x02000000U) /* anonymous remains anonymous */
+
+#define META_BACK_ONERR_STOP(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_ONERR_STOP )
+#define META_BACK_ONERR_REPORT(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_ONERR_REPORT )
+#define META_BACK_ONERR_CONTINUE(mi) ( !LDAP_BACK_ISSET( (mi), META_BACK_F_ONERR_MASK ) )
+
+#define META_BACK_DEFER_ROOTDN_BIND(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_DEFER_ROOTDN_BIND )
+#define META_BACK_PROXYAUTHZ_ALWAYS(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_PROXYAUTHZ_ALWAYS )
+#define META_BACK_PROXYAUTHZ_ANON(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_PROXYAUTHZ_ANON )
+#define META_BACK_PROXYAUTHZ_NOANON(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_PROXYAUTHZ_NOANON )
+
+#define META_BACK_QUARANTINE(mi) LDAP_BACK_ISSET( (mi), LDAP_BACK_F_QUARANTINE )
+
+ int mi_version;
+ time_t mi_network_timeout;
+ time_t mi_conn_ttl;
+ time_t mi_idle_timeout;
+ struct timeval mi_bind_timeout;
+ time_t mi_timeout[ SLAP_OP_LAST ];
+} metainfo_t;
+
+typedef enum meta_op_type {
+ META_OP_ALLOW_MULTIPLE = 0,
+ META_OP_REQUIRE_SINGLE,
+ META_OP_REQUIRE_ALL
+} meta_op_type;
+
+SlapReply *
+meta_back_candidates_get( Operation *op );
+
+extern metaconn_t *
+meta_back_getconn(
+ Operation *op,
+ SlapReply *rs,
+ int *candidate,
+ ldap_back_send_t sendok );
+
+extern void
+meta_back_release_conn_lock(
+ metainfo_t *mi,
+ metaconn_t *mc,
+ int dolock );
+#define meta_back_release_conn(mi, mc) meta_back_release_conn_lock( (mi), (mc), 1 )
+
+extern int
+meta_back_retry(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t **mcp,
+ int candidate,
+ ldap_back_send_t sendok );
+
+extern void
+meta_back_conn_free(
+ void *v_mc );
+
+#if META_BACK_PRINT_CONNTREE > 0
+extern void
+meta_back_print_conntree(
+ metainfo_t *mi,
+ char *msg );
+#endif
+
+extern int
+meta_back_init_one_conn(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t *mc,
+ int candidate,
+ int ispriv,
+ ldap_back_send_t sendok,
+ int dolock );
+
+extern void
+meta_back_quarantine(
+ Operation *op,
+ SlapReply *rs,
+ int candidate );
+
+extern int
+meta_back_dobind(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t *mc,
+ ldap_back_send_t sendok );
+
+extern int
+meta_back_single_dobind(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t **mcp,
+ int candidate,
+ ldap_back_send_t sendok,
+ int retries,
+ int dolock );
+
+extern int
+meta_back_proxy_authz_cred(
+ metaconn_t *mc,
+ int candidate,
+ Operation *op,
+ SlapReply *rs,
+ ldap_back_send_t sendok,
+ struct berval *binddn,
+ struct berval *bindcred,
+ int *method );
+
+extern int
+meta_back_cancel(
+ metaconn_t *mc,
+ Operation *op,
+ SlapReply *rs,
+ ber_int_t msgid,
+ int candidate,
+ ldap_back_send_t sendok );
+
+extern int
+meta_back_op_result(
+ metaconn_t *mc,
+ Operation *op,
+ SlapReply *rs,
+ int candidate,
+ ber_int_t msgid,
+ time_t timeout,
+ ldap_back_send_t sendok );
+
+extern int
+back_meta_LTX_init_module(
+ int argc,
+ char *argv[] );
+
+extern int
+meta_back_conn_cmp(
+ const void *c1,
+ const void *c2 );
+
+extern int
+meta_back_conndn_cmp(
+ const void *c1,
+ const void *c2 );
+
+extern int
+meta_back_conndn_dup(
+ void *c1,
+ void *c2 );
+
+/*
+ * Candidate stuff
+ */
+extern int
+meta_back_is_candidate(
+ metatarget_t *mt,
+ struct berval *ndn,
+ int scope );
+
+extern int
+meta_back_select_unique_candidate(
+ metainfo_t *mi,
+ struct berval *ndn );
+
+extern int
+meta_clear_unused_candidates(
+ Operation *op,
+ int candidate );
+
+extern int
+meta_clear_one_candidate(
+ Operation *op,
+ metaconn_t *mc,
+ int candidate );
+
+/*
+ * Dn cache stuff (experimental)
+ */
+extern int
+meta_dncache_cmp(
+ const void *c1,
+ const void *c2 );
+
+extern int
+meta_dncache_dup(
+ void *c1,
+ void *c2 );
+
+#define META_TARGET_NONE (-1)
+#define META_TARGET_MULTIPLE (-2)
+extern int
+meta_dncache_get_target(
+ metadncache_t *cache,
+ struct berval *ndn );
+
+extern int
+meta_dncache_update_entry(
+ metadncache_t *cache,
+ struct berval *ndn,
+ int target );
+
+extern int
+meta_dncache_delete_entry(
+ metadncache_t *cache,
+ struct berval *ndn );
+
+extern void
+meta_dncache_free( void *entry );
+
+extern LDAP_REBIND_PROC meta_back_default_rebind;
+
+LDAP_END_DECL
+
+#endif /* SLAPD_META_H */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/bind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/bind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/bind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1467 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/bind.c,v 1.40.2.31 2007/03/09 16:23:16 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+
+
+#define AVL_INTERNAL
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+#undef ldap_debug /* silence a warning in ldap-int.h */
+#include "../../../libraries/libldap/ldap-int.h"
+
+#include "lutil_ldap.h"
+
+static int
+meta_back_proxy_authz_bind(
+ metaconn_t *mc,
+ int candidate,
+ Operation *op,
+ SlapReply *rs,
+ ldap_back_send_t sendok );
+
+static int
+meta_back_single_bind(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t *mc,
+ int candidate );
+
+int
+meta_back_bind( Operation *op, SlapReply *rs )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metaconn_t *mc = NULL;
+
+ int rc = LDAP_OTHER,
+ i,
+ gotit = 0,
+ isroot = 0;
+
+ SlapReply *candidates = meta_back_candidates_get( op );
+
+ rs->sr_err = LDAP_SUCCESS;
+
+ Debug( LDAP_DEBUG_ARGS, "%s meta_back_bind: dn=\"%s\".\n",
+ op->o_log_prefix, op->o_req_dn.bv_val, 0 );
+
+ /* the test on the bind method should be superfluous */
+ if ( op->orb_method == LDAP_AUTH_SIMPLE
+ && be_isroot_dn( op->o_bd, &op->o_req_ndn ) )
+ {
+ if ( !be_isroot_pw( op ) ) {
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ rs->sr_text = NULL;
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ }
+
+ if ( META_BACK_DEFER_ROOTDN_BIND( mi ) ) {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ /* frontend will return success */
+ return rs->sr_err;
+ }
+
+ isroot = 1;
+ }
+
+ /* we need meta_back_getconn() not send result even on error,
+ * because we want to intercept the error and make it
+ * invalidCredentials */
+ mc = meta_back_getconn( op, rs, NULL, LDAP_BACK_BIND_DONTSEND );
+ if ( !mc ) {
+ if ( StatslogTest( LDAP_DEBUG_ANY ) ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "meta_back_bind: no target "
+ "for dn \"%s\" (%d%s%s).",
+ op->o_req_dn.bv_val, rs->sr_err,
+ rs->sr_text ? ". " : "",
+ rs->sr_text ? rs->sr_text : "" );
+ Debug( LDAP_DEBUG_ANY,
+ "%s %s\n",
+ op->o_log_prefix, buf, 0 );
+ }
+
+ /* FIXME: there might be cases where we don't want
+ * to map the error onto invalidCredentials */
+ switch ( rs->sr_err ) {
+ case LDAP_NO_SUCH_OBJECT:
+ case LDAP_UNWILLING_TO_PERFORM:
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ rs->sr_text = NULL;
+ break;
+ }
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ }
+
+ /*
+ * Each target is scanned ...
+ */
+ mc->mc_authz_target = META_BOUND_NONE;
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ metatarget_t *mt = mi->mi_targets[ i ];
+ int lerr;
+
+ /*
+ * Skip non-candidates
+ */
+ if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) {
+ continue;
+ }
+
+ if ( gotit == 0 ) {
+ /* set rc to LDAP_SUCCESS only if at least
+ * one candidate has been tried */
+ rc = LDAP_SUCCESS;
+ gotit = 1;
+
+ } else if ( isroot == 0 ) {
+ /*
+ * A bind operation is expected to have
+ * ONE CANDIDATE ONLY!
+ */
+ Debug( LDAP_DEBUG_ANY,
+ "### %s meta_back_bind: more than one"
+ " candidate selected...\n",
+ op->o_log_prefix, 0, 0 );
+ }
+
+ if ( isroot ) {
+ if ( mt->mt_idassert_authmethod == LDAP_AUTH_NONE
+ || BER_BVISNULL( &mt->mt_idassert_authcDN ) )
+ {
+ metasingleconn_t *msc = &mc->mc_conns[ i ];
+
+ /* skip the target if no pseudorootdn is provided */
+ if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
+ ch_free( msc->msc_bound_ndn.bv_val );
+ BER_BVZERO( &msc->msc_bound_ndn );
+ }
+
+ if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+ /* destroy sensitive data */
+ memset( msc->msc_cred.bv_val, 0,
+ msc->msc_cred.bv_len );
+ ch_free( msc->msc_cred.bv_val );
+ BER_BVZERO( &msc->msc_cred );
+ }
+
+ continue;
+ }
+
+
+ (void)meta_back_proxy_authz_bind( mc, i, op, rs, LDAP_BACK_DONTSEND );
+ lerr = rs->sr_err;
+
+ } else {
+ lerr = meta_back_single_bind( op, rs, mc, i );
+ }
+
+ if ( lerr != LDAP_SUCCESS ) {
+ rc = rs->sr_err = lerr;
+ /* FIXME: in some cases (e.g. unavailable)
+ * do not assume it's not candidate; rather
+ * mark this as an error to be eventually
+ * reported to client */
+ META_CANDIDATE_CLEAR( &candidates[ i ] );
+ break;
+ }
+ }
+
+ /* must re-insert if local DN changed as result of bind */
+ if ( rc == LDAP_SUCCESS ) {
+ if ( isroot ) {
+ mc->mc_authz_target = META_BOUND_ALL;
+ ber_dupbv( &op->orb_edn, be_root_dn( op->o_bd ) );
+ }
+
+ if ( !LDAP_BACK_PCONN_ISPRIV( mc )
+ && !dn_match( &op->o_req_ndn, &mc->mc_local_ndn ) )
+ {
+ metaconn_t *tmpmc;
+ int lerr;
+
+ /* wait for all other ops to release the connection */
+retry_lock:;
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ if ( mc->mc_refcnt > 1 ) {
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ ldap_pvt_thread_yield();
+ goto retry_lock;
+ }
+
+ assert( mc->mc_refcnt == 1 );
+#if META_BACK_PRINT_CONNTREE > 0
+ meta_back_print_conntree( mi, ">>> meta_back_bind" );
+#endif /* META_BACK_PRINT_CONNTREE */
+ tmpmc = avl_delete( &mi->mi_conninfo.lai_tree, (caddr_t)mc,
+ meta_back_conndn_cmp );
+ assert( tmpmc == mc );
+
+ /* delete all cached connections with the current connection */
+ if ( LDAP_BACK_SINGLECONN( mi ) ) {
+ while ( ( tmpmc = avl_delete( &mi->mi_conninfo.lai_tree, (caddr_t)mc, meta_back_conn_cmp ) ) != NULL )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "=>meta_back_bind: destroying conn %ld (refcnt=%u)\n",
+ LDAP_BACK_PCONN_ID( mc ), mc->mc_refcnt, 0 );
+
+ if ( tmpmc->mc_refcnt != 0 ) {
+ /* taint it */
+ LDAP_BACK_CONN_TAINTED_SET( tmpmc );
+
+ } else {
+ /*
+ * Needs a test because the handler may be corrupted,
+ * and calling ldap_unbind on a corrupted header results
+ * in a segmentation fault
+ */
+ meta_back_conn_free( tmpmc );
+ }
+ }
+ }
+
+ ber_bvreplace( &mc->mc_local_ndn, &op->o_req_ndn );
+ if ( isroot ) {
+ LDAP_BACK_CONN_ISPRIV_SET( mc );
+ LDAP_BACK_PCONN_SET( mc, op );
+ }
+ lerr = avl_insert( &mi->mi_conninfo.lai_tree, (caddr_t)mc,
+ meta_back_conndn_cmp, meta_back_conndn_dup );
+#if META_BACK_PRINT_CONNTREE > 0
+ meta_back_print_conntree( mi, "<<< meta_back_bind" );
+#endif /* META_BACK_PRINT_CONNTREE */
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ if ( lerr == -1 ) {
+ /* we can do this because mc_refcnt == 1 */
+ assert( mc->mc_refcnt == 1 );
+ mc->mc_refcnt = 0;
+ meta_back_conn_free( mc );
+ mc = NULL;
+ }
+ }
+ }
+
+ if ( mc != NULL ) {
+ meta_back_release_conn( mi, mc );
+ }
+
+ /*
+ * rc is LDAP_SUCCESS if at least one bind succeeded,
+ * err is the last error that occurred during a bind;
+ * if at least (and at most?) one bind succeeds, fine.
+ */
+ if ( rc != LDAP_SUCCESS ) {
+
+ /*
+ * deal with bind failure ...
+ */
+
+ /*
+ * no target was found within the naming context,
+ * so bind must fail with invalid credentials
+ */
+ if ( rs->sr_err == LDAP_SUCCESS && gotit == 0 ) {
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ } else {
+ rs->sr_err = slap_map_api2result( rs );
+ }
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+meta_back_bind_op_result(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t *mc,
+ int candidate,
+ int msgid,
+ ldap_back_send_t sendok )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metatarget_t *mt = mi->mi_targets[ candidate ];
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+ LDAPMessage *res;
+ struct timeval tv;
+ int rc;
+ int nretries = mt->mt_nretries;
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ Debug( LDAP_DEBUG_TRACE,
+ ">>> %s meta_back_bind_op_result[%d]\n",
+ op->o_log_prefix, candidate, 0 );
+
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ time_t stoptime = (time_t)(-1),
+ timeout;
+ int timeout_err = op->o_protocol >= LDAP_VERSION3 ?
+ LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
+ const char *timeout_text = "Operation timed out";
+ slap_op_t opidx = slap_req2op( op->o_tag );
+
+ /* since timeout is not specified, compute and use
+ * the one specific to the ongoing operation */
+ if ( opidx == LDAP_REQ_SEARCH ) {
+ if ( op->ors_tlimit <= 0 ) {
+ timeout = 0;
+
+ } else {
+ timeout = op->ors_tlimit;
+ timeout_err = LDAP_TIMELIMIT_EXCEEDED;
+ timeout_text = NULL;
+ }
+
+ } else {
+ timeout = mt->mt_timeout[ opidx ];
+ }
+
+ /* better than nothing :) */
+ if ( timeout == 0 ) {
+ if ( mi->mi_idle_timeout ) {
+ timeout = mi->mi_idle_timeout;
+
+ } else if ( mi->mi_conn_ttl ) {
+ timeout = mi->mi_conn_ttl;
+ }
+ }
+
+ if ( timeout ) {
+ stoptime = op->o_time + timeout;
+ }
+
+ LDAP_BACK_TV_SET( &tv );
+
+ /*
+ * handle response!!!
+ */
+retry:;
+ rc = ldap_result( msc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res );
+ switch ( rc ) {
+ case 0:
+ if ( nretries != META_RETRY_NEVER
+ || ( timeout && slap_get_time() <= stoptime ) )
+ {
+ ldap_pvt_thread_yield();
+ if ( nretries > 0 ) {
+ nretries--;
+ }
+ tv = mt->mt_bind_timeout;
+ goto retry;
+ }
+
+ /* don't let anyone else use this handler,
+ * because there's a pending bind that will not
+ * be acknowledged */
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ assert( LDAP_BACK_CONN_BINDING( msc ) );
+
+#ifdef DEBUG_205
+ Debug( LDAP_DEBUG_ANY, "### %s meta_back_bind_op_result ldap_unbind_ext[%d] ld=%p\n",
+ op->o_log_prefix, candidate, (void *)msc->msc_ld );
+#endif /* DEBUG_205 */
+
+ meta_clear_one_candidate( op, mc, candidate );
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+ rs->sr_err = timeout_err;
+ rs->sr_text = timeout_text;
+ break;
+
+ case -1:
+ ldap_get_option( msc->msc_ld, LDAP_OPT_RESULT_CODE,
+ &rs->sr_err );
+
+ snprintf( buf, sizeof( buf ),
+ "err=%d (%s) nretries=%d",
+ rs->sr_err, ldap_err2string( rs->sr_err ), nretries );
+ Debug( LDAP_DEBUG_ANY,
+ "### %s meta_back_bind_op_result[%d]: %s.\n",
+ op->o_log_prefix, candidate, buf );
+ break;
+
+ default:
+ /* only touch when activity actually took place... */
+ if ( mi->mi_idle_timeout != 0 && msc->msc_time < op->o_time ) {
+ msc->msc_time = op->o_time;
+ }
+
+ /* FIXME: matched? referrals? response controls? */
+ rc = ldap_parse_result( msc->msc_ld, res, &rs->sr_err,
+ NULL, NULL, NULL, NULL, 1 );
+ if ( rc != LDAP_SUCCESS ) {
+ rs->sr_err = rc;
+ }
+ break;
+ }
+ }
+
+ rs->sr_err = slap_map_api2result( rs );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "<<< %s meta_back_bind_op_result[%d] err=%d\n",
+ op->o_log_prefix, candidate, rs->sr_err );
+
+ return rs->sr_err;
+}
+
+/*
+ * meta_back_single_bind
+ *
+ * attempts to perform a bind with creds
+ */
+static int
+meta_back_single_bind(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t *mc,
+ int candidate )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metatarget_t *mt = mi->mi_targets[ candidate ];
+ struct berval mdn = BER_BVNULL;
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+ int msgid;
+ dncookie dc;
+
+ if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
+ ch_free( msc->msc_bound_ndn.bv_val );
+ BER_BVZERO( &msc->msc_bound_ndn );
+ }
+
+ if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+ /* destroy sensitive data */
+ memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
+ ch_free( msc->msc_cred.bv_val );
+ BER_BVZERO( &msc->msc_cred );
+ }
+
+ /*
+ * Rewrite the bind dn if needed
+ */
+ dc.target = mt;
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "bindDN";
+
+ if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+ rs->sr_text = "DN rewrite error";
+ rs->sr_err = LDAP_OTHER;
+ return rs->sr_err;
+ }
+
+ /* FIXME: this fixes the bind problem right now; we need
+ * to use the asynchronous version to get the "matched"
+ * and more in case of failure ... */
+ /* FIXME: should we check if at least some of the op->o_ctrls
+ * can/should be passed? */
+ rs->sr_err = ldap_sasl_bind( msc->msc_ld, mdn.bv_val,
+ LDAP_SASL_SIMPLE, &op->orb_cred,
+ op->o_ctrls, NULL, &msgid );
+ meta_back_bind_op_result( op, rs, mc, candidate, msgid, LDAP_BACK_DONTSEND );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ goto return_results;
+ }
+
+ /* If defined, proxyAuthz will be used also when
+ * back-ldap is the authorizing backend; for this
+ * purpose, a successful bind is followed by a
+ * bind with the configured identity assertion */
+ /* NOTE: use with care */
+ if ( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
+ meta_back_proxy_authz_bind( mc, candidate, op, rs, LDAP_BACK_SENDERR );
+ if ( !LDAP_BACK_CONN_ISBOUND( msc ) ) {
+ goto return_results;
+ }
+ goto cache_refresh;
+ }
+
+ ber_bvreplace( &msc->msc_bound_ndn, &op->o_req_ndn );
+ LDAP_BACK_CONN_ISBOUND_SET( msc );
+ mc->mc_authz_target = candidate;
+
+ if ( LDAP_BACK_SAVECRED( mi ) ) {
+ if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+ memset( msc->msc_cred.bv_val, 0,
+ msc->msc_cred.bv_len );
+ }
+ ber_bvreplace( &msc->msc_cred, &op->orb_cred );
+ ldap_set_rebind_proc( msc->msc_ld, mt->mt_rebind_f, msc );
+ }
+
+cache_refresh:;
+ if ( mi->mi_cache.ttl != META_DNCACHE_DISABLED
+ && !BER_BVISEMPTY( &op->o_req_ndn ) )
+ {
+ ( void )meta_dncache_update_entry( &mi->mi_cache,
+ &op->o_req_ndn, candidate );
+ }
+
+return_results:;
+ if ( mdn.bv_val != op->o_req_dn.bv_val ) {
+ free( mdn.bv_val );
+ }
+
+ if ( META_BACK_TGT_QUARANTINE( mt ) ) {
+ meta_back_quarantine( op, rs, candidate );
+ }
+
+ return rs->sr_err;
+}
+
+/*
+ * meta_back_single_dobind
+ */
+int
+meta_back_single_dobind(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t **mcp,
+ int candidate,
+ ldap_back_send_t sendok,
+ int nretries,
+ int dolock )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metatarget_t *mt = mi->mi_targets[ candidate ];
+ metaconn_t *mc = *mcp;
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+ static struct berval cred = BER_BVC( "" );
+ int msgid;
+
+ assert( !LDAP_BACK_CONN_ISBOUND( msc ) );
+
+ /* NOTE: this obsoletes pseudorootdn */
+ if ( op->o_conn != NULL &&
+ !op->o_do_not_cache &&
+ ( BER_BVISNULL( &msc->msc_bound_ndn ) ||
+ BER_BVISEMPTY( &msc->msc_bound_ndn ) ||
+ ( LDAP_BACK_CONN_ISPRIV( mc ) && dn_match( &msc->msc_bound_ndn, &mt->mt_idassert_authcDN ) ) ||
+ ( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) )
+ {
+ (void)meta_back_proxy_authz_bind( mc, candidate, op, rs, sendok );
+
+ } else {
+
+ /* FIXME: should we check if at least some of the op->o_ctrls
+ * can/should be passed? */
+ rs->sr_err = ldap_sasl_bind( msc->msc_ld,
+ "", LDAP_SASL_SIMPLE, &cred,
+ NULL, NULL, &msgid );
+ rs->sr_err = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok );
+ }
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ }
+ LDAP_BACK_CONN_BINDING_CLEAR( msc );
+ if ( META_BACK_ONERR_STOP( mi ) ) {
+ LDAP_BACK_CONN_TAINTED_SET( mc );
+ meta_back_release_conn_lock( mi, mc, 0 );
+ *mcp = NULL;
+ }
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ }
+ }
+
+ if ( META_BACK_TGT_QUARANTINE( mt ) ) {
+ meta_back_quarantine( op, rs, candidate );
+ }
+
+ return rs->sr_err;
+}
+
+/*
+ * meta_back_dobind
+ */
+int
+meta_back_dobind(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t *mc,
+ ldap_back_send_t sendok )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+
+ int bound = 0,
+ i,
+ isroot = 0;
+
+ SlapReply *candidates = meta_back_candidates_get( op );
+
+ if ( be_isroot( op ) ) {
+ isroot = 1;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "%s meta_back_dobind: conn=%ld%s\n",
+ op->o_log_prefix,
+ LDAP_BACK_PCONN_ID( mc ),
+ isroot ? " (isroot)" : "" );
+
+ /*
+ * all the targets are bound as pseudoroot
+ */
+ if ( mc->mc_authz_target == META_BOUND_ALL ) {
+ bound = 1;
+ goto done;
+ }
+
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ metatarget_t *mt = mi->mi_targets[ i ];
+ metasingleconn_t *msc = &mc->mc_conns[ i ];
+ int rc;
+
+ /*
+ * Not a candidate
+ */
+ if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) {
+ continue;
+ }
+
+ assert( msc->msc_ld != NULL );
+
+ /*
+ * If the target is already bound it is skipped
+ */
+
+retry_binding:;
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ if ( LDAP_BACK_CONN_ISBOUND( msc )
+ || ( LDAP_BACK_CONN_ISANON( msc )
+ && mt->mt_idassert_authmethod == LDAP_AUTH_NONE ) )
+ {
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ ++bound;
+ continue;
+
+ } else if ( META_BACK_CONN_CREATING( msc ) || LDAP_BACK_CONN_BINDING( msc ) )
+ {
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ ldap_pvt_thread_yield();
+ goto retry_binding;
+
+ }
+
+ LDAP_BACK_CONN_BINDING_SET( msc );
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+ rc = meta_back_single_dobind( op, rs, &mc, i,
+ LDAP_BACK_DONTSEND, mt->mt_nretries, 1 );
+ /*
+ * NOTE: meta_back_single_dobind() already retries;
+ * in case of failure, it resets mc...
+ */
+ if ( rc != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ if ( mc == NULL ) {
+ /* meta_back_single_dobind() already sent
+ * response and released connection */
+ goto send_err;
+ }
+
+
+ if ( rc == LDAP_UNAVAILABLE ) {
+ /* FIXME: meta_back_retry() already re-calls
+ * meta_back_single_dobind() */
+ if ( meta_back_retry( op, rs, &mc, i, sendok ) ) {
+ goto retry_ok;
+ }
+
+ if ( mc != NULL ) {
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ LDAP_BACK_CONN_BINDING_CLEAR( msc );
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ meta_back_release_conn( mi, mc );
+ }
+
+ return 0;
+ }
+
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ LDAP_BACK_CONN_BINDING_CLEAR( msc );
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+ snprintf( buf, sizeof( buf ),
+ "meta_back_dobind[%d]: (%s) err=%d (%s).",
+ i, isroot ? op->o_bd->be_rootdn.bv_val : "anonymous",
+ rc, ldap_err2string( rc ) );
+ Debug( LDAP_DEBUG_ANY,
+ "%s %s\n",
+ op->o_log_prefix, buf, 0 );
+
+ /*
+ * null cred bind should always succeed
+ * as anonymous, so a failure means
+ * the target is no longer candidate possibly
+ * due to technical reasons (remote host down?)
+ * so better clear the handle
+ */
+ /* leave the target candidate, but record the error for later use */
+ candidates[ i ].sr_err = rc;
+ if ( META_BACK_ONERR_STOP( mi ) ) {
+ bound = 0;
+ goto done;
+ }
+
+ continue;
+ } /* else */
+
+retry_ok:;
+ Debug( LDAP_DEBUG_TRACE,
+ "%s meta_back_dobind[%d]: "
+ "(%s)\n",
+ op->o_log_prefix, i,
+ isroot ? op->o_bd->be_rootdn.bv_val : "anonymous" );
+
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ LDAP_BACK_CONN_BINDING_CLEAR( msc );
+ if ( isroot ) {
+ LDAP_BACK_CONN_ISBOUND_SET( msc );
+ } else {
+ LDAP_BACK_CONN_ISANON_SET( msc );
+ }
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ ++bound;
+ }
+
+done:;
+ Debug( LDAP_DEBUG_TRACE,
+ "%s meta_back_dobind: conn=%ld bound=%d\n",
+ op->o_log_prefix, LDAP_BACK_PCONN_ID( mc ), bound );
+
+ if ( bound == 0 ) {
+ meta_back_release_conn( mi, mc );
+
+send_err:;
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_BUSY;
+ }
+ send_ldap_result( op, rs );
+ }
+
+ return 0;
+ }
+
+ return ( bound > 0 );
+}
+
+/*
+ * meta_back_default_rebind
+ *
+ * This is a callback used for chasing referrals using the same
+ * credentials as the original user on this session.
+ */
+int
+meta_back_default_rebind(
+ LDAP *ld,
+ LDAP_CONST char *url,
+ ber_tag_t request,
+ ber_int_t msgid,
+ void *params )
+{
+ metasingleconn_t *msc = ( metasingleconn_t * )params;
+
+ return ldap_sasl_bind_s( ld, msc->msc_bound_ndn.bv_val,
+ LDAP_SASL_SIMPLE, &msc->msc_cred,
+ NULL, NULL, NULL );
+}
+
+int
+meta_back_cancel(
+ metaconn_t *mc,
+ Operation *op,
+ SlapReply *rs,
+ ber_int_t msgid,
+ int candidate,
+ ldap_back_send_t sendok )
+{
+ metainfo_t *mi = (metainfo_t *)op->o_bd->be_private;
+
+ metatarget_t *mt = mi->mi_targets[ candidate ];
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+
+ int rc = LDAP_OTHER;
+
+ Debug( LDAP_DEBUG_TRACE, ">>> %s meta_back_cancel[%d] msgid=%d\n",
+ op->o_log_prefix, candidate, msgid );
+
+ /* default behavior */
+ if ( META_BACK_TGT_ABANDON( mt ) ) {
+ rc = ldap_abandon_ext( msc->msc_ld, msgid, NULL, NULL );
+
+ } else if ( META_BACK_TGT_CANCEL( mt ) ) {
+ rc = ldap_cancel_s( msc->msc_ld, msgid, NULL, NULL );
+
+ } else {
+ assert( 0 );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<<< %s meta_back_cancel[%d] err=%d\n",
+ op->o_log_prefix, candidate, rc );
+
+ return rc;
+}
+
+
+
+/*
+ * FIXME: error return must be handled in a cleaner way ...
+ */
+int
+meta_back_op_result(
+ metaconn_t *mc,
+ Operation *op,
+ SlapReply *rs,
+ int candidate,
+ ber_int_t msgid,
+ time_t timeout,
+ ldap_back_send_t sendok )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+
+ const char *save_text = rs->sr_text,
+ *save_matched = rs->sr_matched;
+ BerVarray save_ref = rs->sr_ref;
+ LDAPControl **save_ctrls = rs->sr_ctrls;
+ void *matched_ctx = NULL;
+
+ char *matched = NULL;
+ char *text = NULL;
+ char **refs = NULL;
+ LDAPControl **ctrls = NULL;
+
+ assert( mc != NULL );
+
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ rs->sr_ref = NULL;
+ rs->sr_ctrls = NULL;
+
+ if ( candidate != META_TARGET_NONE ) {
+ metatarget_t *mt = mi->mi_targets[ candidate ];
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+
+#define ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE)
+
+ if ( ERR_OK( rs->sr_err ) ) {
+ int rc;
+ struct timeval tv;
+ LDAPMessage *res = NULL;
+ time_t stoptime = (time_t)(-1);
+ int timeout_err = op->o_protocol >= LDAP_VERSION3 ?
+ LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
+ const char *timeout_text = "Operation timed out";
+
+ /* if timeout is not specified, compute and use
+ * the one specific to the ongoing operation */
+ if ( timeout == (time_t)(-1) ) {
+ slap_op_t opidx = slap_req2op( op->o_tag );
+
+ if ( opidx == SLAP_OP_SEARCH ) {
+ if ( op->ors_tlimit <= 0 ) {
+ timeout = 0;
+
+ } else {
+ timeout = op->ors_tlimit;
+ timeout_err = LDAP_TIMELIMIT_EXCEEDED;
+ timeout_text = NULL;
+ }
+
+ } else {
+ timeout = mt->mt_timeout[ opidx ];
+ }
+ }
+
+ /* better than nothing :) */
+ if ( timeout == 0 ) {
+ if ( mi->mi_idle_timeout ) {
+ timeout = mi->mi_idle_timeout;
+
+ } else if ( mi->mi_conn_ttl ) {
+ timeout = mi->mi_conn_ttl;
+ }
+ }
+
+ if ( timeout ) {
+ stoptime = op->o_time + timeout;
+ }
+
+ LDAP_BACK_TV_SET( &tv );
+
+retry:;
+ rc = ldap_result( msc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res );
+ switch ( rc ) {
+ case 0:
+ if ( timeout && slap_get_time() > stoptime ) {
+ (void)meta_back_cancel( mc, op, rs, msgid, candidate, sendok );
+ rs->sr_err = timeout_err;
+ rs->sr_text = timeout_text;
+ break;
+ }
+
+ LDAP_BACK_TV_SET( &tv );
+ ldap_pvt_thread_yield();
+ goto retry;
+
+ case -1:
+ ldap_get_option( msc->msc_ld, LDAP_OPT_RESULT_CODE,
+ &rs->sr_err );
+ break;
+
+
+ /* otherwise get the result; if it is not
+ * LDAP_SUCCESS, record it in the reply
+ * structure (this includes
+ * LDAP_COMPARE_{TRUE|FALSE}) */
+ default:
+ /* only touch when activity actually took place... */
+ if ( mi->mi_idle_timeout != 0 && msc->msc_time < op->o_time ) {
+ msc->msc_time = op->o_time;
+ }
+
+ rc = ldap_parse_result( msc->msc_ld, res, &rs->sr_err,
+ &matched, &text, &refs, &ctrls, 1 );
+ res = NULL;
+ rs->sr_text = text;
+ if ( rc != LDAP_SUCCESS ) {
+ rs->sr_err = rc;
+ }
+
+ /* RFC 4511: referrals can only appear
+ * if result code is LDAP_REFERRAL */
+ if ( refs != NULL
+ && refs[ 0 ] != NULL
+ && refs[ 0 ][ 0 ] != '\0' )
+ {
+ if ( rs->sr_err != LDAP_REFERRAL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_back_op_result[%d]: "
+ "got referrals with err=%d\n",
+ op->o_log_prefix,
+ candidate, rs->sr_err );
+
+ } else {
+ int i;
+
+ for ( i = 0; refs[ i ] != NULL; i++ )
+ /* count */ ;
+ rs->sr_ref = op->o_tmpalloc( sizeof( struct berval ) * ( i + 1 ),
+ op->o_tmpmemctx );
+ for ( i = 0; refs[ i ] != NULL; i++ ) {
+ ber_str2bv( refs[ i ], 0, 0, &rs->sr_ref[ i ] );
+ }
+ BER_BVZERO( &rs->sr_ref[ i ] );
+ }
+
+ } else if ( rs->sr_err == LDAP_REFERRAL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_back_op_result[%d]: "
+ "got err=%d with null "
+ "or empty referrals\n",
+ op->o_log_prefix,
+ candidate, rs->sr_err );
+
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ }
+
+ if ( ctrls != NULL ) {
+ rs->sr_ctrls = ctrls;
+ }
+ }
+
+ assert( res == NULL );
+ }
+
+ /* if the error in the reply structure is not
+ * LDAP_SUCCESS, try to map it from client
+ * to server error */
+ if ( !ERR_OK( rs->sr_err ) ) {
+ rs->sr_err = slap_map_api2result( rs );
+
+ /* internal ops ( op->o_conn == NULL )
+ * must not reply to client */
+ if ( op->o_conn && !op->o_do_not_cache && matched ) {
+
+ /* record the (massaged) matched
+ * DN into the reply structure */
+ rs->sr_matched = matched;
+ }
+ }
+
+ if ( META_BACK_TGT_QUARANTINE( mt ) ) {
+ meta_back_quarantine( op, rs, candidate );
+ }
+
+ } else {
+ int i,
+ err = rs->sr_err;
+
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ metasingleconn_t *msc = &mc->mc_conns[ i ];
+ char *xtext = NULL;
+ char *xmatched = NULL;
+
+ rs->sr_err = LDAP_SUCCESS;
+
+ ldap_get_option( msc->msc_ld, LDAP_OPT_ERROR_NUMBER, &rs->sr_err );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ /*
+ * better check the type of error. In some cases
+ * (search ?) it might be better to return a
+ * success if at least one of the targets gave
+ * positive result ...
+ */
+ ldap_get_option( msc->msc_ld,
+ LDAP_OPT_ERROR_STRING, &xtext );
+ if ( xtext != NULL && xtext [ 0 ] == '\0' ) {
+ ldap_memfree( xtext );
+ xtext = NULL;
+ }
+
+ ldap_get_option( msc->msc_ld,
+ LDAP_OPT_MATCHED_DN, &xmatched );
+ if ( xmatched != NULL && xmatched[ 0 ] == '\0' ) {
+ ldap_memfree( xmatched );
+ xmatched = NULL;
+ }
+
+ rs->sr_err = slap_map_api2result( rs );
+
+ if ( StatslogTest( LDAP_DEBUG_ANY ) ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "meta_back_op_result[%d] "
+ "err=%d text=\"%s\" matched=\"%s\"",
+ i, rs->sr_err,
+ ( xtext ? xtext : "" ),
+ ( xmatched ? xmatched : "" ) );
+ Debug( LDAP_DEBUG_ANY, "%s %s.\n",
+ op->o_log_prefix, buf, 0 );
+ }
+
+ /*
+ * FIXME: need to rewrite "match" (need rwinfo)
+ */
+ switch ( rs->sr_err ) {
+ default:
+ err = rs->sr_err;
+ if ( xtext != NULL ) {
+ if ( text ) {
+ ldap_memfree( text );
+ }
+ text = xtext;
+ xtext = NULL;
+ }
+ if ( xmatched != NULL ) {
+ if ( matched ) {
+ ldap_memfree( matched );
+ }
+ matched = xmatched;
+ xmatched = NULL;
+ }
+ break;
+ }
+
+ if ( xtext ) {
+ ldap_memfree( xtext );
+ }
+
+ if ( xmatched ) {
+ ldap_memfree( xmatched );
+ }
+ }
+
+ if ( META_BACK_TGT_QUARANTINE( mi->mi_targets[ i ] ) ) {
+ meta_back_quarantine( op, rs, i );
+ }
+ }
+
+ if ( err != LDAP_SUCCESS ) {
+ rs->sr_err = err;
+ }
+ }
+
+ if ( matched != NULL ) {
+ struct berval dn, pdn;
+
+ ber_str2bv( matched, 0, 0, &dn );
+ if ( dnPretty( NULL, &dn, &pdn, op->o_tmpmemctx ) == LDAP_SUCCESS ) {
+ ldap_memfree( matched );
+ matched_ctx = op->o_tmpmemctx;
+ matched = pdn.bv_val;
+ }
+ rs->sr_matched = matched;
+ }
+
+ if ( op->o_conn &&
+ ( ( sendok & LDAP_BACK_SENDOK )
+ || ( ( sendok & LDAP_BACK_SENDERR ) && rs->sr_err != LDAP_SUCCESS ) ) )
+ {
+ send_ldap_result( op, rs );
+ }
+ if ( matched ) {
+ op->o_tmpfree( (char *)rs->sr_matched, matched_ctx );
+ }
+ if ( text ) {
+ ldap_memfree( text );
+ }
+ if ( rs->sr_ref ) {
+ op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
+ rs->sr_ref = NULL;
+ }
+ if ( refs ) {
+ ber_memvfree( (void **)refs );
+ }
+ if ( ctrls ) {
+ assert( rs->sr_ctrls != NULL );
+ ldap_controls_free( ctrls );
+ }
+
+ rs->sr_text = save_text;
+ rs->sr_matched = save_matched;
+ rs->sr_ref = save_ref;
+ rs->sr_ctrls = save_ctrls;
+
+ return( ERR_OK( rs->sr_err ) ? LDAP_SUCCESS : rs->sr_err );
+}
+
+/*
+ * meta_back_proxy_authz_cred()
+ *
+ * prepares credentials & method for meta_back_proxy_authz_bind();
+ * or, if method is SASL, performs the SASL bind directly.
+ */
+int
+meta_back_proxy_authz_cred(
+ metaconn_t *mc,
+ int candidate,
+ Operation *op,
+ SlapReply *rs,
+ ldap_back_send_t sendok,
+ struct berval *binddn,
+ struct berval *bindcred,
+ int *method )
+{
+ metainfo_t *mi = (metainfo_t *)op->o_bd->be_private;
+ metatarget_t *mt = mi->mi_targets[ candidate ];
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+ struct berval ndn;
+ int dobind = 0;
+
+ /* don't proxyAuthz if protocol is not LDAPv3 */
+ switch ( mt->mt_version ) {
+ case LDAP_VERSION3:
+ break;
+
+ case 0:
+ if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) {
+ break;
+ }
+ /* fall thru */
+
+ default:
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ }
+ LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+ goto done;
+ }
+
+ if ( op->o_tag == LDAP_REQ_BIND ) {
+ ndn = op->o_req_ndn;
+
+ } else if ( !BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+ ndn = op->o_conn->c_ndn;
+
+ } else {
+ ndn = op->o_ndn;
+ }
+
+ /*
+ * FIXME: we need to let clients use proxyAuthz
+ * otherwise we cannot do symmetric pools of servers;
+ * we have to live with the fact that a user can
+ * authorize itself as any ID that is allowed
+ * by the authzTo directive of the "proxyauthzdn".
+ */
+ /*
+ * NOTE: current Proxy Authorization specification
+ * and implementation do not allow proxy authorization
+ * control to be provided with Bind requests
+ */
+ /*
+ * if no bind took place yet, but the connection is bound
+ * and the "proxyauthzdn" is set, then bind as
+ * "proxyauthzdn" and explicitly add the proxyAuthz
+ * control to every operation with the dn bound
+ * to the connection as control value.
+ */
+
+ /* bind as proxyauthzdn only if no idassert mode
+ * is requested, or if the client's identity
+ * is authorized */
+ switch ( mt->mt_idassert_mode ) {
+ case LDAP_BACK_IDASSERT_LEGACY:
+ if ( !BER_BVISNULL( &ndn ) && !BER_BVISEMPTY( &ndn ) ) {
+ if ( !BER_BVISNULL( &mt->mt_idassert_authcDN ) && !BER_BVISEMPTY( &mt->mt_idassert_authcDN ) )
+ {
+ *binddn = mt->mt_idassert_authcDN;
+ *bindcred = mt->mt_idassert_passwd;
+ dobind = 1;
+ }
+ }
+ break;
+
+ default:
+ /* NOTE: rootdn can always idassert */
+ if ( BER_BVISNULL( &ndn )
+ && mt->mt_idassert_authz == NULL
+ && !( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) )
+ {
+ if ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
+ rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ }
+ LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+ goto done;
+
+ }
+
+ rs->sr_err = LDAP_SUCCESS;
+ *binddn = slap_empty_bv;
+ *bindcred = slap_empty_bv;
+ break;
+
+ } else if ( mt->mt_idassert_authz && !be_isroot( op ) ) {
+ struct berval authcDN;
+
+ if ( BER_BVISNULL( &ndn ) ) {
+ authcDN = slap_empty_bv;
+
+ } else {
+ authcDN = ndn;
+ }
+ rs->sr_err = slap_sasl_matches( op, mt->mt_idassert_authz,
+ &authcDN, &authcDN );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ if ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ }
+ LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+ goto done;
+ }
+
+ rs->sr_err = LDAP_SUCCESS;
+ *binddn = slap_empty_bv;
+ *bindcred = slap_empty_bv;
+ break;
+ }
+ }
+
+ *binddn = mt->mt_idassert_authcDN;
+ *bindcred = mt->mt_idassert_passwd;
+ dobind = 1;
+ break;
+ }
+
+ if ( dobind && mt->mt_idassert_authmethod == LDAP_AUTH_SASL ) {
+#ifdef HAVE_CYRUS_SASL
+ void *defaults = NULL;
+ struct berval authzID = BER_BVNULL;
+ int freeauthz = 0;
+
+ /* if SASL supports native authz, prepare for it */
+ if ( ( !op->o_do_not_cache || !op->o_is_auth_check ) &&
+ ( mt->mt_idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ ) )
+ {
+ switch ( mt->mt_idassert_mode ) {
+ case LDAP_BACK_IDASSERT_OTHERID:
+ case LDAP_BACK_IDASSERT_OTHERDN:
+ authzID = mt->mt_idassert_authzID;
+ break;
+
+ case LDAP_BACK_IDASSERT_ANONYMOUS:
+ BER_BVSTR( &authzID, "dn:" );
+ break;
+
+ case LDAP_BACK_IDASSERT_SELF:
+ if ( BER_BVISNULL( &ndn ) ) {
+ /* connection is not authc'd, so don't idassert */
+ BER_BVSTR( &authzID, "dn:" );
+ break;
+ }
+ authzID.bv_len = STRLENOF( "dn:" ) + ndn.bv_len;
+ authzID.bv_val = slap_sl_malloc( authzID.bv_len + 1, op->o_tmpmemctx );
+ AC_MEMCPY( authzID.bv_val, "dn:", STRLENOF( "dn:" ) );
+ AC_MEMCPY( authzID.bv_val + STRLENOF( "dn:" ),
+ ndn.bv_val, ndn.bv_len + 1 );
+ freeauthz = 1;
+ break;
+
+ default:
+ break;
+ }
+ }
+
+ if ( mt->mt_idassert_secprops != NULL ) {
+ rs->sr_err = ldap_set_option( msc->msc_ld,
+ LDAP_OPT_X_SASL_SECPROPS,
+ (void *)mt->mt_idassert_secprops );
+
+ if ( rs->sr_err != LDAP_OPT_SUCCESS ) {
+ rs->sr_err = LDAP_OTHER;
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ }
+ LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+ goto done;
+ }
+ }
+
+ defaults = lutil_sasl_defaults( msc->msc_ld,
+ mt->mt_idassert_sasl_mech.bv_val,
+ mt->mt_idassert_sasl_realm.bv_val,
+ mt->mt_idassert_authcID.bv_val,
+ mt->mt_idassert_passwd.bv_val,
+ authzID.bv_val );
+
+ rs->sr_err = ldap_sasl_interactive_bind_s( msc->msc_ld, binddn->bv_val,
+ mt->mt_idassert_sasl_mech.bv_val, NULL, NULL,
+ LDAP_SASL_QUIET, lutil_sasl_interact,
+ defaults );
+
+ rs->sr_err = slap_map_api2result( rs );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ }
+
+ } else {
+ LDAP_BACK_CONN_ISBOUND_SET( msc );
+ }
+
+ lutil_sasl_freedefs( defaults );
+ if ( freeauthz ) {
+ slap_sl_free( authzID.bv_val, op->o_tmpmemctx );
+ }
+
+ goto done;
+#endif /* HAVE_CYRUS_SASL */
+ }
+
+ *method = mt->mt_idassert_authmethod;
+ switch ( mt->mt_idassert_authmethod ) {
+ case LDAP_AUTH_NONE:
+ BER_BVSTR( binddn, "" );
+ BER_BVSTR( bindcred, "" );
+ /* fallthru */
+
+ case LDAP_AUTH_SIMPLE:
+ break;
+
+ default:
+ /* unsupported! */
+ LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+ rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED;
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ }
+ break;
+ }
+
+done:;
+ return rs->sr_err;
+}
+
+static int
+meta_back_proxy_authz_bind( metaconn_t *mc, int candidate, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
+{
+ metainfo_t *mi = (metainfo_t *)op->o_bd->be_private;
+ metatarget_t *mt = mi->mi_targets[ candidate ];
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+ struct berval binddn = BER_BVC( "" ),
+ cred = BER_BVC( "" );
+ int method = LDAP_AUTH_NONE,
+ rc;
+
+ rc = meta_back_proxy_authz_cred( mc, candidate, op, rs, sendok, &binddn, &cred, &method );
+ if ( rc == LDAP_SUCCESS && !LDAP_BACK_CONN_ISBOUND( msc ) ) {
+ int msgid;
+
+ switch ( method ) {
+ case LDAP_AUTH_NONE:
+ case LDAP_AUTH_SIMPLE:
+ rs->sr_err = ldap_sasl_bind( msc->msc_ld,
+ binddn.bv_val, LDAP_SASL_SIMPLE,
+ &cred, NULL, NULL, &msgid );
+ rc = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok );
+ if ( rc == LDAP_SUCCESS ) {
+ /* set rebind stuff in case of successful proxyAuthz bind,
+ * so that referral chasing is attempted using the right
+ * identity */
+ LDAP_BACK_CONN_ISBOUND_SET( msc );
+ ber_bvreplace( &msc->msc_bound_ndn, &binddn );
+
+ if ( LDAP_BACK_SAVECRED( mi ) ) {
+ if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+ memset( msc->msc_cred.bv_val, 0,
+ msc->msc_cred.bv_len );
+ }
+ ber_bvreplace( &msc->msc_cred, &cred );
+ ldap_set_rebind_proc( msc->msc_ld, mt->mt_rebind_f, msc );
+ }
+ }
+ break;
+
+ default:
+ assert( 0 );
+ break;
+ }
+ }
+
+ return LDAP_BACK_CONN_ISBOUND( msc );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/candidates.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/candidates.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/candidates.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,220 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/candidates.c,v 1.12.2.15 2007/01/05 09:47:10 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include "ac/string.h"
+
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+
+/*
+ * The meta-directory has one suffix, called <suffix>.
+ * It handles a pool of target servers, each with a branch suffix
+ * of the form <branch X>,<suffix>
+ *
+ * When the meta-directory receives a request with a dn that belongs
+ * to a branch, the corresponding target is invoked. When the dn
+ * does not belong to a specific branch, all the targets that
+ * are compatible with the dn are selected as candidates, and
+ * the request is spawned to all the candidate targets
+ *
+ * A request is characterized by a dn. The following cases are handled:
+ * - the dn is the suffix: <dn> == <suffix>,
+ * all the targets are candidates (search ...)
+ * - the dn is a branch suffix: <dn> == <branch X>,<suffix>, or
+ * - the dn is a subtree of a branch suffix:
+ * <dn> == <rdn>,<branch X>,<suffix>,
+ * the target is the only candidate.
+ *
+ * A possible extension will include the handling of multiple suffixes
+ */
+
+
+/*
+ * returns 1 if suffix is candidate for dn, otherwise 0
+ *
+ * Note: this function should never be called if dn is the <suffix>.
+ */
+int
+meta_back_is_candidate(
+ metatarget_t *mt,
+ struct berval *ndn,
+ int scope )
+{
+ if ( dnIsSuffix( ndn, &mt->mt_nsuffix ) ) {
+ if ( mt->mt_subtree_exclude ) {
+ int i;
+
+ for ( i = 0; !BER_BVISNULL( &mt->mt_subtree_exclude[ i ] ); i++ ) {
+ if ( dnIsSuffix( ndn, &mt->mt_subtree_exclude[ i ] ) ) {
+ return META_NOT_CANDIDATE;
+ }
+ }
+ }
+
+ switch ( mt->mt_scope ) {
+ case LDAP_SCOPE_SUBTREE:
+ default:
+ return META_CANDIDATE;
+
+ case LDAP_SCOPE_SUBORDINATE:
+ if ( ndn->bv_len > mt->mt_nsuffix.bv_len ) {
+ return META_CANDIDATE;
+ }
+ break;
+
+ /* nearly useless; not allowed by config */
+ case LDAP_SCOPE_ONELEVEL:
+ if ( ndn->bv_len > mt->mt_nsuffix.bv_len ) {
+ struct berval rdn = *ndn;
+
+ rdn.bv_len -= mt->mt_nsuffix.bv_len
+ + STRLENOF( "," );
+ if ( dnIsOneLevelRDN( &rdn ) ) {
+ return META_CANDIDATE;
+ }
+ }
+ break;
+
+ /* nearly useless; not allowed by config */
+ case LDAP_SCOPE_BASE:
+ if ( ndn->bv_len == mt->mt_nsuffix.bv_len ) {
+ return META_CANDIDATE;
+ }
+ break;
+ }
+
+ return META_NOT_CANDIDATE;
+ }
+
+ if ( scope == LDAP_SCOPE_SUBTREE && dnIsSuffix( &mt->mt_nsuffix, ndn ) ) {
+ /*
+ * suffix longer than dn, but common part matches
+ */
+ return META_CANDIDATE;
+ }
+
+ return META_NOT_CANDIDATE;
+}
+
+/*
+ * meta_back_select_unique_candidate
+ *
+ * returns the index of the candidate in case it is unique, otherwise
+ * META_TARGET_NONE if none matches, or
+ * META_TARGET_MULTIPLE if more than one matches
+ * Note: ndn MUST be normalized.
+ */
+int
+meta_back_select_unique_candidate(
+ metainfo_t *mi,
+ struct berval *ndn )
+{
+ int i, candidate = META_TARGET_NONE;
+
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ metatarget_t *mt = mi->mi_targets[ i ];
+
+ if ( meta_back_is_candidate( mt, ndn, LDAP_SCOPE_BASE ) ) {
+ if ( candidate == META_TARGET_NONE ) {
+ candidate = i;
+
+ } else {
+ return META_TARGET_MULTIPLE;
+ }
+ }
+ }
+
+ return candidate;
+}
+
+/*
+ * meta_clear_unused_candidates
+ *
+ * clears all candidates except candidate
+ */
+int
+meta_clear_unused_candidates(
+ Operation *op,
+ int candidate )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ int i;
+ SlapReply *candidates = meta_back_candidates_get( op );
+
+ for ( i = 0; i < mi->mi_ntargets; ++i ) {
+ if ( i == candidate ) {
+ continue;
+ }
+ META_CANDIDATE_RESET( &candidates[ i ] );
+ }
+
+ return 0;
+}
+
+/*
+ * meta_clear_one_candidate
+ *
+ * clears the selected candidate
+ */
+int
+meta_clear_one_candidate(
+ Operation *op,
+ metaconn_t *mc,
+ int candidate )
+{
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+
+ if ( msc->msc_ld != NULL ) {
+
+#ifdef DEBUG_205
+ char buf[ BUFSIZ ];
+
+ snprintf( buf, sizeof( buf ), "meta_clear_one_candidate ldap_unbind_ext[%d] mc=%p ld=%p",
+ candidate, (void *)mc, (void *)msc->msc_ld );
+ Debug( LDAP_DEBUG_ANY, "### %s %s\n",
+ op ? op->o_log_prefix : "", buf, 0 );
+#endif /* DEBUG_205 */
+
+ ldap_unbind_ext( msc->msc_ld, NULL, NULL );
+ msc->msc_ld = NULL;
+ }
+
+ if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
+ ber_memfree_x( msc->msc_bound_ndn.bv_val, NULL );
+ BER_BVZERO( &msc->msc_bound_ndn );
+ }
+
+ if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+ memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
+ ber_memfree_x( msc->msc_cred.bv_val, NULL );
+ BER_BVZERO( &msc->msc_cred );
+ }
+
+ msc->msc_mscflags = 0;
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/compare.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/compare.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/compare.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,155 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/compare.c,v 1.30.2.16 2007/01/13 11:19:07 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+
+int
+meta_back_compare( Operation *op, SlapReply *rs )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metatarget_t *mt;
+ metaconn_t *mc;
+ int rc = 0;
+ int candidate = -1;
+ struct berval mdn = BER_BVNULL;
+ dncookie dc;
+ struct berval mapped_attr = op->orc_ava->aa_desc->ad_cname;
+ struct berval mapped_value = op->orc_ava->aa_value;
+ int msgid;
+ int do_retry = 1;
+ LDAPControl **ctrls = NULL;
+
+ mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
+ if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
+ return rs->sr_err;
+ }
+
+ assert( mc->mc_conns[ candidate ].msc_ld != NULL );
+
+ /*
+ * Rewrite the modify dn, if needed
+ */
+ mt = mi->mi_targets[ candidate ];
+ dc.target = mt;
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "compareDN";
+
+ switch ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+ case LDAP_UNWILLING_TO_PERFORM:
+ rc = 1;
+ goto cleanup;
+
+ default:
+ break;
+ }
+
+ /*
+ * if attr is objectClass, try to remap the value
+ */
+ if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass ) {
+ ldap_back_map( &mt->mt_rwmap.rwm_oc,
+ &op->orc_ava->aa_value,
+ &mapped_value, BACKLDAP_MAP );
+
+ if ( BER_BVISNULL( &mapped_value ) || BER_BVISEMPTY( &mapped_value ) ) {
+ goto cleanup;
+ }
+
+ /*
+ * else try to remap the attribute
+ */
+ } else {
+ ldap_back_map( &mt->mt_rwmap.rwm_at,
+ &op->orc_ava->aa_desc->ad_cname,
+ &mapped_attr, BACKLDAP_MAP );
+ if ( BER_BVISNULL( &mapped_attr ) || BER_BVISEMPTY( &mapped_attr ) ) {
+ goto cleanup;
+ }
+
+ if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
+ {
+ dc.ctx = "compareAttrDN";
+
+ switch ( ldap_back_dn_massage( &dc, &op->orc_ava->aa_value, &mapped_value ) )
+ {
+ case LDAP_UNWILLING_TO_PERFORM:
+ rc = 1;
+ goto cleanup;
+
+ default:
+ break;
+ }
+ }
+ }
+
+retry:;
+ ctrls = op->o_ctrls;
+ rc = ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
+ mt->mt_version, &mt->mt_idassert, op, rs, &ctrls );
+ if ( rc != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ rs->sr_err = ldap_compare_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
+ mapped_attr.bv_val, &mapped_value,
+ ctrls, NULL, &msgid );
+
+ rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
+ mt->mt_timeout[ SLAP_OP_COMPARE ], LDAP_BACK_SENDRESULT );
+ if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
+ do_retry = 0;
+ if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
+ /* if the identity changed, there might be need to re-authz */
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ goto retry;
+ }
+ }
+
+cleanup:;
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
+ if ( mdn.bv_val != op->o_req_dn.bv_val ) {
+ free( mdn.bv_val );
+ }
+
+ if ( op->orc_ava->aa_value.bv_val != mapped_value.bv_val ) {
+ free( mapped_value.bv_val );
+ }
+
+ if ( mc ) {
+ meta_back_release_conn( mi, mc );
+ }
+
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/config.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/config.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/config.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1794 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/config.c,v 1.35.2.24 2007/01/27 23:56:43 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "lutil.h"
+#include "../back-ldap/back-ldap.h"
+#undef ldap_debug /* silence a warning in ldap-int.h */
+#include "../../../libraries/libldap/ldap-int.h"
+#include "back-meta.h"
+
+static int
+meta_back_new_target(
+ metatarget_t **mtp )
+{
+ char *rargv[ 3 ];
+ metatarget_t *mt;
+
+ *mtp = NULL;
+
+ mt = ch_calloc( sizeof( metatarget_t ), 1 );
+
+ mt->mt_rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
+ if ( mt->mt_rwmap.rwm_rw == NULL ) {
+ ch_free( mt );
+ return -1;
+ }
+
+ /*
+ * the filter rewrite as a string must be disabled
+ * by default; it can be re-enabled by adding rules;
+ * this creates an empty rewriteContext
+ */
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "searchFilter";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
+
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "default";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
+
+ ldap_pvt_thread_mutex_init( &mt->mt_uri_mutex );
+
+ mt->mt_idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
+ mt->mt_idassert_authmethod = LDAP_AUTH_NONE;
+ mt->mt_idassert_tls = SB_TLS_DEFAULT;
+
+ /* by default, use proxyAuthz control on each operation */
+ mt->mt_idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE;
+
+ *mtp = mt;
+
+ return 0;
+}
+
+static int
+check_true_false( char *str )
+{
+ if ( strcasecmp( str, "true" ) == 0 || strcasecmp( str, "yes" ) == 0 ) {
+ return 1;
+ }
+
+ if ( strcasecmp( str, "false" ) == 0 || strcasecmp( str, "no" ) == 0 ) {
+ return 0;
+ }
+
+ return -1;
+}
+
+
+int
+meta_back_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ metainfo_t *mi = ( metainfo_t * )be->be_private;
+
+ assert( mi != NULL );
+
+ /* URI of server to query */
+ if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
+ int i = mi->mi_ntargets;
+#if 0
+ int j;
+#endif /* uncomment if uri MUST be a branch of suffix */
+ LDAPURLDesc *ludp, *tmpludp;
+ struct berval dn;
+ int rc;
+ int c;
+
+ metatarget_t *mt;
+
+ switch ( argc ) {
+ case 1:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing URI "
+ "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+
+ case 2:
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: too many args "
+ "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( be->be_nsuffix == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: the suffix must be defined before any target.\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ ++mi->mi_ntargets;
+
+ mi->mi_targets = ( metatarget_t ** )ch_realloc( mi->mi_targets,
+ sizeof( metatarget_t * ) * mi->mi_ntargets );
+ if ( mi->mi_targets == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: out of memory while storing server name"
+ " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( meta_back_new_target( &mi->mi_targets[ i ] ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to init server"
+ " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ mt = mi->mi_targets[ i ];
+
+ mt->mt_rebind_f = mi->mi_rebind_f;
+ mt->mt_urllist_p = mt;
+
+ mt->mt_nretries = mi->mi_nretries;
+ mt->mt_quarantine = mi->mi_quarantine;
+ if ( META_BACK_QUARANTINE( mi ) ) {
+ ldap_pvt_thread_mutex_init( &mt->mt_quarantine_mutex );
+ }
+ mt->mt_flags = mi->mi_flags;
+ mt->mt_version = mi->mi_version;
+ mt->mt_network_timeout = mi->mi_network_timeout;
+ mt->mt_bind_timeout = mi->mi_bind_timeout;
+ for ( c = 0; c < SLAP_OP_LAST; c++ ) {
+ mt->mt_timeout[ c ] = mi->mi_timeout[ c ];
+ }
+
+ /*
+ * uri MUST be legal!
+ */
+ if ( ldap_url_parselist_ext( &ludp, argv[ 1 ], "\t" ) != LDAP_SUCCESS )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse URI"
+ " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ /*
+ * uri MUST have the <dn> part!
+ */
+ if ( ludp->lud_dn == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing <naming context> "
+ " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+
+ } else if ( ludp->lud_dn[ 0 ] == '\0' ) {
+ int j = -1;
+
+ for ( j = 0; !BER_BVISNULL( &be->be_nsuffix[ j ] ); j++ ) {
+ if ( BER_BVISEMPTY( &be->be_nsuffix[ j ] ) ) {
+ break;
+ }
+ }
+
+ if ( BER_BVISNULL( &be->be_nsuffix[ j ] ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing <naming context> "
+ " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ }
+
+ /*
+ * copies and stores uri and suffix
+ */
+ ber_str2bv( ludp->lud_dn, 0, 0, &dn );
+ rc = dnPrettyNormal( NULL, &dn, &mt->mt_psuffix,
+ &mt->mt_nsuffix, NULL );
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "target \"%s\" DN is invalid\n",
+ fname, lineno, argv[ 1 ] );
+ return( 1 );
+ }
+
+ ludp->lud_dn[ 0 ] = '\0';
+
+ switch ( ludp->lud_scope ) {
+ case LDAP_SCOPE_DEFAULT:
+ mt->mt_scope = LDAP_SCOPE_SUBTREE;
+ break;
+
+ case LDAP_SCOPE_SUBTREE:
+ case LDAP_SCOPE_SUBORDINATE:
+ mt->mt_scope = ludp->lud_scope;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "invalid scope for target \"%s\"\n",
+ fname, lineno, argv[ 1 ] );
+ return( 1 );
+ }
+
+ /* check all, to apply the scope check on the first one */
+ for ( tmpludp = ludp; tmpludp; tmpludp = tmpludp->lud_next ) {
+ if ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[ 0 ] != '\0' ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "multiple URIs must have "
+ "no DN part\n",
+ fname, lineno, 0 );
+ return( 1 );
+
+ }
+ }
+
+ mt->mt_uri = ldap_url_list2urls( ludp );
+ ldap_free_urllist( ludp );
+ if ( mt->mt_uri == NULL) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ /*
+ * uri MUST be a branch of suffix!
+ */
+#if 0 /* too strict a constraint */
+ if ( select_backend( &mt->mt_nsuffix, 0, 0 ) != be ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: <naming context> of URI does not refer to current backend"
+ " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+#else
+ /*
+ * uri MUST be a branch of a suffix!
+ */
+ if ( select_backend( &mt->mt_nsuffix, 0, 0 ) == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: <naming context> of URI does not resolve to a backend"
+ " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+#endif
+
+ /* subtree-exclude */
+ } else if ( strcasecmp( argv[ 0 ], "subtree-exclude" ) == 0 ) {
+ int i = mi->mi_ntargets - 1;
+ struct berval dn, ndn;
+
+ if ( i < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: need \"uri\" directive first\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ switch ( argc ) {
+ case 1:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing DN in \"subtree-exclude <DN>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+
+ case 2:
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: too many args in \"subtree-exclude <DN>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ ber_str2bv( argv[ 1 ], 0, 0, &dn );
+ if ( dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL )
+ != LDAP_SUCCESS )
+ {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "subtree-exclude DN=\"%s\" is invalid\n",
+ fname, lineno, argv[ 1 ] );
+ return( 1 );
+ }
+
+ if ( !dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_nsuffix ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "subtree-exclude DN=\"%s\" "
+ "must be subtree of target\n",
+ fname, lineno, argv[ 1 ] );
+ ber_memfree( ndn.bv_val );
+ return( 1 );
+ }
+
+ if ( mi->mi_targets[ i ]->mt_subtree_exclude != NULL ) {
+ int j;
+
+ for ( j = 0; !BER_BVISNULL( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ); j++ )
+ {
+ if ( dnIsSuffix( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ], &ndn ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "subtree-exclude DN=\"%s\" "
+ "is suffix of another subtree-exclude\n",
+ fname, lineno, argv[ 1 ] );
+ /* reject, because it might be superior
+ * to more than one subtree-exclude */
+ ber_memfree( ndn.bv_val );
+ return( 1 );
+
+ } else if ( dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "another subtree-exclude is suffix of "
+ "subtree-exclude DN=\"%s\"\n",
+ fname, lineno, argv[ 1 ] );
+ ber_memfree( ndn.bv_val );
+ return( 0 );
+ }
+ }
+ }
+
+ ber_bvarray_add( &mi->mi_targets[ i ]->mt_subtree_exclude, &ndn );
+
+ /* default target directive */
+ } else if ( strcasecmp( argv[ 0 ], "default-target" ) == 0 ) {
+ int i = mi->mi_ntargets - 1;
+
+ if ( argc == 1 ) {
+ if ( i < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"default-target\" alone need be"
+ " inside a \"uri\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ mi->mi_defaulttarget = i;
+
+ } else {
+ if ( strcasecmp( argv[ 1 ], "none" ) == 0 ) {
+ if ( i >= 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"default-target none\""
+ " should go before uri definitions\n",
+ fname, lineno, 0 );
+ }
+ mi->mi_defaulttarget = META_DEFAULT_TARGET_NONE;
+
+ } else {
+
+ if ( lutil_atoi( &mi->mi_defaulttarget, argv[ 1 ] ) != 0
+ || mi->mi_defaulttarget < 0
+ || mi->mi_defaulttarget >= i - 1 )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: illegal target number %d\n",
+ fname, lineno, mi->mi_defaulttarget );
+ return 1;
+ }
+ }
+ }
+
+ /* ttl of dn cache */
+ } else if ( strcasecmp( argv[ 0 ], "dncache-ttl" ) == 0 ) {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing ttl in \"dncache-ttl <ttl>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
+ mi->mi_cache.ttl = META_DNCACHE_FOREVER;
+
+ } else if ( strcasecmp( argv[ 1 ], "disabled" ) == 0 ) {
+ mi->mi_cache.ttl = META_DNCACHE_DISABLED;
+
+ } else {
+ unsigned long t;
+
+ if ( lutil_parse_time( argv[ 1 ], &t ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse ttl \"%s\" in \"dncache-ttl <ttl>\" line\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+ mi->mi_cache.ttl = (time_t)t;
+ }
+
+ /* network timeout when connecting to ldap servers */
+ } else if ( strcasecmp( argv[ 0 ], "network-timeout" ) == 0 ) {
+ unsigned long t;
+ time_t *tp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_network_timeout
+ : &mi->mi_network_timeout;
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing network timeout in \"network-timeout <seconds>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( lutil_parse_time( argv[ 1 ], &t ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse timeout \"%s\" in \"network-timeout <seconds>\" line\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+
+ }
+
+ *tp = (time_t)t;
+
+ /* idle timeout when connecting to ldap servers */
+ } else if ( strcasecmp( argv[ 0 ], "idle-timeout" ) == 0 ) {
+ unsigned long t;
+
+ switch ( argc ) {
+ case 1:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing timeout value in \"idle-timeout <seconds>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ case 2:
+ break;
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: extra cruft after timeout value in \"idle-timeout <seconds>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( lutil_parse_time( argv[ 1 ], &t ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse timeout \"%s\" in \"idle-timeout <seconds>\" line\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+
+ }
+
+ mi->mi_idle_timeout = (time_t)t;
+
+ /* conn ttl */
+ } else if ( strcasecmp( argv[ 0 ], "conn-ttl" ) == 0 ) {
+ unsigned long t;
+
+ switch ( argc ) {
+ case 1:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing ttl value in \"conn-ttl <seconds>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ case 2:
+ break;
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: extra cruft after ttl value in \"conn-ttl <seconds>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( lutil_parse_time( argv[ 1 ], &t ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse ttl \"%s\" in \"conn-ttl <seconds>\" line\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+
+ }
+
+ mi->mi_conn_ttl = (time_t)t;
+
+ /* bind timeout when connecting to ldap servers */
+ } else if ( strcasecmp( argv[ 0 ], "bind-timeout" ) == 0 ) {
+ unsigned long t;
+ struct timeval *tp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_bind_timeout
+ : &mi->mi_bind_timeout;
+
+ switch ( argc ) {
+ case 1:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing timeout value in \"bind-timeout <microseconds>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ case 2:
+ break;
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: extra cruft after timeout value in \"bind-timeout <microseconds>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( lutil_atoul( &t, argv[ 1 ] ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse timeout \"%s\" in \"bind-timeout <microseconds>\" line\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+
+ }
+
+ tp->tv_sec = t/1000000;
+ tp->tv_usec = t%1000000;
+
+ /* name to use for meta_back_group */
+ } else if ( strcasecmp( argv[ 0 ], "acl-authcDN" ) == 0
+ || strcasecmp( argv[ 0 ], "binddn" ) == 0 )
+ {
+ int i = mi->mi_ntargets - 1;
+ struct berval dn;
+
+ if ( i < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: need \"uri\" directive first\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing name in \"binddn <name>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[ 0 ], "binddn" ) == 0 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"binddn\" statement is deprecated; "
+ "use \"acl-authcDN\" instead\n",
+ fname, lineno, 0 );
+ /* FIXME: some day we'll need to throw an error */
+ }
+
+ ber_str2bv( argv[ 1 ], 0, 0, &dn );
+ if ( dnNormalize( 0, NULL, NULL, &dn, &mi->mi_targets[ i ]->mt_binddn,
+ NULL ) != LDAP_SUCCESS )
+ {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "bind DN '%s' is invalid\n",
+ fname, lineno, argv[ 1 ] );
+ return( 1 );
+ }
+
+ /* password to use for meta_back_group */
+ } else if ( strcasecmp( argv[ 0 ], "acl-passwd" ) == 0
+ || strcasecmp( argv[ 0 ], "bindpw" ) == 0 )
+ {
+ int i = mi->mi_ntargets - 1;
+
+ if ( i < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: need \"uri\" directive first\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing password in \"bindpw <password>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[ 0 ], "bindpw" ) == 0 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"bindpw\" statement is deprecated; "
+ "use \"acl-passwd\" instead\n",
+ fname, lineno, 0 );
+ /* FIXME: some day we'll need to throw an error */
+ }
+
+ ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ]->mt_bindpw );
+
+ /* save bind creds for referral rebinds? */
+ } else if ( strcasecmp( argv[ 0 ], "rebind-as-user" ) == 0 ) {
+ if ( argc > 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"rebind-as-user {NO|yes}\" takes 1 argument.\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( argc == 1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: deprecated use of \"rebind-as-user {FALSE|true}\" with no arguments.\n",
+ fname, lineno, 0 );
+ mi->mi_flags |= LDAP_BACK_F_SAVECRED;
+
+ } else {
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 0:
+ mi->mi_flags &= ~LDAP_BACK_F_SAVECRED;
+ break;
+
+ case 1:
+ mi->mi_flags |= LDAP_BACK_F_SAVECRED;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"rebind-as-user {FALSE|true}\" unknown argument \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+ }
+
+ } else if ( strcasecmp( argv[ 0 ], "chase-referrals" ) == 0 ) {
+ unsigned *flagsp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+ : &mi->mi_flags;
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"chase-referrals {TRUE|false}\" needs 1 argument.\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ /* this is the default; we add it because the default might change... */
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 1:
+ *flagsp |= LDAP_BACK_F_CHASE_REFERRALS;
+ break;
+
+ case 0:
+ *flagsp &= ~LDAP_BACK_F_CHASE_REFERRALS;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"chase-referrals {TRUE|false}\": unknown argument \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return( 1 );
+ }
+
+ } else if ( strcasecmp( argv[ 0 ], "tls" ) == 0 ) {
+ unsigned *flagsp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+ : &mi->mi_flags;
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"tls <what>\" needs 1 argument.\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ /* start */
+ if ( strcasecmp( argv[ 1 ], "start" ) == 0 ) {
+ *flagsp |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
+
+ /* try start tls */
+ } else if ( strcasecmp( argv[ 1 ], "try-start" ) == 0 ) {
+ *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
+ *flagsp |= LDAP_BACK_F_USE_TLS;
+
+ /* propagate start tls */
+ } else if ( strcasecmp( argv[ 1 ], "propagate" ) == 0 ) {
+ *flagsp |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
+
+ /* try start tls */
+ } else if ( strcasecmp( argv[ 1 ], "try-propagate" ) == 0 ) {
+ *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
+ *flagsp |= LDAP_BACK_F_PROPAGATE_TLS;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"tls <what>\": unknown argument \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return( 1 );
+ }
+
+ } else if ( strcasecmp( argv[ 0 ], "t-f-support" ) == 0 ) {
+ unsigned *flagsp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+ : &mi->mi_flags;
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"t-f-support {FALSE|true|discover}\" needs 1 argument.\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 0:
+ *flagsp &= ~LDAP_BACK_F_T_F_MASK2;
+ break;
+
+ case 1:
+ *flagsp |= LDAP_BACK_F_T_F;
+ break;
+
+ default:
+ if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
+ *flagsp |= LDAP_BACK_F_T_F_DISCOVER;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+ break;
+ }
+
+ /* onerr? */
+ } else if ( strcasecmp( argv[ 0 ], "onerr" ) == 0 ) {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"onerr {CONTINUE|report|stop}\" takes 1 argument\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( strcasecmp( argv[ 1 ], "continue" ) == 0 ) {
+ mi->mi_flags &= ~META_BACK_F_ONERR_MASK;
+
+ } else if ( strcasecmp( argv[ 1 ], "stop" ) == 0 ) {
+ mi->mi_flags |= META_BACK_F_ONERR_STOP;
+
+ } else if ( strcasecmp( argv[ 1 ], "report" ) == 0 ) {
+ mi->mi_flags |= META_BACK_F_ONERR_REPORT;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"onerr {CONTINUE|report|stop}\": invalid arg \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ /* bind-defer? */
+ } else if ( strcasecmp( argv[ 0 ], "pseudoroot-bind-defer" ) == 0
+ || strcasecmp( argv[ 0 ], "root-bind-defer" ) == 0 )
+ {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\" takes 1 argument\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 0:
+ mi->mi_flags &= ~META_BACK_F_DEFER_ROOTDN_BIND;
+ break;
+
+ case 1:
+ mi->mi_flags |= META_BACK_F_DEFER_ROOTDN_BIND;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\": invalid arg \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ /* single-conn? */
+ } else if ( strcasecmp( argv[ 0 ], "single-conn" ) == 0 ) {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"single-conn {FALSE|true}\" takes 1 argument\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( mi->mi_ntargets > 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"single-conn\" must appear before target definitions\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 0:
+ mi->mi_flags &= ~LDAP_BACK_F_SINGLECONN;
+ break;
+
+ case 1:
+ mi->mi_flags |= LDAP_BACK_F_SINGLECONN;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"single-conn {FALSE|true}\": invalid arg \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ /* use-temporaries? */
+ } else if ( strcasecmp( argv[ 0 ], "use-temporary-conn" ) == 0 ) {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"use-temporary-conn {FALSE|true}\" takes 1 argument\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( mi->mi_ntargets > 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"use-temporary-conn\" must appear before target definitions\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 0:
+ mi->mi_flags &= ~LDAP_BACK_F_USE_TEMPORARIES;
+ break;
+
+ case 1:
+ mi->mi_flags |= LDAP_BACK_F_USE_TEMPORARIES;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"use-temporary-conn {FALSE|true}\": invalid arg \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ /* privileged connections pool max size ? */
+ } else if ( strcasecmp( argv[ 0 ], "conn-pool-max" ) == 0 ) {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"conn-pool-max <n>\" takes 1 argument\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( mi->mi_ntargets > 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"conn-pool-max\" must appear before target definitions\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( lutil_atoi( &mi->mi_conn_priv_max, argv[1] )
+ || mi->mi_conn_priv_max < LDAP_BACK_CONN_PRIV_MIN
+ || mi->mi_conn_priv_max > LDAP_BACK_CONN_PRIV_MAX )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"conn-pool-max <n>\": invalid arg \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ } else if ( strcasecmp( argv[ 0 ], "cancel" ) == 0 ) {
+ unsigned flag = 0;
+ unsigned *flagsp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+ : &mi->mi_flags;
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"cancel {abandon|ignore|exop}\" takes 1 argument\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( strcasecmp( argv[ 1 ], "abandon" ) == 0 ) {
+ flag = LDAP_BACK_F_CANCEL_ABANDON;
+
+#if 0 /* needs ldap_int_discard(), 2.4 */
+ } else if ( strcasecmp( argv[ 1 ], "ignore" ) == 0 ) {
+ flag = LDAP_BACK_F_CANCEL_IGNORE;
+#endif
+
+ } else if ( strcasecmp( argv[ 1 ], "exop" ) == 0 ) {
+ flag = LDAP_BACK_F_CANCEL_EXOP;
+
+ } else if ( strcasecmp( argv[ 1 ], "exop-discover" ) == 0 ) {
+ flag = LDAP_BACK_F_CANCEL_EXOP_DISCOVER;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"cancel {abandon|ignore|exop[-discover]}\": unknown mode \"%s\" \n",
+ fname, lineno, argv[ 1 ] );
+ return( 1 );
+ }
+
+ *flagsp &= ~LDAP_BACK_F_CANCEL_MASK2;
+ *flagsp |= flag;
+
+ } else if ( strcasecmp( argv[ 0 ], "timeout" ) == 0 ) {
+ char *sep;
+ time_t *tv = mi->mi_ntargets ?
+ mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_timeout
+ : mi->mi_timeout;
+ int c;
+
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"timeout [{add|bind|delete|modify|modrdn}=]<val> [...]\" takes at least 1 argument\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ for ( c = 1; c < argc; c++ ) {
+ time_t *t = NULL;
+ unsigned long val;
+
+ sep = strchr( argv[ c ], '=' );
+ if ( sep != NULL ) {
+ size_t len = sep - argv[ c ];
+
+ if ( strncasecmp( argv[ c ], "bind", len ) == 0 ) {
+ t = &tv[ SLAP_OP_BIND ];
+ /* unbind makes little sense */
+ } else if ( strncasecmp( argv[ c ], "add", len ) == 0 ) {
+ t = &tv[ SLAP_OP_ADD ];
+ } else if ( strncasecmp( argv[ c ], "delete", len ) == 0 ) {
+ t = &tv[ SLAP_OP_DELETE ];
+ } else if ( strncasecmp( argv[ c ], "modrdn", len ) == 0 ) {
+ t = &tv[ SLAP_OP_MODRDN ];
+ } else if ( strncasecmp( argv[ c ], "modify", len ) == 0 ) {
+ t = &tv[ SLAP_OP_MODIFY ];
+ } else if ( strncasecmp( argv[ c ], "compare", len ) == 0 ) {
+ t = &tv[ SLAP_OP_COMPARE ];
+ } else if ( strncasecmp( argv[ c ], "search", len ) == 0 ) {
+ t = &tv[ SLAP_OP_SEARCH ];
+ /* abandon makes little sense */
+#if 0 /* not implemented yet */
+ } else if ( strncasecmp( argv[ c ], "extended", len ) == 0 ) {
+ t = &tv[ SLAP_OP_EXTENDED ];
+#endif
+ } else {
+ char buf[ SLAP_TEXT_BUFLEN ];
+ snprintf( buf, sizeof( buf ),
+ "unknown/unhandled operation \"%s\" for timeout #%d",
+ argv[ c ], c - 1 );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: %s.\n",
+ fname, lineno, buf );
+ return 1;
+ }
+ sep++;
+
+ } else {
+ sep = argv[ c ];
+ }
+
+ if ( lutil_parse_time( sep, &val ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse value \"%s\" for timeout.\n",
+ fname, lineno, sep );
+ return 1;
+ }
+
+ if ( t ) {
+ *t = (time_t)val;
+
+ } else {
+ int i;
+
+ for ( i = 0; i < SLAP_OP_LAST; i++ ) {
+ tv[ i ] = (time_t)val;
+ }
+ }
+ }
+
+ /* name to use as pseudo-root dn */
+ } else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
+ int i = mi->mi_ntargets - 1;
+
+ if ( i < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: need \"uri\" directive first\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing name in \"pseudorootdn <name>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ /*
+ * exact replacement:
+ *
+
+idassert-bind bindmethod=simple
+ binddn=<pseudorootdn>
+ credentials=<pseudorootpw>
+ mode=none
+ flags=non-prescriptive
+idassert-authzFrom "dn:<rootdn>"
+
+ * so that only when authc'd as <rootdn> the proxying occurs
+ * rebinding as the <pseudorootdn> without proxyAuthz.
+ */
+
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"pseudorootdn\", \"pseudorootpw\" are no longer supported; "
+ "use \"idassert-bind\" and \"idassert-authzFrom\" instead.\n",
+ fname, lineno, 0 );
+
+ {
+ char binddn[ SLAP_TEXT_BUFLEN ];
+ char *cargv[] = {
+ "idassert-bind",
+ "bindmethod=simple",
+ NULL,
+ "mode=none",
+ "flags=non-prescriptive",
+ NULL
+ };
+ int cargc = 5;
+ int rc;
+
+ if ( BER_BVISNULL( &be->be_rootndn ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootpw\": \"rootdn\" must be defined first.\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( snprintf( binddn, sizeof( binddn ), "binddn=%s", argv[ 1 ] ) >= sizeof( binddn ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootdn\" too long.\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ cargv[ 2 ] = binddn;
+
+ rc = slap_idassert_parse_cf( fname, lineno, cargc, cargv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
+ if ( rc == 0 ) {
+ struct berval bv;
+
+ if ( mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz != NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: \"idassert-authzFrom\" already defined (discarded).\n",
+ fname, lineno, 0 );
+ ber_bvarray_free( mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz );
+ mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz = NULL;
+ }
+
+ assert( !BER_BVISNULL( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authcDN ) );
+
+ bv.bv_len = STRLENOF( "dn:" ) + be->be_rootndn.bv_len;
+ bv.bv_val = ber_memalloc( bv.bv_len + 1 );
+ AC_MEMCPY( bv.bv_val, "dn:", STRLENOF( "dn:" ) );
+ AC_MEMCPY( &bv.bv_val[ STRLENOF( "dn:" ) ], be->be_rootndn.bv_val, be->be_rootndn.bv_len + 1 );
+
+ ber_bvarray_add( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz, &bv );
+ }
+
+ return rc;
+ }
+
+ /* password to use as pseudo-root */
+ } else if ( strcasecmp( argv[ 0 ], "pseudorootpw" ) == 0 ) {
+ int i = mi->mi_ntargets - 1;
+
+ if ( i < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: need \"uri\" directive first\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing password in \"pseudorootpw <password>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"pseudorootdn\", \"pseudorootpw\" are no longer supported; "
+ "use \"idassert-bind\" and \"idassert-authzFrom\" instead.\n",
+ fname, lineno, 0 );
+
+ if ( BER_BVISNULL( &mi->mi_targets[ i ]->mt_idassert_authcDN ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootpw\": \"pseudorootdn\" must be defined first.\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( !BER_BVISNULL( &mi->mi_targets[ i ]->mt_idassert_passwd ) ) {
+ memset( mi->mi_targets[ i ]->mt_idassert_passwd.bv_val, 0,
+ mi->mi_targets[ i ]->mt_idassert_passwd.bv_len );
+ ber_memfree( mi->mi_targets[ i ]->mt_idassert_passwd.bv_val );
+ }
+ ber_str2bv( argv[ 1 ], 0, 1, &mi->mi_targets[ i ]->mt_idassert_passwd );
+
+ /* idassert-bind */
+ } else if ( strcasecmp( argv[ 0 ], "idassert-bind" ) == 0 ) {
+ if ( mi->mi_ntargets == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"idassert-bind\" "
+ "must appear inside a target specification.\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ return slap_idassert_parse_cf( fname, lineno, argc, argv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
+
+ /* idassert-authzFrom */
+ } else if ( strcasecmp( argv[ 0 ], "idassert-authzFrom" ) == 0 ) {
+ if ( mi->mi_ntargets == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"idassert-bind\" "
+ "must appear inside a target specification.\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ switch ( argc ) {
+ case 2:
+ break;
+
+ case 1:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing <id> in \"idassert-authzFrom <id>\".\n",
+ fname, lineno, 0 );
+ return 1;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: extra cruft after <id> in \"idassert-authzFrom <id>\".\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ return slap_idassert_authzfrom_parse_cf( fname, lineno, argv[ 1 ], &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
+
+ /* quarantine */
+ } else if ( strcasecmp( argv[ 0 ], "quarantine" ) == 0 ) {
+ char buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
+ slap_retry_info_t *ri = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine
+ : &mi->mi_quarantine;
+
+ if ( ( mi->mi_ntargets == 0 && META_BACK_QUARANTINE( mi ) )
+ || ( mi->mi_ntargets > 0 && META_BACK_TGT_QUARANTINE( mi->mi_targets[ mi->mi_ntargets - 1 ] ) ) )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: quarantine already defined.\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ switch ( argc ) {
+ case 2:
+ break;
+
+ case 1:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing arg in \"quarantine <pattern list>\".\n",
+ fname, lineno, 0 );
+ return 1;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: extra cruft after \"quarantine <pattern list>\".\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( ri != &mi->mi_quarantine ) {
+ ri->ri_interval = NULL;
+ ri->ri_num = NULL;
+ }
+
+ if ( mi->mi_ntargets > 0 && !META_BACK_QUARANTINE( mi ) ) {
+ ldap_pvt_thread_mutex_init( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine_mutex );
+ }
+
+ if ( slap_retry_info_parse( argv[ 1 ], ri, buf, sizeof( buf ) ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s line %d: %s.\n",
+ fname, lineno, buf );
+ return 1;
+ }
+
+ if ( mi->mi_ntargets ) {
+ mi->mi_flags |= LDAP_BACK_F_QUARANTINE;
+
+ } else {
+ mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags |= LDAP_BACK_F_QUARANTINE;
+ }
+
+ /* dn massaging */
+ } else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
+ BackendDB *tmp_be;
+ int i = mi->mi_ntargets - 1, rc;
+ struct berval dn, nvnc, pvnc, nrnc, prnc;
+
+ if ( i < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: need \"uri\" directive first\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ /*
+ * syntax:
+ *
+ * suffixmassage <suffix> <massaged suffix>
+ *
+ * the <suffix> field must be defined as a valid suffix
+ * (or suffixAlias?) for the current database;
+ * the <massaged suffix> shouldn't have already been
+ * defined as a valid suffix or suffixAlias for the
+ * current server
+ */
+ if ( argc != 3 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: syntax is \"suffixMassage <suffix> <massaged suffix>\"\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ ber_str2bv( argv[ 1 ], 0, 0, &dn );
+ if ( dnPrettyNormal( NULL, &dn, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "suffix '%s' is invalid\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ tmp_be = select_backend( &nvnc, 0, 0 );
+ if ( tmp_be != NULL && tmp_be != be ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: suffix already in use by another backend in"
+ " \"suffixMassage <suffix> <massaged suffix>\"\n",
+ fname, lineno, 0 );
+ free( pvnc.bv_val );
+ free( nvnc.bv_val );
+ return 1;
+ }
+
+ ber_str2bv( argv[ 2 ], 0, 0, &dn );
+ if ( dnPrettyNormal( NULL, &dn, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "massaged suffix '%s' is invalid\n",
+ fname, lineno, argv[ 2 ] );
+ free( pvnc.bv_val );
+ free( nvnc.bv_val );
+ return 1;
+ }
+
+#if 0
+ tmp_be = select_backend( &nrnc, 0, 0 );
+ if ( tmp_be != NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: massaged suffix already in use by another backend in"
+ " \"suffixMassage <suffix> <massaged suffix>\"\n",
+ fname, lineno, 0 );
+ free( pvnc.bv_val );
+ free( nvnc.bv_val );
+ free( prnc.bv_val );
+ free( nrnc.bv_val );
+ return 1;
+ }
+#endif
+
+ /*
+ * The suffix massaging is emulated by means of the
+ * rewrite capabilities
+ * FIXME: no extra rewrite capabilities should be added
+ * to the database
+ */
+ rc = suffix_massage_config( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
+ &pvnc, &nvnc, &prnc, &nrnc );
+
+ free( pvnc.bv_val );
+ free( nvnc.bv_val );
+ free( prnc.bv_val );
+ free( nrnc.bv_val );
+
+ return rc;
+
+ /* rewrite stuff ... */
+ } else if ( strncasecmp( argv[ 0 ], "rewrite", 7 ) == 0 ) {
+ int i = mi->mi_ntargets - 1;
+
+ if ( i < 0 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: \"rewrite\" "
+ "statement outside target definition.\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ return rewrite_parse( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
+ fname, lineno, argc, argv );
+
+ /* objectclass/attribute mapping */
+ } else if ( strcasecmp( argv[ 0 ], "map" ) == 0 ) {
+ int i = mi->mi_ntargets - 1;
+
+ if ( i < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: need \"uri\" directive first\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ return ldap_back_map_config( &mi->mi_targets[ i ]->mt_rwmap.rwm_oc,
+ &mi->mi_targets[ i ]->mt_rwmap.rwm_at,
+ fname, lineno, argc, argv );
+
+ } else if ( strcasecmp( argv[ 0 ], "nretries" ) == 0 ) {
+ int i = mi->mi_ntargets - 1;
+ int nretries = META_RETRY_UNDEFINED;
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: need value in \"nretries <value>\"\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
+ nretries = META_RETRY_FOREVER;
+
+ } else if ( strcasecmp( argv[ 1 ], "never" ) == 0 ) {
+ nretries = META_RETRY_NEVER;
+
+ } else {
+ if ( lutil_atoi( &nretries, argv[ 1 ] ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse value \"%s\" in \"nretries <value>\"\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+ }
+
+ if ( i < 0 ) {
+ mi->mi_nretries = nretries;
+
+ } else {
+ mi->mi_targets[ i ]->mt_nretries = nretries;
+ }
+
+ } else if ( strcasecmp( argv[ 0 ], "protocol-version" ) == 0 ) {
+ int *version = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_version
+ : &mi->mi_version;
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: need value in \"protocol-version <version>\"\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( lutil_atoi( version, argv[ 1 ] ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse version \"%s\" in \"protocol-version <version>\"\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ if ( *version != 0 && ( *version < LDAP_VERSION_MIN || *version > LDAP_VERSION_MAX ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unsupported version \"%s\" in \"protocol-version <version>\"\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ /* anything else */
+ } else {
+ return SLAP_CONF_UNKNOWN;
+ }
+ return 0;
+}
+
+int
+ldap_back_map_config(
+ struct ldapmap *oc_map,
+ struct ldapmap *at_map,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+ struct ldapmap *map;
+ struct ldapmapping *mapping;
+ char *src, *dst;
+ int is_oc = 0;
+
+ if ( argc < 3 || argc > 4 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: syntax is \"map {objectclass | attribute} [<local> | *] {<foreign> | *}\"\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[ 1 ], "objectclass" ) == 0 ) {
+ map = oc_map;
+ is_oc = 1;
+
+ } else if ( strcasecmp( argv[ 1 ], "attribute" ) == 0 ) {
+ map = at_map;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: syntax is "
+ "\"map {objectclass | attribute} [<local> | *] "
+ "{<foreign> | *}\"\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcmp( argv[ 2 ], "*" ) == 0 ) {
+ if ( argc < 4 || strcmp( argv[ 3 ], "*" ) == 0 ) {
+ map->drop_missing = ( argc < 4 );
+ goto success_return;
+ }
+ src = dst = argv[ 3 ];
+
+ } else if ( argc < 4 ) {
+ src = "";
+ dst = argv[ 2 ];
+
+ } else {
+ src = argv[ 2 ];
+ dst = ( strcmp( argv[ 3 ], "*" ) == 0 ? src : argv[ 3 ] );
+ }
+
+ if ( ( map == at_map )
+ && ( strcasecmp( src, "objectclass" ) == 0
+ || strcasecmp( dst, "objectclass" ) == 0 ) )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: objectclass attribute cannot be mapped\n",
+ fname, lineno, 0 );
+ }
+
+ mapping = (struct ldapmapping *)ch_calloc( 2,
+ sizeof(struct ldapmapping) );
+ if ( mapping == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: out of memory\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ ber_str2bv( src, 0, 1, &mapping[ 0 ].src );
+ ber_str2bv( dst, 0, 1, &mapping[ 0 ].dst );
+ mapping[ 1 ].src = mapping[ 0 ].dst;
+ mapping[ 1 ].dst = mapping[ 0 ].src;
+
+ /*
+ * schema check
+ */
+ if ( is_oc ) {
+ if ( src[ 0 ] != '\0' ) {
+ if ( oc_bvfind( &mapping[ 0 ].src ) == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: warning, source objectClass '%s' "
+ "should be defined in schema\n",
+ fname, lineno, src );
+
+ /*
+ * FIXME: this should become an err
+ */
+ goto error_return;
+ }
+ }
+
+ if ( oc_bvfind( &mapping[ 0 ].dst ) == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: warning, destination objectClass '%s' "
+ "is not defined in schema\n",
+ fname, lineno, dst );
+ }
+ } else {
+ int rc;
+ const char *text = NULL;
+ AttributeDescription *ad = NULL;
+
+ if ( src[ 0 ] != '\0' ) {
+ rc = slap_bv2ad( &mapping[ 0 ].src, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: warning, source attributeType '%s' "
+ "should be defined in schema\n",
+ fname, lineno, src );
+
+ /*
+ * FIXME: this should become an err
+ */
+ /*
+ * we create a fake "proxied" ad
+ * and add it here.
+ */
+
+ rc = slap_bv2undef_ad( &mapping[ 0 ].src,
+ &ad, &text, SLAP_AD_PROXIED );
+ if ( rc != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "source attributeType \"%s\": %d (%s)",
+ src, rc, text ? text : "" );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: %s\n",
+ fname, lineno, buf );
+ goto error_return;
+ }
+ }
+
+ ad = NULL;
+ }
+
+ rc = slap_bv2ad( &mapping[ 0 ].dst, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: warning, destination attributeType '%s' "
+ "is not defined in schema\n",
+ fname, lineno, dst );
+
+ /*
+ * we create a fake "proxied" ad
+ * and add it here.
+ */
+
+ rc = slap_bv2undef_ad( &mapping[ 0 ].dst,
+ &ad, &text, SLAP_AD_PROXIED );
+ if ( rc != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "source attributeType \"%s\": %d (%s)\n",
+ dst, rc, text ? text : "" );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: %s\n",
+ fname, lineno, buf );
+ return 1;
+ }
+ }
+ }
+
+ if ( (src[ 0 ] != '\0' && avl_find( map->map, (caddr_t)&mapping[ 0 ], mapping_cmp ) != NULL)
+ || avl_find( map->remap, (caddr_t)&mapping[ 1 ], mapping_cmp ) != NULL)
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: duplicate mapping found.\n",
+ fname, lineno, 0 );
+ goto error_return;
+ }
+
+ if ( src[ 0 ] != '\0' ) {
+ avl_insert( &map->map, (caddr_t)&mapping[ 0 ],
+ mapping_cmp, mapping_dup );
+ }
+ avl_insert( &map->remap, (caddr_t)&mapping[ 1 ],
+ mapping_cmp, mapping_dup );
+
+success_return:;
+ if ( !is_oc && map->map == NULL ) {
+ /* only init if required */
+ ldap_back_map_init( map, &mapping );
+ }
+
+ return 0;
+
+error_return:;
+ if ( mapping ) {
+ ch_free( mapping[ 0 ].src.bv_val );
+ ch_free( mapping[ 0 ].dst.bv_val );
+ ch_free( mapping );
+ }
+
+ return 1;
+}
+
+
+#ifdef ENABLE_REWRITE
+static char *
+suffix_massage_regexize( const char *s )
+{
+ char *res, *ptr;
+ const char *p, *r;
+ int i;
+
+ if ( s[ 0 ] == '\0' ) {
+ return ch_strdup( "^(.+)$" );
+ }
+
+ for ( i = 0, p = s;
+ ( r = strchr( p, ',' ) ) != NULL;
+ p = r + 1, i++ )
+ ;
+
+ res = ch_calloc( sizeof( char ),
+ strlen( s )
+ + STRLENOF( "((.+),)?" )
+ + STRLENOF( "[ ]?" ) * i
+ + STRLENOF( "$" ) + 1 );
+
+ ptr = lutil_strcopy( res, "((.+),)?" );
+ for ( i = 0, p = s;
+ ( r = strchr( p, ',' ) ) != NULL;
+ p = r + 1 , i++ ) {
+ ptr = lutil_strncopy( ptr, p, r - p + 1 );
+ ptr = lutil_strcopy( ptr, "[ ]?" );
+
+ if ( r[ 1 ] == ' ' ) {
+ r++;
+ }
+ }
+ ptr = lutil_strcopy( ptr, p );
+ ptr[ 0 ] = '$';
+ ptr++;
+ ptr[ 0 ] = '\0';
+
+ return res;
+}
+
+static char *
+suffix_massage_patternize( const char *s, const char *p )
+{
+ ber_len_t len;
+ char *res, *ptr;
+
+ len = strlen( p );
+
+ if ( s[ 0 ] == '\0' ) {
+ len++;
+ }
+
+ res = ch_calloc( sizeof( char ), len + STRLENOF( "%1" ) + 1 );
+ if ( res == NULL ) {
+ return NULL;
+ }
+
+ ptr = lutil_strcopy( res, ( p[ 0 ] == '\0' ? "%2" : "%1" ) );
+ if ( s[ 0 ] == '\0' ) {
+ ptr[ 0 ] = ',';
+ ptr++;
+ }
+ lutil_strcopy( ptr, p );
+
+ return res;
+}
+
+int
+suffix_massage_config(
+ struct rewrite_info *info,
+ struct berval *pvnc,
+ struct berval *nvnc,
+ struct berval *prnc,
+ struct berval *nrnc
+)
+{
+ char *rargv[ 5 ];
+ int line = 0;
+
+ rargv[ 0 ] = "rewriteEngine";
+ rargv[ 1 ] = "on";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
+
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "default";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
+
+ rargv[ 0 ] = "rewriteRule";
+ rargv[ 1 ] = suffix_massage_regexize( pvnc->bv_val );
+ rargv[ 2 ] = suffix_massage_patternize( pvnc->bv_val, prnc->bv_val );
+ rargv[ 3 ] = ":";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+ ch_free( rargv[ 1 ] );
+ ch_free( rargv[ 2 ] );
+
+ if ( BER_BVISEMPTY( pvnc ) ) {
+ rargv[ 0 ] = "rewriteRule";
+ rargv[ 1 ] = "^$";
+ rargv[ 2 ] = prnc->bv_val;
+ rargv[ 3 ] = ":";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+ }
+
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "searchEntryDN";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
+
+ rargv[ 0 ] = "rewriteRule";
+ rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val );
+ rargv[ 2 ] = suffix_massage_patternize( prnc->bv_val, pvnc->bv_val );
+ rargv[ 3 ] = ":";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+ ch_free( rargv[ 1 ] );
+ ch_free( rargv[ 2 ] );
+
+ if ( BER_BVISEMPTY( prnc ) ) {
+ rargv[ 0 ] = "rewriteRule";
+ rargv[ 1 ] = "^$";
+ rargv[ 2 ] = pvnc->bv_val;
+ rargv[ 3 ] = ":";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+ }
+
+ /* backward compatibility */
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "searchResult";
+ rargv[ 2 ] = "alias";
+ rargv[ 3 ] = "searchEntryDN";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "matchedDN";
+ rargv[ 2 ] = "alias";
+ rargv[ 3 ] = "searchEntryDN";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "searchAttrDN";
+ rargv[ 2 ] = "alias";
+ rargv[ 3 ] = "searchEntryDN";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+
+ /* NOTE: this corresponds to #undef'ining RWM_REFERRAL_REWRITE;
+ * see servers/slapd/overlays/rwm.h for details */
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "referralAttrDN";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
+
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "referralDN";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
+
+ return 0;
+}
+#endif /* ENABLE_REWRITE */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/conn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/conn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/conn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1809 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/conn.c,v 1.31.2.28 2007/01/27 23:56:43 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+
+
+#define AVL_INTERNAL
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+
+/*
+ * meta_back_conndn_cmp
+ *
+ * compares two struct metaconn based on the value of the conn pointer
+ * and of the local DN; used by avl stuff
+ */
+int
+meta_back_conndn_cmp(
+ const void *c1,
+ const void *c2 )
+{
+ metaconn_t *mc1 = ( metaconn_t * )c1;
+ metaconn_t *mc2 = ( metaconn_t * )c2;
+ int rc;
+
+ /* If local DNs don't match, it is definitely not a match */
+ /* For shared sessions, conn is NULL. Only explicitly
+ * bound sessions will have non-NULL conn.
+ */
+ rc = SLAP_PTRCMP( mc1->mc_conn, mc2->mc_conn );
+ if ( rc == 0 ) {
+ rc = ber_bvcmp( &mc1->mc_local_ndn, &mc2->mc_local_ndn );
+ }
+
+ return rc;
+}
+
+/*
+ * meta_back_conndnmc_cmp
+ *
+ * compares two struct metaconn based on the value of the conn pointer,
+ * the local DN and the struct pointer; used by avl stuff
+ */
+static int
+meta_back_conndnmc_cmp(
+ const void *c1,
+ const void *c2 )
+{
+ metaconn_t *mc1 = ( metaconn_t * )c1;
+ metaconn_t *mc2 = ( metaconn_t * )c2;
+ int rc;
+
+ /* If local DNs don't match, it is definitely not a match */
+ /* For shared sessions, conn is NULL. Only explicitly
+ * bound sessions will have non-NULL conn.
+ */
+ rc = SLAP_PTRCMP( mc1->mc_conn, mc2->mc_conn );
+ if ( rc == 0 ) {
+ rc = ber_bvcmp( &mc1->mc_local_ndn, &mc2->mc_local_ndn );
+ if ( rc == 0 ) {
+ rc = SLAP_PTRCMP( mc1, mc2 );
+ }
+ }
+
+ return rc;
+}
+
+/*
+ * meta_back_conn_cmp
+ *
+ * compares two struct metaconn based on the value of the conn pointer;
+ * used by avl stuff
+ */
+int
+meta_back_conn_cmp(
+ const void *c1,
+ const void *c2 )
+{
+ metaconn_t *mc1 = ( metaconn_t * )c1;
+ metaconn_t *mc2 = ( metaconn_t * )c2;
+
+ /* For shared sessions, conn is NULL. Only explicitly
+ * bound sessions will have non-NULL conn.
+ */
+ return SLAP_PTRCMP( mc1->mc_conn, mc2->mc_conn );
+}
+
+/*
+ * meta_back_conndn_dup
+ *
+ * returns -1 in case a duplicate struct metaconn has been inserted;
+ * used by avl stuff
+ */
+int
+meta_back_conndn_dup(
+ void *c1,
+ void *c2 )
+{
+ metaconn_t *mc1 = ( metaconn_t * )c1;
+ metaconn_t *mc2 = ( metaconn_t * )c2;
+
+ /* Cannot have more than one shared session with same DN */
+ if ( mc1->mc_conn == mc2->mc_conn &&
+ dn_match( &mc1->mc_local_ndn, &mc2->mc_local_ndn ) )
+ {
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * Debug stuff (got it from libavl)
+ */
+#if META_BACK_PRINT_CONNTREE > 0
+static void
+meta_back_ravl_print( Avlnode *root, int depth )
+{
+ int i;
+ metaconn_t *mc;
+
+ if ( root == 0 ) {
+ return;
+ }
+
+ meta_back_ravl_print( root->avl_right, depth + 1 );
+
+ for ( i = 0; i < depth; i++ ) {
+ fprintf( stderr, "-" );
+ }
+
+ mc = (metaconn_t *)root->avl_data;
+ fprintf( stderr, "mc=%p local=\"%s\" conn=%p %s refcnt=%d%s\n",
+ (void *)mc,
+ mc->mc_local_ndn.bv_val ? mc->mc_local_ndn.bv_val : "",
+ (void *)mc->mc_conn,
+ avl_bf2str( root->avl_bf ), mc->mc_refcnt,
+ LDAP_BACK_CONN_TAINTED( mc ) ? " tainted" : "" );
+
+ meta_back_ravl_print( root->avl_left, depth + 1 );
+}
+
+/* NOTE: duplicate from back-ldap/bind.c */
+static char* priv2str[] = {
+ "privileged",
+ "privileged/TLS",
+ "anonymous",
+ "anonymous/TLS",
+ "bind",
+ "bind/TLS",
+ NULL
+};
+
+void
+meta_back_print_conntree( metainfo_t *mi, char *msg )
+{
+ int c;
+
+ fprintf( stderr, "========> %s\n", msg );
+
+ for ( c = LDAP_BACK_PCONN_FIRST; c < LDAP_BACK_PCONN_LAST; c++ ) {
+ int i = 0;
+ metaconn_t *mc;
+
+ fprintf( stderr, " %s[%d]\n", priv2str[ c ], mi->mi_conn_priv[ c ].mic_num );
+
+ LDAP_TAILQ_FOREACH( mc, &mi->mi_conn_priv[ c ].mic_priv, mc_q )
+ {
+ fprintf( stderr, " [%d] mc=%p local=\"%s\" conn=%p refcnt=%d flags=0x%08x\n",
+ i,
+ (void *)mc,
+ mc->mc_local_ndn.bv_val ? mc->mc_local_ndn.bv_val : "",
+ (void *)mc->mc_conn, mc->mc_refcnt, mc->msc_mscflags );
+ i++;
+ }
+ }
+
+ if ( mi->mi_conninfo.lai_tree == NULL ) {
+ fprintf( stderr, "\t(empty)\n" );
+
+ } else {
+ meta_back_ravl_print( mi->mi_conninfo.lai_tree, 0 );
+ }
+
+ fprintf( stderr, "<======== %s\n", msg );
+}
+#endif /* META_BACK_PRINT_CONNTREE */
+/*
+ * End of debug stuff
+ */
+
+/*
+ * metaconn_alloc
+ *
+ * Allocates a connection structure, making room for all the referenced targets
+ */
+static metaconn_t *
+metaconn_alloc(
+ Operation *op )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metaconn_t *mc;
+ int ntargets = mi->mi_ntargets;
+
+ assert( ntargets > 0 );
+
+ /* malloc all in one */
+ mc = ( metaconn_t * )ch_calloc( 1, sizeof( metaconn_t )
+ + sizeof( metasingleconn_t ) * ( ntargets - 1 ) );
+ if ( mc == NULL ) {
+ return NULL;
+ }
+
+ mc->mc_info = mi;
+
+ mc->mc_authz_target = META_BOUND_NONE;
+ mc->mc_refcnt = 1;
+
+ return mc;
+}
+
+/*
+ * meta_back_init_one_conn
+ *
+ * Initializes one connection
+ */
+int
+meta_back_init_one_conn(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t *mc,
+ int candidate,
+ int ispriv,
+ ldap_back_send_t sendok,
+ int dolock )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metatarget_t *mt = mi->mi_targets[ candidate ];
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+ int version;
+ dncookie dc;
+ int isauthz = ( candidate == mc->mc_authz_target );
+ int do_return = 0;
+#ifdef HAVE_TLS
+ int is_ldaps = 0;
+#endif /* HAVE_TLS */
+
+ /* if the server is quarantined, and
+ * - the current interval did not expire yet, or
+ * - no more retries should occur,
+ * don't return the connection */
+ if ( mt->mt_isquarantined ) {
+ slap_retry_info_t *ri = &mt->mt_quarantine;
+ int dont_retry = 1;
+
+ if ( mt->mt_quarantine.ri_interval ) {
+ ldap_pvt_thread_mutex_lock( &mt->mt_quarantine_mutex );
+ if ( mt->mt_isquarantined == LDAP_BACK_FQ_YES ) {
+ dont_retry = ( ri->ri_num[ ri->ri_idx ] == SLAP_RETRYNUM_TAIL
+ || slap_get_time() < ri->ri_last + ri->ri_interval[ ri->ri_idx ] );
+ if ( !dont_retry ) {
+ if ( StatslogTest( LDAP_DEBUG_ANY ) ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "meta_back_init_one_conn[%d]: quarantine "
+ "retry block #%d try #%d",
+ candidate, ri->ri_idx, ri->ri_count );
+ Debug( LDAP_DEBUG_ANY, "%s %s.\n",
+ op->o_log_prefix, buf, 0 );
+ }
+ }
+
+ mt->mt_isquarantined = LDAP_BACK_FQ_RETRYING;
+ }
+ ldap_pvt_thread_mutex_unlock( &mt->mt_quarantine_mutex );
+ }
+
+ if ( dont_retry ) {
+ rs->sr_err = LDAP_UNAVAILABLE;
+ if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+ rs->sr_text = "Target is quarantined";
+ send_ldap_result( op, rs );
+ }
+ return rs->sr_err;
+ }
+ }
+
+retry_lock:;
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ }
+
+ /*
+ * Already init'ed
+ */
+ if ( LDAP_BACK_CONN_ISBOUND( msc )
+ || LDAP_BACK_CONN_ISANON( msc ) )
+ {
+ assert( msc->msc_ld != NULL );
+ rs->sr_err = LDAP_SUCCESS;
+ do_return = 1;
+
+ } else if ( META_BACK_CONN_CREATING( msc )
+ || LDAP_BACK_CONN_BINDING( msc ) )
+ {
+ if ( !LDAP_BACK_USE_TEMPORARIES( mi ) ) {
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ }
+
+ ldap_pvt_thread_yield();
+ goto retry_lock;
+ }
+
+ /* sounds more appropriate */
+ rs->sr_err = LDAP_BUSY;
+ rs->sr_text = "No connections to target are available";
+ do_return = 1;
+
+ } else if ( META_BACK_CONN_INITED( msc ) ) {
+ assert( msc->msc_ld != NULL );
+ rs->sr_err = LDAP_SUCCESS;
+ do_return = 1;
+
+ } else {
+ /*
+ * creating...
+ */
+ META_BACK_CONN_CREATING_SET( msc );
+ }
+
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ }
+
+ if ( do_return ) {
+ if ( rs->sr_err != LDAP_SUCCESS
+ && op->o_conn
+ && ( sendok & LDAP_BACK_SENDERR ) )
+ {
+ send_ldap_result( op, rs );
+ }
+
+ return rs->sr_err;
+ }
+
+ assert( msc->msc_ld == NULL );
+
+ /*
+ * Attempts to initialize the connection to the target ds
+ */
+ ldap_pvt_thread_mutex_lock( &mt->mt_uri_mutex );
+ rs->sr_err = ldap_initialize( &msc->msc_ld, mt->mt_uri );
+#ifdef HAVE_TLS
+ is_ldaps = ldap_is_ldaps_url( mt->mt_uri );
+#endif /* HAVE_TLS */
+ ldap_pvt_thread_mutex_unlock( &mt->mt_uri_mutex );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ goto error_return;
+ }
+
+ /*
+ * Set LDAP version. This will always succeed: If the client
+ * bound with a particular version, then so can we.
+ */
+ if ( mt->mt_version != 0 ) {
+ version = mt->mt_version;
+
+ } else if ( op->o_conn->c_protocol != 0 ) {
+ version = op->o_conn->c_protocol;
+
+ } else {
+ version = LDAP_VERSION3;
+ }
+ ldap_set_option( msc->msc_ld, LDAP_OPT_PROTOCOL_VERSION, &version );
+
+ /* automatically chase referrals ("chase-referrals [{yes|no}]" statement) */
+ ldap_set_option( msc->msc_ld, LDAP_OPT_REFERRALS,
+ LDAP_BACK_CHASE_REFERRALS( mi ) ? LDAP_OPT_ON : LDAP_OPT_OFF );
+
+#ifdef HAVE_TLS
+ /* start TLS ("tls [try-]{start|propagate}" statement) */
+ if ( ( LDAP_BACK_USE_TLS( mi )
+ || ( op->o_conn->c_is_tls
+ && LDAP_BACK_PROPAGATE_TLS( mi ) ) )
+ && !is_ldaps )
+ {
+#ifdef SLAP_STARTTLS_ASYNCHRONOUS
+ /*
+ * use asynchronous StartTLS; in case, chase referral
+ * FIXME: OpenLDAP does not return referral on StartTLS yet
+ */
+ int msgid;
+
+ rs->sr_err = ldap_start_tls( msc->msc_ld, NULL, NULL, &msgid );
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ LDAPMessage *res = NULL;
+ int rc, nretries = mt->mt_nretries;
+ struct timeval tv;
+
+ LDAP_BACK_TV_SET( &tv );
+
+retry:;
+ rc = ldap_result( msc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res );
+ switch ( rc ) {
+ case -1:
+ rs->sr_err = LDAP_OTHER;
+ break;
+
+ case 0:
+ if ( nretries != 0 ) {
+ if ( nretries > 0 ) {
+ nretries--;
+ }
+ LDAP_BACK_TV_SET( &tv );
+ goto retry;
+ }
+ rs->sr_err = LDAP_OTHER;
+ break;
+
+ default:
+ /* only touch when activity actually took place... */
+ if ( mi->mi_idle_timeout != 0 && msc->msc_time < op->o_time ) {
+ msc->msc_time = op->o_time;
+ }
+ break;
+ }
+
+ if ( rc == LDAP_RES_EXTENDED ) {
+ struct berval *data = NULL;
+
+ /* NOTE: right now, data is unused, so don't get it */
+ rs->sr_err = ldap_parse_extended_result( msc->msc_ld,
+ res, NULL, NULL /* &data */ , 0 );
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ int err;
+
+ /* FIXME: matched? referrals? response controls? */
+ rs->sr_err = ldap_parse_result( msc->msc_ld,
+ res, &err, NULL, NULL, NULL, NULL, 1 );
+ res = NULL;
+
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ rs->sr_err = err;
+ }
+
+ /* FIXME: in case a referral
+ * is returned, should we try
+ * using it instead of the
+ * configured URI? */
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ ldap_install_tls( msc->msc_ld );
+
+ } else if ( rs->sr_err == LDAP_REFERRAL ) {
+ /* FIXME: LDAP_OPERATIONS_ERROR? */
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "Unwilling to chase referral "
+ "returned by Start TLS exop";
+ }
+
+ if ( data ) {
+ ber_bvfree( data );
+ }
+ }
+
+ } else {
+ rs->sr_err = LDAP_OTHER;
+ }
+
+ if ( res != NULL ) {
+ ldap_msgfree( res );
+ }
+ }
+#else /* ! SLAP_STARTTLS_ASYNCHRONOUS */
+ /*
+ * use synchronous StartTLS
+ */
+ rs->sr_err = ldap_start_tls_s( msc->msc_ld, NULL, NULL );
+#endif /* ! SLAP_STARTTLS_ASYNCHRONOUS */
+
+ /* if StartTLS is requested, only attempt it if the URL
+ * is not "ldaps://"; this may occur not only in case
+ * of misconfiguration, but also when used in the chain
+ * overlay, where the "uri" can be parsed out of a referral */
+ if ( rs->sr_err == LDAP_SERVER_DOWN
+ || ( rs->sr_err != LDAP_SUCCESS
+ && LDAP_BACK_TLS_CRITICAL( mi ) ) )
+ {
+
+#ifdef DEBUG_205
+ Debug( LDAP_DEBUG_ANY,
+ "### %s meta_back_init_one_conn(TLS) "
+ "ldap_unbind_ext[%d] ld=%p\n",
+ op->o_log_prefix, candidate,
+ (void *)msc->msc_ld );
+#endif /* DEBUG_205 */
+
+ /* need to trash a failed Start TLS */
+ meta_clear_one_candidate( op, mc, candidate );
+ goto error_return;
+ }
+ }
+#endif /* HAVE_TLS */
+
+ /*
+ * Set the network timeout if set
+ */
+ if ( mt->mt_network_timeout != 0 ) {
+ struct timeval network_timeout;
+
+ network_timeout.tv_usec = 0;
+ network_timeout.tv_sec = mt->mt_network_timeout;
+
+ ldap_set_option( msc->msc_ld, LDAP_OPT_NETWORK_TIMEOUT,
+ (void *)&network_timeout );
+ }
+
+ /*
+ * If the connection DN is not null, an attempt to rewrite it is made
+ */
+
+ if ( ispriv ) {
+ if ( !BER_BVISNULL( &mt->mt_idassert_authcDN ) ) {
+ ber_bvreplace( &msc->msc_bound_ndn, &mt->mt_idassert_authcDN );
+ if ( !BER_BVISNULL( &mt->mt_idassert_passwd ) ) {
+ if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+ memset( msc->msc_cred.bv_val, 0,
+ msc->msc_cred.bv_len );
+ }
+ ber_bvreplace( &msc->msc_cred, &mt->mt_idassert_passwd );
+ }
+
+ } else {
+ ber_bvreplace( &msc->msc_bound_ndn, &slap_empty_bv );
+ }
+
+ } else {
+ if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+ memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
+ ber_memfree_x( msc->msc_cred.bv_val, NULL );
+ BER_BVZERO( &msc->msc_cred );
+ }
+ if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
+ ber_memfree_x( msc->msc_bound_ndn.bv_val, NULL );
+ BER_BVZERO( &msc->msc_bound_ndn );
+ }
+ if ( !BER_BVISEMPTY( &op->o_ndn )
+ && SLAP_IS_AUTHZ_BACKEND( op )
+ && isauthz )
+ {
+ dc.target = mt;
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "bindDN";
+
+ /*
+ * Rewrite the bind dn if needed
+ */
+ if ( ldap_back_dn_massage( &dc, &op->o_conn->c_dn,
+ &msc->msc_bound_ndn ) )
+ {
+
+#ifdef DEBUG_205
+ Debug( LDAP_DEBUG_ANY,
+ "### %s meta_back_init_one_conn(rewrite) "
+ "ldap_unbind_ext[%d] ld=%p\n",
+ op->o_log_prefix, candidate,
+ (void *)msc->msc_ld );
+#endif /* DEBUG_205 */
+
+ /* need to trash a connection not fully established */
+ meta_clear_one_candidate( op, mc, candidate );
+ goto error_return;
+ }
+
+ /* copy the DN if needed */
+ if ( msc->msc_bound_ndn.bv_val == op->o_conn->c_dn.bv_val ) {
+ ber_dupbv( &msc->msc_bound_ndn, &op->o_conn->c_dn );
+ }
+
+ assert( !BER_BVISNULL( &msc->msc_bound_ndn ) );
+
+ } else {
+ ber_dupbv( &msc->msc_bound_ndn, (struct berval *)&slap_empty_bv );
+ }
+ }
+
+ assert( !BER_BVISNULL( &msc->msc_bound_ndn ) );
+
+error_return:;
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ }
+ META_BACK_CONN_CREATING_CLEAR( msc );
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ /*
+ * Sets a cookie for the rewrite session
+ */
+ ( void )rewrite_session_init( mt->mt_rwmap.rwm_rw, op->o_conn );
+ META_BACK_CONN_INITED_SET( msc );
+ }
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ }
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ rs->sr_err = slap_map_api2result( rs );
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ }
+ }
+
+ return rs->sr_err;
+}
+
+/*
+ * meta_back_retry
+ *
+ * Retries one connection
+ */
+int
+meta_back_retry(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t **mcp,
+ int candidate,
+ ldap_back_send_t sendok )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metatarget_t *mt = mi->mi_targets[ candidate ];
+ metaconn_t *mc = *mcp;
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+ int rc = LDAP_UNAVAILABLE,
+ binding,
+ quarantine = 1;
+
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+
+ assert( !META_BACK_CONN_CREATING( msc ) );
+ binding = LDAP_BACK_CONN_BINDING( msc );
+ LDAP_BACK_CONN_BINDING_CLEAR( msc );
+
+ assert( mc->mc_refcnt > 0 );
+ if ( mc->mc_refcnt == 1 ) {
+ if ( StatslogTest( LDAP_DEBUG_ANY ) ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ /* this lock is required; however,
+ * it's invoked only when logging is on */
+ ldap_pvt_thread_mutex_lock( &mt->mt_uri_mutex );
+ snprintf( buf, sizeof( buf ),
+ "retrying URI=\"%s\" DN=\"%s\"",
+ mt->mt_uri,
+ BER_BVISNULL( &msc->msc_bound_ndn ) ?
+ "" : msc->msc_bound_ndn.bv_val );
+ ldap_pvt_thread_mutex_unlock( &mt->mt_uri_mutex );
+
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_back_retry[%d]: %s.\n",
+ op->o_log_prefix, candidate, buf );
+ }
+
+ meta_clear_one_candidate( op, mc, candidate );
+ LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+
+ ( void )rewrite_session_delete( mt->mt_rwmap.rwm_rw, op->o_conn );
+
+ /* mc here must be the regular mc, reset and ready for init */
+ rc = meta_back_init_one_conn( op, rs, mc, candidate,
+ LDAP_BACK_CONN_ISPRIV( mc ), sendok, 0 );
+
+ /* restore the "binding" flag, in case */
+ if ( binding ) {
+ LDAP_BACK_CONN_BINDING_SET( msc );
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ quarantine = 0;
+ rc = meta_back_single_dobind( op, rs, mcp, candidate,
+ sendok, mt->mt_nretries, 0 );
+
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_back_retry[%d]: "
+ "meta_back_single_dobind=%d\n",
+ op->o_log_prefix, candidate, rc );
+ if ( rc == LDAP_SUCCESS ) {
+ if ( !BER_BVISNULL( &msc->msc_bound_ndn ) &&
+ !BER_BVISEMPTY( &msc->msc_bound_ndn ) )
+ {
+ LDAP_BACK_CONN_ISBOUND_SET( msc );
+
+ } else {
+ LDAP_BACK_CONN_ISANON_SET( msc );
+ }
+
+ /* when bound, dispose of the "binding" flag */
+ if ( binding ) {
+ LDAP_BACK_CONN_BINDING_CLEAR( msc );
+ }
+ }
+ }
+
+ /* don't send twice */
+ sendok &= ~LDAP_BACK_SENDERR;
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ SlapReply *candidates = meta_back_candidates_get( op );
+
+ candidates[ candidate ].sr_err = rc;
+
+ if ( *mcp != NULL ) {
+ if ( mc->mc_refcnt == 1 ) {
+ if ( binding ) {
+ LDAP_BACK_CONN_BINDING_CLEAR( msc );
+ }
+ (void)meta_clear_one_candidate( op, mc, candidate );
+ }
+
+ LDAP_BACK_CONN_TAINTED_SET( mc );
+ /* only release if mandatory; otherwise
+ * let the caller do what's best before
+ * releasing */
+ if ( META_BACK_ONERR_STOP( mi ) ) {
+ meta_back_release_conn_lock( mi, mc, 0 );
+ *mcp = NULL;
+
+ } else {
+#if META_BACK_PRINT_CONNTREE > 0
+ meta_back_print_conntree( mi, ">>> meta_back_retry" );
+#endif /* META_BACK_PRINT_CONNTREE */
+
+ /* FIXME: could be done better, reworking meta_back_release_conn_lock() */
+ if ( LDAP_BACK_PCONN_ISPRIV( mc ) ) {
+ if ( mc->mc_q.tqe_prev != NULL ) {
+ assert( LDAP_BACK_CONN_CACHED( mc ) );
+ assert( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num > 0 );
+ LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
+ mc, mc_q );
+ mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num--;
+ LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
+
+ } else {
+ assert( !LDAP_BACK_CONN_CACHED( mc ) );
+ }
+
+ } else {
+ /* FIXME: check if in tree, for consistency? */
+ (void)avl_delete( &mi->mi_conninfo.lai_tree,
+ ( caddr_t )mc, meta_back_conndnmc_cmp );
+ }
+ LDAP_BACK_CONN_CACHED_CLEAR( mc );
+
+#if META_BACK_PRINT_CONNTREE > 0
+ meta_back_print_conntree( mi, "<<< meta_back_retry" );
+#endif /* META_BACK_PRINT_CONNTREE */
+ }
+ }
+
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ rs->sr_err = rc;
+ rs->sr_text = "Unable to retry";
+ send_ldap_result( op, rs );
+ }
+ }
+
+ if ( quarantine && META_BACK_TGT_QUARANTINE( mt ) ) {
+ meta_back_quarantine( op, rs, candidate );
+ }
+
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+ return rc == LDAP_SUCCESS ? 1 : 0;
+}
+
+/*
+ * callback for unique candidate selection
+ */
+static int
+meta_back_conn_cb( Operation *op, SlapReply *rs )
+{
+ assert( op->o_tag == LDAP_REQ_SEARCH );
+
+ switch ( rs->sr_type ) {
+ case REP_SEARCH:
+ ((long *)op->o_callback->sc_private)[0] = (long)op->o_private;
+ break;
+
+ case REP_SEARCHREF:
+ case REP_RESULT:
+ break;
+
+ default:
+ return rs->sr_err;
+ }
+
+ return 0;
+}
+
+
+static int
+meta_back_get_candidate(
+ Operation *op,
+ SlapReply *rs,
+ struct berval *ndn )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ long candidate;
+
+ /*
+ * tries to get a unique candidate
+ * (takes care of default target)
+ */
+ candidate = meta_back_select_unique_candidate( mi, ndn );
+
+ /*
+ * if any is found, inits the connection
+ */
+ if ( candidate == META_TARGET_NONE ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = "No suitable candidate target found";
+
+ } else if ( candidate == META_TARGET_MULTIPLE ) {
+ Filter f = { 0 };
+ Operation op2 = *op;
+ SlapReply rs2 = { 0 };
+ slap_callback cb2 = { 0 };
+ int rc;
+
+ /* try to get a unique match for the request ndn
+ * among the multiple candidates available */
+ op2.o_tag = LDAP_REQ_SEARCH;
+ op2.o_req_dn = *ndn;
+ op2.o_req_ndn = *ndn;
+ op2.ors_scope = LDAP_SCOPE_BASE;
+ op2.ors_deref = LDAP_DEREF_NEVER;
+ op2.ors_attrs = slap_anlist_no_attrs;
+ op2.ors_attrsonly = 0;
+ op2.ors_limit = NULL;
+ op2.ors_slimit = 1;
+ op2.ors_tlimit = SLAP_NO_LIMIT;
+
+ f.f_choice = LDAP_FILTER_PRESENT;
+ f.f_desc = slap_schema.si_ad_objectClass;
+ op2.ors_filter = &f;
+ BER_BVSTR( &op2.ors_filterstr, "(objectClass=*)" );
+
+ op2.o_callback = &cb2;
+ cb2.sc_response = meta_back_conn_cb;
+ cb2.sc_private = (void *)&candidate;
+
+ rc = op->o_bd->be_search( &op2, &rs2 );
+
+ switch ( rs2.sr_err ) {
+ case LDAP_SUCCESS:
+ default:
+ rs->sr_err = rs2.sr_err;
+ break;
+
+ case LDAP_SIZELIMIT_EXCEEDED:
+ /* if multiple candidates can serve the operation,
+ * and a default target is defined, and it is
+ * a candidate, try using it (FIXME: YMMV) */
+ if ( mi->mi_defaulttarget != META_DEFAULT_TARGET_NONE
+ && meta_back_is_candidate( mi->mi_targets[ mi->mi_defaulttarget ],
+ ndn, op->o_tag == LDAP_REQ_SEARCH ? op->ors_scope : LDAP_SCOPE_BASE ) )
+ {
+ candidate = mi->mi_defaulttarget;
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+
+ } else {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "Unable to select unique candidate target";
+ }
+ break;
+ }
+
+ } else {
+ rs->sr_err = LDAP_SUCCESS;
+ }
+
+ return candidate;
+}
+
+static void *meta_back_candidates_dummy;
+
+static void
+meta_back_candidates_keyfree(
+ void *key,
+ void *data )
+{
+ metacandidates_t *mc = (metacandidates_t *)data;
+
+ ber_memfree_x( mc->mc_candidates, NULL );
+ ber_memfree_x( data, NULL );
+}
+
+SlapReply *
+meta_back_candidates_get( Operation *op )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metacandidates_t *mc;
+
+ if ( op->o_threadctx ) {
+ void *data = NULL;
+
+ ldap_pvt_thread_pool_getkey( op->o_threadctx,
+ &meta_back_candidates_dummy, &data, NULL );
+ mc = (metacandidates_t *)data;
+
+ } else {
+ mc = mi->mi_candidates;
+ }
+
+ if ( mc == NULL ) {
+ mc = ch_calloc( sizeof( metacandidates_t ), 1 );
+ mc->mc_ntargets = mi->mi_ntargets;
+ mc->mc_candidates = ch_calloc( sizeof( SlapReply ), mc->mc_ntargets );
+ if ( op->o_threadctx ) {
+ void *data = NULL;
+
+ data = (void *)mc;
+ ldap_pvt_thread_pool_setkey( op->o_threadctx,
+ &meta_back_candidates_dummy, data,
+ meta_back_candidates_keyfree );
+
+ } else {
+ mi->mi_candidates = mc;
+ }
+
+ } else if ( mc->mc_ntargets < mi->mi_ntargets ) {
+ /* NOTE: in the future, may want to allow back-config
+ * to add/remove targets from back-meta... */
+ mc->mc_candidates = ch_realloc( mc->mc_candidates,
+ sizeof( SlapReply ) * mi->mi_ntargets );
+ memset( &mc->mc_candidates[ mc->mc_ntargets ], 0,
+ sizeof( SlapReply ) * ( mi->mi_ntargets - mc->mc_ntargets ) );
+ mc->mc_ntargets = mi->mi_ntargets;
+ }
+
+ return mc->mc_candidates;
+}
+
+/*
+ * meta_back_getconn
+ *
+ * Prepares the connection structure
+ *
+ * RATIONALE:
+ *
+ * - determine what DN is being requested:
+ *
+ * op requires candidate checks
+ *
+ * add unique parent of o_req_ndn
+ * bind unique^*[/all] o_req_ndn [no check]
+ * compare unique^+ o_req_ndn
+ * delete unique o_req_ndn
+ * modify unique o_req_ndn
+ * search any o_req_ndn
+ * modrdn unique[, unique] o_req_ndn[, orr_nnewSup]
+ *
+ * - for ops that require the candidate to be unique, in case of multiple
+ * occurrences an internal search with sizeLimit=1 is performed
+ * if a unique candidate can actually be determined. If none is found,
+ * the operation aborts; if multiple are found, the default target
+ * is used if defined and candidate; otherwise the operation aborts.
+ *
+ * *^note: actually, the bind operation is handled much like a search;
+ * i.e. the bind is broadcast to all candidate targets.
+ *
+ * +^note: actually, the compare operation is handled much like a search;
+ * i.e. the compare is broadcast to all candidate targets, while checking
+ * that exactly none (noSuchObject) or one (TRUE/FALSE/UNDEFINED) is
+ * returned.
+ */
+metaconn_t *
+meta_back_getconn(
+ Operation *op,
+ SlapReply *rs,
+ int *candidate,
+ ldap_back_send_t sendok )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metaconn_t *mc = NULL,
+ mc_curr = { 0 };
+ int cached = META_TARGET_NONE,
+ i = META_TARGET_NONE,
+ err = LDAP_SUCCESS,
+ new_conn = 0,
+ ncandidates = 0;
+
+
+ meta_op_type op_type = META_OP_REQUIRE_SINGLE;
+ enum {
+ META_DNTYPE_ENTRY,
+ META_DNTYPE_PARENT,
+ META_DNTYPE_NEWPARENT
+ } dn_type = META_DNTYPE_ENTRY;
+ struct berval ndn = op->o_req_ndn,
+ pndn;
+
+ SlapReply *candidates = meta_back_candidates_get( op );
+
+ /* Internal searches are privileged and shared. So is root. */
+ if ( ( !BER_BVISEMPTY( &op->o_ndn ) && META_BACK_PROXYAUTHZ_ALWAYS( mi ) )
+ || ( BER_BVISEMPTY( &op->o_ndn ) && META_BACK_PROXYAUTHZ_ANON( mi ) )
+ || op->o_do_not_cache || be_isroot( op ) )
+ {
+ LDAP_BACK_CONN_ISPRIV_SET( &mc_curr );
+ mc_curr.mc_local_ndn = op->o_bd->be_rootndn;
+ LDAP_BACK_PCONN_ROOTDN_SET( &mc_curr, op );
+
+ } else if ( BER_BVISEMPTY( &op->o_ndn ) && META_BACK_PROXYAUTHZ_NOANON( mi ) )
+ {
+ LDAP_BACK_CONN_ISANON_SET( &mc_curr );
+ BER_BVSTR( &mc_curr.mc_local_ndn, "" );
+ LDAP_BACK_PCONN_ANON_SET( &mc_curr, op );
+
+ } else {
+ mc_curr.mc_local_ndn = op->o_ndn;
+
+ /* Explicit binds must not be shared */
+ if ( !BER_BVISEMPTY( &op->o_ndn )
+ || op->o_tag == LDAP_REQ_BIND
+ || SLAP_IS_AUTHZ_BACKEND( op ) )
+ {
+ mc_curr.mc_conn = op->o_conn;
+
+ } else {
+ LDAP_BACK_CONN_ISANON_SET( &mc_curr );
+ LDAP_BACK_PCONN_ANON_SET( &mc_curr, op );
+ }
+ }
+
+ /* Explicit Bind requests always get their own conn */
+ if ( sendok & LDAP_BACK_BINDING ) {
+ mc_curr.mc_conn = op->o_conn;
+
+ } else {
+ /* Searches for a metaconn in the avl tree */
+retry_lock:;
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ if ( LDAP_BACK_PCONN_ISPRIV( &mc_curr ) ) {
+ /* lookup a conn that's not binding */
+ LDAP_TAILQ_FOREACH( mc,
+ &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( &mc_curr ) ].mic_priv,
+ mc_q )
+ {
+ if ( !LDAP_BACK_CONN_BINDING( mc ) && mc->mc_refcnt == 0 ) {
+ break;
+ }
+ }
+
+ if ( mc != NULL ) {
+ if ( mc != LDAP_TAILQ_LAST( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
+ metaconn_t, mc_q ) )
+ {
+ LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
+ mc, mc_q );
+ LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
+ LDAP_TAILQ_INSERT_TAIL( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
+ mc, mc_q );
+ }
+
+ } else if ( !LDAP_BACK_USE_TEMPORARIES( mi )
+ && mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( &mc_curr ) ].mic_num == mi->mi_conn_priv_max )
+ {
+ mc = LDAP_TAILQ_FIRST( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( &mc_curr ) ].mic_priv );
+ }
+
+
+ } else {
+ mc = (metaconn_t *)avl_find( mi->mi_conninfo.lai_tree,
+ (caddr_t)&mc_curr, meta_back_conndn_cmp );
+ }
+
+ if ( mc ) {
+ /* catch taint errors */
+ assert( !LDAP_BACK_CONN_TAINTED( mc ) );
+
+ /* Don't reuse connections while they're still binding
+ * NOTE: only makes sense for binds */
+ if ( LDAP_BACK_CONN_BINDING( mc ) ) {
+ if ( !LDAP_BACK_USE_TEMPORARIES( mi ) ) {
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+ ldap_pvt_thread_yield();
+ goto retry_lock;
+ }
+
+ /* release conn, and create a temporary */
+ mc = NULL;
+
+ } else {
+ if ( ( mi->mi_conn_ttl != 0 && op->o_time > mc->mc_create_time + mi->mi_conn_ttl )
+ || ( mi->mi_idle_timeout != 0 && op->o_time > mc->mc_time + mi->mi_idle_timeout ) )
+ {
+#if META_BACK_PRINT_CONNTREE > 0
+ meta_back_print_conntree( mi,
+ ">>> meta_back_getconn(expired)" );
+#endif /* META_BACK_PRINT_CONNTREE */
+
+ /* don't let anyone else use this expired connection */
+ if ( LDAP_BACK_PCONN_ISPRIV( mc ) ) {
+ if ( mc->mc_q.tqe_prev != NULL ) {
+ assert( LDAP_BACK_CONN_CACHED( mc ) );
+ assert( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num > 0 );
+ LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
+ mc, mc_q );
+ mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num--;
+ LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
+
+ } else {
+ assert( !LDAP_BACK_CONN_CACHED( mc ) );
+ }
+
+ } else {
+ (void)avl_delete( &mi->mi_conninfo.lai_tree,
+ (caddr_t)mc, meta_back_conndnmc_cmp );
+ }
+
+#if META_BACK_PRINT_CONNTREE > 0
+ meta_back_print_conntree( mi,
+ "<<< meta_back_getconn(expired)" );
+#endif /* META_BACK_PRINT_CONNTREE */
+ LDAP_BACK_CONN_TAINTED_SET( mc );
+ LDAP_BACK_CONN_CACHED_CLEAR( mc );
+
+ Debug( LDAP_DEBUG_TRACE, "%s meta_back_getconn: mc=%p conn=%ld expired (tainted).\n",
+ op->o_log_prefix, (void *)mc, LDAP_BACK_PCONN_ID( mc ) );
+ }
+
+ mc->mc_refcnt++;
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ }
+
+ switch ( op->o_tag ) {
+ case LDAP_REQ_ADD:
+ /* if we go to selection, the entry must not exist,
+ * and we must be able to resolve the parent */
+ dn_type = META_DNTYPE_PARENT;
+ dnParent( &ndn, &pndn );
+ break;
+
+ case LDAP_REQ_MODRDN:
+ /* if nnewSuperior is not NULL, it must resolve
+ * to the same candidate as the req_ndn */
+ if ( op->orr_nnewSup ) {
+ dn_type = META_DNTYPE_NEWPARENT;
+ }
+ break;
+
+ case LDAP_REQ_BIND:
+ /* if bound as rootdn, the backend must bind to all targets
+ * with the administrative identity */
+ if ( op->orb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op ) ) {
+ op_type = META_OP_REQUIRE_ALL;
+ }
+ break;
+
+ case LDAP_REQ_COMPARE:
+ case LDAP_REQ_DELETE:
+ case LDAP_REQ_MODIFY:
+ /* just a unique candidate */
+ break;
+
+ case LDAP_REQ_SEARCH:
+ /* allow multiple candidates for the searchBase */
+ op_type = META_OP_ALLOW_MULTIPLE;
+ break;
+
+ default:
+ /* right now, just break (exop?) */
+ break;
+ }
+
+ /*
+ * require all connections ...
+ */
+ if ( op_type == META_OP_REQUIRE_ALL ) {
+
+ /* Looks like we didn't get a bind. Open a new session... */
+ if ( mc == NULL ) {
+ assert( new_conn == 0 );
+ mc = metaconn_alloc( op );
+ mc->mc_conn = mc_curr.mc_conn;
+ ber_dupbv( &mc->mc_local_ndn, &mc_curr.mc_local_ndn );
+ new_conn = 1;
+ if ( sendok & LDAP_BACK_BINDING ) {
+ LDAP_BACK_CONN_BINDING_SET( mc );
+ }
+ if ( LDAP_BACK_CONN_ISPRIV( &mc_curr ) ) {
+ LDAP_BACK_CONN_ISPRIV_SET( mc );
+
+ } else if ( LDAP_BACK_CONN_ISANON( &mc_curr ) ) {
+ LDAP_BACK_CONN_ISANON_SET( mc );
+ }
+
+ } else if ( 0 ) {
+ /* TODO: if any of the connections is binding,
+ * release mc and create a new one */
+ }
+
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ /*
+ * The target is activated; if needed, it is
+ * also init'd
+ */
+ candidates[ i ].sr_err = meta_back_init_one_conn( op,
+ rs, mc, i, LDAP_BACK_CONN_ISPRIV( &mc_curr ),
+ LDAP_BACK_DONTSEND, !new_conn );
+ if ( candidates[ i ].sr_err == LDAP_SUCCESS ) {
+ META_CANDIDATE_SET( &candidates[ i ] );
+ ncandidates++;
+
+ } else {
+
+ /*
+ * FIXME: in case one target cannot
+ * be init'd, should the other ones
+ * be tried?
+ */
+ META_CANDIDATE_RESET( &candidates[ i ] );
+ err = candidates[ i ].sr_err;
+ continue;
+ }
+ }
+
+ if ( ncandidates == 0 ) {
+ if ( new_conn ) {
+ mc->mc_refcnt = 0;
+ meta_back_conn_free( mc );
+
+ } else {
+ meta_back_release_conn( mi, mc );
+ }
+
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = "Unable to select valid candidates";
+
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ if ( rs->sr_err == LDAP_NO_SUCH_OBJECT ) {
+ rs->sr_matched = op->o_bd->be_suffix[ 0 ].bv_val;
+ }
+ send_ldap_result( op, rs );
+ rs->sr_matched = NULL;
+ }
+
+ return NULL;
+ }
+
+ goto done;
+ }
+
+ /*
+ * looks in cache, if any
+ */
+ if ( mi->mi_cache.ttl != META_DNCACHE_DISABLED ) {
+ cached = i = meta_dncache_get_target( &mi->mi_cache, &op->o_req_ndn );
+ }
+
+ if ( op_type == META_OP_REQUIRE_SINGLE ) {
+ metatarget_t *mt = NULL;
+ metasingleconn_t *msc = NULL;
+
+ int j;
+
+ for ( j = 0; j < mi->mi_ntargets; j++ ) {
+ META_CANDIDATE_RESET( &candidates[ j ] );
+ }
+
+ /*
+ * tries to get a unique candidate
+ * (takes care of default target)
+ */
+ if ( i == META_TARGET_NONE ) {
+ i = meta_back_get_candidate( op, rs, &ndn );
+
+ if ( rs->sr_err == LDAP_NO_SUCH_OBJECT && dn_type == META_DNTYPE_PARENT ) {
+ i = meta_back_get_candidate( op, rs, &pndn );
+ }
+
+ if ( i < 0 || rs->sr_err != LDAP_SUCCESS ) {
+ if ( mc != NULL ) {
+ meta_back_release_conn( mi, mc );
+ }
+
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ if ( rs->sr_err == LDAP_NO_SUCH_OBJECT ) {
+ rs->sr_matched = op->o_bd->be_suffix[ 0 ].bv_val;
+ }
+ send_ldap_result( op, rs );
+ rs->sr_matched = NULL;
+ }
+
+ return NULL;
+ }
+ }
+
+ if ( dn_type == META_DNTYPE_NEWPARENT && meta_back_get_candidate( op, rs, op->orr_nnewSup ) != i )
+ {
+ if ( mc != NULL ) {
+ meta_back_release_conn( mi, mc );
+ }
+
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "Cross-target rename not supported";
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ }
+
+ return NULL;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "==>meta_back_getconn: got target=%d for ndn=\"%s\" from cache\n",
+ i, op->o_req_ndn.bv_val, 0 );
+
+ if ( mc == NULL ) {
+ /* Retries searching for a metaconn in the avl tree
+ * the reason is that the connection might have been
+ * created by meta_back_get_candidate() */
+ if ( !( sendok & LDAP_BACK_BINDING ) ) {
+retry_lock2:;
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ mc = (metaconn_t *)avl_find( mi->mi_conninfo.lai_tree,
+ (caddr_t)&mc_curr, meta_back_conndn_cmp );
+ if ( mc != NULL ) {
+ /* catch taint errors */
+ assert( !LDAP_BACK_CONN_TAINTED( mc ) );
+
+ /* Don't reuse connections while they're still binding */
+ if ( META_BACK_CONN_CREATING( &mc->mc_conns[ i ] )
+ || LDAP_BACK_CONN_BINDING( &mc->mc_conns[ i ] ) )
+ {
+ if ( !LDAP_BACK_USE_TEMPORARIES( mi ) ) {
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ ldap_pvt_thread_yield();
+ goto retry_lock2;
+ }
+
+ mc = NULL;
+
+ } else {
+ mc->mc_refcnt++;
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ }
+
+ /* Looks like we didn't get a bind. Open a new session... */
+ if ( mc == NULL ) {
+ assert( new_conn == 0 );
+ mc = metaconn_alloc( op );
+ mc->mc_conn = mc_curr.mc_conn;
+ ber_dupbv( &mc->mc_local_ndn, &mc_curr.mc_local_ndn );
+ new_conn = 1;
+ if ( sendok & LDAP_BACK_BINDING ) {
+ LDAP_BACK_CONN_BINDING_SET( mc );
+ }
+ if ( LDAP_BACK_CONN_ISPRIV( &mc_curr ) ) {
+ LDAP_BACK_CONN_ISPRIV_SET( mc );
+
+ } else if ( LDAP_BACK_CONN_ISANON( &mc_curr ) ) {
+ LDAP_BACK_CONN_ISANON_SET( mc );
+ }
+ }
+ }
+
+ /*
+ * Clear all other candidates
+ */
+ ( void )meta_clear_unused_candidates( op, i );
+
+ mt = mi->mi_targets[ i ];
+ msc = &mc->mc_conns[ i ];
+
+ /*
+ * The target is activated; if needed, it is
+ * also init'd. In case of error, meta_back_init_one_conn
+ * sends the appropriate result.
+ */
+ err = meta_back_init_one_conn( op, rs, mc, i,
+ LDAP_BACK_CONN_ISPRIV( &mc_curr ), sendok, !new_conn );
+ if ( err != LDAP_SUCCESS ) {
+ /*
+ * FIXME: in case one target cannot
+ * be init'd, should the other ones
+ * be tried?
+ */
+ META_CANDIDATE_RESET( &candidates[ i ] );
+ if ( new_conn ) {
+ mc->mc_refcnt = 0;
+ meta_back_conn_free( mc );
+
+ } else {
+ meta_back_release_conn( mi, mc );
+ }
+ return NULL;
+ }
+
+ candidates[ i ].sr_err = LDAP_SUCCESS;
+ META_CANDIDATE_SET( &candidates[ i ] );
+ ncandidates++;
+
+ if ( candidate ) {
+ *candidate = i;
+ }
+
+ /*
+ * if no unique candidate ...
+ */
+ } else {
+
+ /* Looks like we didn't get a bind. Open a new session... */
+ if ( mc == NULL ) {
+ assert( new_conn == 0 );
+ mc = metaconn_alloc( op );
+ mc->mc_conn = mc_curr.mc_conn;
+ ber_dupbv( &mc->mc_local_ndn, &mc_curr.mc_local_ndn );
+ new_conn = 1;
+ if ( LDAP_BACK_CONN_ISPRIV( &mc_curr ) ) {
+ LDAP_BACK_CONN_ISPRIV_SET( mc );
+
+ } else if ( LDAP_BACK_CONN_ISANON( &mc_curr ) ) {
+ LDAP_BACK_CONN_ISANON_SET( mc );
+ }
+ }
+
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ metatarget_t *mt = mi->mi_targets[ i ];
+
+ META_CANDIDATE_RESET( &candidates[ i ] );
+
+ if ( i == cached
+ || meta_back_is_candidate( mt, &op->o_req_ndn,
+ LDAP_SCOPE_SUBTREE ) )
+ {
+
+ /*
+ * The target is activated; if needed, it is
+ * also init'd
+ */
+ int lerr = meta_back_init_one_conn( op, rs, mc, i,
+ LDAP_BACK_CONN_ISPRIV( &mc_curr ),
+ LDAP_BACK_DONTSEND, !new_conn );
+ candidates[ i ].sr_err = lerr;
+ if ( lerr == LDAP_SUCCESS ) {
+ META_CANDIDATE_SET( &candidates[ i ] );
+ ncandidates++;
+
+ Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d]\n",
+ op->o_log_prefix, i, 0 );
+
+ } else if ( lerr == LDAP_UNAVAILABLE && !META_BACK_ONERR_STOP( mi ) ) {
+ META_CANDIDATE_SET( &candidates[ i ] );
+
+ Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d] %s\n",
+ op->o_log_prefix, i,
+ mt->mt_isquarantined != LDAP_BACK_FQ_NO ? "quarantined" : "unavailable" );
+
+ } else {
+
+ /*
+ * FIXME: in case one target cannot
+ * be init'd, should the other ones
+ * be tried?
+ */
+ if ( new_conn ) {
+ ( void )meta_clear_one_candidate( op, mc, i );
+ }
+ /* leave the target candidate, but record the error for later use */
+ err = lerr;
+
+ if ( lerr == LDAP_UNAVAILABLE && mt->mt_isquarantined != LDAP_BACK_FQ_NO ) {
+ Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d] quarantined err=%d\n",
+ op->o_log_prefix, i, lerr );
+
+ } else {
+ Debug( LDAP_DEBUG_ANY, "%s: meta_back_getconn[%d] failed err=%d\n",
+ op->o_log_prefix, i, lerr );
+ }
+
+ if ( META_BACK_ONERR_STOP( mi ) ) {
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ }
+ if ( new_conn ) {
+ mc->mc_refcnt = 0;
+ meta_back_conn_free( mc );
+
+ } else {
+ meta_back_release_conn( mi, mc );
+ }
+
+ return NULL;
+ }
+
+ continue;
+ }
+
+ } else {
+ if ( new_conn ) {
+ ( void )meta_clear_one_candidate( op, mc, i );
+ }
+ }
+ }
+
+ if ( ncandidates == 0 ) {
+ if ( new_conn ) {
+ mc->mc_refcnt = 0;
+ meta_back_conn_free( mc );
+
+ } else {
+ meta_back_release_conn( mi, mc );
+ }
+
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = "Unable to select valid candidates";
+ }
+
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ if ( rs->sr_err == LDAP_NO_SUCH_OBJECT ) {
+ rs->sr_matched = op->o_bd->be_suffix[ 0 ].bv_val;
+ }
+ send_ldap_result( op, rs );
+ rs->sr_matched = NULL;
+ }
+
+ return NULL;
+ }
+ }
+
+done:;
+ /* clear out meta_back_init_one_conn non-fatal errors */
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+
+ /* touch the timestamp */
+ if ( mi->mi_idle_timeout != 0 ) {
+ mc->mc_time = op->o_time;
+ }
+
+ if ( new_conn ) {
+ if ( mi->mi_conn_ttl ) {
+ mc->mc_create_time = op->o_time;
+ }
+
+ /*
+ * Inserts the newly created metaconn in the avl tree
+ */
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+#if META_BACK_PRINT_CONNTREE > 0
+ meta_back_print_conntree( mi, ">>> meta_back_getconn" );
+#endif /* META_BACK_PRINT_CONNTREE */
+
+ if ( LDAP_BACK_PCONN_ISPRIV( mc ) ) {
+ if ( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num < mi->mi_conn_priv_max ) {
+ LDAP_TAILQ_INSERT_TAIL( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv, mc, mc_q );
+ mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num++;
+ LDAP_BACK_CONN_CACHED_SET( mc );
+
+ } else {
+ LDAP_BACK_CONN_TAINTED_SET( mc );
+ }
+ rs->sr_err = 0;
+
+ } else {
+ err = avl_insert( &mi->mi_conninfo.lai_tree, ( caddr_t )mc,
+ meta_back_conndn_cmp, meta_back_conndn_dup );
+ LDAP_BACK_CONN_CACHED_SET( mc );
+ }
+
+#if META_BACK_PRINT_CONNTREE > 0
+ meta_back_print_conntree( mi, ">>> meta_back_getconn" );
+#endif /* META_BACK_PRINT_CONNTREE */
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+ if ( !LDAP_BACK_PCONN_ISPRIV( mc ) ) {
+ /*
+ * Err could be -1 in case a duplicate metaconn is inserted
+ */
+ switch ( err ) {
+ case 0:
+ break;
+
+ case -1:
+ LDAP_BACK_CONN_CACHED_CLEAR( mc );
+ /* duplicate: free and try to get the newly created one */
+ if ( !( sendok & LDAP_BACK_BINDING ) && !LDAP_BACK_USE_TEMPORARIES( mi ) ) {
+ mc->mc_refcnt = 0;
+ meta_back_conn_free( mc );
+
+ new_conn = 0;
+ goto retry_lock;
+ }
+
+ LDAP_BACK_CONN_TAINTED_SET( mc );
+ break;
+
+ default:
+ LDAP_BACK_CONN_CACHED_CLEAR( mc );
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_back_getconn: candidates=%d conn=%ld insert failed\n",
+ op->o_log_prefix, ncandidates,
+ LDAP_BACK_PCONN_ID( mc ) );
+
+ mc->mc_refcnt = 0;
+ meta_back_conn_free( mc );
+
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "Proxy bind collision";
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ }
+ return NULL;
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "%s meta_back_getconn: candidates=%d conn=%ld inserted\n",
+ op->o_log_prefix, ncandidates,
+ LDAP_BACK_PCONN_ID( mc ) );
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "%s meta_back_getconn: candidates=%d conn=%ld fetched\n",
+ op->o_log_prefix, ncandidates,
+ LDAP_BACK_PCONN_ID( mc ) );
+ }
+
+ return mc;
+}
+
+void
+meta_back_release_conn_lock(
+ metainfo_t *mi,
+ metaconn_t *mc,
+ int dolock )
+{
+ assert( mc != NULL );
+
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ }
+ assert( mc->mc_refcnt > 0 );
+ mc->mc_refcnt--;
+ /* NOTE: the connection is removed if either it is tainted
+ * or if it is shared and no one else is using it. This needs
+ * to occur because for intrinsic reasons cached connections
+ * that are not privileged would live forever and pollute
+ * the connection space (and eat up resources). Maybe this
+ * should be configurable... */
+ if ( LDAP_BACK_CONN_TAINTED( mc ) ) {
+#if META_BACK_PRINT_CONNTREE > 0
+ meta_back_print_conntree( mi, ">>> meta_back_release_conn" );
+#endif /* META_BACK_PRINT_CONNTREE */
+
+ if ( LDAP_BACK_PCONN_ISPRIV( mc ) ) {
+ if ( mc->mc_q.tqe_prev != NULL ) {
+ assert( LDAP_BACK_CONN_CACHED( mc ) );
+ assert( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num > 0 );
+ LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv, mc, mc_q );
+ mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num--;
+ LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
+
+ } else {
+ assert( !LDAP_BACK_CONN_CACHED( mc ) );
+ }
+
+ } else {
+ metaconn_t *tmpmc;
+
+ tmpmc = avl_delete( &mi->mi_conninfo.lai_tree,
+ ( caddr_t )mc, meta_back_conndnmc_cmp );
+
+ /* Overparanoid, but useful... */
+ assert( tmpmc == NULL || tmpmc == mc );
+ }
+
+ LDAP_BACK_CONN_CACHED_CLEAR( mc );
+
+#if META_BACK_PRINT_CONNTREE > 0
+ meta_back_print_conntree( mi, "<<< meta_back_release_conn" );
+#endif /* META_BACK_PRINT_CONNTREE */
+
+ if ( mc->mc_refcnt == 0 ) {
+ meta_back_conn_free( mc );
+ mc = NULL;
+ }
+ }
+
+ if ( mc != NULL && LDAP_BACK_CONN_BINDING( mc ) ) {
+ LDAP_BACK_CONN_BINDING_CLEAR( mc );
+ }
+
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ }
+}
+
+void
+meta_back_quarantine(
+ Operation *op,
+ SlapReply *rs,
+ int candidate )
+{
+ metainfo_t *mi = (metainfo_t *)op->o_bd->be_private;
+ metatarget_t *mt = mi->mi_targets[ candidate ];
+
+ slap_retry_info_t *ri = &mt->mt_quarantine;
+
+ ldap_pvt_thread_mutex_lock( &mt->mt_quarantine_mutex );
+
+ if ( rs->sr_err == LDAP_UNAVAILABLE ) {
+ time_t new_last = slap_get_time();
+
+ switch ( mt->mt_isquarantined ) {
+ case LDAP_BACK_FQ_NO:
+ if ( ri->ri_last == new_last ) {
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_back_quarantine[%d]: enter.\n",
+ op->o_log_prefix, candidate, 0 );
+
+ ri->ri_idx = 0;
+ ri->ri_count = 0;
+ break;
+
+ case LDAP_BACK_FQ_RETRYING:
+ if ( StatslogTest( LDAP_DEBUG_ANY ) ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "meta_back_quarantine[%d]: block #%d try #%d failed",
+ candidate, ri->ri_idx, ri->ri_count );
+ Debug( LDAP_DEBUG_ANY, "%s %s.\n",
+ op->o_log_prefix, buf, 0 );
+ }
+
+ ++ri->ri_count;
+ if ( ri->ri_num[ ri->ri_idx ] != SLAP_RETRYNUM_FOREVER
+ && ri->ri_count == ri->ri_num[ ri->ri_idx ] )
+ {
+ ri->ri_count = 0;
+ ++ri->ri_idx;
+ }
+ break;
+
+ default:
+ break;
+ }
+
+ mt->mt_isquarantined = LDAP_BACK_FQ_YES;
+ ri->ri_last = new_last;
+
+ } else if ( mt->mt_isquarantined == LDAP_BACK_FQ_RETRYING ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_back_quarantine[%d]: exit.\n",
+ op->o_log_prefix, candidate, 0 );
+
+ if ( mi->mi_quarantine_f ) {
+ (void)mi->mi_quarantine_f( mi, candidate,
+ mi->mi_quarantine_p );
+ }
+
+ ri->ri_count = 0;
+ ri->ri_idx = 0;
+ mt->mt_isquarantined = LDAP_BACK_FQ_NO;
+ }
+
+done:;
+ ldap_pvt_thread_mutex_unlock( &mt->mt_quarantine_mutex );
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/delete.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/delete.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/delete.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,104 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/delete.c,v 1.19.2.15 2007/01/13 11:19:07 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+
+int
+meta_back_delete( Operation *op, SlapReply *rs )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metatarget_t *mt;
+ metaconn_t *mc = NULL;
+ int candidate = -1;
+ struct berval mdn = BER_BVNULL;
+ dncookie dc;
+ int msgid;
+ int do_retry = 1;
+ LDAPControl **ctrls = NULL;
+
+ mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
+ if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
+ return rs->sr_err;
+ }
+
+ assert( mc->mc_conns[ candidate ].msc_ld != NULL );
+
+ /*
+ * Rewrite the compare dn, if needed
+ */
+ mt = mi->mi_targets[ candidate ];
+ dc.target = mt;
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "deleteDN";
+
+ if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+retry:;
+ ctrls = op->o_ctrls;
+ if ( ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
+ mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ) != LDAP_SUCCESS )
+ {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ rs->sr_err = ldap_delete_ext( mc->mc_conns[ candidate ].msc_ld,
+ mdn.bv_val, ctrls, NULL, &msgid );
+ rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
+ mt->mt_timeout[ SLAP_OP_DELETE ], LDAP_BACK_SENDRESULT );
+ if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
+ do_retry = 0;
+ if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
+ /* if the identity changed, there might be need to re-authz */
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ goto retry;
+ }
+ }
+
+cleanup:;
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
+ if ( mdn.bv_val != op->o_req_dn.bv_val ) {
+ free( mdn.bv_val );
+ BER_BVZERO( &mdn );
+ }
+
+ if ( mc ) {
+ meta_back_release_conn( mi, mc );
+ }
+
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/dncache.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/dncache.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/dncache.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,235 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/dncache.c,v 1.10.2.7 2007/01/02 21:44:04 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+
+/*
+ * The dncache, at present, maps an entry to the target that holds it.
+ */
+
+typedef struct metadncacheentry_t {
+ struct berval dn;
+ int target;
+
+ time_t lastupdated;
+} metadncacheentry_t;
+
+/*
+ * meta_dncache_cmp
+ *
+ * compares two struct metadncacheentry; used by avl stuff
+ * FIXME: modify avl stuff to delete an entry based on cmp
+ * (e.g. when ttl expired?)
+ */
+int
+meta_dncache_cmp(
+ const void *c1,
+ const void *c2 )
+{
+ metadncacheentry_t *cc1 = ( metadncacheentry_t * )c1;
+ metadncacheentry_t *cc2 = ( metadncacheentry_t * )c2;
+
+ /*
+ * case sensitive, because the dn MUST be normalized
+ */
+ return ber_bvcmp( &cc1->dn, &cc2->dn);
+}
+
+/*
+ * meta_dncache_dup
+ *
+ * returns -1 in case a duplicate struct metadncacheentry has been inserted;
+ * used by avl stuff
+ */
+int
+meta_dncache_dup(
+ void *c1,
+ void *c2 )
+{
+ metadncacheentry_t *cc1 = ( metadncacheentry_t * )c1;
+ metadncacheentry_t *cc2 = ( metadncacheentry_t * )c2;
+
+ /*
+ * case sensitive, because the dn MUST be normalized
+ */
+ return ( ber_bvcmp( &cc1->dn, &cc2->dn ) == 0 ) ? -1 : 0;
+}
+
+/*
+ * meta_dncache_get_target
+ *
+ * returns the target a dn belongs to, or -1 in case the dn is not
+ * in the cache
+ */
+int
+meta_dncache_get_target(
+ metadncache_t *cache,
+ struct berval *ndn )
+{
+ metadncacheentry_t tmp_entry,
+ *entry;
+ int target = META_TARGET_NONE;
+
+ assert( cache != NULL );
+ assert( ndn != NULL );
+
+ tmp_entry.dn = *ndn;
+ ldap_pvt_thread_mutex_lock( &cache->mutex );
+ entry = ( metadncacheentry_t * )avl_find( cache->tree,
+ ( caddr_t )&tmp_entry, meta_dncache_cmp );
+
+ if ( entry != NULL ) {
+
+ /*
+ * if cache->ttl < 0, cache never expires;
+ * if cache->ttl = 0 no cache is used; shouldn't get here
+ * else, cache is used with ttl
+ */
+ if ( cache->ttl < 0 ) {
+ target = entry->target;
+
+ } else {
+ if ( entry->lastupdated+cache->ttl > slap_get_time() ) {
+ target = entry->target;
+ }
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &cache->mutex );
+
+ return target;
+}
+
+/*
+ * meta_dncache_update_entry
+ *
+ * updates target and lastupdated of a struct metadncacheentry if exists,
+ * otherwise it gets created; returns -1 in case of error
+ */
+int
+meta_dncache_update_entry(
+ metadncache_t *cache,
+ struct berval *ndn,
+ int target )
+{
+ metadncacheentry_t *entry,
+ tmp_entry;
+ time_t curr_time = 0L;
+ int err = 0;
+
+ assert( cache != NULL );
+ assert( ndn != NULL );
+
+ /*
+ * if cache->ttl < 0, cache never expires;
+ * if cache->ttl = 0 no cache is used; shouldn't get here
+ * else, cache is used with ttl
+ */
+ if ( cache->ttl > 0 ) {
+ curr_time = slap_get_time();
+ }
+
+ tmp_entry.dn = *ndn;
+
+ ldap_pvt_thread_mutex_lock( &cache->mutex );
+ entry = ( metadncacheentry_t * )avl_find( cache->tree,
+ ( caddr_t )&tmp_entry, meta_dncache_cmp );
+
+ if ( entry != NULL ) {
+ entry->target = target;
+ entry->lastupdated = curr_time;
+
+ } else {
+ entry = ch_malloc( sizeof( metadncacheentry_t ) + ndn->bv_len + 1 );
+ if ( entry == NULL ) {
+ err = -1;
+ goto error_return;
+ }
+
+ entry->dn.bv_len = ndn->bv_len;
+ entry->dn.bv_val = (char *)&entry[ 1 ];
+ AC_MEMCPY( entry->dn.bv_val, ndn->bv_val, ndn->bv_len );
+ entry->dn.bv_val[ ndn->bv_len ] = '\0';
+
+ entry->target = target;
+ entry->lastupdated = curr_time;
+
+ err = avl_insert( &cache->tree, ( caddr_t )entry,
+ meta_dncache_cmp, meta_dncache_dup );
+ }
+
+error_return:;
+ ldap_pvt_thread_mutex_unlock( &cache->mutex );
+
+ return err;
+}
+
+/*
+ * meta_dncache_update_entry
+ *
+ * updates target and lastupdated of a struct metadncacheentry if exists,
+ * otherwise it gets created; returns -1 in case of error
+ */
+int
+meta_dncache_delete_entry(
+ metadncache_t *cache,
+ struct berval *ndn )
+{
+ metadncacheentry_t *entry,
+ tmp_entry;
+
+ assert( cache != NULL );
+ assert( ndn != NULL );
+
+ tmp_entry.dn = *ndn;
+
+ ldap_pvt_thread_mutex_lock( &cache->mutex );
+ entry = avl_delete( &cache->tree, ( caddr_t )&tmp_entry,
+ meta_dncache_cmp );
+ ldap_pvt_thread_mutex_unlock( &cache->mutex );
+
+ if ( entry != NULL ) {
+ meta_dncache_free( ( void * )entry );
+ }
+
+ return 0;
+}
+
+/*
+ * meta_dncache_free
+ *
+ * frees an entry
+ *
+ */
+void
+meta_dncache_free(
+ void *e )
+{
+ free( e );
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/init.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/init.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/init.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,390 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/init.c,v 1.37.2.16 2007/01/26 22:05:36 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+
+int
+meta_back_open(
+ BackendInfo *bi )
+{
+ /* FIXME: need to remove the pagedResults, and likely more... */
+ bi->bi_controls = slap_known_controls;
+
+ return 0;
+}
+
+int
+meta_back_initialize(
+ BackendInfo *bi )
+{
+ bi->bi_open = meta_back_open;
+ bi->bi_config = 0;
+ bi->bi_close = 0;
+ bi->bi_destroy = 0;
+
+ bi->bi_db_init = meta_back_db_init;
+ bi->bi_db_config = meta_back_db_config;
+ bi->bi_db_open = meta_back_db_open;
+ bi->bi_db_close = 0;
+ bi->bi_db_destroy = meta_back_db_destroy;
+
+ bi->bi_op_bind = meta_back_bind;
+ bi->bi_op_unbind = 0;
+ bi->bi_op_search = meta_back_search;
+ bi->bi_op_compare = meta_back_compare;
+ bi->bi_op_modify = meta_back_modify;
+ bi->bi_op_modrdn = meta_back_modrdn;
+ bi->bi_op_add = meta_back_add;
+ bi->bi_op_delete = meta_back_delete;
+ bi->bi_op_abandon = 0;
+
+ bi->bi_extended = 0;
+
+ bi->bi_chk_referrals = 0;
+
+ bi->bi_connection_init = 0;
+ bi->bi_connection_destroy = meta_back_conn_destroy;
+
+ return 0;
+}
+
+int
+meta_back_db_init(
+ Backend *be )
+{
+ metainfo_t *mi;
+ int i;
+
+ mi = ch_calloc( 1, sizeof( metainfo_t ) );
+ if ( mi == NULL ) {
+ return -1;
+ }
+
+ /*
+ * At present the default is no default target;
+ * this may change
+ */
+ mi->mi_defaulttarget = META_DEFAULT_TARGET_NONE;
+ mi->mi_bind_timeout.tv_sec = 0;
+ mi->mi_bind_timeout.tv_usec = META_BIND_TIMEOUT;
+
+ mi->mi_rebind_f = meta_back_default_rebind;
+
+ ldap_pvt_thread_mutex_init( &mi->mi_conninfo.lai_mutex );
+ ldap_pvt_thread_mutex_init( &mi->mi_cache.mutex );
+
+ /* safe default */
+ mi->mi_nretries = META_RETRY_DEFAULT;
+ mi->mi_version = LDAP_VERSION3;
+
+ for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+ mi->mi_conn_priv[ i ].mic_num = 0;
+ LDAP_TAILQ_INIT( &mi->mi_conn_priv[ i ].mic_priv );
+ }
+ mi->mi_conn_priv_max = LDAP_BACK_CONN_PRIV_DEFAULT;
+
+ be->be_private = mi;
+
+ return 0;
+}
+
+int
+meta_back_db_open(
+ Backend *be )
+{
+ metainfo_t *mi = (metainfo_t *)be->be_private;
+
+ int i,
+ not_always = 0,
+ not_always_anon_proxyauthz = 0,
+ not_always_anon_non_prescriptive = 0,
+ rc;
+
+ if ( mi->mi_ntargets == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "meta_back_db_open: no targets defined\n",
+ 0, 0, 0 );
+ return 1;
+ }
+
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ metatarget_t *mt = mi->mi_targets[ i ];
+
+ if ( META_BACK_TGT_T_F_DISCOVER( mt ) ) {
+ rc = slap_discover_feature( mt->mt_uri, mt->mt_version,
+ slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
+ LDAP_FEATURE_ABSOLUTE_FILTERS );
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ mt->mt_flags |= LDAP_BACK_F_T_F;
+ }
+ }
+
+ if ( META_BACK_TGT_CANCEL_DISCOVER( mt ) ) {
+ rc = slap_discover_feature( mt->mt_uri, mt->mt_version,
+ slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
+ LDAP_EXOP_CANCEL );
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ mt->mt_flags |= LDAP_BACK_F_CANCEL_EXOP;
+ }
+ }
+
+ if ( not_always == 0 ) {
+ if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE )
+ || mt->mt_idassert_authz != NULL )
+ {
+ not_always = 1;
+ }
+ }
+
+ if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL )
+ && !( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
+ {
+ Debug( LDAP_DEBUG_ANY, "meta_back_db_open(%s): "
+ "target #%d inconsistent idassert configuration "
+ "(likely authz=\"*\" used with \"non-prescriptive\" flag)\n",
+ be->be_suffix[ 0 ].bv_val, i, 0 );
+ return 1;
+ }
+
+ if ( not_always_anon_proxyauthz == 0 ) {
+ if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) )
+ {
+ not_always_anon_proxyauthz = 1;
+ }
+ }
+
+ if ( not_always_anon_non_prescriptive == 0 ) {
+ if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
+ {
+ not_always_anon_non_prescriptive = 1;
+ }
+ }
+ }
+
+ if ( not_always == 0 ) {
+ mi->mi_flags |= META_BACK_F_PROXYAUTHZ_ALWAYS;
+ }
+
+ if ( not_always_anon_proxyauthz == 0 ) {
+ mi->mi_flags |= META_BACK_F_PROXYAUTHZ_ANON;
+
+ } else if ( not_always_anon_non_prescriptive == 0 ) {
+ mi->mi_flags |= META_BACK_F_PROXYAUTHZ_NOANON;
+ }
+
+ return 0;
+}
+
+/*
+ * meta_back_conn_free()
+ *
+ * actually frees a connection; the reference count must be 0,
+ * and it must not (or no longer) be in the cache.
+ */
+void
+meta_back_conn_free(
+ void *v_mc )
+{
+ metaconn_t *mc = v_mc;
+ int ntargets;
+
+ assert( mc != NULL );
+ assert( mc->mc_refcnt == 0 );
+
+ /* at least one must be present... */
+ ntargets = mc->mc_info->mi_ntargets;
+ assert( ntargets > 0 );
+
+ for ( ; ntargets--; ) {
+ (void)meta_clear_one_candidate( NULL, mc, ntargets );
+ }
+
+ if ( !BER_BVISNULL( &mc->mc_local_ndn ) ) {
+ free( mc->mc_local_ndn.bv_val );
+ }
+
+ free( mc );
+}
+
+static void
+mapping_free(
+ void *v_mapping )
+{
+ struct ldapmapping *mapping = v_mapping;
+ ch_free( mapping->src.bv_val );
+ ch_free( mapping->dst.bv_val );
+ ch_free( mapping );
+}
+
+static void
+mapping_dst_free(
+ void *v_mapping )
+{
+ struct ldapmapping *mapping = v_mapping;
+
+ if ( BER_BVISEMPTY( &mapping->dst ) ) {
+ mapping_free( &mapping[ -1 ] );
+ }
+}
+
+static void
+target_free(
+ metatarget_t *mt )
+{
+ if ( mt->mt_uri ) {
+ free( mt->mt_uri );
+ ldap_pvt_thread_mutex_destroy( &mt->mt_uri_mutex );
+ }
+ if ( mt->mt_subtree_exclude ) {
+ ber_bvarray_free( mt->mt_subtree_exclude );
+ }
+ if ( !BER_BVISNULL( &mt->mt_psuffix ) ) {
+ free( mt->mt_psuffix.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_nsuffix ) ) {
+ free( mt->mt_nsuffix.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_binddn ) ) {
+ free( mt->mt_binddn.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_bindpw ) ) {
+ free( mt->mt_bindpw.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_idassert_authcID ) ) {
+ ch_free( mt->mt_idassert_authcID.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_idassert_authcDN ) ) {
+ ch_free( mt->mt_idassert_authcDN.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_idassert_passwd ) ) {
+ ch_free( mt->mt_idassert_passwd.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_idassert_authzID ) ) {
+ ch_free( mt->mt_idassert_authzID.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_idassert_sasl_mech ) ) {
+ ch_free( mt->mt_idassert_sasl_mech.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_idassert_sasl_realm ) ) {
+ ch_free( mt->mt_idassert_sasl_realm.bv_val );
+ }
+ if ( mt->mt_idassert_authz != NULL ) {
+ ber_bvarray_free( mt->mt_idassert_authz );
+ }
+ if ( mt->mt_rwmap.rwm_rw ) {
+ rewrite_info_delete( &mt->mt_rwmap.rwm_rw );
+ }
+ avl_free( mt->mt_rwmap.rwm_oc.remap, mapping_dst_free );
+ avl_free( mt->mt_rwmap.rwm_oc.map, mapping_free );
+ avl_free( mt->mt_rwmap.rwm_at.remap, mapping_dst_free );
+ avl_free( mt->mt_rwmap.rwm_at.map, mapping_free );
+
+ free( mt );
+}
+
+int
+meta_back_db_destroy(
+ Backend *be )
+{
+ metainfo_t *mi;
+
+ if ( be->be_private ) {
+ int i;
+
+ mi = ( metainfo_t * )be->be_private;
+
+ /*
+ * Destroy the connection tree
+ */
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+
+ if ( mi->mi_conninfo.lai_tree ) {
+ avl_free( mi->mi_conninfo.lai_tree, meta_back_conn_free );
+ }
+ for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+ while ( !LDAP_TAILQ_EMPTY( &mi->mi_conn_priv[ i ].mic_priv ) ) {
+ metaconn_t *mc = LDAP_TAILQ_FIRST( &mi->mi_conn_priv[ i ].mic_priv );
+
+ LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ i ].mic_priv, mc, mc_q );
+ meta_back_conn_free( mc );
+ }
+ }
+
+ /*
+ * Destroy the per-target stuff (assuming there's at
+ * least one ...)
+ */
+ if ( mi->mi_targets != NULL ) {
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ metatarget_t *mt = mi->mi_targets[ i ];
+
+ if ( META_BACK_TGT_QUARANTINE( mt ) ) {
+ if ( mt->mt_quarantine.ri_num != mi->mi_quarantine.ri_num )
+ {
+ slap_retry_info_destroy( &mt->mt_quarantine );
+ }
+
+ ldap_pvt_thread_mutex_destroy( &mt->mt_quarantine_mutex );
+ }
+
+ target_free( mt );
+ }
+
+ free( mi->mi_targets );
+ }
+
+ ldap_pvt_thread_mutex_lock( &mi->mi_cache.mutex );
+ if ( mi->mi_cache.tree ) {
+ avl_free( mi->mi_cache.tree, meta_dncache_free );
+ }
+
+ ldap_pvt_thread_mutex_unlock( &mi->mi_cache.mutex );
+ ldap_pvt_thread_mutex_destroy( &mi->mi_cache.mutex );
+
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ ldap_pvt_thread_mutex_destroy( &mi->mi_conninfo.lai_mutex );
+
+ if ( mi->mi_candidates != NULL ) {
+ ber_memfree_x( mi->mi_candidates, NULL );
+ }
+
+ if ( META_BACK_QUARANTINE( mi ) ) {
+ slap_retry_info_destroy( &mi->mi_quarantine );
+ }
+ }
+
+ free( be->be_private );
+ return 0;
+}
+
+#if SLAPD_META == SLAPD_MOD_DYNAMIC
+
+/* conditionally define the init_module() function */
+SLAP_BACKEND_INIT_MODULE( meta )
+
+#endif /* SLAPD_META == SLAPD_MOD_DYNAMIC */
+
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/map.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/map.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/map.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,804 @@
+/* map.c - ldap backend mapping routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/map.c,v 1.1.2.14 2007/02/26 19:40:12 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+/* This is an altered version */
+/*
+ * Copyright 1999, Howard Chu, All rights reserved. <hyc at highlandsun.com>
+ *
+ * Permission is granted to anyone to use this software for any purpose
+ * on any computer system, and to alter it and redistribute it, subject
+ * to the following restrictions:
+ *
+ * 1. The author is not responsible for the consequences of use of this
+ * software, no matter how awful, even if they arise from flaws in it.
+ *
+ * 2. The origin of this software must not be misrepresented, either by
+ * explicit claim or by omission. Since few users ever read sources,
+ * credits should appear in the documentation.
+ *
+ * 3. Altered versions must be plainly marked as such, and must not be
+ * misrepresented as being the original software. Since few users
+ * ever read sources, credits should appear in the documentation.
+ *
+ * 4. This notice may not be removed or altered.
+ *
+ *
+ *
+ * Copyright 2000, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
+ *
+ * This software is being modified by Pierangelo Masarati.
+ * The previously reported conditions apply to the modified code as well.
+ * Changes in the original code are highlighted where required.
+ * Credits for the original code go to the author, Howard Chu.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+
+#undef ldap_debug /* silence a warning in ldap-int.h */
+#include "../../../libraries/libldap/ldap-int.h"
+
+int
+mapping_cmp ( const void *c1, const void *c2 )
+{
+ struct ldapmapping *map1 = (struct ldapmapping *)c1;
+ struct ldapmapping *map2 = (struct ldapmapping *)c2;
+ int rc = map1->src.bv_len - map2->src.bv_len;
+ if (rc) return rc;
+ return ( strcasecmp( map1->src.bv_val, map2->src.bv_val ) );
+}
+
+int
+mapping_dup ( void *c1, void *c2 )
+{
+ struct ldapmapping *map1 = (struct ldapmapping *)c1;
+ struct ldapmapping *map2 = (struct ldapmapping *)c2;
+
+ return ( ( strcasecmp( map1->src.bv_val, map2->src.bv_val ) == 0 ) ? -1 : 0 );
+}
+
+void
+ldap_back_map_init ( struct ldapmap *lm, struct ldapmapping **m )
+{
+ struct ldapmapping *mapping;
+
+ assert( m != NULL );
+
+ *m = NULL;
+
+ mapping = (struct ldapmapping *)ch_calloc( 2,
+ sizeof( struct ldapmapping ) );
+ if ( mapping == NULL ) {
+ return;
+ }
+
+ ber_str2bv( "objectclass", STRLENOF("objectclass"), 1, &mapping[0].src);
+ ber_dupbv( &mapping[0].dst, &mapping[0].src );
+ mapping[1].src = mapping[0].src;
+ mapping[1].dst = mapping[0].dst;
+
+ avl_insert( &lm->map, (caddr_t)&mapping[0],
+ mapping_cmp, mapping_dup );
+ avl_insert( &lm->remap, (caddr_t)&mapping[1],
+ mapping_cmp, mapping_dup );
+ *m = mapping;
+}
+
+int
+ldap_back_mapping ( struct ldapmap *map, struct berval *s, struct ldapmapping **m,
+ int remap )
+{
+ Avlnode *tree;
+ struct ldapmapping fmapping;
+
+ assert( m != NULL );
+
+ if ( remap == BACKLDAP_REMAP ) {
+ tree = map->remap;
+
+ } else {
+ tree = map->map;
+ }
+
+ fmapping.src = *s;
+ *m = (struct ldapmapping *)avl_find( tree, (caddr_t)&fmapping, mapping_cmp );
+ if ( *m == NULL ) {
+ return map->drop_missing;
+ }
+
+ return 0;
+}
+
+void
+ldap_back_map ( struct ldapmap *map, struct berval *s, struct berval *bv,
+ int remap )
+{
+ struct ldapmapping *mapping;
+
+ /* map->map may be NULL when mapping is configured,
+ * but map->remap can't */
+ if ( map->remap == NULL ) {
+ *bv = *s;
+ return;
+ }
+
+ BER_BVZERO( bv );
+ ( void )ldap_back_mapping( map, s, &mapping, remap );
+ if ( mapping != NULL ) {
+ if ( !BER_BVISNULL( &mapping->dst ) ) {
+ *bv = mapping->dst;
+ }
+ return;
+ }
+
+ if ( !map->drop_missing ) {
+ *bv = *s;
+ }
+}
+
+int
+ldap_back_map_attrs(
+ struct ldapmap *at_map,
+ AttributeName *an,
+ int remap,
+ char ***mapped_attrs
+)
+{
+ int i, j;
+ char **na;
+ struct berval mapped;
+
+ if ( an == NULL ) {
+ *mapped_attrs = NULL;
+ return LDAP_SUCCESS;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ )
+ /* */ ;
+
+ na = (char **)ch_calloc( i + 1, sizeof(char *) );
+ if ( na == NULL ) {
+ *mapped_attrs = NULL;
+ return LDAP_NO_MEMORY;
+ }
+
+ for ( i = j = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) {
+ ldap_back_map( at_map, &an[i].an_name, &mapped, remap );
+ if ( !BER_BVISNULL( &mapped ) && !BER_BVISEMPTY( &mapped ) ) {
+ na[j++] = mapped.bv_val;
+ }
+ }
+ if ( j == 0 && i != 0 ) {
+ na[j++] = LDAP_NO_ATTRS;
+ }
+ na[j] = NULL;
+
+ *mapped_attrs = na;
+ return LDAP_SUCCESS;
+}
+
+int
+map_attr_value(
+ dncookie *dc,
+ AttributeDescription *ad,
+ struct berval *mapped_attr,
+ struct berval *value,
+ struct berval *mapped_value,
+ int remap )
+{
+ struct berval vtmp;
+ int freeval = 0;
+
+ ldap_back_map( &dc->target->mt_rwmap.rwm_at, &ad->ad_cname, mapped_attr, remap );
+ if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) {
+#if 0
+ /*
+ * FIXME: are we sure we need to search oc_map if at_map fails?
+ */
+ ldap_back_map( &dc->target->mt_rwmap.rwm_oc, &ad->ad_cname, mapped_attr, remap );
+ if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) {
+ *mapped_attr = ad->ad_cname;
+ }
+#endif
+ if ( dc->target->mt_rwmap.rwm_at.drop_missing ) {
+ return -1;
+ }
+
+ *mapped_attr = ad->ad_cname;
+ }
+
+ if ( value == NULL ) {
+ return 0;
+ }
+
+ if ( ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
+ {
+ dncookie fdc = *dc;
+
+#ifdef ENABLE_REWRITE
+ fdc.ctx = "searchFilterAttrDN";
+#endif
+
+ switch ( ldap_back_dn_massage( &fdc, value, &vtmp ) ) {
+ case LDAP_SUCCESS:
+ if ( vtmp.bv_val != value->bv_val ) {
+ freeval = 1;
+ }
+ break;
+
+ case LDAP_UNWILLING_TO_PERFORM:
+ return -1;
+
+ case LDAP_OTHER:
+ return -1;
+ }
+
+ } else if ( ad == slap_schema.si_ad_objectClass || ad == slap_schema.si_ad_structuralObjectClass ) {
+ ldap_back_map( &dc->target->mt_rwmap.rwm_oc, value, &vtmp, remap );
+ if ( BER_BVISNULL( &vtmp ) || BER_BVISEMPTY( &vtmp ) ) {
+ vtmp = *value;
+ }
+
+ } else {
+ vtmp = *value;
+ }
+
+ filter_escape_value( &vtmp, mapped_value );
+
+ if ( freeval ) {
+ ber_memfree( vtmp.bv_val );
+ }
+
+ return 0;
+}
+
+static int
+ldap_back_int_filter_map_rewrite(
+ dncookie *dc,
+ Filter *f,
+ struct berval *fstr,
+ int remap )
+{
+ int i;
+ Filter *p;
+ struct berval atmp,
+ vtmp,
+ *tmp;
+ static struct berval
+ /* better than nothing... */
+ ber_bvfalse = BER_BVC( "(!(objectClass=*))" ),
+ ber_bvtf_false = BER_BVC( "(|)" ),
+ /* better than nothing... */
+ ber_bvtrue = BER_BVC( "(objectClass=*)" ),
+ ber_bvtf_true = BER_BVC( "(&)" ),
+#if 0
+ /* no longer needed; preserved for completeness */
+ ber_bvundefined = BER_BVC( "(?=undefined)" ),
+#endif
+ ber_bverror = BER_BVC( "(?=error)" ),
+ ber_bvunknown = BER_BVC( "(?=unknown)" ),
+ ber_bvnone = BER_BVC( "(?=none)" );
+ ber_len_t len;
+
+ assert( fstr != NULL );
+ BER_BVZERO( fstr );
+
+ if ( f == NULL ) {
+ ber_dupbv( fstr, &ber_bvnone );
+ return LDAP_OTHER;
+ }
+
+ switch ( f->f_choice ) {
+ case LDAP_FILTER_EQUALITY:
+ if ( map_attr_value( dc, f->f_av_desc, &atmp,
+ &f->f_av_value, &vtmp, remap ) )
+ {
+ goto computed;
+ }
+
+ fstr->bv_len = atmp.bv_len + vtmp.bv_len
+ + ( sizeof("(=)") - 1 );
+ fstr->bv_val = malloc( fstr->bv_len + 1 );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
+
+ ber_memfree( vtmp.bv_val );
+ break;
+
+ case LDAP_FILTER_GE:
+ if ( map_attr_value( dc, f->f_av_desc, &atmp,
+ &f->f_av_value, &vtmp, remap ) )
+ {
+ goto computed;
+ }
+
+ fstr->bv_len = atmp.bv_len + vtmp.bv_len
+ + ( sizeof("(>=)") - 1 );
+ fstr->bv_val = malloc( fstr->bv_len + 1 );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
+
+ ber_memfree( vtmp.bv_val );
+ break;
+
+ case LDAP_FILTER_LE:
+ if ( map_attr_value( dc, f->f_av_desc, &atmp,
+ &f->f_av_value, &vtmp, remap ) )
+ {
+ goto computed;
+ }
+
+ fstr->bv_len = atmp.bv_len + vtmp.bv_len
+ + ( sizeof("(<=)") - 1 );
+ fstr->bv_val = malloc( fstr->bv_len + 1 );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
+
+ ber_memfree( vtmp.bv_val );
+ break;
+
+ case LDAP_FILTER_APPROX:
+ if ( map_attr_value( dc, f->f_av_desc, &atmp,
+ &f->f_av_value, &vtmp, remap ) )
+ {
+ goto computed;
+ }
+
+ fstr->bv_len = atmp.bv_len + vtmp.bv_len
+ + ( sizeof("(~=)") - 1 );
+ fstr->bv_val = malloc( fstr->bv_len + 1 );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
+
+ ber_memfree( vtmp.bv_val );
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ if ( map_attr_value( dc, f->f_sub_desc, &atmp,
+ NULL, NULL, remap ) )
+ {
+ goto computed;
+ }
+
+ /* cannot be a DN ... */
+
+ fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
+ fstr->bv_val = malloc( fstr->bv_len + 128 ); /* FIXME: why 128 ? */
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
+ atmp.bv_val );
+
+ if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
+ len = fstr->bv_len;
+
+ filter_escape_value( &f->f_sub_initial, &vtmp );
+
+ fstr->bv_len += vtmp.bv_len;
+ fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
+
+ snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3,
+ /* "(attr=" */ "%s*)",
+ vtmp.bv_len ? vtmp.bv_val : "" );
+
+ ber_memfree( vtmp.bv_val );
+ }
+
+ if ( f->f_sub_any != NULL ) {
+ for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) {
+ len = fstr->bv_len;
+ filter_escape_value( &f->f_sub_any[i], &vtmp );
+
+ fstr->bv_len += vtmp.bv_len + 1;
+ fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
+
+ snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
+ /* "(attr=[init]*[any*]" */ "%s*)",
+ vtmp.bv_len ? vtmp.bv_val : "" );
+ ber_memfree( vtmp.bv_val );
+ }
+ }
+
+ if ( !BER_BVISNULL( &f->f_sub_final ) ) {
+ len = fstr->bv_len;
+
+ filter_escape_value( &f->f_sub_final, &vtmp );
+
+ fstr->bv_len += vtmp.bv_len;
+ fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
+
+ snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
+ /* "(attr=[init*][any*]" */ "%s)",
+ vtmp.bv_len ? vtmp.bv_val : "" );
+
+ ber_memfree( vtmp.bv_val );
+ }
+
+ break;
+
+ case LDAP_FILTER_PRESENT:
+ if ( map_attr_value( dc, f->f_desc, &atmp,
+ NULL, NULL, remap ) )
+ {
+ goto computed;
+ }
+
+ fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
+ fstr->bv_val = malloc( fstr->bv_len + 1 );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
+ atmp.bv_val );
+ break;
+
+ case LDAP_FILTER_AND:
+ case LDAP_FILTER_OR:
+ case LDAP_FILTER_NOT:
+ fstr->bv_len = STRLENOF( "(%)" );
+ fstr->bv_val = malloc( fstr->bv_len + 128 ); /* FIXME: why 128? */
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
+ f->f_choice == LDAP_FILTER_AND ? '&' :
+ f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
+
+ for ( p = f->f_list; p != NULL; p = p->f_next ) {
+ int rc;
+
+ len = fstr->bv_len;
+
+ rc = ldap_back_int_filter_map_rewrite( dc, p, &vtmp, remap );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ fstr->bv_len += vtmp.bv_len;
+ fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
+
+ snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2,
+ /*"("*/ "%s)", vtmp.bv_len ? vtmp.bv_val : "" );
+
+ ch_free( vtmp.bv_val );
+ }
+
+ break;
+
+ case LDAP_FILTER_EXT:
+ if ( f->f_mr_desc ) {
+ if ( map_attr_value( dc, f->f_mr_desc, &atmp,
+ &f->f_mr_value, &vtmp, remap ) )
+ {
+ goto computed;
+ }
+
+ } else {
+ BER_BVSTR( &atmp, "" );
+ filter_escape_value( &f->f_mr_value, &vtmp );
+ }
+
+ /* FIXME: cleanup (less ?: operators...) */
+ fstr->bv_len = atmp.bv_len +
+ ( f->f_mr_dnattrs ? STRLENOF( ":dn" ) : 0 ) +
+ ( !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_len + 1 : 0 ) +
+ vtmp.bv_len + ( STRLENOF( "(:=)" ) );
+ fstr->bv_val = malloc( fstr->bv_len + 1 );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
+ atmp.bv_val,
+ f->f_mr_dnattrs ? ":dn" : "",
+ !BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "",
+ !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "",
+ vtmp.bv_len ? vtmp.bv_val : "" );
+ ber_memfree( vtmp.bv_val );
+ break;
+
+ case SLAPD_FILTER_COMPUTED:
+ switch ( f->f_result ) {
+ case LDAP_COMPARE_FALSE:
+ /* FIXME: treat UNDEFINED as FALSE */
+ case SLAPD_COMPARE_UNDEFINED:
+computed:;
+ if ( META_BACK_TGT_T_F( dc->target ) ) {
+ tmp = &ber_bvtf_false;
+ break;
+ }
+ tmp = &ber_bvfalse;
+ break;
+
+ case LDAP_COMPARE_TRUE:
+ if ( META_BACK_TGT_T_F( dc->target ) ) {
+ tmp = &ber_bvtf_true;
+ break;
+ }
+
+ tmp = &ber_bvtrue;
+ break;
+
+ default:
+ tmp = &ber_bverror;
+ break;
+ }
+
+ ber_dupbv( fstr, tmp );
+ break;
+
+ default:
+ ber_dupbv( fstr, &ber_bvunknown );
+ break;
+ }
+
+ return 0;
+}
+
+int
+ldap_back_filter_map_rewrite(
+ dncookie *dc,
+ Filter *f,
+ struct berval *fstr,
+ int remap )
+{
+ int rc;
+ dncookie fdc;
+ struct berval ftmp;
+ static char *dmy = "";
+
+ rc = ldap_back_int_filter_map_rewrite( dc, f, fstr, remap );
+
+#ifdef ENABLE_REWRITE
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ fdc = *dc;
+ ftmp = *fstr;
+
+ fdc.ctx = "searchFilter";
+
+ switch ( rewrite_session( fdc.target->mt_rwmap.rwm_rw, fdc.ctx,
+ ( !BER_BVISEMPTY( &ftmp ) ? ftmp.bv_val : dmy ),
+ fdc.conn, &fstr->bv_val ) )
+ {
+ case REWRITE_REGEXEC_OK:
+ if ( !BER_BVISNULL( fstr ) ) {
+ fstr->bv_len = strlen( fstr->bv_val );
+
+ } else {
+ *fstr = ftmp;
+ }
+ Debug( LDAP_DEBUG_ARGS,
+ "[rw] %s: \"%s\" -> \"%s\"\n",
+ fdc.ctx, BER_BVISNULL( &ftmp ) ? "" : ftmp.bv_val,
+ BER_BVISNULL( fstr ) ? "" : fstr->bv_val );
+ rc = LDAP_SUCCESS;
+ break;
+
+ case REWRITE_REGEXEC_UNWILLING:
+ if ( fdc.rs ) {
+ fdc.rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ fdc.rs->sr_text = "Operation not allowed";
+ }
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ break;
+
+ case REWRITE_REGEXEC_ERR:
+ if ( fdc.rs ) {
+ fdc.rs->sr_err = LDAP_OTHER;
+ fdc.rs->sr_text = "Rewrite error";
+ }
+ rc = LDAP_OTHER;
+ break;
+ }
+
+ if ( fstr->bv_val == dmy ) {
+ BER_BVZERO( fstr );
+ }
+#endif /* ENABLE_REWRITE */
+
+ return rc;
+}
+
+int
+ldap_back_referral_result_rewrite(
+ dncookie *dc,
+ BerVarray a_vals
+)
+{
+ int i, last;
+
+ assert( dc != NULL );
+ assert( a_vals != NULL );
+
+ for ( last = 0; !BER_BVISNULL( &a_vals[ last ] ); last++ )
+ ;
+ last--;
+
+ for ( i = 0; !BER_BVISNULL( &a_vals[ i ] ); i++ ) {
+ struct berval dn,
+ olddn = BER_BVNULL;
+ int rc;
+ LDAPURLDesc *ludp;
+
+ rc = ldap_url_parse( a_vals[ i ].bv_val, &ludp );
+ if ( rc != LDAP_URL_SUCCESS ) {
+ /* leave attr untouched if massage failed */
+ continue;
+ }
+
+ /* FIXME: URLs like "ldap:///dc=suffix" if passed
+ * thru ldap_url_parse() and ldap_url_desc2str()
+ * get rewritten as "ldap:///dc=suffix??base";
+ * we don't want this to occur... */
+ if ( ludp->lud_scope == LDAP_SCOPE_BASE ) {
+ ludp->lud_scope = LDAP_SCOPE_DEFAULT;
+ }
+
+ ber_str2bv( ludp->lud_dn, 0, 0, &olddn );
+
+ rc = ldap_back_dn_massage( dc, &olddn, &dn );
+ switch ( rc ) {
+ case LDAP_UNWILLING_TO_PERFORM:
+ /*
+ * FIXME: need to check if it may be considered
+ * legal to trim values when adding/modifying;
+ * it should be when searching (e.g. ACLs).
+ */
+ LBER_FREE( a_vals[ i ].bv_val );
+ if ( last > i ) {
+ a_vals[ i ] = a_vals[ last ];
+ }
+ BER_BVZERO( &a_vals[ last ] );
+ last--;
+ i--;
+ break;
+
+ default:
+ /* leave attr untouched if massage failed */
+ if ( !BER_BVISNULL( &dn ) && olddn.bv_val != dn.bv_val )
+ {
+ char *newurl;
+
+ ludp->lud_dn = dn.bv_val;
+ newurl = ldap_url_desc2str( ludp );
+ free( dn.bv_val );
+ if ( newurl == NULL ) {
+ /* FIXME: leave attr untouched
+ * even if ldap_url_desc2str failed...
+ */
+ break;
+ }
+
+ LBER_FREE( a_vals[ i ].bv_val );
+ ber_str2bv( newurl, 0, 1, &a_vals[ i ] );
+ LDAP_FREE( newurl );
+ ludp->lud_dn = olddn.bv_val;
+ }
+ break;
+ }
+
+ ldap_free_urldesc( ludp );
+ }
+
+ return 0;
+}
+
+/*
+ * I don't like this much, but we need two different
+ * functions because different heap managers may be
+ * in use in back-ldap/meta to reduce the amount of
+ * calls to malloc routines, and some of the free()
+ * routines may be macros with args
+ */
+int
+ldap_dnattr_rewrite(
+ dncookie *dc,
+ BerVarray a_vals
+)
+{
+ struct berval bv;
+ int i, last;
+
+ assert( a_vals != NULL );
+
+ for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ )
+ ;
+ last--;
+
+ for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
+ switch ( ldap_back_dn_massage( dc, &a_vals[i], &bv ) ) {
+ case LDAP_UNWILLING_TO_PERFORM:
+ /*
+ * FIXME: need to check if it may be considered
+ * legal to trim values when adding/modifying;
+ * it should be when searching (e.g. ACLs).
+ */
+ ch_free( a_vals[i].bv_val );
+ if ( last > i ) {
+ a_vals[i] = a_vals[last];
+ }
+ BER_BVZERO( &a_vals[last] );
+ last--;
+ break;
+
+ default:
+ /* leave attr untouched if massage failed */
+ if ( !BER_BVISNULL( &bv ) && bv.bv_val != a_vals[i].bv_val ) {
+ ch_free( a_vals[i].bv_val );
+ a_vals[i] = bv;
+ }
+ break;
+ }
+ }
+
+ return 0;
+}
+
+int
+ldap_dnattr_result_rewrite(
+ dncookie *dc,
+ BerVarray a_vals
+)
+{
+ struct berval bv;
+ int i, last;
+
+ assert( a_vals != NULL );
+
+ for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ )
+ ;
+ last--;
+
+ for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
+ switch ( ldap_back_dn_massage( dc, &a_vals[i], &bv ) ) {
+ case LDAP_UNWILLING_TO_PERFORM:
+ /*
+ * FIXME: need to check if it may be considered
+ * legal to trim values when adding/modifying;
+ * it should be when searching (e.g. ACLs).
+ */
+ LBER_FREE( a_vals[i].bv_val );
+ if ( last > i ) {
+ a_vals[i] = a_vals[last];
+ }
+ BER_BVZERO( &a_vals[last] );
+ last--;
+ break;
+
+ default:
+ /* leave attr untouched if massage failed */
+ if ( !BER_BVISNULL( &bv ) && a_vals[i].bv_val != bv.bv_val ) {
+ LBER_FREE( a_vals[i].bv_val );
+ a_vals[i] = bv;
+ }
+ break;
+ }
+ }
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/modify.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/modify.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/modify.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,222 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/modify.c,v 1.29.2.16 2007/01/13 11:19:07 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+
+int
+meta_back_modify( Operation *op, SlapReply *rs )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metatarget_t *mt;
+ metaconn_t *mc;
+ int rc = 0;
+ LDAPMod **modv = NULL;
+ LDAPMod *mods = NULL;
+ Modifications *ml;
+ int candidate = -1, i;
+ int isupdate;
+ struct berval mdn = BER_BVNULL;
+ struct berval mapped;
+ dncookie dc;
+ int msgid;
+ int do_retry = 1;
+ LDAPControl **ctrls = NULL;
+
+ mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
+ if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
+ return rs->sr_err;
+ }
+
+ assert( mc->mc_conns[ candidate ].msc_ld != NULL );
+
+ /*
+ * Rewrite the modify dn, if needed
+ */
+ mt = mi->mi_targets[ candidate ];
+ dc.target = mt;
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "modifyDN";
+
+ if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ for ( i = 0, ml = op->orm_modlist; ml; i++ ,ml = ml->sml_next )
+ ;
+
+ mods = ch_malloc( sizeof( LDAPMod )*i );
+ if ( mods == NULL ) {
+ rs->sr_err = LDAP_OTHER;
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+ modv = ( LDAPMod ** )ch_malloc( ( i + 1 )*sizeof( LDAPMod * ) );
+ if ( modv == NULL ) {
+ rs->sr_err = LDAP_OTHER;
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ dc.ctx = "modifyAttrDN";
+ isupdate = be_shadow_update( op );
+ for ( i = 0, ml = op->orm_modlist; ml; ml = ml->sml_next ) {
+ int j, is_oc = 0;
+
+ if ( !isupdate && !get_manageDIT( op ) && ml->sml_desc->ad_type->sat_no_user_mod )
+ {
+ continue;
+ }
+
+ if ( ml->sml_desc == slap_schema.si_ad_objectClass
+ || ml->sml_desc == slap_schema.si_ad_structuralObjectClass )
+ {
+ is_oc = 1;
+ mapped = ml->sml_desc->ad_cname;
+
+ } else {
+ ldap_back_map( &mt->mt_rwmap.rwm_at,
+ &ml->sml_desc->ad_cname, &mapped,
+ BACKLDAP_MAP );
+ if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
+ continue;
+ }
+ }
+
+ modv[ i ] = &mods[ i ];
+ mods[ i ].mod_op = ml->sml_op | LDAP_MOD_BVALUES;
+ mods[ i ].mod_type = mapped.bv_val;
+
+ /*
+ * FIXME: dn-valued attrs should be rewritten
+ * to allow their use in ACLs at the back-ldap
+ * level.
+ */
+ if ( ml->sml_values != NULL ) {
+ if ( is_oc ) {
+ for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )
+ ;
+ mods[ i ].mod_bvalues =
+ (struct berval **)ch_malloc( ( j + 1 ) *
+ sizeof( struct berval * ) );
+ for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); ) {
+ struct ldapmapping *mapping;
+
+ ldap_back_mapping( &mt->mt_rwmap.rwm_oc,
+ &ml->sml_values[ j ], &mapping, BACKLDAP_MAP );
+
+ if ( mapping == NULL ) {
+ if ( mt->mt_rwmap.rwm_oc.drop_missing ) {
+ continue;
+ }
+ mods[ i ].mod_bvalues[ j ] = &ml->sml_values[ j ];
+
+ } else {
+ mods[ i ].mod_bvalues[ j ] = &mapping->dst;
+ }
+ j++;
+ }
+ mods[ i ].mod_bvalues[ j ] = NULL;
+
+ } else {
+ if ( ml->sml_desc->ad_type->sat_syntax ==
+ slap_schema.si_syn_distinguishedName )
+ {
+ ( void )ldap_dnattr_rewrite( &dc, ml->sml_values );
+ if ( ml->sml_values == NULL ) {
+ continue;
+ }
+ }
+
+ for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )
+ ;
+ mods[ i ].mod_bvalues =
+ (struct berval **)ch_malloc( ( j + 1 ) *
+ sizeof( struct berval * ) );
+ for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ ) {
+ mods[ i ].mod_bvalues[ j ] = &ml->sml_values[ j ];
+ }
+ mods[ i ].mod_bvalues[ j ] = NULL;
+ }
+
+ } else {
+ mods[ i ].mod_bvalues = NULL;
+ }
+
+ i++;
+ }
+ modv[ i ] = 0;
+
+retry:;
+ ctrls = op->o_ctrls;
+ rc = ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
+ mt->mt_version, &mt->mt_idassert, op, rs, &ctrls );
+ if ( rc != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ rs->sr_err = ldap_modify_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
+ modv, ctrls, NULL, &msgid );
+ rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
+ mt->mt_timeout[ SLAP_OP_MODIFY ], LDAP_BACK_SENDRESULT );
+ if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
+ do_retry = 0;
+ if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
+ /* if the identity changed, there might be need to re-authz */
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ goto retry;
+ }
+ }
+
+cleanup:;
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
+ if ( mdn.bv_val != op->o_req_dn.bv_val ) {
+ free( mdn.bv_val );
+ BER_BVZERO( &mdn );
+ }
+ if ( modv != NULL ) {
+ for ( i = 0; modv[ i ]; i++ ) {
+ free( modv[ i ]->mod_bvalues );
+ }
+ }
+ free( mods );
+ free( modv );
+
+ if ( mc ) {
+ meta_back_release_conn( mi, mc );
+ }
+
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/modrdn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/modrdn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/modrdn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,166 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/modrdn.c,v 1.19.2.16 2007/01/13 11:19:07 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+
+int
+meta_back_modrdn( Operation *op, SlapReply *rs )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metatarget_t *mt;
+ metaconn_t *mc;
+ int candidate = -1;
+ struct berval mdn = BER_BVNULL,
+ mnewSuperior = BER_BVNULL;
+ dncookie dc;
+ int msgid;
+ int do_retry = 1;
+ LDAPControl **ctrls = NULL;
+
+ mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
+ if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
+ return rs->sr_err;
+ }
+
+ assert( mc->mc_conns[ candidate ].msc_ld != NULL );
+
+ mt = mi->mi_targets[ candidate ];
+ dc.target = mt;
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+
+ if ( op->orr_newSup ) {
+
+ /*
+ * NOTE: the newParent, if defined, must be on the
+ * same target as the entry to be renamed. This check
+ * has been anticipated in meta_back_getconn()
+ */
+ /*
+ * FIXME: one possibility is to delete the entry
+ * from one target and add it to the other;
+ * unfortunately we'd need write access to both,
+ * which is nearly impossible; for administration
+ * needs, the rootdn of the metadirectory could
+ * be mapped to an administrative account on each
+ * target (the binddn?); we'll see.
+ */
+ /*
+ * NOTE: we need to port the identity assertion
+ * feature from back-ldap
+ */
+
+ /* needs LDAPv3 */
+ switch ( mt->mt_version ) {
+ case LDAP_VERSION3:
+ break;
+
+ case 0:
+ if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) {
+ break;
+ }
+ /* fall thru */
+
+ default:
+ /* op->o_protocol cannot be anything but LDAPv3,
+ * otherwise wouldn't be here */
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ /*
+ * Rewrite the new superior, if defined and required
+ */
+ dc.ctx = "newSuperiorDN";
+ if ( ldap_back_dn_massage( &dc, op->orr_newSup, &mnewSuperior ) ) {
+ rs->sr_err = LDAP_OTHER;
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+ }
+
+ /*
+ * Rewrite the modrdn dn, if required
+ */
+ dc.ctx = "modrDN";
+ if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+ rs->sr_err = LDAP_OTHER;
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+retry:;
+ ctrls = op->o_ctrls;
+ if ( ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
+ mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ) != LDAP_SUCCESS )
+ {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ rs->sr_err = ldap_rename( mc->mc_conns[ candidate ].msc_ld,
+ mdn.bv_val, op->orr_newrdn.bv_val,
+ mnewSuperior.bv_val, op->orr_deleteoldrdn,
+ ctrls, NULL, &msgid );
+ rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
+ mt->mt_timeout[ SLAP_OP_MODRDN ], LDAP_BACK_SENDRESULT );
+ if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
+ do_retry = 0;
+ if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
+ /* if the identity changed, there might be need to re-authz */
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ goto retry;
+ }
+ }
+
+cleanup:;
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
+ if ( mdn.bv_val != op->o_req_dn.bv_val ) {
+ free( mdn.bv_val );
+ BER_BVZERO( &mdn );
+ }
+
+ if ( !BER_BVISNULL( &mnewSuperior )
+ && mnewSuperior.bv_val != op->orr_newSup->bv_val )
+ {
+ free( mnewSuperior.bv_val );
+ BER_BVZERO( &mnewSuperior );
+ }
+
+ if ( mc ) {
+ meta_back_release_conn( mi, mc );
+ }
+
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/proto-meta.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/proto-meta.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/proto-meta.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,52 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/proto-meta.h,v 1.2.2.5 2007/01/02 21:44:04 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#ifndef PROTO_META_H
+#define PROTO_META_H
+
+LDAP_BEGIN_DECL
+
+extern BI_init meta_back_initialize;
+
+extern BI_open meta_back_open;
+extern BI_close meta_back_close;
+extern BI_destroy meta_back_destroy;
+
+extern BI_db_init meta_back_db_init;
+extern BI_db_open meta_back_db_open;
+extern BI_db_destroy meta_back_db_destroy;
+extern BI_db_config meta_back_db_config;
+
+extern BI_op_bind meta_back_bind;
+extern BI_op_search meta_back_search;
+extern BI_op_compare meta_back_compare;
+extern BI_op_modify meta_back_modify;
+extern BI_op_modrdn meta_back_modrdn;
+extern BI_op_add meta_back_add;
+extern BI_op_delete meta_back_delete;
+extern BI_op_abandon meta_back_abandon;
+
+extern BI_connection_destroy meta_back_conn_destroy;
+
+LDAP_END_DECL
+
+#endif /* PROTO_META_H */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/search.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/search.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/search.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1985 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/search.c,v 1.84.2.32 2007/03/14 00:07:56 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "lutil.h"
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+#undef ldap_debug /* silence a warning in ldap-int.h */
+#include "ldap_log.h"
+#include "../../../libraries/libldap/ldap-int.h"
+
+/* IGNORE means that target does not (no longer) participate
+ * in the search;
+ * NOTREADY means the search on that target has not been initialized yet
+ */
+#define META_MSGID_IGNORE (-1)
+#define META_MSGID_NEED_BIND (-2)
+
+static int
+meta_send_entry(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t *mc,
+ int i,
+ LDAPMessage *e );
+
+typedef enum meta_search_candidate_t {
+ META_SEARCH_UNDEFINED = -2,
+ META_SEARCH_ERR = -1,
+ META_SEARCH_NOT_CANDIDATE,
+ META_SEARCH_CANDIDATE,
+ META_SEARCH_BINDING,
+ META_SEARCH_NEED_BIND
+} meta_search_candidate_t;
+
+/*
+ * meta_search_dobind_init()
+ *
+ * initiates bind for a candidate target of a search.
+ */
+static meta_search_candidate_t
+meta_search_dobind_init(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t **mcp,
+ int candidate,
+ SlapReply *candidates )
+{
+ metaconn_t *mc = *mcp;
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metatarget_t *mt = mi->mi_targets[ candidate ];
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+
+ struct berval binddn = msc->msc_bound_ndn,
+ cred = msc->msc_cred;
+ int method;
+
+ int rc;
+
+ meta_search_candidate_t retcode;
+
+ Debug( LDAP_DEBUG_TRACE, "%s >>> meta_search_dobind_init[%d]\n",
+ op->o_log_prefix, candidate, 0 );
+
+ /*
+ * all the targets are already bound as pseudoroot
+ */
+ if ( mc->mc_authz_target == META_BOUND_ALL ) {
+ return META_SEARCH_CANDIDATE;
+ }
+
+ retcode = META_SEARCH_BINDING;
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ if ( LDAP_BACK_CONN_ISBOUND( msc ) || LDAP_BACK_CONN_ISANON( msc ) ) {
+ /* already bound (or anonymous) */
+
+#ifdef DEBUG_205
+ char buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
+ int bound = 0;
+
+ if ( LDAP_BACK_CONN_ISBOUND( msc ) ) {
+ bound = 1;
+ }
+
+ snprintf( buf, sizeof( buf ), " mc=%p ld=%p%s DN=\"%s\"",
+ (void *)mc, (void *)msc->msc_ld,
+ bound ? " bound" : " anonymous",
+ bound == 0 ? "" : msc->msc_bound_ndn.bv_val );
+ Debug( LDAP_DEBUG_ANY, "### %s meta_search_dobind_init[%d]%s\n",
+ op->o_log_prefix, candidate, buf );
+#endif /* DEBUG_205 */
+
+ retcode = META_SEARCH_CANDIDATE;
+
+ } else if ( META_BACK_CONN_CREATING( msc ) || LDAP_BACK_CONN_BINDING( msc ) ) {
+ /* another thread is binding the target for this conn; wait */
+
+#ifdef DEBUG_205
+ char buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
+
+ snprintf( buf, sizeof( buf ), " mc=%p ld=%p needbind",
+ (void *)mc, (void *)msc->msc_ld );
+ Debug( LDAP_DEBUG_ANY, "### %s meta_search_dobind_init[%d]%s\n",
+ op->o_log_prefix, candidate, buf );
+#endif /* DEBUG_205 */
+
+ candidates[ candidate ].sr_msgid = META_MSGID_NEED_BIND;
+ retcode = META_SEARCH_NEED_BIND;
+
+ } else {
+ /* we'll need to bind the target for this conn */
+
+#ifdef DEBUG_205
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ), " mc=%p ld=%p binding",
+ (void *)mc, (void *)msc->msc_ld );
+ Debug( LDAP_DEBUG_ANY, "### %s meta_search_dobind_init[%d]%s\n",
+ op->o_log_prefix, candidate, buf );
+#endif /* DEBUG_205 */
+
+ if ( msc->msc_ld == NULL ) {
+ /* for some reason (e.g. because formerly in "binding"
+ * state, with eventual connection expiration or invalidation)
+ * it was not initialized as expected */
+
+ Debug( LDAP_DEBUG_ANY, "%s meta_search_dobind_init[%d] mc=%p ld=NULL\n",
+ op->o_log_prefix, candidate, (void *)mc );
+
+ rc = meta_back_init_one_conn( op, rs, *mcp, candidate,
+ LDAP_BACK_CONN_ISPRIV( *mcp ), LDAP_BACK_DONTSEND, 0 );
+ switch ( rc ) {
+ case LDAP_SUCCESS:
+ assert( msc->msc_ld != NULL );
+ break;
+
+ case LDAP_SERVER_DOWN:
+ case LDAP_UNAVAILABLE:
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ goto down;
+
+ default:
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ goto other;
+ }
+ }
+
+ LDAP_BACK_CONN_BINDING_SET( msc );
+ }
+
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+ if ( retcode != META_SEARCH_BINDING ) {
+ return retcode;
+ }
+
+ /* NOTE: this obsoletes pseudorootdn */
+ if ( op->o_conn != NULL &&
+ !op->o_do_not_cache &&
+ ( BER_BVISNULL( &msc->msc_bound_ndn ) ||
+ BER_BVISEMPTY( &msc->msc_bound_ndn ) ||
+ ( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) )
+ {
+ rc = meta_back_proxy_authz_cred( mc, candidate, op, rs, LDAP_BACK_DONTSEND, &binddn, &cred, &method );
+ if ( rc != LDAP_SUCCESS ) {
+ goto down;
+ }
+
+ /* NOTE: we copy things here, even if bind didn't succeed yet,
+ * because the connection is not shared until bind is over */
+ if ( !BER_BVISNULL( &binddn ) ) {
+ ber_bvreplace( &msc->msc_bound_ndn, &binddn );
+ if ( LDAP_BACK_SAVECRED( mi ) && !BER_BVISNULL( &cred ) ) {
+ if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+ memset( msc->msc_cred.bv_val, 0,
+ msc->msc_cred.bv_len );
+ }
+ ber_bvreplace( &msc->msc_cred, &cred );
+ }
+ }
+
+ if ( LDAP_BACK_CONN_ISBOUND( msc ) ) {
+ /* apparently, idassert was configured with SASL bind,
+ * so bind occurred inside meta_back_proxy_authz_cred() */
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ LDAP_BACK_CONN_BINDING_CLEAR( msc );
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ return META_SEARCH_CANDIDATE;
+ }
+
+ /* paranoid */
+ switch ( method ) {
+ case LDAP_AUTH_NONE:
+ case LDAP_AUTH_SIMPLE:
+ /* do a simple bind with binddn, cred */
+ break;
+
+ default:
+ assert( 0 );
+ break;
+ }
+ }
+
+ assert( msc->msc_ld != NULL );
+
+retry:;
+ rc = ldap_sasl_bind( msc->msc_ld, binddn.bv_val, LDAP_SASL_SIMPLE, &cred,
+ NULL, NULL, &candidates[ candidate ].sr_msgid );
+
+#ifdef DEBUG_205
+ {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ), "meta_search_dobind_init[%d] mc=%p ld=%p rc=%d",
+ candidate, (void *)mc, (void *)mc->mc_conns[ candidate ].msc_ld, rc );
+ Debug( LDAP_DEBUG_ANY, "### %s %s\n",
+ op->o_log_prefix, buf, 0 );
+ }
+#endif /* DEBUG_205 */
+
+ switch ( rc ) {
+ case LDAP_SUCCESS:
+ assert( candidates[ candidate ].sr_msgid >= 0 );
+ META_BINDING_SET( &candidates[ candidate ] );
+ return META_SEARCH_BINDING;
+
+ case LDAP_SERVER_DOWN:
+down:;
+ /* This is the worst thing that could happen:
+ * the search will wait until the retry is over. */
+ if ( !META_IS_RETRYING( &candidates[ candidate ] ) ) {
+ META_RETRYING_SET( &candidates[ candidate ] );
+
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+
+ assert( mc->mc_refcnt > 0 );
+ if ( StatslogTest( LDAP_DEBUG_ANY ) ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ /* this lock is required; however,
+ * it's invoked only when logging is on */
+ ldap_pvt_thread_mutex_lock( &mt->mt_uri_mutex );
+ snprintf( buf, sizeof( buf ),
+ "retrying URI=\"%s\" DN=\"%s\"",
+ mt->mt_uri,
+ BER_BVISNULL( &msc->msc_bound_ndn ) ?
+ "" : msc->msc_bound_ndn.bv_val );
+ ldap_pvt_thread_mutex_unlock( &mt->mt_uri_mutex );
+
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_search_dobind_init[%d]: %s.\n",
+ op->o_log_prefix, candidate, buf );
+ }
+
+ meta_clear_one_candidate( op, mc, candidate );
+ LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+
+ ( void )rewrite_session_delete( mt->mt_rwmap.rwm_rw, op->o_conn );
+
+ /* mc here must be the regular mc, reset and ready for init */
+ rc = meta_back_init_one_conn( op, rs, mc, candidate,
+ LDAP_BACK_CONN_ISPRIV( mc ), LDAP_BACK_DONTSEND, 0 );
+
+ if ( rc == LDAP_SUCCESS ) {
+ LDAP_BACK_CONN_BINDING_SET( msc );
+ }
+
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+ if ( rc == LDAP_SUCCESS ) {
+ candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+ goto retry;
+ }
+ }
+
+ if ( *mcp == NULL ) {
+ retcode = META_SEARCH_ERR;
+ rs->sr_err = LDAP_UNAVAILABLE;
+ candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+ break;
+ }
+ /* fall thru */
+
+ default:
+other:;
+ rs->sr_err = rc;
+ rc = slap_map_api2result( rs );
+
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ meta_clear_one_candidate( op, mc, candidate );
+ candidates[ candidate ].sr_err = rc;
+ if ( META_BACK_ONERR_STOP( mi ) ) {
+ LDAP_BACK_CONN_TAINTED_SET( mc );
+ meta_back_release_conn_lock( mi, mc, 0 );
+ *mcp = NULL;
+ rs->sr_err = rc;
+
+ retcode = META_SEARCH_ERR;
+
+ } else {
+ retcode = META_SEARCH_NOT_CANDIDATE;
+ }
+ candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ break;
+ }
+
+ return retcode;
+}
+
+static meta_search_candidate_t
+meta_search_dobind_result(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t **mcp,
+ int candidate,
+ SlapReply *candidates,
+ LDAPMessage *res )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metaconn_t *mc = *mcp;
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+
+ meta_search_candidate_t retcode = META_SEARCH_NOT_CANDIDATE;
+ int rc;
+
+ assert( msc->msc_ld != NULL );
+
+ /* FIXME: matched? referrals? response controls? */
+ rc = ldap_parse_result( msc->msc_ld, res,
+ &candidates[ candidate ].sr_err,
+ NULL, NULL, NULL, NULL, 0 );
+ if ( rc != LDAP_SUCCESS ) {
+ candidates[ candidate ].sr_err = rc;
+
+ } else {
+ rc = slap_map_api2result( &candidates[ candidate ] );
+ }
+
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ LDAP_BACK_CONN_BINDING_CLEAR( msc );
+ if ( rc != LDAP_SUCCESS ) {
+ meta_clear_one_candidate( op, mc, candidate );
+ candidates[ candidate ].sr_err = rc;
+ if ( META_BACK_ONERR_STOP( mi ) ) {
+ LDAP_BACK_CONN_TAINTED_SET( mc );
+ meta_back_release_conn_lock( mi, mc, 0 );
+ *mcp = NULL;
+ retcode = META_SEARCH_ERR;
+ rs->sr_err = rc;
+ }
+
+ } else {
+ /* FIXME: check if bound as idassert authcDN! */
+ if ( BER_BVISNULL( &msc->msc_bound_ndn )
+ || BER_BVISEMPTY( &msc->msc_bound_ndn ) )
+ {
+ LDAP_BACK_CONN_ISANON_SET( msc );
+
+ } else {
+ LDAP_BACK_CONN_ISBOUND_SET( msc );
+ }
+ retcode = META_SEARCH_CANDIDATE;
+ }
+
+ candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+ META_BINDING_CLEAR( &candidates[ candidate ] );
+
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+ return retcode;
+}
+
+static meta_search_candidate_t
+meta_back_search_start(
+ Operation *op,
+ SlapReply *rs,
+ dncookie *dc,
+ metaconn_t **mcp,
+ int candidate,
+ SlapReply *candidates )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metatarget_t *mt = mi->mi_targets[ candidate ];
+ metasingleconn_t *msc = &(*mcp)->mc_conns[ candidate ];
+ struct berval realbase = op->o_req_dn;
+ int realscope = op->ors_scope;
+ struct berval mbase = BER_BVNULL;
+ struct berval mfilter = BER_BVNULL;
+ char **mapped_attrs = NULL;
+ int rc;
+ meta_search_candidate_t retcode;
+ struct timeval tv, *tvp = NULL;
+ int nretries = 1;
+ LDAPControl **ctrls = NULL;
+
+ /* this should not happen; just in case... */
+ if ( msc->msc_ld == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: meta_back_search_start candidate=%d ld=NULL%s.\n",
+ op->o_log_prefix, candidate,
+ META_BACK_ONERR_STOP( mi ) ? "" : " (ignored)" );
+ candidates[ candidate ].sr_err = LDAP_OTHER;
+ if ( META_BACK_ONERR_STOP( mi ) ) {
+ return META_SEARCH_ERR;
+ }
+ candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+ return META_SEARCH_NOT_CANDIDATE;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "%s >>> meta_back_search_start[%d]\n", op->o_log_prefix, candidate, 0 );
+
+ /*
+ * modifies the base according to the scope, if required
+ */
+ if ( mt->mt_nsuffix.bv_len > op->o_req_ndn.bv_len ) {
+ switch ( op->ors_scope ) {
+ case LDAP_SCOPE_SUBTREE:
+ /*
+ * make the target suffix the new base
+ * FIXME: this is very forgiving, because
+ * "illegal" searchBases may be turned
+ * into the suffix of the target; however,
+ * the requested searchBase already passed
+ * thru the candidate analyzer...
+ */
+ if ( dnIsSuffix( &mt->mt_nsuffix, &op->o_req_ndn ) ) {
+ realbase = mt->mt_nsuffix;
+ if ( mt->mt_scope == LDAP_SCOPE_SUBORDINATE ) {
+ realscope = LDAP_SCOPE_SUBORDINATE;
+ }
+
+ } else {
+ /*
+ * this target is no longer candidate
+ */
+ retcode = META_SEARCH_NOT_CANDIDATE;
+ goto doreturn;
+ }
+ break;
+
+ case LDAP_SCOPE_SUBORDINATE:
+ case LDAP_SCOPE_ONELEVEL:
+ {
+ struct berval rdn = mt->mt_nsuffix;
+ rdn.bv_len -= op->o_req_ndn.bv_len + STRLENOF( "," );
+ if ( dnIsOneLevelRDN( &rdn )
+ && dnIsSuffix( &mt->mt_nsuffix, &op->o_req_ndn ) )
+ {
+ /*
+ * if there is exactly one level,
+ * make the target suffix the new
+ * base, and make scope "base"
+ */
+ realbase = mt->mt_nsuffix;
+ if ( op->ors_scope == LDAP_SCOPE_SUBORDINATE ) {
+ if ( mt->mt_scope == LDAP_SCOPE_SUBORDINATE ) {
+ realscope = LDAP_SCOPE_SUBORDINATE;
+ } else {
+ realscope = LDAP_SCOPE_SUBTREE;
+ }
+ } else {
+ realscope = LDAP_SCOPE_BASE;
+ }
+ break;
+ } /* else continue with the next case */
+ }
+
+ case LDAP_SCOPE_BASE:
+ /*
+ * this target is no longer candidate
+ */
+ retcode = META_SEARCH_NOT_CANDIDATE;
+ goto doreturn;
+ }
+ }
+
+ /* initiate dobind */
+ retcode = meta_search_dobind_init( op, rs, mcp, candidate, candidates );
+
+ Debug( LDAP_DEBUG_TRACE, "%s <<< meta_search_dobind_init[%d]=%d\n", op->o_log_prefix, candidate, retcode );
+
+ if ( retcode != META_SEARCH_CANDIDATE ) {
+ goto doreturn;
+ }
+
+ /*
+ * Rewrite the search base, if required
+ */
+ dc->target = mt;
+ dc->ctx = "searchBase";
+ switch ( ldap_back_dn_massage( dc, &realbase, &mbase ) ) {
+ case LDAP_SUCCESS:
+ break;
+
+ case LDAP_UNWILLING_TO_PERFORM:
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "Operation not allowed";
+ send_ldap_result( op, rs );
+ retcode = META_SEARCH_ERR;
+ goto doreturn;
+
+ default:
+
+ /*
+ * this target is no longer candidate
+ */
+ retcode = META_SEARCH_NOT_CANDIDATE;
+ goto doreturn;
+ }
+
+ /*
+ * Maps filter
+ */
+ rc = ldap_back_filter_map_rewrite( dc, op->ors_filter,
+ &mfilter, BACKLDAP_MAP );
+ switch ( rc ) {
+ case LDAP_SUCCESS:
+ break;
+
+ case LDAP_COMPARE_FALSE:
+ default:
+ /*
+ * this target is no longer candidate
+ */
+ retcode = META_SEARCH_NOT_CANDIDATE;
+ goto done;
+ }
+
+ /*
+ * Maps required attributes
+ */
+ rc = ldap_back_map_attrs( &mt->mt_rwmap.rwm_at,
+ op->ors_attrs, BACKLDAP_MAP, &mapped_attrs );
+ if ( rc != LDAP_SUCCESS ) {
+ /*
+ * this target is no longer candidate
+ */
+ retcode = META_SEARCH_NOT_CANDIDATE;
+ goto done;
+ }
+
+ /* should we check return values? */
+ if ( op->ors_deref != -1 ) {
+ assert( msc->msc_ld != NULL );
+ (void)ldap_set_option( msc->msc_ld, LDAP_OPT_DEREF,
+ ( void * )&op->ors_deref );
+ }
+
+ if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
+ tv.tv_sec = op->ors_tlimit > 0 ? op->ors_tlimit : 1;
+ tv.tv_usec = 0;
+ tvp = &tv;
+ }
+
+retry:;
+ ctrls = op->o_ctrls;
+ if ( ldap_back_proxy_authz_ctrl( &msc->msc_bound_ndn,
+ mt->mt_version, &mt->mt_idassert, op, rs, &ctrls )
+ != LDAP_SUCCESS )
+ {
+ candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+ retcode = META_SEARCH_NOT_CANDIDATE;
+ goto done;
+ }
+
+ /*
+ * Starts the search
+ */
+ assert( msc->msc_ld != NULL );
+ rc = ldap_search_ext( msc->msc_ld,
+ mbase.bv_val, realscope, mfilter.bv_val,
+ mapped_attrs, op->ors_attrsonly,
+ ctrls, NULL, tvp, op->ors_slimit,
+ &candidates[ candidate ].sr_msgid );
+ switch ( rc ) {
+ case LDAP_SUCCESS:
+ retcode = META_SEARCH_CANDIDATE;
+ break;
+
+ case LDAP_SERVER_DOWN:
+ if ( nretries && meta_back_retry( op, rs, mcp, candidate, LDAP_BACK_DONTSEND ) ) {
+ nretries = 0;
+ /* if the identity changed, there might be need to re-authz */
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ goto retry;
+ }
+
+ if ( *mcp == NULL ) {
+ retcode = META_SEARCH_ERR;
+ candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+ break;
+ }
+ /* fall thru */
+
+ default:
+ candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+ retcode = META_SEARCH_NOT_CANDIDATE;
+ }
+
+done:;
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
+ if ( mapped_attrs ) {
+ free( mapped_attrs );
+ }
+ if ( mfilter.bv_val != op->ors_filterstr.bv_val ) {
+ free( mfilter.bv_val );
+ }
+ if ( mbase.bv_val != realbase.bv_val ) {
+ free( mbase.bv_val );
+ }
+
+doreturn:;
+ Debug( LDAP_DEBUG_TRACE, "%s <<< meta_back_search_start[%d]=%d\n", op->o_log_prefix, candidate, retcode );
+
+ return retcode;
+}
+
+int
+meta_back_search( Operation *op, SlapReply *rs )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metaconn_t *mc;
+ struct timeval save_tv = { 0, 0 },
+ tv;
+ time_t stoptime = (time_t)(-1),
+ lastres_time = slap_get_time(),
+ timeout = 0;
+ int rc = 0, sres = LDAP_SUCCESS;
+ char *matched = NULL;
+ int last = 0, ncandidates = 0,
+ initial_candidates = 0, candidate_match = 0,
+ needbind = 0;
+ ldap_back_send_t sendok = LDAP_BACK_SENDERR;
+ long i;
+ dncookie dc;
+ int is_ok = 0;
+ void *savepriv;
+ SlapReply *candidates = meta_back_candidates_get( op );
+
+ /*
+ * controls are set in ldap_back_dobind()
+ *
+ * FIXME: in case of values return filter, we might want
+ * to map attrs and maybe rewrite value
+ */
+getconn:;
+ mc = meta_back_getconn( op, rs, NULL, sendok );
+ if ( !mc ) {
+ return rs->sr_err;
+ }
+
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+
+ /*
+ * Inits searches
+ */
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ /* reset sr_msgid; it is used in most loops
+ * to check if that target is still to be considered */
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+
+ /* a target is marked as candidate by meta_back_getconn();
+ * if for any reason (an error, it's over or so) it is
+ * no longer active, sr_msgid is set to META_MSGID_IGNORE
+ * but it remains candidate, which means it has been active
+ * at some point during the operation. This allows to
+ * use its response code and more to compute the final
+ * response */
+ if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) {
+ continue;
+ }
+
+ candidates[ i ].sr_matched = NULL;
+ candidates[ i ].sr_text = NULL;
+ candidates[ i ].sr_ref = NULL;
+ candidates[ i ].sr_ctrls = NULL;
+
+ /* get largest timeout among candidates */
+ if ( mi->mi_targets[ i ]->mt_timeout[ SLAP_OP_SEARCH ]
+ && mi->mi_targets[ i ]->mt_timeout[ SLAP_OP_SEARCH ] > timeout )
+ {
+ timeout = mi->mi_targets[ i ]->mt_timeout[ SLAP_OP_SEARCH ];
+ }
+ }
+
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ if ( !META_IS_CANDIDATE( &candidates[ i ] )
+ || candidates[ i ].sr_err != LDAP_SUCCESS )
+ {
+ continue;
+ }
+
+ switch ( meta_back_search_start( op, rs, &dc, &mc, i, candidates ) )
+ {
+ case META_SEARCH_NOT_CANDIDATE:
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ break;
+
+ case META_SEARCH_NEED_BIND:
+ ++needbind;
+ /* fallthru */
+
+ case META_SEARCH_CANDIDATE:
+ case META_SEARCH_BINDING:
+ candidates[ i ].sr_type = REP_INTERMEDIATE;
+ ++ncandidates;
+ break;
+
+ case META_SEARCH_ERR:
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ rc = -1;
+ goto finish;
+
+ default:
+ assert( 0 );
+ break;
+ }
+ }
+
+ if ( ncandidates > 0 && needbind == ncandidates ) {
+ /*
+ * give up the second time...
+ *
+ * NOTE: this should not occur the second time, since a fresh
+ * connection has ben created; however, targets may also
+ * need bind because the bind timed out or so.
+ */
+ if ( sendok & LDAP_BACK_BINDING ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_back_search: unable to initialize conn\n",
+ op->o_log_prefix, 0, 0 );
+ rs->sr_err = LDAP_UNAVAILABLE;
+ rs->sr_text = "unable to initialize connection to remote targets";
+ send_ldap_result( op, rs );
+ rc = -1;
+ goto finish;
+ }
+
+ /* FIXME: better create a separate connection? */
+ sendok |= LDAP_BACK_BINDING;
+
+#ifdef DEBUG_205
+ Debug( LDAP_DEBUG_ANY, "*** %s drop mc=%p create new connection\n",
+ op->o_log_prefix, (void *)mc, 0 );
+#endif /* DEBUG_205 */
+
+ meta_back_release_conn( mi, mc );
+ mc = NULL;
+
+ needbind = 0;
+ ncandidates = 0;
+
+ goto getconn;
+ }
+
+ initial_candidates = ncandidates;
+
+ if ( StatslogTest( LDAP_DEBUG_TRACE ) ) {
+ char cnd[ SLAP_TEXT_BUFLEN ];
+ int c;
+
+ for ( c = 0; c < mi->mi_ntargets; c++ ) {
+ if ( META_IS_CANDIDATE( &candidates[ c ] ) ) {
+ cnd[ c ] = '*';
+ } else {
+ cnd[ c ] = ' ';
+ }
+ }
+ cnd[ c ] = '\0';
+
+ Debug( LDAP_DEBUG_TRACE, "%s meta_back_search: ncandidates=%d "
+ "cnd=\"%s\"\n", op->o_log_prefix, ncandidates, cnd );
+ }
+
+ if ( initial_candidates == 0 ) {
+ /* NOTE: here we are not sending any matchedDN;
+ * this is intended, because if the back-meta
+ * is serving this search request, but no valid
+ * candidate could be looked up, it means that
+ * there is a hole in the mapping of the targets
+ * and thus no knowledge of any remote superior
+ * is available */
+ Debug( LDAP_DEBUG_ANY, "%s meta_back_search: "
+ "base=\"%s\" scope=%d: "
+ "no candidate could be selected\n",
+ op->o_log_prefix, op->o_req_dn.bv_val,
+ op->ors_scope );
+
+ /* FIXME: we're sending the first error we encounter;
+ * maybe we should pick the worst... */
+ rc = LDAP_NO_SUCH_OBJECT;
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ if ( META_IS_CANDIDATE( &candidates[ i ] )
+ && candidates[ i ].sr_err != LDAP_SUCCESS )
+ {
+ rc = candidates[ i ].sr_err;
+ break;
+ }
+ }
+
+ send_ldap_error( op, rs, rc, NULL );
+
+ goto finish;
+ }
+
+ /* We pull apart the ber result, stuff it into a slapd entry, and
+ * let send_search_entry stuff it back into ber format. Slow & ugly,
+ * but this is necessary for version matching, and for ACL processing.
+ */
+
+ if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
+ stoptime = op->o_time + op->ors_tlimit;
+ }
+
+ /*
+ * In case there are no candidates, no cycle takes place...
+ *
+ * FIXME: we might use a queue, to better balance the load
+ * among the candidates
+ */
+ for ( rc = 0; ncandidates > 0; ) {
+ int gotit = 0,
+ doabandon = 0,
+ alreadybound = ncandidates;
+
+ /* check timeout */
+ if ( timeout && lastres_time > 0
+ && ( slap_get_time() - lastres_time ) > timeout )
+ {
+ doabandon = 1;
+ rs->sr_text = "Operation timed out";
+ rc = rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
+ LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ goto finish;
+ }
+
+ /* check time limit */
+ if ( op->ors_tlimit != SLAP_NO_LIMIT
+ && slap_get_time() > stoptime )
+ {
+ doabandon = 1;
+ rc = rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ goto finish;
+ }
+
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ meta_search_candidate_t retcode = META_SEARCH_UNDEFINED;
+ metasingleconn_t *msc = &mc->mc_conns[ i ];
+ LDAPMessage *res = NULL, *msg;
+
+ /* if msgid is invalid, don't ldap_result() */
+ if ( candidates[ i ].sr_msgid == META_MSGID_IGNORE ) {
+ continue;
+ }
+
+ /* if target still needs bind, retry */
+ if ( candidates[ i ].sr_msgid == META_MSGID_NEED_BIND ) {
+ /* initiate dobind */
+ retcode = meta_search_dobind_init( op, rs, &mc, i, candidates );
+
+ Debug( LDAP_DEBUG_TRACE, "%s <<< meta_search_dobind_init[%ld]=%d\n",
+ op->o_log_prefix, i, retcode );
+
+ switch ( retcode ) {
+ case META_SEARCH_NEED_BIND:
+ alreadybound--;
+ /* fallthru */
+
+ case META_SEARCH_BINDING:
+ break;
+
+ case META_SEARCH_ERR:
+ candidates[ i ].sr_err = rs->sr_err;
+ if ( META_BACK_ONERR_STOP( mi ) ) {
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ goto finish;
+ }
+ /* fallthru */
+
+ case META_SEARCH_NOT_CANDIDATE:
+ /*
+ * When no candidates are left,
+ * the outer cycle finishes
+ */
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ assert( ncandidates > 0 );
+ --ncandidates;
+ break;
+
+ case META_SEARCH_CANDIDATE:
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ switch ( meta_back_search_start( op, rs, &dc, &mc, i, candidates ) )
+ {
+ case META_SEARCH_CANDIDATE:
+ assert( candidates[ i ].sr_msgid >= 0 );
+ break;
+
+ case META_SEARCH_ERR:
+ candidates[ i ].sr_err = rs->sr_err;
+ if ( META_BACK_ONERR_STOP( mi ) ) {
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ goto finish;
+ }
+ /* fallthru */
+
+ case META_SEARCH_NOT_CANDIDATE:
+ /* means that meta_back_search_start()
+ * failed but onerr == continue */
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ assert( ncandidates > 0 );
+ --ncandidates;
+ break;
+
+ default:
+ /* impossible */
+ assert( 0 );
+ break;
+ }
+ break;
+
+ default:
+ /* impossible */
+ assert( 0 );
+ break;
+ }
+ continue;
+ }
+
+ /* check for abandon */
+ if ( op->o_abandon || LDAP_BACK_CONN_ABANDON( mc ) ) {
+ break;
+ }
+
+#ifdef DEBUG_205
+ if ( msc->msc_ld == NULL ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ snprintf( buf, sizeof( buf ),
+ "%s meta_back_search[%ld] mc=%p msgid=%d%s%s%s\n",
+ op->o_log_prefix, (long)i, (void *)mc,
+ candidates[ i ].sr_msgid,
+ META_IS_BINDING( &candidates[ i ] ) ? " binding" : "",
+ LDAP_BACK_CONN_BINDING( &mc->mc_conns[ i ] ) ? " connbinding" : "",
+ META_BACK_CONN_CREATING( &mc->mc_conns[ i ] ) ? " conncreating" : "" );
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+ Debug( LDAP_DEBUG_ANY, "!!! %s\n", buf, 0, 0 );
+ }
+#endif /* DEBUG_205 */
+
+ /*
+ * FIXME: handle time limit as well?
+ * Note that target servers are likely
+ * to handle it, so at some time we'll
+ * get a LDAP_TIMELIMIT_EXCEEDED from
+ * one of them ...
+ */
+ tv = save_tv;
+ rc = ldap_result( msc->msc_ld, candidates[ i ].sr_msgid,
+ LDAP_MSG_RECEIVED, &tv, &res );
+ switch ( rc ) {
+ case 0:
+ /* FIXME: res should not need to be freed */
+ assert( res == NULL );
+ continue;
+
+ case -1:
+really_bad:;
+ /* something REALLY bad happened! */
+ if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
+ candidates[ i ].sr_type = REP_RESULT;
+
+ if ( meta_back_retry( op, rs, &mc, i, LDAP_BACK_DONTSEND ) ) {
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ switch ( meta_back_search_start( op, rs, &dc, &mc, i, candidates ) )
+ {
+ /* means that failed but onerr == continue */
+ case META_SEARCH_NOT_CANDIDATE:
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+
+ assert( ncandidates > 0 );
+ --ncandidates;
+
+ candidates[ i ].sr_err = rs->sr_err;
+ if ( META_BACK_ONERR_STOP( mi ) ) {
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ goto finish;
+ }
+ /* fall thru */
+
+ case META_SEARCH_CANDIDATE:
+ /* get back into business... */
+ continue;
+
+ case META_SEARCH_BINDING:
+ case META_SEARCH_NEED_BIND:
+ case META_SEARCH_UNDEFINED:
+ assert( 0 );
+
+ default:
+ /* unrecoverable error */
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ rc = rs->sr_err = LDAP_OTHER;
+ goto finish;
+ }
+ }
+
+ candidates[ i ].sr_err = rs->sr_err;
+ if ( META_BACK_ONERR_STOP( mi ) ) {
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ goto finish;
+ }
+ }
+
+ /*
+ * When no candidates are left,
+ * the outer cycle finishes
+ */
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ assert( ncandidates > 0 );
+ --ncandidates;
+ rs->sr_err = candidates[ i ].sr_err;
+ continue;
+
+ default:
+ lastres_time = slap_get_time();
+
+ /* only touch when activity actually took place... */
+ if ( mi->mi_idle_timeout != 0 && msc->msc_time < lastres_time ) {
+ msc->msc_time = lastres_time;
+ }
+ break;
+ }
+
+ for ( msg = ldap_first_message( msc->msc_ld, res );
+ msg != NULL;
+ msg = ldap_next_message( msc->msc_ld, msg ) )
+ {
+ rc = ldap_msgtype( msg );
+ if ( rc == LDAP_RES_SEARCH_ENTRY ) {
+ LDAPMessage *e;
+
+ if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
+ /* don't retry any more... */
+ candidates[ i ].sr_type = REP_RESULT;
+ }
+
+ is_ok++;
+
+ e = ldap_first_entry( msc->msc_ld, msg );
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ rs->sr_err = meta_send_entry( op, rs, mc, i, e );
+
+ switch ( rs->sr_err ) {
+ case LDAP_SIZELIMIT_EXCEEDED:
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ rs->sr_err = LDAP_SUCCESS;
+ ldap_msgfree( res );
+ res = NULL;
+ goto finish;
+
+ case LDAP_UNAVAILABLE:
+ rs->sr_err = LDAP_OTHER;
+ ldap_msgfree( res );
+ res = NULL;
+ goto finish;
+ }
+ op->o_private = savepriv;
+
+ /* don't wait any longer... */
+ gotit = 1;
+ save_tv.tv_sec = 0;
+ save_tv.tv_usec = 0;
+
+ } else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
+ char **references = NULL;
+ int cnt;
+
+ if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
+ /* don't retry any more... */
+ candidates[ i ].sr_type = REP_RESULT;
+ }
+
+ is_ok++;
+
+ rc = ldap_parse_reference( msc->msc_ld, msg,
+ &references, &rs->sr_ctrls, 0 );
+
+ if ( rc != LDAP_SUCCESS ) {
+ continue;
+ }
+
+ if ( references == NULL ) {
+ continue;
+ }
+
+#ifdef ENABLE_REWRITE
+ dc.ctx = "referralDN";
+#else /* ! ENABLE_REWRITE */
+ dc.tofrom = 0;
+ dc.normalized = 0;
+#endif /* ! ENABLE_REWRITE */
+
+ /* FIXME: merge all and return at the end */
+
+ for ( cnt = 0; references[ cnt ]; cnt++ )
+ ;
+
+ rs->sr_ref = ch_calloc( sizeof( struct berval ), cnt + 1 );
+
+ for ( cnt = 0; references[ cnt ]; cnt++ ) {
+ ber_str2bv( references[ cnt ], 0, 1, &rs->sr_ref[ cnt ] );
+ }
+ BER_BVZERO( &rs->sr_ref[ cnt ] );
+
+ ( void )ldap_back_referral_result_rewrite( &dc, rs->sr_ref );
+
+ if ( rs->sr_ref != NULL && !BER_BVISNULL( &rs->sr_ref[ 0 ] ) ) {
+ /* ignore return value by now */
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ ( void )send_search_reference( op, rs );
+ op->o_private = savepriv;
+
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+
+ /* cleanup */
+ if ( references ) {
+ ber_memvfree( (void **)references );
+ }
+
+ if ( rs->sr_ctrls ) {
+ ldap_controls_free( rs->sr_ctrls );
+ rs->sr_ctrls = NULL;
+ }
+
+ } else if ( rc == LDAP_RES_SEARCH_RESULT ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+ char **references = NULL;
+
+ if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
+ /* don't retry any more... */
+ candidates[ i ].sr_type = REP_RESULT;
+ }
+
+ /* NOTE: ignores response controls
+ * (and intermediate response controls
+ * as well, except for those with search
+ * references); this may not be correct,
+ * but if they're not ignored then
+ * back-meta would need to merge them
+ * consistently (think of pagedResults...)
+ */
+ /* FIXME: response controls? */
+ rs->sr_err = ldap_parse_result( msc->msc_ld,
+ msg,
+ &candidates[ i ].sr_err,
+ (char **)&candidates[ i ].sr_matched,
+ NULL /* (char **)&candidates[ i ].sr_text */ ,
+ &references,
+ NULL /* &candidates[ i ].sr_ctrls (unused) */ ,
+ 0 );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ sres = slap_map_api2result( &candidates[ i ] );
+ candidates[ i ].sr_type = REP_RESULT;
+ ldap_msgfree( res );
+ res = NULL;
+ goto really_bad;
+ }
+
+ rs->sr_err = candidates[ i ].sr_err;
+
+ /* massage matchedDN if need be */
+ if ( candidates[ i ].sr_matched != NULL ) {
+ struct berval match, mmatch;
+
+ ber_str2bv( candidates[ i ].sr_matched,
+ 0, 0, &match );
+ candidates[ i ].sr_matched = NULL;
+
+ dc.ctx = "matchedDN";
+ dc.target = mi->mi_targets[ i ];
+ if ( !ldap_back_dn_massage( &dc, &match, &mmatch ) ) {
+ if ( mmatch.bv_val == match.bv_val ) {
+ candidates[ i ].sr_matched
+ = ch_strdup( mmatch.bv_val );
+
+ } else {
+ candidates[ i ].sr_matched = mmatch.bv_val;
+ }
+
+ candidate_match++;
+ }
+ ldap_memfree( match.bv_val );
+ }
+
+ /* add references to array */
+ /* RFC 4511: referrals can only appear
+ * if result code is LDAP_REFERRAL */
+ if ( references != NULL
+ && references[ 0 ] != NULL
+ && references[ 0 ][ 0 ] != '\0' )
+ {
+ if ( rs->sr_err != LDAP_REFERRAL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_back_search[%ld]: "
+ "got referrals with err=%d\n",
+ op->o_log_prefix,
+ i, rs->sr_err );
+
+ } else {
+ BerVarray sr_ref;
+ int cnt;
+
+ for ( cnt = 0; references[ cnt ]; cnt++ )
+ ;
+
+ sr_ref = ch_calloc( sizeof( struct berval ), cnt + 1 );
+
+ for ( cnt = 0; references[ cnt ]; cnt++ ) {
+ ber_str2bv( references[ cnt ], 0, 1, &sr_ref[ cnt ] );
+ }
+ BER_BVZERO( &sr_ref[ cnt ] );
+
+ ( void )ldap_back_referral_result_rewrite( &dc, sr_ref );
+
+ if ( rs->sr_v2ref == NULL ) {
+ rs->sr_v2ref = sr_ref;
+
+ } else {
+ for ( cnt = 0; !BER_BVISNULL( &sr_ref[ cnt ] ); cnt++ ) {
+ ber_bvarray_add( &rs->sr_v2ref, &sr_ref[ cnt ] );
+ }
+ ber_memfree( sr_ref );
+ }
+ }
+
+ } else if ( rs->sr_err == LDAP_REFERRAL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_back_search[%ld]: "
+ "got err=%d with null "
+ "or empty referrals\n",
+ op->o_log_prefix,
+ i, rs->sr_err );
+
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ }
+
+ /* cleanup */
+ ber_memvfree( (void **)references );
+
+ sres = slap_map_api2result( rs );
+
+ if ( StatslogTest( LDAP_DEBUG_TRACE | LDAP_DEBUG_ANY ) ) {
+ snprintf( buf, sizeof( buf ),
+ "%s meta_back_search[%ld] "
+ "match=\"%s\" err=%ld",
+ op->o_log_prefix, i,
+ candidates[ i ].sr_matched ? candidates[ i ].sr_matched : "",
+ (long) candidates[ i ].sr_err );
+ if ( candidates[ i ].sr_err == LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "%s.\n", buf, 0, 0 );
+
+ } else {
+ Debug( LDAP_DEBUG_ANY, "%s (%s).\n",
+ buf, ldap_err2string( candidates[ i ].sr_err ), 0 );
+ }
+ }
+
+ switch ( sres ) {
+ case LDAP_NO_SUCH_OBJECT:
+ /* is_ok is touched any time a valid
+ * (even intermediate) result is
+ * returned; as a consequence, if
+ * a candidate returns noSuchObject
+ * it is ignored and the candidate
+ * is simply demoted. */
+ if ( is_ok ) {
+ sres = LDAP_SUCCESS;
+ }
+ break;
+
+ case LDAP_SUCCESS:
+ case LDAP_REFERRAL:
+ is_ok++;
+ break;
+
+ case LDAP_SIZELIMIT_EXCEEDED:
+ /* if a target returned sizelimitExceeded
+ * and the entry count is equal to the
+ * proxy's limit, the target would have
+ * returned more, and the error must be
+ * propagated to the client; otherwise,
+ * the target enforced a limit lower
+ * than what requested by the proxy;
+ * ignore it */
+ candidates[ i ].sr_err = rs->sr_err;
+ if ( rs->sr_nentries == op->ors_slimit
+ || META_BACK_ONERR_STOP( mi ) )
+ {
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ ldap_msgfree( res );
+ res = NULL;
+ goto finish;
+ }
+ break;
+
+ default:
+ candidates[ i ].sr_err = rs->sr_err;
+ if ( META_BACK_ONERR_STOP( mi ) ) {
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ ldap_msgfree( res );
+ res = NULL;
+ goto finish;
+ }
+ break;
+ }
+
+ last = i;
+ rc = 0;
+
+ /*
+ * When no candidates are left,
+ * the outer cycle finishes
+ */
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ assert( ncandidates > 0 );
+ --ncandidates;
+
+ } else if ( rc == LDAP_RES_BIND ) {
+ meta_search_candidate_t retcode;
+
+ retcode = meta_search_dobind_result( op, rs, &mc, i, candidates, msg );
+ if ( retcode == META_SEARCH_CANDIDATE ) {
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ retcode = meta_back_search_start( op, rs, &dc, &mc, i, candidates );
+ }
+
+ switch ( retcode ) {
+ case META_SEARCH_CANDIDATE:
+ break;
+
+ /* means that failed but onerr == continue */
+ case META_SEARCH_NOT_CANDIDATE:
+ case META_SEARCH_ERR:
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ assert( ncandidates > 0 );
+ --ncandidates;
+
+ candidates[ i ].sr_err = rs->sr_err;
+ if ( META_BACK_ONERR_STOP( mi ) ) {
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ ldap_msgfree( res );
+ res = NULL;
+ goto finish;
+ }
+ goto free_message;
+
+ default:
+ assert( 0 );
+ break;
+ }
+
+ } else {
+ assert( 0 );
+ ldap_msgfree( res );
+ res = NULL;
+ goto really_bad;
+ }
+ }
+
+free_message:;
+ ldap_msgfree( res );
+ res = NULL;
+ }
+
+ /* check for abandon */
+ if ( op->o_abandon || LDAP_BACK_CONN_ABANDON( mc ) ) {
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ if ( candidates[ i ].sr_msgid >= 0 ) {
+ if ( META_IS_BINDING( &candidates[ i ] ) ) {
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ if ( LDAP_BACK_CONN_BINDING( &mc->mc_conns[ i ] ) ) {
+ /* if still binding, destroy */
+
+#ifdef DEBUG_205
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf), "%s meta_back_search(abandon) "
+ "ldap_unbind_ext[%ld] mc=%p ld=%p",
+ op->o_log_prefix, i, (void *)mc,
+ (void *)mc->mc_conns[i].msc_ld );
+
+ Debug( LDAP_DEBUG_ANY, "### %s\n", buf, 0, 0 );
+#endif /* DEBUG_205 */
+
+ meta_clear_one_candidate( op, mc, i );
+ }
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ META_BINDING_CLEAR( &candidates[ i ] );
+
+ } else {
+ (void)meta_back_cancel( mc, op, rs,
+ candidates[ i ].sr_msgid, i,
+ LDAP_BACK_DONTSEND );
+ }
+
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ assert( ncandidates > 0 );
+ --ncandidates;
+ }
+ }
+
+ if ( op->o_abandon ) {
+ rc = SLAPD_ABANDON;
+ }
+
+ /* let send_ldap_result play cleanup handlers (ITS#4645) */
+ break;
+ }
+
+ /* if no entry was found during this loop,
+ * set a minimal timeout */
+ if ( ncandidates > 0 && gotit == 0 ) {
+ if ( save_tv.tv_sec == 0 && save_tv.tv_usec == 0 ) {
+ save_tv.tv_usec = LDAP_BACK_RESULT_UTIMEOUT/initial_candidates;
+
+ /* arbitrarily limit to something between 1 and 2 minutes */
+ } else if ( ( stoptime == -1 && save_tv.tv_sec < 60 )
+ || save_tv.tv_sec < ( stoptime - slap_get_time() ) / ( 2 * ncandidates ) )
+ {
+ /* double the timeout */
+ lutil_timermul( &save_tv, 2, &save_tv );
+ }
+
+ if ( alreadybound == 0 ) {
+ tv = save_tv;
+ (void)select( 0, NULL, NULL, NULL, &tv );
+
+ } else {
+ ldap_pvt_thread_yield();
+ }
+ }
+ }
+
+ if ( rc == -1 ) {
+ /*
+ * FIXME: need a better strategy to handle errors
+ */
+ if ( mc ) {
+ rc = meta_back_op_result( mc, op, rs, META_TARGET_NONE,
+ -1, stoptime != -1 ? (stoptime - slap_get_time()) : 0,
+ LDAP_BACK_SENDERR );
+ } else {
+ rc = rs->sr_err;
+ }
+ goto finish;
+ }
+
+ /*
+ * Rewrite the matched portion of the search base, if required
+ *
+ * FIXME: only the last one gets caught!
+ */
+ savepriv = op->o_private;
+ op->o_private = (void *)(long)mi->mi_ntargets;
+ if ( candidate_match > 0 ) {
+ struct berval pmatched = BER_BVNULL;
+
+ /* we use the first one */
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ if ( META_IS_CANDIDATE( &candidates[ i ] )
+ && candidates[ i ].sr_matched != NULL )
+ {
+ struct berval bv, pbv;
+ int rc;
+
+ /* if we got success, and this target
+ * returned noSuchObject, and its suffix
+ * is a superior of the searchBase,
+ * ignore the matchedDN */
+ if ( sres == LDAP_SUCCESS
+ && candidates[ i ].sr_err == LDAP_NO_SUCH_OBJECT
+ && op->o_req_ndn.bv_len > mi->mi_targets[ i ]->mt_nsuffix.bv_len )
+ {
+ free( (char *)candidates[ i ].sr_matched );
+ candidates[ i ].sr_matched = NULL;
+ continue;
+ }
+
+ ber_str2bv( candidates[ i ].sr_matched, 0, 0, &bv );
+ rc = dnPretty( NULL, &bv, &pbv, op->o_tmpmemctx );
+
+ if ( rc == LDAP_SUCCESS ) {
+
+ /* NOTE: if they all are superiors
+ * of the baseDN, the shorter is also
+ * superior of the longer... */
+ if ( pbv.bv_len > pmatched.bv_len ) {
+ if ( !BER_BVISNULL( &pmatched ) ) {
+ op->o_tmpfree( pmatched.bv_val, op->o_tmpmemctx );
+ }
+ pmatched = pbv;
+ op->o_private = (void *)i;
+
+ } else {
+ op->o_tmpfree( pbv.bv_val, op->o_tmpmemctx );
+ }
+ }
+
+ if ( candidates[ i ].sr_matched != NULL ) {
+ free( (char *)candidates[ i ].sr_matched );
+ candidates[ i ].sr_matched = NULL;
+ }
+ }
+ }
+
+ if ( !BER_BVISNULL( &pmatched ) ) {
+ matched = pmatched.bv_val;
+ }
+
+ } else if ( sres == LDAP_NO_SUCH_OBJECT ) {
+ matched = op->o_bd->be_suffix[ 0 ].bv_val;
+ }
+
+ /*
+ * In case we returned at least one entry, we return LDAP_SUCCESS
+ * otherwise, the latter error code we got
+ */
+
+ if ( sres == LDAP_SUCCESS ) {
+ if ( rs->sr_v2ref ) {
+ sres = LDAP_REFERRAL;
+ }
+
+ if ( META_BACK_ONERR_REPORT( mi ) ) {
+ /*
+ * Report errors, if any
+ *
+ * FIXME: we should handle error codes and return the more
+ * important/reasonable
+ */
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) {
+ continue;
+ }
+
+ if ( candidates[ i ].sr_err != LDAP_SUCCESS
+ && candidates[ i ].sr_err != LDAP_NO_SUCH_OBJECT )
+ {
+ sres = candidates[ i ].sr_err;
+ break;
+ }
+ }
+ }
+ }
+
+ rs->sr_err = sres;
+ rs->sr_matched = matched;
+ rs->sr_ref = ( sres == LDAP_REFERRAL ? rs->sr_v2ref : NULL );
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ rs->sr_matched = NULL;
+ rs->sr_ref = NULL;
+
+finish:;
+ if ( matched && matched != op->o_bd->be_suffix[ 0 ].bv_val ) {
+ op->o_tmpfree( matched, op->o_tmpmemctx );
+ }
+
+ if ( rs->sr_v2ref ) {
+ ber_bvarray_free( rs->sr_v2ref );
+ }
+
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) {
+ continue;
+ }
+
+ if ( mc && META_IS_BINDING( &candidates[ i ] ) ) {
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ if ( LDAP_BACK_CONN_BINDING( &mc->mc_conns[ i ] ) ) {
+ assert( candidates[ i ].sr_msgid >= 0 );
+ assert( mc->mc_conns[ i ].msc_ld != NULL );
+
+#ifdef DEBUG_205
+ Debug( LDAP_DEBUG_ANY, "### %s meta_back_search(cleanup) "
+ "ldap_unbind_ext[%ld] ld=%p\n",
+ op->o_log_prefix, i, (void *)mc->mc_conns[i].msc_ld );
+#endif /* DEBUG_205 */
+
+ /* if still binding, destroy */
+ meta_clear_one_candidate( op, mc, i );
+ }
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ META_BINDING_CLEAR( &candidates[ i ] );
+ }
+
+ if ( candidates[ i ].sr_matched ) {
+ free( (char *)candidates[ i ].sr_matched );
+ candidates[ i ].sr_matched = NULL;
+ }
+
+ if ( candidates[ i ].sr_text ) {
+ ldap_memfree( (char *)candidates[ i ].sr_text );
+ candidates[ i ].sr_text = NULL;
+ }
+
+ if ( candidates[ i ].sr_ref ) {
+ ber_bvarray_free( candidates[ i ].sr_ref );
+ candidates[ i ].sr_ref = NULL;
+ }
+
+ if ( candidates[ i ].sr_ctrls ) {
+ ldap_controls_free( candidates[ i ].sr_ctrls );
+ candidates[ i ].sr_ctrls = NULL;
+ }
+
+ if ( META_BACK_TGT_QUARANTINE( mi->mi_targets[ i ] ) ) {
+ meta_back_quarantine( op, &candidates[ i ], i );
+ }
+
+ /* only in case of timelimit exceeded, if the timelimit exceeded because
+ * one contacted target never responded, invalidate the connection
+ * NOTE: should we quarantine the target as well? right now, the connection
+ * is invalidated; the next time it will be recreated and the target
+ * will be quarantined if it cannot be contacted */
+ if ( mi->mi_idle_timeout != 0
+ && rs->sr_err == LDAP_TIMELIMIT_EXCEEDED
+ && op->o_time > mc->mc_conns[ i ].msc_time )
+ {
+ /* don't let anyone else use this expired connection */
+ LDAP_BACK_CONN_TAINTED_SET( mc );
+ }
+ }
+
+ if ( mc ) {
+ meta_back_release_conn( mi, mc );
+ }
+
+ return rs->sr_err;
+}
+
+static int
+meta_send_entry(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t *mc,
+ int target,
+ LDAPMessage *e )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ struct berval a, mapped;
+ Entry ent = { 0 };
+ BerElement ber = *e->lm_ber;
+ Attribute *attr, **attrp;
+ struct berval bdn,
+ dn = BER_BVNULL;
+ const char *text;
+ dncookie dc;
+ int rc;
+
+ if ( ber_scanf( &ber, "{m{", &bdn ) == LBER_ERROR ) {
+ return LDAP_DECODING_ERROR;
+ }
+
+ /*
+ * Rewrite the dn of the result, if needed
+ */
+ dc.target = mi->mi_targets[ target ];
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "searchResult";
+
+ rs->sr_err = ldap_back_dn_massage( &dc, &bdn, &dn );
+ if ( rs->sr_err != LDAP_SUCCESS) {
+ return rs->sr_err;
+ }
+
+ /*
+ * Note: this may fail if the target host(s) schema differs
+ * from the one known to the meta, and a DN with unknown
+ * attributes is returned.
+ *
+ * FIXME: should we log anything, or delegate to dnNormalize?
+ */
+ rc = dnPrettyNormal( NULL, &dn, &ent.e_name, &ent.e_nname,
+ op->o_tmpmemctx );
+ if ( dn.bv_val != bdn.bv_val ) {
+ free( dn.bv_val );
+ }
+ BER_BVZERO( &dn );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_DN_SYNTAX;
+ }
+
+ /*
+ * cache dn
+ */
+ if ( mi->mi_cache.ttl != META_DNCACHE_DISABLED ) {
+ ( void )meta_dncache_update_entry( &mi->mi_cache,
+ &ent.e_nname, target );
+ }
+
+ attrp = &ent.e_attrs;
+
+ dc.ctx = "searchAttrDN";
+ while ( ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
+ int last = 0;
+ slap_syntax_validate_func *validate;
+ slap_syntax_transform_func *pretty;
+
+ ldap_back_map( &mi->mi_targets[ target ]->mt_rwmap.rwm_at,
+ &a, &mapped, BACKLDAP_REMAP );
+ if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
+ ( void )ber_scanf( &ber, "x" /* [W] */ );
+ continue;
+ }
+ attr = ( Attribute * )ch_calloc( 1, sizeof( Attribute ) );
+ if ( attr == NULL ) {
+ continue;
+ }
+ if ( slap_bv2ad( &mapped, &attr->a_desc, &text )
+ != LDAP_SUCCESS) {
+ if ( slap_bv2undef_ad( &mapped, &attr->a_desc, &text,
+ SLAP_AD_PROXIED ) != LDAP_SUCCESS )
+ {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "%s meta_send_entry(\"%s\"): "
+ "slap_bv2undef_ad(%s): %s\n",
+ op->o_log_prefix, ent.e_name.bv_val,
+ mapped.bv_val, text );
+
+ Debug( LDAP_DEBUG_ANY, "%s", buf, 0, 0 );
+ ch_free( attr );
+ continue;
+ }
+ }
+
+ /* no subschemaSubentry */
+ if ( attr->a_desc == slap_schema.si_ad_subschemaSubentry
+ || attr->a_desc == slap_schema.si_ad_entryDN )
+ {
+
+ /*
+ * We eat target's subschemaSubentry because
+ * a search for this value is likely not
+ * to resolve to the appropriate backend;
+ * later, the local subschemaSubentry is
+ * added.
+ *
+ * We also eat entryDN because the frontend
+ * will reattach it without checking if already
+ * present...
+ */
+ ( void )ber_scanf( &ber, "x" /* [W] */ );
+
+ ch_free(attr);
+ continue;
+ }
+
+ if ( ber_scanf( &ber, "[W]", &attr->a_vals ) == LBER_ERROR
+ || attr->a_vals == NULL )
+ {
+ attr->a_vals = (struct berval *)&slap_dummy_bv;
+
+ } else {
+ for ( last = 0; !BER_BVISNULL( &attr->a_vals[ last ] ); ++last )
+ ;
+ }
+
+ validate = attr->a_desc->ad_type->sat_syntax->ssyn_validate;
+ pretty = attr->a_desc->ad_type->sat_syntax->ssyn_pretty;
+
+ if ( !validate && !pretty ) {
+ attr_free( attr );
+ goto next_attr;
+ }
+
+ if ( attr->a_desc == slap_schema.si_ad_objectClass
+ || attr->a_desc == slap_schema.si_ad_structuralObjectClass )
+ {
+ struct berval *bv;
+
+ for ( bv = attr->a_vals; !BER_BVISNULL( bv ); bv++ ) {
+ ldap_back_map( &mi->mi_targets[ target ]->mt_rwmap.rwm_oc,
+ bv, &mapped, BACKLDAP_REMAP );
+ if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0') {
+ free( bv->bv_val );
+ BER_BVZERO( bv );
+ if ( --last < 0 ) {
+ break;
+ }
+ *bv = attr->a_vals[ last ];
+ BER_BVZERO( &attr->a_vals[ last ] );
+ bv--;
+
+ } else if ( mapped.bv_val != bv->bv_val ) {
+ free( bv->bv_val );
+ ber_dupbv( bv, &mapped );
+ }
+ }
+ /*
+ * It is necessary to try to rewrite attributes with
+ * dn syntax because they might be used in ACLs as
+ * members of groups; since ACLs are applied to the
+ * rewritten stuff, no dn-based subecj clause could
+ * be used at the ldap backend side (see
+ * http://www.OpenLDAP.org/faq/data/cache/452.html)
+ * The problem can be overcome by moving the dn-based
+ * ACLs to the target directory server, and letting
+ * everything pass thru the ldap backend.
+ */
+ } else {
+ int i;
+
+ if ( attr->a_desc->ad_type->sat_syntax ==
+ slap_schema.si_syn_distinguishedName )
+ {
+ ldap_dnattr_result_rewrite( &dc, attr->a_vals );
+
+ } else if ( attr->a_desc == slap_schema.si_ad_ref ) {
+ ldap_back_referral_result_rewrite( &dc, attr->a_vals );
+
+ }
+
+ for ( i = 0; i < last; i++ ) {
+ struct berval pval;
+ int rc;
+
+ if ( pretty ) {
+ rc = pretty( attr->a_desc->ad_type->sat_syntax,
+ &attr->a_vals[i], &pval, NULL );
+
+ } else {
+ rc = validate( attr->a_desc->ad_type->sat_syntax,
+ &attr->a_vals[i] );
+ }
+
+ if ( rc ) {
+ LBER_FREE( attr->a_vals[i].bv_val );
+ if ( --last == i ) {
+ BER_BVZERO( &attr->a_vals[ i ] );
+ break;
+ }
+ attr->a_vals[i] = attr->a_vals[last];
+ BER_BVZERO( &attr->a_vals[last] );
+ i--;
+ continue;
+ }
+
+ if ( pretty ) {
+ LBER_FREE( attr->a_vals[i].bv_val );
+ attr->a_vals[i] = pval;
+ }
+ }
+
+ if ( last == 0 && attr->a_vals != &slap_dummy_bv ) {
+ attr_free( attr );
+ goto next_attr;
+ }
+ }
+
+ if ( last && attr->a_desc->ad_type->sat_equality &&
+ attr->a_desc->ad_type->sat_equality->smr_normalize )
+ {
+ int i;
+
+ attr->a_nvals = ch_malloc( ( last + 1 ) * sizeof( struct berval ) );
+ for ( i = 0; i<last; i++ ) {
+ attr->a_desc->ad_type->sat_equality->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ attr->a_desc->ad_type->sat_syntax,
+ attr->a_desc->ad_type->sat_equality,
+ &attr->a_vals[i], &attr->a_nvals[i],
+ NULL );
+ }
+ BER_BVZERO( &attr->a_nvals[i] );
+
+ } else {
+ attr->a_nvals = attr->a_vals;
+ }
+
+ *attrp = attr;
+ attrp = &attr->a_next;
+next_attr:;
+ }
+ rs->sr_entry = &ent;
+ rs->sr_attrs = op->ors_attrs;
+ rs->sr_flags = 0;
+ rs->sr_err = LDAP_SUCCESS;
+ rc = send_search_entry( op, rs );
+ switch ( rc ) {
+ case LDAP_UNAVAILABLE:
+ rc = LDAP_OTHER;
+ break;
+ }
+ rs->sr_entry = NULL;
+ rs->sr_attrs = NULL;
+
+ if ( !BER_BVISNULL( &ent.e_name ) ) {
+ free( ent.e_name.bv_val );
+ BER_BVZERO( &ent.e_name );
+ }
+ if ( !BER_BVISNULL( &ent.e_nname ) ) {
+ free( ent.e_nname.bv_val );
+ BER_BVZERO( &ent.e_nname );
+ }
+ entry_clean( &ent );
+
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/suffixmassage.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/suffixmassage.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/suffixmassage.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,193 @@
+/* suffixmassage.c - massages ldap backend dns */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/suffixmassage.c,v 1.1.2.7 2007/01/02 21:44:04 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+/* This is an altered version */
+
+/*
+ * Copyright 1999, Howard Chu, All rights reserved. <hyc at highlandsun.com>
+ * Copyright 2000, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
+ *
+ * Module back-ldap, originally developed by Howard Chu
+ *
+ * has been modified by Pierangelo Masarati. The original copyright
+ * notice has been maintained.
+ *
+ * Permission is granted to anyone to use this software for any purpose
+ * on any computer system, and to alter it and redistribute it, subject
+ * to the following restrictions:
+ *
+ * 1. The author is not responsible for the consequences of use of this
+ * software, no matter how awful, even if they arise from flaws in it.
+ *
+ * 2. The origin of this software must not be misrepresented, either by
+ * explicit claim or by omission. Since few users ever read sources,
+ * credits should appear in the documentation.
+ *
+ * 3. Altered versions must be plainly marked as such, and must not be
+ * misrepresented as being the original software. Since few users
+ * ever read sources, credits should appear in the documentation.
+ *
+ * 4. This notice may not be removed or altered.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+
+#ifdef ENABLE_REWRITE
+int
+ldap_back_dn_massage(
+ dncookie *dc,
+ struct berval *dn,
+ struct berval *res )
+{
+ int rc = 0;
+ static char *dmy = "";
+
+ switch ( rewrite_session( dc->target->mt_rwmap.rwm_rw, dc->ctx,
+ ( dn->bv_val ? dn->bv_val : dmy ),
+ dc->conn, &res->bv_val ) )
+ {
+ case REWRITE_REGEXEC_OK:
+ if ( res->bv_val != NULL ) {
+ res->bv_len = strlen( res->bv_val );
+ } else {
+ *res = *dn;
+ }
+ Debug( LDAP_DEBUG_ARGS,
+ "[rw] %s: \"%s\" -> \"%s\"\n",
+ dc->ctx,
+ BER_BVISNULL( dn ) ? "" : dn->bv_val,
+ BER_BVISNULL( res ) ? "" : res->bv_val );
+ rc = LDAP_SUCCESS;
+ break;
+
+ case REWRITE_REGEXEC_UNWILLING:
+ if ( dc->rs ) {
+ dc->rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ dc->rs->sr_text = "Operation not allowed";
+ }
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ break;
+
+ case REWRITE_REGEXEC_ERR:
+ if ( dc->rs ) {
+ dc->rs->sr_err = LDAP_OTHER;
+ dc->rs->sr_text = "Rewrite error";
+ }
+ rc = LDAP_OTHER;
+ break;
+ }
+
+ if ( res->bv_val == dmy ) {
+ BER_BVZERO( res );
+ }
+
+ return rc;
+}
+
+#else
+/*
+ * ldap_back_dn_massage
+ *
+ * Aliases the suffix; based on suffix_alias (servers/slapd/suffixalias.c).
+ */
+int
+ldap_back_dn_massage(
+ dncookie *dc,
+ struct berval *odn,
+ struct berval *res
+)
+{
+ int i, src, dst;
+ struct berval pretty = {0,NULL}, *dn = odn;
+
+ assert( res != NULL );
+
+ if ( dn == NULL ) {
+ res->bv_val = NULL;
+ res->bv_len = 0;
+ return 0;
+ }
+ if ( dc->target->mt_rwmap.rwm_suffix_massage == NULL ) {
+ *res = *dn;
+ return 0;
+ }
+
+ if ( dc->tofrom ) {
+ src = 0 + dc->normalized;
+ dst = 2 + dc->normalized;
+ } else {
+ src = 2 + dc->normalized;
+ dst = 0 + dc->normalized;
+ /* DN from remote server may be in arbitrary form.
+ * Pretty it so we can parse reliably.
+ */
+ dnPretty( NULL, dn, &pretty, NULL );
+ if (pretty.bv_val) dn = &pretty;
+ }
+
+ for ( i = 0;
+ dc->target->mt_rwmap.rwm_suffix_massage[i].bv_val != NULL;
+ i += 4 ) {
+ int aliasLength = dc->target->mt_rwmap.rwm_suffix_massage[i+src].bv_len;
+ int diff = dn->bv_len - aliasLength;
+
+ if ( diff < 0 ) {
+ /* alias is longer than dn */
+ continue;
+ } else if ( diff > 0 && ( !DN_SEPARATOR(dn->bv_val[diff-1]))) {
+ /* boundary is not at a DN separator */
+ continue;
+ /* At a DN Separator */
+ }
+
+ if ( !strcmp( dc->target->mt_rwmap.rwm_suffix_massage[i+src].bv_val, &dn->bv_val[diff] ) ) {
+ res->bv_len = diff + dc->target->mt_rwmap.rwm_suffix_massage[i+dst].bv_len;
+ res->bv_val = ch_malloc( res->bv_len + 1 );
+ strncpy( res->bv_val, dn->bv_val, diff );
+ strcpy( &res->bv_val[diff], dc->target->mt_rwmap.rwm_suffix_massage[i+dst].bv_val );
+ Debug( LDAP_DEBUG_ARGS,
+ "ldap_back_dn_massage:"
+ " converted \"%s\" to \"%s\"\n",
+ BER_BVISNULL( dn ) ? "" : dn->bv_val,
+ BER_BVISNULL( res ) ? "" : res->bv_val, 0 );
+ break;
+ }
+ }
+ if (pretty.bv_val) {
+ ch_free(pretty.bv_val);
+ dn = odn;
+ }
+ /* Nothing matched, just return the original DN */
+ if (res->bv_val == NULL) {
+ *res = *dn;
+ }
+
+ return 0;
+}
+#endif /* !ENABLE_REWRITE */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/unbind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/unbind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-meta/unbind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,89 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/unbind.c,v 1.11.2.14 2007/01/17 23:03:20 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+
+int
+meta_back_conn_destroy(
+ Backend *be,
+ Connection *conn )
+{
+ metainfo_t *mi = ( metainfo_t * )be->be_private;
+ metaconn_t *mc,
+ mc_curr = { 0 };
+ int i;
+
+
+ Debug( LDAP_DEBUG_TRACE,
+ "=>meta_back_conn_destroy: fetching conn=%ld DN=\"%s\"\n",
+ conn->c_connid,
+ BER_BVISNULL( &conn->c_ndn ) ? "" : conn->c_ndn.bv_val, 0 );
+
+ mc_curr.mc_conn = conn;
+
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+#if META_BACK_PRINT_CONNTREE > 0
+ meta_back_print_conntree( mi, ">>> meta_back_conn_destroy" );
+#endif /* META_BACK_PRINT_CONNTREE */
+ while ( ( mc = avl_delete( &mi->mi_conninfo.lai_tree, ( caddr_t )&mc_curr, meta_back_conn_cmp ) ) != NULL )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "=>meta_back_conn_destroy: destroying conn %ld "
+ "refcnt=%d flags=0x%08x\n",
+ LDAP_BACK_PCONN_ID( mc ),
+ mc->mc_refcnt, mc->msc_mscflags );
+
+ if ( mc->mc_refcnt > 0 ) {
+ /* someone else might be accessing the connection;
+ * mark for deletion */
+ LDAP_BACK_CONN_CACHED_CLEAR( mc );
+ LDAP_BACK_CONN_TAINTED_SET( mc );
+
+ } else {
+ meta_back_conn_free( mc );
+ }
+ }
+#if META_BACK_PRINT_CONNTREE > 0
+ meta_back_print_conntree( mi, "<<< meta_back_conn_destroy" );
+#endif /* META_BACK_PRINT_CONNTREE */
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+ /*
+ * Cleanup rewrite session
+ */
+ for ( i = 0; i < mi->mi_ntargets; ++i ) {
+ rewrite_session_delete( mi->mi_targets[ i ]->mt_rwmap.rwm_rw, conn );
+ }
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,49 @@
+# Makefile.in for back-monitor
+# $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/Makefile.in,v 1.18.2.3 2007/01/02 21:44:04 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SRCS = init.c search.c compare.c modify.c bind.c \
+ operational.c \
+ cache.c entry.c \
+ backend.c database.c thread.c conn.c rww.c log.c \
+ operation.c sent.c listener.c time.c overlay.c
+OBJS = init.lo search.lo compare.lo modify.lo bind.lo \
+ operational.lo \
+ cache.lo entry.lo \
+ backend.lo database.lo thread.lo conn.lo rww.lo log.lo \
+ operation.lo sent.lo listener.lo time.lo overlay.lo
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-monitor"
+BUILD_MOD = @BUILD_MONITOR@
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(@BUILD_MONITOR at _DEFS)
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+
+LIBBASE = back_monitor
+
+XINCPATH = -I.. -I$(srcdir)/.. -I$(srcdir)/../slapi
+XDEFS = $(MODULES_CPPFLAGS)
+
+all-local-lib: ../.backend
+
+../.backend: lib$(LIBBASE).a
+ @touch $@
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/README
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,243 @@
+MONITOR BACKEND
+
+ NAME: back-monitor
+
+ Backend for monitoring the server's activity.
+
+
+
+COMPILE AND CONFIGURATION OPTIONS
+
+It must be explicitly enabled by configuring with
+
+ --enable-monitor
+
+set; then it must be activated by placing in slapd.conf the database
+configure directive
+
+ database monitor
+
+The suffix "cn=Monitor" is implicitly activated (it cannot be given
+as a suffix of the database as usually done for conventional backends).
+Note that the "cn=Monitor" naming context appears in the rootDSE
+in the attribute monitorContext
+
+A bind operation is provided; at present it allows to bind as the
+backend rootdn. As a result, the backend supports the rootdn/rootpw
+directives (only simple bind at present).
+
+
+
+NAMING CONTEXT AND TREE STRUCTURE
+
+The backend naming context is "cn=Monitor"; the first level entries
+represent the monitored subsystems. It is implemented in a modular way,
+to ease the addition of new subsystems.
+
+
+
+SCHEMA
+
+All the subsystems get a default "cn" attribute, represented by the
+subsystem's name, and they all have "top", "monitor" and "extensibleObject"
+objectclasses.
+"extensibleObject" is used, and the "description" attribute
+is used to hold the monitor information of each entry.
+
+
+
+FUNCTIONALITY
+
+Most of the sybsystems contain an additional depth level, represented
+by detailed item monitoring.
+All the entries undergo an update operation, if a related method is
+defined, prior to being returned. Moreover, there's a mechanism to
+allow volatile entries to be defined, and generated on the fly when
+requested. As an instance, the connection statistics are updated
+at each request, while each active connection data is created on the
+fly.
+
+One nice feature of this solution is that granular ACLs can be applied
+to each entry.
+
+
+
+OPERATIONS
+
+The backend currently supports:
+
+ bind
+ compare
+ modify
+ search
+
+
+
+SUBSYSTEMS
+
+Currently some subsystems are partially supported. "Partially"
+means their entries are correctly generated, but sometimes only
+partially useful information is provided.
+
+The subsystems are:
+
+ Backends
+ Connections
+ Databases
+ Listener
+ Log
+ Operations
+ Overlays
+ SASL
+ Statistics
+ Threads
+ Time
+ TLS
+ Read/Write Waiters
+
+
+
+BACKENDS SUBSYSTEMS
+
+The main entry contains the type of backends enabled at compile time;
+the subentries, for each backend, contain the type of the backend.
+It should also contain the modules that have been loaded if dynamic
+backends are enabled.
+
+
+
+CONNECTIONS
+
+The main entry is empty; it should contain some statistics on the number
+of connections.
+Dynamic subentries are created for each open connection, with stats on
+the activity on that connection (the format will be detailed later).
+There are two special subentries that show the number of total and
+current connections respectively.
+
+
+
+DATABASES SUBSYSTEM
+
+The main entry contains the naming context of each configured database;
+the subentries contain, for each database, the type and the naming
+context.
+
+
+
+LISTENER SUBSYSTEM
+
+It contains the description of the devices the server is currently
+listening on
+
+
+
+LOG SUBSYSTEM
+
+It contains the currently active log items. The "Log" subsystem allows
+user modify operations on the "description" attribute, whose values MUST
+be in the list of admittable log switches:
+
+ Trace
+ Packets
+ Args
+ Conns
+ BER
+ Filter
+ Config (useless)
+ ACL
+ Stats
+ Stats2
+ Shell
+ Parse
+ Cache (deprecated)
+ Index
+
+These values can be added, replaced or deleted; they affect what
+messages are sent to the syslog device.
+
+
+
+OPERATIONS SUBSYSTEM
+
+It shows some statistics on the operations performed by the server:
+
+ Initiated
+ Completed
+
+and for each operation type, i.e.:
+
+ Bind
+ Unbind
+ Add
+ Delete
+ Modrdn
+ Modify
+ Compare
+ Search
+ Abandon
+ Extended
+
+
+
+OVERLAYS SUBSYSTEM
+
+The main entry contains the type of overlays available at run-time;
+the subentries, for each overlay, contain the type of the overlay.
+It should also contain the modules that have been loaded if dynamic
+overlays are enabled.
+
+
+
+SASL
+
+Currently empty.
+
+
+
+STATISTICS SUBSYSTEM
+
+It shows some statistics on the data sent by the server:
+
+ Bytes
+ PDU
+ Entries
+ Referrals
+
+
+
+THREADS SUBSYSTEM
+
+It contains the maximum number of threads enabled at startup and the
+current backload.
+
+
+
+TIME SUBSYSTEM
+
+It contains two subentries with the start time and the current time
+of the server.
+
+
+
+TLS
+
+Currently empty.
+
+
+
+READ/WRITE WAITERS SUBSYSTEM
+
+It contains the number of current read waiters.
+
+
+
+NOTES
+
+This document is in a very early stage of maturity and will
+probably be rewritten many times before the monitor backend is released.
+
+
+
+AUTHOR: Pierangelo Masarati <ando at OpenLDAP.org>
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/back-monitor.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/back-monitor.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/back-monitor.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,275 @@
+/* back-monitor.h - ldap monitor back-end header file */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/back-monitor.h,v 1.39.2.7 2007/01/02 21:44:04 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#ifndef _BACK_MONITOR_H_
+#define _BACK_MONITOR_H_
+
+#include <ldap_pvt.h>
+#include <ldap_pvt_thread.h>
+#include <avl.h>
+#include <slap.h>
+
+LDAP_BEGIN_DECL
+
+/* define if si_ad_labeledURI is removed from slap_schema */
+#undef MONITOR_DEFINE_LABELEDURI
+
+typedef struct monitor_callback_t {
+ int (*mc_update)( Operation *op, SlapReply *rs, Entry *e, void *priv );
+ /* update callback
+ for user-defined entries */
+ int (*mc_modify)( Operation *op, SlapReply *rs, Entry *e, void *priv );
+ /* modify callback
+ for user-defined entries */
+ int (*mc_free)( Entry *e, void *priv );
+ /* delete callback
+ for user-defined entries */
+ void *mc_private; /* opaque pointer to
+ private data */
+ struct monitor_callback_t *mc_next;
+} monitor_callback_t;
+
+
+typedef struct monitor_entry_t {
+ ldap_pvt_thread_mutex_t mp_mutex; /* entry mutex */
+ Entry *mp_next; /* pointer to next sibling */
+ Entry *mp_children; /* pointer to first child */
+ struct monitor_subsys_t *mp_info; /* subsystem info */
+#define mp_type mp_info->mss_type
+ unsigned long mp_flags; /* flags */
+
+#define MONITOR_F_NONE 0x0000U
+#define MONITOR_F_SUB 0x0001U /* subentry of subsystem */
+#define MONITOR_F_PERSISTENT 0x0010U /* persistent entry */
+#define MONITOR_F_PERSISTENT_CH 0x0020U /* subsystem generates
+ persistent entries */
+#define MONITOR_F_VOLATILE 0x0040U /* volatile entry */
+#define MONITOR_F_VOLATILE_CH 0x0080U /* subsystem generates
+ volatile entries */
+#define MONITOR_F_EXTERNAL 0x0100U /* externally added - don't free */
+/* NOTE: flags with 0xF0000000U mask are reserved for subsystem internals */
+
+ struct monitor_callback_t *mp_cb; /* callback sequence */
+} monitor_entry_t;
+
+typedef struct monitor_info_t {
+
+ /*
+ * Internal data
+ */
+ Avlnode *mi_cache;
+ ldap_pvt_thread_mutex_t mi_cache_mutex;
+
+ /*
+ * Config parameters
+ */
+ struct berval mi_startTime; /* don't free it! */
+ struct berval mi_creatorsName; /* don't free it! */
+
+ /*
+ * Specific schema entities
+ */
+ ObjectClass *mi_oc_monitor;
+ ObjectClass *mi_oc_monitorServer;
+ ObjectClass *mi_oc_monitorContainer;
+ ObjectClass *mi_oc_monitorCounterObject;
+ ObjectClass *mi_oc_monitorOperation;
+ ObjectClass *mi_oc_monitorConnection;
+ ObjectClass *mi_oc_managedObject;
+ ObjectClass *mi_oc_monitoredObject;
+
+ AttributeDescription *mi_ad_monitoredInfo;
+ AttributeDescription *mi_ad_managedInfo;
+ AttributeDescription *mi_ad_monitorCounter;
+ AttributeDescription *mi_ad_monitorOpCompleted;
+ AttributeDescription *mi_ad_monitorOpInitiated;
+ AttributeDescription *mi_ad_monitorConnectionNumber;
+ AttributeDescription *mi_ad_monitorConnectionAuthzDN;
+ AttributeDescription *mi_ad_monitorConnectionLocalAddress;
+ AttributeDescription *mi_ad_monitorConnectionPeerAddress;
+ AttributeDescription *mi_ad_monitorTimestamp;
+ AttributeDescription *mi_ad_monitorOverlay;
+ AttributeDescription *mi_ad_monitorConnectionProtocol;
+ AttributeDescription *mi_ad_monitorConnectionOpsReceived;
+ AttributeDescription *mi_ad_monitorConnectionOpsExecuting;
+ AttributeDescription *mi_ad_monitorConnectionOpsPending;
+ AttributeDescription *mi_ad_monitorConnectionOpsCompleted;
+ AttributeDescription *mi_ad_monitorConnectionGet;
+ AttributeDescription *mi_ad_monitorConnectionRead;
+ AttributeDescription *mi_ad_monitorConnectionWrite;
+ AttributeDescription *mi_ad_monitorConnectionMask;
+ AttributeDescription *mi_ad_monitorConnectionListener;
+ AttributeDescription *mi_ad_monitorConnectionPeerDomain;
+ AttributeDescription *mi_ad_monitorConnectionStartTime;
+ AttributeDescription *mi_ad_monitorConnectionActivityTime;
+ AttributeDescription *mi_ad_monitorIsShadow;
+ AttributeDescription *mi_ad_monitorUpdateRef;
+ AttributeDescription *mi_ad_monitorRuntimeConfig;
+
+ /*
+ * Generic description attribute
+ */
+ AttributeDescription *mi_ad_readOnly;
+ AttributeDescription *mi_ad_restrictedOperation;
+
+ void *mi_entry_limbo;
+} monitor_info_t;
+
+/*
+ * DNs
+ */
+
+enum {
+ SLAPD_MONITOR_BACKEND = 0,
+ SLAPD_MONITOR_CONN,
+ SLAPD_MONITOR_DATABASE,
+ SLAPD_MONITOR_LISTENER,
+ SLAPD_MONITOR_LOG,
+ SLAPD_MONITOR_OPS,
+ SLAPD_MONITOR_OVERLAY,
+ SLAPD_MONITOR_SASL,
+ SLAPD_MONITOR_SENT,
+ SLAPD_MONITOR_THREAD,
+ SLAPD_MONITOR_TIME,
+ SLAPD_MONITOR_TLS,
+ SLAPD_MONITOR_RWW,
+
+ SLAPD_MONITOR_LAST
+};
+
+#define SLAPD_MONITOR_AT "cn"
+
+#define SLAPD_MONITOR_BACKEND_NAME "Backends"
+#define SLAPD_MONITOR_BACKEND_RDN \
+ SLAPD_MONITOR_AT "=" SLAPD_MONITOR_BACKEND_NAME
+#define SLAPD_MONITOR_BACKEND_DN \
+ SLAPD_MONITOR_BACKEND_RDN "," SLAPD_MONITOR_DN
+
+#define SLAPD_MONITOR_CONN_NAME "Connections"
+#define SLAPD_MONITOR_CONN_RDN \
+ SLAPD_MONITOR_AT "=" SLAPD_MONITOR_CONN_NAME
+#define SLAPD_MONITOR_CONN_DN \
+ SLAPD_MONITOR_CONN_RDN "," SLAPD_MONITOR_DN
+
+#define SLAPD_MONITOR_DATABASE_NAME "Databases"
+#define SLAPD_MONITOR_DATABASE_RDN \
+ SLAPD_MONITOR_AT "=" SLAPD_MONITOR_DATABASE_NAME
+#define SLAPD_MONITOR_DATABASE_DN \
+ SLAPD_MONITOR_DATABASE_RDN "," SLAPD_MONITOR_DN
+
+#define SLAPD_MONITOR_LISTENER_NAME "Listeners"
+#define SLAPD_MONITOR_LISTENER_RDN \
+ SLAPD_MONITOR_AT "=" SLAPD_MONITOR_LISTENER_NAME
+#define SLAPD_MONITOR_LISTENER_DN \
+ SLAPD_MONITOR_LISTENER_RDN "," SLAPD_MONITOR_DN
+
+#define SLAPD_MONITOR_LOG_NAME "Log"
+#define SLAPD_MONITOR_LOG_RDN \
+ SLAPD_MONITOR_AT "=" SLAPD_MONITOR_LOG_NAME
+#define SLAPD_MONITOR_LOG_DN \
+ SLAPD_MONITOR_LOG_RDN "," SLAPD_MONITOR_DN
+
+#define SLAPD_MONITOR_OPS_NAME "Operations"
+#define SLAPD_MONITOR_OPS_RDN \
+ SLAPD_MONITOR_AT "=" SLAPD_MONITOR_OPS_NAME
+#define SLAPD_MONITOR_OPS_DN \
+ SLAPD_MONITOR_OPS_RDN "," SLAPD_MONITOR_DN
+
+#define SLAPD_MONITOR_OVERLAY_NAME "Overlays"
+#define SLAPD_MONITOR_OVERLAY_RDN \
+ SLAPD_MONITOR_AT "=" SLAPD_MONITOR_OVERLAY_NAME
+#define SLAPD_MONITOR_OVERLAY_DN \
+ SLAPD_MONITOR_OVERLAY_RDN "," SLAPD_MONITOR_DN
+
+#define SLAPD_MONITOR_SASL_NAME "SASL"
+#define SLAPD_MONITOR_SASL_RDN \
+ SLAPD_MONITOR_AT "=" SLAPD_MONITOR_SASL_NAME
+#define SLAPD_MONITOR_SASL_DN \
+ SLAPD_MONITOR_SASL_RDN "," SLAPD_MONITOR_DN
+
+#define SLAPD_MONITOR_SENT_NAME "Statistics"
+#define SLAPD_MONITOR_SENT_RDN \
+ SLAPD_MONITOR_AT "=" SLAPD_MONITOR_SENT_NAME
+#define SLAPD_MONITOR_SENT_DN \
+ SLAPD_MONITOR_SENT_RDN "," SLAPD_MONITOR_DN
+
+#define SLAPD_MONITOR_THREAD_NAME "Threads"
+#define SLAPD_MONITOR_THREAD_RDN \
+ SLAPD_MONITOR_AT "=" SLAPD_MONITOR_THREAD_NAME
+#define SLAPD_MONITOR_THREAD_DN \
+ SLAPD_MONITOR_THREAD_RDN "," SLAPD_MONITOR_DN
+
+#define SLAPD_MONITOR_TIME_NAME "Time"
+#define SLAPD_MONITOR_TIME_RDN \
+ SLAPD_MONITOR_AT "=" SLAPD_MONITOR_TIME_NAME
+#define SLAPD_MONITOR_TIME_DN \
+ SLAPD_MONITOR_TIME_RDN "," SLAPD_MONITOR_DN
+
+#define SLAPD_MONITOR_TLS_NAME "TLS"
+#define SLAPD_MONITOR_TLS_RDN \
+ SLAPD_MONITOR_AT "=" SLAPD_MONITOR_TLS_NAME
+#define SLAPD_MONITOR_TLS_DN \
+ SLAPD_MONITOR_TLS_RDN "," SLAPD_MONITOR_DN
+
+#define SLAPD_MONITOR_RWW_NAME "Waiters"
+#define SLAPD_MONITOR_RWW_RDN \
+ SLAPD_MONITOR_AT "=" SLAPD_MONITOR_RWW_NAME
+#define SLAPD_MONITOR_RWW_DN \
+ SLAPD_MONITOR_RWW_RDN "," SLAPD_MONITOR_DN
+
+typedef struct monitor_subsys_t {
+ char *mss_name;
+ struct berval mss_rdn;
+ struct berval mss_dn;
+ struct berval mss_ndn;
+ struct berval mss_desc[ 3 ];
+ int mss_flags;
+#define MONITOR_F_OPENED 0x10000000U
+
+#define MONITOR_HAS_VOLATILE_CH( mp ) \
+ ( ( mp )->mp_flags & MONITOR_F_VOLATILE_CH )
+#define MONITOR_HAS_CHILDREN( mp ) \
+ ( ( mp )->mp_children || MONITOR_HAS_VOLATILE_CH( mp ) )
+
+ /* initialize entry and subentries */
+ int ( *mss_open )( BackendDB *, struct monitor_subsys_t *ms );
+ /* destroy structure */
+ int ( *mss_destroy )( BackendDB *, struct monitor_subsys_t *ms );
+ /* update existing dynamic entry and subentries */
+ int ( *mss_update )( Operation *, SlapReply *, Entry * );
+ /* create new dynamic subentries */
+ int ( *mss_create )( Operation *, SlapReply *,
+ struct berval *ndn, Entry *, Entry ** );
+ /* modify entry and subentries */
+ int ( *mss_modify )( Operation *, SlapReply *, Entry * );
+} monitor_subsys_t;
+
+extern BackendDB *be_monitor;
+
+/* increase this bufsize if entries in string form get too big */
+#define BACKMONITOR_BUFSIZE 8192
+
+LDAP_END_DECL
+
+#include "proto-back-monitor.h"
+
+#endif /* _back_monitor_h_ */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/backend.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/backend.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/backend.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,174 @@
+/* backend.c - deals with backend subsystem */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/backend.c,v 1.33.2.5 2007/01/02 21:44:04 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-monitor.h"
+
+/*
+ * initializes backend subentries
+ */
+int
+monitor_subsys_backend_init(
+ BackendDB *be,
+ monitor_subsys_t *ms
+)
+{
+ monitor_info_t *mi;
+ Entry *e_backend, **ep;
+ int i;
+ monitor_entry_t *mp;
+ monitor_subsys_t *ms_database;
+ BackendInfo *bi;
+
+ mi = ( monitor_info_t * )be->be_private;
+
+ ms_database = monitor_back_get_subsys( SLAPD_MONITOR_DATABASE_NAME );
+ if ( ms_database == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_backend_init: "
+ "unable to get "
+ "\"" SLAPD_MONITOR_DATABASE_NAME "\" "
+ "subsystem\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ if ( monitor_cache_get( mi, &ms->mss_ndn, &e_backend ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_backend_init: "
+ "unable to get entry \"%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ mp = ( monitor_entry_t * )e_backend->e_private;
+ mp->mp_children = NULL;
+ ep = &mp->mp_children;
+
+ i = -1;
+ LDAP_STAILQ_FOREACH( bi, &backendInfo, bi_next ) {
+ char buf[ BACKMONITOR_BUFSIZE ];
+ BackendDB *be;
+ struct berval bv;
+ int j;
+ Entry *e;
+
+ i++;
+
+ snprintf( buf, sizeof( buf ),
+ "dn: cn=Backend %d,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: Backend %d\n"
+ "%s: %s\n"
+ "%s: %s\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ i,
+ ms->mss_dn.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ i,
+ mi->mi_ad_monitoredInfo->ad_cname.bv_val,
+ bi->bi_type,
+ mi->mi_ad_monitorRuntimeConfig->ad_cname.bv_val,
+ bi->bi_cf_ocs == NULL ? "FALSE" : "TRUE",
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_backend_init: "
+ "unable to create entry \"cn=Backend %d,%s\"\n",
+ i, ms->mss_ndn.bv_val, 0 );
+ return( -1 );
+ }
+
+ ber_str2bv( bi->bi_type, 0, 0, &bv );
+ attr_merge_normalize_one( e_backend, mi->mi_ad_monitoredInfo,
+ &bv, NULL );
+
+ if ( bi->bi_controls ) {
+ int j;
+
+ for ( j = 0; bi->bi_controls[ j ]; j++ ) {
+ ber_str2bv( bi->bi_controls[ j ], 0, 0, &bv );
+ attr_merge_one( e, slap_schema.si_ad_supportedControl,
+ &bv, &bv );
+ }
+ }
+
+ j = -1;
+ LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
+ char buf[ SLAP_LDAPDN_MAXLEN ];
+ struct berval dn;
+
+ j++;
+
+ if ( be->bd_info != bi ) {
+ continue;
+ }
+
+ snprintf( buf, sizeof( buf ), "cn=Database %d,%s",
+ j, ms_database->mss_dn.bv_val );
+
+ ber_str2bv( buf, 0, 0, &dn );
+ attr_merge_normalize_one( e, slap_schema.si_ad_seeAlso,
+ &dn, NULL );
+ }
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = ms;
+ mp->mp_flags = ms->mss_flags | MONITOR_F_SUB;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_backend_init: "
+ "unable to add entry \"cn=Backend %d,%s\"\n",
+ i,
+ ms->mss_ndn.bv_val, 0 );
+ return( -1 );
+ }
+
+ *ep = e;
+ ep = &mp->mp_next;
+ }
+
+ monitor_cache_release( mi, e_backend );
+
+ return( 0 );
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/bind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/bind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/bind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,51 @@
+/* bind.c - monitor backend bind routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/bind.c,v 1.14.2.4 2007/01/02 21:44:04 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <slap.h>
+#include "back-monitor.h"
+
+/*
+ * At present, only rootdn can bind with simple bind
+ */
+
+int
+monitor_back_bind( Operation *op, SlapReply *rs )
+{
+ Debug(LDAP_DEBUG_ARGS, "==> monitor_back_bind: dn: %s\n",
+ op->o_req_dn.bv_val, 0, 0 );
+
+ if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE
+ && be_isroot_pw( op ) )
+ {
+ ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) );
+ return LDAP_SUCCESS;
+ }
+
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ send_ldap_result( op, rs );
+
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/cache.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/cache.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/cache.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,307 @@
+/* cache.c - routines to maintain an in-core cache of entries */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/cache.c,v 1.19.2.6 2007/01/02 21:44:04 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include "ac/string.h"
+
+#include "slap.h"
+
+#include "back-monitor.h"
+
+/*
+ * The cache maps DNs to Entries.
+ * Each entry, on turn, holds the list of its children in the e_private field.
+ * This is used by search operation to perform onelevel and subtree candidate
+ * selection.
+ */
+typedef struct monitor_cache_t {
+ struct berval mc_ndn;
+ Entry *mc_e;
+} monitor_cache_t;
+
+/*
+ * compares entries based on the dn
+ */
+int
+monitor_cache_cmp(
+ const void *c1,
+ const void *c2 )
+{
+ monitor_cache_t *cc1 = ( monitor_cache_t * )c1;
+ monitor_cache_t *cc2 = ( monitor_cache_t * )c2;
+
+ /*
+ * case sensitive, because the dn MUST be normalized
+ */
+ return ber_bvcmp( &cc1->mc_ndn, &cc2->mc_ndn );
+}
+
+/*
+ * checks for duplicate entries
+ */
+int
+monitor_cache_dup(
+ void *c1,
+ void *c2 )
+{
+ monitor_cache_t *cc1 = ( monitor_cache_t * )c1;
+ monitor_cache_t *cc2 = ( monitor_cache_t * )c2;
+
+ /*
+ * case sensitive, because the dn MUST be normalized
+ */
+ return ber_bvcmp( &cc1->mc_ndn, &cc2->mc_ndn ) == 0 ? -1 : 0;
+}
+
+/*
+ * adds an entry to the cache and inits the mutex
+ */
+int
+monitor_cache_add(
+ monitor_info_t *mi,
+ Entry *e )
+{
+ monitor_cache_t *mc;
+ monitor_entry_t *mp;
+ int rc;
+
+ assert( mi != NULL );
+ assert( e != NULL );
+
+ mp = ( monitor_entry_t *)e->e_private;
+
+ mc = ( monitor_cache_t * )ch_malloc( sizeof( monitor_cache_t ) );
+ mc->mc_ndn = e->e_nname;
+ mc->mc_e = e;
+ ldap_pvt_thread_mutex_lock( &mi->mi_cache_mutex );
+ rc = avl_insert( &mi->mi_cache, ( caddr_t )mc,
+ monitor_cache_cmp, monitor_cache_dup );
+ ldap_pvt_thread_mutex_unlock( &mi->mi_cache_mutex );
+
+ return rc;
+}
+
+/*
+ * locks the entry (no r/w)
+ */
+int
+monitor_cache_lock(
+ Entry *e )
+{
+ monitor_entry_t *mp;
+
+ assert( e != NULL );
+ assert( e->e_private != NULL );
+
+ mp = ( monitor_entry_t * )e->e_private;
+ ldap_pvt_thread_mutex_lock( &mp->mp_mutex );
+
+ return( 0 );
+}
+
+/*
+ * gets an entry from the cache based on the normalized dn
+ * with mutex locked
+ */
+int
+monitor_cache_get(
+ monitor_info_t *mi,
+ struct berval *ndn,
+ Entry **ep )
+{
+ monitor_cache_t tmp_mc, *mc;
+
+ assert( mi != NULL );
+ assert( ndn != NULL );
+ assert( ep != NULL );
+
+ *ep = NULL;
+
+ tmp_mc.mc_ndn = *ndn;
+ ldap_pvt_thread_mutex_lock( &mi->mi_cache_mutex );
+ mc = ( monitor_cache_t * )avl_find( mi->mi_cache,
+ ( caddr_t )&tmp_mc, monitor_cache_cmp );
+
+ if ( mc != NULL ) {
+ /* entry is returned with mutex locked */
+ monitor_cache_lock( mc->mc_e );
+ *ep = mc->mc_e;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &mi->mi_cache_mutex );
+
+ return ( *ep == NULL ? -1 : 0 );
+}
+
+/*
+ * If the entry exists in cache, it is returned in locked status;
+ * otherwise, if the parent exists, if it may generate volatile
+ * descendants an attempt to generate the required entry is
+ * performed and, if successful, the entry is returned
+ */
+int
+monitor_cache_dn2entry(
+ Operation *op,
+ SlapReply *rs,
+ struct berval *ndn,
+ Entry **ep,
+ Entry **matched )
+{
+ monitor_info_t *mi = (monitor_info_t *)op->o_bd->be_private;
+ int rc;
+ struct berval p_ndn = BER_BVNULL;
+ Entry *e_parent;
+ monitor_entry_t *mp;
+
+ assert( mi != NULL );
+ assert( ndn != NULL );
+ assert( ep != NULL );
+ assert( matched != NULL );
+
+ *matched = NULL;
+
+ if ( !dnIsSuffix( ndn, &op->o_bd->be_nsuffix[ 0 ] ) ) {
+ return( -1 );
+ }
+
+ rc = monitor_cache_get( mi, ndn, ep );
+ if ( !rc && *ep != NULL ) {
+ return( 0 );
+ }
+
+ /* try with parent/ancestors */
+ if ( BER_BVISNULL( ndn ) ) {
+ BER_BVSTR( &p_ndn, "" );
+
+ } else {
+ dnParent( ndn, &p_ndn );
+ }
+
+ rc = monitor_cache_dn2entry( op, rs, &p_ndn, &e_parent, matched );
+ if ( rc || e_parent == NULL ) {
+ return( -1 );
+ }
+
+ mp = ( monitor_entry_t * )e_parent->e_private;
+ rc = -1;
+ if ( mp->mp_flags & MONITOR_F_VOLATILE_CH ) {
+ /* parent entry generates volatile children */
+ rc = monitor_entry_create( op, rs, ndn, e_parent, ep );
+ }
+
+ if ( !rc ) {
+ monitor_cache_lock( *ep );
+ monitor_cache_release( mi, e_parent );
+
+ } else {
+ *matched = e_parent;
+ }
+
+ return( rc );
+}
+
+/*
+ * releases the lock of the entry; if it is marked as volatile, it is
+ * destroyed.
+ */
+int
+monitor_cache_release(
+ monitor_info_t *mi,
+ Entry *e )
+{
+ monitor_entry_t *mp;
+
+ assert( mi != NULL );
+ assert( e != NULL );
+ assert( e->e_private != NULL );
+
+ mp = ( monitor_entry_t * )e->e_private;
+
+ if ( mp->mp_flags & MONITOR_F_VOLATILE ) {
+ monitor_cache_t *mc, tmp_mc;
+
+ /* volatile entries do not return to cache */
+ ldap_pvt_thread_mutex_lock( &mi->mi_cache_mutex );
+ tmp_mc.mc_ndn = e->e_nname;
+ mc = avl_delete( &mi->mi_cache,
+ ( caddr_t )&tmp_mc, monitor_cache_cmp );
+ ldap_pvt_thread_mutex_unlock( &mi->mi_cache_mutex );
+ if ( mc != NULL ) {
+ ch_free( mc );
+ }
+
+ ldap_pvt_thread_mutex_unlock( &mp->mp_mutex );
+ ldap_pvt_thread_mutex_destroy( &mp->mp_mutex );
+ ch_free( mp );
+ e->e_private = NULL;
+ entry_free( e );
+
+ return( 0 );
+ }
+
+ ldap_pvt_thread_mutex_unlock( &mp->mp_mutex );
+
+ return( 0 );
+}
+
+static void
+monitor_entry_destroy( void *v_mc )
+{
+ monitor_cache_t *mc = (monitor_cache_t *)v_mc;
+
+ if ( mc->mc_e != NULL ) {
+ monitor_entry_t *mp;
+
+ assert( mc->mc_e->e_private != NULL );
+
+ mp = ( monitor_entry_t * )mc->mc_e->e_private;
+
+ if ( mp->mp_cb ) {
+ if ( mp->mp_cb->mc_free ) {
+ mp->mp_cb->mc_free( mc->mc_e,
+ mp->mp_cb->mc_private );
+ }
+ ch_free( mp->mp_cb );
+ }
+
+ ldap_pvt_thread_mutex_destroy( &mp->mp_mutex );
+
+ ch_free( mp );
+ mc->mc_e->e_private = NULL;
+ entry_free( mc->mc_e );
+ }
+
+ ch_free( mc );
+}
+
+int
+monitor_cache_destroy(
+ monitor_info_t *mi )
+{
+ if ( mi->mi_cache ) {
+ avl_free( mi->mi_cache, monitor_entry_destroy );
+ }
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/compare.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/compare.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/compare.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,117 @@
+/* compare.c - monitor backend compare routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/compare.c,v 1.20.2.4 2007/01/02 21:44:04 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <slap.h>
+#include "back-monitor.h"
+
+int
+monitor_back_compare( struct slap_op *op, struct slap_rep *rs)
+{
+ monitor_info_t *mi = ( monitor_info_t * ) op->o_bd->be_private;
+ Entry *e, *matched = NULL;
+ Attribute *a;
+ int rc;
+
+ /* get entry with reader lock */
+ monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched );
+ if ( e == NULL ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ if ( matched ) {
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !access_allowed_mask( op, matched,
+ slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL, NULL ) )
+ {
+ /* do nothing */ ;
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ rs->sr_matched = matched->e_dn;
+ }
+ }
+ send_ldap_result( op, rs );
+ if ( matched ) {
+ monitor_cache_release( mi, matched );
+ rs->sr_matched = NULL;
+ }
+
+ return rs->sr_err;
+ }
+
+ rs->sr_err = access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
+ &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
+ if ( !rs->sr_err ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+
+ rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
+
+ for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
+ a != NULL;
+ a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc )) {
+ rs->sr_err = LDAP_COMPARE_FALSE;
+
+ if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ a->a_nvals, &op->oq_compare.rs_ava->aa_value,
+ op->o_tmpmemctx ) == 0 )
+ {
+ rs->sr_err = LDAP_COMPARE_TRUE;
+ break;
+ }
+ }
+
+return_results:;
+ rc = rs->sr_err;
+ switch ( rc ) {
+ case LDAP_COMPARE_FALSE:
+ case LDAP_COMPARE_TRUE:
+ rc = LDAP_SUCCESS;
+ break;
+
+ case LDAP_NO_SUCH_ATTRIBUTE:
+ break;
+
+ default:
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ break;
+ }
+
+ send_ldap_result( op, rs );
+ rs->sr_err = rc;
+
+ monitor_cache_release( mi, e );
+
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/conn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/conn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/conn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,591 @@
+/* conn.c - deal with connection subsystem */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/conn.c,v 1.56.2.7 2007/01/23 00:34:13 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "lutil.h"
+#include "back-monitor.h"
+
+#ifndef LDAP_DEVEL
+#define MONITOR_LEGACY_CONN
+#endif
+
+static int
+monitor_subsys_conn_update(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e );
+
+static int
+monitor_subsys_conn_create(
+ Operation *op,
+ SlapReply *rs,
+ struct berval *ndn,
+ Entry *e_parent,
+ Entry **ep );
+
+int
+monitor_subsys_conn_init(
+ BackendDB *be,
+ monitor_subsys_t *ms )
+{
+ monitor_info_t *mi;
+ Entry *e, **ep, *e_conn;
+ monitor_entry_t *mp;
+ char buf[ BACKMONITOR_BUFSIZE ];
+ struct berval bv;
+
+ assert( be != NULL );
+
+ ms->mss_update = monitor_subsys_conn_update;
+ ms->mss_create = monitor_subsys_conn_create;
+
+ mi = ( monitor_info_t * )be->be_private;
+
+ if ( monitor_cache_get( mi, &ms->mss_ndn, &e_conn ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_conn_init: "
+ "unable to get entry \"%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ mp = ( monitor_entry_t * )e_conn->e_private;
+ mp->mp_children = NULL;
+ ep = &mp->mp_children;
+
+ /*
+ * Total conns
+ */
+ snprintf( buf, sizeof( buf ),
+ "dn: cn=Total,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: Total\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ ms->mss_dn.bv_val,
+ mi->mi_oc_monitorCounterObject->soc_cname.bv_val,
+ mi->mi_oc_monitorCounterObject->soc_cname.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_conn_init: "
+ "unable to create entry \"cn=Total,%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ BER_BVSTR( &bv, "0" );
+ attr_merge_one( e, mi->mi_ad_monitorCounter, &bv, &bv );
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = ms;
+ mp->mp_flags = ms->mss_flags \
+ | MONITOR_F_SUB | MONITOR_F_PERSISTENT;
+ mp->mp_flags &= ~MONITOR_F_VOLATILE_CH;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_conn_init: "
+ "unable to add entry \"cn=Total,%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ *ep = e;
+ ep = &mp->mp_next;
+
+ /*
+ * Current conns
+ */
+ snprintf( buf, sizeof( buf ),
+ "dn: cn=Current,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: Current\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ ms->mss_dn.bv_val,
+ mi->mi_oc_monitorCounterObject->soc_cname.bv_val,
+ mi->mi_oc_monitorCounterObject->soc_cname.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_conn_init: "
+ "unable to create entry \"cn=Current,%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ BER_BVSTR( &bv, "0" );
+ attr_merge_one( e, mi->mi_ad_monitorCounter, &bv, &bv );
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = ms;
+ mp->mp_flags = ms->mss_flags \
+ | MONITOR_F_SUB | MONITOR_F_PERSISTENT;
+ mp->mp_flags &= ~MONITOR_F_VOLATILE_CH;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_conn_init: "
+ "unable to add entry \"cn=Current,%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ *ep = e;
+ ep = &mp->mp_next;
+
+ monitor_cache_release( mi, e_conn );
+
+ return( 0 );
+}
+
+static int
+monitor_subsys_conn_update(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e )
+{
+ monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
+
+ long n = -1;
+ static struct berval total_bv = BER_BVC( "cn=total" ),
+ current_bv = BER_BVC( "cn=current" );
+ struct berval rdn;
+
+ assert( mi != NULL );
+ assert( e != NULL );
+
+ dnRdn( &e->e_nname, &rdn );
+
+ if ( dn_match( &rdn, &total_bv ) ) {
+ n = connections_nextid();
+
+ } else if ( dn_match( &rdn, ¤t_bv ) ) {
+ Connection *c;
+ int connindex;
+
+ for ( n = 0, c = connection_first( &connindex );
+ c != NULL;
+ n++, c = connection_next( c, &connindex ) ) {
+ /* No Op */ ;
+ }
+ connection_done( c );
+ }
+
+ if ( n != -1 ) {
+ Attribute *a;
+ char buf[] = "+9223372036854775807L";
+ ber_len_t len;
+
+ a = attr_find( e->e_attrs, mi->mi_ad_monitorCounter );
+ if ( a == NULL ) {
+ return( -1 );
+ }
+
+ snprintf( buf, sizeof( buf ), "%ld", n );
+ len = strlen( buf );
+ if ( len > a->a_vals[ 0 ].bv_len ) {
+ a->a_vals[ 0 ].bv_val = ber_memrealloc( a->a_vals[ 0 ].bv_val, len + 1 );
+ }
+ a->a_vals[ 0 ].bv_len = len;
+ AC_MEMCPY( a->a_vals[ 0 ].bv_val, buf, len + 1 );
+
+ /* FIXME: touch modifyTimestamp? */
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+conn_create(
+ monitor_info_t *mi,
+ Connection *c,
+ Entry **ep,
+ monitor_subsys_t *ms )
+{
+ monitor_entry_t *mp;
+ struct tm *ltm;
+ char buf[ BACKMONITOR_BUFSIZE ];
+ char buf2[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+ char buf3[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+
+ Entry *e;
+
+ struct tm *ctm;
+ char ctmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+ struct tm *mtm;
+ char mtmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+#ifdef HAVE_GMTIME_R
+ struct tm tm_buf;
+#endif /* HAVE_GMTIME_R */
+
+ assert( c != NULL );
+ assert( ep != NULL );
+
+#ifndef HAVE_GMTIME_R
+ ldap_pvt_thread_mutex_lock( &gmtime_mutex );
+#endif
+#ifdef HACK_LOCAL_TIME
+# ifdef HAVE_LOCALTIME_R
+ ctm = localtime_r( &c->c_starttime, &tm_buf );
+ lutil_localtime( ctmbuf, sizeof( ctmbuf ), ctm, -timezone );
+ mtm = localtime_r( &c->c_activitytime, &tm_buf );
+ lutil_localtime( mtmbuf, sizeof( mtmbuf ), mtm, -timezone );
+# else
+ ctm = localtime( &c->c_starttime );
+ lutil_localtime( ctmbuf, sizeof( ctmbuf ), ctm, -timezone );
+ mtm = localtime( &c->c_activitytime );
+ lutil_localtime( mtmbuf, sizeof( mtmbuf ), mtm, -timezone );
+# endif /* HAVE_LOCALTIME_R */
+#else /* !HACK_LOCAL_TIME */
+# ifdef HAVE_GMTIME_R
+ ctm = gmtime_r( &c->c_starttime, &tm_buf );
+ lutil_gentime( ctmbuf, sizeof( ctmbuf ), ctm );
+ mtm = gmtime_r( &c->c_activitytime, &tm_buf );
+ lutil_gentime( mtmbuf, sizeof( mtmbuf ), mtm );
+# else
+ ctm = gmtime( &c->c_starttime );
+ lutil_gentime( ctmbuf, sizeof( ctmbuf ), ctm );
+ mtm = gmtime( &c->c_activitytime );
+ lutil_gentime( mtmbuf, sizeof( mtmbuf ), mtm );
+# endif /* HAVE_GMTIME_R */
+#endif /* !HACK_LOCAL_TIME */
+#ifndef HAVE_GMTIME_R
+ ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
+#endif
+
+#ifndef HAVE_GMTIME_R
+ ldap_pvt_thread_mutex_lock( &gmtime_mutex );
+#endif
+
+#ifdef HAVE_GMTIME_R
+ ltm = gmtime_r( &c->c_starttime, &tm_buf );
+#else
+ ltm = gmtime( &c->c_starttime );
+#endif
+ lutil_gentime( buf2, sizeof( buf2 ), ltm );
+
+#ifdef HAVE_GMTIME_R
+ ltm = gmtime_r( &c->c_activitytime, &tm_buf );
+#else
+ ltm = gmtime( &c->c_activitytime );
+#endif
+ lutil_gentime( buf3, sizeof( buf3 ), ltm );
+
+#ifndef HAVE_GMTIME_R
+ ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
+#endif /* HAVE_GMTIME_R */
+
+ snprintf( buf, sizeof( buf ),
+ "dn: cn=Connection %ld,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: Connection %ld\n"
+
+#ifdef MONITOR_LEGACY_CONN
+ /* NOTE: this will disappear, as the exploded data
+ * has been moved to dedicated attributes */
+ "%s: "
+ "%ld "
+ ": %ld "
+ ": %ld/%ld/%ld/%ld "
+ ": %ld/%ld/%ld "
+ ": %s%s%s%s%s%s "
+ ": %s "
+ ": %s "
+ ": %s "
+ ": %s "
+ ": %s "
+ ": %s "
+ ": %s\n"
+#endif /* MONITOR_LEGACY_CONN */
+
+ "%s: %lu\n"
+ "%s: %ld\n"
+
+ "%s: %ld\n"
+ "%s: %ld\n"
+ "%s: %ld\n"
+ "%s: %ld\n"
+
+ "%s: %ld\n"
+ "%s: %ld\n"
+ "%s: %ld\n"
+
+ "%s: %s%s%s%s%s%s\n"
+
+ "%s: %s\n"
+
+ "%s: %s\n"
+ "%s: %s\n"
+ "%s: %s\n"
+ "%s: %s\n"
+
+ "%s: %s\n"
+ "%s: %s\n"
+
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ c->c_connid, ms->mss_dn.bv_val,
+ mi->mi_oc_monitorConnection->soc_cname.bv_val,
+ mi->mi_oc_monitorConnection->soc_cname.bv_val,
+ c->c_connid,
+
+#ifdef MONITOR_LEGACY_CONN
+ mi->mi_ad_monitoredInfo->ad_cname.bv_val,
+ c->c_connid,
+ (long) c->c_protocol,
+ c->c_n_ops_received, c->c_n_ops_executing,
+ c->c_n_ops_pending, c->c_n_ops_completed,
+
+ /* add low-level counters here */
+ c->c_n_get, c->c_n_read, c->c_n_write,
+
+ c->c_currentber ? "r" : "",
+ c->c_writewaiter ? "w" : "",
+ LDAP_STAILQ_EMPTY( &c->c_ops ) ? "" : "x",
+ LDAP_STAILQ_EMPTY( &c->c_pending_ops ) ? "" : "p",
+ connection_state2str( c->c_conn_state ),
+ c->c_sasl_bind_in_progress ? "S" : "",
+
+ c->c_dn.bv_len ? c->c_dn.bv_val : SLAPD_ANONYMOUS,
+
+ c->c_listener_url.bv_val,
+ BER_BVISNULL( &c->c_peer_domain )
+ ? "" : c->c_peer_domain.bv_val,
+ BER_BVISNULL( &c->c_peer_name )
+ ? "" : c->c_peer_name.bv_val,
+ c->c_sock_name.bv_val,
+
+ buf2,
+ buf3,
+#endif /* MONITOR_LEGACY_CONN */
+
+ mi->mi_ad_monitorConnectionNumber->ad_cname.bv_val,
+ c->c_connid,
+ mi->mi_ad_monitorConnectionProtocol->ad_cname.bv_val,
+ (long)c->c_protocol,
+
+ mi->mi_ad_monitorConnectionOpsReceived->ad_cname.bv_val,
+ c->c_n_ops_received,
+ mi->mi_ad_monitorConnectionOpsExecuting->ad_cname.bv_val,
+ c->c_n_ops_executing,
+ mi->mi_ad_monitorConnectionOpsPending->ad_cname.bv_val,
+ c->c_n_ops_pending,
+ mi->mi_ad_monitorConnectionOpsCompleted->ad_cname.bv_val,
+ c->c_n_ops_completed,
+
+ mi->mi_ad_monitorConnectionGet->ad_cname.bv_val,
+ c->c_n_get,
+ mi->mi_ad_monitorConnectionRead->ad_cname.bv_val,
+ c->c_n_read,
+ mi->mi_ad_monitorConnectionWrite->ad_cname.bv_val,
+ c->c_n_write,
+
+ mi->mi_ad_monitorConnectionMask->ad_cname.bv_val,
+ c->c_currentber ? "r" : "",
+ c->c_writewaiter ? "w" : "",
+ LDAP_STAILQ_EMPTY( &c->c_ops ) ? "" : "x",
+ LDAP_STAILQ_EMPTY( &c->c_pending_ops ) ? "" : "p",
+ connection_state2str( c->c_conn_state ),
+ c->c_sasl_bind_in_progress ? "S" : "",
+
+ mi->mi_ad_monitorConnectionAuthzDN->ad_cname.bv_val,
+ c->c_dn.bv_len ? c->c_dn.bv_val : SLAPD_ANONYMOUS,
+
+ /* NOTE: client connections leave the c_peer_* fields NULL */
+ mi->mi_ad_monitorConnectionListener->ad_cname.bv_val,
+ c->c_listener_url.bv_val,
+ mi->mi_ad_monitorConnectionPeerDomain->ad_cname.bv_val,
+ BER_BVISNULL( &c->c_peer_domain ) ? "unknown" : c->c_peer_domain.bv_val,
+ mi->mi_ad_monitorConnectionLocalAddress->ad_cname.bv_val,
+ BER_BVISNULL( &c->c_peer_name ) ? "unknown" : c->c_peer_name.bv_val,
+ mi->mi_ad_monitorConnectionPeerAddress->ad_cname.bv_val,
+ c->c_sock_name.bv_val,
+
+ mi->mi_ad_monitorConnectionStartTime->ad_cname.bv_val,
+ buf2,
+ mi->mi_ad_monitorConnectionActivityTime->ad_cname.bv_val,
+ buf3,
+
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ ctmbuf,
+ mtmbuf );
+
+ e = str2entry( buf );
+
+ if ( e == NULL) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_conn_create: "
+ "unable to create entry "
+ "\"cn=Connection %ld,%s\" entry\n",
+ c->c_connid,
+ ms->mss_dn.bv_val, 0 );
+ return( -1 );
+ }
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return LDAP_OTHER;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = ms;
+ mp->mp_flags = MONITOR_F_SUB | MONITOR_F_VOLATILE;
+
+ *ep = e;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+monitor_subsys_conn_create(
+ Operation *op,
+ SlapReply *rs,
+ struct berval *ndn,
+ Entry *e_parent,
+ Entry **ep )
+{
+ monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
+
+ Connection *c;
+ int connindex;
+ monitor_entry_t *mp;
+ int rc = SLAP_CB_CONTINUE;
+ monitor_subsys_t *ms;
+
+ assert( mi != NULL );
+ assert( e_parent != NULL );
+ assert( ep != NULL );
+
+ ms = (( monitor_entry_t *)e_parent->e_private)->mp_info;
+
+ *ep = NULL;
+
+ if ( ndn == NULL ) {
+ Entry *e = NULL,
+ *e_tmp = NULL;
+
+ /* create all the children of e_parent */
+ for ( c = connection_first( &connindex );
+ c != NULL;
+ c = connection_next( c, &connindex ) )
+ {
+ if ( conn_create( mi, c, &e, ms ) != SLAP_CB_CONTINUE
+ || e == NULL )
+ {
+ for ( ; e_tmp != NULL; ) {
+ mp = ( monitor_entry_t * )e_tmp->e_private;
+ e = mp->mp_next;
+
+ ch_free( mp );
+ e_tmp->e_private = NULL;
+ entry_free( e_tmp );
+
+ e_tmp = e;
+ }
+ rc = rs->sr_err = LDAP_OTHER;
+ break;
+ }
+ mp = ( monitor_entry_t * )e->e_private;
+ mp->mp_next = e_tmp;
+ e_tmp = e;
+ }
+ connection_done( c );
+ *ep = e;
+
+ } else {
+ unsigned long connid;
+ char *next = NULL;
+ static struct berval nconn_bv = BER_BVC( "cn=connection " );
+
+ rc = LDAP_NO_SUCH_OBJECT;
+
+ /* create exactly the required entry;
+ * the normalized DN must start with "cn=connection ",
+ * followed by the connection id, followed by
+ * the RDN separator "," */
+ if ( ndn->bv_len <= nconn_bv.bv_len
+ || strncmp( ndn->bv_val, nconn_bv.bv_val, nconn_bv.bv_len ) != 0 )
+ {
+ return -1;
+ }
+
+ connid = strtol( &ndn->bv_val[ nconn_bv.bv_len ], &next, 10 );
+ if ( next[ 0 ] != ',' ) {
+ return ( rs->sr_err = LDAP_OTHER );
+ }
+
+ for ( c = connection_first( &connindex );
+ c != NULL;
+ c = connection_next( c, &connindex ) )
+ {
+ if ( c->c_connid == connid ) {
+ rc = conn_create( mi, c, ep, ms );
+ if ( rc != SLAP_CB_CONTINUE ) {
+ rs->sr_err = rc;
+
+ } else if ( *ep == NULL ) {
+ rc = rs->sr_err = LDAP_OTHER;
+ }
+
+ break;
+ }
+ }
+
+ connection_done( c );
+ }
+
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/database.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/database.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/database.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,940 @@
+/* database.c - deals with database subsystem */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/database.c,v 1.61.2.10 2007/01/05 09:47:11 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include "slap.h"
+#include "back-monitor.h"
+
+#if defined(LDAP_SLAPI)
+#include "slapi.h"
+static int monitor_back_add_plugin( monitor_info_t *mi, Backend *be, Entry *e );
+#endif /* defined(LDAP_SLAPI) */
+
+#if defined(SLAPD_BDB)
+#include "../back-bdb/back-bdb.h"
+#endif /* defined(SLAPD_BDB) */
+#if defined(SLAPD_HDB)
+#include "../back-hdb/back-bdb.h"
+#endif /* defined(SLAPD_HDB) */
+#if defined(SLAPD_LDAP)
+#include "../back-ldap/back-ldap.h"
+#endif /* defined(SLAPD_LDAP) */
+#if 0 && defined(SLAPD_LDBM)
+#include "../back-ldbm/back-ldbm.h"
+#endif /* defined(SLAPD_LDBM) */
+#if defined(SLAPD_META)
+#include "../back-meta/back-meta.h"
+#endif /* defined(SLAPD_META) */
+
+/* for PATH_MAX on some systems (e.g. Solaris) */
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif /* HAVE_LIMITS_H */
+#ifndef PATH_MAX
+#define PATH_MAX 4095
+#endif /* ! PATH_MAX */
+
+static int
+monitor_subsys_database_modify(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e );
+
+static struct restricted_ops_t {
+ struct berval op;
+ unsigned int tag;
+} restricted_ops[] = {
+ { BER_BVC( "add" ), SLAP_RESTRICT_OP_ADD },
+ { BER_BVC( "bind" ), SLAP_RESTRICT_OP_BIND },
+ { BER_BVC( "compare" ), SLAP_RESTRICT_OP_COMPARE },
+ { BER_BVC( "delete" ), SLAP_RESTRICT_OP_DELETE },
+ { BER_BVC( "extended" ), SLAP_RESTRICT_OP_EXTENDED },
+ { BER_BVC( "modify" ), SLAP_RESTRICT_OP_MODIFY },
+ { BER_BVC( "rename" ), SLAP_RESTRICT_OP_RENAME },
+ { BER_BVC( "search" ), SLAP_RESTRICT_OP_SEARCH },
+ { BER_BVNULL, 0 }
+}, restricted_exops[] = {
+ { BER_BVC( LDAP_EXOP_START_TLS ), SLAP_RESTRICT_EXOP_START_TLS },
+ { BER_BVC( LDAP_EXOP_MODIFY_PASSWD ), SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
+ { BER_BVC( LDAP_EXOP_X_WHO_AM_I ), SLAP_RESTRICT_EXOP_WHOAMI },
+ { BER_BVC( LDAP_EXOP_X_CANCEL ), SLAP_RESTRICT_EXOP_CANCEL },
+ { BER_BVNULL, 0 }
+};
+
+static int
+init_readOnly( monitor_info_t *mi, Entry *e, slap_mask_t restrictops )
+{
+ struct berval *tf = ( ( restrictops & SLAP_RESTRICT_OP_MASK ) == SLAP_RESTRICT_OP_WRITES ) ?
+ (struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv;
+
+ return attr_merge_one( e, mi->mi_ad_readOnly, tf, tf );
+}
+
+static int
+init_restrictedOperation( monitor_info_t *mi, Entry *e, slap_mask_t restrictops )
+{
+ int i, rc;
+
+ for ( i = 0; restricted_ops[ i ].op.bv_val; i++ ) {
+ if ( restrictops & restricted_ops[ i ].tag ) {
+ rc = attr_merge_one( e, mi->mi_ad_restrictedOperation,
+ &restricted_ops[ i ].op,
+ &restricted_ops[ i ].op );
+ if ( rc ) {
+ return rc;
+ }
+ }
+ }
+
+ for ( i = 0; restricted_exops[ i ].op.bv_val; i++ ) {
+ if ( restrictops & restricted_exops[ i ].tag ) {
+ rc = attr_merge_one( e, mi->mi_ad_restrictedOperation,
+ &restricted_exops[ i ].op,
+ &restricted_exops[ i ].op );
+ if ( rc ) {
+ return rc;
+ }
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int
+monitor_subsys_database_init(
+ BackendDB *be,
+ monitor_subsys_t *ms
+)
+{
+ monitor_info_t *mi;
+ Entry *e_database, **ep;
+ int i;
+ monitor_entry_t *mp;
+ monitor_subsys_t *ms_backend,
+ *ms_overlay;
+
+ assert( be != NULL );
+
+ ms->mss_modify = monitor_subsys_database_modify;
+
+ mi = ( monitor_info_t * )be->be_private;
+
+ ms_backend = monitor_back_get_subsys( SLAPD_MONITOR_BACKEND_NAME );
+ if ( ms_backend == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_database_init: "
+ "unable to get "
+ "\"" SLAPD_MONITOR_BACKEND_NAME "\" "
+ "subsystem\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ ms_overlay = monitor_back_get_subsys( SLAPD_MONITOR_OVERLAY_NAME );
+ if ( ms_overlay == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_database_init: "
+ "unable to get "
+ "\"" SLAPD_MONITOR_OVERLAY_NAME "\" "
+ "subsystem\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ if ( monitor_cache_get( mi, &ms->mss_ndn, &e_database ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_database_init: "
+ "unable to get entry \"%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ (void)init_readOnly( mi, e_database, frontendDB->be_restrictops );
+ (void)init_restrictedOperation( mi, e_database, frontendDB->be_restrictops );
+
+ mp = ( monitor_entry_t * )e_database->e_private;
+ mp->mp_children = NULL;
+ ep = &mp->mp_children;
+
+ i = -1;
+ LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
+ char buf[ BACKMONITOR_BUFSIZE ];
+ int j;
+ slap_overinfo *oi = NULL;
+ BackendInfo *bi, *bi2;
+ Entry *e;
+
+ i++;
+
+ bi = be->bd_info;
+
+ if ( overlay_is_over( be ) ) {
+ oi = (slap_overinfo *)be->bd_info->bi_private;
+ bi = oi->oi_orig;
+ }
+
+ /* Subordinates are not exposed as their own naming context */
+ if ( SLAP_GLUE_SUBORDINATE( be ) ) {
+ continue;
+ }
+
+ snprintf( buf, sizeof( buf ),
+ "dn: cn=Database %d,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: Database %d\n"
+ "%s: %s\n"
+ "%s: %s\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ i,
+ ms->mss_dn.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ i,
+ mi->mi_ad_monitoredInfo->ad_cname.bv_val,
+ bi->bi_type,
+ mi->mi_ad_monitorIsShadow->ad_cname.bv_val,
+ SLAP_SHADOW( be ) ? slap_true_bv.bv_val : slap_false_bv.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_database_init: "
+ "unable to create entry \"cn=Database %d,%s\"\n",
+ i, ms->mss_dn.bv_val, 0 );
+ return( -1 );
+ }
+
+ if ( SLAP_MONITOR( be ) ) {
+ attr_merge( e, slap_schema.si_ad_monitorContext,
+ be->be_suffix, be->be_nsuffix );
+ attr_merge( e_database, slap_schema.si_ad_monitorContext,
+ be->be_suffix, be->be_nsuffix );
+
+ } else {
+ if ( be->be_suffix == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_database_init: "
+ "missing suffix for database %d\n",
+ i, 0, 0 );
+ return -1;
+ }
+ attr_merge( e, slap_schema.si_ad_namingContexts,
+ be->be_suffix, be->be_nsuffix );
+ attr_merge( e_database, slap_schema.si_ad_namingContexts,
+ be->be_suffix, be->be_nsuffix );
+ }
+
+ (void)init_readOnly( mi, e, be->be_restrictops );
+ (void)init_restrictedOperation( mi, e, be->be_restrictops );
+
+ if ( SLAP_SHADOW( be ) && be->be_update_refs ) {
+ attr_merge_normalize( e, mi->mi_ad_monitorUpdateRef,
+ be->be_update_refs, NULL );
+ }
+
+ if ( oi != NULL ) {
+ slap_overinst *on = oi->oi_list,
+ *on1 = on;
+
+ for ( ; on; on = on->on_next ) {
+ struct berval bv;
+ slap_overinst *on2;
+
+ for ( on2 = on1; on2 != on; on2 = on2->on_next ) {
+ if ( on2->on_bi.bi_type == on->on_bi.bi_type ) {
+ break;
+ }
+ }
+
+ if ( on2 != on ) {
+ break;
+ }
+
+ ber_str2bv( on->on_bi.bi_type, 0, 0, &bv );
+ attr_merge_normalize_one( e, mi->mi_ad_monitorOverlay,
+ &bv, NULL );
+
+ /* find the overlay number, j */
+ for ( on2 = overlay_next( NULL ), j = 0; on2; on2 = overlay_next( on2 ), j++ ) {
+ if ( on2->on_bi.bi_type == on->on_bi.bi_type ) {
+ break;
+ }
+ }
+ assert( on2 != NULL );
+
+ snprintf( buf, sizeof( buf ),
+ "cn=Overlay %d,%s",
+ j, ms_overlay->mss_dn.bv_val );
+ ber_str2bv( buf, 0, 0, &bv );
+ attr_merge_normalize_one( e,
+ slap_schema.si_ad_seeAlso,
+ &bv, NULL );
+ }
+ }
+
+
+ if ( 0 ) {
+ assert( 0 );
+
+#if defined(SLAPD_BDB) || defined(SLAPD_HDB)
+ } else if ( strcmp( bi->bi_type, "bdb" ) == 0
+ || strcmp( bi->bi_type, "hdb" ) == 0 )
+ {
+ struct berval bv;
+ ber_len_t pathlen = 0, len = 0;
+ char path[ PATH_MAX ] = { '\0' };
+ struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ char *fname = bdb->bi_dbenv_home;
+
+ len = strlen( fname );
+ if ( fname[ 0 ] != '/' ) {
+ /* get full path name */
+ getcwd( path, sizeof( path ) );
+ pathlen = strlen( path );
+
+ if ( fname[ 0 ] == '.' && fname[ 1 ] == '/' ) {
+ fname += 2;
+ len -= 2;
+ }
+ }
+
+ bv.bv_len = STRLENOF( "file://" ) + pathlen
+ + STRLENOF( "/" ) + len;
+ bv.bv_val = ch_malloc( bv.bv_len + STRLENOF( "/" ) + 1 );
+ AC_MEMCPY( bv.bv_val, "file://", STRLENOF( "file://" ) );
+ if ( pathlen ) {
+ AC_MEMCPY( &bv.bv_val[ STRLENOF( "file://" ) ],
+ path, pathlen );
+ bv.bv_val[ STRLENOF( "file://" ) + pathlen ] = '/';
+ pathlen++;
+ }
+ AC_MEMCPY( &bv.bv_val[ STRLENOF( "file://" ) + pathlen ],
+ fname, len );
+ if ( bv.bv_val[ bv.bv_len - 1 ] != '/' ) {
+ bv.bv_val[ bv.bv_len ] = '/';
+ bv.bv_len++;
+ }
+ bv.bv_val[ bv.bv_len ] = '\0';
+
+ attr_merge_normalize_one( e, slap_schema.si_ad_labeledURI,
+ &bv, NULL );
+
+ ch_free( bv.bv_val );
+
+#endif /* defined(SLAPD_BDB) || defined(SLAPD_HDB) */
+#if defined(SLAPD_LDAP)
+ } else if ( strcmp( bi->bi_type, "ldap" ) == 0 ) {
+ ldapinfo_t *li = (ldapinfo_t *)be->be_private;
+#if 0
+ attr_merge_normalize( e, slap_schema.si_ad_labeledURI,
+ li->li_bvuri, NULL );
+#else
+ char **urls = ldap_str2charray( li->li_uri, " " );
+ int u;
+
+ for ( u = 0; urls[ u ] != NULL; u++ ) {
+ struct berval bv;
+
+ ber_str2bv( urls[ u ], 0, 0, &bv );
+
+ attr_merge_normalize_one( e,
+ slap_schema.si_ad_labeledURI,
+ &bv, NULL );
+ }
+
+ ldap_charray_free( urls );
+#endif
+
+#endif /* defined(SLAPD_LDAP) */
+#if defined(SLAPD_META)
+ } else if ( strcmp( bi->bi_type, "meta" ) == 0 ) {
+ metainfo_t *mi = (metainfo_t *)be->be_private;
+ int t;
+
+ for ( t = 0; t < mi->mi_ntargets; t++ ) {
+ char **urls = ldap_str2charray( mi->mi_targets[ t ]->mt_uri, " " );
+ int u;
+
+ for ( u = 0; urls[ u ] != NULL; u++ ) {
+ struct berval bv;
+
+ ber_str2bv( urls[ u ], 0, 0, &bv );
+
+ attr_merge_normalize_one( e,
+ slap_schema.si_ad_labeledURI,
+ &bv, NULL );
+ }
+ ldap_charray_free( urls );
+ }
+#endif /* defined(SLAPD_META) */
+ }
+
+ j = -1;
+ LDAP_STAILQ_FOREACH( bi2, &backendInfo, bi_next ) {
+ j++;
+ if ( bi2->bi_type == bi->bi_type ) {
+ struct berval bv;
+
+ snprintf( buf, sizeof( buf ),
+ "cn=Backend %d,%s",
+ j, ms_backend->mss_dn.bv_val );
+ bv.bv_val = buf;
+ bv.bv_len = strlen( buf );
+ attr_merge_normalize_one( e,
+ slap_schema.si_ad_seeAlso,
+ &bv, NULL );
+ break;
+ }
+ }
+ /* we must find it! */
+ assert( j >= 0 );
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = ms;
+ mp->mp_flags = ms->mss_flags
+ | MONITOR_F_SUB;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_database_init: "
+ "unable to add entry \"cn=Database %d,%s\"\n",
+ i, ms->mss_dn.bv_val, 0 );
+ return( -1 );
+ }
+
+#if defined(LDAP_SLAPI)
+ monitor_back_add_plugin( mi, be, e );
+#endif /* defined(LDAP_SLAPI) */
+
+ if ( oi != NULL ) {
+ Entry **ep_overlay = &mp->mp_children;
+ monitor_entry_t *mp_overlay;
+ slap_overinst *on = oi->oi_list;
+ int o;
+
+ for ( o = 0; on; o++, on = on->on_next ) {
+ Entry *e_overlay;
+ slap_overinst *on2;
+
+ /* find the overlay number, j */
+ for ( on2 = overlay_next( NULL ), j = 0; on2; on2 = overlay_next( on2 ), j++ ) {
+ if ( on2->on_bi.bi_type == on->on_bi.bi_type ) {
+ break;
+ }
+ }
+ assert( on2 != NULL );
+
+ snprintf( buf, sizeof( buf ),
+ "dn: cn=Overlay %d,cn=Database %d,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: Overlay %d\n"
+ "%s: %s\n"
+ "seeAlso: cn=Overlay %d,%s\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ o,
+ i,
+ ms->mss_dn.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ o,
+ mi->mi_ad_monitoredInfo->ad_cname.bv_val,
+ on->on_bi.bi_type,
+ j,
+ ms_overlay->mss_dn.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e_overlay = str2entry( buf );
+ if ( e_overlay == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_database_init: "
+ "unable to create entry "
+ "\"cn=Overlay %d,cn=Database %d,%s\"\n",
+ o, i, ms->mss_dn.bv_val );
+ return( -1 );
+ }
+
+ mp_overlay = monitor_entrypriv_create();
+ if ( mp_overlay == NULL ) {
+ return -1;
+ }
+ e_overlay->e_private = ( void * )mp_overlay;
+ mp_overlay->mp_info = ms;
+ mp_overlay->mp_flags = ms->mss_flags
+ | MONITOR_F_SUB;
+
+ if ( monitor_cache_add( mi, e_overlay ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_database_init: "
+ "unable to add entry "
+ "\"cn=Overlay %d,cn=Database %d,%s\"\n",
+ o, i, ms->mss_dn.bv_val );
+ return( -1 );
+ }
+
+ *ep_overlay = e_overlay;
+ ep_overlay = &mp_overlay->mp_next;
+ }
+ }
+
+ *ep = e;
+ ep = &mp->mp_next;
+ }
+
+ monitor_cache_release( mi, e_database );
+
+ return( 0 );
+}
+
+/*
+ * v: array of values
+ * cur: must not contain the tags corresponding to the values in v
+ * delta: will contain the tags corresponding to the values in v
+ */
+static int
+value_mask( BerVarray v, slap_mask_t cur, slap_mask_t *delta )
+{
+ for ( ; !BER_BVISNULL( v ); v++ ) {
+ struct restricted_ops_t *rops;
+ int i;
+
+ if ( OID_LEADCHAR( v->bv_val[ 0 ] ) ) {
+ rops = restricted_exops;
+
+ } else {
+ rops = restricted_ops;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &rops[ i ].op ); i++ ) {
+ if ( ber_bvstrcasecmp( v, &rops[ i ].op ) != 0 ) {
+ continue;
+ }
+
+ if ( rops[ i ].tag & *delta ) {
+ return LDAP_OTHER;
+ }
+
+ if ( rops[ i ].tag & cur ) {
+ return LDAP_OTHER;
+ }
+
+ cur |= rops[ i ].tag;
+ *delta |= rops[ i ].tag;
+
+ break;
+ }
+
+ if ( BER_BVISNULL( &rops[ i ].op ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+monitor_subsys_database_modify(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e )
+{
+ monitor_info_t *mi = (monitor_info_t *)op->o_bd->be_private;
+ int rc = LDAP_OTHER;
+ Attribute *save_attrs, *a;
+ Modifications *ml;
+ Backend *be;
+ int ro_gotval = 1, i, n;
+ slap_mask_t rp_add = 0, rp_delete = 0, rp_cur;
+ struct berval *tf;
+
+ i = sscanf( e->e_nname.bv_val, "cn=database %d,", &n );
+ if ( i != 1 ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ if ( n < 0 || n >= nBackendDB ) {
+ rs->sr_text = "invalid database index";
+ return ( rs->sr_err = LDAP_NO_SUCH_OBJECT );
+ }
+
+ LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
+ if ( n == 0 ) {
+ break;
+ }
+ n--;
+ }
+ /* do not allow some changes on back-monitor (needs work)... */
+ if ( SLAP_MONITOR( be ) ) {
+ rs->sr_text = "no modifications allowed to monitor database entry";
+ return ( rs->sr_err = LDAP_UNWILLING_TO_PERFORM );
+ }
+
+ rp_cur = be->be_restrictops;
+
+ save_attrs = e->e_attrs;
+ e->e_attrs = attrs_dup( e->e_attrs );
+
+ for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
+ Modification *mod = &ml->sml_mod;
+
+ if ( mod->sm_desc == mi->mi_ad_readOnly ) {
+ int val = -1;
+
+ if ( mod->sm_values ) {
+ if ( !BER_BVISNULL( &mod->sm_values[ 1 ] ) ) {
+ rs->sr_text = "attempting to modify multiple values of single-valued attribute";
+ rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
+ goto done;
+ }
+
+ if ( bvmatch( &slap_true_bv, mod->sm_values )) {
+ val = 1;
+
+ } else if ( bvmatch( &slap_false_bv, mod->sm_values )) {
+ val = 0;
+
+ } else {
+ assert( 0 );
+ rc = rs->sr_err = LDAP_INVALID_SYNTAX;
+ goto done;
+ }
+ }
+
+ switch ( mod->sm_op ) {
+ case LDAP_MOD_DELETE:
+ if ( ro_gotval < 1 ) {
+ rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
+ goto done;
+ }
+ ro_gotval--;
+
+ if ( val == 0 && ( rp_cur & SLAP_RESTRICT_OP_WRITES ) == SLAP_RESTRICT_OP_WRITES ) {
+ rc = rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
+ goto done;
+ }
+
+ if ( val == 1 && ( rp_cur & SLAP_RESTRICT_OP_WRITES ) != SLAP_RESTRICT_OP_WRITES ) {
+ rc = rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
+ goto done;
+ }
+
+ break;
+
+ case LDAP_MOD_REPLACE:
+ ro_gotval = 0;
+ /* fall thru */
+
+ case LDAP_MOD_ADD:
+ if ( ro_gotval > 0 ) {
+ rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
+ goto done;
+ }
+ ro_gotval++;
+
+ if ( val == 1 ) {
+ rp_add |= (~rp_cur) & SLAP_RESTRICT_OP_WRITES;
+ rp_cur |= SLAP_RESTRICT_OP_WRITES;
+ rp_delete &= ~SLAP_RESTRICT_OP_WRITES;
+
+ } else if ( val == 0 ) {
+ rp_delete |= rp_cur & SLAP_RESTRICT_OP_WRITES;
+ rp_cur &= ~SLAP_RESTRICT_OP_WRITES;
+ rp_add &= ~SLAP_RESTRICT_OP_WRITES;
+ }
+ break;
+
+ default:
+ rc = rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+
+ } else if ( mod->sm_desc == mi->mi_ad_restrictedOperation ) {
+ slap_mask_t mask = 0;
+
+ switch ( mod->sm_op ) {
+ case LDAP_MOD_DELETE:
+ if ( mod->sm_values == NULL ) {
+ rp_delete = rp_cur;
+ rp_cur = 0;
+ rp_add = 0;
+ break;
+ }
+ rc = value_mask( mod->sm_values, ~rp_cur, &mask );
+ if ( rc == LDAP_SUCCESS ) {
+ rp_delete |= mask;
+ rp_add &= ~mask;
+ rp_cur &= ~mask;
+
+ } else if ( rc == LDAP_OTHER ) {
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ }
+ break;
+
+ case LDAP_MOD_REPLACE:
+ rp_delete = rp_cur;
+ rp_cur = 0;
+ rp_add = 0;
+ /* fall thru */
+
+ case LDAP_MOD_ADD:
+ rc = value_mask( mod->sm_values, rp_cur, &mask );
+ if ( rc == LDAP_SUCCESS ) {
+ rp_add |= mask;
+ rp_cur |= mask;
+ rp_delete &= ~mask;
+
+ } else if ( rc == LDAP_OTHER ) {
+ rc = rs->sr_err = LDAP_TYPE_OR_VALUE_EXISTS;
+ }
+ break;
+
+ default:
+ rc = rs->sr_err = LDAP_OTHER;
+ break;
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ } else if ( is_at_operational( mod->sm_desc->ad_type )) {
+ /* accept all operational attributes */
+ attr_delete( &e->e_attrs, mod->sm_desc );
+ rc = attr_merge( e, mod->sm_desc, mod->sm_values,
+ mod->sm_nvalues );
+ if ( rc ) {
+ rc = rs->sr_err = LDAP_OTHER;
+ break;
+ }
+
+ } else {
+ rc = rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ break;
+ }
+ }
+
+ /* sanity checks: */
+ if ( ro_gotval < 1 ) {
+ rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
+ goto done;
+ }
+
+ if ( ( rp_cur & SLAP_RESTRICT_OP_EXTENDED ) && ( rp_cur & SLAP_RESTRICT_EXOP_MASK ) ) {
+ rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
+ goto done;
+ }
+
+ if ( rp_delete & rp_add ) {
+ rc = rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+
+ /* check current value of readOnly */
+ if ( ( rp_cur & SLAP_RESTRICT_OP_WRITES ) == SLAP_RESTRICT_OP_WRITES ) {
+ tf = (struct berval *)&slap_true_bv;
+
+ } else {
+ tf = (struct berval *)&slap_false_bv;
+ }
+
+ a = attr_find( e->e_attrs, mi->mi_ad_readOnly );
+ if ( a == NULL ) {
+ rc = LDAP_OTHER;
+ goto done;
+ }
+
+ if ( !bvmatch( &a->a_vals[ 0 ], tf ) ) {
+ attr_delete( &e->e_attrs, mi->mi_ad_readOnly );
+ rc = attr_merge_one( e, mi->mi_ad_readOnly, tf, tf );
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ if ( rp_delete ) {
+ if ( rp_delete == be->be_restrictops ) {
+ attr_delete( &e->e_attrs, mi->mi_ad_restrictedOperation );
+
+ } else {
+ a = attr_find( e->e_attrs, mi->mi_ad_restrictedOperation );
+ if ( a == NULL ) {
+ rc = rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &restricted_ops[ i ].op ); i++ ) {
+ if ( rp_delete & restricted_ops[ i ].tag ) {
+ int j;
+
+ for ( j = 0; !BER_BVISNULL( &a->a_nvals[ j ] ); j++ ) {
+ int k;
+
+ if ( !bvmatch( &a->a_nvals[ j ], &restricted_ops[ i ].op ) ) {
+ continue;
+ }
+
+ ch_free( a->a_vals[ j ].bv_val );
+ ch_free( a->a_nvals[ j ].bv_val );
+
+ for ( k = j + 1; !BER_BVISNULL( &a->a_nvals[ k ] ); k++ ) {
+ a->a_vals[ k - 1 ] = a->a_vals[ k ];
+ a->a_nvals[ k - 1 ] = a->a_nvals[ k ];
+ }
+
+ BER_BVZERO( &a->a_vals[ k - 1 ] );
+ BER_BVZERO( &a->a_nvals[ k - 1 ] );
+ }
+ }
+ }
+
+ for ( i = 0; !BER_BVISNULL( &restricted_exops[ i ].op ); i++ ) {
+ if ( rp_delete & restricted_exops[ i ].tag ) {
+ int j;
+
+ for ( j = 0; !BER_BVISNULL( &a->a_nvals[ j ] ); j++ ) {
+ int k;
+
+ if ( !bvmatch( &a->a_nvals[ j ], &restricted_exops[ i ].op ) ) {
+ continue;
+ }
+
+ ch_free( a->a_vals[ j ].bv_val );
+ ch_free( a->a_nvals[ j ].bv_val );
+
+ for ( k = j + 1; !BER_BVISNULL( &a->a_nvals[ k ] ); k++ ) {
+ a->a_vals[ k - 1 ] = a->a_vals[ k ];
+ a->a_nvals[ k - 1 ] = a->a_nvals[ k ];
+ }
+
+ BER_BVZERO( &a->a_vals[ k - 1 ] );
+ BER_BVZERO( &a->a_nvals[ k - 1 ] );
+ }
+ }
+ }
+ }
+ }
+
+ if ( rp_add ) {
+ for ( i = 0; !BER_BVISNULL( &restricted_ops[ i ].op ); i++ ) {
+ if ( rp_add & restricted_ops[ i ].tag ) {
+ attr_merge_one( e, mi->mi_ad_restrictedOperation,
+ &restricted_ops[ i ].op,
+ &restricted_ops[ i ].op );
+ }
+ }
+
+ for ( i = 0; !BER_BVISNULL( &restricted_exops[ i ].op ); i++ ) {
+ if ( rp_add & restricted_exops[ i ].tag ) {
+ attr_merge_one( e, mi->mi_ad_restrictedOperation,
+ &restricted_exops[ i ].op,
+ &restricted_exops[ i ].op );
+ }
+ }
+ }
+ }
+
+ be->be_restrictops = rp_cur;
+
+done:;
+ if ( rc == LDAP_SUCCESS ) {
+ attrs_free( save_attrs );
+ rc = SLAP_CB_CONTINUE;
+
+ } else {
+ Attribute *tmp = e->e_attrs;
+ e->e_attrs = save_attrs;
+ attrs_free( tmp );
+ }
+ return rc;
+}
+
+#if defined(LDAP_SLAPI)
+static int
+monitor_back_add_plugin( monitor_info_t *mi, Backend *be, Entry *e_database )
+{
+ Slapi_PBlock *pCurrentPB;
+ int i, rc = LDAP_SUCCESS;
+
+ if ( slapi_int_pblock_get_first( be, &pCurrentPB ) != LDAP_SUCCESS ) {
+ /*
+ * LDAP_OTHER is returned if no plugins are installed
+ */
+ rc = LDAP_OTHER;
+ goto done;
+ }
+
+ i = 0;
+ do {
+ Slapi_PluginDesc *srchdesc;
+ char buf[ BACKMONITOR_BUFSIZE ];
+ struct berval bv;
+
+ rc = slapi_pblock_get( pCurrentPB, SLAPI_PLUGIN_DESCRIPTION,
+ &srchdesc );
+ if ( rc != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ snprintf( buf, sizeof(buf),
+ "plugin %d name: %s; "
+ "vendor: %s; "
+ "version: %s; "
+ "description: %s",
+ i,
+ srchdesc->spd_id,
+ srchdesc->spd_vendor,
+ srchdesc->spd_version,
+ srchdesc->spd_description );
+
+ ber_str2bv( buf, 0, 0, &bv );
+ attr_merge_normalize_one( e_database,
+ mi->mi_ad_monitoredInfo, &bv, NULL );
+
+ i++;
+
+ } while ( ( slapi_int_pblock_get_next( &pCurrentPB ) == LDAP_SUCCESS )
+ && ( pCurrentPB != NULL ) );
+
+done:
+ return rc;
+}
+#endif /* defined(LDAP_SLAPI) */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/entry.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/entry.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/entry.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,169 @@
+/* entry.c - monitor backend entry handling routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/entry.c,v 1.14.2.7 2007/01/02 21:44:05 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <slap.h>
+#include "back-monitor.h"
+
+int
+monitor_entry_update(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e
+)
+{
+ monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
+ monitor_entry_t *mp;
+
+ int rc = SLAP_CB_CONTINUE;
+
+ assert( mi != NULL );
+ assert( e != NULL );
+ assert( e->e_private != NULL );
+
+ mp = ( monitor_entry_t * )e->e_private;
+
+ if ( mp->mp_cb ) {
+ struct monitor_callback_t *mc;
+
+ for ( mc = mp->mp_cb; mc; mc = mc->mc_next ) {
+ if ( mc->mc_update ) {
+ rc = mc->mc_update( op, rs, e, mc->mc_private );
+ if ( rc != SLAP_CB_CONTINUE ) {
+ break;
+ }
+ }
+ }
+ }
+
+ if ( rc == SLAP_CB_CONTINUE && mp->mp_info && mp->mp_info->mss_update ) {
+ rc = mp->mp_info->mss_update( op, rs, e );
+ }
+
+ if ( rc == SLAP_CB_CONTINUE ) {
+ rc = LDAP_SUCCESS;
+ }
+
+ return rc;
+}
+
+int
+monitor_entry_create(
+ Operation *op,
+ SlapReply *rs,
+ struct berval *ndn,
+ Entry *e_parent,
+ Entry **ep )
+{
+ monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
+ monitor_entry_t *mp;
+
+ int rc = SLAP_CB_CONTINUE;
+
+ assert( mi != NULL );
+ assert( e_parent != NULL );
+ assert( e_parent->e_private != NULL );
+ assert( ep != NULL );
+
+ mp = ( monitor_entry_t * )e_parent->e_private;
+
+ if ( mp->mp_info && mp->mp_info->mss_create ) {
+ rc = mp->mp_info->mss_create( op, rs, ndn, e_parent, ep );
+ }
+
+ if ( rc == SLAP_CB_CONTINUE ) {
+ rc = LDAP_SUCCESS;
+ }
+
+ return rc;
+}
+
+int
+monitor_entry_modify(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e
+)
+{
+ monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
+ monitor_entry_t *mp;
+
+ int rc = SLAP_CB_CONTINUE;
+
+ assert( mi != NULL );
+ assert( e != NULL );
+ assert( e->e_private != NULL );
+
+ mp = ( monitor_entry_t * )e->e_private;
+
+ if ( mp->mp_cb ) {
+ struct monitor_callback_t *mc;
+
+ for ( mc = mp->mp_cb; mc; mc = mc->mc_next ) {
+ if ( mc->mc_modify ) {
+ rc = mc->mc_modify( op, rs, e, mc->mc_private );
+ if ( rc != SLAP_CB_CONTINUE ) {
+ break;
+ }
+ }
+ }
+ }
+
+ if ( rc == SLAP_CB_CONTINUE && mp->mp_info && mp->mp_info->mss_modify ) {
+ rc = mp->mp_info->mss_modify( op, rs, e );
+ }
+
+ if ( rc == SLAP_CB_CONTINUE ) {
+ rc = LDAP_SUCCESS;
+ }
+
+ return rc;
+}
+
+int
+monitor_entry_test_flags(
+ monitor_entry_t *mp,
+ int cond
+)
+{
+ assert( mp != NULL );
+
+ return( ( mp->mp_flags & cond ) || ( mp->mp_info->mss_flags & cond ) );
+}
+
+monitor_entry_t *
+monitor_entrypriv_create( void )
+{
+ monitor_entry_t *mp;
+
+ mp = ( monitor_entry_t * )ch_calloc( sizeof( monitor_entry_t ), 1 );
+
+ mp->mp_next = NULL;
+ mp->mp_children = NULL;
+ mp->mp_info = NULL;
+ mp->mp_flags = MONITOR_F_NONE;
+ mp->mp_cb = NULL;
+
+ ldap_pvt_thread_mutex_init( &mp->mp_mutex );
+
+ return mp;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/init.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/init.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/init.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1883 @@
+/* init.c - initialize monitor backend */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/init.c,v 1.89.2.18 2007/01/25 12:42:38 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include <lutil.h>
+#include "slap.h"
+#include "config.h"
+#include "lber_pvt.h"
+#include "back-monitor.h"
+
+#undef INTEGRATE_CORE_SCHEMA
+
+/*
+ * used by many functions to add description to entries
+ *
+ * WARNING: be_monitor may change as new databases are added,
+ * so it should not be used outside monitor_back_db_init()
+ * until monitor_back_db_open is called.
+ */
+BackendDB *be_monitor;
+
+static struct monitor_subsys_t **monitor_subsys;
+static int monitor_subsys_opened;
+static monitor_info_t monitor_info;
+
+/*
+ * subsystem data
+ *
+ * the known subsystems are added to the subsystems
+ * array at backend initialization; other subsystems
+ * may be added by calling monitor_back_register_subsys()
+ * before the database is opened (e.g. by other backends
+ * or by overlays or modules).
+ */
+static struct monitor_subsys_t known_monitor_subsys[] = {
+ {
+ SLAPD_MONITOR_BACKEND_NAME,
+ BER_BVNULL, BER_BVNULL, BER_BVNULL,
+ { BER_BVC( "This subsystem contains information about available backends." ),
+ BER_BVNULL },
+ MONITOR_F_PERSISTENT_CH,
+ monitor_subsys_backend_init,
+ NULL, /* destroy */
+ NULL, /* update */
+ NULL, /* create */
+ NULL /* modify */
+ }, {
+ SLAPD_MONITOR_CONN_NAME,
+ BER_BVNULL, BER_BVNULL, BER_BVNULL,
+ { BER_BVC( "This subsystem contains information about connections." ),
+ BER_BVNULL },
+ MONITOR_F_VOLATILE_CH,
+ monitor_subsys_conn_init,
+ NULL, /* destroy */
+ NULL, /* update */
+ NULL, /* create */
+ NULL /* modify */
+ }, {
+ SLAPD_MONITOR_DATABASE_NAME,
+ BER_BVNULL, BER_BVNULL, BER_BVNULL,
+ { BER_BVC( "This subsystem contains information about configured databases." ),
+ BER_BVNULL },
+ MONITOR_F_PERSISTENT_CH,
+ monitor_subsys_database_init,
+ NULL, /* destroy */
+ NULL, /* update */
+ NULL, /* create */
+ NULL /* modify */
+ }, {
+ SLAPD_MONITOR_LISTENER_NAME,
+ BER_BVNULL, BER_BVNULL, BER_BVNULL,
+ { BER_BVC( "This subsystem contains information about active listeners." ),
+ BER_BVNULL },
+ MONITOR_F_PERSISTENT_CH,
+ monitor_subsys_listener_init,
+ NULL, /* destroy */
+ NULL, /* update */
+ NULL, /* create */
+ NULL /* modify */
+ }, {
+ SLAPD_MONITOR_LOG_NAME,
+ BER_BVNULL, BER_BVNULL, BER_BVNULL,
+ { BER_BVC( "This subsystem contains information about logging." ),
+ BER_BVC( "Set the attribute \"managedInfo\" to the desired log levels." ),
+ BER_BVNULL },
+ MONITOR_F_NONE,
+ monitor_subsys_log_init,
+ NULL, /* destroy */
+ NULL, /* update */
+ NULL, /* create */
+ NULL, /* modify */
+ }, {
+ SLAPD_MONITOR_OPS_NAME,
+ BER_BVNULL, BER_BVNULL, BER_BVNULL,
+ { BER_BVC( "This subsystem contains information about performed operations." ),
+ BER_BVNULL },
+ MONITOR_F_PERSISTENT_CH,
+ monitor_subsys_ops_init,
+ NULL, /* destroy */
+ NULL, /* update */
+ NULL, /* create */
+ NULL, /* modify */
+ }, {
+ SLAPD_MONITOR_OVERLAY_NAME,
+ BER_BVNULL, BER_BVNULL, BER_BVNULL,
+ { BER_BVC( "This subsystem contains information about available overlays." ),
+ BER_BVNULL },
+ MONITOR_F_PERSISTENT_CH,
+ monitor_subsys_overlay_init,
+ NULL, /* destroy */
+ NULL, /* update */
+ NULL, /* create */
+ NULL, /* modify */
+ }, {
+ SLAPD_MONITOR_SASL_NAME,
+ BER_BVNULL, BER_BVNULL, BER_BVNULL,
+ { BER_BVC( "This subsystem contains information about SASL." ),
+ BER_BVNULL },
+ MONITOR_F_NONE,
+ NULL, /* init */
+ NULL, /* destroy */
+ NULL, /* update */
+ NULL, /* create */
+ NULL /* modify */
+ }, {
+ SLAPD_MONITOR_SENT_NAME,
+ BER_BVNULL, BER_BVNULL, BER_BVNULL,
+ { BER_BVC( "This subsystem contains statistics." ),
+ BER_BVNULL },
+ MONITOR_F_PERSISTENT_CH,
+ monitor_subsys_sent_init,
+ NULL, /* destroy */
+ NULL, /* update */
+ NULL, /* create */
+ NULL, /* modify */
+ }, {
+ SLAPD_MONITOR_THREAD_NAME,
+ BER_BVNULL, BER_BVNULL, BER_BVNULL,
+ { BER_BVC( "This subsystem contains information about threads." ),
+ BER_BVNULL },
+ MONITOR_F_PERSISTENT_CH,
+ monitor_subsys_thread_init,
+ NULL, /* destroy */
+ NULL, /* update */
+ NULL, /* create */
+ NULL /* modify */
+ }, {
+ SLAPD_MONITOR_TIME_NAME,
+ BER_BVNULL, BER_BVNULL, BER_BVNULL,
+ { BER_BVC( "This subsystem contains information about time." ),
+ BER_BVNULL },
+ MONITOR_F_PERSISTENT_CH,
+ monitor_subsys_time_init,
+ NULL, /* destroy */
+ NULL, /* update */
+ NULL, /* create */
+ NULL, /* modify */
+ }, {
+ SLAPD_MONITOR_TLS_NAME,
+ BER_BVNULL, BER_BVNULL, BER_BVNULL,
+ { BER_BVC( "This subsystem contains information about TLS." ),
+ BER_BVNULL },
+ MONITOR_F_NONE,
+ NULL, /* init */
+ NULL, /* destroy */
+ NULL, /* update */
+ NULL, /* create */
+ NULL /* modify */
+ }, {
+ SLAPD_MONITOR_RWW_NAME,
+ BER_BVNULL, BER_BVNULL, BER_BVNULL,
+ { BER_BVC( "This subsystem contains information about read/write waiters." ),
+ BER_BVNULL },
+ MONITOR_F_PERSISTENT_CH,
+ monitor_subsys_rww_init,
+ NULL, /* destroy */
+ NULL, /* update */
+ NULL, /* create */
+ NULL /* modify */
+ }, { NULL }
+};
+
+int
+monitor_back_register_subsys(
+ monitor_subsys_t *ms )
+{
+ int i = 0;
+
+ if ( monitor_subsys ) {
+ for ( ; monitor_subsys[ i ] != NULL; i++ )
+ /* just count'em */ ;
+ }
+
+ monitor_subsys = ch_realloc( monitor_subsys,
+ ( 2 + i ) * sizeof( monitor_subsys_t * ) );
+
+ if ( monitor_subsys == NULL ) {
+ return -1;
+ }
+
+ monitor_subsys[ i ] = ms;
+ monitor_subsys[ i + 1 ] = NULL;
+
+ /* if a subsystem is registered __AFTER__ subsystem
+ * initialization (depending on the sequence the databases
+ * are listed in slapd.conf), init it */
+ if ( monitor_subsys_opened ) {
+
+ /* FIXME: this should only be possible
+ * if be_monitor is already initialized */
+ assert( be_monitor != NULL );
+
+ if ( ms->mss_open && ( *ms->mss_open )( be_monitor, ms ) ) {
+ return -1;
+ }
+
+ ms->mss_flags |= MONITOR_F_OPENED;
+ }
+
+ return 0;
+}
+
+enum {
+ LIMBO_ENTRY,
+ LIMBO_ENTRY_PARENT,
+ LIMBO_ATTRS,
+ LIMBO_CB
+};
+
+typedef struct entry_limbo_t {
+ int el_type;
+ Entry *el_e;
+ Attribute *el_a;
+ struct berval el_ndn;
+ struct berval el_base;
+ int el_scope;
+ struct berval el_filter;
+ monitor_callback_t *el_cb;
+ struct entry_limbo_t *el_next;
+} entry_limbo_t;
+
+int
+monitor_back_is_configured( void )
+{
+ return be_monitor != NULL;
+}
+
+int
+monitor_back_register_entry(
+ Entry *e,
+ monitor_callback_t *cb )
+{
+ monitor_info_t *mi;
+
+ if ( be_monitor == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry(\"%s\"): "
+ "monitor database not configured.\n",
+ e->e_name.bv_val, 0, 0 );
+ return -1;
+ }
+
+ mi = ( monitor_info_t * )be_monitor->be_private;
+
+ assert( mi != NULL );
+ assert( e != NULL );
+ assert( e->e_private == NULL );
+
+ if ( monitor_subsys_opened ) {
+ Entry *e_parent = NULL,
+ *e_new = NULL,
+ **ep = NULL;
+ struct berval pdn = BER_BVNULL;
+ monitor_entry_t *mp = NULL,
+ *mp_parent = NULL;
+ int rc = 0;
+
+ if ( monitor_cache_get( mi, &e->e_nname, &e_parent ) == 0 ) {
+ /* entry exists */
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry(\"%s\"): "
+ "entry exists\n",
+ e->e_name.bv_val, 0, 0 );
+ monitor_cache_release( mi, e_parent );
+ return -1;
+ }
+
+ dnParent( &e->e_nname, &pdn );
+ if ( monitor_cache_get( mi, &pdn, &e_parent ) != 0 ) {
+ /* parent does not exist */
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry(\"%s\"): "
+ "parent \"%s\" not found\n",
+ e->e_name.bv_val, pdn.bv_val, 0 );
+ return -1;
+ }
+
+ assert( e_parent->e_private != NULL );
+ mp_parent = ( monitor_entry_t * )e_parent->e_private;
+
+ if ( mp_parent->mp_flags & MONITOR_F_VOLATILE ) {
+ /* entry is volatile; cannot append children */
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry(\"%s\"): "
+ "parent \"%s\" is volatile\n",
+ e->e_name.bv_val, e_parent->e_name.bv_val, 0 );
+ rc = -1;
+ goto done;
+ }
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry(\"%s\"): "
+ "monitor_entrypriv_create() failed\n",
+ e->e_name.bv_val, 0, 0 );
+ rc = -1;
+ goto done;
+ }
+
+ e_new = entry_dup( e );
+ if ( e_new == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry(\"%s\"): "
+ "entry_dup() failed\n",
+ e->e_name.bv_val, 0, 0 );
+ rc = -1;
+ goto done;
+ }
+
+ e_new->e_private = ( void * )mp;
+ mp->mp_info = mp_parent->mp_info;
+ mp->mp_flags = mp_parent->mp_flags | MONITOR_F_SUB;
+ mp->mp_cb = cb;
+
+ ep = &mp_parent->mp_children;
+ for ( ; *ep; ) {
+ mp_parent = ( monitor_entry_t * )(*ep)->e_private;
+ ep = &mp_parent->mp_next;
+ }
+ *ep = e_new;
+
+ if ( monitor_cache_add( mi, e_new ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry(\"%s\"): "
+ "unable to add entry\n",
+ e->e_name.bv_val, 0, 0 );
+ rc = -1;
+ goto done;
+ }
+
+done:;
+ if ( rc ) {
+ if ( mp ) {
+ ch_free( mp );
+ }
+ if ( e_new ) {
+ e_new->e_private = NULL;
+ entry_free( e_new );
+ }
+ }
+
+ if ( e_parent ) {
+ monitor_cache_release( mi, e_parent );
+ }
+
+ } else {
+ entry_limbo_t **elpp, el = { 0 };
+
+ el.el_type = LIMBO_ENTRY;
+
+ el.el_e = entry_dup( e );
+ if ( el.el_e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry(\"%s\"): "
+ "entry_dup() failed\n",
+ e->e_name.bv_val, 0, 0 );
+ return -1;
+ }
+
+ el.el_cb = cb;
+
+ for ( elpp = (entry_limbo_t **)&mi->mi_entry_limbo;
+ *elpp;
+ elpp = &(*elpp)->el_next )
+ /* go to last */;
+
+ *elpp = (entry_limbo_t *)ch_malloc( sizeof( entry_limbo_t ) );
+ if ( *elpp == NULL ) {
+ el.el_e->e_private = NULL;
+ entry_free( el.el_e );
+ return -1;
+ }
+
+ el.el_next = NULL;
+ **elpp = el;
+ }
+
+ return 0;
+}
+
+int
+monitor_back_register_entry_parent(
+ Entry *e,
+ monitor_callback_t *cb,
+ struct berval *base,
+ int scope,
+ struct berval *filter )
+{
+ monitor_info_t *mi;
+ struct berval ndn = BER_BVNULL;
+
+ if ( be_monitor == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry_parent(base=\"%s\" scope=%s filter=\"%s\"): "
+ "monitor database not configured.\n",
+ BER_BVISNULL( base ) ? "" : base->bv_val,
+ scope == LDAP_SCOPE_BASE ? "base" : ( scope == LDAP_SCOPE_ONELEVEL ? "one" : "subtree" ),
+ BER_BVISNULL( filter ) ? "" : filter->bv_val );
+ return -1;
+ }
+
+ mi = ( monitor_info_t * )be_monitor->be_private;
+
+ assert( mi != NULL );
+ assert( e != NULL );
+ assert( e->e_private == NULL );
+
+ if ( BER_BVISNULL( filter ) ) {
+ /* need a filter */
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry_parent(\"\"): "
+ "need a valid filter\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ if ( monitor_subsys_opened ) {
+ Entry *e_parent = NULL,
+ *e_new = NULL,
+ **ep = NULL;
+ struct berval e_name = BER_BVNULL,
+ e_nname = BER_BVNULL;
+ monitor_entry_t *mp = NULL,
+ *mp_parent = NULL;
+ int rc = 0;
+
+ if ( monitor_filter2ndn( base, scope, filter, &ndn ) ) {
+ /* entry does not exist */
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry_parent(\"\"): "
+ "base=%s scope=%d filter=%s : "
+ "unable to find entry\n",
+ base->bv_val ? base->bv_val : "\"\"",
+ scope, filter->bv_val );
+ return -1;
+ }
+
+ if ( monitor_cache_get( mi, &ndn, &e_parent ) != 0 ) {
+ /* entry does not exist */
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry_parent(\"%s\"): "
+ "parent entry does not exist\n",
+ ndn.bv_val, 0, 0 );
+ rc = -1;
+ goto done;
+ }
+
+ assert( e_parent->e_private != NULL );
+ mp_parent = ( monitor_entry_t * )e_parent->e_private;
+
+ if ( mp_parent->mp_flags & MONITOR_F_VOLATILE ) {
+ /* entry is volatile; cannot append callback */
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry_parent(\"%s\"): "
+ "entry is volatile\n",
+ e_parent->e_name.bv_val, 0, 0 );
+ rc = -1;
+ goto done;
+ }
+
+ build_new_dn( &e_name, &e_parent->e_name, &e->e_name, NULL );
+ build_new_dn( &e_nname, &e_parent->e_nname, &e->e_nname, NULL );
+
+ if ( monitor_cache_get( mi, &e_nname, &e_new ) == 0 ) {
+ /* entry already exists */
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry_parent(\"%s\"): "
+ "entry already exists\n",
+ e_name.bv_val, 0, 0 );
+ monitor_cache_release( mi, e_new );
+ rc = -1;
+ goto done;
+ }
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry_parent(\"%s\"): "
+ "monitor_entrypriv_create() failed\n",
+ e->e_name.bv_val, 0, 0 );
+ rc = -1;
+ goto done;
+ }
+
+ e_new = entry_dup( e );
+ if ( e_new == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry(\"%s\"): "
+ "entry_dup() failed\n",
+ e->e_name.bv_val, 0, 0 );
+ rc = -1;
+ goto done;
+ }
+ ch_free( e_new->e_name.bv_val );
+ ch_free( e_new->e_nname.bv_val );
+ e_new->e_name = e_name;
+ e_new->e_nname = e_nname;
+
+ e_new->e_private = ( void * )mp;
+ mp->mp_info = mp_parent->mp_info;
+ mp->mp_flags = mp_parent->mp_flags | MONITOR_F_SUB;
+ mp->mp_cb = cb;
+
+ ep = &mp_parent->mp_children;
+ for ( ; *ep; ) {
+ mp_parent = ( monitor_entry_t * )(*ep)->e_private;
+ ep = &mp_parent->mp_next;
+ }
+ *ep = e_new;
+
+ if ( monitor_cache_add( mi, e_new ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry(\"%s\"): "
+ "unable to add entry\n",
+ e->e_name.bv_val, 0, 0 );
+ rc = -1;
+ goto done;
+ }
+
+done:;
+ if ( !BER_BVISNULL( &ndn ) ) {
+ ch_free( ndn.bv_val );
+ }
+
+ if ( rc ) {
+ if ( mp ) {
+ ch_free( mp );
+ }
+ if ( e_new ) {
+ e_new->e_private = NULL;
+ entry_free( e_new );
+ }
+ }
+
+ if ( e_parent ) {
+ monitor_cache_release( mi, e_parent );
+ }
+
+ } else {
+ entry_limbo_t **elpp, el = { 0 };
+
+ el.el_type = LIMBO_ENTRY_PARENT;
+
+ el.el_e = entry_dup( e );
+ if ( el.el_e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry(\"%s\"): "
+ "entry_dup() failed\n",
+ e->e_name.bv_val, 0, 0 );
+ return -1;
+ }
+
+ if ( !BER_BVISNULL( base ) ) {
+ ber_dupbv( &el.el_base, base );
+ }
+ el.el_scope = scope;
+ if ( !BER_BVISNULL( filter ) ) {
+ ber_dupbv( &el.el_filter, filter );
+ }
+
+ el.el_cb = cb;
+
+ for ( elpp = (entry_limbo_t **)&mi->mi_entry_limbo;
+ *elpp;
+ elpp = &(*elpp)->el_next )
+ /* go to last */;
+
+ *elpp = (entry_limbo_t *)ch_malloc( sizeof( entry_limbo_t ) );
+ if ( *elpp == NULL ) {
+ el.el_e->e_private = NULL;
+ entry_free( el.el_e );
+ return -1;
+ }
+
+ el.el_next = NULL;
+ **elpp = el;
+ }
+
+ return 0;
+}
+
+static int
+monitor_filter2ndn_cb( Operation *op, SlapReply *rs )
+{
+ if ( rs->sr_type == REP_SEARCH ) {
+ struct berval *ndn = op->o_callback->sc_private;
+
+ ber_dupbv( ndn, &rs->sr_entry->e_nname );
+ }
+
+ return 0;
+}
+
+int
+monitor_filter2ndn(
+ struct berval *base,
+ int scope,
+ struct berval *filter,
+ struct berval *ndn )
+{
+ Connection conn = { 0 };
+ OperationBuffer opbuf;
+ Operation *op;
+ void *thrctx;
+ SlapReply rs = { 0 };
+ slap_callback cb = { NULL, monitor_filter2ndn_cb, NULL, NULL };
+ int rc;
+
+ BER_BVZERO( ndn );
+
+ if ( be_monitor == NULL ) {
+ return -1;
+ }
+
+ op = (Operation *) &opbuf;
+ thrctx = ldap_pvt_thread_pool_context();
+ connection_fake_init( &conn, op, thrctx );
+
+ op->o_tag = LDAP_REQ_SEARCH;
+
+ op->o_bd = be_monitor;
+ if ( base == NULL || BER_BVISNULL( base ) ) {
+ ber_dupbv_x( &op->o_req_dn, &op->o_bd->be_suffix[ 0 ],
+ op->o_tmpmemctx );
+ ber_dupbv_x( &op->o_req_ndn, &op->o_bd->be_nsuffix[ 0 ],
+ op->o_tmpmemctx );
+
+ } else {
+ if ( dnPrettyNormal( NULL, base, &op->o_req_dn, &op->o_req_ndn,
+ op->o_tmpmemctx ) ) {
+ return -1;
+ }
+ }
+
+ op->o_callback = &cb;
+ cb.sc_private = (void *)ndn;
+
+ op->ors_scope = scope;
+ ber_dupbv_x( &op->ors_filterstr, filter, op->o_tmpmemctx );
+ op->ors_filter = str2filter_x( op, filter->bv_val );
+ op->ors_attrs = slap_anlist_no_attrs;
+ op->ors_attrsonly = 0;
+ op->ors_tlimit = SLAP_NO_LIMIT;
+ op->ors_slimit = 1;
+ op->ors_limit = NULL;
+ op->ors_deref = LDAP_DEREF_NEVER;
+
+ op->o_nocaching = 1;
+ op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
+
+ op->o_dn = be_monitor->be_rootdn;
+ op->o_ndn = be_monitor->be_rootndn;
+
+ rc = op->o_bd->be_search( op, &rs );
+
+ filter_free_x( op, op->ors_filter );
+ op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
+
+ if ( rc != 0 ) {
+ return rc;
+ }
+
+ switch ( rs.sr_err ) {
+ case LDAP_SUCCESS:
+ if ( BER_BVISNULL( ndn ) ) {
+ rc = -1;
+ }
+ break;
+
+ case LDAP_SIZELIMIT_EXCEEDED:
+ default:
+ if ( !BER_BVISNULL( ndn ) ) {
+ ber_memfree( ndn->bv_val );
+ BER_BVZERO( ndn );
+ }
+ rc = -1;
+ break;
+ }
+
+ return rc;
+}
+
+int
+monitor_back_register_entry_attrs(
+ struct berval *ndn_in,
+ Attribute *a,
+ monitor_callback_t *cb,
+ struct berval *base,
+ int scope,
+ struct berval *filter )
+{
+ monitor_info_t *mi;
+ struct berval ndn = BER_BVNULL;
+ char *fname = ( a == NULL ? "callback" : "attrs" );
+
+ if ( be_monitor == NULL ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "monitor_back_register_entry_%s(base=\"%s\" scope=%s filter=\"%s\"): "
+ "monitor database not configured.\n",
+ fname,
+ BER_BVISNULL( base ) ? "" : base->bv_val,
+ scope == LDAP_SCOPE_BASE ? "base" : ( scope == LDAP_SCOPE_ONELEVEL ? "one" : "subtree" ),
+ BER_BVISNULL( filter ) ? "" : filter->bv_val );
+ Debug( LDAP_DEBUG_ANY, "%s\n", buf, 0, 0 );
+
+ return -1;
+ }
+
+ mi = ( monitor_info_t * )be_monitor->be_private;
+
+ assert( mi != NULL );
+
+ if ( ndn_in != NULL ) {
+ ndn = *ndn_in;
+ }
+
+ if ( a == NULL && cb == NULL ) {
+ /* nothing to do */
+ return -1;
+ }
+
+ if ( ( ndn_in == NULL || BER_BVISNULL( &ndn ) )
+ && BER_BVISNULL( filter ) )
+ {
+ /* need a filter */
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry_%s(\"\"): "
+ "need a valid filter\n",
+ fname, 0, 0 );
+ return -1;
+ }
+
+ if ( monitor_subsys_opened ) {
+ Entry *e = NULL;
+ Attribute **atp = NULL;
+ monitor_entry_t *mp = NULL;
+ monitor_callback_t **mcp = NULL;
+ int rc = 0;
+ int freeit = 0;
+
+ if ( BER_BVISNULL( &ndn ) ) {
+ if ( monitor_filter2ndn( base, scope, filter, &ndn ) ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "monitor_back_register_entry_%s(\"\"): "
+ "base=%s scope=%d filter=%s : "
+ "unable to find entry\n",
+ fname,
+ base->bv_val ? base->bv_val : "\"\"",
+ scope, filter->bv_val );
+
+ /* entry does not exist */
+ Debug( LDAP_DEBUG_ANY, "%s\n", buf, 0, 0 );
+ return -1;
+ }
+
+ freeit = 1;
+ }
+
+ if ( monitor_cache_get( mi, &ndn, &e ) != 0 ) {
+ /* entry does not exist */
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry_%s(\"%s\"): "
+ "entry does not exist\n",
+ fname, ndn.bv_val, 0 );
+ rc = -1;
+ goto done;
+ }
+
+ assert( e->e_private != NULL );
+ mp = ( monitor_entry_t * )e->e_private;
+
+ if ( mp->mp_flags & MONITOR_F_VOLATILE ) {
+ /* entry is volatile; cannot append callback */
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry_%s(\"%s\"): "
+ "entry is volatile\n",
+ fname, e->e_name.bv_val, 0 );
+ rc = -1;
+ goto done;
+ }
+
+ if ( a ) {
+ for ( atp = &e->e_attrs; *atp; atp = &(*atp)->a_next )
+ /* just get to last */ ;
+
+ *atp = attrs_dup( a );
+ if ( *atp == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_register_entry_%s(\"%s\"): "
+ "attrs_dup() failed\n",
+ fname, e->e_name.bv_val, 0 );
+ rc = -1;
+ goto done;
+ }
+ }
+
+ if ( cb ) {
+ for ( mcp = &mp->mp_cb; *mcp; mcp = &(*mcp)->mc_next )
+ /* go to tail */ ;
+
+ /* NOTE: we do not clear cb->mc_next, so this function
+ * can be used to append a list of callbacks */
+ (*mcp) = cb;
+ }
+
+done:;
+ if ( rc ) {
+ if ( *atp ) {
+ attrs_free( *atp );
+ *atp = NULL;
+ }
+ }
+
+ if ( freeit ) {
+ ber_memfree( ndn.bv_val );
+ }
+
+ if ( e ) {
+ monitor_cache_release( mi, e );
+ }
+
+ } else {
+ entry_limbo_t **elpp, el = { 0 };
+
+ el.el_type = LIMBO_ATTRS;
+ if ( !BER_BVISNULL( &ndn ) ) {
+ ber_dupbv( &el.el_ndn, &ndn );
+ }
+ if ( !BER_BVISNULL( base ) ) {
+ ber_dupbv( &el.el_base, base);
+ }
+ el.el_scope = scope;
+ if ( !BER_BVISNULL( filter ) ) {
+ ber_dupbv( &el.el_filter, filter );
+ }
+
+ el.el_a = attrs_dup( a );
+ el.el_cb = cb;
+
+ for ( elpp = (entry_limbo_t **)&mi->mi_entry_limbo;
+ *elpp;
+ elpp = &(*elpp)->el_next )
+ /* go to last */;
+
+ *elpp = (entry_limbo_t *)ch_malloc( sizeof( entry_limbo_t ) );
+ if ( *elpp == NULL ) {
+ el.el_e->e_private = NULL;
+ entry_free( el.el_e );
+ return -1;
+ }
+
+ el.el_next = NULL;
+ **elpp = el;
+ }
+
+ return 0;
+}
+
+int
+monitor_back_register_entry_callback(
+ struct berval *ndn,
+ monitor_callback_t *cb,
+ struct berval *base,
+ int scope,
+ struct berval *filter )
+{
+ return monitor_back_register_entry_attrs( ndn, NULL, cb,
+ base, scope, filter );
+}
+
+monitor_subsys_t *
+monitor_back_get_subsys( const char *name )
+{
+ if ( monitor_subsys != NULL ) {
+ int i;
+
+ for ( i = 0; monitor_subsys[ i ] != NULL; i++ ) {
+ if ( strcasecmp( monitor_subsys[ i ]->mss_name, name ) == 0 ) {
+ return monitor_subsys[ i ];
+ }
+ }
+ }
+
+ return NULL;
+}
+
+monitor_subsys_t *
+monitor_back_get_subsys_by_dn(
+ struct berval *ndn,
+ int sub )
+{
+ if ( monitor_subsys != NULL ) {
+ int i;
+
+ if ( sub ) {
+ for ( i = 0; monitor_subsys[ i ] != NULL; i++ ) {
+ if ( dnIsSuffix( ndn, &monitor_subsys[ i ]->mss_ndn ) ) {
+ return monitor_subsys[ i ];
+ }
+ }
+
+ } else {
+ for ( i = 0; monitor_subsys[ i ] != NULL; i++ ) {
+ if ( dn_match( ndn, &monitor_subsys[ i ]->mss_ndn ) ) {
+ return monitor_subsys[ i ];
+ }
+ }
+ }
+ }
+
+ return NULL;
+}
+
+int
+monitor_back_initialize(
+ BackendInfo *bi )
+{
+ static char *controls[] = {
+ LDAP_CONTROL_MANAGEDSAIT,
+ NULL
+ };
+
+ static ConfigTable monitorcfg[] = {
+ { NULL, NULL, 0, 0, 0, ARG_IGNORED,
+ NULL, NULL, NULL, NULL }
+ };
+
+ static ConfigOCs monitorocs[] = {
+ { "( OLcfgDbOc:4.1 "
+ "NAME 'olcMonitorConfig' "
+ "DESC 'Monitor backend configuration' "
+ "SUP olcDatabaseConfig "
+ ")",
+ Cft_Database, monitorcfg },
+ { NULL, 0, NULL }
+ };
+
+ struct m_s {
+ char *name;
+ char *schema;
+ slap_mask_t flags;
+ int offset;
+ } moc[] = {
+ { "monitor", "( 1.3.6.1.4.1.4203.666.3.16.1 "
+ "NAME 'monitor' "
+ "DESC 'OpenLDAP system monitoring' "
+ "SUP top STRUCTURAL "
+ "MUST cn "
+ "MAY ( "
+ "description "
+ "$ seeAlso "
+ "$ labeledURI "
+ "$ monitoredInfo "
+ "$ managedInfo "
+ "$ monitorOverlay "
+ ") )", SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
+ offsetof(monitor_info_t, mi_oc_monitor) },
+ { "monitorServer", "( 1.3.6.1.4.1.4203.666.3.16.2 "
+ "NAME 'monitorServer' "
+ "DESC 'Server monitoring root entry' "
+ "SUP monitor STRUCTURAL )", SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
+ offsetof(monitor_info_t, mi_oc_monitorServer) },
+ { "monitorContainer", "( 1.3.6.1.4.1.4203.666.3.16.3 "
+ "NAME 'monitorContainer' "
+ "DESC 'monitor container class' "
+ "SUP monitor STRUCTURAL )", SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
+ offsetof(monitor_info_t, mi_oc_monitorContainer) },
+ { "monitorCounterObject", "( 1.3.6.1.4.1.4203.666.3.16.4 "
+ "NAME 'monitorCounterObject' "
+ "DESC 'monitor counter class' "
+ "SUP monitor STRUCTURAL )", SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
+ offsetof(monitor_info_t, mi_oc_monitorCounterObject) },
+ { "monitorOperation", "( 1.3.6.1.4.1.4203.666.3.16.5 "
+ "NAME 'monitorOperation' "
+ "DESC 'monitor operation class' "
+ "SUP monitor STRUCTURAL )", SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
+ offsetof(monitor_info_t, mi_oc_monitorOperation) },
+ { "monitorConnection", "( 1.3.6.1.4.1.4203.666.3.16.6 "
+ "NAME 'monitorConnection' "
+ "DESC 'monitor connection class' "
+ "SUP monitor STRUCTURAL )", SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
+ offsetof(monitor_info_t, mi_oc_monitorConnection) },
+ { "managedObject", "( 1.3.6.1.4.1.4203.666.3.16.7 "
+ "NAME 'managedObject' "
+ "DESC 'monitor managed entity class' "
+ "SUP monitor STRUCTURAL )", SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
+ offsetof(monitor_info_t, mi_oc_managedObject) },
+ { "monitoredObject", "( 1.3.6.1.4.1.4203.666.3.16.8 "
+ "NAME 'monitoredObject' "
+ "DESC 'monitor monitored entity class' "
+ "SUP monitor STRUCTURAL )", SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
+ offsetof(monitor_info_t, mi_oc_monitoredObject) },
+ { NULL, NULL, 0, -1 }
+ }, mat[] = {
+ { "monitoredInfo", "( 1.3.6.1.4.1.4203.666.1.55.1 "
+ "NAME 'monitoredInfo' "
+ "DESC 'monitored info' "
+ /* "SUP name " */
+ "EQUALITY caseIgnoreMatch "
+ "SUBSTR caseIgnoreSubstringsMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitoredInfo) },
+ { "managedInfo", "( 1.3.6.1.4.1.4203.666.1.55.2 "
+ "NAME 'managedInfo' "
+ "DESC 'monitor managed info' "
+ "SUP name )", SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_managedInfo) },
+ { "monitorCounter", "( 1.3.6.1.4.1.4203.666.1.55.3 "
+ "NAME 'monitorCounter' "
+ "DESC 'monitor counter' "
+ "EQUALITY integerMatch "
+ "ORDERING integerOrderingMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorCounter) },
+ { "monitorOpCompleted", "( 1.3.6.1.4.1.4203.666.1.55.4 "
+ "NAME 'monitorOpCompleted' "
+ "DESC 'monitor completed operations' "
+ "SUP monitorCounter "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorOpCompleted) },
+ { "monitorOpInitiated", "( 1.3.6.1.4.1.4203.666.1.55.5 "
+ "NAME 'monitorOpInitiated' "
+ "DESC 'monitor initiated operations' "
+ "SUP monitorCounter "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorOpInitiated) },
+ { "monitorConnectionNumber", "( 1.3.6.1.4.1.4203.666.1.55.6 "
+ "NAME 'monitorConnectionNumber' "
+ "DESC 'monitor connection number' "
+ "SUP monitorCounter "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionNumber) },
+ { "monitorConnectionAuthzDN", "( 1.3.6.1.4.1.4203.666.1.55.7 "
+ "NAME 'monitorConnectionAuthzDN' "
+ "DESC 'monitor connection authorization DN' "
+ /* "SUP distinguishedName " */
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionAuthzDN) },
+ { "monitorConnectionLocalAddress", "( 1.3.6.1.4.1.4203.666.1.55.8 "
+ "NAME 'monitorConnectionLocalAddress' "
+ "DESC 'monitor connection local address' "
+ "SUP monitoredInfo "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionLocalAddress) },
+ { "monitorConnectionPeerAddress", "( 1.3.6.1.4.1.4203.666.1.55.9 "
+ "NAME 'monitorConnectionPeerAddress' "
+ "DESC 'monitor connection peer address' "
+ "SUP monitoredInfo "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionPeerAddress) },
+ { "monitorTimestamp", "( 1.3.6.1.4.1.4203.666.1.55.10 "
+ "NAME 'monitorTimestamp' "
+ "DESC 'monitor timestamp' "
+ "EQUALITY generalizedTimeMatch "
+ "ORDERING generalizedTimeOrderingMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
+ "SINGLE-VALUE "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorTimestamp) },
+ { "monitorOverlay", "( 1.3.6.1.4.1.4203.666.1.55.11 "
+ "NAME 'monitorOverlay' "
+ "DESC 'name of overlays defined for a given database' "
+ "SUP monitoredInfo "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorOverlay) },
+ { "readOnly", "( 1.3.6.1.4.1.4203.666.1.55.12 "
+ "NAME 'readOnly' "
+ "DESC 'read/write status of a given database' "
+ "EQUALITY booleanMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
+ "SINGLE-VALUE "
+ "USAGE directoryOperation )", SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_readOnly) },
+ { "restrictedOperation", "( 1.3.6.1.4.1.4203.666.1.55.13 "
+ "NAME 'restrictedOperation' "
+ "DESC 'name of restricted operation for a given database' "
+ "SUP managedInfo )", SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_restrictedOperation ) },
+ { "monitorConnectionProtocol", "( 1.3.6.1.4.1.4203.666.1.55.14 "
+ "NAME 'monitorConnectionProtocol' "
+ "DESC 'monitor connection protocol' "
+ "SUP monitoredInfo "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionProtocol) },
+ { "monitorConnectionOpsReceived", "( 1.3.6.1.4.1.4203.666.1.55.15 "
+ "NAME 'monitorConnectionOpsReceived' "
+ "DESC 'monitor number of operations received by the connection' "
+ "SUP monitorCounter "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionOpsReceived) },
+ { "monitorConnectionOpsExecuting", "( 1.3.6.1.4.1.4203.666.1.55.16 "
+ "NAME 'monitorConnectionOpsExecuting' "
+ "DESC 'monitor number of operations in execution within the connection' "
+ "SUP monitorCounter "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionOpsExecuting) },
+ { "monitorConnectionOpsPending", "( 1.3.6.1.4.1.4203.666.1.55.17 "
+ "NAME 'monitorConnectionOpsPending' "
+ "DESC 'monitor number of pending operations within the connection' "
+ "SUP monitorCounter "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionOpsPending) },
+ { "monitorConnectionOpsCompleted", "( 1.3.6.1.4.1.4203.666.1.55.18 "
+ "NAME 'monitorConnectionOpsCompleted' "
+ "DESC 'monitor number of operations completed within the connection' "
+ "SUP monitorCounter "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionOpsCompleted) },
+ { "monitorConnectionGet", "( 1.3.6.1.4.1.4203.666.1.55.19 "
+ "NAME 'monitorConnectionGet' "
+ "DESC 'number of times connection_get() was called so far' "
+ "SUP monitorCounter "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionGet) },
+ { "monitorConnectionRead", "( 1.3.6.1.4.1.4203.666.1.55.20 "
+ "NAME 'monitorConnectionRead' "
+ "DESC 'number of times connection_read() was called so far' "
+ "SUP monitorCounter "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionRead) },
+ { "monitorConnectionWrite", "( 1.3.6.1.4.1.4203.666.1.55.21 "
+ "NAME 'monitorConnectionWrite' "
+ "DESC 'number of times connection_write() was called so far' "
+ "SUP monitorCounter "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionWrite) },
+ { "monitorConnectionMask", "( 1.3.6.1.4.1.4203.666.1.55.22 "
+ "NAME 'monitorConnectionMask' "
+ "DESC 'monitor connection mask' "
+ "SUP monitoredInfo "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionMask) },
+ { "monitorConnectionListener", "( 1.3.6.1.4.1.4203.666.1.55.23 "
+ "NAME 'monitorConnectionListener' "
+ "DESC 'monitor connection listener' "
+ "SUP monitoredInfo "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionListener) },
+ { "monitorConnectionPeerDomain", "( 1.3.6.1.4.1.4203.666.1.55.24 "
+ "NAME 'monitorConnectionPeerDomain' "
+ "DESC 'monitor connection peer domain' "
+ "SUP monitoredInfo "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionPeerDomain) },
+ { "monitorConnectionStartTime", "( 1.3.6.1.4.1.4203.666.1.55.25 "
+ "NAME 'monitorConnectionStartTime' "
+ "DESC 'monitor connection start time' "
+ "SUP monitorTimestamp "
+ "SINGLE-VALUE "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionStartTime) },
+ { "monitorConnectionActivityTime", "( 1.3.6.1.4.1.4203.666.1.55.26 "
+ "NAME 'monitorConnectionActivityTime' "
+ "DESC 'monitor connection activity time' "
+ "SUP monitorTimestamp "
+ "SINGLE-VALUE "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorConnectionActivityTime) },
+ { "monitorIsShadow", "( 1.3.6.1.4.1.4203.666.1.55.27 "
+ "NAME 'monitorIsShadow' "
+ "DESC 'TRUE if the database is shadow' "
+ "EQUALITY booleanMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
+ "SINGLE-VALUE "
+ "USAGE directoryOperation )", SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorIsShadow) },
+ { "monitorUpdateRef", "( 1.3.6.1.4.1.4203.666.1.55.28 "
+ "NAME 'monitorUpdateRef' "
+ "DESC 'update referral for shadow databases' "
+ "SUP monitoredInfo "
+ "SINGLE-VALUE "
+ "USAGE directoryOperation )", SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorUpdateRef) },
+ { "monitorRuntimeConfig", "( 1.3.6.1.4.1.4203.666.1.55.29 "
+ "NAME 'monitorRuntimeConfig' "
+ "DESC 'TRUE if component allows runtime configuration' "
+ "EQUALITY booleanMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
+ "SINGLE-VALUE "
+ "USAGE directoryOperation )", SLAP_AT_HIDE,
+ offsetof(monitor_info_t, mi_ad_monitorRuntimeConfig) },
+ { NULL, NULL, 0, -1 }
+ };
+
+ int i, rc;
+ const char *text;
+ monitor_info_t *mi = &monitor_info;
+
+ /* schema integration */
+ for ( i = 0; mat[ i ].name; i++ ) {
+ LDAPAttributeType *at;
+ int code;
+ const char *err;
+ AttributeDescription **ad;
+
+ at = ldap_str2attributetype( mat[ i ].schema, &code,
+ &err, LDAP_SCHEMA_ALLOW_ALL );
+ if ( !at ) {
+ Debug( LDAP_DEBUG_ANY, "monitor_back_db_init: "
+ "in AttributeType \"%s\" %s before %s\n",
+ mat[ i ].name, ldap_scherr2str(code), err );
+ return -1;
+ }
+
+ if ( at->at_oid == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "monitor_back_db_init: "
+ "null OID for attributeType \"%s\"\n",
+ mat[ i ].name, 0, 0 );
+ return -1;
+ }
+
+ code = at_add(at, 0, NULL, &err);
+ if ( code ) {
+ Debug( LDAP_DEBUG_ANY, "monitor_back_db_init: "
+ "%s in attributeType \"%s\"\n",
+ scherr2str(code), mat[ i ].name, 0 );
+ return -1;
+ }
+ ldap_memfree(at);
+
+ ad = ((AttributeDescription **)&(((char *)mi)[ mat[ i ].offset ]));
+ ad[ 0 ] = NULL;
+ if ( slap_str2ad( mat[ i ].name, ad, &text ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_back_db_init: %s\n", text, 0, 0 );
+ return -1;
+ }
+
+ (*ad)->ad_type->sat_flags |= mat[ i ].flags;
+ }
+
+ for ( i = 0; moc[ i ].name; i++ ) {
+ LDAPObjectClass *oc;
+ int code;
+ const char *err;
+ ObjectClass *Oc;
+
+ oc = ldap_str2objectclass(moc[ i ].schema, &code, &err,
+ LDAP_SCHEMA_ALLOW_ALL );
+ if ( !oc ) {
+ Debug( LDAP_DEBUG_ANY,
+ "unable to parse monitor objectclass \"%s\": "
+ "%s before %s\n" , moc[ i ].name,
+ ldap_scherr2str(code), err );
+ return -1;
+ }
+
+ if ( oc->oc_oid == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "objectclass \"%s\" has no OID\n" ,
+ moc[ i ].name, 0, 0 );
+ return -1;
+ }
+
+ code = oc_add(oc, 0, NULL, &err);
+ if ( code ) {
+ Debug( LDAP_DEBUG_ANY,
+ "objectclass \"%s\": %s \"%s\"\n" ,
+ moc[ i ].name, scherr2str(code), err );
+ return -1;
+ }
+
+ ldap_memfree(oc);
+
+ Oc = oc_find( moc[ i ].name );
+ if ( Oc == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "monitor_back_db_init: "
+ "unable to find objectClass %s "
+ "(just added)\n", moc[ i ].name, 0, 0 );
+ return -1;
+ }
+
+ Oc->soc_flags |= moc[ i ].flags;
+
+ ((ObjectClass **)&(((char *)mi)[ moc[ i ].offset ]))[ 0 ] = Oc;
+ }
+
+ bi->bi_controls = controls;
+
+ bi->bi_init = 0;
+ bi->bi_open = 0;
+ bi->bi_config = monitor_back_config;
+ bi->bi_close = 0;
+ bi->bi_destroy = 0;
+
+ bi->bi_db_init = monitor_back_db_init;
+#if 0
+ bi->bi_db_config = monitor_back_db_config;
+#endif
+ bi->bi_db_open = monitor_back_db_open;
+ bi->bi_db_close = 0;
+ bi->bi_db_destroy = monitor_back_db_destroy;
+
+ bi->bi_op_bind = monitor_back_bind;
+ bi->bi_op_unbind = 0;
+ bi->bi_op_search = monitor_back_search;
+ bi->bi_op_compare = monitor_back_compare;
+ bi->bi_op_modify = monitor_back_modify;
+ bi->bi_op_modrdn = 0;
+ bi->bi_op_add = 0;
+ bi->bi_op_delete = 0;
+ bi->bi_op_abandon = 0;
+
+ bi->bi_extended = 0;
+
+ bi->bi_entry_release_rw = 0;
+ bi->bi_chk_referrals = 0;
+ bi->bi_operational = monitor_back_operational;
+
+ /*
+ * hooks for slap tools
+ */
+ bi->bi_tool_entry_open = 0;
+ bi->bi_tool_entry_close = 0;
+ bi->bi_tool_entry_first = 0;
+ bi->bi_tool_entry_next = 0;
+ bi->bi_tool_entry_get = 0;
+ bi->bi_tool_entry_put = 0;
+ bi->bi_tool_entry_reindex = 0;
+ bi->bi_tool_sync = 0;
+ bi->bi_tool_dn2id_get = 0;
+ bi->bi_tool_id2entry_get = 0;
+ bi->bi_tool_entry_modify = 0;
+
+ bi->bi_connection_init = 0;
+ bi->bi_connection_destroy = 0;
+
+ /*
+ * configuration objectClasses (fake)
+ */
+ bi->bi_cf_ocs = monitorocs;
+
+ rc = config_register_schema( monitorcfg, monitorocs );
+ if ( rc ) {
+ return rc;
+ }
+
+ return 0;
+}
+
+int
+monitor_back_db_init(
+ BackendDB *be )
+{
+ int rc;
+ struct berval dn = BER_BVC( SLAPD_MONITOR_DN ),
+ pdn,
+ ndn;
+ BackendDB *be2;
+
+ monitor_subsys_t *ms;
+
+ /*
+ * register subsys
+ */
+ for ( ms = known_monitor_subsys; ms->mss_name != NULL; ms++ ) {
+ if ( monitor_back_register_subsys( ms ) ) {
+ return -1;
+ }
+ }
+
+ /*
+ * database monitor can be defined once only
+ */
+ if ( be_monitor != NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "only one monitor database is allowed\n", 0, 0, 0 );
+ return( -1 );
+ }
+ be_monitor = be;
+
+ /* indicate system schema supported */
+ SLAP_BFLAGS(be) |= SLAP_BFLAG_MONITOR;
+
+ rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "unable to normalize/pretty monitor DN \"%s\" (%d)\n",
+ dn.bv_val, rc, 0 );
+ return -1;
+ }
+
+ ber_bvarray_add( &be->be_suffix, &pdn );
+ ber_bvarray_add( &be->be_nsuffix, &ndn );
+
+ /* NOTE: only one monitor database is allowed,
+ * so we use static storage */
+ ldap_pvt_thread_mutex_init( &monitor_info.mi_cache_mutex );
+
+ be->be_private = &monitor_info;
+
+ be2 = select_backend( &ndn, 0, 0 );
+ if ( be2 != be ) {
+ char *type = be2->bd_info->bi_type;
+
+ if ( overlay_is_over( be2 ) ) {
+ slap_overinfo *oi = (slap_overinfo *)be2->bd_info->bi_private;
+ type = oi->oi_orig->bi_type;
+ }
+
+ Debug( LDAP_DEBUG_ANY,
+ "\"monitor\" database serving namingContext \"%s\" "
+ "is hidden by \"%s\" database serving namingContext \"%s\".\n",
+ pdn.bv_val, type, be2->be_nsuffix[ 0 ].bv_val );
+ return -1;
+ }
+
+ return 0;
+}
+
+int
+monitor_back_db_open(
+ BackendDB *be )
+{
+ monitor_info_t *mi = (monitor_info_t *)be->be_private;
+ struct monitor_subsys_t **ms;
+ Entry *e, **ep;
+ monitor_entry_t *mp;
+ int i;
+ char buf[ BACKMONITOR_BUFSIZE ];
+ struct berval bv;
+ struct tm *tms;
+#ifdef HAVE_GMTIME_R
+ struct tm tm_buf;
+#endif
+ static char tmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+
+ assert( be_monitor != NULL );
+ if ( be != be_monitor ) {
+ be_monitor = be;
+ }
+
+ /*
+ * Start
+ */
+#ifndef HAVE_GMTIME_R
+ ldap_pvt_thread_mutex_lock( &gmtime_mutex );
+#endif
+#ifdef HACK_LOCAL_TIME
+# ifdef HAVE_LOCALTIME_R
+ tms = localtime_r( &starttime, &tm_buf );
+# else
+ tms = localtime( &starttime );
+# endif /* HAVE_LOCALTIME_R */
+ lutil_localtime( tmbuf, sizeof(tmbuf), tms, -timezone );
+#else /* !HACK_LOCAL_TIME */
+# ifdef HAVE_GMTIME_R
+ tms = gmtime_r( &starttime, &tm_buf );
+# else
+ tms = gmtime( &starttime );
+# endif /* HAVE_GMTIME_R */
+ lutil_gentime( tmbuf, sizeof(tmbuf), tms );
+#endif /* !HACK_LOCAL_TIME */
+#ifndef HAVE_GMTIME_R
+ ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
+#endif
+
+ mi->mi_startTime.bv_val = tmbuf;
+ mi->mi_startTime.bv_len = strlen( tmbuf );
+
+ if ( BER_BVISEMPTY( &be->be_rootdn ) ) {
+ BER_BVSTR( &mi->mi_creatorsName, SLAPD_ANONYMOUS );
+ } else {
+ mi->mi_creatorsName = be->be_rootdn;
+ }
+
+ /*
+ * creates the "cn=Monitor" entry
+ */
+ snprintf( buf, sizeof( buf ),
+ "dn: %s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: Monitor\n"
+ "description: This subtree contains monitoring/managing objects.\n"
+ "description: This object contains information about this server.\n"
+ "description: Most of the information is held in operational"
+ " attributes, which must be explicitly requested.\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ SLAPD_MONITOR_DN,
+ mi->mi_oc_monitorServer->soc_cname.bv_val,
+ mi->mi_oc_monitorServer->soc_cname.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+ if ( e == NULL) {
+ Debug( LDAP_DEBUG_ANY,
+ "unable to create \"%s\" entry\n",
+ SLAPD_MONITOR_DN, 0, 0 );
+ return( -1 );
+ }
+
+ bv.bv_val = strchr( (char *) Versionstr, '$' );
+ if ( bv.bv_val != NULL ) {
+ char *end;
+
+ bv.bv_val++;
+ for ( ; bv.bv_val[ 0 ] == ' '; bv.bv_val++ )
+ ;
+
+ end = strchr( bv.bv_val, '$' );
+ if ( end != NULL ) {
+ end--;
+
+ for ( ; end > bv.bv_val && end[ 0 ] == ' '; end-- )
+ ;
+
+ end++;
+
+ bv.bv_len = end - bv.bv_val;
+
+ } else {
+ bv.bv_len = strlen( bv.bv_val );
+ }
+
+ if ( attr_merge_normalize_one( e, mi->mi_ad_monitoredInfo,
+ &bv, NULL ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "unable to add monitoredInfo to \"%s\" entry\n",
+ SLAPD_MONITOR_DN, 0, 0 );
+ return( -1 );
+ }
+ }
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ ep = &mp->mp_children;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "unable to add entry \"%s\" to cache\n",
+ SLAPD_MONITOR_DN, 0, 0 );
+ return -1;
+ }
+
+ /*
+ * Create all the subsystem specific entries
+ */
+ for ( i = 0; monitor_subsys[ i ] != NULL; i++ ) {
+ int len = strlen( monitor_subsys[ i ]->mss_name );
+ struct berval dn;
+ int rc;
+
+ dn.bv_len = len + sizeof( "cn=" ) - 1;
+ dn.bv_val = ch_calloc( sizeof( char ), dn.bv_len + 1 );
+ strcpy( dn.bv_val, "cn=" );
+ strcat( dn.bv_val, monitor_subsys[ i ]->mss_name );
+ rc = dnPretty( NULL, &dn, &monitor_subsys[ i ]->mss_rdn, NULL );
+ free( dn.bv_val );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor RDN \"%s\" is invalid\n",
+ dn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ dn.bv_len += sizeof( SLAPD_MONITOR_DN ); /* 1 for the , */
+ dn.bv_val = ch_malloc( dn.bv_len + 1 );
+ strcpy( dn.bv_val , monitor_subsys[ i ]->mss_rdn.bv_val );
+ strcat( dn.bv_val, "," SLAPD_MONITOR_DN );
+ rc = dnPrettyNormal( NULL, &dn, &monitor_subsys[ i ]->mss_dn,
+ &monitor_subsys[ i ]->mss_ndn, NULL );
+ free( dn.bv_val );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor DN \"%s\" is invalid\n",
+ dn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ snprintf( buf, sizeof( buf ),
+ "dn: %s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: %s\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ monitor_subsys[ i ]->mss_dn.bv_val,
+ mi->mi_oc_monitorContainer->soc_cname.bv_val,
+ mi->mi_oc_monitorContainer->soc_cname.bv_val,
+ monitor_subsys[ i ]->mss_name,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+
+ if ( e == NULL) {
+ Debug( LDAP_DEBUG_ANY,
+ "unable to create \"%s\" entry\n",
+ monitor_subsys[ i ]->mss_dn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ if ( !BER_BVISNULL( &monitor_subsys[ i ]->mss_desc[ 0 ] ) ) {
+ attr_merge_normalize( e, slap_schema.si_ad_description,
+ monitor_subsys[ i ]->mss_desc, NULL );
+ }
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = monitor_subsys[ i ];
+ mp->mp_flags = monitor_subsys[ i ]->mss_flags;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "unable to add entry \"%s\" to cache\n",
+ monitor_subsys[ i ]->mss_dn.bv_val, 0, 0 );
+ return -1;
+ }
+
+ *ep = e;
+ ep = &mp->mp_next;
+ }
+
+ assert( be != NULL );
+
+ be->be_private = mi;
+
+ /*
+ * opens the monitor backend subsystems
+ */
+ for ( ms = monitor_subsys; ms[ 0 ] != NULL; ms++ ) {
+ if ( ms[ 0 ]->mss_open && ( *ms[ 0 ]->mss_open )( be, ms[ 0 ] ) )
+ {
+ return( -1 );
+ }
+ ms[ 0 ]->mss_flags |= MONITOR_F_OPENED;
+ }
+
+ monitor_subsys_opened = 1;
+
+ if ( mi->mi_entry_limbo ) {
+ entry_limbo_t *el = (entry_limbo_t *)mi->mi_entry_limbo;
+
+ for ( ; el; ) {
+ entry_limbo_t *tmp;
+
+ switch ( el->el_type ) {
+ case LIMBO_ENTRY:
+ monitor_back_register_entry(
+ el->el_e,
+ el->el_cb );
+ break;
+
+ case LIMBO_ENTRY_PARENT:
+ monitor_back_register_entry_parent(
+ el->el_e,
+ el->el_cb,
+ &el->el_base,
+ el->el_scope,
+ &el->el_filter );
+ break;
+
+
+ case LIMBO_ATTRS:
+ monitor_back_register_entry_attrs(
+ &el->el_ndn,
+ el->el_a,
+ el->el_cb,
+ &el->el_base,
+ el->el_scope,
+ &el->el_filter );
+ break;
+
+ case LIMBO_CB:
+ monitor_back_register_entry_callback(
+ &el->el_ndn,
+ el->el_cb,
+ &el->el_base,
+ el->el_scope,
+ &el->el_filter );
+ break;
+
+ default:
+ assert( 0 );
+ }
+
+ if ( el->el_e ) {
+ entry_free( el->el_e );
+ }
+ if ( el->el_a ) {
+ attrs_free( el->el_a );
+ }
+ if ( !BER_BVISNULL( &el->el_ndn ) ) {
+ ber_memfree( el->el_ndn.bv_val );
+ }
+ if ( !BER_BVISNULL( &el->el_base ) ) {
+ ber_memfree( el->el_base.bv_val );
+ }
+ if ( !BER_BVISNULL( &el->el_filter ) ) {
+ ber_memfree( el->el_filter.bv_val );
+ }
+
+ tmp = el;
+ el = el->el_next;
+ ch_free( tmp );
+ }
+
+ mi->mi_entry_limbo = NULL;
+ }
+
+ return( 0 );
+}
+
+int
+monitor_back_config(
+ BackendInfo *bi,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+ /*
+ * eventually, will hold backend specific configuration parameters
+ */
+ return SLAP_CONF_UNKNOWN;
+}
+
+#if 0
+int
+monitor_back_db_config(
+ Backend *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+ monitor_info_t *mi = ( monitor_info_t * )be->be_private;
+
+ /*
+ * eventually, will hold database specific configuration parameters
+ */
+ return SLAP_CONF_UNKNOWN;
+}
+#endif
+
+int
+monitor_back_db_destroy(
+ BackendDB *be )
+{
+ monitor_info_t *mi = ( monitor_info_t * )be->be_private;
+
+ if ( mi == NULL ) {
+ return -1;
+ }
+
+ /*
+ * FIXME: destroys all the data
+ */
+ /* NOTE: mi points to static storage; don't free it */
+
+ (void)monitor_cache_destroy( mi );
+
+ if ( monitor_subsys ) {
+ int i;
+
+ for ( i = 0; monitor_subsys[ i ] != NULL; i++ ) {
+ if ( monitor_subsys[ i ]->mss_destroy ) {
+ monitor_subsys[ i ]->mss_destroy( be, monitor_subsys[ i ] );
+ }
+
+ if ( !BER_BVISNULL( &monitor_subsys[ i ]->mss_rdn ) ) {
+ ch_free( monitor_subsys[ i ]->mss_rdn.bv_val );
+ }
+
+ if ( !BER_BVISNULL( &monitor_subsys[ i ]->mss_dn ) ) {
+ ch_free( monitor_subsys[ i ]->mss_dn.bv_val );
+ }
+
+ if ( !BER_BVISNULL( &monitor_subsys[ i ]->mss_ndn ) ) {
+ ch_free( monitor_subsys[ i ]->mss_ndn.bv_val );
+ }
+ }
+
+ ch_free( monitor_subsys );
+ }
+
+ ldap_pvt_thread_mutex_destroy( &monitor_info.mi_cache_mutex );
+
+ be->be_private = NULL;
+
+ return 0;
+}
+
+#if SLAPD_MONITOR == SLAPD_MOD_DYNAMIC
+
+/* conditionally define the init_module() function */
+SLAP_BACKEND_INIT_MODULE( monitor )
+
+#endif /* SLAPD_MONITOR == SLAPD_MOD_DYNAMIC */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/listener.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/listener.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/listener.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,150 @@
+/* listener.c - deals with listener subsystem */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/listener.c,v 1.27.2.4 2007/01/02 21:44:05 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-monitor.h"
+
+int
+monitor_subsys_listener_init(
+ BackendDB *be,
+ monitor_subsys_t *ms
+)
+{
+ monitor_info_t *mi;
+ Entry *e_listener, **ep;
+ int i;
+ monitor_entry_t *mp;
+ Listener **l;
+
+ assert( be != NULL );
+
+ if ( ( l = slapd_get_listeners() ) == NULL ) {
+ if ( slapMode & SLAP_TOOL_MODE ) {
+ return 0;
+ }
+
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_listener_init: "
+ "unable to get listeners\n", 0, 0, 0 );
+ return( -1 );
+ }
+
+ mi = ( monitor_info_t * )be->be_private;
+
+ if ( monitor_cache_get( mi, &ms->mss_ndn, &e_listener ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_listener_init: "
+ "unable to get entry \"%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ mp = ( monitor_entry_t * )e_listener->e_private;
+ mp->mp_children = NULL;
+ ep = &mp->mp_children;
+
+ for ( i = 0; l[ i ]; i++ ) {
+ char buf[ BACKMONITOR_BUFSIZE ];
+ Entry *e;
+
+ snprintf( buf, sizeof( buf ),
+ "dn: cn=Listener %d,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: Listener %d\n"
+ "%s: %s\n"
+ "labeledURI: %s\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ i,
+ ms->mss_dn.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ i,
+ mi->mi_ad_monitorConnectionLocalAddress->ad_cname.bv_val,
+ l[ i ]->sl_name.bv_val,
+ l[ i ]->sl_url.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_listener_init: "
+ "unable to create entry \"cn=Listener %d,%s\"\n",
+ i, ms->mss_ndn.bv_val, 0 );
+ return( -1 );
+ }
+
+#ifdef HAVE_TLS
+ if ( l[ i ]->sl_is_tls ) {
+ struct berval bv;
+
+ BER_BVSTR( &bv, "TLS" );
+ attr_merge_normalize_one( e, mi->mi_ad_monitoredInfo,
+ &bv, NULL );
+ }
+#endif /* HAVE_TLS */
+#ifdef LDAP_CONNECTIONLESS
+ if ( l[ i ]->sl_is_udp ) {
+ struct berval bv;
+
+ BER_BVSTR( &bv, "UDP" );
+ attr_merge_normalize_one( e, mi->mi_ad_monitoredInfo,
+ &bv, NULL );
+ }
+#endif /* HAVE_TLS */
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = ms;
+ mp->mp_flags = ms->mss_flags
+ | MONITOR_F_SUB;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_listener_init: "
+ "unable to add entry \"cn=Listener %d,%s\"\n",
+ i, ms->mss_ndn.bv_val, 0 );
+ return( -1 );
+ }
+
+ *ep = e;
+ ep = &mp->mp_next;
+ }
+
+ monitor_cache_release( mi, e_listener );
+
+ return( 0 );
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/log.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/log.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/log.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,452 @@
+/* log.c - deal with log subsystem */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/log.c,v 1.45.2.7 2007/01/02 21:44:05 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+
+#include "slap.h"
+#include <lber_pvt.h>
+#include "lutil.h"
+#include "ldif.h"
+#include "back-monitor.h"
+
+static int
+monitor_subsys_log_open(
+ BackendDB *be,
+ monitor_subsys_t *ms );
+
+static int
+monitor_subsys_log_modify(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e );
+
+/*
+ * log mutex
+ */
+ldap_pvt_thread_mutex_t monitor_log_mutex;
+
+static int add_values( Operation *op, Entry *e, Modification *mod, int *newlevel );
+static int delete_values( Operation *op, Entry *e, Modification *mod, int *newlevel );
+static int replace_values( Operation *op, Entry *e, Modification *mod, int *newlevel );
+
+/*
+ * initializes log subentry
+ */
+int
+monitor_subsys_log_init(
+ BackendDB *be,
+ monitor_subsys_t *ms )
+{
+ ms->mss_open = monitor_subsys_log_open;
+ ms->mss_modify = monitor_subsys_log_modify;
+
+ ldap_pvt_thread_mutex_init( &monitor_log_mutex );
+
+ return( 0 );
+}
+
+/*
+ * opens log subentry
+ */
+int
+monitor_subsys_log_open(
+ BackendDB *be,
+ monitor_subsys_t *ms )
+{
+ BerVarray bva = NULL;
+
+ if ( loglevel2bvarray( ldap_syslog, &bva ) == 0 && bva != NULL ) {
+ monitor_info_t *mi;
+ Entry *e;
+
+ mi = ( monitor_info_t * )be->be_private;
+
+ if ( monitor_cache_get( mi, &ms->mss_ndn, &e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_log_init: "
+ "unable to get entry \"%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ ber_bvarray_free( bva );
+ return( -1 );
+ }
+
+ attr_merge_normalize( e, mi->mi_ad_managedInfo, bva, NULL );
+ ber_bvarray_free( bva );
+
+ monitor_cache_release( mi, e );
+ }
+
+ return( 0 );
+}
+
+static int
+monitor_subsys_log_modify(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e )
+{
+ monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
+ int rc = LDAP_OTHER;
+ int newlevel = ldap_syslog;
+ Attribute *save_attrs;
+ Modifications *modlist = op->oq_modify.rs_modlist;
+ Modifications *ml;
+
+ ldap_pvt_thread_mutex_lock( &monitor_log_mutex );
+
+ save_attrs = e->e_attrs;
+ e->e_attrs = attrs_dup( e->e_attrs );
+
+ for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
+ Modification *mod = &ml->sml_mod;
+
+ /*
+ * accept all operational attributes;
+ * this includes modifersName and modifyTimestamp
+ * if lastmod is "on"
+ */
+ if ( is_at_operational( mod->sm_desc->ad_type ) ) {
+ ( void ) attr_delete( &e->e_attrs, mod->sm_desc );
+ rc = rs->sr_err = attr_merge( e, mod->sm_desc,
+ mod->sm_values, mod->sm_nvalues );
+ if ( rc != LDAP_SUCCESS ) {
+ break;
+ }
+ continue;
+
+ /*
+ * only the "managedInfo" attribute can be modified
+ */
+ } else if ( mod->sm_desc != mi->mi_ad_managedInfo ) {
+ rc = rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ break;
+ }
+
+ switch ( mod->sm_op ) {
+ case LDAP_MOD_ADD:
+ rc = add_values( op, e, mod, &newlevel );
+ break;
+
+ case LDAP_MOD_DELETE:
+ rc = delete_values( op, e, mod, &newlevel );
+ break;
+
+ case LDAP_MOD_REPLACE:
+ rc = replace_values( op, e, mod, &newlevel );
+ break;
+
+ default:
+ rc = LDAP_OTHER;
+ break;
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ rs->sr_err = rc;
+ break;
+ }
+ }
+
+ /* set the new debug level */
+ if ( rc == LDAP_SUCCESS ) {
+ const char *text;
+ static char textbuf[ BACKMONITOR_BUFSIZE ];
+
+ /* check for abandon */
+ if ( op->o_abandon ) {
+ rc = rs->sr_err = SLAPD_ABANDON;
+
+ goto cleanup;
+ }
+
+ /* check that the entry still obeys the schema */
+ rc = entry_schema_check( op, e, save_attrs, 0,
+ &text, textbuf, sizeof( textbuf ) );
+ if ( rc != LDAP_SUCCESS ) {
+ rs->sr_err = rc;
+ goto cleanup;
+ }
+
+ /*
+ * Do we need to protect this with a mutex?
+ */
+ ldap_syslog = newlevel;
+
+#if 0 /* debug rather than log */
+ slap_debug = newlevel;
+ lutil_set_debug_level( "slapd", slap_debug );
+ ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &slap_debug);
+ ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &slap_debug);
+ ldif_debug = slap_debug;
+#endif
+ }
+
+cleanup:;
+ if ( rc == LDAP_SUCCESS ) {
+ attrs_free( save_attrs );
+
+ } else {
+ attrs_free( e->e_attrs );
+ e->e_attrs = save_attrs;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &monitor_log_mutex );
+
+ if ( rc == LDAP_SUCCESS ) {
+ rc = SLAP_CB_CONTINUE;
+ }
+
+ return rc;
+}
+
+static int
+check_constraints( Modification *mod, int *newlevel )
+{
+ int i;
+
+ if ( mod->sm_nvalues != NULL ) {
+ ber_bvarray_free( mod->sm_nvalues );
+ mod->sm_nvalues = NULL;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &mod->sm_values[ i ] ); i++ ) {
+ int l;
+ struct berval bv;
+
+ if ( str2loglevel( mod->sm_values[ i ].bv_val, &l ) ) {
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+
+ if ( loglevel2bv( l, &bv ) ) {
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+
+ assert( bv.bv_len == mod->sm_values[ i ].bv_len );
+
+ AC_MEMCPY( mod->sm_values[ i ].bv_val,
+ bv.bv_val, bv.bv_len );
+
+ *newlevel |= l;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+add_values( Operation *op, Entry *e, Modification *mod, int *newlevel )
+{
+ Attribute *a;
+ int i, rc;
+ MatchingRule *mr = mod->sm_desc->ad_type->sat_equality;
+
+ assert( mod->sm_values != NULL );
+
+ rc = check_constraints( mod, newlevel );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ a = attr_find( e->e_attrs, mod->sm_desc );
+
+ if ( a != NULL ) {
+ /* "managedInfo" SHOULD have appropriate rules ... */
+ if ( mr == NULL || !mr->smr_match ) {
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &mod->sm_values[ i ] ); i++ ) {
+ int rc;
+ int j;
+ const char *text = NULL;
+ struct berval asserted;
+
+ rc = asserted_value_validate_normalize(
+ mod->sm_desc, mr, SLAP_MR_EQUALITY,
+ &mod->sm_values[ i ], &asserted, &text,
+ op->o_tmpmemctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ ) {
+ int match;
+ int rc = value_match( &match, mod->sm_desc, mr,
+ 0, &a->a_nvals[ j ], &asserted, &text );
+
+ if ( rc == LDAP_SUCCESS && match == 0 ) {
+ free( asserted.bv_val );
+ return LDAP_TYPE_OR_VALUE_EXISTS;
+ }
+ }
+
+ free( asserted.bv_val );
+ }
+ }
+
+ /* no - add them */
+ rc = attr_merge_normalize( e, mod->sm_desc, mod->sm_values,
+ op->o_tmpmemctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+delete_values( Operation *op, Entry *e, Modification *mod, int *newlevel )
+{
+ int i, j, k, found, rc, nl = 0;
+ Attribute *a;
+ MatchingRule *mr = mod->sm_desc->ad_type->sat_equality;
+
+ /* delete the entire attribute */
+ if ( mod->sm_values == NULL ) {
+ int rc = attr_delete( &e->e_attrs, mod->sm_desc );
+
+ if ( rc ) {
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+
+ } else {
+ *newlevel = 0;
+ rc = LDAP_SUCCESS;
+ }
+ return rc;
+ }
+
+ rc = check_constraints( mod, &nl );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ *newlevel &= ~nl;
+
+ if ( mr == NULL || !mr->smr_match ) {
+ /* disallow specific attributes from being deleted if
+ * no equality rule */
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ /* delete specific values - find the attribute first */
+ if ( (a = attr_find( e->e_attrs, mod->sm_desc )) == NULL ) {
+ return( LDAP_NO_SUCH_ATTRIBUTE );
+ }
+
+ /* find each value to delete */
+ for ( i = 0; !BER_BVISNULL( &mod->sm_values[ i ] ); i++ ) {
+ int rc;
+ const char *text = NULL;
+
+ struct berval asserted;
+
+ rc = asserted_value_validate_normalize(
+ mod->sm_desc, mr, SLAP_MR_EQUALITY,
+ &mod->sm_values[ i ], &asserted, &text,
+ op->o_tmpmemctx );
+
+ if( rc != LDAP_SUCCESS ) return rc;
+
+ found = 0;
+ for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ ) {
+ int match;
+ int rc = value_match( &match, mod->sm_desc, mr,
+ 0, &a->a_nvals[ j ], &asserted, &text );
+
+ if( rc == LDAP_SUCCESS && match != 0 ) {
+ continue;
+ }
+
+ /* found a matching value */
+ found = 1;
+
+ /* delete it */
+ if ( a->a_nvals != a->a_vals ) {
+ free( a->a_nvals[ j ].bv_val );
+ for ( k = j + 1; !BER_BVISNULL( &a->a_nvals[ k ] ); k++ ) {
+ a->a_nvals[ k - 1 ] = a->a_nvals[ k ];
+ }
+ BER_BVZERO( &a->a_nvals[ k - 1 ] );
+ }
+
+ free( a->a_vals[ j ].bv_val );
+ for ( k = j + 1; !BER_BVISNULL( &a->a_vals[ k ] ); k++ ) {
+ a->a_vals[ k - 1 ] = a->a_vals[ k ];
+ }
+ BER_BVZERO( &a->a_vals[ k - 1 ] );
+
+ break;
+ }
+
+ free( asserted.bv_val );
+
+ /* looked through them all w/o finding it */
+ if ( ! found ) {
+ return LDAP_NO_SUCH_ATTRIBUTE;
+ }
+ }
+
+ /* if no values remain, delete the entire attribute */
+ if ( BER_BVISNULL( &a->a_vals[ 0 ] ) ) {
+ /* should already be zero */
+ *newlevel = 0;
+
+ if ( attr_delete( &e->e_attrs, mod->sm_desc ) ) {
+ return LDAP_NO_SUCH_ATTRIBUTE;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+replace_values( Operation *op, Entry *e, Modification *mod, int *newlevel )
+{
+ int rc;
+
+ if ( mod->sm_values != NULL ) {
+ *newlevel = 0;
+ rc = check_constraints( mod, newlevel );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ }
+
+ rc = attr_delete( &e->e_attrs, mod->sm_desc );
+
+ if ( rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_ATTRIBUTE ) {
+ return rc;
+ }
+
+ if ( mod->sm_values != NULL ) {
+ rc = attr_merge_normalize( e, mod->sm_desc, mod->sm_values,
+ op->o_tmpmemctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/modify.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/modify.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/modify.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,95 @@
+/* modify.c - monitor backend modify routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/modify.c,v 1.17.2.6 2007/01/02 21:44:05 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-monitor.h"
+#include "proto-back-monitor.h"
+
+int
+monitor_back_modify( Operation *op, SlapReply *rs )
+{
+ int rc = 0;
+ monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
+ Entry *matched;
+ Entry *e;
+
+ Debug(LDAP_DEBUG_ARGS, "monitor_back_modify:\n", 0, 0, 0);
+
+ /* acquire and lock entry */
+ monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched );
+ if ( e == NULL ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ if ( matched ) {
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !access_allowed_mask( op, matched,
+ slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL, NULL ) )
+ {
+ /* do nothing */ ;
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ rs->sr_matched = matched->e_dn;
+ }
+ }
+ send_ldap_result( op, rs );
+ if ( matched != NULL ) {
+ rs->sr_matched = NULL;
+ monitor_cache_release( mi, matched );
+ }
+ return rs->sr_err;
+ }
+
+ if ( !acl_check_modlist( op, e, op->oq_modify.rs_modlist )) {
+ rc = LDAP_INSUFFICIENT_ACCESS;
+
+ } else {
+ assert( !SLAP_SHADOW( op->o_bd ) );
+ slap_mods_opattrs( op, &op->orm_modlist, 0 );
+
+ rc = monitor_entry_modify( op, rs, e );
+ }
+
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( rc != LDAP_SUCCESS ) {
+ if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL, NULL ) )
+ {
+ rc = LDAP_NO_SUCH_OBJECT;
+ }
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
+ rs->sr_err = rc;
+ send_ldap_result( op, rs );
+
+ monitor_cache_release( mi, e );
+
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/operation.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/operation.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/operation.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,251 @@
+/* operation.c - deal with operation subsystem */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/operation.c,v 1.36.2.6 2007/01/02 21:44:05 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-monitor.h"
+#include "lber_pvt.h"
+
+struct monitor_ops_t {
+ struct berval rdn;
+ struct berval nrdn;
+} monitor_op[] = {
+ { BER_BVC( "cn=Bind" ), BER_BVNULL },
+ { BER_BVC( "cn=Unbind" ), BER_BVNULL },
+ { BER_BVC( "cn=Add" ), BER_BVNULL },
+ { BER_BVC( "cn=Delete" ), BER_BVNULL },
+ { BER_BVC( "cn=Modrdn" ), BER_BVNULL },
+ { BER_BVC( "cn=Modify" ), BER_BVNULL },
+ { BER_BVC( "cn=Compare" ), BER_BVNULL },
+ { BER_BVC( "cn=Search" ), BER_BVNULL },
+ { BER_BVC( "cn=Abandon" ), BER_BVNULL },
+ { BER_BVC( "cn=Extended" ), BER_BVNULL },
+ { BER_BVNULL, BER_BVNULL }
+};
+
+static int
+monitor_subsys_ops_destroy(
+ BackendDB *be,
+ monitor_subsys_t *ms );
+
+static int
+monitor_subsys_ops_update(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e );
+
+int
+monitor_subsys_ops_init(
+ BackendDB *be,
+ monitor_subsys_t *ms )
+{
+ monitor_info_t *mi;
+
+ Entry *e_op, **ep;
+ monitor_entry_t *mp;
+ char buf[ BACKMONITOR_BUFSIZE ];
+ int i;
+ struct berval bv_zero = BER_BVC( "0" );
+
+ assert( be != NULL );
+
+ ms->mss_destroy = monitor_subsys_ops_destroy;
+ ms->mss_update = monitor_subsys_ops_update;
+
+ mi = ( monitor_info_t * )be->be_private;
+
+ if ( monitor_cache_get( mi,
+ &ms->mss_ndn, &e_op ) )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_ops_init: "
+ "unable to get entry \"%s\"\n",
+ ms->mss_ndn.bv_val,
+ 0, 0 );
+ return( -1 );
+ }
+
+ attr_merge_one( e_op, mi->mi_ad_monitorOpInitiated, &bv_zero, &bv_zero );
+ attr_merge_one( e_op, mi->mi_ad_monitorOpCompleted, &bv_zero, &bv_zero );
+
+ mp = ( monitor_entry_t * )e_op->e_private;
+ mp->mp_children = NULL;
+ ep = &mp->mp_children;
+
+ for ( i = 0; i < SLAP_OP_LAST; i++ ) {
+ struct berval rdn;
+ Entry *e;
+
+ /*
+ * Initiated ops
+ */
+ snprintf( buf, sizeof( buf ),
+ "dn: %s,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: %s\n"
+ "%s: 0\n"
+ "%s: 0\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ monitor_op[ i ].rdn.bv_val,
+ ms->mss_dn.bv_val,
+ mi->mi_oc_monitorOperation->soc_cname.bv_val,
+ mi->mi_oc_monitorOperation->soc_cname.bv_val,
+ &monitor_op[ i ].rdn.bv_val[ STRLENOF( "cn=" ) ],
+ mi->mi_ad_monitorOpInitiated->ad_cname.bv_val,
+ mi->mi_ad_monitorOpCompleted->ad_cname.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_ops_init: "
+ "unable to create entry \"%s,%s\"\n",
+ monitor_op[ i ].rdn.bv_val,
+ ms->mss_ndn.bv_val, 0 );
+ return( -1 );
+ }
+
+ /* steal normalized RDN */
+ dnRdn( &e->e_nname, &rdn );
+ ber_dupbv( &monitor_op[ i ].nrdn, &rdn );
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = ms;
+ mp->mp_flags = ms->mss_flags \
+ | MONITOR_F_SUB | MONITOR_F_PERSISTENT;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_ops_init: "
+ "unable to add entry \"%s,%s\"\n",
+ monitor_op[ i ].rdn.bv_val,
+ ms->mss_ndn.bv_val, 0 );
+ return( -1 );
+ }
+
+ *ep = e;
+ ep = &mp->mp_next;
+ }
+
+ monitor_cache_release( mi, e_op );
+
+ return( 0 );
+}
+
+static int
+monitor_subsys_ops_destroy(
+ BackendDB *be,
+ monitor_subsys_t *ms )
+{
+ int i;
+
+ for ( i = 0; i < SLAP_OP_LAST; i++ ) {
+ if ( !BER_BVISNULL( &monitor_op[ i ].nrdn ) ) {
+ ch_free( monitor_op[ i ].nrdn.bv_val );
+ }
+ }
+
+ return 0;
+}
+
+static int
+monitor_subsys_ops_update(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e )
+{
+ monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
+
+ ldap_pvt_mp_t nInitiated = LDAP_PVT_MP_INIT,
+ nCompleted = LDAP_PVT_MP_INIT;
+ struct berval rdn;
+ int i;
+ Attribute *a;
+ static struct berval bv_ops = BER_BVC( "cn=operations" );
+
+ assert( mi != NULL );
+ assert( e != NULL );
+
+ dnRdn( &e->e_nname, &rdn );
+
+ if ( dn_match( &rdn, &bv_ops ) ) {
+ ldap_pvt_mp_init( nInitiated );
+ ldap_pvt_mp_init( nCompleted );
+
+ ldap_pvt_thread_mutex_lock( &slap_counters.sc_ops_mutex );
+ for ( i = 0; i < SLAP_OP_LAST; i++ ) {
+ ldap_pvt_mp_add( nInitiated, slap_counters.sc_ops_initiated_[ i ] );
+ ldap_pvt_mp_add( nCompleted, slap_counters.sc_ops_completed_[ i ] );
+ }
+ ldap_pvt_thread_mutex_unlock( &slap_counters.sc_ops_mutex );
+
+ } else {
+ for ( i = 0; i < SLAP_OP_LAST; i++ ) {
+ if ( dn_match( &rdn, &monitor_op[ i ].nrdn ) )
+ {
+ ldap_pvt_thread_mutex_lock( &slap_counters.sc_ops_mutex );
+ ldap_pvt_mp_init_set( nInitiated, slap_counters.sc_ops_initiated_[ i ] );
+ ldap_pvt_mp_init_set( nCompleted, slap_counters.sc_ops_completed_[ i ] );
+ ldap_pvt_thread_mutex_unlock( &slap_counters.sc_ops_mutex );
+ break;
+ }
+ }
+
+ if ( i == SLAP_OP_LAST ) {
+ /* not found ... */
+ return( 0 );
+ }
+ }
+
+ a = attr_find( e->e_attrs, mi->mi_ad_monitorOpInitiated );
+ assert ( a != NULL );
+
+ /* NOTE: no minus sign is allowed in the counters... */
+ UI2BV( &a->a_vals[ 0 ], nInitiated );
+ ldap_pvt_mp_clear( nInitiated );
+
+ a = attr_find( e->e_attrs, mi->mi_ad_monitorOpCompleted );
+ assert ( a != NULL );
+
+ /* NOTE: no minus sign is allowed in the counters... */
+ UI2BV( &a->a_vals[ 0 ], nCompleted );
+ ldap_pvt_mp_clear( nCompleted );
+
+ /* FIXME: touch modifyTimestamp? */
+
+ return SLAP_CB_CONTINUE;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/operational.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/operational.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/operational.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,67 @@
+/* operational.c - monitor backend operational attributes function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/operational.c,v 1.14.2.4 2007/01/02 21:44:05 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-monitor.h"
+#include "proto-back-monitor.h"
+
+/*
+ * sets the supported operational attributes (if required)
+ */
+
+int
+monitor_back_operational(
+ Operation *op,
+ SlapReply *rs )
+{
+ Attribute **ap;
+
+ assert( rs->sr_entry != NULL );
+
+ for ( ap = &rs->sr_operational_attrs; *ap; ap = &(*ap)->a_next )
+ /* just count */ ;
+
+ if ( SLAP_OPATTRS( rs->sr_attr_flags ) ||
+ ad_inlist( slap_schema.si_ad_hasSubordinates, rs->sr_attrs ) )
+ {
+ int hs;
+ monitor_entry_t *mp;
+
+ mp = ( monitor_entry_t * )rs->sr_entry->e_private;
+
+ assert( mp != NULL );
+
+ hs = MONITOR_HAS_CHILDREN( mp );
+ *ap = slap_operational_hasSubordinate( hs );
+ assert( *ap != NULL );
+ ap = &(*ap)->a_next;
+ }
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/overlay.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/overlay.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/overlay.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,159 @@
+/* overlay.c - deals with overlay subsystem */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-monitor.h"
+
+/*
+ * initializes overlay subentries
+ */
+int
+monitor_subsys_overlay_init(
+ BackendDB *be,
+ monitor_subsys_t *ms
+)
+{
+ monitor_info_t *mi;
+ Entry *e_overlay, **ep;
+ int i;
+ monitor_entry_t *mp;
+ slap_overinst *on;
+ monitor_subsys_t *ms_database;
+
+ mi = ( monitor_info_t * )be->be_private;
+
+ ms_database = monitor_back_get_subsys( SLAPD_MONITOR_DATABASE_NAME );
+ if ( ms_database == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_backend_init: "
+ "unable to get "
+ "\"" SLAPD_MONITOR_DATABASE_NAME "\" "
+ "subsystem\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ if ( monitor_cache_get( mi, &ms->mss_ndn, &e_overlay ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_overlay_init: "
+ "unable to get entry \"%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ mp = ( monitor_entry_t * )e_overlay->e_private;
+ mp->mp_children = NULL;
+ ep = &mp->mp_children;
+
+ for ( on = overlay_next( NULL ), i = 0; on; on = overlay_next( on ), i++ ) {
+ char buf[ BACKMONITOR_BUFSIZE ];
+ struct berval bv;
+ int j;
+ Entry *e;
+ BackendDB *be;
+
+ snprintf( buf, sizeof( buf ),
+ "dn: cn=Overlay %d,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: Overlay %d\n"
+ "%s: %s\n"
+ "%s: %s\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ i,
+ ms->mss_dn.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ i,
+ mi->mi_ad_monitoredInfo->ad_cname.bv_val,
+ on->on_bi.bi_type,
+ mi->mi_ad_monitorRuntimeConfig->ad_cname.bv_val,
+ on->on_bi.bi_cf_ocs ? "TRUE" : "FALSE",
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_overlay_init: "
+ "unable to create entry \"cn=Overlay %d,%s\"\n",
+ i, ms->mss_ndn.bv_val, 0 );
+ return( -1 );
+ }
+
+ ber_str2bv( on->on_bi.bi_type, 0, 0, &bv );
+ attr_merge_normalize_one( e_overlay, mi->mi_ad_monitoredInfo,
+ &bv, NULL );
+
+ j = -1;
+ LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
+ char buf[ SLAP_LDAPDN_MAXLEN ];
+ struct berval dn;
+
+ j++;
+ if ( !overlay_is_inst( be, on->on_bi.bi_type ) ) {
+ continue;
+ }
+
+ snprintf( buf, sizeof( buf ), "cn=Database %d,%s",
+ j, ms_database->mss_dn.bv_val );
+
+ ber_str2bv( buf, 0, 0, &dn );
+ attr_merge_normalize_one( e, slap_schema.si_ad_seeAlso,
+ &dn, NULL );
+ }
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = ms;
+ mp->mp_flags = ms->mss_flags
+ | MONITOR_F_SUB;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_overlay_init: "
+ "unable to add entry \"cn=Overlay %d,%s\"\n",
+ i, ms->mss_ndn.bv_val, 0 );
+ return( -1 );
+ }
+
+ *ep = e;
+ ep = &mp->mp_next;
+ }
+
+ monitor_cache_release( mi, e_overlay );
+
+ return( 0 );
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/proto-back-monitor.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/proto-back-monitor.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/proto-back-monitor.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,251 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/proto-back-monitor.h,v 1.25.2.7 2007/01/02 21:44:05 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#ifndef _PROTO_BACK_MONITOR
+#define _PROTO_BACK_MONITOR
+
+#include <ldap_cdefs.h>
+
+LDAP_BEGIN_DECL
+
+/*
+ * backends
+ */
+int
+monitor_subsys_backend_init LDAP_P((
+ BackendDB *be,
+ monitor_subsys_t *ms ));
+
+/*
+ * cache
+ */
+extern int
+monitor_cache_cmp LDAP_P((
+ const void *c1,
+ const void *c2 ));
+extern int
+monitor_cache_dup LDAP_P((
+ void *c1,
+ void *c2 ));
+extern int
+monitor_cache_add LDAP_P((
+ monitor_info_t *mi,
+ Entry *e ));
+extern int
+monitor_cache_get LDAP_P((
+ monitor_info_t *mi,
+ struct berval *ndn,
+ Entry **ep ));
+extern int
+monitor_cache_dn2entry LDAP_P((
+ Operation *op,
+ SlapReply *rs,
+ struct berval *ndn,
+ Entry **ep,
+ Entry **matched ));
+extern int
+monitor_cache_lock LDAP_P((
+ Entry *e ));
+extern int
+monitor_cache_release LDAP_P((
+ monitor_info_t *mi,
+ Entry *e ));
+
+extern int
+monitor_cache_destroy LDAP_P((
+ monitor_info_t *mi ));
+
+/*
+ * connections
+ */
+extern int
+monitor_subsys_conn_init LDAP_P((
+ BackendDB *be,
+ monitor_subsys_t *ms ));
+
+/*
+ * databases
+ */
+extern int
+monitor_subsys_database_init LDAP_P((
+ BackendDB *be,
+ monitor_subsys_t *ms ));
+
+/*
+ * entry
+ */
+extern int
+monitor_entry_update LDAP_P((
+ Operation *op,
+ SlapReply *rs,
+ Entry *e ));
+extern int
+monitor_entry_create LDAP_P((
+ Operation *op,
+ SlapReply *rs,
+ struct berval *ndn,
+ Entry *e_parent,
+ Entry **ep ));
+extern int
+monitor_entry_modify LDAP_P((
+ Operation *op,
+ SlapReply *rs,
+ Entry *e ));
+extern int
+monitor_entry_test_flags LDAP_P((
+ monitor_entry_t *mp,
+ int cond ));
+extern monitor_entry_t *
+monitor_entrypriv_create LDAP_P((
+ void ));
+
+/*
+ * init
+ */
+extern int
+monitor_back_register_subsys LDAP_P((
+ monitor_subsys_t *ms ));
+extern monitor_subsys_t *
+monitor_back_get_subsys LDAP_P((
+ const char *name ));
+extern monitor_subsys_t *
+monitor_back_get_subsys_by_dn LDAP_P((
+ struct berval *ndn,
+ int sub ));
+extern int
+monitor_back_is_configured LDAP_P(( void ));
+extern int
+monitor_back_register_entry LDAP_P((
+ Entry *e,
+ monitor_callback_t *cb ));
+extern int
+monitor_back_register_entry_parent LDAP_P((
+ Entry *e,
+ monitor_callback_t *cb,
+ struct berval *base,
+ int scope,
+ struct berval *filter ));
+extern int
+monitor_filter2ndn LDAP_P((
+ struct berval *base,
+ int scope,
+ struct berval *filter,
+ struct berval *ndn ));
+extern int
+monitor_back_register_entry_attrs LDAP_P((
+ struct berval *ndn,
+ Attribute *a,
+ monitor_callback_t *cb,
+ struct berval *base,
+ int scope,
+ struct berval *filter ));
+extern int
+monitor_back_register_entry_callback LDAP_P((
+ struct berval *ndn,
+ monitor_callback_t *cb,
+ struct berval *base,
+ int scope,
+ struct berval *filter ));
+
+/*
+ * listener
+ */
+extern int
+monitor_subsys_listener_init LDAP_P((
+ BackendDB *be,
+ monitor_subsys_t *ms ));
+
+/*
+ * log
+ */
+extern int
+monitor_subsys_log_init LDAP_P((
+ BackendDB *be,
+ monitor_subsys_t *ms ));
+
+/*
+ * operations
+ */
+extern int
+monitor_subsys_ops_init LDAP_P((
+ BackendDB *be,
+ monitor_subsys_t *ms ));
+
+/*
+ * overlay
+ */
+extern int
+monitor_subsys_overlay_init LDAP_P((
+ BackendDB *be,
+ monitor_subsys_t *ms ));
+
+/*
+ * sent
+ */
+extern int
+monitor_subsys_sent_init LDAP_P((
+ BackendDB *be,
+ monitor_subsys_t *ms ));
+
+/*
+ * threads
+ */
+extern int
+monitor_subsys_thread_init LDAP_P((
+ BackendDB *be,
+ monitor_subsys_t *ms ));
+
+/*
+ * time
+ */
+extern int monitor_subsys_time_init LDAP_P((
+ BackendDB *be,
+ monitor_subsys_t *ms ));
+
+/*
+ * waiters
+ */
+extern int
+monitor_subsys_rww_init LDAP_P((
+ BackendDB *be,
+ monitor_subsys_t *ms ));
+
+/*
+ * former external.h
+ */
+
+extern BI_init monitor_back_initialize;
+
+extern BI_db_init monitor_back_db_init;
+extern BI_db_open monitor_back_db_open;
+extern BI_config monitor_back_config;
+extern BI_db_destroy monitor_back_db_destroy;
+extern BI_db_config monitor_back_db_config;
+
+extern BI_op_search monitor_back_search;
+extern BI_op_compare monitor_back_compare;
+extern BI_op_modify monitor_back_modify;
+extern BI_op_bind monitor_back_bind;
+extern BI_operational monitor_back_operational;
+
+LDAP_END_DECL
+
+#endif /* _PROTO_BACK_MONITOR */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/rww.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/rww.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/rww.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,251 @@
+/* readw.c - deal with read waiters subsystem */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/rww.c,v 1.26.2.6 2007/01/02 21:44:05 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "lutil.h"
+#include "back-monitor.h"
+
+static int
+monitor_subsys_rww_destroy(
+ BackendDB *be,
+ monitor_subsys_t *ms );
+
+static int
+monitor_subsys_rww_update(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e );
+
+enum {
+ MONITOR_RWW_READ = 0,
+ MONITOR_RWW_WRITE,
+
+ MONITOR_RWW_LAST
+};
+
+static struct monitor_rww_t {
+ struct berval rdn;
+ struct berval nrdn;
+} monitor_rww[] = {
+ { BER_BVC("cn=Read"), BER_BVNULL },
+ { BER_BVC("cn=Write"), BER_BVNULL },
+ { BER_BVNULL, BER_BVNULL }
+};
+
+int
+monitor_subsys_rww_init(
+ BackendDB *be,
+ monitor_subsys_t *ms )
+{
+ monitor_info_t *mi;
+
+ Entry **ep, *e_conn;
+ monitor_entry_t *mp;
+ int i;
+
+ assert( be != NULL );
+
+ ms->mss_destroy = monitor_subsys_rww_destroy;
+ ms->mss_update = monitor_subsys_rww_update;
+
+ mi = ( monitor_info_t * )be->be_private;
+
+ if ( monitor_cache_get( mi, &ms->mss_ndn, &e_conn ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_rww_init: "
+ "unable to get entry \"%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ mp = ( monitor_entry_t * )e_conn->e_private;
+ mp->mp_children = NULL;
+ ep = &mp->mp_children;
+
+ for ( i = 0; i < MONITOR_RWW_LAST; i++ ) {
+ char buf[ BACKMONITOR_BUFSIZE ];
+ struct berval nrdn, bv;
+ Entry *e;
+
+ snprintf( buf, sizeof( buf ),
+ "dn: %s,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: %s\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ monitor_rww[ i ].rdn.bv_val,
+ ms->mss_dn.bv_val,
+ mi->mi_oc_monitorCounterObject->soc_cname.bv_val,
+ mi->mi_oc_monitorCounterObject->soc_cname.bv_val,
+ &monitor_rww[ i ].rdn.bv_val[ STRLENOF( "cn=" ) ],
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_rww_init: "
+ "unable to create entry \"cn=Read,%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ /* steal normalized RDN */
+ dnRdn( &e->e_nname, &nrdn );
+ ber_dupbv( &monitor_rww[ i ].nrdn, &nrdn );
+
+ BER_BVSTR( &bv, "0" );
+ attr_merge_one( e, mi->mi_ad_monitorCounter, &bv, &bv );
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = ms;
+ mp->mp_flags = ms->mss_flags \
+ | MONITOR_F_SUB | MONITOR_F_PERSISTENT;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_rww_init: "
+ "unable to add entry \"%s,%s\"\n",
+ monitor_rww[ i ].rdn.bv_val,
+ ms->mss_ndn.bv_val, 0 );
+ return( -1 );
+ }
+
+ *ep = e;
+ ep = &mp->mp_next;
+ }
+
+ monitor_cache_release( mi, e_conn );
+
+ return( 0 );
+}
+
+static int
+monitor_subsys_rww_destroy(
+ BackendDB *be,
+ monitor_subsys_t *ms )
+{
+ int i;
+
+ for ( i = 0; i < MONITOR_RWW_LAST; i++ ) {
+ ber_memfree_x( monitor_rww[ i ].nrdn.bv_val, NULL );
+ }
+
+ return 0;
+}
+
+static int
+monitor_subsys_rww_update(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e )
+{
+ monitor_info_t *mi = (monitor_info_t *)op->o_bd->be_private;
+ Connection *c;
+ int connindex;
+ long nconns, nwritewaiters, nreadwaiters;
+
+ int i;
+ struct berval nrdn;
+
+ Attribute *a;
+ char buf[] = "+9223372036854775807L";
+ long num = 0;
+ ber_len_t len;
+
+ assert( mi != NULL );
+ assert( e != NULL );
+
+ dnRdn( &e->e_nname, &nrdn );
+
+ for ( i = 0; !BER_BVISNULL( &monitor_rww[ i ].nrdn ); i++ ) {
+ if ( dn_match( &nrdn, &monitor_rww[ i ].nrdn ) ) {
+ break;
+ }
+ }
+
+ if ( i == MONITOR_RWW_LAST ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ nconns = nwritewaiters = nreadwaiters = 0;
+ for ( c = connection_first( &connindex );
+ c != NULL;
+ c = connection_next( c, &connindex ), nconns++ )
+ {
+ if ( c->c_writewaiter ) {
+ nwritewaiters++;
+ }
+
+ /* FIXME: ?!? */
+ if ( c->c_currentber != NULL ) {
+ nreadwaiters++;
+ }
+ }
+ connection_done(c);
+
+ switch ( i ) {
+ case MONITOR_RWW_READ:
+ num = nreadwaiters;
+ break;
+
+ case MONITOR_RWW_WRITE:
+ num = nwritewaiters;
+ break;
+
+ default:
+ assert( 0 );
+ }
+
+ snprintf( buf, sizeof( buf ), "%ld", num );
+
+ a = attr_find( e->e_attrs, mi->mi_ad_monitorCounter );
+ assert( a != NULL );
+ len = strlen( buf );
+ if ( len > a->a_vals[ 0 ].bv_len ) {
+ a->a_vals[ 0 ].bv_val = ber_memrealloc( a->a_vals[ 0 ].bv_val, len + 1 );
+ if ( BER_BVISNULL( &a->a_vals[ 0 ] ) ) {
+ BER_BVZERO( &a->a_vals[ 0 ] );
+ return SLAP_CB_CONTINUE;
+ }
+ }
+ AC_MEMCPY( a->a_vals[ 0 ].bv_val, buf, len + 1 );
+ a->a_vals[ 0 ].bv_len = len;
+
+ /* FIXME: touch modifyTimestamp? */
+
+ return SLAP_CB_CONTINUE;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/search.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/search.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/search.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,267 @@
+/* search.c - monitor backend search function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/search.c,v 1.32.2.7 2007/01/02 21:44:05 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-monitor.h"
+#include "proto-back-monitor.h"
+
+static int
+monitor_send_children(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e_parent,
+ int sub )
+{
+ monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
+ Entry *e,
+ *e_tmp,
+ *e_ch = NULL,
+ *e_nonvolatile = NULL;
+ monitor_entry_t *mp;
+ int rc,
+ nonvolatile = 0;
+
+ mp = ( monitor_entry_t * )e_parent->e_private;
+ e_nonvolatile = e = mp->mp_children;
+
+ if ( MONITOR_HAS_VOLATILE_CH( mp ) ) {
+ monitor_entry_create( op, rs, NULL, e_parent, &e_ch );
+ }
+ monitor_cache_release( mi, e_parent );
+
+ /* no volatile entries? */
+ if ( e_ch == NULL ) {
+ /* no persistent entries? return */
+ if ( e == NULL ) {
+ return LDAP_SUCCESS;
+ }
+
+ /* volatile entries */
+ } else {
+ /* if no persistent, return only volatile */
+ if ( e == NULL ) {
+ e = e_ch;
+
+ /* else append persistent to volatile */
+ } else {
+ e_tmp = e_ch;
+ do {
+ mp = ( monitor_entry_t * )e_tmp->e_private;
+ e_tmp = mp->mp_next;
+
+ if ( e_tmp == NULL ) {
+ mp->mp_next = e;
+ break;
+ }
+ } while ( e_tmp );
+ e = e_ch;
+ }
+ }
+
+ /* return entries */
+ for ( monitor_cache_lock( e ); e != NULL; ) {
+ monitor_entry_update( op, rs, e );
+
+ if ( op->o_abandon ) {
+ /* FIXME: may leak generated children */
+ if ( nonvolatile == 0 ) {
+ for ( e_tmp = e; e_tmp != NULL; ) {
+ mp = ( monitor_entry_t * )e_tmp->e_private;
+ e = e_tmp;
+ e_tmp = mp->mp_next;
+ monitor_cache_release( mi, e );
+
+ if ( e_tmp == e_nonvolatile ) {
+ break;
+ }
+ }
+
+ } else {
+ monitor_cache_release( mi, e );
+ }
+
+ return SLAPD_ABANDON;
+ }
+
+ rc = test_filter( op, e, op->oq_search.rs_filter );
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ rs->sr_entry = e;
+ rs->sr_flags = 0;
+ rc = send_search_entry( op, rs );
+ rs->sr_entry = NULL;
+ }
+
+ mp = ( monitor_entry_t * )e->e_private;
+ e_tmp = mp->mp_next;
+
+ if ( sub ) {
+ rc = monitor_send_children( op, rs, e, sub );
+ if ( rc ) {
+ /* FIXME: may leak generated children */
+ if ( nonvolatile == 0 ) {
+ for ( ; e_tmp != NULL; ) {
+ mp = ( monitor_entry_t * )e_tmp->e_private;
+ e = e_tmp;
+ e_tmp = mp->mp_next;
+ monitor_cache_release( mi, e );
+
+ if ( e_tmp == e_nonvolatile ) {
+ break;
+ }
+ }
+ }
+
+ return( rc );
+ }
+ }
+
+ if ( e_tmp != NULL ) {
+ monitor_cache_lock( e_tmp );
+ }
+
+ if ( !sub ) {
+ /* otherwise the recursive call already released */
+ monitor_cache_release( mi, e );
+ }
+
+ e = e_tmp;
+ if ( e == e_nonvolatile ) {
+ nonvolatile = 1;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int
+monitor_back_search( Operation *op, SlapReply *rs )
+{
+ monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
+ int rc = LDAP_SUCCESS;
+ Entry *e = NULL, *matched = NULL;
+ slap_mask_t mask;
+
+ Debug( LDAP_DEBUG_TRACE, "=> monitor_back_search\n", 0, 0, 0 );
+
+
+ /* get entry with reader lock */
+ monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched );
+ if ( e == NULL ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ if ( matched ) {
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !access_allowed_mask( op, matched,
+ slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL, NULL ) )
+ {
+ /* do nothing */ ;
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ rs->sr_matched = matched->e_dn;
+ }
+ }
+
+ send_ldap_result( op, rs );
+ if ( matched ) {
+ monitor_cache_release( mi, matched );
+ rs->sr_matched = NULL;
+ }
+
+ return rs->sr_err;
+ }
+
+ /* NOTE: __NEW__ "search" access is required
+ * on searchBase object */
+ if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_SEARCH, NULL, &mask ) )
+ {
+ monitor_cache_release( mi, e );
+
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ }
+
+ send_ldap_result( op, rs );
+
+ return rs->sr_err;
+ }
+
+ rs->sr_attrs = op->oq_search.rs_attrs;
+ switch ( op->oq_search.rs_scope ) {
+ case LDAP_SCOPE_BASE:
+ monitor_entry_update( op, rs, e );
+ rc = test_filter( op, e, op->oq_search.rs_filter );
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ rs->sr_entry = e;
+ rs->sr_flags = 0;
+ send_search_entry( op, rs );
+ rs->sr_entry = NULL;
+ }
+ rc = LDAP_SUCCESS;
+ monitor_cache_release( mi, e );
+ break;
+
+ case LDAP_SCOPE_ONELEVEL:
+ case LDAP_SCOPE_SUBORDINATE:
+ rc = monitor_send_children( op, rs, e,
+ op->oq_search.rs_scope == LDAP_SCOPE_SUBORDINATE );
+ break;
+
+ case LDAP_SCOPE_SUBTREE:
+ monitor_entry_update( op, rs, e );
+ rc = test_filter( op, e, op->oq_search.rs_filter );
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ rs->sr_entry = e;
+ rs->sr_flags = 0;
+ send_search_entry( op, rs );
+ rs->sr_entry = NULL;
+ }
+
+ rc = monitor_send_children( op, rs, e, 1 );
+ break;
+
+ default:
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ monitor_cache_release( mi, e );
+ }
+
+ rs->sr_attrs = NULL;
+ rs->sr_err = rc;
+ if ( rs->sr_err != SLAPD_ABANDON ) {
+ send_ldap_result( op, rs );
+ }
+
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/sent.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/sent.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/sent.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,237 @@
+/* sent.c - deal with data sent subsystem */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/sent.c,v 1.33.2.5 2007/01/02 21:44:05 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-monitor.h"
+
+static int
+monitor_subsys_sent_destroy(
+ BackendDB *be,
+ monitor_subsys_t *ms );
+
+static int
+monitor_subsys_sent_update(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e );
+
+enum {
+ MONITOR_SENT_BYTES = 0,
+ MONITOR_SENT_PDU,
+ MONITOR_SENT_ENTRIES,
+ MONITOR_SENT_REFERRALS,
+
+ MONITOR_SENT_LAST
+};
+
+struct monitor_sent_t {
+ struct berval rdn;
+ struct berval nrdn;
+} monitor_sent[] = {
+ { BER_BVC("cn=Bytes"), BER_BVNULL },
+ { BER_BVC("cn=PDU"), BER_BVNULL },
+ { BER_BVC("cn=Entries"), BER_BVNULL },
+ { BER_BVC("cn=Referrals"), BER_BVNULL },
+ { BER_BVNULL, BER_BVNULL }
+};
+
+int
+monitor_subsys_sent_init(
+ BackendDB *be,
+ monitor_subsys_t *ms )
+{
+ monitor_info_t *mi;
+
+ Entry **ep, *e_sent;
+ monitor_entry_t *mp;
+ int i;
+
+ assert( be != NULL );
+
+ ms->mss_destroy = monitor_subsys_sent_destroy;
+ ms->mss_update = monitor_subsys_sent_update;
+
+ mi = ( monitor_info_t * )be->be_private;
+
+ if ( monitor_cache_get( mi, &ms->mss_ndn, &e_sent ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_sent_init: "
+ "unable to get entry \"%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ mp = ( monitor_entry_t * )e_sent->e_private;
+ mp->mp_children = NULL;
+ ep = &mp->mp_children;
+
+ for ( i = 0; i < MONITOR_SENT_LAST; i++ ) {
+ char buf[ BACKMONITOR_BUFSIZE ];
+ struct berval nrdn, bv;
+ Entry *e;
+
+ snprintf( buf, sizeof( buf ),
+ "dn: %s,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: %s\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ monitor_sent[ i ].rdn.bv_val,
+ ms->mss_dn.bv_val,
+ mi->mi_oc_monitorCounterObject->soc_cname.bv_val,
+ mi->mi_oc_monitorCounterObject->soc_cname.bv_val,
+ &monitor_sent[ i ].rdn.bv_val[ STRLENOF( "cn=" ) ],
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_sent_init: "
+ "unable to create entry \"%s,%s\"\n",
+ monitor_sent[ i ].rdn.bv_val,
+ ms->mss_ndn.bv_val, 0 );
+ return( -1 );
+ }
+
+ /* steal normalized RDN */
+ dnRdn( &e->e_nname, &nrdn );
+ ber_dupbv( &monitor_sent[ i ].nrdn, &nrdn );
+
+ BER_BVSTR( &bv, "0" );
+ attr_merge_one( e, mi->mi_ad_monitorCounter, &bv, &bv );
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = ms;
+ mp->mp_flags = ms->mss_flags \
+ | MONITOR_F_SUB | MONITOR_F_PERSISTENT;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_sent_init: "
+ "unable to add entry \"%s,%s\"\n",
+ monitor_sent[ i ].rdn.bv_val,
+ ms->mss_ndn.bv_val, 0 );
+ return( -1 );
+ }
+
+ *ep = e;
+ ep = &mp->mp_next;
+ }
+
+ monitor_cache_release( mi, e_sent );
+
+ return( 0 );
+}
+
+static int
+monitor_subsys_sent_destroy(
+ BackendDB *be,
+ monitor_subsys_t *ms )
+{
+ int i;
+
+ for ( i = 0; i < MONITOR_SENT_LAST; i++ ) {
+ if ( !BER_BVISNULL( &monitor_sent[ i ].nrdn ) ) {
+ ch_free( monitor_sent[ i ].nrdn.bv_val );
+ }
+ }
+
+ return 0;
+}
+
+static int
+monitor_subsys_sent_update(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e )
+{
+ monitor_info_t *mi = ( monitor_info_t *)op->o_bd->be_private;
+
+ struct berval nrdn;
+ ldap_pvt_mp_t n;
+ Attribute *a;
+ int i;
+
+ assert( mi != NULL );
+ assert( e != NULL );
+
+ dnRdn( &e->e_nname, &nrdn );
+
+ for ( i = 0; i < MONITOR_SENT_LAST; i++ ) {
+ if ( dn_match( &nrdn, &monitor_sent[ i ].nrdn ) ) {
+ break;
+ }
+ }
+
+ if ( i == MONITOR_SENT_LAST ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ ldap_pvt_thread_mutex_lock(&slap_counters.sc_sent_mutex);
+ switch ( i ) {
+ case MONITOR_SENT_ENTRIES:
+ ldap_pvt_mp_init_set( n, slap_counters.sc_entries );
+ break;
+
+ case MONITOR_SENT_REFERRALS:
+ ldap_pvt_mp_init_set( n, slap_counters.sc_refs );
+ break;
+
+ case MONITOR_SENT_PDU:
+ ldap_pvt_mp_init_set( n, slap_counters.sc_pdu );
+ break;
+
+ case MONITOR_SENT_BYTES:
+ ldap_pvt_mp_init_set( n, slap_counters.sc_bytes );
+ break;
+
+ default:
+ assert(0);
+ }
+ ldap_pvt_thread_mutex_unlock(&slap_counters.sc_sent_mutex);
+
+ a = attr_find( e->e_attrs, mi->mi_ad_monitorCounter );
+ assert( a != NULL );
+
+ /* NOTE: no minus sign is allowed in the counters... */
+ UI2BV( &a->a_vals[ 0 ], n );
+ ldap_pvt_mp_clear( n );
+
+ /* FIXME: touch modifyTimestamp? */
+
+ return SLAP_CB_CONTINUE;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/thread.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/thread.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/thread.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,299 @@
+/* thread.c - deal with thread subsystem */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/thread.c,v 1.29.2.6 2007/01/02 21:44:05 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-monitor.h"
+
+#include <ldap_rq.h>
+
+static int
+monitor_subsys_thread_update(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e );
+
+/*
+ * initializes log subentry
+ */
+int
+monitor_subsys_thread_init(
+ BackendDB *be,
+ monitor_subsys_t *ms
+)
+{
+ monitor_info_t *mi;
+ monitor_entry_t *mp;
+ Entry *e, **ep, *e_thread;
+ static char buf[ BACKMONITOR_BUFSIZE ];
+
+ ms->mss_update = monitor_subsys_thread_update;
+
+ mi = ( monitor_info_t * )be->be_private;
+
+ if ( monitor_cache_get( mi, &ms->mss_ndn, &e_thread ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_thread_init: unable to get entry \"%s\"\n",
+ ms->mss_ndn.bv_val,
+ 0, 0 );
+ return( -1 );
+ }
+
+ mp = ( monitor_entry_t * )e_thread->e_private;
+ mp->mp_children = NULL;
+ ep = &mp->mp_children;
+
+ /*
+ * Max
+ */
+ snprintf( buf, sizeof( buf ),
+ "dn: cn=Max,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: Max\n"
+ "%s: %d\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ ms->mss_dn.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ mi->mi_ad_monitoredInfo->ad_cname.bv_val,
+ connection_pool_max,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_thread_init: "
+ "unable to create entry \"cn=Max,%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = ms;
+ mp->mp_flags = ms->mss_flags \
+ | MONITOR_F_SUB | MONITOR_F_PERSISTENT;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_thread_init: "
+ "unable to add entry \"cn=Max,%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ *ep = e;
+ ep = &mp->mp_next;
+
+ /*
+ * Backload
+ */
+ snprintf( buf, sizeof( buf ),
+ "dn: cn=Backload,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: Backload\n"
+ "%s: 0\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ ms->mss_dn.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ mi->mi_ad_monitoredInfo->ad_cname.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_thread_init: "
+ "unable to create entry \"cn=Backload,%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = ms;
+ mp->mp_flags = ms->mss_flags \
+ | MONITOR_F_SUB | MONITOR_F_PERSISTENT;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_thread_init: "
+ "unable to add entry \"cn=Backload,%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ *ep = e;
+ ep = &mp->mp_next;
+
+ /*
+ * Runqueue runners
+ */
+ snprintf( buf, sizeof( buf ),
+ "dn: cn=Runqueue,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: Runqueue\n"
+ "%s: 0\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ ms->mss_dn.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ mi->mi_ad_monitoredInfo->ad_cname.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_thread_init: "
+ "unable to create entry \"cn=Runqueue,%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = ms;
+ mp->mp_flags = ms->mss_flags \
+ | MONITOR_F_SUB | MONITOR_F_PERSISTENT;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_thread_init: "
+ "unable to add entry \"cn=Runqueue,%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ *ep = e;
+ ep = &mp->mp_next;
+
+ monitor_cache_release( mi, e_thread );
+
+ return( 0 );
+}
+
+static int
+monitor_subsys_thread_update(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e )
+{
+ monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
+ Attribute *a;
+ char buf[ BACKMONITOR_BUFSIZE ];
+ static struct berval backload_bv = BER_BVC( "cn=backload" );
+ static struct berval runqueue_bv = BER_BVC( "cn=runqueue" );
+ struct berval rdn, bv;
+ ber_len_t len;
+ int which = 0, i;
+ struct re_s *re;
+
+ assert( mi != NULL );
+
+ dnRdn( &e->e_nname, &rdn );
+ if ( dn_match( &rdn, &backload_bv ) ) {
+ which = 1;
+
+ } else if ( dn_match( &rdn, &runqueue_bv ) ) {
+ which = 2;
+
+ } else {
+ return SLAP_CB_CONTINUE;
+ }
+
+ a = attr_find( e->e_attrs, mi->mi_ad_monitoredInfo );
+ if ( a == NULL ) {
+ return rs->sr_err = LDAP_OTHER;
+ }
+
+ switch ( which ) {
+ case 1:
+ snprintf( buf, sizeof( buf ), "%d",
+ ldap_pvt_thread_pool_backload( &connection_pool ) );
+ len = strlen( buf );
+ if ( len > a->a_vals[ 0 ].bv_len ) {
+ a->a_vals[ 0 ].bv_val = ber_memrealloc( a->a_vals[ 0 ].bv_val, len + 1 );
+ }
+ a->a_vals[ 0 ].bv_len = len;
+ AC_MEMCPY( a->a_vals[ 0 ].bv_val, buf, len + 1 );
+ break;
+
+ case 2:
+ for ( i = 0; !BER_BVISNULL( &a->a_vals[ i ] ); i++ ) {
+ ch_free( a->a_vals[i].bv_val );
+ BER_BVZERO( &a->a_vals[ i ] );
+ }
+ bv.bv_val = buf;
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ LDAP_STAILQ_FOREACH( re, &slapd_rq.run_list, rnext ) {
+ bv.bv_len = snprintf( buf, sizeof( buf ), "%s(%s)",
+ re->tname, re->tspec );
+ value_add_one( &a->a_vals, &bv );
+ }
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+
+ /* don't leave 'round attributes with no values */
+ if ( BER_BVISNULL( &a->a_vals[ 0 ] ) ) {
+ BER_BVSTR( &bv, "()" );
+ value_add_one( &a->a_vals, &bv );
+ }
+ break;
+ }
+
+ /* FIXME: touch modifyTimestamp? */
+
+ return SLAP_CB_CONTINUE;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/time.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/time.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-monitor/time.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,240 @@
+/* time.c - deal with time subsystem */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/time.c,v 1.29.2.5 2007/01/02 21:44:05 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+
+#include "slap.h"
+#include <lutil.h>
+#include "proto-slap.h"
+#include "back-monitor.h"
+
+static int
+monitor_subsys_time_update(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e );
+
+int
+monitor_subsys_time_init(
+ BackendDB *be,
+ monitor_subsys_t *ms )
+{
+ monitor_info_t *mi;
+
+ Entry *e, **ep, *e_time;
+ monitor_entry_t *mp;
+ char buf[ BACKMONITOR_BUFSIZE ];
+
+ assert( be != NULL );
+
+ ms->mss_update = monitor_subsys_time_update;
+
+ mi = ( monitor_info_t * )be->be_private;
+
+ if ( monitor_cache_get( mi,
+ &ms->mss_ndn, &e_time ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_time_init: "
+ "unable to get entry \"%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ mp = ( monitor_entry_t * )e_time->e_private;
+ mp->mp_children = NULL;
+ ep = &mp->mp_children;
+
+ snprintf( buf, sizeof( buf ),
+ "dn: cn=Start,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: Start\n"
+ "%s: %s\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ ms->mss_dn.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ mi->mi_ad_monitorTimestamp->ad_cname.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_time_init: "
+ "unable to create entry \"cn=Start,%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = ms;
+ mp->mp_flags = ms->mss_flags \
+ | MONITOR_F_SUB | MONITOR_F_PERSISTENT;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_time_init: "
+ "unable to add entry \"cn=Start,%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ *ep = e;
+ ep = &mp->mp_next;
+
+ /*
+ * Current
+ */
+ snprintf( buf, sizeof( buf ),
+ "dn: cn=Current,%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: Current\n"
+ "%s: %s\n"
+ "creatorsName: %s\n"
+ "modifiersName: %s\n"
+ "createTimestamp: %s\n"
+ "modifyTimestamp: %s\n",
+ ms->mss_dn.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ mi->mi_oc_monitoredObject->soc_cname.bv_val,
+ mi->mi_ad_monitorTimestamp->ad_cname.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_creatorsName.bv_val,
+ mi->mi_startTime.bv_val,
+ mi->mi_startTime.bv_val );
+
+ e = str2entry( buf );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_time_init: "
+ "unable to create entry \"cn=Current,%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ mp = monitor_entrypriv_create();
+ if ( mp == NULL ) {
+ return -1;
+ }
+ e->e_private = ( void * )mp;
+ mp->mp_info = ms;
+ mp->mp_flags = ms->mss_flags \
+ | MONITOR_F_SUB | MONITOR_F_PERSISTENT;
+
+ if ( monitor_cache_add( mi, e ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "monitor_subsys_time_init: "
+ "unable to add entry \"cn=Current,%s\"\n",
+ ms->mss_ndn.bv_val, 0, 0 );
+ return( -1 );
+ }
+
+ *ep = e;
+ ep = &mp->mp_next;
+
+ monitor_cache_release( mi, e_time );
+
+ return( 0 );
+}
+
+static int
+monitor_subsys_time_update(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e )
+{
+ monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
+ static struct berval bv_current = BER_BVC( "cn=current" );
+ struct berval rdn;
+
+ assert( mi != NULL );
+ assert( e != NULL );
+
+ dnRdn( &e->e_nname, &rdn );
+
+ if ( dn_match( &rdn, &bv_current ) ) {
+ struct tm *tm;
+#ifdef HAVE_GMTIME_R
+ struct tm tm_buf;
+#endif
+ char tmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+ Attribute *a;
+ ber_len_t len;
+ time_t currtime;
+
+ currtime = slap_get_time();
+
+#ifndef HAVE_GMTIME_R
+ ldap_pvt_thread_mutex_lock( &gmtime_mutex );
+#endif
+#ifdef HACK_LOCAL_TIME
+# ifdef HAVE_LOCALTIME_R
+ tm = localtime_r( &currtime, &tm_buf );
+# else
+ tm = localtime( &currtime );
+# endif /* HAVE_LOCALTIME_R */
+ lutil_localtime( tmbuf, sizeof( tmbuf ), tm, -timezone );
+#else /* !HACK_LOCAL_TIME */
+# ifdef HAVE_GMTIME_R
+ tm = gmtime_r( &currtime, &tm_buf );
+# else
+ tm = gmtime( &currtime );
+# endif /* HAVE_GMTIME_R */
+ lutil_gentime( tmbuf, sizeof( tmbuf ), tm );
+#endif /* !HACK_LOCAL_TIME */
+#ifndef HAVE_GMTIME_R
+ ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
+#endif
+
+ len = strlen( tmbuf );
+
+ a = attr_find( e->e_attrs, mi->mi_ad_monitorTimestamp );
+ if ( a == NULL ) {
+ return rs->sr_err = LDAP_OTHER;
+ }
+
+ assert( len == a->a_vals[ 0 ].bv_len );
+ AC_MEMCPY( a->a_vals[ 0 ].bv_val, tmbuf, len );
+
+ /* FIXME: touch modifyTimestamp? */
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-null/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-null/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-null/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,41 @@
+# Makefile.in for back-null
+# $OpenLDAP: pkg/ldap/servers/slapd/back-null/Makefile.in,v 1.7.2.3 2007/01/02 21:44:05 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SRCS = null.c
+OBJS = null.lo
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-null"
+BUILD_MOD = @BUILD_NULL@
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(@BUILD_NULL at _DEFS)
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+
+LIBBASE = back_null
+
+XINCPATH = -I.. -I$(srcdir)/..
+XDEFS = $(MODULES_CPPFLAGS)
+
+all-local-lib: ../.backend
+
+../.backend: lib$(LIBBASE).a
+ @touch $@
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-null/README
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-null/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-null/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1 @@
+The Null Backend is described in the slapd-null(5) manual page.
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-null/null.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-null/null.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-null/null.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,212 @@
+/* null.c - the null backend */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-null/null.c,v 1.12.2.5 2007/01/02 21:44:05 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2002-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by Hallvard Furuseth for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+
+struct null_info {
+ int ni_bind_allowed;
+ ID ni_nextid;
+};
+
+
+/* LDAP operations */
+
+static int
+null_back_bind( Operation *op, SlapReply *rs )
+{
+ struct null_info *ni = (struct null_info *) op->o_bd->be_private;
+
+ if ( ni->ni_bind_allowed ) {
+ /* front end will send result on success (0) */
+ return LDAP_SUCCESS;
+ }
+
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ send_ldap_result( op, rs );
+
+ return rs->sr_err;
+}
+
+/* add, delete, modify, modrdn, search */
+static int
+null_back_success( Operation *op, SlapReply *rs )
+{
+ rs->sr_err = LDAP_SUCCESS;
+ send_ldap_result( op, rs );
+ return 0;
+}
+
+/* compare */
+static int
+null_back_false( Operation *op, SlapReply *rs )
+{
+ rs->sr_err = LDAP_COMPARE_FALSE;
+ send_ldap_result( op, rs );
+ return 0;
+}
+
+
+/* Slap tools */
+
+static int
+null_tool_entry_open( BackendDB *be, int mode )
+{
+ return 0;
+}
+
+static int
+null_tool_entry_close( BackendDB *be )
+{
+ assert( be != NULL );
+ return 0;
+}
+
+static ID
+null_tool_entry_next( BackendDB *be )
+{
+ return NOID;
+}
+
+static Entry *
+null_tool_entry_get( BackendDB *be, ID id )
+{
+ assert( slapMode & SLAP_TOOL_MODE );
+ return NULL;
+}
+
+static ID
+null_tool_entry_put( BackendDB *be, Entry *e, struct berval *text )
+{
+ assert( slapMode & SLAP_TOOL_MODE );
+ assert( text != NULL );
+ assert( text->bv_val != NULL );
+ assert( text->bv_val[0] == '\0' ); /* overconservative? */
+
+ e->e_id = ((struct null_info *) be->be_private)->ni_nextid++;
+ return e->e_id;
+}
+
+
+/* Setup */
+
+static int
+null_back_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+ struct null_info *ni = (struct null_info *) be->be_private;
+
+ if ( ni == NULL ) {
+ fprintf( stderr, "%s: line %d: null database info is null!\n",
+ fname, lineno );
+ return 1;
+ }
+
+ /* bind requests allowed */
+ if ( strcasecmp( argv[0], "bind" ) == 0 ) {
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing <on/off> in \"bind <on/off>\" line\n",
+ fname, lineno );
+ return 1;
+ }
+ ni->ni_bind_allowed = strcasecmp( argv[1], "off" );
+
+ /* anything else */
+ } else {
+ return SLAP_CONF_UNKNOWN;
+ }
+
+ return 0;
+}
+
+static int
+null_back_db_init( BackendDB *be )
+{
+ struct null_info *ni = ch_calloc( 1, sizeof(struct null_info) );
+ ni->ni_bind_allowed = 0;
+ ni->ni_nextid = 1;
+ be->be_private = ni;
+ return 0;
+}
+
+static int
+null_back_db_destroy( Backend *be )
+{
+ free( be->be_private );
+ return 0;
+}
+
+
+int
+null_back_initialize( BackendInfo *bi )
+{
+ bi->bi_open = 0;
+ bi->bi_close = 0;
+ bi->bi_config = 0;
+ bi->bi_destroy = 0;
+
+ bi->bi_db_init = null_back_db_init;
+ bi->bi_db_config = null_back_db_config;
+ bi->bi_db_open = 0;
+ bi->bi_db_close = 0;
+ bi->bi_db_destroy = null_back_db_destroy;
+
+ bi->bi_op_bind = null_back_bind;
+ bi->bi_op_unbind = 0;
+ bi->bi_op_search = null_back_success;
+ bi->bi_op_compare = null_back_false;
+ bi->bi_op_modify = null_back_success;
+ bi->bi_op_modrdn = null_back_success;
+ bi->bi_op_add = null_back_success;
+ bi->bi_op_delete = null_back_success;
+ bi->bi_op_abandon = 0;
+
+ bi->bi_extended = 0;
+
+ bi->bi_chk_referrals = 0;
+
+ bi->bi_connection_init = 0;
+ bi->bi_connection_destroy = 0;
+
+ bi->bi_tool_entry_open = null_tool_entry_open;
+ bi->bi_tool_entry_close = null_tool_entry_close;
+ bi->bi_tool_entry_first = null_tool_entry_next;
+ bi->bi_tool_entry_next = null_tool_entry_next;
+ bi->bi_tool_entry_get = null_tool_entry_get;
+ bi->bi_tool_entry_put = null_tool_entry_put;
+
+ return 0;
+}
+
+#if SLAPD_NULL == SLAPD_MOD_DYNAMIC
+
+/* conditionally define the init_module() function */
+SLAP_BACKEND_INIT_MODULE( null )
+
+#endif /* SLAPD_NULL == SLAPD_MOD_DYNAMIC */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,41 @@
+# Makefile.in for back-passwd
+# $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/Makefile.in,v 1.18.2.3 2007/01/02 21:44:05 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SRCS = search.c config.c init.c
+OBJS = search.lo config.lo init.lo
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-passwd"
+BUILD_MOD = @BUILD_PASSWD@
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(@BUILD_PASSWD at _DEFS)
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+
+LIBBASE = back_passwd
+
+XINCPATH = -I.. -I$(srcdir)/..
+XDEFS = $(MODULES_CPPFLAGS)
+
+all-local-lib: ../.backend
+
+../.backend: lib$(LIBBASE).a
+ @touch $@
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/back-passwd.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/back-passwd.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/back-passwd.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,33 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/back-passwd.h,v 1.5.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _BACK_PASSWD_H
+#define _BACK_PASSWD_H
+
+#include "proto-passwd.h"
+
+LDAP_BEGIN_DECL
+
+extern ldap_pvt_thread_mutex_t passwd_mutex;
+
+extern BI_destroy passwd_back_destroy;
+
+extern BI_db_config passwd_back_db_config;
+
+extern BI_op_search passwd_back_search;
+
+LDAP_END_DECL
+
+#endif /* _BACK_PASSWD_H */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/config.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/config.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/config.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,73 @@
+/* config.c - passwd backend configuration file routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/config.c,v 1.12.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "slap.h"
+#include "back-passwd.h"
+
+int
+passwd_back_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ /* alternate passwd file */
+ if ( strcasecmp( argv[0], "file" ) == 0 ) {
+#ifdef HAVE_SETPWFILE
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing filename in \"file <filename>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+ be->be_private = ch_strdup( argv[1] );
+#else /* HAVE_SETPWFILE */
+ fprintf( stderr,
+ "%s: line %d: ignoring \"file\" option (not supported on this platform)\n",
+ fname, lineno );
+#endif /* HAVE_SETPWFILE */
+
+ /* anything else */
+ } else {
+ return SLAP_CONF_UNKNOWN;
+ }
+
+ return( 0 );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/init.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/init.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/init.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,110 @@
+/* init.c - initialize passwd backend */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/init.c,v 1.29.2.4 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-passwd.h"
+
+ldap_pvt_thread_mutex_t passwd_mutex;
+
+AttributeDescription *ad_sn;
+AttributeDescription *ad_desc;
+
+int
+passwd_back_initialize(
+ BackendInfo *bi
+)
+{
+ ldap_pvt_thread_mutex_init( &passwd_mutex );
+
+ bi->bi_open = passwd_back_open;
+ bi->bi_config = 0;
+ bi->bi_close = 0;
+ bi->bi_destroy = passwd_back_destroy;
+
+ bi->bi_db_init = 0;
+ bi->bi_db_config = passwd_back_db_config;
+ bi->bi_db_open = 0;
+ bi->bi_db_close = 0;
+ bi->bi_db_destroy = 0;
+
+ bi->bi_op_bind = 0;
+ bi->bi_op_unbind = 0;
+ bi->bi_op_search = passwd_back_search;
+ bi->bi_op_compare = 0;
+ bi->bi_op_modify = 0;
+ bi->bi_op_modrdn = 0;
+ bi->bi_op_add = 0;
+ bi->bi_op_delete = 0;
+ bi->bi_op_abandon = 0;
+
+ bi->bi_extended = 0;
+
+ bi->bi_chk_referrals = 0;
+
+ bi->bi_connection_init = 0;
+ bi->bi_connection_destroy = 0;
+
+ return 0;
+}
+
+int
+passwd_back_open(
+ BackendInfo *bi
+)
+{
+ const char *text;
+ int rc;
+
+ rc = slap_str2ad( "sn", &ad_sn, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "passwd_back_open: "
+ "slap_str2ad(\"%s\") returned %d: %s\n",
+ "sn", rc, text );
+ return -1;
+ }
+ rc = slap_str2ad( "description", &ad_desc, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "passwd_back_open: "
+ "slap_str2ad(\"%s\") returned %d: %s\n",
+ "description", rc, text );
+ return -1;
+ }
+
+ return 0;
+}
+
+int
+passwd_back_destroy(
+ BackendInfo *bi
+)
+{
+ ldap_pvt_thread_mutex_destroy( &passwd_mutex );
+ return 0;
+}
+
+#if SLAPD_PASSWD == SLAPD_MOD_DYNAMIC
+
+/* conditionally define the init_module() function */
+SLAP_BACKEND_INIT_MODULE( passwd )
+
+#endif /* SLAPD_PASSWD == SLAPD_MOD_DYNAMIC */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/proto-passwd.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/proto-passwd.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/proto-passwd.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,31 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/proto-passwd.h,v 1.2.2.4 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef PROTO_PASSWD_H
+#define PROTO_PASSWD_H
+
+LDAP_BEGIN_DECL
+
+extern BI_init passwd_back_initialize;
+extern BI_open passwd_back_open;
+extern BI_destroy passwd_back_destroy;
+extern BI_db_config passwd_back_db_config;
+extern BI_op_search passwd_back_search;
+
+extern AttributeDescription *ad_sn;
+extern AttributeDescription *ad_desc;
+LDAP_END_DECL
+
+#endif /* PROTO_PASSWD_H */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/search.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/search.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-passwd/search.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,358 @@
+/* search.c - /etc/passwd backend search function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/search.c,v 1.70.2.7 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP). Additional significant contributors
+ * include:
+ * Hallvard B. Furuseth
+ * Howard Chu
+ * Kurt D. Zeilenga
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include <pwd.h>
+
+#include "slap.h"
+#include "back-passwd.h"
+
+static void pw_start( Backend *be );
+
+static int pw2entry(
+ Backend *be,
+ struct passwd *pw,
+ Entry *ep );
+
+int
+passwd_back_search(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct passwd *pw;
+ time_t stoptime = (time_t)-1;
+
+ LDAPRDN rdn = NULL;
+ struct berval parent = BER_BVNULL;
+
+ AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
+
+ if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
+ stoptime = op->o_time + op->ors_tlimit;
+ }
+
+ /* Handle a query for the base of this backend */
+ if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
+ struct berval val;
+
+ rs->sr_matched = op->o_req_dn.bv_val;
+
+ if( op->ors_scope != LDAP_SCOPE_ONELEVEL ) {
+ AttributeDescription *desc = NULL;
+ char *next;
+ Entry e = { 0 };
+
+ /* Create an entry corresponding to the base DN */
+ e.e_name.bv_val = ch_strdup( op->o_req_dn.bv_val );
+ e.e_name.bv_len = op->o_req_dn.bv_len;
+ e.e_nname.bv_val = ch_strdup( op->o_req_ndn.bv_val );
+ e.e_nname.bv_len = op->o_req_ndn.bv_len;
+
+ /* Use the first attribute of the DN
+ * as an attribute within the entry itself.
+ */
+ if( ldap_bv2rdn( &op->o_req_dn, &rdn, &next,
+ LDAP_DN_FORMAT_LDAP ) )
+ {
+ rs->sr_err = LDAP_INVALID_DN_SYNTAX;
+ goto done;
+ }
+
+ if( slap_bv2ad( &rdn[0]->la_attr, &desc, &rs->sr_text )) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ ldap_rdnfree(rdn);
+ goto done;
+ }
+
+ attr_merge_normalize_one( &e, desc, &rdn[0]->la_value, NULL );
+
+ ldap_rdnfree(rdn);
+ rdn = NULL;
+
+ /* Every entry needs an objectclass. We don't really
+ * know if our hardcoded choice here agrees with the
+ * DN that was configured for this backend, but it's
+ * better than nothing.
+ *
+ * should be a configuratable item
+ */
+ BER_BVSTR( &val, "organizationalUnit" );
+ attr_merge_one( &e, ad_objectClass, &val, NULL );
+
+ if ( test_filter( op, &e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
+ rs->sr_entry = &e;
+ rs->sr_attrs = op->ors_attrs;
+ rs->sr_flags = REP_ENTRY_MODIFIABLE;
+ send_search_entry( op, rs );
+ }
+
+ entry_clean( &e );
+ }
+
+ if ( op->ors_scope != LDAP_SCOPE_BASE ) {
+ /* check all our "children" */
+
+ ldap_pvt_thread_mutex_lock( &passwd_mutex );
+ pw_start( op->o_bd );
+ for ( pw = getpwent(); pw != NULL; pw = getpwent() ) {
+ Entry e = { 0 };
+
+ /* check for abandon */
+ if ( op->o_abandon ) {
+ endpwent();
+ ldap_pvt_thread_mutex_unlock( &passwd_mutex );
+ return( SLAPD_ABANDON );
+ }
+
+ /* check time limit */
+ if ( op->ors_tlimit != SLAP_NO_LIMIT
+ && slap_get_time() > stoptime )
+ {
+ send_ldap_error( op, rs, LDAP_TIMELIMIT_EXCEEDED, NULL );
+ endpwent();
+ ldap_pvt_thread_mutex_unlock( &passwd_mutex );
+ return( 0 );
+ }
+
+ if ( pw2entry( op->o_bd, pw, &e ) ) {
+ rs->sr_err = LDAP_OTHER;
+ endpwent();
+ ldap_pvt_thread_mutex_unlock( &passwd_mutex );
+ goto done;
+ }
+
+ if ( test_filter( op, &e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
+ /* check size limit */
+ if ( --op->ors_slimit == -1 ) {
+ send_ldap_error( op, rs, LDAP_SIZELIMIT_EXCEEDED, NULL );
+ endpwent();
+ ldap_pvt_thread_mutex_unlock( &passwd_mutex );
+ return( 0 );
+ }
+
+ rs->sr_entry = &e;
+ rs->sr_attrs = op->ors_attrs;
+ rs->sr_flags = REP_ENTRY_MODIFIABLE;
+ send_search_entry( op, rs );
+ }
+
+ entry_clean( &e );
+ }
+ endpwent();
+ ldap_pvt_thread_mutex_unlock( &passwd_mutex );
+ }
+
+ } else {
+ char *next;
+ Entry e = { 0 };
+ int rc;
+
+ if (! be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
+ dnParent( &op->o_req_ndn, &parent );
+ }
+
+ /* This backend is only one layer deep. Don't answer requests for
+ * anything deeper than that.
+ */
+ if( !be_issuffix( op->o_bd, &parent ) ) {
+ int i;
+ for( i=0; op->o_bd->be_nsuffix[i].bv_val != NULL; i++ ) {
+ if( dnIsSuffix( &op->o_req_ndn, &op->o_bd->be_nsuffix[i] ) ) {
+ rs->sr_matched = op->o_bd->be_suffix[i].bv_val;
+ break;
+ }
+ }
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ goto done;
+ }
+
+ if( op->ors_scope == LDAP_SCOPE_ONELEVEL ) {
+ goto done;
+ }
+
+ if ( ldap_bv2rdn( &op->o_req_dn, &rdn, &next,
+ LDAP_DN_FORMAT_LDAP ))
+ {
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+
+ ldap_pvt_thread_mutex_lock( &passwd_mutex );
+ pw_start( op->o_bd );
+ pw = getpwnam( rdn[0]->la_value.bv_val );
+ if ( pw == NULL ) {
+ rs->sr_matched = parent.bv_val;
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ ldap_pvt_thread_mutex_unlock( &passwd_mutex );
+ goto done;
+ }
+
+ rc = pw2entry( op->o_bd, pw, &e );
+ ldap_pvt_thread_mutex_unlock( &passwd_mutex );
+ if ( rc ) {
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+
+ if ( test_filter( op, &e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
+ rs->sr_entry = &e;
+ rs->sr_attrs = op->ors_attrs;
+ rs->sr_flags = REP_ENTRY_MODIFIABLE;
+ send_search_entry( op, rs );
+ }
+
+ entry_clean( &e );
+ }
+
+done:
+ if( rs->sr_err != LDAP_NO_SUCH_OBJECT ) rs->sr_matched = NULL;
+ send_ldap_result( op, rs );
+
+ if( rdn != NULL ) ldap_rdnfree( rdn );
+
+ return( 0 );
+}
+
+static void
+pw_start(
+ Backend *be
+)
+{
+ endpwent();
+
+#ifdef HAVE_SETPWFILE
+ if ( be->be_private != NULL ) {
+ (void) setpwfile( (char *) be->be_private );
+ }
+#endif /* HAVE_SETPWFILE */
+}
+
+static int
+pw2entry( Backend *be, struct passwd *pw, Entry *e )
+{
+ size_t pwlen;
+ struct berval val;
+ struct berval bv;
+
+ int rc;
+
+ /*
+ * from pw we get pw_name and make it cn
+ * give it an objectclass of person.
+ */
+
+ pwlen = strlen( pw->pw_name );
+ val.bv_len = STRLENOF("uid=,") + ( pwlen + be->be_suffix[0].bv_len );
+ val.bv_val = ch_malloc( val.bv_len + 1 );
+
+ /* rdn attribute type should be a configuratable item */
+ sprintf( val.bv_val, "uid=%s,%s",
+ pw->pw_name, be->be_suffix[0].bv_val );
+
+ rc = dnNormalize( 0, NULL, NULL, &val, &bv, NULL );
+ if( rc != LDAP_SUCCESS ) {
+ free( val.bv_val );
+ return( -1 );
+ }
+
+ e->e_name = val;
+ e->e_nname = bv;
+
+ e->e_attrs = NULL;
+
+ /* objectclasses should be configurable items */
+ BER_BVSTR( &val, "person" );
+ attr_merge_one( e, slap_schema.si_ad_objectClass, &val, NULL );
+
+ BER_BVSTR( &val, "uidObject" );
+ attr_merge_one( e, slap_schema.si_ad_objectClass, &val, NULL );
+
+ val.bv_val = pw->pw_name;
+ val.bv_len = pwlen;
+ attr_merge_normalize_one( e, slap_schema.si_ad_uid, &val, NULL ); /* required by uidObject */
+ attr_merge_normalize_one( e, slap_schema.si_ad_cn, &val, NULL ); /* required by person */
+ attr_merge_normalize_one( e, ad_sn, &val, NULL ); /* required by person */
+
+#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
+ /*
+ * if gecos is present, add it as a cn. first process it
+ * according to standard BSD usage. If the processed cn has
+ * a space, use the tail as the surname.
+ */
+ if (pw->pw_gecos[0]) {
+ char *s;
+
+ ber_str2bv( pw->pw_gecos, 0, 0, &val );
+ attr_merge_normalize_one( e, ad_desc, &val, NULL );
+
+ s = ber_bvchr( &val, ',' );
+ if ( s ) *s = '\0';
+
+ s = ber_bvchr( &val, '&' );
+ if ( s ) {
+ char buf[1024];
+
+ if( val.bv_len + pwlen < sizeof(buf) ) {
+ int i = s - val.bv_val;
+ strncpy( buf, val.bv_val, i );
+ s = buf + i;
+ strcpy( s, pw->pw_name );
+ *s = TOUPPER((unsigned char)*s);
+ strcat( s, val.bv_val + i + 1 );
+ val.bv_val = buf;
+ }
+ }
+ val.bv_len = strlen( val.bv_val );
+
+ if ( val.bv_len && strcasecmp( val.bv_val, pw->pw_name ) ) {
+ attr_merge_normalize_one( e, slap_schema.si_ad_cn, &val, NULL );
+ }
+
+ if ( ( s = strrchr(val.bv_val, ' ' ) ) ) {
+ ber_str2bv( s + 1, 0, 0, &val );
+ attr_merge_normalize_one( e, ad_sn, &val, NULL );
+ }
+ }
+#endif /* HAVE_STRUCT_PASSWD_PW_GECOS */
+
+ return( 0 );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,46 @@
+# Makefile.in for back-perl
+# $OpenLDAP: pkg/ldap/servers/slapd/back-perl/Makefile.in,v 1.18.2.3 2007/01/02 21:44:06 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## Portions Copyright 1999 John C. Quillan.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SRCS = init.c search.c close.c config.c bind.c compare.c \
+ modify.c add.c modrdn.c delete.c
+OBJS = init.lo search.lo close.lo config.lo bind.lo compare.lo \
+ modify.lo add.lo modrdn.lo delete.lo
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-perl"
+BUILD_MOD = @BUILD_PERL@
+PERL_CPPFLAGS = @PERL_CPPFLAGS@
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(@BUILD_PERL at _DEFS)
+MOD_LIBS = @MOD_PERL_LDFLAGS@
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+
+LIBBASE = back_perl
+
+XINCPATH = -I.. -I$(srcdir)/..
+XDEFS = $(PERL_CPPFLAGS) $(MODULES_CPPFLAGS)
+
+all-local-lib: ../.backend
+
+../.backend: lib$(LIBBASE).a
+ @touch $@
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/README
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,24 @@
+Differences from 2.0 Perl API:
+
+- Perl 5.6 is supported
+
+- backend methods return actual LDAP result codes, not
+ true/false; this gives the Perl module finer control
+ of the error returned to the client
+
+- a filterSearchResults configuration file directive was
+ added to tell the backend glue that the results returned
+ from the Perl module are candidates only
+
+- the "init" method is called after the backend has been
+ initialized - this lets you do some initialization after
+ *all* configuration file directives have been read
+
+- the interface for the search method is improved to
+ pass the scope, deferencing policy, size limit, etc.
+ See SampleLDAP.pm for details.
+
+These changes were sponsored by myinternet Limited.
+
+Luke Howard <lukeh at padl.com>
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/SampleLDAP.pm
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/SampleLDAP.pm (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/SampleLDAP.pm 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,170 @@
+# This is a sample Perl module for the OpenLDAP server slapd.
+# $OpenLDAP: pkg/ldap/servers/slapd/back-perl/SampleLDAP.pm,v 1.8.2.3 2007/01/02 21:44:06 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## Portions Copyright 1999 John C. Quillan.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Usage: Add something like this to slapd.conf:
+#
+# database perl
+# suffix "o=AnyOrg,c=US"
+# perlModulePath /path/to/this/file
+# perlModule SampleLDAP
+
+package SampleLDAP;
+
+use POSIX;
+
+sub new
+{
+ my $class = shift;
+
+ my $this = {};
+ bless $this, $class;
+ print STDERR "Here in new\n";
+ print STDERR "Posix Var " . BUFSIZ . " and " . FILENAME_MAX . "\n";
+ return $this;
+}
+
+sub init
+{
+ return 0;
+}
+
+sub search
+{
+ my $this = shift;
+ my($base, $scope, $deref, $sizeLim, $timeLim, $filterStr, $attrOnly, @attrs ) = @_;
+ print STDERR "====$filterStr====\n";
+ $filterStr =~ s/\(|\)//g;
+ $filterStr =~ s/=/: /;
+
+ my @match_dn = ();
+ foreach my $dn ( keys %$this ) {
+ if ( $this->{ $dn } =~ /$filterStr/im ) {
+ push @match_dn, $dn;
+ last if ( scalar @match_dn == $sizeLim );
+
+ }
+ }
+
+ my @match_entries = ();
+
+ foreach my $dn ( @match_dn ) {
+ push @match_entries, $this->{ $dn };
+ }
+
+ return ( 0 , @match_entries );
+
+}
+
+sub compare
+{
+ my $this = shift;
+ my ( $dn, $avaStr ) = @_;
+ my $rc = 5; # LDAP_COMPARE_FALSE
+
+ $avaStr =~ s/=/: /;
+
+ if ( $this->{ $dn } =~ /$avaStr/im ) {
+ $rc = 6; # LDAP_COMPARE_TRUE
+ }
+
+ return $rc;
+}
+
+sub modify
+{
+ my $this = shift;
+
+ my ( $dn, @list ) = @_;
+
+ while ( @list > 0 ) {
+ my $action = shift @list;
+ my $key = shift @list;
+ my $value = shift @list;
+
+ if( $action eq "ADD" ) {
+ $this->{ $dn } .= "$key: $value\n";
+
+ }
+ elsif( $action eq "DELETE" ) {
+ $this->{ $dn } =~ s/^$key:\s*$value\n//mi ;
+
+ }
+ elsif( $action eq "REPLACE" ) {
+ $this->{ $dn } =~ s/$key: .*$/$key: $value/im ;
+ }
+ }
+
+ return 0;
+}
+
+sub add
+{
+ my $this = shift;
+
+ my ( $entryStr ) = @_;
+
+ my ( $dn ) = ( $entryStr =~ /dn:\s(.*)$/m );
+
+ #
+ # This needs to be here until a normalized dn is
+ # passed to this routine.
+ #
+ $dn = uc( $dn );
+ $dn =~ s/\s*//g;
+
+
+ $this->{$dn} = $entryStr;
+
+ return 0;
+}
+
+sub modrdn
+{
+ my $this = shift;
+
+ my ( $dn, $newdn, $delFlag ) = @_;
+
+ $this->{ $newdn } = $this->{ $dn };
+
+ if( $delFlag ) {
+ delete $this->{ $dn };
+ }
+ return 0;
+
+}
+
+sub delete
+{
+ my $this = shift;
+
+ my ( $dn ) = @_;
+
+ print STDERR "XXXXXX $dn XXXXXXX\n";
+ delete $this->{$dn};
+}
+
+sub config
+{
+ my $this = shift;
+
+ my ( @args ) = @_;
+ local $, = " - ";
+ print STDERR @args;
+ print STDERR "\n";
+ return 0;
+}
+
+1;
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/add.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/add.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/add.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,68 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/add.c,v 1.18.2.4 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 John C. Quillan.
+ * Portions Copyright 2002 myinternet Limited.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "perl_back.h"
+
+int
+perl_back_add(
+ Operation *op,
+ SlapReply *rs )
+{
+ PerlBackend *perl_back = (PerlBackend *) op->o_bd->be_private;
+ int len;
+ int count;
+
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
+ ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
+ ldap_pvt_thread_mutex_lock( &entry2str_mutex );
+
+ {
+ dSP; ENTER; SAVETMPS;
+
+ PUSHMARK(sp);
+ XPUSHs( perl_back->pb_obj_ref );
+ XPUSHs(sv_2mortal(newSVpv( entry2str( op->ora_e, &len ), 0 )));
+
+ PUTBACK;
+
+#ifdef PERL_IS_5_6
+ count = call_method("add", G_SCALAR);
+#else
+ count = perl_call_method("add", G_SCALAR);
+#endif
+
+ SPAGAIN;
+
+ if (count != 1) {
+ croak("Big trouble in back_add\n");
+ }
+
+ rs->sr_err = POPi;
+
+ PUTBACK; FREETMPS; LEAVE;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &entry2str_mutex );
+ ldap_pvt_thread_mutex_unlock( &perl_interpreter_mutex );
+
+ send_ldap_result( op, rs );
+
+ Debug( LDAP_DEBUG_ANY, "Perl ADD\n", 0, 0, 0 );
+ return( 0 );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/asperl_undefs.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/asperl_undefs.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/asperl_undefs.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,38 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/asperl_undefs.h,v 1.5.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/* This file is probably obsolete. If it is not, */
+/* #inclusion of it may have to be moved. See ITS#2513. */
+
+/* This file is necessary because both PERL headers */
+/* and OpenLDAP define a number of macros without */
+/* checking wether they're already defined */
+
+#ifndef ASPERL_UNDEFS_H
+#define ASPERL_UNDEFS_H
+
+/* ActiveState Win32 PERL port support */
+/* set in ldap/include/portable.h */
+# ifdef HAVE_WIN32_ASPERL
+/* The following macros are undefined to prevent */
+/* redefinition in PERL headers*/
+# undef gid_t
+# undef uid_t
+# undef mode_t
+# undef caddr_t
+# undef WIN32_LEAN_AND_MEAN
+# endif
+#endif
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/bind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/bind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/bind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,77 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/bind.c,v 1.22.2.4 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 John C. Quillan.
+ * Portions Copyright 2002 myinternet Limited.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "perl_back.h"
+
+
+/**********************************************************
+ *
+ * Bind
+ *
+ **********************************************************/
+int
+perl_back_bind(
+ Operation *op,
+ SlapReply *rs )
+{
+ int count;
+
+ PerlBackend *perl_back = (PerlBackend *) op->o_bd->be_private;
+
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
+
+ ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
+
+ {
+ dSP; ENTER; SAVETMPS;
+
+ PUSHMARK(SP);
+ XPUSHs( perl_back->pb_obj_ref );
+ XPUSHs(sv_2mortal(newSVpv( op->o_req_dn.bv_val , 0)));
+ XPUSHs(sv_2mortal(newSVpv( op->orb_cred.bv_val , op->orb_cred.bv_len)));
+ PUTBACK;
+
+#ifdef PERL_IS_5_6
+ count = call_method("bind", G_SCALAR);
+#else
+ count = perl_call_method("bind", G_SCALAR);
+#endif
+
+ SPAGAIN;
+
+ if (count != 1) {
+ croak("Big trouble in back_bind\n");
+ }
+
+ rs->sr_err = POPi;
+
+
+ PUTBACK; FREETMPS; LEAVE;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &perl_interpreter_mutex );
+
+ Debug( LDAP_DEBUG_ANY, "Perl BIND returned 0x%04x\n", rs->sr_err, 0, 0 );
+
+ /* frontend will send result on success (0) */
+ if( rs->sr_err != LDAP_SUCCESS )
+ send_ldap_result( op, rs );
+
+ return ( rs->sr_err );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/close.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/close.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/close.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,49 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/close.c,v 1.14.2.4 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 John C. Quillan.
+ * Portions Copyright 2002 myinternet Limited.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "perl_back.h"
+
+/**********************************************************
+ *
+ * Close
+ *
+ **********************************************************/
+
+int
+perl_back_close(
+ BackendInfo *bd
+)
+{
+ perl_destruct(PERL_INTERPRETER);
+ perl_free(PERL_INTERPRETER);
+ PERL_INTERPRETER = NULL;
+
+ ldap_pvt_thread_mutex_destroy( &perl_interpreter_mutex );
+
+ return 0;
+}
+
+int
+perl_back_db_destroy(
+ BackendDB *be
+)
+{
+ free( be->be_private );
+ be->be_private = NULL;
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/compare.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/compare.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/compare.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,85 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/compare.c,v 1.23.2.5 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 John C. Quillan.
+ * Portions Copyright 2002 myinternet Limited.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "perl_back.h"
+#include "lutil.h"
+
+/**********************************************************
+ *
+ * Compare
+ *
+ **********************************************************/
+
+int
+perl_back_compare(
+ Operation *op,
+ SlapReply *rs )
+{
+ int count;
+ char *avastr;
+
+ PerlBackend *perl_back = (PerlBackend *)op->o_bd->be_private;
+
+ avastr = ch_malloc( op->orc_ava->aa_desc->ad_cname.bv_len + 1 +
+ op->orc_ava->aa_value.bv_len + 1 );
+
+ lutil_strcopy( lutil_strcopy( lutil_strcopy( avastr,
+ op->orc_ava->aa_desc->ad_cname.bv_val ), "=" ),
+ op->orc_ava->aa_value.bv_val );
+
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
+ ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
+
+ {
+ dSP; ENTER; SAVETMPS;
+
+ PUSHMARK(sp);
+ XPUSHs( perl_back->pb_obj_ref );
+ XPUSHs(sv_2mortal(newSVpv( op->o_req_dn.bv_val , 0)));
+ XPUSHs(sv_2mortal(newSVpv( avastr , 0)));
+ PUTBACK;
+
+#ifdef PERL_IS_5_6
+ count = call_method("compare", G_SCALAR);
+#else
+ count = perl_call_method("compare", G_SCALAR);
+#endif
+
+ SPAGAIN;
+
+ if (count != 1) {
+ croak("Big trouble in back_compare\n");
+ }
+
+ rs->sr_err = POPi;
+
+ PUTBACK; FREETMPS; LEAVE;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &perl_interpreter_mutex );
+
+ ch_free( avastr );
+
+ send_ldap_result( op, rs );
+
+ Debug( LDAP_DEBUG_ANY, "Perl COMPARE\n", 0, 0, 0 );
+
+ return (0);
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/config.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/config.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/config.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,151 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/config.c,v 1.20.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 John C. Quillan.
+ * Portions Copyright 2002 myinternet Limited.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "perl_back.h"
+
+
+/**********************************************************
+ *
+ * Config
+ *
+ **********************************************************/
+int
+perl_back_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ SV* loc_sv;
+ PerlBackend *perl_back = (PerlBackend *) be->be_private;
+ char eval_str[EVAL_BUF_SIZE];
+ int count ;
+ int args;
+ int return_code;
+
+
+ if ( strcasecmp( argv[0], "perlModule" ) == 0 ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s.pm: line %d: missing module in \"perlModule <module>\" line\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+#ifdef PERL_IS_5_6
+ snprintf( eval_str, EVAL_BUF_SIZE, "use %s;", argv[1] );
+ eval_pv( eval_str, 0 );
+
+ if (SvTRUE(ERRSV)) {
+ STRLEN n_a;
+
+ fprintf(stderr , "Error %s\n", SvPV(ERRSV, n_a)) ;
+ }
+#else
+ snprintf( eval_str, EVAL_BUF_SIZE, "%s.pm", argv[1] );
+ perl_require_pv( eval_str );
+
+ if (SvTRUE(GvSV(errgv))) {
+ fprintf(stderr , "Error %s\n", SvPV(GvSV(errgv), na)) ;
+ }
+#endif /* PERL_IS_5_6 */
+ else {
+ dSP; ENTER; SAVETMPS;
+ PUSHMARK(sp);
+ XPUSHs(sv_2mortal(newSVpv(argv[1], 0)));
+ PUTBACK;
+
+#ifdef PERL_IS_5_6
+ count = call_method("new", G_SCALAR);
+#else
+ count = perl_call_method("new", G_SCALAR);
+#endif
+
+ SPAGAIN;
+
+ if (count != 1) {
+ croak("Big trouble in config\n") ;
+ }
+
+ perl_back->pb_obj_ref = newSVsv(POPs);
+
+ PUTBACK; FREETMPS; LEAVE ;
+ }
+
+ } else if ( strcasecmp( argv[0], "perlModulePath" ) == 0 ) {
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing module in \"PerlModulePath <module>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+
+ snprintf( eval_str, EVAL_BUF_SIZE, "push @INC, '%s';", argv[1] );
+#ifdef PERL_IS_5_6
+ loc_sv = eval_pv( eval_str, 0 );
+#else
+ loc_sv = perl_eval_pv( eval_str, 0 );
+#endif
+
+ /* XXX loc_sv return value is ignored. */
+
+ } else if ( strcasecmp( argv[0], "filterSearchResults" ) == 0 ) {
+ perl_back->pb_filter_search_results = 1;
+ } else {
+ return_code = SLAP_CONF_UNKNOWN;
+ /*
+ * Pass it to Perl module if defined
+ */
+
+ {
+ dSP ; ENTER ; SAVETMPS;
+
+ PUSHMARK(sp) ;
+ XPUSHs( perl_back->pb_obj_ref );
+
+ /* Put all arguments on the perl stack */
+ for( args = 0; args < argc; args++ ) {
+ XPUSHs(sv_2mortal(newSVpv(argv[args], 0)));
+ }
+
+ PUTBACK ;
+
+#ifdef PERL_IS_5_6
+ count = call_method("config", G_SCALAR);
+#else
+ count = perl_call_method("config", G_SCALAR);
+#endif
+
+ SPAGAIN ;
+
+ if (count != 1) {
+ croak("Big trouble in config\n") ;
+ }
+
+ return_code = POPi;
+
+ PUTBACK ; FREETMPS ; LEAVE ;
+
+ }
+
+ return return_code;
+ }
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/delete.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/delete.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/delete.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,65 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/delete.c,v 1.18.2.4 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 John C. Quillan.
+ * Portions Copyright 2002 myinternet Limited.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "perl_back.h"
+
+int
+perl_back_delete(
+ Operation *op,
+ SlapReply *rs )
+{
+ PerlBackend *perl_back = (PerlBackend *) op->o_bd->be_private;
+ int count;
+
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
+ ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
+
+ {
+ dSP; ENTER; SAVETMPS;
+
+ PUSHMARK(sp);
+ XPUSHs( perl_back->pb_obj_ref );
+ XPUSHs(sv_2mortal(newSVpv( op->o_req_dn.bv_val , 0 )));
+
+ PUTBACK;
+
+#ifdef PERL_IS_5_6
+ count = call_method("delete", G_SCALAR);
+#else
+ count = perl_call_method("delete", G_SCALAR);
+#endif
+
+ SPAGAIN;
+
+ if (count != 1) {
+ croak("Big trouble in perl-back_delete\n");
+ }
+
+ rs->sr_err = POPi;
+
+ PUTBACK; FREETMPS; LEAVE;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &perl_interpreter_mutex );
+
+ send_ldap_result( op, rs );
+
+ Debug( LDAP_DEBUG_ANY, "Perl DELETE\n", 0, 0, 0 );
+ return( 0 );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/init.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/init.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/init.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,159 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/init.c,v 1.40.2.5 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 John C. Quillan.
+ * Portions Copyright 2002 myinternet Limited.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "perl_back.h"
+
+static void perl_back_xs_init LDAP_P((PERL_BACK_XS_INIT_PARAMS));
+EXT void boot_DynaLoader LDAP_P((PERL_BACK_BOOT_DYNALOADER_PARAMS));
+
+PerlInterpreter *PERL_INTERPRETER = NULL;
+ldap_pvt_thread_mutex_t perl_interpreter_mutex;
+
+
+/**********************************************************
+ *
+ * Init
+ *
+ **********************************************************/
+
+int
+perl_back_initialize(
+ BackendInfo *bi
+)
+{
+ char *embedding[] = { "", "-e", "0" };
+
+ bi->bi_open = NULL;
+ bi->bi_config = 0;
+ bi->bi_close = perl_back_close;
+ bi->bi_destroy = 0;
+
+ bi->bi_db_init = perl_back_db_init;
+ bi->bi_db_config = perl_back_db_config;
+ bi->bi_db_open = perl_back_db_open;
+ bi->bi_db_close = 0;
+ bi->bi_db_destroy = perl_back_db_destroy;
+
+ bi->bi_op_bind = perl_back_bind;
+ bi->bi_op_unbind = 0;
+ bi->bi_op_search = perl_back_search;
+ bi->bi_op_compare = perl_back_compare;
+ bi->bi_op_modify = perl_back_modify;
+ bi->bi_op_modrdn = perl_back_modrdn;
+ bi->bi_op_add = perl_back_add;
+ bi->bi_op_delete = perl_back_delete;
+ bi->bi_op_abandon = 0;
+
+ bi->bi_extended = 0;
+
+ bi->bi_chk_referrals = 0;
+
+ bi->bi_connection_init = 0;
+ bi->bi_connection_destroy = 0;
+
+ /* injecting code from perl_back_open, because using fonction reference (bi->bi_open) is not functional */
+ Debug( LDAP_DEBUG_TRACE, "perl backend open\n", 0, 0, 0 );
+
+ if( PERL_INTERPRETER != NULL ) {
+ Debug( LDAP_DEBUG_ANY, "perl backend open: already opened\n",
+ 0, 0, 0 );
+ return 1;
+ }
+
+ ldap_pvt_thread_mutex_init( &perl_interpreter_mutex );
+
+ PERL_INTERPRETER = perl_alloc();
+ perl_construct(PERL_INTERPRETER);
+ perl_parse(PERL_INTERPRETER, perl_back_xs_init, 3, embedding, (char **)NULL);
+ perl_run(PERL_INTERPRETER);
+ return 0;
+}
+
+int
+perl_back_db_init(
+ BackendDB *be
+)
+{
+ be->be_private = (PerlBackend *) ch_malloc( sizeof(PerlBackend) );
+ memset( be->be_private, '\0', sizeof(PerlBackend));
+
+ ((PerlBackend *)be->be_private)->pb_filter_search_results = 0;
+
+ Debug( LDAP_DEBUG_TRACE, "perl backend db init\n", 0, 0, 0 );
+
+ return 0;
+}
+
+int
+perl_back_db_open(
+ BackendDB *be
+)
+{
+ int count;
+ int return_code;
+
+ PerlBackend *perl_back = (PerlBackend *) be->be_private;
+
+ ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
+
+ {
+ dSP; ENTER; SAVETMPS;
+
+ PUSHMARK(sp);
+ XPUSHs( perl_back->pb_obj_ref );
+
+ PUTBACK;
+
+#ifdef PERL_IS_5_6
+ count = call_method("init", G_SCALAR);
+#else
+ count = perl_call_method("init", G_SCALAR);
+#endif
+
+ SPAGAIN;
+
+ if (count != 1) {
+ croak("Big trouble in perl_back_db_open\n");
+ }
+
+ return_code = POPi;
+
+ PUTBACK; FREETMPS; LEAVE;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &perl_interpreter_mutex );
+
+ return return_code;
+}
+
+
+static void
+perl_back_xs_init(PERL_BACK_XS_INIT_PARAMS)
+{
+ char *file = __FILE__;
+ dXSUB_SYS;
+ newXS("DynaLoader::boot_DynaLoader", boot_DynaLoader, file);
+}
+
+#if SLAPD_PERL == SLAPD_MOD_DYNAMIC
+
+/* conditionally define the init_module() function */
+SLAP_BACKEND_INIT_MODULE( perl )
+
+#endif /* SLAPD_PERL == SLAPD_MOD_DYNAMIC */
+
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/modify.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/modify.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/modify.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,102 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/modify.c,v 1.21.2.5 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 John C. Quillan.
+ * Portions Copyright 2002 myinternet Limited.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "perl_back.h"
+
+int
+perl_back_modify(
+ Operation *op,
+ SlapReply *rs )
+{
+ PerlBackend *perl_back = (PerlBackend *)op->o_bd->be_private;
+ Modifications *modlist = op->orm_modlist;
+ int count;
+ int i;
+
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
+
+ ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
+
+ {
+ dSP; ENTER; SAVETMPS;
+
+ PUSHMARK(sp);
+ XPUSHs( perl_back->pb_obj_ref );
+ XPUSHs(sv_2mortal(newSVpv( op->o_req_dn.bv_val , 0)));
+
+ for (; modlist != NULL; modlist = modlist->sml_next ) {
+ Modification *mods = &modlist->sml_mod;
+
+ switch ( mods->sm_op & ~LDAP_MOD_BVALUES ) {
+ case LDAP_MOD_ADD:
+ XPUSHs(sv_2mortal(newSVpv("ADD", 0 )));
+ break;
+
+ case LDAP_MOD_DELETE:
+ XPUSHs(sv_2mortal(newSVpv("DELETE", 0 )));
+ break;
+
+ case LDAP_MOD_REPLACE:
+ XPUSHs(sv_2mortal(newSVpv("REPLACE", 0 )));
+ break;
+ }
+
+
+ XPUSHs(sv_2mortal(newSVpv( mods->sm_desc->ad_cname.bv_val, 0 )));
+
+ for ( i = 0;
+ mods->sm_values != NULL && mods->sm_values[i].bv_val != NULL;
+ i++ )
+ {
+ XPUSHs(sv_2mortal(newSVpv( mods->sm_values[i].bv_val, 0 )));
+ }
+
+ /* Fix delete attrib without value. */
+ if ( i == 0) {
+ XPUSHs(sv_newmortal());
+ }
+ }
+
+ PUTBACK;
+
+#ifdef PERL_IS_5_6
+ count = call_method("modify", G_SCALAR);
+#else
+ count = perl_call_method("modify", G_SCALAR);
+#endif
+
+ SPAGAIN;
+
+ if (count != 1) {
+ croak("Big trouble in back_modify\n");
+ }
+
+ rs->sr_err = POPi;
+
+ PUTBACK; FREETMPS; LEAVE;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &perl_interpreter_mutex );
+
+ send_ldap_result( op, rs );
+
+ Debug( LDAP_DEBUG_ANY, "Perl MODIFY\n", 0, 0, 0 );
+ return( 0 );
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/modrdn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/modrdn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/modrdn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,70 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/modrdn.c,v 1.20.2.4 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 John C. Quillan.
+ * Portions Copyright 2002 myinternet Limited.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "perl_back.h"
+
+int
+perl_back_modrdn(
+ Operation *op,
+ SlapReply *rs )
+{
+ PerlBackend *perl_back = (PerlBackend *) op->o_bd->be_private;
+ int count;
+
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
+
+ ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
+
+ {
+ dSP; ENTER; SAVETMPS;
+
+ PUSHMARK(sp) ;
+ XPUSHs( perl_back->pb_obj_ref );
+ XPUSHs(sv_2mortal(newSVpv( op->o_req_dn.bv_val , 0 )));
+ XPUSHs(sv_2mortal(newSVpv( op->orr_newrdn.bv_val , 0 )));
+ XPUSHs(sv_2mortal(newSViv( op->orr_deleteoldrdn )));
+ if ( op->orr_newSup != NULL ) {
+ XPUSHs(sv_2mortal(newSVpv( op->orr_newSup->bv_val , 0 )));
+ }
+ PUTBACK ;
+
+#ifdef PERL_IS_5_6
+ count = call_method("modrdn", G_SCALAR);
+#else
+ count = perl_call_method("modrdn", G_SCALAR);
+#endif
+
+ SPAGAIN ;
+
+ if (count != 1) {
+ croak("Big trouble in back_modrdn\n") ;
+ }
+
+ rs->sr_err = POPi;
+
+ PUTBACK; FREETMPS; LEAVE ;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &perl_interpreter_mutex );
+
+ send_ldap_result( op, rs );
+
+ Debug( LDAP_DEBUG_ANY, "Perl MODRDN\n", 0, 0, 0 );
+ return( 0 );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/perl_back.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/perl_back.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/perl_back.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,75 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/perl_back.h,v 1.13.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 John C. Quillan.
+ * Portions Copyright 2002 myinternet Limited.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef PERL_BACK_H
+#define PERL_BACK_H 1
+
+#include <EXTERN.h>
+#include <perl.h>
+#undef _ /* #defined by both Perl and ac/localize.h */
+#include "asperl_undefs.h"
+
+#include "portable.h"
+
+#include "slap.h"
+
+LDAP_BEGIN_DECL
+
+/*
+ * From Apache mod_perl: test for Perl version.
+ */
+
+#if defined(pTHX_) || (PERL_REVISION > 5 || (PERL_REVISION == 5 && PERL_VERSION >= 6))
+#define PERL_IS_5_6
+#endif
+
+#define EVAL_BUF_SIZE 500
+
+extern ldap_pvt_thread_mutex_t perl_interpreter_mutex;
+
+#ifdef PERL_IS_5_6
+/* We should be using the PL_errgv, I think */
+/* All the old style variables are prefixed with PL_ now */
+# define errgv PL_errgv
+# define na PL_na
+#endif
+
+#if defined( HAVE_WIN32_ASPERL ) || defined( USE_ITHREADS )
+/* pTHX is needed often now */
+# define PERL_INTERPRETER my_perl
+# define PERL_BACK_XS_INIT_PARAMS pTHX
+# define PERL_BACK_BOOT_DYNALOADER_PARAMS pTHX, CV *cv
+#else
+# define PERL_INTERPRETER perl_interpreter
+# define PERL_BACK_XS_INIT_PARAMS void
+# define PERL_BACK_BOOT_DYNALOADER_PARAMS CV *cv
+#endif
+
+extern PerlInterpreter *PERL_INTERPRETER;
+
+
+typedef struct perl_backend_instance {
+ char *pb_module_name;
+ SV *pb_obj_ref;
+ int pb_filter_search_results;
+} PerlBackend;
+
+LDAP_END_DECL
+
+#include "proto-perl.h"
+
+#endif /* PERL_BACK_H */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/proto-perl.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/proto-perl.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/proto-perl.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,42 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/proto-perl.h,v 1.2.2.5 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 John C. Quillan.
+ * Portions Copyright 2002 myinternet Limited.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef PROTO_PERL_H
+#define PROTO_PERL_H
+
+LDAP_BEGIN_DECL
+
+extern BI_init perl_back_initialize;
+
+extern BI_close perl_back_close;
+
+extern BI_db_init perl_back_db_init;
+extern BI_db_open perl_back_db_open;
+extern BI_db_destroy perl_back_db_destroy;
+extern BI_db_config perl_back_db_config;
+
+extern BI_op_bind perl_back_bind;
+extern BI_op_search perl_back_search;
+extern BI_op_compare perl_back_compare;
+extern BI_op_modify perl_back_modify;
+extern BI_op_modrdn perl_back_modrdn;
+extern BI_op_add perl_back_add;
+extern BI_op_delete perl_back_delete;
+
+LDAP_END_DECL
+
+#endif /* PROTO_PERL_H */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/search.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/search.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-perl/search.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,127 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/search.c,v 1.25.2.5 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 John C. Quillan.
+ * Portions Copyright 2002 myinternet Limited.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "perl_back.h"
+
+/**********************************************************
+ *
+ * Search
+ *
+ **********************************************************/
+int
+perl_back_search(
+ Operation *op,
+ SlapReply *rs )
+{
+ PerlBackend *perl_back = (PerlBackend *)op->o_bd->be_private;
+ int count ;
+ AttributeName *an;
+ Entry *e;
+ char *buf;
+ int i;
+
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
+ ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
+
+ {
+ dSP; ENTER; SAVETMPS;
+
+ PUSHMARK(sp) ;
+ XPUSHs( perl_back->pb_obj_ref );
+ XPUSHs(sv_2mortal(newSVpv( op->o_req_ndn.bv_val , 0)));
+ XPUSHs(sv_2mortal(newSViv( op->ors_scope )));
+ XPUSHs(sv_2mortal(newSViv( op->ors_deref )));
+ XPUSHs(sv_2mortal(newSViv( op->ors_slimit )));
+ XPUSHs(sv_2mortal(newSViv( op->ors_tlimit )));
+ XPUSHs(sv_2mortal(newSVpv( op->ors_filterstr.bv_val , 0)));
+ XPUSHs(sv_2mortal(newSViv( op->ors_attrsonly )));
+
+ for ( an = op->ors_attrs; an && an->an_name.bv_val; an++ ) {
+ XPUSHs(sv_2mortal(newSVpv( an->an_name.bv_val , 0)));
+ }
+ PUTBACK;
+
+#ifdef PERL_IS_5_6
+ count = call_method("search", G_ARRAY );
+#else
+ count = perl_call_method("search", G_ARRAY );
+#endif
+
+ SPAGAIN;
+
+ if (count < 1) {
+ croak("Big trouble in back_search\n") ;
+ }
+
+ if ( count > 1 ) {
+
+ for ( i = 1; i < count; i++ ) {
+
+ buf = POPp;
+
+ if ( (e = str2entry( buf )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "str2entry(%s) failed\n", buf, 0, 0 );
+
+ } else {
+ int send_entry;
+
+ if (perl_back->pb_filter_search_results)
+ send_entry = (test_filter( op, e, op->ors_filter ) == LDAP_COMPARE_TRUE);
+ else
+ send_entry = 1;
+
+ if (send_entry) {
+ rs->sr_entry = e;
+ rs->sr_attrs = op->ors_attrs;
+ rs->sr_flags = REP_ENTRY_MODIFIABLE;
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_err = send_search_entry( op, rs );
+ if ( rs->sr_err == LDAP_SIZELIMIT_EXCEEDED ) {
+ rs->sr_entry = NULL;
+ goto done;
+ }
+ }
+
+ entry_free( e );
+ }
+ }
+ }
+
+ /*
+ * We grab the return code last because the stack comes
+ * from perl in reverse order.
+ *
+ * ex perl: return ( 0, $res_1, $res_2 );
+ *
+ * ex stack: <$res_2> <$res_1> <0>
+ */
+
+ rs->sr_err = POPi;
+
+done:;
+ PUTBACK; FREETMPS; LEAVE;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &perl_interpreter_mutex );
+
+ send_ldap_result( op, rs );
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,40 @@
+# Makefile.in for back-relay
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SRCS = init.c config.c op.c
+OBJS = init.lo config.lo op.lo
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-relay"
+BUILD_MOD = @BUILD_RELAY@
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(@BUILD_RELAY at _DEFS)
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS) $(REWRITE)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS) $(REWRITE)
+
+LIBBASE = back_relay
+
+XINCPATH = -I.. -I$(srcdir)/..
+XDEFS = $(MODULES_CPPFLAGS)
+
+all-local-lib: ../.backend
+
+../.backend: lib$(LIBBASE).a
+ @touch $@
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/README
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,83 @@
+Relay backend sets up a relay virtual database that allows
+to access other databases in the same instance of slapd
+through different naming contexts and remapping attribute
+values.
+
+The DN rewrite, filter rewrite and attributeType/objectClass
+mapping is done by means of the rewrite-remap overlay.
+
+The database containing the real naming context can be
+explicitly selected by means of the "relay" directive,
+which must contain the naming context of the target
+database. This also causes the rewrite-remap overlay
+to be automatically instantiated. If the optional keyword
+"massage" is present, the rewrite-remap overlay is
+automatically configured to map the virtual to the real
+naming context and vice-versa.
+
+Otherwise, the rewrite-remap overlay must be explicitly
+instantiated, by using the "overlay" directive, as
+illustrated below. This allows much more freedom in target
+database selection and DN rewriting.
+
+If the "relay" directive is not present, the backend is
+not bound to a single target database; on the contrary,
+the target database is selected on a per-operation basis.
+
+This allows, for instance, to relay one database for
+authentication and anotheir for search/modify, or allows
+to use one target for persons and another for groups
+and so on.
+
+To summarize: the "relay" directive:
+- explicitly bounds the database to a single database
+ holding the real naming context;
+- automatically instantiates the rewrite-remap overlay;
+- automatically configures the naming context massaging
+ if the optional "massage" keyword is added
+
+If the "relay" directive is not used, the rewrite-remap
+overlay must be explicitly instantiated and the massaging
+must be configured, either by using the "suffixmassage"
+directive, or by issuing more sophisticate rewrite
+instructions.
+
+AttributeType/objectClass mapping must be explicitly
+required.
+
+Note that the rewrite-remap overlay is not complete nor
+production- ready yet.
+Examples are given of all the suggested usages.
+
+# automatically massage from virtual to real naming context
+database relay
+suffix "dc=virtual,dc=naming,dc=context"
+relay "dc=real,dc=naming,dc=context" massage
+
+# explicitly massage (same as above)
+database relay
+suffix "dc=virtual,dc=naming,dc=context"
+relay "dc=real,dc=naming,dc=context"
+suffixmassage "dc=virtual,dc=naming,dc=context" \
+ "dc=real,dc=naming,dc=context"
+
+# explicitly massage (same as above, but dynamic backend resolution)
+database relay
+suffix "dc=virtual,dc=naming,dc=context"
+overlay rewrite-remap
+suffixmassage "dc=virtual,dc=naming,dc=context" \
+ "dc=real,dc=naming,dc=context"
+
+# old fashioned suffixalias, applied also to DN-valued attributes
+# from virtual to real naming context, but not the reverse...
+database relay
+suffix "dc=virtual,dc=naming,dc=context"
+relay "dc=real,dc=naming,dc=context"
+rewriteContext default
+rewriteRule "(.*)dc=virtual,dc=naming,dc=context$" \
+ "$1dc=real,dc=naming,dc=context"
+rewriteContext searchFilter
+rewriteContext searchResult
+rewriteContext searchResultAttrDN
+rewriteContext matchedDN
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/back-relay.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/back-relay.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/back-relay.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,38 @@
+/* back-relay.h - relay backend header file */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#ifndef SLAPD_RELAY_H
+#define SLAPD_RELAY_H
+
+#include "proto-back-relay.h"
+
+/* String rewrite library */
+
+LDAP_BEGIN_DECL
+
+typedef struct relay_back_info {
+ BackendDB *ri_bd;
+ struct berval ri_realsuffix;
+ int ri_massage;
+} relay_back_info;
+
+LDAP_END_DECL
+
+#endif /* SLAPD_RELAY_H */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/config.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/config.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/config.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,132 @@
+/* config.c - relay backend configuration file routine */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masaratifor inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include "slap.h"
+#include "back-relay.h"
+
+int
+relay_back_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ relay_back_info *ri = (struct relay_back_info *)be->be_private;
+
+ if ( ri == NULL ) {
+ fprintf( stderr, "%s: line %d: relay backend info is null!\n",
+ fname, lineno );
+ return 1;
+ }
+
+ /* real naming context */
+ if ( strcasecmp( argv[0], "relay" ) == 0 ) {
+ struct berval dn, ndn, pdn;
+ int rc;
+ BackendDB *bd;
+
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing relay suffix in \"relay <dn> [massage]\" line\n",
+ fname, lineno );
+ return 1;
+
+ } else if ( argc > 3 ) {
+ fprintf( stderr,
+ "%s: line %d: too many args in \"relay <dn> [massage]\" line\n",
+ fname, lineno );
+ return 1;
+ }
+
+ dn.bv_val = argv[ 1 ];
+ dn.bv_len = strlen( argv[ 1 ] );
+ rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: line %d: "
+ "relay dn \"%s\" is invalid "
+ "in \"relay <dn> [massage]\" line\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ bd = select_backend( &ndn, 0, 1 );
+ if ( bd == NULL ) {
+ fprintf( stderr, "%s: line %d: "
+ "cannot find database "
+ "of relay dn \"%s\" "
+ "in \"relay <dn> [massage]\" line\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+
+ } else if ( bd == be ) {
+ fprintf( stderr, "%s: line %d: "
+ "relay dn \"%s\" would call self "
+ "in \"relay <dn> [massage]\" line\n",
+ fname, lineno, pdn.bv_val );
+ return 1;
+ }
+
+ ri->ri_realsuffix = ndn;
+
+ if ( overlay_config( be, "rwm" ) ) {
+ fprintf( stderr, "%s: line %d: unable to install "
+ "rwm overlay "
+ "in \"relay <dn> [massage]\" line\n",
+ fname, lineno );
+ return 1;
+ }
+
+ if ( argc == 3 ) {
+ char *cargv[ 4 ];
+
+ if ( strcmp( argv[2], "massage" ) != 0 ) {
+ fprintf( stderr, "%s: line %d: "
+ "unknown directive \"%s\" "
+ "in \"relay <dn> [massage]\" line\n",
+ fname, lineno, argv[2] );
+ return 1;
+ }
+
+ cargv[ 0 ] = "rwm-suffixmassage";
+ cargv[ 1 ] = be->be_suffix[0].bv_val;
+ cargv[ 2 ] = pdn.bv_val;
+ cargv[ 3 ] = NULL;
+
+ if ( be->be_config( be, fname, lineno, 3, cargv ) ) {
+ return 1;
+ }
+ }
+
+ ch_free( pdn.bv_val );
+
+ /* anything else */
+ } else {
+ return SLAP_CONF_UNKNOWN;
+ }
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/init.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/init.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/init.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,143 @@
+/* init.c - initialize relay backend */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-relay.h"
+
+int
+relay_back_initialize( BackendInfo *bi )
+{
+ bi->bi_init = 0;
+ bi->bi_open = 0;
+ bi->bi_config = 0;
+ bi->bi_close = 0;
+ bi->bi_destroy = 0;
+
+ bi->bi_db_init = relay_back_db_init;
+ bi->bi_db_config = relay_back_db_config;
+ bi->bi_db_open = relay_back_db_open;
+#if 0
+ bi->bi_db_close =relay_back_db_close;
+#endif
+ bi->bi_db_destroy = relay_back_db_destroy;
+
+ bi->bi_op_bind = relay_back_op_bind;
+ bi->bi_op_unbind = relay_back_op_unbind;
+ bi->bi_op_search = relay_back_op_search;
+ bi->bi_op_compare = relay_back_op_compare;
+ bi->bi_op_modify = relay_back_op_modify;
+ bi->bi_op_modrdn = relay_back_op_modrdn;
+ bi->bi_op_add = relay_back_op_add;
+ bi->bi_op_delete = relay_back_op_delete;
+ bi->bi_op_abandon = relay_back_op_abandon;
+ bi->bi_op_cancel = relay_back_op_cancel;
+ bi->bi_extended = relay_back_op_extended;
+ bi->bi_entry_release_rw = relay_back_entry_release_rw;
+ bi->bi_entry_get_rw = relay_back_entry_get_rw;
+#if 0 /* see comment in op.c */
+ bi->bi_chk_referrals = relay_back_chk_referrals;
+#endif
+ bi->bi_operational = relay_back_operational;
+ bi->bi_has_subordinates = relay_back_has_subordinates;
+
+ bi->bi_connection_init = relay_back_connection_init;
+ bi->bi_connection_destroy = relay_back_connection_destroy;
+
+ return 0;
+}
+
+int
+relay_back_db_init( Backend *be )
+{
+ relay_back_info *ri;
+
+ be->be_private = NULL;
+
+ ri = (relay_back_info *)ch_calloc( 1, sizeof( relay_back_info ) );
+ if ( ri == NULL ) {
+ return -1;
+ }
+
+ ri->ri_bd = NULL;
+ BER_BVZERO( &ri->ri_realsuffix );
+ ri->ri_massage = 0;
+
+ be->be_private = (void *)ri;
+
+ return 0;
+}
+
+int
+relay_back_db_open( Backend *be )
+{
+ relay_back_info *ri = (relay_back_info *)be->be_private;
+
+ assert( ri != NULL );
+
+ if ( !BER_BVISNULL( &ri->ri_realsuffix ) ) {
+ ri->ri_bd = select_backend( &ri->ri_realsuffix, 0, 1 );
+
+ /* must be there: it was during config! */
+ assert( ri->ri_bd != NULL );
+
+ /* inherit controls */
+ AC_MEMCPY( be->be_ctrls, ri->ri_bd->be_ctrls, sizeof( be->be_ctrls ) );
+
+ } else {
+ /* inherit all? */
+ AC_MEMCPY( be->be_ctrls, frontendDB->be_ctrls, sizeof( be->be_ctrls ) );
+ }
+
+ return 0;
+}
+
+int
+relay_back_db_close( Backend *be )
+{
+ return 0;
+}
+
+int
+relay_back_db_destroy( Backend *be )
+{
+ relay_back_info *ri = (relay_back_info *)be->be_private;
+
+ if ( ri ) {
+ if ( !BER_BVISNULL( &ri->ri_realsuffix ) ) {
+ ch_free( ri->ri_realsuffix.bv_val );
+ }
+ ch_free( ri );
+ }
+
+ return 0;
+}
+
+#if SLAPD_RELAY == SLAPD_MOD_DYNAMIC
+
+/* conditionally define the init_module() function */
+SLAP_BACKEND_INIT_MODULE( relay )
+
+#endif /* SLAPD_RELAY == SLAPD_MOD_DYNAMIC */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/op.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/op.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/op.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,674 @@
+/* op.c - relay backend operations */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include "slap.h"
+#include "back-relay.h"
+
+static int
+relay_back_swap_bd( struct slap_op *op, struct slap_rep *rs )
+{
+ slap_callback *cb = op->o_callback;
+ BackendDB *be = op->o_bd;
+
+ op->o_bd = cb->sc_private;
+ cb->sc_private = be;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static void
+relay_back_add_cb( slap_callback *cb, struct slap_op *op )
+{
+ cb->sc_next = op->o_callback;
+ cb->sc_response = relay_back_swap_bd;
+ cb->sc_cleanup = relay_back_swap_bd;
+ cb->sc_private = op->o_bd;
+ op->o_callback = cb;
+}
+
+/*
+ * selects the backend if not enforced at config;
+ * in case of failure, behaves based on err:
+ * -1 don't send result
+ * LDAP_SUCCESS don't send result; may send referral
+ * any valid error send as error result
+ */
+static BackendDB *
+relay_back_select_backend( struct slap_op *op, struct slap_rep *rs, int err )
+{
+ relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
+ BackendDB *bd = ri->ri_bd;
+
+ if ( bd == NULL ) {
+ bd = select_backend( &op->o_req_ndn, 0, 1 );
+ if ( bd == op->o_bd ) {
+ if ( err > LDAP_SUCCESS ) {
+ send_ldap_error( op, rs,
+ LDAP_UNWILLING_TO_PERFORM,
+ "back-relay would call self" );
+ }
+ return NULL;
+ }
+ }
+
+ if ( bd == NULL && err > -1 ) {
+ if ( default_referral ) {
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ if ( !rs->sr_ref ) {
+ rs->sr_ref = default_referral;
+ }
+
+ rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+
+ if ( rs->sr_ref != default_referral ) {
+ ber_bvarray_free( rs->sr_ref );
+ }
+
+ } else {
+ /* NOTE: err is LDAP_INVALID_CREDENTIALS for bind,
+ * LDAP_NO_SUCH_OBJECT for other operations.
+ * noSuchObject cannot be returned by bind */
+ rs->sr_err = err;
+ send_ldap_result( op, rs );
+ }
+ }
+
+ return bd;
+}
+
+int
+relay_back_op_bind( struct slap_op *op, struct slap_rep *rs )
+{
+ BackendDB *bd;
+ int rc = 1;
+
+ bd = relay_back_select_backend( op, rs, LDAP_INVALID_CREDENTIALS );
+ if ( bd == NULL ) {
+ return rc;
+ }
+
+ if ( bd->be_bind ) {
+ BackendDB *be = op->o_bd;
+ slap_callback cb;
+
+ relay_back_add_cb( &cb, op );
+
+ op->o_bd = bd;
+ rc = ( bd->be_bind )( op, rs );
+ op->o_bd = be;
+
+ if ( op->o_callback == &cb ) {
+ op->o_callback = op->o_callback->sc_next;
+ }
+
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "operation not supported "
+ "within naming context" );
+ }
+
+ return rc;
+}
+
+int
+relay_back_op_unbind( struct slap_op *op, struct slap_rep *rs )
+{
+ relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
+ BackendDB *bd;
+ int rc = 1;
+
+ bd = ri->ri_bd;
+ if ( bd == NULL ) {
+ bd = select_backend( &op->o_req_ndn, 0, 1 );
+ }
+
+ if ( bd && bd->be_unbind ) {
+ BackendDB *be = op->o_bd;
+ slap_callback cb;
+
+ relay_back_add_cb( &cb, op );
+
+ op->o_bd = bd;
+ rc = ( bd->be_unbind )( op, rs );
+ op->o_bd = be;
+
+ if ( op->o_callback == &cb ) {
+ op->o_callback = op->o_callback->sc_next;
+ }
+ }
+
+ return 0;
+
+}
+
+int
+relay_back_op_search( struct slap_op *op, struct slap_rep *rs )
+{
+ BackendDB *bd;
+ int rc = 1;
+
+ bd = relay_back_select_backend( op, rs, LDAP_NO_SUCH_OBJECT );
+ if ( bd == NULL ) {
+ return 1;
+ }
+
+ if ( bd->be_search ) {
+ BackendDB *be = op->o_bd;
+ slap_callback cb;
+
+ relay_back_add_cb( &cb, op );
+
+ op->o_bd = bd;
+ rc = ( bd->be_search )( op, rs );
+ op->o_bd = be;
+
+ if ( op->o_callback == &cb ) {
+ op->o_callback = op->o_callback->sc_next;
+ }
+
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "operation not supported "
+ "within naming context" );
+ }
+
+ return rc;
+
+}
+
+int
+relay_back_op_compare( struct slap_op *op, struct slap_rep *rs )
+{
+ BackendDB *bd;
+ int rc = 1;
+
+ bd = relay_back_select_backend( op, rs, LDAP_NO_SUCH_OBJECT );
+ if ( bd == NULL ) {
+ return 1;
+ }
+
+ if ( bd->be_compare ) {
+ BackendDB *be = op->o_bd;
+ slap_callback cb;
+
+ relay_back_add_cb( &cb, op );
+
+ op->o_bd = bd;
+ rc = ( bd->be_compare )( op, rs );
+ op->o_bd = be;
+
+ if ( op->o_callback == &cb ) {
+ op->o_callback = op->o_callback->sc_next;
+ }
+
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "operation not supported "
+ "within naming context" );
+ }
+
+ return rc;
+
+}
+
+int
+relay_back_op_modify( struct slap_op *op, struct slap_rep *rs )
+{
+ BackendDB *bd;
+ int rc = 1;
+
+ bd = relay_back_select_backend( op, rs, LDAP_NO_SUCH_OBJECT );
+ if ( bd == NULL ) {
+ return 1;
+ }
+
+ if ( bd->be_modify ) {
+ BackendDB *be = op->o_bd;
+ slap_callback cb;
+
+ relay_back_add_cb( &cb, op );
+
+ op->o_bd = bd;
+ rc = ( bd->be_modify )( op, rs );
+ op->o_bd = be;
+
+ if ( op->o_callback == &cb ) {
+ op->o_callback = op->o_callback->sc_next;
+ }
+
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "operation not supported "
+ "within naming context" );
+ }
+
+ return rc;
+
+}
+
+int
+relay_back_op_modrdn( struct slap_op *op, struct slap_rep *rs )
+{
+ BackendDB *bd;
+ int rc = 1;
+
+ bd = relay_back_select_backend( op, rs, LDAP_NO_SUCH_OBJECT );
+ if ( bd == NULL ) {
+ return 1;
+ }
+
+ if ( bd->be_modrdn ) {
+ BackendDB *be = op->o_bd;
+ slap_callback cb;
+
+ relay_back_add_cb( &cb, op );
+
+ op->o_bd = bd;
+ rc = ( bd->be_modrdn )( op, rs );
+ op->o_bd = be;
+
+ if ( op->o_callback == &cb ) {
+ op->o_callback = op->o_callback->sc_next;
+ }
+
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "operation not supported "
+ "within naming context" );
+ }
+
+ return rc;
+
+}
+
+int
+relay_back_op_add( struct slap_op *op, struct slap_rep *rs )
+{
+ BackendDB *bd;
+ int rc = 1;
+
+ bd = relay_back_select_backend( op, rs, LDAP_NO_SUCH_OBJECT );
+ if ( bd == NULL ) {
+ return 1;
+ }
+
+ if ( bd->be_add ) {
+ BackendDB *be = op->o_bd;
+ slap_callback cb;
+
+ relay_back_add_cb( &cb, op );
+
+ op->o_bd = bd;
+ rc = ( bd->be_add )( op, rs );
+ op->o_bd = be;
+
+ if ( op->o_callback == &cb ) {
+ op->o_callback = op->o_callback->sc_next;
+ }
+
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "operation not supported "
+ "within naming context" );
+ }
+
+ return rc;
+
+}
+
+int
+relay_back_op_delete( struct slap_op *op, struct slap_rep *rs )
+{
+ BackendDB *bd;
+ int rc = 1;
+
+ bd = relay_back_select_backend( op, rs, LDAP_NO_SUCH_OBJECT );
+ if ( bd == NULL ) {
+ return 1;
+ }
+
+ if ( bd->be_delete ) {
+ BackendDB *be = op->o_bd;
+ slap_callback cb;
+
+ relay_back_add_cb( &cb, op );
+
+ op->o_bd = bd;
+ rc = ( bd->be_delete )( op, rs );
+ op->o_bd = be;
+
+ if ( op->o_callback == &cb ) {
+ op->o_callback = op->o_callback->sc_next;
+ }
+ }
+
+ return rc;
+
+}
+
+int
+relay_back_op_abandon( struct slap_op *op, struct slap_rep *rs )
+{
+ BackendDB *bd;
+ int rc = 1;
+
+ bd = relay_back_select_backend( op, rs, -1 );
+ if ( bd == NULL ) {
+ return 1;
+ }
+
+ if ( bd->be_abandon ) {
+ BackendDB *be = op->o_bd;
+ slap_callback cb;
+
+ relay_back_add_cb( &cb, op );
+
+ op->o_bd = bd;
+ rc = ( bd->be_abandon )( op, rs );
+ op->o_bd = be;
+
+ if ( op->o_callback == &cb ) {
+ op->o_callback = op->o_callback->sc_next;
+ }
+ }
+
+ return rc;
+
+}
+
+int
+relay_back_op_cancel( struct slap_op *op, struct slap_rep *rs )
+{
+ BackendDB *bd;
+ int rc = 1;
+
+ bd = relay_back_select_backend( op, rs, LDAP_NO_SUCH_OBJECT );
+ if ( bd == NULL ) {
+ return 1;
+ }
+
+ if ( bd->be_cancel ) {
+ BackendDB *be = op->o_bd;
+ slap_callback cb;
+
+ relay_back_add_cb( &cb, op );
+
+ op->o_bd = bd;
+ rc = ( bd->be_cancel )( op, rs );
+ op->o_bd = be;
+
+ if ( op->o_callback == &cb ) {
+ op->o_callback = op->o_callback->sc_next;
+ }
+
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "operation not supported "
+ "within naming context" );
+ }
+
+ return rc;
+
+}
+
+int
+relay_back_op_extended( struct slap_op *op, struct slap_rep *rs )
+{
+ BackendDB *bd;
+ int rc = 1;
+
+ bd = relay_back_select_backend( op, rs, LDAP_NO_SUCH_OBJECT );
+ if ( bd == NULL ) {
+ return 1;
+ }
+
+ if ( bd->be_extended ) {
+ BackendDB *be = op->o_bd;
+ slap_callback cb;
+
+ relay_back_add_cb( &cb, op );
+
+ op->o_bd = bd;
+ rc = ( bd->be_extended )( op, rs );
+ op->o_bd = be;
+
+ if ( op->o_callback == &cb ) {
+ op->o_callback = op->o_callback->sc_next;
+ }
+
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "operation not supported "
+ "within naming context" );
+ }
+
+ return rc;
+
+}
+
+int
+relay_back_entry_release_rw( struct slap_op *op, Entry *e, int rw )
+{
+ relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
+ BackendDB *bd;
+ int rc = 1;
+
+ bd = ri->ri_bd;
+ if ( bd == NULL) {
+ bd = select_backend( &op->o_req_ndn, 0, 1 );
+ if ( bd == NULL ) {
+ return 1;
+ }
+ }
+
+ if ( bd->be_release ) {
+ BackendDB *be = op->o_bd;
+
+ op->o_bd = bd;
+ rc = ( bd->be_release )( op, e, rw );
+ op->o_bd = be;
+ }
+
+ return rc;
+
+}
+
+int
+relay_back_entry_get_rw( struct slap_op *op, struct berval *ndn,
+ ObjectClass *oc, AttributeDescription *at, int rw, Entry **e )
+{
+ relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
+ BackendDB *bd;
+ int rc = 1;
+
+ bd = ri->ri_bd;
+ if ( bd == NULL) {
+ bd = select_backend( &op->o_req_ndn, 0, 1 );
+ if ( bd == NULL ) {
+ return 1;
+ }
+ }
+
+ if ( bd->be_fetch ) {
+ BackendDB *be = op->o_bd;
+
+ op->o_bd = bd;
+ rc = ( bd->be_fetch )( op, ndn, oc, at, rw, e );
+ op->o_bd = be;
+ }
+
+ return rc;
+
+}
+
+/*
+ * NOTE: even the existence of this function is questionable: we cannot
+ * pass the bi_chk_referrals() call thru the rwm overlay because there
+ * is no way to rewrite the req_dn back; but then relay_back_chk_referrals()
+ * is passing the target database a DN that likely does not belong to its
+ * naming context... mmmh.
+ */
+int
+relay_back_chk_referrals( struct slap_op *op, struct slap_rep *rs )
+{
+ BackendDB *bd;
+ int rc = 0;
+
+ bd = relay_back_select_backend( op, rs, LDAP_SUCCESS );
+ /* FIXME: this test only works if there are no overlays, so
+ * it is nearly useless; if made stricter, no nested back-relays
+ * can be instantiated... too bad. */
+ if ( bd == NULL || bd == op->o_bd ) {
+ return 0;
+ }
+
+ /* no nested back-relays... */
+ if ( overlay_is_over( bd ) ) {
+ slap_overinfo *oi = (slap_overinfo *)bd->bd_info->bi_private;
+
+ if ( oi->oi_orig == op->o_bd->bd_info ) {
+ return 0;
+ }
+ }
+
+ if ( bd->be_chk_referrals ) {
+ BackendDB *be = op->o_bd;
+ slap_callback cb;
+
+ relay_back_add_cb( &cb, op );
+
+ op->o_bd = bd;
+ rc = ( bd->be_chk_referrals )( op, rs );
+ op->o_bd = be;
+
+ if ( op->o_callback == &cb ) {
+ op->o_callback = op->o_callback->sc_next;
+ }
+ }
+
+ return rc;
+
+}
+
+int
+relay_back_operational( struct slap_op *op, struct slap_rep *rs )
+{
+ relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
+ BackendDB *bd;
+ int rc = 1;
+
+ bd = ri->ri_bd;
+ if ( bd == NULL) {
+ bd = select_backend( &op->o_req_ndn, 0, 1 );
+ if ( bd == NULL ) {
+ return 1;
+ }
+ }
+
+ if ( bd->be_operational ) {
+ BackendDB *be = op->o_bd;
+ slap_callback cb;
+
+ relay_back_add_cb( &cb, op );
+
+ op->o_bd = bd;
+ rc = ( bd->be_operational )( op, rs );
+ op->o_bd = be;
+
+ if ( op->o_callback == &cb ) {
+ op->o_callback = op->o_callback->sc_next;
+ }
+ }
+
+ return rc;
+
+}
+
+int
+relay_back_has_subordinates( struct slap_op *op, Entry *e, int *hasSubs )
+{
+ relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
+ BackendDB *bd;
+ int rc = 1;
+
+ bd = ri->ri_bd;
+ if ( bd == NULL) {
+ bd = select_backend( &op->o_req_ndn, 0, 1 );
+ if ( bd == NULL ) {
+ return 1;
+ }
+ }
+
+ if ( bd->be_has_subordinates ) {
+ BackendDB *be = op->o_bd;
+
+ op->o_bd = bd;
+ rc = ( bd->be_has_subordinates )( op, e, hasSubs );
+ op->o_bd = be;
+ }
+
+ return rc;
+
+}
+
+int
+relay_back_connection_init( BackendDB *bd, struct slap_conn *c )
+{
+ relay_back_info *ri = (relay_back_info *)bd->be_private;
+
+ bd = ri->ri_bd;
+ if ( bd == NULL ) {
+ return 0;
+ }
+
+ if ( bd->be_connection_init ) {
+ return ( bd->be_connection_init )( bd, c );
+ }
+
+ return 0;
+}
+
+int
+relay_back_connection_destroy( BackendDB *bd, struct slap_conn *c )
+{
+ relay_back_info *ri = (relay_back_info *)bd->be_private;
+
+ bd = ri->ri_bd;
+ if ( bd == NULL) {
+ return 0;
+ }
+
+ if ( bd->be_connection_destroy ) {
+ return ( bd->be_connection_destroy )( bd, c );
+ }
+
+ return 0;
+
+}
+
+/*
+ * FIXME: must implement tools as well
+ */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/proto-back-relay.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/proto-back-relay.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-relay/proto-back-relay.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,58 @@
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#ifndef PROTO_BACK_RELAY
+#define PROTO_BACK_RELAY
+
+#include <ldap_cdefs.h>
+
+LDAP_BEGIN_DECL
+
+extern BI_init relay_back_initialize;
+
+extern BI_db_init relay_back_db_init;
+extern BI_db_config relay_back_db_config;
+extern BI_db_open relay_back_db_open;
+extern BI_db_close relay_back_db_close;
+extern BI_db_destroy relay_back_db_destroy;
+
+extern BI_op_bind relay_back_op_bind;
+extern BI_op_unbind relay_back_op_unbind;
+extern BI_op_search relay_back_op_search;
+extern BI_op_compare relay_back_op_compare;
+extern BI_op_modify relay_back_op_modify;
+extern BI_op_modrdn relay_back_op_modrdn;
+extern BI_op_add relay_back_op_add;
+extern BI_op_delete relay_back_op_delete;
+extern BI_op_abandon relay_back_op_abandon;
+extern BI_op_cancel relay_back_op_cancel;
+extern BI_op_extended relay_back_op_extended;
+extern BI_entry_release_rw relay_back_entry_release_rw;
+extern BI_entry_get_rw relay_back_entry_get_rw;
+extern BI_chk_referrals relay_back_chk_referrals;
+extern BI_operational relay_back_operational;
+extern BI_has_subordinates relay_back_has_subordinates;
+
+extern BI_connection_init relay_back_connection_init;
+extern BI_connection_destroy relay_back_connection_destroy;
+
+LDAP_END_DECL
+
+#endif /* PROTO_BACK_RELAY */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,43 @@
+# Makefile.in for back-shell
+# $OpenLDAP: pkg/ldap/servers/slapd/back-shell/Makefile.in,v 1.20.2.3 2007/01/02 21:44:06 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SRCS = init.c config.c fork.c search.c bind.c unbind.c add.c \
+ delete.c modify.c modrdn.c compare.c result.c
+OBJS = init.lo config.lo fork.lo search.lo bind.lo unbind.lo add.lo \
+ delete.lo modify.lo modrdn.lo compare.lo result.lo
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-shell"
+BUILD_MOD = @BUILD_SHELL@
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(@BUILD_SHELL at _DEFS)
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+
+LIBBASE = back_shell
+
+XINCPATH = -I.. -I$(srcdir)/..
+XDEFS = $(MODULES_CPPFLAGS)
+
+all-local-lib: ../.backend
+
+../.backend: lib$(LIBBASE).a
+ @touch $@
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/add.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/add.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/add.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,84 @@
+/* add.c - shell backend add function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/add.c,v 1.24.2.4 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "shell.h"
+
+int
+shell_back_add(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
+ FILE *rfp, *wfp;
+ int len;
+
+ if ( si->si_add == NULL ) {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "add not implemented" );
+ return( -1 );
+ }
+
+ if ( ! access_allowed( op, op->oq_add.rs_e,
+ entry, NULL, ACL_WADD, NULL ) )
+ {
+ send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
+ return -1;
+ }
+
+ if ( forkandexec( si->si_add, &rfp, &wfp ) == (pid_t)-1 ) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "could not fork/exec" );
+ return( -1 );
+ }
+
+ /* write out the request to the add process */
+ fprintf( wfp, "ADD\n" );
+ fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
+ print_suffixes( wfp, op->o_bd );
+ ldap_pvt_thread_mutex_lock( &entry2str_mutex );
+ fprintf( wfp, "%s", entry2str( op->oq_add.rs_e, &len ) );
+ ldap_pvt_thread_mutex_unlock( &entry2str_mutex );
+ fclose( wfp );
+
+ /* read in the result and send it along */
+ read_and_send_results( op, rs, rfp );
+
+ fclose( rfp );
+ return( 0 );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/bind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/bind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/bind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,95 @@
+/* bind.c - shell backend bind function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/bind.c,v 1.25.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "shell.h"
+
+int
+shell_back_bind(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
+ Entry e;
+ FILE *rfp, *wfp;
+ int rc;
+
+ if ( si->si_bind == NULL ) {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "bind not implemented" );
+ return( -1 );
+ }
+
+ e.e_id = NOID;
+ e.e_name = op->o_req_dn;
+ e.e_nname = op->o_req_ndn;
+ e.e_attrs = NULL;
+ e.e_ocflags = 0;
+ e.e_bv.bv_len = 0;
+ e.e_bv.bv_val = NULL;
+ e.e_private = NULL;
+
+ if ( ! access_allowed( op, &e,
+ entry, NULL, ACL_AUTH, NULL ) )
+ {
+ send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
+ return -1;
+ }
+
+ if ( forkandexec( si->si_bind, &rfp, &wfp ) == (pid_t)-1 ) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "could not fork/exec" );
+ return( -1 );
+ }
+
+ /* write out the request to the bind process */
+ fprintf( wfp, "BIND\n" );
+ fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
+ print_suffixes( wfp, op->o_bd );
+ fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
+ fprintf( wfp, "method: %d\n", op->oq_bind.rb_method );
+ fprintf( wfp, "credlen: %lu\n", op->oq_bind.rb_cred.bv_len );
+ fprintf( wfp, "cred: %s\n", op->oq_bind.rb_cred.bv_val ); /* XXX */
+ fclose( wfp );
+
+ /* read in the results and send them along */
+ rc = read_and_send_results( op, rs, rfp );
+ fclose( rfp );
+
+ return( rc );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/compare.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/compare.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/compare.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,99 @@
+/* compare.c - shell backend compare function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/compare.c,v 1.26.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "shell.h"
+
+int
+shell_back_compare(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
+ Entry e;
+ FILE *rfp, *wfp;
+
+ if ( si->si_compare == NULL ) {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "compare not implemented" );
+ return( -1 );
+ }
+
+ e.e_id = NOID;
+ e.e_name = op->o_req_dn;
+ e.e_nname = op->o_req_ndn;
+ e.e_attrs = NULL;
+ e.e_ocflags = 0;
+ e.e_bv.bv_len = 0;
+ e.e_bv.bv_val = NULL;
+ e.e_private = NULL;
+
+ if ( ! access_allowed( op, &e,
+ entry, NULL, ACL_READ, NULL ) )
+ {
+ send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
+ return -1;
+ }
+
+ if ( forkandexec( si->si_compare, &rfp, &wfp ) == (pid_t)-1 ) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "could not fork/exec" );
+ return( -1 );
+ }
+
+ /*
+ * FIX ME: This should use LDIF routines so that binary
+ * values are properly dealt with
+ */
+
+ /* write out the request to the compare process */
+ fprintf( wfp, "COMPARE\n" );
+ fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
+ print_suffixes( wfp, op->o_bd );
+ fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
+ fprintf( wfp, "%s: %s\n",
+ op->oq_compare.rs_ava->aa_desc->ad_cname.bv_val,
+ op->oq_compare.rs_ava->aa_value.bv_val /* could be binary! */ );
+ fclose( wfp );
+
+ /* read in the result and send it along */
+ read_and_send_results( op, rs, rfp );
+
+ fclose( rfp );
+ return( 0 );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/config.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/config.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/config.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,144 @@
+/* config.c - shell backend configuration file routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/config.c,v 1.16.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "shell.h"
+
+int
+shell_back_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ struct shellinfo *si = (struct shellinfo *) be->be_private;
+
+ if ( si == NULL ) {
+ fprintf( stderr, "%s: line %d: shell backend info is null!\n",
+ fname, lineno );
+ return( 1 );
+ }
+
+ /* command + args to exec for binds */
+ if ( strcasecmp( argv[0], "bind" ) == 0 ) {
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing executable in \"bind <executable>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+ si->si_bind = ldap_charray_dup( &argv[1] );
+
+ /* command + args to exec for unbinds */
+ } else if ( strcasecmp( argv[0], "unbind" ) == 0 ) {
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing executable in \"unbind <executable>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+ si->si_unbind = ldap_charray_dup( &argv[1] );
+
+ /* command + args to exec for searches */
+ } else if ( strcasecmp( argv[0], "search" ) == 0 ) {
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing executable in \"search <executable>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+ si->si_search = ldap_charray_dup( &argv[1] );
+
+ /* command + args to exec for compares */
+ } else if ( strcasecmp( argv[0], "compare" ) == 0 ) {
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing executable in \"compare <executable>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+ si->si_compare = ldap_charray_dup( &argv[1] );
+
+ /* command + args to exec for modifies */
+ } else if ( strcasecmp( argv[0], "modify" ) == 0 ) {
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing executable in \"modify <executable>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+ si->si_modify = ldap_charray_dup( &argv[1] );
+
+ /* command + args to exec for modrdn */
+ } else if ( strcasecmp( argv[0], "modrdn" ) == 0 ) {
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing executable in \"modrdn <executable>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+ si->si_modrdn = ldap_charray_dup( &argv[1] );
+
+ /* command + args to exec for add */
+ } else if ( strcasecmp( argv[0], "add" ) == 0 ) {
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing executable in \"add <executable>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+ si->si_add = ldap_charray_dup( &argv[1] );
+
+ /* command + args to exec for delete */
+ } else if ( strcasecmp( argv[0], "delete" ) == 0 ) {
+ if ( argc < 2 ) {
+ fprintf( stderr,
+ "%s: line %d: missing executable in \"delete <executable>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+ si->si_delete = ldap_charray_dup( &argv[1] );
+
+ /* anything else */
+ } else {
+ return SLAP_CONF_UNKNOWN;
+ }
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/delete.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/delete.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/delete.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,90 @@
+/* delete.c - shell backend delete function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/delete.c,v 1.23.2.4 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "shell.h"
+
+int
+shell_back_delete(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
+ Entry e;
+ FILE *rfp, *wfp;
+
+ if ( si->si_delete == NULL ) {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "delete not implemented" );
+ return( -1 );
+ }
+
+ e.e_id = NOID;
+ e.e_name = op->o_req_dn;
+ e.e_nname = op->o_req_ndn;
+ e.e_attrs = NULL;
+ e.e_ocflags = 0;
+ e.e_bv.bv_len = 0;
+ e.e_bv.bv_val = NULL;
+ e.e_private = NULL;
+
+ if ( ! access_allowed( op, &e,
+ entry, NULL, ACL_WDEL, NULL ) )
+ {
+ send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
+ return -1;
+ }
+
+ if ( forkandexec( si->si_delete, &rfp, &wfp ) == (pid_t)-1 ) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "could not fork/exec" );
+ return( -1 );
+ }
+
+ /* write out the request to the delete process */
+ fprintf( wfp, "DELETE\n" );
+ fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
+ print_suffixes( wfp, op->o_bd );
+ fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
+ fclose( wfp );
+
+ /* read in the results and send them along */
+ read_and_send_results( op, rs, rfp );
+ fclose( rfp );
+ return( 0 );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/fork.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/fork.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/fork.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,113 @@
+/* fork.c - fork and exec a process, connecting stdin/out w/pipes */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/fork.c,v 1.15.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/errno.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/unistd.h>
+
+#include "slap.h"
+#include "shell.h"
+
+pid_t
+forkandexec(
+ char **args,
+ FILE **rfp,
+ FILE **wfp
+)
+{
+ int p2c[2] = { -1, -1 }, c2p[2];
+ pid_t pid;
+
+ if ( pipe( p2c ) != 0 || pipe( c2p ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "pipe failed\n", 0, 0, 0 );
+ close( p2c[0] );
+ close( p2c[1] );
+ return( -1 );
+ }
+
+ /*
+ * what we're trying to set up looks like this:
+ * parent *wfp -> p2c[1] | p2c[0] -> stdin child
+ * parent *rfp <- c2p[0] | c2p[1] <- stdout child
+ */
+
+ fflush( NULL );
+# ifdef HAVE_THR
+ pid = fork1();
+# else
+ pid = fork();
+# endif
+ if ( pid == 0 ) { /* child */
+ /*
+ * child could deadlock here due to resources locked
+ * by our parent
+ *
+ * If so, configure --without-threads.
+ */
+ if ( dup2( p2c[0], 0 ) == -1 || dup2( c2p[1], 1 ) == -1 ) {
+ Debug( LDAP_DEBUG_ANY, "dup2 failed\n", 0, 0, 0 );
+ exit( EXIT_FAILURE );
+ }
+ }
+ close( p2c[0] );
+ close( c2p[1] );
+ if ( pid <= 0 ) {
+ close( p2c[1] );
+ close( c2p[0] );
+ }
+ switch ( pid ) {
+ case 0:
+ execv( args[0], args );
+
+ Debug( LDAP_DEBUG_ANY, "execv failed\n", 0, 0, 0 );
+ exit( EXIT_FAILURE );
+
+ case -1: /* trouble */
+ Debug( LDAP_DEBUG_ANY, "fork failed\n", 0, 0, 0 );
+ return( -1 );
+ }
+
+ /* parent */
+ if ( (*rfp = fdopen( c2p[0], "r" )) == NULL || (*wfp = fdopen( p2c[1],
+ "w" )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "fdopen failed\n", 0, 0, 0 );
+ close( c2p[0] );
+ close( p2c[1] );
+
+ return( -1 );
+ }
+
+ return( pid );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/init.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/init.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/init.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,106 @@
+/* init.c - initialize shell backend */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/init.c,v 1.35.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+
+#include "slap.h"
+
+#include "shell.h"
+
+int
+shell_back_initialize(
+ BackendInfo *bi
+)
+{
+ bi->bi_open = 0;
+ bi->bi_config = 0;
+ bi->bi_close = 0;
+ bi->bi_destroy = 0;
+
+ bi->bi_db_init = shell_back_db_init;
+ bi->bi_db_config = shell_back_db_config;
+ bi->bi_db_open = 0;
+ bi->bi_db_close = 0;
+ bi->bi_db_destroy = shell_back_db_destroy;
+
+ bi->bi_op_bind = shell_back_bind;
+ bi->bi_op_unbind = shell_back_unbind;
+ bi->bi_op_search = shell_back_search;
+ bi->bi_op_compare = shell_back_compare;
+ bi->bi_op_modify = shell_back_modify;
+ bi->bi_op_modrdn = shell_back_modrdn;
+ bi->bi_op_add = shell_back_add;
+ bi->bi_op_delete = shell_back_delete;
+ bi->bi_op_abandon = 0;
+
+ bi->bi_extended = 0;
+
+ bi->bi_chk_referrals = 0;
+
+ bi->bi_connection_init = 0;
+ bi->bi_connection_destroy = 0;
+
+ return 0;
+}
+
+int
+shell_back_db_init(
+ Backend *be
+)
+{
+ struct shellinfo *si;
+
+ si = (struct shellinfo *) ch_calloc( 1, sizeof(struct shellinfo) );
+
+ be->be_private = si;
+
+ return si == NULL;
+}
+
+int
+shell_back_db_destroy(
+ Backend *be
+)
+{
+ free( be->be_private );
+ return 0;
+}
+
+#if SLAPD_SHELL == SLAPD_MOD_DYNAMIC
+
+/* conditionally define the init_module() function */
+SLAP_BACKEND_INIT_MODULE( shell )
+
+#endif /* SLAPD_SHELL == SLAPD_MOD_DYNAMIC */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/modify.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/modify.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/modify.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,121 @@
+/* modify.c - shell backend modify function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/modify.c,v 1.31.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "shell.h"
+
+int
+shell_back_modify(
+ Operation *op,
+ SlapReply *rs )
+{
+ Modification *mod;
+ struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
+ Modifications *ml = op->oq_modify.rs_modlist;
+ Entry e;
+ FILE *rfp, *wfp;
+ int i;
+
+ if ( si->si_modify == NULL ) {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "modify not implemented" );
+ return( -1 );
+ }
+
+ e.e_id = NOID;
+ e.e_name = op->o_req_dn;
+ e.e_nname = op->o_req_ndn;
+ e.e_attrs = NULL;
+ e.e_ocflags = 0;
+ e.e_bv.bv_len = 0;
+ e.e_bv.bv_val = NULL;
+ e.e_private = NULL;
+
+ if ( ! access_allowed( op, &e,
+ entry, NULL, ACL_WRITE, NULL ) )
+ {
+ send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
+ return -1;
+ }
+
+ if ( forkandexec( si->si_modify, &rfp, &wfp ) == (pid_t)-1 ) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "could not fork/exec" );
+ return( -1 );
+ }
+
+ /* write out the request to the modify process */
+ fprintf( wfp, "MODIFY\n" );
+ fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
+ print_suffixes( wfp, op->o_bd );
+ fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
+ for ( ; ml != NULL; ml = ml->sml_next ) {
+ mod = &ml->sml_mod;
+
+ /* FIXME: should use LDIF routines to deal with binary data */
+
+ switch ( mod->sm_op ) {
+ case LDAP_MOD_ADD:
+ fprintf( wfp, "add: %s\n", mod->sm_desc->ad_cname.bv_val );
+ break;
+
+ case LDAP_MOD_DELETE:
+ fprintf( wfp, "delete: %s\n", mod->sm_desc->ad_cname.bv_val );
+ break;
+
+ case LDAP_MOD_REPLACE:
+ fprintf( wfp, "replace: %s\n", mod->sm_desc->ad_cname.bv_val );
+ break;
+ }
+
+ if( mod->sm_values != NULL ) {
+ for ( i = 0; mod->sm_values[i].bv_val != NULL; i++ ) {
+ fprintf( wfp, "%s: %s\n", mod->sm_desc->ad_cname.bv_val,
+ mod->sm_values[i].bv_val /* binary! */ );
+ }
+ }
+
+ fprintf( wfp, "-\n" );
+ }
+ fclose( wfp );
+
+ /* read in the results and send them along */
+ read_and_send_results( op, rs, rfp );
+ fclose( rfp );
+ return( 0 );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/modrdn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/modrdn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/modrdn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,96 @@
+/* modrdn.c - shell backend modrdn function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/modrdn.c,v 1.25.2.4 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "shell.h"
+
+int
+shell_back_modrdn(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
+ Entry e;
+ FILE *rfp, *wfp;
+
+ if ( si->si_modrdn == NULL ) {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "modrdn not implemented" );
+ return( -1 );
+ }
+
+ e.e_id = NOID;
+ e.e_name = op->o_req_dn;
+ e.e_nname = op->o_req_ndn;
+ e.e_attrs = NULL;
+ e.e_ocflags = 0;
+ e.e_bv.bv_len = 0;
+ e.e_bv.bv_val = NULL;
+ e.e_private = NULL;
+
+ if ( ! access_allowed( op, &e, entry, NULL,
+ op->oq_modrdn.rs_newSup ? ACL_WDEL : ACL_WRITE,
+ NULL ) )
+ {
+ send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
+ return -1;
+ }
+
+ if ( forkandexec( si->si_modrdn, &rfp, &wfp ) == (pid_t)-1 ) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "could not fork/exec" );
+ return( -1 );
+ }
+
+ /* write out the request to the modrdn process */
+ fprintf( wfp, "MODRDN\n" );
+ fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
+ print_suffixes( wfp, op->o_bd );
+ fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
+ fprintf( wfp, "newrdn: %s\n", op->oq_modrdn.rs_newrdn.bv_val );
+ fprintf( wfp, "deleteoldrdn: %d\n", op->oq_modrdn.rs_deleteoldrdn ? 1 : 0 );
+ if ( op->oq_modrdn.rs_newSup != NULL ) {
+ fprintf( wfp, "newSuperior: %s\n", op->oq_modrdn.rs_newSup->bv_val );
+ }
+ fclose( wfp );
+
+ /* read in the results and send them along */
+ read_and_send_results( op, rs, rfp );
+ fclose( rfp );
+ return( 0 );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/proto-shell.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/proto-shell.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/proto-shell.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,56 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/proto-shell.h,v 1.2.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#ifndef PROTO_SHELL_H
+#define PROTO_SHELL_H
+
+LDAP_BEGIN_DECL
+
+extern BI_init shell_back_initialize;
+
+extern BI_open shell_back_open;
+extern BI_close shell_back_close;
+extern BI_destroy shell_back_destroy;
+
+extern BI_db_init shell_back_db_init;
+extern BI_db_destroy shell_back_db_destroy;
+extern BI_db_config shell_back_db_config;
+
+extern BI_op_bind shell_back_bind;
+extern BI_op_unbind shell_back_unbind;
+extern BI_op_search shell_back_search;
+extern BI_op_compare shell_back_compare;
+extern BI_op_modify shell_back_modify;
+extern BI_op_modrdn shell_back_modrdn;
+extern BI_op_add shell_back_add;
+extern BI_op_delete shell_back_delete;
+
+LDAP_END_DECL
+
+#endif /* PROTO_SHELL_H */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/result.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/result.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/result.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,134 @@
+/* result.c - shell backend result reading function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/result.c,v 1.21.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/errno.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/unistd.h>
+
+#include "slap.h"
+#include "shell.h"
+
+int
+read_and_send_results(
+ Operation *op,
+ SlapReply *rs,
+ FILE *fp )
+{
+ int bsize, len;
+ char *buf, *bp;
+ char line[BUFSIZ];
+ char ebuf[128];
+
+ /* read in the result and send it along */
+ buf = (char *) ch_malloc( BUFSIZ );
+ buf[0] = '\0';
+ bsize = BUFSIZ;
+ bp = buf;
+ while ( !feof(fp) ) {
+ errno = 0;
+ if ( fgets( line, sizeof(line), fp ) == NULL ) {
+ if ( errno == EINTR ) continue;
+
+ Debug( LDAP_DEBUG_ANY, "shell: fgets failed: %s (%d)\n",
+ AC_STRERROR_R(errno, ebuf, sizeof ebuf), errno, 0 );
+ break;
+ }
+
+ Debug( LDAP_DEBUG_SHELL, "shell search reading line (%s)\n",
+ line, 0, 0 );
+
+ /* ignore lines beginning with # (LDIFv1 comments) */
+ if ( *line == '#' ) {
+ continue;
+ }
+
+ /* ignore lines beginning with DEBUG: */
+ if ( strncasecmp( line, "DEBUG:", 6 ) == 0 ) {
+ continue;
+ }
+
+ len = strlen( line );
+ while ( bp + len - buf > bsize ) {
+ size_t offset = bp - buf;
+ bsize += BUFSIZ;
+ buf = (char *) ch_realloc( buf, bsize );
+ bp = &buf[offset];
+ }
+ strcpy( bp, line );
+ bp += len;
+
+ /* line marked the end of an entry or result */
+ if ( *line == '\n' ) {
+ if ( strncasecmp( buf, "RESULT", 6 ) == 0 ) {
+ break;
+ }
+
+ if ( (rs->sr_entry = str2entry( buf )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "str2entry(%s) failed\n",
+ buf, 0, 0 );
+ } else {
+ rs->sr_attrs = op->oq_search.rs_attrs;
+ rs->sr_flags = REP_ENTRY_MODIFIABLE;
+ send_search_entry( op, rs );
+ entry_free( rs->sr_entry );
+ }
+
+ bp = buf;
+ }
+ }
+ (void) str2result( buf, &rs->sr_err, (char **)&rs->sr_matched, (char **)&rs->sr_text );
+
+ /* otherwise, front end will send this result */
+ if ( rs->sr_err != 0 || op->o_tag != LDAP_REQ_BIND ) {
+ send_ldap_result( op, rs );
+ }
+
+ free( buf );
+
+ return( rs->sr_err );
+}
+
+void
+print_suffixes(
+ FILE *fp,
+ Backend *be
+)
+{
+ int i;
+
+ for ( i = 0; be->be_suffix[i].bv_val != NULL; i++ ) {
+ fprintf( fp, "suffix: %s\n", be->be_suffix[i].bv_val );
+ }
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/search.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/search.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/search.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,86 @@
+/* search.c - shell backend search function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/search.c,v 1.27.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "shell.h"
+
+int
+shell_back_search(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
+ FILE *rfp, *wfp;
+ AttributeName *an;
+
+ if ( si->si_search == NULL ) {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "search not implemented" );
+ return( -1 );
+ }
+
+ if ( forkandexec( si->si_search, &rfp, &wfp ) == (pid_t)-1 ) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "could not fork/exec" );
+ return( -1 );
+ }
+
+ /* write out the request to the search process */
+ fprintf( wfp, "SEARCH\n" );
+ fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
+ print_suffixes( wfp, op->o_bd );
+ fprintf( wfp, "base: %s\n", op->o_req_dn.bv_val );
+ fprintf( wfp, "scope: %d\n", op->oq_search.rs_scope );
+ fprintf( wfp, "deref: %d\n", op->oq_search.rs_deref );
+ fprintf( wfp, "sizelimit: %d\n", op->oq_search.rs_slimit );
+ fprintf( wfp, "timelimit: %d\n", op->oq_search.rs_tlimit );
+ fprintf( wfp, "filter: %s\n", op->oq_search.rs_filterstr.bv_val );
+ fprintf( wfp, "attrsonly: %d\n", op->oq_search.rs_attrsonly ? 1 : 0 );
+ fprintf( wfp, "attrs:%s", op->oq_search.rs_attrs == NULL ? " all" : "" );
+ for ( an = op->oq_search.rs_attrs; an && an->an_name.bv_val; an++ ) {
+ fprintf( wfp, " %s", an->an_name.bv_val );
+ }
+ fprintf( wfp, "\n" );
+ fclose( wfp );
+
+ /* read in the results and send them along */
+ rs->sr_attrs = op->oq_search.rs_attrs;
+ read_and_send_results( op, rs, rfp );
+
+ fclose( rfp );
+ return( 0 );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/searchexample.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/searchexample.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/searchexample.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,29 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/back-shell/searchexample.conf,v 1.8.2.3 2007/01/02 21:44:06 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (c) 1995 Regents of the University of Michigan.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms are permitted
+## provided that this notice is preserved and that due credit is given
+## to the University of Michigan at Ann Arbor. The name of the University
+## may not be used to endorse or promote products derived from this
+## software without specific prior written permission. This software
+## is provided ``as is'' without express or implied warranty.
+
+include /usr/local/etc/openldap/schema/core.schema
+
+database shell
+suffix "dc=example,dc=com"
+search /usr/local/etc/searchexample.sh
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/searchexample.sh
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/searchexample.sh (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/searchexample.sh 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,65 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/servers/slapd/back-shell/searchexample.sh,v 1.7.2.3 2007/01/02 21:44:06 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (c) 1995 Regents of the University of Michigan.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms are permitted
+## provided that this notice is preserved and that due credit is given
+## to the University of Michigan at Ann Arbor. The name of the University
+## may not be used to endorse or promote products derived from this
+## software without specific prior written permission. This software
+## is provided ``as is'' without express or implied warranty.
+
+while [ 1 ]; do
+ read TAG VALUE
+ if [ $? -ne 0 ]; then
+ break
+ fi
+ case "$TAG" in
+ base:)
+ BASE=$VALUE
+ ;;
+ filter:)
+ FILTER=$VALUE
+ ;;
+ # include other parameters here
+ esac
+done
+
+LOGIN=`echo $FILTER | sed -e 's/.*=\(.*\))/\1/'`
+
+PWLINE=`grep -i "^$LOGIN" /etc/passwd`
+
+#sleep 60
+# if we found an entry that matches
+if [ $? = 0 ]; then
+ echo $PWLINE | awk -F: '{
+ printf("dn: cn=%s,%s\n", $1, base);
+ printf("objectclass: top\n");
+ printf("objectclass: person\n");
+ printf("cn: %s\n", $1);
+ printf("cn: %s\n", $5);
+ printf("sn: %s\n", $1);
+ printf("uid: %s\n", $1);
+ }' base="$BASE"
+ echo ""
+fi
+
+# result
+echo "RESULT"
+echo "code: 0"
+
+exit 0
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/shell.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/shell.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/shell.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,69 @@
+/* shell.h - shell backend header file */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/shell.h,v 1.22.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#ifndef SLAPD_SHELL_H
+#define SLAPD_SHELL_H
+
+#include "proto-shell.h"
+
+LDAP_BEGIN_DECL
+
+struct shellinfo {
+ char **si_bind; /* cmd + args to exec for bind */
+ char **si_unbind; /* cmd + args to exec for unbind */
+ char **si_search; /* cmd + args to exec for search */
+ char **si_compare; /* cmd + args to exec for compare */
+ char **si_modify; /* cmd + args to exec for modify */
+ char **si_modrdn; /* cmd + args to exec for modrdn */
+ char **si_add; /* cmd + args to exec for add */
+ char **si_delete; /* cmd + args to exec for delete */
+};
+
+struct slap_backend_db;
+struct slap_conn;
+struct slap_op;
+
+extern pid_t forkandexec LDAP_P((
+ char **args,
+ FILE **rfp,
+ FILE **wfp));
+
+extern void print_suffixes LDAP_P((
+ FILE *fp,
+ struct slap_backend_db *bd));
+
+extern int read_and_send_results LDAP_P((
+ struct slap_op *op,
+ struct slap_rep *rs,
+ FILE *fp));
+
+LDAP_END_DECL
+
+#endif
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/unbind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/unbind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-shell/unbind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,69 @@
+/* unbind.c - shell backend unbind function */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/unbind.c,v 1.21.2.3 2007/01/02 21:44:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "shell.h"
+
+int
+shell_back_unbind(
+ Operation *op,
+ SlapReply *rs
+)
+{
+ struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
+ FILE *rfp, *wfp;
+
+ if ( si->si_unbind == NULL ) {
+ return 0;
+ }
+
+ if ( forkandexec( si->si_unbind, &rfp, &wfp ) == (pid_t)-1 ) {
+ return 0;
+ }
+
+ /* write out the request to the unbind process */
+ fprintf( wfp, "UNBIND\n" );
+ fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
+ print_suffixes( wfp, op->o_bd );
+ fprintf( wfp, "dn: %s\n", (op->o_conn->c_dn.bv_len ? op->o_conn->c_dn.bv_val : "") );
+ fclose( wfp );
+
+ /* no response to unbind */
+ fclose( rfp );
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,45 @@
+# Makefile.in for back-sql
+# $OpenLDAP: pkg/ldap/servers/slapd/back-sql/Makefile.in,v 1.14.2.3 2007/01/02 21:44:07 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SRCS = init.c config.c search.c bind.c compare.c operational.c \
+ entry-id.c schema-map.c sql-wrap.c modify.c util.c \
+ add.c delete.c modrdn.c api.c
+OBJS = init.lo config.lo search.lo bind.lo compare.lo operational.lo \
+ entry-id.lo schema-map.lo sql-wrap.lo modify.lo util.lo \
+ add.lo delete.lo modrdn.lo api.lo
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-sql"
+BUILD_MOD = @BUILD_SQL@
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(@BUILD_SQL at _DEFS)
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS) $(SLAPD_SQL_LIBS)
+
+LIBBASE = back_sql
+
+XINCPATH = -I.. -I$(srcdir)/.. $(SLAPD_SQL_INCLUDES)
+XDEFS = $(MODULES_CPPFLAGS)
+
+all-local-lib: ../.backend
+
+../.backend: lib$(LIBBASE).a
+ @touch $@
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/add.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/add.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/add.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1544 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/add.c,v 1.20.2.13 2007/01/02 21:44:07 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * Portions Copyright 2004 Mark Adamson.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati and Mark Adamson.
+
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+#include "ac/string.h"
+
+#include "slap.h"
+#include "proto-sql.h"
+
+#ifdef BACKSQL_SYNCPROV
+#include <lutil.h>
+#endif /* BACKSQL_SYNCPROV */
+
+/*
+ * Skip:
+ * - null values (e.g. delete modification)
+ * - single occurrence of objectClass, because it is already used
+ * to determine how to build the SQL entry
+ * - operational attributes
+ * - empty attributes
+ */
+#define backsql_opattr_skip(ad) \
+ (is_at_operational( (ad)->ad_type ) && (ad) != slap_schema.si_ad_ref )
+#define backsql_attr_skip(ad, vals) \
+ ( \
+ ( (ad) == slap_schema.si_ad_objectClass \
+ && (vals) && BER_BVISNULL( &((vals)[ 1 ]) ) ) \
+ || backsql_opattr_skip( (ad) ) \
+ || ( (vals) && BER_BVISNULL( &((vals)[ 0 ]) ) ) \
+ )
+
+int
+backsql_modify_delete_all_values(
+ Operation *op,
+ SlapReply *rs,
+ SQLHDBC dbh,
+ backsql_entryID *e_id,
+ backsql_at_map_rec *at )
+{
+ backsql_info *bi = (backsql_info *)op->o_bd->be_private;
+ RETCODE rc;
+ SQLHSTMT asth = SQL_NULL_HSTMT;
+ BACKSQL_ROW_NTS row;
+
+ assert( at != NULL );
+ if ( at->bam_delete_proc == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_delete_all_values(): "
+ "missing attribute value delete procedure "
+ "for attr \"%s\"\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+ if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
+ rs->sr_text = "SQL-backend error";
+ return rs->sr_err = LDAP_OTHER;
+ }
+
+ return LDAP_SUCCESS;
+ }
+
+ rc = backsql_Prepare( dbh, &asth, at->bam_query, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_delete_all_values(): "
+ "error preparing attribute value select query "
+ "\"%s\"\n",
+ at->bam_query, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ asth, rc );
+
+ rs->sr_text = "SQL-backend error";
+ return rs->sr_err = LDAP_OTHER;
+ }
+
+ rc = backsql_BindParamID( asth, 1, SQL_PARAM_INPUT, &e_id->eid_keyval );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_delete_all_values(): "
+ "error binding key value parameter "
+ "to attribute value select query\n",
+ 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ asth, rc );
+ SQLFreeStmt( asth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ return rs->sr_err = LDAP_OTHER;
+ }
+
+ rc = SQLExecute( asth );
+ if ( !BACKSQL_SUCCESS( rc ) ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_delete_all_values(): "
+ "error executing attribute value select query\n",
+ 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ asth, rc );
+ SQLFreeStmt( asth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ return rs->sr_err = LDAP_OTHER;
+ }
+
+ backsql_BindRowAsStrings_x( asth, &row, op->o_tmpmemctx );
+ for ( rc = SQLFetch( asth );
+ BACKSQL_SUCCESS( rc );
+ rc = SQLFetch( asth ) )
+ {
+ int i;
+ /* first parameter no, parameter order */
+ SQLUSMALLINT pno = 0,
+ po = 0;
+ /* procedure return code */
+ int prc = LDAP_SUCCESS;
+
+ for ( i = 0; i < row.ncols; i++ ) {
+ SQLHSTMT sth = SQL_NULL_HSTMT;
+ ber_len_t col_len;
+
+ rc = backsql_Prepare( dbh, &sth, at->bam_delete_proc, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_delete_all_values(): "
+ "error preparing attribute value "
+ "delete procedure "
+ "\"%s\"\n",
+ at->bam_delete_proc, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+
+ if ( BACKSQL_IS_DEL( at->bam_expect_return ) ) {
+ pno = 1;
+ rc = backsql_BindParamInt( sth, 1,
+ SQL_PARAM_OUTPUT, &prc );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_delete_all_values(): "
+ "error binding output parameter for %s[%d]\n",
+ at->bam_ad->ad_cname.bv_val, i, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+ }
+ po = ( BACKSQL_IS_DEL( at->bam_param_order ) ) > 0;
+ rc = backsql_BindParamID( sth, pno + 1 + po,
+ SQL_PARAM_INPUT, &e_id->eid_keyval );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_delete_all_values(): "
+ "error binding keyval parameter for %s[%d]\n",
+ at->bam_ad->ad_cname.bv_val, i, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+#ifdef BACKSQL_ARBITRARY_KEY
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_delete_all_values() "
+ "arg(%d)=%s\n",
+ pno + 1 + po, e_id->eid_keyval.bv_val, 0 );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_delete_all_values() "
+ "arg(%d)=%lu\n",
+ pno + 1 + po, e_id->eid_keyval, 0 );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+ /*
+ * check for syntax needed here
+ * maybe need binary bind?
+ */
+ col_len = strlen( row.cols[ i ] );
+ rc = backsql_BindParamStr( sth, pno + 2 - po,
+ SQL_PARAM_INPUT, row.cols[ i ], col_len );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_delete_all_values(): "
+ "error binding value parameter for %s[%d]\n",
+ at->bam_ad->ad_cname.bv_val, i, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_delete_all_values(): "
+ "arg(%d)=%s; executing \"%s\"\n",
+ pno + 2 - po, row.cols[ i ],
+ at->bam_delete_proc );
+ rc = SQLExecute( sth );
+ if ( rc == SQL_SUCCESS && prc == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_SUCCESS;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_delete_all_values(): "
+ "delete_proc "
+ "execution failed (rc=%d, prc=%d)\n",
+ rc, prc, 0 );
+ if ( prc != LDAP_SUCCESS ) {
+ /* SQL procedure executed fine
+ * but returned an error */
+ rs->sr_err = BACKSQL_SANITIZE_ERROR( prc );
+
+ } else {
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ rs->sr_err = LDAP_OTHER;
+ }
+ rs->sr_text = op->o_req_dn.bv_val;
+ SQLFreeStmt( sth, SQL_DROP );
+ goto done;
+ }
+ SQLFreeStmt( sth, SQL_DROP );
+ }
+ }
+
+ rs->sr_err = LDAP_SUCCESS;
+
+done:;
+ backsql_FreeRow_x( &row, op->o_tmpmemctx );
+ SQLFreeStmt( asth, SQL_DROP );
+
+ return rs->sr_err;
+}
+
+int
+backsql_modify_internal(
+ Operation *op,
+ SlapReply *rs,
+ SQLHDBC dbh,
+ backsql_oc_map_rec *oc,
+ backsql_entryID *e_id,
+ Modifications *modlist )
+{
+ backsql_info *bi = (backsql_info *)op->o_bd->be_private;
+ RETCODE rc;
+ Modifications *ml;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_modify_internal(): "
+ "traversing modifications list\n", 0, 0, 0 );
+
+ for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
+ AttributeDescription *ad;
+ int sm_op;
+ static char *sm_ops[] = { "add", "delete", "replace", "increment", NULL };
+
+ BerVarray sm_values;
+#if 0
+ /* NOTE: some day we'll have to pass
+ * the normalized values as well */
+ BerVarray sm_nvalues;
+#endif
+ backsql_at_map_rec *at = NULL;
+ struct berval *at_val;
+ int i;
+
+ ad = ml->sml_mod.sm_desc;
+ sm_op = ( ml->sml_mod.sm_op & LDAP_MOD_OP );
+ sm_values = ml->sml_mod.sm_values;
+#if 0
+ sm_nvalues = ml->sml_mod.sm_nvalues;
+#endif
+
+ Debug( LDAP_DEBUG_TRACE, " backsql_modify_internal(): "
+ "modifying attribute \"%s\" (%s) according to "
+ "mappings for objectClass \"%s\"\n",
+ ad->ad_cname.bv_val, sm_ops[ sm_op ], BACKSQL_OC_NAME( oc ) );
+
+ if ( backsql_attr_skip( ad, sm_values ) ) {
+ continue;
+ }
+
+ at = backsql_ad2at( oc, ad );
+ if ( at == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_modify_internal(): "
+ "attribute \"%s\" is not registered "
+ "in objectClass \"%s\"\n",
+ ad->ad_cname.bv_val, BACKSQL_OC_NAME( oc ), 0 );
+
+ if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "operation not permitted "
+ "within namingContext";
+ goto done;
+ }
+
+ continue;
+ }
+
+ switch ( sm_op ) {
+ case LDAP_MOD_REPLACE: {
+ Debug( LDAP_DEBUG_TRACE, " backsql_modify_internal(): "
+ "replacing values for attribute \"%s\"\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+
+ if ( at->bam_add_proc == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "add procedure is not defined "
+ "for attribute \"%s\" "
+ "- unable to perform replacements\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+
+ if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "operation not permitted "
+ "within namingContext";
+ goto done;
+ }
+
+ break;
+ }
+
+ if ( at->bam_delete_proc == NULL ) {
+ if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "delete procedure is not defined "
+ "for attribute \"%s\"\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "operation not permitted "
+ "within namingContext";
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "delete procedure is not defined "
+ "for attribute \"%s\" "
+ "- adding only\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+
+ goto add_only;
+ }
+
+del_all:
+ rs->sr_err = backsql_modify_delete_all_values( op, rs, dbh, e_id, at );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ /* LDAP_MOD_DELETE gets here if all values must be deleted */
+ if ( sm_op == LDAP_MOD_DELETE ) {
+ break;
+ }
+ }
+
+ /*
+ * PASSTHROUGH - to add new attributes -- do NOT add break
+ */
+ case LDAP_MOD_ADD:
+ /* case SLAP_MOD_SOFTADD: */
+add_only:;
+ if ( at->bam_add_proc == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "add procedure is not defined "
+ "for attribute \"%s\"\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+
+ if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "operation not permitted "
+ "within namingContext";
+ goto done;
+ }
+
+ break;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, " backsql_modify_internal(): "
+ "adding new values for attribute \"%s\"\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+
+ /* can't add a NULL val array */
+ assert( sm_values != NULL );
+
+ for ( i = 0, at_val = sm_values;
+ !BER_BVISNULL( at_val );
+ i++, at_val++ )
+ {
+ SQLHSTMT sth = SQL_NULL_HSTMT;
+ /* first parameter position, parameter order */
+ SQLUSMALLINT pno = 0,
+ po;
+ /* procedure return code */
+ int prc = LDAP_SUCCESS;
+
+ rc = backsql_Prepare( dbh, &sth, at->bam_add_proc, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "error preparing add query\n",
+ 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ goto done;
+ }
+
+ if ( BACKSQL_IS_ADD( at->bam_expect_return ) ) {
+ pno = 1;
+ rc = backsql_BindParamInt( sth, 1,
+ SQL_PARAM_OUTPUT, &prc );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "error binding output parameter for %s[%d]\n",
+ at->bam_ad->ad_cname.bv_val, i, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+ }
+ po = ( BACKSQL_IS_ADD( at->bam_param_order ) ) > 0;
+ rc = backsql_BindParamID( sth, pno + 1 + po,
+ SQL_PARAM_INPUT, &e_id->eid_keyval );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "error binding keyval parameter for %s[%d]\n",
+ at->bam_ad->ad_cname.bv_val, i, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+#ifdef BACKSQL_ARBITRARY_KEY
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "arg(%d)=\"%s\"\n",
+ pno + 1 + po, e_id->eid_keyval.bv_val, 0 );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "arg(%d)=\"%lu\"\n",
+ pno + 1 + po, e_id->eid_keyval, 0 );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+ /*
+ * check for syntax needed here
+ * maybe need binary bind?
+ */
+ rc = backsql_BindParamBerVal( sth, pno + 2 - po,
+ SQL_PARAM_INPUT, at_val );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "error binding value parameter for %s[%d]\n",
+ at->bam_ad->ad_cname.bv_val, i, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "arg(%d)=\"%s\"; executing \"%s\"\n",
+ pno + 2 - po, at_val->bv_val,
+ at->bam_add_proc );
+
+ rc = SQLExecute( sth );
+ if ( rc == SQL_SUCCESS && prc == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_SUCCESS;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "add_proc execution failed "
+ "(rc=%d, prc=%d)\n",
+ rc, prc, 0 );
+ if ( prc != LDAP_SUCCESS ) {
+ /* SQL procedure executed fine
+ * but returned an error */
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_err = BACKSQL_SANITIZE_ERROR( prc );
+ rs->sr_text = at->bam_ad->ad_cname.bv_val;
+ return rs->sr_err;
+
+ } else {
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) )
+ {
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ goto done;
+ }
+ }
+ }
+ SQLFreeStmt( sth, SQL_DROP );
+ }
+ break;
+
+ case LDAP_MOD_DELETE:
+ if ( at->bam_delete_proc == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "delete procedure is not defined "
+ "for attribute \"%s\"\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+
+ if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "operation not permitted "
+ "within namingContext";
+ goto done;
+ }
+
+ break;
+ }
+
+ if ( sm_values == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "no values given to delete "
+ "for attribute \"%s\" "
+ "-- deleting all values\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+ goto del_all;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, " backsql_modify_internal(): "
+ "deleting values for attribute \"%s\"\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+
+ for ( i = 0, at_val = sm_values;
+ !BER_BVISNULL( at_val );
+ i++, at_val++ )
+ {
+ SQLHSTMT sth = SQL_NULL_HSTMT;
+ /* first parameter position, parameter order */
+ SQLUSMALLINT pno = 0,
+ po;
+ /* procedure return code */
+ int prc = LDAP_SUCCESS;
+
+ rc = backsql_Prepare( dbh, &sth, at->bam_delete_proc, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "error preparing delete query\n",
+ 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ goto done;
+ }
+
+ if ( BACKSQL_IS_DEL( at->bam_expect_return ) ) {
+ pno = 1;
+ rc = backsql_BindParamInt( sth, 1,
+ SQL_PARAM_OUTPUT, &prc );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "error binding output parameter for %s[%d]\n",
+ at->bam_ad->ad_cname.bv_val, i, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+ }
+ po = ( BACKSQL_IS_DEL( at->bam_param_order ) ) > 0;
+ rc = backsql_BindParamID( sth, pno + 1 + po,
+ SQL_PARAM_INPUT, &e_id->eid_keyval );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "error binding keyval parameter for %s[%d]\n",
+ at->bam_ad->ad_cname.bv_val, i, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+#ifdef BACKSQL_ARBITRARY_KEY
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "arg(%d)=\"%s\"\n",
+ pno + 1 + po, e_id->eid_keyval.bv_val, 0 );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "arg(%d)=\"%lu\"\n",
+ pno + 1 + po, e_id->eid_keyval, 0 );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+ /*
+ * check for syntax needed here
+ * maybe need binary bind?
+ */
+ rc = backsql_BindParamBerVal( sth, pno + 2 - po,
+ SQL_PARAM_INPUT, at_val );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "error binding value parameter for %s[%d]\n",
+ at->bam_ad->ad_cname.bv_val, i, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "executing \"%s\"\n",
+ at->bam_delete_proc, 0, 0 );
+ rc = SQLExecute( sth );
+ if ( rc == SQL_SUCCESS && prc == LDAP_SUCCESS )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modify_internal(): "
+ "delete_proc execution "
+ "failed (rc=%d, prc=%d)\n",
+ rc, prc, 0 );
+
+ if ( prc != LDAP_SUCCESS ) {
+ /* SQL procedure executed fine
+ * but returned an error */
+ rs->sr_err = BACKSQL_SANITIZE_ERROR( prc );
+ rs->sr_text = at->bam_ad->ad_cname.bv_val;
+ goto done;
+
+ } else {
+ backsql_PrintErrors( bi->sql_db_env,
+ dbh, sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = at->bam_ad->ad_cname.bv_val;
+ goto done;
+ }
+ }
+ SQLFreeStmt( sth, SQL_DROP );
+ }
+ break;
+
+ case LDAP_MOD_INCREMENT:
+ Debug( LDAP_DEBUG_TRACE, " backsql_modify_internal(): "
+ "increment not supported yet\n", 0, 0, 0 );
+ if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ goto done;
+ }
+ break;
+ }
+ }
+
+done:;
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_modify_internal(): %d%s%s\n",
+ rs->sr_err,
+ rs->sr_text ? ": " : "",
+ rs->sr_text ? rs->sr_text : "" );
+
+ /*
+ * FIXME: should fail in case one change fails?
+ */
+ return rs->sr_err;
+}
+
+static int
+backsql_add_attr(
+ Operation *op,
+ SlapReply *rs,
+ SQLHDBC dbh,
+ backsql_oc_map_rec *oc,
+ Attribute *at,
+ unsigned long new_keyval )
+{
+ backsql_info *bi = (backsql_info*)op->o_bd->be_private;
+ backsql_at_map_rec *at_rec = NULL;
+ struct berval *at_val;
+ unsigned long i;
+ RETCODE rc;
+ SQLUSMALLINT currpos;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
+
+ at_rec = backsql_ad2at( oc, at->a_desc );
+
+ if ( at_rec == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add_attr(\"%s\"): "
+ "attribute \"%s\" is not registered "
+ "in objectclass \"%s\"\n",
+ op->ora_e->e_name.bv_val,
+ at->a_desc->ad_cname.bv_val,
+ BACKSQL_OC_NAME( oc ) );
+
+ if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
+ rs->sr_text = "operation not permitted "
+ "within namingContext";
+ return rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ }
+
+ return LDAP_SUCCESS;
+ }
+
+ if ( at_rec->bam_add_proc == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add_attr(\"%s\"): "
+ "add procedure is not defined "
+ "for attribute \"%s\" "
+ "of structuralObjectClass \"%s\"\n",
+ op->ora_e->e_name.bv_val,
+ at->a_desc->ad_cname.bv_val,
+ BACKSQL_OC_NAME( oc ) );
+
+ if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
+ rs->sr_text = "operation not permitted "
+ "within namingContext";
+ return rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ }
+
+ return LDAP_SUCCESS;
+ }
+
+ for ( i = 0, at_val = &at->a_vals[ i ];
+ !BER_BVISNULL( at_val );
+ i++, at_val = &at->a_vals[ i ] )
+ {
+ /* procedure return code */
+ int prc = LDAP_SUCCESS;
+ /* first parameter #, parameter order */
+ SQLUSMALLINT pno, po;
+ char logbuf[] = "val[18446744073709551615UL], id=18446744073709551615UL";
+
+ /*
+ * Do not deal with the objectClass that is used
+ * to build the entry
+ */
+ if ( at->a_desc == slap_schema.si_ad_objectClass ) {
+ if ( dn_match( at_val, &oc->bom_oc->soc_cname ) )
+ {
+ continue;
+ }
+ }
+
+ rc = backsql_Prepare( dbh, &sth, at_rec->bam_add_proc, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ rs->sr_text = "SQL-backend error";
+ return rs->sr_err = LDAP_OTHER;
+ }
+
+ if ( BACKSQL_IS_ADD( at_rec->bam_expect_return ) ) {
+ pno = 1;
+ rc = backsql_BindParamInt( sth, 1, SQL_PARAM_OUTPUT, &prc );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_add_attr(): "
+ "error binding output parameter for %s[%lu]\n",
+ at_rec->bam_ad->ad_cname.bv_val, i, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ return rs->sr_err = LDAP_OTHER;
+ }
+
+ } else {
+ pno = 0;
+ }
+
+ po = ( BACKSQL_IS_ADD( at_rec->bam_param_order ) ) > 0;
+ currpos = pno + 1 + po;
+ rc = backsql_BindParamInt( sth, currpos,
+ SQL_PARAM_INPUT, &new_keyval );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_add_attr(): "
+ "error binding keyval parameter for %s[%lu]\n",
+ at_rec->bam_ad->ad_cname.bv_val, i, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ return rs->sr_err = LDAP_OTHER;
+ }
+
+ currpos = pno + 2 - po;
+
+ /*
+ * check for syntax needed here
+ * maybe need binary bind?
+ */
+
+ rc = backsql_BindParamBerVal( sth, currpos, SQL_PARAM_INPUT, at_val );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_add_attr(): "
+ "error binding value parameter for %s[%lu]\n",
+ at_rec->bam_ad->ad_cname.bv_val, i, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ return rs->sr_err = LDAP_OTHER;
+ }
+
+#ifdef LDAP_DEBUG
+ snprintf( logbuf, sizeof( logbuf ), "val[%lu], id=%lu",
+ i, new_keyval );
+ Debug( LDAP_DEBUG_TRACE, " backsql_add_attr(\"%s\"): "
+ "executing \"%s\" %s\n",
+ op->ora_e->e_name.bv_val,
+ at_rec->bam_add_proc, logbuf );
+#endif
+ rc = SQLExecute( sth );
+ if ( rc == SQL_SUCCESS && prc == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_SUCCESS;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_add_attr(\"%s\"): "
+ "add_proc execution failed (rc=%d, prc=%d)\n",
+ op->ora_e->e_name.bv_val, rc, prc );
+ if ( prc != LDAP_SUCCESS ) {
+ /* SQL procedure executed fine
+ * but returned an error */
+ rs->sr_err = BACKSQL_SANITIZE_ERROR( prc );
+ rs->sr_text = op->ora_e->e_name.bv_val;
+ SQLFreeStmt( sth, SQL_DROP );
+ return rs->sr_err;
+
+ } else {
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = op->ora_e->e_name.bv_val;
+ SQLFreeStmt( sth, SQL_DROP );
+ return rs->sr_err;
+ }
+ }
+ SQLFreeStmt( sth, SQL_DROP );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int
+backsql_add( Operation *op, SlapReply *rs )
+{
+ backsql_info *bi = (backsql_info*)op->o_bd->be_private;
+ SQLHDBC dbh = SQL_NULL_HDBC;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
+ unsigned long new_keyval = 0;
+ RETCODE rc;
+ backsql_oc_map_rec *oc = NULL;
+ backsql_srch_info bsi = { 0 };
+ Entry p = { 0 }, *e = NULL;
+ Attribute *at,
+ *at_objectClass = NULL;
+ struct berval scname = BER_BVNULL;
+ struct berval pdn;
+ struct berval realdn = BER_BVNULL;
+ int colnum;
+ slap_mask_t mask;
+
+ char textbuf[ SLAP_TEXT_BUFLEN ];
+ size_t textlen = sizeof( textbuf );
+
+#ifdef BACKSQL_SYNCPROV
+ /*
+ * NOTE: fake successful result to force contextCSN to be bumped up
+ */
+ if ( op->o_sync ) {
+ char buf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
+ struct berval csn;
+
+ csn.bv_val = buf;
+ csn.bv_len = sizeof( buf );
+ slap_get_csn( op, &csn, 1 );
+
+ rs->sr_err = LDAP_SUCCESS;
+ send_ldap_result( op, rs );
+
+ slap_graduate_commit_csn( op );
+
+ return 0;
+ }
+#endif /* BACKSQL_SYNCPROV */
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_add(\"%s\")\n",
+ op->ora_e->e_name.bv_val, 0, 0 );
+
+ slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
+
+ /* check schema */
+ if ( BACKSQL_CHECK_SCHEMA( bi ) ) {
+ char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' };
+
+ rs->sr_err = entry_schema_check( op, op->ora_e, NULL, 0,
+ &rs->sr_text, textbuf, sizeof( textbuf ) );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "entry failed schema check -- aborting\n",
+ op->ora_e->e_name.bv_val, 0, 0 );
+ e = NULL;
+ goto done;
+ }
+ }
+
+ /* search structuralObjectClass */
+ for ( at = op->ora_e->e_attrs; at != NULL; at = at->a_next ) {
+ if ( at->a_desc == slap_schema.si_ad_structuralObjectClass ) {
+ break;
+ }
+ }
+
+ /* there must exist */
+ if ( at == NULL ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+ const char *text;
+
+ /* search structuralObjectClass */
+ for ( at = op->ora_e->e_attrs; at != NULL; at = at->a_next ) {
+ if ( at->a_desc == slap_schema.si_ad_objectClass ) {
+ break;
+ }
+ }
+
+ if ( at == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "no objectClass\n",
+ op->ora_e->e_name.bv_val, 0, 0 );
+ rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
+ e = NULL;
+ goto done;
+ }
+
+ rs->sr_err = structural_class( at->a_vals, &scname, NULL,
+ &text, buf, sizeof( buf ) );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "%s (%d)\n",
+ op->ora_e->e_name.bv_val, text, rs->sr_err );
+ e = NULL;
+ goto done;
+ }
+
+ } else {
+ scname = at->a_vals[0];
+ }
+
+ /* I guess we should play with sub/supertypes to find a suitable oc */
+ oc = backsql_name2oc( bi, &scname );
+
+ if ( oc == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "cannot map structuralObjectClass \"%s\" -- aborting\n",
+ op->ora_e->e_name.bv_val,
+ scname.bv_val, 0 );
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "operation not permitted within namingContext";
+ e = NULL;
+ goto done;
+ }
+
+ if ( oc->bom_create_proc == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "create procedure is not defined "
+ "for structuralObjectClass \"%s\" - aborting\n",
+ op->ora_e->e_name.bv_val,
+ scname.bv_val, 0 );
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "operation not permitted within namingContext";
+ e = NULL;
+ goto done;
+
+ } else if ( BACKSQL_CREATE_NEEDS_SELECT( bi )
+ && oc->bom_create_keyval == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "create procedure needs select procedure, "
+ "but none is defined for structuralObjectClass \"%s\" "
+ "- aborting\n",
+ op->ora_e->e_name.bv_val,
+ scname.bv_val, 0 );
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "operation not permitted within namingContext";
+ e = NULL;
+ goto done;
+ }
+
+ /* check write access */
+ if ( !access_allowed_mask( op, op->ora_e,
+ slap_schema.si_ad_entry,
+ NULL, ACL_WADD, NULL, &mask ) )
+ {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ e = op->ora_e;
+ goto done;
+ }
+
+ rs->sr_err = backsql_get_db_conn( op, &dbh );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "could not get connection handle - exiting\n",
+ op->ora_e->e_name.bv_val, 0, 0 );
+ rs->sr_text = ( rs->sr_err == LDAP_OTHER )
+ ? "SQL-backend error" : NULL;
+ e = NULL;
+ goto done;
+ }
+
+ /*
+ * Check if entry exists
+ *
+ * NOTE: backsql_api_dn2odbc() is called explicitly because
+ * we need the mucked DN to pass it to the create procedure.
+ */
+ realdn = op->ora_e->e_name;
+ if ( backsql_api_dn2odbc( op, rs, &realdn ) ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "backsql_api_dn2odbc(\"%s\") failed\n",
+ op->ora_e->e_name.bv_val, realdn.bv_val, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+ }
+
+ rs->sr_err = backsql_dn2id( op, rs, dbh, &realdn, NULL, 0, 0 );
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "entry exists\n",
+ op->ora_e->e_name.bv_val, 0, 0 );
+ rs->sr_err = LDAP_ALREADY_EXISTS;
+ e = op->ora_e;
+ goto done;
+ }
+
+ /*
+ * Get the parent dn and see if the corresponding entry exists.
+ */
+ if ( be_issuffix( op->o_bd, &op->ora_e->e_nname ) ) {
+ pdn = slap_empty_bv;
+
+ } else {
+ dnParent( &op->ora_e->e_nname, &pdn );
+
+ /*
+ * Get the parent
+ */
+ bsi.bsi_e = &p;
+ rs->sr_err = backsql_init_search( &bsi, &pdn,
+ LDAP_SCOPE_BASE,
+ (time_t)(-1), NULL, dbh, op, rs, slap_anlist_no_attrs,
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_add(): "
+ "could not retrieve addDN parent "
+ "\"%s\" ID - %s matched=\"%s\"\n",
+ pdn.bv_val,
+ rs->sr_err == LDAP_REFERRAL ? "referral" : "no such entry",
+ rs->sr_matched ? rs->sr_matched : "(null)" );
+ e = &p;
+ goto done;
+ }
+
+ /* check "children" pseudo-attribute access to parent */
+ if ( !access_allowed( op, &p, slap_schema.si_ad_children,
+ NULL, ACL_WADD, NULL ) )
+ {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ e = &p;
+ goto done;
+ }
+ }
+
+ /*
+ * create_proc is executed; if expect_return is set, then
+ * an output parameter is bound, which should contain
+ * the id of the added row; otherwise the procedure
+ * is expected to return the id as the first column of a select
+ */
+ rc = backsql_Prepare( dbh, &sth, oc->bom_create_proc, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+ }
+
+ colnum = 1;
+ if ( BACKSQL_IS_ADD( oc->bom_expect_return ) ) {
+ rc = backsql_BindParamInt( sth, 1, SQL_PARAM_OUTPUT, &new_keyval );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "error binding keyval parameter "
+ "for objectClass %s\n",
+ op->ora_e->e_name.bv_val,
+ oc->bom_oc->soc_cname.bv_val, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+ colnum++;
+ }
+
+ if ( oc->bom_create_hint ) {
+ at = attr_find( op->ora_e->e_attrs, oc->bom_create_hint );
+ if ( at && at->a_vals ) {
+ backsql_BindParamStr( sth, colnum, SQL_PARAM_INPUT,
+ at->a_vals[0].bv_val,
+ at->a_vals[0].bv_len );
+ Debug( LDAP_DEBUG_TRACE, "backsql_add(): "
+ "create_proc hint: param = '%s'\n",
+ at->a_vals[0].bv_val, 0, 0 );
+
+ } else {
+ backsql_BindParamStr( sth, colnum, SQL_PARAM_INPUT,
+ "", 0 );
+ Debug( LDAP_DEBUG_TRACE, "backsql_add(): "
+ "create_proc hint (%s) not avalable\n",
+ oc->bom_create_hint->ad_cname.bv_val,
+ 0, 0 );
+ }
+ colnum++;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): executing \"%s\"\n",
+ op->ora_e->e_name.bv_val, oc->bom_create_proc, 0 );
+ rc = SQLExecute( sth );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "create_proc execution failed\n",
+ op->ora_e->e_name.bv_val, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc);
+ SQLFreeStmt( sth, SQL_DROP );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+ }
+
+ /* FIXME: after SQLExecute(), the row is already inserted
+ * (at least with PostgreSQL and unixODBC); needs investigation */
+
+ if ( !BACKSQL_IS_ADD( oc->bom_expect_return ) ) {
+ SWORD ncols;
+ SQLINTEGER value_len;
+
+ if ( BACKSQL_CREATE_NEEDS_SELECT( bi ) ) {
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rc = backsql_Prepare( dbh, &sth, oc->bom_create_keyval, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+ }
+
+ rc = SQLExecute( sth );
+ if ( rc != SQL_SUCCESS ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+ }
+ }
+
+ /*
+ * the query to know the id of the inserted entry
+ * must be embedded in the create procedure
+ */
+ rc = SQLNumResultCols( sth, &ncols );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "create_proc result evaluation failed\n",
+ op->ora_e->e_name.bv_val, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc);
+ SQLFreeStmt( sth, SQL_DROP );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+
+ } else if ( ncols != 1 ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "create_proc result is bogus (ncols=%d)\n",
+ op->ora_e->e_name.bv_val, ncols, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc);
+ SQLFreeStmt( sth, SQL_DROP );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+ }
+
+#if 0
+ {
+ SQLCHAR colname[ 64 ];
+ SQLSMALLINT name_len, col_type, col_scale, col_null;
+ UDWORD col_prec;
+
+ /*
+ * FIXME: check whether col_type is compatible,
+ * if it can be null and so on ...
+ */
+ rc = SQLDescribeCol( sth, (SQLUSMALLINT)1,
+ &colname[ 0 ],
+ (SQLUINTEGER)( sizeof( colname ) - 1 ),
+ &name_len, &col_type,
+ &col_prec, &col_scale, &col_null );
+ }
+#endif
+
+ rc = SQLBindCol( sth, (SQLUSMALLINT)1, SQL_C_ULONG,
+ (SQLPOINTER)&new_keyval,
+ (SQLINTEGER)sizeof( new_keyval ),
+ &value_len );
+
+ rc = SQLFetch( sth );
+
+ if ( value_len <= 0 ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "create_proc result is empty?\n",
+ op->ora_e->e_name.bv_val, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc);
+ SQLFreeStmt( sth, SQL_DROP );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+ }
+ }
+
+ SQLFreeStmt( sth, SQL_DROP );
+
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "create_proc returned keyval=%ld\n",
+ op->ora_e->e_name.bv_val, new_keyval, 0 );
+
+ rc = backsql_Prepare( dbh, &sth, bi->sql_insentry_stmt, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+ }
+
+ rc = backsql_BindParamBerVal( sth, 1, SQL_PARAM_INPUT, &realdn );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "error binding DN parameter for objectClass %s\n",
+ op->ora_e->e_name.bv_val,
+ oc->bom_oc->soc_cname.bv_val, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+
+ rc = backsql_BindParamInt( sth, 2, SQL_PARAM_INPUT, &oc->bom_id );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "error binding objectClass ID parameter "
+ "for objectClass %s\n",
+ op->ora_e->e_name.bv_val,
+ oc->bom_oc->soc_cname.bv_val, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+
+ rc = backsql_BindParamID( sth, 3, SQL_PARAM_INPUT, &bsi.bsi_base_id.eid_id );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "error binding parent ID parameter "
+ "for objectClass %s\n",
+ op->ora_e->e_name.bv_val,
+ oc->bom_oc->soc_cname.bv_val, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+
+ rc = backsql_BindParamInt( sth, 4, SQL_PARAM_INPUT, &new_keyval );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "error binding entry ID parameter "
+ "for objectClass %s\n",
+ op->ora_e->e_name.bv_val,
+ oc->bom_oc->soc_cname.bv_val, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(): executing \"%s\" for dn \"%s\"\n",
+ bi->sql_insentry_stmt, op->ora_e->e_name.bv_val, 0 );
+#ifdef BACKSQL_ARBITRARY_KEY
+ Debug( LDAP_DEBUG_TRACE, " for oc_map_id=%ld, "
+ "p_id=%s, keyval=%ld\n",
+ oc->bom_id, bsi.bsi_base_id.eid_id.bv_val, new_keyval );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ Debug( LDAP_DEBUG_TRACE, " for oc_map_id=%ld, "
+ "p_id=%ld, keyval=%ld\n",
+ oc->bom_id, bsi.bsi_base_id.eid_id, new_keyval );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+ rc = SQLExecute( sth );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "could not insert ldap_entries record\n",
+ op->ora_e->e_name.bv_val, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+
+ /*
+ * execute delete_proc to delete data added !!!
+ */
+ SQLFreeStmt( sth, SQL_DROP );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+ }
+
+ SQLFreeStmt( sth, SQL_DROP );
+
+ for ( at = op->ora_e->e_attrs; at != NULL; at = at->a_next ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(): "
+ "adding attribute \"%s\"\n",
+ at->a_desc->ad_cname.bv_val, 0, 0 );
+
+ /*
+ * Skip:
+ * - the first occurrence of objectClass, which is used
+ * to determine how to build the SQL entry (FIXME ?!?)
+ * - operational attributes
+ * - empty attributes (FIXME ?!?)
+ */
+ if ( backsql_attr_skip( at->a_desc, at->a_vals ) ) {
+ continue;
+ }
+
+ if ( at->a_desc == slap_schema.si_ad_objectClass ) {
+ at_objectClass = at;
+ continue;
+ }
+
+ rs->sr_err = backsql_add_attr( op, rs, dbh, oc, at, new_keyval );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ e = op->ora_e;
+ goto done;
+ }
+ }
+
+ if ( at_objectClass ) {
+ rs->sr_err = backsql_add_attr( op, rs, dbh, oc,
+ at_objectClass, new_keyval );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ e = op->ora_e;
+ goto done;
+ }
+ }
+
+done:;
+ /*
+ * Commit only if all operations succeed
+ */
+ if ( sth != SQL_NULL_HSTMT ) {
+ SQLUSMALLINT CompletionType = SQL_ROLLBACK;
+
+ if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
+ assert( e == NULL );
+ CompletionType = SQL_COMMIT;
+ }
+
+ SQLTransact( SQL_NULL_HENV, dbh, CompletionType );
+ }
+
+ /*
+ * FIXME: NOOP does not work for add -- it works for all
+ * the other operations, and I don't get the reason :(
+ *
+ * hint: there might be some autocommit in Postgres
+ * so that when the unique id of the key table is
+ * automatically increased, there's no rollback.
+ * We might implement a "rollback" procedure consisting
+ * in deleting that row.
+ */
+
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( e != NULL ) {
+ int disclose = 1;
+
+ if ( e == op->ora_e && !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ /* mask already collected */
+ disclose = 0;
+
+ } else if ( e == &p && !access_allowed( op, &p,
+ slap_schema.si_ad_entry, NULL,
+ ACL_DISCLOSE, NULL ) )
+ {
+ disclose = 0;
+ }
+
+ if ( disclose == 0 ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ }
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
+ if ( op->o_noop && rs->sr_err == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_X_NO_OPERATION;
+ }
+
+ send_ldap_result( op, rs );
+ slap_graduate_commit_csn( op );
+
+ if ( !BER_BVISNULL( &realdn )
+ && realdn.bv_val != op->ora_e->e_name.bv_val )
+ {
+ ch_free( realdn.bv_val );
+ }
+
+ if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) {
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+ }
+
+ if ( !BER_BVISNULL( &p.e_nname ) ) {
+ backsql_entry_clean( op, &p );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_add(\"%s\"): %d \"%s\"\n",
+ op->ora_e->e_name.bv_val,
+ rs->sr_err,
+ rs->sr_text ? rs->sr_text : "" );
+
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/api.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/api.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/api.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,204 @@
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2004 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+#include "ac/string.h"
+
+#include "slap.h"
+#include "proto-sql.h"
+
+static backsql_api *backsqlapi;
+
+int
+backsql_api_config( backsql_info *bi, const char *name, int argc, char *argv[] )
+{
+ backsql_api *ba;
+
+ assert( bi != NULL );
+ assert( name != NULL );
+
+ for ( ba = backsqlapi; ba; ba = ba->ba_next ) {
+ if ( strcasecmp( name, ba->ba_name ) == 0 ) {
+ backsql_api *ba2;
+
+ ba2 = ch_malloc( sizeof( backsql_api ) );
+ *ba2 = *ba;
+
+ if ( ba2->ba_config ) {
+ if ( ( *ba2->ba_config )( ba2, argc, argv ) ) {
+ ch_free( ba2 );
+ return 1;
+ }
+ }
+
+ ba2->ba_next = bi->sql_api;
+ bi->sql_api = ba2;
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+int
+backsql_api_destroy( backsql_info *bi )
+{
+ backsql_api *ba;
+
+ assert( bi != NULL );
+
+ ba = bi->sql_api;
+
+ if ( ba == NULL ) {
+ return 0;
+ }
+
+ for ( ; ba; ba = ba->ba_next ) {
+ if ( ba->ba_destroy ) {
+ (void)( *ba->ba_destroy )( ba );
+ }
+ }
+
+ return 0;
+}
+
+int
+backsql_api_register( backsql_api *ba )
+{
+ backsql_api *ba2;
+
+ assert( ba != NULL );
+ assert( ba->ba_private == NULL );
+
+ if ( ba->ba_name == NULL ) {
+ fprintf( stderr, "API module has no name\n" );
+ exit(EXIT_FAILURE);
+ }
+
+ for ( ba2 = backsqlapi; ba2; ba2 = ba2->ba_next ) {
+ if ( strcasecmp( ba->ba_name, ba2->ba_name ) == 0 ) {
+ fprintf( stderr, "API module \"%s\" already defined\n", ba->ba_name );
+ exit( EXIT_FAILURE );
+ }
+ }
+
+ ba->ba_next = backsqlapi;
+ backsqlapi = ba;
+
+ return 0;
+}
+
+int
+backsql_api_dn2odbc( Operation *op, SlapReply *rs, struct berval *dn )
+{
+ backsql_info *bi = (backsql_info *)op->o_bd->be_private;
+ backsql_api *ba;
+ int rc;
+ struct berval bv;
+
+ ba = bi->sql_api;
+
+ if ( ba == NULL ) {
+ return 0;
+ }
+
+ ber_dupbv( &bv, dn );
+
+ for ( ; ba; ba = ba->ba_next ) {
+ if ( ba->ba_dn2odbc ) {
+ /*
+ * The dn2odbc() helper is supposed to rewrite
+ * the contents of bv, freeing the original value
+ * with ch_free() if required and replacing it
+ * with a newly allocated one using ch_malloc()
+ * or companion functions.
+ *
+ * NOTE: it is supposed to __always__ free
+ * the value of bv in case of error, and reset
+ * it with BER_BVZERO() .
+ */
+ rc = ( *ba->ba_dn2odbc )( op, rs, &bv );
+
+ if ( rc ) {
+ /* in case of error, dn2odbc() must cleanup */
+ assert( BER_BVISNULL( &bv ) );
+
+ return rc;
+ }
+ }
+ }
+
+ assert( !BER_BVISNULL( &bv ) );
+
+ *dn = bv;
+
+ return 0;
+}
+
+int
+backsql_api_odbc2dn( Operation *op, SlapReply *rs, struct berval *dn )
+{
+ backsql_info *bi = (backsql_info *)op->o_bd->be_private;
+ backsql_api *ba;
+ int rc;
+ struct berval bv;
+
+ ba = bi->sql_api;
+
+ if ( ba == NULL ) {
+ return 0;
+ }
+
+ ber_dupbv( &bv, dn );
+
+ for ( ; ba; ba = ba->ba_next ) {
+ if ( ba->ba_dn2odbc ) {
+ rc = ( *ba->ba_odbc2dn )( op, rs, &bv );
+ /*
+ * The odbc2dn() helper is supposed to rewrite
+ * the contents of bv, freeing the original value
+ * with ch_free() if required and replacing it
+ * with a newly allocated one using ch_malloc()
+ * or companion functions.
+ *
+ * NOTE: it is supposed to __always__ free
+ * the value of bv in case of error, and reset
+ * it with BER_BVZERO() .
+ */
+ if ( rc ) {
+ /* in case of error, odbc2dn() must cleanup */
+ assert( BER_BVISNULL( &bv ) );
+
+ return rc;
+ }
+ }
+ }
+
+ assert( !BER_BVISNULL( &bv ) );
+
+ *dn = bv;
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/back-sql.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/back-sql.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/back-sql.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,586 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/back-sql.h,v 1.30.2.10 2007/01/02 21:44:07 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Mararati.
+ * Portions Copyright 2004 Mark Adamson.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati and Mark Adamson.
+ */
+/*
+ * The following changes have been addressed:
+ *
+ * Enhancements:
+ * - re-styled code for better readability
+ * - upgraded backend API to reflect recent changes
+ * - LDAP schema is checked when loading SQL/LDAP mapping
+ * - AttributeDescription/ObjectClass pointers used for more efficient
+ * mapping lookup
+ * - bervals used where string length is required often
+ * - atomized write operations by committing at the end of each operation
+ * and defaulting connection closure to rollback
+ * - added LDAP access control to write operations
+ * - fully implemented modrdn (with rdn attrs change, deleteoldrdn,
+ * access check, parent/children check and more)
+ * - added parent access control, children control to delete operation
+ * - added structuralObjectClass operational attribute check and
+ * value return on search
+ * - added hasSubordinate operational attribute on demand
+ * - search limits are appropriately enforced
+ * - function backsql_strcat() has been made more efficient
+ * - concat function has been made configurable by means of a pattern
+ * - added config switches:
+ * - fail_if_no_mapping write operations fail if there is no mapping
+ * - has_ldapinfo_dn_ru overrides autodetect
+ * - concat_pattern a string containing two '?' is used
+ * (note that "?||?" should be more portable
+ * than builtin function "CONCAT(?,?)")
+ * - strcast_func cast of string constants in "SELECT DISTINCT
+ * statements (needed by PostgreSQL)
+ * - upper_needs_cast cast the argument of upper when required
+ * (basically when building dn substring queries)
+ * - added noop control
+ * - added values return filter control
+ * - hasSubordinate can be used in search filters (with limitations)
+ * - eliminated oc->name; use oc->oc->soc_cname instead
+ *
+ * Todo:
+ * - add security checks for SQL statements that can be injected (?)
+ * - re-test with previously supported RDBMs
+ * - replace dn_ru and so with normalized dn (no need for upper() and so
+ * in dn match)
+ * - implement a backsql_normalize() function to replace the upper()
+ * conversion routines
+ * - note that subtree deletion, subtree renaming and so could be easily
+ * implemented (rollback and consistency checks are available :)
+ * - implement "lastmod" and other operational stuff (ldap_entries table ?)
+ * - check how to allow multiple operations with one statement, to remove
+ * BACKSQL_REALLOC_STMT from modify.c (a more recent unixODBC lib?)
+ */
+/*
+ * Improvements submitted by (ITS#3432)
+ *
+ * 1. id_query.patch applied (with changes)
+ * 2. shortcut.patch applied (reworked)
+ * 3. create_hint.patch applied
+ * 4. count_query.patch applied (reworked)
+ * 5. returncodes.patch applied (with sanity checks)
+ * 6. connpool.patch under evaluation
+ * 7. modoc.patch under evaluation (requires
+ * manageDSAit and "manage"
+ * access privileges)
+ * 8. miscfixes.patch applied (reworked; other
+ * operations need to load the
+ * entire entry for ACL purposes;
+ * see ITS#3480, now fixed)
+ *
+ * original description:
+
+ Changes that were made to the SQL backend.
+
+The patches were made against 2.2.18 and can be applied individually,
+but would best be applied in the numerical order of the file names.
+A synopsis of each patch is given here:
+
+
+1. Added an option to set SQL query for the "id_query" operation.
+
+2. Added an option to the SQL backend called "use_subtree_shortcut".
+When a search is performed, the SQL query includes a WHERE clause
+which says the DN must be "LIKE %<searchbase>". The LIKE operation
+can be slow in an RDBM. This shortcut option says that if the
+searchbase of the LDAP search is the root DN of the SQL backend,
+and thus all objects will match the LIKE operator, do not include
+the "LIKE %<searchbase>" clause in the SQL query (it is replaced
+instead by the always true "1=1" clause to keep the "AND"'s
+working correctly). This option is off by default, and should be
+turned on only if all objects to be found in the RDBM are under the
+same root DN. Multiple backends working within the same RDBM table
+space would encounter problems. LDAP searches whose searchbase are
+not at the root DN will bypass this shortcut and employ the LIKE
+clause.
+
+3. Added a "create_hint" column to ldap_oc_mappings table. Allows
+taking the value of an attr named in "create_hint" and passing it to
+the create_proc procedure. This is necessary for when an objectClass's
+table is partition indexed by some indexing column and thus the value
+in that indexing column cannot change after the row is created. The
+value for the indexed column is passed into the create_proc, which
+uses it to fill in the indexed column as the new row is created.
+
+4. When loading the values of an attribute, the count(*) of the number
+of values is fetched first and memory is allocated for the array of
+values and normalized values. The old system of loading the values one
+by one and running realloc() on the array of values and normalized
+values each time was badly fragmenting memory. The array of values and
+normalized values would be side by side in memory, and realloc()'ing
+them over and over would force them to leapfrog each other through all
+of available memory. Attrs with a large number of values could not be
+loaded without crashing the slapd daemon.
+
+5. Added code to interpret the value returned by stored procedures
+which have expect_return set. Returned value is interpreted as an LDAP
+return code. This allows the distinction between the SQL failing to
+execute and the SQL running to completion and returning an error code
+which can indicate a policy violation.
+
+6. Added RDBM connection pooling. Once an operation is finished the
+connection to the RDBM is returned to a pool rather than closing.
+Allows the next operation to skip the initialization and authentication
+phases of contacting the RDBM. Also, if licensing with ODBC places
+a limit on the number of connections, an LDAP thread can block waiting
+for another thread to finish, so that no LDAP errors are returned
+for having more LDAP connections than allowed RDBM connections. An
+RDBM connection which receives an SQL error is marked as "tainted"
+so that it will be closed rather than returned to the pool.
+ Also, RDBM connections must be bound to a given LDAP connection AND
+operation number, and NOT just the connection number. Asynchronous
+LDAP clients can have multiple simultaneous LDAP operations which
+should not share the same RDBM connection. A given LDAP operation can
+even make multiple SQL operations (e.g. a BIND operation which
+requires SASL to perform an LDAP search to convert the SASL ID to an
+LDAP DN), so each RDBM connection now has a refcount that must reach
+zero before the connection is returned to the free pool.
+
+7. Added ability to change the objectClass of an object. Required
+considerable work to copy all attributes out of old object and into
+new object. Does a schema check before proceeding. Creates a new
+object, fills it in, deletes the old object, then changes the
+oc_map_id and keyval of the entry in the "ldap_entries" table.
+
+8. Generic fixes. Includes initializing pointers before they
+get used in error branch cases, pointer checks before dereferencing,
+resetting a return code to success after a COMPARE op, sealing
+memory leaks, and in search.c, changing some of the "1=1" tests to
+"2=2", "3=3", etc so that when reading slapd trace output, the
+location in the source code where the x=x test was added to the SQL
+can be easily distinguished.
+ */
+
+#ifndef __BACKSQL_H__
+#define __BACKSQL_H__
+
+/* former sql-types.h */
+#include <sql.h>
+#include <sqlext.h>
+
+typedef struct {
+ SWORD ncols;
+ BerVarray col_names;
+ UDWORD *col_prec;
+ char **cols;
+ SQLINTEGER *value_len;
+} BACKSQL_ROW_NTS;
+
+/*
+ * Better use the standard length of 8192 (as of slap.h)?
+ *
+ * NOTE: must be consistent with definition in ldap_entries table
+ */
+/* #define BACKSQL_MAX_DN_LEN SLAP_LDAPDN_MAXLEN */
+#define BACKSQL_MAX_DN_LEN 255
+
+/*
+ * define to enable very extensive trace logging (debug only)
+ */
+#undef BACKSQL_TRACE
+
+/*
+ * define if using MS SQL and workaround needed (see sql-wrap.c)
+ */
+#undef BACKSQL_MSSQL_WORKAROUND
+
+/*
+ * define to enable values counting for attributes
+ */
+#define BACKSQL_COUNTQUERY
+
+/*
+ * define to enable prettification/validation of values
+ */
+#define BACKSQL_PRETTY_VALIDATE
+
+/*
+ * define to enable varchars as unique keys in user tables
+ *
+ * by default integers are used (and recommended)
+ * for performances. Integers are used anyway in back-sql
+ * related tables.
+ */
+#undef BACKSQL_ARBITRARY_KEY
+
+/*
+ * define to enable support for syncprov overlay
+ */
+#define BACKSQL_SYNCPROV
+
+/*
+ * define to the appropriate aliasing string
+ *
+ * some RDBMSes tolerate (or require) that " AS " is not used
+ * when aliasing tables/columns
+ */
+#define BACKSQL_ALIASING "AS "
+/* #define BACKSQL_ALIASING "" */
+
+/*
+ * define to the appropriate quoting char
+ *
+ * some RDBMSes tolerate/require that the aliases be enclosed
+ * in quotes. This is especially true for those that do not
+ * allow keywords used as aliases.
+ */
+#define BACKSQL_ALIASING_QUOTE ""
+/* #define BACKSQL_ALIASING_QUOTE "\"" */
+/* #define BACKSQL_ALIASING_QUOTE "'" */
+
+/*
+ * API
+ *
+ * a simple mechanism to allow DN mucking between the LDAP
+ * and the stored string representation.
+ */
+typedef struct backsql_api {
+ char *ba_name;
+ int (*ba_config)( struct backsql_api *self, int argc, char *argv[] );
+ int (*ba_destroy)( struct backsql_api *self );
+
+ int (*ba_dn2odbc)( Operation *op, SlapReply *rs, struct berval *dn );
+ int (*ba_odbc2dn)( Operation *op, SlapReply *rs, struct berval *dn );
+
+ void *ba_private;
+ struct backsql_api *ba_next;
+} backsql_api;
+
+/*
+ * Entry ID structure
+ */
+typedef struct backsql_entryID {
+ /* #define BACKSQL_ARBITRARY_KEY to allow a non-numeric key.
+ * It is required by some special applications that use
+ * strings as keys for the main table.
+ * In this case, #define BACKSQL_MAX_KEY_LEN consistently
+ * with the key size definition */
+#ifdef BACKSQL_ARBITRARY_KEY
+ struct berval eid_id;
+ struct berval eid_keyval;
+#define BACKSQL_MAX_KEY_LEN 64
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ /* The original numeric key is maintained as default. */
+ unsigned long eid_id;
+ unsigned long eid_keyval;
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+ unsigned long eid_oc_id;
+ struct berval eid_dn;
+ struct berval eid_ndn;
+ struct backsql_entryID *eid_next;
+} backsql_entryID;
+
+#ifdef BACKSQL_ARBITRARY_KEY
+#define BACKSQL_ENTRYID_INIT { BER_BVNULL, BER_BVNULL, 0, BER_BVNULL, BER_BVNULL, NULL }
+#else /* ! BACKSQL_ARBITRARY_KEY */
+#define BACKSQL_ENTRYID_INIT { 0, 0, 0, BER_BVNULL, BER_BVNULL, NULL }
+#endif /* BACKSQL_ARBITRARY_KEY */
+
+/*
+ * "structural" objectClass mapping structure
+ */
+typedef struct backsql_oc_map_rec {
+ /*
+ * Structure of corresponding LDAP objectClass definition
+ */
+ ObjectClass *bom_oc;
+#define BACKSQL_OC_NAME(ocmap) ((ocmap)->bom_oc->soc_cname.bv_val)
+
+ struct berval bom_keytbl;
+ struct berval bom_keycol;
+ /* expected to return keyval of newly created entry */
+ char *bom_create_proc;
+ /* in case create_proc does not return the keyval of the newly
+ * created row */
+ char *bom_create_keyval;
+ /* supposed to expect keyval as parameter and delete
+ * all the attributes as well */
+ char *bom_delete_proc;
+ /* flags whether delete_proc is a function (whether back-sql
+ * should bind first parameter as output for return code) */
+ int bom_expect_return;
+ unsigned long bom_id;
+ Avlnode *bom_attrs;
+ AttributeDescription *bom_create_hint;
+} backsql_oc_map_rec;
+
+/*
+ * attributeType mapping structure
+ */
+typedef struct backsql_at_map_rec {
+ /* Description of corresponding LDAP attribute type */
+ AttributeDescription *bam_ad;
+ /* ObjectClass if bam_ad is objectClass */
+ ObjectClass *bam_oc;
+
+ struct berval bam_from_tbls;
+ struct berval bam_join_where;
+ struct berval bam_sel_expr;
+
+ /* TimesTen, or, if a uppercase function is defined,
+ * an uppercased version of bam_sel_expr */
+ struct berval bam_sel_expr_u;
+
+ /* supposed to expect 2 binded values: entry keyval
+ * and attr. value to add, like "add_name(?,?,?)" */
+ char *bam_add_proc;
+ /* supposed to expect 2 binded values: entry keyval
+ * and attr. value to delete */
+ char *bam_delete_proc;
+ /* for optimization purposes attribute load query
+ * is preconstructed from parts on schemamap load time */
+ char *bam_query;
+#ifdef BACKSQL_COUNTQUERY
+ char *bam_countquery;
+#endif /* BACKSQL_COUNTQUERY */
+ /* following flags are bitmasks (first bit used for add_proc,
+ * second - for delete_proc) */
+ /* order of parameters for procedures above;
+ * 1 means "data then keyval", 0 means "keyval then data" */
+ int bam_param_order;
+ /* flags whether one or more of procedures is a function
+ * (whether back-sql should bind first parameter as output
+ * for return code) */
+ int bam_expect_return;
+
+ /* next mapping for attribute */
+ struct backsql_at_map_rec *bam_next;
+} backsql_at_map_rec;
+
+#define BACKSQL_AT_MAP_REC_INIT { NULL, NULL, BER_BVC(""), BER_BVC(""), BER_BVNULL, BER_BVNULL, NULL, NULL, NULL, 0, 0, NULL }
+
+/* define to uppercase filters only if the matching rule requires it
+ * (currently broken) */
+/* #define BACKSQL_UPPERCASE_FILTER */
+
+#define BACKSQL_AT_CANUPPERCASE(at) ( !BER_BVISNULL( &(at)->bam_sel_expr_u ) )
+
+/* defines to support bitmasks above */
+#define BACKSQL_ADD 0x1
+#define BACKSQL_DEL 0x2
+
+#define BACKSQL_IS_ADD(x) ( ( BACKSQL_ADD & (x) ) == BACKSQL_ADD )
+#define BACKSQL_IS_DEL(x) ( ( BACKSQL_DEL & (x) ) == BACKSQL_DEL )
+
+#define BACKSQL_NCMP(v1,v2) ber_bvcmp((v1),(v2))
+
+#define BACKSQL_CONCAT
+/*
+ * berbuf structure: a berval with a buffer size associated
+ */
+typedef struct berbuf {
+ struct berval bb_val;
+ ber_len_t bb_len;
+} BerBuffer;
+
+#define BB_NULL { BER_BVNULL, 0 }
+
+/* the function must collect the entry associated to nbase */
+#define BACKSQL_ISF_GET_ID 0x1U
+#define BACKSQL_ISF_GET_ENTRY ( 0x2U | BACKSQL_ISF_GET_ID )
+#define BACKSQL_ISF_MATCHED 0x4U
+#define BACKSQL_IS_GET_ID(f) \
+ ( ( (f) & BACKSQL_ISF_GET_ID ) == BACKSQL_ISF_GET_ID )
+#define BACKSQL_IS_GET_ENTRY(f) \
+ ( ( (f) & BACKSQL_ISF_GET_ENTRY ) == BACKSQL_ISF_GET_ENTRY )
+#define BACKSQL_IS_MATCHED(f) \
+ ( ( (f) & BACKSQL_ISF_MATCHED ) == BACKSQL_ISF_MATCHED )
+typedef struct backsql_srch_info {
+ Operation *bsi_op;
+ SlapReply *bsi_rs;
+
+ unsigned bsi_flags;
+#define BSQL_SF_NONE 0x0000U
+#define BSQL_SF_ALL_USER 0x0001U
+#define BSQL_SF_ALL_OPER 0x0002U
+#define BSQL_SF_ALL_ATTRS (BSQL_SF_ALL_USER|BSQL_SF_ALL_OPER)
+#define BSQL_SF_FILTER_HASSUBORDINATE 0x0010U
+#define BSQL_SF_FILTER_ENTRYUUID 0x0020U
+#define BSQL_SF_FILTER_ENTRYCSN 0x0040U
+#define BSQL_SF_RETURN_ENTRYUUID (BSQL_SF_FILTER_ENTRYUUID << 8)
+#define BSQL_ISF(bsi, f) ( ( (bsi)->bsi_flags & f ) == f )
+#define BSQL_ISF_ALL_USER(bsi) BSQL_ISF(bsi, BSQL_SF_ALL_USER)
+#define BSQL_ISF_ALL_OPER(bsi) BSQL_ISF(bsi, BSQL_SF_ALL_OPER)
+#define BSQL_ISF_ALL_ATTRS(bsi) BSQL_ISF(bsi, BSQL_SF_ALL_ATTRS)
+
+ struct berval *bsi_base_ndn;
+ int bsi_use_subtree_shortcut;
+ backsql_entryID bsi_base_id;
+ int bsi_scope;
+/* BACKSQL_SCOPE_BASE_LIKE can be set by API in ors_scope
+ * whenever the search base DN contains chars that cannot
+ * be mapped into the charset used in the RDBMS; so they're
+ * turned into '%' and an approximate ('LIKE') condition
+ * is used */
+#define BACKSQL_SCOPE_BASE_LIKE ( LDAP_SCOPE_BASE | 0x1000 )
+ Filter *bsi_filter;
+ time_t bsi_stoptime;
+
+ backsql_entryID *bsi_id_list,
+ **bsi_id_listtail,
+ *bsi_c_eid;
+ int bsi_n_candidates;
+ int bsi_status;
+
+ backsql_oc_map_rec *bsi_oc;
+ struct berbuf bsi_sel,
+ bsi_from,
+ bsi_join_where,
+ bsi_flt_where;
+ ObjectClass *bsi_filter_oc;
+ SQLHDBC bsi_dbh;
+ AttributeName *bsi_attrs;
+
+ Entry *bsi_e;
+} backsql_srch_info;
+
+/*
+ * Backend private data structure
+ */
+typedef struct backsql_info {
+ char *sql_dbhost;
+ int sql_dbport;
+ char *sql_dbuser;
+ char *sql_dbpasswd;
+ char *sql_dbname;
+
+ /*
+ * SQL condition for subtree searches differs in syntax:
+ * "LIKE CONCAT('%',?)" or "LIKE '%'+?" or "LIKE '%'||?"
+ * or smtg else
+ */
+ struct berval sql_subtree_cond;
+ struct berval sql_children_cond;
+ char *sql_oc_query,
+ *sql_at_query;
+ char *sql_insentry_stmt,
+ *sql_delentry_stmt,
+ *sql_renentry_stmt,
+ *sql_delobjclasses_stmt;
+ char *sql_id_query;
+ char *sql_has_children_query;
+
+ MatchingRule *sql_caseIgnoreMatch;
+ MatchingRule *sql_telephoneNumberMatch;
+
+ struct berval sql_upper_func;
+ struct berval sql_upper_func_open;
+ struct berval sql_upper_func_close;
+ BerVarray sql_concat_func;
+ struct berval sql_strcast_func;
+
+ struct berval sql_aliasing;
+ struct berval sql_aliasing_quote;
+ struct berval sql_dn_oc_aliasing;
+
+ AttributeName *sql_anlist;
+
+ unsigned int sql_flags;
+#define BSQLF_SCHEMA_LOADED 0x0001
+#define BSQLF_UPPER_NEEDS_CAST 0x0002
+#define BSQLF_CREATE_NEEDS_SELECT 0x0004
+#define BSQLF_FAIL_IF_NO_MAPPING 0x0008
+#define BSQLF_HAS_LDAPINFO_DN_RU 0x0010
+#define BSQLF_DONTCHECK_LDAPINFO_DN_RU 0x0020
+#define BSQLF_USE_REVERSE_DN 0x0040
+#define BSQLF_ALLOW_ORPHANS 0x0080
+#define BSQLF_USE_SUBTREE_SHORTCUT 0x0100
+#define BSQLF_FETCH_ALL_USERATTRS 0x0200
+#define BSQLF_FETCH_ALL_OPATTRS 0x0400
+#define BSQLF_FETCH_ALL_ATTRS (BSQLF_FETCH_ALL_USERATTRS|BSQLF_FETCH_ALL_OPATTRS)
+#define BSQLF_CHECK_SCHEMA 0x0800
+
+#define BACKSQL_ISF(si, f) \
+ (((si)->sql_flags & f) == f)
+
+#define BACKSQL_SCHEMA_LOADED(si) \
+ BACKSQL_ISF(si, BSQLF_SCHEMA_LOADED)
+#define BACKSQL_UPPER_NEEDS_CAST(si) \
+ BACKSQL_ISF(si, BSQLF_UPPER_NEEDS_CAST)
+#define BACKSQL_CREATE_NEEDS_SELECT(si) \
+ BACKSQL_ISF(si, BSQLF_CREATE_NEEDS_SELECT)
+#define BACKSQL_FAIL_IF_NO_MAPPING(si) \
+ BACKSQL_ISF(si, BSQLF_FAIL_IF_NO_MAPPING)
+#define BACKSQL_HAS_LDAPINFO_DN_RU(si) \
+ BACKSQL_ISF(si, BSQLF_HAS_LDAPINFO_DN_RU)
+#define BACKSQL_DONTCHECK_LDAPINFO_DN_RU(si) \
+ BACKSQL_ISF(si, BSQLF_DONTCHECK_LDAPINFO_DN_RU)
+#define BACKSQL_USE_REVERSE_DN(si) \
+ BACKSQL_ISF(si, BSQLF_USE_REVERSE_DN)
+#define BACKSQL_CANUPPERCASE(si) \
+ (!BER_BVISNULL( &(si)->sql_upper_func ))
+#define BACKSQL_ALLOW_ORPHANS(si) \
+ BACKSQL_ISF(si, BSQLF_ALLOW_ORPHANS)
+#define BACKSQL_USE_SUBTREE_SHORTCUT(si) \
+ BACKSQL_ISF(si, BSQLF_USE_SUBTREE_SHORTCUT)
+#define BACKSQL_FETCH_ALL_USERATTRS(si) \
+ BACKSQL_ISF(si, BSQLF_FETCH_ALL_USERATTRS)
+#define BACKSQL_FETCH_ALL_OPATTRS(si) \
+ BACKSQL_ISF(si, BSQLF_FETCH_ALL_OPATTRS)
+#define BACKSQL_FETCH_ALL_ATTRS(si) \
+ BACKSQL_ISF(si, BSQLF_FETCH_ALL_ATTRS)
+#define BACKSQL_CHECK_SCHEMA(si) \
+ BACKSQL_ISF(si, BSQLF_CHECK_SCHEMA)
+
+ Entry *sql_baseObject;
+#ifdef BACKSQL_ARBITRARY_KEY
+#define BACKSQL_BASEOBJECT_IDSTR "baseObject"
+#define BACKSQL_BASEOBJECT_KEYVAL BACKSQL_BASEOBJECT_IDSTR
+#define BACKSQL_IS_BASEOBJECT_ID(id) (bvmatch((id), &backsql_baseObject_bv))
+#else /* ! BACKSQL_ARBITRARY_KEY */
+#define BACKSQL_BASEOBJECT_ID 0
+#define BACKSQL_BASEOBJECT_IDSTR LDAP_XSTRING(BACKSQL_BASEOBJECT_ID)
+#define BACKSQL_BASEOBJECT_KEYVAL 0
+#define BACKSQL_IS_BASEOBJECT_ID(id) (*(id) == BACKSQL_BASEOBJECT_ID)
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+#define BACKSQL_BASEOBJECT_OC 0
+
+ Avlnode *sql_db_conns;
+ Avlnode *sql_oc_by_oc;
+ Avlnode *sql_oc_by_id;
+ ldap_pvt_thread_mutex_t sql_dbconn_mutex;
+ ldap_pvt_thread_mutex_t sql_schema_mutex;
+ SQLHENV sql_db_env;
+
+ backsql_api *sql_api;
+} backsql_info;
+
+#define BACKSQL_SUCCESS( rc ) \
+ ( (rc) == SQL_SUCCESS || (rc) == SQL_SUCCESS_WITH_INFO )
+
+#define BACKSQL_AVL_STOP 0
+#define BACKSQL_AVL_CONTINUE 1
+
+/* see ldap.h for the meaning of the macros and of the values */
+#define BACKSQL_LEGAL_ERROR( rc ) \
+ ( LDAP_RANGE( (rc), 0x00, 0x0e ) \
+ || LDAP_ATTR_ERROR( (rc) ) \
+ || LDAP_NAME_ERROR( (rc) ) \
+ || LDAP_SECURITY_ERROR( (rc) ) \
+ || LDAP_SERVICE_ERROR( (rc) ) \
+ || LDAP_UPDATE_ERROR( (rc) ) )
+#define BACKSQL_SANITIZE_ERROR( rc ) \
+ ( BACKSQL_LEGAL_ERROR( (rc) ) ? (rc) : LDAP_OTHER )
+
+#endif /* __BACKSQL_H__ */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/bind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/bind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/bind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,123 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/bind.c,v 1.28.2.5 2007/01/02 21:44:07 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+
+#include "slap.h"
+#include "proto-sql.h"
+
+int
+backsql_bind( Operation *op, SlapReply *rs )
+{
+ SQLHDBC dbh = SQL_NULL_HDBC;
+ Entry e = { 0 };
+ Attribute *a;
+ backsql_srch_info bsi = { 0 };
+ AttributeName anlist[2];
+ int rc;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_bind()\n", 0, 0, 0 );
+
+ if ( be_isroot_pw( op ) ) {
+ ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_bind() root bind\n",
+ 0, 0, 0 );
+ return LDAP_SUCCESS;
+ }
+
+ ber_dupbv( &op->oq_bind.rb_edn, &op->o_req_ndn );
+
+ if ( op->oq_bind.rb_method != LDAP_AUTH_SIMPLE ) {
+ rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED;
+ rs->sr_text = "authentication method not supported";
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ }
+
+ /*
+ * method = LDAP_AUTH_SIMPLE
+ */
+ rs->sr_err = backsql_get_db_conn( op, &dbh );
+ if ( !dbh ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
+ "could not get connection handle - exiting\n",
+ 0, 0, 0 );
+
+ rs->sr_text = ( rs->sr_err == LDAP_OTHER )
+ ? "SQL-backend error" : NULL;
+ goto error_return;
+ }
+
+ anlist[0].an_name = slap_schema.si_ad_userPassword->ad_cname;
+ anlist[0].an_desc = slap_schema.si_ad_userPassword;
+ anlist[1].an_name.bv_val = NULL;
+
+ bsi.bsi_e = &e;
+ rc = backsql_init_search( &bsi, &op->o_req_ndn, LDAP_SCOPE_BASE,
+ (time_t)(-1), NULL, dbh, op, rs, anlist,
+ BACKSQL_ISF_GET_ENTRY );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
+ "could not retrieve bindDN ID - no such entry\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ goto error_return;
+ }
+
+ a = attr_find( e.e_attrs, slap_schema.si_ad_userPassword );
+ if ( a == NULL ) {
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ goto error_return;
+ }
+
+ if ( slap_passwd_check( op, &e, a, &op->oq_bind.rb_cred,
+ &rs->sr_text ) != 0 )
+ {
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ goto error_return;
+ }
+
+error_return:;
+ if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) {
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+ }
+
+ if ( !BER_BVISNULL( &e.e_nname ) ) {
+ backsql_entry_clean( op, &e );
+ }
+
+ if ( bsi.bsi_attrs != NULL ) {
+ op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx );
+ }
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ }
+
+ Debug( LDAP_DEBUG_TRACE,"<==backsql_bind()\n", 0, 0, 0 );
+
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/compare.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/compare.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/compare.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,199 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/compare.c,v 1.10.2.5 2007/01/02 21:44:07 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+
+#include "slap.h"
+#include "proto-sql.h"
+
+int
+backsql_compare( Operation *op, SlapReply *rs )
+{
+ SQLHDBC dbh = SQL_NULL_HDBC;
+ Entry e = { 0 };
+ Attribute *a = NULL;
+ backsql_srch_info bsi = { 0 };
+ int rc;
+ int manageDSAit = get_manageDSAit( op );
+ AttributeName anlist[2];
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_compare()\n", 0, 0, 0 );
+
+ rs->sr_err = backsql_get_db_conn( op, &dbh );
+ if ( !dbh ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
+ "could not get connection handle - exiting\n",
+ 0, 0, 0 );
+
+ rs->sr_text = ( rs->sr_err == LDAP_OTHER )
+ ? "SQL-backend error" : NULL;
+ goto return_results;
+ }
+
+ anlist[ 0 ].an_name = op->oq_compare.rs_ava->aa_desc->ad_cname;
+ anlist[ 0 ].an_desc = op->oq_compare.rs_ava->aa_desc;
+ BER_BVZERO( &anlist[ 1 ].an_name );
+
+ /*
+ * Get the entry
+ */
+ bsi.bsi_e = &e;
+ rc = backsql_init_search( &bsi, &op->o_req_ndn, LDAP_SCOPE_BASE,
+ (time_t)(-1), NULL, dbh, op, rs, anlist,
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ switch ( rc ) {
+ case LDAP_SUCCESS:
+ break;
+
+ case LDAP_REFERRAL:
+ if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
+ dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ break;
+ }
+ /* fallthru */
+
+ default:
+ Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
+ "could not retrieve compareDN ID - no such entry\n",
+ 0, 0, 0 );
+ goto return_results;
+ }
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, &e, get_assertion( op ) )
+ != LDAP_COMPARE_TRUE ) )
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ goto return_results;
+ }
+
+ if ( is_at_operational( op->oq_compare.rs_ava->aa_desc->ad_type ) ) {
+ SlapReply nrs = { 0 };
+ Attribute **ap;
+
+ for ( ap = &e.e_attrs; *ap; ap = &(*ap)->a_next )
+ ;
+
+ nrs.sr_attrs = anlist;
+ nrs.sr_entry = &e;
+ nrs.sr_attr_flags = SLAP_OPATTRS_NO;
+ nrs.sr_operational_attrs = NULL;
+
+ rs->sr_err = backsql_operational( op, &nrs );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ goto return_results;
+ }
+
+ *ap = nrs.sr_operational_attrs;
+ }
+
+ if ( ! access_allowed( op, &e, op->oq_compare.rs_ava->aa_desc,
+ &op->oq_compare.rs_ava->aa_value,
+ ACL_COMPARE, NULL ) )
+ {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+
+ rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
+ for ( a = attrs_find( e.e_attrs, op->oq_compare.rs_ava->aa_desc );
+ a != NULL;
+ a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
+ {
+ rs->sr_err = LDAP_COMPARE_FALSE;
+ if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ a->a_nvals,
+ &op->oq_compare.rs_ava->aa_value,
+ op->o_tmpmemctx ) == 0 )
+ {
+ rs->sr_err = LDAP_COMPARE_TRUE;
+ break;
+ }
+ }
+
+return_results:;
+ switch ( rs->sr_err ) {
+ case LDAP_COMPARE_TRUE:
+ case LDAP_COMPARE_FALSE:
+ break;
+
+ default:
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !BER_BVISNULL( &e.e_nname ) &&
+ ! access_allowed( op, &e,
+ slap_schema.si_ad_entry, NULL,
+ ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = NULL;
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ break;
+ }
+
+ send_ldap_result( op, rs );
+
+ if ( rs->sr_matched ) {
+ rs->sr_matched = NULL;
+ }
+
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+
+ if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) {
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+ }
+
+ if ( !BER_BVISNULL( &e.e_nname ) ) {
+ backsql_entry_clean( op, &e );
+ }
+
+ if ( bsi.bsi_attrs != NULL ) {
+ op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx );
+ }
+
+ Debug(LDAP_DEBUG_TRACE,"<==backsql_compare()\n",0,0,0);
+ switch ( rs->sr_err ) {
+ case LDAP_COMPARE_TRUE:
+ case LDAP_COMPARE_FALSE:
+ return LDAP_SUCCESS;
+
+ default:
+ return rs->sr_err;
+ }
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/config.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/config.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/config.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,850 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/config.c,v 1.17.2.7 2007/01/02 21:44:07 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * Portions Copyright 2004 Mark Adamson.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include "ac/string.h"
+#include <sys/types.h>
+
+#include "slap.h"
+#include "ldif.h"
+#include "proto-sql.h"
+
+static int
+create_baseObject(
+ BackendDB *be,
+ const char *fname,
+ int lineno );
+
+static int
+read_baseObject(
+ BackendDB *be,
+ const char *fname );
+
+int
+backsql_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+ backsql_info *bi = (backsql_info *)be->be_private;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_db_config()\n", 0, 0, 0 );
+ assert( bi != NULL );
+
+ if ( !strcasecmp( argv[ 0 ], "dbhost" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing hostname in \"dbhost\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ bi->sql_dbhost = ch_strdup( argv[ 1 ] );
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config(): hostname=%s\n",
+ bi->sql_dbhost, 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "dbuser" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing username in \"dbuser\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ bi->sql_dbuser = ch_strdup( argv[ 1 ] );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): dbuser=%s\n",
+ bi->sql_dbuser, 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "dbpasswd" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing password in \"dbpasswd\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ bi->sql_dbpasswd = ch_strdup( argv[ 1 ] );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "dbpasswd=%s\n", /* bi->sql_dbpasswd */ "xxxx", 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "dbname" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing database name in \"dbname\" "
+ "directive\n", fname, lineno, 0 );
+ return 1;
+ }
+ bi->sql_dbname = ch_strdup( argv[ 1 ] );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): dbname=%s\n",
+ bi->sql_dbname, 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "concat_pattern" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing pattern"
+ "in \"concat_pattern\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ if ( backsql_split_pattern( argv[ 1 ], &bi->sql_concat_func, 2 ) ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "unable to parse pattern \"%s\"\n"
+ "in \"concat_pattern\" directive\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "concat_pattern=\"%s\"\n", argv[ 1 ], 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "subtree_cond" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing SQL condition "
+ "in \"subtree_cond\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ ber_str2bv( argv[ 1 ], 0, 1, &bi->sql_subtree_cond );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "subtree_cond=%s\n", bi->sql_subtree_cond.bv_val, 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "children_cond" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing SQL condition "
+ "in \"children_cond\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ ber_str2bv( argv[ 1 ], 0, 1, &bi->sql_children_cond );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "subtree_cond=%s\n", bi->sql_children_cond.bv_val, 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "oc_query" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing SQL statement "
+ "in \"oc_query\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ bi->sql_oc_query = ch_strdup( argv[ 1 ] );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "oc_query=%s\n", bi->sql_oc_query, 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "at_query" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing SQL statement "
+ "in \"at_query\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ bi->sql_at_query = ch_strdup( argv[ 1 ] );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "at_query=%s\n", bi->sql_at_query, 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "insentry_stmt" ) ||
+ !strcasecmp( argv[ 0 ], "insentry_query" ) )
+ {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing SQL statement "
+ "in \"insentry_stmt\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ bi->sql_insentry_stmt = ch_strdup( argv[ 1 ] );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "insentry_stmt=%s\n", bi->sql_insentry_stmt, 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "create_needs_select" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing { yes | no }"
+ "in \"create_needs_select\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+ bi->sql_flags |= BSQLF_CREATE_NEEDS_SELECT;
+
+ } else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+ bi->sql_flags &= ~BSQLF_CREATE_NEEDS_SELECT;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "\"create_needs_select\" directive arg "
+ "must be \"yes\" or \"no\"\n",
+ fname, lineno, 0 );
+ return 1;
+
+ }
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "create_needs_select =%s\n",
+ BACKSQL_CREATE_NEEDS_SELECT( bi ) ? "yes" : "no",
+ 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "upper_func" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing function name "
+ "in \"upper_func\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ ber_str2bv( argv[ 1 ], 0, 1, &bi->sql_upper_func );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "upper_func=%s\n", bi->sql_upper_func.bv_val, 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "upper_needs_cast" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing { yes | no }"
+ "in \"upper_needs_cast\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+ bi->sql_flags |= BSQLF_UPPER_NEEDS_CAST;
+
+ } else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+ bi->sql_flags &= ~BSQLF_UPPER_NEEDS_CAST;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "\"upper_needs_cast\" directive arg "
+ "must be \"yes\" or \"no\"\n",
+ fname, lineno, 0 );
+ return 1;
+
+ }
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "upper_needs_cast =%s\n",
+ BACKSQL_UPPER_NEEDS_CAST( bi ) ? "yes" : "no", 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "strcast_func" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing function name "
+ "in \"strcast_func\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ ber_str2bv( argv[ 1 ], 0, 1, &bi->sql_strcast_func );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "strcast_func=%s\n", bi->sql_strcast_func.bv_val, 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "delentry_stmt" ) ||
+ !strcasecmp( argv[ 0 ], "delentry_query" ) )
+ {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing SQL statement "
+ "in \"delentry_stmt\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ bi->sql_delentry_stmt = ch_strdup( argv[ 1 ] );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "delentry_stmt=%s\n", bi->sql_delentry_stmt, 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "renentry_stmt" ) ||
+ !strcasecmp( argv[ 0 ], "renentry_query" ) )
+ {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing SQL statement "
+ "in \"renentry_stmt\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ bi->sql_renentry_stmt = ch_strdup( argv[ 1 ] );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "renentry_stmt=%s\n", bi->sql_renentry_stmt, 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "delobjclasses_stmt" ) ||
+ !strcasecmp( argv[ 0 ], "delobjclasses_query" ) )
+ {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing SQL statement "
+ "in \"delobjclasses_stmt\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ bi->sql_delobjclasses_stmt = ch_strdup( argv[ 1 ] );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "delobjclasses_stmt=%s\n", bi->sql_delobjclasses_stmt, 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "has_ldapinfo_dn_ru" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing { yes | no }"
+ "in \"has_ldapinfo_dn_ru\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+ bi->sql_flags |= BSQLF_HAS_LDAPINFO_DN_RU;
+ bi->sql_flags |= BSQLF_DONTCHECK_LDAPINFO_DN_RU;
+
+ } else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+ bi->sql_flags &= ~BSQLF_HAS_LDAPINFO_DN_RU;
+ bi->sql_flags |= BSQLF_DONTCHECK_LDAPINFO_DN_RU;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "\"has_ldapinfo_dn_ru\" directive arg "
+ "must be \"yes\" or \"no\"\n",
+ fname, lineno, 0 );
+ return 1;
+
+ }
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "has_ldapinfo_dn_ru=%s\n",
+ BACKSQL_HAS_LDAPINFO_DN_RU( bi ) ? "yes" : "no", 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "fail_if_no_mapping" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing { yes | no }"
+ "in \"fail_if_no_mapping\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+ bi->sql_flags |= BSQLF_FAIL_IF_NO_MAPPING;
+
+ } else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+ bi->sql_flags &= ~BSQLF_FAIL_IF_NO_MAPPING;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "\"fail_if_no_mapping\" directive arg "
+ "must be \"yes\" or \"no\"\n",
+ fname, lineno, 0 );
+ return 1;
+
+ }
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "fail_if_no_mapping=%s\n",
+ BACKSQL_FAIL_IF_NO_MAPPING( bi ) ? "yes" : "no", 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "allow_orphans" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing { yes | no }"
+ "in \"allow_orphans\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+ bi->sql_flags |= BSQLF_ALLOW_ORPHANS;
+
+ } else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+ bi->sql_flags &= ~BSQLF_ALLOW_ORPHANS;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "\"allow_orphans\" directive arg "
+ "must be \"yes\" or \"no\"\n",
+ fname, lineno, 0 );
+ return 1;
+
+ }
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "allow_orphans=%s\n",
+ BACKSQL_ALLOW_ORPHANS( bi ) ? "yes" : "no", 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "baseobject" ) ) {
+ if ( be->be_suffix == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): : "
+ "must be defined after \"suffix\"\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( bi->sql_baseObject ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): : "
+ "\"baseObject\" already provided (will be overwritten)\n",
+ fname, lineno, 0 );
+ entry_free( bi->sql_baseObject );
+ }
+
+ switch ( argc ) {
+ case 1:
+ return create_baseObject( be, fname, lineno );
+
+ case 2:
+ return read_baseObject( be, argv[ 1 ] );
+
+ default:
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "trailing values "
+ "in \"baseObject\" directive?\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ } else if ( !strcasecmp( argv[ 0 ], "sqllayer" ) ) {
+ if ( backsql_api_config( bi, argv[ 1 ], argc - 2, &argv[ 2 ] ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "unable to load sqllayer \"%s\"\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ } else if ( !strcasecmp( argv[ 0 ], "id_query" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing SQL condition "
+ "in \"id_query\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ bi->sql_id_query = ch_strdup( argv[ 1 ] );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "id_query=%s\n", bi->sql_id_query, 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "use_subtree_shortcut" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing { yes | no }"
+ "in \"use_subtree_shortcut\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+ bi->sql_flags |= BSQLF_USE_SUBTREE_SHORTCUT;
+
+ } else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+ bi->sql_flags &= ~BSQLF_USE_SUBTREE_SHORTCUT;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "\"use_subtree_shortcut\" directive arg "
+ "must be \"yes\" or \"no\"\n",
+ fname, lineno, 0 );
+ return 1;
+
+ }
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "use_subtree_shortcut=%s\n",
+ BACKSQL_USE_SUBTREE_SHORTCUT( bi ) ? "yes" : "no",
+ 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "fetch_all_attrs" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing { yes | no }"
+ "in \"fetch_all_attrs\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+ bi->sql_flags |= BSQLF_FETCH_ALL_ATTRS;
+
+ } else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+ bi->sql_flags &= ~BSQLF_FETCH_ALL_ATTRS;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "\"fetch_all_attrs\" directive arg "
+ "must be \"yes\" or \"no\"\n",
+ fname, lineno, 0 );
+ return 1;
+
+ }
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "fetch_all_attrs=%s\n",
+ BACKSQL_FETCH_ALL_ATTRS( bi ) ? "yes" : "no",
+ 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "fetch_attrs" ) ) {
+ char *str, *s, *next;
+ char delimstr[] = ",";
+
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing <attrlist>"
+ "in \"fetch_all_attrs <attrlist>\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ str = ch_strdup( argv[ 1 ] );
+ for ( s = ldap_pvt_strtok( str, delimstr, &next );
+ s != NULL;
+ s = ldap_pvt_strtok( NULL, delimstr, &next ) )
+ {
+ if ( strlen( s ) == 1 ) {
+ if ( *s == '*' ) {
+ bi->sql_flags |= BSQLF_FETCH_ALL_USERATTRS;
+ argv[ 1 ][ s - str ] = ',';
+
+ } else if ( *s == '+' ) {
+ bi->sql_flags |= BSQLF_FETCH_ALL_OPATTRS;
+ argv[ 1 ][ s - str ] = ',';
+ }
+ }
+ }
+ ch_free( str );
+ bi->sql_anlist = str2anlist( bi->sql_anlist, argv[ 1 ], delimstr );
+ if ( bi->sql_anlist == NULL ) {
+ return -1;
+ }
+
+ } else if ( !strcasecmp( argv[ 0 ], "check_schema" ) ) {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing { yes | no }"
+ "in \"check_schema\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+ bi->sql_flags |= BSQLF_CHECK_SCHEMA;
+
+ } else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+ bi->sql_flags &= ~BSQLF_CHECK_SCHEMA;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "\"check_schema\" directive arg "
+ "must be \"yes\" or \"no\"\n",
+ fname, lineno, 0 );
+ return 1;
+
+ }
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "check_schema=%s\n",
+ BACKSQL_CHECK_SCHEMA( bi ) ? "yes" : "no",
+ 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "aliasing_keyword" ) ) {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing arg "
+ "in \"aliasing_keyword <string>\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( ! BER_BVISNULL( &bi->sql_aliasing ) ) {
+ ch_free( bi->sql_aliasing.bv_val );
+ }
+
+ ber_str2bv( argv[ 1 ], strlen( argv[ 1 ] ) + 1, 1,
+ &bi->sql_aliasing );
+ /* add a trailing space... */
+ bi->sql_aliasing.bv_val[ bi->sql_aliasing.bv_len - 1] = ' ';
+
+ } else if ( !strcasecmp( argv[ 0 ], "aliasing_quote" ) ) {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing arg "
+ "in \"aliasing_quote <string>\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( ! BER_BVISNULL( &bi->sql_aliasing_quote ) ) {
+ ch_free( bi->sql_aliasing_quote.bv_val );
+ }
+
+ ber_str2bv( argv[ 1 ], 0, 1, &bi->sql_aliasing_quote );
+
+ } else {
+ return SLAP_CONF_UNKNOWN;
+ }
+
+ return 0;
+}
+
+/*
+ * Read the entries specified in fname and merge the attributes
+ * to the user defined baseObject entry. Note that if we find any errors
+ * what so ever, we will discard the entire entries, print an
+ * error message and return.
+ */
+static int
+read_baseObject(
+ BackendDB *be,
+ const char *fname )
+{
+ backsql_info *bi = (backsql_info *)be->be_private;
+ LDIFFP *fp;
+ int rc = 0, lineno = 0, lmax = 0;
+ char *buf = NULL;
+
+ assert( fname != NULL );
+
+ fp = ldif_open( fname, "r" );
+ if ( fp == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "could not open back-sql baseObject "
+ "attr file \"%s\" - absolute path?\n",
+ fname, 0, 0 );
+ perror( fname );
+ return LDAP_OTHER;
+ }
+
+ bi->sql_baseObject = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) );
+ if ( bi->sql_baseObject == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "read_baseObject_file: SLAP_CALLOC failed", 0, 0, 0 );
+ ldif_close( fp );
+ return LDAP_NO_MEMORY;
+ }
+ bi->sql_baseObject->e_name = be->be_suffix[0];
+ bi->sql_baseObject->e_nname = be->be_nsuffix[0];
+ bi->sql_baseObject->e_attrs = NULL;
+
+ while ( ldif_read_record( fp, &lineno, &buf, &lmax ) ) {
+ Entry *e = str2entry( buf );
+ Attribute *a;
+
+ if( e == NULL ) {
+ fprintf( stderr, "back-sql baseObject: "
+ "could not parse entry (line=%d)\n",
+ lineno );
+ rc = LDAP_OTHER;
+ break;
+ }
+
+ /* make sure the DN is the database's suffix */
+ if ( !be_issuffix( be, &e->e_nname ) ) {
+ fprintf( stderr,
+ "back-sql: invalid baseObject - "
+ "dn=\"%s\" (line=%d)\n",
+ e->e_name.bv_val, lineno );
+ entry_free( e );
+ rc = EXIT_FAILURE;
+ break;
+ }
+
+ /*
+ * we found a valid entry, so walk thru all the attributes in the
+ * entry, and add each attribute type and description to baseObject
+ */
+ for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+ if ( attr_merge( bi->sql_baseObject, a->a_desc,
+ a->a_vals,
+ ( a->a_nvals == a->a_vals ) ?
+ NULL : a->a_nvals ) )
+ {
+ rc = LDAP_OTHER;
+ break;
+ }
+ }
+
+ entry_free( e );
+ if ( rc ) {
+ break;
+ }
+ }
+
+ if ( rc ) {
+ entry_free( bi->sql_baseObject );
+ bi->sql_baseObject = NULL;
+ }
+
+ ch_free( buf );
+
+ ldif_close( fp );
+
+ Debug( LDAP_DEBUG_CONFIG, "back-sql baseObject file \"%s\" read.\n",
+ fname, 0, 0 );
+
+ return rc;
+}
+
+static int
+create_baseObject(
+ BackendDB *be,
+ const char *fname,
+ int lineno )
+{
+ backsql_info *bi = (backsql_info *)be->be_private;
+ LDAPRDN rdn;
+ char *p;
+ int rc, iAVA;
+ char buf[1024];
+
+ snprintf( buf, sizeof(buf),
+ "dn: %s\n"
+ "objectClass: extensibleObject\n"
+ "description: builtin baseObject for back-sql\n"
+ "description: all entries mapped "
+ "in the \"ldap_entries\" table\n"
+ "description: must have "
+ "\"" BACKSQL_BASEOBJECT_IDSTR "\" "
+ "in the \"parent\" column",
+ be->be_suffix[0].bv_val );
+
+ bi->sql_baseObject = str2entry( buf );
+ if ( bi->sql_baseObject == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "unable to parse baseObject entry\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( BER_BVISEMPTY( &be->be_suffix[ 0 ] ) ) {
+ return 0;
+ }
+
+ rc = ldap_bv2rdn( &be->be_suffix[ 0 ], &rdn, (char **)&p,
+ LDAP_DN_FORMAT_LDAP );
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( buf, sizeof(buf),
+ "unable to extract RDN "
+ "from baseObject DN \"%s\" (%d: %s)",
+ be->be_suffix[ 0 ].bv_val,
+ rc, ldap_err2string( rc ) );
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): %s\n",
+ fname, lineno, buf );
+ return 1;
+ }
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+ AttributeDescription *ad = NULL;
+ slap_syntax_transform_func *transf = NULL;
+ struct berval bv = BER_BVNULL;
+ const char *text = NULL;
+
+ assert( ava != NULL );
+
+ rc = slap_bv2ad( &ava->la_attr, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( buf, sizeof(buf),
+ "AttributeDescription of naming "
+ "attribute #%d from baseObject "
+ "DN \"%s\": %d: %s",
+ iAVA, be->be_suffix[ 0 ].bv_val,
+ rc, ldap_err2string( rc ) );
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): %s\n",
+ fname, lineno, buf );
+ return 1;
+ }
+
+ transf = ad->ad_type->sat_syntax->ssyn_pretty;
+ if ( transf ) {
+ /*
+ * transform value by pretty function
+ * if value is empty, use empty_bv
+ */
+ rc = ( *transf )( ad->ad_type->sat_syntax,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv,
+ &bv, NULL );
+
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( buf, sizeof(buf),
+ "prettying of attribute #%d "
+ "from baseObject "
+ "DN \"%s\" failed: %d: %s",
+ iAVA, be->be_suffix[ 0 ].bv_val,
+ rc, ldap_err2string( rc ) );
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "%s\n",
+ fname, lineno, buf );
+ return 1;
+ }
+ }
+
+ if ( !BER_BVISNULL( &bv ) ) {
+ if ( ava->la_flags & LDAP_AVA_FREE_VALUE ) {
+ ber_memfree( ava->la_value.bv_val );
+ }
+ ava->la_value = bv;
+ ava->la_flags |= LDAP_AVA_FREE_VALUE;
+ }
+
+ attr_merge_normalize_one( bi->sql_baseObject,
+ ad, &ava->la_value, NULL );
+ }
+
+ ldap_rdnfree( rdn );
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/delete.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/delete.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/delete.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,495 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/delete.c,v 1.15.2.9 2007/01/02 21:44:07 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+#include "ac/string.h"
+
+#include "slap.h"
+#include "proto-sql.h"
+
+typedef struct backsql_delete_attr_t {
+ Operation *op;
+ SlapReply *rs;
+ SQLHDBC dbh;
+ backsql_entryID *e_id;
+} backsql_delete_attr_t;
+
+static int
+backsql_delete_attr_f( void *v_at, void *v_bda )
+{
+ backsql_at_map_rec *at = (backsql_at_map_rec *)v_at;
+ backsql_delete_attr_t *bda = (backsql_delete_attr_t *)v_bda;
+ int rc;
+
+ rc = backsql_modify_delete_all_values( bda->op,
+ bda->rs, bda->dbh, bda->e_id, at );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return BACKSQL_AVL_STOP;
+ }
+
+ return BACKSQL_AVL_CONTINUE;
+}
+
+static int
+backsql_delete_all_attrs(
+ Operation *op,
+ SlapReply *rs,
+ SQLHDBC dbh,
+ backsql_entryID *e_id,
+ backsql_oc_map_rec *oc )
+{
+ backsql_delete_attr_t bda;
+ int rc;
+
+ bda.op = op;
+ bda.rs = rs;
+ bda.dbh = dbh;
+ bda.e_id = e_id;
+
+ rc = avl_apply( oc->bom_attrs, backsql_delete_attr_f, &bda,
+ BACKSQL_AVL_STOP, AVL_INORDER );
+ if ( rc == BACKSQL_AVL_STOP ) {
+ return rs->sr_err;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int
+backsql_delete( Operation *op, SlapReply *rs )
+{
+ backsql_info *bi = (backsql_info*)op->o_bd->be_private;
+ SQLHDBC dbh = SQL_NULL_HDBC;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
+ RETCODE rc;
+ int prc = LDAP_SUCCESS;
+ backsql_oc_map_rec *oc = NULL;
+ backsql_srch_info bsi = { 0 };
+ backsql_entryID e_id = { 0 };
+ Entry d = { 0 }, p = { 0 }, *e = NULL;
+ struct berval pdn = BER_BVNULL;
+ int manageDSAit = get_manageDSAit( op );
+ /* first parameter no */
+ SQLUSMALLINT pno = 0;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_delete(): deleting entry \"%s\"\n",
+ op->o_req_ndn.bv_val, 0, 0 );
+
+ rs->sr_err = backsql_get_db_conn( op, &dbh );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
+ "could not get connection handle - exiting\n",
+ 0, 0, 0 );
+ rs->sr_text = ( rs->sr_err == LDAP_OTHER )
+ ? "SQL-backend error" : NULL;
+ e = NULL;
+ goto done;
+ }
+
+ /*
+ * Get the entry
+ */
+ bsi.bsi_e = &d;
+ rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn,
+ LDAP_SCOPE_BASE,
+ (time_t)(-1), NULL, dbh, op, rs, slap_anlist_no_attrs,
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS:
+ break;
+
+ case LDAP_REFERRAL:
+ if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
+ dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ break;
+ }
+ e = &d;
+ /* fallthru */
+
+ default:
+ Debug( LDAP_DEBUG_TRACE, "backsql_delete(): "
+ "could not retrieve deleteDN ID - no such entry\n",
+ 0, 0, 0 );
+ if ( !BER_BVISNULL( &d.e_nname ) ) {
+ /* FIXME: should always be true! */
+ e = &d;
+
+ } else {
+ e = NULL;
+ }
+ goto done;
+ }
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, &d, get_assertion( op ) )
+ != LDAP_COMPARE_TRUE ) )
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ e = &d;
+ goto done;
+ }
+
+ if ( !access_allowed( op, &d, slap_schema.si_ad_entry,
+ NULL, ACL_WDEL, NULL ) )
+ {
+ Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
+ "no write access to entry\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ e = &d;
+ goto done;
+ }
+
+ rs->sr_err = backsql_has_children( op, dbh, &op->o_req_ndn );
+ switch ( rs->sr_err ) {
+ case LDAP_COMPARE_FALSE:
+ rs->sr_err = LDAP_SUCCESS;
+ break;
+
+ case LDAP_COMPARE_TRUE:
+ if ( get_treeDelete( op ) ) {
+ /* not supported yet */ ;
+ }
+ Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
+ "entry \"%s\" has children\n",
+ op->o_req_dn.bv_val, 0, 0 );
+ rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
+ rs->sr_text = "subordinate objects must be deleted first";
+ /* fallthru */
+
+ default:
+ e = &d;
+ goto done;
+ }
+
+ oc = backsql_id2oc( bi, bsi.bsi_base_id.eid_oc_id );
+ if ( oc == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
+ "cannot determine objectclass of entry -- aborting\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "operation not permitted within namingContext";
+ e = NULL;
+ goto done;
+ }
+
+ if ( oc->bom_delete_proc == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
+ "delete procedure is not defined "
+ "for this objectclass - aborting\n", 0, 0, 0 );
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "operation not permitted within namingContext";
+ e = NULL;
+ goto done;
+ }
+
+ /*
+ * Get the parent
+ */
+ e_id = bsi.bsi_base_id;
+ if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
+ dnParent( &op->o_req_ndn, &pdn );
+ bsi.bsi_e = &p;
+ rs->sr_err = backsql_init_search( &bsi, &pdn,
+ LDAP_SCOPE_BASE,
+ (time_t)(-1), NULL, dbh, op, rs,
+ slap_anlist_no_attrs,
+ BACKSQL_ISF_GET_ENTRY );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_delete(): "
+ "could not retrieve deleteDN ID "
+ "- no such entry\n",
+ 0, 0, 0 );
+ e = &p;
+ goto done;
+ }
+
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+
+ /* check parent for "children" acl */
+ if ( !access_allowed( op, &p, slap_schema.si_ad_children,
+ NULL, ACL_WDEL, NULL ) )
+ {
+ Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
+ "no write access to parent\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ e = &p;
+ goto done;
+
+ }
+ }
+
+ /* avl_apply ... */
+ rs->sr_err = backsql_delete_all_attrs( op, rs, dbh, &e_id, oc );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ e = &d;
+ goto done;
+ }
+
+ rc = backsql_Prepare( dbh, &sth, oc->bom_delete_proc, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_delete(): "
+ "error preparing delete query\n",
+ 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+ }
+
+ if ( BACKSQL_IS_DEL( oc->bom_expect_return ) ) {
+ pno = 1;
+ rc = backsql_BindParamInt( sth, 1, SQL_PARAM_OUTPUT, &prc );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_delete(): "
+ "error binding output parameter for objectClass %s\n",
+ oc->bom_oc->soc_cname.bv_val, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+ }
+
+ rc = backsql_BindParamID( sth, pno + 1, SQL_PARAM_INPUT, &e_id.eid_keyval );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_delete(): "
+ "error binding keyval parameter for objectClass %s\n",
+ oc->bom_oc->soc_cname.bv_val, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+
+ rc = SQLExecute( sth );
+ if ( rc == SQL_SUCCESS && prc == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_SUCCESS;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
+ "delete_proc execution failed (rc=%d, prc=%d)\n",
+ rc, prc, 0 );
+
+
+ if ( prc != LDAP_SUCCESS ) {
+ /* SQL procedure executed fine
+ * but returned an error */
+ rs->sr_err = BACKSQL_SANITIZE_ERROR( prc );
+
+ } else {
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ rs->sr_err = LDAP_OTHER;
+ }
+ SQLFreeStmt( sth, SQL_DROP );
+ e = &d;
+ goto done;
+ }
+ SQLFreeStmt( sth, SQL_DROP );
+
+ /* delete "auxiliary" objectClasses, if any... */
+ rc = backsql_Prepare( dbh, &sth, bi->sql_delobjclasses_stmt, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_delete(): "
+ "error preparing ldap_entry_objclasses delete query\n",
+ 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+ }
+
+ rc = backsql_BindParamID( sth, 1, SQL_PARAM_INPUT, &e_id.eid_id );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_delete(): "
+ "error binding auxiliary objectClasses "
+ "entry ID parameter for objectClass %s\n",
+ oc->bom_oc->soc_cname.bv_val, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+
+ rc = SQLExecute( sth );
+ switch ( rc ) {
+ case SQL_NO_DATA:
+ /* apparently there were no "auxiliary" objectClasses
+ * for this entry... */
+ case SQL_SUCCESS:
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
+ "failed to delete record from ldap_entry_objclasses\n",
+ 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+ }
+ SQLFreeStmt( sth, SQL_DROP );
+
+ /* delete entry... */
+ rc = backsql_Prepare( dbh, &sth, bi->sql_delentry_stmt, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_delete(): "
+ "error preparing ldap_entries delete query\n",
+ 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+ }
+
+ rc = backsql_BindParamID( sth, 1, SQL_PARAM_INPUT, &e_id.eid_id );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_delete(): "
+ "error binding entry ID parameter "
+ "for objectClass %s\n",
+ oc->bom_oc->soc_cname.bv_val, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+
+ rc = SQLExecute( sth );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
+ "failed to delete record from ldap_entries\n",
+ 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+ }
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_err = LDAP_SUCCESS;
+
+ /*
+ * Commit only if all operations succeed
+ */
+ if ( sth != SQL_NULL_HSTMT ) {
+ SQLUSMALLINT CompletionType = SQL_ROLLBACK;
+
+ if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
+ assert( e == NULL );
+ CompletionType = SQL_COMMIT;
+ }
+
+ SQLTransact( SQL_NULL_HENV, dbh, CompletionType );
+ }
+
+done:;
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( e != NULL ) {
+ if ( !access_allowed( op, e, slap_schema.si_ad_entry, NULL,
+ ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ }
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
+ if ( op->o_noop && rs->sr_err == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_X_NO_OPERATION;
+ }
+
+ send_ldap_result( op, rs );
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_delete()\n", 0, 0, 0 );
+
+ if ( !BER_BVISNULL( &e_id.eid_ndn ) ) {
+ (void)backsql_free_entryID( op, &e_id, 0 );
+ }
+
+ if ( !BER_BVISNULL( &d.e_nname ) ) {
+ backsql_entry_clean( op, &d );
+ }
+
+ if ( !BER_BVISNULL( &p.e_nname ) ) {
+ backsql_entry_clean( op, &p );
+ }
+
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/bugs
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/bugs (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/bugs 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,16 @@
+1) driver name comparison for MS SQL Server workaround is realy kinda dirty
+ hack, but for now i don't know how to code it more carefully
+2) another dirty hack: length of LONGVARCHAR and LONGVARBINARY fields is
+ currently set to MAX_ATTR_LEN. Maybe such fields must be handled with
+ SQLGetData() instead of SQLBindCol(), but it is said in documentation,
+ that it is guaranteed to work only when such column goes after last bound
+ column. Or should we get ALL columns with SQLGetData (then something like
+ _SQLFetchAsStrings() wrapper would do SQLGetData() for all columns)...
+3) in some cases (particularly, when using OpenLink Generic ODBC driver with
+ MS SQL Server), it returns "Function sequence error" after all records are
+ fetched. I really don't know what it means, and after all
+ - it works with any other driver I tried
+4) ldapsearch sometimes refuses to show some attributes ("NOT PRINTABLE" diags)
+ on Win32 (on linux everything's fine)
+5) back-sql crashes on invalid filters (to be fixed ASAP)
+
\ No newline at end of file
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/concept
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/concept (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/concept 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1 @@
+The SQL backend is described in the slapd-sql(5) manual page.
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/install
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/install (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/install 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,86 @@
+PLEASE READ THIS WHOLE FILE AND CONCEPT, BECAUSE THEY COVER SEVERAL STICKY
+ISSUES THAT YOU WILL PROBABLY STUMBLE ACROSS ANYWAY
+
+1. Build
+To build slapd with back-sql under Unix you need to build and install
+iODBC 2.50.3 (later versions should probably work, but not earlier),
+or unixODBC (you will have to change -liodbc to -lodbc then).
+Then, at top of OpenLDAP source tree, run
+"configure <other options you need> --enable-sql", then "make" -
+this should build back-sql-enabled slapd, provided that you have iODBC/unixODBC
+libraries and include files in include/library paths, "make install"...
+In other words, follow installation procedure described in OpenLDAP
+Administrators Guide, adding --enable-sql option to configure, and
+having iODBC/unixODBC libraries installed an accessible by compiler.
+
+Under Win32/MSVC++, I modified the workspace so that back-sql is built into
+slapd automatically, since MS ODBC manager, odbc32.dll, is included in
+standard library pack, and it does no bad even if you don't plan to use it.
+I also could provide precompiled executables for those who don't have MSVC.
+Note that Win32 port of OpenLDAP itself is experimental, and thus doesn't
+provide very convenient build environment (yet).
+
+2. Tune datasources and slapd.conf
+Next, you need to define ODBC datasource with data you want to publish
+with help of back-sql. Assuming that you have your data in some SQL-compliant
+RDBMS, and have installed proper ODBC driver for this RDBMS, this is as simple
+as adding a record into odbc.ini (for iODBC/unixODBC), or using ODBC wizard in
+Control Panel (for odbc32).
+Next, you need to add appropriate "database" record to your slapd.conf.
+See samples provided in "back-sql/RDBMS_DEPENDENT/" subdirectory.
+
+Several things worth noting about ODBC:
+- "dbname" directive stands for ODBC datasource name (DSN),
+ not the name of your database in RDBMS context
+- ODBC under Unix is not so common as under Windows, so you could have
+ problems with Unix drivers for your RDBMS. Visit http://www.openlinksw.com,
+ they provide a multitier solution which allows connecting to DBMSes on
+ different platforms, proxying and other connectivity and integration issues.
+ They also support iODBC, and have good free customer service through
+ newsserver (at news.openlinksw.com).
+ Also worth noting are: ODBC-ODBC bridge by EasySoft (which was claimed
+ by several people to be far more effective and stable than OpenLink),
+ OpenRDA package etc.
+- be careful defining RDBMS connection parameters, you'll probably need only
+ "dbname" directive - all the rest can be defined in datasource. Every other
+ directive is used to override value stored in datasource definition.
+ Maybe you will want to use dbuser/dbpasswd to override credentials defined in datasource
+- full list of configuration directives supported is available in file "guide",
+ you may also analyze output of 'slapd -d 5' to find out some useful
+ directives for redefining default queries
+
+3. Creating and using back-sql metatables
+Read the file "concept" to understand, what metainformation you need to add,
+and what for... ;)
+See SQL scripts and slapd.conf files in samples directory.
+Find subdirectory in "rdbms_depend/" corresponding to your RDBMS (Oracle,
+MS SQL Server and mySQL are listed there currently), or copy and edit
+any of these to conform to SQL dialect of your RDBMS (please be sure to send
+me scripts and notes for new RDBMSes ;).
+
+Execute "backsql_create.sql" from that subdirectory (or edited one),
+so that the tables it creates appear in the same
+context with the data you want to export through LDAP (under same DB/user,
+or whatever is needed in RDBMS you use). You can use something like
+"mysql < xxx.sql" for mySQL, Query Analyzer+Open query file for MS SQL,
+sqlplus and "@xxx.sql" for Oracle.
+
+You may well want to try it with test data first, and see how metatables
+are used. Create test data and metadata by running testdb_create.sql,
+testdb_data.sql, and testdb_metadata.sql scripts (again, adopted for your
+RDBMS, and in the same context as metatables you created before), and
+tune slapd.conf to use your test DB.
+
+4. Testing
+To diagnose back-sql, run slapd with debug level TRACE ("slapd -d 5" will go).
+Then, use some LDAP client to query corresponding subtree (for test database,
+you could for instance search one level from "o=sql,c=RU"). I personally used
+saucer, which is included in OpenLDAP package (it builds automatically under
+Unix/GNU configure and for MSVC I added appropriate project to workspace).
+And also Java LDAP browser-editor (see link somewhere on OpenLDAP site) to
+test ADD/DELETE/MODIFY operations on Oracle and MS SQL.
+
+See file "platforms" if you encounter connection problems - you may find
+a hint for your RDBMS or OS there. If you are stuck - please contact me at
+mit at openldap.org, or (better) post an issue through OpenLDAP's Issue Tracking
+System (see http:/www.openldap.org/its).
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/platforms
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/platforms (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/platforms 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,8 @@
+Platforms and configurations it has been tested on:
+
+General:
+ - ODBC managers: iODBC,unixODBC under unixes, odbc32.dll under Win32 family
+ - OSes: Linux/glibc, FreeBSD, OpenBSD, Solaris 2.6, Win98, WinNT, Win2000 server
+ - RDBMSes: Oracle 7/8/8i, MS SQL Server 6.5/7, mySQL
+ - access suites: OpenLink DAS, EasySoft OOB, various win32 drivers
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/todo
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/todo (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/docs/todo 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,12 @@
+1) must add alias handling
+2) [sizelimit moved to frontend]
+ must set time limit when preparing all queries, and check size limit
+3) there was expressed a need to have access to IP in while constructing
+ queries, to have response alter in accordance to client IP. Will add
+ preprocessor for values in metatables, which would substitute things
+ like "$IP$".
+4) must handle NOT filters (see ITS#2652)
+5) must map attribute types and syntaxes between LDAP and SQL types (e.g.
+ use BLOBs for octet streams)
+6) must define another mech to add auxiliary objectClass to all entries
+ according to ldap_at_mappings (ldap_entry_objclasses has limitations)
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/entry-id.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/entry-id.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/entry-id.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1064 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/entry-id.c,v 1.46.2.12 2007/01/02 21:44:07 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * Portions Copyright 2004 Mark Adamson.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati and Mark Adamson.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+#include "ac/string.h"
+
+#include "lutil.h"
+#include "slap.h"
+#include "proto-sql.h"
+
+#ifdef BACKSQL_ARBITRARY_KEY
+struct berval backsql_baseObject_bv = BER_BVC( BACKSQL_BASEOBJECT_IDSTR );
+#endif /* BACKSQL_ARBITRARY_KEY */
+
+backsql_entryID *
+backsql_free_entryID( Operation *op, backsql_entryID *id, int freeit )
+{
+ backsql_entryID *next;
+
+ assert( id != NULL );
+
+ next = id->eid_next;
+
+ if ( !BER_BVISNULL( &id->eid_ndn ) ) {
+ if ( !BER_BVISNULL( &id->eid_dn )
+ && id->eid_dn.bv_val != id->eid_ndn.bv_val )
+ {
+ op->o_tmpfree( id->eid_dn.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &id->eid_dn );
+ }
+
+ op->o_tmpfree( id->eid_ndn.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &id->eid_ndn );
+ }
+
+#ifdef BACKSQL_ARBITRARY_KEY
+ if ( !BER_BVISNULL( &id->eid_id ) ) {
+ op->o_tmpfree( id->eid_id.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &id->eid_id );
+ }
+
+ if ( !BER_BVISNULL( &id->eid_keyval ) ) {
+ op->o_tmpfree( id->eid_keyval.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &id->eid_keyval );
+ }
+#endif /* BACKSQL_ARBITRARY_KEY */
+
+ if ( freeit ) {
+ op->o_tmpfree( id, op->o_tmpmemctx );
+ }
+
+ return next;
+}
+
+/*
+ * NOTE: the dn must be normalized
+ */
+int
+backsql_dn2id(
+ Operation *op,
+ SlapReply *rs,
+ SQLHDBC dbh,
+ struct berval *ndn,
+ backsql_entryID *id,
+ int matched,
+ int muck )
+{
+ backsql_info *bi = op->o_bd->be_private;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
+ BACKSQL_ROW_NTS row = { 0 };
+ RETCODE rc;
+ int res;
+ struct berval realndn = BER_BVNULL;
+
+ /* TimesTen */
+ char upperdn[ BACKSQL_MAX_DN_LEN + 1 ];
+ struct berval tbbDN;
+ int i, j;
+
+ /*
+ * NOTE: id can be NULL; in this case, the function
+ * simply checks whether the DN can be successfully
+ * turned into an ID, returning LDAP_SUCCESS for
+ * positive cases, or the most appropriate error
+ */
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_dn2id(\"%s\")%s%s\n",
+ ndn->bv_val, id == NULL ? " (no ID expected)" : "",
+ matched ? " matched expected" : "" );
+
+ if ( id ) {
+ /* NOTE: trap inconsistencies */
+ assert( BER_BVISNULL( &id->eid_ndn ) );
+ }
+
+ if ( ndn->bv_len > BACKSQL_MAX_DN_LEN ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_dn2id(\"%s\"): DN length=%ld "
+ "exceeds max DN length %d:\n",
+ ndn->bv_val, ndn->bv_len, BACKSQL_MAX_DN_LEN );
+ return LDAP_OTHER;
+ }
+
+ /* return baseObject if available and matches */
+ /* FIXME: if ndn is already mucked, we cannot check this */
+ if ( bi->sql_baseObject != NULL &&
+ dn_match( ndn, &bi->sql_baseObject->e_nname ) )
+ {
+ if ( id != NULL ) {
+#ifdef BACKSQL_ARBITRARY_KEY
+ ber_dupbv_x( &id->eid_id, &backsql_baseObject_bv,
+ op->o_tmpmemctx );
+ ber_dupbv_x( &id->eid_keyval, &backsql_baseObject_bv,
+ op->o_tmpmemctx );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ id->eid_id = BACKSQL_BASEOBJECT_ID;
+ id->eid_keyval = BACKSQL_BASEOBJECT_KEYVAL;
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+ id->eid_oc_id = BACKSQL_BASEOBJECT_OC;
+
+ ber_dupbv_x( &id->eid_ndn, &bi->sql_baseObject->e_nname,
+ op->o_tmpmemctx );
+ ber_dupbv_x( &id->eid_dn, &bi->sql_baseObject->e_name,
+ op->o_tmpmemctx );
+
+ id->eid_next = NULL;
+ }
+
+ return LDAP_SUCCESS;
+ }
+
+ /* begin TimesTen */
+ Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): id_query \"%s\"\n",
+ ndn->bv_val, bi->sql_id_query, 0 );
+ assert( bi->sql_id_query != NULL );
+ rc = backsql_Prepare( dbh, &sth, bi->sql_id_query, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_dn2id(\"%s\"): "
+ "error preparing SQL:\n %s",
+ ndn->bv_val, bi->sql_id_query, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+ res = LDAP_OTHER;
+ goto done;
+ }
+
+ realndn = *ndn;
+ if ( muck ) {
+ if ( backsql_api_dn2odbc( op, rs, &realndn ) ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): "
+ "backsql_api_dn2odbc(\"%s\") failed\n",
+ ndn->bv_val, realndn.bv_val, 0 );
+ res = LDAP_OTHER;
+ goto done;
+ }
+ }
+
+ if ( BACKSQL_HAS_LDAPINFO_DN_RU( bi ) ) {
+ /*
+ * Prepare an upper cased, byte reversed version
+ * that can be searched using indexes
+ */
+
+ for ( i = 0, j = realndn.bv_len - 1; realndn.bv_val[ i ]; i++, j--)
+ {
+ upperdn[ i ] = realndn.bv_val[ j ];
+ }
+ upperdn[ i ] = '\0';
+ ldap_pvt_str2upper( upperdn );
+
+ Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): "
+ "upperdn=\"%s\"\n",
+ ndn->bv_val, upperdn, 0 );
+ ber_str2bv( upperdn, 0, 0, &tbbDN );
+
+ } else {
+ if ( BACKSQL_USE_REVERSE_DN( bi ) ) {
+ AC_MEMCPY( upperdn, realndn.bv_val, realndn.bv_len + 1 );
+ ldap_pvt_str2upper( upperdn );
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_dn2id(\"%s\"): "
+ "upperdn=\"%s\"\n",
+ ndn->bv_val, upperdn, 0 );
+ ber_str2bv( upperdn, 0, 0, &tbbDN );
+
+ } else {
+ tbbDN = realndn;
+ }
+ }
+
+ rc = backsql_BindParamBerVal( sth, 1, SQL_PARAM_INPUT, &tbbDN );
+ if ( rc != SQL_SUCCESS) {
+ /* end TimesTen */
+ Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): "
+ "error binding dn=\"%s\" parameter:\n",
+ ndn->bv_val, tbbDN.bv_val, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+ res = LDAP_OTHER;
+ goto done;
+ }
+
+ rc = SQLExecute( sth );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): "
+ "error executing query (\"%s\", \"%s\"):\n",
+ ndn->bv_val, bi->sql_id_query, tbbDN.bv_val );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+ res = LDAP_OTHER;
+ goto done;
+ }
+
+ backsql_BindRowAsStrings_x( sth, &row, op->o_tmpmemctx );
+ rc = SQLFetch( sth );
+ if ( BACKSQL_SUCCESS( rc ) ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+#ifdef LDAP_DEBUG
+ snprintf( buf, sizeof(buf),
+ "id=%s keyval=%s oc_id=%s dn=%s",
+ row.cols[ 0 ], row.cols[ 1 ],
+ row.cols[ 2 ], row.cols[ 3 ] );
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_dn2id(\"%s\"): %s\n",
+ ndn->bv_val, buf, 0 );
+#endif /* LDAP_DEBUG */
+
+ res = LDAP_SUCCESS;
+ if ( id != NULL ) {
+ struct berval dn;
+
+ id->eid_next = NULL;
+
+#ifdef BACKSQL_ARBITRARY_KEY
+ ber_str2bv_x( row.cols[ 0 ], 0, 1, &id->eid_id,
+ op->o_tmpmemctx );
+ ber_str2bv_x( row.cols[ 1 ], 0, 1, &id->eid_keyval,
+ op->o_tmpmemctx );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ if ( lutil_atoulx( &id->eid_id, row.cols[ 0 ], 0 ) != 0 ) {
+ res = LDAP_OTHER;
+ goto done;
+ }
+ if ( lutil_atoulx( &id->eid_keyval, row.cols[ 1 ], 0 ) != 0 ) {
+ res = LDAP_OTHER;
+ goto done;
+ }
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+ if ( lutil_atoulx( &id->eid_oc_id, row.cols[ 2 ], 0 ) != 0 ) {
+ res = LDAP_OTHER;
+ goto done;
+ }
+
+ ber_str2bv( row.cols[ 3 ], 0, 0, &dn );
+
+ if ( backsql_api_odbc2dn( op, rs, &dn ) ) {
+ res = LDAP_OTHER;
+ goto done;
+ }
+
+ res = dnPrettyNormal( NULL, &dn,
+ &id->eid_dn, &id->eid_ndn,
+ op->o_tmpmemctx );
+ if ( res != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_dn2id(\"%s\"): "
+ "dnPrettyNormal failed (%d: %s)\n",
+ realndn.bv_val, res,
+ ldap_err2string( res ) );
+
+ /* cleanup... */
+ (void)backsql_free_entryID( op, id, 0 );
+ }
+
+ if ( dn.bv_val != row.cols[ 3 ] ) {
+ free( dn.bv_val );
+ }
+ }
+
+ } else {
+ res = LDAP_NO_SUCH_OBJECT;
+ if ( matched ) {
+ struct berval pdn = *ndn;
+
+ /*
+ * Look for matched
+ */
+ rs->sr_matched = NULL;
+ while ( !be_issuffix( op->o_bd, &pdn ) ) {
+ char *matchedDN = NULL;
+
+ dnParent( &pdn, &pdn );
+
+ /*
+ * Empty DN ("") defaults to LDAP_SUCCESS
+ */
+ rs->sr_err = backsql_dn2id( op, rs, dbh, &pdn, id, 0, 1 );
+ switch ( rs->sr_err ) {
+ case LDAP_NO_SUCH_OBJECT:
+ /* try another one */
+ break;
+
+ case LDAP_SUCCESS:
+ matchedDN = pdn.bv_val;
+ /* fail over to next case */
+
+ default:
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_matched = matchedDN;
+ goto done;
+ }
+ }
+ }
+ }
+
+done:;
+ backsql_FreeRow_x( &row, op->o_tmpmemctx );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_dn2id(\"%s\"): err=%d\n",
+ ndn->bv_val, res, 0 );
+ if ( sth != SQL_NULL_HSTMT ) {
+ SQLFreeStmt( sth, SQL_DROP );
+ }
+
+ if ( !BER_BVISNULL( &realndn ) && realndn.bv_val != ndn->bv_val ) {
+ ch_free( realndn.bv_val );
+ }
+
+ return res;
+}
+
+int
+backsql_count_children(
+ Operation *op,
+ SQLHDBC dbh,
+ struct berval *dn,
+ unsigned long *nchildren )
+{
+ backsql_info *bi = (backsql_info *)op->o_bd->be_private;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
+ BACKSQL_ROW_NTS row;
+ RETCODE rc;
+ int res = LDAP_SUCCESS;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_count_children(): dn=\"%s\"\n",
+ dn->bv_val, 0, 0 );
+
+ if ( dn->bv_len > BACKSQL_MAX_DN_LEN ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "backsql_count_children(): DN \"%s\" (%ld bytes) "
+ "exceeds max DN length (%d):\n",
+ dn->bv_val, dn->bv_len, BACKSQL_MAX_DN_LEN );
+ return LDAP_OTHER;
+ }
+
+ /* begin TimesTen */
+ Debug(LDAP_DEBUG_TRACE, "children id query \"%s\"\n",
+ bi->sql_has_children_query, 0, 0);
+ assert( bi->sql_has_children_query != NULL );
+ rc = backsql_Prepare( dbh, &sth, bi->sql_has_children_query, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "backsql_count_children(): error preparing SQL:\n%s",
+ bi->sql_has_children_query, 0, 0);
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+ return LDAP_OTHER;
+ }
+
+ rc = backsql_BindParamBerVal( sth, 1, SQL_PARAM_INPUT, dn );
+ if ( rc != SQL_SUCCESS) {
+ /* end TimesTen */
+ Debug( LDAP_DEBUG_TRACE, "backsql_count_children(): "
+ "error binding dn=\"%s\" parameter:\n",
+ dn->bv_val, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+ return LDAP_OTHER;
+ }
+
+ rc = SQLExecute( sth );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_count_children(): "
+ "error executing query (\"%s\", \"%s\"):\n",
+ bi->sql_has_children_query, dn->bv_val, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+ return LDAP_OTHER;
+ }
+
+ backsql_BindRowAsStrings_x( sth, &row, op->o_tmpmemctx );
+
+ rc = SQLFetch( sth );
+ if ( BACKSQL_SUCCESS( rc ) ) {
+ char *end;
+
+ *nchildren = strtol( row.cols[ 0 ], &end, 0 );
+ if ( end == row.cols[ 0 ] ) {
+ res = LDAP_OTHER;
+
+ } else {
+ switch ( end[ 0 ] ) {
+ case '\0':
+ break;
+
+ case '.': {
+ unsigned long ul;
+
+ /* FIXME: braindead RDBMSes return
+ * a fractional number from COUNT!
+ */
+ if ( lutil_atoul( &ul, end + 1 ) != 0 || ul != 0 ) {
+ res = LDAP_OTHER;
+ }
+ } break;
+
+ default:
+ res = LDAP_OTHER;
+ }
+ }
+
+ } else {
+ res = LDAP_OTHER;
+ }
+ backsql_FreeRow_x( &row, op->o_tmpmemctx );
+
+ SQLFreeStmt( sth, SQL_DROP );
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_count_children(): %lu\n",
+ *nchildren, 0, 0 );
+
+ return res;
+}
+
+int
+backsql_has_children(
+ Operation *op,
+ SQLHDBC dbh,
+ struct berval *dn )
+{
+ unsigned long nchildren;
+ int rc;
+
+ rc = backsql_count_children( op, dbh, dn, &nchildren );
+
+ if ( rc == LDAP_SUCCESS ) {
+ return nchildren > 0 ? LDAP_COMPARE_TRUE : LDAP_COMPARE_FALSE;
+ }
+
+ return rc;
+}
+
+static int
+backsql_get_attr_vals( void *v_at, void *v_bsi )
+{
+ backsql_at_map_rec *at = v_at;
+ backsql_srch_info *bsi = v_bsi;
+ backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
+ RETCODE rc;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
+ BACKSQL_ROW_NTS row;
+ unsigned long i,
+ k = 0,
+ oldcount = 0,
+ res = 0;
+#ifdef BACKSQL_COUNTQUERY
+ unsigned count,
+ j,
+ append = 0;
+ SQLLEN countsize = sizeof( count );
+ Attribute *attr = NULL;
+
+ slap_mr_normalize_func *normfunc = NULL;
+#endif /* BACKSQL_COUNTQUERY */
+#ifdef BACKSQL_PRETTY_VALIDATE
+ slap_syntax_validate_func *validate = NULL;
+ slap_syntax_transform_func *pretty = NULL;
+#endif /* BACKSQL_PRETTY_VALIDATE */
+
+ assert( at != NULL );
+ assert( bsi != NULL );
+
+#ifdef BACKSQL_ARBITRARY_KEY
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_get_attr_vals(): "
+ "oc=\"%s\" attr=\"%s\" keyval=%s\n",
+ BACKSQL_OC_NAME( bsi->bsi_oc ), at->bam_ad->ad_cname.bv_val,
+ bsi->bsi_c_eid->eid_keyval.bv_val );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_get_attr_vals(): "
+ "oc=\"%s\" attr=\"%s\" keyval=%ld\n",
+ BACKSQL_OC_NAME( bsi->bsi_oc ), at->bam_ad->ad_cname.bv_val,
+ bsi->bsi_c_eid->eid_keyval );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+#ifdef BACKSQL_PRETTY_VALIDATE
+ validate = at->bam_ad->ad_type->sat_syntax->ssyn_validate;
+ pretty = at->bam_ad->ad_type->sat_syntax->ssyn_pretty;
+
+ if ( validate == NULL && pretty == NULL ) {
+ return 1;
+ }
+#endif /* BACKSQL_PRETTY_VALIDATE */
+
+#ifdef BACKSQL_COUNTQUERY
+ if ( at->bam_ad->ad_type->sat_equality ) {
+ normfunc = at->bam_ad->ad_type->sat_equality->smr_normalize;
+ }
+
+ /* Count how many rows will be returned. This avoids memory
+ * fragmentation that can result from loading the values in
+ * one by one and using realloc()
+ */
+ rc = backsql_Prepare( bsi->bsi_dbh, &sth, at->bam_countquery, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
+ "error preparing count query: %s\n",
+ at->bam_countquery, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
+ return 1;
+ }
+
+ rc = backsql_BindParamID( sth, 1, SQL_PARAM_INPUT,
+ &bsi->bsi_c_eid->eid_keyval );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
+ "error binding key value parameter\n", 0, 0, 0 );
+ SQLFreeStmt( sth, SQL_DROP );
+ return 1;
+ }
+
+ rc = SQLExecute( sth );
+ if ( ! BACKSQL_SUCCESS( rc ) ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
+ "error executing attribute count query '%s'\n",
+ at->bam_countquery, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+ return 1;
+ }
+
+ SQLBindCol( sth, (SQLUSMALLINT)1, SQL_C_LONG,
+ (SQLPOINTER)&count,
+ (SQLINTEGER)sizeof( count ),
+ &countsize );
+
+ rc = SQLFetch( sth );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
+ "error fetch results of count query: %s\n",
+ at->bam_countquery, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+ return 1;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
+ "number of values in query: %u\n", count, 0, 0 );
+ SQLFreeStmt( sth, SQL_DROP );
+ if ( count == 0 ) {
+ return 1;
+ }
+
+ attr = attr_find( bsi->bsi_e->e_attrs, at->bam_ad );
+ if ( attr != NULL ) {
+ BerVarray tmp;
+
+ if ( attr->a_vals != NULL ) {
+ for ( ; !BER_BVISNULL( &attr->a_vals[ oldcount ] ); oldcount++ )
+ /* just count */ ;
+ }
+
+ tmp = ch_realloc( attr->a_vals, ( oldcount + count + 1 ) * sizeof( struct berval ) );
+ if ( tmp == NULL ) {
+ return 1;
+ }
+ attr->a_vals = tmp;
+ memset( &attr->a_vals[ oldcount ], 0, ( count + 1 ) * sizeof( struct berval ) );
+
+ if ( normfunc ) {
+ tmp = ch_realloc( attr->a_nvals, ( oldcount + count + 1 ) * sizeof( struct berval ) );
+ if ( tmp == NULL ) {
+ return 1;
+ }
+ attr->a_nvals = tmp;
+ memset( &attr->a_nvals[ oldcount ], 0, ( count + 1 ) * sizeof( struct berval ) );
+
+ } else {
+ attr->a_nvals = attr->a_vals;
+ }
+
+ } else {
+ append = 1;
+
+ /* Make space for the array of values */
+ attr = (Attribute *) ch_malloc( sizeof( Attribute ) );
+ attr->a_desc = at->bam_ad;
+ attr->a_flags = 0;
+ attr->a_next = NULL;
+ attr->a_vals = ch_calloc( count + 1, sizeof( struct berval ) );
+ if ( attr->a_vals == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "Out of memory!\n", 0,0,0 );
+ ch_free( attr );
+ return 1;
+ }
+ memset( attr->a_vals, 0, ( count + 1 ) * sizeof( struct berval ) );
+ if ( normfunc ) {
+ attr->a_nvals = ch_calloc( count + 1, sizeof( struct berval ) );
+ if ( attr->a_nvals == NULL ) {
+ ch_free( attr->a_vals );
+ ch_free( attr );
+ return 1;
+
+ } else {
+ memset( attr->a_nvals, 0, ( count + 1 ) * sizeof( struct berval ) );
+ }
+
+ } else {
+ attr->a_nvals = attr->a_vals;
+ }
+ }
+#endif /* BACKSQL_COUNTQUERY */
+
+ rc = backsql_Prepare( bsi->bsi_dbh, &sth, at->bam_query, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
+ "error preparing query: %s\n", at->bam_query, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
+#ifdef BACKSQL_COUNTQUERY
+ if ( append ) {
+ attr_free( attr );
+ }
+#endif /* BACKSQL_COUNTQUERY */
+ return 1;
+ }
+
+ rc = backsql_BindParamID( sth, 1, SQL_PARAM_INPUT,
+ &bsi->bsi_c_eid->eid_keyval );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
+ "error binding key value parameter\n", 0, 0, 0 );
+#ifdef BACKSQL_COUNTQUERY
+ if ( append ) {
+ attr_free( attr );
+ }
+#endif /* BACKSQL_COUNTQUERY */
+ return 1;
+ }
+
+#ifdef BACKSQL_TRACE
+#ifdef BACKSQL_ARBITRARY_KEY
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
+ "query=\"%s\" keyval=%s\n", at->bam_query,
+ bsi->bsi_c_eid->eid_keyval.bv_val, 0 );
+#else /* !BACKSQL_ARBITRARY_KEY */
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
+ "query=\"%s\" keyval=%d\n", at->bam_query,
+ bsi->bsi_c_eid->eid_keyval, 0 );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+#endif /* BACKSQL_TRACE */
+
+ rc = SQLExecute( sth );
+ if ( ! BACKSQL_SUCCESS( rc ) ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
+ "error executing attribute query \"%s\"\n",
+ at->bam_query, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+#ifdef BACKSQL_COUNTQUERY
+ if ( append ) {
+ attr_free( attr );
+ }
+#endif /* BACKSQL_COUNTQUERY */
+ return 1;
+ }
+
+ backsql_BindRowAsStrings_x( sth, &row, bsi->bsi_op->o_tmpmemctx );
+#ifdef BACKSQL_COUNTQUERY
+ j = oldcount;
+#endif /* BACKSQL_COUNTQUERY */
+ for ( rc = SQLFetch( sth ), k = 0;
+ BACKSQL_SUCCESS( rc );
+ rc = SQLFetch( sth ), k++ )
+ {
+ for ( i = 0; i < (unsigned long)row.ncols; i++ ) {
+
+ if ( row.value_len[ i ] > 0 ) {
+ struct berval bv;
+ int retval;
+#ifdef BACKSQL_TRACE
+ AttributeDescription *ad = NULL;
+ const char *text;
+
+ retval = slap_bv2ad( &row.col_names[ i ], &ad, &text );
+ if ( retval != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "==>backsql_get_attr_vals(\"%s\"): "
+ "unable to find AttributeDescription %s "
+ "in schema (%d)\n",
+ bsi->bsi_e->e_name.bv_val,
+ row.col_names[ i ].bv_val, retval );
+ res = 1;
+ goto done;
+ }
+
+ if ( ad != at->bam_ad ) {
+ Debug( LDAP_DEBUG_ANY,
+ "==>backsql_get_attr_vals(\"%s\"): "
+ "column name %s differs from "
+ "AttributeDescription %s\n",
+ bsi->bsi_e->e_name.bv_val,
+ ad->ad_cname.bv_val,
+ at->bam_ad->ad_cname.bv_val );
+ res = 1;
+ goto done;
+ }
+#endif /* BACKSQL_TRACE */
+
+ /*
+ * FIXME: what if a binary
+ * is fetched?
+ */
+ ber_str2bv( row.cols[ i ], 0, 0, &bv );
+
+#ifdef BACKSQL_PRETTY_VALIDATE
+ if ( pretty ) {
+ struct berval pbv;
+
+ retval = pretty( at->bam_ad->ad_type->sat_syntax,
+ &bv, &pbv, bsi->bsi_op->o_tmpmemctx );
+ bv = pbv;
+
+ } else {
+ retval = validate( at->bam_ad->ad_type->sat_syntax,
+ &bv );
+ }
+
+ if ( retval != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ /* FIXME: we're ignoring invalid values,
+ * but we're accepting the attributes;
+ * should we fail at all? */
+ snprintf( buf, sizeof( buf ),
+ "unable to %s value #%lu "
+ "of AttributeDescription %s",
+ pretty ? "prettify" : "validate",
+ k - oldcount,
+ at->bam_ad->ad_cname.bv_val );
+ Debug( LDAP_DEBUG_TRACE,
+ "==>backsql_get_attr_vals(\"%s\"): "
+ "%s (%d)\n",
+ bsi->bsi_e->e_name.bv_val, buf, retval );
+ continue;
+ }
+#endif /* BACKSQL_PRETTY_VALIDATE */
+
+#ifndef BACKSQL_COUNTQUERY
+ (void)backsql_entry_addattr( bsi->bsi_e,
+ at->bam_ad, &bv,
+ bsi->bsi_op->o_tmpmemctx );
+
+#else /* BACKSQL_COUNTQUERY */
+ if ( normfunc ) {
+ struct berval nbv;
+
+ retval = (*normfunc)( SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ at->bam_ad->ad_type->sat_syntax,
+ at->bam_ad->ad_type->sat_equality,
+ &bv, &nbv,
+ bsi->bsi_op->o_tmpmemctx );
+
+ if ( retval != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ /* FIXME: we're ignoring invalid values,
+ * but we're accepting the attributes;
+ * should we fail at all? */
+ snprintf( buf, sizeof( buf ),
+ "unable to normalize value #%lu "
+ "of AttributeDescription %s",
+ k - oldcount,
+ at->bam_ad->ad_cname.bv_val );
+ Debug( LDAP_DEBUG_TRACE,
+ "==>backsql_get_attr_vals(\"%s\"): "
+ "%s (%d)\n",
+ bsi->bsi_e->e_name.bv_val, buf, retval );
+
+#ifdef BACKSQL_PRETTY_VALIDATE
+ if ( pretty ) {
+ bsi->bsi_op->o_tmpfree( bv.bv_val,
+ bsi->bsi_op->o_tmpmemctx );
+ }
+#endif /* BACKSQL_PRETTY_VALIDATE */
+
+ continue;
+ }
+ ber_dupbv( &attr->a_nvals[ j ], &nbv );
+ bsi->bsi_op->o_tmpfree( nbv.bv_val,
+ bsi->bsi_op->o_tmpmemctx );
+ }
+
+ ber_dupbv( &attr->a_vals[ j ], &bv );
+
+ assert( j < oldcount + count );
+ j++;
+#endif /* BACKSQL_COUNTQUERY */
+
+#ifdef BACKSQL_PRETTY_VALIDATE
+ if ( pretty ) {
+ bsi->bsi_op->o_tmpfree( bv.bv_val,
+ bsi->bsi_op->o_tmpmemctx );
+ }
+#endif /* BACKSQL_PRETTY_VALIDATE */
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "prec=%d\n",
+ (int)row.col_prec[ i ], 0, 0 );
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE, "NULL value "
+ "in this row for attribute \"%s\"\n",
+ row.col_names[ i ].bv_val, 0, 0 );
+#endif /* BACKSQL_TRACE */
+ }
+ }
+ }
+
+#ifdef BACKSQL_COUNTQUERY
+ if ( BER_BVISNULL( &attr->a_vals[ 0 ] ) ) {
+ /* don't leave around attributes with no values */
+ attr_free( attr );
+
+ } else if ( append ) {
+ Attribute **ap;
+
+ for ( ap = &bsi->bsi_e->e_attrs; (*ap) != NULL; ap = &(*ap)->a_next )
+ /* goto last */ ;
+ *ap = attr;
+ }
+#endif /* BACKSQL_COUNTQUERY */
+
+ SQLFreeStmt( sth, SQL_DROP );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_get_attr_vals()\n", 0, 0, 0 );
+
+ if ( at->bam_next ) {
+ res = backsql_get_attr_vals( at->bam_next, v_bsi );
+ } else {
+ res = 1;
+ }
+
+#ifdef BACKSQL_TRACE
+done:;
+#endif /* BACKSQL_TRACE */
+ backsql_FreeRow_x( &row, bsi->bsi_op->o_tmpmemctx );
+
+ return res;
+}
+
+int
+backsql_id2entry( backsql_srch_info *bsi, backsql_entryID *eid )
+{
+ Operation *op = bsi->bsi_op;
+ backsql_info *bi = (backsql_info *)op->o_bd->be_private;
+ int i;
+ int rc;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_id2entry()\n", 0, 0, 0 );
+
+ assert( bsi->bsi_e != NULL );
+
+ memset( bsi->bsi_e, 0, sizeof( Entry ) );
+
+ if ( bi->sql_baseObject && BACKSQL_IS_BASEOBJECT_ID( &eid->eid_id ) ) {
+ Entry *e;
+
+ e = entry_dup( bi->sql_baseObject );
+ if ( e == NULL ) {
+ return LDAP_NO_MEMORY;
+ }
+
+ *bsi->bsi_e = *e;
+ free( e );
+ goto done;
+ }
+
+ ber_dupbv_x( &bsi->bsi_e->e_name, &eid->eid_dn, op->o_tmpmemctx );
+ ber_dupbv_x( &bsi->bsi_e->e_nname, &eid->eid_ndn, op->o_tmpmemctx );
+
+ bsi->bsi_e->e_attrs = NULL;
+ bsi->bsi_e->e_private = NULL;
+
+ bsi->bsi_oc = backsql_id2oc( bsi->bsi_op->o_bd->be_private,
+ eid->eid_oc_id );
+ bsi->bsi_c_eid = eid;
+
+#ifndef BACKSQL_ARBITRARY_KEY
+ /* FIXME: unused */
+ bsi->bsi_e->e_id = eid->eid_id;
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+ rc = attr_merge_normalize_one( bsi->bsi_e,
+ slap_schema.si_ad_objectClass,
+ &bsi->bsi_oc->bom_oc->soc_cname,
+ bsi->bsi_op->o_tmpmemctx );
+ if ( rc != LDAP_SUCCESS ) {
+ backsql_entry_clean( op, bsi->bsi_e );
+ return rc;
+ }
+
+ if ( bsi->bsi_attrs == NULL || ( bsi->bsi_flags & BSQL_SF_ALL_USER ) )
+ {
+ Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "
+ "retrieving all attributes\n", 0, 0, 0 );
+ avl_apply( bsi->bsi_oc->bom_attrs, backsql_get_attr_vals,
+ bsi, 0, AVL_INORDER );
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "
+ "custom attribute list\n", 0, 0, 0 );
+ for ( i = 0; !BER_BVISNULL( &bsi->bsi_attrs[ i ].an_name ); i++ ) {
+ backsql_at_map_rec **vat;
+ AttributeName *an = &bsi->bsi_attrs[ i ];
+ int j;
+
+ /* if one of the attributes listed here is
+ * a subtype of another, it must be ignored,
+ * because subtypes are already dealt with
+ * by backsql_supad2at()
+ */
+ for ( j = 0; !BER_BVISNULL( &bsi->bsi_attrs[ j ].an_name ); j++ ) {
+ /* skip self */
+ if ( j == i ) {
+ continue;
+ }
+
+ /* skip subtypes */
+ if ( is_at_subtype( an->an_desc->ad_type,
+ bsi->bsi_attrs[ j ].an_desc->ad_type ) )
+ {
+ goto next;
+ }
+ }
+
+ rc = backsql_supad2at( bsi->bsi_oc, an->an_desc, &vat );
+ if ( rc != 0 || vat == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "
+ "attribute \"%s\" is not defined "
+ "for objectlass \"%s\"\n",
+ an->an_name.bv_val,
+ BACKSQL_OC_NAME( bsi->bsi_oc ), 0 );
+ continue;
+ }
+
+ for ( j = 0; vat[j]; j++ ) {
+ backsql_get_attr_vals( vat[j], bsi );
+ }
+
+ ch_free( vat );
+
+next:;
+ }
+ }
+
+ if ( bsi->bsi_flags & BSQL_SF_RETURN_ENTRYUUID ) {
+ Attribute *a_entryUUID,
+ **ap;
+
+ a_entryUUID = backsql_operational_entryUUID( bi, eid );
+ if ( a_entryUUID != NULL ) {
+ for ( ap = &bsi->bsi_e->e_attrs;
+ *ap;
+ ap = &(*ap)->a_next );
+
+ *ap = a_entryUUID;
+ }
+ }
+
+ if ( ( bsi->bsi_flags & BSQL_SF_ALL_OPER )
+ || an_find( bsi->bsi_attrs, &AllOper )
+ || an_find( bsi->bsi_attrs, &slap_schema.si_ad_structuralObjectClass->ad_cname ) )
+ {
+ if ( BACKSQL_CHECK_SCHEMA( bi ) ) {
+ Attribute *a;
+ const char *text = NULL;
+ char textbuf[ 1024 ];
+ size_t textlen = sizeof( textbuf );
+ struct berval soc,
+ bv[ 2 ],
+ *nvals;
+ int rc = LDAP_SUCCESS;
+
+ a = attr_find( bsi->bsi_e->e_attrs,
+ slap_schema.si_ad_objectClass );
+ if ( a != NULL ) {
+ nvals = a->a_nvals;
+
+ } else {
+ bv[ 0 ] = bsi->bsi_oc->bom_oc->soc_cname;
+ BER_BVZERO( &bv[ 1 ] );
+ nvals = bv;
+ }
+
+ rc = structural_class( nvals, &soc, NULL,
+ &text, textbuf, textlen );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(%s): "
+ "structural_class() failed %d (%s)\n",
+ bsi->bsi_e->e_name.bv_val,
+ rc, text ? text : "" );
+ backsql_entry_clean( op, bsi->bsi_e );
+ return rc;
+ }
+
+ if ( !bvmatch( &soc, &bsi->bsi_oc->bom_oc->soc_cname ) ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(%s): "
+ "computed structuralObjectClass %s "
+ "does not match objectClass %s associated "
+ "to entry\n",
+ bsi->bsi_e->e_name.bv_val, soc.bv_val,
+ bsi->bsi_oc->bom_oc->soc_cname.bv_val );
+ backsql_entry_clean( op, bsi->bsi_e );
+ return rc;
+ }
+ }
+
+ rc = attr_merge_normalize_one( bsi->bsi_e,
+ slap_schema.si_ad_structuralObjectClass,
+ &bsi->bsi_oc->bom_oc->soc_cname,
+ bsi->bsi_op->o_tmpmemctx );
+ if ( rc != LDAP_SUCCESS ) {
+ backsql_entry_clean( op, bsi->bsi_e );
+ return rc;
+ }
+ }
+
+done:;
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_id2entry()\n", 0, 0, 0 );
+
+ return LDAP_SUCCESS;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/init.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/init.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/init.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,602 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/init.c,v 1.47.2.13 2007/01/02 21:44:07 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+#include "ac/string.h"
+
+#include "slap.h"
+#include "proto-sql.h"
+
+int
+sql_back_initialize(
+ BackendInfo *bi )
+{
+ static char *controls[] = {
+ LDAP_CONTROL_ASSERT,
+ LDAP_CONTROL_MANAGEDSAIT,
+ LDAP_CONTROL_NOOP,
+#if 0 /* SLAP_CONTROL_X_TREE_DELETE */
+ SLAP_CONTROL_X_TREE_DELETE,
+#endif /* SLAP_CONTROL_X_TREE_DELETE */
+ NULL
+ };
+
+ bi->bi_controls = controls;
+
+ bi->bi_flags |=
+#if 0
+ SLAP_BFLAG_INCREMENT |
+#endif
+ SLAP_BFLAG_REFERRALS;
+
+ Debug( LDAP_DEBUG_TRACE,"==>sql_back_initialize()\n", 0, 0, 0 );
+
+ bi->bi_db_init = backsql_db_init;
+ bi->bi_db_config = backsql_db_config;
+ bi->bi_db_open = backsql_db_open;
+ bi->bi_db_close = backsql_db_close;
+ bi->bi_db_destroy = backsql_db_destroy;
+
+ bi->bi_op_abandon = 0;
+ bi->bi_op_compare = backsql_compare;
+ bi->bi_op_bind = backsql_bind;
+ bi->bi_op_unbind = 0;
+ bi->bi_op_search = backsql_search;
+ bi->bi_op_modify = backsql_modify;
+ bi->bi_op_modrdn = backsql_modrdn;
+ bi->bi_op_add = backsql_add;
+ bi->bi_op_delete = backsql_delete;
+
+ bi->bi_chk_referrals = 0;
+ bi->bi_operational = backsql_operational;
+ bi->bi_entry_get_rw = backsql_entry_get;
+ bi->bi_entry_release_rw = backsql_entry_release;
+
+ bi->bi_connection_init = 0;
+ bi->bi_connection_destroy = backsql_connection_destroy;
+
+ Debug( LDAP_DEBUG_TRACE,"<==sql_back_initialize()\n", 0, 0, 0 );
+ return 0;
+}
+
+int
+backsql_destroy(
+ BackendInfo *bi )
+{
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_destroy()\n", 0, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_destroy()\n", 0, 0, 0 );
+ return 0;
+}
+
+int
+backsql_db_init(
+ BackendDB *bd )
+{
+ backsql_info *bi;
+ int rc = 0;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_db_init()\n", 0, 0, 0 );
+
+ bi = (backsql_info *)ch_calloc( 1, sizeof( backsql_info ) );
+ ldap_pvt_thread_mutex_init( &bi->sql_dbconn_mutex );
+ ldap_pvt_thread_mutex_init( &bi->sql_schema_mutex );
+
+ if ( backsql_init_db_env( bi ) != SQL_SUCCESS ) {
+ rc = -1;
+ }
+
+ bd->be_private = bi;
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_init()\n", 0, 0, 0 );
+
+ return rc;
+}
+
+int
+backsql_db_destroy(
+ BackendDB *bd )
+{
+ backsql_info *bi = (backsql_info*)bd->be_private;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_db_destroy()\n", 0, 0, 0 );
+
+ ldap_pvt_thread_mutex_lock( &bi->sql_dbconn_mutex );
+ backsql_free_db_env( bi );
+ ldap_pvt_thread_mutex_unlock( &bi->sql_dbconn_mutex );
+ ldap_pvt_thread_mutex_destroy( &bi->sql_dbconn_mutex );
+ ldap_pvt_thread_mutex_lock( &bi->sql_schema_mutex );
+ backsql_destroy_schema_map( bi );
+ ldap_pvt_thread_mutex_unlock( &bi->sql_schema_mutex );
+ ldap_pvt_thread_mutex_destroy( &bi->sql_schema_mutex );
+
+ if ( bi->sql_dbname ) {
+ ch_free( bi->sql_dbname );
+ }
+ if ( bi->sql_dbuser ) {
+ ch_free( bi->sql_dbuser );
+ }
+ if ( bi->sql_dbpasswd ) {
+ ch_free( bi->sql_dbpasswd );
+ }
+ if ( bi->sql_dbhost ) {
+ ch_free( bi->sql_dbhost );
+ }
+ if ( bi->sql_upper_func.bv_val ) {
+ ch_free( bi->sql_upper_func.bv_val );
+ ch_free( bi->sql_upper_func_open.bv_val );
+ ch_free( bi->sql_upper_func_close.bv_val );
+ }
+ if ( bi->sql_concat_func ) {
+ ber_bvarray_free( bi->sql_concat_func );
+ }
+ if ( !BER_BVISNULL( &bi->sql_strcast_func ) ) {
+ ch_free( bi->sql_strcast_func.bv_val );
+ }
+ if ( !BER_BVISNULL( &bi->sql_children_cond ) ) {
+ ch_free( bi->sql_children_cond.bv_val );
+ }
+ if ( !BER_BVISNULL( &bi->sql_subtree_cond ) ) {
+ ch_free( bi->sql_subtree_cond.bv_val );
+ }
+ if ( !BER_BVISNULL( &bi->sql_dn_oc_aliasing ) ) {
+ ch_free( bi->sql_dn_oc_aliasing.bv_val );
+ }
+ if ( bi->sql_oc_query ) {
+ ch_free( bi->sql_oc_query );
+ }
+ if ( bi->sql_at_query ) {
+ ch_free( bi->sql_at_query );
+ }
+ if ( bi->sql_id_query ) {
+ ch_free( bi->sql_id_query );
+ }
+ if ( bi->sql_has_children_query ) {
+ ch_free( bi->sql_has_children_query );
+ }
+ if ( bi->sql_insentry_stmt ) {
+ ch_free( bi->sql_insentry_stmt );
+ }
+ if ( bi->sql_delentry_stmt ) {
+ ch_free( bi->sql_delentry_stmt );
+ }
+ if ( bi->sql_renentry_stmt ) {
+ ch_free( bi->sql_renentry_stmt );
+ }
+ if ( bi->sql_delobjclasses_stmt ) {
+ ch_free( bi->sql_delobjclasses_stmt );
+ }
+ if ( !BER_BVISNULL( &bi->sql_aliasing ) ) {
+ ch_free( bi->sql_aliasing.bv_val );
+ }
+ if ( !BER_BVISNULL( &bi->sql_aliasing_quote ) ) {
+ ch_free( bi->sql_aliasing_quote.bv_val );
+ }
+
+ if ( bi->sql_anlist ) {
+ int i;
+
+ for ( i = 0; !BER_BVISNULL( &bi->sql_anlist[ i ].an_name ); i++ )
+ {
+ ch_free( bi->sql_anlist[ i ].an_name.bv_val );
+ }
+ ch_free( bi->sql_anlist );
+ }
+
+ if ( bi->sql_baseObject ) {
+ entry_free( bi->sql_baseObject );
+ }
+
+ ch_free( bi );
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_destroy()\n", 0, 0, 0 );
+ return 0;
+}
+
+int
+backsql_db_open(
+ BackendDB *bd )
+{
+ backsql_info *bi = (backsql_info*)bd->be_private;
+ SQLHDBC dbh = SQL_NULL_HDBC;
+ struct berbuf bb = BB_NULL;
+
+ OperationBuffer opbuf;
+ Operation* op = (Operation *) &opbuf;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_db_open(): "
+ "testing RDBMS connection\n", 0, 0, 0 );
+ if ( bi->sql_dbname == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "datasource name not specified "
+ "(use \"dbname\" directive in slapd.conf)\n", 0, 0, 0 );
+ return 1;
+ }
+
+ if ( bi->sql_concat_func == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "concat func not specified (use \"concat_pattern\" "
+ "directive in slapd.conf)\n", 0, 0, 0 );
+
+ if ( backsql_split_pattern( backsql_def_concat_func,
+ &bi->sql_concat_func, 2 ) ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "unable to parse pattern \"%s\"",
+ backsql_def_concat_func, 0, 0 );
+ return 1;
+ }
+ }
+
+ /*
+ * see back-sql.h for default values
+ */
+ if ( BER_BVISNULL( &bi->sql_aliasing ) ) {
+ ber_str2bv( BACKSQL_ALIASING,
+ STRLENOF( BACKSQL_ALIASING ),
+ 1, &bi->sql_aliasing );
+ }
+
+ if ( BER_BVISNULL( &bi->sql_aliasing_quote ) ) {
+ ber_str2bv( BACKSQL_ALIASING_QUOTE,
+ STRLENOF( BACKSQL_ALIASING_QUOTE ),
+ 1, &bi->sql_aliasing_quote );
+ }
+
+ /*
+ * Prepare cast string as required
+ */
+ if ( bi->sql_upper_func.bv_val ) {
+ char buf[1024];
+
+ if ( BACKSQL_UPPER_NEEDS_CAST( bi ) ) {
+ snprintf( buf, sizeof( buf ),
+ "%s(cast (" /* ? as varchar(%d))) */ ,
+ bi->sql_upper_func.bv_val );
+ ber_str2bv( buf, 0, 1, &bi->sql_upper_func_open );
+
+ snprintf( buf, sizeof( buf ),
+ /* (cast(? */ " as varchar(%d)))",
+ BACKSQL_MAX_DN_LEN );
+ ber_str2bv( buf, 0, 1, &bi->sql_upper_func_close );
+
+ } else {
+ snprintf( buf, sizeof( buf ), "%s(" /* ?) */ ,
+ bi->sql_upper_func.bv_val );
+ ber_str2bv( buf, 0, 1, &bi->sql_upper_func_open );
+
+ ber_str2bv( /* (? */ ")", 0, 1, &bi->sql_upper_func_close );
+ }
+ }
+
+ /* normalize filter values only if necessary */
+ bi->sql_caseIgnoreMatch = mr_find( "caseIgnoreMatch" );
+ assert( bi->sql_caseIgnoreMatch != NULL );
+
+ bi->sql_telephoneNumberMatch = mr_find( "telephoneNumberMatch" );
+ assert( bi->sql_telephoneNumberMatch != NULL );
+
+ if ( bi->sql_dbuser == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "user name not specified "
+ "(use \"dbuser\" directive in slapd.conf)\n", 0, 0, 0 );
+ return 1;
+ }
+
+ if ( BER_BVISNULL( &bi->sql_subtree_cond ) ) {
+ /*
+ * Prepare concat function for subtree search condition
+ */
+ struct berval concat;
+ struct berval values[] = {
+ BER_BVC( "'%'" ),
+ BER_BVC( "?" ),
+ BER_BVNULL
+ };
+ struct berbuf bb = BB_NULL;
+
+ if ( backsql_prepare_pattern( bi->sql_concat_func, values,
+ &concat ) ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "unable to prepare CONCAT pattern", 0, 0, 0 );
+ return 1;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "subtree search SQL condition not specified "
+ "(use \"subtree_cond\" directive in slapd.conf)\n",
+ 0, 0, 0);
+
+ if ( bi->sql_upper_func.bv_val ) {
+
+ /*
+ * UPPER(ldap_entries.dn) LIKE UPPER(CONCAT('%',?))
+ */
+
+ backsql_strfcat_x( &bb, NULL, "blbbb",
+ &bi->sql_upper_func,
+ (ber_len_t)STRLENOF( "(ldap_entries.dn) LIKE " ),
+ "(ldap_entries.dn) LIKE ",
+ &bi->sql_upper_func_open,
+ &concat,
+ &bi->sql_upper_func_close );
+
+ } else {
+
+ /*
+ * ldap_entries.dn LIKE CONCAT('%',?)
+ */
+
+ backsql_strfcat_x( &bb, NULL, "lb",
+ (ber_len_t)STRLENOF( "ldap_entries.dn LIKE " ),
+ "ldap_entries.dn LIKE ",
+ &concat );
+ }
+
+ ch_free( concat.bv_val );
+
+ bi->sql_subtree_cond = bb.bb_val;
+
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "setting \"%s\" as default\n",
+ bi->sql_subtree_cond.bv_val, 0, 0 );
+ }
+
+ if ( bi->sql_children_cond.bv_val == NULL ) {
+ struct berbuf bb = BB_NULL;
+
+ if ( bi->sql_upper_func.bv_val ) {
+
+ /*
+ * UPPER(ldap_entries.dn) LIKE UPPER(CONCAT('%,',?))
+ */
+
+ backsql_strfcat_x( &bb, NULL, "blbl",
+ &bi->sql_upper_func,
+ (ber_len_t)STRLENOF( "(ldap_entries.dn)=" ),
+ "(ldap_entries.dn)=",
+ &bi->sql_upper_func,
+ (ber_len_t)STRLENOF( "(?)" ), "(?)" );
+
+ } else {
+
+ /*
+ * ldap_entries.dn LIKE CONCAT('%,',?)
+ */
+
+ backsql_strfcat_x( &bb, NULL, "l",
+ (ber_len_t)STRLENOF( "ldap_entries.dn=?" ),
+ "ldap_entries.dn=?");
+ }
+
+ bi->sql_children_cond = bb.bb_val;
+
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "setting \"%s\" as default\n",
+ bi->sql_children_cond.bv_val, 0, 0 );
+ }
+
+ if ( bi->sql_oc_query == NULL ) {
+ if ( BACKSQL_CREATE_NEEDS_SELECT( bi ) ) {
+ bi->sql_oc_query =
+ ch_strdup( backsql_def_needs_select_oc_query );
+
+ } else {
+ bi->sql_oc_query = ch_strdup( backsql_def_oc_query );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "objectclass mapping SQL statement not specified "
+ "(use \"oc_query\" directive in slapd.conf)\n",
+ 0, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "setting \"%s\" by default\n", bi->sql_oc_query, 0, 0 );
+ }
+
+ if ( bi->sql_at_query == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "attribute mapping SQL statement not specified "
+ "(use \"at_query\" directive in slapd.conf)\n",
+ 0, 0, 0 );
+ Debug(LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "setting \"%s\" by default\n",
+ backsql_def_at_query, 0, 0 );
+ bi->sql_at_query = ch_strdup( backsql_def_at_query );
+ }
+
+ if ( bi->sql_insentry_stmt == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "entry insertion SQL statement not specified "
+ "(use \"insentry_stmt\" directive in slapd.conf)\n",
+ 0, 0, 0 );
+ Debug(LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "setting \"%s\" by default\n",
+ backsql_def_insentry_stmt, 0, 0 );
+ bi->sql_insentry_stmt = ch_strdup( backsql_def_insentry_stmt );
+ }
+
+ if ( bi->sql_delentry_stmt == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "entry deletion SQL statement not specified "
+ "(use \"delentry_stmt\" directive in slapd.conf)\n",
+ 0, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "setting \"%s\" by default\n",
+ backsql_def_delentry_stmt, 0, 0 );
+ bi->sql_delentry_stmt = ch_strdup( backsql_def_delentry_stmt );
+ }
+
+ if ( bi->sql_renentry_stmt == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "entry deletion SQL statement not specified "
+ "(use \"renentry_stmt\" directive in slapd.conf)\n",
+ 0, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "setting \"%s\" by default\n",
+ backsql_def_renentry_stmt, 0, 0 );
+ bi->sql_renentry_stmt = ch_strdup( backsql_def_renentry_stmt );
+ }
+
+ if ( bi->sql_delobjclasses_stmt == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "objclasses deletion SQL statement not specified "
+ "(use \"delobjclasses_stmt\" directive in slapd.conf)\n",
+ 0, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "setting \"%s\" by default\n",
+ backsql_def_delobjclasses_stmt, 0, 0 );
+ bi->sql_delobjclasses_stmt = ch_strdup( backsql_def_delobjclasses_stmt );
+ }
+
+ /* This should just be to force schema loading */
+ op->o_hdr = (Opheader *)&op[ 1 ];
+ op->o_connid = (unsigned long)(-1);
+ op->o_bd = bd;
+ if ( backsql_get_db_conn( op, &dbh ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "connection failed, exiting\n", 0, 0, 0 );
+ return 1;
+ }
+
+ if ( backsql_free_db_conn( op ) != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "connection free failed\n", 0, 0, 0 );
+ }
+ if ( !BACKSQL_SCHEMA_LOADED( bi ) ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "test failed, schema map not loaded - exiting\n",
+ 0, 0, 0 );
+ return 1;
+ }
+
+ /*
+ * Prepare ID selection query
+ */
+ if ( bi->sql_id_query == NULL ) {
+ /* no custom id_query provided */
+ if ( bi->sql_upper_func.bv_val == NULL ) {
+ backsql_strcat_x( &bb, NULL, backsql_id_query, "dn=?", NULL );
+
+ } else {
+ if ( BACKSQL_HAS_LDAPINFO_DN_RU( bi ) ) {
+ backsql_strcat_x( &bb, NULL, backsql_id_query,
+ "dn_ru=?", NULL );
+ } else {
+ if ( BACKSQL_USE_REVERSE_DN( bi ) ) {
+ backsql_strfcat_x( &bb, NULL, "sbl",
+ backsql_id_query,
+ &bi->sql_upper_func,
+ (ber_len_t)STRLENOF( "(dn)=?" ), "(dn)=?" );
+ } else {
+ backsql_strfcat_x( &bb, NULL, "sblbcb",
+ backsql_id_query,
+ &bi->sql_upper_func,
+ (ber_len_t)STRLENOF( "(dn)=" ), "(dn)=",
+ &bi->sql_upper_func_open,
+ '?',
+ &bi->sql_upper_func_close );
+ }
+ }
+ }
+ bi->sql_id_query = bb.bb_val.bv_val;
+ }
+
+ /*
+ * Prepare children ID selection query
+ */
+ BER_BVZERO( &bb.bb_val );
+ bb.bb_len = 0;
+ backsql_strfcat_x( &bb, NULL, "sbsb",
+ "SELECT COUNT(distinct subordinates.id) "
+ "FROM ldap_entries,ldap_entries ",
+ &bi->sql_aliasing, "subordinates "
+ "WHERE subordinates.parent=ldap_entries.id AND ",
+ &bi->sql_children_cond );
+ bi->sql_has_children_query = bb.bb_val.bv_val;
+
+ /*
+ * Prepare DN and objectClass aliasing bit of query
+ */
+ BER_BVZERO( &bb.bb_val );
+ bb.bb_len = 0;
+ backsql_strfcat_x( &bb, NULL, "sbbsbsbbsb",
+ " ", &bi->sql_aliasing, &bi->sql_aliasing_quote,
+ "objectClass", &bi->sql_aliasing_quote,
+ ",ldap_entries.dn ", &bi->sql_aliasing,
+ &bi->sql_aliasing_quote, "dn", &bi->sql_aliasing_quote );
+ bi->sql_dn_oc_aliasing = bb.bb_val;
+
+ /* should never happen! */
+ assert( bd->be_nsuffix != NULL );
+
+ if ( BER_BVISNULL( &bd->be_nsuffix[ 1 ] ) ) {
+ /* enable if only one suffix is defined */
+ bi->sql_flags |= BSQLF_USE_SUBTREE_SHORTCUT;
+ }
+
+ bi->sql_flags |= BSQLF_CHECK_SCHEMA;
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_open(): "
+ "test succeeded, schema map loaded\n", 0, 0, 0 );
+ return 0;
+}
+
+int
+backsql_db_close(
+ BackendDB *bd )
+{
+ backsql_info *bi = (backsql_info*)bd->be_private;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_db_close()\n", 0, 0, 0 );
+
+ backsql_conn_destroy( bi );
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_close()\n", 0, 0, 0 );
+
+ return 0;
+}
+
+int
+backsql_connection_destroy( Backend *bd, Connection *c )
+{
+ OperationBuffer opbuf;
+ Operation* op = (Operation *) &opbuf;
+
+ op->o_hdr = (Opheader *)&op[ 1 ];
+ op->o_connid = c->c_connid;
+ op->o_bd = bd;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_connection_destroy()\n", 0, 0, 0 );
+ backsql_free_db_conn( op );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_connection_destroy()\n", 0, 0, 0 );
+
+ return 0;
+}
+
+#if SLAPD_SQL == SLAPD_MOD_DYNAMIC
+
+/* conditionally define the init_module() function */
+SLAP_BACKEND_INIT_MODULE( sql )
+
+#endif /* SLAPD_SQL == SLAPD_MOD_DYNAMIC */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/modify.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/modify.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/modify.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,222 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/modify.c,v 1.31.2.11 2007/01/02 21:44:07 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+#include "ac/string.h"
+
+#include "slap.h"
+#include "proto-sql.h"
+
+int
+backsql_modify( Operation *op, SlapReply *rs )
+{
+ backsql_info *bi = (backsql_info*)op->o_bd->be_private;
+ SQLHDBC dbh = SQL_NULL_HDBC;
+ backsql_oc_map_rec *oc = NULL;
+ backsql_srch_info bsi = { 0 };
+ Entry m = { 0 }, *e = NULL;
+ int manageDSAit = get_manageDSAit( op );
+ SQLUSMALLINT CompletionType = SQL_ROLLBACK;
+
+ /*
+ * FIXME: in case part of the operation cannot be performed
+ * (missing mapping, SQL write fails or so) the entire operation
+ * should be rolled-back
+ */
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_modify(): modifying entry \"%s\"\n",
+ op->o_req_ndn.bv_val, 0, 0 );
+
+ rs->sr_err = backsql_get_db_conn( op, &dbh );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_modify(): "
+ "could not get connection handle - exiting\n",
+ 0, 0, 0 );
+ /*
+ * FIXME: we don't want to send back
+ * excessively detailed messages
+ */
+ rs->sr_text = ( rs->sr_err == LDAP_OTHER )
+ ? "SQL-backend error" : NULL;
+ goto done;
+ }
+
+ bsi.bsi_e = &m;
+ rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn,
+ LDAP_SCOPE_BASE,
+ (time_t)(-1), NULL, dbh, op, rs,
+ slap_anlist_all_attributes,
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS:
+ break;
+
+ case LDAP_REFERRAL:
+ if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
+ dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ break;
+ }
+ e = &m;
+ /* fallthru */
+
+ default:
+ Debug( LDAP_DEBUG_TRACE, "backsql_modify(): "
+ "could not retrieve modifyDN ID - no such entry\n",
+ 0, 0, 0 );
+ if ( !BER_BVISNULL( &m.e_nname ) ) {
+ /* FIXME: should always be true! */
+ e = &m;
+
+ } else {
+ e = NULL;
+ }
+ goto done;
+ }
+
+#ifdef BACKSQL_ARBITRARY_KEY
+ Debug( LDAP_DEBUG_TRACE, " backsql_modify(): "
+ "modifying entry \"%s\" (id=%s)\n",
+ bsi.bsi_base_id.eid_dn.bv_val,
+ bsi.bsi_base_id.eid_id.bv_val, 0 );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ Debug( LDAP_DEBUG_TRACE, " backsql_modify(): "
+ "modifying entry \"%s\" (id=%ld)\n",
+ bsi.bsi_base_id.eid_dn.bv_val, bsi.bsi_base_id.eid_id, 0 );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, &m, get_assertion( op ) )
+ != LDAP_COMPARE_TRUE ))
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ e = &m;
+ goto done;
+ }
+
+ slap_mods_opattrs( op, &op->orm_modlist, 1 );
+
+ oc = backsql_id2oc( bi, bsi.bsi_base_id.eid_oc_id );
+ assert( oc != NULL );
+
+ if ( !acl_check_modlist( op, &m, op->oq_modify.rs_modlist ) ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ e = &m;
+ goto done;
+ }
+
+ rs->sr_err = backsql_modify_internal( op, rs, dbh, oc,
+ &bsi.bsi_base_id, op->oq_modify.rs_modlist );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ e = &m;
+ goto do_transact;
+ }
+
+ if ( BACKSQL_CHECK_SCHEMA( bi ) ) {
+ char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' };
+
+ backsql_entry_clean( op, &m );
+
+ bsi.bsi_e = &m;
+ rs->sr_err = backsql_id2entry( &bsi, &bsi.bsi_base_id );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ e = &m;
+ goto do_transact;
+ }
+
+ rs->sr_err = entry_schema_check( op, &m, NULL, 0,
+ &rs->sr_text, textbuf, sizeof( textbuf ) );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "entry failed schema check -- aborting\n",
+ m.e_name.bv_val, 0, 0 );
+ e = NULL;
+ goto do_transact;
+ }
+ }
+
+do_transact:;
+ /*
+ * Commit only if all operations succeed
+ */
+ if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
+ assert( e == NULL );
+ CompletionType = SQL_COMMIT;
+ }
+
+ SQLTransact( SQL_NULL_HENV, dbh, CompletionType );
+
+done:;
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( e != NULL ) {
+ if ( !access_allowed( op, e, slap_schema.si_ad_entry, NULL,
+ ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ }
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
+ if ( op->o_noop && rs->sr_err == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_X_NO_OPERATION;
+ }
+
+ send_ldap_result( op, rs );
+ slap_graduate_commit_csn( op );
+
+ if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) {
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+ }
+
+ if ( !BER_BVISNULL( &m.e_nname ) ) {
+ backsql_entry_clean( op, &m );
+ }
+
+ if ( bsi.bsi_attrs != NULL ) {
+ op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx );
+ }
+
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_modify()\n", 0, 0, 0 );
+
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/modrdn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/modrdn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/modrdn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,599 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/modrdn.c,v 1.14.2.10 2007/01/02 21:44:07 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+#include "ac/string.h"
+
+#include "slap.h"
+#include "proto-sql.h"
+
+int
+backsql_modrdn( Operation *op, SlapReply *rs )
+{
+ backsql_info *bi = (backsql_info*)op->o_bd->be_private;
+ SQLHDBC dbh = SQL_NULL_HDBC;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
+ RETCODE rc;
+ backsql_entryID e_id = BACKSQL_ENTRYID_INIT,
+ n_id = BACKSQL_ENTRYID_INIT;
+ backsql_srch_info bsi = { 0 };
+ backsql_oc_map_rec *oc = NULL;
+ struct berval pdn = BER_BVNULL, pndn = BER_BVNULL,
+ *new_pdn = NULL, *new_npdn = NULL,
+ new_dn = BER_BVNULL, new_ndn = BER_BVNULL,
+ realnew_dn = BER_BVNULL;
+ LDAPRDN new_rdn = NULL;
+ LDAPRDN old_rdn = NULL;
+ Entry r = { 0 },
+ p = { 0 },
+ n = { 0 },
+ *e = NULL;
+ int manageDSAit = get_manageDSAit( op );
+ Modifications *mod = NULL;
+ struct berval *newSuperior = op->oq_modrdn.rs_newSup;
+ char *next;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_modrdn() renaming entry \"%s\", "
+ "newrdn=\"%s\", newSuperior=\"%s\"\n",
+ op->o_req_dn.bv_val, op->oq_modrdn.rs_newrdn.bv_val,
+ newSuperior ? newSuperior->bv_val : "(NULL)" );
+
+ rs->sr_err = backsql_get_db_conn( op, &dbh );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "could not get connection handle - exiting\n",
+ 0, 0, 0 );
+ rs->sr_text = ( rs->sr_err == LDAP_OTHER )
+ ? "SQL-backend error" : NULL;
+ e = NULL;
+ goto done;
+ }
+
+ bsi.bsi_e = &r;
+ rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn,
+ LDAP_SCOPE_BASE,
+ (time_t)(-1), NULL, dbh, op, rs,
+ slap_anlist_all_attributes,
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS:
+ break;
+
+ case LDAP_REFERRAL:
+ if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
+ dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ break;
+ }
+ e = &r;
+ /* fallthru */
+
+ default:
+ Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
+ "could not retrieve modrdnDN ID - no such entry\n",
+ 0, 0, 0 );
+ if ( !BER_BVISNULL( &r.e_nname ) ) {
+ /* FIXME: should always be true! */
+ e = &r;
+
+ } else {
+ e = NULL;
+ }
+ goto done;
+ }
+
+#ifdef BACKSQL_ARBITRARY_KEY
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): entry id=%s\n",
+ e_id.eid_id.bv_val, 0, 0 );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): entry id=%ld\n",
+ e_id.eid_id, 0, 0 );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, &r, get_assertion( op ) )
+ != LDAP_COMPARE_TRUE ) )
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ e = &r;
+ goto done;
+ }
+
+ if ( backsql_has_children( op, dbh, &op->o_req_ndn ) == LDAP_COMPARE_TRUE ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "entry \"%s\" has children\n",
+ op->o_req_dn.bv_val, 0, 0 );
+ rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
+ rs->sr_text = "subtree rename not supported";
+ e = &r;
+ goto done;
+ }
+
+ /*
+ * Check for entry access to target
+ */
+ if ( !access_allowed( op, &r, slap_schema.si_ad_entry,
+ NULL, ACL_WRITE, NULL ) ) {
+ Debug( LDAP_DEBUG_TRACE, " no access to entry\n", 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto done;
+ }
+
+ dnParent( &op->o_req_dn, &pdn );
+ dnParent( &op->o_req_ndn, &pndn );
+
+ /*
+ * namingContext "" is not supported
+ */
+ if ( BER_BVISEMPTY( &pdn ) ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "parent is \"\" - aborting\n", 0, 0, 0 );
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "not allowed within namingContext";
+ e = NULL;
+ goto done;
+ }
+
+ /*
+ * Check for children access to parent
+ */
+ bsi.bsi_e = &p;
+ e_id = bsi.bsi_base_id;
+ rs->sr_err = backsql_init_search( &bsi, &pndn,
+ LDAP_SCOPE_BASE,
+ (time_t)(-1), NULL, dbh, op, rs,
+ slap_anlist_all_attributes,
+ BACKSQL_ISF_GET_ENTRY );
+
+#ifdef BACKSQL_ARBITRARY_KEY
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "old parent entry id is %s\n",
+ bsi.bsi_base_id.eid_id.bv_val, 0, 0 );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "old parent entry id is %ld\n",
+ bsi.bsi_base_id.eid_id, 0, 0 );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
+ "could not retrieve renameDN ID - no such entry\n",
+ 0, 0, 0 );
+ e = &p;
+ goto done;
+ }
+
+ if ( !access_allowed( op, &p, slap_schema.si_ad_children, NULL,
+ newSuperior ? ACL_WDEL : ACL_WRITE, NULL ) )
+ {
+ Debug( LDAP_DEBUG_TRACE, " no access to parent\n", 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto done;
+ }
+
+ if ( newSuperior ) {
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+
+ /*
+ * namingContext "" is not supported
+ */
+ if ( BER_BVISEMPTY( newSuperior ) ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "newSuperior is \"\" - aborting\n", 0, 0, 0 );
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "not allowed within namingContext";
+ e = NULL;
+ goto done;
+ }
+
+ new_pdn = newSuperior;
+ new_npdn = op->oq_modrdn.rs_nnewSup;
+
+ /*
+ * Check for children access to new parent
+ */
+ bsi.bsi_e = &n;
+ rs->sr_err = backsql_init_search( &bsi, new_npdn,
+ LDAP_SCOPE_BASE,
+ (time_t)(-1), NULL, dbh, op, rs,
+ slap_anlist_all_attributes,
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
+ "could not retrieve renameDN ID - no such entry\n",
+ 0, 0, 0 );
+ e = &n;
+ goto done;
+ }
+
+ n_id = bsi.bsi_base_id;
+
+#ifdef BACKSQL_ARBITRARY_KEY
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "new parent entry id=%s\n",
+ n_id.eid_id.bv_val, 0, 0 );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "new parent entry id=%ld\n",
+ n_id.eid_id, 0, 0 );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+ if ( !access_allowed( op, &n, slap_schema.si_ad_children,
+ NULL, ACL_WADD, NULL ) ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "no access to new parent \"%s\"\n",
+ new_pdn->bv_val, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ e = &n;
+ goto done;
+ }
+
+ } else {
+ n_id = bsi.bsi_base_id;
+ new_pdn = &pdn;
+ new_npdn = &pndn;
+ }
+
+ if ( newSuperior && dn_match( &pndn, new_npdn ) ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "newSuperior is equal to old parent - ignored\n",
+ 0, 0, 0 );
+ newSuperior = NULL;
+ }
+
+ if ( newSuperior && dn_match( &op->o_req_ndn, new_npdn ) ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "newSuperior is equal to entry being moved "
+ "- aborting\n", 0, 0, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "newSuperior is equal to old DN";
+ e = &r;
+ goto done;
+ }
+
+ build_new_dn( &new_dn, new_pdn, &op->oq_modrdn.rs_newrdn,
+ op->o_tmpmemctx );
+ build_new_dn( &new_ndn, new_npdn, &op->oq_modrdn.rs_nnewrdn,
+ op->o_tmpmemctx );
+
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): new entry dn is \"%s\"\n",
+ new_dn.bv_val, 0, 0 );
+
+ realnew_dn = new_dn;
+ if ( backsql_api_dn2odbc( op, rs, &realnew_dn ) ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(\"%s\"): "
+ "backsql_api_dn2odbc(\"%s\") failed\n",
+ op->o_req_dn.bv_val, realnew_dn.bv_val, 0 );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "executing renentry_stmt\n", 0, 0, 0 );
+
+ rc = backsql_Prepare( dbh, &sth, bi->sql_renentry_stmt, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modrdn(): "
+ "error preparing renentry_stmt\n", 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+
+ rc = backsql_BindParamBerVal( sth, 1, SQL_PARAM_INPUT, &realnew_dn );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_add_attr(): "
+ "error binding DN parameter for objectClass %s\n",
+ oc->bom_oc->soc_cname.bv_val, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+
+ rc = backsql_BindParamID( sth, 2, SQL_PARAM_INPUT, &n_id.eid_id );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_add_attr(): "
+ "error binding parent ID parameter for objectClass %s\n",
+ oc->bom_oc->soc_cname.bv_val, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+
+ rc = backsql_BindParamID( sth, 3, SQL_PARAM_INPUT, &e_id.eid_keyval );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_add_attr(): "
+ "error binding entry ID parameter for objectClass %s\n",
+ oc->bom_oc->soc_cname.bv_val, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+
+ rc = backsql_BindParamID( sth, 4, SQL_PARAM_INPUT, &e_id.eid_id );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_add_attr(): "
+ "error binding ID parameter for objectClass %s\n",
+ oc->bom_oc->soc_cname.bv_val, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ rs->sr_text = "SQL-backend error";
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+
+ rc = SQLExecute( sth );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "could not rename ldap_entries record\n", 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "SQL-backend error";
+ e = NULL;
+ goto done;
+ }
+ SQLFreeStmt( sth, SQL_DROP );
+
+ /*
+ * Get attribute type and attribute value of our new rdn,
+ * we will need to add that to our new entry
+ */
+ if ( ldap_bv2rdn( &op->oq_modrdn.rs_newrdn, &new_rdn, &next,
+ LDAP_DN_FORMAT_LDAP ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modrdn: can't figure out "
+ "type(s)/values(s) of new_rdn\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_INVALID_DN_SYNTAX;
+ e = &r;
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "backsql_modrdn: "
+ "new_rdn_type=\"%s\", new_rdn_val=\"%s\"\n",
+ new_rdn[ 0 ]->la_attr.bv_val,
+ new_rdn[ 0 ]->la_value.bv_val, 0 );
+
+ if ( op->oq_modrdn.rs_deleteoldrdn ) {
+ if ( ldap_bv2rdn( &op->o_req_dn, &old_rdn, &next,
+ LDAP_DN_FORMAT_LDAP ) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ " backsql_modrdn: can't figure out "
+ "the old_rdn type(s)/value(s)\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_OTHER;
+ e = NULL;
+ goto done;
+ }
+ }
+
+ rs->sr_err = slap_modrdn2mods( op, rs, &r, old_rdn, new_rdn, &mod );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ e = &r;
+ goto done;
+ }
+
+ oc = backsql_id2oc( bi, e_id.eid_oc_id );
+ rs->sr_err = backsql_modify_internal( op, rs, dbh, oc, &e_id, mod );
+ slap_graduate_commit_csn( op );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ e = &r;
+ goto done;
+ }
+
+ if ( BACKSQL_CHECK_SCHEMA( bi ) ) {
+ char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' };
+
+ backsql_entry_clean( op, &r );
+ (void)backsql_free_entryID( op, &e_id, 0 );
+
+ bsi.bsi_e = &r;
+ rs->sr_err = backsql_init_search( &bsi, &new_ndn,
+ LDAP_SCOPE_BASE,
+ (time_t)(-1), NULL, dbh, op, rs,
+ slap_anlist_all_attributes,
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS:
+ break;
+
+ case LDAP_REFERRAL:
+ if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
+ dn_match( &new_ndn, &bsi.bsi_e->e_nname ) )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ break;
+ }
+ e = &r;
+ /* fallthru */
+
+ default:
+ Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
+ "could not retrieve modrdnDN ID - no such entry\n",
+ 0, 0, 0 );
+ if ( !BER_BVISNULL( &r.e_nname ) ) {
+ /* FIXME: should always be true! */
+ e = &r;
+
+ } else {
+ e = NULL;
+ }
+ goto done;
+ }
+
+ e_id = bsi.bsi_base_id;
+
+ rs->sr_err = entry_schema_check( op, &r, NULL, 0,
+ &rs->sr_text, textbuf, sizeof( textbuf ) );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "entry failed schema check -- aborting\n",
+ r.e_name.bv_val, 0, 0 );
+ e = NULL;
+ goto done;
+ }
+ }
+
+done:;
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( e != NULL ) {
+ if ( !access_allowed( op, e, slap_schema.si_ad_entry, NULL,
+ ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ }
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
+ /*
+ * Commit only if all operations succeed
+ */
+ if ( sth != SQL_NULL_HSTMT ) {
+ SQLUSMALLINT CompletionType = SQL_ROLLBACK;
+
+ if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
+ CompletionType = SQL_COMMIT;
+ }
+
+ SQLTransact( SQL_NULL_HENV, dbh, CompletionType );
+ }
+
+ if ( op->o_noop && rs->sr_err == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_X_NO_OPERATION;
+ }
+
+ send_ldap_result( op, rs );
+ slap_graduate_commit_csn( op );
+
+ if ( !BER_BVISNULL( &realnew_dn ) && realnew_dn.bv_val != new_dn.bv_val ) {
+ ch_free( realnew_dn.bv_val );
+ }
+
+ if ( !BER_BVISNULL( &new_dn ) ) {
+ slap_sl_free( new_dn.bv_val, op->o_tmpmemctx );
+ }
+
+ if ( !BER_BVISNULL( &new_ndn ) ) {
+ slap_sl_free( new_ndn.bv_val, op->o_tmpmemctx );
+ }
+
+ /* LDAP v2 supporting correct attribute handling. */
+ if ( new_rdn != NULL ) {
+ ldap_rdnfree( new_rdn );
+ }
+ if ( old_rdn != NULL ) {
+ ldap_rdnfree( old_rdn );
+ }
+ if ( mod != NULL ) {
+ Modifications *tmp;
+ for (; mod; mod = tmp ) {
+ tmp = mod->sml_next;
+ free( mod );
+ }
+ }
+
+ if ( !BER_BVISNULL( &e_id.eid_ndn ) ) {
+ (void)backsql_free_entryID( op, &e_id, 0 );
+ }
+
+ if ( !BER_BVISNULL( &n_id.eid_ndn ) ) {
+ (void)backsql_free_entryID( op, &n_id, 0 );
+ }
+
+ if ( !BER_BVISNULL( &r.e_nname ) ) {
+ backsql_entry_clean( op, &r );
+ }
+
+ if ( !BER_BVISNULL( &p.e_nname ) ) {
+ backsql_entry_clean( op, &p );
+ }
+
+ if ( !BER_BVISNULL( &n.e_nname ) ) {
+ backsql_entry_clean( op, &n );
+ }
+
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_modrdn()\n", 0, 0, 0 );
+
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/operational.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/operational.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/operational.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,235 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/operational.c,v 1.9.2.6 2007/01/02 21:44:07 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+
+#include "slap.h"
+#include "proto-sql.h"
+#include "lutil.h"
+
+/*
+ * sets the supported operational attributes (if required)
+ */
+
+Attribute *
+backsql_operational_entryUUID( backsql_info *bi, backsql_entryID *id )
+{
+ int rc;
+ struct berval val, nval;
+ AttributeDescription *desc = slap_schema.si_ad_entryUUID;
+ Attribute *a;
+
+ backsql_entryUUID( bi, id, &val, NULL );
+
+ rc = (*desc->ad_type->sat_equality->smr_normalize)(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ desc->ad_type->sat_syntax,
+ desc->ad_type->sat_equality,
+ &val, &nval, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ ber_memfree( val.bv_val );
+ return NULL;
+ }
+
+ a = ch_malloc( sizeof( Attribute ) );
+ a->a_desc = desc;
+
+ a->a_vals = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
+ a->a_vals[ 0 ] = val;
+ BER_BVZERO( &a->a_vals[ 1 ] );
+
+ a->a_nvals = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
+ a->a_nvals[ 0 ] = nval;
+ BER_BVZERO( &a->a_nvals[ 1 ] );
+
+ a->a_next = NULL;
+ a->a_flags = 0;
+
+ return a;
+}
+
+Attribute *
+backsql_operational_entryCSN( Operation *op )
+{
+ char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
+ struct berval entryCSN;
+ Attribute *a;
+
+ a = ch_malloc( sizeof( Attribute ) );
+ a->a_desc = slap_schema.si_ad_entryCSN;
+ a->a_vals = ch_malloc( 2 * sizeof( struct berval ) );
+ BER_BVZERO( &a->a_vals[ 1 ] );
+
+#ifdef BACKSQL_SYNCPROV
+ if ( op->o_sync && op->o_tag == LDAP_REQ_SEARCH && op->o_private != NULL ) {
+ assert( op->o_private != NULL );
+
+ entryCSN = *((struct berval *)op->o_private);
+
+ } else
+#endif /* BACKSQL_SYNCPROV */
+ {
+ entryCSN.bv_val = csnbuf;
+ entryCSN.bv_len = sizeof( csnbuf );
+ slap_get_csn( op, &entryCSN, 0 );
+ }
+
+ ber_dupbv( &a->a_vals[ 0 ], &entryCSN );
+
+ a->a_nvals = a->a_vals;
+
+ a->a_next = NULL;
+ a->a_flags = 0;
+
+ return a;
+}
+
+int
+backsql_operational(
+ Operation *op,
+ SlapReply *rs )
+{
+
+ backsql_info *bi = (backsql_info*)op->o_bd->be_private;
+ SQLHDBC dbh = SQL_NULL_HDBC;
+ int rc = 0;
+ Attribute **ap;
+ enum {
+ BACKSQL_OP_HASSUBORDINATES = 0,
+ BACKSQL_OP_ENTRYUUID,
+ BACKSQL_OP_ENTRYCSN,
+
+ BACKSQL_OP_LAST
+ };
+ int get_conn = BACKSQL_OP_LAST,
+ got[ BACKSQL_OP_LAST ] = { 0 };
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_operational(): entry \"%s\"\n",
+ rs->sr_entry->e_nname.bv_val, 0, 0 );
+
+ for ( ap = &rs->sr_operational_attrs; *ap; ap = &(*ap)->a_next ) {
+ if ( (*ap)->a_desc == slap_schema.si_ad_hasSubordinates ) {
+ get_conn--;
+ got[ BACKSQL_OP_HASSUBORDINATES ] = 1;
+
+ } else if ( (*ap)->a_desc == slap_schema.si_ad_entryUUID ) {
+ get_conn--;
+ got[ BACKSQL_OP_ENTRYUUID ] = 1;
+
+ } else if ( (*ap)->a_desc == slap_schema.si_ad_entryCSN ) {
+ get_conn--;
+ got[ BACKSQL_OP_ENTRYCSN ] = 1;
+ }
+ }
+
+ if ( !get_conn ) {
+ return 0;
+ }
+
+ rc = backsql_get_db_conn( op, &dbh );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_operational(): "
+ "could not get connection handle - exiting\n",
+ 0, 0, 0 );
+ return 1;
+ }
+
+ if ( ( SLAP_OPATTRS( rs->sr_attr_flags ) || ad_inlist( slap_schema.si_ad_hasSubordinates, rs->sr_attrs ) )
+ && !got[ BACKSQL_OP_HASSUBORDINATES ]
+ && attr_find( rs->sr_entry->e_attrs, slap_schema.si_ad_hasSubordinates ) == NULL )
+ {
+ rc = backsql_has_children( op, dbh, &rs->sr_entry->e_nname );
+
+ switch( rc ) {
+ case LDAP_COMPARE_TRUE:
+ case LDAP_COMPARE_FALSE:
+ *ap = slap_operational_hasSubordinate( rc == LDAP_COMPARE_TRUE );
+ assert( *ap != NULL );
+ ap = &(*ap)->a_next;
+ rc = 0;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_TRACE, "backsql_operational(): "
+ "has_children failed( %d)\n", rc, 0, 0 );
+ return 1;
+ }
+ }
+
+ if ( ( SLAP_OPATTRS( rs->sr_attr_flags ) || ad_inlist( slap_schema.si_ad_entryUUID, rs->sr_attrs ) )
+ && !got[ BACKSQL_OP_ENTRYUUID ]
+ && attr_find( rs->sr_entry->e_attrs, slap_schema.si_ad_entryUUID ) == NULL )
+ {
+ backsql_srch_info bsi = { 0 };
+
+ rc = backsql_init_search( &bsi, &rs->sr_entry->e_nname,
+ LDAP_SCOPE_BASE,
+ (time_t)(-1), NULL, dbh, op, rs, NULL,
+ BACKSQL_ISF_GET_ID );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_operational(): "
+ "could not retrieve entry ID - no such entry\n",
+ 0, 0, 0 );
+ return 1;
+ }
+
+ *ap = backsql_operational_entryUUID( bi, &bsi.bsi_base_id );
+
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+
+ if ( bsi.bsi_attrs != NULL ) {
+ op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx );
+ }
+
+ if ( *ap == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_operational(): "
+ "could not retrieve entryUUID\n",
+ 0, 0, 0 );
+ return 1;
+ }
+
+ ap = &(*ap)->a_next;
+ }
+
+ if ( ( SLAP_OPATTRS( rs->sr_attr_flags ) || ad_inlist( slap_schema.si_ad_entryCSN, rs->sr_attrs ) )
+ && !got[ BACKSQL_OP_ENTRYCSN ]
+ && attr_find( rs->sr_entry->e_attrs, slap_schema.si_ad_entryCSN ) == NULL )
+ {
+ *ap = backsql_operational_entryCSN( op );
+ if ( *ap == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_operational(): "
+ "could not retrieve entryCSN\n",
+ 0, 0, 0 );
+ return 1;
+ }
+
+ ap = &(*ap)->a_next;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_operational(%d)\n", rc, 0, 0);
+
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/proto-sql.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/proto-sql.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/proto-sql.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,298 @@
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Mararati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati
+ */
+
+/*
+ * The following changes have been addressed:
+ *
+ * Enhancements:
+ * - re-styled code for better readability
+ * - upgraded backend API to reflect recent changes
+ * - LDAP schema is checked when loading SQL/LDAP mapping
+ * - AttributeDescription/ObjectClass pointers used for more efficient
+ * mapping lookup
+ * - bervals used where string length is required often
+ * - atomized write operations by committing at the end of each operation
+ * and defaulting connection closure to rollback
+ * - added LDAP access control to write operations
+ * - fully implemented modrdn (with rdn attrs change, deleteoldrdn,
+ * access check, parent/children check and more)
+ * - added parent access control, children control to delete operation
+ * - added structuralObjectClass operational attribute check and
+ * value return on search
+ * - added hasSubordinate operational attribute on demand
+ * - search limits are appropriately enforced
+ * - function backsql_strcat() has been made more efficient
+ * - concat function has been made configurable by means of a pattern
+ * - added config switches:
+ * - fail_if_no_mapping write operations fail if there is no mapping
+ * - has_ldapinfo_dn_ru overrides autodetect
+ * - concat_pattern a string containing two '?' is used
+ * (note that "?||?" should be more portable
+ * than builtin function "CONCAT(?,?)")
+ * - strcast_func cast of string constants in "SELECT DISTINCT
+ * statements (needed by PostgreSQL)
+ * - upper_needs_cast cast the argument of upper when required
+ * (basically when building dn substring queries)
+ * - added noop control
+ * - added values return filter control
+ * - hasSubordinate can be used in search filters (with limitations)
+ * - eliminated oc->name; use oc->oc->soc_cname instead
+ *
+ * Todo:
+ * - add security checks for SQL statements that can be injected (?)
+ * - re-test with previously supported RDBMs
+ * - replace dn_ru and so with normalized dn (no need for upper() and so
+ * in dn match)
+ * - implement a backsql_normalize() function to replace the upper()
+ * conversion routines
+ * - note that subtree deletion, subtree renaming and so could be easily
+ * implemented (rollback and consistency checks are available :)
+ * - implement "lastmod" and other operational stuff (ldap_entries table ?)
+ * - check how to allow multiple operations with one statement, to remove
+ * BACKSQL_REALLOC_STMT from modify.c (a more recent unixODBC lib?)
+ */
+
+#ifndef PROTO_SQL_H
+#define PROTO_SQL_H
+
+#include "back-sql.h"
+
+/*
+ * add.c
+ */
+int backsql_modify_delete_all_values(
+ Operation *op,
+ SlapReply *rs,
+ SQLHDBC dbh,
+ backsql_entryID *e_id,
+ backsql_at_map_rec *at );
+
+int backsql_modify_internal(
+ Operation *op,
+ SlapReply *rs,
+ SQLHDBC dbh,
+ backsql_oc_map_rec *oc,
+ backsql_entryID *e_id,
+ Modifications *modlist );
+
+/*
+ * api.c
+ */
+int backsql_api_config( backsql_info *bi, const char *name,
+ int argc, char *argv[] );
+int backsql_api_destroy( backsql_info *bi );
+int backsql_api_register( backsql_api *ba );
+int backsql_api_dn2odbc( Operation *op, SlapReply *rs, struct berval *dn );
+int backsql_api_odbc2dn( Operation *op, SlapReply *rs, struct berval *dn );
+
+/*
+ * entry-id.c
+ */
+#ifdef BACKSQL_ARBITRARY_KEY
+extern struct berval backsql_baseObject_bv;
+#endif /* BACKSQL_ARBITRARY_KEY */
+
+/* stores in *id the ID in table ldap_entries corresponding to DN, if any */
+int backsql_dn2id( Operation *op, SlapReply *rs, SQLHDBC dbh,
+ struct berval *ndn, backsql_entryID *id,
+ int matched, int muck );
+
+/* stores in *nchildren the count of children for an entry */
+int backsql_count_children( Operation *op, SQLHDBC dbh,
+ struct berval *dn, unsigned long *nchildren );
+
+/* returns LDAP_COMPARE_TRUE/LDAP_COMPARE_FALSE if the entry corresponding
+ * to DN has/has not children */
+int backsql_has_children( Operation *op, SQLHDBC dbh, struct berval *dn );
+
+/* frees *id and returns next in list */
+backsql_entryID *backsql_free_entryID( Operation *op, backsql_entryID *id,
+ int freeit );
+
+/* turns an ID into an entry */
+int backsql_id2entry( backsql_srch_info *bsi, backsql_entryID *id );
+
+/*
+ * operational.c
+ */
+
+Attribute *backsql_operational_entryUUID( backsql_info *bi, backsql_entryID *id );
+
+Attribute *backsql_operational_entryCSN( Operation *op );
+
+/*
+ * schema-map.c
+ */
+
+int backsql_load_schema_map( backsql_info *si, SQLHDBC dbh );
+
+backsql_oc_map_rec *backsql_oc2oc( backsql_info *si, ObjectClass *oc );
+
+backsql_oc_map_rec *backsql_id2oc( backsql_info *si, unsigned long id );
+
+backsql_oc_map_rec * backsql_name2oc( backsql_info *si,
+ struct berval *oc_name );
+
+backsql_at_map_rec *backsql_ad2at( backsql_oc_map_rec *objclass,
+ AttributeDescription *ad );
+
+int backsql_supad2at( backsql_oc_map_rec *objclass,
+ AttributeDescription *supad, backsql_at_map_rec ***pret );
+
+int backsql_destroy_schema_map( backsql_info *si );
+
+/*
+ * search.c
+ */
+
+int backsql_init_search( backsql_srch_info *bsi,
+ struct berval *nbase, int scope,
+ time_t stoptime, Filter *filter, SQLHDBC dbh,
+ Operation *op, SlapReply *rs, AttributeName *attrs,
+ unsigned flags );
+
+void backsql_entry_clean( Operation *op, Entry *e );
+
+/*
+ * sql-wrap.h
+ */
+
+RETCODE backsql_Prepare( SQLHDBC dbh, SQLHSTMT *sth, char* query, int timeout );
+
+#define backsql_BindParamStr( sth, par_ind, io, str, maxlen ) \
+ SQLBindParameter( (sth), (SQLUSMALLINT)(par_ind), \
+ (io), SQL_C_CHAR, SQL_VARCHAR, \
+ (SQLUINTEGER)(maxlen), 0, (SQLPOINTER)(str), \
+ (SQLUINTEGER)(maxlen), NULL )
+
+#define backsql_BindParamBerVal( sth, par_ind, io, bv ) \
+ SQLBindParameter( (sth), (SQLUSMALLINT)(par_ind), \
+ (io), SQL_C_CHAR, SQL_VARCHAR, \
+ (SQLUINTEGER)(bv)->bv_len, 0, \
+ (SQLPOINTER)(bv)->bv_val, \
+ (SQLUINTEGER)(bv)->bv_len, NULL )
+
+#define backsql_BindParamInt( sth, par_ind, io, val ) \
+ SQLBindParameter( (sth), (SQLUSMALLINT)(par_ind), \
+ (io), SQL_C_ULONG, SQL_INTEGER, \
+ 0, 0, (SQLPOINTER)(val), 0, (SQLINTEGER*)NULL )
+
+#ifdef BACKSQL_ARBITRARY_KEY
+#define backsql_BindParamID( sth, par_ind, io, id ) \
+ backsql_BindParamBerVal( (sth), (par_ind), (io), (id) )
+#else /* ! BACKSQL_ARBITRARY_KEY */
+#define backsql_BindParamID( sth, par_ind, io, id ) \
+ backsql_BindParamInt( (sth), (par_ind), (io), (id) )
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+RETCODE backsql_BindRowAsStrings_x( SQLHSTMT sth, BACKSQL_ROW_NTS *row, void *ctx );
+
+RETCODE backsql_BindRowAsStrings( SQLHSTMT sth, BACKSQL_ROW_NTS *row );
+
+RETCODE backsql_FreeRow_x( BACKSQL_ROW_NTS *row, void *ctx );
+
+RETCODE backsql_FreeRow( BACKSQL_ROW_NTS *row );
+
+void backsql_PrintErrors( SQLHENV henv, SQLHDBC hdbc, SQLHSTMT sth, int rc );
+
+int backsql_conn_destroy( backsql_info *bi );
+
+int backsql_init_db_env( backsql_info *si );
+
+int backsql_free_db_env( backsql_info *si );
+
+int backsql_get_db_conn( Operation *op, SQLHDBC *dbh );
+
+int backsql_free_db_conn( Operation *op );
+
+/*
+ * util.c
+ */
+
+extern char
+ backsql_def_oc_query[],
+ backsql_def_needs_select_oc_query[],
+ backsql_def_at_query[],
+ backsql_def_delentry_stmt[],
+ backsql_def_renentry_stmt[],
+ backsql_def_insentry_stmt[],
+ backsql_def_delobjclasses_stmt[],
+ backsql_def_subtree_cond[],
+ backsql_def_upper_subtree_cond[],
+ backsql_id_query[],
+ backsql_def_concat_func[];
+extern char
+ backsql_check_dn_ru_query[];
+
+struct berbuf * backsql_strcat_x( struct berbuf *dest, void *memctx, ... );
+struct berbuf * backsql_strfcat_x( struct berbuf *dest, void *memctx, const char *fmt, ... );
+
+int backsql_entry_addattr( Entry *e, AttributeDescription *ad,
+ struct berval *at_val, void *memctx );
+
+int backsql_merge_from_clause( backsql_info *bi, struct berbuf *dest_from,
+ struct berval *src_from );
+
+int backsql_split_pattern( const char *pattern, BerVarray *split_pattern,
+ int expected );
+
+int backsql_prepare_pattern( BerVarray split_pattern, BerVarray values,
+ struct berval *res );
+
+int backsql_entryUUID( backsql_info *bi, backsql_entryID *id,
+ struct berval *entryUUID, void *memctx );
+int backsql_entryUUID_decode( struct berval *entryUUID, unsigned long *oc_id,
+#ifdef BACKSQL_ARBITRARY_KEY
+ struct berval *keyval
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ unsigned long *keyval
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+ );
+
+/*
+ * former external.h
+ */
+
+extern BI_init sql_back_initialize;
+
+extern BI_destroy backsql_destroy;
+
+extern BI_db_init backsql_db_init;
+extern BI_db_open backsql_db_open;
+extern BI_db_close backsql_db_close;
+extern BI_db_destroy backsql_db_destroy;
+extern BI_db_config backsql_db_config;
+
+extern BI_op_bind backsql_bind;
+extern BI_op_search backsql_search;
+extern BI_op_compare backsql_compare;
+extern BI_op_modify backsql_modify;
+extern BI_op_modrdn backsql_modrdn;
+extern BI_op_add backsql_add;
+extern BI_op_delete backsql_delete;
+
+extern BI_operational backsql_operational;
+extern BI_entry_get_rw backsql_entry_get;
+extern BI_entry_release_rw backsql_entry_release;
+
+extern BI_connection_destroy backsql_connection_destroy;
+
+#endif /* PROTO_SQL_H */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/README
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,189 @@
+Author: Pierangelo Masarati <ando at OpenLDAP.org>
+
+Back-sql can be tested with sql-test000-read; it requires a bit of work
+to get everything up and running appropriately.
+
+This document briefly describes the steps that are required to prepare
+a quick'n'dirty installation of back-sql and of the related RDBMS
+and ODBC; Examples are provided, but by no means they pretent
+to represent an exaustive source of info about how to setup the ODBC;
+refer to the docs for any problem or detail.
+
+Currently, the system has been tested with IBM db2, PostgreSQL and MySQL;
+basic support and test data for other RDBMSes is in place, but as of
+today (November 2004) it's totally untested. If you succeed in running
+any of the other RDBMSes, please provide feedback about any required
+change either in the code or in the test scripts by means of OpenLDAP's
+Issue Tracking System (http://www.openldap.org/its/).
+
+1) slapd must be compiled with back-sql support, i.e. configure
+with --enable-sql switch. This requires an implementation of the ODBC
+to be installed.
+
+2) The ODBC must be set up appropriately, by editing the odbc.ini file
+in /etc/ (or wherever your installation puts it) and, if appropriate,
+the odbcinst.ini file. Note: you can also use custom odbc.ini and
+odbcinst.ini files, provided you export in ODBCINI the full path to the
+odbc.ini file, and in ODBCSYSINI the directory where the odbcinst.ini
+file resides.
+Relevant info for our test setup is highlighted with '<===' on the right.
+
+2.1) PostgreSQL
+
+2.1.1) Add to the odbc.ini file a block of the form
+
+[example] <===
+Description = Example for OpenLDAP's back-sql
+Driver = PostgreSQL
+Trace = No
+Database = example <===
+Servername = localhost
+UserName = manager <===
+Password = secret <===
+Port = 5432
+;Protocol = 6.4
+ReadOnly = No
+RowVersioning = No
+ShowSystemTables = No
+ShowOidColumn = No
+FakeOidIndex = No
+ConnSettings =
+
+2.1.2) Add to the odbcinst.ini file a block of the form
+
+[PostgreSQL]
+Description = ODBC for PostgreSQL
+Driver = /usr/lib/libodbcpsql.so
+Setup = /usr/lib/libodbcpsqlS.so
+FileUsage = 1
+
+2.2) MySQL
+
+2.2.1) Add to the odbc.ini file a block of the form
+
+[example] <===
+Description = Example for OpenLDAP's back-sql
+Driver = MySQL
+Trace = No
+Database = example <===
+Servername = localhost
+UserName = manager <===
+Password = secret <===
+ReadOnly = No
+RowVersioning = No
+ShowSystemTables = No
+ShowOidColumn = No
+FakeOidIndex = No
+ConnSettings =
+SOCKET = /var/lib/mysql/mysql.sock
+
+2.2.2) Add to the odbcinst.ini file a block of the form
+
+[MySQL]
+Description = ODBC for MySQL
+Driver = /usr/lib/libmyodbc.so
+FileUsage = 1
+
+2.3) IBM db2
+[n.a.]
+
+3) The RDBMS must be setup; examples are provided for my installations
+of PostgreSQL and MySQL, but details may change; other RDBMSes should
+be configured in a similar manner, you need to find out the details by
+reading their documentation.
+
+3.1) PostgreSQL
+
+3.1.1) Start the server
+on RedHat:
+[root at localhost]# service postgresql start
+on other systems: read the docs...
+
+3.1.2) Create the database:
+[root at localhost]# su - postgres
+[postgres at localhost]$ createdb example
+
+3.1.3) Create the user:
+[root at localhost]# su - postgres
+[postgres at localhost]$ psql example
+example=> create user manager with password 'secret';
+example=> <control-D>
+
+3.1.4) Populate the database:
+[root at localhost]# cd $SOURCES/servers/slapd/back-sql/rdbms_depend/pgsql/
+[root at localhost]# psql -U manager -W example
+example=> <control-D>
+[root at localhost]# psql -U manager example < backsql_create.sql
+[root at localhost]# psql -U manager example < testdb_create.sql
+[root at localhost]# psql -U manager example < testdb_data.sql
+[root at localhost]# psql -U manager example < testdb_metadata.sql
+
+3.1.5) Run the test:
+[root at localhost]# cd $SOURCES/tests
+[root at localhost]# SLAPD_USE_SQL=pgsql ./run sql-test000
+
+3.2) MySQL
+
+3.2.1) Start the server
+on RedHat:
+[root at localhost]# service mysqld start
+on other systems: read the docs...
+
+3.2.2) Create the database:
+[root at localhost]# mysqladmin -u root -p create example
+(hit <return> for the empty password).
+
+3.2.3) Create the user:
+[root at localhost]# mysql -u root -p example
+(hit <return> for the empty password)
+mysql> grant all privileges on *.* \
+ to 'manager'@'localhost' identified by 'secret' with grant option;
+mysql> exit;
+
+3.2.4) Populate the database:
+[root at localhost]# cd $SOURCES/servers/slapd/back-sql/rdbms_depend/mysql/
+[root at localhost]# mysql -u manager -p example < backsql_create.sql
+[root at localhost]# mysql -u manager -p example < testdb_create.sql
+[root at localhost]# mysql -u manager -p example < testdb_data.sql
+[root at localhost]# mysql -u manager -p example < testdb_metadata.sql
+
+3.2.5) Run the test:
+[root at localhost]# cd $SOURCES/tests
+[root at localhost]# SLAPD_USE_SQL=mysql ./run sql-test000
+
+3.3) IBM db2
+[n.a.]
+
+3.3.1) Start the server:
+
+3.3.2) Create the database:
+
+3.3.3) Create the user:
+
+3.3.4) Populate the database:
+connect to the database as user manager, and execute the test files
+in auto-commit mode (-c)
+[root at localhost]# su - manager
+[manager at localhost]$ db2 "connect to example user manager using secret"
+[manager at localhost]$ db2 -ctvf backsql_create.sql
+[manager at localhost]$ db2 -ctvf testdb_create.sql
+[manager at localhost]$ db2 -ctvf testdb_data.sql
+[manager at localhost]$ db2 -ctvf testdb_metadata.sql
+[manager at localhost]$ db2 "connect reset"
+
+3.3.5) Run the test:
+[root at localhost]# cd $SOURCES/tests
+[root at localhost]# SLAPD_USE_SQL=ibmdb2 ./run sql-test000
+
+4) Cleanup:
+The test is basically readonly; this can be performed by all RDBMSes
+(listed above).
+
+There is another test, sql-test900-write, which is currently enabled
+only for PostgreSQL and IBM db2. Note that after a successful run
+of the write test, the database is no longer in the correct state
+to restart either of the tests, and step 3.X.4 needs to be re-run first.
+
+More tests are to come; PostgreSQL is known to allow a full reload
+of the test database starting from an empty database.
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/backsql_create.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/backsql_create.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/backsql_create.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,59 @@
+drop table ldap_oc_mappings;
+create table ldap_oc_mappings
+ (
+ id integer not null primary key,
+ name varchar(64) not null,
+ keytbl varchar(64) not null,
+ keycol varchar(64) not null,
+ create_proc varchar(255),
+ create_keyval varchar(255),
+ delete_proc varchar(255),
+ expect_return integer not null
+);
+
+drop table ldap_attr_mappings;
+create table ldap_attr_mappings
+ (
+ id integer not null primary key,
+ oc_map_id integer not null references ldap_oc_mappings(id),
+ name varchar(255) not null,
+ sel_expr varchar(255) not null,
+ sel_expr_u varchar(255),
+ from_tbls varchar(255) not null,
+ join_where varchar(255),
+ add_proc varchar(255),
+ delete_proc varchar(255),
+ param_order integer not null,
+ expect_return integer not null
+);
+
+drop table ldap_entries;
+create table ldap_entries
+ (
+ id integer not null primary key,
+ dn varchar(255) not null,
+ oc_map_id integer not null references ldap_oc_mappings(id),
+ parent int NOT NULL ,
+ keyval int NOT NULL
+);
+
+alter table ldap_entries add
+ constraint unq1_ldap_entries unique
+ (
+ oc_map_id,
+ keyval
+ );
+
+alter table ldap_entries add
+ constraint unq2_ldap_entries unique
+ (
+ dn
+ );
+
+drop table ldap_entry_objclasses;
+create table ldap_entry_objclasses
+ (
+ entry_id integer not null references ldap_entries(id),
+ oc_name varchar(64)
+ );
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/backsql_drop.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/backsql_drop.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/backsql_drop.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,5 @@
+DROP TABLE ldap_referrals;
+DROP TABLE ldap_entry_objclasses;
+DROP TABLE ldap_attr_mappings;
+DROP TABLE ldap_entries;
+DROP TABLE ldap_oc_mappings;
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/slapd.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/slapd.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/slapd.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,36 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/back-sql/rdbms_depend/ibmdb2/slapd.conf,v 1.2.4.1 2005/01/20 18:04:03 kurt Exp $
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include /usr/local/etc/openldap/schema/core.schema
+include /usr/local/etc/openldap/schema/cosine.schema
+include /usr/local/etc/openldap/schema/inetorgperson.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral ldap://root.openldap.org
+
+pidfile /usr/local/var/slapd.pid
+argsfile /usr/local/var/slapd.args
+
+#######################################################################
+# sql database definitions
+#######################################################################
+
+database sql
+suffix "o=sql,c=RU"
+rootdn "cn=root,o=sql,c=RU"
+rootpw secret
+dbname ldap_db2
+dbuser db2inst1
+dbpasswd ibmdb2
+subtree_cond "upper(ldap_entries.dn) LIKE CONCAT('%',?)"
+insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from ldap_entries),?,?,?,?)"
+upper_func "upper"
+upper_needs_cast "yes"
+create_needs_select "yes"
+has_ldapinfo_dn_ru "no"
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_create.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_create.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_create.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,75 @@
+drop table persons;
+CREATE TABLE persons (
+ id int NOT NULL,
+ name varchar(255) NOT NULL,
+ surname varchar(255) NOT NULL,
+ password varchar(64)
+);
+
+drop table institutes;
+CREATE TABLE institutes (
+ id int NOT NULL,
+ name varchar(255)
+);
+
+drop table documents;
+CREATE TABLE documents (
+ id int NOT NULL,
+ title varchar(255) NOT NULL,
+ abstract varchar(255)
+);
+
+drop table authors_docs;
+CREATE TABLE authors_docs (
+ pers_id int NOT NULL,
+ doc_id int NOT NULL
+);
+
+drop table phones;
+CREATE TABLE phones (
+ id int NOT NULL ,
+ phone varchar(255) NOT NULL ,
+ pers_id int NOT NULL
+);
+
+drop table referrals;
+CREATE TABLE referrals (
+ id int NOT NULL,
+ name varchar(255) NOT NULL,
+ url varchar(255) NOT NULL
+);
+
+
+
+ALTER TABLE authors_docs ADD
+ CONSTRAINT PK_authors_docs PRIMARY KEY
+ (
+ pers_id,
+ doc_id
+ );
+
+ALTER TABLE documents ADD
+ CONSTRAINT PK_documents PRIMARY KEY
+ (
+ id
+ );
+
+ALTER TABLE institutes ADD
+ CONSTRAINT PK_institutes PRIMARY KEY
+ (
+ id
+ );
+
+
+ALTER TABLE persons ADD
+ CONSTRAINT PK_persons PRIMARY KEY
+ (
+ id
+ );
+
+ALTER TABLE phones ADD
+ CONSTRAINT PK_phones PRIMARY KEY
+ (
+ id
+ );
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_data.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_data.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_data.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,18 @@
+insert into institutes (id,name) values (1,'Example');
+
+insert into persons (id,name,surname,password) values (1,'Mitya','Kovalev','mit');
+insert into persons (id,name,surname) values (2,'Torvlobnor','Puzdoy');
+insert into persons (id,name,surname) values (3,'Akakiy','Zinberstein');
+
+insert into phones (id,phone,pers_id) values (1,'332-2334',1);
+insert into phones (id,phone,pers_id) values (2,'222-3234',1);
+insert into phones (id,phone,pers_id) values (3,'545-4563',2);
+
+insert into documents (id,abstract,title) values (1,'abstract1','book1');
+insert into documents (id,abstract,title) values (2,'abstract2','book2');
+
+insert into authors_docs (pers_id,doc_id) values (1,1);
+insert into authors_docs (pers_id,doc_id) values (1,2);
+insert into authors_docs (pers_id,doc_id) values (2,1);
+
+insert into referrals (id,name,url) values (1,'Referral','ldap://localhost:9012/');
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_drop.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_drop.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_drop.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,5 @@
+DROP TABLE persons;
+DROP TABLE institutes;
+DROP TABLE documents;
+DROP TABLE authors_docs;
+DROP TABLE phones;
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_metadata.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_metadata.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/ibmdb2/testdb_metadata.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,123 @@
+--mappings
+
+-- objectClass mappings: these may be viewed as structuralObjectClass, the ones that are used to decide how to build an entry
+-- id a unique number identifying the objectClass
+-- name the name of the objectClass; it MUST match the name of an objectClass that is loaded in slapd's schema
+-- keytbl the name of the table that is referenced for the primary key of an entry
+-- keycol the name of the column in "keytbl" that contains the primary key of an entry; the pair "keytbl.keycol" uniquely identifies an entry of objectClass "id"
+-- create_proc a procedure to create the entry
+-- create_keyval a query that returns the id of the last inserted entry
+-- delete_proc a procedure to delete the entry; it takes "keytbl.keycol" of the row to be deleted
+-- expect_return a bitmap that marks whether create_proc (1) and delete_proc (2) return a value or not
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,create_keyval,delete_proc,expect_return)
+values (1,'inetOrgPerson','persons','id','INSERT INTO persons (id,name,surname) VALUES ((SELECT max(id)+1 FROM persons),'''','''')',
+ 'SELECT max(id) FROM persons','DELETE FROM persons WHERE id=?',0);
+
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,create_keyval,delete_proc,expect_return)
+values (2,'document','documents','id','INSERT INTO documents (id,title,abstract) VALUES ((SELECT max(id)+1 FROM documents),'''','''')',
+ 'SELECT max(id) FROM documents','DELETE FROM documents WHERE id=?',0);
+
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,create_keyval,delete_proc,expect_return)
+values (3,'organization','institutes','id','INSERT INTO institutes (id,name) VALUES ((SELECT max(id)+1 FROM institutes),'''')',
+ 'SELECT max(id) FROM institutes','DELETE FROM institutes WHERE id=?',0);
+
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,create_keyval,delete_proc,expect_return)
+values (4,'referral','referrals','id','INSERT INTO referrals (id,name,url) VALUES ((SELECT max(id)+1 FROM referrals),'''','''')',
+ 'SELECT max(id) FROM referrals','DELETE FROM referrals WHERE id=?',0);
+
+-- attributeType mappings: describe how an attributeType for a certain objectClass maps to the SQL data.
+-- id a unique number identifying the attribute
+-- oc_map_id the value of "ldap_oc_mappings.id" that identifies the objectClass this attributeType is defined for
+-- name the name of the attributeType; it MUST match the name of an attributeType that is loaded in slapd's schema
+-- sel_expr the expression that is used to select this attribute (the "select <sel_expr> from ..." portion)
+-- from_tbls the expression that defines the table(s) this attribute is taken from (the "select ... from <from_tbls> where ..." portion)
+-- join_where the expression that defines the condition to select this attribute (the "select ... where <join_where> ..." portion)
+-- add_proc a procedure to insert the attribute; it takes the value of the attribute that is added, and the "keytbl.keycol" of the entry it is associated to
+-- delete_proc a procedure to delete the attribute; it takes the value of the attribute that is added, and the "keytbl.keycol" of the entry it is associated to
+-- param_order a mask that marks if the "keytbl.keycol" value comes before or after the value in add_proc (1) and delete_proc (2)
+-- expect_return a mask that marks whether add_proc (1) and delete_proc(2) are expected to return a value or not
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (1,1,'cn','persons.name||'' ''||persons.surname','persons',NULL,NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (2,1,'telephoneNumber','phones.phone','persons,phones',
+ 'phones.pers_id=persons.id','INSERT INTO phones (id,phone,pers_id) VALUES ((SELECT max(id)+1 FROM phones),?,?)',
+ 'DELETE FROM phones WHERE phone=? AND pers_id=?',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (4,1,'givenName','persons.name','persons',NULL,'UPDATE persons SET name=? WHERE id=?',NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (3,1,'sn','persons.surname','persons',NULL,'UPDATE persons SET surname=? WHERE id=?',NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (5,1,'userPassword','persons.password','persons','persons.password IS NOT NULL','UPDATE persons SET password=? WHERE id=?',
+ 'UPDATE persons SET password=NULL WHERE password=? AND id=?',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (6,1,'seeAlso','seeAlso.dn','ldap_entries AS seeAlso,documents,authors_docs,persons',
+ 'seeAlso.keyval=documents.id AND seeAlso.oc_map_id=2 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id',
+ NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (7,2,'description','documents.abstract','documents',NULL,'UPDATE documents SET abstract=? WHERE id=?',NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (8,2,'documentTitle','documents.title','documents',NULL,'UPDATE documents SET title=? WHERE id=?',NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (9,2,'documentAuthor','documentAuthor.dn','ldap_entries AS documentAuthor,documents,authors_docs,persons',
+ 'documentAuthor.keyval=persons.id AND documentAuthor.oc_map_id=1 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id',
+ 'INSERT INTO authors_docs (pers_id,doc_id) VALUES ((SELECT keyval FROM ldap_entries WHERE ucase(cast(? AS VARCHAR(255)))=ucase(dn)),?)',
+ 'DELETE FROM authors_docs WHERE pers_id=(SELECT keyval FROM ldap_entries WHERE ucase(cast(? AS VARCHAR(255))=ucase(dn)) AND doc_id=?',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (10,2,'documentIdentifier','''document ''||rtrim(cast(documents.id AS CHAR(16)))','documents',NULL,NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (11,3,'o','institutes.name','institutes',NULL,'UPDATE institutes SET name=? WHERE id=?',NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (12,3,'dc','lcase(institutes.name)','institutes,ldap_entries AS dcObject,ldap_entry_objclasses as auxObjectClass',
+ 'institutes.id=dcObject.keyval AND dcObject.oc_map_id=3 AND dcObject.id=auxObjectClass.entry_id AND auxObjectClass.oc_name=''dcObject''',
+ NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (13,4,'ou','referrals.name','referrals',NULL,'UPDATE referrals SET name=? WHERE id=?',NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (14,4,'ref','referrals.url','referrals',NULL,'UPDATE referrals SET url=? WHERE id=?',NULL,3,0);
+
+-- entries mapping: each entry must appear in this table, with a unique DN rooted at the database naming context
+-- id a unique number > 0 identifying the entry
+-- dn the DN of the entry, in "pretty" form
+-- oc_map_id the "ldap_oc_mappings.id" of the main objectClass of this entry (view it as the structuralObjectClass)
+-- parent the "ldap_entries.id" of the parent of this objectClass; 0 if it is the "suffix" of the database
+-- keyval the value of the "keytbl.keycol" defined for this objectClass
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (1,'dc=example,dc=com',3,0,1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (2,'cn=Mitya Kovalev,dc=example,dc=com',1,1,1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (3,'cn=Torvlobnor Puzdoy,dc=example,dc=com',1,1,2);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (4,'cn=Akakiy Zinberstein,dc=example,dc=com',1,1,3);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (5,'documentTitle=book1,dc=example,dc=com',2,1,1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (6,'documentTitle=book2,dc=example,dc=com',2,1,2);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (7,'ou=Referral,dc=example,dc=com',4,1,1);
+
+-- objectClass mapping: entries that have multiple objectClass instances are listed here with the objectClass name (view them as auxiliary objectClass)
+-- entry_id the "ldap_entries.id" of the entry this objectClass value must be added
+-- oc_name the name of the objectClass; it MUST match the name of an objectClass that is loaded in slapd's schema
+insert into ldap_entry_objclasses (entry_id,oc_name) values (1,'dcObject');
+
+insert into ldap_entry_objclasses (entry_id,oc_name) values (7,'extensibleObject');
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/backsql_create.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/backsql_create.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/backsql_create.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,100 @@
+create table ldap_oc_mappings (
+ id int identity (1, 1) not null ,
+ name varchar (64) not null ,
+ keytbl varchar (64) not null ,
+ keycol varchar (64) not null ,
+ create_proc varchar (255) NULL ,
+ delete_proc varchar (255) NULL,
+ expect_return int not null
+)
+GO
+
+alter table ldap_oc_mappings add
+ constraint pk_ldap_oc_mappings primary key
+ (
+ id
+ )
+GO
+
+
+alter table ldap_oc_mappings add
+ constraint unq1_ldap_oc_mappings unique
+ (
+ name
+ )
+GO
+
+
+create table ldap_attr_mappings (
+ id int identity (1, 1) not null ,
+ oc_map_id int not null references ldap_oc_mappings(id),
+ name varchar (255) not null ,
+ sel_expr varchar (255) not null ,
+ sel_expr_u varchar(255),
+ from_tbls varchar (255) not null ,
+ join_where varchar (255) NULL ,
+ add_proc varchar (255) NULL ,
+ delete_proc varchar (255) NULL ,
+ param_order int not null,
+ expect_return int not null
+)
+GO
+
+alter table ldap_attr_mappings add
+ constraint pk_ldap_attr_mappings primary key
+ (
+ id
+ )
+GO
+
+
+create table ldap_entries (
+ id int identity (1, 1) not null ,
+ dn varchar (255) not null ,
+ oc_map_id int not null references ldap_oc_mappings(id),
+ parent int not null ,
+ keyval int not null
+)
+GO
+
+
+alter table ldap_entries add
+ constraint pk_ldap_entries primary key
+ (
+ id
+ )
+GO
+
+alter table ldap_entries add
+ constraint unq1_ldap_entries unique
+ (
+ oc_map_id,
+ keyval
+ )
+GO
+
+alter table ldap_entries add
+ constraint unq2_ldap_entries unique
+ (
+ dn
+ )
+GO
+
+
+create table ldap_referrals
+ (
+ entry_id int not null references ldap_entries(id),
+ url text not null
+)
+GO
+
+create index entry_idx on ldap_referrals(entry_id);
+
+create table ldap_entry_objclasses
+ (
+ entry_id int not null references ldap_entries(id),
+ oc_name varchar(64)
+ )
+GO
+
+create index entry_idx on ldap_entry_objclasses(entry_id);
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/backsql_drop.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/backsql_drop.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/backsql_drop.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,14 @@
+drop table ldap_attr_mappings
+GO
+
+drop table ldap_referrals
+GO
+
+drop table ldap_entry_objclasses
+GO
+
+drop table ldap_entries
+GO
+
+drop table ldap_oc_mappings
+GO
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/slapd.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/slapd.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/slapd.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,30 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/back-sql/rdbms_depend/mssql/slapd.conf,v 1.3 2001/08/02 15:28:59 mit Exp $
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include ./schema/core.schema
+include ./schema/cosine.schema
+include ./schema/inetorgperson.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral ldap://root.openldap.org
+
+pidfile ./slapd.pid
+argsfile ./slapd.args
+
+#######################################################################
+# sql database definitions
+#######################################################################
+
+database sql
+suffix "o=sql,c=RU"
+rootdn "cn=root,o=sql,c=RU"
+rootpw secret
+dbname ldap_mssql
+dbuser ldap
+dbpasswd ldap
+subtree_cond "ldap_entries.dn LIKE '%'+?"
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_create.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_create.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_create.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,74 @@
+
+CREATE TABLE authors_docs (
+ pers_id int NOT NULL ,
+ doc_id int NOT NULL
+)
+GO
+
+CREATE TABLE documents (
+ id int IDENTITY (1, 1) NOT NULL ,
+ abstract varchar (255) NULL ,
+ title varchar (255) NULL ,
+ body binary (255) NULL
+)
+GO
+
+CREATE TABLE institutes (
+ id int IDENTITY (1, 1) NOT NULL ,
+ name varchar (255) NOT NULL
+)
+GO
+
+
+CREATE TABLE persons (
+ id int IDENTITY (1, 1) NOT NULL ,
+ name varchar (255) NULL ,
+ surname varchar (255) NULL ,
+ password varchar (64) NULL
+)
+GO
+
+CREATE TABLE phones (
+ id int IDENTITY (1, 1) NOT NULL ,
+ phone varchar (255) NOT NULL ,
+ pers_id int NOT NULL
+)
+GO
+
+ALTER TABLE authors_docs WITH NOCHECK ADD
+ CONSTRAINT PK_authors_docs PRIMARY KEY
+ (
+ pers_id,
+ doc_id
+ )
+GO
+
+ALTER TABLE documents WITH NOCHECK ADD
+ CONSTRAINT PK_documents PRIMARY KEY
+ (
+ id
+ )
+GO
+
+ALTER TABLE institutes WITH NOCHECK ADD
+ CONSTRAINT PK_institutes PRIMARY KEY
+ (
+ id
+ )
+GO
+
+
+ALTER TABLE persons WITH NOCHECK ADD
+ CONSTRAINT PK_persons PRIMARY KEY
+ (
+ id
+ )
+GO
+
+ALTER TABLE phones WITH NOCHECK ADD
+ CONSTRAINT PK_phones PRIMARY KEY
+ (
+ id
+ )
+GO
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_data.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_data.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_data.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,24 @@
+set IDENTITY_INSERT institutes ON
+insert into institutes (id,name) values (1,'Example')
+set IDENTITY_INSERT institutes OFF
+
+set IDENTITY_INSERT persons ON
+insert into persons (id,name,surname,password) values (1,'Mitya','Kovalev','mit')
+insert into persons (id,name,surname) values (2,'Torvlobnor','Puzdoy')
+insert into persons (id,name,surname) values (3,'Akakiy','Zinberstein')
+set IDENTITY_INSERT persons OFF
+
+set IDENTITY_INSERT phones ON
+insert into phones (id,phone,pers_id) values (1,'332-2334',1)
+insert into phones (id,phone,pers_id) values (2,'222-3234',1)
+insert into phones (id,phone,pers_id) values (3,'545-4563',2)
+set IDENTITY_INSERT phones OFF
+
+set IDENTITY_INSERT documents ON
+insert into documents (id,abstract,title) values (1,'abstract1','book1')
+insert into documents (id,abstract,title) values (2,'abstract2','book2')
+set IDENTITY_INSERT documents OFF
+
+insert into authors_docs (pers_id,doc_id) values (1,1)
+insert into authors_docs (pers_id,doc_id) values (1,2)
+insert into authors_docs (pers_id,doc_id) values (2,1)
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_drop.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_drop.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_drop.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,39 @@
+drop procedure create_person
+drop procedure set_person_name
+drop procedure delete_phone
+drop procedure add_phone
+drop procedure make_doc_link
+drop procedure del_doc_link
+drop procedure delete_person
+
+drop procedure create_org
+drop procedure set_org_name
+drop procedure delete_org
+
+drop procedure create_document
+drop procedure set_doc_title
+drop procedure set_doc_abstract
+drop procedure make_author_link
+drop procedure del_author_link
+drop procedure delete_document
+
+if exists (select * from sysobjects where id = object_id(N'authors_docs') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
+drop table authors_docs
+GO
+
+if exists (select * from sysobjects where id = object_id(N'documents') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
+drop table documents
+GO
+
+if exists (select * from sysobjects where id = object_id(N'institutes') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
+drop table institutes
+GO
+
+if exists (select * from sysobjects where id = object_id(N'persons') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
+drop table persons
+GO
+
+if exists (select * from sysobjects where id = object_id(N'phones') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
+drop table phones
+GO
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_metadata.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_metadata.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mssql/testdb_metadata.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,198 @@
+-- mappings
+
+
+SET IDENTITY_INSERT ldap_oc_mappings ON
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
+values (1,'inetOrgPerson','persons','id','{call create_person(?)}','{call delete_person(?)}',0)
+
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
+values (2,'document','documents','id','{call create_document(?)}','{call delete_document(?)}',0)
+
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
+values (3,'organization','institutes','id','{call create_org(?)}','{call delete_org(?)}',0)
+SET IDENTITY_INSERT ldap_oc_mappings OFF
+
+
+SET IDENTITY_INSERT ldap_attr_mappings ON
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (1,1,'cn','persons.name+'' ''+persons.surname','persons',NULL,
+ NULL,NULL,0,0)
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (2,1,'telephoneNumber','phones.phone','persons,phones',
+ 'phones.pers_id=persons.id','{call add_phone(?,?)}',
+ '{call delete_phone(?,?)}',0,0)
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (3,1,'givenName','persons.name','persons',NULL,
+ '{call set_person_name(?,?)}',NULL,0,0)
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (4,1,'sn','persons.surname','persons',NULL,
+ '{call set_person_surname(?,?)}',NULL,0,0)
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (5,1,'userPassword','persons.password','persons','persons.password IS NOT NULL',
+ '{call set_person_password(?,?)}','call del_person_password(?,?)',0,0)
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (6,1,'seeAlso','seeAlso.dn','ldap_entries AS seeAlso,documents,authors_docs,persons',
+ 'seeAlso.keyval=documents.id AND seeAlso.oc_map_id=2 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id',
+ NULL,NULL,0,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (7,2,'description','documents.abstract','documents',NULL,'{call set_doc_abstract(?,?)}',
+ NULL,0,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (8,2,'documentTitle','documents.title','documents',NULL, '{call set_doc_title(?,?)}',
+ NULL,0,0)
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (9,2,'documentAuthor','documentAuthor.dn','ldap_entries AS documentAuthor,documents,authors_docs,persons',
+ 'documentAuthor.keyval=persons.id AND documentAuthor.oc_map_id=1 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id',
+ 'INSERT INTO authors_docs (pers_id,doc_id) VALUES ((SELECT ldap_entries.keyval FROM ldap_entries WHERE upper(?)=upper(ldap_entries.dn)),?)',
+ 'DELETE FROM authors_docs WHERE authors_docs.pers_id=(SELECT ldap_entries.keyval FROM ldap_entries WHERE upper(?)=upper(ldap_entries.dn)) AND authors_docs.doc_id=?',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (10,2,'documentIdentifier','''document ''+text(documents.id)','documents',
+ NULL,NULL,NULL,0,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (11,3,'o','institutes.name','institutes',NULL,NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (12,3,'dc','lower(institutes.name)','institutes,ldap_entries AS dcObject,ldap_entry_objclasses AS auxObjectClass',
+ 'institutes.id=dcObject.keyval AND dcObject.oc_map_id=3 AND dcObject.id=auxObjectClass.entry_id AND auxObjectClass.oc_name=''dcObject''',
+ '{call set_org_name(?,?)}',NULL,3,0);
+
+SET IDENTITY_INSERT ldap_attr_mappings OFF
+
+-- entries
+
+SET IDENTITY_INSERT ldap_entries ON
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (1,'dc=example,dc=com',3,0,1)
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (2,'cn=Mitya Kovalev,dc=example,dc=com',1,1,1)
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (3,'cn=Torvlobnor Puzdoy,dc=example,dc=com',1,1,2)
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (4,'cn=Akakiy Zinberstein,dc=example,dc=com',1,1,3)
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (5,'documentTitle=book1,dc=example,dc=com',2,1,1)
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (6,'documentTitle=book2,dc=example,dc=com',2,1,2)
+
+SET IDENTITY_INSERT ldap_entries OFF
+
+-- referrals
+insert into ldap_entry_objclasses (entry_id,oc_name)
+values (1,'dcObject');
+
+insert into ldap_entry_objclasses (entry_id,oc_name)
+values (4,'referral');
+
+insert into ldap_referrals (entry_id,url)
+values (4,'ldap://localhost:9012/');
+
+-- support procedures
+
+SET QUOTED_IDENTIFIER OFF SET ANSI_NULLS ON
+GO
+
+
+CREATE PROCEDURE create_person @@keyval int OUTPUT AS
+INSERT INTO example.persons (name) VALUES ('');
+set @@keyval=(SELECT MAX(id) FROM example.persons)
+GO
+
+CREATE PROCEDURE delete_person @keyval int AS
+DELETE FROM example.phones WHERE pers_id=@keyval;
+DELETE FROM example.authors_docs WHERE pers_id=@keyval;
+DELETE FROM example.persons WHERE id=@keyval;
+GO
+
+CREATE PROCEDURE create_org @@keyval int OUTPUT AS
+INSERT INTO example.institutes (name) VALUES ('');
+set @@keyval=(SELECT MAX(id) FROM example.institutes)
+GO
+
+CREATE PROCEDURE delete_org @keyval int AS
+DELETE FROM example.institutes WHERE id=@keyval;
+GO
+
+CREATE PROCEDURE create_document @@keyval int OUTPUT AS
+INSERT INTO example.documents (title) VALUES ('');
+set @@keyval=(SELECT MAX(id) FROM example.documents)
+GO
+
+CREATE PROCEDURE delete_document @keyval int AS
+DELETE FROM example.authors_docs WHERE doc_id=@keyval;
+DELETE FROM example.documents WHERE id=@keyval;
+GO
+
+CREATE PROCEDURE add_phone @pers_id int, @phone varchar(255) AS
+INSERT INTO example.phones (pers_id,phone) VALUES (@pers_id, at phone)
+GO
+
+CREATE PROCEDURE delete_phone @keyval int, at phone varchar(64) AS
+DELETE FROM example.phones WHERE pers_id=@keyval AND phone=@phone;
+GO
+
+CREATE PROCEDURE set_person_name @keyval int, @new_name varchar(255) AS
+UPDATE example.persons SET name=@new_name WHERE id=@keyval;
+GO
+
+CREATE PROCEDURE set_person_surname @keyval int, @new_surname varchar(255) AS
+UPDATE example.persons SET surname=@new_surname WHERE id=@keyval;
+GO
+
+CREATE PROCEDURE set_org_name @keyval int, @new_name varchar(255) AS
+UPDATE example.institutes SET name=@new_name WHERE id=@keyval;
+GO
+
+CREATE PROCEDURE set_doc_title @keyval int, @new_title varchar(255) AS
+UPDATE example.documents SET title=@new_title WHERE id=@keyval;
+GO
+
+CREATE PROCEDURE set_doc_abstract @keyval int, @new_abstract varchar(255) AS
+UPDATE example.documents SET abstract=@new_abstract WHERE id=@keyval;
+GO
+
+CREATE PROCEDURE make_author_link @keyval int, @author_dn varchar(255) AS
+DECLARE @per_id int;
+SET @per_id=(SELECT keyval FROM example.ldap_entries
+ WHERE oc_map_id=1 AND dn=@author_dn);
+IF NOT (@per_id IS NULL)
+ INSERT INTO example.authors_docs (doc_id,pers_id) VALUES (@keyval, at per_id);
+GO
+
+CREATE PROCEDURE make_doc_link @keyval int, @doc_dn varchar(255) AS
+DECLARE @doc_id int;
+SET @doc_id=(SELECT keyval FROM example.ldap_entries
+ WHERE oc_map_id=2 AND dn=@doc_dn);
+IF NOT (@doc_id IS NULL)
+ INSERT INTO example.authors_docs (pers_id,doc_id) VALUES (@keyval, at doc_id);
+GO
+
+CREATE PROCEDURE del_doc_link @keyval int, @doc_dn varchar(255) AS
+DECLARE @doc_id int;
+SET @doc_id=(SELECT keyval FROM example.ldap_entries
+ WHERE oc_map_id=2 AND dn=@doc_dn);
+IF NOT (@doc_id IS NULL)
+DELETE FROM example.authors_docs WHERE pers_id=@keyval AND doc_id=@doc_id;
+GO
+
+CREATE PROCEDURE del_author_link @keyval int, @author_dn varchar(255) AS
+DECLARE @per_id int;
+SET @per_id=(SELECT keyval FROM example.ldap_entries
+ WHERE oc_map_id=1 AND dn=@author_dn);
+IF NOT (@per_id IS NULL)
+ DELETE FROM example.authors_docs WHERE doc_id=@keyval AND pers_id=@per_id;
+GO
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/backsql_create.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/backsql_create.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/backsql_create.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,58 @@
+drop table if exists ldap_oc_mappings;
+create table ldap_oc_mappings
+ (
+ id integer unsigned not null primary key auto_increment,
+ name varchar(64) not null,
+ keytbl varchar(64) not null,
+ keycol varchar(64) not null,
+ create_proc varchar(255),
+ delete_proc varchar(255),
+ expect_return tinyint not null
+);
+
+drop table if exists ldap_attr_mappings;
+create table ldap_attr_mappings
+ (
+ id integer unsigned not null primary key auto_increment,
+ oc_map_id integer unsigned not null references ldap_oc_mappings(id),
+ name varchar(255) not null,
+ sel_expr varchar(255) not null,
+ sel_expr_u varchar(255),
+ from_tbls varchar(255) not null,
+ join_where varchar(255),
+ add_proc varchar(255),
+ delete_proc varchar(255),
+ param_order tinyint not null,
+ expect_return tinyint not null
+);
+
+drop table if exists ldap_entries;
+create table ldap_entries
+ (
+ id integer unsigned not null primary key auto_increment,
+ dn varchar(255) not null,
+ oc_map_id integer unsigned not null references ldap_oc_mappings(id),
+ parent int NOT NULL ,
+ keyval int NOT NULL
+);
+
+alter table ldap_entries add
+ constraint unq1_ldap_entries unique
+ (
+ oc_map_id,
+ keyval
+ );
+
+alter table ldap_entries add
+ constraint unq2_ldap_entries unique
+ (
+ dn
+ );
+
+drop table if exists ldap_entry_objclasses;
+create table ldap_entry_objclasses
+ (
+ entry_id integer not null references ldap_entries(id),
+ oc_name varchar(64)
+ );
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/backsql_drop.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/backsql_drop.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/backsql_drop.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,7 @@
+DROP TABLE IF EXISTS ldap_entry_objclasses;
+
+DROP TABLE IF EXISTS ldap_attr_mappings;
+
+DROP TABLE IF EXISTS ldap_entries;
+
+DROP TABLE IF EXISTS ldap_oc_mappings;
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/slapd.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/slapd.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/slapd.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,32 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/back-sql/rdbms_depend/mysql/slapd.conf,v 1.5.2.1 2005/01/20 18:04:03 kurt Exp $
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include /usr/local/etc/openldap/schema/core.schema
+include /usr/local/etc/openldap/schema/cosine.schema
+include /usr/local/etc/openldap/schema/inetorgperson.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral ldap://root.openldap.org
+
+pidfile /usr/local/var/slapd.pid
+argsfile /usr/local/var/slapd.args
+
+#######################################################################
+# sql database definitions
+#######################################################################
+
+database sql
+suffix "o=sql,c=RU"
+rootdn "cn=root,o=sql,c=RU"
+rootpw secret
+dbname ldap_mysql
+dbuser root
+dbpasswd
+subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)"
+insentry_stmt "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)"
+has_ldapinfo_dn_ru no
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_create.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_create.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_create.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,75 @@
+drop table if exists persons;
+CREATE TABLE persons (
+ id int NOT NULL,
+ name varchar(255) NOT NULL,
+ surname varchar(255) NOT NULL,
+ password varchar(64)
+);
+
+drop table if exists institutes;
+CREATE TABLE institutes (
+ id int NOT NULL,
+ name varchar(255)
+);
+
+drop table if exists documents;
+CREATE TABLE documents (
+ id int NOT NULL,
+ title varchar(255) NOT NULL,
+ abstract varchar(255)
+);
+
+drop table if exists authors_docs;
+CREATE TABLE authors_docs (
+ pers_id int NOT NULL,
+ doc_id int NOT NULL
+);
+
+drop table if exists phones;
+CREATE TABLE phones (
+ id int NOT NULL ,
+ phone varchar(255) NOT NULL ,
+ pers_id int NOT NULL
+);
+
+
+
+ALTER TABLE authors_docs ADD
+ CONSTRAINT PK_authors_docs PRIMARY KEY
+ (
+ pers_id,
+ doc_id
+ );
+
+ALTER TABLE documents ADD
+ CONSTRAINT PK_documents PRIMARY KEY
+ (
+ id
+ );
+
+ALTER TABLE institutes ADD
+ CONSTRAINT PK_institutes PRIMARY KEY
+ (
+ id
+ );
+
+
+ALTER TABLE persons ADD
+ CONSTRAINT PK_persons PRIMARY KEY
+ (
+ id
+ );
+
+ALTER TABLE phones ADD
+ CONSTRAINT PK_phones PRIMARY KEY
+ (
+ id
+ );
+
+drop table if exists referrals;
+CREATE TABLE referrals (
+ id int NOT NULL,
+ name varchar(255) NOT NULL,
+ url varchar(255) NOT NULL
+);
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_data.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_data.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_data.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,18 @@
+insert into institutes (id,name) values (1,'Example');
+
+insert into persons (id,name,surname,password) values (1,'Mitya','Kovalev','mit');
+insert into persons (id,name,surname) values (2,'Torvlobnor','Puzdoy');
+insert into persons (id,name,surname) values (3,'Akakiy','Zinberstein');
+
+insert into phones (id,phone,pers_id) values (1,'332-2334',1);
+insert into phones (id,phone,pers_id) values (2,'222-3234',1);
+insert into phones (id,phone,pers_id) values (3,'545-4563',2);
+
+insert into documents (id,abstract,title) values (1,'abstract1','book1');
+insert into documents (id,abstract,title) values (2,'abstract2','book2');
+
+insert into authors_docs (pers_id,doc_id) values (1,1);
+insert into authors_docs (pers_id,doc_id) values (1,2);
+insert into authors_docs (pers_id,doc_id) values (2,1);
+
+insert into referrals (id,name,url) values (1,'Referral','ldap://localhost:9012/');
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_drop.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_drop.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_drop.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,5 @@
+DROP TABLE IF EXISTS persons;
+DROP TABLE IF EXISTS institutes;
+DROP TABLE IF EXISTS documents;
+DROP TABLE IF EXISTS authors_docs;
+DROP TABLE IF EXISTS phones;
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_metadata.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_metadata.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/mysql/testdb_metadata.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,118 @@
+-- mappings
+
+-- objectClass mappings: these may be viewed as structuralObjectClass, the ones that are used to decide how to build an entry
+-- id a unique number identifying the objectClass
+-- name the name of the objectClass; it MUST match the name of an objectClass that is loaded in slapd's schema
+-- keytbl the name of the table that is referenced for the primary key of an entry
+-- keycol the name of the column in "keytbl" that contains the primary key of an entry; the pair "keytbl.keycol" uniquely identifies an entry of objectClass "id"
+-- create_proc a procedure to create the entry
+-- delete_proc a procedure to delete the entry; it takes "keytbl.keycol" of the row to be deleted
+-- expect_return a bitmap that marks whether create_proc (1) and delete_proc (2) return a value or not
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
+values (1,'inetOrgPerson','persons','id',NULL,NULL,0);
+
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
+values (2,'document','documents','id',NULL,NULL,0);
+
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
+values (3,'organization','institutes','id',NULL,NULL,0);
+
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
+values (4,'referral','referrals','id',NULL,NULL,0);
+
+-- attributeType mappings: describe how an attributeType for a certain objectClass maps to the SQL data.
+-- id a unique number identifying the attribute
+-- oc_map_id the value of "ldap_oc_mappings.id" that identifies the objectClass this attributeType is defined for
+-- name the name of the attributeType; it MUST match the name of an attributeType that is loaded in slapd's schema
+-- sel_expr the expression that is used to select this attribute (the "select <sel_expr> from ..." portion)
+-- from_tbls the expression that defines the table(s) this attribute is taken from (the "select ... from <from_tbls> where ..." portion)
+-- join_where the expression that defines the condition to select this attribute (the "select ... where <join_where> ..." portion)
+-- add_proc a procedure to insert the attribute; it takes the value of the attribute that is added, and the "keytbl.keycol" of the entry it is associated to
+-- delete_proc a procedure to delete the attribute; it takes the value of the attribute that is added, and the "keytbl.keycol" of the entry it is associated to
+-- param_order a mask that marks if the "keytbl.keycol" value comes before or after the value in add_proc (1) and delete_proc (2)
+-- expect_return a mask that marks whether add_proc (1) and delete_proc(2) are expected to return a value or not
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (1,1,'cn',"concat(persons.name,' ',persons.surname)",'persons',NULL,NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (2,1,'telephoneNumber','phones.phone','persons,phones',
+ 'phones.pers_id=persons.id',NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (3,1,'givenName','persons.name','persons',NULL,NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (4,1,'sn','persons.surname','persons',NULL,NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (5,1,'userPassword','persons.password','persons','persons.password IS NOT NULL',NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (6,1,'seeAlso','seeAlso.dn','ldap_entries AS seeAlso,documents,authors_docs,persons',
+ 'seeAlso.keyval=documents.id AND seeAlso.oc_map_id=2 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id',
+ NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (7,2,'description','documents.abstract','documents',NULL,NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (8,2,'documentTitle','documents.title','documents',NULL,NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (9,2,'documentAuthor','documentAuthor.dn','ldap_entries AS documentAuthor,documents,authors_docs,persons',
+ 'documentAuthor.keyval=persons.id AND documentAuthor.oc_map_id=1 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id',
+ NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (10,2,'documentIdentifier','concat(''document '',documents.id)','documents',NULL,NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (11,3,'o','institutes.name','institutes',NULL,NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (12,3,'dc','lower(institutes.name)','institutes,ldap_entries AS dcObject,ldap_entry_objclasses as auxObjectClass',
+ 'institutes.id=dcObject.keyval AND dcObject.oc_map_id=3 AND dcObject.id=auxObjectClass.entry_id AND auxObjectClass.oc_name=''dcObject''',
+ NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (13,4,'ou','referrals.name','referrals',NULL,NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (14,4,'ref','referrals.url','referrals',NULL,NULL,NULL,3,0);
+
+-- entries mapping: each entry must appear in this table, with a unique DN rooted at the database naming context
+-- id a unique number > 0 identifying the entry
+-- dn the DN of the entry, in "pretty" form
+-- oc_map_id the "ldap_oc_mappings.id" of the main objectClass of this entry (view it as the structuralObjectClass)
+-- parent the "ldap_entries.id" of the parent of this objectClass; 0 if it is the "suffix" of the database
+-- keyval the value of the "keytbl.keycol" defined for this objectClass
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (1,'dc=example,dc=com',3,0,1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (2,'cn=Mitya Kovalev,dc=example,dc=com',1,1,1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (3,'cn=Torvlobnor Puzdoy,dc=example,dc=com',1,1,2);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (4,'cn=Akakiy Zinberstein,dc=example,dc=com',1,1,3);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (5,'documentTitle=book1,dc=example,dc=com',2,1,1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (6,'documentTitle=book2,dc=example,dc=com',2,1,2);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (7,'ou=Referral,dc=example,dc=com',4,1,1);
+
+-- objectClass mapping: entries that have multiple objectClass instances are listed here with the objectClass name (view them as auxiliary objectClass)
+-- entry_id the "ldap_entries.id" of the entry this objectClass value must be added
+-- oc_name the name of the objectClass; it MUST match the name of an objectClass that is loaded in slapd's schema
+insert into ldap_entry_objclasses (entry_id,oc_name)
+values (1,'dcObject');
+
+insert into ldap_entry_objclasses (entry_id,oc_name)
+values (7,'extensibleObject');
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/backsql_create.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/backsql_create.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/backsql_create.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,90 @@
+create table ldap_oc_mappings (
+ id number not null ,
+ name varchar2(64) not null ,
+ keytbl varchar2(64) not null ,
+ keycol varchar2(64) not null ,
+ create_proc varchar2(255),
+ delete_proc varchar2(255),
+ expect_return number not null
+);
+
+alter table ldap_oc_mappings add
+ constraint PK_ldap_oc_mappings primary key
+ (
+ id
+ );
+
+alter table ldap_oc_mappings add
+ constraint unq_ldap_oc_mappings unique
+ (
+ name
+ );
+
+create table ldap_attr_mappings (
+ id number not null,
+ oc_map_id number not null references ldap_oc_mappings(id),
+ name varchar2(255) not null,
+ sel_expr varchar2(255) not null,
+ sel_expr_u varchar2(255),
+ from_tbls varchar2(255) not null,
+ join_where varchar2(255),
+ add_proc varchar2(255),
+ delete_proc varchar2(255),
+ param_order number not null,
+ expect_return number not null
+);
+
+alter table ldap_attr_mappings add
+ constraint pk_ldap_attr_mappings primary key
+ (
+ id
+ );
+
+
+create table ldap_entries (
+ id number not null ,
+ dn varchar2(255) not null ,
+ dn_ru varchar2(255),
+ oc_map_id number not null references ldap_oc_mappings(id),
+ parent number not null ,
+ keyval number not null
+);
+
+alter table ldap_entries add
+ constraint PK_ldap_entries primary key
+ (
+ id
+ );
+
+alter table ldap_entries add
+ constraint unq1_ldap_entries unique
+ (
+ oc_map_id,
+ keyval
+ );
+
+alter table ldap_entries add
+ constraint unq2_ldap_entries unique
+ (
+ dn
+ );
+
+create sequence ldap_objclass_ids start with 1 increment by 1;
+
+create sequence ldap_attr_ids start with 1 increment by 1;
+
+create sequence ldap_entry_ids start with 1 increment by 1;
+
+create table ldap_referrals
+ (
+ entry_id number not null references ldap_entries(id),
+ url varchar(1023) not null
+);
+
+create table ldap_entry_objclasses
+ (
+ entry_id number not null references ldap_entries(id),
+ oc_name varchar(64)
+ );
+
+quit
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/backsql_drop.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/backsql_drop.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/backsql_drop.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,8 @@
+drop table ldap_attr_mappings;
+drop table ldap_entry_objclasses;
+drop table ldap_referrals;
+drop sequence ldap_entry_ids;
+drop sequence ldap_attr_ids;
+drop sequence ldap_objclass_ids;
+drop table ldap_entries;
+drop table ldap_oc_mappings;
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/slapd.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/slapd.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/slapd.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,32 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/back-sql/rdbms_depend/oracle/slapd.conf,v 1.4.6.1 2005/01/20 18:04:03 kurt Exp $
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include /usr/local/etc/openldap/schema/core.schema
+include /usr/local/etc/openldap/schema/cosine.schema
+include /usr/local/etc/openldap/schema/inetorgperson.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral ldap://root.openldap.org
+
+pidfile /usr/local/var/slapd.pid
+argsfile /usr/local/var/slapd.args
+
+#######################################################################
+# sql database definitions
+#######################################################################
+
+database sql
+suffix "o=sql,c=RU"
+rootdn "cn=root,o=sql,c=RU"
+rootpw secret
+dbname ldap_ora8
+dbuser ldap
+dbpasswd ldap
+subtree_cond "UPPER(ldap_entries.dn) LIKE CONCAT('%',UPPER(?))"
+insentry_stmt "INSERT INTO ldap_entries (id,dn,oc_map_id,parent,keyval) VALUES (ldap_entry_ids.nextval,?,?,?,?)"
+upper_func UPPER
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_create.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_create.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_create.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,68 @@
+CREATE TABLE persons (
+ id NUMBER NOT NULL,
+ name varchar2(255) NOT NULL,
+ surname varchar2(255) NOT NULL,
+ password varchar2(64) NOT NULL
+);
+
+CREATE TABLE institutes (
+ id NUMBER NOT NULL,
+ name varchar2(255)
+);
+
+CREATE TABLE documents (
+ id NUMBER NOT NULL,
+ title varchar2(255) NOT NULL,
+ abstract varchar2(255)
+);
+
+CREATE TABLE authors_docs (
+ pers_id NUMBER NOT NULL,
+ doc_id NUMBER NOT NULL
+);
+
+CREATE TABLE phones (
+ id NUMBER NOT NULL ,
+ phone varchar2(255) NOT NULL ,
+ pers_id NUMBER NOT NULL
+);
+
+
+ALTER TABLE authors_docs ADD
+ CONSTRAINT PK_authors_docs PRIMARY KEY
+ (
+ pers_id,
+ doc_id
+ );
+
+ALTER TABLE documents ADD
+ CONSTRAINT PK_documents PRIMARY KEY
+ (
+ id
+ );
+
+ALTER TABLE institutes ADD
+ CONSTRAINT PK_institutes PRIMARY KEY
+ (
+ id
+ );
+
+ALTER TABLE persons ADD
+ CONSTRAINT PK_persons PRIMARY KEY
+ (
+ id
+ );
+
+ALTER TABLE phones ADD
+ CONSTRAINT PK_phones PRIMARY KEY
+ (
+ id
+ );
+
+CREATE SEQUENCE person_ids START WITH 1 INCREMENT BY 1;
+
+CREATE SEQUENCE document_ids START WITH 1 INCREMENT BY 1;
+
+CREATE SEQUENCE institute_ids START WITH 1 INCREMENT BY 1;
+
+CREATE SEQUENCE phone_ids START WITH 1 INCREMENT BY 1;
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_data.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_data.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_data.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,27 @@
+insert into institutes (id,name) values (institute_ids.nextval,'example');
+
+insert into persons (id,name,surname,password) values (person_ids.nextval,'Mitya','Kovalev','mit');
+
+insert into persons (id,name,surname) values (person_ids.nextval,'Torvlobnor','Puzdoy');
+
+insert into persons (id,name,surname) values (person_ids.nextval,'Akakiy','Zinberstein');
+
+
+insert into phones (id,phone,pers_id) values (phone_ids.nextval,'332-2334',1);
+
+insert into phones (id,phone,pers_id) values (phone_ids.nextval,'222-3234',1);
+
+insert into phones (id,phone,pers_id) values (phone_ids.nextval,'545-4563',2);
+
+
+insert into documents (id,abstract,title) values (document_ids.nextval,'abstract1','book1');
+
+insert into documents (id,abstract,title) values (document_ids.nextval,'abstract2','book2');
+
+
+insert into authors_docs (pers_id,doc_id) values (1,1);
+
+insert into authors_docs (pers_id,doc_id) values (1,2);
+
+insert into authors_docs (pers_id,doc_id) values (2,1);
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_drop.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_drop.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_drop.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,25 @@
+DROP TABLE persons;
+DROP TABLE institutes;
+DROP TABLE documents;
+DROP TABLE authors_docs;
+DROP TABLE phones;
+DROP SEQUENCE person_ids;
+DROP SEQUENCE institute_ids;
+DROP SEQUENCE document_ids;
+DROP SEQUENCE phone_ids;
+DROP PROCEDURE create_person;
+DROP PROCEDURE delete_person;
+DROP PROCEDURE add_phone;
+DROP PROCEDURE delete_phone;
+DROP PROCEDURE set_person_name;
+DROP PROCEDURE set_org_name;
+DROP PROCEDURE set_doc_title;
+DROP PROCEDURE set_doc_abstract;
+DROP PROCEDURE create_document;
+DROP PROCEDURE create_org;
+DROP PROCEDURE delete_document;
+DROP PROCEDURE delete_org;
+DROP PROCEDURE make_doc_link;
+DROP PROCEDURE del_doc_link;
+DROP PROCEDURE make_author_link;
+DROP PROCEDURE del_author_link;
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_metadata.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_metadata.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/oracle/testdb_metadata.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,252 @@
+-- mappings
+
+-- objectClass mappings: these may be viewed as structuralObjectClass, the ones that are used to decide how to build an entry
+-- id a unique number identifying the objectClass
+-- name the name of the objectClass; it MUST match the name of an objectClass that is loaded in slapd's schema
+-- keytbl the name of the table that is referenced for the primary key of an entry
+-- keycol the name of the column in "keytbl" that contains the primary key of an entry; the pair "keytbl.keycol" uniquely identifies an entry of objectClass "id"
+-- create_proc a procedure to create the entry
+-- delete_proc a procedure to delete the entry; it takes "keytbl.keycol" of the row to be deleted
+-- expect_return a bitmap that marks whether create_proc (1) and delete_proc (2) return a value or not
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
+values (1,'inetOrgPerson','persons','id','call create_person(?)','call delete_person(?)',0);
+
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
+values (2,'document','documents','id','call create_document(?)','call delete_document(?)',0);
+
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
+values (3,'organization','institutes','id','call create_org(?)','call delete_org(?)',0);
+
+-- attributeType mappings: describe how an attributeType for a certain objectClass maps to the SQL data.
+-- id a unique number identifying the attribute
+-- oc_map_id the value of "ldap_oc_mappings.id" that identifies the objectClass this attributeType is defined for
+-- name the name of the attributeType; it MUST match the name of an attributeType that is loaded in slapd's schema
+-- sel_expr the expression that is used to select this attribute (the "select <sel_expr> from ..." portion)
+-- from_tbls the expression that defines the table(s) this attribute is taken from (the "select ... from <from_tbls> where ..." portion)
+-- join_where the expression that defines the condition to select this attribute (the "select ... where <join_where> ..." portion)
+-- add_proc a procedure to insert the attribute; it takes the value of the attribute that is added, and the "keytbl.keycol" of the entry it is associated to
+-- delete_proc a procedure to delete the attribute; it takes the value of the attribute that is added, and the "keytbl.keycol" of the entry it is associated to
+-- param_order a mask that marks if the "keytbl.keycol" value comes before or after the value in add_proc (1) and delete_proc (2)
+-- expect_return a mask that marks whether add_proc (1) and delete_proc(2) are expected to return a value or not
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (1,1,'cn','persons.name||'' ''||persons.surname','persons',NULL,
+ NULL,NULL,0,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (2,1,'telephoneNumber','phones.phone','persons,phones',
+ 'phones.pers_id=persons.id','call add_phone(?,?)',
+ 'call delete_phone(?,?)',0,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (3,1,'givenName','persons.name','persons',NULL,'call set_person_name(?,?)',
+ NULL,0,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (4,1,'sn','persons.surname','persons',NULL,'call set_person_surname(?,?)',
+ NULL,0,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (5,1,'userPassword','persons.password','persons',
+ 'persons.password IS NOT NULL','call set_person_password(?,?)',
+ NULL,0,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (6,1,'seeAlso','seeAlso.dn','ldap_entries seeAlso,documents,authors_docs,persons',
+ 'seeAlso.keyval=documents.id AND seeAlso.oc_map_id=2 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id',
+ NULL,NULL,0,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (7,2,'description','documents.abstract','documents',NULL,'call set_doc_abstract(?,?)',
+ NULL,0,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (8,2,'documentTitle','documents.title','documents',NULL,'call set_doc_title(?,?)',NULL,0,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (9,2,'documentAuthor','documentAuthor.dn','ldap_entries documentAuthor,documents,authors_docs,persons',
+ 'documentAuthor.keyval=persons.id AND documentAuthor.oc_map_id=1 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id',
+ '?=call make_author_link(?,?)','?=call del_author_link(?,?)',0,3);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (10,2,'documentIdentifier','''document ''||text(documents.id)','documents',NULL,NULL,NULL,0,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (11,3,'o','institutes.name','institutes',NULL,'call set_org_name(?,?)',NULL,0,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (12,3,'dc','lower(institutes.name)','institutes,ldap_entries dcObject,ldap_entry_objclasses auxObjectClass',
+ 'institutes.id=dcObject.keyval AND dcObject.oc_map_id=3 AND dcObject.id=auxObjectClass.entry_id AND auxObjectClass.oc_name=''dcObject''',
+ NULL,NULL,0,0);
+
+-- entries mapping: each entry must appear in this table, with a unique DN rooted at the database naming context
+-- id a unique number > 0 identifying the entry
+-- dn the DN of the entry, in "pretty" form
+-- oc_map_id the "ldap_oc_mappings.id" of the main objectClass of this entry (view it as the structuralObjectClass)
+-- parent the "ldap_entries.id" of the parent of this objectClass; 0 if it is the "suffix" of the database
+-- keyval the value of the "keytbl.keycol" defined for this objectClass
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (ldap_entry_ids.nextval,'dc=example,dc=com',3,0,1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (ldap_entry_ids.nextval,'cn=Mitya Kovalev,dc=example,dc=com',1,1,1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (ldap_entry_ids.nextval,'cn=Torvlobnor Puzdoy,dc=example,dc=com',1,1,2);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (ldap_entry_ids.nextval,'cn=Akakiy Zinberstein,dc=example,dc=com',1,1,3);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (ldap_entry_ids.nextval,'documentTitle=book1,dc=example,dc=com',2,1,1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (ldap_entry_ids.nextval,'documentTitle=book2,dc=example,dc=com',2,1,2);
+
+-- objectClass mapping: entries that have multiple objectClass instances are listed here with the objectClass name (view them as auxiliary objectClass)
+-- entry_id the "ldap_entries.id" of the entry this objectClass value must be added
+-- oc_name the name of the objectClass; it MUST match the name of an objectClass that is loaded in slapd's schema
+insert into ldap_entry_objclasses (entry_id,oc_name)
+values (1,'dcObject');
+
+insert into ldap_entry_objclasses (entry_id,oc_name)
+values (4,'referral');
+
+-- referrals mapping: entries that should be treated as referrals are stored here
+-- entry_id the "ldap_entries.id" of the entry that should be treated as a referral
+-- url the URI of the referral
+insert into ldap_referrals (entry_id,url)
+values (4,'ldap://localhost:9012/');
+
+
+-- procedures
+-- these procedures are specific for this RDBMS and are used in mapping objectClass and attributeType creation/modify/deletion
+CREATE OR REPLACE PROCEDURE create_person(keyval OUT NUMBER) AS
+BEGIN
+INSERT INTO persons (id,name) VALUES (person_ids.nextval,' ');
+SELECT person_ids.currval INTO keyval FROM DUAL;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE delete_person(keyval IN NUMBER) AS
+BEGIN
+DELETE FROM phones WHERE pers_id=keyval;
+DELETE FROM authors_docs WHERE pers_id=keyval;
+DELETE FROM persons WHERE id=keyval;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE create_org(keyval OUT NUMBER) AS
+BEGIN
+INSERT INTO institutes (id,name) VALUES (institute_ids.nextval,' ');
+SELECT institute_ids.currval INTO keyval FROM DUAL;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE delete_org(keyval IN NUMBER) AS
+BEGIN
+DELETE FROM institutes WHERE id=keyval;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE create_document(keyval OUT NUMBER) AS
+BEGIN
+INSERT INTO documents (id,title) VALUES (document_ids.nextval,' ');
+SELECT document_ids.currval INTO keyval FROM DUAL;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE delete_document (keyval IN NUMBER) AS
+BEGIN
+DELETE FROM authors_docs WHERE doc_id=keyval;
+DELETE FROM documents WHERE id=keyval;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE add_phone(pers_id IN NUMBER, phone IN varchar2) AS
+BEGIN
+INSERT INTO phones (id,pers_id,phone) VALUES (phone_ids.nextval,pers_id,phone);
+END;
+/
+
+CREATE OR REPLACE PROCEDURE delete_phone(keyval IN NUMBER, phone IN varchar2) AS
+BEGIN
+DELETE FROM phones WHERE pers_id=keyval AND phone=phone;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE set_person_name(keyval IN NUMBER, new_name IN varchar2) AS
+BEGIN
+UPDATE persons SET name=new_name WHERE id=keyval;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE set_org_name(keyval IN NUMBER, new_name IN varchar2) AS
+BEGIN
+UPDATE institutes SET name=new_name WHERE id=keyval;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE set_doc_title (keyval IN NUMBER, new_title IN varchar2) AS
+BEGIN
+UPDATE documents SET title=new_title WHERE id=keyval;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE set_doc_abstract (keyval IN NUMBER, new_abstract IN varchar2) AS
+BEGIN
+UPDATE documents SET abstract=new_abstract WHERE id=keyval;
+END;
+/
+
+CREATE OR REPLACE FUNCTION make_author_link (keyval IN NUMBER, author_dn IN varchar2) RETURN NUMBER AS
+per_id NUMBER;
+BEGIN
+SELECT keyval INTO per_id FROM ldap_entries
+ WHERE oc_map_id=1 AND dn=author_dn;
+IF NOT (per_id IS NULL) THEN
+ INSERT INTO authors_docs (doc_id,pers_id) VALUES (keyval,per_id);
+ RETURN 1;
+END IF;
+RETURN 0;
+END;
+/
+
+CREATE OR REPLACE FUNCTION make_doc_link (keyval IN NUMBER, doc_dn IN varchar2) RETURN NUMBER AS
+docid NUMBER;
+BEGIN
+SELECT keyval INTO docid FROM ldap_entries
+ WHERE oc_map_id=2 AND dn=doc_dn;
+IF NOT (docid IS NULL) THEN
+ INSERT INTO authors_docs (pers_id,doc_id) VALUES (keyval,docid);
+ RETURN 1;
+END IF;
+RETURN 0;
+END;
+/
+
+CREATE OR REPLACE FUNCTION del_doc_link (keyval IN NUMBER, doc_dn IN varchar2) RETURN NUMBER AS
+docid NUMBER;
+BEGIN
+SELECT keyval INTO docid FROM ldap_entries
+ WHERE oc_map_id=2 AND dn=doc_dn;
+IF NOT (docid IS NULL) THEN
+ DELETE FROM authors_docs WHERE pers_id=keyval AND doc_id=docid;
+ RETURN 1;
+END IF;
+RETURN 0;
+END;
+/
+
+CREATE OR REPLACE FUNCTION del_author_link (keyval IN NUMBER, author_dn IN varchar2) RETURN NUMBER AS
+per_id NUMBER;
+BEGIN
+SELECT keyval INTO per_id FROM ldap_entries
+ WHERE oc_map_id=1 AND dn=author_dn;
+
+IF NOT (per_id IS NULL) THEN
+ DELETE FROM authors_docs WHERE doc_id=keyval AND pers_id=per_id;
+ RETURN 1;
+END IF;
+ RETURN 0;
+END;
+/
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_create.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_create.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_create.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,50 @@
+drop table ldap_oc_mappings;
+drop sequence ldap_oc_mappings_id_seq;
+create table ldap_oc_mappings
+ (
+ id serial not null primary key,
+ name varchar(64) not null,
+ keytbl varchar(64) not null,
+ keycol varchar(64) not null,
+ create_proc varchar(255),
+ delete_proc varchar(255),
+ expect_return int not null
+);
+
+drop table ldap_attr_mappings;
+drop sequence ldap_attr_mappings_id_seq;
+create table ldap_attr_mappings
+ (
+ id serial not null primary key,
+ oc_map_id integer not null references ldap_oc_mappings(id),
+ name varchar(255) not null,
+ sel_expr varchar(255) not null,
+ sel_expr_u varchar(255),
+ from_tbls varchar(255) not null,
+ join_where varchar(255),
+ add_proc varchar(255),
+ delete_proc varchar(255),
+ param_order int not null,
+ expect_return int not null
+);
+
+drop table ldap_entries;
+drop sequence ldap_entries_id_seq;
+create table ldap_entries
+ (
+ id serial not null primary key,
+ dn varchar(255) not null,
+ oc_map_id integer not null references ldap_oc_mappings(id),
+ parent int NOT NULL,
+ keyval int NOT NULL,
+ UNIQUE ( oc_map_id, keyval ),
+ UNIQUE ( dn )
+);
+
+drop table ldap_entry_objclasses;
+create table ldap_entry_objclasses
+ (
+ entry_id integer not null references ldap_entries(id),
+ oc_name varchar(64)
+ );
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_drop.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_drop.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_drop.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,4 @@
+DROP TABLE ldap_entry_objclasses;
+DROP TABLE ldap_attr_mappings;
+DROP TABLE ldap_entries;
+DROP TABLE ldap_oc_mappings;
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/slapd.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/slapd.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/slapd.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,35 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/back-sql/rdbms_depend/pgsql/slapd.conf,v 1.4.2.1 2005/01/20 18:04:03 kurt Exp $
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include /usr/local/etc/openldap/schema/core.schema
+include /usr/local/etc/openldap/schema/cosine.schema
+include /usr/local/etc/openldap/schema/inetorgperson.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral ldap://root.openldap.org
+
+pidfile /usr/local/var/slapd.pid
+argsfile /usr/local/var/slapd.args
+
+#######################################################################
+# sql database definitions
+#######################################################################
+
+database sql
+suffix "o=sql,c=RU"
+rootdn "cn=root,o=sql,c=RU"
+rootpw secret
+dbname PostgreSQL
+dbuser postgres
+dbpasswd postgres
+insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from ldap_entries),?,?,?,?)"
+upper_func "upper"
+strcast_func "text"
+concat_pattern "?||?"
+has_ldapinfo_dn_ru no
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_create.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_create.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_create.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,47 @@
+drop table persons;
+drop sequence persons_id_seq;
+create table persons (
+ id serial not null primary key,
+ name varchar(255) not null,
+ surname varchar(255) not null,
+ password varchar(64)
+);
+
+drop table institutes;
+drop sequence institutes_id_seq;
+create table institutes (
+ id serial not null primary key,
+ name varchar(255)
+);
+
+drop table documents;
+drop sequence documents_id_seq;
+create table documents (
+ id serial not null primary key,
+ title varchar(255) not null,
+ abstract varchar(255)
+);
+
+drop table authors_docs;
+create table authors_docs (
+ pers_id int not null,
+ doc_id int not null,
+ primary key ( pers_id, doc_id )
+);
+
+drop table phones;
+drop sequence phones_id_seq;
+create table phones (
+ id serial not null primary key,
+ phone varchar(255) not null ,
+ pers_id int not null
+);
+
+drop table referrals;
+drop sequence referrals_id_seq;
+create table referrals (
+ id serial not null primary key,
+ name varchar(255) not null,
+ url varchar(255) not null
+);
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_data.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_data.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_data.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,18 @@
+insert into institutes (id,name) values (1,'Example');
+
+insert into persons (id,name,surname,password) values (1,'Mitya','Kovalev','mit');
+insert into persons (id,name,surname) values (2,'Torvlobnor','Puzdoy');
+insert into persons (id,name,surname) values (3,'Akakiy','Zinberstein');
+
+insert into phones (id,phone,pers_id) values (1,'332-2334',1);
+insert into phones (id,phone,pers_id) values (2,'222-3234',1);
+insert into phones (id,phone,pers_id) values (3,'545-4563',2);
+
+insert into documents (id,abstract,title) values (1,'abstract1','book1');
+insert into documents (id,abstract,title) values (2,'abstract2','book2');
+
+insert into authors_docs (pers_id,doc_id) values (1,1);
+insert into authors_docs (pers_id,doc_id) values (1,2);
+insert into authors_docs (pers_id,doc_id) values (2,1);
+
+insert into referrals (id,name,url) values (1,'Referral','ldap://localhost:9012/');
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_drop.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_drop.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_drop.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,13 @@
+DROP TABLE persons;
+DROP TABLE institutes;
+DROP TABLE documents;
+DROP TABLE authors_docs;
+DROP TABLE phones;
+DROP TABLE referrals;
+DROP FUNCTION create_person ();
+DROP FUNCTION update_person_cn (varchar, int);
+DROP FUNCTION add_phone (varchar, int);
+DROP FUNCTION create_doc ();
+DROP FUNCTION create_o ();
+DROP FUNCTION create_referral ();
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_metadata.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_metadata.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_metadata.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,142 @@
+-- mappings
+
+-- objectClass mappings: these may be viewed as structuralObjectClass, the ones that are used to decide how to build an entry
+-- id a unique number identifying the objectClass
+-- name the name of the objectClass; it MUST match the name of an objectClass that is loaded in slapd's schema
+-- keytbl the name of the table that is referenced for the primary key of an entry
+-- keycol the name of the column in "keytbl" that contains the primary key of an entry; the pair "keytbl.keycol" uniquely identifies an entry of objectClass "id"
+-- create_proc a procedure to create the entry
+-- delete_proc a procedure to delete the entry; it takes "keytbl.keycol" of the row to be deleted
+-- expect_return a bitmap that marks whether create_proc (1) and delete_proc (2) return a value or not
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return) values (1,'inetOrgPerson','persons','id','SELECT create_person()','DELETE FROM persons WHERE id=?',0);
+
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return) values (2,'document','documents','id','SELECT create_doc()','DELETE FROM documents WHERE id=?',0);
+
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return) values (3,'organization','institutes','id','SELECT create_o()','DELETE FROM institutes WHERE id=?',0);
+
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return) values (4,'referral','referrals','id','SELECT create_referral()','DELETE FROM referrals WHERE id=?',0);
+
+-- attributeType mappings: describe how an attributeType for a certain objectClass maps to the SQL data.
+-- id a unique number identifying the attribute
+-- oc_map_id the value of "ldap_oc_mappings.id" that identifies the objectClass this attributeType is defined for
+-- name the name of the attributeType; it MUST match the name of an attributeType that is loaded in slapd's schema
+-- sel_expr the expression that is used to select this attribute (the "select <sel_expr> from ..." portion)
+-- from_tbls the expression that defines the table(s) this attribute is taken from (the "select ... from <from_tbls> where ..." portion)
+-- join_where the expression that defines the condition to select this attribute (the "select ... where <join_where> ..." portion)
+-- add_proc a procedure to insert the attribute; it takes the value of the attribute that is added, and the "keytbl.keycol" of the entry it is associated to
+-- delete_proc a procedure to delete the attribute; it takes the value of the attribute that is added, and the "keytbl.keycol" of the entry it is associated to
+-- param_order a mask that marks if the "keytbl.keycol" value comes before or after the value in add_proc (1) and delete_proc (2)
+-- expect_return a mask that marks whether add_proc (1) and delete_proc(2) are expected to return a value or not
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (1,1,'cn','text(persons.name||'' ''||persons.surname)','persons',NULL,'SELECT update_person_cn(?,?)','SELECT 1 FROM persons WHERE persons.name=? AND persons.id=? AND 1=0',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (2,1,'telephoneNumber','phones.phone','persons,phones','phones.pers_id=persons.id','SELECT add_phone(?,?)','DELETE FROM phones WHERE phone=? AND pers_id=?',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (3,1,'givenName','persons.name','persons',NULL,'UPDATE persons SET name=? WHERE id=?','UPDATE persons SET name='''' WHERE (name=? OR name='''') AND id=?',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (4,1,'sn','persons.surname','persons',NULL,'UPDATE persons SET surname=? WHERE id=?','UPDATE persons SET surname='''' WHERE (surname=? OR surname='''') AND id=?',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (5,1,'userPassword','persons.password','persons','persons.password IS NOT NULL','UPDATE persons SET password=? WHERE id=?','UPDATE persons SET password=NULL WHERE password=? AND id=?',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (6,1,'seeAlso','seeAlso.dn','ldap_entries AS seeAlso,documents,authors_docs,persons','seeAlso.keyval=documents.id AND seeAlso.oc_map_id=2 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id',NULL,'DELETE from authors_docs WHERE authors_docs.doc_id=(SELECT documents.id FROM documents,ldap_entries AS seeAlso WHERE seeAlso.keyval=documents.id AND seeAlso.oc_map_id=2 AND seeAlso.dn=?) AND authors_docs.pers_id=?',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (7,2,'description','documents.abstract','documents',NULL,'UPDATE documents SET abstract=? WHERE id=?','UPDATE documents SET abstract='''' WHERE abstract=? AND id=?',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (8,2,'documentTitle','documents.title','documents',NULL,'UPDATE documents SET title=? WHERE id=?','UPDATE documents SET title='''' WHERE title=? AND id=?',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (9,2,'documentAuthor','documentAuthor.dn','ldap_entries AS documentAuthor,documents,authors_docs,persons','documentAuthor.keyval=persons.id AND documentAuthor.oc_map_id=1 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id','INSERT INTO authors_docs (pers_id,doc_id) VALUES ((SELECT ldap_entries.keyval FROM ldap_entries WHERE upper(?)=upper(ldap_entries.dn)),?)','DELETE FROM authors_docs WHERE authors_docs.pers_id=(SELECT ldap_entries.keyval FROM ldap_entries WHERE upper(?)=upper(ldap_entries.dn)) AND authors_docs.doc_id=?',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (10,2,'documentIdentifier','''document ''||text(documents.id)','documents',NULL,NULL,'SELECT 1 FROM documents WHERE title=? AND id=? AND 1=0',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (11,3,'o','institutes.name','institutes',NULL,'UPDATE institutes SET name=? WHERE id=?','UPDATE institutes SET name='''' WHERE name=? AND id=?',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (12,3,'dc','lower(institutes.name)','institutes,ldap_entries AS dcObject,ldap_entry_objclasses AS auxObjectClass','institutes.id=dcObject.keyval AND dcObject.oc_map_id=3 AND dcObject.id=auxObjectClass.entry_id AND auxObjectClass.oc_name=''dcObject''',NULL,'SELECT 1 FROM institutes WHERE lower(name)=? AND id=? and 1=0',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (13,4,'ou','referrals.name','referrals',NULL,'UPDATE referrals SET name=? WHERE id=?','SELECT 1 FROM referrals WHERE name=? AND id=? and 1=0',3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (14,4,'ref','referrals.url','referrals',NULL,'UPDATE referrals SET url=? WHERE id=?','SELECT 1 FROM referrals WHERE url=? and id=? and 1=0',3,0);
+
+-- entries mapping: each entry must appear in this table, with a unique DN rooted at the database naming context
+-- id a unique number > 0 identifying the entry
+-- dn the DN of the entry, in "pretty" form
+-- oc_map_id the "ldap_oc_mappings.id" of the main objectClass of this entry (view it as the structuralObjectClass)
+-- parent the "ldap_entries.id" of the parent of this objectClass; 0 if it is the "suffix" of the database
+-- keyval the value of the "keytbl.keycol" defined for this objectClass
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values (1,'dc=example,dc=com',3,0,1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values (2,'cn=Mitya Kovalev,dc=example,dc=com',1,1,1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values (3,'cn=Torvlobnor Puzdoy,dc=example,dc=com',1,1,2);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values (4,'cn=Akakiy Zinberstein,dc=example,dc=com',1,1,3);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values (5,'documentTitle=book1,dc=example,dc=com',2,1,1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values (6,'documentTitle=book2,dc=example,dc=com',2,1,2);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values (7,'ou=Referral,dc=example,dc=com',4,1,1);
+
+-- objectClass mapping: entries that have multiple objectClass instances are listed here with the objectClass name (view them as auxiliary objectClass)
+-- entry_id the "ldap_entries.id" of the entry this objectClass value must be added
+-- oc_name the name of the objectClass; it MUST match the name of an objectClass that is loaded in slapd's schema
+insert into ldap_entry_objclasses (entry_id,oc_name) values (1,'dcObject');
+
+insert into ldap_entry_objclasses (entry_id,oc_name) values (7,'extensibleObject');
+
+-- procedures
+-- these procedures are specific for this RDBMS and are used in mapping objectClass and attributeType creation/modify/deletion
+create function create_person () returns int
+as '
+ select setval (''persons_id_seq'', (select case when max(id) is null then 1 else max(id) end from persons));
+ insert into persons (id,name,surname)
+ values ((select case when max(id) is null then 1 else nextval(''persons_id_seq'') end from persons),'''','''');
+ select max(id) from persons
+' language 'sql';
+
+create function update_person_cn (varchar, int) returns int
+as '
+ update persons set name = (
+ select case
+ when position('' '' in $1) = 0 then $1
+ else substr($1, 1, position('' '' in $1) - 1)
+ end
+ ),surname = (
+ select case
+ when position('' '' in $1) = 0 then ''''
+ else substr($1, position('' '' in $1) + 1)
+ end
+ ) where id = $2;
+ select $2 as return
+' language 'sql';
+
+create function add_phone (varchar, int) returns int
+as '
+ select setval (''phones_id_seq'', (select case when max(id) is null then 1 else max(id) end from phones));
+ insert into phones (id,phone,pers_id)
+ values (nextval(''phones_id_seq''),$1,$2);
+ select max(id) from phones
+' language 'sql';
+
+create function create_doc () returns int
+as '
+ select setval (''documents_id_seq'', (select case when max(id) is null then 1 else max(id) end from documents));
+ insert into documents (id,title,abstract)
+ values ((select case when max(id) is null then 1 else nextval(''documents_id_seq'') end from documents),'''','''');
+ select max(id) from documents
+' language 'sql';
+
+create function create_o () returns int
+as '
+ select setval (''institutes_id_seq'', (select case when max(id) is null then 1 else max(id) end from institutes));
+ insert into institutes (id,name)
+ values ((select case when max(id) is null then 1 else nextval(''institutes_id_seq'') end from institutes),'''');
+ select max(id) from institutes
+' language 'sql';
+
+create function create_referral () returns int
+as '
+ select setval (''referrals_id_seq'', (select case when max(id) is null then 1 else max(id) end from referrals));
+ insert into referrals (id,name,url)
+ values ((select case when max(id) is null then 1 else nextval(''referrals_id_seq'') end from referrals),'''','''');
+ select max(id) from referrals
+' language 'sql';
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/backsql_create.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/backsql_create.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/backsql_create.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,66 @@
+
+create table ldap_oc_mappings
+ (
+ id integer not null primary key,
+ name varchar(64) not null,
+ keytbl varchar(64) not null,
+ keycol varchar(64) not null,
+ create_proc varchar(255),
+ delete_proc varchar(255),
+ expect_return tinyint not null
+);
+
+create table ldap_attr_mappings
+ (
+ id integer not null primary key,
+ oc_map_id integer not null,
+ name varchar(255) not null,
+ sel_expr varchar(255) not null,
+ sel_expr_u varchar(255),
+ from_tbls varchar(255) not null,
+ join_where varchar(255),
+ add_proc varchar(255),
+ delete_proc varchar(255),
+ param_order tinyint not null,
+ expect_return tinyint not null,
+ foreign key (oc_map_id) references ldap_oc_mappings(id)
+);
+
+create table ldap_entries
+ (
+ id integer not null primary key,
+ dn varchar(255) not null,
+ dn_ru varchar(255),
+ oc_map_id integer not null,
+ parent int NOT NULL ,
+ keyval int NOT NULL,
+ foreign key (oc_map_id) references ldap_oc_mappings(id)
+);
+
+create index ldap_entriesx1 on ldap_entries(dn_ru);
+
+create unique index unq1_ldap_entries on ldap_entries
+ (
+ oc_map_id,
+ keyval
+ );
+
+create unique index unq2_ldap_entries on ldap_entries
+ (
+ dn
+ );
+
+create table ldap_referrals
+ (
+ entry_id integer not null,
+ url varchar(4096) not null,
+ foreign key (entry_id) references ldap_entries(id)
+);
+
+create table ldap_entry_objclasses
+ (
+ entry_id integer not null,
+ oc_name varchar(64),
+ foreign key (entry_id) references ldap_entries(id)
+ );
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/backsql_drop.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/backsql_drop.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/backsql_drop.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,9 @@
+DROP TABLE ldap_referrals;
+
+DROP TABLE ldap_entry_objclasses;
+
+DROP TABLE ldap_attr_mappings;
+
+DROP TABLE ldap_entries;
+
+DROP TABLE ldap_oc_mappings;
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/create_schema.sh
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/create_schema.sh (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/create_schema.sh 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,4 @@
+ttIsql -connStr "DSN=ldap_tt;Overwrite=1" -f backsql_create.sql
+ttIsql -connStr "DSN=ldap_tt" -f testdb_create.sql
+ttIsql -connStr "DSN=ldap_tt" -f testdb_data.sql
+ttIsql -connStr "DSN=ldap_tt" -f testdb_metadata.sql
Property changes on: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/create_schema.sh
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,48 @@
+## Copyright 1997-2007 The OpenLDAP Foundation, All Rights Reserved.
+## COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+
+#
+# Build TimesTen ODBC Sample Programs for Solaris 2.5.1.
+# (c) Copyright 1996-1998, TimesTen Performance Software.
+# All rights reserved.
+## Note: This file was contributed by Sam Drake of TimesTen Performance
+## Software for use and redistribution as an intregal part of
+## OpenLDAP Software. -Kdz
+
+CPLUSPLUS = CC
+TTCLASSES = ../../../../../../../../../cs/classes
+ODBC = /opt/TimesTen4.1/32
+CFLAGS = -g -I$(ODBC)/include -I. -I$(TTCLASSES) -DUNIX
+LDFLAGS = -g
+DIRLIBS = $(TTCLASSES)/ttclasses.a -L $(ODBC)/lib -R $(ODBC)/lib -ltten -lpthread -lm -lrt
+XLALIB = -L $(ODBC)/lib -lxla
+
+DIRPROGS= dnreverse
+
+DNREVERSE= dnreverse.o
+
+#
+# Top-level targets
+#
+
+all: $(DIRPROGS)
+
+direct: $(DIRPROGS)
+
+clean:
+ rm -rf $(DIRPROGS) *.o
+
+
+#
+# Direct-linked programs
+#
+
+dnreverse: $(DNREVERSE)
+ $(CPLUSPLUS) -o dnreverse $(LDFLAGS) $(DNREVERSE) $(DIRLIBS) $(XLALIB)
+
+#
+# .o files
+#
+
+dnreverse.o: dnreverse.cpp
+ $(CPLUSPLUS) $(CFLAGS) -c dnreverse.cpp
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,387 @@
+// Copyright 1997-2007 The OpenLDAP Foundation, All Rights Reserved.
+// COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+
+// (c) Copyright 1999-2001 TimesTen Performance Software. All rights reserved.
+
+//// Note: This file was contributed by Sam Drake of TimesTen Performance
+//// Software for use and redistribution as an intregal part of
+//// OpenLDAP Software. -Kdz
+
+#include <stdlib.h>
+
+#include <TTConnectionPool.h>
+#include <TTConnection.h>
+#include <TTCmd.h>
+#include <TTXla.h>
+
+#include <signal.h>
+
+TTConnectionPool pool;
+TTXlaConnection conn;
+TTConnection conn2;
+TTCmd assignDn_ru;
+TTCmd getNullDNs;
+
+//----------------------------------------------------------------------
+// This class contains all the logic to be implemented whenever
+// the SCOTT.MYDATA table is changed. This is the table that is
+// created by "sample.cpp", one of the other TTClasses demos.
+// That application should be executed before this one in order to
+// create and populate the table.
+//----------------------------------------------------------------------
+
+class LDAPEntriesHandler: public TTXlaTableHandler {
+private:
+ // Definition of the columns in the table
+ int Id;
+ int Dn;
+ int Oc_map_id;
+ int Parent;
+ int Keyval;
+ int Dn_ru;
+
+protected:
+
+public:
+ LDAPEntriesHandler(TTXlaConnection& conn, const char* ownerP, const char* nameP);
+ ~LDAPEntriesHandler();
+
+ virtual void HandleDelete(ttXlaUpdateDesc_t*);
+ virtual void HandleInsert(ttXlaUpdateDesc_t*);
+ virtual void HandleUpdate(ttXlaUpdateDesc_t*);
+
+ static void ReverseAndUpper(char* dnP, int id, bool commit=true);
+
+};
+
+LDAPEntriesHandler::LDAPEntriesHandler(TTXlaConnection& conn,
+ const char* ownerP, const char* nameP) :
+ TTXlaTableHandler(conn, ownerP, nameP)
+{
+ Id = Dn = Oc_map_id = Parent = Keyval = Dn_ru = -1;
+
+ // We are looking for several particular named columns. We need to get
+ // the ordinal position of the columns by name for later use.
+
+ Id = tbl.getColNumber("ID");
+ if (Id < 0) {
+ cerr << "target table has no 'ID' column" << endl;
+ exit(1);
+ }
+ Dn = tbl.getColNumber("DN");
+ if (Dn < 0) {
+ cerr << "target table has no 'DN' column" << endl;
+ exit(1);
+ }
+ Oc_map_id = tbl.getColNumber("OC_MAP_ID");
+ if (Oc_map_id < 0) {
+ cerr << "target table has no 'OC_MAP_ID' column" << endl;
+ exit(1);
+ }
+ Parent = tbl.getColNumber("PARENT");
+ if (Parent < 0) {
+ cerr << "target table has no 'PARENT' column" << endl;
+ exit(1);
+ }
+ Keyval = tbl.getColNumber("KEYVAL");
+ if (Keyval < 0) {
+ cerr << "target table has no 'KEYVAL' column" << endl;
+ exit(1);
+ }
+ Dn_ru = tbl.getColNumber("DN_RU");
+ if (Dn_ru < 0) {
+ cerr << "target table has no 'DN_RU' column" << endl;
+ exit(1);
+ }
+
+}
+
+LDAPEntriesHandler::~LDAPEntriesHandler()
+{
+
+}
+
+void LDAPEntriesHandler::ReverseAndUpper(char* dnP, int id, bool commit)
+{
+ TTStatus stat;
+ char dn_rn[512];
+ int i;
+ int j;
+
+ // Reverse and upper case the given DN
+
+ for ((j=0, i = strlen(dnP)-1); i > -1; (j++, i--)) {
+ dn_rn[j] = toupper(*(dnP+i));
+ }
+ dn_rn[j] = '\0';
+
+
+ // Update the database
+
+ try {
+ assignDn_ru.setParam(1, (char*) &dn_rn[0]);
+ assignDn_ru.setParam(2, id);
+ assignDn_ru.Execute(stat);
+ }
+ catch (TTStatus stat) {
+ cerr << "Error updating id " << id << " ('" << dnP << "' to '"
+ << dn_rn << "'): " << stat;
+ exit(1);
+ }
+
+ // Commit the transaction
+
+ if (commit) {
+ try {
+ conn2.Commit(stat);
+ }
+ catch (TTStatus stat) {
+ cerr << "Error committing update: " << stat;
+ exit(1);
+ }
+ }
+
+}
+
+
+
+void LDAPEntriesHandler::HandleInsert(ttXlaUpdateDesc_t* p)
+{
+ char* dnP;
+ int id;
+
+ row.Get(Dn, &dnP);
+ cerr << "DN '" << dnP << "': Inserted ";
+ row.Get(Id, &id);
+
+ ReverseAndUpper(dnP, id);
+
+}
+
+void LDAPEntriesHandler::HandleUpdate(ttXlaUpdateDesc_t* p)
+{
+ char* newDnP;
+ char* oldDnP;
+ char oDn[512];
+ int id;
+
+ // row is 'old'; row2 is 'new'
+ row.Get(Dn, &oldDnP);
+ strcpy(oDn, oldDnP);
+ row.Get(Id, &id);
+ row2.Get(Dn, &newDnP);
+
+ cerr << "old DN '" << oDn << "' / new DN '" << newDnP << "' : Updated ";
+
+ if (strcmp(oDn, newDnP) != 0) {
+ // The DN field changed, update it
+ cerr << "(new DN: '" << newDnP << "')";
+ ReverseAndUpper(newDnP, id);
+ }
+ else {
+ // The DN field did NOT change, leave it alone
+ }
+
+ cerr << endl;
+
+}
+
+void LDAPEntriesHandler::HandleDelete(ttXlaUpdateDesc_t* p)
+{
+ char* dnP;
+
+ row.Get(Dn, &dnP);
+ cerr << "DN '" << dnP << "': Deleted ";
+}
+
+
+
+
+//----------------------------------------------------------------------
+
+int pleaseStop = 0;
+
+extern "C" {
+ void
+ onintr(int sig)
+ {
+ pleaseStop = 1;
+ cerr << "Stopping...\n";
+ }
+};
+
+//----------------------------------------------------------------------
+
+int
+main(int argc, char* argv[])
+{
+
+ char* ownerP;
+
+ TTXlaTableList list(&conn); // List of tables to monitor
+
+ // Handlers, one for each table we want to monitor
+
+ LDAPEntriesHandler* sampP = NULL;
+
+ // Misc stuff
+
+ TTStatus stat;
+
+ ttXlaUpdateDesc_t ** arry;
+
+ int records;
+
+ SQLUBIGINT oldsize;
+ int j;
+
+ if (argc < 2) {
+ cerr << "syntax: " << argv[0] << " <username>" << endl;
+ exit(3);
+ }
+
+ ownerP = argv[1];
+
+ signal(SIGINT, onintr); /* signal for CTRL-C */
+#ifdef _WIN32
+ signal(SIGBREAK, onintr); /* signal for CTRL-BREAK */
+#endif
+
+ // Before we do anything related to XLA, first we connect
+ // to the database. This is the connection we will use
+ // to perform non-XLA operations on the tables.
+
+ try {
+ cerr << "Connecting..." << endl;
+
+ conn2.Connect("DSN=ldap_tt", stat);
+ }
+ catch (TTStatus stat) {
+ cerr << "Error connecting to TimesTen: " << stat;
+ exit(1);
+ }
+
+ try {
+ assignDn_ru.Prepare(&conn2,
+ "update ldap_entries set dn_ru=? where id=?",
+ "", stat);
+ getNullDNs.Prepare(&conn2,
+ "select dn, id from ldap_entries "
+ "where dn_ru is null "
+ "for update",
+ "", stat);
+ conn2.Commit(stat);
+ }
+ catch (TTStatus stat) {
+ cerr << "Error preparing update: " << stat;
+ exit(1);
+ }
+
+ // If there are any entries with a NULL reversed/upper cased DN,
+ // fix them now.
+
+ try {
+ cerr << "Fixing NULL reversed DNs" << endl;
+ getNullDNs.Execute(stat);
+ for (int k = 0;; k++) {
+ getNullDNs.FetchNext(stat);
+ if (stat.rc == SQL_NO_DATA_FOUND) break;
+ char* dnP;
+ int id;
+ getNullDNs.getColumn(1, &dnP);
+ getNullDNs.getColumn(2, &id);
+ // cerr << "Id " << id << ", Dn '" << dnP << "'" << endl;
+ LDAPEntriesHandler::ReverseAndUpper(dnP, id, false);
+ if (k % 1000 == 0)
+ cerr << ".";
+ }
+ getNullDNs.Close(stat);
+ conn2.Commit(stat);
+ }
+ catch (TTStatus stat) {
+ cerr << "Error updating NULL rows: " << stat;
+ exit(1);
+ }
+
+
+ // Go ahead and start up the change monitoring application
+
+ cerr << "Starting change monitoring..." << endl;
+ try {
+ conn.Connect("DSN=ldap_tt", stat);
+ }
+ catch (TTStatus stat) {
+ cerr << "Error connecting to TimesTen: " << stat;
+ exit(1);
+ }
+
+ /* set and configure size of buffer */
+ conn.setXlaBufferSize((SQLUBIGINT) 1000000, &oldsize, stat);
+ if (stat.rc) {
+ cerr << "Error setting buffer size " << stat << endl;
+ exit(1);
+ }
+
+ // Make a handler to process changes to the MYDATA table and
+ // add the handler to the list of all handlers
+
+ sampP = new LDAPEntriesHandler(conn, ownerP, "ldap_entries");
+ if (!sampP) {
+ cerr << "Could not create LDAPEntriesHandler" << endl;
+ exit(3);
+ }
+ list.add(sampP);
+
+ // Enable transaction logging for the table we're interested in
+
+ sampP->EnableTracking(stat);
+
+ // Get updates. Dispatch them to the appropriate handler.
+ // This loop will handle updates to all the tables.
+
+ while (pleaseStop == 0) {
+ conn.fetchUpdates(&arry, 1000, &records, stat);
+ if (stat.rc) {
+ cerr << "Error fetching updates" << stat << endl;
+ exit(1);
+ }
+
+ // Interpret the updates
+
+ for(j=0;j < records;j++){
+ ttXlaUpdateDesc_t *p;
+
+ p = arry[j];
+
+ list.HandleChange(p, stat);
+
+ } // end for each record fetched
+
+ if (records) {
+ cerr << "Processed " << records << " records\n";
+ }
+
+ if (records == 0) {
+#ifdef _WIN32
+ Sleep(250);
+#else
+ struct timeval t;
+ t.tv_sec = 0;
+ t.tv_usec = 250000; // .25 seconds
+ select(0, NULL, NULL, NULL, &t);
+#endif
+ }
+ } // end while pleasestop == 0
+
+
+ // When we get to here, the program is exiting.
+
+ list.del(sampP); // Take the table out of the list
+ delete sampP;
+
+ conn.setXlaBufferSize(oldsize, NULL, stat);
+
+ return 0;
+
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/slapd.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/slapd.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/slapd.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,31 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/back-sql/rdbms_depend/timesten/slapd.conf,v 1.1.6.1 2005/01/20 18:04:03 kurt Exp $
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include /usr/local/etc/openldap/schema/core.schema
+include /usr/local/etc/openldap/schema/cosine.schema
+include /usr/local/etc/openldap/schema/inetorgperson.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral ldap://root.openldap.org
+
+pidfile /usr/local/var/slapd.pid
+argsfile /usr/local/var/slapd.args
+
+#######################################################################
+# sql database definitions
+#######################################################################
+
+database sql
+suffix "o=sql,c=RU"
+rootdn "cn=root,o=sql,c=RU"
+rootpw secret
+dbname ldap_tt
+dbuser root
+dbpasswd
+subtree_cond "ldap_entries.dn LIKE ?"
+insentry_stmt "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)"
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_create.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_create.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_create.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,36 @@
+CREATE TABLE persons (
+ id int NOT NULL primary key,
+ name varchar(255) NOT NULL
+)
+unique hash on (id) pages=100;
+
+CREATE TABLE institutes (
+ id int NOT NULL primary key,
+ name varchar(255)
+)
+unique hash on (id) pages=100;
+
+CREATE TABLE documents (
+ id int NOT NULL primary key,
+ title varchar(255) NOT NULL,
+ abstract varchar(255)
+)
+unique hash on (id) pages=100;
+
+CREATE TABLE authors_docs (
+ pers_id int NOT NULL,
+ doc_id int NOT NULL,
+ PRIMARY KEY
+ (
+ pers_id,
+ doc_id
+ )
+) unique hash on (pers_id, doc_id) pages=100;
+
+CREATE TABLE phones (
+ id int NOT NULL primary key,
+ phone varchar(255) NOT NULL ,
+ pers_id int NOT NULL
+)
+unique hash on (id) pages=100;
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_data.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_data.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_data.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,16 @@
+insert into institutes (id,name) values (1,'sql');
+
+insert into persons (id,name) values (1,'Mitya Kovalev');
+insert into persons (id,name) values (2,'Torvlobnor Puzdoy');
+insert into persons (id,name) values (3,'Akakiy Zinberstein');
+
+insert into phones (id,phone,pers_id) values (1,'332-2334',1);
+insert into phones (id,phone,pers_id) values (2,'222-3234',1);
+insert into phones (id,phone,pers_id) values (3,'545-4563',2);
+
+insert into documents (id,abstract,title) values (1,'abstract1','book1');
+insert into documents (id,abstract,title) values (2,'abstract2','book2');
+
+insert into authors_docs (pers_id,doc_id) values (1,1);
+insert into authors_docs (pers_id,doc_id) values (1,2);
+insert into authors_docs (pers_id,doc_id) values (2,1);
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_drop.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_drop.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_drop.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,5 @@
+DROP TABLE persons;
+DROP TABLE institutes;
+DROP TABLE documents;
+DROP TABLE authors_docs;
+DROP TABLE phones;
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_metadata.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_metadata.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/testdb_metadata.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,108 @@
+
+insert into ldap_oc_mappings
+(id,name, keytbl, keycol, create_proc,
+delete_proc,expect_return)
+values
+(1,'inetOrgPerson','persons','id', 'insert into persons (name) values ('');\n select last_insert_id();',
+NULL,0);
+
+insert into ldap_oc_mappings
+(id, name, keytbl, keycol,create_proc,delete_proc,expect_return)
+values
+(2, 'document','documents','id', NULL, NULL, 0);
+
+insert into ldap_oc_mappings
+(id,name, keytbl, keycol,create_proc,delete_proc,expect_return)
+values
+(3,'organization','institutes','id', NULL, NULL, 0);
+
+
+insert into ldap_attr_mappings
+(id, oc_map_id, name, sel_expr, from_tbls,join_where,add_proc,
+delete_proc,param_order,expect_return)
+values
+(1, 1, 'cn', 'persons.name', 'persons',NULL, NULL,
+NULL, 3, 0);
+
+insert into ldap_attr_mappings
+(id, oc_map_id,name, sel_expr, from_tbls,
+join_where, add_proc,delete_proc,param_order,expect_return)
+values
+(2, 1, 'telephoneNumber','phones.phone','persons,phones',
+'phones.pers_id=persons.id', NULL, NULL, 3, 0);
+
+insert into ldap_attr_mappings
+(id,oc_map_id, name, sel_expr, from_tbls, join_where,add_proc,
+delete_proc,param_order,expect_return)
+values
+(3, 1, 'sn', 'persons.name','persons', NULL, NULL,
+NULL, 3, 0);
+
+insert into ldap_attr_mappings
+(id, oc_map_id, name, sel_expr, from_tbls, join_where,
+add_proc,delete_proc,param_order,expect_return)
+values
+(4, 2, 'description', 'documents.abstract','documents', NULL,
+NULL, NULL, 3, 0);
+
+insert into ldap_attr_mappings
+(id, oc_map_id, name, sel_expr, from_tbls, join_where,
+add_proc,delete_proc,param_order,expect_return)
+values
+(5, 2, 'documentTitle','documents.title','documents',NULL,
+NULL, NULL, 3, 0);
+
+-- insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+-- values (6,2,'documentAuthor','persons.name','persons,documents,authors_docs',
+-- 'persons.id=authors_docs.pers_id AND documents.id=authors_docs.doc_id',
+-- NULL,NULL,3,0);
+
+insert into ldap_attr_mappings
+(id, oc_map_id, name, sel_expr, from_tbls, join_where,add_proc,
+delete_proc,param_order,expect_return)
+values
+(7, 3, 'o', 'institutes.name', 'institutes', NULL, NULL,
+NULL, 3, 0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (8,1,'documentDN','ldap_entries.dn','ldap_entries,documents,authors_docs,persons',
+ 'ldap_entries.keyval=documents.id AND ldap_entries.oc_map_id=2 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id',
+ NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (9,2,'documentAuthor','ldap_entries.dn','ldap_entries,documents,authors_docs,persons',
+ 'ldap_entries.keyval=persons.id AND ldap_entries.oc_map_id=1 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id',
+ NULL,NULL,3,0);
+
+-- entries
+
+insert into ldap_entries
+(id, dn, oc_map_id, parent, keyval)
+values
+(1, 'o=sql,c=RU', 3, 0, 1);
+
+insert into ldap_entries
+(id, dn, oc_map_id, parent, keyval)
+values
+(2, 'cn=Mitya Kovalev,o=sql,c=RU', 1, 1, 1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (3,'cn=Torvlobnor Puzdoy,o=sql,c=RU',1,1,2);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (4,'cn=Akakiy Zinberstein,o=sql,c=RU',1,1,3);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (5,'documentTitle=book1,o=sql,c=RU',2,1,1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (6,'documentTitle=book2,o=sql,c=RU',2,1,2);
+
+
+-- referrals
+
+insert into ldap_entry_objclasses (entry_id,oc_name)
+values (4,'referral');
+
+insert into ldap_referrals (entry_id,url)
+values (4,'ldap://localhost:9012');
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/ttcreate_schema.sh
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/ttcreate_schema.sh (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/ttcreate_schema.sh 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,4 @@
+ttIsql -connStr "DSN=ldap_tt;Overwrite=1" -f backsql_create.sql
+ttIsql -connStr "DSN=ldap_tt" -f tttestdb_create.sql
+ttIsql -connStr "DSN=ldap_tt" -f tttestdb_data.sql
+ttIsql -connStr "DSN=ldap_tt" -f tttestdb_metadata.sql
Property changes on: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/ttcreate_schema.sh
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_create.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_create.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_create.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,42 @@
+CREATE TABLE persons (
+ id int NOT NULL primary key,
+ name varchar(255) NOT NULL,
+ name_u varchar(255),
+ title varchar(255),
+ title_U varchar(255),
+ organization varchar(255)
+)
+unique hash on (id) pages=100;
+create index personsx1 on persons(title_U);
+create index personsx2 on persons(name_u);
+
+CREATE TABLE institutes (
+ id int NOT NULL primary key,
+ name varchar(255)
+)
+unique hash on (id) pages=100;
+
+CREATE TABLE documents (
+ id int NOT NULL primary key,
+ title varchar(255) NOT NULL,
+ abstract varchar(255)
+)
+unique hash on (id) pages=100;
+
+CREATE TABLE authors_docs (
+ pers_id int NOT NULL,
+ doc_id int NOT NULL,
+ PRIMARY KEY
+ (
+ pers_id,
+ doc_id
+ )
+) unique hash on (pers_id, doc_id) pages=100;
+
+CREATE TABLE phones (
+ id int NOT NULL primary key,
+ phone varchar(255) NOT NULL ,
+ pers_id int NOT NULL
+)
+unique hash on (id) pages=100;
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_data.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_data.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_data.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,20 @@
+insert into institutes (id,name) values (1,'sql');
+
+insert into persons (id,name, title, title_U, organization) values
+(1,'Mitya Kovalev', 'Engineer', 'ENGINEER', 'Development');
+insert into persons (id,name, title, title_U, organization) values
+(2,'Torvlobnor Puzdoy', 'Engineer', 'ENGINEER', 'Sales');
+insert into persons (id,name, title, title_U, organization) values
+(3,'Akakiy Zinberstein', 'Engineer', 'ENGINEER', 'Marketing');
+update persons set name_u = upper(name);
+
+insert into phones (id,phone,pers_id) values (1,'332-2334',1);
+insert into phones (id,phone,pers_id) values (2,'222-3234',1);
+insert into phones (id,phone,pers_id) values (3,'545-4563',2);
+
+insert into documents (id,abstract,title) values (1,'abstract1','book1');
+insert into documents (id,abstract,title) values (2,'abstract2','book2');
+
+insert into authors_docs (pers_id,doc_id) values (1,1);
+insert into authors_docs (pers_id,doc_id) values (1,2);
+insert into authors_docs (pers_id,doc_id) values (2,1);
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_drop.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_drop.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_drop.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,5 @@
+DROP TABLE persons;
+DROP TABLE institutes;
+DROP TABLE documents;
+DROP TABLE authors_docs;
+DROP TABLE phones;
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_metadata.sql
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_metadata.sql (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/rdbms_depend/timesten/tttestdb_metadata.sql 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,122 @@
+
+insert into ldap_oc_mappings
+(id,name, keytbl, keycol, create_proc,
+delete_proc,expect_return)
+values
+(1,'inetOrgPerson','persons','id', 'insert into persons (name) values ('');\n select last_insert_id();',
+NULL,0);
+
+insert into ldap_oc_mappings
+(id, name, keytbl, keycol,create_proc,delete_proc,expect_return)
+values
+(2, 'document','documents','id', NULL, NULL, 0);
+
+insert into ldap_oc_mappings
+(id,name, keytbl, keycol,create_proc,delete_proc,expect_return)
+values
+(3,'organization','institutes','id', NULL, NULL, 0);
+
+
+insert into ldap_attr_mappings
+(id, oc_map_id, name, sel_expr, sel_expr_u, from_tbls,
+join_where,add_proc, delete_proc,param_order,expect_return)
+values
+(1, 1, 'cn', 'persons.name', 'persons.name_u','persons',
+NULL, NULL, NULL, 3, 0);
+
+insert into ldap_attr_mappings
+(id, oc_map_id, name, sel_expr, sel_expr_u, from_tbls,join_where,
+add_proc, delete_proc,param_order,expect_return)
+values
+(10, 1, 'title', 'persons.title', 'persons.title_u', 'persons',NULL, NULL,
+NULL, 3, 0);
+
+insert into ldap_attr_mappings
+(id, oc_map_id,name, sel_expr, from_tbls,
+join_where, add_proc,delete_proc,param_order,expect_return)
+values
+(2, 1, 'telephoneNumber','phones.phone','persons,phones',
+'phones.pers_id=persons.id', NULL, NULL, 3, 0);
+
+insert into ldap_attr_mappings
+(id,oc_map_id, name, sel_expr, from_tbls, join_where,add_proc,
+delete_proc,param_order,expect_return)
+values
+(3, 1, 'sn', 'persons.name','persons', NULL, NULL,
+NULL, 3, 0);
+
+insert into ldap_attr_mappings
+(id, oc_map_id, name, sel_expr, from_tbls, join_where,add_proc,
+delete_proc,param_order,expect_return)
+values
+(30, 1, 'ou', 'persons.organization','persons', NULL, NULL,
+NULL, 3, 0);
+
+insert into ldap_attr_mappings
+(id, oc_map_id, name, sel_expr, from_tbls, join_where,
+add_proc,delete_proc,param_order,expect_return)
+values
+(4, 2, 'description', 'documents.abstract','documents', NULL,
+NULL, NULL, 3, 0);
+
+insert into ldap_attr_mappings
+(id, oc_map_id, name, sel_expr, from_tbls, join_where,
+add_proc,delete_proc,param_order,expect_return)
+values
+(5, 2, 'documentTitle','documents.title','documents',NULL,
+NULL, NULL, 3, 0);
+
+-- insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+-- values (6,2,'documentAuthor','persons.name','persons,documents,authors_docs',
+-- 'persons.id=authors_docs.pers_id AND documents.id=authors_docs.doc_id',
+-- NULL,NULL,3,0);
+
+insert into ldap_attr_mappings
+(id, oc_map_id, name, sel_expr, from_tbls, join_where,add_proc,
+delete_proc,param_order,expect_return)
+values
+(7, 3, 'o', 'institutes.name', 'institutes', NULL, NULL,
+NULL, 3, 0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (8,1,'documentDN','ldap_entries.dn','ldap_entries,documents,authors_docs,persons',
+ 'ldap_entries.keyval=documents.id AND ldap_entries.oc_map_id=2 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id',
+ NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (9,2,'documentAuthor','ldap_entries.dn','ldap_entries,documents,authors_docs,persons',
+ 'ldap_entries.keyval=persons.id AND ldap_entries.oc_map_id=1 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id',
+ NULL,NULL,3,0);
+
+-- entries
+
+insert into ldap_entries
+(id, dn, oc_map_id, parent, keyval)
+values
+(1, 'o=sql,c=RU', 3, 0, 1);
+
+insert into ldap_entries
+(id, dn, oc_map_id, parent, keyval)
+values
+(2, 'cn=Mitya Kovalev,o=sql,c=RU', 1, 1, 1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (3,'cn=Torvlobnor Puzdoy,o=sql,c=RU',1,1,2);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (4,'cn=Akakiy Zinberstein,o=sql,c=RU',1,1,3);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (5,'documentTitle=book1,o=sql,c=RU',2,1,1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (6,'documentTitle=book2,o=sql,c=RU',2,1,2);
+
+
+-- referrals
+
+insert into ldap_entry_objclasses (entry_id,oc_name)
+values (4,'referral');
+
+insert into ldap_referrals (entry_id,url)
+values (4,'http://localhost');
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/schema-map.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/schema-map.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/schema-map.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,905 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/schema-map.c,v 1.44.2.11 2007/01/02 21:44:07 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * Portions Copyright 2004 Mark Adamson.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati and Mark Adamson.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+#include "ac/string.h"
+
+#include "lutil.h"
+#include "slap.h"
+#include "proto-sql.h"
+
+#define BACKSQL_DUPLICATE (-1)
+
+/* NOTE: by default, cannot just compare pointers because
+ * objectClass/attributeType order would be machine-dependent
+ * (and tests would fail!); however, if you don't want to run
+ * tests, or see attributeTypes written in the same order
+ * they are defined, define */
+/* #undef BACKSQL_USE_PTR_CMP */
+
+/*
+ * Uses the pointer to the ObjectClass structure
+ */
+static int
+backsql_cmp_oc( const void *v_m1, const void *v_m2 )
+{
+ const backsql_oc_map_rec *m1 = v_m1,
+ *m2 = v_m2;
+
+#ifdef BACKSQL_USE_PTR_CMP
+ return SLAP_PTRCMP( m1->bom_oc, m2->bom_oc );
+#else /* ! BACKSQL_USE_PTR_CMP */
+ return ber_bvcmp( &m1->bom_oc->soc_cname, &m2->bom_oc->soc_cname );
+#endif /* ! BACKSQL_USE_PTR_CMP */
+}
+
+static int
+backsql_cmp_oc_id( const void *v_m1, const void *v_m2 )
+{
+ const backsql_oc_map_rec *m1 = v_m1,
+ *m2 = v_m2;
+
+ return ( m1->bom_id < m2->bom_id ? -1 : ( m1->bom_id > m2->bom_id ? 1 : 0 ) );
+}
+
+/*
+ * Uses the pointer to the AttributeDescription structure
+ */
+static int
+backsql_cmp_attr( const void *v_m1, const void *v_m2 )
+{
+ const backsql_at_map_rec *m1 = v_m1,
+ *m2 = v_m2;
+
+#ifdef BACKSQL_USE_PTR_CMP
+ return SLAP_PTRCMP( m1->bam_ad, m2->bam_ad );
+#else /* ! BACKSQL_USE_PTR_CMP */
+ return ber_bvcmp( &m1->bam_ad->ad_cname, &m2->bam_ad->ad_cname );
+#endif /* ! BACKSQL_USE_PTR_CMP */
+}
+
+int
+backsql_dup_attr( void *v_m1, void *v_m2 )
+{
+ backsql_at_map_rec *m1 = v_m1,
+ *m2 = v_m2;
+
+ assert( m1->bam_ad == m2->bam_ad );
+
+ /* duplicate definitions of attributeTypes are appended;
+ * this allows to define multiple rules for the same
+ * attributeType. Use with care! */
+ for ( ; m1->bam_next ; m1 = m1->bam_next );
+ m1->bam_next = m2;
+ m2->bam_next = NULL;
+
+ return BACKSQL_DUPLICATE;
+}
+
+static int
+backsql_make_attr_query(
+ backsql_info *bi,
+ backsql_oc_map_rec *oc_map,
+ backsql_at_map_rec *at_map )
+{
+ struct berbuf bb = BB_NULL;
+
+ backsql_strfcat_x( &bb, NULL, "lblbbbblblbcbl",
+ (ber_len_t)STRLENOF( "SELECT " ), "SELECT ",
+ &at_map->bam_sel_expr,
+ (ber_len_t)STRLENOF( " " ), " ",
+ &bi->sql_aliasing,
+ &bi->sql_aliasing_quote,
+ &at_map->bam_ad->ad_cname,
+ &bi->sql_aliasing_quote,
+ (ber_len_t)STRLENOF( " FROM " ), " FROM ",
+ &at_map->bam_from_tbls,
+ (ber_len_t)STRLENOF( " WHERE " ), " WHERE ",
+ &oc_map->bom_keytbl,
+ '.',
+ &oc_map->bom_keycol,
+ (ber_len_t)STRLENOF( "=?" ), "=?" );
+
+ if ( !BER_BVISNULL( &at_map->bam_join_where ) ) {
+ backsql_strfcat_x( &bb, NULL, "lb",
+ (ber_len_t)STRLENOF( " AND " ), " AND ",
+ &at_map->bam_join_where );
+ }
+
+ backsql_strfcat_x( &bb, NULL, "lbbb",
+ (ber_len_t)STRLENOF( " ORDER BY " ), " ORDER BY ",
+ &bi->sql_aliasing_quote,
+ &at_map->bam_ad->ad_cname,
+ &bi->sql_aliasing_quote );
+
+ at_map->bam_query = bb.bb_val.bv_val;
+
+#ifdef BACKSQL_COUNTQUERY
+ /* Query to count how many rows will be returned. */
+ BER_BVZERO( &bb.bb_val );
+ bb.bb_len = 0;
+ backsql_strfcat_x( &bb, NULL, "lblbcbl",
+ (ber_len_t)STRLENOF( "SELECT COUNT(*) FROM " ),
+ "SELECT COUNT(*) FROM ",
+ &at_map->bam_from_tbls,
+ (ber_len_t)STRLENOF( " WHERE " ), " WHERE ",
+ &oc_map->bom_keytbl,
+ '.',
+ &oc_map->bom_keycol,
+ (ber_len_t)STRLENOF( "=?" ), "=?" );
+
+ if ( !BER_BVISNULL( &at_map->bam_join_where ) ) {
+ backsql_strfcat_x( &bb, NULL, "lb",
+ (ber_len_t)STRLENOF( " AND " ), " AND ",
+ &at_map->bam_join_where );
+ }
+
+ at_map->bam_countquery = bb.bb_val.bv_val;
+#endif /* BACKSQL_COUNTQUERY */
+
+ return 0;
+}
+
+static int
+backsql_add_sysmaps( backsql_info *bi, backsql_oc_map_rec *oc_map )
+{
+ backsql_at_map_rec *at_map;
+ char s[] = "+9223372036854775807L";
+ struct berval sbv;
+ struct berbuf bb;
+
+ sbv.bv_val = s;
+ sbv.bv_len = snprintf( s, sizeof( s ), "%ld", oc_map->bom_id );
+
+ /* extra objectClasses */
+ at_map = (backsql_at_map_rec *)ch_calloc(1,
+ sizeof( backsql_at_map_rec ) );
+ at_map->bam_ad = slap_schema.si_ad_objectClass;
+ ber_str2bv( "ldap_entry_objclasses.oc_name", 0, 1,
+ &at_map->bam_sel_expr );
+ ber_str2bv( "ldap_entry_objclasses,ldap_entries", 0, 1,
+ &at_map->bam_from_tbls );
+
+ bb.bb_len = at_map->bam_from_tbls.bv_len + 1;
+ bb.bb_val = at_map->bam_from_tbls;
+ backsql_merge_from_clause( bi, &bb, &oc_map->bom_keytbl );
+ at_map->bam_from_tbls = bb.bb_val;
+
+ BER_BVZERO( &bb.bb_val );
+ bb.bb_len = 0;
+ backsql_strfcat_x( &bb, NULL, "lbcblb",
+ (ber_len_t)STRLENOF( "ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entries.keyval=" ),
+ "ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entries.keyval=",
+ &oc_map->bom_keytbl,
+ '.',
+ &oc_map->bom_keycol,
+ (ber_len_t)STRLENOF( " and ldap_entries.oc_map_id=" ),
+ " and ldap_entries.oc_map_id=",
+ &sbv );
+ at_map->bam_join_where = bb.bb_val;
+
+ at_map->bam_oc = oc_map->bom_oc;
+
+ at_map->bam_add_proc = NULL;
+ {
+ char tmp[] =
+ "INSERT INTO ldap_entry_objclasses "
+ "(entry_id,oc_name) VALUES "
+ "((SELECT id FROM ldap_entries "
+ "WHERE oc_map_id="
+ "18446744073709551615UL " /* 64 bit ULONG */
+ "AND keyval=?),?)";
+ snprintf( tmp, sizeof(tmp),
+ "INSERT INTO ldap_entry_objclasses "
+ "(entry_id,oc_name) VALUES "
+ "((SELECT id FROM ldap_entries "
+ "WHERE oc_map_id=%lu "
+ "AND keyval=?),?)", oc_map->bom_id );
+ at_map->bam_add_proc = ch_strdup( tmp );
+ }
+
+ at_map->bam_delete_proc = NULL;
+ {
+ char tmp[] =
+ "DELETE FROM ldap_entry_objclasses "
+ "WHERE entry_id=(SELECT id FROM ldap_entries "
+ "WHERE oc_map_id="
+ "18446744073709551615UL " /* 64 bit ULONG */
+ "AND keyval=?) AND oc_name=?";
+ snprintf( tmp, sizeof(tmp),
+ "DELETE FROM ldap_entry_objclasses "
+ "WHERE entry_id=(SELECT id FROM ldap_entries "
+ "WHERE oc_map_id=%lu "
+ "AND keyval=?) AND oc_name=?",
+ oc_map->bom_id );
+ at_map->bam_delete_proc = ch_strdup( tmp );
+ }
+
+ at_map->bam_param_order = 0;
+ at_map->bam_expect_return = 0;
+ at_map->bam_next = NULL;
+
+ backsql_make_attr_query( bi, oc_map, at_map );
+ if ( avl_insert( &oc_map->bom_attrs, at_map, backsql_cmp_attr, backsql_dup_attr ) == BACKSQL_DUPLICATE ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_add_sysmaps(): "
+ "duplicate attribute \"%s\" in objectClass \"%s\" map\n",
+ at_map->bam_ad->ad_cname.bv_val,
+ oc_map->bom_oc->soc_cname.bv_val, 0 );
+ }
+
+ /* FIXME: we need to correct the objectClass join_where
+ * after the attribute query is built */
+ ch_free( at_map->bam_join_where.bv_val );
+ BER_BVZERO( &bb.bb_val );
+ bb.bb_len = 0;
+ backsql_strfcat_x( &bb, NULL, "lbcblb",
+ (ber_len_t)STRLENOF( /* "ldap_entries.id=ldap_entry_objclasses.entry_id AND " */ "ldap_entries.keyval=" ),
+ /* "ldap_entries.id=ldap_entry_objclasses.entry_id AND " */ "ldap_entries.keyval=",
+ &oc_map->bom_keytbl,
+ '.',
+ &oc_map->bom_keycol,
+ (ber_len_t)STRLENOF( " AND ldap_entries.oc_map_id=" ),
+ " AND ldap_entries.oc_map_id=",
+ &sbv );
+ at_map->bam_join_where = bb.bb_val;
+
+ return 1;
+}
+
+struct backsql_attr_schema_info {
+ backsql_info *bas_bi;
+ SQLHDBC bas_dbh;
+ SQLHSTMT bas_sth;
+ unsigned long *bas_oc_id;
+ int bas_rc;
+};
+
+static int
+backsql_oc_get_attr_mapping( void *v_oc, void *v_bas )
+{
+ RETCODE rc;
+ BACKSQL_ROW_NTS at_row;
+ backsql_oc_map_rec *oc_map = (backsql_oc_map_rec *)v_oc;
+ backsql_at_map_rec *at_map;
+ struct backsql_attr_schema_info *bas = (struct backsql_attr_schema_info *)v_bas;
+
+ /* bas->bas_oc_id has been bound to bas->bas_sth */
+ *bas->bas_oc_id = oc_map->bom_id;
+
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_attr_mapping(): "
+ "executing at_query\n"
+ " \"%s\"\n"
+ " for objectClass \"%s\"\n"
+ " with param oc_id=\"%lu\"\n",
+ bas->bas_bi->sql_at_query,
+ BACKSQL_OC_NAME( oc_map ),
+ *bas->bas_oc_id );
+
+ rc = SQLExecute( bas->bas_sth );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_attr_mapping(): "
+ "error executing at_query\n"
+ " \"%s\"\n"
+ " for objectClass \"%s\"\n"
+ " with param oc_id=\"%lu\"\n",
+ bas->bas_bi->sql_at_query,
+ BACKSQL_OC_NAME( oc_map ),
+ *bas->bas_oc_id );
+ backsql_PrintErrors( bas->bas_bi->sql_db_env,
+ bas->bas_dbh, bas->bas_sth, rc );
+ bas->bas_rc = LDAP_OTHER;
+ return BACKSQL_AVL_STOP;
+ }
+
+ backsql_BindRowAsStrings( bas->bas_sth, &at_row );
+ for ( ; rc = SQLFetch( bas->bas_sth ), BACKSQL_SUCCESS( rc ); ) {
+ const char *text = NULL;
+ struct berval bv;
+ struct berbuf bb = BB_NULL;
+ AttributeDescription *ad = NULL;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "attributeType:\n"
+ "\tname=\"%s\"\n"
+ "\tsel_expr=\"%s\"\n"
+ "\tfrom=\"%s\"\n",
+ at_row.cols[ 0 ], at_row.cols[ 1 ],
+ at_row.cols[ 2 ] );
+ Debug( LDAP_DEBUG_TRACE,
+ "\tjoin_where=\"%s\"\n"
+ "\tadd_proc=\"%s\"\n"
+ "\tdelete_proc=\"%s\"\n",
+ at_row.cols[ 3 ], at_row.cols[ 4 ],
+ at_row.cols[ 5 ]);
+ /* TimesTen */
+ Debug( LDAP_DEBUG_TRACE, "\tsel_expr_u=\"%s\"\n",
+ at_row.cols[ 8 ], 0, 0 );
+ rc = slap_str2ad( at_row.cols[ 0 ], &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_attr_mapping(): "
+ "attribute \"%s\" for objectClass \"%s\" "
+ "is not defined in schema: %s\n",
+ at_row.cols[ 0 ],
+ BACKSQL_OC_NAME( oc_map ), text );
+ bas->bas_rc = LDAP_CONSTRAINT_VIOLATION;
+ return BACKSQL_AVL_STOP;
+ }
+ at_map = (backsql_at_map_rec *)ch_calloc( 1,
+ sizeof( backsql_at_map_rec ) );
+ at_map->bam_ad = ad;
+
+ ber_str2bv( at_row.cols[ 1 ], 0, 1, &at_map->bam_sel_expr );
+ if ( at_row.value_len[ 8 ] < 0 ) {
+ BER_BVZERO( &at_map->bam_sel_expr_u );
+
+ } else {
+ ber_str2bv( at_row.cols[ 8 ], 0, 1,
+ &at_map->bam_sel_expr_u );
+ }
+
+ ber_str2bv( at_row.cols[ 2 ], 0, 0, &bv );
+ backsql_merge_from_clause( bas->bas_bi, &bb, &bv );
+ at_map->bam_from_tbls = bb.bb_val;
+ if ( at_row.value_len[ 3 ] < 0 ) {
+ BER_BVZERO( &at_map->bam_join_where );
+
+ } else {
+ ber_str2bv( at_row.cols[ 3 ], 0, 1,
+ &at_map->bam_join_where );
+ }
+ at_map->bam_add_proc = NULL;
+ if ( at_row.value_len[ 4 ] > 0 ) {
+ at_map->bam_add_proc = ch_strdup( at_row.cols[4] );
+ }
+ at_map->bam_delete_proc = NULL;
+ if ( at_row.value_len[ 5 ] > 0 ) {
+ at_map->bam_delete_proc = ch_strdup( at_row.cols[ 5 ] );
+ }
+ if ( lutil_atoix( &at_map->bam_param_order, at_row.cols[ 6 ], 0 ) != 0 ) {
+ /* error */
+ }
+ if ( lutil_atoix( &at_map->bam_expect_return, at_row.cols[ 7 ], 0 ) != 0 ) {
+ /* error */
+ }
+ backsql_make_attr_query( bas->bas_bi, oc_map, at_map );
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_attr_mapping(): "
+ "preconstructed query \"%s\"\n",
+ at_map->bam_query, 0, 0 );
+ at_map->bam_next = NULL;
+ if ( avl_insert( &oc_map->bom_attrs, at_map, backsql_cmp_attr, backsql_dup_attr ) == BACKSQL_DUPLICATE ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_attr_mapping(): "
+ "duplicate attribute \"%s\" "
+ "in objectClass \"%s\" map\n",
+ at_map->bam_ad->ad_cname.bv_val,
+ oc_map->bom_oc->soc_cname.bv_val, 0 );
+ }
+
+ if ( !BER_BVISNULL( &bas->bas_bi->sql_upper_func ) &&
+ BER_BVISNULL( &at_map->bam_sel_expr_u ) )
+ {
+ struct berbuf bb = BB_NULL;
+
+ backsql_strfcat_x( &bb, NULL, "bcbc",
+ &bas->bas_bi->sql_upper_func,
+ '(' /* ) */ ,
+ &at_map->bam_sel_expr,
+ /* ( */ ')' );
+ at_map->bam_sel_expr_u = bb.bb_val;
+ }
+ }
+ backsql_FreeRow( &at_row );
+ SQLFreeStmt( bas->bas_sth, SQL_CLOSE );
+
+ Debug( LDAP_DEBUG_TRACE, "backsql_load_schema_map(\"%s\"): "
+ "autoadding 'objectClass' and 'ref' mappings\n",
+ BACKSQL_OC_NAME( oc_map ), 0, 0 );
+
+ (void)backsql_add_sysmaps( bas->bas_bi, oc_map );
+
+ return BACKSQL_AVL_CONTINUE;
+}
+
+
+int
+backsql_load_schema_map( backsql_info *bi, SQLHDBC dbh )
+{
+ SQLHSTMT sth = SQL_NULL_HSTMT;
+ RETCODE rc;
+ BACKSQL_ROW_NTS oc_row;
+ unsigned long oc_id;
+ backsql_oc_map_rec *oc_map;
+ struct backsql_attr_schema_info bas;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_load_schema_map()\n", 0, 0, 0 );
+
+ /*
+ * TimesTen : See if the ldap_entries.dn_ru field exists in the schema
+ */
+ if ( !BACKSQL_DONTCHECK_LDAPINFO_DN_RU( bi ) ) {
+ rc = backsql_Prepare( dbh, &sth,
+ backsql_check_dn_ru_query, 0 );
+ if ( rc == SQL_SUCCESS ) {
+ /* Yes, the field exists */
+ bi->sql_flags |= BSQLF_HAS_LDAPINFO_DN_RU;
+ Debug( LDAP_DEBUG_TRACE, "ldapinfo.dn_ru field exists "
+ "in the schema\n", 0, 0, 0 );
+ } else {
+ /* No such field exists */
+ bi->sql_flags &= ~BSQLF_HAS_LDAPINFO_DN_RU;
+ }
+
+ SQLFreeStmt( sth, SQL_DROP );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "backsql_load_schema_map(): oc_query \"%s\"\n",
+ bi->sql_oc_query, 0, 0 );
+
+ rc = backsql_Prepare( dbh, &sth, bi->sql_oc_query, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_load_schema_map(): "
+ "error preparing oc_query: \"%s\"\n",
+ bi->sql_oc_query, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+ return LDAP_OTHER;
+ }
+
+ rc = SQLExecute( sth );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_load_schema_map(): "
+ "error executing oc_query: \n", 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+ return LDAP_OTHER;
+ }
+
+ backsql_BindRowAsStrings( sth, &oc_row );
+ rc = SQLFetch( sth );
+ for ( ; BACKSQL_SUCCESS( rc ); rc = SQLFetch( sth ) ) {
+ int colnum;
+
+ oc_map = (backsql_oc_map_rec *)ch_calloc( 1,
+ sizeof( backsql_oc_map_rec ) );
+
+ if ( lutil_atoulx( &oc_map->bom_id, oc_row.cols[ 0 ], 0 ) != 0 ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_load_schema_map(): "
+ "unable to parse id=\"%s\"\n",
+ oc_row.cols[ 0 ], 0, 0 );
+ return LDAP_OTHER;
+ }
+
+ oc_map->bom_oc = oc_find( oc_row.cols[ 1 ] );
+ if ( oc_map->bom_oc == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_load_schema_map(): "
+ "objectClass \"%s\" is not defined in schema\n",
+ oc_row.cols[ 1 ], 0, 0 );
+ return LDAP_OTHER; /* undefined objectClass ? */
+ }
+
+ ber_str2bv( oc_row.cols[ 2 ], 0, 1, &oc_map->bom_keytbl );
+ ber_str2bv( oc_row.cols[ 3 ], 0, 1, &oc_map->bom_keycol );
+ oc_map->bom_create_proc = ( oc_row.value_len[ 4 ] < 0 ) ? NULL
+ : ch_strdup( oc_row.cols[ 4 ] );
+
+ colnum = 5;
+ if ( BACKSQL_CREATE_NEEDS_SELECT( bi ) ) {
+ colnum = 6;
+ oc_map->bom_create_keyval = ( oc_row.value_len[ 5 ] < 0 )
+ ? NULL : ch_strdup( oc_row.cols[ 5 ] );
+ }
+ oc_map->bom_delete_proc = ( oc_row.value_len[ colnum ] < 0 ) ? NULL
+ : ch_strdup( oc_row.cols[ colnum ] );
+ if ( lutil_atoix( &oc_map->bom_expect_return, oc_row.cols[ colnum + 1 ], 0 ) != 0 ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_load_schema_map(): "
+ "unable to parse expect_return=\"%s\" for objectClass \"%s\"\n",
+ oc_row.cols[ colnum + 1 ], oc_row.cols[ 1 ], 0 );
+ return LDAP_OTHER;
+ }
+
+ colnum += 2;
+ if ( ( oc_row.ncols > colnum ) &&
+ ( oc_row.value_len[ colnum ] > 0 ) )
+ {
+ const char *text;
+
+ oc_map->bom_create_hint = NULL;
+ rc = slap_str2ad( oc_row.cols[ colnum ],
+ &oc_map->bom_create_hint, &text );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "load_schema_map(): "
+ "error matching "
+ "AttributeDescription %s "
+ "in create_hint: %s (%d)\n",
+ oc_row.cols[ colnum ],
+ text, rc );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ return LDAP_OTHER;
+ }
+ }
+
+ /*
+ * FIXME: first attempt to check for offending
+ * instructions in {create|delete}_proc
+ */
+
+ oc_map->bom_attrs = NULL;
+ if ( avl_insert( &bi->sql_oc_by_oc, oc_map, backsql_cmp_oc, avl_dup_error ) == -1 ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_load_schema_map(): "
+ "duplicate objectClass \"%s\" in objectClass map\n",
+ oc_map->bom_oc->soc_cname.bv_val, 0, 0 );
+ return LDAP_OTHER;
+ }
+ if ( avl_insert( &bi->sql_oc_by_id, oc_map, backsql_cmp_oc_id, avl_dup_error ) == -1 ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_load_schema_map(): "
+ "duplicate objectClass \"%s\" in objectClass by ID map\n",
+ oc_map->bom_oc->soc_cname.bv_val, 0, 0 );
+ return LDAP_OTHER;
+ }
+ oc_id = oc_map->bom_id;
+ Debug( LDAP_DEBUG_TRACE, "backsql_load_schema_map(): "
+ "objectClass \"%s\":\n keytbl=\"%s\" keycol=\"%s\"\n",
+ BACKSQL_OC_NAME( oc_map ),
+ oc_map->bom_keytbl.bv_val, oc_map->bom_keycol.bv_val );
+ if ( oc_map->bom_create_proc ) {
+ Debug( LDAP_DEBUG_TRACE, " create_proc=\"%s\"\n",
+ oc_map->bom_create_proc, 0, 0 );
+ }
+ if ( oc_map->bom_create_keyval ) {
+ Debug( LDAP_DEBUG_TRACE, " create_keyval=\"%s\"\n",
+ oc_map->bom_create_keyval, 0, 0 );
+ }
+ if ( oc_map->bom_create_hint ) {
+ Debug( LDAP_DEBUG_TRACE, " create_hint=\"%s\"\n",
+ oc_map->bom_create_hint->ad_cname.bv_val,
+ 0, 0 );
+ }
+ if ( oc_map->bom_delete_proc ) {
+ Debug( LDAP_DEBUG_TRACE, " delete_proc=\"%s\"\n",
+ oc_map->bom_delete_proc, 0, 0 );
+ }
+ Debug( LDAP_DEBUG_TRACE, " expect_return: "
+ "add=%d, del=%d; attributes:\n",
+ BACKSQL_IS_ADD( oc_map->bom_expect_return ),
+ BACKSQL_IS_DEL( oc_map->bom_expect_return ), 0 );
+ }
+
+ backsql_FreeRow( &oc_row );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ /* prepare for attribute fetching */
+ Debug( LDAP_DEBUG_TRACE, "backsql_load_schema_map(): at_query \"%s\"\n",
+ bi->sql_at_query, 0, 0 );
+
+ rc = backsql_Prepare( dbh, &sth, bi->sql_at_query, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_load_schema_map(): "
+ "error preparing at_query: \"%s\"\n",
+ bi->sql_at_query, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+ return LDAP_OTHER;
+ }
+
+ rc = backsql_BindParamInt( sth, 1, SQL_PARAM_INPUT, &oc_id );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_load_schema_map(): "
+ "error binding param \"oc_id\" for at_query\n", 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+ return LDAP_OTHER;
+ }
+
+ bas.bas_bi = bi;
+ bas.bas_dbh = dbh;
+ bas.bas_sth = sth;
+ bas.bas_oc_id = &oc_id;
+ bas.bas_rc = LDAP_SUCCESS;
+
+ (void)avl_apply( bi->sql_oc_by_oc, backsql_oc_get_attr_mapping,
+ &bas, BACKSQL_AVL_STOP, AVL_INORDER );
+
+ SQLFreeStmt( sth, SQL_DROP );
+
+ bi->sql_flags |= BSQLF_SCHEMA_LOADED;
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_load_schema_map()\n", 0, 0, 0 );
+
+ return bas.bas_rc;
+}
+
+backsql_oc_map_rec *
+backsql_oc2oc( backsql_info *bi, ObjectClass *oc )
+{
+ backsql_oc_map_rec tmp, *res;
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_oc2oc(): "
+ "searching for objectclass with name=\"%s\"\n",
+ oc->soc_cname.bv_val, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+ tmp.bom_oc = oc;
+ res = (backsql_oc_map_rec *)avl_find( bi->sql_oc_by_oc, &tmp, backsql_cmp_oc );
+#ifdef BACKSQL_TRACE
+ if ( res != NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_oc2oc(): "
+ "found name=\"%s\", id=%d\n",
+ BACKSQL_OC_NAME( res ), res->bom_id, 0 );
+ } else {
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_oc2oc(): "
+ "not found\n", 0, 0, 0 );
+ }
+#endif /* BACKSQL_TRACE */
+
+ return res;
+}
+
+backsql_oc_map_rec *
+backsql_name2oc( backsql_info *bi, struct berval *oc_name )
+{
+ backsql_oc_map_rec tmp, *res;
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "==>oc_with_name(): "
+ "searching for objectclass with name=\"%s\"\n",
+ oc_name->bv_val, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+ tmp.bom_oc = oc_bvfind( oc_name );
+ if ( tmp.bom_oc == NULL ) {
+ return NULL;
+ }
+
+ res = (backsql_oc_map_rec *)avl_find( bi->sql_oc_by_oc, &tmp, backsql_cmp_oc );
+#ifdef BACKSQL_TRACE
+ if ( res != NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "<==oc_with_name(): "
+ "found name=\"%s\", id=%d\n",
+ BACKSQL_OC_NAME( res ), res->bom_id, 0 );
+ } else {
+ Debug( LDAP_DEBUG_TRACE, "<==oc_with_name(): "
+ "not found\n", 0, 0, 0 );
+ }
+#endif /* BACKSQL_TRACE */
+
+ return res;
+}
+
+backsql_oc_map_rec *
+backsql_id2oc( backsql_info *bi, unsigned long id )
+{
+ backsql_oc_map_rec tmp, *res;
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "==>oc_with_id(): "
+ "searching for objectclass with id='%d'\n", id, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+ tmp.bom_id = id;
+ res = (backsql_oc_map_rec *)avl_find( bi->sql_oc_by_id, &tmp,
+ backsql_cmp_oc_id );
+
+#ifdef BACKSQL_TRACE
+ if ( res != NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "<==oc_with_name(): "
+ "found name=\"%s\", id=%d\n",
+ BACKSQL_OC_NAME( res ), res->bom_id, 0 );
+ } else {
+ Debug( LDAP_DEBUG_TRACE, "<==oc_with_name(): "
+ "not found\n", 0, 0, 0 );
+ }
+#endif /* BACKSQL_TRACE */
+
+ return res;
+}
+
+backsql_at_map_rec *
+backsql_ad2at( backsql_oc_map_rec* objclass, AttributeDescription *ad )
+{
+ backsql_at_map_rec tmp, *res;
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_ad2at(): "
+ "searching for attribute \"%s\" for objectclass \"%s\"\n",
+ ad->ad_cname.bv_val, BACKSQL_OC_NAME( objclass ), 0 );
+#endif /* BACKSQL_TRACE */
+
+ tmp.bam_ad = ad;
+ res = (backsql_at_map_rec *)avl_find( objclass->bom_attrs, &tmp,
+ backsql_cmp_attr );
+
+#ifdef BACKSQL_TRACE
+ if ( res != NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_ad2at(): "
+ "found name=\"%s\", sel_expr=\"%s\"\n",
+ res->bam_ad->ad_cname.bv_val,
+ res->bam_sel_expr.bv_val, 0 );
+ } else {
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_ad2at(): "
+ "not found\n", 0, 0, 0 );
+ }
+#endif /* BACKSQL_TRACE */
+
+ return res;
+}
+
+/* attributeType inheritance */
+struct supad2at_t {
+ backsql_at_map_rec **ret;
+ AttributeDescription *ad;
+ unsigned n;
+};
+
+#define SUPAD2AT_STOP (-1)
+
+static int
+supad2at_f( void *v_at, void *v_arg )
+{
+ backsql_at_map_rec *at = (backsql_at_map_rec *)v_at;
+ struct supad2at_t *va = (struct supad2at_t *)v_arg;
+
+ if ( is_at_subtype( at->bam_ad->ad_type, va->ad->ad_type ) ) {
+ backsql_at_map_rec **ret = NULL;
+ unsigned i;
+
+ /* if already listed, holler! (should never happen) */
+ if ( va->ret ) {
+ for ( i = 0; i < va->n; i++ ) {
+ if ( va->ret[ i ]->bam_ad == at->bam_ad ) {
+ break;
+ }
+ }
+
+ if ( i < va->n ) {
+ return 0;
+ }
+ }
+
+ ret = ch_realloc( va->ret,
+ sizeof( backsql_at_map_rec * ) * ( va->n + 2 ) );
+ if ( ret == NULL ) {
+ ch_free( va->ret );
+ va->ret = NULL;
+ va->n = 0;
+ return SUPAD2AT_STOP;
+ }
+
+ ret[ va->n ] = at;
+ va->n++;
+ ret[ va->n ] = NULL;
+ va->ret = ret;
+ }
+
+ return 0;
+}
+
+/*
+ * stores in *pret a NULL terminated array of pointers
+ * to backsql_at_map_rec whose attributeType is supad->ad_type
+ * or derived from it
+ */
+int
+backsql_supad2at( backsql_oc_map_rec *objclass, AttributeDescription *supad,
+ backsql_at_map_rec ***pret )
+{
+ struct supad2at_t va = { 0 };
+ int rc;
+
+ assert( objclass != NULL );
+ assert( supad != NULL );
+ assert( pret != NULL );
+
+ *pret = NULL;
+
+ va.ad = supad;
+
+ rc = avl_apply( objclass->bom_attrs, supad2at_f, &va,
+ SUPAD2AT_STOP, AVL_INORDER );
+ if ( rc == SUPAD2AT_STOP ) {
+ return -1;
+ }
+
+ *pret = va.ret;
+
+ return 0;
+}
+
+static void
+backsql_free_attr( void *v_at )
+{
+ backsql_at_map_rec *at = v_at;
+
+ Debug( LDAP_DEBUG_TRACE, "==>free_attr(): \"%s\"\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+ ch_free( at->bam_sel_expr.bv_val );
+ if ( !BER_BVISNULL( &at->bam_from_tbls ) ) {
+ ch_free( at->bam_from_tbls.bv_val );
+ }
+ if ( !BER_BVISNULL( &at->bam_join_where ) ) {
+ ch_free( at->bam_join_where.bv_val );
+ }
+ if ( at->bam_add_proc != NULL ) {
+ ch_free( at->bam_add_proc );
+ }
+ if ( at->bam_delete_proc != NULL ) {
+ ch_free( at->bam_delete_proc );
+ }
+ if ( at->bam_query != NULL ) {
+ ch_free( at->bam_query );
+ }
+
+#ifdef BACKSQL_COUNTQUERY
+ if ( at->bam_countquery != NULL ) {
+ ch_free( at->bam_countquery );
+ }
+#endif /* BACKSQL_COUNTQUERY */
+
+ /* TimesTen */
+ if ( !BER_BVISNULL( &at->bam_sel_expr_u ) ) {
+ ch_free( at->bam_sel_expr_u.bv_val );
+ }
+
+ if ( at->bam_next ) {
+ backsql_free_attr( at->bam_next );
+ }
+
+ ch_free( at );
+
+ Debug( LDAP_DEBUG_TRACE, "<==free_attr()\n", 0, 0, 0 );
+}
+
+static void
+backsql_free_oc( void *v_oc )
+{
+ backsql_oc_map_rec *oc = v_oc;
+
+ Debug( LDAP_DEBUG_TRACE, "==>free_oc(): \"%s\"\n",
+ BACKSQL_OC_NAME( oc ), 0, 0 );
+ avl_free( oc->bom_attrs, backsql_free_attr );
+ ch_free( oc->bom_keytbl.bv_val );
+ ch_free( oc->bom_keycol.bv_val );
+ if ( oc->bom_create_proc != NULL ) {
+ ch_free( oc->bom_create_proc );
+ }
+ if ( oc->bom_create_keyval != NULL ) {
+ ch_free( oc->bom_create_keyval );
+ }
+ if ( oc->bom_delete_proc != NULL ) {
+ ch_free( oc->bom_delete_proc );
+ }
+ ch_free( oc );
+
+ Debug( LDAP_DEBUG_TRACE, "<==free_oc()\n", 0, 0, 0 );
+}
+
+int
+backsql_destroy_schema_map( backsql_info *bi )
+{
+ Debug( LDAP_DEBUG_TRACE, "==>destroy_schema_map()\n", 0, 0, 0 );
+ avl_free( bi->sql_oc_by_oc, 0 );
+ avl_free( bi->sql_oc_by_id, backsql_free_oc );
+ Debug( LDAP_DEBUG_TRACE, "<==destroy_schema_map()\n", 0, 0, 0 );
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/search.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/search.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/search.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2569 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/search.c,v 1.81.2.13 2007/03/05 18:39:51 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * Portions Copyright 2004 Mark Adamson.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati and Mark Adamson.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+#include "ac/string.h"
+#include "ac/ctype.h"
+
+#include "lutil.h"
+#include "slap.h"
+#include "proto-sql.h"
+
+static int backsql_process_filter( backsql_srch_info *bsi, Filter *f );
+static int backsql_process_filter_eq( backsql_srch_info *bsi,
+ backsql_at_map_rec *at,
+ int casefold, struct berval *filter_value );
+static int backsql_process_filter_like( backsql_srch_info *bsi,
+ backsql_at_map_rec *at,
+ int casefold, struct berval *filter_value );
+static int backsql_process_filter_attr( backsql_srch_info *bsi, Filter *f,
+ backsql_at_map_rec *at );
+
+static int
+backsql_attrlist_add( backsql_srch_info *bsi, AttributeDescription *ad )
+{
+ int n_attrs = 0;
+ AttributeName *an = NULL;
+
+ if ( bsi->bsi_attrs == NULL ) {
+ return 1;
+ }
+
+ /*
+ * clear the list (retrieve all attrs)
+ */
+ if ( ad == NULL ) {
+ bsi->bsi_op->o_tmpfree( bsi->bsi_attrs, bsi->bsi_op->o_tmpmemctx );
+ bsi->bsi_attrs = NULL;
+ bsi->bsi_flags |= BSQL_SF_ALL_ATTRS;
+ return 1;
+ }
+
+ for ( ; !BER_BVISNULL( &bsi->bsi_attrs[ n_attrs ].an_name ); n_attrs++ ) {
+ an = &bsi->bsi_attrs[ n_attrs ];
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_attrlist_add(): "
+ "attribute \"%s\" is in list\n",
+ an->an_name.bv_val, 0, 0 );
+ /*
+ * We can live with strcmp because the attribute
+ * list has been normalized before calling be_search
+ */
+ if ( !BACKSQL_NCMP( &an->an_name, &ad->ad_cname ) ) {
+ return 1;
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_attrlist_add(): "
+ "adding \"%s\" to list\n", ad->ad_cname.bv_val, 0, 0 );
+
+ an = (AttributeName *)bsi->bsi_op->o_tmprealloc( bsi->bsi_attrs,
+ sizeof( AttributeName ) * ( n_attrs + 2 ),
+ bsi->bsi_op->o_tmpmemctx );
+ if ( an == NULL ) {
+ return -1;
+ }
+
+ an[ n_attrs ].an_name = ad->ad_cname;
+ an[ n_attrs ].an_desc = ad;
+ BER_BVZERO( &an[ n_attrs + 1 ].an_name );
+
+ bsi->bsi_attrs = an;
+
+ return 1;
+}
+
+/*
+ * Initializes the search structure.
+ *
+ * If get_base_id != 0, the field bsi_base_id is filled
+ * with the entryID of bsi_base_ndn; it must be freed
+ * by backsql_free_entryID() when no longer required.
+ *
+ * NOTE: base must be normalized
+ */
+int
+backsql_init_search(
+ backsql_srch_info *bsi,
+ struct berval *nbase,
+ int scope,
+ time_t stoptime,
+ Filter *filter,
+ SQLHDBC dbh,
+ Operation *op,
+ SlapReply *rs,
+ AttributeName *attrs,
+ unsigned flags )
+{
+ backsql_info *bi = (backsql_info *)op->o_bd->be_private;
+ int rc = LDAP_SUCCESS;
+
+ bsi->bsi_base_ndn = nbase;
+ bsi->bsi_use_subtree_shortcut = 0;
+ BER_BVZERO( &bsi->bsi_base_id.eid_dn );
+ BER_BVZERO( &bsi->bsi_base_id.eid_ndn );
+ bsi->bsi_scope = scope;
+ bsi->bsi_filter = filter;
+ bsi->bsi_dbh = dbh;
+ bsi->bsi_op = op;
+ bsi->bsi_rs = rs;
+ bsi->bsi_flags = BSQL_SF_NONE;
+
+ bsi->bsi_attrs = NULL;
+
+ if ( BACKSQL_FETCH_ALL_ATTRS( bi ) ) {
+ /*
+ * if requested, simply try to fetch all attributes
+ */
+ bsi->bsi_flags |= BSQL_SF_ALL_ATTRS;
+
+ } else {
+ if ( BACKSQL_FETCH_ALL_USERATTRS( bi ) ) {
+ bsi->bsi_flags |= BSQL_SF_ALL_USER;
+
+ } else if ( BACKSQL_FETCH_ALL_OPATTRS( bi ) ) {
+ bsi->bsi_flags |= BSQL_SF_ALL_OPER;
+ }
+
+ if ( attrs == NULL ) {
+ /* NULL means all user attributes */
+ bsi->bsi_flags |= BSQL_SF_ALL_USER;
+
+ } else {
+ AttributeName *p;
+ int got_oc = 0;
+
+ bsi->bsi_attrs = (AttributeName *)bsi->bsi_op->o_tmpalloc(
+ sizeof( AttributeName ),
+ bsi->bsi_op->o_tmpmemctx );
+ BER_BVZERO( &bsi->bsi_attrs[ 0 ].an_name );
+
+ for ( p = attrs; !BER_BVISNULL( &p->an_name ); p++ ) {
+ if ( BACKSQL_NCMP( &p->an_name, &AllUser ) == 0 ) {
+ /* handle "*" */
+ bsi->bsi_flags |= BSQL_SF_ALL_USER;
+
+ /* if all attrs are requested, there's
+ * no need to continue */
+ if ( BSQL_ISF_ALL_ATTRS( bsi ) ) {
+ bsi->bsi_op->o_tmpfree( bsi->bsi_attrs,
+ bsi->bsi_op->o_tmpmemctx );
+ bsi->bsi_attrs = NULL;
+ break;
+ }
+ continue;
+
+ } else if ( BACKSQL_NCMP( &p->an_name, &AllOper ) == 0 ) {
+ /* handle "+" */
+ bsi->bsi_flags |= BSQL_SF_ALL_OPER;
+
+ /* if all attrs are requested, there's
+ * no need to continue */
+ if ( BSQL_ISF_ALL_ATTRS( bsi ) ) {
+ bsi->bsi_op->o_tmpfree( bsi->bsi_attrs,
+ bsi->bsi_op->o_tmpmemctx );
+ bsi->bsi_attrs = NULL;
+ break;
+ }
+ continue;
+
+ } else if ( BACKSQL_NCMP( &p->an_name, &NoAttrs ) == 0 ) {
+ /* ignore "1.1" */
+ continue;
+
+ } else if ( p->an_desc == slap_schema.si_ad_objectClass ) {
+ got_oc = 1;
+ }
+
+ backsql_attrlist_add( bsi, p->an_desc );
+ }
+
+ if ( got_oc == 0 && !( bsi->bsi_flags & BSQL_SF_ALL_USER ) ) {
+ /* add objectClass if not present,
+ * because it is required to understand
+ * if an entry is a referral, an alias
+ * or so... */
+ backsql_attrlist_add( bsi, slap_schema.si_ad_objectClass );
+ }
+ }
+
+ if ( !BSQL_ISF_ALL_ATTRS( bsi ) && bi->sql_anlist ) {
+ AttributeName *p;
+
+ /* use hints if available */
+ for ( p = bi->sql_anlist; !BER_BVISNULL( &p->an_name ); p++ ) {
+ if ( BACKSQL_NCMP( &p->an_name, &AllUser ) == 0 ) {
+ /* handle "*" */
+ bsi->bsi_flags |= BSQL_SF_ALL_USER;
+
+ /* if all attrs are requested, there's
+ * no need to continue */
+ if ( BSQL_ISF_ALL_ATTRS( bsi ) ) {
+ bsi->bsi_op->o_tmpfree( bsi->bsi_attrs,
+ bsi->bsi_op->o_tmpmemctx );
+ bsi->bsi_attrs = NULL;
+ break;
+ }
+ continue;
+
+ } else if ( BACKSQL_NCMP( &p->an_name, &AllOper ) == 0 ) {
+ /* handle "+" */
+ bsi->bsi_flags |= BSQL_SF_ALL_OPER;
+
+ /* if all attrs are requested, there's
+ * no need to continue */
+ if ( BSQL_ISF_ALL_ATTRS( bsi ) ) {
+ bsi->bsi_op->o_tmpfree( bsi->bsi_attrs,
+ bsi->bsi_op->o_tmpmemctx );
+ bsi->bsi_attrs = NULL;
+ break;
+ }
+ continue;
+ }
+
+ backsql_attrlist_add( bsi, p->an_desc );
+ }
+
+ }
+ }
+
+ bsi->bsi_id_list = NULL;
+ bsi->bsi_id_listtail = &bsi->bsi_id_list;
+ bsi->bsi_n_candidates = 0;
+ bsi->bsi_stoptime = stoptime;
+ BER_BVZERO( &bsi->bsi_sel.bb_val );
+ bsi->bsi_sel.bb_len = 0;
+ BER_BVZERO( &bsi->bsi_from.bb_val );
+ bsi->bsi_from.bb_len = 0;
+ BER_BVZERO( &bsi->bsi_join_where.bb_val );
+ bsi->bsi_join_where.bb_len = 0;
+ BER_BVZERO( &bsi->bsi_flt_where.bb_val );
+ bsi->bsi_flt_where.bb_len = 0;
+ bsi->bsi_filter_oc = NULL;
+
+ if ( BACKSQL_IS_GET_ID( flags ) ) {
+ int matched = BACKSQL_IS_MATCHED( flags );
+ int getentry = BACKSQL_IS_GET_ENTRY( flags );
+ int gotit = 0;
+
+ assert( op->o_bd->be_private != NULL );
+
+ rc = backsql_dn2id( op, rs, dbh, nbase, &bsi->bsi_base_id,
+ matched, 1 );
+
+ /* the entry is collected either if requested for by getentry
+ * or if get noSuchObject and requested to climb the tree,
+ * so that a matchedDN or a referral can be returned */
+ if ( ( rc == LDAP_NO_SUCH_OBJECT && matched ) || getentry ) {
+ if ( !BER_BVISNULL( &bsi->bsi_base_id.eid_ndn ) ) {
+ assert( bsi->bsi_e != NULL );
+
+ if ( dn_match( nbase, &bsi->bsi_base_id.eid_ndn ) )
+ {
+ gotit = 1;
+ }
+
+ /*
+ * let's see if it is a referral and, in case, get it
+ */
+ backsql_attrlist_add( bsi, slap_schema.si_ad_ref );
+ rc = backsql_id2entry( bsi, &bsi->bsi_base_id );
+ if ( rc == LDAP_SUCCESS ) {
+ if ( is_entry_referral( bsi->bsi_e ) )
+ {
+ BerVarray erefs = get_entry_referrals( op, bsi->bsi_e );
+ if ( erefs ) {
+ rc = rs->sr_err = LDAP_REFERRAL;
+ rs->sr_ref = referral_rewrite( erefs,
+ &bsi->bsi_e->e_nname,
+ &op->o_req_dn,
+ scope );
+ ber_bvarray_free( erefs );
+
+ } else {
+ rc = rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "bad referral object";
+ }
+
+ } else if ( !gotit ) {
+ rc = rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ }
+ }
+
+ } else {
+ rs->sr_err = rc;
+ }
+ }
+ }
+
+ bsi->bsi_status = rc;
+
+ switch ( rc ) {
+ case LDAP_SUCCESS:
+ case LDAP_REFERRAL:
+ break;
+
+ default:
+ bsi->bsi_op->o_tmpfree( bsi->bsi_attrs,
+ bsi->bsi_op->o_tmpmemctx );
+ break;
+ }
+
+ return rc;
+}
+
+static int
+backsql_process_filter_list( backsql_srch_info *bsi, Filter *f, int op )
+{
+ int res;
+
+ if ( !f ) {
+ return 0;
+ }
+
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx, "c", '(' /* ) */ );
+
+ while ( 1 ) {
+ res = backsql_process_filter( bsi, f );
+ if ( res < 0 ) {
+ /*
+ * TimesTen : If the query has no answers,
+ * don't bother to run the query.
+ */
+ return -1;
+ }
+
+ f = f->f_next;
+ if ( f == NULL ) {
+ break;
+ }
+
+ switch ( op ) {
+ case LDAP_FILTER_AND:
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx, "l",
+ (ber_len_t)STRLENOF( " AND " ),
+ " AND " );
+ break;
+
+ case LDAP_FILTER_OR:
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx, "l",
+ (ber_len_t)STRLENOF( " OR " ),
+ " OR " );
+ break;
+ }
+ }
+
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx, "c", /* ( */ ')' );
+
+ return 1;
+}
+
+static int
+backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f,
+ backsql_at_map_rec *at )
+{
+ backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
+ int i;
+ int casefold = 0;
+
+ if ( !f ) {
+ return 0;
+ }
+
+ /* always uppercase strings by now */
+#ifdef BACKSQL_UPPERCASE_FILTER
+ if ( f->f_sub_desc->ad_type->sat_substr &&
+ SLAP_MR_ASSOCIATED( f->f_sub_desc->ad_type->sat_substr,
+ bi->sql_caseIgnoreMatch ) )
+#endif /* BACKSQL_UPPERCASE_FILTER */
+ {
+ casefold = 1;
+ }
+
+ if ( f->f_sub_desc->ad_type->sat_substr &&
+ SLAP_MR_ASSOCIATED( f->f_sub_desc->ad_type->sat_substr,
+ bi->sql_telephoneNumberMatch ) )
+ {
+
+ struct berval bv;
+ ber_len_t i, s, a;
+
+ /*
+ * to check for matching telephone numbers
+ * with intermixed chars, e.g. val='1234'
+ * use
+ *
+ * val LIKE '%1%2%3%4%'
+ */
+
+ BER_BVZERO( &bv );
+ if ( f->f_sub_initial.bv_val ) {
+ bv.bv_len += f->f_sub_initial.bv_len;
+ }
+ if ( f->f_sub_any != NULL ) {
+ for ( a = 0; f->f_sub_any[ a ].bv_val != NULL; a++ ) {
+ bv.bv_len += f->f_sub_any[ a ].bv_len;
+ }
+ }
+ if ( f->f_sub_final.bv_val ) {
+ bv.bv_len += f->f_sub_final.bv_len;
+ }
+ bv.bv_len = 2 * bv.bv_len - 1;
+ bv.bv_val = ch_malloc( bv.bv_len + 1 );
+
+ s = 0;
+ if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
+ bv.bv_val[ s ] = f->f_sub_initial.bv_val[ 0 ];
+ for ( i = 1; i < f->f_sub_initial.bv_len; i++ ) {
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+ bv.bv_val[ s + 2 * i ] = f->f_sub_initial.bv_val[ i ];
+ }
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+ s += 2 * i;
+ }
+
+ if ( f->f_sub_any != NULL ) {
+ for ( a = 0; !BER_BVISNULL( &f->f_sub_any[ a ] ); a++ ) {
+ bv.bv_val[ s ] = f->f_sub_any[ a ].bv_val[ 0 ];
+ for ( i = 1; i < f->f_sub_any[ a ].bv_len; i++ ) {
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+ bv.bv_val[ s + 2 * i ] = f->f_sub_any[ a ].bv_val[ i ];
+ }
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+ s += 2 * i;
+ }
+ }
+
+ if ( !BER_BVISNULL( &f->f_sub_final ) ) {
+ bv.bv_val[ s ] = f->f_sub_final.bv_val[ 0 ];
+ for ( i = 1; i < f->f_sub_final.bv_len; i++ ) {
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+ bv.bv_val[ s + 2 * i ] = f->f_sub_final.bv_val[ i ];
+ }
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+ s += 2 * i;
+ }
+
+ bv.bv_val[ s - 1 ] = '\0';
+
+ (void)backsql_process_filter_like( bsi, at, casefold, &bv );
+ ch_free( bv.bv_val );
+
+ return 1;
+ }
+
+ /*
+ * When dealing with case-sensitive strings
+ * we may omit normalization; however, normalized
+ * SQL filters are more liberal.
+ */
+
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx, "c", '(' /* ) */ );
+
+ /* TimesTen */
+ Debug( LDAP_DEBUG_TRACE, "backsql_process_sub_filter(%s):\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+ Debug(LDAP_DEBUG_TRACE, " expr: '%s%s%s'\n", at->bam_sel_expr.bv_val,
+ at->bam_sel_expr_u.bv_val ? "' '" : "",
+ at->bam_sel_expr_u.bv_val ? at->bam_sel_expr_u.bv_val : "" );
+ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
+ /*
+ * If a pre-upper-cased version of the column
+ * or a precompiled upper function exists, use it
+ */
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "bl",
+ &at->bam_sel_expr_u,
+ (ber_len_t)STRLENOF( " LIKE '" ),
+ " LIKE '" );
+
+ } else {
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "bl",
+ &at->bam_sel_expr,
+ (ber_len_t)STRLENOF( " LIKE '" ), " LIKE '" );
+ }
+
+ if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
+ ber_len_t start;
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE,
+ "==>backsql_process_sub_filter(%s): "
+ "sub_initial=\"%s\"\n", at->bam_ad->ad_cname.bv_val,
+ f->f_sub_initial.bv_val, 0 );
+#endif /* BACKSQL_TRACE */
+
+ start = bsi->bsi_flt_where.bb_val.bv_len;
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "b",
+ &f->f_sub_initial );
+ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
+ ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
+ }
+ }
+
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "c", '%' );
+
+ if ( f->f_sub_any != NULL ) {
+ for ( i = 0; !BER_BVISNULL( &f->f_sub_any[ i ] ); i++ ) {
+ ber_len_t start;
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE,
+ "==>backsql_process_sub_filter(%s): "
+ "sub_any[%d]=\"%s\"\n", at->bam_ad->ad_cname.bv_val,
+ i, f->f_sub_any[ i ].bv_val );
+#endif /* BACKSQL_TRACE */
+
+ start = bsi->bsi_flt_where.bb_val.bv_len;
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "bc",
+ &f->f_sub_any[ i ],
+ '%' );
+ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
+ /*
+ * Note: toupper('%') = '%'
+ */
+ ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
+ }
+ }
+ }
+
+ if ( !BER_BVISNULL( &f->f_sub_final ) ) {
+ ber_len_t start;
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE,
+ "==>backsql_process_sub_filter(%s): "
+ "sub_final=\"%s\"\n", at->bam_ad->ad_cname.bv_val,
+ f->f_sub_final.bv_val, 0 );
+#endif /* BACKSQL_TRACE */
+
+ start = bsi->bsi_flt_where.bb_val.bv_len;
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "b",
+ &f->f_sub_final );
+ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
+ ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
+ }
+ }
+
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ (ber_len_t)STRLENOF( /* (' */ "')" ), /* (' */ "')" );
+
+ return 1;
+}
+
+static int
+backsql_merge_from_tbls( backsql_srch_info *bsi, struct berval *from_tbls )
+{
+ if ( BER_BVISNULL( from_tbls ) ) {
+ return LDAP_SUCCESS;
+ }
+
+ if ( !BER_BVISNULL( &bsi->bsi_from.bb_val ) ) {
+ char *start, *end;
+ struct berval tmp;
+
+ ber_dupbv_x( &tmp, from_tbls, bsi->bsi_op->o_tmpmemctx );
+
+ for ( start = tmp.bv_val, end = strchr( start, ',' ); start; ) {
+ if ( end ) {
+ end[0] = '\0';
+ }
+
+ if ( strstr( bsi->bsi_from.bb_val.bv_val, start) == NULL )
+ {
+ backsql_strfcat_x( &bsi->bsi_from,
+ bsi->bsi_op->o_tmpmemctx,
+ "cs", ',', start );
+ }
+
+ if ( end ) {
+ /* in case there are spaces after the comma... */
+ for ( start = &end[1]; isspace( start[0] ); start++ );
+ if ( start[0] ) {
+ end = strchr( start, ',' );
+ } else {
+ start = NULL;
+ }
+ } else {
+ start = NULL;
+ }
+ }
+
+ bsi->bsi_op->o_tmpfree( tmp.bv_val, bsi->bsi_op->o_tmpmemctx );
+
+ } else {
+ backsql_strfcat_x( &bsi->bsi_from,
+ bsi->bsi_op->o_tmpmemctx,
+ "b", from_tbls );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+backsql_process_filter( backsql_srch_info *bsi, Filter *f )
+{
+ backsql_at_map_rec **vat = NULL;
+ AttributeDescription *ad = NULL;
+ unsigned i;
+ int done = 0;
+ int rc = 0;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_process_filter()\n", 0, 0, 0 );
+ if ( f->f_choice == SLAPD_FILTER_COMPUTED ) {
+ struct berval flt;
+ char *msg = NULL;
+
+ switch ( f->f_result ) {
+ case LDAP_COMPARE_TRUE:
+ BER_BVSTR( &flt, "10=10" );
+ msg = "TRUE";
+ break;
+
+ case LDAP_COMPARE_FALSE:
+ BER_BVSTR( &flt, "11=0" );
+ msg = "FALSE";
+ break;
+
+ case SLAPD_COMPARE_UNDEFINED:
+ BER_BVSTR( &flt, "12=0" );
+ msg = "UNDEFINED";
+ break;
+
+ default:
+ rc = -1;
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "backsql_process_filter(): "
+ "filter computed (%s)\n", msg, 0, 0 );
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx, "b", &flt );
+ rc = 1;
+ goto done;
+ }
+
+ switch( f->f_choice ) {
+ case LDAP_FILTER_OR:
+ rc = backsql_process_filter_list( bsi, f->f_or,
+ LDAP_FILTER_OR );
+ done = 1;
+ break;
+
+ case LDAP_FILTER_AND:
+ rc = backsql_process_filter_list( bsi, f->f_and,
+ LDAP_FILTER_AND );
+ done = 1;
+ break;
+
+ case LDAP_FILTER_NOT:
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ (ber_len_t)STRLENOF( "NOT (" /* ) */ ),
+ "NOT (" /* ) */ );
+ rc = backsql_process_filter( bsi, f->f_not );
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "c", /* ( */ ')' );
+ done = 1;
+ break;
+
+ case LDAP_FILTER_PRESENT:
+ ad = f->f_desc;
+ break;
+
+ case LDAP_FILTER_EXT:
+ ad = f->f_mra->ma_desc;
+ if ( f->f_mr_dnattrs ) {
+ /*
+ * if dn attrs filtering is requested, better return
+ * success and let test_filter() deal with candidate
+ * selection; otherwise we'd need to set conditions
+ * on the contents of the DN, e.g. "SELECT ... FROM
+ * ldap_entries AS attributeName WHERE attributeName.dn
+ * like '%attributeName=value%'"
+ */
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ (ber_len_t)STRLENOF( "1=1" ), "1=1" );
+ bsi->bsi_status = LDAP_SUCCESS;
+ rc = 1;
+ goto done;
+ }
+ break;
+
+ default:
+ ad = f->f_av_desc;
+ break;
+ }
+
+ if ( rc == -1 ) {
+ goto done;
+ }
+
+ if ( done ) {
+ rc = 1;
+ goto done;
+ }
+
+ /*
+ * Turn structuralObjectClass into objectClass
+ */
+ if ( ad == slap_schema.si_ad_objectClass
+ || ad == slap_schema.si_ad_structuralObjectClass )
+ {
+ /*
+ * If the filter is LDAP_FILTER_PRESENT, then it's done;
+ * otherwise, let's see if we are lucky: filtering
+ * for "structural" objectclass or ancestor...
+ */
+ switch ( f->f_choice ) {
+ case LDAP_FILTER_EQUALITY:
+ {
+ ObjectClass *oc = oc_bvfind( &f->f_av_value );
+
+ if ( oc == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "backsql_process_filter(): "
+ "unknown objectClass \"%s\" "
+ "in filter\n",
+ f->f_av_value.bv_val, 0, 0 );
+ bsi->bsi_status = LDAP_OTHER;
+ rc = -1;
+ goto done;
+ }
+
+ /*
+ * "structural" objectClass inheritance:
+ * - a search for "person" will also return
+ * "inetOrgPerson"
+ * - a search for "top" will return everything
+ */
+ if ( is_object_subclass( oc, bsi->bsi_oc->bom_oc ) ) {
+ static struct berval ldap_entry_objclasses = BER_BVC( "ldap_entry_objclasses" );
+
+ backsql_merge_from_tbls( bsi, &ldap_entry_objclasses );
+
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "lbl",
+ (ber_len_t)STRLENOF( "(2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ')) */ ),
+ "(2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ')) */,
+ &bsi->bsi_oc->bom_oc->soc_cname,
+ (ber_len_t)STRLENOF( /* ((' */ "'))" ),
+ /* ((' */ "'))" );
+ bsi->bsi_status = LDAP_SUCCESS;
+ rc = 1;
+ goto done;
+ }
+
+ break;
+ }
+
+ case LDAP_FILTER_PRESENT:
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ (ber_len_t)STRLENOF( "3=3" ), "3=3" );
+ bsi->bsi_status = LDAP_SUCCESS;
+ rc = 1;
+ goto done;
+
+ /* FIXME: LDAP_FILTER_EXT? */
+
+ default:
+ Debug( LDAP_DEBUG_TRACE,
+ "backsql_process_filter(): "
+ "illegal/unhandled filter "
+ "on objectClass attribute",
+ 0, 0, 0 );
+ bsi->bsi_status = LDAP_OTHER;
+ rc = -1;
+ goto done;
+ }
+
+ } else if ( ad == slap_schema.si_ad_entryUUID ) {
+ unsigned long oc_id;
+#ifdef BACKSQL_ARBITRARY_KEY
+ struct berval keyval;
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ unsigned long keyval;
+ char keyvalbuf[] = "18446744073709551615";
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+ switch ( f->f_choice ) {
+ case LDAP_FILTER_EQUALITY:
+ backsql_entryUUID_decode( &f->f_av_value, &oc_id, &keyval );
+
+ if ( oc_id != bsi->bsi_oc->bom_id ) {
+ bsi->bsi_status = LDAP_SUCCESS;
+ rc = -1;
+ goto done;
+ }
+
+#ifdef BACKSQL_ARBITRARY_KEY
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "bcblbc",
+ &bsi->bsi_oc->bom_keytbl, '.',
+ &bsi->bsi_oc->bom_keycol,
+ STRLENOF( " LIKE '" ), " LIKE '",
+ &keyval, '\'' );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ snprintf( keyvalbuf, sizeof( keyvalbuf ), "%lu", keyval );
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "bcbcs",
+ &bsi->bsi_oc->bom_keytbl, '.',
+ &bsi->bsi_oc->bom_keycol, '=', keyvalbuf );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+ break;
+
+ case LDAP_FILTER_PRESENT:
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ (ber_len_t)STRLENOF( "4=4" ), "4=4" );
+ break;
+
+ default:
+ rc = -1;
+ goto done;
+ }
+
+ bsi->bsi_flags |= BSQL_SF_FILTER_ENTRYUUID;
+ rc = 1;
+ goto done;
+
+#ifdef BACKSQL_SYNCPROV
+ } else if ( ad == slap_schema.si_ad_entryCSN ) {
+ /*
+ * support for syncrepl as producer...
+ */
+#if 0
+ if ( !bsi->bsi_op->o_sync ) {
+ /* unsupported at present... */
+ bsi->bsi_status = LDAP_OTHER;
+ rc = -1;
+ goto done;
+ }
+#endif
+
+ bsi->bsi_flags |= ( BSQL_SF_FILTER_ENTRYCSN | BSQL_SF_RETURN_ENTRYUUID);
+
+ /* if doing a syncrepl, try to return as much as possible,
+ * and always match the filter */
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ (ber_len_t)STRLENOF( "5=5" ), "5=5" );
+
+ /* save for later use in operational attributes */
+ /* FIXME: saves only the first occurrence, because
+ * the filter during updates is written as
+ * "(&(entryCSN<={contextCSN})(entryCSN>={oldContextCSN})({filter}))"
+ * so we want our fake entryCSN to match the greatest
+ * value
+ */
+ if ( bsi->bsi_op->o_private == NULL ) {
+ bsi->bsi_op->o_private = &f->f_av_value;
+ }
+ bsi->bsi_status = LDAP_SUCCESS;
+
+ rc = 1;
+ goto done;
+#endif /* BACKSQL_SYNCPROV */
+
+ } else if ( ad == slap_schema.si_ad_hasSubordinates || ad == NULL ) {
+ /*
+ * FIXME: this is not robust; e.g. a filter
+ * '(!(hasSubordinates=TRUE))' fails because
+ * in SQL it would read 'NOT (1=1)' instead
+ * of no condition.
+ * Note however that hasSubordinates is boolean,
+ * so a more appropriate filter would be
+ * '(hasSubordinates=FALSE)'
+ *
+ * A more robust search for hasSubordinates
+ * would * require joining the ldap_entries table
+ * selecting if there are descendants of the
+ * candidate.
+ */
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ (ber_len_t)STRLENOF( "6=6" ), "6=6" );
+ if ( ad == slap_schema.si_ad_hasSubordinates ) {
+ /*
+ * instruct candidate selection algorithm
+ * and attribute list to try to detect
+ * if an entry has subordinates
+ */
+ bsi->bsi_flags |= BSQL_SF_FILTER_HASSUBORDINATE;
+
+ } else {
+ /*
+ * clear attributes to fetch, to require ALL
+ * and try extended match on all attributes
+ */
+ backsql_attrlist_add( bsi, NULL );
+ }
+ rc = 1;
+ goto done;
+ }
+
+ /*
+ * attribute inheritance:
+ */
+ if ( backsql_supad2at( bsi->bsi_oc, ad, &vat ) ) {
+ bsi->bsi_status = LDAP_OTHER;
+ rc = -1;
+ goto done;
+ }
+
+ if ( vat == NULL ) {
+ /* search anyway; other parts of the filter
+ * may succeeed */
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ (ber_len_t)STRLENOF( "7=7" ), "7=7" );
+ bsi->bsi_status = LDAP_SUCCESS;
+ rc = 1;
+ goto done;
+ }
+
+ /* if required, open extra level of parens */
+ done = 0;
+ if ( vat[0]->bam_next || vat[1] ) {
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "c", '(' );
+ done = 1;
+ }
+
+ i = 0;
+next:;
+ /* apply attr */
+ if ( backsql_process_filter_attr( bsi, f, vat[i] ) == -1 ) {
+ return -1;
+ }
+
+ /* if more definitions of the same attr, apply */
+ if ( vat[i]->bam_next ) {
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ STRLENOF( " OR " ), " OR " );
+ vat[i] = vat[i]->bam_next;
+ goto next;
+ }
+
+ /* if more descendants of the same attr, apply */
+ i++;
+ if ( vat[i] ) {
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ STRLENOF( " OR " ), " OR " );
+ goto next;
+ }
+
+ /* if needed, close extra level of parens */
+ if ( done ) {
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "c", ')' );
+ }
+
+ rc = 1;
+
+done:;
+ if ( vat ) {
+ ch_free( vat );
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_process_filter() %s\n",
+ rc == 1 ? "succeeded" : "failed", 0, 0);
+
+ return rc;
+}
+
+static int
+backsql_process_filter_eq( backsql_srch_info *bsi, backsql_at_map_rec *at,
+ int casefold, struct berval *filter_value )
+{
+ /*
+ * maybe we should check type of at->sel_expr here somehow,
+ * to know whether upper_func is applicable, but for now
+ * upper_func stuff is made for Oracle, where UPPER is
+ * safely applicable to NUMBER etc.
+ */
+ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
+ ber_len_t start;
+
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "cbl",
+ '(', /* ) */
+ &at->bam_sel_expr_u,
+ (ber_len_t)STRLENOF( "='" ),
+ "='" );
+
+ start = bsi->bsi_flt_where.bb_val.bv_len;
+
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "bl",
+ filter_value,
+ (ber_len_t)STRLENOF( /* (' */ "')" ),
+ /* (' */ "')" );
+
+ ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
+
+ } else {
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "cblbl",
+ '(', /* ) */
+ &at->bam_sel_expr,
+ (ber_len_t)STRLENOF( "='" ), "='",
+ filter_value,
+ (ber_len_t)STRLENOF( /* (' */ "')" ),
+ /* (' */ "')" );
+ }
+
+ return 1;
+}
+
+static int
+backsql_process_filter_like( backsql_srch_info *bsi, backsql_at_map_rec *at,
+ int casefold, struct berval *filter_value )
+{
+ /*
+ * maybe we should check type of at->sel_expr here somehow,
+ * to know whether upper_func is applicable, but for now
+ * upper_func stuff is made for Oracle, where UPPER is
+ * safely applicable to NUMBER etc.
+ */
+ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
+ ber_len_t start;
+
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "cbl",
+ '(', /* ) */
+ &at->bam_sel_expr_u,
+ (ber_len_t)STRLENOF( " LIKE '%" ),
+ " LIKE '%" );
+
+ start = bsi->bsi_flt_where.bb_val.bv_len;
+
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "bl",
+ filter_value,
+ (ber_len_t)STRLENOF( /* (' */ "%')" ),
+ /* (' */ "%')" );
+
+ ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
+
+ } else {
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "cblbl",
+ '(', /* ) */
+ &at->bam_sel_expr,
+ (ber_len_t)STRLENOF( " LIKE '%" ),
+ " LIKE '%",
+ filter_value,
+ (ber_len_t)STRLENOF( /* (' */ "%')" ),
+ /* (' */ "%')" );
+ }
+
+ return 1;
+}
+
+static int
+backsql_process_filter_attr( backsql_srch_info *bsi, Filter *f, backsql_at_map_rec *at )
+{
+ backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
+ int casefold = 0;
+ struct berval *filter_value = NULL;
+ MatchingRule *matching_rule = NULL;
+ struct berval ordering = BER_BVC("<=");
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_process_filter_attr(%s)\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+
+ /*
+ * need to add this attribute to list of attrs to load,
+ * so that we can do test_filter() later
+ */
+ backsql_attrlist_add( bsi, at->bam_ad );
+
+ backsql_merge_from_tbls( bsi, &at->bam_from_tbls );
+
+ if ( !BER_BVISNULL( &at->bam_join_where )
+ && strstr( bsi->bsi_join_where.bb_val.bv_val,
+ at->bam_join_where.bv_val ) == NULL )
+ {
+ backsql_strfcat_x( &bsi->bsi_join_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "lb",
+ (ber_len_t)STRLENOF( " AND " ), " AND ",
+ &at->bam_join_where );
+ }
+
+ switch ( f->f_choice ) {
+ case LDAP_FILTER_EQUALITY:
+ filter_value = &f->f_av_value;
+ matching_rule = at->bam_ad->ad_type->sat_equality;
+
+ goto equality_match;
+
+ /* fail over into next case */
+
+ case LDAP_FILTER_EXT:
+ filter_value = &f->f_mra->ma_value;
+ matching_rule = f->f_mr_rule;
+
+equality_match:;
+ /* always uppercase strings by now */
+#ifdef BACKSQL_UPPERCASE_FILTER
+ if ( SLAP_MR_ASSOCIATED( matching_rule,
+ bi->sql_caseIgnoreMatch ) )
+#endif /* BACKSQL_UPPERCASE_FILTER */
+ {
+ casefold = 1;
+ }
+
+ /* FIXME: directoryString filtering should use a similar
+ * approach to deal with non-prettified values like
+ * " A non prettified value ", by using a LIKE
+ * filter with all whitespaces collapsed to a single '%' */
+ if ( SLAP_MR_ASSOCIATED( matching_rule,
+ bi->sql_telephoneNumberMatch ) )
+ {
+ struct berval bv;
+ ber_len_t i;
+
+ /*
+ * to check for matching telephone numbers
+ * with intermized chars, e.g. val='1234'
+ * use
+ *
+ * val LIKE '%1%2%3%4%'
+ */
+
+ bv.bv_len = 2 * filter_value->bv_len - 1;
+ bv.bv_val = ch_malloc( bv.bv_len + 1 );
+
+ bv.bv_val[ 0 ] = filter_value->bv_val[ 0 ];
+ for ( i = 1; i < filter_value->bv_len; i++ ) {
+ bv.bv_val[ 2 * i - 1 ] = '%';
+ bv.bv_val[ 2 * i ] = filter_value->bv_val[ i ];
+ }
+ bv.bv_val[ 2 * i - 1 ] = '\0';
+
+ (void)backsql_process_filter_like( bsi, at, casefold, &bv );
+ ch_free( bv.bv_val );
+
+ break;
+ }
+
+ /* NOTE: this is required by objectClass inheritance
+ * and auxiliary objectClass use in filters for slightly
+ * more efficient candidate selection. */
+ /* FIXME: a bit too many specializations to deal with
+ * very specific cases... */
+ if ( at->bam_ad == slap_schema.si_ad_objectClass
+ || at->bam_ad == slap_schema.si_ad_structuralObjectClass )
+ {
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "lbl",
+ (ber_len_t)STRLENOF( "(ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ') */ ),
+ "(ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ') */,
+ filter_value,
+ (ber_len_t)STRLENOF( /* (' */ "')" ),
+ /* (' */ "')" );
+ break;
+ }
+
+ /*
+ * maybe we should check type of at->sel_expr here somehow,
+ * to know whether upper_func is applicable, but for now
+ * upper_func stuff is made for Oracle, where UPPER is
+ * safely applicable to NUMBER etc.
+ */
+ (void)backsql_process_filter_eq( bsi, at, casefold, filter_value );
+ break;
+
+ case LDAP_FILTER_GE:
+ ordering.bv_val = ">=";
+
+ /* fall thru to next case */
+
+ case LDAP_FILTER_LE:
+ filter_value = &f->f_av_value;
+
+ /* always uppercase strings by now */
+#ifdef BACKSQL_UPPERCASE_FILTER
+ if ( at->bam_ad->ad_type->sat_ordering &&
+ SLAP_MR_ASSOCIATED( at->bam_ad->ad_type->sat_ordering,
+ bi->sql_caseIgnoreMatch ) )
+#endif /* BACKSQL_UPPERCASE_FILTER */
+ {
+ casefold = 1;
+ }
+
+ /*
+ * FIXME: should we uppercase the operands?
+ */
+ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
+ ber_len_t start;
+
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "cbbc",
+ '(', /* ) */
+ &at->bam_sel_expr_u,
+ &ordering,
+ '\'' );
+
+ start = bsi->bsi_flt_where.bb_val.bv_len;
+
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "bl",
+ filter_value,
+ (ber_len_t)STRLENOF( /* (' */ "')" ),
+ /* (' */ "')" );
+
+ ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
+
+ } else {
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "cbbcbl",
+ '(' /* ) */ ,
+ &at->bam_sel_expr,
+ &ordering,
+ '\'',
+ &f->f_av_value,
+ (ber_len_t)STRLENOF( /* (' */ "')" ),
+ /* ( */ "')" );
+ }
+ break;
+
+ case LDAP_FILTER_PRESENT:
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "lbl",
+ (ber_len_t)STRLENOF( "NOT (" /* ) */),
+ "NOT (", /* ) */
+ &at->bam_sel_expr,
+ (ber_len_t)STRLENOF( /* ( */ " IS NULL)" ),
+ /* ( */ " IS NULL)" );
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ backsql_process_sub_filter( bsi, f, at );
+ break;
+
+ case LDAP_FILTER_APPROX:
+ /* we do our best */
+
+ /*
+ * maybe we should check type of at->sel_expr here somehow,
+ * to know whether upper_func is applicable, but for now
+ * upper_func stuff is made for Oracle, where UPPER is
+ * safely applicable to NUMBER etc.
+ */
+ (void)backsql_process_filter_like( bsi, at, 1, &f->f_av_value );
+ break;
+
+ default:
+ /* unhandled filter type; should not happen */
+ assert( 0 );
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ (ber_len_t)STRLENOF( "8=8" ), "8=8" );
+ break;
+
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_process_filter_attr(%s)\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+
+ return 1;
+}
+
+static int
+backsql_srch_query( backsql_srch_info *bsi, struct berval *query )
+{
+ backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
+ int rc;
+
+ assert( query != NULL );
+ BER_BVZERO( query );
+
+ bsi->bsi_use_subtree_shortcut = 0;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_srch_query()\n", 0, 0, 0 );
+ BER_BVZERO( &bsi->bsi_sel.bb_val );
+ BER_BVZERO( &bsi->bsi_sel.bb_val );
+ bsi->bsi_sel.bb_len = 0;
+ BER_BVZERO( &bsi->bsi_from.bb_val );
+ bsi->bsi_from.bb_len = 0;
+ BER_BVZERO( &bsi->bsi_join_where.bb_val );
+ bsi->bsi_join_where.bb_len = 0;
+ BER_BVZERO( &bsi->bsi_flt_where.bb_val );
+ bsi->bsi_flt_where.bb_len = 0;
+
+ backsql_strfcat_x( &bsi->bsi_sel,
+ bsi->bsi_op->o_tmpmemctx,
+ "lbcbc",
+ (ber_len_t)STRLENOF( "SELECT DISTINCT ldap_entries.id," ),
+ "SELECT DISTINCT ldap_entries.id,",
+ &bsi->bsi_oc->bom_keytbl,
+ '.',
+ &bsi->bsi_oc->bom_keycol,
+ ',' );
+
+ if ( !BER_BVISNULL( &bi->sql_strcast_func ) ) {
+ backsql_strfcat_x( &bsi->bsi_sel,
+ bsi->bsi_op->o_tmpmemctx,
+ "blbl",
+ &bi->sql_strcast_func,
+ (ber_len_t)STRLENOF( "('" /* ') */ ),
+ "('" /* ') */ ,
+ &bsi->bsi_oc->bom_oc->soc_cname,
+ (ber_len_t)STRLENOF( /* (' */ "')" ),
+ /* (' */ "')" );
+ } else {
+ backsql_strfcat_x( &bsi->bsi_sel,
+ bsi->bsi_op->o_tmpmemctx,
+ "cbc",
+ '\'',
+ &bsi->bsi_oc->bom_oc->soc_cname,
+ '\'' );
+ }
+
+ backsql_strfcat_x( &bsi->bsi_sel,
+ bsi->bsi_op->o_tmpmemctx,
+ "b",
+ &bi->sql_dn_oc_aliasing );
+ backsql_strfcat_x( &bsi->bsi_from,
+ bsi->bsi_op->o_tmpmemctx,
+ "lb",
+ (ber_len_t)STRLENOF( " FROM ldap_entries," ),
+ " FROM ldap_entries,",
+ &bsi->bsi_oc->bom_keytbl );
+
+ backsql_strfcat_x( &bsi->bsi_join_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "lbcbl",
+ (ber_len_t)STRLENOF( " WHERE " ), " WHERE ",
+ &bsi->bsi_oc->bom_keytbl,
+ '.',
+ &bsi->bsi_oc->bom_keycol,
+ (ber_len_t)STRLENOF( "=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND " ),
+ "=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND " );
+
+ switch ( bsi->bsi_scope ) {
+ case LDAP_SCOPE_BASE:
+ if ( BACKSQL_CANUPPERCASE( bi ) ) {
+ backsql_strfcat_x( &bsi->bsi_join_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "bl",
+ &bi->sql_upper_func,
+ (ber_len_t)STRLENOF( "(ldap_entries.dn)=?" ),
+ "(ldap_entries.dn)=?" );
+ } else {
+ backsql_strfcat_x( &bsi->bsi_join_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ (ber_len_t)STRLENOF( "ldap_entries.dn=?" ),
+ "ldap_entries.dn=?" );
+ }
+ break;
+
+ case BACKSQL_SCOPE_BASE_LIKE:
+ if ( BACKSQL_CANUPPERCASE( bi ) ) {
+ backsql_strfcat_x( &bsi->bsi_join_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "bl",
+ &bi->sql_upper_func,
+ (ber_len_t)STRLENOF( "(ldap_entries.dn) LIKE ?" ),
+ "(ldap_entries.dn) LIKE ?" );
+ } else {
+ backsql_strfcat_x( &bsi->bsi_join_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ (ber_len_t)STRLENOF( "ldap_entries.dn LIKE ?" ),
+ "ldap_entries.dn LIKE ?" );
+ }
+ break;
+
+ case LDAP_SCOPE_ONELEVEL:
+ backsql_strfcat_x( &bsi->bsi_join_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ (ber_len_t)STRLENOF( "ldap_entries.parent=?" ),
+ "ldap_entries.parent=?" );
+ break;
+
+ case LDAP_SCOPE_SUBORDINATE:
+ case LDAP_SCOPE_SUBTREE:
+ if ( BACKSQL_USE_SUBTREE_SHORTCUT( bi ) ) {
+ int i;
+ BackendDB *bd = bsi->bsi_op->o_bd;
+
+ assert( bd->be_nsuffix != NULL );
+
+ for ( i = 0; !BER_BVISNULL( &bd->be_nsuffix[ i ] ); i++ )
+ {
+ if ( dn_match( &bd->be_nsuffix[ i ],
+ bsi->bsi_base_ndn ) )
+ {
+ /* pass this to the candidate selection
+ * routine so that the DN is not bound
+ * to the select statement */
+ bsi->bsi_use_subtree_shortcut = 1;
+ break;
+ }
+ }
+ }
+
+ if ( bsi->bsi_use_subtree_shortcut ) {
+ /* Skip the base DN filter, as every entry will match it */
+ backsql_strfcat_x( &bsi->bsi_join_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ (ber_len_t)STRLENOF( "9=9"), "9=9");
+
+ } else if ( !BER_BVISNULL( &bi->sql_subtree_cond ) ) {
+ backsql_strfcat_x( &bsi->bsi_join_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "b",
+ &bi->sql_subtree_cond );
+
+ } else if ( BACKSQL_CANUPPERCASE( bi ) ) {
+ backsql_strfcat_x( &bsi->bsi_join_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "bl",
+ &bi->sql_upper_func,
+ (ber_len_t)STRLENOF( "(ldap_entries.dn) LIKE ?" ),
+ "(ldap_entries.dn) LIKE ?" );
+
+ } else {
+ backsql_strfcat_x( &bsi->bsi_join_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "l",
+ (ber_len_t)STRLENOF( "ldap_entries.dn LIKE ?" ),
+ "ldap_entries.dn LIKE ?" );
+ }
+
+ break;
+
+ default:
+ assert( 0 );
+ }
+
+ rc = backsql_process_filter( bsi, bsi->bsi_filter );
+ if ( rc > 0 ) {
+ struct berbuf bb = BB_NULL;
+
+ backsql_strfcat_x( &bb,
+ bsi->bsi_op->o_tmpmemctx,
+ "bbblb",
+ &bsi->bsi_sel.bb_val,
+ &bsi->bsi_from.bb_val,
+ &bsi->bsi_join_where.bb_val,
+ (ber_len_t)STRLENOF( " AND " ), " AND ",
+ &bsi->bsi_flt_where.bb_val );
+
+ *query = bb.bb_val;
+
+ } else if ( rc < 0 ) {
+ /*
+ * Indicates that there's no possible way the filter matches
+ * anything. No need to issue the query
+ */
+ free( query->bv_val );
+ BER_BVZERO( query );
+ }
+
+ bsi->bsi_op->o_tmpfree( bsi->bsi_sel.bb_val.bv_val, bsi->bsi_op->o_tmpmemctx );
+ BER_BVZERO( &bsi->bsi_sel.bb_val );
+ bsi->bsi_sel.bb_len = 0;
+ bsi->bsi_op->o_tmpfree( bsi->bsi_from.bb_val.bv_val, bsi->bsi_op->o_tmpmemctx );
+ BER_BVZERO( &bsi->bsi_from.bb_val );
+ bsi->bsi_from.bb_len = 0;
+ bsi->bsi_op->o_tmpfree( bsi->bsi_join_where.bb_val.bv_val, bsi->bsi_op->o_tmpmemctx );
+ BER_BVZERO( &bsi->bsi_join_where.bb_val );
+ bsi->bsi_join_where.bb_len = 0;
+ bsi->bsi_op->o_tmpfree( bsi->bsi_flt_where.bb_val.bv_val, bsi->bsi_op->o_tmpmemctx );
+ BER_BVZERO( &bsi->bsi_flt_where.bb_val );
+ bsi->bsi_flt_where.bb_len = 0;
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_srch_query() returns %s\n",
+ query->bv_val ? query->bv_val : "NULL", 0, 0 );
+
+ return ( rc <= 0 ? 1 : 0 );
+}
+
+static int
+backsql_oc_get_candidates( void *v_oc, void *v_bsi )
+{
+ backsql_oc_map_rec *oc = v_oc;
+ backsql_srch_info *bsi = v_bsi;
+ Operation *op = bsi->bsi_op;
+ backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
+ struct berval query;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
+ RETCODE rc;
+ int res;
+ BACKSQL_ROW_NTS row;
+ int i;
+ int j;
+ int n_candidates = bsi->bsi_n_candidates;
+
+ /*
+ * + 1 because we need room for '%';
+ * + 1 because we need room for ',' for LDAP_SCOPE_SUBORDINATE;
+ * this makes a subtree
+ * search for a DN BACKSQL_MAX_DN_LEN long legal
+ * if it returns that DN only
+ */
+ char tmp_base_ndn[ BACKSQL_MAX_DN_LEN + 1 + 1 ];
+
+ bsi->bsi_status = LDAP_SUCCESS;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_oc_get_candidates(): oc=\"%s\"\n",
+ BACKSQL_OC_NAME( oc ), 0, 0 );
+
+ /* check for abandon */
+ if ( op->o_abandon ) {
+ bsi->bsi_status = SLAPD_ABANDON;
+ return BACKSQL_AVL_STOP;
+ }
+
+ if ( bsi->bsi_n_candidates == -1 ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
+ "unchecked limit has been overcome\n", 0, 0, 0 );
+ /* should never get here */
+ assert( 0 );
+ bsi->bsi_status = LDAP_ADMINLIMIT_EXCEEDED;
+ return BACKSQL_AVL_STOP;
+ }
+
+ bsi->bsi_oc = oc;
+ res = backsql_srch_query( bsi, &query );
+ if ( res ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
+ "error while constructing query for objectclass \"%s\"\n",
+ oc->bom_oc->soc_cname.bv_val, 0, 0 );
+ /*
+ * FIXME: need to separate errors from legally
+ * impossible filters
+ */
+ switch ( bsi->bsi_status ) {
+ case LDAP_SUCCESS:
+ case LDAP_UNDEFINED_TYPE:
+ case LDAP_NO_SUCH_OBJECT:
+ /* we are conservative... */
+ default:
+ bsi->bsi_status = LDAP_SUCCESS;
+ /* try next */
+ return BACKSQL_AVL_CONTINUE;
+
+ case LDAP_ADMINLIMIT_EXCEEDED:
+ case LDAP_OTHER:
+ /* don't try any more */
+ return BACKSQL_AVL_STOP;
+ }
+ }
+
+ if ( BER_BVISNULL( &query ) ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
+ "could not construct query for objectclass \"%s\"\n",
+ oc->bom_oc->soc_cname.bv_val, 0, 0 );
+ bsi->bsi_status = LDAP_SUCCESS;
+ return BACKSQL_AVL_CONTINUE;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "Constructed query: %s\n",
+ query.bv_val, 0, 0 );
+
+ rc = backsql_Prepare( bsi->bsi_dbh, &sth, query.bv_val, 0 );
+ bsi->bsi_op->o_tmpfree( query.bv_val, bsi->bsi_op->o_tmpmemctx );
+ BER_BVZERO( &query );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
+ "error preparing query\n", 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
+ bsi->bsi_status = LDAP_OTHER;
+ return BACKSQL_AVL_CONTINUE;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "id: '%ld'\n", bsi->bsi_oc->bom_id, 0, 0 );
+
+ rc = backsql_BindParamInt( sth, 1, SQL_PARAM_INPUT,
+ &bsi->bsi_oc->bom_id );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
+ "error binding objectclass id parameter\n", 0, 0, 0 );
+ bsi->bsi_status = LDAP_OTHER;
+ return BACKSQL_AVL_CONTINUE;
+ }
+
+ switch ( bsi->bsi_scope ) {
+ case LDAP_SCOPE_BASE:
+ case BACKSQL_SCOPE_BASE_LIKE:
+ /*
+ * We do not accept DNs longer than BACKSQL_MAX_DN_LEN;
+ * however this should be handled earlier
+ */
+ if ( bsi->bsi_base_ndn->bv_len > BACKSQL_MAX_DN_LEN ) {
+ bsi->bsi_status = LDAP_OTHER;
+ return BACKSQL_AVL_CONTINUE;
+ }
+
+ AC_MEMCPY( tmp_base_ndn, bsi->bsi_base_ndn->bv_val,
+ bsi->bsi_base_ndn->bv_len + 1 );
+
+ /* uppercase DN only if the stored DN can be uppercased
+ * for comparison */
+ if ( BACKSQL_CANUPPERCASE( bi ) ) {
+ ldap_pvt_str2upper( tmp_base_ndn );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "(base)dn: \"%s\"\n",
+ tmp_base_ndn, 0, 0 );
+
+ rc = backsql_BindParamStr( sth, 2, SQL_PARAM_INPUT,
+ tmp_base_ndn, BACKSQL_MAX_DN_LEN );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
+ "error binding base_ndn parameter\n", 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh,
+ sth, rc );
+ bsi->bsi_status = LDAP_OTHER;
+ return BACKSQL_AVL_CONTINUE;
+ }
+ break;
+
+ case LDAP_SCOPE_SUBORDINATE:
+ case LDAP_SCOPE_SUBTREE:
+ {
+ /* if short-cutting the search base,
+ * don't bind any parameter */
+ if ( bsi->bsi_use_subtree_shortcut ) {
+ break;
+ }
+
+ /*
+ * We do not accept DNs longer than BACKSQL_MAX_DN_LEN;
+ * however this should be handled earlier
+ */
+ if ( bsi->bsi_base_ndn->bv_len > BACKSQL_MAX_DN_LEN ) {
+ bsi->bsi_status = LDAP_OTHER;
+ return BACKSQL_AVL_CONTINUE;
+ }
+
+ /*
+ * Sets the parameters for the SQL built earlier
+ * NOTE that all the databases could actually use
+ * the TimesTen version, which would be cleaner
+ * and would also eliminate the need for the
+ * subtree_cond line in the configuration file.
+ * For now, I'm leaving it the way it is,
+ * so non-TimesTen databases use the original code.
+ * But at some point this should get cleaned up.
+ *
+ * If "dn" is being used, do a suffix search.
+ * If "dn_ru" is being used, do a prefix search.
+ */
+ if ( BACKSQL_HAS_LDAPINFO_DN_RU( bi ) ) {
+ tmp_base_ndn[ 0 ] = '\0';
+
+ for ( i = 0, j = bsi->bsi_base_ndn->bv_len - 1;
+ j >= 0; i++, j--) {
+ tmp_base_ndn[ i ] = bsi->bsi_base_ndn->bv_val[ j ];
+ }
+
+ if ( bsi->bsi_scope == LDAP_SCOPE_SUBORDINATE ) {
+ tmp_base_ndn[ i++ ] = ',';
+ }
+
+ tmp_base_ndn[ i ] = '%';
+ tmp_base_ndn[ i + 1 ] = '\0';
+
+ } else {
+ i = 0;
+
+ tmp_base_ndn[ i++ ] = '%';
+
+ if ( bsi->bsi_scope == LDAP_SCOPE_SUBORDINATE ) {
+ tmp_base_ndn[ i++ ] = ',';
+ }
+
+ AC_MEMCPY( &tmp_base_ndn[ i ], bsi->bsi_base_ndn->bv_val,
+ bsi->bsi_base_ndn->bv_len + 1 );
+ }
+
+ /* uppercase DN only if the stored DN can be uppercased
+ * for comparison */
+ if ( BACKSQL_CANUPPERCASE( bi ) ) {
+ ldap_pvt_str2upper( tmp_base_ndn );
+ }
+
+ if ( bsi->bsi_scope == LDAP_SCOPE_SUBORDINATE ) {
+ Debug( LDAP_DEBUG_TRACE, "(children)dn: \"%s\"\n",
+ tmp_base_ndn, 0, 0 );
+ } else {
+ Debug( LDAP_DEBUG_TRACE, "(sub)dn: \"%s\"\n",
+ tmp_base_ndn, 0, 0 );
+ }
+
+ rc = backsql_BindParamStr( sth, 2, SQL_PARAM_INPUT,
+ tmp_base_ndn, BACKSQL_MAX_DN_LEN );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
+ "error binding base_ndn parameter (2)\n",
+ 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh,
+ sth, rc );
+ bsi->bsi_status = LDAP_OTHER;
+ return BACKSQL_AVL_CONTINUE;
+ }
+ break;
+ }
+
+ case LDAP_SCOPE_ONELEVEL:
+ assert( !BER_BVISNULL( &bsi->bsi_base_id.eid_ndn ) );
+
+#ifdef BACKSQL_ARBITRARY_KEY
+ Debug( LDAP_DEBUG_TRACE, "(one)id: \"%s\"\n",
+ bsi->bsi_base_id.eid_id.bv_val, 0, 0 );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ Debug( LDAP_DEBUG_TRACE, "(one)id: '%lu'\n",
+ bsi->bsi_base_id.eid_id, 0, 0 );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+ rc = backsql_BindParamID( sth, 2, SQL_PARAM_INPUT,
+ &bsi->bsi_base_id.eid_id );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
+ "error binding base id parameter\n", 0, 0, 0 );
+ bsi->bsi_status = LDAP_OTHER;
+ return BACKSQL_AVL_CONTINUE;
+ }
+ break;
+ }
+
+ rc = SQLExecute( sth );
+ if ( !BACKSQL_SUCCESS( rc ) ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
+ "error executing query\n", 0, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+ bsi->bsi_status = LDAP_OTHER;
+ return BACKSQL_AVL_CONTINUE;
+ }
+
+ backsql_BindRowAsStrings_x( sth, &row, bsi->bsi_op->o_tmpmemctx );
+ rc = SQLFetch( sth );
+ for ( ; BACKSQL_SUCCESS( rc ); rc = SQLFetch( sth ) ) {
+ struct berval dn, pdn, ndn;
+ backsql_entryID *c_id = NULL;
+ int ret;
+
+ ber_str2bv( row.cols[ 3 ], 0, 0, &dn );
+
+ if ( backsql_api_odbc2dn( bsi->bsi_op, bsi->bsi_rs, &dn ) ) {
+ continue;
+ }
+
+ ret = dnPrettyNormal( NULL, &dn, &pdn, &ndn, op->o_tmpmemctx );
+ if ( dn.bv_val != row.cols[ 3 ] ) {
+ free( dn.bv_val );
+ }
+
+ if ( ret != LDAP_SUCCESS ) {
+ continue;
+ }
+
+ if ( bi->sql_baseObject && dn_match( &ndn, &bi->sql_baseObject->e_nname ) ) {
+ goto cleanup;
+ }
+
+ c_id = (backsql_entryID *)op->o_tmpcalloc( 1,
+ sizeof( backsql_entryID ), op->o_tmpmemctx );
+#ifdef BACKSQL_ARBITRARY_KEY
+ ber_str2bv_x( row.cols[ 0 ], 0, 1, &c_id->eid_id,
+ op->o_tmpmemctx );
+ ber_str2bv_x( row.cols[ 1 ], 0, 1, &c_id->eid_keyval,
+ op->o_tmpmemctx );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ if ( lutil_atoulx( &c_id->eid_id, row.cols[ 0 ], 0 ) != 0 ) {
+ goto cleanup;
+ }
+ if ( lutil_atoulx( &c_id->eid_keyval, row.cols[ 1 ], 0 ) != 0 ) {
+ goto cleanup;
+ }
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+ c_id->eid_oc_id = bsi->bsi_oc->bom_id;
+
+ c_id->eid_dn = pdn;
+ c_id->eid_ndn = ndn;
+
+ /* append at end of list ... */
+ c_id->eid_next = NULL;
+ *bsi->bsi_id_listtail = c_id;
+ bsi->bsi_id_listtail = &c_id->eid_next;
+
+#ifdef BACKSQL_ARBITRARY_KEY
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
+ "added entry id=%s, keyval=%s dn=\"%s\"\n",
+ c_id->eid_id.bv_val, c_id->eid_keyval.bv_val,
+ row.cols[ 3 ] );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
+ "added entry id=%ld, keyval=%ld dn=\"%s\"\n",
+ c_id->eid_id, c_id->eid_keyval, row.cols[ 3 ] );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+ /* count candidates, for unchecked limit */
+ bsi->bsi_n_candidates--;
+ if ( bsi->bsi_n_candidates == -1 ) {
+ break;
+ }
+ continue;
+
+cleanup:;
+ if ( !BER_BVISNULL( &pdn ) ) {
+ op->o_tmpfree( pdn.bv_val, op->o_tmpmemctx );
+ }
+ if ( !BER_BVISNULL( &ndn ) ) {
+ op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
+ }
+ if ( c_id != NULL ) {
+ ch_free( c_id );
+ }
+ }
+ backsql_FreeRow_x( &row, bsi->bsi_op->o_tmpmemctx );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_oc_get_candidates(): %d\n",
+ n_candidates - bsi->bsi_n_candidates, 0, 0 );
+
+ return ( bsi->bsi_n_candidates == -1 ? BACKSQL_AVL_STOP : BACKSQL_AVL_CONTINUE );
+}
+
+int
+backsql_search( Operation *op, SlapReply *rs )
+{
+ backsql_info *bi = (backsql_info *)op->o_bd->be_private;
+ SQLHDBC dbh = SQL_NULL_HDBC;
+ int sres;
+ Entry user_entry = { 0 },
+ base_entry = { 0 };
+ int manageDSAit = get_manageDSAit( op );
+ time_t stoptime = 0;
+ backsql_srch_info bsi = { 0 };
+ backsql_entryID *eid = NULL;
+ struct berval nbase = BER_BVNULL;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_search(): "
+ "base=\"%s\", filter=\"%s\", scope=%d,",
+ op->o_req_ndn.bv_val,
+ op->ors_filterstr.bv_val,
+ op->ors_scope );
+ Debug( LDAP_DEBUG_TRACE, " deref=%d, attrsonly=%d, "
+ "attributes to load: %s\n",
+ op->ors_deref,
+ op->ors_attrsonly,
+ op->ors_attrs == NULL ? "all" : "custom list" );
+
+ if ( op->o_req_ndn.bv_len > BACKSQL_MAX_DN_LEN ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
+ "search base length (%ld) exceeds max length (%d)\n",
+ op->o_req_ndn.bv_len, BACKSQL_MAX_DN_LEN, 0 );
+ /*
+ * FIXME: a LDAP_NO_SUCH_OBJECT could be appropriate
+ * since it is impossible that such a long DN exists
+ * in the backend
+ */
+ rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+ send_ldap_result( op, rs );
+ return 1;
+ }
+
+ sres = backsql_get_db_conn( op, &dbh );
+ if ( sres != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
+ "could not get connection handle - exiting\n",
+ 0, 0, 0 );
+ rs->sr_err = sres;
+ rs->sr_text = sres == LDAP_OTHER ? "SQL-backend error" : NULL;
+ send_ldap_result( op, rs );
+ return 1;
+ }
+
+ /* compute it anyway; root does not use it */
+ stoptime = op->o_time + op->ors_tlimit;
+
+ /* init search */
+ bsi.bsi_e = &base_entry;
+ rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn,
+ op->ors_scope,
+ stoptime, op->ors_filter,
+ dbh, op, rs, op->ors_attrs,
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS:
+ break;
+
+ case LDAP_REFERRAL:
+ if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
+ dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ break;
+ }
+
+ /* an entry was created; free it */
+ entry_clean( bsi.bsi_e );
+
+ /* fall thru */
+
+ default:
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !BER_BVISNULL( &base_entry.e_nname )
+ && !access_allowed( op, &base_entry,
+ slap_schema.si_ad_entry, NULL,
+ ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ rs->sr_matched = NULL;
+ rs->sr_text = NULL;
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
+ send_ldap_result( op, rs );
+
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+
+ if ( !BER_BVISNULL( &base_entry.e_nname ) ) {
+ entry_clean( &base_entry );
+ }
+
+ goto done;
+ }
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* NOTE: __NEW__ "search" access is required
+ * on searchBase object */
+ {
+ slap_mask_t mask;
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, &base_entry, get_assertion( op ) )
+ != LDAP_COMPARE_TRUE ) )
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+
+ }
+ if ( ! access_allowed_mask( op, &base_entry,
+ slap_schema.si_ad_entry,
+ NULL, ACL_SEARCH, NULL, &mask ) )
+ {
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ }
+ }
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = NULL;
+ }
+ send_ldap_result( op, rs );
+ goto done;
+ }
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
+ bsi.bsi_e = NULL;
+
+ bsi.bsi_n_candidates =
+ ( op->ors_limit == NULL /* isroot == TRUE */ ? -2 :
+ ( op->ors_limit->lms_s_unchecked == -1 ? -2 :
+ ( op->ors_limit->lms_s_unchecked ) ) );
+
+ switch ( bsi.bsi_scope ) {
+ case LDAP_SCOPE_BASE:
+ case BACKSQL_SCOPE_BASE_LIKE:
+ /*
+ * probably already found...
+ */
+ bsi.bsi_id_list = &bsi.bsi_base_id;
+ bsi.bsi_id_listtail = &bsi.bsi_base_id.eid_next;
+ break;
+
+ case LDAP_SCOPE_SUBTREE:
+ /*
+ * if baseObject is defined, and if it is the root
+ * of the search, add it to the candidate list
+ */
+ if ( bi->sql_baseObject && BACKSQL_IS_BASEOBJECT_ID( &bsi.bsi_base_id.eid_id ) )
+ {
+ bsi.bsi_id_list = &bsi.bsi_base_id;
+ bsi.bsi_id_listtail = &bsi.bsi_base_id.eid_next;
+ }
+
+ /* FALLTHRU */
+ default:
+
+ /*
+ * for each objectclass we try to construct query which gets IDs
+ * of entries matching LDAP query filter and scope (or at least
+ * candidates), and get the IDs
+ */
+ avl_apply( bi->sql_oc_by_oc, backsql_oc_get_candidates,
+ &bsi, BACKSQL_AVL_STOP, AVL_INORDER );
+
+ /* check for abandon */
+ if ( op->o_abandon ) {
+ eid = bsi.bsi_id_list;
+ rs->sr_err = SLAPD_ABANDON;
+ goto send_results;
+ }
+ }
+
+ if ( op->ors_limit != NULL /* isroot == FALSE */
+ && op->ors_limit->lms_s_unchecked != -1
+ && bsi.bsi_n_candidates == -1 )
+ {
+ rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+ send_ldap_result( op, rs );
+ goto done;
+ }
+
+ /*
+ * now we load candidate entries (only those attributes
+ * mentioned in attrs and filter), test it against full filter
+ * and then send to client; don't free entry_id if baseObject...
+ */
+ for ( eid = bsi.bsi_id_list;
+ eid != NULL;
+ eid = backsql_free_entryID( op,
+ eid, eid == &bsi.bsi_base_id ? 0 : 1 ) )
+ {
+ int rc;
+ Attribute *a_hasSubordinate = NULL,
+ *a_entryUUID = NULL,
+ *a_entryCSN = NULL,
+ **ap = NULL;
+ Entry *e = NULL;
+
+ /* check for abandon */
+ if ( op->o_abandon ) {
+ rs->sr_err = SLAPD_ABANDON;
+ goto send_results;
+ }
+
+ /* check time limit */
+ if ( op->ors_tlimit != SLAP_NO_LIMIT
+ && slap_get_time() > stoptime )
+ {
+ rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
+ rs->sr_ctrls = NULL;
+ rs->sr_ref = rs->sr_v2ref;
+ goto send_results;
+ }
+
+#ifdef BACKSQL_ARBITRARY_KEY
+ Debug(LDAP_DEBUG_TRACE, "backsql_search(): loading data "
+ "for entry id=%s, oc_id=%ld, keyval=%s\n",
+ eid->eid_id.bv_val, eid->eid_oc_id,
+ eid->eid_keyval.bv_val );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ Debug(LDAP_DEBUG_TRACE, "backsql_search(): loading data "
+ "for entry id=%ld, oc_id=%ld, keyval=%ld\n",
+ eid->eid_id, eid->eid_oc_id, eid->eid_keyval );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+ /* check scope */
+ switch ( op->ors_scope ) {
+ case LDAP_SCOPE_BASE:
+ case BACKSQL_SCOPE_BASE_LIKE:
+ if ( !dn_match( &eid->eid_ndn, &op->o_req_ndn ) ) {
+ goto next_entry2;
+ }
+ break;
+
+ case LDAP_SCOPE_ONE:
+ {
+ struct berval rdn = eid->eid_ndn;
+
+ rdn.bv_len -= op->o_req_ndn.bv_len + STRLENOF( "," );
+ if ( !dnIsOneLevelRDN( &rdn ) ) {
+ goto next_entry2;
+ }
+ /* fall thru */
+ }
+
+ case LDAP_SCOPE_SUBORDINATE:
+ /* discard the baseObject entry */
+ if ( dn_match( &eid->eid_ndn, &op->o_req_ndn ) ) {
+ goto next_entry2;
+ }
+ /* FALLTHRU */
+ case LDAP_SCOPE_SUBTREE:
+ /* FIXME: this should never fail... */
+ if ( !dnIsSuffix( &eid->eid_ndn, &op->o_req_ndn ) ) {
+ goto next_entry2;
+ }
+ break;
+ }
+
+ if ( BACKSQL_IS_BASEOBJECT_ID( &eid->eid_id ) ) {
+ /* don't recollect baseObject... */
+ e = bi->sql_baseObject;
+
+ } else if ( eid == &bsi.bsi_base_id ) {
+ /* don't recollect searchBase object... */
+ e = &base_entry;
+
+ } else {
+ bsi.bsi_e = &user_entry;
+ rc = backsql_id2entry( &bsi, eid );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
+ "error %d in backsql_id2entry() "
+ "- skipping\n", rc, 0, 0 );
+ continue;
+ }
+ e = &user_entry;
+ }
+
+ if ( !manageDSAit &&
+ op->ors_scope != LDAP_SCOPE_BASE &&
+ op->ors_scope != BACKSQL_SCOPE_BASE_LIKE &&
+ is_entry_referral( e ) )
+ {
+ BerVarray refs;
+
+ refs = get_entry_referrals( op, e );
+ if ( !refs ) {
+ backsql_srch_info bsi2 = { 0 };
+ Entry user_entry2 = { 0 };
+
+ /* retry with the full entry... */
+ bsi2.bsi_e = &user_entry2;
+ rc = backsql_init_search( &bsi2,
+ &e->e_nname,
+ LDAP_SCOPE_BASE,
+ (time_t)(-1), NULL,
+ dbh, op, rs, NULL,
+ BACKSQL_ISF_GET_ENTRY );
+ if ( rc == LDAP_SUCCESS ) {
+ if ( is_entry_referral( &user_entry2 ) )
+ {
+ refs = get_entry_referrals( op,
+ &user_entry2 );
+ } else {
+ rs->sr_err = LDAP_OTHER;
+ }
+ backsql_entry_clean( op, &user_entry2 );
+ }
+ if ( bsi2.bsi_attrs != NULL ) {
+ op->o_tmpfree( bsi2.bsi_attrs,
+ op->o_tmpmemctx );
+ }
+ }
+
+ if ( refs ) {
+ rs->sr_ref = referral_rewrite( refs,
+ &e->e_name,
+ &op->o_req_dn,
+ op->ors_scope );
+ ber_bvarray_free( refs );
+ }
+
+ if ( rs->sr_ref ) {
+ rs->sr_err = LDAP_REFERRAL;
+
+ } else {
+ rs->sr_text = "bad referral object";
+ }
+
+ rs->sr_entry = e;
+ rs->sr_matched = user_entry.e_name.bv_val;
+ send_search_reference( op, rs );
+
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+ rs->sr_entry = NULL;
+
+ goto next_entry;
+ }
+
+ /*
+ * We use this flag since we need to parse the filter
+ * anyway; we should have used the frontend API function
+ * filter_has_subordinates()
+ */
+ if ( bsi.bsi_flags & BSQL_SF_FILTER_HASSUBORDINATE ) {
+ rc = backsql_has_children( op, dbh, &e->e_nname );
+
+ switch ( rc ) {
+ case LDAP_COMPARE_TRUE:
+ case LDAP_COMPARE_FALSE:
+ a_hasSubordinate = slap_operational_hasSubordinate( rc == LDAP_COMPARE_TRUE );
+ if ( a_hasSubordinate != NULL ) {
+ for ( ap = &user_entry.e_attrs;
+ *ap;
+ ap = &(*ap)->a_next );
+
+ *ap = a_hasSubordinate;
+ }
+ rc = 0;
+ break;
+
+ default:
+ Debug(LDAP_DEBUG_TRACE,
+ "backsql_search(): "
+ "has_children failed( %d)\n",
+ rc, 0, 0 );
+ rc = 1;
+ goto next_entry;
+ }
+ }
+
+ if ( bsi.bsi_flags & BSQL_SF_FILTER_ENTRYUUID ) {
+ a_entryUUID = backsql_operational_entryUUID( bi, eid );
+ if ( a_entryUUID != NULL ) {
+ if ( ap == NULL ) {
+ ap = &user_entry.e_attrs;
+ }
+
+ for ( ; *ap; ap = &(*ap)->a_next );
+
+ *ap = a_entryUUID;
+ }
+ }
+
+#ifdef BACKSQL_SYNCPROV
+ if ( bsi.bsi_flags & BSQL_SF_FILTER_ENTRYCSN ) {
+ a_entryCSN = backsql_operational_entryCSN( op );
+ if ( a_entryCSN != NULL ) {
+ if ( ap == NULL ) {
+ ap = &user_entry.e_attrs;
+ }
+
+ for ( ; *ap; ap = &(*ap)->a_next );
+
+ *ap = a_entryCSN;
+ }
+ }
+#endif /* BACKSQL_SYNCPROV */
+
+ if ( test_filter( op, e, op->ors_filter ) == LDAP_COMPARE_TRUE )
+ {
+ rs->sr_attrs = op->ors_attrs;
+ rs->sr_operational_attrs = NULL;
+ rs->sr_entry = e;
+ rs->sr_flags = ( e == &user_entry ) ? REP_ENTRY_MODIFIABLE : 0;
+ /* FIXME: need the whole entry (ITS#3480) */
+ rs->sr_err = send_search_entry( op, rs );
+ rs->sr_entry = NULL;
+ rs->sr_attrs = NULL;
+ rs->sr_operational_attrs = NULL;
+
+ switch ( rs->sr_err ) {
+ case LDAP_UNAVAILABLE:
+ /*
+ * FIXME: send_search_entry failed;
+ * better stop
+ */
+ Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
+ "connection lost\n", 0, 0, 0 );
+ goto end_of_search;
+
+ case LDAP_SIZELIMIT_EXCEEDED:
+ goto send_results;
+ }
+ }
+
+next_entry:;
+ if ( e == &user_entry ) {
+ backsql_entry_clean( op, &user_entry );
+ }
+
+next_entry2:;
+ }
+
+end_of_search:;
+ if ( rs->sr_nentries > 0 ) {
+ rs->sr_ref = rs->sr_v2ref;
+ rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
+ : LDAP_REFERRAL;
+
+ } else {
+ rs->sr_err = bsi.bsi_status;
+ }
+
+send_results:;
+ if ( rs->sr_err != SLAPD_ABANDON ) {
+ send_ldap_result( op, rs );
+ }
+
+ /* cleanup in case of abandon */
+ for ( ; eid != NULL;
+ eid = backsql_free_entryID( op,
+ eid, eid == &bsi.bsi_base_id ? 0 : 1 ) )
+ ;
+
+ backsql_entry_clean( op, &base_entry );
+
+ /* in case we got here accidentally */
+ backsql_entry_clean( op, &user_entry );
+
+ if ( rs->sr_v2ref ) {
+ ber_bvarray_free( rs->sr_v2ref );
+ rs->sr_v2ref = NULL;
+ }
+
+#ifdef BACKSQL_SYNCPROV
+ if ( op->o_sync ) {
+ Operation op2 = *op;
+ SlapReply rs2 = { 0 };
+ Entry e = { 0 };
+ slap_callback cb = { 0 };
+
+ op2.o_tag = LDAP_REQ_ADD;
+ op2.o_bd = select_backend( &op->o_bd->be_nsuffix[0], 0, 0 );
+ op2.ora_e = &e;
+ op2.o_callback = &cb;
+
+ e.e_name = op->o_bd->be_suffix[0];
+ e.e_nname = op->o_bd->be_nsuffix[0];
+
+ cb.sc_response = slap_null_cb;
+
+ op2.o_bd->be_add( &op2, &rs2 );
+ }
+#endif /* BACKSQL_SYNCPROV */
+
+done:;
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+
+ if ( bsi.bsi_attrs != NULL ) {
+ op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx );
+ }
+
+ if ( !BER_BVISNULL( &nbase )
+ && nbase.bv_val != op->o_req_ndn.bv_val )
+ {
+ ch_free( nbase.bv_val );
+ }
+
+ /* restore scope ... FIXME: this should be done before ANY
+ * frontend call that uses op */
+ if ( op->ors_scope == BACKSQL_SCOPE_BASE_LIKE ) {
+ op->ors_scope = LDAP_SCOPE_BASE;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_search()\n", 0, 0, 0 );
+
+ return rs->sr_err;
+}
+
+/* return LDAP_SUCCESS IFF we can retrieve the specified entry.
+ */
+int
+backsql_entry_get(
+ Operation *op,
+ struct berval *ndn,
+ ObjectClass *oc,
+ AttributeDescription *at,
+ int rw,
+ Entry **ent )
+{
+ backsql_srch_info bsi = { 0 };
+ SQLHDBC dbh = SQL_NULL_HDBC;
+ int rc;
+ SlapReply rs = { 0 };
+ AttributeName anlist[ 2 ];
+
+ *ent = NULL;
+
+ rc = backsql_get_db_conn( op, &dbh );
+ if ( !dbh ) {
+ return LDAP_OTHER;
+ }
+
+ if ( at ) {
+ anlist[ 0 ].an_name = at->ad_cname;
+ anlist[ 0 ].an_desc = at;
+ BER_BVZERO( &anlist[ 1 ].an_name );
+ }
+
+ bsi.bsi_e = ch_malloc( sizeof( Entry ) );
+ rc = backsql_init_search( &bsi,
+ ndn,
+ LDAP_SCOPE_BASE,
+ (time_t)(-1), NULL,
+ dbh, op, &rs, at ? anlist : NULL,
+ BACKSQL_ISF_GET_ENTRY );
+
+ if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) {
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+
+#if 0 /* not supported at present */
+ /* find attribute values */
+ if ( is_entry_alias( bsi.bsi_e ) ) {
+ Debug( LDAP_DEBUG_ACL,
+ "<= backsql_entry_get: entry is an alias\n",
+ 0, 0, 0 );
+ rc = LDAP_ALIAS_PROBLEM;
+ goto return_results;
+ }
+#endif
+
+ if ( is_entry_referral( bsi.bsi_e ) ) {
+ Debug( LDAP_DEBUG_ACL,
+ "<= backsql_entry_get: entry is a referral\n",
+ 0, 0, 0 );
+ rc = LDAP_REFERRAL;
+ goto return_results;
+ }
+
+ if ( oc && !is_entry_objectclass( bsi.bsi_e, oc, 0 ) ) {
+ Debug( LDAP_DEBUG_ACL,
+ "<= backsql_entry_get: "
+ "failed to find objectClass\n",
+ 0, 0, 0 );
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ goto return_results;
+ }
+
+ *ent = bsi.bsi_e;
+ }
+
+return_results:;
+ if ( bsi.bsi_attrs != NULL ) {
+ op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx );
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ if ( bsi.bsi_e ) {
+ entry_free( bsi.bsi_e );
+ }
+ }
+
+ return rc;
+}
+
+void
+backsql_entry_clean(
+ Operation *op,
+ Entry *e )
+{
+ void *ctx;
+
+ ctx = ldap_pvt_thread_pool_context();
+
+ if ( ctx == NULL || ctx != op->o_tmpmemctx ) {
+ if ( !BER_BVISNULL( &e->e_name ) ) {
+ op->o_tmpfree( e->e_name.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &e->e_name );
+ }
+
+ if ( !BER_BVISNULL( &e->e_nname ) ) {
+ op->o_tmpfree( e->e_nname.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &e->e_nname );
+ }
+ }
+
+ entry_clean( e );
+}
+
+int
+backsql_entry_release(
+ Operation *op,
+ Entry *e,
+ int rw )
+{
+ backsql_entry_clean( op, e );
+
+ ch_free( e );
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/sql-wrap.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/sql-wrap.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/sql-wrap.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,508 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/sql-wrap.c,v 1.28.2.8 2007/01/02 21:44:07 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * Portions Copyright 2004 Mark Adamson.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati and Mark Adamson.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include "ac/string.h"
+#include <sys/types.h>
+
+#include "slap.h"
+#include "proto-sql.h"
+
+#define MAX_ATTR_LEN 16384
+
+typedef struct backsql_db_conn {
+ unsigned long ldap_cid;
+ SQLHDBC dbh;
+} backsql_db_conn;
+
+void
+backsql_PrintErrors( SQLHENV henv, SQLHDBC hdbc, SQLHSTMT sth, int rc )
+{
+ SQLCHAR msg[SQL_MAX_MESSAGE_LENGTH]; /* msg. buffer */
+ SQLCHAR state[SQL_SQLSTATE_SIZE]; /* statement buf. */
+ SDWORD iSqlCode; /* return code */
+ SWORD len = SQL_MAX_MESSAGE_LENGTH - 1; /* return length */
+
+ Debug( LDAP_DEBUG_TRACE, "Return code: %d\n", rc, 0, 0 );
+
+ for ( ; rc = SQLError( henv, hdbc, sth, state, &iSqlCode, msg,
+ SQL_MAX_MESSAGE_LENGTH - 1, &len ), BACKSQL_SUCCESS( rc ); )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ " nativeErrCode=%d SQLengineState=%s msg=\"%s\"\n",
+ (int)iSqlCode, state, msg );
+ }
+}
+
+RETCODE
+backsql_Prepare( SQLHDBC dbh, SQLHSTMT *sth, char *query, int timeout )
+{
+ RETCODE rc;
+
+ rc = SQLAllocStmt( dbh, sth );
+ if ( rc != SQL_SUCCESS ) {
+ return rc;
+ }
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_Prepare()\n", 0, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+#ifdef BACKSQL_MSSQL_WORKAROUND
+ {
+ char drv_name[ 30 ];
+ SWORD len;
+
+ SQLGetInfo( dbh, SQL_DRIVER_NAME, drv_name, sizeof( drv_name ), &len );
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "backsql_Prepare(): driver name=\"%s\"\n",
+ drv_name, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+ ldap_pvt_str2upper( drv_name );
+ if ( !strncmp( drv_name, "SQLSRV32.DLL", STRLENOF( "SQLSRV32.DLL" ) ) ) {
+ /*
+ * stupid default result set in MS SQL Server
+ * does not support multiple active statements
+ * on the same connection -- so we are trying
+ * to make it not to use default result set...
+ */
+ Debug( LDAP_DEBUG_TRACE, "_SQLprepare(): "
+ "enabling MS SQL Server default result "
+ "set workaround\n", 0, 0, 0 );
+ rc = SQLSetStmtOption( *sth, SQL_CONCURRENCY,
+ SQL_CONCUR_ROWVER );
+ if ( rc != SQL_SUCCESS && rc != SQL_SUCCESS_WITH_INFO ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_Prepare(): "
+ "SQLSetStmtOption(SQL_CONCURRENCY,"
+ "SQL_CONCUR_ROWVER) failed:\n",
+ 0, 0, 0 );
+ backsql_PrintErrors( SQL_NULL_HENV, dbh, *sth, rc );
+ SQLFreeStmt( *sth, SQL_DROP );
+ return rc;
+ }
+ }
+ }
+#endif /* BACKSQL_MSSQL_WORKAROUND */
+
+ if ( timeout > 0 ) {
+ Debug( LDAP_DEBUG_TRACE, "_SQLprepare(): "
+ "setting query timeout to %d sec.\n",
+ timeout, 0, 0 );
+ rc = SQLSetStmtOption( *sth, SQL_QUERY_TIMEOUT, timeout );
+ if ( rc != SQL_SUCCESS ) {
+ backsql_PrintErrors( SQL_NULL_HENV, dbh, *sth, rc );
+ SQLFreeStmt( *sth, SQL_DROP );
+ return rc;
+ }
+ }
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_Prepare() calling SQLPrepare()\n",
+ 0, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+ return SQLPrepare( *sth, (SQLCHAR *)query, SQL_NTS );
+}
+
+RETCODE
+backsql_BindRowAsStrings_x( SQLHSTMT sth, BACKSQL_ROW_NTS *row, void *ctx )
+{
+ RETCODE rc;
+ SQLCHAR colname[ 64 ];
+ SQLSMALLINT name_len, col_type, col_scale, col_null;
+ UDWORD col_prec;
+ int i;
+
+ if ( row == NULL ) {
+ return SQL_ERROR;
+ }
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "==> backsql_BindRowAsStrings()\n", 0, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+ rc = SQLNumResultCols( sth, &row->ncols );
+ if ( rc != SQL_SUCCESS ) {
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "backsql_BindRowAsStrings(): "
+ "SQLNumResultCols() failed:\n", 0, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+ backsql_PrintErrors( SQL_NULL_HENV, SQL_NULL_HDBC, sth, rc );
+
+ } else {
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "backsql_BindRowAsStrings: "
+ "ncols=%d\n", (int)row->ncols, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+ row->col_names = (BerVarray)ber_memcalloc_x( row->ncols + 1,
+ sizeof( struct berval ), ctx );
+ if ( !row->col_names ) goto nomem3;
+ row->cols = (char **)ber_memcalloc_x( row->ncols + 1,
+ sizeof( char * ), ctx );
+ if ( !row->cols ) goto nomem2;
+ row->col_prec = (UDWORD *)ber_memcalloc_x( row->ncols,
+ sizeof( UDWORD ), ctx );
+ if ( !row->col_prec ) goto nomem1;
+ row->value_len = (SQLINTEGER *)ber_memcalloc_x( row->ncols,
+ sizeof( SQLINTEGER ), ctx );
+ if ( !row->value_len ) {
+ ber_memfree_x( row->col_prec, ctx );
+ row->col_prec = NULL;
+nomem1: ber_memfree_x( row->cols, ctx );
+ row->cols = NULL;
+nomem2: ber_memfree_x( row->col_names, ctx );
+ row->col_names = NULL;
+nomem3: Debug( LDAP_DEBUG_ANY, "backsql_BindRowAsStrings: "
+ "out of memory\n", 0, 0, 0 );
+ return LDAP_NO_MEMORY;
+ }
+ for ( i = 1; i <= row->ncols; i++ ) {
+ rc = SQLDescribeCol( sth, (SQLSMALLINT)i, &colname[ 0 ],
+ (SQLUINTEGER)( sizeof( colname ) - 1 ),
+ &name_len, &col_type,
+ &col_prec, &col_scale, &col_null );
+ /* FIXME: test rc? */
+
+ ber_str2bv_x( (char *)colname, 0, 1,
+ &row->col_names[ i - 1 ], ctx );
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "backsql_BindRowAsStrings: "
+ "col_name=%s, col_prec[%d]=%d\n",
+ colname, (int)i, (int)col_prec );
+#endif /* BACKSQL_TRACE */
+ if ( col_type != SQL_CHAR && col_type != SQL_VARCHAR )
+ {
+ col_prec = MAX_ATTR_LEN;
+ }
+
+ row->cols[ i - 1 ] = (char *)ber_memcalloc_x( col_prec + 1,
+ sizeof( char ), ctx );
+ row->col_prec[ i - 1 ] = col_prec;
+ rc = SQLBindCol( sth, (SQLUSMALLINT)i,
+ SQL_C_CHAR,
+ (SQLPOINTER)row->cols[ i - 1 ],
+ col_prec + 1,
+ &row->value_len[ i - 1 ] );
+ /* FIXME: test rc? */
+ }
+
+ BER_BVZERO( &row->col_names[ i - 1 ] );
+ row->cols[ i - 1 ] = NULL;
+ }
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "<== backsql_BindRowAsStrings()\n", 0, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+ return rc;
+}
+
+RETCODE
+backsql_BindRowAsStrings( SQLHSTMT sth, BACKSQL_ROW_NTS *row )
+{
+ return backsql_BindRowAsStrings_x( sth, row, NULL );
+}
+
+RETCODE
+backsql_FreeRow_x( BACKSQL_ROW_NTS *row, void *ctx )
+{
+ if ( row->cols == NULL ) {
+ return SQL_ERROR;
+ }
+
+ ber_bvarray_free_x( row->col_names, ctx );
+ ber_memvfree_x( (void **)row->cols, ctx );
+ ber_memfree_x( row->col_prec, ctx );
+ ber_memfree_x( row->value_len, ctx );
+
+ return SQL_SUCCESS;
+}
+
+
+RETCODE
+backsql_FreeRow( BACKSQL_ROW_NTS *row )
+{
+ return backsql_FreeRow_x( row, NULL );
+}
+
+static int
+backsql_cmp_connid( const void *v_c1, const void *v_c2 )
+{
+ const backsql_db_conn *c1 = v_c1, *c2 = v_c2;
+ if ( c1->ldap_cid > c2->ldap_cid ) {
+ return 1;
+ }
+
+ if ( c1->ldap_cid < c2->ldap_cid ) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static void
+backsql_close_db_conn( void *v_conn )
+{
+ backsql_db_conn *conn = (backsql_db_conn *)v_conn;
+ unsigned long cid = conn->ldap_cid;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_close_db_conn(%lu)\n",
+ cid, 0, 0 );
+
+ /*
+ * Default transact is SQL_ROLLBACK; commit is required only
+ * by write operations, and it is explicitly performed after
+ * each atomic operation succeeds.
+ */
+
+ /* TimesTen */
+ SQLTransact( SQL_NULL_HENV, conn->dbh, SQL_ROLLBACK );
+ SQLDisconnect( conn->dbh );
+ SQLFreeConnect( conn->dbh );
+ ch_free( conn );
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_close_db_conn(%lu)\n",
+ cid, 0, 0 );
+}
+
+int
+backsql_conn_destroy(
+ backsql_info *bi )
+{
+ avl_free( bi->sql_db_conns, backsql_close_db_conn );
+
+ return 0;
+}
+
+int
+backsql_init_db_env( backsql_info *bi )
+{
+ RETCODE rc;
+ int ret = SQL_SUCCESS;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_init_db_env()\n", 0, 0, 0 );
+
+ rc = SQLAllocEnv( &bi->sql_db_env );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "init_db_env: SQLAllocEnv failed:\n",
+ 0, 0, 0 );
+ backsql_PrintErrors( SQL_NULL_HENV, SQL_NULL_HDBC,
+ SQL_NULL_HENV, rc );
+ ret = SQL_ERROR;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_init_db_env()=%d\n", ret, 0, 0 );
+
+ return ret;
+}
+
+int
+backsql_free_db_env( backsql_info *bi )
+{
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_free_db_env()\n", 0, 0, 0 );
+
+ (void)SQLFreeEnv( bi->sql_db_env );
+ bi->sql_db_env = SQL_NULL_HENV;
+
+ /*
+ * stop, if frontend waits for all threads to shutdown
+ * before calling this -- then what are we going to delete??
+ * everything is already deleted...
+ */
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_free_db_env()\n", 0, 0, 0 );
+
+ return SQL_SUCCESS;
+}
+
+static int
+backsql_open_db_conn( backsql_info *bi, unsigned long ldap_cid, backsql_db_conn **pdbc )
+{
+ /* TimesTen */
+ char DBMSName[ 32 ];
+ backsql_db_conn *dbc;
+ int rc;
+
+ assert( pdbc != NULL );
+ *pdbc = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_open_db_conn(%lu)\n",
+ ldap_cid, 0, 0 );
+
+ dbc = (backsql_db_conn *)ch_calloc( 1, sizeof( backsql_db_conn ) );
+ dbc->ldap_cid = ldap_cid;
+ rc = SQLAllocConnect( bi->sql_db_env, &dbc->dbh );
+ if ( !BACKSQL_SUCCESS( rc ) ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
+ "SQLAllocConnect() failed:\n", ldap_cid, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, SQL_NULL_HDBC,
+ SQL_NULL_HENV, rc );
+ return LDAP_UNAVAILABLE;
+ }
+
+ rc = SQLConnect( dbc->dbh,
+ (SQLCHAR*)bi->sql_dbname, SQL_NTS,
+ (SQLCHAR*)bi->sql_dbuser, SQL_NTS,
+ (SQLCHAR*)bi->sql_dbpasswd, SQL_NTS );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
+ "SQLConnect() to database \"%s\" %s.\n",
+ ldap_cid, bi->sql_dbname,
+ rc == SQL_SUCCESS_WITH_INFO ?
+ "succeeded with info" : "failed" );
+ backsql_PrintErrors( bi->sql_db_env, dbc->dbh, SQL_NULL_HENV, rc );
+ if ( rc != SQL_SUCCESS_WITH_INFO ) {
+ return LDAP_UNAVAILABLE;
+ }
+ }
+
+ /*
+ * TimesTen : Turn off autocommit. We must explicitly
+ * commit any transactions.
+ */
+ SQLSetConnectOption( dbc->dbh, SQL_AUTOCOMMIT, SQL_AUTOCOMMIT_OFF );
+
+ /*
+ * See if this connection is to TimesTen. If it is,
+ * remember that fact for later use.
+ */
+ /* Assume until proven otherwise */
+ bi->sql_flags &= ~BSQLF_USE_REVERSE_DN;
+ DBMSName[ 0 ] = '\0';
+ rc = SQLGetInfo( dbc->dbh, SQL_DBMS_NAME, (PTR)&DBMSName,
+ sizeof( DBMSName ), NULL );
+ if ( rc == SQL_SUCCESS ) {
+ if ( strcmp( DBMSName, "TimesTen" ) == 0 ||
+ strcmp( DBMSName, "Front-Tier" ) == 0 ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
+ "TimesTen database!\n", ldap_cid, 0, 0 );
+ bi->sql_flags |= BSQLF_USE_REVERSE_DN;
+ }
+ } else {
+ Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
+ "SQLGetInfo() failed.\n", ldap_cid, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, dbc->dbh, SQL_NULL_HENV, rc );
+ return rc;
+ }
+ /* end TimesTen */
+
+ Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
+ "connected, adding to tree.\n", ldap_cid, 0, 0 );
+ ldap_pvt_thread_mutex_lock( &bi->sql_dbconn_mutex );
+ if ( avl_insert( &bi->sql_db_conns, dbc, backsql_cmp_connid, avl_dup_error ) ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
+ "duplicate connection ID.\n", ldap_cid, 0, 0 );
+ return LDAP_OTHER;
+ }
+ ldap_pvt_thread_mutex_unlock( &bi->sql_dbconn_mutex );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_open_db_conn(%lu)\n", ldap_cid, 0, 0 );
+
+ *pdbc = dbc;
+
+ return LDAP_SUCCESS;
+}
+
+int
+backsql_free_db_conn( Operation *op )
+{
+ backsql_info *bi = (backsql_info *)op->o_bd->be_private;
+ backsql_db_conn tmp = { 0 },
+ *conn;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_free_db_conn()\n", 0, 0, 0 );
+ tmp.ldap_cid = op->o_connid;
+ ldap_pvt_thread_mutex_lock( &bi->sql_dbconn_mutex );
+ conn = avl_delete( &bi->sql_db_conns, &tmp, backsql_cmp_connid );
+ ldap_pvt_thread_mutex_unlock( &bi->sql_dbconn_mutex );
+
+ /*
+ * we have one thread per connection, as I understand -- so we can
+ * get this out of critical section
+ */
+ if ( conn != NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_free_db_conn(): "
+ "closing db connection %lu (%p)\n",
+ op->o_connid, (void *)conn, 0 );
+ backsql_close_db_conn( (void *)conn );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_free_db_conn()\n", 0, 0, 0 );
+
+ return conn ? SQL_SUCCESS : SQL_ERROR;
+}
+
+int
+backsql_get_db_conn( Operation *op, SQLHDBC *dbh )
+{
+ backsql_info *bi = (backsql_info *)op->o_bd->be_private;
+ backsql_db_conn *dbc,
+ tmp = { 0 };
+ int rc = LDAP_SUCCESS;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_get_db_conn()\n", 0, 0, 0 );
+
+ assert( dbh != NULL );
+ *dbh = SQL_NULL_HDBC;
+
+ tmp.ldap_cid = op->o_connid;
+
+ /*
+ * we have one thread per connection, as I understand --
+ * so we do not need locking here
+ */
+ dbc = avl_find( bi->sql_db_conns, &tmp, backsql_cmp_connid );
+ if ( !dbc ) {
+ rc = backsql_open_db_conn( bi, op->o_connid, &dbc );
+ if ( rc != LDAP_SUCCESS) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_db_conn(): "
+ "could not get connection handle "
+ "-- returning NULL\n", 0, 0, 0 );
+ return rc;
+ }
+ }
+
+ ldap_pvt_thread_mutex_lock( &bi->sql_schema_mutex );
+ if ( !BACKSQL_SCHEMA_LOADED( bi ) ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_db_conn(): "
+ "first call -- reading schema map\n", 0, 0, 0 );
+ rc = backsql_load_schema_map( bi, dbc->dbh );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_pvt_thread_mutex_unlock( &bi->sql_schema_mutex );
+ backsql_free_db_conn( op );
+ return rc;
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &bi->sql_schema_mutex );
+
+ *dbh = dbc->dbh;
+
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_get_db_conn()\n", 0, 0, 0 );
+
+ return LDAP_SUCCESS;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/util.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/util.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/back-sql/util.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,572 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/util.c,v 1.31.2.10 2007/01/02 21:44:07 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Dmitry Kovalev for inclusion
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+#include "ac/string.h"
+#include "ac/ctype.h"
+#include "ac/stdarg.h"
+
+#include "slap.h"
+#include "proto-sql.h"
+#include "lutil.h"
+
+#define BACKSQL_MAX(a,b) ((a)>(b)?(a):(b))
+#define BACKSQL_MIN(a,b) ((a)<(b)?(a):(b))
+
+#define BACKSQL_STR_GROW 256
+
+char backsql_def_oc_query[] =
+ "SELECT id,name,keytbl,keycol,create_proc,delete_proc,expect_return "
+ "FROM ldap_oc_mappings";
+char backsql_def_needs_select_oc_query[] =
+ "SELECT id,name,keytbl,keycol,create_proc,create_keyval,delete_proc,"
+ "expect_return FROM ldap_oc_mappings";
+char backsql_def_at_query[] =
+ "SELECT name,sel_expr,from_tbls,join_where,add_proc,delete_proc,"
+ "param_order,expect_return,sel_expr_u FROM ldap_attr_mappings "
+ "WHERE oc_map_id=?";
+char backsql_def_delentry_stmt[] = "DELETE FROM ldap_entries WHERE id=?";
+char backsql_def_renentry_stmt[] =
+ "UPDATE ldap_entries SET dn=?,parent=?,keyval=? WHERE id=?";
+char backsql_def_insentry_stmt[] =
+ "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) "
+ "VALUES (?,?,?,?)";
+char backsql_def_delobjclasses_stmt[] = "DELETE FROM ldap_entry_objclasses "
+ "WHERE entry_id=?";
+char backsql_def_subtree_cond[] = "ldap_entries.dn LIKE CONCAT('%',?)";
+char backsql_def_upper_subtree_cond[] = "(ldap_entries.dn) LIKE CONCAT('%',?)";
+char backsql_id_query[] = "SELECT id,keyval,oc_map_id,dn FROM ldap_entries WHERE ";
+/* better ?||? or cast(?||? as varchar) */
+char backsql_def_concat_func[] = "CONCAT(?,?)";
+
+/* TimesTen */
+char backsql_check_dn_ru_query[] = "SELECT dn_ru FROM ldap_entries";
+
+struct berbuf *
+backsql_strcat_x( struct berbuf *dest, void *memctx, ... )
+{
+ va_list strs;
+ ber_len_t cdlen, cslen, grow;
+ char *cstr;
+
+ assert( dest != NULL );
+ assert( dest->bb_val.bv_val == NULL
+ || dest->bb_val.bv_len == strlen( dest->bb_val.bv_val ) );
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_strcat()\n", 0, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+ va_start( strs, memctx );
+ if ( dest->bb_val.bv_val == NULL || dest->bb_len == 0 ) {
+ dest->bb_val.bv_val = (char *)ber_memalloc_x( BACKSQL_STR_GROW * sizeof( char ), memctx );
+ dest->bb_val.bv_len = 0;
+ dest->bb_len = BACKSQL_STR_GROW;
+ }
+ cdlen = dest->bb_val.bv_len;
+ while ( ( cstr = va_arg( strs, char * ) ) != NULL ) {
+ cslen = strlen( cstr );
+ grow = BACKSQL_MAX( BACKSQL_STR_GROW, cslen );
+ if ( dest->bb_len - cdlen <= cslen ) {
+ char *tmp_dest;
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "backsql_strcat(): "
+ "buflen=%d, cdlen=%d, cslen=%d "
+ "-- reallocating dest\n",
+ dest->bb_len, cdlen + 1, cslen );
+#endif /* BACKSQL_TRACE */
+
+ tmp_dest = (char *)ber_memrealloc_x( dest->bb_val.bv_val,
+ dest->bb_len + grow * sizeof( char ), memctx );
+ if ( tmp_dest == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "backsql_strcat(): "
+ "could not reallocate string buffer.\n",
+ 0, 0, 0 );
+ return NULL;
+ }
+ dest->bb_val.bv_val = tmp_dest;
+ dest->bb_len += grow;
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "backsql_strcat(): "
+ "new buflen=%d, dest=%p\n",
+ dest->bb_len, dest, 0 );
+#endif /* BACKSQL_TRACE */
+ }
+ AC_MEMCPY( dest->bb_val.bv_val + cdlen, cstr, cslen + 1 );
+ cdlen += cslen;
+ }
+ va_end( strs );
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_strcat() (dest=\"%s\")\n",
+ dest->bb_val.bv_val, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+ dest->bb_val.bv_len = cdlen;
+
+ return dest;
+}
+
+struct berbuf *
+backsql_strfcat_x( struct berbuf *dest, void *memctx, const char *fmt, ... )
+{
+ va_list strs;
+ ber_len_t cdlen;
+
+ assert( dest != NULL );
+ assert( fmt != NULL );
+ assert( dest->bb_len == 0 || dest->bb_len > dest->bb_val.bv_len );
+ assert( dest->bb_val.bv_val == NULL
+ || dest->bb_val.bv_len == strlen( dest->bb_val.bv_val ) );
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_strfcat()\n", 0, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+ va_start( strs, fmt );
+ if ( dest->bb_val.bv_val == NULL || dest->bb_len == 0 ) {
+ dest->bb_val.bv_val = (char *)ber_memalloc_x( BACKSQL_STR_GROW * sizeof( char ), memctx );
+ dest->bb_val.bv_len = 0;
+ dest->bb_len = BACKSQL_STR_GROW;
+ }
+
+ cdlen = dest->bb_val.bv_len;
+ for ( ; fmt[0]; fmt++ ) {
+ ber_len_t cslen, grow;
+ char *cstr, cc[ 2 ] = { '\0', '\0' };
+ struct berval *cbv;
+
+ switch ( fmt[ 0 ] ) {
+
+ /* berval */
+ case 'b':
+ cbv = va_arg( strs, struct berval * );
+ cstr = cbv->bv_val;
+ cslen = cbv->bv_len;
+ break;
+
+ /* length + string */
+ case 'l':
+ cslen = va_arg( strs, ber_len_t );
+ cstr = va_arg( strs, char * );
+ break;
+
+ /* string */
+ case 's':
+ cstr = va_arg( strs, char * );
+ cslen = strlen( cstr );
+ break;
+
+ /* char */
+ case 'c':
+ /*
+ * `char' is promoted to `int' when passed through `...'
+ */
+ cc[0] = va_arg( strs, int );
+ cstr = cc;
+ cslen = 1;
+ break;
+
+ default:
+ assert( 0 );
+ }
+
+ grow = BACKSQL_MAX( BACKSQL_STR_GROW, cslen );
+ if ( dest->bb_len - cdlen <= cslen ) {
+ char *tmp_dest;
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "backsql_strfcat(): "
+ "buflen=%d, cdlen=%d, cslen=%d "
+ "-- reallocating dest\n",
+ dest->bb_len, cdlen + 1, cslen );
+#endif /* BACKSQL_TRACE */
+
+ tmp_dest = (char *)ber_memrealloc_x( dest->bb_val.bv_val,
+ ( dest->bb_len ) + grow * sizeof( char ), memctx );
+ if ( tmp_dest == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "backsql_strfcat(): "
+ "could not reallocate string buffer.\n",
+ 0, 0, 0 );
+ return NULL;
+ }
+ dest->bb_val.bv_val = tmp_dest;
+ dest->bb_len += grow * sizeof( char );
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "backsql_strfcat(): "
+ "new buflen=%d, dest=%p\n", dest->bb_len, dest, 0 );
+#endif /* BACKSQL_TRACE */
+ }
+
+ assert( cstr != NULL );
+
+ AC_MEMCPY( dest->bb_val.bv_val + cdlen, cstr, cslen + 1 );
+ cdlen += cslen;
+ }
+
+ va_end( strs );
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_strfcat() (dest=\"%s\")\n",
+ dest->bb_val.bv_val, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+ dest->bb_val.bv_len = cdlen;
+
+ return dest;
+}
+
+int
+backsql_entry_addattr(
+ Entry *e,
+ AttributeDescription *ad,
+ struct berval *val,
+ void *memctx )
+{
+ int rc;
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "backsql_entry_addattr(\"%s\"): %s=%s\n",
+ e->e_name.bv_val, ad->ad_cname.bv_val, val->bv_val );
+#endif /* BACKSQL_TRACE */
+
+ rc = attr_merge_normalize_one( e, ad, val, memctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_entry_addattr(\"%s\"): "
+ "failed to merge value \"%s\" for attribute \"%s\"\n",
+ e->e_name.bv_val, val->bv_val, ad->ad_cname.bv_val );
+ return rc;
+ }
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_entry_addattr(\"%s\")\n",
+ e->e_name.bv_val, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+ return LDAP_SUCCESS;
+}
+
+static char *
+backsql_get_table_spec( backsql_info *bi, char **p )
+{
+ char *s, *q;
+ struct berbuf res = BB_NULL;
+
+ assert( p != NULL );
+ assert( *p != NULL );
+
+ s = *p;
+ while ( **p && **p != ',' ) {
+ (*p)++;
+ }
+
+ if ( **p ) {
+ *(*p)++ = '\0';
+ }
+
+#define BACKSQL_NEXT_WORD { \
+ while ( *s && isspace( (unsigned char)*s ) ) s++; \
+ if ( !*s ) return res.bb_val.bv_val; \
+ q = s; \
+ while ( *q && !isspace( (unsigned char)*q ) ) q++; \
+ if ( *q ) *q++='\0'; \
+ }
+
+ BACKSQL_NEXT_WORD;
+ /* table name */
+ backsql_strcat_x( &res, NULL, s, NULL );
+ s = q;
+
+ BACKSQL_NEXT_WORD;
+ if ( strcasecmp( s, "AS" ) == 0 ) {
+ s = q;
+ BACKSQL_NEXT_WORD;
+ }
+
+ /* oracle doesn't understand "AS" :( and other RDBMSes don't need it */
+ backsql_strfcat_x( &res, NULL, "lbbsb",
+ STRLENOF( " " ), " ",
+ &bi->sql_aliasing,
+ &bi->sql_aliasing_quote,
+ s,
+ &bi->sql_aliasing_quote );
+
+ return res.bb_val.bv_val;
+}
+
+int
+backsql_merge_from_clause(
+ backsql_info *bi,
+ struct berbuf *dest_from,
+ struct berval *src_from )
+{
+ char *s, *p, *srcc, *pos, e;
+ struct berbuf res = BB_NULL;
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_merge_from_clause(): "
+ "dest_from=\"%s\",src_from=\"%s\"\n",
+ dest_from ? dest_from->bb_val.bv_val : "<NULL>",
+ src_from->bv_val, 0 );
+#endif /* BACKSQL_TRACE */
+
+ srcc = ch_strdup( src_from->bv_val );
+ p = srcc;
+
+ if ( dest_from != NULL ) {
+ res = *dest_from;
+ }
+
+ while ( *p ) {
+ s = backsql_get_table_spec( bi, &p );
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "backsql_merge_from_clause(): "
+ "p=\"%s\" s=\"%s\"\n", p, s, 0 );
+#endif /* BACKSQL_TRACE */
+
+ if ( BER_BVISNULL( &res.bb_val ) ) {
+ backsql_strcat_x( &res, NULL, s, NULL );
+
+ } else {
+ pos = strstr( res.bb_val.bv_val, s );
+ if ( pos == NULL || ( ( e = pos[ strlen( s ) ] ) != '\0' && e != ',' ) ) {
+ backsql_strfcat_x( &res, NULL, "cs", ',', s );
+ }
+ }
+
+ if ( s ) {
+ ch_free( s );
+ }
+ }
+
+#ifdef BACKSQL_TRACE
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_merge_from_clause()\n", 0, 0, 0 );
+#endif /* BACKSQL_TRACE */
+
+ free( srcc );
+ *dest_from = res;
+
+ return 1;
+}
+
+/*
+ * splits a pattern in components separated by '?'
+ * (double ?? are turned into single ? and left in the string)
+ * expected contains the number of expected occurrences of '?'
+ * (a negative value means parse as many as possible)
+ */
+
+int
+backsql_split_pattern(
+ const char *_pattern,
+ BerVarray *split_pattern,
+ int expected )
+{
+ char *pattern, *start, *end;
+ struct berval bv;
+ int rc = 0;
+
+#define SPLIT_CHAR '?'
+
+ assert( _pattern != NULL );
+ assert( split_pattern != NULL );
+
+ pattern = ch_strdup( _pattern );
+
+ start = pattern;
+ end = strchr( start, SPLIT_CHAR );
+ for ( ; start; expected-- ) {
+ char *real_end = end;
+ ber_len_t real_len;
+
+ if ( real_end == NULL ) {
+ real_end = start + strlen( start );
+
+ } else if ( real_end[ 1 ] == SPLIT_CHAR ) {
+ expected++;
+ AC_MEMCPY( real_end, real_end + 1, strlen( real_end ) );
+ end = strchr( real_end + 1, SPLIT_CHAR );
+ continue;
+ }
+
+ real_len = real_end - start;
+ if ( real_len == 0 ) {
+ ber_str2bv( "", 0, 1, &bv );
+ } else {
+ ber_str2bv( start, real_len, 1, &bv );
+ }
+
+ ber_bvarray_add( split_pattern, &bv );
+
+ if ( expected == 0 ) {
+ if ( end != NULL ) {
+ rc = -1;
+ goto done;
+ }
+ break;
+ }
+
+ if ( end != NULL ) {
+ start = end + 1;
+ end = strchr( start, SPLIT_CHAR );
+ }
+ }
+
+done:;
+
+ ch_free( pattern );
+
+ return rc;
+}
+
+int
+backsql_prepare_pattern(
+ BerVarray split_pattern,
+ BerVarray values,
+ struct berval *res )
+{
+ int i;
+ struct berbuf bb = BB_NULL;
+
+ assert( res != NULL );
+
+ for ( i = 0; values[i].bv_val; i++ ) {
+ if ( split_pattern[i].bv_val == NULL ) {
+ ch_free( bb.bb_val.bv_val );
+ return -1;
+ }
+ backsql_strfcat_x( &bb, NULL, "b", &split_pattern[ i ] );
+ backsql_strfcat_x( &bb, NULL, "b", &values[ i ] );
+ }
+
+ if ( split_pattern[ i ].bv_val == NULL ) {
+ ch_free( bb.bb_val.bv_val );
+ return -1;
+ }
+
+ backsql_strfcat_x( &bb, NULL, "b", &split_pattern[ i ] );
+
+ *res = bb.bb_val;
+
+ return 0;
+}
+
+int
+backsql_entryUUID(
+ backsql_info *bi,
+ backsql_entryID *id,
+ struct berval *entryUUID,
+ void *memctx )
+{
+ char uuidbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
+ struct berval uuid;
+#ifdef BACKSQL_ARBITRARY_KEY
+ int i;
+ ber_len_t l, lmax;
+#endif /* BACKSQL_ARBITRARY_KEY */
+
+ /* entryUUID is generated as "%08x-%04x-%04x-0000-eaddrXXX"
+ * with eid_oc_id as %08x and hi and lo eid_id as %04x-%04x */
+ assert( bi != NULL );
+ assert( id != NULL );
+ assert( entryUUID != NULL );
+
+#ifdef BACKSQL_ARBITRARY_KEY
+ snprintf( uuidbuf, sizeof( uuidbuf ),
+ "%08x-0000-0000-0000-000000000000",
+ ( id->eid_oc_id & 0xFFFFFFFF ) );
+ lmax = id->eid_keyval.bv_len < 12 ? id->eid_keyval.bv_len : 12;
+ for ( l = 0, i = 9; l < lmax; l++, i += 2 ) {
+ switch ( i ) {
+ case STRLENOF( "00000000-0000" ):
+ case STRLENOF( "00000000-0000-0000" ):
+ case STRLENOF( "00000000-0000-0000-0000" ):
+ uuidbuf[ i++ ] = '-';
+ /* FALLTHRU */
+
+ default:
+ snprintf( &uuidbuf[ i ], 3, "%2x", id->eid_keyval.bv_val[ l ] );
+ break;
+ }
+ }
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ /* note: works only with 32 bit architectures... */
+ snprintf( uuidbuf, sizeof( uuidbuf ),
+ "%08x-%04x-%04x-0000-000000000000",
+ ( (unsigned)id->eid_oc_id & 0xFFFFFFFF ),
+ ( ( (unsigned)id->eid_keyval & 0xFFFF0000 ) >> 020 /* 16 */ ),
+ ( (unsigned)id->eid_keyval & 0xFFFF ) );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+ uuid.bv_val = uuidbuf;
+ uuid.bv_len = strlen( uuidbuf );
+
+ ber_dupbv_x( entryUUID, &uuid, memctx );
+
+ return 0;
+}
+
+int
+backsql_entryUUID_decode(
+ struct berval *entryUUID,
+ unsigned long *oc_id,
+#ifdef BACKSQL_ARBITRARY_KEY
+ struct berval *keyval
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ unsigned long *keyval
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+ )
+{
+#if 0
+ fprintf( stderr, "==> backsql_entryUUID_decode()\n" );
+#endif
+
+ *oc_id = ( entryUUID->bv_val[0] << 030 /* 24 */ )
+ + ( entryUUID->bv_val[1] << 020 /* 16 */ )
+ + ( entryUUID->bv_val[2] << 010 /* 8 */ )
+ + entryUUID->bv_val[3];
+
+#ifdef BACKSQL_ARBITRARY_KEY
+ /* FIXME */
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ *keyval = ( entryUUID->bv_val[4] << 030 /* 24 */ )
+ + ( entryUUID->bv_val[5] << 020 /* 16 */ )
+ + ( entryUUID->bv_val[6] << 010 /* 8 */ )
+ + entryUUID->bv_val[7];
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+#if 0
+ fprintf( stderr, "<== backsql_entryUUID_decode(): oc=%lu id=%lu\n",
+ *oc_id, *keyval );
+#endif
+
+ return LDAP_SUCCESS;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/backend.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/backend.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/backend.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1731 @@
+/* backend.c - routines for dealing with back-end databases */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backend.c,v 1.288.2.25 2007/01/02 21:43:54 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <sys/stat.h>
+
+#include "slap.h"
+#include "lutil.h"
+#include "lber_pvt.h"
+
+/*
+ * If a module is configured as dynamic, its header should not
+ * get included into slapd. While this is a general rule and does
+ * not have much of an effect in UNIX, this rule should be adhered
+ * to for Windows, where dynamic object code should not be implicitly
+ * imported into slapd without appropriate __declspec(dllimport) directives.
+ */
+
+int nBackendInfo = 0;
+slap_bi_head backendInfo = LDAP_STAILQ_HEAD_INITIALIZER(backendInfo);
+
+int nBackendDB = 0;
+slap_be_head backendDB = LDAP_STAILQ_HEAD_INITIALIZER(backendDB);
+
+static int
+backend_init_controls( BackendInfo *bi )
+{
+ if ( bi->bi_controls ) {
+ int i;
+
+ for ( i = 0; bi->bi_controls[ i ]; i++ ) {
+ int cid;
+
+ if ( slap_find_control_id( bi->bi_controls[ i ], &cid )
+ == LDAP_CONTROL_NOT_FOUND )
+ {
+ if ( !( slapMode & SLAP_TOOL_MODE ) ) {
+ assert( 0 );
+ }
+
+ return -1;
+ }
+
+ bi->bi_ctrls[ cid ] = 1;
+ }
+ }
+
+ return 0;
+}
+
+int backend_init(void)
+{
+ int rc = -1;
+ BackendInfo *bi;
+
+ if((nBackendInfo != 0) || !LDAP_STAILQ_EMPTY(&backendInfo)) {
+ /* already initialized */
+ Debug( LDAP_DEBUG_ANY,
+ "backend_init: already initialized\n", 0, 0, 0 );
+ return -1;
+ }
+
+ for( bi=slap_binfo; bi->bi_type != NULL; bi++,nBackendInfo++ ) {
+ assert( bi->bi_init != 0 );
+
+ rc = bi->bi_init( bi );
+
+ if(rc != 0) {
+ Debug( LDAP_DEBUG_ANY,
+ "backend_init: initialized for type \"%s\"\n",
+ bi->bi_type, 0, 0 );
+ /* destroy those we've already inited */
+ for( nBackendInfo--;
+ nBackendInfo >= 0 ;
+ nBackendInfo-- )
+ {
+ if ( slap_binfo[nBackendInfo].bi_destroy ) {
+ slap_binfo[nBackendInfo].bi_destroy(
+ &slap_binfo[nBackendInfo] );
+ }
+ }
+ return rc;
+ }
+
+ LDAP_STAILQ_INSERT_TAIL(&backendInfo, bi, bi_next);
+ }
+
+ if ( nBackendInfo > 0) {
+ return 0;
+ }
+
+#ifdef SLAPD_MODULES
+ return 0;
+#else
+
+ Debug( LDAP_DEBUG_ANY,
+ "backend_init: failed\n",
+ 0, 0, 0 );
+
+ return rc;
+#endif /* SLAPD_MODULES */
+}
+
+int backend_add(BackendInfo *aBackendInfo)
+{
+ int rc = 0;
+
+ if ( aBackendInfo->bi_init == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "backend_add: "
+ "backend type \"%s\" does not have the (mandatory)init function\n",
+ aBackendInfo->bi_type, 0, 0 );
+ return -1;
+ }
+
+ rc = aBackendInfo->bi_init(aBackendInfo);
+ if ( rc != 0) {
+ Debug( LDAP_DEBUG_ANY,
+ "backend_add: initialization for type \"%s\" failed\n",
+ aBackendInfo->bi_type, 0, 0 );
+ return rc;
+ }
+
+ (void)backend_init_controls( aBackendInfo );
+
+ /* now add the backend type to the Backend Info List */
+ LDAP_STAILQ_INSERT_TAIL( &backendInfo, aBackendInfo, bi_next );
+ nBackendInfo++;
+ return 0;
+}
+
+static int
+backend_set_controls( BackendDB *be )
+{
+ BackendInfo *bi = be->bd_info;
+
+ /* back-relay takes care of itself; so may do other */
+ if ( overlay_is_over( be ) ) {
+ bi = ((slap_overinfo *)be->bd_info->bi_private)->oi_orig;
+ }
+
+ if ( bi->bi_controls ) {
+ if ( be->be_ctrls[ SLAP_MAX_CIDS ] == 0 ) {
+ AC_MEMCPY( be->be_ctrls, bi->bi_ctrls,
+ sizeof( be->be_ctrls ) );
+ be->be_ctrls[ SLAP_MAX_CIDS ] = 1;
+
+ } else {
+ int i;
+
+ for ( i = 0; i < SLAP_MAX_CIDS; i++ ) {
+ if ( bi->bi_ctrls[ i ] ) {
+ be->be_ctrls[ i ] = bi->bi_ctrls[ i ];
+ }
+ }
+ }
+
+ }
+
+ return 0;
+}
+
+/* startup a specific backend database */
+int backend_startup_one(Backend *be)
+{
+ int rc = 0;
+
+ assert( be != NULL );
+
+ be->be_pending_csn_list = (struct be_pcl *)
+ ch_calloc( 1, sizeof( struct be_pcl ) );
+
+ LDAP_TAILQ_INIT( be->be_pending_csn_list );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "backend_startup_one: starting \"%s\"\n",
+ be->be_suffix ? be->be_suffix[0].bv_val : "(unknown)",
+ 0, 0 );
+
+ /* set database controls */
+ (void)backend_set_controls( be );
+
+ if ( be->bd_info->bi_db_open ) {
+ rc = be->bd_info->bi_db_open( be );
+ if ( rc == 0 ) {
+ (void)backend_set_controls( be );
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "backend_startup_one: bi_db_open failed! (%d)\n",
+ rc, 0, 0 );
+ }
+ }
+
+ return rc;
+}
+
+int backend_startup(Backend *be)
+{
+ int i;
+ int rc = 0;
+ BackendInfo *bi;
+
+ if( ! ( nBackendDB > 0 ) ) {
+ /* no databases */
+ Debug( LDAP_DEBUG_ANY,
+ "backend_startup: %d databases to startup.\n",
+ nBackendDB, 0, 0 );
+ return 1;
+ }
+
+ if(be != NULL) {
+ if ( be->bd_info->bi_open ) {
+ rc = be->bd_info->bi_open( be->bd_info );
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "backend_startup: bi_open failed!\n",
+ 0, 0, 0 );
+
+ return rc;
+ }
+ }
+ /* append global access controls */
+ acl_append( &be->be_acl, frontendDB->be_acl, -1 );
+ return backend_startup_one( be );
+ }
+
+ /* open frontend, if required */
+ if ( frontendDB->bd_info->bi_db_open ) {
+ rc = frontendDB->bd_info->bi_db_open( frontendDB );
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "backend_startup: bi_db_open(frontend) failed! (%d)\n",
+ rc, 0, 0 );
+ return rc;
+ }
+ }
+
+ /* open each backend type */
+ i = -1;
+ LDAP_STAILQ_FOREACH(bi, &backendInfo, bi_next) {
+ i++;
+ if( bi->bi_nDB == 0) {
+ /* no database of this type, don't open */
+ continue;
+ }
+
+ if( bi->bi_open ) {
+ rc = bi->bi_open( bi );
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "backend_startup: bi_open %d (%s) failed!\n",
+ i, bi->bi_type, 0 );
+ return rc;
+ }
+ }
+
+ (void)backend_init_controls( bi );
+ }
+
+ /* open each backend database */
+ i = -1;
+ LDAP_STAILQ_FOREACH(be, &backendDB, be_next) {
+ i++;
+ if ( be->be_suffix == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "backend_startup: warning, database %d (%s) "
+ "has no suffix\n",
+ i, be->bd_info->bi_type, 0 );
+ }
+ /* append global access controls */
+ acl_append( &be->be_acl, frontendDB->be_acl, -1 );
+
+ rc = backend_startup_one( be );
+
+ if ( rc ) return rc;
+ }
+
+ return rc;
+}
+
+int backend_num( Backend *be )
+{
+ int i = 0;
+ BackendDB *b2;
+
+ if( be == NULL ) return -1;
+
+ LDAP_STAILQ_FOREACH( b2, &backendDB, be_next ) {
+ if( be == b2 ) return i;
+ i++;
+ }
+ return -1;
+}
+
+int backend_shutdown( Backend *be )
+{
+ int rc = 0;
+ BackendInfo *bi;
+
+ if( be != NULL ) {
+ /* shutdown a specific backend database */
+
+ if ( be->bd_info->bi_nDB == 0 ) {
+ /* no database of this type, we never opened it */
+ return 0;
+ }
+
+ if ( be->bd_info->bi_db_close ) {
+ be->bd_info->bi_db_close( be );
+ }
+
+ if( be->bd_info->bi_close ) {
+ be->bd_info->bi_close( be->bd_info );
+ }
+
+ return 0;
+ }
+
+ /* close each backend database */
+ LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
+ if ( be->bd_info->bi_db_close ) {
+ be->bd_info->bi_db_close( be );
+ }
+
+ if(rc != 0) {
+ Debug( LDAP_DEBUG_ANY,
+ "backend_close: bi_db_close %s failed!\n",
+ be->be_type, 0, 0 );
+ }
+ }
+
+ /* close each backend type */
+ LDAP_STAILQ_FOREACH( bi, &backendInfo, bi_next ) {
+ if( bi->bi_nDB == 0 ) {
+ /* no database of this type */
+ continue;
+ }
+
+ if( bi->bi_close ) {
+ bi->bi_close( bi );
+ }
+ }
+
+ /* close frontend, if required */
+ if ( frontendDB->bd_info->bi_db_close ) {
+ rc = frontendDB->bd_info->bi_db_close ( frontendDB );
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "backend_startup: bi_db_close(frontend) failed! (%d)\n",
+ rc, 0, 0 );
+ }
+ }
+
+ return 0;
+}
+
+void backend_destroy_one( BackendDB *bd, int dynamic )
+{
+ if ( dynamic ) {
+ LDAP_STAILQ_REMOVE(&backendDB, bd, slap_backend_db, be_next );
+ }
+
+ if ( bd->be_syncinfo ) {
+ syncinfo_free( bd->be_syncinfo );
+ }
+
+ if ( bd->be_pending_csn_list ) {
+ struct slap_csn_entry *csne;
+ csne = LDAP_TAILQ_FIRST( bd->be_pending_csn_list );
+ while ( csne ) {
+ struct slap_csn_entry *tmp_csne = csne;
+
+ LDAP_TAILQ_REMOVE( bd->be_pending_csn_list, csne, ce_csn_link );
+ ch_free( csne->ce_csn.bv_val );
+ csne = LDAP_TAILQ_NEXT( csne, ce_csn_link );
+ ch_free( tmp_csne );
+ }
+ ch_free( bd->be_pending_csn_list );
+ }
+
+ if ( bd->bd_info->bi_db_destroy ) {
+ bd->bd_info->bi_db_destroy( bd );
+ }
+ ber_bvarray_free( bd->be_suffix );
+ ber_bvarray_free( bd->be_nsuffix );
+ if ( !BER_BVISNULL( &bd->be_rootdn ) ) {
+ free( bd->be_rootdn.bv_val );
+ }
+ if ( !BER_BVISNULL( &bd->be_rootndn ) ) {
+ free( bd->be_rootndn.bv_val );
+ }
+ if ( !BER_BVISNULL( &bd->be_rootpw ) ) {
+ free( bd->be_rootpw.bv_val );
+ }
+ acl_destroy( bd->be_acl, frontendDB->be_acl );
+ limits_destroy( bd->be_limits );
+ if ( bd->be_replogfile ) {
+ ch_free( bd->be_replogfile );
+ }
+ destroy_replica_info( bd );
+ if ( !BER_BVISNULL( &bd->be_update_ndn ) ) {
+ ch_free( bd->be_update_ndn.bv_val );
+ }
+ if ( bd->be_update_refs ) {
+ ber_bvarray_free( bd->be_update_refs );
+ }
+
+ if ( dynamic ) {
+ free( bd );
+ }
+}
+
+int backend_destroy(void)
+{
+ BackendDB *bd;
+ BackendInfo *bi;
+
+ /* destroy each backend database */
+ while (( bd = LDAP_STAILQ_FIRST(&backendDB))) {
+ backend_destroy_one( bd, 1 );
+ }
+
+ /* destroy each backend type */
+ LDAP_STAILQ_FOREACH( bi, &backendInfo, bi_next ) {
+ if( bi->bi_destroy ) {
+ bi->bi_destroy( bi );
+ }
+ }
+
+ nBackendInfo = 0;
+ LDAP_STAILQ_INIT(&backendInfo);
+
+ /* destroy frontend database */
+ bd = frontendDB;
+ if ( bd ) {
+ if ( bd->bd_info->bi_db_destroy ) {
+ bd->bd_info->bi_db_destroy( bd );
+ }
+ ber_bvarray_free( bd->be_suffix );
+ ber_bvarray_free( bd->be_nsuffix );
+ if ( !BER_BVISNULL( &bd->be_rootdn ) ) {
+ free( bd->be_rootdn.bv_val );
+ }
+ if ( !BER_BVISNULL( &bd->be_rootndn ) ) {
+ free( bd->be_rootndn.bv_val );
+ }
+ if ( !BER_BVISNULL( &bd->be_rootpw ) ) {
+ free( bd->be_rootpw.bv_val );
+ }
+ acl_destroy( bd->be_acl, frontendDB->be_acl );
+
+ if ( bd->be_replogfile != NULL ) {
+ free( bd->be_replogfile );
+ }
+ assert( bd->be_replica == NULL );
+ }
+
+ return 0;
+}
+
+BackendInfo* backend_info(const char *type)
+{
+ BackendInfo *bi;
+
+ /* search for the backend type */
+ LDAP_STAILQ_FOREACH(bi,&backendInfo,bi_next) {
+ if( strcasecmp(bi->bi_type, type) == 0 ) {
+ return bi;
+ }
+ }
+
+ return NULL;
+}
+
+
+BackendDB *
+backend_db_init(
+ const char *type,
+ BackendDB *be )
+{
+ BackendInfo *bi = backend_info(type);
+ int rc = 0;
+
+ if( bi == NULL ) {
+ fprintf( stderr, "Unrecognized database type (%s)\n", type );
+ return NULL;
+ }
+
+ /* If be is provided, treat it as private. Otherwise allocate
+ * one and add it to the global list.
+ */
+ if ( !be ) {
+ be = ch_calloc( 1, sizeof(Backend) );
+ nbackends++;
+ LDAP_STAILQ_INSERT_TAIL(&backendDB, be, be_next);
+ }
+
+ be->bd_info = bi;
+
+ be->be_def_limit = frontendDB->be_def_limit;
+ be->be_dfltaccess = frontendDB->be_dfltaccess;
+
+ be->be_restrictops = frontendDB->be_restrictops;
+ be->be_requires = frontendDB->be_requires;
+ be->be_ssf_set = frontendDB->be_ssf_set;
+
+ be->be_pcl_mutexp = &be->be_pcl_mutex;
+ ldap_pvt_thread_mutex_init( be->be_pcl_mutexp );
+
+ /* assign a default depth limit for alias deref */
+ be->be_max_deref_depth = SLAPD_DEFAULT_MAXDEREFDEPTH;
+
+ if ( bi->bi_db_init ) {
+ rc = bi->bi_db_init( be );
+ }
+
+ if ( rc != 0 ) {
+ fprintf( stderr, "database init failed (%s)\n", type );
+ nbackends--;
+ return NULL;
+ }
+
+ bi->bi_nDB++;
+ return( be );
+}
+
+void
+be_db_close( void )
+{
+ BackendDB *be;
+
+ LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
+ if ( be->bd_info->bi_db_close ) {
+ be->bd_info->bi_db_close( be );
+ }
+ }
+
+ if ( frontendDB->bd_info->bi_db_close ) {
+ (*frontendDB->bd_info->bi_db_close)( frontendDB );
+ }
+
+}
+
+Backend *
+select_backend(
+ struct berval * dn,
+ int manageDSAit,
+ int noSubs )
+{
+ int j;
+ ber_len_t len, dnlen = dn->bv_len;
+ Backend *be, *b2 = NULL;
+
+ LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
+ if ( be->be_nsuffix == NULL ) {
+ continue;
+ }
+
+ for ( j = 0; !BER_BVISNULL( &be->be_nsuffix[j] ); j++ )
+ {
+ if ( ( SLAP_GLUE_SUBORDINATE( be ) ) && noSubs )
+ {
+ continue;
+ }
+
+ len = be->be_nsuffix[j].bv_len;
+
+ if ( len > dnlen ) {
+ /* suffix is longer than DN */
+ continue;
+ }
+
+ /*
+ * input DN is normalized, so the separator check
+ * need not look at escaping
+ */
+ if ( len && len < dnlen &&
+ !DN_SEPARATOR( dn->bv_val[(dnlen-len)-1] ))
+ {
+ continue;
+ }
+
+ if ( strcmp( be->be_nsuffix[j].bv_val,
+ &dn->bv_val[dnlen-len] ) == 0 )
+ {
+ if( b2 == NULL ) {
+ b2 = be;
+
+ if( manageDSAit && len == dnlen &&
+ !SLAP_GLUE_SUBORDINATE( be ) ) {
+ continue;
+ }
+ } else {
+ /* If any parts of the tree are glued, use the first
+ * match regardless of manageDSAit. Otherwise use the
+ * last match.
+ */
+ if( !( SLAP_DBFLAGS( be ) & ( SLAP_DBFLAG_GLUE_INSTANCE |
+ SLAP_DBFLAG_GLUE_SUBORDINATE )))
+ b2 = be;
+ }
+ return b2;
+ }
+ }
+ }
+
+ return b2;
+}
+
+int
+be_issuffix(
+ Backend *be,
+ struct berval *bvsuffix )
+{
+ int i;
+
+ if ( be->be_nsuffix == NULL ) {
+ return 0;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &be->be_nsuffix[i] ); i++ ) {
+ if ( bvmatch( &be->be_nsuffix[i], bvsuffix ) ) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+int
+be_isroot_dn( Backend *be, struct berval *ndn )
+{
+ if ( BER_BVISEMPTY( ndn ) || BER_BVISEMPTY( &be->be_rootndn ) ) {
+ return 0;
+ }
+
+ return dn_match( &be->be_rootndn, ndn );
+}
+
+int
+be_slurp_update( Operation *op )
+{
+ return ( SLAP_SLURP_SHADOW( op->o_bd ) &&
+ be_isupdate_dn( op->o_bd, &op->o_ndn ) );
+}
+
+int
+be_shadow_update( Operation *op )
+{
+ return ( SLAP_SYNC_SHADOW( op->o_bd ) ||
+ ( SLAP_SHADOW( op->o_bd ) && be_isupdate_dn( op->o_bd, &op->o_ndn ) ) );
+}
+
+int
+be_isupdate_dn( Backend *be, struct berval *ndn )
+{
+ if ( BER_BVISEMPTY( ndn ) || BER_BVISEMPTY( &be->be_update_ndn ) ) {
+ return 0;
+ }
+
+ return dn_match( &be->be_update_ndn, ndn );
+}
+
+struct berval *
+be_root_dn( Backend *be )
+{
+ return &be->be_rootdn;
+}
+
+int
+be_isroot( Operation *op )
+{
+ return be_isroot_dn( op->o_bd, &op->o_ndn );
+}
+
+int
+be_isroot_pw( Operation *op )
+{
+ int result;
+
+ if ( ! be_isroot_dn( op->o_bd, &op->o_req_ndn ) ) {
+ return 0;
+ }
+
+ if ( BER_BVISEMPTY( &op->o_bd->be_rootpw ) ) {
+ return 0;
+ }
+
+#ifdef SLAPD_SPASSWD
+ ldap_pvt_thread_pool_setkey( op->o_threadctx, slap_sasl_bind,
+ op->o_conn->c_sasl_authctx, NULL );
+#endif
+
+ result = lutil_passwd( &op->o_bd->be_rootpw, &op->orb_cred, NULL, NULL );
+
+#ifdef SLAPD_SPASSWD
+ ldap_pvt_thread_pool_setkey( op->o_threadctx, slap_sasl_bind, NULL, NULL );
+#endif
+
+ return result == 0;
+}
+
+int
+be_entry_release_rw(
+ Operation *op,
+ Entry *e,
+ int rw )
+{
+ if ( op->o_bd->be_release ) {
+ /* free and release entry from backend */
+ return op->o_bd->be_release( op, e, rw );
+ } else {
+ /* free entry */
+ entry_free( e );
+ return 0;
+ }
+}
+
+int
+backend_unbind( Operation *op, SlapReply *rs )
+{
+ BackendDB *be;
+
+ LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
+ if ( be->be_unbind ) {
+ op->o_bd = be;
+ be->be_unbind( op, rs );
+ }
+ }
+
+ return 0;
+}
+
+int
+backend_connection_init(
+ Connection *conn )
+{
+ BackendDB *be;
+
+ LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
+ if ( be->be_connection_init ) {
+ be->be_connection_init( be, conn );
+ }
+ }
+
+ return 0;
+}
+
+int
+backend_connection_destroy(
+ Connection *conn )
+{
+ BackendDB *be;
+
+ LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
+ if ( be->be_connection_destroy ) {
+ be->be_connection_destroy( be, conn);
+ }
+ }
+
+ return 0;
+}
+
+int
+backend_check_controls(
+ Operation *op,
+ SlapReply *rs )
+{
+ LDAPControl **ctrls = op->o_ctrls;
+ rs->sr_err = LDAP_SUCCESS;
+
+ if( ctrls ) {
+ for( ; *ctrls != NULL ; ctrls++ ) {
+ int cid;
+
+ switch ( slap_global_control( op, (*ctrls)->ldctl_oid, &cid ) ) {
+ case LDAP_CONTROL_NOT_FOUND:
+ /* unrecognized control */
+ if ( (*ctrls)->ldctl_iscritical ) {
+ /* should not be reachable */
+ Debug( LDAP_DEBUG_ANY,
+ "backend_check_controls: unrecognized control: %s\n",
+ (*ctrls)->ldctl_oid, 0, 0 );
+ assert( 0 );
+ }
+ break;
+
+ case LDAP_COMPARE_FALSE:
+ if ( !op->o_bd->be_ctrls[cid] && (*ctrls)->ldctl_iscritical ) {
+ /* Per RFC 2251 (and LDAPBIS discussions), if the control
+ * is recognized and appropriate for the operation (which
+ * we've already verified), then the server should make
+ * use of the control when performing the operation.
+ *
+ * Here we find that operation extended by the control
+ * is unavailable in a particular context, and the control
+ * is marked Critical, hence the return of
+ * unwillingToPerform.
+ */
+ rs->sr_text = "critical control unavailable in context";
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ goto done;
+ }
+ break;
+
+ case LDAP_COMPARE_TRUE:
+ break;
+
+ default:
+ /* unreachable */
+ Debug( LDAP_DEBUG_ANY,
+ "backend_check_controls: unable to check control: %s\n",
+ (*ctrls)->ldctl_oid, 0, 0 );
+ assert( 0 );
+
+ rs->sr_text = "unable to check control";
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+ }
+ }
+
+ /* temporarily removed */
+#if 0
+ /* check should be generalized */
+ if( get_manageDIT(op) && !be_isroot(op)) {
+ rs->sr_text = "requires manager authorization";
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ }
+#endif
+
+done:;
+ return rs->sr_err;
+}
+
+int
+backend_check_restrictions(
+ Operation *op,
+ SlapReply *rs,
+ struct berval *opdata )
+{
+ slap_mask_t restrictops;
+ slap_mask_t requires;
+ slap_mask_t opflag;
+ slap_mask_t exopflag = 0;
+ slap_ssf_set_t *ssf;
+ int updateop = 0;
+ int starttls = 0;
+ int session = 0;
+
+ if ( op->o_bd ) {
+ int rc = SLAP_CB_CONTINUE;
+
+ if ( op->o_bd->be_chk_controls ) {
+ rc = ( *op->o_bd->be_chk_controls )( op, rs );
+ }
+
+ if ( rc == SLAP_CB_CONTINUE ) {
+ rc = backend_check_controls( op, rs );
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ return rs->sr_err;
+ }
+
+ restrictops = op->o_bd->be_restrictops;
+ requires = op->o_bd->be_requires;
+ ssf = &op->o_bd->be_ssf_set;
+
+ } else {
+ restrictops = frontendDB->be_restrictops;
+ requires = frontendDB->be_requires;
+ ssf = &frontendDB->be_ssf_set;
+ }
+
+ switch( op->o_tag ) {
+ case LDAP_REQ_ADD:
+ opflag = SLAP_RESTRICT_OP_ADD;
+ updateop++;
+ break;
+ case LDAP_REQ_BIND:
+ opflag = SLAP_RESTRICT_OP_BIND;
+ session++;
+ break;
+ case LDAP_REQ_COMPARE:
+ opflag = SLAP_RESTRICT_OP_COMPARE;
+ break;
+ case LDAP_REQ_DELETE:
+ updateop++;
+ opflag = SLAP_RESTRICT_OP_DELETE;
+ break;
+ case LDAP_REQ_EXTENDED:
+ opflag = SLAP_RESTRICT_OP_EXTENDED;
+
+ if( !opdata ) {
+ /* treat unspecified as a modify */
+ opflag = SLAP_RESTRICT_OP_MODIFY;
+ updateop++;
+ break;
+ }
+
+ if( bvmatch( opdata, &slap_EXOP_START_TLS ) ) {
+ session++;
+ starttls++;
+ exopflag = SLAP_RESTRICT_EXOP_START_TLS;
+ break;
+ }
+
+ if( bvmatch( opdata, &slap_EXOP_WHOAMI ) ) {
+ exopflag = SLAP_RESTRICT_EXOP_WHOAMI;
+ break;
+ }
+
+ if ( bvmatch( opdata, &slap_EXOP_CANCEL ) ) {
+ exopflag = SLAP_RESTRICT_EXOP_CANCEL;
+ break;
+ }
+
+ if ( bvmatch( opdata, &slap_EXOP_MODIFY_PASSWD ) ) {
+ exopflag = SLAP_RESTRICT_EXOP_MODIFY_PASSWD;
+ updateop++;
+ break;
+ }
+
+ /* treat everything else as a modify */
+ opflag = SLAP_RESTRICT_OP_MODIFY;
+ updateop++;
+ break;
+
+ case LDAP_REQ_MODIFY:
+ updateop++;
+ opflag = SLAP_RESTRICT_OP_MODIFY;
+ break;
+ case LDAP_REQ_RENAME:
+ updateop++;
+ opflag = SLAP_RESTRICT_OP_RENAME;
+ break;
+ case LDAP_REQ_SEARCH:
+ opflag = SLAP_RESTRICT_OP_SEARCH;
+ break;
+ case LDAP_REQ_UNBIND:
+ session++;
+ opflag = 0;
+ break;
+ default:
+ rs->sr_text = "restrict operations internal error";
+ rs->sr_err = LDAP_OTHER;
+ return rs->sr_err;
+ }
+
+ if ( !starttls ) {
+ /* these checks don't apply to StartTLS */
+
+ rs->sr_err = LDAP_CONFIDENTIALITY_REQUIRED;
+ if( op->o_transport_ssf < ssf->sss_transport ) {
+ rs->sr_text = op->o_transport_ssf
+ ? "stronger transport confidentiality required"
+ : "transport confidentiality required";
+ return rs->sr_err;
+ }
+
+ if( op->o_tls_ssf < ssf->sss_tls ) {
+ rs->sr_text = op->o_tls_ssf
+ ? "stronger TLS confidentiality required"
+ : "TLS confidentiality required";
+ return rs->sr_err;
+ }
+
+
+ if( op->o_tag == LDAP_REQ_BIND && opdata == NULL ) {
+ /* simple bind specific check */
+ if( op->o_ssf < ssf->sss_simple_bind ) {
+ rs->sr_text = op->o_ssf
+ ? "stronger confidentiality required"
+ : "confidentiality required";
+ return rs->sr_err;
+ }
+ }
+
+ if( op->o_tag != LDAP_REQ_BIND || opdata == NULL ) {
+ /* these checks don't apply to SASL bind */
+
+ if( op->o_sasl_ssf < ssf->sss_sasl ) {
+ rs->sr_text = op->o_sasl_ssf
+ ? "stronger SASL confidentiality required"
+ : "SASL confidentiality required";
+ return rs->sr_err;
+ }
+
+ if( op->o_ssf < ssf->sss_ssf ) {
+ rs->sr_text = op->o_ssf
+ ? "stronger confidentiality required"
+ : "confidentiality required";
+ return rs->sr_err;
+ }
+ }
+
+ if( updateop ) {
+ if( op->o_transport_ssf < ssf->sss_update_transport ) {
+ rs->sr_text = op->o_transport_ssf
+ ? "stronger transport confidentiality required for update"
+ : "transport confidentiality required for update";
+ return rs->sr_err;
+ }
+
+ if( op->o_tls_ssf < ssf->sss_update_tls ) {
+ rs->sr_text = op->o_tls_ssf
+ ? "stronger TLS confidentiality required for update"
+ : "TLS confidentiality required for update";
+ return rs->sr_err;
+ }
+
+ if( op->o_sasl_ssf < ssf->sss_update_sasl ) {
+ rs->sr_text = op->o_sasl_ssf
+ ? "stronger SASL confidentiality required for update"
+ : "SASL confidentiality required for update";
+ return rs->sr_err;
+ }
+
+ if( op->o_ssf < ssf->sss_update_ssf ) {
+ rs->sr_text = op->o_ssf
+ ? "stronger confidentiality required for update"
+ : "confidentiality required for update";
+ return rs->sr_err;
+ }
+
+ if( !( global_allows & SLAP_ALLOW_UPDATE_ANON ) &&
+ BER_BVISEMPTY( &op->o_ndn ) )
+ {
+ rs->sr_text = "modifications require authentication";
+ rs->sr_err = LDAP_STRONG_AUTH_REQUIRED;
+ return rs->sr_err;
+ }
+
+#ifdef SLAP_X_LISTENER_MOD
+ if ( op->o_conn->c_listener &&
+ ! ( op->o_conn->c_listener->sl_perms & ( !BER_BVISEMPTY( &op->o_ndn )
+ ? (S_IWUSR|S_IWOTH) : S_IWOTH ) ) )
+ {
+ /* no "w" mode means readonly */
+ rs->sr_text = "modifications not allowed on this listener";
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ return rs->sr_err;
+ }
+#endif /* SLAP_X_LISTENER_MOD */
+ }
+ }
+
+ if ( !session ) {
+ /* these checks don't apply to Bind, StartTLS, or Unbind */
+
+ if( requires & SLAP_REQUIRE_STRONG ) {
+ /* should check mechanism */
+ if( ( op->o_transport_ssf < ssf->sss_transport
+ && op->o_authtype == LDAP_AUTH_SIMPLE )
+ || BER_BVISEMPTY( &op->o_dn ) )
+ {
+ rs->sr_text = "strong(er) authentication required";
+ rs->sr_err = LDAP_STRONG_AUTH_REQUIRED;
+ return rs->sr_err;
+ }
+ }
+
+ if( requires & SLAP_REQUIRE_SASL ) {
+ if( op->o_authtype != LDAP_AUTH_SASL || BER_BVISEMPTY( &op->o_dn ) ) {
+ rs->sr_text = "SASL authentication required";
+ rs->sr_err = LDAP_STRONG_AUTH_REQUIRED;
+ return rs->sr_err;
+ }
+ }
+
+ if( requires & SLAP_REQUIRE_AUTHC ) {
+ if( BER_BVISEMPTY( &op->o_dn ) ) {
+ rs->sr_text = "authentication required";
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ return rs->sr_err;
+ }
+ }
+
+ if( requires & SLAP_REQUIRE_BIND ) {
+ int version;
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+ version = op->o_conn->c_protocol;
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+
+ if( !version ) {
+ /* no bind has occurred */
+ rs->sr_text = "BIND required";
+ rs->sr_err = LDAP_OPERATIONS_ERROR;
+ return rs->sr_err;
+ }
+ }
+
+ if( requires & SLAP_REQUIRE_LDAP_V3 ) {
+ if( op->o_protocol < LDAP_VERSION3 ) {
+ /* no bind has occurred */
+ rs->sr_text = "operation restricted to LDAPv3 clients";
+ rs->sr_err = LDAP_OPERATIONS_ERROR;
+ return rs->sr_err;
+ }
+ }
+
+#ifdef SLAP_X_LISTENER_MOD
+ if ( !starttls && BER_BVISEMPTY( &op->o_dn ) ) {
+ if ( op->o_conn->c_listener &&
+ !( op->o_conn->c_listener->sl_perms & S_IXOTH ))
+ {
+ /* no "x" mode means bind required */
+ rs->sr_text = "bind required on this listener";
+ rs->sr_err = LDAP_STRONG_AUTH_REQUIRED;
+ return rs->sr_err;
+ }
+ }
+
+ if ( !starttls && !updateop ) {
+ if ( op->o_conn->c_listener &&
+ !( op->o_conn->c_listener->sl_perms &
+ ( !BER_BVISEMPTY( &op->o_dn )
+ ? (S_IRUSR|S_IROTH) : S_IROTH )))
+ {
+ /* no "r" mode means no read */
+ rs->sr_text = "read not allowed on this listener";
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ return rs->sr_err;
+ }
+ }
+#endif /* SLAP_X_LISTENER_MOD */
+
+ }
+
+ if( ( restrictops & opflag )
+ || ( exopflag && ( restrictops & exopflag ) ) ) {
+ if( ( restrictops & SLAP_RESTRICT_OP_MASK) == SLAP_RESTRICT_OP_READS ) {
+ rs->sr_text = "read operations restricted";
+ } else if ( restrictops & exopflag ) {
+ rs->sr_text = "extended operation restricted";
+ } else {
+ rs->sr_text = "operation restricted";
+ }
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ return rs->sr_err;
+ }
+
+ rs->sr_err = LDAP_SUCCESS;
+ return rs->sr_err;
+}
+
+int backend_check_referrals( Operation *op, SlapReply *rs )
+{
+ rs->sr_err = LDAP_SUCCESS;
+
+ if( op->o_bd->be_chk_referrals ) {
+ rs->sr_err = op->o_bd->be_chk_referrals( op, rs );
+
+ if( rs->sr_err != LDAP_SUCCESS && rs->sr_err != LDAP_REFERRAL ) {
+ send_ldap_result( op, rs );
+ }
+ }
+
+ return rs->sr_err;
+}
+
+int
+be_entry_get_rw(
+ Operation *op,
+ struct berval *ndn,
+ ObjectClass *oc,
+ AttributeDescription *at,
+ int rw,
+ Entry **e )
+{
+ *e = NULL;
+
+ if ( op->o_bd == NULL ) {
+ return LDAP_NO_SUCH_OBJECT;
+ }
+
+ if ( op->o_bd->be_fetch ) {
+ return op->o_bd->be_fetch( op, ndn, oc, at, rw, e );
+ }
+
+ return LDAP_UNWILLING_TO_PERFORM;
+}
+
+int
+fe_acl_group(
+ Operation *op,
+ Entry *target,
+ struct berval *gr_ndn,
+ struct berval *op_ndn,
+ ObjectClass *group_oc,
+ AttributeDescription *group_at )
+{
+ Entry *e;
+ void *o_priv = op->o_private, *e_priv = NULL;
+ Attribute *a;
+ int rc;
+ GroupAssertion *g;
+ Backend *be = op->o_bd;
+
+ op->o_bd = select_backend( gr_ndn, 0, 0 );
+
+ for ( g = op->o_groups; g; g = g->ga_next ) {
+ if ( g->ga_be != op->o_bd || g->ga_oc != group_oc ||
+ g->ga_at != group_at || g->ga_len != gr_ndn->bv_len )
+ {
+ continue;
+ }
+ if ( strcmp( g->ga_ndn, gr_ndn->bv_val ) == 0 ) {
+ break;
+ }
+ }
+
+ if ( g ) {
+ rc = g->ga_res;
+ goto done;
+ }
+
+ if ( target && dn_match( &target->e_nname, gr_ndn ) ) {
+ e = target;
+ rc = 0;
+ } else {
+ op->o_private = NULL;
+ rc = be_entry_get_rw( op, gr_ndn, group_oc, group_at, 0, &e );
+ e_priv = op->o_private;
+ op->o_private = o_priv;
+ }
+ if ( e ) {
+ a = attr_find( e->e_attrs, group_at );
+ if ( a ) {
+ /* If the attribute is a subtype of labeledURI, treat this as
+ * a dynamic group ala groupOfURLs
+ */
+ if (is_at_subtype( group_at->ad_type,
+ slap_schema.si_ad_labeledURI->ad_type ) )
+ {
+ int i;
+ LDAPURLDesc *ludp;
+ struct berval bv, nbase;
+ Filter *filter;
+ Entry *user;
+ void *user_priv = NULL;
+ Backend *b2 = op->o_bd;
+
+ if ( target && dn_match( &target->e_nname, op_ndn ) ) {
+ user = target;
+ } else {
+ op->o_bd = select_backend( op_ndn, 0, 0 );
+ op->o_private = NULL;
+ rc = be_entry_get_rw(op, op_ndn, NULL, NULL, 0, &user );
+ user_priv = op->o_private;
+ op->o_private = o_priv;
+ }
+
+ if ( rc == 0 ) {
+ rc = LDAP_COMPARE_FALSE;
+ for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) {
+ if ( ldap_url_parse( a->a_vals[i].bv_val, &ludp ) !=
+ LDAP_URL_SUCCESS )
+ {
+ continue;
+ }
+ BER_BVZERO( &nbase );
+ /* host part must be empty */
+ /* attrs and extensions parts must be empty */
+ if ( ( ludp->lud_host && *ludp->lud_host ) ||
+ ludp->lud_attrs || ludp->lud_exts )
+ {
+ goto loopit;
+ }
+ ber_str2bv( ludp->lud_dn, 0, 0, &bv );
+ if ( dnNormalize( 0, NULL, NULL, &bv, &nbase,
+ op->o_tmpmemctx ) != LDAP_SUCCESS )
+ {
+ goto loopit;
+ }
+ switch ( ludp->lud_scope ) {
+ case LDAP_SCOPE_BASE:
+ if ( !dn_match( &nbase, op_ndn ) ) {
+ goto loopit;
+ }
+ break;
+ case LDAP_SCOPE_ONELEVEL:
+ dnParent( op_ndn, &bv );
+ if ( !dn_match( &nbase, &bv ) ) {
+ goto loopit;
+ }
+ break;
+ case LDAP_SCOPE_SUBTREE:
+ if ( !dnIsSuffix( op_ndn, &nbase ) ) {
+ goto loopit;
+ }
+ break;
+ case LDAP_SCOPE_SUBORDINATE:
+ if ( dn_match( &nbase, op_ndn ) ||
+ !dnIsSuffix( op_ndn, &nbase ) )
+ {
+ goto loopit;
+ }
+ }
+ filter = str2filter_x( op, ludp->lud_filter );
+ if ( filter ) {
+ if ( test_filter( NULL, user, filter ) ==
+ LDAP_COMPARE_TRUE )
+ {
+ rc = 0;
+ }
+ filter_free_x( op, filter );
+ }
+loopit:
+ ldap_free_urldesc( ludp );
+ if ( !BER_BVISNULL( &nbase ) ) {
+ op->o_tmpfree( nbase.bv_val, op->o_tmpmemctx );
+ }
+ if ( rc == 0 ) break;
+ }
+ if ( user != target ) {
+ op->o_private = user_priv;
+ be_entry_release_r( op, user );
+ op->o_private = o_priv;
+ }
+ }
+ op->o_bd = b2;
+ } else {
+ rc = value_find_ex( group_at,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ a->a_nvals, op_ndn, op->o_tmpmemctx );
+ if ( rc == LDAP_NO_SUCH_ATTRIBUTE )
+ rc = LDAP_COMPARE_FALSE;
+ }
+ } else {
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ }
+ if ( e != target ) {
+ op->o_private = e_priv;
+ be_entry_release_r( op, e );
+ op->o_private = o_priv;
+ }
+ } else {
+ rc = LDAP_NO_SUCH_OBJECT;
+ }
+
+ if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache ) {
+ g = op->o_tmpalloc( sizeof( GroupAssertion ) + gr_ndn->bv_len,
+ op->o_tmpmemctx );
+ g->ga_be = op->o_bd;
+ g->ga_oc = group_oc;
+ g->ga_at = group_at;
+ g->ga_res = rc;
+ g->ga_len = gr_ndn->bv_len;
+ strcpy( g->ga_ndn, gr_ndn->bv_val );
+ g->ga_next = op->o_groups;
+ op->o_groups = g;
+ }
+done:
+ op->o_bd = be;
+ return rc;
+}
+
+int
+backend_group(
+ Operation *op,
+ Entry *target,
+ struct berval *gr_ndn,
+ struct berval *op_ndn,
+ ObjectClass *group_oc,
+ AttributeDescription *group_at )
+{
+ int rc;
+ BackendDB *be_orig;
+
+ if ( op->o_abandon ) {
+ return SLAPD_ABANDON;
+ }
+
+ be_orig = op->o_bd;
+ op->o_bd = frontendDB;
+#ifdef SLAP_OVERLAY_ACCESS
+ rc = frontendDB->be_group( op, target, gr_ndn,
+ op_ndn, group_oc, group_at );
+#else /* ! SLAP_OVERLAY_ACCESS */
+ rc = fe_acl_group( op, target, gr_ndn,
+ op_ndn, group_oc, group_at );
+#endif /* ! SLAP_OVERLAY_ACCESS */
+ op->o_bd = be_orig;
+
+ return rc;
+}
+
+int
+fe_acl_attribute(
+ Operation *op,
+ Entry *target,
+ struct berval *edn,
+ AttributeDescription *entry_at,
+ BerVarray *vals,
+ slap_access_t access )
+{
+ Entry *e = NULL;
+ void *o_priv = op->o_private, *e_priv = NULL;
+ Attribute *a = NULL;
+ int freeattr = 0, i, j, rc = LDAP_SUCCESS;
+ AccessControlState acl_state = ACL_STATE_INIT;
+ Backend *be = op->o_bd;
+
+ op->o_bd = select_backend( edn, 0, 0 );
+
+ if ( target && dn_match( &target->e_nname, edn ) ) {
+ e = target;
+
+ } else {
+ op->o_private = NULL;
+ rc = be_entry_get_rw( op, edn, NULL, entry_at, 0, &e );
+ e_priv = op->o_private;
+ op->o_private = o_priv;
+ }
+
+ if ( e ) {
+ a = attr_find( e->e_attrs, entry_at );
+ if ( a == NULL ) {
+ SlapReply rs = { 0 };
+ AttributeName anlist[ 2 ];
+
+ anlist[ 0 ].an_name = entry_at->ad_cname;
+ anlist[ 0 ].an_desc = entry_at;
+ BER_BVZERO( &anlist[ 1 ].an_name );
+ rs.sr_attrs = anlist;
+
+ /* NOTE: backend_operational() is also called
+ * when returning results, so it's supposed
+ * to do no harm to entries */
+ rs.sr_entry = e;
+ rc = backend_operational( op, &rs );
+ rs.sr_entry = NULL;
+
+ if ( rc == LDAP_SUCCESS ) {
+ if ( rs.sr_operational_attrs ) {
+ freeattr = 1;
+ a = rs.sr_operational_attrs;
+
+ } else {
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ }
+ }
+ }
+
+ if ( a ) {
+ BerVarray v;
+
+ if ( op->o_conn && access > ACL_NONE &&
+ access_allowed( op, e, entry_at, NULL,
+ access, &acl_state ) == 0 )
+ {
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ goto freeit;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ )
+ ;
+
+ v = op->o_tmpalloc( sizeof(struct berval) * ( i + 1 ),
+ op->o_tmpmemctx );
+ for ( i = 0, j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ )
+ {
+ if ( op->o_conn && access > ACL_NONE &&
+ access_allowed( op, e, entry_at,
+ &a->a_nvals[i],
+ access,
+ &acl_state ) == 0 )
+ {
+ continue;
+ }
+ ber_dupbv_x( &v[j], &a->a_nvals[i],
+ op->o_tmpmemctx );
+ if ( !BER_BVISNULL( &v[j] ) ) {
+ j++;
+ }
+ }
+ if ( j == 0 ) {
+ op->o_tmpfree( v, op->o_tmpmemctx );
+ *vals = NULL;
+ rc = LDAP_INSUFFICIENT_ACCESS;
+
+ } else {
+ BER_BVZERO( &v[j] );
+ *vals = v;
+ rc = LDAP_SUCCESS;
+ }
+ }
+freeit: if ( e != target ) {
+ op->o_private = e_priv;
+ be_entry_release_r( op, e );
+ op->o_private = o_priv;
+ }
+ if ( freeattr ) {
+ attr_free( a );
+ }
+ }
+
+ op->o_bd = be;
+ return rc;
+}
+
+int
+backend_attribute(
+ Operation *op,
+ Entry *target,
+ struct berval *edn,
+ AttributeDescription *entry_at,
+ BerVarray *vals,
+ slap_access_t access )
+{
+ int rc;
+ BackendDB *be_orig;
+
+ be_orig = op->o_bd;
+ op->o_bd = frontendDB;
+#ifdef SLAP_OVERLAY_ACCESS
+ rc = frontendDB->be_attribute( op, target, edn,
+ entry_at, vals, access );
+#else /* !SLAP_OVERLAY_ACCESS */
+ rc = fe_acl_attribute( op, target, edn,
+ entry_at, vals, access );
+#endif /* !SLAP_OVERLAY_ACCESS */
+ op->o_bd = be_orig;
+
+ return rc;
+}
+
+int
+backend_access(
+ Operation *op,
+ Entry *target,
+ struct berval *edn,
+ AttributeDescription *entry_at,
+ struct berval *nval,
+ slap_access_t access,
+ slap_mask_t *mask )
+{
+ Entry *e = NULL;
+ void *o_priv = op->o_private, *e_priv = NULL;
+ int rc = LDAP_INSUFFICIENT_ACCESS;
+ Backend *be = op->o_bd;
+
+ /* pedantic */
+ assert( op != NULL );
+ assert( op->o_conn != NULL );
+ assert( edn != NULL );
+ assert( access > ACL_NONE );
+
+ op->o_bd = select_backend( edn, 0, 0 );
+
+ if ( target && dn_match( &target->e_nname, edn ) ) {
+ e = target;
+
+ } else {
+ op->o_private = NULL;
+ rc = be_entry_get_rw( op, edn, NULL, entry_at, 0, &e );
+ e_priv = op->o_private;
+ op->o_private = o_priv;
+ }
+
+ if ( e ) {
+ Attribute *a = NULL;
+ int freeattr = 0;
+
+ if ( entry_at == NULL ) {
+ entry_at = slap_schema.si_ad_entry;
+ }
+
+ if ( entry_at == slap_schema.si_ad_entry || entry_at == slap_schema.si_ad_children )
+ {
+ if ( access_allowed_mask( op, e, entry_at,
+ NULL, access, NULL, mask ) == 0 )
+ {
+ rc = LDAP_INSUFFICIENT_ACCESS;
+
+ } else {
+ rc = LDAP_SUCCESS;
+ }
+
+ } else {
+ a = attr_find( e->e_attrs, entry_at );
+ if ( a == NULL ) {
+ SlapReply rs = { 0 };
+ AttributeName anlist[ 2 ];
+
+ anlist[ 0 ].an_name = entry_at->ad_cname;
+ anlist[ 0 ].an_desc = entry_at;
+ BER_BVZERO( &anlist[ 1 ].an_name );
+ rs.sr_attrs = anlist;
+
+ rs.sr_attr_flags = slap_attr_flags( rs.sr_attrs );
+
+ /* NOTE: backend_operational() is also called
+ * when returning results, so it's supposed
+ * to do no harm to entries */
+ rs.sr_entry = e;
+ rc = backend_operational( op, &rs );
+ rs.sr_entry = NULL;
+
+ if ( rc == LDAP_SUCCESS ) {
+ if ( rs.sr_operational_attrs ) {
+ freeattr = 1;
+ a = rs.sr_operational_attrs;
+
+ } else {
+ rc = LDAP_NO_SUCH_OBJECT;
+ }
+ }
+ }
+
+ if ( a ) {
+ if ( access_allowed_mask( op, e, entry_at,
+ nval, access, NULL, mask ) == 0 )
+ {
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ goto freeit;
+ }
+ rc = LDAP_SUCCESS;
+ }
+ }
+freeit: if ( e != target ) {
+ op->o_private = e_priv;
+ be_entry_release_r( op, e );
+ op->o_private = o_priv;
+ }
+ if ( freeattr ) {
+ attr_free( a );
+ }
+ }
+
+ op->o_bd = be;
+ return rc;
+}
+
+int
+fe_aux_operational(
+ Operation *op,
+ SlapReply *rs )
+{
+ Attribute **ap;
+ int rc = 0;
+ BackendDB *be_orig;
+
+ for ( ap = &rs->sr_operational_attrs; *ap; ap = &(*ap)->a_next )
+ /* just count them */ ;
+
+ /*
+ * If operational attributes (allegedly) are required,
+ * and the backend supports specific operational attributes,
+ * add them to the attribute list
+ */
+ if ( !( rs->sr_flags & REP_NO_ENTRYDN )
+ && ( SLAP_OPATTRS( rs->sr_attr_flags ) || ( rs->sr_attrs &&
+ ad_inlist( slap_schema.si_ad_entryDN, rs->sr_attrs ) ) ) )
+ {
+ *ap = slap_operational_entryDN( rs->sr_entry );
+ ap = &(*ap)->a_next;
+ }
+
+ if ( !( rs->sr_flags & REP_NO_SUBSCHEMA)
+ && ( SLAP_OPATTRS( rs->sr_attr_flags ) || ( rs->sr_attrs &&
+ ad_inlist( slap_schema.si_ad_subschemaSubentry, rs->sr_attrs ) ) ) )
+ {
+ *ap = slap_operational_subschemaSubentry( op->o_bd );
+ ap = &(*ap)->a_next;
+ }
+
+ if ( op->o_bd != NULL )
+ {
+ /* Let the overlays have a chance at this */
+ be_orig = op->o_bd;
+ op->o_bd = select_backend( &op->o_req_ndn, 0, 0 );
+ if ( !be_match( op->o_bd, frontendDB ) &&
+ ( SLAP_OPATTRS( rs->sr_attr_flags ) || rs->sr_attrs ) &&
+ op->o_bd != NULL && op->o_bd->be_operational != NULL )
+ {
+ rc = op->o_bd->be_operational( op, rs );
+ }
+ op->o_bd = be_orig;
+ }
+
+ return rc;
+}
+
+int backend_operational( Operation *op, SlapReply *rs )
+{
+ int rc;
+ BackendDB *be_orig;
+
+ /* Moved this into the frontend so global overlays are called */
+
+ be_orig = op->o_bd;
+ op->o_bd = frontendDB;
+ rc = frontendDB->be_operational( op, rs );
+ op->o_bd = be_orig;
+
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/backglue.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/backglue.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/backglue.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1039 @@
+/* backglue.c - backend glue */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backglue.c,v 1.91.2.17 2007/01/03 08:55:03 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * Functions to glue a bunch of other backends into a single tree.
+ * All of the glued backends must share a common suffix. E.g., you
+ * can glue o=foo and ou=bar,o=foo but you can't glue o=foo and o=bar.
+ *
+ * The purpose of these functions is to allow you to split a single database
+ * into pieces (for load balancing purposes, whatever) but still be able
+ * to treat it as a single database after it's been split. As such, each
+ * of the glued backends should have identical rootdn.
+ * -- Howard Chu
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#define SLAPD_TOOLS
+#include "slap.h"
+
+typedef struct gluenode {
+ BackendDB *gn_be;
+ struct berval gn_pdn;
+} gluenode;
+
+typedef struct glueinfo {
+ int gi_nodes;
+ struct berval gi_pdn;
+ gluenode gi_n[1];
+} glueinfo;
+
+static slap_overinst glue;
+
+static int glueMode;
+static BackendDB *glueBack;
+
+static slap_response glue_op_response;
+
+/* Just like select_backend, but only for our backends */
+static BackendDB *
+glue_back_select (
+ BackendDB *be,
+ struct berval *dn
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ glueinfo *gi = (glueinfo *)on->on_bi.bi_private;
+ int i;
+
+ for (i = gi->gi_nodes-1; i >= 0; i--) {
+ assert( gi->gi_n[i].gn_be->be_nsuffix != NULL );
+
+ if (dnIsSuffix(dn, &gi->gi_n[i].gn_be->be_nsuffix[0])) {
+ return gi->gi_n[i].gn_be;
+ }
+ }
+ be->bd_info = on->on_info->oi_orig;
+ return be;
+}
+
+
+typedef struct glue_state {
+ char *matched;
+ BerVarray refs;
+ LDAPControl **ctrls;
+ int err;
+ int matchlen;
+ int nrefs;
+ int nctrls;
+} glue_state;
+
+static int
+glue_op_cleanup( Operation *op, SlapReply *rs )
+{
+ /* This is not a final result */
+ if (rs->sr_type == REP_RESULT )
+ rs->sr_type = REP_GLUE_RESULT;
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+glue_op_response ( Operation *op, SlapReply *rs )
+{
+ glue_state *gs = op->o_callback->sc_private;
+
+ switch(rs->sr_type) {
+ case REP_SEARCH:
+ case REP_SEARCHREF:
+ case REP_INTERMEDIATE:
+ return SLAP_CB_CONTINUE;
+
+ default:
+ if (rs->sr_err == LDAP_SUCCESS ||
+ rs->sr_err == LDAP_SIZELIMIT_EXCEEDED ||
+ rs->sr_err == LDAP_TIMELIMIT_EXCEEDED ||
+ rs->sr_err == LDAP_ADMINLIMIT_EXCEEDED ||
+ rs->sr_err == LDAP_NO_SUCH_OBJECT ||
+ gs->err != LDAP_SUCCESS)
+ gs->err = rs->sr_err;
+ if (gs->err == LDAP_SUCCESS && gs->matched) {
+ ch_free (gs->matched);
+ gs->matched = NULL;
+ gs->matchlen = 0;
+ }
+ if (gs->err != LDAP_SUCCESS && rs->sr_matched) {
+ int len;
+ len = strlen (rs->sr_matched);
+ if (len > gs->matchlen) {
+ if (gs->matched)
+ ch_free (gs->matched);
+ gs->matched = ch_strdup (rs->sr_matched);
+ gs->matchlen = len;
+ }
+ }
+ if (rs->sr_ref) {
+ int i, j, k;
+ BerVarray new;
+
+ for (i=0; rs->sr_ref[i].bv_val; i++);
+
+ j = gs->nrefs;
+ if (!j) {
+ new = ch_malloc ((i+1)*sizeof(struct berval));
+ } else {
+ new = ch_realloc(gs->refs,
+ (j+i+1)*sizeof(struct berval));
+ }
+ for (k=0; k<i; j++,k++) {
+ ber_dupbv( &new[j], &rs->sr_ref[k] );
+ }
+ new[j].bv_val = NULL;
+ gs->nrefs = j;
+ gs->refs = new;
+ }
+ if (rs->sr_ctrls) {
+ int i, j, k;
+ LDAPControl **newctrls;
+
+ for (i=0; rs->sr_ctrls[i]; i++);
+
+ j = gs->nctrls;
+ if (!j) {
+ newctrls = ch_malloc((i+1)*sizeof(LDAPControl *));
+ } else {
+ newctrls = ch_realloc(gs->ctrls,
+ (j+i+1)*sizeof(LDAPControl *));
+ }
+ for (k=0; k<i; j++,k++) {
+ newctrls[j] = ch_malloc(sizeof(LDAPControl));
+ *newctrls[j] = *rs->sr_ctrls[k];
+ if ( !BER_BVISNULL( &rs->sr_ctrls[k]->ldctl_value ))
+ ber_dupbv( &newctrls[j]->ldctl_value,
+ &rs->sr_ctrls[k]->ldctl_value );
+ }
+ newctrls[j] = NULL;
+ gs->nctrls = j;
+ gs->ctrls = newctrls;
+ }
+ }
+ return 0;
+}
+
+static int
+glue_op_func ( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ BackendDB *b0 = op->o_bd;
+ BackendInfo *bi0 = op->o_bd->bd_info;
+ BI_op_modify **func;
+ slap_operation_t which = op_bind;
+ int rc;
+
+ op->o_bd = glue_back_select (b0, &op->o_req_ndn);
+
+ /* If we're on the master backend, let overlay framework handle it */
+ if ( op->o_bd == b0 )
+ return SLAP_CB_CONTINUE;
+
+ b0->bd_info = on->on_info->oi_orig;
+
+ switch(op->o_tag) {
+ case LDAP_REQ_ADD: which = op_add; break;
+ case LDAP_REQ_DELETE: which = op_delete; break;
+ case LDAP_REQ_MODIFY: which = op_modify; break;
+ case LDAP_REQ_MODRDN: which = op_modrdn; break;
+ case LDAP_REQ_EXTENDED: which = op_extended; break;
+ default: assert( 0 ); break;
+ }
+
+ func = &op->o_bd->bd_info->bi_op_bind;
+ if ( func[which] )
+ rc = func[which]( op, rs );
+ else
+ rc = SLAP_CB_BYPASS;
+
+ op->o_bd = b0;
+ op->o_bd->bd_info = bi0;
+ return rc;
+}
+
+static int
+glue_response ( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ BackendDB *be = op->o_bd;
+ be = glue_back_select (op->o_bd, &op->o_req_ndn);
+
+ /* If we're on the master backend, let overlay framework handle it.
+ * Otherwise, bail out.
+ */
+ return ( op->o_bd == be ) ? SLAP_CB_CONTINUE : SLAP_CB_BYPASS;
+}
+
+static int
+glue_chk_referrals ( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ BackendDB *b0 = op->o_bd;
+ BackendInfo *bi0 = op->o_bd->bd_info;
+ int rc;
+
+ op->o_bd = glue_back_select (b0, &op->o_req_ndn);
+ if ( op->o_bd == b0 )
+ return SLAP_CB_CONTINUE;
+
+ b0->bd_info = on->on_info->oi_orig;
+
+ if ( op->o_bd->bd_info->bi_chk_referrals )
+ rc = ( *op->o_bd->bd_info->bi_chk_referrals )( op, rs );
+ else
+ rc = SLAP_CB_CONTINUE;
+
+ op->o_bd = b0;
+ op->o_bd->bd_info = bi0;
+ return rc;
+}
+
+static int
+glue_chk_controls ( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ BackendDB *b0 = op->o_bd;
+ BackendInfo *bi0 = op->o_bd->bd_info;
+ int rc = SLAP_CB_CONTINUE;
+
+ op->o_bd = glue_back_select (b0, &op->o_req_ndn);
+ if ( op->o_bd == b0 )
+ return SLAP_CB_CONTINUE;
+
+ b0->bd_info = on->on_info->oi_orig;
+
+ /* if the subordinate database has overlays, the bi_chk_controls()
+ * hook is actually over_aux_chk_controls(); in case it actually
+ * wraps a missing hok, we need to mimic the behavior
+ * of the frontend applied to that database */
+ if ( op->o_bd->bd_info->bi_chk_controls ) {
+ rc = ( *op->o_bd->bd_info->bi_chk_controls )( op, rs );
+ }
+
+
+ if ( rc == SLAP_CB_CONTINUE ) {
+ rc = backend_check_controls( op, rs );
+ }
+
+ op->o_bd = b0;
+ op->o_bd->bd_info = bi0;
+ return rc;
+}
+
+/* ITS#4615 - overlays configured above the glue overlay should be
+ * invoked for the entire glued tree. Overlays configured below the
+ * glue overlay should only be invoked on the master backend.
+ * So, if we're searching on any subordinates, we need to force the
+ * current overlay chain to stop processing, without stopping the
+ * overall callback flow.
+ */
+static int
+glue_sub_search( Operation *op, SlapReply *rs, BackendDB *b0,
+ slap_overinst *on )
+{
+ /* Process any overlays on the master backend */
+ if ( op->o_bd == b0 && on->on_next ) {
+ BackendInfo *bi = op->o_bd->bd_info;
+ int rc = SLAP_CB_CONTINUE;
+ for ( on=on->on_next; on; on=on->on_next ) {
+ op->o_bd->bd_info = (BackendInfo *)on;
+ if ( on->on_bi.bi_op_search ) {
+ rc = on->on_bi.bi_op_search( op, rs );
+ if ( rc != SLAP_CB_CONTINUE )
+ break;
+ }
+ }
+ op->o_bd->bd_info = bi;
+ if ( rc != SLAP_CB_CONTINUE )
+ return rc;
+ }
+ return op->o_bd->be_search( op, rs );
+}
+
+static int
+glue_op_search ( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ glueinfo *gi = (glueinfo *)on->on_bi.bi_private;
+ BackendDB *b0 = op->o_bd;
+ BackendDB *b1 = NULL, *btmp;
+ BackendInfo *bi0 = op->o_bd->bd_info;
+ int i;
+ long stoptime = 0, starttime;
+ glue_state gs = {NULL, NULL, NULL, 0, 0, 0, 0};
+ slap_callback cb = { NULL, glue_op_response, glue_op_cleanup, NULL };
+ int scope0, tlimit0;
+ struct berval dn, ndn, *pdn;
+
+ cb.sc_private = &gs;
+
+ cb.sc_next = op->o_callback;
+
+ starttime = op->o_time;
+ stoptime = slap_get_time () + op->ors_tlimit;
+
+ op->o_bd = glue_back_select (b0, &op->o_req_ndn);
+ b0->bd_info = on->on_info->oi_orig;
+
+ switch (op->ors_scope) {
+ case LDAP_SCOPE_BASE:
+ if ( op->o_bd == b0 )
+ return SLAP_CB_CONTINUE;
+
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ if (op->o_bd && op->o_bd->be_search) {
+ rs->sr_err = op->o_bd->be_search( op, rs );
+ }
+ return rs->sr_err;
+
+ case LDAP_SCOPE_ONELEVEL:
+ case LDAP_SCOPE_SUBTREE:
+ case LDAP_SCOPE_SUBORDINATE: /* FIXME */
+ op->o_callback = &cb;
+ rs->sr_err = gs.err = LDAP_UNWILLING_TO_PERFORM;
+ scope0 = op->ors_scope;
+ tlimit0 = op->ors_tlimit;
+ dn = op->o_req_dn;
+ ndn = op->o_req_ndn;
+ b1 = op->o_bd;
+
+ /*
+ * Execute in reverse order, most specific first
+ */
+ for (i = gi->gi_nodes; i >= 0; i--) {
+ if ( i == gi->gi_nodes ) {
+ btmp = b0;
+ pdn = &gi->gi_pdn;
+ } else {
+ btmp = gi->gi_n[i].gn_be;
+ pdn = &gi->gi_n[i].gn_pdn;
+ }
+ if (!btmp || !btmp->be_search)
+ continue;
+ if (!dnIsSuffix(&btmp->be_nsuffix[0], &b1->be_nsuffix[0]))
+ continue;
+ if (tlimit0 != SLAP_NO_LIMIT) {
+ op->o_time = slap_get_time();
+ op->ors_tlimit = stoptime - op->o_time;
+ if (op->ors_tlimit <= 0) {
+ rs->sr_err = gs.err = LDAP_TIMELIMIT_EXCEEDED;
+ break;
+ }
+ }
+ rs->sr_err = 0;
+ /*
+ * check for abandon
+ */
+ if (op->o_abandon) {
+ goto end_of_loop;
+ }
+ op->o_bd = btmp;
+
+ assert( op->o_bd->be_suffix != NULL );
+ assert( op->o_bd->be_nsuffix != NULL );
+
+ if (scope0 == LDAP_SCOPE_ONELEVEL &&
+ dn_match(pdn, &ndn))
+ {
+ op->ors_scope = LDAP_SCOPE_BASE;
+ op->o_req_dn = op->o_bd->be_suffix[0];
+ op->o_req_ndn = op->o_bd->be_nsuffix[0];
+ rs->sr_err = op->o_bd->be_search(op, rs);
+ if ( rs->sr_err == LDAP_NO_SUCH_OBJECT ) {
+ gs.err = LDAP_SUCCESS;
+ }
+ op->ors_scope = LDAP_SCOPE_ONELEVEL;
+ op->o_req_dn = dn;
+ op->o_req_ndn = ndn;
+
+ } else if (scope0 == LDAP_SCOPE_SUBTREE &&
+ dn_match(&op->o_bd->be_nsuffix[0], &ndn))
+ {
+ rs->sr_err = glue_sub_search( op, rs, b0, on );
+
+ } else if (scope0 == LDAP_SCOPE_SUBTREE &&
+ dnIsSuffix(&op->o_bd->be_nsuffix[0], &ndn))
+ {
+ op->o_req_dn = op->o_bd->be_suffix[0];
+ op->o_req_ndn = op->o_bd->be_nsuffix[0];
+ rs->sr_err = glue_sub_search( op, rs, b0, on );
+ if ( rs->sr_err == LDAP_NO_SUCH_OBJECT ) {
+ gs.err = LDAP_SUCCESS;
+ }
+ op->o_req_dn = dn;
+ op->o_req_ndn = ndn;
+
+ } else if (dnIsSuffix(&ndn, &op->o_bd->be_nsuffix[0])) {
+ rs->sr_err = glue_sub_search( op, rs, b0, on );
+ }
+
+ switch ( gs.err ) {
+
+ /*
+ * Add errors that should result in dropping
+ * the search
+ */
+ case LDAP_SIZELIMIT_EXCEEDED:
+ case LDAP_TIMELIMIT_EXCEEDED:
+ case LDAP_ADMINLIMIT_EXCEEDED:
+ case LDAP_NO_SUCH_OBJECT:
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ case LDAP_X_CANNOT_CHAIN:
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+ goto end_of_loop;
+
+ default:
+ break;
+ }
+ }
+end_of_loop:;
+ op->ors_scope = scope0;
+ op->ors_tlimit = tlimit0;
+ op->o_time = starttime;
+ op->o_req_dn = dn;
+ op->o_req_ndn = ndn;
+
+ break;
+ }
+ if ( op->o_abandon ) {
+ rs->sr_err = SLAPD_ABANDON;
+ } else {
+ op->o_callback = cb.sc_next;
+ rs->sr_err = gs.err;
+ rs->sr_matched = gs.matched;
+ rs->sr_ref = gs.refs;
+ rs->sr_ctrls = gs.ctrls;
+
+ send_ldap_result( op, rs );
+ }
+
+ op->o_bd = b0;
+ op->o_bd->bd_info = bi0;
+ if (gs.matched)
+ free (gs.matched);
+ if (gs.refs)
+ ber_bvarray_free(gs.refs);
+ if (gs.ctrls) {
+ for (i = gs.nctrls; --i >= 0; ) {
+ if (!BER_BVISNULL( &gs.ctrls[i]->ldctl_value ))
+ free(gs.ctrls[i]->ldctl_value.bv_val);
+ free(gs.ctrls[i]);
+ }
+ free(gs.ctrls);
+ }
+ return rs->sr_err;
+}
+
+static BackendDB toolDB;
+
+static int
+glue_tool_entry_open (
+ BackendDB *b0,
+ int mode
+)
+{
+ slap_overinfo *oi = (slap_overinfo *)b0->bd_info;
+
+ /* We don't know which backend to talk to yet, so just
+ * remember the mode and move on...
+ */
+
+ glueMode = mode;
+ glueBack = NULL;
+ toolDB = *b0;
+ toolDB.bd_info = oi->oi_orig;
+
+ return 0;
+}
+
+static int
+glue_tool_entry_close (
+ BackendDB *b0
+)
+{
+ int rc = 0;
+
+ if (glueBack) {
+ if (!glueBack->be_entry_close)
+ return 0;
+ rc = glueBack->be_entry_close (glueBack);
+ }
+ return rc;
+}
+
+static slap_overinst *
+glue_tool_inst(
+ BackendInfo *bi
+)
+{
+ slap_overinfo *oi = (slap_overinfo *)bi;
+ slap_overinst *on;
+
+ for ( on = oi->oi_list; on; on=on->on_next ) {
+ if ( !strcmp( on->on_bi.bi_type, glue.on_bi.bi_type ))
+ return on;
+ }
+ return NULL;
+}
+
+/* This function will only be called in tool mode */
+static int
+glue_open (
+ BackendInfo *bi
+)
+{
+ slap_overinst *on = glue_tool_inst( bi );
+ glueinfo *gi = on->on_bi.bi_private;
+ static int glueOpened = 0;
+ int i, j, same, bsame = 0, rc = 0;
+
+ if (glueOpened) return 0;
+
+ glueOpened = 1;
+
+ /* If we were invoked in tool mode, open all the underlying backends */
+ if (slapMode & SLAP_TOOL_MODE) {
+ for (i = 0; i<gi->gi_nodes; i++) {
+ same = 0;
+ /* Same bi_open as our main backend? */
+ if ( gi->gi_n[i].gn_be->bd_info->bi_open ==
+ on->on_info->oi_orig->bi_open )
+ bsame = 1;
+
+ /* Loop thru the bd_info's and make sure we only
+ * invoke their bi_open functions once each.
+ */
+ for ( j = 0; j<i; j++ ) {
+ if ( gi->gi_n[i].gn_be->bd_info->bi_open ==
+ gi->gi_n[j].gn_be->bd_info->bi_open ) {
+ same = 1;
+ break;
+ }
+ }
+ /* OK, it's unique and non-NULL, call it. */
+ if ( !same && gi->gi_n[i].gn_be->bd_info->bi_open )
+ rc = gi->gi_n[i].gn_be->bd_info->bi_open(
+ gi->gi_n[i].gn_be->bd_info );
+ /* Let backend.c take care of the rest of startup */
+ if ( !rc )
+ rc = backend_startup_one( gi->gi_n[i].gn_be );
+ if ( rc ) break;
+ }
+ if ( !rc && !bsame && on->on_info->oi_orig->bi_open )
+ rc = on->on_info->oi_orig->bi_open( on->on_info->oi_orig );
+
+ } /* other case is impossible */
+ return rc;
+}
+
+/* This function will only be called in tool mode */
+static int
+glue_close (
+ BackendInfo *bi
+)
+{
+ static int glueClosed = 0;
+ int rc = 0;
+
+ if (glueClosed) return 0;
+
+ glueClosed = 1;
+
+ if (slapMode & SLAP_TOOL_MODE) {
+ rc = backend_shutdown( NULL );
+ }
+ return rc;
+}
+
+static int
+glue_entry_release_rw (
+ Operation *op,
+ Entry *e,
+ int rw
+)
+{
+ BackendDB *b0, b2;
+ int rc = -1;
+
+ b0 = op->o_bd;
+ b2 = *op->o_bd;
+ b2.bd_info = (BackendInfo *)glue_tool_inst( op->o_bd->bd_info );
+ op->o_bd = glue_back_select (&b2, &e->e_nname);
+
+ if ( op->o_bd->be_release ) {
+ rc = op->o_bd->be_release( op, e, rw );
+
+ } else {
+ /* FIXME: mimic be_entry_release_rw
+ * when no be_release() available */
+ /* free entry */
+ entry_free( e );
+ rc = 0;
+ }
+ op->o_bd = b0;
+ return rc;
+}
+
+static ID
+glue_tool_entry_first (
+ BackendDB *b0
+)
+{
+ slap_overinst *on = glue_tool_inst( b0->bd_info );
+ glueinfo *gi = on->on_bi.bi_private;
+ int i;
+
+ /* If we're starting from scratch, start at the most general */
+ if (!glueBack) {
+ if ( toolDB.be_entry_open && toolDB.be_entry_first ) {
+ glueBack = &toolDB;
+ } else {
+ for (i = gi->gi_nodes-1; i >= 0; i--) {
+ if (gi->gi_n[i].gn_be->be_entry_open &&
+ gi->gi_n[i].gn_be->be_entry_first) {
+ glueBack = gi->gi_n[i].gn_be;
+ break;
+ }
+ }
+ }
+ }
+ if (!glueBack || !glueBack->be_entry_open || !glueBack->be_entry_first ||
+ glueBack->be_entry_open (glueBack, glueMode) != 0)
+ return NOID;
+
+ return glueBack->be_entry_first (glueBack);
+}
+
+static ID
+glue_tool_entry_next (
+ BackendDB *b0
+)
+{
+ slap_overinst *on = glue_tool_inst( b0->bd_info );
+ glueinfo *gi = on->on_bi.bi_private;
+ int i;
+ ID rc;
+
+ if (!glueBack || !glueBack->be_entry_next)
+ return NOID;
+
+ rc = glueBack->be_entry_next (glueBack);
+
+ /* If we ran out of entries in one database, move on to the next */
+ while (rc == NOID) {
+ if ( glueBack && glueBack->be_entry_close )
+ glueBack->be_entry_close (glueBack);
+ for (i=0; i<gi->gi_nodes; i++) {
+ if (gi->gi_n[i].gn_be == glueBack)
+ break;
+ }
+ if (i == 0) {
+ glueBack = NULL;
+ break;
+ } else {
+ glueBack = gi->gi_n[i-1].gn_be;
+ rc = glue_tool_entry_first (b0);
+ }
+ }
+ return rc;
+}
+
+static Entry *
+glue_tool_entry_get (
+ BackendDB *b0,
+ ID id
+)
+{
+ if (!glueBack || !glueBack->be_entry_get)
+ return NULL;
+
+ return glueBack->be_entry_get (glueBack, id);
+}
+
+static ID
+glue_tool_entry_put (
+ BackendDB *b0,
+ Entry *e,
+ struct berval *text
+)
+{
+ BackendDB *be, b2;
+ int rc = -1;
+
+ b2 = *b0;
+ b2.bd_info = (BackendInfo *)glue_tool_inst( b0->bd_info );
+ be = glue_back_select (&b2, &e->e_nname);
+ if ( be == &b2 ) be = &toolDB;
+
+ if (!be->be_entry_put)
+ return NOID;
+
+ if (!glueBack) {
+ if ( be->be_entry_open ) {
+ rc = be->be_entry_open (be, glueMode);
+ }
+ if (rc != 0) {
+ return NOID;
+ }
+ } else if (be != glueBack) {
+ /* If this entry belongs in a different branch than the
+ * previous one, close the current database and open the
+ * new one.
+ */
+ if ( glueBack->be_entry_close ) {
+ glueBack->be_entry_close (glueBack);
+ }
+ if ( be->be_entry_open ) {
+ rc = be->be_entry_open (be, glueMode);
+ }
+ if (rc != 0) {
+ return NOID;
+ }
+ }
+ glueBack = be;
+ return be->be_entry_put (be, e, text);
+}
+
+static int
+glue_tool_entry_reindex (
+ BackendDB *b0,
+ ID id
+)
+{
+ if (!glueBack || !glueBack->be_entry_reindex)
+ return -1;
+
+ return glueBack->be_entry_reindex (glueBack, id);
+}
+
+static int
+glue_tool_sync (
+ BackendDB *b0
+)
+{
+ slap_overinst *on = glue_tool_inst( b0->bd_info );
+ glueinfo *gi = on->on_bi.bi_private;
+ BackendInfo *bi = b0->bd_info;
+ int i;
+
+ /* just sync everyone */
+ for (i = 0; i<gi->gi_nodes; i++)
+ if (gi->gi_n[i].gn_be->be_sync)
+ gi->gi_n[i].gn_be->be_sync (gi->gi_n[i].gn_be);
+ b0->bd_info = on->on_info->oi_orig;
+ if ( b0->be_sync )
+ b0->be_sync( b0 );
+ b0->bd_info = bi;
+ return 0;
+}
+
+static int
+glue_db_init(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ slap_overinfo *oi = on->on_info;
+ BackendInfo *bi = oi->oi_orig;
+ glueinfo *gi;
+
+ if ( SLAP_GLUE_SUBORDINATE( be )) {
+ Debug( LDAP_DEBUG_ANY, "glue: backend %s is already subordinate, "
+ "cannot have glue overlay!\n",
+ be->be_suffix[0].bv_val, 0, 0 );
+ return LDAP_OTHER;
+ }
+
+ gi = ch_calloc( 1, sizeof(glueinfo));
+ on->on_bi.bi_private = gi;
+ dnParent( be->be_nsuffix, &gi->gi_pdn );
+
+ /* Currently the overlay framework doesn't handle these entry points
+ * but we need them....
+ */
+ oi->oi_bi.bi_open = glue_open;
+ oi->oi_bi.bi_close = glue_close;
+
+ oi->oi_bi.bi_entry_release_rw = glue_entry_release_rw;
+
+ /* Only advertise these if the root DB supports them */
+ if ( bi->bi_tool_entry_open )
+ oi->oi_bi.bi_tool_entry_open = glue_tool_entry_open;
+ if ( bi->bi_tool_entry_close )
+ oi->oi_bi.bi_tool_entry_close = glue_tool_entry_close;
+ if ( bi->bi_tool_entry_first )
+ oi->oi_bi.bi_tool_entry_first = glue_tool_entry_first;
+ if ( bi->bi_tool_entry_next )
+ oi->oi_bi.bi_tool_entry_next = glue_tool_entry_next;
+ if ( bi->bi_tool_entry_get )
+ oi->oi_bi.bi_tool_entry_get = glue_tool_entry_get;
+ if ( bi->bi_tool_entry_put )
+ oi->oi_bi.bi_tool_entry_put = glue_tool_entry_put;
+ if ( bi->bi_tool_entry_reindex )
+ oi->oi_bi.bi_tool_entry_reindex = glue_tool_entry_reindex;
+ if ( bi->bi_tool_sync )
+ oi->oi_bi.bi_tool_sync = glue_tool_sync;
+
+ /*FIXME : need to add support */
+ oi->oi_bi.bi_tool_dn2id_get = 0;
+ oi->oi_bi.bi_tool_id2entry_get = 0;
+ oi->oi_bi.bi_tool_entry_modify = 0;
+
+ SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_GLUE_INSTANCE;
+
+ return 0;
+}
+
+static int
+glue_db_destroy (
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ glueinfo *gi = (glueinfo *)on->on_bi.bi_private;
+
+ free (gi);
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+glue_db_close(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+
+ on->on_info->oi_bi.bi_db_close = 0;
+ return 0;
+}
+
+int
+glue_sub_del( BackendDB *b0 )
+{
+ BackendDB *be;
+ int rc = 0;
+
+ /* Find the top backend for this subordinate */
+ be = b0;
+ while ( (be=LDAP_STAILQ_NEXT( be, be_next )) != NULL ) {
+ slap_overinfo *oi;
+ slap_overinst *on;
+ glueinfo *gi;
+ int i;
+
+ if ( SLAP_GLUE_SUBORDINATE( be ))
+ continue;
+ if ( !SLAP_GLUE_INSTANCE( be ))
+ continue;
+ if ( !dnIsSuffix( &b0->be_nsuffix[0], &be->be_nsuffix[0] ))
+ continue;
+
+ /* OK, got the right backend, find the overlay */
+ oi = (slap_overinfo *)be->bd_info;
+ for ( on=oi->oi_list; on; on=on->on_next ) {
+ if ( on->on_bi.bi_type == glue.on_bi.bi_type )
+ break;
+ }
+ assert( on != NULL );
+ gi = on->on_bi.bi_private;
+ for ( i=0; i < gi->gi_nodes; i++ ) {
+ if ( gi->gi_n[i].gn_be == b0 ) {
+ int j;
+
+ for (j=i+1; j < gi->gi_nodes; j++)
+ gi->gi_n[j-1] = gi->gi_n[j];
+
+ gi->gi_nodes--;
+ }
+ }
+ }
+ if ( be == NULL )
+ rc = LDAP_NO_SUCH_OBJECT;
+
+ return rc;
+}
+
+typedef struct glue_Addrec {
+ struct glue_Addrec *ga_next;
+ BackendDB *ga_be;
+} glue_Addrec;
+
+/* List of added subordinates */
+static glue_Addrec *ga_list;
+
+/* Attach all the subordinate backends to their superior */
+int
+glue_sub_attach()
+{
+ glue_Addrec *ga, *gnext = NULL;
+ int rc = 0;
+
+ /* For all the subordinate backends */
+ for ( ga=ga_list; ga != NULL; ga = gnext ) {
+ BackendDB *be;
+
+ gnext = ga->ga_next;
+
+ /* Find the top backend for this subordinate */
+ be = ga->ga_be;
+ while ( (be=LDAP_STAILQ_NEXT( be, be_next )) != NULL ) {
+ slap_overinfo *oi;
+ slap_overinst *on;
+ glueinfo *gi;
+
+ if ( SLAP_GLUE_SUBORDINATE( be ))
+ continue;
+ if ( !dnIsSuffix( &ga->ga_be->be_nsuffix[0], &be->be_nsuffix[0] ))
+ continue;
+
+ /* If it's not already configured, set up the overlay */
+ if ( !SLAP_GLUE_INSTANCE( be )) {
+ rc = overlay_config( be, glue.on_bi.bi_type );
+ if ( rc )
+ break;
+ }
+ /* Find the overlay instance */
+ oi = (slap_overinfo *)be->bd_info;
+ for ( on=oi->oi_list; on; on=on->on_next ) {
+ if ( on->on_bi.bi_type == glue.on_bi.bi_type )
+ break;
+ }
+ assert( on != NULL );
+ gi = on->on_bi.bi_private;
+ gi = (glueinfo *)ch_realloc( gi, sizeof(glueinfo) +
+ gi->gi_nodes * sizeof(gluenode));
+ gi->gi_n[gi->gi_nodes].gn_be = ga->ga_be;
+ dnParent( &ga->ga_be->be_nsuffix[0],
+ &gi->gi_n[gi->gi_nodes].gn_pdn );
+ gi->gi_nodes++;
+ on->on_bi.bi_private = gi;
+ break;
+ }
+ if ( !be ) {
+ Debug( LDAP_DEBUG_ANY, "glue: no superior found for sub %s!\n",
+ ga->ga_be->be_suffix[0].bv_val, 0, 0 );
+ rc = LDAP_NO_SUCH_OBJECT;
+ }
+ ch_free( ga );
+ if ( rc ) break;
+ }
+
+ ga_list = gnext;
+
+ return rc;
+}
+
+int
+glue_sub_add( BackendDB *be, int advert, int online )
+{
+ glue_Addrec *ga;
+ int rc = 0;
+
+ if ( overlay_is_inst( be, "glue" )) {
+ Debug( LDAP_DEBUG_ANY, "glue: backend %s already has glue overlay, "
+ "cannot be a subordinate!\n",
+ be->be_suffix[0].bv_val, 0, 0 );
+ return LDAP_OTHER;
+ }
+ SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_GLUE_SUBORDINATE;
+ if ( advert )
+ SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_GLUE_ADVERTISE;
+
+ ga = ch_malloc( sizeof( glue_Addrec ));
+ ga->ga_next = ga_list;
+ ga->ga_be = be;
+ ga_list = ga;
+
+ if ( online )
+ rc = glue_sub_attach();
+
+ return rc;
+}
+
+int
+glue_sub_init()
+{
+ glue.on_bi.bi_type = "glue";
+
+ glue.on_bi.bi_db_init = glue_db_init;
+ glue.on_bi.bi_db_close = glue_db_close;
+ glue.on_bi.bi_db_destroy = glue_db_destroy;
+
+ glue.on_bi.bi_op_search = glue_op_search;
+ glue.on_bi.bi_op_modify = glue_op_func;
+ glue.on_bi.bi_op_modrdn = glue_op_func;
+ glue.on_bi.bi_op_add = glue_op_func;
+ glue.on_bi.bi_op_delete = glue_op_func;
+ glue.on_bi.bi_extended = glue_op_func;
+
+ glue.on_bi.bi_chk_referrals = glue_chk_referrals;
+ glue.on_bi.bi_chk_controls = glue_chk_controls;
+ glue.on_response = glue_response;
+
+ return overlay_register( &glue );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/backover.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/backover.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/backover.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,979 @@
+/* backover.c - backend overlay routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backover.c,v 1.31.2.20 2007/01/02 21:43:54 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/* Functions to overlay other modules over a backend. */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#define SLAPD_TOOLS
+#include "slap.h"
+#include "config.h"
+
+static slap_overinst *overlays;
+
+enum db_which {
+ db_open = 0,
+ db_close,
+ db_destroy,
+ db_last
+};
+
+static int
+over_db_func(
+ BackendDB *be,
+ enum db_which which
+)
+{
+ slap_overinfo *oi = be->bd_info->bi_private;
+ slap_overinst *on = oi->oi_list;
+ BackendInfo *bi_orig = be->bd_info;
+ BI_db_open **func;
+ int rc = 0;
+
+ func = &oi->oi_orig->bi_db_open;
+ if ( func[which] ) {
+ be->bd_info = oi->oi_orig;
+ rc = func[which]( be );
+ }
+
+ for (; on && rc == 0; on=on->on_next) {
+ be->bd_info = &on->on_bi;
+ func = &on->on_bi.bi_db_open;
+ if (func[which]) {
+ rc = func[which]( be );
+ }
+ }
+ be->bd_info = bi_orig;
+ return rc;
+}
+
+static int
+over_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ slap_overinfo *oi = be->bd_info->bi_private;
+ slap_overinst *on = oi->oi_list;
+ BackendInfo *bi_orig = be->bd_info;
+ struct ConfigOCs *be_cf_ocs = be->be_cf_ocs;
+ ConfigArgs ca = {0};
+ int rc = 0;
+
+ if ( oi->oi_orig->bi_db_config ) {
+ be->bd_info = oi->oi_orig;
+ be->be_cf_ocs = oi->oi_orig->bi_cf_ocs;
+ rc = oi->oi_orig->bi_db_config( be, fname, lineno,
+ argc, argv );
+
+ if ( be->bd_info != oi->oi_orig ) {
+ slap_overinfo *oi2;
+ slap_overinst *on2, **onp;
+ BackendDB be2 = *be;
+ int i;
+
+ /* a database added an overlay;
+ * work it around... */
+ assert( overlay_is_over( be ) );
+
+ oi2 = ( slap_overinfo * )be->bd_info->bi_private;
+ on2 = oi2->oi_list;
+
+ /* need to put a uniqueness check here as well;
+ * note that in principle there could be more than
+ * one overlay as a result of multiple calls to
+ * overlay_config() */
+ be2.bd_info = (BackendInfo *)oi;
+
+ for ( i = 0, onp = &on2; *onp; i++, onp = &(*onp)->on_next ) {
+ if ( overlay_is_inst( &be2, (*onp)->on_bi.bi_type ) ) {
+ Debug( LDAP_DEBUG_ANY, "over_db_config(): "
+ "warning, freshly added "
+ "overlay #%d \"%s\" is already in list\n",
+ i, (*onp)->on_bi.bi_type, 0 );
+
+ /* NOTE: if the overlay already exists,
+ * there is no way to merge the results
+ * of the configuration that may have
+ * occurred during bi_db_config(); we
+ * just issue a warning, and the
+ * administrator should deal with this */
+ }
+ }
+ *onp = oi->oi_list;
+
+ oi->oi_list = on2;
+
+ ch_free( be->bd_info );
+ }
+
+ be->bd_info = (BackendInfo *)oi;
+ if ( rc != SLAP_CONF_UNKNOWN ) return rc;
+ }
+
+ ca.argv = argv;
+ ca.argc = argc;
+ ca.fname = fname;
+ ca.lineno = lineno;
+ ca.be = be;
+ snprintf( ca.log, sizeof( ca.log ), "%s: line %d",
+ ca.fname, ca.lineno );
+
+ for (; on; on=on->on_next) {
+ rc = SLAP_CONF_UNKNOWN;
+ if (on->on_bi.bi_cf_ocs) {
+ ConfigTable *ct;
+ ca.bi = &on->on_bi;
+ ct = config_find_keyword( on->on_bi.bi_cf_ocs->co_table, &ca );
+ if ( ct ) {
+ rc = config_add_vals( ct, &ca );
+ if ( rc != SLAP_CONF_UNKNOWN )
+ break;
+ }
+ }
+ if (on->on_bi.bi_db_config && rc == SLAP_CONF_UNKNOWN) {
+ be->bd_info = &on->on_bi;
+ rc = on->on_bi.bi_db_config( be, fname, lineno,
+ argc, argv );
+ if ( rc != SLAP_CONF_UNKNOWN ) break;
+ }
+ }
+ be->bd_info = bi_orig;
+ be->be_cf_ocs = be_cf_ocs;
+
+ return rc;
+}
+
+static int
+over_db_open(
+ BackendDB *be
+)
+{
+ return over_db_func( be, db_open );
+}
+
+static int
+over_db_close(
+ BackendDB *be
+)
+{
+ slap_overinfo *oi = be->bd_info->bi_private;
+ slap_overinst *on = oi->oi_list;
+ BackendInfo *bi_orig = be->bd_info;
+ int rc = 0;
+
+ for (; on && rc == 0; on=on->on_next) {
+ be->bd_info = &on->on_bi;
+ if ( be->bd_info->bi_db_close ) {
+ rc = be->bd_info->bi_db_close( be );
+ }
+ }
+
+ if ( oi->oi_orig->bi_db_close ) {
+ be->bd_info = oi->oi_orig;
+ rc = be->bd_info->bi_db_close( be );
+ }
+
+ be->bd_info = bi_orig;
+ return rc;
+}
+
+static int
+over_db_destroy(
+ BackendDB *be
+)
+{
+ slap_overinfo *oi = be->bd_info->bi_private;
+ slap_overinst *on = oi->oi_list, *next;
+ int rc;
+
+ rc = over_db_func( be, db_destroy );
+
+ if ( on ) {
+ for (next = on->on_next; on; on=next) {
+ next = on->on_next;
+ free( on );
+ }
+ }
+ free( oi );
+ return rc;
+}
+
+static int
+over_back_response ( Operation *op, SlapReply *rs )
+{
+ slap_overinfo *oi = op->o_callback->sc_private;
+ slap_overinst *on = oi->oi_list;
+ int rc = SLAP_CB_CONTINUE;
+ BackendDB *be = op->o_bd, db = *op->o_bd;
+
+ db.be_flags |= SLAP_DBFLAG_OVERLAY;
+ op->o_bd = &db;
+ for (; on; on=on->on_next ) {
+ if ( on->on_response ) {
+ db.bd_info = (BackendInfo *)on;
+ rc = on->on_response( op, rs );
+ if ( rc != SLAP_CB_CONTINUE ) break;
+ }
+ }
+ /* Bypass the remaining on_response layers, but allow
+ * normal execution to continue.
+ */
+ if ( rc == SLAP_CB_BYPASS )
+ rc = SLAP_CB_CONTINUE;
+ op->o_bd = be;
+ return rc;
+}
+
+#ifdef SLAP_OVERLAY_ACCESS
+static int
+over_access_allowed(
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *maskp )
+{
+ slap_overinfo *oi;
+ slap_overinst *on;
+ BackendInfo *bi;
+ BackendDB *be = op->o_bd, db;
+ int rc = SLAP_CB_CONTINUE;
+
+ /* FIXME: used to happen for instance during abandon
+ * when global overlays are used... */
+ assert( op->o_bd != NULL );
+
+ bi = op->o_bd->bd_info;
+ /* Were we invoked on the frontend? */
+ if ( !bi->bi_access_allowed ) {
+ oi = frontendDB->bd_info->bi_private;
+ } else {
+ oi = op->o_bd->bd_info->bi_private;
+ }
+ on = oi->oi_list;
+
+ for ( ; on; on = on->on_next ) {
+ if ( on->on_bi.bi_access_allowed ) {
+ /* NOTE: do not copy the structure until required */
+ if ( !SLAP_ISOVERLAY( op->o_bd ) ) {
+ db = *op->o_bd;
+ db.be_flags |= SLAP_DBFLAG_OVERLAY;
+ op->o_bd = &db;
+ }
+
+ op->o_bd->bd_info = (BackendInfo *)on;
+ rc = on->on_bi.bi_access_allowed( op, e,
+ desc, val, access, state, maskp );
+ if ( rc != SLAP_CB_CONTINUE ) break;
+ }
+ }
+
+ if ( rc == SLAP_CB_CONTINUE ) {
+ BI_access_allowed *bi_access_allowed;
+
+ /* if the database structure was changed, o_bd points to a
+ * copy of the structure; put the original bd_info in place */
+ if ( SLAP_ISOVERLAY( op->o_bd ) ) {
+ op->o_bd->bd_info = oi->oi_orig;
+ }
+
+ if ( oi->oi_orig->bi_access_allowed ) {
+ bi_access_allowed = oi->oi_orig->bi_access_allowed;
+ } else {
+ bi_access_allowed = slap_access_allowed;
+ }
+
+ rc = bi_access_allowed( op, e,
+ desc, val, access, state, maskp );
+ }
+ /* should not fall thru this far without anything happening... */
+ if ( rc == SLAP_CB_CONTINUE ) {
+ /* access not allowed */
+ rc = 0;
+ }
+
+ op->o_bd = be;
+ op->o_bd->bd_info = bi;
+
+ return rc;
+}
+
+static int
+over_acl_group(
+ Operation *op,
+ Entry *e,
+ struct berval *gr_ndn,
+ struct berval *op_ndn,
+ ObjectClass *group_oc,
+ AttributeDescription *group_at )
+{
+ slap_overinfo *oi;
+ slap_overinst *on;
+ BackendInfo *bi = op->o_bd->bd_info;
+ BackendDB *be = op->o_bd, db;
+ int rc = SLAP_CB_CONTINUE;
+
+ /* FIXME: used to happen for instance during abandon
+ * when global overlays are used... */
+ assert( op->o_bd != NULL );
+
+ oi = op->o_bd->bd_info->bi_private;
+ on = oi->oi_list;
+
+ for ( ; on; on = on->on_next ) {
+ if ( on->on_bi.bi_acl_group ) {
+ /* NOTE: do not copy the structure until required */
+ if ( !SLAP_ISOVERLAY( op->o_bd ) ) {
+ db = *op->o_bd;
+ db.be_flags |= SLAP_DBFLAG_OVERLAY;
+ op->o_bd = &db;
+ }
+
+ op->o_bd->bd_info = (BackendInfo *)on;
+ rc = on->on_bi.bi_acl_group( op, e,
+ gr_ndn, op_ndn, group_oc, group_at );
+ if ( rc != SLAP_CB_CONTINUE ) break;
+ }
+ }
+
+ if ( rc == SLAP_CB_CONTINUE ) {
+ BI_acl_group *bi_acl_group;
+
+ /* if the database structure was changed, o_bd points to a
+ * copy of the structure; put the original bd_info in place */
+ if ( SLAP_ISOVERLAY( op->o_bd ) ) {
+ op->o_bd->bd_info = oi->oi_orig;
+ }
+
+ if ( oi->oi_orig->bi_acl_group ) {
+ bi_acl_group = oi->oi_orig->bi_acl_group;
+ } else {
+ bi_acl_group = backend_group;
+ }
+
+ rc = bi_acl_group( op, e,
+ gr_ndn, op_ndn, group_oc, group_at );
+ }
+ /* should not fall thru this far without anything happening... */
+ if ( rc == SLAP_CB_CONTINUE ) {
+ /* access not allowed */
+ rc = 0;
+ }
+
+ op->o_bd = be;
+ op->o_bd->bd_info = bi;
+
+ return rc;
+}
+
+static int
+over_acl_attribute(
+ Operation *op,
+ Entry *target,
+ struct berval *entry_ndn,
+ AttributeDescription *entry_at,
+ BerVarray *vals,
+ slap_access_t access )
+{
+ slap_overinfo *oi;
+ slap_overinst *on;
+ BackendInfo *bi = op->o_bd->bd_info;
+ BackendDB *be = op->o_bd, db;
+ int rc = SLAP_CB_CONTINUE;
+
+ /* FIXME: used to happen for instance during abandon
+ * when global overlays are used... */
+ assert( op->o_bd != NULL );
+
+ oi = op->o_bd->bd_info->bi_private;
+ on = oi->oi_list;
+
+ for ( ; on; on = on->on_next ) {
+ if ( on->on_bi.bi_acl_attribute ) {
+ /* NOTE: do not copy the structure until required */
+ if ( !SLAP_ISOVERLAY( op->o_bd ) ) {
+ db = *op->o_bd;
+ db.be_flags |= SLAP_DBFLAG_OVERLAY;
+ op->o_bd = &db;
+ }
+
+ op->o_bd->bd_info = (BackendInfo *)on;
+ rc = on->on_bi.bi_acl_attribute( op, target,
+ entry_ndn, entry_at, vals, access );
+ if ( rc != SLAP_CB_CONTINUE ) break;
+ }
+ }
+
+ if ( rc == SLAP_CB_CONTINUE ) {
+ BI_acl_attribute *bi_acl_attribute;
+
+ /* if the database structure was changed, o_bd points to a
+ * copy of the structure; put the original bd_info in place */
+ if ( SLAP_ISOVERLAY( op->o_bd ) ) {
+ op->o_bd->bd_info = oi->oi_orig;
+ }
+
+ if ( oi->oi_orig->bi_acl_attribute ) {
+ bi_acl_attribute = oi->oi_orig->bi_acl_attribute;
+ } else {
+ bi_acl_attribute = backend_attribute;
+ }
+
+ rc = bi_acl_attribute( op, target,
+ entry_ndn, entry_at, vals, access );
+ }
+ /* should not fall thru this far without anything happening... */
+ if ( rc == SLAP_CB_CONTINUE ) {
+ /* access not allowed */
+ rc = 0;
+ }
+
+ op->o_bd = be;
+ op->o_bd->bd_info = bi;
+
+ return rc;
+}
+#endif /* SLAP_OVERLAY_ACCESS */
+
+/*
+ * default return code in case of missing backend function
+ * and overlay stack returning SLAP_CB_CONTINUE
+ */
+static int op_rc[ op_last ] = {
+ LDAP_UNWILLING_TO_PERFORM, /* bind */
+ LDAP_UNWILLING_TO_PERFORM, /* unbind */
+ LDAP_UNWILLING_TO_PERFORM, /* search */
+ SLAP_CB_CONTINUE, /* compare; pass to frontend */
+ LDAP_UNWILLING_TO_PERFORM, /* modify */
+ LDAP_UNWILLING_TO_PERFORM, /* modrdn */
+ LDAP_UNWILLING_TO_PERFORM, /* add */
+ LDAP_UNWILLING_TO_PERFORM, /* delete */
+ LDAP_UNWILLING_TO_PERFORM, /* abandon */
+ LDAP_UNWILLING_TO_PERFORM, /* cancel */
+ LDAP_UNWILLING_TO_PERFORM, /* extended */
+ LDAP_SUCCESS, /* aux_operational */
+ LDAP_SUCCESS, /* aux_chk_referrals */
+ SLAP_CB_CONTINUE /* aux_chk_controls; pass to frontend */
+};
+
+int overlay_op_walk(
+ Operation *op,
+ SlapReply *rs,
+ slap_operation_t which,
+ slap_overinfo *oi,
+ slap_overinst *on
+)
+{
+ BI_op_bind **func;
+ int rc = SLAP_CB_CONTINUE;
+
+ for (; on; on=on->on_next ) {
+ func = &on->on_bi.bi_op_bind;
+ if ( func[which] ) {
+ op->o_bd->bd_info = (BackendInfo *)on;
+ rc = func[which]( op, rs );
+ if ( rc != SLAP_CB_CONTINUE ) break;
+ }
+ }
+ if ( rc == SLAP_CB_BYPASS )
+ rc = SLAP_CB_CONTINUE;
+
+ func = &oi->oi_orig->bi_op_bind;
+ if ( func[which] && rc == SLAP_CB_CONTINUE ) {
+ op->o_bd->bd_info = oi->oi_orig;
+ rc = func[which]( op, rs );
+ }
+ /* should not fall thru this far without anything happening... */
+ if ( rc == SLAP_CB_CONTINUE ) {
+ rc = op_rc[ which ];
+ }
+
+ /* The underlying backend didn't handle the request, make sure
+ * overlay cleanup is processed.
+ */
+ if ( rc == LDAP_UNWILLING_TO_PERFORM ) {
+ slap_callback *sc_next;
+ for ( ; op->o_callback && op->o_callback->sc_response !=
+ over_back_response; op->o_callback = sc_next ) {
+ sc_next = op->o_callback->sc_next;
+ if ( op->o_callback->sc_cleanup ) {
+ op->o_callback->sc_cleanup( op, rs );
+ }
+ }
+ }
+ return rc;
+}
+
+static int
+over_op_func(
+ Operation *op,
+ SlapReply *rs,
+ slap_operation_t which
+)
+{
+ slap_overinfo *oi;
+ slap_overinst *on;
+ BackendDB *be = op->o_bd, db;
+ slap_callback cb = {NULL, over_back_response, NULL, NULL};
+ int rc = SLAP_CB_CONTINUE;
+
+ /* FIXME: used to happen for instance during abandon
+ * when global overlays are used... */
+ assert( op->o_bd != NULL );
+
+ oi = op->o_bd->bd_info->bi_private;
+ on = oi->oi_list;
+
+ if ( !SLAP_ISOVERLAY( op->o_bd )) {
+ db = *op->o_bd;
+ db.be_flags |= SLAP_DBFLAG_OVERLAY;
+ op->o_bd = &db;
+ }
+ cb.sc_next = op->o_callback;
+ cb.sc_private = oi;
+ op->o_callback = &cb;
+
+ rc = overlay_op_walk( op, rs, which, oi, on );
+
+ op->o_bd = be;
+ op->o_callback = cb.sc_next;
+ return rc;
+}
+
+static int
+over_op_bind( Operation *op, SlapReply *rs )
+{
+ return over_op_func( op, rs, op_bind );
+}
+
+static int
+over_op_unbind( Operation *op, SlapReply *rs )
+{
+ return over_op_func( op, rs, op_unbind );
+}
+
+static int
+over_op_search( Operation *op, SlapReply *rs )
+{
+ return over_op_func( op, rs, op_search );
+}
+
+static int
+over_op_compare( Operation *op, SlapReply *rs )
+{
+ return over_op_func( op, rs, op_compare );
+}
+
+static int
+over_op_modify( Operation *op, SlapReply *rs )
+{
+ return over_op_func( op, rs, op_modify );
+}
+
+static int
+over_op_modrdn( Operation *op, SlapReply *rs )
+{
+ return over_op_func( op, rs, op_modrdn );
+}
+
+static int
+over_op_add( Operation *op, SlapReply *rs )
+{
+ return over_op_func( op, rs, op_add );
+}
+
+static int
+over_op_delete( Operation *op, SlapReply *rs )
+{
+ return over_op_func( op, rs, op_delete );
+}
+
+static int
+over_op_abandon( Operation *op, SlapReply *rs )
+{
+ return over_op_func( op, rs, op_abandon );
+}
+
+static int
+over_op_cancel( Operation *op, SlapReply *rs )
+{
+ return over_op_func( op, rs, op_cancel );
+}
+
+static int
+over_op_extended( Operation *op, SlapReply *rs )
+{
+ return over_op_func( op, rs, op_extended );
+}
+
+static int
+over_aux_operational( Operation *op, SlapReply *rs )
+{
+ return over_op_func( op, rs, op_aux_operational );
+}
+
+static int
+over_aux_chk_referrals( Operation *op, SlapReply *rs )
+{
+ return over_op_func( op, rs, op_aux_chk_referrals );
+}
+
+static int
+over_aux_chk_controls( Operation *op, SlapReply *rs )
+{
+ return over_op_func( op, rs, op_aux_chk_controls );
+}
+
+enum conn_which {
+ conn_init = 0,
+ conn_destroy,
+ conn_last
+};
+
+static int
+over_connection_func(
+ BackendDB *bd,
+ Connection *conn,
+ enum conn_which which
+)
+{
+ slap_overinfo *oi;
+ slap_overinst *on;
+ BackendDB db;
+ int rc = SLAP_CB_CONTINUE;
+ BI_connection_init **func;
+
+ /* FIXME: used to happen for instance during abandon
+ * when global overlays are used... */
+ assert( bd != NULL );
+
+ oi = bd->bd_info->bi_private;
+ on = oi->oi_list;
+
+ if ( !SLAP_ISOVERLAY( bd ) ) {
+ db = *bd;
+ db.be_flags |= SLAP_DBFLAG_OVERLAY;
+ bd = &db;
+ }
+
+ for ( ; on; on = on->on_next ) {
+ func = &on->on_bi.bi_connection_init;
+ if ( func[ which ] ) {
+ bd->bd_info = (BackendInfo *)on;
+ rc = func[ which ]( bd, conn );
+ if ( rc != SLAP_CB_CONTINUE ) break;
+ }
+ }
+
+ func = &oi->oi_orig->bi_connection_init;
+ if ( func[ which ] && rc == SLAP_CB_CONTINUE ) {
+ bd->bd_info = oi->oi_orig;
+ rc = func[ which ]( bd, conn );
+ }
+ /* should not fall thru this far without anything happening... */
+ if ( rc == SLAP_CB_CONTINUE ) {
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ }
+
+ return rc;
+}
+
+static int
+over_connection_init(
+ BackendDB *bd,
+ Connection *conn
+)
+{
+ return over_connection_func( bd, conn, conn_init );
+}
+
+static int
+over_connection_destroy(
+ BackendDB *bd,
+ Connection *conn
+)
+{
+ return over_connection_func( bd, conn, conn_destroy );
+}
+
+int
+overlay_register(
+ slap_overinst *on
+)
+{
+ on->on_next = overlays;
+ overlays = on;
+ return 0;
+}
+
+/*
+ * iterator on registered overlays; overlay_next( NULL ) returns the first
+ * overlay; * subsequent calls with the previously returned value allow to
+ * iterate * over the entire list; returns NULL when no more overlays are
+ * registered.
+ */
+
+slap_overinst *
+overlay_next(
+ slap_overinst *on
+)
+{
+ if ( on == NULL ) {
+ return overlays;
+ }
+
+ return on->on_next;
+}
+
+/*
+ * returns a specific registered overlay based on the type; NULL if not
+ * registered.
+ */
+
+slap_overinst *
+overlay_find( const char *over_type )
+{
+ slap_overinst *on = overlays;
+
+ assert( over_type != NULL );
+
+ for ( ; on; on = on->on_next ) {
+ if ( strcmp( on->on_bi.bi_type, over_type ) == 0 ) {
+ break;
+ }
+ }
+
+ return on;
+}
+
+static const char overtype[] = "over";
+
+/*
+ * returns TRUE (1) if the database is actually an overlay instance;
+ * FALSE (0) otherwise.
+ */
+
+int
+overlay_is_over( BackendDB *be )
+{
+ return be->bd_info->bi_type == overtype;
+}
+
+/*
+ * returns TRUE (1) if the given database is actually an overlay
+ * instance and, somewhere in the list, contains the requested overlay;
+ * FALSE (0) otherwise.
+ */
+
+int
+overlay_is_inst( BackendDB *be, const char *over_type )
+{
+ slap_overinst *on;
+
+ assert( be != NULL );
+
+ if ( !overlay_is_over( be ) ) {
+ return 0;
+ }
+
+ on = ((slap_overinfo *)be->bd_info->bi_private)->oi_list;
+ for ( ; on; on = on->on_next ) {
+ if ( strcmp( on->on_bi.bi_type, over_type ) == 0 ) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+int
+overlay_register_control( BackendDB *be, const char *oid )
+{
+ int gotit = 0;
+ int cid;
+
+ if ( slap_find_control_id( oid, &cid ) == LDAP_CONTROL_NOT_FOUND ) {
+ return -1;
+ }
+
+ if ( SLAP_DBFLAGS( be ) & SLAP_DBFLAG_GLOBAL_OVERLAY ) {
+ BackendDB *bd;
+
+ /* add to all backends... */
+ LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) {
+ if ( be == bd ) {
+ gotit = 1;
+ }
+
+ bd->be_ctrls[ cid ] = 1;
+ bd->be_ctrls[ SLAP_MAX_CIDS ] = 1;
+ }
+
+ }
+
+ if ( !gotit ) {
+ be->be_ctrls[ cid ] = 1;
+ be->be_ctrls[ SLAP_MAX_CIDS ] = 1;
+ }
+
+ return 0;
+}
+
+void
+overlay_destroy_one( BackendDB *be, slap_overinst *on )
+{
+ slap_overinfo *oi = on->on_info;
+ slap_overinst **oidx;
+
+ for ( oidx = &oi->oi_list; *oidx; oidx = &(*oidx)->on_next ) {
+ if ( *oidx == on ) {
+ *oidx = on->on_next;
+ if ( on->on_bi.bi_db_destroy ) {
+ BackendInfo *bi_orig = be->bd_info;
+ be->bd_info = (BackendInfo *)on;
+ on->on_bi.bi_db_destroy( be );
+ be->bd_info = bi_orig;
+ }
+ free( on );
+ break;
+ }
+ }
+}
+
+/* add an overlay to a particular backend. */
+int
+overlay_config( BackendDB *be, const char *ov )
+{
+ slap_overinst *on = NULL, *on2 = NULL;
+ slap_overinfo *oi = NULL;
+ BackendInfo *bi = NULL;
+
+ on = overlay_find( ov );
+ if ( !on ) {
+ Debug( LDAP_DEBUG_ANY, "overlay \"%s\" not found\n", ov, 0, 0 );
+ return 1;
+ }
+
+ /* If this is the first overlay on this backend, set up the
+ * overlay info structure
+ */
+ if ( !overlay_is_over( be ) ) {
+ oi = ch_malloc( sizeof( slap_overinfo ) );
+ oi->oi_orig = be->bd_info;
+ oi->oi_bi = *be->bd_info;
+ oi->oi_origdb = be;
+
+ /* NOTE: the first time a global overlay is configured,
+ * frontendDB gets this flag; it is used later by overlays
+ * to determine if they're stacked on top of the frontendDB */
+ if ( oi->oi_orig == frontendDB->bd_info ) {
+ SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_GLOBAL_OVERLAY;
+ }
+
+ /* Save a pointer to ourself in bi_private.
+ */
+ oi->oi_bi.bi_private = oi;
+ oi->oi_list = NULL;
+ bi = (BackendInfo *)oi;
+
+ bi->bi_type = (char *)overtype;
+
+ bi->bi_db_config = over_db_config;
+ bi->bi_db_open = over_db_open;
+ bi->bi_db_close = over_db_close;
+ bi->bi_db_destroy = over_db_destroy;
+
+ bi->bi_op_bind = over_op_bind;
+ bi->bi_op_unbind = over_op_unbind;
+ bi->bi_op_search = over_op_search;
+ bi->bi_op_compare = over_op_compare;
+ bi->bi_op_modify = over_op_modify;
+ bi->bi_op_modrdn = over_op_modrdn;
+ bi->bi_op_add = over_op_add;
+ bi->bi_op_delete = over_op_delete;
+ bi->bi_op_abandon = over_op_abandon;
+ bi->bi_op_cancel = over_op_cancel;
+
+ bi->bi_extended = over_op_extended;
+
+ /*
+ * this is fine because it has the same
+ * args of the operations; we need to rework
+ * all the hooks to share the same args
+ * of the operations...
+ */
+ bi->bi_operational = over_aux_operational;
+ bi->bi_chk_referrals = over_aux_chk_referrals;
+ bi->bi_chk_controls = over_aux_chk_controls;
+
+#ifdef SLAP_OVERLAY_ACCESS
+ /* these have specific arglists */
+ bi->bi_access_allowed = over_access_allowed;
+ bi->bi_acl_group = over_acl_group;
+ bi->bi_acl_attribute = over_acl_attribute;
+#endif /* SLAP_OVERLAY_ACCESS */
+
+ bi->bi_connection_init = over_connection_init;
+ bi->bi_connection_destroy = over_connection_destroy;
+
+ be->bd_info = bi;
+
+ } else {
+ if ( overlay_is_inst( be, ov ) ) {
+ Debug( LDAP_DEBUG_ANY, "overlay_config(): "
+ "warning, overlay \"%s\" "
+ "already in list\n", ov, 0, 0 );
+ }
+
+ oi = be->bd_info->bi_private;
+ }
+
+ /* Insert new overlay on head of list. Overlays are executed
+ * in reverse of config order...
+ */
+ on2 = ch_calloc( 1, sizeof(slap_overinst) );
+ *on2 = *on;
+ on2->on_info = oi;
+ on2->on_next = oi->oi_list;
+ oi->oi_list = on2;
+
+ /* Any initialization needed? */
+ if ( on->on_bi.bi_db_init ) {
+ int rc;
+ be->bd_info = (BackendInfo *)on2;
+ rc = on2->on_bi.bi_db_init( be );
+ be->bd_info = (BackendInfo *)oi;
+ if ( rc ) {
+ oi->oi_list = on2->on_next;
+ ch_free( on2 );
+ return rc;
+ }
+ }
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/bconfig.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/bconfig.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/bconfig.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,4886 @@
+/* bconfig.c - the config backend */
+/* $OpenLDAP: pkg/ldap/servers/slapd/bconfig.c,v 1.17.2.49 2007/01/02 21:43:54 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by Howard Chu for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/errno.h>
+#include <sys/stat.h>
+
+#include "slap.h"
+
+#ifdef LDAP_SLAPI
+#include "slapi/slapi.h"
+#endif
+
+#include <ldif.h>
+#include <lutil.h>
+
+#include "config.h"
+
+static struct berval config_rdn = BER_BVC("cn=config");
+static struct berval schema_rdn = BER_BVC("cn=schema");
+
+#ifdef SLAPD_MODULES
+typedef struct modpath_s {
+ struct modpath_s *mp_next;
+ struct berval mp_path;
+ BerVarray mp_loads;
+} ModPaths;
+
+static ModPaths modpaths, *modlast = &modpaths, *modcur = &modpaths;
+#endif
+
+typedef struct ConfigFile {
+ struct ConfigFile *c_sibs;
+ struct ConfigFile *c_kids;
+ struct berval c_file;
+ AttributeType *c_at_head, *c_at_tail;
+ ContentRule *c_cr_head, *c_cr_tail;
+ ObjectClass *c_oc_head, *c_oc_tail;
+ OidMacro *c_om_head, *c_om_tail;
+ BerVarray c_dseFiles;
+} ConfigFile;
+
+typedef struct {
+ ConfigFile *cb_config;
+ CfEntryInfo *cb_root;
+ BackendDB cb_db; /* underlying database */
+ int cb_got_ldif;
+ int cb_use_ldif;
+} CfBackInfo;
+
+/* These do nothing in slapd, they're kept only to make them
+ * editable here.
+ */
+static char *replica_pidFile, *replica_argsFile;
+static int replicationInterval;
+
+static char *passwd_salt;
+static char *logfileName;
+#ifdef SLAP_AUTH_REWRITE
+static BerVarray authz_rewrites;
+#endif
+
+static struct berval cfdir;
+
+/* Private state */
+static AttributeDescription *cfAd_backend, *cfAd_database, *cfAd_overlay,
+ *cfAd_include;
+
+static ConfigFile *cfn;
+
+static Avlnode *CfOcTree;
+
+static int config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca,
+ SlapReply *rs, int *renumber );
+
+static ConfigDriver config_fname;
+static ConfigDriver config_cfdir;
+static ConfigDriver config_generic;
+static ConfigDriver config_search_base;
+static ConfigDriver config_passwd_hash;
+static ConfigDriver config_schema_dn;
+static ConfigDriver config_sizelimit;
+static ConfigDriver config_timelimit;
+static ConfigDriver config_overlay;
+static ConfigDriver config_subordinate;
+static ConfigDriver config_suffix;
+static ConfigDriver config_rootdn;
+static ConfigDriver config_rootpw;
+static ConfigDriver config_restrict;
+static ConfigDriver config_allows;
+static ConfigDriver config_disallows;
+static ConfigDriver config_requires;
+static ConfigDriver config_security;
+static ConfigDriver config_referral;
+static ConfigDriver config_loglevel;
+static ConfigDriver config_replica;
+static ConfigDriver config_updatedn;
+static ConfigDriver config_updateref;
+static ConfigDriver config_include;
+#ifdef HAVE_TLS
+static ConfigDriver config_tls_option;
+static ConfigDriver config_tls_config;
+#endif
+extern ConfigDriver syncrepl_config;
+
+enum {
+ CFG_ACL = 1,
+ CFG_BACKEND,
+ CFG_DATABASE,
+ CFG_TLS_RAND,
+ CFG_TLS_CIPHER,
+ CFG_TLS_CERT_FILE,
+ CFG_TLS_CERT_KEY,
+ CFG_TLS_CA_PATH,
+ CFG_TLS_CA_FILE,
+ CFG_TLS_DH_FILE,
+ CFG_TLS_VERIFY,
+ CFG_TLS_CRLCHECK,
+ CFG_CONCUR,
+ CFG_THREADS,
+ CFG_SALT,
+ CFG_LIMITS,
+ CFG_RO,
+ CFG_REWRITE,
+ CFG_DEPTH,
+ CFG_OID,
+ CFG_OC,
+ CFG_DIT,
+ CFG_ATTR,
+ CFG_ATOPT,
+ CFG_REPLOG,
+ CFG_ROOTDSE,
+ CFG_LOGFILE,
+ CFG_PLUGIN,
+ CFG_MODLOAD,
+ CFG_MODPATH,
+ CFG_LASTMOD,
+ CFG_AZPOLICY,
+ CFG_AZREGEXP,
+ CFG_SASLSECP,
+ CFG_SSTR_IF_MAX,
+ CFG_SSTR_IF_MIN,
+ CFG_TTHREADS,
+
+ CFG_LAST
+};
+
+typedef struct {
+ char *name, *oid;
+} OidRec;
+
+static OidRec OidMacros[] = {
+ /* OpenLDAProot:666.11.1 */
+ { "OLcfg", "1.3.6.1.4.1.4203.666.11.1" },
+ { "OLcfgAt", "OLcfg:3" },
+ { "OLcfgGlAt", "OLcfgAt:0" },
+ { "OLcfgBkAt", "OLcfgAt:1" },
+ { "OLcfgDbAt", "OLcfgAt:2" },
+ { "OLcfgOvAt", "OLcfgAt:3" },
+ { "OLcfgOc", "OLcfg:4" },
+ { "OLcfgGlOc", "OLcfgOc:0" },
+ { "OLcfgBkOc", "OLcfgOc:1" },
+ { "OLcfgDbOc", "OLcfgOc:2" },
+ { "OLcfgOvOc", "OLcfgOc:3" },
+ { "OMsyn", "1.3.6.1.4.1.1466.115.121.1" },
+ { "OMsInteger", "OMsyn:27" },
+ { "OMsBoolean", "OMsyn:7" },
+ { "OMsDN", "OMsyn:12" },
+ { "OMsDirectoryString", "OMsyn:15" },
+ { "OMsOctetString", "OMsyn:40" },
+ { NULL, NULL }
+};
+
+/*
+ * Backend/Database registry
+ *
+ * OLcfg{Bk|Db}{Oc|At}:0 -> common
+ * OLcfg{Bk|Db}{Oc|At}:1 -> bdb
+ * OLcfg{Bk|Db}{Oc|At}:2 -> ldif
+ * OLcfg{Bk|Db}{Oc|At}:3 -> ldap?
+ */
+
+/*
+ * Overlay registry
+ *
+ * OLcfgOv{Oc|At}:1 -> syncprov
+ * OLcfgOv{Oc|At}:2 -> pcache
+ * OLcfgOv{Oc|At}:3 -> chain
+ * OLcfgOv{Oc|At}:4 -> accesslog
+ * OLcfgOv{Oc|At}:5 -> valsort
+ * OLcfgOv{Oc|At}:6 -> smbk5pwd (use a separate arc for contrib?)
+ */
+
+/* alphabetical ordering */
+
+static ConfigTable config_back_cf_table[] = {
+ /* This attr is read-only */
+ { "", "", 0, 0, 0, ARG_MAGIC,
+ &config_fname, "( OLcfgGlAt:78 NAME 'olcConfigFile' "
+ "DESC 'File for slapd configuration directives' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "", "", 0, 0, 0, ARG_MAGIC,
+ &config_cfdir, "( OLcfgGlAt:79 NAME 'olcConfigDir' "
+ "DESC 'Directory for slapd configuration backend' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "access", NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC|CFG_ACL,
+ &config_generic, "( OLcfgGlAt:1 NAME 'olcAccess' "
+ "DESC 'Access Control List' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
+ { "allows", "features", 2, 0, 5, ARG_PRE_DB|ARG_MAGIC,
+ &config_allows, "( OLcfgGlAt:2 NAME 'olcAllows' "
+ "DESC 'Allowed set of deprecated features' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "argsfile", "file", 2, 2, 0, ARG_STRING,
+ &slapd_args_file, "( OLcfgGlAt:3 NAME 'olcArgsFile' "
+ "DESC 'File for slapd command line options' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "attributeoptions", NULL, 0, 0, 0, ARG_MAGIC|CFG_ATOPT,
+ &config_generic, "( OLcfgGlAt:5 NAME 'olcAttributeOptions' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "attribute", "attribute", 2, 0, 9,
+ ARG_PAREN|ARG_MAGIC|CFG_ATTR|ARG_NO_DELETE|ARG_NO_INSERT,
+ &config_generic, "( OLcfgGlAt:4 NAME 'olcAttributeTypes' "
+ "DESC 'OpenLDAP attributeTypes' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
+ NULL, NULL },
+ { "authid-rewrite", NULL, 2, 0, STRLENOF( "authid-rewrite" ),
+#ifdef SLAP_AUTH_REWRITE
+ ARG_MAGIC|CFG_REWRITE|ARG_NO_INSERT, &config_generic,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
+ { "authz-policy", "policy", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_AZPOLICY,
+ &config_generic, "( OLcfgGlAt:7 NAME 'olcAuthzPolicy' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "authz-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP|ARG_NO_INSERT,
+ &config_generic, "( OLcfgGlAt:8 NAME 'olcAuthzRegexp' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
+ { "backend", "type", 2, 2, 0, ARG_PRE_DB|ARG_MAGIC|CFG_BACKEND,
+ &config_generic, "( OLcfgGlAt:9 NAME 'olcBackend' "
+ "DESC 'A type of backend' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE X-ORDERED 'SIBLINGS' )",
+ NULL, NULL },
+ { "concurrency", "level", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_CONCUR,
+ &config_generic, "( OLcfgGlAt:10 NAME 'olcConcurrency' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "conn_max_pending", "max", 2, 2, 0, ARG_INT,
+ &slap_conn_max_pending, "( OLcfgGlAt:11 NAME 'olcConnMaxPending' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "conn_max_pending_auth", "max", 2, 2, 0, ARG_INT,
+ &slap_conn_max_pending_auth, "( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "database", "type", 2, 2, 0, ARG_MAGIC|CFG_DATABASE,
+ &config_generic, "( OLcfgGlAt:13 NAME 'olcDatabase' "
+ "DESC 'The backend type for a database instance' "
+ "SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
+ { "defaultSearchBase", "dn", 2, 2, 0, ARG_PRE_BI|ARG_PRE_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
+ &config_search_base, "( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' "
+ "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
+ { "disallows", "features", 2, 0, 8, ARG_PRE_DB|ARG_MAGIC,
+ &config_disallows, "( OLcfgGlAt:15 NAME 'olcDisallows' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "ditcontentrule", NULL, 0, 0, 0, ARG_MAGIC|CFG_DIT|ARG_NO_DELETE|ARG_NO_INSERT,
+ &config_generic, "( OLcfgGlAt:16 NAME 'olcDitContentRules' "
+ "DESC 'OpenLDAP DIT content rules' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
+ NULL, NULL },
+ { "gentlehup", "on|off", 2, 2, 0,
+#ifdef SIGHUP
+ ARG_ON_OFF, &global_gentlehup,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:17 NAME 'olcGentleHUP' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { "idletimeout", "timeout", 2, 2, 0, ARG_INT,
+ &global_idletimeout, "( OLcfgGlAt:18 NAME 'olcIdleTimeout' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "include", "file", 2, 2, 0, ARG_MAGIC,
+ &config_include, "( OLcfgGlAt:19 NAME 'olcInclude' "
+ "SUP labeledURI )", NULL, NULL },
+ { "index_substr_if_minlen", "min", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MIN,
+ &config_generic, "( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "index_substr_if_maxlen", "max", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MAX,
+ &config_generic, "( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "index_substr_any_len", "len", 2, 2, 0, ARG_INT|ARG_NONZERO,
+ &index_substr_any_len, "( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "index_substr_any_step", "step", 2, 2, 0, ARG_INT|ARG_NONZERO,
+ &index_substr_any_step, "( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "lastmod", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_LASTMOD,
+ &config_generic, "( OLcfgDbAt:0.4 NAME 'olcLastMod' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { "limits", "limits", 2, 0, 0, ARG_DB|ARG_MAGIC|CFG_LIMITS,
+ &config_generic, "( OLcfgDbAt:0.5 NAME 'olcLimits' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
+ { "localSSF", "ssf", 2, 2, 0, ARG_INT,
+ &local_ssf, "( OLcfgGlAt:26 NAME 'olcLocalSSF' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "logfile", "file", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_LOGFILE,
+ &config_generic, "( OLcfgGlAt:27 NAME 'olcLogFile' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "loglevel", "level", 2, 0, 0, ARG_MAGIC,
+ &config_loglevel, "( OLcfgGlAt:28 NAME 'olcLogLevel' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "maxDerefDepth", "depth", 2, 2, 0, ARG_DB|ARG_INT|ARG_MAGIC|CFG_DEPTH,
+ &config_generic, "( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "moduleload", "file", 2, 0, 0,
+#ifdef SLAPD_MODULES
+ ARG_MAGIC|CFG_MODLOAD, &config_generic,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:30 NAME 'olcModuleLoad' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
+ { "modulepath", "path", 2, 2, 0,
+#ifdef SLAPD_MODULES
+ ARG_MAGIC|CFG_MODPATH|ARG_NO_DELETE|ARG_NO_INSERT, &config_generic,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:31 NAME 'olcModulePath' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "objectclass", "objectclass", 2, 0, 0, ARG_PAREN|ARG_MAGIC|CFG_OC|ARG_NO_DELETE|ARG_NO_INSERT,
+ &config_generic, "( OLcfgGlAt:32 NAME 'olcObjectClasses' "
+ "DESC 'OpenLDAP object classes' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
+ NULL, NULL },
+ { "objectidentifier", NULL, 0, 0, 0, ARG_MAGIC|CFG_OID,
+ &config_generic, "( OLcfgGlAt:33 NAME 'olcObjectIdentifier' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
+ { "overlay", "overlay", 2, 2, 0, ARG_MAGIC,
+ &config_overlay, "( OLcfgGlAt:34 NAME 'olcOverlay' "
+ "SUP olcDatabase SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
+ { "password-crypt-salt-format", "salt", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_SALT,
+ &config_generic, "( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "password-hash", "hash", 2, 2, 0, ARG_MAGIC,
+ &config_passwd_hash, "( OLcfgGlAt:36 NAME 'olcPasswordHash' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "pidfile", "file", 2, 2, 0, ARG_STRING,
+ &slapd_pid_file, "( OLcfgGlAt:37 NAME 'olcPidFile' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "plugin", NULL, 0, 0, 0,
+#ifdef LDAP_SLAPI
+ ARG_MAGIC|CFG_PLUGIN, &config_generic,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:38 NAME 'olcPlugin' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "pluginlog", "filename", 2, 2, 0,
+#ifdef LDAP_SLAPI
+ ARG_STRING, &slapi_log_file,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:39 NAME 'olcPluginLogFile' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "readonly", "on|off", 2, 2, 0, ARG_MAY_DB|ARG_ON_OFF|ARG_MAGIC|CFG_RO,
+ &config_generic, "( OLcfgGlAt:40 NAME 'olcReadOnly' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { "referral", "url", 2, 2, 0, ARG_MAGIC,
+ &config_referral, "( OLcfgGlAt:41 NAME 'olcReferral' "
+ "SUP labeledURI SINGLE-VALUE )", NULL, NULL },
+ { "replica", "host or uri", 2, 0, 0, ARG_DB|ARG_MAGIC,
+ &config_replica, "( OLcfgDbAt:0.7 NAME 'olcReplica' "
+ "EQUALITY caseIgnoreMatch "
+ "SUP labeledURI X-ORDERED 'VALUES' )", NULL, NULL },
+ { "replica-argsfile", NULL, 0, 0, 0, ARG_STRING,
+ &replica_argsFile, "( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "replica-pidfile", NULL, 0, 0, 0, ARG_STRING,
+ &replica_pidFile, "( OLcfgGlAt:44 NAME 'olcReplicaPidFile' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "replicationInterval", NULL, 0, 0, 0, ARG_INT,
+ &replicationInterval, "( OLcfgGlAt:45 NAME 'olcReplicationInterval' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "replogfile", "filename", 2, 2, 0, ARG_MAY_DB|ARG_MAGIC|ARG_STRING|CFG_REPLOG,
+ &config_generic, "( OLcfgGlAt:46 NAME 'olcReplogFile' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "require", "features", 2, 0, 7, ARG_MAY_DB|ARG_MAGIC,
+ &config_requires, "( OLcfgGlAt:47 NAME 'olcRequires' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "restrict", "op_list", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
+ &config_restrict, "( OLcfgGlAt:48 NAME 'olcRestrict' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "reverse-lookup", "on|off", 2, 2, 0,
+#ifdef SLAPD_RLOOKUPS
+ ARG_ON_OFF, &use_reverse_lookup,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:49 NAME 'olcReverseLookup' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { "rootdn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
+ &config_rootdn, "( OLcfgDbAt:0.8 NAME 'olcRootDN' "
+ "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
+ { "rootDSE", "file", 2, 2, 0, ARG_MAGIC|CFG_ROOTDSE,
+ &config_generic, "( OLcfgGlAt:51 NAME 'olcRootDSE' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "rootpw", "password", 2, 2, 0, ARG_BERVAL|ARG_DB|ARG_MAGIC,
+ &config_rootpw, "( OLcfgDbAt:0.9 NAME 'olcRootPW' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "sasl-authz-policy", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
+ &config_generic, NULL, NULL, NULL },
+ { "sasl-host", "host", 2, 2, 0,
+#ifdef HAVE_CYRUS_SASL
+ ARG_STRING|ARG_UNIQUE, &global_host,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:53 NAME 'olcSaslHost' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "sasl-realm", "realm", 2, 2, 0,
+#ifdef HAVE_CYRUS_SASL
+ ARG_STRING|ARG_UNIQUE, &global_realm,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:54 NAME 'olcSaslRealm' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "sasl-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
+ &config_generic, NULL, NULL, NULL },
+ { "sasl-secprops", "properties", 2, 2, 0,
+#ifdef HAVE_CYRUS_SASL
+ ARG_MAGIC|CFG_SASLSECP, &config_generic,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:56 NAME 'olcSaslSecProps' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "saslRegexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
+ &config_generic, NULL, NULL, NULL },
+ { "schemadn", "dn", 2, 2, 0, ARG_MAY_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
+ &config_schema_dn, "( OLcfgGlAt:58 NAME 'olcSchemaDN' "
+ "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
+ { "security", "factors", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
+ &config_security, "( OLcfgGlAt:59 NAME 'olcSecurity' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "sizelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
+ &config_sizelimit, "( OLcfgGlAt:60 NAME 'olcSizeLimit' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "sockbuf_max_incoming", "max", 2, 2, 0, ARG_BER_LEN_T,
+ &sockbuf_max_incoming, "( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "sockbuf_max_incoming_auth", "max", 2, 2, 0, ARG_BER_LEN_T,
+ &sockbuf_max_incoming_auth, "( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "srvtab", "file", 2, 2, 0,
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ ARG_STRING, &ldap_srvtab,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:63 NAME 'olcSrvtab' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "subordinate", "[advertise]", 1, 2, 0, ARG_DB|ARG_MAGIC,
+ &config_subordinate, "( OLcfgDbAt:0.15 NAME 'olcSubordinate' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "suffix", "suffix", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
+ &config_suffix, "( OLcfgDbAt:0.10 NAME 'olcSuffix' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX OMsDN )", NULL, NULL },
+ { "syncrepl", NULL, 0, 0, 0, ARG_DB|ARG_MAGIC,
+ &syncrepl_config, "( OLcfgDbAt:0.11 NAME 'olcSyncrepl' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "threads", "count", 2, 2, 0,
+#ifdef NO_THREADS
+ ARG_IGNORED, NULL,
+#else
+ ARG_INT|ARG_MAGIC|CFG_THREADS, &config_generic,
+#endif
+ "( OLcfgGlAt:66 NAME 'olcThreads' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "timelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
+ &config_timelimit, "( OLcfgGlAt:67 NAME 'olcTimeLimit' "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "TLSCACertificateFile", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+ CFG_TLS_CA_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "TLSCACertificatePath", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+ CFG_TLS_CA_PATH|ARG_STRING|ARG_MAGIC, &config_tls_option,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "TLSCertificateFile", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+ CFG_TLS_CERT_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "TLSCertificateKeyFile", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+ CFG_TLS_CERT_KEY|ARG_STRING|ARG_MAGIC, &config_tls_option,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "TLSCipherSuite", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+ CFG_TLS_CIPHER|ARG_STRING|ARG_MAGIC, &config_tls_option,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "TLSCRLCheck", NULL, 0, 0, 0,
+#if defined(HAVE_TLS) && defined(HAVE_OPENSSL_CRL)
+ CFG_TLS_CRLCHECK|ARG_STRING|ARG_MAGIC, &config_tls_config,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "TLSRandFile", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+ CFG_TLS_RAND|ARG_STRING|ARG_MAGIC, &config_tls_option,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:74 NAME 'olcTLSRandFile' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "TLSVerifyClient", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+ CFG_TLS_VERIFY|ARG_STRING|ARG_MAGIC, &config_tls_config,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "TLSDHParamFile", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+ CFG_TLS_DH_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "tool-threads", "count", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_TTHREADS,
+ &config_generic, "( OLcfgGlAt:80 NAME 'olcToolThreads' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "ucdata-path", "path", 2, 2, 0, ARG_IGNORED,
+ NULL, NULL, NULL, NULL },
+ { "updatedn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
+ &config_updatedn, "( OLcfgDbAt:0.12 NAME 'olcUpdateDN' "
+ "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
+ { "updateref", "url", 2, 2, 0, ARG_DB|ARG_MAGIC,
+ &config_updateref, "( OLcfgDbAt:0.13 NAME 'olcUpdateRef' "
+ "EQUALITY caseIgnoreMatch "
+ "SUP labeledURI )", NULL, NULL },
+ { NULL, NULL, 0, 0, 0, ARG_IGNORED,
+ NULL, NULL, NULL, NULL }
+};
+
+/* Routines to check if a child can be added to this type */
+static ConfigLDAPadd cfAddSchema, cfAddInclude, cfAddDatabase,
+ cfAddBackend, cfAddModule, cfAddOverlay;
+
+/* NOTE: be careful when defining array members
+ * that can be conditionally compiled */
+#define CFOC_GLOBAL cf_ocs[1]
+#define CFOC_SCHEMA cf_ocs[2]
+#define CFOC_BACKEND cf_ocs[3]
+#define CFOC_DATABASE cf_ocs[4]
+#define CFOC_OVERLAY cf_ocs[5]
+#define CFOC_INCLUDE cf_ocs[6]
+#define CFOC_FRONTEND cf_ocs[7]
+#ifdef SLAPD_MODULES
+#define CFOC_MODULE cf_ocs[8]
+#endif /* SLAPD_MODULES */
+
+static ConfigOCs cf_ocs[] = {
+ { "( OLcfgGlOc:0 "
+ "NAME 'olcConfig' "
+ "DESC 'OpenLDAP configuration object' "
+ "ABSTRACT SUP top )", Cft_Abstract, NULL },
+ { "( OLcfgGlOc:1 "
+ "NAME 'olcGlobal' "
+ "DESC 'OpenLDAP Global configuration options' "
+ "SUP olcConfig STRUCTURAL "
+ "MAY ( cn $ olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ "
+ "olcAttributeOptions $ olcAuthIDRewrite $ "
+ "olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency $ "
+ "olcConnMaxPending $ olcConnMaxPendingAuth $ "
+ "olcDisallows $ olcGentleHUP $ olcIdleTimeout $ "
+ "olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ "
+ "olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ "
+ "olcLogLevel $ "
+ "olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ "
+ "olcPluginLogFile $ olcReadOnly $ olcReferral $ "
+ "olcReplicaPidFile $ olcReplicaArgsFile $ olcReplicationInterval $ "
+ "olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ "
+ "olcRootDSE $ "
+ "olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ "
+ "olcSecurity $ olcSizeLimit $ "
+ "olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcSrvtab $ "
+ "olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
+ "olcTLSCACertificatePath $ olcTLSCertificateFile $ "
+ "olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
+ "olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ "
+ "olcToolThreads $ "
+ "olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
+ "olcDitContentRules ) )", Cft_Global },
+ { "( OLcfgGlOc:2 "
+ "NAME 'olcSchemaConfig' "
+ "DESC 'OpenLDAP schema object' "
+ "SUP olcConfig STRUCTURAL "
+ "MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ "
+ "olcObjectClasses $ olcDitContentRules ) )",
+ Cft_Schema, NULL, cfAddSchema },
+ { "( OLcfgGlOc:3 "
+ "NAME 'olcBackendConfig' "
+ "DESC 'OpenLDAP Backend-specific options' "
+ "SUP olcConfig STRUCTURAL "
+ "MUST olcBackend )", Cft_Backend, NULL, cfAddBackend },
+ { "( OLcfgGlOc:4 "
+ "NAME 'olcDatabaseConfig' "
+ "DESC 'OpenLDAP Database-specific options' "
+ "SUP olcConfig STRUCTURAL "
+ "MUST olcDatabase "
+ "MAY ( olcSuffix $ olcSubordinate $ olcAccess $ olcLastMod $ olcLimits $ "
+ "olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
+ "olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ "
+ "olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncrepl $ "
+ "olcTimeLimit $ olcUpdateDN $ olcUpdateRef ) )",
+ Cft_Database, NULL, cfAddDatabase },
+ { "( OLcfgGlOc:5 "
+ "NAME 'olcOverlayConfig' "
+ "DESC 'OpenLDAP Overlay-specific options' "
+ "SUP olcConfig STRUCTURAL "
+ "MUST olcOverlay )", Cft_Overlay, NULL, cfAddOverlay },
+ { "( OLcfgGlOc:6 "
+ "NAME 'olcIncludeFile' "
+ "DESC 'OpenLDAP configuration include file' "
+ "SUP olcConfig STRUCTURAL "
+ "MUST olcInclude "
+ "MAY ( cn $ olcRootDSE ) )",
+ Cft_Include, NULL, cfAddInclude },
+ /* This should be STRUCTURAL like all the other database classes, but
+ * that would mean inheriting all of the olcDatabaseConfig attributes,
+ * which causes them to be merged twice in config_build_entry.
+ */
+ { "( OLcfgGlOc:7 "
+ "NAME 'olcFrontendConfig' "
+ "DESC 'OpenLDAP frontend configuration' "
+ "AUXILIARY "
+ "MAY olcDefaultSearchBase )",
+ Cft_Database, NULL, NULL },
+#ifdef SLAPD_MODULES
+ { "( OLcfgGlOc:8 "
+ "NAME 'olcModuleList' "
+ "DESC 'OpenLDAP dynamic module info' "
+ "SUP olcConfig STRUCTURAL "
+ "MAY ( cn $ olcModulePath $ olcModuleLoad ) )",
+ Cft_Module, NULL, cfAddModule },
+#endif
+ { NULL, 0, NULL }
+};
+
+static int
+config_generic(ConfigArgs *c) {
+ char *p;
+ int i;
+
+ if ( c->op == SLAP_CONFIG_EMIT ) {
+ int rc = 0;
+ switch(c->type) {
+ case CFG_CONCUR:
+ c->value_int = ldap_pvt_thread_get_concurrency();
+ break;
+ case CFG_THREADS:
+ c->value_int = connection_pool_max;
+ break;
+ case CFG_TTHREADS:
+ c->value_int = slap_tool_thread_max;
+ break;
+ case CFG_SALT:
+ if ( passwd_salt )
+ c->value_string = ch_strdup( passwd_salt );
+ else
+ rc = 1;
+ break;
+ case CFG_LIMITS:
+ if ( c->be->be_limits ) {
+ char buf[4096*3];
+ struct berval bv;
+ int i;
+
+ for ( i=0; c->be->be_limits[i]; i++ ) {
+ bv.bv_len = snprintf( buf, sizeof( buf ), SLAP_X_ORDERED_FMT, i );
+ if ( bv.bv_len >= sizeof( buf ) ) {
+ ber_bvarray_free_x( c->rvalue_vals, NULL );
+ c->rvalue_vals = NULL;
+ rc = 1;
+ break;
+ }
+ bv.bv_val = buf + bv.bv_len;
+ limits_unparse( c->be->be_limits[i], &bv );
+ bv.bv_len += bv.bv_val - buf;
+ bv.bv_val = buf;
+ value_add_one( &c->rvalue_vals, &bv );
+ }
+ }
+ if ( !c->rvalue_vals ) rc = 1;
+ break;
+ case CFG_RO:
+ c->value_int = (c->be->be_restrictops & SLAP_RESTRICT_OP_WRITES) ==
+ SLAP_RESTRICT_OP_WRITES;
+ break;
+ case CFG_AZPOLICY:
+ c->value_string = ch_strdup( slap_sasl_getpolicy());
+ break;
+ case CFG_AZREGEXP:
+ slap_sasl_regexp_unparse( &c->rvalue_vals );
+ if ( !c->rvalue_vals ) rc = 1;
+ break;
+#ifdef HAVE_CYRUS_SASL
+ case CFG_SASLSECP: {
+ struct berval bv = BER_BVNULL;
+ slap_sasl_secprops_unparse( &bv );
+ if ( !BER_BVISNULL( &bv )) {
+ ber_bvarray_add( &c->rvalue_vals, &bv );
+ } else {
+ rc = 1;
+ }
+ }
+ break;
+#endif
+ case CFG_DEPTH:
+ c->value_int = c->be->be_max_deref_depth;
+ break;
+ case CFG_OID: {
+ ConfigFile *cf = c->private;
+ if ( !cf )
+ oidm_unparse( &c->rvalue_vals, NULL, NULL, 1 );
+ else if ( cf->c_om_head )
+ oidm_unparse( &c->rvalue_vals, cf->c_om_head,
+ cf->c_om_tail, 0 );
+ if ( !c->rvalue_vals )
+ rc = 1;
+ }
+ break;
+ case CFG_ATOPT:
+ ad_unparse_options( &c->rvalue_vals );
+ break;
+ case CFG_OC: {
+ ConfigFile *cf = c->private;
+ if ( !cf )
+ oc_unparse( &c->rvalue_vals, NULL, NULL, 1 );
+ else if ( cf->c_oc_head )
+ oc_unparse( &c->rvalue_vals, cf->c_oc_head,
+ cf->c_oc_tail, 0 );
+ if ( !c->rvalue_vals )
+ rc = 1;
+ }
+ break;
+ case CFG_ATTR: {
+ ConfigFile *cf = c->private;
+ if ( !cf )
+ at_unparse( &c->rvalue_vals, NULL, NULL, 1 );
+ else if ( cf->c_at_head )
+ at_unparse( &c->rvalue_vals, cf->c_at_head,
+ cf->c_at_tail, 0 );
+ if ( !c->rvalue_vals )
+ rc = 1;
+ }
+ break;
+ case CFG_DIT: {
+ ConfigFile *cf = c->private;
+ if ( !cf )
+ cr_unparse( &c->rvalue_vals, NULL, NULL, 1 );
+ else if ( cf->c_cr_head )
+ cr_unparse( &c->rvalue_vals, cf->c_cr_head,
+ cf->c_cr_tail, 0 );
+ if ( !c->rvalue_vals )
+ rc = 1;
+ }
+ break;
+
+ case CFG_ACL: {
+ AccessControl *a;
+ char *src, *dst, ibuf[11];
+ struct berval bv, abv;
+ for (i=0, a=c->be->be_acl; a; i++,a=a->acl_next) {
+ abv.bv_len = snprintf( ibuf, sizeof( ibuf ), SLAP_X_ORDERED_FMT, i );
+ if ( abv.bv_len >= sizeof( ibuf ) ) {
+ ber_bvarray_free_x( c->rvalue_vals, NULL );
+ c->rvalue_vals = NULL;
+ i = 0;
+ break;
+ }
+ acl_unparse( a, &bv );
+ abv.bv_val = ch_malloc( abv.bv_len + bv.bv_len + 1 );
+ AC_MEMCPY( abv.bv_val, ibuf, abv.bv_len );
+ /* Turn TAB / EOL into plain space */
+ for (src=bv.bv_val,dst=abv.bv_val+abv.bv_len; *src; src++) {
+ if (isspace(*src)) *dst++ = ' ';
+ else *dst++ = *src;
+ }
+ *dst = '\0';
+ if (dst[-1] == ' ') {
+ dst--;
+ *dst = '\0';
+ }
+ abv.bv_len = dst - abv.bv_val;
+ ber_bvarray_add( &c->rvalue_vals, &abv );
+ }
+ rc = (!i);
+ break;
+ }
+ case CFG_REPLOG:
+ if ( c->be->be_replogfile )
+ c->value_string = ch_strdup( c->be->be_replogfile );
+ break;
+ case CFG_ROOTDSE: {
+ ConfigFile *cf = c->private;
+ if ( cf->c_dseFiles ) {
+ value_add( &c->rvalue_vals, cf->c_dseFiles );
+ } else {
+ rc = 1;
+ }
+ }
+ break;
+ case CFG_LOGFILE:
+ if ( logfileName )
+ c->value_string = ch_strdup( logfileName );
+ else
+ rc = 1;
+ break;
+ case CFG_LASTMOD:
+ c->value_int = (SLAP_NOLASTMOD(c->be) == 0);
+ break;
+ case CFG_SSTR_IF_MAX:
+ c->value_int = index_substr_if_maxlen;
+ break;
+ case CFG_SSTR_IF_MIN:
+ c->value_int = index_substr_if_minlen;
+ break;
+#ifdef SLAPD_MODULES
+ case CFG_MODLOAD: {
+ ModPaths *mp = c->private;
+ if (mp->mp_loads) {
+ int i;
+ for (i=0; !BER_BVISNULL(&mp->mp_loads[i]); i++) {
+ struct berval bv;
+ bv.bv_val = c->log;
+ bv.bv_len = snprintf( bv.bv_val, sizeof( c->log ),
+ SLAP_X_ORDERED_FMT "%s", i,
+ mp->mp_loads[i].bv_val );
+ if ( bv.bv_len >= sizeof( c->log ) ) {
+ ber_bvarray_free_x( c->rvalue_vals, NULL );
+ c->rvalue_vals = NULL;
+ break;
+ }
+ value_add_one( &c->rvalue_vals, &bv );
+ }
+ }
+
+ rc = c->rvalue_vals ? 0 : 1;
+ }
+ break;
+ case CFG_MODPATH: {
+ ModPaths *mp = c->private;
+ if ( !BER_BVISNULL( &mp->mp_path ))
+ value_add_one( &c->rvalue_vals, &mp->mp_path );
+
+ rc = c->rvalue_vals ? 0 : 1;
+ }
+ break;
+#endif
+#ifdef LDAP_SLAPI
+ case CFG_PLUGIN:
+ slapi_int_plugin_unparse( c->be, &c->rvalue_vals );
+ if ( !c->rvalue_vals ) rc = 1;
+ break;
+#endif
+#ifdef SLAP_AUTH_REWRITE
+ case CFG_REWRITE:
+ if ( authz_rewrites ) {
+ struct berval bv, idx;
+ char ibuf[32];
+ int i;
+
+ idx.bv_val = ibuf;
+ for ( i=0; !BER_BVISNULL( &authz_rewrites[i] ); i++ ) {
+ idx.bv_len = snprintf( idx.bv_val, sizeof( ibuf ), SLAP_X_ORDERED_FMT, i );
+ if ( idx.bv_len >= sizeof( ibuf ) ) {
+ ber_bvarray_free_x( c->rvalue_vals, NULL );
+ c->rvalue_vals = NULL;
+ break;
+ }
+ bv.bv_len = idx.bv_len + authz_rewrites[i].bv_len;
+ bv.bv_val = ch_malloc( bv.bv_len + 1 );
+ AC_MEMCPY( bv.bv_val, idx.bv_val, idx.bv_len );
+ AC_MEMCPY( &bv.bv_val[ idx.bv_len ],
+ authz_rewrites[i].bv_val,
+ authz_rewrites[i].bv_len + 1 );
+ ber_bvarray_add( &c->rvalue_vals, &bv );
+ }
+ }
+ if ( !c->rvalue_vals ) rc = 1;
+ break;
+#endif
+ default:
+ rc = 1;
+ }
+ return rc;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ int rc = 0;
+ switch(c->type) {
+ /* single-valued attrs, no-ops */
+ case CFG_CONCUR:
+ case CFG_THREADS:
+ case CFG_TTHREADS:
+ case CFG_RO:
+ case CFG_AZPOLICY:
+ case CFG_DEPTH:
+ case CFG_LASTMOD:
+ case CFG_SASLSECP:
+ case CFG_SSTR_IF_MAX:
+ case CFG_SSTR_IF_MIN:
+ break;
+
+ /* no-ops, requires slapd restart */
+ case CFG_PLUGIN:
+ case CFG_MODLOAD:
+ case CFG_AZREGEXP:
+ case CFG_REWRITE:
+ snprintf(c->log, sizeof( c->log ), "change requires slapd restart");
+ break;
+
+ case CFG_SALT:
+ ch_free( passwd_salt );
+ passwd_salt = NULL;
+ break;
+
+ case CFG_REPLOG:
+ ch_free( c->be->be_replogfile );
+ c->be->be_replogfile = NULL;
+ break;
+
+ case CFG_LOGFILE:
+ ch_free( logfileName );
+ logfileName = NULL;
+ break;
+
+ case CFG_ACL:
+ if ( c->valx < 0 ) {
+ AccessControl *end;
+ if ( c->be == frontendDB )
+ end = NULL;
+ else
+ end = frontendDB->be_acl;
+ acl_destroy( c->be->be_acl, end );
+ c->be->be_acl = end;
+
+ } else {
+ AccessControl **prev, *a;
+ int i;
+ for (i=0, prev = &c->be->be_acl; i < c->valx;
+ i++ ) {
+ a = *prev;
+ prev = &a->acl_next;
+ }
+ a = *prev;
+ *prev = a->acl_next;
+ acl_free( a );
+ }
+ break;
+
+ case CFG_LIMITS:
+ /* FIXME: there is no limits_free function */
+ case CFG_ATOPT:
+ /* FIXME: there is no ad_option_free function */
+ case CFG_ROOTDSE:
+ /* FIXME: there is no way to remove attributes added by
+ a DSE file */
+ case CFG_OID:
+ case CFG_OC:
+ case CFG_DIT:
+ case CFG_ATTR:
+ case CFG_MODPATH:
+ default:
+ rc = 1;
+ break;
+ }
+ return rc;
+ }
+
+ p = strchr(c->line,'(' /*')'*/);
+
+ switch(c->type) {
+ case CFG_BACKEND:
+ if(!(c->bi = backend_info(c->argv[1]))) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> failed init", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
+ c->log, c->msg, c->argv[1] );
+ return(1);
+ }
+ break;
+
+ case CFG_DATABASE:
+ c->bi = NULL;
+ /* NOTE: config is always the first backend!
+ */
+ if ( !strcasecmp( c->argv[1], "config" )) {
+ c->be = LDAP_STAILQ_FIRST(&backendDB);
+ } else if ( !strcasecmp( c->argv[1], "frontend" )) {
+ c->be = frontendDB;
+ } else {
+ c->be = backend_db_init(c->argv[1], NULL);
+ if ( !c->be ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> failed init", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
+ c->log, c->msg, c->argv[1] );
+ return(1);
+ }
+ }
+ break;
+
+ case CFG_CONCUR:
+ ldap_pvt_thread_set_concurrency(c->value_int);
+ break;
+
+ case CFG_THREADS:
+ if ( c->value_int < 2 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "threads=%d smaller than minimum value 2",
+ c->value_int );
+ Debug(LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+
+ } else if ( c->value_int > 2 * SLAP_MAX_WORKER_THREADS ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "warning, threads=%d larger than twice the default (2*%d=%d); YMMV",
+ c->value_int, SLAP_MAX_WORKER_THREADS, 2 * SLAP_MAX_WORKER_THREADS );
+ Debug(LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ }
+ if ( slapMode & SLAP_SERVER_MODE )
+ ldap_pvt_thread_pool_maxthreads(&connection_pool, c->value_int);
+ connection_pool_max = c->value_int; /* save for reference */
+ break;
+
+ case CFG_TTHREADS:
+ if ( slapMode & SLAP_TOOL_MODE )
+ ldap_pvt_thread_pool_maxthreads(&connection_pool, c->value_int);
+ slap_tool_thread_max = c->value_int; /* save for reference */
+ break;
+
+ case CFG_SALT:
+ if ( passwd_salt ) ch_free( passwd_salt );
+ passwd_salt = c->value_string;
+ lutil_salt_format(passwd_salt);
+ break;
+
+ case CFG_LIMITS:
+ if(limits_parse(c->be, c->fname, c->lineno, c->argc, c->argv))
+ return(1);
+ break;
+
+ case CFG_RO:
+ if(c->value_int)
+ c->be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
+ else
+ c->be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
+ break;
+
+ case CFG_AZPOLICY:
+ ch_free(c->value_string);
+ if (slap_sasl_setpolicy( c->argv[1] )) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse value", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+ c->log, c->msg, c->argv[1] );
+ return(1);
+ }
+ break;
+
+ case CFG_AZREGEXP:
+ if (slap_sasl_regexp_config( c->argv[1], c->argv[2] ))
+ return(1);
+ break;
+
+#ifdef HAVE_CYRUS_SASL
+ case CFG_SASLSECP:
+ {
+ char *txt = slap_sasl_secprops( c->argv[1] );
+ if ( txt ) {
+ snprintf( c->msg, sizeof(c->msg), "<%s> %s",
+ c->argv[0], txt );
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
+ return(1);
+ }
+ break;
+ }
+#endif
+
+ case CFG_DEPTH:
+ c->be->be_max_deref_depth = c->value_int;
+ break;
+
+ case CFG_OID: {
+ OidMacro *om;
+
+ if(parse_oidm(c->fname, c->lineno, c->argc, c->argv, 1, &om))
+ return(1);
+ if (!cfn->c_om_head) cfn->c_om_head = om;
+ cfn->c_om_tail = om;
+ }
+ break;
+
+ case CFG_OC: {
+ ObjectClass *oc;
+
+ if(parse_oc(c->fname, c->lineno, p, c->argv, &oc)) return(1);
+ if (!cfn->c_oc_head) cfn->c_oc_head = oc;
+ cfn->c_oc_tail = oc;
+ }
+ break;
+
+ case CFG_DIT: {
+ ContentRule *cr;
+
+ if(parse_cr(c->fname, c->lineno, p, c->argv, &cr)) return(1);
+ if (!cfn->c_cr_head) cfn->c_cr_head = cr;
+ cfn->c_cr_tail = cr;
+ }
+ break;
+
+ case CFG_ATTR: {
+ AttributeType *at;
+
+ if(parse_at(c->fname, c->lineno, p, c->argv, &at)) return(1);
+ if (!cfn->c_at_head) cfn->c_at_head = at;
+ cfn->c_at_tail = at;
+ }
+ break;
+
+ case CFG_ATOPT:
+ ad_define_option(NULL, NULL, 0);
+ for(i = 1; i < c->argc; i++)
+ if(ad_define_option(c->argv[i], c->fname, c->lineno))
+ return(1);
+ break;
+
+ case CFG_ACL:
+ /* Don't append to the global ACL if we're on a specific DB */
+ i = c->valx;
+ if ( c->be != frontendDB && frontendDB->be_acl && c->valx == -1 ) {
+ AccessControl *a;
+ i = 0;
+ for ( a=c->be->be_acl; a && a != frontendDB->be_acl;
+ a = a->acl_next )
+ i++;
+ }
+ if ( parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv, i ) ) {
+ return 1;
+ }
+ break;
+
+ case CFG_REPLOG:
+ if(SLAP_MONITOR(c->be)) {
+ Debug(LDAP_DEBUG_ANY, "%s: "
+ "\"replogfile\" should not be used "
+ "inside monitor database\n",
+ c->log, 0, 0);
+ return(0); /* FIXME: should this be an error? */
+ }
+
+ c->be->be_replogfile = c->value_string;
+ break;
+
+ case CFG_ROOTDSE:
+ if(read_root_dse_file(c->argv[1])) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> could not read file", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
+ c->log, c->msg, c->argv[1] );
+ return(1);
+ }
+ {
+ struct berval bv;
+ ber_str2bv( c->argv[1], 0, 1, &bv );
+ ber_bvarray_add( &cfn->c_dseFiles, &bv );
+ }
+ break;
+
+ case CFG_LOGFILE: {
+ FILE *logfile;
+ if ( logfileName ) ch_free( logfileName );
+ logfileName = c->value_string;
+ logfile = fopen(logfileName, "w");
+ if(logfile) lutil_debug_file(logfile);
+ } break;
+
+ case CFG_LASTMOD:
+ if(SLAP_NOLASTMODCMD(c->be)) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> not available for %s database",
+ c->argv[0], c->be->bd_info->bi_type );
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n",
+ c->log, c->msg, 0 );
+ return(1);
+ }
+ if(c->value_int)
+ SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_NOLASTMOD;
+ else
+ SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_NOLASTMOD;
+ break;
+
+ case CFG_SSTR_IF_MAX:
+ if (c->value_int < index_substr_if_minlen) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n",
+ c->log, c->msg, c->value_int );
+ return(1);
+ }
+ index_substr_if_maxlen = c->value_int;
+ break;
+
+ case CFG_SSTR_IF_MIN:
+ if (c->value_int > index_substr_if_maxlen) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n",
+ c->log, c->msg, c->value_int );
+ return(1);
+ }
+ index_substr_if_minlen = c->value_int;
+ break;
+
+#ifdef SLAPD_MODULES
+ case CFG_MODLOAD:
+ /* If we're just adding a module on an existing modpath,
+ * make sure we've selected the current path.
+ */
+ if ( c->op == LDAP_MOD_ADD && c->private && modcur != c->private ) {
+ modcur = c->private;
+ /* This should never fail */
+ if ( module_path( modcur->mp_path.bv_val )) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> module path no longer valid",
+ c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
+ c->log, c->msg, modcur->mp_path.bv_val );
+ return(1);
+ }
+ }
+ if(module_load(c->argv[1], c->argc - 2, (c->argc > 2) ? c->argv + 2 : NULL))
+ return(1);
+ /* Record this load on the current path */
+ {
+ struct berval bv;
+ char *ptr;
+ if ( c->op == SLAP_CONFIG_ADD ) {
+ ptr = c->line + STRLENOF("moduleload");
+ while (!isspace(*ptr)) ptr++;
+ while (isspace(*ptr)) ptr++;
+ } else {
+ ptr = c->line;
+ }
+ ber_str2bv(ptr, 0, 1, &bv);
+ ber_bvarray_add( &modcur->mp_loads, &bv );
+ }
+ break;
+
+ case CFG_MODPATH:
+ if(module_path(c->argv[1])) return(1);
+ /* Record which path was used with each module */
+ {
+ ModPaths *mp;
+
+ if (!modpaths.mp_loads) {
+ mp = &modpaths;
+ } else {
+ mp = ch_malloc( sizeof( ModPaths ));
+ modlast->mp_next = mp;
+ }
+ ber_str2bv(c->argv[1], 0, 1, &mp->mp_path);
+ mp->mp_next = NULL;
+ mp->mp_loads = NULL;
+ modlast = mp;
+ c->private = mp;
+ modcur = mp;
+ }
+
+ break;
+#endif
+
+#ifdef LDAP_SLAPI
+ case CFG_PLUGIN:
+ if(slapi_int_read_config(c->be, c->fname, c->lineno, c->argc, c->argv) != LDAP_SUCCESS)
+ return(1);
+ slapi_plugins_used++;
+ break;
+#endif
+
+#ifdef SLAP_AUTH_REWRITE
+ case CFG_REWRITE: {
+ struct berval bv;
+ char *line;
+
+ if(slap_sasl_rewrite_config(c->fname, c->lineno, c->argc, c->argv))
+ return(1);
+
+ if ( c->argc > 1 ) {
+ char *s;
+
+ /* quote all args but the first */
+ line = ldap_charray2str( c->argv, "\" \"" );
+ ber_str2bv( line, 0, 0, &bv );
+ s = ber_bvchr( &bv, '"' );
+ assert( s != NULL );
+ /* move the trailing quote of argv[0] to the end */
+ AC_MEMCPY( s, s + 1, bv.bv_len - ( s - bv.bv_val ) );
+ bv.bv_val[ bv.bv_len - 1 ] = '"';
+
+ } else {
+ ber_str2bv( c->argv[ 0 ], 0, 1, &bv );
+ }
+
+ ber_bvarray_add( &authz_rewrites, &bv );
+ }
+ break;
+#endif
+
+
+ default:
+ Debug( SLAPD_DEBUG_CONFIG_ERROR,
+ "%s: unknown CFG_TYPE %d"
+ SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ c->log, c->type, 0 );
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ return 1;
+#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
+
+ }
+ return(0);
+}
+
+
+static int
+config_fname(ConfigArgs *c) {
+ if(c->op == SLAP_CONFIG_EMIT) {
+ if (c->private) {
+ ConfigFile *cf = c->private;
+ value_add_one( &c->rvalue_vals, &cf->c_file );
+ return 0;
+ }
+ return 1;
+ }
+ return(0);
+}
+
+static int
+config_cfdir(ConfigArgs *c) {
+ if(c->op == SLAP_CONFIG_EMIT) {
+ if ( !BER_BVISEMPTY( &cfdir )) {
+ value_add_one( &c->rvalue_vals, &cfdir );
+ return 0;
+ }
+ return 1;
+ }
+ return(0);
+}
+
+static int
+config_search_base(ConfigArgs *c) {
+ if(c->op == SLAP_CONFIG_EMIT) {
+ int rc = 1;
+ if (!BER_BVISEMPTY(&default_search_base)) {
+ value_add_one(&c->rvalue_vals, &default_search_base);
+ value_add_one(&c->rvalue_nvals, &default_search_nbase);
+ rc = 0;
+ }
+ return rc;
+ } else if( c->op == LDAP_MOD_DELETE ) {
+ ch_free( default_search_base.bv_val );
+ ch_free( default_search_nbase.bv_val );
+ BER_BVZERO( &default_search_base );
+ BER_BVZERO( &default_search_nbase );
+ return 0;
+ }
+
+ if(c->bi || c->be != frontendDB) {
+ Debug(LDAP_DEBUG_ANY, "%s: defaultSearchBase line must appear "
+ "prior to any backend or database definition\n",
+ c->log, 0, 0);
+ return(1);
+ }
+
+ if(default_search_nbase.bv_len) {
+ free(default_search_base.bv_val);
+ free(default_search_nbase.bv_val);
+ }
+
+ default_search_base = c->value_dn;
+ default_search_nbase = c->value_ndn;
+ return(0);
+}
+
+static int
+config_passwd_hash(ConfigArgs *c) {
+ int i;
+ if (c->op == SLAP_CONFIG_EMIT) {
+ struct berval bv;
+ for (i=0; default_passwd_hash && default_passwd_hash[i]; i++) {
+ ber_str2bv(default_passwd_hash[i], 0, 0, &bv);
+ value_add_one(&c->rvalue_vals, &bv);
+ }
+ return i ? 0 : 1;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ if ( c->valx < 0 ) {
+ ldap_charray_free( default_passwd_hash );
+ default_passwd_hash = NULL;
+ } else {
+ i = c->valx;
+ ch_free( default_passwd_hash[i] );
+ for (; default_passwd_hash[i]; i++ )
+ default_passwd_hash[i] = default_passwd_hash[i+1];
+ }
+ return 0;
+ }
+ if(default_passwd_hash) {
+ Debug(LDAP_DEBUG_ANY, "%s: "
+ "already set default password_hash\n",
+ c->log, 0, 0);
+ return(1);
+ }
+ for(i = 1; i < c->argc; i++) {
+ if(!lutil_passwd_scheme(c->argv[i])) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> scheme not available", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
+ c->log, c->msg, c->argv[i]);
+ } else {
+ ldap_charray_add(&default_passwd_hash, c->argv[i]);
+ }
+ if(!default_passwd_hash) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> no valid hashes found", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n",
+ c->log, c->msg, 0 );
+ return(1);
+ }
+ }
+ return(0);
+}
+
+static int
+config_schema_dn(ConfigArgs *c) {
+ if ( c->op == SLAP_CONFIG_EMIT ) {
+ int rc = 1;
+ if ( !BER_BVISEMPTY( &c->be->be_schemadn )) {
+ value_add_one(&c->rvalue_vals, &c->be->be_schemadn);
+ value_add_one(&c->rvalue_nvals, &c->be->be_schemandn);
+ rc = 0;
+ }
+ return rc;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ ch_free( c->be->be_schemadn.bv_val );
+ ch_free( c->be->be_schemandn.bv_val );
+ BER_BVZERO( &c->be->be_schemadn );
+ BER_BVZERO( &c->be->be_schemandn );
+ return 0;
+ }
+ ch_free( c->be->be_schemadn.bv_val );
+ ch_free( c->be->be_schemandn.bv_val );
+ c->be->be_schemadn = c->value_dn;
+ c->be->be_schemandn = c->value_ndn;
+ return(0);
+}
+
+static int
+config_sizelimit(ConfigArgs *c) {
+ int i, rc = 0;
+ struct slap_limits_set *lim = &c->be->be_def_limit;
+ if (c->op == SLAP_CONFIG_EMIT) {
+ char buf[8192];
+ struct berval bv;
+ bv.bv_val = buf;
+ bv.bv_len = 0;
+ limits_unparse_one( lim, SLAP_LIMIT_SIZE, &bv );
+ if ( !BER_BVISEMPTY( &bv ))
+ value_add_one( &c->rvalue_vals, &bv );
+ else
+ rc = 1;
+ return rc;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ /* Reset to defaults */
+ lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT;
+ lim->lms_s_hard = 0;
+ lim->lms_s_unchecked = -1;
+ lim->lms_s_pr = 0;
+ lim->lms_s_pr_hide = 0;
+ lim->lms_s_pr_total = 0;
+ return 0;
+ }
+ for(i = 1; i < c->argc; i++) {
+ if(!strncasecmp(c->argv[i], "size", 4)) {
+ rc = limits_parse_one(c->argv[i], lim);
+ if ( rc ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse value", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+ c->log, c->msg, c->argv[i]);
+ return(1);
+ }
+ } else {
+ if(!strcasecmp(c->argv[i], "unlimited")) {
+ lim->lms_s_soft = -1;
+ } else {
+ if ( lutil_atoix( &lim->lms_s_soft, c->argv[i], 0 ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse limit", c->argv[0]);
+ Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+ c->log, c->msg, c->argv[i]);
+ return(1);
+ }
+ }
+ lim->lms_s_hard = 0;
+ }
+ }
+ return(0);
+}
+
+static int
+config_timelimit(ConfigArgs *c) {
+ int i, rc = 0;
+ struct slap_limits_set *lim = &c->be->be_def_limit;
+ if (c->op == SLAP_CONFIG_EMIT) {
+ char buf[8192];
+ struct berval bv;
+ bv.bv_val = buf;
+ bv.bv_len = 0;
+ limits_unparse_one( lim, SLAP_LIMIT_TIME, &bv );
+ if ( !BER_BVISEMPTY( &bv ))
+ value_add_one( &c->rvalue_vals, &bv );
+ else
+ rc = 1;
+ return rc;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ /* Reset to defaults */
+ lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT;
+ lim->lms_t_hard = 0;
+ return 0;
+ }
+ for(i = 1; i < c->argc; i++) {
+ if(!strncasecmp(c->argv[i], "time", 4)) {
+ rc = limits_parse_one(c->argv[i], lim);
+ if ( rc ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse value", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+ c->log, c->msg, c->argv[i]);
+ return(1);
+ }
+ } else {
+ if(!strcasecmp(c->argv[i], "unlimited")) {
+ lim->lms_t_soft = -1;
+ } else {
+ if ( lutil_atoix( &lim->lms_t_soft, c->argv[i], 0 ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse limit", c->argv[0]);
+ Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+ c->log, c->msg, c->argv[i]);
+ return(1);
+ }
+ }
+ lim->lms_t_hard = 0;
+ }
+ }
+ return(0);
+}
+
+static int
+config_overlay(ConfigArgs *c) {
+ slap_overinfo *oi;
+ if (c->op == SLAP_CONFIG_EMIT) {
+ return 1;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ assert(0);
+ }
+ if(c->argv[1][0] == '-' && overlay_config(c->be, &c->argv[1][1])) {
+ /* log error */
+ Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: (optional) %s overlay \"%s\" configuration failed"
+ SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ c->log, c->be == frontendDB ? "global " : "", &c->argv[1][1]);
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ return 1;
+#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
+ } else if(overlay_config(c->be, c->argv[1])) {
+ return(1);
+ }
+ /* Setup context for subsequent config directives.
+ * The newly added overlay is at the head of the list.
+ */
+ oi = (slap_overinfo *)c->be->bd_info;
+ c->bi = &oi->oi_list->on_bi;
+ return(0);
+}
+
+static int
+config_subordinate(ConfigArgs *c)
+{
+ int rc = 1;
+ int advertise;
+
+ switch( c->op ) {
+ case SLAP_CONFIG_EMIT:
+ if ( SLAP_GLUE_SUBORDINATE( c->be )) {
+ struct berval bv;
+
+ bv.bv_val = SLAP_GLUE_ADVERTISE( c->be ) ? "advertise" : "TRUE";
+ bv.bv_len = SLAP_GLUE_ADVERTISE( c->be ) ? STRLENOF("advertise") :
+ STRLENOF("TRUE");
+
+ value_add_one( &c->rvalue_vals, &bv );
+ rc = 0;
+ }
+ break;
+ case LDAP_MOD_DELETE:
+ if ( !c->line || strcasecmp( c->line, "advertise" )) {
+ glue_sub_del( c->be );
+ } else {
+ SLAP_DBFLAGS( c->be ) &= ~SLAP_DBFLAG_GLUE_ADVERTISE;
+ }
+ rc = 0;
+ break;
+ case LDAP_MOD_ADD:
+ case SLAP_CONFIG_ADD:
+ advertise = ( c->argc == 2 && !strcasecmp( c->argv[1], "advertise" ));
+ rc = glue_sub_add( c->be, advertise, CONFIG_ONLINE_ADD( c ));
+ break;
+ }
+ return rc;
+}
+
+static int
+config_suffix(ConfigArgs *c)
+{
+ Backend *tbe;
+ struct berval pdn, ndn;
+ char *notallowed = NULL;
+
+ if ( c->be == frontendDB ) {
+ notallowed = "frontend";
+
+ } else if ( SLAP_MONITOR(c->be) ) {
+ notallowed = "monitor";
+
+ } else if ( SLAP_CONFIG(c->be) ) {
+ notallowed = "config";
+ }
+
+ if ( notallowed != NULL ) {
+ char buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
+
+ switch ( c->op ) {
+ case LDAP_MOD_ADD:
+ case LDAP_MOD_DELETE:
+ case LDAP_MOD_REPLACE:
+ case LDAP_MOD_INCREMENT:
+ case SLAP_CONFIG_ADD:
+ if ( !BER_BVISNULL( &c->value_dn ) ) {
+ snprintf( buf, sizeof( buf ), "<%s> ",
+ c->value_dn.bv_val );
+ }
+
+ Debug(LDAP_DEBUG_ANY,
+ "%s: suffix %snot allowed in %s database.\n",
+ c->log, buf, notallowed );
+ break;
+
+ case SLAP_CONFIG_EMIT:
+ /* don't complain when emitting... */
+ break;
+
+ default:
+ /* FIXME: don't know what values may be valid;
+ * please remove assertion, or add legal values
+ * to either block */
+ assert( 0 );
+ break;
+ }
+
+ return 1;
+ }
+
+ if (c->op == SLAP_CONFIG_EMIT) {
+ if ( c->be->be_suffix == NULL
+ || BER_BVISNULL( &c->be->be_suffix[0] ) )
+ {
+ return 1;
+ } else {
+ value_add( &c->rvalue_vals, c->be->be_suffix );
+ value_add( &c->rvalue_nvals, c->be->be_nsuffix );
+ return 0;
+ }
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ if ( c->valx < 0 ) {
+ ber_bvarray_free( c->be->be_suffix );
+ ber_bvarray_free( c->be->be_nsuffix );
+ c->be->be_suffix = NULL;
+ c->be->be_nsuffix = NULL;
+ } else {
+ int i = c->valx;
+ ch_free( c->be->be_suffix[i].bv_val );
+ ch_free( c->be->be_nsuffix[i].bv_val );
+ for (; c->be->be_suffix[i].bv_val; i++) {
+ c->be->be_suffix[i] = c->be->be_suffix[i+1];
+ c->be->be_nsuffix[i] = c->be->be_nsuffix[i+1];
+ }
+ }
+ return 0;
+ }
+
+#ifdef SLAPD_MONITOR_DN
+ if(!strcasecmp(c->argv[1], SLAPD_MONITOR_DN)) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> DN is reserved for monitoring slapd",
+ c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
+ c->log, c->msg, SLAPD_MONITOR_DN);
+ return(1);
+ }
+#endif
+
+ pdn = c->value_dn;
+ ndn = c->value_ndn;
+ tbe = select_backend(&ndn, 0, 0);
+ if(tbe == c->be) {
+ Debug( SLAPD_DEBUG_CONFIG_ERROR,
+ "%s: suffix already served by this backend!"
+ SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ c->log, 0, 0);
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ return 1;
+#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
+ free(pdn.bv_val);
+ free(ndn.bv_val);
+ } else if(tbe) {
+ char *type = tbe->bd_info->bi_type;
+
+ if ( overlay_is_over( tbe ) ) {
+ slap_overinfo *oi = (slap_overinfo *)tbe->bd_info->bi_private;
+ type = oi->oi_orig->bi_type;
+ }
+
+ snprintf( c->msg, sizeof( c->msg ), "<%s> namingContext \"%s\" already served by "
+ "a preceding %s database serving namingContext",
+ c->argv[0], pdn.bv_val, type );
+ Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+ c->log, c->msg, tbe->be_suffix[0].bv_val);
+ free(pdn.bv_val);
+ free(ndn.bv_val);
+ return(1);
+ } else if(pdn.bv_len == 0 && default_search_nbase.bv_len) {
+ Debug(LDAP_DEBUG_ANY, "%s: suffix DN empty and default search "
+ "base provided \"%s\" (assuming okay)\n",
+ c->log, default_search_base.bv_val, 0);
+ }
+ ber_bvarray_add(&c->be->be_suffix, &pdn);
+ ber_bvarray_add(&c->be->be_nsuffix, &ndn);
+ return(0);
+}
+
+static int
+config_rootdn(ConfigArgs *c) {
+ if (c->op == SLAP_CONFIG_EMIT) {
+ if ( !BER_BVISNULL( &c->be->be_rootdn )) {
+ value_add_one(&c->rvalue_vals, &c->be->be_rootdn);
+ value_add_one(&c->rvalue_nvals, &c->be->be_rootndn);
+ return 0;
+ } else {
+ return 1;
+ }
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ ch_free( c->be->be_rootdn.bv_val );
+ ch_free( c->be->be_rootndn.bv_val );
+ BER_BVZERO( &c->be->be_rootdn );
+ BER_BVZERO( &c->be->be_rootndn );
+ return 0;
+ }
+ if ( !BER_BVISNULL( &c->be->be_rootdn )) {
+ ch_free( c->be->be_rootdn.bv_val );
+ ch_free( c->be->be_rootndn.bv_val );
+ }
+ c->be->be_rootdn = c->value_dn;
+ c->be->be_rootndn = c->value_ndn;
+ return(0);
+}
+
+static int
+config_rootpw(ConfigArgs *c) {
+ Backend *tbe;
+
+ if (c->op == SLAP_CONFIG_EMIT) {
+ if (!BER_BVISEMPTY(&c->be->be_rootpw)) {
+ /* don't copy, because "rootpw" is marked
+ * as CFG_BERVAL */
+ c->value_bv = c->be->be_rootpw;
+ return 0;
+ }
+ return 1;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ ch_free( c->be->be_rootpw.bv_val );
+ BER_BVZERO( &c->be->be_rootpw );
+ return 0;
+ }
+
+ tbe = select_backend(&c->be->be_rootndn, 0, 0);
+ if(tbe != c->be) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> can only be set when rootdn is under suffix",
+ c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n",
+ c->log, c->msg, 0);
+ return(1);
+ }
+ if ( !BER_BVISNULL( &c->be->be_rootpw ))
+ ch_free( c->be->be_rootpw.bv_val );
+ c->be->be_rootpw = c->value_bv;
+ return(0);
+}
+
+static int
+config_restrict(ConfigArgs *c) {
+ slap_mask_t restrictops = 0;
+ int i;
+ slap_verbmasks restrictable_ops[] = {
+ { BER_BVC("bind"), SLAP_RESTRICT_OP_BIND },
+ { BER_BVC("add"), SLAP_RESTRICT_OP_ADD },
+ { BER_BVC("modify"), SLAP_RESTRICT_OP_MODIFY },
+ { BER_BVC("rename"), SLAP_RESTRICT_OP_RENAME },
+ { BER_BVC("modrdn"), 0 },
+ { BER_BVC("delete"), SLAP_RESTRICT_OP_DELETE },
+ { BER_BVC("search"), SLAP_RESTRICT_OP_SEARCH },
+ { BER_BVC("compare"), SLAP_RESTRICT_OP_COMPARE },
+ { BER_BVC("read"), SLAP_RESTRICT_OP_READS },
+ { BER_BVC("write"), SLAP_RESTRICT_OP_WRITES },
+ { BER_BVC("extended"), SLAP_RESTRICT_OP_EXTENDED },
+ { BER_BVC("extended=" LDAP_EXOP_START_TLS ), SLAP_RESTRICT_EXOP_START_TLS },
+ { BER_BVC("extended=" LDAP_EXOP_MODIFY_PASSWD ), SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
+ { BER_BVC("extended=" LDAP_EXOP_X_WHO_AM_I ), SLAP_RESTRICT_EXOP_WHOAMI },
+ { BER_BVC("extended=" LDAP_EXOP_X_CANCEL ), SLAP_RESTRICT_EXOP_CANCEL },
+ { BER_BVNULL, 0 }
+ };
+
+ if (c->op == SLAP_CONFIG_EMIT) {
+ return mask_to_verbs( restrictable_ops, c->be->be_restrictops,
+ &c->rvalue_vals );
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ if ( !c->line ) {
+ c->be->be_restrictops = 0;
+ } else {
+ restrictops = verb_to_mask( c->line, restrictable_ops );
+ c->be->be_restrictops ^= restrictops;
+ }
+ return 0;
+ }
+ i = verbs_to_mask( c->argc, c->argv, restrictable_ops, &restrictops );
+ if ( i ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> unknown operation", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
+ c->log, c->msg, c->argv[i]);
+ return(1);
+ }
+ if ( restrictops & SLAP_RESTRICT_OP_EXTENDED )
+ restrictops &= ~SLAP_RESTRICT_EXOP_MASK;
+ c->be->be_restrictops |= restrictops;
+ return(0);
+}
+
+static int
+config_allows(ConfigArgs *c) {
+ slap_mask_t allows = 0;
+ int i;
+ slap_verbmasks allowable_ops[] = {
+ { BER_BVC("bind_v2"), SLAP_ALLOW_BIND_V2 },
+ { BER_BVC("bind_anon_cred"), SLAP_ALLOW_BIND_ANON_CRED },
+ { BER_BVC("bind_anon_dn"), SLAP_ALLOW_BIND_ANON_DN },
+ { BER_BVC("update_anon"), SLAP_ALLOW_UPDATE_ANON },
+ { BER_BVNULL, 0 }
+ };
+ if (c->op == SLAP_CONFIG_EMIT) {
+ return mask_to_verbs( allowable_ops, global_allows, &c->rvalue_vals );
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ if ( !c->line ) {
+ global_allows = 0;
+ } else {
+ allows = verb_to_mask( c->line, allowable_ops );
+ global_allows ^= allows;
+ }
+ return 0;
+ }
+ i = verbs_to_mask(c->argc, c->argv, allowable_ops, &allows);
+ if ( i ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> unknown feature", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
+ c->log, c->msg, c->argv[i]);
+ return(1);
+ }
+ global_allows |= allows;
+ return(0);
+}
+
+static int
+config_disallows(ConfigArgs *c) {
+ slap_mask_t disallows = 0;
+ int i;
+ slap_verbmasks disallowable_ops[] = {
+ { BER_BVC("bind_anon"), SLAP_DISALLOW_BIND_ANON },
+ { BER_BVC("bind_simple"), SLAP_DISALLOW_BIND_SIMPLE },
+ { BER_BVC("bind_krb4"), SLAP_DISALLOW_BIND_KRBV4 },
+ { BER_BVC("tls_2_anon"), SLAP_DISALLOW_TLS_2_ANON },
+ { BER_BVC("tls_authc"), SLAP_DISALLOW_TLS_AUTHC },
+ { BER_BVNULL, 0 }
+ };
+ if (c->op == SLAP_CONFIG_EMIT) {
+ return mask_to_verbs( disallowable_ops, global_disallows, &c->rvalue_vals );
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ if ( !c->line ) {
+ global_disallows = 0;
+ } else {
+ disallows = verb_to_mask( c->line, disallowable_ops );
+ global_disallows ^= disallows;
+ }
+ return 0;
+ }
+ i = verbs_to_mask(c->argc, c->argv, disallowable_ops, &disallows);
+ if ( i ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> unknown feature", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
+ c->log, c->msg, c->argv[i]);
+ return(1);
+ }
+ global_disallows |= disallows;
+ return(0);
+}
+
+static int
+config_requires(ConfigArgs *c) {
+ slap_mask_t requires = frontendDB->be_requires;
+ int i, argc = c->argc;
+ char **argv = c->argv;
+
+ slap_verbmasks requires_ops[] = {
+ { BER_BVC("bind"), SLAP_REQUIRE_BIND },
+ { BER_BVC("LDAPv3"), SLAP_REQUIRE_LDAP_V3 },
+ { BER_BVC("authc"), SLAP_REQUIRE_AUTHC },
+ { BER_BVC("sasl"), SLAP_REQUIRE_SASL },
+ { BER_BVC("strong"), SLAP_REQUIRE_STRONG },
+ { BER_BVNULL, 0 }
+ };
+ if (c->op == SLAP_CONFIG_EMIT) {
+ return mask_to_verbs( requires_ops, c->be->be_requires, &c->rvalue_vals );
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ if ( !c->line ) {
+ c->be->be_requires = 0;
+ } else {
+ requires = verb_to_mask( c->line, requires_ops );
+ c->be->be_requires ^= requires;
+ }
+ return 0;
+ }
+ /* "none" can only be first, to wipe out default/global values */
+ if ( strcasecmp( c->argv[ 1 ], "none" ) == 0 ) {
+ argv++;
+ argc--;
+ requires = 0;
+ }
+ i = verbs_to_mask(argc, argv, requires_ops, &requires);
+ if ( i ) {
+ if (strcasecmp( c->argv[ i ], "none" ) == 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> \"none\" (#%d) must be listed first", c->argv[0], i - 1 );
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n",
+ c->log, c->msg, 0);
+ } else {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> unknown feature #%d", c->argv[0], i - 1 );
+ Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+ c->log, c->msg, c->argv[i]);
+ }
+ return(1);
+ }
+ c->be->be_requires = requires;
+ return(0);
+}
+
+static slap_verbmasks *loglevel_ops;
+
+static int
+loglevel_init( void )
+{
+ slap_verbmasks lo[] = {
+ { BER_BVC("Any"), -1 },
+ { BER_BVC("Trace"), LDAP_DEBUG_TRACE },
+ { BER_BVC("Packets"), LDAP_DEBUG_PACKETS },
+ { BER_BVC("Args"), LDAP_DEBUG_ARGS },
+ { BER_BVC("Conns"), LDAP_DEBUG_CONNS },
+ { BER_BVC("BER"), LDAP_DEBUG_BER },
+ { BER_BVC("Filter"), LDAP_DEBUG_FILTER },
+ { BER_BVC("Config"), LDAP_DEBUG_CONFIG },
+ { BER_BVC("ACL"), LDAP_DEBUG_ACL },
+ { BER_BVC("Stats"), LDAP_DEBUG_STATS },
+ { BER_BVC("Stats2"), LDAP_DEBUG_STATS2 },
+ { BER_BVC("Shell"), LDAP_DEBUG_SHELL },
+ { BER_BVC("Parse"), LDAP_DEBUG_PARSE },
+ { BER_BVC("Cache"), LDAP_DEBUG_CACHE },
+ { BER_BVC("Index"), LDAP_DEBUG_INDEX },
+ { BER_BVC("Sync"), LDAP_DEBUG_SYNC },
+ { BER_BVC("None"), LDAP_DEBUG_NONE },
+ { BER_BVNULL, 0 }
+ };
+
+ return slap_verbmasks_init( &loglevel_ops, lo );
+}
+
+static void
+loglevel_destroy( void )
+{
+ if ( loglevel_ops ) {
+ (void)slap_verbmasks_destroy( loglevel_ops );
+ }
+ loglevel_ops = NULL;
+}
+
+static slap_mask_t loglevel_ignore[] = { -1, 0 };
+
+int
+slap_loglevel_register( slap_mask_t m, struct berval *s )
+{
+ int rc;
+
+ if ( loglevel_ops == NULL ) {
+ loglevel_init();
+ }
+
+ rc = slap_verbmasks_append( &loglevel_ops, m, s, loglevel_ignore );
+
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "slap_loglevel_register(%lu, \"%s\") failed\n",
+ m, s->bv_val, 0 );
+ }
+
+ return rc;
+}
+
+int
+slap_loglevel_get( struct berval *s, int *l )
+{
+ int rc;
+ unsigned long i;
+ slap_mask_t m;
+
+ if ( loglevel_ops == NULL ) {
+ loglevel_init();
+ }
+
+ for ( m = 0, i = 1; !BER_BVISNULL( &loglevel_ops[ i ].word ); i++ ) {
+ m |= loglevel_ops[ i ].mask;
+ }
+
+ m = ~m;
+
+ for ( i = 1; i <= ( 1 << ( sizeof( int ) * 8 - 1 ) ) && !( m & i ); i <<= 1 )
+ ;
+
+ if ( !( m & i ) ) {
+ return -1;
+ }
+
+ rc = slap_verbmasks_append( &loglevel_ops, i, s, loglevel_ignore );
+
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "slap_loglevel_get(%lu, \"%s\") failed\n",
+ i, s->bv_val, 0 );
+
+ } else {
+ *l = i;
+ }
+
+ return rc;
+}
+
+int
+str2loglevel( const char *s, int *l )
+{
+ int i;
+
+ if ( loglevel_ops == NULL ) {
+ loglevel_init();
+ }
+
+ i = verb_to_mask( s, loglevel_ops );
+
+ if ( BER_BVISNULL( &loglevel_ops[ i ].word ) ) {
+ return -1;
+ }
+
+ *l = loglevel_ops[ i ].mask;
+
+ return 0;
+}
+
+const char *
+loglevel2str( int l )
+{
+ struct berval bv = BER_BVNULL;
+
+ loglevel2bv( l, &bv );
+
+ return bv.bv_val;
+}
+
+int
+loglevel2bv( int l, struct berval *bv )
+{
+ if ( loglevel_ops == NULL ) {
+ loglevel_init();
+ }
+
+ BER_BVZERO( bv );
+
+ return enum_to_verb( loglevel_ops, l, bv ) == -1;
+}
+
+int
+loglevel2bvarray( int l, BerVarray *bva )
+{
+ if ( loglevel_ops == NULL ) {
+ loglevel_init();
+ }
+
+ return mask_to_verbs( loglevel_ops, l, bva );
+}
+
+static int config_syslog;
+
+static int
+config_loglevel(ConfigArgs *c) {
+ int i;
+
+ if ( loglevel_ops == NULL ) {
+ loglevel_init();
+ }
+
+ if (c->op == SLAP_CONFIG_EMIT) {
+ /* Get default or commandline slapd setting */
+ if ( ldap_syslog && !config_syslog )
+ config_syslog = ldap_syslog;
+ return loglevel2bvarray( config_syslog, &c->rvalue_vals );
+
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ if ( !c->line ) {
+ config_syslog = 0;
+ } else {
+ int level = verb_to_mask( c->line, loglevel_ops );
+ config_syslog ^= level;
+ }
+ if ( slapMode & SLAP_SERVER_MODE ) {
+ ldap_syslog = config_syslog;
+ }
+ return 0;
+ }
+
+ config_syslog = 0;
+
+ for( i=1; i < c->argc; i++ ) {
+ int level;
+
+ if ( isdigit( c->argv[i][0] ) || c->argv[i][0] == '-' ) {
+ if( lutil_atoi( &level, c->argv[i] ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse level", c->argv[0] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+ c->log, c->msg, c->argv[i]);
+ return( 1 );
+ }
+ } else {
+ if ( str2loglevel( c->argv[i], &level ) ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> unknown level", c->argv[0] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+ c->log, c->msg, c->argv[i]);
+ return( 1 );
+ }
+ }
+ config_syslog |= level;
+ }
+ if ( slapMode & SLAP_SERVER_MODE ) {
+ ldap_syslog = config_syslog;
+ }
+ return(0);
+}
+
+static int
+config_referral(ConfigArgs *c) {
+ struct berval val;
+ if (c->op == SLAP_CONFIG_EMIT) {
+ if ( default_referral ) {
+ value_add( &c->rvalue_vals, default_referral );
+ return 0;
+ } else {
+ return 1;
+ }
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ if ( c->valx < 0 ) {
+ ber_bvarray_free( default_referral );
+ default_referral = NULL;
+ } else {
+ int i = c->valx;
+ ch_free( default_referral[i].bv_val );
+ for (; default_referral[i].bv_val; i++ )
+ default_referral[i] = default_referral[i+1];
+ }
+ return 0;
+ }
+ if(validate_global_referral(c->argv[1])) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> invalid URL", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
+ c->log, c->msg, c->argv[1]);
+ return(1);
+ }
+
+ ber_str2bv(c->argv[1], 0, 0, &val);
+ if(value_add_one(&default_referral, &val)) return(LDAP_OTHER);
+ return(0);
+}
+
+static struct {
+ struct berval key;
+ int off;
+} sec_keys[] = {
+ { BER_BVC("ssf="), offsetof(slap_ssf_set_t, sss_ssf) },
+ { BER_BVC("transport="), offsetof(slap_ssf_set_t, sss_transport) },
+ { BER_BVC("tls="), offsetof(slap_ssf_set_t, sss_tls) },
+ { BER_BVC("sasl="), offsetof(slap_ssf_set_t, sss_sasl) },
+ { BER_BVC("update_ssf="), offsetof(slap_ssf_set_t, sss_update_ssf) },
+ { BER_BVC("update_transport="), offsetof(slap_ssf_set_t, sss_update_transport) },
+ { BER_BVC("update_tls="), offsetof(slap_ssf_set_t, sss_update_tls) },
+ { BER_BVC("update_sasl="), offsetof(slap_ssf_set_t, sss_update_sasl) },
+ { BER_BVC("simple_bind="), offsetof(slap_ssf_set_t, sss_simple_bind) },
+ { BER_BVNULL, 0 }
+};
+
+static int
+config_security(ConfigArgs *c) {
+ slap_ssf_set_t *set = &c->be->be_ssf_set;
+ char *next;
+ int i, j;
+ if (c->op == SLAP_CONFIG_EMIT) {
+ char numbuf[32];
+ struct berval bv;
+ slap_ssf_t *tgt;
+ int rc = 1;
+
+ for (i=0; !BER_BVISNULL( &sec_keys[i].key ); i++) {
+ tgt = (slap_ssf_t *)((char *)set + sec_keys[i].off);
+ if ( *tgt ) {
+ rc = 0;
+ bv.bv_len = snprintf( numbuf, sizeof( numbuf ), "%u", *tgt );
+ if ( bv.bv_len >= sizeof( numbuf ) ) {
+ ber_bvarray_free_x( c->rvalue_vals, NULL );
+ c->rvalue_vals = NULL;
+ rc = 1;
+ break;
+ }
+ bv.bv_len += sec_keys[i].key.bv_len;
+ bv.bv_val = ch_malloc( bv.bv_len + 1);
+ next = lutil_strcopy( bv.bv_val, sec_keys[i].key.bv_val );
+ strcpy( next, numbuf );
+ ber_bvarray_add( &c->rvalue_vals, &bv );
+ }
+ }
+ return rc;
+ }
+ for(i = 1; i < c->argc; i++) {
+ slap_ssf_t *tgt = NULL;
+ char *src;
+ for ( j=0; !BER_BVISNULL( &sec_keys[j].key ); j++ ) {
+ if(!strncasecmp(c->argv[i], sec_keys[j].key.bv_val,
+ sec_keys[j].key.bv_len)) {
+ src = c->argv[i] + sec_keys[j].key.bv_len;
+ tgt = (slap_ssf_t *)((char *)set + sec_keys[j].off);
+ break;
+ }
+ }
+ if ( !tgt ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> unknown factor", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
+ c->log, c->msg, c->argv[i]);
+ return(1);
+ }
+
+ if ( lutil_atou( tgt, src ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse factor", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+ c->log, c->msg, c->argv[i]);
+ return(1);
+ }
+ }
+ return(0);
+}
+
+char *
+anlist_unparse( AttributeName *an, char *ptr ) {
+ int comma = 0;
+
+ for (; !BER_BVISNULL( &an->an_name ); an++) {
+ if ( comma ) *ptr++ = ',';
+ ptr = lutil_strcopy( ptr, an->an_name.bv_val );
+ comma = 1;
+ }
+ return ptr;
+}
+
+static void
+replica_unparse( struct slap_replica_info *ri, int i, struct berval *bv )
+{
+ int len;
+ char *ptr;
+ struct berval bc = BER_BVNULL;
+ char numbuf[32];
+
+ assert( !BER_BVISNULL( &ri->ri_bindconf.sb_uri ) );
+
+ BER_BVZERO( bv );
+
+ len = snprintf(numbuf, sizeof( numbuf ), SLAP_X_ORDERED_FMT, i );
+ if ( len >= sizeof( numbuf ) ) {
+ /* FIXME: how can indicate error? */
+ return;
+ }
+
+ if ( ri->ri_nsuffix ) {
+ for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) {
+ len += ri->ri_nsuffix[i].bv_len + STRLENOF(" suffix=\"\"");
+ }
+ }
+ if ( ri->ri_attrs ) {
+ len += STRLENOF(" attrs");
+ if ( ri->ri_exclude ) len++;
+ for (i=0; !BER_BVISNULL( &ri->ri_attrs[i].an_name ); i++) {
+ len += 1 + ri->ri_attrs[i].an_name.bv_len;
+ }
+ }
+ bindconf_unparse( &ri->ri_bindconf, &bc );
+ len += bc.bv_len;
+
+ bv->bv_val = ch_malloc(len + 1);
+ bv->bv_len = len;
+
+ ptr = lutil_strcopy( bv->bv_val, numbuf );
+
+ /* start with URI from bindconf */
+ assert( !BER_BVISNULL( &bc ) );
+ if ( bc.bv_val ) {
+ strcpy( ptr, bc.bv_val );
+ ch_free( bc.bv_val );
+ }
+
+ if ( ri->ri_nsuffix ) {
+ for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) {
+ ptr = lutil_strcopy( ptr, " suffix=\"" );
+ ptr = lutil_strcopy( ptr, ri->ri_nsuffix[i].bv_val );
+ *ptr++ = '"';
+ }
+ }
+ if ( ri->ri_attrs ) {
+ ptr = lutil_strcopy( ptr, " attrs" );
+ if ( ri->ri_exclude ) *ptr++ = '!';
+ *ptr++ = '=';
+ ptr = anlist_unparse( ri->ri_attrs, ptr );
+ }
+}
+
+static int
+config_replica(ConfigArgs *c) {
+ int i, nr = -1;
+ char *replicahost = NULL, *replicauri = NULL;
+ LDAPURLDesc *ludp;
+
+ if (c->op == SLAP_CONFIG_EMIT) {
+ if (c->be->be_replica) {
+ struct berval bv;
+ for (i=0;c->be->be_replica[i]; i++) {
+ replica_unparse( c->be->be_replica[i], i, &bv );
+ ber_bvarray_add( &c->rvalue_vals, &bv );
+ }
+ return 0;
+ }
+ return 1;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ /* FIXME: there is no replica_free function */
+ if ( c->valx < 0 ) {
+ } else {
+ }
+ }
+ if(SLAP_MONITOR(c->be)) {
+ Debug(LDAP_DEBUG_ANY, "%s: "
+ "\"replica\" should not be used inside monitor database\n",
+ c->log, 0, 0);
+ return(0); /* FIXME: should this be an error? */
+ }
+
+ for(i = 1; i < c->argc; i++) {
+ if(!strncasecmp(c->argv[i], "host=", STRLENOF("host="))) {
+ ber_len_t len;
+
+ if ( replicauri ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> replica host/URI already specified", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n", c->log, c->msg, replicauri );
+ return(1);
+ }
+
+ replicahost = c->argv[i] + STRLENOF("host=");
+ len = strlen( replicahost ) + STRLENOF("ldap://");
+ replicauri = ch_malloc( len + 1 );
+ snprintf( replicauri, len + 1, "ldap://%s", replicahost );
+ replicahost = replicauri + STRLENOF( "ldap://");
+ nr = add_replica_info(c->be, replicauri, replicahost);
+ break;
+ } else if(!strncasecmp(c->argv[i], "uri=", STRLENOF("uri="))) {
+ ber_len_t len;
+
+ if ( replicauri ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> replica host/URI already specified", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n", c->log, c->msg, replicauri );
+ return(1);
+ }
+
+ if(ldap_url_parse(c->argv[i] + STRLENOF("uri="), &ludp) != LDAP_SUCCESS) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> invalid uri", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
+ return(1);
+ }
+ if(!ludp->lud_host) {
+ ldap_free_urldesc(ludp);
+ snprintf( c->msg, sizeof( c->msg ), "<%s> invalid uri - missing hostname",
+ c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
+ return(1);
+ }
+
+ len = strlen(ludp->lud_scheme) + strlen(ludp->lud_host) +
+ STRLENOF("://") + 1;
+ if (ludp->lud_port != LDAP_PORT) {
+ if (ludp->lud_port < 1 || ludp->lud_port > 65535) {
+ ldap_free_urldesc(ludp);
+ snprintf( c->msg, sizeof( c->msg ), "<%s> invalid port",
+ c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
+ return(1);
+ }
+ len += STRLENOF(":65535");
+ }
+ replicauri = ch_malloc( len );
+ replicahost = lutil_strcopy( replicauri, ludp->lud_scheme );
+ replicahost = lutil_strcopy( replicahost, "://" );
+ if (ludp->lud_port == LDAP_PORT) {
+ strcpy( replicahost, ludp->lud_host );
+ } else {
+ sprintf( replicahost, "%s:%d",ludp->lud_host,ludp->lud_port );
+ }
+ ldap_free_urldesc(ludp);
+ nr = add_replica_info(c->be, replicauri, replicahost);
+ break;
+ }
+ }
+ if(i == c->argc) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> missing host or uri", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
+ return(1);
+ } else if(nr == -1) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> unable to add replica", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n", c->log, c->msg,
+ replicauri ? replicauri : "" );
+ return(1);
+ } else {
+ for(i = 1; i < c->argc; i++) {
+ if(!strncasecmp(c->argv[i], "uri=", STRLENOF("uri="))) {
+ /* dealt with separately; don't let it get to bindconf */
+ ;
+
+ } else if(!strncasecmp(c->argv[i], "host=", STRLENOF("host="))) {
+ /* dealt with separately; don't let it get to bindconf */
+ ;
+
+
+ } else if(!strncasecmp(c->argv[i], "suffix=", STRLENOF( "suffix="))) {
+ switch(add_replica_suffix(c->be, nr, c->argv[i] + STRLENOF("suffix="))) {
+ case 1:
+ Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
+ "suffix \"%s\" in \"replica\" line is not valid for backend"
+ SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ c->log, c->argv[i] + STRLENOF("suffix="), 0);
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ return 1;
+#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
+ break;
+ case 2:
+ Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
+ "unable to normalize suffix in \"replica\" line"
+ SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ c->log, 0, 0);
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ return 1;
+#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
+ break;
+ }
+
+ } else if (!strncasecmp(c->argv[i], "attr", STRLENOF("attr"))
+ || !strncasecmp(c->argv[i], "attrs", STRLENOF("attrs")))
+ {
+ int exclude = 0;
+ char *arg = c->argv[i] + STRLENOF("attr");
+ if (arg[0] == 's') {
+ arg++;
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: \"attr\" "
+ "is deprecated (and undocumented); "
+ "use \"attrs\" instead.\n",
+ c->log, 0, 0 );
+ }
+ if(arg[0] == '!') {
+ arg++;
+ exclude = 1;
+ }
+ if(arg[0] != '=') {
+ continue;
+ }
+ if(add_replica_attrs(c->be, nr, arg + 1, exclude)) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> unknown attribute", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+ c->log, c->msg, arg + 1);
+ return(1);
+ }
+ } else if ( bindconf_parse( c->argv[i],
+ &c->be->be_replica[nr]->ri_bindconf ) ) {
+ return(1);
+ }
+ }
+ }
+ return(0);
+}
+
+static int
+config_updatedn(ConfigArgs *c) {
+ if (c->op == SLAP_CONFIG_EMIT) {
+ if (!BER_BVISEMPTY(&c->be->be_update_ndn)) {
+ value_add_one(&c->rvalue_vals, &c->be->be_update_ndn);
+ value_add_one(&c->rvalue_nvals, &c->be->be_update_ndn);
+ return 0;
+ }
+ return 1;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ ch_free( c->be->be_update_ndn.bv_val );
+ BER_BVZERO( &c->be->be_update_ndn );
+ SLAP_DBFLAGS(c->be) ^= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW);
+ return 0;
+ }
+ if(SLAP_SHADOW(c->be)) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> database already shadowed", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n",
+ c->log, c->msg, 0);
+ return(1);
+ }
+
+ ber_memfree_x( c->value_dn.bv_val, NULL );
+ if ( !BER_BVISNULL( &c->be->be_update_ndn ) ) {
+ ber_memfree_x( c->be->be_update_ndn.bv_val, NULL );
+ }
+ c->be->be_update_ndn = c->value_ndn;
+ BER_BVZERO( &c->value_dn );
+ BER_BVZERO( &c->value_ndn );
+
+ return config_slurp_shadow( c );
+}
+
+int
+config_shadow( ConfigArgs *c, int flag )
+{
+ char *notallowed = NULL;
+
+ if ( c->be == frontendDB ) {
+ notallowed = "frontend";
+
+ } else if ( SLAP_MONITOR(c->be) ) {
+ notallowed = "monitor";
+
+ } else if ( SLAP_CONFIG(c->be) ) {
+ notallowed = "config";
+ }
+
+ if ( notallowed != NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: %s database cannot be shadow.\n", c->log, notallowed, 0 );
+ return 1;
+ }
+
+ SLAP_DBFLAGS(c->be) |= (SLAP_DBFLAG_SHADOW | flag);
+
+ return 0;
+}
+
+static int
+config_updateref(ConfigArgs *c) {
+ struct berval val;
+ if (c->op == SLAP_CONFIG_EMIT) {
+ if ( c->be->be_update_refs ) {
+ value_add( &c->rvalue_vals, c->be->be_update_refs );
+ return 0;
+ } else {
+ return 1;
+ }
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ if ( c->valx < 0 ) {
+ ber_bvarray_free( c->be->be_update_refs );
+ c->be->be_update_refs = NULL;
+ } else {
+ int i = c->valx;
+ ch_free( c->be->be_update_refs[i].bv_val );
+ for (; c->be->be_update_refs[i].bv_val; i++)
+ c->be->be_update_refs[i] = c->be->be_update_refs[i+1];
+ }
+ return 0;
+ }
+ if(!SLAP_SHADOW(c->be)) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> must appear after syncrepl or updatedn",
+ c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n",
+ c->log, c->msg, 0);
+ return(1);
+ }
+
+ if(validate_global_referral(c->argv[1])) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> invalid URL", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
+ c->log, c->msg, c->argv[1]);
+ return(1);
+ }
+ ber_str2bv(c->argv[1], 0, 0, &val);
+ if(value_add_one(&c->be->be_update_refs, &val)) return(LDAP_OTHER);
+ return(0);
+}
+
+static int
+config_include(ConfigArgs *c) {
+ int savelineno = c->lineno;
+ int rc;
+ ConfigFile *cf;
+ ConfigFile *cfsave = cfn;
+ ConfigFile *cf2 = NULL;
+ if (c->op == SLAP_CONFIG_EMIT) {
+ if (c->private) {
+ ConfigFile *cf = c->private;
+ value_add_one( &c->rvalue_vals, &cf->c_file );
+ return 0;
+ }
+ return 1;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ }
+ cf = ch_calloc( 1, sizeof(ConfigFile));
+ if ( cfn->c_kids ) {
+ for (cf2=cfn->c_kids; cf2 && cf2->c_sibs; cf2=cf2->c_sibs) ;
+ cf2->c_sibs = cf;
+ } else {
+ cfn->c_kids = cf;
+ }
+ cfn = cf;
+ ber_str2bv( c->argv[1], 0, 1, &cf->c_file );
+ rc = read_config_file(c->argv[1], c->depth + 1, c, config_back_cf_table);
+ c->lineno = savelineno - 1;
+ cfn = cfsave;
+ if ( rc ) {
+ if ( cf2 ) cf2->c_sibs = NULL;
+ else cfn->c_kids = NULL;
+ ch_free( cf->c_file.bv_val );
+ ch_free( cf );
+ } else {
+ c->private = cf;
+ }
+ return(rc);
+}
+
+#ifdef HAVE_TLS
+static int
+config_tls_option(ConfigArgs *c) {
+ int flag;
+ switch(c->type) {
+ case CFG_TLS_RAND: flag = LDAP_OPT_X_TLS_RANDOM_FILE; break;
+ case CFG_TLS_CIPHER: flag = LDAP_OPT_X_TLS_CIPHER_SUITE; break;
+ case CFG_TLS_CERT_FILE: flag = LDAP_OPT_X_TLS_CERTFILE; break;
+ case CFG_TLS_CERT_KEY: flag = LDAP_OPT_X_TLS_KEYFILE; break;
+ case CFG_TLS_CA_PATH: flag = LDAP_OPT_X_TLS_CACERTDIR; break;
+ case CFG_TLS_CA_FILE: flag = LDAP_OPT_X_TLS_CACERTFILE; break;
+ case CFG_TLS_DH_FILE: flag = LDAP_OPT_X_TLS_DHFILE; break;
+ default: Debug(LDAP_DEBUG_ANY, "%s: "
+ "unknown tls_option <0x%x>\n",
+ c->log, c->type, 0);
+ return 1;
+ }
+ if (c->op == SLAP_CONFIG_EMIT) {
+ return ldap_pvt_tls_get_option( NULL, flag, &c->value_string );
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ return ldap_pvt_tls_set_option( NULL, flag, NULL );
+ }
+ ch_free(c->value_string);
+ return(ldap_pvt_tls_set_option(NULL, flag, c->argv[1]));
+}
+
+/* FIXME: this ought to be provided by libldap */
+static int
+config_tls_config(ConfigArgs *c) {
+ int i, flag;
+ slap_verbmasks crlkeys[] = {
+ { BER_BVC("none"), LDAP_OPT_X_TLS_CRL_NONE },
+ { BER_BVC("peer"), LDAP_OPT_X_TLS_CRL_PEER },
+ { BER_BVC("all"), LDAP_OPT_X_TLS_CRL_ALL },
+ { BER_BVNULL, 0 }
+ };
+ slap_verbmasks vfykeys[] = {
+ { BER_BVC("never"), LDAP_OPT_X_TLS_NEVER },
+ { BER_BVC("demand"), LDAP_OPT_X_TLS_DEMAND },
+ { BER_BVC("try"), LDAP_OPT_X_TLS_TRY },
+ { BER_BVC("hard"), LDAP_OPT_X_TLS_HARD },
+ { BER_BVNULL, 0 }
+ }, *keys;
+ switch(c->type) {
+ case CFG_TLS_CRLCHECK: flag = LDAP_OPT_X_TLS_CRLCHECK; keys = crlkeys; break;
+ case CFG_TLS_VERIFY: flag = LDAP_OPT_X_TLS_REQUIRE_CERT; keys = vfykeys; break;
+ default:
+ Debug(LDAP_DEBUG_ANY, "%s: "
+ "unknown tls_option <0x%x>\n",
+ c->log, c->type, 0);
+ return 1;
+ }
+ if (c->op == SLAP_CONFIG_EMIT) {
+ ldap_pvt_tls_get_option( NULL, flag, &c->value_int );
+ for (i=0; !BER_BVISNULL(&keys[i].word); i++) {
+ if (keys[i].mask == c->value_int) {
+ c->value_string = ch_strdup( keys[i].word.bv_val );
+ return 0;
+ }
+ }
+ return 1;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ int i = 0;
+ return ldap_pvt_tls_set_option( NULL, flag, &i );
+ }
+ ch_free( c->value_string );
+ if ( isdigit( (unsigned char)c->argv[1][0] ) ) {
+ if ( lutil_atoi( &i, c->argv[1] ) != 0 ) {
+ Debug(LDAP_DEBUG_ANY, "%s: "
+ "unable to parse %s \"%s\"\n",
+ c->log, c->argv[0], c->argv[1] );
+ return 1;
+ }
+ return(ldap_pvt_tls_set_option(NULL, flag, &i));
+ } else {
+ return(ldap_int_tls_config(NULL, flag, c->argv[1]));
+ }
+}
+#endif
+
+static CfEntryInfo *
+config_find_base( CfEntryInfo *root, struct berval *dn, CfEntryInfo **last )
+{
+ struct berval cdn;
+ char *c;
+
+ if ( !root ) {
+ *last = NULL;
+ return NULL;
+ }
+
+ if ( dn_match( &root->ce_entry->e_nname, dn ))
+ return root;
+
+ c = dn->bv_val+dn->bv_len;
+ for (;*c != ',';c--);
+
+ while(root) {
+ *last = root;
+ for (--c;c>dn->bv_val && *c != ',';c--);
+ cdn.bv_val = c;
+ if ( *c == ',' )
+ cdn.bv_val++;
+ cdn.bv_len = dn->bv_len - (cdn.bv_val - dn->bv_val);
+
+ root = root->ce_kids;
+
+ for (;root;root=root->ce_sibs) {
+ if ( dn_match( &root->ce_entry->e_nname, &cdn )) {
+ if ( cdn.bv_val == dn->bv_val ) {
+ return root;
+ }
+ break;
+ }
+ }
+ }
+ return root;
+}
+
+typedef struct setup_cookie {
+ CfBackInfo *cfb;
+ ConfigArgs *ca;
+} setup_cookie;
+
+static int
+config_ldif_resp( Operation *op, SlapReply *rs )
+{
+ if ( rs->sr_type == REP_SEARCH ) {
+ setup_cookie *sc = op->o_callback->sc_private;
+
+ sc->cfb->cb_got_ldif = 1;
+ rs->sr_err = config_add_internal( sc->cfb, rs->sr_entry, sc->ca, NULL, NULL );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "config error processing %s: %s\n",
+ rs->sr_entry->e_name.bv_val, sc->ca->msg, 0 );
+ }
+ }
+ return rs->sr_err;
+}
+
+/* Configure and read the underlying back-ldif store */
+static int
+config_setup_ldif( BackendDB *be, const char *dir, int readit ) {
+ CfBackInfo *cfb = be->be_private;
+ ConfigArgs c = {0};
+ ConfigTable *ct;
+ char *argv[3];
+ int rc = 0;
+ setup_cookie sc;
+ slap_callback cb = { NULL, config_ldif_resp, NULL, NULL };
+ Connection conn = {0};
+ OperationBuffer opbuf;
+ Operation *op;
+ SlapReply rs = {REP_RESULT};
+ Filter filter = { LDAP_FILTER_PRESENT };
+ struct berval filterstr = BER_BVC("(objectclass=*)");
+ struct stat st;
+
+ /* Is the config directory available? */
+ if ( stat( dir, &st ) < 0 ) {
+ /* No, so don't bother using the backing store.
+ * All changes will be in-memory only.
+ */
+ return 0;
+ }
+
+ cfb->cb_db.bd_info = backend_info( "ldif" );
+ if ( !cfb->cb_db.bd_info )
+ return 0; /* FIXME: eventually this will be a fatal error */
+
+ if ( backend_db_init( "ldif", &cfb->cb_db ) == NULL )
+ return 1;
+
+ cfb->cb_db.be_suffix = be->be_suffix;
+ cfb->cb_db.be_nsuffix = be->be_nsuffix;
+
+ /* The suffix is always "cn=config". The underlying DB's rootdn
+ * is always the same as the suffix.
+ */
+ cfb->cb_db.be_rootdn = be->be_suffix[0];
+ cfb->cb_db.be_rootndn = be->be_nsuffix[0];
+
+ ber_str2bv( dir, 0, 1, &cfdir );
+
+ c.be = &cfb->cb_db;
+ c.fname = "slapd";
+ c.argc = 2;
+ argv[0] = "directory";
+ argv[1] = (char *)dir;
+ argv[2] = NULL;
+ c.argv = argv;
+
+ ct = config_find_keyword( c.be->be_cf_ocs->co_table, &c );
+ if ( !ct )
+ return 1;
+
+ if ( config_add_vals( ct, &c ))
+ return 1;
+
+ if ( backend_startup_one( &cfb->cb_db ))
+ return 1;
+
+ if ( readit ) {
+ void *thrctx = ldap_pvt_thread_pool_context();
+
+ op = (Operation *) &opbuf;
+ connection_fake_init( &conn, op, thrctx );
+
+ filter.f_desc = slap_schema.si_ad_objectClass;
+
+ op->o_tag = LDAP_REQ_SEARCH;
+
+ op->ors_filter = &filter;
+ op->ors_filterstr = filterstr;
+ op->ors_scope = LDAP_SCOPE_SUBTREE;
+
+ op->o_dn = c.be->be_rootdn;
+ op->o_ndn = c.be->be_rootndn;
+
+ op->o_req_dn = be->be_suffix[0];
+ op->o_req_ndn = be->be_nsuffix[0];
+
+ op->ors_tlimit = SLAP_NO_LIMIT;
+ op->ors_slimit = SLAP_NO_LIMIT;
+
+ op->ors_attrs = slap_anlist_all_attributes;
+ op->ors_attrsonly = 0;
+
+ op->o_callback = &cb;
+ sc.cfb = cfb;
+ sc.ca = &c;
+ cb.sc_private = ≻
+
+ op->o_bd = &cfb->cb_db;
+ rc = op->o_bd->be_search( op, &rs );
+
+ ldap_pvt_thread_pool_context_reset( thrctx );
+ }
+
+ /* ITS#4194 - only use if it's present, or we're converting. */
+ if ( !readit || rc == LDAP_SUCCESS )
+ cfb->cb_use_ldif = 1;
+
+ return rc;
+}
+
+static int
+CfOc_cmp( const void *c1, const void *c2 ) {
+ const ConfigOCs *co1 = c1;
+ const ConfigOCs *co2 = c2;
+
+ return ber_bvcmp( co1->co_name, co2->co_name );
+}
+
+int
+config_register_schema(ConfigTable *ct, ConfigOCs *ocs) {
+ int i;
+
+ i = init_config_attrs( ct );
+ if ( i ) return i;
+
+ /* set up the objectclasses */
+ i = init_config_ocs( ocs );
+ if ( i ) return i;
+
+ for (i=0; ocs[i].co_def; i++) {
+ if ( ocs[i].co_oc ) {
+ ocs[i].co_name = &ocs[i].co_oc->soc_cname;
+ if ( !ocs[i].co_table )
+ ocs[i].co_table = ct;
+ avl_insert( &CfOcTree, &ocs[i], CfOc_cmp, avl_dup_error );
+ }
+ }
+ return 0;
+}
+
+int
+read_config(const char *fname, const char *dir) {
+ BackendDB *be;
+ CfBackInfo *cfb;
+ const char *cfdir, *cfname;
+ int rc;
+
+ /* Setup the config backend */
+ be = backend_db_init( "config", NULL );
+ if ( !be )
+ return 1;
+
+ cfb = be->be_private;
+
+ /* If no .conf, or a dir was specified, setup the dir */
+ if ( !fname || dir ) {
+ if ( dir ) {
+ /* If explicitly given, check for existence */
+ struct stat st;
+
+ if ( stat( dir, &st ) < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "invalid config directory %s, error %d\n",
+ dir, errno, 0 );
+ return 1;
+ }
+ cfdir = dir;
+ } else {
+ cfdir = SLAPD_DEFAULT_CONFIGDIR;
+ }
+ /* if fname is defaulted, try reading .d */
+ rc = config_setup_ldif( be, cfdir, !fname );
+
+ if ( rc ) {
+ /* It may be OK if the base object doesn't exist yet. */
+ if ( rc != LDAP_NO_SUCH_OBJECT )
+ return 1;
+ /* ITS#4194: But if dir was specified and no fname,
+ * then we were supposed to read the dir. Unless we're
+ * trying to slapadd the dir...
+ */
+ if ( dir && !fname ) {
+ if ( slapMode & (SLAP_SERVER_MODE|SLAP_TOOL_READMAIN|SLAP_TOOL_READONLY))
+ return 1;
+ /* Assume it's slapadd with a config dir, let it continue */
+ rc = 0;
+ cfb->cb_got_ldif = 1;
+ cfb->cb_use_ldif = 1;
+ goto done;
+ }
+ }
+
+ /* If we read the config from back-ldif, nothing to do here */
+ if ( cfb->cb_got_ldif ) {
+ rc = 0;
+ goto done;
+ }
+ }
+
+ if ( fname )
+ cfname = fname;
+ else
+ cfname = SLAPD_DEFAULT_CONFIGFILE;
+
+ rc = read_config_file(cfname, 0, NULL, config_back_cf_table);
+
+ if ( rc == 0 )
+ ber_str2bv( cfname, 0, 1, &cfb->cb_config->c_file );
+
+done:
+ if ( rc == 0 && BER_BVISNULL( &frontendDB->be_schemadn ) ) {
+ ber_str2bv( SLAPD_SCHEMA_DN, STRLENOF( SLAPD_SCHEMA_DN ), 1,
+ &frontendDB->be_schemadn );
+ rc = dnNormalize( 0, NULL, NULL, &frontendDB->be_schemadn, &frontendDB->be_schemandn, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug(LDAP_DEBUG_ANY, "read_config: "
+ "unable to normalize default schema DN \"%s\"\n",
+ frontendDB->be_schemadn.bv_val, 0, 0 );
+ /* must not happen */
+ assert( 0 );
+ }
+ }
+ return rc;
+}
+
+static int
+config_back_bind( Operation *op, SlapReply *rs )
+{
+ if ( op->orb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op )) {
+ ber_dupbv( &op->orb_edn, be_root_dn( op->o_bd ));
+ /* frontend sends result */
+ return LDAP_SUCCESS;
+ }
+
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ send_ldap_result( op, rs );
+
+ return rs->sr_err;
+}
+
+static int
+config_send( Operation *op, SlapReply *rs, CfEntryInfo *ce, int depth )
+{
+ int rc = 0;
+
+ if ( test_filter( op, ce->ce_entry, op->ors_filter ) == LDAP_COMPARE_TRUE )
+ {
+ rs->sr_attrs = op->ors_attrs;
+ rs->sr_entry = ce->ce_entry;
+ rs->sr_flags = 0;
+ rc = send_search_entry( op, rs );
+ }
+ if ( op->ors_scope == LDAP_SCOPE_SUBTREE ) {
+ if ( ce->ce_kids ) {
+ rc = config_send( op, rs, ce->ce_kids, 1 );
+ if ( rc ) return rc;
+ }
+ if ( depth ) {
+ for (ce=ce->ce_sibs; ce; ce=ce->ce_sibs) {
+ rc = config_send( op, rs, ce, 0 );
+ if ( rc ) break;
+ }
+ }
+ }
+ return rc;
+}
+
+static ConfigTable *
+config_find_table( ConfigOCs **colst, int nocs, AttributeDescription *ad )
+{
+ int i, j;
+
+ for (j=0; j<nocs; j++) {
+ for (i=0; colst[j]->co_table[i].name; i++)
+ if ( colst[j]->co_table[i].ad == ad )
+ return &colst[j]->co_table[i];
+ }
+ return NULL;
+}
+
+/* Sort the attributes of the entry according to the order defined
+ * in the objectclass, with required attributes occurring before
+ * allowed attributes. For any attributes with sequencing dependencies
+ * (e.g., rootDN must be defined after suffix) the objectclass must
+ * list the attributes in the desired sequence.
+ */
+static void
+sort_attrs( Entry *e, ConfigOCs **colst, int nocs )
+{
+ Attribute *a, *head = NULL, *tail = NULL, **prev;
+ int i, j;
+
+ for (i=0; i<nocs; i++) {
+ if ( colst[i]->co_oc->soc_required ) {
+ AttributeType **at = colst[i]->co_oc->soc_required;
+ for (j=0; at[j]; j++) {
+ for (a=e->e_attrs, prev=&e->e_attrs; a;
+ prev = &(*prev)->a_next, a=a->a_next) {
+ if ( a->a_desc == at[j]->sat_ad ) {
+ *prev = a->a_next;
+ if (!head) {
+ head = a;
+ tail = a;
+ } else {
+ tail->a_next = a;
+ tail = a;
+ }
+ break;
+ }
+ }
+ }
+ }
+ if ( colst[i]->co_oc->soc_allowed ) {
+ AttributeType **at = colst[i]->co_oc->soc_allowed;
+ for (j=0; at[j]; j++) {
+ for (a=e->e_attrs, prev=&e->e_attrs; a;
+ prev = &(*prev)->a_next, a=a->a_next) {
+ if ( a->a_desc == at[j]->sat_ad ) {
+ *prev = a->a_next;
+ if (!head) {
+ head = a;
+ tail = a;
+ } else {
+ tail->a_next = a;
+ tail = a;
+ }
+ break;
+ }
+ }
+ }
+ }
+ }
+ if ( tail ) {
+ tail->a_next = e->e_attrs;
+ e->e_attrs = head;
+ }
+}
+
+static int
+check_vals( ConfigTable *ct, ConfigArgs *ca, void *ptr, int isAttr )
+{
+ Attribute *a = NULL;
+ AttributeDescription *ad;
+ BerVarray vals;
+
+ int i, rc = 0, sort = 0;
+
+ if ( isAttr ) {
+ a = ptr;
+ ad = a->a_desc;
+ vals = a->a_vals;
+ } else {
+ Modifications *ml = ptr;
+ ad = ml->sml_desc;
+ vals = ml->sml_values;
+ }
+
+ if ( a && ( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL )) {
+ sort = 1;
+ rc = ordered_value_sort( a, 1 );
+ if ( rc ) {
+ snprintf(ca->msg, sizeof( ca->msg ), "ordered_value_sort failed on attr %s\n",
+ ad->ad_cname.bv_val );
+ return rc;
+ }
+ }
+ for ( i=0; vals[i].bv_val; i++ ) {
+ ca->line = vals[i].bv_val;
+ if ( sort ) {
+ char *idx = strchr( ca->line, '}' );
+ if ( idx ) ca->line = idx+1;
+ }
+ rc = config_parse_vals( ct, ca, i );
+ if ( rc ) {
+ break;
+ }
+ }
+ return rc;
+}
+
+static int
+check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e,
+ SlapReply *rs, int *renum )
+{
+ CfEntryInfo *ce;
+ int index = -1, gotindex = 0, nsibs;
+ int renumber = 0, tailindex = 0;
+ char *ptr1, *ptr2 = NULL;
+ struct berval rdn;
+
+ if ( renum ) *renum = 0;
+
+ /* These entries don't get indexed/renumbered */
+ if ( ce_type == Cft_Global ) return 0;
+ if ( ce_type == Cft_Schema && parent->ce_type == Cft_Global ) return 0;
+
+ if ( ce_type == Cft_Include || ce_type == Cft_Module )
+ tailindex = 1;
+
+ /* See if the rdn has an index already */
+ dnRdn( &e->e_name, &rdn );
+ ptr1 = ber_bvchr( &e->e_name, '{' );
+ if ( ptr1 && ptr1 - e->e_name.bv_val < rdn.bv_len ) {
+ char *next;
+ ptr2 = strchr( ptr1, '}' );
+ if (!ptr2 || ptr2 - e->e_name.bv_val > rdn.bv_len)
+ return LDAP_NAMING_VIOLATION;
+ if ( ptr2-ptr1 == 1)
+ return LDAP_NAMING_VIOLATION;
+ gotindex = 1;
+ index = strtol( ptr1 + 1, &next, 10 );
+ if ( next == ptr1 + 1 || next[ 0 ] != '}' ) {
+ return LDAP_NAMING_VIOLATION;
+ }
+ if ( index < 0 ) {
+ /* Special case, we allow -1 for the frontendDB */
+ if ( index != -1 || ce_type != Cft_Database ||
+ strncmp( ptr2+1, "frontend,", STRLENOF("frontend,") ))
+
+ return LDAP_NAMING_VIOLATION;
+ }
+ }
+
+ /* count related kids */
+ for (nsibs=0, ce=parent->ce_kids; ce; ce=ce->ce_sibs) {
+ if ( ce->ce_type == ce_type ) nsibs++;
+ }
+
+ if ( index != nsibs ) {
+ if ( gotindex ) {
+ if ( index < nsibs ) {
+ if ( tailindex ) return LDAP_NAMING_VIOLATION;
+ /* Siblings need to be renumbered */
+ renumber = 1;
+ }
+ }
+ if ( !renumber ) {
+ struct berval ival, newrdn, nnewrdn;
+ struct berval rtype, rval;
+ Attribute *a;
+ AttributeDescription *ad = NULL;
+ char ibuf[32];
+ const char *text;
+
+ rval.bv_val = strchr(rdn.bv_val, '=' ) + 1;
+ rval.bv_len = rdn.bv_len - (rval.bv_val - rdn.bv_val);
+ rtype.bv_val = rdn.bv_val;
+ rtype.bv_len = rval.bv_val - rtype.bv_val - 1;
+
+ /* Find attr */
+ slap_bv2ad( &rtype, &ad, &text );
+ a = attr_find( e->e_attrs, ad );
+ if (!a ) return LDAP_NAMING_VIOLATION;
+
+ ival.bv_val = ibuf;
+ ival.bv_len = snprintf( ibuf, sizeof( ibuf ), SLAP_X_ORDERED_FMT, nsibs );
+ if ( ival.bv_len >= sizeof( ibuf ) ) {
+ return LDAP_NAMING_VIOLATION;
+ }
+
+ newrdn.bv_len = rdn.bv_len + ival.bv_len;
+ newrdn.bv_val = ch_malloc( newrdn.bv_len+1 );
+
+ if ( tailindex ) {
+ ptr1 = lutil_strncopy( newrdn.bv_val, rdn.bv_val, rdn.bv_len );
+ ptr1 = lutil_strcopy( ptr1, ival.bv_val );
+ } else {
+ int xlen;
+ if ( !gotindex ) {
+ ptr2 = rval.bv_val;
+ xlen = rval.bv_len;
+ } else {
+ xlen = rdn.bv_len - (ptr2 - rdn.bv_val);
+ }
+ ptr1 = lutil_strncopy( newrdn.bv_val, rtype.bv_val,
+ rtype.bv_len );
+ *ptr1++ = '=';
+ ptr1 = lutil_strcopy( ptr1, ival.bv_val );
+ ptr1 = lutil_strncopy( ptr1, ptr2, xlen );
+ *ptr1 = '\0';
+ }
+
+ /* Do the equivalent of ModRDN */
+ /* Replace DN / NDN */
+ newrdn.bv_len = ptr1 - newrdn.bv_val;
+ rdnNormalize( 0, NULL, NULL, &newrdn, &nnewrdn, NULL );
+ free( e->e_name.bv_val );
+ build_new_dn( &e->e_name, &parent->ce_entry->e_name,
+ &newrdn, NULL );
+ free( e->e_nname.bv_val );
+ build_new_dn( &e->e_nname, &parent->ce_entry->e_nname,
+ &nnewrdn, NULL );
+
+ /* Replace attr */
+ free( a->a_vals[0].bv_val );
+ ptr1 = strchr( newrdn.bv_val, '=' ) + 1;
+ a->a_vals[0].bv_len = newrdn.bv_len - (ptr1 - newrdn.bv_val);
+ a->a_vals[0].bv_val = ch_malloc( a->a_vals[0].bv_len + 1 );
+ strcpy( a->a_vals[0].bv_val, ptr1 );
+
+ if ( a->a_nvals != a->a_vals ) {
+ free( a->a_nvals[0].bv_val );
+ ptr1 = strchr( nnewrdn.bv_val, '=' ) + 1;
+ a->a_nvals[0].bv_len = nnewrdn.bv_len - (ptr1 - nnewrdn.bv_val);
+ a->a_nvals[0].bv_val = ch_malloc( a->a_nvals[0].bv_len + 1 );
+ strcpy( a->a_nvals[0].bv_val, ptr1 );
+ }
+ free( nnewrdn.bv_val );
+ free( newrdn.bv_val );
+ }
+ }
+ if ( renum ) *renum = renumber;
+ return 0;
+}
+
+static ConfigOCs **
+count_ocs( Attribute *oc_at, int *nocs )
+{
+ int i, j, n;
+ ConfigOCs co, *coptr, **colst;
+
+ /* count the objectclasses */
+ for ( i=0; oc_at->a_nvals[i].bv_val; i++ );
+ n = i;
+ colst = (ConfigOCs **)ch_malloc( n * sizeof(ConfigOCs *));
+
+ for ( i=0, j=0; i<n; i++) {
+ co.co_name = &oc_at->a_nvals[i];
+ coptr = avl_find( CfOcTree, &co, CfOc_cmp );
+
+ /* ignore non-config objectclasses. probably should be
+ * an error, general data doesn't belong here.
+ */
+ if ( !coptr ) continue;
+
+ /* Ignore the root objectclass, it has no implementation.
+ */
+ if ( coptr->co_type == Cft_Abstract ) continue;
+ colst[j++] = coptr;
+ }
+ *nocs = j;
+ return colst;
+}
+
+static int
+cfAddInclude( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
+{
+ if ( p->ce_type != Cft_Global && p->ce_type != Cft_Include )
+ return LDAP_CONSTRAINT_VIOLATION;
+
+ /* If we're reading from a configdir, don't parse this entry */
+ if ( ca->lineno )
+ return LDAP_COMPARE_TRUE;
+
+ cfn = p->ce_private;
+ ca->private = cfn;
+ return LDAP_SUCCESS;
+}
+
+static int
+cfAddSchema( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
+{
+ ConfigFile *cfo;
+
+ /* This entry is hardcoded, don't re-parse it */
+ if ( p->ce_type == Cft_Global ) {
+ cfn = p->ce_private;
+ ca->private = cfn;
+ return LDAP_COMPARE_TRUE;
+ }
+ if ( p->ce_type != Cft_Schema )
+ return LDAP_CONSTRAINT_VIOLATION;
+
+ cfn = ch_calloc( 1, sizeof(ConfigFile) );
+ ca->private = cfn;
+ cfo = p->ce_private;
+ cfn->c_sibs = cfo->c_kids;
+ cfo->c_kids = cfn;
+ return LDAP_SUCCESS;
+}
+
+static int
+cfAddDatabase( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
+{
+ if ( p->ce_type != Cft_Global )
+ return LDAP_CONSTRAINT_VIOLATION;
+ ca->be = frontendDB; /* just to get past check_vals */
+ return LDAP_SUCCESS;
+}
+
+static int
+cfAddBackend( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
+{
+ if ( p->ce_type != Cft_Global )
+ return LDAP_CONSTRAINT_VIOLATION;
+ return LDAP_SUCCESS;
+}
+
+static int
+cfAddModule( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
+{
+ if ( p->ce_type != Cft_Global )
+ return LDAP_CONSTRAINT_VIOLATION;
+ return LDAP_SUCCESS;
+}
+
+static int
+cfAddOverlay( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
+{
+ if ( p->ce_type != Cft_Database )
+ return LDAP_CONSTRAINT_VIOLATION;
+ ca->be = p->ce_be;
+ return LDAP_SUCCESS;
+}
+
+/* Parse an LDAP entry into config directives */
+static int
+config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs, int *renum )
+{
+ CfEntryInfo *ce, *last;
+ ConfigOCs **colst;
+ Attribute *a, *oc_at;
+ int i, nocs, rc = 0;
+ struct berval pdn;
+ ConfigTable *ct;
+ char *ptr;
+
+ /* Make sure parent exists and entry does not */
+ ce = config_find_base( cfb->cb_root, &e->e_nname, &last );
+ if ( ce )
+ return LDAP_ALREADY_EXISTS;
+
+ dnParent( &e->e_nname, &pdn );
+
+ /* If last is NULL, the new entry is the root/suffix entry,
+ * otherwise last should be the parent.
+ */
+ if ( last && !dn_match( &last->ce_entry->e_nname, &pdn )) {
+ if ( rs )
+ rs->sr_matched = last->ce_entry->e_name.bv_val;
+ return LDAP_NO_SUCH_OBJECT;
+ }
+
+ oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
+ if ( !oc_at ) return LDAP_OBJECT_CLASS_VIOLATION;
+
+ memset( ca, 0, sizeof(ConfigArgs));
+
+ /* Fake the coordinates based on whether we're part of an
+ * LDAP Add or if reading the config dir
+ */
+ if ( rs ) {
+ ca->fname = "slapd";
+ ca->lineno = 0;
+ } else {
+ ca->fname = cfdir.bv_val;
+ ca->lineno = 1;
+ }
+
+ colst = count_ocs( oc_at, &nocs );
+
+ /* Only the root can be Cft_Global, everything else must
+ * have a parent. Only limited nesting arrangements are allowed.
+ */
+ rc = LDAP_CONSTRAINT_VIOLATION;
+ if ( colst[0]->co_type == Cft_Global && !last ) {
+ cfn = cfb->cb_config;
+ ca->private = cfn;
+ ca->be = frontendDB; /* just to get past check_vals */
+ rc = LDAP_SUCCESS;
+ }
+
+ /* Check whether the Add is allowed by its parent, and do
+ * any necessary arg setup
+ */
+ if ( last ) {
+ for ( i=0; i<nocs; i++ ) {
+ if ( colst[i]->co_ldadd &&
+ ( rc = colst[i]->co_ldadd( last, e, ca ))
+ != LDAP_CONSTRAINT_VIOLATION ) {
+ break;
+ }
+ }
+ }
+
+ /* Add the entry but don't parse it, we already have its contents */
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ rc = LDAP_SUCCESS;
+ goto ok;
+ }
+
+ if ( rc != LDAP_SUCCESS )
+ goto done;
+
+ /* Parse all the values and check for simple syntax errors before
+ * performing any set actions.
+ *
+ * If doing an LDAPadd, check for indexed names and any necessary
+ * renaming/renumbering. Entries that don't need indexed names are
+ * ignored. Entries that need an indexed name and arrive without one
+ * are assigned to the end. Entries that arrive with an index may
+ * cause the following entries to be renumbered/bumped down.
+ *
+ * Note that "pseudo-indexed" entries (cn=Include{xx}, cn=Module{xx})
+ * don't allow Adding an entry with an index that's already in use.
+ * This is flagged as an error (LDAP_ALREADY_EXISTS) up above.
+ *
+ * These entries can have auto-assigned indexes (appended to the end)
+ * but only the other types support auto-renumbering of siblings.
+ */
+ rc = check_name_index( last, colst[0]->co_type, e, rs, renum );
+ if ( rc )
+ goto done;
+
+ init_config_argv( ca );
+
+ /* Make sure we process attrs in the required order */
+ sort_attrs( e, colst, nocs );
+
+ for ( a=e->e_attrs; a; a=a->a_next ) {
+ if ( a == oc_at ) continue;
+ ct = config_find_table( colst, nocs, a->a_desc );
+ if ( !ct ) continue; /* user data? */
+ rc = check_vals( ct, ca, a, 1 );
+ if ( rc ) goto done;
+ }
+
+ /* Basic syntax checks are OK. Do the actual settings. */
+ for ( a=e->e_attrs; a; a=a->a_next ) {
+ if ( a == oc_at ) continue;
+ ct = config_find_table( colst, nocs, a->a_desc );
+ if ( !ct ) continue; /* user data? */
+ for (i=0; a->a_vals[i].bv_val; i++) {
+ ca->line = a->a_vals[i].bv_val;
+ if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED ) {
+ ptr = strchr( ca->line, '}' );
+ if ( ptr ) ca->line = ptr+1;
+ }
+ ca->valx = i;
+ rc = config_parse_add( ct, ca );
+ if ( rc ) {
+ rc = LDAP_OTHER;
+ goto done;
+ }
+ }
+ }
+ok:
+ /* Newly added databases and overlays need to be started up */
+ if ( CONFIG_ONLINE_ADD( ca )) {
+ if ( colst[0]->co_type == Cft_Database ) {
+ rc = backend_startup_one( ca->be );
+
+ } else if ( colst[0]->co_type == Cft_Overlay ) {
+ if ( ca->bi->bi_db_open ) {
+ BackendInfo *bi_orig = ca->be->bd_info;
+ ca->be->bd_info = ca->bi;
+ rc = ca->bi->bi_db_open( ca->be );
+ ca->be->bd_info = bi_orig;
+ }
+ }
+ if ( rc ) {
+ snprintf( ca->msg, sizeof( ca->msg ), "<%s> failed startup", ca->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
+ ca->log, ca->msg, ca->argv[1] );
+ rc = LDAP_OTHER;
+ goto done;
+ }
+ }
+
+ ce = ch_calloc( 1, sizeof(CfEntryInfo) );
+ ce->ce_parent = last;
+ ce->ce_entry = entry_dup( e );
+ ce->ce_entry->e_private = ce;
+ ce->ce_type = colst[0]->co_type;
+ ce->ce_be = ca->be;
+ ce->ce_bi = ca->bi;
+ ce->ce_private = ca->private;
+ if ( !last ) {
+ cfb->cb_root = ce;
+ } else if ( last->ce_kids ) {
+ CfEntryInfo *c2;
+
+ for (c2=last->ce_kids; c2 && c2->ce_sibs; c2 = c2->ce_sibs);
+
+ c2->ce_sibs = ce;
+ } else {
+ last->ce_kids = ce;
+ }
+
+done:
+ if ( rc ) {
+ if ( (colst[0]->co_type == Cft_Database) && ca->be ) {
+ if ( ca->be != frontendDB )
+ backend_destroy_one( ca->be, 1 );
+ } else if ( (colst[0]->co_type == Cft_Overlay) && ca->bi ) {
+ overlay_destroy_one( ca->be, (slap_overinst *)ca->bi );
+ }
+ }
+
+ ch_free( ca->argv );
+ if ( colst ) ch_free( colst );
+ return rc;
+}
+
+/* Parse an LDAP entry into config directives, then store in underlying
+ * database.
+ */
+static int
+config_back_add( Operation *op, SlapReply *rs )
+{
+ CfBackInfo *cfb;
+ int renumber;
+ ConfigArgs ca;
+
+ if ( !be_isroot( op ) ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto out;
+ }
+
+ cfb = (CfBackInfo *)op->o_bd->be_private;
+
+ ldap_pvt_thread_pool_pause( &connection_pool );
+
+ /* Strategy:
+ * 1) check for existence of entry
+ * 2) check for sibling renumbering
+ * 3) perform internal add
+ * 4) store entry in underlying database
+ * 5) perform any necessary renumbering
+ */
+ rs->sr_err = config_add_internal( cfb, op->ora_e, &ca, rs, &renumber );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ rs->sr_text = ca.msg;
+ } else if ( cfb->cb_use_ldif ) {
+ BackendDB *be = op->o_bd;
+ slap_callback sc = { NULL, slap_null_cb, NULL, NULL };
+ struct berval dn, ndn;
+
+ op->o_bd = &cfb->cb_db;
+
+ /* Save current rootdn; use the underlying DB's rootdn */
+ dn = op->o_dn;
+ ndn = op->o_ndn;
+ op->o_dn = op->o_bd->be_rootdn;
+ op->o_ndn = op->o_bd->be_rootndn;
+
+ sc.sc_next = op->o_callback;
+ op->o_callback = ≻
+ op->o_bd->be_add( op, rs );
+ op->o_bd = be;
+ op->o_callback = sc.sc_next;
+ op->o_dn = dn;
+ op->o_ndn = ndn;
+ }
+ if ( renumber ) {
+ }
+
+ ldap_pvt_thread_pool_resume( &connection_pool );
+
+out:
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+}
+
+typedef struct delrec {
+ struct delrec *next;
+ int nidx;
+ int idx[1];
+} delrec;
+
+static int
+config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
+ ConfigArgs *ca )
+{
+ int rc = LDAP_UNWILLING_TO_PERFORM;
+ Modifications *ml;
+ Entry *e = ce->ce_entry;
+ Attribute *save_attrs = e->e_attrs, *oc_at;
+ ConfigTable *ct;
+ ConfigOCs **colst;
+ int i, nocs;
+ char *ptr;
+ delrec *dels = NULL, *deltail = NULL;
+
+ oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
+ if ( !oc_at ) return LDAP_OBJECT_CLASS_VIOLATION;
+
+ colst = count_ocs( oc_at, &nocs );
+
+ e->e_attrs = attrs_dup( e->e_attrs );
+
+ init_config_argv( ca );
+ ca->be = ce->ce_be;
+ ca->bi = ce->ce_bi;
+ ca->private = ce->ce_private;
+ ca->ca_entry = e;
+ ca->fname = "slapd";
+ strcpy( ca->log, "back-config" );
+
+ for (ml = op->orm_modlist; ml; ml=ml->sml_next) {
+ ct = config_find_table( colst, nocs, ml->sml_desc );
+ switch (ml->sml_op) {
+ case LDAP_MOD_DELETE:
+ case LDAP_MOD_REPLACE: {
+ BerVarray vals = NULL, nvals = NULL;
+ int *idx = NULL;
+ if ( ct && ( ct->arg_type & ARG_NO_DELETE )) {
+ rc = LDAP_OTHER;
+ snprintf(ca->msg, sizeof(ca->msg), "cannot delete %s",
+ ml->sml_desc->ad_cname.bv_val );
+ goto out;
+ }
+ if ( ml->sml_op == LDAP_MOD_REPLACE ) {
+ vals = ml->sml_values;
+ nvals = ml->sml_nvalues;
+ ml->sml_values = NULL;
+ ml->sml_nvalues = NULL;
+ }
+ /* If we're deleting by values, remember the indexes of the
+ * values we deleted.
+ */
+ if ( ct && ml->sml_values ) {
+ delrec *d;
+ for (i=0; ml->sml_values[i].bv_val; i++);
+ d = ch_malloc( sizeof(delrec) + (i - 1)* sizeof(int));
+ d->nidx = i;
+ d->next = NULL;
+ if ( dels ) {
+ deltail->next = d;
+ } else {
+ dels = d;
+ }
+ deltail = d;
+ idx = d->idx;
+ }
+ rc = modify_delete_vindex(e, &ml->sml_mod,
+ get_permissiveModify(op),
+ &rs->sr_text, ca->msg, sizeof(ca->msg), idx );
+ if ( ml->sml_op == LDAP_MOD_REPLACE ) {
+ ml->sml_values = vals;
+ ml->sml_nvalues = nvals;
+ }
+ if ( !vals )
+ break;
+ }
+ /* FALLTHRU: LDAP_MOD_REPLACE && vals */
+
+ case LDAP_MOD_ADD:
+ case SLAP_MOD_SOFTADD: {
+ int mop = ml->sml_op;
+ int navals = -1;
+ ml->sml_op = LDAP_MOD_ADD;
+ if ( ct ) {
+ if ( ct->arg_type & ARG_NO_INSERT ) {
+ Attribute *a = attr_find( e->e_attrs, ml->sml_desc );
+ if ( a ) {
+ for (i = 0; a->a_vals[i].bv_val; i++ );
+ navals = i;
+ }
+ }
+ for ( i=0; !BER_BVISNULL( &ml->sml_values[i] ); i++ ) {
+ if ( ml->sml_values[i].bv_val[0] == '{' &&
+ navals >= 0 )
+ {
+ char *next, *val = ml->sml_values[i].bv_val + 1;
+ int j;
+
+ j = strtol( val, &next, 0 );
+ if ( next == val || next[ 0 ] != '}' || j < navals ) {
+ rc = LDAP_OTHER;
+ snprintf(ca->msg, sizeof(ca->msg), "cannot insert %s",
+ ml->sml_desc->ad_cname.bv_val );
+ goto out;
+ }
+ }
+ rc = check_vals( ct, ca, ml, 0 );
+ if ( rc ) goto out;
+ }
+ }
+ rc = modify_add_values(e, &ml->sml_mod,
+ get_permissiveModify(op),
+ &rs->sr_text, ca->msg, sizeof(ca->msg) );
+
+ /* If value already exists, show success here
+ * and ignore this operation down below.
+ */
+ if ( mop == SLAP_MOD_SOFTADD ) {
+ if ( rc == LDAP_TYPE_OR_VALUE_EXISTS )
+ rc = LDAP_SUCCESS;
+ else
+ mop = LDAP_MOD_ADD;
+ }
+ ml->sml_op = mop;
+ break;
+ }
+
+ break;
+ case LDAP_MOD_INCREMENT: /* FIXME */
+ break;
+ default:
+ break;
+ }
+ if(rc != LDAP_SUCCESS) break;
+ }
+
+ if(rc == LDAP_SUCCESS) {
+ /* check that the entry still obeys the schema */
+ rc = entry_schema_check(op, e, NULL, 0,
+ &rs->sr_text, ca->msg, sizeof(ca->msg) );
+ }
+ if ( rc == LDAP_SUCCESS ) {
+ /* Basic syntax checks are OK. Do the actual settings. */
+ for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
+ ct = config_find_table( colst, nocs, ml->sml_desc );
+ if ( !ct ) continue;
+
+ switch (ml->sml_op) {
+ case LDAP_MOD_DELETE:
+ case LDAP_MOD_REPLACE: {
+ BerVarray vals = NULL, nvals = NULL;
+ Attribute *a;
+ delrec *d = NULL;
+
+ a = attr_find( e->e_attrs, ml->sml_desc );
+
+ if ( ml->sml_op == LDAP_MOD_REPLACE ) {
+ vals = ml->sml_values;
+ nvals = ml->sml_nvalues;
+ ml->sml_values = NULL;
+ ml->sml_nvalues = NULL;
+ }
+
+ if ( ml->sml_values )
+ d = dels;
+
+ /* If we didn't delete the whole attribute */
+ if ( ml->sml_values && a ) {
+ struct berval *mvals;
+ int j;
+
+ if ( ml->sml_nvalues )
+ mvals = ml->sml_nvalues;
+ else
+ mvals = ml->sml_values;
+
+ /* use the indexes we saved up above */
+ for (i=0; i < d->nidx; i++) {
+ struct berval bv = *mvals++;
+ if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED &&
+ bv.bv_val[0] == '{' ) {
+ ptr = strchr( bv.bv_val, '}' ) + 1;
+ bv.bv_len -= ptr - bv.bv_val;
+ bv.bv_val = ptr;
+ }
+ ca->line = bv.bv_val;
+ ca->valx = d->idx[i];
+ rc = config_del_vals( ct, ca );
+ if ( rc != LDAP_SUCCESS ) break;
+ for (j=i+1; j < d->nidx; j++)
+ if ( d->idx[j] >d->idx[i] )
+ d->idx[j]--;
+ }
+ } else {
+ ca->valx = -1;
+ ca->line = NULL;
+ rc = config_del_vals( ct, ca );
+ if ( rc ) rc = LDAP_OTHER;
+ }
+ if ( ml->sml_values ) {
+ ch_free( dels );
+ dels = d->next;
+ }
+ if ( ml->sml_op == LDAP_MOD_REPLACE ) {
+ ml->sml_values = vals;
+ ml->sml_nvalues = nvals;
+ }
+ if ( !vals || rc != LDAP_SUCCESS )
+ break;
+ }
+ /* FALLTHRU: LDAP_MOD_REPLACE && vals */
+
+ case LDAP_MOD_ADD:
+ for (i=0; ml->sml_values[i].bv_val; i++) {
+ ca->line = ml->sml_values[i].bv_val;
+ ca->valx = -1;
+ if ( ml->sml_desc->ad_type->sat_flags & SLAP_AT_ORDERED &&
+ ca->line[0] == '{' )
+ {
+ ptr = strchr( ca->line + 1, '}' );
+ if ( ptr ) {
+ char *next;
+
+ ca->valx = strtol( ca->line + 1, &next, 0 );
+ if ( next == ca->line + 1 || next[ 0 ] != '}' ) {
+ rc = LDAP_OTHER;
+ goto out;
+ }
+ ca->line = ptr+1;
+ }
+ }
+ rc = config_parse_add( ct, ca );
+ if ( rc ) {
+ rc = LDAP_OTHER;
+ goto out;
+ }
+ }
+
+ break;
+ }
+ }
+ }
+
+out:
+ if ( ca->cleanup )
+ ca->cleanup( ca );
+ if ( rc == LDAP_SUCCESS ) {
+ attrs_free( save_attrs );
+ } else {
+ attrs_free( e->e_attrs );
+ e->e_attrs = save_attrs;
+ }
+ ch_free( ca->argv );
+ if ( colst ) ch_free( colst );
+
+ return rc;
+}
+
+static int
+config_back_modify( Operation *op, SlapReply *rs )
+{
+ CfBackInfo *cfb;
+ CfEntryInfo *ce, *last;
+ Modifications *ml;
+ ConfigArgs ca = {0};
+ struct berval rdn;
+ char *ptr;
+ AttributeDescription *rad = NULL;
+
+ if ( !be_isroot( op ) ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto out;
+ }
+
+ cfb = (CfBackInfo *)op->o_bd->be_private;
+
+ ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
+ if ( !ce ) {
+ if ( last )
+ rs->sr_matched = last->ce_entry->e_name.bv_val;
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ goto out;
+ }
+
+ /* Get type of RDN */
+ rdn = ce->ce_entry->e_nname;
+ ptr = strchr( rdn.bv_val, '=' );
+ rdn.bv_len = ptr - rdn.bv_val;
+ slap_bv2ad( &rdn, &rad, &rs->sr_text );
+
+ /* Some basic validation... */
+ for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
+ /* Don't allow Modify of RDN; must use ModRdn for that. */
+ if ( ml->sml_desc == rad ) {
+ rs->sr_err = LDAP_NOT_ALLOWED_ON_RDN;
+ rs->sr_text = "Use modrdn to change the entry name";
+ goto out;
+ }
+ }
+
+ ldap_pvt_thread_pool_pause( &connection_pool );
+
+ /* Strategy:
+ * 1) perform the Modify on the cached Entry.
+ * 2) verify that the Entry still satisfies the schema.
+ * 3) perform the individual config operations.
+ * 4) store Modified entry in underlying LDIF backend.
+ */
+ rs->sr_err = config_modify_internal( ce, op, rs, &ca );
+ if ( rs->sr_err ) {
+ rs->sr_text = ca.msg;
+ } else if ( cfb->cb_use_ldif ) {
+ BackendDB *be = op->o_bd;
+ slap_callback sc = { NULL, slap_null_cb, NULL, NULL };
+ struct berval dn, ndn;
+
+ op->o_bd = &cfb->cb_db;
+
+ dn = op->o_dn;
+ ndn = op->o_ndn;
+ op->o_dn = op->o_bd->be_rootdn;
+ op->o_ndn = op->o_bd->be_rootndn;
+
+ sc.sc_next = op->o_callback;
+ op->o_callback = ≻
+ op->o_bd->be_modify( op, rs );
+ op->o_bd = be;
+ op->o_callback = sc.sc_next;
+ op->o_dn = dn;
+ op->o_ndn = ndn;
+ }
+
+ ldap_pvt_thread_pool_resume( &connection_pool );
+out:
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+}
+
+static int
+config_back_modrdn( Operation *op, SlapReply *rs )
+{
+ CfBackInfo *cfb;
+ CfEntryInfo *ce, *last;
+
+ if ( !be_isroot( op ) ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto out;
+ }
+
+ cfb = (CfBackInfo *)op->o_bd->be_private;
+
+ ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
+ if ( !ce ) {
+ if ( last )
+ rs->sr_matched = last->ce_entry->e_name.bv_val;
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ goto out;
+ }
+
+ /* We don't allow moving objects to new parents.
+ * Generally we only allow reordering a set of ordered entries.
+ */
+ if ( op->orr_newSup ) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ goto out;
+ }
+ ldap_pvt_thread_pool_pause( &connection_pool );
+
+ ldap_pvt_thread_pool_resume( &connection_pool );
+out:
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+}
+
+static int
+config_back_search( Operation *op, SlapReply *rs )
+{
+ CfBackInfo *cfb;
+ CfEntryInfo *ce, *last;
+
+ if ( !be_isroot( op ) ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto out;
+ }
+
+ cfb = (CfBackInfo *)op->o_bd->be_private;
+
+ ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
+ if ( !ce ) {
+ if ( last )
+ rs->sr_matched = last->ce_entry->e_name.bv_val;
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ goto out;
+ }
+ switch ( op->ors_scope ) {
+ case LDAP_SCOPE_BASE:
+ case LDAP_SCOPE_SUBTREE:
+ config_send( op, rs, ce, 0 );
+ break;
+
+ case LDAP_SCOPE_ONELEVEL:
+ for (ce = ce->ce_kids; ce; ce=ce->ce_sibs) {
+ config_send( op, rs, ce, 1 );
+ }
+ break;
+ }
+
+ rs->sr_err = LDAP_SUCCESS;
+out:
+ send_ldap_result( op, rs );
+ return 0;
+}
+
+static void
+config_build_attrs( Entry *e, AttributeType **at, AttributeDescription *ad,
+ ConfigTable *ct, ConfigArgs *c )
+{
+ int i, rc;
+
+ for (; at && *at; at++) {
+ /* Skip the naming attr */
+ if ((*at)->sat_ad == ad || (*at)->sat_ad == slap_schema.si_ad_cn )
+ continue;
+ for (i=0;ct[i].name;i++) {
+ if (ct[i].ad == (*at)->sat_ad) {
+ rc = config_get_vals(&ct[i], c);
+ /* NOTE: tolerate that config_get_vals()
+ * returns success with no values */
+ if (rc == LDAP_SUCCESS && c->rvalue_vals != NULL ) {
+ if ( c->rvalue_nvals )
+ attr_merge(e, ct[i].ad, c->rvalue_vals,
+ c->rvalue_nvals);
+ else
+ attr_merge_normalize(e, ct[i].ad,
+ c->rvalue_vals, NULL);
+ ber_bvarray_free( c->rvalue_nvals );
+ ber_bvarray_free( c->rvalue_vals );
+ }
+ break;
+ }
+ }
+ }
+}
+
+Entry *
+config_build_entry( Operation *op, SlapReply *rs, CfEntryInfo *parent,
+ ConfigArgs *c, struct berval *rdn, ConfigOCs *main, ConfigOCs *extra )
+{
+ Entry *e = ch_calloc( 1, sizeof(Entry) );
+ CfEntryInfo *ce = ch_calloc( 1, sizeof(CfEntryInfo) );
+ struct berval val;
+ struct berval ad_name;
+ AttributeDescription *ad = NULL;
+ int rc;
+ char *ptr;
+ const char *text;
+ Attribute *oc_at;
+ struct berval pdn;
+ ObjectClass *oc;
+ CfEntryInfo *ceprev = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "config_build_entry: \"%s\"\n", rdn->bv_val, 0, 0);
+ e->e_private = ce;
+ ce->ce_entry = e;
+ ce->ce_parent = parent;
+ if ( parent ) {
+ pdn = parent->ce_entry->e_nname;
+ if ( parent->ce_kids )
+ for ( ceprev = parent->ce_kids; ceprev->ce_sibs;
+ ceprev = ceprev->ce_sibs );
+ } else {
+ BER_BVZERO( &pdn );
+ }
+
+ ce->ce_type = main->co_type;
+ ce->ce_private = c->private;
+ ce->ce_be = c->be;
+ ce->ce_bi = c->bi;
+
+ build_new_dn( &e->e_name, &pdn, rdn, NULL );
+ ber_dupbv( &e->e_nname, &e->e_name );
+
+ attr_merge_normalize_one(e, slap_schema.si_ad_objectClass,
+ main->co_name, NULL );
+ if ( extra )
+ attr_merge_normalize_one(e, slap_schema.si_ad_objectClass,
+ extra->co_name, NULL );
+ ptr = strchr(rdn->bv_val, '=');
+ ad_name.bv_val = rdn->bv_val;
+ ad_name.bv_len = ptr - rdn->bv_val;
+ rc = slap_bv2ad( &ad_name, &ad, &text );
+ if ( rc ) {
+ return NULL;
+ }
+ val.bv_val = ptr+1;
+ val.bv_len = rdn->bv_len - (val.bv_val - rdn->bv_val);
+ attr_merge_normalize_one(e, ad, &val, NULL );
+
+ oc = main->co_oc;
+ if ( oc->soc_required )
+ config_build_attrs( e, oc->soc_required, ad, main->co_table, c );
+
+ if ( oc->soc_allowed )
+ config_build_attrs( e, oc->soc_allowed, ad, main->co_table, c );
+
+ if ( extra ) {
+ oc = extra->co_oc;
+ if ( oc->soc_required )
+ config_build_attrs( e, oc->soc_required, ad, extra->co_table, c );
+
+ if ( oc->soc_allowed )
+ config_build_attrs( e, oc->soc_allowed, ad, extra->co_table, c );
+ }
+
+ oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
+ rc = structural_class(oc_at->a_vals, &val, NULL, &text, c->msg,
+ sizeof(c->msg));
+ attr_merge_normalize_one(e, slap_schema.si_ad_structuralObjectClass, &val, NULL );
+ if ( op ) {
+ op->ora_e = e;
+ op->o_bd->be_add( op, rs );
+ if ( ( rs->sr_err != LDAP_SUCCESS )
+ && (rs->sr_err != LDAP_ALREADY_EXISTS) ) {
+ return NULL;
+ }
+ }
+ if ( ceprev ) {
+ ceprev->ce_sibs = ce;
+ } else if ( parent ) {
+ parent->ce_kids = ce;
+ }
+
+ return e;
+}
+
+static int
+config_build_schema_inc( ConfigArgs *c, CfEntryInfo *ceparent,
+ Operation *op, SlapReply *rs )
+{
+ Entry *e;
+ ConfigFile *cf = c->private;
+ char *ptr;
+ struct berval bv;
+
+ for (; cf; cf=cf->c_sibs, c->depth++) {
+ c->value_dn.bv_val = c->log;
+ bv.bv_val = strrchr(cf->c_file.bv_val, LDAP_DIRSEP[0]);
+ if ( !bv.bv_val ) {
+ bv = cf->c_file;
+ } else {
+ bv.bv_val++;
+ bv.bv_len = cf->c_file.bv_len - (bv.bv_val - cf->c_file.bv_val);
+ }
+ ptr = strchr( bv.bv_val, '.' );
+ if ( ptr )
+ bv.bv_len = ptr - bv.bv_val;
+ c->value_dn.bv_len = snprintf(c->value_dn.bv_val, sizeof( c->log ), "cn=" SLAP_X_ORDERED_FMT, c->depth);
+ if ( c->value_dn.bv_len >= sizeof( c->log ) ) {
+ /* FIXME: how can indicate error? */
+ return -1;
+ }
+ strncpy( c->value_dn.bv_val + c->value_dn.bv_len, bv.bv_val,
+ bv.bv_len );
+ c->value_dn.bv_len += bv.bv_len;
+ c->value_dn.bv_val[c->value_dn.bv_len] ='\0';
+
+ c->private = cf;
+ e = config_build_entry( op, rs, ceparent, c, &c->value_dn,
+ &CFOC_SCHEMA, NULL );
+ if ( !e ) {
+ return -1;
+ } else if ( e && cf->c_kids ) {
+ c->private = cf->c_kids;
+ config_build_schema_inc( c, e->e_private, op, rs );
+ }
+ }
+ return 0;
+}
+
+static int
+config_build_includes( ConfigArgs *c, CfEntryInfo *ceparent,
+ Operation *op, SlapReply *rs )
+{
+ Entry *e;
+ int i;
+ ConfigFile *cf = c->private;
+
+ for (i=0; cf; cf=cf->c_sibs, i++) {
+ c->value_dn.bv_val = c->log;
+ c->value_dn.bv_len = snprintf(c->value_dn.bv_val, sizeof( c->log ), "cn=include" SLAP_X_ORDERED_FMT, i);
+ if ( c->value_dn.bv_len >= sizeof( c->log ) ) {
+ /* FIXME: how can indicate error? */
+ return -1;
+ }
+ c->private = cf;
+ e = config_build_entry( op, rs, ceparent, c, &c->value_dn,
+ &CFOC_INCLUDE, NULL );
+ if ( ! e ) {
+ return -1;
+ } else if ( e && cf->c_kids ) {
+ c->private = cf->c_kids;
+ config_build_includes( c, e->e_private, op, rs );
+ }
+ }
+ return 0;
+}
+
+#ifdef SLAPD_MODULES
+
+static int
+config_build_modules( ConfigArgs *c, CfEntryInfo *ceparent,
+ Operation *op, SlapReply *rs )
+{
+ int i;
+ ModPaths *mp;
+
+ for (i=0, mp=&modpaths; mp; mp=mp->mp_next, i++) {
+ if ( BER_BVISNULL( &mp->mp_path ) && !mp->mp_loads )
+ continue;
+ c->value_dn.bv_val = c->log;
+ c->value_dn.bv_len = snprintf(c->value_dn.bv_val, sizeof( c->log ), "cn=module" SLAP_X_ORDERED_FMT, i);
+ if ( c->value_dn.bv_len >= sizeof( c->log ) ) {
+ /* FIXME: how can indicate error? */
+ return -1;
+ }
+ c->private = mp;
+ if ( ! config_build_entry( op, rs, ceparent, c, &c->value_dn, &CFOC_MODULE, NULL )) {
+ return -1;
+ }
+ }
+ return 0;
+}
+#endif
+
+static int
+config_back_db_open( BackendDB *be )
+{
+ CfBackInfo *cfb = be->be_private;
+ struct berval rdn;
+ Entry *e, *parent;
+ CfEntryInfo *ce, *ceparent;
+ int i, unsupp = 0;
+ BackendInfo *bi;
+ ConfigArgs c;
+ Connection conn = {0};
+ OperationBuffer opbuf;
+ Operation *op;
+ slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
+ SlapReply rs = {REP_RESULT};
+ void *thrctx = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "config_back_db_open\n", 0, 0, 0);
+ /* If we read the config from back-ldif, nothing to do here */
+ if ( cfb->cb_got_ldif )
+ return 0;
+
+ if ( cfb->cb_use_ldif ) {
+ thrctx = ldap_pvt_thread_pool_context();
+ op = (Operation *) &opbuf;
+ connection_fake_init( &conn, op, thrctx );
+
+ op->o_tag = LDAP_REQ_ADD;
+ op->o_callback = &cb;
+ op->o_bd = &cfb->cb_db;
+ op->o_dn = op->o_bd->be_rootdn;
+ op->o_ndn = op->o_bd->be_rootndn;
+ } else {
+ op = NULL;
+ }
+
+ /* create root of tree */
+ rdn = config_rdn;
+ c.private = cfb->cb_config;
+ c.be = frontendDB;
+ e = config_build_entry( op, &rs, NULL, &c, &rdn, &CFOC_GLOBAL, NULL );
+ if ( !e ) {
+ return -1;
+ }
+ ce = e->e_private;
+ cfb->cb_root = ce;
+
+ parent = e;
+ ceparent = ce;
+
+ /* Create includeFile nodes */
+ if ( cfb->cb_config->c_kids ) {
+ c.depth = 0;
+ c.private = cfb->cb_config->c_kids;
+ if ( config_build_includes( &c, ceparent, op, &rs ) ) {
+ return -1;
+ }
+ }
+
+#ifdef SLAPD_MODULES
+ /* Create Module nodes... */
+ if ( modpaths.mp_loads ) {
+ if ( config_build_modules( &c, ceparent, op, &rs ) ){
+ return -1;
+ }
+ }
+#endif
+
+ /* Create schema nodes... cn=schema will contain the hardcoded core
+ * schema, read-only. Child objects will contain runtime loaded schema
+ * files.
+ */
+ rdn = schema_rdn;
+ c.private = NULL;
+ e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_SCHEMA, NULL );
+ if ( !e ) {
+ return -1;
+ }
+ ce = e->e_private;
+ ce->ce_private = cfb->cb_config;
+
+ /* Create schema nodes for included schema... */
+ if ( cfb->cb_config->c_kids ) {
+ c.depth = 0;
+ c.private = cfb->cb_config->c_kids;
+ if (config_build_schema_inc( &c, ce, op, &rs )) {
+ return -1;
+ }
+ }
+
+ /* Create backend nodes. Skip if they don't provide a cf_table.
+ * There usually aren't any of these.
+ */
+
+ c.line = 0;
+ LDAP_STAILQ_FOREACH( bi, &backendInfo, bi_next) {
+ if (!bi->bi_cf_ocs) {
+ /* If it only supports the old config mech, complain. */
+ if ( bi->bi_config ) {
+ Debug( LDAP_DEBUG_ANY,
+ "WARNING: No dynamic config support for backend %s.\n",
+ bi->bi_type, 0, 0 );
+ unsupp++;
+ }
+ continue;
+ }
+ if (!bi->bi_private) continue;
+
+ rdn.bv_val = c.log;
+ rdn.bv_len = snprintf(rdn.bv_val, sizeof( c.log ),
+ "%s=%s", cfAd_backend->ad_cname.bv_val, bi->bi_type);
+ if ( rdn.bv_len >= sizeof( c.log ) ) {
+ /* FIXME: holler ... */ ;
+ }
+ c.bi = bi;
+ e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_BACKEND,
+ bi->bi_cf_ocs );
+ if ( !e ) {
+ return -1;
+ }
+ }
+
+ /* Create database nodes... */
+ frontendDB->be_cf_ocs = &CFOC_FRONTEND;
+ LDAP_STAILQ_NEXT(frontendDB, be_next) = LDAP_STAILQ_FIRST(&backendDB);
+ for ( i = -1, be = frontendDB ; be;
+ i++, be = LDAP_STAILQ_NEXT( be, be_next )) {
+ slap_overinfo *oi = NULL;
+
+ if ( overlay_is_over( be )) {
+ oi = be->bd_info->bi_private;
+ bi = oi->oi_orig;
+ } else {
+ bi = be->bd_info;
+ }
+
+ /* If this backend supports the old config mechanism, but not
+ * the new mech, complain.
+ */
+ if ( !be->be_cf_ocs && bi->bi_db_config ) {
+ Debug( LDAP_DEBUG_ANY,
+ "WARNING: No dynamic config support for database %s.\n",
+ bi->bi_type, 0, 0 );
+ unsupp++;
+ }
+ rdn.bv_val = c.log;
+ rdn.bv_len = snprintf(rdn.bv_val, sizeof( c.log ),
+ "%s=" SLAP_X_ORDERED_FMT "%s", cfAd_database->ad_cname.bv_val,
+ i, bi->bi_type);
+ if ( rdn.bv_len >= sizeof( c.log ) ) {
+ /* FIXME: holler ... */ ;
+ }
+ c.be = be;
+ c.bi = bi;
+ e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_DATABASE,
+ be->be_cf_ocs );
+ if ( !e ) {
+ return -1;
+ }
+ ce = e->e_private;
+ if ( be->be_cf_ocs && be->be_cf_ocs->co_cfadd )
+ be->be_cf_ocs->co_cfadd( op, &rs, e, &c );
+ /* Iterate through overlays */
+ if ( oi ) {
+ slap_overinst *on;
+ Entry *oe;
+ int j;
+
+ for (j=0,on=oi->oi_list; on; j++,on=on->on_next) {
+ if ( on->on_bi.bi_db_config && !on->on_bi.bi_cf_ocs ) {
+ Debug( LDAP_DEBUG_ANY,
+ "WARNING: No dynamic config support for overlay %s.\n",
+ on->on_bi.bi_type, 0, 0 );
+ unsupp++;
+ }
+ rdn.bv_val = c.log;
+ rdn.bv_len = snprintf(rdn.bv_val, sizeof( c.log ),
+ "%s=" SLAP_X_ORDERED_FMT "%s",
+ cfAd_overlay->ad_cname.bv_val, j, on->on_bi.bi_type );
+ if ( rdn.bv_len >= sizeof( c.log ) ) {
+ /* FIXME: holler ... */ ;
+ }
+ c.be = be;
+ c.bi = &on->on_bi;
+ oe = config_build_entry( op, &rs, ce, &c, &rdn,
+ &CFOC_OVERLAY, c.bi->bi_cf_ocs );
+ if ( !oe ) {
+ return -1;
+ }
+ if ( c.bi->bi_cf_ocs && c.bi->bi_cf_ocs->co_cfadd )
+ c.bi->bi_cf_ocs->co_cfadd( op, &rs, oe, &c );
+ }
+ }
+ }
+ if ( thrctx )
+ ldap_pvt_thread_pool_context_reset( thrctx );
+
+ if ( unsupp && cfb->cb_use_ldif ) {
+ Debug( LDAP_DEBUG_ANY, "\nWARNING: The converted cn=config "
+ "directory is incomplete and may not work.\n\n", 0, 0, 0 );
+ }
+
+ return 0;
+}
+
+static void
+cfb_free_cffile( ConfigFile *cf )
+{
+ ConfigFile *next;
+
+ for (; cf; cf=next) {
+ next = cf->c_sibs;
+ if ( cf->c_kids )
+ cfb_free_cffile( cf->c_kids );
+ ch_free( cf->c_file.bv_val );
+ ber_bvarray_free( cf->c_dseFiles );
+ ch_free( cf );
+ }
+}
+
+static void
+cfb_free_entries( CfEntryInfo *ce )
+{
+ CfEntryInfo *next;
+
+ for (; ce; ce=next) {
+ next = ce->ce_sibs;
+ if ( ce->ce_kids )
+ cfb_free_entries( ce->ce_kids );
+ ce->ce_entry->e_private = NULL;
+ entry_free( ce->ce_entry );
+ ch_free( ce );
+ }
+}
+
+static int
+config_back_db_close( BackendDB *be )
+{
+ CfBackInfo *cfb = be->be_private;
+
+ cfb_free_entries( cfb->cb_root );
+ cfb->cb_root = NULL;
+
+ if ( cfb->cb_db.bd_info ) {
+ backend_shutdown( &cfb->cb_db );
+ }
+
+ return 0;
+}
+
+static int
+config_back_db_destroy( BackendDB *be )
+{
+ CfBackInfo *cfb = be->be_private;
+
+ cfb_free_cffile( cfb->cb_config );
+
+ ch_free( cfdir.bv_val );
+
+ avl_free( CfOcTree, NULL );
+
+ if ( cfb->cb_db.bd_info ) {
+ cfb->cb_db.be_suffix = NULL;
+ cfb->cb_db.be_nsuffix = NULL;
+ BER_BVZERO( &cfb->cb_db.be_rootdn );
+ BER_BVZERO( &cfb->cb_db.be_rootndn );
+
+ backend_destroy_one( &cfb->cb_db, 0 );
+ }
+
+ free( be->be_private );
+
+ loglevel_destroy();
+
+ return 0;
+}
+
+static int
+config_back_db_init( BackendDB *be )
+{
+ struct berval dn;
+ CfBackInfo *cfb;
+
+ cfb = ch_calloc( 1, sizeof(CfBackInfo));
+ cfb->cb_config = ch_calloc( 1, sizeof(ConfigFile));
+ cfn = cfb->cb_config;
+ be->be_private = cfb;
+
+ ber_dupbv( &be->be_rootdn, &config_rdn );
+ ber_dupbv( &be->be_rootndn, &be->be_rootdn );
+ ber_dupbv( &dn, &be->be_rootdn );
+ ber_bvarray_add( &be->be_suffix, &dn );
+ ber_dupbv( &dn, &be->be_rootdn );
+ ber_bvarray_add( &be->be_nsuffix, &dn );
+
+ /* Hide from namingContexts */
+ SLAP_BFLAGS(be) |= SLAP_BFLAG_CONFIG;
+
+ return 0;
+}
+
+static int
+config_back_destroy( BackendInfo *bi )
+{
+ ldif_must_b64_encode_release();
+ return 0;
+}
+
+static int
+config_tool_entry_open( BackendDB *be, int mode )
+{
+ CfBackInfo *cfb = be->be_private;
+ BackendInfo *bi = cfb->cb_db.bd_info;
+
+ if ( bi && bi->bi_tool_entry_open )
+ return bi->bi_tool_entry_open( &cfb->cb_db, mode );
+ else
+ return -1;
+
+}
+
+static int
+config_tool_entry_close( BackendDB *be )
+{
+ CfBackInfo *cfb = be->be_private;
+ BackendInfo *bi = cfb->cb_db.bd_info;
+
+ if ( bi && bi->bi_tool_entry_close )
+ return bi->bi_tool_entry_close( &cfb->cb_db );
+ else
+ return -1;
+}
+
+static ID
+config_tool_entry_first( BackendDB *be )
+{
+ CfBackInfo *cfb = be->be_private;
+ BackendInfo *bi = cfb->cb_db.bd_info;
+
+ if ( bi && bi->bi_tool_entry_first )
+ return bi->bi_tool_entry_first( &cfb->cb_db );
+ else
+ return NOID;
+}
+
+static ID
+config_tool_entry_next( BackendDB *be )
+{
+ CfBackInfo *cfb = be->be_private;
+ BackendInfo *bi = cfb->cb_db.bd_info;
+
+ if ( bi && bi->bi_tool_entry_next )
+ return bi->bi_tool_entry_next( &cfb->cb_db );
+ else
+ return NOID;
+}
+
+static Entry *
+config_tool_entry_get( BackendDB *be, ID id )
+{
+ CfBackInfo *cfb = be->be_private;
+ BackendInfo *bi = cfb->cb_db.bd_info;
+
+ if ( bi && bi->bi_tool_entry_get )
+ return bi->bi_tool_entry_get( &cfb->cb_db, id );
+ else
+ return NULL;
+}
+
+static ID
+config_tool_entry_put( BackendDB *be, Entry *e, struct berval *text )
+{
+ CfBackInfo *cfb = be->be_private;
+ BackendInfo *bi = cfb->cb_db.bd_info;
+ ConfigArgs ca;
+
+ if ( bi && bi->bi_tool_entry_put &&
+ config_add_internal( cfb, e, &ca, NULL, NULL ) == 0 )
+ return bi->bi_tool_entry_put( &cfb->cb_db, e, text );
+ else
+ return NOID;
+}
+
+static struct {
+ char *name;
+ AttributeDescription **desc;
+} ads[] = {
+ { "backend", &cfAd_backend },
+ { "database", &cfAd_database },
+ { "include", &cfAd_include },
+ { "overlay", &cfAd_overlay },
+ { NULL, NULL }
+};
+
+/* Notes:
+ * add / delete: all types that may be added or deleted must use an
+ * X-ORDERED attributeType for their RDN. Adding and deleting entries
+ * should automatically renumber the index of any siblings as needed,
+ * so that no gaps in the numbering sequence exist after the add/delete
+ * is completed.
+ * What can be added:
+ * schema objects
+ * backend objects for backend-specific config directives
+ * database objects
+ * overlay objects
+ *
+ * delete: probably no support this time around.
+ *
+ * modrdn: generally not done. Will be invoked automatically by add/
+ * delete to update numbering sequence. Perform as an explicit operation
+ * so that the renumbering effect may be replicated. Subtree rename must
+ * be supported, since renumbering a database will affect all its child
+ * overlays.
+ *
+ * modify: must be fully supported.
+ */
+
+int
+config_back_initialize( BackendInfo *bi )
+{
+ ConfigTable *ct = config_back_cf_table;
+ char *argv[4];
+ int i;
+ AttributeDescription *ad = NULL;
+ const char *text;
+ static char *controls[] = {
+ LDAP_CONTROL_MANAGEDSAIT,
+ NULL
+ };
+
+ bi->bi_controls = controls;
+
+ bi->bi_open = 0;
+ bi->bi_close = 0;
+ bi->bi_config = 0;
+ bi->bi_destroy = config_back_destroy;
+
+ bi->bi_db_init = config_back_db_init;
+ bi->bi_db_config = 0;
+ bi->bi_db_open = config_back_db_open;
+ bi->bi_db_close = config_back_db_close;
+ bi->bi_db_destroy = config_back_db_destroy;
+
+ bi->bi_op_bind = config_back_bind;
+ bi->bi_op_unbind = 0;
+ bi->bi_op_search = config_back_search;
+ bi->bi_op_compare = 0;
+ bi->bi_op_modify = config_back_modify;
+ bi->bi_op_modrdn = config_back_modrdn;
+ bi->bi_op_add = config_back_add;
+ bi->bi_op_delete = 0;
+ bi->bi_op_abandon = 0;
+
+ bi->bi_extended = 0;
+
+ bi->bi_chk_referrals = 0;
+
+#ifdef SLAP_OVERLAY_ACCESS
+ bi->bi_access_allowed = slap_access_always_allowed;
+#endif /* SLAP_OVERLAY_ACCESS */
+
+ bi->bi_connection_init = 0;
+ bi->bi_connection_destroy = 0;
+
+ bi->bi_tool_entry_open = config_tool_entry_open;
+ bi->bi_tool_entry_close = config_tool_entry_close;
+ bi->bi_tool_entry_first = config_tool_entry_first;
+ bi->bi_tool_entry_next = config_tool_entry_next;
+ bi->bi_tool_entry_get = config_tool_entry_get;
+ bi->bi_tool_entry_put = config_tool_entry_put;
+
+ /* Make sure we don't exceed the bits reserved for userland */
+ assert( ( ( CFG_LAST - 1 ) & ARGS_USERLAND ) == ( CFG_LAST - 1 ) );
+
+ argv[3] = NULL;
+ for (i=0; OidMacros[i].name; i++ ) {
+ argv[1] = OidMacros[i].name;
+ argv[2] = OidMacros[i].oid;
+ parse_oidm( "slapd", i, 3, argv, 0, NULL );
+ }
+
+ bi->bi_cf_ocs = cf_ocs;
+
+ i = config_register_schema( ct, cf_ocs );
+ if ( i ) return i;
+
+ /* setup olcRootPW to be base64-encoded when written in LDIF form;
+ * basically, we don't care if it fails */
+ i = slap_str2ad( "olcRootPW", &ad, &text );
+ if ( i ) {
+ Debug( LDAP_DEBUG_ANY, "config_back_initialize: "
+ "warning, unable to get \"olcRootPW\" "
+ "attribute description: %d: %s\n",
+ i, text, 0 );
+ } else {
+ (void)ldif_must_b64_encode_register( ad->ad_cname.bv_val,
+ ad->ad_type->sat_oid );
+ }
+
+ /* set up the notable AttributeDescriptions */
+ i = 0;
+ for (;ct->name;ct++) {
+ if (strcmp(ct->name, ads[i].name)) continue;
+ *ads[i].desc = ct->ad;
+ i++;
+ if (!ads[i].name) break;
+ }
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/bind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/bind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/bind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,458 @@
+/* bind.c - decode an ldap bind operation and pass it to a backend db */
+/* $OpenLDAP: pkg/ldap/servers/slapd/bind.c,v 1.189.2.11 2007/01/02 21:43:54 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+int
+do_bind(
+ Operation *op,
+ SlapReply *rs )
+{
+ BerElement *ber = op->o_ber;
+ ber_int_t version;
+ ber_tag_t method;
+ struct berval mech = BER_BVNULL;
+ struct berval dn = BER_BVNULL;
+ ber_tag_t tag;
+ Backend *be = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "do_bind\n", 0, 0, 0 );
+
+ /*
+ * Force to connection to "anonymous" until bind succeeds.
+ */
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+ if ( op->o_conn->c_sasl_bind_in_progress ) {
+ be = op->o_conn->c_authz_backend;
+ }
+ if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
+ /* log authorization identity demotion */
+ Statslog( LDAP_DEBUG_STATS,
+ "%s BIND anonymous mech=implicit ssf=0\n",
+ op->o_log_prefix, 0, 0, 0, 0 );
+ }
+ connection2anonymous( op->o_conn );
+ if ( op->o_conn->c_sasl_bind_in_progress ) {
+ op->o_conn->c_authz_backend = be;
+ }
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+ if ( !BER_BVISNULL( &op->o_dn ) ) {
+ /* NOTE: temporarily wasting few bytes
+ * (until bind is completed), but saving
+ * a couple of ch_free() and ch_strdup("") */
+ op->o_dn.bv_val[0] = '\0';
+ op->o_dn.bv_len = 0;
+ }
+ if ( !BER_BVISNULL( &op->o_ndn ) ) {
+ op->o_ndn.bv_val[0] = '\0';
+ op->o_ndn.bv_len = 0;
+ }
+
+ /*
+ * Parse the bind request. It looks like this:
+ *
+ * BindRequest ::= SEQUENCE {
+ * version INTEGER, -- version
+ * name DistinguishedName, -- dn
+ * authentication CHOICE {
+ * simple [0] OCTET STRING -- passwd
+ * krbv42ldap [1] OCTET STRING
+ * krbv42dsa [2] OCTET STRING
+ * SASL [3] SaslCredentials
+ * }
+ * }
+ *
+ * SaslCredentials ::= SEQUENCE {
+ * mechanism LDAPString,
+ * credentials OCTET STRING OPTIONAL
+ * }
+ */
+
+ tag = ber_scanf( ber, "{imt" /*}*/, &version, &dn, &method );
+
+ if ( tag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, "bind: ber_scanf failed\n", 0, 0, 0 );
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
+ rs->sr_err = SLAPD_DISCONNECT;
+ goto cleanup;
+ }
+
+ op->o_protocol = version;
+ op->orb_method = method;
+
+ if( op->orb_method != LDAP_AUTH_SASL ) {
+ tag = ber_scanf( ber, /*{*/ "m}", &op->orb_cred );
+
+ } else {
+ tag = ber_scanf( ber, "{m" /*}*/, &mech );
+
+ if ( tag != LBER_ERROR ) {
+ ber_len_t len;
+ tag = ber_peek_tag( ber, &len );
+
+ if ( tag == LDAP_TAG_LDAPCRED ) {
+ tag = ber_scanf( ber, "m", &op->orb_cred );
+ } else {
+ tag = LDAP_TAG_LDAPCRED;
+ BER_BVZERO( &op->orb_cred );
+ }
+
+ if ( tag != LBER_ERROR ) {
+ tag = ber_scanf( ber, /*{{*/ "}}" );
+ }
+ }
+ }
+
+ if ( tag == LBER_ERROR ) {
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
+ rs->sr_err = SLAPD_DISCONNECT;
+ goto cleanup;
+ }
+
+ if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "do_bind: get_ctrls failed\n", 0, 0, 0 );
+ goto cleanup;
+ }
+
+ /* We use the tmpmemctx here because it speeds up normalization.
+ * However, we must dup with regular malloc when storing any
+ * resulting DNs in the op or conn structures.
+ */
+ rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn,
+ op->o_tmpmemctx );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "bind: invalid dn (%s)\n",
+ dn.bv_val, 0, 0 );
+ send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
+ goto cleanup;
+ }
+
+ if( op->orb_method == LDAP_AUTH_SASL ) {
+ Debug( LDAP_DEBUG_TRACE, "do_sasl_bind: dn (%s) mech %s\n",
+ op->o_req_dn.bv_val, mech.bv_val, NULL );
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: version=%ld dn=\"%s\" method=%ld\n",
+ (unsigned long) version, op->o_req_dn.bv_val,
+ (unsigned long) op->orb_method );
+ }
+
+ Statslog( LDAP_DEBUG_STATS, "%s BIND dn=\"%s\" method=%ld\n",
+ op->o_log_prefix, op->o_req_dn.bv_val,
+ (unsigned long) op->orb_method, 0, 0 );
+
+ if ( version < LDAP_VERSION_MIN || version > LDAP_VERSION_MAX ) {
+ Debug( LDAP_DEBUG_ANY, "do_bind: unknown version=%ld\n",
+ (unsigned long) version, 0, 0 );
+ send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
+ "requested protocol version not supported" );
+ goto cleanup;
+
+ } else if (!( global_allows & SLAP_ALLOW_BIND_V2 ) &&
+ version < LDAP_VERSION3 )
+ {
+ send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
+ "historical protocol version requested, use LDAPv3 instead" );
+ goto cleanup;
+ }
+
+ /*
+ * we set connection version regardless of whether bind succeeds or not.
+ */
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+ op->o_conn->c_protocol = version;
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+
+ op->orb_tmp_mech = mech;
+
+ op->o_bd = frontendDB;
+ rs->sr_err = frontendDB->be_bind( op, rs );
+
+cleanup:
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ if ( op->orb_method != LDAP_AUTH_SASL ) {
+ ber_dupbv( &op->o_conn->c_authmech, &mech );
+ }
+ op->o_conn->c_authtype = op->orb_method;
+ }
+
+ if( !BER_BVISNULL( &op->o_req_dn ) ) {
+ slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &op->o_req_dn );
+ }
+ if( !BER_BVISNULL( &op->o_req_ndn ) ) {
+ slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &op->o_req_ndn );
+ }
+
+ return rs->sr_err;
+}
+
+int
+fe_op_bind( Operation *op, SlapReply *rs )
+{
+ struct berval mech = op->orb_tmp_mech;
+ BackendDB *bd = op->o_bd;
+
+ /* check for inappropriate controls */
+ if( get_manageDSAit( op ) == SLAP_CONTROL_CRITICAL ) {
+ send_ldap_error( op, rs,
+ LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
+ "manageDSAit control inappropriate" );
+ goto cleanup;
+ }
+
+ if ( op->orb_method == LDAP_AUTH_SASL ) {
+ if ( op->o_protocol < LDAP_VERSION3 ) {
+ Debug( LDAP_DEBUG_ANY, "do_bind: sasl with LDAPv%ld\n",
+ (unsigned long)op->o_protocol, 0, 0 );
+ send_ldap_discon( op, rs,
+ LDAP_PROTOCOL_ERROR, "SASL bind requires LDAPv3" );
+ rs->sr_err = SLAPD_DISCONNECT;
+ goto cleanup;
+ }
+
+ if( BER_BVISNULL( &mech ) || BER_BVISEMPTY( &mech ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "do_bind: no sasl mechanism provided\n",
+ 0, 0, 0 );
+ send_ldap_error( op, rs, LDAP_AUTH_METHOD_NOT_SUPPORTED,
+ "no SASL mechanism provided" );
+ goto cleanup;
+ }
+
+ /* check restrictions */
+ if( backend_check_restrictions( op, rs, &mech ) != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+ if ( op->o_conn->c_sasl_bind_in_progress ) {
+ if( !bvmatch( &op->o_conn->c_sasl_bind_mech, &mech ) ) {
+ /* mechanism changed between bind steps */
+ slap_sasl_reset(op->o_conn);
+ }
+ } else {
+ ber_dupbv(&op->o_conn->c_sasl_bind_mech, &mech);
+ }
+
+ /* Set the bindop for the benefit of in-directory SASL lookups */
+ op->o_conn->c_sasl_bindop = op;
+
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+
+ rs->sr_err = slap_sasl_bind( op, rs );
+
+ goto cleanup;
+
+ } else {
+ /* Not SASL, cancel any in-progress bind */
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+
+ if ( !BER_BVISNULL( &op->o_conn->c_sasl_bind_mech ) ) {
+ free( op->o_conn->c_sasl_bind_mech.bv_val );
+ BER_BVZERO( &op->o_conn->c_sasl_bind_mech );
+ }
+ op->o_conn->c_sasl_bind_in_progress = 0;
+
+ slap_sasl_reset( op->o_conn );
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+ }
+
+ if ( op->orb_method == LDAP_AUTH_SIMPLE ) {
+ BER_BVSTR( &mech, "SIMPLE" );
+ /* accept "anonymous" binds */
+ if ( BER_BVISEMPTY( &op->orb_cred ) || BER_BVISEMPTY( &op->o_req_ndn ) ) {
+ rs->sr_err = LDAP_SUCCESS;
+
+ if( !BER_BVISEMPTY( &op->orb_cred ) &&
+ !( global_allows & SLAP_ALLOW_BIND_ANON_CRED ))
+ {
+ /* cred is not empty, disallow */
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+
+ } else if ( !BER_BVISEMPTY( &op->o_req_ndn ) &&
+ !( global_allows & SLAP_ALLOW_BIND_ANON_DN ))
+ {
+ /* DN is not empty, disallow */
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text =
+ "unauthenticated bind (DN with no password) disallowed";
+
+ } else if ( global_disallows & SLAP_DISALLOW_BIND_ANON ) {
+ /* disallow */
+ rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
+ rs->sr_text = "anonymous bind disallowed";
+
+ } else {
+ backend_check_restrictions( op, rs, &mech );
+ }
+
+ /*
+ * we already forced connection to "anonymous",
+ * just need to send success
+ */
+ send_ldap_result( op, rs );
+ Debug( LDAP_DEBUG_TRACE, "do_bind: v%d anonymous bind\n",
+ op->o_protocol, 0, 0 );
+ goto cleanup;
+
+ } else if ( global_disallows & SLAP_DISALLOW_BIND_SIMPLE ) {
+ /* disallow simple authentication */
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "unwilling to perform simple authentication";
+
+ send_ldap_result( op, rs );
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: v%d simple bind(%s) disallowed\n",
+ op->o_protocol, op->o_req_ndn.bv_val, 0 );
+ goto cleanup;
+ }
+
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ } else if ( op->orb_method == LDAP_AUTH_KRBV41 ) {
+ if ( global_disallows & SLAP_DISALLOW_BIND_KRBV4 ) {
+ /* disallow krbv4 authentication */
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "unwilling to perform Kerberos V4 bind";
+
+ send_ldap_result( op, rs );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: v%d Kerberos V4 (step 1) bind refused\n",
+ op->o_protocol, 0, 0 );
+ goto cleanup;
+ }
+ BER_BVSTR( &mech, "KRBV4" );
+
+ } else if ( op->orb_method == LDAP_AUTH_KRBV42 ) {
+ rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED;
+ rs->sr_text = "Kerberos V4 (step 2) bind not supported";
+ send_ldap_result( op, rs );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: v%d Kerberos V4 (step 2) bind refused\n",
+ op->o_protocol, 0, 0 );
+ goto cleanup;
+#endif
+
+ } else {
+ rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED;
+ rs->sr_text = "unknown authentication method";
+
+ send_ldap_result( op, rs );
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: v%d unknown authentication method (%d)\n",
+ op->o_protocol, op->orb_method, 0 );
+ goto cleanup;
+ }
+
+ /*
+ * We could be serving multiple database backends. Select the
+ * appropriate one. If none, return invalid cred, not a referral.
+ */
+
+ if ( (op->o_bd = select_backend( &op->o_req_ndn, 0, 0 )) == NULL ) {
+ /* don't return referral for bind requests */
+ /* noSuchObject is not allowed to be returned by bind */
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ op->o_bd = bd;
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ /* check restrictions */
+ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ if( op->o_bd->be_bind ) {
+ op->o_conn->c_authz_cookie = NULL;
+
+ rs->sr_err = (op->o_bd->be_bind)( op, rs );
+
+ if ( rs->sr_err == 0 ) {
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+
+ if( op->o_conn->c_authz_backend == NULL ) {
+ op->o_conn->c_authz_backend = op->o_bd;
+ }
+
+ /* be_bind returns regular/global edn */
+ if( !BER_BVISEMPTY( &op->orb_edn ) ) {
+ op->o_conn->c_dn = op->orb_edn;
+ } else {
+ ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn);
+ }
+
+ ber_dupbv( &op->o_conn->c_ndn, &op->o_req_ndn );
+
+ if( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
+ ber_len_t max = sockbuf_max_incoming_auth;
+ ber_sockbuf_ctrl( op->o_conn->c_sb,
+ LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
+ /* log authorization identity */
+ Statslog( LDAP_DEBUG_STATS,
+ "%s BIND dn=\"%s\" mech=%s ssf=0\n",
+ op->o_log_prefix,
+ op->o_conn->c_dn.bv_val, mech.bv_val, 0, 0 );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: v%d bind: \"%s\" to \"%s\"\n",
+ op->o_protocol, op->o_req_dn.bv_val, op->o_conn->c_dn.bv_val );
+
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+
+ /* send this here to avoid a race condition */
+ send_ldap_result( op, rs );
+
+ } else if ( !BER_BVISNULL( &op->orb_edn ) ) {
+ free( op->orb_edn.bv_val );
+ BER_BVZERO( &op->orb_edn );
+ }
+
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "operation not supported within naming context" );
+ }
+
+cleanup:;
+ op->o_bd = bd;
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/cancel.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/cancel.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/cancel.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,121 @@
+/* cancel.c - LDAP cancel extended operation */
+/* $OpenLDAP: pkg/ldap/servers/slapd/cancel.c,v 1.16.2.7 2007/01/02 21:43:54 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/krb.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include "slap.h"
+
+#include <lber_pvt.h>
+#include <lutil.h>
+
+int cancel_extop( Operation *op, SlapReply *rs )
+{
+ Operation *o;
+ int rc;
+ int opid;
+ BerElement *ber;
+
+ assert( ber_bvcmp( &slap_EXOP_CANCEL, &op->ore_reqoid ) == 0 );
+
+ if ( op->ore_reqdata == NULL ) {
+ rs->sr_text = "no message ID supplied";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ ber = ber_init( op->ore_reqdata );
+ if ( ber == NULL ) {
+ rs->sr_text = "internal error";
+ return LDAP_OTHER;
+ }
+
+ if ( ber_scanf( ber, "{i}", &opid ) == LBER_ERROR ) {
+ rs->sr_text = "message ID parse failed";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ (void) ber_free( ber, 1 );
+
+ if ( opid < 0 ) {
+ rs->sr_text = "message ID invalid";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ Statslog( LDAP_DEBUG_STATS, "%s CANCEL msg=%d\n",
+ op->o_log_prefix, opid, 0, 0, 0 );
+
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+ LDAP_STAILQ_FOREACH( o, &op->o_conn->c_pending_ops, o_next ) {
+ if ( o->o_msgid == opid ) {
+ LDAP_STAILQ_REMOVE( &op->o_conn->c_pending_ops, o, slap_op, o_next );
+ LDAP_STAILQ_NEXT(o, o_next) = NULL;
+ op->o_conn->c_n_ops_pending--;
+ slap_op_free( o );
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+ return LDAP_SUCCESS;
+ }
+ }
+
+ LDAP_STAILQ_FOREACH( o, &op->o_conn->c_ops, o_next ) {
+ if ( o->o_msgid == opid ) {
+ o->o_abandon = 1;
+ break;
+ }
+ }
+
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+
+ if ( o ) {
+ if ( o->o_cancel != SLAP_CANCEL_NONE ) {
+ rs->sr_text = "message ID already being cancelled";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ o->o_cancel = SLAP_CANCEL_REQ;
+
+ LDAP_STAILQ_FOREACH( op->o_bd, &backendDB, be_next ) {
+ if( !op->o_bd->be_cancel ) continue;
+
+ op->oq_cancel.rs_msgid = opid;
+ if ( op->o_bd->be_cancel( op, rs ) == LDAP_SUCCESS ) {
+ return LDAP_SUCCESS;
+ }
+ }
+
+ while ( o->o_cancel == SLAP_CANCEL_REQ ) {
+ ldap_pvt_thread_yield();
+ }
+
+ if ( o->o_cancel == SLAP_CANCEL_ACK ) {
+ rc = LDAP_SUCCESS;
+ } else {
+ rc = o->o_cancel;
+ }
+
+ o->o_cancel = SLAP_CANCEL_DONE;
+ } else {
+ rs->sr_text = "message ID not found";
+ rc = LDAP_NO_SUCH_OPERATION;
+ }
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/ch_malloc.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/ch_malloc.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/ch_malloc.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,142 @@
+/* ch_malloc.c - malloc routines that test returns from malloc and friends */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ch_malloc.c,v 1.25.2.4 2007/01/02 21:43:54 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#define CH_FREE 1
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+BerMemoryFunctions ch_mfuncs = {
+ (BER_MEMALLOC_FN *)ch_malloc,
+ (BER_MEMCALLOC_FN *)ch_calloc,
+ (BER_MEMREALLOC_FN *)ch_realloc,
+ (BER_MEMFREE_FN *)ch_free
+};
+
+void *
+ch_malloc(
+ ber_len_t size
+)
+{
+ void *new;
+
+ if ( (new = (void *) ber_memalloc_x( size, NULL )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "ch_malloc of %lu bytes failed\n",
+ (long) size, 0, 0 );
+ assert( 0 );
+ exit( EXIT_FAILURE );
+ }
+
+ return( new );
+}
+
+void *
+ch_realloc(
+ void *block,
+ ber_len_t size
+)
+{
+ void *new, *ctx;
+
+ if ( block == NULL ) {
+ return( ch_malloc( size ) );
+ }
+
+ if( size == 0 ) {
+ ch_free( block );
+ return NULL;
+ }
+
+ ctx = slap_sl_context( block );
+ if ( ctx ) {
+ return slap_sl_realloc( block, size, ctx );
+ }
+
+ if ( (new = (void *) ber_memrealloc_x( block, size, NULL )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "ch_realloc of %lu bytes failed\n",
+ (long) size, 0, 0 );
+ assert( 0 );
+ exit( EXIT_FAILURE );
+ }
+
+ return( new );
+}
+
+void *
+ch_calloc(
+ ber_len_t nelem,
+ ber_len_t size
+)
+{
+ void *new;
+
+ if ( (new = (void *) ber_memcalloc_x( nelem, size, NULL )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "ch_calloc of %lu elems of %lu bytes failed\n",
+ (long) nelem, (long) size, 0 );
+ assert( 0 );
+ exit( EXIT_FAILURE );
+ }
+
+ return( new );
+}
+
+char *
+ch_strdup(
+ const char *string
+)
+{
+ char *new;
+
+ if ( (new = ber_strdup_x( string, NULL )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "ch_strdup(%s) failed\n", string, 0, 0 );
+ assert( 0 );
+ exit( EXIT_FAILURE );
+ }
+
+ return( new );
+}
+
+void
+ch_free( void *ptr )
+{
+ void *ctx;
+
+ ctx = slap_sl_context( ptr );
+ if (ctx) {
+ slap_sl_free( ptr, ctx );
+ } else {
+ ber_memfree_x( ptr, NULL );
+ }
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/compare.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/compare.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/compare.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,430 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/compare.c,v 1.124.2.11 2007/01/02 21:43:54 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+
+static int compare_entry(
+ Operation *op,
+ Entry *e,
+ AttributeAssertion *ava );
+
+int
+do_compare(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct berval dn = BER_BVNULL;
+ struct berval desc = BER_BVNULL;
+ struct berval value = BER_BVNULL;
+#ifdef LDAP_COMP_MATCH
+ AttributeAssertion ava = { NULL, BER_BVNULL, NULL };
+#else
+ AttributeAssertion ava = { NULL, BER_BVNULL };
+#endif
+
+ ava.aa_desc = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 );
+ /*
+ * Parse the compare request. It looks like this:
+ *
+ * CompareRequest := [APPLICATION 14] SEQUENCE {
+ * entry DistinguishedName,
+ * ava SEQUENCE {
+ * type AttributeType,
+ * value AttributeValue
+ * }
+ * }
+ */
+
+ if ( ber_scanf( op->o_ber, "{m" /*}*/, &dn ) == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
+ return SLAPD_DISCONNECT;
+ }
+
+ if ( ber_scanf( op->o_ber, "{mm}", &desc, &value ) == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, "do_compare: get ava failed\n", 0, 0, 0 );
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
+ return SLAPD_DISCONNECT;
+ }
+
+ if ( ber_scanf( op->o_ber, /*{*/ "}" ) == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
+ return SLAPD_DISCONNECT;
+ }
+
+ if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "do_compare: get_ctrls failed\n", 0, 0, 0 );
+ goto cleanup;
+ }
+
+ rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn,
+ op->o_tmpmemctx );
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "do_compare: invalid dn (%s)\n", dn.bv_val, 0, 0 );
+ send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
+ goto cleanup;
+ }
+
+ rs->sr_err = slap_bv2ad( &desc, &ava.aa_desc, &rs->sr_text );
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ rs->sr_err = slap_bv2undef_ad( &desc, &ava.aa_desc,
+ &rs->sr_text,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+ }
+
+ rs->sr_err = asserted_value_validate_normalize( ava.aa_desc,
+ ava.aa_desc->ad_type->sat_equality,
+ SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ &value, &ava.aa_value, &rs->sr_text, op->o_tmpmemctx );
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ op->orc_ava = &ava;
+
+ op->o_bd = frontendDB;
+ rs->sr_err = frontendDB->be_compare( op, rs );
+
+cleanup:;
+ op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+ if ( !BER_BVISNULL( &ava.aa_value ) ) {
+ op->o_tmpfree( ava.aa_value.bv_val, op->o_tmpmemctx );
+ }
+
+ return rs->sr_err;
+}
+
+int
+fe_op_compare( Operation *op, SlapReply *rs )
+{
+ Entry *entry = NULL;
+ int manageDSAit;
+ AttributeAssertion ava = *op->orc_ava;
+ BackendDB *bd = op->o_bd;
+
+ if( strcasecmp( op->o_req_ndn.bv_val, LDAP_ROOT_DSE ) == 0 ) {
+ Debug( LDAP_DEBUG_ARGS,
+ "do_compare: dn (%s) attr (%s) value (%s)\n",
+ op->o_req_dn.bv_val,
+ ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
+
+ Statslog( LDAP_DEBUG_STATS,
+ "%s CMP dn=\"%s\" attr=\"%s\"\n",
+ op->o_log_prefix, op->o_req_dn.bv_val,
+ ava.aa_desc->ad_cname.bv_val, 0, 0 );
+
+ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ } else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
+ Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
+ op->o_req_dn.bv_val,
+ ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
+
+ Statslog( LDAP_DEBUG_STATS,
+ "%s CMP dn=\"%s\" attr=\"%s\"\n",
+ op->o_log_prefix, op->o_req_dn.bv_val,
+ ava.aa_desc->ad_cname.bv_val, 0, 0 );
+
+ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ rs->sr_err = 0;
+ goto cleanup;
+ }
+
+ rs->sr_err = schema_info( &entry, &rs->sr_text );
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ rs->sr_err = 0;
+ goto cleanup;
+ }
+ }
+
+ if( entry ) {
+ rs->sr_err = compare_entry( op, entry, &ava );
+ entry_free( entry );
+
+ send_ldap_result( op, rs );
+
+ if( rs->sr_err == LDAP_COMPARE_TRUE ||
+ rs->sr_err == LDAP_COMPARE_FALSE )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+ }
+
+ goto cleanup;
+ }
+
+ manageDSAit = get_manageDSAit( op );
+
+ /*
+ * We could be serving multiple database backends. Select the
+ * appropriate one, or send a referral to our "referral server"
+ * if we don't hold it.
+ */
+ op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 );
+ if ( op->o_bd == NULL ) {
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+
+ rs->sr_err = LDAP_REFERRAL;
+ if (!rs->sr_ref) rs->sr_ref = default_referral;
+ op->o_bd = bd;
+ send_ldap_result( op, rs );
+
+ if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
+ rs->sr_err = 0;
+ goto cleanup;
+ }
+
+ /* check restrictions */
+ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ /* check for referrals */
+ if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
+ goto cleanup;
+ }
+
+ Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
+ op->o_req_dn.bv_val,
+ ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
+
+ Statslog( LDAP_DEBUG_STATS, "%s CMP dn=\"%s\" attr=\"%s\"\n",
+ op->o_log_prefix, op->o_req_dn.bv_val,
+ ava.aa_desc->ad_cname.bv_val, 0, 0 );
+
+ op->orc_ava = &ava;
+ if ( ava.aa_desc == slap_schema.si_ad_entryDN ) {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "entryDN compare not supported" );
+
+ } else if ( ava.aa_desc == slap_schema.si_ad_subschemaSubentry ) {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "subschemaSubentry compare not supported" );
+
+#ifndef SLAP_COMPARE_IN_FRONTEND
+ } else if ( ava.aa_desc == slap_schema.si_ad_hasSubordinates
+ && op->o_bd->be_has_subordinates )
+ {
+ int rc, hasSubordinates = LDAP_SUCCESS;
+
+ rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &entry );
+ if ( rc == 0 && entry ) {
+ if ( ! access_allowed( op, entry,
+ ava.aa_desc, &ava.aa_value, ACL_COMPARE, NULL ) )
+ {
+ rc = rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+
+ } else {
+ rc = rs->sr_err = op->o_bd->be_has_subordinates( op,
+ entry, &hasSubordinates );
+ be_entry_release_r( op, entry );
+ }
+ }
+
+ if ( rc == 0 ) {
+ int asserted;
+
+ asserted = bvmatch( &ava.aa_value, &slap_true_bv )
+ ? LDAP_COMPARE_TRUE : LDAP_COMPARE_FALSE;
+ if ( hasSubordinates == asserted ) {
+ rs->sr_err = LDAP_COMPARE_TRUE;
+
+ } else {
+ rs->sr_err = LDAP_COMPARE_FALSE;
+ }
+
+ } else {
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* return error only if "disclose"
+ * is granted on the object */
+ if ( backend_access( op, NULL, &op->o_req_ndn,
+ slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL ) == LDAP_INSUFFICIENT_ACCESS )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ }
+
+ send_ldap_result( op, rs );
+
+ if ( rc == 0 ) {
+ rs->sr_err = LDAP_SUCCESS;
+ }
+
+ } else if ( op->o_bd->be_compare ) {
+ rs->sr_err = op->o_bd->be_compare( op, rs );
+
+#endif /* ! SLAP_COMPARE_IN_FRONTEND */
+ } else {
+ rs->sr_err = SLAP_CB_CONTINUE;
+ }
+
+ if ( rs->sr_err == SLAP_CB_CONTINUE ) {
+ /* do our best to compare that AVA
+ *
+ * NOTE: this code is used only
+ * if SLAP_COMPARE_IN_FRONTEND
+ * is #define'd (it's not by default)
+ * or if op->o_bd->be_compare is NULL.
+ *
+ * FIXME: one potential issue is that
+ * if SLAP_COMPARE_IN_FRONTEND overlays
+ * are not executed for compare. */
+ BerVarray vals = NULL;
+ int rc = LDAP_OTHER;
+
+ rs->sr_err = backend_attribute( op, NULL, &op->o_req_ndn,
+ ava.aa_desc, &vals, ACL_COMPARE );
+ switch ( rs->sr_err ) {
+ default:
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* return error only if "disclose"
+ * is granted on the object */
+ if ( backend_access( op, NULL, &op->o_req_ndn,
+ slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL )
+ == LDAP_INSUFFICIENT_ACCESS )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ break;
+
+ case LDAP_SUCCESS:
+ if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ vals, &ava.aa_value, op->o_tmpmemctx ) == 0 )
+ {
+ rs->sr_err = LDAP_COMPARE_TRUE;
+ break;
+
+ } else {
+ rs->sr_err = LDAP_COMPARE_FALSE;
+ }
+ rc = LDAP_SUCCESS;
+ break;
+ }
+
+ send_ldap_result( op, rs );
+
+ if ( rc == 0 ) {
+ rs->sr_err = LDAP_SUCCESS;
+ }
+
+ if ( vals ) {
+ ber_bvarray_free_x( vals, op->o_tmpmemctx );
+ }
+ }
+
+cleanup:;
+ op->o_bd = bd;
+ return rs->sr_err;
+}
+
+static int compare_entry(
+ Operation *op,
+ Entry *e,
+ AttributeAssertion *ava )
+{
+ int rc = LDAP_COMPARE_FALSE;
+ Attribute *a;
+
+ if ( ! access_allowed( op, e,
+ ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
+ {
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ goto done;
+ }
+
+ a = attrs_find( e->e_attrs, ava->aa_desc );
+ if( a == NULL ) {
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ goto done;
+ }
+
+ for(a = attrs_find( e->e_attrs, ava->aa_desc );
+ a != NULL;
+ a = attrs_find( a->a_next, ava->aa_desc ))
+ {
+ if (( ava->aa_desc != a->a_desc ) && ! access_allowed( op,
+ e, a->a_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
+ {
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ break;
+ }
+
+ if ( value_find_ex( ava->aa_desc,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ a->a_nvals, &ava->aa_value, op->o_tmpmemctx ) == 0 )
+ {
+ rc = LDAP_COMPARE_TRUE;
+ break;
+ }
+ }
+
+done:
+#ifdef LDAP_ACL_HONOR_DISCLOSE
+ if( rc != LDAP_COMPARE_TRUE && rc != LDAP_COMPARE_FALSE ) {
+ if ( ! access_allowed( op, e,
+ slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL ) )
+ {
+ rc = LDAP_NO_SUCH_OBJECT;
+ }
+ }
+#endif
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/component.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/component.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/component.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1390 @@
+/* component.c -- Component Filter Match Routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/component.c,v 1.13.2.7 2007/01/02 21:43:55 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004 by IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "lutil.h"
+#include <ldap.h>
+#include "slap.h"
+
+#ifdef LDAP_COMP_MATCH
+
+#include "component.h"
+
+/*
+ * Following function pointers are initialized
+ * when a component module is loaded
+ */
+alloc_nibble_func* nibble_mem_allocator = NULL;
+free_nibble_func* nibble_mem_free = NULL;
+convert_attr_to_comp_func* attr_converter = NULL;
+convert_assert_to_comp_func* assert_converter = NULL ;
+free_component_func* component_destructor = NULL ;
+test_component_func* test_components = NULL;
+test_membership_func* is_aliased_attribute = NULL;
+component_encoder_func* component_encoder = NULL;
+get_component_info_func* get_component_description = NULL;
+#define OID_ALL_COMP_MATCH "1.2.36.79672281.1.13.6"
+#define OID_COMP_FILTER_MATCH "1.2.36.79672281.1.13.2"
+#define MAX_LDAP_STR_LEN 128
+
+static int
+peek_componentId_type( ComponentAssertionValue* cav );
+
+static int
+strip_cav_str( ComponentAssertionValue* cav, char* str);
+
+static int
+peek_cav_str( ComponentAssertionValue* cav, char* str );
+
+static int
+parse_comp_filter( Operation* op, ComponentAssertionValue* cav,
+ ComponentFilter** filt, const char** text );
+
+static void
+free_comp_filter( ComponentFilter* f );
+
+static int
+test_comp_filter( Syntax *syn, ComponentSyntaxInfo *a, ComponentFilter *f );
+
+int
+componentCertificateValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+ return LDAP_SUCCESS;
+}
+
+int
+componentFilterValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+ return LDAP_SUCCESS;
+}
+
+int
+allComponentsValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+ return LDAP_SUCCESS;
+}
+
+int
+componentFilterMatch (
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ ComponentSyntaxInfo *csi_attr = (ComponentSyntaxInfo*)value;
+ MatchingRuleAssertion * ma = (MatchingRuleAssertion*)assertedValue;
+ int rc;
+
+ if ( !mr || !ma->ma_cf ) return LDAP_INAPPROPRIATE_MATCHING;
+
+ /* Check if the component module is loaded */
+ if ( !attr_converter || !nibble_mem_allocator ) {
+ return LDAP_OTHER;
+ }
+
+ rc = test_comp_filter( syntax, csi_attr, ma->ma_cf );
+
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ *matchp = 0;
+ return LDAP_SUCCESS;
+ }
+ else if ( rc == LDAP_COMPARE_FALSE ) {
+ *matchp = 1;
+ return LDAP_SUCCESS;
+ }
+ else {
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+}
+
+int
+directoryComponentsMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ /* Only for registration */
+ *matchp = 0;
+ return LDAP_SUCCESS;
+}
+
+int
+allComponentsMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ /* Only for registration */
+ *matchp = 0;
+ return LDAP_SUCCESS;
+}
+
+static int
+slapd_ber2cav( struct berval* bv, ComponentAssertionValue* cav )
+{
+ cav->cav_ptr = cav->cav_buf = bv->bv_val;
+ cav->cav_end = bv->bv_val + bv->bv_len;
+
+ return LDAP_SUCCESS;
+}
+
+ComponentReference*
+dup_comp_ref ( Operation* op, ComponentReference* cr )
+{
+ ComponentReference* dup_cr;
+ ComponentId* ci_curr;
+ ComponentId** ci_temp;
+
+ dup_cr = op->o_tmpalloc( sizeof( ComponentReference ), op->o_tmpmemctx );
+
+ dup_cr->cr_len = cr->cr_len;
+ dup_cr->cr_string = cr->cr_string;
+
+ ci_temp = &dup_cr->cr_list;
+ ci_curr = cr->cr_list;
+
+ for ( ; ci_curr != NULL ;
+ ci_curr = ci_curr->ci_next, ci_temp = &(*ci_temp)->ci_next )
+ {
+ *ci_temp = op->o_tmpalloc( sizeof( ComponentId ), op->o_tmpmemctx );
+ if ( !ci_temp ) return NULL;
+ **ci_temp = *ci_curr;
+ }
+
+ dup_cr->cr_curr = dup_cr->cr_list;
+
+ return dup_cr;
+}
+
+static int
+dup_comp_filter_list (
+ Operation *op,
+ struct berval *bv,
+ ComponentFilter* in_f,
+ ComponentFilter** out_f )
+{
+ ComponentFilter **new, *f;
+ int rc;
+
+ new = out_f;
+ for ( f = in_f; f != NULL; f = f->cf_next ) {
+ rc = dup_comp_filter( op, bv, f, new );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ new = &(*new)->cf_next;
+ }
+ return LDAP_SUCCESS;
+}
+
+int
+get_len_of_next_assert_value ( struct berval* bv, char separator )
+{
+ int i = 0;
+ while (1) {
+ if ( (bv->bv_val[ i ] == separator) || ( i >= bv->bv_len) )
+ break;
+ i++;
+ }
+ bv->bv_val += (i + 1);
+ bv->bv_len -= (i + 1);
+ return i;
+}
+
+int
+dup_comp_filter_item (
+ Operation *op,
+ struct berval* assert_bv,
+ ComponentAssertion* in_ca,
+ ComponentAssertion** out_ca )
+{
+ int len;
+
+ if ( !in_ca->ca_comp_ref ) return SLAPD_DISCONNECT;
+
+ *out_ca = op->o_tmpalloc( sizeof( ComponentAssertion ), op->o_tmpmemctx );
+ if ( !(*out_ca) ) return LDAP_NO_MEMORY;
+
+ (*out_ca)->ca_comp_data.cd_tree = NULL;
+ (*out_ca)->ca_comp_data.cd_mem_op = NULL;
+
+ (*out_ca)->ca_comp_ref = dup_comp_ref ( op, in_ca->ca_comp_ref );
+ (*out_ca)->ca_use_def = 0;
+ (*out_ca)->ca_ma_rule = in_ca->ca_ma_rule;
+
+ (*out_ca)->ca_ma_value.bv_val = assert_bv->bv_val;
+ len = get_len_of_next_assert_value ( assert_bv, '$' );
+ if ( len <= 0 ) return SLAPD_DISCONNECT;
+ (*out_ca)->ca_ma_value.bv_len = len;
+
+ return LDAP_SUCCESS;
+}
+
+int
+dup_comp_filter (
+ Operation* op,
+ struct berval *bv,
+ ComponentFilter *in_f,
+ ComponentFilter **out_f )
+{
+ int rc;
+ ComponentFilter dup_f = {0};
+
+ if ( !in_f ) return LDAP_PROTOCOL_ERROR;
+
+ switch ( in_f->cf_choice ) {
+ case LDAP_COMP_FILTER_AND:
+ rc = dup_comp_filter_list( op, bv, in_f->cf_and, &dup_f.cf_and);
+ dup_f.cf_choice = LDAP_COMP_FILTER_AND;
+ break;
+ case LDAP_COMP_FILTER_OR:
+ rc = dup_comp_filter_list( op, bv, in_f->cf_or, &dup_f.cf_or);
+ dup_f.cf_choice = LDAP_COMP_FILTER_OR;
+ break;
+ case LDAP_COMP_FILTER_NOT:
+ rc = dup_comp_filter( op, bv, in_f->cf_not, &dup_f.cf_not);
+ dup_f.cf_choice = LDAP_COMP_FILTER_NOT;
+ break;
+ case LDAP_COMP_FILTER_ITEM:
+ rc = dup_comp_filter_item( op, bv, in_f->cf_ca ,&dup_f.cf_ca );
+ dup_f.cf_choice = LDAP_COMP_FILTER_ITEM;
+ break;
+ default:
+ rc = LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ *out_f = op->o_tmpalloc( sizeof(dup_f), op->o_tmpmemctx );
+ **out_f = dup_f;
+ }
+
+ return( rc );
+}
+
+int
+get_aliased_filter_aa ( Operation* op, AttributeAssertion* a_assert, AttributeAliasing* aa, const char** text )
+{
+ struct berval assert_bv;
+
+ Debug( LDAP_DEBUG_FILTER, "get_aliased_filter\n", 0, 0, 0 );
+
+ if ( !aa->aa_cf )
+ return LDAP_PROTOCOL_ERROR;
+
+ assert_bv = a_assert->aa_value;
+ /*
+ * Duplicate aa->aa_cf to ma->ma_cf by replacing the
+ * the component assertion value in assert_bv
+ * Multiple values may be separated with '$'
+ */
+ return dup_comp_filter ( op, &assert_bv, aa->aa_cf, &a_assert->aa_cf );
+}
+
+int
+get_aliased_filter( Operation* op,
+ MatchingRuleAssertion* ma, AttributeAliasing* aa,
+ const char** text )
+{
+ struct berval assert_bv;
+
+ Debug( LDAP_DEBUG_FILTER, "get_aliased_filter\n", 0, 0, 0 );
+
+ if ( !aa->aa_cf ) return LDAP_PROTOCOL_ERROR;
+
+ assert_bv = ma->ma_value;
+ /* Attribute Description is replaced with aliased one */
+ ma->ma_desc = aa->aa_aliased_ad;
+ ma->ma_rule = aa->aa_mr;
+ /*
+ * Duplicate aa->aa_cf to ma->ma_cf by replacing the
+ * the component assertion value in assert_bv
+ * Multiple values may be separated with '$'
+ */
+ return dup_comp_filter ( op, &assert_bv, aa->aa_cf, &ma->ma_cf );
+}
+
+int
+get_comp_filter( Operation* op, struct berval* bv,
+ ComponentFilter** filt, const char **text )
+{
+ ComponentAssertionValue cav;
+ int rc;
+
+ Debug( LDAP_DEBUG_FILTER, "get_comp_filter\n", 0, 0, 0 );
+ if ( (rc = slapd_ber2cav(bv, &cav) ) != LDAP_SUCCESS ) {
+ return rc;
+ }
+ rc = parse_comp_filter( op, &cav, filt, text );
+ bv->bv_val = cav.cav_ptr;
+
+ return rc;
+}
+
+static void
+eat_whsp( ComponentAssertionValue* cav )
+{
+ for ( ; ( *cav->cav_ptr == ' ' ) && ( cav->cav_ptr < cav->cav_end ) ; ) {
+ cav->cav_ptr++;
+ }
+}
+
+static int
+cav_cur_len( ComponentAssertionValue* cav )
+{
+ return cav->cav_end - cav->cav_ptr;
+}
+
+static ber_tag_t
+comp_first_element( ComponentAssertionValue* cav )
+{
+ eat_whsp( cav );
+ if ( cav_cur_len( cav ) >= 8 && strncmp( cav->cav_ptr, "item", 4 ) == 0 ) {
+ return LDAP_COMP_FILTER_ITEM;
+
+ } else if ( cav_cur_len( cav ) >= 7 &&
+ strncmp( cav->cav_ptr, "and", 3 ) == 0 )
+ {
+ return LDAP_COMP_FILTER_AND;
+
+ } else if ( cav_cur_len( cav ) >= 6 &&
+ strncmp( cav->cav_ptr, "or" , 2 ) == 0 )
+ {
+ return LDAP_COMP_FILTER_OR;
+
+ } else if ( cav_cur_len( cav ) >= 7 &&
+ strncmp( cav->cav_ptr, "not", 3 ) == 0 )
+ {
+ return LDAP_COMP_FILTER_NOT;
+
+ } else {
+ return LDAP_COMP_FILTER_UNDEFINED;
+ }
+}
+
+static ber_tag_t
+comp_next_element( ComponentAssertionValue* cav )
+{
+ eat_whsp( cav );
+ if ( *(cav->cav_ptr) == ',' ) {
+ /* move pointer to the next CA */
+ cav->cav_ptr++;
+ return comp_first_element( cav );
+ }
+ else return LDAP_COMP_FILTER_UNDEFINED;
+}
+
+static int
+get_comp_filter_list( Operation *op, ComponentAssertionValue *cav,
+ ComponentFilter** f, const char** text )
+{
+ ComponentFilter **new;
+ int err;
+ ber_tag_t tag;
+
+ Debug( LDAP_DEBUG_FILTER, "get_comp_filter_list\n", 0, 0, 0 );
+ new = f;
+ for ( tag = comp_first_element( cav );
+ tag != LDAP_COMP_FILTER_UNDEFINED;
+ tag = comp_next_element( cav ) )
+ {
+ err = parse_comp_filter( op, cav, new, text );
+ if ( err != LDAP_SUCCESS ) return ( err );
+ new = &(*new)->cf_next;
+ }
+ *new = NULL;
+
+ return( LDAP_SUCCESS );
+}
+
+static int
+get_componentId( Operation *op, ComponentAssertionValue* cav,
+ ComponentId ** cid, const char** text )
+{
+ ber_tag_t type;
+ ComponentId _cid;
+ int len;
+
+ type = peek_componentId_type( cav );
+
+ Debug( LDAP_DEBUG_FILTER, "get_compId [%lu]\n",
+ (unsigned long) type, 0, 0 );
+ len = 0;
+ _cid.ci_type = type;
+ _cid.ci_next = NULL;
+ switch ( type ) {
+ case LDAP_COMPREF_IDENTIFIER :
+ _cid.ci_val.ci_identifier.bv_val = cav->cav_ptr;
+ for( ;cav->cav_ptr[len] != ' ' && cav->cav_ptr[len] != '\0' &&
+ cav->cav_ptr[len] != '.' && cav->cav_ptr[len] != '\"' ; len++ );
+ _cid.ci_val.ci_identifier.bv_len = len;
+ cav->cav_ptr += len;
+ break;
+ case LDAP_COMPREF_FROM_BEGINNING :
+ for( ;cav->cav_ptr[len] != ' ' && cav->cav_ptr[len] != '\0' &&
+ cav->cav_ptr[len] != '.' && cav->cav_ptr[len] != '\"' ; len++ );
+ _cid.ci_val.ci_from_beginning = strtol( cav->cav_ptr, NULL, 0 );
+ cav->cav_ptr += len;
+ break;
+ case LDAP_COMPREF_FROM_END :
+ for( ;cav->cav_ptr[len] != ' ' && cav->cav_ptr[len] != '\0' &&
+ cav->cav_ptr[len] != '.' && cav->cav_ptr[len] != '\"' ; len++ );
+ _cid.ci_val.ci_from_end = strtol( cav->cav_ptr, NULL, 0 );
+ cav->cav_ptr += len;
+ break;
+ case LDAP_COMPREF_COUNT :
+ _cid.ci_val.ci_count = 0;
+ cav->cav_ptr++;
+ break;
+ case LDAP_COMPREF_CONTENT :
+ _cid.ci_val.ci_content = 1;
+ cav->cav_ptr += strlen("content");
+ break;
+ case LDAP_COMPREF_SELECT :
+ if ( cav->cav_ptr[len] != '(' ) return LDAP_COMPREF_UNDEFINED;
+ for( ;cav->cav_ptr[len] != ' ' && cav->cav_ptr[len] != '\0' &&
+ cav->cav_ptr[len] != '\"' && cav->cav_ptr[len] != ')'
+ ; len++ );
+ _cid.ci_val.ci_select_value.bv_val = cav->cav_ptr + 1;
+ _cid.ci_val.ci_select_value.bv_len = len - 1 ;
+ cav->cav_ptr += len + 1;
+ break;
+ case LDAP_COMPREF_ALL :
+ _cid.ci_val.ci_all = '*';
+ cav->cav_ptr++;
+ break;
+ default :
+ return LDAP_COMPREF_UNDEFINED;
+ }
+
+ if ( op ) {
+ *cid = op->o_tmpalloc( sizeof( ComponentId ), op->o_tmpmemctx );
+ } else {
+ *cid = malloc( sizeof( ComponentId ) );
+ }
+ **cid = _cid;
+ return LDAP_SUCCESS;
+}
+
+static int
+peek_componentId_type( ComponentAssertionValue* cav )
+{
+ eat_whsp( cav );
+
+ if ( cav->cav_ptr[0] == '-' ) {
+ return LDAP_COMPREF_FROM_END;
+
+ } else if ( cav->cav_ptr[0] == '(' ) {
+ return LDAP_COMPREF_SELECT;
+
+ } else if ( cav->cav_ptr[0] == '*' ) {
+ return LDAP_COMPREF_ALL;
+
+ } else if ( cav->cav_ptr[0] == '0' ) {
+ return LDAP_COMPREF_COUNT;
+
+ } else if ( cav->cav_ptr[0] > '0' && cav->cav_ptr[0] <= '9' ) {
+ return LDAP_COMPREF_FROM_BEGINNING;
+
+ } else if ( (cav->cav_end - cav->cav_ptr) >= 7 &&
+ strncmp(cav->cav_ptr,"content",7) == 0 )
+ {
+ return LDAP_COMPREF_CONTENT;
+ } else if ( (cav->cav_ptr[0] >= 'a' && cav->cav_ptr[0] <= 'z') ||
+ (cav->cav_ptr[0] >= 'A' && cav->cav_ptr[0] <= 'Z') )
+ {
+ return LDAP_COMPREF_IDENTIFIER;
+ }
+
+ return LDAP_COMPREF_UNDEFINED;
+}
+
+static ber_tag_t
+comp_next_id( ComponentAssertionValue* cav )
+{
+ if ( *(cav->cav_ptr) == '.' ) {
+ cav->cav_ptr++;
+ return LDAP_COMPREF_DEFINED;
+ }
+
+ return LDAP_COMPREF_UNDEFINED;
+}
+
+
+
+static int
+get_component_reference(
+ Operation *op,
+ ComponentAssertionValue* cav,
+ ComponentReference** cr,
+ const char** text )
+{
+ int rc, count = 0;
+ ber_int_t type;
+ ComponentReference* ca_comp_ref;
+ ComponentId** cr_list;
+ char* start, *end;
+
+ eat_whsp( cav );
+
+ start = cav->cav_ptr;
+ if ( ( rc = strip_cav_str( cav,"\"") ) != LDAP_SUCCESS ) return rc;
+ if ( op ) {
+ ca_comp_ref = op->o_tmpalloc( sizeof( ComponentReference ),
+ op->o_tmpmemctx );
+ } else {
+ ca_comp_ref = malloc( sizeof( ComponentReference ) );
+ }
+
+ if ( !ca_comp_ref ) return LDAP_NO_MEMORY;
+
+ cr_list = &ca_comp_ref->cr_list;
+
+ for ( type = peek_componentId_type( cav ) ; type != LDAP_COMPREF_UNDEFINED
+ ; type = comp_next_id( cav ), count++ )
+ {
+ rc = get_componentId( op, cav, cr_list, text );
+ if ( rc == LDAP_SUCCESS ) {
+ if ( count == 0 ) ca_comp_ref->cr_curr = ca_comp_ref->cr_list;
+ cr_list = &(*cr_list)->ci_next;
+
+ } else if ( rc == LDAP_COMPREF_UNDEFINED ) {
+ return rc;
+ }
+ }
+ ca_comp_ref->cr_len = count;
+ end = cav->cav_ptr;
+ if ( ( rc = strip_cav_str( cav,"\"") ) != LDAP_SUCCESS ) {
+ if ( op ) {
+ op->o_tmpfree( ca_comp_ref , op->o_tmpmemctx );
+ } else {
+ free( ca_comp_ref );
+ }
+ return rc;
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ *cr = ca_comp_ref;
+ **cr = *ca_comp_ref;
+
+ } else if ( op ) {
+ op->o_tmpfree( ca_comp_ref , op->o_tmpmemctx );
+
+ } else {
+ free( ca_comp_ref ) ;
+ }
+
+ (*cr)->cr_string.bv_val = start;
+ (*cr)->cr_string.bv_len = end - start + 1;
+
+ return rc;
+}
+
+int
+insert_component_reference(
+ ComponentReference *cr,
+ ComponentReference** cr_list)
+{
+ if ( !cr ) return LDAP_PARAM_ERROR;
+
+ if ( !(*cr_list) ) {
+ *cr_list = cr;
+ cr->cr_next = NULL;
+ } else {
+ cr->cr_next = *cr_list;
+ *cr_list = cr;
+ }
+ return LDAP_SUCCESS;
+}
+
+/*
+ * If there is '.' in the name of a given attribute
+ * the first '.'- following characters are considered
+ * as a component reference of the attribute
+ * EX) userCertificate.toBeSigned.serialNumber
+ * attribute : userCertificate
+ * component reference : toBeSigned.serialNumber
+ */
+int
+is_component_reference( char* attr ) {
+ int i;
+ for ( i=0; attr[i] != '\0' ; i++ ) {
+ if ( attr[i] == '.' ) return (1);
+ }
+ return (0);
+}
+
+int
+extract_component_reference(
+ char* attr,
+ ComponentReference** cr )
+{
+ int i, rc;
+ char* cr_ptr;
+ int cr_len;
+ ComponentAssertionValue cav;
+ char text[1][128];
+
+ for ( i=0; attr[i] != '\0' ; i++ ) {
+ if ( attr[i] == '.' ) break;
+ }
+
+ if (attr[i] != '.' ) return LDAP_PARAM_ERROR;
+ attr[i] = '\0';
+
+ cr_ptr = attr + i + 1 ;
+ cr_len = strlen ( cr_ptr );
+ if ( cr_len <= 0 ) return LDAP_PARAM_ERROR;
+
+ /* enclosed between double quotes*/
+ cav.cav_ptr = cav.cav_buf = ch_malloc (cr_len+2);
+ memcpy( cav.cav_buf+1, cr_ptr, cr_len );
+ cav.cav_buf[0] = '"';
+ cav.cav_buf[cr_len+1] = '"';
+ cav.cav_end = cr_ptr + cr_len + 2;
+
+ rc = get_component_reference ( NULL, &cav, cr, (const char**)text );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (*cr)->cr_string.bv_val = cav.cav_buf;
+ (*cr)->cr_string.bv_len = cr_len + 2;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+get_ca_use_default( Operation *op,
+ ComponentAssertionValue* cav,
+ int* ca_use_def, const char** text )
+{
+ strip_cav_str( cav, "useDefaultValues" );
+
+ if ( peek_cav_str( cav, "TRUE" ) == LDAP_SUCCESS ) {
+ strip_cav_str( cav, "TRUE" );
+ *ca_use_def = 1;
+
+ } else if ( peek_cav_str( cav, "FALSE" ) == LDAP_SUCCESS ) {
+ strip_cav_str( cav, "FALSE" );
+ *ca_use_def = 0;
+
+ } else {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+get_matching_rule( Operation *op, ComponentAssertionValue* cav,
+ MatchingRule** mr, const char** text )
+{
+ int count = 0;
+ struct berval rule_text = { 0L, NULL };
+
+ eat_whsp( cav );
+
+ for ( ; ; count++ ) {
+ if ( cav->cav_ptr[count] == ' ' || cav->cav_ptr[count] == ',' ||
+ cav->cav_ptr[count] == '\0' || cav->cav_ptr[count] == '{' ||
+ cav->cav_ptr[count] == '}' || cav->cav_ptr[count] == '\n' )
+ {
+ break;
+ }
+ }
+
+ if ( count == 0 ) {
+ *text = "component matching rule not recognized";
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ rule_text.bv_len = count;
+ rule_text.bv_val = cav->cav_ptr;
+ *mr = mr_bvfind( &rule_text );
+ cav->cav_ptr += count;
+ Debug( LDAP_DEBUG_FILTER, "get_matching_rule: %s\n",
+ (*mr)->smr_mrule.mr_oid, 0, 0 );
+ if ( *mr == NULL ) {
+ *text = "component matching rule not recognized";
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+ return LDAP_SUCCESS;
+}
+
+static int
+get_GSER_value( ComponentAssertionValue* cav, struct berval* bv )
+{
+ int count, sequent_dquote, unclosed_brace, succeed;
+
+ eat_whsp( cav );
+ /*
+ * Four cases of GSER <Values>
+ * 1) "..." :
+ * StringVal, GeneralizedTimeVal, UTCTimeVal, ObjectDescriptorVal
+ * 2) '...'B or '...'H :
+ * BitStringVal, OctetStringVal
+ * 3) {...} :
+ * SEQUENCE, SEQUENCEOF, SETOF, SET, CHOICE
+ * 4) Between two white spaces
+ * INTEGER, BOOLEAN, NULL,ENUMERATE, etc
+ */
+
+ succeed = 0;
+ if ( cav->cav_ptr[0] == '"' ) {
+ for( count = 1, sequent_dquote = 0 ; ; count++ ) {
+ /* In order to find escaped double quote */
+ if ( cav->cav_ptr[count] == '"' ) sequent_dquote++;
+ else sequent_dquote = 0;
+
+ if ( cav->cav_ptr[count] == '\0' ||
+ (cav->cav_ptr+count) > cav->cav_end )
+ {
+ break;
+ }
+
+ if ( ( cav->cav_ptr[count] == '"' &&
+ cav->cav_ptr[count-1] != '"') ||
+ ( sequent_dquote > 2 && (sequent_dquote%2) == 1 ) )
+ {
+ succeed = 1;
+ break;
+ }
+ }
+
+ if ( !succeed || cav->cav_ptr[count] != '"' ) {
+ return LDAP_FILTER_ERROR;
+ }
+
+ bv->bv_val = cav->cav_ptr + 1;
+ bv->bv_len = count - 1; /* exclude '"' */
+
+ } else if ( cav->cav_ptr[0] == '\'' ) {
+ for( count = 1 ; ; count++ ) {
+ if ( cav->cav_ptr[count] == '\0' ||
+ (cav->cav_ptr+count) > cav->cav_end )
+ {
+ break;
+ }
+ if ((cav->cav_ptr[count-1] == '\'' && cav->cav_ptr[count] == 'B') ||
+ (cav->cav_ptr[count-1] == '\'' && cav->cav_ptr[count] == 'H') )
+ {
+ succeed = 1;
+ break;
+ }
+ }
+
+ if ( !succeed ||
+ !(cav->cav_ptr[count] == 'H' || cav->cav_ptr[count] == 'B') )
+ {
+ return LDAP_FILTER_ERROR;
+ }
+
+ bv->bv_val = cav->cav_ptr + 1;/*the next to '"' */
+ bv->bv_len = count - 2;/* exclude "'H" or "'B" */
+
+ } else if ( cav->cav_ptr[0] == '{' ) {
+ for( count = 1, unclosed_brace = 1 ; ; count++ ) {
+ if ( cav->cav_ptr[count] == '{' ) unclosed_brace++;
+ if ( cav->cav_ptr[count] == '}' ) unclosed_brace--;
+
+ if ( cav->cav_ptr[count] == '\0' ||
+ (cav->cav_ptr+count) > cav->cav_end )
+ {
+ break;
+ }
+ if ( unclosed_brace == 0 ) {
+ succeed = 1;
+ break;
+ }
+ }
+
+ if ( !succeed || cav->cav_ptr[count] != '}' ) return LDAP_FILTER_ERROR;
+
+ bv->bv_val = cav->cav_ptr + 1;/*the next to '"' */
+ bv->bv_len = count - 1;/* exclude "'B" */
+
+ } else {
+ succeed = 1;
+ /*Find following white space where the value is ended*/
+ for( count = 1 ; ; count++ ) {
+ if ( cav->cav_ptr[count] == '\0' ||
+ cav->cav_ptr[count] == ' ' || cav->cav_ptr[count] == '}' ||
+ cav->cav_ptr[count] == '{' ||
+ (cav->cav_ptr+count) > cav->cav_end )
+ {
+ break;
+ }
+ }
+ bv->bv_val = cav->cav_ptr;
+ bv->bv_len = count;
+ }
+
+ cav->cav_ptr += bv->bv_len;
+ return LDAP_SUCCESS;
+}
+
+static int
+get_matching_value( Operation *op, ComponentAssertion* ca,
+ ComponentAssertionValue* cav, struct berval* bv,
+ const char** text )
+{
+ if ( !(ca->ca_ma_rule->smr_usage & (SLAP_MR_COMPONENT)) ) {
+ if ( get_GSER_value( cav, bv ) != LDAP_SUCCESS ) {
+ return LDAP_FILTER_ERROR;
+ }
+
+ } else {
+ /* embeded componentFilterMatch Description */
+ bv->bv_val = cav->cav_ptr;
+ bv->bv_len = cav_cur_len( cav );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/* Don't move the position pointer, just peek given string */
+static int
+peek_cav_str( ComponentAssertionValue* cav, char* str )
+{
+ eat_whsp( cav );
+ if ( cav_cur_len( cav ) >= strlen( str ) &&
+ strncmp( cav->cav_ptr, str, strlen( str ) ) == 0 )
+ {
+ return LDAP_SUCCESS;
+ }
+
+ return LDAP_INVALID_SYNTAX;
+}
+
+static int
+strip_cav_str( ComponentAssertionValue* cav, char* str)
+{
+ eat_whsp( cav );
+ if ( cav_cur_len( cav ) >= strlen( str ) &&
+ strncmp( cav->cav_ptr, str, strlen( str ) ) == 0 )
+ {
+ cav->cav_ptr += strlen( str );
+ return LDAP_SUCCESS;
+ }
+
+ return LDAP_INVALID_SYNTAX;
+}
+
+/*
+ * TAG : "item", "and", "or", "not"
+ */
+static ber_tag_t
+strip_cav_tag( ComponentAssertionValue* cav )
+{
+
+ eat_whsp( cav );
+ if ( cav_cur_len( cav ) >= 8 && strncmp( cav->cav_ptr, "item", 4 ) == 0 ) {
+ strip_cav_str( cav , "item:" );
+ return LDAP_COMP_FILTER_ITEM;
+
+ } else if ( cav_cur_len( cav ) >= 7 &&
+ strncmp( cav->cav_ptr, "and", 3 ) == 0 )
+ {
+ strip_cav_str( cav , "and:" );
+ return LDAP_COMP_FILTER_AND;
+
+ } else if ( cav_cur_len( cav ) >= 6 &&
+ strncmp( cav->cav_ptr, "or" , 2 ) == 0 )
+ {
+ strip_cav_str( cav , "or:" );
+ return LDAP_COMP_FILTER_OR;
+
+ } else if ( cav_cur_len( cav ) >= 7 &&
+ strncmp( cav->cav_ptr, "not", 3 ) == 0 )
+ {
+ strip_cav_str( cav , "not:" );
+ return LDAP_COMP_FILTER_NOT;
+ }
+
+ return LBER_ERROR;
+}
+
+/*
+ * when encoding, "item" is denotation of ComponentAssertion
+ * ComponentAssertion :: SEQUENCE {
+ * component ComponentReference (SIZE(1..MAX)) OPTIONAL,
+ * useDefaultValues BOOLEAN DEFAULT TRUE,
+ * rule MATCHING-RULE.&id,
+ * value MATCHING-RULE.&AssertionType }
+ */
+static int
+get_item( Operation *op, ComponentAssertionValue* cav, ComponentAssertion** ca,
+ const char** text )
+{
+ int rc;
+ ComponentAssertion* _ca;
+ struct berval value;
+ MatchingRule* mr;
+
+ Debug( LDAP_DEBUG_FILTER, "get_item \n", 0, 0, 0 );
+ if ( op )
+ _ca = op->o_tmpalloc( sizeof( ComponentAssertion ), op->o_tmpmemctx );
+ else
+ _ca = malloc( sizeof( ComponentAssertion ) );
+
+ if ( !_ca ) return LDAP_NO_MEMORY;
+
+ _ca->ca_comp_data.cd_tree = NULL;
+ _ca->ca_comp_data.cd_mem_op = NULL;
+
+ rc = peek_cav_str( cav, "component" );
+ if ( rc == LDAP_SUCCESS ) {
+ strip_cav_str( cav, "component" );
+ rc = get_component_reference( op, cav, &_ca->ca_comp_ref, text );
+ if ( rc != LDAP_SUCCESS ) {
+ if ( op )
+ op->o_tmpfree( _ca, op->o_tmpmemctx );
+ else
+ free( _ca );
+ return LDAP_INVALID_SYNTAX;
+ }
+ if ( ( rc = strip_cav_str( cav,",") ) != LDAP_SUCCESS )
+ return rc;
+ } else {
+ _ca->ca_comp_ref = NULL;
+ }
+
+ rc = peek_cav_str( cav, "useDefaultValues");
+ if ( rc == LDAP_SUCCESS ) {
+ rc = get_ca_use_default( op, cav, &_ca->ca_use_def, text );
+ if ( rc != LDAP_SUCCESS ) {
+ if ( op )
+ op->o_tmpfree( _ca, op->o_tmpmemctx );
+ else
+ free( _ca );
+ return LDAP_INVALID_SYNTAX;
+ }
+ if ( ( rc = strip_cav_str( cav,",") ) != LDAP_SUCCESS )
+ return rc;
+ }
+ else _ca->ca_use_def = 1;
+
+ if ( !( strip_cav_str( cav, "rule" ) == LDAP_SUCCESS &&
+ get_matching_rule( op, cav , &_ca->ca_ma_rule, text ) == LDAP_SUCCESS )) {
+ if ( op )
+ op->o_tmpfree( _ca, op->o_tmpmemctx );
+ else
+ free( _ca );
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ if ( ( rc = strip_cav_str( cav,",") ) != LDAP_SUCCESS )
+ return rc;
+ if ( !(strip_cav_str( cav, "value" ) == LDAP_SUCCESS &&
+ get_matching_value( op, _ca, cav,&value ,text ) == LDAP_SUCCESS )) {
+ if ( op )
+ op->o_tmpfree( _ca, op->o_tmpmemctx );
+ else
+ free( _ca );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /*
+ * Normalize the value of this component assertion when the matching
+ * rule is one of existing matching rules
+ */
+ mr = _ca->ca_ma_rule;
+ if ( op && !(mr->smr_usage & (SLAP_MR_COMPONENT)) && mr->smr_normalize ) {
+
+ value.bv_val[value.bv_len] = '\0';
+ rc = mr->smr_normalize (
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ NULL, mr,
+ &value, &_ca->ca_ma_value, op->o_tmpmemctx );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+ }
+ else
+ _ca->ca_ma_value = value;
+ /*
+ * Validate the value of this component assertion
+ */
+ if ( op && mr->smr_syntax->ssyn_validate( mr->smr_syntax, &_ca->ca_ma_value) != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+
+ /* componentFilterMatch contains componentFilterMatch in it */
+ if ( strcmp(_ca->ca_ma_rule->smr_mrule.mr_oid, OID_COMP_FILTER_MATCH ) == 0) {
+ struct berval bv;
+ bv.bv_val = cav->cav_ptr;
+ bv.bv_len = cav_cur_len( cav );
+ rc = get_comp_filter( op, &bv,(ComponentFilter**)&_ca->ca_cf, text );
+ if ( rc != LDAP_SUCCESS ) {
+ if ( op )
+ op->o_tmpfree( _ca, op->o_tmpmemctx );
+ else
+ free( _ca );
+ return rc;
+ }
+ cav->cav_ptr = bv.bv_val;
+ assert( cav->cav_end >= bv.bv_val );
+ }
+
+ *ca = _ca;
+ return LDAP_SUCCESS;
+}
+
+static int
+parse_comp_filter( Operation* op, ComponentAssertionValue* cav,
+ ComponentFilter** filt, const char** text )
+{
+ /*
+ * A component filter looks like this coming in:
+ * Filter ::= CHOICE {
+ * item [0] ComponentAssertion,
+ * and [1] SEQUENCE OF ComponentFilter,
+ * or [2] SEQUENCE OF ComponentFilter,
+ * not [3] ComponentFilter,
+ * }
+ */
+
+ ber_tag_t tag;
+ int err;
+ ComponentFilter f;
+ /* TAG : item, and, or, not in RFC 2254 */
+ tag = strip_cav_tag( cav );
+
+ if ( tag == LBER_ERROR ) {
+ *text = "error decoding comp filter";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( tag != LDAP_COMP_FILTER_NOT )
+ strip_cav_str( cav, "{");
+
+ err = LDAP_SUCCESS;
+
+ f.cf_next = NULL;
+ f.cf_choice = tag;
+
+ switch ( f.cf_choice ) {
+ case LDAP_COMP_FILTER_AND:
+ Debug( LDAP_DEBUG_FILTER, "LDAP_COMP_FILTER_AND\n", 0, 0, 0 );
+ err = get_comp_filter_list( op, cav, &f.cf_and, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+ if ( f.cf_and == NULL ) {
+ f.cf_choice = SLAPD_FILTER_COMPUTED;
+ f.cf_result = LDAP_COMPARE_TRUE;
+ }
+ break;
+
+ case LDAP_COMP_FILTER_OR:
+ Debug( LDAP_DEBUG_FILTER, "LDAP_COMP_FILTER_OR\n", 0, 0, 0 );
+ err = get_comp_filter_list( op, cav, &f.cf_or, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+ if ( f.cf_or == NULL ) {
+ f.cf_choice = SLAPD_FILTER_COMPUTED;
+ f.cf_result = LDAP_COMPARE_FALSE;
+ }
+ /* no assert - list could be empty */
+ break;
+
+ case LDAP_COMP_FILTER_NOT:
+ Debug( LDAP_DEBUG_FILTER, "LDAP_COMP_FILTER_NOT\n", 0, 0, 0 );
+ err = parse_comp_filter( op, cav, &f.cf_not, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+
+ assert( f.cf_not != NULL );
+ if ( f.cf_not->cf_choice == SLAPD_FILTER_COMPUTED ) {
+ int fresult = f.cf_not->cf_result;
+ f.cf_choice = SLAPD_FILTER_COMPUTED;
+ op->o_tmpfree( f.cf_not, op->o_tmpmemctx );
+ f.cf_not = NULL;
+
+ switch ( fresult ) {
+ case LDAP_COMPARE_TRUE:
+ f.cf_result = LDAP_COMPARE_FALSE;
+ break;
+ case LDAP_COMPARE_FALSE:
+ f.cf_result = LDAP_COMPARE_TRUE;
+ break;
+ default: ;
+ /* (!Undefined) is Undefined */
+ }
+ }
+ break;
+
+ case LDAP_COMP_FILTER_ITEM:
+ Debug( LDAP_DEBUG_FILTER, "LDAP_COMP_FILTER_ITEM\n", 0, 0, 0 );
+ err = get_item( op, cav, &f.cf_ca, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+
+ assert( f.cf_ca != NULL );
+ break;
+
+ default:
+ f.cf_choice = SLAPD_FILTER_COMPUTED;
+ f.cf_result = SLAPD_COMPARE_UNDEFINED;
+ break;
+ }
+
+ if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
+ *text = "Component Filter Syntax Error";
+ return err;
+ }
+
+ if ( tag != LDAP_COMP_FILTER_NOT )
+ strip_cav_str( cav, "}");
+
+ if ( err == LDAP_SUCCESS ) {
+ if ( op ) {
+ *filt = op->o_tmpalloc( sizeof(f), op->o_tmpmemctx );
+ } else {
+ *filt = malloc( sizeof(f) );
+ }
+ **filt = f;
+ }
+
+ return( err );
+}
+
+static int
+test_comp_filter_and(
+ Syntax *syn,
+ ComponentSyntaxInfo *a,
+ ComponentFilter *flist )
+{
+ ComponentFilter *f;
+ int rtn = LDAP_COMPARE_TRUE;
+
+ for ( f = flist ; f != NULL; f = f->cf_next ) {
+ int rc = test_comp_filter( syn, a, f );
+ if ( rc == LDAP_COMPARE_FALSE ) {
+ rtn = rc;
+ break;
+ }
+
+ if ( rc != LDAP_COMPARE_TRUE ) {
+ rtn = rc;
+ }
+ }
+
+ return rtn;
+}
+
+static int
+test_comp_filter_or(
+ Syntax *syn,
+ ComponentSyntaxInfo *a,
+ ComponentFilter *flist )
+{
+ ComponentFilter *f;
+ int rtn = LDAP_COMPARE_TRUE;
+
+ for ( f = flist ; f != NULL; f = f->cf_next ) {
+ int rc = test_comp_filter( syn, a, f );
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ rtn = rc;
+ break;
+ }
+
+ if ( rc != LDAP_COMPARE_FALSE ) {
+ rtn = rc;
+ }
+ }
+
+ return rtn;
+}
+
+int
+csi_value_match( MatchingRule *mr, struct berval* bv_attr,
+ struct berval* bv_assert )
+{
+ int rc;
+ int match;
+
+ assert( mr != NULL );
+ assert( !(mr->smr_usage & SLAP_MR_COMPONENT) );
+
+ if( !mr->smr_match ) return LDAP_INAPPROPRIATE_MATCHING;
+
+ rc = (mr->smr_match)( &match, 0, NULL /*ad->ad_type->sat_syntax*/,
+ mr, bv_attr, bv_assert );
+
+ if ( rc != LDAP_SUCCESS ) return rc;
+
+ return match ? LDAP_COMPARE_FALSE : LDAP_COMPARE_TRUE;
+}
+
+/*
+ * return codes : LDAP_COMPARE_TRUE, LDAP_COMPARE_FALSE
+ */
+static int
+test_comp_filter_item(
+ Syntax *syn,
+ ComponentSyntaxInfo *csi_attr,
+ ComponentAssertion *ca )
+{
+ int rc;
+ void *attr_nm, *assert_nm;
+
+ if ( strcmp(ca->ca_ma_rule->smr_mrule.mr_oid,
+ OID_COMP_FILTER_MATCH ) == 0 && ca->ca_cf ) {
+ /* componentFilterMatch inside of componentFilterMatch */
+ rc = test_comp_filter( syn, csi_attr, ca->ca_cf );
+ return rc;
+ }
+
+ /* Memory for storing will-be-extracted attribute values */
+ attr_nm = nibble_mem_allocator ( 1024*4 , 1024 );
+ if ( !attr_nm ) return LDAP_PROTOCOL_ERROR;
+
+ /* Memory for storing component assertion values */
+ if( !ca->ca_comp_data.cd_mem_op ) {
+ assert_nm = nibble_mem_allocator ( 256, 64 );
+ if ( !assert_nm ) {
+ nibble_mem_free ( attr_nm );
+ return LDAP_PROTOCOL_ERROR;
+ }
+ ca->ca_comp_data.cd_mem_op = assert_nm;
+
+ } else {
+ assert_nm = ca->ca_comp_data.cd_mem_op;
+ }
+
+ /* component reference initialization */
+ if ( ca->ca_comp_ref ) {
+ ca->ca_comp_ref->cr_curr = ca->ca_comp_ref->cr_list;
+ }
+ rc = test_components( attr_nm, assert_nm, csi_attr, ca );
+
+ /* free memory used for storing extracted attribute value */
+ nibble_mem_free ( attr_nm );
+ return rc;
+}
+
+static int
+test_comp_filter(
+ Syntax *syn,
+ ComponentSyntaxInfo *a,
+ ComponentFilter *f )
+{
+ int rc;
+
+ if ( !f ) return LDAP_PROTOCOL_ERROR;
+
+ Debug( LDAP_DEBUG_FILTER, "test_comp_filter\n", 0, 0, 0 );
+ switch ( f->cf_choice ) {
+ case SLAPD_FILTER_COMPUTED:
+ rc = f->cf_result;
+ break;
+ case LDAP_COMP_FILTER_AND:
+ rc = test_comp_filter_and( syn, a, f->cf_and );
+ break;
+ case LDAP_COMP_FILTER_OR:
+ rc = test_comp_filter_or( syn, a, f->cf_or );
+ break;
+ case LDAP_COMP_FILTER_NOT:
+ rc = test_comp_filter( syn, a, f->cf_not );
+
+ switch ( rc ) {
+ case LDAP_COMPARE_TRUE:
+ rc = LDAP_COMPARE_FALSE;
+ break;
+ case LDAP_COMPARE_FALSE:
+ rc = LDAP_COMPARE_TRUE;
+ break;
+ }
+ break;
+ case LDAP_COMP_FILTER_ITEM:
+ rc = test_comp_filter_item( syn, a, f->cf_ca );
+ break;
+ default:
+ rc = LDAP_PROTOCOL_ERROR;
+ }
+
+ return( rc );
+}
+
+static void
+free_comp_filter_list( ComponentFilter* f )
+{
+ ComponentFilter* tmp;
+ for ( tmp = f; tmp; tmp = tmp->cf_next ) {
+ free_comp_filter( tmp );
+ }
+}
+
+static void
+free_comp_filter( ComponentFilter* f )
+{
+ if ( !f ) {
+ Debug( LDAP_DEBUG_FILTER,
+ "free_comp_filter: Invalid filter so failed to release memory\n",
+ 0, 0, 0 );
+ return;
+ }
+ switch ( f->cf_choice ) {
+ case LDAP_COMP_FILTER_AND:
+ case LDAP_COMP_FILTER_OR:
+ free_comp_filter_list( f->cf_any );
+ break;
+ case LDAP_COMP_FILTER_NOT:
+ free_comp_filter( f->cf_any );
+ break;
+ case LDAP_COMP_FILTER_ITEM:
+ if ( nibble_mem_free && f->cf_ca->ca_comp_data.cd_mem_op ) {
+ nibble_mem_free( f->cf_ca->ca_comp_data.cd_mem_op );
+ }
+ break;
+ default:
+ break;
+ }
+}
+
+void
+component_free( ComponentFilter *f ) {
+ free_comp_filter( f );
+}
+
+void
+free_ComponentData( Attribute *a ) {
+ if ( a->a_comp_data->cd_mem_op )
+ component_destructor( a->a_comp_data->cd_mem_op );
+ free ( a->a_comp_data );
+ a->a_comp_data = NULL;
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/servers/slapd/component.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/component.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/component.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,76 @@
+/* component.h */
+/* $OpenLDAP: pkg/ldap/servers/slapd/component.h,v 1.1.2.4 2007/01/02 21:43:55 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004 by IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef _H_SLAPD_COMPONENT
+#define _H_SLAPD_COMPONENT
+
+#include "portable.h"
+
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ldap_pvt.h>
+#include "lutil.h"
+#include <ldap.h>
+#include "slap.h"
+
+typedef enum { ASN_BASIC, ASN_COMPOSITE } AsnType;
+/*
+ * Decoder Modes
+ * Different operation is required to handle Decoding(2), Extracted Component
+ * decoding(0), ANY DEFINED TYPe(2)
+ * b0 : Component Alloc(yes)
+ * Constructed type : Component Alloc (Yes)
+ * Primitive type : Component Alloc (Yes)
+ * set to mode 2 in inner decoders
+ * b1 : Component Alloc (No)
+ * Constructed type : Component Alloc (No)
+ * Primitive type : Component Alloc (No)
+ * set to mode 2 in inner decoders
+ * b2 : Default Mode
+ * Constructed type : Component Alloc (Yes)
+ * Primitive type : Component Alloc (No)
+ * in addition to above modes, the 4th bit has special meaning,
+ * b4 : if the 4th bit is clear, DecxxxContent is called
+ * b4 : if the 4th bit is set, Decxxx is called, then it is cleared.
+ */
+#define DEC_ALLOC_MODE_0 0x01
+#define DEC_ALLOC_MODE_1 0x02
+#define DEC_ALLOC_MODE_2 0x04
+#define CALL_TAG_DECODER 0x08
+#define CALL_CONTENT_DECODER ~0x08
+/*
+ * For Attribute Aliasing
+ */
+#define MAX_ALIASING_ENTRY 128
+typedef struct comp_attribute_aliasing {
+ AttributeDescription* aa_aliasing_ad;
+ AttributeDescription* aa_aliased_ad;
+ ComponentFilter* aa_cf;
+ MatchingRule* aa_mr;
+ char* aa_cf_str;
+} AttributeAliasing;
+
+typedef struct comp_matchingrule_aliasing {
+ MatchingRule* mra_aliasing_attr;
+ MatchingRule* mra_aliased_attr;
+ AttributeDescription* mra_attr;
+ ComponentFilter* mra_cf;
+ MatchingRule* mra_mr;
+ char* mra_cf_str;
+} MatchingRuleAliasing;
+
+#endif
Added: openldap/vendor/openldap-2.3.35/servers/slapd/config.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/config.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/config.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1532 @@
+/* config.c - configuration file handling routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/config.c,v 1.341.2.25 2007/02/08 12:31:24 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/signal.h>
+#include <ac/socket.h>
+#include <ac/errno.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "slap.h"
+#ifdef LDAP_SLAPI
+#include "slapi/slapi.h"
+#endif
+#include "lutil.h"
+#include "config.h"
+
+#define ARGS_STEP 512
+
+/*
+ * defaults for various global variables
+ */
+slap_mask_t global_allows = 0;
+slap_mask_t global_disallows = 0;
+int global_gentlehup = 0;
+int global_idletimeout = 0;
+char *global_host = NULL;
+char *global_realm = NULL;
+char *ldap_srvtab = "";
+char **default_passwd_hash = NULL;
+struct berval default_search_base = BER_BVNULL;
+struct berval default_search_nbase = BER_BVNULL;
+
+ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
+ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
+
+int slap_conn_max_pending = SLAP_CONN_MAX_PENDING_DEFAULT;
+int slap_conn_max_pending_auth = SLAP_CONN_MAX_PENDING_AUTH;
+
+char *slapd_pid_file = NULL;
+char *slapd_args_file = NULL;
+
+int use_reverse_lookup = 0;
+
+#ifdef LDAP_SLAPI
+int slapi_plugins_used = 0;
+#endif
+
+static int fp_getline(FILE *fp, ConfigArgs *c);
+static void fp_getline_init(ConfigArgs *c);
+static int fp_parse_line(ConfigArgs *c);
+
+static char *strtok_quote(char *line, char *sep, char **quote_ptr);
+static char *strtok_quote_ldif(char **line);
+
+ConfigArgs *
+new_config_args( BackendDB *be, const char *fname, int lineno, int argc, char **argv )
+{
+ ConfigArgs *c;
+ c = ch_calloc( 1, sizeof( ConfigArgs ) );
+ if ( c == NULL ) return(NULL);
+ c->be = be;
+ c->fname = fname;
+ c->argc = argc;
+ c->argv = argv;
+ c->lineno = lineno;
+ snprintf( c->log, sizeof( c->log ), "%s: line %d", fname, lineno );
+ return(c);
+}
+
+void
+init_config_argv( ConfigArgs *c )
+{
+ c->argv = ch_calloc( ARGS_STEP + 1, sizeof( *c->argv ) );
+ c->argv_size = ARGS_STEP + 1;
+}
+
+ConfigTable *config_find_keyword(ConfigTable *Conf, ConfigArgs *c) {
+ int i;
+
+ for(i = 0; Conf[i].name; i++)
+ if( (Conf[i].length && (!strncasecmp(c->argv[0], Conf[i].name, Conf[i].length))) ||
+ (!strcasecmp(c->argv[0], Conf[i].name)) ) break;
+ if ( !Conf[i].name ) return NULL;
+ return Conf+i;
+}
+
+int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) {
+ int rc, arg_user, arg_type, iarg;
+ long larg;
+ ber_len_t barg;
+
+ arg_type = Conf->arg_type;
+ if(arg_type == ARG_IGNORED) {
+ Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> ignored\n",
+ c->log, Conf->name, 0);
+ return(0);
+ }
+ if((arg_type & ARG_DN) && c->argc == 1) {
+ c->argc = 2;
+ c->argv[1] = "";
+ }
+ if(Conf->min_args && (c->argc < Conf->min_args)) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> missing <%s> argument",
+ c->argv[0], Conf->what );
+ Debug(LDAP_DEBUG_CONFIG, "%s: keyword %s\n", c->log, c->msg, 0 );
+ return(ARG_BAD_CONF);
+ }
+ if(Conf->max_args && (c->argc > Conf->max_args)) {
+ char *ignored = " ignored";
+
+ snprintf( c->msg, sizeof( c->msg ), "<%s> extra cruft after <%s>",
+ c->argv[0], Conf->what );
+
+#ifdef LDAP_DEVEL
+ ignored = "";
+#endif /* LDAP_DEVEL */
+ Debug(LDAP_DEBUG_CONFIG, "%s: %s%s.\n",
+ c->log, c->msg, ignored );
+#ifdef LDAP_DEVEL
+ return(ARG_BAD_CONF);
+#endif /* LDAP_DEVEL */
+ }
+ if((arg_type & ARG_DB) && !c->be) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> only allowed within database declaration",
+ c->argv[0] );
+ Debug(LDAP_DEBUG_CONFIG, "%s: keyword %s\n",
+ c->log, c->msg, 0);
+ return(ARG_BAD_CONF);
+ }
+ if((arg_type & ARG_PRE_BI) && c->bi) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> must occur before any backend %sdeclaration",
+ c->argv[0], (arg_type & ARG_PRE_DB) ? "or database " : "" );
+ Debug(LDAP_DEBUG_CONFIG, "%s: keyword %s\n",
+ c->log, c->msg, 0 );
+ return(ARG_BAD_CONF);
+ }
+ if((arg_type & ARG_PRE_DB) && c->be && c->be != frontendDB) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> must occur before any database declaration",
+ c->argv[0] );
+ Debug(LDAP_DEBUG_CONFIG, "%s: keyword %s\n",
+ c->log, c->msg, 0);
+ return(ARG_BAD_CONF);
+ }
+ if((arg_type & ARG_PAREN) && *c->argv[1] != '(' /*')'*/) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> old format not supported", c->argv[0] );
+ Debug(LDAP_DEBUG_CONFIG, "%s: %s\n",
+ c->log, c->msg, 0);
+ return(ARG_BAD_CONF);
+ }
+ if((arg_type & ARGS_POINTER) && !Conf->arg_item && !(arg_type & ARG_OFFSET)) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> invalid config_table, arg_item is NULL",
+ c->argv[0] );
+ Debug(LDAP_DEBUG_CONFIG, "%s: %s\n",
+ c->log, c->msg, 0);
+ return(ARG_BAD_CONF);
+ }
+ c->type = arg_user = (arg_type & ARGS_USERLAND);
+ memset(&c->values, 0, sizeof(c->values));
+ if(arg_type & ARGS_NUMERIC) {
+ int j;
+ iarg = 0; larg = 0; barg = 0;
+ switch(arg_type & ARGS_NUMERIC) {
+ case ARG_INT:
+ if ( lutil_atoix( &iarg, c->argv[1], 0 ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "<%s> unable to parse \"%s\" as int",
+ c->argv[0], c->argv[1] );
+ Debug(LDAP_DEBUG_CONFIG, "%s: %s\n",
+ c->log, c->msg, 0);
+ return(ARG_BAD_CONF);
+ }
+ break;
+ case ARG_LONG:
+ if ( lutil_atolx( &larg, c->argv[1], 0 ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "<%s> unable to parse \"%s\" as long",
+ c->argv[0], c->argv[1] );
+ Debug(LDAP_DEBUG_CONFIG, "%s: %s\n",
+ c->log, c->msg, 0);
+ return(ARG_BAD_CONF);
+ }
+ break;
+ case ARG_BER_LEN_T: {
+ unsigned long l;
+ if ( lutil_atoulx( &l, c->argv[1], 0 ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "<%s> unable to parse \"%s\" as ber_len_t",
+ c->argv[0], c->argv[1] );
+ Debug(LDAP_DEBUG_CONFIG, "%s: %s\n",
+ c->log, c->msg, 0);
+ return(ARG_BAD_CONF);
+ }
+ barg = (ber_len_t)l;
+ } break;
+ case ARG_ON_OFF:
+ if (c->argc == 1) {
+ iarg = 1;
+ } else if ( !strcasecmp(c->argv[1], "on") ||
+ !strcasecmp(c->argv[1], "true") ||
+ !strcasecmp(c->argv[1], "yes") )
+ {
+ iarg = 1;
+ } else if ( !strcasecmp(c->argv[1], "off") ||
+ !strcasecmp(c->argv[1], "false") ||
+ !strcasecmp(c->argv[1], "no") )
+ {
+ iarg = 0;
+ } else {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value, ignored",
+ c->argv[0] );
+ Debug(LDAP_DEBUG_CONFIG, "%s: %s\n",
+ c->log, c->msg, 0 );
+ return(0);
+ }
+ break;
+ }
+ j = (arg_type & ARG_NONZERO) ? 1 : 0;
+ if(iarg < j && larg < j && barg < j ) {
+ larg = larg ? larg : (barg ? barg : iarg);
+ snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value, ignored",
+ c->argv[0] );
+ Debug(LDAP_DEBUG_CONFIG, "%s: %s\n",
+ c->log, c->msg, 0 );
+ return(ARG_BAD_CONF);
+ }
+ switch(arg_type & ARGS_NUMERIC) {
+ case ARG_ON_OFF:
+ case ARG_INT: c->value_int = iarg; break;
+ case ARG_LONG: c->value_long = larg; break;
+ case ARG_BER_LEN_T: c->value_ber_t = barg; break;
+ }
+ } else if(arg_type & ARG_STRING) {
+ if ( !check_only )
+ c->value_string = ch_strdup(c->argv[1]);
+ } else if(arg_type & ARG_BERVAL) {
+ if ( !check_only )
+ ber_str2bv( c->argv[1], 0, 1, &c->value_bv );
+ } else if(arg_type & ARG_DN) {
+ struct berval bv;
+ ber_str2bv( c->argv[1], 0, 0, &bv );
+ rc = dnPrettyNormal( NULL, &bv, &c->value_dn, &c->value_ndn, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> invalid DN %d (%s)",
+ c->argv[0], rc, ldap_err2string( rc ));
+ Debug(LDAP_DEBUG_CONFIG, "%s: %s\n" , c->log, c->msg, 0);
+ return(ARG_BAD_CONF);
+ }
+ if ( check_only ) {
+ ch_free( c->value_ndn.bv_val );
+ ch_free( c->value_dn.bv_val );
+ }
+ }
+ return 0;
+}
+
+int config_set_vals(ConfigTable *Conf, ConfigArgs *c) {
+ int rc, arg_type;
+ void *ptr = NULL;
+
+ arg_type = Conf->arg_type;
+ if(arg_type & ARG_MAGIC) {
+ if(!c->be) c->be = frontendDB;
+ c->msg[0] = '\0';
+ rc = (*((ConfigDriver*)Conf->arg_item))(c);
+#if 0
+ if(c->be == frontendDB) c->be = NULL;
+#endif
+ if(rc) {
+ if ( !c->msg[0] ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> handler exited with %d",
+ c->argv[0], rc );
+ Debug(LDAP_DEBUG_CONFIG, "%s: %s!\n",
+ c->log, c->msg, 0 );
+ }
+ return(ARG_BAD_CONF);
+ }
+ return(0);
+ }
+ if(arg_type & ARG_OFFSET) {
+ if (c->be && (!overlay_is_over(c->be) ||
+ ((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi))
+ ptr = c->be->be_private;
+ else if (c->bi)
+ ptr = c->bi->bi_private;
+ else {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> offset is missing base pointer",
+ c->argv[0] );
+ Debug(LDAP_DEBUG_CONFIG, "%s: %s!\n",
+ c->log, c->msg, 0);
+ return(ARG_BAD_CONF);
+ }
+ ptr = (void *)((char *)ptr + (long)Conf->arg_item);
+ } else if (arg_type & ARGS_POINTER) {
+ ptr = Conf->arg_item;
+ }
+ if(arg_type & ARGS_POINTER)
+ switch(arg_type & ARGS_POINTER) {
+ case ARG_ON_OFF:
+ case ARG_INT: *(int*)ptr = c->value_int; break;
+ case ARG_LONG: *(long*)ptr = c->value_long; break;
+ case ARG_BER_LEN_T: *(ber_len_t*)ptr = c->value_ber_t; break;
+ case ARG_STRING: {
+ char *cc = *(char**)ptr;
+ if(cc) {
+ if ((arg_type & ARG_UNIQUE) && c->op == SLAP_CONFIG_ADD ) {
+ Debug(LDAP_DEBUG_CONFIG, "%s: already set %s!\n",
+ c->log, Conf->name, 0 );
+ return(ARG_BAD_CONF);
+ }
+ ch_free(cc);
+ }
+ *(char **)ptr = c->value_string;
+ break;
+ }
+ case ARG_BERVAL:
+ *(struct berval *)ptr = c->value_bv;
+ break;
+ }
+ return(0);
+}
+
+int config_add_vals(ConfigTable *Conf, ConfigArgs *c) {
+ int rc, arg_type;
+
+ arg_type = Conf->arg_type;
+ if(arg_type == ARG_IGNORED) {
+ Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> ignored\n",
+ c->log, Conf->name, 0);
+ return(0);
+ }
+ rc = config_check_vals( Conf, c, 0 );
+ if ( rc ) return rc;
+ return config_set_vals( Conf, c );
+}
+
+int
+config_del_vals(ConfigTable *cf, ConfigArgs *c)
+{
+ int rc = 0;
+
+ /* If there is no handler, just ignore it */
+ if ( cf->arg_type & ARG_MAGIC ) {
+ c->op = LDAP_MOD_DELETE;
+ c->type = cf->arg_type & ARGS_USERLAND;
+ rc = (*((ConfigDriver*)cf->arg_item))(c);
+ }
+ return rc;
+}
+
+int
+config_get_vals(ConfigTable *cf, ConfigArgs *c)
+{
+ int rc = 0;
+ struct berval bv;
+ void *ptr;
+
+ if ( cf->arg_type & ARG_IGNORED ) {
+ return 1;
+ }
+
+ memset(&c->values, 0, sizeof(c->values));
+ c->rvalue_vals = NULL;
+ c->rvalue_nvals = NULL;
+ c->op = SLAP_CONFIG_EMIT;
+ c->type = cf->arg_type & ARGS_USERLAND;
+
+ if ( cf->arg_type & ARG_MAGIC ) {
+ rc = (*((ConfigDriver*)cf->arg_item))(c);
+ if ( rc ) return rc;
+ } else {
+ if ( cf->arg_type & ARG_OFFSET ) {
+ if (c->be && (!overlay_is_over(c->be) ||
+ ((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi))
+ ptr = c->be->be_private;
+ else if ( c->bi )
+ ptr = c->bi->bi_private;
+ else
+ return 1;
+ ptr = (void *)((char *)ptr + (long)cf->arg_item);
+ } else {
+ ptr = cf->arg_item;
+ }
+
+ switch(cf->arg_type & ARGS_POINTER) {
+ case ARG_ON_OFF:
+ case ARG_INT: c->value_int = *(int *)ptr; break;
+ case ARG_LONG: c->value_long = *(long *)ptr; break;
+ case ARG_BER_LEN_T: c->value_ber_t = *(ber_len_t *)ptr; break;
+ case ARG_STRING:
+ if ( *(char **)ptr )
+ c->value_string = ch_strdup(*(char **)ptr);
+ break;
+ case ARG_BERVAL:
+ ber_dupbv( &c->value_bv, (struct berval *)ptr ); break;
+ }
+ }
+ if ( cf->arg_type & ARGS_POINTER) {
+ bv.bv_val = c->log;
+ switch(cf->arg_type & ARGS_POINTER) {
+ case ARG_INT: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%d", c->value_int); break;
+ case ARG_LONG: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%ld", c->value_long); break;
+ case ARG_BER_LEN_T: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%ld", c->value_ber_t); break;
+ case ARG_ON_OFF: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%s",
+ c->value_int ? "TRUE" : "FALSE"); break;
+ case ARG_STRING:
+ if ( c->value_string && c->value_string[0]) {
+ ber_str2bv( c->value_string, 0, 0, &bv);
+ } else {
+ return 1;
+ }
+ break;
+ case ARG_BERVAL:
+ if ( !BER_BVISEMPTY( &c->value_bv )) {
+ bv = c->value_bv;
+ } else {
+ return 1;
+ }
+ break;
+ }
+ if (bv.bv_val == c->log && bv.bv_len >= sizeof( c->log ) ) {
+ return 1;
+ }
+ if (( cf->arg_type & ARGS_POINTER ) == ARG_STRING )
+ ber_bvarray_add(&c->rvalue_vals, &bv);
+ else
+ value_add_one(&c->rvalue_vals, &bv);
+ }
+ return rc;
+}
+
+int
+init_config_attrs(ConfigTable *ct) {
+ LDAPAttributeType *at;
+ int i, code;
+ const char *err;
+
+ for (i=0; ct[i].name; i++ ) {
+ int freeit = 0;
+
+ if ( !ct[i].attribute ) continue;
+ at = ldap_str2attributetype( ct[i].attribute,
+ &code, &err, LDAP_SCHEMA_ALLOW_ALL );
+ if ( !at ) {
+ fprintf( stderr, "init_config_attrs: AttributeType \"%s\": %s, %s\n",
+ ct[i].attribute, ldap_scherr2str(code), err );
+ return code;
+ }
+
+ code = at_add( at, 0, NULL, &err );
+ if ( code ) {
+ if ( code == SLAP_SCHERR_ATTR_DUP ) {
+ freeit = 1;
+
+ } else {
+ ldap_attributetype_free( at );
+ fprintf( stderr, "init_config_attrs: AttributeType \"%s\": %s, %s\n",
+ ct[i].attribute, scherr2str(code), err );
+ return code;
+ }
+ }
+ code = slap_str2ad( at->at_names[0], &ct[i].ad, &err );
+ if ( freeit ) {
+ ldap_attributetype_free( at );
+ } else {
+ ldap_memfree( at );
+ }
+ if ( code ) {
+ fprintf( stderr, "init_config_attrs: AttributeType \"%s\": %s\n",
+ ct[i].attribute, err );
+ return code;
+ }
+ }
+
+ return 0;
+}
+
+int
+init_config_ocs( ConfigOCs *ocs ) {
+ int i;
+
+ for (i=0;ocs[i].co_def;i++) {
+ LDAPObjectClass *oc;
+ int code;
+ const char *err;
+
+ oc = ldap_str2objectclass( ocs[i].co_def, &code, &err,
+ LDAP_SCHEMA_ALLOW_ALL );
+ if ( !oc ) {
+ fprintf( stderr, "init_config_ocs: objectclass \"%s\": %s, %s\n",
+ ocs[i].co_def, ldap_scherr2str(code), err );
+ return code;
+ }
+ code = oc_add(oc,0,NULL,&err);
+ if ( code && code != SLAP_SCHERR_CLASS_DUP ) {
+ fprintf( stderr, "init_config_ocs: objectclass \"%s\": %s, %s\n",
+ ocs[i].co_def, scherr2str(code), err );
+ return code;
+ }
+ ocs[i].co_oc = oc_find(oc->oc_names[0]);
+ ldap_memfree(oc);
+ }
+ return 0;
+}
+
+/* Split an LDIF line into space-separated tokens. Words may be grouped
+ * by quotes. A quoted string may begin in the middle of a word, but must
+ * end at the end of the word (be followed by whitespace or EOS). Any other
+ * quotes are passed through unchanged. All other characters are passed
+ * through unchanged.
+ */
+static char *
+strtok_quote_ldif( char **line )
+{
+ char *beg, *ptr, *quote=NULL;
+ int inquote=0;
+
+ ptr = *line;
+
+ if ( !ptr || !*ptr )
+ return NULL;
+
+ while( isspace( *ptr )) ptr++;
+
+ if ( *ptr == '"' ) {
+ inquote = 1;
+ ptr++;
+ }
+
+ beg = ptr;
+
+ for (;*ptr;ptr++) {
+ if ( *ptr == '"' ) {
+ if ( inquote && ( !ptr[1] || isspace(ptr[1]))) {
+ *ptr++ = '\0';
+ break;
+ }
+ inquote = 1;
+ quote = ptr;
+ continue;
+ }
+ if ( inquote )
+ continue;
+ if ( isspace( *ptr )) {
+ *ptr++ = '\0';
+ break;
+ }
+ }
+ if ( quote ) {
+ while ( quote < ptr ) {
+ *quote = quote[1];
+ quote++;
+ }
+ }
+ if ( !*ptr ) {
+ *line = NULL;
+ } else {
+ while ( isspace( *ptr )) ptr++;
+ *line = ptr;
+ }
+ return beg;
+}
+
+static void
+config_parse_ldif( ConfigArgs *c )
+{
+ char *next;
+ c->tline = ch_strdup(c->line);
+ next = c->tline;
+
+ while ((c->argv[c->argc] = strtok_quote_ldif( &next )) != NULL) {
+ c->argc++;
+ if ( c->argc >= c->argv_size ) {
+ char **tmp = ch_realloc( c->argv, (c->argv_size + ARGS_STEP) *
+ sizeof( *c->argv ));
+ c->argv = tmp;
+ c->argv_size += ARGS_STEP;
+ }
+ }
+ c->argv[c->argc] = NULL;
+}
+
+int
+config_parse_vals(ConfigTable *ct, ConfigArgs *c, int valx)
+{
+ int rc = 0;
+
+ snprintf( c->log, sizeof( c->log ), "%s: value #%d",
+ ct->ad->ad_cname.bv_val, valx );
+ c->argc = 1;
+ c->argv[0] = ct->ad->ad_cname.bv_val;
+
+ if ( ( ct->arg_type & ARG_QUOTE ) && c->line[ 0 ] != '"' ) {
+ c->argv[c->argc] = c->line;
+ c->argc++;
+ c->argv[c->argc] = NULL;
+ c->tline = NULL;
+ } else {
+ config_parse_ldif( c );
+ }
+ rc = config_check_vals( ct, c, 1 );
+ ch_free( c->tline );
+ c->tline = NULL;
+
+ if ( rc )
+ rc = LDAP_CONSTRAINT_VIOLATION;
+
+ return rc;
+}
+
+int
+config_parse_add(ConfigTable *ct, ConfigArgs *c)
+{
+ int rc = 0;
+
+ snprintf( c->log, sizeof( c->log ), "%s: value #%d",
+ ct->ad->ad_cname.bv_val, c->valx );
+ c->argc = 1;
+ c->argv[0] = ct->ad->ad_cname.bv_val;
+
+ if ( ( ct->arg_type & ARG_QUOTE ) && c->line[ 0 ] != '"' ) {
+ c->argv[c->argc] = c->line;
+ c->argc++;
+ c->argv[c->argc] = NULL;
+ c->tline = NULL;
+ } else {
+ config_parse_ldif( c );
+ }
+ c->op = LDAP_MOD_ADD;
+ rc = config_add_vals( ct, c );
+ ch_free( c->tline );
+
+ return rc;
+}
+
+int
+read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft)
+{
+ FILE *fp;
+ ConfigTable *ct;
+ ConfigArgs *c;
+ int rc;
+ struct stat s;
+
+ c = ch_calloc( 1, sizeof( ConfigArgs ) );
+ if ( c == NULL ) {
+ return 1;
+ }
+
+ if ( depth ) {
+ memcpy( c, cf, sizeof( ConfigArgs ) );
+ } else {
+ c->depth = depth; /* XXX */
+ c->bi = NULL;
+ c->be = NULL;
+ }
+
+ c->valx = -1;
+ c->fname = fname;
+ init_config_argv( c );
+
+ if ( stat( fname, &s ) != 0 ) {
+ ldap_syslog = 1;
+ Debug(LDAP_DEBUG_ANY,
+ "could not stat config file \"%s\": %s (%d)\n",
+ fname, strerror(errno), errno);
+ return(1);
+ }
+
+ if ( !S_ISREG( s.st_mode ) ) {
+ ldap_syslog = 1;
+ Debug(LDAP_DEBUG_ANY,
+ "regular file expected, got \"%s\"\n",
+ fname, 0, 0 );
+ return(1);
+ }
+
+ fp = fopen( fname, "r" );
+ if ( fp == NULL ) {
+ ldap_syslog = 1;
+ Debug(LDAP_DEBUG_ANY,
+ "could not open config file \"%s\": %s (%d)\n",
+ fname, strerror(errno), errno);
+ return(1);
+ }
+
+ Debug(LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0);
+
+ fp_getline_init(c);
+
+ c->tline = NULL;
+
+ while ( fp_getline( fp, c ) ) {
+ /* skip comments and blank lines */
+ if ( c->line[0] == '#' || c->line[0] == '\0' ) {
+ continue;
+ }
+
+ snprintf( c->log, sizeof( c->log ), "%s: line %d",
+ c->fname, c->lineno );
+
+ c->argc = 0;
+ ch_free( c->tline );
+ if ( fp_parse_line( c ) ) {
+ rc = 1;
+ goto done;
+ }
+
+ if ( c->argc < 1 ) {
+ Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: bad config line"
+ SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ c->log, 0, 0);
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ rc = 1;
+ goto done;
+#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
+ continue;
+#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
+ }
+
+ c->op = SLAP_CONFIG_ADD;
+
+ ct = config_find_keyword( cft, c );
+ if ( ct ) {
+ rc = config_add_vals( ct, c );
+ if ( !rc ) continue;
+
+ if ( rc & ARGS_USERLAND ) {
+ /* XXX a usertype would be opaque here */
+ Debug(LDAP_DEBUG_CONFIG, "%s: unknown user type <%s>\n",
+ c->log, c->argv[0], 0);
+ rc = 1;
+ goto done;
+
+ } else if ( rc == ARG_BAD_CONF ) {
+ rc = 1;
+ goto done;
+ }
+
+ } else if ( c->bi && !c->be ) {
+ rc = SLAP_CONF_UNKNOWN;
+ if ( c->bi->bi_cf_ocs ) {
+ ct = config_find_keyword( c->bi->bi_cf_ocs->co_table, c );
+ if ( ct ) {
+ rc = config_add_vals( ct, c );
+ }
+ }
+ if ( c->bi->bi_config && rc == SLAP_CONF_UNKNOWN ) {
+ rc = (*c->bi->bi_config)(c->bi, c->fname, c->lineno,
+ c->argc, c->argv);
+ }
+ if ( rc ) {
+ switch(rc) {
+ case SLAP_CONF_UNKNOWN:
+ Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
+ "unknown directive <%s> inside backend info definition"
+ SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ c->log, *c->argv, 0);
+#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
+ continue;
+#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
+ default:
+ rc = 1;
+ goto done;
+ }
+ }
+
+ } else if ( c->be ) {
+ rc = SLAP_CONF_UNKNOWN;
+ if ( c->be->be_cf_ocs ) {
+ ct = config_find_keyword( c->be->be_cf_ocs->co_table, c );
+ if ( ct ) {
+ rc = config_add_vals( ct, c );
+ }
+ }
+ if ( c->be->be_config && rc == SLAP_CONF_UNKNOWN ) {
+ rc = (*c->be->be_config)(c->be, c->fname, c->lineno,
+ c->argc, c->argv);
+ }
+ if ( rc ) {
+ switch(rc) {
+ case SLAP_CONF_UNKNOWN:
+ Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
+ "unknown directive <%s> inside backend database "
+ "definition" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ c->log, *c->argv, 0);
+#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
+ continue;
+#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
+ default:
+ rc = 1;
+ goto done;
+ }
+ }
+
+ } else if ( frontendDB->be_config ) {
+ rc = (*frontendDB->be_config)(frontendDB, c->fname, (int)c->lineno, c->argc, c->argv);
+ if ( rc ) {
+ switch(rc) {
+ case SLAP_CONF_UNKNOWN:
+ Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
+ "unknown directive <%s> inside global database definition"
+ SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ c->log, *c->argv, 0);
+#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
+ continue;
+#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
+ default:
+ rc = 1;
+ goto done;
+ }
+ }
+
+ } else {
+ Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
+ "unknown directive <%s> outside backend info and database definitions"
+ SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ c->log, *c->argv, 0);
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+ rc = 1;
+ goto done;
+#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
+ continue;
+#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
+ }
+ }
+
+ rc = 0;
+
+done:
+ ch_free(c->tline);
+ fclose(fp);
+ ch_free(c->argv);
+ ch_free(c);
+ return(rc);
+}
+
+/* restrictops, allows, disallows, requires, loglevel */
+
+int
+verb_to_mask(const char *word, slap_verbmasks *v) {
+ int i;
+ for(i = 0; !BER_BVISNULL(&v[i].word); i++)
+ if(!strcasecmp(word, v[i].word.bv_val))
+ break;
+ return(i);
+}
+
+int
+verbs_to_mask(int argc, char *argv[], slap_verbmasks *v, slap_mask_t *m) {
+ int i, j;
+ for(i = 1; i < argc; i++) {
+ j = verb_to_mask(argv[i], v);
+ if(BER_BVISNULL(&v[j].word)) return i;
+ while (!v[j].mask) j--;
+ *m |= v[j].mask;
+ }
+ return(0);
+}
+
+/* Mask keywords that represent multiple bits should occur before single
+ * bit keywords in the verbmasks array.
+ */
+int
+mask_to_verbs(slap_verbmasks *v, slap_mask_t m, BerVarray *bva) {
+ int i, rc = 1;
+
+ if (m) {
+ for (i=0; !BER_BVISNULL(&v[i].word); i++) {
+ if (!v[i].mask) continue;
+ if (( m & v[i].mask ) == v[i].mask ) {
+ value_add_one( bva, &v[i].word );
+ rc = 0;
+ m ^= v[i].mask;
+ if ( !m ) break;
+ }
+ }
+ }
+ return rc;
+}
+
+int
+slap_verbmasks_init( slap_verbmasks **vp, slap_verbmasks *v )
+{
+ int i;
+
+ assert( *vp == NULL );
+
+ for ( i = 0; !BER_BVISNULL( &v[ i ].word ); i++ )
+ ;
+
+ *vp = ch_calloc( i + 1, sizeof( slap_verbmasks ) );
+
+ for ( i = 0; !BER_BVISNULL( &v[ i ].word ); i++ ) {
+ ber_dupbv( &(*vp)[ i ].word, &v[ i ].word );
+ *((slap_mask_t *)&(*vp)[ i ].mask) = v[ i ].mask;
+ }
+
+ BER_BVZERO( &(*vp)[ i ].word );
+
+ return 0;
+}
+
+int
+slap_verbmasks_destroy( slap_verbmasks *v )
+{
+ int i;
+
+ assert( v != NULL );
+
+ for ( i = 0; !BER_BVISNULL( &v[ i ].word ); i++ ) {
+ ch_free( v[ i ].word.bv_val );
+ }
+
+ ch_free( v );
+
+ return 0;
+}
+
+int
+slap_verbmasks_append(
+ slap_verbmasks **vp,
+ slap_mask_t m,
+ struct berval *v,
+ slap_mask_t *ignore )
+{
+ int i;
+
+ if ( !m ) {
+ return LDAP_OPERATIONS_ERROR;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &(*vp)[ i ].word ); i++ ) {
+ if ( !(*vp)[ i ].mask ) continue;
+
+ if ( ignore != NULL ) {
+ int j;
+
+ for ( j = 0; ignore[ j ] != 0; j++ ) {
+ if ( (*vp)[ i ].mask == ignore[ j ] ) {
+ goto check_next;
+ }
+ }
+ }
+
+ if ( ( m & (*vp)[ i ].mask ) == (*vp)[ i ].mask ) {
+ if ( ber_bvstrcasecmp( v, &(*vp)[ i ].word ) == 0 ) {
+ /* already set; ignore */
+ return LDAP_SUCCESS;
+ }
+ /* conflicts */
+ return LDAP_TYPE_OR_VALUE_EXISTS;
+ }
+
+ if ( m & (*vp)[ i ].mask ) {
+ /* conflicts */
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+check_next:;
+ }
+
+ *vp = ch_realloc( *vp, sizeof( slap_verbmasks ) * ( i + 2 ) );
+ ber_dupbv( &(*vp)[ i ].word, v );
+ *((slap_mask_t *)&(*vp)[ i ].mask) = m;
+ BER_BVZERO( &(*vp)[ i + 1 ].word );
+
+ return LDAP_SUCCESS;
+}
+
+int
+enum_to_verb(slap_verbmasks *v, slap_mask_t m, struct berval *bv) {
+ int i;
+
+ for (i=0; !BER_BVISNULL(&v[i].word); i++) {
+ if ( m == v[i].mask ) {
+ if ( bv != NULL ) {
+ *bv = v[i].word;
+ }
+ return i;
+ }
+ }
+ return -1;
+}
+
+static slap_verbmasks tlskey[] = {
+ { BER_BVC("no"), SB_TLS_OFF },
+ { BER_BVC("yes"), SB_TLS_ON },
+ { BER_BVC("critical"), SB_TLS_CRITICAL },
+ { BER_BVNULL, 0 }
+};
+
+static slap_verbmasks methkey[] = {
+ { BER_BVC("none"), LDAP_AUTH_NONE },
+ { BER_BVC("simple"), LDAP_AUTH_SIMPLE },
+#ifdef HAVE_CYRUS_SASL
+ { BER_BVC("sasl"), LDAP_AUTH_SASL },
+#endif
+ { BER_BVNULL, 0 }
+};
+
+static slap_cf_aux_table bindkey[] = {
+ { BER_BVC("uri="), offsetof(slap_bindconf, sb_uri), 'b', 1, NULL },
+ { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey },
+ { BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'i', 0, methkey },
+ { BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 'b', 1, dnNormalize },
+ { BER_BVC("credentials="), offsetof(slap_bindconf, sb_cred), 'b', 1, NULL },
+ { BER_BVC("saslmech="), offsetof(slap_bindconf, sb_saslmech), 'b', 0, NULL },
+ { BER_BVC("secprops="), offsetof(slap_bindconf, sb_secprops), 's', 0, NULL },
+ { BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 'b', 0, NULL },
+#ifndef SLAP_AUTHZ_SYNTAX
+ { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, NULL },
+ { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, NULL },
+#else /* SLAP_AUTHZ_SYNTAX */
+ { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, authzNormalize },
+ { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, authzNormalize },
+#endif /* SLAP_AUTHZ_SYNTAX */
+
+ { BER_BVNULL, 0, 0, 0, NULL }
+};
+
+int
+slap_cf_aux_table_parse( const char *word, void *dst, slap_cf_aux_table *tab0, LDAP_CONST char *tabmsg )
+{
+ int rc = 0;
+ slap_cf_aux_table *tab;
+
+ for (tab = tab0; !BER_BVISNULL(&tab->key); tab++ ) {
+ if ( !strncasecmp( word, tab->key.bv_val, tab->key.bv_len )) {
+ char **cptr;
+ int *iptr, j;
+ unsigned *uptr;
+ long *lptr;
+ unsigned long *ulptr;
+ struct berval *bptr;
+ const char *val = word + tab->key.bv_len;
+
+ switch ( tab->type ) {
+ case 's':
+ cptr = (char **)((char *)dst + tab->off);
+ *cptr = ch_strdup( val );
+ break;
+
+ case 'b':
+ bptr = (struct berval *)((char *)dst + tab->off);
+ if ( tab->aux != NULL ) {
+ struct berval dn;
+ slap_mr_normalize_func *normalize = (slap_mr_normalize_func *)tab->aux;
+
+ ber_str2bv( val, 0, 0, &dn );
+ rc = normalize( 0, NULL, NULL, &dn, bptr, NULL );
+
+ } else {
+ ber_str2bv( val, 0, 1, bptr );
+ rc = 0;
+ }
+ break;
+
+ case 'i':
+ iptr = (int *)((char *)dst + tab->off);
+
+ if ( tab->aux != NULL ) {
+ slap_verbmasks *aux = (slap_verbmasks *)tab->aux;
+
+ assert( aux != NULL );
+
+ rc = 1;
+ for ( j = 0; !BER_BVISNULL( &aux[j].word ); j++ ) {
+ if ( !strcasecmp( val, aux[j].word.bv_val ) ) {
+ *iptr = aux[j].mask;
+ rc = 0;
+ break;
+ }
+ }
+
+ } else {
+ rc = lutil_atoix( iptr, val, 0 );
+ }
+ break;
+
+ case 'u':
+ uptr = (unsigned *)((char *)dst + tab->off);
+
+ rc = lutil_atoux( uptr, val, 0 );
+ break;
+
+ case 'I':
+ lptr = (long *)((char *)dst + tab->off);
+
+ rc = lutil_atolx( lptr, val, 0 );
+ break;
+
+ case 'U':
+ ulptr = (unsigned long *)((char *)dst + tab->off);
+
+ rc = lutil_atoulx( ulptr, val, 0 );
+ break;
+ }
+
+ if ( rc ) {
+ Debug( LDAP_DEBUG_ANY, "invalid %s value %s\n",
+ tabmsg, word, 0 );
+ }
+
+ return rc;
+ }
+ }
+
+ return rc;
+}
+
+int
+slap_cf_aux_table_unparse( void *src, struct berval *bv, slap_cf_aux_table *tab0 )
+{
+ char buf[AC_LINE_MAX], *ptr;
+ slap_cf_aux_table *tab;
+ struct berval tmp;
+
+ ptr = buf;
+ for (tab = tab0; !BER_BVISNULL(&tab->key); tab++ ) {
+ char **cptr;
+ int *iptr, i;
+ unsigned *uptr;
+ long *lptr;
+ unsigned long *ulptr;
+ struct berval *bptr;
+
+ cptr = (char **)((char *)src + tab->off);
+
+ switch ( tab->type ) {
+ case 'b':
+ bptr = (struct berval *)((char *)src + tab->off);
+ cptr = &bptr->bv_val;
+
+ case 's':
+ if ( *cptr ) {
+ *ptr++ = ' ';
+ ptr = lutil_strcopy( ptr, tab->key.bv_val );
+ if ( tab->quote ) *ptr++ = '"';
+ ptr = lutil_strcopy( ptr, *cptr );
+ if ( tab->quote ) *ptr++ = '"';
+ }
+ break;
+
+ case 'i':
+ iptr = (int *)((char *)src + tab->off);
+
+ if ( tab->aux != NULL ) {
+ slap_verbmasks *aux = (slap_verbmasks *)tab->aux;
+
+ for ( i = 0; !BER_BVISNULL( &aux[i].word ); i++ ) {
+ if ( *iptr == aux[i].mask ) {
+ *ptr++ = ' ';
+ ptr = lutil_strcopy( ptr, tab->key.bv_val );
+ ptr = lutil_strcopy( ptr, aux[i].word.bv_val );
+ break;
+ }
+ }
+
+ } else {
+ *ptr++ = ' ';
+ ptr = lutil_strcopy( ptr, tab->key.bv_val );
+ ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%d", *iptr );
+ }
+ break;
+
+ case 'u':
+ uptr = (unsigned *)((char *)src + tab->off);
+ *ptr++ = ' ';
+ ptr = lutil_strcopy( ptr, tab->key.bv_val );
+ ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%u", *uptr );
+ break;
+
+ case 'I':
+ lptr = (long *)((char *)src + tab->off);
+ *ptr++ = ' ';
+ ptr = lutil_strcopy( ptr, tab->key.bv_val );
+ ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%ld", *lptr );
+ break;
+
+ case 'U':
+ ulptr = (unsigned long *)((char *)src + tab->off);
+ *ptr++ = ' ';
+ ptr = lutil_strcopy( ptr, tab->key.bv_val );
+ ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%lu", *ulptr );
+ break;
+
+ default:
+ assert( 0 );
+ }
+ }
+ tmp.bv_val = buf;
+ tmp.bv_len = ptr - buf;
+ ber_dupbv( bv, &tmp );
+ return 0;
+}
+
+int
+bindconf_parse( const char *word, slap_bindconf *bc )
+{
+ return slap_cf_aux_table_parse( word, bc, bindkey, "bind config" );
+}
+
+int
+bindconf_unparse( slap_bindconf *bc, struct berval *bv )
+{
+ return slap_cf_aux_table_unparse( bc, bv, bindkey );
+}
+
+void bindconf_free( slap_bindconf *bc ) {
+ if ( !BER_BVISNULL( &bc->sb_uri ) ) {
+ ch_free( bc->sb_uri.bv_val );
+ BER_BVZERO( &bc->sb_uri );
+ }
+ if ( !BER_BVISNULL( &bc->sb_binddn ) ) {
+ ch_free( bc->sb_binddn.bv_val );
+ BER_BVZERO( &bc->sb_binddn );
+ }
+ if ( !BER_BVISNULL( &bc->sb_cred ) ) {
+ ch_free( bc->sb_cred.bv_val );
+ BER_BVZERO( &bc->sb_cred );
+ }
+ if ( !BER_BVISNULL( &bc->sb_saslmech ) ) {
+ ch_free( bc->sb_saslmech.bv_val );
+ BER_BVZERO( &bc->sb_saslmech );
+ }
+ if ( bc->sb_secprops ) {
+ ch_free( bc->sb_secprops );
+ bc->sb_secprops = NULL;
+ }
+ if ( !BER_BVISNULL( &bc->sb_realm ) ) {
+ ch_free( bc->sb_realm.bv_val );
+ BER_BVZERO( &bc->sb_realm );
+ }
+ if ( !BER_BVISNULL( &bc->sb_authcId ) ) {
+ ch_free( bc->sb_authcId.bv_val );
+ BER_BVZERO( &bc->sb_authcId );
+ }
+ if ( !BER_BVISNULL( &bc->sb_authzId ) ) {
+ ch_free( bc->sb_authzId.bv_val );
+ BER_BVZERO( &bc->sb_authzId );
+ }
+}
+
+
+/* -------------------------------------- */
+
+
+static char *
+strtok_quote( char *line, char *sep, char **quote_ptr )
+{
+ int inquote;
+ char *tmp;
+ static char *next;
+
+ *quote_ptr = NULL;
+ if ( line != NULL ) {
+ next = line;
+ }
+ while ( *next && strchr( sep, *next ) ) {
+ next++;
+ }
+
+ if ( *next == '\0' ) {
+ next = NULL;
+ return( NULL );
+ }
+ tmp = next;
+
+ for ( inquote = 0; *next; ) {
+ switch ( *next ) {
+ case '"':
+ if ( inquote ) {
+ inquote = 0;
+ } else {
+ inquote = 1;
+ }
+ AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
+ break;
+
+ case '\\':
+ if ( next[1] )
+ AC_MEMCPY( next,
+ next + 1, strlen( next + 1 ) + 1 );
+ next++; /* dont parse the escaped character */
+ break;
+
+ default:
+ if ( ! inquote ) {
+ if ( strchr( sep, *next ) != NULL ) {
+ *quote_ptr = next;
+ *next++ = '\0';
+ return( tmp );
+ }
+ }
+ next++;
+ break;
+ }
+ }
+
+ return( tmp );
+}
+
+static char buf[AC_LINE_MAX];
+static char *line;
+static size_t lmax, lcur;
+
+#define CATLINE( buf ) \
+ do { \
+ size_t len = strlen( buf ); \
+ while ( lcur + len + 1 > lmax ) { \
+ lmax += AC_LINE_MAX; \
+ line = (char *) ch_realloc( line, lmax ); \
+ } \
+ strcpy( line + lcur, buf ); \
+ lcur += len; \
+ } while( 0 )
+
+static void
+fp_getline_init(ConfigArgs *c) {
+ c->lineno = -1;
+ buf[0] = '\0';
+}
+
+static int
+fp_getline( FILE *fp, ConfigArgs *c )
+{
+ char *p;
+
+ lcur = 0;
+ CATLINE(buf);
+ c->lineno++;
+
+ /* avoid stack of bufs */
+ if ( strncasecmp( line, "include", STRLENOF( "include" ) ) == 0 ) {
+ buf[0] = '\0';
+ c->line = line;
+ return(1);
+ }
+
+ while ( fgets( buf, sizeof( buf ), fp ) ) {
+ p = strchr( buf, '\n' );
+ if ( p ) {
+ if ( p > buf && p[-1] == '\r' ) {
+ --p;
+ }
+ *p = '\0';
+ }
+ /* XXX ugly */
+ c->line = line;
+ if ( line[0]
+ && ( p = line + strlen( line ) - 1 )[0] == '\\'
+ && p[-1] != '\\' )
+ {
+ p[0] = '\0';
+ lcur--;
+
+ } else {
+ if ( !isspace( (unsigned char)buf[0] ) ) {
+ return(1);
+ }
+ buf[0] = ' ';
+ }
+ CATLINE(buf);
+ c->lineno++;
+ }
+
+ buf[0] = '\0';
+ c->line = line;
+ return(line[0] ? 1 : 0);
+}
+
+static int
+fp_parse_line(ConfigArgs *c)
+{
+ char *token;
+ static char *const hide[] = {
+ "rootpw", "replica", "syncrepl", /* in slapd */
+ "acl-bind", "acl-method", "idassert-bind", /* in back-ldap */
+ "acl-passwd", "bindpw", /* in back-<ldap/meta> */
+ "pseudorootpw", /* in back-meta */
+ "dbpasswd", /* in back-sql */
+ NULL
+ };
+ char *quote_ptr;
+ int i = (int)(sizeof(hide)/sizeof(hide[0])) - 1;
+
+ c->tline = ch_strdup(c->line);
+ token = strtok_quote(c->tline, " \t", "e_ptr);
+
+ if(token) for(i = 0; hide[i]; i++) if(!strcasecmp(token, hide[i])) break;
+ if(quote_ptr) *quote_ptr = ' ';
+ Debug(LDAP_DEBUG_CONFIG, "line %d (%s%s)\n", c->lineno,
+ hide[i] ? hide[i] : c->line, hide[i] ? " ***" : "");
+ if(quote_ptr) *quote_ptr = '\0';
+
+ for(;; token = strtok_quote(NULL, " \t", "e_ptr)) {
+ if(c->argc >= c->argv_size) {
+ char **tmp;
+ tmp = ch_realloc(c->argv, (c->argv_size + ARGS_STEP) * sizeof(*c->argv));
+ if(!tmp) {
+ Debug(LDAP_DEBUG_ANY, "line %d: out of memory\n", c->lineno, 0, 0);
+ return -1;
+ }
+ c->argv = tmp;
+ c->argv_size += ARGS_STEP;
+ }
+ if(token == NULL)
+ break;
+ c->argv[c->argc++] = token;
+ }
+ c->argv[c->argc] = NULL;
+ return(0);
+}
+
+void
+config_destroy( )
+{
+ ucdata_unload( UCDATA_ALL );
+ if ( frontendDB ) {
+ /* NOTE: in case of early exit, frontendDB can be NULL */
+ if ( frontendDB->be_schemandn.bv_val )
+ free( frontendDB->be_schemandn.bv_val );
+ if ( frontendDB->be_schemadn.bv_val )
+ free( frontendDB->be_schemadn.bv_val );
+ if ( frontendDB->be_acl )
+ acl_destroy( frontendDB->be_acl, NULL );
+ }
+ free( line );
+ if ( slapd_args_file )
+ free ( slapd_args_file );
+ if ( slapd_pid_file )
+ free ( slapd_pid_file );
+ if ( default_passwd_hash )
+ ldap_charray_free( default_passwd_hash );
+}
+
+char **
+slap_str2clist( char ***out, char *in, const char *brkstr )
+{
+ char *str;
+ char *s;
+ char *lasts;
+ int i, j;
+ char **new;
+
+ /* find last element in list */
+ for (i = 0; *out && (*out)[i]; i++);
+
+ /* protect the input string from strtok */
+ str = ch_strdup( in );
+
+ if ( *str == '\0' ) {
+ free( str );
+ return( *out );
+ }
+
+ /* Count words in string */
+ j=1;
+ for ( s = str; *s; s++ ) {
+ if ( strchr( brkstr, *s ) != NULL ) {
+ j++;
+ }
+ }
+
+ *out = ch_realloc( *out, ( i + j + 1 ) * sizeof( char * ) );
+ new = *out + i;
+ for ( s = ldap_pvt_strtok( str, brkstr, &lasts );
+ s != NULL;
+ s = ldap_pvt_strtok( NULL, brkstr, &lasts ) )
+ {
+ *new = ch_strdup( s );
+ new++;
+ }
+
+ *new = NULL;
+ free( str );
+ return( *out );
+}
+
+int config_generic_wrapper( Backend *be, const char *fname, int lineno,
+ int argc, char **argv )
+{
+ ConfigArgs c = { 0 };
+ ConfigTable *ct;
+ int rc;
+
+ c.be = be;
+ c.fname = fname;
+ c.lineno = lineno;
+ c.argc = argc;
+ c.argv = argv;
+ c.valx = -1;
+ c.line = line;
+ c.op = SLAP_CONFIG_ADD;
+ snprintf( c.log, sizeof( c.log ), "%s: line %d", fname, lineno );
+
+ rc = SLAP_CONF_UNKNOWN;
+ ct = config_find_keyword( be->be_cf_ocs->co_table, &c );
+ if ( ct )
+ rc = config_add_vals( ct, &c );
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/config.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/config.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/config.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,186 @@
+/* config.h - configuration abstraction structure */
+/* $OpenLDAP: pkg/ldap/servers/slapd/config.h,v 1.2.2.13 2007/01/02 21:43:55 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef CONFIG_H
+#define CONFIG_H
+
+typedef struct ConfigTable {
+ char *name;
+ char *what;
+ int min_args;
+ int max_args;
+ int length;
+ unsigned int arg_type;
+ void *arg_item;
+ char *attribute;
+ AttributeDescription *ad;
+ void *notify;
+} ConfigTable;
+
+typedef enum {
+ Cft_Abstract = 0,
+ Cft_Global,
+ Cft_Schema,
+ Cft_Backend,
+ Cft_Database,
+ Cft_Overlay,
+ Cft_Include,
+ Cft_Module,
+ Cft_Misc /* backend/overlay defined */
+} ConfigType;
+
+#define ARGS_USERLAND 0x00000fff
+#define ARGS_TYPES 0x000ff000
+#define ARGS_POINTER 0x0003f000
+#define ARGS_NUMERIC 0x0000f000
+#define ARG_INT 0x00001000
+#define ARG_LONG 0x00002000
+#define ARG_BER_LEN_T 0x00004000
+#define ARG_ON_OFF 0x00008000
+#define ARG_STRING 0x00010000
+#define ARG_BERVAL 0x00020000
+#define ARG_DN 0x00040000
+#define ARG_IGNORED 0x00080000
+
+#define ARGS_SYNTAX 0xfff00000
+#define ARG_PRE_BI 0x00100000
+#define ARG_PRE_DB 0x00200000
+#define ARG_DB 0x00400000 /* Only applies to DB */
+#define ARG_MAY_DB 0x00800000 /* May apply to DB */
+#define ARG_PAREN 0x01000000
+#define ARG_NONZERO 0x02000000
+#define ARG_NO_INSERT 0x04000000 /* no arbitrary inserting */
+#define ARG_NO_DELETE 0x08000000 /* no runtime deletes */
+#define ARG_UNIQUE 0x10000000
+#define ARG_QUOTE 0x20000000 /* wrap with quotes before parsing */
+#define ARG_OFFSET 0x40000000
+#define ARG_MAGIC 0x80000000
+
+#define ARG_BAD_CONF 0xdead0000 /* overload return values */
+
+/* This is a config entry's e_private data */
+typedef struct CfEntryInfo {
+ struct CfEntryInfo *ce_parent;
+ struct CfEntryInfo *ce_sibs;
+ struct CfEntryInfo *ce_kids;
+ Entry *ce_entry;
+ ConfigType ce_type;
+ BackendInfo *ce_bi;
+ BackendDB *ce_be;
+ void *ce_private;
+} CfEntryInfo;
+
+struct config_args_s;
+
+/* Check if the child is allowed to be LDAPAdd'd to the parent */
+typedef int (ConfigLDAPadd)(
+ CfEntryInfo *parent, Entry *child, struct config_args_s *ca);
+
+/* Let the object create children out of slapd.conf */
+typedef int (ConfigCfAdd)(
+ Operation *op, SlapReply *rs, Entry *parent, struct config_args_s *ca );
+
+typedef struct ConfigOCs {
+ char *co_def;
+ ConfigType co_type;
+ ConfigTable *co_table;
+ ConfigLDAPadd *co_ldadd;
+ ConfigCfAdd *co_cfadd;
+ ObjectClass *co_oc;
+ struct berval *co_name;
+} ConfigOCs;
+
+typedef int (ConfigDriver)(struct config_args_s *c);
+
+typedef struct config_args_s {
+ int argc;
+ char **argv;
+ int argv_size;
+ char *line;
+ char *tline;
+ const char *fname;
+ int lineno;
+ char log[MAXPATHLEN + STRLENOF(": line 18446744073709551615") + 1];
+ char msg[SLAP_TEXT_BUFLEN];
+ int depth;
+ int valx; /* multi-valued value index */
+ /* parsed first val for simple cases */
+ union {
+ int v_int;
+ long v_long;
+ ber_len_t v_ber_t;
+ char *v_string;
+ struct berval v_bv;
+ struct {
+ struct berval vdn_dn;
+ struct berval vdn_ndn;
+ } v_dn;
+ } values;
+ /* return values for emit mode */
+ BerVarray rvalue_vals;
+ BerVarray rvalue_nvals;
+#define SLAP_CONFIG_EMIT 0x2000 /* emit instead of set */
+#define SLAP_CONFIG_ADD 0x4000 /* config file add vs LDAP add */
+ int op;
+ int type; /* ConfigTable.arg_type & ARGS_USERLAND */
+ BackendDB *be;
+ BackendInfo *bi;
+ Entry *ca_entry; /* entry being modified */
+ void *private; /* anything */
+ ConfigDriver *cleanup;
+} ConfigArgs;
+
+/* If lineno is zero, we have an actual LDAP Add request from a client.
+ * Otherwise, we're reading a config file or a config dir.
+ */
+#define CONFIG_ONLINE_ADD(ca) (!((ca)->lineno))
+
+#define value_int values.v_int
+#define value_long values.v_long
+#define value_ber_t values.v_ber_t
+#define value_string values.v_string
+#define value_bv values.v_bv
+#define value_dn values.v_dn.vdn_dn
+#define value_ndn values.v_dn.vdn_ndn
+
+int config_register_schema(ConfigTable *ct, ConfigOCs *co);
+int config_del_vals(ConfigTable *cf, ConfigArgs *c);
+int config_get_vals(ConfigTable *ct, ConfigArgs *c);
+int config_add_vals(ConfigTable *ct, ConfigArgs *c);
+
+void init_config_argv( ConfigArgs *c );
+int init_config_attrs(ConfigTable *ct);
+int init_config_ocs( ConfigOCs *ocs );
+int config_parse_vals(ConfigTable *ct, ConfigArgs *c, int valx);
+int config_parse_add(ConfigTable *ct, ConfigArgs *c);
+int read_config_file(const char *fname, int depth, ConfigArgs *cf,
+ ConfigTable *cft );
+
+ConfigTable * config_find_keyword(ConfigTable *ct, ConfigArgs *c);
+Entry * config_build_entry( Operation *op, SlapReply *rs, CfEntryInfo *parent,
+ ConfigArgs *c, struct berval *rdn, ConfigOCs *main, ConfigOCs *extra );
+
+int config_shadow( ConfigArgs *c, int flag );
+#define config_slurp_shadow(c) config_shadow((c), SLAP_DBFLAG_SLURP_SHADOW)
+#define config_sync_shadow(c) config_shadow((c), SLAP_DBFLAG_SYNC_SHADOW)
+
+ /* Make sure we don't exceed the bits reserved for userland */
+#define config_check_userland(last) \
+ assert( ( ( (last) - 1 ) & ARGS_USERLAND ) == ( (last) - 1 ) );
+
+#define SLAP_X_ORDERED_FMT "{%d}"
+
+#endif /* CONFIG_H */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/connection.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/connection.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/connection.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2042 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/connection.c,v 1.296.2.29 2007/01/25 12:52:48 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include <ac/socket.h>
+#include <ac/errno.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include "lutil.h"
+#include "slap.h"
+
+#ifdef LDAP_SLAPI
+#include "slapi/slapi.h"
+#endif
+
+/* protected by connections_mutex */
+static ldap_pvt_thread_mutex_t connections_mutex;
+static Connection *connections = NULL;
+
+static ldap_pvt_thread_mutex_t conn_nextid_mutex;
+static unsigned long conn_nextid = 0;
+
+static const char conn_lost_str[] = "connection lost";
+
+/* structure state (protected by connections_mutex) */
+#define SLAP_C_UNINITIALIZED 0x00 /* MUST BE ZERO (0) */
+#define SLAP_C_UNUSED 0x01
+#define SLAP_C_USED 0x02
+#define SLAP_C_PENDING 0x03
+
+/* connection state (protected by c_mutex ) */
+#define SLAP_C_INVALID 0x00 /* MUST BE ZERO (0) */
+#define SLAP_C_INACTIVE 0x01 /* zero threads */
+#define SLAP_C_ACTIVE 0x02 /* one or more threads */
+#define SLAP_C_BINDING 0x03 /* binding */
+#define SLAP_C_CLOSING 0x04 /* closing */
+#define SLAP_C_CLIENT 0x05 /* outbound client conn */
+
+const char *
+connection_state2str( int state )
+{
+ switch( state ) {
+ case SLAP_C_INVALID: return "!";
+ case SLAP_C_INACTIVE: return "|";
+ case SLAP_C_ACTIVE: return "";
+ case SLAP_C_BINDING: return "B";
+ case SLAP_C_CLOSING: return "C";
+ case SLAP_C_CLIENT: return "L";
+ }
+
+ return "?";
+}
+
+static Connection* connection_get( ber_socket_t s );
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+
+typedef struct conn_readinfo {
+ Operation *op;
+ ldap_pvt_thread_start_t *func;
+ void *arg;
+ int nullop;
+} conn_readinfo;
+
+static int connection_input( Connection *c, conn_readinfo *cri );
+#else
+static int connection_input( Connection *c );
+#endif
+static void connection_close( Connection *c );
+
+static int connection_op_activate( Operation *op );
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+static void connection_op_queue( Operation *op );
+#endif
+static int connection_resched( Connection *conn );
+static void connection_abandon( Connection *conn );
+static void connection_destroy( Connection *c );
+
+static ldap_pvt_thread_start_t connection_operation;
+
+/*
+ * Initialize connection management infrastructure.
+ */
+int connections_init(void)
+{
+ int i;
+
+ assert( connections == NULL );
+
+ if( connections != NULL) {
+ Debug( LDAP_DEBUG_ANY, "connections_init: already initialized.\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ /* should check return of every call */
+ ldap_pvt_thread_mutex_init( &connections_mutex );
+ ldap_pvt_thread_mutex_init( &conn_nextid_mutex );
+
+ connections = (Connection *) ch_calloc( dtblsize, sizeof(Connection) );
+
+ if( connections == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "connections_init: "
+ "allocation (%d*%ld) of connection array failed\n",
+ dtblsize, (long) sizeof(Connection), 0 );
+ return -1;
+ }
+
+ assert( connections[0].c_struct_state == SLAP_C_UNINITIALIZED );
+ assert( connections[dtblsize-1].c_struct_state == SLAP_C_UNINITIALIZED );
+
+ for (i=0; i<dtblsize; i++) connections[i].c_conn_idx = i;
+
+ /*
+ * per entry initialization of the Connection array initialization
+ * will be done by connection_init()
+ */
+
+ return 0;
+}
+
+/*
+ * Destroy connection management infrastructure.
+ */
+
+int connections_destroy(void)
+{
+ ber_socket_t i;
+
+ /* should check return of every call */
+
+ if( connections == NULL) {
+ Debug( LDAP_DEBUG_ANY, "connections_destroy: nothing to destroy.\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ for ( i = 0; i < dtblsize; i++ ) {
+ if( connections[i].c_struct_state != SLAP_C_UNINITIALIZED ) {
+ ber_sockbuf_free( connections[i].c_sb );
+ ldap_pvt_thread_mutex_destroy( &connections[i].c_mutex );
+ ldap_pvt_thread_mutex_destroy( &connections[i].c_write_mutex );
+ ldap_pvt_thread_cond_destroy( &connections[i].c_write_cv );
+#ifdef LDAP_SLAPI
+ if ( slapi_plugins_used ) {
+ slapi_int_free_object_extensions( SLAPI_X_EXT_CONNECTION,
+ &connections[i] );
+ }
+#endif
+ }
+ }
+
+ free( connections );
+ connections = NULL;
+
+ ldap_pvt_thread_mutex_destroy( &connections_mutex );
+ ldap_pvt_thread_mutex_destroy( &conn_nextid_mutex );
+ return 0;
+}
+
+/*
+ * shutdown all connections
+ */
+int connections_shutdown(void)
+{
+ ber_socket_t i;
+
+ for ( i = 0; i < dtblsize; i++ ) {
+ if( connections[i].c_struct_state != SLAP_C_UNINITIALIZED ) {
+ ldap_pvt_thread_mutex_lock( &connections[i].c_mutex );
+ if( connections[i].c_struct_state == SLAP_C_USED ) {
+
+ /* give persistent clients a chance to cleanup */
+ if( connections[i].c_conn_state == SLAP_C_CLIENT ) {
+ ldap_pvt_thread_pool_submit( &connection_pool,
+ connections[i].c_clientfunc, connections[i].c_clientarg );
+ } else {
+ /* c_mutex is locked */
+ connection_closing( &connections[i], "slapd shutdown" );
+ connection_close( &connections[i] );
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &connections[i].c_mutex );
+ }
+ }
+
+ return 0;
+}
+
+/*
+ * Timeout idle connections.
+ */
+int connections_timeout_idle(time_t now)
+{
+ int i = 0;
+ int connindex;
+ Connection* c;
+
+ for( c = connection_first( &connindex );
+ c != NULL;
+ c = connection_next( c, &connindex ) )
+ {
+ /* Don't timeout a slow-running request or a persistent
+ * outbound connection */
+ if( c->c_n_ops_executing || c->c_conn_state == SLAP_C_CLIENT ) {
+ continue;
+ }
+
+ if( difftime( c->c_activitytime+global_idletimeout, now) < 0 ) {
+ /* close it */
+ connection_closing( c, "idletimeout" );
+ connection_close( c );
+ i++;
+ }
+ }
+ connection_done( c );
+
+ return i;
+}
+
+static Connection* connection_get( ber_socket_t s )
+{
+ Connection *c;
+
+ Debug( LDAP_DEBUG_ARGS,
+ "connection_get(%ld)\n",
+ (long) s, 0, 0 );
+
+ assert( connections != NULL );
+
+ if(s == AC_SOCKET_INVALID) return NULL;
+
+#ifndef HAVE_WINSOCK
+ assert( s < dtblsize );
+ c = &connections[s];
+
+#else
+ c = NULL;
+ {
+ ber_socket_t i, sd;
+
+ ldap_pvt_thread_mutex_lock( &connections_mutex );
+ for(i=0; i<dtblsize; i++) {
+ if( connections[i].c_struct_state == SLAP_C_PENDING )
+ continue;
+
+ if( connections[i].c_struct_state == SLAP_C_UNINITIALIZED ) {
+ assert( connections[i].c_conn_state == SLAP_C_INVALID );
+ assert( connections[i].c_sb == 0 );
+ break;
+ }
+
+ ber_sockbuf_ctrl( connections[i].c_sb,
+ LBER_SB_OPT_GET_FD, &sd );
+
+ if( connections[i].c_struct_state == SLAP_C_UNUSED ) {
+ assert( connections[i].c_conn_state == SLAP_C_INVALID );
+ assert( sd == AC_SOCKET_INVALID );
+ continue;
+ }
+
+ /* state can actually change from used -> unused by resched,
+ * so don't assert details here.
+ */
+
+ if( sd == s ) {
+ c = &connections[i];
+ break;
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &connections_mutex );
+ }
+#endif
+
+ if( c != NULL ) {
+ ber_socket_t sd;
+
+ ldap_pvt_thread_mutex_lock( &c->c_mutex );
+
+ assert( c->c_struct_state != SLAP_C_UNINITIALIZED );
+
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_GET_FD, &sd );
+#ifdef HAVE_WINSOCK
+ /* Avoid race condition after releasing
+ * connections_mutex
+ */
+ if ( sd != s ) {
+ ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+ return NULL;
+ }
+#endif
+ if( c->c_struct_state != SLAP_C_USED ) {
+ /* connection must have been closed due to resched */
+
+ assert( c->c_conn_state == SLAP_C_INVALID );
+ assert( sd == AC_SOCKET_INVALID );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_get(%d): connection not used\n",
+ s, 0, 0 );
+
+ ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+ return NULL;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_get(%d): got connid=%lu\n",
+ s, c->c_connid, 0 );
+
+ c->c_n_get++;
+
+ assert( c->c_struct_state == SLAP_C_USED );
+ assert( c->c_conn_state != SLAP_C_INVALID );
+ assert( sd != AC_SOCKET_INVALID );
+
+#ifndef SLAPD_MONITOR
+ if ( global_idletimeout > 0 )
+#endif /* ! SLAPD_MONITOR */
+ {
+ c->c_activitytime = slap_get_time();
+ }
+ }
+
+ return c;
+}
+
+static void connection_return( Connection *c )
+{
+ ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+}
+
+long connection_init(
+ ber_socket_t s,
+ Listener *listener,
+ const char* dnsname,
+ const char* peername,
+ int flags,
+ slap_ssf_t ssf,
+ struct berval *authid )
+{
+ unsigned long id;
+ Connection *c;
+ int doinit = 0;
+
+ assert( connections != NULL );
+
+ assert( listener != NULL );
+ assert( dnsname != NULL );
+ assert( peername != NULL );
+
+#ifndef HAVE_TLS
+ assert( flags != CONN_IS_TLS );
+#endif
+
+ if( s == AC_SOCKET_INVALID ) {
+ Debug( LDAP_DEBUG_ANY,
+ "connection_init: init of socket %ld invalid.\n", (long)s, 0, 0 );
+ return -1;
+ }
+
+ assert( s >= 0 );
+#ifndef HAVE_WINSOCK
+ assert( s < dtblsize );
+ c = &connections[s];
+ if( c->c_struct_state == SLAP_C_UNINITIALIZED ) {
+ doinit = 1;
+ } else {
+ assert( c->c_struct_state == SLAP_C_UNUSED );
+ }
+#else
+ {
+ ber_socket_t i;
+ c = NULL;
+
+ ldap_pvt_thread_mutex_lock( &connections_mutex );
+ for( i=0; i < dtblsize; i++) {
+ ber_socket_t sd;
+
+ if ( connections[i].c_struct_state == SLAP_C_PENDING )
+ continue;
+
+ if( connections[i].c_struct_state == SLAP_C_UNINITIALIZED ) {
+ assert( connections[i].c_sb == 0 );
+ c = &connections[i];
+ c->c_struct_state = SLAP_C_PENDING;
+ doinit = 1;
+ break;
+ }
+
+ sd = AC_SOCKET_INVALID;
+ if (connections[i].c_sb != NULL) {
+ ber_sockbuf_ctrl( connections[i].c_sb,
+ LBER_SB_OPT_GET_FD, &sd );
+ }
+
+ if( connections[i].c_struct_state == SLAP_C_UNUSED ) {
+ assert( sd == AC_SOCKET_INVALID );
+ c = &connections[i];
+ c->c_struct_state = SLAP_C_PENDING;
+ break;
+ }
+
+ if( connections[i].c_conn_state == SLAP_C_CLIENT ) continue;
+
+ assert( connections[i].c_struct_state == SLAP_C_USED );
+ assert( connections[i].c_conn_state != SLAP_C_INVALID );
+ assert( sd != AC_SOCKET_INVALID );
+ }
+ ldap_pvt_thread_mutex_unlock( &connections_mutex );
+
+ if( c == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "connection_init(%d): connection table full "
+ "(%d/%d)\n", s, i, dtblsize);
+ return -1;
+ }
+ }
+#endif
+
+ if( doinit ) {
+ c->c_send_ldap_result = slap_send_ldap_result;
+ c->c_send_search_entry = slap_send_search_entry;
+ c->c_send_search_reference = slap_send_search_reference;
+ c->c_send_ldap_extended = slap_send_ldap_extended;
+ c->c_send_ldap_intermediate = slap_send_ldap_intermediate;
+
+ BER_BVZERO( &c->c_authmech );
+ BER_BVZERO( &c->c_dn );
+ BER_BVZERO( &c->c_ndn );
+
+ c->c_listener = NULL;
+ BER_BVZERO( &c->c_peer_domain );
+ BER_BVZERO( &c->c_peer_name );
+
+ LDAP_STAILQ_INIT(&c->c_ops);
+ LDAP_STAILQ_INIT(&c->c_pending_ops);
+
+#ifdef LDAP_X_TXN
+ c->c_txn = CONN_TXN_INACTIVE;
+ c->c_txn_backend = NULL;
+ LDAP_STAILQ_INIT(&c->c_txn_ops);
+#endif
+
+ BER_BVZERO( &c->c_sasl_bind_mech );
+ c->c_sasl_done = 0;
+ c->c_sasl_authctx = NULL;
+ c->c_sasl_sockctx = NULL;
+ c->c_sasl_extra = NULL;
+ c->c_sasl_bindop = NULL;
+
+ c->c_sb = ber_sockbuf_alloc( );
+
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
+ c->c_currentber = NULL;
+
+ /* should check status of thread calls */
+ ldap_pvt_thread_mutex_init( &c->c_mutex );
+ ldap_pvt_thread_mutex_init( &c->c_write_mutex );
+ ldap_pvt_thread_cond_init( &c->c_write_cv );
+
+#ifdef LDAP_SLAPI
+ if ( slapi_plugins_used ) {
+ slapi_int_create_object_extensions( SLAPI_X_EXT_CONNECTION, c );
+ }
+#endif
+ }
+
+ ldap_pvt_thread_mutex_lock( &c->c_mutex );
+
+ assert( BER_BVISNULL( &c->c_authmech ) );
+ assert( BER_BVISNULL( &c->c_dn ) );
+ assert( BER_BVISNULL( &c->c_ndn ) );
+ assert( c->c_listener == NULL );
+ assert( BER_BVISNULL( &c->c_peer_domain ) );
+ assert( BER_BVISNULL( &c->c_peer_name ) );
+ assert( LDAP_STAILQ_EMPTY(&c->c_ops) );
+ assert( LDAP_STAILQ_EMPTY(&c->c_pending_ops) );
+#ifdef LDAP_X_TXN
+ assert( c->c_txn == CONN_TXN_INACTIVE );
+ assert( c->c_txn_backend == NULL );
+ assert( LDAP_STAILQ_EMPTY(&c->c_txn_ops) );
+#endif
+ assert( BER_BVISNULL( &c->c_sasl_bind_mech ) );
+ assert( c->c_sasl_done == 0 );
+ assert( c->c_sasl_authctx == NULL );
+ assert( c->c_sasl_sockctx == NULL );
+ assert( c->c_sasl_extra == NULL );
+ assert( c->c_sasl_bindop == NULL );
+ assert( c->c_currentber == NULL );
+ assert( c->c_writewaiter == 0);
+
+ c->c_listener = listener;
+
+ if ( flags == CONN_IS_CLIENT ) {
+ c->c_conn_state = SLAP_C_CLIENT;
+ c->c_struct_state = SLAP_C_USED;
+ c->c_close_reason = "?"; /* should never be needed */
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_FD, &s );
+ ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+
+ return 0;
+ }
+
+ ber_str2bv( dnsname, 0, 1, &c->c_peer_domain );
+ ber_str2bv( peername, 0, 1, &c->c_peer_name );
+
+ c->c_n_ops_received = 0;
+ c->c_n_ops_executing = 0;
+ c->c_n_ops_pending = 0;
+ c->c_n_ops_completed = 0;
+
+ c->c_n_get = 0;
+ c->c_n_read = 0;
+ c->c_n_write = 0;
+
+ /* set to zero until bind, implies LDAP_VERSION3 */
+ c->c_protocol = 0;
+
+#ifndef SLAPD_MONITOR
+ if ( global_idletimeout > 0 )
+#endif /* ! SLAPD_MONITOR */
+ {
+ c->c_activitytime = c->c_starttime = slap_get_time();
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ c->c_is_udp = 0;
+ if( flags == CONN_IS_UDP ) {
+ c->c_is_udp = 1;
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_PROVIDER, (void*)"udp_" );
+#endif
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_udp,
+ LBER_SBIOD_LEVEL_PROVIDER, (void *)&s );
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_readahead,
+ LBER_SBIOD_LEVEL_PROVIDER, NULL );
+ } else
+#endif
+ {
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_PROVIDER, (void*)"tcp_" );
+#endif
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_tcp,
+ LBER_SBIOD_LEVEL_PROVIDER, (void *)&s );
+ }
+
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
+ INT_MAX, (void*)"ldap_" );
+#endif
+
+ if( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_NONBLOCK,
+ c /* non-NULL */ ) < 0 )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "connection_init(%d, %s): set nonblocking failed\n",
+ s, c->c_peer_name.bv_val, 0 );
+ }
+
+ ldap_pvt_thread_mutex_lock( &conn_nextid_mutex );
+ id = c->c_connid = conn_nextid++;
+ ldap_pvt_thread_mutex_unlock( &conn_nextid_mutex );
+
+ c->c_conn_state = SLAP_C_INACTIVE;
+ c->c_struct_state = SLAP_C_USED;
+ c->c_close_reason = "?"; /* should never be needed */
+
+ c->c_ssf = c->c_transport_ssf = ssf;
+ c->c_tls_ssf = 0;
+
+#ifdef HAVE_TLS
+ if ( flags == CONN_IS_TLS ) {
+ c->c_is_tls = 1;
+ c->c_needs_tls_accept = 1;
+ } else {
+ c->c_is_tls = 0;
+ c->c_needs_tls_accept = 0;
+ }
+#endif
+
+ slap_sasl_open( c, 0 );
+ slap_sasl_external( c, ssf, authid );
+
+ slapd_add_internal( s, 1 );
+ ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+
+ backend_connection_init(c);
+
+ return id;
+}
+
+void connection2anonymous( Connection *c )
+{
+ assert( connections != NULL );
+ assert( c != NULL );
+
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
+ if ( !BER_BVISNULL( &c->c_authmech ) ) {
+ ch_free(c->c_authmech.bv_val);
+ }
+ BER_BVZERO( &c->c_authmech );
+
+ if ( !BER_BVISNULL( &c->c_dn ) ) {
+ ch_free(c->c_dn.bv_val);
+ }
+ BER_BVZERO( &c->c_dn );
+
+ if ( !BER_BVISNULL( &c->c_ndn ) ) {
+ ch_free(c->c_ndn.bv_val);
+ }
+ BER_BVZERO( &c->c_ndn );
+
+ if ( !BER_BVISNULL( &c->c_sasl_authz_dn ) ) {
+ ber_memfree_x( c->c_sasl_authz_dn.bv_val, NULL );
+ }
+ BER_BVZERO( &c->c_sasl_authz_dn );
+
+ c->c_authz_backend = NULL;
+}
+
+static void
+connection_destroy( Connection *c )
+{
+ ber_socket_t sd;
+ unsigned long connid;
+ const char *close_reason;
+ Sockbuf *sb;
+
+ assert( connections != NULL );
+ assert( c != NULL );
+ assert( c->c_struct_state != SLAP_C_UNUSED );
+ assert( c->c_conn_state != SLAP_C_INVALID );
+ assert( LDAP_STAILQ_EMPTY(&c->c_ops) );
+ assert( LDAP_STAILQ_EMPTY(&c->c_pending_ops) );
+#ifdef LDAP_X_TXN
+ assert( c->c_txn == CONN_TXN_INACTIVE );
+ assert( c->c_txn_backend == NULL );
+ assert( LDAP_STAILQ_EMPTY(&c->c_txn_ops) );
+#endif
+ assert( c->c_writewaiter == 0);
+
+ /* only for stats (print -1 as "%lu" may give unexpected results ;) */
+ connid = c->c_connid;
+ close_reason = c->c_close_reason;
+
+ ldap_pvt_thread_mutex_lock( &connections_mutex );
+ c->c_struct_state = SLAP_C_PENDING;
+ ldap_pvt_thread_mutex_unlock( &connections_mutex );
+
+ backend_connection_destroy(c);
+
+ c->c_protocol = 0;
+ c->c_connid = -1;
+
+ c->c_activitytime = c->c_starttime = 0;
+
+ connection2anonymous( c );
+ c->c_listener = NULL;
+
+ if(c->c_peer_domain.bv_val != NULL) {
+ free(c->c_peer_domain.bv_val);
+ }
+ BER_BVZERO( &c->c_peer_domain );
+ if(c->c_peer_name.bv_val != NULL) {
+ free(c->c_peer_name.bv_val);
+ }
+ BER_BVZERO( &c->c_peer_name );
+
+ c->c_sasl_bind_in_progress = 0;
+ if(c->c_sasl_bind_mech.bv_val != NULL) {
+ free(c->c_sasl_bind_mech.bv_val);
+ }
+ BER_BVZERO( &c->c_sasl_bind_mech );
+
+ slap_sasl_close( c );
+
+ if ( c->c_currentber != NULL ) {
+ ber_free( c->c_currentber, 1 );
+ c->c_currentber = NULL;
+ }
+
+
+#ifdef LDAP_SLAPI
+ /* call destructors, then constructors; avoids unnecessary allocation */
+ if ( slapi_plugins_used ) {
+ slapi_int_clear_object_extensions( SLAPI_X_EXT_CONNECTION, c );
+ }
+#endif
+
+ c->c_conn_state = SLAP_C_INVALID;
+ c->c_struct_state = SLAP_C_UNUSED;
+ c->c_close_reason = "?"; /* should never be needed */
+
+ sb = c->c_sb;
+ c->c_sb = ber_sockbuf_alloc( );
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
+ ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd );
+
+ /* c must be fully reset by this point; when we call slapd_remove
+ * it may get immediately reused by a new connection.
+ */
+ if ( sd != AC_SOCKET_INVALID ) {
+ slapd_remove( sd, sb, 1, 0, 0 );
+
+ if ( close_reason == NULL ) {
+ Statslog( LDAP_DEBUG_STATS, "conn=%lu fd=%ld closed\n",
+ connid, (long) sd, 0, 0, 0 );
+ } else {
+ Statslog( LDAP_DEBUG_STATS, "conn=%lu fd=%ld closed (%s)\n",
+ connid, (long) sd, close_reason, 0, 0 );
+ }
+ }
+}
+
+int connection_state_closing( Connection *c )
+{
+ /* c_mutex must be locked by caller */
+
+ int state;
+ assert( c != NULL );
+ assert( c->c_struct_state == SLAP_C_USED );
+
+ state = c->c_conn_state;
+
+ assert( state != SLAP_C_INVALID );
+
+ return state == SLAP_C_CLOSING;
+}
+
+static void connection_abandon( Connection *c )
+{
+ /* c_mutex must be locked by caller */
+
+ Operation *o, *next, op = {0};
+ Opheader ohdr = {0};
+ SlapReply rs = {0};
+
+ op.o_hdr = &ohdr;
+ op.o_conn = c;
+ op.o_connid = c->c_connid;
+ op.o_tag = LDAP_REQ_ABANDON;
+
+ for ( o = LDAP_STAILQ_FIRST( &c->c_ops ); o; o=next ) {
+ next = LDAP_STAILQ_NEXT( o, o_next );
+ op.orn_msgid = o->o_msgid;
+ o->o_abandon = 1;
+ op.o_bd = frontendDB;
+ frontendDB->be_abandon( &op, &rs );
+ }
+
+#ifdef LDAP_X_TXN
+ /* remove operations in pending transaction */
+ while ( (o = LDAP_STAILQ_FIRST( &c->c_txn_ops )) != NULL) {
+ LDAP_STAILQ_REMOVE_HEAD( &c->c_txn_ops, o_next );
+ LDAP_STAILQ_NEXT(o, o_next) = NULL;
+ slap_op_free( o );
+ }
+
+ /* clear transaction */
+ c->c_txn_backend = NULL;
+ c->c_txn = CONN_TXN_INACTIVE;
+#endif
+
+ /* remove pending operations */
+ while ( (o = LDAP_STAILQ_FIRST( &c->c_pending_ops )) != NULL) {
+ LDAP_STAILQ_REMOVE_HEAD( &c->c_pending_ops, o_next );
+ LDAP_STAILQ_NEXT(o, o_next) = NULL;
+ slap_op_free( o );
+ }
+}
+
+void connection_closing( Connection *c, const char *why )
+{
+ assert( connections != NULL );
+ assert( c != NULL );
+ assert( c->c_struct_state == SLAP_C_USED );
+ assert( c->c_conn_state != SLAP_C_INVALID );
+
+ /* c_mutex must be locked by caller */
+
+ if( c->c_conn_state != SLAP_C_CLOSING ) {
+ ber_socket_t sd;
+
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_GET_FD, &sd );
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_closing: readying conn=%lu sd=%d for close\n",
+ c->c_connid, sd, 0 );
+ /* update state to closing */
+ c->c_conn_state = SLAP_C_CLOSING;
+ c->c_close_reason = why;
+
+ /* don't listen on this port anymore */
+ slapd_clr_read( sd, 0 );
+
+ /* abandon active operations */
+ connection_abandon( c );
+
+ /* wake write blocked operations */
+ if ( c->c_writewaiter ) {
+ ldap_pvt_thread_cond_signal( &c->c_write_cv );
+ /* ITS#4667 this may allow another thread to drop into
+ * connection_resched / connection_close before we
+ * finish, but that's OK.
+ */
+ slapd_clr_write( sd, 1 );
+ ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+ ldap_pvt_thread_mutex_lock( &c->c_write_mutex );
+ ldap_pvt_thread_mutex_lock( &c->c_mutex );
+ ldap_pvt_thread_mutex_unlock( &c->c_write_mutex );
+ } else {
+ slapd_clr_write( sd, 1 );
+ }
+
+ } else if( why == NULL && c->c_close_reason == conn_lost_str ) {
+ /* Client closed connection after doing Unbind. */
+ c->c_close_reason = NULL;
+ }
+}
+
+static void
+connection_close( Connection *c )
+{
+ ber_socket_t sd = AC_SOCKET_INVALID;
+
+ assert( connections != NULL );
+ assert( c != NULL );
+
+ /* ITS#4667 we may have gotten here twice */
+ if ( c->c_conn_state == SLAP_C_INVALID )
+ return;
+
+ assert( c->c_struct_state == SLAP_C_USED );
+ assert( c->c_conn_state == SLAP_C_CLOSING );
+
+ /* NOTE: c_mutex should be locked by caller */
+
+ /* NOTE: don't get the file descriptor if not needed */
+#ifdef LDAP_DEBUG
+ if ( slap_debug & LDAP_DEBUG_TRACE ) {
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_GET_FD, &sd );
+ }
+#endif /* LDAP_DEBUG */
+
+ if ( !LDAP_STAILQ_EMPTY(&c->c_ops) ||
+ !LDAP_STAILQ_EMPTY(&c->c_pending_ops) )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_close: deferring conn=%lu sd=%d\n",
+ c->c_connid, sd, 0 );
+ return;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "connection_close: conn=%lu sd=%d\n",
+ c->c_connid, sd, 0 );
+
+ connection_destroy( c );
+}
+
+unsigned long connections_nextid(void)
+{
+ unsigned long id;
+ assert( connections != NULL );
+
+ ldap_pvt_thread_mutex_lock( &conn_nextid_mutex );
+
+ id = conn_nextid;
+
+ ldap_pvt_thread_mutex_unlock( &conn_nextid_mutex );
+
+ return id;
+}
+
+Connection* connection_first( ber_socket_t *index )
+{
+ assert( connections != NULL );
+ assert( index != NULL );
+
+ ldap_pvt_thread_mutex_lock( &connections_mutex );
+ for( *index = 0; *index < dtblsize; (*index)++) {
+ if( connections[*index].c_struct_state != SLAP_C_UNINITIALIZED ) {
+ break;
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &connections_mutex );
+
+ return connection_next(NULL, index);
+}
+
+Connection* connection_next( Connection *c, ber_socket_t *index )
+{
+ assert( connections != NULL );
+ assert( index != NULL );
+ assert( *index <= dtblsize );
+
+ if( c != NULL ) ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+
+ c = NULL;
+
+ ldap_pvt_thread_mutex_lock( &connections_mutex );
+ for(; *index < dtblsize; (*index)++) {
+ int c_struct;
+ if( connections[*index].c_struct_state == SLAP_C_UNINITIALIZED ) {
+ assert( connections[*index].c_conn_state == SLAP_C_INVALID );
+#ifdef HAVE_WINSOCK
+ break;
+#else
+ continue;
+#endif
+ }
+
+ if( connections[*index].c_struct_state == SLAP_C_USED ) {
+ assert( connections[*index].c_conn_state != SLAP_C_INVALID );
+ c = &connections[(*index)++];
+ if ( ldap_pvt_thread_mutex_trylock( &c->c_mutex )) {
+ /* avoid deadlock */
+ ldap_pvt_thread_mutex_unlock( &connections_mutex );
+ ldap_pvt_thread_mutex_lock( &c->c_mutex );
+ ldap_pvt_thread_mutex_lock( &connections_mutex );
+ if ( c->c_struct_state != SLAP_C_USED ) {
+ ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+ c = NULL;
+ continue;
+ }
+ }
+ break;
+ }
+
+ c_struct = connections[*index].c_struct_state;
+ if ( c_struct == SLAP_C_PENDING )
+ continue;
+ assert( c_struct == SLAP_C_UNUSED );
+ assert( connections[*index].c_conn_state == SLAP_C_INVALID );
+ }
+
+ ldap_pvt_thread_mutex_unlock( &connections_mutex );
+ return c;
+}
+
+void connection_done( Connection *c )
+{
+ assert( connections != NULL );
+
+ if( c != NULL ) ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+}
+
+/*
+ * connection_activity - handle the request operation op on connection
+ * conn. This routine figures out what kind of operation it is and
+ * calls the appropriate stub to handle it.
+ */
+
+#ifdef SLAPD_MONITOR
+/* FIXME: returns 0 in case of failure */
+#define INCR_OP_INITIATED(index) \
+ do { \
+ ldap_pvt_thread_mutex_lock( &slap_counters.sc_ops_mutex ); \
+ ldap_pvt_mp_add_ulong(slap_counters.sc_ops_initiated_[(index)], 1); \
+ ldap_pvt_thread_mutex_unlock( &slap_counters.sc_ops_mutex ); \
+ } while (0)
+#define INCR_OP_COMPLETED(index) \
+ do { \
+ ldap_pvt_thread_mutex_lock( &slap_counters.sc_ops_mutex ); \
+ ldap_pvt_mp_add_ulong(slap_counters.sc_ops_completed, 1); \
+ ldap_pvt_mp_add_ulong(slap_counters.sc_ops_completed_[(index)], 1); \
+ ldap_pvt_thread_mutex_unlock( &slap_counters.sc_ops_mutex ); \
+ } while (0)
+#else /* !SLAPD_MONITOR */
+#define INCR_OP_INITIATED(index) do { } while (0)
+#define INCR_OP_COMPLETED(index) \
+ do { \
+ ldap_pvt_thread_mutex_lock( &slap_counters.sc_ops_mutex ); \
+ ldap_pvt_mp_add_ulong(slap_counters.sc_ops_completed, 1); \
+ ldap_pvt_thread_mutex_unlock( &slap_counters.sc_ops_mutex ); \
+ } while (0)
+#endif /* !SLAPD_MONITOR */
+
+/*
+ * NOTE: keep in sync with enum in slapd.h
+ */
+static BI_op_func *opfun[] = {
+ do_bind,
+ do_unbind,
+ do_add,
+ do_delete,
+ do_modrdn,
+ do_modify,
+ do_compare,
+ do_search,
+ do_abandon,
+ do_extended,
+ NULL
+};
+
+static void *
+connection_operation( void *ctx, void *arg_v )
+{
+ int rc = LDAP_OTHER;
+ Operation *op = arg_v;
+ SlapReply rs = {REP_RESULT};
+ ber_tag_t tag = op->o_tag;
+ slap_op_t opidx = SLAP_OP_LAST;
+ Connection *conn = op->o_conn;
+ void *memctx = NULL;
+ void *memctx_null = NULL;
+ ber_len_t memsiz;
+
+ ldap_pvt_thread_mutex_lock( &slap_counters.sc_ops_mutex );
+ /* FIXME: returns 0 in case of failure */
+ ldap_pvt_mp_add_ulong(slap_counters.sc_ops_initiated, 1);
+ ldap_pvt_thread_mutex_unlock( &slap_counters.sc_ops_mutex );
+
+ op->o_threadctx = ctx;
+#ifdef LDAP_DEVEL
+ op->o_tid = ldap_pvt_thread_pool_tid( ctx );
+#endif /* LDAP_DEVEL */
+
+ switch ( tag ) {
+ case LDAP_REQ_BIND:
+ case LDAP_REQ_UNBIND:
+ case LDAP_REQ_ADD:
+ case LDAP_REQ_DELETE:
+ case LDAP_REQ_MODDN:
+ case LDAP_REQ_MODIFY:
+ case LDAP_REQ_COMPARE:
+ case LDAP_REQ_SEARCH:
+ case LDAP_REQ_ABANDON:
+ case LDAP_REQ_EXTENDED:
+ break;
+ default:
+ Debug( LDAP_DEBUG_ANY, "connection_operation: "
+ "conn %lu unknown LDAP request 0x%lx\n",
+ conn->c_connid, tag, 0 );
+ op->o_tag = LBER_ERROR;
+ rs.sr_err = LDAP_PROTOCOL_ERROR;
+ rs.sr_text = "unknown LDAP request";
+ send_ldap_disconnect( op, &rs );
+ rc = SLAPD_DISCONNECT;
+ goto operations_error;
+ }
+
+ if( conn->c_sasl_bind_in_progress && tag != LDAP_REQ_BIND ) {
+ Debug( LDAP_DEBUG_ANY, "connection_operation: "
+ "error: SASL bind in progress (tag=%ld).\n",
+ (long) tag, 0, 0 );
+ send_ldap_error( op, &rs, LDAP_OPERATIONS_ERROR,
+ "SASL bind in progress" );
+ rc = LDAP_OPERATIONS_ERROR;
+ goto operations_error;
+ }
+
+#ifdef LDAP_X_TXN
+ if (( conn->c_txn == CONN_TXN_SPECIFY ) && (
+ ( tag == LDAP_REQ_ADD ) ||
+ ( tag == LDAP_REQ_DELETE ) ||
+ ( tag == LDAP_REQ_MODIFY ) ||
+ ( tag == LDAP_REQ_MODRDN )))
+ {
+ /* Disable SLAB allocator for all update operations
+ issued inside of a transaction */
+ op->o_tmpmemctx = NULL;
+ op->o_tmpmfuncs = &ch_mfuncs;
+ } else
+#endif
+ {
+ /* We can use Thread-Local storage for most mallocs. We can
+ * also use TL for ber parsing, but not on Add or Modify.
+ */
+#if 0
+ memsiz = ber_len( op->o_ber ) * 64;
+ if ( SLAP_SLAB_SIZE > memsiz ) memsiz = SLAP_SLAB_SIZE;
+#endif
+ memsiz = SLAP_SLAB_SIZE;
+
+ memctx = slap_sl_mem_create( memsiz, SLAP_SLAB_STACK, ctx );
+ op->o_tmpmemctx = memctx;
+ op->o_tmpmfuncs = &slap_sl_mfuncs;
+ if ( tag != LDAP_REQ_ADD && tag != LDAP_REQ_MODIFY ) {
+ /* Note - the ber and its buffer are already allocated from
+ * regular memory; this only affects subsequent mallocs that
+ * ber_scanf may invoke.
+ */
+ ber_set_option( op->o_ber, LBER_OPT_BER_MEMCTX, &memctx );
+ }
+ }
+
+ opidx = slap_req2op( tag );
+ assert( opidx != SLAP_OP_LAST );
+ INCR_OP_INITIATED( opidx );
+ rc = (*(opfun[opidx]))( op, &rs );
+
+operations_error:
+ if ( rc == SLAPD_DISCONNECT ) {
+ tag = LBER_ERROR;
+
+ } else if ( opidx != SLAP_OP_LAST ) {
+ /* increment completed operations count
+ * only if operation was initiated
+ * and rc != SLAPD_DISCONNECT */
+ INCR_OP_COMPLETED( opidx );
+ }
+
+ if ( op->o_cancel == SLAP_CANCEL_REQ ) {
+ if ( rc == SLAPD_ABANDON ) {
+ op->o_cancel = SLAP_CANCEL_ACK;
+ } else {
+ op->o_cancel = LDAP_TOO_LATE;
+ }
+ }
+
+ while ( op->o_cancel != SLAP_CANCEL_NONE &&
+ op->o_cancel != SLAP_CANCEL_DONE )
+ {
+ ldap_pvt_thread_yield();
+ }
+
+ ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+
+ ber_set_option( op->o_ber, LBER_OPT_BER_MEMCTX, &memctx_null );
+
+ LDAP_STAILQ_REMOVE( &conn->c_ops, op, slap_op, o_next);
+ LDAP_STAILQ_NEXT(op, o_next) = NULL;
+ slap_op_free( op );
+ conn->c_n_ops_executing--;
+ conn->c_n_ops_completed++;
+
+ switch( tag ) {
+ case LBER_ERROR:
+ case LDAP_REQ_UNBIND:
+ /* c_mutex is locked */
+ connection_closing( conn,
+ tag == LDAP_REQ_UNBIND ? NULL : "operations error" );
+ break;
+ }
+
+ connection_resched( conn );
+ ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+ return NULL;
+}
+
+static const Listener dummy_list = { BER_BVC(""), BER_BVC("") };
+
+int connection_client_setup(
+ ber_socket_t s,
+ ldap_pvt_thread_start_t *func,
+ void *arg )
+{
+ int rc;
+ Connection *c;
+
+ rc = connection_init( s, (Listener *)&dummy_list, "", "",
+ CONN_IS_CLIENT, 0, NULL );
+ if ( rc < 0 ) return -1;
+
+ c = connection_get( s );
+ c->c_clientfunc = func;
+ c->c_clientarg = arg;
+
+ slapd_add_internal( s, 0 );
+ slapd_set_read( s, 1 );
+ connection_return( c );
+ return 0;
+}
+
+void connection_client_enable(
+ ber_socket_t s )
+{
+ slapd_set_read( s, 1 );
+}
+
+void connection_client_stop(
+ ber_socket_t s )
+{
+ Connection *c;
+ Sockbuf *sb;
+
+ /* get (locked) connection */
+ c = connection_get( s );
+
+ assert( c->c_conn_state == SLAP_C_CLIENT );
+
+ c->c_listener = NULL;
+ c->c_conn_state = SLAP_C_INVALID;
+ c->c_struct_state = SLAP_C_UNUSED;
+ c->c_close_reason = "?"; /* should never be needed */
+ sb = c->c_sb;
+ c->c_sb = ber_sockbuf_alloc( );
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+ slapd_remove( s, sb, 0, 1, 0 );
+
+ connection_return( c );
+}
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+
+static int connection_read( ber_socket_t s, conn_readinfo *cri );
+
+static void* connection_read_thread( void* ctx, void* argv )
+{
+ int rc ;
+ conn_readinfo cri = { NULL, NULL, NULL, 0 };
+ ber_socket_t s = (long)argv;
+
+ /*
+ * read incoming LDAP requests. If there is more than one,
+ * the first one is returned with new_op
+ */
+ if( ( rc = connection_read( s, &cri ) ) < 0 ) {
+ Debug( LDAP_DEBUG_CONNS, "connection_read(%d) error\n", s, 0, 0 );
+ return (void*)(long)rc;
+ }
+
+ /* execute a single queued request in the same thread */
+ if( cri.op && !cri.nullop ) {
+ rc = (long)connection_operation( ctx, cri.op );
+ } else if ( cri.func ) {
+ rc = (long)cri.func( ctx, cri.arg );
+ }
+
+ return (void*)(long)rc;
+}
+
+int connection_read_activate( ber_socket_t s )
+{
+ int rc;
+
+ /*
+ * suspend reading on this file descriptor until a connection processing
+ * thread reads data on it. Otherwise the listener thread will repeatedly
+ * submit the same event on it to the pool.
+ */
+ rc = slapd_clr_read( s, 0 );
+ if ( rc )
+ return rc;
+
+ rc = ldap_pvt_thread_pool_submit( &connection_pool,
+ connection_read_thread, (void *)(long)s );
+
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "connection_read_activate(%d): submit failed (%d)\n",
+ s, rc, 0 );
+ }
+
+ return rc;
+}
+#endif
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+static int
+connection_read( ber_socket_t s, conn_readinfo *cri )
+#else
+int connection_read(ber_socket_t s)
+#endif
+{
+ int rc = 0;
+ Connection *c;
+
+ assert( connections != NULL );
+
+ /* get (locked) connection */
+ c = connection_get( s );
+
+ if( c == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "connection_read(%ld): no connection!\n",
+ (long) s, 0, 0 );
+
+ return -1;
+ }
+
+ c->c_n_read++;
+
+ if( c->c_conn_state == SLAP_C_CLOSING ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_read(%d): closing, ignoring input for id=%lu\n",
+ s, c->c_connid, 0 );
+ connection_return( c );
+ return 0;
+ }
+
+ if ( c->c_conn_state == SLAP_C_CLIENT ) {
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ cri->func = c->c_clientfunc;
+ cri->arg = c->c_clientarg;
+ /* read should already be cleared */
+#else
+ slapd_clr_read( s, 0 );
+ ldap_pvt_thread_pool_submit( &connection_pool,
+ c->c_clientfunc, c->c_clientarg );
+#endif
+ connection_return( c );
+ return 0;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_read(%d): checking for input on id=%lu\n",
+ s, c->c_connid, 0 );
+
+#ifdef HAVE_TLS
+ if ( c->c_is_tls && c->c_needs_tls_accept ) {
+ rc = ldap_pvt_tls_accept( c->c_sb, slap_tls_ctx );
+ if ( rc < 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_read(%d): TLS accept failure "
+ "error=%d id=%lu, closing\n",
+ s, rc, c->c_connid );
+
+ c->c_needs_tls_accept = 0;
+ /* c_mutex is locked */
+ connection_closing( c, "TLS negotiation failure" );
+ connection_close( c );
+ connection_return( c );
+ return 0;
+
+ } else if ( rc == 0 ) {
+ void *ssl;
+ struct berval authid = BER_BVNULL;
+
+ c->c_needs_tls_accept = 0;
+
+ /* we need to let SASL know */
+ ssl = ldap_pvt_tls_sb_ctx( c->c_sb );
+
+ c->c_tls_ssf = (slap_ssf_t) ldap_pvt_tls_get_strength( ssl );
+ if( c->c_tls_ssf > c->c_ssf ) {
+ c->c_ssf = c->c_tls_ssf;
+ }
+
+ rc = dnX509peerNormalize( ssl, &authid );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "connection_read(%d): "
+ "unable to get TLS client DN, error=%d id=%lu\n",
+ s, rc, c->c_connid );
+ }
+ Statslog( LDAP_DEBUG_STATS,
+ "conn=%lu fd=%d TLS established tls_ssf=%u ssf=%u\n",
+ c->c_connid, (int) s, c->c_tls_ssf, c->c_ssf, 0 );
+ slap_sasl_external( c, c->c_tls_ssf, &authid );
+ if ( authid.bv_val ) free( authid.bv_val );
+ }
+
+ /* if success and data is ready, fall thru to data input loop */
+ if( !ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_DATA_READY, NULL ) )
+ {
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ slapd_set_read( s, 1 );
+#endif
+
+ connection_return( c );
+ return 0;
+ }
+ }
+#endif
+
+#ifdef HAVE_CYRUS_SASL
+ if ( c->c_sasl_layers ) {
+ /* If previous layer is not removed yet, give up for now */
+ if ( !c->c_sasl_sockctx ) {
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ slapd_set_read( s, 1 );
+#endif
+
+ connection_return( c );
+ return 0;
+ }
+
+ c->c_sasl_layers = 0;
+
+ rc = ldap_pvt_sasl_install( c->c_sb, c->c_sasl_sockctx );
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_read(%d): SASL install error "
+ "error=%d id=%lu, closing\n",
+ s, rc, c->c_connid );
+
+ /* c_mutex is locked */
+ connection_closing( c, "SASL layer install failure" );
+ connection_close( c );
+ connection_return( c );
+ return 0;
+ }
+ }
+#endif
+
+#define CONNECTION_INPUT_LOOP 1
+/* #define DATA_READY_LOOP 1 */
+
+ do {
+ /* How do we do this without getting into a busy loop ? */
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ rc = connection_input( c, cri );
+#else
+ rc = connection_input( c );
+#endif
+ }
+#ifdef DATA_READY_LOOP
+ while( !rc && ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_DATA_READY, NULL ));
+#elif CONNECTION_INPUT_LOOP
+ while(!rc);
+#else
+ while(0);
+#endif
+
+ if( rc < 0 ) {
+ Debug( LDAP_DEBUG_CONNS,
+ "connection_read(%d): input error=%d id=%lu, closing.\n",
+ s, rc, c->c_connid );
+
+ /* c_mutex is locked */
+ connection_closing( c, conn_lost_str );
+ connection_close( c );
+ connection_return( c );
+ return 0;
+ }
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_WRITE, NULL ) ) {
+ slapd_set_write( s, 0 );
+ }
+
+ slapd_set_read( s, 1 );
+#else
+ if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_READ, NULL ) ) {
+ slapd_set_read( s, 1 );
+ }
+
+ if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_WRITE, NULL ) ) {
+ slapd_set_write( s, 1 );
+ }
+#endif
+
+ connection_return( c );
+
+ return 0;
+}
+
+static int
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+connection_input( Connection *conn , conn_readinfo *cri )
+#else
+connection_input( Connection *conn )
+#endif
+{
+ Operation *op;
+ ber_tag_t tag;
+ ber_len_t len;
+ ber_int_t msgid;
+ BerElement *ber;
+ int rc;
+#ifdef LDAP_CONNECTIONLESS
+ Sockaddr peeraddr;
+ char *cdn = NULL;
+#endif
+ char *defer = NULL;
+
+ if ( conn->c_currentber == NULL &&
+ ( conn->c_currentber = ber_alloc()) == NULL )
+ {
+ Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
+ return -1;
+ }
+
+ sock_errset(0);
+
+#ifdef LDAP_CONNECTIONLESS
+ if ( conn->c_is_udp ) {
+ char peername[sizeof("IP=255.255.255.255:65336")];
+
+ len = ber_int_sb_read(conn->c_sb, &peeraddr, sizeof(struct sockaddr));
+ if (len != sizeof(struct sockaddr)) return 1;
+
+ sprintf( peername, "IP=%s:%d",
+ inet_ntoa( peeraddr.sa_in_addr.sin_addr ),
+ (unsigned) ntohs( peeraddr.sa_in_addr.sin_port ) );
+ Statslog( LDAP_DEBUG_STATS,
+ "conn=%lu UDP request from %s (%s) accepted.\n",
+ conn->c_connid, peername, conn->c_sock_name.bv_val, 0, 0 );
+ }
+#endif
+
+ tag = ber_get_next( conn->c_sb, &len, conn->c_currentber );
+ if ( tag != LDAP_TAG_MESSAGE ) {
+ int err = sock_errno();
+ ber_socket_t sd;
+
+ ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
+
+ if ( err != EWOULDBLOCK && err != EAGAIN ) {
+ /* log, close and send error */
+ Debug( LDAP_DEBUG_TRACE,
+ "ber_get_next on fd %d failed errno=%d (%s)\n",
+ sd, err, sock_errstr(err) );
+ ber_free( conn->c_currentber, 1 );
+ conn->c_currentber = NULL;
+
+ return -2;
+ }
+ return 1;
+ }
+
+ ber = conn->c_currentber;
+ conn->c_currentber = NULL;
+
+ if ( (tag = ber_get_int( ber, &msgid )) != LDAP_TAG_MSGID ) {
+ /* log, close and send error */
+ Debug( LDAP_DEBUG_ANY, "ber_get_int returns 0x%lx\n", tag, 0, 0 );
+ ber_free( ber, 1 );
+ return -1;
+ }
+
+ if ( (tag = ber_peek_tag( ber, &len )) == LBER_ERROR ) {
+ /* log, close and send error */
+ Debug( LDAP_DEBUG_ANY, "ber_peek_tag returns 0x%lx\n", tag, 0, 0 );
+ ber_free( ber, 1 );
+
+ return -1;
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ if( conn->c_is_udp ) {
+ if( tag == LBER_OCTETSTRING ) {
+ ber_get_stringa( ber, &cdn );
+ tag = ber_peek_tag(ber, &len);
+ }
+ if( tag != LDAP_REQ_ABANDON && tag != LDAP_REQ_SEARCH ) {
+ Debug( LDAP_DEBUG_ANY, "invalid req for UDP 0x%lx\n", tag, 0, 0 );
+ ber_free( ber, 1 );
+ return 0;
+ }
+ }
+#endif
+
+ if(tag == LDAP_REQ_BIND) {
+ /* immediately abandon all existing operations upon BIND */
+ connection_abandon( conn );
+ }
+
+ op = slap_op_alloc( ber, msgid, tag, conn->c_n_ops_received++ );
+
+ op->o_conn = conn;
+ /* clear state if the connection is being reused from inactive */
+ if ( conn->c_conn_state == SLAP_C_INACTIVE ) {
+ memset( &conn->c_pagedresults_state, 0,
+ sizeof( conn->c_pagedresults_state ) );
+ }
+
+ op->o_res_ber = NULL;
+
+#ifdef LDAP_CONNECTIONLESS
+ if (conn->c_is_udp) {
+ if ( cdn ) {
+ ber_str2bv( cdn, 0, 1, &op->o_dn );
+ op->o_protocol = LDAP_VERSION2;
+ }
+ op->o_res_ber = ber_alloc_t( LBER_USE_DER );
+ if (op->o_res_ber == NULL) return 1;
+
+ rc = ber_write( op->o_res_ber, (char *)&peeraddr,
+ sizeof(struct sockaddr), 0 );
+
+ if (rc != sizeof(struct sockaddr)) {
+ Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 );
+ return 1;
+ }
+
+ if (op->o_protocol == LDAP_VERSION2) {
+ rc = ber_printf(op->o_res_ber, "{is{" /*}}*/, op->o_msgid, "");
+ if (rc == -1) {
+ Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 );
+ return rc;
+ }
+ }
+ }
+#endif /* LDAP_CONNECTIONLESS */
+
+ rc = 0;
+
+ /* Don't process requests when the conn is in the middle of a
+ * Bind, or if it's closing. Also, don't let any single conn
+ * use up all the available threads, and don't execute if we're
+ * currently blocked on output. And don't execute if there are
+ * already pending ops, let them go first. Abandon operations
+ * get exceptions to some, but not all, cases.
+ */
+ switch( tag ){
+ default:
+ /* Abandon and Unbind are exempt from these checks */
+ if (conn->c_conn_state == SLAP_C_CLOSING) {
+ defer = "closing";
+ break;
+ } else if (conn->c_writewaiter) {
+ defer = "awaiting write";
+ break;
+ } else if (conn->c_n_ops_pending) {
+ defer = "pending operations";
+ break;
+ }
+ /* FALLTHRU */
+ case LDAP_REQ_ABANDON:
+ /* Unbind is exempt from these checks */
+ if (conn->c_n_ops_executing >= connection_pool_max/2) {
+ defer = "too many executing";
+ break;
+ } else if (conn->c_conn_state == SLAP_C_BINDING) {
+ defer = "binding";
+ break;
+ }
+ /* FALLTHRU */
+ case LDAP_REQ_UNBIND:
+ break;
+ }
+
+ if( defer ) {
+ int max = conn->c_dn.bv_len
+ ? slap_conn_max_pending_auth
+ : slap_conn_max_pending;
+
+ Debug( LDAP_DEBUG_ANY,
+ "connection_input: conn=%lu deferring operation: %s\n",
+ conn->c_connid, defer, 0 );
+ conn->c_n_ops_pending++;
+ LDAP_STAILQ_INSERT_TAIL( &conn->c_pending_ops, op, o_next );
+ rc = ( conn->c_n_ops_pending > max ) ? -1 : 0;
+
+ } else {
+ conn->c_n_ops_executing++;
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ /*
+ * The first op will be processed in the same thread context,
+ * as long as there is only one op total.
+ * Subsequent ops will be submitted to the pool by
+ * calling connection_op_activate()
+ */
+ if ( cri->op == NULL ) {
+ /* the first incoming request */
+ connection_op_queue( op );
+ cri->op = op;
+ } else {
+ if ( !cri->nullop ) {
+ cri->nullop = 1;
+ rc = ldap_pvt_thread_pool_submit( &connection_pool,
+ connection_operation, (void *) cri->op );
+ }
+ connection_op_activate( op );
+ }
+#else
+ connection_op_activate( op );
+#endif
+ }
+
+#ifdef NO_THREADS
+ if ( conn->c_struct_state != SLAP_C_USED ) {
+ /* connection must have got closed underneath us */
+ return 1;
+ }
+#endif
+
+ assert( conn->c_struct_state == SLAP_C_USED );
+ return rc;
+}
+
+static int
+connection_resched( Connection *conn )
+{
+ Operation *op;
+
+ if( conn->c_conn_state == SLAP_C_CLOSING ) {
+ ber_socket_t sd;
+ ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
+
+ Debug( LDAP_DEBUG_TRACE, "connection_resched: "
+ "attempting closing conn=%lu sd=%d\n",
+ conn->c_connid, sd, 0 );
+ connection_close( conn );
+ return 0;
+ }
+
+ if( conn->c_conn_state != SLAP_C_ACTIVE || conn->c_writewaiter ) {
+ /* other states need different handling */
+ return 0;
+ }
+
+ while ((op = LDAP_STAILQ_FIRST( &conn->c_pending_ops )) != NULL) {
+ if ( conn->c_n_ops_executing > connection_pool_max/2 ) break;
+
+ LDAP_STAILQ_REMOVE_HEAD( &conn->c_pending_ops, o_next );
+ LDAP_STAILQ_NEXT(op, o_next) = NULL;
+
+ /* pending operations should not be marked for abandonment */
+ assert(!op->o_abandon);
+
+ conn->c_n_ops_pending--;
+ conn->c_n_ops_executing++;
+
+ connection_op_activate( op );
+
+ if ( conn->c_conn_state == SLAP_C_BINDING ) break;
+ }
+ return 0;
+}
+
+static void
+connection_init_log_prefix( Operation *op )
+{
+ if ( op->o_connid == (unsigned long)(-1) ) {
+ snprintf( op->o_log_prefix, sizeof( op->o_log_prefix ),
+ "conn=-1 op=%lu", op->o_opid );
+
+ } else {
+ snprintf( op->o_log_prefix, sizeof( op->o_log_prefix ),
+ "conn=%lu op=%lu", op->o_connid, op->o_opid );
+ }
+}
+
+static int connection_bind_cleanup_cb( Operation *op, SlapReply *rs )
+{
+ op->o_conn->c_sasl_bindop = NULL;
+
+ ch_free( op->o_callback );
+ op->o_callback = NULL;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int connection_bind_cb( Operation *op, SlapReply *rs )
+{
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+ if ( op->o_conn->c_conn_state == SLAP_C_BINDING )
+ op->o_conn->c_conn_state = SLAP_C_ACTIVE;
+ op->o_conn->c_sasl_bind_in_progress =
+ ( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS );
+
+ /* Moved here from bind.c due to ITS#4158 */
+ op->o_conn->c_sasl_bindop = NULL;
+ if ( op->orb_method == LDAP_AUTH_SASL ) {
+ if( rs->sr_err == LDAP_SUCCESS ) {
+ ber_dupbv(&op->o_conn->c_dn, &op->orb_edn);
+ if( !BER_BVISEMPTY( &op->orb_edn ) ) {
+ /* edn is always normalized already */
+ ber_dupbv( &op->o_conn->c_ndn, &op->o_conn->c_dn );
+ }
+ op->o_tmpfree( op->orb_edn.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &op->orb_edn );
+ op->o_conn->c_authmech = op->o_conn->c_sasl_bind_mech;
+ BER_BVZERO( &op->o_conn->c_sasl_bind_mech );
+
+ op->o_conn->c_sasl_ssf = op->orb_ssf;
+ if( op->orb_ssf > op->o_conn->c_ssf ) {
+ op->o_conn->c_ssf = op->orb_ssf;
+ }
+
+ if( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
+ ber_len_t max = sockbuf_max_incoming_auth;
+ ber_sockbuf_ctrl( op->o_conn->c_sb,
+ LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
+ /* log authorization identity */
+ Statslog( LDAP_DEBUG_STATS,
+ "%s BIND dn=\"%s\" mech=%s ssf=%d\n",
+ op->o_log_prefix,
+ BER_BVISNULL( &op->o_conn->c_dn ) ? "<empty>" : op->o_conn->c_dn.bv_val,
+ op->o_conn->c_authmech.bv_val, op->orb_ssf, 0 );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n",
+ op->o_conn->c_authmech.bv_val,
+ BER_BVISNULL( &op->o_conn->c_dn ) ? "<empty>" : op->o_conn->c_dn.bv_val,
+ op->orb_ssf );
+
+ } else if ( rs->sr_err != LDAP_SASL_BIND_IN_PROGRESS ) {
+ if ( !BER_BVISNULL( &op->o_conn->c_sasl_bind_mech ) ) {
+ free( op->o_conn->c_sasl_bind_mech.bv_val );
+ BER_BVZERO( &op->o_conn->c_sasl_bind_mech );
+ }
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+
+ ch_free( op->o_callback );
+ op->o_callback = NULL;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static void connection_op_queue( Operation *op )
+{
+ ber_tag_t tag = op->o_tag;
+
+ if (tag == LDAP_REQ_BIND) {
+ slap_callback *sc = ch_calloc( 1, sizeof( slap_callback ));
+ sc->sc_response = connection_bind_cb;
+ sc->sc_cleanup = connection_bind_cleanup_cb;
+ sc->sc_next = op->o_callback;
+ op->o_callback = sc;
+ op->o_conn->c_conn_state = SLAP_C_BINDING;
+ }
+
+ if (!op->o_dn.bv_len) {
+ op->o_authz = op->o_conn->c_authz;
+ if ( BER_BVISNULL( &op->o_conn->c_sasl_authz_dn )) {
+ ber_dupbv( &op->o_dn, &op->o_conn->c_dn );
+ ber_dupbv( &op->o_ndn, &op->o_conn->c_ndn );
+ } else {
+ ber_dupbv( &op->o_dn, &op->o_conn->c_sasl_authz_dn );
+ ber_dupbv( &op->o_ndn, &op->o_conn->c_sasl_authz_dn );
+ }
+ }
+
+ op->o_authtype = op->o_conn->c_authtype;
+ ber_dupbv( &op->o_authmech, &op->o_conn->c_authmech );
+
+ if (!op->o_protocol) {
+ op->o_protocol = op->o_conn->c_protocol
+ ? op->o_conn->c_protocol : LDAP_VERSION3;
+ }
+
+ if (op->o_conn->c_conn_state == SLAP_C_INACTIVE &&
+ op->o_protocol > LDAP_VERSION2)
+ {
+ op->o_conn->c_conn_state = SLAP_C_ACTIVE;
+ }
+
+ op->o_connid = op->o_conn->c_connid;
+ connection_init_log_prefix( op );
+
+ LDAP_STAILQ_INSERT_TAIL( &op->o_conn->c_ops, op, o_next );
+}
+
+static int connection_op_activate( Operation *op )
+{
+ int rc;
+
+ connection_op_queue( op );
+
+ rc = ldap_pvt_thread_pool_submit( &connection_pool,
+ connection_operation, (void *) op );
+
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "connection_op_activate: submit failed (%d) for conn=%lu\n",
+ rc, op->o_connid, 0 );
+ /* should move op to pending list */
+ }
+
+ return rc;
+}
+
+int connection_write(ber_socket_t s)
+{
+ Connection *c;
+ Operation *op;
+
+ assert( connections != NULL );
+
+ slapd_clr_write( s, 0 );
+
+ c = connection_get( s );
+ if( c == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "connection_write(%ld): no connection!\n",
+ (long)s, 0, 0 );
+ return -1;
+ }
+
+ c->c_n_write++;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_write(%d): waking output for id=%lu\n",
+ s, c->c_connid, 0 );
+ ldap_pvt_thread_cond_signal( &c->c_write_cv );
+
+ if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_READ, NULL ) ) {
+ slapd_set_read( s, 1 );
+ }
+ if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_WRITE, NULL ) ) {
+ slapd_set_write( s, 1 );
+ }
+
+ /* If there are ops pending because of a writewaiter,
+ * start one up.
+ */
+ while ((op = LDAP_STAILQ_FIRST( &c->c_pending_ops )) != NULL) {
+ if ( !c->c_writewaiter ) break;
+ if ( c->c_n_ops_executing > connection_pool_max/2 ) break;
+
+ LDAP_STAILQ_REMOVE_HEAD( &c->c_pending_ops, o_next );
+ LDAP_STAILQ_NEXT(op, o_next) = NULL;
+
+ /* pending operations should not be marked for abandonment */
+ assert(!op->o_abandon);
+
+ c->c_n_ops_pending--;
+ c->c_n_ops_executing++;
+
+ connection_op_activate( op );
+
+ break;
+ }
+
+ connection_return( c );
+ return 0;
+}
+
+#ifdef LDAP_SLAPI
+typedef struct conn_fake_extblock {
+ void *eb_conn;
+ void *eb_op;
+} conn_fake_extblock;
+
+static void
+connection_fake_destroy(
+ void *key,
+ void *data )
+{
+ Connection conn = {0};
+ Operation op = {0};
+ Opheader ohdr = {0};
+
+ conn_fake_extblock *eb = data;
+
+ op.o_hdr = &ohdr;
+ op.o_hdr->oh_extensions = eb->eb_op;
+ conn.c_extensions = eb->eb_conn;
+ op.o_conn = &conn;
+ conn.c_connid = -1;
+ op.o_connid = -1;
+
+ ber_memfree_x( eb, NULL );
+ slapi_int_free_object_extensions( SLAPI_X_EXT_OPERATION, &op );
+ slapi_int_free_object_extensions( SLAPI_X_EXT_CONNECTION, &conn );
+}
+#endif
+
+void
+connection_fake_init(
+ Connection *conn,
+ Operation *op,
+ void *ctx )
+{
+ conn->c_connid = -1;
+ conn->c_send_ldap_result = slap_send_ldap_result;
+ conn->c_send_search_entry = slap_send_search_entry;
+ conn->c_send_search_reference = slap_send_search_reference;
+ conn->c_listener = (Listener *)&dummy_list;
+ conn->c_peer_domain = slap_empty_bv;
+ conn->c_peer_name = slap_empty_bv;
+
+ memset(op, 0, OPERATION_BUFFER_SIZE);
+ op->o_hdr = (Opheader *)(op+1);
+ op->o_controls = (void **)(op->o_hdr+1);
+ /* set memory context */
+ op->o_tmpmemctx = slap_sl_mem_create(SLAP_SLAB_SIZE, SLAP_SLAB_STACK, ctx);
+ op->o_tmpmfuncs = &slap_sl_mfuncs;
+ op->o_threadctx = ctx;
+#ifdef LDAP_DEVEL
+ op->o_tid = ldap_pvt_thread_pool_tid( ctx );
+#endif /* LDAP_DEVEL */
+
+ op->o_conn = conn;
+ op->o_connid = op->o_conn->c_connid;
+ connection_init_log_prefix( op );
+
+#ifdef LDAP_SLAPI
+ if ( slapi_plugins_used ) {
+ conn_fake_extblock *eb = NULL;
+
+ /* Use thread keys to make sure these eventually get cleaned up */
+ if ( ldap_pvt_thread_pool_getkey( ctx, connection_fake_init, &eb,
+ NULL )) {
+ eb = ch_malloc( sizeof( *eb ));
+ slapi_int_create_object_extensions( SLAPI_X_EXT_CONNECTION, conn );
+ slapi_int_create_object_extensions( SLAPI_X_EXT_OPERATION, op );
+ eb->eb_conn = conn->c_extensions;
+ eb->eb_op = op->o_hdr->oh_extensions;
+ ldap_pvt_thread_pool_setkey( ctx, connection_fake_init, eb,
+ connection_fake_destroy );
+ } else {
+ conn->c_extensions = eb->eb_conn;
+ op->o_hdr->oh_extensions = eb->eb_op;
+ }
+ }
+#endif /* LDAP_SLAPI */
+
+ slap_op_time( &op->o_time, &op->o_tincr );
+}
+
+void
+connection_assign_nextid( Connection *conn )
+{
+ ldap_pvt_thread_mutex_lock( &conn_nextid_mutex );
+ conn->c_connid = conn_nextid++;
+ ldap_pvt_thread_mutex_unlock( &conn_nextid_mutex );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/controls.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/controls.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/controls.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1435 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/controls.c,v 1.125.2.24 2007/01/02 21:43:55 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+#include "../../libraries/liblber/lber-int.h"
+
+static SLAP_CTRL_PARSE_FN parseAssert;
+static SLAP_CTRL_PARSE_FN parsePreRead;
+static SLAP_CTRL_PARSE_FN parsePostRead;
+static SLAP_CTRL_PARSE_FN parseProxyAuthz;
+#ifdef LDAP_DEVEL
+static SLAP_CTRL_PARSE_FN parseDontUseCopy;
+static SLAP_CTRL_PARSE_FN parseManageDIT;
+#endif
+static SLAP_CTRL_PARSE_FN parseManageDSAit;
+static SLAP_CTRL_PARSE_FN parseNoOp;
+static SLAP_CTRL_PARSE_FN parsePagedResults;
+#ifdef LDAP_DEVEL
+static SLAP_CTRL_PARSE_FN parseSortedResults;
+#endif
+static SLAP_CTRL_PARSE_FN parseValuesReturnFilter;
+static SLAP_CTRL_PARSE_FN parsePermissiveModify;
+static SLAP_CTRL_PARSE_FN parseDomainScope;
+#ifdef SLAP_CONTROL_X_TREE_DELETE
+static SLAP_CTRL_PARSE_FN parseTreeDelete;
+#endif
+static SLAP_CTRL_PARSE_FN parseSearchOptions;
+static SLAP_CTRL_PARSE_FN parseSubentries;
+
+#undef sc_mask /* avoid conflict with Irix 6.5 <sys/signal.h> */
+
+const struct berval slap_pre_read_bv = BER_BVC(LDAP_CONTROL_PRE_READ);
+const struct berval slap_post_read_bv = BER_BVC(LDAP_CONTROL_POST_READ);
+
+struct slap_control_ids slap_cids;
+
+struct slap_control {
+ /* Control OID */
+ char *sc_oid;
+
+ /* The controlID for this control */
+ int sc_cid;
+
+ /* Operations supported by control */
+ slap_mask_t sc_mask;
+
+ /* Extended operations supported by control */
+ char **sc_extendedops;
+
+ /* Control parsing callback */
+ SLAP_CTRL_PARSE_FN *sc_parse;
+
+ LDAP_SLIST_ENTRY(slap_control) sc_next;
+};
+
+static LDAP_SLIST_HEAD(ControlsList, slap_control) controls_list
+ = LDAP_SLIST_HEAD_INITIALIZER(&controls_list);
+
+/*
+ * all known request control OIDs should be added to this list
+ */
+/*
+ * NOTE: initialize num_known_controls to 1 so that cid = 0 always
+ * addresses an undefined control; this allows to safely test for
+ * well known controls even if they are not registered, e.g. if
+ * they get moved to modules. An example is sc_LDAPsync, which
+ * is implemented in the syncprov overlay and thus, if configured
+ * as dynamic module, may not be registered. One side effect is that
+ * slap_known_controls[0] == NULL, so it should always be used
+ * starting from 1.
+ * FIXME: should we define the "undefined control" oid?
+ */
+char *slap_known_controls[SLAP_MAX_CIDS+1];
+static int num_known_controls = 1;
+
+static char *proxy_authz_extops[] = {
+ LDAP_EXOP_MODIFY_PASSWD,
+ LDAP_EXOP_X_WHO_AM_I,
+ NULL
+};
+
+static struct slap_control control_defs[] = {
+ { LDAP_CONTROL_ASSERT,
+ (int)offsetof(struct slap_control_ids, sc_assert),
+ SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME|
+ SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH, NULL,
+ parseAssert, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+ { LDAP_CONTROL_PRE_READ,
+ (int)offsetof(struct slap_control_ids, sc_preRead),
+ SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME, NULL,
+ parsePreRead, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+ { LDAP_CONTROL_POST_READ,
+ (int)offsetof(struct slap_control_ids, sc_postRead),
+ SLAP_CTRL_ADD|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME, NULL,
+ parsePostRead, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+ { LDAP_CONTROL_VALUESRETURNFILTER,
+ (int)offsetof(struct slap_control_ids, sc_valuesReturnFilter),
+ SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH, NULL,
+ parseValuesReturnFilter, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#ifdef LDAP_CONTROL_X_VALUESRETURNFILTER
+ { LDAP_CONTROL_X_VALUESRETURNFILTER,
+ (int)offsetof(struct slap_control_ids, sc_valuesReturnFilter),
+ SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH, NULL,
+ parseValuesReturnFilter, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#endif
+ { LDAP_CONTROL_PAGEDRESULTS,
+ (int)offsetof(struct slap_control_ids, sc_pagedResults),
+ SLAP_CTRL_SEARCH, NULL,
+ parsePagedResults, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#ifdef LDAP_DEVEL
+ { LDAP_CONTROL_SORTREQUEST,
+ (int)offsetof(struct slap_control_ids, sc_sortedResults),
+ SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH|SLAP_CTRL_HIDE, NULL,
+ parseSortedResults, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#endif
+ { LDAP_CONTROL_X_DOMAIN_SCOPE,
+ (int)offsetof(struct slap_control_ids, sc_domainScope),
+ SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH|SLAP_CTRL_HIDE, NULL,
+ parseDomainScope, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+ { LDAP_CONTROL_X_PERMISSIVE_MODIFY,
+ (int)offsetof(struct slap_control_ids, sc_permissiveModify),
+ SLAP_CTRL_MODIFY|SLAP_CTRL_HIDE, NULL,
+ parsePermissiveModify, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#ifdef SLAP_CONTROL_X_TREE_DELETE
+ { LDAP_CONTROL_X_TREE_DELETE,
+ (int)offsetof(struct slap_control_ids, sc_treeDelete),
+ SLAP_CTRL_DELETE|SLAP_CTRL_HIDE, NULL,
+ parseTreeDelete, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#endif
+ { LDAP_CONTROL_X_SEARCH_OPTIONS,
+ (int)offsetof(struct slap_control_ids, sc_searchOptions),
+ SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH|SLAP_CTRL_HIDE, NULL,
+ parseSearchOptions, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+ { LDAP_CONTROL_SUBENTRIES,
+ (int)offsetof(struct slap_control_ids, sc_subentries),
+ SLAP_CTRL_SEARCH, NULL,
+ parseSubentries, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+ { LDAP_CONTROL_NOOP,
+ (int)offsetof(struct slap_control_ids, sc_noOp),
+ SLAP_CTRL_ACCESS|SLAP_CTRL_HIDE, NULL,
+ parseNoOp, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#ifdef LDAP_DEVEL
+ { LDAP_CONTROL_DONTUSECOPY,
+ (int)offsetof(struct slap_control_ids, sc_dontUseCopy),
+ SLAP_CTRL_INTROGATE|SLAP_CTRL_HIDE, NULL,
+ parseDontUseCopy, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+ { LDAP_CONTROL_MANAGEDIT,
+ (int)offsetof(struct slap_control_ids, sc_manageDIT),
+ SLAP_CTRL_GLOBAL|SLAP_CTRL_UPDATE|SLAP_CTRL_HIDE, NULL,
+ parseManageDIT, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#endif
+ { LDAP_CONTROL_MANAGEDSAIT,
+ (int)offsetof(struct slap_control_ids, sc_manageDSAit),
+ SLAP_CTRL_ACCESS, NULL,
+ parseManageDSAit, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+ { LDAP_CONTROL_PROXY_AUTHZ,
+ (int)offsetof(struct slap_control_ids, sc_proxyAuthz),
+ SLAP_CTRL_GLOBAL|SLAP_CTRL_ACCESS, proxy_authz_extops,
+ parseProxyAuthz, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+ { NULL, 0, 0, NULL, 0, LDAP_SLIST_ENTRY_INITIALIZER(next) }
+};
+
+/*
+ * Register a supported control.
+ *
+ * This can be called by an OpenLDAP plugin or, indirectly, by a
+ * SLAPI plugin calling slapi_register_supported_control().
+ */
+int
+register_supported_control(const char *controloid,
+ slap_mask_t controlmask,
+ char **controlexops,
+ SLAP_CTRL_PARSE_FN *controlparsefn,
+ int *controlcid)
+{
+ struct slap_control *sc;
+ int i;
+
+ if ( num_known_controls >= SLAP_MAX_CIDS ) {
+ Debug( LDAP_DEBUG_ANY, "Too many controls registered."
+ " Recompile slapd with SLAP_MAX_CIDS defined > %d\n",
+ SLAP_MAX_CIDS, 0, 0 );
+ return LDAP_OTHER;
+ }
+
+ if ( controloid == NULL ) return LDAP_PARAM_ERROR;
+
+ /* sanity check - should never happen */
+ for ( i = 0; slap_known_controls[ i ]; i++ ) {
+ if ( strcmp( controloid, slap_known_controls[ i ] ) == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Control %s already registered.\n",
+ controloid, 0, 0 );
+ return LDAP_PARAM_ERROR;
+ }
+ }
+
+ sc = (struct slap_control *)SLAP_MALLOC( sizeof( *sc ) );
+ if ( sc == NULL ) return LDAP_NO_MEMORY;
+
+ sc->sc_oid = ch_strdup( controloid );
+ sc->sc_mask = controlmask;
+ if ( controlexops != NULL ) {
+ sc->sc_extendedops = ldap_charray_dup( controlexops );
+ if ( sc->sc_extendedops == NULL ) {
+ ch_free( sc );
+ return LDAP_NO_MEMORY;
+ }
+ } else {
+ sc->sc_extendedops = NULL;
+ }
+ sc->sc_parse = controlparsefn;
+
+ if ( controlcid ) *controlcid = num_known_controls;
+ sc->sc_cid = num_known_controls;
+
+ /* Update slap_known_controls, too. */
+ slap_known_controls[num_known_controls-1] = sc->sc_oid;
+ slap_known_controls[num_known_controls++] = NULL;
+
+ LDAP_SLIST_NEXT( sc, sc_next ) = NULL;
+ LDAP_SLIST_INSERT_HEAD( &controls_list, sc, sc_next );
+ return LDAP_SUCCESS;
+}
+
+/*
+ * One-time initialization of internal controls.
+ */
+int
+slap_controls_init( void )
+{
+ int i, rc;
+
+ rc = LDAP_SUCCESS;
+
+ for ( i = 0; control_defs[i].sc_oid != NULL; i++ ) {
+ int *cid = (int *)(((char *)&slap_cids) + control_defs[i].sc_cid );
+ rc = register_supported_control( control_defs[i].sc_oid,
+ control_defs[i].sc_mask, control_defs[i].sc_extendedops,
+ control_defs[i].sc_parse, cid );
+ if ( rc != LDAP_SUCCESS ) break;
+ }
+
+ return rc;
+}
+
+/*
+ * Free memory associated with list of supported controls.
+ */
+void
+controls_destroy( void )
+{
+ struct slap_control *sc;
+
+ while ( !LDAP_SLIST_EMPTY(&controls_list) ) {
+ sc = LDAP_SLIST_FIRST(&controls_list);
+ LDAP_SLIST_REMOVE_HEAD(&controls_list, sc_next);
+
+ ch_free( sc->sc_oid );
+ if ( sc->sc_extendedops != NULL ) {
+ ldap_charray_free( sc->sc_extendedops );
+ }
+ ch_free( sc );
+ }
+}
+
+/*
+ * Format the supportedControl attribute of the root DSE,
+ * detailing which controls are supported by the directory
+ * server.
+ */
+int
+controls_root_dse_info( Entry *e )
+{
+ AttributeDescription *ad_supportedControl
+ = slap_schema.si_ad_supportedControl;
+ struct berval vals[2];
+ struct slap_control *sc;
+
+ vals[1].bv_val = NULL;
+ vals[1].bv_len = 0;
+
+ LDAP_SLIST_FOREACH( sc, &controls_list, sc_next ) {
+ if( sc->sc_mask & SLAP_CTRL_HIDE ) continue;
+
+ vals[0].bv_val = sc->sc_oid;
+ vals[0].bv_len = strlen( sc->sc_oid );
+
+ if ( attr_merge( e, ad_supportedControl, vals, NULL ) ) {
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+/*
+ * Return a list of OIDs and operation masks for supported
+ * controls. Used by SLAPI.
+ */
+int
+get_supported_controls(char ***ctrloidsp,
+ slap_mask_t **ctrlmasks)
+{
+ int n;
+ char **oids;
+ slap_mask_t *masks;
+ struct slap_control *sc;
+
+ n = 0;
+
+ LDAP_SLIST_FOREACH( sc, &controls_list, sc_next ) {
+ n++;
+ }
+
+ if ( n == 0 ) {
+ *ctrloidsp = NULL;
+ *ctrlmasks = NULL;
+ return LDAP_SUCCESS;
+ }
+
+ oids = (char **)SLAP_MALLOC( (n + 1) * sizeof(char *) );
+ if ( oids == NULL ) {
+ return LDAP_NO_MEMORY;
+ }
+ masks = (slap_mask_t *)SLAP_MALLOC( (n + 1) * sizeof(slap_mask_t) );
+ if ( masks == NULL ) {
+ ch_free( oids );
+ return LDAP_NO_MEMORY;
+ }
+
+ n = 0;
+
+ LDAP_SLIST_FOREACH( sc, &controls_list, sc_next ) {
+ oids[n] = ch_strdup( sc->sc_oid );
+ masks[n] = sc->sc_mask;
+ n++;
+ }
+ oids[n] = NULL;
+ masks[n] = 0;
+
+ *ctrloidsp = oids;
+ *ctrlmasks = masks;
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Find a control given its OID.
+ */
+static struct slap_control *
+find_ctrl( const char *oid )
+{
+ struct slap_control *sc;
+
+ LDAP_SLIST_FOREACH( sc, &controls_list, sc_next ) {
+ if ( strcmp( oid, sc->sc_oid ) == 0 ) {
+ return sc;
+ }
+ }
+
+ return NULL;
+}
+
+int
+slap_find_control_id(
+ const char *oid,
+ int *cid )
+{
+ struct slap_control *ctrl = find_ctrl( oid );
+ if ( ctrl ) {
+ if ( cid ) *cid = ctrl->sc_cid;
+ return LDAP_SUCCESS;
+ }
+ return LDAP_CONTROL_NOT_FOUND;
+}
+
+int
+slap_global_control( Operation *op, const char *oid, int *cid )
+{
+ struct slap_control *ctrl = find_ctrl( oid );
+
+ if ( ctrl == NULL ) {
+ /* should not be reachable */
+ Debug( LDAP_DEBUG_ANY,
+ "slap_global_control: unrecognized control: %s\n",
+ oid, 0, 0 );
+ return LDAP_CONTROL_NOT_FOUND;
+ }
+
+ if ( cid ) *cid = ctrl->sc_cid;
+
+ if ( ( ctrl->sc_mask & SLAP_CTRL_GLOBAL ) ||
+ ( ( op->o_tag & LDAP_REQ_SEARCH ) &&
+ ( ctrl->sc_mask & SLAP_CTRL_GLOBAL_SEARCH ) ) )
+ {
+ return LDAP_COMPARE_TRUE;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_global_control: unavailable control: %s\n",
+ oid, 0, 0 );
+
+ return LDAP_COMPARE_FALSE;
+}
+
+void slap_free_ctrls(
+ Operation *op,
+ LDAPControl **ctrls )
+{
+ int i;
+
+ for (i=0; ctrls[i]; i++) {
+ op->o_tmpfree(ctrls[i], op->o_tmpmemctx );
+ }
+ op->o_tmpfree( ctrls, op->o_tmpmemctx );
+}
+
+int slap_parse_ctrl(
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *control,
+ const char **text )
+{
+ struct slap_control *sc;
+
+ sc = find_ctrl( control->ldctl_oid );
+ if( sc != NULL ) {
+ /* recognized control */
+ slap_mask_t tagmask;
+ switch( op->o_tag ) {
+ case LDAP_REQ_ADD:
+ tagmask = SLAP_CTRL_ADD;
+ break;
+ case LDAP_REQ_BIND:
+ tagmask = SLAP_CTRL_BIND;
+ break;
+ case LDAP_REQ_COMPARE:
+ tagmask = SLAP_CTRL_COMPARE;
+ break;
+ case LDAP_REQ_DELETE:
+ tagmask = SLAP_CTRL_DELETE;
+ break;
+ case LDAP_REQ_MODIFY:
+ tagmask = SLAP_CTRL_MODIFY;
+ break;
+ case LDAP_REQ_RENAME:
+ tagmask = SLAP_CTRL_RENAME;
+ break;
+ case LDAP_REQ_SEARCH:
+ tagmask = SLAP_CTRL_SEARCH;
+ break;
+ case LDAP_REQ_UNBIND:
+ tagmask = SLAP_CTRL_UNBIND;
+ break;
+ case LDAP_REQ_ABANDON:
+ tagmask = SLAP_CTRL_ABANDON;
+ break;
+ case LDAP_REQ_EXTENDED:
+ tagmask=~0L;
+ assert( op->ore_reqoid.bv_val != NULL );
+ if( sc->sc_extendedops != NULL ) {
+ int i;
+ for( i=0; sc->sc_extendedops[i] != NULL; i++ ) {
+ if( strcmp( op->ore_reqoid.bv_val,
+ sc->sc_extendedops[i] ) == 0 )
+ {
+ tagmask=0L;
+ break;
+ }
+ }
+ }
+ break;
+ default:
+ *text = "controls internal error";
+ return LDAP_OTHER;
+ }
+
+ if (( sc->sc_mask & tagmask ) == tagmask ) {
+ /* available extension */
+ int rc;
+
+ if( !sc->sc_parse ) {
+ *text = "not yet implemented";
+ return LDAP_OTHER;
+ }
+
+ rc = sc->sc_parse( op, rs, control );
+ if ( rc ) {
+ assert( rc != LDAP_UNAVAILABLE_CRITICAL_EXTENSION );
+ return rc;
+ }
+
+ } else if( control->ldctl_iscritical ) {
+ /* unavailable CRITICAL control */
+ *text = "critical extension is unavailable";
+ return LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
+ }
+ } else if( control->ldctl_iscritical ) {
+ /* unrecognized CRITICAL control */
+ *text = "critical extension is not recognized";
+ return LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int get_ctrls(
+ Operation *op,
+ SlapReply *rs,
+ int sendres )
+{
+ int nctrls = 0;
+ ber_tag_t tag;
+ ber_len_t len;
+ char *opaque;
+ BerElement *ber = op->o_ber;
+ struct berval bv;
+
+ len = ber_pvt_ber_remaining(ber);
+
+ if( len == 0) {
+ /* no controls */
+ rs->sr_err = LDAP_SUCCESS;
+ return rs->sr_err;
+ }
+
+ if(( tag = ber_peek_tag( ber, &len )) != LDAP_TAG_CONTROLS ) {
+ if( tag == LBER_ERROR ) {
+ rs->sr_err = SLAPD_DISCONNECT;
+ rs->sr_text = "unexpected data in PDU";
+ }
+
+ goto return_results;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "=> get_ctrls\n", 0, 0, 0 );
+
+ if( op->o_protocol < LDAP_VERSION3 ) {
+ rs->sr_err = SLAPD_DISCONNECT;
+ rs->sr_text = "controls require LDAPv3";
+ goto return_results;
+ }
+
+ /* one for first control, one for termination */
+ op->o_ctrls = op->o_tmpalloc( 2 * sizeof(LDAPControl *), op->o_tmpmemctx );
+
+#if 0
+ if( op->ctrls == NULL ) {
+ rs->sr_err = LDAP_NO_MEMORY;
+ rs->sr_text = "no memory";
+ goto return_results;
+ }
+#endif
+
+ op->o_ctrls[nctrls] = NULL;
+
+ /* step through each element */
+ for( tag = ber_first_element( ber, &len, &opaque );
+ tag != LBER_ERROR;
+ tag = ber_next_element( ber, &len, opaque ) )
+ {
+ LDAPControl *c;
+ LDAPControl **tctrls;
+
+ c = op->o_tmpalloc( sizeof(LDAPControl), op->o_tmpmemctx );
+ memset(c, 0, sizeof(LDAPControl));
+
+ /* allocate pointer space for current controls (nctrls)
+ * + this control + extra NULL
+ */
+ tctrls = op->o_tmprealloc( op->o_ctrls,
+ (nctrls+2) * sizeof(LDAPControl *), op->o_tmpmemctx );
+
+#if 0
+ if( tctrls == NULL ) {
+ ch_free( c );
+ ldap_controls_free(op->o_ctrls);
+ op->o_ctrls = NULL;
+
+ rs->sr_err = LDAP_NO_MEMORY;
+ rs->sr_text = "no memory";
+ goto return_results;
+ }
+#endif
+ op->o_ctrls = tctrls;
+
+ op->o_ctrls[nctrls++] = c;
+ op->o_ctrls[nctrls] = NULL;
+
+ tag = ber_scanf( ber, "{m" /*}*/, &bv );
+ c->ldctl_oid = bv.bv_val;
+
+ if( tag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_TRACE, "=> get_ctrls: get oid failed.\n",
+ 0, 0, 0 );
+
+ slap_free_ctrls( op, op->o_ctrls );
+ op->o_ctrls = NULL;
+ rs->sr_err = SLAPD_DISCONNECT;
+ rs->sr_text = "decoding controls error";
+ goto return_results;
+
+ } else if( c->ldctl_oid == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "get_ctrls: conn %lu got emtpy OID.\n",
+ op->o_connid, 0, 0 );
+
+ slap_free_ctrls( op, op->o_ctrls );
+ op->o_ctrls = NULL;
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ rs->sr_text = "OID field is empty";
+ goto return_results;
+ }
+
+ tag = ber_peek_tag( ber, &len );
+
+ if( tag == LBER_BOOLEAN ) {
+ ber_int_t crit;
+ tag = ber_scanf( ber, "b", &crit );
+
+ if( tag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_TRACE, "=> get_ctrls: get crit failed.\n",
+ 0, 0, 0 );
+ slap_free_ctrls( op, op->o_ctrls );
+ op->o_ctrls = NULL;
+ rs->sr_err = SLAPD_DISCONNECT;
+ rs->sr_text = "decoding controls error";
+ goto return_results;
+ }
+
+ c->ldctl_iscritical = (crit != 0);
+ tag = ber_peek_tag( ber, &len );
+ }
+
+ if( tag == LBER_OCTETSTRING ) {
+ tag = ber_scanf( ber, "m", &c->ldctl_value );
+
+ if( tag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_TRACE, "=> get_ctrls: conn %lu: "
+ "%s (%scritical): get value failed.\n",
+ op->o_connid, c->ldctl_oid,
+ c->ldctl_iscritical ? "" : "non" );
+ slap_free_ctrls( op, op->o_ctrls );
+ op->o_ctrls = NULL;
+ rs->sr_err = SLAPD_DISCONNECT;
+ rs->sr_text = "decoding controls error";
+ goto return_results;
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "=> get_ctrls: oid=\"%s\" (%scritical)\n",
+ c->ldctl_oid, c->ldctl_iscritical ? "" : "non", 0 );
+
+ rs->sr_err = slap_parse_ctrl( op, rs, c, &rs->sr_text );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ goto return_results;
+ }
+ }
+
+return_results:
+ Debug( LDAP_DEBUG_TRACE,
+ "<= get_ctrls: n=%d rc=%d err=\"%s\"\n",
+ nctrls, rs->sr_err, rs->sr_text ? rs->sr_text : "");
+
+ if( sendres && rs->sr_err != LDAP_SUCCESS ) {
+ if( rs->sr_err == SLAPD_DISCONNECT ) {
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ send_ldap_disconnect( op, rs );
+ rs->sr_err = SLAPD_DISCONNECT;
+ } else {
+ send_ldap_result( op, rs );
+ }
+ }
+
+ return rs->sr_err;
+}
+
+int
+slap_remove_control(
+ Operation *op,
+ SlapReply *rs,
+ int ctrl,
+ BI_chk_controls fnc )
+{
+ int i, j;
+
+ switch ( op->o_ctrlflag[ ctrl ] ) {
+ case SLAP_CONTROL_NONCRITICAL:
+ for ( i = 0, j = -1; op->o_ctrls[ i ] != NULL; i++ ) {
+ if ( strcmp( op->o_ctrls[ i ]->ldctl_oid,
+ slap_known_controls[ ctrl - 1 ] ) == 0 )
+ {
+ j = i;
+ }
+ }
+
+ if ( j == -1 ) {
+ rs->sr_err = LDAP_OTHER;
+ break;
+ }
+
+ if ( fnc ) {
+ (void)fnc( op, rs );
+ }
+
+ op->o_tmpfree( op->o_ctrls[ j ], op->o_tmpmemctx );
+
+ if ( i > 1 ) {
+ AC_MEMCPY( &op->o_ctrls[ j ], &op->o_ctrls[ j + 1 ],
+ ( i - j ) * sizeof( LDAPControl * ) );
+
+ } else {
+ op->o_tmpfree( op->o_ctrls, op->o_tmpmemctx );
+ op->o_ctrls = NULL;
+ }
+
+ op->o_ctrlflag[ ctrl ] = SLAP_CONTROL_IGNORED;
+
+ Debug( LDAP_DEBUG_ANY, "%s: "
+ "non-critical control \"%s\" not supported; stripped.\n",
+ op->o_log_prefix, slap_known_controls[ ctrl ], 0 );
+ /* fall thru */
+
+ case SLAP_CONTROL_IGNORED:
+ case SLAP_CONTROL_NONE:
+ rs->sr_err = SLAP_CB_CONTINUE;
+ break;
+
+ case SLAP_CONTROL_CRITICAL:
+ rs->sr_err = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
+ if ( fnc ) {
+ (void)fnc( op, rs );
+ }
+ Debug( LDAP_DEBUG_ANY, "%s: "
+ "critical control \"%s\" not supported.\n",
+ op->o_log_prefix, slap_known_controls[ ctrl ], 0 );
+ break;
+
+ default:
+ /* handle all cases! */
+ assert( 0 );
+ }
+
+ return rs->sr_err;
+}
+
+#ifdef LDAP_DEVEL
+static int parseDontUseCopy (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ if ( op->o_dontUseCopy != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "dontUseCopy control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( ctrl->ldctl_value.bv_len ) {
+ rs->sr_text = "dontUseCopy control value not empty";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( ctrl->ldctl_iscritical != SLAP_CONTROL_CRITICAL ) {
+ rs->sr_text = "dontUseCopy criticality of FALSE not allowed";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ op->o_dontUseCopy = SLAP_CONTROL_CRITICAL;
+ return LDAP_SUCCESS;
+}
+
+static int parseManageDIT (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ if ( op->o_managedit != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "manageDIT control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( ctrl->ldctl_value.bv_len ) {
+ rs->sr_text = "manageDIT control value not empty";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ op->o_managedit = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ return LDAP_SUCCESS;
+}
+#endif
+
+static int parseManageDSAit (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ if ( op->o_managedsait != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "manageDSAit control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( ctrl->ldctl_value.bv_len ) {
+ rs->sr_text = "manageDSAit control value not empty";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ op->o_managedsait = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ return LDAP_SUCCESS;
+}
+
+static int parseProxyAuthz (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ int rc;
+ struct berval dn = BER_BVNULL;
+
+ if ( op->o_proxy_authz != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "proxy authorization control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( BER_BVISEMPTY( &op->o_ndn ) ) {
+ rs->sr_text = "anonymous proxyAuthz not allowed";
+ return LDAP_PROXY_AUTHZ_FAILURE;
+ }
+
+ op->o_proxy_authz = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ Debug( LDAP_DEBUG_ARGS,
+ "parseProxyAuthz: conn %lu authzid=\"%s\"\n",
+ op->o_connid,
+ ctrl->ldctl_value.bv_len ? ctrl->ldctl_value.bv_val : "anonymous",
+ 0 );
+
+ if ( ctrl->ldctl_value.bv_len == 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "parseProxyAuthz: conn=%lu anonymous\n",
+ op->o_connid, 0, 0 );
+
+ /* anonymous */
+ if ( !BER_BVISNULL( &op->o_ndn ) ) {
+ op->o_ndn.bv_val[ 0 ] = '\0';
+ }
+ op->o_ndn.bv_len = 0;
+
+ if ( !BER_BVISNULL( &op->o_dn ) ) {
+ op->o_dn.bv_val[ 0 ] = '\0';
+ }
+ op->o_dn.bv_len = 0;
+
+ return LDAP_SUCCESS;
+ }
+
+ rc = slap_sasl_getdn( op->o_conn, op, &ctrl->ldctl_value,
+ NULL, &dn, SLAP_GETDN_AUTHZID );
+
+ /* FIXME: empty DN in proxyAuthz control should be legal... */
+ if( rc != LDAP_SUCCESS /* || !dn.bv_len */ ) {
+ if ( dn.bv_val ) {
+ ch_free( dn.bv_val );
+ }
+ rs->sr_text = "authzId mapping failed";
+ return LDAP_PROXY_AUTHZ_FAILURE;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "parseProxyAuthz: conn=%lu \"%s\"\n",
+ op->o_connid,
+ dn.bv_len ? dn.bv_val : "(NULL)", 0 );
+
+ rc = slap_sasl_authorized( op, &op->o_ndn, &dn );
+
+ if ( rc ) {
+ ch_free( dn.bv_val );
+ rs->sr_text = "not authorized to assume identity";
+ return LDAP_PROXY_AUTHZ_FAILURE;
+ }
+
+ ch_free( op->o_ndn.bv_val );
+ ch_free( op->o_dn.bv_val );
+
+ /*
+ * NOTE: since slap_sasl_getdn() returns a normalized dn,
+ * from now on op->o_dn is normalized
+ */
+ op->o_ndn = dn;
+ ber_dupbv( &op->o_dn, &dn );
+
+ Statslog( LDAP_DEBUG_STATS, "%s PROXYAUTHZ dn=\"%s\"\n",
+ op->o_log_prefix, dn.bv_val, 0, 0, 0 );
+
+ return LDAP_SUCCESS;
+}
+
+static int parseNoOp (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ if ( op->o_noop != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "noop control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( ctrl->ldctl_value.bv_len ) {
+ rs->sr_text = "noop control value not empty";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ op->o_noop = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ return LDAP_SUCCESS;
+}
+
+static int parsePagedResults (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ int rc = LDAP_SUCCESS;
+ ber_tag_t tag;
+ ber_int_t size;
+ BerElement *ber;
+ struct berval cookie = BER_BVNULL;
+ PagedResultsState *ps;
+
+ if ( op->o_pagedresults != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "paged results control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
+ rs->sr_text = "paged results control value is empty (or absent)";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ /* Parse the control value
+ * realSearchControlValue ::= SEQUENCE {
+ * size INTEGER (0..maxInt),
+ * -- requested page size from client
+ * -- result set size estimate from server
+ * cookie OCTET STRING
+ * }
+ */
+ ber = ber_init( &ctrl->ldctl_value );
+ if ( ber == NULL ) {
+ rs->sr_text = "internal error";
+ return LDAP_OTHER;
+ }
+
+ tag = ber_scanf( ber, "{im}", &size, &cookie );
+
+ if ( tag == LBER_ERROR ) {
+ rs->sr_text = "paged results control could not be decoded";
+ rc = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+
+ if ( size < 0 ) {
+ rs->sr_text = "paged results control size invalid";
+ rc = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+
+ ps = op->o_tmpalloc( sizeof(PagedResultsState), op->o_tmpmemctx );
+ *ps = op->o_conn->c_pagedresults_state;
+ ps->ps_size = size;
+ op->o_pagedresults_state = ps;
+
+ /* NOTE: according to RFC 2696 3.:
+
+ If the page size is greater than or equal to the sizeLimit value, the
+ server should ignore the control as the request can be satisfied in a
+ single page.
+
+ * NOTE: this assumes that the op->ors_slimit be set
+ * before the controls are parsed.
+ */
+
+ if ( op->ors_slimit > 0 && size >= op->ors_slimit ) {
+ op->o_pagedresults = SLAP_CONTROL_IGNORED;
+
+ } else if ( ctrl->ldctl_iscritical ) {
+ op->o_pagedresults = SLAP_CONTROL_CRITICAL;
+
+ } else {
+ op->o_pagedresults = SLAP_CONTROL_NONCRITICAL;
+ }
+
+done:;
+ (void)ber_free( ber, 1 );
+ return rc;
+}
+
+#ifdef LDAP_DEVEL
+static int parseSortedResults (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ int rc = LDAP_SUCCESS;
+
+ if ( op->o_sortedresults != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "sorted results control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
+ rs->sr_text = "sorted results control value is empty (or absent)";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ /* blow off parsing the value */
+
+ op->o_sortedresults = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ return rc;
+}
+#endif
+
+static int parseAssert (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ BerElement *ber;
+ struct berval fstr = BER_BVNULL;
+
+ if ( op->o_assert != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "assert control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( ctrl->ldctl_value.bv_len == 0 ) {
+ rs->sr_text = "assert control value is empty (or absent)";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ ber = ber_init( &(ctrl->ldctl_value) );
+ if (ber == NULL) {
+ rs->sr_text = "assert control: internal error";
+ return LDAP_OTHER;
+ }
+
+ rs->sr_err = get_filter( op, ber, (Filter **)&(op->o_assertion),
+ &rs->sr_text);
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ if( rs->sr_err == SLAPD_DISCONNECT ) {
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ send_ldap_disconnect( op, rs );
+ rs->sr_err = SLAPD_DISCONNECT;
+ } else {
+ send_ldap_result( op, rs );
+ }
+ if( op->o_assertion != NULL ) {
+ filter_free_x( op, op->o_assertion );
+ }
+ return rs->sr_err;
+ }
+
+#ifdef LDAP_DEBUG
+ filter2bv_x( op, op->o_assertion, &fstr );
+
+ Debug( LDAP_DEBUG_ARGS, "parseAssert: conn %ld assert: %s\n",
+ op->o_connid, fstr.bv_len ? fstr.bv_val : "empty" , 0 );
+ op->o_tmpfree( fstr.bv_val, op->o_tmpmemctx );
+#endif
+
+ op->o_assert = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ rs->sr_err = LDAP_SUCCESS;
+ return LDAP_SUCCESS;
+}
+
+static int parsePreRead (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ ber_len_t siz, off, i;
+ AttributeName *an = NULL;
+ BerElement *ber;
+
+ if ( op->o_preread != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "preread control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( ctrl->ldctl_value.bv_len == 0 ) {
+ rs->sr_text = "preread control value is empty (or absent)";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ ber = ber_init( &(ctrl->ldctl_value) );
+ if (ber == NULL) {
+ rs->sr_text = "preread control: internal error";
+ return LDAP_OTHER;
+ }
+
+ siz = sizeof( AttributeName );
+ off = offsetof( AttributeName, an_name );
+ if ( ber_scanf( ber, "{M}", &an, &siz, off ) == LBER_ERROR ) {
+ rs->sr_text = "preread control: decoding error";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ for( i=0; i<siz; i++ ) {
+ int rc = LDAP_SUCCESS;
+ const char *dummy = NULL;
+
+ an[i].an_desc = NULL;
+ an[i].an_oc = NULL;
+ an[i].an_oc_exclude = 0;
+ rc = slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
+ if ( rc != LDAP_SUCCESS && ctrl->ldctl_iscritical ) {
+ rs->sr_text = dummy
+ ? dummy
+ : "postread control: unknown attributeType";
+ return rc;
+ }
+ }
+
+ op->o_preread = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ op->o_preread_attrs = an;
+
+ rs->sr_err = LDAP_SUCCESS;
+ return LDAP_SUCCESS;
+}
+
+static int parsePostRead (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ ber_len_t siz, off, i;
+ AttributeName *an = NULL;
+ BerElement *ber;
+
+ if ( op->o_postread != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "postread control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( ctrl->ldctl_value.bv_len == 0 ) {
+ rs->sr_text = "postread control value is empty (or absent)";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ ber = ber_init( &(ctrl->ldctl_value) );
+ if (ber == NULL) {
+ rs->sr_text = "postread control: internal error";
+ return LDAP_OTHER;
+ }
+
+ siz = sizeof( AttributeName );
+ off = offsetof( AttributeName, an_name );
+ if ( ber_scanf( ber, "{M}", &an, &siz, off ) == LBER_ERROR ) {
+ rs->sr_text = "postread control: decoding error";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ for( i=0; i<siz; i++ ) {
+ int rc = LDAP_SUCCESS;
+ const char *dummy = NULL;
+
+ an[i].an_desc = NULL;
+ an[i].an_oc = NULL;
+ an[i].an_oc_exclude = 0;
+ rc = slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
+ if ( rc != LDAP_SUCCESS && ctrl->ldctl_iscritical ) {
+ rs->sr_text = dummy
+ ? dummy
+ : "postread control: unknown attributeType";
+ return rc;
+ }
+ }
+
+ op->o_postread = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ op->o_postread_attrs = an;
+
+ rs->sr_err = LDAP_SUCCESS;
+ return LDAP_SUCCESS;
+}
+
+static int parseValuesReturnFilter (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ BerElement *ber;
+ struct berval fstr = BER_BVNULL;
+
+ if ( op->o_valuesreturnfilter != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "valuesReturnFilter control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( ctrl->ldctl_value.bv_len == 0 ) {
+ rs->sr_text = "valuesReturnFilter control value is empty (or absent)";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ ber = ber_init( &(ctrl->ldctl_value) );
+ if (ber == NULL) {
+ rs->sr_text = "internal error";
+ return LDAP_OTHER;
+ }
+
+ rs->sr_err = get_vrFilter( op, ber,
+ (ValuesReturnFilter **)&(op->o_vrFilter), &rs->sr_text);
+
+ (void) ber_free( ber, 1 );
+
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ if( rs->sr_err == SLAPD_DISCONNECT ) {
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ send_ldap_disconnect( op, rs );
+ rs->sr_err = SLAPD_DISCONNECT;
+ } else {
+ send_ldap_result( op, rs );
+ }
+ if( op->o_vrFilter != NULL) vrFilter_free( op, op->o_vrFilter );
+ }
+#ifdef LDAP_DEBUG
+ else {
+ vrFilter2bv( op, op->o_vrFilter, &fstr );
+ }
+
+ Debug( LDAP_DEBUG_ARGS, " vrFilter: %s\n",
+ fstr.bv_len ? fstr.bv_val : "empty", 0, 0 );
+ op->o_tmpfree( fstr.bv_val, op->o_tmpmemctx );
+#endif
+
+ op->o_valuesreturnfilter = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ rs->sr_err = LDAP_SUCCESS;
+ return LDAP_SUCCESS;
+}
+
+static int parseSubentries (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ if ( op->o_subentries != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "subentries control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ /* FIXME: should use BER library */
+ if( ( ctrl->ldctl_value.bv_len != 3 )
+ || ( ctrl->ldctl_value.bv_val[0] != 0x01 )
+ || ( ctrl->ldctl_value.bv_val[1] != 0x01 ))
+ {
+ rs->sr_text = "subentries control value encoding is bogus";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ op->o_subentries = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ if (ctrl->ldctl_value.bv_val[2]) {
+ set_subentries_visibility( op );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int parsePermissiveModify (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ if ( op->o_permissive_modify != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "permissiveModify control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( ctrl->ldctl_value.bv_len ) {
+ rs->sr_text = "permissiveModify control value not empty";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ op->o_permissive_modify = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ return LDAP_SUCCESS;
+}
+
+static int parseDomainScope (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ if ( op->o_domain_scope != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "domainScope control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( ctrl->ldctl_value.bv_len ) {
+ rs->sr_text = "domainScope control value not empty";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ op->o_domain_scope = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ return LDAP_SUCCESS;
+}
+
+#ifdef SLAP_CONTROL_X_TREE_DELETE
+static int parseTreeDelete (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ if ( op->o_tree_delete != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "treeDelete control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( ctrl->ldctl_value.bv_len ) {
+ rs->sr_text = "treeDelete control value not empty";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ op->o_tree_delete = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ return LDAP_SUCCESS;
+}
+#endif
+
+static int parseSearchOptions (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ BerElement *ber;
+ ber_int_t search_flags;
+ ber_tag_t tag;
+
+ if ( ctrl->ldctl_value.bv_len == 0 ) {
+ rs->sr_text = "searchOptions control value is empty (or absent)";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ ber = ber_init( &ctrl->ldctl_value );
+ if( ber == NULL ) {
+ rs->sr_text = "internal error";
+ return LDAP_OTHER;
+ }
+
+ if ( (tag = ber_scanf( ber, "{i}", &search_flags )) == LBER_ERROR ) {
+ rs->sr_text = "searchOptions control decoding error";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ (void) ber_free( ber, 1 );
+
+ if ( search_flags & LDAP_SEARCH_FLAG_DOMAIN_SCOPE ) {
+ if ( op->o_domain_scope != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "searchOptions control specified multiple times "
+ "or with domainScope control";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ op->o_domain_scope = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+ }
+
+ if ( search_flags & ~(LDAP_SEARCH_FLAG_DOMAIN_SCOPE) ) {
+ /* Other search flags not recognised so far,
+ * including:
+ * LDAP_SEARCH_FLAG_PHANTOM_ROOM
+ */
+ rs->sr_text = "searchOptions contained unrecognized flag";
+ return LDAP_UNWILLING_TO_PERFORM;
+ }
+
+ return LDAP_SUCCESS;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/cr.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/cr.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/cr.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,499 @@
+/* cr.c - content rule routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/cr.c,v 1.14.2.5 2007/01/02 21:43:55 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+struct cindexrec {
+ struct berval cir_name;
+ ContentRule *cir_cr;
+};
+
+static Avlnode *cr_index = NULL;
+static LDAP_STAILQ_HEAD(CRList, slap_content_rule) cr_list
+ = LDAP_STAILQ_HEAD_INITIALIZER(cr_list);
+
+static int
+cr_index_cmp(
+ const void *v_cir1,
+ const void *v_cir2 )
+{
+ const struct cindexrec *cir1 = v_cir1;
+ const struct cindexrec *cir2 = v_cir2;
+ int i = cir1->cir_name.bv_len - cir2->cir_name.bv_len;
+ if (i) return i;
+ return strcasecmp( cir1->cir_name.bv_val, cir2->cir_name.bv_val );
+}
+
+static int
+cr_index_name_cmp(
+ const void *v_name,
+ const void *v_cir )
+{
+ const struct berval *name = v_name;
+ const struct cindexrec *cir = v_cir;
+ int i = name->bv_len - cir->cir_name.bv_len;
+ if (i) return i;
+ return strncasecmp( name->bv_val, cir->cir_name.bv_val, name->bv_len );
+}
+
+ContentRule *
+cr_find( const char *crname )
+{
+ struct berval bv;
+
+ bv.bv_val = (char *)crname;
+ bv.bv_len = strlen( crname );
+
+ return( cr_bvfind( &bv ) );
+}
+
+ContentRule *
+cr_bvfind( struct berval *crname )
+{
+ struct cindexrec *cir;
+
+ cir = avl_find( cr_index, crname, cr_index_name_cmp );
+
+ if ( cir != NULL ) {
+ return( cir->cir_cr );
+ }
+
+ return( NULL );
+}
+
+static int
+cr_destroy_one( ContentRule *c )
+{
+ assert( c != NULL );
+
+ if (c->scr_auxiliaries) ldap_memfree(c->scr_auxiliaries);
+ if (c->scr_required) ldap_memfree(c->scr_required);
+ if (c->scr_allowed) ldap_memfree(c->scr_allowed);
+ if (c->scr_precluded) ldap_memfree(c->scr_precluded);
+ ldap_contentrule_free((LDAPContentRule *)c);
+
+ return 0;
+}
+
+void
+cr_destroy( void )
+{
+ ContentRule *c;
+
+ avl_free(cr_index, ldap_memfree);
+
+ while( !LDAP_STAILQ_EMPTY(&cr_list) ) {
+ c = LDAP_STAILQ_FIRST(&cr_list);
+ LDAP_STAILQ_REMOVE_HEAD(&cr_list, scr_next);
+
+ cr_destroy_one( c );
+ }
+}
+
+static int
+cr_insert(
+ ContentRule *scr,
+ const char **err
+)
+{
+ struct cindexrec *cir;
+ char **names;
+
+ if ( scr->scr_oid ) {
+ cir = (struct cindexrec *)
+ ch_calloc( 1, sizeof(struct cindexrec) );
+ cir->cir_name.bv_val = scr->scr_oid;
+ cir->cir_name.bv_len = strlen( scr->scr_oid );
+ cir->cir_cr = scr;
+
+ assert( cir->cir_name.bv_val != NULL );
+ assert( cir->cir_cr != NULL );
+
+ if ( avl_insert( &cr_index, (caddr_t) cir,
+ cr_index_cmp, avl_dup_error ) )
+ {
+ *err = scr->scr_oid;
+ ldap_memfree(cir);
+ return SLAP_SCHERR_CR_DUP;
+ }
+
+ /* FIX: temporal consistency check */
+ assert( cr_bvfind(&cir->cir_name) != NULL );
+ }
+
+ if ( (names = scr->scr_names) ) {
+ while ( *names ) {
+ cir = (struct cindexrec *)
+ ch_calloc( 1, sizeof(struct cindexrec) );
+ cir->cir_name.bv_val = *names;
+ cir->cir_name.bv_len = strlen( *names );
+ cir->cir_cr = scr;
+
+ assert( cir->cir_name.bv_val != NULL );
+ assert( cir->cir_cr != NULL );
+
+ if ( avl_insert( &cr_index, (caddr_t) cir,
+ cr_index_cmp, avl_dup_error ) )
+ {
+ *err = *names;
+ ldap_memfree(cir);
+ return SLAP_SCHERR_CR_DUP;
+ }
+
+ /* FIX: temporal consistency check */
+ assert( cr_bvfind(&cir->cir_name) != NULL );
+
+ names++;
+ }
+ }
+
+ LDAP_STAILQ_INSERT_TAIL(&cr_list, scr, scr_next);
+
+ return 0;
+}
+
+static int
+cr_add_auxiliaries(
+ ContentRule *scr,
+ int *op,
+ const char **err )
+{
+ int naux;
+
+ if( scr->scr_oc_oids_aux == NULL ) return 0;
+
+ for( naux=0; scr->scr_oc_oids_aux[naux]; naux++ ) {
+ /* count them */ ;
+ }
+
+ scr->scr_auxiliaries = ch_calloc( naux+1, sizeof(ObjectClass *));
+
+ for( naux=0; scr->scr_oc_oids_aux[naux]; naux++ ) {
+ ObjectClass *soc = scr->scr_auxiliaries[naux]
+ = oc_find(scr->scr_oc_oids_aux[naux]);
+ if ( !soc ) {
+ *err = scr->scr_oc_oids_aux[naux];
+ return SLAP_SCHERR_CLASS_NOT_FOUND;
+ }
+
+ if( soc->soc_flags & SLAP_OC_OPERATIONAL &&
+ soc != slap_schema.si_oc_extensibleObject )
+ {
+ (*op)++;
+ }
+
+ if( soc->soc_kind != LDAP_SCHEMA_AUXILIARY ) {
+ *err = scr->scr_oc_oids_aux[naux];
+ return SLAP_SCHERR_CR_BAD_AUX;
+ }
+ }
+
+ scr->scr_auxiliaries[naux] = NULL;
+ return 0;
+}
+
+static int
+cr_create_required(
+ ContentRule *scr,
+ int *op,
+ const char **err )
+{
+ char **attrs = scr->scr_at_oids_must;
+ char **attrs1;
+ AttributeType *sat;
+
+ if ( attrs ) {
+ attrs1 = attrs;
+ while ( *attrs1 ) {
+ sat = at_find(*attrs1);
+ if ( !sat ) {
+ *err = *attrs1;
+ return SLAP_SCHERR_ATTR_NOT_FOUND;
+ }
+
+ if( is_at_operational( sat )) (*op)++;
+
+ if ( at_find_in_list(sat, scr->scr_required) < 0) {
+ if ( at_append_to_list(sat, &scr->scr_required) ) {
+ *err = *attrs1;
+ return SLAP_SCHERR_OUTOFMEM;
+ }
+ } else {
+ *err = *attrs1;
+ return SLAP_SCHERR_CR_BAD_AT;
+ }
+ attrs1++;
+ }
+ }
+ return 0;
+}
+
+static int
+cr_create_allowed(
+ ContentRule *scr,
+ int *op,
+ const char **err )
+{
+ char **attrs = scr->scr_at_oids_may;
+ char **attrs1;
+ AttributeType *sat;
+
+ if ( attrs ) {
+ attrs1 = attrs;
+ while ( *attrs1 ) {
+ sat = at_find(*attrs1);
+ if ( !sat ) {
+ *err = *attrs1;
+ return SLAP_SCHERR_ATTR_NOT_FOUND;
+ }
+
+ if( is_at_operational( sat )) (*op)++;
+
+ if ( at_find_in_list(sat, scr->scr_required) < 0 &&
+ at_find_in_list(sat, scr->scr_allowed) < 0 )
+ {
+ if ( at_append_to_list(sat, &scr->scr_allowed) ) {
+ *err = *attrs1;
+ return SLAP_SCHERR_OUTOFMEM;
+ }
+ } else {
+ *err = *attrs1;
+ return SLAP_SCHERR_CR_BAD_AT;
+ }
+ attrs1++;
+ }
+ }
+ return 0;
+}
+
+static int
+cr_create_precluded(
+ ContentRule *scr,
+ int *op,
+ const char **err )
+{
+ char **attrs = scr->scr_at_oids_not;
+ char **attrs1;
+ AttributeType *sat;
+
+ if ( attrs ) {
+ attrs1 = attrs;
+ while ( *attrs1 ) {
+ sat = at_find(*attrs1);
+ if ( !sat ) {
+ *err = *attrs1;
+ return SLAP_SCHERR_ATTR_NOT_FOUND;
+ }
+
+ if( is_at_operational( sat )) (*op)++;
+
+ /* FIXME: should also make sure attribute type is not
+ a required attribute of the structural class or
+ any auxiliary class */
+ if ( at_find_in_list(sat, scr->scr_required) < 0 &&
+ at_find_in_list(sat, scr->scr_allowed) < 0 &&
+ at_find_in_list(sat, scr->scr_precluded) < 0 )
+ {
+ if ( at_append_to_list(sat, &scr->scr_precluded) ) {
+ *err = *attrs1;
+ return SLAP_SCHERR_OUTOFMEM;
+ }
+ } else {
+ *err = *attrs1;
+ return SLAP_SCHERR_CR_BAD_AT;
+ }
+ attrs1++;
+ }
+ }
+ return 0;
+}
+
+int
+cr_add(
+ LDAPContentRule *cr,
+ int user,
+ ContentRule **rscr,
+ const char **err
+)
+{
+ ContentRule *scr;
+ int code;
+ int op = 0;
+ char *oidm = NULL;
+
+ if ( cr->cr_names != NULL ) {
+ int i;
+
+ for( i=0; cr->cr_names[i]; i++ ) {
+ if( !slap_valid_descr( cr->cr_names[i] ) ) {
+ return SLAP_SCHERR_BAD_DESCR;
+ }
+ }
+ }
+
+ if ( !OID_LEADCHAR( cr->cr_oid[0] )) {
+ /* Expand OID macros */
+ char *oid = oidm_find( cr->cr_oid );
+ if ( !oid ) {
+ *err = cr->cr_oid;
+ return SLAP_SCHERR_OIDM;
+ }
+ if ( oid != cr->cr_oid ) {
+ oidm = cr->cr_oid;
+ cr->cr_oid = oid;
+ }
+ }
+
+ scr = (ContentRule *) ch_calloc( 1, sizeof(ContentRule) );
+ AC_MEMCPY( &scr->scr_crule, cr, sizeof(LDAPContentRule) );
+
+ scr->scr_oidmacro = oidm;
+ scr->scr_sclass = oc_find(cr->cr_oid);
+ if ( !scr->scr_sclass ) {
+ *err = cr->cr_oid;
+ return SLAP_SCHERR_CLASS_NOT_FOUND;
+ }
+
+ /* check object class usage */
+ if( scr->scr_sclass->soc_kind != LDAP_SCHEMA_STRUCTURAL )
+ {
+ *err = cr->cr_oid;
+ return SLAP_SCHERR_CR_BAD_STRUCT;
+ }
+
+ if( scr->scr_sclass->soc_flags & SLAP_OC_OPERATIONAL ) op++;
+
+ code = cr_add_auxiliaries( scr, &op, err );
+ if ( code != 0 ) return code;
+
+ code = cr_create_required( scr, &op, err );
+ if ( code != 0 ) return code;
+
+ code = cr_create_allowed( scr, &op, err );
+ if ( code != 0 ) return code;
+
+ code = cr_create_precluded( scr, &op, err );
+ if ( code != 0 ) return code;
+
+ if( user && op ) {
+ return SLAP_SCHERR_CR_BAD_AUX;
+ }
+
+ code = cr_insert(scr,err);
+ if ( code == 0 && rscr )
+ *rscr = scr;
+ return code;
+}
+
+void
+cr_unparse( BerVarray *res, ContentRule *start, ContentRule *end, int sys )
+{
+ ContentRule *cr;
+ int i, num;
+ struct berval bv, *bva = NULL, idx;
+ char ibuf[32];
+
+ if ( !start )
+ start = LDAP_STAILQ_FIRST( &cr_list );
+
+ /* count the result size */
+ i = 0;
+ for ( cr=start; cr; cr=LDAP_STAILQ_NEXT(cr, scr_next)) {
+ if ( sys && !(cr->scr_flags & SLAP_CR_HARDCODE)) continue;
+ i++;
+ if ( cr == end ) break;
+ }
+ if (!i) return;
+
+ num = i;
+ bva = ch_malloc( (num+1) * sizeof(struct berval) );
+ BER_BVZERO( bva );
+ idx.bv_val = ibuf;
+ if ( sys ) {
+ idx.bv_len = 0;
+ ibuf[0] = '\0';
+ }
+ i = 0;
+ for ( cr=start; cr; cr=LDAP_STAILQ_NEXT(cr, scr_next)) {
+ LDAPContentRule lcr, *lcrp;
+ if ( sys && !(cr->scr_flags & SLAP_CR_HARDCODE)) continue;
+ if ( cr->scr_oidmacro ) {
+ lcr = cr->scr_crule;
+ lcr.cr_oid = cr->scr_oidmacro;
+ lcrp = &lcr;
+ } else {
+ lcrp = &cr->scr_crule;
+ }
+ if ( ldap_contentrule2bv( lcrp, &bv ) == NULL ) {
+ ber_bvarray_free( bva );
+ }
+ if ( !sys ) {
+ idx.bv_len = sprintf(idx.bv_val, "{%d}", i);
+ }
+ bva[i].bv_len = idx.bv_len + bv.bv_len;
+ bva[i].bv_val = ch_malloc( bva[i].bv_len + 1 );
+ strcpy( bva[i].bv_val, ibuf );
+ strcpy( bva[i].bv_val + idx.bv_len, bv.bv_val );
+ i++;
+ bva[i].bv_val = NULL;
+ ldap_memfree( bv.bv_val );
+ if ( cr == end ) break;
+ }
+ *res = bva;
+}
+
+int
+cr_schema_info( Entry *e )
+{
+ AttributeDescription *ad_ditContentRules
+ = slap_schema.si_ad_ditContentRules;
+ ContentRule *cr;
+
+ struct berval val;
+ struct berval nval;
+
+ LDAP_STAILQ_FOREACH(cr, &cr_list, scr_next) {
+ if ( ldap_contentrule2bv( &cr->scr_crule, &val ) == NULL ) {
+ return -1;
+ }
+
+#if 0
+ if( cr->scr_flags & SLAP_CR_HIDE ) continue;
+#endif
+#if 0
+ Debug( LDAP_DEBUG_TRACE, "Merging cr [%ld] %s\n",
+ (long) val.bv_len, val.bv_val, 0 );
+#endif
+
+ nval.bv_val = cr->scr_oid;
+ nval.bv_len = strlen(cr->scr_oid);
+
+ if( attr_merge_one( e, ad_ditContentRules, &val, &nval ) )
+ {
+ return -1;
+ }
+ ldap_memfree( val.bv_val );
+ }
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/ctxcsn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/ctxcsn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/ctxcsn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,196 @@
+/* ctxcsn.c -- Context CSN Management Routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ctxcsn.c,v 1.31.2.9 2007/01/02 21:43:55 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "lutil.h"
+#include "slap.h"
+#include "lutil_ldap.h"
+
+const struct berval slap_ldapsync_bv = BER_BVC("ldapsync");
+const struct berval slap_ldapsync_cn_bv = BER_BVC("cn=ldapsync");
+
+void
+slap_get_commit_csn(
+ Operation *op,
+ struct berval *maxcsn
+)
+{
+ struct slap_csn_entry *csne, *committed_csne = NULL;
+
+ if ( maxcsn ) {
+ BER_BVZERO( maxcsn );
+ }
+
+ ldap_pvt_thread_mutex_lock( op->o_bd->be_pcl_mutexp );
+
+ LDAP_TAILQ_FOREACH( csne, op->o_bd->be_pending_csn_list, ce_csn_link ) {
+ if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) {
+ csne->ce_state = SLAP_CSN_COMMIT;
+ break;
+ }
+ }
+
+ LDAP_TAILQ_FOREACH( csne, op->o_bd->be_pending_csn_list, ce_csn_link ) {
+ if ( csne->ce_state == SLAP_CSN_COMMIT ) committed_csne = csne;
+ if ( csne->ce_state == SLAP_CSN_PENDING ) break;
+ }
+
+ if ( committed_csne && maxcsn ) *maxcsn = committed_csne->ce_csn;
+ ldap_pvt_thread_mutex_unlock( op->o_bd->be_pcl_mutexp );
+}
+
+void
+slap_rewind_commit_csn( Operation *op )
+{
+ struct slap_csn_entry *csne;
+
+ ldap_pvt_thread_mutex_lock( op->o_bd->be_pcl_mutexp );
+
+ LDAP_TAILQ_FOREACH( csne, op->o_bd->be_pending_csn_list, ce_csn_link ) {
+ if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) {
+ csne->ce_state = SLAP_CSN_PENDING;
+ break;
+ }
+ }
+
+ ldap_pvt_thread_mutex_unlock( op->o_bd->be_pcl_mutexp );
+}
+
+void
+slap_graduate_commit_csn( Operation *op )
+{
+ struct slap_csn_entry *csne;
+
+ if ( op == NULL ) return;
+ if ( op->o_bd == NULL ) return;
+
+#if 0
+ /* it is NULL when we get here from the frontendDB;
+ * alternate fix: initialize frontendDB like all other backends */
+ assert( op->o_bd->be_pcl_mutexp != NULL );
+#endif
+
+ if ( op->o_bd->be_pcl_mutexp == NULL ) return;
+
+ ldap_pvt_thread_mutex_lock( op->o_bd->be_pcl_mutexp );
+
+ LDAP_TAILQ_FOREACH( csne, op->o_bd->be_pending_csn_list, ce_csn_link ) {
+ if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) {
+ LDAP_TAILQ_REMOVE( op->o_bd->be_pending_csn_list,
+ csne, ce_csn_link );
+ if ( op->o_csn.bv_val == csne->ce_csn.bv_val ) {
+ BER_BVZERO( &op->o_csn );
+ }
+ ch_free( csne->ce_csn.bv_val );
+ ch_free( csne );
+ break;
+ }
+ }
+
+ ldap_pvt_thread_mutex_unlock( op->o_bd->be_pcl_mutexp );
+
+ return;
+}
+
+static struct berval ocbva[] = {
+ BER_BVC("top"),
+ BER_BVC("subentry"),
+ BER_BVC("syncProviderSubentry"),
+ BER_BVNULL
+};
+
+Entry *
+slap_create_context_csn_entry(
+ Backend *be,
+ struct berval *context_csn )
+{
+ Entry* e;
+
+ struct berval bv;
+
+ e = (Entry *) ch_calloc( 1, sizeof( Entry ));
+
+ attr_merge( e, slap_schema.si_ad_objectClass,
+ ocbva, NULL );
+ attr_merge_one( e, slap_schema.si_ad_structuralObjectClass,
+ &ocbva[1], NULL );
+ attr_merge_one( e, slap_schema.si_ad_cn,
+ (struct berval *)&slap_ldapsync_bv, NULL );
+
+ if ( context_csn ) {
+ attr_merge_one( e, slap_schema.si_ad_contextCSN,
+ context_csn, NULL );
+ }
+
+ BER_BVSTR( &bv, "{}" );
+ attr_merge_one( e, slap_schema.si_ad_subtreeSpecification, &bv, NULL );
+
+ build_new_dn( &e->e_name, &be->be_nsuffix[0],
+ (struct berval *)&slap_ldapsync_cn_bv, NULL );
+ ber_dupbv( &e->e_nname, &e->e_name );
+
+ return e;
+}
+
+void
+slap_queue_csn(
+ Operation *op,
+ struct berval *csn )
+{
+ struct slap_csn_entry *pending;
+
+ pending = (struct slap_csn_entry *) ch_calloc( 1,
+ sizeof( struct slap_csn_entry ));
+ ldap_pvt_thread_mutex_lock( op->o_bd->be_pcl_mutexp );
+
+ ber_dupbv( &pending->ce_csn, csn );
+ ber_dupbv_x( &op->o_csn, &pending->ce_csn, op->o_tmpmemctx );
+ pending->ce_connid = op->o_connid;
+ pending->ce_opid = op->o_opid;
+ pending->ce_state = SLAP_CSN_PENDING;
+ LDAP_TAILQ_INSERT_TAIL( op->o_bd->be_pending_csn_list,
+ pending, ce_csn_link );
+ ldap_pvt_thread_mutex_unlock( op->o_bd->be_pcl_mutexp );
+}
+
+int
+slap_get_csn(
+ Operation *op,
+ struct berval *csn,
+ int manage_ctxcsn )
+{
+ if ( csn == NULL ) return LDAP_OTHER;
+
+#ifndef HAVE_GMTIME_R
+ ldap_pvt_thread_mutex_lock( &gmtime_mutex );
+#endif
+ csn->bv_len = lutil_csnstr( csn->bv_val, csn->bv_len, 0, 0 );
+#ifndef HAVE_GMTIME_R
+ ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
+#endif
+
+ if ( manage_ctxcsn )
+ slap_queue_csn( op, csn );
+
+ return LDAP_SUCCESS;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/daemon.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/daemon.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/daemon.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2699 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/daemon.c,v 1.318.2.30 2007/04/01 21:30:02 quanah Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include "slap.h"
+#include "ldap_pvt_thread.h"
+#include "lutil.h"
+
+#include "ldap_rq.h"
+
+#if defined(HAVE_SYS_EPOLL_H) && defined(HAVE_EPOLL)
+# include <sys/epoll.h>
+#elif defined(SLAP_X_DEVPOLL) && defined(HAVE_SYS_DEVPOLL_H) && defined(HAVE_DEVPOLL)
+# include <sys/types.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+# include <sys/devpoll.h>
+#endif /* ! epoll && ! /dev/poll */
+
+#ifdef HAVE_TCPD
+# include <tcpd.h>
+int allow_severity = LOG_INFO;
+int deny_severity = LOG_NOTICE;
+
+# define SLAP_STRING_UNKNOWN STRING_UNKNOWN
+#else /* ! TCP Wrappers */
+# define SLAP_STRING_UNKNOWN "unknown"
+#endif /* ! TCP Wrappers */
+
+#ifdef LDAP_PF_LOCAL
+# include <sys/stat.h>
+/* this should go in <ldap.h> as soon as it is accepted */
+# define LDAPI_MOD_URLEXT "x-mod"
+#endif /* LDAP_PF_LOCAL */
+
+#ifdef LDAP_PF_INET6
+int slap_inet4or6 = AF_UNSPEC;
+#else /* ! INETv6 */
+int slap_inet4or6 = AF_INET;
+#endif /* ! INETv6 */
+
+/* globals */
+time_t starttime;
+ber_socket_t dtblsize;
+slap_ssf_t local_ssf = LDAP_PVT_SASL_LOCAL_SSF;
+struct runqueue_s slapd_rq;
+
+Listener **slap_listeners = NULL;
+
+#ifndef SLAPD_LISTEN_BACKLOG
+#define SLAPD_LISTEN_BACKLOG 1024
+#endif /* ! SLAPD_LISTEN_BACKLOG */
+
+static ber_socket_t wake_sds[2];
+static int emfile;
+
+static volatile int waking;
+#ifdef NO_THREADS
+#define WAKE_LISTENER(w) do { \
+ if ((w) && ++waking < 5) { \
+ tcp_write( wake_sds[1], "0", 1 ); \
+ } \
+} while (0)
+#else /* ! NO_THREADS */
+#define WAKE_LISTENER(w) do { \
+ if (w) { \
+ tcp_write( wake_sds[1], "0", 1 ); \
+ } \
+} while (0)
+#endif /* ! NO_THREADS */
+
+volatile sig_atomic_t slapd_shutdown = 0;
+volatile sig_atomic_t slapd_gentle_shutdown = 0;
+volatile sig_atomic_t slapd_abrupt_shutdown = 0;
+
+static struct slap_daemon {
+ ldap_pvt_thread_mutex_t sd_mutex;
+#ifdef HAVE_TCPD
+ ldap_pvt_thread_mutex_t sd_tcpd_mutex;
+#endif /* TCP Wrappers */
+
+ ber_socket_t sd_nactives;
+ int sd_nwriters;
+
+#if defined(HAVE_EPOLL)
+ struct epoll_event *sd_epolls;
+ int *sd_index;
+ int sd_epfd;
+ int sd_nfds;
+#elif defined(SLAP_X_DEVPOLL) && defined(HAVE_DEVPOLL)
+ /* eXperimental */
+ struct pollfd *sd_pollfd;
+ int *sd_index;
+ Listener **sd_l;
+ int sd_dpfd;
+ int sd_nfds;
+#else /* ! epoll && ! /dev/poll */
+#ifndef HAVE_WINSOCK
+ /* In winsock, accept() returns values higher than dtblsize
+ so don't bother with this optimization */
+ int sd_nfds;
+#endif /* ! HAVE_WINSOCK */
+ fd_set sd_actives;
+ fd_set sd_readers;
+ fd_set sd_writers;
+#endif /* ! epoll && ! /dev/poll */
+} slap_daemon;
+
+/*
+ * NOTE: naming convention for macros:
+ *
+ * - SLAP_SOCK_* and SLAP_EVENT_* for public interface that deals
+ * with file descriptors and events respectively
+ *
+ * - SLAP_<type>_* for private interface; type by now is one of
+ * EPOLL, DEVPOLL, SELECT
+ *
+ * private interface should not be used in the code.
+ */
+#if defined(HAVE_EPOLL)
+/***************************************
+ * Use epoll infrastructure - epoll(4) *
+ ***************************************/
+# define SLAP_EVENT_FNAME "epoll"
+# define SLAP_EVENTS_ARE_INDEXED 0
+# define SLAP_EPOLL_SOCK_IX(s) (slap_daemon.sd_index[(s)])
+# define SLAP_EPOLL_SOCK_EP(s) (slap_daemon.sd_epolls[SLAP_EPOLL_SOCK_IX(s)])
+# define SLAP_EPOLL_SOCK_EV(s) (SLAP_EPOLL_SOCK_EP(s).events)
+# define SLAP_SOCK_IS_ACTIVE(s) (SLAP_EPOLL_SOCK_IX(s) != -1)
+# define SLAP_SOCK_NOT_ACTIVE(s) (SLAP_EPOLL_SOCK_IX(s) == -1)
+# define SLAP_EPOLL_SOCK_IS_SET(s, mode) (SLAP_EPOLL_SOCK_EV(s) & (mode))
+
+# define SLAP_SOCK_IS_READ(s) SLAP_EPOLL_SOCK_IS_SET((s), EPOLLIN)
+# define SLAP_SOCK_IS_WRITE(s) SLAP_EPOLL_SOCK_IS_SET((s), EPOLLOUT)
+
+# define SLAP_EPOLL_SOCK_SET(s, mode) do { \
+ if ( (SLAP_EPOLL_SOCK_EV(s) & (mode)) != (mode) ) { \
+ SLAP_EPOLL_SOCK_EV(s) |= (mode); \
+ epoll_ctl( slap_daemon.sd_epfd, EPOLL_CTL_MOD, (s), \
+ &SLAP_EPOLL_SOCK_EP(s) ); \
+ } \
+} while (0)
+
+# define SLAP_EPOLL_SOCK_CLR(s, mode) do { \
+ if ( (SLAP_EPOLL_SOCK_EV(s) & (mode)) ) { \
+ SLAP_EPOLL_SOCK_EV(s) &= ~(mode); \
+ epoll_ctl( slap_daemon.sd_epfd, EPOLL_CTL_MOD, s, \
+ &SLAP_EPOLL_SOCK_EP(s) ); \
+ } \
+} while (0)
+
+# define SLAP_SOCK_SET_READ(s) SLAP_EPOLL_SOCK_SET(s, EPOLLIN)
+# define SLAP_SOCK_SET_WRITE(s) SLAP_EPOLL_SOCK_SET(s, EPOLLOUT)
+
+# define SLAP_SOCK_CLR_READ(s) SLAP_EPOLL_SOCK_CLR((s), EPOLLIN)
+# define SLAP_SOCK_CLR_WRITE(s) SLAP_EPOLL_SOCK_CLR((s), EPOLLOUT)
+
+# ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+# define SLAP_SOCK_SET_SUSPEND(s) \
+ ( slap_daemon.sd_suspend[SLAP_EPOLL_SOCK_IX(s)] = 1 )
+# define SLAP_SOCK_CLR_SUSPEND(s) \
+ ( slap_daemon.sd_suspend[SLAP_EPOLL_SOCK_IX(s)] = 0 )
+# define SLAP_SOCK_IS_SUSPEND(s) \
+ ( slap_daemon.sd_suspend[SLAP_EPOLL_SOCK_IX(s)] == 1 )
+# endif /* SLAP_LIGHTWEIGHT_DISPATCHER */
+
+# define SLAP_EPOLL_EVENT_CLR(i, mode) (revents[(i)].events &= ~(mode))
+
+# define SLAP_EVENT_MAX slap_daemon.sd_nfds
+
+/* If a Listener address is provided, store that as the epoll data.
+ * Otherwise, store the address of this socket's slot in the
+ * index array. If we can't do this add, the system is out of
+ * resources and we need to shutdown.
+ */
+# define SLAP_SOCK_ADD(s, l) do { \
+ int rc; \
+ SLAP_EPOLL_SOCK_IX((s)) = slap_daemon.sd_nfds; \
+ SLAP_EPOLL_SOCK_EP((s)).data.ptr = (l) ? (l) : (void *)(&SLAP_EPOLL_SOCK_IX(s)); \
+ SLAP_EPOLL_SOCK_EV((s)) = EPOLLIN; \
+ rc = epoll_ctl(slap_daemon.sd_epfd, EPOLL_CTL_ADD, \
+ (s), &SLAP_EPOLL_SOCK_EP((s))); \
+ if ( rc == 0 ) { \
+ slap_daemon.sd_nfds++; \
+ } else { \
+ Debug( LDAP_DEBUG_ANY, \
+ "daemon: epoll_ctl(ADD,fd=%d) failed, errno=%d, shutting down\n", \
+ s, errno, 0 ); \
+ slapd_shutdown = 2; \
+ } \
+} while (0)
+
+# define SLAP_EPOLL_EV_LISTENER(ptr) \
+ (((int *)(ptr) >= slap_daemon.sd_index && \
+ (int *)(ptr) <= &slap_daemon.sd_index[dtblsize]) ? 0 : 1 )
+
+# define SLAP_EPOLL_EV_PTRFD(ptr) (SLAP_EPOLL_EV_LISTENER(ptr) ? \
+ ((Listener *)ptr)->sl_sd : (int *)(ptr) - slap_daemon.sd_index)
+
+# define SLAP_SOCK_DEL(s) do { \
+ int fd, rc, index = SLAP_EPOLL_SOCK_IX((s)); \
+ if ( index < 0 ) break; \
+ rc = epoll_ctl(slap_daemon.sd_epfd, EPOLL_CTL_DEL, \
+ (s), &SLAP_EPOLL_SOCK_EP((s))); \
+ slap_daemon.sd_epolls[index] = \
+ slap_daemon.sd_epolls[slap_daemon.sd_nfds-1]; \
+ fd = SLAP_EPOLL_EV_PTRFD(slap_daemon.sd_epolls[index].data.ptr); \
+ slap_daemon.sd_index[fd] = index; \
+ slap_daemon.sd_index[(s)] = -1; \
+ slap_daemon.sd_nfds--; \
+} while (0)
+
+# define SLAP_EVENT_CLR_READ(i) SLAP_EPOLL_EVENT_CLR((i), EPOLLIN)
+# define SLAP_EVENT_CLR_WRITE(i) SLAP_EPOLL_EVENT_CLR((i), EPOLLOUT)
+
+# define SLAP_EPOLL_EVENT_CHK(i, mode) (revents[(i)].events & mode)
+
+# define SLAP_EVENT_IS_READ(i) SLAP_EPOLL_EVENT_CHK((i), EPOLLIN)
+# define SLAP_EVENT_IS_WRITE(i) SLAP_EPOLL_EVENT_CHK((i), EPOLLOUT)
+# define SLAP_EVENT_IS_LISTENER(i) SLAP_EPOLL_EV_LISTENER(revents[(i)].data.ptr)
+# define SLAP_EVENT_LISTENER(i) ((Listener *)(revents[(i)].data.ptr))
+
+# define SLAP_EVENT_FD(i) SLAP_EPOLL_EV_PTRFD(revents[(i)].data.ptr)
+
+# define SLAP_SOCK_INIT do { \
+ slap_daemon.sd_epolls = ch_calloc(1, \
+ ( sizeof(struct epoll_event) * 2 \
+ + sizeof(int) ) * dtblsize * 2); \
+ slap_daemon.sd_index = (int *)&slap_daemon.sd_epolls[ 2 * dtblsize ]; \
+ slap_daemon.sd_epfd = epoll_create( dtblsize ); \
+ for ( i = 0; i < dtblsize; i++ ) slap_daemon.sd_index[i] = -1; \
+} while (0)
+
+# define SLAP_SOCK_DESTROY do { \
+ if ( slap_daemon.sd_epolls != NULL ) { \
+ ch_free( slap_daemon.sd_epolls ); \
+ slap_daemon.sd_epolls = NULL; \
+ slap_daemon.sd_index = NULL; \
+ close( slap_daemon.sd_epfd ); \
+ } \
+} while ( 0 )
+
+# define SLAP_EVENT_DECL struct epoll_event *revents
+
+# define SLAP_EVENT_INIT do { \
+ revents = slap_daemon.sd_epolls + dtblsize; \
+} while (0)
+
+# define SLAP_EVENT_WAIT(tvp, nsp) do { \
+ *(nsp) = epoll_wait( slap_daemon.sd_epfd, revents, \
+ dtblsize, (tvp) ? (tvp)->tv_sec * 1000 : -1 ); \
+} while (0)
+
+#elif defined(SLAP_X_DEVPOLL) && defined(HAVE_DEVPOLL)
+
+/*************************************************************
+ * Use Solaris' (>= 2.7) /dev/poll infrastructure - poll(7d) *
+ *************************************************************/
+# define SLAP_EVENT_FNAME "/dev/poll"
+# define SLAP_EVENTS_ARE_INDEXED 0
+/*
+ * - sd_index is used much like with epoll()
+ * - sd_l is maintained as an array containing the address
+ * of the listener; the index is the fd itself
+ * - sd_pollfd is used to keep track of what data has been
+ * registered in /dev/poll
+ */
+# define SLAP_DEVPOLL_SOCK_IX(s) (slap_daemon.sd_index[(s)])
+# define SLAP_DEVPOLL_SOCK_LX(s) (slap_daemon.sd_l[(s)])
+# define SLAP_DEVPOLL_SOCK_EP(s) (slap_daemon.sd_pollfd[SLAP_DEVPOLL_SOCK_IX((s))])
+# define SLAP_DEVPOLL_SOCK_FD(s) (SLAP_DEVPOLL_SOCK_EP((s)).fd)
+# define SLAP_DEVPOLL_SOCK_EV(s) (SLAP_DEVPOLL_SOCK_EP((s)).events)
+# define SLAP_SOCK_IS_ACTIVE(s) (SLAP_DEVPOLL_SOCK_IX((s)) != -1)
+# define SLAP_SOCK_NOT_ACTIVE(s) (SLAP_DEVPOLL_SOCK_IX((s)) == -1)
+# define SLAP_SOCK_IS_SET(s, mode) (SLAP_DEVPOLL_SOCK_EV((s)) & (mode))
+
+# define SLAP_SOCK_IS_READ(s) SLAP_SOCK_IS_SET((s), POLLIN)
+# define SLAP_SOCK_IS_WRITE(s) SLAP_SOCK_IS_SET((s), POLLOUT)
+
+/* as far as I understand, any time we need to communicate with the kernel
+ * about the number and/or properties of a file descriptor we need it to
+ * wait for, we have to rewrite the whole set */
+# define SLAP_DEVPOLL_WRITE_POLLFD(s, pfd, n, what, shdn) do { \
+ int rc; \
+ size_t size = (n) * sizeof( struct pollfd ); \
+ /* FIXME: use pwrite? */ \
+ rc = write( slap_daemon.sd_dpfd, (pfd), size ); \
+ if ( rc != size ) { \
+ Debug( LDAP_DEBUG_ANY, "daemon: " SLAP_EVENT_FNAME ": " \
+ "%s fd=%d failed errno=%d\n", \
+ (what), (s), errno ); \
+ if ( (shdn) ) { \
+ slapd_shutdown = 2; \
+ } \
+ } \
+} while (0)
+
+# define SLAP_DEVPOLL_SOCK_SET(s, mode) do { \
+ Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_SET_%s(%d)=%d\n", \
+ (mode) == POLLIN ? "READ" : "WRITE", (s), \
+ ( (SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) != (mode) ) ); \
+ if ( (SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) != (mode) ) { \
+ struct pollfd pfd; \
+ SLAP_DEVPOLL_SOCK_EV((s)) |= (mode); \
+ pfd.fd = SLAP_DEVPOLL_SOCK_FD((s)); \
+ pfd.events = /* (mode) */ SLAP_DEVPOLL_SOCK_EV((s)); \
+ SLAP_DEVPOLL_WRITE_POLLFD((s), &pfd, 1, "SET", 0); \
+ } \
+} while (0)
+
+# define SLAP_DEVPOLL_SOCK_CLR(s, mode) do { \
+ Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_CLR_%s(%d)=%d\n", \
+ (mode) == POLLIN ? "READ" : "WRITE", (s), \
+ ( (SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) == (mode) ) ); \
+ if ((SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) == (mode) ) { \
+ struct pollfd pfd[2]; \
+ SLAP_DEVPOLL_SOCK_EV((s)) &= ~(mode); \
+ pfd[0].fd = SLAP_DEVPOLL_SOCK_FD((s)); \
+ pfd[0].events = POLLREMOVE; \
+ pfd[1] = SLAP_DEVPOLL_SOCK_EP((s)); \
+ SLAP_DEVPOLL_WRITE_POLLFD((s), &pfd[0], 2, "CLR", 0); \
+ } \
+} while (0)
+
+# define SLAP_SOCK_SET_READ(s) SLAP_DEVPOLL_SOCK_SET(s, POLLIN)
+# define SLAP_SOCK_SET_WRITE(s) SLAP_DEVPOLL_SOCK_SET(s, POLLOUT)
+
+# define SLAP_SOCK_CLR_READ(s) SLAP_DEVPOLL_SOCK_CLR((s), POLLIN)
+# define SLAP_SOCK_CLR_WRITE(s) SLAP_DEVPOLL_SOCK_CLR((s), POLLOUT)
+
+# ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+# define SLAP_SOCK_SET_SUSPEND(s) \
+ ( slap_daemon.sd_suspend[SLAP_DEVPOLL_SOCK_IX((s))] = 1 )
+# define SLAP_SOCK_CLR_SUSPEND(s) \
+ ( slap_daemon.sd_suspend[SLAP_DEVPOLL_SOCK_IX((s))] = 0 )
+# define SLAP_SOCK_IS_SUSPEND(s) \
+ ( slap_daemon.sd_suspend[SLAP_DEVPOLL_SOCK_IX((s))] == 1 )
+# endif /* SLAP_LIGHTWEIGHT_DISPATCHER */
+
+# define SLAP_DEVPOLL_EVENT_CLR(i, mode) (revents[(i)].events &= ~(mode))
+
+# define SLAP_EVENT_MAX slap_daemon.sd_nfds
+
+/* If a Listener address is provided, store that in the sd_l array.
+ * If we can't do this add, the system is out of resources and we
+ * need to shutdown.
+ */
+# define SLAP_SOCK_ADD(s, l) do { \
+ Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_ADD(%d, %p)\n", (s), (l), 0 ); \
+ SLAP_DEVPOLL_SOCK_IX((s)) = slap_daemon.sd_nfds; \
+ SLAP_DEVPOLL_SOCK_LX((s)) = (l); \
+ SLAP_DEVPOLL_SOCK_FD((s)) = (s); \
+ SLAP_DEVPOLL_SOCK_EV((s)) = POLLIN; \
+ SLAP_DEVPOLL_WRITE_POLLFD((s), &SLAP_DEVPOLL_SOCK_EP((s)), 1, "ADD", 1); \
+ slap_daemon.sd_nfds++; \
+} while (0)
+
+# define SLAP_DEVPOLL_EV_LISTENER(ptr) ((ptr) != NULL)
+
+# define SLAP_SOCK_DEL(s) do { \
+ int fd, index = SLAP_DEVPOLL_SOCK_IX((s)); \
+ Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_DEL(%d)\n", (s), 0, 0 ); \
+ if ( index < 0 ) break; \
+ if ( index < slap_daemon.sd_nfds - 1 ) { \
+ struct pollfd pfd = slap_daemon.sd_pollfd[index]; \
+ fd = slap_daemon.sd_pollfd[slap_daemon.sd_nfds - 1].fd; \
+ slap_daemon.sd_pollfd[index] = slap_daemon.sd_pollfd[slap_daemon.sd_nfds - 1]; \
+ slap_daemon.sd_pollfd[slap_daemon.sd_nfds - 1] = pfd; \
+ slap_daemon.sd_index[fd] = index; \
+ } \
+ slap_daemon.sd_index[(s)] = -1; \
+ slap_daemon.sd_pollfd[slap_daemon.sd_nfds - 1].events = POLLREMOVE; \
+ SLAP_DEVPOLL_WRITE_POLLFD((s), &slap_daemon.sd_pollfd[slap_daemon.sd_nfds - 1], 1, "DEL", 0); \
+ slap_daemon.sd_pollfd[slap_daemon.sd_nfds - 1].events = 0; \
+ slap_daemon.sd_nfds--; \
+} while (0)
+
+# define SLAP_EVENT_CLR_READ(i) SLAP_DEVPOLL_EVENT_CLR((i), POLLIN)
+# define SLAP_EVENT_CLR_WRITE(i) SLAP_DEVPOLL_EVENT_CLR((i), POLLOUT)
+
+# define SLAP_DEVPOLL_EVENT_CHK(i, mode) (revents[(i)].events & (mode))
+
+# define SLAP_EVENT_FD(i) (revents[(i)].fd)
+
+# define SLAP_EVENT_IS_READ(i) SLAP_DEVPOLL_EVENT_CHK((i), POLLIN)
+# define SLAP_EVENT_IS_WRITE(i) SLAP_DEVPOLL_EVENT_CHK((i), POLLOUT)
+# define SLAP_EVENT_IS_LISTENER(i) SLAP_DEVPOLL_EV_LISTENER(SLAP_DEVPOLL_SOCK_LX(SLAP_EVENT_FD((i))))
+# define SLAP_EVENT_LISTENER(i) SLAP_DEVPOLL_SOCK_LX(SLAP_EVENT_FD((i)))
+
+# define SLAP_SOCK_INIT do { \
+ slap_daemon.sd_pollfd = ch_calloc( 1, \
+ ( sizeof(struct pollfd) * 2 \
+ + sizeof( int ) \
+ + sizeof( Listener * ) ) * dtblsize ); \
+ slap_daemon.sd_index = (int *)&slap_daemon.sd_pollfd[ 2 * dtblsize ]; \
+ slap_daemon.sd_l = (Listener **)&slap_daemon.sd_index[ dtblsize ]; \
+ slap_daemon.sd_dpfd = open( SLAP_EVENT_FNAME, O_RDWR ); \
+ if ( slap_daemon.sd_dpfd == -1 ) { \
+ Debug( LDAP_DEBUG_ANY, "daemon: " SLAP_EVENT_FNAME ": " \
+ "open(\"" SLAP_EVENT_FNAME "\") failed errno=%d\n", \
+ errno, 0, 0 ); \
+ SLAP_SOCK_DESTROY; \
+ return -1; \
+ } \
+ for ( i = 0; i < dtblsize; i++ ) { \
+ slap_daemon.sd_pollfd[i].fd = -1; \
+ slap_daemon.sd_index[i] = -1; \
+ } \
+} while (0)
+
+# define SLAP_SOCK_DESTROY do { \
+ if ( slap_daemon.sd_pollfd != NULL ) { \
+ ch_free( slap_daemon.sd_pollfd ); \
+ slap_daemon.sd_pollfd = NULL; \
+ slap_daemon.sd_index = NULL; \
+ slap_daemon.sd_l = NULL; \
+ close( slap_daemon.sd_dpfd ); \
+ } \
+} while ( 0 )
+
+# define SLAP_EVENT_DECL struct pollfd *revents
+
+# define SLAP_EVENT_INIT do { \
+ revents = &slap_daemon.sd_pollfd[ dtblsize ]; \
+} while (0)
+
+# define SLAP_EVENT_WAIT(tvp, nsp) do { \
+ struct dvpoll sd_dvpoll; \
+ sd_dvpoll.dp_timeout = (tvp) ? (tvp)->tv_sec * 1000 : -1; \
+ sd_dvpoll.dp_nfds = dtblsize; \
+ sd_dvpoll.dp_fds = revents; \
+ *(nsp) = ioctl( slap_daemon.sd_dpfd, DP_POLL, &sd_dvpoll ); \
+} while (0)
+
+#else /* ! epoll && ! /dev/poll */
+
+/**************************************
+ * Use select system call - select(2) *
+ **************************************/
+# define SLAP_EVENT_FNAME "select"
+/* select */
+
+# define SLAP_EVENTS_ARE_INDEXED 1
+# define SLAP_EVENT_DECL fd_set readfds, writefds
+
+# define SLAP_EVENT_INIT do { \
+ AC_MEMCPY( &readfds, &slap_daemon.sd_readers, sizeof(fd_set) ); \
+ if ( nwriters ) { \
+ AC_MEMCPY( &writefds, &slap_daemon.sd_writers, sizeof(fd_set) ); \
+ } else { \
+ FD_ZERO( &writefds ); \
+ } \
+} while (0)
+
+# ifdef FD_SETSIZE
+# define SLAP_SELECT_CHK_SETSIZE do { \
+ if (dtblsize > FD_SETSIZE) dtblsize = FD_SETSIZE; \
+} while (0)
+# else /* ! FD_SETSIZE */
+# define SLAP_SELECT_CHK_SETSIZE do { ; } while (0)
+# endif /* ! FD_SETSIZE */
+
+# define SLAP_SOCK_INIT do { \
+ SLAP_SELECT_CHK_SETSIZE; \
+ FD_ZERO(&slap_daemon.sd_actives); \
+ FD_ZERO(&slap_daemon.sd_readers); \
+ FD_ZERO(&slap_daemon.sd_writers); \
+} while (0)
+
+# define SLAP_SOCK_DESTROY
+
+# define SLAP_SOCK_IS_ACTIVE(fd) FD_ISSET((fd), &slap_daemon.sd_actives)
+# define SLAP_SOCK_IS_READ(fd) FD_ISSET((fd), &slap_daemon.sd_readers)
+# define SLAP_SOCK_IS_WRITE(fd) FD_ISSET((fd), &slap_daemon.sd_writers)
+
+# define SLAP_SOCK_NOT_ACTIVE(fd) (!SLAP_SOCK_IS_ACTIVE(fd) && \
+ !SLAP_SOCK_IS_READ(fd) && !SLAP_SOCK_IS_WRITE(fd))
+
+# ifdef HAVE_WINSOCK
+# define SLAP_SOCK_SET_READ(fd) do { \
+ if (!SLAP_SOCK_IS_READ(fd)) { FD_SET((fd), &slap_daemon.sd_readers); } \
+} while (0)
+# define SLAP_SOCK_SET_WRITE(fd) do { \
+ if (!SLAP_SOCK_IS_WRITE(fd)) { FD_SET((fd), &slap_daemon.sd_writers); } \
+} while (0)
+
+# define SLAP_SELECT_ADDTEST(s)
+# define SLAP_EVENT_MAX dtblsize
+# else /* ! HAVE_WINSOCK */
+# define SLAP_SOCK_SET_READ(fd) FD_SET((fd), &slap_daemon.sd_readers)
+# define SLAP_SOCK_SET_WRITE(fd) FD_SET((fd), &slap_daemon.sd_writers)
+
+# define SLAP_EVENT_MAX slap_daemon.sd_nfds
+# define SLAP_SELECT_ADDTEST(s) do { \
+ if ((s) >= slap_daemon.sd_nfds) slap_daemon.sd_nfds = (s)+1; \
+} while (0)
+# endif /* ! HAVE_WINSOCK */
+
+# define SLAP_SOCK_CLR_READ(fd) FD_CLR((fd), &slap_daemon.sd_readers)
+# define SLAP_SOCK_CLR_WRITE(fd) FD_CLR((fd), &slap_daemon.sd_writers)
+
+# define SLAP_SOCK_ADD(s, l) do { \
+ SLAP_SELECT_ADDTEST((s)); \
+ FD_SET((s), &slap_daemon.sd_actives); \
+ FD_SET((s), &slap_daemon.sd_readers); \
+} while (0)
+
+# define SLAP_SOCK_DEL(s) do { \
+ FD_CLR((s), &slap_daemon.sd_actives); \
+ FD_CLR((s), &slap_daemon.sd_readers); \
+ FD_CLR((s), &slap_daemon.sd_writers); \
+} while (0)
+
+# define SLAP_EVENT_IS_READ(fd) FD_ISSET((fd), &readfds)
+# define SLAP_EVENT_IS_WRITE(fd) FD_ISSET((fd), &writefds)
+
+# define SLAP_EVENT_CLR_READ(fd) FD_CLR((fd), &readfds)
+# define SLAP_EVENT_CLR_WRITE(fd) FD_CLR((fd), &writefds)
+
+# define SLAP_EVENT_WAIT(tvp, nsp) do { \
+ *(nsp) = select( SLAP_EVENT_MAX, &readfds, \
+ nwriters > 0 ? &writefds : NULL, NULL, (tvp) ); \
+} while (0)
+#endif /* ! epoll && ! /dev/poll */
+
+#ifdef HAVE_SLP
+/*
+ * SLP related functions
+ */
+#include <slp.h>
+
+#define LDAP_SRVTYPE_PREFIX "service:ldap://"
+#define LDAPS_SRVTYPE_PREFIX "service:ldaps://"
+static char** slapd_srvurls = NULL;
+static SLPHandle slapd_hslp = 0;
+int slapd_register_slp = 0;
+const char *slapd_slp_attrs = NULL;
+
+static SLPError slapd_slp_cookie;
+
+static void
+slapd_slp_init( const char* urls )
+{
+ int i;
+ SLPError err;
+
+ slapd_srvurls = ldap_str2charray( urls, " " );
+
+ if ( slapd_srvurls == NULL ) return;
+
+ /* find and expand INADDR_ANY URLs */
+ for ( i = 0; slapd_srvurls[i] != NULL; i++ ) {
+ if ( strcmp( slapd_srvurls[i], "ldap:///" ) == 0 ) {
+ char *host = ldap_pvt_get_fqdn( NULL );
+ if ( host != NULL ) {
+ slapd_srvurls[i] = (char *) ch_realloc( slapd_srvurls[i],
+ strlen( host ) +
+ sizeof( LDAP_SRVTYPE_PREFIX ) );
+ strcpy( lutil_strcopy(slapd_srvurls[i],
+ LDAP_SRVTYPE_PREFIX ), host );
+
+ ch_free( host );
+ }
+
+ } else if ( strcmp( slapd_srvurls[i], "ldaps:///" ) == 0 ) {
+ char *host = ldap_pvt_get_fqdn( NULL );
+ if ( host != NULL ) {
+ slapd_srvurls[i] = (char *) ch_realloc( slapd_srvurls[i],
+ strlen( host ) +
+ sizeof( LDAPS_SRVTYPE_PREFIX ) );
+ strcpy( lutil_strcopy(slapd_srvurls[i],
+ LDAPS_SRVTYPE_PREFIX ), host );
+
+ ch_free( host );
+ }
+ }
+ }
+
+ /* open the SLP handle */
+ err = SLPOpen( "en", 0, &slapd_hslp );
+
+ if ( err != SLP_OK ) {
+ Debug( LDAP_DEBUG_CONNS, "daemon: SLPOpen() failed with %ld\n",
+ (long)err, 0, 0 );
+ }
+}
+
+static void
+slapd_slp_deinit( void )
+{
+ if ( slapd_srvurls == NULL ) return;
+
+ ldap_charray_free( slapd_srvurls );
+ slapd_srvurls = NULL;
+
+ /* close the SLP handle */
+ SLPClose( slapd_hslp );
+}
+
+static void
+slapd_slp_regreport(
+ SLPHandle hslp,
+ SLPError errcode,
+ void *cookie )
+{
+ /* return the error code in the cookie */
+ *(SLPError*)cookie = errcode;
+}
+
+static void
+slapd_slp_reg()
+{
+ int i;
+ SLPError err;
+
+ if ( slapd_srvurls == NULL ) return;
+
+ for ( i = 0; slapd_srvurls[i] != NULL; i++ ) {
+ if ( strncmp( slapd_srvurls[i], LDAP_SRVTYPE_PREFIX,
+ sizeof( LDAP_SRVTYPE_PREFIX ) - 1 ) == 0 ||
+ strncmp( slapd_srvurls[i], LDAPS_SRVTYPE_PREFIX,
+ sizeof( LDAPS_SRVTYPE_PREFIX ) - 1 ) == 0 )
+ {
+ err = SLPReg( slapd_hslp,
+ slapd_srvurls[i],
+ SLP_LIFETIME_MAXIMUM,
+ "ldap",
+ (slapd_slp_attrs) ? slapd_slp_attrs : "",
+ SLP_TRUE,
+ slapd_slp_regreport,
+ &slapd_slp_cookie );
+
+ if ( err != SLP_OK || slapd_slp_cookie != SLP_OK ) {
+ Debug( LDAP_DEBUG_CONNS,
+ "daemon: SLPReg(%s) failed with %ld, cookie = %ld\n",
+ slapd_srvurls[i], (long)err, (long)slapd_slp_cookie );
+ }
+ }
+ }
+}
+
+static void
+slapd_slp_dereg( void )
+{
+ int i;
+ SLPError err;
+
+ if ( slapd_srvurls == NULL ) return;
+
+ for ( i = 0; slapd_srvurls[i] != NULL; i++ ) {
+ err = SLPDereg( slapd_hslp,
+ slapd_srvurls[i],
+ slapd_slp_regreport,
+ &slapd_slp_cookie );
+
+ if ( err != SLP_OK || slapd_slp_cookie != SLP_OK ) {
+ Debug( LDAP_DEBUG_CONNS,
+ "daemon: SLPDereg(%s) failed with %ld, cookie = %ld\n",
+ slapd_srvurls[i], (long)err, (long)slapd_slp_cookie );
+ }
+ }
+}
+#endif /* HAVE_SLP */
+
+/*
+ * Add a descriptor to daemon control
+ *
+ * If isactive, the descriptor is a live server session and is subject
+ * to idletimeout control. Otherwise, the descriptor is a passive
+ * listener or an outbound client session, and not subject to
+ * idletimeout. The underlying event handler may record the Listener
+ * argument to differentiate Listener's from real sessions.
+ */
+static void
+slapd_add( ber_socket_t s, int isactive, Listener *sl )
+{
+ ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
+
+ assert( SLAP_SOCK_NOT_ACTIVE(s) );
+
+ if ( isactive ) slap_daemon.sd_nactives++;
+
+ SLAP_SOCK_ADD(s, sl);
+
+ Debug( LDAP_DEBUG_CONNS, "daemon: added %ldr%s listener=%p\n",
+ (long) s, isactive ? " (active)" : "", (void *)sl );
+
+ ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ WAKE_LISTENER(1);
+#endif /* SLAP_LIGHTWEIGHT_DISPATCHER */
+}
+
+/*
+ * NOTE: unused
+ */
+void
+slapd_sd_lock( void )
+{
+ ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
+}
+
+/*
+ * NOTE: unused
+ */
+void
+slapd_sd_unlock( void )
+{
+ ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
+}
+
+/*
+ * Remove the descriptor from daemon control
+ */
+void
+slapd_remove(
+ ber_socket_t s,
+ Sockbuf *sb,
+ int wasactive,
+ int wake,
+ int locked )
+{
+ int waswriter;
+ int wasreader;
+
+ if ( !locked )
+ ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
+
+ assert( SLAP_SOCK_IS_ACTIVE( s ));
+
+ if ( wasactive ) slap_daemon.sd_nactives--;
+
+ waswriter = SLAP_SOCK_IS_WRITE(s);
+ wasreader = SLAP_SOCK_IS_READ(s);
+
+ Debug( LDAP_DEBUG_CONNS, "daemon: removing %ld%s%s\n",
+ (long) s,
+ wasreader ? "r" : "",
+ waswriter ? "w" : "" );
+
+ if ( waswriter ) slap_daemon.sd_nwriters--;
+
+ SLAP_SOCK_DEL(s);
+
+ if ( sb )
+ ber_sockbuf_free(sb);
+
+ /* If we ran out of file descriptors, we dropped a listener from
+ * the select() loop. Now that we're removing a session from our
+ * control, we can try to resume a dropped listener to use.
+ */
+ if ( emfile ) {
+ int i;
+ for ( i = 0; slap_listeners[i] != NULL; i++ ) {
+ Listener *lr = slap_listeners[i];
+
+ if ( lr->sl_sd == AC_SOCKET_INVALID ) continue;
+ if ( lr->sl_sd == s ) continue;
+ if ( lr->sl_mute ) {
+ lr->sl_mute = 0;
+ emfile--;
+ break;
+ }
+ }
+ /* Walked the entire list without enabling anything; emfile
+ * counter is stale. Reset it.
+ */
+ if ( slap_listeners[i] == NULL ) emfile = 0;
+ }
+ ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
+ WAKE_LISTENER(wake || slapd_gentle_shutdown == 2);
+}
+
+void
+slapd_clr_write( ber_socket_t s, int wake )
+{
+ ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
+
+ assert( SLAP_SOCK_IS_ACTIVE( s ));
+
+ if ( SLAP_SOCK_IS_WRITE( s )) {
+ SLAP_SOCK_CLR_WRITE( s );
+ slap_daemon.sd_nwriters--;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
+ WAKE_LISTENER(wake);
+}
+
+void
+slapd_set_write( ber_socket_t s, int wake )
+{
+ ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
+
+ assert( SLAP_SOCK_IS_ACTIVE( s ));
+
+ if ( !SLAP_SOCK_IS_WRITE( s )) {
+ SLAP_SOCK_SET_WRITE( s );
+ slap_daemon.sd_nwriters++;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
+ WAKE_LISTENER(wake);
+}
+
+int
+slapd_clr_read( ber_socket_t s, int wake )
+{
+ int rc = 1;
+ ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
+
+ if ( SLAP_SOCK_IS_ACTIVE( s )) {
+ SLAP_SOCK_CLR_READ( s );
+ rc = 0;
+ }
+ ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
+ if ( !rc )
+ WAKE_LISTENER(wake);
+ return rc;
+}
+
+void
+slapd_set_read( ber_socket_t s, int wake )
+{
+ ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
+
+ assert( SLAP_SOCK_IS_ACTIVE( s ));
+ if (!SLAP_SOCK_IS_READ( s )) SLAP_SOCK_SET_READ( s );
+
+ ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
+ WAKE_LISTENER(wake);
+}
+
+static void
+slapd_close( ber_socket_t s )
+{
+ Debug( LDAP_DEBUG_CONNS, "daemon: closing %ld\n",
+ (long) s, 0, 0 );
+ tcp_close(s);
+}
+
+static void
+slap_free_listener_addresses( struct sockaddr **sal )
+{
+ struct sockaddr **sap;
+ if (sal == NULL) return;
+ for (sap = sal; *sap != NULL; sap++) ch_free(*sap);
+ ch_free(sal);
+}
+
+#if defined(LDAP_PF_LOCAL) || defined(SLAP_X_LISTENER_MOD)
+static int
+get_url_perms(
+ char **exts,
+ mode_t *perms,
+ int *crit )
+{
+ int i;
+
+ assert( exts != NULL );
+ assert( perms != NULL );
+ assert( crit != NULL );
+
+ *crit = 0;
+ for ( i = 0; exts[ i ]; i++ ) {
+ char *type = exts[ i ];
+ int c = 0;
+
+ if ( type[ 0 ] == '!' ) {
+ c = 1;
+ type++;
+ }
+
+ if ( strncasecmp( type, LDAPI_MOD_URLEXT "=",
+ sizeof(LDAPI_MOD_URLEXT "=") - 1 ) == 0 )
+ {
+ char *value = type + ( sizeof(LDAPI_MOD_URLEXT "=") - 1 );
+ mode_t p = 0;
+ int j;
+
+ switch (strlen(value)) {
+ case 4:
+ /* skip leading '0' */
+ if ( value[ 0 ] != '0' ) return LDAP_OTHER;
+ value++;
+
+ case 3:
+ for ( j = 0; j < 3; j++) {
+ int v;
+
+ v = value[ j ] - '0';
+
+ if ( v < 0 || v > 7 ) return LDAP_OTHER;
+
+ p |= v << 3*(2-j);
+ }
+ break;
+
+ case 10:
+ for ( j = 1; j < 10; j++ ) {
+ static mode_t m[] = { 0,
+ S_IRUSR, S_IWUSR, S_IXUSR,
+ S_IRGRP, S_IWGRP, S_IXGRP,
+ S_IROTH, S_IWOTH, S_IXOTH
+ };
+ static char c[] = "-rwxrwxrwx";
+
+ if ( value[ j ] == c[ j ] ) {
+ p |= m[ j ];
+
+ } else if ( value[ j ] != '-' ) {
+ return LDAP_OTHER;
+ }
+ }
+ break;
+
+ default:
+ return LDAP_OTHER;
+ }
+
+ *crit = c;
+ *perms = p;
+
+ return LDAP_SUCCESS;
+ }
+ }
+
+ return LDAP_OTHER;
+}
+#endif /* LDAP_PF_LOCAL || SLAP_X_LISTENER_MOD */
+
+/* port = 0 indicates AF_LOCAL */
+static int
+slap_get_listener_addresses(
+ const char *host,
+ unsigned short port,
+ struct sockaddr ***sal )
+{
+ struct sockaddr **sap;
+
+#ifdef LDAP_PF_LOCAL
+ if ( port == 0 ) {
+ *sal = ch_malloc(2 * sizeof(void *));
+ if (*sal == NULL) return -1;
+
+ sap = *sal;
+ *sap = ch_malloc(sizeof(struct sockaddr_un));
+ if (*sap == NULL) goto errexit;
+ sap[1] = NULL;
+
+ if ( strlen(host) >
+ (sizeof(((struct sockaddr_un *)*sap)->sun_path) - 1) )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: domain socket path (%s) too long in URL",
+ host, 0, 0);
+ goto errexit;
+ }
+
+ (void)memset( (void *)*sap, '\0', sizeof(struct sockaddr_un) );
+ (*sap)->sa_family = AF_LOCAL;
+ strcpy( ((struct sockaddr_un *)*sap)->sun_path, host );
+ } else
+#endif /* LDAP_PF_LOCAL */
+ {
+#ifdef HAVE_GETADDRINFO
+ struct addrinfo hints, *res, *sai;
+ int n, err;
+ char serv[7];
+
+ memset( &hints, '\0', sizeof(hints) );
+ hints.ai_flags = AI_PASSIVE;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_family = slap_inet4or6;
+ snprintf(serv, sizeof serv, "%d", port);
+
+ if ( (err = getaddrinfo(host, serv, &hints, &res)) ) {
+ Debug( LDAP_DEBUG_ANY, "daemon: getaddrinfo() failed: %s\n",
+ AC_GAI_STRERROR(err), 0, 0);
+ return -1;
+ }
+
+ sai = res;
+ for (n=2; (sai = sai->ai_next) != NULL; n++) {
+ /* EMPTY */ ;
+ }
+ *sal = ch_calloc(n, sizeof(void *));
+ if (*sal == NULL) return -1;
+
+ sap = *sal;
+ *sap = NULL;
+
+ for ( sai=res; sai; sai=sai->ai_next ) {
+ if( sai->ai_addr == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "slap_get_listener_addresses: "
+ "getaddrinfo ai_addr is NULL?\n", 0, 0, 0 );
+ freeaddrinfo(res);
+ goto errexit;
+ }
+
+ switch (sai->ai_family) {
+# ifdef LDAP_PF_INET6
+ case AF_INET6:
+ *sap = ch_malloc(sizeof(struct sockaddr_in6));
+ if (*sap == NULL) {
+ freeaddrinfo(res);
+ goto errexit;
+ }
+ *(struct sockaddr_in6 *)*sap =
+ *((struct sockaddr_in6 *)sai->ai_addr);
+ break;
+# endif /* LDAP_PF_INET6 */
+ case AF_INET:
+ *sap = ch_malloc(sizeof(struct sockaddr_in));
+ if (*sap == NULL) {
+ freeaddrinfo(res);
+ goto errexit;
+ }
+ *(struct sockaddr_in *)*sap =
+ *((struct sockaddr_in *)sai->ai_addr);
+ break;
+ default:
+ *sap = NULL;
+ break;
+ }
+
+ if (*sap != NULL) {
+ (*sap)->sa_family = sai->ai_family;
+ sap++;
+ *sap = NULL;
+ }
+ }
+
+ freeaddrinfo(res);
+
+#else /* ! HAVE_GETADDRINFO */
+ int i, n = 1;
+ struct in_addr in;
+ struct hostent *he = NULL;
+
+ if ( host == NULL ) {
+ in.s_addr = htonl(INADDR_ANY);
+
+ } else if ( !inet_aton( host, &in ) ) {
+ he = gethostbyname( host );
+ if( he == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: invalid host %s", host, 0, 0);
+ return -1;
+ }
+ for (n = 0; he->h_addr_list[n]; n++) /* empty */;
+ }
+
+ *sal = ch_malloc((n+1) * sizeof(void *));
+ if (*sal == NULL) return -1;
+
+ sap = *sal;
+ for ( i = 0; i<n; i++ ) {
+ sap[i] = ch_malloc(sizeof(struct sockaddr_in));
+ if (*sap == NULL) goto errexit;
+
+ (void)memset( (void *)sap[i], '\0', sizeof(struct sockaddr_in) );
+ sap[i]->sa_family = AF_INET;
+ ((struct sockaddr_in *)sap[i])->sin_port = htons(port);
+ AC_MEMCPY( &((struct sockaddr_in *)sap[i])->sin_addr,
+ he ? (struct in_addr *)he->h_addr_list[i] : &in,
+ sizeof(struct in_addr) );
+ }
+ sap[i] = NULL;
+#endif /* ! HAVE_GETADDRINFO */
+ }
+
+ return 0;
+
+errexit:
+ slap_free_listener_addresses(*sal);
+ return -1;
+}
+
+static int
+slap_open_listener(
+ const char* url,
+ int *listeners,
+ int *cur )
+{
+ int num, tmp, rc;
+ Listener l;
+ Listener *li;
+ LDAPURLDesc *lud;
+ unsigned short port;
+ int err, addrlen = 0;
+ struct sockaddr **sal, **psal;
+ int socktype = SOCK_STREAM; /* default to COTS */
+
+#if defined(LDAP_PF_LOCAL) || defined(SLAP_X_LISTENER_MOD)
+ /*
+ * use safe defaults
+ */
+ int crit = 1;
+#endif /* LDAP_PF_LOCAL || SLAP_X_LISTENER_MOD */
+
+ rc = ldap_url_parse( url, &lud );
+
+ if( rc != LDAP_URL_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: listen URL \"%s\" parse error=%d\n",
+ url, rc, 0 );
+ return rc;
+ }
+
+ l.sl_url.bv_val = NULL;
+ l.sl_mute = 0;
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ l.sl_busy = 0;
+#endif /* SLAP_LIGHTWEIGHT_DISPATCHER */
+
+#ifndef HAVE_TLS
+ if( ldap_pvt_url_scheme2tls( lud->lud_scheme ) ) {
+ Debug( LDAP_DEBUG_ANY, "daemon: TLS not supported (%s)\n",
+ url, 0, 0 );
+ ldap_free_urldesc( lud );
+ return -1;
+ }
+
+ if(! lud->lud_port ) lud->lud_port = LDAP_PORT;
+
+#else /* HAVE_TLS */
+ l.sl_is_tls = ldap_pvt_url_scheme2tls( lud->lud_scheme );
+
+ if(! lud->lud_port ) {
+ lud->lud_port = l.sl_is_tls ? LDAPS_PORT : LDAP_PORT;
+ }
+#endif /* HAVE_TLS */
+
+ port = (unsigned short) lud->lud_port;
+
+ tmp = ldap_pvt_url_scheme2proto(lud->lud_scheme);
+ if ( tmp == LDAP_PROTO_IPC ) {
+#ifdef LDAP_PF_LOCAL
+ if ( lud->lud_host == NULL || lud->lud_host[0] == '\0' ) {
+ err = slap_get_listener_addresses(LDAPI_SOCK, 0, &sal);
+ } else {
+ err = slap_get_listener_addresses(lud->lud_host, 0, &sal);
+ }
+#else /* ! LDAP_PF_LOCAL */
+
+ Debug( LDAP_DEBUG_ANY, "daemon: URL scheme not supported: %s",
+ url, 0, 0);
+ ldap_free_urldesc( lud );
+ return -1;
+#endif /* ! LDAP_PF_LOCAL */
+ } else {
+ if( lud->lud_host == NULL || lud->lud_host[0] == '\0'
+ || strcmp(lud->lud_host, "*") == 0 )
+ {
+ err = slap_get_listener_addresses(NULL, port, &sal);
+ } else {
+ err = slap_get_listener_addresses(lud->lud_host, port, &sal);
+ }
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ l.sl_is_udp = ( tmp == LDAP_PROTO_UDP );
+#endif /* LDAP_CONNECTIONLESS */
+
+#if defined(LDAP_PF_LOCAL) || defined(SLAP_X_LISTENER_MOD)
+ if ( lud->lud_exts ) {
+ err = get_url_perms( lud->lud_exts, &l.sl_perms, &crit );
+ } else {
+ l.sl_perms = S_IRWXU | S_IRWXO;
+ }
+#endif /* LDAP_PF_LOCAL || SLAP_X_LISTENER_MOD */
+
+ ldap_free_urldesc( lud );
+ if ( err ) return -1;
+
+ /* If we got more than one address returned, we need to make space
+ * for it in the slap_listeners array.
+ */
+ for ( num=0; sal[num]; num++ ) /* empty */;
+ if ( num > 1 ) {
+ *listeners += num-1;
+ slap_listeners = ch_realloc( slap_listeners,
+ (*listeners + 1) * sizeof(Listener *) );
+ }
+
+ psal = sal;
+ while ( *sal != NULL ) {
+ char *af;
+ switch( (*sal)->sa_family ) {
+ case AF_INET:
+ af = "IPv4";
+ break;
+#ifdef LDAP_PF_INET6
+ case AF_INET6:
+ af = "IPv6";
+ break;
+#endif /* LDAP_PF_INET6 */
+#ifdef LDAP_PF_LOCAL
+ case AF_LOCAL:
+ af = "Local";
+ break;
+#endif /* LDAP_PF_LOCAL */
+ default:
+ sal++;
+ continue;
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ if( l.sl_is_udp ) socktype = SOCK_DGRAM;
+#endif /* LDAP_CONNECTIONLESS */
+
+ l.sl_sd = socket( (*sal)->sa_family, socktype, 0);
+ if ( l.sl_sd == AC_SOCKET_INVALID ) {
+ int err = sock_errno();
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: %s socket() failed errno=%d (%s)\n",
+ af, err, sock_errstr(err) );
+ sal++;
+ continue;
+ }
+
+#ifndef HAVE_WINSOCK
+ if ( l.sl_sd >= dtblsize ) {
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: listener descriptor %ld is too great %ld\n",
+ (long) l.sl_sd, (long) dtblsize, 0 );
+ tcp_close( l.sl_sd );
+ sal++;
+ continue;
+ }
+#endif /* ! HAVE_WINSOCK */
+
+#ifdef LDAP_PF_LOCAL
+ if ( (*sal)->sa_family == AF_LOCAL ) {
+ unlink( ((struct sockaddr_un *)*sal)->sun_path );
+ } else
+#endif /* LDAP_PF_LOCAL */
+ {
+#ifdef SO_REUSEADDR
+ /* enable address reuse */
+ tmp = 1;
+ rc = setsockopt( l.sl_sd, SOL_SOCKET, SO_REUSEADDR,
+ (char *) &tmp, sizeof(tmp) );
+ if ( rc == AC_SOCKET_ERROR ) {
+ int err = sock_errno();
+ Debug( LDAP_DEBUG_ANY, "slapd(%ld): "
+ "setsockopt(SO_REUSEADDR) failed errno=%d (%s)\n",
+ (long) l.sl_sd, err, sock_errstr(err) );
+ }
+#endif /* SO_REUSEADDR */
+ }
+
+ switch( (*sal)->sa_family ) {
+ case AF_INET:
+ addrlen = sizeof(struct sockaddr_in);
+ break;
+#ifdef LDAP_PF_INET6
+ case AF_INET6:
+#ifdef IPV6_V6ONLY
+ /* Try to use IPv6 sockets for IPv6 only */
+ tmp = 1;
+ rc = setsockopt( l.sl_sd, IPPROTO_IPV6, IPV6_V6ONLY,
+ (char *) &tmp, sizeof(tmp) );
+ if ( rc == AC_SOCKET_ERROR ) {
+ int err = sock_errno();
+ Debug( LDAP_DEBUG_ANY, "slapd(%ld): "
+ "setsockopt(IPV6_V6ONLY) failed errno=%d (%s)\n",
+ (long) l.sl_sd, err, sock_errstr(err) );
+ }
+#endif /* IPV6_V6ONLY */
+ addrlen = sizeof(struct sockaddr_in6);
+ break;
+#endif /* LDAP_PF_INET6 */
+
+#ifdef LDAP_PF_LOCAL
+ case AF_LOCAL:
+#ifdef LOCAL_CREDS
+ {
+ int one = 1;
+ setsockopt( l.sl_sd, 0, LOCAL_CREDS, &one, sizeof( one ) );
+ }
+#endif /* LOCAL_CREDS */
+
+ addrlen = sizeof( struct sockaddr_un );
+ break;
+#endif /* LDAP_PF_LOCAL */
+ }
+
+#ifdef LDAP_PF_LOCAL
+ /* create socket with all permissions set for those systems
+ * that honor permissions on sockets (e.g. Linux); typically,
+ * only write is required. To exploit filesystem permissions,
+ * place the socket in a directory and use directory's
+ * permissions. Need write perms to the directory to
+ * create/unlink the socket; likely need exec perms to access
+ * the socket (ITS#4709) */
+ {
+ mode_t old_umask;
+
+ if ( (*sal)->sa_family == AF_LOCAL ) {
+ old_umask = umask( 0 );
+ }
+#endif /* LDAP_PF_LOCAL */
+ rc = bind( l.sl_sd, *sal, addrlen );
+#ifdef LDAP_PF_LOCAL
+ if ( (*sal)->sa_family == AF_LOCAL ) {
+ umask( old_umask );
+ }
+ }
+#endif /* LDAP_PF_LOCAL */
+ if ( rc ) {
+ err = sock_errno();
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: bind(%ld) failed errno=%d (%s)\n",
+ (long)l.sl_sd, err, sock_errstr( err ) );
+ tcp_close( l.sl_sd );
+ sal++;
+ continue;
+ }
+
+ switch ( (*sal)->sa_family ) {
+#ifdef LDAP_PF_LOCAL
+ case AF_LOCAL: {
+ char *addr = ((struct sockaddr_un *)*sal)->sun_path;
+ l.sl_name.bv_len = strlen(addr) + sizeof("PATH=") - 1;
+ l.sl_name.bv_val = ber_memalloc( l.sl_name.bv_len + 1 );
+ snprintf( l.sl_name.bv_val, l.sl_name.bv_len + 1,
+ "PATH=%s", addr );
+ } break;
+#endif /* LDAP_PF_LOCAL */
+
+ case AF_INET: {
+ char *s;
+#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
+ char addr[INET_ADDRSTRLEN];
+ inet_ntop( AF_INET, &((struct sockaddr_in *)*sal)->sin_addr,
+ addr, sizeof(addr) );
+ s = addr;
+#else /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
+ s = inet_ntoa( ((struct sockaddr_in *) *sal)->sin_addr );
+#endif /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
+ port = ntohs( ((struct sockaddr_in *)*sal) ->sin_port );
+ l.sl_name.bv_val =
+ ber_memalloc( sizeof("IP=255.255.255.255:65535") );
+ snprintf( l.sl_name.bv_val, sizeof("IP=255.255.255.255:65535"),
+ "IP=%s:%d",
+ s != NULL ? s : SLAP_STRING_UNKNOWN, port );
+ l.sl_name.bv_len = strlen( l.sl_name.bv_val );
+ } break;
+
+#ifdef LDAP_PF_INET6
+ case AF_INET6: {
+ char addr[INET6_ADDRSTRLEN];
+ inet_ntop( AF_INET6, &((struct sockaddr_in6 *)*sal)->sin6_addr,
+ addr, sizeof addr);
+ port = ntohs( ((struct sockaddr_in6 *)*sal)->sin6_port );
+ l.sl_name.bv_len = strlen(addr) + sizeof("IP= 65535");
+ l.sl_name.bv_val = ber_memalloc( l.sl_name.bv_len );
+ snprintf( l.sl_name.bv_val, l.sl_name.bv_len, "IP=%s %d",
+ addr, port );
+ l.sl_name.bv_len = strlen( l.sl_name.bv_val );
+ } break;
+#endif /* LDAP_PF_INET6 */
+
+ default:
+ Debug( LDAP_DEBUG_ANY, "daemon: unsupported address family (%d)\n",
+ (int) (*sal)->sa_family, 0, 0 );
+ break;
+ }
+
+ AC_MEMCPY(&l.sl_sa, *sal, addrlen);
+ ber_str2bv( url, 0, 1, &l.sl_url);
+ li = ch_malloc( sizeof( Listener ) );
+ *li = l;
+ slap_listeners[*cur] = li;
+ (*cur)++;
+ sal++;
+ }
+
+ slap_free_listener_addresses(psal);
+
+ if ( l.sl_url.bv_val == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_open_listener: failed on %s\n", url, 0, 0 );
+ return -1;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "daemon: listener initialized %s\n",
+ l.sl_url.bv_val, 0, 0 );
+ return 0;
+}
+
+static int sockinit(void);
+static int sockdestroy(void);
+
+int
+slapd_daemon_init( const char *urls )
+{
+ int i, j, n, rc;
+ char **u;
+
+ Debug( LDAP_DEBUG_ARGS, "daemon_init: %s\n",
+ urls ? urls : "<null>", 0, 0 );
+
+ ldap_pvt_thread_mutex_init( &slap_daemon.sd_mutex );
+#ifdef HAVE_TCPD
+ ldap_pvt_thread_mutex_init( &slap_daemon.sd_tcpd_mutex );
+#endif /* TCP Wrappers */
+
+ if( (rc = sockinit()) != 0 ) return rc;
+
+#ifdef HAVE_SYSCONF
+ dtblsize = sysconf( _SC_OPEN_MAX );
+#elif HAVE_GETDTABLESIZE
+ dtblsize = getdtablesize();
+#else /* ! HAVE_SYSCONF && ! HAVE_GETDTABLESIZE */
+ dtblsize = FD_SETSIZE;
+#endif /* ! HAVE_SYSCONF && ! HAVE_GETDTABLESIZE */
+
+ /* open a pipe (or something equivalent connected to itself).
+ * we write a byte on this fd whenever we catch a signal. The main
+ * loop will be select'ing on this socket, and will wake up when
+ * this byte arrives.
+ */
+ if( (rc = lutil_pair( wake_sds )) < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: lutil_pair() failed rc=%d\n", rc, 0, 0 );
+ return rc;
+ }
+
+ SLAP_SOCK_INIT;
+
+ if( urls == NULL ) urls = "ldap:///";
+
+ u = ldap_str2charray( urls, " " );
+
+ if( u == NULL || u[0] == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "daemon_init: no urls (%s) provided.\n",
+ urls, 0, 0 );
+ if ( u )
+ ldap_charray_free( u );
+ return -1;
+ }
+
+ for( i=0; u[i] != NULL; i++ ) {
+ Debug( LDAP_DEBUG_TRACE, "daemon_init: listen on %s\n",
+ u[i], 0, 0 );
+ }
+
+ if( i == 0 ) {
+ Debug( LDAP_DEBUG_ANY, "daemon_init: no listeners to open (%s)\n",
+ urls, 0, 0 );
+ ldap_charray_free( u );
+ return -1;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "daemon_init: %d listeners to open...\n",
+ i, 0, 0 );
+ slap_listeners = ch_malloc( (i+1)*sizeof(Listener *) );
+
+ for(n = 0, j = 0; u[n]; n++ ) {
+ if ( slap_open_listener( u[n], &i, &j ) ) {
+ ldap_charray_free( u );
+ return -1;
+ }
+ }
+ slap_listeners[j] = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "daemon_init: %d listeners opened\n",
+ i, 0, 0 );
+
+
+#ifdef HAVE_SLP
+ if( slapd_register_slp ) {
+ slapd_slp_init( urls );
+ slapd_slp_reg();
+ }
+#endif /* HAVE_SLP */
+
+ ldap_charray_free( u );
+
+ return !i;
+}
+
+
+int
+slapd_daemon_destroy( void )
+{
+ connections_destroy();
+ tcp_close( wake_sds[1] );
+ tcp_close( wake_sds[0] );
+ sockdestroy();
+
+#ifdef HAVE_SLP
+ if( slapd_register_slp ) {
+ slapd_slp_dereg();
+ slapd_slp_deinit();
+ }
+#endif /* HAVE_SLP */
+
+#ifdef HAVE_TCPD
+ ldap_pvt_thread_mutex_destroy( &slap_daemon.sd_tcpd_mutex );
+#endif /* TCP Wrappers */
+
+ ldap_pvt_thread_mutex_destroy( &slap_daemon.sd_mutex );
+ return 0;
+}
+
+
+static void
+close_listeners(
+ int remove )
+{
+ int l;
+
+ for ( l = 0; slap_listeners[l] != NULL; l++ ) {
+ Listener *lr = slap_listeners[l];
+
+ if ( lr->sl_sd != AC_SOCKET_INVALID ) {
+ if ( remove ) slapd_remove( lr->sl_sd, NULL, 0, 0, 0 );
+
+#ifdef LDAP_PF_LOCAL
+ if ( lr->sl_sa.sa_addr.sa_family == AF_LOCAL ) {
+ unlink( lr->sl_sa.sa_un_addr.sun_path );
+ }
+#endif /* LDAP_PF_LOCAL */
+
+ slapd_close( lr->sl_sd );
+ }
+
+ if ( lr->sl_url.bv_val ) {
+ ber_memfree( lr->sl_url.bv_val );
+ }
+
+ if ( lr->sl_name.bv_val ) {
+ ber_memfree( lr->sl_name.bv_val );
+ }
+
+ free( lr );
+ slap_listeners[l] = NULL;
+ }
+}
+
+static int
+slap_listener(
+ Listener *sl )
+{
+ Sockaddr from;
+
+ ber_socket_t s;
+ socklen_t len = sizeof(from);
+ long id;
+ slap_ssf_t ssf = 0;
+ struct berval authid = BER_BVNULL;
+#ifdef SLAPD_RLOOKUPS
+ char hbuf[NI_MAXHOST];
+#endif /* SLAPD_RLOOKUPS */
+
+ char *dnsname = NULL;
+ char *peeraddr = NULL;
+#ifdef LDAP_PF_LOCAL
+ char peername[MAXPATHLEN + sizeof("PATH=")];
+#elif defined(LDAP_PF_INET6)
+ char peername[sizeof("IP=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 65535")];
+#else /* ! LDAP_PF_LOCAL && ! LDAP_PF_INET6 */
+ char peername[sizeof("IP=255.255.255.255:65336")];
+#endif /* LDAP_PF_LOCAL */
+
+ Debug( LDAP_DEBUG_TRACE,
+ ">>> slap_listener(%s)\n",
+ sl->sl_url.bv_val, 0, 0 );
+
+ peername[0] = '\0';
+
+#ifdef LDAP_CONNECTIONLESS
+ if ( sl->sl_is_udp ) return 1;
+#endif /* LDAP_CONNECTIONLESS */
+
+# ifdef LDAP_PF_LOCAL
+ /* FIXME: apparently accept doesn't fill
+ * the sun_path sun_path member */
+ from.sa_un_addr.sun_path[0] = '\0';
+# endif /* LDAP_PF_LOCAL */
+
+ s = accept( sl->sl_sd, (struct sockaddr *) &from, &len );
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ /* Resume the listener FD to allow concurrent-processing of
+ * additional incoming connections.
+ */
+ sl->sl_busy = 0;
+ WAKE_LISTENER(1);
+#endif /* SLAP_LIGHTWEIGHT_DISPATCHER */
+
+ if ( s == AC_SOCKET_INVALID ) {
+ int err = sock_errno();
+
+ if(
+#ifdef EMFILE
+ err == EMFILE ||
+#endif /* EMFILE */
+#ifdef ENFILE
+ err == ENFILE ||
+#endif /* ENFILE */
+ 0 )
+ {
+ ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
+ emfile++;
+ /* Stop listening until an existing session closes */
+ sl->sl_mute = 1;
+ ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
+ }
+
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: accept(%ld) failed errno=%d (%s)\n",
+ (long) sl->sl_sd, err, sock_errstr(err) );
+ ldap_pvt_thread_yield();
+ return 0;
+ }
+
+#ifndef HAVE_WINSOCK
+ /* make sure descriptor number isn't too great */
+ if ( s >= dtblsize ) {
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: %ld beyond descriptor table size %ld\n",
+ (long) s, (long) dtblsize, 0 );
+
+ slapd_close(s);
+ ldap_pvt_thread_yield();
+ return 0;
+ }
+#endif /* ! HAVE_WINSOCK */
+
+#ifdef LDAP_DEBUG
+ ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
+ /* newly accepted stream should not be in any of the FD SETS */
+ assert( SLAP_SOCK_NOT_ACTIVE( s ));
+ ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
+#endif /* LDAP_DEBUG */
+
+#if defined( SO_KEEPALIVE ) || defined( TCP_NODELAY )
+#ifdef LDAP_PF_LOCAL
+ /* for IPv4 and IPv6 sockets only */
+ if ( from.sa_addr.sa_family != AF_LOCAL )
+#endif /* LDAP_PF_LOCAL */
+ {
+ int rc;
+ int tmp;
+#ifdef SO_KEEPALIVE
+ /* enable keep alives */
+ tmp = 1;
+ rc = setsockopt( s, SOL_SOCKET, SO_KEEPALIVE,
+ (char *) &tmp, sizeof(tmp) );
+ if ( rc == AC_SOCKET_ERROR ) {
+ int err = sock_errno();
+ Debug( LDAP_DEBUG_ANY,
+ "slapd(%ld): setsockopt(SO_KEEPALIVE) failed "
+ "errno=%d (%s)\n", (long) s, err, sock_errstr(err) );
+ }
+#endif /* SO_KEEPALIVE */
+#ifdef TCP_NODELAY
+ /* enable no delay */
+ tmp = 1;
+ rc = setsockopt( s, IPPROTO_TCP, TCP_NODELAY,
+ (char *)&tmp, sizeof(tmp) );
+ if ( rc == AC_SOCKET_ERROR ) {
+ int err = sock_errno();
+ Debug( LDAP_DEBUG_ANY,
+ "slapd(%ld): setsockopt(TCP_NODELAY) failed "
+ "errno=%d (%s)\n", (long) s, err, sock_errstr(err) );
+ }
+#endif /* TCP_NODELAY */
+ }
+#endif /* SO_KEEPALIVE || TCP_NODELAY */
+
+ Debug( LDAP_DEBUG_CONNS,
+ "daemon: listen=%ld, new connection on %ld\n",
+ (long) sl->sl_sd, (long) s, 0 );
+
+ switch ( from.sa_addr.sa_family ) {
+# ifdef LDAP_PF_LOCAL
+ case AF_LOCAL:
+ /* FIXME: apparently accept doesn't fill
+ * the sun_path sun_path member */
+ if ( from.sa_un_addr.sun_path[0] == '\0' ) {
+ AC_MEMCPY( from.sa_un_addr.sun_path,
+ sl->sl_sa.sa_un_addr.sun_path,
+ sizeof( from.sa_un_addr.sun_path ) );
+ }
+
+ sprintf( peername, "PATH=%s", from.sa_un_addr.sun_path );
+ ssf = local_ssf;
+ {
+ uid_t uid;
+ gid_t gid;
+
+ if( getpeereid( s, &uid, &gid ) == 0 ) {
+ authid.bv_val = ch_malloc(
+ STRLENOF( "gidNumber=4294967295+uidNumber=4294967295,"
+ "cn=peercred,cn=external,cn=auth" ) + 1 );
+ authid.bv_len = sprintf( authid.bv_val,
+ "gidNumber=%d+uidNumber=%d,"
+ "cn=peercred,cn=external,cn=auth",
+ (int) gid, (int) uid );
+ assert( authid.bv_len <=
+ STRLENOF( "gidNumber=4294967295+uidNumber=4294967295,"
+ "cn=peercred,cn=external,cn=auth" ) );
+ }
+ }
+ dnsname = "local";
+ break;
+#endif /* LDAP_PF_LOCAL */
+
+# ifdef LDAP_PF_INET6
+ case AF_INET6:
+ if ( IN6_IS_ADDR_V4MAPPED(&from.sa_in6_addr.sin6_addr) ) {
+ peeraddr = inet_ntoa( *((struct in_addr *)
+ &from.sa_in6_addr.sin6_addr.s6_addr[12]) );
+ sprintf( peername, "IP=%s:%d",
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
+ (unsigned) ntohs( from.sa_in6_addr.sin6_port ) );
+ } else {
+ char addr[INET6_ADDRSTRLEN];
+
+ peeraddr = (char *) inet_ntop( AF_INET6,
+ &from.sa_in6_addr.sin6_addr,
+ addr, sizeof addr );
+ sprintf( peername, "IP=%s %d",
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
+ (unsigned) ntohs( from.sa_in6_addr.sin6_port ) );
+ }
+ break;
+# endif /* LDAP_PF_INET6 */
+
+ case AF_INET:
+ peeraddr = inet_ntoa( from.sa_in_addr.sin_addr );
+ sprintf( peername, "IP=%s:%d",
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
+ (unsigned) ntohs( from.sa_in_addr.sin_port ) );
+ break;
+
+ default:
+ slapd_close(s);
+ return 0;
+ }
+
+ if ( ( from.sa_addr.sa_family == AF_INET )
+#ifdef LDAP_PF_INET6
+ || ( from.sa_addr.sa_family == AF_INET6 )
+#endif /* LDAP_PF_INET6 */
+ )
+ {
+ dnsname = NULL;
+#ifdef SLAPD_RLOOKUPS
+ if ( use_reverse_lookup ) {
+ char *herr;
+ if (ldap_pvt_get_hname( (const struct sockaddr *)&from, len, hbuf,
+ sizeof(hbuf), &herr ) == 0) {
+ ldap_pvt_str2lower( hbuf );
+ dnsname = hbuf;
+ }
+ }
+#endif /* SLAPD_RLOOKUPS */
+
+#ifdef HAVE_TCPD
+ {
+ int rc;
+ ldap_pvt_thread_mutex_lock( &slap_daemon.sd_tcpd_mutex );
+ rc = hosts_ctl("slapd",
+ dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
+ SLAP_STRING_UNKNOWN );
+ ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_tcpd_mutex );
+ if ( !rc ) {
+ /* DENY ACCESS */
+ Statslog( LDAP_DEBUG_STATS,
+ "fd=%ld DENIED from %s (%s)\n",
+ (long) s,
+ dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
+ 0, 0 );
+ slapd_close(s);
+ return 0;
+ }
+ }
+#endif /* HAVE_TCPD */
+ }
+
+ id = connection_init(s, sl,
+ dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
+ peername,
+#ifdef HAVE_TLS
+ sl->sl_is_tls ? CONN_IS_TLS : 0,
+#else /* ! HAVE_TLS */
+ 0,
+#endif /* ! HAVE_TLS */
+ ssf,
+ authid.bv_val ? &authid : NULL );
+
+ if( authid.bv_val ) ch_free(authid.bv_val);
+
+ if( id < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: connection_init(%ld, %s, %s) failed.\n",
+ (long) s, peername, sl->sl_name.bv_val );
+ slapd_close(s);
+ return 0;
+ }
+
+ Statslog( LDAP_DEBUG_STATS,
+ "conn=%ld fd=%ld ACCEPT from %s (%s)\n",
+ id, (long) s, peername, sl->sl_name.bv_val,
+ 0 );
+
+ return 0;
+}
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+static void*
+slap_listener_thread(
+ void* ctx,
+ void* ptr )
+{
+ int rc;
+ Listener *sl = (Listener *)ptr;
+
+ rc = slap_listener( sl );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "slap_listener_thread(%s): failed err=%d",
+ sl->sl_url.bv_val, rc, 0 );
+ }
+
+ return (void*)NULL;
+}
+
+static int
+slap_listener_activate(
+ Listener* sl )
+{
+ int rc;
+
+ Debug( LDAP_DEBUG_TRACE, "slap_listener_activate(%d): %s\n",
+ sl->sl_sd, sl->sl_busy ? "busy" : "", 0 );
+
+ sl->sl_busy++;
+
+ rc = ldap_pvt_thread_pool_submit( &connection_pool,
+ slap_listener_thread, (void *) sl );
+
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "listener_activate(%d): submit failed (%d)\n",
+ sl->sl_sd, rc, 0 );
+ }
+ return rc;
+}
+#endif /* SLAP_LIGHTWEIGHT_DISPATCHER */
+
+static void *
+slapd_daemon_task(
+ void *ptr )
+{
+ int l;
+ time_t last_idle_check = 0;
+ struct timeval idle;
+ int ebadf = 0;
+
+#define SLAPD_IDLE_CHECK_LIMIT 4
+
+ if ( global_idletimeout > 0 ) {
+ last_idle_check = slap_get_time();
+ /* Set the select timeout.
+ * Don't just truncate, preserve the fractions of
+ * seconds to prevent sleeping for zero time.
+ */
+ idle.tv_sec = global_idletimeout / SLAPD_IDLE_CHECK_LIMIT;
+ idle.tv_usec = global_idletimeout - \
+ ( idle.tv_sec * SLAPD_IDLE_CHECK_LIMIT );
+ idle.tv_usec *= 1000000 / SLAPD_IDLE_CHECK_LIMIT;
+ } else {
+ idle.tv_sec = 0;
+ idle.tv_usec = 0;
+ }
+
+ slapd_add( wake_sds[0], 0, NULL );
+
+ for ( l = 0; slap_listeners[l] != NULL; l++ ) {
+ if ( slap_listeners[l]->sl_sd == AC_SOCKET_INVALID ) continue;
+
+#ifdef LDAP_CONNECTIONLESS
+ /* Since this is connectionless, the data port is the
+ * listening port. The listen() and accept() calls
+ * are unnecessary.
+ */
+ if ( slap_listeners[l]->sl_is_udp )
+ continue;
+#endif /* LDAP_CONNECTIONLESS */
+
+ if ( listen( slap_listeners[l]->sl_sd, SLAPD_LISTEN_BACKLOG ) == -1 ) {
+ int err = sock_errno();
+
+#ifdef LDAP_PF_INET6
+ /* If error is EADDRINUSE, we are trying to listen to INADDR_ANY and
+ * we are already listening to in6addr_any, then we want to ignore
+ * this and continue.
+ */
+ if ( err == EADDRINUSE ) {
+ int i;
+ struct sockaddr_in sa = slap_listeners[l]->sl_sa.sa_in_addr;
+ struct sockaddr_in6 sa6;
+
+ if ( sa.sin_family == AF_INET &&
+ sa.sin_addr.s_addr == htonl(INADDR_ANY) ) {
+ for ( i = 0 ; i < l; i++ ) {
+ sa6 = slap_listeners[i]->sl_sa.sa_in6_addr;
+ if ( sa6.sin6_family == AF_INET6 &&
+ !memcmp( &sa6.sin6_addr, &in6addr_any,
+ sizeof(struct in6_addr) ) )
+ {
+ break;
+ }
+ }
+
+ if ( i < l ) {
+ /* We are already listening to in6addr_any */
+ Debug( LDAP_DEBUG_CONNS,
+ "daemon: Attempt to listen to 0.0.0.0 failed, "
+ "already listening on ::, assuming IPv4 included\n",
+ 0, 0, 0 );
+ slapd_close( slap_listeners[l]->sl_sd );
+ slap_listeners[l]->sl_sd = AC_SOCKET_INVALID;
+ continue;
+ }
+ }
+ }
+#endif /* LDAP_PF_INET6 */
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: listen(%s, 5) failed errno=%d (%s)\n",
+ slap_listeners[l]->sl_url.bv_val, err,
+ sock_errstr(err) );
+ return (void*)-1;
+ }
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ /* make the listening socket non-blocking */
+ if ( ber_pvt_socket_set_nonblock( slap_listeners[l]->sl_sd, 1 ) < 0 ) {
+ Debug( LDAP_DEBUG_ANY, "slapd_daemon_task: "
+ "set nonblocking on a listening socket failed\n",
+ 0, 0, 0 );
+ slapd_shutdown = 2;
+ return (void*)-1;
+ }
+#endif /* SLAP_LIGHTWEIGHT_DISPATCHER */
+
+ slapd_add( slap_listeners[l]->sl_sd, 0, slap_listeners[l] );
+ }
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+ if ( started_event != NULL ) {
+ ldap_pvt_thread_cond_signal( &started_event );
+ }
+#endif /* HAVE_NT_SERVICE_MANAGER */
+
+#ifdef SLAP_SEM_LOAD_CONTROL
+ /*
+ * initialize count and lazyness of a semaphore
+ */
+ (void) ldap_lazy_sem_init(
+ SLAP_MAX_WORKER_THREADS + 4 /* max workers + margin */,
+ 4 /* lazyness */ );
+#endif /* SLAP_SEM_LOAD_CONTROL */
+
+ /* initialization complete. Here comes the loop. */
+
+ while ( !slapd_shutdown ) {
+ ber_socket_t i;
+ int ns, nwriters;
+ int at;
+ ber_socket_t nfds;
+#if SLAP_EVENTS_ARE_INDEXED
+ ber_socket_t nrfds, nwfds;
+#endif /* SLAP_EVENTS_ARE_INDEXED */
+#define SLAPD_EBADF_LIMIT 16
+
+ time_t now;
+
+ SLAP_EVENT_DECL;
+
+ struct timeval tv;
+ struct timeval *tvp;
+
+ struct timeval cat;
+ time_t tdelta = 1;
+ struct re_s* rtask;
+
+ now = slap_get_time();
+
+ if ( ( global_idletimeout > 0 ) &&
+ difftime( last_idle_check +
+ global_idletimeout/SLAPD_IDLE_CHECK_LIMIT, now ) < 0 )
+ {
+ connections_timeout_idle( now );
+ last_idle_check = now;
+ }
+ tv = idle;
+
+#ifdef SIGHUP
+ if ( slapd_gentle_shutdown ) {
+ ber_socket_t active;
+
+ if ( slapd_gentle_shutdown == 1 ) {
+ BackendDB *be;
+ Debug( LDAP_DEBUG_ANY, "slapd gentle shutdown\n", 0, 0, 0 );
+ close_listeners( 1 );
+ frontendDB->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
+ LDAP_STAILQ_FOREACH(be, &backendDB, be_next) {
+ be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
+ }
+ slapd_gentle_shutdown = 2;
+ }
+
+ ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
+ active = slap_daemon.sd_nactives;
+ ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
+ if ( active == 0 ) {
+ slapd_shutdown = 1;
+ break;
+ }
+ }
+#endif /* SIGHUP */
+ at = 0;
+
+ ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
+
+ nwriters = slap_daemon.sd_nwriters;
+
+ for ( l = 0; slap_listeners[l] != NULL; l++ ) {
+ Listener *lr = slap_listeners[l];
+
+ if ( lr->sl_sd == AC_SOCKET_INVALID ) continue;
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ if ( lr->sl_mute || lr->sl_busy )
+#else /* ! SLAP_LIGHTWEIGHT_DISPATCHER */
+ if ( lr->sl_mute )
+#endif /* ! SLAP_LIGHTWEIGHT_DISPATCHER */
+ {
+ SLAP_SOCK_CLR_READ( lr->sl_sd );
+ } else {
+ SLAP_SOCK_SET_READ( lr->sl_sd );
+ }
+ }
+
+ SLAP_EVENT_INIT;
+
+ nfds = SLAP_EVENT_MAX;
+
+ if ( global_idletimeout && slap_daemon.sd_nactives ) at = 1;
+
+ ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
+
+ if ( at
+#if defined(HAVE_YIELDING_SELECT) || defined(NO_THREADS)
+ && ( tv.tv_sec || tv.tv_usec )
+#endif /* HAVE_YIELDING_SELECT || NO_THREADS */
+ )
+ {
+ tvp = &tv;
+ } else {
+ tvp = NULL;
+ }
+
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ rtask = ldap_pvt_runqueue_next_sched( &slapd_rq, &cat );
+ while ( rtask && cat.tv_sec && cat.tv_sec <= now ) {
+ if ( ldap_pvt_runqueue_isrunning( &slapd_rq, rtask )) {
+ ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 );
+ } else {
+ ldap_pvt_runqueue_runtask( &slapd_rq, rtask );
+ ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 );
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+ ldap_pvt_thread_pool_submit( &connection_pool,
+ rtask->routine, (void *) rtask );
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ }
+ rtask = ldap_pvt_runqueue_next_sched( &slapd_rq, &cat );
+ }
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+
+ if ( rtask && cat.tv_sec ) {
+ /* NOTE: diff __should__ always be >= 0,
+ * AFAI understand; however (ITS#4872),
+ * time_t might be unsigned in some systems,
+ * while difftime() returns a double */
+ double diff = difftime( cat.tv_sec, now );
+ if ( diff <= 0 ) {
+ diff = tdelta;
+ }
+ if ( tvp == NULL || diff < tv.tv_sec ) {
+ tv.tv_sec = diff;
+ tv.tv_usec = 0;
+ tvp = &tv;
+ }
+ }
+
+ for ( l = 0; slap_listeners[l] != NULL; l++ ) {
+ Listener *lr = slap_listeners[l];
+
+ if ( lr->sl_sd == AC_SOCKET_INVALID ) {
+ continue;
+ }
+
+ if ( lr->sl_mute ) {
+ Debug( LDAP_DEBUG_CONNS,
+ "daemon: " SLAP_EVENT_FNAME ": "
+ "listen=%d muted\n",
+ lr->sl_sd, 0, 0 );
+ continue;
+ }
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ if ( lr->sl_busy ) {
+ Debug( LDAP_DEBUG_CONNS,
+ "daemon: " SLAP_EVENT_FNAME ": "
+ "listen=%d busy\n",
+ lr->sl_sd, 0, 0 );
+ continue;
+ }
+#endif /* SLAP_LIGHTWEIGHT_DISPATCHER */
+
+ Debug( LDAP_DEBUG_CONNS,
+ "daemon: " SLAP_EVENT_FNAME ": "
+ "listen=%d active_threads=%d tvp=%s\n",
+ lr->sl_sd, at, tvp == NULL ? "NULL" : "zero" );
+ }
+
+ SLAP_EVENT_WAIT( tvp, &ns );
+ switch ( ns ) {
+ case -1: { /* failure - try again */
+ int err = sock_errno();
+
+ if ( err != EINTR ) {
+ ebadf++;
+
+ /* Don't log unless we got it twice in a row */
+ if ( !( ebadf & 1 ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: "
+ SLAP_EVENT_FNAME
+ "failed count %d "
+ "err (%d): %s\n",
+ ebadf, err,
+ sock_errstr( err ) );
+ }
+ if ( ebadf >= SLAPD_EBADF_LIMIT ) {
+ slapd_shutdown = 2;
+ }
+ }
+ }
+ continue;
+
+ case 0: /* timeout - let threads run */
+ ebadf = 0;
+#ifndef HAVE_YIELDING_SELECT
+ Debug( LDAP_DEBUG_CONNS, "daemon: " SLAP_EVENT_FNAME
+ "timeout - yielding\n",
+ 0, 0, 0 );
+
+ ldap_pvt_thread_yield();
+#endif /* ! HAVE_YIELDING_SELECT */
+ continue;
+
+ default: /* something happened - deal with it */
+ if ( slapd_shutdown ) continue;
+
+ ebadf = 0;
+ Debug( LDAP_DEBUG_CONNS,
+ "daemon: activity on %d descriptor%s\n",
+ ns, ns != 1 ? "s" : "", 0 );
+ /* FALL THRU */
+ }
+
+#if SLAP_EVENTS_ARE_INDEXED
+ if ( SLAP_EVENT_IS_READ( wake_sds[0] ) ) {
+ char c[BUFSIZ];
+ SLAP_EVENT_CLR_READ( wake_sds[0] );
+ waking = 0;
+ tcp_read( wake_sds[0], c, sizeof(c) );
+ Debug( LDAP_DEBUG_CONNS, "daemon: waked\n", 0, 0, 0 );
+ continue;
+ }
+
+ /* The event slot equals the descriptor number - this is
+ * true for Unix select and poll. We treat Windows select
+ * like this too, even though it's a kludge.
+ */
+ for ( l = 0; slap_listeners[l] != NULL; l++ ) {
+ int rc;
+
+ if ( ns <= 0 ) break;
+ if ( slap_listeners[l]->sl_sd == AC_SOCKET_INVALID ) continue;
+#ifdef LDAP_CONNECTIONLESS
+ if ( slap_listeners[l]->sl_is_udp ) continue;
+#endif /* LDAP_CONNECTIONLESS */
+ if ( !SLAP_EVENT_IS_READ( slap_listeners[l]->sl_sd ) ) continue;
+
+ /* clear events */
+ SLAP_EVENT_CLR_READ( slap_listeners[l]->sl_sd );
+ SLAP_EVENT_CLR_WRITE( slap_listeners[l]->sl_sd );
+ ns--;
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ rc = slap_listener_activate( slap_listeners[l] );
+#else /* ! SLAP_LIGHTWEIGHT_DISPATCHER */
+ rc = slap_listener( slap_listeners[l] );
+#endif /* ! SLAP_LIGHTWEIGHT_DISPATCHER */
+ }
+
+ /* bypass the following tests if no descriptors left */
+ if ( ns <= 0 ) {
+#ifndef HAVE_YIELDING_SELECT
+ ldap_pvt_thread_yield();
+#endif /* HAVE_YIELDING_SELECT */
+ continue;
+ }
+
+ Debug( LDAP_DEBUG_CONNS, "daemon: activity on:", 0, 0, 0 );
+#ifdef HAVE_WINSOCK
+ nrfds = readfds.fd_count;
+ nwfds = writefds.fd_count;
+ for ( i = 0; i < readfds.fd_count; i++ ) {
+ Debug( LDAP_DEBUG_CONNS, " %d%s",
+ readfds.fd_array[i], "r", 0 );
+ }
+ for ( i = 0; i < writefds.fd_count; i++ ) {
+ Debug( LDAP_DEBUG_CONNS, " %d%s",
+ writefds.fd_array[i], "w", 0 );
+ }
+
+#else /* ! HAVE_WINSOCK */
+ nrfds = 0;
+ nwfds = 0;
+ for ( i = 0; i < nfds; i++ ) {
+ int r, w;
+
+ r = SLAP_EVENT_IS_READ( i );
+ /* writefds was not initialized if nwriters was zero */
+ w = nwriters ? SLAP_EVENT_IS_WRITE( i ) : 0;
+ if ( r || w ) {
+ Debug( LDAP_DEBUG_CONNS, " %d%s%s", i,
+ r ? "r" : "", w ? "w" : "" );
+ if ( r ) {
+ nrfds++;
+ ns--;
+ }
+ if ( w ) {
+ nwfds++;
+ ns--;
+ }
+ }
+ if ( ns <= 0 ) break;
+ }
+#endif /* ! HAVE_WINSOCK */
+ Debug( LDAP_DEBUG_CONNS, "\n", 0, 0, 0 );
+
+ /* loop through the writers */
+ for ( i = 0; nwfds > 0; i++ ) {
+ ber_socket_t wd;
+#ifdef HAVE_WINSOCK
+ wd = writefds.fd_array[i];
+#else /* ! HAVE_WINSOCK */
+ if ( ! SLAP_EVENT_IS_WRITE( i ) ) continue;
+ wd = i;
+#endif /* ! HAVE_WINSOCK */
+
+ SLAP_EVENT_CLR_WRITE( wd );
+ nwfds--;
+
+ Debug( LDAP_DEBUG_CONNS,
+ "daemon: write active on %d\n",
+ wd, 0, 0 );
+
+ /*
+ * NOTE: it is possible that the connection was closed
+ * and that the stream is now inactive.
+ * connection_write() must validate the stream is still
+ * active.
+ *
+ * ITS#4338: if the stream is invalid, there is no need to
+ * close it here. It has already been closed in connection.c.
+ */
+ if ( connection_write( wd ) < 0 ) {
+ if ( SLAP_EVENT_IS_READ( wd ) ) {
+ SLAP_EVENT_CLR_READ( (unsigned) wd );
+ nrfds--;
+ }
+ }
+ }
+
+ for ( i = 0; nrfds > 0; i++ ) {
+ ber_socket_t rd;
+#ifdef HAVE_WINSOCK
+ rd = readfds.fd_array[i];
+#else /* ! HAVE_WINSOCK */
+ if ( ! SLAP_EVENT_IS_READ( i ) ) continue;
+ rd = i;
+#endif /* ! HAVE_WINSOCK */
+ SLAP_EVENT_CLR_READ( rd );
+ nrfds--;
+
+ Debug ( LDAP_DEBUG_CONNS,
+ "daemon: read activity on %d\n", rd, 0, 0 );
+ /*
+ * NOTE: it is possible that the connection was closed
+ * and that the stream is now inactive.
+ * connection_read() must valid the stream is still
+ * active.
+ */
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ connection_read_activate( rd );
+#else /* ! SLAP_LIGHTWEIGHT_DISPATCHER */
+ connection_read( rd );
+#endif /* ! SLAP_LIGHTWEIGHT_DISPATCHER */
+ }
+#else /* !SLAP_EVENTS_ARE_INDEXED */
+ /* FIXME */
+ /* The events are returned in an arbitrary list. This is true
+ * for /dev/poll, epoll and kqueue. In order to prioritize things
+ * so that we can handle wake_sds first, listeners second, and then
+ * all other connections last (as we do for select), we would need
+ * to use multiple event handles and cascade them.
+ *
+ * That seems like a bit of hassle. So the wake_sds check has been
+ * skipped. For epoll and kqueue we can associate arbitrary data with
+ * an event, so we could use pointers to the listener structure
+ * instead of just the file descriptor. For /dev/poll we have to
+ * search the listeners array for a matching descriptor.
+ *
+ * We now handle wake events when we see them; they are not given
+ * higher priority.
+ */
+#ifdef LDAP_DEBUG
+ Debug( LDAP_DEBUG_CONNS, "daemon: activity on:", 0, 0, 0 );
+
+ for ( i = 0; i < ns; i++ ) {
+ int r, w;
+
+ /* Don't log listener events */
+ if ( SLAP_EVENT_IS_LISTENER( i )
+#ifdef LDAP_CONNECTIONLESS
+ && !( (SLAP_EVENT_LISTENER( i ))->sl_is_udp )
+#endif /* LDAP_CONNECTIONLESS */
+ )
+ {
+ continue;
+ }
+
+ /* Don't log internal wake events */
+ if ( SLAP_EVENT_FD( i ) == wake_sds[0] ) continue;
+
+ r = SLAP_EVENT_IS_READ( i );
+ w = SLAP_EVENT_IS_WRITE( i );
+ if ( r || w ) {
+ Debug( LDAP_DEBUG_CONNS, " %d%s%s", SLAP_EVENT_FD(i),
+ r ? "r" : "", w ? "w" : "" );
+ }
+ }
+ Debug( LDAP_DEBUG_CONNS, "\n", 0, 0, 0 );
+#endif /* LDAP_DEBUG */
+
+ for ( i = 0; i < ns; i++ ) {
+ int rc = 1, fd;
+
+ if ( SLAP_EVENT_IS_LISTENER( i ) ) {
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ rc = slap_listener_activate( SLAP_EVENT_LISTENER( i ) );
+#else /* ! SLAP_LIGHTWEIGHT_DISPATCHER */
+ rc = slap_listener( SLAP_EVENT_LISTENER( i ) );
+#endif /* ! SLAP_LIGHTWEIGHT_DISPATCHER */
+ }
+
+ /* If we found a regular listener, rc is now zero, and we
+ * can skip the data portion. But if it was a UDP listener
+ * then rc is still 1, and we want to handle the data.
+ */
+ if ( rc ) {
+ fd = SLAP_EVENT_FD( i );
+
+ /* Handle wake events */
+ if ( fd == wake_sds[0] ) {
+ char c[BUFSIZ];
+ waking = 0;
+ tcp_read( wake_sds[0], c, sizeof(c) );
+ break;
+ }
+
+ if ( SLAP_EVENT_IS_WRITE( i ) ) {
+ Debug( LDAP_DEBUG_CONNS,
+ "daemon: write active on %d\n",
+ fd, 0, 0 );
+
+ SLAP_EVENT_CLR_WRITE( i );
+
+ /*
+ * NOTE: it is possible that the connection was closed
+ * and that the stream is now inactive.
+ * connection_write() must valid the stream is still
+ * active.
+ */
+ if ( connection_write( fd ) < 0 ) {
+ continue;
+ }
+ }
+ /* If event is a read */
+ if ( SLAP_EVENT_IS_READ( i ) ) {
+ Debug( LDAP_DEBUG_CONNS,
+ "daemon: read active on %d\n",
+ fd, 0, 0 );
+
+ SLAP_EVENT_CLR_READ( i );
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ connection_read_activate( fd );
+#else /* ! SLAP_LIGHTWEIGHT_DISPATCHER */
+ /*
+ * NOTE: it is possible that the connection was closed
+ * and that the stream is now inactive.
+ * connection_read() must valid the stream is still
+ * active.
+ */
+ connection_read( fd );
+#endif /* ! SLAP_LIGHTWEIGHT_DISPATCHER */
+ } else {
+ Debug( LDAP_DEBUG_CONNS,
+ "daemon: hangup on %d\n", fd, 0, 0 );
+ }
+ }
+ }
+#endif /* SLAP_EVENTS_ARE_INDEXED */
+
+#ifndef HAVE_YIELDING_SELECT
+ ldap_pvt_thread_yield();
+#endif /* ! HAVE_YIELDING_SELECT */
+ }
+
+ if ( slapd_shutdown == 1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: shutdown requested and initiated.\n",
+ 0, 0, 0 );
+
+ } else if ( slapd_shutdown == 2 ) {
+#ifdef HAVE_NT_SERVICE_MANAGER
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: shutdown initiated by Service Manager.\n",
+ 0, 0, 0);
+#else /* !HAVE_NT_SERVICE_MANAGER */
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: abnormal condition, shutdown initiated.\n",
+ 0, 0, 0 );
+#endif /* !HAVE_NT_SERVICE_MANAGER */
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: no active streams, shutdown initiated.\n",
+ 0, 0, 0 );
+ }
+
+ if ( slapd_gentle_shutdown != 2 ) close_listeners ( 0 );
+
+ if ( !slapd_gentle_shutdown ) {
+ slapd_abrupt_shutdown = 1;
+ connections_shutdown();
+ }
+
+ Debug( LDAP_DEBUG_ANY,
+ "slapd shutdown: waiting for %d threads to terminate\n",
+ ldap_pvt_thread_pool_backload( &connection_pool ), 0, 0 );
+ ldap_pvt_thread_pool_destroy( &connection_pool, 1 );
+
+ free( slap_listeners );
+ slap_listeners = NULL;
+
+ return NULL;
+}
+
+
+#ifdef LDAP_CONNECTIONLESS
+static int
+connectionless_init( void )
+{
+ int l;
+
+ for ( l = 0; slap_listeners[l] != NULL; l++ ) {
+ Listener *lr = slap_listeners[l];
+ long id;
+
+ if ( !lr->sl_is_udp ) {
+ continue;
+ }
+
+ id = connection_init( lr->sl_sd, lr, "", "",
+ CONN_IS_UDP, (slap_ssf_t) 0, NULL );
+
+ if ( id < 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "connectionless_init: failed on %s (%d)\n",
+ lr->sl_url, lr->sl_sd, 0 );
+ return -1;
+ }
+ lr->sl_is_udp++;
+ }
+
+ return 0;
+}
+#endif /* LDAP_CONNECTIONLESS */
+
+int
+slapd_daemon( void )
+{
+ int rc;
+
+ connections_init();
+#ifdef LDAP_CONNECTIONLESS
+ connectionless_init();
+#endif /* LDAP_CONNECTIONLESS */
+
+#define SLAPD_LISTENER_THREAD 1
+#if defined( SLAPD_LISTENER_THREAD )
+ {
+ ldap_pvt_thread_t listener_tid;
+
+ /* listener as a separate THREAD */
+ rc = ldap_pvt_thread_create( &listener_tid,
+ 0, slapd_daemon_task, NULL );
+
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "listener ldap_pvt_thread_create failed (%d)\n", rc, 0, 0 );
+ return rc;
+ }
+
+ /* wait for the listener thread to complete */
+ ldap_pvt_thread_join( listener_tid, (void *)NULL );
+ }
+#else /* ! SLAPD_LISTENER_THREAD */
+ /* experimental code */
+ slapd_daemon_task( NULL );
+#endif /* ! SLAPD_LISTENER_THREAD */
+
+ return 0;
+}
+
+static int
+sockinit( void )
+{
+#if defined( HAVE_WINSOCK2 )
+ WORD wVersionRequested;
+ WSADATA wsaData;
+ int err;
+
+ wVersionRequested = MAKEWORD( 2, 0 );
+
+ err = WSAStartup( wVersionRequested, &wsaData );
+ if ( err != 0 ) {
+ /* Tell the user that we couldn't find a usable */
+ /* WinSock DLL. */
+ return -1;
+ }
+
+ /* Confirm that the WinSock DLL supports 2.0.*/
+ /* Note that if the DLL supports versions greater */
+ /* than 2.0 in addition to 2.0, it will still return */
+ /* 2.0 in wVersion since that is the version we */
+ /* requested. */
+
+ if ( LOBYTE( wsaData.wVersion ) != 2 ||
+ HIBYTE( wsaData.wVersion ) != 0 )
+ {
+ /* Tell the user that we couldn't find a usable */
+ /* WinSock DLL. */
+ WSACleanup();
+ return -1;
+ }
+
+ /* The WinSock DLL is acceptable. Proceed. */
+#elif defined( HAVE_WINSOCK )
+ WSADATA wsaData;
+ if ( WSAStartup( 0x0101, &wsaData ) != 0 ) return -1;
+#endif /* ! HAVE_WINSOCK2 && ! HAVE_WINSOCK */
+
+ return 0;
+}
+
+static int
+sockdestroy( void )
+{
+#if defined( HAVE_WINSOCK2 ) || defined( HAVE_WINSOCK )
+ WSACleanup();
+#endif /* HAVE_WINSOCK2 || HAVE_WINSOCK */
+ SLAP_SOCK_DESTROY;
+
+ return 0;
+}
+
+RETSIGTYPE
+slap_sig_shutdown( int sig )
+{
+#if 0
+ Debug(LDAP_DEBUG_TRACE, "slap_sig_shutdown: signal %d\n", sig, 0, 0);
+#endif
+
+ /*
+ * If the NT Service Manager is controlling the server, we don't
+ * want SIGBREAK to kill the server. For some strange reason,
+ * SIGBREAK is generated when a user logs out.
+ */
+
+#if HAVE_NT_SERVICE_MANAGER && SIGBREAK
+ if (is_NT_Service && sig == SIGBREAK) {
+ /* empty */;
+ } else
+#endif /* HAVE_NT_SERVICE_MANAGER && SIGBREAK */
+#ifdef SIGHUP
+ if (sig == SIGHUP && global_gentlehup && slapd_gentle_shutdown == 0) {
+ slapd_gentle_shutdown = 1;
+ } else
+#endif /* SIGHUP */
+ {
+ slapd_shutdown = 1;
+ }
+
+ WAKE_LISTENER(1);
+
+ /* reinstall self */
+ (void) SIGNAL_REINSTALL( sig, slap_sig_shutdown );
+}
+
+RETSIGTYPE
+slap_sig_wake( int sig )
+{
+ WAKE_LISTENER(1);
+
+ /* reinstall self */
+ (void) SIGNAL_REINSTALL( sig, slap_sig_wake );
+}
+
+
+void
+slapd_add_internal( ber_socket_t s, int isactive )
+{
+ slapd_add( s, isactive, NULL );
+}
+
+Listener **
+slapd_get_listeners( void )
+{
+ return slap_listeners;
+}
+
+void
+slap_wake_listener()
+{
+ WAKE_LISTENER(1);
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/delete.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/delete.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/delete.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,244 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/delete.c,v 1.126.2.8 2007/01/02 21:43:55 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+#include "lutil.h"
+
+int
+do_delete(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct berval dn = BER_BVNULL;
+
+ Debug( LDAP_DEBUG_TRACE, "do_delete\n", 0, 0, 0 );
+
+ /*
+ * Parse the delete request. It looks like this:
+ *
+ * DelRequest := DistinguishedName
+ */
+
+ if ( ber_scanf( op->o_ber, "m", &dn ) == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
+ return SLAPD_DISCONNECT;
+ }
+
+ if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "do_delete: get_ctrls failed\n", 0, 0, 0 );
+ goto cleanup;
+ }
+
+ rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn,
+ op->o_tmpmemctx );
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "do_delete: invalid dn (%s)\n", dn.bv_val, 0, 0 );
+ send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
+ goto cleanup;
+ }
+
+ if( op->o_req_ndn.bv_len == 0 ) {
+ Debug( LDAP_DEBUG_ANY, "do_delete: root dse!\n", 0, 0, 0 );
+ /* protocolError would likely be a more appropriate error */
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "cannot delete the root DSE" );
+ goto cleanup;
+
+ } else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
+ Debug( LDAP_DEBUG_ANY, "do_delete: subschema subentry!\n", 0, 0, 0 );
+ /* protocolError would likely be a more appropriate error */
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "cannot delete the root DSE" );
+ goto cleanup;
+ }
+
+ Statslog( LDAP_DEBUG_STATS, "%s DEL dn=\"%s\"\n",
+ op->o_log_prefix, op->o_req_dn.bv_val, 0, 0, 0 );
+
+ op->o_bd = frontendDB;
+ rs->sr_err = frontendDB->be_delete( op, rs );
+
+cleanup:;
+ op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+ return rs->sr_err;
+}
+
+int
+fe_op_delete( Operation *op, SlapReply *rs )
+{
+ struct berval pdn = BER_BVNULL;
+ int manageDSAit;
+ BackendDB *op_be, *bd = op->o_bd;
+
+ manageDSAit = get_manageDSAit( op );
+
+ /*
+ * We could be serving multiple database backends. Select the
+ * appropriate one, or send a referral to our "referral server"
+ * if we don't hold it.
+ */
+ op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 1 );
+ if ( op->o_bd == NULL ) {
+ op->o_bd = bd;
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+
+ if (!rs->sr_ref) rs->sr_ref = default_referral;
+ if ( rs->sr_ref != NULL ) {
+ rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+
+ if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "no global superior knowledge" );
+ }
+ goto cleanup;
+ }
+
+ /* If we've got a glued backend, check the real backend */
+ op_be = op->o_bd;
+ if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
+ op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 );
+ }
+
+ /* check restrictions */
+ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ /* check for referrals */
+ if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
+ goto cleanup;
+ }
+
+ /*
+ * do the delete if 1 && (2 || 3)
+ * 1) there is a delete function implemented in this backend;
+ * 2) this backend is master for what it holds;
+ * 3) it's a replica and the dn supplied is the update_ndn.
+ */
+ if ( op->o_bd->be_delete ) {
+ /* do the update here */
+ int repl_user = be_isupdate( op );
+#ifndef SLAPD_MULTIMASTER
+ if ( !SLAP_SHADOW(op->o_bd) || repl_user )
+#endif
+ {
+ struct berval org_req_dn = BER_BVNULL;
+ struct berval org_req_ndn = BER_BVNULL;
+ struct berval org_dn = BER_BVNULL;
+ struct berval org_ndn = BER_BVNULL;
+ int org_managedsait;
+ slap_callback cb = { NULL, slap_replog_cb, NULL, NULL };
+
+ op->o_bd = op_be;
+
+#ifdef SLAPD_MULTIMASTER
+ if ( !op->o_bd->be_update_ndn.bv_len || !repl_user )
+#endif
+ {
+ cb.sc_next = op->o_callback;
+ op->o_callback = &cb;
+ }
+
+ op->o_bd->be_delete( op, rs );
+
+ org_req_dn = op->o_req_dn;
+ org_req_ndn = op->o_req_ndn;
+ org_dn = op->o_dn;
+ org_ndn = op->o_ndn;
+ org_managedsait = get_manageDSAit( op );
+ op->o_dn = op->o_bd->be_rootdn;
+ op->o_ndn = op->o_bd->be_rootndn;
+ op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
+
+ while ( rs->sr_err == LDAP_SUCCESS &&
+ op->o_delete_glue_parent )
+ {
+ op->o_delete_glue_parent = 0;
+ if ( !be_issuffix( op->o_bd, &op->o_req_ndn )) {
+ slap_callback cb = { NULL, NULL, NULL, NULL };
+ cb.sc_response = slap_null_cb;
+ dnParent( &op->o_req_ndn, &pdn );
+ op->o_req_dn = pdn;
+ op->o_req_ndn = pdn;
+ op->o_callback = &cb;
+ op->o_bd->be_delete( op, rs );
+ } else {
+ break;
+ }
+ }
+
+ op->o_managedsait = org_managedsait;
+ op->o_dn = org_dn;
+ op->o_ndn = org_ndn;
+ op->o_req_dn = org_req_dn;
+ op->o_req_ndn = org_req_ndn;
+ op->o_delete_glue_parent = 0;
+
+#ifndef SLAPD_MULTIMASTER
+ } else {
+ BerVarray defref = op->o_bd->be_update_refs
+ ? op->o_bd->be_update_refs : default_referral;
+
+ if ( defref != NULL ) {
+ rs->sr_ref = referral_rewrite( defref,
+ NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ if (!rs->sr_ref) rs->sr_ref = defref;
+ rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+
+ if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref );
+
+ } else {
+ send_ldap_error( op, rs,
+ LDAP_UNWILLING_TO_PERFORM,
+ "shadow context; no update referral" );
+ }
+#endif
+ }
+
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "operation not supported within namingContext" );
+ }
+
+cleanup:;
+ op->o_bd = bd;
+ return rs->sr_err;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/dn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/dn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/dn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1437 @@
+/* dn.c - routines for dealing with distinguished names */
+/* $OpenLDAP: pkg/ldap/servers/slapd/dn.c,v 1.170.2.10 2007/01/02 21:43:55 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "slap.h"
+#include "lutil.h"
+
+/*
+ * The DN syntax-related functions take advantage of the dn representation
+ * handling functions ldap_str2dn/ldap_dn2str. The latter are not schema-
+ * aware, so the attributes and their values need be validated (and possibly
+ * normalized). In the current implementation the required validation/nor-
+ * malization/"pretty"ing are done on newly created DN structural represen-
+ * tations; however the idea is to move towards DN handling in structural
+ * representation instead of the current string representation. To this
+ * purpose, we need to do only the required operations and keep track of
+ * what has been done to minimize their impact on performances.
+ *
+ * Developers are strongly encouraged to use this feature, to speed-up
+ * its stabilization.
+ */
+
+#define AVA_PRIVATE( ava ) ( ( AttributeDescription * )(ava)->la_private )
+
+static int
+LDAPRDN_validate( LDAPRDN rdn )
+{
+ int iAVA;
+ int rc;
+
+ assert( rdn != NULL );
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+ AttributeDescription *ad;
+ slap_syntax_validate_func *validate = NULL;
+
+ assert( ava != NULL );
+
+ if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
+ const char *text = NULL;
+
+ rc = slap_bv2ad( &ava->la_attr, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ rc = slap_bv2undef_ad( &ava->la_attr,
+ &ad, &text,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ ava->la_private = ( void * )ad;
+ }
+
+ /*
+ * Replace attr oid/name with the canonical name
+ */
+ ava->la_attr = ad->ad_cname;
+
+ validate = ad->ad_type->sat_syntax->ssyn_validate;
+
+ if ( validate ) {
+ /*
+ * validate value by validate function
+ */
+ rc = ( *validate )( ad->ad_type->sat_syntax,
+ &ava->la_value );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * In-place, schema-aware validation of the
+ * structural representation of a distinguished name.
+ */
+static int
+LDAPDN_validate( LDAPDN dn )
+{
+ int iRDN;
+ int rc;
+
+ assert( dn != NULL );
+
+ for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
+ LDAPRDN rdn = dn[ iRDN ];
+ int iAVA;
+
+ assert( rdn != NULL );
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+ AttributeDescription *ad;
+ slap_syntax_validate_func *validate = NULL;
+
+ assert( ava != NULL );
+
+ if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
+ const char *text = NULL;
+
+ rc = slap_bv2ad( &ava->la_attr, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ rc = slap_bv2undef_ad( &ava->la_attr,
+ &ad, &text,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ ava->la_private = ( void * )ad;
+ }
+
+ /*
+ * Replace attr oid/name with the canonical name
+ */
+ ava->la_attr = ad->ad_cname;
+
+ validate = ad->ad_type->sat_syntax->ssyn_validate;
+
+ if ( validate ) {
+ /*
+ * validate value by validate function
+ */
+ rc = ( *validate )( ad->ad_type->sat_syntax,
+ &ava->la_value );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * dn validate routine
+ */
+int
+dnValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ int rc;
+ LDAPDN dn = NULL;
+
+ assert( in != NULL );
+
+ if ( in->bv_len == 0 ) {
+ return LDAP_SUCCESS;
+
+ } else if ( in->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ rc = ldap_bv2dn( in, &dn, LDAP_DN_FORMAT_LDAP );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( in->bv_val ) == in->bv_len );
+
+ /*
+ * Schema-aware validate
+ */
+ rc = LDAPDN_validate( dn );
+ ldap_dnfree( dn );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int
+rdnValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ int rc;
+ LDAPRDN rdn;
+ char* p;
+
+ assert( in != NULL );
+ if ( in->bv_len == 0 ) {
+ return LDAP_SUCCESS;
+
+ } else if ( in->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ rc = ldap_bv2rdn_x( in , &rdn, (char **) &p,
+ LDAP_DN_FORMAT_LDAP, NULL);
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( in->bv_val ) == in->bv_len );
+
+ /*
+ * Schema-aware validate
+ */
+ rc = LDAPRDN_validate( rdn );
+ ldap_rdnfree( rdn );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+
+/*
+ * AVA sorting inside a RDN
+ *
+ * rule: sort attributeTypes in alphabetical order; in case of multiple
+ * occurrences of the same attributeType, sort values in byte order
+ * (use memcmp, which implies alphabetical order in case of IA5 value;
+ * this should guarantee the repeatability of the operation).
+ *
+ * Note: the sorting can be slightly improved by sorting first
+ * by attribute type length, then by alphabetical order.
+ *
+ * uses a linear search; should be fine since the number of AVAs in
+ * a RDN should be limited.
+ */
+static void
+AVA_Sort( LDAPRDN rdn, int iAVA )
+{
+ int i;
+ LDAPAVA *ava_in = rdn[ iAVA ];
+
+ assert( rdn != NULL );
+ assert( ava_in != NULL );
+
+ for ( i = 0; i < iAVA; i++ ) {
+ LDAPAVA *ava = rdn[ i ];
+ int a, j;
+
+ assert( ava != NULL );
+
+ a = strcmp( ava_in->la_attr.bv_val, ava->la_attr.bv_val );
+
+ if ( a > 0 ) {
+ break;
+ }
+
+ while ( a == 0 ) {
+ int v, d;
+
+ d = ava_in->la_value.bv_len - ava->la_value.bv_len;
+
+ v = memcmp( ava_in->la_value.bv_val,
+ ava->la_value.bv_val,
+ d <= 0 ? ava_in->la_value.bv_len
+ : ava->la_value.bv_len );
+
+ if ( v == 0 && d != 0 ) {
+ v = d;
+ }
+
+ if ( v <= 0 ) {
+ /*
+ * got it!
+ */
+ break;
+ }
+
+ if ( ++i == iAVA ) {
+ /*
+ * already sorted
+ */
+ return;
+ }
+
+ ava = rdn[ i ];
+ a = strcmp( ava_in->la_attr.bv_val,
+ ava->la_attr.bv_val );
+ }
+
+ /*
+ * move ahead
+ */
+ for ( j = iAVA; j > i; j-- ) {
+ rdn[ j ] = rdn[ j - 1 ];
+ }
+ rdn[ i ] = ava_in;
+
+ return;
+ }
+}
+
+static int
+LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
+{
+
+ int rc;
+ int iAVA;
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+ AttributeDescription *ad;
+ slap_syntax_validate_func *validf = NULL;
+ slap_mr_normalize_func *normf = NULL;
+ slap_syntax_transform_func *transf = NULL;
+ MatchingRule *mr = NULL;
+ struct berval bv = BER_BVNULL;
+ int do_sort = 0;
+
+ assert( ava != NULL );
+
+ if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
+ const char *text = NULL;
+
+ rc = slap_bv2ad( &ava->la_attr, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ rc = slap_bv2undef_ad( &ava->la_attr,
+ &ad, &text,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ ava->la_private = ( void * )ad;
+ do_sort = 1;
+ }
+
+ /*
+ * Replace attr oid/name with the canonical name
+ */
+ ava->la_attr = ad->ad_cname;
+
+ if( ava->la_flags & LDAP_AVA_BINARY ) {
+ if( ava->la_value.bv_len == 0 ) {
+ /* BER encoding is empty */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* AVA is binary encoded, don't muck with it */
+ } else if( flags & SLAP_LDAPDN_PRETTY ) {
+ transf = ad->ad_type->sat_syntax->ssyn_pretty;
+ if( !transf ) {
+ validf = ad->ad_type->sat_syntax->ssyn_validate;
+ }
+ } else { /* normalization */
+ validf = ad->ad_type->sat_syntax->ssyn_validate;
+ mr = ad->ad_type->sat_equality;
+ if( mr && (!( mr->smr_usage & SLAP_MR_MUTATION_NORMALIZER ))) {
+ normf = mr->smr_normalize;
+ }
+ }
+
+ if ( validf ) {
+ /* validate value before normalization */
+ rc = ( *validf )( ad->ad_type->sat_syntax,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ if ( transf ) {
+ /*
+ * transform value by pretty function
+ * if value is empty, use empty_bv
+ */
+ rc = ( *transf )( ad->ad_type->sat_syntax,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv,
+ &bv, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ if ( normf ) {
+ /*
+ * normalize value
+ * if value is empty, use empty_bv
+ */
+ rc = ( *normf )(
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ ad->ad_type->sat_syntax,
+ mr,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv,
+ &bv, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+
+ if( bv.bv_val ) {
+ if ( ava->la_flags & LDAP_AVA_FREE_VALUE )
+ ber_memfree_x( ava->la_value.bv_val, ctx );
+ ava->la_value = bv;
+ ava->la_flags |= LDAP_AVA_FREE_VALUE;
+ }
+
+ if( do_sort ) AVA_Sort( rdn, iAVA );
+ }
+ return LDAP_SUCCESS;
+}
+
+/*
+ * In-place, schema-aware normalization / "pretty"ing of the
+ * structural representation of a distinguished name.
+ */
+static int
+LDAPDN_rewrite( LDAPDN dn, unsigned flags, void *ctx )
+{
+ int iRDN;
+ int rc;
+
+ assert( dn != NULL );
+
+ for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
+ LDAPRDN rdn = dn[ iRDN ];
+ int iAVA;
+
+ assert( rdn != NULL );
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+ AttributeDescription *ad;
+ slap_syntax_validate_func *validf = NULL;
+ slap_mr_normalize_func *normf = NULL;
+ slap_syntax_transform_func *transf = NULL;
+ MatchingRule *mr = NULL;
+ struct berval bv = BER_BVNULL;
+ int do_sort = 0;
+
+ assert( ava != NULL );
+
+ if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
+ const char *text = NULL;
+
+ rc = slap_bv2ad( &ava->la_attr, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ rc = slap_bv2undef_ad( &ava->la_attr,
+ &ad, &text,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ ava->la_private = ( void * )ad;
+ do_sort = 1;
+ }
+
+ /*
+ * Replace attr oid/name with the canonical name
+ */
+ ava->la_attr = ad->ad_cname;
+
+ if( ava->la_flags & LDAP_AVA_BINARY ) {
+ if( ava->la_value.bv_len == 0 ) {
+ /* BER encoding is empty */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* AVA is binary encoded, don't muck with it */
+ } else if( flags & SLAP_LDAPDN_PRETTY ) {
+ transf = ad->ad_type->sat_syntax->ssyn_pretty;
+ if( !transf ) {
+ validf = ad->ad_type->sat_syntax->ssyn_validate;
+ }
+ } else { /* normalization */
+ validf = ad->ad_type->sat_syntax->ssyn_validate;
+ mr = ad->ad_type->sat_equality;
+ if( mr && (!( mr->smr_usage & SLAP_MR_MUTATION_NORMALIZER ))) {
+ normf = mr->smr_normalize;
+ }
+ }
+
+ if ( validf ) {
+ /* validate value before normalization */
+ rc = ( *validf )( ad->ad_type->sat_syntax,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ if ( transf ) {
+ /*
+ * transform value by pretty function
+ * if value is empty, use empty_bv
+ */
+ rc = ( *transf )( ad->ad_type->sat_syntax,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv,
+ &bv, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ if ( normf ) {
+ /*
+ * normalize value
+ * if value is empty, use empty_bv
+ */
+ rc = ( *normf )(
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ ad->ad_type->sat_syntax,
+ mr,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv,
+ &bv, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+
+ if( bv.bv_val ) {
+ if ( ava->la_flags & LDAP_AVA_FREE_VALUE )
+ ber_memfree_x( ava->la_value.bv_val, ctx );
+ ava->la_value = bv;
+ ava->la_flags |= LDAP_AVA_FREE_VALUE;
+ }
+
+ if( do_sort ) AVA_Sort( rdn, iAVA );
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int
+dnNormalize(
+ slap_mask_t use,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *out,
+ void *ctx)
+{
+ assert( val != NULL );
+ assert( out != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val, 0, 0 );
+
+ if ( val->bv_len != 0 ) {
+ LDAPDN dn = NULL;
+ int rc;
+
+ /*
+ * Go to structural representation
+ */
+ rc = ldap_bv2dn_x( val, &dn, LDAP_DN_FORMAT_LDAP, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( val->bv_val ) == val->bv_len );
+
+ /*
+ * Schema-aware rewrite
+ */
+ if ( LDAPDN_rewrite( dn, 0, ctx ) != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, ctx );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /*
+ * Back to string representation
+ */
+ rc = ldap_dn2bv_x( dn, out,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
+
+ ldap_dnfree_x( dn, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ } else {
+ ber_dupbv_x( out, val, ctx );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val, 0, 0 );
+
+ return LDAP_SUCCESS;
+}
+
+int
+rdnNormalize(
+ slap_mask_t use,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *out,
+ void *ctx)
+{
+ assert( val != NULL );
+ assert( out != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val, 0, 0 );
+ if ( val->bv_len != 0 ) {
+ LDAPRDN rdn = NULL;
+ int rc;
+ char* p;
+
+ /*
+ * Go to structural representation
+ */
+ rc = ldap_bv2rdn_x( val , &rdn, (char **) &p,
+ LDAP_DN_FORMAT_LDAP, ctx);
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( val->bv_val ) == val->bv_len );
+
+ /*
+ * Schema-aware rewrite
+ */
+ if ( LDAPRDN_rewrite( rdn, 0, ctx ) != LDAP_SUCCESS ) {
+ ldap_rdnfree_x( rdn, ctx );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /*
+ * Back to string representation
+ */
+ rc = ldap_rdn2bv_x( rdn, out,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
+
+ ldap_rdnfree_x( rdn, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ } else {
+ ber_dupbv_x( out, val, ctx );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val, 0, 0 );
+
+ return LDAP_SUCCESS;
+}
+
+int
+dnPretty(
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *out,
+ void *ctx)
+{
+ assert( val != NULL );
+ assert( out != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
+
+ if ( val->bv_len == 0 ) {
+ ber_dupbv_x( out, val, ctx );
+
+ } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
+
+ } else {
+ LDAPDN dn = NULL;
+ int rc;
+
+ /* FIXME: should be liberal in what we accept */
+ rc = ldap_bv2dn_x( val, &dn, LDAP_DN_FORMAT_LDAP, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( val->bv_val ) == val->bv_len );
+
+ /*
+ * Schema-aware rewrite
+ */
+ if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY, ctx ) != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, ctx );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* FIXME: not sure why the default isn't pretty */
+ /* RE: the default is the form that is used as
+ * an internal representation; the pretty form
+ * is a variant */
+ rc = ldap_dn2bv_x( dn, out,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
+
+ ldap_dnfree_x( dn, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
+
+ return LDAP_SUCCESS;
+}
+
+int
+rdnPretty(
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *out,
+ void *ctx)
+{
+ assert( val != NULL );
+ assert( out != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
+
+ if ( val->bv_len == 0 ) {
+ ber_dupbv_x( out, val, ctx );
+
+ } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
+
+ } else {
+ LDAPRDN rdn = NULL;
+ int rc;
+ char* p;
+
+ /* FIXME: should be liberal in what we accept */
+ rc = ldap_bv2rdn_x( val , &rdn, (char **) &p,
+ LDAP_DN_FORMAT_LDAP, ctx);
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( val->bv_val ) == val->bv_len );
+
+ /*
+ * Schema-aware rewrite
+ */
+ if ( LDAPRDN_rewrite( rdn, SLAP_LDAPDN_PRETTY, ctx ) != LDAP_SUCCESS ) {
+ ldap_rdnfree_x( rdn, ctx );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* FIXME: not sure why the default isn't pretty */
+ /* RE: the default is the form that is used as
+ * an internal representation; the pretty form
+ * is a variant */
+ rc = ldap_rdn2bv_x( rdn, out,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
+
+ ldap_rdnfree_x( rdn, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
+
+ return LDAP_SUCCESS;
+}
+
+
+int
+dnPrettyNormalDN(
+ Syntax *syntax,
+ struct berval *val,
+ LDAPDN *dn,
+ int flags,
+ void *ctx )
+{
+ assert( val != NULL );
+ assert( dn != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, ">>> dn%sDN: <%s>\n",
+ flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal",
+ val->bv_val, 0 );
+
+ if ( val->bv_len == 0 ) {
+ return LDAP_SUCCESS;
+
+ } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
+
+ } else {
+ int rc;
+
+ /* FIXME: should be liberal in what we accept */
+ rc = ldap_bv2dn_x( val, dn, LDAP_DN_FORMAT_LDAP, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( val->bv_val ) == val->bv_len );
+
+ /*
+ * Schema-aware rewrite
+ */
+ if ( LDAPDN_rewrite( *dn, flags, ctx ) != LDAP_SUCCESS ) {
+ ldap_dnfree_x( *dn, ctx );
+ *dn = NULL;
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<<< dn%sDN\n",
+ flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal",
+ 0, 0 );
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Combination of both dnPretty and dnNormalize
+ */
+int
+dnPrettyNormal(
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *pretty,
+ struct berval *normal,
+ void *ctx)
+{
+ Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 );
+
+ assert( val != NULL );
+ assert( pretty != NULL );
+ assert( normal != NULL );
+
+ if ( val->bv_len == 0 ) {
+ ber_dupbv_x( pretty, val, ctx );
+ ber_dupbv_x( normal, val, ctx );
+
+ } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ /* too big */
+ return LDAP_INVALID_SYNTAX;
+
+ } else {
+ LDAPDN dn = NULL;
+ int rc;
+
+ pretty->bv_val = NULL;
+ normal->bv_val = NULL;
+ pretty->bv_len = 0;
+ normal->bv_len = 0;
+
+ /* FIXME: should be liberal in what we accept */
+ rc = ldap_bv2dn_x( val, &dn, LDAP_DN_FORMAT_LDAP, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( val->bv_val ) == val->bv_len );
+
+ /*
+ * Schema-aware rewrite
+ */
+ if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY, ctx ) != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, ctx );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ rc = ldap_dn2bv_x( dn, pretty,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, ctx );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if ( LDAPDN_rewrite( dn, 0, ctx ) != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, ctx );
+ ber_memfree_x( pretty->bv_val, ctx );
+ pretty->bv_val = NULL;
+ pretty->bv_len = 0;
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ rc = ldap_dn2bv_x( dn, normal,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
+
+ ldap_dnfree_x( dn, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ ber_memfree_x( pretty->bv_val, ctx );
+ pretty->bv_val = NULL;
+ pretty->bv_len = 0;
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<<< dnPrettyNormal: <%s>, <%s>\n",
+ pretty->bv_val, normal->bv_val, 0 );
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * dnMatch routine
+ */
+int
+dnMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ int match;
+ struct berval *asserted = (struct berval *) assertedValue;
+
+ assert( matchp != NULL );
+ assert( value != NULL );
+ assert( assertedValue != NULL );
+ assert( !BER_BVISNULL( value ) );
+ assert( !BER_BVISNULL( asserted ) );
+
+ match = value->bv_len - asserted->bv_len;
+
+ if ( match == 0 ) {
+ match = memcmp( value->bv_val, asserted->bv_val,
+ value->bv_len );
+ }
+
+ Debug( LDAP_DEBUG_ARGS, "dnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
+ match, value->bv_val, asserted->bv_val );
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+}
+
+/*
+ * dnRelativeMatch routine
+ */
+int
+dnRelativeMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ int match;
+ struct berval *asserted = (struct berval *) assertedValue;
+
+ assert( matchp != NULL );
+ assert( value != NULL );
+ assert( assertedValue != NULL );
+ assert( !BER_BVISNULL( value ) );
+ assert( !BER_BVISNULL( asserted ) );
+
+ if( mr == slap_schema.si_mr_dnSubtreeMatch ) {
+ if( asserted->bv_len > value->bv_len ) {
+ match = -1;
+ } else if ( asserted->bv_len == value->bv_len ) {
+ match = memcmp( value->bv_val, asserted->bv_val,
+ value->bv_len );
+ } else {
+ if( DN_SEPARATOR(
+ value->bv_val[value->bv_len - asserted->bv_len - 1] ))
+ {
+ match = memcmp(
+ &value->bv_val[value->bv_len - asserted->bv_len],
+ asserted->bv_val,
+ asserted->bv_len );
+ } else {
+ match = 1;
+ }
+ }
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+ }
+
+ if( mr == slap_schema.si_mr_dnSuperiorMatch ) {
+ asserted = value;
+ value = (struct berval *) assertedValue;
+ mr = slap_schema.si_mr_dnSubordinateMatch;
+ }
+
+ if( mr == slap_schema.si_mr_dnSubordinateMatch ) {
+ if( asserted->bv_len >= value->bv_len ) {
+ match = -1;
+ } else {
+ if( DN_SEPARATOR(
+ value->bv_val[value->bv_len - asserted->bv_len - 1] ))
+ {
+ match = memcmp(
+ &value->bv_val[value->bv_len - asserted->bv_len],
+ asserted->bv_val,
+ asserted->bv_len );
+ } else {
+ match = 1;
+ }
+ }
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+ }
+
+ if( mr == slap_schema.si_mr_dnOneLevelMatch ) {
+ if( asserted->bv_len >= value->bv_len ) {
+ match = -1;
+ } else {
+ if( DN_SEPARATOR(
+ value->bv_val[value->bv_len - asserted->bv_len - 1] ))
+ {
+ match = memcmp(
+ &value->bv_val[value->bv_len - asserted->bv_len],
+ asserted->bv_val,
+ asserted->bv_len );
+
+ if( !match ) {
+ struct berval rdn;
+ rdn.bv_val = value->bv_val;
+ rdn.bv_len = value->bv_len - asserted->bv_len - 1;
+ match = dnIsOneLevelRDN( &rdn ) ? 0 : 1;
+ }
+ } else {
+ match = 1;
+ }
+ }
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+ }
+
+ /* should not be reachable */
+ assert( 0 );
+ return LDAP_OTHER;
+}
+
+int
+rdnMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ int match;
+ struct berval *asserted = (struct berval *) assertedValue;
+
+ assert( matchp != NULL );
+ assert( value != NULL );
+ assert( assertedValue != NULL );
+
+ match = value->bv_len - asserted->bv_len;
+
+ if ( match == 0 ) {
+ match = memcmp( value->bv_val, asserted->bv_val,
+ value->bv_len );
+ }
+
+ Debug( LDAP_DEBUG_ARGS, "rdnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
+ match, value->bv_val, asserted->bv_val );
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+}
+
+
+/*
+ * dnParent - dn's parent, in-place
+ * note: the incoming dn is assumed to be normalized/prettyfied,
+ * so that escaped rdn/ava separators are in '\'+hexpair form
+ *
+ * note: "dn" and "pdn" can point to the same berval;
+ * beware that, in this case, the pointer to the original buffer
+ * will get lost.
+ */
+void
+dnParent(
+ struct berval *dn,
+ struct berval *pdn )
+{
+ char *p;
+
+ p = ber_bvchr( dn, ',' );
+
+ /* one-level dn */
+ if ( p == NULL ) {
+ pdn->bv_len = 0;
+ pdn->bv_val = dn->bv_val + dn->bv_len;
+ return;
+ }
+
+ assert( DN_SEPARATOR( p[ 0 ] ) );
+ p++;
+
+ assert( ATTR_LEADCHAR( p[ 0 ] ) );
+ pdn->bv_len = dn->bv_len - (p - dn->bv_val);
+ pdn->bv_val = p;
+
+ return;
+}
+
+/*
+ * dnRdn - dn's rdn, in-place
+ * note: the incoming dn is assumed to be normalized/prettyfied,
+ * so that escaped rdn/ava separators are in '\'+hexpair form
+ */
+void
+dnRdn(
+ struct berval *dn,
+ struct berval *rdn )
+{
+ char *p;
+
+ *rdn = *dn;
+ p = ber_bvchr( dn, ',' );
+
+ /* one-level dn */
+ if ( p == NULL ) {
+ return;
+ }
+
+ assert( DN_SEPARATOR( p[ 0 ] ) );
+ assert( ATTR_LEADCHAR( p[ 1 ] ) );
+ rdn->bv_len = p - dn->bv_val;
+
+ return;
+}
+
+int
+dnExtractRdn(
+ struct berval *dn,
+ struct berval *rdn,
+ void *ctx )
+{
+ LDAPRDN tmpRDN;
+ const char *p;
+ int rc;
+
+ assert( dn != NULL );
+ assert( rdn != NULL );
+
+ if( dn->bv_len == 0 ) {
+ return LDAP_OTHER;
+ }
+
+ rc = ldap_bv2rdn_x( dn, &tmpRDN, (char **)&p, LDAP_DN_FORMAT_LDAP, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ rc = ldap_rdn2bv_x( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY,
+ ctx );
+
+ ldap_rdnfree_x( tmpRDN, ctx );
+ return rc;
+}
+
+/*
+ * We can assume the input is a prettied or normalized DN
+ */
+ber_len_t
+dn_rdnlen(
+ Backend *be,
+ struct berval *dn_in )
+{
+ const char *p;
+
+ assert( dn_in != NULL );
+
+ if ( dn_in == NULL ) {
+ return 0;
+ }
+
+ if ( !dn_in->bv_len ) {
+ return 0;
+ }
+
+ if ( be != NULL && be_issuffix( be, dn_in ) ) {
+ return 0;
+ }
+
+ p = ber_bvchr( dn_in, ',' );
+
+ return p ? p - dn_in->bv_val : dn_in->bv_len;
+}
+
+
+/* rdnValidate:
+ *
+ * LDAP_SUCCESS if rdn is a legal rdn;
+ * LDAP_INVALID_SYNTAX otherwise (including a sequence of rdns)
+ */
+int
+rdn_validate( struct berval *rdn )
+{
+#if 1
+ /* Major cheat!
+ * input is a pretty or normalized DN
+ * hence, we can just search for ','
+ */
+ if( rdn == NULL || rdn->bv_len == 0 ||
+ rdn->bv_len > SLAP_LDAPDN_MAXLEN )
+ {
+ return LDAP_INVALID_SYNTAX;
+ }
+ return ber_bvchr( rdn, ',' ) == NULL
+ ? LDAP_SUCCESS : LDAP_INVALID_SYNTAX;
+
+#else
+ LDAPRDN *RDN, **DN[ 2 ] = { &RDN, NULL };
+ const char *p;
+ int rc;
+
+ /*
+ * must be non-empty
+ */
+ if ( rdn == NULL || rdn == '\0' ) {
+ return 0;
+ }
+
+ /*
+ * must be parsable
+ */
+ rc = ldap_bv2rdn( rdn, &RDN, (char **)&p, LDAP_DN_FORMAT_LDAP );
+ if ( rc != LDAP_SUCCESS ) {
+ return 0;
+ }
+
+ /*
+ * Must be one-level
+ */
+ if ( p[ 0 ] != '\0' ) {
+ return 0;
+ }
+
+ /*
+ * Schema-aware validate
+ */
+ if ( rc == LDAP_SUCCESS ) {
+ rc = LDAPDN_validate( DN );
+ }
+ ldap_rdnfree( RDN );
+
+ /*
+ * Must validate (there's a repeated parsing ...)
+ */
+ return ( rc == LDAP_SUCCESS );
+#endif
+}
+
+
+/* build_new_dn:
+ *
+ * Used by ldbm/bdb2 back_modrdn to create the new dn of entries being
+ * renamed.
+ *
+ * new_dn = parent (p_dn) + separator + rdn (newrdn) + null.
+ */
+
+void
+build_new_dn( struct berval * new_dn,
+ struct berval * parent_dn,
+ struct berval * newrdn,
+ void *memctx )
+{
+ char *ptr;
+
+ if ( parent_dn == NULL || parent_dn->bv_len == 0 ) {
+ ber_dupbv( new_dn, newrdn );
+ return;
+ }
+
+ new_dn->bv_len = parent_dn->bv_len + newrdn->bv_len + 1;
+ new_dn->bv_val = (char *) slap_sl_malloc( new_dn->bv_len + 1, memctx );
+
+ ptr = lutil_strncopy( new_dn->bv_val, newrdn->bv_val, newrdn->bv_len );
+ *ptr++ = ',';
+ strcpy( ptr, parent_dn->bv_val );
+}
+
+
+/*
+ * dnIsSuffix - tells whether suffix is a suffix of dn.
+ * Both dn and suffix must be normalized.
+ */
+int
+dnIsSuffix(
+ const struct berval *dn,
+ const struct berval *suffix )
+{
+ int d = dn->bv_len - suffix->bv_len;
+
+ assert( dn != NULL );
+ assert( suffix != NULL );
+
+ /* empty suffix matches any dn */
+ if ( suffix->bv_len == 0 ) {
+ return 1;
+ }
+
+ /* suffix longer than dn */
+ if ( d < 0 ) {
+ return 0;
+ }
+
+ /* no rdn separator or escaped rdn separator */
+ if ( d > 1 && !DN_SEPARATOR( dn->bv_val[ d - 1 ] ) ) {
+ return 0;
+ }
+
+ /* no possible match or malformed dn */
+ if ( d == 1 ) {
+ return 0;
+ }
+
+ /* compare */
+ return( strcmp( dn->bv_val + d, suffix->bv_val ) == 0 );
+}
+
+int
+dnIsOneLevelRDN( struct berval *rdn )
+{
+ ber_len_t len = rdn->bv_len;
+ for ( ; len--; ) {
+ if ( DN_SEPARATOR( rdn->bv_val[ len ] ) ) {
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+#ifdef HAVE_TLS
+static SLAP_CERT_MAP_FN *DNX509PeerNormalizeCertMap = NULL;
+#endif
+
+int register_certificate_map_function(SLAP_CERT_MAP_FN *fn)
+{
+#ifdef HAVE_TLS
+ if ( DNX509PeerNormalizeCertMap == NULL ) {
+ DNX509PeerNormalizeCertMap = fn;
+ return 0;
+ }
+#endif
+
+ return -1;
+}
+
+#ifdef HAVE_TLS
+/*
+ * Convert an X.509 DN into a normalized LDAP DN
+ */
+int
+dnX509normalize( void *x509_name, struct berval *out )
+{
+ /* Invoke the LDAP library's converter with our schema-rewriter */
+ int rc = ldap_X509dn2bv( x509_name, out, LDAPDN_rewrite, 0 );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "dnX509Normalize: <%s> (%d)\n",
+ BER_BVISNULL( out ) ? "(null)" : out->bv_val, rc, 0 );
+
+ return rc;
+}
+
+/*
+ * Get the TLS session's peer's DN into a normalized LDAP DN
+ */
+int
+dnX509peerNormalize( void *ssl, struct berval *dn )
+{
+ int rc = LDAP_INVALID_CREDENTIALS;
+
+ if ( DNX509PeerNormalizeCertMap != NULL )
+ rc = (*DNX509PeerNormalizeCertMap)( ssl, dn );
+
+ if ( rc != LDAP_SUCCESS ) {
+ rc = ldap_pvt_tls_get_peer_dn( ssl, dn,
+ (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
+ }
+
+ return rc;
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/servers/slapd/entry.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/entry.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/entry.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,830 @@
+/* entry.c - routines for dealing with entries */
+/* $OpenLDAP: pkg/ldap/servers/slapd/entry.c,v 1.129.2.13 2007/02/26 08:53:54 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "ldif.h"
+
+static char *ebuf; /* buf returned by entry2str */
+static char *ecur; /* pointer to end of currently used ebuf */
+static int emaxsize;/* max size of ebuf */
+
+/*
+ * Empty root entry
+ */
+const Entry slap_entry_root = {
+ NOID, { 0, "" }, { 0, "" }, NULL, 0, { 0, "" }, NULL
+};
+
+static const struct berval dn_bv = BER_BVC("dn");
+
+int entry_destroy(void)
+{
+ if ( ebuf ) free( ebuf );
+ ebuf = NULL;
+ ecur = NULL;
+ emaxsize = 0;
+ return 0;
+}
+
+
+Entry *
+str2entry( char *s )
+{
+ return str2entry2( s, 1 );
+}
+
+Entry *
+str2entry2( char *s, int checkvals )
+{
+ int rc;
+ Entry *e;
+ struct berval *type, *vals, *nvals;
+ char *freeval;
+ AttributeDescription *ad, *ad_prev;
+ const char *text;
+ char *next;
+ int attr_cnt;
+ int i, lines;
+ Attribute ahead, *atail;
+
+ /*
+ * LDIF is used as the string format.
+ * An entry looks like this:
+ *
+ * dn: <dn>\n
+ * [<attr>:[:] <value>\n]
+ * [<tab><continuedvalue>\n]*
+ * ...
+ *
+ * If a double colon is used after a type, it means the
+ * following value is encoded as a base 64 string. This
+ * happens if the value contains a non-printing character
+ * or newline.
+ */
+
+ Debug( LDAP_DEBUG_TRACE, "=> str2entry: \"%s\"\n",
+ s ? s : "NULL", 0, 0 );
+
+ /* initialize reader/writer lock */
+ e = (Entry *) ch_calloc( 1, sizeof(Entry) );
+
+ if( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= str2entry NULL (entry allocation failed)\n",
+ 0, 0, 0 );
+ return( NULL );
+ }
+
+ /* initialize entry */
+ e->e_id = NOID;
+
+ /* dn + attributes */
+ atail = &ahead;
+ ahead.a_next = NULL;
+ ad = NULL;
+ ad_prev = NULL;
+ attr_cnt = 0;
+ next = s;
+
+ lines = ldif_countlines( s );
+ type = ch_calloc( 1, (lines+1)*3*sizeof(struct berval)+lines );
+ vals = type+lines+1;
+ nvals = vals+lines+1;
+ freeval = (char *)(nvals+lines+1);
+ i = -1;
+
+ /* parse into individual values, record DN */
+ while ( (s = ldif_getline( &next )) != NULL ) {
+ int freev;
+ if ( *s == '\n' || *s == '\0' ) {
+ break;
+ }
+ i++;
+ if (i >= lines) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= str2entry ran past end of entry\n", 0, 0, 0 );
+ goto fail;
+ }
+
+ rc = ldif_parse_line2( s, type+i, vals+i, &freev );
+ freeval[i] = freev;
+ if ( rc ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= str2entry NULL (parse_line)\n", 0, 0, 0 );
+ continue;
+ }
+
+ if ( type[i].bv_len == dn_bv.bv_len &&
+ strcasecmp( type[i].bv_val, dn_bv.bv_val ) == 0 ) {
+
+ if ( e->e_dn != NULL ) {
+ Debug( LDAP_DEBUG_ANY, "str2entry: "
+ "entry %ld has multiple DNs \"%s\" and \"%s\"\n",
+ (long) e->e_id, e->e_dn, vals[i].bv_val );
+ goto fail;
+ }
+
+ rc = dnPrettyNormal( NULL, &vals[i], &e->e_name, &e->e_nname, NULL );
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "str2entry: "
+ "entry %ld has invalid DN \"%s\"\n",
+ (long) e->e_id, vals[i].bv_val, 0 );
+ goto fail;
+ }
+ if ( freeval[i] ) free( vals[i].bv_val );
+ vals[i].bv_val = NULL;
+ i--;
+ continue;
+ }
+ }
+ lines = i+1;
+
+ /* check to make sure there was a dn: line */
+ if ( BER_BVISNULL( &e->e_name )) {
+ Debug( LDAP_DEBUG_ANY, "str2entry: entry %ld has no dn\n",
+ (long) e->e_id, 0, 0 );
+ goto fail;
+ }
+
+#define bvcasematch(bv1, bv2) ( ((bv1)->bv_len == (bv2)->bv_len) && (strncasecmp((bv1)->bv_val, (bv2)->bv_val, (bv1)->bv_len) == 0) )
+
+ /* Make sure all attributes with multiple values are contiguous */
+ if ( checkvals ) {
+ int j, k;
+ struct berval bv;
+ int fv;
+
+ for (i=0; i<lines; i++) {
+ for ( j=i+1; j<lines; j++ ) {
+ if ( bvcasematch( type+i, type+j )) {
+ /* out of order, move intervening attributes down */
+ if ( j != i+1 ) {
+ bv = vals[j];
+ fv = freeval[j];
+ for ( k=j; k>i; k-- ) {
+ type[k] = type[k-1];
+ vals[k] = vals[k-1];
+ freeval[k] = freeval[k-1];
+ }
+ k++;
+ type[k] = type[i];
+ vals[k] = bv;
+ freeval[k] = fv;
+ }
+ i++;
+ }
+ }
+ }
+ }
+
+ for ( i=0; i<=lines; i++ ) {
+ ad_prev = ad;
+ if ( !ad || ( i<lines && !bvcasematch( type+i, &ad->ad_cname ))) {
+ ad = NULL;
+ rc = slap_bv2ad( type+i, &ad, &text );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( slapMode & SLAP_TOOL_MODE
+ ? LDAP_DEBUG_ANY : LDAP_DEBUG_TRACE,
+ "<= str2entry: str2ad(%s): %s\n", type[i].bv_val, text, 0 );
+ if( slapMode & SLAP_TOOL_MODE ) {
+ goto fail;
+ }
+
+ rc = slap_bv2undef_ad( type+i, &ad, &text, 0 );
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= str2entry: slap_str2undef_ad(%s): %s\n",
+ type[i].bv_val, text, 0 );
+ goto fail;
+ }
+ }
+ }
+
+ if (( ad_prev && ad != ad_prev ) || ( i == lines )) {
+ int j, k;
+ atail->a_next = (Attribute *) ch_malloc( sizeof(Attribute) );
+ atail = atail->a_next;
+ atail->a_flags = 0;
+ atail->a_desc = ad_prev;
+ atail->a_vals = ch_malloc( (attr_cnt + 1) * sizeof(struct berval));
+ if( ad_prev->ad_type->sat_equality &&
+ ad_prev->ad_type->sat_equality->smr_normalize )
+ atail->a_nvals = ch_malloc( (attr_cnt + 1) * sizeof(struct berval));
+ else
+ atail->a_nvals = NULL;
+ k = i - attr_cnt;
+ for ( j=0; j<attr_cnt; j++ ) {
+ if ( freeval[k] )
+ atail->a_vals[j] = vals[k];
+ else
+ ber_dupbv( atail->a_vals+j, &vals[k] );
+ vals[k].bv_val = NULL;
+ if ( atail->a_nvals ) {
+ atail->a_nvals[j] = nvals[k];
+ nvals[k].bv_val = NULL;
+ }
+ k++;
+ }
+ BER_BVZERO( &atail->a_vals[j] );
+ if ( atail->a_nvals ) {
+ BER_BVZERO( &atail->a_nvals[j] );
+ } else {
+ atail->a_nvals = atail->a_vals;
+ }
+ attr_cnt = 0;
+ if ( i == lines ) break;
+ }
+
+ if( slapMode & SLAP_TOOL_MODE ) {
+ struct berval pval;
+ slap_syntax_validate_func *validate =
+ ad->ad_type->sat_syntax->ssyn_validate;
+ slap_syntax_transform_func *pretty =
+ ad->ad_type->sat_syntax->ssyn_pretty;
+
+ if ( pretty ) {
+#ifdef SLAP_ORDERED_PRETTYNORM
+ rc = ordered_value_pretty( ad,
+ &vals[i], &pval, NULL );
+#else /* ! SLAP_ORDERED_PRETTYNORM */
+ rc = pretty( ad->ad_type->sat_syntax,
+ &vals[i], &pval, NULL );
+#endif /* ! SLAP_ORDERED_PRETTYNORM */
+
+ } else if ( validate ) {
+ /*
+ * validate value per syntax
+ */
+#ifdef SLAP_ORDERED_PRETTYNORM
+ rc = ordered_value_validate( ad, &vals[i], LDAP_MOD_ADD );
+#else /* ! SLAP_ORDERED_PRETTYNORM */
+ rc = validate( ad->ad_type->sat_syntax, &vals[i] );
+#endif /* ! SLAP_ORDERED_PRETTYNORM */
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "str2entry: attributeType %s #%d: "
+ "no validator for syntax %s\n",
+ ad->ad_cname.bv_val, attr_cnt,
+ ad->ad_type->sat_syntax->ssyn_oid );
+ goto fail;
+ }
+
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "str2entry: invalid value "
+ "for attributeType %s #%d (syntax %s)\n",
+ ad->ad_cname.bv_val, attr_cnt,
+ ad->ad_type->sat_syntax->ssyn_oid );
+ goto fail;
+ }
+
+ if( pretty ) {
+ if ( freeval[i] ) free( vals[i].bv_val );
+ vals[i] = pval;
+ freeval[i] = 1;
+ }
+ }
+
+ if ( ad->ad_type->sat_equality &&
+ ad->ad_type->sat_equality->smr_normalize )
+ {
+#ifdef SLAP_ORDERED_PRETTYNORM
+ rc = ordered_value_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ ad,
+ ad->ad_type->sat_equality,
+ &vals[i], &nvals[i], NULL );
+#else /* ! SLAP_ORDERED_PRETTYNORM */
+ rc = ad->ad_type->sat_equality->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ ad->ad_type->sat_syntax,
+ ad->ad_type->sat_equality,
+ &vals[i], &nvals[i], NULL );
+#endif /* ! SLAP_ORDERED_PRETTYNORM */
+
+ if ( rc ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= str2entry NULL (smr_normalize %d)\n", rc, 0, 0 );
+ goto fail;
+ }
+ }
+
+ attr_cnt++;
+ }
+
+ free( type );
+ atail->a_next = NULL;
+ e->e_attrs = ahead.a_next;
+
+ Debug(LDAP_DEBUG_TRACE, "<= str2entry(%s) -> 0x%lx\n",
+ e->e_dn, (unsigned long) e, 0 );
+ return( e );
+
+fail:
+ for ( i=0; i<lines; i++ ) {
+ if ( freeval[i] ) free( vals[i].bv_val );
+ free( nvals[i].bv_val );
+ }
+ free( type );
+ entry_free( e );
+ return NULL;
+}
+
+
+#define GRABSIZE BUFSIZ
+
+#define MAKE_SPACE( n ) { \
+ while ( ecur + (n) > ebuf + emaxsize ) { \
+ ptrdiff_t offset; \
+ offset = (int) (ecur - ebuf); \
+ ebuf = ch_realloc( ebuf, \
+ emaxsize + GRABSIZE ); \
+ emaxsize += GRABSIZE; \
+ ecur = ebuf + offset; \
+ } \
+ }
+
+char *
+entry2str(
+ Entry *e,
+ int *len )
+{
+ Attribute *a;
+ struct berval *bv;
+ int i;
+ ber_len_t tmplen;
+
+ assert( e != NULL );
+
+ /*
+ * In string format, an entry looks like this:
+ * dn: <dn>\n
+ * [<attr>: <value>\n]*
+ */
+
+ ecur = ebuf;
+
+ /* put the dn */
+ if ( e->e_dn != NULL ) {
+ /* put "dn: <dn>" */
+ tmplen = e->e_name.bv_len;
+ MAKE_SPACE( LDIF_SIZE_NEEDED( 2, tmplen ));
+ ldif_sput( &ecur, LDIF_PUT_VALUE, "dn", e->e_dn, tmplen );
+ }
+
+ /* put the attributes */
+ for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+ /* put "<type>:[:] <value>" line for each value */
+ for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
+ bv = &a->a_vals[i];
+ tmplen = a->a_desc->ad_cname.bv_len;
+ MAKE_SPACE( LDIF_SIZE_NEEDED( tmplen, bv->bv_len ));
+ ldif_sput( &ecur, LDIF_PUT_VALUE,
+ a->a_desc->ad_cname.bv_val,
+ bv->bv_val, bv->bv_len );
+ }
+ }
+ MAKE_SPACE( 1 );
+ *ecur = '\0';
+ *len = ecur - ebuf;
+
+ return( ebuf );
+}
+
+void
+entry_clean( Entry *e )
+{
+ /* free an entry structure */
+ assert( e != NULL );
+
+ /* e_private must be freed by the caller */
+ assert( e->e_private == NULL );
+ e->e_private = NULL;
+
+ /* free DNs */
+ if ( !BER_BVISNULL( &e->e_name ) ) {
+ free( e->e_name.bv_val );
+ BER_BVZERO( &e->e_name );
+ }
+ if ( !BER_BVISNULL( &e->e_nname ) ) {
+ free( e->e_nname.bv_val );
+ BER_BVZERO( &e->e_nname );
+ }
+
+ if ( !BER_BVISNULL( &e->e_bv ) ) {
+ free( e->e_bv.bv_val );
+ BER_BVZERO( &e->e_bv );
+ }
+
+ /* free attributes */
+ attrs_free( e->e_attrs );
+ e->e_attrs = NULL;
+}
+
+void
+entry_free( Entry *e )
+{
+ entry_clean( e );
+
+ free( e );
+}
+
+/*
+ * These routines are used only by Backend.
+ *
+ * the Entry has three entry points (ways to find things):
+ *
+ * by entry e.g., if you already have an entry from the cache
+ * and want to delete it. (really by entry ptr)
+ * by dn e.g., when looking for the base object of a search
+ * by id e.g., for search candidates
+ *
+ * these correspond to three different avl trees that are maintained.
+ */
+
+int
+entry_cmp( Entry *e1, Entry *e2 )
+{
+ return SLAP_PTRCMP( e1, e2 );
+}
+
+int
+entry_dn_cmp( const void *v_e1, const void *v_e2 )
+{
+ /* compare their normalized UPPERCASED dn's */
+ const Entry *e1 = v_e1, *e2 = v_e2;
+
+ return ber_bvcmp( &e1->e_nname, &e2->e_nname );
+}
+
+int
+entry_id_cmp( const void *v_e1, const void *v_e2 )
+{
+ const Entry *e1 = v_e1, *e2 = v_e2;
+ return( e1->e_id < e2->e_id ? -1 : (e1->e_id > e2->e_id ? 1 : 0) );
+}
+
+/* This is like a ber_len */
+#define entry_lenlen(l) (((l) < 0x80) ? 1 : ((l) < 0x100) ? 2 : \
+ ((l) < 0x10000) ? 3 : ((l) < 0x1000000) ? 4 : 5)
+
+static void
+entry_putlen(unsigned char **buf, ber_len_t len)
+{
+ ber_len_t lenlen = entry_lenlen(len);
+
+ if (lenlen == 1) {
+ **buf = (unsigned char) len;
+ } else {
+ int i;
+ **buf = 0x80 | ((unsigned char) lenlen - 1);
+ for (i=lenlen-1; i>0; i--) {
+ (*buf)[i] = (unsigned char) len;
+ len >>= 8;
+ }
+ }
+ *buf += lenlen;
+}
+
+static ber_len_t
+entry_getlen(unsigned char **buf)
+{
+ ber_len_t len;
+ int i;
+
+ len = *(*buf)++;
+ if (len <= 0x7f)
+ return len;
+ i = len & 0x7f;
+ len = 0;
+ for (;i > 0; i--) {
+ len <<= 8;
+ len |= *(*buf)++;
+ }
+ return len;
+}
+
+/* Count up the sizes of the components of an entry */
+void entry_partsize(Entry *e, ber_len_t *plen,
+ int *pnattrs, int *pnvals, int norm)
+{
+ ber_len_t len, dnlen, ndnlen;
+ int i, nat = 0, nval = 0;
+ Attribute *a;
+
+ dnlen = e->e_name.bv_len;
+ len = dnlen + 1; /* trailing NUL byte */
+ len += entry_lenlen(dnlen);
+ if (norm) {
+ ndnlen = e->e_nname.bv_len;
+ len += ndnlen + 1;
+ len += entry_lenlen(ndnlen);
+ }
+ for (a=e->e_attrs; a; a=a->a_next) {
+ /* For AttributeDesc, we only store the attr name */
+ nat++;
+ len += a->a_desc->ad_cname.bv_len+1;
+ len += entry_lenlen(a->a_desc->ad_cname.bv_len);
+ for (i=0; a->a_vals[i].bv_val; i++) {
+ nval++;
+ len += a->a_vals[i].bv_len + 1;
+ len += entry_lenlen(a->a_vals[i].bv_len);
+ }
+ len += entry_lenlen(i);
+ nval++; /* empty berval at end */
+ if (norm && a->a_nvals != a->a_vals) {
+ for (i=0; a->a_nvals[i].bv_val; i++) {
+ nval++;
+ len += a->a_nvals[i].bv_len + 1;
+ len += entry_lenlen(a->a_nvals[i].bv_len);
+ }
+ len += entry_lenlen(i); /* i nvals */
+ nval++;
+ } else {
+ len += entry_lenlen(0); /* 0 nvals */
+ }
+ }
+ len += entry_lenlen(nat);
+ len += entry_lenlen(nval);
+ *plen = len;
+ *pnattrs = nat;
+ *pnvals = nval;
+}
+
+/* Add up the size of the entry for a flattened buffer */
+ber_len_t entry_flatsize(Entry *e, int norm)
+{
+ ber_len_t len;
+ int nattrs, nvals;
+
+ entry_partsize(e, &len, &nattrs, &nvals, norm);
+ len += sizeof(Entry) + (nattrs * sizeof(Attribute)) +
+ (nvals * sizeof(struct berval));
+ return len;
+}
+
+/* Flatten an Entry into a buffer. The buffer is filled with just the
+ * strings/bervals of all the entry components. Each field is preceded
+ * by its length, encoded the way ber_put_len works. Every field is NUL
+ * terminated. The entire buffer size is precomputed so that a single
+ * malloc can be performed. The entry size is also recorded,
+ * to aid in entry_decode.
+ */
+int entry_encode(Entry *e, struct berval *bv)
+{
+ ber_len_t len, dnlen, ndnlen;
+ int i, nattrs, nvals;
+ Attribute *a;
+ unsigned char *ptr;
+
+ Debug( LDAP_DEBUG_TRACE, "=> entry_encode(0x%08lx): %s\n",
+ (long) e->e_id, e->e_dn, 0 );
+ dnlen = e->e_name.bv_len;
+ ndnlen = e->e_nname.bv_len;
+
+ entry_partsize( e, &len, &nattrs, &nvals, 1 );
+
+ bv->bv_len = len;
+ bv->bv_val = ch_malloc(len);
+ ptr = (unsigned char *)bv->bv_val;
+ entry_putlen(&ptr, nattrs);
+ entry_putlen(&ptr, nvals);
+ entry_putlen(&ptr, dnlen);
+ AC_MEMCPY(ptr, e->e_dn, dnlen);
+ ptr += dnlen;
+ *ptr++ = '\0';
+ entry_putlen(&ptr, ndnlen);
+ AC_MEMCPY(ptr, e->e_ndn, ndnlen);
+ ptr += ndnlen;
+ *ptr++ = '\0';
+
+ for (a=e->e_attrs; a; a=a->a_next) {
+ entry_putlen(&ptr, a->a_desc->ad_cname.bv_len);
+ AC_MEMCPY(ptr, a->a_desc->ad_cname.bv_val,
+ a->a_desc->ad_cname.bv_len);
+ ptr += a->a_desc->ad_cname.bv_len;
+ *ptr++ = '\0';
+ if (a->a_vals) {
+ for (i=0; a->a_vals[i].bv_val; i++);
+ entry_putlen(&ptr, i);
+ for (i=0; a->a_vals[i].bv_val; i++) {
+ entry_putlen(&ptr, a->a_vals[i].bv_len);
+ AC_MEMCPY(ptr, a->a_vals[i].bv_val,
+ a->a_vals[i].bv_len);
+ ptr += a->a_vals[i].bv_len;
+ *ptr++ = '\0';
+ }
+ if (a->a_nvals != a->a_vals) {
+ entry_putlen(&ptr, i);
+ for (i=0; a->a_nvals[i].bv_val; i++) {
+ entry_putlen(&ptr, a->a_nvals[i].bv_len);
+ AC_MEMCPY(ptr, a->a_nvals[i].bv_val,
+ a->a_nvals[i].bv_len);
+ ptr += a->a_nvals[i].bv_len;
+ *ptr++ = '\0';
+ }
+ } else {
+ entry_putlen(&ptr, 0);
+ }
+ }
+ }
+ return 0;
+}
+
+/* Retrieve an Entry that was stored using entry_encode above.
+ * We malloc a single block with the size stored above for the Entry
+ * and all of its Attributes. We also must lookup the stored
+ * attribute names to get AttributeDescriptions. To detect if the
+ * attributes of an Entry are later modified, we note that e->e_attr
+ * is always a constant offset from (e).
+ *
+ * Note: everything is stored in a single contiguous block, so
+ * you can not free individual attributes or names from this
+ * structure. Attempting to do so will likely corrupt memory.
+ */
+#ifdef SLAP_ZONE_ALLOC
+int entry_decode(struct berval *bv, Entry **e, void *ctx)
+#else
+int entry_decode(struct berval *bv, Entry **e)
+#endif
+{
+ int i, j, count, nattrs, nvals;
+ int rc;
+ Attribute *a;
+ Entry *x;
+ const char *text;
+ AttributeDescription *ad;
+ unsigned char *ptr = (unsigned char *)bv->bv_val;
+ BerVarray bptr;
+
+ nattrs = entry_getlen(&ptr);
+ if (!nattrs) {
+ Debug( LDAP_DEBUG_ANY,
+ "entry_decode: attribute count was zero\n", 0, 0, 0);
+ return LDAP_OTHER;
+ }
+ nvals = entry_getlen(&ptr);
+ if (!nvals) {
+ Debug( LDAP_DEBUG_ANY,
+ "entry_decode: value count was zero\n", 0, 0, 0);
+ return LDAP_OTHER;
+ }
+ i = sizeof(Entry) + (nattrs * sizeof(Attribute)) +
+ (nvals * sizeof(struct berval));
+#ifdef SLAP_ZONE_ALLOC
+ x = slap_zn_calloc(1, i + bv->bv_len, ctx);
+ AC_MEMCPY((char*)x + i, bv->bv_val, bv->bv_len);
+ bv->bv_val = (char*)x + i;
+ ptr = (unsigned char *)bv->bv_val;
+ /* pointer is reset, now advance past nattrs and nvals again */
+ entry_getlen(&ptr);
+ entry_getlen(&ptr);
+#else
+ x = ch_calloc(1, i);
+#endif
+ i = entry_getlen(&ptr);
+ x->e_name.bv_val = (char *) ptr;
+ x->e_name.bv_len = i;
+ ptr += i+1;
+ i = entry_getlen(&ptr);
+ x->e_nname.bv_val = (char *) ptr;
+ x->e_nname.bv_len = i;
+ ptr += i+1;
+ Debug( LDAP_DEBUG_TRACE,
+ "entry_decode: \"%s\"\n",
+ x->e_dn, 0, 0 );
+ x->e_bv = *bv;
+
+ /* A valid entry must have at least one attr, so this
+ * pointer can never be NULL
+ */
+ x->e_attrs = (Attribute *)(x+1);
+ bptr = (BerVarray)x->e_attrs;
+ a = NULL;
+
+ while ((i = entry_getlen(&ptr))) {
+ struct berval bv;
+ bv.bv_len = i;
+ bv.bv_val = (char *) ptr;
+ if (a) {
+ a->a_next = (Attribute *)bptr;
+ }
+ a = (Attribute *)bptr;
+ ad = NULL;
+ rc = slap_bv2ad( &bv, &ad, &text );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<= entry_decode: str2ad(%s): %s\n", ptr, text, 0 );
+ rc = slap_bv2undef_ad( &bv, &ad, &text, 0 );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= entry_decode: slap_str2undef_ad(%s): %s\n",
+ ptr, text, 0 );
+ return rc;
+ }
+ }
+ ptr += i + 1;
+ a->a_desc = ad;
+ bptr = (BerVarray)(a+1);
+ a->a_vals = bptr;
+ a->a_flags = 0;
+#ifdef LDAP_COMP_MATCH
+ a->a_comp_data = NULL;
+#endif
+ count = j = entry_getlen(&ptr);
+
+ while (j) {
+ i = entry_getlen(&ptr);
+ bptr->bv_len = i;
+ bptr->bv_val = (char *)ptr;
+ ptr += i+1;
+ bptr++;
+ j--;
+ }
+ bptr->bv_val = NULL;
+ bptr->bv_len = 0;
+ bptr++;
+
+ j = entry_getlen(&ptr);
+ if (j) {
+ a->a_nvals = bptr;
+ while (j) {
+ i = entry_getlen(&ptr);
+ bptr->bv_len = i;
+ bptr->bv_val = (char *)ptr;
+ ptr += i+1;
+ bptr++;
+ j--;
+ }
+ bptr->bv_val = NULL;
+ bptr->bv_len = 0;
+ bptr++;
+ } else {
+ a->a_nvals = a->a_vals;
+ }
+ nattrs--;
+ if ( !nattrs )
+ break;
+ }
+
+ if (a) a->a_next = NULL;
+ Debug(LDAP_DEBUG_TRACE, "<= entry_decode(%s)\n",
+ x->e_dn, 0, 0 );
+ *e = x;
+ return 0;
+}
+
+Entry *entry_dup( Entry *e )
+{
+ Entry *ret;
+
+ ret = (Entry *)ch_calloc( 1, sizeof(*ret) );
+
+ ret->e_id = e->e_id;
+ ber_dupbv( &ret->e_name, &e->e_name );
+ ber_dupbv( &ret->e_nname, &e->e_nname );
+ ret->e_attrs = attrs_dup( e->e_attrs );
+ ret->e_ocflags = e->e_ocflags;
+ ret->e_bv.bv_val = NULL;
+ ret->e_bv.bv_len = 0;
+ ret->e_private = NULL;
+
+ return ret;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/extended.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/extended.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/extended.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,359 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/extended.c,v 1.78.2.8 2007/01/02 21:43:55 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * LDAPv3 Extended Operation Request
+ * ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
+ * requestName [0] LDAPOID,
+ * requestValue [1] OCTET STRING OPTIONAL
+ * }
+ *
+ * LDAPv3 Extended Operation Response
+ * ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
+ * COMPONENTS OF LDAPResult,
+ * responseName [10] LDAPOID OPTIONAL,
+ * response [11] OCTET STRING OPTIONAL
+ * }
+ *
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "lber_pvt.h"
+
+#define UNSUPPORTED_EXOP "unsupported extended operation"
+
+
+static struct extop_list {
+ struct extop_list *next;
+ struct berval oid;
+ slap_mask_t flags;
+ SLAP_EXTOP_MAIN_FN *ext_main;
+} *supp_ext_list = NULL;
+
+static SLAP_EXTOP_MAIN_FN whoami_extop;
+
+/* This list of built-in extops is for extops that are not part
+ * of backends or in external modules. Essentially, this is
+ * just a way to get built-in extops onto the extop list without
+ * having a separate init routine for each built-in extop.
+ */
+const struct berval slap_EXOP_CANCEL = BER_BVC(LDAP_EXOP_X_CANCEL);
+const struct berval slap_EXOP_WHOAMI = BER_BVC(LDAP_EXOP_X_WHO_AM_I);
+const struct berval slap_EXOP_MODIFY_PASSWD = BER_BVC(LDAP_EXOP_MODIFY_PASSWD);
+const struct berval slap_EXOP_START_TLS = BER_BVC(LDAP_EXOP_START_TLS);
+
+static struct {
+ const struct berval *oid;
+ slap_mask_t flags;
+ SLAP_EXTOP_MAIN_FN *ext_main;
+} builtin_extops[] = {
+ { &slap_EXOP_CANCEL, SLAP_EXOP_HIDE, cancel_extop },
+ { &slap_EXOP_WHOAMI, 0, whoami_extop },
+ { &slap_EXOP_MODIFY_PASSWD, SLAP_EXOP_WRITES, passwd_extop },
+ { NULL, 0, NULL }
+};
+
+
+static struct extop_list *find_extop(
+ struct extop_list *list, struct berval *oid );
+
+struct berval *
+get_supported_extop (int index)
+{
+ struct extop_list *ext;
+
+ /* linear scan is slow, but this way doesn't force a
+ * big change on root_dse.c, where this routine is used.
+ */
+ for (ext = supp_ext_list; ext != NULL && --index >= 0; ext = ext->next) {
+ ; /* empty */
+ }
+
+ if (ext == NULL) return NULL;
+
+ return &ext->oid;
+}
+
+
+int exop_root_dse_info( Entry *e )
+{
+ AttributeDescription *ad_supportedExtension
+ = slap_schema.si_ad_supportedExtension;
+ struct berval vals[2];
+ struct extop_list *ext;
+
+ vals[1].bv_val = NULL;
+ vals[1].bv_len = 0;
+
+ for (ext = supp_ext_list; ext != NULL; ext = ext->next) {
+ if( ext->flags & SLAP_EXOP_HIDE ) continue;
+
+ vals[0] = ext->oid;
+
+ if( attr_merge( e, ad_supportedExtension, vals, NULL ) ) {
+ return LDAP_OTHER;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int
+do_extended(
+ Operation *op,
+ SlapReply *rs
+)
+{
+ struct berval reqdata = {0, NULL};
+ ber_tag_t tag;
+ ber_len_t len;
+
+ Debug( LDAP_DEBUG_TRACE, "do_extended\n", 0, 0, 0 );
+
+ if( op->o_protocol < LDAP_VERSION3 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "do_extended: protocol version (%d) too low\n",
+ op->o_protocol, 0 ,0 );
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "requires LDAPv3" );
+ rs->sr_err = SLAPD_DISCONNECT;
+ goto done;
+ }
+
+ if ( ber_scanf( op->o_ber, "{m" /*}*/, &op->ore_reqoid ) == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, "do_extended: ber_scanf failed\n", 0, 0 ,0 );
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
+ rs->sr_err = SLAPD_DISCONNECT;
+ goto done;
+ }
+
+ tag = ber_peek_tag( op->o_ber, &len );
+
+ if( ber_peek_tag( op->o_ber, &len ) == LDAP_TAG_EXOP_REQ_VALUE ) {
+ if( ber_scanf( op->o_ber, "m", &reqdata ) == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, "do_extended: ber_scanf failed\n", 0, 0 ,0 );
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
+ rs->sr_err = SLAPD_DISCONNECT;
+ goto done;
+ }
+ }
+
+ if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "do_extended: get_ctrls failed\n", 0, 0 ,0 );
+ return rs->sr_err;
+ }
+
+ /* check for controls inappropriate for all extended operations */
+ if( get_manageDSAit( op ) == SLAP_CONTROL_CRITICAL ) {
+ Statslog( LDAP_DEBUG_STATS, "%s EXT oid=%s\n",
+ op->o_log_prefix, op->ore_reqoid.bv_val, 0, 0, 0 );
+ send_ldap_error( op, rs,
+ LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
+ "manageDSAit control inappropriate" );
+ goto done;
+ }
+
+ /* FIXME: temporary? */
+ if ( reqdata.bv_val ) {
+ op->ore_reqdata = &reqdata;
+ }
+
+ op->o_bd = frontendDB;
+ rs->sr_err = frontendDB->be_extended( op, rs );
+
+done:
+ return rs->sr_err;
+}
+
+int
+fe_extended( Operation *op, SlapReply *rs )
+{
+ struct extop_list *ext = NULL;
+ struct berval reqdata = BER_BVNULL;
+
+ if (op->ore_reqdata) {
+ reqdata = *op->ore_reqdata;
+ }
+
+ ext = find_extop(supp_ext_list, &op->ore_reqoid );
+ if ( ext == NULL ) {
+ Statslog( LDAP_DEBUG_STATS, "%s EXT oid=%s\n",
+ op->o_log_prefix, op->ore_reqoid.bv_val, 0, 0, 0 );
+ Debug( LDAP_DEBUG_ANY, "do_extended: unsupported operation \"%s\"\n",
+ op->ore_reqoid.bv_val, 0 ,0 );
+ send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
+ "unsupported extended operation" );
+ goto done;
+ }
+
+ op->ore_flags = ext->flags;
+
+ Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n",
+ op->ore_reqoid.bv_val, 0 ,0 );
+
+ { /* start of OpenLDAP extended operation */
+ BackendDB *bd = op->o_bd;
+
+ rs->sr_err = (ext->ext_main)( op, rs );
+
+ if( rs->sr_err != SLAPD_ABANDON ) {
+ if ( rs->sr_err == LDAP_REFERRAL && rs->sr_ref == NULL ) {
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, NULL, LDAP_SCOPE_DEFAULT );
+ if ( !rs->sr_ref ) rs->sr_ref = default_referral;
+ if ( !rs->sr_ref ) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "referral missing";
+ }
+ }
+
+ if ( op->o_bd == NULL )
+ op->o_bd = bd;
+ send_ldap_extended( op, rs );
+
+ if ( rs->sr_ref != default_referral ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ }
+
+ if ( rs->sr_rspoid != NULL ) {
+ free( (char *)rs->sr_rspoid );
+ }
+
+ if ( rs->sr_rspdata != NULL ) {
+ ber_bvfree( rs->sr_rspdata );
+ }
+ } /* end of OpenLDAP extended operation */
+
+done:;
+ return rs->sr_err;
+}
+
+int
+load_extop(
+ const struct berval *ext_oid,
+ slap_mask_t ext_flags,
+ SLAP_EXTOP_MAIN_FN *ext_main )
+{
+ struct extop_list *ext;
+
+ if( ext_oid == NULL || ext_oid->bv_val == NULL ||
+ ext_oid->bv_val[0] == '\0' || ext_oid->bv_len == 0 ) return -1;
+ if(!ext_main) return -1;
+
+ ext = ch_calloc(1, sizeof(struct extop_list) + ext_oid->bv_len + 1);
+ if (ext == NULL)
+ return(-1);
+
+ ext->flags = ext_flags;
+
+ ext->oid.bv_val = (char *)(ext + 1);
+ AC_MEMCPY( ext->oid.bv_val, ext_oid->bv_val, ext_oid->bv_len );
+ ext->oid.bv_len = ext_oid->bv_len;
+ ext->oid.bv_val[ext->oid.bv_len] = '\0';
+
+ ext->ext_main = ext_main;
+ ext->next = supp_ext_list;
+
+ supp_ext_list = ext;
+
+ return(0);
+}
+
+int
+extops_init (void)
+{
+ int i;
+
+ for (i = 0; builtin_extops[i].oid != NULL; i++) {
+ load_extop((struct berval *)builtin_extops[i].oid,
+ builtin_extops[i].flags,
+ builtin_extops[i].ext_main);
+ }
+ return(0);
+}
+
+int
+extops_kill (void)
+{
+ struct extop_list *ext;
+
+ /* we allocated the memory, so we have to free it, too. */
+ while ((ext = supp_ext_list) != NULL) {
+ supp_ext_list = ext->next;
+ ch_free(ext);
+ }
+ return(0);
+}
+
+static struct extop_list *
+find_extop( struct extop_list *list, struct berval *oid )
+{
+ struct extop_list *ext;
+
+ for (ext = list; ext; ext = ext->next) {
+ if (bvmatch(&ext->oid, oid))
+ return(ext);
+ }
+ return(NULL);
+}
+
+
+static int
+whoami_extop (
+ Operation *op,
+ SlapReply *rs )
+{
+ struct berval *bv;
+
+ if ( op->ore_reqdata != NULL ) {
+ /* no request data should be provided */
+ rs->sr_text = "no request data expected";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ Statslog( LDAP_DEBUG_STATS, "%s WHOAMI\n",
+ op->o_log_prefix, 0, 0, 0, 0 );
+
+ op->o_bd = op->o_conn->c_authz_backend;
+ if( backend_check_restrictions( op, rs,
+ (struct berval *)&slap_EXOP_WHOAMI ) != LDAP_SUCCESS ) {
+ return rs->sr_err;
+ }
+
+ bv = (struct berval *) ch_malloc( sizeof(struct berval) );
+ if( op->o_dn.bv_len ) {
+ bv->bv_len = op->o_dn.bv_len + STRLENOF( "dn:" );
+ bv->bv_val = ch_malloc( bv->bv_len + 1 );
+ AC_MEMCPY( bv->bv_val, "dn:", STRLENOF( "dn:" ) );
+ AC_MEMCPY( &bv->bv_val[STRLENOF( "dn:" )], op->o_dn.bv_val,
+ op->o_dn.bv_len );
+ bv->bv_val[bv->bv_len] = '\0';
+
+ } else {
+ bv->bv_len = 0;
+ bv->bv_val = NULL;
+ }
+
+ rs->sr_rspdata = bv;
+ return LDAP_SUCCESS;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/filter.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/filter.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/filter.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1328 @@
+/* filter.c - routines for parsing and dealing with filters */
+/* $OpenLDAP: pkg/ldap/servers/slapd/filter.c,v 1.125.2.10 2007/01/02 21:43:55 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+
+static int get_filter_list(
+ Operation *op,
+ BerElement *ber,
+ Filter **f,
+ const char **text );
+
+static int get_ssa(
+ Operation *op,
+ BerElement *ber,
+ SubstringsAssertion **s,
+ const char **text );
+
+static void simple_vrFilter2bv(
+ Operation *op,
+ ValuesReturnFilter *f,
+ struct berval *fstr );
+
+static int get_simple_vrFilter(
+ Operation *op,
+ BerElement *ber,
+ ValuesReturnFilter **f,
+ const char **text );
+
+int
+get_filter(
+ Operation *op,
+ BerElement *ber,
+ Filter **filt,
+ const char **text )
+{
+ ber_tag_t tag;
+ ber_len_t len;
+ int err;
+ Filter f;
+
+ Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
+ /*
+ * A filter looks like this coming in:
+ * Filter ::= CHOICE {
+ * and [0] SET OF Filter,
+ * or [1] SET OF Filter,
+ * not [2] Filter,
+ * equalityMatch [3] AttributeValueAssertion,
+ * substrings [4] SubstringFilter,
+ * greaterOrEqual [5] AttributeValueAssertion,
+ * lessOrEqual [6] AttributeValueAssertion,
+ * present [7] AttributeType,,
+ * approxMatch [8] AttributeValueAssertion
+ * extensibleMatch [9] MatchingRuleAssertion
+ * }
+ *
+ * SubstringFilter ::= SEQUENCE {
+ * type AttributeType,
+ * SEQUENCE OF CHOICE {
+ * initial [0] IA5String,
+ * any [1] IA5String,
+ * final [2] IA5String
+ * }
+ * }
+ *
+ * MatchingRuleAssertion ::= SEQUENCE {
+ * matchingRule [1] MatchingRuleId OPTIONAL,
+ * type [2] AttributeDescription OPTIONAL,
+ * matchValue [3] AssertionValue,
+ * dnAttributes [4] BOOLEAN DEFAULT FALSE
+ * }
+ *
+ */
+
+ tag = ber_peek_tag( ber, &len );
+
+ if( tag == LBER_ERROR ) {
+ *text = "error decoding filter";
+ return SLAPD_DISCONNECT;
+ }
+
+ err = LDAP_SUCCESS;
+
+ f.f_next = NULL;
+ f.f_choice = tag;
+
+ switch ( f.f_choice ) {
+ case LDAP_FILTER_EQUALITY:
+ Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
+ err = get_ava( op, ber, &f.f_ava, SLAP_MR_EQUALITY, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+
+ assert( f.f_ava != NULL );
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
+ err = get_ssa( op, ber, &f.f_sub, text );
+ if( err != LDAP_SUCCESS ) {
+ break;
+ }
+ assert( f.f_sub != NULL );
+ break;
+
+ case LDAP_FILTER_GE:
+ Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
+ err = get_ava( op, ber, &f.f_ava, SLAP_MR_ORDERING, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+ assert( f.f_ava != NULL );
+ break;
+
+ case LDAP_FILTER_LE:
+ Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
+ err = get_ava( op, ber, &f.f_ava, SLAP_MR_ORDERING, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+ assert( f.f_ava != NULL );
+ break;
+
+ case LDAP_FILTER_PRESENT: {
+ struct berval type;
+
+ Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
+ if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
+ err = SLAPD_DISCONNECT;
+ *text = "error decoding filter";
+ break;
+ }
+
+ f.f_desc = NULL;
+ err = slap_bv2ad( &type, &f.f_desc, text );
+
+ if( err != LDAP_SUCCESS ) {
+ err = slap_bv2undef_ad( &type, &f.f_desc, text,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+
+ if ( err != LDAP_SUCCESS ) {
+ /* unrecognized attribute description or other error */
+ Debug( LDAP_DEBUG_ANY,
+ "get_filter: conn %lu unknown attribute "
+ "type=%s (%d)\n",
+ op->o_connid, type.bv_val, err );
+
+ f.f_choice = SLAPD_FILTER_COMPUTED;
+ f.f_result = LDAP_COMPARE_FALSE;
+ err = LDAP_SUCCESS;
+ *text = NULL;
+ break;
+ }
+ }
+
+ assert( f.f_desc != NULL );
+ } break;
+
+ case LDAP_FILTER_APPROX:
+ Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
+ err = get_ava( op, ber, &f.f_ava, SLAP_MR_EQUALITY_APPROX, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+ assert( f.f_ava != NULL );
+ break;
+
+ case LDAP_FILTER_AND:
+ Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
+ err = get_filter_list( op, ber, &f.f_and, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+ if ( f.f_and == NULL ) {
+ f.f_choice = SLAPD_FILTER_COMPUTED;
+ f.f_result = LDAP_COMPARE_TRUE;
+ }
+ /* no assert - list could be empty */
+ break;
+
+ case LDAP_FILTER_OR:
+ Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
+ err = get_filter_list( op, ber, &f.f_or, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+ if ( f.f_or == NULL ) {
+ f.f_choice = SLAPD_FILTER_COMPUTED;
+ f.f_result = LDAP_COMPARE_FALSE;
+ }
+ /* no assert - list could be empty */
+ break;
+
+ case LDAP_FILTER_NOT:
+ Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
+ (void) ber_skip_tag( ber, &len );
+ err = get_filter( op, ber, &f.f_not, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+
+ assert( f.f_not != NULL );
+ if ( f.f_not->f_choice == SLAPD_FILTER_COMPUTED ) {
+ int fresult = f.f_not->f_result;
+ f.f_choice = SLAPD_FILTER_COMPUTED;
+ op->o_tmpfree( f.f_not, op->o_tmpmemctx );
+ f.f_not = NULL;
+
+ switch( fresult ) {
+ case LDAP_COMPARE_TRUE:
+ f.f_result = LDAP_COMPARE_FALSE;
+ break;
+ case LDAP_COMPARE_FALSE:
+ f.f_result = LDAP_COMPARE_TRUE;
+ break;
+ default: ;
+ /* (!Undefined) is Undefined */
+ }
+ }
+ break;
+
+ case LDAP_FILTER_EXT:
+ Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
+
+ err = get_mra( op, ber, &f.f_mra, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+
+ assert( f.f_mra != NULL );
+ break;
+
+ default:
+ (void) ber_scanf( ber, "x" ); /* skip the element */
+ Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
+ f.f_choice, 0, 0 );
+ f.f_choice = SLAPD_FILTER_COMPUTED;
+ f.f_result = SLAPD_COMPARE_UNDEFINED;
+ break;
+ }
+
+ if( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
+ /* ignore error */
+ *text = NULL;
+ f.f_choice = SLAPD_FILTER_COMPUTED;
+ f.f_result = SLAPD_COMPARE_UNDEFINED;
+ err = LDAP_SUCCESS;
+ }
+
+ if ( err == LDAP_SUCCESS ) {
+ *filt = op->o_tmpalloc( sizeof(f), op->o_tmpmemctx );
+ **filt = f;
+ }
+
+ Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
+
+ return( err );
+}
+
+static int
+get_filter_list( Operation *op, BerElement *ber,
+ Filter **f,
+ const char **text )
+{
+ Filter **new;
+ int err;
+ ber_tag_t tag;
+ ber_len_t len;
+ char *last;
+
+ Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
+ new = f;
+ for ( tag = ber_first_element( ber, &len, &last );
+ tag != LBER_DEFAULT;
+ tag = ber_next_element( ber, &len, last ) )
+ {
+ err = get_filter( op, ber, new, text );
+ if ( err != LDAP_SUCCESS )
+ return( err );
+ new = &(*new)->f_next;
+ }
+ *new = NULL;
+
+ Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
+ return( LDAP_SUCCESS );
+}
+
+static int
+get_ssa(
+ Operation *op,
+ BerElement *ber,
+ SubstringsAssertion **out,
+ const char **text )
+{
+ ber_tag_t tag;
+ ber_len_t len;
+ ber_tag_t rc;
+ struct berval desc, value, nvalue;
+ char *last;
+ SubstringsAssertion ssa;
+
+ *text = "error decoding filter";
+ *out = NULL;
+
+ Debug( LDAP_DEBUG_FILTER, "begin get_ssa\n", 0, 0, 0 );
+ if ( ber_scanf( ber, "{m" /*}*/, &desc ) == LBER_ERROR ) {
+ return SLAPD_DISCONNECT;
+ }
+
+ *text = NULL;
+
+ ssa.sa_desc = NULL;
+ ssa.sa_initial.bv_val = NULL;
+ ssa.sa_any = NULL;
+ ssa.sa_final.bv_val = NULL;
+
+ rc = slap_bv2ad( &desc, &ssa.sa_desc, text );
+
+ if( rc != LDAP_SUCCESS ) {
+ rc = slap_bv2undef_ad( &desc, &ssa.sa_desc, text,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "get_ssa: conn %lu unknown attribute type=%s (%ld)\n",
+ op->o_connid, desc.bv_val, (long) rc );
+
+ /* skip over the rest of this filter */
+ for ( tag = ber_first_element( ber, &len, &last );
+ tag != LBER_DEFAULT;
+ tag = ber_next_element( ber, &len, last ) ) {
+ ber_scanf( ber, "x" );
+ }
+ return rc;
+ }
+ }
+
+ rc = LDAP_PROTOCOL_ERROR;
+
+ for ( tag = ber_first_element( ber, &len, &last );
+ tag != LBER_DEFAULT;
+ tag = ber_next_element( ber, &len, last ) )
+ {
+ unsigned usage;
+
+ rc = ber_scanf( ber, "m", &value );
+ if ( rc == LBER_ERROR ) {
+ rc = SLAPD_DISCONNECT;
+ goto return_error;
+ }
+
+ if ( value.bv_val == NULL || value.bv_len == 0 ) {
+ rc = LDAP_INVALID_SYNTAX;
+ goto return_error;
+ }
+
+ switch ( tag ) {
+ case LDAP_SUBSTRING_INITIAL:
+ if ( ssa.sa_initial.bv_val != NULL
+ || ssa.sa_any != NULL
+ || ssa.sa_final.bv_val != NULL )
+ {
+ rc = LDAP_PROTOCOL_ERROR;
+ goto return_error;
+ }
+ usage = SLAP_MR_SUBSTR_INITIAL;
+ break;
+
+ case LDAP_SUBSTRING_ANY:
+ if ( ssa.sa_final.bv_val != NULL ) {
+ rc = LDAP_PROTOCOL_ERROR;
+ goto return_error;
+ }
+ usage = SLAP_MR_SUBSTR_ANY;
+ break;
+
+ case LDAP_SUBSTRING_FINAL:
+ if ( ssa.sa_final.bv_val != NULL ) {
+ rc = LDAP_PROTOCOL_ERROR;
+ goto return_error;
+ }
+
+ usage = SLAP_MR_SUBSTR_FINAL;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_FILTER,
+ " unknown substring choice=%ld\n",
+ (long) tag, 0, 0 );
+
+ rc = LDAP_PROTOCOL_ERROR;
+ goto return_error;
+ }
+
+ /* validate/normalize using equality matching rule validator! */
+ rc = asserted_value_validate_normalize(
+ ssa.sa_desc, ssa.sa_desc->ad_type->sat_equality,
+ usage, &value, &nvalue, text, op->o_tmpmemctx );
+ if( rc != LDAP_SUCCESS ) goto return_error;
+
+ switch ( tag ) {
+ case LDAP_SUBSTRING_INITIAL:
+ Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
+ ssa.sa_initial = nvalue;
+ break;
+
+ case LDAP_SUBSTRING_ANY:
+ Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
+ ber_bvarray_add_x( &ssa.sa_any, &nvalue, op->o_tmpmemctx );
+ break;
+
+ case LDAP_SUBSTRING_FINAL:
+ Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
+ ssa.sa_final = nvalue;
+ break;
+
+ default:
+ assert( 0 );
+ slap_sl_free( nvalue.bv_val, op->o_tmpmemctx );
+ rc = LDAP_PROTOCOL_ERROR;
+
+return_error:
+ Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
+ (long) rc, 0, 0 );
+ slap_sl_free( ssa.sa_initial.bv_val, op->o_tmpmemctx );
+ ber_bvarray_free_x( ssa.sa_any, op->o_tmpmemctx );
+ slap_sl_free( ssa.sa_final.bv_val, op->o_tmpmemctx );
+ return rc;
+ }
+
+ rc = LDAP_SUCCESS;
+ }
+
+ if( rc == LDAP_SUCCESS ) {
+ *out = op->o_tmpalloc( sizeof( ssa ), op->o_tmpmemctx );
+ **out = ssa;
+ }
+
+ Debug( LDAP_DEBUG_FILTER, "end get_ssa\n", 0, 0, 0 );
+ return rc /* LDAP_SUCCESS */ ;
+}
+
+void
+filter_free_x( Operation *op, Filter *f )
+{
+ Filter *p, *next;
+
+ if ( f == NULL ) {
+ return;
+ }
+
+ switch ( f->f_choice ) {
+ case LDAP_FILTER_PRESENT:
+ break;
+
+ case LDAP_FILTER_EQUALITY:
+ case LDAP_FILTER_GE:
+ case LDAP_FILTER_LE:
+ case LDAP_FILTER_APPROX:
+ ava_free( op, f->f_ava, 1 );
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ if ( f->f_sub_initial.bv_val != NULL ) {
+ op->o_tmpfree( f->f_sub_initial.bv_val, op->o_tmpmemctx );
+ }
+ ber_bvarray_free_x( f->f_sub_any, op->o_tmpmemctx );
+ if ( f->f_sub_final.bv_val != NULL ) {
+ op->o_tmpfree( f->f_sub_final.bv_val, op->o_tmpmemctx );
+ }
+ op->o_tmpfree( f->f_sub, op->o_tmpmemctx );
+ break;
+
+ case LDAP_FILTER_AND:
+ case LDAP_FILTER_OR:
+ case LDAP_FILTER_NOT:
+ for ( p = f->f_list; p != NULL; p = next ) {
+ next = p->f_next;
+ filter_free_x( op, p );
+ }
+ break;
+
+ case LDAP_FILTER_EXT:
+ mra_free( op, f->f_mra, 1 );
+ break;
+
+ case SLAPD_FILTER_COMPUTED:
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
+ f->f_choice, 0, 0 );
+ break;
+ }
+
+ op->o_tmpfree( f, op->o_tmpmemctx );
+}
+
+void
+filter_free( Filter *f )
+{
+ Operation op;
+ Opheader ohdr;
+
+ op.o_hdr = &ohdr;
+ op.o_tmpmemctx = slap_sl_context( f );
+ op.o_tmpmfuncs = &slap_sl_mfuncs;
+ filter_free_x( &op, f );
+}
+
+void
+filter2bv_x( Operation *op, Filter *f, struct berval *fstr )
+{
+ int i;
+ Filter *p;
+ struct berval tmp;
+ static struct berval
+ ber_bvfalse = BER_BVC( "(?=false)" ),
+ ber_bvtrue = BER_BVC( "(?=true)" ),
+ ber_bvundefined = BER_BVC( "(?=undefined)" ),
+ ber_bverror = BER_BVC( "(?=error)" ),
+ ber_bvunknown = BER_BVC( "(?=unknown)" ),
+ ber_bvnone = BER_BVC( "(?=none)" );
+ ber_len_t len;
+
+ if ( f == NULL ) {
+ ber_dupbv_x( fstr, &ber_bvnone, op->o_tmpmemctx );
+ return;
+ }
+
+ switch ( f->f_choice ) {
+ case LDAP_FILTER_EQUALITY:
+ filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
+
+ fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
+ tmp.bv_len + ( sizeof("(=)") - 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
+ f->f_av_desc->ad_cname.bv_val,
+ tmp.bv_len ? tmp.bv_val : "(null)");
+
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ break;
+
+ case LDAP_FILTER_GE:
+ filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
+
+ fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
+ tmp.bv_len + ( sizeof("(>=)") - 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
+ f->f_av_desc->ad_cname.bv_val,
+ tmp.bv_len ? tmp.bv_val : "(null)");
+
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ break;
+
+ case LDAP_FILTER_LE:
+ filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
+
+ fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
+ tmp.bv_len + ( sizeof("(<=)") - 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
+ f->f_av_desc->ad_cname.bv_val,
+ tmp.bv_len ? tmp.bv_val : "(null)");
+
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ break;
+
+ case LDAP_FILTER_APPROX:
+ filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
+
+ fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
+ tmp.bv_len + ( sizeof("(~=)") - 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
+ f->f_av_desc->ad_cname.bv_val,
+ tmp.bv_len ? tmp.bv_val : "(null)");
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ fstr->bv_len = f->f_sub_desc->ad_cname.bv_len +
+ ( sizeof("(=*)") - 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
+ f->f_sub_desc->ad_cname.bv_val );
+
+ if ( f->f_sub_initial.bv_val != NULL ) {
+ len = fstr->bv_len;
+
+ filter_escape_value_x( &f->f_sub_initial, &tmp, op->o_tmpmemctx );
+
+ fstr->bv_len += tmp.bv_len;
+ fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
+ op->o_tmpmemctx );
+
+ snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
+ /* "(attr=" */ "%s*)",
+ tmp.bv_len ? tmp.bv_val : "(null)");
+
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ }
+
+ if ( f->f_sub_any != NULL ) {
+ for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
+ len = fstr->bv_len;
+ filter_escape_value_x( &f->f_sub_any[i],
+ &tmp, op->o_tmpmemctx );
+
+ fstr->bv_len += tmp.bv_len + 1;
+ fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
+ op->o_tmpmemctx );
+
+ snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
+ /* "(attr=[init]*[any*]" */ "%s*)",
+ tmp.bv_len ? tmp.bv_val : "(null)");
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ }
+ }
+
+ if ( f->f_sub_final.bv_val != NULL ) {
+ len = fstr->bv_len;
+
+ filter_escape_value_x( &f->f_sub_final, &tmp, op->o_tmpmemctx );
+
+ fstr->bv_len += tmp.bv_len;
+ fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
+ op->o_tmpmemctx );
+
+ snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
+ /* "(attr=[init*][any*]" */ "%s)",
+ tmp.bv_len ? tmp.bv_val : "(null)");
+
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ }
+
+ break;
+
+ case LDAP_FILTER_PRESENT:
+ fstr->bv_len = f->f_desc->ad_cname.bv_len +
+ ( sizeof("(=*)") - 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
+ f->f_desc->ad_cname.bv_val );
+ break;
+
+ case LDAP_FILTER_AND:
+ case LDAP_FILTER_OR:
+ case LDAP_FILTER_NOT:
+ fstr->bv_len = sizeof("(%)") - 1;
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
+ f->f_choice == LDAP_FILTER_AND ? '&' :
+ f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
+
+ for ( p = f->f_list; p != NULL; p = p->f_next ) {
+ len = fstr->bv_len;
+
+ filter2bv_x( op, p, &tmp );
+
+ fstr->bv_len += tmp.bv_len;
+ fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
+ op->o_tmpmemctx );
+
+ snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
+ /*"("*/ "%s)", tmp.bv_val );
+
+ op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx );
+ }
+
+ break;
+
+ case LDAP_FILTER_EXT: {
+ struct berval ad;
+ filter_escape_value_x( &f->f_mr_value, &tmp, op->o_tmpmemctx );
+
+ if ( f->f_mr_desc ) {
+ ad = f->f_mr_desc->ad_cname;
+ } else {
+ ad.bv_len = 0;
+ ad.bv_val = "";
+ }
+
+ fstr->bv_len = ad.bv_len +
+ ( f->f_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
+ ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) +
+ tmp.bv_len + ( sizeof("(:=)") - 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
+ ad.bv_val,
+ f->f_mr_dnattrs ? ":dn" : "",
+ f->f_mr_rule_text.bv_len ? ":" : "",
+ f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "",
+ tmp.bv_len ? tmp.bv_val : "(null)");
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ } break;
+
+ case SLAPD_FILTER_COMPUTED:
+ switch ( f->f_result ) {
+ case LDAP_COMPARE_FALSE:
+ tmp = ber_bvfalse;
+ break;
+
+ case LDAP_COMPARE_TRUE:
+ tmp = ber_bvtrue;
+ break;
+
+ case SLAPD_COMPARE_UNDEFINED:
+ tmp = ber_bvundefined;
+ break;
+
+ default:
+ tmp = ber_bverror;
+ break;
+ }
+
+ ber_dupbv_x( fstr, &tmp, op->o_tmpmemctx );
+ break;
+
+ default:
+ ber_dupbv_x( fstr, &ber_bvunknown, op->o_tmpmemctx );
+ break;
+ }
+}
+
+void
+filter2bv( Filter *f, struct berval *fstr )
+{
+ Operation op;
+ Opheader ohdr;
+
+ op.o_hdr = &ohdr;
+ op.o_tmpmemctx = NULL;
+ op.o_tmpmfuncs = &ch_mfuncs;
+
+ filter2bv_x( &op, f, fstr );
+}
+
+Filter *
+filter_dup( Filter *f, void *memctx )
+{
+ BerMemoryFunctions *mf = &slap_sl_mfuncs;
+ Filter *n;
+
+ if ( !f )
+ return NULL;
+
+ n = mf->bmf_malloc( sizeof(Filter), memctx );
+ n->f_choice = f->f_choice;
+ n->f_next = NULL;
+
+ switch( f->f_choice ) {
+ case SLAPD_FILTER_COMPUTED:
+ n->f_result = f->f_result;
+ break;
+ case LDAP_FILTER_PRESENT:
+ n->f_desc = f->f_desc;
+ break;
+ case LDAP_FILTER_EQUALITY:
+ case LDAP_FILTER_GE:
+ case LDAP_FILTER_LE:
+ case LDAP_FILTER_APPROX:
+ /* Should this be ava_dup() ? */
+ n->f_ava = mf->bmf_calloc( 1, sizeof(AttributeAssertion), memctx );
+ *n->f_ava = *f->f_ava;
+ ber_dupbv_x( &n->f_av_value, &f->f_av_value, memctx );
+ break;
+ case LDAP_FILTER_SUBSTRINGS:
+ n->f_sub = mf->bmf_calloc( 1, sizeof(SubstringsAssertion), memctx );
+ n->f_sub_desc = f->f_sub_desc;
+ if ( !BER_BVISNULL( &f->f_sub_initial ))
+ ber_dupbv_x( &n->f_sub_initial, &f->f_sub_initial, memctx );
+ if ( f->f_sub_any ) {
+ int i;
+ for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ );
+ n->f_sub_any = mf->bmf_malloc(( i+1 )*sizeof( struct berval ),
+ memctx );
+ for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) {
+ ber_dupbv_x( &n->f_sub_any[i], &f->f_sub_any[i], memctx );
+ }
+ BER_BVZERO( &n->f_sub_any[i] );
+ }
+ if ( !BER_BVISNULL( &f->f_sub_final ))
+ ber_dupbv_x( &n->f_sub_final, &f->f_sub_final, memctx );
+ break;
+ case LDAP_FILTER_EXT: {
+ /* Should this be mra_dup() ? */
+ ber_len_t length;
+ length = sizeof(MatchingRuleAssertion);
+ if ( !BER_BVISNULL( &f->f_mr_rule_text ))
+ length += f->f_mr_rule_text.bv_len + 1;
+ n->f_mra = mf->bmf_calloc( 1, length, memctx );
+ *n->f_mra = *f->f_mra;
+ ber_dupbv_x( &n->f_mr_value, &f->f_mr_value, memctx );
+ if ( !BER_BVISNULL( &f->f_mr_rule_text )) {
+ n->f_mr_rule_text.bv_val = (char *)(n->f_mra+1);
+ AC_MEMCPY(n->f_mr_rule_text.bv_val,
+ f->f_mr_rule_text.bv_val, f->f_mr_rule_text.bv_len );
+ }
+ } break;
+ case LDAP_FILTER_AND:
+ case LDAP_FILTER_OR:
+ case LDAP_FILTER_NOT: {
+ Filter **p;
+ for ( p = &n->f_list, f = f->f_list; f; f = f->f_next ) {
+ *p = filter_dup( f, memctx );
+ p = &(*p)->f_next;
+ }
+ } break;
+ }
+ return n;
+}
+
+static int
+get_simple_vrFilter(
+ Operation *op,
+ BerElement *ber,
+ ValuesReturnFilter **filt,
+ const char **text )
+{
+ ber_tag_t tag;
+ ber_len_t len;
+ int err;
+ ValuesReturnFilter vrf;
+
+ Debug( LDAP_DEBUG_FILTER, "begin get_simple_vrFilter\n", 0, 0, 0 );
+
+ tag = ber_peek_tag( ber, &len );
+
+ if( tag == LBER_ERROR ) {
+ *text = "error decoding filter";
+ return SLAPD_DISCONNECT;
+ }
+
+ vrf.vrf_next = NULL;
+
+ err = LDAP_SUCCESS;
+ vrf.vrf_choice = tag;
+
+ switch ( vrf.vrf_choice ) {
+ case LDAP_FILTER_EQUALITY:
+ Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
+ err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_EQUALITY, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+
+ assert( vrf.vrf_ava != NULL );
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
+ err = get_ssa( op, ber, &vrf.vrf_sub, text );
+ break;
+
+ case LDAP_FILTER_GE:
+ Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
+ err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+ break;
+
+ case LDAP_FILTER_LE:
+ Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
+ err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+ break;
+
+ case LDAP_FILTER_PRESENT: {
+ struct berval type;
+
+ Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
+ if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
+ err = SLAPD_DISCONNECT;
+ *text = "error decoding filter";
+ break;
+ }
+
+ vrf.vrf_desc = NULL;
+ err = slap_bv2ad( &type, &vrf.vrf_desc, text );
+
+ if( err != LDAP_SUCCESS ) {
+ err = slap_bv2undef_ad( &type, &vrf.vrf_desc, text,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+
+ if( err != LDAP_SUCCESS ) {
+ /* unrecognized attribute description or other error */
+ Debug( LDAP_DEBUG_ANY,
+ "get_simple_vrFilter: conn %lu unknown "
+ "attribute type=%s (%d)\n",
+ op->o_connid, type.bv_val, err );
+
+ vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
+ vrf.vrf_result = LDAP_COMPARE_FALSE;
+ err = LDAP_SUCCESS;
+ break;
+ }
+ }
+ } break;
+
+ case LDAP_FILTER_APPROX:
+ Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
+ err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_EQUALITY_APPROX, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+ break;
+
+ case LDAP_FILTER_EXT:
+ Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
+
+ err = get_mra( op, ber, &vrf.vrf_mra, text );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+
+ assert( vrf.vrf_mra != NULL );
+ break;
+
+ default:
+ (void) ber_scanf( ber, "x" ); /* skip the element */
+ Debug( LDAP_DEBUG_ANY, "get_simple_vrFilter: unknown filter type=%lu\n",
+ vrf.vrf_choice, 0, 0 );
+ vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
+ vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
+ break;
+ }
+
+ if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
+ /* ignore error */
+ vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
+ vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
+ err = LDAP_SUCCESS;
+ }
+
+ if ( err == LDAP_SUCCESS ) {
+ *filt = op->o_tmpalloc( sizeof vrf, op->o_tmpmemctx );
+ **filt = vrf;
+ }
+
+ Debug( LDAP_DEBUG_FILTER, "end get_simple_vrFilter %d\n", err, 0, 0 );
+
+ return err;
+}
+
+int
+get_vrFilter( Operation *op, BerElement *ber,
+ ValuesReturnFilter **vrf,
+ const char **text )
+{
+ /*
+ * A ValuesReturnFilter looks like this:
+ *
+ * ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem
+ * SimpleFilterItem ::= CHOICE {
+ * equalityMatch [3] AttributeValueAssertion,
+ * substrings [4] SubstringFilter,
+ * greaterOrEqual [5] AttributeValueAssertion,
+ * lessOrEqual [6] AttributeValueAssertion,
+ * present [7] AttributeType,
+ * approxMatch [8] AttributeValueAssertion,
+ * extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3
+ * }
+ *
+ * SubstringFilter ::= SEQUENCE {
+ * type AttributeType,
+ * SEQUENCE OF CHOICE {
+ * initial [0] IA5String,
+ * any [1] IA5String,
+ * final [2] IA5String
+ * }
+ * }
+ *
+ * SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3
+ * matchingRule [1] MatchingRuleId OPTIONAL,
+ * type [2] AttributeDescription OPTIONAL,
+ * matchValue [3] AssertionValue }
+ */
+
+ ValuesReturnFilter **n;
+ ber_tag_t tag;
+ ber_len_t len;
+ char *last;
+
+ Debug( LDAP_DEBUG_FILTER, "begin get_vrFilter\n", 0, 0, 0 );
+
+ tag = ber_peek_tag( ber, &len );
+
+ if( tag == LBER_ERROR ) {
+ *text = "error decoding vrFilter";
+ return SLAPD_DISCONNECT;
+ }
+
+ if( tag != LBER_SEQUENCE ) {
+ *text = "error decoding vrFilter, expect SEQUENCE tag";
+ return SLAPD_DISCONNECT;
+ }
+
+ n = vrf;
+ for ( tag = ber_first_element( ber, &len, &last );
+ tag != LBER_DEFAULT;
+ tag = ber_next_element( ber, &len, last ) )
+ {
+ int err = get_simple_vrFilter( op, ber, n, text );
+
+ if ( err != LDAP_SUCCESS ) return( err );
+
+ n = &(*n)->vrf_next;
+ }
+ *n = NULL;
+
+ Debug( LDAP_DEBUG_FILTER, "end get_vrFilter\n", 0, 0, 0 );
+ return( LDAP_SUCCESS );
+}
+
+void
+vrFilter_free( Operation *op, ValuesReturnFilter *vrf )
+{
+ ValuesReturnFilter *p, *next;
+
+ if ( vrf == NULL ) {
+ return;
+ }
+
+ for ( p = vrf; p != NULL; p = next ) {
+ next = p->vrf_next;
+
+ switch ( vrf->vrf_choice ) {
+ case LDAP_FILTER_PRESENT:
+ break;
+
+ case LDAP_FILTER_EQUALITY:
+ case LDAP_FILTER_GE:
+ case LDAP_FILTER_LE:
+ case LDAP_FILTER_APPROX:
+ ava_free( op, vrf->vrf_ava, 1 );
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ if ( vrf->vrf_sub_initial.bv_val != NULL ) {
+ op->o_tmpfree( vrf->vrf_sub_initial.bv_val, op->o_tmpmemctx );
+ }
+ ber_bvarray_free_x( vrf->vrf_sub_any, op->o_tmpmemctx );
+ if ( vrf->vrf_sub_final.bv_val != NULL ) {
+ op->o_tmpfree( vrf->vrf_sub_final.bv_val, op->o_tmpmemctx );
+ }
+ op->o_tmpfree( vrf->vrf_sub, op->o_tmpmemctx );
+ break;
+
+ case LDAP_FILTER_EXT:
+ mra_free( op, vrf->vrf_mra, 1 );
+ break;
+
+ case SLAPD_FILTER_COMPUTED:
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
+ vrf->vrf_choice, 0, 0 );
+ break;
+ }
+
+ op->o_tmpfree( vrf, op->o_tmpmemctx );
+ }
+}
+
+void
+vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr )
+{
+ ValuesReturnFilter *p;
+ struct berval tmp;
+ ber_len_t len;
+
+ if ( vrf == NULL ) {
+ ber_str2bv_x( "No filter!", sizeof("No filter!")-1,
+ 1, fstr, op->o_tmpmemctx );
+ return;
+ }
+
+ fstr->bv_len = sizeof("()") - 1;
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "()");
+
+ for ( p = vrf; p != NULL; p = p->vrf_next ) {
+ len = fstr->bv_len;
+
+ simple_vrFilter2bv( op, p, &tmp );
+
+ fstr->bv_len += tmp.bv_len;
+ fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
+ op->o_tmpmemctx );
+
+ snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
+ /*"("*/ "%s)", tmp.bv_val );
+
+ op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx );
+ }
+}
+
+static void
+simple_vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr )
+{
+ struct berval tmp;
+ ber_len_t len;
+
+ if ( vrf == NULL ) {
+ ber_str2bv_x( "No filter!", sizeof("No filter!")-1, 1, fstr,
+ op->o_tmpmemctx );
+ return;
+ }
+
+ switch ( vrf->vrf_choice ) {
+ case LDAP_FILTER_EQUALITY:
+ filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
+
+ fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
+ tmp.bv_len + ( sizeof("(=)") - 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
+ vrf->vrf_av_desc->ad_cname.bv_val,
+ tmp.bv_val );
+
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ break;
+
+ case LDAP_FILTER_GE:
+ filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
+
+ fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
+ tmp.bv_len + ( sizeof("(>=)") - 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
+ vrf->vrf_av_desc->ad_cname.bv_val,
+ tmp.bv_val );
+
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ break;
+
+ case LDAP_FILTER_LE:
+ filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
+
+ fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
+ tmp.bv_len + ( sizeof("(<=)") - 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
+ vrf->vrf_av_desc->ad_cname.bv_val,
+ tmp.bv_val );
+
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ break;
+
+ case LDAP_FILTER_APPROX:
+ filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
+
+ fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
+ tmp.bv_len + ( sizeof("(~=)") - 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
+ vrf->vrf_av_desc->ad_cname.bv_val,
+ tmp.bv_val );
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ fstr->bv_len = vrf->vrf_sub_desc->ad_cname.bv_len +
+ ( sizeof("(=*)") - 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
+ vrf->vrf_sub_desc->ad_cname.bv_val );
+
+ if ( vrf->vrf_sub_initial.bv_val != NULL ) {
+ len = fstr->bv_len;
+
+ filter_escape_value_x( &vrf->vrf_sub_initial, &tmp, op->o_tmpmemctx );
+
+ fstr->bv_len += tmp.bv_len;
+ fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
+ op->o_tmpmemctx );
+
+ snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
+ /* "(attr=" */ "%s*)",
+ tmp.bv_val );
+
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ }
+
+ if ( vrf->vrf_sub_any != NULL ) {
+ int i;
+ for ( i = 0; vrf->vrf_sub_any[i].bv_val != NULL; i++ ) {
+ len = fstr->bv_len;
+ filter_escape_value_x( &vrf->vrf_sub_any[i], &tmp,
+ op->o_tmpmemctx );
+
+ fstr->bv_len += tmp.bv_len + 1;
+ fstr->bv_val = op->o_tmprealloc( fstr->bv_val,
+ fstr->bv_len + 1, op->o_tmpmemctx );
+
+ snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
+ /* "(attr=[init]*[any*]" */ "%s*)",
+ tmp.bv_val );
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ }
+ }
+
+ if ( vrf->vrf_sub_final.bv_val != NULL ) {
+ len = fstr->bv_len;
+
+ filter_escape_value_x( &vrf->vrf_sub_final, &tmp, op->o_tmpmemctx );
+
+ fstr->bv_len += tmp.bv_len;
+ fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
+ op->o_tmpmemctx );
+
+ snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
+ /* "(attr=[init*][any*]" */ "%s)",
+ tmp.bv_val );
+
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ }
+
+ break;
+
+ case LDAP_FILTER_PRESENT:
+ fstr->bv_len = vrf->vrf_desc->ad_cname.bv_len +
+ ( sizeof("(=*)") - 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
+ vrf->vrf_desc->ad_cname.bv_val );
+ break;
+
+ case LDAP_FILTER_EXT: {
+ struct berval ad;
+ filter_escape_value_x( &vrf->vrf_mr_value, &tmp, op->o_tmpmemctx );
+
+ if ( vrf->vrf_mr_desc ) {
+ ad = vrf->vrf_mr_desc->ad_cname;
+ } else {
+ ad.bv_len = 0;
+ ad.bv_val = "";
+ }
+
+ fstr->bv_len = ad.bv_len +
+ ( vrf->vrf_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
+ ( vrf->vrf_mr_rule_text.bv_len
+ ? vrf->vrf_mr_rule_text.bv_len+1 : 0 ) +
+ tmp.bv_len + ( sizeof("(:=)") - 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
+ ad.bv_val,
+ vrf->vrf_mr_dnattrs ? ":dn" : "",
+ vrf->vrf_mr_rule_text.bv_len ? ":" : "",
+ vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_val : "",
+ tmp.bv_val );
+
+ ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
+ } break;
+
+ case SLAPD_FILTER_COMPUTED:
+ ber_str2bv_x(
+ vrf->vrf_result == LDAP_COMPARE_FALSE ? "(?=false)" :
+ vrf->vrf_result == LDAP_COMPARE_TRUE ? "(?=true)" :
+ vrf->vrf_result == SLAPD_COMPARE_UNDEFINED
+ ? "(?=undefined)" : "(?=error)",
+ vrf->vrf_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
+ vrf->vrf_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
+ vrf->vrf_result == SLAPD_COMPARE_UNDEFINED
+ ? sizeof("(?=undefined)")-1 : sizeof("(?=error)")-1,
+ 1, fstr, op->o_tmpmemctx );
+ break;
+
+ default:
+ ber_str2bv_x( "(?=unknown)", sizeof("(?=unknown)")-1,
+ 1, fstr, op->o_tmpmemctx );
+ break;
+ }
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/filterentry.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/filterentry.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/filterentry.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,935 @@
+/* filterentry.c - apply a filter to an entry */
+/* $OpenLDAP: pkg/ldap/servers/slapd/filterentry.c,v 1.91.2.10 2007/01/02 21:43:56 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+
+#ifdef LDAP_COMP_MATCH
+#include "component.h"
+#endif
+
+static int test_filter_and( Operation *op, Entry *e, Filter *flist );
+static int test_filter_or( Operation *op, Entry *e, Filter *flist );
+static int test_substrings_filter( Operation *op, Entry *e, Filter *f);
+static int test_ava_filter( Operation *op,
+ Entry *e, AttributeAssertion *ava, int type );
+static int test_mra_filter( Operation *op,
+ Entry *e, MatchingRuleAssertion *mra );
+static int test_presence_filter( Operation *op,
+ Entry *e, AttributeDescription *desc );
+
+
+/*
+ * test_filter - test a filter against a single entry.
+ * returns:
+ * LDAP_COMPARE_TRUE filter matched
+ * LDAP_COMPARE_FALSE filter did not match
+ * SLAPD_COMPARE_UNDEFINED filter is undefined
+ * or an ldap result code indicating error
+ */
+
+int
+test_filter(
+ Operation *op,
+ Entry *e,
+ Filter *f )
+{
+ int rc;
+ Debug( LDAP_DEBUG_FILTER, "=> test_filter\n", 0, 0, 0 );
+
+ switch ( f->f_choice ) {
+ case SLAPD_FILTER_COMPUTED:
+ Debug( LDAP_DEBUG_FILTER, " COMPUTED %s (%d)\n",
+ f->f_result == LDAP_COMPARE_FALSE ? "false" :
+ f->f_result == LDAP_COMPARE_TRUE ? "true" :
+ f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" : "error",
+ f->f_result, 0 );
+
+ rc = f->f_result;
+ break;
+
+ case LDAP_FILTER_EQUALITY:
+ Debug( LDAP_DEBUG_FILTER, " EQUALITY\n", 0, 0, 0 );
+ rc = test_ava_filter( op, e, f->f_ava, LDAP_FILTER_EQUALITY );
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n", 0, 0, 0 );
+ rc = test_substrings_filter( op, e, f );
+ break;
+
+ case LDAP_FILTER_GE:
+ Debug( LDAP_DEBUG_FILTER, " GE\n", 0, 0, 0 );
+ rc = test_ava_filter( op, e, f->f_ava, LDAP_FILTER_GE );
+ break;
+
+ case LDAP_FILTER_LE:
+ Debug( LDAP_DEBUG_FILTER, " LE\n", 0, 0, 0 );
+ rc = test_ava_filter( op, e, f->f_ava, LDAP_FILTER_LE );
+ break;
+
+ case LDAP_FILTER_PRESENT:
+ Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 );
+ rc = test_presence_filter( op, e, f->f_desc );
+ break;
+
+ case LDAP_FILTER_APPROX:
+ Debug( LDAP_DEBUG_FILTER, " APPROX\n", 0, 0, 0 );
+ rc = test_ava_filter( op, e, f->f_ava, LDAP_FILTER_APPROX );
+ break;
+
+ case LDAP_FILTER_AND:
+ Debug( LDAP_DEBUG_FILTER, " AND\n", 0, 0, 0 );
+ rc = test_filter_and( op, e, f->f_and );
+ break;
+
+ case LDAP_FILTER_OR:
+ Debug( LDAP_DEBUG_FILTER, " OR\n", 0, 0, 0 );
+ rc = test_filter_or( op, e, f->f_or );
+ break;
+
+ case LDAP_FILTER_NOT:
+ Debug( LDAP_DEBUG_FILTER, " NOT\n", 0, 0, 0 );
+ rc = test_filter( op, e, f->f_not );
+
+ /* Flip true to false and false to true
+ * but leave Undefined alone.
+ */
+ switch( rc ) {
+ case LDAP_COMPARE_TRUE:
+ rc = LDAP_COMPARE_FALSE;
+ break;
+ case LDAP_COMPARE_FALSE:
+ rc = LDAP_COMPARE_TRUE;
+ break;
+ }
+ break;
+
+ case LDAP_FILTER_EXT:
+ Debug( LDAP_DEBUG_FILTER, " EXT\n", 0, 0, 0 );
+ rc = test_mra_filter( op, e, f->f_mra );
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY, " unknown filter type %lu\n",
+ f->f_choice, 0, 0 );
+ rc = LDAP_PROTOCOL_ERROR;
+ }
+
+ Debug( LDAP_DEBUG_FILTER, "<= test_filter %d\n", rc, 0, 0 );
+ return( rc );
+}
+
+static int test_mra_filter(
+ Operation *op,
+ Entry *e,
+ MatchingRuleAssertion *mra )
+{
+ Attribute *a;
+ void *memctx;
+ BER_MEMFREE_FN *memfree;
+#ifdef LDAP_COMP_MATCH
+ int i, num_attr_vals = 0;
+#endif
+
+ if ( op == NULL ) {
+ memctx = NULL;
+ memfree = slap_sl_free;
+ } else {
+ memctx = op->o_tmpmemctx;
+ memfree = op->o_tmpfree;
+ }
+
+ if ( mra->ma_desc ) {
+ /*
+ * if ma_desc is available, then we're filtering for
+ * one attribute, and SEARCH permissions can be checked
+ * directly.
+ */
+ if ( !access_allowed( op, e,
+ mra->ma_desc, &mra->ma_value, ACL_SEARCH, NULL ) )
+ {
+ return LDAP_INSUFFICIENT_ACCESS;
+ }
+
+ if ( mra->ma_desc == slap_schema.si_ad_entryDN ) {
+ int ret, rc;
+ const char *text;
+
+ rc = value_match( &ret, slap_schema.si_ad_entryDN, mra->ma_rule,
+ SLAP_MR_EXT, &e->e_nname, &mra->ma_value, &text );
+
+
+ if( rc != LDAP_SUCCESS ) return rc;
+ if ( ret == 0 ) return LDAP_COMPARE_TRUE;
+ return LDAP_COMPARE_FALSE;
+ }
+
+ for ( a = attrs_find( e->e_attrs, mra->ma_desc );
+ a != NULL;
+ a = attrs_find( a->a_next, mra->ma_desc ) )
+ {
+ struct berval *bv;
+ int normalize_attribute = 0;
+
+#ifdef LDAP_COMP_MATCH
+ /* Component Matching */
+ if ( mra->ma_cf && mra->ma_rule->smr_usage & SLAP_MR_COMPONENT ) {
+ num_attr_vals = 0;
+ if ( !a->a_comp_data ) {
+ for ( ;
+ !BER_BVISNULL( &a->a_vals[num_attr_vals] );
+ num_attr_vals++ )
+ {
+ /* empty */;
+ }
+ if ( num_attr_vals <= 0 ) {
+ /* no attribute value */
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+ num_attr_vals++;
+
+ /* following malloced will be freed by comp_tree_free () */
+ a->a_comp_data = malloc( sizeof( ComponentData ) +
+ sizeof( ComponentSyntaxInfo* )*num_attr_vals );
+
+ if ( !a->a_comp_data ) return LDAP_NO_MEMORY;
+ a->a_comp_data->cd_tree = (ComponentSyntaxInfo**)
+ ((char*)a->a_comp_data + sizeof(ComponentData));
+ a->a_comp_data->cd_tree[num_attr_vals - 1] =
+ (ComponentSyntaxInfo*) NULL;
+ a->a_comp_data->cd_mem_op =
+ nibble_mem_allocator( 1024*16, 1024 );
+ }
+ }
+#endif
+
+ /* If ma_rule is not the same as the attribute's
+ * normal rule, then we can't use the a_nvals.
+ */
+ if ( mra->ma_rule == a->a_desc->ad_type->sat_equality ) {
+ bv = a->a_nvals;
+
+ } else {
+ bv = a->a_vals;
+ normalize_attribute = 1;
+ }
+#ifdef LDAP_COMP_MATCH
+ i = 0;
+#endif
+ for ( ; !BER_BVISNULL( bv ); bv++ ) {
+ int ret;
+ int rc;
+ const char *text;
+
+#ifdef LDAP_COMP_MATCH
+ if ( mra->ma_cf &&
+ mra->ma_rule->smr_usage & SLAP_MR_COMPONENT )
+ {
+ /* Check if decoded component trees are already linked */
+ if ( num_attr_vals ) {
+ a->a_comp_data->cd_tree[i] = attr_converter(
+ a, a->a_desc->ad_type->sat_syntax, bv );
+ }
+ /* decoding error */
+ if ( !a->a_comp_data->cd_tree[i] ) {
+ return LDAP_OPERATIONS_ERROR;
+ }
+ rc = value_match( &ret, a->a_desc, mra->ma_rule,
+ SLAP_MR_COMPONENT,
+ (struct berval*)a->a_comp_data->cd_tree[i++],
+ (void*)mra, &text );
+ } else
+#endif
+ {
+ struct berval nbv = BER_BVNULL;
+
+ if ( normalize_attribute && mra->ma_rule->smr_normalize ) {
+ /*
+
+ Document: draft-ietf-ldapbis-protocol
+
+ 4.5.1. Search Request
+ ...
+ If the type field is present and the matchingRule is present,
+ the matchValue is compared against entry attributes of the
+ specified type. In this case, the matchingRule MUST be one
+ suitable for use with the specified type (see [Syntaxes]),
+ otherwise the filter item is Undefined.
+
+
+ In this case, since the matchingRule requires the assertion
+ value to be normalized, we normalize the attribute value
+ according to the syntax of the matchingRule.
+
+ This should likely be done inside value_match(), by passing
+ the appropriate flags, but this is not done at present.
+ See ITS#3406.
+ */
+ if ( mra->ma_rule->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ mra->ma_rule->smr_syntax,
+ mra->ma_rule,
+ bv, &nbv, memctx ) != LDAP_SUCCESS )
+ {
+ /* FIXME: stop processing? */
+ continue;
+ }
+
+ } else {
+ nbv = *bv;
+ }
+
+ rc = value_match( &ret, a->a_desc, mra->ma_rule,
+ SLAP_MR_EXT, &nbv, &mra->ma_value, &text );
+
+ if ( nbv.bv_val != bv->bv_val ) {
+ memfree( nbv.bv_val, memctx );
+ }
+ }
+
+ if ( rc != LDAP_SUCCESS ) return rc;
+ if ( ret == 0 ) return LDAP_COMPARE_TRUE;
+ }
+ }
+
+ } else {
+ /*
+ * No attribute description: test all
+ */
+ for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+ struct berval *bv, value;
+ const char *text = NULL;
+ int rc;
+ int normalize_attribute = 0;
+
+ /* check if matching is appropriate */
+ if ( !mr_usable_with_at( mra->ma_rule, a->a_desc->ad_type ) ) {
+ continue;
+ }
+
+ /* normalize for equality */
+ rc = asserted_value_validate_normalize( a->a_desc, mra->ma_rule,
+ SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ &mra->ma_value, &value, &text, memctx );
+ if ( rc != LDAP_SUCCESS ) continue;
+
+ /* check search access */
+ if ( !access_allowed( op, e,
+ a->a_desc, &value, ACL_SEARCH, NULL ) )
+ {
+ memfree( value.bv_val, memctx );
+ continue;
+ }
+#ifdef LDAP_COMP_MATCH
+ /* Component Matching */
+ if ( mra->ma_cf &&
+ mra->ma_rule->smr_usage & SLAP_MR_COMPONENT )
+ {
+ int ret;
+
+ rc = value_match( &ret, a->a_desc, mra->ma_rule,
+ SLAP_MR_COMPONENT,
+ (struct berval*)a, (void*)mra, &text );
+ if ( rc != LDAP_SUCCESS ) break;
+
+ if ( ret == 0 ) {
+ rc = LDAP_COMPARE_TRUE;
+ break;
+ }
+
+ }
+#endif
+
+ /* check match */
+ if ( mra->ma_rule == a->a_desc->ad_type->sat_equality ) {
+ bv = a->a_nvals;
+
+ } else {
+ bv = a->a_vals;
+ normalize_attribute = 1;
+ }
+
+ for ( ; !BER_BVISNULL( bv ); bv++ ) {
+ int ret;
+ struct berval nbv = BER_BVNULL;
+
+ if ( normalize_attribute && mra->ma_rule->smr_normalize ) {
+ /* see comment above */
+ if ( mra->ma_rule->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ mra->ma_rule->smr_syntax,
+ mra->ma_rule,
+ bv, &nbv, memctx ) != LDAP_SUCCESS )
+ {
+ /* FIXME: stop processing? */
+ continue;
+ }
+
+ } else {
+ nbv = *bv;
+ }
+
+ rc = value_match( &ret, a->a_desc, mra->ma_rule,
+ SLAP_MR_EXT, &nbv, &value, &text );
+
+ if ( nbv.bv_val != bv->bv_val ) {
+ memfree( nbv.bv_val, memctx );
+ }
+
+ if ( rc != LDAP_SUCCESS ) break;
+
+ if ( ret == 0 ) {
+ rc = LDAP_COMPARE_TRUE;
+ break;
+ }
+ }
+ memfree( value.bv_val, memctx );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ }
+ }
+
+ /* check attrs in DN AVAs if required */
+ if ( mra->ma_dnattrs && !BER_BVISEMPTY( &e->e_nname ) ) {
+ LDAPDN dn = NULL;
+ int iRDN, iAVA;
+ int rc;
+
+ /* parse and pretty the dn */
+ rc = dnPrettyDN( NULL, &e->e_name, &dn, memctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* for each AVA of each RDN ... */
+ for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
+ LDAPRDN rdn = dn[ iRDN ];
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+ struct berval *bv = &ava->la_value,
+ value = BER_BVNULL,
+ nbv = BER_BVNULL;
+ AttributeDescription *ad =
+ (AttributeDescription *)ava->la_private;
+ int ret;
+ const char *text;
+
+ assert( ad != NULL );
+
+ if ( mra->ma_desc ) {
+ /* have a mra type? check for subtype */
+ if ( !is_ad_subtype( ad, mra->ma_desc ) ) {
+ continue;
+ }
+ value = mra->ma_value;
+
+ } else {
+ const char *text = NULL;
+
+ /* check if matching is appropriate */
+ if ( !mr_usable_with_at( mra->ma_rule, ad->ad_type ) ) {
+ continue;
+ }
+
+ /* normalize for equality */
+ rc = asserted_value_validate_normalize( ad,
+ mra->ma_rule,
+ SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ &mra->ma_value, &value, &text, memctx );
+ if ( rc != LDAP_SUCCESS ) continue;
+
+ /* check search access */
+ if ( !access_allowed( op, e,
+ ad, &value, ACL_SEARCH, NULL ) )
+ {
+ memfree( value.bv_val, memctx );
+ continue;
+ }
+ }
+
+ if ( mra->ma_rule->smr_normalize ) {
+ /* see comment above */
+ if ( mra->ma_rule->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ mra->ma_rule->smr_syntax,
+ mra->ma_rule,
+ bv, &nbv, memctx ) != LDAP_SUCCESS )
+ {
+ /* FIXME: stop processing? */
+ rc = LDAP_SUCCESS;
+ ret = -1;
+ goto cleanup;
+ }
+
+ } else {
+ nbv = *bv;
+ }
+
+ /* check match */
+ rc = value_match( &ret, ad, mra->ma_rule, SLAP_MR_EXT,
+ &nbv, &value, &text );
+
+cleanup:;
+ if ( !BER_BVISNULL( &value ) && value.bv_val != mra->ma_value.bv_val ) {
+ memfree( value.bv_val, memctx );
+ }
+
+ if ( !BER_BVISNULL( &nbv ) && nbv.bv_val != bv->bv_val ) {
+ memfree( nbv.bv_val, memctx );
+ }
+
+ if ( rc == LDAP_SUCCESS && ret == 0 ) rc = LDAP_COMPARE_TRUE;
+
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, memctx );
+ return rc;
+ }
+ }
+ }
+ ldap_dnfree_x( dn, memctx );
+ }
+
+ return LDAP_COMPARE_FALSE;
+}
+
+static int
+test_ava_filter(
+ Operation *op,
+ Entry *e,
+ AttributeAssertion *ava,
+ int type )
+{
+ int rc;
+ Attribute *a;
+#ifdef LDAP_COMP_MATCH
+ int i, num_attr_vals = 0;
+ AttributeAliasing *a_alias = NULL;
+#endif
+
+ if ( !access_allowed( op, e,
+ ava->aa_desc, &ava->aa_value, ACL_SEARCH, NULL ) )
+ {
+ return LDAP_INSUFFICIENT_ACCESS;
+ }
+
+ if ( ava->aa_desc == slap_schema.si_ad_hasSubordinates
+ && op && op->o_bd && op->o_bd->be_has_subordinates )
+ {
+ int hasSubordinates;
+ struct berval hs;
+
+ if( type != LDAP_FILTER_EQUALITY &&
+ type != LDAP_FILTER_APPROX )
+ {
+ /* No other match is allowed */
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ if ( op->o_bd->be_has_subordinates( op, e, &hasSubordinates ) !=
+ LDAP_SUCCESS )
+ {
+ return LDAP_OTHER;
+ }
+
+ if ( hasSubordinates == LDAP_COMPARE_TRUE ) {
+ hs = slap_true_bv;
+
+ } else if ( hasSubordinates == LDAP_COMPARE_FALSE ) {
+ hs = slap_false_bv;
+
+ } else {
+ return LDAP_OTHER;
+ }
+
+ if ( bvmatch( &ava->aa_value, &hs ) ) return LDAP_COMPARE_TRUE;
+ return LDAP_COMPARE_FALSE;
+ }
+
+ if ( ava->aa_desc == slap_schema.si_ad_entryDN ) {
+ MatchingRule *mr;
+ int rc, match;
+ const char *text;
+
+ if( type != LDAP_FILTER_EQUALITY &&
+ type != LDAP_FILTER_APPROX )
+ {
+ /* No other match is allowed */
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ mr = slap_schema.si_ad_entryDN->ad_type->sat_equality;
+ assert( mr != NULL );
+
+ rc = value_match( &match, slap_schema.si_ad_entryDN, mr,
+ SLAP_MR_EXT, &e->e_nname, &ava->aa_value, &text );
+
+ if( rc != LDAP_SUCCESS ) return rc;
+ if( match == 0 ) return LDAP_COMPARE_TRUE;
+ return LDAP_COMPARE_FALSE;
+ }
+
+ rc = LDAP_COMPARE_FALSE;
+
+#ifdef LDAP_COMP_MATCH
+ if ( is_aliased_attribute && ava->aa_cf )
+ {
+ a_alias = is_aliased_attribute ( ava->aa_desc );
+ if ( a_alias )
+ ava->aa_desc = a_alias->aa_aliased_ad;
+ else
+ ava->aa_cf = NULL;
+ }
+#endif
+
+ for(a = attrs_find( e->e_attrs, ava->aa_desc );
+ a != NULL;
+ a = attrs_find( a->a_next, ava->aa_desc ) )
+ {
+ int use;
+ MatchingRule *mr;
+ struct berval *bv;
+
+ if (( ava->aa_desc != a->a_desc ) && !access_allowed( op,
+ e, a->a_desc, &ava->aa_value, ACL_SEARCH, NULL ))
+ {
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ continue;
+ }
+
+ use = SLAP_MR_EQUALITY;
+
+ switch ( type ) {
+ case LDAP_FILTER_APPROX:
+ use = SLAP_MR_EQUALITY_APPROX;
+ mr = a->a_desc->ad_type->sat_approx;
+ if( mr != NULL ) break;
+
+ /* fallthru: use EQUALITY matching rule if no APPROX rule */
+
+ case LDAP_FILTER_EQUALITY:
+ /* use variable set above so fall thru use is not clobbered */
+ mr = a->a_desc->ad_type->sat_equality;
+ break;
+
+ case LDAP_FILTER_GE:
+ case LDAP_FILTER_LE:
+ use = SLAP_MR_ORDERING;
+ mr = a->a_desc->ad_type->sat_ordering;
+ break;
+
+ default:
+ mr = NULL;
+ }
+
+ if( mr == NULL ) {
+ rc = LDAP_INAPPROPRIATE_MATCHING;
+ continue;
+ }
+
+#ifdef LDAP_COMP_MATCH
+ if ( nibble_mem_allocator && ava->aa_cf && !a->a_comp_data ) {
+ /* Component Matching */
+ for ( num_attr_vals = 0; a->a_vals[num_attr_vals].bv_val != NULL; num_attr_vals++ );
+ if ( num_attr_vals <= 0 )/* no attribute value */
+ return LDAP_INAPPROPRIATE_MATCHING;
+ num_attr_vals++;/* for NULL termination */
+
+ /* following malloced will be freed by comp_tree_free () */
+ a->a_comp_data = malloc( sizeof( ComponentData ) + sizeof( ComponentSyntaxInfo* )*num_attr_vals );
+
+ if ( !a->a_comp_data ) {
+ return LDAP_NO_MEMORY;
+ }
+
+ a->a_comp_data->cd_tree = (ComponentSyntaxInfo**)((char*)a->a_comp_data + sizeof(ComponentData));
+ i = num_attr_vals;
+ for ( ; i ; i-- ) {
+ a->a_comp_data->cd_tree[ i-1 ] = (ComponentSyntaxInfo*)NULL;
+ }
+
+ a->a_comp_data->cd_mem_op = nibble_mem_allocator ( 1024*10*(num_attr_vals-1), 1024 );
+ if ( a->a_comp_data->cd_mem_op == NULL ) {
+ free ( a->a_comp_data );
+ a->a_comp_data = NULL;
+ return LDAP_OPERATIONS_ERROR;
+ }
+ }
+
+ i = 0;
+#endif
+
+ for ( bv = a->a_nvals; !BER_BVISNULL( bv ); bv++ ) {
+ int ret, match;
+ const char *text;
+
+#ifdef LDAP_COMP_MATCH
+ if( attr_converter && ava->aa_cf && a->a_comp_data ) {
+ /* Check if decoded component trees are already linked */
+ struct berval cf_bv = { 20, "componentFilterMatch" };
+ MatchingRule* cf_mr = mr_bvfind( &cf_bv );
+ MatchingRuleAssertion mra;
+ mra.ma_cf = ava->aa_cf;
+
+ if ( a->a_comp_data->cd_tree[i] == NULL )
+ a->a_comp_data->cd_tree[i] = attr_converter (a, a->a_desc->ad_type->sat_syntax, (a->a_vals + i));
+ /* decoding error */
+ if ( !a->a_comp_data->cd_tree[i] ) {
+ free_ComponentData ( a );
+ return LDAP_OPERATIONS_ERROR;
+ }
+
+ ret = value_match( &match, a->a_desc, cf_mr,
+ SLAP_MR_COMPONENT,
+ (struct berval*)a->a_comp_data->cd_tree[i++],
+ (void*)&mra, &text );
+ if ( ret == LDAP_INAPPROPRIATE_MATCHING ) {
+ /* cached component tree is broken, just remove it */
+ free_ComponentData ( a );
+ return ret;
+ }
+ if ( a_alias )
+ ava->aa_desc = a_alias->aa_aliasing_ad;
+
+ } else
+#endif
+ {
+ ret = value_match( &match, a->a_desc, mr, use,
+ bv, &ava->aa_value, &text );
+ }
+
+ if( ret != LDAP_SUCCESS ) {
+ rc = ret;
+ break;
+ }
+
+ switch ( type ) {
+ case LDAP_FILTER_EQUALITY:
+ case LDAP_FILTER_APPROX:
+ if ( match == 0 ) return LDAP_COMPARE_TRUE;
+ break;
+
+ case LDAP_FILTER_GE:
+ if ( match >= 0 ) return LDAP_COMPARE_TRUE;
+ break;
+
+ case LDAP_FILTER_LE:
+ if ( match <= 0 ) return LDAP_COMPARE_TRUE;
+ break;
+ }
+ }
+ }
+
+#ifdef LDAP_COMP_MATCH
+ if ( a_alias )
+ ava->aa_desc = a_alias->aa_aliasing_ad;
+#endif
+
+ return rc;
+}
+
+
+static int
+test_presence_filter(
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc )
+{
+ Attribute *a;
+ int rc;
+
+ if ( !access_allowed( op, e, desc, NULL, ACL_SEARCH, NULL ) ) {
+ return LDAP_INSUFFICIENT_ACCESS;
+ }
+
+ if ( desc == slap_schema.si_ad_hasSubordinates ) {
+ /*
+ * XXX: fairly optimistic: if the function is defined,
+ * then PRESENCE must succeed, because hasSubordinate
+ * is boolean-valued; I think we may live with this
+ * simplification by now.
+ */
+ if ( op && op->o_bd && op->o_bd->be_has_subordinates ) {
+ return LDAP_COMPARE_TRUE;
+ }
+
+ return LDAP_COMPARE_FALSE;
+ }
+
+ if ( desc == slap_schema.si_ad_entryDN ||
+ desc == slap_schema.si_ad_subschemaSubentry )
+ {
+ /* entryDN and subschemaSubentry are always present */
+ return LDAP_COMPARE_TRUE;
+ }
+
+ rc = LDAP_COMPARE_FALSE;
+
+ for(a = attrs_find( e->e_attrs, desc );
+ a != NULL;
+ a = attrs_find( a->a_next, desc ) )
+ {
+ if (( desc != a->a_desc ) && !access_allowed( op,
+ e, a->a_desc, NULL, ACL_SEARCH, NULL ))
+ {
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ continue;
+ }
+
+ rc = LDAP_COMPARE_TRUE;
+ break;
+ }
+
+ return rc;
+}
+
+
+static int
+test_filter_and(
+ Operation *op,
+ Entry *e,
+ Filter *flist )
+{
+ Filter *f;
+ int rtn = LDAP_COMPARE_TRUE; /* True if empty */
+
+ Debug( LDAP_DEBUG_FILTER, "=> test_filter_and\n", 0, 0, 0 );
+
+ for ( f = flist; f != NULL; f = f->f_next ) {
+ int rc = test_filter( op, e, f );
+
+ if ( rc == LDAP_COMPARE_FALSE ) {
+ /* filter is False */
+ rtn = rc;
+ break;
+ }
+
+ if ( rc != LDAP_COMPARE_TRUE ) {
+ /* filter is Undefined unless later elements are False */
+ rtn = rc;
+ }
+ }
+
+ Debug( LDAP_DEBUG_FILTER, "<= test_filter_and %d\n", rtn, 0, 0 );
+
+ return rtn;
+}
+
+static int
+test_filter_or(
+ Operation *op,
+ Entry *e,
+ Filter *flist )
+{
+ Filter *f;
+ int rtn = LDAP_COMPARE_FALSE; /* False if empty */
+
+ Debug( LDAP_DEBUG_FILTER, "=> test_filter_or\n", 0, 0, 0 );
+
+ for ( f = flist; f != NULL; f = f->f_next ) {
+ int rc = test_filter( op, e, f );
+
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ /* filter is True */
+ rtn = rc;
+ break;
+ }
+
+ if ( rc != LDAP_COMPARE_FALSE ) {
+ /* filter is Undefined unless later elements are True */
+ rtn = rc;
+ }
+ }
+
+ Debug( LDAP_DEBUG_FILTER, "<= test_filter_or %d\n", rtn, 0, 0 );
+ return rtn;
+}
+
+
+static int
+test_substrings_filter(
+ Operation *op,
+ Entry *e,
+ Filter *f )
+{
+ Attribute *a;
+ int rc;
+
+ Debug( LDAP_DEBUG_FILTER, "begin test_substrings_filter\n", 0, 0, 0 );
+
+ if ( !access_allowed( op, e,
+ f->f_sub_desc, NULL, ACL_SEARCH, NULL ) )
+ {
+ return LDAP_INSUFFICIENT_ACCESS;
+ }
+
+ rc = LDAP_COMPARE_FALSE;
+
+ for(a = attrs_find( e->e_attrs, f->f_sub_desc );
+ a != NULL;
+ a = attrs_find( a->a_next, f->f_sub_desc ) )
+ {
+ MatchingRule *mr;
+ struct berval *bv;
+
+ if (( f->f_sub_desc != a->a_desc ) && !access_allowed( op,
+ e, a->a_desc, NULL, ACL_SEARCH, NULL ))
+ {
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ continue;
+ }
+
+ mr = a->a_desc->ad_type->sat_substr;
+ if( mr == NULL ) {
+ rc = LDAP_INAPPROPRIATE_MATCHING;
+ continue;
+ }
+
+ for ( bv = a->a_nvals; !BER_BVISNULL( bv ); bv++ ) {
+ int ret, match;
+ const char *text;
+
+ ret = value_match( &match, a->a_desc, mr, SLAP_MR_SUBSTR,
+ bv, f->f_sub, &text );
+
+ if( ret != LDAP_SUCCESS ) {
+ rc = ret;
+ break;
+ }
+ if ( match == 0 ) return LDAP_COMPARE_TRUE;
+ }
+ }
+
+ Debug( LDAP_DEBUG_FILTER, "end test_substrings_filter %d\n",
+ rc, 0, 0 );
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/frontend.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/frontend.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/frontend.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,135 @@
+/* frontend.c - routines for dealing with frontend */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <sys/stat.h>
+
+#include "slap.h"
+#include "lutil.h"
+#include "lber_pvt.h"
+
+#include "ldap_rq.h"
+
+static BackendInfo slap_frontendInfo;
+static BackendDB slap_frontendDB;
+BackendDB *frontendDB;
+
+int
+frontend_init( void )
+{
+ /* data */
+ frontendDB = &slap_frontendDB;
+
+ /* ACLs */
+ frontendDB->be_dfltaccess = ACL_READ;
+
+ /* limits */
+ frontendDB->be_def_limit.lms_t_soft = SLAPD_DEFAULT_TIMELIMIT; /* backward compatible limits */
+ frontendDB->be_def_limit.lms_t_hard = 0;
+ frontendDB->be_def_limit.lms_s_soft = SLAPD_DEFAULT_SIZELIMIT; /* backward compatible limits */
+ frontendDB->be_def_limit.lms_s_hard = 0;
+ frontendDB->be_def_limit.lms_s_unchecked = -1; /* no limit on unchecked size */
+ frontendDB->be_def_limit.lms_s_pr = 0; /* page limit */
+ frontendDB->be_def_limit.lms_s_pr_hide = 0; /* don't hide number of entries left */
+ frontendDB->be_def_limit.lms_s_pr_total = 0; /* number of total entries returned by pagedResults equal to hard limit */
+
+#if 0
+ /* FIXME: do we need this? */
+ frontendDB->be_pcl_mutexp = &frontendDB->be_pcl_mutex;
+ ldap_pvt_thread_mutex_init( frontendDB->be_pcl_mutexp );
+#endif
+
+ /* suffix */
+ frontendDB->be_suffix = ch_calloc( 2, sizeof( struct berval ) );
+ ber_str2bv( "", 0, 1, &frontendDB->be_suffix[0] );
+ BER_BVZERO( &frontendDB->be_suffix[1] );
+ frontendDB->be_nsuffix = ch_calloc( 2, sizeof( struct berval ) );
+ ber_str2bv( "", 0, 1, &frontendDB->be_nsuffix[0] );
+ BER_BVZERO( &frontendDB->be_nsuffix[1] );
+
+ /* info */
+ frontendDB->bd_info = &slap_frontendInfo;
+
+ SLAP_BFLAGS(frontendDB) |= SLAP_BFLAG_FRONTEND;
+
+ /* name */
+ frontendDB->bd_info->bi_type = "frontend";
+
+ /* known controls */
+ if ( slap_known_controls ) {
+ int i;
+
+ frontendDB->bd_info->bi_controls = slap_known_controls;
+
+ for ( i = 0; slap_known_controls[ i ]; i++ ) {
+ int cid;
+
+ if ( slap_find_control_id( slap_known_controls[ i ], &cid )
+ == LDAP_CONTROL_NOT_FOUND )
+ {
+ assert( 0 );
+ return -1;
+ }
+
+ frontendDB->bd_info->bi_ctrls[ cid ] = 1;
+ frontendDB->be_ctrls[ cid ] = 1;
+ }
+ }
+
+ /* calls */
+ frontendDB->bd_info->bi_op_abandon = fe_op_abandon;
+ frontendDB->bd_info->bi_op_add = fe_op_add;
+ frontendDB->bd_info->bi_op_bind = fe_op_bind;
+ frontendDB->bd_info->bi_op_compare = fe_op_compare;
+ frontendDB->bd_info->bi_op_delete = fe_op_delete;
+ frontendDB->bd_info->bi_op_modify = fe_op_modify;
+ frontendDB->bd_info->bi_op_modrdn = fe_op_modrdn;
+ frontendDB->bd_info->bi_op_search = fe_op_search;
+ frontendDB->bd_info->bi_extended = fe_extended;
+ frontendDB->bd_info->bi_operational = fe_aux_operational;
+#if 0
+ frontendDB->bd_info->bi_entry_get_rw = fe_entry_get_rw;
+ frontendDB->bd_info->bi_entry_release_rw = fe_entry_release_rw;
+#endif
+#ifdef SLAP_OVERLAY_ACCESS
+ frontendDB->bd_info->bi_access_allowed = fe_access_allowed;
+ frontendDB->bd_info->bi_acl_group = fe_acl_group;
+ frontendDB->bd_info->bi_acl_attribute = fe_acl_attribute;
+#endif /* SLAP_OVERLAY_ACCESS */
+
+#if 0
+ /* FIXME: is this too early? */
+ return backend_startup_one( frontendDB );
+#endif
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/globals.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/globals.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/globals.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,38 @@
+/* globals.c - various global variables */
+/* $OpenLDAP: pkg/ldap/servers/slapd/globals.c,v 1.13.2.3 2007/01/02 21:43:56 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <ac/string.h>
+#include "lber_pvt.h"
+
+#include "slap.h"
+
+
+/*
+ * Global variables, in general, should be declared in the file
+ * primarily responsible for its management. Configurable globals
+ * belong in config.c. Variables declared here have no other
+ * sensible home.
+ */
+
+const struct berval slap_empty_bv = BER_BVC("");
+const struct berval slap_unknown_bv = BER_BVC("unknown");
+
+/* normalized boolean values */
+const struct berval slap_true_bv = BER_BVC("TRUE");
+const struct berval slap_false_bv = BER_BVC("FALSE");
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/index.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/index.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/index.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,91 @@
+/* index.c - index utilities */
+/* $OpenLDAP: pkg/ldap/servers/slapd/index.c,v 1.13.2.5 2007/01/02 21:43:56 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+#include <lutil.h>
+
+#include "slap.h"
+
+static slap_verbmasks idxstr[] = {
+ { BER_BVC("pres"), SLAP_INDEX_PRESENT },
+ { BER_BVC("eq"), SLAP_INDEX_EQUALITY },
+ { BER_BVC("approx"), SLAP_INDEX_APPROX },
+ { BER_BVC("subinitial"), SLAP_INDEX_SUBSTR_INITIAL },
+ { BER_BVC("subany"), SLAP_INDEX_SUBSTR_ANY },
+ { BER_BVC("subfinal"), SLAP_INDEX_SUBSTR_FINAL },
+ { BER_BVC("sub"), SLAP_INDEX_SUBSTR_DEFAULT },
+ { BER_BVC("substr"), 0 },
+ { BER_BVC("notags"), SLAP_INDEX_NOTAGS },
+ { BER_BVC("nolang"), 0 }, /* backwards compat */
+ { BER_BVC("nosubtypes"), SLAP_INDEX_NOSUBTYPES },
+ { BER_BVNULL, 0 }
+};
+
+
+int slap_str2index( const char *str, slap_mask_t *idx )
+{
+ int i;
+
+ i = verb_to_mask( str, idxstr );
+ if ( BER_BVISNULL(&idxstr[i].word) ) return LDAP_OTHER;
+ while ( !idxstr[i].mask ) i--;
+ *idx = idxstr[i].mask;
+
+
+ return LDAP_SUCCESS;
+}
+
+void slap_index2bvlen( slap_mask_t idx, struct berval *bv )
+{
+ int i;
+
+ bv->bv_len = 0;
+
+ for ( i=0; !BER_BVISNULL( &idxstr[i].word ); i++ ) {
+ if ( !idxstr[i].mask ) continue;
+ if ( IS_SLAP_INDEX( idx, idxstr[i].mask )) {
+ if ( (idxstr[i].mask & SLAP_INDEX_SUBSTR) &&
+ ((idx & SLAP_INDEX_SUBSTR_DEFAULT) != idxstr[i].mask))
+ continue;
+ if ( bv->bv_len ) bv->bv_len++;
+ bv->bv_len += idxstr[i].word.bv_len;
+ }
+ }
+}
+
+/* caller must provide buffer space, after calling index2bvlen */
+void slap_index2bv( slap_mask_t idx, struct berval *bv )
+{
+ int i;
+ char *ptr;
+
+ if ( !bv->bv_len ) return;
+
+ ptr = bv->bv_val;
+ for ( i=0; !BER_BVISNULL( &idxstr[i].word ); i++ ) {
+ if ( !idxstr[i].mask ) continue;
+ if ( IS_SLAP_INDEX( idx, idxstr[i].mask )) {
+ if ( (idxstr[i].mask & SLAP_INDEX_SUBSTR) &&
+ ((idx & SLAP_INDEX_SUBSTR_DEFAULT) != idxstr[i].mask))
+ continue;
+ if ( ptr != bv->bv_val ) *ptr++ = ',';
+ ptr = lutil_strcopy( ptr, idxstr[i].word.bv_val );
+ }
+ }
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/init.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/init.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/init.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,346 @@
+/* init.c - initialize various things */
+/* $OpenLDAP: pkg/ldap/servers/slapd/init.c,v 1.81.2.16 2007/01/25 12:42:38 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "slap.h"
+#include "lber_pvt.h"
+#ifdef LDAP_SLAPI
+#include "slapi/slapi.h"
+#endif
+
+#include "ldap_rq.h"
+
+/*
+ * read-only global variables or variables only written by the listener
+ * thread (after they are initialized) - no need to protect them with a mutex.
+ */
+int slap_debug = 0;
+
+#ifdef LDAP_DEBUG
+int ldap_syslog = LDAP_DEBUG_STATS;
+#else
+int ldap_syslog;
+#endif
+
+#ifdef LOG_DEBUG
+int ldap_syslog_level = LOG_DEBUG;
+#endif
+
+BerVarray default_referral = NULL;
+
+struct berval AllUser = BER_BVC( LDAP_ALL_USER_ATTRIBUTES );
+struct berval AllOper = BER_BVC( LDAP_ALL_OPERATIONAL_ATTRIBUTES );
+struct berval NoAttrs = BER_BVC( LDAP_NO_ATTRS );
+
+/*
+ * global variables that need mutex protection
+ */
+ldap_pvt_thread_pool_t connection_pool;
+int connection_pool_max = SLAP_MAX_WORKER_THREADS;
+int slap_tool_thread_max = 1;
+#ifndef HAVE_GMTIME_R
+ldap_pvt_thread_mutex_t gmtime_mutex;
+#endif
+
+slap_counters_t slap_counters;
+
+/*
+ * these mutexes must be used when calling the entry2str()
+ * routine since it returns a pointer to static data.
+ */
+ldap_pvt_thread_mutex_t entry2str_mutex;
+ldap_pvt_thread_mutex_t replog_mutex;
+
+static const char* slap_name = NULL;
+int slapMode = SLAP_UNDEFINED_MODE;
+
+int
+slap_init( int mode, const char *name )
+{
+ int rc;
+ int i;
+
+ assert( mode );
+
+ if ( slapMode != SLAP_UNDEFINED_MODE ) {
+ /* Make sure we write something to stderr */
+ ldap_debug |= 1;
+ Debug( LDAP_DEBUG_ANY,
+ "%s init: init called twice (old=%d, new=%d)\n",
+ name, slapMode, mode );
+
+ return 1;
+ }
+
+ slapMode = mode;
+
+#ifdef SLAPD_MODULES
+ if ( module_init() != 0 ) {
+ ldap_debug |= 1;
+ Debug( LDAP_DEBUG_ANY,
+ "%s: module_init failed\n",
+ name, 0, 0 );
+ return 1;
+ }
+#endif
+
+ if ( slap_schema_init( ) != 0 ) {
+ ldap_debug |= 1;
+ Debug( LDAP_DEBUG_ANY,
+ "%s: slap_schema_init failed\n",
+ name, 0, 0 );
+ return 1;
+ }
+
+
+ switch ( slapMode & SLAP_MODE ) {
+ case SLAP_SERVER_MODE:
+
+ /* FALLTHRU */
+ case SLAP_TOOL_MODE:
+ Debug( LDAP_DEBUG_TRACE,
+ "%s init: initiated %s.\n", name,
+ (mode & SLAP_MODE) == SLAP_TOOL_MODE ? "tool" : "server",
+ 0 );
+
+ slap_name = name;
+
+ ldap_pvt_thread_pool_init( &connection_pool,
+ connection_pool_max, 0);
+ ldap_pvt_thread_mutex_init( &entry2str_mutex );
+ ldap_pvt_thread_mutex_init( &replog_mutex );
+
+ ldap_pvt_thread_mutex_init( &slap_counters.sc_sent_mutex );
+ ldap_pvt_thread_mutex_init( &slap_counters.sc_ops_mutex );
+ ldap_pvt_mp_init( slap_counters.sc_bytes );
+ ldap_pvt_mp_init( slap_counters.sc_pdu );
+ ldap_pvt_mp_init( slap_counters.sc_entries );
+ ldap_pvt_mp_init( slap_counters.sc_refs );
+
+ ldap_pvt_mp_init( slap_counters.sc_ops_initiated );
+ ldap_pvt_mp_init( slap_counters.sc_ops_completed );
+
+ ldap_pvt_thread_mutex_init( &slapd_rq.rq_mutex );
+ LDAP_STAILQ_INIT( &slapd_rq.task_list );
+ LDAP_STAILQ_INIT( &slapd_rq.run_list );
+
+#ifdef SLAPD_MONITOR
+ for ( i = 0; i < SLAP_OP_LAST; i++ ) {
+ ldap_pvt_mp_init( slap_counters.sc_ops_initiated_[ i ] );
+ ldap_pvt_mp_init( slap_counters.sc_ops_completed_[ i ] );
+ }
+#endif /* SLAPD_MONITOR */
+
+#ifndef HAVE_GMTIME_R
+ ldap_pvt_thread_mutex_init( &gmtime_mutex );
+#endif
+ slap_passwd_init();
+
+ rc = slap_sasl_init();
+
+ if( rc == 0 ) {
+ rc = backend_init( );
+ }
+ if ( rc )
+ return rc;
+
+ break;
+
+ default:
+ ldap_debug |= 1;
+ Debug( LDAP_DEBUG_ANY,
+ "%s init: undefined mode (%d).\n", name, mode, 0 );
+
+ rc = 1;
+ break;
+ }
+
+ if ( slap_controls_init( ) != 0 ) {
+ ldap_debug |= 1;
+ Debug( LDAP_DEBUG_ANY,
+ "%s: slap_controls_init failed\n",
+ name, 0, 0 );
+ return 1;
+ }
+
+#ifdef HAVE_TLS
+ /* Library defaults to full certificate checking. This is correct when
+ * a client is verifying a server because all servers should have a
+ * valid cert. But few clients have valid certs, so we want our default
+ * to be no checking. The config file can override this as usual.
+ */
+ rc = 0;
+ (void) ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
+#endif
+
+ if ( frontend_init() ) {
+ ldap_debug |= 1;
+ Debug( LDAP_DEBUG_ANY,
+ "%s: frontend_init failed\n",
+ name, 0, 0 );
+ return 1;
+ }
+
+ if ( overlay_init() ) {
+ ldap_debug |= 1;
+ Debug( LDAP_DEBUG_ANY,
+ "%s: overlay_init failed\n",
+ name, 0, 0 );
+ return 1;
+ }
+
+ if ( glue_sub_init() ) {
+ ldap_debug |= 1;
+ Debug( LDAP_DEBUG_ANY,
+ "%s: glue/subordinate init failed\n",
+ name, 0, 0 );
+
+ return 1;
+ }
+
+ if ( acl_init() ) {
+ ldap_debug |= 1;
+ Debug( LDAP_DEBUG_ANY,
+ "%s: acl_init failed\n",
+ name, 0, 0 );
+ return 1;
+ }
+
+ return rc;
+}
+
+int slap_startup( Backend *be )
+{
+ int rc;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "%s startup: initiated.\n",
+ slap_name, 0, 0 );
+
+
+ rc = backend_startup( be );
+
+#ifdef LDAP_SLAPI
+ if( rc == 0 ) {
+ Slapi_PBlock *pb = slapi_pblock_new();
+
+ if ( slapi_int_call_plugins( frontendDB, SLAPI_PLUGIN_START_FN, pb ) < 0 ) {
+ rc = -1;
+ }
+ slapi_pblock_destroy( pb );
+ }
+#endif /* LDAP_SLAPI */
+
+ return rc;
+}
+
+int slap_shutdown( Backend *be )
+{
+ int rc;
+#ifdef LDAP_SLAPI
+ Slapi_PBlock *pb;
+#endif
+
+ Debug( LDAP_DEBUG_TRACE,
+ "%s shutdown: initiated\n",
+ slap_name, 0, 0 );
+
+ /* let backends do whatever cleanup they need to do */
+ rc = backend_shutdown( be );
+
+#ifdef LDAP_SLAPI
+ pb = slapi_pblock_new();
+ (void) slapi_int_call_plugins( frontendDB, SLAPI_PLUGIN_CLOSE_FN, pb );
+ slapi_pblock_destroy( pb );
+#endif /* LDAP_SLAPI */
+
+ return rc;
+}
+
+int slap_destroy(void)
+{
+ int rc;
+ int i;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "%s destroy: freeing system resources.\n",
+ slap_name, 0, 0 );
+
+ if ( default_referral ) {
+ ber_bvarray_free( default_referral );
+ }
+
+ /* clear out any thread-keys for the main thread */
+ ldap_pvt_thread_pool_context_reset( ldap_pvt_thread_pool_context());
+
+ rc = backend_destroy();
+
+ slap_sasl_destroy();
+
+ entry_destroy();
+
+ switch ( slapMode & SLAP_MODE ) {
+ case SLAP_SERVER_MODE:
+ case SLAP_TOOL_MODE:
+
+ ldap_pvt_thread_mutex_destroy( &slap_counters.sc_sent_mutex );
+ ldap_pvt_thread_mutex_destroy( &slap_counters.sc_ops_mutex );
+ ldap_pvt_mp_clear( slap_counters.sc_bytes );
+ ldap_pvt_mp_clear( slap_counters.sc_pdu );
+ ldap_pvt_mp_clear( slap_counters.sc_entries );
+ ldap_pvt_mp_clear( slap_counters.sc_refs );
+ ldap_pvt_mp_clear( slap_counters.sc_ops_initiated );
+ ldap_pvt_mp_clear( slap_counters.sc_ops_completed );
+
+#ifdef SLAPD_MONITOR
+ for ( i = 0; i < SLAP_OP_LAST; i++ ) {
+ ldap_pvt_mp_clear( slap_counters.sc_ops_initiated_[ i ] );
+ ldap_pvt_mp_clear( slap_counters.sc_ops_completed_[ i ] );
+ }
+#endif /* SLAPD_MONITOR */
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "slap_destroy(): undefined mode (%d).\n", slapMode, 0, 0 );
+
+ rc = 1;
+ break;
+
+ }
+
+ ldap_pvt_thread_destroy();
+
+ /* should destory the above mutex */
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/kerberos.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/kerberos.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/kerberos.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,62 @@
+/* kerberos.c - ldbm backend kerberos bind routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/kerberos.c,v 1.12.2.4 2007/01/02 21:43:56 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+
+#include <stdio.h>
+
+#include <ac/krb.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+
+#define LDAP_KRB_PRINCIPAL "ldapserver"
+
+krbv4_ldap_auth(
+ Backend *be,
+ struct berval *cred,
+ AUTH_DAT *ad
+)
+{
+ KTEXT_ST k;
+ KTEXT ktxt = &k;
+ char instance[INST_SZ];
+ int err;
+
+ Debug( LDAP_DEBUG_TRACE, "=> kerberosv4_ldap_auth\n", 0, 0, 0 );
+
+ if( cred->len > sizeof(ktxt->dat) ) {
+ return LDAP_OTHER;
+ }
+
+ AC_MEMCPY( ktxt->dat, cred->bv_val, cred->bv_len );
+ ktxt->length = cred->bv_len;
+
+ strcpy( instance, "*" );
+ if ( (err = krb_rd_req( ktxt, LDAP_KRB_PRINCIPAL, instance, 0L, ad,
+ ldap_srvtab )) != KSUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "krb_rd_req failed (%s)\n",
+ krb_err_txt[err], 0, 0 );
+ return( LDAP_INVALID_CREDENTIALS );
+ }
+
+ return( LDAP_SUCCESS );
+}
+
+#endif /* kerberos */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/ldapsync.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/ldapsync.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/ldapsync.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,232 @@
+/* ldapsync.c -- LDAP Content Sync Routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ldapsync.c,v 1.21.2.9 2007/01/02 21:43:56 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "lutil.h"
+#include "slap.h"
+#include "../../libraries/liblber/lber-int.h" /* get ber_strndup() */
+#include "lutil_ldap.h"
+
+struct slap_sync_cookie_s slap_sync_cookie =
+ LDAP_STAILQ_HEAD_INITIALIZER( slap_sync_cookie );
+
+void
+slap_compose_sync_cookie(
+ Operation *op,
+ struct berval *cookie,
+ struct berval *csn,
+ int rid )
+{
+ char cookiestr[ LDAP_LUTIL_CSNSTR_BUFSIZE + 20 ];
+ int len;
+
+ if ( BER_BVISNULL( csn )) {
+ if ( rid == -1 ) {
+ cookiestr[0] = '\0';
+ len = 0;
+ } else {
+ len = snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20,
+ "rid=%03d", rid );
+ }
+ } else {
+ char *end = cookiestr + sizeof(cookiestr);
+ char *ptr = lutil_strcopy( cookiestr, "csn=" );
+ len = csn->bv_len;
+ if ( ptr + len >= end )
+ len = end - ptr;
+ ptr = lutil_strncopy( ptr, csn->bv_val, len );
+ if ( rid != -1 && ptr < end - STRLENOF(",rid=xxx") ) {
+ ptr += sprintf( ptr, ",rid=%03d", rid );
+ }
+ len = ptr - cookiestr;
+ }
+ ber_str2bv_x( cookiestr, len, 1, cookie,
+ op ? op->o_tmpmemctx : NULL );
+}
+
+void
+slap_sync_cookie_free(
+ struct sync_cookie *cookie,
+ int free_cookie
+)
+{
+ if ( cookie == NULL )
+ return;
+
+ if ( !BER_BVISNULL( &cookie->ctxcsn )) {
+ ch_free( cookie->ctxcsn.bv_val );
+ BER_BVZERO( &cookie->ctxcsn );
+ }
+
+ if ( !BER_BVISNULL( &cookie->octet_str )) {
+ ch_free( cookie->octet_str.bv_val );
+ BER_BVZERO( &cookie->octet_str );
+ }
+
+ if ( free_cookie ) {
+ ch_free( cookie );
+ }
+
+ return;
+}
+
+int
+slap_parse_sync_cookie(
+ struct sync_cookie *cookie,
+ void *memctx
+)
+{
+ char *csn_ptr;
+ char *csn_str;
+ int csn_str_len;
+ int valid = 0;
+ char *rid_ptr;
+ char *cval;
+ char *next;
+
+ if ( cookie == NULL )
+ return -1;
+
+ if ( cookie->octet_str.bv_len <= STRLENOF( "rid=" ) )
+ return -1;
+
+ cookie->rid = -1;
+ /* FIXME: may read past end of cookie->octet_str.bv_val */
+ rid_ptr = strstr( cookie->octet_str.bv_val, "rid=" );
+ if ( rid_ptr == NULL
+ || rid_ptr > &cookie->octet_str.bv_val[ cookie->octet_str.bv_len - STRLENOF( "rid=" ) ] )
+ {
+ return -1;
+ }
+
+ if ( rid_ptr[ STRLENOF( "rid=" ) ] == '-' ) {
+ return -1;
+ }
+
+ cookie->rid = strtoul( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 );
+ if ( next == &rid_ptr[ STRLENOF( "rid=" ) ] || ( next[ 0 ] != ',' && next[ 0 ] != '\0' ) ) {
+ return -1;
+ }
+
+ while (( csn_ptr = strstr( cookie->octet_str.bv_val, "csn=" )) != NULL ) {
+ AttributeDescription *ad = slap_schema.si_ad_modifyTimestamp;
+ slap_syntax_validate_func *validate;
+ struct berval stamp;
+
+ /* This only happens when called from main */
+ if ( ad == NULL )
+ break;
+
+ if ( csn_ptr >= &cookie->octet_str.bv_val[ cookie->octet_str.bv_len - STRLENOF( "csn=" ) ] ) {
+ return -1;
+ }
+
+ csn_str = csn_ptr + STRLENOF("csn=");
+ cval = strchr( csn_str, ',' );
+ if ( cval && cval < &cookie->octet_str.bv_val[ cookie->octet_str.bv_len ] )
+ csn_str_len = cval - csn_str;
+ else
+ csn_str_len = 0;
+
+ /* FIXME use csnValidate when it gets implemented */
+ csn_ptr = strchr( csn_str, '#' );
+ if ( !csn_ptr || csn_str >= &cookie->octet_str.bv_val[ cookie->octet_str.bv_len ] ) break;
+
+ stamp.bv_val = csn_str;
+ stamp.bv_len = csn_ptr - csn_str;
+ validate = ad->ad_type->sat_syntax->ssyn_validate;
+ if ( validate( ad->ad_type->sat_syntax, &stamp ) != LDAP_SUCCESS )
+ break;
+ valid = 1;
+ break;
+ }
+ if ( valid ) {
+ ber_str2bv_x( csn_str, csn_str_len, 1, &cookie->ctxcsn, memctx );
+ } else {
+ BER_BVZERO( &cookie->ctxcsn );
+ }
+
+ return 0;
+}
+
+int
+slap_init_sync_cookie_ctxcsn(
+ struct sync_cookie *cookie
+)
+{
+ char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE + 4 ];
+ struct berval octet_str = BER_BVNULL;
+ struct berval ctxcsn = BER_BVNULL;
+
+ if ( cookie == NULL )
+ return -1;
+
+ octet_str.bv_len = snprintf( csnbuf, LDAP_LUTIL_CSNSTR_BUFSIZE + 4,
+ "csn=%4d%02d%02d%02d%02d%02dZ#%06x#%02x#%06x",
+ 1900, 1, 1, 0, 0, 0, 0, 0, 0 );
+ octet_str.bv_val = csnbuf;
+ ch_free( cookie->octet_str.bv_val );
+ ber_dupbv( &cookie->octet_str, &octet_str );
+
+ ctxcsn.bv_val = octet_str.bv_val + 4;
+ ctxcsn.bv_len = octet_str.bv_len - 4;
+ ber_dupbv( &cookie->ctxcsn, &ctxcsn );
+
+ return 0;
+}
+
+struct sync_cookie *
+slap_dup_sync_cookie(
+ struct sync_cookie *dst,
+ struct sync_cookie *src
+)
+{
+ struct sync_cookie *new;
+
+ if ( src == NULL )
+ return NULL;
+
+ if ( dst ) {
+ ch_free( dst->ctxcsn.bv_val );
+ ch_free( dst->octet_str.bv_val );
+ BER_BVZERO( &dst->ctxcsn );
+ BER_BVZERO( &dst->octet_str );
+ new = dst;
+ } else {
+ new = ( struct sync_cookie * )
+ ch_calloc( 1, sizeof( struct sync_cookie ));
+ }
+
+ new->rid = src->rid;
+
+ if ( !BER_BVISNULL( &src->ctxcsn )) {
+ ber_dupbv( &new->ctxcsn, &src->ctxcsn );
+ }
+
+ if ( !BER_BVISNULL( &src->octet_str )) {
+ ber_dupbv( &new->octet_str, &src->octet_str );
+ }
+
+ return new;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/limits.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/limits.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/limits.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1319 @@
+/* limits.c - routines to handle regex-based size and time limits */
+/* $OpenLDAP: pkg/ldap/servers/slapd/limits.c,v 1.62.2.8 2007/01/02 21:43:56 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/regex.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "lutil.h"
+
+/* define to get an error if requesting limit higher than hard */
+#undef ABOVE_HARD_LIMIT_IS_ERROR
+
+static char *
+limits2str( unsigned i )
+{
+ switch ( i ) {
+ case SLAP_LIMITS_UNDEFINED:
+ return "UNDEFINED";
+
+ case SLAP_LIMITS_EXACT:
+ return "EXACT";
+
+ case SLAP_LIMITS_ONE:
+ return "ONELEVEL";
+
+ case SLAP_LIMITS_SUBTREE:
+ return "SUBTREE";
+
+ case SLAP_LIMITS_CHILDREN:
+ return "CHILDREN";
+
+ case SLAP_LIMITS_REGEX:
+ return "REGEX";
+
+ case SLAP_LIMITS_ANONYMOUS:
+ return "ANONYMOUS";
+
+ case SLAP_LIMITS_USERS:
+ return "USERS";
+
+ case SLAP_LIMITS_ANY:
+ return "ANY";
+
+ default:
+ return "UNKNOWN";
+ }
+}
+
+int
+limits_get(
+ Operation *op,
+ struct berval *ndn,
+ struct slap_limits_set **limit
+)
+{
+ struct slap_limits **lm;
+
+ assert( op != NULL );
+ assert( limit != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, "==> limits_get: %s dn=\"%s\"\n",
+ op->o_log_prefix,
+ BER_BVISNULL( ndn ) ? "[anonymous]" : ndn->bv_val, 0 );
+ /*
+ * default values
+ */
+ *limit = &op->o_bd->be_def_limit;
+
+ if ( op->o_bd->be_limits == NULL ) {
+ return( 0 );
+ }
+
+ for ( lm = op->o_bd->be_limits; lm[0] != NULL; lm++ ) {
+ unsigned style = lm[0]->lm_flags & SLAP_LIMITS_MASK;
+ unsigned type = lm[0]->lm_flags & SLAP_LIMITS_TYPE_MASK;
+
+ switch ( style ) {
+ case SLAP_LIMITS_EXACT:
+ if ( BER_BVISEMPTY( ndn ) ) {
+ break;
+ }
+
+ if ( type == SLAP_LIMITS_TYPE_GROUP ) {
+ int rc;
+
+ rc = backend_group( op, NULL,
+ &lm[0]->lm_pat, ndn,
+ lm[0]->lm_group_oc,
+ lm[0]->lm_group_ad );
+ if ( rc == 0 ) {
+ *limit = &lm[0]->lm_limits;
+ Debug( LDAP_DEBUG_TRACE, "<== limits_get: type=GROUP match=EXACT "
+ "dn=\"%s\" oc=\"%s\" ad=\"%s\"\n",
+ lm[0]->lm_pat.bv_val,
+ lm[0]->lm_group_oc->soc_cname.bv_val,
+ lm[0]->lm_group_ad->ad_cname.bv_val );
+
+ return( 0 );
+ }
+ } else {
+
+ if ( dn_match( &lm[0]->lm_pat, ndn ) ) {
+ *limit = &lm[0]->lm_limits;
+ Debug( LDAP_DEBUG_TRACE, "<== limits_get: type=DN match=EXACT dn=\"%s\"\n",
+ lm[0]->lm_pat.bv_val, 0, 0 );
+ return( 0 );
+ }
+ }
+ break;
+
+ case SLAP_LIMITS_ONE:
+ case SLAP_LIMITS_SUBTREE:
+ case SLAP_LIMITS_CHILDREN: {
+ size_t d;
+
+ if ( BER_BVISEMPTY( ndn ) ) {
+ break;
+ }
+
+ /* ndn shorter than dn_pat */
+ if ( ndn->bv_len < lm[0]->lm_pat.bv_len ) {
+ break;
+ }
+ d = ndn->bv_len - lm[0]->lm_pat.bv_len;
+
+ /* allow exact match for SUBTREE only */
+ if ( d == 0 ) {
+ if ( style != SLAP_LIMITS_SUBTREE ) {
+ break;
+ }
+ } else {
+ /* check for unescaped rdn separator */
+ if ( !DN_SEPARATOR( ndn->bv_val[d - 1] ) ) {
+ break;
+ }
+ }
+
+ /* in case of (sub)match ... */
+ if ( lm[0]->lm_pat.bv_len == ( ndn->bv_len - d )
+ && strcmp( lm[0]->lm_pat.bv_val,
+ &ndn->bv_val[d] ) == 0 )
+ {
+ /* check for exactly one rdn in case of ONE */
+ if ( style == SLAP_LIMITS_ONE ) {
+ /*
+ * if ndn is more that one rdn
+ * below dn_pat, continue
+ */
+ if ( (size_t) dn_rdnlen( NULL, ndn )
+ != d - 1 )
+ {
+ break;
+ }
+ }
+
+ *limit = &lm[0]->lm_limits;
+ Debug( LDAP_DEBUG_TRACE, "<== limits_get: type=DN match=%s dn=\"%s\"\n",
+ limits2str( style ), lm[0]->lm_pat.bv_val, 0 );
+ return( 0 );
+ }
+
+ break;
+ }
+
+ case SLAP_LIMITS_REGEX:
+ if ( BER_BVISEMPTY( ndn ) ) {
+ break;
+ }
+ if ( regexec( &lm[0]->lm_regex, ndn->bv_val,
+ 0, NULL, 0 ) == 0 )
+ {
+ *limit = &lm[0]->lm_limits;
+ Debug( LDAP_DEBUG_TRACE, "<== limits_get: type=DN match=%s dn=\"%s\"\n",
+ limits2str( style ), lm[0]->lm_pat.bv_val, 0 );
+ return( 0 );
+ }
+ break;
+
+ case SLAP_LIMITS_ANONYMOUS:
+ if ( BER_BVISEMPTY( ndn ) ) {
+ Debug( LDAP_DEBUG_TRACE, "<== limits_get: type=DN match=%s\n",
+ limits2str( style ), 0, 0 );
+ *limit = &lm[0]->lm_limits;
+ return( 0 );
+ }
+ break;
+
+ case SLAP_LIMITS_USERS:
+ if ( !BER_BVISEMPTY( ndn ) ) {
+ *limit = &lm[0]->lm_limits;
+ Debug( LDAP_DEBUG_TRACE, "<== limits_get: type=DN match=%s\n",
+ limits2str( style ), 0, 0 );
+ return( 0 );
+ }
+ break;
+
+ case SLAP_LIMITS_ANY:
+ *limit = &lm[0]->lm_limits;
+ return( 0 );
+
+ default:
+ assert( 0 ); /* unreachable */
+ return( -1 );
+ }
+ }
+
+ return( 0 );
+}
+
+static int
+limits_add(
+ Backend *be,
+ unsigned flags,
+ const char *pattern,
+ ObjectClass *group_oc,
+ AttributeDescription *group_ad,
+ struct slap_limits_set *limit
+)
+{
+ int i;
+ struct slap_limits *lm;
+ unsigned type, style;
+
+ assert( be != NULL );
+ assert( limit != NULL );
+
+ type = flags & SLAP_LIMITS_TYPE_MASK;
+ style = flags & SLAP_LIMITS_MASK;
+
+ switch ( style ) {
+ case SLAP_LIMITS_ANONYMOUS:
+ case SLAP_LIMITS_USERS:
+ case SLAP_LIMITS_ANY:
+ for ( i = 0; be->be_limits && be->be_limits[ i ]; i++ ) {
+ if ( be->be_limits[ i ]->lm_flags == style ) {
+ return( -1 );
+ }
+ }
+ break;
+ }
+
+
+ lm = ( struct slap_limits * )ch_calloc( sizeof( struct slap_limits ), 1 );
+
+ switch ( style ) {
+ case SLAP_LIMITS_UNDEFINED:
+ style = SLAP_LIMITS_EXACT;
+ /* continue to next cases */
+ case SLAP_LIMITS_EXACT:
+ case SLAP_LIMITS_ONE:
+ case SLAP_LIMITS_SUBTREE:
+ case SLAP_LIMITS_CHILDREN:
+ lm->lm_flags = style | type;
+ {
+ int rc;
+ struct berval bv;
+
+ ber_str2bv( pattern, 0, 0, &bv );
+
+ rc = dnNormalize( 0, NULL, NULL, &bv, &lm->lm_pat, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ ch_free( lm );
+ return( -1 );
+ }
+ }
+ break;
+
+ case SLAP_LIMITS_REGEX:
+ lm->lm_flags = style | type;
+ ber_str2bv( pattern, 0, 1, &lm->lm_pat );
+ if ( regcomp( &lm->lm_regex, lm->lm_pat.bv_val,
+ REG_EXTENDED | REG_ICASE ) ) {
+ free( lm->lm_pat.bv_val );
+ ch_free( lm );
+ return( -1 );
+ }
+ break;
+
+ case SLAP_LIMITS_ANONYMOUS:
+ case SLAP_LIMITS_USERS:
+ case SLAP_LIMITS_ANY:
+ lm->lm_flags = style | type;
+ BER_BVZERO( &lm->lm_pat );
+ break;
+ }
+
+ switch ( type ) {
+ case SLAP_LIMITS_TYPE_GROUP:
+ assert( group_oc != NULL );
+ assert( group_ad != NULL );
+ lm->lm_group_oc = group_oc;
+ lm->lm_group_ad = group_ad;
+ break;
+ }
+
+ lm->lm_limits = *limit;
+
+ i = 0;
+ if ( be->be_limits != NULL ) {
+ for ( ; be->be_limits[i]; i++ );
+ }
+
+ be->be_limits = ( struct slap_limits ** )ch_realloc( be->be_limits,
+ sizeof( struct slap_limits * ) * ( i + 2 ) );
+ be->be_limits[i] = lm;
+ be->be_limits[i+1] = NULL;
+
+ return( 0 );
+}
+
+int
+limits_parse(
+ Backend *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ int flags = SLAP_LIMITS_UNDEFINED;
+ char *pattern;
+ struct slap_limits_set limit;
+ int i, rc = 0;
+ ObjectClass *group_oc = NULL;
+ AttributeDescription *group_ad = NULL;
+
+ assert( be != NULL );
+
+ if ( argc < 3 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s : line %d: missing arg(s) in "
+ "\"limits <pattern> <limits>\" line.\n%s",
+ fname, lineno, "" );
+ return( -1 );
+ }
+
+ limit = be->be_def_limit;
+
+ /*
+ * syntax:
+ *
+ * "limits" <pattern> <limit> [ ... ]
+ *
+ *
+ * <pattern>:
+ *
+ * "anonymous"
+ * "users"
+ * [ "dn" [ "." { "exact" | "base" | "onelevel" | "subtree" | children"
+ * | "regex" | "anonymous" } ] "=" ] <dn pattern>
+ *
+ * Note:
+ * "exact" and "base" are the same (exact match);
+ * "onelevel" means exactly one rdn below, NOT including pattern
+ * "subtree" means any rdn below, including pattern
+ * "children" means any rdn below, NOT including pattern
+ *
+ * "anonymous" may be deprecated in favour
+ * of the pattern = "anonymous" form
+ *
+ * "group[/objectClass[/attributeType]]" "=" "<dn pattern>"
+ *
+ * <limit>:
+ *
+ * "time" [ "." { "soft" | "hard" } ] "=" <integer>
+ *
+ * "size" [ "." { "soft" | "hard" | "unchecked" } ] "=" <integer>
+ */
+
+ pattern = argv[1];
+ if ( strcmp( pattern, "*" ) == 0) {
+ flags = SLAP_LIMITS_ANY;
+
+ } else if ( strcasecmp( pattern, "anonymous" ) == 0 ) {
+ flags = SLAP_LIMITS_ANONYMOUS;
+
+ } else if ( strcasecmp( pattern, "users" ) == 0 ) {
+ flags = SLAP_LIMITS_USERS;
+
+ } else if ( strncasecmp( pattern, "dn", STRLENOF( "dn" ) ) == 0 ) {
+ pattern += STRLENOF( "dn" );
+ if ( pattern[0] == '.' ) {
+ pattern++;
+ if ( strncasecmp( pattern, "exact", STRLENOF( "exact" )) == 0 ) {
+ flags = SLAP_LIMITS_EXACT;
+ pattern += STRLENOF( "exact" );
+
+ } else if ( strncasecmp( pattern, "base", STRLENOF( "base" ) ) == 0 ) {
+ flags = SLAP_LIMITS_BASE;
+ pattern += STRLENOF( "base" );
+
+ } else if ( strncasecmp( pattern, "one", STRLENOF( "one" ) ) == 0 ) {
+ flags = SLAP_LIMITS_ONE;
+ pattern += STRLENOF( "one" );
+ if ( strncasecmp( pattern, "level", STRLENOF( "level" ) ) == 0 ) {
+ pattern += STRLENOF( "level" );
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s : line %d: deprecated \"one\" style "
+ "\"limits <pattern> <limits>\" line; "
+ "use \"onelevel\" instead.\n", fname, lineno, 0 );
+ }
+
+ } else if ( strncasecmp( pattern, "sub", STRLENOF( "sub" ) ) == 0 ) {
+ flags = SLAP_LIMITS_SUBTREE;
+ pattern += STRLENOF( "sub" );
+ if ( strncasecmp( pattern, "tree", STRLENOF( "tree" ) ) == 0 ) {
+ pattern += STRLENOF( "tree" );
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s : line %d: deprecated \"sub\" style "
+ "\"limits <pattern> <limits>\" line; "
+ "use \"subtree\" instead.\n", fname, lineno, 0 );
+ }
+
+ } else if ( strncasecmp( pattern, "children", STRLENOF( "children" ) ) == 0 ) {
+ flags = SLAP_LIMITS_CHILDREN;
+ pattern += STRLENOF( "children" );
+
+ } else if ( strncasecmp( pattern, "regex", STRLENOF( "regex" ) ) == 0 ) {
+ flags = SLAP_LIMITS_REGEX;
+ pattern += STRLENOF( "regex" );
+
+ /*
+ * this could be deprecated in favour
+ * of the pattern = "anonymous" form
+ */
+ } else if ( strncasecmp( pattern, "anonymous", STRLENOF( "anonymous" ) ) == 0 ) {
+ flags = SLAP_LIMITS_ANONYMOUS;
+ pattern = NULL;
+ }
+ }
+
+ /* pre-check the data */
+ switch ( flags ) {
+ case SLAP_LIMITS_ANONYMOUS:
+ case SLAP_LIMITS_USERS:
+
+ /* no need for pattern */
+ pattern = NULL;
+ break;
+
+ default:
+ if ( pattern[0] != '=' ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s : line %d: missing '=' in "
+ "\"dn[.{exact|base|onelevel|subtree"
+ "|children|regex|anonymous}]"
+ "=<pattern>\" in "
+ "\"limits <pattern> <limits>\" "
+ "line.\n%s",
+ fname, lineno, "" );
+ return( -1 );
+ }
+
+ /* skip '=' (required) */
+ pattern++;
+
+ /* trim obvious cases */
+ if ( strcmp( pattern, "*" ) == 0 ) {
+ flags = SLAP_LIMITS_ANY;
+ pattern = NULL;
+
+ } else if ( flags == SLAP_LIMITS_REGEX
+ && strcmp( pattern, ".*" ) == 0 ) {
+ flags = SLAP_LIMITS_ANY;
+ pattern = NULL;
+ }
+ }
+
+ } else if (strncasecmp( pattern, "group", STRLENOF( "group" ) ) == 0 ) {
+ pattern += STRLENOF( "group" );
+
+ if ( pattern[0] == '/' ) {
+ struct berval oc, ad;
+
+ oc.bv_val = pattern + 1;
+ pattern = strchr( pattern, '=' );
+ if ( pattern == NULL ) {
+ return -1;
+ }
+
+ ad.bv_val = strchr( oc.bv_val, '/' );
+ if ( ad.bv_val != NULL ) {
+ const char *text = NULL;
+ int rc;
+
+ oc.bv_len = ad.bv_val - oc.bv_val;
+
+ ad.bv_val++;
+ ad.bv_len = pattern - ad.bv_val;
+ rc = slap_bv2ad( &ad, &group_ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ goto no_ad;
+ }
+
+ } else {
+ oc.bv_len = pattern - oc.bv_val;
+ }
+
+ group_oc = oc_bvfind( &oc );
+ if ( group_oc == NULL ) {
+ goto no_oc;
+ }
+ }
+
+ if ( group_oc == NULL ) {
+ group_oc = oc_find( SLAPD_GROUP_CLASS );
+ if ( group_oc == NULL ) {
+no_oc:;
+ return( -1 );
+ }
+ }
+
+ if ( group_ad == NULL ) {
+ const char *text = NULL;
+ int rc;
+
+ rc = slap_str2ad( SLAPD_GROUP_ATTR, &group_ad, &text );
+
+ if ( rc != LDAP_SUCCESS ) {
+no_ad:;
+ return( -1 );
+ }
+ }
+
+ flags = SLAP_LIMITS_TYPE_GROUP | SLAP_LIMITS_EXACT;
+
+ if ( pattern[0] != '=' ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s : line %d: missing '=' in "
+ "\"group[/objectClass[/attributeType]]"
+ "=<pattern>\" in "
+ "\"limits <pattern> <limits>\" line.\n",
+ fname, lineno, 0 );
+ return( -1 );
+ }
+
+ /* skip '=' (required) */
+ pattern++;
+ }
+
+ /* get the limits */
+ for ( i = 2; i < argc; i++ ) {
+ if ( limits_parse_one( argv[i], &limit ) ) {
+
+ Debug( LDAP_DEBUG_ANY,
+ "%s : line %d: unknown limit values \"%s\" in "
+ "\"limits <pattern> <limits>\" line.\n",
+ fname, lineno, argv[i] );
+
+ return( 1 );
+ }
+ }
+
+ /*
+ * sanity checks ...
+ *
+ * FIXME: add warnings?
+ */
+ if ( limit.lms_t_hard > 0 &&
+ ( limit.lms_t_hard < limit.lms_t_soft
+ || limit.lms_t_soft == -1 ) ) {
+ limit.lms_t_hard = limit.lms_t_soft;
+ }
+
+ if ( limit.lms_s_hard > 0 &&
+ ( limit.lms_s_hard < limit.lms_s_soft
+ || limit.lms_s_soft == -1 ) ) {
+ limit.lms_s_hard = limit.lms_s_soft;
+ }
+
+ /*
+ * defaults ...
+ *
+ * lms_t_hard:
+ * -1 => no limits
+ * 0 => same as soft
+ * > 0 => limit (in seconds)
+ *
+ * lms_s_hard:
+ * -1 => no limits
+ * 0 0> same as soft
+ * > 0 => limit (in entries)
+ *
+ * lms_s_pr_total:
+ * -2 => disable the control
+ * -1 => no limits
+ * 0 => same as soft
+ * > 0 => limit (in entries)
+ *
+ * lms_s_pr:
+ * -1 => no limits
+ * 0 => no limits?
+ * > 0 => limit size (in entries)
+ */
+ if ( limit.lms_s_pr_total > 0 &&
+ limit.lms_s_pr > limit.lms_s_pr_total ) {
+ limit.lms_s_pr = limit.lms_s_pr_total;
+ }
+
+ rc = limits_add( be, flags, pattern, group_oc, group_ad, &limit );
+ if ( rc ) {
+
+ Debug( LDAP_DEBUG_ANY,
+ "%s : line %d: unable to add limit in "
+ "\"limits <pattern> <limits>\" line.\n",
+ fname, lineno, 0 );
+ }
+
+ return( rc );
+}
+
+int
+limits_parse_one(
+ const char *arg,
+ struct slap_limits_set *limit
+)
+{
+ assert( arg != NULL );
+ assert( limit != NULL );
+
+ if ( strncasecmp( arg, "time", STRLENOF( "time" ) ) == 0 ) {
+ arg += STRLENOF( "time" );
+
+ if ( arg[0] == '.' ) {
+ arg++;
+ if ( strncasecmp( arg, "soft=", STRLENOF( "soft=" ) ) == 0 ) {
+ arg += STRLENOF( "soft=" );
+ if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+ limit->lms_t_soft = -1;
+
+ } else {
+ int soft;
+
+ if ( lutil_atoi( &soft, arg ) != 0 || soft < -1 ) {
+ return( 1 );
+ }
+
+ if ( soft == -1 ) {
+ /* FIXME: use "unlimited" instead; issue warning? */
+ }
+
+ limit->lms_t_soft = soft;
+ }
+
+ } else if ( strncasecmp( arg, "hard=", STRLENOF( "hard=" ) ) == 0 ) {
+ arg += STRLENOF( "hard=" );
+ if ( strcasecmp( arg, "soft" ) == 0 ) {
+ limit->lms_t_hard = 0;
+
+ } else if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+ limit->lms_t_hard = -1;
+
+ } else {
+ int hard;
+
+ if ( lutil_atoi( &hard, arg ) != 0 || hard < -1 ) {
+ return( 1 );
+ }
+
+ if ( hard == -1 ) {
+ /* FIXME: use "unlimited" instead */
+ }
+
+ if ( hard == 0 ) {
+ /* FIXME: use "soft" instead */
+ }
+
+ limit->lms_t_hard = hard;
+ }
+
+ } else {
+ return( 1 );
+ }
+
+ } else if ( arg[0] == '=' ) {
+ arg++;
+ if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+ limit->lms_t_soft = -1;
+
+ } else {
+ if ( lutil_atoi( &limit->lms_t_soft, arg ) != 0
+ || limit->lms_t_soft < -1 )
+ {
+ return( 1 );
+ }
+ }
+ limit->lms_t_hard = 0;
+
+ } else {
+ return( 1 );
+ }
+
+ } else if ( strncasecmp( arg, "size", STRLENOF( "size" ) ) == 0 ) {
+ arg += STRLENOF( "size" );
+
+ if ( arg[0] == '.' ) {
+ arg++;
+ if ( strncasecmp( arg, "soft=", STRLENOF( "soft=" ) ) == 0 ) {
+ arg += STRLENOF( "soft=" );
+ if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+ limit->lms_s_soft = -1;
+
+ } else {
+ int soft;
+
+ if ( lutil_atoi( &soft, arg ) != 0 || soft < -1 ) {
+ return( 1 );
+ }
+
+ if ( soft == -1 ) {
+ /* FIXME: use "unlimited" instead */
+ }
+
+ limit->lms_s_soft = soft;
+ }
+
+ } else if ( strncasecmp( arg, "hard=", STRLENOF( "hard=" ) ) == 0 ) {
+ arg += STRLENOF( "hard=" );
+ if ( strcasecmp( arg, "soft" ) == 0 ) {
+ limit->lms_s_hard = 0;
+
+ } else if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+ limit->lms_s_hard = -1;
+
+ } else {
+ int hard;
+
+ if ( lutil_atoi( &hard, arg ) != 0 || hard < -1 ) {
+ return( 1 );
+ }
+
+ if ( hard == -1 ) {
+ /* FIXME: use "unlimited" instead */
+ }
+
+ if ( hard == 0 ) {
+ /* FIXME: use "soft" instead */
+ }
+
+ limit->lms_s_hard = hard;
+ }
+
+ } else if ( strncasecmp( arg, "unchecked=", STRLENOF( "unchecked=" ) ) == 0 ) {
+ arg += STRLENOF( "unchecked=" );
+ if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+ limit->lms_s_unchecked = -1;
+
+ } else if ( strcasecmp( arg, "disabled" ) == 0 ) {
+ limit->lms_s_unchecked = 0;
+
+ } else {
+ int unchecked;
+
+ if ( lutil_atoi( &unchecked, arg ) != 0 || unchecked < -1 ) {
+ return( 1 );
+ }
+
+ if ( unchecked == -1 ) {
+ /* FIXME: use "unlimited" instead */
+ }
+
+ limit->lms_s_unchecked = unchecked;
+ }
+
+ } else if ( strncasecmp( arg, "pr=", STRLENOF( "pr=" ) ) == 0 ) {
+ arg += STRLENOF( "pr=" );
+ if ( strcasecmp( arg, "noEstimate" ) == 0 ) {
+ limit->lms_s_pr_hide = 1;
+
+ } else if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+ limit->lms_s_pr = -1;
+
+ } else {
+ int pr;
+
+ if ( lutil_atoi( &pr, arg ) != 0 || pr < -1 ) {
+ return( 1 );
+ }
+
+ if ( pr == -1 ) {
+ /* FIXME: use "unlimited" instead */
+ }
+
+ limit->lms_s_pr = pr;
+ }
+
+ } else if ( strncasecmp( arg, "prtotal=", STRLENOF( "prtotal=" ) ) == 0 ) {
+ arg += STRLENOF( "prtotal=" );
+
+ if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+ limit->lms_s_pr_total = -1;
+
+ } else if ( strcasecmp( arg, "disabled" ) == 0 ) {
+ limit->lms_s_pr_total = -2;
+
+ } else if ( strcasecmp( arg, "hard" ) == 0 ) {
+ limit->lms_s_pr_total = 0;
+
+ } else {
+ int total;
+
+ if ( lutil_atoi( &total, arg ) != 0 || total < -1 ) {
+ return( 1 );
+ }
+
+ if ( total == -1 ) {
+ /* FIXME: use "unlimited" instead */
+ }
+
+ if ( total == 0 ) {
+ /* FIXME: use "pr=disable" instead */
+ }
+
+ limit->lms_s_pr_total = total;
+ }
+
+ } else {
+ return( 1 );
+ }
+
+ } else if ( arg[0] == '=' ) {
+ arg++;
+ if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+ limit->lms_s_soft = -1;
+
+ } else {
+ if ( lutil_atoi( &limit->lms_s_soft, arg ) != 0
+ || limit->lms_s_soft < -1 )
+ {
+ return( 1 );
+ }
+ }
+ limit->lms_s_hard = 0;
+
+ } else {
+ return( 1 );
+ }
+ }
+
+ return 0;
+}
+
+static const char *lmpats[] = {
+ "base",
+ "base",
+ "onelevel",
+ "subtree",
+ "children",
+ "regex",
+ "anonymous",
+ "users",
+ "*"
+};
+
+/* Caller must provide an adequately sized buffer in bv */
+void
+limits_unparse( struct slap_limits *lim, struct berval *bv )
+{
+ struct berval btmp;
+ char *ptr;
+ int lm;
+
+ if ( !bv || !bv->bv_val ) return;
+
+ ptr = bv->bv_val;
+
+ if (( lim->lm_flags & SLAP_LIMITS_TYPE_MASK ) == SLAP_LIMITS_TYPE_GROUP ) {
+ ptr = lutil_strcopy( ptr, "group/" );
+ ptr = lutil_strcopy( ptr, lim->lm_group_oc->soc_cname.bv_val );
+ *ptr++ = '/';
+ ptr = lutil_strcopy( ptr, lim->lm_group_ad->ad_cname.bv_val );
+ ptr = lutil_strcopy( ptr, "=\"" );
+ ptr = lutil_strcopy( ptr, lim->lm_pat.bv_val );
+ *ptr++ = '"';
+ } else {
+ lm = lim->lm_flags & SLAP_LIMITS_MASK;
+ switch( lm ) {
+ case SLAP_LIMITS_ANONYMOUS:
+ case SLAP_LIMITS_USERS:
+ case SLAP_LIMITS_ANY:
+ ptr = lutil_strcopy( ptr, lmpats[lm] );
+ break;
+ case SLAP_LIMITS_UNDEFINED:
+ case SLAP_LIMITS_EXACT:
+ case SLAP_LIMITS_ONE:
+ case SLAP_LIMITS_SUBTREE:
+ case SLAP_LIMITS_CHILDREN:
+ case SLAP_LIMITS_REGEX:
+ ptr = lutil_strcopy( ptr, "dn." );
+ ptr = lutil_strcopy( ptr, lmpats[lm] );
+ *ptr++ = '=';
+ *ptr++ = '"';
+ ptr = lutil_strcopy( ptr, lim->lm_pat.bv_val );
+ *ptr++ = '"';
+ break;
+ }
+ }
+ *ptr++ = ' ';
+ bv->bv_len = ptr - bv->bv_val;
+ btmp.bv_val = ptr;
+ btmp.bv_len = 0;
+ limits_unparse_one( &lim->lm_limits, SLAP_LIMIT_SIZE|SLAP_LIMIT_TIME, &btmp );
+ bv->bv_len += btmp.bv_len;
+}
+
+/* Caller must provide an adequately sized buffer in bv */
+void
+limits_unparse_one( struct slap_limits_set *lim, int which, struct berval *bv )
+{
+ char *ptr;
+
+ if ( !bv || !bv->bv_val ) return;
+
+ ptr = bv->bv_val;
+
+ if ( which & SLAP_LIMIT_SIZE ) {
+ if ( lim->lms_s_soft != SLAPD_DEFAULT_SIZELIMIT ) {
+
+ /* If same as global limit, drop it */
+ if ( lim != &frontendDB->be_def_limit &&
+ lim->lms_s_soft == frontendDB->be_def_limit.lms_s_soft )
+ goto s_hard;
+ /* If there's also a hard limit, fully qualify this one */
+ else if ( lim->lms_s_hard )
+ ptr = lutil_strcopy( ptr, " size.soft=" );
+
+ /* If doing both size & time, qualify this */
+ else if ( which & SLAP_LIMIT_TIME )
+ ptr = lutil_strcopy( ptr, " size=" );
+
+ if ( lim->lms_s_soft == -1 )
+ ptr = lutil_strcopy( ptr, "unlimited" );
+ else
+ ptr += sprintf( ptr, "%d", lim->lms_s_soft );
+ *ptr++ = ' ';
+ }
+s_hard:
+ if ( lim->lms_s_hard ) {
+ ptr = lutil_strcopy( ptr, " size.hard=" );
+ if ( lim->lms_s_hard == -1 )
+ ptr = lutil_strcopy( ptr, "unlimited" );
+ else
+ ptr += sprintf( ptr, "%d", lim->lms_s_hard );
+ *ptr++ = ' ';
+ }
+ if ( lim->lms_s_unchecked != -1 ) {
+ ptr = lutil_strcopy( ptr, " size.unchecked=" );
+ if ( lim->lms_s_unchecked == 0 )
+ ptr = lutil_strcopy( ptr, "disabled" );
+ else
+ ptr += sprintf( ptr, "%d", lim->lms_s_unchecked );
+ *ptr++ = ' ';
+ }
+ if ( lim->lms_s_pr_hide ) {
+ ptr = lutil_strcopy( ptr, " size.pr=noEstimate " );
+ }
+ if ( lim->lms_s_pr ) {
+ ptr = lutil_strcopy( ptr, " size.pr=" );
+ if ( lim->lms_s_pr == -1 )
+ ptr = lutil_strcopy( ptr, "unlimited" );
+ else
+ ptr += sprintf( ptr, "%d", lim->lms_s_pr );
+ *ptr++ = ' ';
+ }
+ if ( lim->lms_s_pr_total ) {
+ ptr = lutil_strcopy( ptr, " size.prtotal=" );
+ if ( lim->lms_s_pr_total == -1 )
+ ptr = lutil_strcopy( ptr, "unlimited" );
+ else if ( lim->lms_s_pr_total == -2 )
+ ptr = lutil_strcopy( ptr, "disabled" );
+ else
+ ptr += sprintf( ptr, "%d", lim->lms_s_pr_total );
+ *ptr++ = ' ';
+ }
+ }
+ if ( which & SLAP_LIMIT_TIME ) {
+ if ( lim->lms_t_soft != SLAPD_DEFAULT_TIMELIMIT ) {
+
+ /* If same as global limit, drop it */
+ if ( lim != &frontendDB->be_def_limit &&
+ lim->lms_t_soft == frontendDB->be_def_limit.lms_t_soft )
+ goto t_hard;
+
+ /* If there's also a hard limit, fully qualify this one */
+ else if ( lim->lms_t_hard )
+ ptr = lutil_strcopy( ptr, " time.soft=" );
+
+ /* If doing both size & time, qualify this */
+ else if ( which & SLAP_LIMIT_SIZE )
+ ptr = lutil_strcopy( ptr, " time=" );
+
+ if ( lim->lms_t_soft == -1 )
+ ptr = lutil_strcopy( ptr, "unlimited" );
+ else
+ ptr += sprintf( ptr, "%d", lim->lms_t_soft );
+ *ptr++ = ' ';
+ }
+t_hard:
+ if ( lim->lms_t_hard ) {
+ ptr = lutil_strcopy( ptr, " time.hard=" );
+ if ( lim->lms_t_hard == -1 )
+ ptr = lutil_strcopy( ptr, "unlimited" );
+ else
+ ptr += sprintf( ptr, "%d", lim->lms_t_hard );
+ *ptr++ = ' ';
+ }
+ }
+ if ( ptr != bv->bv_val ) {
+ ptr--;
+ *ptr = '\0';
+ bv->bv_len = ptr - bv->bv_val;
+ }
+}
+
+int
+limits_check( Operation *op, SlapReply *rs )
+{
+ assert( op != NULL );
+ assert( rs != NULL );
+ /* FIXME: should this be always true? */
+ assert( op->o_tag == LDAP_REQ_SEARCH);
+
+ /* protocol only allows 0..maxInt;
+ *
+ * internal searches:
+ * - may use SLAP_NO_LIMIT ( = -1 ) to indicate no limits;
+ * - should use slimit = N and tlimit = SLAP_NO_LIMIT to
+ * indicate searches that should return exactly N matches,
+ * and handle errors thru a callback (see for instance
+ * slap_sasl_match() and slap_sasl2dn())
+ */
+ if ( op->ors_tlimit == SLAP_NO_LIMIT && op->ors_slimit == SLAP_NO_LIMIT ) {
+ return 0;
+ }
+
+ /* allow root to set no limit */
+ if ( be_isroot( op ) ) {
+ op->ors_limit = NULL;
+
+ if ( op->ors_tlimit == 0 ) {
+ op->ors_tlimit = SLAP_NO_LIMIT;
+ }
+
+ if ( op->ors_slimit == 0 ) {
+ op->ors_slimit = SLAP_NO_LIMIT;
+ }
+
+ /* if not root, get appropriate limits */
+ } else {
+ ( void ) limits_get( op, &op->o_ndn, &op->ors_limit );
+
+ assert( op->ors_limit != NULL );
+
+ /* if no limit is required, use soft limit */
+ if ( op->ors_tlimit == 0 ) {
+ op->ors_tlimit = op->ors_limit->lms_t_soft;
+
+ /* limit required: check if legal */
+ } else {
+ if ( op->ors_limit->lms_t_hard == 0 ) {
+ if ( op->ors_limit->lms_t_soft > 0
+ && ( op->ors_tlimit > op->ors_limit->lms_t_soft ) ) {
+ op->ors_tlimit = op->ors_limit->lms_t_soft;
+ }
+
+ } else if ( op->ors_limit->lms_t_hard > 0 ) {
+#ifdef ABOVE_HARD_LIMIT_IS_ERROR
+ if ( op->ors_tlimit == SLAP_MAX_LIMIT ) {
+ op->ors_tlimit = op->ors_limit->lms_t_hard;
+
+ } else if ( op->ors_tlimit > op->ors_limit->lms_t_hard ) {
+ /* error if exceeding hard limit */
+ rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+ send_ldap_result( op, rs );
+ rs->sr_err = LDAP_SUCCESS;
+ return -1;
+ }
+#else /* ! ABOVE_HARD_LIMIT_IS_ERROR */
+ if ( op->ors_tlimit > op->ors_limit->lms_t_hard ) {
+ op->ors_tlimit = op->ors_limit->lms_t_hard;
+ }
+#endif /* ! ABOVE_HARD_LIMIT_IS_ERROR */
+ }
+ }
+
+ /* else leave as is */
+
+ /* don't even get to backend if candidate check is disabled */
+ if ( op->ors_limit->lms_s_unchecked == 0 ) {
+ rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+ send_ldap_result( op, rs );
+ rs->sr_err = LDAP_SUCCESS;
+ return -1;
+ }
+
+ /* if paged results is requested */
+ if ( get_pagedresults( op ) > SLAP_CONTROL_IGNORED ) {
+ int slimit = -2;
+ int pr_total;
+ PagedResultsState *ps = op->o_pagedresults_state;
+
+ /* paged results is not allowed */
+ if ( op->ors_limit->lms_s_pr_total == -2 ) {
+ rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+ rs->sr_text = "pagedResults control not allowed";
+ send_ldap_result( op, rs );
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ return -1;
+ }
+
+ if ( op->ors_limit->lms_s_pr > 0 && ps->ps_size > op->ors_limit->lms_s_pr ) {
+ rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+ rs->sr_text = "illegal pagedResults page size";
+ send_ldap_result( op, rs );
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ return -1;
+ }
+
+ if ( op->ors_limit->lms_s_pr_total == 0 ) {
+ if ( op->ors_limit->lms_s_hard == 0 ) {
+ pr_total = op->ors_limit->lms_s_soft;
+ } else {
+ pr_total = op->ors_limit->lms_s_hard;
+ }
+ } else {
+ pr_total = op->ors_limit->lms_s_pr_total;
+ }
+
+ if ( pr_total == -1 ) {
+ if ( op->ors_slimit == 0 || op->ors_slimit == SLAP_MAX_LIMIT ) {
+ slimit = -1;
+
+ } else {
+ slimit = op->ors_slimit - ps->ps_count;
+ }
+
+#ifdef ABOVE_HARD_LIMIT_IS_ERROR
+ } else if ( pr_total > 0 && op->ors_slimit != SLAP_MAX_LIMIT
+ && ( op->ors_slimit == SLAP_NO_LIMIT || op->ors_slimit > pr_total ) )
+ {
+ rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+ send_ldap_result( op, rs );
+ rs->sr_err = LDAP_SUCCESS;
+ return -1;
+#endif /* ! ABOVE_HARD_LIMIT_IS_ERROR */
+
+ } else {
+ /* if no limit is required, use soft limit */
+ int total;
+ int slimit2;
+
+ /* first round of pagedResults: set count to any appropriate limit */
+
+ /* if the limit is set, check that it does not violate any server-side limit */
+#ifdef ABOVE_HARD_LIMIT_IS_ERROR
+ if ( op->ors_slimit == SLAP_MAX_LIMIT ) {
+ slimit2 = op->ors_slimit = pr_total;
+#else /* ! ABOVE_HARD_LIMIT_IS_ERROR */
+ if ( op->ors_slimit == SLAP_MAX_LIMIT || op->ors_slimit > pr_total ) {
+ slimit2 = op->ors_slimit = pr_total;
+#endif /* ! ABOVE_HARD_LIMIT_IS_ERROR */
+
+ } else if ( op->ors_slimit == 0 ) {
+ slimit2 = pr_total;
+
+ } else {
+ slimit2 = op->ors_slimit;
+ }
+
+ total = slimit2 - ps->ps_count;
+
+ if ( total >= 0 ) {
+ if ( op->ors_limit->lms_s_pr > 0 ) {
+ /* use the smallest limit set by total/per page */
+ if ( total < op->ors_limit->lms_s_pr ) {
+ slimit = total;
+
+ } else {
+ /* use the perpage limit if any
+ * NOTE: + 1 because the given value must be legal */
+ slimit = op->ors_limit->lms_s_pr + 1;
+ }
+
+ } else {
+ /* use the total limit if any */
+ slimit = total;
+ }
+
+ } else if ( op->ors_limit->lms_s_pr > 0 ) {
+ /* use the perpage limit if any
+ * NOTE: + 1 because the given value must be legal */
+ slimit = op->ors_limit->lms_s_pr + 1;
+
+ } else {
+ /* use the standard hard/soft limit if any */
+ slimit = op->ors_limit->lms_s_hard;
+ }
+ }
+
+ /* if got any limit, use it */
+ if ( slimit != -2 ) {
+ if ( op->ors_slimit == 0 ) {
+ op->ors_slimit = slimit;
+
+ } else if ( slimit > 0 ) {
+ if ( op->ors_slimit - ps->ps_count > slimit ) {
+ rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+ send_ldap_result( op, rs );
+ rs->sr_err = LDAP_SUCCESS;
+ return -1;
+ }
+ op->ors_slimit = slimit;
+
+ } else if ( slimit == 0 ) {
+ op->ors_slimit = 0;
+ }
+
+ } else {
+ /* use the standard hard/soft limit if any */
+ op->ors_slimit = pr_total;
+ }
+
+ /* no limit requested: use soft, whatever it is */
+ } else if ( op->ors_slimit == 0 ) {
+ op->ors_slimit = op->ors_limit->lms_s_soft;
+
+ /* limit requested: check if legal */
+ } else {
+ /* hard limit as soft (traditional behavior) */
+ if ( op->ors_limit->lms_s_hard == 0 ) {
+ if ( op->ors_limit->lms_s_soft > 0
+ && op->ors_slimit > op->ors_limit->lms_s_soft ) {
+ op->ors_slimit = op->ors_limit->lms_s_soft;
+ }
+
+ /* explicit hard limit: error if violated */
+ } else if ( op->ors_limit->lms_s_hard > 0 ) {
+#ifdef ABOVE_HARD_LIMIT_IS_ERROR
+ if ( op->ors_slimit == SLAP_MAX_LIMIT ) {
+ op->ors_slimit = op->ors_limit->lms_s_hard;
+
+ } else if ( op->ors_slimit > op->ors_limit->lms_s_hard ) {
+ /* if limit exceeds hard, error */
+ rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+ send_ldap_result( op, rs );
+ rs->sr_err = LDAP_SUCCESS;
+ return -1;
+ }
+#else /* ! ABOVE_HARD_LIMIT_IS_ERROR */
+ if ( op->ors_slimit > op->ors_limit->lms_s_hard ) {
+ op->ors_slimit = op->ors_limit->lms_s_hard;
+ }
+#endif /* ! ABOVE_HARD_LIMIT_IS_ERROR */
+ }
+ }
+
+ /* else leave as is */
+ }
+
+ return 0;
+}
+
+void
+limits_destroy(
+ struct slap_limits **lm )
+{
+ int i;
+
+ if ( lm == NULL ) {
+ return;
+ }
+
+ for ( i = 0; lm[ i ]; i++ ) {
+ switch ( lm[ i ]->lm_flags & SLAP_LIMITS_MASK ) {
+ case SLAP_LIMITS_REGEX:
+ regfree( &lm[ i ]->lm_regex );
+ break;
+
+ case SLAP_LIMITS_EXACT:
+ case SLAP_LIMITS_ONE:
+ case SLAP_LIMITS_SUBTREE:
+ case SLAP_LIMITS_CHILDREN:
+ if ( !BER_BVISNULL( &lm[ i ]->lm_pat ) ) {
+ ch_free( lm[ i ]->lm_pat.bv_val );
+ }
+ break;
+
+ default:
+ break;
+ }
+
+ ch_free( lm[ i ] );
+ }
+
+ ch_free( lm );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/lock.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/lock.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/lock.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,83 @@
+/* lock.c - routines to open and apply an advisory lock to a file */
+/* $OpenLDAP: pkg/ldap/servers/slapd/lock.c,v 1.29.2.3 2007/01/02 21:43:56 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+
+#include "slap.h"
+#include <lutil.h>
+
+FILE *
+lock_fopen( const char *fname, const char *type, FILE **lfp )
+{
+ FILE *fp;
+ char buf[MAXPATHLEN];
+
+ /* open the lock file */
+ snprintf( buf, sizeof buf, "%s.lock", fname );
+
+ if ( (*lfp = fopen( buf, "w" )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "could not open \"%s\"\n", buf, 0, 0 );
+
+ return( NULL );
+ }
+
+ /* acquire the lock */
+ ldap_lockf( fileno(*lfp) );
+
+ /* open the log file */
+ if ( (fp = fopen( fname, type )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "could not open \"%s\"\n", fname, 0, 0 );
+
+ ldap_unlockf( fileno(*lfp) );
+ fclose( *lfp );
+ *lfp = NULL;
+ return( NULL );
+ }
+
+ return( fp );
+}
+
+int
+lock_fclose( FILE *fp, FILE *lfp )
+{
+ int rc = fclose( fp );
+ /* unlock */
+ ldap_unlockf( fileno(lfp) );
+ fclose( lfp );
+
+ return( rc );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/main.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/main.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/main.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,998 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/main.c,v 1.198.2.22 2007/01/25 12:42:38 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+#include <ac/wait.h>
+#include <ac/errno.h>
+
+#include "slap.h"
+#include "lutil.h"
+#include "ldif.h"
+
+#ifdef LDAP_SLAPI
+#include "slapi/slapi.h"
+#endif
+
+#ifdef LDAP_SIGCHLD
+static RETSIGTYPE wait4child( int sig );
+#endif
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+#define MAIN_RETURN(x) return
+static struct sockaddr_in bind_addr;
+
+#define SERVICE_EXIT( e, n ) do { \
+ if ( is_NT_Service ) { \
+ lutil_ServiceStatus.dwWin32ExitCode = (e); \
+ lutil_ServiceStatus.dwServiceSpecificExitCode = (n); \
+ } \
+} while ( 0 )
+
+#else
+#define SERVICE_EXIT( e, n )
+#define MAIN_RETURN(x) return(x)
+#endif
+
+typedef int (MainFunc) LDAP_P(( int argc, char *argv[] ));
+extern MainFunc slapadd, slapcat, slapdn, slapindex, slappasswd,
+ slaptest, slapauth, slapacl;
+
+static struct {
+ char *name;
+ MainFunc *func;
+} tools[] = {
+ {"slapadd", slapadd},
+ {"slapcat", slapcat},
+ {"slapdn", slapdn},
+ {"slapindex", slapindex},
+ {"slappasswd", slappasswd},
+ {"slaptest", slaptest},
+ {"slapauth", slapauth},
+ {"slapacl", slapacl},
+ /* NOTE: new tools must be added in chronological order,
+ * not in alphabetical order, because for backwards
+ * compatibility name[4] is used to identify the
+ * tools; so name[4]=='a' must refer to "slapadd" and
+ * not to "slapauth". Alphabetical order can be used
+ * for tools whose name[4] is not used yet */
+ {NULL, NULL}
+};
+
+/*
+ * when more than one slapd is running on one machine, each one might have
+ * it's own LOCAL for syslogging and must have its own pid/args files
+ */
+
+#ifndef HAVE_MKVERSION
+const char Versionstr[] =
+ OPENLDAP_PACKAGE " " OPENLDAP_VERSION " Standalone LDAP Server (slapd)";
+#endif
+
+#ifdef LOG_LOCAL4
+#define DEFAULT_SYSLOG_USER LOG_LOCAL4
+
+typedef struct _str2intDispatch {
+ char *stringVal;
+ int abbr;
+ int intVal;
+} STRDISP, *STRDISP_P;
+
+/* table to compute syslog-options to integer */
+static STRDISP syslog_types[] = {
+ { "LOCAL0", sizeof("LOCAL0"), LOG_LOCAL0 },
+ { "LOCAL1", sizeof("LOCAL1"), LOG_LOCAL1 },
+ { "LOCAL2", sizeof("LOCAL2"), LOG_LOCAL2 },
+ { "LOCAL3", sizeof("LOCAL3"), LOG_LOCAL3 },
+ { "LOCAL4", sizeof("LOCAL4"), LOG_LOCAL4 },
+ { "LOCAL5", sizeof("LOCAL5"), LOG_LOCAL5 },
+ { "LOCAL6", sizeof("LOCAL6"), LOG_LOCAL6 },
+ { "LOCAL7", sizeof("LOCAL7"), LOG_LOCAL7 },
+#ifdef LOG_USER
+ { "USER", sizeof("USER"), LOG_USER },
+#endif
+#ifdef LOG_DAEMON
+ { "DAEMON", sizeof("DAEMON"), LOG_DAEMON },
+#endif
+ { NULL, 0, 0 }
+};
+
+static int cnvt_str2int( char *, STRDISP_P, int );
+#endif /* LOG_LOCAL4 */
+
+#define CHECK_NONE 0x00
+#define CHECK_CONFIG 0x01
+static int check = CHECK_NONE;
+static int version = 0;
+
+void *slap_tls_ctx;
+
+static int
+slapd_opt_slp( const char *val, void *arg )
+{
+#ifdef HAVE_SLP
+ /* NULL is default */
+ if ( val == NULL || strcasecmp( val, "on" ) == 0 ) {
+ slapd_register_slp = 1;
+
+ } else if ( strcasecmp( val, "off" ) == 0 ) {
+ slapd_register_slp = 0;
+
+ /* NOTE: add support for URL specification? */
+
+ } else {
+ fprintf(stderr, "unrecognized value \"%s\" for SLP option\n", val );
+ return -1;
+ }
+
+ return 0;
+
+#else
+ fputs( "slapd: SLP support is not available\n", stderr );
+ return 0;
+#endif
+}
+
+/*
+ * Option helper structure:
+ *
+ * oh_nam is left-hand part of <option>[=<value>]
+ * oh_fnc is handler function
+ * oh_arg is an optional arg to oh_fnc
+ * oh_usage is the one-line usage string related to the option,
+ * which is assumed to start with <option>[=<value>]
+ *
+ * please leave valid options in the structure, and optionally #ifdef
+ * their processing inside the helper, so that reasonable and helpful
+ * error messages can be generated if a disabled option is requested.
+ */
+struct option_helper {
+ struct berval oh_name;
+ int (*oh_fnc)(const char *val, void *arg);
+ void *oh_arg;
+ const char *oh_usage;
+} option_helpers[] = {
+ { BER_BVC("slp"), slapd_opt_slp, NULL, "slp[={on|off}] enable/disable SLP" },
+ { BER_BVNULL, 0, NULL, NULL }
+};
+
+int
+parse_debug_unknowns( char **unknowns, int *levelp )
+{
+ int i, level, rc = 0;
+
+ for ( i = 0; unknowns[ i ] != NULL; i++ ) {
+ level = 0;
+ if ( str2loglevel( unknowns[ i ], &level )) {
+ fprintf( stderr,
+ "unrecognized log level \"%s\"\n", unknowns[ i ] );
+ rc = 1;
+ } else {
+ *levelp |= level;
+ }
+ }
+ return rc;
+}
+
+int
+parse_debug_level( const char *arg, int *levelp, char ***unknowns )
+{
+ int level;
+
+ if ( arg != NULL && arg[ 0 ] != '-' && !isdigit( arg[ 0 ] ) )
+ {
+ int i;
+ char **levels;
+
+ levels = ldap_str2charray( arg, "," );
+
+ for ( i = 0; levels[ i ] != NULL; i++ ) {
+ level = 0;
+
+ if ( str2loglevel( levels[ i ], &level ) ) {
+ /* remember this for later */
+ ldap_charray_add( unknowns, levels[ i ] );
+ fprintf( stderr,
+ "unrecognized log level \"%s\" (deferred)\n",
+ levels[ i ] );
+ } else {
+ *levelp |= level;
+ }
+ }
+
+ ldap_charray_free( levels );
+
+ } else {
+ if ( lutil_atoix( &level, arg, 0 ) != 0 ) {
+ fprintf( stderr,
+ "unrecognized log level "
+ "\"%s\"\n", arg );
+ return 1;
+ }
+
+ if ( level == 0 ) {
+ *levelp = 0;
+
+ } else {
+ *levelp |= level;
+ }
+ }
+
+ return 0;
+}
+
+static void
+usage( char *name )
+{
+ fprintf( stderr,
+ "usage: %s options\n", name );
+ fprintf( stderr,
+ "\t-4\t\tIPv4 only\n"
+ "\t-6\t\tIPv6 only\n"
+ "\t-T {acl|add|auth|cat|dn|index|passwd|test}\n"
+ "\t\t\tRun in Tool mode\n"
+ "\t-c cookie\tSync cookie of consumer\n"
+ "\t-d level\tDebug level" "\n"
+ "\t-f filename\tConfiguration file\n"
+ "\t-F dir\tConfiguration directory\n"
+#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
+ "\t-g group\tGroup (id or name) to run as\n"
+#endif
+ "\t-h URLs\t\tList of URLs to serve\n"
+#ifdef LOG_LOCAL4
+ "\t-l facility\tSyslog facility (default: LOCAL4)\n"
+#endif
+ "\t-n serverName\tService name\n"
+ "\t-o <opt>[=val] generic means to specify options" );
+ if ( !BER_BVISNULL( &option_helpers[0].oh_name ) ) {
+ int i;
+
+ fprintf( stderr, "; supported options:\n" );
+ for ( i = 0; !BER_BVISNULL( &option_helpers[i].oh_name ); i++) {
+ fprintf( stderr, "\t\t%s\n", option_helpers[i].oh_usage );
+ }
+ } else {
+ fprintf( stderr, "\n" );
+ }
+ fprintf( stderr,
+#ifdef HAVE_CHROOT
+ "\t-r directory\tSandbox directory to chroot to\n"
+#endif
+ "\t-s level\tSyslog level\n"
+#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
+ "\t-u user\t\tUser (id or name) to run as\n"
+#endif
+ "\t-V\t\tprint version info (-VV only)\n"
+ );
+}
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+void WINAPI ServiceMain( DWORD argc, LPTSTR *argv )
+#else
+int main( int argc, char **argv )
+#endif
+{
+ int i, no_detach = 0;
+ int rc = 1;
+ char *urls = NULL;
+#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
+ char *username = NULL;
+ char *groupname = NULL;
+#endif
+#if defined(HAVE_CHROOT)
+ char *sandbox = NULL;
+#endif
+#ifdef LOG_LOCAL4
+ int syslogUser = DEFAULT_SYSLOG_USER;
+#endif
+
+ int g_argc = argc;
+ char **g_argv = argv;
+
+ char *configfile = NULL;
+ char *configdir = NULL;
+ char *serverName;
+ int serverMode = SLAP_SERVER_MODE;
+
+ struct sync_cookie *scp = NULL;
+ struct sync_cookie *scp_entry = NULL;
+
+ char **debug_unknowns = NULL;
+ char **syslog_unknowns = NULL;
+
+ char *serverNamePrefix = "";
+ size_t l;
+
+ int slapd_pid_file_unlink = 0, slapd_args_file_unlink = 0;
+
+#ifdef CSRIMALLOC
+ FILE *leakfile;
+ if( ( leakfile = fopen( "slapd.leak", "w" )) == NULL ) {
+ leakfile = stderr;
+ }
+#endif
+
+ slap_sl_mem_init();
+
+ (void) ldap_pvt_thread_initialize();
+
+ serverName = lutil_progname( "slapd", argc, argv );
+
+ if ( strcmp( serverName, "slapd" ) ) {
+ for (i=0; tools[i].name; i++) {
+ if ( !strcmp( serverName, tools[i].name ) ) {
+ rc = tools[i].func(argc, argv);
+ MAIN_RETURN(rc);
+ }
+ }
+ }
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+ {
+ int *i;
+ char *newConfigFile;
+ char *newConfigDir;
+ char *newUrls;
+ char *regService = NULL;
+
+ if ( is_NT_Service ) {
+ lutil_CommenceStartupProcessing( serverName, slap_sig_shutdown );
+ if ( strcmp(serverName, SERVICE_NAME) )
+ regService = serverName;
+ }
+
+ i = (int*)lutil_getRegParam( regService, "DebugLevel" );
+ if ( i != NULL ) {
+ slap_debug = *i;
+ Debug( LDAP_DEBUG_ANY,
+ "new debug level from registry is: %d\n", slap_debug, 0, 0 );
+ }
+
+ newUrls = (char *) lutil_getRegParam(regService, "Urls");
+ if (newUrls) {
+ if (urls)
+ ch_free(urls);
+
+ urls = ch_strdup(newUrls);
+ Debug(LDAP_DEBUG_ANY, "new urls from registry: %s\n",
+ urls, 0, 0);
+ }
+
+ newConfigFile = (char*)lutil_getRegParam( regService, "ConfigFile" );
+ if ( newConfigFile != NULL ) {
+ configfile = newConfigFile;
+ Debug ( LDAP_DEBUG_ANY, "new config file from registry is: %s\n", configfile, 0, 0 );
+ }
+
+ newConfigDir = (char*)lutil_getRegParam( regService, "ConfigDir" );
+ if ( newConfigDir != NULL ) {
+ configdir = newConfigDir;
+ Debug ( LDAP_DEBUG_ANY, "new config dir from registry is: %s\n", configdir, 0, 0 );
+ }
+ }
+#endif
+
+ while ( (i = getopt( argc, argv,
+ "c:d:f:F:h:n:o:s:tT:V"
+#if LDAP_PF_INET6
+ "46"
+#endif
+#ifdef HAVE_CHROOT
+ "r:"
+#endif
+#ifdef LOG_LOCAL4
+ "l:"
+#endif
+#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
+ "u:g:"
+#endif
+ )) != EOF ) {
+ switch ( i ) {
+#ifdef LDAP_PF_INET6
+ case '4':
+ slap_inet4or6 = AF_INET;
+ break;
+ case '6':
+ slap_inet4or6 = AF_INET6;
+ break;
+#endif
+
+ case 'h': /* listen URLs */
+ if ( urls != NULL ) free( urls );
+ urls = ch_strdup( optarg );
+ break;
+
+ case 'c': /* provide sync cookie, override if exist in replica */
+ scp = (struct sync_cookie *) ch_calloc( 1,
+ sizeof( struct sync_cookie ));
+ ber_str2bv( optarg, 0, 1, &scp->octet_str );
+
+ /* This only parses out the rid at this point */
+ slap_parse_sync_cookie( scp, NULL );
+
+ if ( scp->rid == -1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "main: invalid cookie \"%s\"\n",
+ optarg, 0, 0 );
+ slap_sync_cookie_free( scp, 1 );
+ goto destroy;
+ }
+
+ LDAP_STAILQ_FOREACH( scp_entry, &slap_sync_cookie, sc_next ) {
+ if ( scp->rid == scp_entry->rid ) {
+ Debug( LDAP_DEBUG_ANY,
+ "main: duplicated replica id in cookies\n",
+ 0, 0, 0 );
+ slap_sync_cookie_free( scp, 1 );
+ goto destroy;
+ }
+ }
+ LDAP_STAILQ_INSERT_TAIL( &slap_sync_cookie, scp, sc_next );
+ break;
+
+ case 'd': { /* set debug level and 'do not detach' flag */
+ int level = 0;
+
+ no_detach = 1;
+ if ( parse_debug_level( optarg, &level, &debug_unknowns ) ) {
+ goto destroy;
+ }
+#ifdef LDAP_DEBUG
+ slap_debug |= level;
+#else
+ if ( level != 0 )
+ fputs( "must compile with LDAP_DEBUG for debugging\n",
+ stderr );
+#endif
+ } break;
+
+ case 'f': /* read config file */
+ configfile = ch_strdup( optarg );
+ break;
+
+ case 'F': /* use config dir */
+ configdir = ch_strdup( optarg );
+ break;
+
+ case 'o': {
+ char *val = strchr( optarg, '=' );
+ struct berval opt;
+ int i;
+
+ opt.bv_val = optarg;
+
+ if ( val ) {
+ opt.bv_len = ( val - optarg );
+ val++;
+
+ } else {
+ opt.bv_len = strlen( optarg );
+ }
+
+ for ( i = 0; !BER_BVISNULL( &option_helpers[i].oh_name ); i++ ) {
+ if ( ber_bvstrcasecmp( &option_helpers[i].oh_name, &opt ) == 0 ) {
+ assert( option_helpers[i].oh_fnc != NULL );
+ if ( (*option_helpers[i].oh_fnc)( val, option_helpers[i].oh_arg ) == -1 ) {
+ /* we assume the option parsing helper
+ * issues appropriate and self-explanatory
+ * error messages... */
+ goto stop;
+ }
+ break;
+ }
+ }
+
+ if ( BER_BVISNULL( &option_helpers[i].oh_name ) ) {
+ goto unhandled_option;
+ }
+ break;
+ }
+
+ case 's': /* set syslog level */
+ if ( parse_debug_level( optarg, &ldap_syslog, &syslog_unknowns ) ) {
+ goto destroy;
+ }
+ break;
+
+#ifdef LOG_LOCAL4
+ case 'l': /* set syslog local user */
+ syslogUser = cnvt_str2int( optarg,
+ syslog_types, DEFAULT_SYSLOG_USER );
+ break;
+#endif
+
+#ifdef HAVE_CHROOT
+ case 'r':
+ if( sandbox ) free(sandbox);
+ sandbox = ch_strdup( optarg );
+ break;
+#endif
+
+#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
+ case 'u': /* user name */
+ if( username ) free(username);
+ username = ch_strdup( optarg );
+ break;
+
+ case 'g': /* group name */
+ if( groupname ) free(groupname);
+ groupname = ch_strdup( optarg );
+ break;
+#endif /* SETUID && GETUID */
+
+ case 'n': /* NT service name */
+ serverName = ch_strdup( optarg );
+ break;
+
+ case 't':
+ /* deprecated; use slaptest instead */
+ fprintf( stderr, "option -t deprecated; "
+ "use slaptest command instead\n" );
+ check |= CHECK_CONFIG;
+ break;
+
+ case 'V':
+ version++;
+ break;
+
+ case 'T':
+ /* try full option string first */
+ for ( i = 0; tools[i].name; i++ ) {
+ if ( strcmp( optarg, &tools[i].name[4] ) == 0 ) {
+ rc = tools[i].func( argc, argv );
+ MAIN_RETURN( rc );
+ }
+ }
+
+ /* try bits of option string (backward compatibility for single char) */
+ l = strlen( optarg );
+ for ( i = 0; tools[i].name; i++ ) {
+ if ( strncmp( optarg, &tools[i].name[4], l ) == 0 ) {
+ rc = tools[i].func( argc, argv );
+ MAIN_RETURN( rc );
+ }
+ }
+
+ /* issue error */
+ serverName = optarg;
+ serverNamePrefix = "slap";
+ fprintf( stderr, "program name \"%s%s\" unrecognized; "
+ "aborting...\n", serverNamePrefix, serverName );
+ /* FALLTHRU */
+ default:
+unhandled_option:;
+ usage( argv[0] );
+ rc = 1;
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 15 );
+ goto stop;
+ }
+ }
+
+ ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &slap_debug);
+ ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &slap_debug);
+ ldif_debug = slap_debug;
+
+ if ( version ) {
+ fprintf( stderr, "%s\n", Versionstr );
+ if ( version > 1 ) goto stop;
+ }
+
+ {
+ char *logName;
+#ifdef HAVE_EBCDIC
+ logName = ch_strdup( serverName );
+ __atoe( logName );
+#else
+ logName = serverName;
+#endif
+
+#ifdef LOG_LOCAL4
+ openlog( logName, OPENLOG_OPTIONS, syslogUser );
+#elif LOG_DEBUG
+ openlog( logName, OPENLOG_OPTIONS );
+#endif
+#ifdef HAVE_EBCDIC
+ free( logName );
+#endif
+ }
+
+ Debug( LDAP_DEBUG_ANY, "%s", Versionstr, 0, 0 );
+
+ if( check == CHECK_NONE && slapd_daemon_init( urls ) != 0 ) {
+ rc = 1;
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 16 );
+ goto stop;
+ }
+
+#if defined(HAVE_CHROOT)
+ if ( sandbox ) {
+ if ( chdir( sandbox ) ) {
+ perror("chdir");
+ rc = 1;
+ goto stop;
+ }
+ if ( chroot( sandbox ) ) {
+ perror("chroot");
+ rc = 1;
+ goto stop;
+ }
+ }
+#endif
+
+#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
+ if ( username != NULL || groupname != NULL ) {
+ slap_init_user( username, groupname );
+ }
+#endif
+
+ extops_init();
+ lutil_passwd_init();
+ slap_op_init();
+
+ rc = slap_init( serverMode, serverName );
+ if ( rc ) {
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 18 );
+ goto destroy;
+ }
+
+ if ( read_config( configfile, configdir ) != 0 ) {
+ rc = 1;
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 19 );
+
+ if ( check & CHECK_CONFIG ) {
+ fprintf( stderr, "config check failed\n" );
+ }
+
+ goto destroy;
+ }
+
+ if ( debug_unknowns ) {
+ rc = parse_debug_unknowns( debug_unknowns, &slap_debug );
+ ldap_charray_free( debug_unknowns );
+ debug_unknowns = NULL;
+ if ( rc )
+ goto destroy;
+ }
+ if ( syslog_unknowns ) {
+ rc = parse_debug_unknowns( syslog_unknowns, &ldap_syslog );
+ ldap_charray_free( syslog_unknowns );
+ syslog_unknowns = NULL;
+ if ( rc )
+ goto destroy;
+ }
+
+ if ( check & CHECK_CONFIG ) {
+ fprintf( stderr, "config check succeeded\n" );
+
+ check &= ~CHECK_CONFIG;
+ if ( check == CHECK_NONE ) {
+ rc = 0;
+ goto destroy;
+ }
+ }
+
+ if ( glue_sub_attach( ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "subordinate config error\n",
+ 0, 0, 0 );
+
+ goto destroy;
+ }
+
+ if ( slap_schema_check( ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "schema prep error\n",
+ 0, 0, 0 );
+
+ goto destroy;
+ }
+
+#ifdef HAVE_TLS
+ rc = ldap_pvt_tls_init();
+ if( rc != 0) {
+ Debug( LDAP_DEBUG_ANY,
+ "main: TLS init failed: %d\n",
+ 0, 0, 0 );
+ rc = 1;
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
+ goto destroy;
+ }
+
+ {
+ void *def_ctx = NULL;
+
+ /* Save existing default ctx, if any */
+ ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &def_ctx );
+
+ /* Force new ctx to be created */
+ ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, NULL );
+
+ rc = ldap_pvt_tls_init_def_ctx( 1 );
+ if( rc == 0 ) {
+ ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx );
+ /* Restore previous ctx */
+ ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, def_ctx );
+ load_extop( &slap_EXOP_START_TLS, 0, starttls_extop );
+ } else if ( rc != LDAP_NOT_SUPPORTED ) {
+ Debug( LDAP_DEBUG_ANY,
+ "main: TLS init def ctx failed: %d\n",
+ rc, 0, 0 );
+ rc = 1;
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
+ goto destroy;
+ }
+ }
+#endif
+
+#ifdef HAVE_CYRUS_SASL
+ if( global_host == NULL ) {
+ global_host = ldap_pvt_get_fqdn( NULL );
+ }
+#endif
+
+ (void) SIGNAL( LDAP_SIGUSR1, slap_sig_wake );
+ (void) SIGNAL( LDAP_SIGUSR2, slap_sig_shutdown );
+
+#ifdef SIGPIPE
+ (void) SIGNAL( SIGPIPE, SIG_IGN );
+#endif
+#ifdef SIGHUP
+ (void) SIGNAL( SIGHUP, slap_sig_shutdown );
+#endif
+ (void) SIGNAL( SIGINT, slap_sig_shutdown );
+ (void) SIGNAL( SIGTERM, slap_sig_shutdown );
+#ifdef SIGTRAP
+ (void) SIGNAL( SIGTRAP, slap_sig_shutdown );
+#endif
+#ifdef LDAP_SIGCHLD
+ (void) SIGNAL( LDAP_SIGCHLD, wait4child );
+#endif
+#ifdef SIGBREAK
+ /* SIGBREAK is generated when Ctrl-Break is pressed. */
+ (void) SIGNAL( SIGBREAK, slap_sig_shutdown );
+#endif
+
+#ifndef HAVE_WINSOCK
+ lutil_detach( no_detach, 0 );
+#endif /* HAVE_WINSOCK */
+
+#ifdef CSRIMALLOC
+ mal_leaktrace(1);
+#endif
+
+ if ( slapd_pid_file != NULL ) {
+ FILE *fp = fopen( slapd_pid_file, "w" );
+
+ if ( fp == NULL ) {
+ int save_errno = errno;
+
+ Debug( LDAP_DEBUG_ANY, "unable to open pid file "
+ "\"%s\": %d (%s)\n",
+ slapd_pid_file,
+ save_errno, strerror( save_errno ) );
+
+ free( slapd_pid_file );
+ slapd_pid_file = NULL;
+
+ rc = 1;
+ goto destroy;
+ }
+ fprintf( fp, "%d\n", (int) getpid() );
+ fclose( fp );
+ slapd_pid_file_unlink = 1;
+ }
+
+ if ( slapd_args_file != NULL ) {
+ FILE *fp = fopen( slapd_args_file, "w" );
+
+ if ( fp == NULL ) {
+ int save_errno = errno;
+
+ Debug( LDAP_DEBUG_ANY, "unable to open args file "
+ "\"%s\": %d (%s)\n",
+ slapd_args_file,
+ save_errno, strerror( save_errno ) );
+
+ free( slapd_args_file );
+ slapd_args_file = NULL;
+
+ rc = 1;
+ goto destroy;
+ }
+
+ for ( i = 0; i < g_argc; i++ ) {
+ fprintf( fp, "%s ", g_argv[i] );
+ }
+ fprintf( fp, "\n" );
+ fclose( fp );
+ slapd_args_file_unlink = 1;
+ }
+
+ /*
+ * FIXME: moved here from slapd_daemon_task()
+ * because back-monitor db_open() needs it
+ */
+ time( &starttime );
+
+ if ( slap_startup( NULL ) != 0 ) {
+ rc = 1;
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 21 );
+ goto shutdown;
+ }
+
+ Debug( LDAP_DEBUG_ANY, "slapd starting\n", 0, 0, 0 );
+
+#ifdef HAVE_NT_EVENT_LOG
+ if (is_NT_Service)
+ lutil_LogStartedEvent( serverName, slap_debug, configfile ?
+ configfile : SLAPD_DEFAULT_CONFIGFILE , urls );
+#endif
+
+ rc = slapd_daemon();
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+ /* Throw away the event that we used during the startup process. */
+ if ( is_NT_Service )
+ ldap_pvt_thread_cond_destroy( &started_event );
+#endif
+
+shutdown:
+ /* remember an error during shutdown */
+ rc |= slap_shutdown( NULL );
+
+destroy:
+ /* remember an error during destroy */
+ rc |= slap_destroy();
+
+ while ( !LDAP_STAILQ_EMPTY( &slap_sync_cookie )) {
+ scp = LDAP_STAILQ_FIRST( &slap_sync_cookie );
+ LDAP_STAILQ_REMOVE_HEAD( &slap_sync_cookie, sc_next );
+ ch_free( scp );
+ }
+
+#ifdef SLAPD_MODULES
+ module_kill();
+#endif
+
+ slap_op_destroy();
+
+ extops_kill();
+
+stop:
+#ifdef HAVE_NT_EVENT_LOG
+ if (is_NT_Service)
+ lutil_LogStoppedEvent( serverName );
+#endif
+
+ Debug( LDAP_DEBUG_ANY, "slapd stopped.\n", 0, 0, 0 );
+
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+ lutil_ReportShutdownComplete();
+#endif
+
+#ifdef LOG_DEBUG
+ closelog();
+#endif
+ slapd_daemon_destroy();
+
+ controls_destroy();
+
+ schema_destroy();
+
+ lutil_passwd_destroy();
+
+#ifdef HAVE_TLS
+ ldap_pvt_tls_destroy();
+#endif
+
+ if ( slapd_pid_file_unlink ) {
+ unlink( slapd_pid_file );
+ }
+ if ( slapd_args_file_unlink ) {
+ unlink( slapd_args_file );
+ }
+
+ config_destroy();
+
+ if ( configfile )
+ ch_free( configfile );
+ if ( configdir )
+ ch_free( configdir );
+ if ( urls )
+ ch_free( urls );
+
+#ifdef CSRIMALLOC
+ mal_dumpleaktrace( leakfile );
+#endif
+
+ MAIN_RETURN(rc);
+}
+
+
+#ifdef LDAP_SIGCHLD
+
+/*
+ * Catch and discard terminated child processes, to avoid zombies.
+ */
+
+static RETSIGTYPE
+wait4child( int sig )
+{
+ int save_errno = errno;
+
+#ifdef WNOHANG
+ errno = 0;
+#ifdef HAVE_WAITPID
+ while ( waitpid( (pid_t)-1, NULL, WNOHANG ) > 0 || errno == EINTR )
+ ; /* NULL */
+#else
+ while ( wait3( NULL, WNOHANG, NULL ) > 0 || errno == EINTR )
+ ; /* NULL */
+#endif
+#else
+ (void) wait( NULL );
+#endif
+ (void) SIGNAL_REINSTALL( sig, wait4child );
+ errno = save_errno;
+}
+
+#endif /* LDAP_SIGCHLD */
+
+
+#ifdef LOG_LOCAL4
+
+/*
+ * Convert a string to an integer by means of a dispatcher table
+ * if the string is not in the table return the default
+ */
+
+static int
+cnvt_str2int( char *stringVal, STRDISP_P dispatcher, int defaultVal )
+{
+ int retVal = defaultVal;
+ STRDISP_P disp;
+
+ for (disp = dispatcher; disp->stringVal; disp++) {
+
+ if (!strncasecmp (stringVal, disp->stringVal, disp->abbr)) {
+
+ retVal = disp->intVal;
+ break;
+
+ }
+ }
+
+ return (retVal);
+}
+
+#endif /* LOG_LOCAL4 */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/matchedValues.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/matchedValues.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/matchedValues.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,348 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/matchedValues.c,v 1.25.2.4 2007/01/02 21:43:56 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+static int
+test_mra_vrFilter(
+ Operation *op,
+ Attribute *a,
+ MatchingRuleAssertion *mra,
+ char ***e_flags
+);
+
+static int
+test_substrings_vrFilter(
+ Operation *op,
+ Attribute *a,
+ ValuesReturnFilter *f,
+ char ***e_flags
+);
+
+static int
+test_presence_vrFilter(
+ Operation *op,
+ Attribute *a,
+ AttributeDescription *desc,
+ char ***e_flags
+);
+
+static int
+test_ava_vrFilter(
+ Operation *op,
+ Attribute *a,
+ AttributeAssertion *ava,
+ int type,
+ char ***e_flags
+);
+
+
+int
+filter_matched_values(
+ Operation *op,
+ Attribute *a,
+ char ***e_flags )
+{
+ ValuesReturnFilter *vrf;
+ int rc = LDAP_SUCCESS;
+
+ Debug( LDAP_DEBUG_FILTER, "=> filter_matched_values\n", 0, 0, 0 );
+
+ for ( vrf = op->o_vrFilter; vrf != NULL; vrf = vrf->vrf_next ) {
+ switch ( vrf->vrf_choice ) {
+ case SLAPD_FILTER_COMPUTED:
+ Debug( LDAP_DEBUG_FILTER, " COMPUTED %s (%d)\n",
+ vrf->vrf_result == LDAP_COMPARE_FALSE ? "false"
+ : vrf->vrf_result == LDAP_COMPARE_TRUE ? "true"
+ : vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? "undefined"
+ : "error",
+ vrf->vrf_result, 0 );
+ /*This type of filter does not affect the result */
+ rc = LDAP_SUCCESS;
+ break;
+
+ case LDAP_FILTER_EQUALITY:
+ Debug( LDAP_DEBUG_FILTER, " EQUALITY\n", 0, 0, 0 );
+ rc = test_ava_vrFilter( op, a, vrf->vrf_ava,
+ LDAP_FILTER_EQUALITY, e_flags );
+ if( rc == -1 ) return rc;
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n", 0, 0, 0 );
+ rc = test_substrings_vrFilter( op, a,
+ vrf, e_flags );
+ if( rc == -1 ) return rc;
+ break;
+
+ case LDAP_FILTER_PRESENT:
+ Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 );
+ rc = test_presence_vrFilter( op, a,
+ vrf->vrf_desc, e_flags );
+ if( rc == -1 ) return rc;
+ break;
+
+ case LDAP_FILTER_GE:
+ rc = test_ava_vrFilter( op, a, vrf->vrf_ava,
+ LDAP_FILTER_GE, e_flags );
+ if( rc == -1 ) return rc;
+ break;
+
+ case LDAP_FILTER_LE:
+ rc = test_ava_vrFilter( op, a, vrf->vrf_ava,
+ LDAP_FILTER_LE, e_flags );
+ if( rc == -1 ) return rc;
+ break;
+
+ case LDAP_FILTER_EXT:
+ Debug( LDAP_DEBUG_FILTER, " EXT\n", 0, 0, 0 );
+ rc = test_mra_vrFilter( op, a,
+ vrf->vrf_mra, e_flags );
+ if( rc == -1 ) return rc;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY, " unknown filter type %lu\n",
+ vrf->vrf_choice, 0, 0 );
+ rc = LDAP_PROTOCOL_ERROR;
+ }
+ }
+
+ Debug( LDAP_DEBUG_FILTER, "<= filter_matched_values %d\n", rc, 0, 0 );
+ return( rc );
+}
+
+static int
+test_ava_vrFilter(
+ Operation *op,
+ Attribute *a,
+ AttributeAssertion *ava,
+ int type,
+ char ***e_flags )
+{
+ int i, j;
+
+ for ( i=0; a != NULL; a = a->a_next, i++ ) {
+ MatchingRule *mr;
+ struct berval *bv;
+
+ if ( !is_ad_subtype( a->a_desc, ava->aa_desc ) ) {
+ continue;
+ }
+
+ switch ( type ) {
+ case LDAP_FILTER_APPROX:
+ mr = a->a_desc->ad_type->sat_approx;
+ if( mr != NULL ) break;
+ /* use EQUALITY matching rule if no APPROX rule */
+
+ case LDAP_FILTER_EQUALITY:
+ mr = a->a_desc->ad_type->sat_equality;
+ break;
+
+ case LDAP_FILTER_GE:
+ case LDAP_FILTER_LE:
+ mr = a->a_desc->ad_type->sat_ordering;
+ break;
+
+ default:
+ mr = NULL;
+ }
+
+ if( mr == NULL ) continue;
+
+ bv = a->a_nvals;
+ for ( j=0; !BER_BVISNULL( bv ); bv++, j++ ) {
+ int rc, match;
+ const char *text;
+
+ rc = value_match( &match, a->a_desc, mr, 0,
+ bv, &ava->aa_value, &text );
+ if( rc != LDAP_SUCCESS ) return rc;
+
+ switch ( type ) {
+ case LDAP_FILTER_EQUALITY:
+ case LDAP_FILTER_APPROX:
+ if ( match == 0 ) {
+ (*e_flags)[i][j] = 1;
+ }
+ break;
+
+ case LDAP_FILTER_GE:
+ if ( match >= 0 ) {
+ (*e_flags)[i][j] = 1;
+ }
+ break;
+
+ case LDAP_FILTER_LE:
+ if ( match <= 0 ) {
+ (*e_flags)[i][j] = 1;
+ }
+ break;
+ }
+ }
+ }
+ return LDAP_SUCCESS;
+}
+
+static int
+test_presence_vrFilter(
+ Operation *op,
+ Attribute *a,
+ AttributeDescription *desc,
+ char ***e_flags )
+{
+ int i, j;
+
+ for ( i=0; a != NULL; a = a->a_next, i++ ) {
+ struct berval *bv;
+
+ if ( !is_ad_subtype( a->a_desc, desc ) ) continue;
+
+ for ( bv = a->a_vals, j = 0; !BER_BVISNULL( bv ); bv++, j++ );
+ memset( (*e_flags)[i], 1, j);
+ }
+
+ return( LDAP_SUCCESS );
+}
+
+static int
+test_substrings_vrFilter(
+ Operation *op,
+ Attribute *a,
+ ValuesReturnFilter *vrf,
+ char ***e_flags )
+{
+ int i, j;
+
+ for ( i=0; a != NULL; a = a->a_next, i++ ) {
+ MatchingRule *mr = a->a_desc->ad_type->sat_substr;
+ struct berval *bv;
+
+ if ( !is_ad_subtype( a->a_desc, vrf->vrf_sub_desc ) ) {
+ continue;
+ }
+
+ if( mr == NULL ) continue;
+
+ bv = a->a_nvals;
+ for ( j = 0; !BER_BVISNULL( bv ); bv++, j++ ) {
+ int rc, match;
+ const char *text;
+
+ rc = value_match( &match, a->a_desc, mr, 0,
+ bv, vrf->vrf_sub, &text );
+
+ if( rc != LDAP_SUCCESS ) return rc;
+
+ if ( match == 0 ) {
+ (*e_flags)[i][j] = 1;
+ }
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+test_mra_vrFilter(
+ Operation *op,
+ Attribute *a,
+ MatchingRuleAssertion *mra,
+ char ***e_flags )
+{
+ int i, j;
+
+ for ( i = 0; a != NULL; a = a->a_next, i++ ) {
+ struct berval *bv, assertedValue;
+ int normalize_attribute = 0;
+
+ if ( mra->ma_desc ) {
+ if ( !is_ad_subtype( a->a_desc, mra->ma_desc ) ) {
+ continue;
+ }
+ assertedValue = mra->ma_value;
+
+ } else {
+ int rc;
+ const char *text = NULL;
+
+ /* check if matching is appropriate */
+ if ( !mr_usable_with_at( mra->ma_rule, a->a_desc->ad_type ) ) {
+ continue;
+ }
+
+ rc = asserted_value_validate_normalize( a->a_desc, mra->ma_rule,
+ SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ &mra->ma_value, &assertedValue, &text, op->o_tmpmemctx );
+
+ if ( rc != LDAP_SUCCESS ) continue;
+ }
+
+ /* check match */
+ if ( mra->ma_rule == a->a_desc->ad_type->sat_equality ) {
+ bv = a->a_nvals;
+
+ } else {
+ bv = a->a_vals;
+ normalize_attribute = 1;
+ }
+
+ for ( j = 0; !BER_BVISNULL( bv ); bv++, j++ ) {
+ int rc, match;
+ const char *text;
+ struct berval nbv = BER_BVNULL;
+
+ if ( normalize_attribute && mra->ma_rule->smr_normalize ) {
+ /* see comment in filterentry.c */
+ if ( mra->ma_rule->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ mra->ma_rule->smr_syntax,
+ mra->ma_rule,
+ bv, &nbv, op->o_tmpmemctx ) != LDAP_SUCCESS )
+ {
+ /* FIXME: stop processing? */
+ continue;
+ }
+
+ } else {
+ nbv = *bv;
+ }
+
+ rc = value_match( &match, a->a_desc, mra->ma_rule, 0,
+ &nbv, &assertedValue, &text );
+
+ if ( nbv.bv_val != bv->bv_val ) {
+ op->o_tmpfree( nbv.bv_val, op->o_tmpmemctx );
+ }
+
+ if ( rc != LDAP_SUCCESS ) return rc;
+
+ if ( match == 0 ) {
+ (*e_flags)[i][j] = 1;
+ }
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/modify.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/modify.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/modify.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,929 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/modify.c,v 1.227.2.25 2007/01/02 21:43:56 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "slap.h"
+#include "lutil.h"
+
+
+int
+do_modify(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct berval dn = BER_BVNULL;
+ char *last;
+ ber_tag_t tag;
+ ber_len_t len;
+ Modifications *modlist = NULL;
+ Modifications **modtail = &modlist;
+ int increment = 0;
+ char textbuf[ SLAP_TEXT_BUFLEN ];
+ size_t textlen = sizeof( textbuf );
+
+ Debug( LDAP_DEBUG_TRACE, "do_modify\n", 0, 0, 0 );
+
+ /*
+ * Parse the modify request. It looks like this:
+ *
+ * ModifyRequest := [APPLICATION 6] SEQUENCE {
+ * name DistinguishedName,
+ * mods SEQUENCE OF SEQUENCE {
+ * operation ENUMERATED {
+ * add (0),
+ * delete (1),
+ * replace (2)
+ * },
+ * modification SEQUENCE {
+ * type AttributeType,
+ * values SET OF AttributeValue
+ * }
+ * }
+ * }
+ */
+
+ if ( ber_scanf( op->o_ber, "{m" /*}*/, &dn ) == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, "do_modify: ber_scanf failed\n", 0, 0, 0 );
+
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
+ return SLAPD_DISCONNECT;
+ }
+
+ Debug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", dn.bv_val, 0, 0 );
+
+ /* collect modifications & save for later */
+ for ( tag = ber_first_element( op->o_ber, &len, &last );
+ tag != LBER_DEFAULT;
+ tag = ber_next_element( op->o_ber, &len, last ) )
+ {
+ ber_int_t mop;
+ Modifications tmp, *mod;
+
+ tmp.sml_nvalues = NULL;
+
+ if ( ber_scanf( op->o_ber, "{e{m[W]}}", &mop,
+ &tmp.sml_type, &tmp.sml_values ) == LBER_ERROR )
+ {
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR,
+ "decoding modlist error" );
+ rs->sr_err = SLAPD_DISCONNECT;
+ goto cleanup;
+ }
+
+ mod = (Modifications *) ch_malloc( sizeof(Modifications) );
+ mod->sml_op = mop;
+ mod->sml_flags = 0;
+ mod->sml_type = tmp.sml_type;
+ mod->sml_values = tmp.sml_values;
+ mod->sml_nvalues = NULL;
+ mod->sml_desc = NULL;
+ mod->sml_next = NULL;
+ *modtail = mod;
+
+ switch( mop ) {
+ case LDAP_MOD_ADD:
+ if ( mod->sml_values == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "do_modify: modify/add operation (%ld) requires values\n",
+ (long) mop, 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
+ "modify/add operation requires values" );
+ goto cleanup;
+ }
+
+ /* fall through */
+
+ case LDAP_MOD_DELETE:
+ case LDAP_MOD_REPLACE:
+ break;
+
+ case LDAP_MOD_INCREMENT:
+ if( op->o_protocol >= LDAP_VERSION3 ) {
+ increment++;
+ if ( mod->sml_values == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "do_modify: "
+ "modify/increment operation (%ld) requires value\n",
+ (long) mop, 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
+ "modify/increment operation requires value" );
+ goto cleanup;
+ }
+
+ if ( !BER_BVISNULL( &mod->sml_values[ 1 ] ) ) {
+ Debug( LDAP_DEBUG_ANY, "do_modify: modify/increment "
+ "operation (%ld) requires single value\n",
+ (long) mop, 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
+ "modify/increment operation requires single value" );
+ goto cleanup;
+ }
+
+ break;
+ }
+ /* fall thru */
+
+ default: {
+ Debug( LDAP_DEBUG_ANY,
+ "do_modify: unrecognized modify operation (%ld)\n",
+ (long) mop, 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
+ "unrecognized modify operation" );
+ goto cleanup;
+ }
+ }
+
+ modtail = &mod->sml_next;
+ }
+ *modtail = NULL;
+
+ if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "do_modify: get_ctrls failed\n", 0, 0, 0 );
+
+ goto cleanup;
+ }
+
+ rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn,
+ op->o_tmpmemctx );
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "do_modify: invalid dn (%s)\n", dn.bv_val, 0, 0 );
+ send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
+ goto cleanup;
+ }
+
+ rs->sr_err = slap_mods_check( modlist,
+ &rs->sr_text, textbuf, textlen, NULL );
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ /* FIXME: needs review */
+ op->orm_modlist = modlist;
+ op->orm_increment = increment;
+
+ op->o_bd = frontendDB;
+ rs->sr_err = frontendDB->be_modify( op, rs );
+
+cleanup:
+ op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+ if ( op->orm_modlist != NULL ) slap_mods_free( op->orm_modlist, 1 );
+
+ return rs->sr_err;
+}
+
+int
+fe_op_modify( Operation *op, SlapReply *rs )
+{
+#ifdef LDAP_DEBUG
+ Modifications *tmp;
+#endif
+ int manageDSAit;
+ Modifications *modlist = op->orm_modlist;
+ int increment = op->orm_increment;
+ BackendDB *op_be, *bd = op->o_bd;
+ char textbuf[ SLAP_TEXT_BUFLEN ];
+ size_t textlen = sizeof( textbuf );
+
+ if( BER_BVISEMPTY( &op->o_req_ndn ) ) {
+ Debug( LDAP_DEBUG_ANY, "do_modify: root dse!\n", 0, 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "modify upon the root DSE not supported" );
+ goto cleanup;
+
+ } else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
+ Debug( LDAP_DEBUG_ANY, "do_modify: subschema subentry!\n", 0, 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "modification of subschema subentry not supported" );
+ goto cleanup;
+ }
+
+#ifdef LDAP_DEBUG
+ Debug( LDAP_DEBUG_ARGS, "modifications:\n", 0, 0, 0 );
+
+ for ( tmp = modlist; tmp != NULL; tmp = tmp->sml_next ) {
+ Debug( LDAP_DEBUG_ARGS, "\t%s: %s\n",
+ tmp->sml_op == LDAP_MOD_ADD ? "add" :
+ (tmp->sml_op == LDAP_MOD_INCREMENT ? "increment" :
+ (tmp->sml_op == LDAP_MOD_DELETE ? "delete" :
+ "replace")), tmp->sml_type.bv_val, 0 );
+
+ if ( tmp->sml_values == NULL ) {
+ Debug( LDAP_DEBUG_ARGS, "%s\n",
+ "\t\tno values", NULL, NULL );
+ } else if ( BER_BVISNULL( &tmp->sml_values[ 0 ] ) ) {
+ Debug( LDAP_DEBUG_ARGS, "%s\n",
+ "\t\tzero values", NULL, NULL );
+ } else if ( BER_BVISNULL( &tmp->sml_values[ 1 ] ) ) {
+ Debug( LDAP_DEBUG_ARGS, "%s, length %ld\n",
+ "\t\tone value", (long) tmp->sml_values[0].bv_len, NULL );
+ } else {
+ Debug( LDAP_DEBUG_ARGS, "%s\n",
+ "\t\tmultiple values", NULL, NULL );
+ }
+ }
+
+ if ( StatslogTest( LDAP_DEBUG_STATS ) ) {
+ char abuf[BUFSIZ/2], *ptr = abuf;
+ int len = 0;
+
+ Statslog( LDAP_DEBUG_STATS, "%s MOD dn=\"%s\"\n",
+ op->o_log_prefix, op->o_req_dn.bv_val, 0, 0, 0 );
+
+ for ( tmp = modlist; tmp != NULL; tmp = tmp->sml_next ) {
+ if (len + 1 + tmp->sml_type.bv_len > sizeof(abuf)) {
+ Statslog( LDAP_DEBUG_STATS, "%s MOD attr=%s\n",
+ op->o_log_prefix, abuf, 0, 0, 0 );
+
+ len = 0;
+ ptr = abuf;
+
+ if( 1 + tmp->sml_type.bv_len > sizeof(abuf)) {
+ Statslog( LDAP_DEBUG_STATS, "%s MOD attr=%s\n",
+ op->o_log_prefix, tmp->sml_type.bv_val, 0, 0, 0 );
+ continue;
+ }
+ }
+ if (len) {
+ *ptr++ = ' ';
+ len++;
+ }
+ ptr = lutil_strcopy(ptr, tmp->sml_type.bv_val);
+ len += tmp->sml_type.bv_len;
+ }
+ if (len) {
+ Statslog( LDAP_DEBUG_STATS, "%s MOD attr=%s\n",
+ op->o_log_prefix, abuf, 0, 0, 0 );
+ }
+ }
+#endif /* LDAP_DEBUG */
+
+ manageDSAit = get_manageDSAit( op );
+
+ /*
+ * We could be serving multiple database backends. Select the
+ * appropriate one, or send a referral to our "referral server"
+ * if we don't hold it.
+ */
+ op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 1 );
+ if ( op->o_bd == NULL ) {
+ op->o_bd = bd;
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ if (!rs->sr_ref) rs->sr_ref = default_referral;
+
+ if (rs->sr_ref != NULL ) {
+ rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+
+ if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "no global superior knowledge" );
+ }
+ goto cleanup;
+ }
+
+ /* If we've got a glued backend, check the real backend */
+ op_be = op->o_bd;
+ if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
+ op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 );
+ }
+
+ /* check restrictions */
+ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ /* check for referrals */
+ if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
+ goto cleanup;
+ }
+
+ rs->sr_err = slap_mods_obsolete_check( op, modlist,
+ &rs->sr_text, textbuf, textlen );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ /* check for modify/increment support */
+ if( increment && !SLAP_INCREMENT( op->o_bd ) ) {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "modify/increment not supported in context" );
+ }
+
+ /*
+ * do the modify if 1 && (2 || 3)
+ * 1) there is a modify function implemented in this backend;
+ * 2) this backend is master for what it holds;
+ * 3) it's a replica and the dn supplied is the update_ndn.
+ */
+ if ( op->o_bd->be_modify ) {
+ /* do the update here */
+ int repl_user = be_isupdate( op );
+
+ /* Multimaster slapd does not have to check for replicator dn
+ * because it accepts each modify request
+ */
+#ifndef SLAPD_MULTIMASTER
+ if ( !SLAP_SHADOW(op->o_bd) || repl_user )
+#endif
+ {
+ int update = !BER_BVISEMPTY( &op->o_bd->be_update_ndn );
+ slap_callback cb = { NULL, slap_replog_cb, NULL, NULL };
+
+ op->o_bd = op_be;
+
+ if ( !update ) {
+ rs->sr_err = slap_mods_no_user_mod_check( op, modlist,
+ &rs->sr_text, textbuf, textlen );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+ }
+
+ op->orm_modlist = modlist;
+#ifdef SLAPD_MULTIMASTER
+ if ( !repl_user )
+#endif
+ {
+ /* but multimaster slapd logs only the ones
+ * not from a replicator user */
+ cb.sc_next = op->o_callback;
+ op->o_callback = &cb;
+ }
+ op->o_bd->be_modify( op, rs );
+
+#ifndef SLAPD_MULTIMASTER
+ /* send a referral */
+ } else {
+ BerVarray defref = op->o_bd->be_update_refs
+ ? op->o_bd->be_update_refs : default_referral;
+ if ( defref != NULL ) {
+ rs->sr_ref = referral_rewrite( defref,
+ NULL, &op->o_req_dn,
+ LDAP_SCOPE_DEFAULT );
+ if ( rs->sr_ref == NULL ) {
+ /* FIXME: must duplicate, because
+ * overlays may muck with it */
+ rs->sr_ref = defref;
+ }
+ rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+ if ( rs->sr_ref != defref ) {
+ ber_bvarray_free( rs->sr_ref );
+ }
+
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "shadow context; no update referral" );
+ }
+#endif
+ }
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "operation not supported within namingContext" );
+ }
+
+cleanup:;
+ op->o_bd = bd;
+ return rs->sr_err;
+}
+
+/*
+ * Obsolete constraint checking.
+ */
+int
+slap_mods_obsolete_check(
+ Operation *op,
+ Modifications *ml,
+ const char **text,
+ char *textbuf,
+ size_t textlen )
+{
+ if( get_manageDIT( op ) ) return LDAP_SUCCESS;
+
+ for ( ; ml != NULL; ml = ml->sml_next ) {
+ if ( is_at_obsolete( ml->sml_desc->ad_type ) &&
+ (( ml->sml_op != LDAP_MOD_REPLACE &&
+ ml->sml_op != LDAP_MOD_DELETE ) ||
+ ml->sml_values != NULL ))
+ {
+ /*
+ * attribute is obsolete,
+ * only allow replace/delete with no values
+ */
+ snprintf( textbuf, textlen,
+ "%s: attribute is obsolete",
+ ml->sml_type.bv_val );
+ *text = textbuf;
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * No-user-modification constraint checking.
+ */
+int
+slap_mods_no_user_mod_check(
+ Operation *op,
+ Modifications *ml,
+ const char **text,
+ char *textbuf,
+ size_t textlen )
+{
+ for ( ; ml != NULL; ml = ml->sml_next ) {
+ if ( !is_at_no_user_mod( ml->sml_desc->ad_type ) ) continue;
+
+ if ( get_manageDIT( op ) ) {
+ if ( ml->sml_desc->ad_type->sat_flags & SLAP_AT_MANAGEABLE ) {
+ ml->sml_flags |= SLAP_MOD_MANAGING;
+ continue;
+ }
+
+ /* attribute not manageable */
+ snprintf( textbuf, textlen,
+ "%s: no-user-modification attribute not manageable",
+ ml->sml_type.bv_val );
+
+ } else {
+ /* user modification disallowed */
+ snprintf( textbuf, textlen,
+ "%s: no user modification allowed",
+ ml->sml_type.bv_val );
+ }
+
+ *text = textbuf;
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int
+slap_mods_no_repl_user_mod_check(
+ Operation *op,
+ Modifications *ml,
+ const char **text,
+ char *textbuf,
+ size_t textlen )
+{
+ Modifications *mods;
+ Modifications *modp;
+
+ for ( mods = ml; mods != NULL; mods = mods->sml_next ) {
+ assert( mods->sml_op == LDAP_MOD_ADD );
+
+ /* check doesn't already appear */
+ for ( modp = ml; modp != NULL; modp = modp->sml_next ) {
+ if ( mods->sml_desc == modp->sml_desc && mods != modp ) {
+ snprintf( textbuf, textlen,
+ "attribute '%s' provided more than once",
+ mods->sml_desc->ad_cname.bv_val );
+ *text = textbuf;
+ return LDAP_TYPE_OR_VALUE_EXISTS;
+ }
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Do basic attribute type checking and syntax validation.
+ */
+int slap_mods_check(
+ Modifications *ml,
+ const char **text,
+ char *textbuf,
+ size_t textlen,
+ void *ctx )
+{
+ int rc;
+
+ for( ; ml != NULL; ml = ml->sml_next ) {
+ AttributeDescription *ad = NULL;
+
+ /* convert to attribute description */
+ if ( ml->sml_desc == NULL ) {
+ rc = slap_bv2ad( &ml->sml_type, &ml->sml_desc, text );
+ if( rc != LDAP_SUCCESS ) {
+ snprintf( textbuf, textlen, "%s: %s",
+ ml->sml_type.bv_val, *text );
+ *text = textbuf;
+ return rc;
+ }
+ }
+
+ ad = ml->sml_desc;
+
+ if( slap_syntax_is_binary( ad->ad_type->sat_syntax )
+ && !slap_ad_is_binary( ad ))
+ {
+ /* attribute requires binary transfer */
+ snprintf( textbuf, textlen,
+ "%s: requires ;binary transfer",
+ ml->sml_type.bv_val );
+ *text = textbuf;
+ return LDAP_UNDEFINED_TYPE;
+ }
+
+ if( !slap_syntax_is_binary( ad->ad_type->sat_syntax )
+ && slap_ad_is_binary( ad ))
+ {
+ /* attribute does not require binary transfer */
+ snprintf( textbuf, textlen,
+ "%s: disallows ;binary transfer",
+ ml->sml_type.bv_val );
+ *text = textbuf;
+ return LDAP_UNDEFINED_TYPE;
+ }
+
+ if( slap_ad_is_tag_range( ad )) {
+ /* attribute requires binary transfer */
+ snprintf( textbuf, textlen,
+ "%s: inappropriate use of tag range option",
+ ml->sml_type.bv_val );
+ *text = textbuf;
+ return LDAP_UNDEFINED_TYPE;
+ }
+
+#if 0
+ if ( is_at_obsolete( ad->ad_type ) &&
+ (( ml->sml_op != LDAP_MOD_REPLACE &&
+ ml->sml_op != LDAP_MOD_DELETE ) ||
+ ml->sml_values != NULL ))
+ {
+ /*
+ * attribute is obsolete,
+ * only allow replace/delete with no values
+ */
+ snprintf( textbuf, textlen,
+ "%s: attribute is obsolete",
+ ml->sml_type.bv_val );
+ *text = textbuf;
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+#endif
+
+ if ( ml->sml_op == LDAP_MOD_INCREMENT &&
+#ifdef SLAPD_REAL_SYNTAX
+ !is_at_syntax( ad->ad_type, SLAPD_REAL_SYNTAX ) &&
+#endif
+ !is_at_syntax( ad->ad_type, SLAPD_INTEGER_SYNTAX ) )
+ {
+ /*
+ * attribute values must be INTEGER or REAL
+ */
+ snprintf( textbuf, textlen,
+ "%s: attribute syntax inappropriate for increment",
+ ml->sml_type.bv_val );
+ *text = textbuf;
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+
+ /*
+ * check values
+ */
+ if( ml->sml_values != NULL ) {
+ ber_len_t nvals;
+ slap_syntax_validate_func *validate =
+ ad->ad_type->sat_syntax->ssyn_validate;
+ slap_syntax_transform_func *pretty =
+ ad->ad_type->sat_syntax->ssyn_pretty;
+
+ if( !pretty && !validate ) {
+ *text = "no validator for syntax";
+ snprintf( textbuf, textlen,
+ "%s: no validator for syntax %s",
+ ml->sml_type.bv_val,
+ ad->ad_type->sat_syntax->ssyn_oid );
+ *text = textbuf;
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /*
+ * check that each value is valid per syntax
+ * and pretty if appropriate
+ */
+ for ( nvals = 0; !BER_BVISNULL( &ml->sml_values[nvals] ); nvals++ ) {
+ struct berval pval;
+
+ if ( pretty ) {
+#ifdef SLAP_ORDERED_PRETTYNORM
+ rc = ordered_value_pretty( ad,
+ &ml->sml_values[nvals], &pval, ctx );
+#else /* ! SLAP_ORDERED_PRETTYNORM */
+ rc = pretty( ad->ad_type->sat_syntax,
+ &ml->sml_values[nvals], &pval, ctx );
+#endif /* ! SLAP_ORDERED_PRETTYNORM */
+ } else {
+#ifdef SLAP_ORDERED_PRETTYNORM
+ rc = ordered_value_validate( ad,
+ &ml->sml_values[nvals], ml->sml_op );
+#else /* ! SLAP_ORDERED_PRETTYNORM */
+ rc = validate( ad->ad_type->sat_syntax,
+ &ml->sml_values[nvals] );
+#endif /* ! SLAP_ORDERED_PRETTYNORM */
+ }
+
+ if( rc != 0 ) {
+ snprintf( textbuf, textlen,
+ "%s: value #%ld invalid per syntax",
+ ml->sml_type.bv_val, (long) nvals );
+ *text = textbuf;
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if( pretty ) {
+ ber_memfree_x( ml->sml_values[nvals].bv_val, ctx );
+ ml->sml_values[nvals] = pval;
+ }
+ }
+
+ /*
+ * a rough single value check... an additional check is needed
+ * to catch add of single value to existing single valued attribute
+ */
+ if ((ml->sml_op == LDAP_MOD_ADD || ml->sml_op == LDAP_MOD_REPLACE)
+ && nvals > 1 && is_at_single_value( ad->ad_type ))
+ {
+ snprintf( textbuf, textlen,
+ "%s: multiple values provided",
+ ml->sml_type.bv_val );
+ *text = textbuf;
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+
+ /* if the type has a normalizer, generate the
+ * normalized values. otherwise leave them NULL.
+ *
+ * this is different from the rule for attributes
+ * in an entry - in an attribute list, the normalized
+ * value is set equal to the non-normalized value
+ * when there is no normalizer.
+ */
+ if( nvals && ad->ad_type->sat_equality &&
+ ad->ad_type->sat_equality->smr_normalize )
+ {
+ ml->sml_nvalues = ber_memalloc_x(
+ (nvals+1)*sizeof(struct berval), ctx );
+
+ for ( nvals = 0; !BER_BVISNULL( &ml->sml_values[nvals] ); nvals++ ) {
+#ifdef SLAP_ORDERED_PRETTYNORM
+ rc = ordered_value_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ ad,
+ ad->ad_type->sat_equality,
+ &ml->sml_values[nvals], &ml->sml_nvalues[nvals], ctx );
+#else /* ! SLAP_ORDERED_PRETTYNORM */
+ rc = ad->ad_type->sat_equality->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ ad->ad_type->sat_syntax,
+ ad->ad_type->sat_equality,
+ &ml->sml_values[nvals], &ml->sml_nvalues[nvals], ctx );
+#endif /* ! SLAP_ORDERED_PRETTYNORM */
+ if ( rc ) {
+ Debug( LDAP_DEBUG_ANY,
+ "<= str2entry NULL (ssyn_normalize %d)\n",
+ rc, 0, 0 );
+ snprintf( textbuf, textlen,
+ "%s: value #%ld normalization failed",
+ ml->sml_type.bv_val, (long) nvals );
+ *text = textbuf;
+ return rc;
+ }
+ }
+
+ BER_BVZERO( &ml->sml_nvalues[nvals] );
+ }
+
+ /* check for duplicates, but ignore Deletes.
+ */
+ if( nvals > 1 && ml->sml_op != LDAP_MOD_DELETE ) {
+ int i, j, rc, match;
+ MatchingRule *mr = ad->ad_type->sat_equality;
+
+ for ( i = 1; i < nvals ; i++ ) {
+ /* test asserted values against themselves */
+ for( j = 0; j < i; j++ ) {
+ rc = ordered_value_match( &match, ml->sml_desc, mr,
+ SLAP_MR_EQUALITY
+ | SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX
+ | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH
+ | SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
+ ml->sml_nvalues
+ ? &ml->sml_nvalues[i]
+ : &ml->sml_values[i],
+ ml->sml_nvalues
+ ? &ml->sml_nvalues[j]
+ : &ml->sml_values[j],
+ text );
+ if ( rc == LDAP_SUCCESS && match == 0 ) {
+ /* value exists already */
+ snprintf( textbuf, textlen,
+ "%s: value #%d provided more than once",
+ ml->sml_desc->ad_cname.bv_val, j );
+ *text = textbuf;
+ return LDAP_TYPE_OR_VALUE_EXISTS;
+
+ } else if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ }
+ }
+ }
+
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/* Enter with bv->bv_len = sizeof buffer, returns with
+ * actual length of string
+ */
+void slap_timestamp( time_t *tm, struct berval *bv )
+{
+ struct tm *ltm;
+#ifdef HAVE_GMTIME_R
+ struct tm ltm_buf;
+
+ ltm = gmtime_r( tm, <m_buf );
+#else
+ ldap_pvt_thread_mutex_lock( &gmtime_mutex );
+ ltm = gmtime( tm );
+#endif
+
+ bv->bv_len = lutil_gentime( bv->bv_val, bv->bv_len, ltm );
+
+#ifndef HAVE_GMTIME_R
+ ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
+#endif
+}
+
+/* Called for all modify and modrdn ops. If the current op was replicated
+ * from elsewhere, all of the attrs should already be present.
+ */
+void slap_mods_opattrs(
+ Operation *op,
+ Modifications **modsp,
+ int manage_ctxcsn )
+{
+ struct berval name, timestamp, csn = BER_BVNULL;
+ struct berval nname;
+ char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+ char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
+ Modifications *mod, **modtail, *modlast;
+ int gotcsn = 0, gotmname = 0, gotmtime = 0;
+
+ if ( SLAP_LASTMOD( op->o_bd ) ) {
+ char *ptr;
+ timestamp.bv_val = timebuf;
+ for ( modtail = modsp; *modtail; modtail = &(*modtail)->sml_next ) {
+ if ( (*modtail)->sml_op != LDAP_MOD_ADD &&
+ (*modtail)->sml_op != LDAP_MOD_REPLACE ) continue;
+ if ( (*modtail)->sml_desc == slap_schema.si_ad_entryCSN ) {
+ csn = (*modtail)->sml_values[0];
+ gotcsn = 1;
+ } else
+ if ( (*modtail)->sml_desc == slap_schema.si_ad_modifiersName ) {
+ gotmname = 1;
+ } else
+ if ( (*modtail)->sml_desc == slap_schema.si_ad_modifyTimestamp ) {
+ gotmtime = 1;
+ }
+ }
+ if ( BER_BVISEMPTY( &op->o_csn )) {
+ if ( !gotcsn ) {
+ csn.bv_val = csnbuf;
+ csn.bv_len = sizeof( csnbuf );
+ slap_get_csn( op, &csn, manage_ctxcsn );
+ } else {
+ if ( manage_ctxcsn )
+ slap_queue_csn( op, &csn );
+ }
+ } else {
+ csn = op->o_csn;
+ }
+ ptr = ber_bvchr( &csn, '#' );
+ if ( ptr && ptr < &csn.bv_val[csn.bv_len] ) {
+ timestamp.bv_len = ptr - csn.bv_val;
+ if ( timestamp.bv_len >= sizeof( timebuf ))
+ timestamp.bv_len = sizeof( timebuf ) - 1;
+ strncpy( timebuf, csn.bv_val, timestamp.bv_len );
+ timebuf[timestamp.bv_len] = '\0';
+ } else {
+ time_t now = slap_get_time();
+
+ timestamp.bv_len = sizeof(timebuf);
+
+ slap_timestamp( &now, ×tamp );
+ }
+
+ if ( BER_BVISEMPTY( &op->o_dn ) ) {
+ BER_BVSTR( &name, SLAPD_ANONYMOUS );
+ nname = name;
+ } else {
+ name = op->o_dn;
+ nname = op->o_ndn;
+ }
+
+ if ( !gotcsn ) {
+ mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
+ mod->sml_op = LDAP_MOD_REPLACE;
+ mod->sml_flags = SLAP_MOD_INTERNAL;
+ mod->sml_next = NULL;
+ BER_BVZERO( &mod->sml_type );
+ mod->sml_desc = slap_schema.si_ad_entryCSN;
+ mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
+ ber_dupbv( &mod->sml_values[0], &csn );
+ BER_BVZERO( &mod->sml_values[1] );
+ assert( !BER_BVISNULL( &mod->sml_values[0] ) );
+ mod->sml_nvalues = NULL;
+ *modtail = mod;
+ modlast = mod;
+ modtail = &mod->sml_next;
+ }
+
+ if ( !gotmname ) {
+ mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
+ mod->sml_op = LDAP_MOD_REPLACE;
+ mod->sml_flags = SLAP_MOD_INTERNAL;
+ mod->sml_next = NULL;
+ BER_BVZERO( &mod->sml_type );
+ mod->sml_desc = slap_schema.si_ad_modifiersName;
+ mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
+ ber_dupbv( &mod->sml_values[0], &name );
+ BER_BVZERO( &mod->sml_values[1] );
+ assert( !BER_BVISNULL( &mod->sml_values[0] ) );
+ mod->sml_nvalues =
+ (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
+ ber_dupbv( &mod->sml_nvalues[0], &nname );
+ BER_BVZERO( &mod->sml_nvalues[1] );
+ assert( !BER_BVISNULL( &mod->sml_nvalues[0] ) );
+ *modtail = mod;
+ modtail = &mod->sml_next;
+ }
+
+ if ( !gotmtime ) {
+ mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
+ mod->sml_op = LDAP_MOD_REPLACE;
+ mod->sml_flags = SLAP_MOD_INTERNAL;
+ mod->sml_next = NULL;
+ BER_BVZERO( &mod->sml_type );
+ mod->sml_desc = slap_schema.si_ad_modifyTimestamp;
+ mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
+ ber_dupbv( &mod->sml_values[0], ×tamp );
+ BER_BVZERO( &mod->sml_values[1] );
+ assert( !BER_BVISNULL( &mod->sml_values[0] ) );
+ mod->sml_nvalues = NULL;
+ *modtail = mod;
+ modtail = &mod->sml_next;
+ }
+ }
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/modrdn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/modrdn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/modrdn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,546 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/modrdn.c,v 1.146.2.15 2007/01/02 21:43:56 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright 1999, Juan C. Gomez, All rights reserved.
+ * This software is not subject to any license of Silicon Graphics
+ * Inc. or Purdue University.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * without restriction or fee of any kind as long as this notice
+ * is preserved.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+
+int
+do_modrdn(
+ Operation *op,
+ SlapReply *rs
+)
+{
+ struct berval dn = BER_BVNULL;
+ struct berval newrdn = BER_BVNULL;
+ struct berval newSuperior = BER_BVNULL;
+ ber_int_t deloldrdn;
+
+ struct berval pnewSuperior = BER_BVNULL;
+
+ struct berval nnewSuperior = BER_BVNULL;
+
+ ber_len_t length;
+
+ Debug( LDAP_DEBUG_TRACE, "do_modrdn\n", 0, 0, 0 );
+
+
+ /*
+ * Parse the modrdn request. It looks like this:
+ *
+ * ModifyRDNRequest := SEQUENCE {
+ * entry DistinguishedName,
+ * newrdn RelativeDistinguishedName
+ * deleteoldrdn BOOLEAN,
+ * newSuperior [0] LDAPDN OPTIONAL (v3 Only!)
+ * }
+ */
+
+ if ( ber_scanf( op->o_ber, "{mmb", &dn, &newrdn, &deloldrdn )
+ == LBER_ERROR )
+ {
+ Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
+
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
+ return SLAPD_DISCONNECT;
+ }
+
+ /* Check for newSuperior parameter, if present scan it */
+
+ if ( ber_peek_tag( op->o_ber, &length ) == LDAP_TAG_NEWSUPERIOR ) {
+ if ( op->o_protocol < LDAP_VERSION3 ) {
+ /* Conection record indicates v2 but field
+ * newSuperior is present: report error.
+ */
+ Debug( LDAP_DEBUG_ANY,
+ "modrdn(v2): invalid field newSuperior!\n",
+ 0, 0, 0 );
+
+ send_ldap_discon( op, rs,
+ LDAP_PROTOCOL_ERROR, "newSuperior requires LDAPv3" );
+ rs->sr_err = SLAPD_DISCONNECT;
+ goto cleanup;
+ }
+
+ if ( ber_scanf( op->o_ber, "m", &newSuperior )
+ == LBER_ERROR ) {
+
+ Debug( LDAP_DEBUG_ANY, "ber_scanf(\"m\") failed\n",
+ 0, 0, 0 );
+
+ send_ldap_discon( op, rs,
+ LDAP_PROTOCOL_ERROR, "decoding error" );
+ rs->sr_err = SLAPD_DISCONNECT;
+ goto cleanup;
+ }
+ op->orr_newSup = &pnewSuperior;
+ op->orr_nnewSup = &nnewSuperior;
+ }
+
+ Debug( LDAP_DEBUG_ARGS,
+ "do_modrdn: dn (%s) newrdn (%s) newsuperior (%s)\n",
+ dn.bv_val, newrdn.bv_val,
+ newSuperior.bv_len ? newSuperior.bv_val : "" );
+
+ if ( ber_scanf( op->o_ber, /*{*/ "}") == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, "do_modrdn: ber_scanf failed\n", 0, 0, 0 );
+
+ send_ldap_discon( op, rs,
+ LDAP_PROTOCOL_ERROR, "decoding error" );
+ rs->sr_err = SLAPD_DISCONNECT;
+ goto cleanup;
+ }
+
+ if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "do_modrdn: get_ctrls failed\n", 0, 0, 0 );
+
+ /* get_ctrls has sent results. Now clean up. */
+ goto cleanup;
+ }
+
+ rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "do_modrdn: invalid dn (%s)\n", dn.bv_val, 0, 0 );
+ send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
+ goto cleanup;
+ }
+
+ /* FIXME: should have/use rdnPretty / rdnNormalize routines */
+
+ rs->sr_err = dnPrettyNormal( NULL, &newrdn, &op->orr_newrdn, &op->orr_nnewrdn, op->o_tmpmemctx );
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "do_modrdn: invalid newrdn (%s)\n", newrdn.bv_val, 0, 0 );
+ send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid new RDN" );
+ goto cleanup;
+ }
+
+ if( rdn_validate( &op->orr_newrdn ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "do_modrdn: invalid rdn (%s)\n",
+ op->orr_newrdn.bv_val, 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid new RDN" );
+ goto cleanup;
+ }
+
+ if( op->orr_newSup ) {
+ rs->sr_err = dnPrettyNormal( NULL, &newSuperior, &pnewSuperior,
+ &nnewSuperior, op->o_tmpmemctx );
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "do_modrdn: invalid newSuperior (%s)\n",
+ newSuperior.bv_val, 0, 0 );
+ send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid newSuperior" );
+ goto cleanup;
+ }
+ }
+
+ /* FIXME: temporary? */
+ op->orr_deleteoldrdn = deloldrdn;
+
+ op->o_bd = frontendDB;
+ rs->sr_err = frontendDB->be_modrdn( op, rs );
+
+cleanup:
+ op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+
+ op->o_tmpfree( op->orr_newrdn.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( op->orr_nnewrdn.bv_val, op->o_tmpmemctx );
+
+ if ( !BER_BVISNULL( &pnewSuperior ) )
+ op->o_tmpfree( pnewSuperior.bv_val, op->o_tmpmemctx );
+ if ( !BER_BVISNULL( &nnewSuperior ) )
+ op->o_tmpfree( nnewSuperior.bv_val, op->o_tmpmemctx );
+
+ return rs->sr_err;
+}
+
+int
+fe_op_modrdn( Operation *op, SlapReply *rs )
+{
+ Backend *newSuperior_be = NULL;
+ int manageDSAit;
+ struct berval pdn = BER_BVNULL;
+ BackendDB *op_be, *bd = op->o_bd;
+
+ if( op->o_req_ndn.bv_len == 0 ) {
+ Debug( LDAP_DEBUG_ANY, "do_modrdn: root dse!\n", 0, 0, 0 );
+
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "cannot rename the root DSE" );
+ goto cleanup;
+
+ } else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
+ Debug( LDAP_DEBUG_ANY, "do_modrdn: subschema subentry: %s (%ld)\n",
+ frontendDB->be_schemandn.bv_val, (long)frontendDB->be_schemandn.bv_len, 0 );
+
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "cannot rename subschema subentry" );
+ goto cleanup;
+ }
+
+ Statslog( LDAP_DEBUG_STATS, "%s MODRDN dn=\"%s\"\n",
+ op->o_log_prefix, op->o_req_dn.bv_val, 0, 0, 0 );
+
+ manageDSAit = get_manageDSAit( op );
+
+ /*
+ * We could be serving multiple database backends. Select the
+ * appropriate one, or send a referral to our "referral server"
+ * if we don't hold it.
+ */
+ op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 1 );
+ if ( op->o_bd == NULL ) {
+ op->o_bd = bd;
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ if (!rs->sr_ref) rs->sr_ref = default_referral;
+
+ if ( rs->sr_ref != NULL ) {
+ rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+
+ if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "no global superior knowledge" );
+ }
+ goto cleanup;
+ }
+
+ /* If we've got a glued backend, check the real backend */
+ op_be = op->o_bd;
+ if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
+ op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 );
+ }
+
+ /* check restrictions */
+ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
+
+ /* check for referrals */
+ if ( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
+ goto cleanup;
+ }
+
+ /* Make sure that the entry being changed and the newSuperior are in
+ * the same backend, otherwise we return an error.
+ */
+ if( op->orr_newSup ) {
+ newSuperior_be = select_backend( op->orr_nnewSup, 0, 0 );
+
+ if ( newSuperior_be != op->o_bd ) {
+ /* newSuperior is in different backend */
+ send_ldap_error( op, rs, LDAP_AFFECTS_MULTIPLE_DSAS,
+ "cannot rename between DSAs" );
+
+ goto cleanup;
+ }
+ }
+
+ /*
+ * do the modrdn if 1 && (2 || 3)
+ * 1) there is a modrdn function implemented in this backend;
+ * 2) this backend is master for what it holds;
+ * 3) it's a replica and the dn supplied is the update_ndn.
+ */
+ if ( op->o_bd->be_modrdn ) {
+ /* do the update here */
+ int repl_user = be_isupdate( op );
+#ifndef SLAPD_MULTIMASTER
+ if ( !SLAP_SHADOW(op->o_bd) || repl_user )
+#endif /* ! SLAPD_MULTIMASTER */
+ {
+ slap_callback cb = { NULL, slap_replog_cb, NULL, NULL };
+
+ op->o_bd = op_be;
+
+#ifdef SLAPD_MULTIMASTER
+ if ( !op->o_bd->be_update_ndn.bv_len || !repl_user )
+#endif /* SLAPD_MULTIMASTER */
+ {
+ cb.sc_next = op->o_callback;
+ op->o_callback = &cb;
+ }
+ op->o_bd->be_modrdn( op, rs );
+
+ if ( op->o_bd->be_delete ) {
+ struct berval org_req_dn = BER_BVNULL;
+ struct berval org_req_ndn = BER_BVNULL;
+ struct berval org_dn = BER_BVNULL;
+ struct berval org_ndn = BER_BVNULL;
+ int org_managedsait;
+
+ org_req_dn = op->o_req_dn;
+ org_req_ndn = op->o_req_ndn;
+ org_dn = op->o_dn;
+ org_ndn = op->o_ndn;
+ org_managedsait = get_manageDSAit( op );
+ op->o_dn = op->o_bd->be_rootdn;
+ op->o_ndn = op->o_bd->be_rootndn;
+ op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
+
+ while ( rs->sr_err == LDAP_SUCCESS &&
+ op->o_delete_glue_parent ) {
+ op->o_delete_glue_parent = 0;
+ if ( !be_issuffix( op->o_bd, &op->o_req_ndn )) {
+ slap_callback cb = { NULL };
+ cb.sc_response = slap_null_cb;
+ dnParent( &op->o_req_ndn, &pdn );
+ op->o_req_dn = pdn;
+ op->o_req_ndn = pdn;
+ op->o_callback = &cb;
+ op->o_bd->be_delete( op, rs );
+ } else {
+ break;
+ }
+ }
+ op->o_managedsait = org_managedsait;
+ op->o_dn = org_dn;
+ op->o_ndn = org_ndn;
+ op->o_req_dn = org_req_dn;
+ op->o_req_ndn = org_req_ndn;
+ op->o_delete_glue_parent = 0;
+ }
+
+#ifndef SLAPD_MULTIMASTER
+ } else {
+ BerVarray defref = op->o_bd->be_update_refs
+ ? op->o_bd->be_update_refs : default_referral;
+
+ if ( defref != NULL ) {
+ rs->sr_ref = referral_rewrite( defref,
+ NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ if (!rs->sr_ref) rs->sr_ref = defref;
+
+ rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+
+ if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref );
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "shadow context; no update referral" );
+ }
+#endif /* ! SLAPD_MULTIMASTER */
+ }
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "operation not supported within namingContext" );
+ }
+
+cleanup:;
+ op->o_bd = bd;
+ return rs->sr_err;
+}
+
+int
+slap_modrdn2mods(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e,
+ LDAPRDN old_rdn,
+ LDAPRDN new_rdn,
+ Modifications **pmod )
+{
+ Modifications *mod = NULL;
+ int a_cnt, d_cnt;
+ int repl_user;
+
+ assert( new_rdn != NULL );
+ assert( !op->orr_deleteoldrdn || old_rdn != NULL );
+
+ repl_user = be_isupdate( op );
+
+ /* Add new attribute values to the entry */
+ for ( a_cnt = 0; new_rdn[a_cnt]; a_cnt++ ) {
+ AttributeDescription *desc = NULL;
+ Modifications *mod_tmp;
+
+ rs->sr_err = slap_bv2ad( &new_rdn[a_cnt]->la_attr, &desc, &rs->sr_text );
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_modrdn2modlist: %s: %s (new)\n",
+ rs->sr_text,
+ new_rdn[ a_cnt ]->la_attr.bv_val, 0 );
+ goto done;
+ }
+
+ /* ACL check of newly added attrs */
+ if ( op->o_bd && !access_allowed( op, e, desc,
+ &new_rdn[a_cnt]->la_value, ACL_WADD, NULL ) ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_modrdn2modlist: access to attr \"%s\" "
+ "(new) not allowed\n",
+ new_rdn[ a_cnt ]->la_attr.bv_val, 0, 0 );
+ rs->sr_text = "access to naming attributes (new) not allowed";
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto done;
+ }
+
+ /* Apply modification */
+ mod_tmp = ( Modifications * )ch_malloc( sizeof( Modifications )
+ + 4 * sizeof( struct berval ) );
+ mod_tmp->sml_desc = desc;
+ mod_tmp->sml_values = ( BerVarray )( mod_tmp + 1 );
+ mod_tmp->sml_values[0] = new_rdn[a_cnt]->la_value;
+ mod_tmp->sml_values[1].bv_val = NULL;
+ if( desc->ad_type->sat_equality->smr_normalize) {
+ mod_tmp->sml_nvalues = &mod_tmp->sml_values[2];
+ (void) (*desc->ad_type->sat_equality->smr_normalize)(
+ SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ desc->ad_type->sat_syntax,
+ desc->ad_type->sat_equality,
+ &mod_tmp->sml_values[0],
+ &mod_tmp->sml_nvalues[0], NULL );
+ mod_tmp->sml_nvalues[1].bv_val = NULL;
+ } else {
+ mod_tmp->sml_nvalues = NULL;
+ }
+ mod_tmp->sml_op = SLAP_MOD_SOFTADD;
+ mod_tmp->sml_flags = SLAP_MOD_INTERNAL;
+ mod_tmp->sml_next = mod;
+ mod = mod_tmp;
+ }
+
+ /* Remove old rdn value if required */
+ if ( op->orr_deleteoldrdn ) {
+ for ( d_cnt = 0; old_rdn[d_cnt]; d_cnt++ ) {
+ AttributeDescription *desc = NULL;
+ Modifications *mod_tmp;
+
+ rs->sr_err = slap_bv2ad( &old_rdn[d_cnt]->la_attr, &desc, &rs->sr_text );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_modrdn2modlist: %s: %s (old)\n",
+ rs->sr_text,
+ old_rdn[d_cnt]->la_attr.bv_val,
+ 0 );
+ goto done;
+ }
+
+ /* ACL check of old rdn attrs removal */
+ if ( op->o_bd && !access_allowed( op, e, desc,
+ &old_rdn[d_cnt]->la_value, ACL_WDEL,
+ NULL ) ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_modrdn2modlist: access "
+ "to attr \"%s\" (old) not allowed\n",
+ old_rdn[ d_cnt ]->la_attr.bv_val,
+ 0, 0 );
+ rs->sr_text = "access to naming attributes (old) not allowed";
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto done;
+ }
+
+ /* Apply modification */
+ mod_tmp = ( Modifications * )ch_malloc( sizeof( Modifications )
+ + 4 * sizeof ( struct berval ) );
+ mod_tmp->sml_desc = desc;
+ mod_tmp->sml_values = ( BerVarray )(mod_tmp+1);
+ mod_tmp->sml_values[0] = old_rdn[d_cnt]->la_value;
+ mod_tmp->sml_values[1].bv_val = NULL;
+ if( desc->ad_type->sat_equality->smr_normalize) {
+ mod_tmp->sml_nvalues = &mod_tmp->sml_values[2];
+ (void) (*desc->ad_type->sat_equality->smr_normalize)(
+ SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ desc->ad_type->sat_syntax,
+ desc->ad_type->sat_equality,
+ &mod_tmp->sml_values[0],
+ &mod_tmp->sml_nvalues[0], op->o_tmpmemctx );
+ mod_tmp->sml_nvalues[1].bv_val = NULL;
+ } else {
+ mod_tmp->sml_nvalues = NULL;
+ }
+ mod_tmp->sml_op = LDAP_MOD_DELETE;
+ mod_tmp->sml_flags = SLAP_MOD_INTERNAL;
+ mod_tmp->sml_next = mod;
+ mod = mod_tmp;
+ }
+ }
+
+done:
+
+ if ( rs->sr_err == LDAP_SUCCESS && !repl_user ) {
+ slap_mods_opattrs( op, &mod, 1 );
+ }
+
+ /* LDAP v2 supporting correct attribute handling. */
+ if ( rs->sr_err != LDAP_SUCCESS && mod != NULL ) {
+ Modifications *tmp;
+ for ( ; mod; mod = tmp ) {
+ tmp = mod->sml_next;
+ ch_free( mod );
+ }
+ }
+
+ *pmod = mod;
+
+ return rs->sr_err;
+}
+
+void
+slap_modrdn2mods_free( Modifications *mod )
+{
+ Modifications *tmp;
+
+ for ( ; mod; mod = tmp ) {
+ tmp = mod->sml_next;
+ /* slap_modrdn2mods does things one way,
+ * slap_mods_opattrs does it differently
+ */
+ if ( mod->sml_op != SLAP_MOD_SOFTADD &&
+ mod->sml_op != LDAP_MOD_DELETE )
+ {
+ break;
+ }
+
+ if ( mod->sml_nvalues ) {
+ free( mod->sml_nvalues[0].bv_val );
+ }
+
+ free( mod );
+ }
+
+ slap_mods_free( mod, 1 );
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/mods.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/mods.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/mods.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,471 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/mods.c,v 1.47.2.10 2007/01/02 21:43:56 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <ac/string.h>
+
+#include "slap.h"
+#include "lutil.h"
+
+int
+modify_add_values(
+ Entry *e,
+ Modification *mod,
+ int permissive,
+ const char **text,
+ char *textbuf,
+ size_t textlen )
+{
+ int rc;
+ const char *op;
+ Attribute *a;
+ Modification pmod = *mod;
+
+ switch ( mod->sm_op ) {
+ case LDAP_MOD_ADD:
+ op = "add";
+ break;
+ case LDAP_MOD_REPLACE:
+ op = "replace";
+ break;
+ default:
+ op = "?";
+ assert( 0 );
+ }
+
+ /* check if values to add exist in attribute */
+ a = attr_find( e->e_attrs, mod->sm_desc );
+ if ( a != NULL ) {
+ int rc, i, j, p;
+ MatchingRule *mr;
+
+ mr = mod->sm_desc->ad_type->sat_equality;
+ if( mr == NULL || !mr->smr_match ) {
+ /* do not allow add of additional attribute
+ if no equality rule exists */
+ *text = textbuf;
+ snprintf( textbuf, textlen,
+ "modify/%s: %s: no equality matching rule",
+ op, mod->sm_desc->ad_cname.bv_val );
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ if ( permissive ) {
+ for ( i = 0; !BER_BVISNULL( &mod->sm_values[i] ); i++ ) {
+ /* EMPTY -- just counting 'em */;
+ }
+
+ pmod.sm_values = (BerVarray)ch_malloc(
+ (i + 1) * sizeof( struct berval ));
+ if ( pmod.sm_nvalues != NULL ) {
+ pmod.sm_nvalues = (BerVarray)ch_malloc(
+ (i + 1) * sizeof( struct berval ));
+ }
+ }
+
+ /* no normalization is done in this routine nor
+ * in the matching routines called by this routine.
+ * values are now normalized once on input to the
+ * server (whether from LDAP or from the underlying
+ * database).
+ */
+ for ( p = i = 0; !BER_BVISNULL( &mod->sm_values[i] ); i++ ) {
+ int match;
+
+ assert( a->a_vals[0].bv_val != NULL );
+ for ( j = 0; !BER_BVISNULL( &a->a_vals[j] ); j++ ) {
+ if ( mod->sm_nvalues ) {
+ rc = ordered_value_match( &match, mod->sm_desc, mr,
+ SLAP_MR_EQUALITY | SLAP_MR_VALUE_OF_ASSERTION_SYNTAX
+ | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH
+ | SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
+ &a->a_nvals[j], &mod->sm_nvalues[i], text );
+ } else {
+ rc = ordered_value_match( &match, mod->sm_desc, mr,
+ SLAP_MR_EQUALITY | SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ &a->a_vals[j], &mod->sm_values[i], text );
+ }
+
+ if ( rc == LDAP_SUCCESS && match == 0 ) {
+ /* value already exists */
+ if ( permissive ) break;
+
+ *text = textbuf;
+ snprintf( textbuf, textlen,
+ "modify/%s: %s: value #%d already exists",
+ op, mod->sm_desc->ad_cname.bv_val, i );
+ return LDAP_TYPE_OR_VALUE_EXISTS;
+
+ } else if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ }
+
+ if ( permissive && match != 0 ) {
+ if ( pmod.sm_nvalues ) {
+ pmod.sm_nvalues[p] = mod->sm_nvalues[i];
+ }
+ pmod.sm_values[p++] = mod->sm_values[i];
+ }
+ }
+
+ if ( permissive ) {
+ if ( p == 0 ) {
+ /* all new values match exist */
+ ch_free( pmod.sm_values );
+ if ( pmod.sm_nvalues ) ch_free( pmod.sm_nvalues );
+ return LDAP_SUCCESS;
+ }
+
+ BER_BVZERO( &pmod.sm_values[p] );
+ if ( pmod.sm_nvalues ) {
+ BER_BVZERO( &pmod.sm_nvalues[p] );
+ }
+ }
+ }
+
+ /* no - add them */
+ if ( mod->sm_desc->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
+ rc = ordered_value_add( e, mod->sm_desc, a,
+ pmod.sm_values, pmod.sm_nvalues );
+ } else {
+ rc = attr_merge( e, mod->sm_desc, pmod.sm_values, pmod.sm_nvalues );
+ }
+
+ if ( a != NULL && permissive ) {
+ ch_free( pmod.sm_values );
+ if ( pmod.sm_nvalues ) ch_free( pmod.sm_nvalues );
+ }
+
+ if ( rc != 0 ) {
+ /* this should return result of attr_merge */
+ *text = textbuf;
+ snprintf( textbuf, textlen,
+ "modify/%s: %s: merge error",
+ op, mod->sm_desc->ad_cname.bv_val );
+ return LDAP_OTHER;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int
+modify_delete_values(
+ Entry *e,
+ Modification *m,
+ int perm,
+ const char **text,
+ char *textbuf, size_t textlen )
+{
+ return modify_delete_vindex( e, m, perm, text, textbuf, textlen, NULL );
+}
+
+int
+modify_delete_vindex(
+ Entry *e,
+ Modification *mod,
+ int permissive,
+ const char **text,
+ char *textbuf, size_t textlen,
+ int *idx )
+{
+ int i, j, k, rc = LDAP_SUCCESS;
+ Attribute *a;
+ MatchingRule *mr = mod->sm_desc->ad_type->sat_equality;
+ char dummy = '\0';
+ int match = 0;
+
+ /*
+ * If permissive is set, then the non-existence of an
+ * attribute is not treated as an error.
+ */
+
+ /* delete the entire attribute */
+ if ( mod->sm_values == NULL ) {
+ rc = attr_delete( &e->e_attrs, mod->sm_desc );
+
+ if( permissive ) {
+ rc = LDAP_SUCCESS;
+ } else if( rc != LDAP_SUCCESS ) {
+ *text = textbuf;
+ snprintf( textbuf, textlen,
+ "modify/delete: %s: no such attribute",
+ mod->sm_desc->ad_cname.bv_val );
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ }
+ return rc;
+ }
+
+ if( mr == NULL || !mr->smr_match ) {
+ /* disallow specific attributes from being deleted if
+ no equality rule */
+ *text = textbuf;
+ snprintf( textbuf, textlen,
+ "modify/delete: %s: no equality matching rule",
+ mod->sm_desc->ad_cname.bv_val );
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ /* delete specific values - find the attribute first */
+ if ( (a = attr_find( e->e_attrs, mod->sm_desc )) == NULL ) {
+ if( permissive ) {
+ return LDAP_SUCCESS;
+ }
+ *text = textbuf;
+ snprintf( textbuf, textlen,
+ "modify/delete: %s: no such attribute",
+ mod->sm_desc->ad_cname.bv_val );
+ return LDAP_NO_SUCH_ATTRIBUTE;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &mod->sm_values[i] ); i++ ) {
+ int found = 0;
+ for ( j = 0; !BER_BVISNULL( &a->a_vals[j] ); j++ ) {
+ /* skip already deleted values */
+ if ( a->a_vals[j].bv_val == &dummy ) {
+ continue;
+ }
+
+ if( mod->sm_nvalues ) {
+ assert( a->a_nvals != NULL );
+ rc = ordered_value_match( &match, a->a_desc, mr,
+ SLAP_MR_EQUALITY | SLAP_MR_VALUE_OF_ASSERTION_SYNTAX
+ | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH
+ | SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
+ &a->a_nvals[j], &mod->sm_nvalues[i], text );
+ } else {
+#if 0
+ assert( a->a_nvals == NULL );
+#endif
+ rc = ordered_value_match( &match, a->a_desc, mr,
+ SLAP_MR_EQUALITY | SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ &a->a_vals[j], &mod->sm_values[i], text );
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ *text = textbuf;
+ snprintf( textbuf, textlen,
+ "%s: matching rule failed",
+ mod->sm_desc->ad_cname.bv_val );
+ break;
+ }
+
+ if ( match != 0 ) {
+ continue;
+ }
+
+ found = 1;
+
+ if ( idx )
+ idx[i] = j;
+
+ /* delete value and mark it as dummy */
+ free( a->a_vals[j].bv_val );
+ a->a_vals[j].bv_val = &dummy;
+ if( a->a_nvals != a->a_vals ) {
+ free( a->a_nvals[j].bv_val );
+ a->a_nvals[j].bv_val = &dummy;
+ }
+
+ break;
+ }
+
+ if ( found == 0 ) {
+ *text = textbuf;
+ snprintf( textbuf, textlen,
+ "modify/delete: %s: no such value",
+ mod->sm_desc->ad_cname.bv_val );
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ if ( i > 0 ) {
+ break;
+ } else {
+ goto return_results;
+ }
+ }
+ }
+
+ /* compact array skipping dummies */
+ for ( k = 0, j = 0; !BER_BVISNULL( &a->a_vals[k] ); k++ ) {
+ /* skip dummies */
+ if( a->a_vals[k].bv_val == &dummy ) {
+ assert( a->a_nvals[k].bv_val == &dummy );
+ continue;
+ }
+ if ( j != k ) {
+ a->a_vals[ j ] = a->a_vals[ k ];
+ if (a->a_nvals != a->a_vals) {
+ a->a_nvals[ j ] = a->a_nvals[ k ];
+ }
+ }
+
+ j++;
+ }
+
+ BER_BVZERO( &a->a_vals[j] );
+ if (a->a_nvals != a->a_vals) {
+ BER_BVZERO( &a->a_nvals[j] );
+ }
+
+ /* if no values remain, delete the entire attribute */
+ if ( BER_BVISNULL( &a->a_vals[0] ) ) {
+ if ( attr_delete( &e->e_attrs, mod->sm_desc ) ) {
+ *text = textbuf;
+ snprintf( textbuf, textlen,
+ "modify/delete: %s: no such attribute",
+ mod->sm_desc->ad_cname.bv_val );
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ }
+ } else if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
+ /* For an ordered attribute, renumber the value indices */
+ ordered_value_sort( a, 1 );
+ }
+
+return_results:;
+
+ return rc;
+}
+
+int
+modify_replace_values(
+ Entry *e,
+ Modification *mod,
+ int permissive,
+ const char **text,
+ char *textbuf, size_t textlen )
+{
+ (void) attr_delete( &e->e_attrs, mod->sm_desc );
+
+ if ( mod->sm_values ) {
+ return modify_add_values( e, mod, permissive, text, textbuf, textlen );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int
+modify_increment_values(
+ Entry *e,
+ Modification *mod,
+ int permissive,
+ const char **text,
+ char *textbuf, size_t textlen )
+{
+ Attribute *a;
+
+ a = attr_find( e->e_attrs, mod->sm_desc );
+ if( a == NULL ) {
+ if ( permissive ) {
+ Modification modReplace = *mod;
+
+ modReplace.sm_op = LDAP_MOD_REPLACE;
+
+ return modify_add_values(e, &modReplace, permissive, text, textbuf, textlen);
+ } else {
+ *text = textbuf;
+ snprintf( textbuf, textlen,
+ "modify/increment: %s: no such attribute",
+ mod->sm_desc->ad_cname.bv_val );
+ return LDAP_NO_SUCH_ATTRIBUTE;
+ }
+ }
+
+ if ( !strcmp( a->a_desc->ad_type->sat_syntax_oid, SLAPD_INTEGER_SYNTAX )) {
+ int i;
+ char str[sizeof(long)*3 + 2]; /* overly long */
+ long incr;
+
+ if ( lutil_atol( &incr, mod->sm_values[0].bv_val ) != 0 ) {
+ *text = "modify/increment: invalid syntax of increment";
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* treat zero and errors as a no-op */
+ if( incr == 0 ) {
+ return LDAP_SUCCESS;
+ }
+
+ for( i = 0; !BER_BVISNULL( &a->a_nvals[i] ); i++ ) {
+ char *tmp;
+ long value;
+ size_t strln;
+ if ( lutil_atol( &value, a->a_nvals[i].bv_val ) != 0 ) {
+ *text = "modify/increment: invalid syntax of original value";
+ return LDAP_INVALID_SYNTAX;
+ }
+ strln = snprintf( str, sizeof(str), "%ld", value+incr );
+
+ tmp = SLAP_REALLOC( a->a_nvals[i].bv_val, strln+1 );
+ if( tmp == NULL ) {
+ *text = "modify/increment: reallocation error";
+ return LDAP_OTHER;
+ }
+ a->a_nvals[i].bv_val = tmp;
+ a->a_nvals[i].bv_len = strln;
+
+ AC_MEMCPY( a->a_nvals[i].bv_val, str, strln+1 );
+ }
+
+ } else {
+ snprintf( textbuf, textlen,
+ "modify/increment: %s: increment not supported for value syntax %s",
+ mod->sm_desc->ad_cname.bv_val,
+ a->a_desc->ad_type->sat_syntax_oid );
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+void
+slap_mod_free(
+ Modification *mod,
+ int freeit )
+{
+ if ( mod->sm_values != NULL ) ber_bvarray_free( mod->sm_values );
+ mod->sm_values = NULL;
+
+ if ( mod->sm_nvalues != NULL ) ber_bvarray_free( mod->sm_nvalues );
+ mod->sm_nvalues = NULL;
+
+ if( freeit ) free( mod );
+}
+
+void
+slap_mods_free(
+ Modifications *ml,
+ int freevals )
+{
+ Modifications *next;
+
+ for ( ; ml != NULL; ml = next ) {
+ next = ml->sml_next;
+
+ if ( freevals )
+ slap_mod_free( &ml->sml_mod, 0 );
+ free( ml );
+ }
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/module.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/module.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/module.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,306 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/module.c,v 1.26.2.3 2007/01/02 21:43:56 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+#include <stdio.h>
+#include "slap.h"
+
+#ifdef SLAPD_MODULES
+
+#include <ltdl.h>
+
+typedef int (*MODULE_INIT_FN)(
+ int argc,
+ char *argv[]);
+typedef int (*MODULE_LOAD_FN)(
+ const void *module,
+ const char *filename);
+typedef int (*MODULE_TERM_FN)(void);
+
+
+struct module_regtable_t {
+ char *type;
+ MODULE_LOAD_FN proc;
+} module_regtable[] = {
+ { "null", load_null_module },
+#ifdef SLAPD_EXTERNAL_EXTENSIONS
+ { "extension", load_extop_module },
+#endif
+ { NULL, NULL }
+};
+
+typedef struct module_loaded_t {
+ struct module_loaded_t *next;
+ lt_dlhandle lib;
+} module_loaded_t;
+
+module_loaded_t *module_list = NULL;
+
+static int module_unload (module_loaded_t *module);
+
+#ifdef HAVE_EBCDIC
+static char ebuf[BUFSIZ];
+#endif
+
+int module_init (void)
+{
+ if (lt_dlinit()) {
+ const char *error = lt_dlerror();
+#ifdef HAVE_EBCDIC
+ strcpy( ebuf, error );
+ __etoa( ebuf );
+ error = ebuf;
+#endif
+ Debug(LDAP_DEBUG_ANY, "lt_dlinit failed: %s\n", error, 0, 0);
+
+ return -1;
+ }
+ return 0;
+}
+
+int module_kill (void)
+{
+ /* unload all modules before shutdown */
+ while (module_list != NULL) {
+ module_unload(module_list);
+ }
+
+ if (lt_dlexit()) {
+ const char *error = lt_dlerror();
+#ifdef HAVE_EBCDIC
+ strcpy( ebuf, error );
+ __etoa( ebuf );
+ error = ebuf;
+#endif
+ Debug(LDAP_DEBUG_ANY, "lt_dlexit failed: %s\n", error, 0, 0);
+
+ return -1;
+ }
+ return 0;
+}
+
+int module_load(const char* file_name, int argc, char *argv[])
+{
+ module_loaded_t *module = NULL;
+ const char *error;
+ int rc;
+ MODULE_INIT_FN initialize;
+#ifdef HAVE_EBCDIC
+#define file ebuf
+#else
+#define file file_name
+#endif
+
+ module = (module_loaded_t *)ch_calloc(1, sizeof(module_loaded_t));
+ if (module == NULL) {
+ Debug(LDAP_DEBUG_ANY, "module_load failed: (%s) out of memory\n", file_name,
+ 0, 0);
+
+ return -1;
+ }
+
+#ifdef HAVE_EBCDIC
+ strcpy( file, file_name );
+ __atoe( file );
+#endif
+ /*
+ * The result of lt_dlerror(), when called, must be cached prior
+ * to calling Debug. This is because Debug is a macro that expands
+ * into multiple function calls.
+ */
+ if ((module->lib = lt_dlopenext(file)) == NULL) {
+ error = lt_dlerror();
+#ifdef HAVE_EBCDIC
+ strcpy( ebuf, error );
+ __etoa( ebuf );
+ error = ebuf;
+#endif
+ Debug(LDAP_DEBUG_ANY, "lt_dlopenext failed: (%s) %s\n", file_name,
+ error, 0);
+
+ ch_free(module);
+ return -1;
+ }
+
+ Debug(LDAP_DEBUG_CONFIG, "loaded module %s\n", file_name, 0, 0);
+
+
+#ifdef HAVE_EBCDIC
+#pragma convlit(suspend)
+#endif
+ if ((initialize = lt_dlsym(module->lib, "init_module")) == NULL) {
+#ifdef HAVE_EBCDIC
+#pragma convlit(resume)
+#endif
+ Debug(LDAP_DEBUG_CONFIG, "module %s: no init_module() function found\n",
+ file_name, 0, 0);
+
+ lt_dlclose(module->lib);
+ ch_free(module);
+ return -1;
+ }
+
+ /* The imported init_module() routine passes back the type of
+ * module (i.e., which part of slapd it should be hooked into)
+ * or -1 for error. If it passes back 0, then you get the
+ * old behavior (i.e., the library is loaded and not hooked
+ * into anything).
+ *
+ * It might be better if the conf file could specify the type
+ * of module. That way, a single module could support multiple
+ * type of hooks. This could be done by using something like:
+ *
+ * moduleload extension /usr/local/openldap/whatever.so
+ *
+ * then we'd search through module_regtable for a matching
+ * module type, and hook in there.
+ */
+ rc = initialize(argc, argv);
+ if (rc == -1) {
+ Debug(LDAP_DEBUG_CONFIG, "module %s: init_module() failed\n",
+ file_name, 0, 0);
+
+ lt_dlclose(module->lib);
+ ch_free(module);
+ return rc;
+ }
+
+ if (rc >= (int)(sizeof(module_regtable) / sizeof(struct module_regtable_t))
+ || module_regtable[rc].proc == NULL)
+ {
+ Debug(LDAP_DEBUG_CONFIG, "module %s: unknown registration type (%d)\n",
+ file_name, rc, 0);
+
+ module_unload(module);
+ return -1;
+ }
+
+ rc = (module_regtable[rc].proc)(module, file_name);
+ if (rc != 0) {
+ Debug(LDAP_DEBUG_CONFIG, "module %s: %s module could not be registered\n",
+ file_name, module_regtable[rc].type, 0);
+
+ module_unload(module);
+ return rc;
+ }
+
+ module->next = module_list;
+ module_list = module;
+
+ Debug(LDAP_DEBUG_CONFIG, "module %s: %s module registered\n",
+ file_name, module_regtable[rc].type, 0);
+
+ return 0;
+}
+
+int module_path(const char *path)
+{
+#ifdef HAVE_EBCDIC
+ strcpy(ebuf, path);
+ __atoe(ebuf);
+ path = ebuf;
+#endif
+ return lt_dlsetsearchpath( path );
+}
+
+void *module_resolve (const void *module, const char *name)
+{
+#ifdef HAVE_EBCDIC
+ strcpy(ebuf, name);
+ __atoe(ebuf);
+ name = ebuf;
+#endif
+ if (module == NULL || name == NULL)
+ return(NULL);
+ return(lt_dlsym(((module_loaded_t *)module)->lib, name));
+}
+
+static int module_unload (module_loaded_t *module)
+{
+ module_loaded_t *mod;
+ MODULE_TERM_FN terminate;
+
+ if (module != NULL) {
+ /* remove module from tracking list */
+ if (module_list == module) {
+ module_list = module->next;
+ } else {
+ for (mod = module_list; mod; mod = mod->next) {
+ if (mod->next == module) {
+ mod->next = module->next;
+ break;
+ }
+ }
+ }
+
+ /* call module's terminate routine, if present */
+#ifdef HAVE_EBCDIC
+#pragma convlit(suspend)
+#endif
+ if ((terminate = lt_dlsym(module->lib, "term_module"))) {
+#ifdef HAVE_EBCDIC
+#pragma convlit(resume)
+#endif
+ terminate();
+ }
+
+ /* close the library and free the memory */
+ lt_dlclose(module->lib);
+ ch_free(module);
+ }
+ return 0;
+}
+
+int load_null_module (const void *module, const char *file_name)
+{
+ return 0;
+}
+
+#ifdef SLAPD_EXTERNAL_EXTENSIONS
+int
+load_extop_module (
+ const void *module,
+ const char *file_name
+)
+{
+ SLAP_EXTOP_MAIN_FN *ext_main;
+ SLAP_EXTOP_GETOID_FN *ext_getoid;
+ struct berval oid;
+ int rc;
+
+ ext_main = (SLAP_EXTOP_MAIN_FN *)module_resolve(module, "ext_main");
+ if (ext_main == NULL) {
+ return(-1);
+ }
+
+ ext_getoid = module_resolve(module, "ext_getoid");
+ if (ext_getoid == NULL) {
+ return(-1);
+ }
+
+ rc = (ext_getoid)(0, &oid, 256);
+ if (rc != 0) {
+ return(rc);
+ }
+ if (oid.bv_val == NULL || oid.bv_len == 0) {
+ return(-1);
+ }
+
+ rc = load_extop( &oid, ext_main );
+ return rc;
+}
+#endif /* SLAPD_EXTERNAL_EXTENSIONS */
+#endif /* SLAPD_MODULES */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/mr.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/mr.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/mr.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,483 @@
+/* mr.c - routines to manage matching rule definitions */
+/* $OpenLDAP: pkg/ldap/servers/slapd/mr.c,v 1.60.2.4 2007/01/02 21:43:56 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+struct mindexrec {
+ struct berval mir_name;
+ MatchingRule *mir_mr;
+};
+
+static Avlnode *mr_index = NULL;
+static LDAP_SLIST_HEAD(MRList, slap_matching_rule) mr_list
+ = LDAP_SLIST_HEAD_INITIALIZER(&mr_list);
+static LDAP_SLIST_HEAD(MRUList, slap_matching_rule_use) mru_list
+ = LDAP_SLIST_HEAD_INITIALIZER(&mru_list);
+
+static int
+mr_index_cmp(
+ const void *v_mir1,
+ const void *v_mir2
+)
+{
+ const struct mindexrec *mir1 = v_mir1;
+ const struct mindexrec *mir2 = v_mir2;
+ int i = mir1->mir_name.bv_len - mir2->mir_name.bv_len;
+ if (i) return i;
+ return (strcasecmp( mir1->mir_name.bv_val, mir2->mir_name.bv_val ));
+}
+
+static int
+mr_index_name_cmp(
+ const void *v_name,
+ const void *v_mir
+)
+{
+ const struct berval *name = v_name;
+ const struct mindexrec *mir = v_mir;
+ int i = name->bv_len - mir->mir_name.bv_len;
+ if (i) return i;
+ return (strncasecmp( name->bv_val, mir->mir_name.bv_val, name->bv_len ));
+}
+
+MatchingRule *
+mr_find( const char *mrname )
+{
+ struct berval bv;
+
+ bv.bv_val = (char *)mrname;
+ bv.bv_len = strlen( mrname );
+ return mr_bvfind( &bv );
+}
+
+MatchingRule *
+mr_bvfind( struct berval *mrname )
+{
+ struct mindexrec *mir = NULL;
+
+ if ( (mir = avl_find( mr_index, mrname, mr_index_name_cmp )) != NULL ) {
+ return( mir->mir_mr );
+ }
+ return( NULL );
+}
+
+void
+mr_destroy( void )
+{
+ MatchingRule *m;
+
+ avl_free(mr_index, ldap_memfree);
+ while( !LDAP_SLIST_EMPTY(&mr_list) ) {
+ m = LDAP_SLIST_FIRST(&mr_list);
+ LDAP_SLIST_REMOVE_HEAD(&mr_list, smr_next);
+ ch_free( m->smr_str.bv_val );
+ ch_free( m->smr_compat_syntaxes );
+ ldap_matchingrule_free((LDAPMatchingRule *)m);
+ }
+}
+
+static int
+mr_insert(
+ MatchingRule *smr,
+ const char **err
+)
+{
+ struct mindexrec *mir;
+ char **names;
+
+ LDAP_SLIST_NEXT( smr, smr_next ) = NULL;
+ LDAP_SLIST_INSERT_HEAD(&mr_list, smr, smr_next);
+
+ if ( smr->smr_oid ) {
+ mir = (struct mindexrec *)
+ ch_calloc( 1, sizeof(struct mindexrec) );
+ mir->mir_name.bv_val = smr->smr_oid;
+ mir->mir_name.bv_len = strlen( smr->smr_oid );
+ mir->mir_mr = smr;
+ if ( avl_insert( &mr_index, (caddr_t) mir,
+ mr_index_cmp, avl_dup_error ) ) {
+ *err = smr->smr_oid;
+ ldap_memfree(mir);
+ return SLAP_SCHERR_MR_DUP;
+ }
+ /* FIX: temporal consistency check */
+ mr_bvfind(&mir->mir_name);
+ }
+ if ( (names = smr->smr_names) ) {
+ while ( *names ) {
+ mir = (struct mindexrec *)
+ ch_calloc( 1, sizeof(struct mindexrec) );
+ mir->mir_name.bv_val = *names;
+ mir->mir_name.bv_len = strlen( *names );
+ mir->mir_mr = smr;
+ if ( avl_insert( &mr_index, (caddr_t) mir,
+ mr_index_cmp, avl_dup_error ) ) {
+ *err = *names;
+ ldap_memfree(mir);
+ return SLAP_SCHERR_MR_DUP;
+ }
+ /* FIX: temporal consistency check */
+ mr_bvfind(&mir->mir_name);
+ names++;
+ }
+ }
+ return 0;
+}
+
+int
+mr_add(
+ LDAPMatchingRule *mr,
+ slap_mrule_defs_rec *def,
+ MatchingRule *amr,
+ const char **err
+)
+{
+ MatchingRule *smr;
+ Syntax *syn;
+ Syntax **compat_syn = NULL;
+ int code;
+
+ if( def->mrd_compat_syntaxes ) {
+ int i;
+ for( i=0; def->mrd_compat_syntaxes[i]; i++ ) {
+ /* just count em */
+ }
+
+ compat_syn = ch_malloc( sizeof(Syntax *) * (i+1) );
+
+ for( i=0; def->mrd_compat_syntaxes[i]; i++ ) {
+ compat_syn[i] = syn_find( def->mrd_compat_syntaxes[i] );
+ if( compat_syn[i] == NULL ) {
+ return SLAP_SCHERR_SYN_NOT_FOUND;
+ }
+ }
+
+ compat_syn[i] = NULL;
+ }
+
+ smr = (MatchingRule *) ch_calloc( 1, sizeof(MatchingRule) );
+ AC_MEMCPY( &smr->smr_mrule, mr, sizeof(LDAPMatchingRule));
+
+ /*
+ * note: smr_bvoid uses the same memory of smr_mrule.mr_oid;
+ * smr_oidlen is #defined as smr_bvoid.bv_len
+ */
+ smr->smr_bvoid.bv_val = smr->smr_mrule.mr_oid;
+ smr->smr_oidlen = strlen( mr->mr_oid );
+ smr->smr_usage = def->mrd_usage;
+ smr->smr_compat_syntaxes = compat_syn;
+ smr->smr_normalize = def->mrd_normalize;
+ smr->smr_match = def->mrd_match;
+ smr->smr_indexer = def->mrd_indexer;
+ smr->smr_filter = def->mrd_filter;
+ smr->smr_associated = amr;
+
+ if ( smr->smr_syntax_oid ) {
+ if ( (syn = syn_find(smr->smr_syntax_oid)) ) {
+ smr->smr_syntax = syn;
+ } else {
+ *err = smr->smr_syntax_oid;
+ return SLAP_SCHERR_SYN_NOT_FOUND;
+ }
+ } else {
+ *err = "";
+ return SLAP_SCHERR_MR_INCOMPLETE;
+ }
+ code = mr_insert(smr,err);
+ return code;
+}
+
+int
+register_matching_rule(
+ slap_mrule_defs_rec *def )
+{
+ LDAPMatchingRule *mr;
+ MatchingRule *amr = NULL;
+ int code;
+ const char *err;
+
+ if( def->mrd_usage == SLAP_MR_NONE && def->mrd_compat_syntaxes == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "register_matching_rule: not usable %s\n",
+ def->mrd_desc, 0, 0 );
+
+ return -1;
+ }
+
+ if( def->mrd_associated != NULL ) {
+ amr = mr_find( def->mrd_associated );
+ if( amr == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "register_matching_rule: "
+ "could not locate associated matching rule %s for %s\n",
+ def->mrd_associated, def->mrd_desc, 0 );
+
+ return -1;
+ }
+
+ if (( def->mrd_usage & SLAP_MR_EQUALITY ) &&
+ (( def->mrd_usage & SLAP_MR_SUBTYPE_MASK ) == SLAP_MR_NONE ))
+ {
+ if (( def->mrd_usage & SLAP_MR_EQUALITY ) &&
+ (( def->mrd_usage & SLAP_MR_SUBTYPE_MASK ) != SLAP_MR_NONE ))
+ {
+ Debug( LDAP_DEBUG_ANY, "register_matching_rule: "
+ "inappropriate (approx) association %s for %s\n",
+ def->mrd_associated, def->mrd_desc, 0 );
+ return -1;
+ }
+
+ } else if (!( amr->smr_usage & SLAP_MR_EQUALITY )) {
+ Debug( LDAP_DEBUG_ANY, "register_matching_rule: "
+ "inappropriate (equalilty) association %s for %s\n",
+ def->mrd_associated, def->mrd_desc, 0 );
+ return -1;
+ }
+ }
+
+ mr = ldap_str2matchingrule( def->mrd_desc, &code, &err,
+ LDAP_SCHEMA_ALLOW_ALL );
+ if ( !mr ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error in register_matching_rule: %s before %s in %s\n",
+ ldap_scherr2str(code), err, def->mrd_desc );
+
+ return -1;
+ }
+
+
+ code = mr_add( mr, def, amr, &err );
+
+ ldap_memfree( mr );
+
+ if ( code ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error in register_matching_rule: %s for %s in %s\n",
+ scherr2str(code), err, def->mrd_desc );
+
+ return -1;
+ }
+
+ return 0;
+}
+
+void
+mru_destroy( void )
+{
+ MatchingRuleUse *m;
+
+ while( !LDAP_SLIST_EMPTY(&mru_list) ) {
+ m = LDAP_SLIST_FIRST(&mru_list);
+ LDAP_SLIST_REMOVE_HEAD(&mru_list, smru_next);
+
+ if ( m->smru_str.bv_val ) {
+ ch_free( m->smru_str.bv_val );
+ m->smru_str.bv_val = NULL;
+ }
+ /* memory borrowed from m->smru_mr */
+ m->smru_oid = NULL;
+ m->smru_names = NULL;
+ m->smru_desc = NULL;
+
+ /* free what's left (basically smru_mruleuse.mru_applies_oids) */
+ ldap_matchingruleuse_free((LDAPMatchingRuleUse *)m);
+ }
+}
+
+int
+matching_rule_use_init( void )
+{
+ MatchingRule *mr;
+ MatchingRuleUse **mru_ptr = &LDAP_SLIST_FIRST(&mru_list);
+
+ Debug( LDAP_DEBUG_TRACE, "matching_rule_use_init\n", 0, 0, 0 );
+
+ LDAP_SLIST_FOREACH( mr, &mr_list, smr_next ) {
+ AttributeType *at;
+ MatchingRuleUse mru_storage, *mru = &mru_storage;
+
+ char **applies_oids = NULL;
+
+ mr->smr_mru = NULL;
+
+ /* hide rules marked as HIDE */
+ if ( mr->smr_usage & SLAP_MR_HIDE ) {
+ continue;
+ }
+
+ /* hide rules not marked as designed for extensibility */
+ /* MR_EXT means can be used any attribute type whose
+ * syntax is same as the assertion syntax.
+ * Another mechanism is needed where rule can be used
+ * with attribute of other syntaxes.
+ * Framework doesn't support this (yet).
+ */
+
+ if (!( ( mr->smr_usage & SLAP_MR_EXT )
+ || mr->smr_compat_syntaxes ) )
+ {
+ continue;
+ }
+
+ memset( mru, 0, sizeof( MatchingRuleUse ) );
+
+ /*
+ * Note: we're using the same values of the corresponding
+ * MatchingRule structure; maybe we'd copy them ...
+ */
+ mru->smru_mr = mr;
+ mru->smru_obsolete = mr->smr_obsolete;
+ mru->smru_applies_oids = NULL;
+ LDAP_SLIST_NEXT(mru, smru_next) = NULL;
+ mru->smru_oid = mr->smr_oid;
+ mru->smru_names = mr->smr_names;
+ mru->smru_desc = mr->smr_desc;
+
+ Debug( LDAP_DEBUG_TRACE, " %s (%s): ",
+ mru->smru_oid,
+ mru->smru_names ? mru->smru_names[ 0 ] : "", 0 );
+
+ at = NULL;
+ for ( at_start( &at ); at; at_next( &at ) ) {
+ if( at->sat_flags & SLAP_AT_HIDE ) continue;
+
+ if( mr_usable_with_at( mr, at )) {
+ ldap_charray_add( &applies_oids, at->sat_cname.bv_val );
+ }
+ }
+
+ /*
+ * Note: the matchingRules that are not used
+ * by any attributeType are not listed as
+ * matchingRuleUse
+ */
+ if ( applies_oids != NULL ) {
+ mru->smru_applies_oids = applies_oids;
+ {
+ char *str = ldap_matchingruleuse2str( &mru->smru_mruleuse );
+ Debug( LDAP_DEBUG_TRACE, "matchingRuleUse: %s\n", str, 0, 0 );
+ ldap_memfree( str );
+ }
+
+ mru = (MatchingRuleUse *)ber_memalloc( sizeof( MatchingRuleUse ) );
+ /* call-forward from MatchingRule to MatchingRuleUse */
+ mr->smr_mru = mru;
+ /* copy static data to newly allocated struct */
+ *mru = mru_storage;
+ /* append the struct pointer to the end of the list */
+ *mru_ptr = mru;
+ /* update the list head pointer */
+ mru_ptr = &LDAP_SLIST_NEXT(mru,smru_next);
+ }
+ }
+
+ return( 0 );
+}
+
+int mr_usable_with_at(
+ MatchingRule *mr,
+ AttributeType *at )
+{
+ if( mr->smr_usage & SLAP_MR_EXT && (
+ mr->smr_syntax == at->sat_syntax ||
+ mr == at->sat_equality || mr == at->sat_approx ) )
+ {
+ return 1;
+ }
+
+ if ( mr->smr_compat_syntaxes ) {
+ int i;
+ for( i=0; mr->smr_compat_syntaxes[i]; i++ ) {
+ if( at->sat_syntax == mr->smr_compat_syntaxes[i] ) {
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
+
+int mr_schema_info( Entry *e )
+{
+ AttributeDescription *ad_matchingRules = slap_schema.si_ad_matchingRules;
+ MatchingRule *mr;
+ struct berval nval;
+
+ LDAP_SLIST_FOREACH(mr, &mr_list, smr_next ) {
+ if ( mr->smr_usage & SLAP_MR_HIDE ) {
+ /* skip hidden rules */
+ continue;
+ }
+
+ if ( ! mr->smr_match ) {
+ /* skip rules without matching functions */
+ continue;
+ }
+
+ if ( mr->smr_str.bv_val == NULL ) {
+ if ( ldap_matchingrule2bv( &mr->smr_mrule, &mr->smr_str ) == NULL ) {
+ return -1;
+ }
+ }
+#if 0
+ Debug( LDAP_DEBUG_TRACE, "Merging mr [%lu] %s\n",
+ mr->smr_str.bv_len, mr->smr_str.bv_val, 0 );
+#endif
+
+ nval.bv_val = mr->smr_oid;
+ nval.bv_len = strlen(mr->smr_oid);
+ if( attr_merge_one( e, ad_matchingRules, &mr->smr_str, &nval ) ) {
+ return -1;
+ }
+ }
+ return 0;
+}
+
+int mru_schema_info( Entry *e )
+{
+ AttributeDescription *ad_matchingRuleUse
+ = slap_schema.si_ad_matchingRuleUse;
+ MatchingRuleUse *mru;
+ struct berval nval;
+
+ LDAP_SLIST_FOREACH( mru, &mru_list, smru_next ) {
+ assert( !( mru->smru_usage & SLAP_MR_HIDE ) );
+
+ if ( mru->smru_str.bv_val == NULL ) {
+ if ( ldap_matchingruleuse2bv( &mru->smru_mruleuse, &mru->smru_str )
+ == NULL ) {
+ return -1;
+ }
+ }
+
+#if 0
+ Debug( LDAP_DEBUG_TRACE, "Merging mru [%lu] %s\n",
+ mru->smru_str.bv_len, mru->smru_str.bv_val, 0 );
+#endif
+
+ nval.bv_val = mru->smru_oid;
+ nval.bv_len = strlen(mru->smru_oid);
+ if( attr_merge_one( e, ad_matchingRuleUse, &mru->smru_str, &nval ) ) {
+ return -1;
+ }
+ }
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/mra.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/mra.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/mra.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,227 @@
+/* mra.c - routines for dealing with extensible matching rule assertions */
+/* $OpenLDAP: pkg/ldap/servers/slapd/mra.c,v 1.40.2.6 2007/01/02 21:43:56 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+#ifdef LDAP_COMP_MATCH
+#include "component.h"
+#endif
+
+void
+mra_free(
+ Operation *op,
+ MatchingRuleAssertion *mra,
+ int freeit )
+{
+#ifdef LDAP_COMP_MATCH
+ /* free component assertion */
+ if ( mra->ma_rule->smr_usage & SLAP_MR_COMPONENT && mra->ma_cf ) {
+ component_free( mra->ma_cf );
+ }
+#endif
+ /* op->o_tmpfree( mra->ma_value.bv_val, op->o_tmpmemctx ); */
+ ch_free( mra->ma_value.bv_val );
+ if ( freeit ) op->o_tmpfree( (char *) mra, op->o_tmpmemctx );
+}
+
+int
+get_mra(
+ Operation *op,
+ BerElement *ber,
+ MatchingRuleAssertion **mra,
+ const char **text )
+{
+ int rc;
+ ber_tag_t tag, rtag;
+ ber_len_t length;
+ struct berval type = BER_BVNULL;
+ struct berval value = BER_BVNULL;
+ struct berval rule_text = BER_BVNULL;
+ MatchingRuleAssertion ma = { 0 };
+#ifdef LDAP_COMP_MATCH
+ AttributeAliasing* aa = NULL;
+#endif
+
+ rtag = ber_scanf( ber, "{t" /*"}"*/, &tag );
+
+ if( rtag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 );
+
+ *text = "Error parsing matching rule assertion";
+ return SLAPD_DISCONNECT;
+ }
+
+ if ( tag == LDAP_FILTER_EXT_OID ) {
+ rtag = ber_scanf( ber, "m", &rule_text );
+ if ( rtag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf for mr\n", 0, 0, 0 );
+
+ *text = "Error parsing matching rule in matching rule assertion";
+ return SLAPD_DISCONNECT;
+ }
+
+ rtag = ber_scanf( ber, "t", &tag );
+ if( rtag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 );
+
+ *text = "Error parsing matching rule assertion";
+ return SLAPD_DISCONNECT;
+ }
+ }
+
+ if ( tag == LDAP_FILTER_EXT_TYPE ) {
+ rtag = ber_scanf( ber, "m", &type );
+ if ( rtag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf for ad\n", 0, 0, 0 );
+
+ *text = "Error parsing attribute description in matching rule assertion";
+ return SLAPD_DISCONNECT;
+ }
+
+ rtag = ber_scanf( ber, "t", &tag );
+ if( rtag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 );
+
+ *text = "Error parsing matching rule assertion";
+ return SLAPD_DISCONNECT;
+ }
+ }
+
+ if ( tag != LDAP_FILTER_EXT_VALUE ) {
+ Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf missing value\n", 0, 0, 0 );
+
+ *text = "Missing value in matching rule assertion";
+ return SLAPD_DISCONNECT;
+ }
+
+ rtag = ber_scanf( ber, "m", &value );
+
+ if( rtag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 );
+
+ *text = "Error decoding value in matching rule assertion";
+ return SLAPD_DISCONNECT;
+ }
+
+ tag = ber_peek_tag( ber, &length );
+
+ if ( tag == LDAP_FILTER_EXT_DNATTRS ) {
+ rtag = ber_scanf( ber, /*"{"*/ "b}", &ma.ma_dnattrs );
+ } else {
+ rtag = ber_scanf( ber, /*"{"*/ "}" );
+ }
+
+ if( rtag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 );
+
+ *text = "Error decoding dnattrs matching rule assertion";
+ return SLAPD_DISCONNECT;
+ }
+
+ if( type.bv_val != NULL ) {
+ rc = slap_bv2ad( &type, &ma.ma_desc, text );
+ if( rc != LDAP_SUCCESS ) {
+ rc = slap_bv2undef_ad( &type, &ma.ma_desc, text,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+
+ if( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ }
+ }
+
+ if( rule_text.bv_val != NULL ) {
+ ma.ma_rule = mr_bvfind( &rule_text );
+ if( ma.ma_rule == NULL ) {
+ *text = "matching rule not recognized";
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+ }
+
+ if ( ma.ma_rule == NULL ) {
+ /*
+ * Need either type or rule ...
+ */
+ if ( ma.ma_desc == NULL ) {
+ *text = "no matching rule or type";
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ if ( ma.ma_desc->ad_type->sat_equality != NULL &&
+ ma.ma_desc->ad_type->sat_equality->smr_usage & SLAP_MR_EXT )
+ {
+ /* no matching rule was provided, use the attribute's
+ equality rule if it supports extensible matching. */
+ ma.ma_rule = ma.ma_desc->ad_type->sat_equality;
+
+ } else {
+ *text = "no appropriate rule to use for type";
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+ }
+
+ if ( ma.ma_desc != NULL ) {
+ if( !mr_usable_with_at( ma.ma_rule, ma.ma_desc->ad_type ) ) {
+ *text = "matching rule use with this attribute not appropriate";
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ }
+
+ /*
+ * Normalize per matching rule
+ */
+ rc = asserted_value_validate_normalize( ma.ma_desc,
+ ma.ma_rule,
+ SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ &value, &ma.ma_value, text, op->o_tmpmemctx );
+
+ if( rc != LDAP_SUCCESS ) return rc;
+
+#ifdef LDAP_COMP_MATCH
+ /* Check If this attribute is aliased */
+ if ( is_aliased_attribute && ma.ma_desc && ( aa = is_aliased_attribute ( ma.ma_desc ) ) ) {
+ rc = get_aliased_filter ( op, &ma, aa, text );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ }
+ else if ( ma.ma_rule && ma.ma_rule->smr_usage & SLAP_MR_COMPONENT ) {
+ /* Matching Rule for Component Matching */
+ rc = get_comp_filter( op, &ma.ma_value, &ma.ma_cf, text );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ }
+#endif
+
+ length = sizeof(ma);
+ /* Append rule_text to end of struct */
+ if (rule_text.bv_val) length += rule_text.bv_len + 1;
+ *mra = op->o_tmpalloc( length, op->o_tmpmemctx );
+ **mra = ma;
+ if (rule_text.bv_val) {
+ (*mra)->ma_rule_text.bv_len = rule_text.bv_len;
+ (*mra)->ma_rule_text.bv_val = (char *)(*mra+1);
+ AC_MEMCPY((*mra)->ma_rule_text.bv_val, rule_text.bv_val,
+ rule_text.bv_len+1);
+ }
+
+ return LDAP_SUCCESS;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/nt_svc.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/nt_svc.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/nt_svc.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,110 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/nt_svc.c,v 1.25.2.3 2007/01/02 21:43:56 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+#include <stdio.h>
+#include <ac/string.h>
+#include "slap.h"
+#include "lutil.h"
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+
+/* in main.c */
+void WINAPI ServiceMain( DWORD argc, LPTSTR *argv );
+
+/* in ntservice.c */
+int main( int argc, LPTSTR *argv )
+{
+ int length;
+ char filename[MAX_PATH], *fname_start;
+
+ /*
+ * Because the service was registered as SERVICE_WIN32_OWN_PROCESS,
+ * the lpServiceName element of the SERVICE_TABLE_ENTRY will be
+ * ignored.
+ */
+
+ SERVICE_TABLE_ENTRY DispatchTable[] = {
+ { "", (LPSERVICE_MAIN_FUNCTION) ServiceMain },
+ { NULL, NULL }
+ };
+
+ /*
+ * set the service's current directory to the installation directory
+ * for the service. this way we don't have to write absolute paths
+ * in the configuration files
+ */
+ GetModuleFileName( NULL, filename, sizeof( filename ) );
+ fname_start = strrchr( filename, *LDAP_DIRSEP );
+
+ if ( argc > 1 ) {
+ if ( _stricmp( "install", argv[1] ) == 0 )
+ {
+ char *svcName = SERVICE_NAME;
+ char *displayName = "OpenLDAP Directory Service";
+ BOOL auto_start = FALSE;
+
+ if ( (argc > 2) && (argv[2] != NULL) )
+ svcName = argv[2];
+
+ if ( argc > 3 && argv[3])
+ displayName = argv[3];
+
+ if ( argc > 4 && stricmp(argv[4], "auto") == 0)
+ auto_start = TRUE;
+
+ strcat(filename, " service");
+ if ( !lutil_srv_install(svcName, displayName, filename, auto_start) )
+ {
+ fputs( "service failed installation ...\n", stderr );
+ return EXIT_FAILURE;
+ }
+ fputs( "service has been installed ...\n", stderr );
+ return EXIT_SUCCESS;
+ }
+
+ if ( _stricmp( "remove", argv[1] ) == 0 )
+ {
+ char *svcName = SERVICE_NAME;
+ if ( (argc > 2) && (argv[2] != NULL) )
+ svcName = argv[2];
+ if ( !lutil_srv_remove(svcName, filename) )
+ {
+ fputs( "failed to remove the service ...\n", stderr );
+ return EXIT_FAILURE;
+ }
+ fputs( "service has been removed ...\n", stderr );
+ return EXIT_SUCCESS;
+ }
+ if ( _stricmp( "service", argv[1] ) == 0 )
+ {
+ is_NT_Service = 1;
+ *fname_start = '\0';
+ SetCurrentDirectory( filename );
+ }
+ }
+
+ if (is_NT_Service)
+ {
+ StartServiceCtrlDispatcher(DispatchTable);
+ } else
+ {
+ ServiceMain( argc, argv );
+ }
+
+ return EXIT_SUCCESS;
+}
+
+#endif
Added: openldap/vendor/openldap-2.3.35/servers/slapd/oc.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/oc.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/oc.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,757 @@
+/* oc.c - object class routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/oc.c,v 1.63.2.9 2007/01/02 21:43:57 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+int is_object_subclass(
+ ObjectClass *sup,
+ ObjectClass *sub )
+{
+ int i;
+
+ if( sub == NULL || sup == NULL ) return 0;
+
+#if 0
+ Debug( LDAP_DEBUG_TRACE, "is_object_subclass(%s,%s) %d\n",
+ sup->soc_oid, sub->soc_oid, sup == sub );
+#endif
+
+ if( sup == sub ) {
+ return 1;
+ }
+
+ if( sub->soc_sups == NULL ) {
+ return 0;
+ }
+
+ for( i=0; sub->soc_sups[i] != NULL; i++ ) {
+ if( is_object_subclass( sup, sub->soc_sups[i] ) ) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+int is_entry_objectclass(
+ Entry* e,
+ ObjectClass *oc,
+ unsigned flags )
+{
+ /*
+ * set_flags should only be true if oc is one of operational
+ * object classes which we support objectClass flags for
+ * (e.g., referral, alias, ...). See <slap.h>.
+ */
+
+ Attribute *attr;
+ struct berval *bv;
+
+ assert( !( e == NULL || oc == NULL ) );
+ assert( ( flags & SLAP_OCF_MASK ) != SLAP_OCF_MASK );
+
+ if( e == NULL || oc == NULL ) {
+ return 0;
+ }
+
+ if( flags == SLAP_OCF_SET_FLAGS && ( e->e_ocflags & SLAP_OC__END ) )
+ {
+ /* flags are set, use them */
+ return (e->e_ocflags & oc->soc_flags & SLAP_OC__MASK) != 0;
+ }
+
+ /*
+ * find objectClass attribute
+ */
+ attr = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
+ if( attr == NULL ) {
+ /* no objectClass attribute */
+ Debug( LDAP_DEBUG_ANY, "is_entry_objectclass(\"%s\", \"%s\") "
+ "no objectClass attribute\n",
+ e->e_dn == NULL ? "" : e->e_dn,
+ oc->soc_oclass.oc_oid, 0 );
+
+ return 0;
+ }
+
+ for( bv=attr->a_vals; bv->bv_val; bv++ ) {
+ ObjectClass *objectClass = oc_bvfind( bv );
+
+ if ( objectClass == NULL ) {
+ /* FIXME: is this acceptable? */
+ continue;
+ }
+
+ if ( !( flags & SLAP_OCF_SET_FLAGS ) ) {
+ if ( objectClass == oc ) {
+ return 1;
+ }
+
+ if ( ( flags & SLAP_OCF_CHECK_SUP )
+ && is_object_subclass( oc, objectClass ) )
+ {
+ return 1;
+ }
+ }
+
+ e->e_ocflags |= objectClass->soc_flags;
+ }
+
+ /* mark flags as set */
+ e->e_ocflags |= SLAP_OC__END;
+
+ return ( e->e_ocflags & oc->soc_flags & SLAP_OC__MASK ) != 0;
+}
+
+
+struct oindexrec {
+ struct berval oir_name;
+ ObjectClass *oir_oc;
+};
+
+static Avlnode *oc_index = NULL;
+static Avlnode *oc_cache = NULL;
+static LDAP_STAILQ_HEAD(OCList, slap_object_class) oc_list
+ = LDAP_STAILQ_HEAD_INITIALIZER(oc_list);
+
+static int
+oc_index_cmp(
+ const void *v_oir1,
+ const void *v_oir2 )
+{
+ const struct oindexrec *oir1 = v_oir1, *oir2 = v_oir2;
+ int i = oir1->oir_name.bv_len - oir2->oir_name.bv_len;
+ if (i) return i;
+ return strcasecmp( oir1->oir_name.bv_val, oir2->oir_name.bv_val );
+}
+
+static int
+oc_index_name_cmp(
+ const void *v_name,
+ const void *v_oir )
+{
+ const struct berval *name = v_name;
+ const struct oindexrec *oir = v_oir;
+ int i = name->bv_len - oir->oir_name.bv_len;
+ if (i) return i;
+ return strncasecmp( name->bv_val, oir->oir_name.bv_val, name->bv_len );
+}
+
+ObjectClass *
+oc_find( const char *ocname )
+{
+ struct berval bv;
+
+ bv.bv_val = (char *)ocname;
+ bv.bv_len = strlen( ocname );
+
+ return( oc_bvfind( &bv ) );
+}
+
+ObjectClass *
+oc_bvfind( struct berval *ocname )
+{
+ struct oindexrec *oir;
+
+ if ( oc_cache ) {
+ oir = avl_find( oc_cache, ocname, oc_index_name_cmp );
+ if ( oir ) return oir->oir_oc;
+ }
+ oir = avl_find( oc_index, ocname, oc_index_name_cmp );
+
+ if ( oir != NULL ) {
+ if ( at_oc_cache ) {
+ avl_insert( &oc_cache, (caddr_t) oir,
+ oc_index_cmp, avl_dup_error );
+ }
+ return( oir->oir_oc );
+ }
+
+ return( NULL );
+}
+
+static LDAP_STAILQ_HEAD(OCUList, slap_object_class) oc_undef_list
+ = LDAP_STAILQ_HEAD_INITIALIZER(oc_undef_list);
+
+ObjectClass *
+oc_bvfind_undef( struct berval *ocname )
+{
+ ObjectClass *oc = oc_bvfind( ocname );
+
+ if ( oc ) {
+ return oc;
+ }
+
+ LDAP_STAILQ_FOREACH( oc, &oc_undef_list, soc_next ) {
+ int d = oc->soc_cname.bv_len - ocname->bv_len;
+
+ if ( d ) {
+ continue;
+ }
+
+ if ( strcasecmp( oc->soc_cname.bv_val, ocname->bv_val ) == 0 ) {
+ break;
+ }
+ }
+
+ if ( oc ) {
+ return oc;
+ }
+
+ oc = ch_malloc( sizeof( ObjectClass ) + ocname->bv_len + 1 );
+ memset( oc, 0, sizeof( ObjectClass ) );
+
+ oc->soc_cname.bv_len = ocname->bv_len;
+ oc->soc_cname.bv_val = (char *)&oc[ 1 ];
+ AC_MEMCPY( oc->soc_cname.bv_val, ocname->bv_val, ocname->bv_len );
+
+ LDAP_STAILQ_NEXT( oc, soc_next ) = NULL;
+ ldap_pvt_thread_mutex_lock( &oc_undef_mutex );
+ LDAP_STAILQ_INSERT_HEAD( &oc_undef_list, oc, soc_next );
+ ldap_pvt_thread_mutex_unlock( &oc_undef_mutex );
+
+ return oc;
+}
+
+static int
+oc_create_required(
+ ObjectClass *soc,
+ char **attrs,
+ int *op,
+ const char **err )
+{
+ char **attrs1;
+ AttributeType *sat;
+ AttributeType **satp;
+ int i;
+
+ if ( attrs ) {
+ attrs1 = attrs;
+ while ( *attrs1 ) {
+ sat = at_find(*attrs1);
+ if ( !sat ) {
+ *err = *attrs1;
+ return SLAP_SCHERR_ATTR_NOT_FOUND;
+ }
+
+ if( is_at_operational( sat )) (*op)++;
+
+ if ( at_find_in_list(sat, soc->soc_required) < 0) {
+ if ( at_append_to_list(sat, &soc->soc_required) ) {
+ *err = *attrs1;
+ return SLAP_SCHERR_OUTOFMEM;
+ }
+ }
+ attrs1++;
+ }
+ /* Now delete duplicates from the allowed list */
+ for ( satp = soc->soc_required; *satp; satp++ ) {
+ i = at_find_in_list(*satp, soc->soc_allowed);
+ if ( i >= 0 ) {
+ at_delete_from_list(i, &soc->soc_allowed);
+ }
+ }
+ }
+ return 0;
+}
+
+static int
+oc_create_allowed(
+ ObjectClass *soc,
+ char **attrs,
+ int *op,
+ const char **err )
+{
+ char **attrs1;
+ AttributeType *sat;
+
+ if ( attrs ) {
+ attrs1 = attrs;
+ while ( *attrs1 ) {
+ sat = at_find(*attrs1);
+ if ( !sat ) {
+ *err = *attrs1;
+ return SLAP_SCHERR_ATTR_NOT_FOUND;
+ }
+
+ if( is_at_operational( sat )) (*op)++;
+
+ if ( at_find_in_list(sat, soc->soc_required) < 0 &&
+ at_find_in_list(sat, soc->soc_allowed) < 0 ) {
+ if ( at_append_to_list(sat, &soc->soc_allowed) ) {
+ *err = *attrs1;
+ return SLAP_SCHERR_OUTOFMEM;
+ }
+ }
+ attrs1++;
+ }
+ }
+ return 0;
+}
+
+static int
+oc_add_sups(
+ ObjectClass *soc,
+ char **sups,
+ int *op,
+ const char **err )
+{
+ int code;
+ ObjectClass *soc1;
+ int nsups;
+ char **sups1;
+ int add_sups = 0;
+
+ if ( sups ) {
+ if ( !soc->soc_sups ) {
+ /* We are at the first recursive level */
+ add_sups = 1;
+ nsups = 1;
+ sups1 = sups;
+ while ( *sups1 ) {
+ nsups++;
+ sups1++;
+ }
+ soc->soc_sups = (ObjectClass **)ch_calloc(nsups,
+ sizeof(ObjectClass *));
+ }
+
+ nsups = 0;
+ sups1 = sups;
+ while ( *sups1 ) {
+ soc1 = oc_find(*sups1);
+ if ( !soc1 ) {
+ *err = *sups1;
+ return SLAP_SCHERR_CLASS_NOT_FOUND;
+ }
+
+ /* check object class usage
+ * abstract classes can only sup abstract classes
+ * structural classes can not sup auxiliary classes
+ * auxiliary classes can not sup structural classes
+ */
+ if( soc->soc_kind != soc1->soc_kind
+ && soc1->soc_kind != LDAP_SCHEMA_ABSTRACT )
+ {
+ *err = *sups1;
+ return SLAP_SCHERR_CLASS_BAD_SUP;
+ }
+
+ if( soc1->soc_obsolete && !soc->soc_obsolete ) {
+ *err = *sups1;
+ return SLAP_SCHERR_CLASS_BAD_SUP;
+ }
+
+ if( soc->soc_flags & SLAP_OC_OPERATIONAL ) (*op)++;
+
+ if ( add_sups ) {
+ soc->soc_sups[nsups] = soc1;
+ }
+
+ code = oc_add_sups( soc, soc1->soc_sup_oids, op, err );
+ if ( code ) return code;
+
+ code = oc_create_required( soc, soc1->soc_at_oids_must, op, err );
+ if ( code ) return code;
+
+ code = oc_create_allowed( soc, soc1->soc_at_oids_may, op, err );
+ if ( code ) return code;
+
+ nsups++;
+ sups1++;
+ }
+ }
+
+ return 0;
+}
+
+void
+oc_destroy( void )
+{
+ ObjectClass *o;
+
+ avl_free(oc_index, ldap_memfree);
+ while( !LDAP_STAILQ_EMPTY(&oc_list) ) {
+ o = LDAP_STAILQ_FIRST(&oc_list);
+ LDAP_STAILQ_REMOVE_HEAD(&oc_list, soc_next);
+
+ if (o->soc_sups) ldap_memfree(o->soc_sups);
+ if (o->soc_required) ldap_memfree(o->soc_required);
+ if (o->soc_allowed) ldap_memfree(o->soc_allowed);
+ if (o->soc_oidmacro) ldap_memfree(o->soc_oidmacro);
+ ldap_objectclass_free((LDAPObjectClass *)o);
+ }
+
+ while( !LDAP_STAILQ_EMPTY(&oc_undef_list) ) {
+ o = LDAP_STAILQ_FIRST(&oc_undef_list);
+ LDAP_STAILQ_REMOVE_HEAD(&oc_undef_list, soc_next);
+
+ ch_free( (ObjectClass *)o );
+ }
+}
+
+/*
+ * check whether the two ObjectClasses actually __are__ identical,
+ * or rather inconsistent
+ */
+static int
+oc_check_dup(
+ ObjectClass *soc,
+ ObjectClass *new_soc )
+{
+ if ( new_soc->soc_oid != NULL ) {
+ if ( soc->soc_oid == NULL ) {
+ return SLAP_SCHERR_CLASS_INCONSISTENT;
+ }
+
+ if ( strcmp( soc->soc_oid, new_soc->soc_oid ) != 0 ) {
+ return SLAP_SCHERR_CLASS_INCONSISTENT;
+ }
+
+ } else {
+ if ( soc->soc_oid != NULL ) {
+ return SLAP_SCHERR_CLASS_INCONSISTENT;
+ }
+ }
+
+ if ( new_soc->soc_names ) {
+ int i;
+
+ if ( soc->soc_names == NULL ) {
+ return SLAP_SCHERR_CLASS_INCONSISTENT;
+ }
+
+ for ( i = 0; new_soc->soc_names[ i ]; i++ ) {
+ if ( soc->soc_names[ i ] == NULL ) {
+ return SLAP_SCHERR_CLASS_INCONSISTENT;
+ }
+
+ if ( strcasecmp( soc->soc_names[ i ],
+ new_soc->soc_names[ i ] ) != 0 )
+ {
+ return SLAP_SCHERR_CLASS_INCONSISTENT;
+ }
+ }
+ } else {
+ if ( soc->soc_names != NULL ) {
+ return SLAP_SCHERR_CLASS_INCONSISTENT;
+ }
+ }
+
+ return SLAP_SCHERR_CLASS_DUP;
+}
+
+static int
+oc_insert(
+ ObjectClass *soc,
+ const char **err )
+{
+ struct oindexrec *oir;
+ char **names;
+
+ if ( soc->soc_oid ) {
+ oir = (struct oindexrec *)
+ ch_calloc( 1, sizeof(struct oindexrec) );
+ oir->oir_name.bv_val = soc->soc_oid;
+ oir->oir_name.bv_len = strlen( soc->soc_oid );
+ oir->oir_oc = soc;
+
+ assert( oir->oir_name.bv_val != NULL );
+ assert( oir->oir_oc != NULL );
+
+ if ( avl_insert( &oc_index, (caddr_t) oir,
+ oc_index_cmp, avl_dup_error ) )
+ {
+ ObjectClass *old_soc;
+ int rc;
+
+ *err = soc->soc_oid;
+
+ old_soc = oc_bvfind( &oir->oir_name );
+ assert( old_soc != NULL );
+ rc = oc_check_dup( old_soc, soc );
+
+ ldap_memfree( oir );
+ return rc;
+ }
+
+ /* FIX: temporal consistency check */
+ assert( oc_bvfind( &oir->oir_name ) != NULL );
+ }
+
+ if ( (names = soc->soc_names) ) {
+ while ( *names ) {
+ oir = (struct oindexrec *)
+ ch_calloc( 1, sizeof(struct oindexrec) );
+ oir->oir_name.bv_val = *names;
+ oir->oir_name.bv_len = strlen( *names );
+ oir->oir_oc = soc;
+
+ assert( oir->oir_name.bv_val != NULL );
+ assert( oir->oir_oc != NULL );
+
+ if ( avl_insert( &oc_index, (caddr_t) oir,
+ oc_index_cmp, avl_dup_error ) )
+ {
+ ObjectClass *old_soc;
+ int rc;
+
+ *err = *names;
+
+ old_soc = oc_bvfind( &oir->oir_name );
+ assert( old_soc != NULL );
+ rc = oc_check_dup( old_soc, soc );
+
+ ldap_memfree( oir );
+
+ while ( names > soc->soc_names ) {
+ struct oindexrec tmpoir;
+
+ names--;
+ ber_str2bv( *names, 0, 0, &tmpoir.oir_name );
+ tmpoir.oir_oc = soc;
+ oir = (struct oindexrec *)avl_delete( &oc_index,
+ (caddr_t)&tmpoir, oc_index_cmp );
+ assert( oir != NULL );
+ ldap_memfree( oir );
+ }
+
+ if ( soc->soc_oid ) {
+ struct oindexrec tmpoir;
+
+ ber_str2bv( soc->soc_oid, 0, 0, &tmpoir.oir_name );
+ tmpoir.oir_oc = soc;
+ oir = (struct oindexrec *)avl_delete( &oc_index,
+ (caddr_t)&tmpoir, oc_index_cmp );
+ assert( oir != NULL );
+ ldap_memfree( oir );
+ }
+
+ return rc;
+ }
+
+ /* FIX: temporal consistency check */
+ assert( oc_bvfind(&oir->oir_name) != NULL );
+
+ names++;
+ }
+ }
+ LDAP_STAILQ_INSERT_TAIL( &oc_list, soc, soc_next );
+
+ return 0;
+}
+
+int
+oc_add(
+ LDAPObjectClass *oc,
+ int user,
+ ObjectClass **rsoc,
+ const char **err )
+{
+ ObjectClass *soc;
+ int code;
+ int op = 0;
+ char *oidm = NULL;
+
+ if ( oc->oc_names != NULL ) {
+ int i;
+
+ for( i=0; oc->oc_names[i]; i++ ) {
+ if( !slap_valid_descr( oc->oc_names[i] ) ) {
+ return SLAP_SCHERR_BAD_DESCR;
+ }
+ }
+ }
+
+ if ( !OID_LEADCHAR( oc->oc_oid[0] )) {
+ /* Expand OID macros */
+ char *oid = oidm_find( oc->oc_oid );
+ if ( !oid ) {
+ *err = oc->oc_oid;
+ return SLAP_SCHERR_OIDM;
+ }
+ if ( oid != oc->oc_oid ) {
+ oidm = oc->oc_oid;
+ oc->oc_oid = oid;
+ }
+ }
+
+ soc = (ObjectClass *) ch_calloc( 1, sizeof(ObjectClass) );
+ AC_MEMCPY( &soc->soc_oclass, oc, sizeof(LDAPObjectClass) );
+
+ soc->soc_oidmacro = oidm;
+ if( oc->oc_names != NULL ) {
+ soc->soc_cname.bv_val = soc->soc_names[0];
+ } else {
+ soc->soc_cname.bv_val = soc->soc_oid;
+ }
+ soc->soc_cname.bv_len = strlen( soc->soc_cname.bv_val );
+
+ if( soc->soc_sup_oids == NULL &&
+ soc->soc_kind == LDAP_SCHEMA_STRUCTURAL )
+ {
+ /* structural object classes implicitly inherit from 'top' */
+ static char *top_oids[] = { SLAPD_TOP_OID, NULL };
+ code = oc_add_sups( soc, top_oids, &op, err );
+ } else {
+ code = oc_add_sups( soc, soc->soc_sup_oids, &op, err );
+ }
+
+ if ( code != 0 ) {
+ goto done;
+ }
+
+ if ( user && op ) {
+ code = SLAP_SCHERR_CLASS_BAD_SUP;
+ goto done;
+ }
+
+ code = oc_create_required( soc, soc->soc_at_oids_must, &op, err );
+ if ( code != 0 ) {
+ goto done;
+ }
+
+ code = oc_create_allowed( soc, soc->soc_at_oids_may, &op, err );
+ if ( code != 0 ) {
+ goto done;
+ }
+
+ if ( user && op ) {
+ code = SLAP_SCHERR_CLASS_BAD_USAGE;
+ goto done;
+ }
+
+ if ( !user ) {
+ soc->soc_flags |= SLAP_OC_HARDCODE;
+ }
+
+ code = oc_insert(soc,err);
+done:;
+ if ( code != 0 ) {
+ if ( soc->soc_sups ) {
+ ch_free( soc->soc_sups );
+ }
+
+ if ( soc->soc_required ) {
+ ch_free( soc->soc_required );
+ }
+
+ if ( soc->soc_allowed ) {
+ ch_free( soc->soc_allowed );
+ }
+
+ ch_free( soc );
+
+ } else if ( rsoc ) {
+ *rsoc = soc;
+ }
+ return code;
+}
+
+void
+oc_unparse( BerVarray *res, ObjectClass *start, ObjectClass *end, int sys )
+{
+ ObjectClass *oc;
+ int i, num;
+ struct berval bv, *bva = NULL, idx;
+ char ibuf[32];
+
+ if ( !start )
+ start = LDAP_STAILQ_FIRST( &oc_list );
+
+ /* count the result size */
+ i = 0;
+ for ( oc=start; oc; oc=LDAP_STAILQ_NEXT(oc, soc_next)) {
+ if ( sys && !(oc->soc_flags & SLAP_OC_HARDCODE)) continue;
+ i++;
+ if ( oc == end ) break;
+ }
+ if (!i) return;
+
+ num = i;
+ bva = ch_malloc( (num+1) * sizeof(struct berval) );
+ BER_BVZERO( bva );
+ idx.bv_val = ibuf;
+ if ( sys ) {
+ idx.bv_len = 0;
+ ibuf[0] = '\0';
+ }
+ i = 0;
+ for ( oc=start; oc; oc=LDAP_STAILQ_NEXT(oc, soc_next)) {
+ LDAPObjectClass loc, *locp;
+ if ( sys && !(oc->soc_flags & SLAP_OC_HARDCODE)) continue;
+ if ( oc->soc_oidmacro ) {
+ loc = oc->soc_oclass;
+ loc.oc_oid = oc->soc_oidmacro;
+ locp = &loc;
+ } else {
+ locp = &oc->soc_oclass;
+ }
+ if ( ldap_objectclass2bv( locp, &bv ) == NULL ) {
+ ber_bvarray_free( bva );
+ }
+ if ( !sys ) {
+ idx.bv_len = sprintf(idx.bv_val, "{%d}", i);
+ }
+ bva[i].bv_len = idx.bv_len + bv.bv_len;
+ bva[i].bv_val = ch_malloc( bva[i].bv_len + 1 );
+ strcpy( bva[i].bv_val, ibuf );
+ strcpy( bva[i].bv_val + idx.bv_len, bv.bv_val );
+ i++;
+ bva[i].bv_val = NULL;
+ ldap_memfree( bv.bv_val );
+ if ( oc == end ) break;
+ }
+ *res = bva;
+}
+
+int
+oc_schema_info( Entry *e )
+{
+ AttributeDescription *ad_objectClasses = slap_schema.si_ad_objectClasses;
+ ObjectClass *oc;
+ struct berval val;
+ struct berval nval;
+
+ LDAP_STAILQ_FOREACH( oc, &oc_list, soc_next ) {
+ if( oc->soc_flags & SLAP_OC_HIDE ) continue;
+
+ if ( ldap_objectclass2bv( &oc->soc_oclass, &val ) == NULL ) {
+ return -1;
+ }
+
+ nval = oc->soc_cname;
+
+#if 0
+ Debug( LDAP_DEBUG_TRACE, "Merging oc [%ld] %s (%s)\n",
+ (long) val.bv_len, val.bv_val, nval.bv_val );
+#endif
+
+ if( attr_merge_one( e, ad_objectClasses, &val, &nval ) ) {
+ return -1;
+ }
+ ldap_memfree( val.bv_val );
+ }
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/oidm.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/oidm.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/oidm.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,201 @@
+/* oidm.c - object identifier macro routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/oidm.c,v 1.11.2.6 2007/01/02 21:43:57 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "lutil.h"
+
+static LDAP_STAILQ_HEAD(OidMacroList, slap_oid_macro) om_list
+ = LDAP_STAILQ_HEAD_INITIALIZER(om_list);
+
+/* Replace an OID Macro invocation with its full numeric OID.
+ * If the macro is used with "macroname:suffix" append ".suffix"
+ * to the expansion.
+ */
+char *
+oidm_find(char *oid)
+{
+ OidMacro *om;
+
+ /* OID macros must start alpha */
+ if ( OID_LEADCHAR( *oid ) ) {
+ return oid;
+ }
+
+ LDAP_STAILQ_FOREACH( om, &om_list, som_next ) {
+ BerVarray names = om->som_names;
+
+ if( names == NULL ) {
+ continue;
+ }
+
+ for( ; !BER_BVISNULL( names ) ; names++ ) {
+ int pos = dscompare(names->bv_val, oid, ':');
+
+ if( pos ) {
+ int suflen = strlen(oid + pos);
+ char *tmp = SLAP_MALLOC( om->som_oid.bv_len
+ + suflen + 1);
+ if( tmp == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "oidm_find: SLAP_MALLOC failed", 0, 0, 0 );
+ return NULL;
+ }
+ strcpy(tmp, om->som_oid.bv_val);
+ if( suflen ) {
+ suflen = om->som_oid.bv_len;
+ tmp[suflen++] = '.';
+ strcpy(tmp+suflen, oid+pos+1);
+ }
+ return tmp;
+ }
+ }
+ }
+ return NULL;
+}
+
+void
+oidm_destroy()
+{
+ OidMacro *om;
+ while( !LDAP_STAILQ_EMPTY( &om_list )) {
+ om = LDAP_STAILQ_FIRST( &om_list );
+ LDAP_STAILQ_REMOVE_HEAD( &om_list, som_next );
+
+ ber_bvarray_free(om->som_names);
+ ber_bvarray_free(om->som_subs);
+ free(om->som_oid.bv_val);
+ free(om);
+
+ }
+}
+
+int
+parse_oidm(
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv,
+ int user,
+ OidMacro **rom)
+{
+ char *oid;
+ OidMacro *om;
+ struct berval bv;
+
+ if (argc != 3) {
+ fprintf( stderr, "%s: line %d: too many arguments\n",
+ fname, lineno );
+usage: fprintf( stderr, "\tObjectIdentifier <name> <oid>\n");
+ return 1;
+ }
+
+ oid = oidm_find( argv[1] );
+ if( oid != NULL ) {
+ fprintf( stderr,
+ "%s: line %d: "
+ "ObjectIdentifier \"%s\" previously defined \"%s\"",
+ fname, lineno, argv[1], oid );
+ return 1;
+ }
+
+ om = (OidMacro *) SLAP_CALLOC( sizeof(OidMacro), 1 );
+ if( om == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "parse_oidm: SLAP_CALLOC failed", 0, 0, 0 );
+ return 1;
+ }
+
+ om->som_names = NULL;
+ om->som_subs = NULL;
+ ber_str2bv( argv[1], 0, 1, &bv );
+ ber_bvarray_add( &om->som_names, &bv );
+ ber_str2bv( argv[2], 0, 1, &bv );
+ ber_bvarray_add( &om->som_subs, &bv );
+ om->som_oid.bv_val = oidm_find( argv[2] );
+
+ if (!om->som_oid.bv_val) {
+ fprintf( stderr, "%s: line %d: OID %s not recognized\n",
+ fname, lineno, argv[2] );
+ goto usage;
+ }
+
+ if (om->som_oid.bv_val == argv[2]) {
+ om->som_oid.bv_val = ch_strdup( argv[2] );
+ }
+
+ om->som_oid.bv_len = strlen( om->som_oid.bv_val );
+ if ( !user )
+ om->som_flags |= SLAP_OM_HARDCODE;
+
+ LDAP_STAILQ_INSERT_TAIL( &om_list, om, som_next );
+ if ( rom ) *rom = om;
+ return 0;
+}
+
+void oidm_unparse( BerVarray *res, OidMacro *start, OidMacro *end, int sys )
+{
+ OidMacro *om;
+ int i, j, num;
+ struct berval *bva = NULL, idx;
+ char ibuf[32], *ptr;
+
+ if ( !start )
+ start = LDAP_STAILQ_FIRST( &om_list );
+
+ /* count the result size */
+ i = 0;
+ for ( om=start; om; om=LDAP_STAILQ_NEXT(om, som_next)) {
+ if ( sys && !(om->som_flags & SLAP_OM_HARDCODE)) continue;
+ for ( j=0; !BER_BVISNULL(&om->som_names[j]); j++ );
+ i += j;
+ if ( om == end ) break;
+ }
+ num = i;
+ if (!i) return;
+
+ bva = ch_malloc( (num+1) * sizeof(struct berval) );
+ BER_BVZERO( bva+num );
+ idx.bv_val = ibuf;
+ if ( sys ) {
+ idx.bv_len = 0;
+ ibuf[0] = '\0';
+ }
+ for ( i=0,om=start; om; om=LDAP_STAILQ_NEXT(om, som_next)) {
+ if ( sys && !(om->som_flags & SLAP_OM_HARDCODE)) continue;
+ for ( j=0; !BER_BVISNULL(&om->som_names[j]); i++,j++ ) {
+ if ( !sys ) {
+ idx.bv_len = sprintf(idx.bv_val, "{%d}", i );
+ }
+ bva[i].bv_len = idx.bv_len + om->som_names[j].bv_len +
+ om->som_subs[j].bv_len + 1;
+ bva[i].bv_val = ch_malloc( bva[i].bv_len + 1 );
+ ptr = lutil_strcopy( bva[i].bv_val, ibuf );
+ ptr = lutil_strcopy( ptr, om->som_names[j].bv_val );
+ *ptr++ = ' ';
+ strcpy( ptr, om->som_subs[j].bv_val );
+ }
+ if ( i>=num ) break;
+ if ( om == end ) break;
+ }
+ *res = bva;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/operation.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/operation.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/operation.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,203 @@
+/* operation.c - routines to deal with pending ldap operations */
+/* $OpenLDAP: pkg/ldap/servers/slapd/operation.c,v 1.63.2.9 2007/01/02 21:43:57 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+#ifdef LDAP_SLAPI
+#include "slapi/slapi.h"
+#endif
+
+static ldap_pvt_thread_mutex_t slap_op_mutex;
+static LDAP_STAILQ_HEAD(s_o, slap_op) slap_free_ops;
+static time_t last_time;
+static int last_incr;
+
+void slap_op_init(void)
+{
+ ldap_pvt_thread_mutex_init( &slap_op_mutex );
+ LDAP_STAILQ_INIT(&slap_free_ops);
+}
+
+void slap_op_destroy(void)
+{
+ Operation *o;
+
+ while ( (o = LDAP_STAILQ_FIRST( &slap_free_ops )) != NULL) {
+ LDAP_STAILQ_REMOVE_HEAD( &slap_free_ops, o_next );
+ LDAP_STAILQ_NEXT(o, o_next) = NULL;
+ ch_free( o );
+ }
+ ldap_pvt_thread_mutex_destroy( &slap_op_mutex );
+}
+
+void
+slap_op_groups_free( Operation *op )
+{
+ GroupAssertion *g, *n;
+ for ( g = op->o_groups; g; g = n ) {
+ n = g->ga_next;
+ slap_sl_free( g, op->o_tmpmemctx );
+ }
+ op->o_groups = NULL;
+}
+
+void
+slap_op_free( Operation *op )
+{
+ assert( LDAP_STAILQ_NEXT(op, o_next) == NULL );
+
+ if ( op->o_ber != NULL ) {
+ ber_free( op->o_ber, 1 );
+ }
+ if ( !BER_BVISNULL( &op->o_dn ) ) {
+ ch_free( op->o_dn.bv_val );
+ }
+ if ( !BER_BVISNULL( &op->o_ndn ) ) {
+ ch_free( op->o_ndn.bv_val );
+ }
+ if ( !BER_BVISNULL( &op->o_authmech ) ) {
+ ch_free( op->o_authmech.bv_val );
+ }
+ if ( op->o_ctrls != NULL ) {
+ slap_free_ctrls( op, op->o_ctrls );
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ if ( op->o_res_ber != NULL ) {
+ ber_free( op->o_res_ber, 1 );
+ }
+#endif
+
+ if ( op->o_groups ) {
+ slap_op_groups_free( op );
+ }
+
+#if defined( LDAP_SLAPI )
+ if ( slapi_plugins_used ) {
+ slapi_int_free_object_extensions( SLAPI_X_EXT_OPERATION, op );
+ }
+#endif /* defined( LDAP_SLAPI ) */
+
+
+ memset( op, 0, sizeof(Operation) + sizeof(Opheader) + SLAP_MAX_CIDS * sizeof(void *) );
+ op->o_hdr = (Opheader *)(op+1);
+ op->o_controls = (void **)(op->o_hdr+1);
+
+ ldap_pvt_thread_mutex_lock( &slap_op_mutex );
+ LDAP_STAILQ_INSERT_HEAD( &slap_free_ops, op, o_next );
+ ldap_pvt_thread_mutex_unlock( &slap_op_mutex );
+}
+
+void
+slap_op_time(time_t *t, int *nop)
+{
+ *t = slap_get_time();
+ ldap_pvt_thread_mutex_lock( &slap_op_mutex );
+ if ( *t == last_time ) {
+ *nop = ++last_incr;
+ } else {
+ last_time = *t;
+ last_incr = 0;
+ *nop = 0;
+ }
+ ldap_pvt_thread_mutex_unlock( &slap_op_mutex );
+}
+
+Operation *
+slap_op_alloc(
+ BerElement *ber,
+ ber_int_t msgid,
+ ber_tag_t tag,
+ ber_int_t id
+)
+{
+ Operation *op;
+
+ ldap_pvt_thread_mutex_lock( &slap_op_mutex );
+ if ((op = LDAP_STAILQ_FIRST( &slap_free_ops ))) {
+ LDAP_STAILQ_REMOVE_HEAD( &slap_free_ops, o_next );
+ }
+ ldap_pvt_thread_mutex_unlock( &slap_op_mutex );
+
+ if (!op) {
+ op = (Operation *) ch_calloc( 1, sizeof(Operation)
+ + sizeof(Opheader) + SLAP_MAX_CIDS * sizeof(void *) );
+ op->o_hdr = (Opheader *)(op + 1);
+ op->o_controls = (void **)(op->o_hdr+1);
+ }
+
+ op->o_ber = ber;
+ op->o_msgid = msgid;
+ op->o_tag = tag;
+
+ slap_op_time( &op->o_time, &op->o_tincr );
+ op->o_opid = id;
+ op->o_res_ber = NULL;
+
+#if defined( LDAP_SLAPI )
+ if ( slapi_plugins_used ) {
+ slapi_int_create_object_extensions( SLAPI_X_EXT_OPERATION, op );
+ }
+#endif /* defined( LDAP_SLAPI ) */
+
+ return( op );
+}
+
+slap_op_t
+slap_req2op( ber_tag_t tag )
+{
+ switch ( tag ) {
+ case LDAP_REQ_BIND:
+ return SLAP_OP_BIND;
+ case LDAP_REQ_UNBIND:
+ return SLAP_OP_UNBIND;
+ case LDAP_REQ_ADD:
+ return SLAP_OP_ADD;
+ case LDAP_REQ_DELETE:
+ return SLAP_OP_DELETE;
+ case LDAP_REQ_MODRDN:
+ return SLAP_OP_MODRDN;
+ case LDAP_REQ_MODIFY:
+ return SLAP_OP_MODIFY;
+ case LDAP_REQ_COMPARE:
+ return SLAP_OP_COMPARE;
+ case LDAP_REQ_SEARCH:
+ return SLAP_OP_SEARCH;
+ case LDAP_REQ_ABANDON:
+ return SLAP_OP_ABANDON;
+ case LDAP_REQ_EXTENDED:
+ return SLAP_OP_EXTENDED;
+ }
+
+ return SLAP_OP_LAST;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/operational.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/operational.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/operational.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,99 @@
+/* operational.c - routines to deal with on-the-fly operational attrs */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include "slap.h"
+
+/*
+ * helpers for on-the-fly operational attribute generation
+ */
+
+Attribute *
+slap_operational_subschemaSubentry( Backend *be )
+{
+ Attribute *a;
+
+ /* The backend wants to take care of it */
+ if ( be && !SLAP_FRONTEND(be) && be->be_schemadn.bv_val ) return NULL;
+
+ a = ch_malloc( sizeof( Attribute ) );
+ a->a_desc = slap_schema.si_ad_subschemaSubentry;
+
+ a->a_vals = ch_malloc( 2 * sizeof( struct berval ) );
+ ber_dupbv( a->a_vals, &frontendDB->be_schemadn );
+ a->a_vals[1].bv_len = 0;
+ a->a_vals[1].bv_val = NULL;
+
+ a->a_nvals = ch_malloc( 2 * sizeof( struct berval ) );
+ ber_dupbv( a->a_nvals, &frontendDB->be_schemandn );
+ a->a_nvals[1].bv_len = 0;
+ a->a_nvals[1].bv_val = NULL;
+
+ a->a_next = NULL;
+ a->a_flags = 0;
+
+ return a;
+}
+
+Attribute *
+slap_operational_entryDN( Entry *e )
+{
+ Attribute *a;
+
+ assert( e != NULL );
+ assert( !BER_BVISNULL( &e->e_name ) );
+ assert( !BER_BVISNULL( &e->e_nname ) );
+
+ a = ch_malloc( sizeof( Attribute ) );
+ a->a_desc = slap_schema.si_ad_entryDN;
+
+ a->a_vals = ch_malloc( 2 * sizeof( struct berval ) );
+ ber_dupbv( &a->a_vals[ 0 ], &e->e_name );
+ BER_BVZERO( &a->a_vals[ 1 ] );
+
+ a->a_nvals = ch_malloc( 2 * sizeof( struct berval ) );
+ ber_dupbv( &a->a_nvals[ 0 ], &e->e_nname );
+ BER_BVZERO( &a->a_nvals[ 1 ] );
+
+ a->a_next = NULL;
+ a->a_flags = 0;
+
+ return a;
+}
+
+Attribute *
+slap_operational_hasSubordinate( int hs )
+{
+ Attribute *a;
+ struct berval val;
+
+ val = hs ? slap_true_bv : slap_false_bv;
+
+ a = ch_malloc( sizeof( Attribute ) );
+ a->a_desc = slap_schema.si_ad_hasSubordinates;
+ a->a_vals = ch_malloc( 2 * sizeof( struct berval ) );
+
+ ber_dupbv( &a->a_vals[0], &val );
+ a->a_vals[1].bv_val = NULL;
+
+ a->a_nvals = a->a_vals;
+
+ a->a_next = NULL;
+ a->a_flags = 0;
+
+ return a;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,136 @@
+# Makefile.in for overlays
+# $OpenLDAP: pkg/ldap/servers/slapd/overlays/Makefile.in,v 1.16.2.16 2007/01/02 21:44:08 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2003-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SRCS = overlays.c \
+ accesslog.c \
+ auditlog.c \
+ denyop.c \
+ dyngroup.c \
+ dynlist.c \
+ lastmod.c \
+ pcache.c \
+ ppolicy.c \
+ refint.c \
+ retcode.c \
+ rwm.c rwmconf.c rwmdn.c rwmmap.c \
+ syncprov.c \
+ translucent.c \
+ unique.c \
+ valsort.c
+OBJS = overlays.o \
+ statover.o \
+ @SLAPD_STATIC_OVERLAYS@
+
+# Add here the objs that are needed by overlays, but do not make it
+# into SLAPD_STATIC_OVERLAYS...
+OBJDEP=rwm.o rwmconf.o rwmdn.o rwmmap.o
+
+LTONLY_MOD = $(LTONLY_mod)
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+MOD_DEFS = -DSLAPD_IMPORT
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+
+LIBRARY = ../liboverlays.a
+PROGRAMS = @SLAPD_DYNAMIC_OVERLAYS@
+
+XINCPATH = -I.. -I$(srcdir)/..
+XDEFS = $(MODULES_CPPFLAGS)
+
+static: $(LIBRARY)
+
+dynamic: $(PROGRAMS)
+
+accesslog.la : accesslog.lo
+ $(LTLINK_MOD) -module -o $@ accesslog.lo version.lo $(LINK_LIBS)
+
+auditlog.la : auditlog.lo
+ $(LTLINK_MOD) -module -o $@ auditlog.lo version.lo $(LINK_LIBS)
+
+denyop.la : denyop.lo
+ $(LTLINK_MOD) -module -o $@ denyop.lo version.lo $(LINK_LIBS)
+
+dyngroup.la : dyngroup.lo
+ $(LTLINK_MOD) -module -o $@ dyngroup.lo version.lo $(LINK_LIBS)
+
+dynlist.la : dynlist.lo
+ $(LTLINK_MOD) -module -o $@ dynlist.lo version.lo $(LINK_LIBS)
+
+lastmod.la : lastmod.lo
+ $(LTLINK_MOD) -module -o $@ lastmod.lo version.lo $(LINK_LIBS)
+
+pcache.la : pcache.lo
+ $(LTLINK_MOD) -module -o $@ pcache.lo version.lo $(LINK_LIBS)
+
+ppolicy.la : ppolicy.lo
+ $(LTLINK_MOD) -module -o $@ ppolicy.lo version.lo $(LINK_LIBS) $(MODULES_LIBS)
+
+refint.la : refint.lo
+ $(LTLINK_MOD) -module -o $@ refint.lo version.lo $(LINK_LIBS)
+
+retcode.la : retcode.lo
+ $(LTLINK_MOD) -module -o $@ retcode.lo version.lo $(LINK_LIBS)
+
+rwm_x.o: rwm.o rwmconf.o rwmdn.o rwmmap.o
+ $(LD) -r -o $@ rwm.o rwmconf.o rwmdn.o rwmmap.o
+
+rwm.la : rwm.lo rwmconf.lo rwmdn.lo rwmmap.lo
+ $(LTLINK_MOD) -module -o $@ rwm.lo rwmconf.lo rwmdn.lo rwmmap.lo version.lo $(LINK_LIBS)
+
+syncprov.la : syncprov.lo
+ $(LTLINK_MOD) -module -o $@ syncprov.lo version.lo $(LINK_LIBS)
+
+translucent.la : translucent.lo
+ $(LTLINK_MOD) -module -o $@ translucent.lo version.lo $(LINK_LIBS)
+
+unique.la : unique.lo
+ $(LTLINK_MOD) -module -o $@ unique.lo version.lo $(LINK_LIBS)
+
+valsort.la : valsort.lo
+ $(LTLINK_MOD) -module -o $@ valsort.lo version.lo $(LINK_LIBS)
+
+install-local: $(PROGRAMS)
+ @if test -n "$?" ; then \
+ $(MKDIR) $(DESTDIR)$(moduledir); \
+ $(LTINSTALL) $(INSTALLFLAGS) -m 755 $? $(DESTDIR)$(moduledir);\
+ fi
+
+MKDEPFLAG = -l
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+ $(LTCOMPILE_MOD) $<
+
+statover.o: statover.c $(srcdir)/../slap.h
+
+$(LIBRARY): $(OBJS) version.lo
+ $(AR) rs $@ $(OBJS)
+
+# Must fixup depends for non-libtool objects
+depend-local:
+ @if test -n "$(OBJS)"; then \
+ OBJ2=`echo $(OBJS) $(OBJDEP) | $(SED) -e 's/\.o//g'`; \
+ SCR=''; for i in $$OBJ2; do SCR="$$SCR -e s/^$$i.lo:/$$i.o:/"; done; \
+ mv Makefile Makefile.bak; $(SED) $$SCR Makefile.bak > Makefile && \
+ $(RM) Makefile.bak; fi
+
+veryclean-local:
+ $(RM) statover.c
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/README
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,5 @@
+This directory contains a number of SLAPD overlays, some
+project-maintained, some not. Some are generally usable,
+others are purely experimental. Additional overlays can
+be found in the contrib/slapd-modules directory.
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/accesslog.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/accesslog.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/accesslog.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1554 @@
+/* accesslog.c - log operations for audit/history purposes */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/accesslog.c,v 1.2.2.23 2007/01/25 12:42:01 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005-2007 The OpenLDAP Foundation.
+ * Portions copyright 2004-2005 Symas Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_ACCESSLOG
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/ctype.h>
+
+#include "slap.h"
+#include "config.h"
+#include "lutil.h"
+#include "ldap_rq.h"
+
+#define LOG_OP_ADD 0x001
+#define LOG_OP_DELETE 0x002
+#define LOG_OP_MODIFY 0x004
+#define LOG_OP_MODRDN 0x008
+#define LOG_OP_COMPARE 0x010
+#define LOG_OP_SEARCH 0x020
+#define LOG_OP_BIND 0x040
+#define LOG_OP_UNBIND 0x080
+#define LOG_OP_ABANDON 0x100
+#define LOG_OP_EXTENDED 0x200
+#define LOG_OP_UNKNOWN 0x400
+
+#define LOG_OP_WRITES (LOG_OP_ADD|LOG_OP_DELETE|LOG_OP_MODIFY|LOG_OP_MODRDN)
+#define LOG_OP_READS (LOG_OP_COMPARE|LOG_OP_SEARCH)
+#define LOG_OP_SESSION (LOG_OP_BIND|LOG_OP_UNBIND|LOG_OP_ABANDON)
+#define LOG_OP_ALL (LOG_OP_READS|LOG_OP_WRITES|LOG_OP_SESSION| \
+ LOG_OP_EXTENDED|LOG_OP_UNKNOWN)
+
+typedef struct log_info {
+ BackendDB *li_db;
+ slap_mask_t li_ops;
+ int li_age;
+ int li_cycle;
+ struct re_s *li_task;
+ Filter *li_oldf;
+ Entry *li_old;
+ int li_success;
+ ldap_pvt_thread_mutex_t li_op_mutex;
+ ldap_pvt_thread_mutex_t li_log_mutex;
+} log_info;
+
+static ConfigDriver log_cf_gen;
+
+enum {
+ LOG_DB = 1,
+ LOG_OPS,
+ LOG_PURGE,
+ LOG_SUCCESS,
+ LOG_OLD
+};
+
+static ConfigTable log_cfats[] = {
+ { "logdb", "suffix", 2, 2, 0, ARG_DN|ARG_MAGIC|LOG_DB,
+ log_cf_gen, "( OLcfgOvAt:4.1 NAME 'olcAccessLogDB' "
+ "DESC 'Suffix of database for log content' "
+ "SUP distinguishedName SINGLE-VALUE )", NULL, NULL },
+ { "logops", "op|writes|reads|session|all", 2, 0, 0,
+ ARG_MAGIC|LOG_OPS,
+ log_cf_gen, "( OLcfgOvAt:4.2 NAME 'olcAccessLogOps' "
+ "DESC 'Operation types to log' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "logpurge", "age> <interval", 3, 3, 0, ARG_MAGIC|LOG_PURGE,
+ log_cf_gen, "( OLcfgOvAt:4.3 NAME 'olcAccessLogPurge' "
+ "DESC 'Log cleanup parameters' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "logsuccess", NULL, 2, 2, 0, ARG_MAGIC|ARG_ON_OFF|LOG_SUCCESS,
+ log_cf_gen, "( OLcfgOvAt:4.4 NAME 'olcAccessLogSuccess' "
+ "DESC 'Log successful ops only' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { "logold", "filter", 2, 2, 0, ARG_MAGIC|LOG_OLD,
+ log_cf_gen, "( OLcfgOvAt:4.5 NAME 'olcAccessLogOld' "
+ "DESC 'Log old values when modifying entries matching the filter' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { NULL }
+};
+
+static ConfigOCs log_cfocs[] = {
+ { "( OLcfgOvOc:4.1 "
+ "NAME 'olcAccessLogConfig' "
+ "DESC 'Access log configuration' "
+ "SUP olcOverlayConfig "
+ "MUST olcAccessLogDB "
+ "MAY ( olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogSuccess $ "
+ "olcAccessLogOld ) )",
+ Cft_Overlay, log_cfats },
+ { NULL }
+};
+
+static slap_verbmasks logops[] = {
+ { BER_BVC("all"), LOG_OP_ALL },
+ { BER_BVC("writes"), LOG_OP_WRITES },
+ { BER_BVC("session"), LOG_OP_SESSION },
+ { BER_BVC("reads"), LOG_OP_READS },
+ { BER_BVC("add"), LOG_OP_ADD },
+ { BER_BVC("delete"), LOG_OP_DELETE },
+ { BER_BVC("modify"), LOG_OP_MODIFY },
+ { BER_BVC("modrdn"), LOG_OP_MODRDN },
+ { BER_BVC("compare"), LOG_OP_COMPARE },
+ { BER_BVC("search"), LOG_OP_SEARCH },
+ { BER_BVC("bind"), LOG_OP_BIND },
+ { BER_BVC("unbind"), LOG_OP_UNBIND },
+ { BER_BVC("abandon"), LOG_OP_ABANDON },
+ { BER_BVC("extended"), LOG_OP_EXTENDED },
+ { BER_BVC("unknown"), LOG_OP_UNKNOWN },
+ { BER_BVNULL, 0 }
+};
+
+/* Start with "add" in logops */
+#define EN_OFFSET 4
+
+enum {
+ LOG_EN_ADD = 0,
+ LOG_EN_DELETE,
+ LOG_EN_MODIFY,
+ LOG_EN_MODRDN,
+ LOG_EN_COMPARE,
+ LOG_EN_SEARCH,
+ LOG_EN_BIND,
+ LOG_EN_UNBIND,
+ LOG_EN_ABANDON,
+ LOG_EN_EXTENDED,
+ LOG_EN_UNKNOWN,
+ LOG_EN__COUNT
+};
+
+static ObjectClass *log_ocs[LOG_EN__COUNT], *log_container;
+
+#define LOG_SCHEMA_ROOT "1.3.6.1.4.1.4203.666.11.5"
+
+#define LOG_SCHEMA_AT LOG_SCHEMA_ROOT ".1"
+#define LOG_SCHEMA_OC LOG_SCHEMA_ROOT ".2"
+
+static AttributeDescription *ad_reqDN, *ad_reqStart, *ad_reqEnd, *ad_reqType,
+ *ad_reqSession, *ad_reqResult, *ad_reqAuthzID, *ad_reqControls,
+ *ad_reqRespControls, *ad_reqMethod, *ad_reqAssertion, *ad_reqNewRDN,
+ *ad_reqNewSuperior, *ad_reqDeleteOldRDN, *ad_reqMod,
+ *ad_reqScope, *ad_reqFilter, *ad_reqAttr, *ad_reqEntries,
+ *ad_reqSizeLimit, *ad_reqTimeLimit, *ad_reqAttrsOnly, *ad_reqData,
+ *ad_reqId, *ad_reqMessage, *ad_reqVersion, *ad_reqDerefAliases,
+ *ad_reqReferral, *ad_reqOld;
+
+static struct {
+ char *at;
+ AttributeDescription **ad;
+} lattrs[] = {
+ { "( " LOG_SCHEMA_AT ".1 NAME 'reqDN' "
+ "DESC 'Target DN of request' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX OMsDN "
+ "SINGLE-VALUE )", &ad_reqDN },
+ { "( " LOG_SCHEMA_AT ".2 NAME 'reqStart' "
+ "DESC 'Start time of request' "
+ "EQUALITY generalizedTimeMatch "
+ "ORDERING generalizedTimeOrderingMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
+ "SINGLE-VALUE )", &ad_reqStart },
+ { "( " LOG_SCHEMA_AT ".3 NAME 'reqEnd' "
+ "DESC 'End time of request' "
+ "EQUALITY generalizedTimeMatch "
+ "ORDERING generalizedTimeOrderingMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
+ "SINGLE-VALUE )", &ad_reqEnd },
+ { "( " LOG_SCHEMA_AT ".4 NAME 'reqType' "
+ "DESC 'Type of request' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )", &ad_reqType },
+ { "( " LOG_SCHEMA_AT ".5 NAME 'reqSession' "
+ "DESC 'Session ID of request' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )", &ad_reqSession },
+ { "( " LOG_SCHEMA_AT ".6 NAME 'reqAuthzID' "
+ "DESC 'Authorization ID of requestor' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX OMsDN "
+ "SINGLE-VALUE )", &ad_reqAuthzID },
+ { "( " LOG_SCHEMA_AT ".7 NAME 'reqResult' "
+ "DESC 'Result code of request' "
+ "EQUALITY integerMatch "
+ "ORDERING integerOrderingMatch "
+ "SYNTAX OMsInteger "
+ "SINGLE-VALUE )", &ad_reqResult },
+ { "( " LOG_SCHEMA_AT ".8 NAME 'reqMessage' "
+ "DESC 'Error text of request' "
+ "EQUALITY caseIgnoreMatch "
+ "SUBSTR caseIgnoreSubstringsMatch "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )", &ad_reqMessage },
+ { "( " LOG_SCHEMA_AT ".9 NAME 'reqReferral' "
+ "DESC 'Referrals returned for request' "
+ "SUP labeledURI )", &ad_reqReferral },
+ { "( " LOG_SCHEMA_AT ".10 NAME 'reqControls' "
+ "DESC 'Request controls' "
+ "SYNTAX OMsOctetString )", &ad_reqControls },
+ { "( " LOG_SCHEMA_AT ".11 NAME 'reqRespControls' "
+ "DESC 'Response controls of request' "
+ "SYNTAX OMsOctetString )", &ad_reqRespControls },
+ { "( " LOG_SCHEMA_AT ".12 NAME 'reqId' "
+ "DESC 'ID of Request to Abandon' "
+ "EQUALITY integerMatch "
+ "ORDERING integerOrderingMatch "
+ "SYNTAX OMsInteger "
+ "SINGLE-VALUE )", &ad_reqId },
+ { "( " LOG_SCHEMA_AT ".13 NAME 'reqVersion' "
+ "DESC 'Protocol version of Bind request' "
+ "EQUALITY integerMatch "
+ "ORDERING integerOrderingMatch "
+ "SYNTAX OMsInteger "
+ "SINGLE-VALUE )", &ad_reqVersion },
+ { "( " LOG_SCHEMA_AT ".14 NAME 'reqMethod' "
+ "DESC 'Bind method of request' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )", &ad_reqMethod },
+ { "( " LOG_SCHEMA_AT ".15 NAME 'reqAssertion' "
+ "DESC 'Compare Assertion of request' "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )", &ad_reqAssertion },
+ { "( " LOG_SCHEMA_AT ".16 NAME 'reqMod' "
+ "DESC 'Modifications of request' "
+ "EQUALITY octetStringMatch "
+ "SUBSTR octetStringSubstringsMatch "
+ "SYNTAX OMsOctetString )", &ad_reqMod },
+ { "( " LOG_SCHEMA_AT ".17 NAME 'reqOld' "
+ "DESC 'Old values of entry before request completed' "
+ "EQUALITY octetStringMatch "
+ "SUBSTR octetStringSubstringsMatch "
+ "SYNTAX OMsOctetString )", &ad_reqOld },
+ { "( " LOG_SCHEMA_AT ".18 NAME 'reqNewRDN' "
+ "DESC 'New RDN of request' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX OMsDN "
+ "SINGLE-VALUE )", &ad_reqNewRDN },
+ { "( " LOG_SCHEMA_AT ".19 NAME 'reqDeleteOldRDN' "
+ "DESC 'Delete old RDN' "
+ "EQUALITY booleanMatch "
+ "SYNTAX OMsBoolean "
+ "SINGLE-VALUE )", &ad_reqDeleteOldRDN },
+ { "( " LOG_SCHEMA_AT ".20 NAME 'reqNewSuperior' "
+ "DESC 'New superior DN of request' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX OMsDN "
+ "SINGLE-VALUE )", &ad_reqNewSuperior },
+ { "( " LOG_SCHEMA_AT ".21 NAME 'reqScope' "
+ "DESC 'Scope of request' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )", &ad_reqScope },
+ { "( " LOG_SCHEMA_AT ".22 NAME 'reqDerefAliases' "
+ "DESC 'Disposition of Aliases in request' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )", &ad_reqDerefAliases },
+ { "( " LOG_SCHEMA_AT ".23 NAME 'reqAttrsOnly' "
+ "DESC 'Attributes and values of request' "
+ "EQUALITY booleanMatch "
+ "SYNTAX OMsBoolean "
+ "SINGLE-VALUE )", &ad_reqAttrsOnly },
+ { "( " LOG_SCHEMA_AT ".24 NAME 'reqFilter' "
+ "DESC 'Filter of request' "
+ "EQUALITY caseIgnoreMatch "
+ "SUBSTR caseIgnoreSubstringsMatch "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )", &ad_reqFilter },
+ { "( " LOG_SCHEMA_AT ".25 NAME 'reqAttr' "
+ "DESC 'Attributes of request' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", &ad_reqAttr },
+ { "( " LOG_SCHEMA_AT ".26 NAME 'reqSizeLimit' "
+ "DESC 'Size limit of request' "
+ "EQUALITY integerMatch "
+ "ORDERING integerOrderingMatch "
+ "SYNTAX OMsInteger "
+ "SINGLE-VALUE )", &ad_reqSizeLimit },
+ { "( " LOG_SCHEMA_AT ".27 NAME 'reqTimeLimit' "
+ "DESC 'Time limit of request' "
+ "EQUALITY integerMatch "
+ "ORDERING integerOrderingMatch "
+ "SYNTAX OMsInteger "
+ "SINGLE-VALUE )", &ad_reqTimeLimit },
+ { "( " LOG_SCHEMA_AT ".28 NAME 'reqEntries' "
+ "DESC 'Number of entries returned' "
+ "EQUALITY integerMatch "
+ "ORDERING integerOrderingMatch "
+ "SYNTAX OMsInteger "
+ "SINGLE-VALUE )", &ad_reqEntries },
+ { "( " LOG_SCHEMA_AT ".29 NAME 'reqData' "
+ "DESC 'Data of extended request' "
+ "EQUALITY octetStringMatch "
+ "SUBSTR octetStringSubstringsMatch "
+ "SYNTAX OMsOctetString "
+ "SINGLE-VALUE )", &ad_reqData },
+ { NULL, NULL }
+};
+
+static struct {
+ char *ot;
+ ObjectClass **oc;
+} locs[] = {
+ { "( " LOG_SCHEMA_OC ".0 NAME 'auditContainer' "
+ "DESC 'AuditLog container' "
+ "SUP top STRUCTURAL "
+ "MAY ( cn $ reqStart $ reqEnd ) )", &log_container },
+ { "( " LOG_SCHEMA_OC ".1 NAME 'auditObject' "
+ "DESC 'OpenLDAP request auditing' "
+ "SUP top STRUCTURAL "
+ "MUST ( reqStart $ reqType $ reqSession ) "
+ "MAY ( reqDN $ reqAuthzID $ reqControls $ reqRespControls $ reqEnd $ "
+ "reqResult $ reqMessage $ reqReferral ) )",
+ &log_ocs[LOG_EN_UNBIND] },
+ { "( " LOG_SCHEMA_OC ".2 NAME 'auditReadObject' "
+ "DESC 'OpenLDAP read request record' "
+ "SUP auditObject STRUCTURAL )", NULL },
+ { "( " LOG_SCHEMA_OC ".3 NAME 'auditWriteObject' "
+ "DESC 'OpenLDAP write request record' "
+ "SUP auditObject STRUCTURAL )", NULL },
+ { "( " LOG_SCHEMA_OC ".4 NAME 'auditAbandon' "
+ "DESC 'Abandon operation' "
+ "SUP auditObject STRUCTURAL "
+ "MUST reqId )", &log_ocs[LOG_EN_ABANDON] },
+ { "( " LOG_SCHEMA_OC ".5 NAME 'auditAdd' "
+ "DESC 'Add operation' "
+ "SUP auditWriteObject STRUCTURAL "
+ "MUST reqMod )", &log_ocs[LOG_EN_ADD] },
+ { "( " LOG_SCHEMA_OC ".6 NAME 'auditBind' "
+ "DESC 'Bind operation' "
+ "SUP auditObject STRUCTURAL "
+ "MUST ( reqVersion $ reqMethod ) )", &log_ocs[LOG_EN_BIND] },
+ { "( " LOG_SCHEMA_OC ".7 NAME 'auditCompare' "
+ "DESC 'Compare operation' "
+ "SUP auditReadObject STRUCTURAL "
+ "MUST reqAssertion )", &log_ocs[LOG_EN_COMPARE] },
+ { "( " LOG_SCHEMA_OC ".8 NAME 'auditDelete' "
+ "DESC 'Delete operation' "
+ "SUP auditWriteObject STRUCTURAL "
+ "MAY reqOld )", &log_ocs[LOG_EN_DELETE] },
+ { "( " LOG_SCHEMA_OC ".9 NAME 'auditModify' "
+ "DESC 'Modify operation' "
+ "SUP auditWriteObject STRUCTURAL "
+ "MAY reqOld MUST reqMod )", &log_ocs[LOG_EN_MODIFY] },
+ { "( " LOG_SCHEMA_OC ".10 NAME 'auditModRDN' "
+ "DESC 'ModRDN operation' "
+ "SUP auditWriteObject STRUCTURAL "
+ "MUST ( reqNewRDN $ reqDeleteOldRDN ) "
+ "MAY reqNewSuperior )", &log_ocs[LOG_EN_MODRDN] },
+ { "( " LOG_SCHEMA_OC ".11 NAME 'auditSearch' "
+ "DESC 'Search operation' "
+ "SUP auditReadObject STRUCTURAL "
+ "MUST ( reqScope $ reqDerefAliases $ reqAttrsonly ) "
+ "MAY ( reqFilter $ reqAttr $ reqEntries $ reqSizeLimit $ "
+ "reqTimeLimit ) )", &log_ocs[LOG_EN_SEARCH] },
+ { "( " LOG_SCHEMA_OC ".12 NAME 'auditExtended' "
+ "DESC 'Extended operation' "
+ "SUP auditObject STRUCTURAL "
+ "MAY reqData )", &log_ocs[LOG_EN_EXTENDED] },
+ { NULL, NULL }
+};
+
+#define RDNEQ "reqStart="
+
+/* Our time intervals are of the form [ddd+]hh:mm[:ss]
+ * If a field is present, it must be two digits. (Except for
+ * days, which can be arbitrary width.)
+ */
+static int
+log_age_parse(char *agestr)
+{
+ int t1, t2;
+ int gotdays = 0;
+ char *endptr;
+
+ t1 = strtol( agestr, &endptr, 10 );
+ /* Is there a days delimiter? */
+ if ( *endptr == '+' ) {
+ /* 32 bit time only covers about 68 years */
+ if ( t1 < 0 || t1 > 25000 )
+ return -1;
+ t1 *= 24;
+ gotdays = 1;
+ agestr = endptr + 1;
+ } else {
+ if ( agestr[2] != ':' ) {
+ /* No valid delimiter found, fail */
+ return -1;
+ }
+ t1 *= 60;
+ agestr += 3;
+ }
+
+ t2 = atoi( agestr );
+ t1 += t2;
+
+ if ( agestr[2] ) {
+ /* if there's a delimiter, it can only be a colon */
+ if ( agestr[2] != ':' )
+ return -1;
+ } else {
+ /* If we're at the end of the string, and we started with days,
+ * fail because we expected to find minutes too.
+ */
+ return gotdays ? -1 : t1 * 60;
+ }
+
+ agestr += 3;
+ t2 = atoi( agestr );
+
+ /* last field can only be seconds */
+ if ( agestr[2] && ( agestr[2] != ':' || !gotdays ))
+ return -1;
+ t1 *= 60;
+ t1 += t2;
+
+ if ( agestr[2] ) {
+ agestr += 3;
+ if ( agestr[2] )
+ return -1;
+ t1 *= 60;
+ t1 += atoi( agestr );
+ } else if ( gotdays ) {
+ /* only got days+hh:mm */
+ t1 *= 60;
+ }
+ return t1;
+}
+
+static void
+log_age_unparse( int age, struct berval *agebv )
+{
+ int dd, hh, mm, ss;
+ char *ptr;
+
+ ss = age % 60;
+ age /= 60;
+ mm = age % 60;
+ age /= 60;
+ hh = age % 24;
+ age /= 24;
+ dd = age;
+
+ ptr = agebv->bv_val;
+
+ if ( dd )
+ ptr += sprintf( ptr, "%d+", dd );
+ ptr += sprintf( ptr, "%02d:%02d", hh, mm );
+ if ( ss )
+ ptr += sprintf( ptr, ":%02d", ss );
+
+ agebv->bv_len = ptr - agebv->bv_val;
+}
+
+static slap_callback nullsc = { NULL, NULL, NULL, NULL };
+
+#define PURGE_INCREMENT 100
+
+typedef struct purge_data {
+ int slots;
+ int used;
+ BerVarray dn;
+ BerVarray ndn;
+ struct berval csn; /* an arbitrary old CSN */
+} purge_data;
+
+static int
+log_old_lookup( Operation *op, SlapReply *rs )
+{
+ purge_data *pd = op->o_callback->sc_private;
+
+ if ( rs->sr_type != REP_SEARCH) return 0;
+
+ if ( slapd_shutdown ) return 0;
+
+ /* Remember old CSN */
+ if ( pd->csn.bv_val[0] == '\0' ) {
+ Attribute *a = attr_find( rs->sr_entry->e_attrs,
+ slap_schema.si_ad_entryCSN );
+ if ( a ) {
+ int len = a->a_vals[0].bv_len;
+ if ( len > pd->csn.bv_len )
+ len = pd->csn.bv_len;
+ AC_MEMCPY( pd->csn.bv_val, a->a_vals[0].bv_val, len );
+ pd->csn.bv_len = len;
+ }
+ }
+ if ( pd->used >= pd->slots ) {
+ pd->slots += PURGE_INCREMENT;
+ pd->dn = ch_realloc( pd->dn, pd->slots * sizeof( struct berval ));
+ pd->ndn = ch_realloc( pd->ndn, pd->slots * sizeof( struct berval ));
+ }
+ ber_dupbv( &pd->dn[pd->used], &rs->sr_entry->e_name );
+ ber_dupbv( &pd->ndn[pd->used], &rs->sr_entry->e_nname );
+ pd->used++;
+ return 0;
+}
+
+/* Periodically search for old entries in the log database and delete them */
+static void *
+accesslog_purge( void *ctx, void *arg )
+{
+ struct re_s *rtask = arg;
+ struct log_info *li = rtask->arg;
+
+ Connection conn = {0};
+ OperationBuffer opbuf;
+ Operation *op = (Operation *) &opbuf;
+ SlapReply rs = {REP_RESULT};
+ slap_callback cb = { NULL, log_old_lookup, NULL, NULL };
+ Filter f;
+ AttributeAssertion ava = {0};
+ purge_data pd = {0};
+ char timebuf[LDAP_LUTIL_GENTIME_BUFSIZE];
+ char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
+ time_t old = slap_get_time();
+
+ connection_fake_init( &conn, op, ctx );
+
+ f.f_choice = LDAP_FILTER_LE;
+ f.f_ava = &ava;
+ f.f_next = NULL;
+
+ ava.aa_desc = ad_reqStart;
+ ava.aa_value.bv_val = timebuf;
+ ava.aa_value.bv_len = sizeof(timebuf);
+
+ old -= li->li_age;
+ slap_timestamp( &old, &ava.aa_value );
+
+ op->o_tag = LDAP_REQ_SEARCH;
+ op->o_bd = li->li_db;
+ op->o_dn = li->li_db->be_rootdn;
+ op->o_ndn = li->li_db->be_rootndn;
+ op->o_req_dn = li->li_db->be_suffix[0];
+ op->o_req_ndn = li->li_db->be_nsuffix[0];
+ op->o_callback = &cb;
+ op->ors_scope = LDAP_SCOPE_ONELEVEL;
+ op->ors_deref = LDAP_DEREF_NEVER;
+ op->ors_tlimit = SLAP_NO_LIMIT;
+ op->ors_slimit = SLAP_NO_LIMIT;
+ op->ors_filter = &f;
+ filter2bv_x( op, &f, &op->ors_filterstr );
+ op->ors_attrs = slap_anlist_no_attrs;
+ op->ors_attrsonly = 1;
+
+ pd.csn.bv_len = sizeof( csnbuf );
+ pd.csn.bv_val = csnbuf;
+ csnbuf[0] = '\0';
+ cb.sc_private = &pd;
+
+ op->o_bd->be_search( op, &rs );
+ op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+
+ if ( pd.used ) {
+ int i;
+
+ op->o_tag = LDAP_REQ_DELETE;
+ op->o_callback = &nullsc;
+ op->o_csn = pd.csn;
+
+ for (i=0; i<pd.used; i++) {
+ op->o_req_dn = pd.dn[i];
+ op->o_req_ndn = pd.ndn[i];
+ if ( !slapd_shutdown )
+ op->o_bd->be_delete( op, &rs );
+ ch_free( pd.ndn[i].bv_val );
+ ch_free( pd.dn[i].bv_val );
+ }
+ ch_free( pd.ndn );
+ ch_free( pd.dn );
+ }
+
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ ldap_pvt_runqueue_stoptask( &slapd_rq, rtask );
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+
+ return NULL;
+}
+
+static int
+log_cf_gen(ConfigArgs *c)
+{
+ slap_overinst *on = (slap_overinst *)c->bi;
+ struct log_info *li = on->on_bi.bi_private;
+ int rc = 0;
+ slap_mask_t tmask = 0;
+ char agebuf[2*STRLENOF("ddddd+hh:mm:ss ")];
+ struct berval agebv, cyclebv;
+
+ switch( c->op ) {
+ case SLAP_CONFIG_EMIT:
+ switch( c->type ) {
+ case LOG_DB:
+ if ( li->li_db == NULL ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "accesslog: \"logdb <suffix>\" must be specified" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+ c->log, c->msg, c->value_dn.bv_val );
+ rc = 1;
+ break;
+ }
+ value_add( &c->rvalue_vals, li->li_db->be_suffix );
+ value_add( &c->rvalue_nvals, li->li_db->be_nsuffix );
+ break;
+ case LOG_OPS:
+ rc = mask_to_verbs( logops, li->li_ops, &c->rvalue_vals );
+ break;
+ case LOG_PURGE:
+ if ( !li->li_age ) {
+ rc = 1;
+ break;
+ }
+ agebv.bv_val = agebuf;
+ log_age_unparse( li->li_age, &agebv );
+ agebv.bv_val[agebv.bv_len] = ' ';
+ agebv.bv_len++;
+ cyclebv.bv_val = agebv.bv_val + agebv.bv_len;
+ log_age_unparse( li->li_cycle, &cyclebv );
+ agebv.bv_len += cyclebv.bv_len;
+ value_add_one( &c->rvalue_vals, &agebv );
+ break;
+ case LOG_SUCCESS:
+ if ( li->li_success )
+ c->value_int = li->li_success;
+ else
+ rc = 1;
+ break;
+ case LOG_OLD:
+ if ( li->li_oldf ) {
+ filter2bv( li->li_oldf, &agebv );
+ ber_bvarray_add( &c->rvalue_vals, &agebv );
+ }
+ else
+ rc = 1;
+ break;
+ }
+ break;
+ case LDAP_MOD_DELETE:
+ switch( c->type ) {
+ case LOG_DB:
+ /* noop. this should always be a valid backend. */
+ break;
+ case LOG_OPS:
+ if ( c->valx < 0 ) {
+ li->li_ops = 0;
+ } else {
+ rc = verbs_to_mask( 1, &c->line, logops, &tmask );
+ if ( rc == 0 )
+ li->li_ops &= ~tmask;
+ }
+ break;
+ case LOG_PURGE:
+ if ( li->li_task ) {
+ struct re_s *re = li->li_task;
+ li->li_task = NULL;
+ if ( ldap_pvt_runqueue_isrunning( &slapd_rq, re ))
+ ldap_pvt_runqueue_stoptask( &slapd_rq, re );
+ ldap_pvt_runqueue_remove( &slapd_rq, re );
+ }
+ li->li_age = 0;
+ li->li_cycle = 0;
+ break;
+ case LOG_SUCCESS:
+ li->li_success = 0;
+ break;
+ case LOG_OLD:
+ if ( li->li_oldf ) {
+ filter_free( li->li_oldf );
+ li->li_oldf = NULL;
+ }
+ break;
+ }
+ break;
+ default:
+ switch( c->type ) {
+ case LOG_DB:
+ li->li_db = select_backend( &c->value_ndn, 0, 0 );
+ if ( !li->li_db ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "<%s> no matching backend found for suffix",
+ c->argv[0] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+ c->log, c->msg, c->value_dn.bv_val );
+ rc = 1;
+ } else if ( BER_BVISEMPTY( &li->li_db->be_rootdn )) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "<%s> no rootDN was configured for suffix",
+ c->argv[0] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+ c->log, c->msg, c->value_dn.bv_val );
+ rc = 1;
+ }
+ ch_free( c->value_dn.bv_val );
+ ch_free( c->value_ndn.bv_val );
+ break;
+ case LOG_OPS:
+ rc = verbs_to_mask( c->argc, c->argv, logops, &tmask );
+ if ( rc == 0 )
+ li->li_ops |= tmask;
+ break;
+ case LOG_PURGE:
+ li->li_age = log_age_parse( c->argv[1] );
+ if ( li->li_age < 1 ) {
+ rc = 1;
+ } else {
+ li->li_cycle = log_age_parse( c->argv[2] );
+ if ( li->li_cycle < 1 ) {
+ rc = 1;
+ } else if ( slapMode & SLAP_SERVER_MODE ) {
+ struct re_s *re = li->li_task;
+ if ( re )
+ re->interval.tv_sec = li->li_cycle;
+ else
+ li->li_task = ldap_pvt_runqueue_insert( &slapd_rq,
+ li->li_cycle, accesslog_purge, li,
+ "accesslog_purge", li->li_db ?
+ li->li_db->be_suffix[0].bv_val :
+ c->be->be_suffix[0].bv_val );
+ }
+ }
+ break;
+ case LOG_SUCCESS:
+ li->li_success = c->value_int;
+ break;
+ case LOG_OLD:
+ li->li_oldf = str2filter( c->argv[1] );
+ if ( !li->li_oldf ) {
+ sprintf( c->msg, "bad filter!" );
+ rc = 1;
+ }
+ }
+ break;
+ }
+ return rc;
+}
+
+static Entry *accesslog_entry( Operation *op, int logop,
+ Operation *op2 ) {
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ log_info *li = on->on_bi.bi_private;
+
+ char rdnbuf[STRLENOF(RDNEQ)+LDAP_LUTIL_GENTIME_BUFSIZE+8];
+ char nrdnbuf[STRLENOF(RDNEQ)+LDAP_LUTIL_GENTIME_BUFSIZE+8];
+
+ struct berval rdn, nrdn, timestamp, ntimestamp, bv;
+ slap_verbmasks *lo = logops+logop+EN_OFFSET;
+
+ Entry *e = ch_calloc( 1, sizeof(Entry) );
+
+ strcpy( rdnbuf, RDNEQ );
+ rdn.bv_val = rdnbuf;
+ strcpy( nrdnbuf, RDNEQ );
+ nrdn.bv_val = nrdnbuf;
+
+ timestamp.bv_val = rdnbuf+STRLENOF(RDNEQ);
+ timestamp.bv_len = sizeof(rdnbuf) - STRLENOF(RDNEQ);
+ slap_timestamp( &op->o_time, ×tamp );
+ sprintf( timestamp.bv_val + timestamp.bv_len-1, ".%06dZ", op->o_tincr );
+ timestamp.bv_len += 7;
+
+ rdn.bv_len = STRLENOF(RDNEQ)+timestamp.bv_len;
+ ad_reqStart->ad_type->sat_equality->smr_normalize(
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, ad_reqStart->ad_type->sat_syntax,
+ ad_reqStart->ad_type->sat_equality, ×tamp, &ntimestamp,
+ op->o_tmpmemctx );
+
+ strcpy( nrdn.bv_val + STRLENOF(RDNEQ), ntimestamp.bv_val );
+ nrdn.bv_len = STRLENOF(RDNEQ)+ntimestamp.bv_len;
+ build_new_dn( &e->e_name, li->li_db->be_suffix, &rdn, NULL );
+ build_new_dn( &e->e_nname, li->li_db->be_nsuffix, &nrdn, NULL );
+
+ attr_merge_one( e, slap_schema.si_ad_objectClass,
+ &log_ocs[logop]->soc_cname, NULL );
+ attr_merge_one( e, slap_schema.si_ad_structuralObjectClass,
+ &log_ocs[logop]->soc_cname, NULL );
+ attr_merge_one( e, ad_reqStart, ×tamp, &ntimestamp );
+ op->o_tmpfree( ntimestamp.bv_val, op->o_tmpmemctx );
+
+ slap_op_time( &op2->o_time, &op2->o_tincr );
+
+ timestamp.bv_len = sizeof(rdnbuf) - STRLENOF(RDNEQ);
+ slap_timestamp( &op2->o_time, ×tamp );
+ sprintf( timestamp.bv_val + timestamp.bv_len-1, ".%06dZ", op2->o_tincr );
+ timestamp.bv_len += 7;
+
+ attr_merge_normalize_one( e, ad_reqEnd, ×tamp, op->o_tmpmemctx );
+
+ /* Exops have OID appended */
+ if ( logop == LOG_EN_EXTENDED ) {
+ bv.bv_len = lo->word.bv_len + op->ore_reqoid.bv_len + 2;
+ bv.bv_val = ch_malloc( bv.bv_len + 1 );
+ AC_MEMCPY( bv.bv_val, lo->word.bv_val, lo->word.bv_len );
+ bv.bv_val[lo->word.bv_len] = '{';
+ AC_MEMCPY( bv.bv_val+lo->word.bv_len+1, op->ore_reqoid.bv_val,
+ op->ore_reqoid.bv_len );
+ bv.bv_val[bv.bv_len-1] = '}';
+ bv.bv_val[bv.bv_len] = '\0';
+ attr_merge_one( e, ad_reqType, &bv, NULL );
+ } else {
+ attr_merge_one( e, ad_reqType, &lo->word, NULL );
+ }
+
+ rdn.bv_len = sprintf( rdn.bv_val, "%lu", op->o_connid );
+ attr_merge_one( e, ad_reqSession, &rdn, NULL );
+
+ if ( BER_BVISNULL( &op->o_dn ))
+ attr_merge_one( e, ad_reqAuthzID, (struct berval *)&slap_empty_bv,
+ (struct berval *)&slap_empty_bv );
+ else
+ attr_merge_one( e, ad_reqAuthzID, &op->o_dn, &op->o_ndn );
+
+ /* FIXME: need to add reqControls and reqRespControls */
+
+ return e;
+}
+
+static struct berval scopes[] = {
+ BER_BVC("base"),
+ BER_BVC("one"),
+ BER_BVC("sub"),
+ BER_BVC("subord")
+};
+
+static struct berval derefs[] = {
+ BER_BVC("never"),
+ BER_BVC("searching"),
+ BER_BVC("finding"),
+ BER_BVC("always")
+};
+
+static struct berval simple = BER_BVC("SIMPLE");
+
+static void accesslog_val2val(AttributeDescription *ad, struct berval *val,
+ char c_op, struct berval *dst) {
+ char *ptr;
+
+ dst->bv_len = ad->ad_cname.bv_len + val->bv_len + 2;
+ if ( c_op ) dst->bv_len++;
+
+ dst->bv_val = ch_malloc( dst->bv_len+1 );
+
+ ptr = lutil_strcopy( dst->bv_val, ad->ad_cname.bv_val );
+ *ptr++ = ':';
+ if ( c_op )
+ *ptr++ = c_op;
+ *ptr++ = ' ';
+ AC_MEMCPY( ptr, val->bv_val, val->bv_len );
+ dst->bv_val[dst->bv_len] = '\0';
+}
+
+static int accesslog_response(Operation *op, SlapReply *rs) {
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ log_info *li = on->on_bi.bi_private;
+ Attribute *a, *last_attr;
+ Modifications *m;
+ struct berval *b;
+ int i;
+ int logop;
+ slap_verbmasks *lo;
+ Entry *e = NULL, *old = NULL;
+ char timebuf[LDAP_LUTIL_GENTIME_BUFSIZE+8];
+ struct berval bv;
+ char *ptr;
+ BerVarray vals;
+ Operation op2 = {0};
+ SlapReply rs2 = {REP_RESULT};
+
+ if ( rs->sr_type != REP_RESULT && rs->sr_type != REP_EXTENDED )
+ return SLAP_CB_CONTINUE;
+
+ switch ( op->o_tag ) {
+ case LDAP_REQ_ADD: logop = LOG_EN_ADD; break;
+ case LDAP_REQ_DELETE: logop = LOG_EN_DELETE; break;
+ case LDAP_REQ_MODIFY: logop = LOG_EN_MODIFY; break;
+ case LDAP_REQ_MODRDN: logop = LOG_EN_MODRDN; break;
+ case LDAP_REQ_COMPARE: logop = LOG_EN_COMPARE; break;
+ case LDAP_REQ_SEARCH: logop = LOG_EN_SEARCH; break;
+ case LDAP_REQ_BIND: logop = LOG_EN_BIND; break;
+ case LDAP_REQ_EXTENDED: logop = LOG_EN_EXTENDED; break;
+ default: /* unknown operation type */
+ logop = LOG_EN_UNKNOWN; break;
+ } /* Unbind and Abandon never reach here */
+
+ lo = logops+logop+EN_OFFSET;
+ if ( !( li->li_ops & lo->mask ))
+ return SLAP_CB_CONTINUE;
+
+ if ( lo->mask & LOG_OP_WRITES ) {
+ ldap_pvt_thread_mutex_lock( &li->li_log_mutex );
+ old = li->li_old;
+ li->li_old = NULL;
+ ldap_pvt_thread_mutex_unlock( &li->li_op_mutex );
+ }
+
+ if ( li->li_success && rs->sr_err != LDAP_SUCCESS )
+ goto done;
+
+ e = accesslog_entry( op, logop, &op2 );
+
+ attr_merge_one( e, ad_reqDN, &op->o_req_dn, &op->o_req_ndn );
+
+ if ( rs->sr_text ) {
+ ber_str2bv( rs->sr_text, 0, 0, &bv );
+ attr_merge_one( e, ad_reqMessage, &bv, NULL );
+ }
+ bv.bv_len = sprintf( timebuf, "%d", rs->sr_err );
+ bv.bv_val = timebuf;
+
+ attr_merge_one( e, ad_reqResult, &bv, NULL );
+
+ last_attr = attr_find( e->e_attrs, ad_reqResult );
+
+ switch( logop ) {
+ case LOG_EN_ADD:
+ case LOG_EN_DELETE: {
+ char c_op;
+ Entry *e2;
+
+ if ( logop == LOG_EN_ADD ) {
+ e2 = op->ora_e;
+ c_op = '+';
+ } else {
+ if ( !old )
+ break;
+ e2 = old;
+ c_op = 0;
+ }
+ /* count all the vals */
+ i = 0;
+ for ( a=e2->e_attrs; a; a=a->a_next ) {
+ if ( a->a_vals ) {
+ for (b=a->a_vals; !BER_BVISNULL( b ); b++) {
+ i++;
+ }
+ }
+ }
+ vals = ch_malloc( (i+1) * sizeof( struct berval ));
+ i = 0;
+ for ( a=e2->e_attrs; a; a=a->a_next ) {
+ if ( a->a_vals ) {
+ for (b=a->a_vals; !BER_BVISNULL( b ); b++,i++) {
+ accesslog_val2val( a->a_desc, b, c_op, &vals[i] );
+ }
+ }
+ }
+ vals[i].bv_val = NULL;
+ vals[i].bv_len = 0;
+ a = attr_alloc( logop == LOG_EN_ADD ? ad_reqMod : ad_reqOld );
+ a->a_vals = vals;
+ a->a_nvals = vals;
+ last_attr->a_next = a;
+ break;
+ }
+
+ case LOG_EN_MODIFY:
+ /* count all the mods */
+ i = 0;
+ for ( m=op->orm_modlist; m; m=m->sml_next ) {
+ if ( m->sml_values ) {
+ for (b=m->sml_values; !BER_BVISNULL( b ); b++) {
+ i++;
+ }
+ } else if ( m->sml_op == LDAP_MOD_DELETE ||
+ m->sml_op == LDAP_MOD_REPLACE ) {
+ i++;
+ }
+ }
+ vals = ch_malloc( (i+1) * sizeof( struct berval ));
+ i = 0;
+
+ /* Zero flags on old entry */
+ if ( old ) {
+ for ( a=old->e_attrs; a; a=a->a_next )
+ a->a_flags = 0;
+ }
+
+ for ( m=op->orm_modlist; m; m=m->sml_next ) {
+ /* Mark this attribute as modified */
+ if ( old ) {
+ a = attr_find( old->e_attrs, m->sml_desc );
+ if ( a )
+ a->a_flags = 1;
+ }
+ if ( m->sml_values ) {
+ for (b=m->sml_values; !BER_BVISNULL( b ); b++,i++) {
+ char c_op;
+
+ switch( m->sml_op ) {
+ case LDAP_MOD_ADD: c_op = '+'; break;
+ case LDAP_MOD_DELETE: c_op = '-'; break;
+ case LDAP_MOD_REPLACE: c_op = '='; break;
+ case LDAP_MOD_INCREMENT: c_op = '#'; break;
+
+ /* unknown op. there shouldn't be any of these. we
+ * don't know what to do with it, but we shouldn't just
+ * ignore it.
+ */
+ default: c_op = '?'; break;
+ }
+ accesslog_val2val( m->sml_desc, b, c_op, &vals[i] );
+ }
+ } else if ( m->sml_op == LDAP_MOD_DELETE ||
+ m->sml_op == LDAP_MOD_REPLACE ) {
+ vals[i].bv_len = m->sml_desc->ad_cname.bv_len + 2;
+ vals[i].bv_val = ch_malloc( vals[i].bv_len+1 );
+ ptr = lutil_strcopy( vals[i].bv_val,
+ m->sml_desc->ad_cname.bv_val );
+ *ptr++ = ':';
+ if ( m->sml_op == LDAP_MOD_DELETE )
+ *ptr++ = '-';
+ else
+ *ptr++ = '=';
+ *ptr = '\0';
+ i++;
+ }
+ }
+ vals[i].bv_val = NULL;
+ vals[i].bv_len = 0;
+ a = attr_alloc( ad_reqMod );
+ a->a_vals = vals;
+ a->a_nvals = vals;
+ last_attr->a_next = a;
+
+ if ( old ) {
+ last_attr = a;
+ /* count all the vals */
+ i = 0;
+ for ( a=old->e_attrs; a; a=a->a_next ) {
+ if ( a->a_vals && a->a_flags ) {
+ for (b=a->a_vals; !BER_BVISNULL( b ); b++) {
+ i++;
+ }
+ }
+ }
+ vals = ch_malloc( (i+1) * sizeof( struct berval ));
+ i = 0;
+ for ( a=old->e_attrs; a; a=a->a_next ) {
+ if ( a->a_vals && a->a_flags ) {
+ for (b=a->a_vals; !BER_BVISNULL( b ); b++,i++) {
+ accesslog_val2val( a->a_desc, b, 0, &vals[i] );
+ }
+ }
+ }
+ vals[i].bv_val = NULL;
+ vals[i].bv_len = 0;
+ a = attr_alloc( ad_reqOld );
+ a->a_vals = vals;
+ a->a_nvals = vals;
+ last_attr->a_next = a;
+ }
+ break;
+
+ case LOG_EN_MODRDN:
+ attr_merge_one( e, ad_reqNewRDN, &op->orr_newrdn, &op->orr_nnewrdn );
+ attr_merge_one( e, ad_reqDeleteOldRDN, op->orr_deleteoldrdn ?
+ (struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv,
+ NULL );
+ if ( op->orr_newSup ) {
+ attr_merge_one( e, ad_reqNewSuperior, op->orr_newSup, op->orr_nnewSup );
+ }
+ break;
+
+ case LOG_EN_COMPARE:
+ bv.bv_len = op->orc_ava->aa_desc->ad_cname.bv_len + 1 +
+ op->orc_ava->aa_value.bv_len;
+ bv.bv_val = op->o_tmpalloc( bv.bv_len+1, op->o_tmpmemctx );
+ ptr = lutil_strcopy( bv.bv_val, op->orc_ava->aa_desc->ad_cname.bv_val );
+ *ptr++ = '=';
+ AC_MEMCPY( ptr, op->orc_ava->aa_value.bv_val, op->orc_ava->aa_value.bv_len );
+ bv.bv_val[bv.bv_len] = '\0';
+ attr_merge_one( e, ad_reqAssertion, &bv, NULL );
+ op->o_tmpfree( bv.bv_val, op->o_tmpmemctx );
+ break;
+
+ case LOG_EN_SEARCH:
+ attr_merge_one( e, ad_reqScope, &scopes[op->ors_scope], NULL );
+ attr_merge_one( e, ad_reqDerefAliases, &derefs[op->ors_deref], NULL );
+ attr_merge_one( e, ad_reqAttrsOnly, op->ors_attrsonly ?
+ (struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv,
+ NULL );
+ if ( !BER_BVISEMPTY( &op->ors_filterstr ))
+ attr_merge_one( e, ad_reqFilter, &op->ors_filterstr, NULL );
+ if ( op->ors_attrs ) {
+ /* count them */
+ for (i=0; !BER_BVISNULL(&op->ors_attrs[i].an_name );i++)
+ ;
+ vals = op->o_tmpalloc( (i+1) * sizeof(struct berval),
+ op->o_tmpmemctx );
+ for (i=0; !BER_BVISNULL(&op->ors_attrs[i].an_name );i++)
+ vals[i] = op->ors_attrs[i].an_name;
+ vals[i].bv_val = NULL;
+ vals[i].bv_len = 0;
+ attr_merge( e, ad_reqAttr, vals, NULL );
+ op->o_tmpfree( vals, op->o_tmpmemctx );
+ }
+ bv.bv_val = timebuf;
+ bv.bv_len = sprintf( bv.bv_val, "%d", rs->sr_nentries );
+ attr_merge_one( e, ad_reqEntries, &bv, NULL );
+
+ bv.bv_len = sprintf( bv.bv_val, "%d", op->ors_tlimit );
+ attr_merge_one( e, ad_reqTimeLimit, &bv, NULL );
+
+ bv.bv_len = sprintf( bv.bv_val, "%d", op->ors_slimit );
+ attr_merge_one( e, ad_reqSizeLimit, &bv, NULL );
+ break;
+
+ case LOG_EN_BIND:
+ bv.bv_val = timebuf;
+ bv.bv_len = sprintf( bv.bv_val, "%d", op->o_protocol );
+ attr_merge_one( e, ad_reqVersion, &bv, NULL );
+ if ( op->orb_method == LDAP_AUTH_SIMPLE ) {
+ attr_merge_one( e, ad_reqMethod, &simple, NULL );
+ } else {
+ bv.bv_len = STRLENOF("SASL()") + op->orb_tmp_mech.bv_len;
+ bv.bv_val = op->o_tmpalloc( bv.bv_len + 1, op->o_tmpmemctx );
+ ptr = lutil_strcopy( bv.bv_val, "SASL(" );
+ ptr = lutil_strcopy( ptr, op->orb_tmp_mech.bv_val );
+ *ptr++ = ')';
+ *ptr = '\0';
+ attr_merge_one( e, ad_reqMethod, &bv, NULL );
+ op->o_tmpfree( bv.bv_val, op->o_tmpmemctx );
+ }
+
+ break;
+
+ case LOG_EN_EXTENDED:
+ if ( op->ore_reqdata ) {
+ attr_merge_one( e, ad_reqData, op->ore_reqdata, NULL );
+ }
+ break;
+
+ case LOG_EN_UNKNOWN:
+ /* we don't know its parameters, don't add any */
+ break;
+ }
+
+ op2.o_hdr = op->o_hdr;
+ op2.o_tag = LDAP_REQ_ADD;
+ op2.o_bd = li->li_db;
+ op2.o_dn = li->li_db->be_rootdn;
+ op2.o_ndn = li->li_db->be_rootndn;
+ op2.o_req_dn = e->e_name;
+ op2.o_req_ndn = e->e_nname;
+ op2.ora_e = e;
+ op2.o_callback = &nullsc;
+
+ if (( lo->mask & LOG_OP_WRITES ) && !BER_BVISEMPTY( &op->o_csn )) {
+ slap_queue_csn( &op2, &op->o_csn );
+ }
+
+ op2.o_bd->be_add( &op2, &rs2 );
+
+done:
+ if ( lo->mask & LOG_OP_WRITES )
+ ldap_pvt_thread_mutex_unlock( &li->li_log_mutex );
+ if ( e ) entry_free( e );
+ if ( old ) entry_free( old );
+ return SLAP_CB_CONTINUE;
+}
+
+/* Since Bind success is sent by the frontend, it won't normally enter
+ * the overlay response callback. Add another callback to make sure it
+ * gets here.
+ */
+static int
+accesslog_bind_resp( Operation *op, SlapReply *rs )
+{
+ BackendDB *be, db;
+ int rc;
+ slap_callback *sc;
+
+ be = op->o_bd;
+ db = *be;
+ op->o_bd = &db;
+ db.bd_info = op->o_callback->sc_private;
+ rc = accesslog_response( op, rs );
+ op->o_bd = be;
+ sc = op->o_callback;
+ op->o_callback = sc->sc_next;
+ op->o_tmpfree( sc, op->o_tmpmemctx );
+ return rc;
+}
+
+static int
+accesslog_op_bind( Operation *op, SlapReply *rs )
+{
+ slap_callback *sc;
+
+ sc = op->o_tmpcalloc( 1, sizeof(slap_callback), op->o_tmpmemctx );
+ sc->sc_response = accesslog_bind_resp;
+ sc->sc_private = op->o_bd->bd_info;
+
+ if ( op->o_callback ) {
+ sc->sc_next = op->o_callback->sc_next;
+ op->o_callback->sc_next = sc;
+ } else {
+ op->o_callback = sc;
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+accesslog_op_mod( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ log_info *li = on->on_bi.bi_private;
+
+ if ( li->li_ops & LOG_OP_WRITES ) {
+ /* FIXME: this needs to be a recursive mutex to allow
+ * overlays like refint to keep working.
+ */
+ ldap_pvt_thread_mutex_lock( &li->li_op_mutex );
+ if ( li->li_oldf && ( op->o_tag == LDAP_REQ_DELETE ||
+ op->o_tag == LDAP_REQ_MODIFY )) {
+ int rc;
+ Entry *e;
+
+ op->o_bd->bd_info = on->on_info->oi_orig;
+ rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
+ if ( e ) {
+ if ( test_filter( op, e, li->li_oldf ) == LDAP_COMPARE_TRUE )
+ li->li_old = entry_dup( e );
+ be_entry_release_rw( op, e, 0 );
+ }
+ op->o_bd->bd_info = (BackendInfo *)on;
+ }
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+/* unbinds are broadcast to all backends; we only log it if this
+ * backend was used for the original bind.
+ */
+static int
+accesslog_unbind( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ if ( op->o_conn->c_authz_backend == on->on_info->oi_origdb ) {
+ log_info *li = on->on_bi.bi_private;
+ Operation op2 = {0};
+ void *cids[SLAP_MAX_CIDS];
+ SlapReply rs2 = {REP_RESULT};
+ Entry *e;
+
+ if ( !( li->li_ops & LOG_OP_UNBIND ))
+ return SLAP_CB_CONTINUE;
+
+ e = accesslog_entry( op, LOG_EN_UNBIND, &op2 );
+ op2.o_hdr = op->o_hdr;
+ op2.o_tag = LDAP_REQ_ADD;
+ op2.o_bd = li->li_db;
+ op2.o_dn = li->li_db->be_rootdn;
+ op2.o_ndn = li->li_db->be_rootndn;
+ op2.o_req_dn = e->e_name;
+ op2.o_req_ndn = e->e_nname;
+ op2.ora_e = e;
+ op2.o_callback = &nullsc;
+ op2.o_controls = cids;
+ memset(cids, 0, sizeof( cids ));
+
+ op2.o_bd->be_add( &op2, &rs2 );
+ entry_free( e );
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+accesslog_abandon( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ log_info *li = on->on_bi.bi_private;
+ Operation op2 = {0};
+ void *cids[SLAP_MAX_CIDS];
+ SlapReply rs2 = {REP_RESULT};
+ Entry *e;
+ char buf[64];
+ struct berval bv;
+
+ if ( !op->o_time || !( li->li_ops & LOG_OP_ABANDON ))
+ return SLAP_CB_CONTINUE;
+
+ e = accesslog_entry( op, LOG_EN_ABANDON, &op2 );
+ bv.bv_val = buf;
+ bv.bv_len = sprintf( buf, "%d", op->orn_msgid );
+ attr_merge_one( e, ad_reqId, &bv, NULL );
+
+ op2.o_hdr = op->o_hdr;
+ op2.o_tag = LDAP_REQ_ADD;
+ op2.o_bd = li->li_db;
+ op2.o_dn = li->li_db->be_rootdn;
+ op2.o_ndn = li->li_db->be_rootndn;
+ op2.o_req_dn = e->e_name;
+ op2.o_req_ndn = e->e_nname;
+ op2.ora_e = e;
+ op2.o_callback = &nullsc;
+ op2.o_controls = cids;
+ memset(cids, 0, sizeof( cids ));
+
+ op2.o_bd->be_add( &op2, &rs2 );
+ entry_free( e );
+
+ return SLAP_CB_CONTINUE;
+}
+
+static slap_overinst accesslog;
+
+static int
+accesslog_db_init(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ log_info *li = ch_calloc(1, sizeof(log_info));
+
+ on->on_bi.bi_private = li;
+ ldap_pvt_thread_mutex_init( &li->li_op_mutex );
+ ldap_pvt_thread_mutex_init( &li->li_log_mutex );
+ return 0;
+}
+
+static int
+accesslog_db_destroy(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ log_info *li = on->on_bi.bi_private;
+
+ if ( li->li_oldf )
+ filter_free( li->li_oldf );
+ ldap_pvt_thread_mutex_destroy( &li->li_log_mutex );
+ ldap_pvt_thread_mutex_destroy( &li->li_op_mutex );
+ free( li );
+ return LDAP_SUCCESS;
+}
+
+static int
+accesslog_db_open(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ log_info *li = on->on_bi.bi_private;
+
+ Connection conn;
+ OperationBuffer opbuf;
+ Operation *op = (Operation *) &opbuf;
+ Entry *e;
+ int rc;
+ void *thrctx;
+
+ if ( li->li_db == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "accesslog: \"logdb <suffix>\" must be specified.\n",
+ 0, 0, 0 );
+ return 1;
+ }
+
+ if ( slapMode & SLAP_TOOL_MODE )
+ return 0;
+
+ thrctx = ldap_pvt_thread_pool_context();
+ connection_fake_init( &conn, op, thrctx );
+ op->o_bd = li->li_db;
+ op->o_dn = li->li_db->be_rootdn;
+ op->o_ndn = li->li_db->be_rootndn;
+
+ rc = be_entry_get_rw( op, li->li_db->be_nsuffix, NULL, NULL, 0, &e );
+
+ if ( e ) {
+ be_entry_release_rw( op, e, 0 );
+ } else {
+ SlapReply rs = {REP_RESULT};
+ struct berval rdn, nrdn, attr;
+ char *ptr;
+ AttributeDescription *ad = NULL;
+ const char *text = NULL;
+ Entry *e_ctx;
+
+ e = ch_calloc( 1, sizeof( Entry ));
+ e->e_name = *li->li_db->be_suffix;
+ e->e_nname = *li->li_db->be_nsuffix;
+
+ attr_merge_one( e, slap_schema.si_ad_objectClass,
+ &log_container->soc_cname, NULL );
+
+ dnRdn( &e->e_name, &rdn );
+ dnRdn( &e->e_nname, &nrdn );
+ ptr = ber_bvchr( &rdn, '=' );
+
+ assert( ptr != NULL );
+
+ attr.bv_val = rdn.bv_val;
+ attr.bv_len = ptr - rdn.bv_val;
+
+ slap_bv2ad( &attr, &ad, &text );
+
+ rdn.bv_val = ptr+1;
+ rdn.bv_len -= attr.bv_len + 1;
+ ptr = ber_bvchr( &nrdn, '=' );
+ nrdn.bv_len -= ptr - nrdn.bv_val + 1;
+ nrdn.bv_val = ptr+1;
+ attr_merge_one( e, ad, &rdn, &nrdn );
+
+ /* Get contextCSN from main DB */
+ op->o_bd = be;
+ op->o_bd->bd_info = on->on_info->oi_orig;
+ rc = be_entry_get_rw( op, be->be_nsuffix, NULL,
+ slap_schema.si_ad_contextCSN, 0, &e_ctx );
+
+ if ( e_ctx ) {
+ Attribute *a;
+
+ a = attr_find( e_ctx->e_attrs, slap_schema.si_ad_contextCSN );
+ if ( a ) {
+ attr_merge( e, slap_schema.si_ad_entryCSN, a->a_vals, NULL );
+ attr_merge( e, a->a_desc, a->a_vals, NULL );
+ }
+ be_entry_release_rw( op, e_ctx, 0 );
+ }
+ op->o_bd->bd_info = (BackendInfo *)on;
+ op->o_bd = li->li_db;
+
+ op->ora_e = e;
+ op->o_req_dn = e->e_name;
+ op->o_req_ndn = e->e_nname;
+ op->o_callback = &nullsc;
+ SLAP_DBFLAGS( op->o_bd ) |= SLAP_DBFLAG_NOLASTMOD;
+ rc = op->o_bd->be_add( op, &rs );
+ SLAP_DBFLAGS( op->o_bd ) ^= SLAP_DBFLAG_NOLASTMOD;
+ attrs_free( e->e_attrs );
+ ch_free( e );
+ }
+ return rc;
+}
+
+int accesslog_initialize()
+{
+ int i, rc;
+
+ accesslog.on_bi.bi_type = "accesslog";
+ accesslog.on_bi.bi_db_init = accesslog_db_init;
+ accesslog.on_bi.bi_db_destroy = accesslog_db_destroy;
+ accesslog.on_bi.bi_db_open = accesslog_db_open;
+
+ accesslog.on_bi.bi_op_add = accesslog_op_mod;
+ accesslog.on_bi.bi_op_bind = accesslog_op_bind;
+ accesslog.on_bi.bi_op_delete = accesslog_op_mod;
+ accesslog.on_bi.bi_op_modify = accesslog_op_mod;
+ accesslog.on_bi.bi_op_modrdn = accesslog_op_mod;
+ accesslog.on_bi.bi_op_unbind = accesslog_unbind;
+ accesslog.on_bi.bi_op_abandon = accesslog_abandon;
+ accesslog.on_response = accesslog_response;
+
+ accesslog.on_bi.bi_cf_ocs = log_cfocs;
+
+ nullsc.sc_response = slap_null_cb;
+
+ rc = config_register_schema( log_cfats, log_cfocs );
+ if ( rc ) return rc;
+
+ /* log schema integration */
+ for ( i=0; lattrs[i].at; i++ ) {
+ LDAPAttributeType *lat;
+ AttributeType *at;
+ int code;
+ const char *err;
+
+ lat = ldap_str2attributetype( lattrs[i].at, &code, &err,
+ LDAP_SCHEMA_ALLOW_ALL );
+ if ( !lat ) {
+ Debug( LDAP_DEBUG_ANY, "accesslog_init: "
+ "ldap_str2attributetype failed on %d: %s, %s\n",
+ i, ldap_scherr2str(code), err );
+ return -1;
+ }
+ code = at_add( lat, 0, &at, &err );
+ ldap_memfree( lat );
+ if ( code ) {
+ Debug( LDAP_DEBUG_ANY, "log_back_initialize: "
+ "at_add failed on %d: %s\n",
+ i, scherr2str(code), 0 );
+ return -1;
+ }
+ if ( slap_bv2ad( &at->sat_cname, lattrs[i].ad, &err )) {
+ Debug( LDAP_DEBUG_ANY, "accesslog_init: "
+ "slap_bv2ad failed on %d: %s\n",
+ i, err, 0 );
+ return -1;
+ }
+ }
+ for ( i=0; locs[i].ot; i++ ) {
+ LDAPObjectClass *loc;
+ ObjectClass *oc;
+ int code;
+ const char *err;
+
+ loc = ldap_str2objectclass( locs[i].ot, &code, &err,
+ LDAP_SCHEMA_ALLOW_ALL );
+ if ( !loc ) {
+ Debug( LDAP_DEBUG_ANY, "accesslog_init: "
+ "ldap_str2objectclass failed on %d: %s, %s\n",
+ i, ldap_scherr2str(code), err );
+ return -1;
+ }
+
+ code = oc_add( loc, 0, &oc, &err );
+ ldap_memfree( loc );
+ if ( code ) {
+ Debug( LDAP_DEBUG_ANY, "accesslog_init: "
+ "oc_add failed on %d: %s\n",
+ i, scherr2str(code), 0 );
+ return -1;
+ }
+ if ( locs[i].oc )
+ *locs[i].oc = oc;
+ }
+
+ return overlay_register(&accesslog);
+}
+
+#if SLAPD_OVER_ACCESSLOG == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+ return accesslog_initialize();
+}
+#endif
+
+#endif /* SLAPD_OVER_ACCESSLOG */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/auditlog.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/auditlog.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/auditlog.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,274 @@
+/* auditlog.c - log modifications for audit/history purposes */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/auditlog.c,v 1.1.2.8 2007/02/08 12:31:24 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005-2007 The OpenLDAP Foundation.
+ * Portions copyright 2004-2005 Symas Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Symas Corp. for inclusion in
+ * OpenLDAP Software. This work was sponsored by Hewlett-Packard.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_AUDITLOG
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/ctype.h>
+
+#include "slap.h"
+#include "config.h"
+#include "ldif.h"
+
+typedef struct auditlog_data {
+ ldap_pvt_thread_mutex_t ad_mutex;
+ char *ad_logfile;
+} auditlog_data;
+
+static ConfigTable auditlogcfg[] = {
+ { "auditlog", "filename", 2, 2, 0,
+ ARG_STRING|ARG_OFFSET,
+ (void *)offsetof(auditlog_data, ad_logfile),
+ "( OLcfgOvAt:15.1 NAME 'olcAuditlogFile' "
+ "DESC 'Filename for auditlogging' "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs auditlogocs[] = {
+ { "( OLcfgOvOc:15.1 "
+ "NAME 'olcAuditlogConfig' "
+ "DESC 'Auditlog configuration' "
+ "SUP olcOverlayConfig "
+ "MAY ( olcAuditlogFile ) )",
+ Cft_Overlay, auditlogcfg },
+ { NULL, 0, NULL }
+};
+
+static int fprint_ldif(FILE *f, char *name, char *val, ber_len_t len) {
+ char *s;
+ if((s = ldif_put(LDIF_PUT_VALUE, name, val, len)) == NULL)
+ return(-1);
+ fputs(s, f);
+ ber_memfree(s);
+ return(0);
+}
+
+static int auditlog_response(Operation *op, SlapReply *rs) {
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ auditlog_data *ad = on->on_bi.bi_private;
+ FILE *f;
+ Attribute *a;
+ Modifications *m;
+ struct berval *b, *who = NULL;
+ char *what, *suffix;
+ long stamp = slap_get_time();
+ int i;
+
+ if ( rs->sr_err != LDAP_SUCCESS ) return SLAP_CB_CONTINUE;
+
+ if ( !ad->ad_logfile ) return SLAP_CB_CONTINUE;
+
+/*
+** add or modify: use modifiersName if present
+**
+*/
+ switch(op->o_tag) {
+ case LDAP_REQ_MODRDN: what = "modrdn"; break;
+ case LDAP_REQ_DELETE: what = "delete"; break;
+ case LDAP_REQ_ADD:
+ what = "add";
+ for(a = op->ora_e->e_attrs; a; a = a->a_next)
+ if( a->a_desc == slap_schema.si_ad_modifiersName ) {
+ who = &a->a_vals[0];
+ break;
+ }
+ break;
+ case LDAP_REQ_MODIFY:
+ what = "modify";
+ for(m = op->orm_modlist; m; m = m->sml_next)
+ if( m->sml_desc == slap_schema.si_ad_modifiersName &&
+ ( m->sml_op == LDAP_MOD_ADD ||
+ m->sml_op == LDAP_MOD_REPLACE )) {
+ who = &m->sml_values[0];
+ break;
+ }
+ break;
+ default:
+ return SLAP_CB_CONTINUE;
+ }
+
+ suffix = op->o_bd->be_suffix[0].bv_len ? op->o_bd->be_suffix[0].bv_val :
+ "global";
+
+/*
+** note: this means requestor's dn when modifiersName is null
+*/
+ if ( !who )
+ who = &op->o_dn;
+
+ ldap_pvt_thread_mutex_lock(&ad->ad_mutex);
+ if((f = fopen(ad->ad_logfile, "a")) == NULL) {
+ ldap_pvt_thread_mutex_unlock(&ad->ad_mutex);
+ return SLAP_CB_CONTINUE;
+ }
+
+ fprintf(f, "# %s %ld %s%s%s\n",
+ what, stamp, suffix, who ? " " : "", who ? who->bv_val : "");
+
+ if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) &&
+ (!who || !dn_match( who, &op->o_conn->c_dn )))
+ fprintf(f, "# realdn: %s\n", op->o_conn->c_dn.bv_val );
+
+ fprintf(f, "dn: %s\nchangetype: %s\n",
+ op->o_req_dn.bv_val, what);
+
+ switch(op->o_tag) {
+ case LDAP_REQ_ADD:
+ for(a = op->ora_e->e_attrs; a; a = a->a_next)
+ if((b = a->a_vals) != NULL)
+ for(i = 0; b[i].bv_val; i++)
+ fprint_ldif(f, a->a_desc->ad_cname.bv_val, b[i].bv_val, b[i].bv_len);
+ break;
+
+ case LDAP_REQ_MODIFY:
+ for(m = op->orm_modlist; m; m = m->sml_next) {
+ switch(m->sml_op & LDAP_MOD_OP) {
+ case LDAP_MOD_ADD: what = "add"; break;
+ case LDAP_MOD_REPLACE: what = "replace"; break;
+ case LDAP_MOD_DELETE: what = "delete"; break;
+ case LDAP_MOD_INCREMENT: what = "increment"; break;
+ default:
+ fprintf(f, "# MOD_TYPE_UNKNOWN:%02x\n", m->sml_op & LDAP_MOD_OP);
+ continue;
+ }
+ fprintf(f, "%s: %s\n", what, m->sml_desc->ad_cname.bv_val);
+ if((b = m->sml_values) != NULL)
+ for(i = 0; b[i].bv_val; i++)
+ fprint_ldif(f, m->sml_desc->ad_cname.bv_val, b[i].bv_val, b[i].bv_len);
+ fprintf(f, "-\n");
+ }
+ break;
+
+ case LDAP_REQ_MODRDN:
+ fprintf(f, "newrdn: %s\ndeleteoldrdn: %s\n",
+ op->orr_newrdn.bv_val, op->orr_deleteoldrdn ? "1" : "0");
+ if(op->orr_newSup) fprintf(f, "newsuperior: %s\n", op->orr_newSup->bv_val);
+ break;
+
+ case LDAP_REQ_DELETE:
+ /* nothing else needed */
+ break;
+ }
+
+ fprintf(f, "# end %s %ld\n\n", what, stamp);
+
+ fclose(f);
+ ldap_pvt_thread_mutex_unlock(&ad->ad_mutex);
+ return SLAP_CB_CONTINUE;
+}
+
+static slap_overinst auditlog;
+
+static int
+auditlog_db_init(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ auditlog_data *ad = ch_calloc(1, sizeof(auditlog_data));
+
+ on->on_bi.bi_private = ad;
+ ldap_pvt_thread_mutex_init( &ad->ad_mutex );
+ return 0;
+}
+
+static int
+auditlog_db_close(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ auditlog_data *ad = on->on_bi.bi_private;
+
+ free( ad->ad_logfile );
+ ad->ad_logfile = NULL;
+ return 0;
+}
+
+static int
+auditlog_db_destroy(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ auditlog_data *ad = on->on_bi.bi_private;
+
+ ldap_pvt_thread_mutex_destroy( &ad->ad_mutex );
+ free( ad );
+ return 0;
+}
+
+static int
+auditlog_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ auditlog_data *ad = on->on_bi.bi_private;
+
+ /* history log file */
+ if ( strcasecmp( argv[0], "auditlog" ) == 0 ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing filename in \"auditlog <filename>\" line\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+ ad->ad_logfile = ch_strdup( argv[1] );
+ return 0;
+ }
+ return SLAP_CONF_UNKNOWN;
+}
+
+int auditlog_initialize() {
+ int rc;
+
+ auditlog.on_bi.bi_type = "auditlog";
+ auditlog.on_bi.bi_db_init = auditlog_db_init;
+ auditlog.on_bi.bi_db_close = auditlog_db_close;
+ auditlog.on_bi.bi_db_destroy = auditlog_db_destroy;
+ auditlog.on_response = auditlog_response;
+
+ auditlog.on_bi.bi_cf_ocs = auditlogocs;
+ rc = config_register_schema( auditlogcfg, auditlogocs );
+ if ( rc ) return rc;
+
+ return overlay_register(&auditlog);
+}
+
+#if SLAPD_OVER_AUDITLOG == SLAPD_MOD_DYNAMIC && defined(PIC)
+int
+init_module( int argc, char *argv[] )
+{
+ return auditlog_initialize();
+}
+#endif
+
+#endif /* SLAPD_OVER_AUDITLOG */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/collect.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/collect.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/collect.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,170 @@
+/* collect.c - Demonstration of overlay code */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/collect.c,v 1.2.2.4 2007/01/02 21:44:08 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_COLLECT
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+
+/* This is a cheap hack to implement a collective attribute.
+ *
+ * This demonstration overlay looks for a specified attribute in an
+ * ancestor of a given entry and adds that attribute to the given
+ * entry when it is returned in a search response. It takes no effect
+ * for any other operations. If the ancestor does not exist, there
+ * is no effect. If no attribute was configured, there is no effect.
+ */
+
+typedef struct collect_info {
+ struct collect_info *ci_next;
+ struct berval ci_dn;
+ AttributeDescription *ci_ad;
+} collect_info;
+
+static int
+collect_response( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ collect_info *ci = on->on_bi.bi_private;
+
+ /* If we've been configured and the current response is
+ * a search entry
+ */
+ if ( ci && rs->sr_type == REP_SEARCH ) {
+ Entry *new = NULL;
+ int rc;
+
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+
+ for (; ci; ci=ci->ci_next ) {
+ BerVarray vals = NULL;
+
+ /* Is our configured entry an ancestor of this one? */
+ rc = rs->sr_entry->e_nname.bv_len - ci->ci_dn.bv_len;
+ if ( rc < 1 || strcmp( rs->sr_entry->e_nname.bv_val + rc,
+ ci->ci_dn.bv_val )) continue;
+
+ /* Extract the values of the desired attribute from
+ * the ancestor entry
+ */
+ rc = backend_attribute( op, NULL, &ci->ci_dn, ci->ci_ad, &vals, ACL_READ );
+
+ /* If there are any values, merge them into the
+ * current entry
+ */
+ if ( vals ) {
+ /* The current entry may live in a cache, so
+ * don't modify it directly. Make a copy and
+ * work with that instead.
+ */
+ if ( !new ) {
+ new = entry_dup( rs->sr_entry );
+ }
+ attr_merge( new, ci->ci_ad, vals, NULL );
+ ber_bvarray_free_x( vals, op->o_tmpmemctx );
+ }
+ }
+
+ if ( new ) {
+ rs->sr_entry = new;
+ rs->sr_flags |= REP_ENTRY_MUSTBEFREED;
+ }
+ }
+ /* Default is to just fall through to the normal processing */
+ return SLAP_CB_CONTINUE;
+}
+
+static int collect_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ AttributeDescription *ad = NULL;
+
+ /* The config syntax is "collectinfo <dn> <attribute-description>"
+ * and only one directive may be specified per overlay instance.
+ */
+
+ if ( strcasecmp( argv[0], "collectinfo" ) == 0 ) {
+ collect_info *ci;
+ struct berval bv, dn;
+ const char *text;
+ if ( argc != 3 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: argument missing in \"collectinfo <dn> <attribute-description>\" line.\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+ ber_str2bv( argv[1], 0, 0, &bv );
+ if ( dnNormalize( 0, NULL, NULL, &bv, &dn, NULL ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: invalid DN in \"collectinfo\" line: %s.\n",
+ fname, lineno, text );
+ return( 1 );
+ }
+ if ( slap_str2ad( argv[2], &ad, &text ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: attribute description unknown in \"collectinfo\" line: %s.\n",
+ fname, lineno, text );
+ return( 1 );
+ }
+
+ /* The on->on_bi.bi_private pointer can be used for
+ * anything this instance of the overlay needs.
+ */
+ ci = ch_malloc( sizeof( collect_info ));
+ ci->ci_ad = ad;
+ ci->ci_dn = dn;
+ ci->ci_next = on->on_bi.bi_private;
+ on->on_bi.bi_private = ci;
+ return 0;
+ }
+ return SLAP_CONF_UNKNOWN;
+}
+
+static slap_overinst collect;
+
+int collect_initialize() {
+ collect.on_bi.bi_type = "collect";
+ collect.on_bi.bi_db_config = collect_config;
+ collect.on_response = collect_response;
+
+ return overlay_register( &collect );
+}
+
+#if SLAPD_OVER_COLLECT == SLAPD_MOD_DYNAMIC
+int init_module(int argc, char *argv[]) {
+ return collect_initialize();
+}
+#endif
+
+#endif /* SLAPD_OVER_COLLECT */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/denyop.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/denyop.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/denyop.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,258 @@
+/* denyop.c - Denies operations */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_DENYOP
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+/* This overlay provides a quick'n'easy way to deny selected operations
+ * for a database whose backend implements the operations. It is intended
+ * to be less expensive than ACLs because its evaluation occurs before
+ * any backend specific operation is actually even initiated.
+ */
+
+enum {
+ denyop_add = 0,
+ denyop_bind,
+ denyop_compare,
+ denyop_delete,
+ denyop_extended,
+ denyop_modify,
+ denyop_modrdn,
+ denyop_search,
+ denyop_unbind
+} denyop_e;
+
+typedef struct denyop_info {
+ int do_op[denyop_unbind + 1];
+} denyop_info;
+
+static int
+denyop_func( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ denyop_info *oi = (denyop_info *)on->on_bi.bi_private;
+ int deny = 0;
+
+ switch( op->o_tag ) {
+ case LDAP_REQ_BIND:
+ deny = oi->do_op[denyop_bind];
+ break;
+
+ case LDAP_REQ_ADD:
+ deny = oi->do_op[denyop_add];
+ break;
+
+ case LDAP_REQ_DELETE:
+ deny = oi->do_op[denyop_delete];
+ break;
+
+ case LDAP_REQ_MODRDN:
+ deny = oi->do_op[denyop_modrdn];
+ break;
+
+ case LDAP_REQ_MODIFY:
+ deny = oi->do_op[denyop_modify];
+ break;
+
+ case LDAP_REQ_COMPARE:
+ deny = oi->do_op[denyop_compare];
+ break;
+
+ case LDAP_REQ_SEARCH:
+ deny = oi->do_op[denyop_search];
+ break;
+
+ case LDAP_REQ_EXTENDED:
+ deny = oi->do_op[denyop_extended];
+ break;
+
+ case LDAP_REQ_UNBIND:
+ deny = oi->do_op[denyop_unbind];
+ break;
+ }
+
+ if ( !deny ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "operation not allowed within namingContext" );
+
+ return 0;
+}
+
+static int
+denyop_over_init(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ denyop_info *oi;
+
+ oi = (denyop_info *)ch_malloc(sizeof(denyop_info));
+ memset(oi, 0, sizeof(denyop_info));
+ on->on_bi.bi_private = oi;
+
+ return 0;
+}
+
+static int
+denyop_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ denyop_info *oi = (denyop_info *)on->on_bi.bi_private;
+
+ if ( strcasecmp( argv[0], "denyop" ) == 0 ) {
+ char *op;
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "operation list missing in "
+ "\"denyop <op-list>\" line.\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ /* The on->on_bi.bi_private pointer can be used for
+ * anything this instance of the overlay needs.
+ */
+
+ op = argv[1];
+ do {
+ char *next = strchr( op, ',' );
+
+ if ( next ) {
+ next[0] = '\0';
+ next++;
+ }
+
+ if ( strcmp( op, "add" ) == 0 ) {
+ oi->do_op[denyop_add] = 1;
+
+ } else if ( strcmp( op, "bind" ) == 0 ) {
+ oi->do_op[denyop_bind] = 1;
+
+ } else if ( strcmp( op, "compare" ) == 0 ) {
+ oi->do_op[denyop_compare] = 1;
+
+ } else if ( strcmp( op, "delete" ) == 0 ) {
+ oi->do_op[denyop_delete] = 1;
+
+ } else if ( strcmp( op, "extended" ) == 0 ) {
+ oi->do_op[denyop_extended] = 1;
+
+ } else if ( strcmp( op, "modify" ) == 0 ) {
+ oi->do_op[denyop_modify] = 1;
+
+ } else if ( strcmp( op, "modrdn" ) == 0 ) {
+ oi->do_op[denyop_modrdn] = 1;
+
+ } else if ( strcmp( op, "search" ) == 0 ) {
+ oi->do_op[denyop_search] = 1;
+
+ } else if ( strcmp( op, "unbind" ) == 0 ) {
+ oi->do_op[denyop_unbind] = 1;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "unknown operation \"%s\" at "
+ "\"denyop <op-list>\" line.\n",
+ fname, lineno, op );
+ return( 1 );
+ }
+
+ op = next;
+ } while ( op );
+
+ } else {
+ return SLAP_CONF_UNKNOWN;
+ }
+ return 0;
+}
+
+static int
+denyop_destroy(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ denyop_info *oi = (denyop_info *)on->on_bi.bi_private;
+
+ if ( oi ) {
+ ch_free( oi );
+ }
+
+ return 0;
+}
+
+/* This overlay is set up for dynamic loading via moduleload. For static
+ * configuration, you'll need to arrange for the slap_overinst to be
+ * initialized and registered by some other function inside slapd.
+ */
+
+static slap_overinst denyop;
+
+int
+denyop_initialize( void )
+{
+ memset( &denyop, 0, sizeof( slap_overinst ) );
+ denyop.on_bi.bi_type = "denyop";
+ denyop.on_bi.bi_db_init = denyop_over_init;
+ denyop.on_bi.bi_db_config = denyop_config;
+ denyop.on_bi.bi_db_destroy = denyop_destroy;
+
+ denyop.on_bi.bi_op_bind = denyop_func;
+ denyop.on_bi.bi_op_search = denyop_func;
+ denyop.on_bi.bi_op_compare = denyop_func;
+ denyop.on_bi.bi_op_modify = denyop_func;
+ denyop.on_bi.bi_op_modrdn = denyop_func;
+ denyop.on_bi.bi_op_add = denyop_func;
+ denyop.on_bi.bi_op_delete = denyop_func;
+ denyop.on_bi.bi_extended = denyop_func;
+ denyop.on_bi.bi_op_unbind = denyop_func;
+
+ denyop.on_response = NULL /* denyop_response */ ;
+
+ return overlay_register( &denyop );
+}
+
+#if SLAPD_OVER_DENYOP == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+ return denyop_initialize();
+}
+#endif /* SLAPD_OVER_DENYOP == SLAPD_MOD_DYNAMIC */
+
+#endif /* defined(SLAPD_OVER_DENYOP) */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/dyngroup.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/dyngroup.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/dyngroup.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,173 @@
+/* dyngroup.c - Demonstration of overlay code */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dyngroup.c,v 1.5.2.6 2007/01/02 21:44:08 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Copyright 2003 by Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_DYNGROUP
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+/* This overlay extends the Compare operation to detect members of a
+ * dynamic group. It has no effect on any other operations. It must
+ * be configured with a pair of attributes to trigger on, e.g.
+ * attrpair member memberURL
+ * will cause compares on "member" to trigger a compare on "memberURL".
+ */
+
+typedef struct adpair {
+ struct adpair *ap_next;
+ AttributeDescription *ap_mem;
+ AttributeDescription *ap_uri;
+} adpair;
+
+static int
+dyngroup_response( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ adpair *ap = on->on_bi.bi_private;
+
+ /* If we've been configured and the current response is
+ * what we're looking for...
+ */
+ if ( ap && op->o_tag == LDAP_REQ_COMPARE &&
+ rs->sr_err == LDAP_NO_SUCH_ATTRIBUTE ) {
+
+ for (;ap;ap=ap->ap_next) {
+ if ( op->oq_compare.rs_ava->aa_desc == ap->ap_mem ) {
+ /* This compare is for one of the attributes we're
+ * interested in. We'll use slapd's existing dyngroup
+ * evaluator to get the answer we want.
+ */
+ int cache = op->o_do_not_cache;
+
+ op->o_do_not_cache = 1;
+ rs->sr_err = backend_group( op, NULL, &op->o_req_ndn,
+ &op->oq_compare.rs_ava->aa_value, NULL, ap->ap_uri );
+ op->o_do_not_cache = cache;
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS:
+ rs->sr_err = LDAP_COMPARE_TRUE;
+ break;
+
+ case LDAP_NO_SUCH_OBJECT:
+ rs->sr_err = LDAP_COMPARE_FALSE;
+ break;
+ }
+ break;
+ }
+ }
+ }
+ /* Default is to just fall through to the normal processing */
+ return SLAP_CB_CONTINUE;
+}
+
+static int dyngroup_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ adpair ap = { NULL, NULL, NULL }, *a2;
+
+ if ( strcasecmp( argv[0], "attrpair" ) == 0 ) {
+ const char *text;
+ if ( argc != 3 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "attribute description missing in "
+ "\"attrpair <member-attribute> <URL-attribute>\" line.\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+ if ( slap_str2ad( argv[1], &ap.ap_mem, &text ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "attribute description unknown \"attrpair\" line: %s.\n",
+ fname, lineno, text );
+ return( 1 );
+ }
+ if ( slap_str2ad( argv[2], &ap.ap_uri, &text ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "attribute description unknown \"attrpair\" line: %s.\n",
+ fname, lineno, text );
+ return( 1 );
+ }
+ /* The on->on_bi.bi_private pointer can be used for
+ * anything this instance of the overlay needs.
+ */
+
+ a2 = ch_malloc( sizeof(adpair) );
+ a2->ap_next = on->on_bi.bi_private;
+ a2->ap_mem = ap.ap_mem;
+ a2->ap_uri = ap.ap_uri;
+ on->on_bi.bi_private = a2;
+ } else {
+ return SLAP_CONF_UNKNOWN;
+ }
+ return 0;
+}
+
+static int
+dyngroup_close(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ adpair *ap, *a2;
+
+ for ( ap = on->on_bi.bi_private; ap; ap = a2 ) {
+ a2 = ap->ap_next;
+ ch_free( ap );
+ }
+ return 0;
+}
+
+static slap_overinst dyngroup;
+
+/* This overlay is set up for dynamic loading via moduleload. For static
+ * configuration, you'll need to arrange for the slap_overinst to be
+ * initialized and registered by some other function inside slapd.
+ */
+
+int dyngroup_initialize() {
+ dyngroup.on_bi.bi_type = "dyngroup";
+ dyngroup.on_bi.bi_db_config = dyngroup_config;
+ dyngroup.on_bi.bi_db_close = dyngroup_close;
+ dyngroup.on_response = dyngroup_response;
+
+ return overlay_register( &dyngroup );
+}
+
+#if SLAPD_OVER_DYNGROUP == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+ return dyngroup_initialize();
+}
+#endif
+
+#endif /* defined(SLAPD_OVER_DYNGROUP) */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/dynlist.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/dynlist.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/dynlist.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1441 @@
+/* dynlist.c - dynamic list overlay */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dynlist.c,v 1.5.2.11 2007/03/22 21:31:18 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004-2005 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati
+ * for SysNet s.n.c., for inclusion in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_DYNLIST
+
+#if LDAP_VENDOR_VERSION_MINOR == X || LDAP_VENDOR_VERSION_MINOR > 3
+#if SLAPD_OVER_DYNGROUP != SLAPD_MOD_STATIC
+#define TAKEOVER_DYNGROUP
+#endif
+#else
+#if LDAP_VENDOR_VERSION_MINOR < 3
+#define OL_2_2_COMPAT
+#endif
+#endif
+
+#include <stdio.h>
+
+#include <ac/string.h>
+
+#include "slap.h"
+#ifndef OL_2_2_COMPAT
+#include "config.h"
+#endif
+#include "lutil.h"
+
+/* FIXME: the code differs if SLAP_OPATTRS is defined or not;
+ * SLAP_OPATTRS is not defined in 2.2 yet, while this overlay
+ * expects HEAD code at least later than August 6, 2004. */
+/* FIXME: slap_anlist_no_attrs was introduced in 2.3; here it
+ * is anticipated to allow using this overlay with 2.2. */
+
+#ifdef OL_2_2_COMPAT
+static AttributeName anlist_no_attrs[] = {
+ { BER_BVC( LDAP_NO_ATTRS ), NULL, 0, NULL },
+ { BER_BVNULL, NULL, 0, NULL }
+};
+
+static AttributeName *slap_anlist_no_attrs = anlist_no_attrs;
+#endif
+
+typedef struct dynlist_info_t {
+ ObjectClass *dli_oc;
+ AttributeDescription *dli_ad;
+ AttributeDescription *dli_member_ad;
+ struct berval dli_default_filter;
+ struct dynlist_info_t *dli_next;
+} dynlist_info_t;
+
+static dynlist_info_t *
+dynlist_is_dynlist( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ dynlist_info_t *dli = (dynlist_info_t *)on->on_bi.bi_private;
+
+ Attribute *a;
+
+ a = attrs_find( rs->sr_entry->e_attrs, slap_schema.si_ad_objectClass );
+ if ( a == NULL ) {
+ /* FIXME: objectClass must be present; for non-storage
+ * backends, like back-ldap, it needs to be added
+ * to the requested attributes */
+ return NULL;
+ }
+
+ for ( ; dli; dli = dli->dli_next ) {
+ if ( value_find_ex( slap_schema.si_ad_objectClass,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ a->a_nvals, &dli->dli_oc->soc_cname,
+ op->o_tmpmemctx ) == 0 )
+ {
+ return dli;
+ }
+ }
+
+ return NULL;
+}
+
+static int
+dynlist_make_filter( Operation *op, struct berval *oldf, struct berval *newf )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ dynlist_info_t *dli = (dynlist_info_t *)on->on_bi.bi_private;
+
+ char *ptr;
+
+ assert( oldf != NULL );
+ assert( newf != NULL );
+ assert( !BER_BVISNULL( oldf ) );
+ assert( !BER_BVISEMPTY( oldf ) );
+
+ newf->bv_len = STRLENOF( "(&(!(objectClass=" "))" ")" )
+ + dli->dli_oc->soc_cname.bv_len + oldf->bv_len;
+ newf->bv_val = op->o_tmpalloc( newf->bv_len + 1, op->o_tmpmemctx );
+ if ( newf->bv_val == NULL ) {
+ return -1;
+ }
+ ptr = lutil_strcopy( newf->bv_val, "(&(!(objectClass=" );
+ ptr = lutil_strcopy( ptr, dli->dli_oc->soc_cname.bv_val );
+ ptr = lutil_strcopy( ptr, "))" );
+ ptr = lutil_strcopy( ptr, oldf->bv_val );
+ ptr = lutil_strcopy( ptr, ")" );
+ newf->bv_len = ptr - newf->bv_val;
+
+ return 0;
+}
+
+typedef struct dynlist_sc_t {
+ dynlist_info_t *dlc_dli;
+ Entry *dlc_e;
+} dynlist_sc_t;
+
+static int
+dynlist_sc_update( Operation *op, SlapReply *rs )
+{
+ Entry *e;
+ Attribute *a;
+ int opattrs,
+ userattrs;
+ AccessControlState acl_state = ACL_STATE_INIT;
+
+ dynlist_sc_t *dlc;
+
+ if ( rs->sr_type != REP_SEARCH ) {
+ return 0;
+ }
+
+ dlc = (dynlist_sc_t *)op->o_callback->sc_private;
+ e = dlc->dlc_e;
+
+ assert( e != NULL );
+ assert( rs->sr_entry != NULL );
+
+ /* test access to entry */
+ if ( !access_allowed( op, rs->sr_entry, slap_schema.si_ad_entry,
+ NULL, ACL_READ, NULL ) )
+ {
+ goto done;
+ }
+
+ if ( dlc->dlc_dli->dli_member_ad ) {
+
+ /* if access allowed, try to add values, emulating permissive
+ * control to silently ignore duplicates */
+ if ( access_allowed( op, rs->sr_entry, slap_schema.si_ad_entry,
+ NULL, ACL_READ, NULL ) )
+ {
+ Modification mod;
+ const char *text = NULL;
+ char textbuf[1024];
+ struct berval vals[ 2 ], nvals[ 2 ];
+
+ vals[ 0 ] = rs->sr_entry->e_name;
+ BER_BVZERO( &vals[ 1 ] );
+ nvals[ 0 ] = rs->sr_entry->e_nname;
+ BER_BVZERO( &nvals[ 1 ] );
+
+ mod.sm_op = LDAP_MOD_ADD;
+ mod.sm_desc = dlc->dlc_dli->dli_member_ad;
+ mod.sm_type = dlc->dlc_dli->dli_member_ad->ad_cname;
+ mod.sm_values = vals;
+ mod.sm_nvalues = nvals;
+
+ (void)modify_add_values( e, &mod, /* permissive */ 1,
+ &text, textbuf, sizeof( textbuf ) );
+ }
+
+ goto done;
+ }
+
+#ifndef SLAP_OPATTRS
+ opattrs = ( rs->sr_attrs == NULL ) ? 0 : an_find( rs->sr_attrs, &AllOper );
+ userattrs = ( rs->sr_attrs == NULL ) ? 1 : an_find( rs->sr_attrs, &AllUser );
+#else /* SLAP_OPATTRS */
+ opattrs = SLAP_OPATTRS( rs->sr_attr_flags );
+ userattrs = SLAP_USERATTRS( rs->sr_attr_flags );
+#endif /* SLAP_OPATTRS */
+
+ for ( a = rs->sr_entry->e_attrs; a != NULL; a = a->a_next ) {
+ BerVarray vals, nvals = NULL;
+ int i, j;
+
+ /* if attribute is not requested, skip it */
+ if ( rs->sr_attrs == NULL ) {
+ if ( is_at_operational( a->a_desc->ad_type ) ) {
+ continue;
+ }
+
+ } else {
+ if ( is_at_operational( a->a_desc->ad_type ) ) {
+ if ( !opattrs && !ad_inlist( a->a_desc, rs->sr_attrs ) )
+ {
+ continue;
+ }
+
+ } else {
+ if ( !userattrs && !ad_inlist( a->a_desc, rs->sr_attrs ) )
+ {
+ continue;
+ }
+ }
+ }
+
+ /* test access to attribute */
+ if ( op->ors_attrsonly ) {
+ if ( !access_allowed( op, rs->sr_entry, a->a_desc, NULL,
+ ACL_READ, &acl_state ) )
+ {
+ continue;
+ }
+ }
+
+ /* single-value check: keep first only */
+ if ( is_at_single_value( a->a_desc->ad_type ) ) {
+ if ( attr_find( e->e_attrs, a->a_desc ) != NULL ) {
+ continue;
+ }
+ }
+
+ /* test access to attribute */
+ for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ )
+ /* just count */ ;
+
+ vals = op->o_tmpalloc( ( i + 1 ) * sizeof( struct berval ), op->o_tmpmemctx );
+ if ( a->a_nvals != a->a_vals ) {
+ nvals = op->o_tmpalloc( ( i + 1 ) * sizeof( struct berval ), op->o_tmpmemctx );
+ }
+
+ for ( i = 0, j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) {
+ if ( access_allowed( op, rs->sr_entry, a->a_desc,
+ &a->a_nvals[i], ACL_READ, &acl_state ) )
+ {
+ vals[j] = a->a_vals[i];
+ if ( nvals ) {
+ nvals[j] = a->a_nvals[i];
+ }
+ j++;
+ }
+ }
+
+ /* if access allowed, try to add values, emulating permissive
+ * control to silently ignore duplicates */
+ if ( j != 0 ) {
+ Modification mod;
+ const char *text = NULL;
+ char textbuf[1024];
+
+ BER_BVZERO( &vals[j] );
+ if ( nvals ) {
+ BER_BVZERO( &nvals[j] );
+ }
+
+ mod.sm_op = LDAP_MOD_ADD;
+ mod.sm_desc = a->a_desc;
+ mod.sm_type = a->a_desc->ad_cname;
+ mod.sm_values = vals;
+ mod.sm_nvalues = nvals;
+
+ (void)modify_add_values( e, &mod, /* permissive */ 1,
+ &text, textbuf, sizeof( textbuf ) );
+ }
+
+ op->o_tmpfree( vals, op->o_tmpmemctx );
+ if ( nvals ) {
+ op->o_tmpfree( nvals, op->o_tmpmemctx );
+ }
+ }
+
+done:;
+ if ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) {
+ entry_free( rs->sr_entry );
+ rs->sr_entry = NULL;
+ rs->sr_flags ^= REP_ENTRY_MUSTBEFREED;
+ }
+
+ return 0;
+}
+
+static int
+dynlist_send_entry( Operation *op, SlapReply *rs, dynlist_info_t *dli )
+{
+ Attribute *a;
+ slap_callback cb;
+ Operation o = *op;
+ SlapReply r = { REP_SEARCH };
+ struct berval *url;
+ Entry *e;
+ slap_mask_t e_flags;
+ int opattrs,
+ userattrs;
+ dynlist_sc_t dlc = { 0 };
+
+ a = attrs_find( rs->sr_entry->e_attrs, dli->dli_ad );
+ if ( a == NULL ) {
+ /* FIXME: error? */
+ return SLAP_CB_CONTINUE;
+ }
+
+ e = entry_dup( rs->sr_entry );
+ e_flags = rs->sr_flags | ( REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED );
+
+ dlc.dlc_e = e;
+ dlc.dlc_dli = dli;
+ cb.sc_private = &dlc;
+ cb.sc_response = dynlist_sc_update;
+ cb.sc_cleanup = NULL;
+ cb.sc_next = NULL;
+
+ o.o_callback = &cb;
+ o.ors_deref = LDAP_DEREF_NEVER;
+ o.ors_limit = NULL;
+ o.ors_tlimit = SLAP_NO_LIMIT;
+ o.ors_slimit = SLAP_NO_LIMIT;
+
+#ifndef SLAP_OPATTRS
+ opattrs = ( rs->sr_attrs == NULL ) ? 0 : an_find( rs->sr_attrs, &AllOper );
+ userattrs = ( rs->sr_attrs == NULL ) ? 1 : an_find( rs->sr_attrs, &AllUser );
+#else /* SLAP_OPATTRS */
+ opattrs = SLAP_OPATTRS( rs->sr_attr_flags );
+ userattrs = SLAP_USERATTRS( rs->sr_attr_flags );
+#endif /* SLAP_OPATTRS */
+
+ for ( url = a->a_nvals; !BER_BVISNULL( url ); url++ ) {
+ LDAPURLDesc *lud = NULL;
+ int i, j;
+ struct berval dn;
+ int rc;
+
+ BER_BVZERO( &o.o_req_dn );
+ BER_BVZERO( &o.o_req_ndn );
+ o.ors_filter = NULL;
+ o.ors_attrs = NULL;
+ BER_BVZERO( &o.ors_filterstr );
+
+ if ( ldap_url_parse( url->bv_val, &lud ) != LDAP_URL_SUCCESS ) {
+ /* FIXME: error? */
+ continue;
+ }
+
+ if ( lud->lud_host != NULL ) {
+ /* FIXME: host not allowed; reject as illegal? */
+ Debug( LDAP_DEBUG_ANY, "dynlist_send_entry(\"%s\"): "
+ "illegal URI \"%s\"\n",
+ e->e_name.bv_val, url->bv_val, 0 );
+ goto cleanup;
+ }
+
+ if ( lud->lud_dn == NULL ) {
+ /* note that an empty base is not honored in terms
+ * of defaultSearchBase, because select_backend()
+ * is not aware of the defaultSearchBase option;
+ * this can be useful in case of a database serving
+ * the empty suffix */
+ BER_BVSTR( &dn, "" );
+
+ } else {
+ ber_str2bv( lud->lud_dn, 0, 0, &dn );
+ }
+ rc = dnPrettyNormal( NULL, &dn, &o.o_req_dn, &o.o_req_ndn, op->o_tmpmemctx );
+ if ( rc != LDAP_SUCCESS ) {
+ /* FIXME: error? */
+ goto cleanup;
+ }
+ o.ors_scope = lud->lud_scope;
+
+ if ( dli->dli_member_ad != NULL ) {
+ /* if ( lud->lud_attrs != NULL ),
+ * the URL should be ignored */
+ o.ors_attrs = slap_anlist_no_attrs;
+
+ } else if ( lud->lud_attrs == NULL ) {
+ o.ors_attrs = rs->sr_attrs;
+
+ } else {
+ for ( i = 0; lud->lud_attrs[i]; i++)
+ /* just count */ ;
+
+ o.ors_attrs = op->o_tmpcalloc( i + 1, sizeof( AttributeName ), op->o_tmpmemctx );
+ for ( i = 0, j = 0; lud->lud_attrs[i]; i++) {
+ const char *text = NULL;
+
+ ber_str2bv( lud->lud_attrs[i], 0, 0, &o.ors_attrs[j].an_name );
+ o.ors_attrs[j].an_desc = NULL;
+ (void)slap_bv2ad( &o.ors_attrs[j].an_name, &o.ors_attrs[j].an_desc, &text );
+ /* FIXME: ignore errors... */
+
+ if ( rs->sr_attrs == NULL ) {
+ if ( o.ors_attrs[j].an_desc != NULL &&
+ is_at_operational( o.ors_attrs[j].an_desc->ad_type ) )
+ {
+ continue;
+ }
+
+ } else {
+ if ( o.ors_attrs[j].an_desc != NULL &&
+ is_at_operational( o.ors_attrs[j].an_desc->ad_type ) )
+ {
+ if ( !opattrs && !ad_inlist( o.ors_attrs[j].an_desc, rs->sr_attrs ) )
+ {
+ continue;
+ }
+
+ } else {
+ if ( !userattrs &&
+ o.ors_attrs[j].an_desc != NULL &&
+ !ad_inlist( o.ors_attrs[j].an_desc, rs->sr_attrs ) )
+ {
+ continue;
+ }
+ }
+ }
+
+ j++;
+ }
+
+ if ( j == 0 ) {
+ goto cleanup;
+ }
+
+ BER_BVZERO( &o.ors_attrs[j].an_name );
+ }
+
+ if ( lud->lud_filter == NULL ) {
+ ber_dupbv_x( &o.ors_filterstr,
+ &dli->dli_default_filter, op->o_tmpmemctx );
+
+ } else {
+ struct berval flt;
+ ber_str2bv( lud->lud_filter, 0, 0, &flt );
+ if ( dynlist_make_filter( op, &flt, &o.ors_filterstr ) ) {
+ /* error */
+ goto cleanup;
+ }
+ }
+ o.ors_filter = str2filter_x( op, o.ors_filterstr.bv_val );
+ if ( o.ors_filter == NULL ) {
+ goto cleanup;
+ }
+
+ o.o_bd = select_backend( &o.o_req_ndn, 0, 1 );
+ if ( o.o_bd && o.o_bd->be_search ) {
+#ifdef SLAP_OPATTRS
+ r.sr_attr_flags = slap_attr_flags( o.ors_attrs );
+#endif /* SLAP_OPATTRS */
+ (void)o.o_bd->be_search( &o, &r );
+ }
+
+cleanup:;
+ if ( o.ors_filter ) {
+ filter_free_x( &o, o.ors_filter );
+ }
+ if ( o.ors_attrs && o.ors_attrs != rs->sr_attrs
+ && o.ors_attrs != slap_anlist_no_attrs )
+ {
+ op->o_tmpfree( o.ors_attrs, op->o_tmpmemctx );
+ }
+ if ( !BER_BVISNULL( &o.o_req_dn ) ) {
+ op->o_tmpfree( o.o_req_dn.bv_val, op->o_tmpmemctx );
+ }
+ if ( !BER_BVISNULL( &o.o_req_ndn ) ) {
+ op->o_tmpfree( o.o_req_ndn.bv_val, op->o_tmpmemctx );
+ }
+ assert( BER_BVISNULL( &o.ors_filterstr )
+ || o.ors_filterstr.bv_val != lud->lud_filter );
+ op->o_tmpfree( o.ors_filterstr.bv_val, op->o_tmpmemctx );
+ ldap_free_urldesc( lud );
+ }
+
+ rs->sr_entry = e;
+ rs->sr_flags = e_flags;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+dynlist_sc_save_entry( Operation *op, SlapReply *rs )
+{
+ /* save the entry in the private field of the callback,
+ * so it doesn't get freed (it's temporary!) */
+ if ( rs->sr_entry != NULL ) {
+ dynlist_sc_t *dlc = (dynlist_sc_t *)op->o_callback->sc_private;
+ dlc->dlc_e = rs->sr_entry;
+ rs->sr_entry = NULL;
+ }
+
+ return 0;
+}
+
+static int
+dynlist_compare( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ dynlist_info_t *dli = (dynlist_info_t *)on->on_bi.bi_private;
+
+ for ( ; dli != NULL; dli = dli->dli_next ) {
+ if ( op->oq_compare.rs_ava->aa_desc == dli->dli_member_ad ) {
+ /* This compare is for one of the attributes we're
+ * interested in. We'll use slapd's existing dyngroup
+ * evaluator to get the answer we want.
+ */
+ int cache = op->o_do_not_cache;
+
+ op->o_do_not_cache = 1;
+ rs->sr_err = backend_group( op, NULL, &op->o_req_ndn,
+ &op->oq_compare.rs_ava->aa_value, dli->dli_oc, dli->dli_ad );
+ op->o_do_not_cache = cache;
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS:
+ rs->sr_err = LDAP_COMPARE_TRUE;
+ break;
+
+ case LDAP_NO_SUCH_OBJECT:
+ /* NOTE: backend_group() returns noSuchObject
+ * if op_ndn does not exist; however, since
+ * dynamic list expansion means that the
+ * member attribute is virtually present, the
+ * non-existence of the asserted value implies
+ * the assertion is FALSE rather than
+ * UNDEFINED */
+ rs->sr_err = LDAP_COMPARE_FALSE;
+ break;
+ }
+
+ return SLAP_CB_CONTINUE;
+ }
+ }
+
+ dli = (dynlist_info_t *)on->on_bi.bi_private;
+ for ( ; dli != NULL && rs->sr_err != LDAP_COMPARE_TRUE; dli = dli->dli_next ) {
+ Attribute *a;
+ slap_callback cb;
+ Operation o = *op;
+ SlapReply r = { REP_SEARCH };
+ AttributeName an[2];
+ int rc;
+ dynlist_sc_t dlc = { 0 };
+ Entry *e;
+
+ int cache = op->o_do_not_cache;
+ struct berval op_dn = op->o_dn,
+ op_ndn = op->o_ndn;
+ BackendDB *op_bd = op->o_bd;
+
+ /* fetch the entry as rootdn (a hack to see if it exists
+ * and if it has the right objectClass) */
+ op->o_do_not_cache = 1;
+ op->o_dn = op->o_bd->be_rootdn;
+ op->o_ndn = op->o_bd->be_rootndn;
+ op->o_bd = select_backend( &op->o_req_ndn, 0, 0 );
+
+ r.sr_err = be_entry_get_rw( op, &op->o_req_ndn,
+ dli->dli_oc, NULL, 0, &e );
+ if ( e != NULL ) {
+ be_entry_release_r( op, e );
+ }
+ op->o_do_not_cache = cache;
+ op->o_dn = op_dn;
+ op->o_ndn = op_ndn;
+ op->o_bd = op_bd;
+ if ( r.sr_err != LDAP_SUCCESS ) {
+ continue;
+ }
+
+ /* if the entry has the right objectClass, generate
+ * the dynamic list and compare */
+ dlc.dlc_dli = dli;
+ cb.sc_private = &dlc;
+ cb.sc_response = dynlist_sc_save_entry;
+ cb.sc_cleanup = NULL;
+ cb.sc_next = NULL;
+ o.o_callback = &cb;
+
+ o.o_tag = LDAP_REQ_SEARCH;
+ o.ors_limit = NULL;
+ o.ors_tlimit = SLAP_NO_LIMIT;
+ o.ors_slimit = SLAP_NO_LIMIT;
+
+ o.o_bd = select_backend( &o.o_req_ndn, 0, 1 );
+ if ( !o.o_bd || !o.o_bd->be_search ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ BER_BVSTR( &o.ors_filterstr, "(objectClass=*)" );
+ o.ors_filter = str2filter_x( op, o.ors_filterstr.bv_val );
+ if ( o.ors_filter == NULL ) {
+ /* FIXME: error? */
+ return SLAP_CB_CONTINUE;
+ }
+
+ o.ors_scope = LDAP_SCOPE_BASE;
+ o.ors_deref = LDAP_DEREF_NEVER;
+ an[0].an_name = op->orc_ava->aa_desc->ad_cname;
+ an[0].an_desc = op->orc_ava->aa_desc;
+ BER_BVZERO( &an[1].an_name );
+ o.ors_attrs = an;
+ o.ors_attrsonly = 0;
+
+ rc = o.o_bd->be_search( &o, &r );
+ filter_free_x( &o, o.ors_filter );
+
+ if ( rc != 0 ) {
+ return rc;
+ }
+
+ if ( dlc.dlc_e != NULL ) {
+ r.sr_entry = dlc.dlc_e;
+ }
+
+ if ( r.sr_err != LDAP_SUCCESS || r.sr_entry == NULL ) {
+ /* error? */
+ return SLAP_CB_CONTINUE;
+ }
+
+ for ( a = attrs_find( r.sr_entry->e_attrs, op->orc_ava->aa_desc );
+ a != NULL;
+ a = attrs_find( a->a_next, op->orc_ava->aa_desc ) )
+ {
+ /* if we're here, we got a match... */
+ rs->sr_err = LDAP_COMPARE_FALSE;
+
+ if ( value_find_ex( op->orc_ava->aa_desc,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ a->a_nvals, &op->orc_ava->aa_value, op->o_tmpmemctx ) == 0 )
+ {
+ rs->sr_err = LDAP_COMPARE_TRUE;
+ break;
+ }
+ }
+
+ if ( r.sr_flags & REP_ENTRY_MUSTBEFREED ) {
+ entry_free( r.sr_entry );
+ }
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+dynlist_response( Operation *op, SlapReply *rs )
+{
+ dynlist_info_t *dli;
+
+ switch ( op->o_tag ) {
+ case LDAP_REQ_SEARCH:
+ if ( rs->sr_type == REP_SEARCH && !get_manageDSAit( op ) )
+ {
+ dli = dynlist_is_dynlist( op, rs );
+ if ( dli != NULL ) {
+ return dynlist_send_entry( op, rs, dli );
+ }
+ }
+ break;
+
+ case LDAP_REQ_COMPARE:
+ switch ( rs->sr_err ) {
+ /* NOTE: we waste a few cycles running the dynamic list
+ * also when the result is FALSE, which occurs if the
+ * dynamic entry itself contains the AVA attribute */
+ /* FIXME: this approach is less than optimal; a dedicated
+ * compare op should be implemented, that fetches the
+ * entry, checks if it has the appropriate objectClass
+ * and, in case, runs a compare thru all the URIs,
+ * stopping at the first positive occurrence; see ITS#3756 */
+ case LDAP_COMPARE_FALSE:
+ case LDAP_NO_SUCH_ATTRIBUTE:
+ return dynlist_compare( op, rs );
+ }
+ break;
+
+ default:
+ break;
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+dynlist_build_def_filter( dynlist_info_t *dli )
+{
+ char *ptr;
+
+ dli->dli_default_filter.bv_len = STRLENOF( "(!(objectClass=" "))" )
+ + dli->dli_oc->soc_cname.bv_len;
+ dli->dli_default_filter.bv_val = ch_malloc( dli->dli_default_filter.bv_len + 1 );
+ if ( dli->dli_default_filter.bv_val == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "dynlist_db_open: malloc failed.\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ ptr = lutil_strcopy( dli->dli_default_filter.bv_val, "(!(objectClass=" );
+ ptr = lutil_strcopy( ptr, dli->dli_oc->soc_cname.bv_val );
+ ptr = lutil_strcopy( ptr, "))" );
+
+ assert( dli->dli_default_filter.bv_len == ptr - dli->dli_default_filter.bv_val );
+
+ return 0;
+}
+
+#ifdef OL_2_2_COMPAT
+static int
+dynlist_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+
+ int rc = 0;
+
+ if ( strcasecmp( argv[0], "dynlist-attrset" ) == 0 ) {
+ dynlist_info_t **dlip;
+ ObjectClass *oc;
+ AttributeDescription *ad = NULL,
+ *member_ad = NULL;
+ const char *text;
+
+ if ( argc < 3 || argc > 4 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "invalid arg number #%d.\n",
+ fname, lineno, argc );
+ return 1;
+ }
+
+ oc = oc_find( argv[1] );
+ if ( oc == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "unable to find ObjectClass \"%s\"\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ rc = slap_str2ad( argv[2], &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "unable to find AttributeDescription \"%s\"\n",
+ fname, lineno, argv[2] );
+ return 1;
+ }
+
+ if ( !is_at_subtype( ad->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "AttributeDescription \"%s\" "
+ "must be a subtype of \"labeledURI\"\n",
+ fname, lineno, argv[2] );
+ return 1;
+ }
+
+ if ( argc == 4 ) {
+ rc = slap_str2ad( argv[3], &member_ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "unable to find AttributeDescription \"%s\"\n",
+ fname, lineno, argv[3] );
+ return 1;
+ }
+ }
+
+ for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private;
+ *dlip; dlip = &(*dlip)->dli_next )
+ {
+ /* The check on objectClass may be relaxed */
+#if 0
+ if ( (*dlip)->dli_oc == oc ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "objectClass \"%s\" already mapped.\n",
+ fname, lineno, oc->soc_cname.bv_val );
+ return 1;
+ }
+#endif
+
+ if ( (*dlip)->dli_ad == ad ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "URL attributeDescription \"%s\" already mapped.\n",
+ fname, lineno, ad->ad_cname.bv_val );
+ return 1;
+ }
+
+ if ( member_ad != NULL && (*dlip)->dli_member_ad == member_ad ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "member attributeDescription \"%s\" already mapped.\n",
+ fname, lineno, member_ad->ad_cname.bv_val );
+ return 1;
+ }
+ }
+
+ *dlip = (dynlist_info_t *)ch_calloc( 1, sizeof( dynlist_info_t ) );
+ (*dlip)->dli_oc = oc;
+ (*dlip)->dli_ad = ad;
+ (*dlip)->dli_member_ad = member_ad;
+
+ if ( dynlist_build_def_filter( *dlip ) ) {
+ ch_free( *dlip );
+ *dlip = NULL;
+ return 1;
+ }
+
+ /* allow dyngroup syntax */
+ } else if ( strcasecmp( argv[0], "dynlist-attrpair" ) == 0 ) {
+ dynlist_info_t **dlip;
+ ObjectClass *oc;
+ AttributeDescription *ad = NULL,
+ *member_ad = NULL;
+ const char *text;
+
+ if ( argc != 3 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrpair <member-ad> <URL-ad>\": "
+ "invalid arg number #%d.\n",
+ fname, lineno, argc );
+ return 1;
+ }
+
+ oc = oc_find( "groupOfURLs" );
+ if ( oc == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrpair <member-ad> <URL-ad>\": "
+ "unable to find default ObjectClass \"groupOfURLs\"\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ rc = slap_str2ad( argv[1], &member_ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrpair <member-ad> <URL-ad>\": "
+ "unable to find AttributeDescription \"%s\"\n",
+ fname, lineno, argv[1] );
+ return 1;
+ }
+
+ rc = slap_str2ad( argv[2], &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrpair <member-ad> <URL-ad>\": "
+ "unable to find AttributeDescription \"%s\"\n",
+ fname, lineno, argv[2] );
+ return 1;
+ }
+
+ if ( !is_at_subtype( ad->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrpair <member-ad> <URL-ad>\": "
+ "AttributeDescription \"%s\" "
+ "must be a subtype of \"labeledURI\"\n",
+ fname, lineno, argv[2] );
+ return 1;
+ }
+
+
+ for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private;
+ *dlip; dlip = &(*dlip)->dli_next )
+ {
+#if 0
+ /* The check on objectClass may be relaxed */
+ if ( (*dlip)->dli_oc == oc ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrpair <member-ad> <URL-ad>\": "
+ "objectClass \"%s\" already mapped.\n",
+ fname, lineno, oc->soc_cname.bv_val );
+ return 1;
+ }
+#endif
+
+ if ( (*dlip)->dli_ad == ad ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrpair <member-ad> <URL-ad>\": "
+ "URL attributeDescription \"%s\" already mapped.\n",
+ fname, lineno, ad->ad_cname.bv_val );
+ return 1;
+ }
+
+ if ( member_ad != NULL && (*dlip)->dli_member_ad == member_ad ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"dynlist-attrpair <member-ad> <URL-ad>\": "
+ "member attributeDescription \"%s\" already mapped.\n",
+ fname, lineno, member_ad->ad_cname.bv_val );
+ return 1;
+ }
+ }
+
+ *dlip = (dynlist_info_t *)ch_calloc( 1, sizeof( dynlist_info_t ) );
+ (*dlip)->dli_oc = oc;
+ (*dlip)->dli_ad = ad;
+ (*dlip)->dli_member_ad = member_ad;
+
+ if ( dynlist_build_def_filter( *dlip ) ) {
+ ch_free( *dlip );
+ *dlip = NULL;
+ return 1;
+ }
+
+ } else {
+ rc = SLAP_CONF_UNKNOWN;
+ }
+
+ return rc;
+}
+
+#else
+enum {
+ DL_ATTRSET = 1,
+ DL_ATTRPAIR,
+ DL_ATTRPAIR_COMPAT,
+ DL_LAST
+};
+
+static ConfigDriver dl_cfgen;
+
+static ConfigTable dlcfg[] = {
+ { "dynlist-attrset", "group-oc> <URL-ad> <member-ad",
+ 3, 4, 0, ARG_MAGIC|DL_ATTRSET, dl_cfgen,
+ "( OLcfgOvAt:8.1 NAME 'olcDLattrSet' "
+ "DESC 'Dynamic list: <group objectClass>, <URL attributeDescription>, <member attributeDescription>' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString "
+ "X-ORDERED 'VALUES' )",
+ NULL, NULL },
+ { "dynlist-attrpair", "member-ad> <URL-ad",
+ 3, 3, 0, ARG_MAGIC|DL_ATTRPAIR, dl_cfgen,
+ NULL, NULL, NULL },
+#ifdef TAKEOVER_DYNGROUP
+ { "attrpair", "member-ad> <URL-ad",
+ 3, 3, 0, ARG_MAGIC|DL_ATTRPAIR_COMPAT, dl_cfgen,
+ NULL, NULL, NULL },
+#endif
+ { NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs dlocs[] = {
+ { "( OLcfgOvOc:8.1 "
+ "NAME 'olcDynamicList' "
+ "DESC 'Dynamic list configuration' "
+ "SUP olcOverlayConfig "
+ "MAY olcDLattrSet )",
+ Cft_Overlay, dlcfg, NULL, NULL },
+ { NULL, 0, NULL }
+};
+
+static int
+dl_cfgen( ConfigArgs *c )
+{
+ slap_overinst *on = (slap_overinst *)c->bi;
+ dynlist_info_t *dli = (dynlist_info_t *)on->on_bi.bi_private;
+
+ int rc = 0, i;
+
+ if ( c->op == SLAP_CONFIG_EMIT ) {
+ switch( c->type ) {
+ case DL_ATTRSET:
+ for ( i = 0; dli; i++, dli = dli->dli_next ) {
+ struct berval bv;
+ char *ptr = c->msg;
+
+ assert( dli->dli_oc != NULL );
+ assert( dli->dli_ad != NULL );
+
+ ptr += snprintf( c->msg, sizeof( c->msg ),
+ SLAP_X_ORDERED_FMT "%s %s", i,
+ dli->dli_oc->soc_cname.bv_val,
+ dli->dli_ad->ad_cname.bv_val );
+
+ if ( dli->dli_member_ad != NULL ) {
+ ptr[ 0 ] = ' ';
+ ptr++;
+ ptr = lutil_strcopy( ptr, dli->dli_member_ad->ad_cname.bv_val );
+ }
+
+ bv.bv_val = c->msg;
+ bv.bv_len = ptr - bv.bv_val;
+ value_add_one( &c->rvalue_vals, &bv );
+ }
+ break;
+
+ case DL_ATTRPAIR_COMPAT:
+ case DL_ATTRPAIR:
+ rc = 1;
+ break;
+
+ default:
+ rc = 1;
+ break;
+ }
+
+ return rc;
+
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ switch( c->type ) {
+ case DL_ATTRSET:
+ if ( c->valx < 0 ) {
+ dynlist_info_t *dli_next;
+
+ for ( dli_next = dli; dli_next; dli = dli_next ) {
+ dli_next = dli->dli_next;
+
+ ch_free( dli->dli_default_filter.bv_val );
+ ch_free( dli );
+ }
+
+ on->on_bi.bi_private = NULL;
+
+ } else {
+ dynlist_info_t **dlip;
+
+ for ( i = 0, dlip = (dynlist_info_t **)&on->on_bi.bi_private;
+ i < c->valx; i++ )
+ {
+ if ( *dlip == NULL ) {
+ return 1;
+ }
+ dlip = &(*dlip)->dli_next;
+ }
+
+ dli = *dlip;
+ *dlip = dli->dli_next;
+ ch_free( dli->dli_default_filter.bv_val );
+ ch_free( dli );
+
+ dli = (dynlist_info_t *)on->on_bi.bi_private;
+ }
+ break;
+
+ case DL_ATTRPAIR_COMPAT:
+ case DL_ATTRPAIR:
+ rc = 1;
+ break;
+
+ default:
+ rc = 1;
+ break;
+ }
+
+ return 1; /* FIXME */
+ }
+
+ switch( c->type ) {
+ case DL_ATTRSET: {
+ dynlist_info_t **dlip,
+ *dli_next = NULL;
+ ObjectClass *oc = NULL;
+ AttributeDescription *ad = NULL,
+ *member_ad = NULL;
+ const char *text;
+
+ oc = oc_find( c->argv[ 1 ] );
+ if ( oc == NULL ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "unable to find ObjectClass \"%s\"",
+ c->argv[ 1 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+ }
+
+ rc = slap_str2ad( c->argv[ 2 ], &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "unable to find AttributeDescription \"%s\"",
+ c->argv[ 2 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+ }
+
+ if ( !is_at_subtype( ad->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "AttributeDescription \"%s\" "
+ "must be a subtype of \"labeledURI\"",
+ c->argv[ 2 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+ }
+
+ if ( c->argc == 4 ) {
+ rc = slap_str2ad( c->argv[ 3 ], &member_ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "unable to find AttributeDescription \"%s\"\n",
+ c->argv[ 3 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+ }
+ }
+
+ for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private;
+ *dlip; dlip = &(*dlip)->dli_next )
+ {
+ /* The check on objectClass may be relaxed */
+#if 0
+ if ( (*dlip)->dli_oc == oc ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "objectClass \"%s\" already mapped.\n",
+ oc->soc_cname.bv_val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+ }
+#endif
+
+ if ( (*dlip)->dli_ad == ad ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "URL attributeDescription \"%s\" already mapped.\n",
+ ad->ad_cname.bv_val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+ }
+
+ if ( member_ad != NULL && (*dlip)->dli_member_ad == member_ad ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "member attributeDescription \"%s\" already mapped.\n",
+ member_ad->ad_cname.bv_val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+ }
+ }
+
+ if ( c->valx > 0 ) {
+ int i;
+
+ for ( i = 0, dlip = (dynlist_info_t **)&on->on_bi.bi_private;
+ i < c->valx; i++ )
+ {
+ if ( *dlip == NULL ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "invalid index {%d}\n",
+ c->valx );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+ }
+ dlip = &(*dlip)->dli_next;
+ }
+ dli_next = *dlip;
+
+ } else {
+ for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private;
+ *dlip; dlip = &(*dlip)->dli_next )
+ /* goto last */;
+ }
+
+ *dlip = (dynlist_info_t *)ch_calloc( 1, sizeof( dynlist_info_t ) );
+
+ (*dlip)->dli_oc = oc;
+ (*dlip)->dli_ad = ad;
+ (*dlip)->dli_member_ad = member_ad;
+ (*dlip)->dli_next = dli_next;
+
+ rc = dynlist_build_def_filter( *dlip );
+
+ } break;
+
+ case DL_ATTRPAIR_COMPAT:
+ snprintf( c->msg, sizeof( c->msg ),
+ "warning: \"attrpair\" only supported for limited "
+ "backward compatibility with overlay \"dyngroup\"" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ /* fallthru */
+
+ case DL_ATTRPAIR: {
+ dynlist_info_t **dlip;
+ ObjectClass *oc = NULL;
+ AttributeDescription *ad = NULL,
+ *member_ad = NULL;
+ const char *text;
+
+ oc = oc_find( "groupOfURLs" );
+ if ( oc == NULL ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"dynlist-attrpair <member-ad> <URL-ad>\": "
+ "unable to find default ObjectClass \"groupOfURLs\"" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+ }
+
+ rc = slap_str2ad( c->argv[ 1 ], &member_ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"dynlist-attrpair <member-ad> <URL-ad>\": "
+ "unable to find AttributeDescription \"%s\"",
+ c->argv[ 1 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+ }
+
+ rc = slap_str2ad( c->argv[ 2 ], &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"dynlist-attrpair <member-ad> <URL-ad>\": "
+ "unable to find AttributeDescription \"%s\"\n",
+ c->argv[ 2 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+ }
+
+ if ( !is_at_subtype( ad->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"dynlist-attrset <oc> <URL-ad> [<member-ad>]\": "
+ "AttributeDescription \"%s\" "
+ "must be a subtype of \"labeledURI\"",
+ c->argv[ 2 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+ }
+
+ for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private;
+ *dlip; dlip = &(*dlip)->dli_next )
+ {
+ /* The check on objectClass may be relaxed */
+#if 0
+ if ( (*dlip)->dli_oc == oc ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"dynlist-attrpair <member-ad> <URL-ad>\": "
+ "objectClass \"%s\" already mapped.\n",
+ oc->soc_cname.bv_val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+ }
+#endif
+
+ if ( (*dlip)->dli_ad == ad ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"dynlist-attrpair <member-ad> <URL-ad>\": "
+ "URL attributeDescription \"%s\" already mapped.\n",
+ ad->ad_cname.bv_val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+ }
+
+ if ( member_ad != NULL && (*dlip)->dli_member_ad == member_ad ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"dynlist-attrpair <member-ad> <URL-ad>\": "
+ "member attributeDescription \"%s\" already mapped.\n",
+ member_ad->ad_cname.bv_val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->msg, 0 );
+ return 1;
+ }
+ }
+
+ *dlip = (dynlist_info_t *)ch_calloc( 1, sizeof( dynlist_info_t ) );
+
+ (*dlip)->dli_oc = oc;
+ (*dlip)->dli_ad = ad;
+ (*dlip)->dli_member_ad = member_ad;
+
+ rc = dynlist_build_def_filter( *dlip );
+
+ } break;
+
+ default:
+ rc = 1;
+ break;
+ }
+
+ return rc;
+}
+#endif
+
+static int
+dynlist_db_open(
+ BackendDB *be )
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ dynlist_info_t *dli = (dynlist_info_t *)on->on_bi.bi_private;
+ ObjectClass *oc = NULL;
+ AttributeDescription *ad = NULL;
+
+ if ( dli == NULL ) {
+ dli = ch_calloc( 1, sizeof( dynlist_info_t ) );
+ on->on_bi.bi_private = (void *)dli;
+ }
+
+ for ( ; dli; dli = dli->dli_next ) {
+ const char *text;
+ int rc;
+
+ if ( dli->dli_oc == NULL ) {
+ if ( oc == NULL ) {
+ oc = oc_find( "groupOfURLs" );
+ if ( oc == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "dynlist_db_open: "
+ "unable to fetch objectClass \"groupOfURLs\".\n",
+ 0, 0, 0 );
+ return 1;
+ }
+ }
+
+ dli->dli_oc = oc;
+ }
+
+ if ( dli->dli_ad == NULL ) {
+ if ( ad == NULL ) {
+ rc = slap_str2ad( "memberURL", &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "dynlist_db_open: "
+ "unable to fetch attributeDescription \"memberURL\": %d (%s).\n",
+ rc, text, 0 );
+ return 1;
+ }
+ }
+
+ dli->dli_ad = ad;
+ }
+
+ if ( BER_BVISNULL( &dli->dli_default_filter ) ) {
+ rc = dynlist_build_def_filter( dli );
+ if ( rc != 0 ) {
+ return rc;
+ }
+ }
+ }
+
+ return 0;
+}
+
+static int
+dynlist_db_destroy(
+ BackendDB *be )
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+
+ if ( on->on_bi.bi_private ) {
+ dynlist_info_t *dli = (dynlist_info_t *)on->on_bi.bi_private,
+ *dli_next;
+
+ for ( dli_next = dli; dli_next; dli = dli_next ) {
+ dli_next = dli->dli_next;
+
+ ch_free( dli->dli_default_filter.bv_val );
+ ch_free( dli );
+ }
+ }
+
+ return 0;
+}
+
+static slap_overinst dynlist = { { NULL } };
+#ifdef TAKEOVER_DYNGROUP
+static char *obsolete_names[] = {
+ "dyngroup",
+ NULL
+};
+#endif
+
+#if SLAPD_OVER_DYNLIST == SLAPD_MOD_DYNAMIC
+static
+#endif /* SLAPD_OVER_DYNLIST == SLAPD_MOD_DYNAMIC */
+int
+dynlist_initialize(void)
+{
+#ifndef OL_2_2_COMPAT
+ int rc = 0;
+#endif
+
+ dynlist.on_bi.bi_type = "dynlist";
+
+#ifdef TAKEOVER_DYNGROUP
+ /* makes dynlist incompatible with dyngroup */
+ dynlist.on_bi.bi_obsolete_names = obsolete_names;
+#endif
+
+#ifdef OL_2_2_COMPAT
+ dynlist.on_bi.bi_db_config = dynlist_db_config;
+#else
+ dynlist.on_bi.bi_db_config = config_generic_wrapper;
+#endif
+ dynlist.on_bi.bi_db_open = dynlist_db_open;
+ dynlist.on_bi.bi_db_destroy = dynlist_db_destroy;
+
+ dynlist.on_response = dynlist_response;
+
+#ifndef OL_2_2_COMPAT
+ dynlist.on_bi.bi_cf_ocs = dlocs;
+
+ rc = config_register_schema( dlcfg, dlocs );
+ if ( rc ) {
+ return rc;
+ }
+#endif
+
+ return overlay_register( &dynlist );
+}
+
+#if SLAPD_OVER_DYNLIST == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+ return dynlist_initialize();
+}
+#endif
+
+#endif /* SLAPD_OVER_DYNLIST */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/lastmod.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/lastmod.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/lastmod.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1027 @@
+/* lastmod.c - returns last modification info */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_LASTMOD
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "lutil.h"
+
+typedef struct lastmod_info_t {
+ struct berval lmi_rdnvalue;
+ Entry *lmi_e;
+ ldap_pvt_thread_mutex_t lmi_entry_mutex;
+ int lmi_enabled;
+} lastmod_info_t;
+
+struct lastmod_schema_t {
+ ObjectClass *lms_oc_lastmod;
+ AttributeDescription *lms_ad_lastmodDN;
+ AttributeDescription *lms_ad_lastmodType;
+ AttributeDescription *lms_ad_lastmodEnabled;
+} lastmod_schema;
+
+enum lastmodType_e {
+ LASTMOD_ADD = 0,
+ LASTMOD_DELETE,
+ LASTMOD_EXOP,
+ LASTMOD_MODIFY,
+ LASTMOD_MODRDN,
+ LASTMOD_UNKNOWN
+};
+
+struct berval lastmodType[] = {
+ BER_BVC( "add" ),
+ BER_BVC( "delete" ),
+ BER_BVC( "exop" ),
+ BER_BVC( "modify" ),
+ BER_BVC( "modrdn" ),
+ BER_BVC( "unknown" ),
+ BER_BVNULL
+};
+
+static struct m_s {
+ char *name;
+ char *schema;
+ slap_mask_t flags;
+ int offset;
+} moc[] = {
+ { "lastmod", "( 1.3.6.1.4.1.4203.666.3.13"
+ "NAME 'lastmod' "
+ "DESC 'OpenLDAP per-database last modification monitoring' "
+ "STRUCTURAL "
+ "SUP top "
+ "MUST cn "
+ "MAY ( "
+ "lastmodDN "
+ "$ lastmodType "
+ "$ description "
+ "$ seeAlso "
+ ") )", SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
+ offsetof( struct lastmod_schema_t, lms_oc_lastmod ) },
+ { NULL }
+}, mat[] = {
+ { "lastmodDN", "( 1.3.6.1.4.1.4203.666.1.28"
+ "NAME 'lastmodDN' "
+ "DESC 'DN of last modification' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_HIDE,
+ offsetof( struct lastmod_schema_t, lms_ad_lastmodDN ) },
+ { "lastmodType", "( 1.3.6.1.4.1.4203.666.1.29"
+ "NAME 'lastmodType' "
+ "DESC 'Type of last modification' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
+ "EQUALITY caseIgnoreMatch "
+ "SINGLE-VALUE "
+ "NO-USER-MODIFICATION "
+ "USAGE directoryOperation )", SLAP_AT_HIDE,
+ offsetof( struct lastmod_schema_t, lms_ad_lastmodType ) },
+ { "lastmodEnabled", "( 1.3.6.1.4.1.4203.666.1.30"
+ "NAME 'lastmodEnabled' "
+ "DESC 'Lastmod overlay state' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
+ "EQUALITY booleanMatch "
+ "SINGLE-VALUE )", 0,
+ offsetof( struct lastmod_schema_t, lms_ad_lastmodEnabled ) },
+ { NULL }
+
+ /* FIXME: what about UUID of last modified entry? */
+};
+
+static int
+lastmod_search( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
+ int rc;
+
+ /* if we get here, it must be a success */
+ rs->sr_err = LDAP_SUCCESS;
+
+ ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
+
+ rc = test_filter( op, lmi->lmi_e, op->oq_search.rs_filter );
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ rs->sr_attrs = op->ors_attrs;
+ rs->sr_flags = 0;
+ rs->sr_entry = lmi->lmi_e;
+ rs->sr_err = send_search_entry( op, rs );
+ rs->sr_entry = NULL;
+ rs->sr_flags = 0;
+ rs->sr_attrs = NULL;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
+
+ send_ldap_result( op, rs );
+
+ return 0;
+}
+
+static int
+lastmod_compare( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
+ Attribute *a;
+
+ ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, lmi->lmi_e, get_assertion( op ) ) != LDAP_COMPARE_TRUE ) )
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ goto return_results;
+ }
+
+ rs->sr_err = access_allowed( op, lmi->lmi_e, op->oq_compare.rs_ava->aa_desc,
+ &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
+ if ( ! rs->sr_err ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+
+ rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
+
+ for ( a = attr_find( lmi->lmi_e->e_attrs, op->oq_compare.rs_ava->aa_desc );
+ a != NULL;
+ a = attr_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
+ {
+ rs->sr_err = LDAP_COMPARE_FALSE;
+
+ if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ a->a_nvals, &op->oq_compare.rs_ava->aa_value, op->o_tmpmemctx ) == 0 )
+ {
+ rs->sr_err = LDAP_COMPARE_TRUE;
+ break;
+ }
+ }
+
+return_results:;
+
+ ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
+
+ send_ldap_result( op, rs );
+
+ if( rs->sr_err == LDAP_COMPARE_FALSE || rs->sr_err == LDAP_COMPARE_TRUE ) {
+ rs->sr_err = LDAP_SUCCESS;
+ }
+
+ return rs->sr_err;
+}
+
+static int
+lastmod_exop( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+
+ /* Temporary */
+
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "not allowed within namingContext";
+ send_ldap_result( op, rs );
+ rs->sr_text = NULL;
+
+ return -1;
+}
+
+static int
+lastmod_modify( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
+ Modifications *ml;
+
+ ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
+
+ if ( !acl_check_modlist( op, lmi->lmi_e, op->orm_modlist ) ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto cleanup;
+ }
+
+ for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
+ Attribute *a;
+
+ if ( ml->sml_desc != lastmod_schema.lms_ad_lastmodEnabled ) {
+ continue;
+ }
+
+ if ( ml->sml_op != LDAP_MOD_REPLACE ) {
+ rs->sr_text = "unsupported mod type";
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ goto cleanup;
+ }
+
+ a = attr_find( lmi->lmi_e->e_attrs, ml->sml_desc );
+
+ if ( a == NULL ) {
+ rs->sr_text = "lastmod overlay internal error";
+ rs->sr_err = LDAP_OTHER;
+ goto cleanup;
+ }
+
+ ch_free( a->a_vals[ 0 ].bv_val );
+ ber_dupbv( &a->a_vals[ 0 ], &ml->sml_values[ 0 ] );
+ if ( a->a_nvals ) {
+ ch_free( a->a_nvals[ 0 ].bv_val );
+ if ( ml->sml_nvalues && !BER_BVISNULL( &ml->sml_nvalues[ 0 ] ) ) {
+ ber_dupbv( &a->a_nvals[ 0 ], &ml->sml_nvalues[ 0 ] );
+ } else {
+ ber_dupbv( &a->a_nvals[ 0 ], &ml->sml_values[ 0 ] );
+ }
+ }
+
+ if ( strcmp( ml->sml_values[ 0 ].bv_val, "TRUE" ) == 0 ) {
+ lmi->lmi_enabled = 1;
+ } else if ( strcmp( ml->sml_values[ 0 ].bv_val, "FALSE" ) == 0 ) {
+ lmi->lmi_enabled = 0;
+ } else {
+ assert( 0 );
+ }
+ }
+
+ rs->sr_err = LDAP_SUCCESS;
+
+cleanup:;
+ ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
+
+ send_ldap_result( op, rs );
+ rs->sr_text = NULL;
+
+ return rs->sr_err;
+}
+
+static int
+lastmod_op_func( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
+ Modifications *ml;
+
+ if ( dn_match( &op->o_req_ndn, &lmi->lmi_e->e_nname ) ) {
+ switch ( op->o_tag ) {
+ case LDAP_REQ_SEARCH:
+ if ( op->ors_scope != LDAP_SCOPE_BASE ) {
+ goto return_referral;
+ }
+ /* process */
+ return lastmod_search( op, rs );
+
+ case LDAP_REQ_COMPARE:
+ return lastmod_compare( op, rs );
+
+ case LDAP_REQ_EXTENDED:
+ /* if write, reject; otherwise process */
+ if ( exop_is_write( op )) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "not allowed within namingContext";
+ goto return_error;
+ }
+ return lastmod_exop( op, rs );
+
+ case LDAP_REQ_MODIFY:
+ /* allow only changes to overlay status */
+ for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
+ if ( ad_cmp( ml->sml_desc, slap_schema.si_ad_modifiersName ) != 0
+ && ad_cmp( ml->sml_desc, slap_schema.si_ad_modifyTimestamp ) != 0
+ && ad_cmp( ml->sml_desc, slap_schema.si_ad_entryCSN ) != 0
+ && ad_cmp( ml->sml_desc, lastmod_schema.lms_ad_lastmodEnabled ) != 0 )
+ {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "not allowed within namingContext";
+ goto return_error;
+ }
+ }
+ return lastmod_modify( op, rs );
+
+ default:
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "not allowed within namingContext";
+ goto return_error;
+ }
+ }
+
+ if ( dnIsSuffix( &op->o_req_ndn, &lmi->lmi_e->e_nname ) ) {
+ goto return_referral;
+ }
+
+ return SLAP_CB_CONTINUE;
+
+return_referral:;
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, op->ors_scope );
+
+ if ( !rs->sr_ref ) {
+ rs->sr_ref = default_referral;
+ }
+ rs->sr_err = LDAP_REFERRAL;
+ send_ldap_result( op, rs );
+
+ if ( rs->sr_ref != default_referral ) {
+ ber_bvarray_free( rs->sr_ref );
+ }
+ rs->sr_ref = NULL;
+
+ return -1;
+
+return_error:;
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_result( op, rs );
+ rs->sr_text = NULL;
+
+ return -1;
+}
+
+static int
+best_guess( Operation *op,
+ struct berval *bv_entryCSN, struct berval *bv_nentryCSN,
+ struct berval *bv_modifyTimestamp, struct berval *bv_nmodifyTimestamp,
+ struct berval *bv_modifiersName, struct berval *bv_nmodifiersName )
+{
+ if ( bv_entryCSN ) {
+ char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
+ struct berval entryCSN;
+
+ entryCSN.bv_val = csnbuf;
+ entryCSN.bv_len = sizeof( csnbuf );
+ slap_get_csn( NULL, &entryCSN, 0 );
+
+ ber_dupbv( bv_entryCSN, &entryCSN );
+ ber_dupbv( bv_nentryCSN, &entryCSN );
+ }
+
+ if ( bv_modifyTimestamp ) {
+ char tmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+ struct berval timestamp;
+ time_t currtime;
+
+ /* best guess */
+#if 0
+ currtime = slap_get_time();
+#endif
+ /* maybe we better use the time the operation was initiated */
+ currtime = op->o_time;
+
+ timestamp.bv_val = tmbuf;
+ timestamp.bv_len = sizeof(tmbuf);
+ slap_timestamp( &currtime, ×tamp );
+
+ ber_dupbv( bv_modifyTimestamp, ×tamp );
+ ber_dupbv( bv_nmodifyTimestamp, bv_modifyTimestamp );
+ }
+
+ if ( bv_modifiersName ) {
+ /* best guess */
+ ber_dupbv( bv_modifiersName, &op->o_dn );
+ ber_dupbv( bv_nmodifiersName, &op->o_ndn );
+ }
+
+ return 0;
+}
+
+static int
+lastmod_update( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
+ Attribute *a;
+ Modifications *ml = NULL;
+ struct berval bv_entryCSN = BER_BVNULL,
+ bv_nentryCSN = BER_BVNULL,
+ bv_modifyTimestamp = BER_BVNULL,
+ bv_nmodifyTimestamp = BER_BVNULL,
+ bv_modifiersName = BER_BVNULL,
+ bv_nmodifiersName = BER_BVNULL,
+ bv_name = BER_BVNULL,
+ bv_nname = BER_BVNULL;
+ enum lastmodType_e lmt = LASTMOD_UNKNOWN;
+ Entry *e = NULL;
+ int rc = -1;
+
+ /* FIXME: timestamp? modifier? */
+ switch ( op->o_tag ) {
+ case LDAP_REQ_ADD:
+ lmt = LASTMOD_ADD;
+ e = op->ora_e;
+ a = attr_find( e->e_attrs, slap_schema.si_ad_entryCSN );
+ if ( a != NULL ) {
+ ber_dupbv( &bv_entryCSN, &a->a_vals[0] );
+ if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
+ ber_dupbv( &bv_nentryCSN, &a->a_nvals[0] );
+ } else {
+ ber_dupbv( &bv_nentryCSN, &a->a_vals[0] );
+ }
+ }
+ a = attr_find( e->e_attrs, slap_schema.si_ad_modifyTimestamp );
+ if ( a != NULL ) {
+ ber_dupbv( &bv_modifyTimestamp, &a->a_vals[0] );
+ if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
+ ber_dupbv( &bv_nmodifyTimestamp, &a->a_nvals[0] );
+ } else {
+ ber_dupbv( &bv_nmodifyTimestamp, &a->a_vals[0] );
+ }
+ }
+ a = attr_find( e->e_attrs, slap_schema.si_ad_modifiersName );
+ if ( a != NULL ) {
+ ber_dupbv( &bv_modifiersName, &a->a_vals[0] );
+ ber_dupbv( &bv_nmodifiersName, &a->a_nvals[0] );
+ }
+ ber_dupbv( &bv_name, &e->e_name );
+ ber_dupbv( &bv_nname, &e->e_nname );
+ break;
+
+ case LDAP_REQ_DELETE:
+ lmt = LASTMOD_DELETE;
+
+ best_guess( op, &bv_entryCSN, &bv_nentryCSN,
+ &bv_modifyTimestamp, &bv_nmodifyTimestamp,
+ &bv_modifiersName, &bv_nmodifiersName );
+
+ ber_dupbv( &bv_name, &op->o_req_dn );
+ ber_dupbv( &bv_nname, &op->o_req_ndn );
+ break;
+
+ case LDAP_REQ_EXTENDED:
+ lmt = LASTMOD_EXOP;
+
+ /* actually, password change is wrapped around a backend
+ * call to modify, so it never shows up as an exop... */
+ best_guess( op, &bv_entryCSN, &bv_nentryCSN,
+ &bv_modifyTimestamp, &bv_nmodifyTimestamp,
+ &bv_modifiersName, &bv_nmodifiersName );
+
+ ber_dupbv( &bv_name, &op->o_req_dn );
+ ber_dupbv( &bv_nname, &op->o_req_ndn );
+ break;
+
+ case LDAP_REQ_MODIFY:
+ lmt = LASTMOD_MODIFY;
+ rc = 3;
+
+ for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
+ if ( ad_cmp( ml->sml_desc , slap_schema.si_ad_modifiersName ) == 0 ) {
+ ber_dupbv( &bv_modifiersName, &ml->sml_values[0] );
+ ber_dupbv( &bv_nmodifiersName, &ml->sml_nvalues[0] );
+
+ rc--;
+ if ( !rc ) {
+ break;
+ }
+
+ } else if ( ad_cmp( ml->sml_desc, slap_schema.si_ad_entryCSN ) == 0 ) {
+ ber_dupbv( &bv_entryCSN, &ml->sml_values[0] );
+ if ( ml->sml_nvalues && !BER_BVISNULL( &ml->sml_nvalues[0] ) ) {
+ ber_dupbv( &bv_nentryCSN, &ml->sml_nvalues[0] );
+ } else {
+ ber_dupbv( &bv_nentryCSN, &ml->sml_values[0] );
+ }
+
+ rc --;
+ if ( !rc ) {
+ break;
+ }
+
+ } else if ( ad_cmp( ml->sml_desc, slap_schema.si_ad_modifyTimestamp ) == 0 ) {
+ ber_dupbv( &bv_modifyTimestamp, &ml->sml_values[0] );
+ if ( ml->sml_nvalues && !BER_BVISNULL( &ml->sml_nvalues[0] ) ) {
+ ber_dupbv( &bv_nmodifyTimestamp, &ml->sml_nvalues[0] );
+ } else {
+ ber_dupbv( &bv_nmodifyTimestamp, &ml->sml_values[0] );
+ }
+
+ rc --;
+ if ( !rc ) {
+ break;
+ }
+ }
+ }
+
+ /* if rooted at global overlay, opattrs are not yet in place */
+ if ( BER_BVISNULL( &bv_modifiersName ) ) {
+ best_guess( op, NULL, NULL, NULL, NULL, &bv_modifiersName, &bv_nmodifiersName );
+ }
+
+ if ( BER_BVISNULL( &bv_entryCSN ) ) {
+ best_guess( op, &bv_entryCSN, &bv_nentryCSN, NULL, NULL, NULL, NULL );
+ }
+
+ if ( BER_BVISNULL( &bv_modifyTimestamp ) ) {
+ best_guess( op, NULL, NULL, &bv_modifyTimestamp, &bv_nmodifyTimestamp, NULL, NULL );
+ }
+
+ ber_dupbv( &bv_name, &op->o_req_dn );
+ ber_dupbv( &bv_nname, &op->o_req_ndn );
+ break;
+
+ case LDAP_REQ_MODRDN:
+ lmt = LASTMOD_MODRDN;
+ e = NULL;
+
+ if ( op->orr_newSup && !BER_BVISNULL( op->orr_newSup ) ) {
+ build_new_dn( &bv_name, op->orr_newSup, &op->orr_newrdn, NULL );
+ build_new_dn( &bv_nname, op->orr_nnewSup, &op->orr_nnewrdn, NULL );
+
+ } else {
+ struct berval pdn;
+
+ dnParent( &op->o_req_dn, &pdn );
+ build_new_dn( &bv_name, &pdn, &op->orr_newrdn, NULL );
+
+ dnParent( &op->o_req_ndn, &pdn );
+ build_new_dn( &bv_nname, &pdn, &op->orr_nnewrdn, NULL );
+ }
+
+ if ( on->on_info->oi_orig->bi_entry_get_rw ) {
+ BackendInfo *bi = op->o_bd->bd_info;
+ int rc;
+
+ op->o_bd->bd_info = (BackendInfo *)on->on_info->oi_orig;
+ rc = (*op->o_bd->bd_info->bi_entry_get_rw)( op, &bv_name, NULL, NULL, 0, &e );
+ if ( rc == LDAP_SUCCESS ) {
+ a = attr_find( e->e_attrs, slap_schema.si_ad_modifiersName );
+ if ( a != NULL ) {
+ ber_dupbv( &bv_modifiersName, &a->a_vals[0] );
+ ber_dupbv( &bv_nmodifiersName, &a->a_nvals[0] );
+ }
+ a = attr_find( e->e_attrs, slap_schema.si_ad_entryCSN );
+ if ( a != NULL ) {
+ ber_dupbv( &bv_entryCSN, &a->a_vals[0] );
+ if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
+ ber_dupbv( &bv_nentryCSN, &a->a_nvals[0] );
+ } else {
+ ber_dupbv( &bv_nentryCSN, &a->a_vals[0] );
+ }
+ }
+ a = attr_find( e->e_attrs, slap_schema.si_ad_modifyTimestamp );
+ if ( a != NULL ) {
+ ber_dupbv( &bv_modifyTimestamp, &a->a_vals[0] );
+ if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
+ ber_dupbv( &bv_nmodifyTimestamp, &a->a_nvals[0] );
+ } else {
+ ber_dupbv( &bv_nmodifyTimestamp, &a->a_vals[0] );
+ }
+ }
+
+ assert( dn_match( &bv_name, &e->e_name ) );
+ assert( dn_match( &bv_nname, &e->e_nname ) );
+
+ (*op->o_bd->bd_info->bi_entry_release_rw)( op, e, 0 );
+ }
+
+ op->o_bd->bd_info = bi;
+
+ }
+
+ /* if !bi_entry_get_rw || bi_entry_get_rw failed for any reason... */
+ if ( e == NULL ) {
+ best_guess( op, &bv_entryCSN, &bv_nentryCSN,
+ &bv_modifyTimestamp, &bv_nmodifyTimestamp,
+ &bv_modifiersName, &bv_nmodifiersName );
+ }
+
+ break;
+
+ default:
+ return -1;
+ }
+
+ ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
+
+#if 0
+ fprintf( stderr, "### lastmodDN: %s %s\n", bv_name.bv_val, bv_nname.bv_val );
+#endif
+
+ a = attr_find( lmi->lmi_e->e_attrs, lastmod_schema.lms_ad_lastmodDN );
+ if ( a == NULL ) {
+ goto error_return;
+ }
+ ch_free( a->a_vals[0].bv_val );
+ a->a_vals[0] = bv_name;
+ ch_free( a->a_nvals[0].bv_val );
+ a->a_nvals[0] = bv_nname;
+
+#if 0
+ fprintf( stderr, "### lastmodType: %s %s\n", lastmodType[ lmt ].bv_val, lastmodType[ lmt ].bv_val );
+#endif
+
+ a = attr_find( lmi->lmi_e->e_attrs, lastmod_schema.lms_ad_lastmodType );
+ if ( a == NULL ) {
+ goto error_return;
+ }
+ ch_free( a->a_vals[0].bv_val );
+ ber_dupbv( &a->a_vals[0], &lastmodType[ lmt ] );
+ ch_free( a->a_nvals[0].bv_val );
+ ber_dupbv( &a->a_nvals[0], &lastmodType[ lmt ] );
+
+#if 0
+ fprintf( stderr, "### modifiersName: %s %s\n", bv_modifiersName.bv_val, bv_nmodifiersName.bv_val );
+#endif
+
+ a = attr_find( lmi->lmi_e->e_attrs, slap_schema.si_ad_modifiersName );
+ if ( a == NULL ) {
+ goto error_return;
+ }
+ ch_free( a->a_vals[0].bv_val );
+ a->a_vals[0] = bv_modifiersName;
+ ch_free( a->a_nvals[0].bv_val );
+ a->a_nvals[0] = bv_nmodifiersName;
+
+#if 0
+ fprintf( stderr, "### modifyTimestamp: %s %s\n", bv_nmodifyTimestamp.bv_val, bv_modifyTimestamp.bv_val );
+#endif
+
+ a = attr_find( lmi->lmi_e->e_attrs, slap_schema.si_ad_modifyTimestamp );
+ if ( a == NULL ) {
+ goto error_return;
+ }
+ ch_free( a->a_vals[0].bv_val );
+ a->a_vals[0] = bv_modifyTimestamp;
+ ch_free( a->a_nvals[0].bv_val );
+ a->a_nvals[0] = bv_nmodifyTimestamp;
+
+#if 0
+ fprintf( stderr, "### entryCSN: %s %s\n", bv_nentryCSN.bv_val, bv_entryCSN.bv_val );
+#endif
+
+ a = attr_find( lmi->lmi_e->e_attrs, slap_schema.si_ad_entryCSN );
+ if ( a == NULL ) {
+ goto error_return;
+ }
+ ch_free( a->a_vals[0].bv_val );
+ a->a_vals[0] = bv_entryCSN;
+ ch_free( a->a_nvals[0].bv_val );
+ a->a_nvals[0] = bv_nentryCSN;
+
+ rc = 0;
+
+error_return:;
+ ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
+
+ return rc;
+}
+
+static int
+lastmod_response( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
+
+ /* don't record failed operations */
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS:
+ /* FIXME: other cases? */
+ break;
+
+ default:
+ return SLAP_CB_CONTINUE;
+ }
+
+ /* record only write operations */
+ switch ( op->o_tag ) {
+ case LDAP_REQ_ADD:
+ case LDAP_REQ_MODIFY:
+ case LDAP_REQ_MODRDN:
+ case LDAP_REQ_DELETE:
+ break;
+
+ case LDAP_REQ_EXTENDED:
+ /* if write, process */
+ if ( exop_is_write( op ))
+ break;
+
+ /* fall thru */
+ default:
+ return SLAP_CB_CONTINUE;
+ }
+
+ /* skip if disabled */
+ ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
+ if ( !lmi->lmi_enabled ) {
+ ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
+ return SLAP_CB_CONTINUE;
+ }
+ ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
+
+ (void)lastmod_update( op, rs );
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+lastmod_db_init(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ lastmod_info_t *lmi;
+
+ if ( lastmod_schema.lms_oc_lastmod == NULL ) {
+ int i;
+ const char *text;
+
+ /* schema integration */
+ for ( i = 0; mat[i].name; i++ ) {
+ LDAPAttributeType *at;
+ int code;
+ const char *err;
+ AttributeDescription **ad;
+
+ at = ldap_str2attributetype( mat[i].schema, &code,
+ &err, LDAP_SCHEMA_ALLOW_ALL );
+ if ( !at ) {
+ Debug( LDAP_DEBUG_ANY, "lastmod_init: "
+ "in AttributeType '%s' %s before %s\n",
+ mat[i].name, ldap_scherr2str(code), err );
+ return -1;
+ }
+
+ if ( at->at_oid == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "lastmod_init: "
+ "null OID for attributeType '%s'\n",
+ mat[i].name, 0, 0 );
+ return -1;
+ }
+
+ code = at_add(at, 0, NULL, &err);
+ if ( code ) {
+ Debug( LDAP_DEBUG_ANY, "lastmod_init: "
+ "%s in attributeType '%s'\n",
+ scherr2str(code), mat[i].name, 0 );
+ return -1;
+ }
+ ldap_memfree(at);
+
+ ad = ((AttributeDescription **)&(((char *)&lastmod_schema)[mat[i].offset]));
+ ad[0] = NULL;
+ if ( slap_str2ad( mat[i].name, ad, &text ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "lastmod_init: %s\n", text, 0, 0 );
+ return -1;
+ }
+
+ (*ad)->ad_type->sat_flags |= mat[i].flags;
+ }
+
+ for ( i = 0; moc[i].name; i++ ) {
+ LDAPObjectClass *oc;
+ int code;
+ const char *err;
+ ObjectClass *Oc;
+
+ oc = ldap_str2objectclass(moc[i].schema, &code, &err,
+ LDAP_SCHEMA_ALLOW_ALL );
+ if ( !oc ) {
+ Debug( LDAP_DEBUG_ANY,
+ "unable to parse lastmod objectClass '%s': "
+ "%s before %s\n" , moc[i].name,
+ ldap_scherr2str(code), err );
+ return -1;
+ }
+
+ if ( oc->oc_oid == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "objectClass '%s' has no OID\n" ,
+ moc[i].name, 0, 0 );
+ return -1;
+ }
+
+ code = oc_add(oc, 0, NULL, &err);
+ if ( code ) {
+ Debug( LDAP_DEBUG_ANY,
+ "objectClass '%s': %s \"%s\"\n" ,
+ moc[i].name, scherr2str(code), err );
+ return -1;
+ }
+
+ ldap_memfree(oc);
+
+ Oc = oc_find( moc[i].name );
+ if ( Oc == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "lastmod_init: "
+ "unable to find objectClass %s "
+ "(just added)\n", moc[i].name, 0, 0 );
+ return -1;
+ }
+
+ Oc->soc_flags |= moc[i].flags;
+
+ ((ObjectClass **)&(((char *)&lastmod_schema)[moc[i].offset]))[0] = Oc;
+ }
+ }
+
+ lmi = (lastmod_info_t *)ch_malloc( sizeof( lastmod_info_t ) );
+
+ memset( lmi, 0, sizeof( lastmod_info_t ) );
+ lmi->lmi_enabled = 1;
+
+ on->on_bi.bi_private = lmi;
+
+ return 0;
+}
+
+static int
+lastmod_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
+
+ if ( strcasecmp( argv[ 0 ], "lastmod-rdnvalue" ) == 0 ) {
+ if ( lmi->lmi_rdnvalue.bv_val ) {
+ /* already defined! */
+ ch_free( lmi->lmi_rdnvalue.bv_val );
+ }
+
+ ber_str2bv( argv[ 1 ], 0, 1, &lmi->lmi_rdnvalue );
+
+ } else if ( strcasecmp( argv[ 0 ], "lastmod-enabled" ) == 0 ) {
+ if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+ lmi->lmi_enabled = 1;
+
+ } else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+ lmi->lmi_enabled = 0;
+
+ } else {
+ return -1;
+ }
+
+ } else {
+ return SLAP_CONF_UNKNOWN;
+ }
+
+ return 0;
+}
+
+static int
+lastmod_db_open(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
+ char buf[ 8192 ];
+ static char tmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+
+ char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
+ struct berval entryCSN;
+ struct berval timestamp;
+
+ if ( !SLAP_LASTMOD( be ) ) {
+ fprintf( stderr, "set \"lastmod on\" to make this overlay effective\n" );
+ return -1;
+ }
+
+ /*
+ * Start
+ */
+ timestamp.bv_val = tmbuf;
+ timestamp.bv_len = sizeof(tmbuf);
+ slap_timestamp( &starttime, ×tamp );
+
+ entryCSN.bv_val = csnbuf;
+ entryCSN.bv_len = sizeof( csnbuf );
+ slap_get_csn( NULL, &entryCSN, 0 );
+
+ if ( BER_BVISNULL( &lmi->lmi_rdnvalue ) ) {
+ ber_str2bv( "Lastmod", 0, 1, &lmi->lmi_rdnvalue );
+ }
+
+ snprintf( buf, sizeof( buf ),
+ "dn: cn=%s%s%s\n"
+ "objectClass: %s\n"
+ "structuralObjectClass: %s\n"
+ "cn: %s\n"
+ "description: This object contains the last modification to this database\n"
+ "%s: cn=%s%s%s\n"
+ "%s: %s\n"
+ "%s: %s\n"
+ "createTimestamp: %s\n"
+ "creatorsName: %s\n"
+ "entryCSN: %s\n"
+ "modifyTimestamp: %s\n"
+ "modifiersName: %s\n"
+ "hasSubordinates: FALSE\n",
+ lmi->lmi_rdnvalue.bv_val, BER_BVISEMPTY( &be->be_suffix[ 0 ] ) ? "" : ",", be->be_suffix[ 0 ].bv_val,
+ lastmod_schema.lms_oc_lastmod->soc_cname.bv_val,
+ lastmod_schema.lms_oc_lastmod->soc_cname.bv_val,
+ lmi->lmi_rdnvalue.bv_val,
+ lastmod_schema.lms_ad_lastmodDN->ad_cname.bv_val,
+ lmi->lmi_rdnvalue.bv_val, BER_BVISEMPTY( &be->be_suffix[ 0 ] ) ? "" : ",", be->be_suffix[ 0 ].bv_val,
+ lastmod_schema.lms_ad_lastmodType->ad_cname.bv_val, lastmodType[ LASTMOD_ADD ].bv_val,
+ lastmod_schema.lms_ad_lastmodEnabled->ad_cname.bv_val, lmi->lmi_enabled ? "TRUE" : "FALSE",
+ tmbuf,
+ BER_BVISNULL( &be->be_rootdn ) ? SLAPD_ANONYMOUS : be->be_rootdn.bv_val,
+ entryCSN.bv_val,
+ tmbuf,
+ BER_BVISNULL( &be->be_rootdn ) ? SLAPD_ANONYMOUS : be->be_rootdn.bv_val );
+
+#if 0
+ fprintf( stderr, "# entry:\n%s\n", buf );
+#endif
+
+ lmi->lmi_e = str2entry( buf );
+ if ( lmi->lmi_e == NULL ) {
+ return -1;
+ }
+
+ ldap_pvt_thread_mutex_init( &lmi->lmi_entry_mutex );
+
+ return 0;
+}
+
+static int
+lastmod_db_destroy(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
+
+ if ( lmi ) {
+ if ( !BER_BVISNULL( &lmi->lmi_rdnvalue ) ) {
+ ch_free( lmi->lmi_rdnvalue.bv_val );
+ }
+
+ if ( lmi->lmi_e ) {
+ entry_free( lmi->lmi_e );
+
+ ldap_pvt_thread_mutex_destroy( &lmi->lmi_entry_mutex );
+ }
+
+ ch_free( lmi );
+ }
+
+ return 0;
+}
+
+/* This overlay is set up for dynamic loading via moduleload. For static
+ * configuration, you'll need to arrange for the slap_overinst to be
+ * initialized and registered by some other function inside slapd.
+ */
+
+static slap_overinst lastmod;
+
+int
+lastmod_initialize()
+{
+ lastmod.on_bi.bi_type = "lastmod";
+ lastmod.on_bi.bi_db_init = lastmod_db_init;
+ lastmod.on_bi.bi_db_config = lastmod_db_config;
+ lastmod.on_bi.bi_db_destroy = lastmod_db_destroy;
+ lastmod.on_bi.bi_db_open = lastmod_db_open;
+
+ lastmod.on_bi.bi_op_add = lastmod_op_func;
+ lastmod.on_bi.bi_op_compare = lastmod_op_func;
+ lastmod.on_bi.bi_op_delete = lastmod_op_func;
+ lastmod.on_bi.bi_op_modify = lastmod_op_func;
+ lastmod.on_bi.bi_op_modrdn = lastmod_op_func;
+ lastmod.on_bi.bi_op_search = lastmod_op_func;
+ lastmod.on_bi.bi_extended = lastmod_op_func;
+
+ lastmod.on_response = lastmod_response;
+
+ return overlay_register( &lastmod );
+}
+
+#if SLAPD_OVER_LASTMOD == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+ return lastmod_initialize();
+}
+#endif /* SLAPD_OVER_LASTMOD == SLAPD_MOD_DYNAMIC */
+
+#endif /* defined(SLAPD_OVER_LASTMOD) */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/overlays.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/overlays.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/overlays.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,44 @@
+/* overlays.c - Static overlay framework */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/overlays.c,v 1.12.2.9 2007/01/02 21:44:08 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Copyright 2003 by Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include "slap.h"
+
+extern OverlayInit slap_oinfo[];
+
+int
+overlay_init(void)
+{
+ int i, rc = 0;
+
+ for ( i= 0 ; slap_oinfo[i].ov_type; i++ ) {
+ rc = slap_oinfo[i].ov_init();
+ if ( rc ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s overlay setup failed, err %d\n",
+ slap_oinfo[i].ov_type, rc, 0 );
+ break;
+ }
+ }
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/pcache.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/pcache.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/pcache.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2133 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/pcache.c,v 1.41.2.17 2007/01/02 21:44:08 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2003 IBM Corporation.
+ * Portions Copyright 2003 Symas Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Apurva Kumar for inclusion
+ * in OpenLDAP Software and subsequently rewritten by Howard Chu.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_PROXYCACHE
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "slap.h"
+#include "lutil.h"
+#include "ldap_rq.h"
+
+#include "config.h"
+
+/* query cache structs */
+/* query */
+
+typedef struct Query_s {
+ Filter* filter; /* Search Filter */
+ AttributeName* attrs; /* Projected attributes */
+ AttributeName* save_attrs; /* original attributes, saved for response */
+ struct berval base; /* Search Base */
+ int scope; /* Search scope */
+} Query;
+
+/* struct representing a cached query */
+typedef struct cached_query_s {
+ Query query; /* LDAP query */
+ struct berval q_uuid; /* query identifier */
+ int template_id; /* template of the query */
+ time_t expiry_time; /* time till the query is considered valid */
+ struct cached_query_s *next; /* next query in the template */
+ struct cached_query_s *prev; /* previous query in the template */
+ struct cached_query_s *lru_up; /* previous query in the LRU list */
+ struct cached_query_s *lru_down; /* next query in the LRU list */
+} CachedQuery;
+
+/* struct representing a query template
+ * e.g. template string = &(cn=)(mail=)
+ */
+typedef struct query_template_s {
+ struct berval querystr; /* Filter string corresponding to the QT */
+ int attr_set_index; /* determines the projected attributes */
+
+ CachedQuery* query; /* most recent query cached for the template */
+ CachedQuery* query_last; /* oldest query cached for the template */
+
+ int no_of_queries; /* Total number of queries in the template */
+ time_t ttl; /* TTL for the queries of this template */
+ time_t negttl; /* TTL for negative results */
+ ldap_pvt_thread_rdwr_t t_rwlock; /* Rd/wr lock for accessing queries in the template */
+} QueryTemplate;
+
+/*
+ * Represents a set of projected attributes.
+ */
+
+struct attr_set {
+ unsigned flags;
+#define PC_CONFIGURED (0x1)
+#define PC_REFERENCED (0x2)
+#define PC_GOT_OC (0x4)
+ AttributeName* attrs; /* specifies the set */
+ int count; /* number of attributes */
+};
+
+struct query_manager_s;
+
+/* prototypes for functions for 1) query containment
+ * 2) query addition, 3) cache replacement
+ */
+typedef CachedQuery * (QCfunc)(Operation *op, struct query_manager_s*, Query*, int );
+typedef void (AddQueryfunc)(struct query_manager_s*, Query*, int, struct berval*);
+typedef void (CRfunc)(struct query_manager_s*, struct berval * );
+
+/* LDAP query cache */
+typedef struct query_manager_s {
+ struct attr_set* attr_sets; /* possible sets of projected attributes */
+ QueryTemplate* templates; /* cacheable templates */
+
+ CachedQuery* lru_top; /* top and bottom of LRU list */
+ CachedQuery* lru_bottom;
+
+ ldap_pvt_thread_mutex_t lru_mutex; /* mutex for accessing LRU list */
+
+ /* Query cache methods */
+ QCfunc *qcfunc; /* Query containment*/
+ CRfunc *crfunc; /* cache replacement */
+ AddQueryfunc *addfunc; /* add query */
+} query_manager;
+
+/* LDAP query cache manager */
+typedef struct cache_manager_s {
+ BackendDB db; /* underlying database */
+ unsigned long num_cached_queries; /* total number of cached queries */
+ unsigned long max_queries; /* upper bound on # of cached queries */
+ int numattrsets; /* number of attribute sets */
+ int numtemplates; /* number of cacheable templates */
+ int cur_entries; /* current number of entries cached */
+ int max_entries; /* max number of entries cached */
+ int num_entries_limit; /* max # of entries in a cacheable query */
+
+ char response_cb; /* install the response callback
+ * at the tail of the callback list */
+#define PCACHE_RESPONSE_CB_HEAD 0
+#define PCACHE_RESPONSE_CB_TAIL 1
+
+ time_t cc_period; /* interval between successive consistency checks (sec) */
+ int cc_paused;
+ void *cc_arg;
+
+ ldap_pvt_thread_mutex_t cache_mutex;
+
+ query_manager* qm; /* query cache managed by the cache manager */
+} cache_manager;
+
+static int pcache_debug;
+
+static AttributeDescription *ad_queryid;
+static char *queryid_schema = "( 1.3.6.1.4.1.4203.666.1.12 NAME 'queryid' "
+ "DESC 'list of queries the entry belongs to' "
+ "EQUALITY octetStringMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64} "
+ "NO-USER-MODIFICATION USAGE directoryOperation )";
+
+/* Return 1 for an added entry, else 0 */
+static int
+merge_entry(
+ Operation *op,
+ Entry *e,
+ struct berval* query_uuid )
+{
+ int rc;
+ Modifications* modlist = NULL;
+ const char* text = NULL;
+ Attribute *attr;
+ char textbuf[SLAP_TEXT_BUFLEN];
+ size_t textlen = sizeof(textbuf);
+
+ SlapReply sreply = {REP_RESULT};
+
+ slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
+
+ attr = e->e_attrs;
+ e->e_attrs = NULL;
+
+ /* add queryid attribute */
+ attr_merge_one( e, ad_queryid, query_uuid, NULL );
+
+ /* append the attribute list from the fetched entry */
+ e->e_attrs->a_next = attr;
+
+ op->o_tag = LDAP_REQ_ADD;
+ op->o_protocol = LDAP_VERSION3;
+ op->o_callback = &cb;
+ op->o_time = slap_get_time();
+ op->o_do_not_cache = 1;
+
+ op->ora_e = e;
+ op->o_req_dn = e->e_name;
+ op->o_req_ndn = e->e_nname;
+ rc = op->o_bd->be_add( op, &sreply );
+
+ if ( rc != LDAP_SUCCESS ) {
+ if ( rc == LDAP_ALREADY_EXISTS ) {
+ slap_entry2mods( e, &modlist, &text, textbuf, textlen );
+ modlist->sml_op = LDAP_MOD_ADD;
+ op->o_tag = LDAP_REQ_MODIFY;
+ op->orm_modlist = modlist;
+ op->o_bd->be_modify( op, &sreply );
+ slap_mods_free( modlist, 1 );
+ } else if ( rc == LDAP_REFERRAL ||
+ rc == LDAP_NO_SUCH_OBJECT ) {
+ syncrepl_add_glue( op, e );
+ e = NULL;
+ rc = 1;
+ }
+ if ( e ) {
+ entry_free( e );
+ rc = 0;
+ }
+ } else {
+ be_entry_release_w( op, e );
+ rc = 1;
+ }
+
+ return rc;
+}
+
+/* compare base and scope of incoming and cached queries */
+static int base_scope_compare(
+ struct berval* ndn_stored,
+ struct berval* ndn_incoming,
+ int scope_stored,
+ int scope_incoming )
+{
+ struct berval pdn_incoming = BER_BVNULL;
+
+ if (scope_stored < scope_incoming)
+ return 0;
+
+ if ( !dnIsSuffix(ndn_incoming, ndn_stored))
+ return 0;
+
+ switch(scope_stored) {
+ case LDAP_SCOPE_BASE:
+ return (ndn_incoming->bv_len == ndn_stored->bv_len);
+
+ case LDAP_SCOPE_ONELEVEL:
+ switch(scope_incoming){
+ case LDAP_SCOPE_BASE:
+ dnParent(ndn_incoming, &pdn_incoming);
+ return (pdn_incoming.bv_len == ndn_stored->bv_len);
+
+ case LDAP_SCOPE_ONELEVEL:
+ return (ndn_incoming->bv_len == ndn_stored->bv_len);
+
+ default:
+ return 0;
+ }
+ case LDAP_SCOPE_SUBTREE:
+ return 1;
+ break;
+ default:
+ return 0;
+ break;
+ }
+}
+
+/* add query on top of LRU list */
+static void
+add_query_on_top (query_manager* qm, CachedQuery* qc)
+{
+ CachedQuery* top = qm->lru_top;
+ Query* q = (Query*)qc;
+
+ qm->lru_top = qc;
+
+ if (top)
+ top->lru_up = qc;
+ else
+ qm->lru_bottom = qc;
+
+ qc->lru_down = top;
+ qc->lru_up = NULL;
+ Debug( pcache_debug, "Base of added query = %s\n",
+ q->base.bv_val, 0, 0 );
+}
+
+/* remove_query from LRU list */
+
+static void
+remove_query (query_manager* qm, CachedQuery* qc)
+{
+ CachedQuery* up;
+ CachedQuery* down;
+
+ if (!qc)
+ return;
+
+ up = qc->lru_up;
+ down = qc->lru_down;
+
+ if (!up)
+ qm->lru_top = down;
+
+ if (!down)
+ qm->lru_bottom = up;
+
+ if (down)
+ down->lru_up = up;
+
+ if (up)
+ up->lru_down = down;
+
+ qc->lru_up = qc->lru_down = NULL;
+}
+
+/* find and remove string2 from string1
+ * from start if position = 1,
+ * from end if position = 3,
+ * from anywhere if position = 2
+ * string1 is overwritten if position = 2.
+ */
+
+static int
+find_and_remove(struct berval* ber1, struct berval* ber2, int position)
+{
+ int ret=0;
+
+ if ( !ber2->bv_val )
+ return 1;
+ if ( !ber1->bv_val )
+ return 0;
+
+ switch( position ) {
+ case 1:
+ if ( ber1->bv_len >= ber2->bv_len && !memcmp( ber1->bv_val,
+ ber2->bv_val, ber2->bv_len )) {
+ ret = 1;
+ ber1->bv_val += ber2->bv_len;
+ ber1->bv_len -= ber2->bv_len;
+ }
+ break;
+ case 2: {
+ char *temp;
+ ber1->bv_val[ber1->bv_len] = '\0';
+ temp = strstr( ber1->bv_val, ber2->bv_val );
+ if ( temp ) {
+ strcpy( temp, temp+ber2->bv_len );
+ ber1->bv_len -= ber2->bv_len;
+ ret = 1;
+ }
+ break;
+ }
+ case 3:
+ if ( ber1->bv_len >= ber2->bv_len &&
+ !memcmp( ber1->bv_val+ber1->bv_len-ber2->bv_len, ber2->bv_val,
+ ber2->bv_len )) {
+ ret = 1;
+ ber1->bv_len -= ber2->bv_len;
+ }
+ break;
+ }
+ return ret;
+}
+
+
+static struct berval*
+merge_init_final(Operation *op, struct berval* init, struct berval* any,
+ struct berval* final)
+{
+ struct berval* merged, *temp;
+ int i, any_count, count;
+
+ for (any_count=0; any && any[any_count].bv_val; any_count++)
+ ;
+
+ count = any_count;
+
+ if (init->bv_val)
+ count++;
+ if (final->bv_val)
+ count++;
+
+ merged = (struct berval*)op->o_tmpalloc( (count+1)*sizeof(struct berval),
+ op->o_tmpmemctx );
+ temp = merged;
+
+ if (init->bv_val) {
+ ber_dupbv_x( temp, init, op->o_tmpmemctx );
+ temp++;
+ }
+
+ for (i=0; i<any_count; i++) {
+ ber_dupbv_x( temp, any, op->o_tmpmemctx );
+ temp++; any++;
+ }
+
+ if (final->bv_val){
+ ber_dupbv_x( temp, final, op->o_tmpmemctx );
+ temp++;
+ }
+ BER_BVZERO( temp );
+ return merged;
+}
+
+/* Each element in stored must be found in incoming. Incoming is overwritten.
+ */
+static int
+strings_containment(struct berval* stored, struct berval* incoming)
+{
+ struct berval* element;
+ int k=0;
+ int j, rc = 0;
+
+ for ( element=stored; element->bv_val != NULL; element++ ) {
+ for (j = k; incoming[j].bv_val != NULL; j++) {
+ if (find_and_remove(&(incoming[j]), element, 2)) {
+ k = j;
+ rc = 1;
+ break;
+ }
+ rc = 0;
+ }
+ if ( rc ) {
+ continue;
+ } else {
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static int
+substr_containment_substr(Operation *op, Filter* stored, Filter* incoming)
+{
+ int i;
+ int rc = 0;
+
+ struct berval init_incoming;
+ struct berval final_incoming;
+ struct berval *remaining_incoming = NULL;
+
+ if ((!(incoming->f_sub_initial.bv_val) && (stored->f_sub_initial.bv_val))
+ || (!(incoming->f_sub_final.bv_val) && (stored->f_sub_final.bv_val)))
+ return 0;
+
+ init_incoming = incoming->f_sub_initial;
+ final_incoming = incoming->f_sub_final;
+
+ if (find_and_remove(&init_incoming,
+ &(stored->f_sub_initial), 1) && find_and_remove(&final_incoming,
+ &(stored->f_sub_final), 3))
+ {
+ if (stored->f_sub_any == NULL) {
+ rc = 1;
+ goto final;
+ }
+ remaining_incoming = merge_init_final(op, &init_incoming,
+ incoming->f_sub_any, &final_incoming);
+ rc = strings_containment(stored->f_sub_any, remaining_incoming);
+ ber_bvarray_free_x( remaining_incoming, op->o_tmpmemctx );
+ }
+final:
+ return rc;
+}
+
+static int
+substr_containment_equality(Operation *op, Filter* stored, Filter* incoming)
+{
+ struct berval incoming_val[2];
+ int rc = 0;
+
+ incoming_val[1] = incoming->f_av_value;
+
+ if (find_and_remove(incoming_val+1,
+ &(stored->f_sub_initial), 1) && find_and_remove(incoming_val+1,
+ &(stored->f_sub_final), 3)) {
+ if (stored->f_sub_any == NULL){
+ rc = 1;
+ goto final;
+ }
+ ber_dupbv_x( incoming_val, incoming_val+1, op->o_tmpmemctx );
+ BER_BVZERO( incoming_val+1 );
+ rc = strings_containment(stored->f_sub_any, incoming_val);
+ op->o_tmpfree( incoming_val[0].bv_val, op->o_tmpmemctx );
+ }
+final:
+ return rc;
+}
+
+/* check whether query is contained in any of
+ * the cached queries in template template_index
+ */
+static CachedQuery *
+query_containment(Operation *op, query_manager *qm,
+ Query *query,
+ int template_index)
+{
+ QueryTemplate* templa= qm->templates;
+ CachedQuery* qc;
+ Query* q;
+ Filter* inputf = query->filter;
+ struct berval* base = &(query->base);
+ int scope = query->scope;
+ int res=0;
+ Filter* fs;
+ Filter* fi;
+ int ret, rc;
+ const char* text;
+
+ MatchingRule* mrule = NULL;
+ if (inputf != NULL) {
+ Debug( pcache_debug, "Lock QC index = %d\n",
+ template_index, 0, 0 );
+ ldap_pvt_thread_rdwr_rlock(&(templa[template_index].t_rwlock));
+ for(qc=templa[template_index].query; qc != NULL; qc= qc->next) {
+ q = (Query*)qc;
+ if(base_scope_compare(&(q->base), base, q->scope, scope)) {
+ fi = inputf;
+ fs = q->filter;
+ do {
+ res=0;
+ switch (fs->f_choice) {
+ case LDAP_FILTER_EQUALITY:
+ if (fi->f_choice == LDAP_FILTER_EQUALITY)
+ mrule = fs->f_ava->aa_desc->ad_type->sat_equality;
+ else
+ ret = 1;
+ break;
+ case LDAP_FILTER_GE:
+ case LDAP_FILTER_LE:
+ mrule = fs->f_ava->aa_desc->ad_type->sat_ordering;
+ break;
+ default:
+ mrule = NULL;
+ }
+ if (mrule) {
+ rc = value_match(&ret, fs->f_ava->aa_desc, mrule,
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ &(fi->f_ava->aa_value),
+ &(fs->f_ava->aa_value), &text);
+ if (rc != LDAP_SUCCESS) {
+ ldap_pvt_thread_rdwr_runlock(&(templa[template_index].t_rwlock));
+ Debug( pcache_debug,
+ "Unlock: Exiting QC index=%d\n",
+ template_index, 0, 0 );
+ return NULL;
+ }
+ }
+ switch (fs->f_choice) {
+ case LDAP_FILTER_OR:
+ case LDAP_FILTER_AND:
+ fs = fs->f_and;
+ fi = fi->f_and;
+ res=1;
+ break;
+ case LDAP_FILTER_SUBSTRINGS:
+ /* check if the equality query can be
+ * answered with cached substring query */
+ if ((fi->f_choice == LDAP_FILTER_EQUALITY)
+ && substr_containment_equality( op,
+ fs, fi))
+ res=1;
+ /* check if the substring query can be
+ * answered with cached substring query */
+ if ((fi->f_choice ==LDAP_FILTER_SUBSTRINGS
+ ) && substr_containment_substr( op,
+ fs, fi))
+ res= 1;
+ fs=fs->f_next;
+ fi=fi->f_next;
+ break;
+ case LDAP_FILTER_PRESENT:
+ res=1;
+ fs=fs->f_next;
+ fi=fi->f_next;
+ break;
+ case LDAP_FILTER_EQUALITY:
+ if (ret == 0)
+ res = 1;
+ fs=fs->f_next;
+ fi=fi->f_next;
+ break;
+ case LDAP_FILTER_GE:
+ if (ret >= 0)
+ res = 1;
+ fs=fs->f_next;
+ fi=fi->f_next;
+ break;
+ case LDAP_FILTER_LE:
+ if (ret <= 0)
+ res = 1;
+ fs=fs->f_next;
+ fi=fi->f_next;
+ break;
+ case LDAP_FILTER_NOT:
+ res=0;
+ break;
+ default:
+ break;
+ }
+ } while((res) && (fi != NULL) && (fs != NULL));
+
+ if(res) {
+ ldap_pvt_thread_mutex_lock(&qm->lru_mutex);
+ if (qm->lru_top != qc) {
+ remove_query(qm, qc);
+ add_query_on_top(qm, qc);
+ }
+ ldap_pvt_thread_mutex_unlock(&qm->lru_mutex);
+ return qc;
+ }
+ }
+ }
+ Debug( pcache_debug,
+ "Not answerable: Unlock QC index=%d\n",
+ template_index, 0, 0 );
+ ldap_pvt_thread_rdwr_runlock(&(templa[template_index].t_rwlock));
+ }
+ return NULL;
+}
+
+static void
+free_query (CachedQuery* qc)
+{
+ Query* q = (Query*)qc;
+ int i;
+
+ free(qc->q_uuid.bv_val);
+ filter_free(q->filter);
+ free (q->base.bv_val);
+ free(q->attrs);
+ free(qc);
+}
+
+
+/* Add query to query cache */
+static void add_query(
+ query_manager* qm,
+ Query* query,
+ int template_index,
+ struct berval* uuid)
+{
+ CachedQuery* new_cached_query = (CachedQuery*) ch_malloc(sizeof(CachedQuery));
+ QueryTemplate* templ = (qm->templates)+template_index;
+ Query* new_query;
+ new_cached_query->template_id = template_index;
+ if ( uuid ) {
+ new_cached_query->q_uuid = *uuid;
+ new_cached_query->expiry_time = slap_get_time() + templ->ttl;
+ } else {
+ BER_BVZERO( &new_cached_query->q_uuid );
+ new_cached_query->expiry_time = slap_get_time() + templ->negttl;
+ }
+ new_cached_query->lru_up = NULL;
+ new_cached_query->lru_down = NULL;
+ Debug( pcache_debug, "Added query expires at %ld\n",
+ (long) new_cached_query->expiry_time, 0, 0 );
+ new_query = (Query*)new_cached_query;
+
+ ber_dupbv(&new_query->base, &query->base);
+ new_query->scope = query->scope;
+ new_query->filter = query->filter;
+ new_query->attrs = query->attrs;
+
+ /* Adding a query */
+ Debug( pcache_debug, "Lock AQ index = %d\n",
+ template_index, 0, 0 );
+ ldap_pvt_thread_rdwr_wlock(&templ->t_rwlock);
+ if (templ->query == NULL)
+ templ->query_last = new_cached_query;
+ else
+ templ->query->prev = new_cached_query;
+ new_cached_query->next = templ->query;
+ new_cached_query->prev = NULL;
+ templ->query = new_cached_query;
+ templ->no_of_queries++;
+ Debug( pcache_debug, "TEMPLATE %d QUERIES++ %d\n",
+ template_index, templ->no_of_queries, 0 );
+
+ Debug( pcache_debug, "Unlock AQ index = %d \n",
+ template_index, 0, 0 );
+ ldap_pvt_thread_rdwr_wunlock(&templ->t_rwlock);
+
+ /* Adding on top of LRU list */
+ ldap_pvt_thread_mutex_lock(&qm->lru_mutex);
+ add_query_on_top(qm, new_cached_query);
+ ldap_pvt_thread_mutex_unlock(&qm->lru_mutex);
+}
+
+static void
+remove_from_template (CachedQuery* qc, QueryTemplate* template)
+{
+ if (!qc->prev && !qc->next) {
+ template->query_last = template->query = NULL;
+ } else if (qc->prev == NULL) {
+ qc->next->prev = NULL;
+ template->query = qc->next;
+ } else if (qc->next == NULL) {
+ qc->prev->next = NULL;
+ template->query_last = qc->prev;
+ } else {
+ qc->next->prev = qc->prev;
+ qc->prev->next = qc->next;
+ }
+
+ template->no_of_queries--;
+}
+
+/* remove bottom query of LRU list from the query cache */
+static void cache_replacement(query_manager* qm, struct berval *result)
+{
+ CachedQuery* bottom;
+ int temp_id;
+
+ ldap_pvt_thread_mutex_lock(&qm->lru_mutex);
+ bottom = qm->lru_bottom;
+
+ result->bv_val = NULL;
+ result->bv_len = 0;
+
+ if (!bottom) {
+ Debug ( pcache_debug,
+ "Cache replacement invoked without "
+ "any query in LRU list\n", 0, 0, 0 );
+ ldap_pvt_thread_mutex_unlock(&qm->lru_mutex);
+ return;
+ }
+
+ temp_id = bottom->template_id;
+ remove_query(qm, bottom);
+ ldap_pvt_thread_mutex_unlock(&qm->lru_mutex);
+
+ *result = bottom->q_uuid;
+ bottom->q_uuid.bv_val = NULL;
+
+ Debug( pcache_debug, "Lock CR index = %d\n", temp_id, 0, 0 );
+ ldap_pvt_thread_rdwr_wlock(&(qm->templates[temp_id].t_rwlock));
+ remove_from_template(bottom, (qm->templates+temp_id));
+ Debug( pcache_debug, "TEMPLATE %d QUERIES-- %d\n",
+ temp_id, qm->templates[temp_id].no_of_queries, 0 );
+ Debug( pcache_debug, "Unlock CR index = %d\n", temp_id, 0, 0 );
+ ldap_pvt_thread_rdwr_wunlock(&(qm->templates[temp_id].t_rwlock));
+ free_query(bottom);
+}
+
+struct query_info {
+ struct query_info *next;
+ struct berval xdn;
+ int del;
+};
+
+static int
+remove_func (
+ Operation *op,
+ SlapReply *rs
+)
+{
+ Attribute *attr;
+ struct query_info *qi;
+ int count = 0;
+
+ if ( rs->sr_type != REP_SEARCH ) return 0;
+
+ for (attr = rs->sr_entry->e_attrs; attr!= NULL; attr = attr->a_next) {
+ if (attr->a_desc == ad_queryid) {
+ for (count=0; attr->a_vals[count].bv_val; count++)
+ ;
+ break;
+ }
+ }
+ if ( count == 0 ) return 0;
+ qi = op->o_tmpalloc( sizeof( struct query_info ), op->o_tmpmemctx );
+ qi->next = op->o_callback->sc_private;
+ op->o_callback->sc_private = qi;
+ ber_dupbv_x( &qi->xdn, &rs->sr_entry->e_nname, op->o_tmpmemctx );
+ qi->del = ( count == 1 );
+
+ return 0;
+}
+
+static int
+remove_query_data (
+ Operation *op,
+ SlapReply *rs,
+ struct berval* query_uuid)
+{
+ struct query_info *qi, *qnext;
+ char filter_str[64];
+#ifdef LDAP_COMP_MATCH
+ AttributeAssertion ava = { NULL, BER_BVNULL, NULL };
+#else
+ AttributeAssertion ava = { NULL, BER_BVNULL };
+#endif
+ Filter filter = {LDAP_FILTER_EQUALITY};
+ SlapReply sreply = {REP_RESULT};
+ slap_callback cb = { NULL, remove_func, NULL, NULL };
+ int deleted = 0;
+
+ sreply.sr_entry = NULL;
+ sreply.sr_nentries = 0;
+ op->ors_filterstr.bv_len = snprintf(filter_str, sizeof(filter_str),
+ "(%s=%s)", ad_queryid->ad_cname.bv_val, query_uuid->bv_val);
+ filter.f_ava = &ava;
+ filter.f_av_desc = ad_queryid;
+ filter.f_av_value = *query_uuid;
+
+ op->o_tag = LDAP_REQ_SEARCH;
+ op->o_protocol = LDAP_VERSION3;
+ op->o_callback = &cb;
+ op->o_time = slap_get_time();
+ op->o_do_not_cache = 1;
+
+ op->o_req_dn = op->o_bd->be_suffix[0];
+ op->o_req_ndn = op->o_bd->be_nsuffix[0];
+ op->ors_scope = LDAP_SCOPE_SUBTREE;
+ op->ors_deref = LDAP_DEREF_NEVER;
+ op->ors_slimit = SLAP_NO_LIMIT;
+ op->ors_tlimit = SLAP_NO_LIMIT;
+ op->ors_filter = &filter;
+ op->ors_filterstr.bv_val = filter_str;
+ op->ors_filterstr.bv_len = strlen(filter_str);
+ op->ors_attrs = NULL;
+ op->ors_attrsonly = 0;
+
+ op->o_bd->be_search( op, &sreply );
+
+ for ( qi=cb.sc_private; qi; qi=qnext ) {
+ qnext = qi->next;
+
+ op->o_req_dn = qi->xdn;
+ op->o_req_ndn = qi->xdn;
+
+ if ( qi->del) {
+ Debug( pcache_debug, "DELETING ENTRY TEMPLATE=%s\n",
+ query_uuid->bv_val, 0, 0 );
+
+ op->o_tag = LDAP_REQ_DELETE;
+
+ if (op->o_bd->be_delete(op, &sreply) == LDAP_SUCCESS) {
+ deleted++;
+ }
+ } else {
+ Modifications mod;
+ struct berval vals[2];
+
+ vals[0] = *query_uuid;
+ vals[1].bv_val = NULL;
+ vals[1].bv_len = 0;
+ mod.sml_op = LDAP_MOD_DELETE;
+ mod.sml_flags = 0;
+ mod.sml_desc = ad_queryid;
+ mod.sml_type = ad_queryid->ad_cname;
+ mod.sml_values = vals;
+ mod.sml_nvalues = NULL;
+ mod.sml_next = NULL;
+ Debug( pcache_debug,
+ "REMOVING TEMP ATTR : TEMPLATE=%s\n",
+ query_uuid->bv_val, 0, 0 );
+
+ op->orm_modlist = &mod;
+
+ op->o_bd->be_modify( op, &sreply );
+ }
+ op->o_tmpfree( qi->xdn.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( qi, op->o_tmpmemctx );
+ }
+ return deleted;
+}
+
+static int
+get_attr_set(
+ AttributeName* attrs,
+ query_manager* qm,
+ int num
+);
+
+static int
+filter2template(
+ Operation *op,
+ Filter *f,
+ struct berval *fstr,
+ AttributeName** filter_attrs,
+ int* filter_cnt,
+ int* filter_got_oc )
+{
+ AttributeDescription *ad;
+
+ switch ( f->f_choice ) {
+ case LDAP_FILTER_EQUALITY:
+ ad = f->f_av_desc;
+ sprintf( fstr->bv_val+fstr->bv_len, "(%s=)", ad->ad_cname.bv_val );
+ fstr->bv_len += ad->ad_cname.bv_len + ( sizeof("(=)") - 1 );
+ break;
+
+ case LDAP_FILTER_GE:
+ ad = f->f_av_desc;
+ sprintf( fstr->bv_val+fstr->bv_len, "(%s>=)", ad->ad_cname.bv_val);
+ fstr->bv_len += ad->ad_cname.bv_len + ( sizeof("(>=)") - 1 );
+ break;
+
+ case LDAP_FILTER_LE:
+ ad = f->f_av_desc;
+ sprintf( fstr->bv_val+fstr->bv_len, "(%s<=)", ad->ad_cname.bv_val);
+ fstr->bv_len += ad->ad_cname.bv_len + ( sizeof("(<=)") - 1 );
+ break;
+
+ case LDAP_FILTER_APPROX:
+ ad = f->f_av_desc;
+ sprintf( fstr->bv_val+fstr->bv_len, "(%s~=)", ad->ad_cname.bv_val);
+ fstr->bv_len += ad->ad_cname.bv_len + ( sizeof("(~=)") - 1 );
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ ad = f->f_sub_desc;
+ sprintf( fstr->bv_val+fstr->bv_len, "(%s=)", ad->ad_cname.bv_val );
+ fstr->bv_len += ad->ad_cname.bv_len + ( sizeof("(=)") - 1 );
+ break;
+
+ case LDAP_FILTER_PRESENT:
+ ad = f->f_desc;
+ sprintf( fstr->bv_val+fstr->bv_len, "(%s=*)", ad->ad_cname.bv_val );
+ fstr->bv_len += ad->ad_cname.bv_len + ( sizeof("(=*)") - 1 );
+ break;
+
+ case LDAP_FILTER_AND:
+ case LDAP_FILTER_OR:
+ case LDAP_FILTER_NOT: {
+ int rc = 0;
+ sprintf( fstr->bv_val+fstr->bv_len, "(%c",
+ f->f_choice == LDAP_FILTER_AND ? '&' :
+ f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
+ fstr->bv_len += sizeof("(%") - 1;
+
+ for ( f = f->f_list; f != NULL; f = f->f_next ) {
+ rc = filter2template( op, f, fstr, filter_attrs, filter_cnt,
+ filter_got_oc );
+ if ( rc ) break;
+ }
+ sprintf( fstr->bv_val+fstr->bv_len, ")" );
+ fstr->bv_len += sizeof(")") - 1;
+
+ return rc;
+ }
+
+ default:
+ strcpy( fstr->bv_val, "(?=?)" );
+ fstr->bv_len += sizeof("(?=?)")-1;
+ return -1;
+ }
+
+ *filter_attrs = (AttributeName *)op->o_tmprealloc(*filter_attrs,
+ (*filter_cnt + 2)*sizeof(AttributeName), op->o_tmpmemctx);
+
+ (*filter_attrs)[*filter_cnt].an_desc = ad;
+ (*filter_attrs)[*filter_cnt].an_name = ad->ad_cname;
+ (*filter_attrs)[*filter_cnt].an_oc = NULL;
+ (*filter_attrs)[*filter_cnt].an_oc_exclude = 0;
+ BER_BVZERO( &(*filter_attrs)[*filter_cnt+1].an_name );
+ (*filter_cnt)++;
+ if ( ad == slap_schema.si_ad_objectClass )
+ *filter_got_oc = 1;
+ return 0;
+}
+
+struct search_info {
+ slap_overinst *on;
+ Query query;
+ int template_id;
+ int max;
+ int over;
+ int count;
+ Entry *head, *tail;
+};
+
+static int
+cache_entries(
+ Operation *op,
+ SlapReply *rs,
+ struct berval *query_uuid)
+{
+ struct search_info *si = op->o_callback->sc_private;
+ slap_overinst *on = si->on;
+ cache_manager *cm = on->on_bi.bi_private;
+ query_manager* qm = cm->qm;
+ int return_val = 0;
+ Entry *e;
+ struct berval crp_uuid;
+ char uuidbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
+ Operation op_tmp = *op;
+
+ query_uuid->bv_len = lutil_uuidstr(uuidbuf, sizeof(uuidbuf));
+ ber_str2bv(uuidbuf, query_uuid->bv_len, 1, query_uuid);
+
+ op_tmp.o_bd = &cm->db;
+ op_tmp.o_dn = cm->db.be_rootdn;
+ op_tmp.o_ndn = cm->db.be_rootndn;
+
+ Debug( pcache_debug, "UUID for query being added = %s\n",
+ uuidbuf, 0, 0 );
+
+ for ( e=si->head; e; e=si->head ) {
+ si->head = e->e_private;
+ e->e_private = NULL;
+ while ( cm->cur_entries > (cm->max_entries) ) {
+ qm->crfunc(qm, &crp_uuid);
+ if (crp_uuid.bv_val) {
+ Debug( pcache_debug,
+ "Removing query UUID %s\n",
+ crp_uuid.bv_val, 0, 0 );
+ return_val = remove_query_data(&op_tmp, rs, &crp_uuid);
+ Debug( pcache_debug,
+ "QUERY REMOVED, SIZE=%d\n",
+ return_val, 0, 0);
+ ldap_pvt_thread_mutex_lock(
+ &cm->cache_mutex );
+ cm->cur_entries -= return_val;
+ cm->num_cached_queries--;
+ Debug( pcache_debug,
+ "STORED QUERIES = %lu\n",
+ cm->num_cached_queries, 0, 0 );
+ ldap_pvt_thread_mutex_unlock(
+ &cm->cache_mutex );
+ Debug( pcache_debug,
+ "QUERY REMOVED, CACHE ="
+ "%d entries\n",
+ cm->cur_entries, 0, 0 );
+ }
+ }
+
+ return_val = merge_entry(&op_tmp, e, query_uuid);
+ ldap_pvt_thread_mutex_lock(&cm->cache_mutex);
+ cm->cur_entries += return_val;
+ Debug( pcache_debug,
+ "ENTRY ADDED/MERGED, CACHED ENTRIES=%d\n",
+ cm->cur_entries, 0, 0 );
+ return_val = 0;
+ ldap_pvt_thread_mutex_unlock(&cm->cache_mutex);
+ }
+
+ return return_val;
+}
+
+static int
+pcache_response(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct search_info *si = op->o_callback->sc_private;
+ slap_overinst *on = si->on;
+ cache_manager *cm = on->on_bi.bi_private;
+ query_manager* qm = cm->qm;
+ struct berval uuid;
+
+ if ( si->query.save_attrs != NULL ) {
+ rs->sr_attrs = si->query.save_attrs;
+ op->ors_attrs = si->query.save_attrs;
+ si->query.save_attrs = NULL;
+ }
+
+ if ( rs->sr_type == REP_SEARCH ) {
+ Entry *e;
+ /* If we haven't exceeded the limit for this query,
+ * build a chain of answers to store. If we hit the
+ * limit, empty the chain and ignore the rest.
+ */
+ if ( !si->over ) {
+ if ( si->count < si->max ) {
+ si->count++;
+ e = entry_dup( rs->sr_entry );
+ if ( !si->head ) si->head = e;
+ if ( si->tail ) si->tail->e_private = e;
+ si->tail = e;
+ } else {
+ si->over = 1;
+ si->count = 0;
+ for (;si->head; si->head=e) {
+ e = si->head->e_private;
+ si->head->e_private = NULL;
+ entry_free(si->head);
+ }
+ si->tail = NULL;
+ }
+ }
+
+ } else if ( rs->sr_type == REP_RESULT ) {
+ QueryTemplate* templ = (qm->templates)+si->template_id;
+ if (( si->count && cache_entries( op, rs, &uuid ) == 0 ) ||
+ ( templ->negttl && !si->count && !si->over &&
+ rs->sr_err == LDAP_SUCCESS )) {
+ qm->addfunc(qm, &si->query, si->template_id,
+ si->count ? &uuid : NULL);
+
+ ldap_pvt_thread_mutex_lock(&cm->cache_mutex);
+ cm->num_cached_queries++;
+ Debug( pcache_debug, "STORED QUERIES = %lu\n",
+ cm->num_cached_queries, 0, 0 );
+ ldap_pvt_thread_mutex_unlock(&cm->cache_mutex);
+
+ /* If the consistency checker suspended itself,
+ * wake it back up
+ */
+ if ( cm->cc_paused ) {
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ if ( cm->cc_paused ) {
+ cm->cc_paused = 0;
+ ldap_pvt_runqueue_resched( &slapd_rq, cm->cc_arg, 0 );
+ }
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+ }
+ } else {
+ free( si->query.attrs );
+ filter_free( si->query.filter );
+ }
+
+ /* free self */
+ op->o_callback->sc_cleanup = slap_freeself_cb;
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+static void
+add_filter_attrs(
+ Operation *op,
+ AttributeName** new_attrs,
+ struct attr_set *attrs,
+ AttributeName* filter_attrs,
+ int fattr_cnt,
+ int fattr_got_oc)
+{
+ int alluser = 0;
+ int allop = 0;
+ int i, j;
+ int count;
+ int addoc = 0;
+
+ /* duplicate attrs */
+ count = attrs->count + fattr_cnt;
+ if ( !fattr_got_oc && !(attrs->flags & PC_GOT_OC)) {
+ addoc = 1;
+ count++;
+ }
+
+ *new_attrs = (AttributeName*)ch_malloc((count+1)*
+ sizeof(AttributeName));
+ for (i=0; i<attrs->count; i++) {
+ (*new_attrs)[i].an_name = attrs->attrs[i].an_name;
+ (*new_attrs)[i].an_desc = attrs->attrs[i].an_desc;
+ }
+ BER_BVZERO( &(*new_attrs)[i].an_name );
+ alluser = an_find(*new_attrs, &AllUser);
+ allop = an_find(*new_attrs, &AllOper);
+
+ j = i;
+ for ( i=0; i<fattr_cnt; i++ ) {
+ if ( an_find(*new_attrs, &filter_attrs[i].an_name ))
+ continue;
+ if ( is_at_operational(filter_attrs[i].an_desc->ad_type) ) {
+ if (allop)
+ continue;
+ } else if (alluser)
+ continue;
+ (*new_attrs)[j].an_name = filter_attrs[i].an_name;
+ (*new_attrs)[j].an_desc = filter_attrs[i].an_desc;
+ (*new_attrs)[j].an_oc = NULL;
+ (*new_attrs)[j].an_oc_exclude = 0;
+ j++;
+ }
+ if ( addoc ) {
+ (*new_attrs)[j].an_name = slap_schema.si_ad_objectClass->ad_cname;
+ (*new_attrs)[j].an_desc = slap_schema.si_ad_objectClass;
+ (*new_attrs)[j].an_oc = NULL;
+ (*new_attrs)[j].an_oc_exclude = 0;
+ j++;
+ }
+ BER_BVZERO( &(*new_attrs)[j].an_name );
+}
+
+/* NOTE: this is a quick workaround to let pcache minimally interact
+ * with pagedResults. A more articulated solutions would be to
+ * perform the remote query without control and cache all results,
+ * performing the pagedResults search only within the client
+ * and the proxy. This requires pcache to understand pagedResults. */
+static int
+pcache_chk_controls(
+ Operation *op,
+ SlapReply *rs )
+{
+ const char *non = "";
+ const char *stripped = "";
+
+ switch( op->o_pagedresults ) {
+ case SLAP_CONTROL_NONCRITICAL:
+ non = "non-";
+ stripped = "; stripped";
+ /* fallthru */
+
+ case SLAP_CONTROL_CRITICAL:
+ Debug( pcache_debug, "%s: "
+ "%scritical pagedResults control "
+ "disabled with proxy cache%s.\n",
+ op->o_log_prefix, non, stripped );
+
+ slap_remove_control( op, rs, slap_cids.sc_pagedResults, NULL );
+ break;
+
+ default:
+ rs->sr_err = SLAP_CB_CONTINUE;
+ break;
+ }
+
+ return rs->sr_err;
+}
+
+static int
+pcache_op_search(
+ Operation *op,
+ SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ cache_manager *cm = on->on_bi.bi_private;
+ query_manager* qm = cm->qm;
+
+ int count;
+
+ int i = -1;
+
+ AttributeName *filter_attrs = NULL;
+
+ Query query;
+
+ int attr_set = -1;
+ int template_id = -1;
+ CachedQuery *answerable = NULL;
+ int cacheable = 0;
+ int fattr_cnt=0;
+ int fattr_got_oc = 0;
+ int oc_attr_absent = 1;
+
+ struct berval tempstr;
+
+ tempstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len+1, op->o_tmpmemctx );
+ tempstr.bv_len = 0;
+ if ( filter2template( op, op->ors_filter, &tempstr, &filter_attrs,
+ &fattr_cnt, &fattr_got_oc )) {
+ op->o_tmpfree( tempstr.bv_val, op->o_tmpmemctx );
+ return SLAP_CB_CONTINUE;
+ }
+
+ Debug( pcache_debug, "query template of incoming query = %s\n",
+ tempstr.bv_val, 0, 0 );
+
+ /* FIXME: cannot cache/answer requests with pagedResults control */
+
+
+ /* find attr set */
+ attr_set = get_attr_set(op->ors_attrs, qm, cm->numattrsets);
+
+ query.filter = op->ors_filter;
+ query.attrs = op->ors_attrs;
+ query.save_attrs = NULL;
+ query.base = op->o_req_ndn;
+ query.scope = op->ors_scope;
+
+ /* check for query containment */
+ if (attr_set > -1) {
+ QueryTemplate *qt = qm->templates;
+ for (i=0; i<cm->numtemplates; i++, qt++) {
+ /* find if template i can potentially answer tempstr */
+ if ( qt->attr_set_index != attr_set ||
+ qt->querystr.bv_len != tempstr.bv_len ||
+ strcasecmp( qt->querystr.bv_val, tempstr.bv_val ))
+ continue;
+ cacheable = 1;
+ template_id = i;
+ Debug( LDAP_DEBUG_NONE, "Entering QC, querystr = %s\n",
+ op->ors_filterstr.bv_val, 0, 0 );
+ answerable = (*(qm->qcfunc))(op, qm, &query, i);
+
+ if (answerable)
+ break;
+ }
+ }
+ op->o_tmpfree( tempstr.bv_val, op->o_tmpmemctx );
+
+ query.save_attrs = op->ors_attrs;
+ query.attrs = NULL;
+
+ if (answerable) {
+ /* Need to clear the callbacks of the original operation,
+ * in case there are other overlays */
+ BackendDB *save_bd = op->o_bd;
+ slap_callback *save_cb = op->o_callback;
+
+ Debug( pcache_debug, "QUERY ANSWERABLE\n", 0, 0, 0 );
+ op->o_tmpfree( filter_attrs, op->o_tmpmemctx );
+ ldap_pvt_thread_rdwr_runlock(&qm->templates[i].t_rwlock);
+ if ( BER_BVISNULL( &answerable->q_uuid )) {
+ /* No entries cached, just an empty result set */
+ i = rs->sr_err = 0;
+ send_ldap_result( op, rs );
+ } else {
+ op->o_bd = &cm->db;
+ op->o_callback = NULL;
+ i = cm->db.bd_info->bi_op_search( op, rs );
+ }
+ op->o_bd = save_bd;
+ op->o_callback = save_cb;
+ return i;
+ }
+
+ Debug( pcache_debug, "QUERY NOT ANSWERABLE\n", 0, 0, 0 );
+
+ ldap_pvt_thread_mutex_lock(&cm->cache_mutex);
+ if (cm->num_cached_queries >= cm->max_queries) {
+ cacheable = 0;
+ }
+ ldap_pvt_thread_mutex_unlock(&cm->cache_mutex);
+
+ if (op->ors_attrsonly)
+ cacheable = 0;
+
+ if (cacheable) {
+ slap_callback *cb;
+ struct search_info *si;
+
+ Debug( pcache_debug, "QUERY CACHEABLE\n", 0, 0, 0 );
+ query.filter = filter_dup(op->ors_filter, NULL);
+ add_filter_attrs(op, &query.attrs, &qm->attr_sets[attr_set],
+ filter_attrs, fattr_cnt, fattr_got_oc);
+
+ op->ors_attrs = query.attrs;
+
+ cb = op->o_tmpalloc( sizeof(*cb) + sizeof(*si), op->o_tmpmemctx);
+ cb->sc_response = pcache_response;
+ cb->sc_cleanup = NULL;
+ cb->sc_private = (cb+1);
+ si = cb->sc_private;
+ si->on = on;
+ si->query = query;
+ si->template_id = template_id;
+ si->max = cm->num_entries_limit ;
+ si->over = 0;
+ si->count = 0;
+ si->head = NULL;
+ si->tail = NULL;
+
+ if ( cm->response_cb == PCACHE_RESPONSE_CB_HEAD ) {
+ cb->sc_next = op->o_callback;
+ op->o_callback = cb;
+
+ } else {
+ slap_callback **pcb;
+
+ /* need to move the callback at the end, in case other
+ * overlays are present, so that the final entry is
+ * actually cached */
+ cb->sc_next = NULL;
+ for ( pcb = &op->o_callback; *pcb; pcb = &(*pcb)->sc_next );
+ *pcb = cb;
+ }
+
+ } else {
+ Debug( pcache_debug, "QUERY NOT CACHEABLE\n",
+ 0, 0, 0);
+ }
+
+ op->o_tmpfree( filter_attrs, op->o_tmpmemctx );
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+get_attr_set(
+ AttributeName* attrs,
+ query_manager* qm,
+ int num )
+{
+ int i;
+ int count = 0;
+
+ if ( attrs ) {
+ for ( ; attrs[count].an_name.bv_val; count++ );
+ }
+
+ for (i=0; i<num; i++) {
+ AttributeName *a2;
+ int found = 1;
+
+ if ( count > qm->attr_sets[i].count )
+ continue;
+ if ( !count ) {
+ if ( !qm->attr_sets[i].count )
+ break;
+ continue;
+ }
+ for ( a2 = attrs; a2->an_name.bv_val; a2++ ) {
+ if ( !an_find( qm->attr_sets[i].attrs, &a2->an_name )) {
+ found = 0;
+ break;
+ }
+ }
+ if ( found )
+ break;
+ }
+ if ( i == num )
+ i = -1;
+ return i;
+}
+
+static void*
+consistency_check(
+ void *ctx,
+ void *arg )
+{
+ struct re_s *rtask = arg;
+ slap_overinst *on = rtask->arg;
+ cache_manager *cm = on->on_bi.bi_private;
+ query_manager *qm = cm->qm;
+ Connection conn = {0};
+ OperationBuffer opbuf;
+ Operation *op;
+
+ SlapReply rs = {REP_RESULT};
+ CachedQuery* query, *query_prev;
+ int i, return_val, pause = 1;
+ QueryTemplate* templ;
+
+ op = (Operation *) &opbuf;
+ connection_fake_init( &conn, op, ctx );
+
+ op->o_bd = &cm->db;
+ op->o_dn = cm->db.be_rootdn;
+ op->o_ndn = cm->db.be_rootndn;
+
+ cm->cc_arg = arg;
+
+ for (i=0; qm->templates[i].querystr.bv_val; i++) {
+ templ = qm->templates + i;
+ query = templ->query_last;
+ if ( query ) pause = 0;
+ op->o_time = slap_get_time();
+ while (query && (query->expiry_time < op->o_time)) {
+ Debug( pcache_debug, "Lock CR index = %d\n",
+ i, 0, 0 );
+ ldap_pvt_thread_rdwr_wlock(&templ->t_rwlock);
+ remove_from_template(query, templ);
+ Debug( pcache_debug, "TEMPLATE %d QUERIES-- %d\n",
+ i, templ->no_of_queries, 0 );
+ Debug( pcache_debug, "Unlock CR index = %d\n",
+ i, 0, 0 );
+ ldap_pvt_thread_rdwr_wunlock(&templ->t_rwlock);
+ ldap_pvt_thread_mutex_lock(&qm->lru_mutex);
+ remove_query(qm, query);
+ ldap_pvt_thread_mutex_unlock(&qm->lru_mutex);
+ if ( BER_BVISNULL( &query->q_uuid ))
+ return_val = 0;
+ else
+ return_val = remove_query_data(op, &rs, &query->q_uuid);
+ Debug( pcache_debug, "STALE QUERY REMOVED, SIZE=%d\n",
+ return_val, 0, 0 );
+ ldap_pvt_thread_mutex_lock(&cm->cache_mutex);
+ cm->cur_entries -= return_val;
+ cm->num_cached_queries--;
+ Debug( pcache_debug, "STORED QUERIES = %lu\n",
+ cm->num_cached_queries, 0, 0 );
+ ldap_pvt_thread_mutex_unlock(&cm->cache_mutex);
+ Debug( pcache_debug,
+ "STALE QUERY REMOVED, CACHE ="
+ "%d entries\n",
+ cm->cur_entries, 0, 0 );
+ query_prev = query;
+ query = query->prev;
+ free_query(query_prev);
+ }
+ }
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ if ( ldap_pvt_runqueue_isrunning( &slapd_rq, rtask )) {
+ ldap_pvt_runqueue_stoptask( &slapd_rq, rtask );
+ }
+ /* If there were no queries, defer processing for a while */
+ cm->cc_paused = pause;
+ ldap_pvt_runqueue_resched( &slapd_rq, rtask, pause );
+
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+ return NULL;
+}
+
+
+#define MAX_ATTR_SETS 500
+
+enum {
+ PC_MAIN = 1,
+ PC_ATTR,
+ PC_TEMP,
+ PC_RESP,
+ PC_QUERIES
+};
+
+static ConfigDriver pc_cf_gen;
+static ConfigLDAPadd pc_ldadd;
+static ConfigCfAdd pc_cfadd;
+
+static ConfigTable pccfg[] = {
+ { "proxycache", "backend> <max_entries> <numattrsets> <entry limit> "
+ "<cycle_time",
+ 6, 6, 0, ARG_MAGIC|ARG_NO_DELETE|PC_MAIN, pc_cf_gen,
+ "( OLcfgOvAt:2.1 NAME 'olcProxyCache' "
+ "DESC 'ProxyCache basic parameters' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "proxyattrset", "index> <attributes...",
+ 2, 0, 0, ARG_MAGIC|PC_ATTR, pc_cf_gen,
+ "( OLcfgOvAt:2.2 NAME 'olcProxyAttrset' "
+ "DESC 'A set of attributes to cache' "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "proxytemplate", "filter> <attrset-index> <TTL> <negTTL",
+ 4, 5, 0, ARG_MAGIC|PC_TEMP, pc_cf_gen,
+ "( OLcfgOvAt:2.3 NAME 'olcProxyTemplate' "
+ "DESC 'Filter template, attrset, cache TTL, optional negative TTL' "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "response-callback", "head|tail(default)",
+ 2, 2, 0, ARG_MAGIC|PC_RESP, pc_cf_gen,
+ "( OLcfgOvAt:2.4 NAME 'olcProxyResponseCB' "
+ "DESC 'Response callback position in overlay stack' "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "proxyCacheQueries", "queries",
+ 2, 2, 0, ARG_INT|ARG_MAGIC|PC_QUERIES, pc_cf_gen,
+ "( OLcfgOvAt:2.5 NAME 'olcProxyCacheQueries' "
+ "DESC 'Maximum number of queries to cache' "
+ "SYNTAX OMsInteger )", NULL, NULL },
+
+ { NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs pcocs[] = {
+ { "( OLcfgOvOc:2.1 "
+ "NAME 'olcPcacheConfig' "
+ "DESC 'ProxyCache configuration' "
+ "SUP olcOverlayConfig "
+ "MUST ( olcProxyCache $ olcProxyAttrset $ olcProxyTemplate ) "
+ "MAY ( olcProxyResponseCB $ olcProxyCacheQueries ) )", Cft_Overlay, pccfg, NULL, pc_cfadd },
+ { "( OLcfgOvOc:2.2 "
+ "NAME 'olcPcacheDatabase' "
+ "DESC 'Cache database configuration' "
+ "AUXILIARY )", Cft_Misc, pccfg, pc_ldadd },
+ { NULL, 0, NULL }
+};
+
+static int
+pc_ldadd( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
+{
+ slap_overinst *on;
+ cache_manager *cm;
+
+ if ( p->ce_type != Cft_Overlay || !p->ce_bi ||
+ p->ce_bi->bi_cf_ocs != pcocs )
+ return LDAP_CONSTRAINT_VIOLATION;
+
+ on = (slap_overinst *)p->ce_bi;
+ cm = on->on_bi.bi_private;
+ ca->be = &cm->db;
+ return LDAP_SUCCESS;
+}
+
+static int
+pc_cfadd( Operation *op, SlapReply *rs, Entry *p, ConfigArgs *ca )
+{
+ CfEntryInfo *pe = p->e_private;
+ slap_overinst *on = (slap_overinst *)pe->ce_bi;
+ cache_manager *cm = on->on_bi.bi_private;
+ struct berval bv;
+
+ /* FIXME: should not hardcode "olcDatabase" here */
+ bv.bv_len = sprintf( ca->msg, "olcDatabase=%s", cm->db.bd_info->bi_type );
+ bv.bv_val = ca->msg;
+ ca->be = &cm->db;
+
+ /* We can only create this entry if the database is table-driven
+ */
+ if ( cm->db.bd_info->bi_cf_ocs )
+ config_build_entry( op, rs, pe, ca, &bv, cm->db.bd_info->bi_cf_ocs,
+ &pcocs[1] );
+
+ return 0;
+}
+
+static int
+pc_cf_gen( ConfigArgs *c )
+{
+ slap_overinst *on = (slap_overinst *)c->bi;
+ cache_manager* cm = on->on_bi.bi_private;
+ query_manager* qm = cm->qm;
+ QueryTemplate* temp;
+ AttributeName* attr_name;
+ AttributeName* attrarray;
+ const char* text=NULL;
+ int i, num, rc = 0;
+ char *ptr;
+ unsigned long t;
+
+ if ( c->op == SLAP_CONFIG_EMIT ) {
+ struct berval bv;
+ switch( c->type ) {
+ case PC_MAIN:
+ bv.bv_len = snprintf( c->msg, sizeof( c->msg ), "%s %d %d %d %ld",
+ cm->db.bd_info->bi_type, cm->max_entries, cm->numattrsets,
+ cm->num_entries_limit, cm->cc_period );
+ bv.bv_val = c->msg;
+ value_add_one( &c->rvalue_vals, &bv );
+ break;
+ case PC_ATTR:
+ for (i=0; i<cm->numattrsets; i++) {
+ if ( !qm->attr_sets[i].count ) continue;
+
+ bv.bv_len = snprintf( c->msg, sizeof( c->msg ), "%d", i );
+
+ /* count the attr length */
+ for ( attr_name = qm->attr_sets[i].attrs;
+ attr_name->an_name.bv_val; attr_name++ )
+ bv.bv_len += attr_name->an_name.bv_len + 1;
+
+ bv.bv_val = ch_malloc( bv.bv_len+1 );
+ ptr = lutil_strcopy( bv.bv_val, c->msg );
+ for ( attr_name = qm->attr_sets[i].attrs;
+ attr_name->an_name.bv_val; attr_name++ ) {
+ *ptr++ = ' ';
+ ptr = lutil_strcopy( ptr, attr_name->an_name.bv_val );
+ }
+ ber_bvarray_add( &c->rvalue_vals, &bv );
+ }
+ if ( !c->rvalue_vals )
+ rc = 1;
+ break;
+ case PC_TEMP:
+ for (i=0; i<cm->numtemplates; i++) {
+ if ( qm->templates[i].negttl ) {
+ bv.bv_len = snprintf( c->msg, sizeof( c->msg ),
+ " %d %ld %ld",
+ qm->templates[i].attr_set_index,
+ qm->templates[i].ttl,
+ qm->templates[i].negttl );
+ } else {
+ bv.bv_len = snprintf( c->msg, sizeof( c->msg ), " %d %ld",
+ qm->templates[i].attr_set_index,
+ qm->templates[i].ttl );
+ }
+ bv.bv_len += qm->templates[i].querystr.bv_len + 2;
+ bv.bv_val = ch_malloc( bv.bv_len+1 );
+ ptr = bv.bv_val;
+ *ptr++ = '"';
+ ptr = lutil_strcopy( ptr, qm->templates[i].querystr.bv_val );
+ *ptr++ = '"';
+ strcpy( ptr, c->msg );
+ ber_bvarray_add( &c->rvalue_vals, &bv );
+ }
+ if ( !c->rvalue_vals )
+ rc = 1;
+ break;
+ case PC_RESP:
+ if ( cm->response_cb == PCACHE_RESPONSE_CB_HEAD ) {
+ BER_BVSTR( &bv, "head" );
+ } else {
+ BER_BVSTR( &bv, "tail" );
+ }
+ value_add_one( &c->rvalue_vals, &bv );
+ break;
+ case PC_QUERIES:
+ c->value_int = cm->max_queries;
+ break;
+ }
+ return rc;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ return 1; /* FIXME */
+#if 0
+ switch( c->type ) {
+ case PC_ATTR:
+ case PC_TEMP:
+ }
+ return rc;
+#endif
+ }
+
+ switch( c->type ) {
+ case PC_MAIN:
+ if ( cm->numattrsets > 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "\"proxycache\" directive already provided" );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+
+ if ( lutil_atoi( &cm->numattrsets, c->argv[3] ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "unable to parse num attrsets=\"%s\" (arg #3)",
+ c->argv[3] );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+ if ( cm->numattrsets <= 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "numattrsets (arg #3) must be positive" );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+ if ( cm->numattrsets > MAX_ATTR_SETS ) {
+ snprintf( c->msg, sizeof( c->msg ), "numattrsets (arg #3) must be <= %d", MAX_ATTR_SETS );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+
+ if ( !backend_db_init( c->argv[1], &cm->db )) {
+ snprintf( c->msg, sizeof( c->msg ), "unknown backend type (arg #1)" );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+
+ if ( lutil_atoi( &cm->max_entries, c->argv[2] ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "unable to parse max entries=\"%s\" (arg #2)",
+ c->argv[2] );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+ if ( cm->max_entries <= 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "max entries (arg #2) must be positive.\n" );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+
+ if ( lutil_atoi( &cm->num_entries_limit, c->argv[4] ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "unable to parse entry limit=\"%s\" (arg #4)",
+ c->argv[4] );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+ if ( cm->num_entries_limit <= 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "entry limit (arg #4) must be positive" );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+ if ( cm->num_entries_limit > cm->max_entries ) {
+ snprintf( c->msg, sizeof( c->msg ), "entry limit (arg #4) must be less than max entries %d (arg #2)", cm->max_entries );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+
+ if ( lutil_parse_time( c->argv[5], &t ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "unable to parse period=\"%s\" (arg #5)",
+ c->argv[5] );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+ cm->cc_period = (time_t)t;
+ Debug( pcache_debug,
+ "Total # of attribute sets to be cached = %d.\n",
+ cm->numattrsets, 0, 0 );
+ qm->attr_sets = ( struct attr_set * )ch_calloc( cm->numattrsets,
+ sizeof( struct attr_set ) );
+ break;
+ case PC_ATTR:
+ if ( cm->numattrsets == 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "\"proxycache\" directive not provided yet" );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+ if ( lutil_atoi( &num, c->argv[1] ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "unable to parse attrset #=\"%s\"",
+ c->argv[1] );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+
+ if ( num < 0 || num >= cm->numattrsets ) {
+ snprintf( c->msg, sizeof( c->msg ), "attrset index %d out of bounds (must be %s%d)",
+ num, cm->numattrsets > 1 ? "0->" : "", cm->numattrsets - 1 );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ qm->attr_sets[num].flags |= PC_CONFIGURED;
+ if ( c->argc > 2 && strcmp( c->argv[2], "*" ) ) {
+ qm->attr_sets[num].count = c->argc - 2;
+ qm->attr_sets[num].attrs = (AttributeName*)ch_malloc(
+ (c->argc-1) * sizeof( AttributeName ));
+ attr_name = qm->attr_sets[num].attrs;
+ for ( i = 2; i < c->argc; i++ ) {
+ attr_name->an_desc = NULL;
+ if ( slap_str2ad( c->argv[i],
+ &attr_name->an_desc, &text ) )
+ {
+ strcpy( c->msg, text );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ ch_free( qm->attr_sets[num].attrs );
+ qm->attr_sets[num].attrs = NULL;
+ qm->attr_sets[num].count = 0;
+ return 1;
+ }
+ attr_name->an_name = attr_name->an_desc->ad_cname;
+ attr_name->an_oc = NULL;
+ attr_name->an_oc_exclude = 0;
+ if ( attr_name->an_desc == slap_schema.si_ad_objectClass )
+ qm->attr_sets[num].flags |= PC_GOT_OC;
+ attr_name++;
+ BER_BVZERO( &attr_name->an_name );
+ }
+ }
+ break;
+ case PC_TEMP:
+ if ( cm->numattrsets == 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "\"proxycache\" directive not provided yet" );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+ if ( lutil_atoi( &i, c->argv[2] ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "unable to parse template #=\"%s\"",
+ c->argv[2] );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+
+ if ( i < 0 || i >= cm->numattrsets ) {
+ snprintf( c->msg, sizeof( c->msg ), "template index %d invalid (%s%d)",
+ i, cm->numattrsets > 1 ? "0->" : "", cm->numattrsets - 1 );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ num = cm->numtemplates;
+ qm->templates = ( QueryTemplate* )ch_realloc( qm->templates,
+ ( num + 2 ) * sizeof( QueryTemplate ));
+ temp = qm->templates + num;
+ ldap_pvt_thread_rdwr_init( &temp->t_rwlock );
+ temp->query = temp->query_last = NULL;
+ if ( lutil_parse_time( c->argv[3], &t ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "unable to parse template ttl=\"%s\"",
+ c->argv[3] );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+ temp->ttl = (time_t)t;
+ if ( c->argc == 5 ) {
+ if ( lutil_parse_time( c->argv[4], &t ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "unable to parse template negttl=\"%s\"",
+ c->argv[4] );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+ temp->negttl = (time_t)t;
+ } else {
+ temp->negttl = 0;
+ }
+
+ temp->no_of_queries = 0;
+
+ ber_str2bv( c->argv[1], 0, 1, &temp->querystr );
+ Debug( pcache_debug, "Template:\n", 0, 0, 0 );
+ Debug( pcache_debug, " query template: %s\n",
+ temp->querystr.bv_val, 0, 0 );
+ temp->attr_set_index = i;
+ qm->attr_sets[i].flags |= PC_REFERENCED;
+ Debug( pcache_debug, " attributes: \n", 0, 0, 0 );
+ if ( ( attrarray = qm->attr_sets[i].attrs ) != NULL ) {
+ for ( i=0; attrarray[i].an_name.bv_val; i++ )
+ Debug( pcache_debug, "\t%s\n",
+ attrarray[i].an_name.bv_val, 0, 0 );
+ }
+ temp++;
+ temp->querystr.bv_val = NULL;
+ cm->numtemplates++;
+ break;
+ case PC_RESP:
+ if ( strcasecmp( c->argv[1], "head" ) == 0 ) {
+ cm->response_cb = PCACHE_RESPONSE_CB_HEAD;
+
+ } else if ( strcasecmp( c->argv[1], "tail" ) == 0 ) {
+ cm->response_cb = PCACHE_RESPONSE_CB_TAIL;
+
+ } else {
+ snprintf( c->msg, sizeof( c->msg ), "unknown specifier" );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ break;
+ case PC_QUERIES:
+ if ( c->value_int <= 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "max queries must be positive" );
+ Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
+ return( 1 );
+ }
+ cm->max_queries = c->value_int;
+ break;
+ }
+ return rc;
+}
+
+static int
+pcache_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ cache_manager* cm = on->on_bi.bi_private;
+
+ /* Something for the cache database? */
+ if ( cm->db.bd_info && cm->db.bd_info->bi_db_config )
+ return cm->db.bd_info->bi_db_config( &cm->db, fname, lineno,
+ argc, argv );
+ return SLAP_CONF_UNKNOWN;
+}
+
+static int
+pcache_db_init(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ cache_manager *cm;
+ query_manager *qm;
+
+ cm = (cache_manager *)ch_malloc(sizeof(cache_manager));
+ on->on_bi.bi_private = cm;
+
+ qm = (query_manager*)ch_malloc(sizeof(query_manager));
+
+ cm->db = *be;
+ SLAP_DBFLAGS(&cm->db) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
+ cm->db.be_private = NULL;
+ cm->db.be_pcl_mutexp = &cm->db.be_pcl_mutex;
+ cm->qm = qm;
+ cm->numattrsets = 0;
+ cm->numtemplates = 0;
+ cm->num_entries_limit = 5;
+ cm->num_cached_queries = 0;
+ cm->max_entries = 0;
+ cm->cur_entries = 0;
+ cm->max_queries = 10000;
+ cm->response_cb = PCACHE_RESPONSE_CB_TAIL;
+ cm->cc_period = 1000;
+ cm->cc_paused = 0;
+
+ qm->attr_sets = NULL;
+ qm->templates = NULL;
+ qm->lru_top = NULL;
+ qm->lru_bottom = NULL;
+
+ qm->qcfunc = query_containment;
+ qm->crfunc = cache_replacement;
+ qm->addfunc = add_query;
+ ldap_pvt_thread_mutex_init(&qm->lru_mutex);
+
+ ldap_pvt_thread_mutex_init(&cm->cache_mutex);
+ return 0;
+}
+
+static int
+pcache_db_open(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ cache_manager *cm = on->on_bi.bi_private;
+ query_manager* qm = cm->qm;
+ int i, ncf = 0, rf = 0, nrf = 0, rc = 0;
+
+ /* check attr sets */
+ for ( i = 0; i < cm->numattrsets; i++) {
+ if ( !( qm->attr_sets[i].flags & PC_CONFIGURED ) ) {
+ if ( qm->attr_sets[i].flags & PC_REFERENCED ) {
+ Debug( LDAP_DEBUG_CONFIG, "pcache: attr set #%d not configured but referenced.\n", i, 0, 0 );
+ rf++;
+
+ } else {
+ Debug( LDAP_DEBUG_CONFIG, "pcache: warning, attr set #%d not configured.\n", i, 0, 0 );
+ }
+ ncf++;
+
+ } else if ( !( qm->attr_sets[i].flags & PC_REFERENCED ) ) {
+ Debug( LDAP_DEBUG_CONFIG, "pcache: attr set #%d configured but not referenced.\n", i, 0, 0 );
+ nrf++;
+ }
+ }
+
+ if ( ncf || rf || nrf ) {
+ Debug( LDAP_DEBUG_CONFIG, "pcache: warning, %d attr sets configured but not referenced.\n", nrf, 0, 0 );
+ Debug( LDAP_DEBUG_CONFIG, "pcache: warning, %d attr sets not configured.\n", ncf, 0, 0 );
+ Debug( LDAP_DEBUG_CONFIG, "pcache: %d attr sets not configured but referenced.\n", rf, 0, 0 );
+
+ if ( rf > 0 ) {
+ return 1;
+ }
+ }
+
+ /* need to inherit something from the original database... */
+ cm->db.be_def_limit = be->be_def_limit;
+ cm->db.be_limits = be->be_limits;
+ cm->db.be_acl = be->be_acl;
+ cm->db.be_dfltaccess = be->be_dfltaccess;
+
+ rc = backend_startup_one( &cm->db );
+
+ /* There is no runqueue in TOOL mode */
+ if ( slapMode & SLAP_SERVER_MODE ) {
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ ldap_pvt_runqueue_insert( &slapd_rq, cm->cc_period,
+ consistency_check, on,
+ "pcache_consistency", be->be_suffix[0].bv_val );
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+
+ /* Cached database must have the rootdn */
+ if ( BER_BVISNULL( &cm->db.be_rootndn )
+ || BER_BVISEMPTY( &cm->db.be_rootndn ) )
+ {
+ Debug( LDAP_DEBUG_ANY, "pcache_db_open(): "
+ "underlying database of type \"%s\"\n"
+ " serving naming context \"%s\"\n"
+ " has no \"rootdn\", required by \"proxycache\".\n",
+ on->on_info->oi_orig->bi_type,
+ cm->db.be_suffix[0].bv_val, 0 );
+ return 1;
+ }
+ }
+
+ return rc;
+}
+
+static int
+pcache_db_close(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ cache_manager *cm = on->on_bi.bi_private;
+ query_manager *qm = cm->qm;
+ int i, j, rc = 0;
+
+ /* cleanup stuff inherited from the original database... */
+ cm->db.be_limits = NULL;
+ cm->db.be_acl = NULL;
+
+ if ( cm->db.bd_info->bi_db_close ) {
+ rc = cm->db.bd_info->bi_db_close( &cm->db );
+ }
+ for ( i=0; i<cm->numtemplates; i++ ) {
+ CachedQuery *qc, *qn;
+ for ( qc = qm->templates[i].query; qc; qc = qn ) {
+ qn = qc->next;
+ free_query( qc );
+ }
+ free( qm->templates[i].querystr.bv_val );
+ ldap_pvt_thread_rdwr_destroy( &qm->templates[i].t_rwlock );
+ }
+ free( qm->templates );
+ qm->templates = NULL;
+
+ for ( i=0; i<cm->numattrsets; i++ ) {
+ free( qm->attr_sets[i].attrs );
+ }
+ free( qm->attr_sets );
+ qm->attr_sets = NULL;
+
+ return rc;
+}
+
+static int
+pcache_db_destroy(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ cache_manager *cm = on->on_bi.bi_private;
+ query_manager *qm = cm->qm;
+
+ /* cleanup stuff inherited from the original database... */
+ cm->db.be_suffix = NULL;
+ cm->db.be_nsuffix = NULL;
+ BER_BVZERO( &cm->db.be_rootdn );
+ BER_BVZERO( &cm->db.be_rootndn );
+ BER_BVZERO( &cm->db.be_rootpw );
+ /* FIXME: there might be more... */
+
+ if ( cm->db.be_private != NULL ) {
+ backend_destroy_one( &cm->db, 0 );
+ }
+
+ ldap_pvt_thread_mutex_destroy( &qm->lru_mutex );
+ ldap_pvt_thread_mutex_destroy( &cm->cache_mutex );
+ free( qm );
+ free( cm );
+
+ return 0;
+}
+
+static slap_overinst pcache;
+
+int pcache_initialize()
+{
+ LDAPAttributeType *at;
+ int code;
+ const char *err;
+ struct berval debugbv = BER_BVC("pcache");
+
+ if (( code = slap_loglevel_get( &debugbv, &pcache_debug )))
+ return code;
+
+ at = ldap_str2attributetype( queryid_schema, &code, &err,
+ LDAP_SCHEMA_ALLOW_ALL );
+ if ( !at ) {
+ Debug( LDAP_DEBUG_ANY,
+ "pcache_initialize: ldap_str2attributetype failed %s %s\n",
+ ldap_scherr2str(code), err, 0 );
+ return code;
+ }
+ code = at_add( at, 0, NULL, &err );
+ if ( !code ) {
+ slap_str2ad( at->at_names[0], &ad_queryid, &err );
+ }
+ ldap_memfree( at );
+ if ( code ) {
+ Debug( LDAP_DEBUG_ANY,
+ "pcache_initialize: at_add failed %s %s\n",
+ scherr2str(code), err, 0 );
+ return code;
+ }
+
+ pcache.on_bi.bi_type = "pcache";
+ pcache.on_bi.bi_db_init = pcache_db_init;
+ pcache.on_bi.bi_db_config = pcache_db_config;
+ pcache.on_bi.bi_db_open = pcache_db_open;
+ pcache.on_bi.bi_db_close = pcache_db_close;
+ pcache.on_bi.bi_db_destroy = pcache_db_destroy;
+
+ pcache.on_bi.bi_op_search = pcache_op_search;
+
+ pcache.on_bi.bi_chk_controls = pcache_chk_controls;
+
+ pcache.on_bi.bi_cf_ocs = pcocs;
+
+ code = config_register_schema( pccfg, pcocs );
+ if ( code ) return code;
+
+ return overlay_register( &pcache );
+}
+
+#if SLAPD_OVER_PROXYCACHE == SLAPD_MOD_DYNAMIC
+int init_module(int argc, char *argv[]) {
+ return pcache_initialize();
+}
+#endif
+
+#endif /* defined(SLAPD_OVER_PROXYCACHE) */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/ppolicy.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/ppolicy.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/ppolicy.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2208 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/ppolicy.c,v 1.31.2.29 2007/02/08 12:31:24 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004-2005 Howard Chu, Symas Corporation.
+ * Portions Copyright 2004 Hewlett-Packard Company.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was developed by Howard Chu for inclusion in
+ * OpenLDAP Software, based on prior work by Neil Dunbar (HP).
+ * This work was sponsored by the Hewlett-Packard Company.
+ */
+
+#include "portable.h"
+
+/* This file implements "Password Policy for LDAP Directories",
+ * based on draft behera-ldap-password-policy-09
+ */
+
+#ifdef SLAPD_OVER_PPOLICY
+
+#include <ldap.h>
+#include "lutil.h"
+#include "slap.h"
+#if SLAPD_MODULES
+#define LIBLTDL_DLL_IMPORT /* Win32: don't re-export libltdl's symbols */
+#include <ltdl.h>
+#endif
+#include <ac/errno.h>
+#include <ac/time.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include "config.h"
+
+#ifndef MODULE_NAME_SZ
+#define MODULE_NAME_SZ 256
+#endif
+
+/* Per-instance configuration information */
+typedef struct pp_info {
+ struct berval def_policy; /* DN of default policy subentry */
+ int use_lockout; /* send AccountLocked result? */
+ int hash_passwords; /* transparently hash cleartext pwds */
+} pp_info;
+
+/* Our per-connection info - note, it is not per-instance, it is
+ * used by all instances
+ */
+typedef struct pw_conn {
+ struct berval dn; /* DN of restricted user */
+} pw_conn;
+
+static pw_conn *pwcons;
+static int ppolicy_cid;
+
+typedef struct pass_policy {
+ AttributeDescription *ad; /* attribute to which the policy applies */
+ int pwdMinAge; /* minimum time (seconds) until passwd can change */
+ int pwdMaxAge; /* time in seconds until pwd will expire after change */
+ int pwdInHistory; /* number of previous passwords kept */
+ int pwdCheckQuality; /* 0 = don't check quality, 1 = check if possible,
+ 2 = check mandatory; fail if not possible */
+ int pwdMinLength; /* minimum number of chars in password */
+ int pwdExpireWarning; /* number of seconds that warning controls are
+ sent before a password expires */
+ int pwdGraceAuthNLimit; /* number of times you can log in with an
+ expired password */
+ int pwdLockout; /* 0 = do not lockout passwords, 1 = lock them out */
+ int pwdLockoutDuration; /* time in seconds a password is locked out for */
+ int pwdMaxFailure; /* number of failed binds allowed before lockout */
+ int pwdFailureCountInterval; /* number of seconds before failure
+ counts are zeroed */
+ int pwdMustChange; /* 0 = users can use admin set password
+ 1 = users must change password after admin set */
+ int pwdAllowUserChange; /* 0 = users cannot change their passwords
+ 1 = users can change them */
+ int pwdSafeModify; /* 0 = old password doesn't need to come
+ with password change request
+ 1 = password change must supply existing pwd */
+ char pwdCheckModule[MODULE_NAME_SZ]; /* name of module to dynamically
+ load to check password */
+} PassPolicy;
+
+typedef struct pw_hist {
+ time_t t; /* timestamp of history entry */
+ struct berval pw; /* old password hash */
+ struct berval bv; /* text of entire entry */
+ struct pw_hist *next;
+} pw_hist;
+
+/* Operational attributes */
+static AttributeDescription *ad_pwdChangedTime, *ad_pwdAccountLockedTime,
+ *ad_pwdFailureTime, *ad_pwdHistory, *ad_pwdGraceUseTime, *ad_pwdReset,
+ *ad_pwdPolicySubentry;
+
+static struct schema_info {
+ char *def;
+ AttributeDescription **ad;
+} pwd_OpSchema[] = {
+ { "( 1.3.6.1.4.1.42.2.27.8.1.16 "
+ "NAME ( 'pwdChangedTime' ) "
+ "DESC 'The time the password was last changed' "
+ "EQUALITY generalizedTimeMatch "
+ "ORDERING generalizedTimeOrderingMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
+ &ad_pwdChangedTime },
+ { "( 1.3.6.1.4.1.42.2.27.8.1.17 "
+ "NAME ( 'pwdAccountLockedTime' ) "
+ "DESC 'The time an user account was locked' "
+ "EQUALITY generalizedTimeMatch "
+ "ORDERING generalizedTimeOrderingMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
+ "SINGLE-VALUE "
+#if 0
+ /* Not until MANAGEDIT control is released */
+ "NO-USER-MODIFICATION "
+#endif
+ "USAGE directoryOperation )",
+ &ad_pwdAccountLockedTime },
+ { "( 1.3.6.1.4.1.42.2.27.8.1.19 "
+ "NAME ( 'pwdFailureTime' ) "
+ "DESC 'The timestamps of the last consecutive authentication failures' "
+ "EQUALITY generalizedTimeMatch "
+ "ORDERING generalizedTimeOrderingMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
+ "NO-USER-MODIFICATION USAGE directoryOperation )",
+ &ad_pwdFailureTime },
+ { "( 1.3.6.1.4.1.42.2.27.8.1.20 "
+ "NAME ( 'pwdHistory' ) "
+ "DESC 'The history of users passwords' "
+ "EQUALITY octetStringMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 "
+ "NO-USER-MODIFICATION USAGE directoryOperation )",
+ &ad_pwdHistory },
+ { "( 1.3.6.1.4.1.42.2.27.8.1.21 "
+ "NAME ( 'pwdGraceUseTime' ) "
+ "DESC 'The timestamps of the grace login once the password has expired' "
+ "EQUALITY generalizedTimeMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
+ "NO-USER-MODIFICATION USAGE directoryOperation )",
+ &ad_pwdGraceUseTime },
+ { "( 1.3.6.1.4.1.42.2.27.8.1.22 "
+ "NAME ( 'pwdReset' ) "
+ "DESC 'The indication that the password has been reset' "
+ "EQUALITY booleanMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
+ "SINGLE-VALUE USAGE directoryOperation )",
+ &ad_pwdReset },
+ { "( 1.3.6.1.4.1.42.2.27.8.1.23 "
+ "NAME ( 'pwdPolicySubentry' ) "
+ "DESC 'The pwdPolicy subentry in effect for this object' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
+ "SINGLE-VALUE "
+#if 0
+ /* Not until MANAGEDIT control is released */
+ "NO-USER-MODIFICATION "
+#endif
+ "USAGE directoryOperation )",
+ &ad_pwdPolicySubentry },
+ { NULL, NULL }
+};
+
+/* User attributes */
+static AttributeDescription *ad_pwdMinAge, *ad_pwdMaxAge, *ad_pwdInHistory,
+ *ad_pwdCheckQuality, *ad_pwdMinLength, *ad_pwdMaxFailure,
+ *ad_pwdGraceAuthNLimit, *ad_pwdExpireWarning, *ad_pwdLockoutDuration,
+ *ad_pwdFailureCountInterval, *ad_pwdCheckModule, *ad_pwdLockout,
+ *ad_pwdMustChange, *ad_pwdAllowUserChange, *ad_pwdSafeModify,
+ *ad_pwdAttribute;
+
+#define TAB(name) { #name, &ad_##name }
+
+static struct schema_info pwd_UsSchema[] = {
+ TAB(pwdAttribute),
+ TAB(pwdMinAge),
+ TAB(pwdMaxAge),
+ TAB(pwdInHistory),
+ TAB(pwdCheckQuality),
+ TAB(pwdMinLength),
+ TAB(pwdMaxFailure),
+ TAB(pwdGraceAuthNLimit),
+ TAB(pwdExpireWarning),
+ TAB(pwdLockout),
+ TAB(pwdLockoutDuration),
+ TAB(pwdFailureCountInterval),
+ TAB(pwdCheckModule),
+ TAB(pwdMustChange),
+ TAB(pwdAllowUserChange),
+ TAB(pwdSafeModify),
+ { NULL, NULL }
+};
+
+static ldap_pvt_thread_mutex_t chk_syntax_mutex;
+
+enum {
+ PPOLICY_DEFAULT = 1,
+ PPOLICY_HASH_CLEARTEXT,
+ PPOLICY_USE_LOCKOUT
+};
+
+static ConfigDriver ppolicy_cf_default;
+
+static ConfigTable ppolicycfg[] = {
+ { "ppolicy_default", "policyDN", 2, 2, 0,
+ ARG_DN|ARG_MAGIC|PPOLICY_DEFAULT, ppolicy_cf_default,
+ "( OLcfgOvAt:12.1 NAME 'olcPPolicyDefault' "
+ "DESC 'DN of a pwdPolicy object for uncustomized objects' "
+ "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
+ { "ppolicy_hash_cleartext", "on|off", 1, 2, 0,
+ ARG_ON_OFF|ARG_OFFSET|PPOLICY_HASH_CLEARTEXT,
+ (void *)offsetof(pp_info,hash_passwords),
+ "( OLcfgOvAt:12.2 NAME 'olcPPolicyHashCleartext' "
+ "DESC 'Hash passwords on add or modify' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { "ppolicy_use_lockout", "on|off", 1, 2, 0,
+ ARG_ON_OFF|ARG_OFFSET|PPOLICY_USE_LOCKOUT,
+ (void *)offsetof(pp_info,use_lockout),
+ "( OLcfgOvAt:12.3 NAME 'olcPPolicyUseLockout' "
+ "DESC 'Warn clients with AccountLocked' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs ppolicyocs[] = {
+ { "( OLcfgOvOc:12.1 "
+ "NAME 'olcPPolicyConfig' "
+ "DESC 'Password Policy configuration' "
+ "SUP olcOverlayConfig "
+ "MAY ( olcPPolicyDefault $ olcPPolicyHashCleartext $ "
+ "olcPPolicyUseLockout ) )",
+ Cft_Overlay, ppolicycfg },
+ { NULL, 0, NULL }
+};
+
+static int
+ppolicy_cf_default( ConfigArgs *c )
+{
+ slap_overinst *on = (slap_overinst *)c->bi;
+ pp_info *pi = (pp_info *)on->on_bi.bi_private;
+ BackendDB *be = (BackendDB *)c->be;
+ const char *text;
+ int rc = ARG_BAD_CONF;
+
+ assert ( c->type == PPOLICY_DEFAULT );
+ Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default\n", 0, 0, 0);
+
+ switch ( c->op ) {
+ case SLAP_CONFIG_EMIT:
+ Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default emit\n", 0, 0, 0);
+ rc = 0;
+ if ( !BER_BVISEMPTY( &pi->def_policy )) {
+ rc = value_add_one( &c->rvalue_vals,
+ &pi->def_policy );
+ if ( rc ) return rc;
+ rc = value_add_one( &c->rvalue_nvals,
+ &pi->def_policy );
+ }
+ break;
+ case LDAP_MOD_DELETE:
+ Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default delete\n", 0, 0, 0);
+ if ( pi->def_policy.bv_val ) {
+ ber_memfree ( pi->def_policy.bv_val );
+ pi->def_policy.bv_val = NULL;
+ }
+ pi->def_policy.bv_len = 0;
+ rc = 0;
+ break;
+ case SLAP_CONFIG_ADD:
+ /* fallthrough to LDAP_MOD_ADD */
+ case LDAP_MOD_ADD:
+ Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default add\n", 0, 0, 0);
+ if ( pi->def_policy.bv_val )
+ ber_memfree ( pi->def_policy.bv_val );
+ pi->def_policy = c->value_ndn;
+ rc = 0;
+ break;
+ default:
+ abort ();
+ }
+
+ return rc;
+}
+
+static time_t
+parse_time( char *atm )
+{
+ struct lutil_tm tm;
+ struct lutil_timet tt;
+ time_t ret = (time_t)-1;
+
+ if ( lutil_parsetime( atm, &tm ) == 0) {
+ lutil_tm2time( &tm, &tt );
+ ret = tt.tt_sec;
+ }
+ return ret;
+}
+
+static int
+account_locked( Operation *op, Entry *e,
+ PassPolicy *pp, Modifications **mod )
+{
+ Attribute *la;
+
+ assert(mod != NULL);
+
+ if ( (la = attr_find( e->e_attrs, ad_pwdAccountLockedTime )) != NULL ) {
+ BerVarray vals = la->a_nvals;
+
+ /*
+ * there is a lockout stamp - we now need to know if it's
+ * a valid one.
+ */
+ if (vals[0].bv_val != NULL) {
+ time_t then, now;
+ Modifications *m;
+
+ if (!pp->pwdLockoutDuration)
+ return 1;
+
+ if ((then = parse_time( vals[0].bv_val )) == (time_t)0)
+ return 1;
+
+ now = slap_get_time();
+
+ if (now < then + pp->pwdLockoutDuration)
+ return 1;
+
+ m = ch_calloc( sizeof(Modifications), 1 );
+ m->sml_op = LDAP_MOD_DELETE;
+ m->sml_flags = 0;
+ m->sml_type = ad_pwdAccountLockedTime->ad_cname;
+ m->sml_desc = ad_pwdAccountLockedTime;
+ m->sml_next = *mod;
+ *mod = m;
+ }
+ }
+
+ return 0;
+}
+
+/* IMPLICIT TAGS, all context-specific */
+#define PPOLICY_WARNING 0xa0L /* constructed + 0 */
+#define PPOLICY_ERROR 0x81L /* primitive + 1 */
+
+#define PPOLICY_EXPIRE 0x80L /* primitive + 0 */
+#define PPOLICY_GRACE 0x81L /* primitive + 1 */
+
+static LDAPControl *
+create_passcontrol( int exptime, int grace, LDAPPasswordPolicyError err )
+{
+ char berbuf[LBER_ELEMENT_SIZEOF], bb2[LBER_ELEMENT_SIZEOF];
+ BerElement *ber = (BerElement *)berbuf, *b2 = (BerElement *)bb2;
+ LDAPControl *c;
+ struct berval bv;
+
+ c = ch_calloc( sizeof( LDAPControl ), 1 );
+ if ( c == NULL ) {
+ return NULL;
+ }
+ c->ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYRESPONSE;
+ c->ldctl_iscritical = 0;
+ BER_BVZERO( &c->ldctl_value );
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+ ber_printf( ber, "{" /*}*/ );
+
+ if ( exptime >= 0 ) {
+ ber_init2( b2, NULL, LBER_USE_DER );
+ ber_printf( b2, "ti", PPOLICY_EXPIRE, exptime );
+ ber_flatten2( b2, &bv, 1 );
+ (void)ber_free_buf(b2);
+ ber_printf( ber, "tO", PPOLICY_WARNING, &bv );
+ ch_free( bv.bv_val );
+ } else if ( grace > 0 ) {
+ ber_init2( b2, NULL, LBER_USE_DER );
+ ber_printf( b2, "ti", PPOLICY_GRACE, grace );
+ ber_flatten2( b2, &bv, 1 );
+ (void)ber_free_buf(b2);
+ ber_printf( ber, "tO", PPOLICY_WARNING, &bv );
+ ch_free( bv.bv_val );
+ }
+
+ if (err != PP_noError ) {
+ ber_printf( ber, "te", PPOLICY_ERROR, err );
+ }
+ ber_printf( ber, /*{*/ "N}" );
+
+ if (ber_flatten2( ber, &(c->ldctl_value), 1 ) == LBER_DEFAULT) {
+ ch_free(c);
+ c = NULL;
+ }
+ (void)ber_free_buf(ber);
+ return c;
+}
+
+static LDAPControl **
+add_passcontrol( Operation *op, SlapReply *rs, LDAPControl *ctrl )
+{
+ LDAPControl **ctrls, **oldctrls = rs->sr_ctrls;
+ int n;
+
+ n = 0;
+ if ( oldctrls ) {
+ for ( ; oldctrls[n]; n++ )
+ ;
+ }
+ n += 2;
+
+ ctrls = op->o_tmpcalloc( sizeof( LDAPControl * ), n, op->o_tmpmemctx );
+
+ n = 0;
+ if ( oldctrls ) {
+ for ( ; oldctrls[n]; n++ ) {
+ ctrls[n] = oldctrls[n];
+ }
+ }
+ ctrls[n] = ctrl;
+ ctrls[n+1] = NULL;
+
+ rs->sr_ctrls = ctrls;
+
+ return oldctrls;
+}
+
+static void
+ppolicy_get( Operation *op, Entry *e, PassPolicy *pp )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ pp_info *pi = on->on_bi.bi_private;
+ Attribute *a;
+ BerVarray vals;
+ int rc;
+ Entry *pe = NULL;
+#if 0
+ const char *text;
+#endif
+
+ memset( pp, 0, sizeof(PassPolicy) );
+
+ pp->ad = slap_schema.si_ad_userPassword;
+
+ /* Users can change their own password by default */
+ pp->pwdAllowUserChange = 1;
+
+ if ((a = attr_find( e->e_attrs, ad_pwdPolicySubentry )) == NULL) {
+ /*
+ * entry has no password policy assigned - use default
+ */
+ vals = &pi->def_policy;
+ if ( !vals->bv_val )
+ goto defaultpol;
+ } else {
+ vals = a->a_nvals;
+ if (vals[0].bv_val == NULL) {
+ Debug( LDAP_DEBUG_ANY,
+ "ppolicy_get: NULL value for policySubEntry\n", 0, 0, 0 );
+ goto defaultpol;
+ }
+ }
+
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ rc = be_entry_get_rw( op, vals, NULL, NULL, 0, &pe );
+ op->o_bd->bd_info = (BackendInfo *)on;
+
+ if ( rc ) goto defaultpol;
+
+#if 0 /* Only worry about userPassword for now */
+ if ((a = attr_find( pe->e_attrs, ad_pwdAttribute )))
+ slap_bv2ad( &a->a_vals[0], &pp->ad, &text );
+#endif
+
+ if ( ( a = attr_find( pe->e_attrs, ad_pwdMinAge ) )
+ && lutil_atoi( &pp->pwdMinAge, a->a_vals[0].bv_val ) != 0 )
+ goto defaultpol;
+ if ( ( a = attr_find( pe->e_attrs, ad_pwdMaxAge ) )
+ && lutil_atoi( &pp->pwdMaxAge, a->a_vals[0].bv_val ) != 0 )
+ goto defaultpol;
+ if ( ( a = attr_find( pe->e_attrs, ad_pwdInHistory ) )
+ && lutil_atoi( &pp->pwdInHistory, a->a_vals[0].bv_val ) != 0 )
+ goto defaultpol;
+ if ( ( a = attr_find( pe->e_attrs, ad_pwdCheckQuality ) )
+ && lutil_atoi( &pp->pwdCheckQuality, a->a_vals[0].bv_val ) != 0 )
+ goto defaultpol;
+ if ( ( a = attr_find( pe->e_attrs, ad_pwdMinLength ) )
+ && lutil_atoi( &pp->pwdMinLength, a->a_vals[0].bv_val ) != 0 )
+ goto defaultpol;
+ if ( ( a = attr_find( pe->e_attrs, ad_pwdMaxFailure ) )
+ && lutil_atoi( &pp->pwdMaxFailure, a->a_vals[0].bv_val ) != 0 )
+ goto defaultpol;
+ if ( ( a = attr_find( pe->e_attrs, ad_pwdGraceAuthNLimit ) )
+ && lutil_atoi( &pp->pwdGraceAuthNLimit, a->a_vals[0].bv_val ) != 0 )
+ goto defaultpol;
+ if ( ( a = attr_find( pe->e_attrs, ad_pwdExpireWarning ) )
+ && lutil_atoi( &pp->pwdExpireWarning, a->a_vals[0].bv_val ) != 0 )
+ goto defaultpol;
+ if ( ( a = attr_find( pe->e_attrs, ad_pwdFailureCountInterval ) )
+ && lutil_atoi( &pp->pwdFailureCountInterval, a->a_vals[0].bv_val ) != 0 )
+ goto defaultpol;
+ if ( ( a = attr_find( pe->e_attrs, ad_pwdLockoutDuration ) )
+ && lutil_atoi( &pp->pwdLockoutDuration, a->a_vals[0].bv_val ) != 0 )
+ goto defaultpol;
+
+ if ( ( a = attr_find( pe->e_attrs, ad_pwdCheckModule ) ) ) {
+ strncpy( pp->pwdCheckModule, a->a_vals[0].bv_val,
+ sizeof(pp->pwdCheckModule) );
+ pp->pwdCheckModule[sizeof(pp->pwdCheckModule)-1] = '\0';
+ }
+
+ if ((a = attr_find( pe->e_attrs, ad_pwdLockout )))
+ pp->pwdLockout = bvmatch( &a->a_nvals[0], &slap_true_bv );
+ if ((a = attr_find( pe->e_attrs, ad_pwdMustChange )))
+ pp->pwdMustChange = bvmatch( &a->a_nvals[0], &slap_true_bv );
+ if ((a = attr_find( pe->e_attrs, ad_pwdAllowUserChange )))
+ pp->pwdAllowUserChange = bvmatch( &a->a_nvals[0], &slap_true_bv );
+ if ((a = attr_find( pe->e_attrs, ad_pwdSafeModify )))
+ pp->pwdSafeModify = bvmatch( &a->a_nvals[0], &slap_true_bv );
+
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ be_entry_release_r( op, pe );
+ op->o_bd->bd_info = (BackendInfo *)on;
+
+ return;
+
+defaultpol:
+ Debug( LDAP_DEBUG_TRACE,
+ "ppolicy_get: using default policy\n", 0, 0, 0 );
+ return;
+}
+
+static int
+password_scheme( struct berval *cred, struct berval *sch )
+{
+ int e;
+
+ assert( cred != NULL );
+
+ if (sch) {
+ sch->bv_val = NULL;
+ sch->bv_len = 0;
+ }
+
+ if ((cred->bv_len == 0) || (cred->bv_val == NULL) ||
+ (cred->bv_val[0] != '{')) return LDAP_OTHER;
+
+ for(e = 1; cred->bv_val[e] && cred->bv_val[e] != '}'; e++);
+ if (cred->bv_val[e]) {
+ int rc;
+ rc = lutil_passwd_scheme( cred->bv_val );
+ if (rc) {
+ if (sch) {
+ sch->bv_val = cred->bv_val;
+ sch->bv_len = e;
+ }
+ return LDAP_SUCCESS;
+ }
+ }
+ return LDAP_OTHER;
+}
+
+static int
+check_password_quality( struct berval *cred, PassPolicy *pp, LDAPPasswordPolicyError *err, Entry *e )
+{
+ int rc = LDAP_SUCCESS, ok = LDAP_SUCCESS;
+ char *ptr = cred->bv_val;
+ struct berval sch;
+
+ assert( cred != NULL );
+ assert( pp != NULL );
+
+ if ((cred->bv_len == 0) || (pp->pwdMinLength > cred->bv_len)) {
+ rc = LDAP_CONSTRAINT_VIOLATION;
+ if ( err ) *err = PP_passwordTooShort;
+ return rc;
+ }
+
+ /*
+ * We need to know if the password is already hashed - if so
+ * what scheme is it. The reason being that the "hash" of
+ * {cleartext} still allows us to check the password.
+ */
+ rc = password_scheme( cred, &sch );
+ if (rc == LDAP_SUCCESS) {
+ if ((sch.bv_val) && (strncasecmp( sch.bv_val, "{cleartext}",
+ sch.bv_len ) == 0)) {
+ /*
+ * We can check the cleartext "hash"
+ */
+ ptr = cred->bv_val + sch.bv_len;
+ } else {
+ /* everything else, we can't check */
+ if (pp->pwdCheckQuality == 2) {
+ rc = LDAP_CONSTRAINT_VIOLATION;
+ if (err) *err = PP_insufficientPasswordQuality;
+ return rc;
+ }
+ /*
+ * We can't check the syntax of the password, but it's not
+ * mandatory (according to the policy), so we return success.
+ */
+
+ return LDAP_SUCCESS;
+ }
+ }
+
+ rc = LDAP_SUCCESS;
+
+ if (pp->pwdCheckModule[0]) {
+#if SLAPD_MODULES
+ lt_dlhandle mod;
+ const char *err;
+
+ if ((mod = lt_dlopen( pp->pwdCheckModule )) == NULL) {
+ err = lt_dlerror();
+
+ Debug(LDAP_DEBUG_ANY,
+ "check_password_quality: lt_dlopen failed: (%s) %s.\n",
+ pp->pwdCheckModule, err, 0 );
+ ok = LDAP_OTHER; /* internal error */
+ } else {
+ int (*prog)( char *passwd, char **text, Entry *ent );
+
+ if ((prog = lt_dlsym( mod, "check_password" )) == NULL) {
+ err = lt_dlerror();
+
+ Debug(LDAP_DEBUG_ANY,
+ "check_password_quality: lt_dlsym failed: (%s) %s.\n",
+ pp->pwdCheckModule, err, 0 );
+ ok = LDAP_OTHER;
+ } else {
+ char *txt = NULL;
+
+ ldap_pvt_thread_mutex_lock( &chk_syntax_mutex );
+ ok = prog( cred->bv_val, &txt, e );
+ ldap_pvt_thread_mutex_unlock( &chk_syntax_mutex );
+ if (ok != LDAP_SUCCESS) {
+ Debug(LDAP_DEBUG_ANY,
+ "check_password_quality: module error: (%s) %s.[%d]\n",
+ pp->pwdCheckModule, txt ? txt : "", ok );
+ free(txt);
+ }
+ }
+
+ lt_dlclose( mod );
+ }
+#else
+ Debug(LDAP_DEBUG_ANY, "check_password_quality: external modules not "
+ "supported. pwdCheckModule ignored.\n", 0, 0, 0);
+#endif /* SLAPD_MODULES */
+ }
+
+
+ if (ok != LDAP_SUCCESS) {
+ rc = LDAP_CONSTRAINT_VIOLATION;
+ if (err) *err = PP_insufficientPasswordQuality;
+ }
+
+ return rc;
+}
+
+static int
+parse_pwdhistory( struct berval *bv, char **oid, time_t *oldtime, struct berval *oldpw )
+{
+ char *ptr;
+ struct berval nv, npw;
+ int i, j;
+
+ assert (bv && (bv->bv_len > 0) && (bv->bv_val) && oldtime && oldpw );
+
+ if ( oid ) {
+ *oid = 0;
+ }
+ *oldtime = (time_t)-1;
+ BER_BVZERO( oldpw );
+
+ ber_dupbv( &nv, bv );
+
+ /* first get the time field */
+ for ( i = 0; (i < nv.bv_len) && (nv.bv_val[i] != '#'); i++ )
+ ;
+ if ( i == nv.bv_len ) {
+ goto exit_failure; /* couldn't locate the '#' separator */
+ }
+ nv.bv_val[i++] = '\0'; /* terminate the string & move to next field */
+ ptr = nv.bv_val;
+ *oldtime = parse_time( ptr );
+ if (*oldtime == (time_t)-1) {
+ goto exit_failure;
+ }
+
+ /* get the OID field */
+ for (ptr = &(nv.bv_val[i]); (i < nv.bv_len) && (nv.bv_val[i] != '#'); i++ )
+ ;
+ if ( i == nv.bv_len ) {
+ goto exit_failure; /* couldn't locate the '#' separator */
+ }
+ nv.bv_val[i++] = '\0'; /* terminate the string & move to next field */
+ if ( oid ) {
+ *oid = ber_strdup( ptr );
+ }
+
+ /* get the length field */
+ for ( ptr = &(nv.bv_val[i]); (i < nv.bv_len) && (nv.bv_val[i] != '#'); i++ )
+ ;
+ if ( i == nv.bv_len ) {
+ goto exit_failure; /* couldn't locate the '#' separator */
+ }
+ nv.bv_val[i++] = '\0'; /* terminate the string & move to next field */
+ oldpw->bv_len = strtol( ptr, NULL, 10 );
+ if (errno == ERANGE) {
+ goto exit_failure;
+ }
+
+ /* lastly, get the octets of the string */
+ for ( j = i, ptr = &(nv.bv_val[i]); i < nv.bv_len; i++ )
+ ;
+ if ( i - j != oldpw->bv_len) {
+ goto exit_failure; /* length is wrong */
+ }
+
+ npw.bv_val = ptr;
+ npw.bv_len = oldpw->bv_len;
+ ber_dupbv( oldpw, &npw );
+ ber_memfree( nv.bv_val );
+
+ return LDAP_SUCCESS;
+
+exit_failure:;
+ if ( oid && *oid ) {
+ ber_memfree(*oid);
+ *oid = NULL;
+ }
+ if ( oldpw->bv_val ) {
+ ber_memfree( oldpw->bv_val);
+ BER_BVZERO( oldpw );
+ }
+ ber_memfree( nv.bv_val );
+
+ return LDAP_OTHER;
+}
+
+static void
+add_to_pwd_history( pw_hist **l, time_t t,
+ struct berval *oldpw, struct berval *bv )
+{
+ pw_hist *p, *p1, *p2;
+
+ if (!l) return;
+
+ p = ch_malloc( sizeof( pw_hist ));
+ p->pw = *oldpw;
+ ber_dupbv( &p->bv, bv );
+ p->t = t;
+ p->next = NULL;
+
+ if (*l == NULL) {
+ /* degenerate case */
+ *l = p;
+ return;
+ }
+ /*
+ * advance p1 and p2 such that p1 is the node before the
+ * new one, and p2 is the node after it
+ */
+ for (p1 = NULL, p2 = *l; p2 && p2->t <= t; p1 = p2, p2=p2->next );
+ p->next = p2;
+ if (p1 == NULL) { *l = p; return; }
+ p1->next = p;
+}
+
+#ifndef MAX_PWD_HISTORY_SZ
+#define MAX_PWD_HISTORY_SZ 1024
+#endif /* MAX_PWD_HISTORY_SZ */
+
+static void
+make_pwd_history_value( char *timebuf, struct berval *bv, Attribute *pa )
+{
+ char str[ MAX_PWD_HISTORY_SZ ];
+ int nlen;
+
+ snprintf( str, MAX_PWD_HISTORY_SZ,
+ "%s#%s#%lu#", timebuf,
+ pa->a_desc->ad_type->sat_syntax->ssyn_oid,
+ (unsigned long) pa->a_nvals[0].bv_len );
+ str[MAX_PWD_HISTORY_SZ-1] = 0;
+ nlen = strlen(str);
+
+ /*
+ * We have to assume that the string is a string of octets,
+ * not readable characters. In reality, yes, it probably is
+ * a readable (ie, base64) string, but we can't count on that
+ * Hence, while the first 3 fields of the password history
+ * are definitely readable (a timestamp, an OID and an integer
+ * length), the remaining octets of the actual password
+ * are deemed to be binary data.
+ */
+ AC_MEMCPY( str + nlen, pa->a_nvals[0].bv_val, pa->a_nvals[0].bv_len );
+ nlen += pa->a_nvals[0].bv_len;
+ bv->bv_val = ch_malloc( nlen + 1 );
+ AC_MEMCPY( bv->bv_val, str, nlen );
+ bv->bv_val[nlen] = '\0';
+ bv->bv_len = nlen;
+}
+
+static void
+free_pwd_history_list( pw_hist **l )
+{
+ pw_hist *p;
+
+ if (!l) return;
+ p = *l;
+ while (p) {
+ pw_hist *pp = p->next;
+
+ free(p->pw.bv_val);
+ free(p->bv.bv_val);
+ free(p);
+ p = pp;
+ }
+ *l = NULL;
+}
+
+typedef struct ppbind {
+ slap_overinst *on;
+ int send_ctrl;
+ LDAPControl **oldctrls;
+ Modifications *mod;
+ LDAPPasswordPolicyError pErr;
+ PassPolicy pp;
+} ppbind;
+
+static void
+ctrls_cleanup( Operation *op, SlapReply *rs, LDAPControl **oldctrls )
+{
+ int n;
+
+ assert( rs->sr_ctrls != NULL );
+ assert( rs->sr_ctrls[0] != NULL );
+
+ for ( n = 0; rs->sr_ctrls[n]; n++ ) {
+ if ( rs->sr_ctrls[n]->ldctl_oid == LDAP_CONTROL_PASSWORDPOLICYRESPONSE ) {
+ ch_free( rs->sr_ctrls[n]->ldctl_value.bv_val );
+ ch_free( rs->sr_ctrls[n] );
+ rs->sr_ctrls[n] = (LDAPControl *)(-1);
+ break;
+ }
+ }
+
+ if ( rs->sr_ctrls[n] == NULL ) {
+ /* missed? */
+ }
+
+ op->o_tmpfree( rs->sr_ctrls, op->o_tmpmemctx );
+
+ rs->sr_ctrls = oldctrls;
+}
+
+static int
+ppolicy_ctrls_cleanup( Operation *op, SlapReply *rs )
+{
+ ppbind *ppb = op->o_callback->sc_private;
+ if ( ppb->send_ctrl ) {
+ ctrls_cleanup( op, rs, ppb->oldctrls );
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+ppolicy_bind_response( Operation *op, SlapReply *rs )
+{
+ ppbind *ppb = op->o_callback->sc_private;
+ slap_overinst *on = ppb->on;
+ Modifications *mod = ppb->mod, *m;
+ int pwExpired = 0;
+ int ngut = -1, warn = -1, age, rc;
+ Attribute *a;
+ time_t now, pwtime = (time_t)-1;
+ char nowstr[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+ struct berval timestamp;
+ BackendInfo *bi = op->o_bd->bd_info;
+ Entry *e;
+
+ /* If we already know it's locked, just get on with it */
+ if ( ppb->pErr != PP_noError ) {
+ goto locked;
+ }
+
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
+ op->o_bd->bd_info = bi;
+
+ if ( rc != LDAP_SUCCESS ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ now = slap_get_time(); /* stored for later consideration */
+ timestamp.bv_val = nowstr;
+ timestamp.bv_len = sizeof(nowstr);
+ slap_timestamp( &now, ×tamp );
+
+ if ( rs->sr_err == LDAP_INVALID_CREDENTIALS ) {
+ int i = 0, fc = 0;
+
+ m = ch_calloc( sizeof(Modifications), 1 );
+ m->sml_op = LDAP_MOD_ADD;
+ m->sml_flags = 0;
+ m->sml_type = ad_pwdFailureTime->ad_cname;
+ m->sml_desc = ad_pwdFailureTime;
+ m->sml_values = ch_calloc( sizeof(struct berval), 2 );
+ m->sml_nvalues = ch_calloc( sizeof(struct berval), 2 );
+
+ ber_dupbv( &m->sml_values[0], ×tamp );
+ ber_dupbv( &m->sml_nvalues[0], ×tamp );
+ m->sml_next = mod;
+ mod = m;
+
+ /*
+ * Count the pwdFailureTimes - if it's
+ * greater than the policy pwdMaxFailure,
+ * then lock the account.
+ */
+ if ((a = attr_find( e->e_attrs, ad_pwdFailureTime )) != NULL) {
+ for(i=0; a->a_nvals[i].bv_val; i++) {
+
+ /*
+ * If the interval is 0, then failures
+ * stay on the record until explicitly
+ * reset by successful authentication.
+ */
+ if (ppb->pp.pwdFailureCountInterval == 0) {
+ fc++;
+ } else if (now <=
+ parse_time(a->a_nvals[i].bv_val) +
+ ppb->pp.pwdFailureCountInterval) {
+
+ fc++;
+ }
+ /*
+ * We only count those failures
+ * which are not due to expire.
+ */
+ }
+ }
+
+ if ((ppb->pp.pwdMaxFailure > 0) &&
+ (fc >= ppb->pp.pwdMaxFailure - 1)) {
+
+ /*
+ * We subtract 1 from the failure max
+ * because the new failure entry hasn't
+ * made it to the entry yet.
+ */
+ m = ch_calloc( sizeof(Modifications), 1 );
+ m->sml_op = LDAP_MOD_REPLACE;
+ m->sml_flags = 0;
+ m->sml_type = ad_pwdAccountLockedTime->ad_cname;
+ m->sml_desc = ad_pwdAccountLockedTime;
+ m->sml_values = ch_calloc( sizeof(struct berval), 2 );
+ m->sml_nvalues = ch_calloc( sizeof(struct berval), 2 );
+ ber_dupbv( &m->sml_values[0], ×tamp );
+ ber_dupbv( &m->sml_nvalues[0], ×tamp );
+ m->sml_next = mod;
+ mod = m;
+ }
+ } else if ( rs->sr_err == LDAP_SUCCESS ) {
+ if ((a = attr_find( e->e_attrs, ad_pwdChangedTime )) != NULL)
+ pwtime = parse_time( a->a_nvals[0].bv_val );
+
+ /* delete all pwdFailureTimes */
+ if ( attr_find( e->e_attrs, ad_pwdFailureTime )) {
+ m = ch_calloc( sizeof(Modifications), 1 );
+ m->sml_op = LDAP_MOD_DELETE;
+ m->sml_flags = 0;
+ m->sml_type = ad_pwdFailureTime->ad_cname;
+ m->sml_desc = ad_pwdFailureTime;
+ m->sml_next = mod;
+ mod = m;
+ }
+
+ /*
+ * check to see if the password must be changed
+ */
+ if ( ppb->pp.pwdMustChange &&
+ (a = attr_find( e->e_attrs, ad_pwdReset )) &&
+ bvmatch( &a->a_nvals[0], &slap_true_bv ) )
+ {
+ /*
+ * need to inject client controls here to give
+ * more information. For the moment, we ensure
+ * that we are disallowed from doing anything
+ * other than change password.
+ */
+ ber_dupbv( &pwcons[op->o_conn->c_conn_idx].dn,
+ &op->o_conn->c_ndn );
+
+ ppb->pErr = PP_changeAfterReset;
+
+ } else {
+ /*
+ * the password does not need to be changed, so
+ * we now check whether the password has expired.
+ *
+ * We can skip this bit if passwords don't age in
+ * the policy. Also, if there was no pwdChangedTime
+ * attribute in the entry, the password never expires.
+ */
+ if (ppb->pp.pwdMaxAge == 0) goto grace;
+
+ if (pwtime != (time_t)-1) {
+ /*
+ * Check: was the last change time of
+ * the password older than the maximum age
+ * allowed. (Ignore case 2 from I-D, it's just silly.)
+ */
+ if (now - pwtime > ppb->pp.pwdMaxAge ) pwExpired = 1;
+ }
+ }
+
+grace:
+ if (!pwExpired) goto check_expiring_password;
+
+ if ((a = attr_find( e->e_attrs, ad_pwdGraceUseTime )) == NULL)
+ ngut = ppb->pp.pwdGraceAuthNLimit;
+ else {
+ for(ngut=0; a->a_nvals[ngut].bv_val; ngut++);
+ ngut = ppb->pp.pwdGraceAuthNLimit - ngut;
+ }
+
+ /*
+ * ngut is the number of remaining grace logins
+ */
+ Debug( LDAP_DEBUG_ANY,
+ "ppolicy_bind: Entry %s has an expired password: %d grace logins\n",
+ e->e_name.bv_val, ngut, 0);
+
+ if (ngut < 1) {
+ ppb->pErr = PP_passwordExpired;
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ goto done;
+ }
+
+ /*
+ * Add a grace user time to the entry
+ */
+ m = ch_calloc( sizeof(Modifications), 1 );
+ m->sml_op = LDAP_MOD_ADD;
+ m->sml_flags = 0;
+ m->sml_type = ad_pwdGraceUseTime->ad_cname;
+ m->sml_desc = ad_pwdGraceUseTime;
+ m->sml_values = ch_calloc( sizeof(struct berval), 2 );
+ m->sml_nvalues = ch_calloc( sizeof(struct berval), 2 );
+ ber_dupbv( &m->sml_values[0], ×tamp );
+ ber_dupbv( &m->sml_nvalues[0], ×tamp );
+ m->sml_next = mod;
+ mod = m;
+
+check_expiring_password:
+ /*
+ * Now we need to check to see
+ * if it is about to expire, and if so, should the user
+ * be warned about it in the password policy control.
+ *
+ * If the password has expired, and we're in the grace period, then
+ * we don't need to do this bit. Similarly, if we don't have password
+ * aging, then there's no need to do this bit either.
+ */
+ if ((ppb->pp.pwdMaxAge < 1) || (pwExpired) || (ppb->pp.pwdExpireWarning < 1))
+ goto done;
+
+ age = (int)(now - pwtime);
+
+ /*
+ * We know that there is a password Change Time attribute - if
+ * there wasn't, then the pwdExpired value would be true, unless
+ * there is no password aging - and if there is no password aging,
+ * then this section isn't called anyway - you can't have an
+ * expiring password if there's no limit to expire.
+ */
+ if (ppb->pp.pwdMaxAge - age < ppb->pp.pwdExpireWarning ) {
+ /*
+ * Set the warning value.
+ */
+ warn = ppb->pp.pwdMaxAge - age; /* seconds left until expiry */
+ if (warn < 0) warn = 0; /* something weird here - why is pwExpired not set? */
+
+ Debug( LDAP_DEBUG_ANY,
+ "ppolicy_bind: Setting warning for password expiry for %s = %d seconds\n",
+ op->o_req_dn.bv_val, warn, 0 );
+ }
+ }
+
+done:
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ be_entry_release_r( op, e );
+
+locked:
+ if ( mod ) {
+ Operation op2 = *op;
+ SlapReply r2 = { REP_RESULT };
+ slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
+
+ /* FIXME: Need to handle replication of some (but not all)
+ * of the operational attributes...
+ */
+ op2.o_tag = LDAP_REQ_MODIFY;
+ op2.o_callback = &cb;
+ op2.orm_modlist = mod;
+ op2.o_dn = op->o_bd->be_rootdn;
+ op2.o_ndn = op->o_bd->be_rootndn;
+ op2.o_bd->bd_info = (BackendInfo *)on->on_info;
+ rc = op->o_bd->be_modify( &op2, &r2 );
+ slap_mods_free( mod, 1 );
+ }
+
+ if ( ppb->send_ctrl ) {
+ LDAPControl *ctrl = NULL;
+ pp_info *pi = on->on_bi.bi_private;
+
+ /* Do we really want to tell that the account is locked? */
+ if ( ppb->pErr == PP_accountLocked && !pi->use_lockout ) {
+ ppb->pErr = PP_noError;
+ }
+ ctrl = create_passcontrol( warn, ngut, ppb->pErr );
+ ppb->oldctrls = add_passcontrol( op, rs, ctrl );
+ op->o_callback->sc_cleanup = ppolicy_ctrls_cleanup;
+ }
+ op->o_bd->bd_info = bi;
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+ppolicy_bind( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+
+ /* Reset lockout status on all Bind requests */
+ if ( !BER_BVISEMPTY( &pwcons[op->o_conn->c_conn_idx].dn )) {
+ ch_free( pwcons[op->o_conn->c_conn_idx].dn.bv_val );
+ BER_BVZERO( &pwcons[op->o_conn->c_conn_idx].dn );
+ }
+
+ /* Root bypasses policy */
+ if ( !be_isroot_dn( op->o_bd, &op->o_req_ndn )) {
+ Entry *e;
+ int rc;
+ ppbind *ppb;
+ slap_callback *cb;
+
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ cb = op->o_tmpcalloc( sizeof(ppbind)+sizeof(slap_callback),
+ 1, op->o_tmpmemctx );
+ ppb = (ppbind *)(cb+1);
+ ppb->on = on;
+ ppb->pErr = PP_noError;
+
+ /* Setup a callback so we can munge the result */
+
+ cb->sc_response = ppolicy_bind_response;
+ cb->sc_next = op->o_callback->sc_next;
+ cb->sc_private = ppb;
+ op->o_callback->sc_next = cb;
+
+ /* Did we receive a password policy request control? */
+ if ( op->o_ctrlflag[ppolicy_cid] ) {
+ ppb->send_ctrl = 1;
+ }
+
+ op->o_bd->bd_info = (BackendInfo *)on;
+ ppolicy_get( op, e, &ppb->pp );
+
+ rc = account_locked( op, e, &ppb->pp, &ppb->mod );
+
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ be_entry_release_r( op, e );
+
+ if ( rc ) {
+ /* This will be the Draft 8 response, Unwilling is bogus */
+ ppb->pErr = PP_accountLocked;
+ send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL );
+ return rs->sr_err;
+ }
+
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+/* Reset the restricted info for the next session on this connection */
+static int
+ppolicy_connection_destroy( BackendDB *bd, Connection *conn )
+{
+ if ( !BER_BVISEMPTY( &pwcons[conn->c_conn_idx].dn )) {
+ ch_free( pwcons[conn->c_conn_idx].dn.bv_val );
+ BER_BVZERO( &pwcons[conn->c_conn_idx].dn );
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+/* Check if this connection is restricted */
+static int
+ppolicy_restrict(
+ Operation *op,
+ SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ int send_ctrl = 0;
+
+ /* Did we receive a password policy request control? */
+ if ( op->o_ctrlflag[ppolicy_cid] ) {
+ send_ctrl = 1;
+ }
+
+ if ( op->o_conn && !BER_BVISEMPTY( &pwcons[op->o_conn->c_conn_idx].dn )) {
+ LDAPControl **oldctrls;
+ /* if the current authcDN doesn't match the one we recorded,
+ * then an intervening Bind has succeeded and the restriction
+ * no longer applies. (ITS#4516)
+ */
+ if ( !dn_match( &op->o_conn->c_ndn,
+ &pwcons[op->o_conn->c_conn_idx].dn )) {
+ ch_free( pwcons[op->o_conn->c_conn_idx].dn.bv_val );
+ BER_BVZERO( &pwcons[op->o_conn->c_conn_idx].dn );
+ return SLAP_CB_CONTINUE;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "connection restricted to password changing only\n", 0, 0, 0);
+ if ( send_ctrl ) {
+ LDAPControl *ctrl = NULL;
+ ctrl = create_passcontrol( -1, -1, PP_changeAfterReset );
+ oldctrls = add_passcontrol( op, rs, ctrl );
+ }
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
+ "Operations are restricted to bind/unbind/abandon/StartTLS/modify password" );
+ if ( send_ctrl ) {
+ ctrls_cleanup( op, rs, oldctrls );
+ }
+ return rs->sr_err;
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+ppolicy_add(
+ Operation *op,
+ SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ pp_info *pi = on->on_bi.bi_private;
+ PassPolicy pp;
+ Attribute *pa;
+ const char *txt;
+
+ if ( ppolicy_restrict( op, rs ) != SLAP_CB_CONTINUE )
+ return rs->sr_err;
+
+ /* If this is a replica, assume the master checked everything */
+ if ( be_shadow_update( op ))
+ return SLAP_CB_CONTINUE;
+
+ /* Check for password in entry */
+ if ((pa = attr_find( op->oq_add.rs_e->e_attrs,
+ slap_schema.si_ad_userPassword )))
+ {
+ assert( pa->a_vals );
+ assert( !BER_BVISNULL( &pa->a_vals[ 0 ] ) );
+
+ if ( !BER_BVISNULL( &pa->a_vals[ 1 ] ) ) {
+ send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION, "Password policy only allows one password value" );
+ return rs->sr_err;
+ }
+
+ /*
+ * new entry contains a password - if we're not the root user
+ * then we need to check that the password fits in with the
+ * security policy for the new entry.
+ */
+ ppolicy_get( op, op->ora_e, &pp );
+ if (pp.pwdCheckQuality > 0 && !be_isroot( op )) {
+ struct berval *bv = &(pa->a_vals[0]);
+ int rc, send_ctrl = 0;
+ LDAPPasswordPolicyError pErr = PP_noError;
+
+ /* Did we receive a password policy request control? */
+ if ( op->o_ctrlflag[ppolicy_cid] ) {
+ send_ctrl = 1;
+ }
+ rc = check_password_quality( bv, &pp, &pErr, op->ora_e );
+ if (rc != LDAP_SUCCESS) {
+ LDAPControl **oldctrls = NULL;
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ if ( send_ctrl ) {
+ LDAPControl *ctrl = NULL;
+ ctrl = create_passcontrol( -1, -1, pErr );
+ oldctrls = add_passcontrol( op, rs, ctrl );
+ }
+ send_ldap_error( op, rs, rc, "Password fails quality checking policy" );
+ if ( send_ctrl ) {
+ ctrls_cleanup( op, rs, oldctrls );
+ }
+ return rs->sr_err;
+ }
+ }
+ /*
+ * A controversial bit. We hash cleartext
+ * passwords provided via add and modify operations
+ * You're not really supposed to do this, since
+ * the X.500 model says "store attributes" as they
+ * get provided. By default, this is what we do
+ *
+ * But if the hash_passwords flag is set, we hash
+ * any cleartext password attribute values via the
+ * default password hashing scheme.
+ */
+ if ((pi->hash_passwords) &&
+ (password_scheme( &(pa->a_vals[0]), NULL ) != LDAP_SUCCESS)) {
+ struct berval hpw;
+
+ slap_passwd_hash( &(pa->a_vals[0]), &hpw, &txt );
+ if (hpw.bv_val == NULL) {
+ /*
+ * hashing didn't work. Emit an error.
+ */
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = txt;
+ send_ldap_error( op, rs, LDAP_OTHER, "Password hashing failed" );
+ return rs->sr_err;
+ }
+
+ memset( pa->a_vals[0].bv_val, 0, pa->a_vals[0].bv_len);
+ ber_memfree( pa->a_vals[0].bv_val );
+ pa->a_vals[0].bv_val = hpw.bv_val;
+ pa->a_vals[0].bv_len = hpw.bv_len;
+ }
+
+ /* If password aging is in effect, set the pwdChangedTime */
+ if ( pp.pwdMaxAge || pp.pwdMinAge ) {
+ struct berval timestamp;
+ char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+ time_t now = slap_get_time();
+
+ timestamp.bv_val = timebuf;
+ timestamp.bv_len = sizeof(timebuf);
+ slap_timestamp( &now, ×tamp );
+
+ attr_merge_one( op->ora_e, ad_pwdChangedTime, ×tamp, ×tamp );
+ }
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+ppolicy_mod_cb( Operation *op, SlapReply *rs )
+{
+ slap_callback *sc = op->o_callback;
+ op->o_callback = sc->sc_next;
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ ch_free( pwcons[op->o_conn->c_conn_idx].dn.bv_val );
+ BER_BVZERO( &pwcons[op->o_conn->c_conn_idx].dn );
+ }
+ op->o_tmpfree( sc, op->o_tmpmemctx );
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+ppolicy_modify( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ pp_info *pi = on->on_bi.bi_private;
+ int i, rc, mod_pw_only, pwmod, pwmop = -1, deladd,
+ hsize = 0;
+ PassPolicy pp;
+ Modifications *mods = NULL, *modtail = NULL,
+ *ml, *delmod, *addmod;
+ Attribute *pa, *ha, at;
+ const char *txt;
+ pw_hist *tl = NULL, *p;
+ int zapReset, send_ctrl = 0;
+ Entry *e;
+ struct berval newpw = BER_BVNULL, oldpw = BER_BVNULL,
+ *bv, cr[2];
+ LDAPPasswordPolicyError pErr = PP_noError;
+ LDAPControl **oldctrls = NULL;
+
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
+ op->o_bd->bd_info = (BackendInfo *)on;
+
+ if ( rc != LDAP_SUCCESS ) return SLAP_CB_CONTINUE;
+
+ /* If this is a replica, we may need to tweak some of the
+ * master's modifications. Otherwise, just pass it through.
+ */
+ if ( be_shadow_update( op )) {
+ Modifications **prev;
+ int got_del_grace = 0, got_del_lock = 0, got_pw = 0, got_del_fail = 0;
+ Attribute *a_grace, *a_lock, *a_fail;
+
+ a_grace = attr_find( e->e_attrs, ad_pwdGraceUseTime );
+ a_lock = attr_find( e->e_attrs, ad_pwdAccountLockedTime );
+ a_fail = attr_find( e->e_attrs, ad_pwdFailureTime );
+
+ for( prev = &op->orm_modlist, ml = *prev; ml; ml = *prev ) {
+
+ if ( ml->sml_desc == slap_schema.si_ad_userPassword )
+ got_pw = 1;
+
+ /* If we're deleting an attr that didn't exist,
+ * drop this delete op
+ */
+ if ( ml->sml_op == LDAP_MOD_DELETE ) {
+ int drop = 0;
+
+ if ( ml->sml_desc == ad_pwdGraceUseTime ) {
+ got_del_grace = 1;
+ if ( !a_grace )
+ drop = 1;
+ } else
+ if ( ml->sml_desc == ad_pwdAccountLockedTime ) {
+ got_del_lock = 1;
+ if ( !a_lock )
+ drop = 1;
+ } else
+ if ( ml->sml_desc == ad_pwdFailureTime ) {
+ got_del_fail = 1;
+ if ( !a_fail )
+ drop = 1;
+ }
+ if ( drop ) {
+ *prev = ml->sml_next;
+ ml->sml_next = NULL;
+ slap_mods_free( ml, 1 );
+ continue;
+ }
+ }
+ prev = &ml->sml_next;
+ }
+
+ /* If we're resetting the password, make sure grace, accountlock,
+ * and failure also get removed.
+ */
+ if ( got_pw ) {
+ if ( a_grace && !got_del_grace ) {
+ ml = (Modifications *) ch_malloc( sizeof( Modifications ) );
+ ml->sml_op = LDAP_MOD_DELETE;
+ ml->sml_flags = SLAP_MOD_INTERNAL;
+ ml->sml_type.bv_val = NULL;
+ ml->sml_desc = ad_pwdGraceUseTime;
+ ml->sml_values = NULL;
+ ml->sml_nvalues = NULL;
+ ml->sml_next = NULL;
+ *prev = ml;
+ prev = &ml->sml_next;
+ }
+ if ( a_lock && !got_del_lock ) {
+ ml = (Modifications *) ch_malloc( sizeof( Modifications ) );
+ ml->sml_op = LDAP_MOD_DELETE;
+ ml->sml_flags = SLAP_MOD_INTERNAL;
+ ml->sml_type.bv_val = NULL;
+ ml->sml_desc = ad_pwdAccountLockedTime;
+ ml->sml_values = NULL;
+ ml->sml_nvalues = NULL;
+ ml->sml_next = NULL;
+ *prev = ml;
+ }
+ if ( a_fail && !got_del_fail ) {
+ ml = (Modifications *) ch_malloc( sizeof( Modifications ) );
+ ml->sml_op = LDAP_MOD_DELETE;
+ ml->sml_flags = SLAP_MOD_INTERNAL;
+ ml->sml_type.bv_val = NULL;
+ ml->sml_desc = ad_pwdFailureTime;
+ ml->sml_values = NULL;
+ ml->sml_nvalues = NULL;
+ ml->sml_next = NULL;
+ *prev = ml;
+ }
+ }
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ be_entry_release_r( op, e );
+ return SLAP_CB_CONTINUE;
+ }
+
+ /* Did we receive a password policy request control? */
+ if ( op->o_ctrlflag[ppolicy_cid] ) {
+ send_ctrl = 1;
+ }
+
+ /* See if this is a pwdModify exop. If so, we can
+ * access the plaintext passwords from that request.
+ */
+ {
+ slap_callback *sc;
+
+ for ( sc = op->o_callback; sc; sc=sc->sc_next ) {
+ if ( sc->sc_response == slap_replog_cb &&
+ sc->sc_private ) {
+ req_pwdexop_s *qpw = sc->sc_private;
+ newpw = qpw->rs_new;
+ oldpw = qpw->rs_old;
+ break;
+ }
+ }
+ }
+
+ ppolicy_get( op, e, &pp );
+
+ for ( ml = op->orm_modlist,
+ pwmod = 0, mod_pw_only = 1,
+ deladd = 0, delmod = NULL,
+ addmod = NULL,
+ zapReset = 1;
+ ml != NULL; modtail = ml, ml = ml->sml_next )
+ {
+ if ( ml->sml_desc == pp.ad ) {
+ pwmod = 1;
+ pwmop = ml->sml_op;
+ if ((deladd == 0) && (ml->sml_op == LDAP_MOD_DELETE) &&
+ (ml->sml_values) && !BER_BVISNULL( &ml->sml_values[0] ))
+ {
+ deladd = 1;
+ delmod = ml;
+ }
+
+ if ((deladd == 1) && ((ml->sml_op == LDAP_MOD_ADD) ||
+ (ml->sml_op == LDAP_MOD_REPLACE)))
+ {
+ deladd = 2;
+ }
+
+ if ((ml->sml_op == LDAP_MOD_ADD) ||
+ (ml->sml_op == LDAP_MOD_REPLACE))
+ {
+ addmod = ml;
+
+ /* FIXME: there's no easy way to ensure
+ * that add does not cause multiple
+ * userPassword values; one way (that
+ * would be consistent with the single
+ * password constraint) would be to turn
+ * add into replace); another would be
+ * to disallow add.
+ *
+ * Let's check at least that a single value
+ * is being added
+ */
+ assert( addmod->sml_values != NULL );
+ assert( !BER_BVISNULL( &addmod->sml_values[ 0 ] ) );
+ if ( !BER_BVISNULL( &addmod->sml_values[ 1 ] ) ) {
+ rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
+ rs->sr_text = "Password policy only allows one password value";
+ goto return_results;
+ }
+ }
+
+ } else if ( !is_at_operational( ml->sml_desc->ad_type ) ) {
+ mod_pw_only = 0;
+ /* modifying something other than password */
+ }
+
+ /*
+ * If there is a request to explicitly add a pwdReset
+ * attribute, then we suppress the normal behaviour on
+ * password change, which is to remove the pwdReset
+ * attribute.
+ *
+ * This enables an administrator to assign a new password
+ * and place a "must reset" flag on the entry, which will
+ * stay until the user explicitly changes his/her password.
+ */
+ if (ml->sml_desc == ad_pwdReset ) {
+ if ((ml->sml_op == LDAP_MOD_ADD) ||
+ (ml->sml_op == LDAP_MOD_REPLACE))
+ zapReset = 0;
+ }
+ }
+
+ if (!BER_BVISEMPTY( &pwcons[op->o_conn->c_conn_idx].dn ) && !mod_pw_only ) {
+ if ( dn_match( &op->o_conn->c_ndn,
+ &pwcons[op->o_conn->c_conn_idx].dn )) {
+ Debug( LDAP_DEBUG_TRACE,
+ "connection restricted to password changing only\n", 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "Operations are restricted to bind/unbind/abandon/StartTLS/modify password";
+ pErr = PP_changeAfterReset;
+ goto return_results;
+ } else {
+ ch_free( pwcons[op->o_conn->c_conn_idx].dn.bv_val );
+ BER_BVZERO( &pwcons[op->o_conn->c_conn_idx].dn );
+ }
+ }
+
+ /*
+ * if we have a "safe password modify policy", then we need to check if we're doing
+ * a delete (with the old password), followed by an add (with the new password).
+ *
+ * If we don't have this, then we fail with an error. We also skip all the checks if
+ * the root user is bound. Root can do anything, including avoid the policies.
+ */
+
+ if (!pwmod) goto do_modify;
+
+ /*
+ * Did we get a valid add mod?
+ */
+
+ if (!addmod) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "Internal Error";
+ Debug( LDAP_DEBUG_TRACE,
+ "cannot locate modification supplying new password\n", 0, 0, 0 );
+ goto return_results;
+ }
+
+ /*
+ * Build the password history list in ascending time order
+ * We need this, even if the user is root, in order to maintain
+ * the pwdHistory operational attributes properly.
+ */
+ if (pp.pwdInHistory > 0 && (ha = attr_find( e->e_attrs, ad_pwdHistory ))) {
+ struct berval oldpw;
+ time_t oldtime;
+
+ for(i=0; ha->a_nvals[i].bv_val; i++) {
+ rc = parse_pwdhistory( &(ha->a_nvals[i]), NULL,
+ &oldtime, &oldpw );
+
+ if (rc != LDAP_SUCCESS) continue; /* invalid history entry */
+
+ if (oldpw.bv_val) {
+ add_to_pwd_history( &tl, oldtime, &oldpw,
+ &(ha->a_nvals[i]) );
+ oldpw.bv_val = NULL;
+ oldpw.bv_len = 0;
+ }
+ }
+ for(p=tl; p; p=p->next, hsize++); /* count history size */
+ }
+
+ if (be_isroot( op )) goto do_modify;
+
+ /* This is a pwdModify exop that provided the old pw.
+ * We need to create a Delete mod for this old pw and
+ * let the matching value get found later
+ */
+ if (pp.pwdSafeModify && oldpw.bv_val ) {
+ ml = (Modifications *)ch_calloc( sizeof( Modifications ), 1 );
+ ml->sml_op = LDAP_MOD_DELETE;
+ ml->sml_flags = SLAP_MOD_INTERNAL;
+ ml->sml_desc = pp.ad;
+ ml->sml_type = pp.ad->ad_cname;
+ ml->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
+ ber_dupbv( &ml->sml_values[0], &oldpw );
+ BER_BVZERO( &ml->sml_values[1] );
+ ml->sml_next = op->orm_modlist;
+ op->orm_modlist = ml;
+ delmod = ml;
+ deladd = 2;
+ }
+
+ if (pp.pwdSafeModify && deladd != 2) {
+ Debug( LDAP_DEBUG_TRACE,
+ "change password must use DELETE followed by ADD/REPLACE\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "Must supply old password to be changed as well as new one";
+ pErr = PP_mustSupplyOldPassword;
+ goto return_results;
+ }
+
+ if (!pp.pwdAllowUserChange) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "User alteration of password is not allowed";
+ pErr = PP_passwordModNotAllowed;
+ goto return_results;
+ }
+
+ if (pp.pwdMinAge > 0) {
+ time_t pwtime = (time_t)-1, now;
+ int age;
+
+ if ((pa = attr_find( e->e_attrs, ad_pwdChangedTime )) != NULL)
+ pwtime = parse_time( pa->a_nvals[0].bv_val );
+ now = slap_get_time();
+ age = (int)(now - pwtime);
+ if ((pwtime != (time_t)-1) && (age < pp.pwdMinAge)) {
+ rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
+ rs->sr_text = "Password is too young to change";
+ pErr = PP_passwordTooYoung;
+ goto return_results;
+ }
+ }
+
+ /* pa is used in password history check below, be sure it's set */
+ if ((pa = attr_find( e->e_attrs, pp.ad )) != NULL && delmod) {
+ /*
+ * we have a password to check
+ */
+ const char *txt;
+
+ bv = oldpw.bv_val ? &oldpw : delmod->sml_values;
+ /* FIXME: no access checking? */
+ rc = slap_passwd_check( op, NULL, pa, bv, &txt );
+ if (rc != LDAP_SUCCESS) {
+ Debug( LDAP_DEBUG_TRACE,
+ "old password check failed: %s\n", txt, 0, 0 );
+
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "Must supply correct old password to change to new one";
+ pErr = PP_mustSupplyOldPassword;
+ goto return_results;
+
+ } else {
+ int i;
+
+ /*
+ * replace the delete value with the (possibly hashed)
+ * value which is currently in the password.
+ */
+ for ( i = 0; !BER_BVISNULL( &delmod->sml_values[i] ); i++ ) {
+ free( delmod->sml_values[i].bv_val );
+ BER_BVZERO( &delmod->sml_values[i] );
+ }
+ free( delmod->sml_values );
+ delmod->sml_values = ch_calloc( sizeof(struct berval), 2 );
+ BER_BVZERO( &delmod->sml_values[1] );
+ ber_dupbv( &(delmod->sml_values[0]), &(pa->a_nvals[0]) );
+ }
+ }
+
+ bv = newpw.bv_val ? &newpw : &addmod->sml_values[0];
+ if (pp.pwdCheckQuality > 0) {
+
+ rc = check_password_quality( bv, &pp, &pErr, e );
+ if (rc != LDAP_SUCCESS) {
+ rs->sr_err = rc;
+ rs->sr_text = "Password fails quality checking policy";
+ goto return_results;
+ }
+ }
+
+ if (pa) {
+ /*
+ * Last check - the password history.
+ */
+ /* FIXME: no access checking? */
+ if (slap_passwd_check( op, NULL, pa, bv, &txt ) == LDAP_SUCCESS) {
+ /*
+ * This is bad - it means that the user is attempting
+ * to set the password to the same as the old one.
+ */
+ rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
+ rs->sr_text = "Password is not being changed from existing value";
+ pErr = PP_passwordInHistory;
+ goto return_results;
+ }
+
+ if (pp.pwdInHistory < 1) goto do_modify;
+
+ /*
+ * Iterate through the password history, and fail on any
+ * password matches.
+ */
+ at = *pa;
+ at.a_vals = cr;
+ cr[1].bv_val = NULL;
+ for(p=tl; p; p=p->next) {
+ cr[0] = p->pw;
+ /* FIXME: no access checking? */
+ rc = slap_passwd_check( op, NULL, &at, bv, &txt );
+
+ if (rc != LDAP_SUCCESS) continue;
+
+ rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
+ rs->sr_text = "Password is in history of old passwords";
+ pErr = PP_passwordInHistory;
+ goto return_results;
+ }
+ }
+
+do_modify:
+ if (pwmod) {
+ struct berval timestamp;
+ char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+ time_t now = slap_get_time();
+
+ /* If the conn is restricted, set a callback to clear it
+ * if the pwmod succeeds
+ */
+ if (!BER_BVISEMPTY( &pwcons[op->o_conn->c_conn_idx].dn )) {
+ slap_callback *sc = op->o_tmpcalloc( 1, sizeof( slap_callback ),
+ op->o_tmpmemctx );
+ sc->sc_next = op->o_callback;
+ /* Must use sc_response to insure we reset on success, before
+ * the client sees the response. Must use sc_cleanup to insure
+ * that it gets cleaned up if sc_response is not called.
+ */
+ sc->sc_response = ppolicy_mod_cb;
+ sc->sc_cleanup = ppolicy_mod_cb;
+ op->o_callback = sc;
+ }
+
+ /*
+ * keep the necessary pwd.. operational attributes
+ * up to date.
+ */
+
+ timestamp.bv_val = timebuf;
+ timestamp.bv_len = sizeof(timebuf);
+ slap_timestamp( &now, ×tamp );
+
+ mods = (Modifications *) ch_calloc( sizeof( Modifications ), 1 );
+ mods->sml_desc = ad_pwdChangedTime;
+ if (pwmop != LDAP_MOD_DELETE) {
+ mods->sml_op = LDAP_MOD_REPLACE;
+ mods->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
+ ber_dupbv( &mods->sml_values[0], ×tamp );
+ BER_BVZERO( &mods->sml_values[1] );
+ assert( !BER_BVISNULL( &mods->sml_values[0] ) );
+
+ } else {
+ mods->sml_op = LDAP_MOD_DELETE;
+ }
+ mods->sml_flags = SLAP_MOD_INTERNAL;
+ mods->sml_next = NULL;
+ modtail->sml_next = mods;
+ modtail = mods;
+
+ if (attr_find(e->e_attrs, ad_pwdGraceUseTime )) {
+ mods = (Modifications *) ch_calloc( sizeof( Modifications ), 1 );
+ mods->sml_op = LDAP_MOD_DELETE;
+ mods->sml_desc = ad_pwdGraceUseTime;
+ mods->sml_flags = SLAP_MOD_INTERNAL;
+ mods->sml_next = NULL;
+ modtail->sml_next = mods;
+ modtail = mods;
+ }
+
+ if (attr_find(e->e_attrs, ad_pwdAccountLockedTime )) {
+ mods = (Modifications *) ch_calloc( sizeof( Modifications ), 1 );
+ mods->sml_op = LDAP_MOD_DELETE;
+ mods->sml_desc = ad_pwdAccountLockedTime;
+ mods->sml_flags = SLAP_MOD_INTERNAL;
+ mods->sml_next = NULL;
+ modtail->sml_next = mods;
+ modtail = mods;
+ }
+
+ if (attr_find(e->e_attrs, ad_pwdFailureTime )) {
+ mods = (Modifications *) ch_calloc( sizeof( Modifications ), 1 );
+ mods->sml_op = LDAP_MOD_DELETE;
+ mods->sml_desc = ad_pwdFailureTime;
+ mods->sml_flags = SLAP_MOD_INTERNAL;
+ mods->sml_next = NULL;
+ modtail->sml_next = mods;
+ modtail = mods;
+ }
+
+ /* Delete the pwdReset attribute, since it's being reset */
+ if ((zapReset) && (attr_find(e->e_attrs, ad_pwdReset ))) {
+ mods = (Modifications *) ch_calloc( sizeof( Modifications ), 1 );
+ mods->sml_op = LDAP_MOD_DELETE;
+ mods->sml_desc = ad_pwdReset;
+ mods->sml_flags = SLAP_MOD_INTERNAL;
+ mods->sml_next = NULL;
+ modtail->sml_next = mods;
+ modtail = mods;
+ }
+
+ if (pp.pwdInHistory > 0) {
+ if (hsize >= pp.pwdInHistory) {
+ /*
+ * We use the >= operator, since we are going to add
+ * the existing password attribute value into the
+ * history - thus the cardinality of history values is
+ * about to rise by one.
+ *
+ * If this would push it over the limit of history
+ * values (remembering - the password policy could have
+ * changed since the password was last altered), we must
+ * delete at least 1 value from the pwdHistory list.
+ *
+ * In fact, we delete '(#pwdHistory attrs - max pwd
+ * history length) + 1' values, starting with the oldest.
+ * This is easily evaluated, since the linked list is
+ * created in ascending time order.
+ */
+ mods = (Modifications *) ch_calloc( sizeof( Modifications ), 1 );
+ mods->sml_op = LDAP_MOD_DELETE;
+ mods->sml_flags = SLAP_MOD_INTERNAL;
+ mods->sml_desc = ad_pwdHistory;
+ mods->sml_values = ch_calloc( sizeof( struct berval ),
+ hsize - pp.pwdInHistory + 2 );
+ BER_BVZERO( &mods->sml_values[ hsize - pp.pwdInHistory + 1 ] );
+ for(i=0,p=tl; i < (hsize - pp.pwdInHistory + 1); i++, p=p->next) {
+ BER_BVZERO( &mods->sml_values[i] );
+ ber_dupbv( &(mods->sml_values[i]), &p->bv );
+ }
+ mods->sml_next = NULL;
+ modtail->sml_next = mods;
+ modtail = mods;
+ }
+ free_pwd_history_list( &tl );
+
+ /*
+ * Now add the existing password into the history list.
+ * This will be executed even if the operation is to delete
+ * the password entirely.
+ *
+ * This isn't in the spec explicitly, but it seems to make
+ * sense that the password history list is the list of all
+ * previous passwords - even if they were deleted. Thus, if
+ * someone tries to add a historical password at some future
+ * point, it will fail.
+ */
+ if ((pa = attr_find( e->e_attrs, pp.ad )) != NULL) {
+ mods = (Modifications *) ch_malloc( sizeof( Modifications ) );
+ mods->sml_op = LDAP_MOD_ADD;
+ mods->sml_flags = SLAP_MOD_INTERNAL;
+ mods->sml_type.bv_val = NULL;
+ mods->sml_desc = ad_pwdHistory;
+ mods->sml_nvalues = NULL;
+ mods->sml_values = ch_calloc( sizeof( struct berval ), 2 );
+ mods->sml_values[ 1 ].bv_val = NULL;
+ mods->sml_values[ 1 ].bv_len = 0;
+ make_pwd_history_value( timebuf, &mods->sml_values[0], pa );
+ mods->sml_next = NULL;
+ modtail->sml_next = mods;
+ modtail = mods;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "ppolicy_modify: password attr lookup failed\n", 0, 0, 0 );
+ }
+ }
+
+ /*
+ * Controversial bit here. If the new password isn't hashed
+ * (ie, is cleartext), we probably should hash it according
+ * to the default hash. The reason for this is that we want
+ * to use the policy if possible, but if we hash the password
+ * before, then we're going to run into trouble when it
+ * comes time to check the password.
+ *
+ * Now, the right thing to do is to use the extended password
+ * modify operation, but not all software can do this,
+ * therefore it makes sense to hash the new password, now
+ * we know it passes the policy requirements.
+ *
+ * Of course, if the password is already hashed, then we
+ * leave it alone.
+ */
+
+ if ((pi->hash_passwords) && (addmod) && !newpw.bv_val &&
+ (password_scheme( &(addmod->sml_values[0]), NULL ) != LDAP_SUCCESS))
+ {
+ struct berval hpw, bv;
+
+ slap_passwd_hash( &(addmod->sml_values[0]), &hpw, &txt );
+ if (hpw.bv_val == NULL) {
+ /*
+ * hashing didn't work. Emit an error.
+ */
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = txt;
+ goto return_results;
+ }
+ bv = addmod->sml_values[0];
+ /* clear and discard the clear password */
+ memset(bv.bv_val, 0, bv.bv_len);
+ ber_memfree(bv.bv_val);
+ addmod->sml_values[0] = hpw;
+ }
+ }
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ be_entry_release_r( op, e );
+ return SLAP_CB_CONTINUE;
+
+return_results:
+ free_pwd_history_list( &tl );
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ be_entry_release_r( op, e );
+ if ( send_ctrl ) {
+ LDAPControl *ctrl = NULL;
+
+ ctrl = create_passcontrol( -1, -1, pErr );
+ oldctrls = add_passcontrol( op, rs, ctrl );
+ }
+ send_ldap_result( op, rs );
+ if ( send_ctrl ) {
+ ctrls_cleanup( op, rs, oldctrls );
+ }
+ return rs->sr_err;
+}
+
+static int
+ppolicy_parseCtrl(
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ if ( ctrl->ldctl_value.bv_len ) {
+ rs->sr_text = "passwordPolicyRequest control value not empty";
+ return LDAP_PROTOCOL_ERROR;
+ }
+ op->o_ctrlflag[ppolicy_cid] = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+attrPretty(
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *out,
+ void *ctx )
+{
+ AttributeDescription *ad = NULL;
+ const char *err;
+ int code;
+
+ code = slap_bv2ad( val, &ad, &err );
+ if ( !code ) {
+ ber_dupbv_x( out, &ad->ad_type->sat_cname, ctx );
+ }
+ return code;
+}
+
+static int
+attrNormalize(
+ slap_mask_t use,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *out,
+ void *ctx )
+{
+ AttributeDescription *ad = NULL;
+ const char *err;
+ int code;
+
+ code = slap_bv2ad( val, &ad, &err );
+ if ( !code ) {
+ ber_str2bv_x( ad->ad_type->sat_oid, 0, 1, out, ctx );
+ }
+ return code;
+}
+
+static int
+ppolicy_db_init(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+
+ /* Has User Schema been initialized yet? */
+ if ( !pwd_UsSchema[0].ad[0] ) {
+ const char *err;
+ int i, code;
+
+ for (i=0; pwd_UsSchema[i].def; i++) {
+ code = slap_str2ad( pwd_UsSchema[i].def, pwd_UsSchema[i].ad, &err );
+ if ( code ) {
+ fprintf( stderr, "User Schema Load failed %d: %s\n", code, err );
+ return code;
+ }
+ }
+ {
+ Syntax *syn;
+ MatchingRule *mr;
+
+ syn = ch_malloc( sizeof( Syntax ));
+ *syn = *ad_pwdAttribute->ad_type->sat_syntax;
+ syn->ssyn_pretty = attrPretty;
+ ad_pwdAttribute->ad_type->sat_syntax = syn;
+
+ mr = ch_malloc( sizeof( MatchingRule ));
+ *mr = *ad_pwdAttribute->ad_type->sat_equality;
+ mr->smr_normalize = attrNormalize;
+ ad_pwdAttribute->ad_type->sat_equality = mr;
+ }
+ }
+
+ on->on_bi.bi_private = ch_calloc( sizeof(pp_info), 1 );
+
+ if ( dtblsize && !pwcons )
+ pwcons = ch_calloc(sizeof(pw_conn), dtblsize );
+
+ return 0;
+}
+
+static int
+ppolicy_db_open(
+ BackendDB *be
+)
+{
+ return overlay_register_control( be, LDAP_CONTROL_PASSWORDPOLICYREQUEST );
+}
+
+static int
+ppolicy_close(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ pp_info *pi = on->on_bi.bi_private;
+
+ free( pwcons );
+ free( pi->def_policy.bv_val );
+ free( pi );
+
+ return 0;
+}
+
+static char *extops[] = {
+ LDAP_EXOP_MODIFY_PASSWD,
+ NULL
+};
+
+static slap_overinst ppolicy;
+
+int ppolicy_initialize()
+{
+ LDAPAttributeType *at;
+ const char *err;
+ int i, code;
+
+ for (i=0; pwd_OpSchema[i].def; i++) {
+ at = ldap_str2attributetype( pwd_OpSchema[i].def, &code, &err,
+ LDAP_SCHEMA_ALLOW_ALL );
+ if ( !at ) {
+ fprintf( stderr, "AttributeType Load failed %s %s\n",
+ ldap_scherr2str(code), err );
+ return code;
+ }
+ code = at_add( at, 0, NULL, &err );
+ if ( !code ) {
+ slap_str2ad( at->at_names[0], pwd_OpSchema[i].ad, &err );
+ }
+ ldap_memfree( at );
+ if ( code ) {
+ fprintf( stderr, "AttributeType Load failed %s %s\n",
+ scherr2str(code), err );
+ return code;
+ }
+ /* Allow Manager to set these as needed */
+ if ( is_at_no_user_mod( (*pwd_OpSchema[i].ad)->ad_type )) {
+ (*pwd_OpSchema[i].ad)->ad_type->sat_flags |=
+ SLAP_AT_MANAGEABLE;
+ }
+ }
+
+ code = register_supported_control( LDAP_CONTROL_PASSWORDPOLICYREQUEST,
+ SLAP_CTRL_ADD|SLAP_CTRL_BIND|SLAP_CTRL_MODIFY|SLAP_CTRL_HIDE, extops,
+ ppolicy_parseCtrl, &ppolicy_cid );
+ if ( code != LDAP_SUCCESS ) {
+ fprintf( stderr, "Failed to register control %d\n", code );
+ return code;
+ }
+
+ ldap_pvt_thread_mutex_init( &chk_syntax_mutex );
+
+ ppolicy.on_bi.bi_type = "ppolicy";
+ ppolicy.on_bi.bi_db_init = ppolicy_db_init;
+ ppolicy.on_bi.bi_db_open = ppolicy_db_open;
+ ppolicy.on_bi.bi_db_close = ppolicy_close;
+
+ ppolicy.on_bi.bi_op_add = ppolicy_add;
+ ppolicy.on_bi.bi_op_bind = ppolicy_bind;
+ ppolicy.on_bi.bi_op_compare = ppolicy_restrict;
+ ppolicy.on_bi.bi_op_delete = ppolicy_restrict;
+ ppolicy.on_bi.bi_op_modify = ppolicy_modify;
+ ppolicy.on_bi.bi_op_search = ppolicy_restrict;
+ ppolicy.on_bi.bi_connection_destroy = ppolicy_connection_destroy;
+
+ ppolicy.on_bi.bi_cf_ocs = ppolicyocs;
+ code = config_register_schema( ppolicycfg, ppolicyocs );
+ if ( code ) return code;
+
+ return overlay_register( &ppolicy );
+}
+
+#if SLAPD_OVER_PPOLICY == SLAPD_MOD_DYNAMIC
+int init_module(int argc, char *argv[]) {
+ return ppolicy_initialize();
+}
+#endif
+
+#endif /* defined(SLAPD_OVER_PPOLICY) */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/refint.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/refint.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/refint.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,687 @@
+/* refint.c - referential integrity module */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/refint.c,v 1.7.2.13 2007/03/20 20:38:55 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Symas Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Symas Corp. for inclusion in
+ * OpenLDAP Software. This work was sponsored by Hewlett-Packard.
+ */
+
+#include "portable.h"
+
+/* This module maintains referential integrity for a set of
+ * DN-valued attributes by searching for all references to a given
+ * DN whenever the DN is changed or its entry is deleted, and making
+ * the appropriate update.
+ *
+ * Updates are performed using the database rootdn, but the ModifiersName
+ * is always set to refint_dn.
+ */
+
+#ifdef SLAPD_OVER_REFINT
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+static slap_overinst refint;
+
+/* The DN to use in the ModifiersName for all refint updates */
+static BerValue refint_dn = BER_BVC("cn=Referential Integrity Overlay");
+
+typedef struct refint_attrs_s {
+ struct refint_attrs_s *next;
+ AttributeDescription *attr;
+} refint_attrs;
+
+typedef struct dependents_s {
+ struct dependents_s *next;
+ BerValue dn; /* target dn */
+ Modifications *mm;
+} dependent_data;
+
+typedef struct refint_data_s {
+ const char *message; /* breadcrumbs */
+ struct refint_attrs_s *attrs; /* list of known attrs */
+ struct dependents_s *mods; /* modifications returned from callback */
+ BerValue dn; /* basedn in parent, searchdn in call */
+ BerValue newdn; /* replacement value for modrdn callback */
+ BerValue nnewdn; /* normalized replacement value */
+ BerValue nothing; /* the nothing value, if needed */
+ BerValue nnothing; /* normalized nothingness */
+} refint_data;
+
+/*
+** allocate new refint_data;
+** initialize, copy basedn;
+** store in on_bi.bi_private;
+**
+*/
+
+static int
+refint_db_init(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ refint_data *id = ch_malloc(sizeof(refint_data));
+
+ id->message = "_init";
+ id->attrs = NULL;
+ id->newdn.bv_val = NULL;
+ id->nothing.bv_val = NULL;
+ id->nnothing.bv_val = NULL;
+ ber_dupbv( &id->dn, &be->be_nsuffix[0] );
+ on->on_bi.bi_private = id;
+ return(0);
+}
+
+
+/*
+** if command = attributes:
+** foreach argument:
+** convert to attribute;
+** add to configured attribute list;
+** elseif command = basedn:
+** set our basedn to argument;
+**
+*/
+
+static int
+refint_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ refint_data *id = on->on_bi.bi_private;
+ refint_attrs *ip;
+ const char *text;
+ AttributeDescription *ad;
+ BerValue dn;
+ int i;
+
+ if(!strcasecmp(*argv, "refint_attributes")) {
+ for(i = 1; i < argc; i++) {
+ for(ip = id->attrs; ip; ip = ip->next)
+ if(!strcmp(argv[i], ip->attr->ad_cname.bv_val)) {
+ Debug(LDAP_DEBUG_ANY,
+ "%s: line %d: duplicate attribute <s>, ignored\n",
+ fname, lineno, argv[i]);
+ continue;
+ }
+ ad = NULL;
+ if(slap_str2ad(argv[i], &ad, &text) != LDAP_SUCCESS) {
+ Debug(LDAP_DEBUG_ANY,
+ "%s: line %d: bad attribute <%s>, ignored\n",
+ fname, lineno, text);
+ continue; /* XXX */
+ } else if(ad->ad_next) {
+ Debug(LDAP_DEBUG_ANY,
+ "%s: line %d: multiple attributes match <%s>, ignored\n",
+ fname, lineno, argv[i]);
+ continue;
+ }
+ ip = ch_malloc(sizeof(refint_attrs));
+ ip->attr = ad;
+ ip->next = id->attrs;
+ id->attrs = ip;
+ Debug(LDAP_DEBUG_CONFIG, "%s: line %d: new attribute <%s>\n",
+ fname, lineno, argv[i]);
+ }
+ } else if(!strcasecmp(*argv, "refint_base")) {
+ /* XXX only one basedn (yet) - need validate argument! */
+ if(id->dn.bv_val) ch_free(id->dn.bv_val);
+ ber_str2bv( argv[1], 0, 0, &dn );
+ if(dnNormalize(0, NULL, NULL, &dn, &id->dn, NULL)) {
+ Debug(LDAP_DEBUG_ANY, "%s: line %d: bad baseDN!\n", fname, lineno, 0);
+ return(1);
+ }
+ Debug(LDAP_DEBUG_CONFIG, "%s: line %d: new baseDN <%s>\n",
+ fname, lineno, argv[1]);
+ } else if(!strcasecmp(*argv, "refint_nothing")) {
+ if(id->nothing.bv_val) ch_free(id->nothing.bv_val);
+ if(id->nnothing.bv_val) ch_free(id->nnothing.bv_val);
+ ber_str2bv( argv[1], 0, 1, &id->nothing );
+ if(dnNormalize(0, NULL, NULL, &id->nothing, &id->nnothing, NULL)) {
+ Debug(LDAP_DEBUG_ANY, "%s: line %d: bad nothingDN!\n", fname, lineno, 0);
+ return(1);
+ }
+ Debug(LDAP_DEBUG_CONFIG, "%s: line %d: new nothingDN<%s>\n",
+ fname, lineno, argv[1]);
+ } else {
+ return(SLAP_CONF_UNKNOWN);
+ }
+
+ id->message = "_config";
+ return(0);
+}
+
+
+/*
+** nothing really happens here;
+**
+*/
+
+static int
+refint_open(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ refint_data *id = on->on_bi.bi_private;
+ id->message = "_open";
+ return(0);
+}
+
+
+/*
+** foreach configured attribute:
+** free it;
+** free our basedn;
+** (do not) free id->message;
+** reset on_bi.bi_private;
+** free our config data;
+**
+*/
+
+static int
+refint_close(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ refint_data *id = on->on_bi.bi_private;
+ refint_attrs *ii, *ij;
+ id->message = "_close";
+
+ for(ii = id->attrs; ii; ii = ij) {
+ ij = ii->next;
+ ch_free(ii);
+ }
+
+ ch_free(id->dn.bv_val);
+ ch_free(id->nothing.bv_val);
+ ch_free(id->nnothing.bv_val);
+
+ on->on_bi.bi_private = NULL; /* XXX */
+
+ ch_free(id);
+
+ return(0);
+}
+
+/*
+** delete callback
+** generates a list of Modification* from search results
+*/
+
+static int
+refint_delete_cb(
+ Operation *op,
+ SlapReply *rs
+)
+{
+ Attribute *a;
+ BerVarray b = NULL;
+ refint_data *dd = op->o_callback->sc_private;
+ refint_attrs *ia, *da = dd->attrs;
+ dependent_data *ip;
+ Modifications *mp, *ma;
+ int i;
+
+ Debug(LDAP_DEBUG_TRACE, "refint_delete_cb <%s>\n",
+ rs->sr_entry ? rs->sr_entry->e_name.bv_val : "NOTHING", 0, 0);
+
+ if (rs->sr_type != REP_SEARCH || !rs->sr_entry) return(0);
+ dd->message = "_delete_cb";
+
+ /*
+ ** foreach configured attribute type:
+ ** if this attr exists in the search result,
+ ** and it has a value matching the target:
+ ** allocate a Modification;
+ ** allocate its array of 2 BerValues;
+ ** if only one value, and we have a configured Nothing:
+ ** allocate additional Modification
+ ** type = MOD_ADD
+ ** BerValues[] = { Nothing, NULL };
+ ** add to list
+ ** type = MOD_DELETE
+ ** BerValues[] = { our target dn, NULL };
+ ** add this mod to the list of mods;
+ **
+ */
+
+ ip = ch_malloc(sizeof(dependent_data));
+ ip->dn.bv_val = NULL;
+ ip->next = NULL;
+ ip->mm = NULL;
+ ma = NULL;
+ for(ia = da; ia; ia = ia->next) {
+ if ( (a = attr_find(rs->sr_entry->e_attrs, ia->attr) ) )
+ for(i = 0, b = a->a_nvals; b[i].bv_val; i++)
+ if(bvmatch(&dd->dn, &b[i])) {
+ if(!ip->dn.bv_val) ber_dupbv(&ip->dn, &rs->sr_entry->e_nname);
+ if(!b[1].bv_val && dd->nothing.bv_val) {
+ mp = ch_malloc(sizeof(Modifications));
+ mp->sml_desc = ia->attr; /* XXX */
+ mp->sml_type = a->a_desc->ad_cname;
+ mp->sml_values = ch_malloc(2 * sizeof(BerValue));
+ mp->sml_nvalues = ch_malloc(2 * sizeof(BerValue));
+ mp->sml_values[1].bv_len = mp->sml_nvalues[1].bv_len = 0;
+ mp->sml_values[1].bv_val = mp->sml_nvalues[1].bv_val = NULL;
+
+ mp->sml_op = LDAP_MOD_ADD;
+ mp->sml_flags = 0;
+ ber_dupbv(&mp->sml_values[0], &dd->nothing);
+ ber_dupbv(&mp->sml_nvalues[0], &dd->nnothing);
+ mp->sml_next = ma;
+ ma = mp;
+ }
+ /* this might violate the object class */
+ mp = ch_malloc(sizeof(Modifications));
+ mp->sml_desc = ia->attr; /* XXX */
+ mp->sml_type = a->a_desc->ad_cname;
+ mp->sml_values = ch_malloc(2 * sizeof(BerValue));
+ mp->sml_nvalues = ch_malloc(2 * sizeof(BerValue));
+ mp->sml_values[1].bv_len = mp->sml_nvalues[1].bv_len = 0;
+ mp->sml_values[1].bv_val = mp->sml_nvalues[1].bv_val = NULL;
+ mp->sml_op = LDAP_MOD_DELETE;
+ mp->sml_flags = 0;
+ ber_dupbv(&mp->sml_values[0], &dd->dn);
+ ber_dupbv(&mp->sml_nvalues[0], &mp->sml_values[0]);
+ mp->sml_next = ma;
+ ma = mp;
+ Debug(LDAP_DEBUG_TRACE, "refint_delete_cb: %s: %s\n",
+ a->a_desc->ad_cname.bv_val, dd->dn.bv_val, 0);
+ break;
+ }
+ }
+ ip->mm = ma;
+ ip->next = dd->mods;
+ dd->mods = ip;
+
+ return(0);
+}
+
+/*
+** null callback
+** does nothing
+*/
+
+static int
+refint_null_cb(
+ Operation *op,
+ SlapReply *rs
+)
+{
+ ((refint_data *)op->o_callback->sc_private)->message = "_null_cb";
+ return(LDAP_SUCCESS);
+}
+
+/*
+** modrdn callback
+** generates a list of Modification* from search results
+*/
+
+static int
+refint_modrdn_cb(
+ Operation *op,
+ SlapReply *rs
+)
+{
+ Attribute *a;
+ BerVarray b = NULL;
+ refint_data *dd = op->o_callback->sc_private;
+ refint_attrs *ia, *da = dd->attrs;
+ dependent_data *ip = NULL;
+ Modifications *mp;
+ int i, fix;
+
+ Debug(LDAP_DEBUG_TRACE, "refint_modrdn_cb <%s>\n",
+ rs->sr_entry ? rs->sr_entry->e_name.bv_val : "NOTHING", 0, 0);
+
+ if (rs->sr_type != REP_SEARCH || !rs->sr_entry) return(0);
+ dd->message = "_modrdn_cb";
+
+ /*
+ ** foreach configured attribute type:
+ ** if this attr exists in the search result,
+ ** and it has a value matching the target:
+ ** allocate a pair of Modifications;
+ ** make it MOD_ADD the new value and MOD_DELETE the old;
+ ** allocate its array of BerValues;
+ ** foreach value in the search result:
+ ** if it matches our target value, replace it;
+ ** otherwise, copy from the search result;
+ ** terminate the array of BerValues;
+ ** add these mods to the list of mods;
+ **
+ */
+
+ for(ia = da; ia; ia = ia->next) {
+ if((a = attr_find(rs->sr_entry->e_attrs, ia->attr))) {
+ for(fix = 0, i = 0, b = a->a_nvals; b[i].bv_val; i++)
+ if(bvmatch(&dd->dn, &b[i])) { fix++; break; }
+ if(fix) {
+ if (!ip) {
+ ip = ch_malloc(sizeof(dependent_data));
+ ip->next = NULL;
+ ip->mm = NULL;
+ ber_dupbv(&ip->dn, &rs->sr_entry->e_nname);
+ }
+ mp = ch_malloc(sizeof(Modifications));
+ mp->sml_op = LDAP_MOD_ADD;
+ mp->sml_flags = 0;
+ mp->sml_desc = ia->attr; /* XXX */
+ mp->sml_type = ia->attr->ad_cname;
+ mp->sml_values = ch_malloc(2 * sizeof(BerValue));
+ mp->sml_nvalues = ch_malloc(2 * sizeof(BerValue));
+ ber_dupbv(&mp->sml_values[0], &dd->newdn);
+ ber_dupbv(&mp->sml_nvalues[0], &dd->nnewdn);
+ mp->sml_values[1].bv_len = mp->sml_nvalues[1].bv_len = 0;
+ mp->sml_values[1].bv_val = mp->sml_nvalues[1].bv_val = NULL;
+ mp->sml_next = ip->mm;
+ ip->mm = mp;
+ mp = ch_malloc(sizeof(Modifications));
+ mp->sml_op = LDAP_MOD_DELETE;
+ mp->sml_flags = 0;
+ mp->sml_desc = ia->attr; /* XXX */
+ mp->sml_type = ia->attr->ad_cname;
+ mp->sml_values = ch_malloc(2 * sizeof(BerValue));
+ mp->sml_nvalues = ch_malloc(2 * sizeof(BerValue));
+ ber_dupbv(&mp->sml_values[0], &dd->dn);
+ ber_dupbv(&mp->sml_nvalues[0], &dd->dn);
+ mp->sml_values[1].bv_len = mp->sml_nvalues[1].bv_len = 0;
+ mp->sml_values[1].bv_val = mp->sml_nvalues[1].bv_val = NULL;
+ mp->sml_next = ip->mm;
+ ip->mm = mp;
+ Debug(LDAP_DEBUG_TRACE, "refint_modrdn_cb: %s: %s\n",
+ a->a_desc->ad_cname.bv_val, dd->dn.bv_val, 0);
+ }
+ }
+ }
+ if (ip) {
+ ip->next = dd->mods;
+ dd->mods = ip;
+ }
+
+ return(0);
+}
+
+
+/*
+** refint_response
+** search for matching records and modify them
+*/
+
+static int
+refint_response(
+ Operation *op,
+ SlapReply *rs
+)
+{
+ Operation nop = *op;
+ SlapReply nrs = { REP_RESULT };
+ slap_callback cb = { NULL, NULL, NULL, NULL };
+ slap_callback cb2 = { NULL, slap_replog_cb, NULL, NULL };
+ slap_callback *cbo, *cbp;
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ refint_data *id = on->on_bi.bi_private;
+ refint_data dd = *id;
+ refint_attrs *ip;
+ dependent_data *dp;
+ BerValue pdn;
+ int rc, ac;
+ Filter ftop, *fptr;
+
+ id->message = "_refint_response";
+
+ /* If the main op failed or is not a Delete or ModRdn, ignore it */
+ if (( op->o_tag != LDAP_REQ_DELETE && op->o_tag != LDAP_REQ_MODRDN ) ||
+ rs->sr_err != LDAP_SUCCESS )
+ return SLAP_CB_CONTINUE;
+
+ /*
+ ** validate (and count) the list of attrs;
+ **
+ */
+
+ for(ip = id->attrs, ac = 0; ip; ip = ip->next, ac++);
+ if(!ac) {
+ Debug( LDAP_DEBUG_TRACE,
+ "refint_response called without any attributes\n", 0, 0, 0 );
+ return SLAP_CB_CONTINUE;
+ }
+
+ /*
+ ** find the backend that matches our configured basedn;
+ ** make sure it exists and has search and modify methods;
+ **
+ */
+
+ nop.o_bd = select_backend(&id->dn, 0, 1);
+
+ if(nop.o_bd) {
+ if (!nop.o_bd->be_search || !nop.o_bd->be_modify) {
+ Debug( LDAP_DEBUG_TRACE,
+ "refint_response: backend missing search and/or modify\n",
+ 0, 0, 0 );
+ return SLAP_CB_CONTINUE;
+ }
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "refint_response: no backend for our baseDN %s??\n",
+ id->dn.bv_val, 0, 0 );
+ return SLAP_CB_CONTINUE;
+ }
+
+ cb2.sc_next = &cb;
+
+ /*
+ ** if delete: set delete callback;
+ ** else modrdn: create a newdn, set modify callback;
+ **
+ */
+
+ if(op->o_tag == LDAP_REQ_DELETE) {
+ cb.sc_response = &refint_delete_cb;
+ dd.newdn.bv_val = NULL;
+ dd.nnewdn.bv_val = NULL;
+ } else {
+ cb.sc_response = &refint_modrdn_cb;
+ if ( op->oq_modrdn.rs_newSup ) {
+ pdn = *op->oq_modrdn.rs_newSup;
+ } else {
+ dnParent( &op->o_req_dn, &pdn );
+ }
+ build_new_dn( &dd.newdn, &pdn, &op->orr_newrdn, NULL );
+ if ( op->oq_modrdn.rs_nnewSup ) {
+ pdn = *op->oq_modrdn.rs_nnewSup;
+ } else {
+ dnParent( &op->o_req_ndn, &pdn );
+ }
+ build_new_dn( &dd.nnewdn, &pdn, &op->orr_nnewrdn, NULL );
+ }
+
+ /*
+ ** build a search filter for all configured attributes;
+ ** populate our Operation;
+ ** pass our data (attr list, dn) to backend via sc_private;
+ ** call the backend search function;
+ ** nb: (|(one=thing)) is valid, but do smart formatting anyway;
+ ** nb: 16 is arbitrarily a dozen or so extra bytes;
+ **
+ */
+
+ ftop.f_choice = LDAP_FILTER_OR;
+ ftop.f_next = NULL;
+ ftop.f_or = NULL;
+ nop.ors_filter = &ftop;
+ for(ip = id->attrs; ip; ip = ip->next) {
+ fptr = ch_malloc( sizeof(Filter) + sizeof(AttributeAssertion) );
+ fptr->f_choice = LDAP_FILTER_EQUALITY;
+ fptr->f_ava = (AttributeAssertion *)(fptr+1);
+ fptr->f_ava->aa_desc = ip->attr;
+ fptr->f_ava->aa_value = op->o_req_ndn;
+ fptr->f_next = ftop.f_or;
+ ftop.f_or = fptr;
+ }
+ filter2bv( nop.ors_filter, &nop.ors_filterstr );
+
+ /* callback gets the searched dn instead */
+ dd.dn = op->o_req_ndn;
+ dd.message = "_dependent_search";
+ dd.mods = NULL;
+ cb.sc_private = ⅆ
+ nop.o_callback = &cb;
+ nop.o_tag = LDAP_REQ_SEARCH;
+ nop.ors_scope = LDAP_SCOPE_SUBTREE;
+ nop.ors_deref = LDAP_DEREF_NEVER;
+ nop.ors_limit = NULL;
+ nop.ors_slimit = SLAP_NO_LIMIT;
+ nop.ors_tlimit = SLAP_NO_LIMIT;
+
+ /* no attrs! */
+ nop.ors_attrs = slap_anlist_no_attrs;
+ nop.ors_attrsonly = 1;
+
+ nop.o_req_ndn = id->dn;
+ nop.o_req_dn = id->dn;
+
+ /* search */
+ rc = nop.o_bd->be_search(&nop, &nrs);
+
+ ch_free( nop.ors_filterstr.bv_val );
+ while ( (fptr = ftop.f_or) != NULL ) {
+ ftop.f_or = fptr->f_next;
+ ch_free( fptr );
+ }
+ ch_free(dd.nnewdn.bv_val);
+ ch_free(dd.newdn.bv_val);
+ dd.newdn.bv_val = NULL;
+ dd.nnewdn.bv_val = NULL;
+
+ if(rc != LDAP_SUCCESS) {
+ Debug( LDAP_DEBUG_TRACE,
+ "refint_response: search failed: %d\n",
+ rc, 0, 0 );
+ goto done;
+ }
+
+ /* safety? paranoid just in case */
+ if(!cb.sc_private) {
+ Debug( LDAP_DEBUG_TRACE,
+ "refint_response: callback wiped out sc_private?!\n",
+ 0, 0, 0 );
+ goto done;
+ }
+
+ /* presto! now it's a modify request with null callback */
+ cb.sc_response = &refint_null_cb;
+ nop.o_tag = LDAP_REQ_MODIFY;
+ dd.message = "_dependent_modify";
+
+ /* See if the parent operation is going into the replog */
+ for (cbo=op->o_callback, cbp = cbo->sc_next; cbp; cbo=cbp,cbp=cbp->sc_next) {
+ if (cbp->sc_response == slap_replog_cb) {
+ /* Invoke replog now, arrange for our
+ * dependent mods to also be logged
+ */
+ cbo->sc_next = cbp->sc_next;
+ replog( op );
+ nop.o_callback = &cb2;
+ break;
+ }
+ }
+
+ /*
+ ** [our search callback builds a list of mods]
+ ** foreach mod:
+ ** make sure its dn has a backend;
+ ** connect Modification* chain to our op;
+ ** call the backend modify function;
+ ** pass any errors upstream;
+ **
+ */
+
+ for(dp = dd.mods; dp; dp = dp->next) {
+ nop.o_req_dn = dp->dn;
+ nop.o_req_ndn = dp->dn;
+ nop.o_bd = select_backend(&dp->dn, 0, 1);
+ if(!nop.o_bd) {
+ Debug( LDAP_DEBUG_TRACE,
+ "refint_response: no backend for DN %s!\n",
+ dp->dn.bv_val, 0, 0 );
+ goto done;
+ }
+ nrs.sr_type = REP_RESULT;
+ nop.orm_modlist = dp->mm; /* callback did all the work */
+ nop.o_dn = refint_dn;
+ nop.o_ndn = refint_dn;
+ nop.o_dn = nop.o_bd->be_rootdn;
+ nop.o_ndn = nop.o_bd->be_rootndn;
+ if(rs->sr_err != LDAP_SUCCESS) goto done;
+ if((rc = nop.o_bd->be_modify(&nop, &nrs)) != LDAP_SUCCESS) {
+ Debug( LDAP_DEBUG_TRACE,
+ "refint_response: dependent modify failed: %d\n",
+ nrs.sr_err, 0, 0 );
+ goto done;
+ }
+ }
+
+done:
+ for(dp = dd.mods; dp; dp = dd.mods) {
+ dd.mods = dp->next;
+ ch_free(dp->dn.bv_val);
+ slap_mods_free(dp->mm, 1);
+ }
+ dd.mods = NULL;
+
+ return(SLAP_CB_CONTINUE);
+}
+
+/*
+** init_module is last so the symbols resolve "for free" --
+** it expects to be called automagically during dynamic module initialization
+*/
+
+int refint_initialize() {
+
+ /* statically declared just after the #includes at top */
+ refint.on_bi.bi_type = "refint";
+ refint.on_bi.bi_db_init = refint_db_init;
+ refint.on_bi.bi_db_config = refint_config;
+ refint.on_bi.bi_db_open = refint_open;
+ refint.on_bi.bi_db_close = refint_close;
+ refint.on_response = refint_response;
+
+ return(overlay_register(&refint));
+}
+
+#if SLAPD_OVER_REFINT == SLAPD_MOD_DYNAMIC && defined(PIC)
+int init_module(int argc, char *argv[]) {
+ return refint_initialize();
+}
+#endif
+
+#endif /* SLAPD_OVER_REFINT */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/retcode.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/retcode.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/retcode.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1285 @@
+/* retcode.c - customizable response for client testing purposes */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/retcode.c,v 1.4.2.9 2007/01/02 21:44:08 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2005 Pierangelo Masarati <ando at sys-net.it>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_RETCODE
+
+#include <stdio.h>
+
+#include <ac/unistd.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "lutil.h"
+
+static slap_overinst retcode;
+
+static AttributeDescription *ad_errCode;
+static AttributeDescription *ad_errText;
+static AttributeDescription *ad_errOp;
+static AttributeDescription *ad_errSleepTime;
+static AttributeDescription *ad_errMatchedDN;
+static ObjectClass *oc_errAbsObject;
+static ObjectClass *oc_errObject;
+static ObjectClass *oc_errAuxObject;
+
+typedef enum retcode_op_e {
+ SN_DG_OP_NONE = 0x0000,
+ SN_DG_OP_ADD = 0x0001,
+ SN_DG_OP_BIND = 0x0002,
+ SN_DG_OP_COMPARE = 0x0004,
+ SN_DG_OP_DELETE = 0x0008,
+ SN_DG_OP_MODIFY = 0x0010,
+ SN_DG_OP_RENAME = 0x0020,
+ SN_DG_OP_SEARCH = 0x0040,
+ SN_DG_EXTENDED = 0x0080,
+ SN_DG_OP_AUTH = SN_DG_OP_BIND,
+ SN_DG_OP_READ = (SN_DG_OP_COMPARE|SN_DG_OP_SEARCH),
+ SN_DG_OP_WRITE = (SN_DG_OP_ADD|SN_DG_OP_DELETE|SN_DG_OP_MODIFY|SN_DG_OP_RENAME),
+ SN_DG_OP_ALL = (SN_DG_OP_AUTH|SN_DG_OP_READ|SN_DG_OP_WRITE|SN_DG_EXTENDED)
+} retcode_op_e;
+
+typedef struct retcode_item_t {
+ struct berval rdi_dn;
+ struct berval rdi_ndn;
+ struct berval rdi_text;
+ struct berval rdi_matched;
+ int rdi_err;
+ BerVarray rdi_ref;
+ int rdi_sleeptime;
+ Entry rdi_e;
+ slap_mask_t rdi_mask;
+ struct retcode_item_t *rdi_next;
+} retcode_item_t;
+
+typedef struct retcode_t {
+ struct berval rd_pdn;
+ struct berval rd_npdn;
+
+ int rd_sleep;
+
+ retcode_item_t *rd_item;
+
+ unsigned rd_flags;
+#define RETCODE_FNONE 0x00
+#define RETCODE_FINDIR 0x01
+#define RETCODE_INDIR( rd ) ( (rd)->rd_flags & RETCODE_FINDIR )
+} retcode_t;
+
+static int
+retcode_entry_response( Operation *op, SlapReply *rs, BackendInfo *bi, Entry *e );
+
+static int
+retcode_cleanup_cb( Operation *op, SlapReply *rs )
+{
+ rs->sr_matched = NULL;
+ rs->sr_text = NULL;
+
+ if ( rs->sr_ref != NULL ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+
+ ch_free( op->o_callback );
+ op->o_callback = NULL;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+retcode_send_onelevel( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ retcode_t *rd = (retcode_t *)on->on_bi.bi_private;
+
+ retcode_item_t *rdi;
+
+ for ( rdi = rd->rd_item; rdi != NULL; rdi = rdi->rdi_next ) {
+ if ( op->o_abandon ) {
+ return rs->sr_err = SLAPD_ABANDON;
+ }
+
+ rs->sr_err = test_filter( op, &rdi->rdi_e, op->ors_filter );
+ if ( rs->sr_err == LDAP_COMPARE_TRUE ) {
+ if ( op->ors_slimit == rs->sr_nentries ) {
+ rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
+ goto done;
+ }
+
+ /* safe default */
+ rs->sr_attrs = op->ors_attrs;
+ rs->sr_operational_attrs = NULL;
+ rs->sr_ctrls = NULL;
+ rs->sr_flags = 0;
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_entry = &rdi->rdi_e;
+
+ rs->sr_err = send_search_entry( op, rs );
+ rs->sr_entry = NULL;
+
+ switch ( rs->sr_err ) {
+ case LDAP_UNAVAILABLE: /* connection closed */
+ rs->sr_err = LDAP_OTHER;
+ /* fallthru */
+ case LDAP_SIZELIMIT_EXCEEDED:
+ goto done;
+ }
+ }
+ rs->sr_err = LDAP_SUCCESS;
+ }
+
+done:;
+
+ send_ldap_result( op, rs );
+
+ return rs->sr_err;
+}
+
+static int
+retcode_op_add( Operation *op, SlapReply *rs )
+{
+ return retcode_entry_response( op, rs, NULL, op->ora_e );
+}
+
+typedef struct retcode_cb_t {
+ BackendInfo *rdc_info;
+ unsigned rdc_flags;
+ ber_tag_t rdc_tag;
+ AttributeName *rdc_attrs;
+} retcode_cb_t;
+
+static int
+retcode_cb_response( Operation *op, SlapReply *rs )
+{
+ retcode_cb_t *rdc = (retcode_cb_t *)op->o_callback->sc_private;
+
+ if ( rs->sr_type == REP_SEARCH ) {
+ ber_tag_t o_tag = op->o_tag;
+ int rc;
+
+ op->o_tag = rdc->rdc_tag;
+ if ( op->o_tag == LDAP_REQ_SEARCH ) {
+ rs->sr_attrs = rdc->rdc_attrs;
+ }
+ rc = retcode_entry_response( op, rs, rdc->rdc_info, rs->sr_entry );
+ op->o_tag = o_tag;
+
+ return rc;
+ }
+
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ if ( !op->o_abandon ) {
+ rdc->rdc_flags = SLAP_CB_CONTINUE;
+ }
+ return 0;
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+retcode_op_internal( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+
+ Operation op2 = *op;
+ BackendDB db = *op->o_bd;
+ slap_callback sc = { 0 };
+ retcode_cb_t rdc;
+
+ int rc;
+
+ op2.o_tag = LDAP_REQ_SEARCH;
+ op2.ors_scope = LDAP_SCOPE_BASE;
+ op2.ors_deref = LDAP_DEREF_NEVER;
+ op2.ors_tlimit = SLAP_NO_LIMIT;
+ op2.ors_slimit = SLAP_NO_LIMIT;
+ op2.ors_limit = NULL;
+ op2.ors_attrsonly = 0;
+ op2.ors_attrs = slap_anlist_all_attributes;
+
+ ber_str2bv_x( "(objectClass=errAbsObject)",
+ STRLENOF( "(objectClass=errAbsObject)" ),
+ 1, &op2.ors_filterstr, op2.o_tmpmemctx );
+ op2.ors_filter = str2filter_x( &op2, op2.ors_filterstr.bv_val );
+
+ db.bd_info = on->on_info->oi_orig;
+ op2.o_bd = &db;
+
+ rdc.rdc_info = on->on_info->oi_orig;
+ rdc.rdc_flags = RETCODE_FINDIR;
+ if ( op->o_tag == LDAP_REQ_SEARCH ) {
+ rdc.rdc_attrs = op->ors_attrs;
+ }
+ rdc.rdc_tag = op->o_tag;
+ sc.sc_response = retcode_cb_response;
+ sc.sc_private = &rdc;
+ op2.o_callback = ≻
+
+ rc = op2.o_bd->be_search( &op2, rs );
+ op->o_abandon = op2.o_abandon;
+
+ filter_free_x( &op2, op2.ors_filter );
+ ber_memfree_x( op2.ors_filterstr.bv_val, op2.o_tmpmemctx );
+
+ if ( rdc.rdc_flags == SLAP_CB_CONTINUE ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ return rc;
+}
+
+static int
+retcode_op_func( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ retcode_t *rd = (retcode_t *)on->on_bi.bi_private;
+
+ retcode_item_t *rdi;
+ struct berval nrdn, npdn;
+
+ slap_callback *cb = NULL;
+
+ /* sleep as required */
+ if ( rd->rd_sleep < 0 ) {
+ sleep( rand() % ( - rd->rd_sleep ) );
+
+ } else if ( rd->rd_sleep > 0 ) {
+ sleep( rd->rd_sleep );
+ }
+
+ if ( !dnIsSuffix( &op->o_req_ndn, &rd->rd_npdn ) ) {
+ if ( RETCODE_INDIR( rd ) ) {
+ switch ( op->o_tag ) {
+ case LDAP_REQ_ADD:
+ return retcode_op_add( op, rs );
+
+ case LDAP_REQ_BIND:
+ /* skip if rootdn */
+ if ( be_isroot_pw( op ) ) {
+ return SLAP_CB_CONTINUE;
+ }
+ return retcode_op_internal( op, rs );
+
+ case LDAP_REQ_SEARCH:
+ if ( op->ors_scope == LDAP_SCOPE_BASE ) {
+ rs->sr_err = retcode_op_internal( op, rs );
+ switch ( rs->sr_err ) {
+ case SLAP_CB_CONTINUE:
+ if ( rs->sr_nentries == 0 ) {
+ break;
+ }
+ rs->sr_err = LDAP_SUCCESS;
+ /* fallthru */
+
+ default:
+ send_ldap_result( op, rs );
+ break;
+ }
+ return rs->sr_err;
+ }
+ break;
+
+ case LDAP_REQ_MODIFY:
+ case LDAP_REQ_DELETE:
+ case LDAP_REQ_MODRDN:
+ case LDAP_REQ_COMPARE:
+ return retcode_op_internal( op, rs );
+ }
+ }
+
+ return SLAP_CB_CONTINUE;
+ }
+
+ if ( op->o_tag == LDAP_REQ_SEARCH
+ && op->ors_scope != LDAP_SCOPE_BASE
+ && op->o_req_ndn.bv_len == rd->rd_npdn.bv_len )
+ {
+ return retcode_send_onelevel( op, rs );
+ }
+
+ dnParent( &op->o_req_ndn, &npdn );
+ if ( npdn.bv_len != rd->rd_npdn.bv_len ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_matched = rd->rd_pdn.bv_val;
+ send_ldap_result( op, rs );
+ rs->sr_matched = NULL;
+ return rs->sr_err;
+ }
+
+ dnRdn( &op->o_req_ndn, &nrdn );
+
+ for ( rdi = rd->rd_item; rdi != NULL; rdi = rdi->rdi_next ) {
+ struct berval rdi_nrdn;
+
+ dnRdn( &rdi->rdi_ndn, &rdi_nrdn );
+ if ( dn_match( &nrdn, &rdi_nrdn ) ) {
+ break;
+ }
+ }
+
+ if ( rdi != NULL && rdi->rdi_mask != SN_DG_OP_ALL ) {
+ retcode_op_e o_tag = SN_DG_OP_NONE;
+
+ switch ( op->o_tag ) {
+ case LDAP_REQ_ADD:
+ o_tag = SN_DG_OP_ADD;
+ break;
+
+ case LDAP_REQ_BIND:
+ o_tag = SN_DG_OP_BIND;
+ break;
+
+ case LDAP_REQ_COMPARE:
+ o_tag = SN_DG_OP_COMPARE;
+ break;
+
+ case LDAP_REQ_DELETE:
+ o_tag = SN_DG_OP_DELETE;
+ break;
+
+ case LDAP_REQ_MODIFY:
+ o_tag = SN_DG_OP_MODIFY;
+ break;
+
+ case LDAP_REQ_MODRDN:
+ o_tag = SN_DG_OP_RENAME;
+ break;
+
+ case LDAP_REQ_SEARCH:
+ o_tag = SN_DG_OP_SEARCH;
+ break;
+
+ case LDAP_REQ_EXTENDED:
+ o_tag = SN_DG_EXTENDED;
+ break;
+
+ default:
+ /* Should not happen */
+ break;
+ }
+
+ if ( !( o_tag & rdi->rdi_mask ) ) {
+ return SLAP_CB_CONTINUE;
+ }
+ }
+
+ if ( rdi == NULL ) {
+ rs->sr_matched = rd->rd_pdn.bv_val;
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = "retcode not found";
+
+ } else {
+ rs->sr_err = rdi->rdi_err;
+ rs->sr_text = rdi->rdi_text.bv_val;
+ rs->sr_matched = rdi->rdi_matched.bv_val;
+
+ /* FIXME: we only honor the rdi_ref field in case rdi_err
+ * is LDAP_REFERRAL otherwise send_ldap_result() bails out */
+ if ( rs->sr_err == LDAP_REFERRAL ) {
+ BerVarray ref;
+
+ if ( rdi->rdi_ref != NULL ) {
+ ref = rdi->rdi_ref;
+ } else {
+ ref = default_referral;
+ }
+
+ if ( ref != NULL ) {
+ rs->sr_ref = referral_rewrite( ref,
+ NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+
+ } else {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "bad referral object";
+ }
+ }
+
+ if ( rdi->rdi_sleeptime > 0 ) {
+ sleep( rdi->rdi_sleeptime );
+ }
+ }
+
+ switch ( op->o_tag ) {
+ case LDAP_REQ_EXTENDED:
+ if ( rdi == NULL ) {
+ break;
+ }
+ cb = ( slap_callback * )ch_malloc( sizeof( slap_callback ) );
+ memset( cb, 0, sizeof( slap_callback ) );
+ cb->sc_cleanup = retcode_cleanup_cb;
+ op->o_callback = cb;
+ break;
+
+ default:
+ send_ldap_result( op, rs );
+ if ( rs->sr_ref != NULL ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ rs->sr_matched = NULL;
+ rs->sr_text = NULL;
+ break;
+ }
+
+ return rs->sr_err;
+}
+
+static int
+retcode_op2str( ber_tag_t op, struct berval *bv )
+{
+ switch ( op ) {
+ case LDAP_REQ_BIND:
+ BER_BVSTR( bv, "bind" );
+ return 0;
+ case LDAP_REQ_ADD:
+ BER_BVSTR( bv, "add" );
+ return 0;
+ case LDAP_REQ_DELETE:
+ BER_BVSTR( bv, "delete" );
+ return 0;
+ case LDAP_REQ_MODRDN:
+ BER_BVSTR( bv, "modrdn" );
+ return 0;
+ case LDAP_REQ_MODIFY:
+ BER_BVSTR( bv, "modify" );
+ return 0;
+ case LDAP_REQ_COMPARE:
+ BER_BVSTR( bv, "compare" );
+ return 0;
+ case LDAP_REQ_SEARCH:
+ BER_BVSTR( bv, "search" );
+ return 0;
+ case LDAP_REQ_EXTENDED:
+ BER_BVSTR( bv, "extended" );
+ return 0;
+ }
+ return -1;
+}
+
+static int
+retcode_entry_response( Operation *op, SlapReply *rs, BackendInfo *bi, Entry *e )
+{
+ Attribute *a;
+ int err;
+ char *next;
+
+ if ( get_manageDSAit( op ) ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ if ( !is_entry_objectclass_or_sub( e, oc_errAbsObject ) ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ /* operation */
+ a = attr_find( e->e_attrs, ad_errOp );
+ if ( a != NULL ) {
+ int i,
+ gotit = 0;
+ struct berval bv = BER_BVNULL;
+
+ (void)retcode_op2str( op->o_tag, &bv );
+
+ if ( BER_BVISNULL( &bv ) ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &a->a_nvals[ i ] ); i++ ) {
+ if ( bvmatch( &a->a_nvals[ i ], &bv ) ) {
+ gotit = 1;
+ break;
+ }
+ }
+
+ if ( !gotit ) {
+ return SLAP_CB_CONTINUE;
+ }
+ }
+
+ /* error code */
+ a = attr_find( e->e_attrs, ad_errCode );
+ if ( a == NULL ) {
+ return SLAP_CB_CONTINUE;
+ }
+ err = strtol( a->a_nvals[ 0 ].bv_val, &next, 0 );
+ if ( next == a->a_nvals[ 0 ].bv_val || next[ 0 ] != '\0' ) {
+ return SLAP_CB_CONTINUE;
+ }
+ rs->sr_err = err;
+
+ /* sleep time */
+ a = attr_find( e->e_attrs, ad_errSleepTime );
+ if ( a != NULL && a->a_nvals[ 0 ].bv_val[ 0 ] != '-' ) {
+ int sleepTime;
+
+ sleepTime = strtoul( a->a_nvals[ 0 ].bv_val, &next, 0 );
+ if ( next != a->a_nvals[ 0 ].bv_val && next[ 0 ] == '\0' ) {
+ sleep( sleepTime );
+ }
+ }
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ BackendDB db = *op->o_bd,
+ *o_bd = op->o_bd;
+ void *o_callback = op->o_callback;
+
+ /* message text */
+ a = attr_find( e->e_attrs, ad_errText );
+ if ( a != NULL ) {
+ rs->sr_text = a->a_vals[ 0 ].bv_val;
+ }
+
+ /* matched DN */
+ a = attr_find( e->e_attrs, ad_errMatchedDN );
+ if ( a != NULL ) {
+ rs->sr_matched = a->a_vals[ 0 ].bv_val;
+ }
+
+ if ( bi == NULL ) {
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+
+ bi = on->on_info->oi_orig;
+ }
+
+ db.bd_info = bi;
+ op->o_bd = &db;
+ op->o_callback = NULL;
+
+ /* referral */
+ if ( rs->sr_err == LDAP_REFERRAL ) {
+ BerVarray refs = default_referral;
+
+ a = attr_find( e->e_attrs, slap_schema.si_ad_ref );
+ if ( a != NULL ) {
+ refs = a->a_vals;
+ }
+ rs->sr_ref = referral_rewrite( refs,
+ NULL, &op->o_req_dn, op->oq_search.rs_scope );
+
+ send_search_reference( op, rs );
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+
+ } else {
+ send_ldap_result( op, rs );
+ }
+
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ op->o_bd = o_bd;
+ op->o_callback = o_callback;
+ }
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ op->o_abandon = 1;
+ return rs->sr_err;
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+retcode_response( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ retcode_t *rd = (retcode_t *)on->on_bi.bi_private;
+
+ if ( rs->sr_type != REP_SEARCH || !RETCODE_INDIR( rd ) ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ return retcode_entry_response( op, rs, NULL, rs->sr_entry );
+}
+
+static int
+retcode_db_init( BackendDB *be )
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ retcode_t *rd;
+
+ rd = (retcode_t *)ch_malloc( sizeof( retcode_t ) );
+ memset( rd, 0, sizeof( retcode_t ) );
+
+ on->on_bi.bi_private = (void *)rd;
+
+ return 0;
+}
+
+static int
+retcode_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ retcode_t *rd = (retcode_t *)on->on_bi.bi_private;
+
+ char *argv0 = argv[ 0 ] + STRLENOF( "retcode-" );
+
+ if ( strncasecmp( argv[ 0 ], "retcode-", STRLENOF( "retcode-" ) ) != 0 ) {
+ return SLAP_CONF_UNKNOWN;
+ }
+
+ if ( strcasecmp( argv0, "parent" ) == 0 ) {
+ struct berval dn;
+ int rc;
+
+ if ( argc != 2 ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "\"retcode-parent <DN>\": missing <DN>\n",
+ fname, lineno );
+ return 1;
+ }
+
+ if ( !BER_BVISNULL( &rd->rd_pdn ) ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "parent already defined.\n", fname, lineno );
+ return 1;
+ }
+
+ ber_str2bv( argv[ 1 ], 0, 0, &dn );
+
+ rc = dnPrettyNormal( NULL, &dn, &rd->rd_pdn, &rd->rd_npdn, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "unable to normalize parent DN \"%s\": %d\n",
+ fname, lineno, argv[ 1 ], rc );
+ return 1;
+ }
+
+ } else if ( strcasecmp( argv0, "item" ) == 0 ) {
+ retcode_item_t rdi = { BER_BVNULL }, **rdip;
+ struct berval bv, rdn, nrdn;
+ int rc;
+ char *next = NULL;
+
+ if ( argc < 3 ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "\"retcode-item <RDN> <retcode> [<text>]\": "
+ "missing args\n",
+ fname, lineno );
+ return 1;
+ }
+
+ ber_str2bv( argv[ 1 ], 0, 0, &bv );
+
+ rc = dnPrettyNormal( NULL, &bv, &rdn, &nrdn, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "unable to normalize RDN \"%s\": %d\n",
+ fname, lineno, argv[ 1 ], rc );
+ return 1;
+ }
+
+ if ( !dnIsOneLevelRDN( &nrdn ) ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "value \"%s\" is not a RDN\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ if ( BER_BVISNULL( &rd->rd_npdn ) ) {
+ /* FIXME: we use the database suffix */
+ if ( be->be_nsuffix == NULL ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "either \"retcode-parent\" "
+ "or \"suffix\" must be defined.\n",
+ fname, lineno );
+ return 1;
+ }
+
+ ber_dupbv( &rd->rd_pdn, &be->be_suffix[ 0 ] );
+ ber_dupbv( &rd->rd_npdn, &be->be_nsuffix[ 0 ] );
+ }
+
+ build_new_dn( &rdi.rdi_dn, &rd->rd_pdn, &rdn, NULL );
+ build_new_dn( &rdi.rdi_ndn, &rd->rd_npdn, &nrdn, NULL );
+
+ ch_free( rdn.bv_val );
+ ch_free( nrdn.bv_val );
+
+ rdi.rdi_err = strtol( argv[ 2 ], &next, 0 );
+ if ( next == argv[ 2 ] || next[ 0 ] != '\0' ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "unable to parse return code \"%s\"\n",
+ fname, lineno, argv[ 2 ] );
+ return 1;
+ }
+
+ rdi.rdi_mask = SN_DG_OP_ALL;
+
+ if ( argc > 3 ) {
+ int i;
+
+ for ( i = 3; i < argc; i++ ) {
+ if ( strncasecmp( argv[ i ], "op=", STRLENOF( "op=" ) ) == 0 )
+ {
+ char **ops;
+ int j;
+
+ ops = ldap_str2charray( &argv[ i ][ STRLENOF( "op=" ) ], "," );
+ assert( ops != NULL );
+
+ rdi.rdi_mask = SN_DG_OP_NONE;
+
+ for ( j = 0; ops[ j ] != NULL; j++ ) {
+ if ( strcasecmp( ops[ j ], "add" ) == 0 ) {
+ rdi.rdi_mask |= SN_DG_OP_ADD;
+
+ } else if ( strcasecmp( ops[ j ], "bind" ) == 0 ) {
+ rdi.rdi_mask |= SN_DG_OP_BIND;
+
+ } else if ( strcasecmp( ops[ j ], "compare" ) == 0 ) {
+ rdi.rdi_mask |= SN_DG_OP_COMPARE;
+
+ } else if ( strcasecmp( ops[ j ], "delete" ) == 0 ) {
+ rdi.rdi_mask |= SN_DG_OP_DELETE;
+
+ } else if ( strcasecmp( ops[ j ], "modify" ) == 0 ) {
+ rdi.rdi_mask |= SN_DG_OP_MODIFY;
+
+ } else if ( strcasecmp( ops[ j ], "rename" ) == 0
+ || strcasecmp( ops[ j ], "modrdn" ) == 0 )
+ {
+ rdi.rdi_mask |= SN_DG_OP_RENAME;
+
+ } else if ( strcasecmp( ops[ j ], "search" ) == 0 ) {
+ rdi.rdi_mask |= SN_DG_OP_SEARCH;
+
+ } else if ( strcasecmp( ops[ j ], "extended" ) == 0 ) {
+ rdi.rdi_mask |= SN_DG_EXTENDED;
+
+ } else if ( strcasecmp( ops[ j ], "auth" ) == 0 ) {
+ rdi.rdi_mask |= SN_DG_OP_AUTH;
+
+ } else if ( strcasecmp( ops[ j ], "read" ) == 0 ) {
+ rdi.rdi_mask |= SN_DG_OP_READ;
+
+ } else if ( strcasecmp( ops[ j ], "write" ) == 0 ) {
+ rdi.rdi_mask |= SN_DG_OP_WRITE;
+
+ } else if ( strcasecmp( ops[ j ], "all" ) == 0 ) {
+ rdi.rdi_mask |= SN_DG_OP_ALL;
+
+ } else {
+ fprintf( stderr, "retcode: unknown op \"%s\"\n",
+ ops[ j ] );
+ return 1;
+ }
+ }
+
+ ldap_charray_free( ops );
+
+ } else if ( strncasecmp( argv[ i ], "text=", STRLENOF( "text=" ) ) == 0 )
+ {
+ if ( !BER_BVISNULL( &rdi.rdi_text ) ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "\"text\" already provided.\n",
+ fname, lineno );
+ return 1;
+ }
+ ber_str2bv( &argv[ i ][ STRLENOF( "text=" ) ], 0, 1, &rdi.rdi_text );
+
+ } else if ( strncasecmp( argv[ i ], "matched=", STRLENOF( "matched=" ) ) == 0 )
+ {
+ struct berval dn;
+
+ if ( !BER_BVISNULL( &rdi.rdi_matched ) ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "\"matched\" already provided.\n",
+ fname, lineno );
+ return 1;
+ }
+ ber_str2bv( &argv[ i ][ STRLENOF( "matched=" ) ], 0, 0, &dn );
+ if ( dnPretty( NULL, &dn, &rdi.rdi_matched, NULL ) != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "unable to prettify matched DN \"%s\".\n",
+ fname, lineno, &argv[ i ][ STRLENOF( "matched=" ) ] );
+ return 1;
+ }
+
+ } else if ( strncasecmp( argv[ i ], "ref=", STRLENOF( "ref=" ) ) == 0 )
+ {
+ char **refs;
+ int j;
+
+ if ( rdi.rdi_ref != NULL ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "\"ref\" already provided.\n",
+ fname, lineno );
+ return 1;
+ }
+
+ if ( rdi.rdi_err != LDAP_REFERRAL ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "providing \"ref\"\n"
+ "\talong with a non-referral "
+ "resultCode may cause slapd failures\n"
+ "\trelated to internal checks.\n",
+ fname, lineno );
+ }
+
+ refs = ldap_str2charray( &argv[ i ][ STRLENOF( "ref=" ) ], " " );
+ assert( refs != NULL );
+
+ for ( j = 0; refs[ j ] != NULL; j++ ) {
+ struct berval bv;
+
+ ber_str2bv( refs[ j ], 0, 1, &bv );
+ ber_bvarray_add( &rdi.rdi_ref, &bv );
+ }
+
+ ldap_charray_free( refs );
+
+ } else if ( strncasecmp( argv[ i ], "sleeptime=", STRLENOF( "sleeptime=" ) ) == 0 )
+ {
+ char *next;
+ if ( rdi.rdi_sleeptime != 0 ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "\"sleeptime\" already provided.\n",
+ fname, lineno );
+ return 1;
+ }
+
+ rdi.rdi_sleeptime = strtol( &argv[ i ][ STRLENOF( "sleeptime=" ) ], &next, 10 );
+ if ( next == argv[ i ] || next[ 0 ] != '\0' ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "unable to parse \"sleeptime=%s\".\n",
+ fname, lineno, &argv[ i ][ STRLENOF( "sleeptime=" ) ] );
+ return 1;
+ }
+
+ } else {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "unknown option \"%s\".\n",
+ fname, lineno, argv[ i ] );
+ return 1;
+ }
+ }
+ }
+
+ for ( rdip = &rd->rd_item; *rdip; rdip = &(*rdip)->rdi_next )
+ /* go to last */ ;
+
+
+ *rdip = ( retcode_item_t * )ch_malloc( sizeof( retcode_item_t ) );
+ *(*rdip) = rdi;
+
+ } else if ( strcasecmp( argv0, "indir" ) == 0 ) {
+ rd->rd_flags |= RETCODE_FINDIR;
+
+ } else if ( strcasecmp( argv0, "sleep" ) == 0 ) {
+ switch ( argc ) {
+ case 1:
+ fprintf( stderr, "%s: line %d: retcode: "
+ "\"retcode-sleep <time>\": missing <time>\n",
+ fname, lineno );
+ return 1;
+
+ case 2:
+ break;
+
+ default:
+ fprintf( stderr, "%s: line %d: retcode: "
+ "\"retcode-sleep <time>\": extra cruft after <time>\n",
+ fname, lineno );
+ return 1;
+ }
+
+ if ( lutil_atoi( &rd->rd_sleep, argv[ 1 ] ) != 0 ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "\"retcode-sleep <time>\": unable to parse <time>\n",
+ fname, lineno );
+ return 1;
+ }
+
+ } else {
+ return SLAP_CONF_UNKNOWN;
+ }
+
+ return 0;
+}
+
+static int
+retcode_db_open( BackendDB *be )
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ retcode_t *rd = (retcode_t *)on->on_bi.bi_private;
+
+ retcode_item_t *rdi;
+
+ for ( rdi = rd->rd_item; rdi; rdi = rdi->rdi_next ) {
+ LDAPRDN rdn = NULL;
+ int rc, j;
+ char* p;
+ struct berval val[ 3 ];
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ /* DN */
+ rdi->rdi_e.e_name = rdi->rdi_dn;
+ rdi->rdi_e.e_nname = rdi->rdi_ndn;
+
+ /* objectClass */
+ val[ 0 ] = oc_errObject->soc_cname;
+ val[ 1 ] = slap_schema.si_oc_extensibleObject->soc_cname;
+ BER_BVZERO( &val[ 2 ] );
+
+ attr_merge( &rdi->rdi_e, slap_schema.si_ad_objectClass, val, NULL );
+
+ /* RDN avas */
+ rc = ldap_bv2rdn( &rdi->rdi_dn, &rdn, (char **) &p,
+ LDAP_DN_FORMAT_LDAP );
+
+ assert( rc == LDAP_SUCCESS );
+
+ for ( j = 0; rdn[ j ]; j++ ) {
+ LDAPAVA *ava = rdn[ j ];
+ AttributeDescription *ad = NULL;
+ const char *text;
+
+ rc = slap_bv2ad( &ava->la_attr, &ad, &text );
+ assert( rc == LDAP_SUCCESS );
+
+ attr_merge_normalize_one( &rdi->rdi_e, ad,
+ &ava->la_value, NULL );
+ }
+
+ ldap_rdnfree( rdn );
+
+ /* error code */
+ snprintf( buf, sizeof( buf ), "%d", rdi->rdi_err );
+ ber_str2bv( buf, 0, 0, &val[ 0 ] );
+
+ attr_merge_one( &rdi->rdi_e, ad_errCode, &val[ 0 ], NULL );
+
+ if ( rdi->rdi_ref != NULL ) {
+ attr_merge_normalize( &rdi->rdi_e, slap_schema.si_ad_ref,
+ rdi->rdi_ref, NULL );
+ }
+
+ /* text */
+ if ( !BER_BVISNULL( &rdi->rdi_text ) ) {
+ val[ 0 ] = rdi->rdi_text;
+
+ attr_merge_normalize_one( &rdi->rdi_e, ad_errText, &val[ 0 ], NULL );
+ }
+
+ /* matched */
+ if ( !BER_BVISNULL( &rdi->rdi_matched ) ) {
+ val[ 0 ] = rdi->rdi_matched;
+
+ attr_merge_normalize_one( &rdi->rdi_e, ad_errMatchedDN, &val[ 0 ], NULL );
+ }
+
+ /* sleep time */
+ if ( rdi->rdi_sleeptime > 0 ) {
+ snprintf( buf, sizeof( buf ), "%d", rdi->rdi_sleeptime );
+ ber_str2bv( buf, 0, 0, &val[ 0 ] );
+
+ attr_merge_one( &rdi->rdi_e, ad_errSleepTime, &val[ 0 ], NULL );
+ }
+
+ /* operations */
+ if ( rdi->rdi_mask & SN_DG_OP_ADD ) {
+ BER_BVSTR( &val[ 0 ], "add" );
+ attr_merge_normalize_one( &rdi->rdi_e, ad_errOp, &val[ 0 ], NULL );
+ }
+
+ if ( rdi->rdi_mask & SN_DG_OP_BIND ) {
+ BER_BVSTR( &val[ 0 ], "bind" );
+ attr_merge_normalize_one( &rdi->rdi_e, ad_errOp, &val[ 0 ], NULL );
+ }
+
+ if ( rdi->rdi_mask & SN_DG_OP_COMPARE ) {
+ BER_BVSTR( &val[ 0 ], "compare" );
+ attr_merge_normalize_one( &rdi->rdi_e, ad_errOp, &val[ 0 ], NULL );
+ }
+
+ if ( rdi->rdi_mask & SN_DG_OP_DELETE ) {
+ BER_BVSTR( &val[ 0 ], "delete" );
+ attr_merge_normalize_one( &rdi->rdi_e, ad_errOp, &val[ 0 ], NULL );
+ }
+
+ if ( rdi->rdi_mask & SN_DG_EXTENDED ) {
+ BER_BVSTR( &val[ 0 ], "extended" );
+ attr_merge_normalize_one( &rdi->rdi_e, ad_errOp, &val[ 0 ], NULL );
+ }
+
+ if ( rdi->rdi_mask & SN_DG_OP_MODIFY ) {
+ BER_BVSTR( &val[ 0 ], "modify" );
+ attr_merge_normalize_one( &rdi->rdi_e, ad_errOp, &val[ 0 ], NULL );
+ }
+
+ if ( rdi->rdi_mask & SN_DG_OP_RENAME ) {
+ BER_BVSTR( &val[ 0 ], "rename" );
+ attr_merge_normalize_one( &rdi->rdi_e, ad_errOp, &val[ 0 ], NULL );
+ }
+
+ if ( rdi->rdi_mask & SN_DG_OP_SEARCH ) {
+ BER_BVSTR( &val[ 0 ], "search" );
+ attr_merge_normalize_one( &rdi->rdi_e, ad_errOp, &val[ 0 ], NULL );
+ }
+ }
+
+ return 0;
+}
+
+static int
+retcode_db_destroy( BackendDB *be )
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ retcode_t *rd = (retcode_t *)on->on_bi.bi_private;
+
+ if ( rd ) {
+ retcode_item_t *rdi, *next;
+
+ for ( rdi = rd->rd_item; rdi != NULL; rdi = next ) {
+ ber_memfree( rdi->rdi_dn.bv_val );
+ ber_memfree( rdi->rdi_ndn.bv_val );
+
+ if ( !BER_BVISNULL( &rdi->rdi_text ) ) {
+ ber_memfree( rdi->rdi_text.bv_val );
+ }
+
+ if ( !BER_BVISNULL( &rdi->rdi_matched ) ) {
+ ber_memfree( rdi->rdi_matched.bv_val );
+ }
+
+ if ( rdi->rdi_ref ) {
+ ber_bvarray_free( rdi->rdi_ref );
+ }
+
+ BER_BVZERO( &rdi->rdi_e.e_name );
+ BER_BVZERO( &rdi->rdi_e.e_nname );
+
+ entry_clean( &rdi->rdi_e );
+
+ next = rdi->rdi_next;
+
+ ch_free( rdi );
+ }
+
+ if ( !BER_BVISNULL( &rd->rd_pdn ) ) {
+ ber_memfree( rd->rd_pdn.bv_val );
+ }
+
+ if ( !BER_BVISNULL( &rd->rd_npdn ) ) {
+ ber_memfree( rd->rd_npdn.bv_val );
+ }
+
+ ber_memfree( rd );
+ }
+
+ return 0;
+}
+
+#if SLAPD_OVER_RETCODE == SLAPD_MOD_DYNAMIC
+static
+#endif /* SLAPD_OVER_RETCODE == SLAPD_MOD_DYNAMIC */
+int
+retcode_initialize( void )
+{
+ int i, code;
+ const char *err;
+
+ static struct {
+ char *name;
+ char *desc;
+ AttributeDescription **ad;
+ } retcode_at[] = {
+ { "errCode", "( 1.3.6.1.4.1.4203.666.11.4.1.1 "
+ "NAME ( 'errCode' ) "
+ "DESC 'LDAP error code' "
+ "EQUALITY integerMatch "
+ "ORDERING integerOrderingMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 "
+ "SINGLE-VALUE )",
+ &ad_errCode },
+ { "errOp", "( 1.3.6.1.4.1.4203.666.11.4.1.2 "
+ "NAME ( 'errOp' ) "
+ "DESC 'Operations the errObject applies to' "
+ "EQUALITY caseIgnoreMatch "
+ "SUBSTR caseIgnoreSubstringsMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
+ &ad_errOp},
+ { "errText", "( 1.3.6.1.4.1.4203.666.11.4.1.3 "
+ "NAME ( 'errText' ) "
+ "DESC 'LDAP error textual description' "
+ "EQUALITY caseIgnoreMatch "
+ "SUBSTR caseIgnoreSubstringsMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
+ "SINGLE-VALUE )",
+ &ad_errText },
+ { "errSleepTime", "( 1.3.6.1.4.1.4203.666.11.4.1.4 "
+ "NAME ( 'errSleepTime' ) "
+ "DESC 'Time to wait before returning the error' "
+ "EQUALITY integerMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 "
+ "SINGLE-VALUE )",
+ &ad_errSleepTime },
+ { "errMatchedDN", "( 1.3.6.1.4.1.4203.666.11.4.1.5 "
+ "NAME ( 'errMatchedDN' ) "
+ "DESC 'Value to be returned as matched DN' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
+ "SINGLE-VALUE )",
+ &ad_errMatchedDN },
+ { NULL }
+ };
+
+ static struct {
+ char *name;
+ char *desc;
+ ObjectClass **oc;
+ } retcode_oc[] = {
+ { "errAbsObject", "( 1.3.6.1.4.1.4203.666.11.4.3.0 "
+ "NAME ( 'errAbsObject' ) "
+ "SUP top ABSTRACT "
+ "MUST ( errCode ) "
+ "MAY ( "
+ "cn "
+ "$ description "
+ "$ errOp "
+ "$ errText "
+ "$ errSleepTime "
+ "$ errMatchedDN "
+ ") )",
+ &oc_errAbsObject },
+ { "errObject", "( 1.3.6.1.4.1.4203.666.11.4.3.1 "
+ "NAME ( 'errObject' ) "
+ "SUP errAbsObject STRUCTURAL "
+ ")",
+ &oc_errObject },
+ { "errAuxObject", "( 1.3.6.1.4.1.4203.666.11.4.3.2 "
+ "NAME ( 'errAuxObject' ) "
+ "SUP errAbsObject AUXILIARY "
+ ")",
+ &oc_errAuxObject },
+ { NULL }
+ };
+
+
+ for ( i = 0; retcode_at[ i ].name != NULL; i++ ) {
+ LDAPAttributeType *at;
+
+ at = ldap_str2attributetype( retcode_at[ i ].desc,
+ &code, &err, LDAP_SCHEMA_ALLOW_ALL );
+ if ( !at ) {
+ fprintf( stderr, "retcode: "
+ "AttributeType load failed: %s %s\n",
+ ldap_scherr2str( code ), err );
+ return code;
+ }
+
+#if LDAP_VENDOR_VERSION_MINOR == X || LDAP_VENDOR_VERSION_MINOR > 2
+ code = at_add( at, 0, NULL, &err );
+#else
+ code = at_add( at, &err );
+#endif
+ ldap_memfree( at );
+ if ( code != LDAP_SUCCESS ) {
+ fprintf( stderr, "retcode: "
+ "AttributeType load failed: %s %s\n",
+ scherr2str( code ), err );
+ return code;
+ }
+
+ code = slap_str2ad( retcode_at[ i ].name,
+ retcode_at[ i ].ad, &err );
+ if ( code != LDAP_SUCCESS ) {
+ fprintf( stderr, "retcode: unable to find "
+ "AttributeDescription \"%s\": %d (%s)\n",
+ retcode_at[ i ].name, code, err );
+ return 1;
+ }
+ }
+
+ for ( i = 0; retcode_oc[ i ].name != NULL; i++ ) {
+ LDAPObjectClass *oc;
+
+ oc = ldap_str2objectclass( retcode_oc[ i ].desc,
+ &code, &err, LDAP_SCHEMA_ALLOW_ALL );
+ if ( !oc ) {
+ fprintf( stderr, "retcode: "
+ "ObjectClass load failed: %s %s\n",
+ ldap_scherr2str( code ), err );
+ return code;
+ }
+
+#if LDAP_VENDOR_VERSION_MINOR == X || LDAP_VENDOR_VERSION_MINOR > 2
+ code = oc_add( oc, 0, NULL, &err );
+#else
+ code = oc_add( oc, &err );
+#endif
+ ldap_memfree(oc);
+ if ( code != LDAP_SUCCESS ) {
+ fprintf( stderr, "retcode: "
+ "ObjectClass load failed: %s %s\n",
+ scherr2str( code ), err );
+ return code;
+ }
+
+ *retcode_oc[ i ].oc = oc_find( retcode_oc[ i ].name );
+ if ( *retcode_oc[ i ].oc == NULL ) {
+ fprintf( stderr, "retcode: unable to find "
+ "objectClass \"%s\"\n",
+ retcode_oc[ i ].name );
+ return 1;
+ }
+ }
+
+ retcode.on_bi.bi_type = "retcode";
+
+ retcode.on_bi.bi_db_init = retcode_db_init;
+ retcode.on_bi.bi_db_config = retcode_db_config;
+ retcode.on_bi.bi_db_open = retcode_db_open;
+ retcode.on_bi.bi_db_destroy = retcode_db_destroy;
+
+ retcode.on_bi.bi_op_add = retcode_op_func;
+ retcode.on_bi.bi_op_bind = retcode_op_func;
+ retcode.on_bi.bi_op_compare = retcode_op_func;
+ retcode.on_bi.bi_op_delete = retcode_op_func;
+ retcode.on_bi.bi_op_modify = retcode_op_func;
+ retcode.on_bi.bi_op_modrdn = retcode_op_func;
+ retcode.on_bi.bi_op_search = retcode_op_func;
+
+ retcode.on_bi.bi_extended = retcode_op_func;
+
+ retcode.on_response = retcode_response;
+
+ return overlay_register( &retcode );
+}
+
+#if SLAPD_OVER_RETCODE == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+ return retcode_initialize();
+}
+#endif /* SLAPD_OVER_RETCODE == SLAPD_MOD_DYNAMIC */
+
+#endif /* SLAPD_OVER_RETCODE */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwm.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwm.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwm.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1763 @@
+/* rwm.c - rewrite/remap operations */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.c,v 1.37.2.18 2007/01/05 09:47:11 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_RWM
+
+#include <stdio.h>
+
+#include <ac/string.h>
+
+#include "slap.h"
+#include "rwm.h"
+
+typedef struct rwm_op_state {
+ ber_tag_t r_tag;
+ struct berval ro_dn;
+ struct berval ro_ndn;
+ struct berval r_dn;
+ struct berval r_ndn;
+ OpRequest o_request;
+} rwm_op_state;
+
+static int
+rwm_db_destroy( BackendDB *be );
+
+typedef struct rwm_op_cb {
+ slap_callback cb;
+ rwm_op_state ros;
+} rwm_op_cb;
+
+static int
+rwm_op_cleanup( Operation *op, SlapReply *rs )
+{
+ slap_callback *cb = op->o_callback;
+ rwm_op_state *ros = cb->sc_private;
+
+ if ( rs->sr_type == REP_RESULT || rs->sr_type == REP_EXTENDED ||
+ op->o_abandon || rs->sr_err == SLAPD_ABANDON ) {
+
+ op->o_req_dn = ros->ro_dn;
+ op->o_req_ndn = ros->ro_ndn;
+
+ if ( !BER_BVISEMPTY( &ros->r_dn )) ch_free( ros->r_dn.bv_val );
+ if ( !BER_BVISEMPTY( &ros->r_ndn )) ch_free( ros->r_ndn.bv_val );
+
+ switch( ros->r_tag ) {
+ case LDAP_REQ_COMPARE:
+ if ( op->orc_ava->aa_value.bv_val != ros->orc_ava->aa_value.bv_val )
+ op->o_tmpfree( op->orc_ava->aa_value.bv_val, op->o_tmpmemctx );
+ op->orc_ava = ros->orc_ava;
+ break;
+ case LDAP_REQ_MODIFY:
+ slap_mods_free( op->orm_modlist, 1 );
+ op->orm_modlist = ros->orm_modlist;
+ break;
+ case LDAP_REQ_MODRDN:
+ if ( op->orr_newSup != ros->orr_newSup ) {
+ ch_free( op->orr_newSup->bv_val );
+ ch_free( op->orr_nnewSup->bv_val );
+ op->o_tmpfree( op->orr_newSup, op->o_tmpmemctx );
+ op->o_tmpfree( op->orr_nnewSup, op->o_tmpmemctx );
+ op->orr_newSup = ros->orr_newSup;
+ op->orr_nnewSup = ros->orr_nnewSup;
+ }
+ break;
+ case LDAP_REQ_SEARCH:
+ ch_free( op->ors_attrs );
+ filter_free_x( op, op->ors_filter );
+ ch_free( op->ors_filterstr.bv_val );
+ op->ors_attrs = ros->ors_attrs;
+ op->ors_filter = ros->ors_filter;
+ op->ors_filterstr = ros->ors_filterstr;
+ break;
+ case LDAP_REQ_EXTENDED:
+ if ( op->ore_reqdata != ros->ore_reqdata ) {
+ ber_bvfree( op->ore_reqdata );
+ op->ore_reqdata = ros->ore_reqdata;
+ }
+ break;
+ default: break;
+ }
+ op->o_callback = op->o_callback->sc_next;
+ op->o_tmpfree( cb, op->o_tmpmemctx );
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static rwm_op_cb *
+rwm_callback_get( Operation *op, SlapReply *rs )
+{
+ rwm_op_cb *roc = NULL;
+
+ roc = op->o_tmpalloc( sizeof( struct rwm_op_cb ), op->o_tmpmemctx );
+ roc->cb.sc_cleanup = rwm_op_cleanup;
+ roc->cb.sc_response = NULL;
+ roc->cb.sc_next = op->o_callback;
+ roc->cb.sc_private = &roc->ros;
+ roc->ros.r_tag = op->o_tag;
+ roc->ros.ro_dn = op->o_req_dn;
+ roc->ros.ro_ndn = op->o_req_ndn;
+ roc->ros.o_request = op->o_request;
+ BER_BVZERO( &roc->ros.r_dn );
+ BER_BVZERO( &roc->ros.r_ndn );
+
+ return roc;
+}
+
+
+static int
+rwm_op_dn_massage( Operation *op, SlapReply *rs, void *cookie,
+ rwm_op_state *ros )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ struct berval dn = BER_BVNULL,
+ ndn = BER_BVNULL;
+ int rc = 0;
+ dncookie dc;
+
+ /*
+ * Rewrite the dn if needed
+ */
+ dc.rwmap = rwmap;
+#ifdef ENABLE_REWRITE
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = (char *)cookie;
+#else /* ! ENABLE_REWRITE */
+ dc.tofrom = ((int *)cookie)[0];
+ dc.normalized = 0;
+#endif /* ! ENABLE_REWRITE */
+
+ /* NOTE: in those cases where only the ndn is available,
+ * and the caller sets op->o_req_dn = op->o_req_ndn,
+ * only rewrite the op->o_req_ndn and use it as
+ * op->o_req_dn as well */
+ ndn = op->o_req_ndn;
+ if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
+ dn = op->o_req_dn;
+ rc = rwm_dn_massage_pretty_normalize( &dc, &op->o_req_dn, &dn, &ndn );
+ } else {
+ rc = rwm_dn_massage_normalize( &dc, &op->o_req_ndn, &ndn );
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if ( ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val && dn.bv_val == op->o_req_dn.bv_val )
+ || ndn.bv_val == op->o_req_ndn.bv_val )
+ {
+ return LDAP_SUCCESS;
+ }
+
+ if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
+ op->o_req_dn = dn;
+ ros->r_dn = dn;
+ } else {
+ op->o_req_dn = ndn;
+ }
+ ros->r_ndn = ndn;
+ op->o_req_ndn = ndn;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+rwm_op_add( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ int rc,
+ i;
+ Attribute **ap = NULL;
+ char *olddn = op->o_req_dn.bv_val;
+ int isupdate;
+
+ rwm_op_cb *roc = rwm_callback_get( op, rs );
+
+#ifdef ENABLE_REWRITE
+ rc = rwm_op_dn_massage( op, rs, "addDN", &roc->ros );
+#else /* ! ENABLE_REWRITE */
+ rc = 1;
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
+#endif /* ! ENABLE_REWRITE */
+ if ( rc != LDAP_SUCCESS ) {
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, rc, "addDN massage error" );
+ return -1;
+ }
+
+ if ( olddn != op->o_req_dn.bv_val ) {
+ ber_bvreplace( &op->ora_e->e_name, &op->o_req_dn );
+ ber_bvreplace( &op->ora_e->e_nname, &op->o_req_ndn );
+ }
+
+ /* Count number of attributes in entry */
+ isupdate = be_shadow_update( op );
+ for ( i = 0, ap = &op->oq_add.rs_e->e_attrs; *ap; ) {
+ Attribute *a;
+
+ if ( (*ap)->a_desc == slap_schema.si_ad_objectClass ||
+ (*ap)->a_desc == slap_schema.si_ad_structuralObjectClass )
+ {
+ int j, last;
+
+ for ( last = 0; !BER_BVISNULL( &(*ap)->a_vals[ last ] ); last++ )
+ /* count values */ ;
+ last--;
+ for ( j = 0; !BER_BVISNULL( &(*ap)->a_vals[ j ] ); j++ ) {
+ struct ldapmapping *mapping = NULL;
+
+ ( void )rwm_mapping( &rwmap->rwm_oc, &(*ap)->a_vals[ j ],
+ &mapping, RWM_MAP );
+ if ( mapping == NULL ) {
+ if ( rwmap->rwm_at.drop_missing ) {
+ /* FIXME: we allow to remove objectClasses as well;
+ * if the resulting entry is inconsistent, that's
+ * the relayed database's business...
+ */
+ ch_free( (*ap)->a_vals[ j ].bv_val );
+ if ( last > j ) {
+ (*ap)->a_vals[ j ] = (*ap)->a_vals[ last ];
+ }
+ BER_BVZERO( &(*ap)->a_vals[ last ] );
+ last--;
+ j--;
+ }
+
+ } else {
+ ch_free( (*ap)->a_vals[ j ].bv_val );
+ ber_dupbv( &(*ap)->a_vals[ j ], &mapping->m_dst );
+ }
+ }
+
+ } else if ( !isupdate && !get_manageDIT( op ) && (*ap)->a_desc->ad_type->sat_no_user_mod )
+ {
+ goto next_attr;
+
+ } else {
+ struct ldapmapping *mapping = NULL;
+
+ ( void )rwm_mapping( &rwmap->rwm_at, &(*ap)->a_desc->ad_cname,
+ &mapping, RWM_MAP );
+ if ( mapping == NULL ) {
+ if ( rwmap->rwm_at.drop_missing ) {
+ goto cleanup_attr;
+ }
+ }
+
+ if ( (*ap)->a_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
+ || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
+ {
+ /*
+ * FIXME: rewrite could fail; in this case
+ * the operation should give up, right?
+ */
+#ifdef ENABLE_REWRITE
+ rc = rwm_dnattr_rewrite( op, rs, "addAttrDN",
+ (*ap)->a_vals,
+ (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
+#else /* ! ENABLE_REWRITE */
+ rc = 1;
+ rc = rwm_dnattr_rewrite( op, rs, &rc, (*ap)->a_vals,
+ (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
+#endif /* ! ENABLE_REWRITE */
+ if ( rc ) {
+ goto cleanup_attr;
+ }
+
+ } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
+#ifdef ENABLE_REWRITE
+ rc = rwm_referral_rewrite( op, rs, "referralAttrDN",
+ (*ap)->a_vals,
+ (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
+#else /* ! ENABLE_REWRITE */
+ rc = 1;
+ rc = rwm_referral_rewrite( op, rs, &rc, (*ap)->a_vals,
+ (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
+#endif /* ! ENABLE_REWRITE */
+ if ( rc != LDAP_SUCCESS ) {
+ goto cleanup_attr;
+ }
+ }
+
+ if ( mapping != NULL ) {
+ assert( mapping->m_dst_ad != NULL );
+ (*ap)->a_desc = mapping->m_dst_ad;
+ }
+ }
+
+next_attr:;
+ ap = &(*ap)->a_next;
+ continue;
+
+cleanup_attr:;
+ /* FIXME: leaking attribute/values? */
+ a = *ap;
+
+ *ap = (*ap)->a_next;
+ attr_free( a );
+ }
+
+ op->o_callback = &roc->cb;
+
+ return SLAP_CB_CONTINUE;
+}
+
+#ifdef ENABLE_REWRITE
+static int
+rwm_conn_init( BackendDB *be, Connection *conn )
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ ( void )rewrite_session_init( rwmap->rwm_rw, conn );
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+rwm_conn_destroy( BackendDB *be, Connection *conn )
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ ( void )rewrite_session_delete( rwmap->rwm_rw, conn );
+
+ return SLAP_CB_CONTINUE;
+}
+#endif /* ENABLE_REWRITE */
+
+static int
+rwm_op_bind( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ int rc;
+
+ rwm_op_cb *roc = rwm_callback_get( op, rs );
+
+#ifdef ENABLE_REWRITE
+ rc = rwm_op_dn_massage( op, rs, "bindDN", &roc->ros );
+#else /* ! ENABLE_REWRITE */
+ rc = 1;
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
+#endif /* ! ENABLE_REWRITE */
+ if ( rc != LDAP_SUCCESS ) {
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, rc, "bindDN massage error" );
+ return -1;
+ }
+
+ op->o_callback = &roc->cb;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+rwm_op_unbind( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+#ifdef ENABLE_REWRITE
+ rewrite_session_delete( rwmap->rwm_rw, op->o_conn );
+#endif /* ENABLE_REWRITE */
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+rwm_op_compare( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ int rc;
+ struct berval mapped_vals[2] = { BER_BVNULL, BER_BVNULL };
+
+ rwm_op_cb *roc = rwm_callback_get( op, rs );
+
+#ifdef ENABLE_REWRITE
+ rc = rwm_op_dn_massage( op, rs, "compareDN", &roc->ros );
+#else /* ! ENABLE_REWRITE */
+ rc = 1;
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
+#endif /* ! ENABLE_REWRITE */
+ if ( rc != LDAP_SUCCESS ) {
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, rc, "compareDN massage error" );
+ return -1;
+ }
+
+ /* if the attribute is an objectClass, try to remap its value */
+ if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass
+ || op->orc_ava->aa_desc == slap_schema.si_ad_structuralObjectClass )
+ {
+ rwm_map( &rwmap->rwm_oc, &op->orc_ava->aa_value,
+ &mapped_vals[0], RWM_MAP );
+ if ( BER_BVISNULL( &mapped_vals[0] ) || BER_BVISEMPTY( &mapped_vals[0] ) )
+ {
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, LDAP_OTHER, "compare objectClass map error" );
+ return -1;
+
+ } else if ( mapped_vals[0].bv_val != op->orc_ava->aa_value.bv_val ) {
+ ber_dupbv_x( &op->orc_ava->aa_value, &mapped_vals[0],
+ op->o_tmpmemctx );
+ }
+
+ } else {
+ struct ldapmapping *mapping = NULL;
+ AttributeDescription *ad = op->orc_ava->aa_desc;
+
+ ( void )rwm_mapping( &rwmap->rwm_at, &op->orc_ava->aa_desc->ad_cname,
+ &mapping, RWM_MAP );
+ if ( mapping == NULL ) {
+ if ( rwmap->rwm_at.drop_missing ) {
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, LDAP_OTHER, "compare attributeType map error" );
+ return -1;
+ }
+
+ } else {
+ assert( mapping->m_dst_ad != NULL );
+ ad = mapping->m_dst_ad;
+ }
+
+ if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
+ || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
+ {
+ struct berval *mapped_valsp[2];
+
+ mapped_valsp[0] = &mapped_vals[0];
+ mapped_valsp[1] = &mapped_vals[1];
+
+ mapped_vals[0] = op->orc_ava->aa_value;
+
+#ifdef ENABLE_REWRITE
+ rc = rwm_dnattr_rewrite( op, rs, "compareAttrDN", NULL, mapped_valsp );
+#else /* ! ENABLE_REWRITE */
+ rc = 1;
+ rc = rwm_dnattr_rewrite( op, rs, &rc, NULL, mapped_valsp );
+#endif /* ! ENABLE_REWRITE */
+
+ if ( rc != LDAP_SUCCESS ) {
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, rc, "compareAttrDN massage error" );
+ return -1;
+ }
+
+ if ( mapped_vals[ 0 ].bv_val != op->orc_ava->aa_value.bv_val ) {
+ /* NOTE: if we get here, rwm_dnattr_rewrite()
+ * already freed the old value, so now
+ * it's invalid */
+ ber_dupbv_x( &op->orc_ava->aa_value, &mapped_vals[0],
+ op->o_tmpmemctx );
+ ber_memfree_x( mapped_vals[ 0 ].bv_val, NULL );
+ }
+ }
+ op->orc_ava->aa_desc = ad;
+ }
+
+ op->o_callback = &roc->cb;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+rwm_op_delete( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ int rc;
+
+ rwm_op_cb *roc = rwm_callback_get( op, rs );
+
+#ifdef ENABLE_REWRITE
+ rc = rwm_op_dn_massage( op, rs, "deleteDN", &roc->ros );
+#else /* ! ENABLE_REWRITE */
+ rc = 1;
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
+#endif /* ! ENABLE_REWRITE */
+ if ( rc != LDAP_SUCCESS ) {
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, rc, "deleteDN massage error" );
+ return -1;
+ }
+
+ op->o_callback = &roc->cb;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+rwm_op_modify( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ int isupdate;
+ Modifications **mlp;
+ int rc;
+
+ rwm_op_cb *roc = rwm_callback_get( op, rs );
+
+#ifdef ENABLE_REWRITE
+ rc = rwm_op_dn_massage( op, rs, "modifyDN", &roc->ros );
+#else /* ! ENABLE_REWRITE */
+ rc = 1;
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
+#endif /* ! ENABLE_REWRITE */
+ if ( rc != LDAP_SUCCESS ) {
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, rc, "modifyDN massage error" );
+ return -1;
+ }
+
+ isupdate = be_shadow_update( op );
+ for ( mlp = &op->oq_modify.rs_modlist; *mlp; ) {
+ int is_oc = 0;
+ Modifications *ml;
+ struct ldapmapping *mapping = NULL;
+
+ /* duplicate the modlist */
+ ml = ch_malloc( sizeof( Modifications ));
+ *ml = **mlp;
+ *mlp = ml;
+
+ if ( ml->sml_desc == slap_schema.si_ad_objectClass
+ || ml->sml_desc == slap_schema.si_ad_structuralObjectClass )
+ {
+ is_oc = 1;
+
+ } else if ( !isupdate && !get_manageDIT( op ) && (*mlp)->sml_desc->ad_type->sat_no_user_mod )
+ {
+ goto next_mod;
+
+ } else {
+ int drop_missing;
+
+ drop_missing = rwm_mapping( &rwmap->rwm_at,
+ &ml->sml_desc->ad_cname,
+ &mapping, RWM_MAP );
+ if ( drop_missing || ( mapping != NULL && BER_BVISNULL( &mapping->m_dst ) ) )
+ {
+ goto cleanup_mod;
+ }
+ }
+
+ if ( ml->sml_values != NULL ) {
+ int i, num;
+ struct berval *bva;
+
+ for ( num = 0; !BER_BVISNULL( &ml->sml_values[ num ] ); num++ )
+ /* count values */ ;
+
+ bva = ch_malloc( (num+1) * sizeof( struct berval ));
+ for (i=0; i<num; i++)
+ ber_dupbv( &bva[i], &ml->sml_values[i] );
+ BER_BVZERO( &bva[i] );
+ ml->sml_values = bva;
+
+ if ( ml->sml_nvalues ) {
+ bva = ch_malloc( (num+1) * sizeof( struct berval ));
+ for (i=0; i<num; i++)
+ ber_dupbv( &bva[i], &ml->sml_nvalues[i] );
+ BER_BVZERO( &bva[i] );
+ ml->sml_nvalues = bva;
+ }
+
+ if ( is_oc ) {
+ int last, j;
+
+ last = num-1;
+
+ for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ ) {
+ struct ldapmapping *oc_mapping = NULL;
+
+ ( void )rwm_mapping( &rwmap->rwm_oc, &ml->sml_values[ j ],
+ &oc_mapping, RWM_MAP );
+ if ( oc_mapping == NULL ) {
+ if ( rwmap->rwm_at.drop_missing ) {
+ /* FIXME: we allow to remove objectClasses as well;
+ * if the resulting entry is inconsistent, that's
+ * the relayed database's business...
+ */
+ if ( last > j ) {
+ ch_free( ml->sml_values[ j ].bv_val );
+ ml->sml_values[ j ] = ml->sml_values[ last ];
+ }
+ BER_BVZERO( &ml->sml_values[ last ] );
+ last--;
+ j--;
+ }
+
+ } else {
+ ch_free( ml->sml_values[ j ].bv_val );
+ ber_dupbv( &ml->sml_values[ j ], &oc_mapping->m_dst );
+ }
+ }
+
+ } else {
+ if ( ml->sml_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
+ || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
+ {
+#ifdef ENABLE_REWRITE
+ rc = rwm_dnattr_rewrite( op, rs, "modifyAttrDN",
+ ml->sml_values,
+ ml->sml_nvalues ? &ml->sml_nvalues : NULL );
+#else /* ! ENABLE_REWRITE */
+ rc = 1;
+ rc = rwm_dnattr_rewrite( op, rs, &rc,
+ ml->sml_values,
+ ml->sml_nvalues ? &ml->sml_nvalues : NULL );
+#endif /* ! ENABLE_REWRITE */
+
+ } else if ( ml->sml_desc == slap_schema.si_ad_ref ) {
+#ifdef ENABLE_REWRITE
+ rc = rwm_referral_rewrite( op, rs,
+ "referralAttrDN",
+ ml->sml_values,
+ ml->sml_nvalues ? &ml->sml_nvalues : NULL );
+#else /* ! ENABLE_REWRITE */
+ rc = 1;
+ rc = rwm_referral_rewrite( op, rs, &rc,
+ ml->sml_values,
+ ml->sml_nvalues ? &ml->sml_nvalues : NULL );
+#endif /* ! ENABLE_REWRITE */
+ if ( rc != LDAP_SUCCESS ) {
+ goto cleanup_mod;
+ }
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ goto cleanup_mod;
+ }
+ }
+ }
+
+next_mod:;
+ if ( mapping != NULL ) {
+ /* use new attribute description */
+ assert( mapping->m_dst_ad != NULL );
+ ml->sml_desc = mapping->m_dst_ad;
+ }
+
+ mlp = &ml->sml_next;
+ continue;
+
+cleanup_mod:;
+ ml = *mlp;
+ *mlp = (*mlp)->sml_next;
+ slap_mod_free( &ml->sml_mod, 0 );
+ free( ml );
+ }
+
+ op->o_callback = &roc->cb;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+rwm_op_modrdn( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ int rc;
+
+ rwm_op_cb *roc = rwm_callback_get( op, rs );
+
+ if ( op->orr_newSup ) {
+ dncookie dc;
+ struct berval nnewSup = BER_BVNULL;
+ struct berval newSup = BER_BVNULL;
+
+ /*
+ * Rewrite the new superior, if defined and required
+ */
+ dc.rwmap = rwmap;
+#ifdef ENABLE_REWRITE
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "newSuperiorDN";
+#else /* ! ENABLE_REWRITE */
+ dc.tofrom = 0;
+ dc.normalized = 0;
+#endif /* ! ENABLE_REWRITE */
+ newSup = *op->orr_newSup;
+ nnewSup = *op->orr_nnewSup;
+ rc = rwm_dn_massage_pretty_normalize( &dc, op->orr_newSup, &newSup, &nnewSup );
+ if ( rc != LDAP_SUCCESS ) {
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, rc, "newSuperiorDN massage error" );
+ return -1;
+ }
+
+ if ( op->orr_newSup->bv_val != newSup.bv_val ) {
+ op->orr_newSup = op->o_tmpalloc( sizeof( struct berval ),
+ op->o_tmpmemctx );
+ op->orr_nnewSup = op->o_tmpalloc( sizeof( struct berval ),
+ op->o_tmpmemctx );
+ *op->orr_newSup = newSup;
+ *op->orr_nnewSup = nnewSup;
+ }
+ }
+
+ /*
+ * Rewrite the dn, if needed
+ */
+#ifdef ENABLE_REWRITE
+ rc = rwm_op_dn_massage( op, rs, "renameDN", &roc->ros );
+#else /* ! ENABLE_REWRITE */
+ rc = 1;
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
+#endif /* ! ENABLE_REWRITE */
+ if ( rc != LDAP_SUCCESS ) {
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, rc, "renameDN massage error" );
+ if ( op->orr_newSup != roc->ros.orr_newSup ) {
+ ch_free( op->orr_newSup->bv_val );
+ ch_free( op->orr_nnewSup->bv_val );
+ op->o_tmpfree( op->orr_newSup, op->o_tmpmemctx );
+ op->o_tmpfree( op->orr_nnewSup, op->o_tmpmemctx );
+ op->orr_newSup = roc->ros.orr_newSup;
+ op->orr_nnewSup = roc->ros.orr_nnewSup;
+ }
+ return -1;
+ }
+
+ /* TODO: rewrite newRDN, attribute types,
+ * values of DN-valued attributes ... */
+
+ op->o_callback = &roc->cb;
+
+ return SLAP_CB_CONTINUE;
+}
+
+
+static int
+rwm_swap_attrs( Operation *op, SlapReply *rs )
+{
+ slap_callback *cb = op->o_callback;
+ rwm_op_state *ros = cb->sc_private;
+
+ rs->sr_attrs = ros->ors_attrs;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+rwm_op_search( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ int rc;
+ dncookie dc;
+
+ struct berval fstr = BER_BVNULL;
+ Filter *f = NULL;
+
+ AttributeName *an = NULL;
+
+ char *text = NULL;
+
+ rwm_op_cb *roc = rwm_callback_get( op, rs );
+
+#ifdef ENABLE_REWRITE
+ rc = rewrite_session_var_set( rwmap->rwm_rw, op->o_conn,
+ "searchFilter", op->ors_filterstr.bv_val );
+ if ( rc == LDAP_SUCCESS )
+ rc = rwm_op_dn_massage( op, rs, "searchDN", &roc->ros );
+#else /* ! ENABLE_REWRITE */
+ rc = 1;
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
+#endif /* ! ENABLE_REWRITE */
+ if ( rc != LDAP_SUCCESS ) {
+ text = "searchDN massage error";
+ goto error_return;
+ }
+
+ /*
+ * Rewrite the dn if needed
+ */
+ dc.rwmap = rwmap;
+#ifdef ENABLE_REWRITE
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "searchFilterAttrDN";
+#else /* ! ENABLE_REWRITE */
+ dc.tofrom = 0;
+ dc.normalized = 0;
+#endif /* ! ENABLE_REWRITE */
+
+ rc = rwm_filter_map_rewrite( op, &dc, op->ors_filter, &fstr );
+ if ( rc != LDAP_SUCCESS ) {
+ text = "searchFilter/searchFilterAttrDN massage error";
+ goto error_return;
+ }
+
+ f = str2filter_x( op, fstr.bv_val );
+
+ if ( f == NULL ) {
+ text = "massaged filter parse error";
+ goto error_return;
+ }
+
+ op->ors_filter = f;
+ op->ors_filterstr = fstr;
+
+ rc = rwm_map_attrnames( &rwmap->rwm_at, &rwmap->rwm_oc,
+ op->ors_attrs, &an, RWM_MAP );
+ if ( rc != LDAP_SUCCESS ) {
+ text = "attribute list mapping error";
+ goto error_return;
+ }
+
+ op->ors_attrs = an;
+ roc->cb.sc_response = rwm_swap_attrs;
+
+ op->o_callback = &roc->cb;
+
+ return SLAP_CB_CONTINUE;
+
+error_return:;
+ if ( an != NULL ) {
+ ch_free( an );
+ }
+
+ if ( f != NULL ) {
+ filter_free_x( op, f );
+ }
+
+ if ( !BER_BVISNULL( &fstr ) ) {
+ ch_free( fstr.bv_val );
+ }
+
+ op->oq_search = roc->ros.oq_search;
+
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, rc, text );
+
+ return -1;
+
+}
+
+static int
+rwm_exop_passwd( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ int rc;
+ rwm_op_cb *roc;
+
+ struct berval id = BER_BVNULL,
+ pwold = BER_BVNULL,
+ pwnew = BER_BVNULL;
+ BerElement *ber = NULL;
+
+ if ( !BER_BVISNULL( &op->o_req_ndn ) ) {
+ return LDAP_SUCCESS;
+ }
+
+ if ( !SLAP_ISGLOBALOVERLAY( op->o_bd ) ) {
+ rs->sr_err = LDAP_OTHER;
+ return rs->sr_err;
+ }
+
+ rs->sr_err = slap_passwd_parse( op->ore_reqdata, &id,
+ &pwold, &pwnew, &rs->sr_text );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ return rs->sr_err;
+ }
+
+ if ( !BER_BVISNULL( &id ) ) {
+ rs->sr_err = dnPrettyNormal( NULL, &id, &op->o_req_dn,
+ &op->o_req_ndn, op->o_tmpmemctx );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ rs->sr_text = "Invalid DN";
+ return rs->sr_err;
+ }
+
+ } else {
+ ber_dupbv_x( &op->o_req_dn, &op->o_dn, op->o_tmpmemctx );
+ ber_dupbv_x( &op->o_req_ndn, &op->o_ndn, op->o_tmpmemctx );
+ }
+
+ roc = rwm_callback_get( op, rs );
+
+#ifdef ENABLE_REWRITE
+ rc = rwm_op_dn_massage( op, rs, "extendedDN", &roc->ros );
+#else /* ! ENABLE_REWRITE */
+ rc = 1;
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
+#endif /* ! ENABLE_REWRITE */
+ if ( rc != LDAP_SUCCESS ) {
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, rc, "extendedDN massage error" );
+ return -1;
+ }
+
+ ber = ber_alloc_t( LBER_USE_DER );
+ if ( !ber ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "No memory";
+ return rs->sr_err;
+ }
+ ber_printf( ber, "{" );
+ if ( !BER_BVISNULL( &id )) {
+ ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
+ &op->o_req_dn );
+ }
+ if ( !BER_BVISNULL( &pwold )) {
+ ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &pwold );
+ }
+ if ( !BER_BVISNULL( &pwnew )) {
+ ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &pwnew );
+ }
+ ber_printf( ber, "N}" );
+ ber_flatten( ber, &op->ore_reqdata );
+ ber_free( ber, 1 );
+
+ op->o_callback = &roc->cb;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static struct exop {
+ struct berval oid;
+ BI_op_extended *extended;
+} exop_table[] = {
+ { BER_BVC(LDAP_EXOP_MODIFY_PASSWD), rwm_exop_passwd },
+ { BER_BVNULL, NULL }
+};
+
+static int
+rwm_extended( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ int rc;
+ rwm_op_cb *roc;
+
+ int i;
+
+ for ( i = 0; exop_table[i].extended != NULL; i++ ) {
+ if ( bvmatch( &exop_table[i].oid, &op->oq_extended.rs_reqoid ) )
+ {
+ rc = exop_table[i].extended( op, rs );
+ switch ( rc ) {
+ case LDAP_SUCCESS:
+ break;
+
+ case SLAP_CB_CONTINUE:
+ case SLAPD_ABANDON:
+ return rc;
+
+ default:
+ send_ldap_result( op, rs );
+ return rc;
+ }
+ break;
+ }
+ }
+
+ roc = rwm_callback_get( op, rs );
+
+#ifdef ENABLE_REWRITE
+ rc = rwm_op_dn_massage( op, rs, "extendedDN", &roc->ros );
+#else /* ! ENABLE_REWRITE */
+ rc = 1;
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
+#endif /* ! ENABLE_REWRITE */
+ if ( rc != LDAP_SUCCESS ) {
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, rc, "extendedDN massage error" );
+ return -1;
+ }
+
+ /* TODO: rewrite/map extended data ? ... */
+ op->o_callback = &roc->cb;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+rwm_matched( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ struct berval dn, mdn;
+ dncookie dc;
+ int rc;
+
+ if ( rs->sr_matched == NULL ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ dc.rwmap = rwmap;
+#ifdef ENABLE_REWRITE
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "matchedDN";
+#else /* ! ENABLE_REWRITE */
+ dc.tofrom = 0;
+ dc.normalized = 0;
+#endif /* ! ENABLE_REWRITE */
+ ber_str2bv( rs->sr_matched, 0, 0, &dn );
+ mdn = dn;
+ rc = rwm_dn_massage_pretty( &dc, &dn, &mdn );
+ if ( rc != LDAP_SUCCESS ) {
+ rs->sr_err = rc;
+ rs->sr_text = "Rewrite error";
+ return 1;
+ }
+
+ if ( mdn.bv_val != dn.bv_val ) {
+ if ( rs->sr_flags & REP_MATCHED_MUSTBEFREED ) {
+ ch_free( (void *)rs->sr_matched );
+
+ } else {
+ rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
+ }
+ rs->sr_matched = mdn.bv_val;
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first, int stripEntryDN )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ dncookie dc;
+ int rc;
+ Attribute **ap;
+ int isupdate;
+
+ /*
+ * Rewrite the dn attrs, if needed
+ */
+ dc.rwmap = rwmap;
+#ifdef ENABLE_REWRITE
+ dc.conn = op->o_conn;
+ dc.rs = NULL;
+#else /* ! ENABLE_REWRITE */
+ dc.tofrom = 0;
+ dc.normalized = 0;
+#endif /* ! ENABLE_REWRITE */
+
+ /* FIXME: the entries are in the remote mapping form;
+ * so we need to select those attributes we are willing
+ * to return, and remap them accordingly */
+
+ /* FIXME: in principle, one could map an attribute
+ * on top of another, which already exists.
+ * As such, in the end there might exist more than
+ * one instance of an attribute.
+ * We should at least check if this occurs, and issue
+ * an error (because multiple instances of attrs in
+ * response are not valid), or merge the values (what
+ * about duplicate values?) */
+ isupdate = be_shadow_update( op );
+ for ( ap = a_first; *ap; ) {
+ struct ldapmapping *mapping = NULL;
+ int drop_missing;
+ int last;
+ Attribute *a;
+
+ if ( SLAP_OPATTRS( rs->sr_attr_flags ) && is_at_operational( (*ap)->a_desc->ad_type ) )
+ {
+ /* go on */ ;
+
+ } else {
+ if ( op->ors_attrs != NULL &&
+ !SLAP_USERATTRS( rs->sr_attr_flags ) &&
+ !ad_inlist( (*ap)->a_desc, op->ors_attrs ) )
+ {
+ goto cleanup_attr;
+ }
+
+ drop_missing = rwm_mapping( &rwmap->rwm_at,
+ &(*ap)->a_desc->ad_cname, &mapping, RWM_REMAP );
+ if ( drop_missing || ( mapping != NULL && BER_BVISEMPTY( &mapping->m_dst ) ) )
+ {
+ goto cleanup_attr;
+ }
+
+ if ( mapping != NULL ) {
+ (*ap)->a_desc = mapping->m_dst_ad;
+ }
+ }
+
+ if ( (*ap)->a_desc == slap_schema.si_ad_entryDN ) {
+ if ( stripEntryDN ) {
+ /* will be generated by frontend */
+ goto cleanup_attr;
+ }
+
+ } else if ( !isupdate
+ && !get_manageDIT( op )
+ && (*ap)->a_desc->ad_type->sat_no_user_mod
+ && (*ap)->a_desc->ad_type != slap_schema.si_at_undefined )
+ {
+ goto next_attr;
+ }
+
+ for ( last = 0; !BER_BVISNULL( &(*ap)->a_vals[last] ); last++ )
+ /* just count */ ;
+
+ if ( last == 0 ) {
+ /* empty? leave it in place because of attrsonly and vlv */
+ goto next_attr;
+ }
+ last--;
+
+ if ( (*ap)->a_desc == slap_schema.si_ad_objectClass
+ || (*ap)->a_desc == slap_schema.si_ad_structuralObjectClass )
+ {
+ struct berval *bv;
+
+ for ( bv = (*ap)->a_vals; !BER_BVISNULL( bv ); bv++ ) {
+ struct berval mapped;
+
+ rwm_map( &rwmap->rwm_oc, &bv[0], &mapped, RWM_REMAP );
+ if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
+ ch_free( bv[0].bv_val );
+ BER_BVZERO( &bv[0] );
+ if ( &(*ap)->a_vals[last] > &bv[0] ) {
+ bv[0] = (*ap)->a_vals[last];
+ BER_BVZERO( &(*ap)->a_vals[last] );
+ }
+ last--;
+ bv--;
+
+ } else if ( mapped.bv_val != bv[0].bv_val ) {
+ /*
+ * FIXME: after LBER_FREEing
+ * the value is replaced by
+ * ch_alloc'ed memory
+ */
+ ber_bvreplace( &bv[0], &mapped );
+ }
+ }
+
+ /*
+ * It is necessary to try to rewrite attributes with
+ * dn syntax because they might be used in ACLs as
+ * members of groups; since ACLs are applied to the
+ * rewritten stuff, no dn-based subject clause could
+ * be used at the ldap backend side (see
+ * http://www.OpenLDAP.org/faq/data/cache/452.html)
+ * The problem can be overcome by moving the dn-based
+ * ACLs to the target directory server, and letting
+ * everything pass thru the ldap backend. */
+ /* FIXME: handle distinguishedName-like syntaxes, like
+ * nameAndOptionalUID */
+ } else if ( (*ap)->a_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
+ || ( mapping != NULL && mapping->m_src_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
+ {
+#ifdef ENABLE_REWRITE
+ dc.ctx = "searchAttrDN";
+#endif /* ENABLE_REWRITE */
+ rc = rwm_dnattr_result_rewrite( &dc, (*ap)->a_vals );
+ if ( rc != LDAP_SUCCESS ) {
+ goto cleanup_attr;
+ }
+
+ } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
+#ifdef ENABLE_REWRITE
+ dc.ctx = "searchAttrDN";
+#endif /* ENABLE_REWRITE */
+ rc = rwm_referral_result_rewrite( &dc, (*ap)->a_vals );
+ if ( rc != LDAP_SUCCESS ) {
+ goto cleanup_attr;
+ }
+ }
+
+ if ( mapping != NULL ) {
+ /* rewrite the attribute description */
+ assert( mapping->m_dst_ad != NULL );
+ (*ap)->a_desc = mapping->m_dst_ad;
+ }
+
+next_attr:;
+ ap = &(*ap)->a_next;
+ continue;
+
+cleanup_attr:;
+ a = *ap;
+ *ap = (*ap)->a_next;
+
+ attr_free( a );
+ }
+
+ return 0;
+}
+
+static int
+rwm_send_entry( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ Entry *e = NULL;
+ slap_mask_t flags;
+ struct berval dn = BER_BVNULL,
+ ndn = BER_BVNULL;
+ dncookie dc;
+ int rc;
+
+ assert( rs->sr_entry != NULL );
+
+ /*
+ * Rewrite the dn of the result, if needed
+ */
+ dc.rwmap = rwmap;
+#ifdef ENABLE_REWRITE
+ dc.conn = op->o_conn;
+ dc.rs = NULL;
+ dc.ctx = "searchEntryDN";
+#else /* ! ENABLE_REWRITE */
+ dc.tofrom = 0;
+ dc.normalized = 0;
+#endif /* ! ENABLE_REWRITE */
+
+ e = rs->sr_entry;
+ flags = rs->sr_flags;
+ if ( !( rs->sr_flags & REP_ENTRY_MODIFIABLE ) ) {
+ /* FIXME: all we need to duplicate are:
+ * - dn
+ * - ndn
+ * - attributes that are requested
+ * - no values if attrsonly is set
+ */
+
+ e = entry_dup( e );
+ if ( e == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto fail;
+ }
+
+ flags &= ~REP_ENTRY_MUSTRELEASE;
+ flags |= ( REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED );
+ }
+
+ /*
+ * Note: this may fail if the target host(s) schema differs
+ * from the one known to the meta, and a DN with unknown
+ * attributes is returned.
+ */
+ dn = e->e_name;
+ ndn = e->e_nname;
+ rc = rwm_dn_massage_pretty_normalize( &dc, &e->e_name, &dn, &ndn );
+ if ( rc != LDAP_SUCCESS ) {
+ rc = 1;
+ goto fail;
+ }
+
+ if ( e->e_name.bv_val != dn.bv_val ) {
+ ch_free( e->e_name.bv_val );
+ ch_free( e->e_nname.bv_val );
+
+ e->e_name = dn;
+ e->e_nname = ndn;
+ }
+
+ /* TODO: map entry attribute types, objectclasses
+ * and dn-valued attribute values */
+
+ /* FIXME: the entries are in the remote mapping form;
+ * so we need to select those attributes we are willing
+ * to return, and remap them accordingly */
+ (void)rwm_attrs( op, rs, &e->e_attrs, 1 );
+
+ if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
+ be_entry_release_rw( op, rs->sr_entry, 0 );
+ }
+
+ rs->sr_entry = e;
+ rs->sr_flags = flags;
+
+ return SLAP_CB_CONTINUE;
+
+fail:;
+ if ( e != NULL && e != rs->sr_entry ) {
+ if ( e->e_name.bv_val == dn.bv_val ) {
+ BER_BVZERO( &e->e_name );
+ }
+
+ if ( e->e_nname.bv_val == ndn.bv_val ) {
+ BER_BVZERO( &e->e_nname );
+ }
+
+ entry_free( e );
+ }
+
+ if ( !BER_BVISNULL( &dn ) ) {
+ ch_free( dn.bv_val );
+ }
+
+ if ( !BER_BVISNULL( &ndn ) ) {
+ ch_free( ndn.bv_val );
+ }
+
+ return rc;
+}
+
+static int
+rwm_operational( Operation *op, SlapReply *rs )
+{
+ /* FIXME: the entries are in the remote mapping form;
+ * so we need to select those attributes we are willing
+ * to return, and remap them accordingly */
+ if ( rs->sr_operational_attrs ) {
+ rwm_attrs( op, rs, &rs->sr_operational_attrs, 1 );
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+#if 0
+/* don't use this; it cannot be reverted, and leaves op->o_req_dn
+ * rewritten for subsequent operations; fine for plain suffixmassage,
+ * but destroys everything else */
+static int
+rwm_chk_referrals( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ int rc;
+
+#ifdef ENABLE_REWRITE
+ rc = rwm_op_dn_massage( op, rs, "referralCheckDN" );
+#else /* ! ENABLE_REWRITE */
+ rc = 1;
+ rc = rwm_op_dn_massage( op, rs, &rc );
+#endif /* ! ENABLE_REWRITE */
+ if ( rc != LDAP_SUCCESS ) {
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, rc, "referralCheckDN massage error" );
+ return -1;
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+#endif
+
+static int
+rwm_rw_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+#ifdef ENABLE_REWRITE
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ return rewrite_parse( rwmap->rwm_rw,
+ fname, lineno, argc, argv );
+
+#else /* !ENABLE_REWRITE */
+ fprintf( stderr, "%s: line %d: rewrite capabilities "
+ "are not enabled\n", fname, lineno );
+#endif /* !ENABLE_REWRITE */
+
+ return 0;
+}
+
+static int
+rwm_suffixmassage_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ struct berval bvnc, nvnc, pvnc, brnc, nrnc, prnc;
+ int massaged;
+#ifdef ENABLE_REWRITE
+ int rc;
+#endif /* ENABLE_REWRITE */
+
+ /*
+ * syntax:
+ *
+ * suffixmassage [<suffix>] <massaged suffix>
+ *
+ * the [<suffix>] field must be defined as a valid suffix
+ * for the current database;
+ * the <massaged suffix> shouldn't have already been
+ * defined as a valid suffix for the current server
+ */
+ if ( argc == 2 ) {
+ if ( be->be_suffix == NULL ) {
+ fprintf( stderr, "%s: line %d: "
+ " \"suffixMassage [<suffix>]"
+ " <massaged suffix>\" without "
+ "<suffix> part requires database "
+ "suffix be defined first.\n",
+ fname, lineno );
+ return 1;
+ }
+ bvnc = be->be_suffix[ 0 ];
+ massaged = 1;
+
+ } else if ( argc == 3 ) {
+ ber_str2bv( argv[ 1 ], 0, 0, &bvnc );
+ massaged = 2;
+
+ } else {
+ fprintf( stderr, "%s: line %d: syntax is"
+ " \"suffixMassage [<suffix>]"
+ " <massaged suffix>\"\n",
+ fname, lineno );
+ return 1;
+ }
+
+ if ( dnPrettyNormal( NULL, &bvnc, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
+ fname, lineno, bvnc.bv_val );
+ return 1;
+ }
+
+ ber_str2bv( argv[ massaged ], 0, 0, &brnc );
+ if ( dnPrettyNormal( NULL, &brnc, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
+ fname, lineno, brnc.bv_val );
+ free( nvnc.bv_val );
+ free( pvnc.bv_val );
+ return 1;
+ }
+
+#ifdef ENABLE_REWRITE
+ /*
+ * The suffix massaging is emulated
+ * by means of the rewrite capabilities
+ */
+ rc = rwm_suffix_massage_config( rwmap->rwm_rw,
+ &pvnc, &nvnc, &prnc, &nrnc );
+ free( nvnc.bv_val );
+ free( pvnc.bv_val );
+ free( nrnc.bv_val );
+ free( prnc.bv_val );
+
+ return( rc );
+
+#else /* !ENABLE_REWRITE */
+ ber_bvarray_add( &rwmap->rwm_suffix_massage, &pvnc );
+ ber_bvarray_add( &rwmap->rwm_suffix_massage, &nvnc );
+
+ ber_bvarray_add( &rwmap->rwm_suffix_massage, &prnc );
+ ber_bvarray_add( &rwmap->rwm_suffix_massage, &nrnc );
+#endif /* !ENABLE_REWRITE */
+
+ return 0;
+}
+
+static int
+rwm_m_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ /* objectclass/attribute mapping */
+ return rwm_map_config( &rwmap->rwm_oc,
+ &rwmap->rwm_at,
+ fname, lineno, argc, argv );
+}
+
+static int
+rwm_response( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ int rc;
+
+ if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_SEARCH ) {
+ return rwm_send_entry( op, rs );
+ }
+
+ switch( op->o_tag ) {
+ case LDAP_REQ_SEARCH:
+ case LDAP_REQ_BIND:
+ case LDAP_REQ_ADD:
+ case LDAP_REQ_DELETE:
+ case LDAP_REQ_MODRDN:
+ case LDAP_REQ_MODIFY:
+ case LDAP_REQ_COMPARE:
+ case LDAP_REQ_EXTENDED:
+ if ( rs->sr_ref ) {
+ dncookie dc;
+
+ /*
+ * Rewrite the dn of the referrals, if needed
+ */
+ dc.rwmap = rwmap;
+#ifdef ENABLE_REWRITE
+ dc.conn = op->o_conn;
+ dc.rs = NULL;
+ dc.ctx = "referralDN";
+#else /* ! ENABLE_REWRITE */
+ dc.tofrom = 0;
+ dc.normalized = 0;
+#endif /* ! ENABLE_REWRITE */
+ rc = rwm_referral_result_rewrite( &dc, rs->sr_ref );
+ if ( rc != LDAP_SUCCESS ) {
+ rc = 1;
+ break;
+ }
+ }
+ rc = rwm_matched( op, rs );
+ break;
+
+ default:
+ rc = SLAP_CB_CONTINUE;
+ break;
+ }
+
+ return rc;
+}
+
+static int
+rwm_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ int rc = 0;
+ char *argv0 = NULL;
+
+ if ( strncasecmp( argv[ 0 ], "rwm-", STRLENOF( "rwm-" ) ) == 0 ) {
+ argv0 = argv[ 0 ];
+ argv[ 0 ] = &argv0[ STRLENOF( "rwm-" ) ];
+ }
+
+ if ( strncasecmp( argv[0], "rewrite", STRLENOF("rewrite") ) == 0 ) {
+ rc = rwm_rw_config( be, fname, lineno, argc, argv );
+
+ } else if ( strcasecmp( argv[0], "map" ) == 0 ) {
+ rc = rwm_m_config( be, fname, lineno, argc, argv );
+
+ } else if ( strcasecmp( argv[0], "suffixmassage" ) == 0 ) {
+ rc = rwm_suffixmassage_config( be, fname, lineno, argc, argv );
+
+ } else if ( strcasecmp( argv[0], "t-f-support" ) == 0 ) {
+ if ( argc != 2 ) {
+ fprintf( stderr,
+ "%s: line %d: \"t-f-support {no|yes|discover}\" needs 1 argument.\n",
+ fname, lineno );
+ return( 1 );
+ }
+
+ if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+ rwmap->rwm_flags &= ~(RWM_F_SUPPORT_T_F|RWM_F_SUPPORT_T_F_DISCOVER);
+
+ } else if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+ rwmap->rwm_flags |= RWM_F_SUPPORT_T_F;
+
+ /* TODO: not implemented yet */
+ } else if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
+ fprintf( stderr,
+ "%s: line %d: \"discover\" not supported yet "
+ "in \"t-f-support {no|yes|discover}\".\n",
+ fname, lineno );
+ return( 1 );
+#if 0
+ rwmap->rwm_flags |= RWM_F_SUPPORT_T_F_DISCOVER;
+#endif
+
+ } else {
+ fprintf( stderr,
+ "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ } else {
+ rc = SLAP_CONF_UNKNOWN;
+ }
+
+ if ( argv0 ) {
+ argv[ 0 ] = argv0;
+ }
+
+ return rc;
+}
+
+static int
+rwm_db_init(
+ BackendDB *be )
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ struct ldaprwmap *rwmap;
+#ifdef ENABLE_REWRITE
+ char *rargv[ 3 ];
+#endif /* ENABLE_REWRITE */
+ int rc = 0;
+
+ rwmap = (struct ldaprwmap *)ch_calloc( 1, sizeof( struct ldaprwmap ) );
+
+#ifdef ENABLE_REWRITE
+ rwmap->rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
+ if ( rwmap->rwm_rw == NULL ) {
+ rc = -1;
+ goto error_return;
+ }
+
+ /* this rewriteContext by default must be null;
+ * rules can be added if required */
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "searchFilter";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 1, 2, rargv );
+
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "default";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 2, 2, rargv );
+#endif /* ENABLE_REWRITE */
+
+error_return:;
+ on->on_bi.bi_private = (void *)rwmap;
+
+ if ( rc ) {
+ (void)rwm_db_destroy( be );
+ }
+
+ return rc;
+}
+
+static int
+rwm_db_destroy(
+ BackendDB *be )
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ int rc = 0;
+
+ if ( on->on_bi.bi_private ) {
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+#ifdef ENABLE_REWRITE
+ if ( rwmap->rwm_rw ) {
+ rewrite_info_delete( &rwmap->rwm_rw );
+ }
+#else /* !ENABLE_REWRITE */
+ if ( rwmap->rwm_suffix_massage ) {
+ ber_bvarray_free( rwmap->rwm_suffix_massage );
+ }
+#endif /* !ENABLE_REWRITE */
+
+ avl_free( rwmap->rwm_oc.remap, rwm_mapping_dst_free );
+ avl_free( rwmap->rwm_oc.map, rwm_mapping_free );
+ avl_free( rwmap->rwm_at.remap, rwm_mapping_dst_free );
+ avl_free( rwmap->rwm_at.map, rwm_mapping_free );
+
+ ch_free( rwmap );
+ }
+
+ return rc;
+}
+
+static slap_overinst rwm = { { NULL } };
+
+#if SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC
+static
+#endif /* SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC */
+int
+rwm_initialize( void )
+{
+ memset( &rwm, 0, sizeof( slap_overinst ) );
+
+ rwm.on_bi.bi_type = "rwm";
+
+ rwm.on_bi.bi_db_init = rwm_db_init;
+ rwm.on_bi.bi_db_config = rwm_db_config;
+ rwm.on_bi.bi_db_destroy = rwm_db_destroy;
+
+ rwm.on_bi.bi_op_bind = rwm_op_bind;
+ rwm.on_bi.bi_op_search = rwm_op_search;
+ rwm.on_bi.bi_op_compare = rwm_op_compare;
+ rwm.on_bi.bi_op_modify = rwm_op_modify;
+ rwm.on_bi.bi_op_modrdn = rwm_op_modrdn;
+ rwm.on_bi.bi_op_add = rwm_op_add;
+ rwm.on_bi.bi_op_delete = rwm_op_delete;
+ rwm.on_bi.bi_op_unbind = rwm_op_unbind;
+ rwm.on_bi.bi_extended = rwm_extended;
+
+ rwm.on_bi.bi_operational = rwm_operational;
+ rwm.on_bi.bi_chk_referrals = 0 /* rwm_chk_referrals */ ;
+
+#ifdef ENABLE_REWRITE
+ rwm.on_bi.bi_connection_init = rwm_conn_init;
+ rwm.on_bi.bi_connection_destroy = rwm_conn_destroy;
+#endif /* ENABLE_REWRITE */
+
+ rwm.on_response = rwm_response;
+
+ return overlay_register( &rwm );
+}
+
+#if SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+ return rwm_initialize();
+}
+#endif /* SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC */
+
+#endif /* SLAPD_OVER_RWM */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwm.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwm.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwm.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,183 @@
+/* rwm.h - dn rewrite/attribute mapping header file */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.h,v 1.9.2.5 2007/01/02 21:44:08 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#ifndef RWM_H
+#define RWM_H
+
+/* String rewrite library */
+#ifdef ENABLE_REWRITE
+#include "rewrite.h"
+#endif /* ENABLE_REWRITE */
+
+LDAP_BEGIN_DECL
+
+/* define to enable referral DN massage by default */
+#undef RWM_REFERRAL_REWRITE
+
+struct ldapmap {
+ int drop_missing;
+
+ Avlnode *map;
+ Avlnode *remap;
+};
+
+struct ldapmapping {
+ int m_flags;
+#define RWMMAP_F_NONE 0x00
+#define RWMMAP_F_IS_OC 0x01
+#define RWMMAP_F_FREE_SRC 0x10
+#define RWMMAP_F_FREE_DST 0x20
+ struct berval m_src;
+ union {
+ AttributeDescription *m_s_ad;
+ ObjectClass *m_s_oc;
+ } m_src_ref;
+#define m_src_ad m_src_ref.m_s_ad
+#define m_src_oc m_src_ref.m_s_oc
+ struct berval m_dst;
+ union {
+ AttributeDescription *m_d_ad;
+ ObjectClass *m_d_oc;
+ } m_dst_ref;
+#define m_dst_ad m_dst_ref.m_d_ad
+#define m_dst_oc m_dst_ref.m_d_oc
+};
+
+struct ldaprwmap {
+ /*
+ * DN rewriting
+ */
+#ifdef ENABLE_REWRITE
+ struct rewrite_info *rwm_rw;
+#else /* !ENABLE_REWRITE */
+ /* some time the suffix massaging without librewrite
+ * will be disabled */
+ BerVarray rwm_suffix_massage;
+#endif /* !ENABLE_REWRITE */
+
+ /*
+ * Attribute/objectClass mapping
+ */
+ struct ldapmap rwm_oc;
+ struct ldapmap rwm_at;
+
+#define RWM_F_NONE 0x0000U
+#define RWM_F_SUPPORT_T_F 0x4000U
+#define RWM_F_SUPPORT_T_F_DISCOVER 0x8000U
+ unsigned rwm_flags;
+};
+
+/* Whatever context ldap_back_dn_massage needs... */
+typedef struct dncookie {
+ struct ldaprwmap *rwmap;
+
+#ifdef ENABLE_REWRITE
+ Connection *conn;
+ char *ctx;
+ SlapReply *rs;
+#else /* !ENABLE_REWRITE */
+ int normalized;
+ int tofrom;
+#endif /* !ENABLE_REWRITE */
+} dncookie;
+
+int rwm_dn_massage( dncookie *dc, struct berval *in, struct berval *dn );
+int rwm_dn_massage_pretty( dncookie *dc, struct berval *in, struct berval *pdn );
+int rwm_dn_massage_normalize( dncookie *dc, struct berval *in, struct berval *ndn );
+int rwm_dn_massage_pretty_normalize( dncookie *dc, struct berval *in, struct berval *pdn, struct berval *ndn );
+
+/* attributeType/objectClass mapping */
+int rwm_mapping_cmp (const void *, const void *);
+int rwm_mapping_dup (void *, void *);
+
+int rwm_map_init ( struct ldapmap *lm, struct ldapmapping ** );
+void rwm_map ( struct ldapmap *map, struct berval *s, struct berval *m,
+ int remap );
+int rwm_mapping ( struct ldapmap *map, struct berval *s,
+ struct ldapmapping **m, int remap );
+#define RWM_MAP 0
+#define RWM_REMAP 1
+char *
+rwm_map_filter(
+ struct ldapmap *at_map,
+ struct ldapmap *oc_map,
+ struct berval *f );
+
+int
+rwm_map_attrs(
+ struct ldapmap *at_map,
+ AttributeName *a,
+ int remap,
+ char ***mapped_attrs );
+
+int
+rwm_map_attrnames(
+ struct ldapmap *at_map,
+ struct ldapmap *oc_map,
+ AttributeName *an,
+ AttributeName **anp,
+ int remap );
+
+extern void rwm_mapping_dst_free ( void *mapping );
+
+extern void rwm_mapping_free ( void *mapping );
+
+extern int rwm_map_config(
+ struct ldapmap *oc_map,
+ struct ldapmap *at_map,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv );
+
+extern int
+rwm_filter_map_rewrite(
+ Operation *op,
+ dncookie *dc,
+ Filter *f,
+ struct berval *fstr );
+
+/* suffix massaging by means of librewrite */
+#ifdef ENABLE_REWRITE
+extern int rwm_suffix_massage_config( struct rewrite_info *info,
+ struct berval *pvnc, struct berval *nvnc,
+ struct berval *prnc, struct berval *nrnc);
+#endif /* ENABLE_REWRITE */
+extern int rwm_dnattr_rewrite(
+ Operation *op,
+ SlapReply *rs,
+ void *cookie,
+ BerVarray a_vals,
+ BerVarray *pa_nvals );
+extern int rwm_referral_rewrite(
+ Operation *op,
+ SlapReply *rs,
+ void *cookie,
+ BerVarray a_vals,
+ BerVarray *pa_nvals );
+extern int rwm_dnattr_result_rewrite( dncookie *dc, BerVarray a_vals );
+extern int rwm_referral_result_rewrite( dncookie *dc, BerVarray a_vals );
+
+LDAP_END_DECL
+
+#endif /* RWM_H */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwmconf.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwmconf.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwmconf.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,418 @@
+/* rwmconf.c - rewrite/map configuration file routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmconf.c,v 1.16.2.9 2007/01/05 09:47:11 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_RWM
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "rwm.h"
+#include "lutil.h"
+
+int
+rwm_map_config(
+ struct ldapmap *oc_map,
+ struct ldapmap *at_map,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+ struct ldapmap *map;
+ struct ldapmapping *mapping;
+ char *src, *dst;
+ int is_oc = 0;
+ int rc = 0;
+
+ if ( argc < 3 || argc > 4 ) {
+ fprintf( stderr,
+ "%s: line %d: syntax is \"map {objectclass | attribute} [<local> | *] {<foreign> | *}\"\n",
+ fname, lineno );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[1], "objectclass" ) == 0 ) {
+ map = oc_map;
+ is_oc = 1;
+
+ } else if ( strcasecmp( argv[1], "attribute" ) == 0 ) {
+ map = at_map;
+
+ } else {
+ fprintf( stderr, "%s: line %d: syntax is "
+ "\"map {objectclass | attribute} [<local> | *] "
+ "{<foreign> | *}\"\n",
+ fname, lineno );
+ return 1;
+ }
+
+ if ( strcmp( argv[2], "*" ) == 0 ) {
+ if ( argc < 4 || strcmp( argv[3], "*" ) == 0 ) {
+ map->drop_missing = ( argc < 4 );
+ goto success_return;
+ }
+ src = dst = argv[3];
+
+ } else if ( argc < 4 ) {
+ src = "";
+ dst = argv[2];
+
+ } else {
+ src = argv[2];
+ dst = ( strcmp( argv[3], "*" ) == 0 ? src : argv[3] );
+ }
+
+ if ( ( map == at_map )
+ && ( strcasecmp( src, "objectclass" ) == 0
+ || strcasecmp( dst, "objectclass" ) == 0 ) )
+ {
+ fprintf( stderr,
+ "%s: line %d: objectclass attribute cannot be mapped\n",
+ fname, lineno );
+ return 1;
+ }
+
+ mapping = (struct ldapmapping *)ch_calloc( 2,
+ sizeof(struct ldapmapping) );
+ if ( mapping == NULL ) {
+ fprintf( stderr,
+ "%s: line %d: out of memory\n",
+ fname, lineno );
+ return 1;
+ }
+ ber_str2bv( src, 0, 1, &mapping[0].m_src );
+ ber_str2bv( dst, 0, 1, &mapping[0].m_dst );
+ mapping[1].m_src = mapping[0].m_dst;
+ mapping[1].m_dst = mapping[0].m_src;
+
+ mapping[0].m_flags = RWMMAP_F_NONE;
+ mapping[1].m_flags = RWMMAP_F_NONE;
+
+ /*
+ * schema check
+ */
+ if ( is_oc ) {
+ if ( src[0] != '\0' ) {
+ mapping[0].m_src_oc = oc_bvfind( &mapping[0].m_src );
+ if ( mapping[0].m_src_oc == NULL ) {
+ fprintf( stderr,
+ "%s: line %d: warning, source objectClass '%s' "
+ "should be defined in schema\n",
+ fname, lineno, src );
+
+ /*
+ * FIXME: this should become an err
+ */
+ mapping[0].m_src_oc = ch_malloc( sizeof( ObjectClass ) );
+ memset( mapping[0].m_src_oc, 0, sizeof( ObjectClass ) );
+ mapping[0].m_src_oc->soc_cname = mapping[0].m_src;
+ mapping[0].m_flags |= RWMMAP_F_FREE_SRC;
+ }
+ mapping[1].m_dst_oc = mapping[0].m_src_oc;
+ }
+
+ mapping[0].m_dst_oc = oc_bvfind( &mapping[0].m_dst );
+ if ( mapping[0].m_dst_oc == NULL ) {
+ fprintf( stderr,
+ "%s: line %d: warning, destination objectClass '%s' "
+ "is not defined in schema\n",
+ fname, lineno, dst );
+
+ mapping[0].m_dst_oc = oc_bvfind_undef( &mapping[0].m_dst );
+ if ( mapping[0].m_dst_oc == NULL ) {
+ fprintf( stderr, "%s: line %d: unable to mimic destination objectClass '%s'\n",
+ fname, lineno, dst );
+ goto error_return;
+ }
+
+#if 0
+ mapping[0].m_dst_oc = ch_malloc( sizeof( ObjectClass ) );
+ memset( mapping[0].m_dst_oc, 0, sizeof( ObjectClass ) );
+ mapping[0].m_dst_oc->soc_cname = mapping[0].m_dst;
+ mapping[0].m_flags |= RWMMAP_F_FREE_DST;
+#endif
+ }
+ mapping[1].m_src_oc = mapping[0].m_dst_oc;
+
+ mapping[0].m_flags |= RWMMAP_F_IS_OC;
+ mapping[1].m_flags |= RWMMAP_F_IS_OC;
+
+ } else {
+ int rc;
+ const char *text = NULL;
+
+ if ( src[0] != '\0' ) {
+ rc = slap_bv2ad( &mapping[0].m_src,
+ &mapping[0].m_src_ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr,
+ "%s: line %d: warning, source attributeType '%s' "
+ "should be defined in schema\n",
+ fname, lineno, src );
+
+ /*
+ * we create a fake "proxied" ad
+ * and add it here.
+ */
+
+ rc = slap_bv2undef_ad( &mapping[0].m_src,
+ &mapping[0].m_src_ad, &text,
+ SLAP_AD_PROXIED );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr,
+ "%s: line %d: source attributeType '%s': %d (%s)\n",
+ fname, lineno, src, rc, text ? text : "null" );
+ goto error_return;
+ }
+
+ }
+ mapping[1].m_dst_ad = mapping[0].m_src_ad;
+ }
+
+ rc = slap_bv2ad( &mapping[0].m_dst, &mapping[0].m_dst_ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr,
+ "%s: line %d: warning, destination attributeType '%s' "
+ "is not defined in schema\n",
+ fname, lineno, dst );
+
+ rc = slap_bv2undef_ad( &mapping[0].m_dst,
+ &mapping[0].m_dst_ad, &text,
+ SLAP_AD_PROXIED );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr,
+ "%s: line %d: destination attributeType '%s': %d (%s)\n",
+ fname, lineno, dst, rc, text ? text : "null" );
+ goto error_return;
+ }
+ }
+ mapping[1].m_src_ad = mapping[0].m_dst_ad;
+ }
+
+ if ( ( src[0] != '\0' && avl_find( map->map, (caddr_t)mapping, rwm_mapping_cmp ) != NULL)
+ || avl_find( map->remap, (caddr_t)&mapping[1], rwm_mapping_cmp ) != NULL)
+ {
+ fprintf( stderr,
+ "%s: line %d: duplicate mapping found" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ fname, lineno );
+ /* FIXME: free stuff */
+ goto error_return;
+ }
+
+ if ( src[0] != '\0' ) {
+ avl_insert( &map->map, (caddr_t)&mapping[0],
+ rwm_mapping_cmp, rwm_mapping_dup );
+ }
+ avl_insert( &map->remap, (caddr_t)&mapping[1],
+ rwm_mapping_cmp, rwm_mapping_dup );
+
+success_return:;
+ if ( !is_oc && map->map == NULL ) {
+ /* only init if required */
+ rc = rwm_map_init( map, &mapping ) != LDAP_SUCCESS;
+ }
+
+ return rc;
+
+error_return:;
+ if ( mapping ) {
+ rwm_mapping_free( mapping );
+ }
+
+ return 1;
+}
+
+#ifdef ENABLE_REWRITE
+static char *
+rwm_suffix_massage_regexize( const char *s )
+{
+ char *res, *ptr;
+ const char *p, *r;
+ int i;
+
+ if ( s[0] == '\0' ) {
+ return ch_strdup( "^(.+)$" );
+ }
+
+ for ( i = 0, p = s;
+ ( r = strchr( p, ',' ) ) != NULL;
+ p = r + 1, i++ )
+ ;
+
+ res = ch_calloc( sizeof( char ), strlen( s )
+ + STRLENOF( "((.+),)?" )
+ + STRLENOF( "[ ]?" ) * i
+ + STRLENOF( "$" ) + 1 );
+
+ ptr = lutil_strcopy( res, "((.+),)?" );
+ for ( i = 0, p = s;
+ ( r = strchr( p, ',' ) ) != NULL;
+ p = r + 1 , i++ ) {
+ ptr = lutil_strncopy( ptr, p, r - p + 1 );
+ ptr = lutil_strcopy( ptr, "[ ]?" );
+
+ if ( r[ 1 ] == ' ' ) {
+ r++;
+ }
+ }
+ ptr = lutil_strcopy( ptr, p );
+ ptr[0] = '$';
+ ptr[1] = '\0';
+
+ return res;
+}
+
+static char *
+rwm_suffix_massage_patternize( const char *s, const char *p )
+{
+ ber_len_t len;
+ char *res, *ptr;
+
+ len = strlen( p );
+
+ if ( s[ 0 ] == '\0' ) {
+ len++;
+ }
+
+ res = ch_calloc( sizeof( char ), len + STRLENOF( "%1" ) + 1 );
+ if ( res == NULL ) {
+ return NULL;
+ }
+
+ ptr = lutil_strcopy( res, ( p[0] == '\0' ? "%2" : "%1" ) );
+ if ( s[ 0 ] == '\0' ) {
+ ptr[ 0 ] = ',';
+ ptr++;
+ }
+ lutil_strcopy( ptr, p );
+
+ return res;
+}
+
+int
+rwm_suffix_massage_config(
+ struct rewrite_info *info,
+ struct berval *pvnc,
+ struct berval *nvnc,
+ struct berval *prnc,
+ struct berval *nrnc
+)
+{
+ char *rargv[ 5 ];
+ int line = 0;
+
+ rargv[ 0 ] = "rewriteEngine";
+ rargv[ 1 ] = "on";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
+
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "default";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
+
+ rargv[ 0 ] = "rewriteRule";
+ rargv[ 1 ] = rwm_suffix_massage_regexize( pvnc->bv_val );
+ rargv[ 2 ] = rwm_suffix_massage_patternize( pvnc->bv_val, prnc->bv_val );
+ rargv[ 3 ] = ":";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+ ch_free( rargv[ 1 ] );
+ ch_free( rargv[ 2 ] );
+
+ if ( BER_BVISEMPTY( pvnc ) ) {
+ rargv[ 0 ] = "rewriteRule";
+ rargv[ 1 ] = "^$";
+ rargv[ 2 ] = prnc->bv_val;
+ rargv[ 3 ] = ":";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+ }
+
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "searchEntryDN";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
+
+ rargv[ 0 ] = "rewriteRule";
+ rargv[ 1 ] = rwm_suffix_massage_regexize( prnc->bv_val );
+ rargv[ 2 ] = rwm_suffix_massage_patternize( prnc->bv_val, pvnc->bv_val );
+ rargv[ 3 ] = ":";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+ ch_free( rargv[ 1 ] );
+ ch_free( rargv[ 2 ] );
+
+ if ( BER_BVISEMPTY( prnc ) ) {
+ rargv[ 0 ] = "rewriteRule";
+ rargv[ 1 ] = "^$";
+ rargv[ 2 ] = pvnc->bv_val;
+ rargv[ 3 ] = ":";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+ }
+
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "matchedDN";
+ rargv[ 2 ] = "alias";
+ rargv[ 3 ] = "searchEntryDN";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+
+#ifdef RWM_REFERRAL_REWRITE
+ /* FIXME: we don't want this on by default, do we? */
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "referralDN";
+ rargv[ 2 ] = "alias";
+ rargv[ 3 ] = "searchEntryDN";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+#else /* ! RWM_REFERRAL_REWRITE */
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "referralAttrDN";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
+
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "referralDN";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
+#endif /* ! RWM_REFERRAL_REWRITE */
+
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "searchAttrDN";
+ rargv[ 2 ] = "alias";
+ rargv[ 3 ] = "searchEntryDN";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+
+ return 0;
+}
+#endif /* ENABLE_REWRITE */
+
+#endif /* SLAPD_OVER_RWM */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwmdn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwmdn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwmdn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,319 @@
+/* rwmdn.c - massages dns */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmdn.c,v 1.11.2.8 2007/01/02 21:44:08 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_RWM
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "rwm.h"
+
+/* FIXME: after rewriting, we should also remap attributes ... */
+
+/*
+ * massages "in" and normalizes it into "ndn"
+ *
+ * "ndn" may be untouched if no massaging occurred and its value was not null
+ */
+int
+rwm_dn_massage_normalize(
+ dncookie *dc,
+ struct berval *in,
+ struct berval *ndn )
+{
+ int rc;
+ struct berval mdn = BER_BVNULL;
+
+ /* massage and normalize a DN */
+ rc = rwm_dn_massage( dc, in, &mdn );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if ( mdn.bv_val == in->bv_val && !BER_BVISNULL( ndn ) ) {
+ return rc;
+ }
+
+ rc = dnNormalize( 0, NULL, NULL, &mdn, ndn, NULL );
+
+ if ( mdn.bv_val != in->bv_val ) {
+ ch_free( mdn.bv_val );
+ }
+
+ return rc;
+}
+
+/*
+ * massages "in" and prettifies it into "pdn"
+ *
+ * "pdn" may be untouched if no massaging occurred and its value was not null
+ */
+int
+rwm_dn_massage_pretty(
+ dncookie *dc,
+ struct berval *in,
+ struct berval *pdn )
+{
+ int rc;
+ struct berval mdn = BER_BVNULL;
+
+ /* massage and pretty a DN */
+ rc = rwm_dn_massage( dc, in, &mdn );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if ( mdn.bv_val == in->bv_val && !BER_BVISNULL( pdn ) ) {
+ return rc;
+ }
+
+ rc = dnPretty( NULL, &mdn, pdn, NULL );
+
+ if ( mdn.bv_val != in->bv_val ) {
+ ch_free( mdn.bv_val );
+ }
+
+ return rc;
+}
+
+/*
+ * massages "in" and prettifies and normalizes it into "pdn" and "ndn"
+ *
+ * "pdn" may be untouched if no massaging occurred and its value was not null;
+ * "ndn" may be untouched if no massaging occurred and its value was not null;
+ * if no massage occurred and "ndn" value was not null, it is filled
+ * with the normaized value of "pdn", much like ndn = dnNormalize( pdn )
+ */
+int
+rwm_dn_massage_pretty_normalize(
+ dncookie *dc,
+ struct berval *in,
+ struct berval *pdn,
+ struct berval *ndn )
+{
+ int rc;
+ struct berval mdn = BER_BVNULL;
+
+ /* massage, pretty and normalize a DN */
+ rc = rwm_dn_massage( dc, in, &mdn );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if ( mdn.bv_val == in->bv_val && !BER_BVISNULL( pdn ) ) {
+ if ( BER_BVISNULL( ndn ) ) {
+ rc = dnNormalize( 0, NULL, NULL, &mdn, ndn, NULL );
+ }
+ return rc;
+ }
+
+ rc = dnPrettyNormal( NULL, &mdn, pdn, ndn, NULL );
+
+ if ( mdn.bv_val != in->bv_val ) {
+ ch_free( mdn.bv_val );
+ }
+
+ return rc;
+}
+
+#ifdef ENABLE_REWRITE
+/*
+ * massages "in" into "dn"
+ *
+ * "dn" may contain the value of "in" if no massage occurred
+ */
+int
+rwm_dn_massage(
+ dncookie *dc,
+ struct berval *in,
+ struct berval *dn
+)
+{
+ int rc = 0;
+ struct berval mdn;
+ static char *dmy = "";
+
+ assert( dc != NULL );
+ assert( in != NULL );
+ assert( dn != NULL );
+
+ rc = rewrite_session( dc->rwmap->rwm_rw, dc->ctx,
+ ( in->bv_val ? in->bv_val : dmy ),
+ dc->conn, &mdn.bv_val );
+ switch ( rc ) {
+ case REWRITE_REGEXEC_OK:
+ if ( !BER_BVISNULL( &mdn ) && mdn.bv_val != in->bv_val ) {
+ mdn.bv_len = strlen( mdn.bv_val );
+ *dn = mdn;
+ } else {
+ *dn = *in;
+ }
+ rc = LDAP_SUCCESS;
+
+ Debug( LDAP_DEBUG_ARGS,
+ "[rw] %s: \"%s\" -> \"%s\"\n",
+ dc->ctx, in->bv_val, dn->bv_val );
+ break;
+
+ case REWRITE_REGEXEC_UNWILLING:
+ if ( dc->rs ) {
+ dc->rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ dc->rs->sr_text = "Operation not allowed";
+ }
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ break;
+
+ case REWRITE_REGEXEC_ERR:
+ if ( dc->rs ) {
+ dc->rs->sr_err = LDAP_OTHER;
+ dc->rs->sr_text = "Rewrite error";
+ }
+ rc = LDAP_OTHER;
+ break;
+ }
+
+ if ( mdn.bv_val == dmy ) {
+ BER_BVZERO( &mdn );
+ }
+
+ if ( dn->bv_val == dmy ) {
+ BER_BVZERO( dn );
+ }
+
+ return rc;
+}
+
+#else /* ! ENABLE_REWRITE */
+/*
+ * rwm_dn_massage
+ *
+ * Aliases the suffix; based on suffix_alias (servers/slapd/suffixalias.c).
+ */
+int
+rwm_dn_massage(
+ dncookie *dc,
+ struct berval *in,
+ struct berval *dn
+)
+{
+ int i, src, dst;
+ struct berval tmpin;
+
+ assert( dc != NULL );
+ assert( in != NULL );
+ assert( dn != NULL );
+
+ BER_BVZERO( dn );
+
+ if ( BER_BVISNULL( in ) ) {
+ return LDAP_SUCCESS;
+ }
+
+ if ( dc->rwmap == NULL || dc->rwmap->rwm_suffix_massage == NULL ) {
+ *dn = *in;
+ return LDAP_SUCCESS;
+ }
+
+ if ( dc->tofrom ) {
+ src = 0 + dc->normalized;
+ dst = 2 + dc->normalized;
+
+ tmpin = *in;
+
+ } else {
+ int rc;
+
+ src = 2 + dc->normalized;
+ dst = 0 + dc->normalized;
+
+ /* DN from remote server may be in arbitrary form.
+ * Pretty it so we can parse reliably.
+ */
+ if ( dc->normalized ) {
+ rc = dnNormalize( 0, NULL, NULL, in, &tmpin, NULL );
+
+ } else {
+ rc = dnPretty( NULL, in, &tmpin, NULL );
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ }
+
+ for ( i = 0;
+ !BER_BVISNULL( &dc->rwmap->rwm_suffix_massage[i] );
+ i += 4 )
+ {
+ int aliasLength = dc->rwmap->rwm_suffix_massage[i+src].bv_len;
+ int diff = tmpin.bv_len - aliasLength;
+
+ if ( diff < 0 ) {
+ /* alias is longer than dn */
+ continue;
+
+ } else if ( diff > 0 && ( !DN_SEPARATOR(tmpin.bv_val[diff-1])))
+ {
+ /* FIXME: DN_SEPARATOR() is intended to work
+ * on a normalized/pretty DN, so that ';'
+ * is never used as a DN separator */
+ continue;
+ /* At a DN Separator */
+ }
+
+ if ( !strcmp( dc->rwmap->rwm_suffix_massage[i+src].bv_val,
+ &tmpin.bv_val[diff] ) )
+ {
+ dn->bv_len = diff + dc->rwmap->rwm_suffix_massage[i+dst].bv_len;
+ dn->bv_val = ch_malloc( dn->bv_len + 1 );
+ strncpy( dn->bv_val, tmpin.bv_val, diff );
+ strcpy( &dn->bv_val[diff], dc->rwmap->rwm_suffix_massage[i+dst].bv_val );
+ Debug( LDAP_DEBUG_ARGS,
+ "rwm_dn_massage:"
+ " converted \"%s\" to \"%s\"\n",
+ in->bv_val, dn->bv_val, 0 );
+
+ break;
+ }
+ }
+
+ if ( tmpin.bv_val != in->bv_val ) {
+ ch_free( tmpin.bv_val );
+ }
+
+ /* Nothing matched, just return the original DN */
+ if ( BER_BVISNULL( dn ) ) {
+ *dn = *in;
+ }
+
+ return LDAP_SUCCESS;
+}
+#endif /* ! ENABLE_REWRITE */
+
+#endif /* SLAPD_OVER_RWM */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwmmap.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwmmap.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/rwmmap.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1274 @@
+/* rwmmap.c - rewrite/mapping routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmmap.c,v 1.14.2.14 2007/02/26 22:59:55 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_RWM
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "rwm.h"
+
+#undef ldap_debug /* silence a warning in ldap-int.h */
+#include "../../../libraries/libldap/ldap-int.h"
+
+int
+rwm_mapping_cmp( const void *c1, const void *c2 )
+{
+ struct ldapmapping *map1 = (struct ldapmapping *)c1;
+ struct ldapmapping *map2 = (struct ldapmapping *)c2;
+ int rc = map1->m_src.bv_len - map2->m_src.bv_len;
+
+ if ( rc ) {
+ return rc;
+ }
+
+ return strcasecmp( map1->m_src.bv_val, map2->m_src.bv_val );
+}
+
+int
+rwm_mapping_dup( void *c1, void *c2 )
+{
+ struct ldapmapping *map1 = (struct ldapmapping *)c1;
+ struct ldapmapping *map2 = (struct ldapmapping *)c2;
+ int rc = map1->m_src.bv_len - map2->m_src.bv_len;
+
+ if ( rc ) {
+ return 0;
+ }
+
+ return ( ( strcasecmp( map1->m_src.bv_val, map2->m_src.bv_val ) == 0 ) ? -1 : 0 );
+}
+
+int
+rwm_map_init( struct ldapmap *lm, struct ldapmapping **m )
+{
+ struct ldapmapping *mapping;
+ const char *text;
+ int rc;
+
+ assert( m != NULL );
+
+ *m = NULL;
+
+ mapping = (struct ldapmapping *)ch_calloc( 2,
+ sizeof( struct ldapmapping ) );
+ if ( mapping == NULL ) {
+ return LDAP_NO_MEMORY;
+ }
+
+ /* FIXME: I don't think this is needed any more... */
+ rc = slap_str2ad( "objectClass", &mapping[0].m_src_ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ ch_free( mapping );
+ return rc;
+ }
+
+ mapping[0].m_dst_ad = mapping[0].m_src_ad;
+ ber_dupbv( &mapping[0].m_src, &mapping[0].m_src_ad->ad_cname );
+ ber_dupbv( &mapping[0].m_dst, &mapping[0].m_src );
+
+ mapping[1].m_src = mapping[0].m_src;
+ mapping[1].m_dst = mapping[0].m_dst;
+ mapping[1].m_src_ad = mapping[0].m_src_ad;
+ mapping[1].m_dst_ad = mapping[1].m_src_ad;
+
+ avl_insert( &lm->map, (caddr_t)&mapping[0],
+ rwm_mapping_cmp, rwm_mapping_dup );
+ avl_insert( &lm->remap, (caddr_t)&mapping[1],
+ rwm_mapping_cmp, rwm_mapping_dup );
+
+ *m = mapping;
+
+ return rc;
+}
+
+int
+rwm_mapping( struct ldapmap *map, struct berval *s, struct ldapmapping **m, int remap )
+{
+ Avlnode *tree;
+ struct ldapmapping fmapping;
+
+ if ( map == NULL ) {
+ return 0;
+ }
+
+ assert( m != NULL );
+
+ if ( remap == RWM_REMAP ) {
+ tree = map->remap;
+
+ } else {
+ tree = map->map;
+ }
+
+ fmapping.m_src = *s;
+ *m = (struct ldapmapping *)avl_find( tree, (caddr_t)&fmapping,
+ rwm_mapping_cmp );
+
+ if ( *m == NULL ) {
+ return map->drop_missing;
+ }
+
+ return 0;
+}
+
+void
+rwm_map( struct ldapmap *map, struct berval *s, struct berval *bv, int remap )
+{
+ struct ldapmapping *mapping;
+
+ /* map->map may be NULL when mapping is configured,
+ * but map->remap can't */
+ if ( map->remap == NULL ) {
+ *bv = *s;
+ return;
+ }
+
+ BER_BVZERO( bv );
+ ( void )rwm_mapping( map, s, &mapping, remap );
+ if ( mapping != NULL ) {
+ if ( !BER_BVISNULL( &mapping->m_dst ) ) {
+ *bv = mapping->m_dst;
+ }
+ return;
+ }
+
+ if ( !map->drop_missing ) {
+ *bv = *s;
+ }
+}
+
+/*
+ * Map attribute names in place
+ */
+int
+rwm_map_attrnames(
+ struct ldapmap *at_map,
+ struct ldapmap *oc_map,
+ AttributeName *an,
+ AttributeName **anp,
+ int remap
+)
+{
+ int i, j;
+
+ assert( anp != NULL );
+
+ *anp = NULL;
+
+ if ( an == NULL ) {
+ return LDAP_SUCCESS;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ )
+ /* just count */ ;
+ *anp = ch_malloc( ( i + 1 )* sizeof( AttributeName ) );
+ if ( *anp == NULL ) {
+ return LDAP_NO_MEMORY;
+ }
+
+ for ( i = 0, j = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) {
+ struct ldapmapping *m;
+ int at_drop_missing = 0,
+ oc_drop_missing = 0;
+
+ if ( an[i].an_desc ) {
+ if ( !at_map ) {
+ /* FIXME: better leave as is? */
+ continue;
+ }
+
+ at_drop_missing = rwm_mapping( at_map, &an[i].an_name, &m, remap );
+ if ( at_drop_missing || ( m && BER_BVISNULL( &m->m_dst ) ) ) {
+ continue;
+ }
+
+ if ( !m ) {
+ (*anp)[j] = an[i];
+ j++;
+ continue;
+ }
+
+ (*anp)[j] = an[i];
+ if ( remap == RWM_MAP ) {
+ (*anp)[j].an_name = m->m_dst;
+ (*anp)[j].an_desc = m->m_dst_ad;
+ } else {
+ (*anp)[j].an_name = m->m_src;
+ (*anp)[j].an_desc = m->m_src_ad;
+
+ }
+
+ j++;
+ continue;
+
+ } else if ( an[i].an_oc ) {
+ if ( !oc_map ) {
+ /* FIXME: better leave as is? */
+ continue;
+ }
+
+ oc_drop_missing = rwm_mapping( oc_map, &an[i].an_name, &m, remap );
+
+ if ( oc_drop_missing || ( m && BER_BVISNULL( &m->m_dst ) ) ) {
+ continue;
+ }
+
+ if ( !m ) {
+ (*anp)[j] = an[i];
+ j++;
+ continue;
+ }
+
+ (*anp)[j] = an[i];
+ if ( remap == RWM_MAP ) {
+ (*anp)[j].an_name = m->m_dst;
+ (*anp)[j].an_oc = m->m_dst_oc;
+ } else {
+ (*anp)[j].an_name = m->m_src;
+ (*anp)[j].an_oc = m->m_src_oc;
+ }
+
+ } else {
+ at_drop_missing = rwm_mapping( at_map, &an[i].an_name, &m, remap );
+
+ if ( at_drop_missing || !m ) {
+
+ oc_drop_missing = rwm_mapping( oc_map, &an[i].an_name, &m, remap );
+
+ /* if both at_map and oc_map required to drop missing,
+ * then do it */
+ if ( oc_drop_missing && at_drop_missing ) {
+ continue;
+ }
+
+ /* if no oc_map mapping was found and at_map required
+ * to drop missing, then do it; otherwise, at_map wins
+ * and an is considered an attr and is left unchanged */
+ if ( !m ) {
+ if ( at_drop_missing ) {
+ continue;
+ }
+ (*anp)[j] = an[i];
+ j++;
+ continue;
+ }
+
+ if ( BER_BVISNULL( &m->m_dst ) ) {
+ continue;
+ }
+
+ (*anp)[j] = an[i];
+ if ( remap == RWM_MAP ) {
+ (*anp)[j].an_name = m->m_dst;
+ (*anp)[j].an_oc = m->m_dst_oc;
+ } else {
+ (*anp)[j].an_name = m->m_src;
+ (*anp)[j].an_oc = m->m_src_oc;
+ }
+ j++;
+ continue;
+ }
+
+ if ( !BER_BVISNULL( &m->m_dst ) ) {
+ (*anp)[j] = an[i];
+ if ( remap == RWM_MAP ) {
+ (*anp)[j].an_name = m->m_dst;
+ (*anp)[j].an_desc = m->m_dst_ad;
+ } else {
+ (*anp)[j].an_name = m->m_src;
+ (*anp)[j].an_desc = m->m_src_ad;
+ }
+ j++;
+ continue;
+ }
+ }
+ }
+
+ if ( j == 0 && i != 0 ) {
+ memset( &(*anp)[0], 0, sizeof( AttributeName ) );
+ BER_BVSTR( &(*anp)[0].an_name, LDAP_NO_ATTRS );
+ }
+ memset( &(*anp)[j], 0, sizeof( AttributeName ) );
+
+ return LDAP_SUCCESS;
+}
+
+int
+rwm_map_attrs(
+ struct ldapmap *at_map,
+ AttributeName *an,
+ int remap,
+ char ***mapped_attrs
+)
+{
+ int i, j;
+ char **na;
+
+ if ( an == NULL ) {
+ *mapped_attrs = NULL;
+ return LDAP_SUCCESS;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &an[ i ].an_name ); i++ ) {
+ /* */
+ }
+
+ na = (char **)ch_calloc( i + 1, sizeof( char * ) );
+ if ( na == NULL ) {
+ *mapped_attrs = NULL;
+ return LDAP_NO_MEMORY;
+ }
+
+ for ( i = j = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) {
+ struct ldapmapping *mapping;
+
+ if ( rwm_mapping( at_map, &an[i].an_name, &mapping, remap ) ) {
+ continue;
+ }
+
+ if ( !mapping ) {
+ na[ j++ ] = an[ i ].an_name.bv_val;
+
+ } else if ( !BER_BVISNULL( &mapping->m_dst ) ) {
+ na[ j++ ] = mapping->m_dst.bv_val;
+ }
+ }
+
+ if ( j == 0 && i != 0 ) {
+ na[ j++ ] = LDAP_NO_ATTRS;
+ }
+
+ na[ j ] = NULL;
+
+ *mapped_attrs = na;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+map_attr_value(
+ dncookie *dc,
+ AttributeDescription **adp,
+ struct berval *mapped_attr,
+ struct berval *value,
+ struct berval *mapped_value,
+ int remap )
+{
+ struct berval vtmp = BER_BVNULL;
+ int freeval = 0;
+ AttributeDescription *ad = *adp;
+ struct ldapmapping *mapping = NULL;
+
+ rwm_mapping( &dc->rwmap->rwm_at, &ad->ad_cname, &mapping, remap );
+ if ( mapping == NULL ) {
+ if ( dc->rwmap->rwm_at.drop_missing ) {
+ return -1;
+ }
+
+ *mapped_attr = ad->ad_cname;
+
+ } else {
+ *mapped_attr = mapping->m_dst;
+ }
+
+ if ( value != NULL ) {
+ assert( mapped_value != NULL );
+
+ if ( ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
+ || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
+ {
+ dncookie fdc = *dc;
+ int rc;
+
+#ifdef ENABLE_REWRITE
+ fdc.ctx = "searchFilterAttrDN";
+#endif /* ENABLE_REWRITE */
+
+ vtmp = *value;
+ rc = rwm_dn_massage_normalize( &fdc, value, &vtmp );
+ switch ( rc ) {
+ case LDAP_SUCCESS:
+ if ( vtmp.bv_val != value->bv_val ) {
+ freeval = 1;
+ }
+ break;
+
+ case LDAP_UNWILLING_TO_PERFORM:
+ case LDAP_OTHER:
+ default:
+ return -1;
+ }
+
+ } else if ( ad == slap_schema.si_ad_objectClass
+ || ad == slap_schema.si_ad_structuralObjectClass )
+ {
+ rwm_map( &dc->rwmap->rwm_oc, value, &vtmp, remap );
+ if ( BER_BVISNULL( &vtmp ) || BER_BVISEMPTY( &vtmp ) ) {
+ vtmp = *value;
+ }
+
+ } else {
+ vtmp = *value;
+ }
+
+ filter_escape_value( &vtmp, mapped_value );
+
+ if ( freeval ) {
+ ch_free( vtmp.bv_val );
+ }
+ }
+
+ if ( mapping != NULL ) {
+ assert( mapping->m_dst_ad != NULL );
+ *adp = mapping->m_dst_ad;
+ }
+
+ return 0;
+}
+
+static int
+rwm_int_filter_map_rewrite(
+ Operation *op,
+ dncookie *dc,
+ Filter *f,
+ struct berval *fstr )
+{
+ int i;
+ Filter *p;
+ AttributeDescription *ad;
+ struct berval atmp,
+ vtmp,
+ *tmp;
+ static struct berval
+ /* better than nothing... */
+ ber_bvfalse = BER_BVC( "(!(objectClass=*))" ),
+ ber_bvtf_false = BER_BVC( "(|)" ),
+ /* better than nothing... */
+ ber_bvtrue = BER_BVC( "(objectClass=*)" ),
+ ber_bvtf_true = BER_BVC( "(&)" ),
+#if 0
+ /* no longer needed; preserved for completeness */
+ ber_bvundefined = BER_BVC( "(?=undefined)" ),
+#endif
+ ber_bverror = BER_BVC( "(?=error)" ),
+ ber_bvunknown = BER_BVC( "(?=unknown)" ),
+ ber_bvnone = BER_BVC( "(?=none)" );
+ ber_len_t len;
+
+ if ( f == NULL ) {
+ ber_dupbv( fstr, &ber_bvnone );
+ return LDAP_OTHER;
+ }
+
+ switch ( f->f_choice ) {
+ case LDAP_FILTER_EQUALITY:
+ ad = f->f_av_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
+ &f->f_av_value, &vtmp, RWM_MAP ) )
+ {
+ goto computed;
+ }
+
+ fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(=)" );
+ fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
+
+ ch_free( vtmp.bv_val );
+ break;
+
+ case LDAP_FILTER_GE:
+ ad = f->f_av_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
+ &f->f_av_value, &vtmp, RWM_MAP ) )
+ {
+ goto computed;
+ }
+
+ fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(>=)" );
+ fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
+
+ ch_free( vtmp.bv_val );
+ break;
+
+ case LDAP_FILTER_LE:
+ ad = f->f_av_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
+ &f->f_av_value, &vtmp, RWM_MAP ) )
+ {
+ goto computed;
+ }
+
+ fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(<=)" );
+ fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
+
+ ch_free( vtmp.bv_val );
+ break;
+
+ case LDAP_FILTER_APPROX:
+ ad = f->f_av_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
+ &f->f_av_value, &vtmp, RWM_MAP ) )
+ {
+ goto computed;
+ }
+
+ fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(~=)" );
+ fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
+
+ ch_free( vtmp.bv_val );
+ break;
+
+ case LDAP_FILTER_SUBSTRINGS:
+ ad = f->f_sub_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
+ NULL, NULL, RWM_MAP ) )
+ {
+ goto computed;
+ }
+
+ /* cannot be a DN ... */
+
+ fstr->bv_len = atmp.bv_len + STRLENOF( "(=*)" );
+ fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
+ atmp.bv_val );
+
+ if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
+ len = fstr->bv_len;
+
+ filter_escape_value( &f->f_sub_initial, &vtmp );
+
+ fstr->bv_len += vtmp.bv_len;
+ fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
+
+ snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3,
+ /* "(attr=" */ "%s*)",
+ vtmp.bv_len ? vtmp.bv_val : "" );
+
+ ch_free( vtmp.bv_val );
+ }
+
+ if ( f->f_sub_any != NULL ) {
+ for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) {
+ len = fstr->bv_len;
+ filter_escape_value( &f->f_sub_any[i], &vtmp );
+
+ fstr->bv_len += vtmp.bv_len + 1;
+ fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
+
+ snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
+ /* "(attr=[init]*[any*]" */ "%s*)",
+ vtmp.bv_len ? vtmp.bv_val : "" );
+ ch_free( vtmp.bv_val );
+ }
+ }
+
+ if ( !BER_BVISNULL( &f->f_sub_final ) ) {
+ len = fstr->bv_len;
+
+ filter_escape_value( &f->f_sub_final, &vtmp );
+
+ fstr->bv_len += vtmp.bv_len;
+ fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
+
+ snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
+ /* "(attr=[init*][any*]" */ "%s)",
+ vtmp.bv_len ? vtmp.bv_val : "" );
+
+ ch_free( vtmp.bv_val );
+ }
+
+ break;
+
+ case LDAP_FILTER_PRESENT:
+ ad = f->f_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
+ NULL, NULL, RWM_MAP ) )
+ {
+ goto computed;
+ }
+
+ fstr->bv_len = atmp.bv_len + STRLENOF( "(=*)" );
+ fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
+ atmp.bv_val );
+ break;
+
+ case LDAP_FILTER_AND:
+ case LDAP_FILTER_OR:
+ case LDAP_FILTER_NOT:
+ fstr->bv_len = STRLENOF( "(%)" );
+ fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
+ f->f_choice == LDAP_FILTER_AND ? '&' :
+ f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
+
+ for ( p = f->f_list; p != NULL; p = p->f_next ) {
+ int rc;
+
+ len = fstr->bv_len;
+
+ rc = rwm_int_filter_map_rewrite( op, dc, p, &vtmp );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ fstr->bv_len += vtmp.bv_len;
+ fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
+
+ snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2,
+ /*"("*/ "%s)", vtmp.bv_len ? vtmp.bv_val : "" );
+
+ ch_free( vtmp.bv_val );
+ }
+
+ break;
+
+ case LDAP_FILTER_EXT: {
+ if ( f->f_mr_desc ) {
+ ad = f->f_mr_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
+ &f->f_mr_value, &vtmp, RWM_MAP ) )
+ {
+ goto computed;
+ }
+
+ } else {
+ BER_BVSTR( &atmp, "" );
+ filter_escape_value( &f->f_mr_value, &vtmp );
+ }
+
+
+ fstr->bv_len = atmp.bv_len +
+ ( f->f_mr_dnattrs ? STRLENOF( ":dn" ) : 0 ) +
+ ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len + 1 : 0 ) +
+ vtmp.bv_len + STRLENOF( "(:=)" );
+ fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
+
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
+ atmp.bv_val,
+ f->f_mr_dnattrs ? ":dn" : "",
+ !BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "",
+ !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "",
+ vtmp.bv_len ? vtmp.bv_val : "" );
+ ch_free( vtmp.bv_val );
+ break;
+ }
+
+ case 0:
+computed:;
+ filter_free_x( op, f );
+ f->f_choice = SLAPD_FILTER_COMPUTED;
+ f->f_result = SLAPD_COMPARE_UNDEFINED;
+ /* fallthru */
+
+ case SLAPD_FILTER_COMPUTED:
+ switch ( f->f_result ) {
+ case LDAP_COMPARE_FALSE:
+ /* FIXME: treat UNDEFINED as FALSE */
+ case SLAPD_COMPARE_UNDEFINED:
+ if ( dc->rwmap->rwm_flags & RWM_F_SUPPORT_T_F ) {
+ tmp = &ber_bvtf_false;
+ break;
+ }
+ tmp = &ber_bvfalse;
+ break;
+
+ case LDAP_COMPARE_TRUE:
+ if ( dc->rwmap->rwm_flags & RWM_F_SUPPORT_T_F ) {
+ tmp = &ber_bvtf_true;
+ break;
+ }
+ tmp = &ber_bvtrue;
+ break;
+
+ default:
+ tmp = &ber_bverror;
+ break;
+ }
+
+ ber_dupbv( fstr, tmp );
+ break;
+
+ default:
+ ber_dupbv( fstr, &ber_bvunknown );
+ break;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int
+rwm_filter_map_rewrite(
+ Operation *op,
+ dncookie *dc,
+ Filter *f,
+ struct berval *fstr )
+{
+ int rc;
+ dncookie fdc;
+ struct berval ftmp;
+
+ rc = rwm_int_filter_map_rewrite( op, dc, f, fstr );
+
+#ifdef ENABLE_REWRITE
+ if ( rc != 0 ) {
+ return rc;
+ }
+
+ fdc = *dc;
+ ftmp = *fstr;
+
+ fdc.ctx = "searchFilter";
+
+ switch ( rewrite_session( fdc.rwmap->rwm_rw, fdc.ctx,
+ ( !BER_BVISEMPTY( &ftmp ) ? ftmp.bv_val : "" ),
+ fdc.conn, &fstr->bv_val ) )
+ {
+ case REWRITE_REGEXEC_OK:
+ if ( !BER_BVISNULL( fstr ) ) {
+ fstr->bv_len = strlen( fstr->bv_val );
+ ch_free( ftmp.bv_val );
+
+ } else {
+ *fstr = ftmp;
+ }
+
+ Debug( LDAP_DEBUG_ARGS,
+ "[rw] %s: \"%s\" -> \"%s\"\n",
+ fdc.ctx, ftmp.bv_val, fstr->bv_val );
+ rc = LDAP_SUCCESS;
+ break;
+
+ case REWRITE_REGEXEC_UNWILLING:
+ if ( fdc.rs ) {
+ fdc.rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ fdc.rs->sr_text = "Operation not allowed";
+ }
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ break;
+
+ case REWRITE_REGEXEC_ERR:
+ if ( fdc.rs ) {
+ fdc.rs->sr_err = LDAP_OTHER;
+ fdc.rs->sr_text = "Rewrite error";
+ }
+ rc = LDAP_OTHER;
+ break;
+ }
+#endif /* ENABLE_REWRITE */
+
+ return rc;
+}
+
+/*
+ * I don't like this much, but we need two different
+ * functions because different heap managers may be
+ * in use in back-ldap/meta to reduce the amount of
+ * calls to malloc routines, and some of the free()
+ * routines may be macros with args
+ */
+int
+rwm_referral_rewrite(
+ Operation *op,
+ SlapReply *rs,
+ void *cookie,
+ BerVarray a_vals,
+ BerVarray *pa_nvals )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ int i, last;
+
+ dncookie dc;
+ struct berval dn = BER_BVNULL,
+ ndn = BER_BVNULL;
+
+ assert( a_vals != NULL );
+
+ /*
+ * Rewrite the dn if needed
+ */
+ dc.rwmap = rwmap;
+#ifdef ENABLE_REWRITE
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = (char *)cookie;
+#else /* ! ENABLE_REWRITE */
+ dc.tofrom = ((int *)cookie)[0];
+ dc.normalized = 0;
+#endif /* ! ENABLE_REWRITE */
+
+ for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ )
+ ;
+ last--;
+
+ if ( pa_nvals != NULL ) {
+ if ( *pa_nvals == NULL ) {
+ *pa_nvals = ch_malloc( ( last + 2 ) * sizeof(struct berval) );
+ memset( *pa_nvals, 0, ( last + 2 ) * sizeof(struct berval) );
+ }
+ }
+
+ for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
+ struct berval olddn = BER_BVNULL,
+ oldval;
+ int rc;
+ LDAPURLDesc *ludp;
+
+ oldval = a_vals[i];
+ rc = ldap_url_parse( oldval.bv_val, &ludp );
+ if ( rc != LDAP_URL_SUCCESS ) {
+ /* leave attr untouched if massage failed */
+ if ( pa_nvals && BER_BVISNULL( &(*pa_nvals)[i] ) ) {
+ ber_dupbv( &(*pa_nvals)[i], &oldval );
+ }
+ continue;
+ }
+
+ /* FIXME: URLs like "ldap:///dc=suffix" if passed
+ * thru ldap_url_parse() and ldap_url_desc2str()
+ * get rewritten as "ldap:///dc=suffix??base";
+ * we don't want this to occur... */
+ if ( ludp->lud_scope == LDAP_SCOPE_BASE ) {
+ ludp->lud_scope = LDAP_SCOPE_DEFAULT;
+ }
+
+ ber_str2bv( ludp->lud_dn, 0, 0, &olddn );
+
+ dn = olddn;
+ if ( pa_nvals ) {
+ ndn = olddn;
+ rc = rwm_dn_massage_pretty_normalize( &dc, &olddn,
+ &dn, &ndn );
+ } else {
+ rc = rwm_dn_massage_pretty( &dc, &olddn, &dn );
+ }
+
+ switch ( rc ) {
+ case LDAP_UNWILLING_TO_PERFORM:
+ /*
+ * FIXME: need to check if it may be considered
+ * legal to trim values when adding/modifying;
+ * it should be when searching (e.g. ACLs).
+ */
+ ch_free( a_vals[i].bv_val );
+ if (last > i ) {
+ a_vals[i] = a_vals[last];
+ if ( pa_nvals ) {
+ (*pa_nvals)[i] = (*pa_nvals)[last];
+ }
+ }
+ BER_BVZERO( &a_vals[last] );
+ if ( pa_nvals ) {
+ BER_BVZERO( &(*pa_nvals)[last] );
+ }
+ last--;
+ break;
+
+ case LDAP_SUCCESS:
+ if ( !BER_BVISNULL( &dn ) && dn.bv_val != olddn.bv_val ) {
+ char *newurl;
+
+ ludp->lud_dn = dn.bv_val;
+ newurl = ldap_url_desc2str( ludp );
+ ludp->lud_dn = olddn.bv_val;
+ ch_free( dn.bv_val );
+ if ( newurl == NULL ) {
+ /* FIXME: leave attr untouched
+ * even if ldap_url_desc2str failed...
+ */
+ break;
+ }
+
+ ber_str2bv( newurl, 0, 1, &a_vals[i] );
+ LDAP_FREE( newurl );
+
+ if ( pa_nvals ) {
+ ludp->lud_dn = ndn.bv_val;
+ newurl = ldap_url_desc2str( ludp );
+ ludp->lud_dn = olddn.bv_val;
+ ch_free( ndn.bv_val );
+ if ( newurl == NULL ) {
+ /* FIXME: leave attr untouched
+ * even if ldap_url_desc2str failed...
+ */
+ ch_free( a_vals[i].bv_val );
+ a_vals[i] = oldval;
+ break;
+ }
+
+ if ( !BER_BVISNULL( &(*pa_nvals)[i] ) ) {
+ ch_free( (*pa_nvals)[i].bv_val );
+ }
+ ber_str2bv( newurl, 0, 1, &(*pa_nvals)[i] );
+ LDAP_FREE( newurl );
+ }
+
+ ch_free( oldval.bv_val );
+ ludp->lud_dn = olddn.bv_val;
+ }
+ break;
+
+ default:
+ /* leave attr untouched if massage failed */
+ if ( pa_nvals && BER_BVISNULL( &(*pa_nvals)[i] ) ) {
+ ber_dupbv( &(*pa_nvals)[i], &a_vals[i] );
+ }
+ break;
+ }
+ ldap_free_urldesc( ludp );
+ }
+
+ return 0;
+}
+
+/*
+ * I don't like this much, but we need two different
+ * functions because different heap managers may be
+ * in use in back-ldap/meta to reduce the amount of
+ * calls to malloc routines, and some of the free()
+ * routines may be macros with args
+ */
+int
+rwm_dnattr_rewrite(
+ Operation *op,
+ SlapReply *rs,
+ void *cookie,
+ BerVarray a_vals,
+ BerVarray *pa_nvals )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ struct ldaprwmap *rwmap =
+ (struct ldaprwmap *)on->on_bi.bi_private;
+
+ int i, last;
+
+ dncookie dc;
+ struct berval dn = BER_BVNULL,
+ ndn = BER_BVNULL;
+ BerVarray in;
+
+ if ( a_vals ) {
+ in = a_vals;
+
+ } else {
+ if ( pa_nvals == NULL || *pa_nvals == NULL ) {
+ return LDAP_OTHER;
+ }
+ in = *pa_nvals;
+ }
+
+ /*
+ * Rewrite the dn if needed
+ */
+ dc.rwmap = rwmap;
+#ifdef ENABLE_REWRITE
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = (char *)cookie;
+#else /* ! ENABLE_REWRITE */
+ dc.tofrom = ((int *)cookie)[0];
+ dc.normalized = 0;
+#endif /* ! ENABLE_REWRITE */
+
+ for ( last = 0; !BER_BVISNULL( &in[last] ); last++ );
+ last--;
+ if ( pa_nvals != NULL ) {
+ if ( *pa_nvals == NULL ) {
+ *pa_nvals = ch_malloc( ( last + 2 ) * sizeof(struct berval) );
+ memset( *pa_nvals, 0, ( last + 2 ) * sizeof(struct berval) );
+ }
+ }
+
+ for ( i = 0; !BER_BVISNULL( &in[i] ); i++ ) {
+ int rc;
+
+ if ( a_vals ) {
+ dn = in[i];
+ if ( pa_nvals ) {
+ ndn = (*pa_nvals)[i];
+ rc = rwm_dn_massage_pretty_normalize( &dc, &in[i], &dn, &ndn );
+ } else {
+ rc = rwm_dn_massage_pretty( &dc, &in[i], &dn );
+ }
+ } else {
+ ndn = in[i];
+ rc = rwm_dn_massage_normalize( &dc, &in[i], &ndn );
+ }
+
+ switch ( rc ) {
+ case LDAP_UNWILLING_TO_PERFORM:
+ /*
+ * FIXME: need to check if it may be considered
+ * legal to trim values when adding/modifying;
+ * it should be when searching (e.g. ACLs).
+ */
+ ch_free( in[i].bv_val );
+ if (last > i ) {
+ in[i] = in[last];
+ if ( a_vals && pa_nvals ) {
+ (*pa_nvals)[i] = (*pa_nvals)[last];
+ }
+ }
+ BER_BVZERO( &in[last] );
+ if ( a_vals && pa_nvals ) {
+ BER_BVZERO( &(*pa_nvals)[last] );
+ }
+ last--;
+ break;
+
+ case LDAP_SUCCESS:
+ if ( a_vals ) {
+ if ( !BER_BVISNULL( &dn ) && dn.bv_val != a_vals[i].bv_val ) {
+ ch_free( a_vals[i].bv_val );
+ a_vals[i] = dn;
+
+ if ( pa_nvals ) {
+ if ( !BER_BVISNULL( &(*pa_nvals)[i] ) ) {
+ ch_free( (*pa_nvals)[i].bv_val );
+ }
+ (*pa_nvals)[i] = ndn;
+ }
+ }
+
+ } else {
+ if ( !BER_BVISNULL( &ndn ) && ndn.bv_val != (*pa_nvals)[i].bv_val ) {
+ ch_free( (*pa_nvals)[i].bv_val );
+ (*pa_nvals)[i] = ndn;
+ }
+ }
+ break;
+
+ default:
+ /* leave attr untouched if massage failed */
+ if ( a_vals && pa_nvals && BER_BVISNULL( &(*pa_nvals)[i] ) ) {
+ dnNormalize( 0, NULL, NULL, &a_vals[i], &(*pa_nvals)[i], NULL );
+ }
+ break;
+ }
+ }
+
+ return 0;
+}
+
+int
+rwm_referral_result_rewrite(
+ dncookie *dc,
+ BerVarray a_vals
+)
+{
+ int i, last;
+
+ for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ );
+ last--;
+
+ for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
+ struct berval dn,
+ olddn = BER_BVNULL;
+ int rc;
+ LDAPURLDesc *ludp;
+
+ rc = ldap_url_parse( a_vals[i].bv_val, &ludp );
+ if ( rc != LDAP_URL_SUCCESS ) {
+ /* leave attr untouched if massage failed */
+ continue;
+ }
+
+ /* FIXME: URLs like "ldap:///dc=suffix" if passed
+ * thru ldap_url_parse() and ldap_url_desc2str()
+ * get rewritten as "ldap:///dc=suffix??base";
+ * we don't want this to occur... */
+ if ( ludp->lud_scope == LDAP_SCOPE_BASE ) {
+ ludp->lud_scope = LDAP_SCOPE_DEFAULT;
+ }
+
+ ber_str2bv( ludp->lud_dn, 0, 0, &olddn );
+
+ dn = olddn;
+ rc = rwm_dn_massage_pretty( dc, &olddn, &dn );
+ switch ( rc ) {
+ case LDAP_UNWILLING_TO_PERFORM:
+ /*
+ * FIXME: need to check if it may be considered
+ * legal to trim values when adding/modifying;
+ * it should be when searching (e.g. ACLs).
+ */
+ ch_free( a_vals[i].bv_val );
+ if ( last > i ) {
+ a_vals[i] = a_vals[last];
+ }
+ BER_BVZERO( &a_vals[last] );
+ last--;
+ i--;
+ break;
+
+ default:
+ /* leave attr untouched if massage failed */
+ if ( !BER_BVISNULL( &dn ) && olddn.bv_val != dn.bv_val ) {
+ char *newurl;
+
+ ludp->lud_dn = dn.bv_val;
+ newurl = ldap_url_desc2str( ludp );
+ if ( newurl == NULL ) {
+ /* FIXME: leave attr untouched
+ * even if ldap_url_desc2str failed...
+ */
+ break;
+ }
+
+ ch_free( a_vals[i].bv_val );
+ ber_str2bv( newurl, 0, 1, &a_vals[i] );
+ LDAP_FREE( newurl );
+ ludp->lud_dn = olddn.bv_val;
+ }
+ break;
+ }
+
+ ldap_free_urldesc( ludp );
+ }
+
+ return 0;
+}
+
+int
+rwm_dnattr_result_rewrite(
+ dncookie *dc,
+ BerVarray a_vals
+)
+{
+ int i, last;
+
+ for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ );
+ last--;
+
+ for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
+ struct berval dn;
+ int rc;
+
+ dn = a_vals[i];
+ rc = rwm_dn_massage_pretty( dc, &a_vals[i], &dn );
+ switch ( rc ) {
+ case LDAP_UNWILLING_TO_PERFORM:
+ /*
+ * FIXME: need to check if it may be considered
+ * legal to trim values when adding/modifying;
+ * it should be when searching (e.g. ACLs).
+ */
+ ch_free( a_vals[i].bv_val );
+ if ( last > i ) {
+ a_vals[i] = a_vals[last];
+ }
+ BER_BVZERO( &a_vals[last] );
+ last--;
+ break;
+
+ default:
+ /* leave attr untouched if massage failed */
+ if ( !BER_BVISNULL( &dn ) && a_vals[i].bv_val != dn.bv_val ) {
+ ch_free( a_vals[i].bv_val );
+ a_vals[i] = dn;
+ }
+ break;
+ }
+ }
+
+ return 0;
+}
+
+void
+rwm_mapping_dst_free( void *v_mapping )
+{
+ struct ldapmapping *mapping = v_mapping;
+
+ if ( BER_BVISEMPTY( &mapping[0].m_dst ) ) {
+ rwm_mapping_free( &mapping[ -1 ] );
+ }
+}
+
+void
+rwm_mapping_free( void *v_mapping )
+{
+ struct ldapmapping *mapping = v_mapping;
+
+ if ( !BER_BVISNULL( &mapping[0].m_src ) ) {
+ ch_free( mapping[0].m_src.bv_val );
+ }
+
+ if ( mapping[0].m_flags & RWMMAP_F_FREE_SRC ) {
+ if ( mapping[0].m_flags & RWMMAP_F_IS_OC ) {
+ if ( mapping[0].m_src_oc ) {
+ ch_free( mapping[0].m_src_oc );
+ }
+
+ } else {
+ if ( mapping[0].m_src_ad ) {
+ ch_free( mapping[0].m_src_ad );
+ }
+ }
+ }
+
+ if ( !BER_BVISNULL( &mapping[0].m_dst ) ) {
+ ch_free( mapping[0].m_dst.bv_val );
+ }
+
+ if ( mapping[0].m_flags & RWMMAP_F_FREE_DST ) {
+ if ( mapping[0].m_flags & RWMMAP_F_IS_OC ) {
+ if ( mapping[0].m_dst_oc ) {
+ ch_free( mapping[0].m_dst_oc );
+ }
+
+ } else {
+ if ( mapping[0].m_dst_ad ) {
+ ch_free( mapping[0].m_dst_ad );
+ }
+ }
+ }
+
+ ch_free( mapping );
+
+}
+
+#endif /* SLAPD_OVER_RWM */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/seqmod.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/seqmod.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/seqmod.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,202 @@
+/* seqmod.c - sequenced modifies */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_SEQMOD
+
+#include "slap.h"
+
+/* This overlay serializes concurrent attempts to modify a single entry */
+
+typedef struct modtarget {
+ struct modtarget *mt_next;
+ struct modtarget *mt_tail;
+ Operation *mt_op;
+} modtarget;
+
+typedef struct seqmod_info {
+ Avlnode *sm_mods; /* entries being modified */
+ ldap_pvt_thread_mutex_t sm_mutex;
+} seqmod_info;
+
+static int
+sm_avl_cmp( const void *c1, const void *c2 )
+{
+ const modtarget *m1, *m2;
+ int rc;
+
+ m1 = c1; m2 = c2;
+ rc = m1->mt_op->o_req_ndn.bv_len - m2->mt_op->o_req_ndn.bv_len;
+
+ if ( rc ) return rc;
+ return ber_bvcmp( &m1->mt_op->o_req_ndn, &m2->mt_op->o_req_ndn );
+}
+
+static int
+seqmod_op_cleanup( Operation *op, SlapReply *rs )
+{
+ slap_callback *sc = op->o_callback;
+ seqmod_info *sm = sc->sc_private;
+ modtarget *mt, mtdummy;
+ Avlnode *av;
+
+ mtdummy.mt_op = op;
+ /* This op is done, remove it */
+ ldap_pvt_thread_mutex_lock( &sm->sm_mutex );
+ av = avl_find2( sm->sm_mods, &mtdummy, sm_avl_cmp );
+ assert(av != NULL);
+
+ mt = av->avl_data;
+
+ /* If there are more, promote the next one */
+ if ( mt->mt_next ) {
+ av->avl_data = mt->mt_next;
+ mt->mt_next->mt_tail = mt->mt_tail;
+ } else {
+ avl_delete( &sm->sm_mods, mt, sm_avl_cmp );
+ }
+ ldap_pvt_thread_mutex_unlock( &sm->sm_mutex );
+ op->o_callback = sc->sc_next;
+ op->o_tmpfree( sc, op->o_tmpmemctx );
+
+ return 0;
+}
+
+static int
+seqmod_op_mod( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ seqmod_info *sm = on->on_bi.bi_private;
+ modtarget *mt;
+ Avlnode *av;
+ slap_callback *cb;
+
+ cb = op->o_tmpcalloc( 1, sizeof(slap_callback) + sizeof(modtarget),
+ op->o_tmpmemctx );
+ mt = (modtarget *)(cb+1);
+ mt->mt_next = NULL;
+ mt->mt_tail = mt;
+ mt->mt_op = op;
+
+ /* See if we're already modifying this entry - don't allow
+ * near-simultaneous mods of the same entry
+ */
+ ldap_pvt_thread_mutex_lock( &sm->sm_mutex );
+ av = avl_find2( sm->sm_mods, mt, sm_avl_cmp );
+ if ( av ) {
+ modtarget *mtp = av->avl_data;
+ mtp->mt_tail->mt_next = mt;
+ mtp->mt_tail = mt;
+ /* Wait for this op to get to head of list */
+ while ( mtp != mt ) {
+ ldap_pvt_thread_mutex_unlock( &sm->sm_mutex );
+ ldap_pvt_thread_yield();
+ /* Let it finish - should use a condition
+ * variable here... */
+ ldap_pvt_thread_mutex_lock( &sm->sm_mutex );
+ mtp = av->avl_data;
+ }
+ } else {
+ /* Record that we're modifying this now */
+ avl_insert( &sm->sm_mods, mt, sm_avl_cmp, avl_dup_error );
+ }
+ ldap_pvt_thread_mutex_unlock( &sm->sm_mutex );
+
+ cb->sc_cleanup = seqmod_op_cleanup;
+ cb->sc_private = sm;
+ cb->sc_next = op->o_callback;
+ op->o_callback = cb;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+seqmod_op_extended(
+ Operation *op,
+ SlapReply *rs
+)
+{
+ if ( exop_is_write( op )) return seqmod_op_mod( op, rs );
+ else return SLAP_CB_CONTINUE;
+}
+
+static int
+seqmod_db_open(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ seqmod_info *sm;
+
+ sm = ch_calloc(1, sizeof(seqmod_info));
+ on->on_bi.bi_private = sm;
+
+ ldap_pvt_thread_mutex_init( &sm->sm_mutex );
+
+ return 0;
+}
+
+static int
+seqmod_db_close(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ seqmod_info *sm = (seqmod_info *)on->on_bi.bi_private;
+
+ if ( sm ) {
+ ldap_pvt_thread_mutex_destroy( &sm->sm_mutex );
+
+ ch_free( sm );
+ }
+
+ return 0;
+}
+
+/* This overlay is set up for dynamic loading via moduleload. For static
+ * configuration, you'll need to arrange for the slap_overinst to be
+ * initialized and registered by some other function inside slapd.
+ */
+
+static slap_overinst seqmod;
+
+int
+seqmod_initialize()
+{
+ seqmod.on_bi.bi_type = "seqmod";
+ seqmod.on_bi.bi_db_open = seqmod_db_open;
+ seqmod.on_bi.bi_db_close = seqmod_db_close;
+
+ seqmod.on_bi.bi_op_modify = seqmod_op_mod;
+ seqmod.on_bi.bi_op_modrdn = seqmod_op_mod;
+ seqmod.on_bi.bi_extended = seqmod_op_extended;
+
+ return overlay_register( &seqmod );
+}
+
+#if SLAPD_OVER_SEQMOD == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+ return seqmod_initialize();
+}
+#endif /* SLAPD_OVER_SEQMOD == SLAPD_MOD_DYNAMIC */
+
+#endif /* defined(SLAPD_OVER_SEQMOD) */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/slapover.txt
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/slapover.txt (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/slapover.txt 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,152 @@
+slapd internal APIs
+
+Introduction
+
+Frontend, backend, database, callback, overlay - what does it all mean?
+
+The "frontend" refers to all the code that deals with the actual interaction
+with an LDAP client. This includes the code to read requests from the network
+and parse them into C data structures, all of the session management, and the
+formatting of responses for transmission onto the network. It also includes the
+access control engine and other features that are generic to LDAP processing,
+features which are not dependent on a particular database implementation.
+Because the frontend serves as the framework that ties everything together,
+it should not change much over time.
+
+The terms "backend" and "database" have historically been used interchangeably
+and/or in combination as if they are the same thing, but the code has a clear
+distinction between the two. A "backend" is a type of module, and a "database"
+is an instance of a backend type. Together they work with the frontend to
+manage the actual data that are operated on by LDAP requests. Originally the
+backend interface was relatively compact, with individual functions
+corresponding to each LDAP operation type, plus functions for init, config, and
+shutdown. The number of entry points has grown to allow greater flexibility,
+but the concept is much the same as before.
+
+The language here can get a bit confusing. A backend in slapd is embodied in a
+BackendInfo data structure, and a database is held in a BackendDB structure.
+Originally it was all just a single Backend data structure, but things have
+grown and the concept was split into these two parts. The idea behind the
+distinct BackendInfo is to allow for any initialization and configuration that
+may be needed by every instance of a type of database, as opposed to items that
+are specific to just one instance. For example, you might have a database
+library that requires an initialization routine to be called exactly once at
+program startup. Then there may be a "open" function that must be called once
+for each database instance. The BackendInfo.bi_open function provides the
+one-time startup, while the BackendInfo.bi_db_open function provides the
+per-database startup. The main feature of the BackendInfo structure is its
+table of entry points for all of the database functions that it implements.
+There's also a bi_private pointer that can be used to carry any configuration
+state needed by the backend. (Note that this is state that applies to the
+backend type, and thus to all database instances of the backend as well.) The
+BackendDB structure carries all of the per-instance state for a backend
+database. This includes the database suffix, ACLs, flags, various DNs, etc. It
+also has a pointer to its BackendInfo, and a be_private pointer for use by the
+particular backend instance. In practice, the per-type features are seldom
+used, and all of the work is done in the per-instance data structures.
+
+Ordinarily an LDAP request is received by the slapd frontend, parsed into a
+request structure, and then passed to the backend for processing. The backend
+may call various utility functions in the frontend to assist in processing, and
+then it eventually calls some send_ldap_result function in the frontend to send
+results back to the client. The processing flow is pretty rigidly defined; even
+though slapd is capable of dynamically loading new code modules, it was
+difficult to add extensions that changed the basic protocol operations. If you
+wanted to extend the server with special behaviors you would need to modify the
+frontend or the backend or both, and generally you would need to write an
+entire new backend to get some set of special features working. With OpenLDAP
+2.1 we added the notion of a callback, which can intercept the results sent
+from a backend before they are sent to a client. Using callbacks makes it
+possible to modify the results if desired, or to simply discard the results
+instead of sending them to any client. This callback feature is used
+extensively in the SASL support to perform internal searches of slapd databases
+when mapping authentication IDs into regular DNs. The callback mechanism is
+also the basis of backglue, which allows separate databases to be searched as
+if they were a single naming context.
+
+Very often, one needs to add just a tiny feature onto an otherwise "normal"
+database. The usual way to achieve this was to use a programmable backend (like
+back-perl) to preprocess various requests and then forward them back into slapd
+to be handled by the real database. While this technique works, it is fairly
+inefficient because it involves many transitions from network to slapd and back
+again. The overlay concept introduced in OpenLDAP 2.2 allows code to be
+inserted between the slapd frontend and any backend, so that incoming requests
+can be intercepted before reaching the backend database. (There is also a SLAPI
+plugin framework in OpenLDAP 2.2; it offers a lot of flexibility as well but is
+not discussed here.) The overlay framework also uses the callback mechanism, so
+outgoing results can also be intercepted by external code. All of this could
+get unwieldy if a lot of overlays were being used, but there was also another
+significant API change in OpenLDAP 2.2 to streamline internal processing. (See
+the document "Refactoring the slapd ABI"...)
+
+OK, enough generalities... You should probably have a copy of slap.h in front
+of you to continue here.
+
+What is an overlay? The structure defining it includes a BackendInfo structure
+plus a few additional fields. It gets inserted into the usual frontend->backend
+call chain by replacing the BackendDB's BackendInfo pointer with its own. The
+framework to accomplish this is in backover.c. For a given backend, the
+BackendInfo will point to a slap_overinfo structure. The slap_overinfo has a
+BackendInfo that points to all of the overlay framework's entry points. It also
+holds a copy of the original BackendInfo pointer, and a linked list of
+slap_overinst structures. There is one slap_overinst per configured overlay,
+and the set of overlays configured on a backend are treated like a stack; i.e.,
+the last one configured is at the top of the stack, and it executes first.
+
+Continuing with the stack notion - a request enters the frontend, is directed
+to a backend by select_backend, and then intercepted by the top of the overlay
+stack. This first overlay may do something with the request, and then return
+SLAP_CB_CONTINUE, which will then cause processing to fall into the next
+overlay, and so on down the stack until finally the request is handed to the
+actual backend database. Likewise, when the database finishes processing and
+sends a result, the overlay callback intercepts this and the topmost overlay
+gets to process the result. If it returns SLAP_CB_CONTINUE then processing will
+continue in the next overlay, and then any other callbacks, then finally the
+result reaches the frontend for sending back to the client. At any step along
+the way, a module may choose to fully process the request or result and not
+allow it to propagate any further down the stack. Whenever a module returns
+anything other than SLAP_CB_CONTINUE the processing stops.
+
+An overlay can call most frontend functions without any special consideration.
+However, if a call is going to result in any backend code being invoked, then
+the backend environment must be correct. During a normal backend invocation,
+op->o_bd points to the BackendDB structure for the backend, and
+op->o_bd->bd_info points to the BackendInfo for the backend. All of the
+information a specific backend instance needs is in op->o_bd->be_private and
+all of its entry points are in the BackendInfo structure. When overlays are in
+use on a backend, op->o_bd->bd_info points to the BackendInfo (actually a
+slap_overinfo) that contains the overlay framework. When a particular overlay
+instance is executing, op->o_bd points to a copy of the original op->o_bd, and
+op->o_bd->bd_info points to a slap_overinst which carries the information about
+the current overlay. The slap_overinst contains an on_private pointer which can
+be used to carry any configuration or state information the overlay needs. The
+normal way to invoke a backend function is through the op->o_bd->bd_info table
+of entry points, but obviously this must be set to the backend's original
+BackendInfo in order to get to the right function.
+
+There are two approaches here. The slap_overinst also contains a on_info field
+that points to the top slap_overinfo that wraps the current backend. The
+simplest thing is for the overlay to set op->o_bd->bd_info to this on_info
+value before invoking a backend function. This will cause processing of that
+particular operation to begin at the top of the overlay stack, so all the other
+overlays on the backend will also get a chance to handle this internal request.
+The other possibility is to invoke the underlying backend directly, bypassing
+the rest of the overlays, by calling through on_info->oi_orig. You should be
+careful in choosing this approach, since it precludes other overlays from doing
+their jobs.
+
+One of the more interesting uses for an overlay is to attach two (or more)
+different database backends into a single execution stack. Assuming that the
+basic frontend-managed information (suffix, rootdn, ACLs, etc.) will be the
+same for all of the backends, the only thing the overlay needs to maintain is a
+be_private and bd_info pointer for the added backends. The chain and proxycache
+overlays are two complementary examples of this usage. The chain overlay
+attaches a back-ldap backend to a local database backend, and allows referrals
+to remote servers generated by the database to be processed by slapd instead of
+being returned to the client. The proxycache overlay attaches a local database
+to a back-ldap (or back-meta) backend and allows search results from remote
+servers to be cached locally. In both cases the overlays must provide a bit of
+glue to swap in the appropriate be_private and bd_info pointers before invoking
+the attached backend, which can then be invoked as usual.
+
+---
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/syncprov.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/syncprov.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/syncprov.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2706 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/syncprov.c,v 1.56.2.42 2007/02/07 01:51:36 hyc Exp $ */
+/* syncprov.c - syncrepl provider */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_SYNCPROV
+
+#include <ac/string.h>
+#include "lutil.h"
+#include "slap.h"
+#include "config.h"
+#include "ldap_rq.h"
+
+/* A modify request on a particular entry */
+typedef struct modinst {
+ struct modinst *mi_next;
+ Operation *mi_op;
+} modinst;
+
+typedef struct modtarget {
+ struct modinst *mt_mods;
+ struct modinst *mt_tail;
+ Operation *mt_op;
+ ldap_pvt_thread_mutex_t mt_mutex;
+} modtarget;
+
+/* A queued result of a persistent search */
+typedef struct syncres {
+ struct syncres *s_next;
+ struct berval s_dn;
+ struct berval s_ndn;
+ struct berval s_uuid;
+ struct berval s_csn;
+ char s_mode;
+ char s_isreference;
+} syncres;
+
+/* Record of a persistent search */
+typedef struct syncops {
+ struct syncops *s_next;
+ struct berval s_base; /* ndn of search base */
+ ID s_eid; /* entryID of search base */
+ Operation *s_op; /* search op */
+ int s_rid;
+ struct berval s_filterstr;
+ int s_flags; /* search status */
+#define PS_IS_REFRESHING 0x01
+#define PS_IS_DETACHED 0x02
+#define PS_WROTE_BASE 0x04
+#define PS_FIND_BASE 0x08
+#define PS_FIX_FILTER 0x10
+
+ int s_inuse; /* reference count */
+ struct syncres *s_res;
+ struct syncres *s_restail;
+ struct re_s *s_qtask; /* task for playing psearch responses */
+#define RUNQ_INTERVAL 36000 /* a long time */
+ ldap_pvt_thread_mutex_t s_mutex;
+} syncops;
+
+/* A received sync control */
+typedef struct sync_control {
+ struct sync_cookie sr_state;
+ int sr_rhint;
+} sync_control;
+
+#if 0 /* moved back to slap.h */
+#define o_sync o_ctrlflag[slap_cids.sc_LDAPsync]
+#endif
+/* o_sync_mode uses data bits of o_sync */
+#define o_sync_mode o_ctrlflag[slap_cids.sc_LDAPsync]
+
+#define SLAP_SYNC_NONE (LDAP_SYNC_NONE<<SLAP_CONTROL_SHIFT)
+#define SLAP_SYNC_REFRESH (LDAP_SYNC_REFRESH_ONLY<<SLAP_CONTROL_SHIFT)
+#define SLAP_SYNC_PERSIST (LDAP_SYNC_RESERVED<<SLAP_CONTROL_SHIFT)
+#define SLAP_SYNC_REFRESH_AND_PERSIST (LDAP_SYNC_REFRESH_AND_PERSIST<<SLAP_CONTROL_SHIFT)
+
+/* Record of which searches matched at premodify step */
+typedef struct syncmatches {
+ struct syncmatches *sm_next;
+ syncops *sm_op;
+} syncmatches;
+
+/* Session log data */
+typedef struct slog_entry {
+ struct slog_entry *se_next;
+ struct berval se_uuid;
+ struct berval se_csn;
+ ber_tag_t se_tag;
+} slog_entry;
+
+typedef struct sessionlog {
+ struct berval sl_mincsn;
+ int sl_num;
+ int sl_size;
+ slog_entry *sl_head;
+ slog_entry *sl_tail;
+ ldap_pvt_thread_mutex_t sl_mutex;
+} sessionlog;
+
+/* The main state for this overlay */
+typedef struct syncprov_info_t {
+ syncops *si_ops;
+ struct berval si_ctxcsn; /* ldapsync context */
+ int si_chkops; /* checkpointing info */
+ int si_chktime;
+ int si_numops; /* number of ops since last checkpoint */
+ int si_nopres; /* Skip present phase */
+ int si_usehint; /* use reload hint */
+ time_t si_chklast; /* time of last checkpoint */
+ Avlnode *si_mods; /* entries being modified */
+ sessionlog *si_logs;
+ ldap_pvt_thread_rdwr_t si_csn_rwlock;
+ ldap_pvt_thread_mutex_t si_ops_mutex;
+ ldap_pvt_thread_mutex_t si_mods_mutex;
+ char si_ctxcsnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
+} syncprov_info_t;
+
+typedef struct opcookie {
+ slap_overinst *son;
+ syncmatches *smatches;
+ struct berval sdn; /* DN of entry, for deletes */
+ struct berval sndn;
+ struct berval suuid; /* UUID of entry */
+ struct berval sctxcsn;
+ int sreference; /* Is the entry a reference? */
+} opcookie;
+
+typedef struct fbase_cookie {
+ struct berval *fdn; /* DN of a modified entry, for scope testing */
+ syncops *fss; /* persistent search we're testing against */
+ int fbase; /* if TRUE we found the search base and it's still valid */
+ int fscope; /* if TRUE then fdn is within the psearch scope */
+} fbase_cookie;
+
+static AttributeName csn_anlist[3];
+static AttributeName uuid_anlist[2];
+
+/* Build a LDAPsync intermediate state control */
+static int
+syncprov_state_ctrl(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e,
+ int entry_sync_state,
+ LDAPControl **ctrls,
+ int num_ctrls,
+ int send_cookie,
+ struct berval *cookie )
+{
+ Attribute* a;
+ int ret;
+
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+
+ struct berval entryuuid_bv = BER_BVNULL;
+
+ ber_init2( ber, 0, LBER_USE_DER );
+ ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+
+ ctrls[num_ctrls] = op->o_tmpalloc( sizeof ( LDAPControl ), op->o_tmpmemctx );
+
+ for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+ AttributeDescription *desc = a->a_desc;
+ if ( desc == slap_schema.si_ad_entryUUID ) {
+ entryuuid_bv = a->a_nvals[0];
+ break;
+ }
+ }
+
+ /* FIXME: what if entryuuid is NULL or empty ? */
+
+ if ( send_cookie && cookie ) {
+ ber_printf( ber, "{eOON}",
+ entry_sync_state, &entryuuid_bv, cookie );
+ } else {
+ ber_printf( ber, "{eON}",
+ entry_sync_state, &entryuuid_bv );
+ }
+
+ ctrls[num_ctrls]->ldctl_oid = LDAP_CONTROL_SYNC_STATE;
+ ctrls[num_ctrls]->ldctl_iscritical = (op->o_sync == SLAP_CONTROL_CRITICAL);
+ ret = ber_flatten2( ber, &ctrls[num_ctrls]->ldctl_value, 1 );
+
+ ber_free_buf( ber );
+
+ if ( ret < 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_build_sync_ctrl: ber_flatten2 failed\n",
+ 0, 0, 0 );
+ send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
+ return ret;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/* Build a LDAPsync final state control */
+static int
+syncprov_done_ctrl(
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl **ctrls,
+ int num_ctrls,
+ int send_cookie,
+ struct berval *cookie,
+ int refreshDeletes )
+{
+ int ret;
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+ ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+
+ ctrls[num_ctrls] = op->o_tmpalloc( sizeof ( LDAPControl ), op->o_tmpmemctx );
+
+ ber_printf( ber, "{" );
+ if ( send_cookie && cookie ) {
+ ber_printf( ber, "O", cookie );
+ }
+ if ( refreshDeletes == LDAP_SYNC_REFRESH_DELETES ) {
+ ber_printf( ber, "b", refreshDeletes );
+ }
+ ber_printf( ber, "N}" );
+
+ ctrls[num_ctrls]->ldctl_oid = LDAP_CONTROL_SYNC_DONE;
+ ctrls[num_ctrls]->ldctl_iscritical = (op->o_sync == SLAP_CONTROL_CRITICAL);
+ ret = ber_flatten2( ber, &ctrls[num_ctrls]->ldctl_value, 1 );
+
+ ber_free_buf( ber );
+
+ if ( ret < 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "syncprov_done_ctrl: ber_flatten2 failed\n",
+ 0, 0, 0 );
+ send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
+ return ret;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+syncprov_sendinfo(
+ Operation *op,
+ SlapReply *rs,
+ int type,
+ struct berval *cookie,
+ int refreshDone,
+ BerVarray syncUUIDs,
+ int refreshDeletes )
+{
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ struct berval rspdata;
+
+ int ret;
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+ ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+
+ if ( type ) {
+ switch ( type ) {
+ case LDAP_TAG_SYNC_NEW_COOKIE:
+ ber_printf( ber, "tO", type, cookie );
+ break;
+ case LDAP_TAG_SYNC_REFRESH_DELETE:
+ case LDAP_TAG_SYNC_REFRESH_PRESENT:
+ ber_printf( ber, "t{", type );
+ if ( cookie ) {
+ ber_printf( ber, "O", cookie );
+ }
+ if ( refreshDone == 0 ) {
+ ber_printf( ber, "b", refreshDone );
+ }
+ ber_printf( ber, "N}" );
+ break;
+ case LDAP_TAG_SYNC_ID_SET:
+ ber_printf( ber, "t{", type );
+ if ( cookie ) {
+ ber_printf( ber, "O", cookie );
+ }
+ if ( refreshDeletes == 1 ) {
+ ber_printf( ber, "b", refreshDeletes );
+ }
+ ber_printf( ber, "[W]", syncUUIDs );
+ ber_printf( ber, "N}" );
+ break;
+ default:
+ Debug( LDAP_DEBUG_TRACE,
+ "syncprov_sendinfo: invalid syncinfo type (%d)\n",
+ type, 0, 0 );
+ return LDAP_OTHER;
+ }
+ }
+
+ ret = ber_flatten2( ber, &rspdata, 0 );
+
+ if ( ret < 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "syncprov_sendinfo: ber_flatten2 failed\n",
+ 0, 0, 0 );
+ send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
+ return ret;
+ }
+
+ rs->sr_rspoid = LDAP_SYNC_INFO;
+ rs->sr_rspdata = &rspdata;
+ send_ldap_intermediate( op, rs );
+ rs->sr_rspdata = NULL;
+ ber_free_buf( ber );
+
+ return LDAP_SUCCESS;
+}
+
+/* Find a modtarget in an AVL tree */
+static int
+sp_avl_cmp( const void *c1, const void *c2 )
+{
+ const modtarget *m1, *m2;
+ int rc;
+
+ m1 = c1; m2 = c2;
+ rc = m1->mt_op->o_req_ndn.bv_len - m2->mt_op->o_req_ndn.bv_len;
+
+ if ( rc ) return rc;
+ return ber_bvcmp( &m1->mt_op->o_req_ndn, &m2->mt_op->o_req_ndn );
+}
+
+/* syncprov_findbase:
+ * finds the true DN of the base of a search (with alias dereferencing) and
+ * checks to make sure the base entry doesn't get replaced with a different
+ * entry (e.g., swapping trees via ModDN, or retargeting an alias). If a
+ * change is detected, any persistent search on this base must be terminated /
+ * reloaded.
+ * On the first call, we just save the DN and entryID. On subsequent calls
+ * we compare the DN and entryID with the saved values.
+ */
+static int
+findbase_cb( Operation *op, SlapReply *rs )
+{
+ slap_callback *sc = op->o_callback;
+
+ if ( rs->sr_type == REP_SEARCH && rs->sr_err == LDAP_SUCCESS ) {
+ fbase_cookie *fc = sc->sc_private;
+
+ /* If no entryID, we're looking for the first time.
+ * Just store whatever we got.
+ */
+ if ( fc->fss->s_eid == NOID ) {
+ fc->fbase = 2;
+ fc->fss->s_eid = rs->sr_entry->e_id;
+ ber_dupbv( &fc->fss->s_base, &rs->sr_entry->e_nname );
+
+ } else if ( rs->sr_entry->e_id == fc->fss->s_eid &&
+ dn_match( &rs->sr_entry->e_nname, &fc->fss->s_base )) {
+
+ /* OK, the DN is the same and the entryID is the same. */
+ fc->fbase = 1;
+ }
+ }
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "findbase failed! %d\n", rs->sr_err,0,0 );
+ }
+ return LDAP_SUCCESS;
+}
+
+static Filter generic_filter = { LDAP_FILTER_PRESENT, { 0 }, NULL };
+static struct berval generic_filterstr = BER_BVC("(objectclass=*)");
+
+static int
+syncprov_findbase( Operation *op, fbase_cookie *fc )
+{
+ opcookie *opc = op->o_callback->sc_private;
+ slap_overinst *on = opc->son;
+
+ /* Use basic parameters from syncrepl search, but use
+ * current op's threadctx / tmpmemctx
+ */
+ ldap_pvt_thread_mutex_lock( &fc->fss->s_mutex );
+ if ( fc->fss->s_flags & PS_FIND_BASE ) {
+ slap_callback cb = {0};
+ Operation fop;
+ SlapReply frs = { REP_RESULT };
+ int rc;
+
+ fc->fss->s_flags ^= PS_FIND_BASE;
+ ldap_pvt_thread_mutex_unlock( &fc->fss->s_mutex );
+
+ fop = *fc->fss->s_op;
+
+ fop.o_hdr = op->o_hdr;
+ fop.o_bd = op->o_bd;
+ fop.o_time = op->o_time;
+ fop.o_tincr = op->o_tincr;
+
+ cb.sc_response = findbase_cb;
+ cb.sc_private = fc;
+
+ fop.o_sync_mode = 0; /* turn off sync mode */
+ fop.o_managedsait = SLAP_CONTROL_CRITICAL;
+ fop.o_callback = &cb;
+ fop.o_tag = LDAP_REQ_SEARCH;
+ fop.ors_scope = LDAP_SCOPE_BASE;
+ fop.ors_limit = NULL;
+ fop.ors_slimit = 1;
+ fop.ors_tlimit = SLAP_NO_LIMIT;
+ fop.ors_attrs = slap_anlist_no_attrs;
+ fop.ors_attrsonly = 1;
+ fop.ors_filter = &generic_filter;
+ fop.ors_filterstr = generic_filterstr;
+
+ fop.o_bd->bd_info = on->on_info->oi_orig;
+ rc = fop.o_bd->be_search( &fop, &frs );
+ fop.o_bd->bd_info = (BackendInfo *)on;
+ } else {
+ ldap_pvt_thread_mutex_unlock( &fc->fss->s_mutex );
+ fc->fbase = 1;
+ }
+
+ /* After the first call, see if the fdn resides in the scope */
+ if ( fc->fbase == 1 ) {
+ switch ( fc->fss->s_op->ors_scope ) {
+ case LDAP_SCOPE_BASE:
+ fc->fscope = dn_match( fc->fdn, &fc->fss->s_base );
+ break;
+ case LDAP_SCOPE_ONELEVEL: {
+ struct berval pdn;
+ dnParent( fc->fdn, &pdn );
+ fc->fscope = dn_match( &pdn, &fc->fss->s_base );
+ break; }
+ case LDAP_SCOPE_SUBTREE:
+ fc->fscope = dnIsSuffix( fc->fdn, &fc->fss->s_base );
+ break;
+ case LDAP_SCOPE_SUBORDINATE:
+ fc->fscope = dnIsSuffix( fc->fdn, &fc->fss->s_base ) &&
+ !dn_match( fc->fdn, &fc->fss->s_base );
+ break;
+ }
+ }
+
+ if ( fc->fbase )
+ return LDAP_SUCCESS;
+
+ /* If entryID has changed, then the base of this search has
+ * changed. Invalidate the psearch.
+ */
+ return LDAP_NO_SUCH_OBJECT;
+}
+
+/* syncprov_findcsn:
+ * This function has three different purposes, but they all use a search
+ * that filters on entryCSN so they're combined here.
+ * 1: at startup time, after a contextCSN has been read from the database,
+ * we search for all entries with CSN >= contextCSN in case the contextCSN
+ * was not checkpointed at the previous shutdown.
+ *
+ * 2: when the current contextCSN is known and we have a sync cookie, we search
+ * for one entry with CSN = the cookie CSN. If not found, try <= cookie CSN.
+ * If an entry is found, the cookie CSN is valid, otherwise it is stale.
+ *
+ * 3: during a refresh phase, we search for all entries with CSN <= the cookie
+ * CSN, and generate Present records for them. We always collect this result
+ * in SyncID sets, even if there's only one match.
+ */
+typedef enum find_csn_t {
+ FIND_MAXCSN = 1,
+ FIND_CSN = 2,
+ FIND_PRESENT = 3
+} find_csn_t;
+
+static int
+findmax_cb( Operation *op, SlapReply *rs )
+{
+ if ( rs->sr_type == REP_SEARCH && rs->sr_err == LDAP_SUCCESS ) {
+ struct berval *maxcsn = op->o_callback->sc_private;
+ Attribute *a = attr_find( rs->sr_entry->e_attrs,
+ slap_schema.si_ad_entryCSN );
+
+ if ( a && ber_bvcmp( &a->a_vals[0], maxcsn ) > 0 ) {
+ maxcsn->bv_len = a->a_vals[0].bv_len;
+ strcpy( maxcsn->bv_val, a->a_vals[0].bv_val );
+ }
+ }
+ return LDAP_SUCCESS;
+}
+
+static int
+findcsn_cb( Operation *op, SlapReply *rs )
+{
+ slap_callback *sc = op->o_callback;
+
+ /* We just want to know that at least one exists, so it's OK if
+ * we exceed the unchecked limit.
+ */
+ if ( rs->sr_err == LDAP_ADMINLIMIT_EXCEEDED ||
+ (rs->sr_type == REP_SEARCH && rs->sr_err == LDAP_SUCCESS )) {
+ sc->sc_private = (void *)1;
+ }
+ return LDAP_SUCCESS;
+}
+
+/* Build a list of entryUUIDs for sending in a SyncID set */
+
+#define UUID_LEN 16
+
+typedef struct fpres_cookie {
+ int num;
+ BerVarray uuids;
+ char *last;
+} fpres_cookie;
+
+static int
+findpres_cb( Operation *op, SlapReply *rs )
+{
+ slap_callback *sc = op->o_callback;
+ fpres_cookie *pc = sc->sc_private;
+ Attribute *a;
+ int ret = SLAP_CB_CONTINUE;
+
+ switch ( rs->sr_type ) {
+ case REP_SEARCH:
+ a = attr_find( rs->sr_entry->e_attrs, slap_schema.si_ad_entryUUID );
+ if ( a ) {
+ pc->uuids[pc->num].bv_val = pc->last;
+ AC_MEMCPY( pc->uuids[pc->num].bv_val, a->a_nvals[0].bv_val,
+ pc->uuids[pc->num].bv_len );
+ pc->num++;
+ pc->last = pc->uuids[pc->num].bv_val;
+ pc->uuids[pc->num].bv_val = NULL;
+ }
+ ret = LDAP_SUCCESS;
+ if ( pc->num != SLAP_SYNCUUID_SET_SIZE )
+ break;
+ /* FALLTHRU */
+ case REP_RESULT:
+ ret = rs->sr_err;
+ if ( pc->num ) {
+ ret = syncprov_sendinfo( op, rs, LDAP_TAG_SYNC_ID_SET, NULL,
+ 0, pc->uuids, 0 );
+ pc->uuids[pc->num].bv_val = pc->last;
+ pc->num = 0;
+ pc->last = pc->uuids[0].bv_val;
+ }
+ break;
+ default:
+ break;
+ }
+ return ret;
+}
+
+static int
+syncprov_findcsn( Operation *op, find_csn_t mode )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ syncprov_info_t *si = on->on_bi.bi_private;
+
+ slap_callback cb = {0};
+ Operation fop;
+ SlapReply frs = { REP_RESULT };
+ char buf[LDAP_LUTIL_CSNSTR_BUFSIZE + STRLENOF("(entryCSN<=)")];
+ char cbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
+ struct berval maxcsn;
+ Filter cf;
+#ifdef LDAP_COMP_MATCH
+ AttributeAssertion eq = { NULL, BER_BVNULL, NULL };
+#else
+ AttributeAssertion eq = { NULL, BER_BVNULL };
+#endif
+ fpres_cookie pcookie;
+ sync_control *srs = NULL;
+ struct slap_limits_set fc_limits;
+ int i, rc = LDAP_SUCCESS, findcsn_retry = 1;
+
+ if ( mode != FIND_MAXCSN ) {
+ srs = op->o_controls[slap_cids.sc_LDAPsync];
+
+ if ( srs->sr_state.ctxcsn.bv_len >= LDAP_LUTIL_CSNSTR_BUFSIZE ) {
+ return LDAP_OTHER;
+ }
+ }
+
+ fop = *op;
+ fop.o_sync_mode &= SLAP_CONTROL_MASK; /* turn off sync_mode */
+ /* We want pure entries, not referrals */
+ fop.o_managedsait = SLAP_CONTROL_CRITICAL;
+
+ cf.f_ava = &eq;
+ cf.f_av_desc = slap_schema.si_ad_entryCSN;
+ cf.f_next = NULL;
+
+ fop.o_callback = &cb;
+ fop.ors_limit = NULL;
+ fop.ors_tlimit = SLAP_NO_LIMIT;
+ fop.ors_filter = &cf;
+ fop.ors_filterstr.bv_val = buf;
+
+again:
+ switch( mode ) {
+ case FIND_MAXCSN:
+ cf.f_choice = LDAP_FILTER_GE;
+ cf.f_av_value = si->si_ctxcsn;
+ fop.ors_filterstr.bv_len = sprintf( buf, "(entryCSN>=%s)",
+ cf.f_av_value.bv_val );
+ fop.ors_attrsonly = 0;
+ fop.ors_attrs = csn_anlist;
+ fop.ors_slimit = SLAP_NO_LIMIT;
+ cb.sc_private = &maxcsn;
+ cb.sc_response = findmax_cb;
+ strcpy( cbuf, si->si_ctxcsn.bv_val );
+ maxcsn.bv_val = cbuf;
+ maxcsn.bv_len = si->si_ctxcsn.bv_len;
+ break;
+ case FIND_CSN:
+ cf.f_av_value = srs->sr_state.ctxcsn;
+ /* Look for exact match the first time */
+ if ( findcsn_retry ) {
+ cf.f_choice = LDAP_FILTER_EQUALITY;
+ fop.ors_filterstr.bv_len = sprintf( buf, "(entryCSN=%s)",
+ cf.f_av_value.bv_val );
+ /* On retry, look for <= */
+ } else {
+ cf.f_choice = LDAP_FILTER_LE;
+ fop.ors_limit = &fc_limits;
+ fc_limits.lms_s_unchecked = 1;
+ fop.ors_filterstr.bv_len = sprintf( buf, "(entryCSN<=%s)",
+ cf.f_av_value.bv_val );
+ }
+ fop.ors_attrsonly = 1;
+ fop.ors_attrs = slap_anlist_no_attrs;
+ fop.ors_slimit = 1;
+ cb.sc_private = NULL;
+ cb.sc_response = findcsn_cb;
+ break;
+ case FIND_PRESENT:
+ fop.ors_filter = op->ors_filter;
+ fop.ors_filterstr = op->ors_filterstr;
+ fop.ors_attrsonly = 0;
+ fop.ors_attrs = uuid_anlist;
+ fop.ors_slimit = SLAP_NO_LIMIT;
+ cb.sc_private = &pcookie;
+ cb.sc_response = findpres_cb;
+ pcookie.num = 0;
+
+ /* preallocate storage for a full set */
+ pcookie.uuids = op->o_tmpalloc( (SLAP_SYNCUUID_SET_SIZE+1) *
+ sizeof(struct berval) + SLAP_SYNCUUID_SET_SIZE * UUID_LEN,
+ op->o_tmpmemctx );
+ pcookie.last = (char *)(pcookie.uuids + SLAP_SYNCUUID_SET_SIZE+1);
+ pcookie.uuids[0].bv_val = pcookie.last;
+ pcookie.uuids[0].bv_len = UUID_LEN;
+ for (i=1; i<SLAP_SYNCUUID_SET_SIZE; i++) {
+ pcookie.uuids[i].bv_val = pcookie.uuids[i-1].bv_val + UUID_LEN;
+ pcookie.uuids[i].bv_len = UUID_LEN;
+ }
+ break;
+ }
+
+ fop.o_bd->bd_info = on->on_info->oi_orig;
+ fop.o_bd->be_search( &fop, &frs );
+ fop.o_bd->bd_info = (BackendInfo *)on;
+
+ switch( mode ) {
+ case FIND_MAXCSN:
+ strcpy( si->si_ctxcsnbuf, maxcsn.bv_val );
+ si->si_ctxcsn.bv_len = maxcsn.bv_len;
+ break;
+ case FIND_CSN:
+ /* If matching CSN was not found, invalidate the context. */
+ if ( !cb.sc_private ) {
+ /* If we didn't find an exact match, then try for <= */
+ if ( findcsn_retry ) {
+ findcsn_retry = 0;
+ goto again;
+ }
+ rc = LDAP_NO_SUCH_OBJECT;
+ }
+ break;
+ case FIND_PRESENT:
+ op->o_tmpfree( pcookie.uuids, op->o_tmpmemctx );
+ break;
+ }
+
+ return rc;
+}
+
+static void
+syncprov_free_syncop( syncops *so )
+{
+ syncres *sr, *srnext;
+ GroupAssertion *ga, *gnext;
+
+ ldap_pvt_thread_mutex_lock( &so->s_mutex );
+ if ( --so->s_inuse > 0 ) {
+ ldap_pvt_thread_mutex_unlock( &so->s_mutex );
+ return;
+ }
+ ldap_pvt_thread_mutex_unlock( &so->s_mutex );
+ if ( so->s_flags & PS_IS_DETACHED ) {
+ filter_free( so->s_op->ors_filter );
+ for ( ga = so->s_op->o_groups; ga; ga=gnext ) {
+ gnext = ga->ga_next;
+ ch_free( ga );
+ }
+ ch_free( so->s_op );
+ }
+ ch_free( so->s_base.bv_val );
+ for ( sr=so->s_res; sr; sr=srnext ) {
+ srnext = sr->s_next;
+ ch_free( sr );
+ }
+ ldap_pvt_thread_mutex_destroy( &so->s_mutex );
+ ch_free( so );
+}
+
+/* Send a persistent search response */
+static int
+syncprov_sendresp( Operation *op, opcookie *opc, syncops *so,
+ Entry **e, int mode )
+{
+ slap_overinst *on = opc->son;
+
+ SlapReply rs = { REP_SEARCH };
+ LDAPControl *ctrls[2];
+ struct berval cookie;
+ Entry e_uuid = {0};
+ Attribute a_uuid = {0};
+
+ if ( so->s_op->o_abandon )
+ return SLAPD_ABANDON;
+
+ ctrls[1] = NULL;
+ slap_compose_sync_cookie( op, &cookie, &opc->sctxcsn, so->s_rid );
+
+ e_uuid.e_attrs = &a_uuid;
+ a_uuid.a_desc = slap_schema.si_ad_entryUUID;
+ a_uuid.a_nvals = &opc->suuid;
+ rs.sr_err = syncprov_state_ctrl( op, &rs, &e_uuid,
+ mode, ctrls, 0, 1, &cookie );
+ op->o_tmpfree( cookie.bv_val, op->o_tmpmemctx );
+
+ rs.sr_ctrls = ctrls;
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ switch( mode ) {
+ case LDAP_SYNC_ADD:
+ rs.sr_entry = *e;
+ if ( rs.sr_entry->e_private )
+ rs.sr_flags = REP_ENTRY_MUSTRELEASE;
+ if ( opc->sreference ) {
+ rs.sr_ref = get_entry_referrals( op, rs.sr_entry );
+ rs.sr_err = send_search_reference( op, &rs );
+ ber_bvarray_free( rs.sr_ref );
+ if ( !rs.sr_entry )
+ *e = NULL;
+ break;
+ }
+ /* fallthru */
+ case LDAP_SYNC_MODIFY:
+ rs.sr_entry = *e;
+ if ( rs.sr_entry->e_private )
+ rs.sr_flags = REP_ENTRY_MUSTRELEASE;
+ rs.sr_attrs = op->ors_attrs;
+ rs.sr_err = send_search_entry( op, &rs );
+ if ( !rs.sr_entry )
+ *e = NULL;
+ break;
+ case LDAP_SYNC_DELETE:
+ e_uuid.e_attrs = NULL;
+ e_uuid.e_name = opc->sdn;
+ e_uuid.e_nname = opc->sndn;
+ rs.sr_entry = &e_uuid;
+ if ( opc->sreference ) {
+ struct berval bv = BER_BVNULL;
+ rs.sr_ref = &bv;
+ rs.sr_err = send_search_reference( op, &rs );
+ } else {
+ rs.sr_err = send_search_entry( op, &rs );
+ }
+ break;
+ default:
+ assert(0);
+ }
+ /* In case someone else freed it already? */
+ if ( rs.sr_ctrls ) {
+ op->o_tmpfree( rs.sr_ctrls[0], op->o_tmpmemctx );
+ rs.sr_ctrls = NULL;
+ }
+
+ return rs.sr_err;
+}
+
+/* Play back queued responses */
+static int
+syncprov_qplay( Operation *op, slap_overinst *on, syncops *so )
+{
+ syncres *sr;
+ Entry *e;
+ opcookie opc;
+ int rc = 0;
+
+ opc.son = on;
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+
+ for (;;) {
+ ldap_pvt_thread_mutex_lock( &so->s_mutex );
+ sr = so->s_res;
+ if ( sr )
+ so->s_res = sr->s_next;
+ if ( !so->s_res )
+ so->s_restail = NULL;
+ ldap_pvt_thread_mutex_unlock( &so->s_mutex );
+
+ if ( !sr || so->s_op->o_abandon )
+ break;
+
+ opc.sdn = sr->s_dn;
+ opc.sndn = sr->s_ndn;
+ opc.suuid = sr->s_uuid;
+ opc.sctxcsn = sr->s_csn;
+ opc.sreference = sr->s_isreference;
+ e = NULL;
+
+ if ( sr->s_mode != LDAP_SYNC_DELETE ) {
+ rc = be_entry_get_rw( op, &opc.sndn, NULL, NULL, 0, &e );
+ if ( rc ) {
+ Debug( LDAP_DEBUG_SYNC, "syncprov_qplay: failed to get %s, "
+ "error (%d), ignoring...\n", opc.sndn.bv_val, rc, 0 );
+ ch_free( sr );
+ rc = 0;
+ continue;
+ }
+ }
+ rc = syncprov_sendresp( op, &opc, so, &e, sr->s_mode );
+
+ if ( e ) {
+ be_entry_release_rw( op, e, 0 );
+ }
+
+ ch_free( sr );
+
+ if ( rc )
+ break;
+ }
+ op->o_bd->bd_info = (BackendInfo *)on;
+ return rc;
+}
+
+/* runqueue task for playing back queued responses */
+static void *
+syncprov_qtask( void *ctx, void *arg )
+{
+ struct re_s *rtask = arg;
+ syncops *so = rtask->arg;
+ slap_overinst *on = so->s_op->o_private;
+ OperationBuffer opbuf;
+ Operation *op;
+ BackendDB be;
+ int rc;
+
+ op = (Operation *) &opbuf;
+ *op = *so->s_op;
+ op->o_hdr = (Opheader *)(op+1);
+ op->o_controls = (void **)(op->o_hdr+1);
+ memset( op->o_controls, 0, SLAP_MAX_CIDS * sizeof(void *));
+
+ *op->o_hdr = *so->s_op->o_hdr;
+
+ op->o_tmpmemctx = slap_sl_mem_create(SLAP_SLAB_SIZE, SLAP_SLAB_STACK, ctx);
+ op->o_tmpmfuncs = &slap_sl_mfuncs;
+ op->o_threadctx = ctx;
+
+ /* syncprov_qplay expects a fake db */
+ be = *so->s_op->o_bd;
+ be.be_flags |= SLAP_DBFLAG_OVERLAY;
+ op->o_bd = &be;
+ op->o_private = NULL;
+ op->o_callback = NULL;
+
+ rc = syncprov_qplay( op, on, so );
+
+ /* decrement use count... */
+ syncprov_free_syncop( so );
+
+ /* wait until we get explicitly scheduled again */
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ ldap_pvt_runqueue_stoptask( &slapd_rq, rtask );
+ if ( rc == 0 ) {
+ ldap_pvt_runqueue_resched( &slapd_rq, rtask, 1 );
+ } else {
+ /* bail out on any error */
+ ldap_pvt_runqueue_remove( &slapd_rq, rtask );
+ }
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+
+ return NULL;
+}
+
+/* Start the task to play back queued psearch responses */
+static void
+syncprov_qstart( syncops *so )
+{
+ int wake=0;
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ if ( !so->s_qtask ) {
+ so->s_qtask = ldap_pvt_runqueue_insert( &slapd_rq, RUNQ_INTERVAL,
+ syncprov_qtask, so, "syncprov_qtask",
+ so->s_op->o_conn->c_peer_name.bv_val );
+ ++so->s_inuse;
+ wake = 1;
+ } else {
+ if (!ldap_pvt_runqueue_isrunning( &slapd_rq, so->s_qtask ) &&
+ !so->s_qtask->next_sched.tv_sec ) {
+ so->s_qtask->interval.tv_sec = 0;
+ ldap_pvt_runqueue_resched( &slapd_rq, so->s_qtask, 0 );
+ so->s_qtask->interval.tv_sec = RUNQ_INTERVAL;
+ ++so->s_inuse;
+ wake = 1;
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+ if ( wake )
+ slap_wake_listener();
+}
+
+/* Queue a persistent search response */
+static int
+syncprov_qresp( opcookie *opc, syncops *so, int mode )
+{
+ syncres *sr;
+
+ sr = ch_malloc(sizeof(syncres) + opc->suuid.bv_len + 1 +
+ opc->sdn.bv_len + 1 + opc->sndn.bv_len + 1 + opc->sctxcsn.bv_len + 1 );
+ sr->s_next = NULL;
+ sr->s_dn.bv_val = (char *)(sr + 1);
+ sr->s_dn.bv_len = opc->sdn.bv_len;
+ sr->s_mode = mode;
+ sr->s_isreference = opc->sreference;
+ sr->s_ndn.bv_val = lutil_strcopy( sr->s_dn.bv_val,
+ opc->sdn.bv_val ) + 1;
+ sr->s_ndn.bv_len = opc->sndn.bv_len;
+ sr->s_uuid.bv_val = lutil_strcopy( sr->s_ndn.bv_val,
+ opc->sndn.bv_val ) + 1;
+ sr->s_uuid.bv_len = opc->suuid.bv_len;
+ AC_MEMCPY( sr->s_uuid.bv_val, opc->suuid.bv_val, opc->suuid.bv_len );
+ sr->s_csn.bv_val = sr->s_uuid.bv_val + sr->s_uuid.bv_len + 1;
+ sr->s_csn.bv_len = opc->sctxcsn.bv_len;
+ strcpy( sr->s_csn.bv_val, opc->sctxcsn.bv_val );
+
+ ldap_pvt_thread_mutex_lock( &so->s_mutex );
+ if ( !so->s_res ) {
+ so->s_res = sr;
+ } else {
+ so->s_restail->s_next = sr;
+ }
+ so->s_restail = sr;
+
+ /* If the base of the psearch was modified, check it next time round */
+ if ( so->s_flags & PS_WROTE_BASE ) {
+ so->s_flags ^= PS_WROTE_BASE;
+ so->s_flags |= PS_FIND_BASE;
+ }
+ if ( so->s_flags & PS_IS_DETACHED ) {
+ syncprov_qstart( so );
+ }
+ ldap_pvt_thread_mutex_unlock( &so->s_mutex );
+ return LDAP_SUCCESS;
+}
+
+static int
+syncprov_drop_psearch( syncops *so, int lock )
+{
+ if ( so->s_flags & PS_IS_DETACHED ) {
+ if ( lock )
+ ldap_pvt_thread_mutex_lock( &so->s_op->o_conn->c_mutex );
+ so->s_op->o_conn->c_n_ops_executing--;
+ so->s_op->o_conn->c_n_ops_completed++;
+ LDAP_STAILQ_REMOVE( &so->s_op->o_conn->c_ops, so->s_op, slap_op,
+ o_next );
+ if ( lock )
+ ldap_pvt_thread_mutex_unlock( &so->s_op->o_conn->c_mutex );
+ }
+ syncprov_free_syncop( so );
+
+ return 0;
+}
+
+static int
+syncprov_ab_cleanup( Operation *op, SlapReply *rs )
+{
+ slap_callback *sc = op->o_callback;
+ op->o_callback = sc->sc_next;
+ syncprov_drop_psearch( op->o_callback->sc_private, 0 );
+ op->o_tmpfree( sc, op->o_tmpmemctx );
+ return 0;
+}
+
+static int
+syncprov_op_abandon( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ syncprov_info_t *si = on->on_bi.bi_private;
+ syncops *so, *soprev;
+
+ ldap_pvt_thread_mutex_lock( &si->si_ops_mutex );
+ for ( so=si->si_ops, soprev = (syncops *)&si->si_ops; so;
+ soprev=so, so=so->s_next ) {
+ if ( so->s_op->o_connid == op->o_connid &&
+ so->s_op->o_msgid == op->orn_msgid ) {
+ so->s_op->o_abandon = 1;
+ soprev->s_next = so->s_next;
+ break;
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex );
+ if ( so ) {
+ /* Is this really a Cancel exop? */
+ if ( op->o_tag != LDAP_REQ_ABANDON ) {
+ so->s_op->o_cancel = SLAP_CANCEL_ACK;
+ rs->sr_err = LDAP_CANCELLED;
+ send_ldap_result( so->s_op, rs );
+ if ( so->s_flags & PS_IS_DETACHED ) {
+ slap_callback *cb;
+ cb = op->o_tmpcalloc( 1, sizeof(slap_callback), op->o_tmpmemctx );
+ cb->sc_cleanup = syncprov_ab_cleanup;
+ cb->sc_next = op->o_callback;
+ cb->sc_private = so;
+ return SLAP_CB_CONTINUE;
+ }
+ }
+ syncprov_drop_psearch( so, 0 );
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+/* Find which persistent searches are affected by this operation */
+static void
+syncprov_matchops( Operation *op, opcookie *opc, int saveit )
+{
+ slap_overinst *on = opc->son;
+ syncprov_info_t *si = on->on_bi.bi_private;
+
+ fbase_cookie fc;
+ syncops *ss, *sprev, *snext;
+ Entry *e;
+ Attribute *a;
+ int rc;
+ struct berval newdn;
+ int freefdn = 0;
+ BackendDB *b0 = op->o_bd, db;
+
+ fc.fdn = &op->o_req_ndn;
+ /* compute new DN */
+ if ( op->o_tag == LDAP_REQ_MODRDN && !saveit ) {
+ struct berval pdn;
+ if ( op->orr_nnewSup ) pdn = *op->orr_nnewSup;
+ else dnParent( fc.fdn, &pdn );
+ build_new_dn( &newdn, &pdn, &op->orr_nnewrdn, op->o_tmpmemctx );
+ fc.fdn = &newdn;
+ freefdn = 1;
+ }
+ if ( op->o_tag != LDAP_REQ_ADD ) {
+ if ( !SLAP_ISOVERLAY( op->o_bd )) {
+ db = *op->o_bd;
+ op->o_bd = &db;
+ }
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ rc = be_entry_get_rw( op, fc.fdn, NULL, NULL, 0, &e );
+ /* If we're sending responses now, make a copy and unlock the DB */
+ if ( e && !saveit ) {
+ Entry *e2 = entry_dup( e );
+ be_entry_release_rw( op, e, 0 );
+ e = e2;
+ }
+ op->o_bd->bd_info = (BackendInfo *)on;
+ if ( rc ) {
+ op->o_bd = b0;
+ return;
+ }
+ } else {
+ e = op->ora_e;
+ }
+
+ if ( saveit || op->o_tag == LDAP_REQ_ADD ) {
+ ber_dupbv_x( &opc->sdn, &e->e_name, op->o_tmpmemctx );
+ ber_dupbv_x( &opc->sndn, &e->e_nname, op->o_tmpmemctx );
+ opc->sreference = is_entry_referral( e );
+ a = attr_find( e->e_attrs, slap_schema.si_ad_entryUUID );
+ if ( a )
+ ber_dupbv_x( &opc->suuid, &a->a_nvals[0], op->o_tmpmemctx );
+ } else if ( op->o_tag == LDAP_REQ_MODRDN && !saveit ) {
+ op->o_tmpfree( opc->sndn.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( opc->sdn.bv_val, op->o_tmpmemctx );
+ ber_dupbv_x( &opc->sdn, &e->e_name, op->o_tmpmemctx );
+ ber_dupbv_x( &opc->sndn, &e->e_nname, op->o_tmpmemctx );
+ }
+
+ ldap_pvt_thread_mutex_lock( &si->si_ops_mutex );
+ for (ss = si->si_ops, sprev = (syncops *)&si->si_ops; ss;
+ sprev = ss, ss=snext)
+ {
+ syncmatches *sm;
+ int found = 0;
+
+ snext = ss->s_next;
+ /* validate base */
+ fc.fss = ss;
+ fc.fbase = 0;
+ fc.fscope = 0;
+
+ /* If the base of the search is missing, signal a refresh */
+ rc = syncprov_findbase( op, &fc );
+ if ( rc != LDAP_SUCCESS ) {
+ SlapReply rs = {REP_RESULT};
+ send_ldap_error( ss->s_op, &rs, LDAP_SYNC_REFRESH_REQUIRED,
+ "search base has changed" );
+ sprev->s_next = snext;
+ syncprov_drop_psearch( ss, 1 );
+ ss = sprev;
+ continue;
+ }
+
+
+ /* If we're sending results now, look for this op in old matches */
+ if ( !saveit ) {
+ syncmatches *old;
+
+ /* Did we modify the search base? */
+ if ( dn_match( &op->o_req_ndn, &ss->s_base )) {
+ ldap_pvt_thread_mutex_lock( &ss->s_mutex );
+ ss->s_flags |= PS_WROTE_BASE;
+ ldap_pvt_thread_mutex_unlock( &ss->s_mutex );
+ }
+
+ for ( sm=opc->smatches, old=(syncmatches *)&opc->smatches; sm;
+ old=sm, sm=sm->sm_next ) {
+ if ( sm->sm_op == ss ) {
+ found = 1;
+ old->sm_next = sm->sm_next;
+ op->o_tmpfree( sm, op->o_tmpmemctx );
+ break;
+ }
+ }
+ }
+
+ /* check if current o_req_dn is in scope and matches filter */
+ if ( fc.fscope && test_filter( op, e, ss->s_op->ors_filter ) ==
+ LDAP_COMPARE_TRUE ) {
+ if ( saveit ) {
+ sm = op->o_tmpalloc( sizeof(syncmatches), op->o_tmpmemctx );
+ sm->sm_next = opc->smatches;
+ sm->sm_op = ss;
+ ldap_pvt_thread_mutex_lock( &ss->s_mutex );
+ ++ss->s_inuse;
+ ldap_pvt_thread_mutex_unlock( &ss->s_mutex );
+ opc->smatches = sm;
+ } else {
+ /* if found send UPDATE else send ADD */
+ syncprov_qresp( opc, ss,
+ found ? LDAP_SYNC_MODIFY : LDAP_SYNC_ADD );
+ }
+ } else if ( !saveit && found ) {
+ /* send DELETE */
+ syncprov_qresp( opc, ss, LDAP_SYNC_DELETE );
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex );
+
+ if ( op->o_tag != LDAP_REQ_ADD && e ) {
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ be_entry_release_rw( op, e, 0 );
+ op->o_bd->bd_info = (BackendInfo *)on;
+ }
+ if ( freefdn ) {
+ op->o_tmpfree( fc.fdn->bv_val, op->o_tmpmemctx );
+ }
+ op->o_bd = b0;
+}
+
+static int
+syncprov_op_cleanup( Operation *op, SlapReply *rs )
+{
+ slap_callback *cb = op->o_callback;
+ opcookie *opc = cb->sc_private;
+ slap_overinst *on = opc->son;
+ syncprov_info_t *si = on->on_bi.bi_private;
+ syncmatches *sm, *snext;
+ modtarget *mt, mtdummy;
+
+ for (sm = opc->smatches; sm; sm=snext) {
+ snext = sm->sm_next;
+ syncprov_free_syncop( sm->sm_op );
+ op->o_tmpfree( sm, op->o_tmpmemctx );
+ }
+
+ /* Remove op from lock table */
+ mtdummy.mt_op = op;
+ ldap_pvt_thread_mutex_lock( &si->si_mods_mutex );
+ mt = avl_find( si->si_mods, &mtdummy, sp_avl_cmp );
+ if ( mt ) {
+ modinst *mi = mt->mt_mods;
+
+ /* If there are more, promote the next one */
+ ldap_pvt_thread_mutex_lock( &mt->mt_mutex );
+ if ( mi->mi_next ) {
+ mt->mt_mods = mi->mi_next;
+ mt->mt_op = mt->mt_mods->mi_op;
+ ldap_pvt_thread_mutex_unlock( &mt->mt_mutex );
+ } else {
+ avl_delete( &si->si_mods, mt, sp_avl_cmp );
+ ldap_pvt_thread_mutex_unlock( &mt->mt_mutex );
+ ldap_pvt_thread_mutex_destroy( &mt->mt_mutex );
+ ch_free( mt );
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &si->si_mods_mutex );
+ if ( !BER_BVISNULL( &opc->suuid ))
+ op->o_tmpfree( opc->suuid.bv_val, op->o_tmpmemctx );
+ if ( !BER_BVISNULL( &opc->sndn ))
+ op->o_tmpfree( opc->sndn.bv_val, op->o_tmpmemctx );
+ if ( !BER_BVISNULL( &opc->sdn ))
+ op->o_tmpfree( opc->sdn.bv_val, op->o_tmpmemctx );
+ op->o_callback = cb->sc_next;
+ op->o_tmpfree(cb, op->o_tmpmemctx);
+
+ return 0;
+}
+
+static void
+syncprov_checkpoint( Operation *op, SlapReply *rs, slap_overinst *on )
+{
+ syncprov_info_t *si = on->on_bi.bi_private;
+ Modifications mod;
+ Operation opm;
+ SlapReply rsm = { 0 };
+ struct berval bv[2];
+ slap_callback cb = {0};
+
+ /* If ctxcsn is empty, delete it */
+ if ( BER_BVISEMPTY( &si->si_ctxcsn )) {
+ mod.sml_values = NULL;
+ } else {
+ mod.sml_values = bv;
+ bv[1].bv_val = NULL;
+ bv[0] = si->si_ctxcsn;
+ }
+ mod.sml_nvalues = NULL;
+ mod.sml_desc = slap_schema.si_ad_contextCSN;
+ mod.sml_op = LDAP_MOD_REPLACE;
+ mod.sml_flags = 0;
+ mod.sml_next = NULL;
+
+ cb.sc_response = slap_null_cb;
+ opm = *op;
+ opm.o_tag = LDAP_REQ_MODIFY;
+ opm.o_callback = &cb;
+ opm.orm_modlist = &mod;
+ opm.o_req_dn = op->o_bd->be_suffix[0];
+ opm.o_req_ndn = op->o_bd->be_nsuffix[0];
+ opm.o_bd->bd_info = on->on_info->oi_orig;
+ opm.o_managedsait = SLAP_CONTROL_NONCRITICAL;
+ SLAP_DBFLAGS( opm.o_bd ) |= SLAP_DBFLAG_NOLASTMOD;
+ opm.o_bd->be_modify( &opm, &rsm );
+ SLAP_DBFLAGS( opm.o_bd ) ^= SLAP_DBFLAG_NOLASTMOD;
+ if ( mod.sml_next != NULL ) {
+ slap_mods_free( mod.sml_next, 1 );
+ }
+}
+
+static void
+syncprov_add_slog( Operation *op )
+{
+ opcookie *opc = op->o_callback->sc_private;
+ slap_overinst *on = opc->son;
+ syncprov_info_t *si = on->on_bi.bi_private;
+ sessionlog *sl;
+ slog_entry *se;
+
+ sl = si->si_logs;
+ {
+ /* Allocate a record. UUIDs are not NUL-terminated. */
+ se = ch_malloc( sizeof( slog_entry ) + opc->suuid.bv_len +
+ op->o_csn.bv_len + 1 );
+ se->se_next = NULL;
+ se->se_tag = op->o_tag;
+
+ se->se_uuid.bv_val = (char *)(&se[1]);
+ AC_MEMCPY( se->se_uuid.bv_val, opc->suuid.bv_val, opc->suuid.bv_len );
+ se->se_uuid.bv_len = opc->suuid.bv_len;
+
+ se->se_csn.bv_val = se->se_uuid.bv_val + opc->suuid.bv_len;
+ AC_MEMCPY( se->se_csn.bv_val, op->o_csn.bv_val, op->o_csn.bv_len );
+ se->se_csn.bv_val[op->o_csn.bv_len] = '\0';
+ se->se_csn.bv_len = op->o_csn.bv_len;
+
+ ldap_pvt_thread_mutex_lock( &sl->sl_mutex );
+ if ( sl->sl_head ) {
+ sl->sl_tail->se_next = se;
+ } else {
+ sl->sl_head = se;
+ }
+ sl->sl_tail = se;
+ sl->sl_num++;
+ while ( sl->sl_num > sl->sl_size ) {
+ se = sl->sl_head;
+ sl->sl_head = se->se_next;
+ strcpy( sl->sl_mincsn.bv_val, se->se_csn.bv_val );
+ sl->sl_mincsn.bv_len = se->se_csn.bv_len;
+ ch_free( se );
+ sl->sl_num--;
+ }
+ ldap_pvt_thread_mutex_unlock( &sl->sl_mutex );
+ }
+}
+
+/* Just set a flag if we found the matching entry */
+static int
+playlog_cb( Operation *op, SlapReply *rs )
+{
+ if ( rs->sr_type == REP_SEARCH ) {
+ op->o_callback->sc_private = (void *)1;
+ }
+ return rs->sr_err;
+}
+
+/* enter with sl->sl_mutex locked, release before returning */
+static void
+syncprov_playlog( Operation *op, SlapReply *rs, sessionlog *sl,
+ sync_control *srs, struct berval *ctxcsn )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ slog_entry *se;
+ int i, j, ndel, num, nmods, mmods;
+ char cbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
+ BerVarray uuids;
+ struct berval delcsn;
+
+ if ( !sl->sl_num ) {
+ ldap_pvt_thread_mutex_unlock( &sl->sl_mutex );
+ return;
+ }
+
+ num = sl->sl_num;
+ i = 0;
+ nmods = 0;
+
+ uuids = op->o_tmpalloc( (num+1) * sizeof( struct berval ) +
+ num * UUID_LEN, op->o_tmpmemctx );
+ uuids[0].bv_val = (char *)(uuids + num + 1);
+
+ delcsn.bv_len = 0;
+ delcsn.bv_val = cbuf;
+
+ /* Make a copy of the relevant UUIDs. Put the Deletes up front
+ * and everything else at the end. Do this first so we can
+ * unlock the list mutex.
+ */
+ Debug( LDAP_DEBUG_SYNC, "srs csn %s\n", srs->sr_state.ctxcsn.bv_val, 0, 0 );
+ for ( se=sl->sl_head; se; se=se->se_next ) {
+ Debug( LDAP_DEBUG_SYNC, "log csn %s\n", se->se_csn.bv_val, 0, 0 );
+ ndel = ber_bvcmp( &se->se_csn, &srs->sr_state.ctxcsn );
+ if ( ndel <= 0 ) {
+ Debug( LDAP_DEBUG_SYNC, "cmp %d, too old\n", ndel, 0, 0 );
+ continue;
+ }
+ ndel = ber_bvcmp( &se->se_csn, ctxcsn );
+ if ( ndel > 0 ) {
+ Debug( LDAP_DEBUG_SYNC, "cmp %d, too new\n", ndel, 0, 0 );
+ break;
+ }
+ if ( se->se_tag == LDAP_REQ_DELETE ) {
+ j = i;
+ i++;
+ AC_MEMCPY( cbuf, se->se_csn.bv_val, se->se_csn.bv_len );
+ delcsn.bv_len = se->se_csn.bv_len;
+ delcsn.bv_val[delcsn.bv_len] = '\0';
+ } else {
+ nmods++;
+ j = num - nmods;
+ }
+ uuids[j].bv_val = uuids[0].bv_val + (j * UUID_LEN);
+ AC_MEMCPY(uuids[j].bv_val, se->se_uuid.bv_val, UUID_LEN);
+ uuids[j].bv_len = UUID_LEN;
+ }
+ ldap_pvt_thread_mutex_unlock( &sl->sl_mutex );
+
+ ndel = i;
+
+ /* Zero out unused slots */
+ for ( i=ndel; i < num - nmods; i++ )
+ uuids[i].bv_len = 0;
+
+ /* Mods must be validated to see if they belong in this delete set.
+ */
+
+ mmods = nmods;
+ /* Strip any duplicates */
+ for ( i=0; i<nmods; i++ ) {
+ for ( j=0; j<ndel; j++ ) {
+ if ( bvmatch( &uuids[j], &uuids[num - 1 - i] )) {
+ uuids[num - 1 - i].bv_len = 0;
+ mmods --;
+ break;
+ }
+ }
+ if ( uuids[num - 1 - i].bv_len == 0 ) continue;
+ for ( j=0; j<i; j++ ) {
+ if ( bvmatch( &uuids[num - 1 - j], &uuids[num - 1 - i] )) {
+ uuids[num - 1 - i].bv_len = 0;
+ mmods --;
+ break;
+ }
+ }
+ }
+
+ if ( mmods ) {
+ Operation fop;
+ SlapReply frs = { REP_RESULT };
+ int rc;
+ Filter mf, af;
+#ifdef LDAP_COMP_MATCH
+ AttributeAssertion eq = { NULL, BER_BVNULL, NULL };
+#else
+ AttributeAssertion eq;
+#endif
+ slap_callback cb = {0};
+
+ fop = *op;
+
+ fop.o_sync_mode = 0;
+ fop.o_callback = &cb;
+ fop.ors_limit = NULL;
+ fop.ors_tlimit = SLAP_NO_LIMIT;
+ fop.ors_attrs = slap_anlist_all_attributes;
+ fop.ors_attrsonly = 0;
+ fop.o_managedsait = SLAP_CONTROL_CRITICAL;
+
+ af.f_choice = LDAP_FILTER_AND;
+ af.f_next = NULL;
+ af.f_and = &mf;
+ mf.f_choice = LDAP_FILTER_EQUALITY;
+ mf.f_ava = &eq;
+ mf.f_av_desc = slap_schema.si_ad_entryUUID;
+ mf.f_next = fop.ors_filter;
+
+ fop.ors_filter = ⁡
+
+ cb.sc_response = playlog_cb;
+ fop.o_bd->bd_info = on->on_info->oi_orig;
+
+ for ( i=ndel; i<num; i++ ) {
+ if ( uuids[i].bv_len == 0 ) continue;
+
+ mf.f_av_value = uuids[i];
+ cb.sc_private = NULL;
+ fop.ors_slimit = 1;
+ frs.sr_nentries = 0;
+ rc = fop.o_bd->be_search( &fop, &frs );
+
+ /* If entry was not found, add to delete list */
+ if ( !cb.sc_private ) {
+ uuids[ndel++] = uuids[i];
+ }
+ }
+ fop.o_bd->bd_info = (BackendInfo *)on;
+ }
+ if ( ndel ) {
+ struct berval cookie;
+
+ slap_compose_sync_cookie( op, &cookie, &delcsn, srs->sr_state.rid );
+ uuids[ndel].bv_val = NULL;
+ syncprov_sendinfo( op, rs, LDAP_TAG_SYNC_ID_SET, &cookie, 0, uuids, 1 );
+ op->o_tmpfree( cookie.bv_val, op->o_tmpmemctx );
+ }
+ op->o_tmpfree( uuids, op->o_tmpmemctx );
+}
+
+static int
+syncprov_op_response( Operation *op, SlapReply *rs )
+{
+ opcookie *opc = op->o_callback->sc_private;
+ slap_overinst *on = opc->son;
+ syncprov_info_t *si = on->on_bi.bi_private;
+ syncmatches *sm;
+
+ if ( rs->sr_err == LDAP_SUCCESS )
+ {
+ struct berval maxcsn = BER_BVNULL;
+ char cbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
+ int do_check=0;
+
+ /* Update our context CSN */
+ cbuf[0] = '\0';
+ ldap_pvt_thread_rdwr_wlock( &si->si_csn_rwlock );
+ slap_get_commit_csn( op, &maxcsn );
+ if ( !BER_BVISNULL( &maxcsn ) ) {
+ strcpy( cbuf, maxcsn.bv_val );
+ if ( ber_bvcmp( &maxcsn, &si->si_ctxcsn ) > 0 ) {
+ strcpy( si->si_ctxcsnbuf, cbuf );
+ si->si_ctxcsn.bv_len = maxcsn.bv_len;
+ }
+ }
+
+ /* Don't do any processing for consumer contextCSN updates */
+ if ( SLAP_SYNC_SHADOW( op->o_bd ) &&
+ op->o_msgid == SLAP_SYNC_UPDATE_MSGID ) {
+ ldap_pvt_thread_rdwr_wunlock( &si->si_csn_rwlock );
+ return SLAP_CB_CONTINUE;
+ }
+
+ si->si_numops++;
+ if ( si->si_chkops || si->si_chktime ) {
+ if ( si->si_chkops && si->si_numops >= si->si_chkops ) {
+ do_check = 1;
+ si->si_numops = 0;
+ }
+ if ( si->si_chktime &&
+ (op->o_time - si->si_chklast >= si->si_chktime )) {
+ do_check = 1;
+ si->si_chklast = op->o_time;
+ }
+ }
+ ldap_pvt_thread_rdwr_wunlock( &si->si_csn_rwlock );
+
+ if ( do_check ) {
+ ldap_pvt_thread_rdwr_rlock( &si->si_csn_rwlock );
+ syncprov_checkpoint( op, rs, on );
+ ldap_pvt_thread_rdwr_runlock( &si->si_csn_rwlock );
+ }
+
+ opc->sctxcsn.bv_len = maxcsn.bv_len;
+ opc->sctxcsn.bv_val = cbuf;
+
+ /* Handle any persistent searches */
+ if ( si->si_ops ) {
+ switch(op->o_tag) {
+ case LDAP_REQ_ADD:
+ case LDAP_REQ_MODIFY:
+ case LDAP_REQ_MODRDN:
+ case LDAP_REQ_EXTENDED:
+ syncprov_matchops( op, opc, 0 );
+ break;
+ case LDAP_REQ_DELETE:
+ /* for each match in opc->smatches:
+ * send DELETE msg
+ */
+ for ( sm = opc->smatches; sm; sm=sm->sm_next ) {
+ if ( sm->sm_op->s_op->o_abandon )
+ continue;
+ syncprov_qresp( opc, sm->sm_op, LDAP_SYNC_DELETE );
+ }
+ break;
+ }
+ }
+
+ /* Add any log records */
+ if ( si->si_logs && op->o_tag != LDAP_REQ_ADD ) {
+ syncprov_add_slog( op );
+ }
+
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+/* We don't use a subentry to store the context CSN any more.
+ * We expose the current context CSN as an operational attribute
+ * of the suffix entry.
+ */
+static int
+syncprov_op_compare( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ syncprov_info_t *si = on->on_bi.bi_private;
+ int rc = SLAP_CB_CONTINUE;
+
+ if ( dn_match( &op->o_req_ndn, op->o_bd->be_nsuffix ) &&
+ op->oq_compare.rs_ava->aa_desc == slap_schema.si_ad_contextCSN )
+ {
+ Entry e = {0};
+ Attribute a = {0};
+ struct berval bv[2];
+
+ e.e_name = op->o_bd->be_suffix[0];
+ e.e_nname = op->o_bd->be_nsuffix[0];
+
+ BER_BVZERO( &bv[1] );
+ bv[0] = si->si_ctxcsn;
+
+ a.a_desc = slap_schema.si_ad_contextCSN;
+ a.a_vals = bv;
+ a.a_nvals = a.a_vals;
+
+ ldap_pvt_thread_rdwr_rlock( &si->si_csn_rwlock );
+
+ rs->sr_err = access_allowed( op, &e, op->oq_compare.rs_ava->aa_desc,
+ &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
+ if ( ! rs->sr_err ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, &e, get_assertion( op ) ) != LDAP_COMPARE_TRUE ) )
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ goto return_results;
+ }
+
+
+ rs->sr_err = LDAP_COMPARE_FALSE;
+
+ if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ a.a_nvals, &op->oq_compare.rs_ava->aa_value, op->o_tmpmemctx ) == 0 )
+ {
+ rs->sr_err = LDAP_COMPARE_TRUE;
+ }
+
+return_results:;
+
+ ldap_pvt_thread_rdwr_runlock( &si->si_csn_rwlock );
+
+ send_ldap_result( op, rs );
+
+ if( rs->sr_err == LDAP_COMPARE_FALSE || rs->sr_err == LDAP_COMPARE_TRUE ) {
+ rs->sr_err = LDAP_SUCCESS;
+ }
+ rc = rs->sr_err;
+ }
+
+ return rc;
+}
+
+static int
+syncprov_op_mod( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ syncprov_info_t *si = on->on_bi.bi_private;
+
+ slap_callback *cb = op->o_tmpcalloc(1, sizeof(slap_callback)+
+ sizeof(opcookie) +
+ (si->si_ops ? sizeof(modinst) : 0 ),
+ op->o_tmpmemctx);
+ opcookie *opc = (opcookie *)(cb+1);
+ opc->son = on;
+ cb->sc_response = syncprov_op_response;
+ cb->sc_cleanup = syncprov_op_cleanup;
+ cb->sc_private = opc;
+ cb->sc_next = op->o_callback;
+ op->o_callback = cb;
+
+ /* If there are active persistent searches, lock this operation.
+ * See seqmod.c for the locking logic on its own.
+ */
+ if ( si->si_ops ) {
+ modtarget *mt, mtdummy;
+ modinst *mi;
+
+ mi = (modinst *)(opc+1);
+ mi->mi_op = op;
+
+ /* See if we're already modifying this entry... */
+ mtdummy.mt_op = op;
+ ldap_pvt_thread_mutex_lock( &si->si_mods_mutex );
+ mt = avl_find( si->si_mods, &mtdummy, sp_avl_cmp );
+ if ( mt ) {
+ ldap_pvt_thread_mutex_lock( &mt->mt_mutex );
+ ldap_pvt_thread_mutex_unlock( &si->si_mods_mutex );
+ mt->mt_tail->mi_next = mi;
+ mt->mt_tail = mi;
+ /* wait for this op to get to head of list */
+ while ( mt->mt_mods != mi ) {
+ ldap_pvt_thread_mutex_unlock( &mt->mt_mutex );
+ ldap_pvt_thread_yield();
+ ldap_pvt_thread_mutex_lock( &mt->mt_mutex );
+
+ /* clean up if the caller is giving up */
+ if ( op->o_abandon ) {
+ modinst *m2;
+ for ( m2 = mt->mt_mods; m2->mi_next != mi;
+ m2 = m2->mi_next );
+ m2->mi_next = mi->mi_next;
+ if ( mt->mt_tail == mi ) mt->mt_tail = m2;
+ op->o_tmpfree( cb, op->o_tmpmemctx );
+ ldap_pvt_thread_mutex_unlock( &mt->mt_mutex );
+ return SLAPD_ABANDON;
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &mt->mt_mutex );
+ } else {
+ /* Record that we're modifying this entry now */
+ mt = ch_malloc( sizeof(modtarget) );
+ mt->mt_mods = mi;
+ mt->mt_tail = mi;
+ mt->mt_op = mi->mi_op;
+ ldap_pvt_thread_mutex_init( &mt->mt_mutex );
+ avl_insert( &si->si_mods, mt, sp_avl_cmp, avl_dup_error );
+ ldap_pvt_thread_mutex_unlock( &si->si_mods_mutex );
+ }
+ }
+
+ if (( si->si_ops || si->si_logs ) && op->o_tag != LDAP_REQ_ADD )
+ syncprov_matchops( op, opc, 1 );
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+syncprov_op_extended( Operation *op, SlapReply *rs )
+{
+ if ( exop_is_write( op ))
+ return syncprov_op_mod( op, rs );
+
+ return SLAP_CB_CONTINUE;
+}
+
+typedef struct searchstate {
+ slap_overinst *ss_on;
+ syncops *ss_so;
+ int ss_present;
+ struct berval ss_ctxcsn;
+ char ss_csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
+} searchstate;
+
+static int
+syncprov_search_cleanup( Operation *op, SlapReply *rs )
+{
+ if ( rs->sr_ctrls ) {
+ op->o_tmpfree( rs->sr_ctrls[0], op->o_tmpmemctx );
+ op->o_tmpfree( rs->sr_ctrls, op->o_tmpmemctx );
+ rs->sr_ctrls = NULL;
+ }
+ return 0;
+}
+
+static void
+syncprov_detach_op( Operation *op, syncops *so, slap_overinst *on )
+{
+ Operation *op2;
+ int i, alen = 0;
+ size_t size;
+ char *ptr;
+ GroupAssertion *g1, *g2;
+
+ /* count the search attrs */
+ for (i=0; op->ors_attrs && !BER_BVISNULL( &op->ors_attrs[i].an_name ); i++) {
+ alen += op->ors_attrs[i].an_name.bv_len + 1;
+ }
+ /* Make a new copy of the operation */
+ size = sizeof(Operation) + sizeof(Opheader) +
+ (i ? ( (i+1) * sizeof(AttributeName) + alen) : 0) +
+ op->o_req_dn.bv_len + 1 +
+ op->o_req_ndn.bv_len + 1 +
+ op->o_ndn.bv_len + 1 +
+ so->s_filterstr.bv_len + 1;
+ op2 = (Operation *)ch_calloc( 1, size );
+ op2->o_hdr = (Opheader *)(op2+1);
+
+ /* Copy the fields we care about explicitly, leave the rest alone */
+ *op2->o_hdr = *op->o_hdr;
+ op2->o_tag = op->o_tag;
+ op2->o_time = op->o_time;
+ op2->o_bd = on->on_info->oi_origdb;
+ op2->o_request = op->o_request;
+ op2->o_private = on;
+
+ if ( i ) {
+ op2->ors_attrs = (AttributeName *)(op2->o_hdr + 1);
+ ptr = (char *)(op2->ors_attrs+i+1);
+ for (i=0; !BER_BVISNULL( &op->ors_attrs[i].an_name ); i++) {
+ op2->ors_attrs[i] = op->ors_attrs[i];
+ op2->ors_attrs[i].an_name.bv_val = ptr;
+ ptr = lutil_strcopy( ptr, op->ors_attrs[i].an_name.bv_val ) + 1;
+ }
+ BER_BVZERO( &op2->ors_attrs[i].an_name );
+ } else {
+ ptr = (char *)(op2->o_hdr + 1);
+ }
+ op2->o_authz = op->o_authz;
+ op2->o_ndn.bv_val = ptr;
+ ptr = lutil_strcopy(ptr, op->o_ndn.bv_val) + 1;
+ op2->o_dn = op2->o_ndn;
+ op2->o_req_dn.bv_len = op->o_req_dn.bv_len;
+ op2->o_req_dn.bv_val = ptr;
+ ptr = lutil_strcopy(ptr, op->o_req_dn.bv_val) + 1;
+ op2->o_req_ndn.bv_len = op->o_req_ndn.bv_len;
+ op2->o_req_ndn.bv_val = ptr;
+ ptr = lutil_strcopy(ptr, op->o_req_ndn.bv_val) + 1;
+ op2->ors_filterstr.bv_val = ptr;
+ strcpy( ptr, so->s_filterstr.bv_val );
+ op2->ors_filterstr.bv_len = so->s_filterstr.bv_len;
+
+ /* Skip the AND/GE clause that we stuck on in front */
+ if ( so->s_flags & PS_FIX_FILTER ) {
+ op2->ors_filter = op->ors_filter->f_and->f_next;
+ so->s_flags ^= PS_FIX_FILTER;
+ } else {
+ op2->ors_filter = op->ors_filter;
+ }
+ op2->ors_filter = filter_dup( op2->ors_filter, NULL );
+ so->s_op = op2;
+
+ /* Copy any cached group ACLs individually */
+ op2->o_groups = NULL;
+ for ( g1=op->o_groups; g1; g1=g1->ga_next ) {
+ g2 = ch_malloc( sizeof(GroupAssertion) + g1->ga_len );
+ *g2 = *g1;
+ strcpy( g2->ga_ndn, g1->ga_ndn );
+ g2->ga_next = op2->o_groups;
+ op2->o_groups = g2;
+ }
+ /* Don't allow any further group caching */
+ op2->o_do_not_cache = 1;
+
+ /* Add op2 to conn so abandon will find us */
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+ op->o_conn->c_n_ops_executing++;
+ op->o_conn->c_n_ops_completed--;
+ LDAP_STAILQ_INSERT_TAIL( &op->o_conn->c_ops, op2, o_next );
+ so->s_flags |= PS_IS_DETACHED;
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+
+ /* Prevent anyone else from trying to send a result for this op */
+ op->o_abandon = 1;
+}
+
+static int
+syncprov_search_response( Operation *op, SlapReply *rs )
+{
+ searchstate *ss = op->o_callback->sc_private;
+ slap_overinst *on = ss->ss_on;
+ sync_control *srs = op->o_controls[slap_cids.sc_LDAPsync];
+
+ if ( rs->sr_type == REP_SEARCH || rs->sr_type == REP_SEARCHREF ) {
+ Attribute *a;
+ /* If we got a referral without a referral object, there's
+ * something missing that we cannot replicate. Just ignore it.
+ * The consumer will abort because we didn't send the expected
+ * control.
+ */
+ if ( !rs->sr_entry ) {
+ assert( rs->sr_entry != NULL );
+ Debug( LDAP_DEBUG_ANY, "bogus referral in context\n",0,0,0 );
+ return SLAP_CB_CONTINUE;
+ }
+ a = attr_find( rs->sr_entry->e_attrs, slap_schema.si_ad_entryCSN );
+ if ( a == NULL && rs->sr_operational_attrs != NULL ) {
+ a = attr_find( rs->sr_operational_attrs, slap_schema.si_ad_entryCSN );
+ }
+ if ( a ) {
+ /* Make sure entry is less than the snapshot'd contextCSN */
+ if ( ber_bvcmp( &a->a_nvals[0], &ss->ss_ctxcsn ) > 0 ) {
+ Debug( LDAP_DEBUG_SYNC, "Entry %s CSN %s greater than snapshot %s\n",
+ rs->sr_entry->e_name.bv_val,
+ a->a_nvals[0].bv_val,
+ ss->ss_ctxcsn.bv_val );
+ return LDAP_SUCCESS;
+ }
+
+ /* Don't send the ctx entry twice */
+ if ( !BER_BVISNULL( &srs->sr_state.ctxcsn ) &&
+ bvmatch( &a->a_nvals[0], &srs->sr_state.ctxcsn ) ) {
+ Debug( LDAP_DEBUG_SYNC, "Entry %s CSN %s matches ctx %s\n",
+ rs->sr_entry->e_name.bv_val,
+ a->a_nvals[0].bv_val,
+ srs->sr_state.ctxcsn.bv_val );
+ return LDAP_SUCCESS;
+ }
+ }
+ rs->sr_ctrls = op->o_tmpalloc( sizeof(LDAPControl *)*2,
+ op->o_tmpmemctx );
+ rs->sr_ctrls[1] = NULL;
+ rs->sr_err = syncprov_state_ctrl( op, rs, rs->sr_entry,
+ LDAP_SYNC_ADD, rs->sr_ctrls, 0, 0, NULL );
+ } else if ( rs->sr_type == REP_RESULT && rs->sr_err == LDAP_SUCCESS ) {
+ struct berval cookie;
+
+ slap_compose_sync_cookie( op, &cookie, &ss->ss_ctxcsn,
+ srs->sr_state.rid );
+
+ /* Is this a regular refresh? */
+ if ( !ss->ss_so ) {
+ rs->sr_ctrls = op->o_tmpalloc( sizeof(LDAPControl *)*2,
+ op->o_tmpmemctx );
+ rs->sr_ctrls[1] = NULL;
+ rs->sr_err = syncprov_done_ctrl( op, rs, rs->sr_ctrls,
+ 0, 1, &cookie, ss->ss_present ? LDAP_SYNC_REFRESH_PRESENTS :
+ LDAP_SYNC_REFRESH_DELETES );
+ op->o_tmpfree( cookie.bv_val, op->o_tmpmemctx );
+ } else {
+ /* It's RefreshAndPersist, transition to Persist phase */
+ syncprov_sendinfo( op, rs, ss->ss_present ?
+ LDAP_TAG_SYNC_REFRESH_PRESENT : LDAP_TAG_SYNC_REFRESH_DELETE,
+ &cookie, 1, NULL, 0 );
+ op->o_tmpfree( cookie.bv_val, op->o_tmpmemctx );
+
+ /* Detach this Op from frontend control */
+ ldap_pvt_thread_mutex_lock( &ss->ss_so->s_mutex );
+
+ /* Turn off the refreshing flag */
+ ss->ss_so->s_flags ^= PS_IS_REFRESHING;
+
+ syncprov_detach_op( op, ss->ss_so, on );
+
+ /* If there are queued responses, fire them off */
+ if ( ss->ss_so->s_res )
+ syncprov_qstart( ss->ss_so );
+ ldap_pvt_thread_mutex_unlock( &ss->ss_so->s_mutex );
+
+ return LDAP_SUCCESS;
+ }
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+syncprov_op_search( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ syncprov_info_t *si = (syncprov_info_t *)on->on_bi.bi_private;
+ slap_callback *cb;
+ int gotstate = 0, nochange = 0, do_present;
+ syncops *sop = NULL;
+ searchstate *ss;
+ sync_control *srs;
+ struct berval ctxcsn;
+ char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
+
+ if ( !(op->o_sync_mode & SLAP_SYNC_REFRESH) ) return SLAP_CB_CONTINUE;
+
+ if ( op->ors_deref & LDAP_DEREF_SEARCHING ) {
+ send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "illegal value for derefAliases" );
+ return rs->sr_err;
+ }
+
+ do_present = si->si_nopres ? 0 : 1;
+
+ srs = op->o_controls[slap_cids.sc_LDAPsync];
+ op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
+
+ /* If this is a persistent search, set it up right away */
+ if ( op->o_sync_mode & SLAP_SYNC_PERSIST ) {
+ syncops so = {0};
+ fbase_cookie fc;
+ opcookie opc;
+ slap_callback sc;
+
+ fc.fss = &so;
+ fc.fbase = 0;
+ so.s_eid = NOID;
+ so.s_op = op;
+ so.s_flags = PS_IS_REFRESHING | PS_FIND_BASE;
+ /* syncprov_findbase expects to be called as a callback... */
+ sc.sc_private = &opc;
+ opc.son = on;
+ ldap_pvt_thread_mutex_init( &so.s_mutex );
+ cb = op->o_callback;
+ op->o_callback = ≻
+ rs->sr_err = syncprov_findbase( op, &fc );
+ op->o_callback = cb;
+ ldap_pvt_thread_mutex_destroy( &so.s_mutex );
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ }
+ sop = ch_malloc( sizeof( syncops ));
+ *sop = so;
+ ldap_pvt_thread_mutex_init( &sop->s_mutex );
+ sop->s_rid = srs->sr_state.rid;
+ sop->s_inuse = 1;
+
+ ldap_pvt_thread_mutex_lock( &si->si_ops_mutex );
+ sop->s_next = si->si_ops;
+ si->si_ops = sop;
+ ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex );
+ }
+
+ /* snapshot the ctxcsn */
+ ldap_pvt_thread_rdwr_rlock( &si->si_csn_rwlock );
+ strcpy( csnbuf, si->si_ctxcsnbuf );
+ ctxcsn.bv_len = si->si_ctxcsn.bv_len;
+ ldap_pvt_thread_rdwr_runlock( &si->si_csn_rwlock );
+ ctxcsn.bv_val = csnbuf;
+
+ /* If we have a cookie, handle the PRESENT lookups */
+ if ( !BER_BVISNULL( &srs->sr_state.ctxcsn )) {
+ sessionlog *sl;
+
+ /* The cookie was validated when it was parsed, just use it */
+
+ /* If just Refreshing and nothing has changed, shortcut it */
+ if ( bvmatch( &srs->sr_state.ctxcsn, &ctxcsn )) {
+ nochange = 1;
+ if ( !(op->o_sync_mode & SLAP_SYNC_PERSIST) ) {
+ LDAPControl *ctrls[2];
+
+ ctrls[0] = NULL;
+ ctrls[1] = NULL;
+ syncprov_done_ctrl( op, rs, ctrls, 0, 0,
+ NULL, LDAP_SYNC_REFRESH_DELETES );
+ rs->sr_ctrls = ctrls;
+ rs->sr_err = LDAP_SUCCESS;
+ send_ldap_result( op, rs );
+ rs->sr_ctrls = NULL;
+ return rs->sr_err;
+ }
+ goto shortcut;
+ }
+ /* Do we have a sessionlog for this search? */
+ sl=si->si_logs;
+ if ( sl ) {
+ ldap_pvt_thread_mutex_lock( &sl->sl_mutex );
+ /* Are there any log entries, and is the consumer state
+ * present in the session log?
+ */
+ if ( sl->sl_num > 0 && ber_bvcmp( &srs->sr_state.ctxcsn, &sl->sl_mincsn ) >= 0 ) {
+ do_present = 0;
+ /* mutex is unlocked in playlog */
+ syncprov_playlog( op, rs, sl, srs, &ctxcsn );
+ } else {
+ ldap_pvt_thread_mutex_unlock( &sl->sl_mutex );
+ }
+ }
+ /* Is the CSN still present in the database? */
+ if ( syncprov_findcsn( op, FIND_CSN ) != LDAP_SUCCESS ) {
+ /* No, so a reload is required */
+ /* the 2.2 consumer doesn't send this hint */
+ if ( si->si_usehint && srs->sr_rhint == 0 ) {
+ send_ldap_error( op, rs, LDAP_SYNC_REFRESH_REQUIRED, "sync cookie is stale" );
+ return rs->sr_err;
+ }
+ } else {
+ gotstate = 1;
+ /* If changed and doing Present lookup, send Present UUIDs */
+ if ( do_present && syncprov_findcsn( op, FIND_PRESENT ) !=
+ LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ }
+ }
+ }
+
+shortcut:
+ /* Append CSN range to search filter, save original filter
+ * for persistent search evaluation
+ */
+ if ( sop ) {
+ sop->s_filterstr= op->ors_filterstr;
+ }
+
+ /* If something changed, find the changes */
+ if ( gotstate && !nochange ) {
+ Filter *fand, *fava;
+
+ fand = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx );
+ fand->f_choice = LDAP_FILTER_AND;
+ fand->f_next = NULL;
+ fava = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx );
+ fand->f_and = fava;
+ fava->f_choice = LDAP_FILTER_GE;
+ fava->f_ava = op->o_tmpalloc( sizeof(AttributeAssertion), op->o_tmpmemctx );
+ fava->f_ava->aa_desc = slap_schema.si_ad_entryCSN;
+#ifdef LDAP_COMP_MATCH
+ fava->f_ava->aa_cf = NULL;
+#endif
+ ber_dupbv_x( &fava->f_ava->aa_value, &srs->sr_state.ctxcsn, op->o_tmpmemctx );
+ fava->f_next = op->ors_filter;
+ op->ors_filter = fand;
+ filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
+ if ( sop )
+ sop->s_flags |= PS_FIX_FILTER;
+ }
+
+ /* Let our callback add needed info to returned entries */
+ cb = op->o_tmpcalloc(1, sizeof(slap_callback)+sizeof(searchstate), op->o_tmpmemctx);
+ ss = (searchstate *)(cb+1);
+ ss->ss_on = on;
+ ss->ss_so = sop;
+ ss->ss_present = do_present;
+ ss->ss_ctxcsn.bv_len = ctxcsn.bv_len;
+ ss->ss_ctxcsn.bv_val = ss->ss_csnbuf;
+ strcpy( ss->ss_ctxcsn.bv_val, ctxcsn.bv_val );
+ cb->sc_response = syncprov_search_response;
+ cb->sc_cleanup = syncprov_search_cleanup;
+ cb->sc_private = ss;
+ cb->sc_next = op->o_callback;
+ op->o_callback = cb;
+
+#if 0 /* I don't think we need to shortcircuit back-bdb any more */
+ op->o_sync_mode &= SLAP_CONTROL_MASK;
+#endif
+
+ /* If this is a persistent search and no changes were reported during
+ * the refresh phase, just invoke the response callback to transition
+ * us into persist phase
+ */
+ if ( nochange ) {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_nentries = 0;
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+syncprov_operational(
+ Operation *op,
+ SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ syncprov_info_t *si = (syncprov_info_t *)on->on_bi.bi_private;
+
+ if ( rs->sr_entry &&
+ dn_match( &rs->sr_entry->e_nname, op->o_bd->be_nsuffix )) {
+
+ if ( SLAP_OPATTRS( rs->sr_attr_flags ) ||
+ ad_inlist( slap_schema.si_ad_contextCSN, rs->sr_attrs )) {
+ Attribute *a, **ap = NULL;
+
+ for ( a=rs->sr_entry->e_attrs; a; a=a->a_next ) {
+ if ( a->a_desc == slap_schema.si_ad_contextCSN )
+ break;
+ }
+
+ if ( !a ) {
+ for ( ap = &rs->sr_operational_attrs; *ap; ap=&(*ap)->a_next );
+
+ a = ch_malloc( sizeof(Attribute));
+ a->a_desc = slap_schema.si_ad_contextCSN;
+ a->a_vals = ch_malloc( 2 * sizeof(struct berval));
+ a->a_vals[1].bv_val = NULL;
+ a->a_nvals = a->a_vals;
+ a->a_next = NULL;
+ a->a_flags = 0;
+ *ap = a;
+ }
+
+ ldap_pvt_thread_rdwr_rlock( &si->si_csn_rwlock );
+ if ( !ap ) {
+ strcpy( a->a_vals[0].bv_val, si->si_ctxcsnbuf );
+ } else {
+ ber_dupbv( &a->a_vals[0], &si->si_ctxcsn );
+ }
+ ldap_pvt_thread_rdwr_runlock( &si->si_csn_rwlock );
+ }
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+enum {
+ SP_CHKPT = 1,
+ SP_SESSL,
+ SP_NOPRES,
+ SP_USEHINT
+};
+
+static ConfigDriver sp_cf_gen;
+
+static ConfigTable spcfg[] = {
+ { "syncprov-checkpoint", "ops> <minutes", 3, 3, 0, ARG_MAGIC|SP_CHKPT,
+ sp_cf_gen, "( OLcfgOvAt:1.1 NAME 'olcSpCheckpoint' "
+ "DESC 'ContextCSN checkpoint interval in ops and minutes' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "syncprov-sessionlog", "ops", 2, 2, 0, ARG_INT|ARG_MAGIC|SP_SESSL,
+ sp_cf_gen, "( OLcfgOvAt:1.2 NAME 'olcSpSessionlog' "
+ "DESC 'Session log size in ops' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "syncprov-nopresent", NULL, 2, 2, 0, ARG_ON_OFF|ARG_MAGIC|SP_NOPRES,
+ sp_cf_gen, "( OLcfgOvAt:1.3 NAME 'olcSpNoPresent' "
+ "DESC 'Omit Present phase processing' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { "syncprov-reloadhint", NULL, 2, 2, 0, ARG_ON_OFF|ARG_MAGIC|SP_USEHINT,
+ sp_cf_gen, "( OLcfgOvAt:1.4 NAME 'olcSpReloadHint' "
+ "DESC 'Observe Reload Hint in Request control' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs spocs[] = {
+ { "( OLcfgOvOc:1.1 "
+ "NAME 'olcSyncProvConfig' "
+ "DESC 'SyncRepl Provider configuration' "
+ "SUP olcOverlayConfig "
+ "MAY ( olcSpCheckpoint $ olcSpSessionlog $ olcSpNoPresent ) )",
+ Cft_Overlay, spcfg },
+ { NULL, 0, NULL }
+};
+
+static int
+sp_cf_gen(ConfigArgs *c)
+{
+ slap_overinst *on = (slap_overinst *)c->bi;
+ syncprov_info_t *si = (syncprov_info_t *)on->on_bi.bi_private;
+ int rc = 0;
+
+ if ( c->op == SLAP_CONFIG_EMIT ) {
+ switch ( c->type ) {
+ case SP_CHKPT:
+ if ( si->si_chkops || si->si_chktime ) {
+ struct berval bv;
+ bv.bv_len = sprintf( c->msg, "%d %d",
+ si->si_chkops, si->si_chktime );
+ bv.bv_val = c->msg;
+ value_add_one( &c->rvalue_vals, &bv );
+ } else {
+ rc = 1;
+ }
+ break;
+ case SP_SESSL:
+ if ( si->si_logs ) {
+ c->value_int = si->si_logs->sl_size;
+ } else {
+ rc = 1;
+ }
+ break;
+ case SP_NOPRES:
+ if ( si->si_nopres ) {
+ c->value_int = 1;
+ } else {
+ rc = 1;
+ }
+ break;
+ case SP_USEHINT:
+ if ( si->si_usehint ) {
+ c->value_int = 1;
+ } else {
+ rc = 1;
+ }
+ break;
+ }
+ return rc;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ switch ( c->type ) {
+ case SP_CHKPT:
+ si->si_chkops = 0;
+ si->si_chktime = 0;
+ break;
+ case SP_SESSL:
+ if ( si->si_logs )
+ si->si_logs->sl_size = 0;
+ else
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ break;
+ case SP_NOPRES:
+ if ( si->si_nopres )
+ si->si_nopres = 0;
+ else
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ break;
+ case SP_USEHINT:
+ if ( si->si_usehint )
+ si->si_usehint = 0;
+ else
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ break;
+ }
+ return rc;
+ }
+ switch ( c->type ) {
+ case SP_CHKPT:
+ if ( lutil_atoi( &si->si_chkops, c->argv[1] ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "%s unable to parse checkpoint ops # \"%s\"",
+ c->argv[0], c->argv[1] );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
+ return ARG_BAD_CONF;
+ }
+ if ( si->si_chkops <= 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "%s invalid checkpoint ops # \"%d\"",
+ c->argv[0], si->si_chkops );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
+ return ARG_BAD_CONF;
+ }
+ if ( lutil_atoi( &si->si_chktime, c->argv[2] ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "%s unable to parse checkpoint time \"%s\"",
+ c->argv[0], c->argv[1] );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
+ return ARG_BAD_CONF;
+ }
+ if ( si->si_chktime <= 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "%s invalid checkpoint time \"%d\"",
+ c->argv[0], si->si_chkops );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
+ return ARG_BAD_CONF;
+ }
+ si->si_chktime *= 60;
+ break;
+ case SP_SESSL: {
+ sessionlog *sl;
+ int size = c->value_int;
+
+ if ( size < 0 ) {
+ snprintf( c->msg, sizeof( c->msg ), "%s size %d is negative",
+ c->argv[0], size );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
+ return ARG_BAD_CONF;
+ }
+ sl = si->si_logs;
+ if ( !sl ) {
+ sl = ch_malloc( sizeof( sessionlog ) + LDAP_LUTIL_CSNSTR_BUFSIZE );
+ sl->sl_mincsn.bv_val = (char *)(sl+1);
+ sl->sl_mincsn.bv_len = 0;
+ sl->sl_num = 0;
+ sl->sl_head = sl->sl_tail = NULL;
+ ldap_pvt_thread_mutex_init( &sl->sl_mutex );
+ si->si_logs = sl;
+ }
+ sl->sl_size = size;
+ }
+ break;
+ case SP_NOPRES:
+ si->si_nopres = c->value_int;
+ break;
+ case SP_USEHINT:
+ si->si_usehint = c->value_int;
+ break;
+ }
+ return rc;
+}
+
+/* ITS#3456 we cannot run this search on the main thread, must use a
+ * child thread in order to insure we have a big enough stack.
+ */
+static void *
+syncprov_db_otask(
+ void *ptr
+)
+{
+ syncprov_findcsn( ptr, FIND_MAXCSN );
+ return NULL;
+}
+
+/* Read any existing contextCSN from the underlying db.
+ * Then search for any entries newer than that. If no value exists,
+ * just generate it. Cache whatever result.
+ */
+static int
+syncprov_db_open(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ syncprov_info_t *si = (syncprov_info_t *)on->on_bi.bi_private;
+
+ Connection conn = { 0 };
+ OperationBuffer opbuf = { 0 };
+ char ctxcsnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
+ Operation *op = (Operation *) &opbuf;
+ Entry *e;
+ Attribute *a;
+ int rc;
+ void *thrctx = NULL;
+
+ if ( !SLAP_LASTMOD( be )) {
+ Debug( LDAP_DEBUG_ANY,
+ "syncprov_db_open: invalid config, lastmod must be enabled\n", 0, 0, 0 );
+ return -1;
+ }
+
+ if ( slapMode & SLAP_TOOL_MODE ) {
+ return 0;
+ }
+
+ rc = overlay_register_control( be, LDAP_CONTROL_SYNC );
+ if ( rc ) {
+ return rc;
+ }
+
+ thrctx = ldap_pvt_thread_pool_context();
+ connection_fake_init( &conn, op, thrctx );
+ op->o_bd = be;
+ op->o_dn = be->be_rootdn;
+ op->o_ndn = be->be_rootndn;
+
+ ctxcsnbuf[0] = '\0';
+
+ op->o_bd->bd_info = on->on_info->oi_orig;
+ rc = be_entry_get_rw( op, be->be_nsuffix, NULL,
+ slap_schema.si_ad_contextCSN, 0, &e );
+
+ if ( e ) {
+ ldap_pvt_thread_t tid;
+
+ a = attr_find( e->e_attrs, slap_schema.si_ad_contextCSN );
+ if ( a ) {
+ si->si_ctxcsn.bv_len = a->a_nvals[0].bv_len;
+ if ( si->si_ctxcsn.bv_len >= sizeof(si->si_ctxcsnbuf ))
+ si->si_ctxcsn.bv_len = sizeof(si->si_ctxcsnbuf)-1;
+ strncpy( si->si_ctxcsnbuf, a->a_nvals[0].bv_val,
+ si->si_ctxcsn.bv_len );
+ si->si_ctxcsnbuf[si->si_ctxcsn.bv_len] = '\0';
+ strcpy( ctxcsnbuf, si->si_ctxcsnbuf );
+ }
+ be_entry_release_rw( op, e, 0 );
+ if ( !BER_BVISEMPTY( &si->si_ctxcsn ) ) {
+ op->o_bd->bd_info = (BackendInfo *)on;
+ op->o_req_dn = be->be_suffix[0];
+ op->o_req_ndn = be->be_nsuffix[0];
+ op->ors_scope = LDAP_SCOPE_SUBTREE;
+ ldap_pvt_thread_create( &tid, 0, syncprov_db_otask, op );
+ ldap_pvt_thread_join( tid, NULL );
+ }
+ }
+
+ if ( BER_BVISEMPTY( &si->si_ctxcsn ) ) {
+ if ( SLAP_SYNC_SHADOW( op->o_bd )) {
+ /* If we're also a consumer, and we didn't get a contextCSN,
+ * then don't generate anything, wait for our provider to send it
+ * to us.
+ */
+ goto out;
+ }
+ si->si_ctxcsn.bv_len = sizeof( si->si_ctxcsnbuf );
+ slap_get_csn( op, &si->si_ctxcsn, 0 );
+ }
+
+ /* If our ctxcsn is different from what was read from the root
+ * entry, make sure we do a checkpoint on close
+ */
+ if ( strcmp( si->si_ctxcsnbuf, ctxcsnbuf )) {
+ si->si_numops++;
+ }
+
+out:
+ op->o_bd->bd_info = (BackendInfo *)on;
+ return 0;
+}
+
+/* Write the current contextCSN into the underlying db.
+ */
+static int
+syncprov_db_close(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ syncprov_info_t *si = (syncprov_info_t *)on->on_bi.bi_private;
+
+ if ( slapMode & SLAP_TOOL_MODE ) {
+ return 0;
+ }
+ if ( si->si_numops ) {
+ Connection conn;
+ OperationBuffer opbuf;
+ Operation *op = (Operation *) &opbuf;
+ SlapReply rs = {REP_RESULT};
+ void *thrctx;
+
+ thrctx = ldap_pvt_thread_pool_context();
+ connection_fake_init( &conn, op, thrctx );
+ op->o_bd = be;
+ op->o_dn = be->be_rootdn;
+ op->o_ndn = be->be_rootndn;
+ syncprov_checkpoint( op, &rs, on );
+ }
+
+ return 0;
+}
+
+static int
+syncprov_db_init(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ syncprov_info_t *si;
+
+ if ( SLAP_ISGLOBALOVERLAY( be ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "syncprov must be instantiated within a database.\n",
+ 0, 0, 0 );
+ return 1;
+ }
+
+ si = ch_calloc(1, sizeof(syncprov_info_t));
+ on->on_bi.bi_private = si;
+ ldap_pvt_thread_rdwr_init( &si->si_csn_rwlock );
+ ldap_pvt_thread_mutex_init( &si->si_ops_mutex );
+ ldap_pvt_thread_mutex_init( &si->si_mods_mutex );
+ si->si_ctxcsn.bv_val = si->si_ctxcsnbuf;
+
+ csn_anlist[0].an_desc = slap_schema.si_ad_entryCSN;
+ csn_anlist[0].an_name = slap_schema.si_ad_entryCSN->ad_cname;
+ csn_anlist[1].an_desc = slap_schema.si_ad_entryUUID;
+ csn_anlist[1].an_name = slap_schema.si_ad_entryUUID->ad_cname;
+
+ uuid_anlist[0].an_desc = slap_schema.si_ad_entryUUID;
+ uuid_anlist[0].an_name = slap_schema.si_ad_entryUUID->ad_cname;
+
+ return 0;
+}
+
+static int
+syncprov_db_destroy(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ syncprov_info_t *si = (syncprov_info_t *)on->on_bi.bi_private;
+
+ if ( si ) {
+ if ( si->si_logs ) {
+ slog_entry *se = si->si_logs->sl_head;
+
+ while ( se ) {
+ slog_entry *se_next = se->se_next;
+ ch_free( se );
+ se = se_next;
+ }
+
+ ch_free( si->si_logs );
+ }
+ ldap_pvt_thread_mutex_destroy( &si->si_mods_mutex );
+ ldap_pvt_thread_mutex_destroy( &si->si_ops_mutex );
+ ldap_pvt_thread_rdwr_destroy( &si->si_csn_rwlock );
+ ch_free( si );
+ }
+
+ return 0;
+}
+
+static int syncprov_parseCtrl (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ ber_tag_t tag;
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ ber_int_t mode;
+ ber_len_t len;
+ struct berval cookie = BER_BVNULL;
+ sync_control *sr;
+ int rhint = 0;
+
+ if ( op->o_sync != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "Sync control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( op->o_pagedresults != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "Sync control specified with pagedResults control";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
+ rs->sr_text = "Sync control value is empty (or absent)";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ /* Parse the control value
+ * syncRequestValue ::= SEQUENCE {
+ * mode ENUMERATED {
+ * -- 0 unused
+ * refreshOnly (1),
+ * -- 2 reserved
+ * refreshAndPersist (3)
+ * },
+ * cookie syncCookie OPTIONAL
+ * }
+ */
+
+ ber_init2( ber, &ctrl->ldctl_value, 0 );
+
+ if ( (tag = ber_scanf( ber, "{i" /*}*/, &mode )) == LBER_ERROR ) {
+ rs->sr_text = "Sync control : mode decoding error";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ switch( mode ) {
+ case LDAP_SYNC_REFRESH_ONLY:
+ mode = SLAP_SYNC_REFRESH;
+ break;
+ case LDAP_SYNC_REFRESH_AND_PERSIST:
+ mode = SLAP_SYNC_REFRESH_AND_PERSIST;
+ break;
+ default:
+ rs->sr_text = "Sync control : unknown update mode";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ tag = ber_peek_tag( ber, &len );
+
+ if ( tag == LDAP_TAG_SYNC_COOKIE ) {
+ if (( ber_scanf( ber, /*{*/ "m", &cookie )) == LBER_ERROR ) {
+ rs->sr_text = "Sync control : cookie decoding error";
+ return LDAP_PROTOCOL_ERROR;
+ }
+ tag = ber_peek_tag( ber, &len );
+ }
+ if ( tag == LDAP_TAG_RELOAD_HINT ) {
+ if (( ber_scanf( ber, /*{*/ "b", &rhint )) == LBER_ERROR ) {
+ rs->sr_text = "Sync control : rhint decoding error";
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+ if (( ber_scanf( ber, /*{*/ "}")) == LBER_ERROR ) {
+ rs->sr_text = "Sync control : decoding error";
+ return LDAP_PROTOCOL_ERROR;
+ }
+ sr = op->o_tmpcalloc( 1, sizeof(struct sync_control), op->o_tmpmemctx );
+ sr->sr_rhint = rhint;
+ if (!BER_BVISNULL(&cookie)) {
+ ber_dupbv_x( &sr->sr_state.octet_str, &cookie, op->o_tmpmemctx );
+ slap_parse_sync_cookie( &sr->sr_state, op->o_tmpmemctx );
+ if ( sr->sr_state.rid == -1 ) {
+ rs->sr_text = "Sync control : cookie parsing error";
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+
+ op->o_controls[slap_cids.sc_LDAPsync] = sr;
+
+ op->o_sync = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ op->o_sync_mode |= mode; /* o_sync_mode shares o_sync */
+
+ return LDAP_SUCCESS;
+}
+
+/* This overlay is set up for dynamic loading via moduleload. For static
+ * configuration, you'll need to arrange for the slap_overinst to be
+ * initialized and registered by some other function inside slapd.
+ */
+
+static slap_overinst syncprov;
+
+int
+syncprov_initialize()
+{
+ int rc;
+
+ rc = register_supported_control( LDAP_CONTROL_SYNC,
+ SLAP_CTRL_SEARCH, NULL,
+ syncprov_parseCtrl, &slap_cids.sc_LDAPsync );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "syncprov_init: Failed to register control %d\n", rc, 0, 0 );
+ return rc;
+ }
+
+ syncprov.on_bi.bi_type = "syncprov";
+ syncprov.on_bi.bi_db_init = syncprov_db_init;
+ syncprov.on_bi.bi_db_destroy = syncprov_db_destroy;
+ syncprov.on_bi.bi_db_open = syncprov_db_open;
+ syncprov.on_bi.bi_db_close = syncprov_db_close;
+
+ syncprov.on_bi.bi_op_abandon = syncprov_op_abandon;
+ syncprov.on_bi.bi_op_cancel = syncprov_op_abandon;
+
+ syncprov.on_bi.bi_op_add = syncprov_op_mod;
+ syncprov.on_bi.bi_op_compare = syncprov_op_compare;
+ syncprov.on_bi.bi_op_delete = syncprov_op_mod;
+ syncprov.on_bi.bi_op_modify = syncprov_op_mod;
+ syncprov.on_bi.bi_op_modrdn = syncprov_op_mod;
+ syncprov.on_bi.bi_op_search = syncprov_op_search;
+ syncprov.on_bi.bi_extended = syncprov_op_extended;
+ syncprov.on_bi.bi_operational = syncprov_operational;
+
+ syncprov.on_bi.bi_cf_ocs = spocs;
+
+ generic_filter.f_desc = slap_schema.si_ad_objectClass;
+
+ rc = config_register_schema( spcfg, spocs );
+ if ( rc ) return rc;
+
+ return overlay_register( &syncprov );
+}
+
+#if SLAPD_OVER_SYNCPROV == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+ return syncprov_initialize();
+}
+#endif /* SLAPD_OVER_SYNCPROV == SLAPD_MOD_DYNAMIC */
+
+#endif /* defined(SLAPD_OVER_SYNCPROV) */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/translucent.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/translucent.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/translucent.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,827 @@
+/* translucent.c - translucent proxy module */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/translucent.c,v 1.1.2.13 2007/01/02 21:44:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2005 Symas Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Symas Corp. for inclusion in
+ * OpenLDAP Software. This work was sponsored by Hewlett-Packard.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_TRANSLUCENT
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "lutil.h"
+
+/* config block */
+
+typedef struct translucent_configuration {
+ int debug;
+ int strict;
+ int no_add;
+ int glue;
+} translucent_configuration;
+
+/* stack of captive backends */
+
+typedef struct overlay_stack {
+ BackendInfo *info; /* captive backend */
+ void *private; /* local backend_private */
+ translucent_configuration *config; /* our_private: configuration */
+} overlay_stack;
+
+/* for translucent_init() */
+
+static slap_overinst translucent;
+
+/*
+** glue_parent()
+** call syncrepl_add_glue() with the parent suffix;
+**
+*/
+
+static struct berval glue[] = { BER_BVC("top"), BER_BVC("glue"), BER_BVNULL };
+
+void glue_parent(Operation *op) {
+ Operation nop = *op;
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ struct berval ndn = BER_BVNULL;
+ Attribute *a;
+ Entry *e;
+ struct berval pdn;
+
+ dnParent( &op->o_req_ndn, &pdn );
+ ber_dupbv_x( &ndn, &pdn, op->o_tmpmemctx );
+
+ Debug(LDAP_DEBUG_TRACE, "=> glue_parent: fabricating glue for <%s>\n", ndn.bv_val, 0, 0);
+
+ e = ch_calloc(1, sizeof(Entry));
+ e->e_id = NOID;
+ ber_dupbv(&e->e_name, &ndn);
+ ber_dupbv(&e->e_nname, &ndn);
+
+ a = ch_calloc(1, sizeof(Attribute));
+ a->a_desc = slap_schema.si_ad_objectClass;
+ a->a_vals = ch_malloc(sizeof(struct berval) * 3);
+ ber_dupbv(&a->a_vals[0], &glue[0]);
+ ber_dupbv(&a->a_vals[1], &glue[1]);
+ ber_dupbv(&a->a_vals[2], &glue[2]);
+ a->a_nvals = a->a_vals;
+ a->a_next = e->e_attrs;
+ e->e_attrs = a;
+
+ a = ch_calloc(1, sizeof(Attribute));
+ a->a_desc = slap_schema.si_ad_structuralObjectClass;
+ a->a_vals = ch_malloc(sizeof(struct berval) * 2);
+ ber_dupbv(&a->a_vals[0], &glue[1]);
+ ber_dupbv(&a->a_vals[1], &glue[2]);
+ a->a_nvals = a->a_vals;
+ a->a_next = e->e_attrs;
+ e->e_attrs = a;
+
+ nop.o_req_dn = ndn;
+ nop.o_req_ndn = ndn;
+ nop.ora_e = e;
+ nop.o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig;
+
+ syncrepl_add_glue(&nop, e);
+
+ op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
+
+ return;
+}
+
+/*
+** dup_bervarray()
+** copy a BerVarray;
+*/
+
+BerVarray dup_bervarray(BerVarray b) {
+ int i, len;
+ BerVarray nb;
+ for(len = 0; b[len].bv_val; len++);
+ nb = ch_malloc((len+1) * sizeof(BerValue));
+ for(i = 0; i < len; i++) ber_dupbv(&nb[i], &b[i]);
+ nb[len].bv_val = NULL;
+ nb[len].bv_len = 0;
+ return(nb);
+}
+
+/*
+** free_attr_chain()
+** free only the Attribute*, not the contents;
+**
+*/
+void free_attr_chain(Attribute *a) {
+ Attribute *ax;
+ for(; a; a = ax) {
+ ax = a->a_next;
+ ch_free(a);
+ }
+ return;
+}
+
+/*
+** translucent_add()
+** if not bound as root, send ACCESS error;
+** if config.glue, glue_parent();
+** return CONTINUE;
+**
+*/
+
+static int translucent_add(Operation *op, SlapReply *rs) {
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ overlay_stack *ov = on->on_bi.bi_private;
+ Debug(LDAP_DEBUG_TRACE, "==> translucent_add: %s\n",
+ op->o_req_dn.bv_val, 0, 0);
+ if(!be_isroot(op)) {
+ op->o_bd->bd_info = (BackendInfo *) on->on_info;
+ send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
+ "user modification of overlay database not permitted");
+ return(rs->sr_err);
+ }
+ if(!ov->config->glue) glue_parent(op);
+ return(SLAP_CB_CONTINUE);
+}
+
+/*
+** translucent_modrdn()
+** if not bound as root, send ACCESS error;
+** if !config.glue, glue_parent();
+** else return CONTINUE;
+**
+*/
+
+static int translucent_modrdn(Operation *op, SlapReply *rs) {
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ overlay_stack *ov = on->on_bi.bi_private;
+ Debug(LDAP_DEBUG_TRACE, "==> translucent_modrdn: %s -> %s\n",
+ op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0);
+ if(!be_isroot(op)) {
+ op->o_bd->bd_info = (BackendInfo *) on->on_info;
+ send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
+ "user modification of overlay database not permitted");
+ return(rs->sr_err);
+ }
+ if(!ov->config->glue) glue_parent(op);
+ return(SLAP_CB_CONTINUE);
+}
+
+/*
+** translucent_delete()
+** if not bound as root, send ACCESS error;
+** else return CONTINUE;
+**
+*/
+
+static int translucent_delete(Operation *op, SlapReply *rs) {
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ Debug(LDAP_DEBUG_TRACE, "==> translucent_delete: %s\n",
+ op->o_req_dn.bv_val, 0, 0);
+ if(!be_isroot(op)) {
+ op->o_bd->bd_info = (BackendInfo *) on->on_info;
+ send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
+ "user modification of overlay database not permitted");
+ return(rs->sr_err);
+ }
+ return(SLAP_CB_CONTINUE);
+}
+
+static int
+translucent_tag_cb( Operation *op, SlapReply *rs )
+{
+ op->o_tag = LDAP_REQ_MODIFY;
+ op->orm_modlist = op->o_callback->sc_private;
+ rs->sr_tag = slap_req2res( op->o_tag );
+
+ return SLAP_CB_CONTINUE;
+}
+
+/*
+** translucent_modify()
+** modify in local backend if exists in both;
+** otherwise, add to local backend;
+** fail if not defined in captive backend;
+**
+*/
+
+static int translucent_modify(Operation *op, SlapReply *rs) {
+ SlapReply nrs = { REP_RESULT };
+ Operation nop = *op;
+
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ overlay_stack *ov = on->on_bi.bi_private;
+ void *private = op->o_bd->be_private;
+ Entry ne, *e = NULL, *re = NULL;
+ Attribute *a, *ax;
+ Modifications *m, **mm;
+ int del, rc, erc = 0;
+ slap_callback cb = { 0 };
+
+ Debug(LDAP_DEBUG_TRACE, "==> translucent_modify: %s\n",
+ op->o_req_dn.bv_val, 0, 0);
+
+/*
+** fetch entry from the captive backend;
+** if it did not exist, fail;
+** release it, if captive backend supports this;
+**
+*/
+
+ op->o_bd->bd_info = (BackendInfo *) on->on_info;
+ op->o_bd->be_private = ov->private;
+ rc = ov->info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re);
+ op->o_bd->be_private = private;
+
+ /* if(ov->config->no_add && (!re || rc != LDAP_SUCCESS)) */
+ if(rc != LDAP_SUCCESS || re == NULL ) {
+ send_ldap_error(op, rs, LDAP_NO_SUCH_OBJECT,
+ "attempt to modify nonexistent local record");
+ return(rs->sr_err);
+ }
+
+/*
+** fetch entry from local backend;
+** if it exists:
+** foreach Modification:
+** if attr not present in local:
+** if Mod == LDAP_MOD_DELETE:
+** if remote attr not present, return NO_SUCH;
+** if remote attr present, drop this Mod;
+** else force this Mod to LDAP_MOD_ADD;
+** return CONTINUE;
+**
+*/
+
+ rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e);
+
+ if(e && rc == LDAP_SUCCESS) {
+ Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: found local entry\n", 0, 0, 0);
+ for(mm = &op->orm_modlist; *mm; ) {
+ m = *mm;
+ for(a = e->e_attrs; a; a = a->a_next)
+ if(a->a_desc == m->sml_desc) break;
+ if(a) {
+ mm = &m->sml_next;
+ continue; /* found local attr */
+ }
+ if(m->sml_op == LDAP_MOD_DELETE) {
+ for(a = re->e_attrs; a; a = a->a_next)
+ if(a->a_desc == m->sml_desc) break;
+ /* not found remote attr */
+ if(!a) {
+ erc = LDAP_NO_SUCH_ATTRIBUTE;
+ goto release;
+ }
+ if(ov->config->strict) {
+ erc = LDAP_CONSTRAINT_VIOLATION;
+ goto release;
+ }
+ Debug(LDAP_DEBUG_TRACE,
+ "=> translucent_modify: silently dropping delete: %s\n",
+ m->sml_desc->ad_cname.bv_val, 0, 0);
+ *mm = m->sml_next;
+ m->sml_next = NULL;
+ slap_mods_free(m, 1);
+ continue;
+ }
+ m->sml_op = LDAP_MOD_ADD;
+ mm = &m->sml_next;
+ }
+ erc = SLAP_CB_CONTINUE;
+release:
+ if(re) {
+ op->o_bd->be_private = ov->private;
+ if(ov->info->bi_entry_release_rw)
+ ov->info->bi_entry_release_rw(op, re, 0);
+ else
+ entry_free(re);
+ op->o_bd->be_private = private;
+ }
+ be_entry_release_r(op, e);
+ if(erc == SLAP_CB_CONTINUE) {
+ op->o_bd->bd_info = (BackendInfo *) on;
+ return(erc);
+ } else if(erc) {
+ send_ldap_error(op, rs, erc,
+ "attempt to delete nonexistent attribute");
+ return(erc);
+ }
+ }
+
+ /* don't leak remote entry copy */
+ if(re) {
+ op->o_bd->be_private = ov->private;
+ if(ov->info->bi_entry_release_rw)
+ ov->info->bi_entry_release_rw(op, re, 0);
+ else
+ entry_free(re);
+ op->o_bd->be_private = private;
+ }
+/*
+** foreach Modification:
+** if MOD_ADD or MOD_REPLACE, add Attribute;
+** if no Modifications were suitable:
+** if config.strict, throw CONSTRAINT_VIOLATION;
+** else, return early SUCCESS;
+** fabricate Entry with new Attribute chain;
+** glue_parent() for this Entry;
+** call bi_op_add() in local backend;
+**
+*/
+
+ Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: fabricating local add\n", 0, 0, 0);
+ a = NULL;
+ for(del = 0, ax = NULL, m = op->orm_modlist; m; m = m->sml_next) {
+ if(((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_ADD) &&
+ ((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_REPLACE)) {
+ Debug(LDAP_DEBUG_ANY,
+ "=> translucent_modify: silently dropped modification(%d): %s\n",
+ m->sml_op, m->sml_desc->ad_cname.bv_val, 0);
+ if((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE) del++;
+ continue;
+ }
+ a = ch_calloc(1, sizeof(Attribute));
+ a->a_desc = m->sml_desc;
+ a->a_vals = m->sml_values;
+ a->a_nvals = m->sml_nvalues ? m->sml_nvalues : a->a_vals;
+ a->a_next = ax;
+ ax = a;
+ }
+
+ if(del && ov->config->strict) {
+ free_attr_chain(a);
+ send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
+ "attempt to delete attributes from local database");
+ return(rs->sr_err);
+ }
+
+ if(!ax) {
+ if(ov->config->strict) {
+ send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
+ "modification contained other than ADD or REPLACE");
+ return(rs->sr_err);
+ }
+ op->o_bd->bd_info = (BackendInfo *) on;
+ /* rs->sr_text = "no valid modification found"; */
+ rs->sr_err = LDAP_SUCCESS;
+ send_ldap_result(op, rs);
+ return(rs->sr_err);
+ }
+
+ ne.e_id = NOID;
+ ne.e_name = op->o_req_dn;
+ ne.e_nname = op->o_req_ndn;
+ ne.e_attrs = a;
+ ne.e_ocflags = 0;
+ ne.e_bv.bv_len = 0;
+ ne.e_bv.bv_val = NULL;
+ ne.e_private = NULL;
+
+ nop.o_tag = LDAP_REQ_ADD;
+ nop.oq_add.rs_e = ≠
+
+ op->o_bd->bd_info = (BackendInfo *) on;
+ glue_parent(&nop);
+
+ cb.sc_response = translucent_tag_cb;
+ cb.sc_private = op->orm_modlist;
+ cb.sc_next = nop.o_callback;
+ nop.o_callback = &cb;
+ rc = on->on_info->oi_orig->bi_op_add(&nop, &nrs);
+ free_attr_chain(a);
+
+ return(rc);
+}
+
+static int translucent_compare(Operation *op, SlapReply *rs) {
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ overlay_stack *ov = on->on_bi.bi_private;
+ void *private = op->o_bd->be_private;
+
+ AttributeAssertion *ava = op->orc_ava;
+ Entry *e;
+ int rc;
+
+ Debug(LDAP_DEBUG_TRACE, "==> translucent_compare: <%s> %s:%s\n",
+ op->o_req_dn.bv_val, ava->aa_desc->ad_cname.bv_val, ava->aa_value.bv_val);
+
+/*
+** if the local backend has an entry for this attribute:
+** CONTINUE and let it do the compare;
+**
+*/
+
+ op->o_bd->bd_info = (BackendInfo *) on->on_info;
+ rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, ava->aa_desc, 0, &e);
+ if(e && rc == LDAP_SUCCESS) {
+ be_entry_release_r(op, e);
+ op->o_bd->bd_info = (BackendInfo *) on;
+ return(SLAP_CB_CONTINUE);
+ }
+
+/*
+** call compare() in the captive backend;
+** return the result;
+**
+*/
+
+ op->o_bd->be_private = ov->private;
+ rc = ov->info->bi_op_compare(op, rs);
+ op->o_bd->be_private = private;
+ op->o_bd->bd_info = (BackendInfo *) on;
+ return(rc);
+}
+
+/*
+** translucent_search_cb()
+** merge local data with the search result
+**
+*/
+
+static int translucent_search_cb(Operation *op, SlapReply *rs) {
+ slap_overinst *on;
+ Entry *e, *re = NULL;
+ Attribute *a, *ax, *an, *as = NULL;
+ void *private;
+ int rc;
+
+ if(!op || !rs || rs->sr_type != REP_SEARCH || !rs->sr_entry)
+ return(SLAP_CB_CONTINUE);
+
+ Debug(LDAP_DEBUG_TRACE, "==> tranclucent_search_cb: %s\n",
+ rs->sr_entry->e_name.bv_val, 0, 0);
+
+ on = (slap_overinst *) op->o_bd->bd_info;
+ op->o_bd->bd_info = (BackendInfo *) on->on_info;
+
+ private = op->o_bd->be_private;
+ op->o_bd->be_private = op->o_callback->sc_private;
+
+ rc = be_entry_get_rw(op, &rs->sr_entry->e_nname, NULL, NULL, 0, &e);
+
+/*
+** if we got an entry from local backend:
+** make a copy of this search result;
+** foreach local attr:
+** foreach search result attr:
+** if match, result attr with local attr;
+** if new local, add to list;
+** append new local attrs to search result;
+**
+*/
+
+ if(e && rc == LDAP_SUCCESS) {
+ re = entry_dup(rs->sr_entry);
+ for(ax = e->e_attrs; ax; ax = ax->a_next) {
+#if 0
+ if(is_at_operational(ax->a_desc->ad_type)) continue;
+#endif
+ for(a = re->e_attrs; a; a = a->a_next) {
+ if(a->a_desc == ax->a_desc) {
+ if(a->a_vals != a->a_nvals)
+ ber_bvarray_free(a->a_nvals);
+ ber_bvarray_free(a->a_vals);
+ a->a_vals = dup_bervarray(ax->a_vals);
+ a->a_nvals = (ax->a_vals == ax->a_nvals) ?
+ a->a_vals : dup_bervarray(ax->a_nvals);
+ break;
+ }
+ }
+ if(a) continue;
+ an = attr_dup(ax);
+ an->a_next = as;
+ as = an;
+ }
+ be_entry_release_r(op, e);
+
+ /* literally append, so locals are always last */
+ if(as) {
+ if(re->e_attrs) {
+ for(ax = re->e_attrs; ax->a_next; ax = ax->a_next);
+ ax->a_next = as;
+ } else {
+ re->e_attrs = as;
+ }
+ }
+ rs->sr_entry = re;
+ rs->sr_flags |= REP_ENTRY_MUSTBEFREED;
+ }
+
+ op->o_bd->be_private = private;
+ op->o_bd->bd_info = (BackendInfo *) on;
+
+ return(SLAP_CB_CONTINUE);
+}
+
+/*
+** translucent_search()
+** search via captive backend;
+** override results with any local data;
+**
+*/
+
+static int translucent_search(Operation *op, SlapReply *rs) {
+ Operation nop = *op;
+
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ slap_callback cb = { NULL, NULL, NULL, NULL };
+ overlay_stack *ov = on->on_bi.bi_private;
+ void *private = op->o_bd->be_private;
+ int rc;
+
+ Debug(LDAP_DEBUG_TRACE, "==> translucent_search: <%s> %s\n",
+ op->o_req_dn.bv_val, op->ors_filterstr.bv_val, 0);
+ cb.sc_response = (slap_response *) translucent_search_cb;
+ cb.sc_private = private;
+
+ cb.sc_next = nop.o_callback;
+ nop.o_callback = &cb;
+
+ op->o_bd->be_private = ov->private;
+ rc = ov->info->bi_op_search(&nop, rs);
+ op->o_bd->be_private = private;
+
+ return(rs->sr_err);
+}
+
+
+/*
+** translucent_bind()
+** pass bind request to captive backend;
+**
+*/
+
+static int translucent_bind(Operation *op, SlapReply *rs) {
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ overlay_stack *ov = on->on_bi.bi_private;
+ void *private = op->o_bd->be_private;
+ int rc = 0;
+
+ Debug(LDAP_DEBUG_TRACE, "translucent_bind: <%s> method %d\n",
+ op->o_req_dn.bv_val, op->orb_method, 0);
+
+ op->o_bd->be_private = ov->private;
+ rc = ov->info->bi_op_bind(op, rs);
+ op->o_bd->be_private = private;
+
+ return(rc);
+}
+
+/*
+** translucent_connection_destroy()
+** pass disconnect notification to captive backend;
+**
+*/
+
+static int translucent_connection_destroy(BackendDB *be, Connection *conn) {
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ overlay_stack *ov = on->on_bi.bi_private;
+ void *private = be->be_private;
+ int rc = 0;
+
+ Debug(LDAP_DEBUG_TRACE, "translucent_connection_destroy\n", 0, 0, 0);
+
+ be->be_private = ov->private;
+ rc = ov->info->bi_connection_destroy(be, conn);
+ be->be_private = private;
+
+ return(rc);
+}
+
+/*
+** translucent_db_config()
+** pass config directives to captive backend;
+** parse unrecognized directives ourselves;
+**
+*/
+
+static int translucent_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ overlay_stack *ov = on->on_bi.bi_private;
+ void *private = be->be_private;
+ void *be_cf_ocs = be->be_cf_ocs;
+ int rc;
+
+ /* "this should never happen" */
+ if(!ov->info) {
+ fprintf(stderr, "fatal: captive backend not initialized");
+ return(1);
+ }
+
+ be->be_private = ov->private;
+ be->be_cf_ocs = ov->info->bi_cf_ocs;
+ rc = ov->info->bi_db_config ? ov->info->bi_db_config(be, fname, lineno, argc, argv) : 0;
+ be->be_private = private;
+ be->be_cf_ocs = be_cf_ocs;
+
+ /* pass okay or error up, SLAP_CONF_UNKNOWN might be ours */
+ if(rc == 0 || rc == 1) return(rc);
+
+ rc = 0;
+ if(!strcasecmp(*argv, "translucent_strict")) {
+ ov->config->strict++;
+ } else if(!strcasecmp(*argv, "translucent_no_add")) {
+ ov->config->no_add++;
+ } else if(!strcasecmp(*argv, "translucent_no_glue")) {
+ ov->config->glue++;
+ } else if(!strcasecmp(*argv, "translucent_debug")) {
+ if(argc == 1) {
+ ov->config->debug = 0xFFFF;
+ rc = 0;
+ } else if(argc == 2) {
+ if ( lutil_atoi( &ov->config->debug, argv[1]) != 0 ) {
+ fprintf(stderr, "%s: line %d: unable to parse debug \"%s\"\n",
+ fname, lineno, argv[1]);
+ return 1;
+ }
+ rc = 0;
+ } else {
+ fprintf(stderr, "%s: line %d: too many arguments (%d) to debug\n",
+ fname, lineno, argc);
+ rc = 1;
+ }
+ } else {
+ fprintf(stderr, "%s: line %d: unknown keyword %s\n",
+ fname, lineno, *argv);
+ rc = SLAP_CONF_UNKNOWN;
+ }
+ return(rc);
+}
+
+/*
+** translucent_db_init()
+** initialize the captive backend;
+**
+*/
+
+static int translucent_db_init(BackendDB *be) {
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ void *private = be->be_private;
+ overlay_stack *ov;
+ int rc;
+
+ Debug(LDAP_DEBUG_TRACE, "==> translucent_init\n", 0, 0, 0);
+
+ ov = ch_calloc(1, sizeof(overlay_stack));
+ ov->config = ch_calloc(1, sizeof(translucent_configuration));
+ ov->info = backend_info("ldap");
+
+ if(!ov->info) {
+ Debug(LDAP_DEBUG_ANY, "translucent: backend_info failed!\n", 0, 0, 0);
+ return(1);
+ }
+
+ /* forcibly disable schema checking on the local backend */
+ SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
+
+ be->be_private = NULL;
+ rc = ov->info->bi_db_init ? ov->info->bi_db_init(be) : 0;
+
+ if(rc) Debug(LDAP_DEBUG_TRACE,
+ "translucent: bi_db_init() returned error %d\n", rc, 0, 0);
+
+ ov->private = be->be_private;
+ be->be_private = private;
+ on->on_bi.bi_private = ov;
+ return(rc);
+}
+
+/*
+** translucent_db_open()
+** if the captive backend has an open() method, call it;
+**
+*/
+
+static int translucent_db_open(BackendDB *be) {
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ overlay_stack *ov = on->on_bi.bi_private;
+ void *private = be->be_private;
+ int rc;
+
+ /* "should never happen" */
+ if(!ov->info) {
+ Debug(LDAP_DEBUG_ANY, "translucent_open() called with bad ov->info\n", 0, 0, 0);
+ return(LDAP_OTHER);
+ }
+
+ Debug(LDAP_DEBUG_TRACE, "translucent_open\n", 0, 0, 0);
+
+ be->be_private = ov->private;
+ rc = ov->info->bi_db_open ? ov->info->bi_db_open(be) : 0;
+ be->be_private = private;
+
+ if(rc) Debug(LDAP_DEBUG_TRACE,
+ "translucent: bi_db_open() returned error %d\n", rc, 0, 0);
+
+ return(rc);
+}
+
+/*
+** translucent_db_close()
+** if the captive backend has a close() method, call it;
+** free any config data;
+**
+*/
+
+static int translucent_db_close(BackendDB *be) {
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ overlay_stack *ov = on->on_bi.bi_private;
+ int rc = 0;
+
+ if ( ov ) {
+ void *private = be->be_private;
+
+ be->be_private = ov->private;
+ rc = (ov->info && ov->info->bi_db_close) ? ov->info->bi_db_close(be) : 0;
+ be->be_private = private;
+ if(ov->config) ch_free(ov->config);
+ ov->config = NULL;
+ }
+
+ return(rc);
+}
+
+/*
+** translucent_db_destroy()
+** if the captive backend has a db_destroy() method, call it
+**
+*/
+
+static int translucent_db_destroy(BackendDB *be) {
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ overlay_stack *ov = on->on_bi.bi_private;
+ int rc = 0;
+
+ if ( ov ) {
+ void *private = be->be_private;
+
+ be->be_private = ov->private;
+ rc = (ov->info && ov->info->bi_db_destroy) ? ov->info->bi_db_destroy(be) : 0;
+ be->be_private = private;
+ ch_free(ov);
+ on->on_bi.bi_private = NULL;
+ }
+
+ return(rc);
+}
+
+/*
+** translucent_initialize()
+** initialize the slap_overinst with our entry points;
+**
+*/
+
+int translucent_initialize() {
+
+ translucent.on_bi.bi_type = "translucent";
+ translucent.on_bi.bi_db_init = translucent_db_init;
+ translucent.on_bi.bi_db_config = translucent_db_config;
+ translucent.on_bi.bi_db_open = translucent_db_open;
+ translucent.on_bi.bi_db_close = translucent_db_close;
+ translucent.on_bi.bi_db_destroy = translucent_db_destroy;
+ translucent.on_bi.bi_op_bind = translucent_bind;
+ translucent.on_bi.bi_op_add = translucent_add;
+ translucent.on_bi.bi_op_modify = translucent_modify;
+ translucent.on_bi.bi_op_modrdn = translucent_modrdn;
+ translucent.on_bi.bi_op_delete = translucent_delete;
+ translucent.on_bi.bi_op_search = translucent_search;
+ translucent.on_bi.bi_op_compare = translucent_compare;
+ translucent.on_bi.bi_connection_destroy = translucent_connection_destroy;
+
+ return(overlay_register(&translucent));
+}
+
+#if SLAPD_OVER_TRANSLUCENT == SLAPD_MOD_DYNAMIC && defined(PIC)
+int init_module(int argc, char *argv[]) {
+ return translucent_initialize();
+}
+#endif
+
+#endif /* SLAPD_OVER_TRANSLUCENT */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/unique.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/unique.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/unique.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,612 @@
+/* unique.c - attribute uniqueness module */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/unique.c,v 1.8.2.11 2007/01/02 21:44:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Symas Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Symas Corp. for inclusion in
+ * OpenLDAP Software. This work was sponsored by Hewlett-Packard.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_UNIQUE
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+static slap_overinst unique;
+
+typedef struct unique_attrs_s {
+ struct unique_attrs_s *next; /* list of attrs */
+ AttributeDescription *attr;
+} unique_attrs;
+
+typedef struct unique_data_s {
+ const char *message; /* breadcrumbs */
+ struct unique_attrs_s *attrs; /* list of known attrs */
+ struct unique_attrs_s *ignore; /* list of ignored attrs */
+ BerValue dn; /* base of "unique tree" */
+ char strict; /* null considered unique too */
+} unique_data;
+
+typedef struct unique_counter_s {
+ struct berval *ndn;
+ int count;
+} unique_counter;
+
+/*
+** allocate new unique_data;
+** initialize, copy basedn;
+** store in on_bi.bi_private;
+**
+*/
+
+static int unique_db_init(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ unique_data *ud = ch_malloc(sizeof(unique_data));
+
+ /* Debug(LDAP_DEBUG_TRACE, "==> unique_init\n", 0, 0, 0); */
+
+ ud->message = "_init";
+ ud->attrs = NULL;
+ ud->ignore = NULL;
+ ud->strict = 0;
+
+ /* default to the base of our configured database */
+ ber_dupbv(&ud->dn, &be->be_nsuffix[0]);
+ on->on_bi.bi_private = ud;
+
+ return 0;
+}
+
+
+/*
+** if command = attributes:
+** foreach argument:
+** convert to attribute;
+** add to configured attribute list;
+** elseif command = base:
+** set our basedn to argument;
+** else complain about invalid directive;
+**
+*/
+
+static int unique_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ unique_data *ud = on->on_bi.bi_private;
+ unique_attrs *up;
+ const char *text;
+ AttributeDescription *ad;
+ int i;
+
+ ud->message = "_config";
+ Debug(LDAP_DEBUG_TRACE, "==> unique_config\n", 0, 0, 0);
+
+ if(!strcasecmp(*argv, "unique_attributes") ||
+ !strcasecmp(*argv, "unique_ignore")) {
+ for(i = 1; i < argc; i++) {
+ for(up = ud->attrs; up; up = up->next)
+ if(!strcmp(argv[i], up->attr->ad_cname.bv_val)) {
+ Debug(LDAP_DEBUG_ANY,
+ "%s: line %d: duplicate attribute <%s>, ignored\n",
+ fname, lineno, argv[i]);
+ continue;
+ }
+ ad = NULL;
+ if(slap_str2ad(argv[i], &ad, &text) != LDAP_SUCCESS) {
+ Debug(LDAP_DEBUG_ANY,
+ "%s: line %d: bad attribute <%s>, ignored\n",
+ fname, lineno, text);
+ continue; /* XXX */
+ } else if(ad->ad_next) {
+ Debug(LDAP_DEBUG_ANY,
+ "%s: line %d: multiple attributes match <%s>, ignored\n",
+ fname, lineno, argv[i]);
+ continue;
+ }
+ up = ch_malloc(sizeof(unique_attrs));
+ up->attr = ad;
+ if(!strcasecmp(*argv, "unique_ignore")) {
+ up->next = ud->ignore;
+ ud->ignore = up;
+ } else {
+ up->next = ud->attrs;
+ ud->attrs = up;
+ }
+ Debug(LDAP_DEBUG_CONFIG, "%s: line %d: new attribute <%s>\n",
+ fname, lineno, argv[i]);
+ }
+ } else if(!strcasecmp(*argv, "unique_strict")) {
+ ud->strict = 1;
+ } else if(!strcasecmp(*argv, "unique_base")) {
+ struct berval bv;
+ ber_str2bv( argv[1], 0, 0, &bv );
+ ch_free(ud->dn.bv_val);
+ dnNormalize(0, NULL, NULL, &bv, &ud->dn, NULL);
+ Debug(LDAP_DEBUG_CONFIG, "%s: line %d: new base dn <%s>\n",
+ fname, lineno, argv[1]);
+ } else {
+ return(SLAP_CONF_UNKNOWN);
+ }
+
+ return(0);
+}
+
+
+/*
+** mostly, just print the init message;
+**
+*/
+
+static int
+unique_open(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ unique_data *ud = on->on_bi.bi_private;
+ ud->message = "_open";
+
+ Debug(LDAP_DEBUG_TRACE, "unique_open: overlay initialized\n", 0, 0, 0);
+
+ return(0);
+}
+
+
+/*
+** foreach configured attribute:
+** free it;
+** free our basedn;
+** (do not) free ud->message;
+** reset on_bi.bi_private;
+** free our config data;
+**
+*/
+
+static int
+unique_close(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ unique_data *ud = on->on_bi.bi_private;
+ unique_attrs *ii, *ij;
+ ud->message = "_close";
+
+ Debug(LDAP_DEBUG_TRACE, "==> unique_close\n", 0, 0, 0);
+
+ for(ii = ud->attrs; ii; ii = ij) {
+ ij = ii->next;
+ ch_free(ii);
+ }
+
+ for(ii = ud->ignore; ii; ii = ij) {
+ ij = ii->next;
+ ch_free(ii);
+ }
+
+ ch_free(ud->dn.bv_val);
+
+ on->on_bi.bi_private = NULL; /* XXX */
+
+ ch_free(ud);
+
+ return(0);
+}
+
+
+/*
+** search callback
+** if this is a REP_SEARCH, count++;
+**
+*/
+
+static int count_attr_cb(
+ Operation *op,
+ SlapReply *rs
+)
+{
+ unique_counter *uc;
+
+ /* because you never know */
+ if(!op || !rs) return(0);
+
+ /* Only search entries are interesting */
+ if(rs->sr_type != REP_SEARCH) return(0);
+
+ uc = op->o_callback->sc_private;
+
+ /* Ignore the current entry */
+ if ( dn_match( uc->ndn, &rs->sr_entry->e_nname )) return(0);
+
+ Debug(LDAP_DEBUG_TRACE, "==> count_attr_cb <%s>\n",
+ rs->sr_entry ? rs->sr_entry->e_name.bv_val : "UNKNOWN_DN", 0, 0);
+
+ uc->count++;
+
+ return(0);
+}
+
+static int count_filter_len(
+ unique_data *ud,
+ AttributeDescription *ad,
+ BerVarray b,
+ int ks
+)
+{
+ unique_attrs *up;
+ int i;
+
+ while ( !is_at_operational( ad->ad_type ) ) {
+ if ( ud->ignore ) {
+ for ( up = ud->ignore; up; up = up->next ) {
+ if (ad == up->attr ) {
+ break;
+ }
+ }
+ if ( up ) {
+ break;
+ }
+ }
+ if ( ud->attrs ) {
+ for ( up = ud->attrs; up; up = up->next ) {
+ if ( ad == up->attr ) {
+ break;
+ }
+ }
+ if ( !up ) {
+ break;
+ }
+ }
+ if ( b && b[0].bv_val ) {
+ for (i = 0; b[i].bv_val; i++ ) {
+ /* note: make room for filter escaping... */
+ ks += ( 3 * b[i].bv_len ) + ad->ad_cname.bv_len + STRLENOF( "(=)" );
+ }
+ } else if ( ud->strict ) {
+ ks += ad->ad_cname.bv_len + STRLENOF( "(=*)" ); /* (attr=*) */
+ }
+ break;
+ }
+ return ks;
+}
+
+static char *build_filter(
+ unique_data *ud,
+ AttributeDescription *ad,
+ BerVarray b,
+ char *kp,
+ void *ctx
+)
+{
+ unique_attrs *up;
+ int i;
+
+ while ( !is_at_operational( ad->ad_type ) ) {
+ if ( ud->ignore ) {
+ for ( up = ud->ignore; up; up = up->next ) {
+ if ( ad == up->attr ) {
+ break;
+ }
+ }
+ if ( up ) {
+ break;
+ }
+ }
+ if ( ud->attrs ) {
+ for ( up = ud->attrs; up; up = up->next ) {
+ if ( ad == up->attr ) {
+ break;
+ }
+ }
+ if ( !up ) {
+ break;
+ }
+ }
+ if ( b && b[0].bv_val ) {
+ for ( i = 0; b[i].bv_val; i++ ) {
+ struct berval bv;
+
+ ldap_bv2escaped_filter_value_x( &b[i], &bv, 1, ctx );
+ kp += sprintf( kp, "(%s=%s)", ad->ad_cname.bv_val, bv.bv_val );
+ if ( bv.bv_val != b[i].bv_val ) {
+ ber_memfree_x( bv.bv_val, ctx );
+ }
+ }
+ } else if ( ud->strict ) {
+ kp += sprintf( kp, "(%s=*)", ad->ad_cname.bv_val );
+ }
+ break;
+ }
+ return kp;
+}
+
+static int unique_search(
+ Operation *op,
+ Operation *nop,
+ SlapReply *rs,
+ char *key
+)
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ unique_data *ud = on->on_bi.bi_private;
+ SlapReply nrs = { REP_RESULT };
+ slap_callback cb = { NULL, NULL, NULL, NULL }; /* XXX */
+ unique_counter uq = { NULL, 0 };
+ int rc;
+
+ nop->ors_filter = str2filter_x(nop, key);
+ ber_str2bv(key, 0, 0, &nop->ors_filterstr);
+
+ cb.sc_response = (slap_response*)count_attr_cb;
+ cb.sc_private = &uq;
+ nop->o_callback = &cb;
+ nop->o_tag = LDAP_REQ_SEARCH;
+ nop->ors_scope = LDAP_SCOPE_SUBTREE;
+ nop->ors_deref = LDAP_DEREF_NEVER;
+ nop->ors_limit = NULL;
+ nop->ors_slimit = SLAP_NO_LIMIT;
+ nop->ors_tlimit = SLAP_NO_LIMIT;
+ nop->ors_attrs = slap_anlist_no_attrs;
+ nop->ors_attrsonly = 1;
+
+ uq.ndn = &op->o_req_ndn;
+
+ nop->o_req_ndn = ud->dn;
+ nop->o_ndn = op->o_bd->be_rootndn;
+
+ nop->o_bd = on->on_info->oi_origdb;
+ rc = nop->o_bd->be_search(nop, &nrs);
+ filter_free_x(nop, nop->ors_filter);
+ op->o_tmpfree( key, op->o_tmpmemctx );
+
+ if(rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_OBJECT) {
+ op->o_bd->bd_info = (BackendInfo *) on->on_info;
+ send_ldap_error(op, rs, rc, "unique_search failed");
+ return(rs->sr_err);
+ }
+
+ Debug(LDAP_DEBUG_TRACE, "=> unique_search found %d records\n", uq.count, 0, 0);
+
+ if(uq.count) {
+ op->o_bd->bd_info = (BackendInfo *) on->on_info;
+ send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
+ "some attributes not unique");
+ return(rs->sr_err);
+ }
+
+ return(SLAP_CB_CONTINUE);
+}
+
+#define ALLOC_EXTRA 16 /* extra slop */
+
+static int unique_add(
+ Operation *op,
+ SlapReply *rs
+)
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ unique_data *ud = on->on_bi.bi_private;
+ Operation nop = *op;
+
+ Attribute *a;
+ char *key, *kp;
+ int ks = 0;
+
+ Debug(LDAP_DEBUG_TRACE, "==> unique_add <%s>\n", op->o_req_dn.bv_val, 0, 0);
+
+ if ( !dnIsSuffix( &op->o_req_ndn, &ud->dn ))
+ return SLAP_CB_CONTINUE;
+
+/*
+** count everything first;
+** allocate some memory;
+** write the search key;
+**
+*/
+
+ if(!(a = op->ora_e->e_attrs)) {
+ op->o_bd->bd_info = (BackendInfo *) on->on_info;
+ send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
+ "unique_add() got null op.ora_e.e_attrs");
+ return(rs->sr_err);
+ } else for(; a; a = a->a_next) {
+ ks = count_filter_len(ud, a->a_desc, a->a_vals, ks);
+ }
+
+ if ( !ks )
+ return SLAP_CB_CONTINUE;
+
+ ks += ALLOC_EXTRA;
+ key = op->o_tmpalloc(ks, op->o_tmpmemctx);
+
+ kp = key + sprintf(key, "(|");
+
+ for(a = op->ora_e->e_attrs; a; a = a->a_next) {
+ kp = build_filter(ud, a->a_desc, a->a_vals, kp, op->o_tmpmemctx);
+ }
+
+ sprintf(kp, ")");
+
+ Debug(LDAP_DEBUG_TRACE, "=> unique_add %s\n", key, 0, 0);
+
+ return unique_search(op, &nop, rs, key);
+}
+
+
+static int unique_modify(
+ Operation *op,
+ SlapReply *rs
+)
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ unique_data *ud = on->on_bi.bi_private;
+ Operation nop = *op;
+
+ Modifications *m;
+ char *key, *kp;
+ int ks = 0;
+
+ Debug(LDAP_DEBUG_TRACE, "==> unique_modify <%s>\n", op->o_req_dn.bv_val, 0, 0);
+
+ if ( !dnIsSuffix( &op->o_req_ndn, &ud->dn ))
+ return SLAP_CB_CONTINUE;
+
+/*
+** count everything first;
+** allocate some memory;
+** write the search key;
+**
+*/
+
+ if(!(m = op->orm_modlist)) {
+ op->o_bd->bd_info = (BackendInfo *) on->on_info;
+ send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
+ "unique_modify() got null op.orm_modlist");
+ return(rs->sr_err);
+ } else for(; m; m = m->sml_next) {
+ if ((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE) continue;
+ ks = count_filter_len(ud, m->sml_desc, m->sml_values, ks);
+ }
+
+ if ( !ks )
+ return SLAP_CB_CONTINUE;
+
+ ks += ALLOC_EXTRA;
+ key = op->o_tmpalloc(ks, op->o_tmpmemctx);
+
+ kp = key + sprintf(key, "(|");
+
+ for(m = op->orm_modlist; m; m = m->sml_next) {
+ if ((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE) continue;
+ kp = build_filter(ud, m->sml_desc, m->sml_values, kp, op->o_tmpmemctx);
+ }
+
+ sprintf(kp, ")");
+
+ Debug(LDAP_DEBUG_TRACE, "=> unique_modify %s\n", key, 0, 0);
+
+ return unique_search(op, &nop, rs, key);
+}
+
+
+static int unique_modrdn(
+ Operation *op,
+ SlapReply *rs
+)
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ unique_data *ud = on->on_bi.bi_private;
+ Operation nop = *op;
+
+ char *key, *kp;
+ int i, ks = 0;
+ LDAPRDN newrdn;
+ struct berval bv[2];
+
+ Debug(LDAP_DEBUG_TRACE, "==> unique_modrdn <%s> <%s>\n",
+ op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0);
+
+ if ( !dnIsSuffix( &op->o_req_ndn, &ud->dn ) &&
+ (!op->orr_nnewSup || !dnIsSuffix( op->orr_nnewSup, &ud->dn )))
+ return SLAP_CB_CONTINUE;
+
+ if(ldap_bv2rdn_x(&op->oq_modrdn.rs_newrdn, &newrdn,
+ (char **)&rs->sr_text, LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx )) {
+ op->o_bd->bd_info = (BackendInfo *) on->on_info;
+ send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
+ "unknown type(s) used in RDN");
+ return(rs->sr_err);
+ }
+ for(i = 0; newrdn[i]; i++) {
+ AttributeDescription *ad = NULL;
+ if ( slap_bv2ad( &newrdn[i]->la_attr, &ad, &rs->sr_text )) {
+ ldap_rdnfree_x( newrdn, op->o_tmpmemctx );
+ rs->sr_err = LDAP_INVALID_SYNTAX;
+ send_ldap_result( op, rs );
+ return(rs->sr_err);
+ }
+ newrdn[i]->la_private = ad;
+ }
+
+ bv[1].bv_val = NULL;
+ bv[1].bv_len = 0;
+
+ for(i = 0; newrdn[i]; i++) {
+ bv[0] = newrdn[i]->la_value;
+ ks = count_filter_len(ud, newrdn[i]->la_private, bv, ks);
+ }
+
+ if ( !ks )
+ return SLAP_CB_CONTINUE;
+
+ ks += ALLOC_EXTRA;
+ key = op->o_tmpalloc(ks, op->o_tmpmemctx);
+ kp = key + sprintf(key, "(|");
+
+ for(i = 0; newrdn[i]; i++) {
+ bv[0] = newrdn[i]->la_value;
+ kp = build_filter(ud, newrdn[i]->la_private, bv, kp, op->o_tmpmemctx);
+ }
+
+ sprintf(kp, ")");
+
+ Debug(LDAP_DEBUG_TRACE, "=> unique_modrdn %s\n", key, 0, 0);
+
+ return unique_search(op, &nop, rs, key);
+}
+
+/*
+** init_module is last so the symbols resolve "for free" --
+** it expects to be called automagically during dynamic module initialization
+*/
+
+int unique_initialize() {
+
+ /* statically declared just after the #includes at top */
+ unique.on_bi.bi_type = "unique";
+ unique.on_bi.bi_db_init = unique_db_init;
+ unique.on_bi.bi_db_config = unique_config;
+ unique.on_bi.bi_db_open = unique_open;
+ unique.on_bi.bi_db_close = unique_close;
+ unique.on_bi.bi_op_add = unique_add;
+ unique.on_bi.bi_op_modify = unique_modify;
+ unique.on_bi.bi_op_modrdn = unique_modrdn;
+ unique.on_bi.bi_op_delete = NULL;
+
+ return(overlay_register(&unique));
+}
+
+#if SLAPD_OVER_UNIQUE == SLAPD_MOD_DYNAMIC && defined(PIC)
+int init_module(int argc, char *argv[]) {
+ return unique_initialize();
+}
+#endif
+
+#endif /* SLAPD_OVER_UNIQUE */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/overlays/valsort.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/overlays/valsort.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/overlays/valsort.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,571 @@
+/* valsort.c - sort attribute values */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/valsort.c,v 1.9.2.6 2007/01/02 21:44:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005-2007 The OpenLDAP Foundation.
+ * Portions copyright 2005 Symas Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion in
+ * OpenLDAP Software. This work was sponsored by Stanford University.
+ */
+
+/*
+ * This overlay sorts the values of multi-valued attributes when returning
+ * them in a search response.
+ */
+#include "portable.h"
+
+#ifdef SLAPD_OVER_VALSORT
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/ctype.h>
+
+#include "slap.h"
+#include "config.h"
+#include "lutil.h"
+
+#define VALSORT_ASCEND 0
+#define VALSORT_DESCEND 1
+
+#define VALSORT_ALPHA 2
+#define VALSORT_NUMERIC 4
+
+#define VALSORT_WEIGHTED 8
+
+typedef struct valsort_info {
+ struct valsort_info *vi_next;
+ struct berval vi_dn;
+ AttributeDescription *vi_ad;
+ slap_mask_t vi_sort;
+} valsort_info;
+
+static int valsort_cid;
+
+static ConfigDriver valsort_cf_func;
+
+static ConfigTable valsort_cfats[] = {
+ { "valsort-attr", "attribute> <dn> <sort-type", 4, 5, 0, ARG_MAGIC,
+ valsort_cf_func, "( OLcfgOvAt:5.1 NAME 'olcValSortAttr' "
+ "DESC 'Sorting rule for attribute under given DN' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { NULL }
+};
+
+static ConfigOCs valsort_cfocs[] = {
+ { "( OLcfgOvOc:5.1 "
+ "NAME 'olcValSortConfig' "
+ "DESC 'Value Sorting configuration' "
+ "SUP olcOverlayConfig "
+ "MUST olcValSortAttr )",
+ Cft_Overlay, valsort_cfats },
+ { NULL }
+};
+
+static slap_verbmasks sorts[] = {
+ { BER_BVC("alpha-ascend"), VALSORT_ASCEND|VALSORT_ALPHA },
+ { BER_BVC("alpha-descend"), VALSORT_DESCEND|VALSORT_ALPHA },
+ { BER_BVC("numeric-ascend"), VALSORT_ASCEND|VALSORT_NUMERIC },
+ { BER_BVC("numeric-descend"), VALSORT_DESCEND|VALSORT_NUMERIC },
+ { BER_BVC("weighted"), VALSORT_WEIGHTED },
+ { BER_BVNULL, 0 }
+};
+
+static Syntax *syn_numericString;
+
+static int
+valsort_cf_func(ConfigArgs *c) {
+ slap_overinst *on = (slap_overinst *)c->bi;
+ valsort_info vitmp, *vi;
+ const char *text = NULL;
+ int i, is_numeric;
+ struct berval bv = BER_BVNULL;
+
+ if ( c->op == SLAP_CONFIG_EMIT ) {
+ for ( vi = on->on_bi.bi_private; vi; vi = vi->vi_next ) {
+ struct berval bv2 = BER_BVNULL, bvret;
+ char *ptr;
+ int len;
+
+ len = vi->vi_ad->ad_cname.bv_len + 1 + vi->vi_dn.bv_len + 2;
+ i = vi->vi_sort;
+ if ( i & VALSORT_WEIGHTED ) {
+ enum_to_verb( sorts, VALSORT_WEIGHTED, &bv2 );
+ len += bv2.bv_len + 1;
+ i ^= VALSORT_WEIGHTED;
+ }
+ if ( i ) {
+ enum_to_verb( sorts, i, &bv );
+ len += bv.bv_len + 1;
+ }
+ bvret.bv_val = ch_malloc( len+1 );
+ bvret.bv_len = len;
+
+ ptr = lutil_strcopy( bvret.bv_val, vi->vi_ad->ad_cname.bv_val );
+ *ptr++ = ' ';
+ *ptr++ = '"';
+ ptr = lutil_strcopy( ptr, vi->vi_dn.bv_val );
+ *ptr++ = '"';
+ if ( vi->vi_sort & VALSORT_WEIGHTED ) {
+ *ptr++ = ' ';
+ ptr = lutil_strcopy( ptr, bv2.bv_val );
+ }
+ if ( i ) {
+ *ptr++ = ' ';
+ strcpy( ptr, bv.bv_val );
+ }
+ ber_bvarray_add( &c->rvalue_vals, &bvret );
+ }
+ i = ( c->rvalue_vals != NULL ) ? 0 : 1;
+ return i;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ if ( c->valx < 0 ) {
+ for ( vi = on->on_bi.bi_private; vi; vi = on->on_bi.bi_private ) {
+ on->on_bi.bi_private = vi->vi_next;
+ ch_free( vi->vi_dn.bv_val );
+ ch_free( vi );
+ }
+ } else {
+ valsort_info **prev;
+
+ for (i=0, prev = (valsort_info **)&on->on_bi.bi_private,
+ vi = *prev; vi && i<c->valx;
+ prev = &vi->vi_next, vi = vi->vi_next, i++ );
+ (*prev)->vi_next = vi->vi_next;
+ ch_free( vi->vi_dn.bv_val );
+ ch_free( vi );
+ }
+ return 0;
+ }
+ vitmp.vi_ad = NULL;
+ i = slap_str2ad( c->argv[1], &vitmp.vi_ad, &text );
+ if ( i ) {
+ sprintf( c->msg, "<%s> %s", c->argv[0], text );
+ Debug( LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
+ c->log, c->msg, c->argv[1] );
+ return(1);
+ }
+ if ( is_at_single_value( vitmp.vi_ad->ad_type )) {
+ sprintf( c->msg, "<%s> %s is single-valued, ignoring", c->argv[0],
+ vitmp.vi_ad->ad_cname.bv_val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
+ c->log, c->msg, c->argv[1] );
+ return(0);
+ }
+ is_numeric = ( vitmp.vi_ad->ad_type->sat_syntax == syn_numericString ||
+ vitmp.vi_ad->ad_type->sat_syntax == slap_schema.si_syn_integer ) ? 1
+ : 0;
+ ber_str2bv( c->argv[2], 0, 0, &bv );
+ i = dnNormalize( 0, NULL, NULL, &bv, &vitmp.vi_dn, NULL );
+ if ( i ) {
+ sprintf( c->msg, "<%s> unable to normalize DN", c->argv[0] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
+ c->log, c->msg, c->argv[2] );
+ return(1);
+ }
+ i = verb_to_mask( c->argv[3], sorts );
+ if ( BER_BVISNULL( &sorts[i].word )) {
+ sprintf( c->msg, "<%s> unrecognized sort type", c->argv[0] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
+ c->log, c->msg, c->argv[3] );
+ return(1);
+ }
+ vitmp.vi_sort = sorts[i].mask;
+ if ( sorts[i].mask == VALSORT_WEIGHTED && c->argc == 5 ) {
+ i = verb_to_mask( c->argv[4], sorts );
+ if ( BER_BVISNULL( &sorts[i].word )) {
+ sprintf( c->msg, "<%s> unrecognized sort type", c->argv[0] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
+ c->log, c->msg, c->argv[4] );
+ return(1);
+ }
+ vitmp.vi_sort |= sorts[i].mask;
+ }
+ if (( vitmp.vi_sort & VALSORT_NUMERIC ) && !is_numeric ) {
+ sprintf( c->msg, "<%s> numeric sort specified for non-numeric syntax",
+ c->argv[0] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
+ c->log, c->msg, c->argv[1] );
+ return(1);
+ }
+ vi = ch_malloc( sizeof(valsort_info) );
+ *vi = vitmp;
+ vi->vi_next = on->on_bi.bi_private;
+ on->on_bi.bi_private = vi;
+ return 0;
+}
+
+/* Use Insertion Sort algorithm on selected values */
+static void
+do_sort( Operation *op, Attribute *a, int beg, int num, slap_mask_t sort )
+{
+ int i, j, gotnvals;
+ struct berval tmp, ntmp, *vals = NULL, *nvals;
+
+ gotnvals = (a->a_vals != a->a_nvals );
+
+ nvals = a->a_nvals + beg;
+ if ( gotnvals )
+ vals = a->a_vals + beg;
+
+ if ( sort & VALSORT_NUMERIC ) {
+ long *numbers = op->o_tmpalloc( num * sizeof(long), op->o_tmpmemctx ),
+ idx;
+ for (i=0; i<num; i++)
+ numbers[i] = strtol( nvals[i].bv_val, NULL, 0 );
+
+ for (i=1; i<num; i++) {
+ idx = numbers[i];
+ ntmp = nvals[i];
+ if ( gotnvals ) tmp = vals[i];
+ j = i;
+ while ( j>0 ) {
+ int cmp = (sort & VALSORT_DESCEND) ? numbers[j-1] < idx :
+ numbers[j-1] > idx;
+ if ( !cmp ) break;
+ numbers[j] = numbers[j-1];
+ nvals[j] = nvals[j-1];
+ if ( gotnvals ) vals[j] = vals[j-1];
+ j--;
+ }
+ numbers[j] = idx;
+ nvals[j] = ntmp;
+ if ( gotnvals ) vals[j] = tmp;
+ }
+ op->o_tmpfree( numbers, op->o_tmpmemctx );
+ } else {
+ for (i=1; i<num; i++) {
+ ntmp = nvals[i];
+ if ( gotnvals ) tmp = vals[i];
+ j = i;
+ while ( j>0 ) {
+ int cmp = strcmp( nvals[j-1].bv_val, ntmp.bv_val );
+ cmp = (sort & VALSORT_DESCEND) ? (cmp < 0) : (cmp > 0);
+ if ( !cmp ) break;
+
+ nvals[j] = nvals[j-1];
+ if ( gotnvals ) vals[j] = vals[j-1];
+ j--;
+ }
+ nvals[j] = ntmp;
+ if ( gotnvals ) vals[j] = tmp;
+ }
+ }
+}
+
+static int
+valsort_response( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on;
+ valsort_info *vi;
+ Attribute *a;
+
+ /* If this is not a search response, or it is a syncrepl response,
+ * or the valsort control wants raw results, pass thru unmodified.
+ */
+ if ( rs->sr_type != REP_SEARCH ||
+ ( _SCM(op->o_sync) > SLAP_CONTROL_IGNORED ) ||
+ ( op->o_ctrlflag[valsort_cid] & SLAP_CONTROL_DATA0))
+ return SLAP_CB_CONTINUE;
+
+ on = (slap_overinst *) op->o_bd->bd_info;
+ vi = on->on_bi.bi_private;
+
+ /* And we must have something configured */
+ if ( !vi ) return SLAP_CB_CONTINUE;
+
+ /* Find a rule whose baseDN matches this entry */
+ for (; vi; vi = vi->vi_next ) {
+ int i, n;
+
+ if ( !dnIsSuffix( &rs->sr_entry->e_nname, &vi->vi_dn ))
+ continue;
+
+ /* Find attr that this rule affects */
+ a = attr_find( rs->sr_entry->e_attrs, vi->vi_ad );
+ if ( !a ) continue;
+
+ if (( rs->sr_flags & ( REP_ENTRY_MODIFIABLE|REP_ENTRY_MUSTBEFREED )) !=
+ ( REP_ENTRY_MODIFIABLE|REP_ENTRY_MUSTBEFREED )) {
+ rs->sr_entry = entry_dup( rs->sr_entry );
+ rs->sr_flags |= REP_ENTRY_MODIFIABLE|REP_ENTRY_MUSTBEFREED;
+ a = attr_find( rs->sr_entry->e_attrs, vi->vi_ad );
+ }
+
+ /* count values */
+ for ( n = 0; !BER_BVISNULL( &a->a_vals[n] ); n++ );
+
+ if ( vi->vi_sort & VALSORT_WEIGHTED ) {
+ int j, gotnvals;
+ long *index = op->o_tmpalloc( n * sizeof(long), op->o_tmpmemctx );
+
+ gotnvals = (a->a_vals != a->a_nvals );
+
+ for (i=0; i<n; i++) {
+ char *ptr = ber_bvchr( &a->a_nvals[i], '{' );
+ char *end = NULL;
+ if ( !ptr ) {
+ Debug(LDAP_DEBUG_TRACE, "weights missing from attr %s "
+ "in entry %s\n", vi->vi_ad->ad_cname.bv_val,
+ rs->sr_entry->e_name.bv_val, 0 );
+ break;
+ }
+ index[i] = strtol( ptr+1, &end, 0 );
+ if ( *end != '}' ) {
+ Debug(LDAP_DEBUG_TRACE, "weights misformatted "
+ "in entry %s\n",
+ rs->sr_entry->e_name.bv_val, 0, 0 );
+ break;
+ }
+ /* Strip out weights */
+ ptr = a->a_nvals[i].bv_val;
+ end++;
+ for (;*end;)
+ *ptr++ = *end++;
+ *ptr = '\0';
+ a->a_nvals[i].bv_len = ptr - a->a_nvals[i].bv_val;
+
+ if ( a->a_vals != a->a_nvals ) {
+ ptr = a->a_vals[i].bv_val;
+ end = ber_bvchr( &a->a_vals[i], '}' );
+ assert( end != NULL );
+ end++;
+ for (;*end;)
+ *ptr++ = *end++;
+ *ptr = '\0';
+ a->a_vals[i].bv_len = ptr - a->a_vals[i].bv_val;
+ }
+ }
+ /* An attr was missing weights here, ignore it */
+ if ( i<n ) {
+ op->o_tmpfree( index, op->o_tmpmemctx );
+ continue;
+ }
+ /* Insertion sort */
+ for ( i=1; i<n; i++) {
+ long idx = index[i];
+ struct berval tmp = a->a_vals[i], ntmp;
+ if ( gotnvals ) ntmp = a->a_nvals[i];
+ j = i;
+ while (( j>0 ) && (index[j-1] > idx )) {
+ index[j] = index[j-1];
+ a->a_vals[j] = a->a_vals[j-1];
+ if ( gotnvals ) a->a_nvals[j] = a->a_nvals[j-1];
+ j--;
+ }
+ index[j] = idx;
+ a->a_vals[j] = tmp;
+ if ( gotnvals ) a->a_nvals[j] = ntmp;
+ }
+ /* Check for secondary sort */
+ if ( vi->vi_sort ^ VALSORT_WEIGHTED ) {
+ for ( i=0; i<n;) {
+ for (j=i+1; j<n; j++) {
+ if (index[i] != index[j])
+ break;
+ }
+ if( j-i > 1 )
+ do_sort( op, a, i, j-i, vi->vi_sort );
+ i = j;
+ }
+ }
+ op->o_tmpfree( index, op->o_tmpmemctx );
+ } else {
+ do_sort( op, a, 0, n, vi->vi_sort );
+ }
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+valsort_add( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ valsort_info *vi = on->on_bi.bi_private;
+
+ Attribute *a;
+ int i;
+ char *ptr, *end;
+
+ /* See if any weighted sorting applies to this entry */
+ for ( ;vi;vi=vi->vi_next ) {
+ if ( !dnIsSuffix( &op->o_req_ndn, &vi->vi_dn ))
+ continue;
+ if ( !(vi->vi_sort & VALSORT_WEIGHTED ))
+ continue;
+ a = attr_find( op->ora_e->e_attrs, vi->vi_ad );
+ if ( !a )
+ continue;
+ for (i=0; !BER_BVISNULL( &a->a_vals[i] ); i++) {
+ ptr = ber_bvchr(&a->a_vals[i], '{' );
+ if ( !ptr ) {
+ Debug(LDAP_DEBUG_TRACE, "weight missing from attribute %s\n",
+ vi->vi_ad->ad_cname.bv_val, 0, 0);
+ send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION,
+ "weight missing from attribute" );
+ return rs->sr_err;
+ }
+ strtol( ptr+1, &end, 0 );
+ if ( *end != '}' ) {
+ Debug(LDAP_DEBUG_TRACE, "weight is misformatted in %s\n",
+ vi->vi_ad->ad_cname.bv_val, 0, 0);
+ send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION,
+ "weight is misformatted" );
+ return rs->sr_err;
+ }
+ }
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+valsort_modify( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ valsort_info *vi = on->on_bi.bi_private;
+
+ Modifications *ml;
+ int i;
+ char *ptr, *end;
+
+ /* See if any weighted sorting applies to this entry */
+ for ( ;vi;vi=vi->vi_next ) {
+ if ( !dnIsSuffix( &op->o_req_ndn, &vi->vi_dn ))
+ continue;
+ if ( !(vi->vi_sort & VALSORT_WEIGHTED ))
+ continue;
+ for (ml = op->orm_modlist; ml; ml=ml->sml_next ) {
+ if ( ml->sml_desc == vi->vi_ad )
+ break;
+ }
+ if ( !ml )
+ continue;
+ for (i=0; !BER_BVISNULL( &ml->sml_values[i] ); i++) {
+ ptr = ber_bvchr(&ml->sml_values[i], '{' );
+ if ( !ptr ) {
+ Debug(LDAP_DEBUG_TRACE, "weight missing from attribute %s\n",
+ vi->vi_ad->ad_cname.bv_val, 0, 0);
+ send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION,
+ "weight missing from attribute" );
+ return rs->sr_err;
+ }
+ strtol( ptr+1, &end, 0 );
+ if ( *end != '}' ) {
+ Debug(LDAP_DEBUG_TRACE, "weight is misformatted in %s\n",
+ vi->vi_ad->ad_cname.bv_val, 0, 0);
+ send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION,
+ "weight is misformatted" );
+ return rs->sr_err;
+ }
+ }
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+valsort_db_open(
+ BackendDB *be
+)
+{
+ return overlay_register_control( be, LDAP_CONTROL_VALSORT );
+}
+
+static int
+valsort_destroy(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ valsort_info *vi = on->on_bi.bi_private, *next;
+
+ for (; vi; vi = next) {
+ next = vi->vi_next;
+ ch_free( vi->vi_dn.bv_val );
+ ch_free( vi );
+ }
+
+ return 0;
+}
+
+static int
+valsort_parseCtrl(
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ ber_tag_t tag;
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ ber_int_t flag = 0;
+
+ if ( ctrl->ldctl_value.bv_len == 0 ) {
+ rs->sr_text = "valSort control value is empty (or absent)";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ ber_init2( ber, &ctrl->ldctl_value, 0 );
+ if (( tag = ber_scanf( ber, "{b}", &flag )) == LBER_ERROR ) {
+ rs->sr_text = "valSort control: flag decoding error";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ op->o_ctrlflag[valsort_cid] = ctrl->ldctl_iscritical ?
+ SLAP_CONTROL_CRITICAL : SLAP_CONTROL_NONCRITICAL;
+ if ( flag )
+ op->o_ctrlflag[valsort_cid] |= SLAP_CONTROL_DATA0;
+
+ return LDAP_SUCCESS;
+}
+
+static slap_overinst valsort;
+
+int valsort_initialize( void )
+{
+ int rc;
+
+ valsort.on_bi.bi_type = "valsort";
+ valsort.on_bi.bi_db_destroy = valsort_destroy;
+ valsort.on_bi.bi_db_open = valsort_db_open;
+
+ valsort.on_bi.bi_op_add = valsort_add;
+ valsort.on_bi.bi_op_modify = valsort_modify;
+
+ valsort.on_response = valsort_response;
+
+ valsort.on_bi.bi_cf_ocs = valsort_cfocs;
+
+ rc = register_supported_control( LDAP_CONTROL_VALSORT,
+ SLAP_CTRL_SEARCH | SLAP_CTRL_HIDE, NULL, valsort_parseCtrl,
+ &valsort_cid );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "Failed to register control %d\n", rc );
+ return rc;
+ }
+
+ syn_numericString = syn_find( "1.3.6.1.4.1.1466.115.121.1.36" );
+
+ rc = config_register_schema( valsort_cfats, valsort_cfocs );
+ if ( rc ) return rc;
+
+ return overlay_register(&valsort);
+}
+
+#if SLAPD_OVER_VALSORT == SLAPD_MOD_DYNAMIC
+int init_module( int argc, char *argv[]) {
+ return valsort_initialize();
+}
+#endif
+
+#endif /* SLAPD_OVER_VALSORT */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/passwd.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/passwd.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/passwd.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,605 @@
+/* passwd.c - password extended operation routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/passwd.c,v 1.95.2.21 2007/01/02 21:43:57 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/krb.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#ifdef SLAPD_CRYPT
+#include <ac/crypt.h>
+#endif
+
+#include "slap.h"
+
+#include <lber_pvt.h>
+#include <lutil.h>
+#include <lutil_sha1.h>
+
+static const char *defhash[] = {
+#ifdef LUTIL_SHA1_BYTES
+ "{SSHA}",
+#else
+ "{SMD5}",
+#endif
+ NULL
+};
+
+int passwd_extop(
+ Operation *op,
+ SlapReply *rs )
+{
+ struct berval id = {0, NULL}, hash, *rsp = NULL;
+ req_pwdexop_s *qpw = &op->oq_pwdexop;
+ req_extended_s qext = op->oq_extended;
+ Modifications *ml;
+ slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
+ slap_callback cb2 = { NULL, slap_replog_cb, NULL, NULL };
+ int i, nhash;
+ char **hashes;
+ int rc;
+ BackendDB *op_be;
+ int freenewpw = 0;
+
+ cb2.sc_next = &cb;
+
+ assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid ) == 0 );
+
+ if( op->o_dn.bv_len == 0 ) {
+ Statslog( LDAP_DEBUG_STATS, "%s PASSMOD\n",
+ op->o_log_prefix, 0, 0, 0, 0 );
+ rs->sr_text = "only authenticated users may change passwords";
+ return LDAP_STRONG_AUTH_REQUIRED;
+ }
+
+ qpw->rs_old.bv_len = 0;
+ qpw->rs_old.bv_val = NULL;
+ qpw->rs_new.bv_len = 0;
+ qpw->rs_new.bv_val = NULL;
+ qpw->rs_mods = NULL;
+ qpw->rs_modtail = NULL;
+
+ rs->sr_err = slap_passwd_parse( op->ore_reqdata, &id,
+ &qpw->rs_old, &qpw->rs_new, &rs->sr_text );
+
+ if ( rs->sr_err == LDAP_SUCCESS && !BER_BVISEMPTY( &id ) ) {
+ Statslog( LDAP_DEBUG_STATS, "%s PASSMOD id=\"%s\"%s%s\n",
+ op->o_log_prefix, id.bv_val,
+ qpw->rs_old.bv_val ? " old" : "",
+ qpw->rs_new.bv_val ? " new" : "", 0 );
+ } else {
+ Statslog( LDAP_DEBUG_STATS, "%s PASSMOD%s%s\n",
+ op->o_log_prefix,
+ qpw->rs_old.bv_val ? " old" : "",
+ qpw->rs_new.bv_val ? " new" : "", 0, 0 );
+ }
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ return rs->sr_err;
+ }
+
+ if ( !BER_BVISEMPTY( &id ) ) {
+ rs->sr_err = dnPrettyNormal( NULL, &id, &op->o_req_dn,
+ &op->o_req_ndn, op->o_tmpmemctx );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ rs->sr_text = "Invalid DN";
+ rc = rs->sr_err;
+ goto error_return;
+ }
+ op->o_bd = select_backend( &op->o_req_ndn, 0, 1 );
+
+ } else {
+ ber_dupbv_x( &op->o_req_dn, &op->o_dn, op->o_tmpmemctx );
+ ber_dupbv_x( &op->o_req_ndn, &op->o_ndn, op->o_tmpmemctx );
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+ op->o_bd = op->o_conn->c_authz_backend;
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+ }
+
+ if( op->o_bd == NULL ) {
+ if ( qpw->rs_old.bv_val != NULL ) {
+ rs->sr_text = "unwilling to verify old password";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ goto error_return;
+ }
+
+#ifdef HAVE_CYRUS_SASL
+ rc = slap_sasl_setpass( op, rs );
+#else
+ rs->sr_text = "no authz backend";
+ rc = LDAP_OTHER;
+#endif
+ goto error_return;
+ }
+
+ if ( op->o_req_ndn.bv_len == 0 ) {
+ rs->sr_text = "no password is associated with the Root DSE";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ goto error_return;
+ }
+
+ /* If we've got a glued backend, check the real backend */
+ op_be = op->o_bd;
+ if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
+ op->o_bd = select_backend( &op->o_req_ndn, 0, 0 );
+ }
+
+ if (backend_check_restrictions( op, rs,
+ (struct berval *)&slap_EXOP_MODIFY_PASSWD ) != LDAP_SUCCESS) {
+ rc = rs->sr_err;
+ goto error_return;
+ }
+
+ /* check for referrals */
+ if ( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
+ rc = rs->sr_err;
+ goto error_return;
+ }
+
+#ifndef SLAPD_MULTIMASTER
+ /* This does not apply to multi-master case */
+ if(!( !SLAP_SHADOW( op->o_bd ) || be_isupdate( op ))) {
+ /* we SHOULD return a referral in this case */
+ BerVarray defref = op->o_bd->be_update_refs
+ ? op->o_bd->be_update_refs : default_referral;
+
+ if( defref != NULL ) {
+ rs->sr_ref = referral_rewrite( op->o_bd->be_update_refs,
+ NULL, NULL, LDAP_SCOPE_DEFAULT );
+ if(rs->sr_ref) {
+ rs->sr_flags |= REP_REF_MUSTBEFREED;
+ } else {
+ rs->sr_ref = defref;
+ }
+ rc = LDAP_REFERRAL;
+ goto error_return;
+
+ }
+
+ rs->sr_text = "shadow context; no update referral";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ goto error_return;
+ }
+#endif /* !SLAPD_MULTIMASTER */
+
+ /* generate a new password if none was provided */
+ if ( qpw->rs_new.bv_len == 0 ) {
+ slap_passwd_generate( &qpw->rs_new );
+ if ( qpw->rs_new.bv_len ) {
+ rsp = slap_passwd_return( &qpw->rs_new );
+ freenewpw = 1;
+ }
+ }
+ if ( qpw->rs_new.bv_len == 0 ) {
+ rs->sr_text = "password generation failed";
+ rc = LDAP_OTHER;
+ goto error_return;
+ }
+
+ op->o_bd = op_be;
+
+ /* Give the backend a chance to handle this itself */
+ if ( op->o_bd->be_extended ) {
+ rs->sr_err = op->o_bd->be_extended( op, rs );
+ if ( rs->sr_err != LDAP_UNWILLING_TO_PERFORM &&
+ rs->sr_err != SLAP_CB_CONTINUE )
+ {
+ rc = rs->sr_err;
+ if ( rsp ) {
+ rs->sr_rspdata = rsp;
+ rsp = NULL;
+ }
+ goto error_return;
+ }
+ }
+
+ /* The backend didn't handle it, so try it here */
+ if( op->o_bd && !op->o_bd->be_modify ) {
+ rs->sr_text = "operation not supported for current user";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ goto error_return;
+ }
+
+ if ( qpw->rs_old.bv_val != NULL ) {
+ Entry *e = NULL;
+
+ rc = be_entry_get_rw( op, &op->o_req_ndn, NULL,
+ slap_schema.si_ad_userPassword, 0, &e );
+ if ( rc == LDAP_SUCCESS && e ) {
+ Attribute *a = attr_find( e->e_attrs,
+ slap_schema.si_ad_userPassword );
+ if ( a )
+ rc = slap_passwd_check( op, e, a, &qpw->rs_old, &rs->sr_text );
+ else
+ rc = 1;
+ be_entry_release_r( op, e );
+ if ( rc == LDAP_SUCCESS )
+ goto old_good;
+ }
+ rs->sr_text = "unwilling to verify old password";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ goto error_return;
+ }
+
+old_good:
+ ml = ch_malloc( sizeof(Modifications) );
+ if ( !qpw->rs_modtail ) qpw->rs_modtail = &ml->sml_next;
+
+ if ( default_passwd_hash ) {
+ for ( nhash = 0; default_passwd_hash[nhash]; nhash++ );
+ hashes = default_passwd_hash;
+ } else {
+ nhash = 1;
+ hashes = (char **)defhash;
+ }
+ ml->sml_values = ch_malloc( (nhash+1)*sizeof(struct berval) );
+ for ( i=0; hashes[i]; i++ ) {
+ slap_passwd_hash_type( &qpw->rs_new, &hash, hashes[i], &rs->sr_text );
+ if ( hash.bv_len == 0 ) {
+ if ( !rs->sr_text ) {
+ rs->sr_text = "password hash failed";
+ }
+ break;
+ }
+ ml->sml_values[i] = hash;
+ }
+ ml->sml_values[i].bv_val = NULL;
+ ml->sml_nvalues = NULL;
+ ml->sml_desc = slap_schema.si_ad_userPassword;
+ ml->sml_type = ml->sml_desc->ad_cname;
+ ml->sml_op = LDAP_MOD_REPLACE;
+ ml->sml_flags = 0;
+ ml->sml_next = qpw->rs_mods;
+ qpw->rs_mods = ml;
+
+ if ( hashes[i] ) {
+ rs->sr_err = LDAP_OTHER;
+
+ } else {
+ slap_callback *sc = op->o_callback;
+
+ op->o_tag = LDAP_REQ_MODIFY;
+ op->o_callback = &cb2;
+ op->orm_modlist = qpw->rs_mods;
+ cb2.sc_private = qpw; /* let Modify know this was pwdMod,
+ * if it cares... */
+
+ rs->sr_err = op->o_bd->be_modify( op, rs );
+
+ /* be_modify() might have shuffled modifications */
+ qpw->rs_mods = op->orm_modlist;
+
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ rs->sr_rspdata = rsp;
+
+ } else if ( rsp ) {
+ ber_bvfree( rsp );
+ rsp = NULL;
+ }
+ op->o_tag = LDAP_REQ_EXTENDED;
+ op->o_callback = sc;
+ }
+
+ rc = rs->sr_err;
+ op->oq_extended = qext;
+
+error_return:;
+ if ( qpw->rs_mods ) {
+ slap_mods_free( qpw->rs_mods, 1 );
+ }
+ if ( freenewpw ) {
+ free( qpw->rs_new.bv_val );
+ }
+ if ( !BER_BVISNULL( &op->o_req_dn ) ) {
+ op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &op->o_req_dn );
+ }
+ if ( !BER_BVISNULL( &op->o_req_ndn ) ) {
+ op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &op->o_req_ndn );
+ }
+
+ return rc;
+}
+
+int slap_passwd_parse( struct berval *reqdata,
+ struct berval *id,
+ struct berval *oldpass,
+ struct berval *newpass,
+ const char **text )
+{
+ int rc = LDAP_SUCCESS;
+ ber_tag_t tag;
+ ber_len_t len = -1;
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+
+ if( reqdata == NULL ) {
+ return LDAP_SUCCESS;
+ }
+
+ if( reqdata->bv_len == 0 ) {
+ *text = "empty request data field";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ /* ber_init2 uses reqdata directly, doesn't allocate new buffers */
+ ber_init2( ber, reqdata, 0 );
+
+ tag = ber_scanf( ber, "{" /*}*/ );
+
+ if( tag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_passwd_parse: decoding error\n", 0, 0, 0 );
+ rc = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+
+ tag = ber_peek_tag( ber, &len );
+ if( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_ID ) {
+ if( id == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: ID not allowed.\n",
+ 0, 0, 0 );
+
+ *text = "user must change own password";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ goto done;
+ }
+
+ tag = ber_scanf( ber, "m", id );
+
+ if( tag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: ID parse failed.\n",
+ 0, 0, 0 );
+
+ goto decoding_error;
+ }
+
+ tag = ber_peek_tag( ber, &len );
+ }
+
+ if( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ) {
+ if( oldpass == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: OLD not allowed.\n",
+ 0, 0, 0 );
+
+ *text = "use bind to verify old password";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ goto done;
+ }
+
+ tag = ber_scanf( ber, "m", oldpass );
+
+ if( tag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: OLD parse failed.\n",
+ 0, 0, 0 );
+
+ goto decoding_error;
+ }
+
+ if( oldpass->bv_len == 0 ) {
+ Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: OLD empty.\n",
+ 0, 0, 0 );
+
+ *text = "old password value is empty";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ goto done;
+ }
+
+ tag = ber_peek_tag( ber, &len );
+ }
+
+ if( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ) {
+ if( newpass == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: NEW not allowed.\n",
+ 0, 0, 0 );
+
+ *text = "user specified passwords disallowed";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ goto done;
+ }
+
+ tag = ber_scanf( ber, "m", newpass );
+
+ if( tag == LBER_ERROR ) {
+ Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: NEW parse failed.\n",
+ 0, 0, 0 );
+
+ goto decoding_error;
+ }
+
+ if( newpass->bv_len == 0 ) {
+ Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: NEW empty.\n",
+ 0, 0, 0 );
+
+ *text = "new password value is empty";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ goto done;
+ }
+
+ tag = ber_peek_tag( ber, &len );
+ }
+
+ if( len != 0 ) {
+decoding_error:
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_passwd_parse: decoding error, len=%ld\n",
+ (long) len, 0, 0 );
+
+ *text = "data decoding error";
+ rc = LDAP_PROTOCOL_ERROR;
+ }
+
+done:
+ return rc;
+}
+
+struct berval * slap_passwd_return(
+ struct berval *cred )
+{
+ int rc;
+ struct berval *bv = NULL;
+ BerElementBuffer berbuf;
+ /* opaque structure, size unknown but smaller than berbuf */
+ BerElement *ber = (BerElement *)&berbuf;
+
+ assert( cred != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, "slap_passwd_return: %ld\n",
+ (long) cred->bv_len, 0, 0 );
+
+ ber_init_w_nullc( ber, LBER_USE_DER );
+
+ rc = ber_printf( ber, "{tON}",
+ LDAP_TAG_EXOP_MODIFY_PASSWD_GEN, cred );
+
+ if( rc >= 0 ) {
+ (void) ber_flatten( ber, &bv );
+ }
+
+ ber_free_buf( ber );
+
+ return bv;
+}
+
+/*
+ * if "e" is provided, access to each value of the password is checked first
+ */
+int
+slap_passwd_check(
+ Operation *op,
+ Entry *e,
+ Attribute *a,
+ struct berval *cred,
+ const char **text )
+{
+ int result = 1;
+ struct berval *bv;
+ AccessControlState acl_state = ACL_STATE_INIT;
+
+#ifdef SLAPD_SPASSWD
+ ldap_pvt_thread_pool_setkey( op->o_threadctx, slap_sasl_bind,
+ op->o_conn->c_sasl_authctx, NULL );
+#endif
+
+ for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) {
+ /* if e is provided, check access */
+ if ( e && access_allowed( op, e, a->a_desc, bv,
+ ACL_AUTH, &acl_state ) == 0 )
+ {
+ continue;
+ }
+
+ if ( !lutil_passwd( bv, cred, NULL, text ) ) {
+ result = 0;
+ break;
+ }
+ }
+
+#ifdef SLAPD_SPASSWD
+ ldap_pvt_thread_pool_setkey( op->o_threadctx, slap_sasl_bind,
+ NULL, NULL );
+#endif
+
+ return result;
+}
+
+void
+slap_passwd_generate( struct berval *pass )
+{
+ Debug( LDAP_DEBUG_TRACE, "slap_passwd_generate\n", 0, 0, 0 );
+ BER_BVZERO( pass );
+
+ /*
+ * generate passwords of only 8 characters as some getpass(3)
+ * implementations truncate at 8 characters.
+ */
+ lutil_passwd_generate( pass, 8 );
+}
+
+void
+slap_passwd_hash_type(
+ struct berval * cred,
+ struct berval * new,
+ char *hash,
+ const char **text )
+{
+ new->bv_len = 0;
+ new->bv_val = NULL;
+
+ assert( hash != NULL );
+
+ lutil_passwd_hash( cred , hash, new, text );
+}
+void
+slap_passwd_hash(
+ struct berval * cred,
+ struct berval * new,
+ const char **text )
+{
+ char *hash = NULL;
+ if ( default_passwd_hash ) {
+ hash = default_passwd_hash[0];
+ }
+ if ( !hash ) {
+ hash = (char *)defhash[0];
+ }
+
+ slap_passwd_hash_type( cred, new, hash, text );
+}
+
+#ifdef SLAPD_CRYPT
+static ldap_pvt_thread_mutex_t passwd_mutex;
+static lutil_cryptfunc slapd_crypt;
+
+static int slapd_crypt( const char *key, const char *salt, char **hash )
+{
+ char *cr;
+ int rc;
+
+ ldap_pvt_thread_mutex_lock( &passwd_mutex );
+
+ cr = crypt( key, salt );
+ if ( cr == NULL || cr[0] == '\0' ) {
+ /* salt must have been invalid */
+ rc = LUTIL_PASSWD_ERR;
+ } else {
+ if ( hash ) {
+ *hash = ber_strdup( cr );
+ rc = LUTIL_PASSWD_OK;
+
+ } else {
+ rc = strcmp( salt, cr ) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+ }
+ }
+
+ ldap_pvt_thread_mutex_unlock( &passwd_mutex );
+ return rc;
+}
+#endif /* SLAPD_CRYPT */
+
+void slap_passwd_init()
+{
+#ifdef SLAPD_CRYPT
+ ldap_pvt_thread_mutex_init( &passwd_mutex );
+ lutil_cryptptr = slapd_crypt;
+#endif
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/phonetic.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/phonetic.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/phonetic.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,459 @@
+/* phonetic.c - routines to do phonetic matching */
+/* $OpenLDAP: pkg/ldap/servers/slapd/phonetic.c,v 1.19.2.4 2007/01/02 21:43:57 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/time.h>
+
+#include "slap.h"
+
+#if !defined(SLAPD_METAPHONE) && !defined(SLAPD_PHONETIC)
+#define SLAPD_METAPHONE
+#endif
+
+#define iswordbreak(x) (!isascii(x) || isspace((unsigned char) (x)) || \
+ ispunct((unsigned char) (x)) || \
+ isdigit((unsigned char) (x)) || (x) == '\0')
+
+#if 0
+static char *
+first_word( char *s )
+{
+ if ( s == NULL ) {
+ return( NULL );
+ }
+
+ while ( iswordbreak( *s ) ) {
+ if ( *s == '\0' ) {
+ return( NULL );
+ } else {
+ s++;
+ }
+ }
+
+ return( s );
+}
+
+static char *
+next_word( char *s )
+{
+ if ( s == NULL ) {
+ return( NULL );
+ }
+
+ while ( ! iswordbreak( *s ) ) {
+ s++;
+ }
+
+ while ( iswordbreak( *s ) ) {
+ if ( *s == '\0' ) {
+ return( NULL );
+ } else {
+ s++;
+ }
+ }
+
+ return( s );
+}
+
+static char *
+word_dup( char *w )
+{
+ char *s, *ret;
+ char save;
+
+ for ( s = w; !iswordbreak( *s ); s++ )
+ ; /* NULL */
+ save = *s;
+ *s = '\0';
+ ret = ch_strdup( w );
+ *s = save;
+
+ return( ret );
+}
+#endif /* 0 */
+
+#ifndef MAXPHONEMELEN
+#define MAXPHONEMELEN 4
+#endif
+
+#if defined(SLAPD_PHONETIC)
+
+/* lifted from isode-8.0 */
+char *
+phonetic( char *s )
+{
+ char code, adjacent, ch;
+ char *p;
+ int i;
+ char phoneme[MAXPHONEMELEN + 1];
+
+ p = s;
+ if ( p == NULL || *p == '\0' ) {
+ return( NULL );
+ }
+
+ adjacent = '0';
+ phoneme[0] = TOUPPER((unsigned char)*p);
+
+ phoneme[1] = '\0';
+ for ( i = 0; i < 99 && (! iswordbreak(*p)); p++ ) {
+ ch = TOUPPER ((unsigned char)*p);
+
+ code = '0';
+
+ switch (ch) {
+ case 'B':
+ case 'F':
+ case 'P':
+ case 'V':
+ code = (adjacent != '1') ? '1' : '0';
+ break;
+ case 'S':
+ case 'C':
+ case 'G':
+ case 'J':
+ case 'K':
+ case 'Q':
+ case 'X':
+ case 'Z':
+ code = (adjacent != '2') ? '2' : '0';
+ break;
+ case 'D':
+ case 'T':
+ code = (adjacent != '3') ? '3' : '0';
+ break;
+ case 'L':
+ code = (adjacent != '4') ? '4' : '0';
+ break;
+ case 'M':
+ case 'N':
+ code = (adjacent != '5') ? '5' : '0';
+ break;
+ case 'R':
+ code = (adjacent != '6') ? '6' : '0';
+ break;
+ default:
+ adjacent = '0';
+ }
+
+ if ( i == 0 ) {
+ adjacent = code;
+ i++;
+ } else if ( code != '0' ) {
+ if ( i == MAXPHONEMELEN )
+ break;
+ adjacent = phoneme[i] = code;
+ i++;
+ }
+ }
+
+ if ( i > 0 )
+ phoneme[i] = '\0';
+
+ return( ch_strdup( phoneme ) );
+}
+
+#elif defined(SLAPD_METAPHONE)
+
+/*
+ * Metaphone was originally developed by Lawrence Philips and
+ * published in the "Computer Language" magazine in 1990.
+ */
+/*
+ * Metaphone copied from C Gazette, June/July 1991, pp 56-57,
+ * author Gary A. Parker, with changes by Bernard Tiffany of the
+ * University of Michigan, and more changes by Tim Howes of the
+ * University of Michigan.
+ */
+
+/* Character coding array */
+static const char vsvfn[26] = {
+ 1, 16, 4, 16, 9, 2, 4, 16, 9, 2, 0, 2, 2,
+ /* A B C D E F G H I J K L M */
+ 2, 1, 4, 0, 2, 4, 4, 1, 0, 0, 0, 8, 0};
+ /* N O P Q R S T U V W X Y Z */
+
+/* Macros to access character coding array */
+#define vowel(x) ((x) != '\0' && vsvfn[(x) - 'A'] & 1) /* AEIOU */
+#define same(x) ((x) != '\0' && vsvfn[(x) - 'A'] & 2) /* FJLMNR */
+#define varson(x) ((x) != '\0' && vsvfn[(x) - 'A'] & 4) /* CGPST */
+#define frontv(x) ((x) != '\0' && vsvfn[(x) - 'A'] & 8) /* EIY */
+#define noghf(x) ((x) != '\0' && vsvfn[(x) - 'A'] & 16) /* BDH */
+
+char *
+phonetic( char *Word )
+{
+ char *n, *n_start, *n_end; /* pointers to string */
+ char *metaph_end; /* pointers to metaph */
+ char ntrans[40]; /* word with uppercase letters */
+ int KSflag; /* state flag for X -> KS */
+ char buf[MAXPHONEMELEN + 2];
+ char *Metaph;
+
+ /*
+ * Copy Word to internal buffer, dropping non-alphabetic characters
+ * and converting to upper case
+ */
+
+ for (n = ntrans + 4, n_end = ntrans + 35; !iswordbreak( *Word ) &&
+ n < n_end; Word++) {
+ if (isalpha((unsigned char)*Word))
+ *n++ = TOUPPER((unsigned char)*Word);
+ }
+ Metaph = buf;
+ *Metaph = '\0';
+ if (n == ntrans + 4) {
+ return( ch_strdup( buf ) ); /* Return if null */
+ }
+ n_end = n; /* Set n_end to end of string */
+
+ /* ntrans[0] will always be == 0 */
+ ntrans[0] = '\0';
+ ntrans[1] = '\0';
+ ntrans[2] = '\0';
+ ntrans[3] = '\0';
+ *n++ = 0;
+ *n++ = 0;
+ *n++ = 0;
+ *n = 0; /* Pad with nulls */
+ n = ntrans + 4; /* Assign pointer to start */
+
+ /* Check for PN, KN, GN, AE, WR, WH, and X at start */
+ switch (*n) {
+ case 'P':
+ case 'K':
+ case 'G':
+ /* 'PN', 'KN', 'GN' becomes 'N' */
+ if (*(n + 1) == 'N')
+ *n++ = 0;
+ break;
+ case 'A':
+ /* 'AE' becomes 'E' */
+ if (*(n + 1) == 'E')
+ *n++ = 0;
+ break;
+ case 'W':
+ /* 'WR' becomes 'R', and 'WH' to 'H' */
+ if (*(n + 1) == 'R')
+ *n++ = 0;
+ else if (*(n + 1) == 'H') {
+ *(n + 1) = *n;
+ *n++ = 0;
+ }
+ break;
+ case 'X':
+ /* 'X' becomes 'S' */
+ *n = 'S';
+ break;
+ }
+
+ /*
+ * Now, loop step through string, stopping at end of string or when
+ * the computed 'metaph' is MAXPHONEMELEN characters long
+ */
+
+ KSflag = 0; /* state flag for KS translation */
+ for (metaph_end = Metaph + MAXPHONEMELEN, n_start = n;
+ n <= n_end && Metaph < metaph_end; n++) {
+ if (KSflag) {
+ KSflag = 0;
+ *Metaph++ = 'S';
+ } else {
+ /* Drop duplicates except for CC */
+ if (*(n - 1) == *n && *n != 'C')
+ continue;
+ /* Check for F J L M N R or first letter vowel */
+ if (same(*n) || (n == n_start && vowel(*n)))
+ *Metaph++ = *n;
+ else
+ switch (*n) {
+ case 'B':
+
+ /*
+ * B unless in -MB
+ */
+ if (n == (n_end - 1) && *(n - 1) != 'M')
+ *Metaph++ = *n;
+ break;
+ case 'C':
+
+ /*
+ * X if in -CIA-, -CH- else S if in
+ * -CI-, -CE-, -CY- else dropped if
+ * in -SCI-, -SCE-, -SCY- else K
+ */
+ if (*(n - 1) != 'S' || !frontv(*(n + 1))) {
+ if (*(n + 1) == 'I' && *(n + 2) == 'A')
+ *Metaph++ = 'X';
+ else if (frontv(*(n + 1)))
+ *Metaph++ = 'S';
+ else if (*(n + 1) == 'H')
+ *Metaph++ = ((n == n_start && !vowel(*(n + 2)))
+ || *(n - 1) == 'S')
+ ? (char) 'K' : (char) 'X';
+ else
+ *Metaph++ = 'K';
+ }
+ break;
+ case 'D':
+
+ /*
+ * J if in DGE or DGI or DGY else T
+ */
+ *Metaph++ = (*(n + 1) == 'G' && frontv(*(n + 2)))
+ ? (char) 'J' : (char) 'T';
+ break;
+ case 'G':
+
+ /*
+ * F if in -GH and not B--GH, D--GH,
+ * -H--GH, -H---GH else dropped if
+ * -GNED, -GN, -DGE-, -DGI-, -DGY-
+ * else J if in -GE-, -GI-, -GY- and
+ * not GG else K
+ */
+ if ((*(n + 1) != 'J' || vowel(*(n + 2))) &&
+ (*(n + 1) != 'N' || ((n + 1) < n_end &&
+ (*(n + 2) != 'E' || *(n + 3) != 'D'))) &&
+ (*(n - 1) != 'D' || !frontv(*(n + 1))))
+ *Metaph++ = (frontv(*(n + 1)) &&
+ *(n + 2) != 'G') ? (char) 'G' : (char) 'K';
+ else if (*(n + 1) == 'H' && !noghf(*(n - 3)) &&
+ *(n - 4) != 'H')
+ *Metaph++ = 'F';
+ break;
+ case 'H':
+
+ /*
+ * H if before a vowel and not after
+ * C, G, P, S, T else dropped
+ */
+ if (!varson(*(n - 1)) && (!vowel(*(n - 1)) ||
+ vowel(*(n + 1))))
+ *Metaph++ = 'H';
+ break;
+ case 'K':
+
+ /*
+ * dropped if after C else K
+ */
+ if (*(n - 1) != 'C')
+ *Metaph++ = 'K';
+ break;
+ case 'P':
+
+ /*
+ * F if before H, else P
+ */
+ *Metaph++ = *(n + 1) == 'H' ?
+ (char) 'F' : (char) 'P';
+ break;
+ case 'Q':
+
+ /*
+ * K
+ */
+ *Metaph++ = 'K';
+ break;
+ case 'S':
+
+ /*
+ * X in -SH-, -SIO- or -SIA- else S
+ */
+ *Metaph++ = (*(n + 1) == 'H' ||
+ (*(n + 1) == 'I' && (*(n + 2) == 'O' ||
+ *(n + 2) == 'A')))
+ ? (char) 'X' : (char) 'S';
+ break;
+ case 'T':
+
+ /*
+ * X in -TIA- or -TIO- else 0 (zero)
+ * before H else dropped if in -TCH-
+ * else T
+ */
+ if (*(n + 1) == 'I' && (*(n + 2) == 'O' ||
+ *(n + 2) == 'A'))
+ *Metaph++ = 'X';
+ else if (*(n + 1) == 'H')
+ *Metaph++ = '0';
+ else if (*(n + 1) != 'C' || *(n + 2) != 'H')
+ *Metaph++ = 'T';
+ break;
+ case 'V':
+
+ /*
+ * F
+ */
+ *Metaph++ = 'F';
+ break;
+ case 'W':
+
+ /*
+ * W after a vowel, else dropped
+ */
+ case 'Y':
+
+ /*
+ * Y unless followed by a vowel
+ */
+ if (vowel(*(n + 1)))
+ *Metaph++ = *n;
+ break;
+ case 'X':
+
+ /*
+ * KS
+ */
+ if (n == n_start)
+ *Metaph++ = 'S';
+ else {
+ *Metaph++ = 'K'; /* Insert K, then S */
+ KSflag = 1;
+ }
+ break;
+ case 'Z':
+
+ /*
+ * S
+ */
+ *Metaph++ = 'S';
+ break;
+ }
+ }
+ }
+
+ *Metaph = 0; /* Null terminate */
+ return( ch_strdup( buf ) );
+}
+
+#endif /* SLAPD_METAPHONE */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/proto-slap.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/proto-slap.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/proto-slap.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1899 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/proto-slap.h,v 1.552.2.41 2007/01/02 21:43:57 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#ifndef PROTO_SLAP_H
+#define PROTO_SLAP_H
+
+#include <ldap_cdefs.h>
+#include "ldap_pvt.h"
+
+LDAP_BEGIN_DECL
+
+/*
+ * aci.c
+ */
+#ifdef SLAPD_ACI_ENABLED
+LDAP_SLAPD_F (int) aci_mask LDAP_P((
+ Operation *op, Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ struct berval *aci,
+ int nmatch,
+ regmatch_t *matches,
+ slap_access_t *grant,
+ slap_access_t *deny,
+ slap_aci_scope_t scope));
+#ifdef SLAP_DYNACL
+LDAP_SLAPD_F (int) dynacl_aci_init LDAP_P(( void ));
+#else /* !SLAP_DYNACL */
+LDAP_SLAPD_F (int) aci_init LDAP_P(( void ));
+LDAP_SLAPD_V (AttributeDescription *) slap_ad_aci;
+#endif /* !SLAP_DYNACL */
+#endif /* SLAPD_ACI_ENABLED */
+
+/*
+ * acl.c
+ */
+LDAP_SLAPD_F (int) access_allowed_mask LDAP_P((
+ Operation *op,
+ Entry *e, AttributeDescription *desc, struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *mask ));
+#define access_allowed(op,e,desc,val,access,state) access_allowed_mask(op,e,desc,val,access,state,NULL)
+#ifdef SLAP_OVERLAY_ACCESS
+LDAP_SLAPD_F (int) slap_access_allowed LDAP_P((
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *maskp ));
+LDAP_SLAPD_F (int) slap_access_always_allowed LDAP_P((
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *maskp ));
+#endif /* SLAP_OVERLAY_ACCESS */
+
+LDAP_SLAPD_F (int) acl_check_modlist LDAP_P((
+ Operation *op, Entry *e, Modifications *ml ));
+
+LDAP_SLAPD_F (void) acl_append( AccessControl **l, AccessControl *a, int pos );
+
+#ifdef SLAP_DYNACL
+LDAP_SLAPD_F (int) slap_dynacl_register LDAP_P(( slap_dynacl_t *da ));
+LDAP_SLAPD_F (slap_dynacl_t *) slap_dynacl_get LDAP_P(( const char *name ));
+#endif /* SLAP_DYNACL */
+LDAP_SLAPD_F (int) acl_init LDAP_P(( void ));
+
+LDAP_SLAPD_F (int) acl_get_part LDAP_P((
+ struct berval *list,
+ int ix,
+ char sep,
+ struct berval *bv ));
+LDAP_SLAPD_F (int) acl_match_set LDAP_P((
+ struct berval *subj,
+ Operation *op,
+ Entry *e,
+ struct berval *default_set_attribute ));
+LDAP_SLAPD_F (int) acl_string_expand LDAP_P((
+ struct berval *newbuf, struct berval *pattern,
+ char *match, int nmatch, regmatch_t *matches ));
+
+/*
+ * aclparse.c
+ */
+LDAP_SLAPD_V (char *) style_strings[];
+
+LDAP_SLAPD_F (int) parse_acl LDAP_P(( Backend *be,
+ const char *fname, int lineno,
+ int argc, char **argv, int pos ));
+
+LDAP_SLAPD_F (char *) access2str LDAP_P(( slap_access_t access ));
+LDAP_SLAPD_F (slap_access_t) str2access LDAP_P(( const char *str ));
+
+#define ACCESSMASK_MAXLEN sizeof("unknown (+wrscan)")
+LDAP_SLAPD_F (char *) accessmask2str LDAP_P(( slap_mask_t mask, char*, int debug ));
+LDAP_SLAPD_F (slap_mask_t) str2accessmask LDAP_P(( const char *str ));
+LDAP_SLAPD_F (void) acl_unparse LDAP_P(( AccessControl*, struct berval* ));
+LDAP_SLAPD_F (void) acl_destroy LDAP_P(( AccessControl*, AccessControl* ));
+LDAP_SLAPD_F (void) acl_free LDAP_P(( AccessControl *a ));
+
+
+/*
+ * ad.c
+ */
+LDAP_SLAPD_F (int) slap_str2ad LDAP_P((
+ const char *,
+ AttributeDescription **ad,
+ const char **text ));
+
+LDAP_SLAPD_F (int) slap_bv2ad LDAP_P((
+ struct berval *bv,
+ AttributeDescription **ad,
+ const char **text ));
+
+LDAP_SLAPD_F (void) ad_destroy LDAP_P(( AttributeDescription * ));
+
+#define ad_cmp(l,r) (((l)->ad_cname.bv_len < (r)->ad_cname.bv_len) \
+ ? -1 : (((l)->ad_cname.bv_len > (r)->ad_cname.bv_len) \
+ ? 1 : strcasecmp((l)->ad_cname.bv_val, (r)->ad_cname.bv_val )))
+
+LDAP_SLAPD_F (int) is_ad_subtype LDAP_P((
+ AttributeDescription *sub,
+ AttributeDescription *super ));
+
+LDAP_SLAPD_F (int) ad_inlist LDAP_P((
+ AttributeDescription *desc,
+ AttributeName *attrs ));
+
+LDAP_SLAPD_F (int) slap_str2undef_ad LDAP_P((
+ const char *,
+ AttributeDescription **ad,
+ const char **text,
+ unsigned proxied ));
+
+LDAP_SLAPD_F (int) slap_bv2undef_ad LDAP_P((
+ struct berval *bv,
+ AttributeDescription **ad,
+ const char **text,
+ unsigned proxied ));
+
+LDAP_SLAPD_F (int) slap_ad_undef_promote LDAP_P((
+ char *name,
+ AttributeType *nat ));
+
+LDAP_SLAPD_F (AttributeDescription *) ad_find_tags LDAP_P((
+ AttributeType *type,
+ struct berval *tags ));
+
+LDAP_SLAPD_F (AttributeName *) str2anlist LDAP_P(( AttributeName *an,
+ char *str, const char *brkstr ));
+LDAP_SLAPD_F (char **) anlist2charray_x LDAP_P((
+ AttributeName *an, int dup, void *ctx ));
+LDAP_SLAPD_F (char **) anlist2charray LDAP_P(( AttributeName *an, int dup ));
+LDAP_SLAPD_F (char **) anlist2attrs LDAP_P(( AttributeName *anlist ));
+LDAP_SLAPD_F (AttributeName *) file2anlist LDAP_P((
+ AttributeName *, const char *, const char * ));
+LDAP_SLAPD_F (int) an_find LDAP_P(( AttributeName *a, struct berval *s ));
+LDAP_SLAPD_F (int) ad_define_option LDAP_P(( const char *name,
+ const char *fname, int lineno ));
+LDAP_SLAPD_F (void) ad_unparse_options LDAP_P(( BerVarray *res ));
+
+LDAP_SLAPD_F (MatchingRule *) ad_mr(
+ AttributeDescription *ad,
+ unsigned usage );
+
+LDAP_SLAPD_V( AttributeName * ) slap_anlist_no_attrs;
+LDAP_SLAPD_V( AttributeName * ) slap_anlist_all_user_attributes;
+LDAP_SLAPD_V( AttributeName * ) slap_anlist_all_operational_attributes;
+LDAP_SLAPD_V( AttributeName * ) slap_anlist_all_attributes;
+
+/*
+ * add.c
+ */
+LDAP_SLAPD_F (int) slap_mods2entry LDAP_P(( Modifications *mods, Entry **e,
+ int initial, int dup, const char **text, char *textbuf, size_t textlen ));
+
+LDAP_SLAPD_F (int) slap_entry2mods LDAP_P(( Entry *e,
+ Modifications **mods, const char **text,
+ char *textbuf, size_t textlen ));
+LDAP_SLAPD_F( int ) slap_add_opattrs(
+ Operation *op,
+ const char **text,
+ char *textbuf, size_t textlen,
+ int manage_ctxcsn );
+
+
+/*
+ * at.c
+ */
+LDAP_SLAPD_V(int) at_oc_cache;
+LDAP_SLAPD_F (void) at_config LDAP_P((
+ const char *fname, int lineno,
+ int argc, char **argv ));
+LDAP_SLAPD_F (AttributeType *) at_find LDAP_P((
+ const char *name ));
+LDAP_SLAPD_F (AttributeType *) at_bvfind LDAP_P((
+ struct berval *name ));
+LDAP_SLAPD_F (int) at_find_in_list LDAP_P((
+ AttributeType *sat, AttributeType **list ));
+LDAP_SLAPD_F (int) at_append_to_list LDAP_P((
+ AttributeType *sat, AttributeType ***listp ));
+LDAP_SLAPD_F (int) at_delete_from_list LDAP_P((
+ int pos, AttributeType ***listp ));
+LDAP_SLAPD_F (int) at_schema_info LDAP_P(( Entry *e ));
+LDAP_SLAPD_F (int) at_add LDAP_P((
+ LDAPAttributeType *at, int user,
+ AttributeType **sat, const char **err ));
+LDAP_SLAPD_F (void) at_destroy LDAP_P(( void ));
+
+LDAP_SLAPD_F (int) is_at_subtype LDAP_P((
+ AttributeType *sub,
+ AttributeType *super ));
+
+LDAP_SLAPD_F (int) is_at_syntax LDAP_P((
+ AttributeType *at,
+ const char *oid ));
+
+LDAP_SLAPD_F (int) at_start LDAP_P(( AttributeType **at ));
+LDAP_SLAPD_F (int) at_next LDAP_P(( AttributeType **at ));
+
+LDAP_SLAPD_F (void) at_unparse LDAP_P((
+ BerVarray *bva, AttributeType *start, AttributeType *end, int system ));
+
+/*
+ * attr.c
+ */
+LDAP_SLAPD_F (void) attr_free LDAP_P(( Attribute *a ));
+LDAP_SLAPD_F (Attribute *) attr_dup LDAP_P(( Attribute *a ));
+
+#ifdef LDAP_COMP_MATCH
+LDAP_SLAPD_F (void) comp_tree_free LDAP_P(( Attribute *a ));
+#endif
+
+#define attr_mergeit( e, d, v ) attr_merge( e, d, v, NULL /* FIXME */ )
+#define attr_mergeit_one( e, d, v ) attr_merge_one( e, d, v, NULL /* FIXME */ )
+
+LDAP_SLAPD_F (Attribute *) attr_alloc LDAP_P(( AttributeDescription *ad ));
+LDAP_SLAPD_F (int) attr_merge LDAP_P(( Entry *e,
+ AttributeDescription *desc,
+ BerVarray vals,
+ BerVarray nvals ));
+LDAP_SLAPD_F (int) attr_merge_one LDAP_P(( Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ struct berval *nval ));
+LDAP_SLAPD_F (int) attr_merge_normalize LDAP_P(( Entry *e,
+ AttributeDescription *desc,
+ BerVarray vals, void *memctx ));
+LDAP_SLAPD_F (int) attr_merge_normalize_one LDAP_P(( Entry *e,
+ AttributeDescription *desc,
+ struct berval *val, void *memctx ));
+LDAP_SLAPD_F (Attribute *) attrs_find LDAP_P((
+ Attribute *a, AttributeDescription *desc ));
+LDAP_SLAPD_F (Attribute *) attr_find LDAP_P((
+ Attribute *a, AttributeDescription *desc ));
+LDAP_SLAPD_F (int) attr_delete LDAP_P((
+ Attribute **attrs, AttributeDescription *desc ));
+
+LDAP_SLAPD_F (void) attrs_free LDAP_P(( Attribute *a ));
+LDAP_SLAPD_F (Attribute *) attrs_dup LDAP_P(( Attribute *a ));
+
+
+/*
+ * ava.c
+ */
+LDAP_SLAPD_F (int) get_ava LDAP_P((
+ Operation *op,
+ BerElement *ber,
+ AttributeAssertion **ava,
+ unsigned usage,
+ const char **text ));
+LDAP_SLAPD_F (void) ava_free LDAP_P((
+ Operation *op,
+ AttributeAssertion *ava,
+ int freeit ));
+
+/*
+ * backend.c
+ */
+
+#define be_match( be1, be2 ) ( (be1) == (be2) || \
+ ( (be1) && (be2) && (be1)->be_nsuffix == (be2)->be_nsuffix ) )
+
+LDAP_SLAPD_F (int) backend_init LDAP_P((void));
+LDAP_SLAPD_F (int) backend_add LDAP_P((BackendInfo *aBackendInfo));
+LDAP_SLAPD_F (int) backend_num LDAP_P((Backend *be));
+LDAP_SLAPD_F (int) backend_startup LDAP_P((Backend *be));
+LDAP_SLAPD_F (int) backend_startup_one LDAP_P((Backend *be));
+LDAP_SLAPD_F (int) backend_sync LDAP_P((Backend *be));
+LDAP_SLAPD_F (int) backend_shutdown LDAP_P((Backend *be));
+LDAP_SLAPD_F (int) backend_destroy LDAP_P((void));
+LDAP_SLAPD_F (void) backend_destroy_one LDAP_P((BackendDB *bd, int dynamic));
+
+LDAP_SLAPD_F (BackendInfo *) backend_info LDAP_P(( const char *type ));
+LDAP_SLAPD_F (BackendDB *) backend_db_init LDAP_P(( const char *type,
+ BackendDB *be ));
+
+LDAP_SLAPD_F (BackendDB *) select_backend LDAP_P((
+ struct berval * dn,
+ int manageDSAit,
+ int noSubordinates ));
+
+LDAP_SLAPD_F (int) be_issuffix LDAP_P(( Backend *be,
+ struct berval *suffix ));
+LDAP_SLAPD_F (int) be_isroot LDAP_P(( Operation *op ));
+LDAP_SLAPD_F (int) be_isroot_dn LDAP_P(( Backend *be, struct berval *ndn ));
+LDAP_SLAPD_F (int) be_isroot_pw LDAP_P(( Operation *op ));
+LDAP_SLAPD_F (int) be_slurp_update LDAP_P(( Operation *op ));
+#define be_isupdate( op ) be_slurp_update( (op) )
+LDAP_SLAPD_F (int) be_shadow_update LDAP_P(( Operation *op ));
+LDAP_SLAPD_F (int) be_isupdate_dn LDAP_P(( Backend *be, struct berval *ndn ));
+LDAP_SLAPD_F (struct berval *) be_root_dn LDAP_P(( Backend *be ));
+LDAP_SLAPD_F (int) be_entry_get_rw LDAP_P(( struct slap_op *o,
+ struct berval *ndn, ObjectClass *oc,
+ AttributeDescription *at, int rw, Entry **e ));
+LDAP_SLAPD_F (int) be_entry_release_rw LDAP_P((
+ Operation *o, Entry *e, int rw ));
+#define be_entry_release_r( o, e ) be_entry_release_rw( o, e, 0 )
+#define be_entry_release_w( o, e ) be_entry_release_rw( o, e, 1 )
+
+LDAP_SLAPD_F (int) backend_unbind LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) backend_connection_init LDAP_P((Connection *conn));
+LDAP_SLAPD_F (int) backend_connection_destroy LDAP_P((Connection *conn));
+
+LDAP_SLAPD_F( int ) backend_check_controls LDAP_P((
+ Operation *op,
+ SlapReply *rs ));
+LDAP_SLAPD_F( int ) backend_check_restrictions LDAP_P((
+ Operation *op,
+ SlapReply *rs,
+ struct berval *opdata ));
+
+LDAP_SLAPD_F( int ) backend_check_referrals LDAP_P((
+ Operation *op,
+ SlapReply *rs ));
+
+LDAP_SLAPD_F (int) backend_group LDAP_P((
+ Operation *op,
+ Entry *target,
+ struct berval *gr_ndn,
+ struct berval *op_ndn,
+ ObjectClass *group_oc,
+ AttributeDescription *group_at
+));
+
+LDAP_SLAPD_F (int) backend_attribute LDAP_P((
+ Operation *op,
+ Entry *target,
+ struct berval *entry_ndn,
+ AttributeDescription *entry_at,
+ BerVarray *vals,
+ slap_access_t access
+));
+
+LDAP_SLAPD_F (int) backend_access LDAP_P((
+ Operation *op,
+ Entry *target,
+ struct berval *edn,
+ AttributeDescription *entry_at,
+ struct berval *nval,
+ slap_access_t access,
+ slap_mask_t *mask ));
+
+LDAP_SLAPD_F (int) backend_operational LDAP_P((
+ Operation *op,
+ SlapReply *rs
+));
+
+LDAP_SLAPD_V(BackendInfo) slap_binfo[];
+
+/*
+ * backglue.c
+ */
+
+LDAP_SLAPD_F (int) glue_sub_init( void );
+LDAP_SLAPD_F (int) glue_sub_attach( void );
+LDAP_SLAPD_F (int) glue_sub_add( BackendDB *be, int advert, int online );
+LDAP_SLAPD_F (int) glue_sub_del( BackendDB *be );
+
+/*
+ * backover.c
+ */
+LDAP_SLAPD_F (int) overlay_register LDAP_P(( slap_overinst *on ));
+LDAP_SLAPD_F (int) overlay_config LDAP_P(( BackendDB *be, const char *ov ));
+LDAP_SLAPD_F (void) overlay_destroy_one LDAP_P((
+ BackendDB *be,
+ slap_overinst *on ));
+LDAP_SLAPD_F (slap_overinst *) overlay_next LDAP_P(( slap_overinst *on ));
+LDAP_SLAPD_F (slap_overinst *) overlay_find LDAP_P(( const char *name ));
+LDAP_SLAPD_F (int) overlay_is_over LDAP_P(( BackendDB *be ));
+LDAP_SLAPD_F (int) overlay_is_inst LDAP_P(( BackendDB *be, const char *name ));
+LDAP_SLAPD_F (int) overlay_register_control LDAP_P((
+ BackendDB *be,
+ const char *oid ));
+LDAP_SLAPD_F (int) overlay_op_walk LDAP_P((
+ Operation *op,
+ SlapReply *rs,
+ slap_operation_t which,
+ slap_overinfo *oi,
+ slap_overinst *on ));
+
+/*
+ * bconfig.c
+ */
+LDAP_SLAPD_F (int) slap_loglevel_register LDAP_P (( slap_mask_t m, struct berval *s ));
+LDAP_SLAPD_F (int) str2loglevel LDAP_P(( const char *s, int *l ));
+LDAP_SLAPD_F (int) loglevel2bvarray LDAP_P(( int l, BerVarray *bva ));
+LDAP_SLAPD_F (const char *) loglevel2str LDAP_P(( int l ));
+LDAP_SLAPD_F (int) loglevel2bv LDAP_P(( int l, struct berval *bv ));
+LDAP_SLAPD_F (int) slap_cf_aux_table_parse LDAP_P(( const char *word, void *bc, slap_cf_aux_table *tab0, LDAP_CONST char *tabmsg ));
+LDAP_SLAPD_F (int) slap_cf_aux_table_unparse LDAP_P(( void *bc, struct berval *bv, slap_cf_aux_table *tab0 ));
+
+/*
+ * ch_malloc.c
+ */
+LDAP_SLAPD_V (BerMemoryFunctions) ch_mfuncs;
+LDAP_SLAPD_F (void *) ch_malloc LDAP_P(( ber_len_t size ));
+LDAP_SLAPD_F (void *) ch_realloc LDAP_P(( void *block, ber_len_t size ));
+LDAP_SLAPD_F (void *) ch_calloc LDAP_P(( ber_len_t nelem, ber_len_t size ));
+LDAP_SLAPD_F (char *) ch_strdup LDAP_P(( const char *string ));
+LDAP_SLAPD_F (void) ch_free LDAP_P(( void * ));
+
+#ifndef CH_FREE
+#undef free
+#define free ch_free
+#endif
+
+/*
+ * component.c
+ */
+#ifdef LDAP_COMP_MATCH
+struct comp_attribute_aliasing;
+
+LDAP_SLAPD_F (int) test_comp_filter_entry LDAP_P((
+ Operation* op,
+ Entry* e,
+ MatchingRuleAssertion* mr));
+
+LDAP_SLAPD_F (int) dup_comp_filter LDAP_P((
+ Operation* op,
+ struct berval *bv,
+ ComponentFilter *in_f,
+ ComponentFilter **out_f ));
+
+LDAP_SLAPD_F (int) get_aliased_filter_aa LDAP_P((
+ Operation* op,
+ AttributeAssertion* a_assert,
+ struct comp_attribute_aliasing* aa,
+ const char** text ));
+
+LDAP_SLAPD_F (int) get_aliased_filter LDAP_P((
+ Operation* op,
+ MatchingRuleAssertion* ma,
+ struct comp_attribute_aliasing* aa,
+ const char** text ));
+
+LDAP_SLAPD_F (int) get_comp_filter LDAP_P((
+ Operation* op,
+ BerValue* bv,
+ ComponentFilter** filt,
+ const char **text ));
+
+LDAP_SLAPD_F (int) insert_component_reference LDAP_P((
+ ComponentReference *cr,
+ ComponentReference** cr_list ));
+
+LDAP_SLAPD_F (int) is_component_reference LDAP_P((
+ char *attr ));
+
+LDAP_SLAPD_F (int) extract_component_reference LDAP_P((
+ char* attr,
+ ComponentReference** cr ));
+
+LDAP_SLAPD_F (int) componentFilterMatch LDAP_P((
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue ));
+
+LDAP_SLAPD_F (int) directoryComponentsMatch LDAP_P((
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue ));
+
+LDAP_SLAPD_F (int) allComponentsMatch LDAP_P((
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue ));
+
+LDAP_SLAPD_F (ComponentReference*) dup_comp_ref LDAP_P((
+ Operation *op,
+ ComponentReference *cr ));
+
+LDAP_SLAPD_F (int) componentFilterValidate LDAP_P((
+ Syntax *syntax,
+ struct berval* bv ));
+
+LDAP_SLAPD_F (int) allComponentsValidate LDAP_P((
+ Syntax *syntax,
+ struct berval* bv ));
+
+LDAP_SLAPD_F (void) component_free LDAP_P((
+ ComponentFilter *f ));
+
+LDAP_SLAPD_F (void) free_ComponentData LDAP_P((
+ Attribute *a ));
+
+LDAP_SLAPD_V (test_membership_func*) is_aliased_attribute;
+
+LDAP_SLAPD_V (free_component_func*) component_destructor;
+
+LDAP_SLAPD_V (get_component_info_func*) get_component_description;
+
+LDAP_SLAPD_V (component_encoder_func*) component_encoder;
+
+LDAP_SLAPD_V (convert_attr_to_comp_func*) attr_converter;
+
+LDAP_SLAPD_V (alloc_nibble_func*) nibble_mem_allocator;
+
+LDAP_SLAPD_V (free_nibble_func*) nibble_mem_free;
+#endif
+
+/*
+ * controls.c
+ */
+LDAP_SLAPD_V( struct slap_control_ids ) slap_cids;
+LDAP_SLAPD_F (void) slap_free_ctrls LDAP_P((
+ Operation *op,
+ LDAPControl **ctrls ));
+LDAP_SLAPD_F (int) slap_parse_ctrl LDAP_P((
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *control,
+ const char **text ));
+LDAP_SLAPD_F (int) get_ctrls LDAP_P((
+ Operation *op,
+ SlapReply *rs,
+ int senderrors ));
+LDAP_SLAPD_F (int) register_supported_control LDAP_P((
+ const char *controloid,
+ slap_mask_t controlmask,
+ char **controlexops,
+ SLAP_CTRL_PARSE_FN *controlparsefn,
+ int *controlcid ));
+LDAP_SLAPD_F (int) slap_controls_init LDAP_P ((void));
+LDAP_SLAPD_F (void) controls_destroy LDAP_P ((void));
+LDAP_SLAPD_F (int) controls_root_dse_info LDAP_P ((Entry *e));
+LDAP_SLAPD_F (int) get_supported_controls LDAP_P ((
+ char ***ctrloidsp, slap_mask_t **ctrlmasks ));
+LDAP_SLAPD_F (int) slap_find_control_id LDAP_P ((
+ const char *oid, int *cid ));
+LDAP_SLAPD_F (int) slap_global_control LDAP_P ((
+ Operation *op, const char *oid, int *cid ));
+LDAP_SLAPD_F (int) slap_remove_control LDAP_P((
+ Operation *op,
+ SlapReply *rs,
+ int ctrl,
+ BI_chk_controls fnc ));
+
+/*
+ * config.c
+ */
+LDAP_SLAPD_F (int) read_config LDAP_P(( const char *fname, const char *dir ));
+LDAP_SLAPD_F (void) config_destroy LDAP_P ((void));
+LDAP_SLAPD_F (char **) slap_str2clist LDAP_P((
+ char ***, char *, const char * ));
+LDAP_SLAPD_F (int) verb_to_mask LDAP_P((
+ const char *word, slap_verbmasks *v ));
+LDAP_SLAPD_F (int) verbs_to_mask LDAP_P((
+ int argc, char *argv[], slap_verbmasks *v, slap_mask_t *m ));
+LDAP_SLAPD_F (int) mask_to_verbs LDAP_P((
+ slap_verbmasks *v, slap_mask_t m, BerVarray *bva ));
+LDAP_SLAPD_F (int) enum_to_verb LDAP_P((
+ slap_verbmasks *v, slap_mask_t m, struct berval *bv ));
+LDAP_SLAPD_F (int) slap_verbmasks_init LDAP_P(( slap_verbmasks **vp, slap_verbmasks *v ));
+LDAP_SLAPD_F (int) slap_verbmasks_destroy LDAP_P(( slap_verbmasks *v ));
+LDAP_SLAPD_F (int) slap_verbmasks_append LDAP_P(( slap_verbmasks **vp,
+ slap_mask_t m, struct berval *v, slap_mask_t *ignore ));
+LDAP_SLAPD_F (int) bindconf_parse LDAP_P((
+ const char *word, slap_bindconf *bc ));
+LDAP_SLAPD_F (int) bindconf_unparse LDAP_P((
+ slap_bindconf *bc, struct berval *bv ));
+LDAP_SLAPD_F (void) bindconf_free LDAP_P(( slap_bindconf *bc ));
+LDAP_SLAPD_F (int) config_generic_wrapper LDAP_P(( Backend *be,
+ const char *fname, int lineno, int argc, char **argv ));
+LDAP_SLAPD_F (char *) anlist_unparse LDAP_P(( AttributeName *, char * ));
+
+#ifdef LDAP_SLAPI
+LDAP_SLAPD_V (int) slapi_plugins_used;
+#endif
+
+/*
+ * connection.c
+ */
+LDAP_SLAPD_F (int) connections_init LDAP_P((void));
+LDAP_SLAPD_F (int) connections_shutdown LDAP_P((void));
+LDAP_SLAPD_F (int) connections_destroy LDAP_P((void));
+LDAP_SLAPD_F (int) connections_timeout_idle LDAP_P((time_t));
+
+LDAP_SLAPD_F (int) connection_client_setup LDAP_P((
+ ber_socket_t s,
+ ldap_pvt_thread_start_t *func,
+ void *arg ));
+LDAP_SLAPD_F (void) connection_client_enable LDAP_P(( ber_socket_t s ));
+LDAP_SLAPD_F (void) connection_client_stop LDAP_P(( ber_socket_t s ));
+
+
+LDAP_SLAPD_F (long) connection_init LDAP_P((
+ ber_socket_t s,
+ Listener* url,
+ const char* dnsname,
+ const char* peername,
+ int use_tls,
+ slap_ssf_t ssf,
+ struct berval *id ));
+
+LDAP_SLAPD_F (void) connection_closing LDAP_P((
+ Connection *c, const char *why ));
+LDAP_SLAPD_F (int) connection_state_closing LDAP_P(( Connection *c ));
+LDAP_SLAPD_F (const char *) connection_state2str LDAP_P(( int state ))
+ LDAP_GCCATTR((const));
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+LDAP_SLAPD_F (int) connection_write_activate LDAP_P((ber_socket_t s));
+LDAP_SLAPD_F (int) connection_read_activate LDAP_P((ber_socket_t s));
+#else
+LDAP_SLAPD_F (int) connection_write LDAP_P((ber_socket_t s));
+LDAP_SLAPD_F (int) connection_read LDAP_P((ber_socket_t s));
+#endif
+
+LDAP_SLAPD_F (unsigned long) connections_nextid(void);
+
+LDAP_SLAPD_F (Connection *) connection_first LDAP_P(( ber_socket_t * ));
+LDAP_SLAPD_F (Connection *) connection_next LDAP_P((
+ Connection *, ber_socket_t *));
+LDAP_SLAPD_F (void) connection_done LDAP_P((Connection *));
+
+LDAP_SLAPD_F (void) connection2anonymous LDAP_P((Connection *));
+LDAP_SLAPD_F (void) connection_fake_init LDAP_P((
+ Connection *conn,
+ Operation *op,
+ void *threadctx ));
+LDAP_SLAPD_F (void) connection_assign_nextid LDAP_P((Connection *));
+
+/*
+ * cr.c
+ */
+LDAP_SLAPD_F (int) cr_schema_info( Entry *e );
+LDAP_SLAPD_F (void) cr_unparse LDAP_P((
+ BerVarray *bva, ContentRule *start, ContentRule *end, int system ));
+
+LDAP_SLAPD_F (int) cr_add LDAP_P((
+ LDAPContentRule *oc,
+ int user,
+ ContentRule **scr,
+ const char **err));
+
+LDAP_SLAPD_F (void) cr_destroy LDAP_P(( void ));
+
+LDAP_SLAPD_F (ContentRule *) cr_find LDAP_P((
+ const char *crname));
+LDAP_SLAPD_F (ContentRule *) cr_bvfind LDAP_P((
+ struct berval *crname));
+
+/*
+ * ctxcsn.c
+ */
+
+LDAP_SLAPD_V( const struct berval ) slap_ldapsync_bv;
+LDAP_SLAPD_V( const struct berval ) slap_ldapsync_cn_bv;
+LDAP_SLAPD_F (void) slap_get_commit_csn LDAP_P((
+ Operation *, struct berval *maxcsn ));
+LDAP_SLAPD_F (void) slap_rewind_commit_csn LDAP_P(( Operation * ));
+LDAP_SLAPD_F (void) slap_graduate_commit_csn LDAP_P(( Operation * ));
+LDAP_SLAPD_F (Entry *) slap_create_context_csn_entry LDAP_P(( Backend *, struct berval *));
+LDAP_SLAPD_F (int) slap_get_csn LDAP_P(( Operation *, struct berval *, int ));
+LDAP_SLAPD_F (void) slap_queue_csn LDAP_P(( Operation *, struct berval * ));
+
+/*
+ * daemon.c
+ */
+LDAP_SLAPD_F (void) slapd_add_internal(ber_socket_t s, int isactive);
+LDAP_SLAPD_F (int) slapd_daemon_init( const char *urls );
+LDAP_SLAPD_F (int) slapd_daemon_destroy(void);
+LDAP_SLAPD_F (int) slapd_daemon(void);
+LDAP_SLAPD_F (Listener **) slapd_get_listeners LDAP_P((void));
+LDAP_SLAPD_F (void) slapd_remove LDAP_P((ber_socket_t s, Sockbuf *sb,
+ int wasactive, int wake, int locked ));
+LDAP_SLAPD_F (void) slapd_sd_lock();
+LDAP_SLAPD_F (void) slapd_sd_unlock();
+
+LDAP_SLAPD_F (RETSIGTYPE) slap_sig_shutdown LDAP_P((int sig));
+LDAP_SLAPD_F (RETSIGTYPE) slap_sig_wake LDAP_P((int sig));
+LDAP_SLAPD_F (void) slap_wake_listener LDAP_P((void));
+
+LDAP_SLAPD_F (void) slapd_set_write LDAP_P((ber_socket_t s, int wake));
+LDAP_SLAPD_F (void) slapd_clr_write LDAP_P((ber_socket_t s, int wake));
+LDAP_SLAPD_F (void) slapd_set_read LDAP_P((ber_socket_t s, int wake));
+LDAP_SLAPD_F (int) slapd_clr_read LDAP_P((ber_socket_t s, int wake));
+
+LDAP_SLAPD_V (volatile sig_atomic_t) slapd_abrupt_shutdown;
+LDAP_SLAPD_V (volatile sig_atomic_t) slapd_shutdown;
+LDAP_SLAPD_V (int) slapd_register_slp;
+LDAP_SLAPD_V (slap_ssf_t) local_ssf;
+LDAP_SLAPD_V (struct runqueue_s) slapd_rq;
+
+/*
+ * dn.c
+ */
+
+#define dn_match(dn1, dn2) ( ber_bvcmp((dn1), (dn2)) == 0 )
+#define bvmatch(bv1, bv2) ( ((bv1)->bv_len == (bv2)->bv_len) && (memcmp((bv1)->bv_val, (bv2)->bv_val, (bv1)->bv_len) == 0) )
+
+LDAP_SLAPD_F (int) dnValidate LDAP_P((
+ Syntax *syntax,
+ struct berval *val ));
+LDAP_SLAPD_F (int) rdnValidate LDAP_P((
+ Syntax *syntax,
+ struct berval *val ));
+
+LDAP_SLAPD_F (slap_mr_normalize_func) dnNormalize;
+
+LDAP_SLAPD_F (slap_mr_normalize_func) rdnNormalize;
+
+LDAP_SLAPD_F (slap_syntax_transform_func) dnPretty;
+
+LDAP_SLAPD_F (slap_syntax_transform_func) rdnPretty;
+
+LDAP_SLAPD_F (int) dnPrettyNormal LDAP_P((
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *pretty,
+ struct berval *normal,
+ void *ctx ));
+
+LDAP_SLAPD_F (int) dnMatch LDAP_P((
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue ));
+
+LDAP_SLAPD_F (int) dnRelativeMatch LDAP_P((
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue ));
+
+LDAP_SLAPD_F (int) rdnMatch LDAP_P((
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue ));
+
+
+LDAP_SLAPD_F (int) dnIsSuffix LDAP_P((
+ const struct berval *dn, const struct berval *suffix ));
+
+LDAP_SLAPD_F (int) dnIsOneLevelRDN LDAP_P(( struct berval *rdn ));
+
+LDAP_SLAPD_F (int) dnExtractRdn LDAP_P((
+ struct berval *dn, struct berval *rdn, void *ctx ));
+
+LDAP_SLAPD_F (int) rdn_validate LDAP_P(( struct berval * rdn ));
+
+LDAP_SLAPD_F (ber_len_t) dn_rdnlen LDAP_P(( Backend *be, struct berval *dn ));
+
+LDAP_SLAPD_F (void) build_new_dn LDAP_P((
+ struct berval * new_dn,
+ struct berval * parent_dn,
+ struct berval * newrdn,
+ void *memctx ));
+
+LDAP_SLAPD_F (void) dnParent LDAP_P(( struct berval *dn, struct berval *pdn ));
+LDAP_SLAPD_F (void) dnRdn LDAP_P(( struct berval *dn, struct berval *rdn ));
+
+LDAP_SLAPD_F (int) dnX509normalize LDAP_P(( void *x509_name, struct berval *out ));
+
+LDAP_SLAPD_F (int) dnX509peerNormalize LDAP_P(( void *ssl, struct berval *dn ));
+
+LDAP_SLAPD_F (int) dnPrettyNormalDN LDAP_P(( Syntax *syntax, struct berval *val, LDAPDN *dn, int flags, void *ctx ));
+#define dnPrettyDN(syntax, val, dn, ctx) \
+ dnPrettyNormalDN((syntax),(val),(dn), SLAP_LDAPDN_PRETTY, ctx)
+#define dnNormalDN(syntax, val, dn, ctx) \
+ dnPrettyNormalDN((syntax),(val),(dn), 0, ctx)
+
+typedef int (SLAP_CERT_MAP_FN) LDAP_P(( void *ssl, struct berval *dn ));
+LDAP_SLAPD_F (int) register_certificate_map_function LDAP_P(( SLAP_CERT_MAP_FN *fn ));
+
+/*
+ * entry.c
+ */
+LDAP_SLAPD_V (const Entry) slap_entry_root;
+
+LDAP_SLAPD_F (int) entry_destroy LDAP_P((void));
+
+LDAP_SLAPD_F (Entry *) str2entry LDAP_P(( char *s ));
+LDAP_SLAPD_F (Entry *) str2entry2 LDAP_P(( char *s, int checkvals ));
+LDAP_SLAPD_F (char *) entry2str LDAP_P(( Entry *e, int *len ));
+
+LDAP_SLAPD_F (ber_len_t) entry_flatsize LDAP_P(( Entry *e, int norm ));
+LDAP_SLAPD_F (void) entry_partsize LDAP_P(( Entry *e, ber_len_t *len,
+ int *nattrs, int *nvals, int norm ));
+
+#ifdef SLAP_ZONE_ALLOC
+LDAP_SLAPD_F (int) entry_decode LDAP_P((
+ struct berval *bv, Entry **e, void *ctx ));
+#else
+LDAP_SLAPD_F (int) entry_decode LDAP_P((
+ struct berval *bv, Entry **e ));
+#endif
+LDAP_SLAPD_F (int) entry_encode LDAP_P(( Entry *e, struct berval *bv ));
+
+LDAP_SLAPD_F (void) entry_clean LDAP_P(( Entry *e ));
+LDAP_SLAPD_F (void) entry_free LDAP_P(( Entry *e ));
+LDAP_SLAPD_F (int) entry_cmp LDAP_P(( Entry *a, Entry *b ));
+LDAP_SLAPD_F (int) entry_dn_cmp LDAP_P(( const void *v_a, const void *v_b ));
+LDAP_SLAPD_F (int) entry_id_cmp LDAP_P(( const void *v_a, const void *v_b ));
+LDAP_SLAPD_F (Entry *) entry_dup LDAP_P(( Entry *e ));
+
+/*
+ * extended.c
+ */
+LDAP_SLAPD_F (int) exop_root_dse_info LDAP_P ((Entry *e));
+
+#define exop_is_write( op ) ((op->ore_flags & SLAP_EXOP_WRITES) != 0)
+
+LDAP_SLAPD_V( const struct berval ) slap_EXOP_CANCEL;
+LDAP_SLAPD_V( const struct berval ) slap_EXOP_WHOAMI;
+LDAP_SLAPD_V( const struct berval ) slap_EXOP_MODIFY_PASSWD;
+LDAP_SLAPD_V( const struct berval ) slap_EXOP_START_TLS;
+
+typedef int (SLAP_EXTOP_MAIN_FN) LDAP_P(( Operation *op, SlapReply *rs ));
+
+typedef int (SLAP_EXTOP_GETOID_FN) LDAP_P((
+ int index, struct berval *oid, int blen ));
+
+LDAP_SLAPD_F (int) load_extop LDAP_P((
+ const struct berval *ext_oid,
+ slap_mask_t flags,
+ SLAP_EXTOP_MAIN_FN *ext_main ));
+
+LDAP_SLAPD_F (int) extops_init LDAP_P(( void ));
+
+LDAP_SLAPD_F (int) extops_kill LDAP_P(( void ));
+
+LDAP_SLAPD_F (struct berval *) get_supported_extop LDAP_P((int index));
+
+/*
+ * cancel.c
+ */
+LDAP_SLAPD_F ( SLAP_EXTOP_MAIN_FN ) cancel_extop;
+
+/*
+ * filter.c
+ */
+LDAP_SLAPD_F (int) get_filter LDAP_P((
+ Operation *op,
+ BerElement *ber,
+ Filter **filt,
+ const char **text ));
+
+LDAP_SLAPD_F (void) filter_free LDAP_P(( Filter *f ));
+LDAP_SLAPD_F (void) filter_free_x LDAP_P(( Operation *op, Filter *f ));
+LDAP_SLAPD_F (void) filter2bv LDAP_P(( Filter *f, struct berval *bv ));
+LDAP_SLAPD_F (void) filter2bv_x LDAP_P(( Operation *op, Filter *f, struct berval *bv ));
+LDAP_SLAPD_F (Filter *) filter_dup LDAP_P(( Filter *f, void *memctx ));
+
+LDAP_SLAPD_F (int) get_vrFilter LDAP_P(( Operation *op, BerElement *ber,
+ ValuesReturnFilter **f,
+ const char **text ));
+
+LDAP_SLAPD_F (void) vrFilter_free LDAP_P(( Operation *op, ValuesReturnFilter *f ));
+LDAP_SLAPD_F (void) vrFilter2bv LDAP_P(( Operation *op, ValuesReturnFilter *f, struct berval *fstr ));
+
+LDAP_SLAPD_F (int) filter_has_subordinates LDAP_P(( Filter *filter ));
+#define filter_escape_value( in, out ) ldap_bv2escaped_filter_value_x( (in), (out), 0, NULL )
+#define filter_escape_value_x( in, out, ctx ) ldap_bv2escaped_filter_value_x( (in), (out), 0, ctx )
+
+/*
+ * filterentry.c
+ */
+
+LDAP_SLAPD_F (int) test_filter LDAP_P(( Operation *op, Entry *e, Filter *f ));
+
+/*
+ * frontend.c
+ */
+LDAP_SLAPD_F (int) frontend_init LDAP_P(( void ));
+
+/*
+ * globals.c
+ */
+
+LDAP_SLAPD_V( const struct berval ) slap_empty_bv;
+LDAP_SLAPD_V( const struct berval ) slap_unknown_bv;
+LDAP_SLAPD_V( const struct berval ) slap_true_bv;
+LDAP_SLAPD_V( const struct berval ) slap_false_bv;
+LDAP_SLAPD_V( struct slap_sync_cookie_s ) slap_sync_cookie;
+LDAP_SLAPD_V( void * ) slap_tls_ctx;
+
+/*
+ * index.c
+ */
+LDAP_SLAPD_F (int) slap_str2index LDAP_P(( const char *str, slap_mask_t *idx ));
+LDAP_SLAPD_F (void) slap_index2bvlen LDAP_P(( slap_mask_t idx, struct berval *bv ));
+LDAP_SLAPD_F (void) slap_index2bv LDAP_P(( slap_mask_t idx, struct berval *bv ));
+
+/*
+ * init.c
+ */
+LDAP_SLAPD_F (int) slap_init LDAP_P((int mode, const char* name));
+LDAP_SLAPD_F (int) slap_startup LDAP_P(( Backend *be ));
+LDAP_SLAPD_F (int) slap_shutdown LDAP_P(( Backend *be ));
+LDAP_SLAPD_F (int) slap_destroy LDAP_P((void));
+
+LDAP_SLAPD_V (char *) slap_known_controls[];
+
+/*
+ * kerberos.c
+ */
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+LDAP_SLAPD_V (char *) ldap_srvtab;
+LDAP_SLAPD_V (int) krbv4_ldap_auth();
+#endif
+
+/*
+ * ldapsync.c
+ */
+LDAP_SLAPD_F (void) slap_compose_sync_cookie LDAP_P((
+ Operation *, struct berval *, struct berval *, int ));
+LDAP_SLAPD_F (void) slap_sync_cookie_free LDAP_P((
+ struct sync_cookie *, int free_cookie ));
+LDAP_SLAPD_F (int) slap_parse_sync_cookie LDAP_P((
+ struct sync_cookie *, void *memctx ));
+LDAP_SLAPD_F (int) slap_init_sync_cookie_ctxcsn LDAP_P((
+ struct sync_cookie * ));
+LDAP_SLAPD_F (struct sync_cookie *) slap_dup_sync_cookie LDAP_P((
+ struct sync_cookie *, struct sync_cookie * ));
+LDAP_SLAPD_F (int) slap_build_syncUUID_set LDAP_P((
+ Operation *, BerVarray *, Entry * ));
+
+/*
+ * limits.c
+ */
+LDAP_SLAPD_F (int) limits_get LDAP_P((
+ Operation *op, struct berval *ndn,
+ struct slap_limits_set **limit ));
+LDAP_SLAPD_F (int) limits_parse LDAP_P((
+ Backend *be, const char *fname, int lineno,
+ int argc, char **argv ));
+LDAP_SLAPD_F (int) limits_parse_one LDAP_P(( const char *arg,
+ struct slap_limits_set *limit ));
+LDAP_SLAPD_F (int) limits_check LDAP_P((
+ Operation *op, SlapReply *rs ));
+LDAP_SLAPD_F (void) limits_unparse_one LDAP_P((
+ struct slap_limits_set *limit, int which, struct berval *bv ));
+LDAP_SLAPD_F (void) limits_unparse LDAP_P((
+ struct slap_limits *limit, struct berval *bv ));
+LDAP_SLAPD_F (void) limits_destroy LDAP_P(( struct slap_limits **lm ));
+
+/*
+ * lock.c
+ */
+LDAP_SLAPD_F (FILE *) lock_fopen LDAP_P(( const char *fname,
+ const char *type, FILE **lfp ));
+LDAP_SLAPD_F (int) lock_fclose LDAP_P(( FILE *fp, FILE *lfp ));
+
+/*
+ * main.c
+ */
+LDAP_SLAPD_F (int)
+parse_debug_level LDAP_P(( const char *arg, int *levelp, char ***unknowns ));
+LDAP_SLAPD_F (int)
+parse_debug_unknowns LDAP_P(( char **unknowns, int *levelp ));
+
+/*
+ * matchedValues.c
+ */
+LDAP_SLAPD_F (int) filter_matched_values(
+ Operation *op,
+ Attribute *a,
+ char ***e_flags );
+
+/*
+ * modrdn.c
+ */
+LDAP_SLAPD_F (int) slap_modrdn2mods LDAP_P((
+ Operation *op,
+ SlapReply *rs,
+ Entry *e,
+ LDAPRDN oldrdn,
+ LDAPRDN newrdn,
+ Modifications **pmod ));
+
+LDAP_SLAPD_F (void) slap_modrdn2mods_free LDAP_P(( Modifications *mod ));
+
+/*
+ * modify.c
+ */
+LDAP_SLAPD_F( int ) slap_mods_obsolete_check(
+ Operation *op,
+ Modifications *ml,
+ const char **text,
+ char *textbuf, size_t textlen );
+
+LDAP_SLAPD_F( int ) slap_mods_no_user_mod_check(
+ Operation *op,
+ Modifications *ml,
+ const char **text,
+ char *textbuf, size_t textlen );
+
+LDAP_SLAPD_F ( int ) slap_mods_no_repl_user_mod_check(
+ Operation *op,
+ Modifications *ml,
+ const char **text,
+ char *textbuf,
+ size_t textlen );
+
+LDAP_SLAPD_F( int ) slap_mods_check(
+ Modifications *ml,
+ const char **text,
+ char *textbuf, size_t textlen, void *ctx );
+
+LDAP_SLAPD_F( void ) slap_timestamp(
+ time_t *tm,
+ struct berval *bv );
+
+LDAP_SLAPD_F( void ) slap_mods_opattrs(
+ Operation *op,
+ Modifications **modsp,
+ int manage_ctxcsn );
+
+/*
+ * mods.c
+ */
+LDAP_SLAPD_F( int ) modify_add_values( Entry *e,
+ Modification *mod,
+ int permissive,
+ const char **text, char *textbuf, size_t textlen );
+LDAP_SLAPD_F( int ) modify_delete_values( Entry *e,
+ Modification *mod,
+ int permissive,
+ const char **text, char *textbuf, size_t textlen );
+LDAP_SLAPD_F( int ) modify_delete_vindex( Entry *e,
+ Modification *mod,
+ int permissive,
+ const char **text, char *textbuf, size_t textlen, int *idx );
+LDAP_SLAPD_F( int ) modify_replace_values( Entry *e,
+ Modification *mod,
+ int permissive,
+ const char **text, char *textbuf, size_t textlen );
+LDAP_SLAPD_F( int ) modify_increment_values( Entry *e,
+ Modification *mod,
+ int permissive,
+ const char **text, char *textbuf, size_t textlen );
+
+LDAP_SLAPD_F( void ) slap_mod_free( Modification *mod, int freeit );
+LDAP_SLAPD_F( void ) slap_mods_free( Modifications *mods, int freevals );
+LDAP_SLAPD_F( void ) slap_modlist_free( LDAPModList *ml );
+
+/*
+ * module.c
+ */
+#ifdef SLAPD_MODULES
+
+LDAP_SLAPD_F (int) module_init LDAP_P(( void ));
+LDAP_SLAPD_F (int) module_kill LDAP_P(( void ));
+
+LDAP_SLAPD_F (int) load_null_module(
+ const void *module, const char *file_name);
+LDAP_SLAPD_F (int) load_extop_module(
+ const void *module, const char *file_name);
+
+LDAP_SLAPD_F (int) module_load LDAP_P((
+ const char* file_name,
+ int argc, char *argv[] ));
+LDAP_SLAPD_F (int) module_path LDAP_P(( const char* path ));
+
+LDAP_SLAPD_F (void) *module_resolve LDAP_P((
+ const void *module, const char *name));
+
+#endif /* SLAPD_MODULES */
+
+/* mr.c */
+LDAP_SLAPD_F (MatchingRule *) mr_bvfind LDAP_P((struct berval *mrname));
+LDAP_SLAPD_F (MatchingRule *) mr_find LDAP_P((const char *mrname));
+LDAP_SLAPD_F (int) mr_add LDAP_P(( LDAPMatchingRule *mr,
+ slap_mrule_defs_rec *def,
+ MatchingRule * associated,
+ const char **err ));
+LDAP_SLAPD_F (void) mr_destroy LDAP_P(( void ));
+
+LDAP_SLAPD_F (int) register_matching_rule LDAP_P((
+ slap_mrule_defs_rec *def ));
+
+LDAP_SLAPD_F (void) mru_destroy LDAP_P(( void ));
+LDAP_SLAPD_F (int) matching_rule_use_init LDAP_P(( void ));
+
+LDAP_SLAPD_F (int) mr_schema_info( Entry *e );
+LDAP_SLAPD_F (int) mru_schema_info( Entry *e );
+
+LDAP_SLAPD_F (int) mr_usable_with_at( MatchingRule *mr,
+ AttributeType *at );
+
+/*
+ * mra.c
+ */
+LDAP_SLAPD_F (int) get_mra LDAP_P((
+ Operation *op,
+ BerElement *ber,
+ MatchingRuleAssertion **mra,
+ const char **text ));
+LDAP_SLAPD_F (void) mra_free LDAP_P((
+ Operation *op,
+ MatchingRuleAssertion *mra,
+ int freeit ));
+
+/* oc.c */
+LDAP_SLAPD_F (int) oc_add LDAP_P((
+ LDAPObjectClass *oc,
+ int user,
+ ObjectClass **soc,
+ const char **err));
+LDAP_SLAPD_F (void) oc_destroy LDAP_P(( void ));
+
+LDAP_SLAPD_F (ObjectClass *) oc_find LDAP_P((
+ const char *ocname));
+LDAP_SLAPD_F (ObjectClass *) oc_bvfind LDAP_P((
+ struct berval *ocname));
+LDAP_SLAPD_F (ObjectClass *) oc_bvfind_undef LDAP_P((
+ struct berval *ocname));
+LDAP_SLAPD_F (int) is_object_subclass LDAP_P((
+ ObjectClass *sup,
+ ObjectClass *sub ));
+
+LDAP_SLAPD_F (int) is_entry_objectclass LDAP_P((
+ Entry *, ObjectClass *oc, unsigned flags ));
+#define is_entry_objectclass_or_sub(e,oc) \
+ (is_entry_objectclass((e),(oc),SLAP_OCF_CHECK_SUP))
+#define is_entry_alias(e) \
+ (((e)->e_ocflags & SLAP_OC__END) \
+ ? (((e)->e_ocflags & SLAP_OC_ALIAS) != 0) \
+ : is_entry_objectclass((e), slap_schema.si_oc_alias, SLAP_OCF_SET_FLAGS))
+#define is_entry_referral(e) \
+ (((e)->e_ocflags & SLAP_OC__END) \
+ ? (((e)->e_ocflags & SLAP_OC_REFERRAL) != 0) \
+ : is_entry_objectclass((e), slap_schema.si_oc_referral, SLAP_OCF_SET_FLAGS))
+#define is_entry_subentry(e) \
+ (((e)->e_ocflags & SLAP_OC__END) \
+ ? (((e)->e_ocflags & SLAP_OC_SUBENTRY) != 0) \
+ : is_entry_objectclass((e), slap_schema.si_oc_subentry, SLAP_OCF_SET_FLAGS))
+#define is_entry_collectiveAttributeSubentry(e) \
+ (((e)->e_ocflags & SLAP_OC__END) \
+ ? (((e)->e_ocflags & SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY) != 0) \
+ : is_entry_objectclass((e), slap_schema.si_oc_collectiveAttributeSubentry, SLAP_OCF_SET_FLAGS))
+#define is_entry_dynamicObject(e) \
+ (((e)->e_ocflags & SLAP_OC__END) \
+ ? (((e)->e_ocflags & SLAP_OC_DYNAMICOBJECT) != 0) \
+ : is_entry_objectclass((e), slap_schema.si_oc_dynamicObject, SLAP_OCF_SET_FLAGS))
+#define is_entry_glue(e) \
+ (((e)->e_ocflags & SLAP_OC__END) \
+ ? (((e)->e_ocflags & SLAP_OC_GLUE) != 0) \
+ : is_entry_objectclass((e), slap_schema.si_oc_glue, SLAP_OCF_SET_FLAGS))
+#define is_entry_syncProviderSubentry(e) \
+ (((e)->e_ocflags & SLAP_OC__END) \
+ ? (((e)->e_ocflags & SLAP_OC_SYNCPROVIDERSUBENTRY) != 0) \
+ : is_entry_objectclass((e), slap_schema.si_oc_syncProviderSubentry, SLAP_OCF_SET_FLAGS))
+#define is_entry_syncConsumerSubentry(e) \
+ (((e)->e_ocflags & SLAP_OC__END) \
+ ? (((e)->e_ocflags & SLAP_OC_SYNCCONSUMERSUBENTRY) != 0) \
+ : is_entry_objectclass((e), slap_schema.si_oc_syncConsumerSubentry, SLAP_OCF_SET_FLAGS))
+
+LDAP_SLAPD_F (int) oc_schema_info( Entry *e );
+LDAP_SLAPD_F (void) oc_unparse LDAP_P((
+ BerVarray *bva, ObjectClass *start, ObjectClass *end, int system ));
+
+/*
+ * oidm.c
+ */
+LDAP_SLAPD_F(char *) oidm_find(char *oid);
+LDAP_SLAPD_F (void) oidm_destroy LDAP_P(( void ));
+LDAP_SLAPD_F (void) oidm_unparse LDAP_P((
+ BerVarray *bva, OidMacro *start, OidMacro *end, int system ));
+LDAP_SLAPD_F (int) parse_oidm LDAP_P((
+ const char *fname, int lineno, int argc, char **argv, int user,
+ OidMacro **om ));
+
+/*
+ * operation.c
+ */
+LDAP_SLAPD_F (void) slap_op_init LDAP_P(( void ));
+LDAP_SLAPD_F (void) slap_op_destroy LDAP_P(( void ));
+LDAP_SLAPD_F (void) slap_op_groups_free LDAP_P(( Operation *op ));
+LDAP_SLAPD_F (void) slap_op_free LDAP_P(( Operation *op ));
+LDAP_SLAPD_F (void) slap_op_time LDAP_P(( time_t *t, int *n ));
+LDAP_SLAPD_F (Operation *) slap_op_alloc LDAP_P((
+ BerElement *ber, ber_int_t msgid,
+ ber_tag_t tag, ber_int_t id ));
+
+LDAP_SLAPD_F (int) slap_op_add LDAP_P(( Operation **olist, Operation *op ));
+LDAP_SLAPD_F (int) slap_op_remove LDAP_P(( Operation **olist, Operation *op ));
+LDAP_SLAPD_F (Operation *) slap_op_pop LDAP_P(( Operation **olist ));
+LDAP_SLAPD_F (slap_op_t) slap_req2op LDAP_P(( ber_tag_t tag ));
+
+/*
+ * operational.c
+ */
+LDAP_SLAPD_F (Attribute *) slap_operational_subschemaSubentry( Backend *be );
+LDAP_SLAPD_F (Attribute *) slap_operational_entryDN( Entry *e );
+LDAP_SLAPD_F (Attribute *) slap_operational_hasSubordinate( int has );
+
+/*
+ * overlays.c
+ */
+LDAP_SLAPD_F (int) overlay_init( void );
+
+/*
+ * passwd.c
+ */
+LDAP_SLAPD_F (SLAP_EXTOP_MAIN_FN) passwd_extop;
+
+LDAP_SLAPD_F (int) slap_passwd_check(
+ Operation *op,
+ Entry *e,
+ Attribute *a,
+ struct berval *cred,
+ const char **text );
+
+LDAP_SLAPD_F (void) slap_passwd_generate( struct berval * );
+
+LDAP_SLAPD_F (void) slap_passwd_hash(
+ struct berval *cred,
+ struct berval *hash,
+ const char **text );
+
+LDAP_SLAPD_F (void) slap_passwd_hash_type(
+ struct berval *cred,
+ struct berval *hash,
+ char *htype,
+ const char **text );
+
+LDAP_SLAPD_F (struct berval *) slap_passwd_return(
+ struct berval *cred );
+
+LDAP_SLAPD_F (int) slap_passwd_parse(
+ struct berval *reqdata,
+ struct berval *id,
+ struct berval *oldpass,
+ struct berval *newpass,
+ const char **text );
+
+LDAP_SLAPD_F (void) slap_passwd_init (void);
+
+/*
+ * phonetic.c
+ */
+LDAP_SLAPD_F (char *) phonetic LDAP_P(( char *s ));
+
+/*
+ * referral.c
+ */
+LDAP_SLAPD_F (int) validate_global_referral LDAP_P((
+ const char *url ));
+
+LDAP_SLAPD_F (BerVarray) get_entry_referrals LDAP_P((
+ Operation *op, Entry *e ));
+
+LDAP_SLAPD_F (BerVarray) referral_rewrite LDAP_P((
+ BerVarray refs,
+ struct berval *base,
+ struct berval *target,
+ int scope ));
+
+LDAP_SLAPD_F (int) get_alias_dn LDAP_P((
+ Entry *e,
+ struct berval *ndn,
+ int *err,
+ const char **text ));
+
+/*
+ * repl.c
+ */
+LDAP_SLAPD_F (int) add_replica_info LDAP_P(( Backend *be,
+ const char *uri, const char *host ));
+LDAP_SLAPD_F (int) destroy_replica_info LDAP_P (( Backend *be ));
+LDAP_SLAPD_F (int) add_replica_suffix LDAP_P(( Backend *be,
+ int nr, const char *suffix ));
+LDAP_SLAPD_F (int) add_replica_attrs LDAP_P(( Backend *be,
+ int nr, char *attrs, int exclude ));
+LDAP_SLAPD_F (void) replog LDAP_P(( Operation *op ));
+
+/*
+ * result.c
+ */
+LDAP_SLAPD_F (void) slap_send_ldap_result LDAP_P(( Operation *op, SlapReply *rs ));
+LDAP_SLAPD_F (void) send_ldap_sasl LDAP_P(( Operation *op, SlapReply *rs ));
+LDAP_SLAPD_F (void) send_ldap_disconnect LDAP_P(( Operation *op, SlapReply *rs ));
+LDAP_SLAPD_F (void) slap_send_ldap_extended LDAP_P(( Operation *op, SlapReply *rs ));
+LDAP_SLAPD_F (void) slap_send_ldap_intermediate LDAP_P(( Operation *op, SlapReply *rs ));
+LDAP_SLAPD_F (void) slap_send_search_result LDAP_P(( Operation *op, SlapReply *rs ));
+LDAP_SLAPD_F (int) slap_send_search_reference LDAP_P(( Operation *op, SlapReply *rs ));
+LDAP_SLAPD_F (int) slap_send_search_entry LDAP_P(( Operation *op, SlapReply *rs ));
+LDAP_SLAPD_F (int) slap_null_cb LDAP_P(( Operation *op, SlapReply *rs ));
+LDAP_SLAPD_F (int) slap_freeself_cb LDAP_P(( Operation *op, SlapReply *rs ));
+LDAP_SLAPD_F (int) slap_replog_cb LDAP_P(( Operation *op, SlapReply *rs ));
+
+LDAP_SLAPD_V( const struct berval ) slap_pre_read_bv;
+LDAP_SLAPD_V( const struct berval ) slap_post_read_bv;
+LDAP_SLAPD_F (int) slap_read_controls LDAP_P(( Operation *op, SlapReply *rs,
+ Entry *e, const struct berval *oid, LDAPControl **ctrl ));
+
+LDAP_SLAPD_F (int) str2result LDAP_P(( char *s,
+ int *code, char **matched, char **info ));
+LDAP_SLAPD_F (int) slap_map_api2result LDAP_P(( SlapReply *rs ));
+LDAP_SLAPD_F (slap_mask_t) slap_attr_flags LDAP_P(( AttributeName *an ));
+LDAP_SLAPD_F (ber_tag_t) slap_req2res LDAP_P(( ber_tag_t tag ));
+
+LDAP_SLAPD_V( const struct berval ) slap_dummy_bv;
+
+/*
+ * root_dse.c
+ */
+LDAP_SLAPD_F (int) root_dse_info LDAP_P((
+ Connection *conn,
+ Entry **e,
+ const char **text ));
+
+LDAP_SLAPD_F (int) read_root_dse_file LDAP_P((
+ const char *file));
+
+LDAP_SLAPD_F (int) slap_discover_feature LDAP_P((
+ const char *uri,
+ int version,
+ const char *attr,
+ const char *val ));
+
+/*
+ * sasl.c
+ */
+LDAP_SLAPD_F (int) slap_sasl_init(void);
+LDAP_SLAPD_F (char *) slap_sasl_secprops( const char * );
+LDAP_SLAPD_F (void) slap_sasl_secprops_unparse( struct berval * );
+LDAP_SLAPD_F (int) slap_sasl_destroy(void);
+
+LDAP_SLAPD_F (int) slap_sasl_open( Connection *c, int reopen );
+LDAP_SLAPD_F (char **) slap_sasl_mechs( Connection *c );
+
+LDAP_SLAPD_F (int) slap_sasl_external( Connection *c,
+ slap_ssf_t ssf, /* relative strength of external security */
+ struct berval *authid ); /* asserted authenication id */
+
+LDAP_SLAPD_F (int) slap_sasl_reset( Connection *c );
+LDAP_SLAPD_F (int) slap_sasl_close( Connection *c );
+
+LDAP_SLAPD_F (int) slap_sasl_bind LDAP_P(( Operation *op, SlapReply *rs ));
+
+LDAP_SLAPD_F (int) slap_sasl_setpass(
+ Operation *op,
+ SlapReply *rs );
+
+LDAP_SLAPD_F (int) slap_sasl_getdn( Connection *conn, Operation *op,
+ struct berval *id, char *user_realm, struct berval *dn, int flags );
+
+/*
+ * saslauthz.c
+ */
+LDAP_SLAPD_F (int) slap_parse_user LDAP_P((
+ struct berval *id, struct berval *user,
+ struct berval *realm, struct berval *mech ));
+LDAP_SLAPD_F (int) slap_sasl_matches LDAP_P((
+ Operation *op, BerVarray rules,
+ struct berval *assertDN, struct berval *authc ));
+LDAP_SLAPD_F (void) slap_sasl2dn LDAP_P((
+ Operation *op,
+ struct berval *saslname,
+ struct berval *dn,
+ int flags ));
+LDAP_SLAPD_F (int) slap_sasl_authorized LDAP_P((
+ Operation *op,
+ struct berval *authcid,
+ struct berval *authzid ));
+LDAP_SLAPD_F (int) slap_sasl_regexp_config LDAP_P((
+ const char *match, const char *replace ));
+LDAP_SLAPD_F (void) slap_sasl_regexp_unparse LDAP_P(( BerVarray *bva ));
+LDAP_SLAPD_F (int) slap_sasl_setpolicy LDAP_P(( const char * ));
+LDAP_SLAPD_F (const char *) slap_sasl_getpolicy LDAP_P(( void ));
+#ifdef SLAP_AUTH_REWRITE
+LDAP_SLAPD_F (int) slap_sasl_rewrite_config LDAP_P((
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv ));
+#endif /* SLAP_AUTH_REWRITE */
+#ifdef SLAP_AUTHZ_SYNTAX
+LDAP_SLAPD_F (int) authzValidate LDAP_P((
+ Syntax *syn, struct berval *in ));
+#if 0
+LDAP_SLAPD_F (int) authzMatch LDAP_P((
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue ));
+#endif
+LDAP_SLAPD_F (int) authzPretty LDAP_P((
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *out,
+ void *ctx ));
+LDAP_SLAPD_F (int) authzNormalize LDAP_P((
+ slap_mask_t usage,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx ));
+#endif /* SLAP_AUTHZ_SYNTAX */
+
+/*
+ * schema.c
+ */
+LDAP_SLAPD_F (int) schema_info LDAP_P(( Entry **entry, const char **text ));
+
+/*
+ * schema_check.c
+ */
+LDAP_SLAPD_F( int ) oc_check_allowed(
+ AttributeType *type,
+ BerVarray oclist,
+ ObjectClass *sc );
+
+LDAP_SLAPD_F( int ) structural_class(
+ BerVarray ocs,
+ struct berval *scbv,
+ ObjectClass **sc,
+ const char **text,
+ char *textbuf, size_t textlen );
+
+LDAP_SLAPD_F( int ) entry_schema_check(
+ Operation *op,
+ Entry *e,
+ Attribute *attrs,
+ int manage,
+ const char** text,
+ char *textbuf, size_t textlen );
+
+LDAP_SLAPD_F( int ) mods_structural_class(
+ Modifications *mods,
+ struct berval *oc,
+ const char** text,
+ char *textbuf, size_t textlen );
+
+/*
+ * schema_init.c
+ */
+LDAP_SLAPD_V( int ) schema_init_done;
+LDAP_SLAPD_F (int) slap_schema_init LDAP_P((void));
+LDAP_SLAPD_F (void) schema_destroy LDAP_P(( void ));
+
+LDAP_SLAPD_F( slap_mr_indexer_func ) octetStringIndexer;
+LDAP_SLAPD_F( slap_mr_filter_func ) octetStringFilter;
+
+LDAP_SLAPD_F( int ) numericoidValidate LDAP_P((
+ struct slap_syntax *syntax,
+ struct berval *in ));
+LDAP_SLAPD_F( int ) octetStringMatch LDAP_P((
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue ));
+
+/*
+ * schema_prep.c
+ */
+LDAP_SLAPD_V( struct slap_internal_schema ) slap_schema;
+LDAP_SLAPD_F (int) slap_schema_load LDAP_P((void));
+LDAP_SLAPD_F (int) slap_schema_check LDAP_P((void));
+
+/*
+ * schemaparse.c
+ */
+LDAP_SLAPD_F( int ) slap_valid_descr( const char * );
+
+LDAP_SLAPD_F (int) parse_cr LDAP_P((
+ const char *fname, int lineno, char *line, char **argv,
+ ContentRule **scr ));
+LDAP_SLAPD_F (int) parse_oc LDAP_P((
+ const char *fname, int lineno, char *line, char **argv,
+ ObjectClass **soc ));
+LDAP_SLAPD_F (int) parse_at LDAP_P((
+ const char *fname, int lineno, char *line, char **argv,
+ AttributeType **sat ));
+LDAP_SLAPD_F (char *) scherr2str LDAP_P((int code)) LDAP_GCCATTR((const));
+LDAP_SLAPD_F (int) dscompare LDAP_P(( const char *s1, const char *s2del,
+ char delim ));
+
+/*
+ * sessionlog.c
+ */
+LDAP_SLAPD_F (int) slap_send_session_log LDAP_P((
+ Operation *, Operation *, SlapReply *));
+LDAP_SLAPD_F (int) slap_add_session_log LDAP_P((
+ Operation *, Operation *, Entry * ));
+
+/*
+ * sl_malloc.c
+ */
+LDAP_SLAPD_F (void *) slap_sl_malloc LDAP_P((
+ ber_len_t size, void *ctx ));
+LDAP_SLAPD_F (void *) slap_sl_realloc LDAP_P((
+ void *block, ber_len_t size, void *ctx ));
+LDAP_SLAPD_F (void *) slap_sl_calloc LDAP_P((
+ ber_len_t nelem, ber_len_t size, void *ctx ));
+LDAP_SLAPD_F (void) slap_sl_free LDAP_P((
+ void *, void *ctx ));
+
+LDAP_SLAPD_V (BerMemoryFunctions) slap_sl_mfuncs;
+
+LDAP_SLAPD_F (void) slap_sl_mem_init LDAP_P(( void ));
+LDAP_SLAPD_F (void *) slap_sl_mem_create LDAP_P((
+ ber_len_t size, int stack, void *ctx ));
+LDAP_SLAPD_F (void) slap_sl_mem_detach LDAP_P(( void *ctx, void *memctx ));
+LDAP_SLAPD_F (void) slap_sl_mem_destroy LDAP_P(( void *key, void *data ));
+LDAP_SLAPD_F (void *) slap_sl_context LDAP_P(( void *ptr ));
+
+/*
+ * starttls.c
+ */
+LDAP_SLAPD_F (SLAP_EXTOP_MAIN_FN) starttls_extop;
+
+/*
+ * str2filter.c
+ */
+LDAP_SLAPD_F (Filter *) str2filter LDAP_P(( const char *str ));
+LDAP_SLAPD_F (Filter *) str2filter_x LDAP_P(( Operation *op, const char *str ));
+
+/*
+ * syncrepl.c
+ */
+
+LDAP_SLAPD_F (void) syncrepl_add_glue LDAP_P((
+ Operation*, Entry* ));
+LDAP_SLAPD_F (void) syncinfo_free LDAP_P(( struct syncinfo_s * ));
+
+/* syntax.c */
+LDAP_SLAPD_F (Syntax *) syn_find LDAP_P((
+ const char *synname ));
+LDAP_SLAPD_F (Syntax *) syn_find_desc LDAP_P((
+ const char *syndesc, int *slen ));
+LDAP_SLAPD_F (int) syn_add LDAP_P((
+ LDAPSyntax *syn,
+ slap_syntax_defs_rec *def,
+ const char **err ));
+LDAP_SLAPD_F (void) syn_destroy LDAP_P(( void ));
+
+LDAP_SLAPD_F (int) register_syntax LDAP_P((
+ slap_syntax_defs_rec *def ));
+
+LDAP_SLAPD_F (int) syn_schema_info( Entry *e );
+
+/*
+ * user.c
+ */
+#if defined(HAVE_PWD_H) && defined(HAVE_GRP_H)
+LDAP_SLAPD_F (void) slap_init_user LDAP_P(( char *username, char *groupname ));
+#endif
+
+/*
+ * value.c
+ */
+LDAP_SLAPD_F (int) asserted_value_validate_normalize LDAP_P((
+ AttributeDescription *ad,
+ MatchingRule *mr,
+ unsigned usage,
+ struct berval *in,
+ struct berval *out,
+ const char ** text,
+ void *ctx ));
+
+LDAP_SLAPD_F (int) value_match LDAP_P((
+ int *match,
+ AttributeDescription *ad,
+ MatchingRule *mr,
+ unsigned flags,
+ struct berval *v1,
+ void *v2,
+ const char ** text ));
+LDAP_SLAPD_F (int) value_find_ex LDAP_P((
+ AttributeDescription *ad,
+ unsigned flags,
+ BerVarray values,
+ struct berval *value,
+ void *ctx ));
+
+LDAP_SLAPD_F (int) ordered_value_add LDAP_P((
+ Entry *e,
+ AttributeDescription *ad,
+ Attribute *a,
+ BerVarray vals,
+ BerVarray nvals ));
+
+LDAP_SLAPD_F (int) ordered_value_validate LDAP_P((
+ AttributeDescription *ad,
+ struct berval *in,
+ int mop ));
+
+LDAP_SLAPD_F (int) ordered_value_pretty LDAP_P((
+ AttributeDescription *ad,
+ struct berval *val,
+ struct berval *out,
+ void *ctx ));
+
+LDAP_SLAPD_F (int) ordered_value_normalize LDAP_P((
+ slap_mask_t usage,
+ AttributeDescription *ad,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx ));
+
+LDAP_SLAPD_F (int) ordered_value_match LDAP_P((
+ int *match,
+ AttributeDescription *ad,
+ MatchingRule *mr,
+ unsigned flags,
+ struct berval *v1,
+ struct berval *v2,
+ const char ** text ));
+
+LDAP_SLAPD_F (void) ordered_value_renumber LDAP_P((
+ Attribute *a,
+ int vals ));
+
+LDAP_SLAPD_F (int) ordered_value_sort LDAP_P((
+ Attribute *a,
+ int do_renumber ));
+
+LDAP_SLAPD_F (int) value_add LDAP_P((
+ BerVarray *vals,
+ BerVarray addvals ));
+LDAP_SLAPD_F (int) value_add_one LDAP_P((
+ BerVarray *vals,
+ struct berval *addval ));
+
+/* assumes (x) > (y) returns 1 if true, 0 otherwise */
+#define SLAP_PTRCMP(x, y) ((x) < (y) ? -1 : (x) > (y))
+
+#ifdef SLAP_ZONE_ALLOC
+/*
+ * zn_malloc.c
+ */
+LDAP_SLAPD_F (void *) slap_zn_malloc LDAP_P((ber_len_t, void *));
+LDAP_SLAPD_F (void *) slap_zn_realloc LDAP_P((void *, ber_len_t, void *));
+LDAP_SLAPD_F (void *) slap_zn_calloc LDAP_P((ber_len_t, ber_len_t, void *));
+LDAP_SLAPD_F (void) slap_zn_free LDAP_P((void *, void *));
+
+LDAP_SLAPD_F (void *) slap_zn_mem_create LDAP_P((
+ ber_len_t, ber_len_t, ber_len_t, ber_len_t));
+LDAP_SLAPD_F (void) slap_zn_mem_destroy LDAP_P((void *));
+LDAP_SLAPD_F (int) slap_zn_validate LDAP_P((void *, void *, int));
+LDAP_SLAPD_F (int) slap_zn_invalidate LDAP_P((void *, void *));
+LDAP_SLAPD_F (int) slap_zh_rlock LDAP_P((void*));
+LDAP_SLAPD_F (int) slap_zh_runlock LDAP_P((void*));
+LDAP_SLAPD_F (int) slap_zh_wlock LDAP_P((void*));
+LDAP_SLAPD_F (int) slap_zh_wunlock LDAP_P((void*));
+LDAP_SLAPD_F (int) slap_zn_rlock LDAP_P((void*, void*));
+LDAP_SLAPD_F (int) slap_zn_runlock LDAP_P((void*, void*));
+LDAP_SLAPD_F (int) slap_zn_wlock LDAP_P((void*, void*));
+LDAP_SLAPD_F (int) slap_zn_wunlock LDAP_P((void*, void*));
+#endif
+
+/*
+ * Other...
+ */
+LDAP_SLAPD_V (unsigned int) index_substr_if_minlen;
+LDAP_SLAPD_V (unsigned int) index_substr_if_maxlen;
+LDAP_SLAPD_V (unsigned int) index_substr_any_len;
+LDAP_SLAPD_V (unsigned int) index_substr_any_step;
+
+LDAP_SLAPD_V (ber_len_t) sockbuf_max_incoming;
+LDAP_SLAPD_V (ber_len_t) sockbuf_max_incoming_auth;
+LDAP_SLAPD_V (int) slap_conn_max_pending;
+LDAP_SLAPD_V (int) slap_conn_max_pending_auth;
+
+LDAP_SLAPD_V (slap_mask_t) global_allows;
+LDAP_SLAPD_V (slap_mask_t) global_disallows;
+
+LDAP_SLAPD_V (BerVarray) default_referral;
+LDAP_SLAPD_V (const char) Versionstr[];
+
+LDAP_SLAPD_V (int) global_gentlehup;
+LDAP_SLAPD_V (int) global_idletimeout;
+LDAP_SLAPD_V (char *) global_host;
+LDAP_SLAPD_V (char *) global_realm;
+LDAP_SLAPD_V (char **) default_passwd_hash;
+LDAP_SLAPD_V (int) lber_debug;
+LDAP_SLAPD_V (int) ldap_syslog;
+LDAP_SLAPD_V (struct berval) default_search_base;
+LDAP_SLAPD_V (struct berval) default_search_nbase;
+
+LDAP_SLAPD_V (slap_counters_t) slap_counters;
+
+LDAP_SLAPD_V (char *) slapd_pid_file;
+LDAP_SLAPD_V (char *) slapd_args_file;
+LDAP_SLAPD_V (time_t) starttime;
+
+/* use time(3) -- no mutex */
+#define slap_get_time() time( NULL )
+
+LDAP_SLAPD_V (ldap_pvt_thread_pool_t) connection_pool;
+LDAP_SLAPD_V (int) connection_pool_max;
+LDAP_SLAPD_V (int) slap_tool_thread_max;
+
+LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) entry2str_mutex;
+LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) replog_mutex;
+
+#ifndef HAVE_GMTIME_R
+LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) gmtime_mutex;
+#endif
+
+LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) ad_undef_mutex;
+LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) oc_undef_mutex;
+
+LDAP_SLAPD_V (ber_socket_t) dtblsize;
+
+LDAP_SLAPD_V (int) use_reverse_lookup;
+
+LDAP_SLAPD_V (struct berval) AllUser;
+LDAP_SLAPD_V (struct berval) AllOper;
+LDAP_SLAPD_V (struct berval) NoAttrs;
+
+/*
+ * operations
+ */
+LDAP_SLAPD_F (int) do_abandon LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) do_add LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) do_bind LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) do_compare LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) do_delete LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) do_modify LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) do_modrdn LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) do_search LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) do_unbind LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) do_extended LDAP_P((Operation *op, SlapReply *rs));
+
+/*
+ * frontend operations
+ */
+LDAP_SLAPD_F (int) fe_op_abandon LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) fe_op_add LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) fe_op_bind LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) fe_op_compare LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) fe_op_delete LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) fe_op_modify LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) fe_op_modrdn LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) fe_op_search LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) fe_aux_operational LDAP_P((Operation *op, SlapReply *rs));
+#if 0
+LDAP_SLAPD_F (int) fe_op_unbind LDAP_P((Operation *op, SlapReply *rs));
+#endif
+LDAP_SLAPD_F (int) fe_extended LDAP_P((Operation *op, SlapReply *rs));
+LDAP_SLAPD_F (int) fe_acl_group LDAP_P((
+ Operation *op,
+ Entry *target,
+ struct berval *gr_ndn,
+ struct berval *op_ndn,
+ ObjectClass *group_oc,
+ AttributeDescription *group_at ));
+LDAP_SLAPD_F (int) fe_acl_attribute LDAP_P((
+ Operation *op,
+ Entry *target,
+ struct berval *edn,
+ AttributeDescription *entry_at,
+ BerVarray *vals,
+ slap_access_t access ));
+LDAP_SLAPD_F (int) fe_access_allowed LDAP_P((
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *maskp ));
+
+/* NOTE: this macro assumes that bv has been allocated
+ * by ber_* malloc functions or is { 0L, NULL } */
+#ifdef USE_MP_BIGNUM
+# define UI2BVX(bv,ui,ctx) \
+ do { \
+ char *val; \
+ ber_len_t len; \
+ val = BN_bn2dec(ui); \
+ if (val) { \
+ len = strlen(val); \
+ if ( len > (bv)->bv_len ) { \
+ (bv)->bv_val = ber_memrealloc_x( (bv)->bv_val, len + 1, (ctx) ); \
+ } \
+ AC_MEMCPY((bv)->bv_val, val, len + 1); \
+ (bv)->bv_len = len; \
+ OPENSSL_free(val); \
+ } else { \
+ ber_memfree_x( (bv)->bv_val, (ctx) ); \
+ BER_BVZERO( (bv) ); \
+ } \
+ } while ( 0 )
+
+#elif defined( USE_MP_GMP )
+/* NOTE: according to the documentation, the result
+ * of mpz_sizeinbase() can exceed the length of the
+ * string representation of the number by 1
+ */
+# define UI2BVX(bv,ui,ctx) \
+ do { \
+ ber_len_t len = mpz_sizeinbase( (ui), 10 ); \
+ if ( len > (bv)->bv_len ) { \
+ (bv)->bv_val = ber_memrealloc_x( (bv)->bv_val, len + 1, (ctx) ); \
+ } \
+ (void)mpz_get_str( (bv)->bv_val, 10, (ui) ); \
+ if ( (bv)->bv_val[ len - 1 ] == '\0' ) { \
+ len--; \
+ } \
+ (bv)->bv_len = len; \
+ } while ( 0 )
+
+#else
+# if USE_MP_LONG_LONG
+# define UI2BV_FORMAT "%llu"
+# elif USE_MP_LONG_LONG
+# define UI2BV_FORMAT "%lu"
+# elif HAVE_LONG_LONG
+# define UI2BV_FORMAT "%llu"
+# else
+# define UI2BV_FORMAT "%lu"
+# endif
+
+# define UI2BVX(bv,ui,ctx) \
+ do { \
+ char buf[] = "+9223372036854775807L"; \
+ ber_len_t len; \
+ len = snprintf( buf, sizeof( buf ), UI2BV_FORMAT, (ui) ); \
+ if ( len > (bv)->bv_len ) { \
+ (bv)->bv_val = ber_memrealloc_x( (bv)->bv_val, len + 1, (ctx) ); \
+ } \
+ (bv)->bv_len = len; \
+ AC_MEMCPY( (bv)->bv_val, buf, len + 1 ); \
+ } while ( 0 )
+#endif
+
+#define UI2BV(bv,ui) UI2BVX(bv,ui,NULL)
+
+LDAP_END_DECL
+
+#endif /* PROTO_SLAP_H */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/referral.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/referral.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/referral.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,362 @@
+/* referral.c - muck with referrals */
+/* $OpenLDAP: pkg/ldap/servers/slapd/referral.c,v 1.23.2.4 2007/01/02 21:43:57 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/errno.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include "slap.h"
+
+/*
+ * This routine generates the DN appropriate to return in
+ * an LDAP referral.
+ */
+static char * referral_dn_muck(
+ const char * refDN,
+ struct berval * baseDN,
+ struct berval * targetDN )
+{
+ int rc;
+ struct berval bvin;
+ struct berval nrefDN = BER_BVNULL;
+ struct berval nbaseDN = BER_BVNULL;
+ struct berval ntargetDN = BER_BVNULL;
+
+ if( !baseDN ) {
+ /* no base, return target */
+ return targetDN ? ch_strdup( targetDN->bv_val ) : NULL;
+ }
+
+ if( refDN ) {
+ bvin.bv_val = (char *)refDN;
+ bvin.bv_len = strlen( refDN );
+
+ rc = dnPretty( NULL, &bvin, &nrefDN, NULL );
+ if( rc != LDAP_SUCCESS ) {
+ /* Invalid refDN */
+ return NULL;
+ }
+ }
+
+ if( !targetDN ) {
+ /* continuation reference
+ * if refDN present return refDN
+ * else return baseDN
+ */
+ return nrefDN.bv_len ? nrefDN.bv_val : ch_strdup( baseDN->bv_val );
+ }
+
+ rc = dnPretty( NULL, targetDN, &ntargetDN, NULL );
+ if( rc != LDAP_SUCCESS ) {
+ /* Invalid targetDN */
+ ch_free( nrefDN.bv_val );
+ return NULL;
+ }
+
+ if( nrefDN.bv_len ) {
+ rc = dnPretty( NULL, baseDN, &nbaseDN, NULL );
+ if( rc != LDAP_SUCCESS ) {
+ /* Invalid baseDN */
+ ch_free( nrefDN.bv_val );
+ ch_free( ntargetDN.bv_val );
+ return NULL;
+ }
+
+ if( dn_match( &nbaseDN, &nrefDN ) ) {
+ ch_free( nrefDN.bv_val );
+ ch_free( nbaseDN.bv_val );
+ return ntargetDN.bv_val;
+ }
+
+ {
+ struct berval muck;
+
+ if( ntargetDN.bv_len < nbaseDN.bv_len ) {
+ ch_free( nrefDN.bv_val );
+ ch_free( nbaseDN.bv_val );
+ return ntargetDN.bv_val;
+ }
+
+ rc = strcasecmp(
+ &ntargetDN.bv_val[ntargetDN.bv_len-nbaseDN.bv_len],
+ nbaseDN.bv_val );
+ if( rc ) {
+ /* target not subordinate to base */
+ ch_free( nrefDN.bv_val );
+ ch_free( nbaseDN.bv_val );
+ return ntargetDN.bv_val;
+ }
+
+ muck.bv_len = ntargetDN.bv_len + nrefDN.bv_len - nbaseDN.bv_len;
+ muck.bv_val = ch_malloc( muck.bv_len + 1 );
+
+ strncpy( muck.bv_val, ntargetDN.bv_val,
+ ntargetDN.bv_len-nbaseDN.bv_len );
+ strcpy( &muck.bv_val[ntargetDN.bv_len-nbaseDN.bv_len],
+ nrefDN.bv_val );
+
+ ch_free( nrefDN.bv_val );
+ ch_free( nbaseDN.bv_val );
+ ch_free( ntargetDN.bv_val );
+
+ return muck.bv_val;
+ }
+ }
+
+ ch_free( nrefDN.bv_val );
+ return ntargetDN.bv_val;
+}
+
+
+/* validate URL for global referral use
+ * LDAP URLs must not have:
+ * DN, attrs, scope, nor filter
+ * Any non-LDAP URL is okay
+ *
+ * XXYYZ: should return an error string
+ */
+int validate_global_referral( const char *url )
+{
+ int rc;
+ LDAPURLDesc *lurl;
+
+ rc = ldap_url_parse_ext( url, &lurl );
+
+ switch( rc ) {
+ case LDAP_URL_SUCCESS:
+ break;
+
+ case LDAP_URL_ERR_BADSCHEME:
+ /* not LDAP hence valid */
+ return 0;
+
+ default:
+ /* other error, bail */
+ Debug( LDAP_DEBUG_ANY,
+ "referral: invalid URL (%s): %s (%d)\n",
+ url, "" /* ldap_url_error2str(rc) */, rc );
+ return 1;
+ }
+
+ rc = 0;
+
+ if( lurl->lud_dn && *lurl->lud_dn ) {
+ Debug( LDAP_DEBUG_ANY,
+ "referral: URL (%s): contains DN\n",
+ url, 0, 0 );
+ rc = 1;
+
+ } else if( lurl->lud_attrs ) {
+ Debug( LDAP_DEBUG_ANY,
+ "referral: URL (%s): requests attributes\n",
+ url, 0, 0 );
+ rc = 1;
+
+ } else if( lurl->lud_scope != LDAP_SCOPE_DEFAULT ) {
+ Debug( LDAP_DEBUG_ANY,
+ "referral: URL (%s): contains explicit scope\n",
+ url, 0, 0 );
+ rc = 1;
+
+ } else if( lurl->lud_filter ) {
+ Debug( LDAP_DEBUG_ANY,
+ "referral: URL (%s): contains explicit filter\n",
+ url, 0, 0 );
+ rc = 1;
+ }
+
+ ldap_free_urldesc( lurl );
+ return rc;
+}
+
+BerVarray referral_rewrite(
+ BerVarray in,
+ struct berval *base,
+ struct berval *target,
+ int scope )
+{
+ int i;
+ BerVarray refs;
+ struct berval *iv, *jv;
+
+ if ( in == NULL ) {
+ return NULL;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &in[i] ); i++ ) {
+ /* just count them */
+ }
+
+ if ( i < 1 ) {
+ return NULL;
+ }
+
+ refs = ch_malloc( ( i + 1 ) * sizeof( struct berval ) );
+
+ for ( iv = in, jv = refs; !BER_BVISNULL( iv ); iv++ ) {
+ LDAPURLDesc *url;
+ char *dn;
+ int rc;
+
+ rc = ldap_url_parse_ext( iv->bv_val, &url );
+ if ( rc == LDAP_URL_ERR_BADSCHEME ) {
+ ber_dupbv( jv++, iv );
+ continue;
+
+ } else if ( rc != LDAP_URL_SUCCESS ) {
+ continue;
+ }
+
+ dn = url->lud_dn;
+ url->lud_dn = referral_dn_muck( ( dn && *dn ) ? dn : NULL,
+ base, target );
+ ldap_memfree( dn );
+
+ if ( url->lud_scope == LDAP_SCOPE_DEFAULT ) {
+ url->lud_scope = scope;
+ }
+
+ jv->bv_val = ldap_url_desc2str( url );
+ if ( jv->bv_val != NULL ) {
+ jv->bv_len = strlen( jv->bv_val );
+
+ } else {
+ ber_dupbv( jv, iv );
+ }
+ jv++;
+
+ ldap_free_urldesc( url );
+ }
+
+ if ( jv == refs ) {
+ ch_free( refs );
+ refs = NULL;
+
+ } else {
+ BER_BVZERO( jv );
+ }
+
+ return refs;
+}
+
+
+BerVarray get_entry_referrals(
+ Operation *op,
+ Entry *e )
+{
+ Attribute *attr;
+ BerVarray refs;
+ unsigned i;
+ struct berval *iv, *jv;
+
+ AttributeDescription *ad_ref = slap_schema.si_ad_ref;
+
+ attr = attr_find( e->e_attrs, ad_ref );
+
+ if( attr == NULL ) return NULL;
+
+ for( i=0; attr->a_vals[i].bv_val != NULL; i++ ) {
+ /* count references */
+ }
+
+ if( i < 1 ) return NULL;
+
+ refs = ch_malloc( (i + 1) * sizeof(struct berval));
+
+ for( iv=attr->a_vals, jv=refs; iv->bv_val != NULL; iv++ ) {
+ unsigned k;
+ ber_dupbv( jv, iv );
+
+ /* trim the label */
+ for( k=0; k<jv->bv_len; k++ ) {
+ if( isspace( (unsigned char) jv->bv_val[k] ) ) {
+ jv->bv_val[k] = '\0';
+ jv->bv_len = k;
+ break;
+ }
+ }
+
+ if( jv->bv_len > 0 ) {
+ jv++;
+ } else {
+ free( jv->bv_val );
+ }
+ }
+
+ if( jv == refs ) {
+ free( refs );
+ refs = NULL;
+
+ } else {
+ jv->bv_val = NULL;
+ }
+
+ /* we should check that a referral value exists... */
+ return refs;
+}
+
+
+int get_alias_dn(
+ Entry *e,
+ struct berval *ndn,
+ int *err,
+ const char **text )
+{
+ Attribute *a;
+ AttributeDescription *aliasedObjectName
+ = slap_schema.si_ad_aliasedObjectName;
+
+ a = attr_find( e->e_attrs, aliasedObjectName );
+
+ if( a == NULL ) {
+ /*
+ * there was an aliasedobjectname defined but no data.
+ */
+ *err = LDAP_ALIAS_PROBLEM;
+ *text = "alias missing aliasedObjectName attribute";
+ return -1;
+ }
+
+ /*
+ * aliasedObjectName should be SINGLE-VALUED with a single value.
+ */
+ if ( a->a_vals[0].bv_val == NULL ) {
+ /*
+ * there was an aliasedobjectname defined but no data.
+ */
+ *err = LDAP_ALIAS_PROBLEM;
+ *text = "alias missing aliasedObjectName value";
+ return -1;
+ }
+
+ if( a->a_nvals[1].bv_val != NULL ) {
+ *err = LDAP_ALIAS_PROBLEM;
+ *text = "alias has multivalued aliasedObjectName";
+ return -1;
+ }
+
+ *ndn = a->a_nvals[0];
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/repl.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/repl.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/repl.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,555 @@
+/* repl.c - log modifications for replication purposes */
+/* $OpenLDAP: pkg/ldap/servers/slapd/repl.c,v 1.65.2.10 2007/01/02 21:43:57 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/socket.h>
+
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+
+#include "slap.h"
+#include "ldif.h"
+
+int
+add_replica_info(
+ Backend *be,
+ const char *uri,
+ const char *host )
+{
+ int i = 0;
+
+ assert( be != NULL );
+ assert( host != NULL );
+
+ if ( be->be_replica != NULL ) {
+ for ( ; be->be_replica[ i ] != NULL; i++ );
+ }
+
+ be->be_replica = ch_realloc( be->be_replica,
+ sizeof( struct slap_replica_info * )*( i + 2 ) );
+
+ be->be_replica[ i ]
+ = ch_calloc( sizeof( struct slap_replica_info ), 1 );
+ ber_str2bv( uri, 0, 0, &be->be_replica[ i ]->ri_bindconf.sb_uri );
+ be->be_replica[ i ]->ri_host = host;
+ be->be_replica[ i ]->ri_nsuffix = NULL;
+ be->be_replica[ i ]->ri_attrs = NULL;
+ be->be_replica[ i + 1 ] = NULL;
+
+ return( i );
+}
+
+int
+destroy_replica_info(
+ Backend *be )
+{
+ int i = 0;
+
+ assert( be != NULL );
+
+ if ( be->be_replica == NULL ) {
+ return 0;
+ }
+
+ for ( ; be->be_replica[ i ] != NULL; i++ ) {
+ ber_bvarray_free( be->be_replica[ i ]->ri_nsuffix );
+
+ if ( be->be_replica[ i ]->ri_attrs ) {
+ AttributeName *an = be->be_replica[ i ]->ri_attrs;
+ int j;
+
+ for ( j = 0; !BER_BVISNULL( &an[ j ].an_name ); j++ )
+ {
+ ch_free( an[ j ].an_name.bv_val );
+ }
+ ch_free( an );
+ }
+
+ bindconf_free( &be->be_replica[ i ]->ri_bindconf );
+
+ ch_free( be->be_replica[ i ] );
+ }
+
+ ch_free( be->be_replica );
+
+ return 0;
+}
+
+int
+add_replica_suffix(
+ Backend *be,
+ int nr,
+ const char *suffix
+)
+{
+ struct berval dn, ndn;
+ int rc;
+
+ dn.bv_val = (char *) suffix;
+ dn.bv_len = strlen( dn.bv_val );
+
+ rc = dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL );
+ if( rc != LDAP_SUCCESS ) {
+ return 2;
+ }
+
+ if ( select_backend( &ndn, 0, 0 ) != be ) {
+ free( ndn.bv_val );
+ return 1;
+ }
+
+ ber_bvarray_add( &be->be_replica[nr]->ri_nsuffix, &ndn );
+ return 0;
+}
+
+int
+add_replica_attrs(
+ Backend *be,
+ int nr,
+ char *attrs,
+ int exclude
+)
+{
+ if ( be->be_replica[nr]->ri_attrs != NULL ) {
+ if ( be->be_replica[nr]->ri_exclude != exclude ) {
+ fprintf( stderr, "attr selective replication directive '%s' conflicts with previous one (discarded)\n", attrs );
+ ch_free( be->be_replica[nr]->ri_attrs );
+ be->be_replica[nr]->ri_attrs = NULL;
+ }
+ }
+
+ be->be_replica[nr]->ri_exclude = exclude;
+ be->be_replica[nr]->ri_attrs = str2anlist( be->be_replica[nr]->ri_attrs,
+ attrs, "," );
+ return ( be->be_replica[nr]->ri_attrs == NULL );
+}
+
+static void
+print_vals( FILE *fp, struct berval *type, struct berval *bv );
+static void
+replog1( struct slap_replica_info *ri, Operation *op, FILE *fp, long now);
+
+void
+replog( Operation *op )
+{
+ FILE *fp, *lfp;
+ int i;
+/* undef NO_LOG_WHEN_NO_REPLICAS */
+#ifdef NO_LOG_WHEN_NO_REPLICAS
+ int count = 0;
+#endif
+ int subsets = 0;
+ long now = slap_get_time();
+ char *replogfile;
+
+ replogfile = op->o_bd->be_replogfile ? op->o_bd->be_replogfile :
+ frontendDB->be_replogfile;
+ if ( !replogfile ) {
+ return;
+ }
+
+ ldap_pvt_thread_mutex_lock( &replog_mutex );
+ if ( (fp = lock_fopen( replogfile, "a", &lfp )) == NULL ) {
+ ldap_pvt_thread_mutex_unlock( &replog_mutex );
+ return;
+ }
+
+ for ( i = 0; op->o_bd->be_replica != NULL && op->o_bd->be_replica[i] != NULL; i++ ) {
+ /* check if dn's suffix matches legal suffixes, if any */
+ if ( op->o_bd->be_replica[i]->ri_nsuffix != NULL ) {
+ int j;
+
+ for ( j = 0; op->o_bd->be_replica[i]->ri_nsuffix[j].bv_val; j++ ) {
+ if ( dnIsSuffix( &op->o_req_ndn, &op->o_bd->be_replica[i]->ri_nsuffix[j] ) ) {
+ break;
+ }
+ }
+
+ if ( !op->o_bd->be_replica[i]->ri_nsuffix[j].bv_val ) {
+ /* do not add "replica:" line */
+ continue;
+ }
+ }
+ /* See if we only want a subset of attributes */
+ if ( op->o_bd->be_replica[i]->ri_attrs != NULL &&
+ ( op->o_tag == LDAP_REQ_MODIFY || op->o_tag == LDAP_REQ_ADD || op->o_tag == LDAP_REQ_EXTENDED ) ) {
+ if ( !subsets ) {
+ subsets = i + 1;
+ }
+ /* Do attribute subsets by themselves in a second pass */
+ continue;
+ }
+
+ fprintf( fp, "replica: %s\n", op->o_bd->be_replica[i]->ri_host );
+#ifdef NO_LOG_WHEN_NO_REPLICAS
+ ++count;
+#endif
+ }
+
+#ifdef NO_LOG_WHEN_NO_REPLICAS
+ if ( count == 0 && subsets == 0 ) {
+ /* if no replicas matched, drop the log
+ * (should we log it anyway?) */
+ lock_fclose( fp, lfp );
+ ldap_pvt_thread_mutex_unlock( &replog_mutex );
+
+ return;
+ }
+#endif
+
+ replog1( NULL, op, fp, now );
+
+ if ( subsets > 0 ) {
+ for ( i = subsets - 1; op->o_bd->be_replica[i] != NULL; i++ ) {
+
+ /* If no attrs, we already did this above */
+ if ( op->o_bd->be_replica[i]->ri_attrs == NULL ) {
+ continue;
+ }
+
+ /* check if dn's suffix matches legal suffixes, if any */
+ if ( op->o_bd->be_replica[i]->ri_nsuffix != NULL ) {
+ int j;
+
+ for ( j = 0; op->o_bd->be_replica[i]->ri_nsuffix[j].bv_val; j++ ) {
+ if ( dnIsSuffix( &op->o_req_ndn, &op->o_bd->be_replica[i]->ri_nsuffix[j] ) ) {
+ break;
+ }
+ }
+
+ if ( !op->o_bd->be_replica[i]->ri_nsuffix[j].bv_val ) {
+ /* no matching suffix found, skip it */
+ continue;
+ }
+ }
+ switch( op->o_tag ) {
+ case LDAP_REQ_EXTENDED:
+ /* quick hack for extended operations */
+ /* assume change parameter is a Modifications* */
+ /* fall thru */
+ case LDAP_REQ_MODIFY:
+ case LDAP_REQ_ADD:
+ break;
+ default:
+ /* Other operations were logged in the first pass */
+ continue;
+ }
+ replog1( op->o_bd->be_replica[i], op, fp, now );
+ }
+ }
+
+ lock_fclose( fp, lfp );
+ ldap_pvt_thread_mutex_unlock( &replog_mutex );
+}
+
+static void
+rephdr(
+ struct slap_replica_info *ri,
+ Operation *op,
+ FILE *fp,
+ long now
+)
+{
+ if ( ri ) {
+ fprintf( fp, "replica: %s\n", ri->ri_host );
+ }
+ fprintf( fp, "time: %ld\n", now );
+ fprintf( fp, "dn: %s\n", op->o_req_dn.bv_val );
+}
+
+static void
+replog1(
+ struct slap_replica_info *ri,
+ Operation *op,
+ FILE *fp,
+ long now
+)
+{
+ Modifications *ml;
+ Attribute *a;
+ AttributeName *an;
+ int dohdr = 1, ocs = -1;
+ struct berval vals[2];
+
+ vals[1].bv_val = NULL;
+ vals[1].bv_len = 0;
+
+ switch ( op->o_tag ) {
+ case LDAP_REQ_EXTENDED:
+ /* quick hack for extended operations */
+ /* assume change parameter is a Modifications* */
+ /* fall thru */
+
+ case LDAP_REQ_MODIFY:
+ for ( ml = op->orm_modlist; ml != NULL; ml = ml->sml_next ) {
+ char *did = NULL, *type = ml->sml_desc->ad_cname.bv_val;
+ switch ( ml->sml_op ) {
+ case LDAP_MOD_ADD:
+ did = "add"; break;
+
+ case LDAP_MOD_DELETE:
+ did = "delete"; break;
+
+ case LDAP_MOD_REPLACE:
+ did = "replace"; break;
+
+ case LDAP_MOD_INCREMENT:
+ did = "increment"; break;
+ }
+ if ( ri && ri->ri_attrs ) {
+ int is_in = ad_inlist( ml->sml_desc, ri->ri_attrs );
+
+ /* skip if:
+ * 1) the attribute is not in the list,
+ * and it's not an exclusion list
+ * 2) the attribute is in the list
+ * and it's an exclusion list,
+ * and either the objectClass attribute
+ * has already been dealt with or
+ * this is not the objectClass attr
+ */
+ if ( ( !is_in && !ri->ri_exclude )
+ || ( ( is_in && ri->ri_exclude )
+ && ( !ocs || ml->sml_desc != slap_schema.si_ad_objectClass ) ) )
+ {
+ continue;
+ }
+
+ /* If this is objectClass, see if the value is included
+ * in any subset, otherwise drop it.
+ */
+ if ( ocs && ml->sml_desc == slap_schema.si_ad_objectClass
+ && ml->sml_values )
+ {
+ int i, first = 1;
+
+ if ( ocs == -1 ) ocs = 0;
+
+ for ( i=0; ml->sml_values[i].bv_val; i++ ) {
+ int match = 0;
+ for ( an = ri->ri_attrs; an->an_name.bv_val; an++ ) {
+ if ( an->an_oc ) {
+ struct berval bv = an->an_name;
+
+ ocs = 1;
+ match |= an->an_oc_exclude;
+
+ switch ( bv.bv_val[ 0 ] ) {
+ case '@':
+ case '+':
+ case '!':
+ bv.bv_val++;
+ bv.bv_len--;
+ break;
+ }
+
+ if ( ml->sml_values[i].bv_len == bv.bv_len
+ && !strcasecmp(ml->sml_values[i].bv_val,
+ bv.bv_val ) )
+ {
+ match = !an->an_oc_exclude;
+ break;
+ }
+ }
+ }
+ /* Objectclasses need no special treatment, drop into
+ * regular processing
+ */
+ if ( !ocs ) break;
+
+ match ^= ri->ri_exclude;
+ /* Found a match, log it */
+ if ( match ) {
+ if ( dohdr ) {
+ rephdr( ri, op, fp, now );
+ fprintf( fp, "changetype: modify\n" );
+ dohdr = 0;
+ }
+ if ( first ) {
+ fprintf( fp, "%s: %s\n", did, type );
+ first = 0;
+ }
+ vals[0] = ml->sml_values[i];
+ print_vals( fp, &ml->sml_desc->ad_cname, vals );
+ ocs = 2;
+ }
+
+ }
+ /* Explicit objectclasses have been handled already */
+ if ( ocs ) {
+ if ( ocs == 2 ) {
+ fprintf( fp, "-\n" );
+ }
+ continue;
+ }
+ }
+ }
+ if ( dohdr ) {
+ rephdr( ri, op, fp, now );
+ fprintf( fp, "changetype: modify\n" );
+ dohdr = 0;
+ }
+ fprintf( fp, "%s: %s\n", did, type );
+ if ( ml->sml_values ) {
+ print_vals( fp, &ml->sml_desc->ad_cname, ml->sml_values );
+ }
+ fprintf( fp, "-\n" );
+ }
+ break;
+
+ case LDAP_REQ_ADD:
+ for ( a = op->ora_e->e_attrs ; a != NULL; a=a->a_next ) {
+ if ( ri && ri->ri_attrs ) {
+ int is_in = ad_inlist( a->a_desc, ri->ri_attrs );
+
+ /* skip if:
+ * 1) the attribute is not in the list,
+ * and it's not an exclusion list
+ * 2) the attribute is in the list
+ * and it's an exclusion list,
+ * and either the objectClass attribute
+ * has already been dealt with or
+ * this is not the objectClass attr
+ */
+ if ( ( !is_in && !ri->ri_exclude )
+ || ( ( is_in && ri->ri_exclude )
+ && ( !ocs || a->a_desc != slap_schema.si_ad_objectClass ) ) )
+ {
+ continue;
+ }
+
+ /* If the list includes objectClass names,
+ * only include those classes in the
+ * objectClass attribute
+ */
+ if ( ocs && a->a_desc == slap_schema.si_ad_objectClass ) {
+ int i;
+
+ if ( ocs == -1 ) ocs = 0;
+
+ for ( i=0; a->a_vals[i].bv_val; i++ ) {
+ int match = 0;
+ for ( an = ri->ri_attrs; an->an_name.bv_val; an++ ) {
+ if ( an->an_oc ) {
+ struct berval bv = an->an_name;
+
+ ocs = 1;
+ match |= an->an_oc_exclude;
+
+ switch ( bv.bv_val[ 0 ] ) {
+ case '@':
+ case '+':
+ case '!':
+ bv.bv_val++;
+ bv.bv_len--;
+ break;
+ }
+
+ if ( a->a_vals[i].bv_len == bv.bv_len
+ && !strcasecmp(a->a_vals[i].bv_val,
+ bv.bv_val ) )
+ {
+ match = !an->an_oc_exclude;
+ break;
+ }
+ }
+ }
+ if ( !ocs ) break;
+
+ match ^= ri->ri_exclude;
+ if ( match ) {
+ if ( dohdr ) {
+ rephdr( ri, op, fp, now );
+ fprintf( fp, "changetype: add\n" );
+ dohdr = 0;
+ }
+ vals[0] = a->a_nvals[i];
+ print_vals( fp, &a->a_desc->ad_cname, vals );
+ }
+ }
+ if ( ocs ) continue;
+ }
+ }
+ if ( dohdr ) {
+ rephdr( ri, op, fp, now );
+ fprintf( fp, "changetype: add\n" );
+ dohdr = 0;
+ }
+ print_vals( fp, &a->a_desc->ad_cname, a->a_vals );
+ }
+ break;
+
+ case LDAP_REQ_DELETE:
+ rephdr( ri, op, fp, now );
+ fprintf( fp, "changetype: delete\n" );
+ break;
+
+ case LDAP_REQ_MODRDN:
+ rephdr( ri, op, fp, now );
+ fprintf( fp, "changetype: modrdn\n" );
+ fprintf( fp, "newrdn: %s\n", op->orr_newrdn.bv_val );
+ fprintf( fp, "deleteoldrdn: %d\n", op->orr_deleteoldrdn ? 1 : 0 );
+ if( op->orr_newSup != NULL ) {
+ fprintf( fp, "newsuperior: %s\n", op->orr_newSup->bv_val );
+ }
+ }
+ fprintf( fp, "\n" );
+}
+
+static void
+print_vals(
+ FILE *fp,
+ struct berval *type,
+ struct berval *bv )
+{
+ ber_len_t i, len;
+ char *buf, *bufp;
+
+ for ( i = 0, len = 0; bv && bv[i].bv_val; i++ ) {
+ if ( bv[i].bv_len > len )
+ len = bv[i].bv_len;
+ }
+
+ len = LDIF_SIZE_NEEDED( type->bv_len, len ) + 1;
+ buf = (char *) ch_malloc( len );
+
+ for ( ; bv && bv->bv_val; bv++ ) {
+ bufp = buf;
+ ldif_sput( &bufp, LDIF_PUT_VALUE, type->bv_val,
+ bv->bv_val, bv->bv_len );
+ *bufp = '\0';
+
+ fputs( buf, fp );
+
+ }
+ free( buf );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/result.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/result.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/result.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1603 @@
+/* result.c - routines to send ldap results, errors, and referrals */
+/* $OpenLDAP: pkg/ldap/servers/slapd/result.c,v 1.244.2.22 2007/01/02 21:43:57 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/errno.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include "slap.h"
+
+const struct berval slap_dummy_bv = BER_BVNULL;
+
+int slap_null_cb( Operation *op, SlapReply *rs )
+{
+ return 0;
+}
+
+int slap_freeself_cb( Operation *op, SlapReply *rs )
+{
+ assert( op->o_callback != NULL );
+
+ op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
+ op->o_callback = NULL;
+
+ return SLAP_CB_CONTINUE;
+}
+
+int slap_replog_cb( Operation *op, SlapReply *rs )
+{
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ replog( op );
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+static char *v2ref( BerVarray ref, const char *text )
+{
+ size_t len = 0, i = 0;
+ char *v2;
+
+ if(ref == NULL) {
+ if (text) {
+ return ch_strdup(text);
+ } else {
+ return NULL;
+ }
+ }
+
+ if ( text != NULL ) {
+ len = strlen( text );
+ if (text[len-1] != '\n') {
+ i = 1;
+ }
+ }
+
+ v2 = ch_malloc( len+i+sizeof("Referral:") );
+
+ if( text != NULL ) {
+ strcpy(v2, text);
+ if( i ) {
+ v2[len++] = '\n';
+ }
+ }
+ strcpy( v2+len, "Referral:" );
+ len += sizeof("Referral:");
+
+ for( i=0; ref[i].bv_val != NULL; i++ ) {
+ v2 = ch_realloc( v2, len + ref[i].bv_len + 1 );
+ v2[len-1] = '\n';
+ AC_MEMCPY(&v2[len], ref[i].bv_val, ref[i].bv_len );
+ len += ref[i].bv_len;
+ if (ref[i].bv_val[ref[i].bv_len-1] != '/') {
+ ++len;
+ }
+ }
+
+ v2[len-1] = '\0';
+ return v2;
+}
+
+ber_tag_t
+slap_req2res( ber_tag_t tag )
+{
+ switch( tag ) {
+ case LDAP_REQ_ADD:
+ case LDAP_REQ_BIND:
+ case LDAP_REQ_COMPARE:
+ case LDAP_REQ_EXTENDED:
+ case LDAP_REQ_MODIFY:
+ case LDAP_REQ_MODRDN:
+ tag++;
+ break;
+
+ case LDAP_REQ_DELETE:
+ tag = LDAP_RES_DELETE;
+ break;
+
+ case LDAP_REQ_ABANDON:
+ case LDAP_REQ_UNBIND:
+ tag = LBER_SEQUENCE;
+ break;
+
+ case LDAP_REQ_SEARCH:
+ tag = LDAP_RES_SEARCH_RESULT;
+ break;
+
+ default:
+ tag = LBER_SEQUENCE;
+ }
+
+ return tag;
+}
+
+static long send_ldap_ber(
+ Connection *conn,
+ BerElement *ber )
+{
+ ber_len_t bytes;
+
+ ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
+
+ /* write only one pdu at a time - wait til it's our turn */
+ ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
+
+ /* lock the connection */
+ ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+
+ /* write the pdu */
+ while( 1 ) {
+ int err;
+ ber_socket_t sd;
+
+ if ( connection_state_closing( conn ) ) {
+ ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+ ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
+
+ return 0;
+ }
+
+ if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
+ break;
+ }
+
+ err = errno;
+
+ /*
+ * we got an error. if it's ewouldblock, we need to
+ * wait on the socket being writable. otherwise, figure
+ * it's a hard error and return.
+ */
+
+ Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
+ err, sock_errstr(err), 0 );
+
+ if ( err != EWOULDBLOCK && err != EAGAIN ) {
+ connection_closing( conn, "connection lost on write" );
+
+ ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+ ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
+
+ return( -1 );
+ }
+
+ /* wait for socket to be write-ready */
+ conn->c_writewaiter = 1;
+ ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
+ slapd_set_write( sd, 1 );
+
+ ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
+ conn->c_writewaiter = 0;
+ }
+
+ ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+ ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
+
+ return bytes;
+}
+
+static int
+send_ldap_control( BerElement *ber, LDAPControl *c )
+{
+ int rc;
+
+ assert( c != NULL );
+
+ rc = ber_printf( ber, "{s" /*}*/, c->ldctl_oid );
+
+ if( c->ldctl_iscritical ) {
+ rc = ber_printf( ber, "b",
+ (ber_int_t) c->ldctl_iscritical ) ;
+ if( rc == -1 ) return rc;
+ }
+
+ if( c->ldctl_value.bv_val != NULL ) {
+ rc = ber_printf( ber, "O", &c->ldctl_value );
+ if( rc == -1 ) return rc;
+ }
+
+ rc = ber_printf( ber, /*{*/"N}" );
+ if( rc == -1 ) return rc;
+
+ return 0;
+}
+
+static int
+send_ldap_controls( Operation *o, BerElement *ber, LDAPControl **c )
+{
+ int rc;
+
+ if( c == NULL )
+ return 0;
+
+ rc = ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS );
+ if( rc == -1 ) return rc;
+
+ for( ; *c != NULL; c++) {
+ rc = send_ldap_control( ber, *c );
+ if( rc == -1 ) return rc;
+ }
+
+#ifdef LDAP_DEVEL
+ /* this is a hack to avoid having to modify op->s_ctrls */
+ if( o->o_sortedresults ) {
+ BerElementBuffer berbuf;
+ BerElement *sber = (BerElement *) &berbuf;
+ LDAPControl sorted;
+ BER_BVZERO( &sorted.ldctl_value );
+ sorted.ldctl_oid = LDAP_CONTROL_SORTRESPONSE;
+ sorted.ldctl_iscritical = 0;
+
+ ber_init2( sber, NULL, LBER_USE_DER );
+
+ ber_printf( sber, "{e}", LDAP_UNWILLING_TO_PERFORM );
+
+ if( ber_flatten2( ber, &sorted.ldctl_value, 0 ) == -1 ) {
+ return -1;
+ }
+
+ (void) ber_free_buf( ber );
+
+ rc = send_ldap_control( ber, &sorted );
+ if( rc == -1 ) return rc;
+ }
+#endif
+
+ rc = ber_printf( ber, /*{*/"N}" );
+
+ return rc;
+}
+
+static int
+send_ldap_response(
+ Operation *op,
+ SlapReply *rs )
+{
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *) &berbuf;
+ int rc = LDAP_SUCCESS;
+ long bytes;
+
+ if ( rs->sr_err == SLAPD_ABANDON ) {
+ rc = SLAPD_ABANDON;
+ goto clean2;
+ }
+
+ if ( op->o_callback ) {
+ slap_callback *sc = op->o_callback, **sc_prev = &sc, *sc_next;
+
+ rc = SLAP_CB_CONTINUE;
+ for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
+ sc_next = op->o_callback->sc_next;
+ if ( op->o_callback->sc_response ) {
+ slap_callback *sc2 = op->o_callback;
+ rc = op->o_callback->sc_response( op, rs );
+ if ( op->o_callback != sc2 ) {
+ *sc_prev = op->o_callback;
+ }
+ if ( rc != SLAP_CB_CONTINUE || !op->o_callback ) break;
+ if ( op->o_callback != sc2 ) continue;
+ }
+ sc_prev = &op->o_callback->sc_next;
+ }
+
+ op->o_callback = sc;
+ if ( rc != SLAP_CB_CONTINUE ) goto clean2;
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ if (op->o_conn && op->o_conn->c_is_udp)
+ ber = op->o_res_ber;
+ else
+#endif
+ {
+ ber_init_w_nullc( ber, LBER_USE_DER );
+ ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "send_ldap_response: msgid=%d tag=%lu err=%d\n",
+ rs->sr_msgid, rs->sr_tag, rs->sr_err );
+
+ if( rs->sr_ref ) {
+ Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=\"%s\"\n",
+ rs->sr_ref[0].bv_val ? rs->sr_ref[0].bv_val : "NULL",
+ NULL, NULL );
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ if (op->o_conn && op->o_conn->c_is_udp &&
+ op->o_protocol == LDAP_VERSION2 )
+ {
+ rc = ber_printf( ber, "t{ess" /*"}"*/,
+ rs->sr_tag, rs->sr_err,
+ rs->sr_matched == NULL ? "" : rs->sr_matched,
+ rs->sr_text == NULL ? "" : rs->sr_text );
+ } else
+#endif
+ if ( rs->sr_type == REP_INTERMEDIATE ) {
+ rc = ber_printf( ber, "{it{" /*"}}"*/,
+ rs->sr_msgid, rs->sr_tag );
+
+ } else {
+ rc = ber_printf( ber, "{it{ess" /*"}}"*/,
+ rs->sr_msgid, rs->sr_tag, rs->sr_err,
+ rs->sr_matched == NULL ? "" : rs->sr_matched,
+ rs->sr_text == NULL ? "" : rs->sr_text );
+ }
+
+ if( rc != -1 ) {
+ if ( rs->sr_ref != NULL ) {
+ assert( rs->sr_err == LDAP_REFERRAL );
+ rc = ber_printf( ber, "t{W}",
+ LDAP_TAG_REFERRAL, rs->sr_ref );
+ } else {
+ assert( rs->sr_err != LDAP_REFERRAL );
+ }
+ }
+
+ if( rc != -1 && rs->sr_type == REP_SASL && rs->sr_sasldata != NULL ) {
+ rc = ber_printf( ber, "tO",
+ LDAP_TAG_SASL_RES_CREDS, rs->sr_sasldata );
+ }
+
+ if( rc != -1 &&
+ ( rs->sr_type == REP_EXTENDED || rs->sr_type == REP_INTERMEDIATE ))
+ {
+ if ( rs->sr_rspoid != NULL ) {
+ rc = ber_printf( ber, "ts",
+ rs->sr_type == REP_EXTENDED
+ ? LDAP_TAG_EXOP_RES_OID : LDAP_TAG_IM_RES_OID,
+ rs->sr_rspoid );
+ }
+ if( rc != -1 && rs->sr_rspdata != NULL ) {
+ rc = ber_printf( ber, "tO",
+ rs->sr_type == REP_EXTENDED
+ ? LDAP_TAG_EXOP_RES_VALUE : LDAP_TAG_IM_RES_VALUE,
+ rs->sr_rspdata );
+ }
+ }
+
+ if( rc != -1 ) {
+ rc = ber_printf( ber, /*"{"*/ "N}" );
+ }
+
+ if( rc != -1 ) {
+ rc = send_ldap_controls( op, ber, rs->sr_ctrls );
+ }
+
+ if( rc != -1 ) {
+ rc = ber_printf( ber, /*"{"*/ "N}" );
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ if( op->o_conn && op->o_conn->c_is_udp && op->o_protocol == LDAP_VERSION2
+ && rc != -1 )
+ {
+ rc = ber_printf( ber, /*"{"*/ "N}" );
+ }
+#endif
+
+ if ( rc == -1 ) {
+ Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
+
+#ifdef LDAP_CONNECTIONLESS
+ if (!op->o_conn || op->o_conn->c_is_udp == 0)
+#endif
+ {
+ ber_free_buf( ber );
+ }
+ goto cleanup;
+ }
+
+ /* send BER */
+ bytes = send_ldap_ber( op->o_conn, ber );
+#ifdef LDAP_CONNECTIONLESS
+ if (!op->o_conn || op->o_conn->c_is_udp == 0)
+#endif
+ {
+ ber_free_buf( ber );
+ }
+
+ if ( bytes < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_ldap_response: ber write failed\n",
+ 0, 0, 0 );
+
+ goto cleanup;
+ }
+
+ ldap_pvt_thread_mutex_lock( &slap_counters.sc_sent_mutex );
+ ldap_pvt_mp_add_ulong( slap_counters.sc_pdu, 1 );
+ ldap_pvt_mp_add_ulong( slap_counters.sc_bytes, (unsigned long)bytes );
+ ldap_pvt_thread_mutex_unlock( &slap_counters.sc_sent_mutex );
+
+cleanup:;
+ /* Tell caller that we did this for real, as opposed to being
+ * overridden by a callback
+ */
+ rc = SLAP_CB_CONTINUE;
+
+clean2:;
+ if ( op->o_callback ) {
+ slap_callback *sc = op->o_callback, **sc_prev = &sc, *sc_next;
+
+ for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
+ sc_next = op->o_callback->sc_next;
+ if ( op->o_callback->sc_cleanup ) {
+ slap_callback *sc2 = op->o_callback;
+ (void)op->o_callback->sc_cleanup( op, rs );
+ if ( op->o_callback != sc2 ) {
+ *sc_prev = op->o_callback;
+ }
+ if ( !op->o_callback ) break;
+ if ( op->o_callback != sc2 ) continue;
+ }
+ sc_prev = &op->o_callback->sc_next;
+ }
+ op->o_callback = sc;
+ }
+
+
+ if ( rs->sr_matched && rs->sr_flags & REP_MATCHED_MUSTBEFREED ) {
+ free( (char *)rs->sr_matched );
+ rs->sr_matched = NULL;
+ }
+
+ if ( rs->sr_ref && rs->sr_flags & REP_REF_MUSTBEFREED ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+
+ return rc;
+}
+
+
+void
+send_ldap_disconnect( Operation *op, SlapReply *rs )
+{
+#define LDAP_UNSOLICITED_ERROR(e) \
+ ( (e) == LDAP_PROTOCOL_ERROR \
+ || (e) == LDAP_STRONG_AUTH_REQUIRED \
+ || (e) == LDAP_UNAVAILABLE )
+
+ assert( LDAP_UNSOLICITED_ERROR( rs->sr_err ) );
+
+ rs->sr_type = REP_EXTENDED;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "send_ldap_disconnect %d:%s\n",
+ rs->sr_err, rs->sr_text ? rs->sr_text : "", NULL );
+
+ if ( op->o_protocol < LDAP_VERSION3 ) {
+ rs->sr_rspoid = NULL;
+ rs->sr_tag = slap_req2res( op->o_tag );
+ rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
+
+ } else {
+ rs->sr_rspoid = LDAP_NOTICE_DISCONNECT;
+ rs->sr_tag = LDAP_RES_EXTENDED;
+ rs->sr_msgid = 0;
+ }
+
+ if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) {
+ Statslog( LDAP_DEBUG_STATS,
+ "%s DISCONNECT tag=%lu err=%d text=%s\n",
+ op->o_log_prefix, rs->sr_tag, rs->sr_err,
+ rs->sr_text ? rs->sr_text : "", 0 );
+ }
+}
+
+void
+slap_send_ldap_result( Operation *op, SlapReply *rs )
+{
+ char *tmp = NULL;
+ const char *otext = rs->sr_text;
+ BerVarray oref = rs->sr_ref;
+
+ rs->sr_type = REP_RESULT;
+
+ /* Propagate Abandons so that cleanup callbacks can be processed */
+ if ( rs->sr_err == SLAPD_ABANDON )
+ goto abandon;
+
+ assert( !LDAP_API_ERROR( rs->sr_err ) );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "send_ldap_result: %s p=%d\n",
+ op->o_log_prefix, op->o_protocol, 0 );
+
+ Debug( LDAP_DEBUG_ARGS,
+ "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n",
+ rs->sr_err, rs->sr_matched ? rs->sr_matched : "",
+ rs->sr_text ? rs->sr_text : "" );
+
+
+ if( rs->sr_ref ) {
+ Debug( LDAP_DEBUG_ARGS,
+ "send_ldap_result: referral=\"%s\"\n",
+ rs->sr_ref[0].bv_val ? rs->sr_ref[0].bv_val : "NULL",
+ NULL, NULL );
+ }
+
+ assert( rs->sr_err != LDAP_PARTIAL_RESULTS );
+
+ if ( rs->sr_err == LDAP_REFERRAL ) {
+ if( op->o_domain_scope ) rs->sr_ref = NULL;
+
+ if( rs->sr_ref == NULL ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else if ( op->o_protocol < LDAP_VERSION3 ) {
+ rs->sr_err = LDAP_PARTIAL_RESULTS;
+ }
+ }
+
+ if ( op->o_protocol < LDAP_VERSION3 ) {
+ tmp = v2ref( rs->sr_ref, rs->sr_text );
+ rs->sr_text = tmp;
+ rs->sr_ref = NULL;
+ }
+
+ rs->sr_tag = slap_req2res( op->o_tag );
+ rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
+
+abandon:
+ if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) {
+ if ( op->o_tag == LDAP_REQ_SEARCH ) {
+ char nbuf[64];
+ snprintf( nbuf, sizeof nbuf, "%d nentries=%d",
+ rs->sr_err, rs->sr_nentries );
+
+ Statslog( LDAP_DEBUG_STATS,
+ "%s SEARCH RESULT tag=%lu err=%s text=%s\n",
+ op->o_log_prefix, rs->sr_tag, nbuf,
+ rs->sr_text ? rs->sr_text : "", 0 );
+ } else {
+ Statslog( LDAP_DEBUG_STATS,
+ "%s RESULT tag=%lu err=%d text=%s\n",
+ op->o_log_prefix, rs->sr_tag, rs->sr_err,
+ rs->sr_text ? rs->sr_text : "", 0 );
+ }
+ }
+
+ if( tmp != NULL ) ch_free(tmp);
+ rs->sr_text = otext;
+ rs->sr_ref = oref;
+}
+
+void
+send_ldap_sasl( Operation *op, SlapReply *rs )
+{
+ rs->sr_type = REP_SASL;
+ Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl: err=%d len=%ld\n",
+ rs->sr_err,
+ rs->sr_sasldata ? (long) rs->sr_sasldata->bv_len : -1, NULL );
+
+ rs->sr_tag = slap_req2res( op->o_tag );
+ rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
+
+ if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) {
+ Statslog( LDAP_DEBUG_STATS,
+ "%s RESULT tag=%lu err=%d text=%s\n",
+ op->o_log_prefix, rs->sr_tag, rs->sr_err,
+ rs->sr_text ? rs->sr_text : "", 0 );
+ }
+}
+
+void
+slap_send_ldap_extended( Operation *op, SlapReply *rs )
+{
+ rs->sr_type = REP_EXTENDED;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "send_ldap_extended: err=%d oid=%s len=%ld\n",
+ rs->sr_err,
+ rs->sr_rspoid ? rs->sr_rspoid : "",
+ rs->sr_rspdata != NULL ? rs->sr_rspdata->bv_len : 0 );
+
+ rs->sr_tag = slap_req2res( op->o_tag );
+ rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
+
+ if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) {
+ Statslog( LDAP_DEBUG_STATS,
+ "%s RESULT oid=%s err=%d text=%s\n",
+ op->o_log_prefix, rs->sr_rspoid ? rs->sr_rspoid : "",
+ rs->sr_err, rs->sr_text ? rs->sr_text : "", 0 );
+ }
+}
+
+void
+slap_send_ldap_intermediate( Operation *op, SlapReply *rs )
+{
+ rs->sr_type = REP_INTERMEDIATE;
+ Debug( LDAP_DEBUG_TRACE,
+ "send_ldap_intermediate: err=%d oid=%s len=%ld\n",
+ rs->sr_err,
+ rs->sr_rspoid ? rs->sr_rspoid : "",
+ rs->sr_rspdata != NULL ? rs->sr_rspdata->bv_len : 0 );
+ rs->sr_tag = LDAP_RES_INTERMEDIATE;
+ rs->sr_msgid = op->o_msgid;
+ if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) {
+ Statslog( LDAP_DEBUG_STATS2,
+ "%s INTERM oid=%s\n",
+ op->o_log_prefix,
+ rs->sr_rspoid ? rs->sr_rspoid : "", 0, 0, 0 );
+ }
+}
+
+/*
+ * returns:
+ *
+ * LDAP_SUCCESS entry sent
+ * LDAP_OTHER entry not sent (other)
+ * LDAP_INSUFFICIENT_ACCESS entry not sent (ACL)
+ * LDAP_UNAVAILABLE entry not sent (connection closed)
+ * LDAP_SIZELIMIT_EXCEEDED entry not sent (caller must send sizelimitExceeded)
+ */
+
+int
+slap_send_search_entry( Operation *op, SlapReply *rs )
+{
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *) &berbuf;
+ Attribute *a;
+ int i, j, rc = LDAP_UNAVAILABLE, bytes;
+ char *edn;
+ int userattrs;
+ AccessControlState acl_state = ACL_STATE_INIT;
+ int attrsonly;
+ AttributeDescription *ad_entry = slap_schema.si_ad_entry;
+
+ /* a_flags: array of flags telling if the i-th element will be
+ * returned or filtered out
+ * e_flags: array of a_flags
+ */
+ char **e_flags = NULL;
+
+ if ( op->ors_slimit >= 0 && rs->sr_nentries >= op->ors_slimit ) {
+ return LDAP_SIZELIMIT_EXCEEDED;
+ }
+
+ rs->sr_type = REP_SEARCH;
+
+ /* eventually will loop through generated operational attribute types
+ * currently implemented types include:
+ * entryDN, subschemaSubentry, and hasSubordinates */
+ /* NOTE: moved before overlays callback circling because
+ * they may modify entry and other stuff in rs */
+ /* check for special all operational attributes ("+") type */
+ /* FIXME: maybe we could se this flag at the operation level;
+ * however, in principle the caller of send_search_entry() may
+ * change the attribute list at each call */
+ rs->sr_attr_flags = slap_attr_flags( rs->sr_attrs );
+
+ rc = backend_operational( op, rs );
+ if ( rc ) {
+ goto error_return;
+ }
+
+ if ( op->o_callback ) {
+ slap_callback *sc = op->o_callback, **sc_prev = &sc, *sc_next;
+
+ rc = SLAP_CB_CONTINUE;
+ for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next )
+ {
+ sc_next = op->o_callback->sc_next;
+ if ( op->o_callback->sc_response ) {
+ slap_callback *sc2 = op->o_callback;
+ rc = op->o_callback->sc_response( op, rs );
+ if ( op->o_callback != sc2 ) {
+ *sc_prev = op->o_callback;
+ }
+ if ( rc != SLAP_CB_CONTINUE || !op->o_callback ) break;
+ if ( op->o_callback != sc2 ) continue;
+ }
+ sc_prev = &op->o_callback->sc_next;
+ }
+
+ op->o_callback = sc;
+ if ( rc != SLAP_CB_CONTINUE ) goto error_return;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: conn %lu dn=\"%s\"%s\n",
+ op->o_connid, rs->sr_entry->e_name.bv_val,
+ op->ors_attrsonly ? " (attrsOnly)" : "" );
+
+ attrsonly = op->ors_attrsonly;
+
+ if ( !access_allowed( op, rs->sr_entry, ad_entry, NULL, ACL_READ, NULL )) {
+ Debug( LDAP_DEBUG_ACL,
+ "send_search_entry: conn %lu access to entry (%s) not allowed\n",
+ op->o_connid, rs->sr_entry->e_name.bv_val, 0 );
+
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ goto error_return;
+ }
+
+ edn = rs->sr_entry->e_nname.bv_val;
+
+ if ( op->o_res_ber ) {
+ /* read back control or LDAP_CONNECTIONLESS */
+ ber = op->o_res_ber;
+ } else {
+ struct berval bv;
+
+ bv.bv_len = entry_flatsize( rs->sr_entry, 0 );
+ bv.bv_val = op->o_tmpalloc( bv.bv_len, op->o_tmpmemctx );
+
+ ber_init2( ber, &bv, LBER_USE_DER );
+ ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ if ( op->o_conn && op->o_conn->c_is_udp ) {
+ /* CONNECTIONLESS */
+ if ( op->o_protocol == LDAP_VERSION2 ) {
+ rc = ber_printf(ber, "t{O{" /*}}*/,
+ LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
+ } else {
+ rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid,
+ LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
+ }
+ } else
+#endif
+ if ( op->o_res_ber ) {
+ /* read back control */
+ rc = ber_printf( ber, "{O{" /*}}*/, &rs->sr_entry->e_name );
+ } else {
+ rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid,
+ LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
+ }
+
+ if ( rc == -1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_search_entry: conn %lu ber_printf failed\n",
+ op->o_connid, 0, 0 );
+
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
+ send_ldap_error( op, rs, LDAP_OTHER, "encoding DN error" );
+ rc = rs->sr_err;
+ goto error_return;
+ }
+
+ /* check for special all user attributes ("*") type */
+ userattrs = SLAP_USERATTRS( rs->sr_attr_flags );
+
+ /* create an array of arrays of flags. Each flag corresponds
+ * to particular value of attribute and equals 1 if value matches
+ * to ValuesReturnFilter or 0 if not
+ */
+ if ( op->o_vrFilter != NULL ) {
+ int k = 0;
+ size_t size;
+
+ for ( a = rs->sr_entry->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+ for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++;
+ }
+
+ size = i * sizeof(char *) + k;
+ if ( size > 0 ) {
+ char *a_flags;
+ e_flags = slap_sl_calloc ( 1, i * sizeof(char *) + k, op->o_tmpmemctx );
+ if( e_flags == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_search_entry: conn %lu slap_sl_calloc failed\n",
+ op->o_connid ? op->o_connid : 0, 0, 0 );
+ ber_free( ber, 1 );
+
+ send_ldap_error( op, rs, LDAP_OTHER, "out of memory" );
+ goto error_return;
+ }
+ a_flags = (char *)(e_flags + i);
+ memset( a_flags, 0, k );
+ for ( a=rs->sr_entry->e_attrs, i=0; a != NULL; a=a->a_next, i++ ) {
+ for ( j = 0; a->a_vals[j].bv_val != NULL; j++ );
+ e_flags[i] = a_flags;
+ a_flags += j;
+ }
+
+ rc = filter_matched_values(op, rs->sr_entry->e_attrs, &e_flags) ;
+ if ( rc == -1 ) {
+ Debug( LDAP_DEBUG_ANY, "send_search_entry: "
+ "conn %lu matched values filtering failed\n",
+ op->o_connid ? op->o_connid : 0, 0, 0 );
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "matched values filtering error" );
+ rc = rs->sr_err;
+ goto error_return;
+ }
+ }
+ }
+
+ for ( a = rs->sr_entry->e_attrs, j = 0; a != NULL; a = a->a_next, j++ ) {
+ AttributeDescription *desc = a->a_desc;
+ int finish = 0;
+
+ if ( rs->sr_attrs == NULL ) {
+ /* all user attrs request, skip operational attributes */
+ if( is_at_operational( desc->ad_type ) ) {
+ continue;
+ }
+
+ } else {
+ /* specific attrs requested */
+ if ( is_at_operational( desc->ad_type ) ) {
+ if ( !SLAP_OPATTRS( rs->sr_attr_flags ) &&
+ !ad_inlist( desc, rs->sr_attrs ) )
+ {
+ continue;
+ }
+
+ } else {
+ if ( !userattrs && !ad_inlist( desc, rs->sr_attrs ) ) {
+ continue;
+ }
+ }
+ }
+
+ if ( attrsonly ) {
+ if ( ! access_allowed( op, rs->sr_entry, desc, NULL,
+ ACL_READ, &acl_state ) )
+ {
+ Debug( LDAP_DEBUG_ACL, "send_search_entry: "
+ "conn %lu access to attribute %s not allowed\n",
+ op->o_connid, desc->ad_cname.bv_val, 0 );
+ continue;
+ }
+
+ if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_search_entry: conn %lu ber_printf failed\n",
+ op->o_connid, 0, 0 );
+
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "encoding description error");
+ rc = rs->sr_err;
+ goto error_return;
+ }
+ finish = 1;
+
+ } else {
+ int first = 1;
+ for ( i = 0; a->a_nvals[i].bv_val != NULL; i++ ) {
+ if ( ! access_allowed( op, rs->sr_entry,
+ desc, &a->a_nvals[i], ACL_READ, &acl_state ) )
+ {
+ Debug( LDAP_DEBUG_ACL,
+ "send_search_entry: conn %lu "
+ "access to attribute %s, value #%d not allowed\n",
+ op->o_connid, desc->ad_cname.bv_val, i );
+
+ continue;
+ }
+
+ if ( op->o_vrFilter && e_flags[j][i] == 0 ){
+ continue;
+ }
+
+ if ( first ) {
+ first = 0;
+ finish = 1;
+ if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_search_entry: conn %lu ber_printf failed\n",
+ op->o_connid, 0, 0 );
+
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "encoding description error");
+ rc = rs->sr_err;
+ goto error_return;
+ }
+ }
+ if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_search_entry: conn %lu "
+ "ber_printf failed.\n", op->o_connid, 0, 0 );
+
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "encoding values error" );
+ rc = rs->sr_err;
+ goto error_return;
+ }
+ }
+ }
+
+ if ( finish && ( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_search_entry: conn %lu ber_printf failed\n",
+ op->o_connid, 0, 0 );
+
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
+ send_ldap_error( op, rs, LDAP_OTHER, "encode end error" );
+ rc = rs->sr_err;
+ goto error_return;
+ }
+ }
+
+ /* NOTE: moved before overlays callback circling because
+ * they may modify entry and other stuff in rs */
+ if ( rs->sr_operational_attrs != NULL && op->o_vrFilter != NULL ) {
+ int k = 0;
+ size_t size;
+
+ for ( a = rs->sr_operational_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+ for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++;
+ }
+
+ size = i * sizeof(char *) + k;
+ if ( size > 0 ) {
+ char *a_flags, **tmp;
+
+ /*
+ * Reuse previous memory - we likely need less space
+ * for operational attributes
+ */
+ tmp = slap_sl_realloc( e_flags, i * sizeof(char *) + k,
+ op->o_tmpmemctx );
+ if ( tmp == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_search_entry: conn %lu "
+ "not enough memory "
+ "for matched values filtering\n",
+ op->o_connid, 0, 0 );
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "not enough memory for matched values filtering" );
+ goto error_return;
+ }
+ e_flags = tmp;
+ a_flags = (char *)(e_flags + i);
+ memset( a_flags, 0, k );
+ for ( a = rs->sr_operational_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+ for ( j = 0; a->a_vals[j].bv_val != NULL; j++ );
+ e_flags[i] = a_flags;
+ a_flags += j;
+ }
+ rc = filter_matched_values(op, rs->sr_operational_attrs, &e_flags) ;
+
+ if ( rc == -1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_search_entry: conn %lu "
+ "matched values filtering failed\n",
+ op->o_connid ? op->o_connid : 0, 0, 0);
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "matched values filtering error" );
+ rc = rs->sr_err;
+ goto error_return;
+ }
+ }
+ }
+
+ for (a = rs->sr_operational_attrs, j=0; a != NULL; a = a->a_next, j++ ) {
+ AttributeDescription *desc = a->a_desc;
+
+ if ( rs->sr_attrs == NULL ) {
+ /* all user attrs request, skip operational attributes */
+ if( is_at_operational( desc->ad_type ) ) {
+ continue;
+ }
+
+ } else {
+ /* specific attrs requested */
+ if( is_at_operational( desc->ad_type ) ) {
+ if ( !SLAP_OPATTRS( rs->sr_attr_flags ) &&
+ !ad_inlist( desc, rs->sr_attrs ) )
+ {
+ continue;
+ }
+ } else {
+ if ( !userattrs && !ad_inlist( desc, rs->sr_attrs ) ) {
+ continue;
+ }
+ }
+ }
+
+ if ( ! access_allowed( op, rs->sr_entry, desc, NULL,
+ ACL_READ, &acl_state ) )
+ {
+ Debug( LDAP_DEBUG_ACL,
+ "send_search_entry: conn %lu "
+ "access to attribute %s not allowed\n",
+ op->o_connid, desc->ad_cname.bv_val, 0 );
+
+ continue;
+ }
+
+ rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname );
+ if ( rc == -1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_search_entry: conn %lu "
+ "ber_printf failed\n", op->o_connid, 0, 0 );
+
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "encoding description error" );
+ rc = rs->sr_err;
+ goto error_return;
+ }
+
+ if ( ! attrsonly ) {
+ for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
+ if ( ! access_allowed( op, rs->sr_entry,
+ desc, &a->a_vals[i], ACL_READ, &acl_state ) )
+ {
+ Debug( LDAP_DEBUG_ACL,
+ "send_search_entry: conn %lu "
+ "access to %s, value %d not allowed\n",
+ op->o_connid, desc->ad_cname.bv_val, i );
+
+ continue;
+ }
+
+ if ( op->o_vrFilter && e_flags[j][i] == 0 ){
+ continue;
+ }
+
+ if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_search_entry: conn %lu ber_printf failed\n",
+ op->o_connid, 0, 0 );
+
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "encoding values error" );
+ rc = rs->sr_err;
+ goto error_return;
+ }
+ }
+ }
+
+ if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_search_entry: conn %lu ber_printf failed\n",
+ op->o_connid, 0, 0 );
+
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
+ send_ldap_error( op, rs, LDAP_OTHER, "encode end error" );
+ rc = rs->sr_err;
+ goto error_return;
+ }
+ }
+
+ /* free e_flags */
+ if ( e_flags ) {
+ slap_sl_free( e_flags, op->o_tmpmemctx );
+ e_flags = NULL;
+ }
+
+ rc = ber_printf( ber, /*{{*/ "}N}" );
+
+ if( rc != -1 ) {
+ rc = send_ldap_controls( op, ber, rs->sr_ctrls );
+ }
+
+ if( rc != -1 ) {
+#ifdef LDAP_CONNECTIONLESS
+ if( op->o_conn && op->o_conn->c_is_udp ) {
+ if ( op->o_protocol != LDAP_VERSION2 ) {
+ rc = ber_printf( ber, /*{*/ "N}" );
+ }
+ } else
+#endif
+ if ( op->o_res_ber == NULL ) {
+ rc = ber_printf( ber, /*{*/ "N}" );
+ }
+ }
+
+ if ( rc == -1 ) {
+ Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
+
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
+ send_ldap_error( op, rs, LDAP_OTHER, "encode entry end error" );
+ rc = rs->sr_err;
+ goto error_return;
+ }
+
+ if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
+ be_entry_release_rw( op, rs->sr_entry, 0 );
+ rs->sr_flags ^= REP_ENTRY_MUSTRELEASE;
+ rs->sr_entry = NULL;
+ }
+
+ if ( op->o_res_ber == NULL ) {
+ bytes = send_ldap_ber( op->o_conn, ber );
+ ber_free_buf( ber );
+
+ if ( bytes < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_search_entry: conn %lu ber write failed.\n",
+ op->o_connid, 0, 0 );
+
+ rc = LDAP_UNAVAILABLE;
+ goto error_return;
+ }
+ rs->sr_nentries++;
+
+ ldap_pvt_thread_mutex_lock( &slap_counters.sc_sent_mutex );
+ ldap_pvt_mp_add_ulong( slap_counters.sc_bytes, (unsigned long)bytes );
+ ldap_pvt_mp_add_ulong( slap_counters.sc_entries, 1 );
+ ldap_pvt_mp_add_ulong( slap_counters.sc_pdu, 1 );
+ ldap_pvt_thread_mutex_unlock( &slap_counters.sc_sent_mutex );
+ }
+
+ Statslog( LDAP_DEBUG_STATS2, "%s ENTRY dn=\"%s\"\n",
+ op->o_log_prefix, edn, 0, 0, 0 );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "<= send_search_entry: conn %lu exit.\n", op->o_connid, 0, 0 );
+
+ rc = LDAP_SUCCESS;
+
+error_return:;
+ if ( op->o_callback ) {
+ slap_callback *sc = op->o_callback, **sc_prev = &sc, *sc_next;
+
+ for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
+ sc_next = op->o_callback->sc_next;
+ if ( op->o_callback->sc_cleanup ) {
+ slap_callback *sc2 = op->o_callback;
+ (void)op->o_callback->sc_cleanup( op, rs );
+ if ( op->o_callback != sc2 ) {
+ *sc_prev = op->o_callback;
+ }
+ if ( !op->o_callback ) break;
+ if ( op->o_callback != sc2 ) continue;
+ }
+ sc_prev = &op->o_callback->sc_next;
+ }
+ op->o_callback = sc;
+ }
+
+ if ( e_flags ) {
+ slap_sl_free( e_flags, op->o_tmpmemctx );
+ }
+
+ if ( rs->sr_operational_attrs ) {
+ attrs_free( rs->sr_operational_attrs );
+ rs->sr_operational_attrs = NULL;
+ }
+ rs->sr_attr_flags = SLAP_ATTRS_UNDEFINED;
+
+ /* FIXME: I think rs->sr_type should be explicitly set to
+ * REP_SEARCH here. That's what it was when we entered this
+ * function. send_ldap_error may have changed it, but we
+ * should set it back so that the cleanup functions know
+ * what they're doing.
+ */
+ if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_SEARCH
+ && rs->sr_entry
+ && ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) )
+ {
+ entry_free( rs->sr_entry );
+ rs->sr_entry = NULL;
+ rs->sr_flags &= ~REP_ENTRY_MUSTBEFREED;
+ }
+
+ return( rc );
+}
+
+int
+slap_send_search_reference( Operation *op, SlapReply *rs )
+{
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *) &berbuf;
+ int rc = 0;
+ int bytes;
+
+ AttributeDescription *ad_ref = slap_schema.si_ad_ref;
+ AttributeDescription *ad_entry = slap_schema.si_ad_entry;
+
+ rs->sr_type = REP_SEARCHREF;
+ if ( op->o_callback ) {
+ slap_callback *sc = op->o_callback, **sc_prev = &sc, *sc_next;
+
+ rc = SLAP_CB_CONTINUE;
+ for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
+ sc_next = op->o_callback->sc_next;
+ if ( op->o_callback->sc_response ) {
+ slap_callback *sc2 = op->o_callback;
+ rc = op->o_callback->sc_response( op, rs );
+ if ( op->o_callback != sc2 ) {
+ *sc_prev = op->o_callback;
+ }
+ if ( rc != SLAP_CB_CONTINUE || !op->o_callback ) break;
+ if ( op->o_callback != sc2 ) continue;
+ }
+ sc_prev = &op->o_callback->sc_next;
+ }
+
+ op->o_callback = sc;
+ if ( rc != SLAP_CB_CONTINUE ) goto rel;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "=> send_search_reference: dn=\"%s\"\n",
+ rs->sr_entry ? rs->sr_entry->e_name.bv_val : "(null)", 0, 0 );
+
+ if ( rs->sr_entry && ! access_allowed( op, rs->sr_entry,
+ ad_entry, NULL, ACL_READ, NULL ) )
+ {
+ Debug( LDAP_DEBUG_ACL,
+ "send_search_reference: access to entry not allowed\n",
+ 0, 0, 0 );
+ rc = 1;
+ goto rel;
+ }
+
+ if ( rs->sr_entry && ! access_allowed( op, rs->sr_entry,
+ ad_ref, NULL, ACL_READ, NULL ) )
+ {
+ Debug( LDAP_DEBUG_ACL,
+ "send_search_reference: access "
+ "to reference not allowed\n",
+ 0, 0, 0 );
+ rc = 1;
+ goto rel;
+ }
+
+ if( op->o_domain_scope ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_search_reference: domainScope control in (%s)\n",
+ rs->sr_entry->e_dn, 0, 0 );
+ rc = 0;
+ goto rel;
+ }
+
+ if( rs->sr_ref == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_search_reference: null ref in (%s)\n",
+ rs->sr_entry ? rs->sr_entry->e_dn : "(null)", 0, 0 );
+ rc = 1;
+ goto rel;
+ }
+
+ if( op->o_protocol < LDAP_VERSION3 ) {
+ rc = 0;
+ /* save the references for the result */
+ if( rs->sr_ref[0].bv_val != NULL ) {
+ if( value_add( &rs->sr_v2ref, rs->sr_ref ) )
+ rc = LDAP_OTHER;
+ }
+ goto rel;
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ if( op->o_conn && op->o_conn->c_is_udp ) {
+ ber = op->o_res_ber;
+ } else
+#endif
+ {
+ ber_init_w_nullc( ber, LBER_USE_DER );
+ ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+ }
+
+ rc = ber_printf( ber, "{it{W}" /*"}"*/ , op->o_msgid,
+ LDAP_RES_SEARCH_REFERENCE, rs->sr_ref );
+
+ if( rc != -1 ) {
+ rc = send_ldap_controls( op, ber, rs->sr_ctrls );
+ }
+
+ if( rc != -1 ) {
+ rc = ber_printf( ber, /*"{"*/ "N}" );
+ }
+
+ if ( rc == -1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "send_search_reference: ber_printf failed\n", 0, 0, 0 );
+
+#ifdef LDAP_CONNECTIONLESS
+ if (!op->o_conn || op->o_conn->c_is_udp == 0)
+#endif
+ ber_free_buf( ber );
+ send_ldap_error( op, rs, LDAP_OTHER, "encode DN error" );
+ goto rel;
+ }
+
+ rc = 0;
+ if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
+ be_entry_release_rw( op, rs->sr_entry, 0 );
+ rs->sr_flags ^= REP_ENTRY_MUSTRELEASE;
+ rs->sr_entry = NULL;
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ if (!op->o_conn || op->o_conn->c_is_udp == 0) {
+#endif
+ bytes = send_ldap_ber( op->o_conn, ber );
+ ber_free_buf( ber );
+
+ if ( bytes < 0 ) {
+ rc = LDAP_UNAVAILABLE;
+ } else {
+ ldap_pvt_thread_mutex_lock( &slap_counters.sc_sent_mutex );
+ ldap_pvt_mp_add_ulong( slap_counters.sc_bytes, (unsigned long)bytes );
+ ldap_pvt_mp_add_ulong( slap_counters.sc_refs, 1 );
+ ldap_pvt_mp_add_ulong( slap_counters.sc_pdu, 1 );
+ ldap_pvt_thread_mutex_unlock( &slap_counters.sc_sent_mutex );
+ }
+#ifdef LDAP_CONNECTIONLESS
+ }
+#endif
+ if ( rs->sr_ref != NULL ) {
+ int r;
+
+ for ( r = 0; !BER_BVISNULL( &rs->sr_ref[ r ] ); r++ ) {
+ Statslog( LDAP_DEBUG_STATS2, "%s REF #%d \"%s\"\n",
+ op->o_log_prefix, r, rs->sr_ref[0].bv_val,
+ 0, 0 );
+ }
+
+ } else {
+ Statslog( LDAP_DEBUG_STATS2, "%s REF \"(null)\"\n",
+ op->o_log_prefix, 0, 0, 0, 0 );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
+
+rel:
+ if ( op->o_callback ) {
+ slap_callback *sc = op->o_callback, **sc_prev = &sc, *sc_next;
+
+ for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
+ sc_next = op->o_callback->sc_next;
+ if ( op->o_callback->sc_cleanup ) {
+ slap_callback *sc2 = op->o_callback;
+ (void)op->o_callback->sc_cleanup( op, rs );
+ if ( op->o_callback != sc2 ) {
+ *sc_prev = op->o_callback;
+ }
+ if ( rc != SLAP_CB_CONTINUE || !op->o_callback ) break;
+ if ( op->o_callback != sc2 ) continue;
+ }
+ sc_prev = &op->o_callback->sc_next;
+ }
+ op->o_callback = sc;
+ }
+
+ return rc;
+}
+
+int
+str2result(
+ char *s,
+ int *code,
+ char **matched,
+ char **info )
+{
+ int rc;
+ char *c;
+
+ *code = LDAP_SUCCESS;
+ *matched = NULL;
+ *info = NULL;
+
+ if ( strncasecmp( s, "RESULT", STRLENOF( "RESULT" ) ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
+ s, 0, 0 );
+
+ return( -1 );
+ }
+
+ rc = 0;
+ while ( (s = strchr( s, '\n' )) != NULL ) {
+ *s++ = '\0';
+ if ( *s == '\0' ) {
+ break;
+ }
+ if ( (c = strchr( s, ':' )) != NULL ) {
+ c++;
+ }
+
+ if ( strncasecmp( s, "code", STRLENOF( "code" ) ) == 0 ) {
+ char *next = NULL;
+ long retcode;
+
+ if ( c == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "str2result (%s) missing value\n",
+ s, 0, 0 );
+ rc = -1;
+ continue;
+ }
+
+ while ( isspace( (unsigned char) c[ 0 ] ) ) c++;
+ if ( c[ 0 ] == '\0' ) {
+ Debug( LDAP_DEBUG_ANY, "str2result (%s) missing or empty value\n",
+ s, 0, 0 );
+ rc = -1;
+ continue;
+ }
+
+ retcode = strtol( c, &next, 10 );
+ if ( next == NULL || next == c ) {
+ Debug( LDAP_DEBUG_ANY, "str2result (%s) unable to parse value\n",
+ s, 0, 0 );
+ rc = -1;
+ continue;
+ }
+
+ while ( isspace( (unsigned char) next[ 0 ] ) ) next++;
+ if ( next[ 0 ] != '\0' ) {
+ Debug( LDAP_DEBUG_ANY, "str2result (%s) extra cruft after value\n",
+ s, 0, 0 );
+ rc = -1;
+ continue;
+ }
+
+ /* FIXME: what if it's larger that max int? */
+ *code = (int)retcode;
+
+ } else if ( strncasecmp( s, "matched", STRLENOF( "matched" ) ) == 0 ) {
+ if ( c != NULL ) {
+ *matched = c;
+ }
+ } else if ( strncasecmp( s, "info", STRLENOF( "info" ) ) == 0 ) {
+ if ( c != NULL ) {
+ *info = c;
+ }
+ } else {
+ Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
+ s, 0, 0 );
+
+ rc = -1;
+ }
+ }
+
+ return( rc );
+}
+
+int slap_read_controls(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e,
+ const struct berval *oid,
+ LDAPControl **ctrl )
+{
+ int rc;
+ struct berval bv;
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *) &berbuf;
+ LDAPControl c;
+ Operation myop;
+
+ Debug( LDAP_DEBUG_ANY, "slap_read_controls: (%s) %s\n",
+ oid->bv_val, e->e_dn, 0 );
+
+ rs->sr_entry = e;
+ rs->sr_attrs = ( oid == &slap_pre_read_bv ) ?
+ op->o_preread_attrs : op->o_postread_attrs;
+
+ bv.bv_len = entry_flatsize( rs->sr_entry, 0 );
+ bv.bv_val = op->o_tmpalloc(bv.bv_len, op->o_tmpmemctx );
+
+ ber_init2( ber, &bv, LBER_USE_DER );
+ ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+
+ /* create new operation */
+ myop = *op;
+ myop.o_bd = NULL;
+ myop.o_res_ber = ber;
+ myop.o_callback = NULL;
+ myop.ors_slimit = 1;
+
+ rc = slap_send_search_entry( &myop, rs );
+ if( rc ) return rc;
+
+ rc = ber_flatten2( ber, &c.ldctl_value, 0 );
+
+ if( rc == LBER_ERROR ) return LDAP_OTHER;
+
+ c.ldctl_oid = oid->bv_val;
+ c.ldctl_iscritical = 0;
+
+ if ( *ctrl == NULL ) {
+ /* first try */
+ *ctrl = (LDAPControl *) slap_sl_calloc( 1, sizeof(LDAPControl), NULL );
+ } else {
+ /* retry: free previous try */
+ slap_sl_free( (*ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+ }
+
+ **ctrl = c;
+ return LDAP_SUCCESS;
+}
+
+/* Map API errors to protocol errors... */
+int
+slap_map_api2result( SlapReply *rs )
+{
+ switch(rs->sr_err) {
+ case LDAP_SERVER_DOWN:
+ return LDAP_UNAVAILABLE;
+ case LDAP_LOCAL_ERROR:
+ return LDAP_OTHER;
+ case LDAP_ENCODING_ERROR:
+ case LDAP_DECODING_ERROR:
+ return LDAP_PROTOCOL_ERROR;
+ case LDAP_TIMEOUT:
+ return LDAP_UNAVAILABLE;
+ case LDAP_AUTH_UNKNOWN:
+ return LDAP_AUTH_METHOD_NOT_SUPPORTED;
+ case LDAP_FILTER_ERROR:
+ rs->sr_text = "Filter error";
+ return LDAP_OTHER;
+ case LDAP_USER_CANCELLED:
+ rs->sr_text = "User cancelled";
+ return LDAP_OTHER;
+ case LDAP_PARAM_ERROR:
+ return LDAP_PROTOCOL_ERROR;
+ case LDAP_NO_MEMORY:
+ return LDAP_OTHER;
+ case LDAP_CONNECT_ERROR:
+ return LDAP_UNAVAILABLE;
+ case LDAP_NOT_SUPPORTED:
+ return LDAP_UNWILLING_TO_PERFORM;
+ case LDAP_CONTROL_NOT_FOUND:
+ return LDAP_PROTOCOL_ERROR;
+ case LDAP_NO_RESULTS_RETURNED:
+ return LDAP_NO_SUCH_OBJECT;
+ case LDAP_MORE_RESULTS_TO_RETURN:
+ rs->sr_text = "More results to return";
+ return LDAP_OTHER;
+ case LDAP_CLIENT_LOOP:
+ case LDAP_REFERRAL_LIMIT_EXCEEDED:
+ return LDAP_LOOP_DETECT;
+ default:
+ if ( LDAP_API_ERROR(rs->sr_err) ) return LDAP_OTHER;
+ return rs->sr_err;
+ }
+}
+
+
+slap_mask_t
+slap_attr_flags( AttributeName *an )
+{
+ slap_mask_t flags = SLAP_ATTRS_UNDEFINED;
+
+ if ( an == NULL ) {
+ flags |= ( SLAP_OPATTRS_NO | SLAP_USERATTRS_YES );
+
+ } else {
+ flags |= an_find( an, &AllOper )
+ ? SLAP_OPATTRS_YES : SLAP_OPATTRS_NO;
+ flags |= an_find( an, &AllUser )
+ ? SLAP_USERATTRS_YES : SLAP_USERATTRS_NO;
+ }
+
+ return flags;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/root_dse.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/root_dse.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/root_dse.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,386 @@
+/* root_dse.c - Provides the Root DSA-Specific Entry */
+/* $OpenLDAP: pkg/ldap/servers/slapd/root_dse.c,v 1.95.2.11 2007/01/02 21:43:57 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+
+#include "slap.h"
+#include <ldif.h>
+#include "lber_pvt.h"
+
+#ifdef LDAP_SLAPI
+#include "slapi/slapi.h"
+#endif
+
+static struct berval supportedFeatures[] = {
+ BER_BVC(LDAP_FEATURE_MODIFY_INCREMENT), /* Modify/increment */
+ BER_BVC(LDAP_FEATURE_ALL_OP_ATTRS), /* All Op Attrs (+) */
+ BER_BVC(LDAP_FEATURE_OBJECTCLASS_ATTRS), /* OCs in Attrs List (@class) */
+ BER_BVC(LDAP_FEATURE_ABSOLUTE_FILTERS), /* (&) and (|) search filters */
+ BER_BVC(LDAP_FEATURE_LANGUAGE_TAG_OPTIONS), /* Language Tag Options */
+ BER_BVC(LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS),/* Language Range Options */
+#ifdef LDAP_FEATURE_SUBORDINATE_SCOPE
+ BER_BVC(LDAP_FEATURE_SUBORDINATE_SCOPE), /* "children" search scope */
+#endif
+ {0,NULL}
+};
+
+static Entry *usr_attr = NULL;
+
+int
+root_dse_info(
+ Connection *conn,
+ Entry **entry,
+ const char **text )
+{
+ Entry *e;
+ struct berval val;
+#ifdef LDAP_SLAPI
+ struct berval *bv;
+#endif
+ int i, j;
+ char ** supportedSASLMechanisms;
+ BackendDB *be;
+
+ AttributeDescription *ad_structuralObjectClass
+ = slap_schema.si_ad_structuralObjectClass;
+ AttributeDescription *ad_objectClass
+ = slap_schema.si_ad_objectClass;
+ AttributeDescription *ad_namingContexts
+ = slap_schema.si_ad_namingContexts;
+#ifdef LDAP_SLAPI
+ AttributeDescription *ad_supportedExtension
+ = slap_schema.si_ad_supportedExtension;
+#endif
+ AttributeDescription *ad_supportedLDAPVersion
+ = slap_schema.si_ad_supportedLDAPVersion;
+ AttributeDescription *ad_supportedSASLMechanisms
+ = slap_schema.si_ad_supportedSASLMechanisms;
+ AttributeDescription *ad_supportedFeatures
+ = slap_schema.si_ad_supportedFeatures;
+ AttributeDescription *ad_monitorContext
+ = slap_schema.si_ad_monitorContext;
+ AttributeDescription *ad_configContext
+ = slap_schema.si_ad_configContext;
+ AttributeDescription *ad_ref
+ = slap_schema.si_ad_ref;
+
+ e = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) );
+
+ if( e == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "root_dse_info: SLAP_CALLOC failed", 0, 0, 0 );
+ return LDAP_OTHER;
+ }
+
+ e->e_attrs = NULL;
+ e->e_name.bv_val = ch_strdup( LDAP_ROOT_DSE );
+ e->e_name.bv_len = sizeof( LDAP_ROOT_DSE )-1;
+ e->e_nname.bv_val = ch_strdup( LDAP_ROOT_DSE );
+ e->e_nname.bv_len = sizeof( LDAP_ROOT_DSE )-1;
+
+ /* the DN is an empty string so no pretty/normalization is needed */
+ assert( !e->e_name.bv_len );
+ assert( !e->e_nname.bv_len );
+
+ e->e_private = NULL;
+
+ BER_BVSTR( &val, "top" );
+ if( attr_merge_one( e, ad_objectClass, &val, NULL ) ) {
+ return LDAP_OTHER;
+ }
+
+ BER_BVSTR( &val, "OpenLDAProotDSE" );
+ if( attr_merge_one( e, ad_objectClass, &val, NULL ) ) {
+ return LDAP_OTHER;
+ }
+ if( attr_merge_one( e, ad_structuralObjectClass, &val, NULL ) ) {
+ return LDAP_OTHER;
+ }
+
+ LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
+ if ( be->be_suffix == NULL
+ || be->be_nsuffix == NULL ) {
+ /* no suffix! */
+ continue;
+ }
+ if ( SLAP_MONITOR( be )) {
+ if( attr_merge_one( e, ad_monitorContext,
+ &be->be_suffix[0],
+ &be->be_nsuffix[0] ) )
+ {
+ return LDAP_OTHER;
+ }
+ continue;
+ }
+ if ( SLAP_CONFIG( be )) {
+ if( attr_merge_one( e, ad_configContext,
+ &be->be_suffix[0],
+ & be->be_nsuffix[0] ) )
+ {
+ return LDAP_OTHER;
+ }
+ continue;
+ }
+ if ( SLAP_GLUE_SUBORDINATE( be ) && !SLAP_GLUE_ADVERTISE( be ) ) {
+ continue;
+ }
+ for ( j = 0; be->be_suffix[j].bv_val != NULL; j++ ) {
+ if( attr_merge_one( e, ad_namingContexts,
+ &be->be_suffix[j],
+ &be->be_nsuffix[0] ) )
+ {
+ return LDAP_OTHER;
+ }
+ }
+ }
+
+ /* altServer unsupported */
+
+ /* supportedControl */
+ if ( controls_root_dse_info( e ) != 0 ) {
+ return LDAP_OTHER;
+ }
+
+ /* supportedExtension */
+ if ( exop_root_dse_info( e ) != 0 ) {
+ return LDAP_OTHER;
+ }
+
+#ifdef LDAP_SLAPI
+ /* netscape supportedExtension */
+ for ( i = 0; (bv = slapi_int_get_supported_extop(i)) != NULL; i++ ) {
+ if( attr_merge_one( e, ad_supportedExtension, bv, NULL ) ) {
+ return LDAP_OTHER;
+ }
+ }
+#endif /* LDAP_SLAPI */
+
+ /* supportedFeatures */
+ if( attr_merge( e, ad_supportedFeatures, supportedFeatures, NULL ) ) {
+ return LDAP_OTHER;
+ }
+
+ /* supportedLDAPVersion */
+ /* don't publish version 2 as we don't really support it
+ * (even when configured to accept version 2 Bind requests)
+ * and the value would never be used by true LDAPv2 (or LDAPv3)
+ * clients.
+ */
+ for ( i=LDAP_VERSION3; i<=LDAP_VERSION_MAX; i++ ) {
+ char buf[BUFSIZ];
+ snprintf(buf, sizeof buf, "%d", i);
+ val.bv_val = buf;
+ val.bv_len = strlen( val.bv_val );
+ if( attr_merge_one( e, ad_supportedLDAPVersion, &val, NULL ) ) {
+ return LDAP_OTHER;
+ }
+ }
+
+ /* supportedSASLMechanism */
+ supportedSASLMechanisms = slap_sasl_mechs( conn );
+
+ if( supportedSASLMechanisms != NULL ) {
+ for ( i=0; supportedSASLMechanisms[i] != NULL; i++ ) {
+ val.bv_val = supportedSASLMechanisms[i];
+ val.bv_len = strlen( val.bv_val );
+ if( attr_merge_one( e, ad_supportedSASLMechanisms, &val, NULL ) ) {
+ return LDAP_OTHER;
+ }
+ }
+ ldap_charray_free( supportedSASLMechanisms );
+ }
+
+ if ( default_referral != NULL ) {
+ if( attr_merge( e, ad_ref, default_referral, NULL /* FIXME */ ) ) {
+ return LDAP_OTHER;
+ }
+ }
+
+ if( usr_attr != NULL) {
+ Attribute *a;
+ for( a = usr_attr->e_attrs; a != NULL; a = a->a_next ) {
+ if( attr_merge( e, a->a_desc, a->a_vals,
+ (a->a_nvals == a->a_vals) ? NULL : a->a_nvals ) )
+ {
+ return LDAP_OTHER;
+ }
+ }
+ }
+
+ *entry = e;
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Read the entries specified in fname and merge the attributes
+ * to the user defined rootDSE. Note thaat if we find any errors
+ * what so ever, we will discard the entire entries, print an
+ * error message and return.
+ */
+int read_root_dse_file( const char *fname )
+{
+ struct LDIFFP *fp;
+ int rc = 0, lineno = 0, lmax = 0;
+ char *buf = NULL;
+
+ if ( (fp = ldif_open( fname, "r" )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "could not open rootdse attr file \"%s\" - absolute path?\n",
+ fname, 0, 0 );
+ perror( fname );
+ return EXIT_FAILURE;
+ }
+
+ usr_attr = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) );
+ if( usr_attr == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "read_root_dse_file: SLAP_CALLOC failed", 0, 0, 0 );
+ ldif_close( fp );
+ return LDAP_OTHER;
+ }
+ usr_attr->e_attrs = NULL;
+
+ while( ldif_read_record( fp, &lineno, &buf, &lmax ) ) {
+ Entry *e = str2entry( buf );
+ Attribute *a;
+
+ if( e == NULL ) {
+ fprintf( stderr, "root_dse: could not parse entry (line=%d)\n",
+ lineno );
+ rc = EXIT_FAILURE;
+ break;
+ }
+
+ /* make sure the DN is the empty DN */
+ if( e->e_nname.bv_len ) {
+ fprintf( stderr,
+ "root_dse: invalid rootDSE - dn=\"%s\" (line=%d)\n",
+ e->e_dn, lineno );
+ entry_free( e );
+ rc = EXIT_FAILURE;
+ break;
+ }
+
+ /*
+ * we found a valid entry, so walk thru all the attributes in the
+ * entry, and add each attribute type and description to the
+ * usr_attr entry
+ */
+
+ for(a = e->e_attrs; a != NULL; a = a->a_next) {
+ if( attr_merge( usr_attr, a->a_desc, a->a_vals,
+ (a->a_nvals == a->a_vals) ? NULL : a->a_nvals ) )
+ {
+ rc = LDAP_OTHER;
+ break;
+ }
+ }
+
+ entry_free( e );
+ if (rc) break;
+ }
+
+ if (rc) {
+ entry_free( usr_attr );
+ usr_attr = NULL;
+ }
+
+ ch_free( buf );
+
+ ldif_close( fp );
+
+ Debug(LDAP_DEBUG_CONFIG, "rootDSE file %s read.\n", fname, 0, 0);
+ return rc;
+}
+
+int
+slap_discover_feature(
+ const char *uri,
+ int version,
+ const char *attr,
+ const char *val )
+{
+ LDAP *ld;
+ LDAPMessage *res = NULL, *entry;
+ int rc, i;
+ struct berval cred = BER_BVC( "" ),
+ bv_val,
+ **values = NULL;
+ char *attrs[ 2 ] = { NULL, NULL };
+
+ ber_str2bv( val, 0, 0, &bv_val );
+ attrs[ 0 ] = (char *) attr;
+
+ rc = ldap_initialize( &ld, uri );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ rc = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
+ if ( rc != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ rc = ldap_sasl_bind_s( ld, "", LDAP_SASL_SIMPLE,
+ &cred, NULL, NULL, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ rc = ldap_search_ext_s( ld, "", LDAP_SCOPE_BASE, "(objectClass=*)",
+ attrs, 0, NULL, NULL, NULL, 0, &res );
+ if ( rc != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ entry = ldap_first_entry( ld, res );
+ if ( entry == NULL ) {
+ goto done;
+ }
+
+ values = ldap_get_values_len( ld, entry, attrs[ 0 ] );
+ if ( values == NULL ) {
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ goto done;
+ }
+
+ for ( i = 0; values[ i ] != NULL; i++ ) {
+ if ( bvmatch( &bv_val, values[ i ] ) ) {
+ rc = LDAP_COMPARE_TRUE;
+ goto done;
+ }
+ }
+
+ rc = LDAP_COMPARE_FALSE;
+
+done:;
+ if ( values != NULL ) {
+ ldap_value_free_len( values );
+ }
+
+ if ( res != NULL ) {
+ ldap_msgfree( res );
+ }
+
+ ldap_unbind_ext( ld, NULL, NULL );
+
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/sasl.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/sasl.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/sasl.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1782 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/sasl.c,v 1.212.2.17 2007/01/25 12:42:38 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+
+#include <lber.h>
+#include <ldap_log.h>
+
+#include "slap.h"
+
+#ifdef HAVE_CYRUS_SASL
+# ifdef HAVE_SASL_SASL_H
+# include <sasl/sasl.h>
+# else
+# include <sasl.h>
+# endif
+
+# if SASL_VERSION_MAJOR >= 2
+# ifdef HAVE_SASL_SASL_H
+# include <sasl/saslplug.h>
+# else
+# include <saslplug.h>
+# endif
+# define SASL_CONST const
+# else
+# define SASL_CONST
+# endif
+
+#define SASL_VERSION_FULL ((SASL_VERSION_MAJOR << 16) |\
+ (SASL_VERSION_MINOR << 8) | SASL_VERSION_STEP)
+
+static sasl_security_properties_t sasl_secprops;
+#elif defined( SLAP_BUILTIN_SASL )
+/*
+ * built-in SASL implementation
+ * only supports EXTERNAL
+ */
+typedef struct sasl_ctx {
+ slap_ssf_t sc_external_ssf;
+ struct berval sc_external_id;
+} SASL_CTX;
+
+#endif
+
+#include <lutil.h>
+
+static struct berval ext_bv = BER_BVC( "EXTERNAL" );
+
+#ifdef HAVE_CYRUS_SASL
+
+int
+slap_sasl_log(
+ void *context,
+ int priority,
+ const char *message)
+{
+ Connection *conn = context;
+ int level;
+ const char * label;
+
+ if ( message == NULL ) {
+ return SASL_BADPARAM;
+ }
+
+ switch (priority) {
+#if SASL_VERSION_MAJOR >= 2
+ case SASL_LOG_NONE:
+ level = LDAP_DEBUG_NONE;
+ label = "None";
+ break;
+ case SASL_LOG_ERR:
+ level = LDAP_DEBUG_ANY;
+ label = "Error";
+ break;
+ case SASL_LOG_FAIL:
+ level = LDAP_DEBUG_ANY;
+ label = "Failure";
+ break;
+ case SASL_LOG_WARN:
+ level = LDAP_DEBUG_TRACE;
+ label = "Warning";
+ break;
+ case SASL_LOG_NOTE:
+ level = LDAP_DEBUG_TRACE;
+ label = "Notice";
+ break;
+ case SASL_LOG_DEBUG:
+ level = LDAP_DEBUG_TRACE;
+ label = "Debug";
+ break;
+ case SASL_LOG_TRACE:
+ level = LDAP_DEBUG_TRACE;
+ label = "Trace";
+ break;
+ case SASL_LOG_PASS:
+ level = LDAP_DEBUG_TRACE;
+ label = "Password Trace";
+ break;
+#else
+ case SASL_LOG_ERR:
+ level = LDAP_DEBUG_ANY;
+ label = "Error";
+ break;
+ case SASL_LOG_WARNING:
+ level = LDAP_DEBUG_TRACE;
+ label = "Warning";
+ break;
+ case SASL_LOG_INFO:
+ level = LDAP_DEBUG_TRACE;
+ label = "Info";
+ break;
+#endif
+ default:
+ return SASL_BADPARAM;
+ }
+
+ Debug( level, "SASL [conn=%ld] %s: %s\n",
+ conn ? conn->c_connid: -1,
+ label, message );
+
+
+ return SASL_OK;
+}
+
+
+#if SASL_VERSION_MAJOR >= 2
+static const char *slap_propnames[] = {
+ "*slapConn", "*slapAuthcDN", "*slapAuthzDN", NULL };
+
+static Filter generic_filter = { LDAP_FILTER_PRESENT, { 0 }, NULL };
+static struct berval generic_filterstr = BER_BVC("(objectclass=*)");
+
+#define SLAP_SASL_PROP_CONN 0
+#define SLAP_SASL_PROP_AUTHC 1
+#define SLAP_SASL_PROP_AUTHZ 2
+#define SLAP_SASL_PROP_COUNT 3 /* Number of properties we used */
+
+typedef struct lookup_info {
+ int flags;
+ const struct propval *list;
+ sasl_server_params_t *sparams;
+} lookup_info;
+
+static slap_response sasl_ap_lookup;
+
+static struct berval sc_cleartext = BER_BVC("{CLEARTEXT}");
+
+static int
+sasl_ap_lookup( Operation *op, SlapReply *rs )
+{
+ BerVarray bv;
+ AttributeDescription *ad;
+ Attribute *a;
+ const char *text;
+ int rc, i;
+ slap_callback *tmp = op->o_callback;
+ lookup_info *sl = tmp->sc_private;
+
+ if (rs->sr_type != REP_SEARCH) return 0;
+
+ for( i = 0; sl->list[i].name; i++ ) {
+ const char *name = sl->list[i].name;
+
+ if ( name[0] == '*' ) {
+ if ( sl->flags & SASL_AUXPROP_AUTHZID ) continue;
+ /* Skip our private properties */
+ if ( !strcmp( name, slap_propnames[0] )) {
+ i += SLAP_SASL_PROP_COUNT - 1;
+ continue;
+ }
+ name++;
+ } else if ( !(sl->flags & SASL_AUXPROP_AUTHZID ) )
+ continue;
+
+ if ( sl->list[i].values ) {
+ if ( !(sl->flags & SASL_AUXPROP_OVERRIDE) ) continue;
+ }
+ ad = NULL;
+ rc = slap_str2ad( name, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_ap_lookup: str2ad(%s): %s\n", name, text, 0 );
+ continue;
+ }
+
+ /* If it's the rootdn and a rootpw was present, we already set
+ * it so don't override it here.
+ */
+ if ( ad == slap_schema.si_ad_userPassword && sl->list[i].values &&
+ be_isroot_dn( op->o_bd, &op->o_req_ndn ))
+ continue;
+
+ a = attr_find( rs->sr_entry->e_attrs, ad );
+ if ( !a ) continue;
+ if ( ! access_allowed( op, rs->sr_entry, ad, NULL, ACL_AUTH, NULL ) ) {
+ continue;
+ }
+ if ( sl->list[i].values && ( sl->flags & SASL_AUXPROP_OVERRIDE ) ) {
+ sl->sparams->utils->prop_erase( sl->sparams->propctx,
+ sl->list[i].name );
+ }
+ for ( bv = a->a_vals; bv->bv_val; bv++ ) {
+ /* ITS#3846 don't give hashed passwords to SASL */
+ if ( ad == slap_schema.si_ad_userPassword &&
+ bv->bv_val[0] == '{' ) {
+ rc = lutil_passwd_scheme( bv->bv_val );
+ if ( rc ) {
+ /* If it's not a recognized scheme, just assume it's
+ * a cleartext password that happened to include brackets.
+ *
+ * If it's a recognized scheme, skip this value, unless the
+ * scheme is {CLEARTEXT}. In that case, skip over the
+ * scheme name and use the remainder. If there is nothing
+ * past the scheme name, skip this value.
+ */
+#ifdef SLAPD_CLEARTEXT
+ if ( !strncasecmp( bv->bv_val, sc_cleartext.bv_val,
+ sc_cleartext.bv_len )) {
+ struct berval cbv;
+ cbv.bv_len = bv->bv_len - sc_cleartext.bv_len;
+ if ( cbv.bv_len ) {
+ cbv.bv_val = bv->bv_val + sc_cleartext.bv_len;
+ sl->sparams->utils->prop_set( sl->sparams->propctx,
+ sl->list[i].name, cbv.bv_val, cbv.bv_len );
+ }
+ }
+#endif
+ continue;
+ }
+ }
+ sl->sparams->utils->prop_set( sl->sparams->propctx,
+ sl->list[i].name, bv->bv_val, bv->bv_len );
+ }
+ }
+ return LDAP_SUCCESS;
+}
+
+static void
+slap_auxprop_lookup(
+ void *glob_context,
+ sasl_server_params_t *sparams,
+ unsigned flags,
+ const char *user,
+ unsigned ulen)
+{
+ Operation op = {0};
+ int i, doit = 0;
+ Connection *conn = NULL;
+ lookup_info sl;
+
+ sl.list = sparams->utils->prop_get( sparams->propctx );
+ sl.sparams = sparams;
+ sl.flags = flags;
+
+ /* Find our DN and conn first */
+ for( i = 0; sl.list[i].name; i++ ) {
+ if ( sl.list[i].name[0] == '*' ) {
+ if ( !strcmp( sl.list[i].name, slap_propnames[SLAP_SASL_PROP_CONN] ) ) {
+ if ( sl.list[i].values && sl.list[i].values[0] )
+ AC_MEMCPY( &conn, sl.list[i].values[0], sizeof( conn ) );
+ continue;
+ }
+ if ( (flags & SASL_AUXPROP_AUTHZID) &&
+ !strcmp( sl.list[i].name, slap_propnames[SLAP_SASL_PROP_AUTHZ] ) ) {
+
+ if ( sl.list[i].values && sl.list[i].values[0] )
+ AC_MEMCPY( &op.o_req_ndn, sl.list[i].values[0], sizeof( struct berval ) );
+ break;
+ }
+ if ( !strcmp( sl.list[i].name, slap_propnames[SLAP_SASL_PROP_AUTHC] ) ) {
+ if ( sl.list[i].values && sl.list[i].values[0] ) {
+ AC_MEMCPY( &op.o_req_ndn, sl.list[i].values[0], sizeof( struct berval ) );
+ if ( !(flags & SASL_AUXPROP_AUTHZID) )
+ break;
+ }
+ }
+ }
+ }
+
+ /* Now see what else needs to be fetched */
+ for( i = 0; sl.list[i].name; i++ ) {
+ const char *name = sl.list[i].name;
+
+ if ( name[0] == '*' ) {
+ if ( flags & SASL_AUXPROP_AUTHZID ) continue;
+ /* Skip our private properties */
+ if ( !strcmp( name, slap_propnames[0] )) {
+ i += SLAP_SASL_PROP_COUNT - 1;
+ continue;
+ }
+ name++;
+ } else if ( !(flags & SASL_AUXPROP_AUTHZID ) )
+ continue;
+
+ if ( sl.list[i].values ) {
+ if ( !(flags & SASL_AUXPROP_OVERRIDE) ) continue;
+ }
+ doit = 1;
+ break;
+ }
+
+ if (doit) {
+ slap_callback cb = { NULL, sasl_ap_lookup, NULL, NULL };
+
+ cb.sc_private = &sl;
+
+ op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
+
+ if ( op.o_bd ) {
+ /* For rootdn, see if we can use the rootpw */
+ if ( be_isroot_dn( op.o_bd, &op.o_req_ndn ) &&
+ !BER_BVISEMPTY( &op.o_bd->be_rootpw )) {
+ struct berval cbv = BER_BVNULL;
+
+ /* If there's a recognized scheme, see if it's CLEARTEXT */
+ if ( lutil_passwd_scheme( op.o_bd->be_rootpw.bv_val )) {
+ if ( !strncasecmp( op.o_bd->be_rootpw.bv_val,
+ sc_cleartext.bv_val, sc_cleartext.bv_len )) {
+
+ /* If it's CLEARTEXT, skip past scheme spec */
+ cbv.bv_len = op.o_bd->be_rootpw.bv_len -
+ sc_cleartext.bv_len;
+ if ( cbv.bv_len ) {
+ cbv.bv_val = op.o_bd->be_rootpw.bv_val +
+ sc_cleartext.bv_len;
+ }
+ }
+ /* No scheme, use the whole value */
+ } else {
+ cbv = op.o_bd->be_rootpw;
+ }
+ if ( !BER_BVISEMPTY( &cbv )) {
+ for( i = 0; sl.list[i].name; i++ ) {
+ const char *name = sl.list[i].name;
+
+ if ( name[0] == '*' ) {
+ if ( flags & SASL_AUXPROP_AUTHZID ) continue;
+ name++;
+ } else if ( !(flags & SASL_AUXPROP_AUTHZID ) )
+ continue;
+
+ if ( !strcasecmp(name,"userPassword") ) {
+ sl.sparams->utils->prop_set( sl.sparams->propctx,
+ sl.list[i].name, cbv.bv_val, cbv.bv_len );
+ break;
+ }
+ }
+ }
+ }
+
+ if ( op.o_bd->be_search ) {
+ SlapReply rs = {REP_RESULT};
+ op.o_hdr = conn->c_sasl_bindop->o_hdr;
+ op.o_tag = LDAP_REQ_SEARCH;
+ op.o_ndn = conn->c_ndn;
+ op.o_callback = &cb;
+ slap_op_time( &op.o_time, &op.o_tincr );
+ op.o_do_not_cache = 1;
+ op.o_is_auth_check = 1;
+ op.o_req_dn = op.o_req_ndn;
+ op.ors_scope = LDAP_SCOPE_BASE;
+ op.ors_deref = LDAP_DEREF_NEVER;
+ op.ors_tlimit = SLAP_NO_LIMIT;
+ op.ors_slimit = 1;
+ op.ors_filter = &generic_filter;
+ op.ors_filterstr = generic_filterstr;
+ /* FIXME: we want all attributes, right? */
+ op.ors_attrs = NULL;
+
+ op.o_bd->be_search( &op, &rs );
+ }
+ }
+ }
+}
+
+#if SASL_VERSION_FULL >= 0x020110
+static int
+slap_auxprop_store(
+ void *glob_context,
+ sasl_server_params_t *sparams,
+ struct propctx *prctx,
+ const char *user,
+ unsigned ulen)
+{
+ Operation op = {0};
+ SlapReply rs = {REP_RESULT};
+ int rc, i, j;
+ Connection *conn = NULL;
+ const struct propval *pr;
+ Modifications *modlist = NULL, **modtail = &modlist, *mod;
+ slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
+ char textbuf[SLAP_TEXT_BUFLEN];
+ const char *text;
+ size_t textlen = sizeof(textbuf);
+
+ /* just checking if we are enabled */
+ if (!prctx) return SASL_OK;
+
+ if (!sparams || !user) return SASL_BADPARAM;
+
+ pr = sparams->utils->prop_get( sparams->propctx );
+
+ /* Find our DN and conn first */
+ for( i = 0; pr[i].name; i++ ) {
+ if ( pr[i].name[0] == '*' ) {
+ if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_CONN] ) ) {
+ if ( pr[i].values && pr[i].values[0] )
+ AC_MEMCPY( &conn, pr[i].values[0], sizeof( conn ) );
+ continue;
+ }
+ if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_AUTHC] ) ) {
+ if ( pr[i].values && pr[i].values[0] ) {
+ AC_MEMCPY( &op.o_req_ndn, pr[i].values[0], sizeof( struct berval ) );
+ }
+ }
+ }
+ }
+ if (!conn || !op.o_req_ndn.bv_val) return SASL_BADPARAM;
+
+ op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
+
+ if ( !op.o_bd || !op.o_bd->be_modify ) return SASL_FAIL;
+
+ pr = sparams->utils->prop_get( prctx );
+ if (!pr) return SASL_BADPARAM;
+
+ for (i=0; pr[i].name; i++);
+ if (!i) return SASL_BADPARAM;
+
+ for (i=0; pr[i].name; i++) {
+ mod = (Modifications *)ch_malloc( sizeof(Modifications) );
+ mod->sml_op = LDAP_MOD_REPLACE;
+ mod->sml_flags = 0;
+ ber_str2bv( pr[i].name, 0, 0, &mod->sml_type );
+ mod->sml_values = (struct berval *)ch_malloc( (pr[i].nvalues + 1) *
+ sizeof(struct berval));
+ for (j=0; j<pr[i].nvalues; j++) {
+ ber_str2bv( pr[i].values[j], 0, 1, &mod->sml_values[j]);
+ }
+ BER_BVZERO( &mod->sml_values[j] );
+ mod->sml_nvalues = NULL;
+ mod->sml_desc = NULL;
+ *modtail = mod;
+ modtail = &mod->sml_next;
+ }
+ *modtail = NULL;
+
+ rc = slap_mods_check( modlist, &text, textbuf, textlen, NULL );
+
+ if ( rc == LDAP_SUCCESS ) {
+ rc = slap_mods_no_user_mod_check( &op, modlist,
+ &text, textbuf, textlen );
+
+ if ( rc == LDAP_SUCCESS ) {
+ op.o_hdr = conn->c_sasl_bindop->o_hdr;
+ op.o_tag = LDAP_REQ_MODIFY;
+ op.o_ndn = op.o_req_ndn;
+ op.o_callback = &cb;
+ slap_op_time( &op.o_time, &op.o_tincr );
+ op.o_do_not_cache = 1;
+ op.o_is_auth_check = 1;
+ op.o_req_dn = op.o_req_ndn;
+ op.orm_modlist = modlist;
+
+ rc = op.o_bd->be_modify( &op, &rs );
+ }
+ }
+ slap_mods_free( modlist, 1 );
+ return rc != LDAP_SUCCESS ? SASL_FAIL : SASL_OK;
+}
+#endif /* SASL_VERSION_FULL >= 2.1.16 */
+
+static sasl_auxprop_plug_t slap_auxprop_plugin = {
+ 0, /* Features */
+ 0, /* spare */
+ NULL, /* glob_context */
+ NULL, /* auxprop_free */
+ slap_auxprop_lookup,
+ "slapd", /* name */
+#if SASL_VERSION_FULL >= 0x020110
+ slap_auxprop_store /* the declaration of this member changed
+ * in cyrus SASL from 2.1.15 to 2.1.16 */
+#else
+ NULL
+#endif
+};
+
+static int
+slap_auxprop_init(
+ const sasl_utils_t *utils,
+ int max_version,
+ int *out_version,
+ sasl_auxprop_plug_t **plug,
+ const char *plugname)
+{
+ if ( !out_version || !plug ) return SASL_BADPARAM;
+
+ if ( max_version < SASL_AUXPROP_PLUG_VERSION ) return SASL_BADVERS;
+
+ *out_version = SASL_AUXPROP_PLUG_VERSION;
+ *plug = &slap_auxprop_plugin;
+ return SASL_OK;
+}
+
+/* Convert a SASL authcid or authzid into a DN. Store the DN in an
+ * auxiliary property, so that we can refer to it in sasl_authorize
+ * without interfering with anything else. Also, the SASL username
+ * buffer is constrained to 256 characters, and our DNs could be
+ * much longer (SLAP_LDAPDN_MAXLEN, currently set to 8192)
+ */
+static int
+slap_sasl_canonicalize(
+ sasl_conn_t *sconn,
+ void *context,
+ const char *in,
+ unsigned inlen,
+ unsigned flags,
+ const char *user_realm,
+ char *out,
+ unsigned out_max,
+ unsigned *out_len)
+{
+ Connection *conn = (Connection *)context;
+ struct propctx *props = sasl_auxprop_getctx( sconn );
+ struct propval auxvals[ SLAP_SASL_PROP_COUNT ] = { { 0 } };
+ struct berval dn;
+ int rc, which;
+ const char *names[2];
+ struct berval bvin;
+
+ *out_len = 0;
+
+ Debug( LDAP_DEBUG_ARGS, "SASL Canonicalize [conn=%ld]: %s=\"%s\"\n",
+ conn ? conn->c_connid : -1,
+ (flags & SASL_CU_AUTHID) ? "authcid" : "authzid",
+ in ? in : "<empty>");
+
+ /* If name is too big, just truncate. We don't care, we're
+ * using DNs, not the usernames.
+ */
+ if ( inlen > out_max )
+ inlen = out_max-1;
+
+ /* This is a Simple Bind using SPASSWD. That means the in-directory
+ * userPassword of the Binding user already points at SASL, so it
+ * cannot be used to actually satisfy a password comparison. Just
+ * ignore it, some other mech will process it.
+ */
+ if ( !conn->c_sasl_bindop ||
+ conn->c_sasl_bindop->orb_method != LDAP_AUTH_SASL ) goto done;
+
+ /* See if we need to add request, can only do it once */
+ prop_getnames( props, slap_propnames, auxvals );
+ if ( !auxvals[0].name )
+ prop_request( props, slap_propnames );
+
+ if ( flags & SASL_CU_AUTHID )
+ which = SLAP_SASL_PROP_AUTHC;
+ else
+ which = SLAP_SASL_PROP_AUTHZ;
+
+ /* Need to store the Connection for auxprop_lookup */
+ if ( !auxvals[SLAP_SASL_PROP_CONN].values ) {
+ names[0] = slap_propnames[SLAP_SASL_PROP_CONN];
+ names[1] = NULL;
+ prop_set( props, names[0], (char *)&conn, sizeof( conn ) );
+ }
+
+ /* Already been here? */
+ if ( auxvals[which].values )
+ goto done;
+
+ /* Normally we require an authzID to have a u: or dn: prefix.
+ * However, SASL frequently gives us an authzID that is just
+ * an exact copy of the authcID, without a prefix. We need to
+ * detect and allow this condition. If SASL calls canonicalize
+ * with SASL_CU_AUTHID|SASL_CU_AUTHZID this is a no-brainer.
+ * But if it's broken into two calls, we need to remember the
+ * authcID so that we can compare the authzID later. We store
+ * the authcID temporarily in conn->c_sasl_dn. We necessarily
+ * finish Canonicalizing before Authorizing, so there is no
+ * conflict with slap_sasl_authorize's use of this temp var.
+ *
+ * The SASL EXTERNAL mech is backwards from all the other mechs,
+ * it does authzID before the authcID. If we see that authzID
+ * has already been done, don't do anything special with authcID.
+ */
+ if ( flags == SASL_CU_AUTHID && !auxvals[SLAP_SASL_PROP_AUTHZ].values ) {
+ conn->c_sasl_dn.bv_val = (char *) in;
+ } else if ( flags == SASL_CU_AUTHZID && conn->c_sasl_dn.bv_val ) {
+ rc = strcmp( in, conn->c_sasl_dn.bv_val );
+ conn->c_sasl_dn.bv_val = NULL;
+ /* They were equal, no work needed */
+ if ( !rc ) goto done;
+ }
+
+ bvin.bv_val = (char *)in;
+ bvin.bv_len = inlen;
+ rc = slap_sasl_getdn( conn, NULL, &bvin, (char *)user_realm, &dn,
+ (flags & SASL_CU_AUTHID) ? SLAP_GETDN_AUTHCID : SLAP_GETDN_AUTHZID );
+ if ( rc != LDAP_SUCCESS ) {
+ sasl_seterror( sconn, 0, ldap_err2string( rc ) );
+ return SASL_NOAUTHZ;
+ }
+
+ names[0] = slap_propnames[which];
+ names[1] = NULL;
+
+ prop_set( props, names[0], (char *)&dn, sizeof( dn ) );
+
+ Debug( LDAP_DEBUG_ARGS, "SASL Canonicalize [conn=%ld]: %s=\"%s\"\n",
+ conn ? conn->c_connid : -1, names[0]+1,
+ dn.bv_val ? dn.bv_val : "<EMPTY>" );
+
+done:
+ AC_MEMCPY( out, in, inlen );
+ out[inlen] = '\0';
+
+ *out_len = inlen;
+
+ return SASL_OK;
+}
+
+static int
+slap_sasl_authorize(
+ sasl_conn_t *sconn,
+ void *context,
+ char *requested_user,
+ unsigned rlen,
+ char *auth_identity,
+ unsigned alen,
+ const char *def_realm,
+ unsigned urlen,
+ struct propctx *props)
+{
+ Connection *conn = (Connection *)context;
+ /* actually:
+ * (SLAP_SASL_PROP_COUNT - 1) because we skip "conn",
+ * + 1 for NULL termination?
+ */
+ struct propval auxvals[ SLAP_SASL_PROP_COUNT ] = { { 0 } };
+ struct berval authcDN, authzDN = BER_BVNULL;
+ int rc;
+
+ /* Simple Binds don't support proxy authorization, ignore it */
+ if ( !conn->c_sasl_bindop ||
+ conn->c_sasl_bindop->orb_method != LDAP_AUTH_SASL ) return SASL_OK;
+
+ Debug( LDAP_DEBUG_ARGS, "SASL proxy authorize [conn=%ld]: "
+ "authcid=\"%s\" authzid=\"%s\"\n",
+ conn ? conn->c_connid : -1, auth_identity, requested_user );
+ if ( conn->c_sasl_dn.bv_val ) {
+ ch_free( conn->c_sasl_dn.bv_val );
+ BER_BVZERO( &conn->c_sasl_dn );
+ }
+
+ /* Skip SLAP_SASL_PROP_CONN */
+ prop_getnames( props, slap_propnames+1, auxvals );
+
+ /* Should not happen */
+ if ( !auxvals[0].values ) {
+ sasl_seterror( sconn, 0, "invalid authcid" );
+ return SASL_NOAUTHZ;
+ }
+
+ AC_MEMCPY( &authcDN, auxvals[0].values[0], sizeof(authcDN) );
+ conn->c_sasl_dn = authcDN;
+
+ /* Nothing to do if no authzID was given */
+ if ( !auxvals[1].name || !auxvals[1].values ) {
+ goto ok;
+ }
+
+ AC_MEMCPY( &authzDN, auxvals[1].values[0], sizeof(authzDN) );
+
+ rc = slap_sasl_authorized( conn->c_sasl_bindop, &authcDN, &authzDN );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "SASL Proxy Authorize [conn=%ld]: "
+ "proxy authorization disallowed (%d)\n",
+ (long) (conn ? conn->c_connid : -1), rc, 0 );
+
+ sasl_seterror( sconn, 0, "not authorized" );
+ ch_free( authzDN.bv_val );
+ return SASL_NOAUTHZ;
+ }
+
+ /* FIXME: we need yet another dup because slap_sasl_getdn()
+ * is using the bind operation slab */
+ if ( conn->c_sasl_bindop ) {
+ ber_dupbv( &conn->c_sasl_authz_dn, &authzDN );
+ slap_sl_free( authzDN.bv_val,
+ conn->c_sasl_bindop->o_tmpmemctx );
+
+ } else {
+ conn->c_sasl_authz_dn = authzDN;
+ }
+
+ok:
+ if (conn->c_sasl_bindop) {
+ Statslog( LDAP_DEBUG_STATS,
+ "conn=%lu op=%lu BIND authcid=\"%s\" authzid=\"%s\"\n",
+ conn->c_connid, conn->c_sasl_bindop->o_opid,
+ auth_identity, requested_user, 0);
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "SASL Authorize [conn=%ld]: "
+ " proxy authorization allowed authzDN=\"%s\"\n",
+ (long) (conn ? conn->c_connid : -1),
+ authzDN.bv_val ? authzDN.bv_val : "", 0 );
+ return SASL_OK;
+}
+#else
+static int
+slap_sasl_authorize(
+ void *context,
+ char *authcid,
+ char *authzid,
+ const char **user,
+ const char **errstr)
+{
+ struct berval authcDN, authzDN = BER_BVNULL;
+ int rc;
+ Connection *conn = context;
+ char *realm;
+ struct berval bvauthcid, bvauthzid;
+
+ *user = NULL;
+ if ( conn->c_sasl_dn.bv_val ) {
+ ch_free( conn->c_sasl_dn.bv_val );
+ BER_BVZERO( &conn->c_sasl_dn );
+ }
+
+ Debug( LDAP_DEBUG_ARGS, "SASL Authorize [conn=%ld]: "
+ "authcid=\"%s\" authzid=\"%s\"\n",
+ (long) (conn ? conn->c_connid : -1),
+ authcid ? authcid : "<empty>",
+ authzid ? authzid : "<empty>" );
+
+ /* Figure out how much data we have for the dn */
+ rc = sasl_getprop( conn->c_sasl_authctx, SASL_REALM, (void **)&realm );
+ if( rc != SASL_OK && rc != SASL_NOTDONE ) {
+ Debug(LDAP_DEBUG_TRACE,
+ "authorize: getprop(REALM) failed!\n", 0,0,0);
+ *errstr = "Could not extract realm";
+ return SASL_NOAUTHZ;
+ }
+
+ /* Convert the identities to DN's. If no authzid was given, client will
+ be bound as the DN matching their username */
+ bvauthcid.bv_val = authcid;
+ bvauthcid.bv_len = authcid ? strlen( authcid ) : 0;
+ rc = slap_sasl_getdn( conn, NULL, &bvauthcid, realm,
+ &authcDN, SLAP_GETDN_AUTHCID );
+ if( rc != LDAP_SUCCESS ) {
+ *errstr = ldap_err2string( rc );
+ return SASL_NOAUTHZ;
+ }
+ conn->c_sasl_dn = authcDN;
+ if( ( authzid == NULL ) || !strcmp( authcid, authzid ) ) {
+ Debug( LDAP_DEBUG_TRACE, "SASL Authorize [conn=%ld]: "
+ "Using authcDN=%s\n", (long) (conn ? conn->c_connid : -1), authcDN.bv_val,0 );
+
+ goto ok;
+ }
+
+ bvauthzid.bv_val = authzid;
+ bvauthzid.bv_len = authzid ? strlen( authzid ) : 0;
+ rc = slap_sasl_getdn( conn, NULL, &bvauthzid, realm,
+ &authzDN, SLAP_GETDN_AUTHZID );
+ if( rc != LDAP_SUCCESS ) {
+ *errstr = ldap_err2string( rc );
+ return SASL_NOAUTHZ;
+ }
+
+ rc = slap_sasl_authorized( conn->c_sasl_bindop, &authcDN, &authzDN );
+ if( rc ) {
+ Debug( LDAP_DEBUG_TRACE, "SASL Authorize [conn=%ld]: "
+ "proxy authorization disallowed (%d)\n",
+ (long) (conn ? conn->c_connid : -1), rc, 0 );
+
+ *errstr = "not authorized";
+ ch_free( authzDN.bv_val );
+ return SASL_NOAUTHZ;
+ }
+
+ /* FIXME: we need yet another dup because slap_sasl_getdn()
+ * is using the bind operation slab */
+ if ( conn->c_sasl_bindop ) {
+ ber_dupbv( &conn->c_sasl_authz_dn, &authzDN );
+ slap_sl_free( authzDN.bv_val,
+ conn->c_sasl_bindop->o_tmpmemctx );
+
+ } else {
+ conn->c_sasl_authz_dn = authzDN;
+ }
+
+ok:
+ Debug( LDAP_DEBUG_TRACE, "SASL Authorize [conn=%ld]: "
+ " authorization allowed authzDN=\"%s\"\n",
+ (long) (conn ? conn->c_connid : -1),
+ authzDN.bv_val ? authzDN.bv_val : "", 0 );
+
+ if ( conn->c_sasl_bindop ) {
+ Statslog( LDAP_DEBUG_STATS,
+ "conn=%lu op=%lu BIND authcid=\"%s\" authzid=\"%s\"\n",
+ conn->c_connid, conn->c_sasl_bindop->o_opid,
+ authcid, authzid ? authzid : "", 0);
+ }
+
+ *errstr = NULL;
+ return SASL_OK;
+}
+#endif /* SASL_VERSION_MAJOR >= 2 */
+
+static int
+slap_sasl_err2ldap( int saslerr )
+{
+ int rc;
+
+ /* map SASL errors to LDAP resultCode returned by:
+ * sasl_server_new()
+ * SASL_OK, SASL_NOMEM
+ * sasl_server_step()
+ * SASL_OK, SASL_CONTINUE, SASL_TRANS, SASL_BADPARAM, SASL_BADPROT,
+ * ...
+ * sasl_server_start()
+ * + SASL_NOMECH
+ * sasl_setprop()
+ * SASL_OK, SASL_BADPARAM
+ */
+
+ switch (saslerr) {
+ case SASL_OK:
+ rc = LDAP_SUCCESS;
+ break;
+ case SASL_CONTINUE:
+ rc = LDAP_SASL_BIND_IN_PROGRESS;
+ break;
+ case SASL_FAIL:
+ case SASL_NOMEM:
+ rc = LDAP_OTHER;
+ break;
+ case SASL_NOMECH:
+ rc = LDAP_AUTH_METHOD_NOT_SUPPORTED;
+ break;
+ case SASL_BADAUTH:
+ case SASL_NOUSER:
+ case SASL_TRANS:
+ case SASL_EXPIRED:
+ rc = LDAP_INVALID_CREDENTIALS;
+ break;
+ case SASL_NOAUTHZ:
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ break;
+ case SASL_TOOWEAK:
+ case SASL_ENCRYPT:
+ rc = LDAP_INAPPROPRIATE_AUTH;
+ break;
+ case SASL_UNAVAIL:
+ case SASL_TRYAGAIN:
+ rc = LDAP_UNAVAILABLE;
+ break;
+ case SASL_DISABLED:
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ break;
+ default:
+ rc = LDAP_OTHER;
+ break;
+ }
+
+ return rc;
+}
+
+#ifdef SLAPD_SPASSWD
+
+static struct berval sasl_pwscheme = BER_BVC("{SASL}");
+
+static int chk_sasl(
+ const struct berval *sc,
+ const struct berval * passwd,
+ const struct berval * cred,
+ const char **text )
+{
+ unsigned int i;
+ int rtn;
+ void *ctx, *sconn = NULL;
+
+ for( i=0; i<cred->bv_len; i++) {
+ if(cred->bv_val[i] == '\0') {
+ return LUTIL_PASSWD_ERR; /* NUL character in password */
+ }
+ }
+
+ if( cred->bv_val[i] != '\0' ) {
+ return LUTIL_PASSWD_ERR; /* cred must behave like a string */
+ }
+
+ for( i=0; i<passwd->bv_len; i++) {
+ if(passwd->bv_val[i] == '\0') {
+ return LUTIL_PASSWD_ERR; /* NUL character in password */
+ }
+ }
+
+ if( passwd->bv_val[i] != '\0' ) {
+ return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
+ }
+
+ rtn = LUTIL_PASSWD_ERR;
+
+ ctx = ldap_pvt_thread_pool_context();
+ ldap_pvt_thread_pool_getkey( ctx, slap_sasl_bind, &sconn, NULL );
+
+ if( sconn != NULL ) {
+ int sc;
+# if SASL_VERSION_MAJOR < 2
+ sc = sasl_checkpass( sconn,
+ passwd->bv_val, passwd->bv_len,
+ cred->bv_val, cred->bv_len,
+ text );
+# else
+ sc = sasl_checkpass( sconn,
+ passwd->bv_val, passwd->bv_len,
+ cred->bv_val, cred->bv_len );
+# endif
+ rtn = ( sc != SASL_OK ) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+ }
+
+ return rtn;
+}
+#endif /* SLAPD_SPASSWD */
+
+#endif /* HAVE_CYRUS_SASL */
+
+int slap_sasl_init( void )
+{
+#ifdef HAVE_CYRUS_SASL
+ int rc;
+ static sasl_callback_t server_callbacks[] = {
+ { SASL_CB_LOG, &slap_sasl_log, NULL },
+ { SASL_CB_LIST_END, NULL, NULL }
+ };
+
+#ifdef HAVE_SASL_VERSION
+ /* stringify the version number, sasl.h doesn't do it for us */
+#define VSTR0(maj, min, pat) #maj "." #min "." #pat
+#define VSTR(maj, min, pat) VSTR0(maj, min, pat)
+#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \
+ SASL_VERSION_STEP)
+
+ sasl_version( NULL, &rc );
+ if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) ||
+ (rc & 0xffff) < SASL_VERSION_STEP)
+ {
+ char version[sizeof("xxx.xxx.xxxxx")];
+ sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff,
+ rc & 0xffff );
+ Debug( LDAP_DEBUG_ANY, "slap_sasl_init: SASL library version mismatch:"
+ " expected " SASL_VERSION_STRING ","
+ " got %s\n", version, 0, 0 );
+ return -1;
+ }
+#endif
+
+ /* SASL 2 does its own memory management internally */
+#if SASL_VERSION_MAJOR < 2
+ sasl_set_alloc(
+ ber_memalloc,
+ ber_memcalloc,
+ ber_memrealloc,
+ ber_memfree );
+#endif
+
+ sasl_set_mutex(
+ ldap_pvt_sasl_mutex_new,
+ ldap_pvt_sasl_mutex_lock,
+ ldap_pvt_sasl_mutex_unlock,
+ ldap_pvt_sasl_mutex_dispose );
+
+#if SASL_VERSION_MAJOR >= 2
+ generic_filter.f_desc = slap_schema.si_ad_objectClass;
+
+ rc = sasl_auxprop_add_plugin( "slapd", slap_auxprop_init );
+ if( rc != SASL_OK ) {
+ Debug( LDAP_DEBUG_ANY, "slap_sasl_init: auxprop add plugin failed\n",
+ 0, 0, 0 );
+ return -1;
+ }
+#endif
+ /* should provide callbacks for logging */
+ /* server name should be configurable */
+ rc = sasl_server_init( server_callbacks, "slapd" );
+
+ if( rc != SASL_OK ) {
+ Debug( LDAP_DEBUG_ANY, "slap_sasl_init: server init failed\n",
+ 0, 0, 0 );
+#if SASL_VERSION_MAJOR < 2
+ /* A no-op used to make sure we linked with Cyrus 1.5 */
+ sasl_client_auth( NULL, NULL, NULL, 0, NULL, NULL );
+#endif
+
+ return -1;
+ }
+
+#ifdef SLAPD_SPASSWD
+ lutil_passwd_add( &sasl_pwscheme, chk_sasl, NULL );
+#endif
+
+ Debug( LDAP_DEBUG_TRACE, "slap_sasl_init: initialized!\n",
+ 0, 0, 0 );
+
+ /* default security properties */
+ memset( &sasl_secprops, '\0', sizeof(sasl_secprops) );
+ sasl_secprops.max_ssf = INT_MAX;
+ sasl_secprops.maxbufsize = 65536;
+ sasl_secprops.security_flags = SASL_SEC_NOPLAINTEXT|SASL_SEC_NOANONYMOUS;
+#endif
+
+ return 0;
+}
+
+int slap_sasl_destroy( void )
+{
+#ifdef HAVE_CYRUS_SASL
+ sasl_done();
+#endif
+ free( global_host );
+ global_host = NULL;
+
+ return 0;
+}
+
+int slap_sasl_open( Connection *conn, int reopen )
+{
+ int sc = LDAP_SUCCESS;
+#ifdef HAVE_CYRUS_SASL
+ int cb;
+
+ sasl_conn_t *ctx = NULL;
+ sasl_callback_t *session_callbacks;
+
+#if SASL_VERSION_MAJOR >= 2
+ char *ipremoteport = NULL, *iplocalport = NULL;
+#endif
+
+ assert( conn->c_sasl_authctx == NULL );
+
+ if ( !reopen ) {
+ assert( conn->c_sasl_extra == NULL );
+
+ session_callbacks =
+#if SASL_VERSION_MAJOR >= 2
+ SLAP_CALLOC( 5, sizeof(sasl_callback_t));
+#else
+ SLAP_CALLOC( 3, sizeof(sasl_callback_t));
+#endif
+ if( session_callbacks == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "slap_sasl_open: SLAP_MALLOC failed", 0, 0, 0 );
+ return -1;
+ }
+ conn->c_sasl_extra = session_callbacks;
+
+ session_callbacks[cb=0].id = SASL_CB_LOG;
+ session_callbacks[cb].proc = &slap_sasl_log;
+ session_callbacks[cb++].context = conn;
+
+ session_callbacks[cb].id = SASL_CB_PROXY_POLICY;
+ session_callbacks[cb].proc = &slap_sasl_authorize;
+ session_callbacks[cb++].context = conn;
+
+#if SASL_VERSION_MAJOR >= 2
+ session_callbacks[cb].id = SASL_CB_CANON_USER;
+ session_callbacks[cb].proc = &slap_sasl_canonicalize;
+ session_callbacks[cb++].context = conn;
+#endif
+
+ session_callbacks[cb].id = SASL_CB_LIST_END;
+ session_callbacks[cb].proc = NULL;
+ session_callbacks[cb++].context = NULL;
+ } else {
+ session_callbacks = conn->c_sasl_extra;
+ }
+
+ conn->c_sasl_layers = 0;
+
+ /* create new SASL context */
+#if SASL_VERSION_MAJOR >= 2
+ if ( conn->c_sock_name.bv_len != 0 &&
+ strncmp( conn->c_sock_name.bv_val, "IP=", 3 ) == 0) {
+ char *p;
+
+ iplocalport = ch_strdup( conn->c_sock_name.bv_val + 3 );
+ /* Convert IPv6 addresses to address;port syntax. */
+ p = strrchr( iplocalport, ' ' );
+ /* Convert IPv4 addresses to address;port syntax. */
+ if ( p == NULL ) p = strchr( iplocalport, ':' );
+ if ( p != NULL ) {
+ *p = ';';
+ }
+ }
+ if ( conn->c_peer_name.bv_len != 0 &&
+ strncmp( conn->c_peer_name.bv_val, "IP=", 3 ) == 0) {
+ char *p;
+
+ ipremoteport = ch_strdup( conn->c_peer_name.bv_val + 3 );
+ /* Convert IPv6 addresses to address;port syntax. */
+ p = strrchr( ipremoteport, ' ' );
+ /* Convert IPv4 addresses to address;port syntax. */
+ if ( p == NULL ) p = strchr( ipremoteport, ':' );
+ if ( p != NULL ) {
+ *p = ';';
+ }
+ }
+ sc = sasl_server_new( "ldap", global_host, global_realm,
+ iplocalport, ipremoteport, session_callbacks, SASL_SUCCESS_DATA, &ctx );
+ if ( iplocalport != NULL ) {
+ ch_free( iplocalport );
+ }
+ if ( ipremoteport != NULL ) {
+ ch_free( ipremoteport );
+ }
+#else
+ sc = sasl_server_new( "ldap", global_host, global_realm,
+ session_callbacks, SASL_SECURITY_LAYER, &ctx );
+#endif
+
+ if( sc != SASL_OK ) {
+ Debug( LDAP_DEBUG_ANY, "sasl_server_new failed: %d\n",
+ sc, 0, 0 );
+
+ return -1;
+ }
+
+ conn->c_sasl_authctx = ctx;
+
+ if( sc == SASL_OK ) {
+ sc = sasl_setprop( ctx,
+ SASL_SEC_PROPS, &sasl_secprops );
+
+ if( sc != SASL_OK ) {
+ Debug( LDAP_DEBUG_ANY, "sasl_setprop failed: %d\n",
+ sc, 0, 0 );
+
+ slap_sasl_close( conn );
+ return -1;
+ }
+ }
+
+ sc = slap_sasl_err2ldap( sc );
+
+#elif defined(SLAP_BUILTIN_SASL)
+ /* built-in SASL implementation */
+ SASL_CTX *ctx = (SASL_CTX *) SLAP_MALLOC(sizeof(SASL_CTX));
+ if( ctx == NULL ) return -1;
+
+ ctx->sc_external_ssf = 0;
+ BER_BVZERO( &ctx->sc_external_id );
+
+ conn->c_sasl_authctx = ctx;
+#endif
+
+ return sc;
+}
+
+int slap_sasl_external(
+ Connection *conn,
+ slap_ssf_t ssf,
+ struct berval *auth_id )
+{
+#if SASL_VERSION_MAJOR >= 2
+ int sc;
+ sasl_conn_t *ctx = conn->c_sasl_authctx;
+
+ if ( ctx == NULL ) {
+ return LDAP_UNAVAILABLE;
+ }
+
+ sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &ssf );
+
+ if ( sc != SASL_OK ) {
+ return LDAP_OTHER;
+ }
+
+ sc = sasl_setprop( ctx, SASL_AUTH_EXTERNAL,
+ auth_id ? auth_id->bv_val : NULL );
+
+ if ( sc != SASL_OK ) {
+ return LDAP_OTHER;
+ }
+
+#elif defined(HAVE_CYRUS_SASL)
+ int sc;
+ sasl_conn_t *ctx = conn->c_sasl_authctx;
+ sasl_external_properties_t extprops;
+
+ if ( ctx == NULL ) {
+ return LDAP_UNAVAILABLE;
+ }
+
+ memset( &extprops, '\0', sizeof(extprops) );
+ extprops.ssf = ssf;
+ extprops.auth_id = auth_id ? auth_id->bv_val : NULL;
+
+ sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL,
+ (void *) &extprops );
+
+ if ( sc != SASL_OK ) {
+ return LDAP_OTHER;
+ }
+#elif defined(SLAP_BUILTIN_SASL)
+ /* built-in SASL implementation */
+ SASL_CTX *ctx = conn->c_sasl_authctx;
+ if ( ctx == NULL ) return LDAP_UNAVAILABLE;
+
+ ctx->sc_external_ssf = ssf;
+ if( auth_id ) {
+ ctx->sc_external_id = *auth_id;
+ BER_BVZERO( auth_id );
+ } else {
+ BER_BVZERO( &ctx->sc_external_id );
+ }
+#endif
+
+ return LDAP_SUCCESS;
+}
+
+int slap_sasl_reset( Connection *conn )
+{
+ return LDAP_SUCCESS;
+}
+
+char ** slap_sasl_mechs( Connection *conn )
+{
+ char **mechs = NULL;
+
+#ifdef HAVE_CYRUS_SASL
+ sasl_conn_t *ctx = conn->c_sasl_authctx;
+
+ if( ctx == NULL ) ctx = conn->c_sasl_sockctx;
+
+ if( ctx != NULL ) {
+ int sc;
+ SASL_CONST char *mechstr;
+
+ sc = sasl_listmech( ctx,
+ NULL, NULL, ",", NULL,
+ &mechstr, NULL, NULL );
+
+ if( sc != SASL_OK ) {
+ Debug( LDAP_DEBUG_ANY, "slap_sasl_listmech failed: %d\n",
+ sc, 0, 0 );
+
+ return NULL;
+ }
+
+ mechs = ldap_str2charray( mechstr, "," );
+
+#if SASL_VERSION_MAJOR < 2
+ ch_free( mechstr );
+#endif
+ }
+#elif defined(SLAP_BUILTIN_SASL)
+ /* builtin SASL implementation */
+ SASL_CTX *ctx = conn->c_sasl_authctx;
+ if ( ctx != NULL && ctx->sc_external_id.bv_val ) {
+ /* should check ssf */
+ mechs = ldap_str2charray( "EXTERNAL", "," );
+ }
+#endif
+
+ return mechs;
+}
+
+int slap_sasl_close( Connection *conn )
+{
+#ifdef HAVE_CYRUS_SASL
+ sasl_conn_t *ctx = conn->c_sasl_authctx;
+
+ if( ctx != NULL ) {
+ sasl_dispose( &ctx );
+ }
+ if ( conn->c_sasl_sockctx &&
+ conn->c_sasl_authctx != conn->c_sasl_sockctx )
+ {
+ ctx = conn->c_sasl_sockctx;
+ sasl_dispose( &ctx );
+ }
+
+ conn->c_sasl_authctx = NULL;
+ conn->c_sasl_sockctx = NULL;
+ conn->c_sasl_done = 0;
+
+ free( conn->c_sasl_extra );
+ conn->c_sasl_extra = NULL;
+
+#elif defined(SLAP_BUILTIN_SASL)
+ SASL_CTX *ctx = conn->c_sasl_authctx;
+ if( ctx ) {
+ if( ctx->sc_external_id.bv_val ) {
+ free( ctx->sc_external_id.bv_val );
+ BER_BVZERO( &ctx->sc_external_id );
+ }
+ free( ctx );
+ conn->c_sasl_authctx = NULL;
+ }
+#endif
+
+ return LDAP_SUCCESS;
+}
+
+int slap_sasl_bind( Operation *op, SlapReply *rs )
+{
+#ifdef HAVE_CYRUS_SASL
+ sasl_conn_t *ctx = op->o_conn->c_sasl_authctx;
+ struct berval response;
+ unsigned reslen = 0;
+ int sc;
+
+ Debug(LDAP_DEBUG_ARGS,
+ "==> sasl_bind: dn=\"%s\" mech=%s datalen=%ld\n",
+ op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "",
+ op->o_conn->c_sasl_bind_in_progress ? "<continuing>" :
+ op->o_conn->c_sasl_bind_mech.bv_val,
+ op->orb_cred.bv_len );
+
+ if( ctx == NULL ) {
+ send_ldap_error( op, rs, LDAP_UNAVAILABLE,
+ "SASL unavailable on this session" );
+ return rs->sr_err;
+ }
+
+#if SASL_VERSION_MAJOR >= 2
+#define START( ctx, mech, cred, clen, resp, rlen, err ) \
+ sasl_server_start( ctx, mech, cred, clen, resp, rlen )
+#define STEP( ctx, cred, clen, resp, rlen, err ) \
+ sasl_server_step( ctx, cred, clen, resp, rlen )
+#else
+#define START( ctx, mech, cred, clen, resp, rlen, err ) \
+ sasl_server_start( ctx, mech, cred, clen, resp, rlen, err )
+#define STEP( ctx, cred, clen, resp, rlen, err ) \
+ sasl_server_step( ctx, cred, clen, resp, rlen, err )
+#endif
+
+ if ( !op->o_conn->c_sasl_bind_in_progress ) {
+ /* If we already authenticated once, must use a new context */
+ if ( op->o_conn->c_sasl_done ) {
+ slap_ssf_t ssf = 0;
+ const char *authid = NULL;
+#if SASL_VERSION_MAJOR >= 2
+ sasl_getprop( ctx, SASL_SSF_EXTERNAL, (void *)&ssf );
+ sasl_getprop( ctx, SASL_AUTH_EXTERNAL, (void *)&authid );
+ if ( authid ) authid = ch_strdup( authid );
+#endif
+ if ( ctx != op->o_conn->c_sasl_sockctx ) {
+ sasl_dispose( &ctx );
+ }
+ op->o_conn->c_sasl_authctx = NULL;
+
+ slap_sasl_open( op->o_conn, 1 );
+ ctx = op->o_conn->c_sasl_authctx;
+#if SASL_VERSION_MAJOR >= 2
+ if ( authid ) {
+ sasl_setprop( ctx, SASL_SSF_EXTERNAL, &ssf );
+ sasl_setprop( ctx, SASL_AUTH_EXTERNAL, authid );
+ ch_free( (char *)authid );
+ }
+#endif
+ }
+ sc = START( ctx,
+ op->o_conn->c_sasl_bind_mech.bv_val,
+ op->orb_cred.bv_val, op->orb_cred.bv_len,
+ (SASL_CONST char **)&response.bv_val, &reslen, &rs->sr_text );
+
+ } else {
+ sc = STEP( ctx,
+ op->orb_cred.bv_val, op->orb_cred.bv_len,
+ (SASL_CONST char **)&response.bv_val, &reslen, &rs->sr_text );
+ }
+
+ response.bv_len = reslen;
+
+ if ( sc == SASL_OK ) {
+ sasl_ssf_t *ssf = NULL;
+
+ op->orb_edn = op->o_conn->c_sasl_dn;
+ BER_BVZERO( &op->o_conn->c_sasl_dn );
+ op->o_conn->c_sasl_done = 1;
+
+ rs->sr_err = LDAP_SUCCESS;
+
+ (void) sasl_getprop( ctx, SASL_SSF, (void *)&ssf );
+ op->orb_ssf = ssf ? *ssf : 0;
+
+ ctx = NULL;
+ if( op->orb_ssf ) {
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+ op->o_conn->c_sasl_layers++;
+
+ /* If there's an old layer, set sockctx to NULL to
+ * tell connection_read() to wait for us to finish.
+ * Otherwise there is a race condition: we have to
+ * send the Bind response using the old security
+ * context and then remove it before reading any
+ * new messages.
+ */
+ if ( op->o_conn->c_sasl_sockctx ) {
+ ctx = op->o_conn->c_sasl_sockctx;
+ op->o_conn->c_sasl_sockctx = NULL;
+ } else {
+ op->o_conn->c_sasl_sockctx = op->o_conn->c_sasl_authctx;
+ }
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+ }
+
+ /* Must send response using old security layer */
+ if (response.bv_len) rs->sr_sasldata = &response;
+ send_ldap_sasl( op, rs );
+
+ /* Now dispose of the old security layer.
+ */
+ if ( ctx ) {
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+ ldap_pvt_sasl_remove( op->o_conn->c_sb );
+ op->o_conn->c_sasl_sockctx = op->o_conn->c_sasl_authctx;
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+ sasl_dispose( &ctx );
+ }
+ } else if ( sc == SASL_CONTINUE ) {
+ rs->sr_err = LDAP_SASL_BIND_IN_PROGRESS,
+ rs->sr_sasldata = &response;
+ send_ldap_sasl( op, rs );
+
+ } else {
+#if SASL_VERSION_MAJOR >= 2
+ rs->sr_text = sasl_errdetail( ctx );
+#endif
+ rs->sr_err = slap_sasl_err2ldap( sc ),
+ send_ldap_result( op, rs );
+ }
+
+#if SASL_VERSION_MAJOR < 2
+ if( response.bv_len ) {
+ ch_free( response.bv_val );
+ }
+#endif
+
+ Debug(LDAP_DEBUG_TRACE, "<== slap_sasl_bind: rc=%d\n", rs->sr_err, 0, 0);
+
+#elif defined(SLAP_BUILTIN_SASL)
+ /* built-in SASL implementation */
+ SASL_CTX *ctx = op->o_conn->c_sasl_authctx;
+
+ if ( ctx == NULL ) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "Internal SASL Error" );
+
+ } else if ( bvmatch( &ext_bv, &op->o_conn->c_sasl_bind_mech ) ) {
+ /* EXTERNAL */
+
+ if( op->orb_cred.bv_len ) {
+ rs->sr_text = "proxy authorization not support";
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ send_ldap_result( op, rs );
+
+ } else {
+ op->orb_edn = ctx->sc_external_id;
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_sasldata = NULL;
+ send_ldap_sasl( op, rs );
+ }
+
+ } else {
+ send_ldap_error( op, rs, LDAP_AUTH_METHOD_NOT_SUPPORTED,
+ "requested SASL mechanism not supported" );
+ }
+#else
+ send_ldap_error( op, rs, LDAP_AUTH_METHOD_NOT_SUPPORTED,
+ "SASL not supported" );
+#endif
+
+ return rs->sr_err;
+}
+
+char* slap_sasl_secprops( const char *in )
+{
+#ifdef HAVE_CYRUS_SASL
+ int rc = ldap_pvt_sasl_secprops( in, &sasl_secprops );
+
+ return rc == LDAP_SUCCESS ? NULL : "Invalid security properties";
+#else
+ return "SASL not supported";
+#endif
+}
+
+void slap_sasl_secprops_unparse( struct berval *bv )
+{
+#ifdef HAVE_CYRUS_SASL
+ ldap_pvt_sasl_secprops_unparse( &sasl_secprops, bv );
+#endif
+}
+
+#ifdef HAVE_CYRUS_SASL
+int
+slap_sasl_setpass( Operation *op, SlapReply *rs )
+{
+ struct berval id = BER_BVNULL; /* needs to come from connection */
+ struct berval new = BER_BVNULL;
+ struct berval old = BER_BVNULL;
+
+ assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid ) == 0 );
+
+ rs->sr_err = sasl_getprop( op->o_conn->c_sasl_authctx, SASL_USERNAME,
+ (SASL_CONST void **)&id.bv_val );
+
+ if( rs->sr_err != SASL_OK ) {
+ rs->sr_text = "unable to retrieve SASL username";
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_ARGS, "==> slap_sasl_setpass: \"%s\"\n",
+ id.bv_val ? id.bv_val : "", 0, 0 );
+
+ rs->sr_err = slap_passwd_parse( op->ore_reqdata,
+ NULL, &old, &new, &rs->sr_text );
+
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ if( new.bv_len == 0 ) {
+ slap_passwd_generate(&new);
+
+ if( new.bv_len == 0 ) {
+ rs->sr_text = "password generation failed.";
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+
+ rs->sr_rspdata = slap_passwd_return( &new );
+ }
+
+#if SASL_VERSION_MAJOR < 2
+ rs->sr_err = sasl_setpass( op->o_conn->c_sasl_authctx,
+ id.bv_val, new.bv_val, new.bv_len, 0, &rs->sr_text );
+#else
+ rs->sr_err = sasl_setpass( op->o_conn->c_sasl_authctx, id.bv_val,
+ new.bv_val, new.bv_len, old.bv_val, old.bv_len, 0 );
+ if( rs->sr_err != SASL_OK ) {
+ rs->sr_text = sasl_errdetail( op->o_conn->c_sasl_authctx );
+ }
+#endif
+ switch(rs->sr_err) {
+ case SASL_OK:
+ rs->sr_err = LDAP_SUCCESS;
+ break;
+
+ case SASL_NOCHANGE:
+ case SASL_NOMECH:
+ case SASL_DISABLED:
+ case SASL_PWLOCK:
+ case SASL_FAIL:
+ case SASL_BADPARAM:
+ default:
+ rs->sr_err = LDAP_OTHER;
+ }
+
+done:
+ return rs->sr_err;
+}
+#endif /* HAVE_CYRUS_SASL */
+
+/* Take any sort of identity string and return a DN with the "dn:" prefix. The
+ * string returned in *dn is in its own allocated memory, and must be free'd
+ * by the calling process. -Mark Adamson, Carnegie Mellon
+ *
+ * The "dn:" prefix is no longer used anywhere inside slapd. It is only used
+ * on strings passed in directly from SASL. -Howard Chu, Symas Corp.
+ */
+
+#define SET_NONE 0
+#define SET_DN 1
+#define SET_U 2
+
+int slap_sasl_getdn( Connection *conn, Operation *op, struct berval *id,
+ char *user_realm, struct berval *dn, int flags )
+{
+ int rc, is_dn = SET_NONE, do_norm = 1;
+ struct berval dn2, *mech;
+
+ assert( conn != NULL );
+ assert( id != NULL );
+
+ Debug( LDAP_DEBUG_ARGS, "slap_sasl_getdn: conn %lu id=%s [len=%lu]\n",
+ conn->c_connid,
+ BER_BVISNULL( id ) ? "NULL" : ( BER_BVISEMPTY( id ) ? "<empty>" : id->bv_val ),
+ BER_BVISNULL( id ) ? 0 : ( BER_BVISEMPTY( id ) ? 0 :
+ (unsigned long) id->bv_len ) );
+
+ if ( !op ) {
+ op = conn->c_sasl_bindop;
+ }
+ assert( op != NULL );
+
+ BER_BVZERO( dn );
+
+ if ( !BER_BVISNULL( id ) ) {
+ /* Blatantly anonymous ID */
+ static struct berval bv_anonymous = BER_BVC( "anonymous" );
+
+ if ( ber_bvstrcasecmp( id, &bv_anonymous ) == 0 ) {
+ return( LDAP_SUCCESS );
+ }
+
+ } else {
+ /* FIXME: if empty, should we stop? */
+ BER_BVSTR( id, "" );
+ }
+
+ if ( !BER_BVISEMPTY( &conn->c_sasl_bind_mech ) ) {
+ mech = &conn->c_sasl_bind_mech;
+ } else {
+ mech = &conn->c_authmech;
+ }
+
+ /* An authcID needs to be converted to authzID form. Set the
+ * values directly into *dn; they will be normalized later. (and
+ * normalizing always makes a new copy.) An ID from a TLS certificate
+ * is already normalized, so copy it and skip normalization.
+ */
+ if( flags & SLAP_GETDN_AUTHCID ) {
+ if( bvmatch( mech, &ext_bv )) {
+ /* EXTERNAL DNs are already normalized */
+ assert( !BER_BVISNULL( id ) );
+
+ do_norm = 0;
+ is_dn = SET_DN;
+ ber_dupbv_x( dn, id, op->o_tmpmemctx );
+
+ } else {
+ /* convert to u:<username> form */
+ is_dn = SET_U;
+ *dn = *id;
+ }
+ }
+
+ if( is_dn == SET_NONE ) {
+ if( !strncasecmp( id->bv_val, "u:", STRLENOF( "u:" ) ) ) {
+ is_dn = SET_U;
+ dn->bv_val = id->bv_val + STRLENOF( "u:" );
+ dn->bv_len = id->bv_len - STRLENOF( "u:" );
+
+ } else if ( !strncasecmp( id->bv_val, "dn:", STRLENOF( "dn:" ) ) ) {
+ is_dn = SET_DN;
+ dn->bv_val = id->bv_val + STRLENOF( "dn:" );
+ dn->bv_len = id->bv_len - STRLENOF( "dn:" );
+ }
+ }
+
+ /* No other possibilities from here */
+ if( is_dn == SET_NONE ) {
+ BER_BVZERO( dn );
+ return( LDAP_INAPPROPRIATE_AUTH );
+ }
+
+ /* Username strings */
+ if( is_dn == SET_U ) {
+ /* ITS#3419: values may need escape */
+ LDAPRDN DN[ 5 ];
+ LDAPAVA *RDNs[ 4 ][ 2 ];
+ LDAPAVA AVAs[ 4 ];
+ int irdn;
+
+ irdn = 0;
+ DN[ irdn ] = RDNs[ irdn ];
+ RDNs[ irdn ][ 0 ] = &AVAs[ irdn ];
+ AVAs[ irdn ].la_attr = slap_schema.si_ad_uid->ad_cname;
+ AVAs[ irdn ].la_value = *dn;
+ AVAs[ irdn ].la_flags = LDAP_AVA_NULL;
+ AVAs[ irdn ].la_private = NULL;
+ RDNs[ irdn ][ 1 ] = NULL;
+
+ if ( user_realm && *user_realm ) {
+ irdn++;
+ DN[ irdn ] = RDNs[ irdn ];
+ RDNs[ irdn ][ 0 ] = &AVAs[ irdn ];
+ AVAs[ irdn ].la_attr = slap_schema.si_ad_cn->ad_cname;
+ ber_str2bv( user_realm, 0, 0, &AVAs[ irdn ].la_value );
+ AVAs[ irdn ].la_flags = LDAP_AVA_NULL;
+ AVAs[ irdn ].la_private = NULL;
+ RDNs[ irdn ][ 1 ] = NULL;
+ }
+
+ if ( !BER_BVISNULL( mech ) ) {
+ irdn++;
+ DN[ irdn ] = RDNs[ irdn ];
+ RDNs[ irdn ][ 0 ] = &AVAs[ irdn ];
+ AVAs[ irdn ].la_attr = slap_schema.si_ad_cn->ad_cname;
+ AVAs[ irdn ].la_value = *mech;
+ AVAs[ irdn ].la_flags = LDAP_AVA_NULL;
+ AVAs[ irdn ].la_private = NULL;
+ RDNs[ irdn ][ 1 ] = NULL;
+ }
+
+ irdn++;
+ DN[ irdn ] = RDNs[ irdn ];
+ RDNs[ irdn ][ 0 ] = &AVAs[ irdn ];
+ AVAs[ irdn ].la_attr = slap_schema.si_ad_cn->ad_cname;
+ BER_BVSTR( &AVAs[ irdn ].la_value, "auth" );
+ AVAs[ irdn ].la_flags = LDAP_AVA_NULL;
+ AVAs[ irdn ].la_private = NULL;
+ RDNs[ irdn ][ 1 ] = NULL;
+
+ irdn++;
+ DN[ irdn ] = NULL;
+
+ rc = ldap_dn2bv_x( DN, dn, LDAP_DN_FORMAT_LDAPV3,
+ op->o_tmpmemctx );
+ if ( rc != LDAP_SUCCESS ) {
+ BER_BVZERO( dn );
+ return rc;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_sasl_getdn: u:id converted to %s\n",
+ dn->bv_val, 0, 0 );
+
+ } else {
+
+ /* Dup the DN in any case, so we don't risk
+ * leaks or dangling pointers later,
+ * and the DN value is '\0' terminated */
+ ber_dupbv_x( &dn2, dn, op->o_tmpmemctx );
+ dn->bv_val = dn2.bv_val;
+ }
+
+ /* All strings are in DN form now. Normalize if needed. */
+ if ( do_norm ) {
+ rc = dnNormalize( 0, NULL, NULL, dn, &dn2, op->o_tmpmemctx );
+
+ /* User DNs were constructed above and must be freed now */
+ slap_sl_free( dn->bv_val, op->o_tmpmemctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ BER_BVZERO( dn );
+ return rc;
+ }
+ *dn = dn2;
+ }
+
+ /* Run thru regexp */
+ slap_sasl2dn( op, dn, &dn2, flags );
+ if( !BER_BVISNULL( &dn2 ) ) {
+ slap_sl_free( dn->bv_val, op->o_tmpmemctx );
+ *dn = dn2;
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_sasl_getdn: dn:id converted to %s\n",
+ dn->bv_val, 0, 0 );
+ }
+
+ return( LDAP_SUCCESS );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/saslauthz.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/saslauthz.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/saslauthz.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2095 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/saslauthz.c,v 1.144.2.19 2007/01/02 21:43:57 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2000 Mark Adamson, Carnegie Mellon.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+
+#include "slap.h"
+
+#include "lutil.h"
+
+#define SASLREGEX_REPLACE 10
+
+#define LDAP_X_SCOPE_EXACT ((ber_int_t) 0x0010)
+#define LDAP_X_SCOPE_REGEX ((ber_int_t) 0x0020)
+#define LDAP_X_SCOPE_CHILDREN ((ber_int_t) 0x0030)
+#define LDAP_X_SCOPE_SUBTREE ((ber_int_t) 0x0040)
+#define LDAP_X_SCOPE_ONELEVEL ((ber_int_t) 0x0050)
+#define LDAP_X_SCOPE_GROUP ((ber_int_t) 0x0060)
+#define LDAP_X_SCOPE_USERS ((ber_int_t) 0x0070)
+
+/*
+ * IDs in DNauthzid form can now have a type specifier, that
+ * influences how they are used in related operations.
+ *
+ * syntax: dn[.{exact|regex}]:<val>
+ *
+ * dn.exact: the value must pass normalization and is used
+ * in exact DN match.
+ * dn.regex: the value is treated as a regular expression
+ * in matching DN values in authz{To|From}
+ * attributes.
+ * dn: for backwards compatibility reasons, the value
+ * is treated as a regular expression, and thus
+ * it is not normalized nor validated; it is used
+ * in exact or regex comparisons based on the
+ * context.
+ *
+ * IDs in DNauthzid form can now have a type specifier, that
+ * influences how they are used in related operations.
+ *
+ * syntax: u[.mech[/realm]]:<val>
+ *
+ * where mech is a SIMPLE, AUTHZ, or a SASL mechanism name
+ * and realm is mechanism specific realm (separate to those
+ * which are representable as part of the principal).
+ */
+
+typedef struct sasl_regexp {
+ char *sr_match; /* regexp match pattern */
+ char *sr_replace; /* regexp replace pattern */
+ regex_t sr_workspace; /* workspace for regexp engine */
+ int sr_offset[SASLREGEX_REPLACE+2]; /* offsets of $1,$2... in *replace */
+} SaslRegexp_t;
+
+static int nSaslRegexp = 0;
+static SaslRegexp_t *SaslRegexp = NULL;
+
+#ifdef SLAP_AUTH_REWRITE
+#include "rewrite.h"
+struct rewrite_info *sasl_rwinfo = NULL;
+#define AUTHID_CONTEXT "authid"
+#endif /* SLAP_AUTH_REWRITE */
+
+/* What SASL proxy authorization policies are allowed? */
+#define SASL_AUTHZ_NONE 0x00
+#define SASL_AUTHZ_FROM 0x01
+#define SASL_AUTHZ_TO 0x02
+#define SASL_AUTHZ_AND 0x10
+
+static const char *policy_txt[] = {
+ "none", "from", "to", "any"
+};
+
+static int authz_policy = SASL_AUTHZ_NONE;
+
+static int
+slap_sasl_match( Operation *opx, struct berval *rule,
+ struct berval *assertDN, struct berval *authc );
+
+int slap_sasl_setpolicy( const char *arg )
+{
+ int rc = LDAP_SUCCESS;
+
+ if ( strcasecmp( arg, "none" ) == 0 ) {
+ authz_policy = SASL_AUTHZ_NONE;
+ } else if ( strcasecmp( arg, "from" ) == 0 ) {
+ authz_policy = SASL_AUTHZ_FROM;
+ } else if ( strcasecmp( arg, "to" ) == 0 ) {
+ authz_policy = SASL_AUTHZ_TO;
+ } else if ( strcasecmp( arg, "both" ) == 0 || strcasecmp( arg, "any" ) == 0 ) {
+ authz_policy = SASL_AUTHZ_FROM | SASL_AUTHZ_TO;
+ } else if ( strcasecmp( arg, "all" ) == 0 ) {
+ authz_policy = SASL_AUTHZ_FROM | SASL_AUTHZ_TO | SASL_AUTHZ_AND;
+ } else {
+ rc = LDAP_OTHER;
+ }
+ return rc;
+}
+
+const char * slap_sasl_getpolicy()
+{
+ if ( authz_policy == (SASL_AUTHZ_FROM | SASL_AUTHZ_TO | SASL_AUTHZ_AND) )
+ return "all";
+ else
+ return policy_txt[authz_policy];
+}
+
+int slap_parse_user( struct berval *id, struct berval *user,
+ struct berval *realm, struct berval *mech )
+{
+ char u;
+
+ assert( id != NULL );
+ assert( !BER_BVISNULL( id ) );
+ assert( user != NULL );
+ assert( realm != NULL );
+ assert( mech != NULL );
+
+ u = id->bv_val[ 0 ];
+
+ if ( u != 'u' && u != 'U' ) {
+ /* called with something other than u: */
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ /* uauthzid form:
+ * u[.mech[/realm]]:user
+ */
+
+ user->bv_val = ber_bvchr( id, ':' );
+ if ( BER_BVISNULL( user ) ) {
+ return LDAP_PROTOCOL_ERROR;
+ }
+ user->bv_val[ 0 ] = '\0';
+ user->bv_val++;
+ user->bv_len = id->bv_len - ( user->bv_val - id->bv_val );
+
+ mech->bv_val = ber_bvchr( id, '.' );
+ if ( !BER_BVISNULL( mech ) ) {
+ mech->bv_val[ 0 ] = '\0';
+ mech->bv_val++;
+ mech->bv_len = user->bv_val - mech->bv_val - 1;
+
+ realm->bv_val = ber_bvchr( mech, '/' );
+
+ if ( !BER_BVISNULL( realm ) ) {
+ realm->bv_val[ 0 ] = '\0';
+ realm->bv_val++;
+ mech->bv_len = realm->bv_val - mech->bv_val - 1;
+ realm->bv_len = user->bv_val - realm->bv_val - 1;
+ }
+
+ } else {
+ BER_BVZERO( realm );
+ }
+
+ if ( id->bv_val[ 1 ] != '\0' ) {
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( !BER_BVISNULL( mech ) ) {
+ assert( mech->bv_val == id->bv_val + 2 );
+
+ AC_MEMCPY( mech->bv_val - 2, mech->bv_val, mech->bv_len + 1 );
+ mech->bv_val -= 2;
+ }
+
+ if ( !BER_BVISNULL( realm ) ) {
+ assert( realm->bv_val >= id->bv_val + 2 );
+
+ AC_MEMCPY( realm->bv_val - 2, realm->bv_val, realm->bv_len + 1 );
+ realm->bv_val -= 2;
+ }
+
+ /* leave "u:" before user */
+ user->bv_val -= 2;
+ user->bv_len += 2;
+ user->bv_val[ 0 ] = u;
+ user->bv_val[ 1 ] = ':';
+
+ return LDAP_SUCCESS;
+}
+
+#ifdef SLAP_AUTHZ_SYNTAX
+int
+authzValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ struct berval bv;
+ int rc = LDAP_INVALID_SYNTAX;
+ LDAPURLDesc *ludp = NULL;
+ int scope = -1;
+
+ /*
+ * 1) <DN>
+ * 2) dn[.{exact|children|subtree|onelevel}]:{*|<DN>}
+ * 3) dn.regex:<pattern>
+ * 4) u[.mech[/realm]]:<ID>
+ * 5) group[/<groupClass>[/<memberAttr>]]:<DN>
+ * 6) <URL>
+ */
+
+ assert( in != NULL );
+ assert( !BER_BVISNULL( in ) );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "authzValidate: parsing %s\n", in->bv_val, 0, 0 );
+
+ /*
+ * 2) dn[.{exact|children|subtree|onelevel}]:{*|<DN>}
+ * 3) dn.regex:<pattern>
+ *
+ * <DN> must pass DN normalization
+ */
+ if ( !strncasecmp( in->bv_val, "dn", STRLENOF( "dn" ) ) ) {
+ bv.bv_val = in->bv_val + STRLENOF( "dn" );
+
+ if ( bv.bv_val[ 0 ] == '.' ) {
+ bv.bv_val++;
+
+ if ( !strncasecmp( bv.bv_val, "exact:", STRLENOF( "exact:" ) ) ) {
+ bv.bv_val += STRLENOF( "exact:" );
+ scope = LDAP_X_SCOPE_EXACT;
+
+ } else if ( !strncasecmp( bv.bv_val, "regex:", STRLENOF( "regex:" ) ) ) {
+ bv.bv_val += STRLENOF( "regex:" );
+ scope = LDAP_X_SCOPE_REGEX;
+
+ } else if ( !strncasecmp( bv.bv_val, "children:", STRLENOF( "children:" ) ) ) {
+ bv.bv_val += STRLENOF( "children:" );
+ scope = LDAP_X_SCOPE_CHILDREN;
+
+ } else if ( !strncasecmp( bv.bv_val, "subtree:", STRLENOF( "subtree:" ) ) ) {
+ bv.bv_val += STRLENOF( "subtree:" );
+ scope = LDAP_X_SCOPE_SUBTREE;
+
+ } else if ( !strncasecmp( bv.bv_val, "onelevel:", STRLENOF( "onelevel:" ) ) ) {
+ bv.bv_val += STRLENOF( "onelevel:" );
+ scope = LDAP_X_SCOPE_ONELEVEL;
+
+ } else {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ } else {
+ if ( bv.bv_val[ 0 ] != ':' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ scope = LDAP_X_SCOPE_EXACT;
+ bv.bv_val++;
+ }
+
+ bv.bv_val += strspn( bv.bv_val, " " );
+ /* jump here in case no type specification was present
+ * and uri was not an URI... HEADS-UP: assuming EXACT */
+is_dn: bv.bv_len = in->bv_len - ( bv.bv_val - in->bv_val );
+
+ /* a single '*' means any DN without using regexes */
+ if ( ber_bvccmp( &bv, '*' ) ) {
+ /* LDAP_X_SCOPE_USERS */
+ return LDAP_SUCCESS;
+ }
+
+ switch ( scope ) {
+ case LDAP_X_SCOPE_EXACT:
+ case LDAP_X_SCOPE_CHILDREN:
+ case LDAP_X_SCOPE_SUBTREE:
+ case LDAP_X_SCOPE_ONELEVEL:
+ return dnValidate( NULL, &bv );
+
+ case LDAP_X_SCOPE_REGEX:
+ return LDAP_SUCCESS;
+ }
+
+ return rc;
+
+ /*
+ * 4) u[.mech[/realm]]:<ID>
+ */
+ } else if ( ( in->bv_val[ 0 ] == 'u' || in->bv_val[ 0 ] == 'U' )
+ && ( in->bv_val[ 1 ] == ':'
+ || in->bv_val[ 1 ] == '/'
+ || in->bv_val[ 1 ] == '.' ) )
+ {
+ char buf[ SLAP_LDAPDN_MAXLEN ];
+ struct berval id,
+ user = BER_BVNULL,
+ realm = BER_BVNULL,
+ mech = BER_BVNULL;
+
+ if ( sizeof( buf ) <= in->bv_len ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ id.bv_len = in->bv_len;
+ id.bv_val = buf;
+ strncpy( buf, in->bv_val, sizeof( buf ) );
+
+ rc = slap_parse_user( &id, &user, &realm, &mech );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ return rc;
+
+ /*
+ * 5) group[/groupClass[/memberAttr]]:<DN>
+ *
+ * <groupClass> defaults to "groupOfNames"
+ * <memberAttr> defaults to "member"
+ *
+ * <DN> must pass DN normalization
+ */
+ } else if ( strncasecmp( in->bv_val, "group", STRLENOF( "group" ) ) == 0 )
+ {
+ struct berval group_dn = BER_BVNULL,
+ group_oc = BER_BVNULL,
+ member_at = BER_BVNULL;
+
+ bv.bv_val = in->bv_val + STRLENOF( "group" );
+ bv.bv_len = in->bv_len - STRLENOF( "group" );
+ group_dn.bv_val = ber_bvchr( &bv, ':' );
+ if ( group_dn.bv_val == NULL ) {
+ /* last chance: assume it's a(n exact) DN ... */
+ bv.bv_val = in->bv_val;
+ scope = LDAP_X_SCOPE_EXACT;
+ goto is_dn;
+ }
+
+ /*
+ * FIXME: we assume that "member" and "groupOfNames"
+ * are present in schema...
+ */
+ if ( bv.bv_val[ 0 ] == '/' ) {
+ group_oc.bv_val = &bv.bv_val[ 1 ];
+ group_oc.bv_len = group_dn.bv_val - group_oc.bv_val;
+
+ member_at.bv_val = ber_bvchr( &group_oc, '/' );
+ if ( member_at.bv_val ) {
+ AttributeDescription *ad = NULL;
+ const char *text = NULL;
+
+ group_oc.bv_len = member_at.bv_val - group_oc.bv_val;
+ member_at.bv_val++;
+ member_at.bv_len = group_dn.bv_val - member_at.bv_val;
+ rc = slap_bv2ad( &member_at, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ }
+
+ if ( oc_bvfind( &group_oc ) == NULL ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ group_dn.bv_val++;
+ group_dn.bv_len = in->bv_len - ( group_dn.bv_val - in->bv_val );
+
+ rc = dnValidate( NULL, &group_dn );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ return rc;
+ }
+
+ /*
+ * ldap:///<base>??<scope>?<filter>
+ * <scope> ::= {base|one|subtree}
+ *
+ * <scope> defaults to "base"
+ * <base> must pass DN normalization
+ * <filter> must pass str2filter()
+ */
+ rc = ldap_url_parse( in->bv_val, &ludp );
+ switch ( rc ) {
+ case LDAP_URL_SUCCESS:
+ /* FIXME: the check is pedantic, but I think it's necessary,
+ * because people tend to use things like ldaps:// which
+ * gives the idea SSL is being used. Maybe we could
+ * accept ldapi:// as well, but the point is that we use
+ * an URL as an easy means to define bits of a search with
+ * little parsing.
+ */
+ if ( strcasecmp( ludp->lud_scheme, "ldap" ) != 0 ) {
+ /*
+ * must be ldap:///
+ */
+ rc = LDAP_INVALID_SYNTAX;
+ goto done;
+ }
+ break;
+
+ case LDAP_URL_ERR_BADSCHEME:
+ /*
+ * last chance: assume it's a(n exact) DN ...
+ *
+ * NOTE: must pass DN normalization
+ */
+ ldap_free_urldesc( ludp );
+ bv.bv_val = in->bv_val;
+ scope = LDAP_X_SCOPE_EXACT;
+ goto is_dn;
+
+ default:
+ rc = LDAP_INVALID_SYNTAX;
+ goto done;
+ }
+
+ if ( ( ludp->lud_host && *ludp->lud_host )
+ || ludp->lud_attrs || ludp->lud_exts )
+ {
+ /* host part must be empty */
+ /* attrs and extensions parts must be empty */
+ rc = LDAP_INVALID_SYNTAX;
+ goto done;
+ }
+
+ /* Grab the filter */
+ if ( ludp->lud_filter ) {
+ Filter *f = str2filter( ludp->lud_filter );
+ if ( f == NULL ) {
+ rc = LDAP_INVALID_SYNTAX;
+ goto done;
+ }
+ filter_free( f );
+ }
+
+ /* Grab the searchbase */
+ assert( ludp->lud_dn != NULL );
+ ber_str2bv( ludp->lud_dn, 0, 0, &bv );
+ rc = dnValidate( NULL, &bv );
+
+done:
+ ldap_free_urldesc( ludp );
+ return( rc );
+}
+
+#if 0
+int
+authzMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ return octetStringMatch( matchp, flags, syntax, mr, value, assertedValue );
+}
+#endif
+
+static int
+authzPrettyNormal(
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx,
+ int normalize )
+{
+ struct berval bv;
+ int rc = LDAP_INVALID_SYNTAX;
+ LDAPURLDesc *ludp = NULL;
+ char *lud_dn = NULL,
+ *lud_filter = NULL;
+ int scope = -1;
+
+ /*
+ * 1) <DN>
+ * 2) dn[.{exact|children|subtree|onelevel}]:{*|<DN>}
+ * 3) dn.regex:<pattern>
+ * 4) u[.mech[/realm]]:<ID>
+ * 5) group[/<groupClass>[/<memberAttr>]]:<DN>
+ * 6) <URL>
+ */
+
+ assert( val != NULL );
+ assert( !BER_BVISNULL( val ) );
+
+ /*
+ * 2) dn[.{exact|children|subtree|onelevel}]:{*|<DN>}
+ * 3) dn.regex:<pattern>
+ *
+ * <DN> must pass DN normalization
+ */
+ if ( !strncasecmp( val->bv_val, "dn", STRLENOF( "dn" ) ) ) {
+ struct berval out = BER_BVNULL,
+ prefix = BER_BVNULL;
+ char *ptr;
+
+ bv.bv_val = val->bv_val + STRLENOF( "dn" );
+
+ if ( bv.bv_val[ 0 ] == '.' ) {
+ bv.bv_val++;
+
+ if ( !strncasecmp( bv.bv_val, "exact:", STRLENOF( "exact:" ) ) ) {
+ bv.bv_val += STRLENOF( "exact:" );
+ scope = LDAP_X_SCOPE_EXACT;
+
+ } else if ( !strncasecmp( bv.bv_val, "regex:", STRLENOF( "regex:" ) ) ) {
+ bv.bv_val += STRLENOF( "regex:" );
+ scope = LDAP_X_SCOPE_REGEX;
+
+ } else if ( !strncasecmp( bv.bv_val, "children:", STRLENOF( "children:" ) ) ) {
+ bv.bv_val += STRLENOF( "children:" );
+ scope = LDAP_X_SCOPE_CHILDREN;
+
+ } else if ( !strncasecmp( bv.bv_val, "subtree:", STRLENOF( "subtree:" ) ) ) {
+ bv.bv_val += STRLENOF( "subtree:" );
+ scope = LDAP_X_SCOPE_SUBTREE;
+
+ } else if ( !strncasecmp( bv.bv_val, "onelevel:", STRLENOF( "onelevel:" ) ) ) {
+ bv.bv_val += STRLENOF( "onelevel:" );
+ scope = LDAP_X_SCOPE_ONELEVEL;
+
+ } else {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ } else {
+ if ( bv.bv_val[ 0 ] != ':' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ scope = LDAP_X_SCOPE_EXACT;
+ bv.bv_val++;
+ }
+
+ bv.bv_val += strspn( bv.bv_val, " " );
+ /* jump here in case no type specification was present
+ * and uri was not an URI... HEADS-UP: assuming EXACT */
+is_dn: bv.bv_len = val->bv_len - ( bv.bv_val - val->bv_val );
+
+ /* a single '*' means any DN without using regexes */
+ if ( ber_bvccmp( &bv, '*' ) ) {
+ ber_str2bv_x( "dn:*", STRLENOF( "dn:*" ), 1, normalized, ctx );
+ return LDAP_SUCCESS;
+ }
+
+ switch ( scope ) {
+ case LDAP_X_SCOPE_EXACT:
+ case LDAP_X_SCOPE_CHILDREN:
+ case LDAP_X_SCOPE_SUBTREE:
+ case LDAP_X_SCOPE_ONELEVEL:
+ if ( normalize ) {
+ rc = dnNormalize( 0, NULL, NULL, &bv, &out, ctx );
+ } else {
+ rc = dnPretty( NULL, &bv, &out, ctx );
+ }
+ if( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ break;
+
+ case LDAP_X_SCOPE_REGEX:
+ normalized->bv_len = STRLENOF( "dn.regex:" ) + bv.bv_len;
+ normalized->bv_val = ber_memalloc_x( normalized->bv_len + 1, ctx );
+ ptr = lutil_strcopy( normalized->bv_val, "dn.regex:" );
+ ptr = lutil_strncopy( ptr, bv.bv_val, bv.bv_len );
+ ptr[ 0 ] = '\0';
+ return LDAP_SUCCESS;
+
+ default:
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* prepare prefix */
+ switch ( scope ) {
+ case LDAP_X_SCOPE_EXACT:
+ BER_BVSTR( &prefix, "dn:" );
+ break;
+
+ case LDAP_X_SCOPE_CHILDREN:
+ BER_BVSTR( &prefix, "dn.children:" );
+ break;
+
+ case LDAP_X_SCOPE_SUBTREE:
+ BER_BVSTR( &prefix, "dn.subtree:" );
+ break;
+
+ case LDAP_X_SCOPE_ONELEVEL:
+ BER_BVSTR( &prefix, "dn.onelevel:" );
+ break;
+
+ default:
+ assert( 0 );
+ break;
+ }
+
+ normalized->bv_len = prefix.bv_len + out.bv_len;
+ normalized->bv_val = ber_memalloc_x( normalized->bv_len + 1, ctx );
+
+ ptr = lutil_strcopy( normalized->bv_val, prefix.bv_val );
+ ptr = lutil_strncopy( ptr, out.bv_val, out.bv_len );
+ ptr[ 0 ] = '\0';
+ ber_memfree_x( out.bv_val, ctx );
+
+ return LDAP_SUCCESS;
+
+ /*
+ * 4) u[.mech[/realm]]:<ID>
+ */
+ } else if ( ( val->bv_val[ 0 ] == 'u' || val->bv_val[ 0 ] == 'U' )
+ && ( val->bv_val[ 1 ] == ':'
+ || val->bv_val[ 1 ] == '/'
+ || val->bv_val[ 1 ] == '.' ) )
+ {
+ char buf[ SLAP_LDAPDN_MAXLEN ];
+ struct berval id,
+ user = BER_BVNULL,
+ realm = BER_BVNULL,
+ mech = BER_BVNULL;
+
+ if ( sizeof( buf ) <= val->bv_len ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ id.bv_len = val->bv_len;
+ id.bv_val = buf;
+ strncpy( buf, val->bv_val, sizeof( buf ) );
+
+ rc = slap_parse_user( &id, &user, &realm, &mech );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ ber_dupbv_x( normalized, val, ctx );
+
+ return rc;
+
+ /*
+ * 5) group[/groupClass[/memberAttr]]:<DN>
+ *
+ * <groupClass> defaults to "groupOfNames"
+ * <memberAttr> defaults to "member"
+ *
+ * <DN> must pass DN normalization
+ */
+ } else if ( strncasecmp( val->bv_val, "group", STRLENOF( "group" ) ) == 0 )
+ {
+ struct berval group_dn = BER_BVNULL,
+ group_oc = BER_BVNULL,
+ member_at = BER_BVNULL,
+ out = BER_BVNULL;
+ char *ptr;
+
+ bv.bv_val = val->bv_val + STRLENOF( "group" );
+ bv.bv_len = val->bv_len - STRLENOF( "group" );
+ group_dn.bv_val = ber_bvchr( &bv, ':' );
+ if ( group_dn.bv_val == NULL ) {
+ /* last chance: assume it's a(n exact) DN ... */
+ bv.bv_val = val->bv_val;
+ scope = LDAP_X_SCOPE_EXACT;
+ goto is_dn;
+ }
+
+ /*
+ * FIXME: we assume that "member" and "groupOfNames"
+ * are present in schema...
+ */
+ if ( bv.bv_val[ 0 ] == '/' ) {
+ ObjectClass *oc = NULL;
+
+ group_oc.bv_val = &bv.bv_val[ 1 ];
+ group_oc.bv_len = group_dn.bv_val - group_oc.bv_val;
+
+ member_at.bv_val = ber_bvchr( &group_oc, '/' );
+ if ( member_at.bv_val ) {
+ AttributeDescription *ad = NULL;
+ const char *text = NULL;
+
+ group_oc.bv_len = member_at.bv_val - group_oc.bv_val;
+ member_at.bv_val++;
+ member_at.bv_len = group_dn.bv_val - member_at.bv_val;
+ rc = slap_bv2ad( &member_at, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ member_at = ad->ad_cname;
+
+ }
+
+ oc = oc_bvfind( &group_oc );
+ if ( oc == NULL ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ group_oc = oc->soc_cname;
+ }
+
+ group_dn.bv_val++;
+ group_dn.bv_len = val->bv_len - ( group_dn.bv_val - val->bv_val );
+
+ if ( normalize ) {
+ rc = dnNormalize( 0, NULL, NULL, &group_dn, &out, ctx );
+ } else {
+ rc = dnPretty( NULL, &group_dn, &out, ctx );
+ }
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ normalized->bv_len = STRLENOF( "group" ":" ) + out.bv_len;
+ if ( !BER_BVISNULL( &group_oc ) ) {
+ normalized->bv_len += STRLENOF( "/" ) + group_oc.bv_len;
+ if ( !BER_BVISNULL( &member_at ) ) {
+ normalized->bv_len += STRLENOF( "/" ) + member_at.bv_len;
+ }
+ }
+
+ normalized->bv_val = ber_memalloc_x( normalized->bv_len + 1, ctx );
+ ptr = lutil_strcopy( normalized->bv_val, "group" );
+ if ( !BER_BVISNULL( &group_oc ) ) {
+ ptr[ 0 ] = '/';
+ ptr++;
+ ptr = lutil_strncopy( ptr, group_oc.bv_val, group_oc.bv_len );
+ if ( !BER_BVISNULL( &member_at ) ) {
+ ptr[ 0 ] = '/';
+ ptr++;
+ ptr = lutil_strncopy( ptr, member_at.bv_val, member_at.bv_len );
+ }
+ }
+ ptr[ 0 ] = ':';
+ ptr++;
+ ptr = lutil_strncopy( ptr, out.bv_val, out.bv_len );
+ ptr[ 0 ] = '\0';
+ ber_memfree_x( out.bv_val, ctx );
+
+ return rc;
+ }
+
+ /*
+ * ldap:///<base>??<scope>?<filter>
+ * <scope> ::= {base|one|subtree}
+ *
+ * <scope> defaults to "base"
+ * <base> must pass DN normalization
+ * <filter> must pass str2filter()
+ */
+ rc = ldap_url_parse( val->bv_val, &ludp );
+ switch ( rc ) {
+ case LDAP_URL_SUCCESS:
+ /* FIXME: the check is pedantic, but I think it's necessary,
+ * because people tend to use things like ldaps:// which
+ * gives the idea SSL is being used. Maybe we could
+ * accept ldapi:// as well, but the point is that we use
+ * an URL as an easy means to define bits of a search with
+ * little parsing.
+ */
+ if ( strcasecmp( ludp->lud_scheme, "ldap" ) != 0 ) {
+ /*
+ * must be ldap:///
+ */
+ rc = LDAP_INVALID_SYNTAX;
+ goto done;
+ }
+
+ AC_MEMCPY( ludp->lud_scheme, "ldap", STRLENOF( "ldap" ) );
+ break;
+
+ case LDAP_URL_ERR_BADSCHEME:
+ /*
+ * last chance: assume it's a(n exact) DN ...
+ *
+ * NOTE: must pass DN normalization
+ */
+ ldap_free_urldesc( ludp );
+ bv.bv_val = val->bv_val;
+ scope = LDAP_X_SCOPE_EXACT;
+ goto is_dn;
+
+ default:
+ rc = LDAP_INVALID_SYNTAX;
+ goto done;
+ }
+
+ if ( ( ludp->lud_host && *ludp->lud_host )
+ || ludp->lud_attrs || ludp->lud_exts )
+ {
+ /* host part must be empty */
+ /* attrs and extensions parts must be empty */
+ rc = LDAP_INVALID_SYNTAX;
+ goto done;
+ }
+
+ /* Grab the filter */
+ if ( ludp->lud_filter ) {
+ struct berval filterstr;
+ Filter *f;
+
+ lud_filter = ludp->lud_filter;
+
+ f = str2filter( lud_filter );
+ if ( f == NULL ) {
+ rc = LDAP_INVALID_SYNTAX;
+ goto done;
+ }
+ filter2bv( f, &filterstr );
+ filter_free( f );
+ if ( BER_BVISNULL( &filterstr ) ) {
+ rc = LDAP_INVALID_SYNTAX;
+ goto done;
+ }
+
+ ludp->lud_filter = filterstr.bv_val;
+ }
+
+ /* Grab the searchbase */
+ assert( ludp->lud_dn != NULL );
+ if ( ludp->lud_dn ) {
+ struct berval out = BER_BVNULL;
+
+ lud_dn = ludp->lud_dn;
+
+ ber_str2bv( lud_dn, 0, 0, &bv );
+ if ( normalize ) {
+ rc = dnNormalize( 0, NULL, NULL, &bv, &out, ctx );
+ } else {
+ rc = dnPretty( NULL, &bv, &out, ctx );
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ ludp->lud_dn = out.bv_val;
+ }
+
+ ludp->lud_port = 0;
+ normalized->bv_val = ldap_url_desc2str( ludp );
+ if ( normalized->bv_val ) {
+ normalized->bv_len = strlen( normalized->bv_val );
+
+ } else {
+ rc = LDAP_INVALID_SYNTAX;
+ }
+
+done:
+ if ( lud_filter ) {
+ if ( ludp->lud_filter != lud_filter ) {
+ ber_memfree( ludp->lud_filter );
+ }
+ ludp->lud_filter = lud_filter;
+ }
+
+ if ( lud_dn ) {
+ if ( ludp->lud_dn != lud_dn ) {
+ ber_memfree( ludp->lud_dn );
+ }
+ ludp->lud_dn = lud_dn;
+ }
+
+ ldap_free_urldesc( ludp );
+
+ return( rc );
+}
+
+int
+authzNormalize(
+ slap_mask_t usage,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx )
+{
+ int rc;
+
+ Debug( LDAP_DEBUG_TRACE, ">>> authzNormalize: <%s>\n",
+ val->bv_val, 0, 0 );
+
+ rc = authzPrettyNormal( val, normalized, ctx, 1 );
+
+ Debug( LDAP_DEBUG_TRACE, "<<< authzNormalize: <%s> (%d)\n",
+ normalized->bv_val, rc, 0 );
+
+ return rc;
+}
+
+int
+authzPretty(
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *out,
+ void *ctx)
+{
+ int rc;
+
+ Debug( LDAP_DEBUG_TRACE, ">>> authzPretty: <%s>\n",
+ val->bv_val, 0, 0 );
+
+ rc = authzPrettyNormal( val, out, ctx, 0 );
+
+ Debug( LDAP_DEBUG_TRACE, "<<< authzPretty: <%s> (%d)\n",
+ out->bv_val, rc, 0 );
+
+ return rc;
+}
+
+#endif /* SLAP_AUTHZ_SYNTAX */
+
+static int
+slap_parseURI(
+ Operation *op,
+ struct berval *uri,
+ struct berval *base,
+ struct berval *nbase,
+ int *scope,
+ Filter **filter,
+ struct berval *fstr,
+ int normalize )
+{
+ struct berval bv;
+ int rc;
+ LDAPURLDesc *ludp;
+
+#ifdef SLAP_ORDERED_PRETTYNORM
+ struct berval idx;
+#endif /* SLAP_ORDERED_PRETTYNORM */
+
+ assert( uri != NULL && !BER_BVISNULL( uri ) );
+ BER_BVZERO( base );
+ BER_BVZERO( nbase );
+ BER_BVZERO( fstr );
+ *scope = -1;
+ *filter = NULL;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_parseURI: parsing %s\n", uri->bv_val, 0, 0 );
+
+ rc = LDAP_PROTOCOL_ERROR;
+
+#ifdef SLAP_ORDERED_PRETTYNORM
+ idx = *uri;
+ if ( idx.bv_val[ 0 ] == '{' ) {
+ char *ptr;
+
+ ptr = ber_bvchr( &idx, '}' ) + 1;
+
+ assert( ptr != (void *)1 );
+
+ idx.bv_len -= ptr - idx.bv_val;
+ idx.bv_val = ptr;
+ uri = &idx;
+ }
+#endif /* SLAP_ORDERED_PRETTYNORM */
+
+ /*
+ * dn[.<dnstyle>]:<dnpattern>
+ * <dnstyle> ::= {exact|regex|children|subtree|onelevel}
+ *
+ * <dnstyle> defaults to "exact"
+ * if <dnstyle> is not "regex", <dnpattern> must pass DN normalization
+ */
+ if ( !strncasecmp( uri->bv_val, "dn", STRLENOF( "dn" ) ) ) {
+ bv.bv_val = uri->bv_val + STRLENOF( "dn" );
+
+ if ( bv.bv_val[ 0 ] == '.' ) {
+ bv.bv_val++;
+
+ if ( !strncasecmp( bv.bv_val, "exact:", STRLENOF( "exact:" ) ) ) {
+ bv.bv_val += STRLENOF( "exact:" );
+ *scope = LDAP_X_SCOPE_EXACT;
+
+ } else if ( !strncasecmp( bv.bv_val, "regex:", STRLENOF( "regex:" ) ) ) {
+ bv.bv_val += STRLENOF( "regex:" );
+ *scope = LDAP_X_SCOPE_REGEX;
+
+ } else if ( !strncasecmp( bv.bv_val, "children:", STRLENOF( "children:" ) ) ) {
+ bv.bv_val += STRLENOF( "children:" );
+ *scope = LDAP_X_SCOPE_CHILDREN;
+
+ } else if ( !strncasecmp( bv.bv_val, "subtree:", STRLENOF( "subtree:" ) ) ) {
+ bv.bv_val += STRLENOF( "subtree:" );
+ *scope = LDAP_X_SCOPE_SUBTREE;
+
+ } else if ( !strncasecmp( bv.bv_val, "onelevel:", STRLENOF( "onelevel:" ) ) ) {
+ bv.bv_val += STRLENOF( "onelevel:" );
+ *scope = LDAP_X_SCOPE_ONELEVEL;
+
+ } else {
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ } else {
+ if ( bv.bv_val[ 0 ] != ':' ) {
+ return LDAP_PROTOCOL_ERROR;
+ }
+ *scope = LDAP_X_SCOPE_EXACT;
+ bv.bv_val++;
+ }
+
+ bv.bv_val += strspn( bv.bv_val, " " );
+ /* jump here in case no type specification was present
+ * and uri was not an URI... HEADS-UP: assuming EXACT */
+is_dn: bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
+
+ /* a single '*' means any DN without using regexes */
+ if ( ber_bvccmp( &bv, '*' ) ) {
+ *scope = LDAP_X_SCOPE_USERS;
+ }
+
+ switch ( *scope ) {
+ case LDAP_X_SCOPE_EXACT:
+ case LDAP_X_SCOPE_CHILDREN:
+ case LDAP_X_SCOPE_SUBTREE:
+ case LDAP_X_SCOPE_ONELEVEL:
+ if ( normalize ) {
+ rc = dnNormalize( 0, NULL, NULL, &bv, nbase, op->o_tmpmemctx );
+ if( rc != LDAP_SUCCESS ) {
+ *scope = -1;
+ }
+ } else {
+ ber_dupbv_x( nbase, &bv, op->o_tmpmemctx );
+ rc = LDAP_SUCCESS;
+ }
+ break;
+
+ case LDAP_X_SCOPE_REGEX:
+ ber_dupbv_x( nbase, &bv, op->o_tmpmemctx );
+
+ case LDAP_X_SCOPE_USERS:
+ rc = LDAP_SUCCESS;
+ break;
+
+ default:
+ *scope = -1;
+ break;
+ }
+
+ return rc;
+
+ /*
+ * u:<uid>
+ */
+ } else if ( ( uri->bv_val[ 0 ] == 'u' || uri->bv_val[ 0 ] == 'U' )
+ && ( uri->bv_val[ 1 ] == ':'
+ || uri->bv_val[ 1 ] == '/'
+ || uri->bv_val[ 1 ] == '.' ) )
+ {
+ Connection c = *op->o_conn;
+ char buf[ SLAP_LDAPDN_MAXLEN ];
+ struct berval id,
+ user = BER_BVNULL,
+ realm = BER_BVNULL,
+ mech = BER_BVNULL;
+
+ if ( sizeof( buf ) <= uri->bv_len ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ id.bv_len = uri->bv_len;
+ id.bv_val = buf;
+ strncpy( buf, uri->bv_val, sizeof( buf ) );
+
+ rc = slap_parse_user( &id, &user, &realm, &mech );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if ( !BER_BVISNULL( &mech ) ) {
+ c.c_sasl_bind_mech = mech;
+ } else {
+ BER_BVSTR( &c.c_sasl_bind_mech, "AUTHZ" );
+ }
+
+ rc = slap_sasl_getdn( &c, op, &user,
+ realm.bv_val, nbase, SLAP_GETDN_AUTHZID );
+
+ if ( rc == LDAP_SUCCESS ) {
+ *scope = LDAP_X_SCOPE_EXACT;
+ }
+
+ return rc;
+
+ /*
+ * group[/<groupoc>[/<groupat>]]:<groupdn>
+ *
+ * groupoc defaults to "groupOfNames"
+ * groupat defaults to "member"
+ *
+ * <groupdn> must pass DN normalization
+ */
+ } else if ( strncasecmp( uri->bv_val, "group", STRLENOF( "group" ) ) == 0 )
+ {
+ struct berval group_dn = BER_BVNULL,
+ group_oc = BER_BVNULL,
+ member_at = BER_BVNULL;
+ char *tmp;
+
+ bv.bv_val = uri->bv_val + STRLENOF( "group" );
+ bv.bv_len = uri->bv_len - STRLENOF( "group" );
+ group_dn.bv_val = ber_bvchr( &bv, ':' );
+ if ( group_dn.bv_val == NULL ) {
+ /* last chance: assume it's a(n exact) DN ... */
+ bv.bv_val = uri->bv_val;
+ *scope = LDAP_X_SCOPE_EXACT;
+ goto is_dn;
+ }
+
+ if ( bv.bv_val[ 0 ] == '/' ) {
+ group_oc.bv_val = &bv.bv_val[ 1 ];
+ group_oc.bv_len = group_dn.bv_val - group_oc.bv_val;
+
+ member_at.bv_val = ber_bvchr( &group_oc, '/' );
+ if ( member_at.bv_val ) {
+ group_oc.bv_len = member_at.bv_val - group_oc.bv_val;
+ member_at.bv_val++;
+ member_at.bv_len = group_dn.bv_val - member_at.bv_val;
+
+ } else {
+ BER_BVSTR( &member_at, SLAPD_GROUP_ATTR );
+ }
+
+ } else {
+ BER_BVSTR( &group_oc, SLAPD_GROUP_CLASS );
+ BER_BVSTR( &member_at, SLAPD_GROUP_ATTR );
+ }
+ group_dn.bv_val++;
+ group_dn.bv_len = uri->bv_len - ( group_dn.bv_val - uri->bv_val );
+
+ if ( normalize ) {
+ rc = dnNormalize( 0, NULL, NULL, &group_dn, nbase, op->o_tmpmemctx );
+ if ( rc != LDAP_SUCCESS ) {
+ *scope = -1;
+ return rc;
+ }
+ } else {
+ ber_dupbv_x( nbase, &group_dn, op->o_tmpmemctx );
+ rc = LDAP_SUCCESS;
+ }
+ *scope = LDAP_X_SCOPE_GROUP;
+
+ /* FIXME: caller needs to add value of member attribute
+ * and close brackets twice */
+ fstr->bv_len = STRLENOF( "(&(objectClass=)(=" /* )) */ )
+ + group_oc.bv_len + member_at.bv_len;
+ fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
+
+ tmp = lutil_strncopy( fstr->bv_val, "(&(objectClass=" /* )) */ ,
+ STRLENOF( "(&(objectClass=" /* )) */ ) );
+ tmp = lutil_strncopy( tmp, group_oc.bv_val, group_oc.bv_len );
+ tmp = lutil_strncopy( tmp, /* ( */ ")(" /* ) */ ,
+ STRLENOF( /* ( */ ")(" /* ) */ ) );
+ tmp = lutil_strncopy( tmp, member_at.bv_val, member_at.bv_len );
+ tmp = lutil_strncopy( tmp, "=", STRLENOF( "=" ) );
+
+ return rc;
+ }
+
+ /*
+ * ldap:///<base>??<scope>?<filter>
+ * <scope> ::= {base|one|subtree}
+ *
+ * <scope> defaults to "base"
+ * <base> must pass DN normalization
+ * <filter> must pass str2filter()
+ */
+ rc = ldap_url_parse( uri->bv_val, &ludp );
+ switch ( rc ) {
+ case LDAP_URL_SUCCESS:
+ /* FIXME: the check is pedantic, but I think it's necessary,
+ * because people tend to use things like ldaps:// which
+ * gives the idea SSL is being used. Maybe we could
+ * accept ldapi:// as well, but the point is that we use
+ * an URL as an easy means to define bits of a search with
+ * little parsing.
+ */
+ if ( strcasecmp( ludp->lud_scheme, "ldap" ) != 0 ) {
+ /*
+ * must be ldap:///
+ */
+ rc = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+ break;
+
+ case LDAP_URL_ERR_BADSCHEME:
+ /*
+ * last chance: assume it's a(n exact) DN ...
+ *
+ * NOTE: must pass DN normalization
+ */
+ ldap_free_urldesc( ludp );
+ bv.bv_val = uri->bv_val;
+ *scope = LDAP_X_SCOPE_EXACT;
+ goto is_dn;
+
+ default:
+ rc = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+
+ if ( ( ludp->lud_host && *ludp->lud_host )
+ || ludp->lud_attrs || ludp->lud_exts )
+ {
+ /* host part must be empty */
+ /* attrs and extensions parts must be empty */
+ rc = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+
+ /* Grab the scope */
+ *scope = ludp->lud_scope;
+
+ /* Grab the filter */
+ if ( ludp->lud_filter ) {
+ *filter = str2filter_x( op, ludp->lud_filter );
+ if ( *filter == NULL ) {
+ rc = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+ ber_str2bv( ludp->lud_filter, 0, 0, fstr );
+ }
+
+ /* Grab the searchbase */
+ ber_str2bv( ludp->lud_dn, 0, 0, base );
+ if ( normalize ) {
+ rc = dnNormalize( 0, NULL, NULL, base, nbase, op->o_tmpmemctx );
+ } else {
+ ber_dupbv_x( nbase, base, op->o_tmpmemctx );
+ rc = LDAP_SUCCESS;
+ }
+
+done:
+ if( rc != LDAP_SUCCESS ) {
+ if( *filter ) filter_free_x( op, *filter );
+ BER_BVZERO( base );
+ BER_BVZERO( fstr );
+ } else {
+ /* Don't free these, return them to caller */
+ ludp->lud_filter = NULL;
+ ludp->lud_dn = NULL;
+ }
+
+ ldap_free_urldesc( ludp );
+ return( rc );
+}
+
+#ifndef SLAP_AUTH_REWRITE
+static int slap_sasl_rx_off(char *rep, int *off)
+{
+ const char *c;
+ int n;
+
+ /* Precompile replace pattern. Find the $<n> placeholders */
+ off[0] = -2;
+ n = 1;
+ for ( c = rep; *c; c++ ) {
+ if ( *c == '\\' && c[1] ) {
+ c++;
+ continue;
+ }
+ if ( *c == '$' ) {
+ if ( n == SASLREGEX_REPLACE ) {
+ Debug( LDAP_DEBUG_ANY,
+ "SASL replace pattern %s has too many $n "
+ "placeholders (max %d)\n",
+ rep, SASLREGEX_REPLACE, 0 );
+
+ return( LDAP_OTHER );
+ }
+ off[n] = c - rep;
+ n++;
+ }
+ }
+
+ /* Final placeholder, after the last $n */
+ off[n] = c - rep;
+ n++;
+ off[n] = -1;
+ return( LDAP_SUCCESS );
+}
+#endif /* ! SLAP_AUTH_REWRITE */
+
+#ifdef SLAP_AUTH_REWRITE
+int slap_sasl_rewrite_config(
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ int rc;
+ char *savearg0;
+
+ /* init at first call */
+ if ( sasl_rwinfo == NULL ) {
+ sasl_rwinfo = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
+ }
+
+ /* strip "authid-" prefix for parsing */
+ savearg0 = argv[0];
+ argv[0] += STRLENOF( "authid-" );
+ rc = rewrite_parse( sasl_rwinfo, fname, lineno, argc, argv );
+ argv[0] = savearg0;
+
+ return rc;
+}
+
+int slap_sasl_rewrite_destroy( void )
+{
+ if ( sasl_rwinfo ) {
+ rewrite_info_delete( &sasl_rwinfo );
+ sasl_rwinfo = NULL;
+ }
+
+ return 0;
+}
+
+int slap_sasl_regexp_rewrite_config(
+ const char *fname,
+ int lineno,
+ const char *match,
+ const char *replace,
+ const char *context )
+{
+ int rc;
+ char *argvRule[] = { "rewriteRule", NULL, NULL, ":@", NULL };
+
+ /* init at first call */
+ if ( sasl_rwinfo == NULL ) {
+ char *argvEngine[] = { "rewriteEngine", "on", NULL };
+ char *argvContext[] = { "rewriteContext", NULL, NULL };
+
+ /* initialize rewrite engine */
+ sasl_rwinfo = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
+
+ /* switch on rewrite engine */
+ rc = rewrite_parse( sasl_rwinfo, fname, lineno, 2, argvEngine );
+ if (rc != LDAP_SUCCESS) {
+ return rc;
+ }
+
+ /* create generic authid context */
+ argvContext[1] = AUTHID_CONTEXT;
+ rc = rewrite_parse( sasl_rwinfo, fname, lineno, 2, argvContext );
+ if (rc != LDAP_SUCCESS) {
+ return rc;
+ }
+ }
+
+ argvRule[1] = (char *)match;
+ argvRule[2] = (char *)replace;
+ rc = rewrite_parse( sasl_rwinfo, fname, lineno, 4, argvRule );
+
+ return rc;
+}
+#endif /* SLAP_AUTH_REWRITE */
+
+int slap_sasl_regexp_config( const char *match, const char *replace )
+{
+ int rc;
+ SaslRegexp_t *reg;
+
+ SaslRegexp = (SaslRegexp_t *) ch_realloc( (char *) SaslRegexp,
+ (nSaslRegexp + 1) * sizeof(SaslRegexp_t) );
+
+ reg = &SaslRegexp[nSaslRegexp];
+
+ reg->sr_match = ch_strdup( match );
+ reg->sr_replace = ch_strdup( replace );
+
+#ifdef SLAP_AUTH_REWRITE
+ rc = slap_sasl_regexp_rewrite_config( "sasl-regexp", 0,
+ match, replace, AUTHID_CONTEXT );
+ if ( rc == LDAP_SUCCESS ) nSaslRegexp++;
+ return rc;
+#else /* ! SLAP_AUTH_REWRITE */
+
+ /* Precompile matching pattern */
+ rc = regcomp( ®->sr_workspace, reg->sr_match, REG_EXTENDED|REG_ICASE );
+ if ( rc ) {
+ Debug( LDAP_DEBUG_ANY,
+ "SASL match pattern %s could not be compiled by regexp engine\n",
+ reg->sr_match, 0, 0 );
+
+#ifdef ENABLE_REWRITE
+ /* Dummy block to force symbol references in librewrite */
+ if ( slapMode == ( SLAP_SERVER_MODE|SLAP_TOOL_MODE )) {
+ rewrite_info_init( 0 );
+ }
+#endif
+ return( LDAP_OTHER );
+ }
+
+ rc = slap_sasl_rx_off( reg->sr_replace, reg->sr_offset );
+ if ( rc != LDAP_SUCCESS ) return rc;
+
+ nSaslRegexp++;
+ return( LDAP_SUCCESS );
+#endif /* ! SLAP_AUTH_REWRITE */
+}
+
+void slap_sasl_regexp_unparse( BerVarray *out )
+{
+ int i;
+ BerVarray bva = NULL;
+ char ibuf[32], *ptr;
+ struct berval idx;
+
+ if ( !nSaslRegexp ) return;
+
+ idx.bv_val = ibuf;
+ bva = ch_malloc( (nSaslRegexp+1) * sizeof(struct berval) );
+ BER_BVZERO(bva+nSaslRegexp);
+ for ( i=0; i<nSaslRegexp; i++ ) {
+ idx.bv_len = sprintf( idx.bv_val, "{%d}", i);
+ bva[i].bv_len = idx.bv_len + strlen( SaslRegexp[i].sr_match ) +
+ strlen( SaslRegexp[i].sr_replace ) + 5;
+ bva[i].bv_val = ch_malloc( bva[i].bv_len+1 );
+ ptr = lutil_strcopy( bva[i].bv_val, ibuf );
+ *ptr++ = '"';
+ ptr = lutil_strcopy( ptr, SaslRegexp[i].sr_match );
+ ptr = lutil_strcopy( ptr, "\" \"" );
+ ptr = lutil_strcopy( ptr, SaslRegexp[i].sr_replace );
+ *ptr++ = '"';
+ *ptr = '\0';
+ }
+ *out = bva;
+}
+
+#ifndef SLAP_AUTH_REWRITE
+/* Perform replacement on regexp matches */
+static void slap_sasl_rx_exp(
+ const char *rep,
+ const int *off,
+ regmatch_t *str,
+ const char *saslname,
+ struct berval *out,
+ void *ctx )
+{
+ int i, n, len, insert;
+
+ /* Get the total length of the final URI */
+
+ n=1;
+ len = 0;
+ while( off[n] >= 0 ) {
+ /* Len of next section from replacement string (x,y,z above) */
+ len += off[n] - off[n-1] - 2;
+ if( off[n+1] < 0)
+ break;
+
+ /* Len of string from saslname that matched next $i (b,d above) */
+ i = rep[ off[n] + 1 ] - '0';
+ len += str[i].rm_eo - str[i].rm_so;
+ n++;
+ }
+ out->bv_val = slap_sl_malloc( len + 1, ctx );
+ out->bv_len = len;
+
+ /* Fill in URI with replace string, replacing $i as we go */
+ n=1;
+ insert = 0;
+ while( off[n] >= 0) {
+ /* Paste in next section from replacement string (x,y,z above) */
+ len = off[n] - off[n-1] - 2;
+ strncpy( out->bv_val+insert, rep + off[n-1] + 2, len);
+ insert += len;
+ if( off[n+1] < 0)
+ break;
+
+ /* Paste in string from saslname that matched next $i (b,d above) */
+ i = rep[ off[n] + 1 ] - '0';
+ len = str[i].rm_eo - str[i].rm_so;
+ strncpy( out->bv_val+insert, saslname + str[i].rm_so, len );
+ insert += len;
+
+ n++;
+ }
+
+ out->bv_val[insert] = '\0';
+}
+#endif /* ! SLAP_AUTH_REWRITE */
+
+/* Take the passed in SASL name and attempt to convert it into an
+ LDAP URI to find the matching LDAP entry, using the pattern matching
+ strings given in the saslregexp config file directive(s) */
+
+static int slap_authz_regexp( struct berval *in, struct berval *out,
+ int flags, void *ctx )
+{
+#ifdef SLAP_AUTH_REWRITE
+ const char *context = AUTHID_CONTEXT;
+
+ if ( sasl_rwinfo == NULL || BER_BVISNULL( in ) ) {
+ return 0;
+ }
+
+ /* FIXME: if aware of authc/authz mapping,
+ * we could use different contexts ... */
+ switch ( rewrite_session( sasl_rwinfo, context, in->bv_val, NULL,
+ &out->bv_val ) )
+ {
+ case REWRITE_REGEXEC_OK:
+ if ( !BER_BVISNULL( out ) ) {
+ char *val = out->bv_val;
+ ber_str2bv_x( val, 0, 1, out, ctx );
+ if ( val != in->bv_val ) {
+ free( val );
+ }
+ } else {
+ ber_dupbv_x( out, in, ctx );
+ }
+ Debug( LDAP_DEBUG_ARGS,
+ "[rw] %s: \"%s\" -> \"%s\"\n",
+ context, in->bv_val, out->bv_val );
+ return 1;
+
+ case REWRITE_REGEXEC_UNWILLING:
+ case REWRITE_REGEXEC_ERR:
+ default:
+ return 0;
+ }
+
+#else /* ! SLAP_AUTH_REWRITE */
+ char *saslname = in->bv_val;
+ SaslRegexp_t *reg;
+ regmatch_t sr_strings[SASLREGEX_REPLACE]; /* strings matching $1,$2 ... */
+ int i;
+
+ memset( out, 0, sizeof( *out ) );
+
+ Debug( LDAP_DEBUG_TRACE, "slap_authz_regexp: converting SASL name %s\n",
+ saslname, 0, 0 );
+
+ if (( saslname == NULL ) || ( nSaslRegexp == 0 )) {
+ return( 0 );
+ }
+
+ /* Match the normalized SASL name to the saslregexp patterns */
+ for( reg = SaslRegexp,i=0; i<nSaslRegexp; i++,reg++ ) {
+ if ( regexec( ®->sr_workspace, saslname, SASLREGEX_REPLACE,
+ sr_strings, 0) == 0 )
+ break;
+ }
+
+ if( i >= nSaslRegexp ) return( 0 );
+
+ /*
+ * The match pattern may have been of the form "a(b.*)c(d.*)e" and the
+ * replace pattern of the form "x$1y$2z". The returned string needs
+ * to replace the $1,$2 with the strings that matched (b.*) and (d.*)
+ */
+ slap_sasl_rx_exp( reg->sr_replace, reg->sr_offset,
+ sr_strings, saslname, out, ctx );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_authz_regexp: converted SASL name to %s\n",
+ BER_BVISEMPTY( out ) ? "" : out->bv_val, 0, 0 );
+
+ return( 1 );
+#endif /* ! SLAP_AUTH_REWRITE */
+}
+
+/* This callback actually does some work...*/
+static int sasl_sc_sasl2dn( Operation *op, SlapReply *rs )
+{
+ struct berval *ndn = op->o_callback->sc_private;
+
+ if ( rs->sr_type != REP_SEARCH ) return LDAP_SUCCESS;
+
+ /* We only want to be called once */
+ if ( !BER_BVISNULL( ndn ) ) {
+ op->o_tmpfree( ndn->bv_val, op->o_tmpmemctx );
+ BER_BVZERO( ndn );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "%s: slap_sc_sasl2dn: search DN returned more than 1 entry\n",
+ op->o_log_prefix, 0, 0 );
+ return LDAP_UNAVAILABLE; /* short-circuit the search */
+ }
+
+ ber_dupbv_x( ndn, &rs->sr_entry->e_nname, op->o_tmpmemctx );
+ return LDAP_SUCCESS;
+}
+
+
+typedef struct smatch_info {
+ struct berval *dn;
+ int match;
+} smatch_info;
+
+static int sasl_sc_smatch( Operation *o, SlapReply *rs )
+{
+ smatch_info *sm = o->o_callback->sc_private;
+
+ if (rs->sr_type != REP_SEARCH) return 0;
+
+ if (dn_match(sm->dn, &rs->sr_entry->e_nname)) {
+ sm->match = 1;
+ return LDAP_UNAVAILABLE; /* short-circuit the search */
+ }
+
+ return 0;
+}
+
+int
+slap_sasl_matches( Operation *op, BerVarray rules,
+ struct berval *assertDN, struct berval *authc )
+{
+ int rc = LDAP_INAPPROPRIATE_AUTH;
+
+ if ( rules != NULL ) {
+ int i;
+
+ for( i = 0; !BER_BVISNULL( &rules[i] ); i++ ) {
+ rc = slap_sasl_match( op, &rules[i], assertDN, authc );
+ if ( rc == LDAP_SUCCESS ) break;
+ }
+ }
+
+ return rc;
+}
+
+/*
+ * Map a SASL regexp rule to a DN. If the rule is just a DN or a scope=base
+ * URI, just strcmp the rule (or its searchbase) to the *assertDN. Otherwise,
+ * the rule must be used as an internal search for entries. If that search
+ * returns the *assertDN entry, the match is successful.
+ *
+ * The assertDN should not have the dn: prefix
+ */
+
+static int
+slap_sasl_match( Operation *opx, struct berval *rule,
+ struct berval *assertDN, struct berval *authc )
+{
+ int rc;
+ regex_t reg;
+ smatch_info sm;
+ slap_callback cb = { NULL, sasl_sc_smatch, NULL, NULL };
+ Operation op = {0};
+ SlapReply rs = {REP_RESULT};
+ struct berval base = BER_BVNULL;
+
+ sm.dn = assertDN;
+ sm.match = 0;
+ cb.sc_private = &sm;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "===>slap_sasl_match: comparing DN %s to rule %s\n",
+ assertDN->bv_val, rule->bv_val, 0 );
+
+ /* NOTE: don't normalize rule if authz syntax is enabled */
+ rc = slap_parseURI( opx, rule, &base, &op.o_req_ndn,
+ &op.ors_scope, &op.ors_filter, &op.ors_filterstr,
+#ifdef SLAP_AUTHZ_SYNTAX
+ 0
+#else /* ! SLAP_AUTHZ_SYNTAX */
+ 1
+#endif /* ! SLAP_AUTHZ_SYNTAX */
+ );
+
+ if( rc != LDAP_SUCCESS ) goto CONCLUDED;
+
+ switch ( op.ors_scope ) {
+ case LDAP_X_SCOPE_EXACT:
+exact_match:
+ if ( dn_match( &op.o_req_ndn, assertDN ) ) {
+ rc = LDAP_SUCCESS;
+ } else {
+ rc = LDAP_INAPPROPRIATE_AUTH;
+ }
+ goto CONCLUDED;
+
+ case LDAP_X_SCOPE_CHILDREN:
+ case LDAP_X_SCOPE_SUBTREE:
+ case LDAP_X_SCOPE_ONELEVEL:
+ {
+ int d = assertDN->bv_len - op.o_req_ndn.bv_len;
+
+ rc = LDAP_INAPPROPRIATE_AUTH;
+
+ if ( d == 0 && op.ors_scope == LDAP_X_SCOPE_SUBTREE ) {
+ goto exact_match;
+
+ } else if ( d > 0 ) {
+ struct berval bv;
+
+ /* leave room for at least one char of attributeType,
+ * one for '=' and one for ',' */
+ if ( d < STRLENOF( "x=,") ) {
+ goto CONCLUDED;
+ }
+
+ bv.bv_len = op.o_req_ndn.bv_len;
+ bv.bv_val = assertDN->bv_val + d;
+
+ if ( bv.bv_val[ -1 ] == ',' && dn_match( &op.o_req_ndn, &bv ) ) {
+ switch ( op.ors_scope ) {
+ case LDAP_X_SCOPE_SUBTREE:
+ case LDAP_X_SCOPE_CHILDREN:
+ rc = LDAP_SUCCESS;
+ break;
+
+ case LDAP_X_SCOPE_ONELEVEL:
+ {
+ struct berval pdn;
+
+ dnParent( assertDN, &pdn );
+ /* the common portion of the DN
+ * already matches, so only check
+ * if parent DN of assertedDN
+ * is all the pattern */
+ if ( pdn.bv_len == op.o_req_ndn.bv_len ) {
+ rc = LDAP_SUCCESS;
+ }
+ break;
+ }
+ default:
+ /* at present, impossible */
+ assert( 0 );
+ }
+ }
+ }
+ goto CONCLUDED;
+ }
+
+ case LDAP_X_SCOPE_REGEX:
+ rc = regcomp(®, op.o_req_ndn.bv_val,
+ REG_EXTENDED|REG_ICASE|REG_NOSUB);
+ if ( rc == 0 ) {
+ rc = regexec(®, assertDN->bv_val, 0, NULL, 0);
+ regfree( ® );
+ }
+ if ( rc == 0 ) {
+ rc = LDAP_SUCCESS;
+ } else {
+ rc = LDAP_INAPPROPRIATE_AUTH;
+ }
+ goto CONCLUDED;
+
+ case LDAP_X_SCOPE_GROUP: {
+ char *tmp;
+
+ /* Now filterstr looks like "(&(objectClass=<group_oc>)(<member_at>="
+ * we need to append the <assertDN> so that the <group_dn> is searched
+ * with scope "base", and the filter ensures that <assertDN> is
+ * member of the group */
+ tmp = ch_realloc( op.ors_filterstr.bv_val, op.ors_filterstr.bv_len +
+ assertDN->bv_len + STRLENOF( /*"(("*/ "))" ) + 1 );
+ if ( tmp == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto CONCLUDED;
+ }
+ op.ors_filterstr.bv_val = tmp;
+
+ tmp = lutil_strcopy( &tmp[op.ors_filterstr.bv_len], assertDN->bv_val );
+ tmp = lutil_strcopy( tmp, /*"(("*/ "))" );
+
+ /* pass opx because str2filter_x may (and does) use o_tmpmfuncs */
+ op.ors_filter = str2filter_x( opx, op.ors_filterstr.bv_val );
+ if ( op.ors_filter == NULL ) {
+ rc = LDAP_PROTOCOL_ERROR;
+ goto CONCLUDED;
+ }
+ op.ors_scope = LDAP_SCOPE_BASE;
+
+ /* hijack match DN: use that of the group instead of the assertDN;
+ * assertDN is now in the filter */
+ sm.dn = &op.o_req_ndn;
+
+ /* do the search */
+ break;
+ }
+
+ case LDAP_X_SCOPE_USERS:
+ if ( !BER_BVISEMPTY( assertDN ) ) {
+ rc = LDAP_SUCCESS;
+ } else {
+ rc = LDAP_INAPPROPRIATE_AUTH;
+ }
+ goto CONCLUDED;
+
+ default:
+ break;
+ }
+
+ /* Must run an internal search. */
+ if ( op.ors_filter == NULL ) {
+ rc = LDAP_FILTER_ERROR;
+ goto CONCLUDED;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_sasl_match: performing internal search (base=%s, scope=%d)\n",
+ op.o_req_ndn.bv_val, op.ors_scope, 0 );
+
+ op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
+ if(( op.o_bd == NULL ) || ( op.o_bd->be_search == NULL)) {
+ rc = LDAP_INAPPROPRIATE_AUTH;
+ goto CONCLUDED;
+ }
+
+ op.o_hdr = opx->o_hdr;
+ op.o_tag = LDAP_REQ_SEARCH;
+ op.o_ndn = *authc;
+ op.o_callback = &cb;
+ slap_op_time( &op.o_time, &op.o_tincr );
+ op.o_do_not_cache = 1;
+ op.o_is_auth_check = 1;
+ /* use req_ndn as req_dn instead of non-pretty base of uri */
+ if( !BER_BVISNULL( &base ) ) {
+ ch_free( base.bv_val );
+ /* just in case... */
+ BER_BVZERO( &base );
+ }
+ ber_dupbv_x( &op.o_req_dn, &op.o_req_ndn, op.o_tmpmemctx );
+ op.ors_deref = LDAP_DEREF_NEVER;
+ op.ors_slimit = 1;
+ op.ors_tlimit = SLAP_NO_LIMIT;
+ op.ors_attrs = slap_anlist_no_attrs;
+ op.ors_attrsonly = 1;
+
+ op.o_bd->be_search( &op, &rs );
+
+ if (sm.match) {
+ rc = LDAP_SUCCESS;
+ } else {
+ rc = LDAP_INAPPROPRIATE_AUTH;
+ }
+
+CONCLUDED:
+ if( !BER_BVISNULL( &op.o_req_dn ) ) slap_sl_free( op.o_req_dn.bv_val, opx->o_tmpmemctx );
+ if( !BER_BVISNULL( &op.o_req_ndn ) ) slap_sl_free( op.o_req_ndn.bv_val, opx->o_tmpmemctx );
+ if( op.ors_filter ) filter_free_x( opx, op.ors_filter );
+ if( !BER_BVISNULL( &op.ors_filterstr ) ) ch_free( op.ors_filterstr.bv_val );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "<===slap_sasl_match: comparison returned %d\n", rc, 0, 0);
+
+ return( rc );
+}
+
+
+/*
+ * This function answers the question, "Can this ID authorize to that ID?",
+ * based on authorization rules. The rules are stored in the *searchDN, in the
+ * attribute named by *attr. If any of those rules map to the *assertDN, the
+ * authorization is approved.
+ *
+ * The DNs should not have the dn: prefix
+ */
+static int
+slap_sasl_check_authz( Operation *op,
+ struct berval *searchDN,
+ struct berval *assertDN,
+ AttributeDescription *ad,
+ struct berval *authc )
+{
+ int rc,
+ do_not_cache = op->o_do_not_cache;
+ BerVarray vals = NULL;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "==>slap_sasl_check_authz: does %s match %s rule in %s?\n",
+ assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val);
+
+ /* ITS#4760: don't cache group access */
+ op->o_do_not_cache = 1;
+ rc = backend_attribute( op, NULL, searchDN, ad, &vals, ACL_AUTH );
+ op->o_do_not_cache = do_not_cache;
+ if( rc != LDAP_SUCCESS ) goto COMPLETE;
+
+ /* Check if the *assertDN matches any *vals */
+ rc = slap_sasl_matches( op, vals, assertDN, authc );
+
+COMPLETE:
+ if( vals ) ber_bvarray_free_x( vals, op->o_tmpmemctx );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "<==slap_sasl_check_authz: %s check returning %d\n",
+ ad->ad_cname.bv_val, rc, 0);
+
+ return( rc );
+}
+
+/*
+ * Given a SASL name (e.g. "UID=name,cn=REALM,cn=MECH,cn=AUTH")
+ * return the LDAP DN to which it matches. The SASL regexp rules in the config
+ * file turn the SASL name into an LDAP URI. If the URI is just a DN (or a
+ * search with scope=base), just return the URI (or its searchbase). Otherwise
+ * an internal search must be done, and if that search returns exactly one
+ * entry, return the DN of that one entry.
+ */
+void
+slap_sasl2dn(
+ Operation *opx,
+ struct berval *saslname,
+ struct berval *sasldn,
+ int flags )
+{
+ int rc;
+ slap_callback cb = { NULL, sasl_sc_sasl2dn, NULL, NULL };
+ Operation op = {0};
+ SlapReply rs = {REP_RESULT};
+ struct berval regout = BER_BVNULL;
+ struct berval base = BER_BVNULL;
+
+ Debug( LDAP_DEBUG_TRACE, "==>slap_sasl2dn: "
+ "converting SASL name %s to a DN\n",
+ saslname->bv_val, 0,0 );
+
+ BER_BVZERO( sasldn );
+ cb.sc_private = sasldn;
+
+ /* Convert the SASL name into a minimal URI */
+ if( !slap_authz_regexp( saslname, ®out, flags, opx->o_tmpmemctx ) ) {
+ goto FINISHED;
+ }
+
+ /* NOTE: always normalize regout because it results
+ * from string submatch expansion */
+ rc = slap_parseURI( opx, ®out, &base, &op.o_req_ndn,
+ &op.ors_scope, &op.ors_filter, &op.ors_filterstr, 1 );
+ if ( !BER_BVISNULL( ®out ) ) slap_sl_free( regout.bv_val, opx->o_tmpmemctx );
+ if ( rc != LDAP_SUCCESS ) {
+ goto FINISHED;
+ }
+
+ /* Must do an internal search */
+ op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
+
+ switch ( op.ors_scope ) {
+ case LDAP_X_SCOPE_EXACT:
+ *sasldn = op.o_req_ndn;
+ BER_BVZERO( &op.o_req_ndn );
+ /* intentionally continue to next case */
+
+ case LDAP_X_SCOPE_REGEX:
+ case LDAP_X_SCOPE_SUBTREE:
+ case LDAP_X_SCOPE_CHILDREN:
+ case LDAP_X_SCOPE_ONELEVEL:
+ case LDAP_X_SCOPE_GROUP:
+ case LDAP_X_SCOPE_USERS:
+ /* correctly parsed, but illegal */
+ goto FINISHED;
+
+ case LDAP_SCOPE_BASE:
+ case LDAP_SCOPE_ONELEVEL:
+ case LDAP_SCOPE_SUBTREE:
+ case LDAP_SCOPE_SUBORDINATE:
+ /* do a search */
+ break;
+
+ default:
+ /* catch unhandled cases (there shouldn't be) */
+ assert( 0 );
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_sasl2dn: performing internal search (base=%s, scope=%d)\n",
+ op.o_req_ndn.bv_val, op.ors_scope, 0 );
+
+ if ( ( op.o_bd == NULL ) || ( op.o_bd->be_search == NULL) ) {
+ goto FINISHED;
+ }
+
+ /* Must run an internal search. */
+ if ( op.ors_filter == NULL ) {
+ rc = LDAP_FILTER_ERROR;
+ goto FINISHED;
+ }
+
+ op.o_hdr = opx->o_hdr;
+ op.o_tag = LDAP_REQ_SEARCH;
+ op.o_ndn = opx->o_conn->c_ndn;
+ op.o_callback = &cb;
+ slap_op_time( &op.o_time, &op.o_tincr );
+ op.o_do_not_cache = 1;
+ op.o_is_auth_check = 1;
+ op.ors_deref = LDAP_DEREF_NEVER;
+ op.ors_slimit = 1;
+ op.ors_tlimit = SLAP_NO_LIMIT;
+ op.ors_attrs = slap_anlist_no_attrs;
+ op.ors_attrsonly = 1;
+ /* use req_ndn as req_dn instead of non-pretty base of uri */
+ if( !BER_BVISNULL( &base ) ) {
+ ch_free( base.bv_val );
+ /* just in case... */
+ BER_BVZERO( &base );
+ }
+ ber_dupbv_x( &op.o_req_dn, &op.o_req_ndn, op.o_tmpmemctx );
+
+ op.o_bd->be_search( &op, &rs );
+
+FINISHED:
+ if( !BER_BVISEMPTY( sasldn ) ) {
+ opx->o_conn->c_authz_backend = op.o_bd;
+ }
+ if( !BER_BVISNULL( &op.o_req_dn ) ) {
+ slap_sl_free( op.o_req_dn.bv_val, opx->o_tmpmemctx );
+ }
+ if( !BER_BVISNULL( &op.o_req_ndn ) ) {
+ slap_sl_free( op.o_req_ndn.bv_val, opx->o_tmpmemctx );
+ }
+ if( op.ors_filter ) {
+ filter_free_x( opx, op.ors_filter );
+ }
+ if( !BER_BVISNULL( &op.ors_filterstr ) ) {
+ ch_free( op.ors_filterstr.bv_val );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<==slap_sasl2dn: Converted SASL name to %s\n",
+ !BER_BVISEMPTY( sasldn ) ? sasldn->bv_val : "<nothing>", 0, 0 );
+
+ return;
+}
+
+
+/* Check if a bind can SASL authorize to another identity.
+ * The DNs should not have the dn: prefix
+ */
+
+int slap_sasl_authorized( Operation *op,
+ struct berval *authcDN, struct berval *authzDN )
+{
+ int rc = LDAP_INAPPROPRIATE_AUTH;
+
+ /* User binding as anonymous */
+ if ( authzDN == NULL ) {
+ rc = LDAP_SUCCESS;
+ goto DONE;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "==>slap_sasl_authorized: can %s become %s?\n",
+ authcDN->bv_len ? authcDN->bv_val : "(null)",
+ authzDN->bv_len ? authzDN->bv_val : "(null)", 0 );
+
+ /* If person is authorizing to self, succeed */
+ if ( dn_match( authcDN, authzDN ) ) {
+ rc = LDAP_SUCCESS;
+ goto DONE;
+ }
+
+ /* Allow the manager to authorize as any DN. */
+ if( op->o_conn->c_authz_backend &&
+ be_isroot_dn( op->o_conn->c_authz_backend, authcDN ))
+ {
+ rc = LDAP_SUCCESS;
+ goto DONE;
+ }
+
+ /* Check source rules */
+ if( authz_policy & SASL_AUTHZ_TO ) {
+ rc = slap_sasl_check_authz( op, authcDN, authzDN,
+ slap_schema.si_ad_saslAuthzTo, authcDN );
+ if( rc == LDAP_SUCCESS && !(authz_policy & SASL_AUTHZ_AND) ) {
+ goto DONE;
+ }
+ }
+
+ /* Check destination rules */
+ if( authz_policy & SASL_AUTHZ_FROM ) {
+ rc = slap_sasl_check_authz( op, authzDN, authcDN,
+ slap_schema.si_ad_saslAuthzFrom, authcDN );
+ if( rc == LDAP_SUCCESS ) {
+ goto DONE;
+ }
+ }
+
+ rc = LDAP_INAPPROPRIATE_AUTH;
+
+DONE:
+
+ Debug( LDAP_DEBUG_TRACE,
+ "<== slap_sasl_authorized: return %d\n", rc, 0, 0 );
+
+ return( rc );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema/README
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,69 @@
+This directory contains user application schema definitions for use
+with slapd(8).
+
+File Description
+---- -----------
+corba.schema Corba Object
+core.schema OpenLDAP "core"
+cosine.schema COSINE Pilot
+dyngroup.schema Dynamic Group (experimental)
+inetorgperson.schema InetOrgPerson
+java.schema Java Object
+misc.schema Miscellaneous Schema (experimental)
+nis.schema Network Information Service (experimental)
+openldap.schema OpenLDAP Project (FYI)
+ppolicy.schema Password Policy Schema (work in progress)
+
+Additional "generally useful" schema definitions can be submitted
+using the OpenLDAP Issue Tracking System <http://www.openldap.org/its/>.
+Submissions should include a stable reference to a mature, open
+technical specification (e.g., an RFC) for the schema.
+
+---
+
+This notice applies to all files in this directory.
+
+Copyright 1998-2007 The OpenLDAP Foundation, Redwood City, California, USA
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License. A copy of this license is available at
+http://www.OpenLDAP.org/license.html or in file LICENSE in the
+top-level directory of the distribution.
+
+---
+
+This notice applies to all schema in this directory which are derived
+from RFCs and other IETF documents.
+
+Portions Copyright 1991-2004, The Internet Society. All Rights Reserved.
+
+This document and translations of it may be copied and furnished
+to others, and derivative works that comment on or otherwise explain
+it or assist in its implementation may be prepared, copied, published
+and distributed, in whole or in part, without restriction of any
+kind, provided that the above copyright notice and this paragraph
+are included on all such copies and derivative works. However,
+this document itself may not be modified in any way, such as by
+removing the copyright notice or references to the Internet Society
+or other Internet organizations, except as needed for the purpose
+of developing Internet standards in which case the procedures for
+copyrights defined in the Internet Standards process must be
+followed, or as required to translate it into languages other than
+English.
+
+The limited permissions granted above are perpetual and will not
+be revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on
+an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE
+INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
+OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
+IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
+PURPOSE.
+
+
+---
+$OpenLDAP: pkg/ldap/servers/slapd/schema/README,v 1.23.2.6 2007/01/02 21:44:09 kurt Exp $
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema/corba.schema
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema/corba.schema (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema/corba.schema 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,239 @@
+# corba.schema -- Corba Object Schema
+# depends upon core.schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1999).
+## Please see full copyright statement below.
+
+
+# Network Working Group V. Ryan
+# Request for Comments: 2714 R. Lee
+# Category: Informational S. Seligman
+# Sun Microsystems, Inc.
+# October 1999
+#
+#
+# Schema for Representing CORBA Object References in an LDAP Directory
+#
+# Status of this Memo
+#
+# This memo provides information for the Internet community. It does
+# not specify an Internet standard of any kind. Distribution of this
+# memo is unlimited.
+#
+# Copyright Notice
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# Abstract
+#
+# CORBA [CORBA] is the Common Object Request Broker Architecture
+# defined by the Object Management Group. This document defines the
+# schema for representing CORBA object references in an LDAP directory
+# [LDAPv3].
+#
+# [trimmed]
+
+# 3. Attribute Type Definitions
+#
+# The following attribute types are defined in this document:
+#
+# corbaIor
+# corbaRepositoryId
+#
+# 3.1 corbaIor
+#
+# This attribute stores the string representation of the interoperable
+# object reference (IOR) for a CORBA object. An IOR is an opaque handle
+# for the object which contains the information necessary to locate the
+# object, even if the object is in another ORB.
+#
+# This attribute's syntax is 'IA5 String' and its case is
+# insignificant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.14
+# NAME 'corbaIor'
+# DESC 'Stringified interoperable object reference of a CORBA object'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+# SINGLE-VALUE
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14
+ NAME 'corbaIor'
+ DESC 'Stringified interoperable object reference of a CORBA object'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+# 3.2 corbaRepositoryId
+#
+# Each CORBA interface has a unique "repository id" (also called "type
+# id") that identifies the interface. A CORBA object has one or more
+# repository ids, one for each interface that it implements.
+#
+# The format of a repository id can be any string, but the OMG
+# specifies four standard formats:
+#
+# a. IDL-style
+#
+# IDL:Prefix/ModuleName/InterfaceName:VersionNumber
+#
+# For example, the repository id for the "NamingContext" in OMG's COS
+# Naming module is: "IDL:omg.org/CosNaming/NamingContext:1.0".
+#
+# b. RMI-style
+#
+# RMI:ClassName:HashCode[:SUID]
+#
+# This format is used by RMI-IIOP remote objects [RMI-IIOP].
+# "ClassName" is the fully qualified name of the class (for example,
+# "java.lang.String"). "HashCode" is the object's hash code (that is,
+# that obtained by invoking the "hashCode()" method). "SUID" is the
+# "stream unique identifier", which is a 64-bit number that uniquely
+# identifies the serialization version of the class; SUID is optional
+# in the repository id.
+#
+# c. DCE-style
+#
+# DCE:UUID
+#
+# This format is used for DCE/CORBA interoperability [CORBA-DCE].
+# "UUID" represents a DCE UUID.
+#
+# d. "local"
+#
+# This format is defined by the local Object Request Broker (ORB).
+#
+# The corbaRepositoryId attribute is a multivalued attribute; each
+# value records a single repository id of an interface implemented by
+# the CORBA object. This attribute need not contain a complete list of
+# the interfaces implemented by the CORBA object.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant. The values of this attribute are encoded using UTF-8.
+# Some values may require translation from their native representation
+# in order to be correctly encoded using UTF-8.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.15
+# NAME 'corbaRepositoryId'
+# DESC 'Repository ids of interfaces implemented by a CORBA object'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# )
+#
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15
+ NAME 'corbaRepositoryId'
+ DESC 'Repository ids of interfaces implemented by a CORBA object'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 4. Object Class Definitions
+#
+# The following object classes are defined in this document:
+#
+# corbaContainer
+# corbaObject
+# corbaObjectReference
+#
+# 4.1 corbaContainer
+#
+# This structural object class represents a container for a CORBA
+# object.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.10
+# NAME 'corbaContainer'
+# DESC 'Container for a CORBA object'
+# SUP top
+# STRUCTURAL
+# MUST ( cn )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10
+ NAME 'corbaContainer'
+ DESC 'Container for a CORBA object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+# 4.2 corbaObject
+#
+# This abstract object class is the root class for representing a CORBA
+# object.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.9
+# NAME 'corbaObject'
+# DESC 'CORBA object representation'
+# SUP top
+# ABSTRACT
+# MAY ( corbaRepositoryId $ description )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9
+ NAME 'corbaObject'
+ DESC 'CORBA object representation'
+ SUP top
+ ABSTRACT
+ MAY ( corbaRepositoryId $ description ) )
+
+# 4.3 corbaObjectReference
+#
+# This auxiliary object class represents a CORBA object reference. It
+# must be mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.11
+# NAME 'corbaObjectReference'
+# DESC 'CORBA interoperable object reference'
+# SUP corbaObject
+# AUXILIARY
+# MUST ( corbaIor )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11
+ NAME 'corbaObjectReference'
+ DESC 'CORBA interoperable object reference'
+ SUP corbaObject
+ AUXILIARY
+ MUST corbaIor )
+
+# 10. Full Copyright Statement
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# This document and translations of it may be copied and furnished to
+# others, and derivative works that comment on or otherwise explain it
+# or assist in its implementation may be prepared, copied, published
+# and distributed, in whole or in part, without restriction of any
+# kind, provided that the above copyright notice and this paragraph are
+# included on all such copies and derivative works. However, this
+# document itself may not be modified in any way, such as by removing
+# the copyright notice or references to the Internet Society or other
+# Internet organizations, except as needed for the purpose of
+# developing Internet standards in which case the procedures for
+# copyrights defined in the Internet Standards process must be
+# followed, or as required to translate it into languages other than
+# English.
+#
+# The limited permissions granted above are perpetual and will not be
+# revoked by the Internet Society or its successors or assigns.
+#
+# This document and the information contained herein is provided on an
+# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema/core.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema/core.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema/core.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,588 @@
+# OpenLDAP Core schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.ldif,v 1.1.2.5 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1997-2003).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+#
+#
+#
+# Includes LDAPv3 schema items from:
+# RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+# RFC 1274 (uid/dc)
+# RFC 2079 (URI)
+# RFC 2247 (dc/dcObject)
+# RFC 2587 (PKI)
+# RFC 2589 (Dynamic Directory Services)
+#
+# Select informational schema items:
+# RFC 2377 (uidObject)
+#
+#
+# Standard attribute types from RFC 2256
+#
+dn: cn=core,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: core
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass'
+# DESC 'RFC2256: object classes of the entity'
+# EQUALITY objectIdentifierMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+# DESC 'RFC2256: name of aliased object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation'
+ DESC 'RFC2256: knowledge information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+# DESC 'RFC2256: common name(s) for which the entity is known by'
+# SUP name )
+#
+olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' )
+ DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber'
+ DESC 'RFC2256: serial number of the entity'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+#
+olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' )
+ DESC 'RFC2256: ISO-3166 country 2-letter code'
+ SUP name SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' )
+ DESC 'RFC2256: locality which this object resides in'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+ DESC 'RFC2256: state or province which this object resides in'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ DESC 'RFC2256: street address of this object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+ DESC 'RFC2256: organization this object belongs to'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+ DESC 'RFC2256: organizational unit this object belongs to'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.12 NAME 'title'
+ DESC 'RFC2256: title associated with the entity'
+ SUP name )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.13 NAME 'description'
+# DESC 'RFC2256: descriptive information'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+#
+# Deprecated by enhancedSearchGuide
+olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+#
+olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory'
+ DESC 'RFC2256: business category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress'
+ DESC 'RFC2256: postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+#
+olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode'
+ DESC 'RFC2256: postal code'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+#
+olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox'
+ DESC 'RFC2256: Post Office Box'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+#
+olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ DESC 'RFC2256: Physical Delivery Office Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber'
+ DESC 'RFC2256: Telephone Number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+#
+olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber'
+ DESC 'RFC2256: Telex Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+#
+olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ DESC 'RFC2256: Teletex Terminal Identifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+#
+olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+#
+olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address'
+ DESC 'RFC2256: X.121 Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+#
+olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ DESC 'RFC2256: international ISDN number'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+#
+olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress'
+ DESC 'RFC2256: registered postal address'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+#
+olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator'
+ DESC 'RFC2256: destination indicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+#
+olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ DESC 'RFC2256: preferred delivery method'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress'
+ DESC 'RFC2256: presentation address'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext'
+ DESC 'RFC2256: supported application context'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+#
+olcAttributeTypes: ( 2.5.4.31 NAME 'member'
+ DESC 'RFC2256: member of a group'
+ SUP distinguishedName )
+#
+olcAttributeTypes: ( 2.5.4.32 NAME 'owner'
+ DESC 'RFC2256: owner (of the object)'
+ SUP distinguishedName )
+#
+olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant'
+ DESC 'RFC2256: occupant of role'
+ SUP distinguishedName )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso'
+# DESC 'RFC2256: DN of related object'
+# SUP distinguishedName )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword'
+# DESC 'RFC2256/2307: password of user'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+#
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'RFC2256: X.509 user certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+#
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'RFC2256: X.509 CA certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+# Must be stored and requested in the binary form
+olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+#
+# 2.5.4.41 is defined above as it's used for subtyping
+#olcAttributeTypes: ( 2.5.4.41 NAME 'name'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+ DESC 'RFC2256: first name(s) for which the entity is known by'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.43 NAME 'initials'
+ DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier'
+ DESC 'RFC2256: name qualifier indicating a generation'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ DESC 'RFC2256: X.500 unique identifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+#
+olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier'
+ DESC 'RFC2256: DN qualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+#
+olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ DESC 'RFC2256: enhanced search guide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+#
+olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation'
+ DESC 'RFC2256: protocol information'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+#
+# 2.5.4.49 is defined above as it's used for subtyping
+#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+#
+olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
+ DESC 'RFC2256: unique member of a group'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+#
+olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier'
+ DESC 'RFC2256: house identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'RFC2256: supported algorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'RFC2256: delta revocation list; use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName'
+ DESC 'RFC2256: name of DMD'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
+#
+# Standard object classes from RFC2256
+#
+# system schema
+#olcObjectClasses: ( 2.5.6.1 NAME 'alias'
+# DESC 'RFC2256: an alias'
+# SUP top STRUCTURAL
+# MUST aliasedObjectName )
+#
+olcObjectClasses: ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description ) )
+#
+olcObjectClasses: ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+#
+olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+#
+olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+#
+olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson'
+ DESC 'RFC2256: an residential person'
+ SUP person STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+#
+olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+#
+olcObjectClasses: ( 2.5.6.13 NAME 'dSA'
+ DESC 'RFC2256: a directory system agent (a server)'
+ SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+#
+olcObjectClasses: ( 2.5.6.14 NAME 'device'
+ DESC 'RFC2256: a device'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'RFC2256: a strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+#
+olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+#
+olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+#
+olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'RFC2256: a user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+#
+olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+#
+olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+#
+olcObjectClasses: ( 2.5.6.20 NAME 'dmd'
+ SUP top STRUCTURAL
+ MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+#
+# Object Classes from RFC 2587
+#
+olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+#
+olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+#
+olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC2587: PKI user'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+#
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+# DESC 'RFC2079: Uniform Resource Identifier with optional label'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+#
+olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ MAY ( labeledURI )
+ SUP top AUXILIARY )
+#
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1
+# NAME ( 'uid' 'userid' )
+# DESC 'RFC1274: user identifier'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+#
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
+ NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+#
+olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+#
+# RFC 1274 + RFC 2247
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247: domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+#
+# RFC 2247
+olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+#
+# RFC 2377
+olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+#
+# From COSINE Pilot
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.37
+ NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+#
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+olcAttributeTypes: ( 1.2.840.113549.1.9.1
+ NAME ( 'email' 'emailAddress' 'pkcs9email' )
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+#
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema/core.schema
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema/core.schema (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema/core.schema 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,591 @@
+# OpenLDAP Core schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.79.2.8 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1997-2003).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+# RFC 1274 (uid/dc)
+# RFC 2079 (URI)
+# RFC 2247 (dc/dcObject)
+# RFC 2587 (PKI)
+# RFC 2589 (Dynamic Directory Services)
+#
+# Select informational schema items:
+# RFC 2377 (uidObject)
+
+#
+# Standard attribute types from RFC 2256
+#
+
+# system schema
+#attributetype ( 2.5.4.0 NAME 'objectClass'
+# DESC 'RFC2256: object classes of the entity'
+# EQUALITY objectIdentifierMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+# system schema
+#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+# DESC 'RFC2256: name of aliased object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
+ DESC 'RFC2256: knowledge information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# system schema
+#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+# DESC 'RFC2256: common name(s) for which the entity is known by'
+# SUP name )
+
+attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
+ DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.5 NAME 'serialNumber'
+ DESC 'RFC2256: serial number of the entity'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+
+attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+ DESC 'RFC2256: ISO-3166 country 2-letter code'
+ SUP name SINGLE-VALUE )
+
+attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
+ DESC 'RFC2256: locality which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+ DESC 'RFC2256: state or province which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ DESC 'RFC2256: street address of this object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+ DESC 'RFC2256: organization this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+ DESC 'RFC2256: organizational unit this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.12 NAME 'title'
+ DESC 'RFC2256: title associated with the entity'
+ SUP name )
+
+# system schema
+#attributetype ( 2.5.4.13 NAME 'description'
+# DESC 'RFC2256: descriptive information'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+
+# Deprecated by enhancedSearchGuide
+attributetype ( 2.5.4.14 NAME 'searchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+
+attributetype ( 2.5.4.15 NAME 'businessCategory'
+ DESC 'RFC2256: business category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.16 NAME 'postalAddress'
+ DESC 'RFC2256: postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.17 NAME 'postalCode'
+ DESC 'RFC2256: postal code'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.18 NAME 'postOfficeBox'
+ DESC 'RFC2256: Post Office Box'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ DESC 'RFC2256: Physical Delivery Office Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.20 NAME 'telephoneNumber'
+ DESC 'RFC2256: Telephone Number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+
+attributetype ( 2.5.4.21 NAME 'telexNumber'
+ DESC 'RFC2256: Telex Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+
+attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ DESC 'RFC2256: Teletex Terminal Identifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+
+attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+
+attributetype ( 2.5.4.24 NAME 'x121Address'
+ DESC 'RFC2256: X.121 Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+
+attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ DESC 'RFC2256: international ISDN number'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+
+attributetype ( 2.5.4.26 NAME 'registeredAddress'
+ DESC 'RFC2256: registered postal address'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.27 NAME 'destinationIndicator'
+ DESC 'RFC2256: destination indicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+
+attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ DESC 'RFC2256: preferred delivery method'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.29 NAME 'presentationAddress'
+ DESC 'RFC2256: presentation address'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
+ DESC 'RFC2256: supported application context'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+attributetype ( 2.5.4.31 NAME 'member'
+ DESC 'RFC2256: member of a group'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.32 NAME 'owner'
+ DESC 'RFC2256: owner (of the object)'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.33 NAME 'roleOccupant'
+ DESC 'RFC2256: occupant of role'
+ SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.34 NAME 'seeAlso'
+# DESC 'RFC2256: DN of related object'
+# SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.35 NAME 'userPassword'
+# DESC 'RFC2256/2307: password of user'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'RFC2256: X.509 user certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'RFC2256: X.509 CA certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be stored and requested in the binary form
+attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+
+# system schema
+#attributetype ( 2.5.4.41 NAME 'name'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+ DESC 'RFC2256: first name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.43 NAME 'initials'
+ DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+ SUP name )
+
+attributetype ( 2.5.4.44 NAME 'generationQualifier'
+ DESC 'RFC2256: name qualifier indicating a generation'
+ SUP name )
+
+attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ DESC 'RFC2256: X.500 unique identifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+
+attributetype ( 2.5.4.46 NAME 'dnQualifier'
+ DESC 'RFC2256: DN qualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ DESC 'RFC2256: enhanced search guide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+
+attributetype ( 2.5.4.48 NAME 'protocolInformation'
+ DESC 'RFC2256: protocol information'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+
+# system schema
+#attributetype ( 2.5.4.49 NAME 'distinguishedName'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.5.4.50 NAME 'uniqueMember'
+ DESC 'RFC2256: unique member of a group'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+
+attributetype ( 2.5.4.51 NAME 'houseIdentifier'
+ DESC 'RFC2256: house identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'RFC2256: supported algorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'RFC2256: delta revocation list; use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+attributetype ( 2.5.4.54 NAME 'dmdName'
+ DESC 'RFC2256: name of DMD'
+ SUP name )
+
+attributetype ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
+
+# Standard object classes from RFC2256
+
+# system schema
+#objectclass ( 2.5.6.0 NAME 'top'
+# DESC 'RFC2256: top of the superclass chain'
+# ABSTRACT
+# MUST objectClass )
+
+# system schema
+#objectclass ( 2.5.6.1 NAME 'alias'
+# DESC 'RFC2256: an alias'
+# SUP top STRUCTURAL
+# MUST aliasedObjectName )
+
+objectclass ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description ) )
+
+objectclass ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+
+objectclass ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+
+objectclass ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+
+objectclass ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+
+objectclass ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.10 NAME 'residentialPerson'
+ DESC 'RFC2256: an residential person'
+ SUP person STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+
+objectclass ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+
+objectclass ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+
+objectclass ( 2.5.6.13 NAME 'dSA'
+ DESC 'RFC2256: a directory system agent (a server)'
+ SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+
+objectclass ( 2.5.6.14 NAME 'device'
+ DESC 'RFC2256: a device'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+
+objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'RFC2256: a strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+
+objectclass ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+
+objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'RFC2256: a user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+
+objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+
+objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+
+objectclass ( 2.5.6.20 NAME 'dmd'
+ SUP top STRUCTURAL
+ MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+#
+# Object Classes from RFC 2587
+#
+objectclass ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+
+objectclass ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+
+objectclass ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC2587: PKI user'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+# DESC 'RFC2079: Uniform Resource Identifier with optional label'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ SUP top AUXILIARY
+ MAY ( labeledURI ) )
+
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#attributetype ( 0.9.2342.19200300.100.1.1
+# NAME ( 'uid' 'userid' )
+# DESC 'RFC1274: user identifier'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.3
+ NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+
+# RFC 1274 + RFC 2247
+attributetype ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247: domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# RFC 2247
+objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+
+# RFC 2377
+objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+
+# From COSINE Pilot
+attributetype ( 0.9.2342.19200300.100.1.37
+ NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+attributetype ( 1.2.840.113549.1.9.1
+ NAME ( 'email' 'emailAddress' 'pkcs9email' )
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema/cosine.schema
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema/cosine.schema (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema/cosine.schema 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2571 @@
+# RFC1274: Cosine and Internet X.500 schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.19.2.5 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# RFC1274: Cosine and Internet X.500 schema
+#
+# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
+# schema. As this schema was defined for X.500(89), some
+# oddities were introduced in the mapping to LDAPv3. The
+# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
+# (a work in progress)
+#
+# Note: It seems that the pilot schema evolved beyond what was
+# described in RFC1274. However, this document attempts to describes
+# RFC1274 as published.
+#
+# Depends on core.schema
+
+
+# Network Working Group P. Barker
+# Request for Comments: 1274 S. Kille
+# University College London
+# November 1991
+#
+# The COSINE and Internet X.500 Schema
+#
+# [trimmed]
+#
+# Abstract
+#
+# This document suggests an X.500 Directory Schema, or Naming
+# Architecture, for use in the COSINE and Internet X.500 pilots. The
+# schema is independent of any specific implementation. As well as
+# indicating support for the standard object classes and attributes, a
+# large number of generally useful object classes and attributes are
+# also defined. An appendix to this document includes a machine
+# processable version of the schema.
+#
+# [trimmed]
+
+# 7. Object Identifiers
+#
+# Some additional object identifiers are defined for this schema.
+# These are also reproduced in Appendix C.
+#
+# data OBJECT IDENTIFIER ::= {ccitt 9}
+# pss OBJECT IDENTIFIER ::= {data 2342}
+# ucl OBJECT IDENTIFIER ::= {pss 19200300}
+# pilot OBJECT IDENTIFIER ::= {ucl 100}
+#
+# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
+# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
+# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
+# pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
+#
+# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
+# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
+# {pilotAttributeSyntax 5}
+#
+# 8. Object Classes
+# [relocated after 9]
+
+#
+# 9. Attribute Types
+#
+# 9.1. X.500 standard attribute types
+#
+# A number of generally useful attribute types are defined in X.520,
+# and these are supported. Refer to that document for descriptions of
+# the suggested usage of these attribute types. The ASN.1 for these
+# attribute types is reproduced for completeness in Appendix C.
+#
+# 9.2. X.400 standard attribute types
+#
+# The standard X.400 attribute types are supported. See X.402 for full
+# details. The ASN.1 for these attribute types is reproduced in
+# Appendix C.
+#
+# 9.3. COSINE/Internet attribute types
+#
+# This section describes all the attribute types defined for use in the
+# COSINE and Internet pilots. Descriptions are given as to the
+# suggested usage of these attribute types. The ASN.1 for these
+# attribute types is reproduced in Appendix C.
+#
+# 9.3.1. Userid
+#
+# The Userid attribute type specifies a computer system login name.
+#
+# userid ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-user-identifier))
+# ::= {pilotAttributeType 1}
+#
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
+## EQUALITY caseIgnoreMatch
+## SUBSTR caseIgnoreSubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.2. Text Encoded O/R Address
+#
+# The Text Encoded O/R Address attribute type specifies a text encoding
+# of an X.400 O/R address, as specified in RFC 987. The use of this
+# attribute is deprecated as the attribute is intended for interim use
+# only. This attribute will be the first candidate for the attribute
+# expiry mechanisms!
+#
+# textEncodedORAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-text-encoded-or-address))
+# ::= {pilotAttributeType 2}
+#
+attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.3. RFC 822 Mailbox
+#
+# The RFC822 Mailbox attribute type specifies an electronic mailbox
+# attribute following the syntax specified in RFC 822. Note that this
+# attribute should not be used for greybook or other non-Internet order
+# mailboxes.
+#
+# rfc822Mailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# (SIZE (1 .. ub-rfc822-mailbox))
+# ::= {pilotAttributeType 3}
+#
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# 9.3.4. Information
+#
+# The Information attribute type specifies any general information
+# pertinent to an object. It is recommended that specific usage of
+# this attribute type is avoided, and that specific requirements are
+# met by other (possibly additional) attribute types.
+#
+# info ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-information))
+# ::= {pilotAttributeType 4}
+#
+attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
+ DESC 'RFC1274: general information'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+
+
+# 9.3.5. Favourite Drink
+#
+# The Favourite Drink attribute type specifies the favourite drink of
+# an object (or person).
+#
+# favouriteDrink ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-favourite-drink))
+# ::= {pilotAttributeType 5}
+#
+attributetype ( 0.9.2342.19200300.100.1.5
+ NAME ( 'drink' 'favouriteDrink' )
+ DESC 'RFC1274: favorite drink'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.6. Room Number
+#
+# The Room Number attribute type specifies the room number of an
+# object. Note that the commonName attribute should be used for naming
+# room objects.
+#
+# roomNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-room-number))
+# ::= {pilotAttributeType 6}
+#
+attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
+ DESC 'RFC1274: room number'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.7. Photo
+#
+# The Photo attribute type specifies a "photograph" for an object.
+# This should be encoded in G3 fax as explained in recommendation T.4,
+# with an ASN.1 wrapper to make it compatible with an X.400 BodyPart as
+# defined in X.420.
+#
+# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules
+# information-objects }
+#
+# photo ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# CHOICE {
+# g3-facsimile [3] G3FacsimileBodyPart
+# }
+# (SIZE (1 .. ub-photo))
+# ::= {pilotAttributeType 7}
+#
+attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
+ DESC 'RFC1274: photo (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
+
+# 9.3.8. User Class
+#
+# The User Class attribute type specifies a category of computer user.
+# The semantics placed on this attribute are for local interpretation.
+# Examples of current usage od this attribute in academia are
+# undergraduate student, researcher, lecturer, etc. Note that the
+# organizationalStatus attribute may now often be preferred as it makes
+# no distinction between computer users and others.
+#
+# userClass ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-user-class))
+# ::= {pilotAttributeType 8}
+#
+attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
+ DESC 'RFC1274: category of user'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.9. Host
+#
+# The Host attribute type specifies a host computer.
+#
+# host ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-host))
+# ::= {pilotAttributeType 9}
+#
+attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
+ DESC 'RFC1274: host computer'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.10. Manager
+#
+# The Manager attribute type specifies the manager of an object
+# represented by an entry.
+#
+# manager ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 10}
+#
+attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
+ DESC 'RFC1274: DN of manager'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.11. Document Identifier
+#
+# The Document Identifier attribute type specifies a unique identifier
+# for a document.
+#
+# documentIdentifier ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-identifier))
+# ::= {pilotAttributeType 11}
+#
+attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
+ DESC 'RFC1274: unique identifier of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.12. Document Title
+#
+# The Document Title attribute type specifies the title of a document.
+#
+# documentTitle ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-title))
+# ::= {pilotAttributeType 12}
+#
+attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
+ DESC 'RFC1274: title of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.13. Document Version
+#
+# The Document Version attribute type specifies the version number of a
+# document.
+#
+# documentVersion ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-version))
+# ::= {pilotAttributeType 13}
+#
+attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
+ DESC 'RFC1274: version of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.14. Document Author
+#
+# The Document Author attribute type specifies the distinguished name
+# of the author of a document.
+#
+# documentAuthor ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 14}
+#
+attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
+ DESC 'RFC1274: DN of author of document'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.15. Document Location
+#
+# The Document Location attribute type specifies the location of the
+# document original.
+#
+# documentLocation ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-location))
+# ::= {pilotAttributeType 15}
+#
+attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
+ DESC 'RFC1274: location of document original'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.16. Home Telephone Number
+#
+# The Home Telephone Number attribute type specifies a home telephone
+# number associated with a person. Attribute values should follow the
+# agreed format for international telephone numbers: i.e., "+44 71 123
+# 4567".
+#
+# homeTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 20}
+#
+attributetype ( 0.9.2342.19200300.100.1.20
+ NAME ( 'homePhone' 'homeTelephoneNumber' )
+ DESC 'RFC1274: home telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+# 9.3.17. Secretary
+#
+# The Secretary attribute type specifies the secretary of a person.
+# The attribute value for Secretary is a distinguished name.
+#
+# secretary ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 21}
+#
+attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
+ DESC 'RFC1274: DN of secretary'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.18. Other Mailbox
+#
+# The Other Mailbox attribute type specifies values for electronic
+# mailbox types other than X.400 and rfc822.
+#
+# otherMailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# SEQUENCE {
+# mailboxType PrintableString, -- e.g. Telemail
+# mailbox IA5String -- e.g. X378:Joe
+# }
+# ::= {pilotAttributeType 22}
+#
+attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
+
+# 9.3.19. Last Modified Time
+#
+# The Last Modified Time attribute type specifies the last time, in UTC
+# time, that an entry was modified. Ideally, this attribute should be
+# maintained by the DSA.
+#
+# lastModifiedTime ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# uTCTimeSyntax
+# ::= {pilotAttributeType 23}
+#
+## Deprecated in favor of modifyTimeStamp
+#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
+# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
+# OBSOLETE
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
+# USAGE directoryOperation )
+
+# 9.3.20. Last Modified By
+#
+# The Last Modified By attribute specifies the distinguished name of
+# the last user to modify the associated entry. Ideally, this
+# attribute should be maintained by the DSA.
+#
+# lastModifiedBy ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 24}
+#
+## Deprecated in favor of modifiersName
+#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
+# DESC 'RFC1274: last modifier, replaced by modifiersName'
+# OBSOLETE
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+# USAGE directoryOperation )
+
+# 9.3.21. Domain Component
+#
+# The Domain Component attribute type specifies a DNS/NRS domain. For
+# example, "uk" or "ac".
+#
+# domainComponent ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# SINGLE VALUE
+# ::= {pilotAttributeType 25}
+#
+##(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# 9.3.22. DNS ARecord
+#
+# The A Record attribute type specifies a type A (Address) DNS resource
+# record [6] [7].
+#
+# aRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 26}
+#
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## missing from RFC1274
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.23. MX Record
+#
+# The MX Record attribute type specifies a type MX (Mail Exchange) DNS
+# resource record [6] [7].
+#
+# mXRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 28}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.24. NS Record
+#
+# The NS Record attribute type specifies an NS (Name Server) DNS
+# resource record [6] [7].
+#
+# nSRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 29}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.25. SOA Record
+#
+# The SOA Record attribute type specifies a type SOA (Start of
+# Authority) DNS resorce record [6] [7].
+#
+# sOARecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 30}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.26. CNAME Record
+#
+# The CNAME Record attribute type specifies a type CNAME (Canonical
+# Name) DNS resource record [6] [7].
+#
+# cNAMERecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# iA5StringSyntax
+# ::= {pilotAttributeType 31}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.27. Associated Domain
+#
+# The Associated Domain attribute type specifies a DNS or NRS domain
+# which is associated with an object in the DIT. For example, the entry
+# in the DIT with a distinguished name "C=GB, O=University College
+# London" would have an associated domain of "UCL.AC.UK. Note that all
+# domains should be represented in rfc822 order. See [3] for more
+# details of usage of this attribute.
+#
+# associatedDomain ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# ::= {pilotAttributeType 37}
+#
+#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
+# EQUALITY caseIgnoreIA5Match
+# SUBSTR caseIgnoreIA5SubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.28. Associated Name
+#
+# The Associated Name attribute type specifies an entry in the
+# organisational DIT associated with a DNS/NRS domain. See [3] for
+# more details of usage of this attribute.
+#
+# associatedName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 38}
+#
+attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
+ DESC 'RFC1274: DN of entry associated with domain'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.29. Home postal address
+#
+# The Home postal address attribute type specifies a home postal
+# address for an object. This should be limited to up to 6 lines of 30
+# characters each.
+#
+# homePostalAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# postalAddress
+# MATCHES FOR EQUALITY
+# ::= {pilotAttributeType 39}
+#
+attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
+ DESC 'RFC1274: home postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+# 9.3.30. Personal Title
+#
+# The Personal Title attribute type specifies a personal title for a
+# person. Examples of personal titles are "Ms", "Dr", "Prof" and "Rev".
+#
+# personalTitle ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-personal-title))
+# ::= {pilotAttributeType 40}
+#
+attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
+ DESC 'RFC1274: personal title'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.31. Mobile Telephone Number
+#
+# The Mobile Telephone Number attribute type specifies a mobile
+# telephone number associated with a person. Attribute values should
+# follow the agreed format for international telephone numbers: i.e.,
+# "+44 71 123 4567".
+#
+# mobileTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 41}
+#
+attributetype ( 0.9.2342.19200300.100.1.41
+ NAME ( 'mobile' 'mobileTelephoneNumber' )
+ DESC 'RFC1274: mobile telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+# 9.3.32. Pager Telephone Number
+#
+# The Pager Telephone Number attribute type specifies a pager telephone
+# number for an object. Attribute values should follow the agreed
+# format for international telephone numbers: i.e., "+44 71 123 4567".
+#
+# pagerTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 42}
+#
+attributetype ( 0.9.2342.19200300.100.1.42
+ NAME ( 'pager' 'pagerTelephoneNumber' )
+ DESC 'RFC1274: pager telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+# 9.3.33. Friendly Country Name
+#
+# The Friendly Country Name attribute type specifies names of countries
+# in human readable format. The standard attribute country name must
+# be one of the two-letter codes defined in ISO 3166.
+#
+# friendlyCountryName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# ::= {pilotAttributeType 43}
+#
+attributetype ( 0.9.2342.19200300.100.1.43
+ NAME ( 'co' 'friendlyCountryName' )
+ DESC 'RFC1274: friendly country name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 9.3.34. Unique Identifier
+#
+# The Unique Identifier attribute type specifies a "unique identifier"
+# for an object represented in the Directory. The domain within which
+# the identifier is unique, and the exact semantics of the identifier,
+# are for local definition. For a person, this might be an
+# institution-wide payroll number. For an organisational unit, it
+# might be a department code.
+#
+# uniqueIdentifier ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-unique-identifier))
+# ::= {pilotAttributeType 44}
+#
+attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
+ DESC 'RFC1274: unique identifer'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.35. Organisational Status
+#
+# The Organisational Status attribute type specifies a category by
+# which a person is often referred to in an organisation. Examples of
+# usage in academia might include undergraduate student, researcher,
+# lecturer, etc.
+#
+# A Directory administrator should probably consider carefully the
+# distinctions between this and the title and userClass attributes.
+#
+# organizationalStatus ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-organizational-status))
+# ::= {pilotAttributeType 45}
+#
+attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
+ DESC 'RFC1274: organizational status'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.36. Janet Mailbox
+#
+# The Janet Mailbox attribute type specifies an electronic mailbox
+# attribute following the syntax specified in the Grey Book of the
+# Coloured Book series. This attribute is intended for the convenience
+# of U.K users unfamiliar with rfc822 and little-endian mail addresses.
+# Entries using this attribute MUST also include an rfc822Mailbox
+# attribute.
+#
+# janetMailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# (SIZE (1 .. ub-janet-mailbox))
+# ::= {pilotAttributeType 46}
+#
+attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
+ DESC 'RFC1274: Janet mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# 9.3.37. Mail Preference Option
+#
+# An attribute to allow users to indicate a preference for inclusion of
+# their names on mailing lists (electronic or physical). The absence
+# of such an attribute should be interpreted as if the attribute was
+# present with value "no-list-inclusion". This attribute should be
+# interpreted by anyone using the directory to derive mailing lists,
+# and its value respected.
+#
+# mailPreferenceOption ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX ENUMERATED {
+# no-list-inclusion(0),
+# any-list-inclusion(1), -- may be added to any lists
+# professional-list-inclusion(2)
+# -- may be added to lists
+# -- which the list provider
+# -- views as related to the
+# -- users professional inter-
+# -- ests, perhaps evaluated
+# -- from the business of the
+# -- organisation or keywords
+# -- in the entry.
+# }
+# ::= {pilotAttributeType 47}
+#
+attributetype ( 0.9.2342.19200300.100.1.47
+ NAME 'mailPreferenceOption'
+ DESC 'RFC1274: mail preference option'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+# 9.3.38. Building Name
+#
+# The Building Name attribute type specifies the name of the building
+# where an organisation or organisational unit is based.
+#
+# buildingName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-building-name))
+# ::= {pilotAttributeType 48}
+#
+attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
+ DESC 'RFC1274: name of building'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.39. DSA Quality
+#
+# The DSA Quality attribute type specifies the purported quality of a
+# DSA. It allows a DSA manager to indicate the expected level of
+# availability of the DSA. See [8] for details of the syntax.
+#
+# dSAQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
+# SINGLE VALUE
+# ::= {pilotAttributeType 49}
+#
+attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
+ DESC 'RFC1274: DSA Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
+
+# 9.3.40. Single Level Quality
+#
+# The Single Level Quality attribute type specifies the purported data
+# quality at the level immediately below in the DIT. See [8] for
+# details of the syntax.
+#
+# singleLevelQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+# ::= {pilotAttributeType 50}
+#
+attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
+ DESC 'RFC1274: Single Level Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+# 9.3.41. Subtree Minimum Quality
+#
+# The Subtree Minimum Quality attribute type specifies the purported
+# minimum data quality for a DIT subtree. See [8] for more discussion
+# and details of the syntax.
+#
+# subtreeMinimumQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+# -- Defaults to singleLevelQuality
+# ::= {pilotAttributeType 51}
+#
+attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
+ DESC 'RFC1274: Subtree Mininum Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+# 9.3.42. Subtree Maximum Quality
+#
+# The Subtree Maximum Quality attribute type specifies the purported
+# maximum data quality for a DIT subtree. See [8] for more discussion
+# and details of the syntax.
+#
+# subtreeMaximumQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+# -- Defaults to singleLevelQuality
+# ::= {pilotAttributeType 52}
+#
+attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
+ DESC 'RFC1274: Subtree Maximun Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+# 9.3.43. Personal Signature
+#
+# The Personal Signature attribute type allows for a representation of
+# a person's signature. This should be encoded in G3 fax as explained
+# in recommendation T.4, with an ASN.1 wrapper to make it compatible
+# with an X.400 BodyPart as defined in X.420.
+#
+# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules
+# information-objects }
+#
+# personalSignature ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# CHOICE {
+# g3-facsimile [3] G3FacsimileBodyPart
+# }
+# (SIZE (1 .. ub-personal-signature))
+# ::= {pilotAttributeType 53}
+#
+attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
+ DESC 'RFC1274: Personal Signature (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )
+
+# 9.3.44. DIT Redirect
+#
+# The DIT Redirect attribute type is used to indicate that the object
+# described by one entry now has a newer entry in the DIT. The entry
+# containing the redirection attribute should be expired after a
+# suitable grace period. This attribute may be used when an individual
+# changes his/her place of work, and thus acquires a new organisational
+# DN.
+#
+# dITRedirect ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 54}
+#
+attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
+ DESC 'RFC1274: DIT Redirect'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.45. Audio
+#
+# The Audio attribute type allows the storing of sounds in the
+# Directory. The attribute uses a u-law encoded sound file as used by
+# the "play" utility on a Sun 4. This is an interim format.
+#
+# audio ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# Audio
+# (SIZE (1 .. ub-audio))
+# ::= {pilotAttributeType 55}
+#
+attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
+ DESC 'RFC1274: audio (u-law)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
+
+# 9.3.46. Publisher of Document
+#
+#
+# The Publisher of Document attribute is the person and/or organization
+# that published a document.
+#
+# documentPublisher ATTRIBUTE
+# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
+# ::= {pilotAttributeType 56}
+#
+attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
+ DESC 'RFC1274: publisher of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 9.4. Generally useful syntaxes
+#
+# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY SUBSTRINGS
+#
+# iA5StringSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY SUBSTRINGS
+#
+#
+# -- Syntaxes to support the DNS attributes
+#
+# DNSRecordSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY
+#
+#
+# NRSInformationSyntax ATTRIBUTE-SYNTAX
+# NRSInformation
+# MATCHES FOR EQUALITY
+#
+#
+# NRSInformation ::= SET {
+# [0] Context,
+# [1] Address-space-id,
+# routes [2] SEQUENCE OF SEQUENCE {
+# Route-cost,
+# Addressing-info }
+# }
+#
+#
+# 9.5. Upper bounds on length of attribute values
+#
+#
+# ub-document-identifier INTEGER ::= 256
+#
+# ub-document-location INTEGER ::= 256
+#
+# ub-document-title INTEGER ::= 256
+#
+# ub-document-version INTEGER ::= 256
+#
+# ub-favourite-drink INTEGER ::= 256
+#
+# ub-host INTEGER ::= 256
+#
+# ub-information INTEGER ::= 2048
+#
+# ub-unique-identifier INTEGER ::= 256
+#
+# ub-personal-title INTEGER ::= 256
+#
+# ub-photo INTEGER ::= 250000
+#
+# ub-rfc822-mailbox INTEGER ::= 256
+#
+# ub-room-number INTEGER ::= 256
+#
+# ub-text-or-address INTEGER ::= 256
+#
+# ub-user-class INTEGER ::= 256
+#
+# ub-user-identifier INTEGER ::= 256
+#
+# ub-organizational-status INTEGER ::= 256
+#
+# ub-janet-mailbox INTEGER ::= 256
+#
+# ub-building-name INTEGER ::= 256
+#
+# ub-personal-signature ::= 50000
+#
+# ub-audio INTEGER ::= 250000
+#
+
+# [back to 8]
+# 8. Object Classes
+#
+# 8.1. X.500 standard object classes
+#
+# A number of generally useful object classes are defined in X.521, and
+# these are supported. Refer to that document for descriptions of the
+# suggested usage of these object classes. The ASN.1 for these object
+# classes is reproduced for completeness in Appendix C.
+#
+# 8.2. X.400 standard object classes
+#
+# A number of object classes defined in X.400 are supported. Refer to
+# X.402 for descriptions of the usage of these object classes. The
+# ASN.1 for these object classes is reproduced for completeness in
+# Appendix C.
+#
+# 8.3. COSINE/Internet object classes
+#
+# This section attempts to fuse together the object classes designed
+# for use in the COSINE and Internet pilot activities. Descriptions
+# are given of the suggested usage of these object classes. The ASN.1
+# for these object classes is also reproduced in Appendix C.
+#
+# 8.3.1. Pilot Object
+#
+# The PilotObject object class is used as a sub-class to allow some
+# common, useful attributes to be assigned to entries of all other
+# object classes.
+#
+# pilotObject OBJECT-CLASS
+# SUBCLASS OF top
+# MAY CONTAIN {
+# info,
+# photo,
+# manager,
+# uniqueIdentifier,
+# lastModifiedTime,
+# lastModifiedBy,
+# dITRedirect,
+# audio}
+# ::= {pilotObjectClass 3}
+#
+#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject'
+# DESC 'RFC1274: pilot object'
+# SUP top AUXILIARY
+# MAY ( info $ photo $ manager $ uniqueIdentifier $
+# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio )
+# )
+
+# 8.3.2. Pilot Person
+#
+# The PilotPerson object class is used as a sub-class of person, to
+# allow the use of a number of additional attributes to be assigned to
+# entries of object class person.
+#
+# pilotPerson OBJECT-CLASS
+# SUBCLASS OF person
+# MAY CONTAIN {
+# userid,
+# textEncodedORAddress,
+# rfc822Mailbox,
+# favouriteDrink,
+# roomNumber,
+# userClass,
+# homeTelephoneNumber,
+# homePostalAddress,
+# secretary,
+# personalTitle,
+# preferredDeliveryMethod,
+# businessCategory,
+# janetMailbox,
+# otherMailbox,
+# mobileTelephoneNumber,
+# pagerTelephoneNumber,
+# organizationalStatus,
+# mailPreferenceOption,
+# personalSignature}
+# ::= {pilotObjectClass 4}
+#
+objectclass ( 0.9.2342.19200300.100.4.4
+ NAME ( 'pilotPerson' 'newPilotPerson' )
+ SUP person STRUCTURAL
+ MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $
+ favouriteDrink $ roomNumber $ userClass $
+ homeTelephoneNumber $ homePostalAddress $ secretary $
+ personalTitle $ preferredDeliveryMethod $ businessCategory $
+ janetMailbox $ otherMailbox $ mobileTelephoneNumber $
+ pagerTelephoneNumber $ organizationalStatus $
+ mailPreferenceOption $ personalSignature )
+ )
+
+# 8.3.3. Account
+#
+# The Account object class is used to define entries representing
+# computer accounts. The userid attribute should be used for naming
+# entries of this object class.
+#
+# account OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# userid}
+# MAY CONTAIN {
+# description,
+# seeAlso,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# host}
+# ::= {pilotObjectClass 5}
+#
+objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
+ SUP top STRUCTURAL
+ MUST userid
+ MAY ( description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $ host )
+ )
+
+# 8.3.4. Document
+#
+# The Document object class is used to define entries which represent
+# documents.
+#
+# document OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# documentIdentifier}
+# MAY CONTAIN {
+# commonName,
+# description,
+# seeAlso,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# documentTitle,
+# documentVersion,
+# documentAuthor,
+# documentLocation,
+# documentPublisher}
+# ::= {pilotObjectClass 6}
+#
+objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
+ SUP top STRUCTURAL
+ MUST documentIdentifier
+ MAY ( commonName $ description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $
+ documentTitle $ documentVersion $ documentAuthor $
+ documentLocation $ documentPublisher )
+ )
+
+# 8.3.5. Room
+#
+# The Room object class is used to define entries representing rooms.
+# The commonName attribute should be used for naming pentries of this
+# object class.
+#
+# room OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# roomNumber,
+# description,
+# seeAlso,
+# telephoneNumber}
+# ::= {pilotObjectClass 7}
+#
+objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
+ )
+
+# 8.3.6. Document Series
+#
+# The Document Series object class is used to define an entry which
+# represents a series of documents (e.g., The Request For Comments
+# papers).
+#
+# documentSeries OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# description,
+# seeAlso,
+# telephoneNumber,
+# localityName,
+# organizationName,
+# organizationalUnitName}
+# ::= {pilotObjectClass 9}
+#
+objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( description $ seeAlso $ telephonenumber $
+ localityName $ organizationName $ organizationalUnitName )
+ )
+
+# 8.3.7. Domain
+#
+# The Domain object class is used to define entries which represent DNS
+# or NRS domains. The domainComponent attribute should be used for
+# naming entries of this object class. The usage of this object class
+# is described in more detail in [3].
+#
+# domain OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# domainComponent}
+# MAY CONTAIN {
+# associatedName,
+# organizationName,
+# organizationalAttributeSet}
+# ::= {pilotObjectClass 13}
+#
+objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
+ SUP top STRUCTURAL
+ MUST domainComponent
+ MAY ( associatedName $ organizationName $ description $
+ businessCategory $ seeAlso $ searchGuide $ userPassword $
+ localityName $ stateOrProvinceName $ streetAddress $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
+ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+# 8.3.8. RFC822 Local Part
+#
+# The RFC822 Local Part object class is used to define entries which
+# represent the local part of RFC822 mail addresses. This treats this
+# part of an RFC822 address as a domain. The usage of this object
+# class is described in more detail in [3].
+#
+# rFC822localPart OBJECT-CLASS
+# SUBCLASS OF domain
+# MAY CONTAIN {
+# commonName,
+# surname,
+# description,
+# seeAlso,
+# telephoneNumber,
+# postalAttributeSet,
+# telecommunicationAttributeSet}
+# ::= {pilotObjectClass 14}
+#
+objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
+ SUP domain STRUCTURAL
+ MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $
+ telexNumber $ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+# 8.3.9. DNS Domain
+#
+# The DNS Domain (Domain NameServer) object class is used to define
+# entries for DNS domains. The usage of this object class is described
+# in more detail in [3].
+#
+# dNSDomain OBJECT-CLASS
+# SUBCLASS OF domain
+# MAY CONTAIN {
+# ARecord,
+# MDRecord,
+# MXRecord,
+# NSRecord,
+# SOARecord,
+# CNAMERecord}
+# ::= {pilotObjectClass 15}
+#
+objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
+ SUP domain STRUCTURAL
+ MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
+ SOARecord $ CNAMERecord )
+ )
+
+# 8.3.10. Domain Related Object
+#
+# The Domain Related Object object class is used to define entries
+# which represent DNS/NRS domains which are "equivalent" to an X.500
+# domain: e.g., an organisation or organisational unit. The usage of
+# this object class is described in more detail in [3].
+#
+# domainRelatedObject OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# associatedDomain}
+# ::= {pilotObjectClass 17}
+#
+objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+ DESC 'RFC1274: an object related to an domain'
+ SUP top AUXILIARY
+ MUST associatedDomain )
+
+# 8.3.11. Friendly Country
+#
+# The Friendly Country object class is used to define country entries
+# in the DIT. The object class is used to allow friendlier naming of
+# countries than that allowed by the object class country. The naming
+# attribute of object class country, countryName, has to be a 2 letter
+# string defined in ISO 3166.
+#
+# friendlyCountry OBJECT-CLASS
+# SUBCLASS OF country
+# MUST CONTAIN {
+# friendlyCountryName}
+# ::= {pilotObjectClass 18}
+#
+objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
+ SUP country STRUCTURAL
+ MUST friendlyCountryName )
+
+# 8.3.12. Simple Security Object
+#
+# The Simple Security Object object class is used to allow an entry to
+# have a userPassword attribute when an entry's principal object
+# classes do not allow userPassword as an attribute type.
+#
+# simpleSecurityObject OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# userPassword }
+# ::= {pilotObjectClass 19}
+#
+## (in core.schema)
+## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+## SUP top AUXILIARY
+## MUST userPassword )
+
+# 8.3.13. Pilot Organization
+#
+# The PilotOrganization object class is used as a sub-class of
+# organization and organizationalUnit to allow a number of additional
+# attributes to be assigned to entries of object classes organization
+# and organizationalUnit.
+#
+# pilotOrganization OBJECT-CLASS
+# SUBCLASS OF organization, organizationalUnit
+# MAY CONTAIN {
+# buildingName}
+# ::= {pilotObjectClass 20}
+#
+objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
+ SUP ( organization $ organizationalUnit ) STRUCTURAL
+ MAY buildingName )
+
+# 8.3.14. Pilot DSA
+#
+# The PilotDSA object class is used as a sub-class of the dsa object
+# class to allow additional attributes to be assigned to entries for
+# DSAs.
+#
+# pilotDSA OBJECT-CLASS
+# SUBCLASS OF dsa
+# MUST CONTAIN {
+# dSAQuality}
+# ::= {pilotObjectClass 21}
+#
+objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
+ SUP dsa STRUCTURAL
+ MAY dSAQuality )
+
+# 8.3.15. Quality Labelled Data
+#
+# The Quality Labelled Data object class is used to allow the
+# assignment of the data quality attributes to subtrees in the DIT.
+#
+# See [8] for more details.
+#
+# qualityLabelledData OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# dSAQuality}
+# MAY CONTAIN {
+# subtreeMinimumQuality,
+# subtreeMaximumQuality}
+# ::= {pilotObjectClass 22}
+objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
+ SUP top AUXILIARY
+ MUST dsaQuality
+ MAY ( subtreeMinimumQuality $ subtreeMaximumQuality )
+ )
+
+
+# References
+#
+# [1] CCITT/ISO, "X.500, The Directory - overview of concepts,
+# models and services, CCITT /ISO IS 9594.
+#
+# [2] Kille, S., "The THORN and RARE X.500 Naming Architecture, in
+# University College London, Department of Computer Science
+# Research Note 89/48, May 1989.
+#
+# [3] Kille, S., "X.500 and Domains", RFC 1279, University College
+# London, November 1991.
+#
+# [4] Rose, M., "PSI/NYSERNet White Pages Pilot Project: Status
+# Report", Technical Report 90-09-10-1, published by NYSERNet
+# Inc, 1990.
+#
+# [5] Craigie, J., "UK Academic Community Directory Service Pilot
+# Project, pp. 305-310 in Computer Networks and ISDN Systems
+# 17 (1989), published by North Holland.
+#
+# [6] Mockapetris, P., "Domain Names - Concepts and Facilities",
+# RFC 1034, USC/Information Sciences Institute, November 1987.
+#
+# [7] Mockapetris, P., "Domain Names - Implementation and
+# Specification, RFC 1035, USC/Information Sciences Institute,
+# November 1987.
+#
+# [8] Kille, S., "Handling QOS (Quality of service) in the
+# Directory," publication in process, March 1991.
+#
+#
+# APPENDIX C - Summary of all Object Classes and Attribute Types
+#
+# -- Some Important Object Identifiers
+#
+# data OBJECT IDENTIFIER ::= {ccitt 9}
+# pss OBJECT IDENTIFIER ::= {data 2342}
+# ucl OBJECT IDENTIFIER ::= {pss 19200300}
+# pilot OBJECT IDENTIFIER ::= {ucl 100}
+#
+# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
+# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
+# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
+# pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
+#
+# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
+# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
+# {pilotAttributeSyntax 5}
+#
+# -- Standard Object Classes
+#
+# top OBJECT-CLASS
+# MUST CONTAIN {
+# objectClass}
+# ::= {objectClass 0}
+#
+#
+# alias OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# aliasedObjectName}
+# ::= {objectClass 1}
+#
+#
+# country OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# countryName}
+# MAY CONTAIN {
+# description,
+# searchGuide}
+# ::= {objectClass 2}
+#
+#
+# locality OBJECT-CLASS
+# SUBCLASS OF top
+# MAY CONTAIN {
+# description,
+# localityName,
+# stateOrProvinceName,
+# searchGuide,
+# seeAlso,
+# streetAddress}
+# ::= {objectClass 3}
+#
+#
+# organization OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# organizationName}
+# MAY CONTAIN {
+# organizationalAttributeSet}
+# ::= {objectClass 4}
+#
+#
+# organizationalUnit OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# organizationalUnitName}
+# MAY CONTAIN {
+# organizationalAttributeSet}
+# ::= {objectClass 5}
+#
+#
+# person OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName,
+# surname}
+# MAY CONTAIN {
+# description,
+# seeAlso,
+# telephoneNumber,
+# userPassword}
+# ::= {objectClass 6}
+#
+#
+# organizationalPerson OBJECT-CLASS
+# SUBCLASS OF person
+# MAY CONTAIN {
+# localeAttributeSet,
+# organizationalUnitName,
+# postalAttributeSet,
+# telecommunicationAttributeSet,
+# title}
+# ::= {objectClass 7}
+#
+#
+# organizationalRole OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# description,
+# localeAttributeSet,
+# organizationalUnitName,
+# postalAttributeSet,
+# preferredDeliveryMethod,
+# roleOccupant,
+# seeAlso,
+# telecommunicationAttributeSet}
+# ::= {objectClass 8}
+#
+#
+# groupOfNames OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName,
+# member}
+# MAY CONTAIN {
+# description,
+# organizationName,
+# organizationalUnitName,
+# owner,
+# seeAlso,
+# businessCategory}
+# ::= {objectClass 9}
+#
+#
+# residentialPerson OBJECT-CLASS
+# SUBCLASS OF person
+# MUST CONTAIN {
+# localityName}
+# MAY CONTAIN {
+# localeAttributeSet,
+# postalAttributeSet,
+# preferredDeliveryMethod,
+# telecommunicationAttributeSet,
+# businessCategory}
+# ::= {objectClass 10}
+#
+#
+# applicationProcess OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# description,
+# localityName,
+# organizationalUnitName,
+# seeAlso}
+# ::= {objectClass 11}
+#
+#
+# applicationEntity OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName,
+# presentationAddress}
+# MAY CONTAIN {
+# description,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# seeAlso,
+# supportedApplicationContext}
+# ::= {objectClass 12}
+#
+#
+# dSA OBJECT-CLASS
+# SUBCLASS OF applicationEntity
+# MAY CONTAIN {
+# knowledgeInformation}
+# ::= {objectClass 13}
+#
+#
+# device OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# description,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# owner,
+# seeAlso,
+# serialNumber}
+# ::= {objectClass 14}
+#
+#
+# strongAuthenticationUser OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# userCertificate}
+# ::= {objectClass 15}
+#
+#
+# certificationAuthority OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# cACertificate,
+# certificateRevocationList,
+# authorityRevocationList}
+# MAY CONTAIN {
+# crossCertificatePair}
+# ::= {objectClass 16}
+#
+# -- Standard MHS Object Classes
+#
+# mhsDistributionList OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName,
+# mhsDLSubmitPermissions,
+# mhsORAddresses}
+# MAY CONTAIN {
+# description,
+# organizationName,
+# organizationalUnitName,
+# owner,
+# seeAlso,
+# mhsDeliverableContentTypes,
+# mhsdeliverableEits,
+# mhsDLMembers,
+# mhsPreferredDeliveryMethods}
+# ::= {mhsObjectClass 0}
+#
+#
+# mhsMessageStore OBJECT-CLASS
+# SUBCLASS OF applicationEntity
+# MAY CONTAIN {
+# description,
+# owner,
+# mhsSupportedOptionalAttributes,
+# mhsSupportedAutomaticActions,
+# mhsSupportedContentTypes}
+# ::= {mhsObjectClass 1}
+#
+#
+# mhsMessageTransferAgent OBJECT-CLASS
+# SUBCLASS OF applicationEntity
+# MAY CONTAIN {
+# description,
+# owner,
+# mhsDeliverableContentLength}
+# ::= {mhsObjectClass 2}
+#
+#
+# mhsOrganizationalUser OBJECT-CLASS
+# SUBCLASS OF organizationalPerson
+# MUST CONTAIN {
+# mhsORAddresses}
+# MAY CONTAIN {
+# mhsDeliverableContentLength,
+# mhsDeliverableContentTypes,
+# mhsDeliverableEits,
+# mhsMessageStoreName,
+# mhsPreferredDeliveryMethods }
+# ::= {mhsObjectClass 3}
+#
+#
+# mhsResidentialUser OBJECT-CLASS
+# SUBCLASS OF residentialPerson
+# MUST CONTAIN {
+# mhsORAddresses}
+# MAY CONTAIN {
+# mhsDeliverableContentLength,
+# mhsDeliverableContentTypes,
+# mhsDeliverableEits,
+# mhsMessageStoreName,
+# mhsPreferredDeliveryMethods }
+# ::= {mhsObjectClass 4}
+#
+#
+# mhsUserAgent OBJECT-CLASS
+# SUBCLASS OF applicationEntity
+# MAY CONTAIN {
+# mhsDeliverableContentLength,
+# mhsDeliverableContentTypes,
+# mhsDeliverableEits,
+# mhsORAddresses,
+# owner}
+# ::= {mhsObjectClass 5}
+#
+#
+#
+#
+# -- Pilot Object Classes
+#
+# pilotObject OBJECT-CLASS
+# SUBCLASS OF top
+# MAY CONTAIN {
+# info,
+# photo,
+# manager,
+# uniqueIdentifier,
+# lastModifiedTime,
+# lastModifiedBy,
+# dITRedirect,
+# audio}
+# ::= {pilotObjectClass 3}
+# pilotPerson OBJECT-CLASS
+# SUBCLASS OF person
+# MAY CONTAIN {
+# userid,
+# textEncodedORAddress,
+# rfc822Mailbox,
+# favouriteDrink,
+# roomNumber,
+# userClass,
+# homeTelephoneNumber,
+# homePostalAddress,
+# secretary,
+# personalTitle,
+# preferredDeliveryMethod,
+# businessCategory,
+# janetMailbox,
+# otherMailbox,
+# mobileTelephoneNumber,
+# pagerTelephoneNumber,
+# organizationalStatus,
+# mailPreferenceOption,
+# personalSignature}
+# ::= {pilotObjectClass 4}
+#
+#
+# account OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# userid}
+# MAY CONTAIN {
+# description,
+# seeAlso,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# host}
+# ::= {pilotObjectClass 5}
+#
+#
+# document OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# documentIdentifier}
+# MAY CONTAIN {
+# commonName,
+# description,
+# seeAlso,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# documentTitle,
+# documentVersion,
+# documentAuthor,
+# documentLocation,
+# documentPublisher}
+# ::= {pilotObjectClass 6}
+#
+#
+# room OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# roomNumber,
+# description,
+# seeAlso,
+# telephoneNumber}
+# ::= {pilotObjectClass 7}
+#
+#
+# documentSeries OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# description,
+# seeAlso,
+# telephoneNumber,
+# localityName,
+# organizationName,
+# organizationalUnitName}
+# ::= {pilotObjectClass 9}
+#
+#
+# domain OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# domainComponent}
+# MAY CONTAIN {
+# associatedName,
+# organizationName,
+# organizationalAttributeSet}
+# ::= {pilotObjectClass 13}
+#
+#
+# rFC822localPart OBJECT-CLASS
+# SUBCLASS OF domain
+# MAY CONTAIN {
+# commonName,
+# surname,
+# description,
+# seeAlso,
+# telephoneNumber,
+# postalAttributeSet,
+# telecommunicationAttributeSet}
+# ::= {pilotObjectClass 14}
+#
+#
+# dNSDomain OBJECT-CLASS
+# SUBCLASS OF domain
+# MAY CONTAIN {
+# ARecord,
+# MDRecord,
+# MXRecord,
+# NSRecord,
+# SOARecord,
+# CNAMERecord}
+# ::= {pilotObjectClass 15}
+#
+#
+# domainRelatedObject OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# associatedDomain}
+# ::= {pilotObjectClass 17}
+#
+#
+# friendlyCountry OBJECT-CLASS
+# SUBCLASS OF country
+# MUST CONTAIN {
+# friendlyCountryName}
+# ::= {pilotObjectClass 18}
+#
+#
+# simpleSecurityObject OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# userPassword }
+# ::= {pilotObjectClass 19}
+#
+#
+# pilotOrganization OBJECT-CLASS
+# SUBCLASS OF organization, organizationalUnit
+# MAY CONTAIN {
+# buildingName}
+# ::= {pilotObjectClass 20}
+#
+#
+# pilotDSA OBJECT-CLASS
+# SUBCLASS OF dsa
+# MUST CONTAIN {
+# dSAQuality}
+# ::= {pilotObjectClass 21}
+#
+#
+# qualityLabelledData OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# dSAQuality}
+# MAY CONTAIN {
+# subtreeMinimumQuality,
+# subtreeMaximumQuality}
+# ::= {pilotObjectClass 22}
+#
+#
+#
+#
+# -- Standard Attribute Types
+#
+# objectClass ObjectClass
+# ::= {attributeType 0}
+#
+#
+# aliasedObjectName AliasedObjectName
+# ::= {attributeType 1}
+#
+#
+# knowledgeInformation ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreString
+# ::= {attributeType 2}
+#
+#
+# commonName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-common-name))
+# ::= {attributeType 3}
+#
+#
+# surname ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-surname))
+# ::= {attributeType 4}
+#
+#
+# serialNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX printableStringSyntax
+# (SIZE (1..ub-serial-number))
+# ::= {attributeType 5}
+#
+#
+# countryName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX PrintableString
+# (SIZE (1..ub-country-code))
+# SINGLE VALUE
+# ::= {attributeType 6}
+#
+#
+# localityName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-locality-name))
+# ::= {attributeType 7}
+#
+#
+# stateOrProvinceName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-state-name))
+# ::= {attributeType 8}
+#
+#
+# streetAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-street-address))
+# ::= {attributeType 9}
+#
+#
+# organizationName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-organization-name))
+# ::= {attributeType 10}
+#
+#
+# organizationalUnitName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-organizational-unit-name))
+# ::= {attributeType 11}
+#
+#
+# title ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-title))
+# ::= {attributeType 12}
+#
+#
+# description ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-description))
+# ::= {attributeType 13}
+#
+#
+# searchGuide ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX Guide
+# ::= {attributeType 14}
+#
+#
+# businessCategory ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-business-category))
+# ::= {attributeType 15}
+#
+#
+# postalAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX PostalAddress
+# MATCHES FOR EQUALITY
+# ::= {attributeType 16}
+#
+#
+# postalCode ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-postal-code))
+# ::= {attributeType 17}
+#
+#
+# postOfficeBox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-post-office-box))
+# ::= {attributeType 18}
+#
+#
+# physicalDeliveryOfficeName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-physical-office-name))
+# ::= {attributeType 19}
+#
+#
+# telephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX telephoneNumberSyntax
+# (SIZE (1..ub-telephone-number))
+# ::= {attributeType 20}
+#
+#
+# telexNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX TelexNumber
+# (SIZE (1..ub-telex))
+# ::= {attributeType 21}
+#
+#
+# teletexTerminalIdentifier ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX TeletexTerminalIdentifier
+# (SIZE (1..ub-teletex-terminal-id))
+# ::= {attributeType 22}
+#
+#
+# facsimileTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX FacsimileTelephoneNumber
+# ::= {attributeType 23}
+#
+#
+# x121Address ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX NumericString
+# (SIZE (1..ub-x121-address))
+# ::= {attributeType 24}
+#
+#
+# internationaliSDNNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX NumericString
+# (SIZE (1..ub-isdn-address))
+# ::= {attributeType 25}
+#
+#
+# registeredAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX PostalAddress
+# ::= {attributeType 26}
+#
+#
+# destinationIndicator ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX PrintableString
+# (SIZE (1..ub-destination-indicator))
+# MATCHES FOR EQUALITY SUBSTRINGS
+# ::= {attributeType 27}
+#
+#
+# preferredDeliveryMethod ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX deliveryMethod
+# ::= {attributeType 28}
+#
+#
+# presentationAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX PresentationAddress
+# MATCHES FOR EQUALITY
+# ::= {attributeType 29}
+#
+#
+# supportedApplicationContext ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax
+# ::= {attributeType 30}
+#
+#
+# member ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+# ::= {attributeType 31}
+#
+#
+# owner ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+# ::= {attributeType 32}
+#
+#
+# roleOccupant ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+# ::= {attributeType 33}
+#
+#
+# seeAlso ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+# ::= {attributeType 34}
+#
+#
+# userPassword ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX Userpassword
+# ::= {attributeType 35}
+#
+#
+# userCertificate ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX UserCertificate
+# ::= {attributeType 36}
+#
+#
+# cACertificate ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX cACertificate
+# ::= {attributeType 37}
+#
+#
+# authorityRevocationList ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX AuthorityRevocationList
+# ::= {attributeType 38}
+#
+#
+# certificateRevocationList ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX CertificateRevocationList
+# ::= {attributeType 39}
+#
+#
+# crossCertificatePair ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX CrossCertificatePair
+# ::= {attributeType 40}
+#
+#
+#
+#
+# -- Standard MHS Attribute Types
+#
+# mhsDeliverableContentLength ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX integer
+# ::= {mhsAttributeType 0}
+#
+#
+# mhsDeliverableContentTypes ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oID
+# ::= {mhsAttributeType 1}
+#
+#
+# mhsDeliverableEits ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oID
+# ::= {mhsAttributeType 2}
+#
+#
+# mhsDLMembers ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oRName
+# ::= {mhsAttributeType 3}
+#
+#
+# mhsDLSubmitPermissions ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX dLSubmitPermission
+# ::= {mhsAttributeType 4}
+#
+#
+# mhsMessageStoreName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX dN
+# ::= {mhsAttributeType 5}
+#
+#
+# mhsORAddresses ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oRAddress
+# ::= {mhsAttributeType 6}
+#
+#
+# mhsPreferredDeliveryMethods ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX deliveryMethod
+# ::= {mhsAttributeType 7}
+#
+#
+# mhsSupportedAutomaticActions ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oID
+# ::= {mhsAttributeType 8}
+#
+#
+# mhsSupportedContentTypes ATTRIBUTE
+#
+# WITH ATTRIBUTE-SYNTAX oID
+# ::= {mhsAttributeType 9}
+#
+#
+# mhsSupportedOptionalAttributes ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oID
+# ::= {mhsAttributeType 10}
+#
+#
+#
+#
+# -- Pilot Attribute Types
+#
+# userid ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-user-identifier))
+# ::= {pilotAttributeType 1}
+#
+#
+# textEncodedORAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-text-encoded-or-address))
+# ::= {pilotAttributeType 2}
+#
+#
+# rfc822Mailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# (SIZE (1 .. ub-rfc822-mailbox))
+# ::= {pilotAttributeType 3}
+#
+#
+# info ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-information))
+# ::= {pilotAttributeType 4}
+#
+#
+# favouriteDrink ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-favourite-drink))
+# ::= {pilotAttributeType 5}
+#
+#
+# roomNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-room-number))
+# ::= {pilotAttributeType 6}
+#
+#
+# photo ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# CHOICE {
+# g3-facsimile [3] G3FacsimileBodyPart
+# }
+# (SIZE (1 .. ub-photo))
+# ::= {pilotAttributeType 7}
+#
+#
+# userClass ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-user-class))
+# ::= {pilotAttributeType 8}
+#
+#
+# host ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-host))
+# ::= {pilotAttributeType 9}
+#
+#
+# manager ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 10}
+#
+#
+# documentIdentifier ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-identifier))
+# ::= {pilotAttributeType 11}
+#
+#
+# documentTitle ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-title))
+# ::= {pilotAttributeType 12}
+#
+#
+# documentVersion ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-version))
+# ::= {pilotAttributeType 13}
+#
+#
+# documentAuthor ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 14}
+#
+#
+# documentLocation ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-location))
+# ::= {pilotAttributeType 15}
+#
+#
+# homeTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 20}
+#
+#
+# secretary ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 21}
+#
+#
+# otherMailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# SEQUENCE {
+# mailboxType PrintableString, -- e.g. Telemail
+# mailbox IA5String -- e.g. X378:Joe
+# }
+# ::= {pilotAttributeType 22}
+#
+#
+# lastModifiedTime ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# uTCTimeSyntax
+# ::= {pilotAttributeType 23}
+#
+#
+# lastModifiedBy ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 24}
+#
+#
+# domainComponent ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# SINGLE VALUE
+# ::= {pilotAttributeType 25}
+#
+#
+# aRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 26}
+#
+#
+# mXRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 28}
+#
+#
+# nSRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 29}
+#
+# sOARecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 30}
+#
+#
+# cNAMERecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# iA5StringSyntax
+# ::= {pilotAttributeType 31}
+#
+#
+# associatedDomain ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# ::= {pilotAttributeType 37}
+#
+#
+# associatedName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 38}
+#
+#
+# homePostalAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# postalAddress
+# MATCHES FOR EQUALITY
+# ::= {pilotAttributeType 39}
+#
+#
+# personalTitle ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-personal-title))
+# ::= {pilotAttributeType 40}
+#
+#
+# mobileTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 41}
+#
+#
+# pagerTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 42}
+#
+#
+# friendlyCountryName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# ::= {pilotAttributeType 43}
+#
+#
+# uniqueIdentifier ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-unique-identifier))
+# ::= {pilotAttributeType 44}
+#
+#
+# organizationalStatus ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-organizational-status))
+# ::= {pilotAttributeType 45}
+#
+#
+# janetMailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# (SIZE (1 .. ub-janet-mailbox))
+# ::= {pilotAttributeType 46}
+#
+#
+# mailPreferenceOption ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX ENUMERATED {
+# no-list-inclusion(0),
+# any-list-inclusion(1), -- may be added to any lists
+# professional-list-inclusion(2)
+# -- may be added to lists
+# -- which the list provider
+# -- views as related to the
+# -- users professional inter-
+# -- ests, perhaps evaluated
+# -- from the business of the
+# -- organisation or keywords
+# -- in the entry.
+# }
+# ::= {pilotAttributeType 47}
+#
+#
+# buildingName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-building-name))
+# ::= {pilotAttributeType 48}
+#
+#
+# dSAQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
+# SINGLE VALUE
+# ::= {pilotAttributeType 49}
+#
+#
+# singleLevelQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+#
+#
+# subtreeMinimumQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+# -- Defaults to singleLevelQuality
+# ::= {pilotAttributeType 51}
+#
+#
+# subtreeMaximumQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+# -- Defaults to singleLevelQuality
+# ::= {pilotAttributeType 52}
+#
+#
+# personalSignature ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# CHOICE {
+# g3-facsimile [3] G3FacsimileBodyPart
+# }
+# (SIZE (1 .. ub-personal-signature))
+# ::= {pilotAttributeType 53}
+#
+#
+# dITRedirect ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 54}
+#
+#
+# audio ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# Audio
+# (SIZE (1 .. ub-audio))
+# ::= {pilotAttributeType 55}
+#
+# documentPublisher ATTRIBUTE
+# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
+# ::= {pilotAttributeType 56}
+#
+#
+#
+# -- Generally useful syntaxes
+#
+#
+# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY SUBSTRINGS
+#
+#
+# iA5StringSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY SUBSTRINGS
+#
+#
+# -- Syntaxes to support the DNS attributes
+#
+# DNSRecordSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY
+#
+#
+# NRSInformationSyntax ATTRIBUTE-SYNTAX
+# NRSInformation
+# MATCHES FOR EQUALITY
+#
+#
+# NRSInformation ::= SET {
+# [0] Context,
+# [1] Address-space-id,
+# routes [2] SEQUENCE OF SEQUENCE {
+# Route-cost,
+# Addressing-info }
+# }
+#
+#
+# -- Upper bounds on length of attribute values
+#
+#
+# ub-document-identifier INTEGER ::= 256
+#
+# ub-document-location INTEGER ::= 256
+#
+# ub-document-title INTEGER ::= 256
+#
+# ub-document-version INTEGER ::= 256
+#
+# ub-favourite-drink INTEGER ::= 256
+#
+# ub-host INTEGER ::= 256
+#
+# ub-information INTEGER ::= 2048
+#
+# ub-unique-identifier INTEGER ::= 256
+#
+# ub-personal-title INTEGER ::= 256
+#
+# ub-photo INTEGER ::= 250000
+#
+# ub-rfc822-mailbox INTEGER ::= 256
+#
+# ub-room-number INTEGER ::= 256
+#
+# ub-text-or-address INTEGER ::= 256
+#
+# ub-user-class INTEGER ::= 256
+#
+# ub-user-identifier INTEGER ::= 256
+#
+# ub-organizational-status INTEGER ::= 256
+#
+# ub-janet-mailbox INTEGER ::= 256
+#
+# ub-building-name INTEGER ::= 256
+#
+# ub-personal-signature ::= 50000
+#
+# ub-audio INTEGER ::= 250000
+#
+# [remainder of memo trimmed]
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema/dyngroup.schema
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema/dyngroup.schema (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema/dyngroup.schema 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,44 @@
+# dyngroup.schema -- Dynamic Group schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.schema,v 1.3.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Dynamic Group schema (experimental), as defined by Netscape. See
+# http://enterprise.netscape.com/docs/enterprise/60/admin/esusrgrp.htm#1019520
+# for details.
+#
+# depends upon:
+# core.schema
+#
+# These definitions are considered experimental due to the lack of
+# a formal specification (e.g., RFC).
+#
+# Not recommended for production use! Use with caution!
+
+objectIdentifier NetscapeRoot 2.16.840.1.113730
+
+objectIdentifier NetscapeLDAP NetscapeRoot:3
+objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1
+objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2
+
+attributetype ( NetscapeLDAPattributeType:198
+ NAME 'memberURL'
+ DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.'
+ SUP labeledURI )
+
+objectClass ( NetscapeLDAPobjectClass:33
+ NAME 'groupOfURLs'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( memberURL $ businessCategory $ description $ o $ ou $
+ owner $ seeAlso ) )
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema/inetorgperson.schema
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema/inetorgperson.schema (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema/inetorgperson.schema 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,155 @@
+# inetorgperson.schema -- InetOrgPerson (RFC2798)
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.schema,v 1.16.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# InetOrgPerson (RFC2798)
+#
+# Depends upon
+# Definition of an X.500 Attribute Type and an Object Class to Hold
+# Uniform Resource Identifiers (URIs) [RFC2079]
+# (core.schema)
+#
+# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
+# (core.schema)
+#
+# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
+
+# carLicense
+# This multivalued field is used to record the values of the license or
+# registration plate associated with an individual.
+attributetype ( 2.16.840.1.113730.3.1.1
+ NAME 'carLicense'
+ DESC 'RFC2798: vehicle license or registration plate'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# departmentNumber
+# Code for department to which a person belongs. This can also be
+# strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).
+attributetype ( 2.16.840.1.113730.3.1.2
+ NAME 'departmentNumber'
+ DESC 'RFC2798: identifies a department within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# displayName
+# When displaying an entry, especially within a one-line summary list, it
+# is useful to be able to identify a name to be used. Since other attri-
+# bute types such as 'cn' are multivalued, an additional attribute type is
+# needed. Display name is defined for this purpose.
+attributetype ( 2.16.840.1.113730.3.1.241
+ NAME 'displayName'
+ DESC 'RFC2798: preferred name to be used when displaying entries'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# employeeNumber
+# Numeric or alphanumeric identifier assigned to a person, typically based
+# on order of hire or association with an organization. Single valued.
+attributetype ( 2.16.840.1.113730.3.1.3
+ NAME 'employeeNumber'
+ DESC 'RFC2798: numerically identifies an employee within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# employeeType
+# Used to identify the employer to employee relationship. Typical values
+# used will be "Contractor", "Employee", "Intern", "Temp", "External", and
+# "Unknown" but any value may be used.
+attributetype ( 2.16.840.1.113730.3.1.4
+ NAME 'employeeType'
+ DESC 'RFC2798: type of employment for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# jpegPhoto
+# Used to store one or more images of a person using the JPEG File
+# Interchange Format [JFIF].
+# Note that the jpegPhoto attribute type was defined for use in the
+# Internet X.500 pilots but no referencable definition for it could be
+# located.
+attributetype ( 0.9.2342.19200300.100.1.60
+ NAME 'jpegPhoto'
+ DESC 'RFC2798: a JPEG image'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+
+# preferredLanguage
+# Used to indicate an individual's preferred written or spoken
+# language. This is useful for international correspondence or human-
+# computer interaction. Values for this attribute type MUST conform to
+# the definition of the Accept-Language header field defined in
+# [RFC2068] with one exception: the sequence "Accept-Language" ":"
+# should be omitted. This is a single valued attribute type.
+attributetype ( 2.16.840.1.113730.3.1.39
+ NAME 'preferredLanguage'
+ DESC 'RFC2798: preferred written or spoken language for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# userSMIMECertificate
+# A PKCS#7 [RFC2315] SignedData, where the content that is signed is
+# ignored by consumers of userSMIMECertificate values. It is
+# recommended that values have a `contentType' of data with an absent
+# `content' field. Values of this attribute contain a person's entire
+# certificate chain and an smimeCapabilities field [RFC2633] that at a
+# minimum describes their SMIME algorithm capabilities. Values for
+# this attribute are to be stored and requested in binary form, as
+# 'userSMIMECertificate;binary'. If available, this attribute is
+# preferred over the userCertificate attribute for S/MIME applications.
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.40
+ NAME 'userSMIMECertificate'
+ DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+# userPKCS12
+# PKCS #12 [PKCS12] provides a format for exchange of personal identity
+# information. When such information is stored in a directory service,
+# the userPKCS12 attribute should be used. This attribute is to be stored
+# and requested in binary form, as 'userPKCS12;binary'. The attribute
+# values are PFX PDUs stored as binary data.
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.216
+ NAME 'userPKCS12'
+ DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+
+# inetOrgPerson
+# The inetOrgPerson represents people who are associated with an
+# organization in some way. It is a structural class and is derived
+# from the organizationalPerson which is defined in X.521 [X521].
+objectclass ( 2.16.840.1.113730.3.2.2
+ NAME 'inetOrgPerson'
+ DESC 'RFC2798: Internet Organizational Person'
+ SUP organizationalPerson
+ STRUCTURAL
+ MAY (
+ audio $ businessCategory $ carLicense $ departmentNumber $
+ displayName $ employeeNumber $ employeeType $ givenName $
+ homePhone $ homePostalAddress $ initials $ jpegPhoto $
+ labeledURI $ mail $ manager $ mobile $ o $ pager $
+ photo $ roomNumber $ secretary $ uid $ userCertificate $
+ x500uniqueIdentifier $ preferredLanguage $
+ userSMIMECertificate $ userPKCS12 )
+ )
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema/java.schema
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema/java.schema (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema/java.schema 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,403 @@
+# java.schema -- Java Object Schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.5.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Java Object Schema (defined in RFC 2713)
+# depends upon core.schema
+#
+
+# Network Working Group V. Ryan
+# Request for Comments: 2713 S. Seligman
+# Category: Informational R. Lee
+# Sun Microsystems, Inc.
+# October 1999
+#
+#
+# Schema for Representing Java(tm) Objects in an LDAP Directory
+#
+# Status of this Memo
+#
+# This memo provides information for the Internet community. It does
+# not specify an Internet standard of any kind. Distribution of this
+# memo is unlimited.
+#
+# Copyright Notice
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# Abstract
+#
+# This document defines the schema for representing Java(tm) objects in
+# an LDAP directory [LDAPv3]. It defines schema elements to represent
+# a Java serialized object [Serial], a Java marshalled object [RMI], a
+# Java remote object [RMI], and a JNDI reference [JNDI].
+#
+
+# [trimmed]
+
+# 3 Attribute Type Definitions
+#
+# The following attribute types are defined in this document:
+#
+# javaClassName
+# javaClassNames
+# javaCodebase
+# javaSerializedData
+# javaFactory
+# javaReferenceAddress
+# javaDoc
+#
+# 3.1 javaClassName
+#
+# This attribute stores the fully qualified name of the Java object's
+# "distinguished" class or interface (for example, "java.lang.String").
+# It is a single-valued attribute. This attribute's syntax is '
+# Directory String' and its case is significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.6
+# NAME 'javaClassName'
+# DESC 'Fully qualified name of distinguished Java class or
+# interface'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# SINGLE-VALUE
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6
+ NAME 'javaClassName'
+ DESC 'Fully qualified name of distinguished Java class or interface'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# 3.2 javaCodebase
+#
+# This attribute stores the Java class definition's locations. It
+# specifies the locations from which to load the class definition for
+# the class specified by the javaClassName attribute. Each value of
+# the attribute contains an ordered list of URLs, separated by spaces.
+# For example, a value of "url1 url2 url3" means that the three
+# (possibly interdependent) URLs (url1, url2, and url3) form the
+# codebase for loading in the Java class definition.
+#
+# If the javaCodebase attribute contains more than one value, each
+# value is an independent codebase. That is, there is no relationship
+# between the URLs in one value and those in another; each value can be
+# viewed as an alternate source for loading the Java class definition.
+# See [Java] for information regarding class loading.
+#
+# This attribute's syntax is 'IA5 String' and its case is significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.7
+# NAME 'javaCodebase'
+# DESC 'URL(s) specifying the location of class definition'
+# EQUALITY caseExactIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7
+ NAME 'javaCodebase'
+ DESC 'URL(s) specifying the location of class definition'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 3.3 javaClassNames
+#
+# This attribute stores the Java object's fully qualified class or
+# interface names (for example, "java.lang.String"). It is a
+# multivalued attribute. When more than one value is present, each is
+# the name of a class or interface, or ancestor class or interface, of
+# this object.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.13
+# NAME 'javaClassNames'
+# DESC 'Fully qualified Java class or interface name'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# )
+#
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13
+ NAME 'javaClassNames'
+ DESC 'Fully qualified Java class or interface name'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 3.4 javaSerializedData
+#
+# This attribute stores the serialized form of a Java object. The
+# serialized form is described in [Serial].
+#
+# This attribute's syntax is 'Octet String'.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.8
+# NAME 'javaSerializedData
+# DESC 'Serialized form of a Java object'
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+# SINGLE-VALUE
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8
+ NAME 'javaSerializedData'
+ DESC 'Serialized form of a Java object'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE )
+
+# 3.5 javaFactory
+#
+# This attribute stores the fully qualified class name of the object
+# factory (for example, "com.wiz.jndi.WizObjectFactory") that can be
+# used to create an instance of the object identified by the
+# javaClassName attribute.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.10
+# NAME 'javaFactory'
+# DESC 'Fully qualified Java class name of a JNDI object factory'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# SINGLE-VALUE
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10
+ NAME 'javaFactory'
+ DESC 'Fully qualified Java class name of a JNDI object factory'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# 3.6 javaReferenceAddress
+#
+# This attribute represents the sequence of addresses of a JNDI
+# reference. Each of its values represents one address, a Java object
+# of type javax.naming.RefAddr. Its value is a concatenation of the
+# address type and address contents, preceded by a sequence number (the
+# order of addresses in a JNDI reference is significant). For example:
+#
+# #0#TypeA#ValA
+# #1#TypeB#ValB
+# #2#TypeC##rO0ABXNyABpq...
+#
+# In more detail, the value is encoded as follows:
+#
+# The delimiter is the first character of the value. For readability
+# the character '#' is recommended when it is not otherwise used
+# anywhere in the value, but any character may be used subject to
+# restrictions given below.
+#
+# The first delimiter is followed by the sequence number. The sequence
+# number of an address is its position in the JNDI reference, with the
+# first address being numbered 0. It is represented by its shortest
+# string form, in decimal notation.
+#
+# The sequence number is followed by a delimiter, then by the address
+# type, and then by another delimiter. If the address is of Java class
+# javax.naming.StringRefAddr, then this delimiter is followed by the
+# value of the address contents (which is a string). Otherwise, this
+# delimiter is followed immediately by another delimiter, and then by
+# the Base64 encoding of the serialized form of the entire address.
+#
+# The delimiter may be any character other than a digit or a character
+# contained in the address type. In addition, if the address contents
+# is a string, the delimiter may not be the first character of that
+# string.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant. It can contain multiple values.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.11
+# NAME 'javaReferenceAddress'
+# DESC 'Addresses associated with a JNDI Reference'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11
+ NAME 'javaReferenceAddress'
+ DESC 'Addresses associated with a JNDI Reference'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 3.7 javaDoc
+#
+# This attribute stores a pointer to the Java documentation for the
+# class. It's value is a URL. For example, the following URL points to
+# the specification of the java.lang.String class:
+# http://java.sun.com/products/jdk/1.2/docs/api/java/lang/String.html
+#
+# This attribute's syntax is 'IA5 String' and its case is significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.12
+# NAME 'javaDoc'
+# DESC 'The Java documentation for the class'
+# EQUALITY caseExactIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12
+ NAME 'javaDoc'
+ DESC 'The Java documentation for the class'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 4 Object Class Definitions
+#
+# The following object classes are defined in this document:
+#
+# javaContainer
+# javaObject
+# javaSerializedObject
+# javaMarshalledObject
+# javaNamingReference
+#
+# 4.1 javaContainer
+#
+# This structural object class represents a container for a Java
+# object.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.1
+# NAME 'javaContainer'
+# DESC 'Container for a Java object'
+# SUP top
+# STRUCTURAL
+# MUST ( cn )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
+ NAME 'javaContainer'
+ DESC 'Container for a Java object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+# 4.2 javaObject
+#
+# This abstract object class represents a Java object. A javaObject
+# cannot exist in the directory; only auxiliary or structural
+# subclasses of it can exist in the directory.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.4
+# NAME 'javaObject'
+# DESC 'Java object representation'
+# SUP top
+# ABSTRACT
+# MUST ( javaClassName )
+# MAY ( javaClassNames $
+# javaCodebase $
+# javaDoc $
+# description )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4
+ NAME 'javaObject'
+ DESC 'Java object representation'
+ SUP top
+ ABSTRACT
+ MUST javaClassName
+ MAY ( javaClassNames $ javaCodebase $
+ javaDoc $ description ) )
+
+# 4.3 javaSerializedObject
+#
+# This auxiliary object class represents a Java serialized object. It
+# must be mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.5
+# NAME 'javaSerializedObject'
+# DESC 'Java serialized object'
+# SUP javaObject
+# AUXILIARY
+# MUST ( javaSerializedData )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5
+ NAME 'javaSerializedObject'
+ DESC 'Java serialized object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+# 4.4 javaMarshalledObject
+#
+# This auxiliary object class represents a Java marshalled object. It
+# must be mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.8
+# NAME 'javaMarshalledObject'
+# DESC 'Java marshalled object'
+# SUP javaObject
+# AUXILIARY
+# MUST ( javaSerializedData )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8
+ NAME 'javaMarshalledObject'
+ DESC 'Java marshalled object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+# 4.5 javaNamingReference
+#
+# This auxiliary object class represents a JNDI reference. It must be
+# mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.7
+# NAME 'javaNamingReference'
+# DESC 'JNDI reference'
+# SUP javaObject
+# AUXILIARY
+# MAY ( javaReferenceAddress $
+# javaFactory )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7
+ NAME 'javaNamingReference'
+ DESC 'JNDI reference'
+ SUP javaObject
+ AUXILIARY
+ MAY ( javaReferenceAddress $ javaFactory ) )
+
+# Full Copyright Statement
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# This document and translations of it may be copied and furnished to
+# others, and derivative works that comment on or otherwise explain it
+# or assist in its implementation may be prepared, copied, published
+# and distributed, in whole or in part, without restriction of any
+# kind, provided that the above copyright notice and this paragraph are
+# included on all such copies and derivative works. However, this
+# document itself may not be modified in any way, such as by removing
+# the copyright notice or references to the Internet Society or other
+# Internet organizations, except as needed for the purpose of
+# developing Internet standards in which case the procedures for
+# copyrights defined in the Internet Standards process must be
+# followed, or as required to translate it into languages other than
+# English.
+#
+# The limited permissions granted above are perpetual and will not be
+# revoked by the Internet Society or its successors or assigns.
+#
+# This document and the information contained herein is provided on an
+# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema/misc.schema
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema/misc.schema (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema/misc.schema 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,75 @@
+# misc.schema -- assorted schema definitions
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/misc.schema,v 1.27.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Assorted definitions from several sources, including
+# ''works in progress''. Contents of this file are
+# subject to change (including deletion) without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+#-----------------------------------------------------------
+# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!!
+# (a work in progress)
+#
+attributetype ( 2.16.840.1.113730.3.1.13
+ NAME 'mailLocalAddress'
+ DESC 'RFC822 email address of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 2.16.840.1.113730.3.1.18
+ NAME 'mailHost'
+ DESC 'FQDN of the SMTP/MTA of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.47
+ NAME 'mailRoutingAddress'
+ DESC 'RFC822 routing address of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+# I-D leaves this OID TBD.
+# iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an
+# improperly delegated OID. A typo is likely.
+objectclass ( 2.16.840.1.113730.3.2.147
+ NAME 'inetLocalMailRecipient'
+ DESC 'Internet local mail recipient'
+ SUP top AUXILIARY
+ MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )
+
+#-----------------------------------------------------------
+# draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!!
+# (a work in progress)
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15
+ NAME 'rfc822MailMember'
+ DESC 'rfc822 mail address of group member(s)'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#-----------------------------------------------------------
+# !!!no I-D!!!
+# (a work in progress)
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
+ NAME 'nisMailAlias'
+ DESC 'NIS mail alias'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY rfc822MailMember )
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema/nis.schema
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema/nis.schema (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema/nis.schema 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,237 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.schema,v 1.10.2.7 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# Definitions from RFC2307 (Experimental)
+# An Approach for Using LDAP as a Network Information Service
+
+# Depends upon core.schema and cosine.schema
+
+# Note: The definitions in RFC2307 are given in syntaxes closely related
+# to those in RFC2252, however, some liberties are taken that are not
+# supported by RFC2252. This file has been written following RFC2252
+# strictly.
+
+# OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1).
+# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1
+#
+# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined)
+# validaters for these syntaxes are incomplete, they only
+# implement printable string validation (which is good as the
+# common use of these syntaxes violates the specification).
+# Attribute types are under 1.3.6.1.1.1.1
+# Object classes are under 1.3.6.1.1.1.2
+
+# Attribute Type Definitions
+
+# builtin
+#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
+# DESC 'An integer uniquely identifying a user in an administrative domain'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# builtin
+#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
+# DESC 'An integer uniquely identifying a group in an administrative domain'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
+ DESC 'The GECOS field; the common name'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
+ DESC 'The absolute path to the home directory'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
+ DESC 'The path to the login shell'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
+ DESC 'Netgroup triple'
+ SYNTAX 1.3.6.1.1.1.0.0 )
+
+attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
+ SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
+ DESC 'IP address'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
+ DESC 'IP network'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
+ DESC 'IP netmask'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
+ DESC 'MAC address'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
+ DESC 'rpc.bootparamd parameter'
+ SYNTAX 1.3.6.1.1.1.0.1 )
+
+attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
+ DESC 'Boot image name'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
+ SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE )
+
+# Object Class Definitions
+
+objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
+ DESC 'Abstraction of an account with POSIX attributes'
+ SUP top AUXILIARY
+ MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
+ MAY ( userPassword $ loginShell $ gecos $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount'
+ DESC 'Additional attributes for shadow passwords'
+ SUP top AUXILIARY
+ MUST uid
+ MAY ( userPassword $ shadowLastChange $ shadowMin $
+ shadowMax $ shadowWarning $ shadowInactive $
+ shadowExpire $ shadowFlag $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
+ DESC 'Abstraction of a group of accounts'
+ SUP top STRUCTURAL
+ MUST ( cn $ gidNumber )
+ MAY ( userPassword $ memberUid $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService'
+ DESC 'Abstraction an Internet Protocol service'
+ SUP top STRUCTURAL
+ MUST ( cn $ ipServicePort $ ipServiceProtocol )
+ MAY ( description ) )
+
+objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol'
+ DESC 'Abstraction of an IP protocol'
+ SUP top STRUCTURAL
+ MUST ( cn $ ipProtocolNumber $ description )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc'
+ DESC 'Abstraction of an ONC/RPC binding'
+ SUP top STRUCTURAL
+ MUST ( cn $ oncRpcNumber $ description )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost'
+ DESC 'Abstraction of a host, an IP device'
+ SUP top AUXILIARY
+ MUST ( cn $ ipHostNumber )
+ MAY ( l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork'
+ DESC 'Abstraction of an IP network'
+ SUP top STRUCTURAL
+ MUST ( cn $ ipNetworkNumber )
+ MAY ( ipNetmaskNumber $ l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
+ DESC 'Abstraction of a netgroup'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap'
+ DESC 'A generic abstraction of a NIS map'
+ SUP top STRUCTURAL
+ MUST nisMapName
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject'
+ DESC 'An entry in a NIS map'
+ SUP top STRUCTURAL
+ MUST ( cn $ nisMapEntry $ nisMapName )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device'
+ DESC 'A device with a MAC address'
+ SUP top AUXILIARY
+ MAY macAddress )
+
+objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
+ DESC 'A device with boot parameters'
+ SUP top AUXILIARY
+ MAY ( bootFile $ bootParameter ) )
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema/openldap.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema/openldap.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema/openldap.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,87 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.ldif,v 1.1.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+#
+# OpenLDAP Project's directory schema items
+#
+# depends upon:
+# core.schema
+# cosine.schema
+# inetorgperson.schema
+#
+# These are provided for informational purposes only.
+#
+# This openldap.ldif file is provided as a demonstration of how to
+# convert a *.schema file into *.ldif format. The key points:
+# In LDIF, a blank line terminates an entry. Blank lines in a *.schema
+# file should be replaced with a single '#' to turn them into
+# comments, or they should just be removed.
+# In addition to the actual schema directives, the file needs a small
+# header to make it a valid LDAP entry. This header must provide the
+# dn of the entry, the objectClass, and the cn, as shown here:
+#
+dn: cn=openldap,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: openldap
+#
+# The schema directives need to be changed to LDAP Attributes.
+# First a basic string substitution can be done on each of the keywords:
+# objectIdentifier -> olcObjectIdentifier:
+# objectClass -> olcObjectClasses:
+# attributeType -> olcAttributeTypes:
+# Then leading whitespace must be fixed. The slapd.conf format allows
+# tabs or spaces to denote line continuation, while LDIF only allows
+# the space character.
+# Also slapd.conf preserves the continuation character, while LDIF strips
+# it out. So a single TAB/SPACE in slapd.conf must be replaced with
+# two SPACEs in LDIF, otherwise the continued text may get joined as
+# a single word.
+# The directives must be listed in a proper sequence:
+# All olcObjectIdentifiers must be first, so they may be referenced by
+# any following definitions.
+# All olcAttributeTypes must be next, so they may be referenced by any
+# following objectClass definitions.
+# All olcObjectClasses must be after the olcAttributeTypes.
+# And of course, any superior must occur before anything that inherits
+# from it.
+#
+olcObjectIdentifier: OpenLDAProot 1.3.6.1.4.1.4203
+#
+olcObjectIdentifier: OpenLDAP OpenLDAProot:1
+olcObjectIdentifier: OpenLDAPattributeType OpenLDAP:3
+olcObjectIdentifier: OpenLDAPobjectClass OpenLDAP:4
+#
+olcObjectClasses: ( OpenLDAPobjectClass:3
+ NAME 'OpenLDAPorg'
+ DESC 'OpenLDAP Organizational Object'
+ SUP organization
+ MAY ( buildingName $ displayName $ labeledURI ) )
+#
+olcObjectClasses: ( OpenLDAPobjectClass:4
+ NAME 'OpenLDAPou'
+ DESC 'OpenLDAP Organizational Unit Object'
+ SUP organizationalUnit
+ MAY ( buildingName $ displayName $ labeledURI $ o ) )
+#
+olcObjectClasses: ( OpenLDAPobjectClass:5
+ NAME 'OpenLDAPperson'
+ DESC 'OpenLDAP Person'
+ SUP ( pilotPerson $ inetOrgPerson )
+ MUST ( uid $ cn )
+ MAY ( givenName $ labeledURI $ o ) )
+#
+olcObjectClasses: ( OpenLDAPobjectClass:6
+ NAME 'OpenLDAPdisplayableObject'
+ DESC 'OpenLDAP Displayable Object'
+ MAY displayName AUXILIARY )
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema/openldap.schema
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema/openldap.schema (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema/openldap.schema 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,53 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.schema,v 1.19.2.4 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+#
+# OpenLDAP Project's directory schema items
+#
+# depends upon:
+# core.schema
+# cosine.schema
+# inetorgperson.schema
+#
+# These are provided for informational purposes only.
+
+objectIdentifier OpenLDAProot 1.3.6.1.4.1.4203
+
+objectIdentifier OpenLDAP OpenLDAProot:1
+objectIdentifier OpenLDAPattributeType OpenLDAP:3
+objectIdentifier OpenLDAPobjectClass OpenLDAP:4
+
+objectClass ( OpenLDAPobjectClass:3
+ NAME 'OpenLDAPorg'
+ DESC 'OpenLDAP Organizational Object'
+ SUP organization
+ MAY ( buildingName $ displayName $ labeledURI ) )
+
+objectClass ( OpenLDAPobjectClass:4
+ NAME 'OpenLDAPou'
+ DESC 'OpenLDAP Organizational Unit Object'
+ SUP organizationalUnit
+ MAY ( buildingName $ displayName $ labeledURI $ o ) )
+
+objectClass ( OpenLDAPobjectClass:5
+ NAME 'OpenLDAPperson'
+ DESC 'OpenLDAP Person'
+ SUP ( pilotPerson $ inetOrgPerson )
+ MUST ( uid $ cn )
+ MAY ( givenName $ labeledURI $ o ) )
+
+objectClass ( OpenLDAPobjectClass:6
+ NAME 'OpenLDAPdisplayableObject'
+ DESC 'OpenLDAP Displayable Object'
+ MAY displayName AUXILIARY )
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema/ppolicy.schema
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema/ppolicy.schema (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema/ppolicy.schema 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,531 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.2.2.4 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (2004).
+## Please see full copyright statement below.
+
+# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
+# Password Policy for LDAP Directories
+# With extensions from Hewlett-Packard:
+# pwdCheckModule etc.
+
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+#Network Working Group J. Sermersheim
+#Internet-Draft Novell, Inc
+#Expires: April 24, 2005 L. Poitou
+# Sun Microsystems
+# October 24, 2004
+#
+#
+# Password Policy for LDAP Directories
+# draft-behera-ldap-password-policy-08.txt
+#
+#Status of this Memo
+#
+# This document is an Internet-Draft and is subject to all provisions
+# of section 3 of RFC 3667. By submitting this Internet-Draft, each
+# author represents that any applicable patent or other IPR claims of
+# which he or she is aware have been or will be disclosed, and any of
+# which he or she become aware will be disclosed, in accordance with
+# RFC 3668.
+#
+# Internet-Drafts are working documents of the Internet Engineering
+# Task Force (IETF), its areas, and its working groups. Note that
+# other groups may also distribute working documents as
+# Internet-Drafts.
+#
+# Internet-Drafts are draft documents valid for a maximum of six months
+# and may be updated, replaced, or obsoleted by other documents at any
+# time. It is inappropriate to use Internet-Drafts as reference
+# material or to cite them other than as "work in progress."
+#
+# The list of current Internet-Drafts can be accessed at
+# http://www.ietf.org/ietf/1id-abstracts.txt.
+#
+# The list of Internet-Draft Shadow Directories can be accessed at
+# http://www.ietf.org/shadow.html.
+#
+# This Internet-Draft will expire on April 24, 2005.
+#
+#Copyright Notice
+#
+# Copyright (C) The Internet Society (2004).
+#
+#Abstract
+#
+# Password policy as described in this document is a set of rules that
+# controls how passwords are used and administered in Lightweight
+# Directory Access Protocol (LDAP) based directories. In order to
+# improve the security of LDAP directories and make it difficult for
+# password cracking programs to break into directories, it is desirable
+# to enforce a set of rules on password usage. These rules are made to
+#
+# [trimmed]
+#
+#5. Schema used for Password Policy
+#
+# The schema elements defined here fall into two general categories. A
+# password policy object class is defined which contains a set of
+# administrative password policy attributes, and a set of operational
+# attributes are defined that hold general password policy state
+# information for each user.
+#
+#5.2 Attribute Types used in the pwdPolicy ObjectClass
+#
+# Following are the attribute types used by the pwdPolicy object class.
+#
+#5.2.1 pwdAttribute
+#
+# This holds the name of the attribute to which the password policy is
+# applied. For example, the password policy may be applied to the
+# userPassword attribute.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1
+ NAME 'pwdAttribute'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+#5.2.2 pwdMinAge
+#
+# This attribute holds the number of seconds that must elapse between
+# modifications to the password. If this attribute is not present, 0
+# seconds is assumed.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2
+ NAME 'pwdMinAge'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.3 pwdMaxAge
+#
+# This attribute holds the number of seconds after which a modified
+# password will expire.
+#
+# If this attribute is not present, or if the value is 0 the password
+# does not expire. If not 0, the value must be greater than or equal
+# to the value of the pwdMinAge.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3
+ NAME 'pwdMaxAge'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.4 pwdInHistory
+#
+# This attribute specifies the maximum number of used passwords stored
+# in the pwdHistory attribute.
+#
+# If this attribute is not present, or if the value is 0, used
+# passwords are not stored in the pwdHistory attribute and thus may be
+# reused.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4
+ NAME 'pwdInHistory'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.5 pwdCheckQuality
+#
+# {TODO: Consider changing the syntax to OID. Each OID will list a
+# quality rule (like min len, # of special characters, etc). These
+# rules can be specified outsid ethis document.}
+#
+# {TODO: Note that even though this is meant to be a check that happens
+# during password modification, it may also be allowed to happen during
+# authN. This is useful for situations where the password is encrypted
+# when modified, but decrypted when used to authN.}
+#
+# This attribute indicates how the password quality will be verified
+# while being modified or added. If this attribute is not present, or
+# if the value is '0', quality checking will not be enforced. A value
+# of '1' indicates that the server will check the quality, and if the
+# server is unable to check it (due to a hashed password or other
+# reasons) it will be accepted. A value of '2' indicates that the
+# server will check the quality, and if the server is unable to verify
+# it, it will return an error refusing the password.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5
+ NAME 'pwdCheckQuality'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.6 pwdMinLength
+#
+# When quality checking is enabled, this attribute holds the minimum
+# number of characters that must be used in a password. If this
+# attribute is not present, no minimum password length will be
+# enforced. If the server is unable to check the length (due to a
+# hashed password or otherwise), the server will, depending on the
+# value of the pwdCheckQuality attribute, either accept the password
+# without checking it ('0' or '1') or refuse it ('2').
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6
+ NAME 'pwdMinLength'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.7 pwdExpireWarning
+#
+# This attribute specifies the maximum number of seconds before a
+# password is due to expire that expiration warning messages will be
+# returned to an authenticating user.
+#
+# If this attribute is not present, or if the value is 0 no warnings
+# will be returned. If not 0, the value must be smaller than the value
+# of the pwdMaxAge attribute.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7
+ NAME 'pwdExpireWarning'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.8 pwdGraceAuthNLimit
+#
+# This attribute specifies the number of times an expired password can
+# be used to authenticate. If this attribute is not present or if the
+# value is 0, authentication will fail.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8
+ NAME 'pwdGraceAuthNLimit'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.9 pwdLockout
+#
+# This attribute indicates, when its value is "TRUE", that the password
+# may not be used to authenticate after a specified number of
+# consecutive failed bind attempts. The maximum number of consecutive
+# failed bind attempts is specified in pwdMaxFailure.
+#
+# If this attribute is not present, or if the value is "FALSE", the
+# password may be used to authenticate when the number of failed bind
+# attempts has been reached.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9
+ NAME 'pwdLockout'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#5.2.10 pwdLockoutDuration
+#
+# This attribute holds the number of seconds that the password cannot
+# be used to authenticate due to too many failed bind attempts. If
+# this attribute is not present, or if the value is 0 the password
+# cannot be used to authenticate until reset by a password
+# administrator.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10
+ NAME 'pwdLockoutDuration'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.11 pwdMaxFailure
+#
+# This attribute specifies the number of consecutive failed bind
+# attempts after which the password may not be used to authenticate.
+# If this attribute is not present, or if the value is 0, this policy
+# is not checked, and the value of pwdLockout will be ignored.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11
+ NAME 'pwdMaxFailure'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.12 pwdFailureCountInterval
+#
+# This attribute holds the number of seconds after which the password
+# failures are purged from the failure counter, even though no
+# successful authentication occurred.
+#
+# If this attribute is not present, or if its value is 0, the failure
+# counter is only reset by a successful authentication.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12
+ NAME 'pwdFailureCountInterval'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.13 pwdMustChange
+#
+# This attribute specifies with a value of "TRUE" that users must
+# change their passwords when they first bind to the directory after a
+# password is set or reset by a password administrator. If this
+# attribute is not present, or if the value is "FALSE", users are not
+# required to change their password upon binding after the password
+# administrator sets or resets the password. This attribute is not set
+# due to any actions specified by this document, it is typically set by
+# a password administrator after resetting a user's password.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13
+ NAME 'pwdMustChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#5.2.14 pwdAllowUserChange
+#
+# This attribute indicates whether users can change their own
+# passwords, although the change operation is still subject to access
+# control. If this attribute is not present, a value of "TRUE" is
+# assumed. This attribute is intended to be used in the absense of an
+# access control mechanism.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14
+ NAME 'pwdAllowUserChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#5.2.15 pwdSafeModify
+#
+# This attribute specifies whether or not the existing password must be
+# sent along with the new password when being changed. If this
+# attribute is not present, a "FALSE" value is assumed.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15
+ NAME 'pwdSafeModify'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+# HP extensions
+#
+# pwdCheckModule
+#
+# This attribute names a user-defined loadable module that provides
+# a check_password() function. If pwdCheckQuality is set to '1' or '2'
+# this function will be called after all of the internal password
+# quality checks have been passed. The function has this prototype:
+#
+# int check_password( char *password, char **errormessage, void *arg )
+#
+# The function should return LDAP_SUCCESS for a valid password.
+
+attributetype ( 1.3.6.1.4.1.4754.1.99.1
+ NAME 'pwdCheckModule'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ DESC 'Loadable module that instantiates "check_password() function'
+ SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.4754.2.99.1
+ NAME 'pwdPolicyChecker'
+ SUP top
+ AUXILIARY
+ MAY ( pwdCheckModule ) )
+
+#5.1 The pwdPolicy Object Class
+#
+# This object class contains the attributes defining a password policy
+# in effect for a set of users. Section 10 describes the
+# administration of this object, and the relationship between it and
+# particular objects.
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1
+ NAME 'pwdPolicy'
+ SUP top
+ AUXILIARY
+ MUST ( pwdAttribute )
+ MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
+ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout
+ $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
+ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )
+
+#5.3 Attribute Types for Password Policy State Information
+#
+# Password policy state information must be maintained for each user.
+# The information is located in each user entry as a set of operational
+# attributes. These operational attributes are: pwdChangedTime,
+# pwdAccountLockedTime, pwdFailureTime, pwdHistory, pwdGraceUseTime,
+# pwdReset, pwdPolicySubEntry.
+#
+#5.3.1 Password Policy State Attribute Option
+#
+# Since the password policy could apply to several attributes used to
+# store passwords, each of the above operational attributes must have
+# an option to specify which pwdAttribute it applies to. The password
+# policy option is defined as the following:
+#
+# pwd-<passwordAttribute>
+#
+# where passwordAttribute a string following the OID syntax
+# (1.3.6.1.4.1.1466.115.121.1.38). The attribute type descriptor
+# (short name) MUST be used.
+#
+# For example, if the pwdPolicy object has for pwdAttribute
+# "userPassword" then the pwdChangedTime operational attribute, in a
+# user entry, will be:
+#
+# pwdChangedTime;pwd-userPassword: 20000103121520Z
+#
+# This attribute option follows sub-typing semantics. If a client
+# requests a password policy state attribute to be returned in a search
+# operation, and does not specify an option, all subtypes of that
+# policy state attribute are returned.
+#
+#5.3.2 pwdChangedTime
+#
+# This attribute specifies the last time the entry's password was
+# changed. This is used by the password expiration policy. If this
+# attribute does not exist, the password will never expire.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.16
+# NAME 'pwdChangedTime'
+# DESC 'The time the password was last changed'
+# EQUALITY generalizedTimeMatch
+# ORDERING generalizedTimeOrderingMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+# SINGLE-VALUE
+# USAGE directoryOperation )
+#
+#5.3.3 pwdAccountLockedTime
+#
+# This attribute holds the time that the user's account was locked. A
+# locked account means that the password may no longer be used to
+# authenticate. A 000001010000Z value means that the account has been
+# locked permanently, and that only a password administrator can unlock
+# the account.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.17
+# NAME 'pwdAccountLockedTime'
+# DESC 'The time an user account was locked'
+# EQUALITY generalizedTimeMatch
+# ORDERING generalizedTimeOrderingMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+# SINGLE-VALUE
+# USAGE directoryOperation )
+#
+#5.3.4 pwdFailureTime
+#
+# This attribute holds the timestamps of the consecutive authentication
+# failures.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.19
+# NAME 'pwdFailureTime'
+# DESC 'The timestamps of the last consecutive authentication
+# failures'
+# EQUALITY generalizedTimeMatch
+# ORDERING generalizedTimeOrderingMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+# USAGE directoryOperation )
+#
+#5.3.5 pwdHistory
+#
+# This attribute holds a history of previously used passwords. Values
+# of this attribute are transmitted in string format as given by the
+# following ABNF:
+#
+# pwdHistory = time "#" syntaxOID "#" length "#" data
+#
+# time = <generalizedTimeString as specified in 6.14
+# of [RFC2252]>
+#
+# syntaxOID = numericoid ; the string representation of the
+# ; dotted-decimal OID that defines the
+# ; syntax used to store the password.
+# ; numericoid is described in 4.1
+# ; of [RFC2252].
+#
+# length = numericstring ; the number of octets in data.
+# ; numericstring is described in 4.1
+# ; of [RFC2252].
+#
+# data = <octets representing the password in the format
+# specified by syntaxOID>.
+#
+# This format allows the server to store, and transmit a history of
+# passwords that have been used. In order for equality matching to
+# function properly, the time field needs to adhere to a consistent
+# format. For this purpose, the time field MUST be in GMT format.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.20
+# NAME 'pwdHistory'
+# DESC 'The history of user s passwords'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+# USAGE directoryOperation )
+#
+#5.3.6 pwdGraceUseTime
+#
+# This attribute holds the timestamps of grace authentications after a
+# password has expired.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.21
+# NAME 'pwdGraceUseTime'
+# DESC 'The timestamps of the grace authentication after the
+# password has expired'
+# EQUALITY generalizedTimeMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+#
+#5.3.7 pwdReset
+#
+# This attribute holds a flag to indicate (when TRUE) that the password
+# has been updated by the password administrator and must be changed by
+# the user on first authentication.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.22
+# NAME 'pwdReset'
+# DESC 'The indication that the password has been reset'
+# EQUALITY booleanMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+# SINGLE-VALUE
+# USAGE directoryOperation )
+#
+#5.3.8 pwdPolicySubentry
+#
+# This attribute points to the pwdPolicy subentry in effect for this
+# object.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.23
+# NAME 'pwdPolicySubentry'
+# DESC 'The pwdPolicy subentry in effect for this object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+# SINGLE-VALUE
+# USAGE directoryOperation )
+#
+#
+#Disclaimer of Validity
+#
+# This document and the information contained herein are provided on an
+# "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+# OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+# ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+# INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+# WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+#
+#
+#Copyright Statement
+#
+# Copyright (C) The Internet Society (2004). This document is subject
+# to the rights, licenses and restrictions contained in BCP 78, and
+# except as set forth therein, the authors retain all their rights.
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,167 @@
+/* schema.c - routines to manage schema definitions */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema.c,v 1.100.2.6 2007/01/02 21:43:57 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "lutil.h"
+
+
+int
+schema_info( Entry **entry, const char **text )
+{
+ AttributeDescription *ad_structuralObjectClass
+ = slap_schema.si_ad_structuralObjectClass;
+ AttributeDescription *ad_objectClass
+ = slap_schema.si_ad_objectClass;
+ AttributeDescription *ad_createTimestamp
+ = slap_schema.si_ad_createTimestamp;
+ AttributeDescription *ad_modifyTimestamp
+ = slap_schema.si_ad_modifyTimestamp;
+
+ Entry *e;
+ struct berval vals[5];
+ struct berval nvals[5];
+
+ e = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) );
+ if( e == NULL ) {
+ /* Out of memory, do something about it */
+ Debug( LDAP_DEBUG_ANY,
+ "schema_info: SLAP_CALLOC failed - out of memory.\n", 0, 0, 0 );
+ *text = "out of memory";
+ return LDAP_OTHER;
+ }
+
+ e->e_attrs = NULL;
+ /* backend-specific schema info should be created by the
+ * backend itself
+ */
+ ber_dupbv( &e->e_name, &frontendDB->be_schemadn );
+ ber_dupbv( &e->e_nname, &frontendDB->be_schemandn );
+ e->e_private = NULL;
+
+ BER_BVSTR( &vals[0], "subentry" );
+ if( attr_merge_one( e, ad_structuralObjectClass, vals, NULL ) ) {
+ /* Out of memory, do something about it */
+ entry_free( e );
+ *text = "out of memory";
+ return LDAP_OTHER;
+ }
+
+ BER_BVSTR( &vals[0], "top" );
+ BER_BVSTR( &vals[1], "subentry" );
+ BER_BVSTR( &vals[2], "subschema" );
+ BER_BVSTR( &vals[3], "extensibleObject" );
+ BER_BVZERO( &vals[4] );
+ if ( attr_merge( e, ad_objectClass, vals, NULL ) ) {
+ /* Out of memory, do something about it */
+ entry_free( e );
+ *text = "out of memory";
+ return LDAP_OTHER;
+ }
+
+ {
+ int rc;
+ AttributeDescription *desc = NULL;
+ struct berval rdn = frontendDB->be_schemadn;
+ vals[0].bv_val = ber_bvchr( &rdn, '=' );
+
+ if( vals[0].bv_val == NULL ) {
+ *text = "improperly configured subschema subentry";
+ return LDAP_OTHER;
+ }
+
+ vals[0].bv_val++;
+ vals[0].bv_len = rdn.bv_len - (vals[0].bv_val - rdn.bv_val);
+ rdn.bv_len -= vals[0].bv_len + 1;
+
+ rc = slap_bv2ad( &rdn, &desc, text );
+
+ if( rc != LDAP_SUCCESS ) {
+ entry_free( e );
+ *text = "improperly configured subschema subentry";
+ return LDAP_OTHER;
+ }
+
+ nvals[0].bv_val = ber_bvchr( &frontendDB->be_schemandn, '=' );
+ assert( nvals[0].bv_val != NULL );
+ nvals[0].bv_val++;
+ nvals[0].bv_len = frontendDB->be_schemandn.bv_len -
+ (nvals[0].bv_val - frontendDB->be_schemandn.bv_val);
+
+ if ( attr_merge_one( e, desc, vals, nvals ) ) {
+ /* Out of memory, do something about it */
+ entry_free( e );
+ *text = "out of memory";
+ return LDAP_OTHER;
+ }
+ }
+
+ {
+ char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+
+ /*
+ * According to RFC 2251:
+
+ Servers SHOULD provide the attributes createTimestamp and
+ modifyTimestamp in subschema entries, in order to allow clients to
+ maintain their caches of schema information.
+
+ * to be conservative, we declare schema created
+ * AND modified at server startup time ...
+ */
+
+ vals[0].bv_val = timebuf;
+ vals[0].bv_len = sizeof( timebuf );
+
+ slap_timestamp( &starttime, vals );
+
+ if( attr_merge_one( e, ad_createTimestamp, vals, NULL ) ) {
+ /* Out of memory, do something about it */
+ entry_free( e );
+ *text = "out of memory";
+ return LDAP_OTHER;
+ }
+ if( attr_merge_one( e, ad_modifyTimestamp, vals, NULL ) ) {
+ /* Out of memory, do something about it */
+ entry_free( e );
+ *text = "out of memory";
+ return LDAP_OTHER;
+ }
+ }
+
+ if ( syn_schema_info( e )
+ || mr_schema_info( e )
+ || mru_schema_info( e )
+ || at_schema_info( e )
+ || oc_schema_info( e )
+ || cr_schema_info( e ) )
+ {
+ /* Out of memory, do something about it */
+ entry_free( e );
+ *text = "out of memory";
+ return LDAP_OTHER;
+ }
+
+ *entry = e;
+ return LDAP_SUCCESS;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema_check.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema_check.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema_check.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,865 @@
+/* schema_check.c - routines to enforce schema definitions */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema_check.c,v 1.94.2.8 2007/01/02 21:43:57 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+static char * oc_check_required(
+ Entry *e,
+ ObjectClass *oc,
+ struct berval *ocname );
+
+static int entry_naming_check(
+ Entry *e,
+ int manage,
+ const char** text,
+ char *textbuf, size_t textlen );
+/*
+ * entry_schema_check - check that entry e conforms to the schema required
+ * by its object class(es).
+ *
+ * returns 0 if so, non-zero otherwise.
+ */
+
+int
+entry_schema_check(
+ Operation *op,
+ Entry *e,
+ Attribute *oldattrs,
+ int manage,
+ const char** text,
+ char *textbuf, size_t textlen )
+{
+ Attribute *a, *asc, *aoc;
+ ObjectClass *sc, *oc;
+ AttributeType *at;
+ ContentRule *cr;
+ int rc, i;
+ struct berval nsc;
+ AttributeDescription *ad_structuralObjectClass
+ = slap_schema.si_ad_structuralObjectClass;
+ AttributeDescription *ad_objectClass
+ = slap_schema.si_ad_objectClass;
+ int extensible = 0;
+ int subentry = is_entry_subentry( e );
+ int collectiveSubentry = 0;
+
+ if ( SLAP_NO_SCHEMA_CHECK( op->o_bd )) {
+ return LDAP_SUCCESS;
+ }
+
+ if ( get_no_schema_check( op ) ) {
+ return LDAP_SUCCESS;
+ }
+
+ if( subentry ) {
+ collectiveSubentry = is_entry_collectiveAttributeSubentry( e );
+ }
+
+ *text = textbuf;
+
+ /* misc attribute checks */
+ for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+ const char *type = a->a_desc->ad_cname.bv_val;
+
+ /* there should be at least one value */
+ assert( a->a_vals != NULL );
+ assert( a->a_vals[0].bv_val != NULL );
+
+ if( a->a_desc->ad_type->sat_check ) {
+ int rc = (a->a_desc->ad_type->sat_check)(
+ op->o_bd, e, a, text, textbuf, textlen );
+ if( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ }
+
+ if( !collectiveSubentry && is_at_collective( a->a_desc->ad_type ) ) {
+ snprintf( textbuf, textlen,
+ "'%s' can only appear in collectiveAttributeSubentry",
+ type );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ /* if single value type, check for multiple values */
+ if( is_at_single_value( a->a_desc->ad_type ) &&
+ a->a_vals[1].bv_val != NULL )
+ {
+ snprintf( textbuf, textlen,
+ "attribute '%s' cannot have multiple values",
+ type );
+
+ Debug( LDAP_DEBUG_ANY,
+ "Entry (%s), %s\n",
+ e->e_dn, textbuf, 0 );
+
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+ }
+
+ /* find the structural object class attribute */
+ asc = attr_find( e->e_attrs, ad_structuralObjectClass );
+ if ( asc == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "No structuralObjectClass for entry (%s)\n",
+ e->e_dn, 0, 0 );
+
+ *text = "no structuralObjectClass operational attribute";
+ return LDAP_OTHER;
+ }
+
+ assert( asc->a_vals != NULL );
+ assert( asc->a_vals[0].bv_val != NULL );
+ assert( asc->a_vals[1].bv_val == NULL );
+
+ sc = oc_bvfind( &asc->a_vals[0] );
+ if( sc == NULL ) {
+ snprintf( textbuf, textlen,
+ "unrecognized structuralObjectClass '%s'",
+ asc->a_vals[0].bv_val );
+
+ Debug( LDAP_DEBUG_ANY,
+ "entry_check_schema(%s): %s\n",
+ e->e_dn, textbuf, 0 );
+
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ if( sc->soc_kind != LDAP_SCHEMA_STRUCTURAL ) {
+ snprintf( textbuf, textlen,
+ "structuralObjectClass '%s' is not STRUCTURAL",
+ asc->a_vals[0].bv_val );
+
+ Debug( LDAP_DEBUG_ANY,
+ "entry_check_schema(%s): %s\n",
+ e->e_dn, textbuf, 0 );
+
+ return LDAP_OTHER;
+ }
+
+ if( !manage && sc->soc_obsolete ) {
+ snprintf( textbuf, textlen,
+ "structuralObjectClass '%s' is OBSOLETE",
+ asc->a_vals[0].bv_val );
+
+ Debug( LDAP_DEBUG_ANY,
+ "entry_check_schema(%s): %s\n",
+ e->e_dn, textbuf, 0 );
+
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ /* find the object class attribute */
+ aoc = attr_find( e->e_attrs, ad_objectClass );
+ if ( aoc == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "No objectClass for entry (%s)\n",
+ e->e_dn, 0, 0 );
+
+ *text = "no objectClass attribute";
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ assert( aoc->a_vals != NULL );
+ assert( aoc->a_vals[0].bv_val != NULL );
+
+ rc = structural_class( aoc->a_vals, &nsc, &oc, text, textbuf, textlen );
+ if( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ *text = textbuf;
+
+ if ( oc == NULL ) {
+ snprintf( textbuf, textlen,
+ "unrecognized objectClass '%s'",
+ aoc->a_vals[0].bv_val );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+
+ } else if ( sc != slap_schema.si_oc_glue && sc != oc ) {
+ snprintf( textbuf, textlen,
+ "structural object class modification "
+ "from '%s' to '%s' not allowed",
+ asc->a_vals[0].bv_val, nsc.bv_val );
+ return LDAP_NO_OBJECT_CLASS_MODS;
+ } else if ( sc == slap_schema.si_oc_glue ) {
+ sc = oc;
+ }
+
+ /* naming check */
+ if ( !is_entry_objectclass ( e, slap_schema.si_oc_glue, 0 ) ) {
+ rc = entry_naming_check( e, manage, text, textbuf, textlen );
+ if( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ } else {
+ /* Glue Entry */
+ }
+
+ /* find the content rule for the structural class */
+ cr = cr_find( sc->soc_oid );
+
+ /* the cr must be same as the structural class */
+ assert( !cr || !strcmp( cr->scr_oid, sc->soc_oid ) );
+
+ /* check that the entry has required attrs of the content rule */
+ if( cr ) {
+ if( !manage && cr->scr_obsolete ) {
+ snprintf( textbuf, textlen,
+ "content rule '%s' is obsolete",
+ ldap_contentrule2name( &cr->scr_crule ));
+
+ Debug( LDAP_DEBUG_ANY,
+ "Entry (%s): %s\n",
+ e->e_dn, textbuf, 0 );
+
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ if( cr->scr_required ) for( i=0; cr->scr_required[i]; i++ ) {
+ at = cr->scr_required[i];
+
+ for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+ if( a->a_desc->ad_type == at ) {
+ break;
+ }
+ }
+
+ /* not there => schema violation */
+ if ( a == NULL ) {
+ snprintf( textbuf, textlen,
+ "content rule '%s' requires attribute '%s'",
+ ldap_contentrule2name( &cr->scr_crule ),
+ at->sat_cname.bv_val );
+
+ Debug( LDAP_DEBUG_ANY,
+ "Entry (%s): %s\n",
+ e->e_dn, textbuf, 0 );
+
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+ }
+
+ if( cr->scr_precluded ) for( i=0; cr->scr_precluded[i]; i++ ) {
+ at = cr->scr_precluded[i];
+
+ for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+ if( a->a_desc->ad_type == at ) {
+ break;
+ }
+ }
+
+ /* there => schema violation */
+ if ( a != NULL ) {
+ snprintf( textbuf, textlen,
+ "content rule '%s' precluded attribute '%s'",
+ ldap_contentrule2name( &cr->scr_crule ),
+ at->sat_cname.bv_val );
+
+ Debug( LDAP_DEBUG_ANY,
+ "Entry (%s): %s\n",
+ e->e_dn, textbuf, 0 );
+
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+ }
+ }
+
+ /* check that the entry has required attrs for each oc */
+ for ( i = 0; aoc->a_vals[i].bv_val != NULL; i++ ) {
+ if ( (oc = oc_bvfind( &aoc->a_vals[i] )) == NULL ) {
+ snprintf( textbuf, textlen,
+ "unrecognized objectClass '%s'",
+ aoc->a_vals[i].bv_val );
+
+ Debug( LDAP_DEBUG_ANY,
+ "entry_check_schema(%s): %s\n",
+ e->e_dn, textbuf, 0 );
+
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ if ( !manage && oc->soc_obsolete ) {
+ /* disallow obsolete classes */
+ snprintf( textbuf, textlen,
+ "objectClass '%s' is OBSOLETE",
+ aoc->a_vals[i].bv_val );
+
+ Debug( LDAP_DEBUG_ANY,
+ "entry_check_schema(%s): %s\n",
+ e->e_dn, textbuf, 0 );
+
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ if ( oc->soc_check ) {
+ int rc = (oc->soc_check)( op->o_bd, e, oc,
+ text, textbuf, textlen );
+ if( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ }
+
+ if ( oc->soc_kind == LDAP_SCHEMA_ABSTRACT ) {
+ /* object class is abstract */
+ if ( oc != slap_schema.si_oc_top &&
+ !is_object_subclass( oc, sc ))
+ {
+ int j;
+ ObjectClass *xc = NULL;
+ for( j=0; aoc->a_vals[j].bv_val; j++ ) {
+ if( i != j ) {
+ xc = oc_bvfind( &aoc->a_vals[i] );
+ if( xc == NULL ) {
+ snprintf( textbuf, textlen,
+ "unrecognized objectClass '%s'",
+ aoc->a_vals[i].bv_val );
+
+ Debug( LDAP_DEBUG_ANY,
+ "entry_check_schema(%s): %s\n",
+ e->e_dn, textbuf, 0 );
+
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ /* since we previous check against the
+ * structural object of this entry, the
+ * abstract class must be a (direct or indirect)
+ * superclass of one of the auxiliary classes of
+ * the entry.
+ */
+ if ( xc->soc_kind == LDAP_SCHEMA_AUXILIARY &&
+ is_object_subclass( oc, xc ) )
+ {
+ xc = NULL;
+ break;
+ }
+ }
+ }
+
+ if( xc == NULL ) {
+ snprintf( textbuf, textlen, "instanstantiation of "
+ "abstract objectClass '%s' not allowed",
+ aoc->a_vals[i].bv_val );
+
+ Debug( LDAP_DEBUG_ANY,
+ "entry_check_schema(%s): %s\n",
+ e->e_dn, textbuf, 0 );
+
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+ }
+
+ } else if ( oc->soc_kind != LDAP_SCHEMA_STRUCTURAL || oc == sc ) {
+ char *s;
+
+ if( oc->soc_kind == LDAP_SCHEMA_AUXILIARY ) {
+ int k;
+
+ if( cr ) {
+ int j;
+
+ k = -1;
+ if( cr->scr_auxiliaries ) {
+ for( j = 0; cr->scr_auxiliaries[j]; j++ ) {
+ if( cr->scr_auxiliaries[j] == oc ) {
+ k = 0;
+ break;
+ }
+ }
+ }
+ } else if ( global_disallows & SLAP_DISALLOW_AUX_WO_CR ) {
+ k = -1;
+ } else {
+ k = 0;
+ }
+
+ if( k == -1 ) {
+ snprintf( textbuf, textlen,
+ "content rule '%s' does not allow class '%s'",
+ ldap_contentrule2name( &cr->scr_crule ),
+ oc->soc_cname.bv_val );
+
+ Debug( LDAP_DEBUG_ANY,
+ "Entry (%s): %s\n",
+ e->e_dn, textbuf, 0 );
+
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+ }
+
+ s = oc_check_required( e, oc, &aoc->a_vals[i] );
+ if (s != NULL) {
+ snprintf( textbuf, textlen,
+ "object class '%s' requires attribute '%s'",
+ aoc->a_vals[i].bv_val, s );
+
+ Debug( LDAP_DEBUG_ANY,
+ "Entry (%s): %s\n",
+ e->e_dn, textbuf, 0 );
+
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ if( oc == slap_schema.si_oc_extensibleObject ) {
+ extensible=1;
+ }
+ }
+ }
+
+ if( extensible ) {
+ *text = NULL;
+ return LDAP_SUCCESS;
+ }
+
+ /* check that each attr in the entry is allowed by some oc */
+ for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+ int ret;
+
+ ret = LDAP_OBJECT_CLASS_VIOLATION;
+
+ if( cr && cr->scr_required ) {
+ for( i=0; cr->scr_required[i]; i++ ) {
+ if( cr->scr_required[i] == a->a_desc->ad_type ) {
+ ret = LDAP_SUCCESS;
+ break;
+ }
+ }
+ }
+
+ if( ret != LDAP_SUCCESS && cr && cr->scr_allowed ) {
+ for( i=0; cr->scr_allowed[i]; i++ ) {
+ if( cr->scr_allowed[i] == a->a_desc->ad_type ) {
+ ret = LDAP_SUCCESS;
+ break;
+ }
+ }
+ }
+
+ if( ret != LDAP_SUCCESS )
+ {
+ ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals, sc );
+ }
+
+ if ( ret != LDAP_SUCCESS ) {
+ char *type = a->a_desc->ad_cname.bv_val;
+
+ snprintf( textbuf, textlen,
+ "attribute '%s' not allowed",
+ type );
+
+ Debug( LDAP_DEBUG_ANY,
+ "Entry (%s), %s\n",
+ e->e_dn, textbuf, 0 );
+
+ return ret;
+ }
+ }
+
+ *text = NULL;
+ return LDAP_SUCCESS;
+}
+
+static char *
+oc_check_required(
+ Entry *e,
+ ObjectClass *oc,
+ struct berval *ocname )
+{
+ AttributeType *at;
+ int i;
+ Attribute *a;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "oc_check_required entry (%s), objectClass \"%s\"\n",
+ e->e_dn, ocname->bv_val, 0 );
+
+
+ /* check for empty oc_required */
+ if(oc->soc_required == NULL) {
+ return NULL;
+ }
+
+ /* for each required attribute */
+ for ( i = 0; oc->soc_required[i] != NULL; i++ ) {
+ at = oc->soc_required[i];
+ /* see if it's in the entry */
+ for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+ if( a->a_desc->ad_type == at ) {
+ break;
+ }
+ }
+ /* not there => schema violation */
+ if ( a == NULL ) {
+ return at->sat_cname.bv_val;
+ }
+ }
+
+ return( NULL );
+}
+
+int oc_check_allowed(
+ AttributeType *at,
+ BerVarray ocl,
+ ObjectClass *sc )
+{
+ int i, j;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "oc_check_allowed type \"%s\"\n",
+ at->sat_cname.bv_val, 0, 0 );
+
+ /* always allow objectClass attribute */
+ if ( strcasecmp( at->sat_cname.bv_val, "objectClass" ) == 0 ) {
+ return LDAP_SUCCESS;
+ }
+
+ /*
+ * All operational attributions are allowed by schema rules.
+ */
+ if( is_at_operational(at) ) {
+ return LDAP_SUCCESS;
+ }
+
+ /* check to see if its allowed by the structuralObjectClass */
+ if( sc ) {
+ /* does it require the type? */
+ for ( j = 0; sc->soc_required != NULL &&
+ sc->soc_required[j] != NULL; j++ )
+ {
+ if( at == sc->soc_required[j] ) {
+ return LDAP_SUCCESS;
+ }
+ }
+
+ /* does it allow the type? */
+ for ( j = 0; sc->soc_allowed != NULL &&
+ sc->soc_allowed[j] != NULL; j++ )
+ {
+ if( at == sc->soc_allowed[j] ) {
+ return LDAP_SUCCESS;
+ }
+ }
+ }
+
+ /* check that the type appears as req or opt in at least one oc */
+ for ( i = 0; ocl[i].bv_val != NULL; i++ ) {
+ /* if we know about the oc */
+ ObjectClass *oc = oc_bvfind( &ocl[i] );
+ if ( oc != NULL && oc->soc_kind != LDAP_SCHEMA_ABSTRACT &&
+ ( sc == NULL || oc->soc_kind == LDAP_SCHEMA_AUXILIARY ))
+ {
+ /* does it require the type? */
+ for ( j = 0; oc->soc_required != NULL &&
+ oc->soc_required[j] != NULL; j++ )
+ {
+ if( at == oc->soc_required[j] ) {
+ return LDAP_SUCCESS;
+ }
+ }
+ /* does it allow the type? */
+ for ( j = 0; oc->soc_allowed != NULL &&
+ oc->soc_allowed[j] != NULL; j++ )
+ {
+ if( at == oc->soc_allowed[j] ) {
+ return LDAP_SUCCESS;
+ }
+ }
+ }
+ }
+
+ /* not allowed by any oc */
+ return LDAP_OBJECT_CLASS_VIOLATION;
+}
+
+/*
+ * Determine the structural object class from a set of OIDs
+ */
+int structural_class(
+ BerVarray ocs,
+ struct berval *scbv,
+ ObjectClass **scp,
+ const char **text,
+ char *textbuf, size_t textlen )
+{
+ int i;
+ ObjectClass *oc;
+ ObjectClass *sc = NULL;
+ int scn = -1;
+
+ *text = "structural_class: internal error";
+ scbv->bv_len = 0;
+
+ for( i=0; ocs[i].bv_val; i++ ) {
+ oc = oc_bvfind( &ocs[i] );
+
+ if( oc == NULL ) {
+ snprintf( textbuf, textlen,
+ "unrecognized objectClass '%s'",
+ ocs[i].bv_val );
+ *text = textbuf;
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ if( oc->soc_kind == LDAP_SCHEMA_STRUCTURAL ) {
+ if( sc == NULL || is_object_subclass( sc, oc ) ) {
+ sc = oc;
+ scn = i;
+
+ } else if ( !is_object_subclass( oc, sc ) ) {
+ int j;
+ ObjectClass *xc = NULL;
+
+ /* find common superior */
+ for( j=i+1; ocs[j].bv_val; j++ ) {
+ xc = oc_bvfind( &ocs[j] );
+
+ if( xc == NULL ) {
+ snprintf( textbuf, textlen,
+ "unrecognized objectClass '%s'",
+ ocs[j].bv_val );
+ *text = textbuf;
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ if( xc->soc_kind != LDAP_SCHEMA_STRUCTURAL ) {
+ xc = NULL;
+ continue;
+ }
+
+ if( is_object_subclass( sc, xc ) &&
+ is_object_subclass( oc, xc ) )
+ {
+ /* found common subclass */
+ break;
+ }
+
+ xc = NULL;
+ }
+
+ if( xc == NULL ) {
+ /* no common subclass */
+ snprintf( textbuf, textlen,
+ "invalid structural object class chain (%s/%s)",
+ ocs[scn].bv_val, ocs[i].bv_val );
+ *text = textbuf;
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+ }
+ }
+ }
+
+ if( scp ) {
+ *scp = sc;
+ }
+
+ if( sc == NULL ) {
+ *text = "no structural object class provided";
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ if( scn < 0 ) {
+ *text = "invalid structural object class";
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ *scbv = ocs[scn];
+
+ if( scbv->bv_len == 0 ) {
+ *text = "invalid structural object class";
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ *text = NULL;
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Return structural object class from list of modifications
+ */
+int mods_structural_class(
+ Modifications *mods,
+ struct berval *sc,
+ const char **text,
+ char *textbuf, size_t textlen )
+{
+ Modifications *ocmod = NULL;
+
+ for( ; mods != NULL; mods = mods->sml_next ) {
+ if( mods->sml_desc == slap_schema.si_ad_objectClass ) {
+ if( ocmod != NULL ) {
+ *text = "entry has multiple objectClass attributes";
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+ ocmod = mods;
+ }
+ }
+
+ if( ocmod == NULL ) {
+ *text = "entry has no objectClass attribute";
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ if( ocmod->sml_values == NULL || ocmod->sml_values[0].bv_val == NULL ) {
+ *text = "objectClass attribute has no values";
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ return structural_class( ocmod->sml_values, sc, NULL,
+ text, textbuf, textlen );
+}
+
+
+static int
+entry_naming_check(
+ Entry *e,
+ int manage,
+ const char** text,
+ char *textbuf, size_t textlen )
+{
+ /* naming check */
+ LDAPRDN rdn = NULL;
+ const char *p = NULL;
+ ber_len_t cnt;
+ int rc = LDAP_SUCCESS;
+
+ if ( BER_BVISEMPTY( &e->e_name )) {
+ return LDAP_SUCCESS;
+ }
+
+ /*
+ * Get attribute type(s) and attribute value(s) of our RDN
+ */
+ if ( ldap_bv2rdn( &e->e_name, &rdn, (char **)&p,
+ LDAP_DN_FORMAT_LDAP ) )
+ {
+ *text = "unrecongized attribute type(s) in RDN";
+ return LDAP_INVALID_DN_SYNTAX;
+ }
+
+ /* Check that each AVA of the RDN is present in the entry */
+ /* FIXME: Should also check that each AVA lists a distinct type */
+ for ( cnt = 0; rdn[cnt]; cnt++ ) {
+ LDAPAVA *ava = rdn[cnt];
+ AttributeDescription *desc = NULL;
+ Attribute *attr;
+ const char *errtext;
+
+ if( ava->la_flags & LDAP_AVA_BINARY ) {
+ snprintf( textbuf, textlen,
+ "value of naming attribute '%s' in unsupported BER form",
+ ava->la_attr.bv_val );
+ rc = LDAP_NAMING_VIOLATION;
+ }
+
+ rc = slap_bv2ad( &ava->la_attr, &desc, &errtext );
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( textbuf, textlen, "%s (in RDN)", errtext );
+ break;
+ }
+
+ if( desc->ad_type->sat_usage ) {
+ snprintf( textbuf, textlen,
+ "naming attribute '%s' is operational",
+ ava->la_attr.bv_val );
+ rc = LDAP_NAMING_VIOLATION;
+ break;
+ }
+
+ if( desc->ad_type->sat_collective ) {
+ snprintf( textbuf, textlen,
+ "naming attribute '%s' is collective",
+ ava->la_attr.bv_val );
+ rc = LDAP_NAMING_VIOLATION;
+ break;
+ }
+
+ if( !manage && desc->ad_type->sat_obsolete ) {
+ snprintf( textbuf, textlen,
+ "naming attribute '%s' is obsolete",
+ ava->la_attr.bv_val );
+ rc = LDAP_NAMING_VIOLATION;
+ break;
+ }
+
+ if( !desc->ad_type->sat_equality ) {
+ snprintf( textbuf, textlen,
+ "naming attribute '%s' has no equality matching rule",
+ ava->la_attr.bv_val );
+ rc = LDAP_NAMING_VIOLATION;
+ break;
+ }
+
+ if( !desc->ad_type->sat_equality->smr_match ) {
+ snprintf( textbuf, textlen,
+ "naming attribute '%s' has unsupported equality matching rule",
+ ava->la_attr.bv_val );
+ rc = LDAP_NAMING_VIOLATION;
+ break;
+ }
+
+ /* find the naming attribute */
+ attr = attr_find( e->e_attrs, desc );
+ if ( attr == NULL ) {
+ snprintf( textbuf, textlen,
+ "naming attribute '%s' is not present in entry",
+ ava->la_attr.bv_val );
+ rc = LDAP_NAMING_VIOLATION;
+ break;
+ }
+
+ rc = value_find_ex( desc, SLAP_MR_VALUE_OF_ASSERTION_SYNTAX|
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
+ attr->a_nvals, &ava->la_value, NULL );
+
+ if( rc != 0 ) {
+ switch( rc ) {
+ case LDAP_INAPPROPRIATE_MATCHING:
+ snprintf( textbuf, textlen,
+ "inappropriate matching for naming attribute '%s'",
+ ava->la_attr.bv_val );
+ break;
+ case LDAP_INVALID_SYNTAX:
+ snprintf( textbuf, textlen,
+ "value of naming attribute '%s' is invalid",
+ ava->la_attr.bv_val );
+ break;
+ case LDAP_NO_SUCH_ATTRIBUTE:
+ snprintf( textbuf, textlen,
+ "value of naming attribute '%s' is not present in entry",
+ ava->la_attr.bv_val );
+ break;
+ default:
+ snprintf( textbuf, textlen,
+ "naming attribute '%s' is inappropriate",
+ ava->la_attr.bv_val );
+ }
+ rc = LDAP_NAMING_VIOLATION;
+ break;
+ }
+ }
+
+ ldap_rdnfree( rdn );
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema_init.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema_init.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema_init.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,4006 @@
+/* schema_init.c - init builtin schema */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema_init.c,v 1.360.2.17 2007/03/08 20:09:09 ando Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include <ac/ctype.h>
+#include <ac/errno.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+#include "ldap_utf8.h"
+
+#ifdef HAVE_TLS
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/x509v3.h>
+#include <openssl/ssl.h>
+#endif
+
+#include "lutil.h"
+#include "lutil_hash.h"
+#define HASH_BYTES LUTIL_HASH_BYTES
+#define HASH_CONTEXT lutil_HASH_CTX
+#define HASH_Init(c) lutil_HASHInit(c)
+#define HASH_Update(c,buf,len) lutil_HASHUpdate(c,buf,len)
+#define HASH_Final(d,c) lutil_HASHFinal(d,c)
+
+/* approx matching rules */
+#define directoryStringApproxMatchOID "1.3.6.1.4.1.4203.666.4.4"
+#define directoryStringApproxMatch approxMatch
+#define directoryStringApproxIndexer approxIndexer
+#define directoryStringApproxFilter approxFilter
+#define IA5StringApproxMatchOID "1.3.6.1.4.1.4203.666.4.5"
+#define IA5StringApproxMatch approxMatch
+#define IA5StringApproxIndexer approxIndexer
+#define IA5StringApproxFilter approxFilter
+
+/* Change Sequence Number (CSN) - much of this will change */
+#define csnValidate blobValidate
+#define csnMatch octetStringMatch
+#define csnOrderingMatch octetStringOrderingMatch
+#define csnIndexer generalizedTimeIndexer
+#define csnFilter generalizedTimeFilter
+
+#ifdef SLAP_AUTHZ_SYNTAX
+/* FIXME: temporary */
+#define authzMatch octetStringMatch
+#endif /* SLAP_AUTHZ_SYNTAX */
+
+unsigned int index_substr_if_minlen = SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT;
+unsigned int index_substr_if_maxlen = SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT;
+unsigned int index_substr_any_len = SLAP_INDEX_SUBSTR_ANY_LEN_DEFAULT;
+unsigned int index_substr_any_step = SLAP_INDEX_SUBSTR_ANY_STEP_DEFAULT;
+
+ldap_pvt_thread_mutex_t ad_undef_mutex;
+ldap_pvt_thread_mutex_t oc_undef_mutex;
+
+static int
+inValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ /* no value allowed */
+ return LDAP_INVALID_SYNTAX;
+}
+
+static int
+blobValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ /* any value allowed */
+ return LDAP_SUCCESS;
+}
+
+#define berValidate blobValidate
+
+static int
+sequenceValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ if ( in->bv_len < 2 ) return LDAP_INVALID_SYNTAX;
+ if ( in->bv_val[0] != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+
+ return LDAP_SUCCESS;
+}
+
+
+#ifdef HAVE_TLS
+static int certificateValidate( Syntax *syntax, struct berval *in )
+{
+ X509 *xcert=NULL;
+ unsigned char *p = (unsigned char *)in->bv_val;
+
+ xcert = d2i_X509(NULL, &p, in->bv_len);
+ if ( !xcert ) return LDAP_INVALID_SYNTAX;
+ X509_free(xcert);
+ return LDAP_SUCCESS;
+}
+#else
+#define certificateValidate sequenceValidate
+#endif
+
+int
+octetStringMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ struct berval *asserted = (struct berval *) assertedValue;
+ int match = value->bv_len - asserted->bv_len;
+
+ if( match == 0 ) {
+ match = memcmp( value->bv_val, asserted->bv_val, value->bv_len );
+ }
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+}
+
+static int
+octetStringOrderingMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ struct berval *asserted = (struct berval *) assertedValue;
+ ber_len_t v_len = value->bv_len;
+ ber_len_t av_len = asserted->bv_len;
+
+ int match = memcmp( value->bv_val, asserted->bv_val,
+ (v_len < av_len ? v_len : av_len) );
+
+ if( match == 0 ) match = v_len - av_len;
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+}
+
+static void
+hashPreset(
+ HASH_CONTEXT *HASHcontext,
+ struct berval *prefix,
+ char pre,
+ Syntax *syntax,
+ MatchingRule *mr)
+{
+ HASH_Init(HASHcontext);
+ if(prefix && prefix->bv_len > 0) {
+ HASH_Update(HASHcontext,
+ (unsigned char *)prefix->bv_val, prefix->bv_len);
+ }
+ if(pre) HASH_Update(HASHcontext, (unsigned char*)&pre, sizeof(pre));
+ HASH_Update(HASHcontext, (unsigned char*)syntax->ssyn_oid, syntax->ssyn_oidlen);
+ HASH_Update(HASHcontext, (unsigned char*)mr->smr_oid, mr->smr_oidlen);
+ return;
+}
+
+static void
+hashIter(
+ HASH_CONTEXT *HASHcontext,
+ unsigned char *HASHdigest,
+ unsigned char *value,
+ int len)
+{
+ HASH_CONTEXT ctx = *HASHcontext;
+ HASH_Update( &ctx, value, len );
+ HASH_Final( HASHdigest, &ctx );
+}
+
+/* Index generation function */
+int octetStringIndexer(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ BerVarray values,
+ BerVarray *keysp,
+ void *ctx )
+{
+ int i;
+ size_t slen, mlen;
+ BerVarray keys;
+ HASH_CONTEXT HASHcontext;
+ unsigned char HASHdigest[HASH_BYTES];
+ struct berval digest;
+ digest.bv_val = (char *)HASHdigest;
+ digest.bv_len = sizeof(HASHdigest);
+
+ for( i=0; !BER_BVISNULL( &values[i] ); i++ ) {
+ /* just count them */
+ }
+
+ /* we should have at least one value at this point */
+ assert( i > 0 );
+
+ keys = slap_sl_malloc( sizeof( struct berval ) * (i+1), ctx );
+
+ slen = syntax->ssyn_oidlen;
+ mlen = mr->smr_oidlen;
+
+ hashPreset( &HASHcontext, prefix, 0, syntax, mr);
+ for( i=0; !BER_BVISNULL( &values[i] ); i++ ) {
+ hashIter( &HASHcontext, HASHdigest,
+ (unsigned char *)values[i].bv_val, values[i].bv_len );
+ ber_dupbv_x( &keys[i], &digest, ctx );
+ }
+
+ BER_BVZERO( &keys[i] );
+
+ *keysp = keys;
+
+ return LDAP_SUCCESS;
+}
+
+/* Index generation function */
+int octetStringFilter(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ void * assertedValue,
+ BerVarray *keysp,
+ void *ctx )
+{
+ size_t slen, mlen;
+ BerVarray keys;
+ HASH_CONTEXT HASHcontext;
+ unsigned char HASHdigest[HASH_BYTES];
+ struct berval *value = (struct berval *) assertedValue;
+ struct berval digest;
+ digest.bv_val = (char *)HASHdigest;
+ digest.bv_len = sizeof(HASHdigest);
+
+ slen = syntax->ssyn_oidlen;
+ mlen = mr->smr_oidlen;
+
+ keys = slap_sl_malloc( sizeof( struct berval ) * 2, ctx );
+
+ hashPreset( &HASHcontext, prefix, 0, syntax, mr );
+ hashIter( &HASHcontext, HASHdigest,
+ (unsigned char *)value->bv_val, value->bv_len );
+
+ ber_dupbv_x( keys, &digest, ctx );
+ BER_BVZERO( &keys[1] );
+
+ *keysp = keys;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+octetStringSubstringsMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ int match = 0;
+ SubstringsAssertion *sub = assertedValue;
+ struct berval left = *value;
+ int i;
+ ber_len_t inlen = 0;
+
+ /* Add up asserted input length */
+ if ( !BER_BVISNULL( &sub->sa_initial ) ) {
+ inlen += sub->sa_initial.bv_len;
+ }
+ if ( sub->sa_any ) {
+ for ( i = 0; !BER_BVISNULL( &sub->sa_any[i] ); i++ ) {
+ inlen += sub->sa_any[i].bv_len;
+ }
+ }
+ if ( !BER_BVISNULL( &sub->sa_final ) ) {
+ inlen += sub->sa_final.bv_len;
+ }
+
+ if ( !BER_BVISNULL( &sub->sa_initial ) ) {
+ if ( inlen > left.bv_len ) {
+ match = 1;
+ goto done;
+ }
+
+ match = memcmp( sub->sa_initial.bv_val, left.bv_val,
+ sub->sa_initial.bv_len );
+
+ if ( match != 0 ) {
+ goto done;
+ }
+
+ left.bv_val += sub->sa_initial.bv_len;
+ left.bv_len -= sub->sa_initial.bv_len;
+ inlen -= sub->sa_initial.bv_len;
+ }
+
+ if ( !BER_BVISNULL( &sub->sa_final ) ) {
+ if ( inlen > left.bv_len ) {
+ match = 1;
+ goto done;
+ }
+
+ match = memcmp( sub->sa_final.bv_val,
+ &left.bv_val[left.bv_len - sub->sa_final.bv_len],
+ sub->sa_final.bv_len );
+
+ if ( match != 0 ) {
+ goto done;
+ }
+
+ left.bv_len -= sub->sa_final.bv_len;
+ inlen -= sub->sa_final.bv_len;
+ }
+
+ if ( sub->sa_any ) {
+ for ( i = 0; !BER_BVISNULL( &sub->sa_any[i] ); i++ ) {
+ ber_len_t idx;
+ char *p;
+
+retry:
+ if ( inlen > left.bv_len ) {
+ /* not enough length */
+ match = 1;
+ goto done;
+ }
+
+ if ( BER_BVISEMPTY( &sub->sa_any[i] ) ) {
+ continue;
+ }
+
+ p = memchr( left.bv_val, *sub->sa_any[i].bv_val, left.bv_len );
+
+ if( p == NULL ) {
+ match = 1;
+ goto done;
+ }
+
+ idx = p - left.bv_val;
+
+ if ( idx >= left.bv_len ) {
+ /* this shouldn't happen */
+ return LDAP_OTHER;
+ }
+
+ left.bv_val = p;
+ left.bv_len -= idx;
+
+ if ( sub->sa_any[i].bv_len > left.bv_len ) {
+ /* not enough left */
+ match = 1;
+ goto done;
+ }
+
+ match = memcmp( left.bv_val,
+ sub->sa_any[i].bv_val,
+ sub->sa_any[i].bv_len );
+
+ if ( match != 0 ) {
+ left.bv_val++;
+ left.bv_len--;
+ goto retry;
+ }
+
+ left.bv_val += sub->sa_any[i].bv_len;
+ left.bv_len -= sub->sa_any[i].bv_len;
+ inlen -= sub->sa_any[i].bv_len;
+ }
+ }
+
+done:
+ *matchp = match;
+ return LDAP_SUCCESS;
+}
+
+/* Substrings Index generation function */
+static int
+octetStringSubstringsIndexer(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ BerVarray values,
+ BerVarray *keysp,
+ void *ctx )
+{
+ ber_len_t i, nkeys;
+ size_t slen, mlen;
+ BerVarray keys;
+
+ HASH_CONTEXT HCany, HCini, HCfin;
+ unsigned char HASHdigest[HASH_BYTES];
+ struct berval digest;
+ digest.bv_val = (char *)HASHdigest;
+ digest.bv_len = sizeof(HASHdigest);
+
+ nkeys = 0;
+
+ for ( i = 0; !BER_BVISNULL( &values[i] ); i++ ) {
+ /* count number of indices to generate */
+ if( flags & SLAP_INDEX_SUBSTR_INITIAL ) {
+ if( values[i].bv_len >= index_substr_if_maxlen ) {
+ nkeys += index_substr_if_maxlen -
+ (index_substr_if_minlen - 1);
+ } else if( values[i].bv_len >= index_substr_if_minlen ) {
+ nkeys += values[i].bv_len - (index_substr_if_minlen - 1);
+ }
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_ANY ) {
+ if( values[i].bv_len >= index_substr_any_len ) {
+ nkeys += values[i].bv_len - (index_substr_any_len - 1);
+ }
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_FINAL ) {
+ if( values[i].bv_len >= index_substr_if_maxlen ) {
+ nkeys += index_substr_if_maxlen -
+ (index_substr_if_minlen - 1);
+ } else if( values[i].bv_len >= index_substr_if_minlen ) {
+ nkeys += values[i].bv_len - (index_substr_if_minlen - 1);
+ }
+ }
+ }
+
+ if( nkeys == 0 ) {
+ /* no keys to generate */
+ *keysp = NULL;
+ return LDAP_SUCCESS;
+ }
+
+ keys = slap_sl_malloc( sizeof( struct berval ) * (nkeys+1), ctx );
+
+ slen = syntax->ssyn_oidlen;
+ mlen = mr->smr_oidlen;
+
+ if ( flags & SLAP_INDEX_SUBSTR_ANY )
+ hashPreset( &HCany, prefix, SLAP_INDEX_SUBSTR_PREFIX, syntax, mr );
+ if( flags & SLAP_INDEX_SUBSTR_INITIAL )
+ hashPreset( &HCini, prefix, SLAP_INDEX_SUBSTR_INITIAL_PREFIX, syntax, mr );
+ if( flags & SLAP_INDEX_SUBSTR_FINAL )
+ hashPreset( &HCfin, prefix, SLAP_INDEX_SUBSTR_FINAL_PREFIX, syntax, mr );
+
+ nkeys = 0;
+ for ( i = 0; !BER_BVISNULL( &values[i] ); i++ ) {
+ ber_len_t j,max;
+
+ if( ( flags & SLAP_INDEX_SUBSTR_ANY ) &&
+ ( values[i].bv_len >= index_substr_any_len ) )
+ {
+ max = values[i].bv_len - (index_substr_any_len - 1);
+
+ for( j=0; j<max; j++ ) {
+ hashIter( &HCany, HASHdigest,
+ (unsigned char *)&values[i].bv_val[j],
+ index_substr_any_len );
+ ber_dupbv_x( &keys[nkeys++], &digest, ctx );
+ }
+ }
+
+ /* skip if too short */
+ if( values[i].bv_len < index_substr_if_minlen ) continue;
+
+ max = index_substr_if_maxlen < values[i].bv_len
+ ? index_substr_if_maxlen : values[i].bv_len;
+
+ for( j=index_substr_if_minlen; j<=max; j++ ) {
+
+ if( flags & SLAP_INDEX_SUBSTR_INITIAL ) {
+ hashIter( &HCini, HASHdigest,
+ (unsigned char *)values[i].bv_val, j );
+ ber_dupbv_x( &keys[nkeys++], &digest, ctx );
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_FINAL ) {
+ hashIter( &HCfin, HASHdigest,
+ (unsigned char *)&values[i].bv_val[values[i].bv_len-j], j );
+ ber_dupbv_x( &keys[nkeys++], &digest, ctx );
+ }
+
+ }
+ }
+
+ if( nkeys > 0 ) {
+ BER_BVZERO( &keys[nkeys] );
+ *keysp = keys;
+ } else {
+ ch_free( keys );
+ *keysp = NULL;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+octetStringSubstringsFilter (
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ void * assertedValue,
+ BerVarray *keysp,
+ void *ctx)
+{
+ SubstringsAssertion *sa;
+ char pre;
+ ber_len_t nkeys = 0;
+ size_t slen, mlen, klen;
+ BerVarray keys;
+ HASH_CONTEXT HASHcontext;
+ unsigned char HASHdigest[HASH_BYTES];
+ struct berval *value;
+ struct berval digest;
+
+ sa = (SubstringsAssertion *) assertedValue;
+
+ if( flags & SLAP_INDEX_SUBSTR_INITIAL &&
+ !BER_BVISNULL( &sa->sa_initial ) &&
+ sa->sa_initial.bv_len >= index_substr_if_minlen )
+ {
+ nkeys++;
+ if ( sa->sa_initial.bv_len > index_substr_if_maxlen &&
+ ( flags & SLAP_INDEX_SUBSTR_ANY ))
+ {
+ nkeys += 1 + (sa->sa_initial.bv_len - index_substr_if_maxlen) / index_substr_any_step;
+ }
+ }
+
+ if ( flags & SLAP_INDEX_SUBSTR_ANY && sa->sa_any != NULL ) {
+ ber_len_t i;
+ for( i=0; !BER_BVISNULL( &sa->sa_any[i] ); i++ ) {
+ if( sa->sa_any[i].bv_len >= index_substr_any_len ) {
+ /* don't bother accounting with stepping */
+ nkeys += sa->sa_any[i].bv_len -
+ ( index_substr_any_len - 1 );
+ }
+ }
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_FINAL &&
+ !BER_BVISNULL( &sa->sa_final ) &&
+ sa->sa_final.bv_len >= index_substr_if_minlen )
+ {
+ nkeys++;
+ if ( sa->sa_final.bv_len > index_substr_if_maxlen &&
+ ( flags & SLAP_INDEX_SUBSTR_ANY ))
+ {
+ nkeys += 1 + (sa->sa_final.bv_len - index_substr_if_maxlen) / index_substr_any_step;
+ }
+ }
+
+ if( nkeys == 0 ) {
+ *keysp = NULL;
+ return LDAP_SUCCESS;
+ }
+
+ digest.bv_val = (char *)HASHdigest;
+ digest.bv_len = sizeof(HASHdigest);
+
+ slen = syntax->ssyn_oidlen;
+ mlen = mr->smr_oidlen;
+
+ keys = slap_sl_malloc( sizeof( struct berval ) * (nkeys+1), ctx );
+ nkeys = 0;
+
+ if( flags & SLAP_INDEX_SUBSTR_INITIAL &&
+ !BER_BVISNULL( &sa->sa_initial ) &&
+ sa->sa_initial.bv_len >= index_substr_if_minlen )
+ {
+ pre = SLAP_INDEX_SUBSTR_INITIAL_PREFIX;
+ value = &sa->sa_initial;
+
+ klen = index_substr_if_maxlen < value->bv_len
+ ? index_substr_if_maxlen : value->bv_len;
+
+ hashPreset( &HASHcontext, prefix, pre, syntax, mr );
+ hashIter( &HASHcontext, HASHdigest,
+ (unsigned char *)value->bv_val, klen );
+ ber_dupbv_x( &keys[nkeys++], &digest, ctx );
+
+ /* If initial is too long and we have subany indexed, use it
+ * to match the excess...
+ */
+ if (value->bv_len > index_substr_if_maxlen && (flags & SLAP_INDEX_SUBSTR_ANY))
+ {
+ ber_len_t j;
+ pre = SLAP_INDEX_SUBSTR_PREFIX;
+ hashPreset( &HASHcontext, prefix, pre, syntax, mr);
+ for ( j=index_substr_if_maxlen-1; j <= value->bv_len - index_substr_any_len; j+=index_substr_any_step )
+ {
+ hashIter( &HASHcontext, HASHdigest,
+ (unsigned char *)&value->bv_val[j], index_substr_any_len );
+ ber_dupbv_x( &keys[nkeys++], &digest, ctx );
+ }
+ }
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_ANY && sa->sa_any != NULL ) {
+ ber_len_t i, j;
+ pre = SLAP_INDEX_SUBSTR_PREFIX;
+ klen = index_substr_any_len;
+
+ for( i=0; !BER_BVISNULL( &sa->sa_any[i] ); i++ ) {
+ if( sa->sa_any[i].bv_len < index_substr_any_len ) {
+ continue;
+ }
+
+ value = &sa->sa_any[i];
+
+ hashPreset( &HASHcontext, prefix, pre, syntax, mr);
+ for(j=0;
+ j <= value->bv_len - index_substr_any_len;
+ j += index_substr_any_step )
+ {
+ hashIter( &HASHcontext, HASHdigest,
+ (unsigned char *)&value->bv_val[j], klen );
+ ber_dupbv_x( &keys[nkeys++], &digest, ctx );
+ }
+ }
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_FINAL &&
+ !BER_BVISNULL( &sa->sa_final ) &&
+ sa->sa_final.bv_len >= index_substr_if_minlen )
+ {
+ pre = SLAP_INDEX_SUBSTR_FINAL_PREFIX;
+ value = &sa->sa_final;
+
+ klen = index_substr_if_maxlen < value->bv_len
+ ? index_substr_if_maxlen : value->bv_len;
+
+ hashPreset( &HASHcontext, prefix, pre, syntax, mr );
+ hashIter( &HASHcontext, HASHdigest,
+ (unsigned char *)&value->bv_val[value->bv_len-klen], klen );
+ ber_dupbv_x( &keys[nkeys++], &digest, ctx );
+
+ /* If final is too long and we have subany indexed, use it
+ * to match the excess...
+ */
+ if (value->bv_len > index_substr_if_maxlen && (flags & SLAP_INDEX_SUBSTR_ANY))
+ {
+ ber_len_t j;
+ pre = SLAP_INDEX_SUBSTR_PREFIX;
+ hashPreset( &HASHcontext, prefix, pre, syntax, mr);
+ for ( j=0; j <= value->bv_len - index_substr_if_maxlen; j+=index_substr_any_step )
+ {
+ hashIter( &HASHcontext, HASHdigest,
+ (unsigned char *)&value->bv_val[j], index_substr_any_len );
+ ber_dupbv_x( &keys[nkeys++], &digest, ctx );
+ }
+ }
+ }
+
+ if( nkeys > 0 ) {
+ BER_BVZERO( &keys[nkeys] );
+ *keysp = keys;
+ } else {
+ ch_free( keys );
+ *keysp = NULL;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+bitStringValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ ber_len_t i;
+
+ /* very unforgiving validation, requires no normalization
+ * before simplistic matching
+ */
+ if( in->bv_len < 3 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /*
+ * RFC 2252 section 6.3 Bit String
+ * bitstring = "'" *binary-digit "'B"
+ * binary-digit = "0" / "1"
+ * example: '0101111101'B
+ */
+
+ if( in->bv_val[0] != '\'' ||
+ in->bv_val[in->bv_len - 2] != '\'' ||
+ in->bv_val[in->bv_len - 1] != 'B' )
+ {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ for( i = in->bv_len - 3; i > 0; i-- ) {
+ if( in->bv_val[i] != '0' && in->bv_val[i] != '1' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Syntax is [RFC2252]:
+ *
+
+6.3. Bit String
+
+ ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )
+
+ Values in this syntax are encoded according to the following BNF:
+
+ bitstring = "'" *binary-digit "'B"
+
+ binary-digit = "0" / "1"
+
+ ...
+
+6.21. Name And Optional UID
+
+ ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' )
+
+ Values in this syntax are encoded according to the following BNF:
+
+ NameAndOptionalUID = DistinguishedName [ "#" bitstring ]
+
+ Although the '#' character may occur in a string representation of a
+ distinguished name, no additional special quoting is done. This
+ syntax has been added subsequent to RFC 1778.
+
+ Example:
+
+ 1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB#'0101'B
+
+ *
+ * draft-ietf-ldapbis-syntaxes-xx.txt says:
+ *
+
+3.3.2. Bit String
+
+ A value of the Bit String syntax is a sequence of binary digits. The
+ LDAP-specific encoding of a value of this syntax is defined by the
+ following ABNF:
+
+ BitString = SQUOTE *binary-digit SQUOTE "B"
+
+ binary-digit = "0" / "1"
+
+ The <SQUOTE> rule is defined in [MODELS].
+
+ Example:
+ '0101111101'B
+
+ The LDAP definition for the Bit String syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )
+
+ This syntax corresponds to the BIT STRING ASN.1 type from [ASN.1].
+
+ ...
+
+3.3.21. Name and Optional UID
+
+ A value of the Name and Optional UID syntax is the distinguished name
+ [MODELS] of an entity optionally accompanied by a unique identifier
+ that serves to differentiate the entity from others with an identical
+ distinguished name.
+
+ The LDAP-specific encoding of a value of this syntax is defined by
+ the following ABNF:
+
+ NameAndOptionalUID = distinguishedName [ SHARP BitString ]
+
+ The <BitString> rule is defined in Section 3.3.2. The
+ <distinguishedName> rule is defined in [LDAPDN]. The <SHARP> rule is
+ defined in [MODELS].
+
+ Note that although the '#' character may occur in the string
+ representation of a distinguished name, no additional escaping of
+ this character is performed when a <distinguishedName> is encoded in
+ a <NameAndOptionalUID>.
+
+ Example:
+ 1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB#'0101'B
+
+ The LDAP definition for the Name and Optional UID syntax is:
+
+ ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' )
+
+ This syntax corresponds to the NameAndOptionalUID ASN.1 type from
+ [X.520].
+
+ *
+ * draft-ietf-ldapbis-models-xx.txt [MODELS] says:
+ *
+
+1.4. Common ABNF Productions
+
+ ...
+ SHARP = %x23 ; octothorpe (or sharp sign) ("#")
+ ...
+ SQUOTE = %x27 ; single quote ("'")
+ ...
+
+ *
+ * Note: normalization strips any leading "0"s, unless the
+ * bit string is exactly "'0'B", so the normalized example,
+ * in slapd, would result in
+ *
+ * 1.3.6.1.4.1.1466.0=#04024869,o=test,c=gb#'101'B
+ *
+ * Since draft-ietf-ldapbis-dn-xx.txt clarifies that SHARP,
+ * i.e. "#", doesn't have to be escaped except when at the
+ * beginning of a value, the definition of Name and Optional
+ * UID appears to be flawed, because there is no clear means
+ * to determine whether the UID part is present or not.
+ *
+ * Example:
+ *
+ * cn=Someone,dc=example,dc=com#'1'B
+ *
+ * could be either a NameAndOptionalUID with trailing UID, i.e.
+ *
+ * DN = "cn=Someone,dc=example,dc=com"
+ * UID = "'1'B"
+ *
+ * or a NameAndOptionalUID with no trailing UID, and the AVA
+ * in the last RDN made of
+ *
+ * attributeType = dc
+ * attributeValue = com#'1'B
+ *
+ * in fact "com#'1'B" is a valid IA5 string.
+ *
+ * As a consequence, current slapd code assumes that the
+ * presence of portions of a BitString at the end of the string
+ * representation of a NameAndOptionalUID means a BitString
+ * is expected, and cause an error otherwise. This is quite
+ * arbitrary, and might change in the future.
+ */
+
+
+static int
+nameUIDValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ int rc;
+ struct berval dn, uid;
+
+ if( BER_BVISEMPTY( in ) ) return LDAP_SUCCESS;
+
+ ber_dupbv( &dn, in );
+ if( !dn.bv_val ) return LDAP_OTHER;
+
+ /* if there's a "#", try bitStringValidate()... */
+ uid.bv_val = strrchr( dn.bv_val, '#' );
+ if ( !BER_BVISNULL( &uid ) ) {
+ uid.bv_val++;
+ uid.bv_len = dn.bv_len - ( uid.bv_val - dn.bv_val );
+
+ rc = bitStringValidate( NULL, &uid );
+ if ( rc == LDAP_SUCCESS ) {
+ /* in case of success, trim the UID,
+ * otherwise treat it as part of the DN */
+ dn.bv_len -= uid.bv_len + 1;
+ uid.bv_val[-1] = '\0';
+ }
+ }
+
+ rc = dnValidate( NULL, &dn );
+
+ ber_memfree( dn.bv_val );
+ return rc;
+}
+
+int
+nameUIDPretty(
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *out,
+ void *ctx )
+{
+ assert( val != NULL );
+ assert( out != NULL );
+
+
+ Debug( LDAP_DEBUG_TRACE, ">>> nameUIDPretty: <%s>\n", val->bv_val, 0, 0 );
+
+ if( BER_BVISEMPTY( val ) ) {
+ ber_dupbv_x( out, val, ctx );
+
+ } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
+
+ } else {
+ int rc;
+ struct berval dnval = *val;
+ struct berval uidval = BER_BVNULL;
+
+ uidval.bv_val = strrchr( val->bv_val, '#' );
+ if ( !BER_BVISNULL( &uidval ) ) {
+ uidval.bv_val++;
+ uidval.bv_len = val->bv_len - ( uidval.bv_val - val->bv_val );
+
+ rc = bitStringValidate( NULL, &uidval );
+
+ if ( rc == LDAP_SUCCESS ) {
+ ber_dupbv_x( &dnval, val, ctx );
+ dnval.bv_len -= uidval.bv_len + 1;
+ dnval.bv_val[dnval.bv_len] = '\0';
+
+ } else {
+ BER_BVZERO( &uidval );
+ }
+ }
+
+ rc = dnPretty( syntax, &dnval, out, ctx );
+ if ( dnval.bv_val != val->bv_val ) {
+ slap_sl_free( dnval.bv_val, ctx );
+ }
+ if( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if( !BER_BVISNULL( &uidval ) ) {
+ int i, c, got1;
+ char *tmp;
+
+ tmp = slap_sl_realloc( out->bv_val, out->bv_len
+ + STRLENOF( "#" ) + uidval.bv_len + 1,
+ ctx );
+ if( tmp == NULL ) {
+ ber_memfree_x( out->bv_val, ctx );
+ return LDAP_OTHER;
+ }
+ out->bv_val = tmp;
+ out->bv_val[out->bv_len++] = '#';
+ out->bv_val[out->bv_len++] = '\'';
+
+ got1 = uidval.bv_len < sizeof("'0'B");
+ for( i = 1; i < uidval.bv_len - 2; i++ ) {
+ c = uidval.bv_val[i];
+ switch(c) {
+ case '0':
+ if( got1 ) out->bv_val[out->bv_len++] = c;
+ break;
+ case '1':
+ got1 = 1;
+ out->bv_val[out->bv_len++] = c;
+ break;
+ }
+ }
+
+ out->bv_val[out->bv_len++] = '\'';
+ out->bv_val[out->bv_len++] = 'B';
+ out->bv_val[out->bv_len] = '\0';
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<<< nameUIDPretty: <%s>\n", out->bv_val, 0, 0 );
+
+ return LDAP_SUCCESS;
+}
+
+static int
+uniqueMemberNormalize(
+ slap_mask_t usage,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx )
+{
+ struct berval out;
+ int rc;
+
+ assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ));
+
+ ber_dupbv_x( &out, val, ctx );
+ if ( BER_BVISEMPTY( &out ) ) {
+ *normalized = out;
+
+ } else {
+ struct berval uid = BER_BVNULL;
+
+ uid.bv_val = strrchr( out.bv_val, '#' );
+ if ( !BER_BVISNULL( &uid ) ) {
+ uid.bv_val++;
+ uid.bv_len = out.bv_len - ( uid.bv_val - out.bv_val );
+
+ rc = bitStringValidate( NULL, &uid );
+ if ( rc == LDAP_SUCCESS ) {
+ uid.bv_val[-1] = '\0';
+ out.bv_len -= uid.bv_len + 1;
+ } else {
+ BER_BVZERO( &uid );
+ }
+ }
+
+ rc = dnNormalize( 0, NULL, NULL, &out, normalized, ctx );
+
+ if( rc != LDAP_SUCCESS ) {
+ slap_sl_free( out.bv_val, ctx );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if( !BER_BVISNULL( &uid ) ) {
+ char *tmp;
+
+ tmp = ch_realloc( normalized->bv_val,
+ normalized->bv_len + uid.bv_len
+ + STRLENOF("#") + 1 );
+ if ( tmp == NULL ) {
+ ber_memfree_x( normalized->bv_val, ctx );
+ return LDAP_OTHER;
+ }
+
+ normalized->bv_val = tmp;
+
+ /* insert the separator */
+ normalized->bv_val[normalized->bv_len++] = '#';
+
+ /* append the UID */
+ AC_MEMCPY( &normalized->bv_val[normalized->bv_len],
+ uid.bv_val, uid.bv_len );
+ normalized->bv_len += uid.bv_len;
+
+ /* terminate */
+ normalized->bv_val[normalized->bv_len] = '\0';
+ }
+
+ slap_sl_free( out.bv_val, ctx );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+uniqueMemberMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ int match;
+ struct berval *asserted = (struct berval *) assertedValue;
+ struct berval assertedDN = *asserted;
+ struct berval assertedUID = BER_BVNULL;
+ struct berval valueDN = *value;
+ struct berval valueUID = BER_BVNULL;
+ int approx = ((flags & SLAP_MR_EQUALITY_APPROX) == SLAP_MR_EQUALITY_APPROX);
+
+ if ( !BER_BVISEMPTY( asserted ) ) {
+ assertedUID.bv_val = strrchr( assertedDN.bv_val, '#' );
+ if ( !BER_BVISNULL( &assertedUID ) ) {
+ assertedUID.bv_val++;
+ assertedUID.bv_len = assertedDN.bv_len
+ - ( assertedUID.bv_val - assertedDN.bv_val );
+
+ if ( bitStringValidate( NULL, &assertedUID ) == LDAP_SUCCESS ) {
+ assertedDN.bv_len -= assertedUID.bv_len + 1;
+
+ } else {
+ BER_BVZERO( &assertedUID );
+ }
+ }
+ }
+
+ if ( !BER_BVISEMPTY( value ) ) {
+
+ valueUID.bv_val = strrchr( valueDN.bv_val, '#' );
+ if ( !BER_BVISNULL( &valueUID ) ) {
+ valueUID.bv_val++;
+ valueUID.bv_len = valueDN.bv_len
+ - ( valueUID.bv_val - valueDN.bv_val );
+
+ if ( bitStringValidate( NULL, &valueUID ) == LDAP_SUCCESS ) {
+ valueDN.bv_len -= valueUID.bv_len + 1;
+
+ } else {
+ BER_BVZERO( &valueUID );
+ }
+ }
+ }
+
+ if( valueUID.bv_len && assertedUID.bv_len ) {
+ match = valueUID.bv_len - assertedUID.bv_len;
+ if ( match ) {
+ *matchp = match;
+ return LDAP_SUCCESS;
+ }
+
+ match = memcmp( valueUID.bv_val, assertedUID.bv_val, valueUID.bv_len );
+ if( match ) {
+ *matchp = match;
+ return LDAP_SUCCESS;
+ }
+
+ } else if ( !approx && valueUID.bv_len ) {
+ match = -1;
+ *matchp = match;
+ return LDAP_SUCCESS;
+
+ } else if ( !approx && assertedUID.bv_len ) {
+ match = 1;
+ *matchp = match;
+ return LDAP_SUCCESS;
+ }
+
+ return dnMatch( matchp, flags, syntax, mr, &valueDN, &assertedDN );
+}
+
+static int
+uniqueMemberIndexer(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ BerVarray values,
+ BerVarray *keysp,
+ void *ctx )
+{
+ BerVarray dnvalues;
+ int rc;
+ int i;
+ for( i=0; !BER_BVISNULL( &values[i] ); i++ ) {
+ /* just count them */
+ }
+ assert( i > 0 );
+
+ dnvalues = slap_sl_malloc( sizeof( struct berval ) * (i+1), ctx );
+
+ for( i=0; !BER_BVISNULL( &values[i] ); i++ ) {
+ struct berval assertedDN = values[i];
+ struct berval assertedUID = BER_BVNULL;
+
+ if ( !BER_BVISEMPTY( &assertedDN ) ) {
+ assertedUID.bv_val = strrchr( assertedDN.bv_val, '#' );
+ if ( !BER_BVISNULL( &assertedUID ) ) {
+ assertedUID.bv_val++;
+ assertedUID.bv_len = assertedDN.bv_len
+ - ( assertedUID.bv_val - assertedDN.bv_val );
+
+ if ( bitStringValidate( NULL, &assertedUID ) == LDAP_SUCCESS ) {
+ assertedDN.bv_len -= assertedUID.bv_len + 1;
+
+ } else {
+ BER_BVZERO( &assertedUID );
+ }
+ }
+ }
+
+ dnvalues[i] = assertedDN;
+ }
+ BER_BVZERO( &dnvalues[i] );
+
+ rc = octetStringIndexer( use, flags, syntax, mr, prefix,
+ dnvalues, keysp, ctx );
+
+ slap_sl_free( dnvalues, ctx );
+ return rc;
+}
+
+static int
+uniqueMemberFilter(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ void * assertedValue,
+ BerVarray *keysp,
+ void *ctx )
+{
+ struct berval *asserted = (struct berval *) assertedValue;
+ struct berval assertedDN = *asserted;
+ struct berval assertedUID = BER_BVNULL;
+
+ if ( !BER_BVISEMPTY( asserted ) ) {
+ assertedUID.bv_val = strrchr( assertedDN.bv_val, '#' );
+ if ( !BER_BVISNULL( &assertedUID ) ) {
+ assertedUID.bv_val++;
+ assertedUID.bv_len = assertedDN.bv_len
+ - ( assertedUID.bv_val - assertedDN.bv_val );
+
+ if ( bitStringValidate( NULL, &assertedUID ) == LDAP_SUCCESS ) {
+ assertedDN.bv_len -= assertedUID.bv_len + 1;
+
+ } else {
+ BER_BVZERO( &assertedUID );
+ }
+ }
+ }
+
+ return octetStringFilter( use, flags, syntax, mr, prefix,
+ &assertedDN, keysp, ctx );
+}
+
+
+/*
+ * Handling boolean syntax and matching is quite rigid.
+ * A more flexible approach would be to allow a variety
+ * of strings to be normalized and prettied into TRUE
+ * and FALSE.
+ */
+static int
+booleanValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ /* very unforgiving validation, requires no normalization
+ * before simplistic matching
+ */
+
+ if( in->bv_len == 4 ) {
+ if( bvmatch( in, &slap_true_bv ) ) {
+ return LDAP_SUCCESS;
+ }
+ } else if( in->bv_len == 5 ) {
+ if( bvmatch( in, &slap_false_bv ) ) {
+ return LDAP_SUCCESS;
+ }
+ }
+
+ return LDAP_INVALID_SYNTAX;
+}
+
+static int
+booleanMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ /* simplistic matching allowed by rigid validation */
+ struct berval *asserted = (struct berval *) assertedValue;
+ *matchp = value->bv_len != asserted->bv_len;
+ return LDAP_SUCCESS;
+}
+
+/*-------------------------------------------------------------------
+LDAP/X.500 string syntax / matching rules have a few oddities. This
+comment attempts to detail how slapd(8) treats them.
+
+Summary:
+ StringSyntax X.500 LDAP Matching/Comments
+ DirectoryString CHOICE UTF8 i/e + ignore insignificant spaces
+ PrintableString subset subset i/e + ignore insignificant spaces
+ PrintableString subset subset i/e + ignore insignificant spaces
+ NumericString subset subset ignore all spaces
+ IA5String ASCII ASCII i/e + ignore insignificant spaces
+ TeletexString T.61 T.61 i/e + ignore insignificant spaces
+
+ TelephoneNumber subset subset i + ignore all spaces and "-"
+
+ See draft-ietf-ldapbis-strpro for details (once published).
+
+
+Directory String -
+ In X.500(93), a directory string can be either a PrintableString,
+ a bmpString, or a UniversalString (e.g., UCS (a subset of Unicode)).
+ In later versions, more CHOICEs were added. In all cases the string
+ must be non-empty.
+
+ In LDAPv3, a directory string is a UTF-8 encoded UCS string.
+ A directory string cannot be zero length.
+
+ For matching, there are both case ignore and exact rules. Both
+ also require that "insignificant" spaces be ignored.
+ spaces before the first non-space are ignored;
+ spaces after the last non-space are ignored;
+ spaces after a space are ignored.
+ Note: by these rules (and as clarified in X.520), a string of only
+ spaces is to be treated as if held one space, not empty (which
+ would be a syntax error).
+
+NumericString
+ In ASN.1, numeric string is just a string of digits and spaces
+ and could be empty. However, in X.500, all attribute values of
+ numeric string carry a non-empty constraint. For example:
+
+ internationalISDNNumber ATTRIBUTE ::= {
+ WITH SYNTAX InternationalISDNNumber
+ EQUALITY MATCHING RULE numericStringMatch
+ SUBSTRINGS MATCHING RULE numericStringSubstringsMatch
+ ID id-at-internationalISDNNumber }
+ InternationalISDNNumber ::=
+ NumericString (SIZE(1..ub-international-isdn-number))
+
+ Unforunately, some assertion values are don't carry the same
+ constraint (but its unclear how such an assertion could ever
+ be true). In LDAP, there is one syntax (numericString) not two
+ (numericString with constraint, numericString without constraint).
+ This should be treated as numericString with non-empty constraint.
+ Note that while someone may have no ISDN number, there are no ISDN
+ numbers which are zero length.
+
+ In matching, spaces are ignored.
+
+PrintableString
+ In ASN.1, Printable string is just a string of printable characters
+ and can be empty. In X.500, semantics much like NumericString (see
+ serialNumber for a like example) excepting uses insignificant space
+ handling instead of ignore all spaces.
+
+IA5String
+ Basically same as PrintableString. There are no examples in X.500,
+ but same logic applies. So we require them to be non-empty as
+ well.
+
+-------------------------------------------------------------------*/
+
+static int
+UTF8StringValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ ber_len_t count;
+ int len;
+ unsigned char *u = (unsigned char *)in->bv_val;
+
+ if( BER_BVISEMPTY( in ) && syntax == slap_schema.si_syn_directoryString ) {
+ /* directory strings cannot be empty */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ for( count = in->bv_len; count > 0; count -= len, u += len ) {
+ /* get the length indicated by the first byte */
+ len = LDAP_UTF8_CHARLEN2( u, len );
+
+ /* very basic checks */
+ switch( len ) {
+ case 6:
+ if( (u[5] & 0xC0) != 0x80 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ case 5:
+ if( (u[4] & 0xC0) != 0x80 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ case 4:
+ if( (u[3] & 0xC0) != 0x80 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ case 3:
+ if( (u[2] & 0xC0 )!= 0x80 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ case 2:
+ if( (u[1] & 0xC0) != 0x80 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ case 1:
+ /* CHARLEN already validated it */
+ break;
+ default:
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* make sure len corresponds with the offset
+ to the next character */
+ if( LDAP_UTF8_OFFSET( (char *)u ) != len ) return LDAP_INVALID_SYNTAX;
+ }
+
+ if( count != 0 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+UTF8StringNormalize(
+ slap_mask_t use,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx )
+{
+ struct berval tmp, nvalue;
+ int flags;
+ int i, wasspace;
+
+ assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use ));
+
+ if( BER_BVISNULL( val ) ) {
+ /* assume we're dealing with a syntax (e.g., UTF8String)
+ * which allows empty strings
+ */
+ BER_BVZERO( normalized );
+ return LDAP_SUCCESS;
+ }
+
+ flags = SLAP_MR_ASSOCIATED( mr, slap_schema.si_mr_caseExactMatch )
+ ? LDAP_UTF8_NOCASEFOLD : LDAP_UTF8_CASEFOLD;
+ flags |= ( ( use & SLAP_MR_EQUALITY_APPROX ) == SLAP_MR_EQUALITY_APPROX )
+ ? LDAP_UTF8_APPROX : 0;
+
+ val = UTF8bvnormalize( val, &tmp, flags, ctx );
+ if( val == NULL ) {
+ return LDAP_OTHER;
+ }
+
+ /* collapse spaces (in place) */
+ nvalue.bv_len = 0;
+ nvalue.bv_val = tmp.bv_val;
+
+ /* trim leading spaces? */
+ wasspace = !((( use & SLAP_MR_SUBSTR_ANY ) == SLAP_MR_SUBSTR_ANY ) ||
+ (( use & SLAP_MR_SUBSTR_FINAL ) == SLAP_MR_SUBSTR_FINAL ));
+
+ for( i = 0; i < tmp.bv_len; i++) {
+ if ( ASCII_SPACE( tmp.bv_val[i] )) {
+ if( wasspace++ == 0 ) {
+ /* trim repeated spaces */
+ nvalue.bv_val[nvalue.bv_len++] = tmp.bv_val[i];
+ }
+ } else {
+ wasspace = 0;
+ nvalue.bv_val[nvalue.bv_len++] = tmp.bv_val[i];
+ }
+ }
+
+ if( !BER_BVISEMPTY( &nvalue ) ) {
+ /* trim trailing space? */
+ if( wasspace && (
+ (( use & SLAP_MR_SUBSTR_INITIAL ) != SLAP_MR_SUBSTR_INITIAL ) &&
+ ( use & SLAP_MR_SUBSTR_ANY ) != SLAP_MR_SUBSTR_ANY ))
+ {
+ --nvalue.bv_len;
+ }
+ nvalue.bv_val[nvalue.bv_len] = '\0';
+
+ } else {
+ /* string of all spaces is treated as one space */
+ nvalue.bv_val[0] = ' ';
+ nvalue.bv_val[1] = '\0';
+ nvalue.bv_len = 1;
+ }
+
+ *normalized = nvalue;
+ return LDAP_SUCCESS;
+}
+
+static int
+directoryStringSubstringsMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ int match = 0;
+ SubstringsAssertion *sub = assertedValue;
+ struct berval left = *value;
+ int i;
+ int priorspace=0;
+
+ if ( !BER_BVISNULL( &sub->sa_initial ) ) {
+ if ( sub->sa_initial.bv_len > left.bv_len ) {
+ /* not enough left */
+ match = 1;
+ goto done;
+ }
+
+ match = memcmp( sub->sa_initial.bv_val, left.bv_val,
+ sub->sa_initial.bv_len );
+
+ if ( match != 0 ) {
+ goto done;
+ }
+
+ left.bv_val += sub->sa_initial.bv_len;
+ left.bv_len -= sub->sa_initial.bv_len;
+
+ priorspace = ASCII_SPACE(
+ sub->sa_initial.bv_val[sub->sa_initial.bv_len] );
+ }
+
+ if ( sub->sa_any ) {
+ for ( i = 0; !BER_BVISNULL( &sub->sa_any[i] ); i++ ) {
+ ber_len_t idx;
+ char *p;
+
+ if( priorspace && !BER_BVISEMPTY( &sub->sa_any[i] )
+ && ASCII_SPACE( sub->sa_any[i].bv_val[0] ))
+ {
+ /* allow next space to match */
+ left.bv_val--;
+ left.bv_len++;
+ }
+ priorspace=0;
+
+retry:
+ if ( BER_BVISEMPTY( &sub->sa_any[i] ) ) {
+ continue;
+ }
+
+ if ( sub->sa_any[i].bv_len > left.bv_len ) {
+ /* not enough left */
+ match = 1;
+ goto done;
+ }
+
+ p = memchr( left.bv_val, *sub->sa_any[i].bv_val, left.bv_len );
+
+ if( p == NULL ) {
+ match = 1;
+ goto done;
+ }
+
+ idx = p - left.bv_val;
+
+ if ( idx >= left.bv_len ) {
+ /* this shouldn't happen */
+ return LDAP_OTHER;
+ }
+
+ left.bv_val = p;
+ left.bv_len -= idx;
+
+ if ( sub->sa_any[i].bv_len > left.bv_len ) {
+ /* not enough left */
+ match = 1;
+ goto done;
+ }
+
+ match = memcmp( left.bv_val,
+ sub->sa_any[i].bv_val,
+ sub->sa_any[i].bv_len );
+
+ if ( match != 0 ) {
+ left.bv_val++;
+ left.bv_len--;
+ goto retry;
+ }
+
+ left.bv_val += sub->sa_any[i].bv_len;
+ left.bv_len -= sub->sa_any[i].bv_len;
+
+ priorspace = ASCII_SPACE(
+ sub->sa_any[i].bv_val[sub->sa_any[i].bv_len] );
+ }
+ }
+
+ if ( !BER_BVISNULL( &sub->sa_final ) ) {
+ if( priorspace && !BER_BVISEMPTY( &sub->sa_final )
+ && ASCII_SPACE( sub->sa_final.bv_val[0] ))
+ {
+ /* allow next space to match */
+ left.bv_val--;
+ left.bv_len++;
+ }
+
+ if ( sub->sa_final.bv_len > left.bv_len ) {
+ /* not enough left */
+ match = 1;
+ goto done;
+ }
+
+ match = memcmp( sub->sa_final.bv_val,
+ &left.bv_val[left.bv_len - sub->sa_final.bv_len],
+ sub->sa_final.bv_len );
+
+ if ( match != 0 ) {
+ goto done;
+ }
+ }
+
+done:
+ *matchp = match;
+ return LDAP_SUCCESS;
+}
+
+#if defined(SLAPD_APPROX_INITIALS)
+# define SLAPD_APPROX_DELIMITER "._ "
+# define SLAPD_APPROX_WORDLEN 2
+#else
+# define SLAPD_APPROX_DELIMITER " "
+# define SLAPD_APPROX_WORDLEN 1
+#endif
+
+static int
+approxMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ struct berval *nval, *assertv;
+ char *val, **values, **words, *c;
+ int i, count, len, nextchunk=0, nextavail=0;
+
+ /* Yes, this is necessary */
+ nval = UTF8bvnormalize( value, NULL, LDAP_UTF8_APPROX, NULL );
+ if( nval == NULL ) {
+ *matchp = 1;
+ return LDAP_SUCCESS;
+ }
+
+ /* Yes, this is necessary */
+ assertv = UTF8bvnormalize( ((struct berval *)assertedValue),
+ NULL, LDAP_UTF8_APPROX, NULL );
+ if( assertv == NULL ) {
+ ber_bvfree( nval );
+ *matchp = 1;
+ return LDAP_SUCCESS;
+ }
+
+ /* Isolate how many words there are */
+ for ( c = nval->bv_val, count = 1; *c; c++ ) {
+ c = strpbrk( c, SLAPD_APPROX_DELIMITER );
+ if ( c == NULL ) break;
+ *c = '\0';
+ count++;
+ }
+
+ /* Get a phonetic copy of each word */
+ words = (char **)ch_malloc( count * sizeof(char *) );
+ values = (char **)ch_malloc( count * sizeof(char *) );
+ for ( c = nval->bv_val, i = 0; i < count; i++, c += strlen(c) + 1 ) {
+ words[i] = c;
+ values[i] = phonetic(c);
+ }
+
+ /* Work through the asserted value's words, to see if at least some
+ of the words are there, in the same order. */
+ len = 0;
+ while ( (ber_len_t) nextchunk < assertv->bv_len ) {
+ len = strcspn( assertv->bv_val + nextchunk, SLAPD_APPROX_DELIMITER);
+ if( len == 0 ) {
+ nextchunk++;
+ continue;
+ }
+#if defined(SLAPD_APPROX_INITIALS)
+ else if( len == 1 ) {
+ /* Single letter words need to at least match one word's initial */
+ for( i=nextavail; i<count; i++ )
+ if( !strncasecmp( assertv->bv_val + nextchunk, words[i], 1 )) {
+ nextavail=i+1;
+ break;
+ }
+ }
+#endif
+ else {
+ /* Isolate the next word in the asserted value and phonetic it */
+ assertv->bv_val[nextchunk+len] = '\0';
+ val = phonetic( assertv->bv_val + nextchunk );
+
+ /* See if this phonetic chunk is in the remaining words of *value */
+ for( i=nextavail; i<count; i++ ){
+ if( !strcmp( val, values[i] ) ){
+ nextavail = i+1;
+ break;
+ }
+ }
+ ch_free( val );
+ }
+
+ /* This chunk in the asserted value was NOT within the *value. */
+ if( i >= count ) {
+ nextavail=-1;
+ break;
+ }
+
+ /* Go on to the next word in the asserted value */
+ nextchunk += len+1;
+ }
+
+ /* If some of the words were seen, call it a match */
+ if( nextavail > 0 ) {
+ *matchp = 0;
+ }
+ else {
+ *matchp = 1;
+ }
+
+ /* Cleanup allocs */
+ ber_bvfree( assertv );
+ for( i=0; i<count; i++ ) {
+ ch_free( values[i] );
+ }
+ ch_free( values );
+ ch_free( words );
+ ber_bvfree( nval );
+
+ return LDAP_SUCCESS;
+}
+
+static int
+approxIndexer(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ BerVarray values,
+ BerVarray *keysp,
+ void *ctx )
+{
+ char *c;
+ int i,j, len, wordcount, keycount=0;
+ struct berval *newkeys;
+ BerVarray keys=NULL;
+
+ for( j = 0; !BER_BVISNULL( &values[j] ); j++ ) {
+ struct berval val = BER_BVNULL;
+ /* Yes, this is necessary */
+ UTF8bvnormalize( &values[j], &val, LDAP_UTF8_APPROX, NULL );
+ assert( !BER_BVISNULL( &val ) );
+
+ /* Isolate how many words there are. There will be a key for each */
+ for( wordcount = 0, c = val.bv_val; *c; c++) {
+ len = strcspn(c, SLAPD_APPROX_DELIMITER);
+ if( len >= SLAPD_APPROX_WORDLEN ) wordcount++;
+ c+= len;
+ if (*c == '\0') break;
+ *c = '\0';
+ }
+
+ /* Allocate/increase storage to account for new keys */
+ newkeys = (struct berval *)ch_malloc( (keycount + wordcount + 1)
+ * sizeof(struct berval) );
+ AC_MEMCPY( newkeys, keys, keycount * sizeof(struct berval) );
+ if( keys ) ch_free( keys );
+ keys = newkeys;
+
+ /* Get a phonetic copy of each word */
+ for( c = val.bv_val, i = 0; i < wordcount; c += len + 1 ) {
+ len = strlen( c );
+ if( len < SLAPD_APPROX_WORDLEN ) continue;
+ ber_str2bv( phonetic( c ), 0, 0, &keys[keycount] );
+ keycount++;
+ i++;
+ }
+
+ ber_memfree( val.bv_val );
+ }
+ BER_BVZERO( &keys[keycount] );
+ *keysp = keys;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+approxFilter(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ void * assertedValue,
+ BerVarray *keysp,
+ void *ctx )
+{
+ char *c;
+ int i, count, len;
+ struct berval *val;
+ BerVarray keys;
+
+ /* Yes, this is necessary */
+ val = UTF8bvnormalize( ((struct berval *)assertedValue),
+ NULL, LDAP_UTF8_APPROX, NULL );
+ if( val == NULL || BER_BVISNULL( val ) ) {
+ keys = (struct berval *)ch_malloc( sizeof(struct berval) );
+ BER_BVZERO( &keys[0] );
+ *keysp = keys;
+ ber_bvfree( val );
+ return LDAP_SUCCESS;
+ }
+
+ /* Isolate how many words there are. There will be a key for each */
+ for( count = 0,c = val->bv_val; *c; c++) {
+ len = strcspn(c, SLAPD_APPROX_DELIMITER);
+ if( len >= SLAPD_APPROX_WORDLEN ) count++;
+ c+= len;
+ if (*c == '\0') break;
+ *c = '\0';
+ }
+
+ /* Allocate storage for new keys */
+ keys = (struct berval *)ch_malloc( (count + 1) * sizeof(struct berval) );
+
+ /* Get a phonetic copy of each word */
+ for( c = val->bv_val, i = 0; i < count; c += len + 1 ) {
+ len = strlen(c);
+ if( len < SLAPD_APPROX_WORDLEN ) continue;
+ ber_str2bv( phonetic( c ), 0, 0, &keys[i] );
+ i++;
+ }
+
+ ber_bvfree( val );
+
+ BER_BVZERO( &keys[count] );
+ *keysp = keys;
+
+ return LDAP_SUCCESS;
+}
+
+/* Remove all spaces and '-' characters */
+static int
+telephoneNumberNormalize(
+ slap_mask_t usage,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx )
+{
+ char *p, *q;
+
+ assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ));
+
+ /* validator should have refused an empty string */
+ assert( !BER_BVISEMPTY( val ) );
+
+ q = normalized->bv_val = slap_sl_malloc( val->bv_len + 1, ctx );
+
+ for( p = val->bv_val; *p; p++ ) {
+ if ( ! ( ASCII_SPACE( *p ) || *p == '-' )) {
+ *q++ = *p;
+ }
+ }
+ *q = '\0';
+
+ normalized->bv_len = q - normalized->bv_val;
+
+ if( BER_BVISEMPTY( normalized ) ) {
+ slap_sl_free( normalized->bv_val, ctx );
+ BER_BVZERO( normalized );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int
+numericoidValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ struct berval val = *in;
+
+ if( BER_BVISEMPTY( &val ) ) {
+ /* disallow empty strings */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ while( OID_LEADCHAR( val.bv_val[0] ) ) {
+ if ( val.bv_len == 1 ) {
+ return LDAP_SUCCESS;
+ }
+
+ if ( val.bv_val[0] == '0' && !OID_SEPARATOR( val.bv_val[1] )) {
+ break;
+ }
+
+ val.bv_val++;
+ val.bv_len--;
+
+ while ( OID_LEADCHAR( val.bv_val[0] )) {
+ val.bv_val++;
+ val.bv_len--;
+
+ if ( val.bv_len == 0 ) {
+ return LDAP_SUCCESS;
+ }
+ }
+
+ if( !OID_SEPARATOR( val.bv_val[0] )) {
+ break;
+ }
+
+ val.bv_val++;
+ val.bv_len--;
+ }
+
+ return LDAP_INVALID_SYNTAX;
+}
+
+static int
+integerValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ ber_len_t i;
+ struct berval val = *in;
+
+ if ( BER_BVISEMPTY( &val ) ) return LDAP_INVALID_SYNTAX;
+
+ if ( val.bv_val[0] == '-' ) {
+ val.bv_len--;
+ val.bv_val++;
+
+ if( BER_BVISEMPTY( &val ) ) { /* bare "-" */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if( val.bv_val[0] == '0' ) { /* "-0" */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ } else if ( val.bv_val[0] == '0' ) {
+ if( val.bv_len > 1 ) { /* "0<more>" */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ return LDAP_SUCCESS;
+ }
+
+ for( i=0; i < val.bv_len; i++ ) {
+ if( !ASCII_DIGIT(val.bv_val[i]) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+integerMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ struct berval *asserted = (struct berval *) assertedValue;
+ int vsign = 1, asign = 1; /* default sign = '+' */
+ struct berval v, a;
+ int match;
+
+ v = *value;
+ if( v.bv_val[0] == '-' ) {
+ vsign = -1;
+ v.bv_val++;
+ v.bv_len--;
+ }
+
+ if( BER_BVISEMPTY( &v ) ) vsign = 0;
+
+ a = *asserted;
+ if( a.bv_val[0] == '-' ) {
+ asign = -1;
+ a.bv_val++;
+ a.bv_len--;
+ }
+
+ if( BER_BVISEMPTY( &a ) ) vsign = 0;
+
+ match = vsign - asign;
+ if( match == 0 ) {
+ match = ( v.bv_len != a.bv_len
+ ? ( v.bv_len < a.bv_len ? -1 : 1 )
+ : memcmp( v.bv_val, a.bv_val, v.bv_len ));
+ if( vsign < 0 ) match = -match;
+ }
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+}
+
+static int
+countryStringValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+ if( val->bv_len != 2 ) return LDAP_INVALID_SYNTAX;
+
+ if( !SLAP_PRINTABLE(val->bv_val[0]) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ if( !SLAP_PRINTABLE(val->bv_val[1]) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+printableStringValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+ ber_len_t i;
+
+ if( BER_BVISEMPTY( val ) ) return LDAP_INVALID_SYNTAX;
+
+ for(i=0; i < val->bv_len; i++) {
+ if( !SLAP_PRINTABLE(val->bv_val[i]) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+printablesStringValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+ ber_len_t i, len;
+
+ if( BER_BVISEMPTY( val ) ) return LDAP_INVALID_SYNTAX;
+
+ for(i=0,len=0; i < val->bv_len; i++) {
+ int c = val->bv_val[i];
+
+ if( c == '$' ) {
+ if( len == 0 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ len = 0;
+
+ } else if ( SLAP_PRINTABLE(c) ) {
+ len++;
+ } else {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ if( len == 0 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+IA5StringValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+ ber_len_t i;
+
+ for(i=0; i < val->bv_len; i++) {
+ if( !LDAP_ASCII(val->bv_val[i]) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+IA5StringNormalize(
+ slap_mask_t use,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx )
+{
+ char *p, *q;
+ int casefold = !SLAP_MR_ASSOCIATED(mr, slap_schema.si_mr_caseExactIA5Match);
+
+ assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use ));
+
+ p = val->bv_val;
+
+ /* Ignore initial whitespace */
+ while ( ASCII_SPACE( *p ) ) p++;
+
+ normalized->bv_val = ber_strdup_x( p, ctx );
+ p = q = normalized->bv_val;
+
+ while ( *p ) {
+ if ( ASCII_SPACE( *p ) ) {
+ *q++ = *p++;
+
+ /* Ignore the extra whitespace */
+ while ( ASCII_SPACE( *p ) ) {
+ p++;
+ }
+
+ } else if ( casefold ) {
+ /* Most IA5 rules require casefolding */
+ *q++ = TOLOWER(*p); p++;
+
+ } else {
+ *q++ = *p++;
+ }
+ }
+
+ assert( normalized->bv_val <= p );
+ assert( q <= p );
+
+ /*
+ * If the string ended in space, backup the pointer one
+ * position. One is enough because the above loop collapsed
+ * all whitespace to a single space.
+ */
+ if ( ASCII_SPACE( q[-1] ) ) --q;
+
+ /* null terminate */
+ *q = '\0';
+
+ normalized->bv_len = q - normalized->bv_val;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+UUIDValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ int i;
+ if( in->bv_len != 36 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ for( i=0; i<36; i++ ) {
+ switch(i) {
+ case 8:
+ case 13:
+ case 18:
+ case 23:
+ if( in->bv_val[i] != '-' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ break;
+ default:
+ if( !ASCII_HEX( in->bv_val[i]) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+UUIDPretty(
+ Syntax *syntax,
+ struct berval *in,
+ struct berval *out,
+ void *ctx )
+{
+ int i;
+ int rc=LDAP_INVALID_SYNTAX;
+
+ assert( in != NULL );
+ assert( out != NULL );
+
+ if( in->bv_len != 36 ) return LDAP_INVALID_SYNTAX;
+
+ out->bv_len = 36;
+ out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx );
+
+ for( i=0; i<36; i++ ) {
+ switch(i) {
+ case 8:
+ case 13:
+ case 18:
+ case 23:
+ if( in->bv_val[i] != '-' ) {
+ goto handle_error;
+ }
+ out->bv_val[i] = '-';
+ break;
+
+ default:
+ if( !ASCII_HEX( in->bv_val[i]) ) {
+ goto handle_error;
+ }
+ out->bv_val[i] = TOLOWER( in->bv_val[i] );
+ }
+ }
+
+ rc = LDAP_SUCCESS;
+ out->bv_val[ out->bv_len ] = '\0';
+
+ if( 0 ) {
+handle_error:
+ slap_sl_free( out->bv_val, ctx );
+ out->bv_val = NULL;
+ }
+
+ return rc;
+}
+
+int
+UUIDNormalize(
+ slap_mask_t usage,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx )
+{
+ unsigned char octet = '\0';
+ int i;
+ int j;
+ normalized->bv_len = 16;
+ normalized->bv_val = slap_sl_malloc( normalized->bv_len + 1, ctx );
+
+ for( i=0, j=0; i<36; i++ ) {
+ unsigned char nibble;
+ if( val->bv_val[i] == '-' ) {
+ continue;
+
+ } else if( ASCII_DIGIT( val->bv_val[i] ) ) {
+ nibble = val->bv_val[i] - '0';
+
+ } else if( ASCII_HEXLOWER( val->bv_val[i] ) ) {
+ nibble = val->bv_val[i] - ('a'-10);
+
+ } else if( ASCII_HEXUPPER( val->bv_val[i] ) ) {
+ nibble = val->bv_val[i] - ('A'-10);
+
+ } else {
+ slap_sl_free( normalized->bv_val, ctx );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if( j & 1 ) {
+ octet |= nibble;
+ normalized->bv_val[j>>1] = octet;
+ } else {
+ octet = nibble << 4;
+ }
+ j++;
+ }
+
+ normalized->bv_val[normalized->bv_len] = 0;
+ return LDAP_SUCCESS;
+}
+
+
+
+static int
+numericStringValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ ber_len_t i;
+
+ if( BER_BVISEMPTY( in ) ) return LDAP_INVALID_SYNTAX;
+
+ for(i=0; i < in->bv_len; i++) {
+ if( !SLAP_NUMERIC(in->bv_val[i]) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+numericStringNormalize(
+ slap_mask_t usage,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx )
+{
+ /* removal all spaces */
+ char *p, *q;
+
+ assert( !BER_BVISEMPTY( val ) );
+
+ normalized->bv_val = slap_sl_malloc( val->bv_len + 1, ctx );
+
+ p = val->bv_val;
+ q = normalized->bv_val;
+
+ while ( *p ) {
+ if ( ASCII_SPACE( *p ) ) {
+ /* Ignore whitespace */
+ p++;
+ } else {
+ *q++ = *p++;
+ }
+ }
+
+ /* we should have copied no more then is in val */
+ assert( (q - normalized->bv_val) <= (p - val->bv_val) );
+
+ /* null terminate */
+ *q = '\0';
+
+ normalized->bv_len = q - normalized->bv_val;
+
+ if( BER_BVISEMPTY( normalized ) ) {
+ normalized->bv_val = slap_sl_realloc( normalized->bv_val, 2, ctx );
+ normalized->bv_val[0] = ' ';
+ normalized->bv_val[1] = '\0';
+ normalized->bv_len = 1;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Integer conversion macros that will use the largest available
+ * type.
+ */
+#if defined(HAVE_STRTOLL) && defined(HAVE_LONG_LONG)
+# define SLAP_STRTOL(n,e,b) strtoll(n,e,b)
+# define SLAP_LONG long long
+#else
+# define SLAP_STRTOL(n,e,b) strtol(n,e,b)
+# define SLAP_LONG long
+#endif /* HAVE_STRTOLL ... */
+
+static int
+integerBitAndMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ SLAP_LONG lValue, lAssertedValue;
+
+ errno = 0;
+ /* safe to assume integers are NUL terminated? */
+ lValue = SLAP_STRTOL(value->bv_val, NULL, 10);
+ if( errno == ERANGE )
+ {
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+
+ lAssertedValue = SLAP_STRTOL(((struct berval *)assertedValue)->bv_val,
+ NULL, 10);
+ if( errno == ERANGE )
+ {
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+
+ *matchp = ((lValue & lAssertedValue) == lAssertedValue) ? 0 : 1;
+ return LDAP_SUCCESS;
+}
+
+static int
+integerBitOrMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ SLAP_LONG lValue, lAssertedValue;
+
+ errno = 0;
+ /* safe to assume integers are NUL terminated? */
+ lValue = SLAP_STRTOL(value->bv_val, NULL, 10);
+ if( errno == ERANGE )
+ {
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+
+ lAssertedValue = SLAP_STRTOL( ((struct berval *)assertedValue)->bv_val,
+ NULL, 10);
+ if( errno == ERANGE )
+ {
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+
+ *matchp = ((lValue & lAssertedValue) != 0) ? 0 : -1;
+ return LDAP_SUCCESS;
+}
+
+static int
+serialNumberAndIssuerValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ int rc;
+ ber_len_t n;
+ struct berval sn, i;
+ if( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
+
+ i.bv_val = ber_bvchr( in, '$' );
+ if( BER_BVISNULL( &i ) ) return LDAP_INVALID_SYNTAX;
+
+ sn.bv_val = in->bv_val;
+ sn.bv_len = i.bv_val - in->bv_val;
+
+ i.bv_val++;
+ i.bv_len = in->bv_len - (sn.bv_len + 1);
+
+ /* validate serial number (strict for now) */
+ for( n=0; n < sn.bv_len; n++ ) {
+ if( !ASCII_DIGIT(sn.bv_val[n]) ) return LDAP_INVALID_SYNTAX;
+ }
+
+ /* validate DN */
+ rc = dnValidate( NULL, &i );
+ if( rc ) return LDAP_INVALID_SYNTAX;
+
+ return LDAP_SUCCESS;
+}
+
+int
+serialNumberAndIssuerPretty(
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *out,
+ void *ctx )
+{
+ int rc;
+ ber_len_t n;
+ struct berval sn, i, newi;
+
+ assert( val != NULL );
+ assert( out != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, ">>> serialNumberAndIssuerPretty: <%s>\n",
+ val->bv_val, 0, 0 );
+
+ if( val->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
+
+ i.bv_val = ber_bvchr( val, '$' );
+ if( BER_BVISNULL( &i ) ) return LDAP_INVALID_SYNTAX;
+
+ sn.bv_val = val->bv_val;
+ sn.bv_len = i.bv_val - val->bv_val;
+
+ i.bv_val++;
+ i.bv_len = val->bv_len - (sn.bv_len + 1);
+
+ /* eat leading zeros */
+ for( n=0; n < (sn.bv_len-1); n++ ) {
+ if( sn.bv_val[n] != '0' ) break;
+ }
+ sn.bv_val += n;
+ sn.bv_len -= n;
+
+ for( n=0; n < sn.bv_len; n++ ) {
+ if( !ASCII_DIGIT(sn.bv_val[n]) ) return LDAP_INVALID_SYNTAX;
+ }
+
+ /* pretty DN */
+ rc = dnPretty( syntax, &i, &newi, ctx );
+ if( rc ) return LDAP_INVALID_SYNTAX;
+
+ /* make room from sn + "$" */
+ out->bv_len = sn.bv_len + newi.bv_len + 1;
+ out->bv_val = slap_sl_realloc( newi.bv_val, out->bv_len + 1, ctx );
+
+ if( out->bv_val == NULL ) {
+ out->bv_len = 0;
+ slap_sl_free( newi.bv_val, ctx );
+ return LDAP_OTHER;
+ }
+
+ /* push issuer over */
+ AC_MEMCPY( &out->bv_val[sn.bv_len+1], out->bv_val, newi.bv_len );
+ /* insert sn and "$" */
+ AC_MEMCPY( out->bv_val, sn.bv_val, sn.bv_len );
+ out->bv_val[sn.bv_len] = '$';
+ /* terminate */
+ out->bv_val[out->bv_len] = '\0';
+
+ Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerPretty: <%s>\n",
+ out->bv_val, 0, 0 );
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * This routine is called by certificateExactNormalize when
+ * certificateExactNormalize receives a search string instead of
+ * a certificate. This routine checks if the search value is valid
+ * and then returns the normalized value
+ */
+static int
+serialNumberAndIssuerNormalize(
+ slap_mask_t usage,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *out,
+ void *ctx )
+{
+ int rc;
+ ber_len_t n;
+ struct berval sn, i, newi;
+
+ assert( val != NULL );
+ assert( out != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, ">>> serialNumberAndIssuerNormalize: <%s>\n",
+ val->bv_val, 0, 0 );
+
+ if( val->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
+
+ i.bv_val = ber_bvchr( val, '$' );
+ if( BER_BVISNULL( &i ) ) return LDAP_INVALID_SYNTAX;
+
+ sn.bv_val = val->bv_val;
+ sn.bv_len = i.bv_val - val->bv_val;
+
+ i.bv_val++;
+ i.bv_len = val->bv_len - (sn.bv_len + 1);
+
+ /* eat leading zeros */
+ for( n=0; n < (sn.bv_len-1); n++ ) {
+ if( sn.bv_val[n] != '0' ) break;
+ }
+ sn.bv_val += n;
+ sn.bv_len -= n;
+
+ for( n=0; n < sn.bv_len; n++ ) {
+ if( !ASCII_DIGIT(sn.bv_val[n]) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ /* pretty DN */
+ rc = dnNormalize( usage, syntax, mr, &i, &newi, ctx );
+ if( rc ) return LDAP_INVALID_SYNTAX;
+
+ /* make room from sn + "$" */
+ out->bv_len = sn.bv_len + newi.bv_len + 1;
+ out->bv_val = slap_sl_realloc( newi.bv_val, out->bv_len + 1, ctx );
+
+ if( out->bv_val == NULL ) {
+ out->bv_len = 0;
+ slap_sl_free( newi.bv_val, ctx );
+ return LDAP_OTHER;
+ }
+
+ /* push issuer over */
+ AC_MEMCPY( &out->bv_val[sn.bv_len+1], out->bv_val, newi.bv_len );
+ /* insert sn and "$" */
+ AC_MEMCPY( out->bv_val, sn.bv_val, sn.bv_len );
+ out->bv_val[sn.bv_len] = '$';
+ /* terminate */
+ out->bv_val[out->bv_len] = '\0';
+
+ Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerNormalize: <%s>\n",
+ out->bv_val, 0, 0 );
+
+ return rc;
+}
+
+#ifdef HAVE_TLS
+static int
+certificateExactNormalize(
+ slap_mask_t usage,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx )
+{
+ int rc = LDAP_INVALID_SYNTAX;
+ unsigned char *p;
+ char *serial = NULL;
+ ber_len_t seriallen;
+ struct berval issuer_dn = BER_BVNULL;
+ X509_NAME *name = NULL;
+ ASN1_INTEGER *sn = NULL;
+ X509 *xcert = NULL;
+
+ if( BER_BVISEMPTY( val ) ) goto done;
+
+ if( SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX(usage) ) {
+ return serialNumberAndIssuerNormalize(0,NULL,NULL,val,normalized,ctx);
+ }
+
+ assert( SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX(usage) );
+
+ p = (unsigned char *)val->bv_val;
+ xcert = d2i_X509( NULL, &p, val->bv_len);
+ if( xcert == NULL ) goto done;
+
+ sn=X509_get_serialNumber(xcert);
+ if ( sn == NULL ) goto done;
+ serial=i2s_ASN1_INTEGER(0, sn );
+ if( serial == NULL ) goto done;
+ seriallen=strlen(serial);
+
+ name=X509_get_issuer_name(xcert);
+ if( name == NULL ) goto done;
+ rc = dnX509normalize( name, &issuer_dn );
+ if( rc != LDAP_SUCCESS ) goto done;
+
+ normalized->bv_len = seriallen + issuer_dn.bv_len + 1;
+ normalized->bv_val = ch_malloc(normalized->bv_len+1);
+ p = (unsigned char *)normalized->bv_val;
+ AC_MEMCPY(p, serial, seriallen);
+ p += seriallen;
+ *p++ = '$';
+ AC_MEMCPY(p, issuer_dn.bv_val, issuer_dn.bv_len);
+ p += issuer_dn.bv_len;
+ *p = '\0';
+
+ Debug( LDAP_DEBUG_TRACE, "certificateExactNormalize: %s\n",
+ normalized->bv_val, NULL, NULL );
+
+done:
+ if (xcert) X509_free(xcert);
+ if (serial) ch_free(serial);
+ if (issuer_dn.bv_val) ber_memfree(issuer_dn.bv_val);
+
+ return rc;
+}
+#endif /* HAVE_TLS */
+
+
+#ifndef SUPPORT_OBSOLETE_UTC_SYNTAX
+/* slight optimization - does not need the start parameter */
+#define check_time_syntax(v, start, p, f) (check_time_syntax)(v, p, f)
+enum { start = 0 };
+#endif
+
+static int
+check_time_syntax (struct berval *val,
+ int start,
+ int *parts,
+ struct berval *fraction)
+{
+ /*
+ * start=0 GeneralizedTime YYYYmmddHH[MM[SS]][(./,)d...](Z|(+/-)HH[MM])
+ * start=1 UTCTime YYmmddHHMM[SS][Z|(+/-)HHMM]
+ * GeneralizedTime supports leap seconds, UTCTime does not.
+ */
+ static const int ceiling[9] = { 100, 100, 12, 31, 24, 60, 60, 24, 60 };
+ static const int mdays[2][12] = {
+ /* non-leap years */
+ { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 },
+ /* leap years */
+ { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }
+ };
+ char *p, *e;
+ int part, c, c1, c2, tzoffset, leapyear = 0;
+
+ p = val->bv_val;
+ e = p + val->bv_len;
+
+#ifdef SUPPORT_OBSOLETE_UTC_SYNTAX
+ parts[0] = 20; /* century - any multiple of 4 from 04 to 96 */
+#endif
+ for (part = start; part < 7 && p < e; part++) {
+ c1 = *p;
+ if (!ASCII_DIGIT(c1)) {
+ break;
+ }
+ p++;
+ if (p == e) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ c = *p++;
+ if (!ASCII_DIGIT(c)) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ c += c1 * 10 - '0' * 11;
+ if ((part | 1) == 3) {
+ --c;
+ if (c < 0) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+ if (c >= ceiling[part]) {
+ if (! (c == 60 && part == 6 && start == 0))
+ return LDAP_INVALID_SYNTAX;
+ }
+ parts[part] = c;
+ }
+ if (part < 5 + start) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ for (; part < 9; part++) {
+ parts[part] = 0;
+ }
+
+ /* leapyear check for the Gregorian calendar (year>1581) */
+ if (parts[parts[1] == 0 ? 0 : 1] % 4 == 0) {
+ leapyear = 1;
+ }
+
+ if (parts[3] >= mdays[leapyear][parts[2]]) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if (start == 0) {
+ fraction->bv_val = p;
+ fraction->bv_len = 0;
+ if (p < e && (*p == '.' || *p == ',')) {
+ char *end_num;
+ while (++p < e && ASCII_DIGIT(*p)) {
+ /* EMTPY */;
+ }
+ if (p - fraction->bv_val == 1) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ for (end_num = p; end_num[-1] == '0'; --end_num) {
+ /* EMPTY */;
+ }
+ c = end_num - fraction->bv_val;
+ if (c != 1) fraction->bv_len = c;
+ }
+ }
+
+ if (p == e) {
+ /* no time zone */
+ return start == 0 ? LDAP_INVALID_SYNTAX : LDAP_SUCCESS;
+ }
+
+ tzoffset = *p++;
+ switch (tzoffset) {
+ default:
+ return LDAP_INVALID_SYNTAX;
+ case 'Z':
+ /* UTC */
+ break;
+ case '+':
+ case '-':
+ for (part = 7; part < 9 && p < e; part++) {
+ c1 = *p;
+ if (!ASCII_DIGIT(c1)) {
+ break;
+ }
+ p++;
+ if (p == e) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ c2 = *p++;
+ if (!ASCII_DIGIT(c2)) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ parts[part] = c1 * 10 + c2 - '0' * 11;
+ if (parts[part] >= ceiling[part]) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+ if (part < 8 + start) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if (tzoffset == '-') {
+ /* negative offset to UTC, ie west of Greenwich */
+ parts[4] += parts[7];
+ parts[5] += parts[8];
+ /* offset is just hhmm, no seconds */
+ for (part = 6; --part >= 0; ) {
+ if (part != 3) {
+ c = ceiling[part];
+ } else {
+ c = mdays[leapyear][parts[2]];
+ }
+ if (parts[part] >= c) {
+ if (part == 0) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ parts[part] -= c;
+ parts[part - 1]++;
+ continue;
+ } else if (part != 5) {
+ break;
+ }
+ }
+ } else {
+ /* positive offset to UTC, ie east of Greenwich */
+ parts[4] -= parts[7];
+ parts[5] -= parts[8];
+ for (part = 6; --part >= 0; ) {
+ if (parts[part] < 0) {
+ if (part == 0) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ if (part != 3) {
+ c = ceiling[part];
+ } else {
+ /* make first arg to % non-negative */
+ c = mdays[leapyear][(parts[2] - 1 + 12) % 12];
+ }
+ parts[part] += c;
+ parts[part - 1]--;
+ continue;
+ } else if (part != 5) {
+ break;
+ }
+ }
+ }
+ }
+
+ return p != e ? LDAP_INVALID_SYNTAX : LDAP_SUCCESS;
+}
+
+#ifdef SUPPORT_OBSOLETE_UTC_SYNTAX
+
+#if 0
+static int
+xutcTimeNormalize(
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *normalized )
+{
+ int parts[9], rc;
+
+ rc = check_time_syntax(val, 1, parts, NULL);
+ if (rc != LDAP_SUCCESS) {
+ return rc;
+ }
+
+ normalized->bv_val = ch_malloc( 14 );
+ if ( normalized->bv_val == NULL ) {
+ return LBER_ERROR_MEMORY;
+ }
+
+ sprintf( normalized->bv_val, "%02d%02d%02d%02d%02d%02dZ",
+ parts[1], parts[2] + 1, parts[3] + 1,
+ parts[4], parts[5], parts[6] );
+ normalized->bv_len = 13;
+
+ return LDAP_SUCCESS;
+}
+#endif /* 0 */
+
+static int
+utcTimeValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ int parts[9];
+ return check_time_syntax(in, 1, parts, NULL);
+}
+
+#endif /* SUPPORT_OBSOLETE_UTC_SYNTAX */
+
+static int
+generalizedTimeValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ int parts[9];
+ struct berval fraction;
+ return check_time_syntax(in, 0, parts, &fraction);
+}
+
+static int
+generalizedTimeNormalize(
+ slap_mask_t usage,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx )
+{
+ int parts[9], rc;
+ unsigned int len;
+ struct berval fraction;
+
+ rc = check_time_syntax(val, 0, parts, &fraction);
+ if (rc != LDAP_SUCCESS) {
+ return rc;
+ }
+
+ len = sizeof("YYYYmmddHHMMSSZ")-1 + fraction.bv_len;
+ normalized->bv_val = slap_sl_malloc( len + 1, ctx );
+ if ( BER_BVISNULL( normalized ) ) {
+ return LBER_ERROR_MEMORY;
+ }
+
+ sprintf( normalized->bv_val, "%02d%02d%02d%02d%02d%02d%02d",
+ parts[0], parts[1], parts[2] + 1, parts[3] + 1,
+ parts[4], parts[5], parts[6] );
+ if ( !BER_BVISEMPTY( &fraction ) ) {
+ memcpy( normalized->bv_val + sizeof("YYYYmmddHHMMSSZ")-2,
+ fraction.bv_val, fraction.bv_len );
+ normalized->bv_val[sizeof("YYYYmmddHHMMSSZ")-2] = '.';
+ }
+ strcpy( normalized->bv_val + len-1, "Z" );
+ normalized->bv_len = len;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+generalizedTimeOrderingMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ struct berval *asserted = (struct berval *) assertedValue;
+ ber_len_t v_len = value->bv_len;
+ ber_len_t av_len = asserted->bv_len;
+
+ /* ignore trailing 'Z' when comparing */
+ int match = memcmp( value->bv_val, asserted->bv_val,
+ (v_len < av_len ? v_len : av_len) - 1 );
+ if ( match == 0 ) match = v_len - av_len;
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+}
+
+/* Index generation function */
+int generalizedTimeIndexer(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ BerVarray values,
+ BerVarray *keysp,
+ void *ctx )
+{
+ int i, j;
+ BerVarray keys;
+ char tmp[5];
+ BerValue bvtmp; /* 40 bit index */
+ struct lutil_tm tm;
+ struct lutil_timet tt;
+
+ bvtmp.bv_len = sizeof(tmp);
+ bvtmp.bv_val = tmp;
+ for( i=0; values[i].bv_val != NULL; i++ ) {
+ /* just count them */
+ }
+
+ /* we should have at least one value at this point */
+ assert( i > 0 );
+
+ keys = slap_sl_malloc( sizeof( struct berval ) * (i+1), ctx );
+
+ /* GeneralizedTime YYYYmmddHH[MM[SS]][(./,)d...](Z|(+/-)HH[MM]) */
+ for( i=0, j=0; values[i].bv_val != NULL; i++ ) {
+ assert(values[i].bv_val != NULL && values[i].bv_len >= 10);
+ /* Use 40 bits of time for key */
+ if ( lutil_parsetime( values[i].bv_val, &tm ) == 0 ) {
+ lutil_tm2time( &tm, &tt );
+ tmp[0] = tt.tt_gsec & 0xff;
+ tmp[4] = tt.tt_sec & 0xff;
+ tt.tt_sec >>= 8;
+ tmp[3] = tt.tt_sec & 0xff;
+ tt.tt_sec >>= 8;
+ tmp[2] = tt.tt_sec & 0xff;
+ tt.tt_sec >>= 8;
+ tmp[1] = tt.tt_sec & 0xff;
+
+ ber_dupbv_x(&keys[j++], &bvtmp, ctx );
+ }
+ }
+
+ keys[j].bv_val = NULL;
+ keys[j].bv_len = 0;
+
+ *keysp = keys;
+
+ return LDAP_SUCCESS;
+}
+
+/* Index generation function */
+int generalizedTimeFilter(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ void * assertedValue,
+ BerVarray *keysp,
+ void *ctx )
+{
+ BerVarray keys;
+ char tmp[5];
+ BerValue bvtmp; /* 40 bit index */
+ BerValue *value = (BerValue *) assertedValue;
+ struct lutil_tm tm;
+ struct lutil_timet tt;
+
+ bvtmp.bv_len = sizeof(tmp);
+ bvtmp.bv_val = tmp;
+ /* GeneralizedTime YYYYmmddHH[MM[SS]][(./,)d...](Z|(+/-)HH[MM]) */
+ /* Use 40 bits of time for key */
+ if ( value->bv_val && value->bv_len >= 10 &&
+ lutil_parsetime( value->bv_val, &tm ) == 0 ) {
+
+ lutil_tm2time( &tm, &tt );
+ tmp[0] = tt.tt_gsec & 0xff;
+ tmp[4] = tt.tt_sec & 0xff;
+ tt.tt_sec >>= 8;
+ tmp[3] = tt.tt_sec & 0xff;
+ tt.tt_sec >>= 8;
+ tmp[2] = tt.tt_sec & 0xff;
+ tt.tt_sec >>= 8;
+ tmp[1] = tt.tt_sec & 0xff;
+
+ keys = slap_sl_malloc( sizeof( struct berval ) * 2, ctx );
+ ber_dupbv_x(keys, &bvtmp, ctx );
+ keys[1].bv_val = NULL;
+ keys[1].bv_len = 0;
+ } else {
+ keys = NULL;
+ }
+
+ *keysp = keys;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+deliveryMethodValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+#undef LENOF
+#define LENOF(s) (sizeof(s)-1)
+ struct berval tmp = *val;
+ /*
+ * DeliveryMethod = pdm *( WSP DOLLAR WSP DeliveryMethod )
+ * pdm = "any" / "mhs" / "physical" / "telex" / "teletex" /
+ * "g3fax" / "g4fax" / "ia5" / "videotex" / "telephone"
+ */
+again:
+ if( tmp.bv_len < 3 ) return LDAP_INVALID_SYNTAX;
+
+ switch( tmp.bv_val[0] ) {
+ case 'a':
+ case 'A':
+ if(( tmp.bv_len >= LENOF("any") ) &&
+ ( strncasecmp(tmp.bv_val, "any", LENOF("any")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("any");
+ tmp.bv_val += LENOF("any");
+ break;
+ }
+ return LDAP_INVALID_SYNTAX;
+
+ case 'm':
+ case 'M':
+ if(( tmp.bv_len >= LENOF("mhs") ) &&
+ ( strncasecmp(tmp.bv_val, "mhs", LENOF("mhs")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("mhs");
+ tmp.bv_val += LENOF("mhs");
+ break;
+ }
+ return LDAP_INVALID_SYNTAX;
+
+ case 'p':
+ case 'P':
+ if(( tmp.bv_len >= LENOF("physical") ) &&
+ ( strncasecmp(tmp.bv_val, "physical", LENOF("physical")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("physical");
+ tmp.bv_val += LENOF("physical");
+ break;
+ }
+ return LDAP_INVALID_SYNTAX;
+
+ case 't':
+ case 'T': /* telex or teletex or telephone */
+ if(( tmp.bv_len >= LENOF("telex") ) &&
+ ( strncasecmp(tmp.bv_val, "telex", LENOF("telex")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("telex");
+ tmp.bv_val += LENOF("telex");
+ break;
+ }
+ if(( tmp.bv_len >= LENOF("teletex") ) &&
+ ( strncasecmp(tmp.bv_val, "teletex", LENOF("teletex")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("teletex");
+ tmp.bv_val += LENOF("teletex");
+ break;
+ }
+ if(( tmp.bv_len >= LENOF("telephone") ) &&
+ ( strncasecmp(tmp.bv_val, "telephone", LENOF("telephone")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("telephone");
+ tmp.bv_val += LENOF("telephone");
+ break;
+ }
+ return LDAP_INVALID_SYNTAX;
+
+ case 'g':
+ case 'G': /* g3fax or g4fax */
+ if(( tmp.bv_len >= LENOF("g3fax") ) && (
+ ( strncasecmp(tmp.bv_val, "g3fax", LENOF("g3fax")) == 0 ) ||
+ ( strncasecmp(tmp.bv_val, "g4fax", LENOF("g4fax")) == 0 )))
+ {
+ tmp.bv_len -= LENOF("g3fax");
+ tmp.bv_val += LENOF("g3fax");
+ break;
+ }
+ return LDAP_INVALID_SYNTAX;
+
+ case 'i':
+ case 'I':
+ if(( tmp.bv_len >= LENOF("ia5") ) &&
+ ( strncasecmp(tmp.bv_val, "ia5", LENOF("ia5")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("ia5");
+ tmp.bv_val += LENOF("ia5");
+ break;
+ }
+ return LDAP_INVALID_SYNTAX;
+
+ case 'v':
+ case 'V':
+ if(( tmp.bv_len >= LENOF("videotex") ) &&
+ ( strncasecmp(tmp.bv_val, "videotex", LENOF("videotex")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("videotex");
+ tmp.bv_val += LENOF("videotex");
+ break;
+ }
+ return LDAP_INVALID_SYNTAX;
+
+ default:
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if( BER_BVISEMPTY( &tmp ) ) return LDAP_SUCCESS;
+
+ while( !BER_BVISEMPTY( &tmp ) && ( tmp.bv_val[0] == ' ' ) ) {
+ tmp.bv_len++;
+ tmp.bv_val--;
+ }
+ if( !BER_BVISEMPTY( &tmp ) && ( tmp.bv_val[0] == '$' ) ) {
+ tmp.bv_len++;
+ tmp.bv_val--;
+ } else {
+ return LDAP_INVALID_SYNTAX;
+ }
+ while( !BER_BVISEMPTY( &tmp ) && ( tmp.bv_val[0] == ' ' ) ) {
+ tmp.bv_len++;
+ tmp.bv_val--;
+ }
+
+ goto again;
+}
+
+static int
+nisNetgroupTripleValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+ char *p, *e;
+ int commas = 0;
+
+ if ( BER_BVISEMPTY( val ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ p = (char *)val->bv_val;
+ e = p + val->bv_len;
+
+ if ( *p != '(' /*')'*/ ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ for ( p++; ( p < e ) && ( *p != /*'('*/ ')' ); p++ ) {
+ if ( *p == ',' ) {
+ commas++;
+ if ( commas > 2 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ } else if ( !AD_CHAR( *p ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ if ( ( commas != 2 ) || ( *p != /*'('*/ ')' ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ p++;
+
+ if (p != e) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+bootParameterValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+ char *p, *e;
+
+ if ( BER_BVISEMPTY( val ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ p = (char *)val->bv_val;
+ e = p + val->bv_len;
+
+ /* key */
+ for (; ( p < e ) && ( *p != '=' ); p++ ) {
+ if ( !AD_CHAR( *p ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ if ( *p != '=' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* server */
+ for ( p++; ( p < e ) && ( *p != ':' ); p++ ) {
+ if ( !AD_CHAR( *p ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ if ( *p != ':' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* path */
+ for ( p++; p < e; p++ ) {
+ if ( !SLAP_PRINTABLE( *p ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+firstComponentNormalize(
+ slap_mask_t usage,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx )
+{
+ int rc;
+ struct berval comp;
+ ber_len_t len;
+
+ if( SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX( usage )) {
+ ber_dupbv_x( normalized, val, ctx );
+ return LDAP_SUCCESS;
+ }
+
+ if( val->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
+
+ if( val->bv_val[0] != '(' /*')'*/ &&
+ val->bv_val[0] != '{' /*'}'*/ )
+ {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* trim leading white space */
+ for( len=1;
+ len < val->bv_len && ASCII_SPACE(val->bv_val[len]);
+ len++ )
+ {
+ /* empty */
+ }
+
+ /* grab next word */
+ comp.bv_val = &val->bv_val[len];
+ len = val->bv_len - len;
+ for( comp.bv_len = 0;
+ !ASCII_SPACE(comp.bv_val[comp.bv_len]) && comp.bv_len < len;
+ comp.bv_len++ )
+ {
+ /* empty */
+ }
+
+ if( mr == slap_schema.si_mr_objectIdentifierFirstComponentMatch ) {
+ rc = numericoidValidate( NULL, &comp );
+ } else if( mr == slap_schema.si_mr_integerFirstComponentMatch ) {
+ rc = integerValidate( NULL, &comp );
+ } else {
+ rc = LDAP_INVALID_SYNTAX;
+ }
+
+
+ if( rc == LDAP_SUCCESS ) {
+ ber_dupbv_x( normalized, &comp, ctx );
+ }
+
+ return rc;
+}
+
+
+#define X_BINARY "X-BINARY-TRANSFER-REQUIRED 'TRUE' "
+#define X_NOT_H_R "X-NOT-HUMAN-READABLE 'TRUE' "
+
+static slap_syntax_defs_rec syntax_defs[] = {
+ {"( 1.3.6.1.4.1.1466.115.121.1.1 DESC 'ACI Item' "
+ X_BINARY X_NOT_H_R ")",
+ SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.2 DESC 'Access Point' " X_NOT_H_R ")",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'Attribute Type Description' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio' "
+ X_NOT_H_R ")",
+ SLAP_SYNTAX_BLOB, blobValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' "
+ X_NOT_H_R ")",
+ SLAP_SYNTAX_BER, berValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )",
+ 0, bitStringValidate, NULL },
+ {"( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )",
+ 0, booleanValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' "
+ X_BINARY X_NOT_H_R ")",
+ SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, certificateValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'Certificate List' "
+ X_BINARY X_NOT_H_R ")",
+ SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, sequenceValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'Certificate Pair' "
+ X_BINARY X_NOT_H_R ")",
+ SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, sequenceValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )",
+ 0, countryStringValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'Distinguished Name' )",
+ 0, dnValidate, dnPretty},
+ {"( 1.2.36.79672281.1.5.0 DESC 'RDN' )",
+ 0, rdnValidate, rdnPretty},
+#ifdef LDAP_COMP_MATCH
+ {"( 1.2.36.79672281.1.5.3 DESC 'allComponents' )",
+ 0, allComponentsValidate, NULL},
+ {"( 1.2.36.79672281.1.5.2 DESC 'componentFilterMatch assertion') ",
+ 0, componentFilterValidate, NULL},
+#endif
+ {"( 1.3.6.1.4.1.1466.115.121.1.13 DESC 'Data Quality' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )",
+ 0, deliveryMethodValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )",
+ 0, UTF8StringValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.16 DESC 'DIT Content Rule Description' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.17 DESC 'DIT Structure Rule Description' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.19 DESC 'DSA Quality' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.20 DESC 'DSE Type' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Number' )",
+ 0, printablesStringValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' " X_NOT_H_R ")",
+ SLAP_SYNTAX_BLOB, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'Generalized Time' )",
+ 0, generalizedTimeValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' )",
+ 0, IA5StringValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'Integer' )",
+ 0, integerValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' " X_NOT_H_R ")",
+ SLAP_SYNTAX_BLOB, blobValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.29 DESC 'Master And Shadow Access Points' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'Matching Rule Description' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.31 DESC 'Matching Rule Use Description' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.32 DESC 'Mail Preference' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.33 DESC 'MHS OR Address' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' )",
+ 0, nameUIDValidate, nameUIDPretty },
+ {"( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'Name Form Description' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )",
+ 0, numericStringValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'Object Class Description' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )",
+ 0, numericoidValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'Other Mailbox' )",
+ 0, IA5StringValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )",
+ 0, blobValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )",
+ 0, UTF8StringValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'Protocol Information' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'Presentation Address' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )",
+ 0, printableStringValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.45 DESC 'SubtreeSpecification' )",
+#define subtreeSpecificationValidate UTF8StringValidate /* FIXME */
+ 0, subtreeSpecificationValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported Algorithm' "
+ X_BINARY X_NOT_H_R ")",
+ SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, berValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )",
+ 0, printableStringValidate, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identifier' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )",
+ 0, printablesStringValidate, NULL},
+#ifdef SUPPORT_OBSOLETE_UTC_SYNTAX
+ {"( 1.3.6.1.4.1.1466.115.121.1.53 DESC 'UTC Time' )",
+ 0, utcTimeValidate, NULL},
+#endif
+ {"( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAP Syntax Description' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.55 DESC 'Modify Rights' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.56 DESC 'LDAP Schema Definition' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.57 DESC 'LDAP Schema Description' )",
+ 0, NULL, NULL},
+ {"( 1.3.6.1.4.1.1466.115.121.1.58 DESC 'Substring Assertion' )",
+ 0, NULL, NULL},
+
+ /* RFC 2307 NIS Syntaxes */
+ {"( 1.3.6.1.1.1.0.0 DESC 'RFC2307 NIS Netgroup Triple' )",
+ 0, nisNetgroupTripleValidate, NULL},
+ {"( 1.3.6.1.1.1.0.1 DESC 'RFC2307 Boot Parameter' )",
+ 0, bootParameterValidate, NULL},
+
+ /* From PKIX *//* This OID is not published yet. */
+ {"( 1.2.826.0.1.3344810.7.1 DESC 'Certificate Serial Number and Issuer' )",
+ SLAP_SYNTAX_HIDE,
+ serialNumberAndIssuerValidate,
+ serialNumberAndIssuerPretty},
+
+#ifdef SLAPD_AUTHPASSWD
+ /* needs updating */
+ {"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP authPassword' )",
+ SLAP_SYNTAX_HIDE, NULL, NULL},
+#endif
+
+ {"( 1.3.6.1.1.16.1 DESC 'UUID' )",
+ 0, UUIDValidate, UUIDPretty},
+
+ {"( 1.3.6.1.4.1.4203.666.11.2.1 DESC 'CSN' )",
+ SLAP_SYNTAX_HIDE, csnValidate, NULL},
+
+ /* OpenLDAP Void Syntax */
+ {"( 1.3.6.1.4.1.4203.1.1.1 DESC 'OpenLDAP void' )" ,
+ SLAP_SYNTAX_HIDE, inValidate, NULL},
+
+#ifdef SLAP_AUTHZ_SYNTAX
+ /* FIXME: OID is unused, but not registered yet */
+ {"( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' )",
+ SLAP_SYNTAX_HIDE, authzValidate, authzPretty},
+#endif /* SLAP_AUTHZ_SYNTAX */
+
+ {NULL, 0, NULL, NULL}
+};
+
+char *certificateExactMatchSyntaxes[] = {
+ "1.3.6.1.4.1.1466.115.121.1.8" /* certificate */,
+ NULL
+};
+#ifdef LDAP_COMP_MATCH
+char *componentFilterMatchSyntaxes[] = {
+ "1.3.6.1.4.1.1466.115.121.1.8" /* certificate */,
+ NULL
+};
+#endif
+char *directoryStringSyntaxes[] = {
+ "1.3.6.1.4.1.1466.115.121.1.44" /* printableString */,
+ NULL
+};
+char *integerFirstComponentMatchSyntaxes[] = {
+ "1.3.6.1.4.1.1466.115.121.1.27" /* INTEGER */,
+ "1.3.6.1.4.1.1466.115.121.1.17" /* dITStructureRuleDescription */,
+ NULL
+};
+char *objectIdentifierFirstComponentMatchSyntaxes[] = {
+ "1.3.6.1.4.1.1466.115.121.1.38" /* OID */,
+ "1.3.6.1.4.1.1466.115.121.1.3" /* attributeTypeDescription */,
+ "1.3.6.1.4.1.1466.115.121.1.16" /* dITContentRuleDescription */,
+ "1.3.6.1.4.1.1466.115.121.1.54" /* ldapSyntaxDescription */,
+ "1.3.6.1.4.1.1466.115.121.1.30" /* matchingRuleDescription */,
+ "1.3.6.1.4.1.1466.115.121.1.31" /* matchingRuleUseDescription */,
+ "1.3.6.1.4.1.1466.115.121.1.35" /* nameFormDescription */,
+ "1.3.6.1.4.1.1466.115.121.1.37" /* objectClassDescription */,
+ NULL
+};
+
+/*
+ * Other matching rules in X.520 that we do not use (yet):
+ *
+ * 2.5.13.25 uTCTimeMatch
+ * 2.5.13.26 uTCTimeOrderingMatch
+ * 2.5.13.31* directoryStringFirstComponentMatch
+ * 2.5.13.32* wordMatch
+ * 2.5.13.33* keywordMatch
+ * 2.5.13.36 certificatePairExactMatch
+ * 2.5.13.37 certificatePairMatch
+ * 2.5.13.38 certificateListExactMatch
+ * 2.5.13.39 certificateListMatch
+ * 2.5.13.40 algorithmIdentifierMatch
+ * 2.5.13.41* storedPrefixMatch
+ * 2.5.13.42 attributeCertificateMatch
+ * 2.5.13.43 readerAndKeyIDMatch
+ * 2.5.13.44 attributeIntegrityMatch
+ *
+ * (*) described in RFC 3698 (LDAP: Additional Matching Rules)
+ */
+static slap_mrule_defs_rec mrule_defs[] = {
+ /*
+ * EQUALITY matching rules must be listed after associated APPROX
+ * matching rules. So, we list all APPROX matching rules first.
+ */
+ {"( " directoryStringApproxMatchOID " NAME 'directoryStringApproxMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
+ SLAP_MR_HIDE | SLAP_MR_EQUALITY_APPROX | SLAP_MR_EXT, NULL,
+ NULL, NULL, directoryStringApproxMatch,
+ directoryStringApproxIndexer, directoryStringApproxFilter,
+ NULL},
+
+ {"( " IA5StringApproxMatchOID " NAME 'IA5StringApproxMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
+ SLAP_MR_HIDE | SLAP_MR_EQUALITY_APPROX | SLAP_MR_EXT, NULL,
+ NULL, NULL, IA5StringApproxMatch,
+ IA5StringApproxIndexer, IA5StringApproxFilter,
+ NULL},
+
+ /*
+ * Other matching rules
+ */
+
+ {"( 2.5.13.0 NAME 'objectIdentifierMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ NULL, NULL, octetStringMatch,
+ octetStringIndexer, octetStringFilter,
+ NULL },
+
+ {"( 2.5.13.1 NAME 'distinguishedNameMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ NULL, dnNormalize, dnMatch,
+ octetStringIndexer, octetStringFilter,
+ NULL },
+
+ {"( 1.3.6.1.4.1.4203.666.4.9 NAME 'dnSubtreeMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )",
+ SLAP_MR_HIDE | SLAP_MR_EXT, NULL,
+ NULL, dnNormalize, dnRelativeMatch,
+ NULL, NULL,
+ NULL },
+
+ {"( 1.3.6.1.4.1.4203.666.4.8 NAME 'dnOneLevelMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )",
+ SLAP_MR_HIDE | SLAP_MR_EXT, NULL,
+ NULL, dnNormalize, dnRelativeMatch,
+ NULL, NULL,
+ NULL },
+
+ {"( 1.3.6.1.4.1.4203.666.4.10 NAME 'dnSubordinateMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )",
+ SLAP_MR_HIDE | SLAP_MR_EXT, NULL,
+ NULL, dnNormalize, dnRelativeMatch,
+ NULL, NULL,
+ NULL },
+
+ {"( 1.3.6.1.4.1.4203.666.4.11 NAME 'dnSuperiorMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )",
+ SLAP_MR_HIDE | SLAP_MR_EXT, NULL,
+ NULL, dnNormalize, dnRelativeMatch,
+ NULL, NULL,
+ NULL },
+
+ {"( 1.2.36.79672281.1.13.3 NAME 'rdnMatch' "
+ "SYNTAX 1.2.36.79672281.1.5.0 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ NULL, rdnNormalize, rdnMatch,
+ octetStringIndexer, octetStringFilter,
+ NULL },
+
+#ifdef LDAP_COMP_MATCH
+ {"( 1.2.36.79672281.1.13.2 NAME 'componentFilterMatch' "
+ "SYNTAX 1.2.36.79672281.1.5.2 )",
+ SLAP_MR_EXT|SLAP_MR_COMPONENT, componentFilterMatchSyntaxes,
+ NULL, NULL , componentFilterMatch,
+ octetStringIndexer, octetStringFilter,
+ NULL },
+
+ {"( 1.2.36.79672281.1.13.6 NAME 'allComponentsMatch' "
+ "SYNTAX 1.2.36.79672281.1.5.3 )",
+ SLAP_MR_EQUALITY|SLAP_MR_EXT|SLAP_MR_COMPONENT, NULL,
+ NULL, NULL , allComponentsMatch,
+ octetStringIndexer, octetStringFilter,
+ NULL },
+
+ {"( 1.2.36.79672281.1.13.7 NAME 'directoryComponentsMatch' "
+ "SYNTAX 1.2.36.79672281.1.5.3 )",
+ SLAP_MR_EQUALITY|SLAP_MR_EXT|SLAP_MR_COMPONENT, NULL,
+ NULL, NULL , directoryComponentsMatch,
+ octetStringIndexer, octetStringFilter,
+ NULL },
+#endif
+
+ {"( 2.5.13.2 NAME 'caseIgnoreMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, directoryStringSyntaxes,
+ NULL, UTF8StringNormalize, octetStringMatch,
+ octetStringIndexer, octetStringFilter,
+ directoryStringApproxMatchOID },
+
+ {"( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
+ SLAP_MR_ORDERING, directoryStringSyntaxes,
+ NULL, UTF8StringNormalize, octetStringOrderingMatch,
+ NULL, NULL,
+ "caseIgnoreMatch" },
+
+ {"( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
+ SLAP_MR_SUBSTR, directoryStringSyntaxes,
+ NULL, UTF8StringNormalize, directoryStringSubstringsMatch,
+ octetStringSubstringsIndexer, octetStringSubstringsFilter,
+ "caseIgnoreMatch" },
+
+ {"( 2.5.13.5 NAME 'caseExactMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, directoryStringSyntaxes,
+ NULL, UTF8StringNormalize, octetStringMatch,
+ octetStringIndexer, octetStringFilter,
+ directoryStringApproxMatchOID },
+
+ {"( 2.5.13.6 NAME 'caseExactOrderingMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
+ SLAP_MR_ORDERING, directoryStringSyntaxes,
+ NULL, UTF8StringNormalize, octetStringOrderingMatch,
+ NULL, NULL,
+ "caseExactMatch" },
+
+ {"( 2.5.13.7 NAME 'caseExactSubstringsMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
+ SLAP_MR_SUBSTR, directoryStringSyntaxes,
+ NULL, UTF8StringNormalize, directoryStringSubstringsMatch,
+ octetStringSubstringsIndexer, octetStringSubstringsFilter,
+ "caseExactMatch" },
+
+ {"( 2.5.13.8 NAME 'numericStringMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ NULL, numericStringNormalize, octetStringMatch,
+ octetStringIndexer, octetStringFilter,
+ NULL },
+
+ {"( 2.5.13.9 NAME 'numericStringOrderingMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )",
+ SLAP_MR_ORDERING, NULL,
+ NULL, numericStringNormalize, octetStringOrderingMatch,
+ NULL, NULL,
+ "numericStringMatch" },
+
+ {"( 2.5.13.10 NAME 'numericStringSubstringsMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
+ SLAP_MR_SUBSTR, NULL,
+ NULL, numericStringNormalize, octetStringSubstringsMatch,
+ octetStringSubstringsIndexer, octetStringSubstringsFilter,
+ "numericStringMatch" },
+
+ {"( 2.5.13.11 NAME 'caseIgnoreListMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ NULL, NULL, NULL, NULL, NULL, NULL },
+
+ {"( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
+ SLAP_MR_SUBSTR, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ "caseIgnoreListMatch" },
+
+ {"( 2.5.13.13 NAME 'booleanMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ NULL, NULL, booleanMatch,
+ octetStringIndexer, octetStringFilter,
+ NULL },
+
+ {"( 2.5.13.14 NAME 'integerMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ NULL, NULL, integerMatch,
+ octetStringIndexer, octetStringFilter,
+ NULL },
+
+ {"( 2.5.13.15 NAME 'integerOrderingMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
+ SLAP_MR_ORDERING, NULL,
+ NULL, NULL, integerMatch,
+ NULL, NULL,
+ "integerMatch" },
+
+ {"( 2.5.13.16 NAME 'bitStringMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ NULL, NULL, octetStringMatch,
+ octetStringIndexer, octetStringFilter,
+ NULL },
+
+ {"( 2.5.13.17 NAME 'octetStringMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ NULL, NULL, octetStringMatch,
+ octetStringIndexer, octetStringFilter,
+ NULL },
+
+ {"( 2.5.13.18 NAME 'octetStringOrderingMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )",
+ SLAP_MR_ORDERING, NULL,
+ NULL, NULL, octetStringOrderingMatch,
+ NULL, NULL,
+ "octetStringMatch" },
+
+ {"( 2.5.13.19 NAME 'octetStringSubstringsMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )",
+ SLAP_MR_SUBSTR, NULL,
+ NULL, NULL, octetStringSubstringsMatch,
+ octetStringSubstringsIndexer, octetStringSubstringsFilter,
+ "octetStringMatch" },
+
+ {"( 2.5.13.20 NAME 'telephoneNumberMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ NULL,
+ telephoneNumberNormalize, octetStringMatch,
+ octetStringIndexer, octetStringFilter,
+ NULL },
+
+ {"( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
+ SLAP_MR_SUBSTR, NULL,
+ NULL, telephoneNumberNormalize, octetStringSubstringsMatch,
+ octetStringSubstringsIndexer, octetStringSubstringsFilter,
+ "telephoneNumberMatch" },
+
+ {"( 2.5.13.22 NAME 'presentationAddressMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ NULL, NULL, NULL, NULL, NULL, NULL },
+
+ {"( 2.5.13.23 NAME 'uniqueMemberMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ NULL, uniqueMemberNormalize, uniqueMemberMatch,
+ uniqueMemberIndexer, uniqueMemberFilter,
+ NULL },
+
+ {"( 2.5.13.24 NAME 'protocolInformationMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ NULL, NULL, NULL, NULL, NULL, NULL },
+
+ {"( 2.5.13.27 NAME 'generalizedTimeMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT | SLAP_MR_ORDERED_INDEX, NULL,
+ NULL, generalizedTimeNormalize, octetStringMatch,
+ generalizedTimeIndexer, generalizedTimeFilter,
+ NULL },
+
+ {"( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )",
+ SLAP_MR_ORDERING | SLAP_MR_ORDERED_INDEX, NULL,
+ NULL, generalizedTimeNormalize, generalizedTimeOrderingMatch,
+ NULL, NULL,
+ "generalizedTimeMatch" },
+
+ {"( 2.5.13.29 NAME 'integerFirstComponentMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT,
+ integerFirstComponentMatchSyntaxes,
+ NULL, firstComponentNormalize, integerMatch,
+ octetStringIndexer, octetStringFilter,
+ NULL },
+
+ {"( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT,
+ objectIdentifierFirstComponentMatchSyntaxes,
+ NULL, firstComponentNormalize, octetStringMatch,
+ octetStringIndexer, octetStringFilter,
+ NULL },
+
+ {"( 2.5.13.34 NAME 'certificateExactMatch' "
+ "SYNTAX 1.2.826.0.1.3344810.7.1 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, certificateExactMatchSyntaxes,
+#ifdef HAVE_TLS
+ NULL, certificateExactNormalize, octetStringMatch,
+ octetStringIndexer, octetStringFilter,
+#else
+ NULL, NULL, NULL, NULL, NULL,
+#endif
+ NULL },
+
+ {"( 2.5.13.35 NAME 'certificateMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+#ifdef HAVE_TLS
+ NULL, NULL, octetStringMatch,
+ octetStringIndexer, octetStringFilter,
+#else
+ NULL, NULL, NULL, NULL, NULL,
+#endif
+ NULL },
+
+ {"( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ NULL, IA5StringNormalize, octetStringMatch,
+ octetStringIndexer, octetStringFilter,
+ IA5StringApproxMatchOID },
+
+ {"( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ NULL, IA5StringNormalize, octetStringMatch,
+ octetStringIndexer, octetStringFilter,
+ IA5StringApproxMatchOID },
+
+ {"( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
+ SLAP_MR_SUBSTR, NULL,
+ NULL, IA5StringNormalize, directoryStringSubstringsMatch,
+ octetStringSubstringsIndexer, octetStringSubstringsFilter,
+ "caseIgnoreIA5Match" },
+
+ {"( 1.3.6.1.4.1.4203.1.2.1 NAME 'caseExactIA5SubstringsMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
+ SLAP_MR_SUBSTR, NULL,
+ NULL, IA5StringNormalize, directoryStringSubstringsMatch,
+ octetStringSubstringsIndexer, octetStringSubstringsFilter,
+ "caseExactIA5Match" },
+
+#ifdef SLAPD_AUTHPASSWD
+ /* needs updating */
+ {"( 1.3.6.1.4.1.4203.666.4.1 NAME 'authPasswordMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )",
+ SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
+ NULL, NULL, authPasswordMatch,
+ NULL, NULL,
+ NULL},
+#endif
+
+ {"( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
+ SLAP_MR_EXT, NULL,
+ NULL, NULL, integerBitAndMatch,
+ NULL, NULL,
+ "integerMatch" },
+
+ {"( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
+ SLAP_MR_EXT, NULL,
+ NULL, NULL, integerBitOrMatch,
+ NULL, NULL,
+ "integerMatch" },
+
+ {"( 1.3.6.1.1.16.2 NAME 'UUIDMatch' "
+ "SYNTAX 1.3.6.1.1.16.1 )",
+ SLAP_MR_EQUALITY | SLAP_MR_MUTATION_NORMALIZER, NULL,
+ NULL, UUIDNormalize, octetStringMatch,
+ octetStringIndexer, octetStringFilter,
+ NULL},
+
+ {"( 1.3.6.1.1.16.3 NAME 'UUIDOrderingMatch' "
+ "SYNTAX 1.3.6.1.1.16.1 )",
+ SLAP_MR_ORDERING | SLAP_MR_MUTATION_NORMALIZER, NULL,
+ NULL, UUIDNormalize, octetStringOrderingMatch,
+ octetStringIndexer, octetStringFilter,
+ "UUIDMatch"},
+
+ {"( 1.3.6.1.4.1.4203.666.11.2.2 NAME 'CSNMatch' "
+ "SYNTAX 1.3.6.1.4.1.4203.666.11.2.1 )",
+ SLAP_MR_HIDE | SLAP_MR_EQUALITY | SLAP_MR_ORDERED_INDEX, NULL,
+ NULL, NULL, csnMatch,
+ csnIndexer, csnFilter,
+ NULL},
+
+ {"( 1.3.6.1.4.1.4203.666.11.2.3 NAME 'CSNOrderingMatch' "
+ "SYNTAX 1.3.6.1.4.1.4203.666.11.2.1 )",
+ SLAP_MR_HIDE | SLAP_MR_ORDERING | SLAP_MR_ORDERED_INDEX, NULL,
+ NULL, NULL, csnOrderingMatch,
+ NULL, NULL,
+ "CSNMatch" },
+
+#ifdef SLAP_AUTHZ_SYNTAX
+ /* FIXME: OID is unused, but not registered yet */
+ {"( 1.3.6.1.4.1.4203.666.4.12 NAME 'authzMatch' "
+ "SYNTAX 1.3.6.1.4.1.4203.666.2.7 )",
+ SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
+ NULL, authzNormalize, authzMatch,
+ NULL, NULL,
+ NULL},
+#endif /* SLAP_AUTHZ_SYNTAX */
+
+ {NULL, SLAP_MR_NONE, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ NULL }
+};
+
+int
+slap_schema_init( void )
+{
+ int res;
+ int i;
+
+ /* we should only be called once (from main) */
+ assert( schema_init_done == 0 );
+
+ for ( i=0; syntax_defs[i].sd_desc != NULL; i++ ) {
+ res = register_syntax( &syntax_defs[i] );
+
+ if ( res ) {
+ fprintf( stderr, "slap_schema_init: Error registering syntax %s\n",
+ syntax_defs[i].sd_desc );
+ return LDAP_OTHER;
+ }
+ }
+
+ for ( i=0; mrule_defs[i].mrd_desc != NULL; i++ ) {
+ if( mrule_defs[i].mrd_usage == SLAP_MR_NONE &&
+ mrule_defs[i].mrd_compat_syntaxes == NULL )
+ {
+ fprintf( stderr,
+ "slap_schema_init: Ignoring unusable matching rule %s\n",
+ mrule_defs[i].mrd_desc );
+ continue;
+ }
+
+ res = register_matching_rule( &mrule_defs[i] );
+
+ if ( res ) {
+ fprintf( stderr,
+ "slap_schema_init: Error registering matching rule %s\n",
+ mrule_defs[i].mrd_desc );
+ return LDAP_OTHER;
+ }
+ }
+
+ res = slap_schema_load();
+ schema_init_done = 1;
+ return res;
+}
+
+void
+schema_destroy( void )
+{
+ oidm_destroy();
+ oc_destroy();
+ at_destroy();
+ mr_destroy();
+ mru_destroy();
+ syn_destroy();
+
+ ldap_pvt_thread_mutex_destroy( &ad_undef_mutex );
+ ldap_pvt_thread_mutex_destroy( &oc_undef_mutex );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schema_prep.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schema_prep.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schema_prep.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1629 @@
+/* schema_prep.c - load builtin schema */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema_prep.c,v 1.141.2.16 2007/01/02 21:43:58 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+#define OCDEBUG 0
+
+int schema_init_done = 0;
+
+struct slap_internal_schema slap_schema;
+
+static int
+oidValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ struct berval val = *in;
+
+ if( val.bv_len == 0 ) {
+ /* disallow empty strings */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if( DESC_LEADCHAR( val.bv_val[0] ) ) {
+ val.bv_val++;
+ val.bv_len--;
+ if ( val.bv_len == 0 ) return LDAP_SUCCESS;
+
+ while( DESC_CHAR( val.bv_val[0] ) ) {
+ val.bv_val++;
+ val.bv_len--;
+
+ if ( val.bv_len == 0 ) return LDAP_SUCCESS;
+ }
+
+ } else {
+ int sep = 0;
+ while( OID_LEADCHAR( val.bv_val[0] ) ) {
+ val.bv_val++;
+ val.bv_len--;
+
+ if ( val.bv_val[-1] != '0' ) {
+ while ( OID_LEADCHAR( val.bv_val[0] )) {
+ val.bv_val++;
+ val.bv_len--;
+ }
+ }
+
+ if( val.bv_len == 0 ) {
+ if( sep == 0 ) break;
+ return LDAP_SUCCESS;
+ }
+
+ if( !OID_SEPARATOR( val.bv_val[0] )) break;
+
+ sep++;
+ val.bv_val++;
+ val.bv_len--;
+ }
+ }
+
+ return LDAP_INVALID_SYNTAX;
+}
+
+
+static int objectClassPretty(
+ struct slap_syntax *syntax,
+ struct berval * in,
+ struct berval * out,
+ void *ctx )
+{
+ ObjectClass *oc;
+
+ if( oidValidate( NULL, in )) return LDAP_INVALID_SYNTAX;
+
+ oc = oc_bvfind( in );
+ if( oc == NULL ) return LDAP_INVALID_SYNTAX;
+
+ ber_dupbv_x( out, &oc->soc_cname, ctx );
+ return LDAP_SUCCESS;
+}
+
+static int
+attributeTypeMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ struct berval *a = (struct berval *) assertedValue;
+ AttributeType *at = at_bvfind( value );
+ AttributeType *asserted = at_bvfind( a );
+
+ if( asserted == NULL ) {
+ if( OID_LEADCHAR( *a->bv_val ) ) {
+ /* OID form, return FALSE */
+ *matchp = 1;
+ return LDAP_SUCCESS;
+ }
+
+ /* desc form, return undefined */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if ( at == NULL ) {
+ /* unrecognized stored value */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ *matchp = ( asserted != at );
+ return LDAP_SUCCESS;
+}
+
+static int
+matchingRuleMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ struct berval *a = (struct berval *) assertedValue;
+ MatchingRule *mrv = mr_bvfind( value );
+ MatchingRule *asserted = mr_bvfind( a );
+
+ if( asserted == NULL ) {
+ if( OID_LEADCHAR( *a->bv_val ) ) {
+ /* OID form, return FALSE */
+ *matchp = 1;
+ return LDAP_SUCCESS;
+ }
+
+ /* desc form, return undefined */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if ( mrv == NULL ) {
+ /* unrecognized stored value */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ *matchp = ( asserted != mrv );
+ return LDAP_SUCCESS;
+}
+
+static int
+objectClassMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ struct berval *a = (struct berval *) assertedValue;
+ ObjectClass *oc = oc_bvfind( value );
+ ObjectClass *asserted = oc_bvfind( a );
+
+ if( asserted == NULL ) {
+ if( OID_LEADCHAR( *a->bv_val ) ) {
+ /* OID form, return FALSE */
+ *matchp = 1;
+ return LDAP_SUCCESS;
+ }
+
+ /* desc form, return undefined */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if ( oc == NULL ) {
+ /* unrecognized stored value */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ *matchp = ( asserted != oc );
+ return LDAP_SUCCESS;
+}
+
+static int
+objectSubClassMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ struct berval *a = (struct berval *) assertedValue;
+ ObjectClass *oc = oc_bvfind( value );
+ ObjectClass *asserted = oc_bvfind( a );
+
+ if( asserted == NULL ) {
+ if( OID_LEADCHAR( *a->bv_val ) ) {
+ /* OID form, return FALSE */
+ *matchp = 1;
+ return LDAP_SUCCESS;
+ }
+
+ /* desc form, return undefined */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if ( oc == NULL ) {
+ /* unrecognized stored value */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if( SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX( flags ) ) {
+ *matchp = ( asserted != oc );
+ } else {
+ *matchp = !is_object_subclass( asserted, oc );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int objectSubClassIndexer(
+ slap_mask_t use,
+ slap_mask_t mask,
+ struct slap_syntax *syntax,
+ struct slap_matching_rule *mr,
+ struct berval *prefix,
+ BerVarray values,
+ BerVarray *keysp,
+ void *ctx )
+{
+ int rc, noc, i;
+ BerVarray ocvalues;
+
+ for( noc=0; values[noc].bv_val != NULL; noc++ ) {
+ /* just count em */;
+ }
+
+ /* over allocate */
+ ocvalues = slap_sl_malloc( sizeof( struct berval ) * (noc+16), ctx );
+
+ /* copy listed values (and termination) */
+ for( i=0; i<noc; i++ ) {
+ ObjectClass *oc = oc_bvfind( &values[i] );
+ if( oc ) {
+ ocvalues[i] = oc->soc_cname;
+ } else {
+ ocvalues[i] = values[i];
+ }
+ }
+
+ ocvalues[i].bv_val = NULL;
+ ocvalues[i].bv_len = 0;
+
+ /* expand values */
+ for( i=0; i<noc; i++ ) {
+ int j;
+ ObjectClass *oc = oc_bvfind( &ocvalues[i] );
+ if( oc == NULL || oc->soc_sups == NULL ) continue;
+
+ for( j=0; oc->soc_sups[j] != NULL; j++ ) {
+ int found = 0;
+ ObjectClass *sup = oc->soc_sups[j];
+ int k;
+
+ for( k=0; k<noc; k++ ) {
+ if( bvmatch( &ocvalues[k], &sup->soc_cname ) ) {
+ found++;
+ break;
+ }
+ }
+
+ if( !found ) {
+ ocvalues = slap_sl_realloc( ocvalues,
+ sizeof( struct berval ) * (noc+2), ctx );
+
+ assert( k == noc );
+
+ ocvalues[noc] = sup->soc_cname;
+
+ assert( ocvalues[noc].bv_val != NULL );
+ assert( ocvalues[noc].bv_len != 0 );
+
+ noc++;
+
+ ocvalues[noc].bv_len = 0;
+ ocvalues[noc].bv_val = NULL;
+ }
+ }
+ }
+
+ rc = octetStringIndexer( use, mask, syntax, mr,
+ prefix, ocvalues, keysp, ctx );
+
+ slap_sl_free( ocvalues, ctx );
+ return rc;
+}
+
+#define objectSubClassFilter octetStringFilter
+
+static ObjectClassSchemaCheckFN rootDseObjectClass;
+static ObjectClassSchemaCheckFN aliasObjectClass;
+static ObjectClassSchemaCheckFN referralObjectClass;
+static ObjectClassSchemaCheckFN subentryObjectClass;
+#ifdef LDAP_DYNAMIC_OBJECTS
+static ObjectClassSchemaCheckFN dynamicObjectClass;
+#endif
+
+static struct slap_schema_oc_map {
+ char *ssom_name;
+ char *ssom_defn;
+ ObjectClassSchemaCheckFN *ssom_check;
+ slap_mask_t ssom_flags;
+ size_t ssom_offset;
+} oc_map[] = {
+ { "top", "( 2.5.6.0 NAME 'top' "
+ "DESC 'top of the superclass chain' "
+ "ABSTRACT MUST objectClass )",
+ 0, 0, offsetof(struct slap_internal_schema, si_oc_top) },
+ { "extensibleObject", "( 1.3.6.1.4.1.1466.101.120.111 "
+ "NAME 'extensibleObject' "
+ "DESC 'RFC2252: extensible object' "
+ "SUP top AUXILIARY )",
+ 0, SLAP_OC_OPERATIONAL,
+ offsetof(struct slap_internal_schema, si_oc_extensibleObject) },
+ { "alias", "( 2.5.6.1 NAME 'alias' "
+ "DESC 'RFC2256: an alias' "
+ "SUP top STRUCTURAL "
+ "MUST aliasedObjectName )",
+ aliasObjectClass, SLAP_OC_ALIAS|SLAP_OC_OPERATIONAL,
+ offsetof(struct slap_internal_schema, si_oc_alias) },
+ { "referral", "( 2.16.840.1.113730.3.2.6 NAME 'referral' "
+ "DESC 'namedref: named subordinate referral' "
+ "SUP top STRUCTURAL MUST ref )",
+ referralObjectClass, SLAP_OC_REFERRAL|SLAP_OC_OPERATIONAL,
+ offsetof(struct slap_internal_schema, si_oc_referral) },
+ { "LDAProotDSE", "( 1.3.6.1.4.1.4203.1.4.1 "
+ "NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) "
+ "DESC 'OpenLDAP Root DSE object' "
+ "SUP top STRUCTURAL MAY cn )",
+ rootDseObjectClass, SLAP_OC_OPERATIONAL,
+ offsetof(struct slap_internal_schema, si_oc_rootdse) },
+ { "subentry", "( 2.5.17.0 NAME 'subentry' "
+ "SUP top STRUCTURAL "
+ "MUST ( cn $ subtreeSpecification ) )",
+ subentryObjectClass, SLAP_OC_SUBENTRY|SLAP_OC_OPERATIONAL,
+ offsetof(struct slap_internal_schema, si_oc_subentry) },
+ { "subschema", "( 2.5.20.1 NAME 'subschema' "
+ "DESC 'RFC2252: controlling subschema (sub)entry' "
+ "AUXILIARY "
+ "MAY ( dITStructureRules $ nameForms $ dITContentRules $ "
+ "objectClasses $ attributeTypes $ matchingRules $ "
+ "matchingRuleUse ) )",
+ subentryObjectClass, SLAP_OC_OPERATIONAL,
+ offsetof(struct slap_internal_schema, si_oc_subschema) },
+#ifdef LDAP_COLLECTIVE_ATTRIBUTES
+ { "collectiveAttributeSubentry", "( 2.5.17.2 "
+ "NAME 'collectiveAttributeSubentry' "
+ "DESC 'RFC3671: collective attribute subentry' "
+ "AUXILIARY )",
+ subentryObjectClass,
+ SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
+ offsetof( struct slap_internal_schema,
+ si_oc_collectiveAttributeSubentry) },
+#endif
+#ifdef LDAP_DYNAMIC_OBJECTS
+ { "dynamicObject", "( 1.3.6.1.4.1.1466.101.119.2 "
+ "NAME 'dynamicObject' "
+ "DESC 'RFC2589: Dynamic Object' "
+ "SUP top AUXILIARY )",
+ dynamicObjectClass, SLAP_OC_DYNAMICOBJECT,
+ offsetof(struct slap_internal_schema, si_oc_dynamicObject) },
+#endif
+ { "glue", "( 1.3.6.1.4.1.4203.666.3.4 "
+ "NAME 'glue' "
+ "DESC 'Glue Entry' "
+ "SUP top STRUCTURAL )",
+ 0, SLAP_OC_GLUE|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
+ offsetof(struct slap_internal_schema, si_oc_glue) },
+ { "syncConsumerSubentry", "( 1.3.6.1.4.1.4203.666.3.5 "
+ "NAME 'syncConsumerSubentry' "
+ "DESC 'Persistent Info for SyncRepl Consumer' "
+ "AUXILIARY "
+ "MAY syncreplCookie )",
+ 0, SLAP_OC_SYNCCONSUMERSUBENTRY|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
+ offsetof(struct slap_internal_schema, si_oc_syncConsumerSubentry) },
+ { "syncProviderSubentry", "( 1.3.6.1.4.1.4203.666.3.6 "
+ "NAME 'syncProviderSubentry' "
+ "DESC 'Persistent Info for SyncRepl Producer' "
+ "AUXILIARY "
+ "MAY contextCSN )",
+ 0, SLAP_OC_SYNCPROVIDERSUBENTRY|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
+ offsetof(struct slap_internal_schema, si_oc_syncProviderSubentry) },
+
+ { NULL, NULL, NULL, 0, 0 }
+};
+
+static AttributeTypeSchemaCheckFN rootDseAttribute;
+static AttributeTypeSchemaCheckFN aliasAttribute;
+static AttributeTypeSchemaCheckFN referralAttribute;
+static AttributeTypeSchemaCheckFN subentryAttribute;
+static AttributeTypeSchemaCheckFN administrativeRoleAttribute;
+#ifdef LDAP_DYNAMIC_OBJECTS
+static AttributeTypeSchemaCheckFN dynamicAttribute;
+#endif
+
+static struct slap_schema_ad_map {
+ char *ssam_name;
+ char *ssam_defn;
+ AttributeTypeSchemaCheckFN *ssam_check;
+ slap_mask_t ssam_flags;
+ slap_syntax_validate_func *ssam_syn_validate;
+ slap_syntax_transform_func *ssam_syn_pretty;
+ slap_mr_convert_func *ssam_mr_convert;
+ slap_mr_normalize_func *ssam_mr_normalize;
+ slap_mr_match_func *ssam_mr_match;
+ slap_mr_indexer_func *ssam_mr_indexer;
+ slap_mr_filter_func *ssam_mr_filter;
+ size_t ssam_offset;
+} ad_map[] = {
+ { "objectClass", "( 2.5.4.0 NAME 'objectClass' "
+ "DESC 'RFC2256: object classes of the entity' "
+ "EQUALITY objectIdentifierMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
+ NULL, SLAP_AT_FINAL,
+ oidValidate, objectClassPretty,
+ NULL, NULL, objectSubClassMatch,
+ objectSubClassIndexer, objectSubClassFilter,
+ offsetof(struct slap_internal_schema, si_ad_objectClass) },
+
+ /* user entry operational attributes */
+ { "structuralObjectClass", "( 2.5.21.9 NAME 'structuralObjectClass' "
+ "DESC 'X.500(93): structural object class of entry' "
+ "EQUALITY objectIdentifierMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
+ NULL, SLAP_AT_MANAGEABLE,
+ oidValidate, objectClassPretty,
+ NULL, NULL, objectSubClassMatch,
+ objectSubClassIndexer, objectSubClassFilter,
+ offsetof(struct slap_internal_schema, si_ad_structuralObjectClass) },
+ { "createTimestamp", "( 2.5.18.1 NAME 'createTimestamp' "
+ "DESC 'RFC2252: time which object was created' "
+ "EQUALITY generalizedTimeMatch "
+ "ORDERING generalizedTimeOrderingMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
+ NULL, SLAP_AT_MANAGEABLE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_createTimestamp) },
+ { "modifyTimestamp", "( 2.5.18.2 NAME 'modifyTimestamp' "
+ "DESC 'RFC2252: time which object was last modified' "
+ "EQUALITY generalizedTimeMatch "
+ "ORDERING generalizedTimeOrderingMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
+ NULL, SLAP_AT_MANAGEABLE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_modifyTimestamp) },
+ { "creatorsName", "( 2.5.18.3 NAME 'creatorsName' "
+ "DESC 'RFC2252: name of creator' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
+ NULL, SLAP_AT_MANAGEABLE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_creatorsName) },
+ { "modifiersName", "( 2.5.18.4 NAME 'modifiersName' "
+ "DESC 'RFC2252: name of last modifier' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
+ NULL, SLAP_AT_MANAGEABLE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_modifiersName) },
+ { "hasSubordinates", "( 2.5.18.9 NAME 'hasSubordinates' "
+ "DESC 'X.501: entry has children' "
+ "EQUALITY booleanMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
+ NULL, SLAP_AT_DYNAMIC,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_hasSubordinates) },
+ { "subschemaSubentry", "( 2.5.18.10 NAME 'subschemaSubentry' "
+ "DESC 'RFC2252: name of controlling subschema entry' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE "
+ "NO-USER-MODIFICATION USAGE directoryOperation )",
+ NULL, SLAP_AT_DYNAMIC,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_subschemaSubentry) },
+#ifdef LDAP_COLLECTIVE_ATTRIBUTES
+ { "collectiveAttributeSubentries", "( 2.5.18.12 "
+ "NAME 'collectiveAttributeSubentries' "
+ "DESC 'RFC3671: collective attribute subentries' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
+ "NO-USER-MODIFICATION USAGE directoryOperation )",
+ NULL, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_collectiveSubentries) },
+ { "collectiveExclusions", "( 2.5.18.7 NAME 'collectiveExclusions' "
+ "DESC 'RFC3671: collective attribute exclusions' "
+ "EQUALITY objectIdentifierMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 "
+ "USAGE directoryOperation )",
+ NULL, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_collectiveExclusions) },
+#endif
+
+ { "entryDN", "( 1.3.6.1.4.1.4203.666.1.33 NAME 'entryDN' "
+ "DESC 'DN of the entry' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
+ NULL, SLAP_AT_HIDE|SLAP_AT_DYNAMIC,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_entryDN) },
+ { "entryUUID", "( 1.3.6.1.1.16.4 NAME 'entryUUID' "
+ "DESC 'UUID of the entry' "
+ "EQUALITY UUIDMatch "
+ "ORDERING UUIDOrderingMatch "
+ "SYNTAX 1.3.6.1.1.16.1 "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
+ NULL, SLAP_AT_MANAGEABLE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_entryUUID) },
+ { "entryCSN", "( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' "
+ "DESC 'change sequence number of the entry content' "
+ "EQUALITY CSNMatch "
+ "ORDERING CSNOrderingMatch "
+ "SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
+ NULL, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_entryCSN) },
+ { "namingCSN", "( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' "
+ "DESC 'change sequence number of the entry naming (RDN)' "
+ "EQUALITY CSNMatch "
+ "ORDERING CSNOrderingMatch "
+ "SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
+ NULL, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_namingCSN) },
+
+#ifdef LDAP_SUPERIOR_UUID
+ { "superiorUUID", "( 1.3.6.1.4.1.4203.666.1.11 NAME 'superiorUUID' "
+ "DESC 'UUID of the superior entry' "
+ "EQUALITY UUIDMatch "
+ "ORDERING UUIDOrderingMatch "
+ "SYNTAX 1.3.6.1.1.16.1 "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
+ NULL, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_superiorUUID) },
+#endif
+
+ { "syncreplCookie", "( 1.3.6.1.4.1.4203.666.1.23 "
+ "NAME 'syncreplCookie' "
+ "DESC 'syncrepl Cookie for shadow copy' "
+ "EQUALITY octetStringMatch "
+ "ORDERING octetStringOrderingMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )",
+ NULL, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_syncreplCookie) },
+
+ { "contextCSN", "( 1.3.6.1.4.1.4203.666.1.25 "
+ "NAME 'contextCSN' "
+ "DESC 'the largest committed CSN of a context' "
+ "EQUALITY CSNMatch "
+ "ORDERING CSNOrderingMatch "
+ "SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )",
+ NULL, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_contextCSN) },
+
+#ifdef LDAP_SYNC_TIMESTAMP
+ { "syncTimestamp", "( 1.3.6.1.4.1.4203.666.1.26 NAME 'syncTimestamp' "
+ "DESC 'Time which object was replicated' "
+ "EQUALITY generalizedTimeMatch "
+ "ORDERING generalizedTimeOrderingMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )",
+ NULL, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_syncTimestamp) },
+#endif
+
+ /* root DSE attributes */
+ { "altServer", "( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' "
+ "DESC 'RFC2252: alternative servers' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )",
+ rootDseAttribute, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_altServer) },
+ { "namingContexts", "( 1.3.6.1.4.1.1466.101.120.5 "
+ "NAME 'namingContexts' "
+ "DESC 'RFC2252: naming contexts' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )",
+ rootDseAttribute, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_namingContexts) },
+ { "supportedControl", "( 1.3.6.1.4.1.1466.101.120.13 "
+ "NAME 'supportedControl' "
+ "DESC 'RFC2252: supported controls' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )",
+ rootDseAttribute, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_supportedControl) },
+ { "supportedExtension", "( 1.3.6.1.4.1.1466.101.120.7 "
+ "NAME 'supportedExtension' "
+ "DESC 'RFC2252: supported extended operations' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )",
+ rootDseAttribute, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_supportedExtension) },
+ { "supportedLDAPVersion", "( 1.3.6.1.4.1.1466.101.120.15 "
+ "NAME 'supportedLDAPVersion' "
+ "DESC 'RFC2252: supported LDAP versions' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )",
+ rootDseAttribute, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_supportedLDAPVersion) },
+ { "supportedSASLMechanisms", "( 1.3.6.1.4.1.1466.101.120.14 "
+ "NAME 'supportedSASLMechanisms' "
+ "DESC 'RFC2252: supported SASL mechanisms'"
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )",
+ rootDseAttribute, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_supportedSASLMechanisms) },
+ { "supportedFeatures", "( 1.3.6.1.4.1.4203.1.3.5 "
+ "NAME 'supportedFeatures' "
+ "DESC 'features supported by the server' "
+ "EQUALITY objectIdentifierMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 "
+ "USAGE dSAOperation )",
+ rootDseAttribute, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_supportedFeatures) },
+ { "monitorContext", "( 1.3.6.1.4.1.4203.666.1.10 "
+ "NAME 'monitorContext' "
+ "DESC 'monitor context' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
+ "SINGLE-VALUE NO-USER-MODIFICATION "
+ "USAGE dSAOperation )",
+ rootDseAttribute, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_monitorContext) },
+ { "configContext", "( 1.3.6.1.4.1.4203.666.11.1.1 "
+ "NAME 'configContext' "
+ "DESC 'config context' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
+ "SINGLE-VALUE NO-USER-MODIFICATION "
+ "USAGE dSAOperation )",
+ rootDseAttribute, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_configContext) },
+ { "vendorName", "( 1.3.6.1.1.4 NAME 'vendorName' "
+ "DESC 'RFC3045: name of implementation vendor' "
+ "EQUALITY caseExactMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
+ "SINGLE-VALUE NO-USER-MODIFICATION "
+ "USAGE dSAOperation )",
+ rootDseAttribute, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_vendorName) },
+ { "vendorVersion", "( 1.3.6.1.1.5 NAME 'vendorVersion' "
+ "DESC 'RFC3045: version of implementation' "
+ "EQUALITY caseExactMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
+ "SINGLE-VALUE NO-USER-MODIFICATION "
+ "USAGE dSAOperation )",
+ rootDseAttribute, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_vendorVersion) },
+
+ /* subentry attributes */
+ { "administrativeRole", "( 2.5.18.5 NAME 'administrativeRole' "
+ "EQUALITY objectIdentifierMatch "
+ "USAGE directoryOperation "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
+ administrativeRoleAttribute, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_administrativeRole) },
+ { "subtreeSpecification", "( 2.5.18.6 NAME 'subtreeSpecification' "
+ "SINGLE-VALUE "
+ "USAGE directoryOperation "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 )",
+ subentryAttribute, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_subtreeSpecification) },
+
+ /* subschema subentry attributes */
+ { "dITStructureRules", "( 2.5.21.1 NAME 'dITStructureRules' "
+ "DESC 'RFC2252: DIT structure rules' "
+ "EQUALITY integerFirstComponentMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 "
+ "USAGE directoryOperation ) ",
+ subentryAttribute, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_ditStructureRules) },
+ { "dITContentRules", "( 2.5.21.2 NAME 'dITContentRules' "
+ "DESC 'RFC2252: DIT content rules' "
+ "EQUALITY objectIdentifierFirstComponentMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )",
+ subentryAttribute, SLAP_AT_HIDE,
+ oidValidate, NULL,
+ NULL, NULL, objectClassMatch, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_ditContentRules) },
+ { "matchingRules", "( 2.5.21.4 NAME 'matchingRules' "
+ "DESC 'RFC2252: matching rules' "
+ "EQUALITY objectIdentifierFirstComponentMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )",
+ subentryAttribute, 0,
+ oidValidate, NULL,
+ NULL, NULL, matchingRuleMatch, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_matchingRules) },
+ { "attributeTypes", "( 2.5.21.5 NAME 'attributeTypes' "
+ "DESC 'RFC2252: attribute types' "
+ "EQUALITY objectIdentifierFirstComponentMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )",
+ subentryAttribute, 0,
+ oidValidate, NULL,
+ NULL, NULL, attributeTypeMatch, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_attributeTypes) },
+ { "objectClasses", "( 2.5.21.6 NAME 'objectClasses' "
+ "DESC 'RFC2252: object classes' "
+ "EQUALITY objectIdentifierFirstComponentMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )",
+ subentryAttribute, 0,
+ oidValidate, NULL,
+ NULL, NULL, objectClassMatch, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_objectClasses) },
+ { "nameForms", "( 2.5.21.7 NAME 'nameForms' "
+ "DESC 'RFC2252: name forms ' "
+ "EQUALITY objectIdentifierFirstComponentMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )",
+ subentryAttribute, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_nameForms) },
+ { "matchingRuleUse", "( 2.5.21.8 NAME 'matchingRuleUse' "
+ "DESC 'RFC2252: matching rule uses' "
+ "EQUALITY objectIdentifierFirstComponentMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )",
+ subentryAttribute, 0,
+ oidValidate, NULL,
+ NULL, NULL, matchingRuleMatch, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_matchingRuleUse) },
+
+ { "ldapSyntaxes", "( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' "
+ "DESC 'RFC2252: LDAP syntaxes' "
+ "EQUALITY objectIdentifierFirstComponentMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )",
+ subentryAttribute, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_ldapSyntaxes) },
+
+ /* knowledge information */
+ { "aliasedObjectName", "( 2.5.4.1 "
+ "NAME ( 'aliasedObjectName' 'aliasedEntryName' ) "
+ "DESC 'RFC2256: name of aliased object' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )",
+ aliasAttribute, SLAP_AT_FINAL,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_aliasedObjectName) },
+ { "ref", "( 2.16.840.1.113730.3.1.34 NAME 'ref' "
+ "DESC 'namedref: subordinate referral URL' "
+ "EQUALITY caseExactMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
+ "USAGE distributedOperation )",
+ referralAttribute, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_ref) },
+
+ /* access control internals */
+ { "entry", "( 1.3.6.1.4.1.4203.1.3.1 "
+ "NAME 'entry' "
+ "DESC 'OpenLDAP ACL entry pseudo-attribute' "
+ "SYNTAX 1.3.6.1.4.1.4203.1.1.1 "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )",
+ NULL, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_entry) },
+ { "children", "( 1.3.6.1.4.1.4203.1.3.2 "
+ "NAME 'children' "
+ "DESC 'OpenLDAP ACL children pseudo-attribute' "
+ "SYNTAX 1.3.6.1.4.1.4203.1.1.1 "
+ "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )",
+ NULL, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_children) },
+
+ /* access control externals */
+ { "authzTo", "( 1.3.6.1.4.1.4203.666.1.8 "
+ "NAME ( 'authzTo' 'saslAuthzTo' ) "
+ "DESC 'proxy authorization targets' "
+#ifdef SLAP_AUTHZ_SYNTAX
+ "EQUALITY authzMatch "
+ "SYNTAX 1.3.6.1.4.1.4203.666.2.7 "
+#else /* ! SLAP_AUTHZ_SYNTAX */
+ "EQUALITY caseExactMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
+#endif /* ! SLAP_AUTHZ_SYNTAX */
+#ifdef SLAP_ORDERED_PRETTYNORM
+ "X-ORDERED 'VALUES' "
+#endif /* SLAP_ORDERED_PRETTYNORM */
+ "USAGE distributedOperation )",
+ NULL, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_saslAuthzTo) },
+ { "authzFrom", "( 1.3.6.1.4.1.4203.666.1.9 "
+ "NAME ( 'authzFrom' 'saslAuthzFrom' ) "
+ "DESC 'proxy authorization sources' "
+#ifdef SLAP_AUTHZ_SYNTAX
+ "EQUALITY authzMatch "
+ "SYNTAX 1.3.6.1.4.1.4203.666.2.7 "
+#else /* ! SLAP_AUTHZ_SYNTAX */
+ "EQUALITY caseExactMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
+#endif /* ! SLAP_AUTHZ_SYNTAX */
+#ifdef SLAP_ORDERED_PRETTYNORM
+ "X-ORDERED 'VALUES' "
+#endif /* SLAP_ORDERED_PRETTYNORM */
+ "USAGE distributedOperation )",
+ NULL, SLAP_AT_HIDE,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_saslAuthzFrom) },
+
+#ifdef LDAP_DYNAMIC_OBJECTS
+ { "entryTtl", "( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' "
+ "DESC 'RFC2589: entry time-to-live' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE "
+ "NO-USER-MODIFICATION USAGE dSAOperation )",
+ dynamicAttribute, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_entryTtl) },
+ { "dynamicSubtrees", "( 1.3.6.1.4.1.1466.101.119.4 "
+ "NAME 'dynamicSubtrees' "
+ "DESC 'RFC2589: dynamic subtrees' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION "
+ "USAGE dSAOperation )",
+ rootDseAttribute, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_dynamicSubtrees) },
+#endif
+
+ /* userApplication attributes (which system schema depends upon) */
+ { "distinguishedName", "( 2.5.4.49 NAME 'distinguishedName' "
+ "DESC 'RFC2256: common supertype of DN attributes' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )",
+ NULL, SLAP_AT_ABSTRACT,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_distinguishedName) },
+ { "name", "( 2.5.4.41 NAME 'name' "
+ "DESC 'RFC2256: common supertype of name attributes' "
+ "EQUALITY caseIgnoreMatch "
+ "SUBSTR caseIgnoreSubstringsMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )",
+ NULL, SLAP_AT_ABSTRACT,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_name) },
+ { "cn", "( 2.5.4.3 NAME ( 'cn' 'commonName' ) "
+ "DESC 'RFC2256: common name(s) for which the entity is known by' "
+ "SUP name )",
+ NULL, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_cn) },
+ { "uid", "( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) "
+ "DESC 'RFC1274: user identifier' "
+ "EQUALITY caseIgnoreMatch "
+ "SUBSTR caseIgnoreSubstringsMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )",
+ NULL, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_uid) },
+ { "uidNumber", /* for ldapi:// */
+ "( 1.3.6.1.1.1.1.0 NAME 'uidNumber' "
+ "DESC 'An integer uniquely identifying a user "
+ "in an administrative domain' "
+ "EQUALITY integerMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )",
+ NULL, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_uidNumber) },
+ { "gidNumber", /* for ldapi:// */
+ "( 1.3.6.1.1.1.1.1 NAME 'gidNumber' "
+ "DESC 'An integer uniquely identifying a group "
+ "in an administrative domain' "
+ "EQUALITY integerMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )",
+ NULL, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_gidNumber) },
+ { "userPassword", "( 2.5.4.35 NAME 'userPassword' "
+ "DESC 'RFC2256/2307: password of user' "
+ "EQUALITY octetStringMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )",
+ NULL, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_userPassword) },
+
+ { "labeledURI", "( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' "
+ "DESC 'RFC2079: Uniform Resource Identifier with optional label' "
+ "EQUALITY caseExactMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
+ NULL, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_labeledURI) },
+
+#ifdef SLAPD_AUTHPASSWD
+ { "authPassword", "( 1.3.6.1.4.1.4203.1.3.4 "
+ "NAME 'authPassword' "
+ "DESC 'RFC3112: authentication password attribute' "
+ "EQUALITY 1.3.6.1.4.1.4203.1.2.2 "
+ "SYNTAX 1.3.6.1.4.1.4203.1.1.2 )",
+ NULL, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_authPassword) },
+ { "supportedAuthPasswordSchemes", "( 1.3.6.1.4.1.4203.1.3.3 "
+ "NAME 'supportedAuthPasswordSchemes' "
+ "DESC 'RFC3112: supported authPassword schemes' "
+ "EQUALITY caseExactIA5Match "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} "
+ "USAGE dSAOperation )",
+ subschemaAttribute, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_authPasswordSchemes) },
+#endif
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ { "krbName", "( 1.3.6.1.4.1.250.1.32 "
+ "NAME ( 'krbName' 'kerberosName' ) "
+ "DESC 'Kerberos principal associated with object' "
+ "EQUALITY caseIgnoreIA5Match "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 "
+ "SINGLE-VALUE )",
+ NULL, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_krbName) },
+#endif
+
+ { "description", "( 2.5.4.13 NAME 'description' "
+ "DESC 'RFC2256: descriptive information' "
+ "EQUALITY caseIgnoreMatch "
+ "SUBSTR caseIgnoreSubstringsMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )",
+ NULL, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_description) },
+
+ { "seeAlso", "( 2.5.4.34 NAME 'seeAlso' "
+ "DESC 'RFC2256: DN of related object' "
+ "SUP distinguishedName )",
+ NULL, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_seeAlso) },
+
+ { NULL, NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0 }
+};
+
+static AttributeType slap_at_undefined = {
+ { "1.1.1", NULL, "Catchall for undefined attribute types", 1, NULL,
+ NULL, NULL, NULL, NULL,
+ 0, 0, 0, 1, LDAP_SCHEMA_DSA_OPERATION, NULL }, /* LDAPAttributeType */
+ BER_BVC("UNDEFINED"), /* cname */
+ NULL, /* sup */
+ NULL, /* subtypes */
+ NULL, NULL, NULL, NULL, /* matching rules routines */
+ NULL, /* syntax (will be set later to "octetString") */
+ NULL, /* schema check function */
+ NULL, /* oidmacro */
+ SLAP_AT_ABSTRACT|SLAP_AT_FINAL, /* mask */
+ { NULL }, /* next */
+ NULL /* attribute description */
+ /* mutex (don't know how to initialize it :) */
+};
+
+static AttributeType slap_at_proxied = {
+ { "1.1.1", NULL, "Catchall for undefined proxied attribute types", 1, NULL,
+ NULL, NULL, NULL, NULL,
+ 0, 0, 0, 0, LDAP_SCHEMA_USER_APPLICATIONS, NULL }, /* LDAPAttributeType */
+ BER_BVC("PROXIED"), /* cname */
+ NULL, /* sup */
+ NULL, /* subtypes */
+ NULL, NULL, NULL, NULL, /* matching rules routines (will be set later) */
+ NULL, /* syntax (will be set later to "octetString") */
+ NULL, /* schema check function */
+ NULL, /* oidmacro */
+ SLAP_AT_ABSTRACT|SLAP_AT_FINAL, /* mask */
+ { NULL }, /* next */
+ NULL /* attribute description */
+ /* mutex (don't know how to initialize it :) */
+};
+
+static struct slap_schema_mr_map {
+ char *ssmm_name;
+ size_t ssmm_offset;
+} mr_map[] = {
+ { "caseExactIA5Match",
+ offsetof(struct slap_internal_schema, si_mr_caseExactIA5Match) },
+ { "caseExactMatch",
+ offsetof(struct slap_internal_schema, si_mr_caseExactMatch) },
+ { "caseExactSubstringsMatch",
+ offsetof(struct slap_internal_schema, si_mr_caseExactSubstringsMatch) },
+ { "distinguishedNameMatch",
+ offsetof(struct slap_internal_schema, si_mr_distinguishedNameMatch) },
+ { "dnSubtreeMatch",
+ offsetof(struct slap_internal_schema, si_mr_dnSubtreeMatch) },
+ { "dnOneLevelMatch",
+ offsetof(struct slap_internal_schema, si_mr_dnOneLevelMatch) },
+ { "dnSubordinateMatch",
+ offsetof(struct slap_internal_schema, si_mr_dnSubordinateMatch) },
+ { "dnSuperiorMatch",
+ offsetof(struct slap_internal_schema, si_mr_dnSuperiorMatch) },
+ { "integerMatch",
+ offsetof(struct slap_internal_schema, si_mr_integerMatch) },
+ { "integerFirstComponentMatch",
+ offsetof(struct slap_internal_schema,
+ si_mr_integerFirstComponentMatch) },
+ { "objectIdentifierFirstComponentMatch",
+ offsetof(struct slap_internal_schema,
+ si_mr_objectIdentifierFirstComponentMatch) },
+ { NULL, 0 }
+};
+
+static struct slap_schema_syn_map {
+ char *sssm_name;
+ size_t sssm_offset;
+} syn_map[] = {
+ { "1.3.6.1.4.1.1466.115.121.1.15",
+ offsetof(struct slap_internal_schema, si_syn_directoryString) },
+ { "1.3.6.1.4.1.1466.115.121.1.12",
+ offsetof(struct slap_internal_schema, si_syn_distinguishedName) },
+ { "1.3.6.1.4.1.1466.115.121.1.27",
+ offsetof(struct slap_internal_schema, si_syn_integer) },
+ { "1.3.6.1.4.1.1466.115.121.1.40",
+ offsetof(struct slap_internal_schema, si_syn_octetString) },
+ { "1.3.6.1.4.1.1466.115.121.1.3",
+ offsetof(struct slap_internal_schema, si_syn_attributeTypeDesc) },
+ { "1.3.6.1.4.1.1466.115.121.1.16",
+ offsetof(struct slap_internal_schema, si_syn_ditContentRuleDesc) },
+ { "1.3.6.1.4.1.1466.115.121.1.54",
+ offsetof(struct slap_internal_schema, si_syn_ldapSyntaxDesc) },
+ { "1.3.6.1.4.1.1466.115.121.1.30",
+ offsetof(struct slap_internal_schema, si_syn_matchingRuleDesc) },
+ { "1.3.6.1.4.1.1466.115.121.1.31",
+ offsetof(struct slap_internal_schema, si_syn_matchingRuleUseDesc) },
+ { "1.3.6.1.4.1.1466.115.121.1.35",
+ offsetof(struct slap_internal_schema, si_syn_nameFormDesc) },
+ { "1.3.6.1.4.1.1466.115.121.1.37",
+ offsetof(struct slap_internal_schema, si_syn_objectClassDesc) },
+ { "1.3.6.1.4.1.1466.115.121.1.17",
+ offsetof(struct slap_internal_schema, si_syn_ditStructureRuleDesc) },
+ { NULL, 0 }
+};
+
+int
+slap_schema_load( void )
+{
+ int i;
+
+ for( i=0; syn_map[i].sssm_name; i++ ) {
+ Syntax ** synp = (Syntax **)
+ &(((char *) &slap_schema)[syn_map[i].sssm_offset]);
+
+ assert( *synp == NULL );
+
+ *synp = syn_find( syn_map[i].sssm_name );
+
+ if( *synp == NULL ) {
+ fprintf( stderr, "slap_schema_load: Syntax: "
+ "No syntax \"%s\" defined in schema\n",
+ syn_map[i].sssm_name );
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ for( i=0; mr_map[i].ssmm_name; i++ ) {
+ MatchingRule ** mrp = (MatchingRule **)
+ &(((char *) &slap_schema)[mr_map[i].ssmm_offset]);
+
+ assert( *mrp == NULL );
+
+ *mrp = mr_find( mr_map[i].ssmm_name );
+
+ if( *mrp == NULL ) {
+ fprintf( stderr, "slap_schema_load: MatchingRule: "
+ "No matching rule \"%s\" defined in schema\n",
+ mr_map[i].ssmm_name );
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+ }
+
+ slap_at_undefined.sat_syntax = slap_schema.si_syn_octetString;
+ slap_schema.si_at_undefined = &slap_at_undefined;
+
+ slap_at_proxied.sat_equality = mr_find( "octetStringMatch" );
+ slap_at_proxied.sat_approx = mr_find( "octetStringMatch" );
+ slap_at_proxied.sat_ordering = mr_find( "octetStringOrderingMatch" );
+ slap_at_proxied.sat_substr = mr_find( "octetStringSubstringsMatch" );
+ slap_at_proxied.sat_syntax = slap_schema.si_syn_octetString;
+ slap_schema.si_at_proxied = &slap_at_proxied;
+
+ ldap_pvt_thread_mutex_init( &ad_undef_mutex );
+ ldap_pvt_thread_mutex_init( &oc_undef_mutex );
+
+ for( i=0; ad_map[i].ssam_name; i++ ) {
+ assert( ad_map[i].ssam_defn != NULL );
+ {
+ LDAPAttributeType *at;
+ int code;
+ const char *err;
+
+ at = ldap_str2attributetype( ad_map[i].ssam_defn,
+ &code, &err, LDAP_SCHEMA_ALLOW_ALL );
+ if ( !at ) {
+ fprintf( stderr,
+ "slap_schema_load: AttributeType \"%s\": %s before %s\n",
+ ad_map[i].ssam_name, ldap_scherr2str(code), err );
+ return code;
+ }
+
+ if ( at->at_oid == NULL ) {
+ fprintf( stderr, "slap_schema_load: "
+ "AttributeType \"%s\": no OID\n",
+ ad_map[i].ssam_name );
+ return LDAP_OTHER;
+ }
+
+ code = at_add( at, 0, NULL, &err );
+ if ( code ) {
+ ldap_attributetype_free( at );
+ fprintf( stderr, "slap_schema_load: AttributeType "
+ "\"%s\": %s: \"%s\"\n",
+ ad_map[i].ssam_name, scherr2str(code), err );
+ return code;
+ }
+ ldap_memfree( at );
+ }
+ {
+ int rc;
+ const char *text;
+ Syntax *syntax = NULL;
+
+ AttributeDescription ** adp = (AttributeDescription **)
+ &(((char *) &slap_schema)[ad_map[i].ssam_offset]);
+
+ assert( *adp == NULL );
+
+ rc = slap_str2ad( ad_map[i].ssam_name, adp, &text );
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "slap_schema_load: AttributeType \"%s\": "
+ "not defined in schema\n",
+ ad_map[i].ssam_name );
+ return rc;
+ }
+
+ if( ad_map[i].ssam_check ) {
+ /* install check routine */
+ (*adp)->ad_type->sat_check = ad_map[i].ssam_check;
+ }
+ /* install flags */
+ (*adp)->ad_type->sat_flags |= ad_map[i].ssam_flags;
+
+ /* install custom syntax routines */
+ if( ad_map[i].ssam_syn_validate ||
+ ad_map[i].ssam_syn_pretty )
+ {
+ Syntax *syn;
+
+ syntax = (*adp)->ad_type->sat_syntax;
+
+ syn = ch_malloc( sizeof( Syntax ) );
+ *syn = *syntax;
+
+ if( ad_map[i].ssam_syn_validate ) {
+ syn->ssyn_validate = ad_map[i].ssam_syn_validate;
+ }
+ if( ad_map[i].ssam_syn_pretty ) {
+ syn->ssyn_pretty = ad_map[i].ssam_syn_pretty;
+ }
+
+ (*adp)->ad_type->sat_syntax = syn;
+ }
+
+ /* install custom rule routines */
+ if( syntax != NULL ||
+ ad_map[i].ssam_mr_convert ||
+ ad_map[i].ssam_mr_normalize ||
+ ad_map[i].ssam_mr_match ||
+ ad_map[i].ssam_mr_indexer ||
+ ad_map[i].ssam_mr_filter )
+ {
+ MatchingRule *mr = ch_malloc( sizeof( MatchingRule ) );
+ *mr = *(*adp)->ad_type->sat_equality;
+
+ if ( syntax != NULL ) {
+ mr->smr_syntax = (*adp)->ad_type->sat_syntax;
+ }
+ if ( ad_map[i].ssam_mr_convert ) {
+ mr->smr_convert = ad_map[i].ssam_mr_convert;
+ }
+ if ( ad_map[i].ssam_mr_normalize ) {
+ mr->smr_normalize = ad_map[i].ssam_mr_normalize;
+ }
+ if ( ad_map[i].ssam_mr_match ) {
+ mr->smr_match = ad_map[i].ssam_mr_match;
+ }
+ if ( ad_map[i].ssam_mr_indexer ) {
+ mr->smr_indexer = ad_map[i].ssam_mr_indexer;
+ }
+ if ( ad_map[i].ssam_mr_filter ) {
+ mr->smr_filter = ad_map[i].ssam_mr_filter;
+ }
+
+ /* FIXME: no-one will free this at exit */
+ (*adp)->ad_type->sat_equality = mr;
+ }
+ }
+ }
+
+ for( i=0; oc_map[i].ssom_name; i++ ) {
+ assert( oc_map[i].ssom_defn != NULL );
+ {
+ LDAPObjectClass *oc;
+ int code;
+ const char *err;
+
+ oc = ldap_str2objectclass( oc_map[i].ssom_defn, &code, &err,
+ LDAP_SCHEMA_ALLOW_ALL );
+ if ( !oc ) {
+ fprintf( stderr, "slap_schema_load: ObjectClass "
+ "\"%s\": %s before %s\n",
+ oc_map[i].ssom_name, ldap_scherr2str(code), err );
+ return code;
+ }
+
+ if ( oc->oc_oid == NULL ) {
+ fprintf( stderr, "slap_schema_load: ObjectClass "
+ "\"%s\": no OID\n",
+ oc_map[i].ssom_name );
+ return LDAP_OTHER;
+ }
+
+ code = oc_add(oc,0,NULL,&err);
+ if ( code ) {
+ fprintf( stderr, "slap_schema_load: ObjectClass "
+ "\"%s\": %s: \"%s\"\n",
+ oc_map[i].ssom_name, scherr2str(code), err);
+ return code;
+ }
+
+ ldap_memfree(oc);
+ }
+ {
+ ObjectClass ** ocp = (ObjectClass **)
+ &(((char *) &slap_schema)[oc_map[i].ssom_offset]);
+
+ assert( *ocp == NULL );
+
+ *ocp = oc_find( oc_map[i].ssom_name );
+ if( *ocp == NULL ) {
+ fprintf( stderr, "slap_schema_load: "
+ "ObjectClass \"%s\": not defined in schema\n",
+ oc_map[i].ssom_name );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ if( oc_map[i].ssom_check ) {
+ /* install check routine */
+ (*ocp)->soc_check = oc_map[i].ssom_check;
+ }
+ /* install flags */
+ (*ocp)->soc_flags |= oc_map[i].ssom_flags;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int
+slap_schema_check( void )
+{
+ /* we should only be called once after schema_init() was called */
+ assert( schema_init_done == 1 );
+
+ /*
+ * cycle thru attributeTypes to build matchingRuleUse
+ */
+ if ( matching_rule_use_init() ) {
+ return LDAP_OTHER;
+ }
+
+ ++schema_init_done;
+ return LDAP_SUCCESS;
+}
+
+static int rootDseObjectClass (
+ Backend *be,
+ Entry *e,
+ ObjectClass *oc,
+ const char** text,
+ char *textbuf, size_t textlen )
+{
+ *text = textbuf;
+
+ if( e->e_nname.bv_len ) {
+ snprintf( textbuf, textlen,
+ "objectClass \"%s\" only allowed in the root DSE",
+ oc->soc_oid );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ /* we should not be called for the root DSE */
+ assert( 0 );
+ return LDAP_SUCCESS;
+}
+
+static int aliasObjectClass (
+ Backend *be,
+ Entry *e,
+ ObjectClass *oc,
+ const char** text,
+ char *textbuf, size_t textlen )
+{
+ *text = textbuf;
+
+ if( !SLAP_ALIASES(be) ) {
+ snprintf( textbuf, textlen,
+ "objectClass \"%s\" not supported in context",
+ oc->soc_oid );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int referralObjectClass (
+ Backend *be,
+ Entry *e,
+ ObjectClass *oc,
+ const char** text,
+ char *textbuf, size_t textlen )
+{
+ *text = textbuf;
+
+ if( !SLAP_REFERRALS(be) ) {
+ snprintf( textbuf, textlen,
+ "objectClass \"%s\" not supported in context",
+ oc->soc_oid );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int subentryObjectClass (
+ Backend *be,
+ Entry *e,
+ ObjectClass *oc,
+ const char** text,
+ char *textbuf, size_t textlen )
+{
+ *text = textbuf;
+
+ if( !SLAP_SUBENTRIES(be) ) {
+ snprintf( textbuf, textlen,
+ "objectClass \"%s\" not supported in context",
+ oc->soc_oid );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ if( oc != slap_schema.si_oc_subentry && !is_entry_subentry( e ) ) {
+ snprintf( textbuf, textlen,
+ "objectClass \"%s\" only allowed in subentries",
+ oc->soc_oid );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+#ifdef LDAP_DYNAMIC_OBJECTS
+static int dynamicObjectClass (
+ Backend *be,
+ Entry *e,
+ ObjectClass *oc,
+ const char** text,
+ char *textbuf, size_t textlen )
+{
+ *text = textbuf;
+
+ if( !SLAP_DYNAMIC(be) ) {
+ snprintf( textbuf, textlen,
+ "objectClass \"%s\" not supported in context",
+ oc->soc_oid );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ return LDAP_SUCCESS;
+}
+#endif /* LDAP_DYNAMIC_OBJECTS */
+
+static int rootDseAttribute (
+ Backend *be,
+ Entry *e,
+ Attribute *attr,
+ const char** text,
+ char *textbuf, size_t textlen )
+{
+ *text = textbuf;
+
+ if( e->e_nname.bv_len ) {
+ snprintf( textbuf, textlen,
+ "attribute \"%s\" only allowed in the root DSE",
+ attr->a_desc->ad_cname.bv_val );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ /* we should not be called for the root DSE */
+ assert( 0 );
+ return LDAP_SUCCESS;
+}
+
+static int aliasAttribute (
+ Backend *be,
+ Entry *e,
+ Attribute *attr,
+ const char** text,
+ char *textbuf, size_t textlen )
+{
+ *text = textbuf;
+
+ if( !SLAP_ALIASES(be) ) {
+ snprintf( textbuf, textlen,
+ "attribute \"%s\" not supported in context",
+ attr->a_desc->ad_cname.bv_val );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ if( !is_entry_alias( e ) ) {
+ snprintf( textbuf, textlen,
+ "attribute \"%s\" only allowed in the alias",
+ attr->a_desc->ad_cname.bv_val );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int referralAttribute (
+ Backend *be,
+ Entry *e,
+ Attribute *attr,
+ const char** text,
+ char *textbuf, size_t textlen )
+{
+ *text = textbuf;
+
+ if( !SLAP_REFERRALS(be) ) {
+ snprintf( textbuf, textlen,
+ "attribute \"%s\" not supported in context",
+ attr->a_desc->ad_cname.bv_val );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ if( !is_entry_referral( e ) ) {
+ snprintf( textbuf, textlen,
+ "attribute \"%s\" only allowed in the referral",
+ attr->a_desc->ad_cname.bv_val );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int subentryAttribute (
+ Backend *be,
+ Entry *e,
+ Attribute *attr,
+ const char** text,
+ char *textbuf, size_t textlen )
+{
+ *text = textbuf;
+
+ if( !SLAP_SUBENTRIES(be) ) {
+ snprintf( textbuf, textlen,
+ "attribute \"%s\" not supported in context",
+ attr->a_desc->ad_cname.bv_val );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ if( !is_entry_subentry( e ) ) {
+ snprintf( textbuf, textlen,
+ "attribute \"%s\" only allowed in the subentry",
+ attr->a_desc->ad_cname.bv_val );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int administrativeRoleAttribute (
+ Backend *be,
+ Entry *e,
+ Attribute *attr,
+ const char** text,
+ char *textbuf, size_t textlen )
+{
+ *text = textbuf;
+
+ if( !SLAP_SUBENTRIES(be) ) {
+ snprintf( textbuf, textlen,
+ "attribute \"%s\" not supported in context",
+ attr->a_desc->ad_cname.bv_val );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ snprintf( textbuf, textlen,
+ "attribute \"%s\" not supported!",
+ attr->a_desc->ad_cname.bv_val );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+}
+
+#ifdef LDAP_DYNAMIC_OBJECTS
+static int dynamicAttribute (
+ Backend *be,
+ Entry *e,
+ Attribute *attr,
+ const char** text,
+ char *textbuf, size_t textlen )
+{
+ *text = textbuf;
+
+ if( !SLAP_DYNAMIC(be) ) {
+ snprintf( textbuf, textlen,
+ "attribute \"%s\" not supported in context",
+ attr->a_desc->ad_cname.bv_val );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ if( !is_entry_dynamicObject( e ) ) {
+ snprintf( textbuf, textlen,
+ "attribute \"%s\" only allowed in dynamic object",
+ attr->a_desc->ad_cname.bv_val );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ return LDAP_SUCCESS;
+}
+#endif /* LDAP_DYNAMIC_OBJECTS */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/schemaparse.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/schemaparse.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/schemaparse.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,318 @@
+/* schemaparse.c - routines to parse config file objectclass definitions */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schemaparse.c,v 1.71.2.7 2007/01/02 21:43:58 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "ldap_schema.h"
+
+static void oc_usage(void);
+static void at_usage(void);
+
+static char *const err2text[] = {
+ "Success",
+ "Out of memory",
+ "ObjectClass not found",
+ "user-defined ObjectClass includes operational attributes",
+ "user-defined ObjectClass has inappropriate SUPerior",
+ "Duplicate objectClass",
+ "Inconsistent duplicate objectClass",
+ "AttributeType not found",
+ "AttributeType inappropriate matching rule",
+ "AttributeType inappropriate USAGE",
+ "AttributeType inappropriate SUPerior",
+ "AttributeType SYNTAX or SUPerior required",
+ "Duplicate attributeType",
+ "Inconsistent duplicate attributeType",
+ "MatchingRule not found",
+ "MatchingRule incomplete",
+ "Duplicate matchingRule",
+ "Syntax not found",
+ "Duplicate ldapSyntax",
+ "OID or name required",
+ "Qualifier not supported",
+ "Invalid NAME",
+ "OID could not be expanded",
+ "Duplicate Content Rule",
+ "Content Rule not for STRUCTURAL object class",
+ "Content Rule AUX contains inappropriate object class",
+ "Content Rule attribute type list contains duplicate",
+ NULL
+};
+
+char *
+scherr2str(int code)
+{
+ if ( code < 0 || SLAP_SCHERR_LAST <= code ) {
+ return "Unknown error";
+ } else {
+ return err2text[code];
+ }
+}
+
+/* check schema descr validity */
+int slap_valid_descr( const char *descr )
+{
+ int i=0;
+
+ if( !DESC_LEADCHAR( descr[i] ) ) {
+ return 0;
+ }
+
+ while( descr[++i] ) {
+ if( !DESC_CHAR( descr[i] ) ) {
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+
+/* OID Macros */
+
+/* String compare with delimiter check. Return 0 if not
+ * matched, otherwise return length matched.
+ */
+int
+dscompare(const char *s1, const char *s2, char delim)
+{
+ const char *orig = s1;
+ while (*s1++ == *s2++)
+ if (!s1[-1]) break;
+ --s1;
+ --s2;
+ if (!*s1 && (!*s2 || *s2 == delim))
+ return s1 - orig;
+ return 0;
+}
+
+static void
+cr_usage( void )
+{
+ fprintf( stderr,
+ "DITContentRuleDescription = \"(\" whsp\n"
+ " numericoid whsp ; StructuralObjectClass identifier\n"
+ " [ \"NAME\" qdescrs ]\n"
+ " [ \"DESC\" qdstring ]\n"
+ " [ \"OBSOLETE\" whsp ]\n"
+ " [ \"AUX\" oids ] ; Auxiliary ObjectClasses\n"
+ " [ \"MUST\" oids ] ; AttributeTypes\n"
+ " [ \"MAY\" oids ] ; AttributeTypes\n"
+ " [ \"NOT\" oids ] ; AttributeTypes\n"
+ " whsp \")\"\n" );
+}
+
+int
+parse_cr(
+ const char *fname,
+ int lineno,
+ char *line,
+ char **argv,
+ ContentRule **scr )
+{
+ LDAPContentRule *cr;
+ int code;
+ const char *err;
+
+ cr = ldap_str2contentrule( line, &code, &err, LDAP_SCHEMA_ALLOW_ALL );
+ if ( !cr ) {
+ fprintf( stderr, "%s: line %d: %s before %s\n",
+ fname, lineno, ldap_scherr2str(code), err );
+ cr_usage();
+ return 1;
+ }
+
+ if ( cr->cr_oid == NULL ) {
+ fprintf( stderr,
+ "%s: line %d: Content rule has no OID\n",
+ fname, lineno );
+ cr_usage();
+ code = 1;
+ goto done;
+ }
+
+ code = cr_add( cr, 1, scr, &err );
+ if ( code ) {
+ fprintf( stderr, "%s: line %d: %s: \"%s\"\n",
+ fname, lineno, scherr2str( code ), err );
+ code = 1;
+ goto done;
+ }
+
+done:;
+ if ( code ) {
+ ldap_contentrule_free( cr );
+
+ } else {
+ ldap_memfree( cr );
+ }
+
+ return code;
+}
+
+int
+parse_oc(
+ const char *fname,
+ int lineno,
+ char *line,
+ char **argv,
+ ObjectClass **soc )
+{
+ LDAPObjectClass *oc;
+ int code;
+ const char *err;
+
+ oc = ldap_str2objectclass(line, &code, &err, LDAP_SCHEMA_ALLOW_ALL );
+ if ( !oc ) {
+ fprintf( stderr, "%s: line %d: %s before %s\n",
+ fname, lineno, ldap_scherr2str( code ), err );
+ oc_usage();
+ return 1;
+ }
+
+ if ( oc->oc_oid == NULL ) {
+ fprintf( stderr,
+ "%s: line %d: objectclass has no OID\n",
+ fname, lineno );
+ oc_usage();
+ code = 1;
+ goto done;
+ }
+
+ code = oc_add( oc, 1, soc, &err );
+ if ( code ) {
+ fprintf( stderr, "%s: line %d: %s: \"%s\"\n",
+ fname, lineno, scherr2str( code ), err );
+ code = 1;
+ goto done;
+ }
+
+done:;
+ if ( code ) {
+ ldap_objectclass_free( oc );
+
+ } else {
+ ldap_memfree( oc );
+ }
+
+ return code;
+}
+
+static void
+oc_usage( void )
+{
+ fprintf( stderr,
+ "ObjectClassDescription = \"(\" whsp\n"
+ " numericoid whsp ; ObjectClass identifier\n"
+ " [ \"NAME\" qdescrs ]\n"
+ " [ \"DESC\" qdstring ]\n"
+ " [ \"OBSOLETE\" whsp ]\n"
+ " [ \"SUP\" oids ] ; Superior ObjectClasses\n"
+ " [ ( \"ABSTRACT\" / \"STRUCTURAL\" / \"AUXILIARY\" ) whsp ]\n"
+ " ; default structural\n"
+ " [ \"MUST\" oids ] ; AttributeTypes\n"
+ " [ \"MAY\" oids ] ; AttributeTypes\n"
+ " whsp \")\"\n" );
+}
+
+static void
+at_usage( void )
+{
+ fprintf( stderr, "%s%s%s",
+ "AttributeTypeDescription = \"(\" whsp\n"
+ " numericoid whsp ; AttributeType identifier\n"
+ " [ \"NAME\" qdescrs ] ; name used in AttributeType\n"
+ " [ \"DESC\" qdstring ] ; description\n"
+ " [ \"OBSOLETE\" whsp ]\n"
+ " [ \"SUP\" woid ] ; derived from this other\n"
+ " ; AttributeType\n",
+ " [ \"EQUALITY\" woid ] ; Matching Rule name\n"
+ " [ \"ORDERING\" woid ] ; Matching Rule name\n"
+ " [ \"SUBSTR\" woid ] ; Matching Rule name\n"
+ " [ \"SYNTAX\" whsp noidlen whsp ] ; see section 4.3\n"
+ " [ \"SINGLE-VALUE\" whsp ] ; default multi-valued\n"
+ " [ \"COLLECTIVE\" whsp ] ; default not collective\n",
+ " [ \"NO-USER-MODIFICATION\" whsp ]; default user modifiable\n"
+ " [ \"USAGE\" whsp AttributeUsage ]; default userApplications\n"
+ " ; userApplications\n"
+ " ; directoryOperation\n"
+ " ; distributedOperation\n"
+ " ; dSAOperation\n"
+ " whsp \")\"\n");
+}
+
+int
+parse_at(
+ const char *fname,
+ int lineno,
+ char *line,
+ char **argv,
+ AttributeType **sat )
+{
+ LDAPAttributeType *at;
+ int code;
+ const char *err;
+
+ at = ldap_str2attributetype( line, &code, &err, LDAP_SCHEMA_ALLOW_ALL );
+ if ( !at ) {
+ fprintf( stderr, "%s: line %d: %s before %s\n",
+ fname, lineno, ldap_scherr2str(code), err );
+ at_usage();
+ return 1;
+ }
+
+ if ( at->at_oid == NULL ) {
+ fprintf( stderr,
+ "%s: line %d: attributeType has no OID\n",
+ fname, lineno );
+ at_usage();
+ code = 1;
+ goto done;
+ }
+
+ /* operational attributes should be defined internally */
+ if ( at->at_usage ) {
+ fprintf( stderr, "%s: line %d: attribute type \"%s\" is operational\n",
+ fname, lineno, at->at_oid );
+ code = 1;
+ goto done;
+ }
+
+ code = at_add( at, 1, sat, &err);
+ if ( code ) {
+ fprintf( stderr, "%s: line %d: %s: \"%s\"\n",
+ fname, lineno, scherr2str(code), err);
+ code = 1;
+ goto done;
+ }
+
+done:;
+ if ( code ) {
+ ldap_attributetype_free( at );
+
+ } else {
+ ldap_memfree( at );
+ }
+
+ return code;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/search.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/search.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/search.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,368 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/search.c,v 1.168.2.9 2007/01/02 21:43:58 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "lutil.h"
+#include "slap.h"
+
+int
+do_search(
+ Operation *op, /* info about the op to which we're responding */
+ SlapReply *rs /* all the response data we'll send */ )
+{
+ struct berval base = BER_BVNULL;
+ ber_len_t siz, off, i;
+
+ Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
+
+ /*
+ * Parse the search request. It looks like this:
+ *
+ * SearchRequest := [APPLICATION 3] SEQUENCE {
+ * baseObject DistinguishedName,
+ * scope ENUMERATED {
+ * baseObject (0),
+ * singleLevel (1),
+ * wholeSubtree (2),
+ * subordinate (3) -- OpenLDAP extension
+ * },
+ * derefAliases ENUMERATED {
+ * neverDerefaliases (0),
+ * derefInSearching (1),
+ * derefFindingBaseObj (2),
+ * alwaysDerefAliases (3)
+ * },
+ * sizelimit INTEGER (0 .. 65535),
+ * timelimit INTEGER (0 .. 65535),
+ * attrsOnly BOOLEAN,
+ * filter Filter,
+ * attributes SEQUENCE OF AttributeType
+ * }
+ */
+
+ /* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
+ if ( ber_scanf( op->o_ber, "{miiiib" /*}*/,
+ &base, &op->ors_scope, &op->ors_deref, &op->ors_slimit,
+ &op->ors_tlimit, &op->ors_attrsonly ) == LBER_ERROR )
+ {
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
+ rs->sr_err = SLAPD_DISCONNECT;
+ goto return_results;
+ }
+
+ if ( op->ors_tlimit < 0 || op->ors_tlimit > SLAP_MAX_LIMIT ) {
+ send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid time limit" );
+ goto return_results;
+ }
+
+ if ( op->ors_slimit < 0 || op->ors_slimit > SLAP_MAX_LIMIT ) {
+ send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid size limit" );
+ goto return_results;
+ }
+
+ switch( op->ors_scope ) {
+ case LDAP_SCOPE_BASE:
+ case LDAP_SCOPE_ONELEVEL:
+ case LDAP_SCOPE_SUBTREE:
+ case LDAP_SCOPE_SUBORDINATE:
+ break;
+ default:
+ send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid scope" );
+ goto return_results;
+ }
+
+ switch( op->ors_deref ) {
+ case LDAP_DEREF_NEVER:
+ case LDAP_DEREF_FINDING:
+ case LDAP_DEREF_SEARCHING:
+ case LDAP_DEREF_ALWAYS:
+ break;
+ default:
+ send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid deref" );
+ goto return_results;
+ }
+
+ rs->sr_err = dnPrettyNormal( NULL, &base, &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
+ send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
+ goto return_results;
+ }
+
+ Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d",
+ base.bv_val, op->ors_scope, op->ors_deref );
+ Debug( LDAP_DEBUG_ARGS, " %d %d %d\n",
+ op->ors_slimit, op->ors_tlimit, op->ors_attrsonly);
+
+ /* filter - returns a "normalized" version */
+ rs->sr_err = get_filter( op, op->o_ber, &op->ors_filter, &rs->sr_text );
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ if( rs->sr_err == SLAPD_DISCONNECT ) {
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ send_ldap_disconnect( op, rs );
+ rs->sr_err = SLAPD_DISCONNECT;
+ } else {
+ send_ldap_result( op, rs );
+ }
+ goto return_results;
+ }
+ filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
+
+ Debug( LDAP_DEBUG_ARGS, " filter: %s\n",
+ !BER_BVISEMPTY( &op->ors_filterstr ) ? op->ors_filterstr.bv_val : "empty", 0, 0 );
+
+ /* attributes */
+ siz = sizeof(AttributeName);
+ off = offsetof(AttributeName,an_name);
+ if ( ber_scanf( op->o_ber, "{M}}", &op->ors_attrs, &siz, off ) == LBER_ERROR ) {
+ send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding attrs error" );
+ rs->sr_err = SLAPD_DISCONNECT;
+ goto return_results;
+ }
+ for ( i=0; i<siz; i++ ) {
+ const char *dummy; /* ignore msgs from bv2ad */
+ op->ors_attrs[i].an_desc = NULL;
+ op->ors_attrs[i].an_oc = NULL;
+ op->ors_attrs[i].an_oc_exclude = 0;
+ if ( slap_bv2ad( &op->ors_attrs[i].an_name,
+ &op->ors_attrs[i].an_desc, &dummy ) != LDAP_SUCCESS )
+ {
+ slap_bv2undef_ad( &op->ors_attrs[i].an_name,
+ &op->ors_attrs[i].an_desc, &dummy,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+ };
+ }
+
+ if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 );
+
+ goto return_results;
+ }
+
+ Debug( LDAP_DEBUG_ARGS, " attrs:", 0, 0, 0 );
+
+ if ( siz != 0 ) {
+ for ( i = 0; i<siz; i++ ) {
+ Debug( LDAP_DEBUG_ARGS, " %s", op->ors_attrs[i].an_name.bv_val, 0, 0 );
+ }
+ }
+
+ Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
+
+ if ( StatslogTest( LDAP_DEBUG_STATS ) ) {
+ char abuf[BUFSIZ/2], *ptr = abuf;
+ int len = 0, alen;
+
+ sprintf(abuf, "scope=%d deref=%d", op->ors_scope, op->ors_deref);
+ Statslog( LDAP_DEBUG_STATS,
+ "%s SRCH base=\"%s\" %s filter=\"%s\"\n",
+ op->o_log_prefix, op->o_req_dn.bv_val, abuf,
+ op->ors_filterstr.bv_val, 0 );
+
+ for ( i = 0; i<siz; i++ ) {
+ alen = op->ors_attrs[i].an_name.bv_len;
+ if (alen >= sizeof(abuf)) {
+ alen = sizeof(abuf)-1;
+ }
+ if (len && (len + 1 + alen >= sizeof(abuf))) {
+ Statslog( LDAP_DEBUG_STATS, "%s SRCH attr=%s\n",
+ op->o_log_prefix, abuf, 0, 0, 0 );
+ len = 0;
+ ptr = abuf;
+ }
+ if (len) {
+ *ptr++ = ' ';
+ len++;
+ }
+ ptr = lutil_strncopy(ptr, op->ors_attrs[i].an_name.bv_val, alen);
+ len += alen;
+ *ptr = '\0';
+ }
+ if (len) {
+ Statslog( LDAP_DEBUG_STATS, "%s SRCH attr=%s\n",
+ op->o_log_prefix, abuf, 0, 0, 0 );
+ }
+ }
+
+ op->o_bd = frontendDB;
+ rs->sr_err = frontendDB->be_search( op, rs );
+
+return_results:;
+ if ( !BER_BVISNULL( &op->o_req_dn ) ) {
+ slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
+ }
+ if ( !BER_BVISNULL( &op->o_req_ndn ) ) {
+ slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+ }
+ if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
+ op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+ }
+ if ( op->ors_filter != NULL) {
+ filter_free_x( op, op->ors_filter );
+ }
+ if ( op->ors_attrs != NULL ) {
+ op->o_tmpfree( op->ors_attrs, op->o_tmpmemctx );
+ }
+
+ return rs->sr_err;
+}
+
+int
+fe_op_search( Operation *op, SlapReply *rs )
+{
+ int manageDSAit;
+ int be_manageDSAit;
+ BackendDB *bd = op->o_bd;
+
+ manageDSAit = get_manageDSAit( op );
+
+ /* fake while loop to allow breaking out */
+ while ( op->ors_scope == LDAP_SCOPE_BASE ) {
+ Entry *entry = NULL;
+
+ if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
+#ifdef LDAP_CONNECTIONLESS
+ /* Ignore LDAPv2 CLDAP Root DSE queries */
+ if (op->o_protocol == LDAP_VERSION2 && op->o_conn->c_is_udp) {
+ goto return_results;
+ }
+#endif
+ /* check restrictions */
+ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto return_results;
+ }
+
+ rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
+
+ } else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
+ /* check restrictions */
+ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto return_results;
+ }
+
+ rs->sr_err = schema_info( &entry, &rs->sr_text );
+ }
+
+ if( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto return_results;
+
+ } else if ( entry != NULL ) {
+ rs->sr_err = test_filter( op, entry, op->ors_filter );
+
+ if( rs->sr_err == LDAP_COMPARE_TRUE ) {
+ /* note: we set no limits because either
+ * no limit is specified, or at least 1
+ * is specified, and we're going to return
+ * at most one entry */
+ op->ors_slimit = SLAP_NO_LIMIT;
+ op->ors_tlimit = SLAP_NO_LIMIT;
+
+ rs->sr_entry = entry;
+ rs->sr_attrs = op->ors_attrs;
+ rs->sr_operational_attrs = NULL;
+ rs->sr_flags = 0;
+ send_search_entry( op, rs );
+ rs->sr_entry = NULL;
+ rs->sr_operational_attrs = NULL;
+ }
+ entry_free( entry );
+
+ rs->sr_err = LDAP_SUCCESS;
+ send_ldap_result( op, rs );
+ goto return_results;
+ }
+ break;
+ }
+
+ if( BER_BVISEMPTY( &op->o_req_ndn ) && !BER_BVISEMPTY( &default_search_nbase ) ) {
+ slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
+ slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+
+ ber_dupbv_x( &op->o_req_dn, &default_search_base, op->o_tmpmemctx );
+ ber_dupbv_x( &op->o_req_ndn, &default_search_nbase, op->o_tmpmemctx );
+ }
+
+ /*
+ * We could be serving multiple database backends. Select the
+ * appropriate one, or send a referral to our "referral server"
+ * if we don't hold it.
+ */
+
+ be_manageDSAit = manageDSAit;
+
+ op->o_bd = select_backend( &op->o_req_ndn, be_manageDSAit, 1 );
+ if ( op->o_bd == NULL ) {
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, op->ors_scope );
+
+ if (!rs->sr_ref) rs->sr_ref = default_referral;
+ rs->sr_err = LDAP_REFERRAL;
+ op->o_bd = bd;
+ send_ldap_result( op, rs );
+
+ if (rs->sr_ref != default_referral)
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ goto return_results;
+ }
+
+ /* check restrictions */
+ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto return_results;
+ }
+
+ /* check for referrals */
+ if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
+ goto return_results;
+ }
+
+ /* actually do the search and send the result(s) */
+ if ( op->o_bd->be_search ) {
+ if ( limits_check( op, rs ) == 0 ) {
+ (op->o_bd->be_search)( op, rs );
+ }
+ /* else limits_check() sends error */
+
+ } else {
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "operation not supported within namingContext" );
+ }
+
+return_results:;
+ op->o_bd = bd;
+ return rs->sr_err;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/sets.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/sets.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/sets.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,584 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/sets.c,v 1.24.2.5 2007/01/02 21:43:58 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "sets.h"
+
+static BerVarray set_chase( SLAP_SET_GATHER gatherer,
+ SetCookie *cookie, BerVarray set, AttributeDescription *desc, int closure );
+
+static long
+slap_set_size( BerVarray set )
+{
+ long i;
+
+ i = 0;
+ if ( set != NULL ) {
+ while ( !BER_BVISNULL( &set[ i ] ) ) {
+ i++;
+ }
+ }
+ return i;
+}
+
+static int
+slap_set_isempty( BerVarray set )
+{
+ if ( set == NULL ) {
+ return 1;
+ }
+
+ if ( !BER_BVISNULL( &set[ 0 ] ) ) {
+ return 0;
+ }
+
+ return 1;
+}
+
+static void
+slap_set_dispose( SetCookie *cp, BerVarray set, unsigned flags )
+{
+ if ( flags & SLAP_SET_REFVAL ) {
+ if ( ! ( flags & SLAP_SET_REFARR ) ) {
+ cp->set_op->o_tmpfree( set, cp->set_op->o_tmpmemctx );
+ }
+
+ } else {
+ ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
+ }
+}
+
+static BerVarray
+set_dup( SetCookie *cp, BerVarray set, unsigned flags )
+{
+ BerVarray newset = NULL;
+
+ if ( set == NULL ) {
+ return NULL;
+ }
+
+ if ( flags & SLAP_SET_REFARR ) {
+ int i;
+
+ for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ )
+ ;
+ newset = cp->set_op->o_tmpcalloc( i + 1,
+ sizeof( struct berval ),
+ cp->set_op->o_tmpmemctx );
+ if ( newset == NULL ) {
+ return NULL;
+ }
+
+ if ( flags & SLAP_SET_REFVAL ) {
+ for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
+ ber_dupbv_x( &newset[ i ], &set[ i ],
+ cp->set_op->o_tmpmemctx );
+ }
+
+ } else {
+ AC_MEMCPY( newset, set, ( i + 1 ) * sizeof( struct berval ) );
+ }
+
+ } else {
+ newset = set;
+ }
+
+ return newset;
+}
+
+BerVarray
+slap_set_join(
+ SetCookie *cp,
+ BerVarray lset,
+ unsigned op_flags,
+ BerVarray rset )
+{
+ BerVarray set;
+ long i, j, last;
+ unsigned op = ( op_flags & SLAP_SET_OPMASK );
+
+ set = NULL;
+ switch ( op ) {
+ case '|': /* union */
+ if ( lset == NULL || BER_BVISNULL( lset ) ) {
+ if ( rset == NULL ) {
+ if ( lset == NULL ) {
+ set = cp->set_op->o_tmpcalloc( 1,
+ sizeof( struct berval ),
+ cp->set_op->o_tmpmemctx );
+ BER_BVZERO( set );
+ return set;
+ }
+ return set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
+ }
+ slap_set_dispose( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
+ return set_dup( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
+ }
+ if ( rset == NULL || BER_BVISNULL( rset ) ) {
+ slap_set_dispose( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
+ return set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
+ }
+
+ i = slap_set_size( lset ) + slap_set_size( rset ) + 1;
+ set = cp->set_op->o_tmpcalloc( i, sizeof( struct berval ), cp->set_op->o_tmpmemctx );
+ if ( set != NULL ) {
+ /* set_chase() depends on this routine to
+ * keep the first elements of the result
+ * set the same (and in the same order)
+ * as the left-set.
+ */
+ for ( i = 0; !BER_BVISNULL( &lset[ i ] ); i++ ) {
+ if ( op_flags & SLAP_SET_LREFVAL ) {
+ ber_dupbv_x( &set[ i ], &lset[ i ], cp->set_op->o_tmpmemctx );
+
+ } else {
+ set[ i ] = lset[ i ];
+ }
+ }
+
+ last = i;
+
+ for ( i = 0; !BER_BVISNULL( &rset[ i ] ); i++ ) {
+ int exists = 0;
+
+ for ( j = 0; !BER_BVISNULL( &set[ j ] ); j++ ) {
+ if ( bvmatch( &rset[ i ], &set[ j ] ) )
+ {
+ if ( !( op_flags & SLAP_SET_RREFVAL ) ) {
+ cp->set_op->o_tmpfree( rset[ i ].bv_val, cp->set_op->o_tmpmemctx );
+ BER_BVZERO( &rset[ i ] );
+ }
+ exists = 1;
+ break;
+ }
+ }
+
+ if ( !exists ) {
+ if ( op_flags & SLAP_SET_RREFVAL ) {
+ ber_dupbv_x( &set[ last ], &rset[ i ], cp->set_op->o_tmpmemctx );
+
+ } else {
+ set[ last ] = rset[ i ];
+ }
+ last++;
+ }
+ }
+ BER_BVZERO( &set[ last ] );
+ }
+ break;
+
+ case '&': /* intersection */
+ if ( lset == NULL || BER_BVISNULL( lset )
+ || rset == NULL || BER_BVISNULL( rset ) )
+ {
+ set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
+ cp->set_op->o_tmpmemctx );
+ BER_BVZERO( set );
+
+ } else {
+ set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
+ if ( set == NULL ) {
+ break;
+ }
+ lset = NULL;
+ last = slap_set_size( set ) - 1;
+ for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
+ for ( j = 0; !BER_BVISNULL( &rset[ j ] ); j++ ) {
+ if ( bvmatch( &set[ i ], &rset[ j ] ) ) {
+ break;
+ }
+ }
+
+ if ( BER_BVISNULL( &rset[ j ] ) ) {
+ cp->set_op->o_tmpfree( set[ i ].bv_val, cp->set_op->o_tmpmemctx );
+ set[ i ] = set[ last ];
+ BER_BVZERO( &set[ last ] );
+ last--;
+ i--;
+ }
+ }
+ }
+ break;
+
+ case '+': /* string concatenation */
+ i = slap_set_size( rset );
+ j = slap_set_size( lset );
+
+ set = cp->set_op->o_tmpcalloc( i * j + 1, sizeof( struct berval ),
+ cp->set_op->o_tmpmemctx );
+ if ( set == NULL ) {
+ break;
+ }
+
+ for ( last = 0, i = 0; !BER_BVISNULL( &lset[ i ] ); i++ ) {
+ for ( j = 0; !BER_BVISNULL( &rset[ j ] ); j++ ) {
+ struct berval bv;
+ long k;
+
+ bv.bv_len = lset[ i ].bv_len + rset[ j ].bv_len;
+ bv.bv_val = cp->set_op->o_tmpalloc( bv.bv_len + 1,
+ cp->set_op->o_tmpmemctx );
+ if ( bv.bv_val == NULL ) {
+ slap_set_dispose( cp, set, 0 );
+ set = NULL;
+ goto done;
+ }
+ AC_MEMCPY( bv.bv_val, lset[ i ].bv_val, lset[ i ].bv_len );
+ AC_MEMCPY( &bv.bv_val[ lset[ i ].bv_len ], rset[ j ].bv_val, rset[ j ].bv_len );
+ bv.bv_val[ bv.bv_len ] = '\0';
+
+ for ( k = 0; k < last; k++ ) {
+ if ( bvmatch( &set[ k ], &bv ) ) {
+ cp->set_op->o_tmpfree( bv.bv_val, cp->set_op->o_tmpmemctx );
+ break;
+ }
+ }
+
+ if ( k == last ) {
+ set[ last++ ] = bv;
+ }
+ }
+ }
+ BER_BVZERO( &set[ last ] );
+ break;
+
+ default:
+ break;
+ }
+
+done:;
+ if ( !( op_flags & SLAP_SET_LREFARR ) && lset != NULL ) {
+ if ( !( op_flags & SLAP_SET_LREFVAL ))
+ cp->set_op->o_tmpfree( lset->bv_val, cp->set_op->o_tmpmemctx );
+ cp->set_op->o_tmpfree( lset, cp->set_op->o_tmpmemctx );
+ }
+
+ if ( !( op_flags & SLAP_SET_RREFARR ) && rset != NULL ) {
+ if ( !( op_flags & SLAP_SET_RREFVAL ))
+ cp->set_op->o_tmpfree( rset->bv_val, cp->set_op->o_tmpmemctx );
+ cp->set_op->o_tmpfree( rset, cp->set_op->o_tmpmemctx );
+ }
+
+ return set;
+}
+
+static BerVarray
+set_chase( SLAP_SET_GATHER gatherer,
+ SetCookie *cp, BerVarray set, AttributeDescription *desc, int closure )
+{
+ BerVarray vals, nset;
+ int i;
+
+ if ( set == NULL ) {
+ set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
+ cp->set_op->o_tmpmemctx );
+ BER_BVZERO( set );
+ return set;
+ }
+
+ if ( BER_BVISNULL( set ) ) {
+ return set;
+ }
+
+ nset = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ), cp->set_op->o_tmpmemctx );
+ if ( nset == NULL ) {
+ slap_set_dispose( cp, set, 0 );
+ return NULL;
+ }
+ for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
+ vals = gatherer( cp, &set[ i ], desc );
+ if ( vals != NULL ) {
+ nset = slap_set_join( cp, nset, '|', vals );
+ }
+ }
+ slap_set_dispose( cp, set, 0 );
+
+ if ( closure ) {
+ for ( i = 0; !BER_BVISNULL( &nset[ i ] ); i++ ) {
+ vals = gatherer( cp, &nset[ i ], desc );
+ if ( vals != NULL ) {
+ nset = slap_set_join( cp, nset, '|', vals );
+ if ( nset == NULL ) {
+ break;
+ }
+ }
+ }
+ }
+
+ return nset;
+}
+
+int
+slap_set_filter( SLAP_SET_GATHER gatherer,
+ SetCookie *cp, struct berval *fbv,
+ struct berval *user, struct berval *target, BerVarray *results )
+{
+#define STACK_SIZE 64
+#define IS_SET(x) ( (unsigned long)(x) >= 256 )
+#define IS_OP(x) ( (unsigned long)(x) < 256 )
+#define SF_ERROR(x) do { rc = -1; goto _error; } while ( 0 )
+#define SF_TOP() ( (BerVarray)( ( stp < 0 ) ? 0 : stack[ stp ] ) )
+#define SF_POP() ( (BerVarray)( ( stp < 0 ) ? 0 : stack[ stp-- ] ) )
+#define SF_PUSH(x) do { \
+ if ( stp >= ( STACK_SIZE - 1 ) ) SF_ERROR( overflow ); \
+ stack[ ++stp ] = (BerVarray)(long)(x); \
+ } while ( 0 )
+
+ BerVarray set, lset;
+ BerVarray stack[ STACK_SIZE ] = { 0 };
+ int len, rc, stp;
+ unsigned long op;
+ char c, *filter = fbv->bv_val;
+
+ if ( results ) {
+ *results = NULL;
+ }
+
+ stp = -1;
+ while ( ( c = *filter++ ) ) {
+ set = NULL;
+ switch ( c ) {
+ case ' ':
+ case '\t':
+ case '\x0A':
+ case '\x0D':
+ break;
+
+ case '(' /* ) */ :
+ if ( IS_SET( SF_TOP() ) ) {
+ SF_ERROR( syntax );
+ }
+ SF_PUSH( c );
+ break;
+
+ case /* ( */ ')':
+ set = SF_POP();
+ if ( IS_OP( set ) ) {
+ SF_ERROR( syntax );
+ }
+ if ( SF_TOP() == (void *)'(' /* ) */ ) {
+ SF_POP();
+ SF_PUSH( set );
+ set = NULL;
+
+ } else if ( IS_OP( SF_TOP() ) ) {
+ op = (unsigned long)SF_POP();
+ lset = SF_POP();
+ SF_POP();
+ set = slap_set_join( cp, lset, op, set );
+ if ( set == NULL ) {
+ SF_ERROR( memory );
+ }
+ SF_PUSH( set );
+ set = NULL;
+
+ } else {
+ SF_ERROR( syntax );
+ }
+ break;
+
+ case '|': /* union */
+ case '&': /* intersection */
+ case '+': /* string concatenation */
+ set = SF_POP();
+ if ( IS_OP( set ) ) {
+ SF_ERROR( syntax );
+ }
+ if ( SF_TOP() == 0 || SF_TOP() == (void *)'(' /* ) */ ) {
+ SF_PUSH( set );
+ set = NULL;
+
+ } else if ( IS_OP( SF_TOP() ) ) {
+ op = (unsigned long)SF_POP();
+ lset = SF_POP();
+ set = slap_set_join( cp, lset, op, set );
+ if ( set == NULL ) {
+ SF_ERROR( memory );
+ }
+ SF_PUSH( set );
+ set = NULL;
+
+ } else {
+ SF_ERROR( syntax );
+ }
+ SF_PUSH( c );
+ break;
+
+ case '[' /* ] */:
+ if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {
+ SF_ERROR( syntax );
+ }
+ for ( len = 0; ( c = *filter++ ) && ( c != /* [ */ ']' ); len++ )
+ ;
+ if ( c == 0 ) {
+ SF_ERROR( syntax );
+ }
+
+ set = cp->set_op->o_tmpcalloc( 2, sizeof( struct berval ),
+ cp->set_op->o_tmpmemctx );
+ if ( set == NULL ) {
+ SF_ERROR( memory );
+ }
+ set->bv_val = cp->set_op->o_tmpcalloc( len + 1, sizeof( char ),
+ cp->set_op->o_tmpmemctx );
+ if ( BER_BVISNULL( set ) ) {
+ SF_ERROR( memory );
+ }
+ AC_MEMCPY( set->bv_val, &filter[ - len - 1 ], len );
+ set->bv_len = len;
+ SF_PUSH( set );
+ set = NULL;
+ break;
+
+ case '-':
+ c = *filter++;
+ if ( c != '>' ) {
+ SF_ERROR( syntax );
+ }
+ /* fall through to next case */
+
+ case '/':
+ if ( IS_OP( SF_TOP() ) ) {
+ SF_ERROR( syntax );
+ }
+ SF_PUSH( '/' );
+ break;
+
+ default:
+ if ( ( c != '_' )
+ && ( c < 'A' || c > 'Z' )
+ && ( c < 'a' || c > 'z' ) )
+ {
+ SF_ERROR( syntax );
+ }
+ filter--;
+ for ( len = 1;
+ ( c = filter[ len ] )
+ && ( ( c >= '0' && c <= '9' )
+ || ( c >= 'A' && c <= 'Z' )
+ || ( c >= 'a' && c <= 'z' ) );
+ len++ )
+ /* count */ ;
+ if ( len == 4
+ && memcmp( "this", filter, len ) == 0 )
+ {
+ if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {
+ SF_ERROR( syntax );
+ }
+ set = cp->set_op->o_tmpcalloc( 2, sizeof( struct berval ),
+ cp->set_op->o_tmpmemctx );
+ if ( set == NULL ) {
+ SF_ERROR( memory );
+ }
+ ber_dupbv_x( set, target, cp->set_op->o_tmpmemctx );
+ if ( BER_BVISNULL( set ) ) {
+ SF_ERROR( memory );
+ }
+ BER_BVZERO( &set[ 1 ] );
+
+ } else if ( len == 4
+ && memcmp( "user", filter, len ) == 0 )
+ {
+ if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {
+ SF_ERROR( syntax );
+ }
+ set = cp->set_op->o_tmpcalloc( 2, sizeof( struct berval ),
+ cp->set_op->o_tmpmemctx );
+ if ( set == NULL ) {
+ SF_ERROR( memory );
+ }
+ ber_dupbv_x( set, user, cp->set_op->o_tmpmemctx );
+ if ( BER_BVISNULL( set ) ) {
+ SF_ERROR( memory );
+ }
+ BER_BVZERO( &set[ 1 ] );
+
+ } else if ( SF_TOP() != (void *)'/' ) {
+ SF_ERROR( syntax );
+
+ } else {
+ struct berval fb2;
+ AttributeDescription *ad = NULL;
+ const char *text = NULL;
+
+ SF_POP();
+ fb2.bv_val = filter;
+ fb2.bv_len = len;
+
+ if ( slap_bv2ad( &fb2, &ad, &text ) != LDAP_SUCCESS ) {
+ SF_ERROR( syntax );
+ }
+
+ /* NOTE: ad must have distinguishedName syntax
+ * or expand in an LDAP URI if c == '*'
+ */
+
+ set = set_chase( gatherer,
+ cp, SF_POP(), ad, c == '*' );
+ if ( set == NULL ) {
+ SF_ERROR( memory );
+ }
+ if ( c == '*' ) {
+ len++;
+ }
+ }
+ filter += len;
+ SF_PUSH( set );
+ set = NULL;
+ break;
+ }
+ }
+
+ set = SF_POP();
+ if ( IS_OP( set ) ) {
+ SF_ERROR( syntax );
+ }
+ if ( SF_TOP() == 0 ) {
+ /* FIXME: ok ? */ ;
+
+ } else if ( IS_OP( SF_TOP() ) ) {
+ op = (unsigned long)SF_POP();
+ lset = SF_POP();
+ set = slap_set_join( cp, lset, op, set );
+ if ( set == NULL ) {
+ SF_ERROR( memory );
+ }
+
+ } else {
+ SF_ERROR( syntax );
+ }
+
+ rc = slap_set_isempty( set ) ? 0 : 1;
+ if ( results ) {
+ *results = set;
+ set = NULL;
+ }
+
+_error:
+ if ( IS_SET( set ) ) {
+ slap_set_dispose( cp, set, 0 );
+ }
+ while ( ( set = SF_POP() ) ) {
+ if ( IS_SET( set ) ) {
+ slap_set_dispose( cp, set, 0 );
+ }
+ }
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/sets.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/sets.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/sets.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,75 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/sets.h,v 1.18.2.4 2007/01/02 21:43:58 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef SLAP_SETS_H_
+#define SLAP_SETS_H_
+
+#include <ldap_cdefs.h>
+
+LDAP_BEGIN_DECL
+
+typedef struct slap_set_cookie {
+ struct slap_op *set_op;
+} SetCookie;
+
+/* this routine needs to return the bervals instead of
+ * plain strings, since syntax is not known. It should
+ * also return the syntax or some "comparison cookie"
+ * that is used by set_filter.
+ */
+typedef BerVarray (SLAP_SET_GATHER)( SetCookie *cookie,
+ struct berval *name, AttributeDescription *ad);
+
+LDAP_SLAPD_F (int) slap_set_filter(
+ SLAP_SET_GATHER gatherer,
+ SetCookie *cookie, struct berval *filter,
+ struct berval *user, struct berval *target, BerVarray *results);
+
+LDAP_SLAPD_F (BerVarray) slap_set_join(SetCookie *cp,
+ BerVarray lset, unsigned op, BerVarray rset);
+
+#define SLAP_SET_OPMASK 0x00FF
+
+#define SLAP_SET_REFARR 0x0100
+#define SLAP_SET_REFVAL 0x0200
+#define SLAP_SET_REF (SLAP_SET_REFARR|SLAP_SET_REFVAL)
+
+/* The unsigned "op" can be ORed with the flags below;
+ * - if the rset's values must not be freed, or must be copied if kept,
+ * it is ORed with SLAP_SET_RREFVAL
+ * - if the rset array must not be freed, or must be copied if kept,
+ * it is ORed with SLAP_SET_RREFARR
+ * - the same applies to the lset with SLAP_SET_LREFVAL and SLAP_SET_LREFARR
+ * - it is assumed that SLAP_SET_REFVAL implies SLAP_SET_REFARR,
+ * i.e. the former is checked only if the latter is defined.
+ */
+
+#define SLAP_SET_RREFARR SLAP_SET_REFARR
+#define SLAP_SET_RREFVAL SLAP_SET_REFVAL
+#define SLAP_SET_RREF SLAP_SET_REF
+#define SLAP_SET_RREFMASK 0x0F00
+
+#define SLAP_SET_RREF2REF(r) ((r) & SLAP_SET_RREFMASK)
+
+#define SLAP_SET_LREFARR 0x1000
+#define SLAP_SET_LREFVAL 0x2000
+#define SLAP_SET_LREF (SLAP_SET_LREFARR|SLAP_SET_LREFVAL)
+#define SLAP_SET_LREFMASK 0xF000
+
+#define SLAP_SET_LREF2REF(r) (((r) & SLAP_SET_LREFMASK) >> 4)
+
+LDAP_END_DECL
+
+#endif
Added: openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,40 @@
+# Makefile.in for shell-backends
+# $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/Makefile.in,v 1.12.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+PROGRAMS = passwd-shell
+
+SRCS = passwd-shell.c shellutil.c
+XSRCS = pwd-version.c
+OBJS = passwd-shell.o shellutil.o
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-shell"
+BUILD_SRV = @BUILD_SHELL@
+
+all-local-srv: $(PROGRAMS)
+
+# create programs also when using modules
+depend-mod: depend-yes
+all-mod: all-yes
+install-mod: install-yes
+
+passwd-shell: pwd-version.o
+ $(CC) $(LDFLAGS) -o $@ $(OBJS) pwd-version.o $(LIBS)
+
+pwd-version.c: $(OBJS) $(LDAP_LIBDEPEND)
+ @-$(RM) $@
+ $(MKVERSION) passwd-shell > $@
Added: openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/passwd-shell.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/passwd-shell.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/passwd-shell.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,203 @@
+/* passwd-shell.c - passwd(5) shell-based backend for slapd(8) */
+/* $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/passwd-shell.c,v 1.12.2.3 2007/01/02 21:44:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include <pwd.h>
+
+#include <lber.h>
+#include <ldap.h>
+
+#include "shellutil.h"
+
+static void pwdfile_search LDAP_P(( struct ldop *op, FILE *ofp ));
+static struct ldentry *pw2entry LDAP_P(( struct ldop *op, struct passwd *pw ));
+
+static char tmpbuf[ MAXLINELEN * 2 ];
+
+
+int
+main( int argc, char **argv )
+{
+ int c, errflg;
+ struct ldop op;
+
+ if (( progname = strrchr( argv[ 0 ], '/' )) == NULL ) {
+ progname = estrdup( argv[ 0 ] );
+ } else {
+ progname = estrdup( progname + 1 );
+ }
+
+ errflg = debugflg = 0;
+
+ while (( c = getopt( argc, argv, "d" )) != EOF ) {
+ switch( c ) {
+ case 'd':
+#ifdef LDAP_DEBUG
+ ++debugflg;
+#else /* LDAP_DEBUG */
+ fprintf( stderr, "%s: compile with -DLDAP_DEBUG for debugging\n",
+ progname );
+#endif /* LDAP_DEBUG */
+ break;
+ default:
+ ++errflg;
+ }
+ }
+
+ if ( errflg || optind < argc ) {
+ fprintf( stderr, "usage: %s [-d]\n", progname );
+ exit( EXIT_FAILURE );
+ }
+
+ debug_printf( "started\n" );
+
+ (void) memset( (char *)&op, '\0', sizeof( op ));
+
+ if ( parse_input( stdin, stdout, &op ) < 0 ) {
+ exit( EXIT_SUCCESS );
+ }
+
+ if ( op.ldop_op != LDOP_SEARCH ) {
+ write_result( stdout, LDAP_UNWILLING_TO_PERFORM, NULL,
+ "Command Not Implemented" );
+ exit( EXIT_SUCCESS );
+ }
+
+#ifdef LDAP_DEBUG
+ dump_ldop( &op );
+#endif /* LDAP_DEBUG */
+
+ pwdfile_search( &op, stdout );
+
+ exit( EXIT_SUCCESS );
+}
+
+
+static void
+pwdfile_search( struct ldop *op, FILE *ofp )
+{
+ struct passwd *pw;
+ struct ldentry *entry;
+ int oneentry;
+
+ oneentry = ( strchr( op->ldop_dn, '@' ) != NULL );
+
+ for ( pw = getpwent(); pw != NULL; pw = getpwent()) {
+ if (( entry = pw2entry( op, pw )) != NULL ) {
+ if ( oneentry ) {
+ if ( strcasecmp( op->ldop_dn, entry->lde_dn ) == 0 ) {
+ write_entry( op, entry, ofp );
+ break;
+ }
+ } else if ( test_filter( op, entry ) == LDAP_COMPARE_TRUE ) {
+ write_entry( op, entry, ofp );
+ }
+ free_entry( entry );
+ }
+ }
+ endpwent();
+
+ write_result( ofp, LDAP_SUCCESS, NULL, NULL );
+}
+
+
+static struct ldentry *
+pw2entry( struct ldop *op, struct passwd *pw )
+{
+ struct ldentry *entry;
+ struct ldattr *attr;
+ int i;
+
+ entry = (struct ldentry *) ecalloc( 1, sizeof( struct ldentry ));
+
+ /*
+ * construct the DN from pw_name
+ */
+ if ( strchr( op->ldop_suffixes[ 0 ], '=' ) != NULL ) {
+ /*
+ * X.500 style DN
+ */
+ sprintf( tmpbuf, "cn=%s, %s", pw->pw_name, op->ldop_suffixes[ 0 ] );
+ } else {
+ /*
+ * RFC-822 style DN
+ */
+ sprintf( tmpbuf, "%s@%s", pw->pw_name, op->ldop_suffixes[ 0 ] );
+ }
+ entry->lde_dn = estrdup( tmpbuf );
+
+ /*
+ * for now, we simply derive the LDAP attribute values as follows:
+ * objectClass = person
+ * uid = pw_name
+ * sn = pw_name
+ * cn = pw_name
+ * cn = pw_gecos (second common name)
+ */
+ entry->lde_attrs = (struct ldattr **)ecalloc( 5, sizeof( struct ldattr * ));
+ i = 0;
+ attr = (struct ldattr *)ecalloc( 1, sizeof( struct ldattr ));
+ attr->lda_name = estrdup( "objectClass" );
+ attr->lda_values = (char **)ecalloc( 2, sizeof( char * ));
+ attr->lda_values[ 0 ] = estrdup( "person" );
+ entry->lde_attrs[ i++ ] = attr;
+
+ attr = (struct ldattr *)ecalloc( 1, sizeof( struct ldattr ));
+ attr->lda_name = estrdup( "uid" );
+ attr->lda_values = (char **)ecalloc( 2, sizeof( char * ));
+ attr->lda_values[ 0 ] = estrdup( pw->pw_name );
+ entry->lde_attrs[ i++ ] = attr;
+
+ attr = (struct ldattr *)ecalloc( 1, sizeof( struct ldattr ));
+ attr->lda_name = estrdup( "sn" );
+ attr->lda_values = (char **)ecalloc( 2, sizeof( char * ));
+ attr->lda_values[ 0 ] = estrdup( pw->pw_name );
+ entry->lde_attrs[ i++ ] = attr;
+
+ attr = (struct ldattr *)ecalloc( 1, sizeof( struct ldattr ));
+ attr->lda_name = estrdup( "cn" );
+ attr->lda_values = (char **)ecalloc( 3, sizeof( char * ));
+ attr->lda_values[ 0 ] = estrdup( pw->pw_name );
+ if ( pw->pw_gecos != NULL && *pw->pw_gecos != '\0' ) {
+ attr->lda_values[ 1 ] = estrdup( pw->pw_gecos );
+ }
+ entry->lde_attrs[ i++ ] = attr;
+
+ return( entry );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/shellutil.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/shellutil.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/shellutil.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,396 @@
+/* shellutil.c - common routines useful when building shell-based backends */
+/* $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/shellutil.c,v 1.14.2.4 2007/01/02 21:44:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/stdarg.h>
+
+#include <pwd.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+
+#include <lber.h>
+#include <ldap.h>
+#include "shellutil.h"
+
+
+int debugflg;
+char *progname;
+
+static struct inputparams ips[] = {
+ IP_TYPE_SUFFIX, "suffix",
+ IP_TYPE_BASE, "base",
+ IP_TYPE_SCOPE, "scope",
+ IP_TYPE_ALIASDEREF, "deref",
+ IP_TYPE_SIZELIMIT, "sizelimit",
+ IP_TYPE_TIMELIMIT, "timelimit",
+ IP_TYPE_FILTER, "filter",
+ IP_TYPE_ATTRS, "attrs",
+ IP_TYPE_ATTRSONLY, "attrsonly",
+ 0, NULL
+};
+
+
+void
+write_result( FILE *fp, int code, char *matched, char *info )
+{
+ fprintf( fp, "RESULT\ncode: %d\n", code );
+ debug_printf( ">> RESULT\n" );
+ debug_printf( ">> code: %d\n", code );
+
+ if ( matched != NULL ) {
+ fprintf( fp, "matched: %s\n", matched );
+ debug_printf( ">> matched: %s\n", matched );
+ }
+
+ if ( info != NULL ) {
+ fprintf( fp, "info: %s\n", info );
+ debug_printf( ">> info: %s\n", info );
+ }
+}
+
+
+void
+write_entry( struct ldop *op, struct ldentry *entry, FILE *ofp )
+{
+ struct ldattr **app;
+ char **valp;
+
+ fprintf( ofp, "dn: %s\n", entry->lde_dn );
+ for ( app = entry->lde_attrs; *app != NULL; ++app ) {
+ if ( attr_requested( (*app)->lda_name, op )) {
+ for ( valp = (*app)->lda_values; *valp != NULL; ++valp ) {
+ fprintf( ofp, "%s: %s\n", (*app)->lda_name, *valp );
+ }
+ }
+ }
+ fputc( '\n', ofp );
+}
+
+
+int
+test_filter( struct ldop *op, struct ldentry *entry )
+{
+ return ((random() & 0x07 ) == 0x07) /* XXX random for now */
+ ? LDAP_COMPARE_TRUE : LDAP_COMPARE_FALSE;
+}
+
+
+int
+attr_requested( char *name, struct ldop *op )
+{
+ char **ap;
+
+ if ( op->ldop_srch.ldsp_attrs == NULL ) { /* special case */
+ return( 1 );
+ }
+
+ for ( ap = op->ldop_srch.ldsp_attrs; *ap != NULL; ++ap ) {
+ if ( strcasecmp( name, *ap ) == 0 ) {
+ return( 1 );
+ }
+ }
+
+ return( 0 );
+}
+
+
+void
+free_entry( struct ldentry *entry )
+{
+ struct ldattr **app;
+ char **valp;
+
+ free( entry->lde_dn );
+
+ for ( app = entry->lde_attrs; *app != NULL; ++app ) {
+ for ( valp = (*app)->lda_values; *valp != NULL; ++valp ) {
+ free( *valp );
+ }
+ free( (*app)->lda_values );
+ free( (*app)->lda_name );
+ }
+
+ free( entry->lde_attrs );
+ free( entry );
+}
+
+
+int
+parse_input( FILE *ifp, FILE *ofp, struct ldop *op )
+{
+ char *p, *args, line[ MAXLINELEN + 1 ];
+ struct inputparams *ip;
+
+ if ( fgets( line, MAXLINELEN, ifp ) == NULL ) {
+ write_result( ofp, LDAP_OTHER, NULL, "Empty Input" );
+ }
+ line[ strlen( line ) - 1 ] = '\0';
+ if ( strncasecmp( line, STR_OP_SEARCH, sizeof( STR_OP_SEARCH ) - 1 )
+ != 0 ) {
+ write_result( ofp, LDAP_UNWILLING_TO_PERFORM, NULL,
+ "Operation Not Supported" );
+ return( -1 );
+ }
+
+ op->ldop_op = LDOP_SEARCH;
+
+ while ( fgets( line, MAXLINELEN, ifp ) != NULL ) {
+ line[ strlen( line ) - 1 ] = '\0';
+ debug_printf( "<< %s\n", line );
+
+ args = line;
+ if (( ip = find_input_tag( &args )) == NULL ) {
+ debug_printf( "ignoring %s\n", line );
+ continue;
+ }
+
+ switch( ip->ip_type ) {
+ case IP_TYPE_SUFFIX:
+ add_strval( &op->ldop_suffixes, args );
+ break;
+ case IP_TYPE_BASE:
+ op->ldop_dn = estrdup( args );
+ break;
+ case IP_TYPE_SCOPE:
+ if ( lutil_atoi( &op->ldop_srch.ldsp_scope, args ) != 0 ||
+ ( op->ldop_srch.ldsp_scope != LDAP_SCOPE_BASE &&
+ op->ldop_srch.ldsp_scope != LDAP_SCOPE_ONELEVEL &&
+ op->ldop_srch.ldsp_scope != LDAP_SCOPE_SUBTREE ) )
+ {
+ write_result( ofp, LDAP_OTHER, NULL, "Bad scope" );
+ return( -1 );
+ }
+ break;
+ case IP_TYPE_ALIASDEREF:
+ if ( lutil_atoi( &op->ldop_srch.ldsp_aliasderef, args ) != 0 ) {
+ write_result( ofp, LDAP_OTHER, NULL, "Bad alias deref" );
+ return( -1 );
+ }
+ break;
+ case IP_TYPE_SIZELIMIT:
+ if ( lutil_atoi( &op->ldop_srch.ldsp_sizelimit, args ) != 0 ) {
+ write_result( ofp, LDAP_OTHER, NULL, "Bad size limit" );
+ return( -1 );
+ }
+ break;
+ case IP_TYPE_TIMELIMIT:
+ if ( lutil_atoi( &op->ldop_srch.ldsp_timelimit, args ) != 0 ) {
+ write_result( ofp, LDAP_OTHER, NULL, "Bad time limit" );
+ return( -1 );
+ }
+ break;
+ case IP_TYPE_FILTER:
+ op->ldop_srch.ldsp_filter = estrdup( args );
+ break;
+ case IP_TYPE_ATTRSONLY:
+ op->ldop_srch.ldsp_attrsonly = ( *args != '0' );
+ break;
+ case IP_TYPE_ATTRS:
+ if ( strcmp( args, "all" ) == 0 ) {
+ op->ldop_srch.ldsp_attrs = NULL;
+ } else {
+ while ( args != NULL ) {
+ if (( p = strchr( args, ' ' )) != NULL ) {
+ *p++ = '\0';
+ while ( isspace( (unsigned char) *p )) {
+ ++p;
+ }
+ }
+ add_strval( &op->ldop_srch.ldsp_attrs, args );
+ args = p;
+ }
+ }
+ break;
+ }
+ }
+
+ if ( op->ldop_suffixes == NULL || op->ldop_dn == NULL ||
+ op->ldop_srch.ldsp_filter == NULL ) {
+ write_result( ofp, LDAP_OTHER, NULL,
+ "Required suffix:, base:, or filter: missing" );
+ return( -1 );
+ }
+
+ return( 0 );
+}
+
+
+struct inputparams *
+find_input_tag( char **linep ) /* linep is set to start of args */
+{
+ int i;
+ char *p;
+
+ if (( p = strchr( *linep, ':' )) == NULL || p == *linep ) {
+ return( NULL );
+ }
+
+ for ( i = 0; ips[ i ].ip_type != 0; ++i ) {
+ if ( strncasecmp( *linep, ips[ i ].ip_tag, p - *linep ) == 0 ) {
+ while ( isspace( (unsigned char) *(++p) )) {
+ ;
+ }
+ *linep = p;
+ return( &ips[ i ] );
+ }
+ }
+
+ return( NULL );
+}
+
+
+void
+add_strval( char ***sp, char *val )
+{
+ int i;
+ char **vallist;
+
+ vallist = *sp;
+
+ if ( vallist == NULL ) {
+ i = 0;
+ } else {
+ for ( i = 0; vallist[ i ] != NULL; ++i ) {
+ ;
+ }
+ }
+
+ vallist = (char **)erealloc( vallist, ( i + 2 ) * sizeof( char * ));
+ vallist[ i ] = estrdup( val );
+ vallist[ ++i ] = NULL;
+ *sp = vallist;
+}
+
+
+char *
+estrdup( char *s )
+{
+ char *p;
+
+ if (( p = strdup( s )) == NULL ) {
+ debug_printf( "strdup failed\n" );
+ exit( EXIT_FAILURE );
+ }
+
+ return( p );
+}
+
+
+void *
+erealloc( void *s, unsigned size )
+{
+ char *p;
+
+ if ( s == NULL ) {
+ p = malloc( size );
+ } else {
+ p = realloc( s, size );
+ }
+
+ if ( p == NULL ) {
+ debug_printf( "realloc( p, %d ) failed\n", size );
+ exit( EXIT_FAILURE );
+ }
+
+ return( p );
+}
+
+
+char *
+ecalloc( unsigned nelem, unsigned elsize )
+{
+ char *p;
+
+ if (( p = calloc( nelem, elsize )) == NULL ) {
+ debug_printf( "calloc( %d, %d ) failed\n", nelem, elsize );
+ exit( EXIT_FAILURE );
+ }
+
+ return( p );
+}
+
+
+#ifdef LDAP_DEBUG
+
+/* VARARGS */
+void
+debug_printf( const char *fmt, ... )
+{
+ va_list ap;
+
+ if ( debugflg ) {
+ va_start( ap, fmt );
+ fprintf( stderr, "%s: ", progname );
+ vfprintf( stderr, fmt, ap );
+ va_end( ap );
+ }
+}
+
+
+void
+dump_ldop( struct ldop *op )
+{
+ if ( !debugflg ) {
+ return;
+ }
+
+ debug_printf( "SEARCH operation\n" );
+ if ( op->ldop_suffixes == NULL ) {
+ debug_printf( " suffix: NONE\n" );
+ } else {
+ int i;
+ for ( i = 0; op->ldop_suffixes[ i ] != NULL; ++i ) {
+ debug_printf( " suffix: <%s>\n", op->ldop_suffixes[ i ] );
+ }
+ }
+ debug_printf( " dn: <%s>\n", op->ldop_dn );
+ debug_printf( " scope: <%d>\n", op->ldop_srch.ldsp_scope );
+ debug_printf( " filter: <%s>\n", op->ldop_srch.ldsp_filter );
+ debug_printf( "aliasderef: <%d>\n", op->ldop_srch.ldsp_aliasderef );
+ debug_printf( " sizelimit: <%d>\n", op->ldop_srch.ldsp_sizelimit );
+ debug_printf( " timelimit: <%d>\n", op->ldop_srch.ldsp_timelimit );
+ debug_printf( " attrsonly: <%d>\n", op->ldop_srch.ldsp_attrsonly );
+ if ( op->ldop_srch.ldsp_attrs == NULL ) {
+ debug_printf( " attrs: ALL\n" );
+ } else {
+ int i;
+
+ for ( i = 0; op->ldop_srch.ldsp_attrs[ i ] != NULL; ++i ) {
+ debug_printf( " attrs: <%s>\n", op->ldop_srch.ldsp_attrs[ i ] );
+ }
+ }
+}
+#endif /* LDAP_DEBUG */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/shellutil.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/shellutil.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/shell-backends/shellutil.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,123 @@
+/* shellutil.h */
+/* $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/shellutil.h,v 1.9.2.3 2007/01/02 21:44:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#ifndef SHELLUTIL_H
+#define SHELLUTIL_H
+
+#include <ldap_cdefs.h>
+
+LDAP_BEGIN_DECL
+
+#define MAXLINELEN 512
+
+#define STR_OP_SEARCH "SEARCH"
+
+
+struct inputparams {
+ int ip_type;
+#define IP_TYPE_SUFFIX 0x01
+#define IP_TYPE_BASE 0x02
+#define IP_TYPE_SCOPE 0x03
+#define IP_TYPE_ALIASDEREF 0x04
+#define IP_TYPE_SIZELIMIT 0x05
+#define IP_TYPE_TIMELIMIT 0x06
+#define IP_TYPE_FILTER 0x07
+#define IP_TYPE_ATTRSONLY 0x08
+#define IP_TYPE_ATTRS 0x09
+ char *ip_tag;
+};
+
+
+struct ldsrchparms {
+ int ldsp_scope;
+ int ldsp_aliasderef;
+ int ldsp_sizelimit;
+ int ldsp_timelimit;
+ int ldsp_attrsonly;
+ char *ldsp_filter;
+ char **ldsp_attrs;
+};
+
+
+struct ldop {
+ int ldop_op;
+#define LDOP_SEARCH 0x01
+ char **ldop_suffixes;
+ char *ldop_dn;
+ union ldapop_params_u {
+ struct ldsrchparms LDsrchparams;
+ } ldop_params;
+#define ldop_srch ldop_params.LDsrchparams
+};
+
+
+struct ldattr {
+ char *lda_name;
+ char **lda_values;
+};
+
+
+struct ldentry {
+ char *lde_dn;
+ struct ldattr **lde_attrs;
+};
+
+
+#ifdef LDAP_DEBUG
+void debug_printf(const char *, ...) LDAP_GCCATTR((format(printf, 1, 2)));
+#else /* LDAP_DEBUG */
+#define debug_printf (void) /* Ignore "arguments" */
+#endif /* LDAP_DEBUG */
+
+/*
+ * function prototypes
+ */
+void write_result( FILE *fp, int code, char *matched, char *info );
+void write_entry( struct ldop *op, struct ldentry *entry, FILE *ofp );
+int test_filter( struct ldop *op, struct ldentry *entry );
+void free_entry( struct ldentry *entry );
+int attr_requested( char *name, struct ldop *op );
+int parse_input( FILE *ifp, FILE *ofp, struct ldop *op );
+struct inputparams *find_input_tag( char **linep );
+void add_strval( char ***sp, char *val );
+char *ecalloc( unsigned nelem, unsigned elsize );
+void *erealloc( void *s, unsigned size );
+char *estrdup( char *s );
+extern void dump_ldop (struct ldop *op);
+
+
+/*
+ * global variables
+ */
+extern int debugflg;
+extern char *progname;
+
+LDAP_END_DECL
+#endif
Added: openldap/vendor/openldap-2.3.35/servers/slapd/sl_malloc.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/sl_malloc.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/sl_malloc.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,644 @@
+/* sl_malloc.c - malloc routines using a per-thread slab */
+/* $OpenLDAP: pkg/ldap/servers/slapd/sl_malloc.c,v 1.24.2.7 2007/01/02 21:43:58 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+
+static struct slab_object * slap_replenish_sopool(struct slab_heap* sh);
+#ifdef SLAPD_UNUSED
+static void print_slheap(int level, void *ctx);
+#endif
+
+void
+slap_sl_mem_destroy(
+ void *key,
+ void *data
+)
+{
+ struct slab_heap *sh = data;
+ int pad = 2*sizeof(int)-1, pad_shift;
+ int order_start = -1, i;
+ struct slab_object *so;
+
+ if (sh->sh_stack) {
+ ber_memfree_x(sh->sh_base, NULL);
+ ber_memfree_x(sh, NULL);
+ } else {
+ pad_shift = pad - 1;
+ do {
+ order_start++;
+ } while (pad_shift >>= 1);
+
+ for (i = 0; i <= sh->sh_maxorder - order_start; i++) {
+ so = LDAP_LIST_FIRST(&sh->sh_free[i]);
+ while (so) {
+ struct slab_object *so_tmp = so;
+ so = LDAP_LIST_NEXT(so, so_link);
+ LDAP_LIST_INSERT_HEAD(&sh->sh_sopool, so_tmp, so_link);
+ }
+ ch_free(sh->sh_map[i]);
+ }
+ ch_free(sh->sh_free);
+ ch_free(sh->sh_map);
+
+ so = LDAP_LIST_FIRST(&sh->sh_sopool);
+ while (so) {
+ struct slab_object *so_tmp = so;
+ so = LDAP_LIST_NEXT(so, so_link);
+ if (!so_tmp->so_blockhead) {
+ LDAP_LIST_REMOVE(so_tmp, so_link);
+ }
+ }
+ so = LDAP_LIST_FIRST(&sh->sh_sopool);
+ while (so) {
+ struct slab_object *so_tmp = so;
+ so = LDAP_LIST_NEXT(so, so_link);
+ ch_free(so_tmp);
+ }
+ ber_memfree_x(sh->sh_base, NULL);
+ ber_memfree_x(sh, NULL);
+ }
+}
+
+BerMemoryFunctions slap_sl_mfuncs =
+ { slap_sl_malloc, slap_sl_calloc, slap_sl_realloc, slap_sl_free };
+
+void
+slap_sl_mem_init()
+{
+ ber_set_option( NULL, LBER_OPT_MEMORY_FNS, &slap_sl_mfuncs );
+}
+
+#ifdef NO_THREADS
+static struct slab_heap *slheap;
+#endif
+
+void *
+slap_sl_mem_create(
+ ber_len_t size,
+ int stack,
+ void *ctx
+)
+{
+ struct slab_heap *sh;
+ ber_len_t size_shift;
+ int pad = 2*sizeof(int)-1, pad_shift;
+ int order = -1, order_start = -1, order_end = -1;
+ int i;
+ struct slab_object *so;
+
+#ifdef NO_THREADS
+ sh = slheap;
+#else
+ void *sh_tmp = NULL;
+ ldap_pvt_thread_pool_getkey(
+ ctx, (void *)slap_sl_mem_init, &sh_tmp, NULL );
+ sh = sh_tmp;
+#endif
+
+ /* round up to doubleword boundary */
+ size += pad;
+ size &= ~pad;
+
+ if (stack) {
+ if (!sh) {
+ sh = ch_malloc(sizeof(struct slab_heap));
+ sh->sh_base = ch_malloc(size);
+#ifdef NO_THREADS
+ slheap = sh;
+#else
+ ldap_pvt_thread_pool_setkey(ctx, (void *)slap_sl_mem_init,
+ (void *)sh, slap_sl_mem_destroy);
+#endif
+ } else if ( size > (char *)sh->sh_end - (char *)sh->sh_base ) {
+ sh->sh_base = ch_realloc(sh->sh_base, size);
+ }
+ sh->sh_last = sh->sh_base;
+ sh->sh_end = (char *) sh->sh_base + size;
+ sh->sh_stack = stack;
+ return sh;
+ } else {
+ size_shift = size - 1;
+ do {
+ order_end++;
+ } while (size_shift >>= 1);
+
+ pad_shift = pad - 1;
+ do {
+ order_start++;
+ } while (pad_shift >>= 1);
+
+ order = order_end - order_start + 1;
+
+ if (!sh) {
+ sh = (struct slab_heap *) ch_malloc(sizeof(struct slab_heap));
+ sh->sh_base = ch_malloc(size);
+#ifdef NO_THREADS
+ slheap = sh;
+#else
+ ldap_pvt_thread_pool_setkey(ctx, (void *)slap_sl_mem_init,
+ (void *)sh, slap_sl_mem_destroy);
+#endif
+ } else {
+ for (i = 0; i <= sh->sh_maxorder - order_start; i++) {
+ so = LDAP_LIST_FIRST(&sh->sh_free[i]);
+ while (so) {
+ struct slab_object *so_tmp = so;
+ so = LDAP_LIST_NEXT(so, so_link);
+ LDAP_LIST_INSERT_HEAD(&sh->sh_sopool, so_tmp, so_link);
+ }
+ ch_free(sh->sh_map[i]);
+ }
+ ch_free(sh->sh_free);
+ ch_free(sh->sh_map);
+
+ so = LDAP_LIST_FIRST(&sh->sh_sopool);
+ while (so) {
+ struct slab_object *so_tmp = so;
+ so = LDAP_LIST_NEXT(so, so_link);
+ if (!so_tmp->so_blockhead) {
+ LDAP_LIST_REMOVE(so_tmp, so_link);
+ }
+ }
+ so = LDAP_LIST_FIRST(&sh->sh_sopool);
+ while (so) {
+ struct slab_object *so_tmp = so;
+ so = LDAP_LIST_NEXT(so, so_link);
+ ch_free(so_tmp);
+ }
+
+ if (size > (char *)sh->sh_end - (char *)sh->sh_base) {
+ sh->sh_base = realloc(sh->sh_base, size);
+ }
+ }
+ sh->sh_end = (char *)sh->sh_base + size;
+ sh->sh_maxorder = order_end;
+
+ sh->sh_free = (struct sh_freelist *)
+ ch_malloc(order * sizeof(struct sh_freelist));
+ for (i = 0; i < order; i++) {
+ LDAP_LIST_INIT(&sh->sh_free[i]);
+ }
+
+ LDAP_LIST_INIT(&sh->sh_sopool);
+
+ if (LDAP_LIST_EMPTY(&sh->sh_sopool)) {
+ slap_replenish_sopool(sh);
+ }
+ so = LDAP_LIST_FIRST(&sh->sh_sopool);
+ LDAP_LIST_REMOVE(so, so_link);
+ so->so_ptr = sh->sh_base;
+
+ LDAP_LIST_INSERT_HEAD(&sh->sh_free[order-1], so, so_link);
+
+ sh->sh_map = (unsigned char **)
+ ch_malloc(order * sizeof(unsigned char *));
+ for (i = 0; i < order; i++) {
+ int shiftamt = order_start + 1 + i;
+ int nummaps = size >> shiftamt;
+ assert(nummaps);
+ nummaps >>= 3;
+ if (!nummaps) nummaps = 1;
+ sh->sh_map[i] = (unsigned char *) ch_malloc(nummaps);
+ memset(sh->sh_map[i], 0, nummaps);
+ }
+ sh->sh_stack = stack;
+ return sh;
+ }
+}
+
+void
+slap_sl_mem_detach(
+ void *ctx,
+ void *memctx
+)
+{
+#ifdef NO_THREADS
+ slheap = NULL;
+#else
+ /* separate from context */
+ ldap_pvt_thread_pool_setkey( ctx, (void *)slap_sl_mem_init, NULL, NULL );
+#endif
+}
+
+void *
+slap_sl_malloc(
+ ber_len_t size,
+ void *ctx
+)
+{
+ struct slab_heap *sh = ctx;
+ ber_len_t size_shift;
+ int pad = 2*sizeof(int)-1, pad_shift;
+ int order = -1, order_start = -1;
+ struct slab_object *so_new, *so_left, *so_right;
+ ber_len_t *ptr, *new;
+ unsigned long diff;
+ int i, j;
+
+ /* ber_set_option calls us like this */
+ if (!ctx) return ber_memalloc_x(size, NULL);
+
+ /* round up to doubleword boundary */
+ size += sizeof(ber_len_t) + pad;
+ size &= ~pad;
+
+ if (sh->sh_stack) {
+ if ((char *)sh->sh_last + size >= (char *)sh->sh_end) {
+ Debug(LDAP_DEBUG_TRACE,
+ "slap_sl_malloc of %lu bytes failed, using ch_malloc\n",
+ (long)size, 0, 0);
+ return ch_malloc(size);
+ }
+ new = sh->sh_last;
+ *new++ = size - sizeof(ber_len_t);
+ sh->sh_last = (char *) sh->sh_last + size;
+ return( (void *)new );
+ } else {
+ size_shift = size - 1;
+ do {
+ order++;
+ } while (size_shift >>= 1);
+
+ pad_shift = pad - 1;
+ do {
+ order_start++;
+ } while (pad_shift >>= 1);
+
+ for (i = order; i <= sh->sh_maxorder &&
+ LDAP_LIST_EMPTY(&sh->sh_free[i-order_start]); i++);
+
+ if (i == order) {
+ so_new = LDAP_LIST_FIRST(&sh->sh_free[i-order_start]);
+ LDAP_LIST_REMOVE(so_new, so_link);
+ ptr = so_new->so_ptr;
+ diff = (unsigned long)((char*)ptr -
+ (char*)sh->sh_base) >> (order + 1);
+ sh->sh_map[order-order_start][diff>>3] |= (1 << (diff & 0x7));
+ *ptr++ = size - sizeof(ber_len_t);
+ LDAP_LIST_INSERT_HEAD(&sh->sh_sopool, so_new, so_link);
+ return((void*)ptr);
+ } else if (i <= sh->sh_maxorder) {
+ for (j = i; j > order; j--) {
+ so_left = LDAP_LIST_FIRST(&sh->sh_free[j-order_start]);
+ LDAP_LIST_REMOVE(so_left, so_link);
+ if (LDAP_LIST_EMPTY(&sh->sh_sopool)) {
+ slap_replenish_sopool(sh);
+ }
+ so_right = LDAP_LIST_FIRST(&sh->sh_sopool);
+ LDAP_LIST_REMOVE(so_right, so_link);
+ so_right->so_ptr = (void *)((char *)so_left->so_ptr + (1 << j));
+ if (j == order + 1) {
+ ptr = so_left->so_ptr;
+ diff = (unsigned long)((char*)ptr -
+ (char*)sh->sh_base) >> (order+1);
+ sh->sh_map[order-order_start][diff>>3] |=
+ (1 << (diff & 0x7));
+ *ptr++ = size - sizeof(ber_len_t);
+ LDAP_LIST_INSERT_HEAD(
+ &sh->sh_free[j-1-order_start], so_right, so_link);
+ LDAP_LIST_INSERT_HEAD(&sh->sh_sopool, so_left, so_link);
+ return((void*)ptr);
+ } else {
+ LDAP_LIST_INSERT_HEAD(
+ &sh->sh_free[j-1-order_start], so_right, so_link);
+ LDAP_LIST_INSERT_HEAD(
+ &sh->sh_free[j-1-order_start], so_left, so_link);
+ }
+ }
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_sl_malloc of %lu bytes failed, using ch_malloc\n",
+ (long)size, 0, 0);
+ return (void*)ch_malloc(size);
+ }
+ }
+
+ /* FIXME: missing return; guessing... */
+ return NULL;
+}
+
+void *
+slap_sl_calloc( ber_len_t n, ber_len_t size, void *ctx )
+{
+ void *new;
+
+ new = slap_sl_malloc( n*size, ctx );
+ if ( new ) {
+ memset( new, 0, n*size );
+ }
+ return new;
+}
+
+void *
+slap_sl_realloc(void *ptr, ber_len_t size, void *ctx)
+{
+ struct slab_heap *sh = ctx;
+ int pad = 2*sizeof(int) -1;
+ ber_len_t *p = (ber_len_t *)ptr, *new;
+
+ if (ptr == NULL)
+ return slap_sl_malloc(size, ctx);
+
+ /* Not our memory? */
+ if (!sh || ptr < sh->sh_base || ptr >= sh->sh_end) {
+ /* duplicate of realloc behavior, oh well */
+ new = ber_memrealloc_x(ptr, size, NULL);
+ if (new) {
+ return new;
+ }
+ Debug(LDAP_DEBUG_ANY, "ch_realloc of %lu bytes failed\n",
+ (long) size, 0, 0);
+ assert(0);
+ exit( EXIT_FAILURE );
+ }
+
+ if (size == 0) {
+ slap_sl_free(ptr, ctx);
+ return NULL;
+ }
+
+ if (sh->sh_stack) {
+ /* round up to doubleword boundary */
+ size += pad + sizeof( ber_len_t );
+ size &= ~pad;
+
+ /* Never shrink blocks */
+ if (size <= p[-1]) {
+ new = p;
+
+ /* If reallocing the last block, we can grow it */
+ } else if ((char *)ptr + p[-1] == sh->sh_last &&
+ (char *)ptr + size < (char *)sh->sh_end ) {
+ new = p;
+ sh->sh_last = (char *)sh->sh_last + size - p[-1];
+ p[-1] = size;
+
+ /* Nowhere to grow, need to alloc and copy */
+ } else {
+ new = slap_sl_malloc(size, ctx);
+ AC_MEMCPY(new, ptr, p[-1]);
+ }
+ return new;
+ } else {
+ void *newptr;
+ newptr = slap_sl_malloc(size, ctx);
+ if (size < p[-1]) {
+ AC_MEMCPY(newptr, ptr, size);
+ } else {
+ AC_MEMCPY(newptr, ptr, p[-1]);
+ }
+ slap_sl_free(ptr, ctx);
+ return newptr;
+ }
+}
+
+void
+slap_sl_free(void *ptr, void *ctx)
+{
+ struct slab_heap *sh = ctx;
+ int size, size_shift, order_size;
+ int pad = 2*sizeof(int)-1, pad_shift;
+ ber_len_t *p = (ber_len_t *)ptr, *tmpp;
+ int order_start = -1, order = -1;
+ struct slab_object *so;
+ unsigned long diff;
+ int i, inserted = 0;
+
+ if (!sh || ptr < sh->sh_base || ptr >= sh->sh_end) {
+ ber_memfree_x(ptr, NULL);
+ } else if (sh->sh_stack && (char *)ptr + p[-1] == sh->sh_last) {
+ p--;
+ sh->sh_last = p;
+ } else if (!sh->sh_stack) {
+ size = *(--p);
+ size_shift = size + sizeof(ber_len_t) - 1;
+ do {
+ order++;
+ } while (size_shift >>= 1);
+
+ pad_shift = pad - 1;
+ do {
+ order_start++;
+ } while (pad_shift >>= 1);
+
+ for (i = order, tmpp = p; i <= sh->sh_maxorder; i++) {
+ order_size = 1 << (i+1);
+ diff = (unsigned long)((char*)tmpp - (char*)sh->sh_base) >> (i+1);
+ sh->sh_map[i-order_start][diff>>3] &= (~(1 << (diff & 0x7)));
+ if (diff == ((diff>>1)<<1)) {
+ if (!(sh->sh_map[i-order_start][(diff+1)>>3] &
+ (1<<((diff+1)&0x7)))) {
+ so = LDAP_LIST_FIRST(&sh->sh_free[i-order_start]);
+ while (so) {
+ if ((char*)so->so_ptr == (char*)tmpp) {
+ LDAP_LIST_REMOVE( so, so_link );
+ } else if ((char*)so->so_ptr ==
+ (char*)tmpp + order_size) {
+ LDAP_LIST_REMOVE(so, so_link);
+ break;
+ }
+ so = LDAP_LIST_NEXT(so, so_link);
+ }
+ if (so) {
+ if (i < sh->sh_maxorder) {
+ inserted = 1;
+ so->so_ptr = tmpp;
+ LDAP_LIST_INSERT_HEAD(&sh->sh_free[i-order_start+1],
+ so, so_link);
+ }
+ continue;
+ } else {
+ if (LDAP_LIST_EMPTY(&sh->sh_sopool)) {
+ slap_replenish_sopool(sh);
+ }
+ so = LDAP_LIST_FIRST(&sh->sh_sopool);
+ LDAP_LIST_REMOVE(so, so_link);
+ so->so_ptr = tmpp;
+ LDAP_LIST_INSERT_HEAD(&sh->sh_free[i-order_start],
+ so, so_link);
+ break;
+
+ Debug(LDAP_DEBUG_TRACE, "slap_sl_free: "
+ "free object not found while bit is clear.\n",
+ 0, 0, 0);
+ assert(so != NULL);
+
+ }
+ } else {
+ if (!inserted) {
+ if (LDAP_LIST_EMPTY(&sh->sh_sopool)) {
+ slap_replenish_sopool(sh);
+ }
+ so = LDAP_LIST_FIRST(&sh->sh_sopool);
+ LDAP_LIST_REMOVE(so, so_link);
+ so->so_ptr = tmpp;
+ LDAP_LIST_INSERT_HEAD(&sh->sh_free[i-order_start],
+ so, so_link);
+ }
+ break;
+ }
+ } else {
+ if (!(sh->sh_map[i-order_start][(diff-1)>>3] &
+ (1<<((diff-1)&0x7)))) {
+ so = LDAP_LIST_FIRST(&sh->sh_free[i-order_start]);
+ while (so) {
+ if ((char*)so->so_ptr == (char*)tmpp) {
+ LDAP_LIST_REMOVE(so, so_link);
+ } else if ((char*)tmpp == (char *)so->so_ptr + order_size) {
+ LDAP_LIST_REMOVE(so, so_link);
+ tmpp = so->so_ptr;
+ break;
+ }
+ so = LDAP_LIST_NEXT(so, so_link);
+ }
+ if (so) {
+ if (i < sh->sh_maxorder) {
+ inserted = 1;
+ LDAP_LIST_INSERT_HEAD(&sh->sh_free[i-order_start+1], so, so_link);
+ continue;
+ }
+ } else {
+ if (LDAP_LIST_EMPTY(&sh->sh_sopool)) {
+ slap_replenish_sopool(sh);
+ }
+ so = LDAP_LIST_FIRST(&sh->sh_sopool);
+ LDAP_LIST_REMOVE(so, so_link);
+ so->so_ptr = tmpp;
+ LDAP_LIST_INSERT_HEAD(&sh->sh_free[i-order_start],
+ so, so_link);
+ break;
+
+ Debug(LDAP_DEBUG_TRACE, "slap_sl_free: "
+ "free object not found while bit is clear.\n",
+ 0, 0, 0 );
+ assert(so != NULL);
+
+ }
+ } else {
+ if ( !inserted ) {
+ if (LDAP_LIST_EMPTY(&sh->sh_sopool)) {
+ slap_replenish_sopool(sh);
+ }
+ so = LDAP_LIST_FIRST(&sh->sh_sopool);
+ LDAP_LIST_REMOVE(so, so_link);
+ so->so_ptr = tmpp;
+ LDAP_LIST_INSERT_HEAD(&sh->sh_free[i-order_start],
+ so, so_link);
+ }
+ break;
+ }
+ }
+ }
+ }
+}
+
+void *
+slap_sl_context( void *ptr )
+{
+ struct slab_heap *sh;
+ void *ctx, *sh_tmp;
+
+ if ( slapMode & SLAP_TOOL_MODE ) return NULL;
+
+#ifdef NO_THREADS
+ sh = slheap;
+#else
+ ctx = ldap_pvt_thread_pool_context();
+
+ sh_tmp = NULL;
+ ldap_pvt_thread_pool_getkey(
+ ctx, (void *)slap_sl_mem_init, &sh_tmp, NULL);
+ sh = sh_tmp;
+#endif
+
+ if (sh && ptr >= sh->sh_base && ptr <= sh->sh_end) {
+ return sh;
+ }
+ return NULL;
+}
+
+static struct slab_object *
+slap_replenish_sopool(
+ struct slab_heap* sh
+)
+{
+ struct slab_object *so_block;
+ int i;
+
+ so_block = (struct slab_object *)ch_malloc(
+ SLAP_SLAB_SOBLOCK * sizeof(struct slab_object));
+
+ if ( so_block == NULL ) {
+ return NULL;
+ }
+
+ so_block[0].so_blockhead = 1;
+ LDAP_LIST_INSERT_HEAD(&sh->sh_sopool, &so_block[0], so_link);
+ for (i = 1; i < SLAP_SLAB_SOBLOCK; i++) {
+ so_block[i].so_blockhead = 0;
+ LDAP_LIST_INSERT_HEAD(&sh->sh_sopool, &so_block[i], so_link );
+ }
+
+ return so_block;
+}
+
+#ifdef SLAPD_UNUSED
+static void
+print_slheap(int level, void *ctx)
+{
+ struct slab_heap *sh = ctx;
+ int order_start = -1;
+ int pad = 2*sizeof(int)-1, pad_shift;
+ struct slab_object *so;
+ int i, j, once = 0;
+
+ if (!ctx) {
+ Debug(level, "NULL memctx\n", 0, 0, 0);
+ return;
+ }
+
+ pad_shift = pad - 1;
+ do {
+ order_start++;
+ } while (pad_shift >>= 1);
+
+ Debug(level, "sh->sh_maxorder=%d\n", sh->sh_maxorder, 0, 0);
+
+ for (i = order_start; i <= sh->sh_maxorder; i++) {
+ once = 0;
+ Debug(level, "order=%d\n", i, 0, 0);
+ for (j = 0; j < (1<<(sh->sh_maxorder-i))/8; j++) {
+ Debug(level, "%02x ", sh->sh_map[i-order_start][j], 0, 0);
+ once = 1;
+ }
+ if (!once) {
+ Debug(level, "%02x ", sh->sh_map[i-order_start][0], 0, 0);
+ }
+ Debug(level, "\n", 0, 0, 0);
+ Debug(level, "free list:\n", 0, 0, 0);
+ so = LDAP_LIST_FIRST(&sh->sh_free[i-order_start]);
+ while (so) {
+ Debug(level, "%lx\n", (unsigned long) so->so_ptr, 0, 0);
+ so = LDAP_LIST_NEXT(so, so_link);
+ }
+ }
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slap.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slap.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slap.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3109 @@
+/* slap.h - stand alone ldap server include file */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slap.h,v 1.612.2.45 2007/01/03 08:55:03 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#ifndef _SLAP_H_
+#define _SLAP_H_
+
+#include "ldap_defaults.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <sys/types.h>
+#include <ac/syslog.h>
+#include <ac/regex.h>
+#include <ac/signal.h>
+#include <ac/socket.h>
+#include <ac/time.h>
+#include <ac/param.h>
+
+#include "avl.h"
+
+#ifndef ldap_debug
+#define ldap_debug slap_debug
+#endif
+
+#include "ldap_log.h"
+
+#include <ldap.h>
+#include <ldap_schema.h>
+
+#include "lber_pvt.h"
+#include "ldap_pvt.h"
+#include "ldap_pvt_thread.h"
+#include "ldap_queue.h"
+
+LDAP_BEGIN_DECL
+
+
+#ifdef LDAP_DEVEL
+#define SLAP_LIGHTWEIGHT_DISPATCHER /* experimental slapd architecture */
+#define SLAP_MULTI_CONN_ARRAY
+#ifdef LDAP_PVT_THREAD_POOL_SEM_LOAD_CONTROL
+#define SLAP_SEM_LOAD_CONTROL
+#endif /* LDAP_PVT_THREAD_POOL_SEM_LOAD_CONTROL */
+
+#define SLAP_ACL_HONOR_DISCLOSE /* partially implemented */
+#define SLAP_ACL_HONOR_MANAGE /* not yet implemented */
+#define SLAP_DYNACL
+#define SLAP_OVERLAY_ACCESS
+#define LDAP_COMP_MATCH
+#define LDAP_DYNAMIC_OBJECTS
+#define LDAP_SYNC_TIMESTAMP
+#define LDAP_COLLECTIVE_ATTRIBUTES
+#define SLAPD_CONF_UNKNOWN_BAILOUT
+#define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE
+
+#define SLAP_ORDERED_PRETTYNORM
+#define SLAP_AUTHZ_SYNTAX
+
+#ifdef ENABLE_REWRITE
+#define SLAP_AUTH_REWRITE 1 /* use librewrite for sasl-regexp */
+#endif
+#endif
+
+#if defined(LDAP_SLAPI) && !defined(SLAP_OVERLAY_ACCESS)
+#define SLAP_OVERLAY_ACCESS
+#endif
+
+/*
+ * ITS#3705: bail out if unknown config directives appear in slapd.conf
+ */
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+#define SLAPD_CONF_UNKNOWN_IGNORED ""
+#define SLAPD_DEBUG_CONFIG_ERROR LDAP_DEBUG_ANY
+#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
+#define SLAPD_CONF_UNKNOWN_IGNORED " (ignored)"
+#define SLAPD_DEBUG_CONFIG_ERROR LDAP_DEBUG_CONFIG
+#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
+
+/*
+ * SLAPD Memory allocation macros
+ *
+ * Unlike ch_*() routines, these routines do not assert() upon
+ * allocation error. They are intended to be used instead of
+ * ch_*() routines where the caller has implemented proper
+ * checking for and handling of allocation errors.
+ *
+ * Patches to convert ch_*() calls to SLAP_*() calls welcomed.
+ */
+#define SLAP_MALLOC(s) ber_memalloc((s))
+#define SLAP_CALLOC(n,s) ber_memcalloc((n),(s))
+#define SLAP_REALLOC(p,s) ber_memrealloc((p),(s))
+#define SLAP_FREE(p) ber_memfree((p))
+#define SLAP_VFREE(v) ber_memvfree((void**)(v))
+#define SLAP_STRDUP(s) ber_strdup((s))
+#define SLAP_STRNDUP(s,l) ber_strndup((s),(l))
+
+#ifdef f_next
+#undef f_next /* name conflict between sys/file.h on SCO and struct filter */
+#endif
+
+#define SERVICE_NAME OPENLDAP_PACKAGE "-slapd"
+#define SLAPD_ANONYMOUS ""
+
+/* LDAPMod.mod_op value ===> Must be kept in sync with ldap.h!
+ * This is a value used internally by the backends. It is needed to allow
+ * adding values that already exist without getting an error as required by
+ * modrdn when the new rdn was already an attribute value itself.
+ */
+#define SLAP_MOD_SOFTADD 0x1000
+
+#define MAXREMATCHES (100)
+
+#define SLAP_MAX_WORKER_THREADS (16)
+
+#define SLAP_SB_MAX_INCOMING_DEFAULT ((1<<18) - 1)
+#define SLAP_SB_MAX_INCOMING_AUTH ((1<<24) - 1)
+
+#define SLAP_CONN_MAX_PENDING_DEFAULT 100
+#define SLAP_CONN_MAX_PENDING_AUTH 1000
+
+#define SLAP_TEXT_BUFLEN (256)
+
+/* psuedo error code indicating abandoned operation */
+#define SLAPD_ABANDON (-1024)
+
+/* psuedo error code indicating disconnect */
+#define SLAPD_DISCONNECT (-1025)
+
+/* unknown config file directive */
+#define SLAP_CONF_UNKNOWN (-1026)
+
+/* We assume "C" locale, that is US-ASCII */
+#define ASCII_SPACE(c) ( (c) == ' ' )
+#define ASCII_LOWER(c) ( (c) >= 'a' && (c) <= 'z' )
+#define ASCII_UPPER(c) ( (c) >= 'A' && (c) <= 'Z' )
+#define ASCII_ALPHA(c) ( ASCII_LOWER(c) || ASCII_UPPER(c) )
+#define ASCII_DIGIT(c) ( (c) >= '0' && (c) <= '9' )
+#define ASCII_HEXLOWER(c) ( (c) >= 'a' && (c) <= 'f' )
+#define ASCII_HEXUPPER(c) ( (c) >= 'A' && (c) <= 'F' )
+#define ASCII_HEX(c) ( ASCII_DIGIT(c) || \
+ ASCII_HEXLOWER(c) || ASCII_HEXUPPER(c) )
+#define ASCII_ALNUM(c) ( ASCII_ALPHA(c) || ASCII_DIGIT(c) )
+#define ASCII_PRINTABLE(c) ( (c) >= ' ' && (c) <= '~' )
+
+#define SLAP_NIBBLE(c) ((c)&0x0f)
+#define SLAP_ESCAPE_CHAR ('\\')
+#define SLAP_ESCAPE_LO(c) ( "0123456789ABCDEF"[SLAP_NIBBLE(c)] )
+#define SLAP_ESCAPE_HI(c) ( SLAP_ESCAPE_LO((c)>>4) )
+
+#define FILTER_ESCAPE(c) ( (c) == '*' || (c) == '\\' \
+ || (c) == '(' || (c) == ')' || !ASCII_PRINTABLE(c) )
+
+#define DN_ESCAPE(c) ((c) == SLAP_ESCAPE_CHAR)
+/* NOTE: for consistency, this macro must only operate
+ * on normalized/pretty DN, such that ';' is never used
+ * as RDN separator, and all occurrences of ';' must be escaped */
+#define DN_SEPARATOR(c) ((c) == ',')
+#define RDN_ATTRTYPEANDVALUE_SEPARATOR(c) ((c) == '+') /* RFC 2253 */
+#define RDN_SEPARATOR(c) (DN_SEPARATOR(c) || RDN_ATTRTYPEANDVALUE_SEPARATOR(c))
+#define RDN_NEEDSESCAPE(c) ((c) == '\\' || (c) == '"')
+
+#define DESC_LEADCHAR(c) ( ASCII_ALPHA(c) )
+#define DESC_CHAR(c) ( ASCII_ALNUM(c) || (c) == '-' )
+#define OID_LEADCHAR(c) ( ASCII_DIGIT(c) )
+#define OID_SEPARATOR(c) ( (c) == '.' )
+#define OID_CHAR(c) ( OID_LEADCHAR(c) || OID_SEPARATOR(c) )
+
+#define ATTR_LEADCHAR(c) ( DESC_LEADCHAR(c) || OID_LEADCHAR(c) )
+#define ATTR_CHAR(c) ( DESC_CHAR((c)) || OID_SEPARATOR(c) )
+
+#define AD_LEADCHAR(c) ( ATTR_LEADCHAR(c) )
+#define AD_CHAR(c) ( ATTR_CHAR(c) || (c) == ';' )
+
+#define SLAP_NUMERIC(c) ( ASCII_DIGIT(c) || ASCII_SPACE(c) )
+
+#define SLAP_PRINTABLE(c) ( ASCII_ALNUM(c) || (c) == '\'' || \
+ (c) == '(' || (c) == ')' || (c) == '+' || (c) == ',' || \
+ (c) == '-' || (c) == '.' || (c) == '/' || (c) == ':' || \
+ (c) == '?' || (c) == ' ' || (c) == '=' )
+#define SLAP_PRINTABLES(c) ( SLAP_PRINTABLE(c) || (c) == '$' )
+
+/* must match in schema_init.c */
+#define SLAPD_DN_SYNTAX "1.3.6.1.4.1.1466.115.121.1.12"
+#define SLAPD_NAMEUID_SYNTAX "1.3.6.1.4.1.1466.115.121.1.34"
+#define SLAPD_INTEGER_SYNTAX "1.3.6.1.4.1.1466.115.121.1.27"
+#define SLAPD_GROUP_ATTR "member"
+#define SLAPD_GROUP_CLASS "groupOfNames"
+#define SLAPD_ROLE_ATTR "roleOccupant"
+#define SLAPD_ROLE_CLASS "organizationalRole"
+
+#ifdef SLAPD_ACI_ENABLED
+#define SLAPD_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1"
+#endif /* SLAPD_ACI_ENABLED */
+
+/* change this to "OpenLDAPset" */
+#define SLAPD_ACI_SET_ATTR "template"
+
+#define SLAPD_TOP_OID "2.5.6.0"
+
+LDAP_SLAPD_V (int) slap_debug;
+
+typedef unsigned long slap_mask_t;
+
+/* Security Strength Factor */
+typedef unsigned slap_ssf_t;
+
+typedef struct slap_ssf_set {
+ slap_ssf_t sss_ssf;
+ slap_ssf_t sss_transport;
+ slap_ssf_t sss_tls;
+ slap_ssf_t sss_sasl;
+ slap_ssf_t sss_update_ssf;
+ slap_ssf_t sss_update_transport;
+ slap_ssf_t sss_update_tls;
+ slap_ssf_t sss_update_sasl;
+ slap_ssf_t sss_simple_bind;
+} slap_ssf_set_t;
+
+/* Flags for telling slap_sasl_getdn() what type of identity is being passed */
+#define SLAP_GETDN_AUTHCID 2
+#define SLAP_GETDN_AUTHZID 4
+
+/*
+ * Index types
+ */
+#define SLAP_INDEX_TYPE 0x00FFUL
+#define SLAP_INDEX_UNDEFINED 0x0001UL
+#define SLAP_INDEX_PRESENT 0x0002UL
+#define SLAP_INDEX_EQUALITY 0x0004UL
+#define SLAP_INDEX_APPROX 0x0008UL
+#define SLAP_INDEX_SUBSTR 0x0010UL
+#define SLAP_INDEX_EXTENDED 0x0020UL
+
+#define SLAP_INDEX_DEFAULT SLAP_INDEX_EQUALITY
+
+#define IS_SLAP_INDEX(mask, type) (((mask) & (type)) == (type))
+
+#define SLAP_INDEX_SUBSTR_TYPE 0x0F00UL
+
+#define SLAP_INDEX_SUBSTR_INITIAL ( SLAP_INDEX_SUBSTR | 0x0100UL )
+#define SLAP_INDEX_SUBSTR_ANY ( SLAP_INDEX_SUBSTR | 0x0200UL )
+#define SLAP_INDEX_SUBSTR_FINAL ( SLAP_INDEX_SUBSTR | 0x0400UL )
+#define SLAP_INDEX_SUBSTR_DEFAULT \
+ ( SLAP_INDEX_SUBSTR \
+ | SLAP_INDEX_SUBSTR_INITIAL \
+ | SLAP_INDEX_SUBSTR_ANY \
+ | SLAP_INDEX_SUBSTR_FINAL )
+
+/* defaults for initial/final substring indices */
+#define SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT 2
+#define SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT 4
+
+/* defaults for any substring indices */
+#define SLAP_INDEX_SUBSTR_ANY_LEN_DEFAULT 4
+#define SLAP_INDEX_SUBSTR_ANY_STEP_DEFAULT 2
+
+#define SLAP_INDEX_FLAGS 0xF000UL
+#define SLAP_INDEX_NOSUBTYPES 0x1000UL /* don't use index w/ subtypes */
+#define SLAP_INDEX_NOTAGS 0x2000UL /* don't use index w/ tags */
+
+/*
+ * there is a single index for each attribute. these prefixes ensure
+ * that there is no collision among keys.
+ */
+#define SLAP_INDEX_EQUALITY_PREFIX '=' /* prefix for equality keys */
+#define SLAP_INDEX_APPROX_PREFIX '~' /* prefix for approx keys */
+#define SLAP_INDEX_SUBSTR_PREFIX '*' /* prefix for substring keys */
+#define SLAP_INDEX_SUBSTR_INITIAL_PREFIX '^'
+#define SLAP_INDEX_SUBSTR_FINAL_PREFIX '$'
+#define SLAP_INDEX_CONT_PREFIX '.' /* prefix for continuation keys */
+
+#define SLAP_SYNTAX_MATCHINGRULES_OID "1.3.6.1.4.1.1466.115.121.1.30"
+#define SLAP_SYNTAX_ATTRIBUTETYPES_OID "1.3.6.1.4.1.1466.115.121.1.3"
+#define SLAP_SYNTAX_OBJECTCLASSES_OID "1.3.6.1.4.1.1466.115.121.1.37"
+#define SLAP_SYNTAX_MATCHINGRULEUSES_OID "1.3.6.1.4.1.1466.115.121.1.31"
+#define SLAP_SYNTAX_CONTENTRULE_OID "1.3.6.1.4.1.1466.115.121.1.16"
+
+/*
+ * represents schema information for a database
+ */
+enum {
+ SLAP_SCHERR_OUTOFMEM = 1,
+ SLAP_SCHERR_CLASS_NOT_FOUND,
+ SLAP_SCHERR_CLASS_BAD_USAGE,
+ SLAP_SCHERR_CLASS_BAD_SUP,
+ SLAP_SCHERR_CLASS_DUP,
+ SLAP_SCHERR_CLASS_INCONSISTENT,
+ SLAP_SCHERR_ATTR_NOT_FOUND,
+ SLAP_SCHERR_ATTR_BAD_MR,
+ SLAP_SCHERR_ATTR_BAD_USAGE,
+ SLAP_SCHERR_ATTR_BAD_SUP,
+ SLAP_SCHERR_ATTR_INCOMPLETE,
+ SLAP_SCHERR_ATTR_DUP,
+ SLAP_SCHERR_ATTR_INCONSISTENT,
+ SLAP_SCHERR_MR_NOT_FOUND,
+ SLAP_SCHERR_MR_INCOMPLETE,
+ SLAP_SCHERR_MR_DUP,
+ SLAP_SCHERR_SYN_NOT_FOUND,
+ SLAP_SCHERR_SYN_DUP,
+ SLAP_SCHERR_NO_NAME,
+ SLAP_SCHERR_NOT_SUPPORTED,
+ SLAP_SCHERR_BAD_DESCR,
+ SLAP_SCHERR_OIDM,
+ SLAP_SCHERR_CR_DUP,
+ SLAP_SCHERR_CR_BAD_STRUCT,
+ SLAP_SCHERR_CR_BAD_AUX,
+ SLAP_SCHERR_CR_BAD_AT,
+
+ SLAP_SCHERR_LAST
+};
+
+typedef union slap_sockaddr {
+ struct sockaddr sa_addr;
+ struct sockaddr_in sa_in_addr;
+#ifdef LDAP_PF_INET6
+ struct sockaddr_storage sa_storage;
+ struct sockaddr_in6 sa_in6_addr;
+#endif
+#ifdef LDAP_PF_LOCAL
+ struct sockaddr_un sa_un_addr;
+#endif
+} Sockaddr;
+
+#ifdef LDAP_PF_INET6
+extern int slap_inet4or6;
+#endif
+
+typedef struct slap_oid_macro {
+ struct berval som_oid;
+ BerVarray som_names;
+ BerVarray som_subs;
+#define SLAP_OM_HARDCODE 0x10000U /* This is hardcoded schema */
+ int som_flags;
+ LDAP_STAILQ_ENTRY(slap_oid_macro) som_next;
+} OidMacro;
+
+/* forward declarations */
+struct slap_syntax;
+struct slap_matching_rule;
+
+typedef int slap_syntax_validate_func LDAP_P((
+ struct slap_syntax *syntax,
+ struct berval * in));
+
+typedef int slap_syntax_transform_func LDAP_P((
+ struct slap_syntax *syntax,
+ struct berval * in,
+ struct berval * out,
+ void *memctx));
+
+#ifdef LDAP_COMP_MATCH
+typedef void* slap_component_transform_func LDAP_P((
+ struct berval * in ));
+struct ComponentDesc;
+#endif
+
+typedef struct slap_syntax {
+ LDAPSyntax ssyn_syn;
+#define ssyn_oid ssyn_syn.syn_oid
+#define ssyn_desc ssyn_syn.syn_desc
+#define ssyn_extensions ssyn_syn.syn_extensions
+ /*
+ * Note: the former
+ ber_len_t ssyn_oidlen;
+ * has been replaced by a struct berval that uses the value
+ * provided by ssyn_syn.syn_oid; a macro that expands to
+ * the bv_len field of the berval is provided for backward
+ * compatibility. CAUTION: NEVER FREE THE BERVAL
+ */
+ struct berval ssyn_bvoid;
+#define ssyn_oidlen ssyn_bvoid.bv_len
+
+ unsigned int ssyn_flags;
+
+#define SLAP_SYNTAX_NONE 0x0000U
+#define SLAP_SYNTAX_BLOB 0x0001U /* syntax treated as blob (audio) */
+#define SLAP_SYNTAX_BINARY 0x0002U /* binary transfer required (certificate) */
+#define SLAP_SYNTAX_BER 0x0004U /* stored in BER encoding (certificate) */
+#ifdef LDAP_DEVEL
+#define SLAP_SYNTAX_HIDE 0x0000U /* publish everything */
+#else
+#define SLAP_SYNTAX_HIDE 0x8000U /* hide (do not publish) */
+#endif
+
+ slap_syntax_validate_func *ssyn_validate;
+ slap_syntax_transform_func *ssyn_pretty;
+
+#ifdef SLAPD_BINARY_CONVERSION
+ /* convert to and from binary */
+ slap_syntax_transform_func *ssyn_ber2str;
+ slap_syntax_transform_func *ssyn_str2ber;
+#endif
+#ifdef LDAP_COMP_MATCH
+ slap_component_transform_func *ssyn_attr2comp;
+ struct ComponentDesc* ssync_comp_syntax;
+#endif
+
+ LDAP_SLIST_ENTRY(slap_syntax) ssyn_next;
+} Syntax;
+
+#define slap_syntax_is_flag(s,flag) ((int)((s)->ssyn_flags & (flag)) ? 1 : 0)
+#define slap_syntax_is_blob(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BLOB)
+#define slap_syntax_is_binary(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BINARY)
+#define slap_syntax_is_ber(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BER)
+#define slap_syntax_is_hidden(s) slap_syntax_is_flag((s),SLAP_SYNTAX_HIDE)
+
+typedef struct slap_syntax_defs_rec {
+ char *sd_desc;
+ int sd_flags;
+ slap_syntax_validate_func *sd_validate;
+ slap_syntax_transform_func *sd_pretty;
+#ifdef SLAPD_BINARY_CONVERSION
+ slap_syntax_transform_func *sd_ber2str;
+ slap_syntax_transform_func *sd_str2ber;
+#endif
+} slap_syntax_defs_rec;
+
+/* X -> Y Converter */
+typedef int slap_mr_convert_func LDAP_P((
+ struct berval * in,
+ struct berval * out,
+ void *memctx ));
+
+/* Normalizer */
+typedef int slap_mr_normalize_func LDAP_P((
+ slap_mask_t use,
+ struct slap_syntax *syntax, /* NULL if in is asserted value */
+ struct slap_matching_rule *mr,
+ struct berval * in,
+ struct berval * out,
+ void *memctx ));
+
+/* Match (compare) function */
+typedef int slap_mr_match_func LDAP_P((
+ int *match,
+ slap_mask_t use,
+ struct slap_syntax *syntax, /* syntax of stored value */
+ struct slap_matching_rule *mr,
+ struct berval * value,
+ void * assertValue ));
+
+/* Index generation function */
+typedef int slap_mr_indexer_func LDAP_P((
+ slap_mask_t use,
+ slap_mask_t mask,
+ struct slap_syntax *syntax, /* syntax of stored value */
+ struct slap_matching_rule *mr,
+ struct berval *prefix,
+ BerVarray values,
+ BerVarray *keys,
+ void *memctx ));
+
+/* Filter index function */
+typedef int slap_mr_filter_func LDAP_P((
+ slap_mask_t use,
+ slap_mask_t mask,
+ struct slap_syntax *syntax, /* syntax of stored value */
+ struct slap_matching_rule *mr,
+ struct berval *prefix,
+ void * assertValue,
+ BerVarray *keys,
+ void *memctx ));
+
+typedef struct slap_matching_rule_use MatchingRuleUse;
+
+typedef struct slap_matching_rule {
+ LDAPMatchingRule smr_mrule;
+ MatchingRuleUse *smr_mru;
+ /* RFC2252 string representation */
+ struct berval smr_str;
+ /*
+ * Note: the former
+ * ber_len_t smr_oidlen;
+ * has been replaced by a struct berval that uses the value
+ * provided by smr_mrule.mr_oid; a macro that expands to
+ * the bv_len field of the berval is provided for backward
+ * compatibility. CAUTION: NEVER FREE THE BERVAL
+ */
+ struct berval smr_bvoid;
+#define smr_oidlen smr_bvoid.bv_len
+
+ slap_mask_t smr_usage;
+
+#ifdef LDAP_DEVEL
+#define SLAP_MR_HIDE 0x0000U
+#else
+#define SLAP_MR_HIDE 0x8000U
+#endif
+
+#define SLAP_MR_MUTATION_NORMALIZER 0x4000U
+
+#define SLAP_MR_TYPE_MASK 0x0F00U
+#define SLAP_MR_SUBTYPE_MASK 0x00F0U
+#define SLAP_MR_USAGE 0x000FU
+
+#define SLAP_MR_NONE 0x0000U
+#define SLAP_MR_EQUALITY 0x0100U
+#define SLAP_MR_ORDERING 0x0200U
+#define SLAP_MR_SUBSTR 0x0400U
+#define SLAP_MR_EXT 0x0800U /* implicitly extensible */
+#define SLAP_MR_ORDERED_INDEX 0x1000U
+#ifdef LDAP_COMP_MATCH
+#define SLAP_MR_COMPONENT 0x2000U
+#endif
+
+#define SLAP_MR_EQUALITY_APPROX ( SLAP_MR_EQUALITY | 0x0010U )
+
+#define SLAP_MR_SUBSTR_INITIAL ( SLAP_MR_SUBSTR | 0x0010U )
+#define SLAP_MR_SUBSTR_ANY ( SLAP_MR_SUBSTR | 0x0020U )
+#define SLAP_MR_SUBSTR_FINAL ( SLAP_MR_SUBSTR | 0x0040U )
+
+
+/*
+ * The asserted value, depending on the particular usage,
+ * is expected to conform to either the assertion syntax
+ * or the attribute syntax. In some cases, the syntax of
+ * the value is known. If so, these flags indicate which
+ * syntax the value is expected to conform to. If not,
+ * neither of these flags is set (until the syntax of the
+ * provided value is determined). If the value is of the
+ * attribute syntax, the flag is changed once a value of
+ * the assertion syntax is derived from the provided value.
+ */
+#define SLAP_MR_VALUE_OF_ASSERTION_SYNTAX 0x0001U
+#define SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX 0x0002U
+#define SLAP_MR_VALUE_OF_SYNTAX 0x0003U
+
+#define SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX( usage ) \
+ ((usage) & SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX )
+#define SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX( usage ) \
+ ((usage) & SLAP_MR_VALUE_OF_ASSERTION_SYNTAX )
+#ifdef LDAP_DEBUG
+#define SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) \
+ ((usage) & SLAP_MR_VALUE_OF_SYNTAX)
+#else
+#define SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) (1)
+#endif
+
+/* either or both the asserted value or attribute value
+ * may be provided in normalized form
+ */
+#define SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH 0x0004U
+#define SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH 0x0008U
+
+#define SLAP_IS_MR_ASSERTION_SYNTAX_MATCH( usage ) \
+ (!((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_MATCH))
+#define SLAP_IS_MR_ATTRIBUTE_SYNTAX_MATCH( usage ) \
+ ((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_MATCH)
+
+#define SLAP_IS_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH( usage ) \
+ (((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH) \
+ == SLAP_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH)
+#define SLAP_IS_MR_ATTRIBUTE_SYNTAX_NONCONVERTED_MATCH( usage ) \
+ (((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH) \
+ == SLAP_MR_ATTRIBUTE_SYNTAX_MATCH)
+
+#define SLAP_IS_MR_ASSERTED_VALUE_NORMALIZED_MATCH( usage ) \
+ ((usage) & SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH )
+#define SLAP_IS_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH( usage ) \
+ ((usage) & SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH )
+
+ Syntax *smr_syntax;
+ slap_mr_convert_func *smr_convert;
+ slap_mr_normalize_func *smr_normalize;
+ slap_mr_match_func *smr_match;
+ slap_mr_indexer_func *smr_indexer;
+ slap_mr_filter_func *smr_filter;
+
+ /*
+ * null terminated array of syntaxes compatible with this syntax
+ * note: when MS_EXT is set, this MUST NOT contain the assertion
+ * syntax of the rule. When MS_EXT is not set, it MAY.
+ */
+ Syntax **smr_compat_syntaxes;
+
+ /*
+ * For equality rules, refers to an associated approximate rule.
+ * For non-equality rules, refers to an associated equality rule.
+ */
+ struct slap_matching_rule *smr_associated;
+
+#define SLAP_MR_ASSOCIATED(mr,amr) \
+ (((mr) == (amr)) || ((mr)->smr_associated == (amr)))
+
+ LDAP_SLIST_ENTRY(slap_matching_rule)smr_next;
+
+#define smr_oid smr_mrule.mr_oid
+#define smr_names smr_mrule.mr_names
+#define smr_desc smr_mrule.mr_desc
+#define smr_obsolete smr_mrule.mr_obsolete
+#define smr_syntax_oid smr_mrule.mr_syntax_oid
+#define smr_extensions smr_mrule.mr_extensions
+} MatchingRule;
+
+struct slap_matching_rule_use {
+ LDAPMatchingRuleUse smru_mruleuse;
+ MatchingRule *smru_mr;
+ /* RFC2252 string representation */
+ struct berval smru_str;
+
+ LDAP_SLIST_ENTRY(slap_matching_rule_use) smru_next;
+
+#define smru_oid smru_mruleuse.mru_oid
+#define smru_names smru_mruleuse.mru_names
+#define smru_desc smru_mruleuse.mru_desc
+#define smru_obsolete smru_mruleuse.mru_obsolete
+#define smru_applies_oids smru_mruleuse.mru_applies_oids
+
+#define smru_usage smru_mr->smr_usage
+} /* MatchingRuleUse */ ;
+
+typedef struct slap_mrule_defs_rec {
+ char * mrd_desc;
+ slap_mask_t mrd_usage;
+ char ** mrd_compat_syntaxes;
+ slap_mr_convert_func * mrd_convert;
+ slap_mr_normalize_func * mrd_normalize;
+ slap_mr_match_func * mrd_match;
+ slap_mr_indexer_func * mrd_indexer;
+ slap_mr_filter_func * mrd_filter;
+
+ /* For equality rule, this may refer to an associated approximate rule */
+ /* For non-equality rule, this may refer to an associated equality rule */
+ char * mrd_associated;
+} slap_mrule_defs_rec;
+
+struct slap_backend_db;
+struct slap_entry;
+struct slap_attr;
+
+typedef int (AttributeTypeSchemaCheckFN)(
+ struct slap_backend_db *be,
+ struct slap_entry *e,
+ struct slap_attr *attr,
+ const char** text,
+ char *textbuf, size_t textlen );
+
+typedef struct slap_attribute_type {
+ LDAPAttributeType sat_atype;
+ struct berval sat_cname;
+ struct slap_attribute_type *sat_sup;
+ struct slap_attribute_type **sat_subtypes;
+ MatchingRule *sat_equality;
+ MatchingRule *sat_approx;
+ MatchingRule *sat_ordering;
+ MatchingRule *sat_substr;
+ Syntax *sat_syntax;
+
+ AttributeTypeSchemaCheckFN *sat_check;
+ char *sat_oidmacro;
+
+#define SLAP_AT_NONE 0x0000U
+#define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */
+#define SLAP_AT_FINAL 0x0200U /* cannot be subtyped */
+#ifdef LDAP_DEVEL
+#define SLAP_AT_HIDE 0x0000U /* publish everything */
+#else
+#define SLAP_AT_HIDE 0x8000U /* hide attribute */
+#endif
+#define SLAP_AT_DYNAMIC 0x0400U /* dynamically generated */
+
+#define SLAP_AT_MANAGEABLE 0x0800U /* no-user-mod can be by-passed */
+
+#define SLAP_AT_ORDERED_VAL 0x0001U /* values are ordered */
+#define SLAP_AT_ORDERED_SIB 0x0002U /* siblings are ordered */
+#define SLAP_AT_ORDERED 0x0003U /* value has order index */
+
+#define SLAP_AT_HARDCODE 0x10000U /* hardcoded schema */
+
+ slap_mask_t sat_flags;
+
+ LDAP_STAILQ_ENTRY(slap_attribute_type) sat_next;
+
+#define sat_oid sat_atype.at_oid
+#define sat_names sat_atype.at_names
+#define sat_desc sat_atype.at_desc
+#define sat_obsolete sat_atype.at_obsolete
+#define sat_sup_oid sat_atype.at_sup_oid
+#define sat_equality_oid sat_atype.at_equality_oid
+#define sat_ordering_oid sat_atype.at_ordering_oid
+#define sat_substr_oid sat_atype.at_substr_oid
+#define sat_syntax_oid sat_atype.at_syntax_oid
+#define sat_single_value sat_atype.at_single_value
+#define sat_collective sat_atype.at_collective
+#define sat_no_user_mod sat_atype.at_no_user_mod
+#define sat_usage sat_atype.at_usage
+#define sat_extensions sat_atype.at_extensions
+
+ struct slap_attr_desc *sat_ad;
+ ldap_pvt_thread_mutex_t sat_ad_mutex;
+} AttributeType;
+
+#define is_at_operational(at) ((at)->sat_usage)
+#define is_at_single_value(at) ((at)->sat_single_value)
+#define is_at_collective(at) ((at)->sat_collective)
+#define is_at_obsolete(at) ((at)->sat_obsolete)
+#define is_at_no_user_mod(at) ((at)->sat_no_user_mod)
+
+struct slap_object_class;
+
+typedef int (ObjectClassSchemaCheckFN)(
+ struct slap_backend_db *be,
+ struct slap_entry *e,
+ struct slap_object_class *oc,
+ const char** text,
+ char *textbuf, size_t textlen );
+
+typedef struct slap_object_class {
+ LDAPObjectClass soc_oclass;
+ struct berval soc_cname;
+ struct slap_object_class **soc_sups;
+ AttributeType **soc_required;
+ AttributeType **soc_allowed;
+ ObjectClassSchemaCheckFN *soc_check;
+ char *soc_oidmacro;
+ slap_mask_t soc_flags;
+#define soc_oid soc_oclass.oc_oid
+#define soc_names soc_oclass.oc_names
+#define soc_desc soc_oclass.oc_desc
+#define soc_obsolete soc_oclass.oc_obsolete
+#define soc_sup_oids soc_oclass.oc_sup_oids
+#define soc_kind soc_oclass.oc_kind
+#define soc_at_oids_must soc_oclass.oc_at_oids_must
+#define soc_at_oids_may soc_oclass.oc_at_oids_may
+#define soc_extensions soc_oclass.oc_extensions
+
+ LDAP_STAILQ_ENTRY(slap_object_class) soc_next;
+} ObjectClass;
+
+#define SLAP_OCF_SET_FLAGS 0x1
+#define SLAP_OCF_CHECK_SUP 0x2
+#define SLAP_OCF_MASK (SLAP_OCF_SET_FLAGS|SLAP_OCF_CHECK_SUP)
+
+#define SLAP_OC_ALIAS 0x0001
+#define SLAP_OC_REFERRAL 0x0002
+#define SLAP_OC_SUBENTRY 0x0004
+#define SLAP_OC_DYNAMICOBJECT 0x0008
+#define SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY 0x0010
+#define SLAP_OC_GLUE 0x0020
+#define SLAP_OC_SYNCPROVIDERSUBENTRY 0x0040
+#define SLAP_OC_SYNCCONSUMERSUBENTRY 0x0080
+#define SLAP_OC__MASK 0x00FF
+#define SLAP_OC__END 0x0100
+#define SLAP_OC_OPERATIONAL 0x4000
+#ifdef LDAP_DEVEL
+#define SLAP_OC_HIDE 0x0000
+#else
+#define SLAP_OC_HIDE 0x8000
+#endif
+#define SLAP_OC_HARDCODE 0x10000U /* This is hardcoded schema */
+
+/*
+ * DIT content rule
+ */
+typedef struct slap_content_rule {
+ LDAPContentRule scr_crule;
+ ObjectClass *scr_sclass;
+ ObjectClass **scr_auxiliaries; /* optional */
+ AttributeType **scr_required; /* optional */
+ AttributeType **scr_allowed; /* optional */
+ AttributeType **scr_precluded; /* optional */
+#define scr_oid scr_crule.cr_oid
+#define scr_names scr_crule.cr_names
+#define scr_desc scr_crule.cr_desc
+#define scr_obsolete scr_crule.cr_obsolete
+#define scr_oc_oids_aux scr_crule.cr_oc_oids_aux
+#define scr_at_oids_must scr_crule.cr_at_oids_must
+#define scr_at_oids_may scr_crule.cr_at_oids_may
+#define scr_at_oids_not scr_crule.cr_at_oids_not
+
+ char *scr_oidmacro;
+#define SLAP_CR_HARDCODE 0x10000U
+ int scr_flags;
+
+ LDAP_STAILQ_ENTRY( slap_content_rule ) scr_next;
+} ContentRule;
+
+/* Represents a recognized attribute description ( type + options ). */
+typedef struct slap_attr_desc {
+ struct slap_attr_desc *ad_next;
+ AttributeType *ad_type; /* attribute type, must be specified */
+ struct berval ad_cname; /* canonical name, must be specified */
+ struct berval ad_tags; /* empty if no tagging options */
+ unsigned ad_flags;
+#define SLAP_DESC_NONE 0x00U
+#define SLAP_DESC_BINARY 0x01U
+#define SLAP_DESC_TAG_RANGE 0x80U
+} AttributeDescription;
+
+/* flags to slap_*2undef_ad to register undefined (0, the default)
+ * or proxied (SLAP_AD_PROXIED) AttributeDescriptions; the additional
+ * SLAP_AD_NOINSERT is to lookup without insert */
+#define SLAP_AD_UNDEF 0x00U
+#define SLAP_AD_PROXIED 0x01U
+#define SLAP_AD_NOINSERT 0x02U
+
+typedef struct slap_attr_name {
+ struct berval an_name;
+ AttributeDescription *an_desc;
+ int an_oc_exclude;
+ ObjectClass *an_oc;
+} AttributeName;
+
+#define slap_ad_is_tagged(ad) ( (ad)->ad_tags.bv_len != 0 )
+#define slap_ad_is_tag_range(ad) \
+ ( ((ad)->ad_flags & SLAP_DESC_TAG_RANGE) ? 1 : 0 )
+#define slap_ad_is_binary(ad) \
+ ( ((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 )
+
+/*
+ * pointers to schema elements used internally
+ */
+struct slap_internal_schema {
+ /* objectClass */
+ ObjectClass *si_oc_top;
+ ObjectClass *si_oc_extensibleObject;
+ ObjectClass *si_oc_alias;
+ ObjectClass *si_oc_referral;
+ ObjectClass *si_oc_rootdse;
+ ObjectClass *si_oc_subentry;
+ ObjectClass *si_oc_subschema;
+ ObjectClass *si_oc_collectiveAttributeSubentry;
+ ObjectClass *si_oc_dynamicObject;
+
+ ObjectClass *si_oc_glue;
+ ObjectClass *si_oc_syncConsumerSubentry;
+ ObjectClass *si_oc_syncProviderSubentry;
+
+ /* objectClass attribute descriptions */
+ AttributeDescription *si_ad_objectClass;
+
+ /* operational attribute descriptions */
+ AttributeDescription *si_ad_structuralObjectClass;
+ AttributeDescription *si_ad_creatorsName;
+ AttributeDescription *si_ad_createTimestamp;
+ AttributeDescription *si_ad_modifiersName;
+ AttributeDescription *si_ad_modifyTimestamp;
+ AttributeDescription *si_ad_hasSubordinates;
+ AttributeDescription *si_ad_subschemaSubentry;
+ AttributeDescription *si_ad_collectiveSubentries;
+ AttributeDescription *si_ad_collectiveExclusions;
+ AttributeDescription *si_ad_entryDN;
+ AttributeDescription *si_ad_entryUUID;
+ AttributeDescription *si_ad_entryCSN;
+ AttributeDescription *si_ad_namingCSN;
+
+ AttributeDescription *si_ad_dseType;
+ AttributeDescription *si_ad_syncreplCookie;
+ AttributeDescription *si_ad_syncTimestamp;
+ AttributeDescription *si_ad_contextCSN;
+
+ /* root DSE attribute descriptions */
+ AttributeDescription *si_ad_altServer;
+ AttributeDescription *si_ad_namingContexts;
+ AttributeDescription *si_ad_supportedControl;
+ AttributeDescription *si_ad_supportedExtension;
+ AttributeDescription *si_ad_supportedLDAPVersion;
+ AttributeDescription *si_ad_supportedSASLMechanisms;
+ AttributeDescription *si_ad_supportedFeatures;
+ AttributeDescription *si_ad_monitorContext;
+ AttributeDescription *si_ad_vendorName;
+ AttributeDescription *si_ad_vendorVersion;
+ AttributeDescription *si_ad_configContext;
+
+ /* subentry attribute descriptions */
+ AttributeDescription *si_ad_administrativeRole;
+ AttributeDescription *si_ad_subtreeSpecification;
+
+ /* subschema subentry attribute descriptions */
+ AttributeDescription *si_ad_attributeTypes;
+ AttributeDescription *si_ad_ditContentRules;
+ AttributeDescription *si_ad_ditStructureRules;
+ AttributeDescription *si_ad_ldapSyntaxes;
+ AttributeDescription *si_ad_matchingRules;
+ AttributeDescription *si_ad_matchingRuleUse;
+ AttributeDescription *si_ad_nameForms;
+ AttributeDescription *si_ad_objectClasses;
+
+ /* Aliases & Referrals */
+ AttributeDescription *si_ad_aliasedObjectName;
+ AttributeDescription *si_ad_ref;
+
+ /* Access Control Internals */
+ AttributeDescription *si_ad_entry;
+ AttributeDescription *si_ad_children;
+ AttributeDescription *si_ad_saslAuthzTo;
+ AttributeDescription *si_ad_saslAuthzFrom;
+
+ /* dynamic entries */
+ AttributeDescription *si_ad_entryTtl;
+ AttributeDescription *si_ad_dynamicSubtrees;
+
+ /* Other attributes descriptions */
+ AttributeDescription *si_ad_distinguishedName;
+ AttributeDescription *si_ad_name;
+ AttributeDescription *si_ad_cn;
+ AttributeDescription *si_ad_uid;
+ AttributeDescription *si_ad_uidNumber;
+ AttributeDescription *si_ad_gidNumber;
+ AttributeDescription *si_ad_userPassword;
+ AttributeDescription *si_ad_labeledURI;
+#ifdef SLAPD_AUTHPASSWD
+ AttributeDescription *si_ad_authPassword;
+ AttributeDescription *si_ad_authPasswordSchemes;
+#endif
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ AttributeDescription *si_ad_krbName;
+#endif
+ AttributeDescription *si_ad_description;
+ AttributeDescription *si_ad_seeAlso;
+
+ /* Undefined Attribute Type */
+ AttributeType *si_at_undefined;
+
+ /* "Proxied" Attribute Type */
+ AttributeType *si_at_proxied;
+
+ /* Matching Rules */
+ MatchingRule *si_mr_distinguishedNameMatch;
+ MatchingRule *si_mr_dnSubtreeMatch;
+ MatchingRule *si_mr_dnOneLevelMatch;
+ MatchingRule *si_mr_dnSubordinateMatch;
+ MatchingRule *si_mr_dnSuperiorMatch;
+ MatchingRule *si_mr_caseExactMatch;
+ MatchingRule *si_mr_caseExactSubstringsMatch;
+ MatchingRule *si_mr_caseExactIA5Match;
+ MatchingRule *si_mr_integerMatch;
+ MatchingRule *si_mr_integerFirstComponentMatch;
+ MatchingRule *si_mr_objectIdentifierFirstComponentMatch;
+
+ /* Syntaxes */
+ Syntax *si_syn_directoryString;
+ Syntax *si_syn_distinguishedName;
+ Syntax *si_syn_integer;
+ Syntax *si_syn_octetString;
+
+ /* Schema Syntaxes */
+ Syntax *si_syn_attributeTypeDesc;
+ Syntax *si_syn_ditContentRuleDesc;
+ Syntax *si_syn_ditStructureRuleDesc;
+ Syntax *si_syn_ldapSyntaxDesc;
+ Syntax *si_syn_matchingRuleDesc;
+ Syntax *si_syn_matchingRuleUseDesc;
+ Syntax *si_syn_nameFormDesc;
+ Syntax *si_syn_objectClassDesc;
+};
+
+typedef struct slap_attr_assertion {
+ AttributeDescription *aa_desc;
+ struct berval aa_value;
+#ifdef LDAP_COMP_MATCH
+ struct slap_component_filter *aa_cf;/* for attribute aliasing */
+#endif
+} AttributeAssertion;
+
+typedef struct slap_ss_assertion {
+ AttributeDescription *sa_desc;
+ struct berval sa_initial;
+ struct berval *sa_any;
+ struct berval sa_final;
+} SubstringsAssertion;
+
+#ifdef LDAP_COMP_MATCH
+struct slap_component_filter;
+#endif
+
+typedef struct slap_mr_assertion {
+ MatchingRule *ma_rule; /* optional */
+ struct berval ma_rule_text; /* optional */
+ AttributeDescription *ma_desc; /* optional */
+ int ma_dnattrs; /* boolean */
+ struct berval ma_value; /* required */
+#ifdef LDAP_COMP_MATCH
+ struct slap_component_filter* ma_cf; /* component filter */
+#endif
+} MatchingRuleAssertion;
+
+/*
+ * represents a search filter
+ */
+typedef struct slap_filter {
+ ber_tag_t f_choice; /* values taken from ldap.h, plus: */
+#define SLAPD_FILTER_COMPUTED ((ber_tag_t) -1)
+#define SLAPD_FILTER_DN_ONE ((ber_tag_t) -2)
+#define SLAPD_FILTER_DN_SUBTREE ((ber_tag_t) -3)
+#define SLAPD_FILTER_DN_CHILDREN ((ber_tag_t) -4)
+
+ union f_un_u {
+ /* precomputed result */
+ ber_int_t f_un_result;
+
+ /* DN */
+ struct berval *f_un_dn;
+
+ /* present */
+ AttributeDescription *f_un_desc;
+
+ /* simple value assertion */
+ AttributeAssertion *f_un_ava;
+
+ /* substring assertion */
+ SubstringsAssertion *f_un_ssa;
+
+ /* matching rule assertion */
+ MatchingRuleAssertion *f_un_mra;
+
+#define f_dn f_un.f_un_dn
+#define f_desc f_un.f_un_desc
+#define f_ava f_un.f_un_ava
+#define f_av_desc f_un.f_un_ava->aa_desc
+#define f_av_value f_un.f_un_ava->aa_value
+#define f_sub f_un.f_un_ssa
+#define f_sub_desc f_un.f_un_ssa->sa_desc
+#define f_sub_initial f_un.f_un_ssa->sa_initial
+#define f_sub_any f_un.f_un_ssa->sa_any
+#define f_sub_final f_un.f_un_ssa->sa_final
+#define f_mra f_un.f_un_mra
+#define f_mr_rule f_un.f_un_mra->ma_rule
+#define f_mr_rule_text f_un.f_un_mra->ma_rule_text
+#define f_mr_desc f_un.f_un_mra->ma_desc
+#define f_mr_value f_un.f_un_mra->ma_value
+#define f_mr_dnattrs f_un.f_un_mra->ma_dnattrs
+
+ /* and, or, not */
+ struct slap_filter *f_un_complex;
+ } f_un;
+
+#define f_result f_un.f_un_result
+#define f_and f_un.f_un_complex
+#define f_or f_un.f_un_complex
+#define f_not f_un.f_un_complex
+#define f_list f_un.f_un_complex
+
+ struct slap_filter *f_next;
+} Filter;
+
+/* compare routines can return undefined */
+#define SLAPD_COMPARE_UNDEFINED ((ber_int_t) -1)
+
+typedef struct slap_valuesreturnfilter {
+ ber_tag_t vrf_choice;
+
+ union vrf_un_u {
+ /* precomputed result */
+ ber_int_t vrf_un_result;
+
+ /* DN */
+ char *vrf_un_dn;
+
+ /* present */
+ AttributeDescription *vrf_un_desc;
+
+ /* simple value assertion */
+ AttributeAssertion *vrf_un_ava;
+
+ /* substring assertion */
+ SubstringsAssertion *vrf_un_ssa;
+
+ /* matching rule assertion */
+ MatchingRuleAssertion *vrf_un_mra;
+
+#define vrf_result vrf_un.vrf_un_result
+#define vrf_dn vrf_un.vrf_un_dn
+#define vrf_desc vrf_un.vrf_un_desc
+#define vrf_ava vrf_un.vrf_un_ava
+#define vrf_av_desc vrf_un.vrf_un_ava->aa_desc
+#define vrf_av_value vrf_un.vrf_un_ava->aa_value
+#define vrf_ssa vrf_un.vrf_un_ssa
+#define vrf_sub vrf_un.vrf_un_ssa
+#define vrf_sub_desc vrf_un.vrf_un_ssa->sa_desc
+#define vrf_sub_initial vrf_un.vrf_un_ssa->sa_initial
+#define vrf_sub_any vrf_un.vrf_un_ssa->sa_any
+#define vrf_sub_final vrf_un.vrf_un_ssa->sa_final
+#define vrf_mra vrf_un.vrf_un_mra
+#define vrf_mr_rule vrf_un.vrf_un_mra->ma_rule
+#define vrf_mr_rule_text vrf_un.vrf_un_mra->ma_rule_text
+#define vrf_mr_desc vrf_un.vrf_un_mra->ma_desc
+#define vrf_mr_value vrf_un.vrf_un_mra->ma_value
+#define vrf_mr_dnattrs vrf_un.vrf_un_mra->ma_dnattrs
+
+
+ } vrf_un;
+
+ struct slap_valuesreturnfilter *vrf_next;
+} ValuesReturnFilter;
+
+#ifdef LDAP_COMP_MATCH
+struct slap_component_syntax_info;
+typedef struct slap_component_data {
+ void* cd_mem_op;/* nibble memory handler */
+ struct slap_component_syntax_info** cd_tree;/* component tree */
+} ComponentData;
+#endif
+
+/*
+ * represents an attribute (description + values)
+ */
+typedef struct slap_attr {
+ AttributeDescription *a_desc;
+ BerVarray a_vals; /* preserved values */
+ BerVarray a_nvals; /* normalized values */
+#ifdef LDAP_COMP_MATCH
+ ComponentData *a_comp_data; /* component values */
+#endif
+ struct slap_attr *a_next;
+ unsigned a_flags;
+#define SLAP_ATTR_IXADD 0x1U
+#define SLAP_ATTR_IXDEL 0x2U
+} Attribute;
+
+
+/*
+ * the id used in the indexes to refer to an entry
+ */
+typedef unsigned long ID;
+#define NOID ((ID)~0)
+
+/*
+ * represents an entry in core
+ */
+typedef struct slap_entry {
+ /*
+ * The ID field should only be changed before entry is
+ * inserted into a cache. The ID value is backend
+ * specific.
+ */
+ ID e_id;
+
+ struct berval e_name; /* name (DN) of this entry */
+ struct berval e_nname; /* normalized name (DN) of this entry */
+
+ /* for migration purposes */
+#define e_dn e_name.bv_val
+#define e_ndn e_nname.bv_val
+
+ Attribute *e_attrs; /* list of attributes + values */
+
+ slap_mask_t e_ocflags;
+
+ struct berval e_bv; /* For entry_encode/entry_decode */
+
+ /* for use by the backend for any purpose */
+ void* e_private;
+} Entry;
+
+/*
+ * A list of LDAPMods
+ */
+typedef struct slap_mod {
+ short sm_op;
+ short sm_flags;
+/* Set for internal mods, will bypass ACL checks. Only needed when
+ * running as non-root user, for user modifiable attributes.
+ */
+#define SLAP_MOD_INTERNAL 0x01
+#define SLAP_MOD_MANAGING 0x02
+
+ AttributeDescription *sm_desc;
+ struct berval sm_type;
+ BerVarray sm_values;
+ BerVarray sm_nvalues;
+} Modification;
+
+typedef struct slap_mod_list {
+ Modification sml_mod;
+#define sml_op sml_mod.sm_op
+#define sml_flags sml_mod.sm_flags
+#define sml_desc sml_mod.sm_desc
+#define sml_type sml_mod.sm_type
+#define sml_values sml_mod.sm_values
+#define sml_nvalues sml_mod.sm_nvalues
+ struct slap_mod_list *sml_next;
+} Modifications;
+
+typedef struct slap_ldap_modlist {
+ LDAPMod ml_mod;
+ struct slap_ldap_modlist *ml_next;
+#define ml_op ml_mod.mod_op
+#define ml_type ml_mod.mod_type
+#define ml_values ml_mod.mod_values
+} LDAPModList;
+
+/*
+ * represents an access control list
+ */
+typedef enum slap_access_e {
+ ACL_INVALID_ACCESS = -1,
+ ACL_NONE = 0,
+ ACL_DISCLOSE,
+ ACL_AUTH,
+ ACL_COMPARE,
+ ACL_SEARCH,
+ ACL_READ,
+ ACL_WRITE_,
+ ACL_MANAGE,
+
+ /* always leave at end of levels but not greater than ACL_LEVEL_MASK */
+ ACL_LAST,
+
+ /* ACL level mask and modifiers */
+ ACL_LEVEL_MASK = 0x000f,
+ ACL_QUALIFIER1 = 0x0100,
+ ACL_QUALIFIER2 = 0x0200,
+ ACL_QUALIFIER3 = 0x0400,
+ ACL_QUALIFIER4 = 0x0800,
+ ACL_QUALIFIER_MASK = 0x0f00,
+
+ /* write granularity */
+ ACL_WADD = ACL_WRITE_|ACL_QUALIFIER1,
+ ACL_WDEL = ACL_WRITE_|ACL_QUALIFIER2,
+
+ ACL_WRITE = ACL_WADD|ACL_WDEL
+} slap_access_t;
+
+typedef enum slap_control_e {
+ ACL_INVALID_CONTROL = 0,
+ ACL_STOP,
+ ACL_CONTINUE,
+ ACL_BREAK
+} slap_control_t;
+
+typedef enum slap_style_e {
+ ACL_STYLE_REGEX = 0,
+ ACL_STYLE_EXPAND,
+ ACL_STYLE_BASE,
+ ACL_STYLE_ONE,
+ ACL_STYLE_SUBTREE,
+ ACL_STYLE_CHILDREN,
+ ACL_STYLE_LEVEL,
+ ACL_STYLE_ATTROF,
+ ACL_STYLE_ANONYMOUS,
+ ACL_STYLE_USERS,
+ ACL_STYLE_SELF,
+ ACL_STYLE_IP,
+ ACL_STYLE_PATH
+} slap_style_t;
+
+typedef struct slap_authz_info {
+ ber_tag_t sai_method; /* LDAP_AUTH_* from <ldap.h> */
+ struct berval sai_mech; /* SASL Mechanism */
+ struct berval sai_dn; /* DN for reporting purposes */
+ struct berval sai_ndn; /* Normalized DN */
+
+ /* Security Strength Factors */
+ slap_ssf_t sai_ssf; /* Overall SSF */
+ slap_ssf_t sai_transport_ssf; /* Transport SSF */
+ slap_ssf_t sai_tls_ssf; /* TLS SSF */
+ slap_ssf_t sai_sasl_ssf; /* SASL SSF */
+} AuthorizationInformation;
+
+
+#ifdef SLAP_DYNACL
+struct slap_op;
+
+/*
+ * "dynamic" ACL infrastructure (for ACIs and more)
+ */
+typedef int (slap_dynacl_parse) LDAP_P(( const char *fname, int lineno,
+ const char *opts, slap_style_t, const char *, void **privp ));
+typedef int (slap_dynacl_unparse) LDAP_P(( void *priv, struct berval *bv ));
+typedef int (slap_dynacl_mask) LDAP_P((
+ void *priv,
+ struct slap_op *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ int nmatch,
+ regmatch_t *matches,
+ slap_access_t *grant,
+ slap_access_t *deny ));
+typedef int (slap_dynacl_destroy) LDAP_P(( void *priv ));
+
+typedef struct slap_dynacl_t {
+ char *da_name;
+ slap_dynacl_parse *da_parse;
+ slap_dynacl_unparse *da_unparse;
+ slap_dynacl_mask *da_mask;
+ slap_dynacl_destroy *da_destroy;
+
+ void *da_private;
+ struct slap_dynacl_t *da_next;
+} slap_dynacl_t;
+#endif /* SLAP_DYNACL */
+
+/* the DN portion of the "by" part */
+typedef struct slap_dn_access {
+ /* DN pattern */
+ AuthorizationInformation a_dnauthz;
+#define a_pat a_dnauthz.sai_dn
+
+ slap_style_t a_style;
+ int a_level;
+ int a_self_level;
+ AttributeDescription *a_at;
+ int a_self;
+ int a_expand;
+} slap_dn_access;
+
+/* the "by" part */
+typedef struct slap_access {
+ slap_control_t a_type;
+
+/* strip qualifiers */
+#define ACL_LEVEL(p) ((p) & ACL_LEVEL_MASK)
+#define ACL_QUALIFIERS(p) ((p) & ~ACL_LEVEL_MASK)
+
+#define ACL_ACCESS2PRIV(access) ((0x01U << ACL_LEVEL((access))) | ACL_QUALIFIERS((access)))
+
+#define ACL_PRIV_NONE ACL_ACCESS2PRIV( ACL_NONE )
+#define ACL_PRIV_DISCLOSE ACL_ACCESS2PRIV( ACL_DISCLOSE )
+#define ACL_PRIV_AUTH ACL_ACCESS2PRIV( ACL_AUTH )
+#define ACL_PRIV_COMPARE ACL_ACCESS2PRIV( ACL_COMPARE )
+#define ACL_PRIV_SEARCH ACL_ACCESS2PRIV( ACL_SEARCH )
+#define ACL_PRIV_READ ACL_ACCESS2PRIV( ACL_READ )
+#define ACL_PRIV_WADD ACL_ACCESS2PRIV( ACL_WADD )
+#define ACL_PRIV_WDEL ACL_ACCESS2PRIV( ACL_WDEL )
+#define ACL_PRIV_WRITE ( ACL_PRIV_WADD | ACL_PRIV_WDEL )
+#define ACL_PRIV_MANAGE ACL_ACCESS2PRIV( ACL_MANAGE )
+
+/* NOTE: always use the highest level; current: 0x00ffUL */
+#define ACL_PRIV_MASK ((ACL_ACCESS2PRIV(ACL_LAST) - 1) | ACL_QUALIFIER_MASK)
+
+/* priv flags */
+#define ACL_PRIV_LEVEL 0x1000UL
+#define ACL_PRIV_ADDITIVE 0x2000UL
+#define ACL_PRIV_SUBSTRACTIVE 0x4000UL
+
+/* invalid privs */
+#define ACL_PRIV_INVALID 0x0UL
+
+#define ACL_PRIV_ISSET(m,p) (((m) & (p)) == (p))
+#define ACL_PRIV_ASSIGN(m,p) do { (m) = (p); } while(0)
+#define ACL_PRIV_SET(m,p) do { (m) |= (p); } while(0)
+#define ACL_PRIV_CLR(m,p) do { (m) &= ~(p); } while(0)
+
+#define ACL_INIT(m) ACL_PRIV_ASSIGN(m, ACL_PRIV_NONE)
+#define ACL_INVALIDATE(m) ACL_PRIV_ASSIGN(m, ACL_PRIV_INVALID)
+
+#define ACL_GRANT(m,a) ACL_PRIV_ISSET((m),ACL_ACCESS2PRIV(a))
+
+#define ACL_IS_INVALID(m) ((m) == ACL_PRIV_INVALID)
+
+#define ACL_IS_LEVEL(m) ACL_PRIV_ISSET((m),ACL_PRIV_LEVEL)
+#define ACL_IS_ADDITIVE(m) ACL_PRIV_ISSET((m),ACL_PRIV_ADDITIVE)
+#define ACL_IS_SUBTRACTIVE(m) ACL_PRIV_ISSET((m),ACL_PRIV_SUBSTRACTIVE)
+
+#define ACL_LVL_NONE (ACL_PRIV_NONE|ACL_PRIV_LEVEL)
+#define ACL_LVL_DISCLOSE (ACL_PRIV_DISCLOSE|ACL_LVL_NONE)
+#define ACL_LVL_AUTH (ACL_PRIV_AUTH|ACL_LVL_DISCLOSE)
+#define ACL_LVL_COMPARE (ACL_PRIV_COMPARE|ACL_LVL_AUTH)
+#define ACL_LVL_SEARCH (ACL_PRIV_SEARCH|ACL_LVL_COMPARE)
+#define ACL_LVL_READ (ACL_PRIV_READ|ACL_LVL_SEARCH)
+#define ACL_LVL_WADD (ACL_PRIV_WADD|ACL_LVL_READ)
+#define ACL_LVL_WDEL (ACL_PRIV_WDEL|ACL_LVL_READ)
+#define ACL_LVL_WRITE (ACL_PRIV_WRITE|ACL_LVL_READ)
+#define ACL_LVL_MANAGE (ACL_PRIV_MANAGE|ACL_LVL_WRITE)
+
+#define ACL_LVL(m,l) (((m)&ACL_PRIV_MASK) == ((l)&ACL_PRIV_MASK))
+#define ACL_LVL_IS_NONE(m) ACL_LVL((m),ACL_LVL_NONE)
+#define ACL_LVL_IS_DISCLOSE(m) ACL_LVL((m),ACL_LVL_DISCLOSE)
+#define ACL_LVL_IS_AUTH(m) ACL_LVL((m),ACL_LVL_AUTH)
+#define ACL_LVL_IS_COMPARE(m) ACL_LVL((m),ACL_LVL_COMPARE)
+#define ACL_LVL_IS_SEARCH(m) ACL_LVL((m),ACL_LVL_SEARCH)
+#define ACL_LVL_IS_READ(m) ACL_LVL((m),ACL_LVL_READ)
+#define ACL_LVL_IS_WADD(m) ACL_LVL((m),ACL_LVL_WADD)
+#define ACL_LVL_IS_WDEL(m) ACL_LVL((m),ACL_LVL_WDEL)
+#define ACL_LVL_IS_WRITE(m) ACL_LVL((m),ACL_LVL_WRITE)
+#define ACL_LVL_IS_MANAGE(m) ACL_LVL((m),ACL_LVL_MANAGE)
+
+#define ACL_LVL_ASSIGN_NONE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_NONE)
+#define ACL_LVL_ASSIGN_DISCLOSE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_DISCLOSE)
+#define ACL_LVL_ASSIGN_AUTH(m) ACL_PRIV_ASSIGN((m),ACL_LVL_AUTH)
+#define ACL_LVL_ASSIGN_COMPARE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_COMPARE)
+#define ACL_LVL_ASSIGN_SEARCH(m) ACL_PRIV_ASSIGN((m),ACL_LVL_SEARCH)
+#define ACL_LVL_ASSIGN_READ(m) ACL_PRIV_ASSIGN((m),ACL_LVL_READ)
+#define ACL_LVL_ASSIGN_WADD(m) ACL_PRIV_ASSIGN((m),ACL_LVL_WADD)
+#define ACL_LVL_ASSIGN_WDEL(m) ACL_PRIV_ASSIGN((m),ACL_LVL_WDEL)
+#define ACL_LVL_ASSIGN_WRITE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_WRITE)
+#define ACL_LVL_ASSIGN_MANAGE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_MANAGE)
+
+ slap_mask_t a_access_mask;
+
+ /* DN pattern */
+ slap_dn_access a_dn;
+#define a_dn_pat a_dn.a_dnauthz.sai_dn
+#define a_dn_at a_dn.a_at
+#define a_dn_self a_dn.a_self
+
+ /* real DN pattern */
+ slap_dn_access a_realdn;
+#define a_realdn_pat a_realdn.a_dnauthz.sai_dn
+#define a_realdn_at a_realdn.a_at
+#define a_realdn_self a_realdn.a_self
+
+ /* used for ssf stuff
+ * NOTE: the ssf stuff in a_realdn is ignored */
+#define a_authz a_dn.a_dnauthz
+
+ /* connection related stuff */
+ slap_style_t a_peername_style;
+ struct berval a_peername_pat;
+ unsigned long a_peername_addr,
+ a_peername_mask;
+ int a_peername_port;
+
+ slap_style_t a_sockname_style;
+ struct berval a_sockname_pat;
+
+ slap_style_t a_domain_style;
+ struct berval a_domain_pat;
+ int a_domain_expand;
+
+ slap_style_t a_sockurl_style;
+ struct berval a_sockurl_pat;
+ slap_style_t a_set_style;
+ struct berval a_set_pat;
+
+#ifdef SLAP_DYNACL
+ slap_dynacl_t *a_dynacl;
+#else /* ! SLAP_DYNACL */
+#ifdef SLAPD_ACI_ENABLED
+ /* NOTE: ACIs have been moved under the "dynacl" interface,
+ * which is currently built only when LDAP_DEVEL is defined.
+ *
+ * In any case, SLAPD_ACI_ENABLED, set by --enable-aci,
+ * is required to enable ACI support.
+ */
+ AttributeDescription *a_aci_at;
+#endif /* SLAPD_ACI_ENABLED */
+#endif /* SLAP_DYNACL */
+
+ /* ACL Groups */
+ slap_style_t a_group_style;
+ struct berval a_group_pat;
+ ObjectClass *a_group_oc;
+ AttributeDescription *a_group_at;
+
+ struct slap_access *a_next;
+} Access;
+
+/* the "to" part */
+typedef struct slap_acl {
+ /* "to" part: the entries this acl applies to */
+ Filter *acl_filter;
+ slap_style_t acl_dn_style;
+ regex_t acl_dn_re;
+ struct berval acl_dn_pat;
+ AttributeName *acl_attrs;
+ MatchingRule *acl_attrval_mr;
+ slap_style_t acl_attrval_style;
+ regex_t acl_attrval_re;
+ struct berval acl_attrval;
+
+ /* "by" part: list of who has what access to the entries */
+ Access *acl_access;
+
+ struct slap_acl *acl_next;
+} AccessControl;
+
+typedef struct slap_acl_state {
+ unsigned as_recorded;
+#define ACL_STATE_NOT_RECORDED 0x0
+#define ACL_STATE_RECORDED_VD 0x1
+#define ACL_STATE_RECORDED_NV 0x2
+#define ACL_STATE_RECORDED 0x3
+
+ /* Access state */
+ AccessControl *as_vd_acl;
+ AccessControl *as_vi_acl;
+ slap_mask_t as_vd_acl_mask;
+ regmatch_t as_vd_acl_matches[MAXREMATCHES];
+ int as_vd_acl_count;
+
+ Access *as_vd_access;
+ int as_vd_access_count;
+
+ int as_result;
+ AttributeDescription *as_vd_ad;
+} AccessControlState;
+#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, NULL, 0UL, \
+ { { 0, 0 } }, 0, NULL, 0, 0, NULL }
+
+#ifdef SLAPD_ACI_ENABLED
+typedef enum slap_aci_scope_t {
+ SLAP_ACI_SCOPE_ENTRY = 0x1,
+ SLAP_ACI_SCOPE_CHILDREN = 0x2,
+ SLAP_ACI_SCOPE_SUBTREE = ( SLAP_ACI_SCOPE_ENTRY | SLAP_ACI_SCOPE_CHILDREN )
+} slap_aci_scope_t;
+#endif /* SLAPD_ACI_ENABLED */
+
+/*
+ * Backend-info
+ * represents a backend
+ */
+
+typedef struct slap_backend_info BackendInfo; /* per backend type */
+typedef struct slap_backend_db BackendDB; /* per backend database */
+typedef LDAP_STAILQ_HEAD(BeI, slap_backend_info) slap_bi_head;
+typedef LDAP_STAILQ_HEAD(BeDB, slap_backend_db) slap_be_head;
+
+LDAP_SLAPD_V (int) nBackendInfo;
+LDAP_SLAPD_V (int) nBackendDB;
+LDAP_SLAPD_V (slap_bi_head) backendInfo;
+LDAP_SLAPD_V (slap_be_head) backendDB;
+LDAP_SLAPD_V (BackendDB *) frontendDB;
+
+LDAP_SLAPD_V (int) slapMode;
+#define SLAP_UNDEFINED_MODE 0x0000
+#define SLAP_SERVER_MODE 0x0001
+#define SLAP_TOOL_MODE 0x0002
+#define SLAP_MODE 0x0003
+
+#define SLAP_TRUNCATE_MODE 0x0100
+#define SLAP_TOOL_READMAIN 0x0200
+#define SLAP_TOOL_READONLY 0x0400
+#define SLAP_TOOL_QUICK 0x0800
+#define SLAP_TOOL_NO_SCHEMA_CHECK 0x1000
+
+#define SB_TLS_DEFAULT (-1)
+#define SB_TLS_OFF 0
+#define SB_TLS_ON 1
+#define SB_TLS_CRITICAL 2
+
+typedef struct slap_bindconf {
+ struct berval sb_uri;
+ int sb_tls;
+ int sb_method;
+ struct berval sb_binddn;
+ struct berval sb_cred;
+ struct berval sb_saslmech;
+ char *sb_secprops;
+ struct berval sb_realm;
+ struct berval sb_authcId;
+ struct berval sb_authzId;
+} slap_bindconf;
+
+struct slap_replica_info {
+ const char *ri_host; /* points to host part of uri */
+ BerVarray ri_nsuffix; /* array of suffixes this replica accepts */
+ AttributeName *ri_attrs; /* attrs to replicate, NULL=all */
+ int ri_exclude; /* 1 => exclude ri_attrs */
+ slap_bindconf ri_bindconf; /* for back-config */
+};
+
+typedef struct slap_verbmasks {
+ struct berval word;
+ const slap_mask_t mask;
+} slap_verbmasks;
+
+typedef struct slap_cf_aux_table {
+ struct berval key;
+ int off;
+ char type;
+ char quote;
+ void *aux;
+} slap_cf_aux_table;
+
+#define SLAP_LIMIT_TIME 1
+#define SLAP_LIMIT_SIZE 2
+
+struct slap_limits_set {
+ /* time limits */
+ int lms_t_soft;
+ int lms_t_hard;
+
+ /* size limits */
+ int lms_s_soft;
+ int lms_s_hard;
+ int lms_s_unchecked;
+ int lms_s_pr;
+ int lms_s_pr_hide;
+ int lms_s_pr_total;
+};
+
+/* Note: this is different from LDAP_NO_LIMIT (0); slapd internal use only */
+#define SLAP_NO_LIMIT -1
+#define SLAP_MAX_LIMIT 2147483647
+
+struct slap_limits {
+ unsigned lm_flags; /* type of pattern */
+#define SLAP_LIMITS_UNDEFINED 0x0000U
+#define SLAP_LIMITS_EXACT 0x0001U
+#define SLAP_LIMITS_BASE SLAP_LIMITS_EXACT
+#define SLAP_LIMITS_ONE 0x0002U
+#define SLAP_LIMITS_SUBTREE 0x0003U
+#define SLAP_LIMITS_CHILDREN 0x0004U
+#define SLAP_LIMITS_REGEX 0x0005U
+#define SLAP_LIMITS_ANONYMOUS 0x0006U
+#define SLAP_LIMITS_USERS 0x0007U
+#define SLAP_LIMITS_ANY 0x0008U
+#define SLAP_LIMITS_MASK 0x000FU
+
+#define SLAP_LIMITS_TYPE_DN 0x0000U
+#define SLAP_LIMITS_TYPE_GROUP 0x0010U
+#define SLAP_LIMITS_TYPE_MASK 0x00F0U
+
+ regex_t lm_regex; /* regex data for REGEX */
+
+ /*
+ * normalized DN for EXACT, BASE, ONE, SUBTREE, CHILDREN;
+ * pattern for REGEX; NULL for ANONYMOUS, USERS
+ */
+ struct berval lm_pat;
+
+ /* if lm_flags & SLAP_LIMITS_TYPE_MASK == SLAP_LIMITS_GROUP,
+ * lm_group_oc is objectClass and lm_group_at is attributeType
+ * of member in oc for match; then lm_flags & SLAP_LIMITS_MASK
+ * can only be SLAP_LIMITS_EXACT */
+ ObjectClass *lm_group_oc;
+ AttributeDescription *lm_group_ad;
+
+ struct slap_limits_set lm_limits;
+};
+
+/* temporary aliases */
+typedef BackendDB Backend;
+#define nbackends nBackendDB
+#define backends backendDB
+
+/*
+ * syncinfo structure for syncrepl
+ */
+
+struct syncinfo_s;
+
+#define SLAP_SYNC_RID_SIZE 3
+#define SLAP_SYNCUUID_SET_SIZE 256
+
+#define SLAP_SYNC_UPDATE_MSGID 1
+
+struct sync_cookie {
+ struct berval ctxcsn;
+ struct berval octet_str;
+ long rid;
+ LDAP_STAILQ_ENTRY(sync_cookie) sc_next;
+};
+
+LDAP_STAILQ_HEAD( slap_sync_cookie_s, sync_cookie );
+
+LDAP_TAILQ_HEAD( be_pcl, slap_csn_entry );
+
+#ifndef SLAP_MAX_CIDS
+#define SLAP_MAX_CIDS 32 /* Maximum number of supported controls */
+#endif
+
+struct ConfigOCs; /* config.h */
+
+struct slap_backend_db {
+ BackendInfo *bd_info; /* pointer to shared backend info */
+
+ /* fields in this structure (and routines acting on this structure)
+ should be renamed from be_ to bd_ */
+
+ /* BackendInfo accessors */
+#define be_config bd_info->bi_db_config
+#define be_type bd_info->bi_type
+
+#define be_bind bd_info->bi_op_bind
+#define be_unbind bd_info->bi_op_unbind
+#define be_add bd_info->bi_op_add
+#define be_compare bd_info->bi_op_compare
+#define be_delete bd_info->bi_op_delete
+#define be_modify bd_info->bi_op_modify
+#define be_modrdn bd_info->bi_op_modrdn
+#define be_search bd_info->bi_op_search
+#define be_abandon bd_info->bi_op_abandon
+#define be_cancel bd_info->bi_op_cancel
+
+#define be_extended bd_info->bi_extended
+
+#define be_chk_referrals bd_info->bi_chk_referrals
+#define be_chk_controls bd_info->bi_chk_controls
+#define be_fetch bd_info->bi_entry_get_rw
+#define be_release bd_info->bi_entry_release_rw
+#define be_group bd_info->bi_acl_group
+#define be_attribute bd_info->bi_acl_attribute
+#define be_operational bd_info->bi_operational
+
+/*
+ * define to honor hasSubordinates operational attribute in search filters
+ * (in previous use there was a flaw with back-bdb and back-ldbm; now it
+ * is fixed).
+ */
+#define be_has_subordinates bd_info->bi_has_subordinates
+
+#define be_connection_init bd_info->bi_connection_init
+#define be_connection_destroy bd_info->bi_connection_destroy
+
+#ifdef SLAPD_TOOLS
+#define be_entry_open bd_info->bi_tool_entry_open
+#define be_entry_close bd_info->bi_tool_entry_close
+#define be_entry_first bd_info->bi_tool_entry_first
+#define be_entry_next bd_info->bi_tool_entry_next
+#define be_entry_reindex bd_info->bi_tool_entry_reindex
+#define be_entry_get bd_info->bi_tool_entry_get
+#define be_entry_put bd_info->bi_tool_entry_put
+#define be_sync bd_info->bi_tool_sync
+#define be_dn2id_get bd_info->bi_tool_dn2id_get
+#define be_id2entry_get bd_info->bi_tool_id2entry_get
+#define be_entry_modify bd_info->bi_tool_entry_modify
+#endif
+
+ /* supported controls */
+ /* note: set to 0 if the database does not support the control;
+ * be_ctrls[SLAP_MAX_CIDS] is set to 1 if initialized */
+ char be_ctrls[SLAP_MAX_CIDS + 1];
+
+/* Database flags */
+#define SLAP_DBFLAG_NOLASTMOD 0x0001U
+#define SLAP_DBFLAG_NO_SCHEMA_CHECK 0x0002U
+#define SLAP_DBFLAG_GLUE_INSTANCE 0x0010U /* a glue backend */
+#define SLAP_DBFLAG_GLUE_SUBORDINATE 0x0020U /* child of a glue hierarchy */
+#define SLAP_DBFLAG_GLUE_LINKED 0x0040U /* child is connected to parent */
+#define SLAP_DBFLAG_GLUE_ADVERTISE 0x0080U /* advertise in rootDSE */
+#define SLAP_DBFLAG_OVERLAY 0x0100U /* this db struct is an overlay */
+#define SLAP_DBFLAG_GLOBAL_OVERLAY 0x0200U /* this db struct is a global overlay */
+#define SLAP_DBFLAG_SHADOW 0x8000U /* a shadow */
+#define SLAP_DBFLAG_SYNC_SHADOW 0x1000U /* a sync shadow */
+#define SLAP_DBFLAG_SLURP_SHADOW 0x2000U /* a slurp shadow */
+ slap_mask_t be_flags;
+#define SLAP_DBFLAGS(be) ((be)->be_flags)
+#define SLAP_NOLASTMOD(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NOLASTMOD)
+#define SLAP_LASTMOD(be) (!SLAP_NOLASTMOD(be))
+#define SLAP_ISOVERLAY(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_OVERLAY)
+#define SLAP_ISGLOBALOVERLAY(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLOBAL_OVERLAY)
+#define SLAP_NO_SCHEMA_CHECK(be) \
+ (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NO_SCHEMA_CHECK)
+#define SLAP_GLUE_INSTANCE(be) \
+ (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_INSTANCE)
+#define SLAP_GLUE_SUBORDINATE(be) \
+ (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_SUBORDINATE)
+#define SLAP_GLUE_LINKED(be) \
+ (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_LINKED)
+#define SLAP_GLUE_ADVERTISE(be) \
+ (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_ADVERTISE)
+#define SLAP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SHADOW)
+#define SLAP_SYNC_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SYNC_SHADOW)
+#define SLAP_SLURP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SLURP_SHADOW)
+
+ slap_mask_t be_restrictops; /* restriction operations */
+#define SLAP_RESTRICT_OP_ADD 0x0001U
+#define SLAP_RESTRICT_OP_BIND 0x0002U
+#define SLAP_RESTRICT_OP_COMPARE 0x0004U
+#define SLAP_RESTRICT_OP_DELETE 0x0008U
+#define SLAP_RESTRICT_OP_EXTENDED 0x0010U
+#define SLAP_RESTRICT_OP_MODIFY 0x0020U
+#define SLAP_RESTRICT_OP_RENAME 0x0040U
+#define SLAP_RESTRICT_OP_SEARCH 0x0080U
+#define SLAP_RESTRICT_OP_MASK 0x00FFU
+
+#define SLAP_RESTRICT_READONLY 0x80000000U
+
+#define SLAP_RESTRICT_EXOP_START_TLS 0x0100U
+#define SLAP_RESTRICT_EXOP_MODIFY_PASSWD 0x0200U
+#define SLAP_RESTRICT_EXOP_WHOAMI 0x0400U
+#define SLAP_RESTRICT_EXOP_CANCEL 0x0800U
+#define SLAP_RESTRICT_EXOP_MASK 0xFF00U
+
+#define SLAP_RESTRICT_OP_READS \
+ ( SLAP_RESTRICT_OP_COMPARE \
+ | SLAP_RESTRICT_OP_SEARCH )
+#define SLAP_RESTRICT_OP_WRITES \
+ ( SLAP_RESTRICT_OP_ADD \
+ | SLAP_RESTRICT_OP_DELETE \
+ | SLAP_RESTRICT_OP_MODIFY \
+ | SLAP_RESTRICT_OP_RENAME )
+
+#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */
+#define SLAP_ALLOW_BIND_ANON_CRED 0x0002U /* cred should be empty */
+#define SLAP_ALLOW_BIND_ANON_DN 0x0004U /* dn should be empty */
+
+#define SLAP_ALLOW_UPDATE_ANON 0x0008U /* allow anonymous updates */
+
+#define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */
+#define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */
+#define SLAP_DISALLOW_BIND_KRBV4 0x0004U /* Kerberos V4 authentication */
+
+#define SLAP_DISALLOW_TLS_2_ANON 0x0010U /* StartTLS -> Anonymous */
+#define SLAP_DISALLOW_TLS_AUTHC 0x0020U /* TLS while authenticated */
+
+#define SLAP_DISALLOW_AUX_WO_CR 0x4000U
+
+ slap_mask_t be_requires; /* pre-operation requirements */
+#define SLAP_REQUIRE_BIND 0x0001U /* bind before op */
+#define SLAP_REQUIRE_LDAP_V3 0x0002U /* LDAPv3 before op */
+#define SLAP_REQUIRE_AUTHC 0x0004U /* authentication before op */
+#define SLAP_REQUIRE_SASL 0x0008U /* SASL before op */
+#define SLAP_REQUIRE_STRONG 0x0010U /* strong authentication before op */
+
+ /* Required Security Strength Factor */
+ slap_ssf_set_t be_ssf_set;
+
+ BerVarray be_suffix; /* the DN suffixes of data in this backend */
+ BerVarray be_nsuffix; /* the normalized DN suffixes in this backend */
+ struct berval be_schemadn; /* per-backend subschema subentry DN */
+ struct berval be_schemandn; /* normalized subschema DN */
+ struct berval be_rootdn; /* the magic "root" name (DN) for this db */
+ struct berval be_rootndn; /* the magic "root" normalized name (DN) for this db */
+ struct berval be_rootpw; /* the magic "root" password for this db */
+ unsigned int be_max_deref_depth; /* limit for depth of an alias deref */
+#define be_sizelimit be_def_limit.lms_s_soft
+#define be_timelimit be_def_limit.lms_t_soft
+ struct slap_limits_set be_def_limit; /* default limits */
+ struct slap_limits **be_limits; /* regex-based size and time limits */
+ AccessControl *be_acl; /* access control list for this backend */
+ slap_access_t be_dfltaccess; /* access given if no acl matches */
+
+ /* Replica Information */
+ struct slap_replica_info **be_replica; /* replicas of this backend (in master) */
+ char *be_replogfile; /* replication log file (in master) */
+ struct berval be_update_ndn; /* allowed to make changes (in replicas) */
+ BerVarray be_update_refs; /* where to refer modifying clients to */
+ struct be_pcl *be_pending_csn_list;
+ ldap_pvt_thread_mutex_t be_pcl_mutex;
+ ldap_pvt_thread_mutex_t *be_pcl_mutexp;
+ struct syncinfo_s *be_syncinfo; /* For syncrepl */
+
+ void *be_pb; /* Netscape plugin */
+ struct ConfigOCs *be_cf_ocs;
+
+ void *be_private; /* anything the backend database needs */
+ LDAP_STAILQ_ENTRY(slap_backend_db) be_next;
+};
+
+struct slap_conn;
+struct slap_op;
+
+/* Backend function typedefs */
+typedef int (BI_bi_func) LDAP_P((BackendInfo *bi));
+typedef BI_bi_func BI_init;
+typedef BI_bi_func BI_open;
+typedef BI_bi_func BI_close;
+typedef BI_bi_func BI_destroy;
+typedef int (BI_config) LDAP_P((BackendInfo *bi,
+ const char *fname, int lineno,
+ int argc, char **argv));
+
+typedef int (BI_db_func) LDAP_P((Backend *bd));
+typedef BI_db_func BI_db_init;
+typedef BI_db_func BI_db_open;
+typedef BI_db_func BI_db_close;
+typedef BI_db_func BI_db_destroy;
+typedef int (BI_db_config) LDAP_P((Backend *bd,
+ const char *fname, int lineno,
+ int argc, char **argv));
+
+typedef struct req_bind_s {
+ int rb_method;
+ struct berval rb_cred;
+ struct berval rb_edn;
+ slap_ssf_t rb_ssf;
+ struct berval rb_tmp_mech; /* FIXME: temporary */
+} req_bind_s;
+
+typedef struct req_search_s {
+ int rs_scope;
+ int rs_deref;
+ int rs_slimit;
+ int rs_tlimit;
+ /* NULL means be_isroot evaluated to TRUE */
+ struct slap_limits_set *rs_limit;
+ int rs_attrsonly;
+ AttributeName *rs_attrs;
+ Filter *rs_filter;
+ struct berval rs_filterstr;
+} req_search_s;
+
+typedef struct req_compare_s {
+ AttributeAssertion *rs_ava;
+} req_compare_s;
+
+typedef struct req_modify_s {
+ Modifications *rs_modlist;
+ int rs_increment; /* FIXME: temporary */
+} req_modify_s;
+
+typedef struct req_modrdn_s {
+ struct berval rs_newrdn;
+ struct berval rs_nnewrdn;
+ struct berval *rs_newSup;
+ struct berval *rs_nnewSup;
+ int rs_deleteoldrdn;
+} req_modrdn_s;
+
+typedef struct req_add_s {
+ Entry *rs_e;
+ Modifications *rs_modlist; /* FIXME: temporary */
+} req_add_s;
+
+typedef struct req_abandon_s {
+ ber_int_t rs_msgid;
+} req_abandon_s;
+
+#ifdef LDAP_DEVEL
+#define SLAP_EXOP_HIDE 0x0000
+#else
+#define SLAP_EXOP_HIDE 0x8000
+#endif
+#define SLAP_EXOP_WRITES 0x0001 /* Exop does writes */
+
+typedef struct req_extended_s {
+ struct berval rs_reqoid;
+ int rs_flags;
+ struct berval *rs_reqdata;
+} req_extended_s;
+
+typedef struct req_pwdexop_s {
+ struct req_extended_s rs_extended;
+ struct berval rs_old;
+ struct berval rs_new;
+ Modifications *rs_mods;
+ Modifications **rs_modtail;
+} req_pwdexop_s;
+
+typedef enum slap_reply_e {
+ REP_RESULT,
+ REP_SASL,
+ REP_EXTENDED,
+ REP_SEARCH,
+ REP_SEARCHREF,
+ REP_INTERMEDIATE,
+ REP_GLUE_RESULT
+} slap_reply_t;
+
+typedef struct rep_sasl_s {
+ struct berval *r_sasldata;
+} rep_sasl_s;
+
+typedef struct rep_extended_s {
+ const char *r_rspoid;
+ struct berval *r_rspdata;
+} rep_extended_s;
+
+typedef struct rep_search_s {
+ Entry *r_entry;
+ slap_mask_t r_attr_flags;
+#define SLAP_ATTRS_UNDEFINED (0x00U)
+#define SLAP_OPATTRS_NO (0x01U)
+#define SLAP_OPATTRS_YES (0x02U)
+#define SLAP_USERATTRS_NO (0x10U)
+#define SLAP_USERATTRS_YES (0x20U)
+#define SLAP_OPATTRS_MASK(f) ((f) & (SLAP_OPATTRS_NO|SLAP_OPATTRS_YES))
+#define SLAP_OPATTRS(f) (((f) & SLAP_OPATTRS_YES) == SLAP_OPATTRS_YES)
+#define SLAP_USERATTRS_MASK(f) ((f) & (SLAP_USERATTRS_NO|SLAP_USERATTRS_YES))
+#define SLAP_USERATTRS(f) \
+ (((f) & SLAP_USERATTRS_YES) == SLAP_USERATTRS_YES)
+
+ Attribute *r_operational_attrs;
+ AttributeName *r_attrs;
+ int r_nentries;
+ BerVarray r_v2ref;
+} rep_search_s;
+
+typedef struct slap_rep {
+ slap_reply_t sr_type;
+ ber_tag_t sr_tag;
+ ber_int_t sr_msgid;
+ ber_int_t sr_err;
+ const char *sr_matched;
+ const char *sr_text;
+ BerVarray sr_ref;
+ LDAPControl **sr_ctrls;
+ union sr_u {
+ rep_sasl_s sru_sasl;
+ rep_extended_s sru_extended;
+ rep_search_s sru_search;
+ } sr_un;
+ slap_mask_t sr_flags;
+#define REP_ENTRY_MODIFIABLE 0x0001U
+#define REP_ENTRY_MUSTBEFREED 0x0002U
+#define REP_ENTRY_MUSTRELEASE 0x0004U
+#define REP_MATCHED_MUSTBEFREED 0x0010U
+#define REP_REF_MUSTBEFREED 0x0020U
+
+#define REP_NO_ENTRYDN 0x1000U
+#define REP_NO_SUBSCHEMA 0x2000U
+#define REP_NO_OPERATIONALS (REP_NO_ENTRYDN|REP_NO_SUBSCHEMA)
+} SlapReply;
+
+/* short hands for response members */
+#define sr_attrs sr_un.sru_search.r_attrs
+#define sr_entry sr_un.sru_search.r_entry
+#define sr_operational_attrs sr_un.sru_search.r_operational_attrs
+#define sr_attr_flags sr_un.sru_search.r_attr_flags
+#define sr_v2ref sr_un.sru_search.r_v2ref
+#define sr_nentries sr_un.sru_search.r_nentries
+#define sr_rspoid sr_un.sru_extended.r_rspoid
+#define sr_rspdata sr_un.sru_extended.r_rspdata
+#define sr_sasldata sr_un.sru_sasl.r_sasldata
+
+typedef int (BI_op_func) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
+typedef BI_op_func BI_op_bind;
+typedef BI_op_func BI_op_unbind;
+typedef BI_op_func BI_op_search;
+typedef BI_op_func BI_op_compare;
+typedef BI_op_func BI_op_modify;
+typedef BI_op_func BI_op_modrdn;
+typedef BI_op_func BI_op_add;
+typedef BI_op_func BI_op_delete;
+typedef BI_op_func BI_op_abandon;
+typedef BI_op_func BI_op_cancel;
+typedef BI_op_func BI_op_extended;
+typedef BI_op_func BI_chk_referrals;
+typedef BI_op_func BI_chk_controls;
+typedef int (BI_entry_release_rw)
+ LDAP_P(( struct slap_op *op, Entry *e, int rw ));
+typedef int (BI_entry_get_rw) LDAP_P(( struct slap_op *op, struct berval *ndn,
+ ObjectClass *oc, AttributeDescription *at, int rw, Entry **e ));
+typedef int (BI_operational) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
+typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op,
+ Entry *e, int *hasSubs ));
+#ifdef SLAP_OVERLAY_ACCESS
+typedef int (BI_access_allowed) LDAP_P(( struct slap_op *op, Entry *e,
+ AttributeDescription *desc, struct berval *val, slap_access_t access,
+ AccessControlState *state, slap_mask_t *maskp ));
+typedef int (BI_acl_group) LDAP_P(( struct slap_op *op, Entry *target,
+ struct berval *gr_ndn, struct berval *op_ndn,
+ ObjectClass *group_oc, AttributeDescription *group_at ));
+typedef int (BI_acl_attribute) LDAP_P(( struct slap_op *op, Entry *target,
+ struct berval *entry_ndn, AttributeDescription *entry_at,
+ BerVarray *vals, slap_access_t access ));
+#endif /* SLAP_OVERLAY_ACCESS */
+
+typedef int (BI_conn_func) LDAP_P(( BackendDB *bd, struct slap_conn *c ));
+typedef BI_conn_func BI_connection_init;
+typedef BI_conn_func BI_connection_destroy;
+
+typedef int (BI_tool_entry_open) LDAP_P(( BackendDB *be, int mode ));
+typedef int (BI_tool_entry_close) LDAP_P(( BackendDB *be ));
+typedef ID (BI_tool_entry_first) LDAP_P(( BackendDB *be ));
+typedef ID (BI_tool_entry_next) LDAP_P(( BackendDB *be ));
+typedef Entry* (BI_tool_entry_get) LDAP_P(( BackendDB *be, ID id ));
+typedef ID (BI_tool_entry_put) LDAP_P(( BackendDB *be, Entry *e,
+ struct berval *text ));
+typedef int (BI_tool_entry_reindex) LDAP_P(( BackendDB *be, ID id ));
+typedef int (BI_tool_sync) LDAP_P(( BackendDB *be ));
+typedef ID (BI_tool_dn2id_get) LDAP_P(( BackendDB *be, struct berval *dn ));
+typedef int (BI_tool_id2entry_get) LDAP_P(( BackendDB *be, ID id, Entry **e ));
+typedef ID (BI_tool_entry_modify) LDAP_P(( BackendDB *be, Entry *e,
+ struct berval *text ));
+
+struct slap_backend_info {
+ char *bi_type; /* type of backend */
+
+ /*
+ * per backend type routines:
+ * bi_init: called to allocate a backend_info structure,
+ * called once BEFORE configuration file is read.
+ * bi_init() initializes this structure hence is
+ * called directly from be_initialize()
+ * bi_config: called per 'backend' specific option
+ * all such options must before any 'database' options
+ * bi_config() is called only from read_config()
+ * bi_open: called to open each database, called
+ * once AFTER configuration file is read but
+ * BEFORE any bi_db_open() calls.
+ * bi_open() is called from backend_startup()
+ * bi_close: called to close each database, called
+ * once during shutdown after all bi_db_close calls.
+ * bi_close() is called from backend_shutdown()
+ * bi_destroy: called to destroy each database, called
+ * once during shutdown after all bi_db_destroy calls.
+ * bi_destory() is called from backend_destroy()
+ */
+ BI_init *bi_init;
+ BI_config *bi_config;
+ BI_open *bi_open;
+ BI_close *bi_close;
+ BI_destroy *bi_destroy;
+
+ /*
+ * per database routines:
+ * bi_db_init: called to initialize each database,
+ * called upon reading 'database <type>'
+ * called only from backend_db_init()
+ * bi_db_config: called to configure each database,
+ * called per database to handle per database options
+ * called only from read_config()
+ * bi_db_open: called to open each database
+ * called once per database immediately AFTER bi_open()
+ * calls but before daemon startup.
+ * called only by backend_startup()
+ * bi_db_close: called to close each database
+ * called once per database during shutdown but BEFORE
+ * any bi_close call.
+ * called only by backend_shutdown()
+ * bi_db_destroy: called to destroy each database
+ * called once per database during shutdown AFTER all
+ * bi_close calls but before bi_destory calls.
+ * called only by backend_destory()
+ */
+ BI_db_init *bi_db_init;
+ BI_db_config *bi_db_config;
+ BI_db_open *bi_db_open;
+ BI_db_close *bi_db_close;
+ BI_db_destroy *bi_db_destroy;
+
+ /* LDAP Operations Handling Routines */
+ BI_op_bind *bi_op_bind;
+ BI_op_unbind *bi_op_unbind;
+ BI_op_search *bi_op_search;
+ BI_op_compare *bi_op_compare;
+ BI_op_modify *bi_op_modify;
+ BI_op_modrdn *bi_op_modrdn;
+ BI_op_add *bi_op_add;
+ BI_op_delete *bi_op_delete;
+ BI_op_abandon *bi_op_abandon;
+ BI_op_cancel *bi_op_cancel;
+
+ /* Extended Operations Helper */
+ BI_op_extended *bi_extended;
+
+ /* Auxilary Functions */
+ BI_operational *bi_operational;
+ BI_chk_referrals *bi_chk_referrals;
+ BI_chk_controls *bi_chk_controls;
+ BI_entry_get_rw *bi_entry_get_rw;
+ BI_entry_release_rw *bi_entry_release_rw;
+
+ BI_has_subordinates *bi_has_subordinates;
+#ifdef SLAP_OVERLAY_ACCESS
+ BI_access_allowed *bi_access_allowed;
+ BI_acl_group *bi_acl_group;
+ BI_acl_attribute *bi_acl_attribute;
+#endif /* SLAP_OVERLAY_ACCESS */
+
+ BI_connection_init *bi_connection_init;
+ BI_connection_destroy *bi_connection_destroy;
+
+ /* hooks for slap tools */
+ BI_tool_entry_open *bi_tool_entry_open;
+ BI_tool_entry_close *bi_tool_entry_close;
+ BI_tool_entry_first *bi_tool_entry_first;
+ BI_tool_entry_next *bi_tool_entry_next;
+ BI_tool_entry_get *bi_tool_entry_get;
+ BI_tool_entry_put *bi_tool_entry_put;
+ BI_tool_entry_reindex *bi_tool_entry_reindex;
+ BI_tool_sync *bi_tool_sync;
+ BI_tool_dn2id_get *bi_tool_dn2id_get;
+ BI_tool_id2entry_get *bi_tool_id2entry_get;
+ BI_tool_entry_modify *bi_tool_entry_modify;
+
+#define SLAP_INDEX_ADD_OP 0x0001
+#define SLAP_INDEX_DELETE_OP 0x0002
+
+ slap_mask_t bi_flags; /* backend flags */
+#define SLAP_BFLAG_MONITOR 0x0001U /* a monitor backend */
+#define SLAP_BFLAG_CONFIG 0x0002U /* a config backend */
+#define SLAP_BFLAG_FRONTEND 0x0004U /* the frontendDB */
+#define SLAP_BFLAG_NOLASTMODCMD 0x0010U
+#define SLAP_BFLAG_INCREMENT 0x0100U
+#define SLAP_BFLAG_ALIASES 0x1000U
+#define SLAP_BFLAG_REFERRALS 0x2000U
+#define SLAP_BFLAG_SUBENTRIES 0x4000U
+#define SLAP_BFLAG_DYNAMIC 0x8000U
+
+#define SLAP_BFLAGS(be) ((be)->bd_info->bi_flags)
+#define SLAP_MONITOR(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_MONITOR)
+#define SLAP_CONFIG(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_CONFIG)
+#define SLAP_FRONTEND(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_FRONTEND)
+#define SLAP_INCREMENT(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_INCREMENT)
+#define SLAP_ALIASES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_ALIASES)
+#define SLAP_REFERRALS(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_REFERRALS)
+#define SLAP_SUBENTRIES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_SUBENTRIES)
+#define SLAP_DYNAMIC(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_DYNAMIC)
+#define SLAP_NOLASTMODCMD(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_NOLASTMODCMD)
+#define SLAP_LASTMODCMD(be) (!SLAP_NOLASTMODCMD(be))
+
+ char **bi_controls; /* supported controls */
+ char bi_ctrls[SLAP_MAX_CIDS + 1];
+
+ unsigned int bi_nDB; /* number of databases of this type */
+ struct ConfigOCs *bi_cf_ocs;
+ void *bi_private; /* anything the backend type needs */
+ LDAP_STAILQ_ENTRY(slap_backend_info) bi_next ;
+};
+
+#define c_authtype c_authz.sai_method
+#define c_authmech c_authz.sai_mech
+#define c_dn c_authz.sai_dn
+#define c_ndn c_authz.sai_ndn
+#define c_ssf c_authz.sai_ssf
+#define c_transport_ssf c_authz.sai_transport_ssf
+#define c_tls_ssf c_authz.sai_tls_ssf
+#define c_sasl_ssf c_authz.sai_sasl_ssf
+
+#define o_authtype o_authz.sai_method
+#define o_authmech o_authz.sai_mech
+#define o_dn o_authz.sai_dn
+#define o_ndn o_authz.sai_ndn
+#define o_ssf o_authz.sai_ssf
+#define o_transport_ssf o_authz.sai_transport_ssf
+#define o_tls_ssf o_authz.sai_tls_ssf
+#define o_sasl_ssf o_authz.sai_sasl_ssf
+
+typedef int (slap_response)( struct slap_op *, struct slap_rep * );
+
+typedef struct slap_callback {
+ struct slap_callback *sc_next;
+ slap_response *sc_response;
+ slap_response *sc_cleanup;
+ void *sc_private;
+} slap_callback;
+
+struct slap_overinfo;
+
+typedef enum slap_operation_e {
+ op_bind = 0,
+ op_unbind,
+ op_search,
+ op_compare,
+ op_modify,
+ op_modrdn,
+ op_add,
+ op_delete,
+ op_abandon,
+ op_cancel,
+ op_extended,
+ op_aux_operational,
+ op_aux_chk_referrals,
+ op_aux_chk_controls,
+ op_last
+} slap_operation_t;
+
+typedef struct slap_overinst {
+ BackendInfo on_bi;
+ slap_response *on_response;
+ struct slap_overinfo *on_info;
+ struct slap_overinst *on_next;
+} slap_overinst;
+
+typedef struct slap_overinfo {
+ BackendInfo oi_bi;
+ BackendInfo *oi_orig;
+ BackendDB *oi_origdb;
+ struct slap_overinst *oi_list;
+} slap_overinfo;
+
+/* Should successive callbacks in a chain be processed? */
+#define SLAP_CB_FREEME 0x04000
+#define SLAP_CB_BYPASS 0x08800
+#define SLAP_CB_CONTINUE 0x08000
+
+/*
+ * Paged Results state
+ */
+typedef unsigned long PagedResultsCookie;
+typedef struct slap_paged_state {
+ Backend *ps_be;
+ ber_int_t ps_size;
+ PagedResultsCookie ps_cookie;
+ int ps_count;
+} PagedResultsState;
+
+struct slap_csn_entry {
+ struct berval ce_csn;
+ unsigned long ce_opid;
+ unsigned long ce_connid;
+#define SLAP_CSN_PENDING 1
+#define SLAP_CSN_COMMIT 2
+ long ce_state;
+ LDAP_TAILQ_ENTRY (slap_csn_entry) ce_csn_link;
+};
+
+/*
+ * Caches the result of a backend_group check for ACL evaluation
+ */
+typedef struct slap_gacl {
+ struct slap_gacl *ga_next;
+ Backend *ga_be;
+ ObjectClass *ga_oc;
+ AttributeDescription *ga_at;
+ int ga_res;
+ ber_len_t ga_len;
+ char ga_ndn[1];
+} GroupAssertion;
+
+struct slap_control_ids {
+ int sc_LDAPsync;
+ int sc_assert;
+ int sc_domainScope;
+ int sc_dontUseCopy;
+ int sc_manageDIT;
+ int sc_manageDSAit;
+ int sc_modifyIncrement;
+ int sc_noOp;
+ int sc_pagedResults;
+ int sc_permissiveModify;
+ int sc_postRead;
+ int sc_preRead;
+ int sc_proxyAuthz;
+ int sc_searchOptions;
+#ifdef LDAP_DEVEL
+ int sc_sortedResults;
+#endif
+ int sc_subentries;
+ int sc_treeDelete;
+ int sc_valuesReturnFilter;
+};
+
+/*
+ * represents an operation pending from an ldap client
+ */
+typedef struct slap_op_header {
+ unsigned long oh_opid; /* id of this operation */
+ unsigned long oh_connid; /* id of conn initiating this op */
+ struct slap_conn *oh_conn; /* connection spawning this op */
+
+ ber_int_t oh_msgid; /* msgid of the request */
+ ber_int_t oh_protocol; /* version of the LDAP protocol used by client */
+
+ ldap_pvt_thread_t oh_tid; /* thread handling this op */
+
+ void *oh_threadctx; /* thread pool thread context */
+ void *oh_tmpmemctx; /* slab malloc context */
+ BerMemoryFunctions *oh_tmpmfuncs;
+
+ char oh_log_prefix[sizeof("conn=18446744073709551615 op=18446744073709551615")];
+
+#ifdef LDAP_SLAPI
+ void *oh_extensions; /* NS-SLAPI plugin */
+#endif
+} Opheader;
+
+typedef union slap_op_request {
+ req_add_s oq_add;
+ req_bind_s oq_bind;
+ req_compare_s oq_compare;
+ req_modify_s oq_modify;
+ req_modrdn_s oq_modrdn;
+ req_search_s oq_search;
+ req_abandon_s oq_abandon;
+ req_abandon_s oq_cancel;
+ req_extended_s oq_extended;
+ req_pwdexop_s oq_pwdexop;
+} OpRequest;
+
+typedef struct slap_op {
+ Opheader *o_hdr;
+
+#define o_opid o_hdr->oh_opid
+#define o_connid o_hdr->oh_connid
+#define o_conn o_hdr->oh_conn
+#define o_msgid o_hdr->oh_msgid
+#define o_protocol o_hdr->oh_protocol
+#define o_tid o_hdr->oh_tid
+#define o_threadctx o_hdr->oh_threadctx
+#define o_tmpmemctx o_hdr->oh_tmpmemctx
+#define o_tmpmfuncs o_hdr->oh_tmpmfuncs
+
+#define o_tmpalloc o_tmpmfuncs->bmf_malloc
+#define o_tmpcalloc o_tmpmfuncs->bmf_calloc
+#define o_tmprealloc o_tmpmfuncs->bmf_realloc
+#define o_tmpfree o_tmpmfuncs->bmf_free
+
+#define o_log_prefix o_hdr->oh_log_prefix
+
+ ber_tag_t o_tag; /* tag of the request */
+ time_t o_time; /* time op was initiated */
+ int o_tincr; /* counter for multiple ops with same o_time */
+
+ BackendDB *o_bd; /* backend DB processing this op */
+ struct berval o_req_dn; /* DN of target of request */
+ struct berval o_req_ndn;
+
+ OpRequest o_request;
+
+/* short hands for union members */
+#define oq_add o_request.oq_add
+#define oq_bind o_request.oq_bind
+#define oq_compare o_request.oq_compare
+#define oq_modify o_request.oq_modify
+#define oq_modrdn o_request.oq_modrdn
+#define oq_search o_request.oq_search
+#define oq_abandon o_request.oq_abandon
+#define oq_cancel o_request.oq_cancel
+#define oq_extended o_request.oq_extended
+#define oq_pwdexop o_request.oq_pwdexop
+
+/* short hands for inner request members */
+#define orb_method oq_bind.rb_method
+#define orb_cred oq_bind.rb_cred
+#define orb_edn oq_bind.rb_edn
+#define orb_ssf oq_bind.rb_ssf
+#define orb_tmp_mech oq_bind.rb_tmp_mech
+
+#define ors_scope oq_search.rs_scope
+#define ors_deref oq_search.rs_deref
+#define ors_slimit oq_search.rs_slimit
+#define ors_tlimit oq_search.rs_tlimit
+#define ors_limit oq_search.rs_limit
+#define ors_attrsonly oq_search.rs_attrsonly
+#define ors_attrs oq_search.rs_attrs
+#define ors_filter oq_search.rs_filter
+#define ors_filterstr oq_search.rs_filterstr
+
+#define orr_newrdn oq_modrdn.rs_newrdn
+#define orr_nnewrdn oq_modrdn.rs_nnewrdn
+#define orr_newSup oq_modrdn.rs_newSup
+#define orr_nnewSup oq_modrdn.rs_nnewSup
+#define orr_deleteoldrdn oq_modrdn.rs_deleteoldrdn
+
+#define orc_ava oq_compare.rs_ava
+#define ora_e oq_add.rs_e
+#define ora_modlist oq_add.rs_modlist
+#define orn_msgid oq_abandon.rs_msgid
+#define orm_modlist oq_modify.rs_modlist
+#define orm_increment oq_modify.rs_increment
+
+#define ore_reqoid oq_extended.rs_reqoid
+#define ore_flags oq_extended.rs_flags
+#define ore_reqdata oq_extended.rs_reqdata
+ volatile sig_atomic_t o_abandon; /* abandon flag */
+ volatile sig_atomic_t o_cancel; /* cancel flag */
+#define SLAP_CANCEL_NONE 0x00
+#define SLAP_CANCEL_REQ 0x01
+#define SLAP_CANCEL_ACK 0x02
+#define SLAP_CANCEL_DONE 0x03
+
+ GroupAssertion *o_groups;
+ char o_do_not_cache; /* don't cache groups from this op */
+ char o_is_auth_check; /* authorization in progress */
+
+ char o_nocaching;
+ char o_delete_glue_parent;
+ char o_no_schema_check;
+#define get_no_schema_check(op) ((op)->o_no_schema_check)
+
+#define SLAP_CONTROL_NONE 0
+#define SLAP_CONTROL_IGNORED 1
+#define SLAP_CONTROL_NONCRITICAL 2
+#define SLAP_CONTROL_CRITICAL 3
+#define SLAP_CONTROL_MASK 3
+
+/* spare bits for simple flags */
+#define SLAP_CONTROL_SHIFT 4 /* shift to reach data bits */
+#define SLAP_CONTROL_DATA0 0x10
+#define SLAP_CONTROL_DATA1 0x20
+#define SLAP_CONTROL_DATA2 0x40
+#define SLAP_CONTROL_DATA3 0x80
+
+
+#define _SCM(x) ((x) & SLAP_CONTROL_MASK)
+
+ char o_ctrlflag[SLAP_MAX_CIDS]; /* per-control flags */
+ void **o_controls; /* per-control state */
+
+#define o_dontUseCopy o_ctrlflag[slap_cids.sc_dontUseCopy]
+#define get_dontUseCopy(op) _SCM((op)->o_dontUseCopy)
+
+#define o_managedit o_ctrlflag[slap_cids.sc_manageDIT]
+#define get_manageDIT(op) _SCM((op)->o_managedit)
+
+#define o_managedsait o_ctrlflag[slap_cids.sc_manageDSAit]
+#define get_manageDSAit(op) _SCM((op)->o_managedsait)
+
+#define o_noop o_ctrlflag[slap_cids.sc_noOp]
+#define o_proxy_authz o_ctrlflag[slap_cids.sc_proxyAuthz]
+#define o_subentries o_ctrlflag[slap_cids.sc_subentries]
+
+#define get_subentries(op) _SCM((op)->o_subentries)
+#define o_subentries_visibility o_ctrlflag[slap_cids.sc_subentries]
+
+#define set_subentries_visibility(op) ((op)->o_subentries |= SLAP_CONTROL_DATA0)
+#define get_subentries_visibility(op) (((op)->o_subentries & SLAP_CONTROL_DATA0) != 0)
+
+#define o_assert o_ctrlflag[slap_cids.sc_assert]
+#define get_assert(op) ((int)(op)->o_assert)
+#define o_assertion o_controls[slap_cids.sc_assert]
+#define get_assertion(op) ((op)->o_assertion)
+
+#define o_valuesreturnfilter o_ctrlflag[slap_cids.sc_valuesReturnFilter]
+#define o_vrFilter o_controls[slap_cids.sc_valuesReturnFilter]
+
+#define o_permissive_modify o_ctrlflag[slap_cids.sc_permissiveModify]
+#define get_permissiveModify(op) ((int)(op)->o_permissive_modify)
+
+#define o_domain_scope o_ctrlflag[slap_cids.sc_domainScope]
+#define get_domainScope(op) ((int)(op)->o_domain_scope)
+
+#define o_tree_delete o_ctrlflag[slap_cids.sc_treeDelete]
+#define get_treeDelete(op) ((int)(op)->o_tree_delete)
+
+#define o_preread o_ctrlflag[slap_cids.sc_preRead]
+#define o_postread o_ctrlflag[slap_cids.sc_postRead]
+
+#define o_preread_attrs o_controls[slap_cids.sc_preRead]
+#define o_postread_attrs o_controls[slap_cids.sc_postRead]
+
+#define o_pagedresults o_ctrlflag[slap_cids.sc_pagedResults]
+#define o_pagedresults_state o_controls[slap_cids.sc_pagedResults]
+#define get_pagedresults(op) ((int)(op)->o_pagedresults)
+
+#ifdef LDAP_DEVEL
+#define o_sortedresults o_ctrlflag[slap_cids.sc_sortedResults]
+#endif
+
+#define o_sync o_ctrlflag[slap_cids.sc_LDAPsync]
+
+ AuthorizationInformation o_authz;
+
+ BerElement *o_ber; /* ber of the request */
+ BerElement *o_res_ber; /* ber of the CLDAP reply or readback control */
+ slap_callback *o_callback; /* callback pointers */
+ LDAPControl **o_ctrls; /* controls */
+ struct berval o_csn;
+
+ void *o_private; /* anything the backend needs */
+
+ LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */
+
+} Operation;
+#define OPERATION_BUFFER_SIZE ( sizeof(Operation) + sizeof(Opheader) + \
+ SLAP_MAX_CIDS*sizeof(void *) )
+
+typedef LBER_ALIGNED_BUFFER(operation_buffer_u,OPERATION_BUFFER_SIZE)
+ OperationBuffer;
+
+#define send_ldap_error( op, rs, err, text ) do { \
+ (rs)->sr_err = err; (rs)->sr_text = text; \
+ (op->o_conn->c_send_ldap_result)( op, rs ); \
+ } while (0)
+#define send_ldap_discon( op, rs, err, text ) do { \
+ (rs)->sr_err = err; (rs)->sr_text = text; \
+ send_ldap_disconnect( op, rs ); \
+ } while (0)
+
+typedef void (SEND_LDAP_RESULT)(
+ struct slap_op *op, struct slap_rep *rs);
+typedef int (SEND_SEARCH_ENTRY)(
+ struct slap_op *op, struct slap_rep *rs);
+typedef int (SEND_SEARCH_REFERENCE)(
+ struct slap_op *op, struct slap_rep *rs);
+typedef void (SEND_LDAP_EXTENDED)(
+ struct slap_op *op, struct slap_rep *rs);
+typedef void (SEND_LDAP_INTERMEDIATE)(
+ struct slap_op *op, struct slap_rep *rs);
+
+#define send_ldap_result( op, rs ) \
+ ((op)->o_conn->c_send_ldap_result)( op, rs )
+#define send_search_entry( op, rs ) \
+ ((op)->o_conn->c_send_search_entry)( op, rs )
+#define send_search_reference( op, rs ) \
+ ((op)->o_conn->c_send_search_reference)( op, rs )
+#define send_ldap_extended( op, rs ) \
+ ((op)->o_conn->c_send_ldap_extended)( op, rs )
+#define send_ldap_intermediate( op, rs ) \
+ ((op)->o_conn->c_send_ldap_intermediate)( op, rs )
+
+typedef struct slap_listener Listener;
+
+/*
+ * represents a connection from an ldap client
+ */
+typedef struct slap_conn {
+ int c_struct_state; /* structure management state */
+ int c_conn_state; /* connection state */
+ int c_conn_idx; /* slot in connections array */
+ const char *c_close_reason; /* why connection is closing */
+
+ ldap_pvt_thread_mutex_t c_mutex; /* protect the connection */
+ Sockbuf *c_sb; /* ber connection stuff */
+
+ /* only can be changed by connect_init */
+ time_t c_starttime; /* when the connection was opened */
+ time_t c_activitytime; /* when the connection was last used */
+ unsigned long c_connid; /* id of this connection for stats*/
+
+ struct berval c_peer_domain; /* DNS name of client */
+ struct berval c_peer_name; /* peer name (trans=addr:port) */
+ Listener *c_listener;
+#define c_listener_url c_listener->sl_url /* listener URL */
+#define c_sock_name c_listener->sl_name /* sock name (trans=addr:port) */
+
+ /* only can be changed by binding thread */
+ int c_sasl_bind_in_progress; /* multi-op bind in progress */
+ struct berval c_sasl_bind_mech; /* mech in progress */
+ struct berval c_sasl_dn; /* temporary storage */
+ struct berval c_sasl_authz_dn; /* SASL proxy authz */
+
+ /* authorization backend */
+ Backend *c_authz_backend;
+ void *c_authz_cookie;
+#define SLAP_IS_AUTHZ_BACKEND( op ) \
+ ( (op)->o_bd != NULL \
+ && (op)->o_bd->be_private != NULL \
+ && (op)->o_conn != NULL \
+ && (op)->o_conn->c_authz_backend != NULL \
+ && ( (op)->o_bd->be_private == (op)->o_conn->c_authz_backend->be_private \
+ || (op)->o_bd->be_private == (op)->o_conn->c_authz_cookie ) )
+
+ AuthorizationInformation c_authz;
+
+ ber_int_t c_protocol; /* version of the LDAP protocol used by client */
+
+ LDAP_STAILQ_HEAD(c_o, slap_op) c_ops; /* list of operations being processed */
+ LDAP_STAILQ_HEAD(c_po, slap_op) c_pending_ops; /* list of pending operations */
+
+ ldap_pvt_thread_mutex_t c_write_mutex; /* only one pdu written at a time */
+ ldap_pvt_thread_cond_t c_write_cv; /* used to wait for sd write-ready*/
+
+ BerElement *c_currentber; /* ber we're attempting to read */
+ int c_writewaiter; /* true if writer is waiting */
+
+#define CONN_IS_TLS 1
+#define CONN_IS_UDP 2
+#define CONN_IS_CLIENT 3
+
+#ifdef LDAP_CONNECTIONLESS
+ int c_is_udp; /* true if this is (C)LDAP over UDP */
+#endif
+#ifdef HAVE_TLS
+ int c_is_tls; /* true if this LDAP over raw TLS */
+ int c_needs_tls_accept; /* true if SSL_accept should be called */
+#endif
+ int c_sasl_layers; /* true if we need to install SASL i/o handlers */
+ int c_sasl_done; /* SASL completed once */
+ void *c_sasl_authctx; /* SASL authentication context */
+ void *c_sasl_sockctx; /* SASL security layer context */
+ void *c_sasl_extra; /* SASL session extra stuff */
+ struct slap_op *c_sasl_bindop; /* set to current op if it's a bind */
+
+ PagedResultsState c_pagedresults_state; /* paged result state */
+
+ long c_n_ops_received; /* num of ops received (next op_id) */
+ long c_n_ops_executing; /* num of ops currently executing */
+ long c_n_ops_pending; /* num of ops pending execution */
+ long c_n_ops_completed; /* num of ops completed */
+
+ long c_n_get; /* num of get calls */
+ long c_n_read; /* num of read calls */
+ long c_n_write; /* num of write calls */
+
+ void *c_pb; /* Netscape plugin */
+ void *c_extensions; /* Netscape plugin */
+
+ /*
+ * Client connection handling
+ */
+ ldap_pvt_thread_start_t *c_clientfunc;
+ void *c_clientarg;
+
+ /*
+ * These are the "callbacks" that are available for back-ends to
+ * supply data back to connected clients that are connected
+ * through the "front-end".
+ */
+ SEND_LDAP_RESULT *c_send_ldap_result;
+ SEND_SEARCH_ENTRY *c_send_search_entry;
+ SEND_SEARCH_REFERENCE *c_send_search_reference;
+ SEND_LDAP_EXTENDED *c_send_ldap_extended;
+ SEND_LDAP_INTERMEDIATE *c_send_ldap_intermediate;
+} Connection;
+
+#if defined(LDAP_SYSLOG) && defined(LDAP_DEBUG)
+#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \
+ do { \
+ if ( ldap_debug & (level) ) \
+ fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\
+ if ( ldap_syslog & (level) ) \
+ syslog( ldap_syslog_level, (fmt), (connid), (opid), (arg1), \
+ (arg2), (arg3) ); \
+ } while (0)
+#define StatslogTest( level ) ((ldap_debug | ldap_syslog) & (level))
+#elif defined(LDAP_DEBUG)
+#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \
+ do { \
+ if ( ldap_debug & (level) ) \
+ fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\
+ } while (0)
+#define StatslogTest( level ) (ldap_debug & (level))
+#else
+#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 )
+#define StatslogTest( level ) (0)
+#endif
+
+/*
+ * listener; need to access it from monitor backend
+ */
+struct slap_listener {
+ struct berval sl_url;
+ struct berval sl_name;
+ mode_t sl_perms;
+#ifdef HAVE_TLS
+ int sl_is_tls;
+#endif
+#ifdef LDAP_CONNECTIONLESS
+ int sl_is_udp; /* UDP listener is also data port */
+#endif
+ int sl_mute; /* Listener is temporarily disabled due to emfile */
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ int sl_busy; /* Listener is busy (accept thread activated) */
+#endif
+ ber_socket_t sl_sd;
+ Sockaddr sl_sa;
+#define sl_addr sl_sa.sa_in_addr
+};
+
+/*
+ * Operation indices
+ */
+typedef enum {
+ SLAP_OP_BIND = 0,
+ SLAP_OP_UNBIND,
+ SLAP_OP_ADD,
+ SLAP_OP_DELETE,
+ SLAP_OP_MODRDN,
+ SLAP_OP_MODIFY,
+ SLAP_OP_COMPARE,
+ SLAP_OP_SEARCH,
+ SLAP_OP_ABANDON,
+ SLAP_OP_EXTENDED,
+ SLAP_OP_LAST
+} slap_op_t;
+
+typedef struct slap_counters_t {
+ ldap_pvt_thread_mutex_t sc_sent_mutex;
+ ldap_pvt_mp_t sc_bytes;
+ ldap_pvt_mp_t sc_pdu;
+ ldap_pvt_mp_t sc_entries;
+ ldap_pvt_mp_t sc_refs;
+
+ ldap_pvt_thread_mutex_t sc_ops_mutex;
+ ldap_pvt_mp_t sc_ops_completed;
+ ldap_pvt_mp_t sc_ops_initiated;
+#ifdef SLAPD_MONITOR
+ ldap_pvt_mp_t sc_ops_completed_[SLAP_OP_LAST];
+ ldap_pvt_mp_t sc_ops_initiated_[SLAP_OP_LAST];
+#endif /* SLAPD_MONITOR */
+} slap_counters_t;
+
+/*
+ * Better know these all around slapd
+ */
+#define SLAP_LDAPDN_PRETTY 0x1
+#define SLAP_LDAPDN_MAXLEN 8192
+
+/* number of response controls supported */
+#define SLAP_MAX_RESPONSE_CONTROLS 6
+
+#ifdef LDAP_DEVEL
+#define SLAP_CTRL_HIDE 0x00000000U
+#else
+#define SLAP_CTRL_HIDE 0x80000000U
+#endif
+
+#define SLAP_CTRL_REQUIRES_ROOT 0x40000000U /* for ManageDIT */
+
+#define SLAP_CTRL_GLOBAL 0x00800000U
+#define SLAP_CTRL_GLOBAL_SEARCH 0x00010000U /* for NOOP */
+
+#define SLAP_CTRL_OPFLAGS 0x0000FFFFU
+#define SLAP_CTRL_ABANDON 0x00000001U
+#define SLAP_CTRL_ADD 0x00002002U
+#define SLAP_CTRL_BIND 0x00000004U
+#define SLAP_CTRL_COMPARE 0x00001008U
+#define SLAP_CTRL_DELETE 0x00002010U
+#define SLAP_CTRL_MODIFY 0x00002020U
+#define SLAP_CTRL_RENAME 0x00002040U
+#define SLAP_CTRL_SEARCH 0x00001080U
+#define SLAP_CTRL_UNBIND 0x00000100U
+
+#define SLAP_CTRL_INTROGATE (SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH)
+#define SLAP_CTRL_UPDATE \
+ (SLAP_CTRL_ADD|SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME)
+#define SLAP_CTRL_ACCESS (SLAP_CTRL_INTROGATE|SLAP_CTRL_UPDATE)
+
+typedef int (SLAP_CTRL_PARSE_FN) LDAP_P((
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl ));
+
+#define SLAP_SLAB_SIZE (1024*1024)
+#define SLAP_SLAB_STACK 1
+#define SLAP_SLAB_SOBLOCK 64
+
+#define SLAP_ZONE_ALLOC 1
+#undef SLAP_ZONE_ALLOC
+
+#ifdef LDAP_COMP_MATCH
+/*
+ * Extensible Filter Definition
+ *
+ * MatchingRuleAssertion := SEQUENCE {
+ * matchingRule [1] MatchingRuleId OPTIONAL,
+ * type [2] AttributeDescription OPTIONAL,
+ * matchValue [3] AssertionValue,
+ * dnAttributes [4] BOOLEAN DEFAULT FALSE }
+ *
+ * Following ComponentFilter is contained in matchValue
+ *
+ * ComponentAssertion ::= SEQUENCE {
+ * component ComponentReference (SIZE(1..MAX)) OPTIONAL
+ * useDefaultValues BOOLEAN DEFAULT TRUE,
+ * rule MATCHING-RULE.&id,
+ * value MATCHING-RULE.&AssertionType }
+ *
+ * ComponentFilter ::= CHOICE {
+ * item [0] ComponentAssertion,
+ * and [1] SEQUENCE OF ComponentFilter,
+ * or [2] SEQUENCE OF ComponentFilter,
+ * not [3] ComponentFilter }
+ */
+
+#define LDAP_COMPREF_IDENTIFIER ((ber_tag_t) 0x80U)
+#define LDAP_COMPREF_FROM_BEGINNING ((ber_tag_t) 0x81U)
+#define LDAP_COMPREF_COUNT ((ber_tag_t) 0x82U)
+#define LDAP_COMPREF_FROM_END ((ber_tag_t) 0x83U)
+#define LDAP_COMPREF_CONTENT ((ber_tag_t) 0x84U)
+#define LDAP_COMPREF_SELECT ((ber_tag_t) 0x85U)
+#define LDAP_COMPREF_ALL ((ber_tag_t) 0x86U)
+#define LDAP_COMPREF_DEFINED ((ber_tag_t) 0x87U)
+#define LDAP_COMPREF_UNDEFINED ((ber_tag_t) 0x88U)
+
+#define LDAP_COMP_FILTER_AND ((ber_tag_t) 0xa0U)
+#define LDAP_COMP_FILTER_OR ((ber_tag_t) 0xa1U)
+#define LDAP_COMP_FILTER_NOT ((ber_tag_t) 0xa2U)
+#define LDAP_COMP_FILTER_ITEM ((ber_tag_t) 0xa3U)
+#define LDAP_COMP_FILTER_UNDEFINED ((ber_tag_t) 0xa4U)
+
+typedef struct slap_component_id {
+ int ci_type;
+ struct slap_component_id *ci_next;
+
+ union comp_id_value{
+ BerValue ci_identifier;
+ ber_int_t ci_from_beginning;
+ ber_int_t ci_count;
+ ber_int_t ci_from_end;
+ ber_int_t ci_content;
+ BerValue ci_select_value;
+ char ci_all;
+ } ci_val;
+} ComponentId;
+
+typedef struct slap_component_reference {
+ ComponentId *cr_list;
+ ComponentId *cr_curr;
+ struct berval cr_string;
+ int cr_len;
+ /* Component Indexing */
+ int cr_asn_type_id;
+ slap_mask_t cr_indexmask;
+ AttributeDescription* cr_ad;
+ BerVarray cr_nvals;
+ struct slap_component_reference* cr_next;
+} ComponentReference;
+
+typedef struct slap_component_assertion {
+ ComponentReference *ca_comp_ref;
+ ber_int_t ca_use_def;
+ MatchingRule *ca_ma_rule;
+ struct berval ca_ma_value;
+ ComponentData ca_comp_data; /* componentized assertion */
+ struct slap_component_filter *ca_cf;
+ MatchingRuleAssertion *ca_mra;
+} ComponentAssertion;
+
+typedef struct slap_component_filter {
+ ber_tag_t cf_choice;
+ union cf_un_u {
+ ber_int_t cf_un_result;
+ ComponentAssertion *cf_un_ca;
+ struct slap_component_filter *cf_un_complex;
+ } cf_un;
+
+#define cf_ca cf_un.cf_un_ca
+#define cf_result cf_un.cf_un_result
+#define cf_and cf_un.cf_un_complex
+#define cf_or cf_un.cf_un_complex
+#define cf_not cf_un.cf_un_complex
+#define cf_any cf_un.cf_un_complex
+
+ struct slap_component_filter *cf_next;
+} ComponentFilter;
+
+typedef struct slap_component_assertion_value {
+ char* cav_buf;
+ char* cav_ptr;
+ char* cav_end;
+} ComponentAssertionValue;
+
+typedef int encoder_func LDAP_P((
+ void* b,
+ void* comp));
+
+struct slap_component_syntax_info;
+
+typedef int gser_decoder_func LDAP_P((
+ void* mem_op,
+ void* b,
+ struct slap_component_syntax_info** comp_syn_info,
+ int* len,
+ int mode));
+
+typedef int comp_free_func LDAP_P((
+ void* b));
+
+typedef int ber_decoder_func LDAP_P((
+ void* mem_op,
+ void* b,
+ int tag,
+ int elmtLen,
+ struct slap_component_syntax_info* comp_syn_info,
+ int* len,
+ int mode));
+
+typedef int ber_tag_decoder_func LDAP_P((
+ void* mem_op,
+ void* b,
+ struct slap_component_syntax_info* comp_syn_info,
+ int* len,
+ int mode));
+
+typedef void* extract_component_from_id_func LDAP_P((
+ void* mem_op,
+ ComponentReference* cr,
+ void* comp ));
+
+typedef void* convert_attr_to_comp_func LDAP_P ((
+ Attribute* a,
+ Syntax* syn,
+ struct berval* bv ));
+
+typedef void* alloc_nibble_func LDAP_P ((
+ int initial_size,
+ int increment_size ));
+
+typedef void free_nibble_func LDAP_P ((
+ void* nm ));
+
+struct slap_component_syntax_info;
+typedef void convert_assert_to_comp_func LDAP_P ((
+ void *mem_op,
+ struct slap_component_syntax_info* csi_attr,
+ struct berval* bv,
+ struct slap_component_syntax_info** csi,
+ int* len,
+ int mode ));
+
+typedef int convert_asn_to_ldap_func LDAP_P ((
+ struct slap_component_syntax_info* csi,
+ struct berval *bv ));
+
+typedef void free_component_func LDAP_P ((
+ void* mem_op));
+
+typedef int test_component_func LDAP_P ((
+ void* attr_mem_op,
+ void* assert_mem_op,
+ struct slap_component_syntax_info* csi,
+ struct slap_component_assertion* ca));
+
+typedef void* test_membership_func LDAP_P ((
+ void* in ));
+
+typedef void* get_component_info_func LDAP_P ((
+ int in ));
+
+struct slap_component_syntax_info;
+
+typedef int component_encoder_func LDAP_P ((
+ void* mem_op,
+ struct slap_component_syntax_info* csi,
+ struct berval* nvals ));
+
+typedef int allcomponent_matching_func LDAP_P((
+ char* oid,
+ struct slap_component_syntax_info* comp1,
+ struct slap_component_syntax_info* comp));
+
+typedef struct slap_component_desc {
+ /* Don't change the order of following four fields */
+ int cd_tag;
+ AttributeType *cd_comp_type;
+ struct berval cd_ad_type;/* ad_type, ad_cname */
+ struct berval cd_ad_cname;/* ad_type, ad_cname */
+ unsigned cd_flags; /*ad_flags*/
+ int cd_type;
+ int cd_type_id;
+ encoder_func *cd_ldap_encoder;
+ encoder_func *cd_gser_encoder;
+ encoder_func *cd_ber_encoder;
+ gser_decoder_func *cd_gser_decoder;
+ ber_decoder_func *cd_ber_decoder;
+ comp_free_func *cd_free;
+ extract_component_from_id_func* cd_extract_i;
+ allcomponent_matching_func *cd_all_match;
+} ComponentDesc;
+
+typedef struct slap_component_syntax_info {
+ Syntax* csi_syntax;
+ ComponentDesc* csi_comp_desc;
+} ComponentSyntaxInfo;
+
+#endif
+
+/* slab heap data structures */
+
+struct slab_object {
+ void *so_ptr;
+ int so_blockhead;
+ LDAP_LIST_ENTRY(slab_object) so_link;
+};
+
+struct slab_heap {
+ void *sh_base;
+ void *sh_last;
+ void *sh_end;
+ int sh_stack;
+ int sh_maxorder;
+ unsigned char **sh_map;
+ LDAP_LIST_HEAD( sh_freelist, slab_object ) *sh_free;
+ LDAP_LIST_HEAD( sh_so, slab_object ) sh_sopool;
+};
+
+#ifdef SLAP_ZONE_ALLOC
+#define SLAP_ZONE_SIZE 0x80000 /* 512KB */
+#define SLAP_ZONE_SHIFT 19
+#define SLAP_ZONE_INITSIZE 0x800000 /* 8MB */
+#define SLAP_ZONE_MAXSIZE 0x80000000/* 2GB */
+#define SLAP_ZONE_DELTA 0x800000 /* 8MB */
+#define SLAP_ZONE_ZOBLOCK 256
+
+struct zone_object {
+ void *zo_ptr;
+ int zo_siz;
+ int zo_idx;
+ int zo_blockhead;
+ LDAP_LIST_ENTRY(zone_object) zo_link;
+};
+
+struct zone_latency_history {
+ double zlh_latency;
+ LDAP_STAILQ_ENTRY(zone_latency_history) zlh_next;
+};
+
+struct zone_heap {
+ int zh_fd;
+ int zh_zonesize;
+ int zh_zoneorder;
+ int zh_numzones;
+ int zh_maxzones;
+ int zh_deltazones;
+ void **zh_zones;
+ ldap_pvt_thread_rdwr_t *zh_znlock;
+ Avlnode *zh_zonetree;
+ unsigned char ***zh_maps;
+ int *zh_seqno;
+ LDAP_LIST_HEAD( zh_freelist, zone_object ) *zh_free;
+ LDAP_LIST_HEAD( zh_so, zone_object ) zh_zopool;
+ ldap_pvt_thread_mutex_t zh_mutex;
+ ldap_pvt_thread_rdwr_t zh_lock;
+ double zh_ema_latency;
+ unsigned long zh_ema_samples;
+ LDAP_STAILQ_HEAD( zh_latency_history, zone_latency_history )
+ zh_latency_history_queue;
+ int zh_latency_history_qlen;
+ int zh_latency_jump;
+ int zh_swapping;
+};
+#endif
+
+#define SLAP_BACKEND_INIT_MODULE(b) \
+ static BackendInfo bi; \
+ int \
+ init_module( int argc, char *argv[] ) \
+ { \
+ bi.bi_type = #b ; \
+ bi.bi_init = b ## _back_initialize; \
+ backend_add( &bi ); \
+ return 0; \
+ }
+
+typedef int (OV_init)(void);
+typedef struct slap_oinit_t {
+ const char *ov_type;
+ OV_init *ov_init;
+} OverlayInit;
+
+LDAP_END_DECL
+
+#include "proto-slap.h"
+
+#endif /* _SLAP_H_ */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapacl.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapacl.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapacl.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,387 @@
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/unistd.h>
+
+#include <lber.h>
+#include <ldif.h>
+#include <lutil.h>
+
+#include "slapcommon.h"
+
+static int
+print_access(
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ struct berval *nval )
+{
+ int rc;
+ slap_mask_t mask;
+ char accessmaskbuf[ACCESSMASK_MAXLEN];
+
+ rc = access_allowed_mask( op, e, desc, nval, ACL_AUTH, NULL, &mask );
+
+ fprintf( stderr, "%s%s%s: %s\n",
+ desc->ad_cname.bv_val,
+ ( val && !BER_BVISNULL( val ) ) ? "=" : "",
+ ( val && !BER_BVISNULL( val ) ) ?
+ ( desc == slap_schema.si_ad_userPassword ? "****" : val->bv_val ) : "",
+ accessmask2str( mask, accessmaskbuf, 1 ) );
+
+ return rc;
+}
+
+int
+slapacl( int argc, char **argv )
+{
+ int rc = EXIT_SUCCESS;
+ const char *progname = "slapacl";
+ Connection conn = { 0 };
+ Listener listener;
+ OperationBuffer opbuf;
+ Operation *op = NULL;
+ Entry e = { 0 }, *ep = &e;
+ char *attr = NULL;
+ int doclose = 0;
+ BackendDB *bd;
+
+ slap_tool_init( progname, SLAPACL, argc, argv );
+
+ if ( !dryrun ) {
+ int i = 0;
+
+ LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) {
+ if ( bd != be && backend_startup( bd ) ) {
+ fprintf( stderr, "backend_startup(#%d%s%s) failed\n",
+ i,
+ bd->be_suffix ? ": " : "",
+ bd->be_suffix ? bd->be_suffix[0].bv_val : "" );
+ rc = 1;
+ goto destroy;
+ }
+
+ i++;
+ }
+ }
+
+ argv = &argv[ optind ];
+ argc -= optind;
+
+ op = (Operation *) &opbuf;
+ connection_fake_init( &conn, op, &conn );
+
+ conn.c_listener = &listener;
+ conn.c_listener_url = listener_url;
+ conn.c_peer_domain = peer_domain;
+ conn.c_peer_name = peer_name;
+ conn.c_sock_name = sock_name;
+ op->o_ssf = ssf;
+ op->o_transport_ssf = transport_ssf;
+ op->o_tls_ssf = tls_ssf;
+ op->o_sasl_ssf = sasl_ssf;
+
+ if ( !BER_BVISNULL( &authcID ) ) {
+ if ( !BER_BVISNULL( &authcDN ) ) {
+ fprintf( stderr, "both authcID=\"%s\" "
+ "and authcDN=\"%s\" provided\n",
+ authcID.bv_val, authcDN.bv_val );
+ rc = 1;
+ goto destroy;
+ }
+
+ rc = slap_sasl_getdn( &conn, op, &authcID, NULL,
+ &authcDN, SLAP_GETDN_AUTHCID );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "authcID: <%s> check failed %d (%s)\n",
+ authcID.bv_val, rc,
+ ldap_err2string( rc ) );
+ rc = 1;
+ goto destroy;
+ }
+
+ } else if ( !BER_BVISNULL( &authcDN ) ) {
+ struct berval ndn;
+
+ rc = dnNormalize( 0, NULL, NULL, &authcDN, &ndn, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "autchDN=\"%s\" normalization failed %d (%s)\n",
+ authcDN.bv_val, rc,
+ ldap_err2string( rc ) );
+ rc = 1;
+ goto destroy;
+ }
+ ch_free( authcDN.bv_val );
+ authcDN = ndn;
+ }
+
+ if ( !BER_BVISNULL( &authzID ) ) {
+ if ( !BER_BVISNULL( &authzDN ) ) {
+ fprintf( stderr, "both authzID=\"%s\" "
+ "and authzDN=\"%s\" provided\n",
+ authzID.bv_val, authzDN.bv_val );
+ rc = 1;
+ goto destroy;
+ }
+
+ rc = slap_sasl_getdn( &conn, op, &authzID, NULL,
+ &authzDN, SLAP_GETDN_AUTHZID );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
+ authzID.bv_val, rc,
+ ldap_err2string( rc ) );
+ rc = 1;
+ goto destroy;
+ }
+
+ } else if ( !BER_BVISNULL( &authzDN ) ) {
+ struct berval ndn;
+
+ rc = dnNormalize( 0, NULL, NULL, &authzDN, &ndn, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "autchDN=\"%s\" normalization failed %d (%s)\n",
+ authzDN.bv_val, rc,
+ ldap_err2string( rc ) );
+ rc = 1;
+ goto destroy;
+ }
+ ch_free( authzDN.bv_val );
+ authzDN = ndn;
+ }
+
+
+ if ( !BER_BVISNULL( &authcDN ) ) {
+ fprintf( stderr, "authcDN: \"%s\"\n", authcDN.bv_val );
+ }
+
+ if ( !BER_BVISNULL( &authzDN ) ) {
+ fprintf( stderr, "authzDN: \"%s\"\n", authzDN.bv_val );
+ }
+
+ if ( !BER_BVISNULL( &authzDN ) ) {
+ op->o_dn = authzDN;
+ op->o_ndn = authzDN;
+
+ if ( !BER_BVISNULL( &authcDN ) ) {
+ op->o_conn->c_dn = authcDN;
+ op->o_conn->c_ndn = authcDN;
+
+ } else {
+ op->o_conn->c_dn = authzDN;
+ op->o_conn->c_ndn = authzDN;
+ }
+
+ } else if ( !BER_BVISNULL( &authcDN ) ) {
+ op->o_conn->c_dn = authcDN;
+ op->o_conn->c_ndn = authcDN;
+ op->o_dn = authcDN;
+ op->o_ndn = authcDN;
+ }
+
+ assert( !BER_BVISNULL( &baseDN ) );
+ rc = dnPrettyNormal( NULL, &baseDN, &e.e_name, &e.e_nname, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "base=\"%s\" normalization failed %d (%s)\n",
+ baseDN.bv_val, rc,
+ ldap_err2string( rc ) );
+ rc = 1;
+ goto destroy;
+ }
+
+ op->o_bd = be;
+ if ( op->o_bd == NULL ) {
+ /* NOTE: if no database could be found (e.g. because
+ * accessing the rootDSE or so), use the frontendDB
+ * rules; might need work */
+ op->o_bd = frontendDB;
+ }
+
+ if ( !dryrun ) {
+ ID id;
+
+ if ( be == NULL ) {
+ fprintf( stderr, "%s: no target database "
+ "has been found for baseDN=\"%s\"; "
+ "you may try with \"-u\" (dry run).\n",
+ baseDN.bv_val, progname );
+ rc = 1;
+ goto destroy;
+ }
+
+ if ( !be->be_entry_open ||
+ !be->be_entry_close ||
+ !be->be_dn2id_get ||
+ !be->be_id2entry_get )
+ {
+ fprintf( stderr, "%s: target database "
+ "doesn't support necessary operations; "
+ "you may try with \"-u\" (dry run).\n",
+ progname );
+ rc = 1;
+ goto destroy;
+ }
+
+ if ( be->be_entry_open( be, 0 ) != 0 ) {
+ fprintf( stderr, "%s: could not open database.\n",
+ progname );
+ rc = 1;
+ goto destroy;
+ }
+
+ doclose = 1;
+
+ id = be->be_dn2id_get( be, &e.e_nname );
+ if ( id == NOID ) {
+ fprintf( stderr, "%s: unable to fetch ID of DN \"%s\"\n",
+ progname, e.e_nname.bv_val );
+ rc = 1;
+ goto destroy;
+ }
+ if ( be->be_id2entry_get( be, id, &ep ) != 0 ) {
+ fprintf( stderr, "%s: unable to fetch entry \"%s\" (%lu)\n",
+ progname, e.e_nname.bv_val, id );
+ rc = 1;
+ goto destroy;
+
+ }
+
+ if ( argc == 0 ) {
+ Attribute *a;
+
+ (void)print_access( op, ep, slap_schema.si_ad_entry, NULL, NULL );
+ (void)print_access( op, ep, slap_schema.si_ad_children, NULL, NULL );
+
+ for ( a = ep->e_attrs; a; a = a->a_next ) {
+ int i;
+
+ for ( i = 0; !BER_BVISNULL( &a->a_nvals[ i ] ); i++ ) {
+ (void)print_access( op, ep, a->a_desc,
+ &a->a_vals[ i ],
+ &a->a_nvals[ i ] );
+ }
+ }
+ }
+ }
+
+ for ( ; argc--; argv++ ) {
+ slap_mask_t mask;
+ AttributeDescription *desc = NULL;
+ struct berval val = BER_BVNULL,
+ *valp = NULL;
+ const char *text;
+ char accessmaskbuf[ACCESSMASK_MAXLEN];
+ char *accessstr;
+ slap_access_t access = ACL_AUTH;
+
+ if ( attr == NULL ) {
+ attr = argv[ 0 ];
+ }
+
+ val.bv_val = strchr( attr, ':' );
+ if ( val.bv_val != NULL ) {
+ val.bv_val[0] = '\0';
+ val.bv_val++;
+ val.bv_len = strlen( val.bv_val );
+ valp = &val;
+ }
+
+ accessstr = strchr( attr, '/' );
+ if ( accessstr != NULL ) {
+ accessstr[0] = '\0';
+ accessstr++;
+ access = str2access( accessstr );
+ if ( access == ACL_INVALID_ACCESS ) {
+ fprintf( stderr, "unknown access \"%s\" for attribute \"%s\"\n",
+ accessstr, attr );
+ if ( continuemode ) {
+ continue;
+ }
+ break;
+ }
+ }
+
+ rc = slap_str2ad( attr, &desc, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "slap_str2ad(%s) failed %d (%s)\n",
+ attr, rc, ldap_err2string( rc ) );
+ if ( continuemode ) {
+ continue;
+ }
+ break;
+ }
+
+ rc = access_allowed_mask( op, ep, desc, valp, access,
+ NULL, &mask );
+
+ if ( accessstr ) {
+ fprintf( stderr, "%s access to %s%s%s: %s\n",
+ accessstr,
+ desc->ad_cname.bv_val,
+ val.bv_val ? "=" : "",
+ val.bv_val ? val.bv_val : "",
+ rc ? "ALLOWED" : "DENIED" );
+
+ } else {
+ fprintf( stderr, "%s%s%s: %s\n",
+ desc->ad_cname.bv_val,
+ val.bv_val ? "=" : "",
+ val.bv_val ? val.bv_val : "",
+ accessmask2str( mask, accessmaskbuf, 1 ) );
+ }
+ rc = 0;
+ attr = NULL;
+ }
+
+destroy:;
+ if ( !BER_BVISNULL( &e.e_name ) ) {
+ ber_memfree( e.e_name.bv_val );
+ }
+ if ( !BER_BVISNULL( &e.e_nname ) ) {
+ ber_memfree( e.e_nname.bv_val );
+ }
+ if ( !dryrun && be ) {
+ if ( ep != &e ) {
+ be_entry_release_r( op, ep );
+ }
+ if ( doclose ) {
+ be->be_entry_close( be );
+ }
+
+ LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) {
+ if ( bd != be ) {
+ backend_shutdown( bd );
+ }
+ }
+ }
+
+ slap_tool_destroy();
+
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapadd.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapadd.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapadd.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,389 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapadd.c,v 1.11.2.14 2007/01/02 21:43:58 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * Portions Copyright 2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Kurt Zeilenga for inclusion
+ * in OpenLDAP Software. Additional signficant contributors include
+ * Jong Hyuk Choi
+ * Pierangelo Masarati
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/unistd.h>
+
+#include <lber.h>
+#include <ldif.h>
+#include <lutil.h>
+
+#include "slapcommon.h"
+
+static char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
+static char maxcsnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
+
+int
+slapadd( int argc, char **argv )
+{
+ char *buf = NULL;
+ const char *text;
+ char textbuf[SLAP_TEXT_BUFLEN] = { '\0' };
+ size_t textlen = sizeof textbuf;
+ const char *progname = "slapadd";
+
+ struct berval csn;
+ struct berval maxcsn;
+ struct berval bvtext;
+ Attribute *attr;
+ Entry *ctxcsn_e;
+ ID ctxcsn_id, id;
+ OperationBuffer opbuf;
+ Operation *op;
+
+ int match;
+ int ret;
+ int checkvals;
+ int lineno;
+ int lmax;
+ int rc = EXIT_SUCCESS;
+ int manage = 0;
+
+ slap_tool_init( progname, SLAPADD, argc, argv );
+
+ memset( &opbuf, 0, sizeof(opbuf) );
+ op = (Operation *) &opbuf;
+
+ if( !be->be_entry_open ||
+ !be->be_entry_close ||
+ !be->be_entry_put ||
+ (update_ctxcsn &&
+ (!be->be_dn2id_get ||
+ !be->be_id2entry_get ||
+ !be->be_entry_modify)) )
+ {
+ fprintf( stderr, "%s: database doesn't support necessary operations.\n",
+ progname );
+ if ( dryrun ) {
+ fprintf( stderr, "\t(dry) continuing...\n" );
+
+ } else {
+ exit( EXIT_FAILURE );
+ }
+ }
+
+ checkvals = (slapMode & SLAP_TOOL_QUICK) ? 0 : 1;
+
+ lmax = 0;
+ lineno = 0;
+
+ if( !dryrun && be->be_entry_open( be, 1 ) != 0 ) {
+ fprintf( stderr, "%s: could not open database.\n",
+ progname );
+ exit( EXIT_FAILURE );
+ }
+
+ if ( update_ctxcsn ) {
+ maxcsn.bv_val = maxcsnbuf;
+ maxcsn.bv_len = 0;
+ }
+
+ while( ldif_read_record( ldiffp, &lineno, &buf, &lmax ) ) {
+ Entry *e = str2entry2( buf, checkvals );
+
+ /*
+ * Initialize text buffer
+ */
+ bvtext.bv_len = textlen;
+ bvtext.bv_val = textbuf;
+ bvtext.bv_val[0] = '\0';
+
+ if( e == NULL ) {
+ fprintf( stderr, "%s: could not parse entry (line=%d)\n",
+ progname, lineno );
+ rc = EXIT_FAILURE;
+ if( continuemode ) continue;
+ break;
+ }
+
+ /* make sure the DN is not empty */
+ if( BER_BVISEMPTY( &e->e_nname ) &&
+ !BER_BVISEMPTY( be->be_nsuffix )) {
+ fprintf( stderr, "%s: empty dn=\"%s\" (line=%d)\n",
+ progname, e->e_dn, lineno );
+ rc = EXIT_FAILURE;
+ entry_free( e );
+ if( continuemode ) continue;
+ break;
+ }
+
+ /* check backend */
+ if( select_backend( &e->e_nname, is_entry_referral(e), nosubordinates )
+ != be )
+ {
+ fprintf( stderr, "%s: line %d: "
+ "database (%s) not configured to hold \"%s\"\n",
+ progname, lineno,
+ be ? be->be_suffix[0].bv_val : "<none>",
+ e->e_dn );
+ fprintf( stderr, "%s: line %d: "
+ "database (%s) not configured to hold \"%s\"\n",
+ progname, lineno,
+ be ? be->be_nsuffix[0].bv_val : "<none>",
+ e->e_ndn );
+ rc = EXIT_FAILURE;
+ entry_free( e );
+ if( continuemode ) continue;
+ break;
+ }
+
+ {
+ Attribute *sc = attr_find( e->e_attrs,
+ slap_schema.si_ad_structuralObjectClass );
+ Attribute *oc = attr_find( e->e_attrs,
+ slap_schema.si_ad_objectClass );
+
+ if( oc == NULL ) {
+ fprintf( stderr, "%s: dn=\"%s\" (line=%d): %s\n",
+ progname, e->e_dn, lineno,
+ "no objectClass attribute");
+ rc = EXIT_FAILURE;
+ entry_free( e );
+ if( continuemode ) continue;
+ break;
+ }
+
+ if( sc == NULL ) {
+ struct berval val;
+
+ rc = structural_class( oc->a_vals, &val,
+ NULL, &text, textbuf, textlen );
+
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: dn=\"%s\" (line=%d): (%d) %s\n",
+ progname, e->e_dn, lineno, rc, text );
+ rc = EXIT_FAILURE;
+ entry_free( e );
+ if( continuemode ) continue;
+ break;
+ }
+
+ attr_merge_one( e, slap_schema.si_ad_structuralObjectClass,
+ &val, NULL );
+ }
+
+ /* check schema */
+ op->o_bd = be;
+
+ if ( (slapMode & SLAP_TOOL_NO_SCHEMA_CHECK) == 0) {
+ rc = entry_schema_check( op, e, NULL, manage,
+ &text, textbuf, textlen );
+
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: dn=\"%s\" (line=%d): (%d) %s\n",
+ progname, e->e_dn, lineno, rc, text );
+ rc = EXIT_FAILURE;
+ entry_free( e );
+ if( continuemode ) continue;
+ break;
+ }
+ }
+ }
+
+ if ( SLAP_LASTMOD(be) ) {
+ time_t now = slap_get_time();
+ char uuidbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
+ struct berval vals[ 2 ];
+
+ struct berval name, timestamp;
+
+ struct berval nvals[ 2 ];
+ struct berval nname;
+ char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+
+ vals[1].bv_len = 0;
+ vals[1].bv_val = NULL;
+
+ nvals[1].bv_len = 0;
+ nvals[1].bv_val = NULL;
+
+ csn.bv_len = lutil_csnstr( csnbuf, sizeof( csnbuf ), 0, 0 );
+ csn.bv_val = csnbuf;
+
+ timestamp.bv_val = timebuf;
+ timestamp.bv_len = sizeof(timebuf);
+
+ slap_timestamp( &now, ×tamp );
+
+ if ( BER_BVISEMPTY( &be->be_rootndn ) ) {
+ BER_BVSTR( &name, SLAPD_ANONYMOUS );
+ nname = name;
+ } else {
+ name = be->be_rootdn;
+ nname = be->be_rootndn;
+ }
+
+ if( attr_find( e->e_attrs, slap_schema.si_ad_entryUUID )
+ == NULL )
+ {
+ vals[0].bv_len = lutil_uuidstr( uuidbuf, sizeof( uuidbuf ) );
+ vals[0].bv_val = uuidbuf;
+ attr_merge_normalize_one( e, slap_schema.si_ad_entryUUID, vals, NULL );
+ }
+
+ if( attr_find( e->e_attrs, slap_schema.si_ad_creatorsName )
+ == NULL )
+ {
+ vals[0] = name;
+ nvals[0] = nname;
+ attr_merge( e, slap_schema.si_ad_creatorsName, vals, nvals );
+ }
+
+ if( attr_find( e->e_attrs, slap_schema.si_ad_modifiersName )
+ == NULL )
+ {
+ vals[0] = name;
+ nvals[0] = nname;
+ attr_merge( e, slap_schema.si_ad_modifiersName, vals, nvals );
+ }
+
+ if( attr_find( e->e_attrs, slap_schema.si_ad_createTimestamp )
+ == NULL )
+ {
+ vals[0] = timestamp;
+ attr_merge( e, slap_schema.si_ad_createTimestamp, vals, NULL );
+ }
+
+ if( attr_find( e->e_attrs, slap_schema.si_ad_modifyTimestamp )
+ == NULL )
+ {
+ vals[0] = timestamp;
+ attr_merge( e, slap_schema.si_ad_modifyTimestamp, vals, NULL );
+ }
+
+ if( attr_find( e->e_attrs, slap_schema.si_ad_entryCSN )
+ == NULL )
+ {
+ vals[0] = csn;
+ attr_merge( e, slap_schema.si_ad_entryCSN, vals, NULL );
+ }
+
+ if ( update_ctxcsn ) {
+ attr = attr_find( e->e_attrs, slap_schema.si_ad_entryCSN );
+ if ( maxcsn.bv_len != 0 ) {
+ match = 0;
+ value_match( &match, slap_schema.si_ad_entryCSN,
+ slap_schema.si_ad_entryCSN->ad_type->sat_ordering,
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ &maxcsn, &attr->a_nvals[0], &text );
+ } else {
+ match = -1;
+ }
+ if ( match < 0 ) {
+ strcpy( maxcsn.bv_val, attr->a_nvals[0].bv_val );
+ maxcsn.bv_len = attr->a_nvals[0].bv_len;
+ }
+ }
+ }
+
+ if ( !dryrun ) {
+ id = be->be_entry_put( be, e, &bvtext );
+ if( id == NOID ) {
+ fprintf( stderr, "%s: could not add entry dn=\"%s\" "
+ "(line=%d): %s\n", progname, e->e_dn,
+ lineno, bvtext.bv_val );
+ rc = EXIT_FAILURE;
+ entry_free( e );
+ if( continuemode ) continue;
+ break;
+ }
+ if ( verbose )
+ fprintf( stderr, "added: \"%s\" (%08lx)\n",
+ e->e_dn, (long) id );
+ } else {
+ if ( verbose )
+ fprintf( stderr, "added: \"%s\"\n",
+ e->e_dn );
+ }
+
+ entry_free( e );
+ }
+
+ bvtext.bv_len = textlen;
+ bvtext.bv_val = textbuf;
+ bvtext.bv_val[0] = '\0';
+
+ if ( rc == EXIT_SUCCESS && update_ctxcsn && !dryrun && maxcsn.bv_len ) {
+ ctxcsn_id = be->be_dn2id_get( be, be->be_nsuffix );
+ if ( ctxcsn_id == NOID ) {
+ fprintf( stderr, "%s: context entry is missing\n", progname );
+ rc = EXIT_FAILURE;
+ } else {
+ ret = be->be_id2entry_get( be, ctxcsn_id, &ctxcsn_e );
+ if ( ret == LDAP_SUCCESS ) {
+ attr = attr_find( ctxcsn_e->e_attrs,
+ slap_schema.si_ad_contextCSN );
+ if ( attr ) {
+ value_match( &match, slap_schema.si_ad_entryCSN,
+ slap_schema.si_ad_entryCSN->ad_type->sat_ordering,
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ &maxcsn, &attr->a_nvals[0], &text );
+ if ( match > 0 ) {
+ AC_MEMCPY( attr->a_vals[0].bv_val, maxcsn.bv_val, maxcsn.bv_len );
+ attr->a_vals[0].bv_val[maxcsn.bv_len] = '\0';
+ attr->a_vals[0].bv_len = maxcsn.bv_len;
+ }
+ } else {
+ match = 1;
+ attr_merge_one( ctxcsn_e, slap_schema.si_ad_contextCSN, &maxcsn, NULL );
+ }
+ if ( match > 0 ) {
+ ctxcsn_id = be->be_entry_modify( be, ctxcsn_e, &bvtext );
+ if( ctxcsn_id == NOID ) {
+ fprintf( stderr, "%s: could not modify ctxcsn\n",
+ progname);
+ rc = EXIT_FAILURE;
+ } else if ( verbose ) {
+ fprintf( stderr, "modified: \"%s\" (%08lx)\n",
+ ctxcsn_e->e_dn, (long) ctxcsn_id );
+ }
+ }
+ }
+ }
+ }
+
+ ch_free( buf );
+
+ if ( !dryrun ) {
+ if( be->be_entry_close( be ) ) {
+ rc = EXIT_FAILURE;
+ }
+
+ if( be->be_sync ) {
+ be->be_sync( be );
+ }
+ }
+
+ slap_tool_destroy();
+
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapauth.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapauth.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapauth.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,173 @@
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/unistd.h>
+
+#include <lber.h>
+#include <ldif.h>
+#include <lutil.h>
+
+#include "slapcommon.h"
+
+static int
+do_check( Connection *c, Operation *op, struct berval *id )
+{
+ struct berval authcdn;
+ int rc;
+
+ rc = slap_sasl_getdn( c, op, id, realm, &authcdn, SLAP_GETDN_AUTHCID );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
+ id->bv_val, rc,
+ ldap_err2string( rc ) );
+ rc = 1;
+
+ } else {
+ if ( !BER_BVISNULL( &authzID ) ) {
+ rc = slap_sasl_authorized( op, &authcdn, &authzID );
+
+ fprintf( stderr,
+ "ID: <%s>\n"
+ "authcDN: <%s>\n"
+ "authzDN: <%s>\n"
+ "authorization %s\n",
+ id->bv_val,
+ authcdn.bv_val,
+ authzID.bv_val,
+ rc == LDAP_SUCCESS ? "OK" : "failed" );
+
+ } else {
+ fprintf( stderr, "ID: <%s> check succeeded\n"
+ "authcID: <%s>\n",
+ id->bv_val,
+ authcdn.bv_val );
+ op->o_tmpfree( authcdn.bv_val, op->o_tmpmemctx );
+ }
+ rc = 0;
+ }
+
+ return rc;
+}
+
+int
+slapauth( int argc, char **argv )
+{
+ int rc = EXIT_SUCCESS;
+ const char *progname = "slapauth";
+ Connection conn = {0};
+ OperationBuffer opbuf;
+ Operation *op;
+
+ slap_tool_init( progname, SLAPAUTH, argc, argv );
+
+ argv = &argv[ optind ];
+ argc -= optind;
+
+ op = (Operation *) &opbuf;
+ connection_fake_init( &conn, op, &conn );
+
+ conn.c_sasl_bind_mech = mech;
+
+ if ( !BER_BVISNULL( &authzID ) ) {
+ struct berval authzdn;
+
+ rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
+ SLAP_GETDN_AUTHZID );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
+ authzID.bv_val, rc,
+ ldap_err2string( rc ) );
+ rc = 1;
+ BER_BVZERO( &authzID );
+ goto destroy;
+ }
+
+ authzID = authzdn;
+ }
+
+
+ if ( !BER_BVISNULL( &authcID ) ) {
+ if ( !BER_BVISNULL( &authzID ) || argc == 0 ) {
+ rc = do_check( &conn, op, &authcID );
+ goto destroy;
+ }
+
+ for ( ; argc--; argv++ ) {
+ struct berval authzdn;
+
+ ber_str2bv( argv[ 0 ], 0, 0, &authzID );
+
+ rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
+ SLAP_GETDN_AUTHZID );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
+ authzID.bv_val, rc,
+ ldap_err2string( rc ) );
+ rc = -1;
+ BER_BVZERO( &authzID );
+ if ( !continuemode ) {
+ goto destroy;
+ }
+ }
+
+ authzID = authzdn;
+
+ rc = do_check( &conn, op, &authcID );
+
+ op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &authzID );
+
+ if ( rc && !continuemode ) {
+ goto destroy;
+ }
+ }
+
+ goto destroy;
+ }
+
+ for ( ; argc--; argv++ ) {
+ struct berval id;
+
+ ber_str2bv( argv[ 0 ], 0, 0, &id );
+
+ rc = do_check( &conn, op, &id );
+
+ if ( rc && !continuemode ) {
+ goto destroy;
+ }
+ }
+
+destroy:;
+ if ( !BER_BVISNULL( &authzID ) ) {
+ op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
+ }
+ slap_tool_destroy();
+
+ return rc;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapcat.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapcat.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapcat.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,134 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapcat.c,v 1.2.2.5 2007/01/02 21:43:58 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * Portions Copyright 2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Kurt Zeilenga for inclusion
+ * in OpenLDAP Software. Additional signficant contributors include
+ * Jong Hyuk Choi
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/ctype.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slapcommon.h"
+#include "ldif.h"
+
+static int gotsig;
+
+static RETSIGTYPE
+slapcat_sig( int sig )
+{
+ gotsig=1;
+}
+
+int
+slapcat( int argc, char **argv )
+{
+ ID id;
+ int rc = EXIT_SUCCESS;
+ Operation op = {0};
+ const char *progname = "slapcat";
+
+ slap_tool_init( progname, SLAPCAT, argc, argv );
+
+#ifdef SIGPIPE
+ (void) SIGNAL( SIGPIPE, slapcat_sig );
+#endif
+#ifdef SIGHUP
+ (void) SIGNAL( SIGHUP, slapcat_sig );
+#endif
+ (void) SIGNAL( SIGINT, slapcat_sig );
+ (void) SIGNAL( SIGTERM, slapcat_sig );
+
+ if( !be->be_entry_open ||
+ !be->be_entry_close ||
+ !be->be_entry_first ||
+ !be->be_entry_next ||
+ !be->be_entry_get )
+ {
+ fprintf( stderr, "%s: database doesn't support necessary operations.\n",
+ progname );
+ exit( EXIT_FAILURE );
+ }
+
+ if( be->be_entry_open( be, 0 ) != 0 ) {
+ fprintf( stderr, "%s: could not open database.\n",
+ progname );
+ exit( EXIT_FAILURE );
+ }
+
+ op.o_bd = be;
+ for ( id = be->be_entry_first( be );
+ id != NOID;
+ id = be->be_entry_next( be ) )
+ {
+ char *data;
+ int len;
+ Entry* e;
+
+ if ( gotsig )
+ break;
+
+ e = be->be_entry_get( be, id );
+ if ( e == NULL ) {
+ printf("# no data for entry id=%08lx\n\n", (long) id );
+ rc = EXIT_FAILURE;
+ if( continuemode ) continue;
+ break;
+ }
+
+ if( sub_ndn.bv_len && !dnIsSuffix( &e->e_nname, &sub_ndn ) ) {
+ be_entry_release_r( &op, e );
+ continue;
+ }
+
+ if( filter != NULL ) {
+ int rc = test_filter( NULL, e, filter );
+ if( rc != LDAP_COMPARE_TRUE ) {
+ be_entry_release_r( &op, e );
+ continue;
+ }
+ }
+
+ if( verbose ) {
+ printf( "# id=%08lx\n", (long) id );
+ }
+
+ data = entry2str( e, &len );
+ be_entry_release_r( &op, e );
+
+ if ( data == NULL ) {
+ printf("# bad data for entry id=%08lx\n\n", (long) id );
+ rc = EXIT_FAILURE;
+ if( continuemode ) continue;
+ break;
+ }
+
+ fputs( data, ldiffp->fp );
+ fputs( "\n", ldiffp->fp );
+ }
+
+ be->be_entry_close( be );
+
+ slap_tool_destroy();
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapcommon.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapcommon.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapcommon.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,688 @@
+/* slapcommon.c - common routine for the slap tools */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapcommon.c,v 1.23.2.24 2007/01/02 21:43:58 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * Portions Copyright 2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Kurt Zeilenga for inclusion
+ * in OpenLDAP Software. Additional signficant contributors include
+ * Jong Hyuk Choi
+ * Hallvard B. Furuseth
+ * Howard Chu
+ * Pierangelo Masarati
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/unistd.h>
+
+#include "slapcommon.h"
+#include "lutil.h"
+#include "ldif.h"
+
+tool_vars tool_globals;
+
+#ifdef CSRIMALLOC
+static char *leakfilename;
+static FILE *leakfile;
+#endif
+
+static LDIFFP dummy;
+
+static void
+usage( int tool, const char *progname )
+{
+ char *options = NULL;
+ fprintf( stderr,
+ "usage: %s [-v] [-d debuglevel] [-f configfile] [-F configdir]",
+ progname );
+
+ switch( tool ) {
+ case SLAPACL:
+ options = "\n\t[-U authcID | -D authcDN] [-X authzID | -o authzDN=<DN>]"
+ "\n\t-b DN -o <var>[=<val>] [-u] [attr[/access][:value]] [...]\n";
+ break;
+
+ case SLAPADD:
+ options = " [-c]\n\t[-g] [-n databasenumber | -b suffix]\n"
+ "\t[-l ldiffile] [-q] [-u] [-s] [-w]\n";
+ break;
+
+ case SLAPAUTH:
+ options = "\n\t[-U authcID] [-X authzID] [-R realm] [-M mech] ID [...]\n";
+ break;
+
+ case SLAPCAT:
+ options = " [-c]\n\t[-g] [-n databasenumber | -b suffix]"
+ " [-l ldiffile] [-a filter]\n";
+ break;
+
+ case SLAPDN:
+ options = "\n\t[-N | -P] DN [...]\n";
+ break;
+
+ case SLAPINDEX:
+ options = " [-c]\n\t[-g] [-n databasenumber | -b suffix] [-q]\n";
+ break;
+
+ case SLAPTEST:
+ options = " [-u]\n";
+ break;
+ }
+
+ if ( options != NULL ) {
+ fputs( options, stderr );
+ }
+ exit( EXIT_FAILURE );
+}
+
+static int
+parse_slapacl( void )
+{
+ size_t len;
+ char *p;
+
+ p = strchr( optarg, '=' );
+ if ( p == NULL ) {
+ return -1;
+ }
+
+ len = p - optarg;
+ p++;
+
+ if ( strncasecmp( optarg, "sockurl", len ) == 0 ) {
+ if ( !BER_BVISNULL( &listener_url ) ) {
+ ber_memfree( listener_url.bv_val );
+ }
+ ber_str2bv( p, 0, 1, &listener_url );
+
+ } else if ( strncasecmp( optarg, "domain", len ) == 0 ) {
+ if ( !BER_BVISNULL( &peer_domain ) ) {
+ ber_memfree( peer_domain.bv_val );
+ }
+ ber_str2bv( p, 0, 1, &peer_domain );
+
+ } else if ( strncasecmp( optarg, "peername", len ) == 0 ) {
+ if ( !BER_BVISNULL( &peer_name ) ) {
+ ber_memfree( peer_name.bv_val );
+ }
+ ber_str2bv( p, 0, 1, &peer_name );
+
+ } else if ( strncasecmp( optarg, "sockname", len ) == 0 ) {
+ if ( !BER_BVISNULL( &sock_name ) ) {
+ ber_memfree( sock_name.bv_val );
+ }
+ ber_str2bv( p, 0, 1, &sock_name );
+
+ } else if ( strncasecmp( optarg, "ssf", len ) == 0 ) {
+ if ( lutil_atou( &ssf, p ) ) {
+ Debug( LDAP_DEBUG_ANY, "unable to parse ssf=\"%s\".\n", p, 0, 0 );
+ return -1;
+ }
+
+ } else if ( strncasecmp( optarg, "transport_ssf", len ) == 0 ) {
+ if ( lutil_atou( &transport_ssf, p ) ) {
+ Debug( LDAP_DEBUG_ANY, "unable to parse transport_ssf=\"%s\".\n", p, 0, 0 );
+ return -1;
+ }
+
+ } else if ( strncasecmp( optarg, "tls_ssf", len ) == 0 ) {
+ if ( lutil_atou( &tls_ssf, p ) ) {
+ Debug( LDAP_DEBUG_ANY, "unable to parse tls_ssf=\"%s\".\n", p, 0, 0 );
+ return -1;
+ }
+
+ } else if ( strncasecmp( optarg, "sasl_ssf", len ) == 0 ) {
+ if ( lutil_atou( &sasl_ssf, p ) ) {
+ Debug( LDAP_DEBUG_ANY, "unable to parse sasl_ssf=\"%s\".\n", p, 0, 0 );
+ return -1;
+ }
+
+ } else if ( strncasecmp( optarg, "authzDN", len ) == 0 ) {
+ ber_str2bv( p, 0, 1, &authzDN );
+
+ } else {
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * slap_tool_init - initialize slap utility, handle program options.
+ * arguments:
+ * name program name
+ * tool tool code
+ * argc, argv command line arguments
+ */
+
+static int need_shutdown;
+
+void
+slap_tool_init(
+ const char* progname,
+ int tool,
+ int argc, char **argv )
+{
+ char *options;
+ char *conffile = NULL;
+ char *confdir = NULL;
+ struct berval base = BER_BVNULL;
+ char *filterstr = NULL;
+ char *subtree = NULL;
+ char *ldiffile = NULL;
+ char **debug_unknowns = NULL;
+ int rc, i, dbnum;
+ int mode = SLAP_TOOL_MODE;
+ int truncatemode = 0;
+ int use_glue = 1;
+
+#ifdef LDAP_DEBUG
+ /* tools default to "none", so that at least LDAP_DEBUG_ANY
+ * messages show up; use -d 0 to reset */
+ slap_debug = LDAP_DEBUG_NONE;
+#endif
+
+#ifdef CSRIMALLOC
+ leakfilename = malloc( strlen( progname ) + STRLENOF( ".leak" ) + 1 );
+ sprintf( leakfilename, "%s.leak", progname );
+ if( ( leakfile = fopen( leakfilename, "w" )) == NULL ) {
+ leakfile = stderr;
+ }
+ free( leakfilename );
+#endif
+
+ switch( tool ) {
+ case SLAPADD:
+ options = "b:cd:f:F:gl:n:qstuvw";
+ break;
+
+ case SLAPCAT:
+ options = "a:b:cd:f:F:gl:n:s:v";
+ mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
+ break;
+
+ case SLAPDN:
+ options = "d:f:F:NPv";
+ mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
+ break;
+
+ case SLAPTEST:
+ options = "d:f:F:uv";
+ mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
+ break;
+
+ case SLAPAUTH:
+ options = "d:f:F:M:R:U:vX:";
+ mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
+ break;
+
+ case SLAPINDEX:
+ options = "b:cd:f:F:gn:qv";
+ mode |= SLAP_TOOL_READMAIN;
+ break;
+
+ case SLAPACL:
+ options = "b:D:d:f:F:o:uU:vX:";
+ mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
+ break;
+
+ default:
+ fprintf( stderr, "%s: unknown tool mode (%d)\n", progname, tool );
+ exit( EXIT_FAILURE );
+ }
+
+ dbnum = -1;
+ while ( (i = getopt( argc, argv, options )) != EOF ) {
+ switch ( i ) {
+ case 'a':
+ filterstr = strdup( optarg );
+ break;
+
+ case 'b':
+ ber_str2bv( optarg, 0, 1, &base );
+ break;
+
+ case 'c': /* enable continue mode */
+ continuemode++;
+ break;
+
+ case 'd': { /* turn on debugging */
+ int level = 0;
+
+ if ( parse_debug_level( optarg, &level, &debug_unknowns ) ) {
+ usage( tool, progname );
+ }
+#ifdef LDAP_DEBUG
+ if ( level == 0 ) {
+ /* allow to reset log level */
+ slap_debug = 0;
+
+ } else {
+ slap_debug |= level;
+ }
+#else
+ if ( level != 0 )
+ fputs( "must compile with LDAP_DEBUG for debugging\n",
+ stderr );
+#endif
+ } break;
+
+ case 'D':
+ ber_str2bv( optarg, 0, 1, &authcDN );
+ break;
+
+ case 'f': /* specify a conf file */
+ conffile = strdup( optarg );
+ break;
+
+ case 'F': /* specify a conf dir */
+ confdir = strdup( optarg );
+ break;
+
+ case 'g': /* disable subordinate glue */
+ use_glue = 0;
+ break;
+
+ case 'l': /* LDIF file */
+ ldiffile = strdup( optarg );
+ break;
+
+ case 'M':
+ ber_str2bv( optarg, 0, 0, &mech );
+ break;
+
+ case 'N':
+ if ( dn_mode && dn_mode != SLAP_TOOL_LDAPDN_NORMAL ) {
+ usage( tool, progname );
+ }
+ dn_mode = SLAP_TOOL_LDAPDN_NORMAL;
+ break;
+
+ case 'n': /* which config file db to index */
+ if ( lutil_atoi( &dbnum, optarg ) ) {
+ usage( tool, progname );
+ }
+ break;
+
+ case 'o':
+ if ( parse_slapacl() ) {
+ usage( tool, progname );
+ }
+ break;
+
+ case 'P':
+ if ( dn_mode && dn_mode != SLAP_TOOL_LDAPDN_PRETTY ) {
+ usage( tool, progname );
+ }
+ dn_mode = SLAP_TOOL_LDAPDN_PRETTY;
+ break;
+
+ case 'q': /* turn on quick */
+ mode |= SLAP_TOOL_QUICK;
+ break;
+
+ case 'R':
+ realm = optarg;
+ break;
+
+ case 's': /* dump subtree */
+ if ( tool == SLAPADD )
+ mode |= SLAP_TOOL_NO_SCHEMA_CHECK;
+ else if ( tool == SLAPCAT )
+ subtree = strdup( optarg );
+ break;
+
+ case 't': /* turn on truncate */
+ truncatemode++;
+ mode |= SLAP_TRUNCATE_MODE;
+ break;
+
+ case 'U':
+ ber_str2bv( optarg, 0, 0, &authcID );
+ break;
+
+ case 'u': /* dry run */
+ dryrun++;
+ break;
+
+ case 'v': /* turn on verbose */
+ verbose++;
+ break;
+
+ case 'w': /* write context csn at the end */
+ update_ctxcsn++;
+ break;
+
+ case 'X':
+ ber_str2bv( optarg, 0, 0, &authzID );
+ break;
+
+ default:
+ usage( tool, progname );
+ break;
+ }
+ }
+
+ switch ( tool ) {
+ case SLAPADD:
+ case SLAPCAT:
+ case SLAPINDEX:
+ if ( ( argc != optind ) || (dbnum >= 0 && base.bv_val != NULL ) ) {
+ usage( tool, progname );
+ }
+
+ break;
+
+ case SLAPDN:
+ if ( argc == optind ) {
+ usage( tool, progname );
+ }
+ break;
+
+ case SLAPAUTH:
+ if ( argc == optind && BER_BVISNULL( &authcID ) ) {
+ usage( tool, progname );
+ }
+ break;
+
+ case SLAPTEST:
+ if ( argc != optind ) {
+ usage( tool, progname );
+ }
+ break;
+
+ case SLAPACL:
+ if ( !BER_BVISNULL( &authcDN ) && !BER_BVISNULL( &authcID ) ) {
+ usage( tool, progname );
+ }
+ if ( BER_BVISNULL( &base ) ) {
+ usage( tool, progname );
+ }
+ ber_dupbv( &baseDN, &base );
+ break;
+
+ default:
+ break;
+ }
+
+ ldap_syslog = 0;
+
+ if ( ldiffile == NULL ) {
+ dummy.fp = tool == SLAPCAT ? stdout : stdin;
+ ldiffp = &dummy;
+
+ } else if ((ldiffp = ldif_open( ldiffile, tool == SLAPCAT ? "w" : "r" ))
+ == NULL )
+ {
+ perror( ldiffile );
+ exit( EXIT_FAILURE );
+ }
+
+ /*
+ * initialize stuff and figure out which backend we're dealing with
+ */
+
+ rc = slap_init( mode, progname );
+ if ( rc != 0 ) {
+ fprintf( stderr, "%s: slap_init failed!\n", progname );
+ exit( EXIT_FAILURE );
+ }
+
+ rc = read_config( conffile, confdir );
+
+ if ( rc != 0 ) {
+ fprintf( stderr, "%s: bad configuration %s!\n",
+ progname, confdir ? "directory" : "file" );
+ exit( EXIT_FAILURE );
+ }
+
+ if ( debug_unknowns ) {
+ rc = parse_debug_unknowns( debug_unknowns, &slap_debug );
+ ldap_charray_free( debug_unknowns );
+ debug_unknowns = NULL;
+ if ( rc )
+ exit( EXIT_FAILURE );
+ }
+
+ at_oc_cache = 1;
+
+ switch ( tool ) {
+ case SLAPADD:
+ case SLAPCAT:
+ case SLAPINDEX:
+ if ( !nbackends ) {
+ fprintf( stderr, "No databases found "
+ "in config file\n" );
+ exit( EXIT_FAILURE );
+ }
+ break;
+
+ default:
+ break;
+ }
+
+ if ( use_glue ) {
+ rc = glue_sub_attach();
+
+ if ( rc != 0 ) {
+ fprintf( stderr,
+ "%s: subordinate configuration error\n", progname );
+ exit( EXIT_FAILURE );
+ }
+ }
+
+ rc = slap_schema_check();
+
+ if ( rc != 0 ) {
+ fprintf( stderr, "%s: slap_schema_prep failed!\n", progname );
+ exit( EXIT_FAILURE );
+ }
+
+ switch ( tool ) {
+ case SLAPDN:
+ case SLAPTEST:
+ case SLAPAUTH:
+ be = NULL;
+ goto startup;
+
+ default:
+ break;
+ }
+
+ if( filterstr ) {
+ filter = str2filter( filterstr );
+
+ if( filter == NULL ) {
+ fprintf( stderr, "Invalid filter '%s'\n", filterstr );
+ exit( EXIT_FAILURE );
+ }
+ }
+
+ if( subtree ) {
+ struct berval val;
+ ber_str2bv( subtree, 0, 0, &val );
+ rc = dnNormalize( 0, NULL, NULL, &val, &sub_ndn, NULL );
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "Invalid subtree DN '%s'\n", subtree );
+ exit( EXIT_FAILURE );
+ }
+
+ if ( BER_BVISNULL( &base ) && dbnum == -1 ) {
+ base = val;
+ } else {
+ free( subtree );
+ }
+ }
+
+ if( base.bv_val != NULL ) {
+ struct berval nbase;
+
+ rc = dnNormalize( 0, NULL, NULL, &base, &nbase, NULL );
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "%s: slap_init invalid suffix (\"%s\")\n",
+ progname, base.bv_val );
+ exit( EXIT_FAILURE );
+ }
+
+ be = select_backend( &nbase, 0, 0 );
+ ber_memfree( nbase.bv_val );
+
+ switch ( tool ) {
+ case SLAPACL:
+ goto startup;
+
+ default:
+ break;
+ }
+
+ if( be == NULL ) {
+ fprintf( stderr, "%s: slap_init no backend for \"%s\"\n",
+ progname, base.bv_val );
+ exit( EXIT_FAILURE );
+ }
+ /* If the named base is a glue master, operate on the
+ * entire context
+ */
+ if ( SLAP_GLUE_INSTANCE( be ) ) {
+ nosubordinates = 1;
+ }
+
+ } else if ( dbnum == -1 ) {
+ /* no suffix and no dbnum specified, just default to
+ * the first available database
+ */
+ if ( nbackends <= 0 ) {
+ fprintf( stderr, "No available databases\n" );
+ exit( EXIT_FAILURE );
+ }
+ LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
+ dbnum++;
+
+ /* db #0 is cn=config, don't select it as a default */
+ if ( dbnum < 1 ) continue;
+
+ if ( SLAP_MONITOR(be))
+ continue;
+
+ /* If just doing the first by default and it is a
+ * glue subordinate, find the master.
+ */
+ if ( SLAP_GLUE_SUBORDINATE(be) ) {
+ nosubordinates = 1;
+ continue;
+ }
+ break;
+ }
+
+ if ( !be ) {
+ fprintf( stderr, "Available database(s) "
+ "do not allow %s\n", progname );
+ exit( EXIT_FAILURE );
+ }
+
+ if ( nosubordinates == 0 && dbnum > 1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "The first database does not allow %s;"
+ " using the first available one (%d)\n",
+ progname, dbnum, 0 );
+ }
+
+ } else if ( dbnum < 0 || dbnum > (nbackends-1) ) {
+ fprintf( stderr,
+ "Database number selected via -n is out of range\n"
+ "Must be in the range 0 to %d"
+ " (number of configured databases)\n",
+ nbackends-1 );
+ exit( EXIT_FAILURE );
+
+ } else {
+ LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
+ if ( dbnum == 0 ) break;
+ dbnum--;
+ }
+ }
+
+startup:;
+
+#ifdef CSRIMALLOC
+ mal_leaktrace(1);
+#endif
+
+ if ( conffile != NULL ) {
+ ch_free( conffile );
+ }
+
+ if ( ldiffile != NULL ) {
+ ch_free( ldiffile );
+ }
+
+ /* slapdn doesn't specify a backend to startup */
+ if ( !dryrun && tool != SLAPDN ) {
+ need_shutdown = 1;
+
+ if ( slap_startup( be ) ) {
+ switch ( tool ) {
+ case SLAPTEST:
+ fprintf( stderr, "slap_startup failed "
+ "(test would succeed using "
+ "the -u switch)\n" );
+ break;
+
+ default:
+ fprintf( stderr, "slap_startup failed\n" );
+ break;
+ }
+
+ exit( EXIT_FAILURE );
+ }
+ }
+}
+
+void slap_tool_destroy( void )
+{
+ if ( !dryrun ) {
+ if ( need_shutdown ) {
+ slap_shutdown( be );
+ }
+ slap_destroy();
+ }
+#ifdef SLAPD_MODULES
+ if ( slapMode == SLAP_SERVER_MODE ) {
+ /* always false. just pulls in necessary symbol references. */
+ lutil_uuidstr(NULL, 0);
+ }
+ module_kill();
+#endif
+ schema_destroy();
+#ifdef HAVE_TLS
+ ldap_pvt_tls_destroy();
+#endif
+ config_destroy();
+
+#ifdef CSRIMALLOC
+ mal_dumpleaktrace( leakfile );
+#endif
+
+ if ( !BER_BVISNULL( &authcDN ) ) {
+ ch_free( authcDN.bv_val );
+ }
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapcommon.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapcommon.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapcommon.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,100 @@
+/* slapcommon.h - common definitions for the slap tools */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapcommon.h,v 1.7.2.5 2007/01/02 21:43:59 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef SLAPCOMMON_H_
+#define SLAPCOMMON_H_ 1
+
+#define SLAPD_TOOLS 1
+#include "slap.h"
+
+enum slaptool {
+ SLAPADD=1, /* LDIF -> database tool */
+ SLAPCAT, /* database -> LDIF tool */
+ SLAPDN, /* DN check w/ syntax tool */
+ SLAPINDEX, /* database index tool */
+ SLAPPASSWD, /* password generation tool */
+ SLAPTEST, /* slapd.conf test tool */
+ SLAPAUTH, /* test authz-regexp and authc/authz stuff */
+ SLAPACL, /* test acl */
+ SLAPLAST
+};
+
+typedef struct tool_vars {
+ Backend *tv_be;
+ int tv_verbose;
+ int tv_update_ctxcsn;
+ int tv_continuemode;
+ int tv_nosubordinates;
+ int tv_dryrun;
+ Filter *tv_filter;
+ struct berval tv_sub_ndn;
+ struct LDIFFP *tv_ldiffp;
+ struct berval tv_baseDN;
+ struct berval tv_authcDN;
+ struct berval tv_authzDN;
+ struct berval tv_authcID;
+ struct berval tv_authzID;
+ struct berval tv_mech;
+ char *tv_realm;
+ struct berval tv_listener_url;
+ struct berval tv_peer_domain;
+ struct berval tv_peer_name;
+ struct berval tv_sock_name;
+ slap_ssf_t tv_ssf;
+ slap_ssf_t tv_transport_ssf;
+ slap_ssf_t tv_tls_ssf;
+ slap_ssf_t tv_sasl_ssf;
+ unsigned tv_dn_mode;
+} tool_vars;
+
+extern tool_vars tool_globals;
+
+#define be tool_globals.tv_be
+#define verbose tool_globals.tv_verbose
+#define update_ctxcsn tool_globals.tv_update_ctxcsn
+#define continuemode tool_globals.tv_continuemode
+#define nosubordinates tool_globals.tv_nosubordinates
+#define dryrun tool_globals.tv_dryrun
+#define filter tool_globals.tv_filter
+#define sub_ndn tool_globals.tv_sub_ndn
+#define ldiffp tool_globals.tv_ldiffp
+#define baseDN tool_globals.tv_baseDN
+#define authcDN tool_globals.tv_authcDN
+#define authzDN tool_globals.tv_authzDN
+#define authcID tool_globals.tv_authcID
+#define authzID tool_globals.tv_authzID
+#define mech tool_globals.tv_mech
+#define realm tool_globals.tv_realm
+#define listener_url tool_globals.tv_listener_url
+#define peer_domain tool_globals.tv_peer_domain
+#define peer_name tool_globals.tv_peer_name
+#define sock_name tool_globals.tv_sock_name
+#define ssf tool_globals.tv_ssf
+#define transport_ssf tool_globals.tv_transport_ssf
+#define tls_ssf tool_globals.tv_tls_ssf
+#define sasl_ssf tool_globals.tv_sasl_ssf
+#define dn_mode tool_globals.tv_dn_mode
+#define SLAP_TOOL_LDAPDN_PRETTY SLAP_LDAPDN_PRETTY
+#define SLAP_TOOL_LDAPDN_NORMAL (SLAP_LDAPDN_PRETTY << 1)
+
+void slap_tool_init LDAP_P((
+ const char* name,
+ int tool,
+ int argc, char **argv ));
+
+void slap_tool_destroy LDAP_P((void));
+
+#endif /* SLAPCOMMON_H_ */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapd.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapd.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapd.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,67 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include %SYSCONFDIR%/schema/core.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral ldap://root.openldap.org
+
+pidfile %LOCALSTATEDIR%/run/slapd.pid
+argsfile %LOCALSTATEDIR%/run/slapd.args
+
+# Load dynamic backend modules:
+# modulepath %MODULEDIR%
+# moduleload back_bdb.la
+# moduleload back_ldap.la
+# moduleload back_ldbm.la
+# moduleload back_passwd.la
+# moduleload back_shell.la
+
+# Sample security restrictions
+# Require integrity protection (prevent hijacking)
+# Require 112-bit (3DES or better) encryption for updates
+# Require 63-bit encryption for simple bind
+# security ssf=1 update_ssf=112 simple_bind=64
+
+# Sample access control policy:
+# Root DSE: allow anyone to read it
+# Subschema (sub)entry DSE: allow anyone to read it
+# Other DSEs:
+# Allow self write access
+# Allow authenticated users read access
+# Allow anonymous users to authenticate
+# Directives needed to implement policy:
+# access to dn.base="" by * read
+# access to dn.base="cn=Subschema" by * read
+# access to *
+# by self write
+# by users read
+# by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn. (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+
+#######################################################################
+# BDB database definitions
+#######################################################################
+
+database bdb
+suffix "dc=my-domain,dc=com"
+rootdn "cn=Manager,dc=my-domain,dc=com"
+# Cleartext passwords, especially for the rootdn, should
+# be avoid. See slappasswd(8) and slapd.conf(5) for details.
+# Use of strong authentication encouraged.
+rootpw secret
+# The database directory MUST exist prior to running slapd AND
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+directory %LOCALSTATEDIR%/openldap-data
+# Indices to maintain
+index objectClass eq
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapdn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapdn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapdn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,91 @@
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/unistd.h>
+
+#include <lber.h>
+#include <ldif.h>
+#include <lutil.h>
+
+#include "slapcommon.h"
+
+int
+slapdn( int argc, char **argv )
+{
+ int rc = 0;
+ const char *progname = "slapdn";
+
+ slap_tool_init( progname, SLAPDN, argc, argv );
+
+ argv = &argv[ optind ];
+ argc -= optind;
+
+ for ( ; argc--; argv++ ) {
+ struct berval dn, pdn, ndn;
+
+ ber_str2bv( argv[ 0 ], 0, 0, &dn );
+
+ rc = dnPrettyNormal( NULL, &dn,
+ &pdn, &ndn, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "DN: <%s> check failed %d (%s)\n",
+ dn.bv_val, rc,
+ ldap_err2string( rc ) );
+ if ( !continuemode ) {
+ rc = -1;
+ break;
+ }
+
+ } else {
+ switch ( dn_mode ) {
+ case SLAP_TOOL_LDAPDN_PRETTY:
+ printf( "%s\n", pdn.bv_val );
+ break;
+
+ case SLAP_TOOL_LDAPDN_NORMAL:
+ printf( "%s\n", ndn.bv_val );
+ break;
+
+ default:
+ printf( "DN: <%s> check succeeded\n"
+ "normalized: <%s>\n"
+ "pretty: <%s>\n",
+ dn.bv_val,
+ ndn.bv_val, pdn.bv_val );
+ break;
+ }
+
+ ch_free( ndn.bv_val );
+ ch_free( pdn.bv_val );
+ }
+ }
+
+ slap_tool_destroy();
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapi/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapi/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapi/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,51 @@
+# Makefile.in for SLAPI
+# $OpenLDAP: pkg/ldap/servers/slapd/slapi/Makefile.in,v 1.13.2.4 2007/01/02 21:44:10 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## Portions Copyright IBM Corp. 1997,2002,2003
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+LIBRARY = libslapi.la
+
+#all-common: $(LIBRARY) $(PROGRAMS)
+# @touch plugin.c slapi_pblock.c slapi_utils.c slapi_ops.c slapi_ext.c
+
+NT_SRCS = nt_err.c
+NT_OBJS = nt_err.lo
+
+LIB_DEFS = -DSLAPI_LIBRARY
+
+SRCS= plugin.c slapi_pblock.c slapi_utils.c printmsg.c slapi_ops.c slapi_dn.c slapi_ext.c slapi_overlay.c \
+ $(@PLAT at _SRCS)
+OBJS= plugin.lo slapi_pblock.lo slapi_utils.lo printmsg.lo slapi_ops.lo slapi_dn.lo slapi_ext.lo slapi_overlay.lo \
+ $(@PLAT at _SRCS)
+
+XSRCS= version.c
+
+LDAP_INCDIR= ../../../include -I.. -I.
+LDAP_LIBDIR= ../../../libraries
+
+XLIBS = $(LIBRARY)
+XXLIBS =
+NT_LINK_LIBS = $(AC_LIBS)
+
+XINCPATH = -I$(srcdir)/.. -I$(srcdir)
+XDEFS = $(MODULES_CPPFLAGS)
+
+BUILD_MOD = @BUILD_SLAPI@
+
+install-local: FORCE
+ if test "$(BUILD_MOD)" = "yes"; then \
+ $(MKDIR) $(DESTDIR)$(libdir); \
+ $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir); \
+ fi
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapi/TODO
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapi/TODO (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapi/TODO 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,16 @@
+- de-IBM SLAPI
+- add a config statement, or redefine the dynamic backend one,
+ "modulepath", to set/modify the load path also for plugins
+ (both plugins and modules use ltdl, so "modulepath" suffices ...)
+- improve slapi logging (use some [v]s[n]printf function)
+- add a config statement to set the log file name, or better
+- use syslog where available?
+- add some plugin monitoring stuff in back-monitor (e.g. a subentry
+ for each plugin with data from struct Slapi_PluginDesc)
+- This is a very tough task: try to implement a sandbox to execute
+ plugins in, trap deadly signals and possibly disable unsafe plugins
+ without crashing slapd (fork from inside thread? trap signals
+ and longjump to next plugin execution? Brrr).
+
+---
+$OpenLDAP: pkg/ldap/servers/slapd/slapi/TODO,v 1.3.2.1 2005/08/09 21:04:09 kurt Exp $
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapi/plugin.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapi/plugin.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapi/plugin.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,740 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/plugin.c,v 1.26.2.5 2007/01/02 21:44:10 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2002-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1997,2002-2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by IBM Corporation for use in
+ * IBM products and subsequently ported to OpenLDAP Software by
+ * Steve Omrani. Additional significant contributors include:
+ * Luke Howard
+ */
+
+#include "portable.h"
+#include <ldap_pvt_thread.h>
+#include <slap.h>
+#include <slapi.h>
+#include <lutil.h>
+
+/*
+ * Note: if ltdl.h is not available, slapi should not be compiled
+ */
+#include <ltdl.h>
+
+static int slapi_int_load_plugin( Slapi_PBlock *, const char *, const char *, int,
+ SLAPI_FUNC *, lt_dlhandle * );
+
+/* pointer to link list of extended objects */
+static ExtendedOp *pGExtendedOps = NULL;
+
+/*********************************************************************
+ * Function Name: plugin_pblock_new
+ *
+ * Description: This routine creates a new Slapi_PBlock structure,
+ * loads in the plugin module and executes the init
+ * function provided by the module.
+ *
+ * Input: type - type of the plugin, such as SASL, database, etc.
+ * path - the loadpath to load the module in
+ * initfunc - name of the plugin function to execute first
+ * argc - number of arguements
+ * argv[] - an array of char pointers point to
+ * the arguments passed in via
+ * the configuration file.
+ *
+ * Output:
+ *
+ * Return Values: a pointer to a newly created Slapi_PBlock structrue or
+ * NULL - function failed
+ *
+ * Messages: None
+ *********************************************************************/
+
+static Slapi_PBlock *
+plugin_pblock_new(
+ int type,
+ int argc,
+ char *argv[] )
+{
+ Slapi_PBlock *pPlugin = NULL;
+ Slapi_PluginDesc *pPluginDesc = NULL;
+ lt_dlhandle hdLoadHandle;
+ int rc;
+ char **av2 = NULL, **ppPluginArgv;
+ char *path = argv[2];
+ char *initfunc = argv[3];
+
+ pPlugin = slapi_pblock_new();
+ if ( pPlugin == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto done;
+ }
+
+ slapi_pblock_set( pPlugin, SLAPI_PLUGIN_TYPE, (void *)&type );
+ slapi_pblock_set( pPlugin, SLAPI_PLUGIN_ARGC, (void *)&argc );
+
+ av2 = ldap_charray_dup( argv );
+ if ( av2 == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto done;
+ }
+
+ if ( argc > 0 ) {
+ ppPluginArgv = &av2[4];
+ } else {
+ ppPluginArgv = NULL;
+ }
+
+ slapi_pblock_set( pPlugin, SLAPI_PLUGIN_ARGV, (void *)ppPluginArgv );
+ slapi_pblock_set( pPlugin, SLAPI_X_CONFIG_ARGV, (void *)av2 );
+
+ rc = slapi_int_load_plugin( pPlugin, path, initfunc, 1, NULL, &hdLoadHandle );
+ if ( rc != 0 ) {
+ goto done;
+ }
+
+ if ( slapi_pblock_get( pPlugin, SLAPI_PLUGIN_DESCRIPTION, (void **)&pPluginDesc ) == 0 &&
+ pPluginDesc != NULL ) {
+ slapi_log_error(SLAPI_LOG_TRACE, "plugin_pblock_new",
+ "Registered plugin %s %s [%s] (%s)\n",
+ pPluginDesc->spd_id,
+ pPluginDesc->spd_version,
+ pPluginDesc->spd_vendor,
+ pPluginDesc->spd_description);
+ }
+
+done:
+ if ( rc != 0 && pPlugin != NULL ) {
+ slapi_pblock_destroy( pPlugin );
+ pPlugin = NULL;
+ if ( av2 != NULL ) {
+ ldap_charray_free( av2 );
+ }
+ }
+
+ return pPlugin;
+}
+
+/*********************************************************************
+ * Function Name: slapi_int_register_plugin
+ *
+ * Description: insert the slapi_pblock structure to the end of the plugin
+ * list
+ *
+ * Input: a pointer to a plugin slapi_pblock structure to be added to
+ * the list
+ *
+ * Output: none
+ *
+ * Return Values: LDAP_SUCCESS - successfully inserted.
+ * LDAP_LOCAL_ERROR.
+ *
+ * Messages: None
+ *********************************************************************/
+int
+slapi_int_register_plugin(
+ Backend *be,
+ Slapi_PBlock *pPB )
+{
+ Slapi_PBlock *pTmpPB;
+ Slapi_PBlock *pSavePB;
+ int rc = LDAP_SUCCESS;
+
+ assert( be != NULL );
+
+ pTmpPB = SLAPI_BACKEND_PBLOCK( be );
+ if ( pTmpPB == NULL ) {
+ SLAPI_BACKEND_PBLOCK( be ) = pPB;
+ } else {
+ while ( pTmpPB != NULL && rc == LDAP_SUCCESS ) {
+ pSavePB = pTmpPB;
+ rc = slapi_pblock_get( pTmpPB, SLAPI_IBM_PBLOCK, &pTmpPB );
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ rc = slapi_pblock_set( pSavePB, SLAPI_IBM_PBLOCK, (void *)pPB );
+ }
+ }
+
+ return ( rc != LDAP_SUCCESS ) ? LDAP_OTHER : LDAP_SUCCESS;
+}
+
+/*********************************************************************
+ * Function Name: slapi_int_get_plugins
+ *
+ * Description: get the desired type of function pointers defined
+ * in all the plugins
+ *
+ * Input: the type of the functions to get, such as pre-operation,etc.
+ *
+ * Output: none
+ *
+ * Return Values: this routine returns a pointer to an array of function
+ * pointers containing backend-specific plugin functions
+ * followed by global plugin functions
+ *
+ * Messages: None
+ *********************************************************************/
+int
+slapi_int_get_plugins(
+ Backend *be,
+ int functype,
+ SLAPI_FUNC **ppFuncPtrs )
+{
+
+ Slapi_PBlock *pCurrentPB;
+ SLAPI_FUNC FuncPtr;
+ SLAPI_FUNC *pTmpFuncPtr;
+ int numPB = 0;
+ int rc = LDAP_SUCCESS;
+
+ assert( ppFuncPtrs != NULL );
+
+ if ( be == NULL ) {
+ goto done;
+ }
+
+ pCurrentPB = SLAPI_BACKEND_PBLOCK( be );
+
+ while ( pCurrentPB != NULL && rc == LDAP_SUCCESS ) {
+ rc = slapi_pblock_get( pCurrentPB, functype, &FuncPtr );
+ if ( rc == LDAP_SUCCESS ) {
+ if ( FuncPtr != NULL ) {
+ numPB++;
+ }
+ rc = slapi_pblock_get( pCurrentPB,
+ SLAPI_IBM_PBLOCK, &pCurrentPB );
+ }
+ }
+
+ if ( numPB == 0 ) {
+ *ppFuncPtrs = NULL;
+ rc = LDAP_SUCCESS;
+ goto done;
+ }
+
+ /*
+ * Now, build the function pointer array of backend-specific
+ * plugins followed by global plugins.
+ */
+ *ppFuncPtrs = pTmpFuncPtr =
+ (SLAPI_FUNC *)ch_malloc( ( numPB + 1 ) * sizeof(SLAPI_FUNC) );
+ if ( ppFuncPtrs == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto done;
+ }
+
+ pCurrentPB = SLAPI_BACKEND_PBLOCK( be );
+
+ while ( pCurrentPB != NULL && rc == LDAP_SUCCESS ) {
+ rc = slapi_pblock_get( pCurrentPB, functype, &FuncPtr );
+ if ( rc == LDAP_SUCCESS ) {
+ if ( FuncPtr != NULL ) {
+ *pTmpFuncPtr = FuncPtr;
+ pTmpFuncPtr++;
+ }
+ rc = slapi_pblock_get( pCurrentPB,
+ SLAPI_IBM_PBLOCK, &pCurrentPB );
+ }
+ }
+
+ *pTmpFuncPtr = NULL;
+
+
+done:
+ if ( rc != LDAP_SUCCESS && *ppFuncPtrs != NULL ) {
+ ch_free( *ppFuncPtrs );
+ *ppFuncPtrs = NULL;
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+ * Function Name: createExtendedOp
+ *
+ * Description: Creates an extended operation structure and
+ * initializes the fields
+ *
+ * Return value: A newly allocated structure or NULL
+ ********************************************************************/
+ExtendedOp *
+createExtendedOp()
+{
+ ExtendedOp *ret;
+
+ ret = (ExtendedOp *)slapi_ch_malloc(sizeof(ExtendedOp));
+ ret->ext_oid.bv_val = NULL;
+ ret->ext_oid.bv_len = 0;
+ ret->ext_func = NULL;
+ ret->ext_be = NULL;
+ ret->ext_next = NULL;
+
+ return ret;
+}
+
+
+/*********************************************************************
+ * Function Name: slapi_int_unregister_extop
+ *
+ * Description: This routine removes the ExtendedOp structures
+ * asscoiated with a particular extended operation
+ * plugin.
+ *
+ * Input: pBE - pointer to a backend structure
+ * opList - pointer to a linked list of extended
+ * operation structures
+ * pPB - pointer to a slapi parameter block
+ *
+ * Output:
+ *
+ * Return Value: none
+ *
+ * Messages: None
+ *********************************************************************/
+void
+slapi_int_unregister_extop(
+ Backend *pBE,
+ ExtendedOp **opList,
+ Slapi_PBlock *pPB )
+{
+ ExtendedOp *pTmpExtOp, *backExtOp;
+ char **pTmpOIDs;
+ int i;
+
+#if 0
+ assert( pBE != NULL); /* unused */
+#endif /* 0 */
+ assert( opList != NULL );
+ assert( pPB != NULL );
+
+ if ( *opList == NULL ) {
+ return;
+ }
+
+ slapi_pblock_get( pPB, SLAPI_PLUGIN_EXT_OP_OIDLIST, &pTmpOIDs );
+ if ( pTmpOIDs == NULL ) {
+ return;
+ }
+
+ for ( i = 0; pTmpOIDs[i] != NULL; i++ ) {
+ backExtOp = NULL;
+ pTmpExtOp = *opList;
+ for ( ; pTmpExtOp != NULL; pTmpExtOp = pTmpExtOp->ext_next) {
+ int rc;
+ rc = strcasecmp( pTmpExtOp->ext_oid.bv_val,
+ pTmpOIDs[ i ] );
+ if ( rc == 0 ) {
+ if ( backExtOp == NULL ) {
+ *opList = pTmpExtOp->ext_next;
+ } else {
+ backExtOp->ext_next
+ = pTmpExtOp->ext_next;
+ }
+
+ ch_free( pTmpExtOp );
+ break;
+ }
+ backExtOp = pTmpExtOp;
+ }
+ }
+}
+
+
+/*********************************************************************
+ * Function Name: slapi_int_register_extop
+ *
+ * Description: This routine creates a new ExtendedOp structure, loads
+ * in the extended op module and put the extended op function address
+ * in the structure. The function will not be executed in
+ * this routine.
+ *
+ * Input: pBE - pointer to a backend structure
+ * opList - pointer to a linked list of extended
+ * operation structures
+ * pPB - pointer to a slapi parameter block
+ *
+ * Output:
+ *
+ * Return Value: an LDAP return code
+ *
+ * Messages: None
+ *********************************************************************/
+int
+slapi_int_register_extop(
+ Backend *pBE,
+ ExtendedOp **opList,
+ Slapi_PBlock *pPB )
+{
+ ExtendedOp *pTmpExtOp = NULL;
+ SLAPI_FUNC tmpFunc;
+ char **pTmpOIDs;
+ int rc = LDAP_OTHER;
+ int i;
+
+ if ( (*opList) == NULL ) {
+ *opList = createExtendedOp();
+ if ( (*opList) == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto error_return;
+ }
+ pTmpExtOp = *opList;
+
+ } else { /* Find the end of the list */
+ for ( pTmpExtOp = *opList; pTmpExtOp->ext_next != NULL;
+ pTmpExtOp = pTmpExtOp->ext_next )
+ ; /* EMPTY */
+ pTmpExtOp->ext_next = createExtendedOp();
+ if ( pTmpExtOp->ext_next == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto error_return;
+ }
+ pTmpExtOp = pTmpExtOp->ext_next;
+ }
+
+ rc = slapi_pblock_get( pPB,SLAPI_PLUGIN_EXT_OP_OIDLIST, &pTmpOIDs );
+ if ( rc != 0 ) {
+ rc = LDAP_OTHER;
+ goto error_return;
+ }
+
+ rc = slapi_pblock_get(pPB,SLAPI_PLUGIN_EXT_OP_FN, &tmpFunc);
+ if ( rc != 0 ) {
+ rc = LDAP_OTHER;
+ goto error_return;
+ }
+
+ if ( (pTmpOIDs == NULL) || (tmpFunc == NULL) ) {
+ rc = LDAP_OTHER;
+ goto error_return;
+ }
+
+ for ( i = 0; pTmpOIDs[i] != NULL; i++ ) {
+ pTmpExtOp->ext_oid.bv_val = pTmpOIDs[i];
+ pTmpExtOp->ext_oid.bv_len = strlen( pTmpOIDs[i] );
+ pTmpExtOp->ext_func = tmpFunc;
+ pTmpExtOp->ext_be = pBE;
+ if ( pTmpOIDs[i + 1] != NULL ) {
+ pTmpExtOp->ext_next = createExtendedOp();
+ if ( pTmpExtOp->ext_next == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ break;
+ }
+ pTmpExtOp = pTmpExtOp->ext_next;
+ }
+ }
+
+error_return:
+ return rc;
+}
+
+/*********************************************************************
+ * Function Name: slapi_int_get_extop_plugin
+ *
+ * Description: This routine gets the function address for a given function
+ * name.
+ *
+ * Input:
+ * funcName - name of the extended op function, ie. an OID.
+ *
+ * Output: pFuncAddr - the function address of the requested function name.
+ *
+ * Return Values: a pointer to a newly created ExtendOp structrue or
+ * NULL - function failed
+ *
+ * Messages: None
+ *********************************************************************/
+int
+slapi_int_get_extop_plugin(
+ struct berval *reqoid,
+ SLAPI_FUNC *pFuncAddr )
+{
+ ExtendedOp *pTmpExtOp;
+
+ assert( reqoid != NULL );
+ assert( pFuncAddr != NULL );
+
+ *pFuncAddr = NULL;
+
+ if ( pGExtendedOps == NULL ) {
+ return LDAP_OTHER;
+ }
+
+ pTmpExtOp = pGExtendedOps;
+ while ( pTmpExtOp != NULL ) {
+ int rc;
+
+ rc = strcasecmp( reqoid->bv_val, pTmpExtOp->ext_oid.bv_val );
+ if ( rc == 0 ) {
+ *pFuncAddr = pTmpExtOp->ext_func;
+ break;
+ }
+ pTmpExtOp = pTmpExtOp->ext_next;
+ }
+
+ return ( *pFuncAddr == NULL ? 1 : 0 );
+}
+
+/***************************************************************************
+ * This function is similar to slapi_int_get_extop_plugin above. except it returns one OID
+ * per call. It is called from root_dse_info (root_dse.c).
+ * The function is a modified version of get_supported_extop (file extended.c).
+ ***************************************************************************/
+struct berval *
+slapi_int_get_supported_extop( int index )
+{
+ ExtendedOp *ext;
+
+ for ( ext = pGExtendedOps ; ext != NULL && --index >= 0;
+ ext = ext->ext_next) {
+ ; /* empty */
+ }
+
+ if ( ext == NULL ) {
+ return NULL;
+ }
+
+ return &ext->ext_oid ;
+}
+
+/*********************************************************************
+ * Function Name: slapi_int_load_plugin
+ *
+ * Description: This routine loads the specified DLL, gets and executes the init function
+ * if requested.
+ *
+ * Input:
+ * pPlugin - a pointer to a Slapi_PBlock struct which will be passed to
+ * the DLL init function.
+ * path - path name of the DLL to be load.
+ * initfunc - either the DLL initialization function or an OID of the
+ * loaded extended operation.
+ * doInit - if it is TRUE, execute the init function, otherwise, save the
+ * function address but not execute it.
+ *
+ * Output: pInitFunc - the function address of the loaded function. This param
+ * should be not be null if doInit is FALSE.
+ * pLdHandle - handle returned by lt_dlopen()
+ *
+ * Return Values: LDAP_SUCCESS, LDAP_LOCAL_ERROR
+ *
+ * Messages: None
+ *********************************************************************/
+
+static int
+slapi_int_load_plugin(
+ Slapi_PBlock *pPlugin,
+ const char *path,
+ const char *initfunc,
+ int doInit,
+ SLAPI_FUNC *pInitFunc,
+ lt_dlhandle *pLdHandle )
+{
+ int rc = LDAP_SUCCESS;
+ SLAPI_FUNC fpInitFunc = NULL;
+
+ assert( pLdHandle != NULL );
+
+ if ( lt_dlinit() ) {
+ return LDAP_LOCAL_ERROR;
+ }
+
+ /* load in the module */
+ *pLdHandle = lt_dlopen( path );
+ if ( *pLdHandle == NULL ) {
+ fprintf( stderr, "failed to load plugin %s: %s\n",
+ path, lt_dlerror() );
+ return LDAP_LOCAL_ERROR;
+ }
+
+ fpInitFunc = (SLAPI_FUNC)lt_dlsym( *pLdHandle, initfunc );
+ if ( fpInitFunc == NULL ) {
+ fprintf( stderr, "failed to find symbol %s in plugin %s: %s\n",
+ initfunc, path, lt_dlerror() );
+ lt_dlclose( *pLdHandle );
+ return LDAP_LOCAL_ERROR;
+ }
+
+ if ( doInit ) {
+ rc = ( *fpInitFunc )( pPlugin );
+ if ( rc != LDAP_SUCCESS ) {
+ lt_dlclose( *pLdHandle );
+ }
+
+ } else {
+ *pInitFunc = fpInitFunc;
+ }
+
+ return rc;
+}
+
+/*
+ * Special support for computed attribute plugins
+ */
+int
+slapi_int_call_plugins(
+ Backend *be,
+ int funcType,
+ Slapi_PBlock *pPB )
+{
+
+ int rc = 0;
+ SLAPI_FUNC *pGetPlugin = NULL, *tmpPlugin = NULL;
+
+ if ( pPB == NULL ) {
+ return 1;
+ }
+
+ rc = slapi_int_get_plugins( be, funcType, &tmpPlugin );
+ if ( rc != LDAP_SUCCESS || tmpPlugin == NULL ) {
+ /* Nothing to do, front-end should ignore. */
+ return 1;
+ }
+
+ for ( pGetPlugin = tmpPlugin ; *pGetPlugin != NULL; pGetPlugin++ ) {
+ rc = (*pGetPlugin)(pPB);
+
+ /*
+ * Only non-postoperation plugins abort processing on
+ * failure (confirmed with SLAPI specification).
+ */
+ if ( !SLAPI_PLUGIN_IS_POST_FN( funcType ) && rc != 0 ) {
+ /*
+ * Plugins generally return negative error codes
+ * to indicate failure, although in the case of
+ * bind plugins they may return SLAPI_BIND_xxx
+ */
+ break;
+ }
+ }
+
+ slapi_ch_free( (void **)&tmpPlugin );
+
+ return rc;
+}
+
+int
+slapi_int_read_config(
+ Backend *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv )
+{
+ int iType = -1;
+ int numPluginArgc = 0;
+
+ if ( argc < 4 ) {
+ fprintf( stderr,
+ "%s: line %d: missing arguments "
+ "in \"plugin <plugin_type> <lib_path> "
+ "<init_function> [<arguments>]\" line\n",
+ fname, lineno );
+ return 1;
+ }
+
+ /* automatically instantiate overlay if necessary */
+ if ( !slapi_over_is_inst( be ) ) {
+ if ( slapi_over_config( be ) != 0 ) {
+ fprintf( stderr, "Failed to instantiate SLAPI overlay\n");
+ return -1;
+ }
+ }
+
+ if ( strcasecmp( argv[1], "preoperation" ) == 0 ) {
+ iType = SLAPI_PLUGIN_PREOPERATION;
+ } else if ( strcasecmp( argv[1], "postoperation" ) == 0 ) {
+ iType = SLAPI_PLUGIN_POSTOPERATION;
+ } else if ( strcasecmp( argv[1], "extendedop" ) == 0 ) {
+ iType = SLAPI_PLUGIN_EXTENDEDOP;
+ } else if ( strcasecmp( argv[1], "object" ) == 0 ) {
+ iType = SLAPI_PLUGIN_OBJECT;
+ } else {
+ fprintf( stderr, "%s: line %d: invalid plugin type \"%s\".\n",
+ fname, lineno, argv[1] );
+ return 1;
+ }
+
+ numPluginArgc = argc - 4;
+
+ if ( iType == SLAPI_PLUGIN_PREOPERATION ||
+ iType == SLAPI_PLUGIN_EXTENDEDOP ||
+ iType == SLAPI_PLUGIN_POSTOPERATION ||
+ iType == SLAPI_PLUGIN_OBJECT ) {
+ int rc;
+ Slapi_PBlock *pPlugin;
+
+ pPlugin = plugin_pblock_new( iType, numPluginArgc, argv );
+ if (pPlugin == NULL) {
+ return 1;
+ }
+
+ if (iType == SLAPI_PLUGIN_EXTENDEDOP) {
+ rc = slapi_int_register_extop(be, &pGExtendedOps, pPlugin);
+ if ( rc != LDAP_SUCCESS ) {
+ slapi_pblock_destroy( pPlugin );
+ return 1;
+ }
+ }
+
+ rc = slapi_int_register_plugin( be, pPlugin );
+ if ( rc != LDAP_SUCCESS ) {
+ if ( iType == SLAPI_PLUGIN_EXTENDEDOP ) {
+ slapi_int_unregister_extop( be, &pGExtendedOps, pPlugin );
+ }
+ slapi_pblock_destroy( pPlugin );
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+void
+slapi_int_plugin_unparse(
+ Backend *be,
+ BerVarray *out
+)
+{
+ Slapi_PBlock *pp;
+ int i, j;
+ char **argv, ibuf[32], *ptr;
+ struct berval idx, bv;
+
+ *out = NULL;
+ idx.bv_val = ibuf;
+ i = 0;
+
+ for ( pp = SLAPI_BACKEND_PBLOCK( be );
+ pp != NULL;
+ slapi_pblock_get( pp, SLAPI_IBM_PBLOCK, &pp ) )
+ {
+ slapi_pblock_get( pp, SLAPI_X_CONFIG_ARGV, &argv );
+ if ( argv == NULL ) /* could be dynamic plugin */
+ continue;
+ idx.bv_len = sprintf( idx.bv_val, "{%d}", i );
+ bv.bv_len = idx.bv_len;
+ for (j=1; argv[j]; j++) {
+ bv.bv_len += strlen(argv[j]);
+ if ( j ) bv.bv_len++;
+ }
+ bv.bv_val = ch_malloc( bv.bv_len + 1 );
+ ptr = lutil_strcopy( bv.bv_val, ibuf );
+ for (j=1; argv[j]; j++) {
+ if ( j ) *ptr++ = ' ';
+ ptr = lutil_strcopy( ptr, argv[j] );
+ }
+ ber_bvarray_add( out, &bv );
+ }
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapi/printmsg.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapi/printmsg.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapi/printmsg.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,100 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/printmsg.c,v 1.13.2.3 2007/01/02 21:44:10 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2002-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1997,2002-2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by IBM Corporation for use in
+ * IBM products and subsequently ported to OpenLDAP Software by
+ * Steve Omrani.
+ */
+
+#include <portable.h>
+#include <stdio.h>
+#include <ac/string.h>
+#include <ac/stdarg.h>
+#include <ac/unistd.h>
+#include <fcntl.h>
+#include <ac/errno.h>
+
+#include <ldap.h>
+#include <ldap_config.h>
+#include <slap.h>
+#include <slapi.h>
+
+#include <ldap_pvt_thread.h>
+
+/* Single threads access to routine */
+ldap_pvt_thread_mutex_t slapi_printmessage_mutex;
+char *slapi_log_file = NULL;
+int slapi_log_level = SLAPI_LOG_PLUGIN;
+
+int
+slapi_int_log_error(
+ int level,
+ char *subsystem,
+ char *fmt,
+ va_list arglist )
+{
+ int rc = 0;
+ FILE *fp = NULL;
+
+ char timeStr[100];
+ struct tm *ltm;
+ time_t currentTime;
+
+ assert( subsystem != NULL );
+ assert( fmt != NULL );
+
+ ldap_pvt_thread_mutex_lock( &slapi_printmessage_mutex ) ;
+
+ /* for now, we log all severities */
+ if ( level <= slapi_log_level ) {
+ fp = fopen( slapi_log_file, "a" );
+ if ( fp == NULL) {
+ rc = -1;
+ goto done;
+ }
+
+ /*
+ * FIXME: could block
+ */
+ while ( lockf( fileno( fp ), F_LOCK, 0 ) != 0 ) {
+ /* DO NOTHING */ ;
+ }
+
+ time( ¤tTime );
+ ltm = localtime( ¤tTime );
+ strftime( timeStr, sizeof(timeStr), "%x %X", ltm );
+ fputs( timeStr, fp );
+
+ fprintf( fp, " %s: ", subsystem );
+ vfprintf( fp, fmt, arglist );
+ if ( fmt[ strlen( fmt ) - 1 ] != '\n' ) {
+ fputs( "\n", fp );
+ }
+ fflush( fp );
+
+ lockf( fileno( fp ), F_ULOCK, 0 );
+
+ fclose( fp );
+
+ } else {
+ rc = -1;
+ }
+
+done:
+ ldap_pvt_thread_mutex_unlock( &slapi_printmessage_mutex );
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapi/proto-slapi.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapi/proto-slapi.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapi/proto-slapi.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,91 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/proto-slapi.h,v 1.26.2.6 2007/01/02 21:44:10 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2002-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1997,2002-2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by IBM Corporation for use in
+ * IBM products and subsequently ported to OpenLDAP Software by
+ * Steve Omrani. Additional significant contributors include:
+ * Luke Howard
+ */
+
+#ifndef _PROTO_SLAPI_H
+#define _PROTO_SLAPI_H
+
+LDAP_BEGIN_DECL
+
+/* slapi_utils.c */
+LDAP_SLAPI_F (LDAPMod **) slapi_int_modifications2ldapmods LDAP_P(( Modifications * ));
+LDAP_SLAPI_F (Modifications *) slapi_int_ldapmods2modifications LDAP_P(( LDAPMod ** ));
+LDAP_SLAPI_F (int) slapi_int_count_controls LDAP_P(( LDAPControl **ctrls ));
+LDAP_SLAPI_F (char **) slapi_get_supported_extended_ops LDAP_P((void));
+LDAP_SLAPI_F (int) slapi_int_access_allowed LDAP_P((Operation *op, Entry *entry, AttributeDescription *desc, struct berval *val, slap_access_t access, AccessControlState *state ));
+
+/* slapi_ops.c */
+LDAP_SLAPI_F (int) slapi_int_response LDAP_P(( Slapi_Operation *op, SlapReply *rs ));
+LDAP_SLAPI_F (void) slapi_int_connection_init_pb LDAP_P(( Slapi_PBlock *pb, ber_tag_t OpType ));
+LDAP_SLAPI_F (void) slapi_int_connection_done_pb LDAP_P(( Slapi_PBlock *pb ));
+
+/* slapi_pblock.c */
+LDAP_SLAPI_F (int) slapi_pblock_delete_param LDAP_P(( Slapi_PBlock *p, int param ));
+LDAP_SLAPI_F (void) slapi_pblock_clear LDAP_P(( Slapi_PBlock *pb ));
+
+LDAP_SLAPI_F (int) slapi_int_pblock_get_first LDAP_P(( Backend *be, Slapi_PBlock **pb ));
+LDAP_SLAPI_F (int) slapi_int_pblock_get_next LDAP_P(( Slapi_PBlock **pb ));
+
+#define PBLOCK_ASSERT_CONN( _pb ) do { \
+ assert( (_pb) != NULL ); \
+ assert( (_pb)->pb_conn != NULL ); \
+ } while (0)
+
+#define PBLOCK_ASSERT_OP( _pb, _tag ) do { \
+ PBLOCK_ASSERT_CONN( _pb ); \
+ assert( (_pb)->pb_op != NULL ); \
+ assert( (_pb)->pb_rs != NULL ); \
+ if ( _tag != 0 ) \
+ assert( (_pb)->pb_op->o_tag == (_tag)); \
+ } while (0)
+
+#define PBLOCK_ASSERT_INTOP( _pb, _tag ) do { \
+ PBLOCK_ASSERT_OP( _pb, _tag ); \
+ assert( (_pb)->pb_intop ); \
+ assert( (_pb)->pb_op == (Operation *)pb->pb_conn->c_pending_ops.stqh_first ); \
+ } while (0)
+
+/* plugin.c */
+LDAP_SLAPI_F (int) slapi_int_register_plugin LDAP_P((Backend *be, Slapi_PBlock *pPB));
+LDAP_SLAPI_F (int) slapi_int_call_plugins LDAP_P((Backend *be, int funcType, Slapi_PBlock * pPB));
+LDAP_SLAPI_F (int) slapi_int_get_plugins LDAP_P((Backend *be, int functype, SLAPI_FUNC **ppFuncPtrs));
+LDAP_SLAPI_F (int) slapi_int_register_extop LDAP_P((Backend *pBE, ExtendedOp **opList, Slapi_PBlock *pPB));
+LDAP_SLAPI_F (int) slapi_int_get_extop_plugin LDAP_P((struct berval *reqoid, SLAPI_FUNC *pFuncAddr ));
+LDAP_SLAPI_F (struct berval *) slapi_int_get_supported_extop LDAP_P(( int ));
+LDAP_SLAPI_F (int) slapi_int_read_config LDAP_P((Backend *be, const char *fname, int lineno,
+ int argc, char **argv ));
+LDAP_SLAPI_F (void) slapi_int_plugin_unparse LDAP_P((Backend *be, BerVarray *out ));
+LDAP_SLAPI_F (int) slapi_int_initialize LDAP_P((void));
+
+/* slapi_ext.c */
+LDAP_SLAPI_F (int) slapi_int_init_object_extensions LDAP_P((void));
+LDAP_SLAPI_F (int) slapi_int_free_object_extensions LDAP_P((int objecttype, void *object));
+LDAP_SLAPI_F (int) slapi_int_create_object_extensions LDAP_P((int objecttype, void *object));
+LDAP_SLAPI_F (int) slapi_int_clear_object_extensions LDAP_P((int objecttype, void *object));
+
+/* slapi_overlay.c */
+LDAP_SLAPI_F (int) slapi_over_is_inst LDAP_P((BackendDB *));
+LDAP_SLAPI_F (int) slapi_over_config LDAP_P((BackendDB *));
+
+LDAP_END_DECL
+
+#endif /* _PROTO_SLAPI_H */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,205 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi.h,v 1.33.2.5 2007/01/02 21:44:10 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2002-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1997,2002-2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by IBM Corporation for use in
+ * IBM products and subsequently ported to OpenLDAP Software by
+ * Steve Omrani. Additional significant contributors include:
+ * Luke Howard
+ */
+
+#ifdef LDAP_SLAPI /* SLAPI is OPTIONAL */
+
+#ifndef _SLAPI_H
+#define _SLAPI_H
+
+LDAP_BEGIN_DECL
+
+/*
+ * Quick 'n' dirty to make struct slapi_* in slapi-plugin.h opaque
+ */
+#define slapi_entry slap_entry
+#define slapi_attr slap_attr
+#define slapi_value berval
+#define slapi_valueset berval *
+#define slapi_filter slap_filter
+
+LDAP_END_DECL
+
+#include <slapi-plugin.h>
+
+LDAP_BEGIN_DECL
+
+#define SLAPI_OVERLAY_NAME "slapi"
+
+#define SLAPI_OPERATION_PBLOCK(_op) ((_op)->o_callback->sc_private)
+#define SLAPI_CONNECTION_PBLOCK(_conn) ((_conn)->c_pb);
+#define SLAPI_BACKEND_PBLOCK(_be) ((_be)->be_pb)
+
+#define SLAPI_OPERATION_EXTENSIONS(_op) ((_op)->o_hdr->oh_extensions)
+#define SLAPI_CONNECTION_EXTENSIONS(_conn) ((_conn)->c_extensions)
+
+#define SLAPI_CONTROL_MANAGEDSAIT_OID LDAP_CONTROL_MANAGEDSAIT
+#define SLAPI_CONTROL_SORTEDSEARCH_OID LDAP_CONTROL_SORTREQUEST
+#define SLAPI_CONTROL_PAGED_RESULTS_OID LDAP_CONTROL_PAGEDRESULTS
+
+typedef int (*SLAPI_FUNC)( Slapi_PBlock *pb );
+
+typedef struct _slapi_control {
+ int s_ctrl_num;
+ char **s_ctrl_oids;
+ unsigned long *s_ctrl_ops;
+} Slapi_Control;
+
+typedef struct _ExtendedOp {
+ struct berval ext_oid;
+ SLAPI_FUNC ext_func;
+ Backend *ext_be;
+ struct _ExtendedOp *ext_next;
+} ExtendedOp;
+
+/* Computed attribute support */
+struct _computed_attr_context {
+ Slapi_PBlock *cac_pb;
+ Operation *cac_op;
+ void *cac_private;
+};
+
+/* for slapi_attr_type_cmp() */
+#define SLAPI_TYPE_CMP_EXACT 0
+#define SLAPI_TYPE_CMP_BASE 1
+#define SLAPI_TYPE_CMP_SUBTYPE 2
+
+typedef enum slapi_extension_e {
+ SLAPI_X_EXT_CONNECTION = 0,
+ SLAPI_X_EXT_OPERATION = 1,
+ SLAPI_X_EXT_MAX = 2
+} slapi_extension_t;
+
+struct slapi_dn {
+ unsigned char flag;
+ struct berval dn;
+ struct berval ndn;
+};
+
+struct slapi_rdn {
+ unsigned char flag;
+ struct berval bv;
+ LDAPRDN rdn;
+};
+
+/*
+ * Was: slapi_pblock.h
+ */
+
+#ifndef NO_PBLOCK_CLASS /* where's this test from? */
+
+typedef enum slapi_pblock_class_e {
+ PBLOCK_CLASS_INVALID = 0,
+ PBLOCK_CLASS_INTEGER,
+ PBLOCK_CLASS_LONG_INTEGER,
+ PBLOCK_CLASS_POINTER,
+ PBLOCK_CLASS_FUNCTION_POINTER
+} slapi_pblock_class_t;
+
+#define PBLOCK_SUCCESS (0)
+#define PBLOCK_ERROR (-1)
+#define PBLOCK_MAX_PARAMS 100
+
+union slapi_pblock_value {
+ int pv_integer;
+ long pv_long_integer;
+ void *pv_pointer;
+ int (*pv_function_pointer)();
+};
+
+struct slapi_pblock {
+ ldap_pvt_thread_mutex_t pb_mutex;
+ int pb_nParams;
+ int pb_params[PBLOCK_MAX_PARAMS];
+ union slapi_pblock_value pb_values[PBLOCK_MAX_PARAMS];
+ /* native types */
+ Connection *pb_conn;
+ Operation *pb_op;
+ SlapReply *pb_rs;
+ int pb_intop;
+ char pb_textbuf[ SLAP_TEXT_BUFLEN ];
+};
+
+#endif /* !NO_PBLOCK_CLASS */
+
+/*
+ * Was: plugin.h
+ */
+
+#define SLAPI_PLUGIN_IS_POST_FN(x) ((x) >= SLAPI_PLUGIN_POST_BIND_FN && (x) <= SLAPI_PLUGIN_BE_POST_DELETE_FN)
+
+#define SLAPI_IBM_PBLOCK -3
+
+#define SLAPI_ENTRY_PRE_OP 52
+#define SLAPI_ENTRY_POST_OP 53
+
+/* This is the spelling in the SunOne 5.2 docs */
+#define SLAPI_RES_CONTROLS SLAPI_RESCONTROLS
+
+#define SLAPI_ABANDON_MSGID 120
+
+#define SLAPI_OPERATION_PARAMETERS 138
+
+#define SLAPI_SEQ_TYPE 150
+#define SLAPI_SEQ_ATTRNAME 151
+#define SLAPI_SEQ_VAL 152
+
+#define SLAPI_MR_FILTER_ENTRY 170
+#define SLAPI_MR_FILTER_TYPE 171
+#define SLAPI_MR_FILTER_VALUE 172
+#define SLAPI_MR_FILTER_OID 173
+#define SLAPI_MR_FILTER_DNATTRS 174
+
+#define SLAPI_LDIF2DB_FILE 180
+#define SLAPI_LDIF2DB_REMOVEDUPVALS 185
+
+#define SLAPI_DB2LDIF_PRINTKEY 183
+
+#define SLAPI_CHANGENUMBER 197
+#define SLAPI_LOG_OPERATION 198
+
+#define SLAPI_DBSIZE 199
+
+#define SLAPI_PLUGIN_DB_TEST_FN 227
+#define SLAPI_PLUGIN_DB_NO_ACL 250
+
+/* OpenLDAP private parametrs */
+#define SLAPI_PLUGIN_COMPUTE_EVALUATOR_FN 1200
+#define SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN 1201
+
+#define SLAPI_X_CONFIG_ARGV 1400
+#define SLAPI_X_INTOP_FLAGS 1401
+#define SLAPI_X_INTOP_RESULT_CALLBACK 1402
+#define SLAPI_X_INTOP_SEARCH_ENTRY_CALLBACK 1403
+#define SLAPI_X_INTOP_REFERRAL_ENTRY_CALLBACK 1404
+#define SLAPI_X_INTOP_CALLBACK_DATA 1405
+#define SLAPI_X_OLD_RESCONTROLS 1406
+
+LDAP_SLAPI_V (ldap_pvt_thread_mutex_t) slapi_hn_mutex;
+LDAP_SLAPI_V (ldap_pvt_thread_mutex_t) slapi_time_mutex;
+LDAP_SLAPI_V (ldap_pvt_thread_mutex_t) slapi_printmessage_mutex;
+LDAP_SLAPI_V (char *) slapi_log_file;
+LDAP_SLAPI_V (int) slapi_log_level;
+
+#include "proto-slapi.h"
+
+#endif /* _SLAPI_H */
+#endif /* LDAP_SLAPI */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_dn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_dn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_dn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,669 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_dn.c,v 1.1.2.5 2007/01/02 21:44:10 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Luke Howard for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <ac/string.h>
+#include <ac/stdarg.h>
+#include <ac/ctype.h>
+#include <ac/unistd.h>
+#include <ldap_pvt.h>
+
+#include <slap.h>
+#include <slapi.h>
+
+#ifdef LDAP_SLAPI
+#define FLAG_DN 0x1
+#define FLAG_NDN 0x2
+
+void slapi_sdn_init( Slapi_DN *sdn )
+{
+ sdn->flag = 0;
+ BER_BVZERO( &sdn->dn );
+ BER_BVZERO( &sdn->ndn );
+}
+
+Slapi_DN *slapi_sdn_new( void )
+{
+ Slapi_DN *sdn;
+
+ sdn = (Slapi_DN *)slapi_ch_malloc( sizeof(*sdn ));
+ slapi_sdn_init( sdn );
+
+ return sdn;
+}
+
+void slapi_sdn_done( Slapi_DN *sdn )
+{
+ if ( sdn == NULL )
+ return;
+
+ if ( sdn->flag & FLAG_DN ) {
+ slapi_ch_free_string( &sdn->dn.bv_val );
+ }
+ if ( sdn->flag & FLAG_NDN ) {
+ slapi_ch_free_string( &sdn->ndn.bv_val );
+ }
+
+ slapi_sdn_init( sdn );
+}
+
+void slapi_sdn_free( Slapi_DN **sdn )
+{
+ slapi_sdn_done( *sdn );
+ slapi_ch_free( (void **)sdn );
+}
+
+const char *slapi_sdn_get_dn( const Slapi_DN *sdn )
+{
+ if ( !BER_BVISNULL( &sdn->dn ) )
+ return sdn->dn.bv_val;
+ else
+ return sdn->ndn.bv_val;
+}
+
+const char *slapi_sdn_get_ndn( const Slapi_DN *sdn )
+{
+ if ( BER_BVISNULL( &sdn->ndn ) ) {
+ dnNormalize( 0, NULL, NULL,
+ (struct berval *)&sdn->dn, (struct berval *)&sdn->ndn, NULL );
+ ((Slapi_DN *)sdn)->flag |= FLAG_NDN;
+ }
+
+ return sdn->ndn.bv_val;
+}
+
+Slapi_DN *slapi_sdn_new_dn_byval( const char *dn )
+{
+ Slapi_DN *sdn;
+
+ sdn = slapi_sdn_new();
+ return slapi_sdn_set_dn_byval( sdn, dn );
+}
+
+Slapi_DN *slapi_sdn_new_ndn_byval( const char *ndn )
+{
+ Slapi_DN *sdn;
+
+ sdn = slapi_sdn_new();
+ return slapi_sdn_set_ndn_byval( sdn, ndn );
+}
+
+Slapi_DN *slapi_sdn_new_dn_byref( const char *dn )
+{
+ Slapi_DN *sdn;
+
+ sdn = slapi_sdn_new();
+ return slapi_sdn_set_dn_byref( sdn, dn );
+}
+
+Slapi_DN *slapi_sdn_new_ndn_byref( const char *ndn )
+{
+ Slapi_DN *sdn;
+
+ sdn = slapi_sdn_new();
+ return slapi_sdn_set_ndn_byref( sdn, ndn );
+}
+
+Slapi_DN *slapi_sdn_new_dn_passin( const char *dn )
+{
+ Slapi_DN *sdn;
+
+ sdn = slapi_sdn_new();
+ return slapi_sdn_set_dn_passin( sdn, dn );
+}
+
+Slapi_DN *slapi_sdn_set_dn_byval( Slapi_DN *sdn, const char *dn )
+{
+ if ( sdn == NULL ) {
+ return NULL;
+ }
+
+ slapi_sdn_done( sdn );
+ if ( dn != NULL ) {
+ sdn->dn.bv_val = slapi_ch_strdup( dn );
+ sdn->dn.bv_len = strlen( dn );
+ }
+ sdn->flag |= FLAG_DN;
+
+ return sdn;
+}
+
+Slapi_DN *slapi_sdn_set_dn_byref( Slapi_DN *sdn, const char *dn )
+{
+ if ( sdn == NULL )
+ return NULL;
+
+ slapi_sdn_done( sdn );
+ if ( dn != NULL ) {
+ sdn->dn.bv_val = (char *)dn;
+ sdn->dn.bv_len = strlen( dn );
+ }
+
+ return sdn;
+}
+
+Slapi_DN *slapi_sdn_set_dn_passin( Slapi_DN *sdn, const char *dn )
+{
+ if ( sdn == NULL )
+ return NULL;
+
+ slapi_sdn_set_dn_byref( sdn, dn );
+ sdn->flag |= FLAG_DN;
+
+ return sdn;
+}
+
+Slapi_DN *slapi_sdn_set_ndn_byval( Slapi_DN *sdn, const char *ndn )
+{
+ if ( sdn == NULL ) {
+ return NULL;
+ }
+
+ slapi_sdn_done( sdn );
+ if ( ndn != NULL ) {
+ sdn->ndn.bv_val = slapi_ch_strdup( ndn );
+ sdn->ndn.bv_len = strlen( ndn );
+ }
+ sdn->flag |= FLAG_NDN;
+
+ return sdn;
+}
+
+Slapi_DN *slapi_sdn_set_ndn_byref( Slapi_DN *sdn, const char *ndn )
+{
+ if ( sdn == NULL )
+ return NULL;
+
+ slapi_sdn_done( sdn );
+ if ( ndn != NULL ) {
+ sdn->ndn.bv_val = (char *)ndn;
+ sdn->ndn.bv_len = strlen( ndn );
+ }
+
+ return sdn;
+}
+
+Slapi_DN *slapi_sdn_set_ndn_passin( Slapi_DN *sdn, const char *ndn )
+{
+ if ( sdn == NULL )
+ return NULL;
+
+ slapi_sdn_set_ndn_byref( sdn, ndn );
+ sdn->flag |= FLAG_NDN;
+
+ return sdn;
+}
+
+void slapi_sdn_get_parent( const Slapi_DN *sdn, Slapi_DN *sdn_parent )
+{
+ struct berval parent_dn;
+
+ if ( !(sdn->flag & FLAG_DN) ) {
+ dnParent( (struct berval *)&sdn->ndn, &parent_dn );
+ slapi_sdn_set_ndn_byval( sdn_parent, parent_dn.bv_val );
+ } else {
+ dnParent( (struct berval *)&sdn->dn, &parent_dn );
+ slapi_sdn_set_dn_byval( sdn_parent, parent_dn.bv_val );
+ }
+}
+
+void slapi_sdn_get_backend_parent( const Slapi_DN *sdn,
+ Slapi_DN *sdn_parent,
+ const Slapi_Backend *backend )
+{
+ slapi_sdn_get_ndn( sdn );
+
+ if ( backend == NULL ||
+ be_issuffix( (Slapi_Backend *)backend, (struct berval *)&sdn->ndn ) == 0 ) {
+ slapi_sdn_get_parent( sdn, sdn_parent );
+ }
+
+}
+
+Slapi_DN * slapi_sdn_dup( const Slapi_DN *sdn )
+{
+ Slapi_DN *new_sdn;
+
+ new_sdn = slapi_sdn_new();
+ slapi_sdn_copy( sdn, new_sdn );
+
+ return new_sdn;
+}
+
+void slapi_sdn_copy( const Slapi_DN *from, Slapi_DN *to )
+{
+ slapi_sdn_set_dn_byval( to, from->dn.bv_val );
+}
+
+int slapi_sdn_compare( const Slapi_DN *sdn1, const Slapi_DN *sdn2 )
+{
+ int match = -1;
+
+ slapi_sdn_get_ndn( sdn1 );
+ slapi_sdn_get_ndn( sdn2 );
+
+ dnMatch( &match, 0, slap_schema.si_syn_distinguishedName, NULL,
+ (struct berval *)&sdn1->ndn, (void *)&sdn2->ndn );
+
+ return match;
+}
+
+int slapi_sdn_isempty( const Slapi_DN *sdn)
+{
+ return ( BER_BVISEMPTY( &sdn->dn ) && BER_BVISEMPTY( &sdn->ndn ) );
+}
+
+int slapi_sdn_issuffix( const Slapi_DN *sdn, const Slapi_DN *suffix_sdn )
+{
+ slapi_sdn_get_ndn( sdn );
+ slapi_sdn_get_ndn( suffix_sdn );
+
+ return dnIsSuffix( &sdn->ndn, &suffix_sdn->ndn );
+}
+
+int slapi_sdn_isparent( const Slapi_DN *parent, const Slapi_DN *child )
+{
+ Slapi_DN child_parent;
+
+ slapi_sdn_get_ndn( child );
+
+ slapi_sdn_init( &child_parent );
+ dnParent( (struct berval *)&child->ndn, &child_parent.ndn );
+
+ return ( slapi_sdn_compare( parent, &child_parent ) == 0 );
+}
+
+int slapi_sdn_isgrandparent( const Slapi_DN *parent, const Slapi_DN *child )
+{
+ Slapi_DN child_grandparent;
+
+ slapi_sdn_get_ndn( child );
+
+ slapi_sdn_init( &child_grandparent );
+ dnParent( (struct berval *)&child->ndn, &child_grandparent.ndn );
+ if ( child_grandparent.ndn.bv_len == 0 ) {
+ return 0;
+ }
+
+ dnParent( &child_grandparent.ndn, &child_grandparent.ndn );
+
+ return ( slapi_sdn_compare( parent, &child_grandparent ) == 0 );
+}
+
+int slapi_sdn_get_ndn_len( const Slapi_DN *sdn )
+{
+ slapi_sdn_get_ndn( sdn );
+
+ return sdn->ndn.bv_len;
+}
+
+int slapi_sdn_scope_test( const Slapi_DN *dn, const Slapi_DN *base, int scope )
+{
+ int rc;
+
+ switch ( scope ) {
+ case LDAP_SCOPE_BASE:
+ rc = ( slapi_sdn_compare( dn, base ) == 0 );
+ break;
+ case LDAP_SCOPE_ONELEVEL:
+ rc = slapi_sdn_isparent( base, dn );
+ break;
+ case LDAP_SCOPE_SUBTREE:
+ rc = slapi_sdn_issuffix( dn, base );
+ break;
+ default:
+ rc = 0;
+ break;
+ }
+
+ return rc;
+}
+
+void slapi_rdn_init( Slapi_RDN *rdn )
+{
+ rdn->flag = 0;
+ BER_BVZERO( &rdn->bv );
+ rdn->rdn = NULL;
+}
+
+Slapi_RDN *slapi_rdn_new( void )
+{
+ Slapi_RDN *rdn;
+
+ rdn = (Slapi_RDN *)slapi_ch_malloc( sizeof(*rdn ));
+ slapi_rdn_init( rdn );
+
+ return rdn;
+}
+
+Slapi_RDN *slapi_rdn_new_dn( const char *dn )
+{
+ Slapi_RDN *rdn;
+
+ rdn = slapi_rdn_new();
+ slapi_rdn_init_dn( rdn, dn );
+ return rdn;
+}
+
+Slapi_RDN *slapi_rdn_new_sdn( const Slapi_DN *sdn )
+{
+ return slapi_rdn_new_dn( slapi_sdn_get_dn( sdn ) );
+}
+
+Slapi_RDN *slapi_rdn_new_rdn( const Slapi_RDN *fromrdn )
+{
+ return slapi_rdn_new_dn( fromrdn->bv.bv_val );
+}
+
+void slapi_rdn_init_dn( Slapi_RDN *rdn, const char *dn )
+{
+ slapi_rdn_init( rdn );
+ slapi_rdn_set_dn( rdn, dn );
+}
+
+void slapi_rdn_init_sdn( Slapi_RDN *rdn, const Slapi_DN *sdn )
+{
+ slapi_rdn_init( rdn );
+ slapi_rdn_set_sdn( rdn, sdn );
+}
+
+void slapi_rdn_init_rdn( Slapi_RDN *rdn, const Slapi_RDN *fromrdn )
+{
+ slapi_rdn_init( rdn );
+ slapi_rdn_set_rdn( rdn, fromrdn );
+}
+
+void slapi_rdn_set_dn( Slapi_RDN *rdn, const char *dn )
+{
+ struct berval bv;
+
+ slapi_rdn_done( rdn );
+
+ BER_BVZERO( &bv );
+
+ if ( dn != NULL ) {
+ bv.bv_val = (char *)dn;
+ bv.bv_len = strlen( dn );
+ }
+
+ dnExtractRdn( &bv, &rdn->bv, NULL );
+ rdn->flag |= FLAG_DN;
+}
+
+void slapi_rdn_set_sdn( Slapi_RDN *rdn, const Slapi_DN *sdn )
+{
+ slapi_rdn_set_dn( rdn, slapi_sdn_get_dn( sdn ) );
+}
+
+void slapi_rdn_set_rdn( Slapi_RDN *rdn, const Slapi_RDN *fromrdn )
+{
+ slapi_rdn_set_dn( rdn, fromrdn->bv.bv_val );
+}
+
+void slapi_rdn_free( Slapi_RDN **rdn )
+{
+ slapi_rdn_done( *rdn );
+ slapi_ch_free( (void **)rdn );
+}
+
+void slapi_rdn_done( Slapi_RDN *rdn )
+{
+ if ( rdn->rdn != NULL ) {
+ ldap_rdnfree( rdn->rdn );
+ rdn->rdn = NULL;
+ }
+ slapi_ch_free_string( &rdn->bv.bv_val );
+ slapi_rdn_init( rdn );
+}
+
+const char *slapi_rdn_get_rdn( const Slapi_RDN *rdn )
+{
+ return rdn->bv.bv_val;
+}
+
+static int slapi_int_rdn_explode( Slapi_RDN *rdn )
+{
+ char *next;
+
+ if ( rdn->rdn != NULL ) {
+ return LDAP_SUCCESS;
+ }
+
+ return ldap_bv2rdn( &rdn->bv, &rdn->rdn, &next, LDAP_DN_FORMAT_LDAP );
+}
+
+static int slapi_int_rdn_implode( Slapi_RDN *rdn )
+{
+ struct berval bv;
+ int rc;
+
+ if ( rdn->rdn == NULL ) {
+ return LDAP_SUCCESS;
+ }
+
+ rc = ldap_rdn2bv( rdn->rdn, &bv, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ slapi_ch_free_string( &rdn->bv.bv_val );
+ rdn->bv = bv;
+
+ return 0;
+}
+
+int slapi_rdn_get_num_components( Slapi_RDN *rdn )
+{
+ int i;
+
+ if ( slapi_int_rdn_explode( rdn ) != LDAP_SUCCESS )
+ return 0;
+
+ for ( i = 0; rdn->rdn[i] != NULL; i++ )
+ ;
+
+ return i;
+}
+
+int slapi_rdn_get_first( Slapi_RDN *rdn, char **type, char **value )
+{
+ return slapi_rdn_get_next( rdn, 0, type, value );
+}
+
+int slapi_rdn_get_next( Slapi_RDN *rdn, int index, char **type, char **value )
+{
+ slapi_int_rdn_explode( rdn );
+
+ if ( rdn->rdn == NULL || rdn->rdn[index] == NULL )
+ return -1;
+
+ *type = rdn->rdn[index]->la_attr.bv_val;
+ *value = rdn->rdn[index]->la_value.bv_val;
+
+ return index + 1;
+}
+
+int slapi_rdn_get_index( Slapi_RDN *rdn, const char *type, const char *value, size_t length )
+{
+ int i, match;
+ struct berval bv;
+ AttributeDescription *ad = NULL;
+ const char *text;
+
+ slapi_int_rdn_explode( rdn );
+
+ if ( slap_str2ad( type, &ad, &text ) != LDAP_SUCCESS ) {
+ return -1;
+ }
+
+ bv.bv_val = (char *)value;
+ bv.bv_len = length;
+
+ for ( i = 0; rdn->rdn[i] != NULL; i++ ) {
+ if ( !slapi_attr_types_equivalent( ad->ad_cname.bv_val, type ))
+ continue;
+
+ if ( value_match( &match, ad, ad->ad_type->sat_equality, 0,
+ &rdn->rdn[i]->la_value, (void *)&bv, &text ) != LDAP_SUCCESS )
+ match = -1;
+
+ if ( match == 0 )
+ return i;
+ }
+
+ return -1;
+}
+
+int slapi_rdn_get_index_attr( Slapi_RDN *rdn, const char *type, char **value )
+{
+ int i;
+
+ for ( i = 0; rdn->rdn[i] != NULL; i++ ) {
+ if ( slapi_attr_types_equivalent( rdn->rdn[i]->la_attr.bv_val, type ) ) {
+ *value = rdn->rdn[i]->la_value.bv_val;
+ return i;
+ }
+ }
+
+ return -1;
+}
+
+int slapi_rdn_contains( Slapi_RDN *rdn, const char *type, const char *value, size_t length )
+{
+ return ( slapi_rdn_get_index( rdn, type, value, length ) != -1 );
+}
+
+int slapi_rdn_contains_attr( Slapi_RDN *rdn, const char *type, char **value )
+{
+ return ( slapi_rdn_get_index_attr( rdn, type, value ) != -1 );
+}
+
+int slapi_rdn_compare( Slapi_RDN *rdn1, Slapi_RDN *rdn2 )
+{
+ struct berval nrdn1 = BER_BVNULL;
+ struct berval nrdn2 = BER_BVNULL;
+ int match;
+
+ rdnNormalize( 0, NULL, NULL, (struct berval *)&rdn1->bv, &nrdn1, NULL );
+ rdnNormalize( 0, NULL, NULL, (struct berval *)&rdn2->bv, &nrdn2, NULL );
+
+ if ( rdnMatch( &match, 0, NULL, NULL, &nrdn1, (void *)&nrdn2 ) != LDAP_SUCCESS) {
+ match = -1;
+ }
+
+ return match;
+}
+
+int slapi_rdn_isempty( const Slapi_RDN *rdn )
+{
+ return ( BER_BVISEMPTY( &rdn->bv ) );
+}
+
+int slapi_rdn_add( Slapi_RDN *rdn, const char *type, const char *value )
+{
+ char *s;
+ size_t len;
+
+ len = strlen(type) + 1 + strlen( value );
+ if ( !BER_BVISEMPTY( &rdn->bv ) ) {
+ len += 1 + rdn->bv.bv_len;
+ }
+
+ s = slapi_ch_malloc( len + 1 );
+
+ if ( BER_BVISEMPTY( &rdn->bv ) ) {
+ snprintf( s, len + 1, "%s=%s", type, value );
+ } else {
+ snprintf( s, len + 1, "%s=%s+%s", type, value, rdn->bv.bv_val );
+ }
+
+ slapi_rdn_done( rdn );
+
+ rdn->bv.bv_len = len;
+ rdn->bv.bv_val = s;
+
+ return 1;
+}
+
+int slapi_rdn_remove_index( Slapi_RDN *rdn, int atindex )
+{
+ int count, i;
+
+ count = slapi_rdn_get_num_components( rdn );
+
+ if ( atindex < 0 || atindex >= count )
+ return 0;
+
+ if ( rdn->rdn == NULL )
+ return 0;
+
+ slapi_ch_free_string( &rdn->rdn[atindex]->la_attr.bv_val );
+ slapi_ch_free_string( &rdn->rdn[atindex]->la_value.bv_val );
+
+ for ( i = atindex; i < count; i++ ) {
+ rdn->rdn[i] = rdn->rdn[i + 1];
+ }
+
+ if ( slapi_int_rdn_implode( rdn ) != LDAP_SUCCESS )
+ return 0;
+
+ return 1;
+}
+
+int slapi_rdn_remove( Slapi_RDN *rdn, const char *type, const char *value, size_t length )
+{
+ int index = slapi_rdn_get_index( rdn, type, value, length );
+
+ return slapi_rdn_remove_index( rdn, index );
+}
+
+int slapi_rdn_remove_attr( Slapi_RDN *rdn, const char *type )
+{
+ char *value;
+ int index = slapi_rdn_get_index_attr( rdn, type, &value );
+
+ return slapi_rdn_remove_index( rdn, index );
+}
+
+Slapi_DN *slapi_sdn_add_rdn( Slapi_DN *sdn, const Slapi_RDN *rdn )
+{
+ struct berval bv;
+
+ build_new_dn( &bv, &sdn->dn, (struct berval *)&rdn->bv, NULL );
+
+ slapi_sdn_done( sdn );
+ sdn->dn = bv;
+
+ return sdn;
+}
+
+Slapi_DN *slapi_sdn_set_parent( Slapi_DN *sdn, const Slapi_DN *parentdn )
+{
+ Slapi_RDN rdn;
+
+ slapi_rdn_init_sdn( &rdn, sdn );
+ slapi_sdn_set_dn_byref( sdn, slapi_sdn_get_dn( parentdn ) );
+ slapi_sdn_add_rdn( sdn, &rdn );
+ slapi_rdn_done( &rdn );
+
+ return sdn;
+}
+
+#endif /* LDAP_SLAPI */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_ext.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_ext.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_ext.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,349 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_ext.c,v 1.10.2.4 2007/01/02 21:44:10 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* (C) Copyright PADL Software Pty Ltd. 2003
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that this notice is preserved
+ * and that due credit is given to PADL Software Pty Ltd. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Luke Howard for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <ac/string.h>
+#include <ac/stdarg.h>
+#include <ac/ctype.h>
+#include <ac/unistd.h>
+
+#ifdef LDAP_SLAPI
+
+#include <slap.h>
+#include <slapi.h>
+
+/*
+ * Object extensions
+ *
+ * We only support two types -- connection and operation extensions.
+ * Define more types in slapi.h
+ */
+
+/* global state */
+struct slapi_registered_extension_set {
+ ldap_pvt_thread_mutex_t mutex;
+ struct slapi_registered_extension {
+ int active;
+ int count;
+ slapi_extension_constructor_fnptr *constructors;
+ slapi_extension_destructor_fnptr *destructors;
+ } extensions[SLAPI_X_EXT_MAX];
+} registered_extensions;
+
+/* per-object state */
+struct slapi_extension_block {
+ void **extensions;
+};
+
+static int get_extension_block(int objecttype, void *object, struct slapi_extension_block **eblock, void **parent)
+{
+ switch ((slapi_extension_t) objecttype) {
+ case SLAPI_X_EXT_CONNECTION:
+ *eblock = ((Connection *)object)->c_extensions;
+ *parent = NULL;
+ break;
+ case SLAPI_X_EXT_OPERATION:
+ *eblock = ((Operation *)object)->o_hdr->oh_extensions;
+ *parent = ((Operation *)object)->o_conn;
+ break;
+ default:
+ return -1;
+ break;
+ }
+
+ if ( *eblock == NULL ) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static int map_extension_type(const char *objectname, slapi_extension_t *type)
+{
+ if ( strcasecmp( objectname, SLAPI_EXT_CONNECTION ) == 0 ) {
+ *type = SLAPI_X_EXT_CONNECTION;
+ } else if ( strcasecmp( objectname, SLAPI_EXT_OPERATION ) == 0 ) {
+ *type = SLAPI_X_EXT_OPERATION;
+ } else {
+ return -1;
+ }
+
+ return 0;
+}
+
+static void new_extension(struct slapi_extension_block *eblock,
+ int objecttype, void *object, void *parent,
+ int extensionhandle )
+{
+ slapi_extension_constructor_fnptr constructor;
+
+ assert( objecttype < SLAPI_X_EXT_MAX );
+ assert( extensionhandle < registered_extensions.extensions[objecttype].count );
+
+ assert( registered_extensions.extensions[objecttype].constructors != NULL );
+ constructor = registered_extensions.extensions[objecttype].constructors[extensionhandle];
+
+ assert( eblock->extensions[extensionhandle] == NULL );
+
+ if ( constructor != NULL ) {
+ eblock->extensions[extensionhandle] = (*constructor)( object, parent );
+ } else {
+ eblock->extensions[extensionhandle] = NULL;
+ }
+}
+
+static void free_extension(struct slapi_extension_block *eblock, int objecttype, void *object, void *parent, int extensionhandle )
+{
+ slapi_extension_destructor_fnptr destructor;
+
+ assert( objecttype < SLAPI_X_EXT_MAX );
+ assert( extensionhandle < registered_extensions.extensions[objecttype].count );
+
+ if ( eblock->extensions[extensionhandle] != NULL ) {
+ assert( registered_extensions.extensions[objecttype].destructors != NULL );
+ destructor = registered_extensions.extensions[objecttype].destructors[extensionhandle];
+ if ( destructor != NULL ) {
+ (*destructor)( eblock->extensions[extensionhandle], object, parent );
+ }
+ eblock->extensions[extensionhandle] = NULL;
+ }
+}
+
+void *slapi_get_object_extension(int objecttype, void *object, int extensionhandle)
+{
+ struct slapi_extension_block *eblock;
+ void *parent;
+
+ if ( get_extension_block( objecttype, object, &eblock, &parent ) != 0 ) {
+ return NULL;
+ }
+
+ if ( extensionhandle < registered_extensions.extensions[objecttype].count ) {
+ return eblock->extensions[extensionhandle];
+ }
+
+ return NULL;
+}
+
+void slapi_set_object_extension(int objecttype, void *object, int extensionhandle, void *extension)
+{
+ struct slapi_extension_block *eblock;
+ void *parent;
+
+ if ( get_extension_block( objecttype, object, &eblock, &parent ) != 0 ) {
+ return;
+ }
+
+ if ( extensionhandle < registered_extensions.extensions[objecttype].count ) {
+ /* free the old one */
+ free_extension( eblock, objecttype, object, parent, extensionhandle );
+
+ /* constructed by caller */
+ eblock->extensions[extensionhandle] = extension;
+ }
+}
+
+int slapi_register_object_extension(
+ const char *pluginname,
+ const char *objectname,
+ slapi_extension_constructor_fnptr constructor,
+ slapi_extension_destructor_fnptr destructor,
+ int *objecttype,
+ int *extensionhandle)
+{
+ int rc;
+ slapi_extension_t type;
+ struct slapi_registered_extension *re;
+
+ ldap_pvt_thread_mutex_lock( ®istered_extensions.mutex );
+
+ rc = map_extension_type( objectname, &type );
+ if ( rc != 0 ) {
+ ldap_pvt_thread_mutex_unlock( ®istered_extensions.mutex );
+ return rc;
+ }
+
+ *objecttype = (int)type;
+
+ re = ®istered_extensions.extensions[*objecttype];
+
+ *extensionhandle = re->count;
+
+ if ( re->active ) {
+ /* can't add new extensions after objects have been created */
+ ldap_pvt_thread_mutex_unlock( ®istered_extensions.mutex );
+ return -1;
+ }
+
+ re->count++;
+
+ if ( re->constructors == NULL ) {
+ re->constructors = (slapi_extension_constructor_fnptr *)slapi_ch_calloc( re->count,
+ sizeof( slapi_extension_constructor_fnptr ) );
+ } else {
+ re->constructors = (slapi_extension_constructor_fnptr *)slapi_ch_realloc( (char *)re->constructors,
+ re->count * sizeof( slapi_extension_constructor_fnptr ) );
+ }
+ re->constructors[*extensionhandle] = constructor;
+
+ if ( re->destructors == NULL ) {
+ re->destructors = (slapi_extension_destructor_fnptr *)slapi_ch_calloc( re->count,
+ sizeof( slapi_extension_destructor_fnptr ) );
+ } else {
+ re->destructors = (slapi_extension_destructor_fnptr *)slapi_ch_realloc( (char *)re->destructors,
+ re->count * sizeof( slapi_extension_destructor_fnptr ) );
+ }
+ re->destructors[*extensionhandle] = destructor;
+
+ ldap_pvt_thread_mutex_unlock( ®istered_extensions.mutex );
+
+ return 0;
+}
+
+int slapi_int_create_object_extensions(int objecttype, void *object)
+{
+ int i;
+ struct slapi_extension_block *eblock;
+ void **peblock;
+ void *parent;
+
+ switch ((slapi_extension_t) objecttype) {
+ case SLAPI_X_EXT_CONNECTION:
+ peblock = &(((Connection *)object)->c_extensions);
+ parent = NULL;
+ break;
+ case SLAPI_X_EXT_OPERATION:
+ peblock = &(((Operation *)object)->o_hdr->oh_extensions);
+ parent = ((Operation *)object)->o_conn;
+ break;
+ default:
+ return -1;
+ break;
+ }
+
+ *peblock = NULL;
+
+ ldap_pvt_thread_mutex_lock( ®istered_extensions.mutex );
+ if ( registered_extensions.extensions[objecttype].active == 0 ) {
+ /*
+ * once we've created some extensions, no new extensions can
+ * be registered.
+ */
+ registered_extensions.extensions[objecttype].active = 1;
+ }
+ ldap_pvt_thread_mutex_unlock( ®istered_extensions.mutex );
+
+ eblock = (struct slapi_extension_block *)slapi_ch_calloc( 1, sizeof(*eblock) );
+
+ if ( registered_extensions.extensions[objecttype].count ) {
+ eblock->extensions = (void **)slapi_ch_calloc( registered_extensions.extensions[objecttype].count, sizeof(void *) );
+ for ( i = 0; i < registered_extensions.extensions[objecttype].count; i++ ) {
+ new_extension( eblock, objecttype, object, parent, i );
+ }
+ } else {
+ eblock->extensions = NULL;
+ }
+
+ *peblock = eblock;
+
+ return 0;
+}
+
+int slapi_int_free_object_extensions(int objecttype, void *object)
+{
+ int i;
+ struct slapi_extension_block *eblock;
+ void **peblock;
+ void *parent;
+
+ switch ((slapi_extension_t) objecttype) {
+ case SLAPI_X_EXT_CONNECTION:
+ peblock = &(((Connection *)object)->c_extensions);
+ parent = NULL;
+ break;
+ case SLAPI_X_EXT_OPERATION:
+ peblock = &(((Operation *)object)->o_hdr->oh_extensions);
+ parent = ((Operation *)object)->o_conn;
+ break;
+ default:
+ return -1;
+ break;
+ }
+
+ eblock = (struct slapi_extension_block *)*peblock;
+
+ if ( eblock->extensions != NULL ) {
+ for ( i = registered_extensions.extensions[objecttype].count - 1; i >= 0; --i ) {
+ free_extension( eblock, objecttype, object, parent, i );
+ }
+
+ slapi_ch_free( (void **)&eblock->extensions );
+ }
+
+ slapi_ch_free( peblock );
+
+ return 0;
+}
+
+/* for reusable object types */
+int slapi_int_clear_object_extensions(int objecttype, void *object)
+{
+ int i;
+ struct slapi_extension_block *eblock;
+ void *parent;
+
+ if ( get_extension_block( objecttype, object, &eblock, &parent ) != 0 ) {
+ return -1;
+ }
+
+ if ( eblock->extensions == NULL ) {
+ /* no extensions */
+ return 0;
+ }
+
+ for ( i = registered_extensions.extensions[objecttype].count - 1; i >= 0; --i ) {
+ free_extension( eblock, objecttype, object, parent, i );
+ }
+
+ for ( i = 0; i < registered_extensions.extensions[objecttype].count; i++ ) {
+ new_extension( eblock, objecttype, object, parent, i );
+ }
+
+ return 0;
+}
+
+int slapi_int_init_object_extensions(void)
+{
+ memset( ®istered_extensions, 0, sizeof( registered_extensions ) );
+
+ if ( ldap_pvt_thread_mutex_init( ®istered_extensions.mutex ) != 0 ) {
+ return -1;
+ }
+
+ return 0;
+}
+
+#endif /* LDAP_SLAPI */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_ops.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_ops.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_ops.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,946 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_ops.c,v 1.70.2.10 2007/01/02 21:44:10 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2002-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1997,2002-2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by IBM Corporation for use in
+ * IBM products and subsequently ported to OpenLDAP Software by
+ * Steve Omrani. Additional significant contributors include:
+ * Luke Howard
+ */
+
+#include "portable.h"
+
+#include <ac/string.h>
+#include <ac/stdarg.h>
+#include <ac/ctype.h>
+#include <ac/unistd.h>
+
+#include <slap.h>
+#include <lber_pvt.h>
+#include <slapi.h>
+
+#ifdef LDAP_SLAPI
+
+static struct slap_listener slapi_listener = {
+ BER_BVC("slapi://"),
+ BER_BVC("slapi://")
+};
+
+static LDAPControl **
+slapi_int_dup_controls( LDAPControl **controls )
+{
+ LDAPControl **c;
+ size_t i;
+
+ if ( controls == NULL )
+ return NULL;
+
+ for ( i = 0; controls[i] != NULL; i++ )
+ ;
+
+ c = (LDAPControl **) slapi_ch_calloc( i + 1, sizeof(LDAPControl *) );
+
+ for ( i = 0; controls[i] != NULL; i++ ) {
+ c[i] = slapi_dup_control( controls[i] );
+ }
+
+ return c;
+}
+
+static int
+slapi_int_result(
+ Operation *op,
+ SlapReply *rs )
+{
+ Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
+ plugin_result_callback prc = NULL;
+ void *callback_data = NULL;
+ LDAPControl **ctrls = NULL;
+
+ assert( pb != NULL );
+
+ slapi_pblock_get( pb, SLAPI_X_INTOP_RESULT_CALLBACK, (void **)&prc );
+ slapi_pblock_get( pb, SLAPI_X_INTOP_CALLBACK_DATA, &callback_data );
+
+ /* we need to duplicate controls because they might go out of scope */
+ ctrls = slapi_int_dup_controls( rs->sr_ctrls );
+ slapi_pblock_set( pb, SLAPI_RESCONTROLS, ctrls );
+
+ if ( prc != NULL ) {
+ (*prc)( rs->sr_err, callback_data );
+ }
+
+ return rs->sr_err;
+}
+
+static int
+slapi_int_search_entry(
+ Operation *op,
+ SlapReply *rs )
+{
+ Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
+ plugin_search_entry_callback psec = NULL;
+ void *callback_data = NULL;
+ int rc = LDAP_SUCCESS;
+
+ assert( pb != NULL );
+
+ slapi_pblock_get( pb, SLAPI_X_INTOP_SEARCH_ENTRY_CALLBACK, (void **)&psec );
+ slapi_pblock_get( pb, SLAPI_X_INTOP_CALLBACK_DATA, &callback_data );
+
+ if ( psec != NULL ) {
+ rc = (*psec)( rs->sr_entry, callback_data );
+ }
+
+ return rc;
+}
+
+static int
+slapi_int_search_reference(
+ Operation *op,
+ SlapReply *rs )
+{
+ int i, rc = LDAP_SUCCESS;
+ plugin_referral_entry_callback prec = NULL;
+ void *callback_data = NULL;
+ Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
+
+ assert( pb != NULL );
+
+ slapi_pblock_get( pb, SLAPI_X_INTOP_REFERRAL_ENTRY_CALLBACK, (void **)&prec );
+ slapi_pblock_get( pb, SLAPI_X_INTOP_CALLBACK_DATA, &callback_data );
+
+ if ( prec != NULL ) {
+ for ( i = 0; rs->sr_ref[i].bv_val != NULL; i++ ) {
+ rc = (*prec)( rs->sr_ref[i].bv_val, callback_data );
+ if ( rc != LDAP_SUCCESS ) {
+ break;
+ }
+ }
+ }
+
+ return rc;
+}
+
+int
+slapi_int_response( Slapi_Operation *op, SlapReply *rs )
+{
+ int rc;
+
+ switch ( rs->sr_type ) {
+ case REP_RESULT:
+ rc = slapi_int_result( op, rs );
+ break;
+ case REP_SEARCH:
+ rc = slapi_int_search_entry( op, rs );
+ break;
+ case REP_SEARCHREF:
+ rc = slapi_int_search_reference( op, rs );
+ break;
+ default:
+ rc = LDAP_OTHER;
+ break;
+ }
+
+ assert( rc != SLAP_CB_CONTINUE ); /* never try to send a wire response */
+
+ return rc;
+}
+
+static int
+slapi_int_get_ctrls( Slapi_PBlock *pb )
+{
+ LDAPControl **c;
+ int rc = LDAP_SUCCESS;
+
+ if ( pb->pb_op->o_ctrls != NULL ) {
+ for ( c = pb->pb_op->o_ctrls; *c != NULL; c++ ) {
+ rc = slap_parse_ctrl( pb->pb_op, pb->pb_rs, *c, &pb->pb_rs->sr_text );
+ if ( rc != LDAP_SUCCESS )
+ break;
+ }
+ }
+
+ return rc;
+}
+
+void
+slapi_int_connection_init_pb( Slapi_PBlock *pb, ber_tag_t tag )
+{
+ Connection *conn;
+ Operation *op;
+ ber_len_t max = sockbuf_max_incoming;
+
+ conn = (Connection *) slapi_ch_calloc( 1, sizeof(Connection) );
+
+ LDAP_STAILQ_INIT( &conn->c_pending_ops );
+
+ op = (Operation *) slapi_ch_calloc( 1, OPERATION_BUFFER_SIZE );
+ op->o_hdr = (Opheader *)(op + 1);
+ op->o_controls = (void **)(op->o_hdr + 1);
+
+ op->o_callback = (slap_callback *) slapi_ch_calloc( 1, sizeof(slap_callback) );
+ op->o_callback->sc_response = slapi_int_response;
+ op->o_callback->sc_cleanup = NULL;
+ op->o_callback->sc_private = pb;
+ op->o_callback->sc_next = NULL;
+
+ conn->c_pending_ops.stqh_first = op;
+
+ /* connection object authorization information */
+ conn->c_authtype = LDAP_AUTH_NONE;
+ BER_BVZERO( &conn->c_authmech );
+ BER_BVZERO( &conn->c_dn );
+ BER_BVZERO( &conn->c_ndn );
+
+ conn->c_listener = &slapi_listener;
+ ber_dupbv( &conn->c_peer_domain, (struct berval *)&slap_unknown_bv );
+ ber_dupbv( &conn->c_peer_name, (struct berval *)&slap_unknown_bv );
+
+ LDAP_STAILQ_INIT( &conn->c_ops );
+
+ BER_BVZERO( &conn->c_sasl_bind_mech );
+ conn->c_sasl_authctx = NULL;
+ conn->c_sasl_sockctx = NULL;
+ conn->c_sasl_extra = NULL;
+
+ conn->c_sb = ber_sockbuf_alloc();
+
+ ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+
+ conn->c_currentber = NULL;
+
+ /* should check status of thread calls */
+ ldap_pvt_thread_mutex_init( &conn->c_mutex );
+ ldap_pvt_thread_mutex_init( &conn->c_write_mutex );
+ ldap_pvt_thread_cond_init( &conn->c_write_cv );
+
+ ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+
+ conn->c_n_ops_received = 0;
+ conn->c_n_ops_executing = 0;
+ conn->c_n_ops_pending = 0;
+ conn->c_n_ops_completed = 0;
+
+ conn->c_n_get = 0;
+ conn->c_n_read = 0;
+ conn->c_n_write = 0;
+
+ conn->c_protocol = LDAP_VERSION3;
+
+ conn->c_activitytime = conn->c_starttime = slap_get_time();
+
+ /*
+ * A real connection ID is required, because syncrepl associates
+ * pending CSNs with unique ( connection, operation ) tuples.
+ * Setting a fake connection ID will cause slap_get_commit_csn()
+ * to return a stale value.
+ */
+ connection_assign_nextid( conn );
+
+ conn->c_conn_state = 0x01; /* SLAP_C_ACTIVE */
+ conn->c_struct_state = 0x02; /* SLAP_C_USED */
+
+ conn->c_ssf = conn->c_transport_ssf = local_ssf;
+ conn->c_tls_ssf = 0;
+
+ backend_connection_init( conn );
+
+ conn->c_send_ldap_result = slap_send_ldap_result;
+ conn->c_send_search_entry = slap_send_search_entry;
+ conn->c_send_ldap_extended = slap_send_ldap_extended;
+ conn->c_send_search_reference = slap_send_search_reference;
+
+ /* operation object */
+ op->o_tag = tag;
+ op->o_protocol = LDAP_VERSION3;
+ BER_BVZERO( &op->o_authmech );
+ op->o_time = slap_get_time();
+ op->o_do_not_cache = 1;
+ op->o_threadctx = ldap_pvt_thread_pool_context();
+ op->o_tmpmemctx = NULL;
+ op->o_tmpmfuncs = &ch_mfuncs;
+ op->o_conn = conn;
+ op->o_connid = conn->c_connid;
+ op->o_bd = frontendDB;
+
+ /* extensions */
+ slapi_int_create_object_extensions( SLAPI_X_EXT_OPERATION, op );
+ slapi_int_create_object_extensions( SLAPI_X_EXT_CONNECTION, conn );
+
+ pb->pb_rs = (SlapReply *)slapi_ch_calloc( 1, sizeof(SlapReply) );
+ pb->pb_op = op;
+ pb->pb_conn = conn;
+ pb->pb_intop = 1;
+
+ ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+}
+
+static void
+slapi_int_set_operation_dn( Slapi_PBlock *pb )
+{
+ Backend *be;
+ Operation *op = pb->pb_op;
+
+ if ( BER_BVISNULL( &op->o_ndn ) ) {
+ /* set to root DN */
+ be = select_backend( &op->o_req_ndn, get_manageDSAit( op ), 1 );
+ if ( be != NULL ) {
+ ber_dupbv( &op->o_dn, &be->be_rootdn );
+ ber_dupbv( &op->o_ndn, &be->be_rootndn );
+ }
+ }
+}
+
+void
+slapi_int_connection_done_pb( Slapi_PBlock *pb )
+{
+ Connection *conn;
+ Operation *op;
+
+ PBLOCK_ASSERT_INTOP( pb, 0 );
+
+ conn = pb->pb_conn;
+ op = pb->pb_op;
+
+ /* free allocated DNs */
+ if ( !BER_BVISNULL( &op->o_dn ) )
+ op->o_tmpfree( op->o_dn.bv_val, op->o_tmpmemctx );
+ if ( !BER_BVISNULL( &op->o_ndn ) )
+ op->o_tmpfree( op->o_ndn.bv_val, op->o_tmpmemctx );
+
+ if ( !BER_BVISNULL( &op->o_req_dn ) )
+ op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
+ if ( !BER_BVISNULL( &op->o_req_ndn ) )
+ op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+
+ switch ( op->o_tag ) {
+ case LDAP_REQ_MODRDN:
+ if ( !BER_BVISNULL( &op->orr_newrdn ))
+ op->o_tmpfree( op->orr_newrdn.bv_val, op->o_tmpmemctx );
+ if ( !BER_BVISNULL( &op->orr_nnewrdn ))
+ op->o_tmpfree( op->orr_nnewrdn.bv_val, op->o_tmpmemctx );
+ if ( op->orr_newSup != NULL ) {
+ assert( !BER_BVISNULL( op->orr_newSup ) );
+ op->o_tmpfree( op->orr_newSup->bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( op->orr_newSup, op->o_tmpmemctx );
+ }
+ if ( op->orr_nnewSup != NULL ) {
+ assert( !BER_BVISNULL( op->orr_nnewSup ) );
+ op->o_tmpfree( op->orr_nnewSup->bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( op->orr_nnewSup, op->o_tmpmemctx );
+ }
+ break;
+ case LDAP_REQ_ADD:
+ slap_mods_free( op->ora_modlist, 0 );
+ break;
+ case LDAP_REQ_MODIFY:
+ slap_mods_free( op->orm_modlist, 1 );
+ break;
+ case LDAP_REQ_SEARCH:
+ if ( op->ors_attrs != NULL ) {
+ op->o_tmpfree( op->ors_attrs, op->o_tmpmemctx );
+ op->ors_attrs = NULL;
+ }
+ break;
+ default:
+ break;
+ }
+
+ slapi_ch_free_string( &conn->c_authmech.bv_val );
+ slapi_ch_free_string( &conn->c_dn.bv_val );
+ slapi_ch_free_string( &conn->c_ndn.bv_val );
+ slapi_ch_free_string( &conn->c_peer_domain.bv_val );
+ slapi_ch_free_string( &conn->c_peer_name.bv_val );
+
+ if ( conn->c_sb != NULL ) {
+ ber_sockbuf_free( conn->c_sb );
+ }
+
+ slapi_int_free_object_extensions( SLAPI_X_EXT_OPERATION, op );
+ slapi_int_free_object_extensions( SLAPI_X_EXT_CONNECTION, conn );
+
+ slapi_ch_free( (void **)&pb->pb_op->o_callback );
+ slapi_ch_free( (void **)&pb->pb_op );
+ slapi_ch_free( (void **)&pb->pb_conn );
+ slapi_ch_free( (void **)&pb->pb_rs );
+}
+
+static int
+slapi_int_func_internal_pb( Slapi_PBlock *pb, slap_operation_t which )
+{
+ BI_op_bind **func;
+ SlapReply *rs = pb->pb_rs;
+ int rc;
+
+ PBLOCK_ASSERT_INTOP( pb, 0 );
+
+ rc = slapi_int_get_ctrls( pb );
+ if ( rc != LDAP_SUCCESS ) {
+ rs->sr_err = rc;
+ return rc;
+ }
+
+ pb->pb_op->o_bd = frontendDB;
+ func = &frontendDB->be_bind;
+
+ return func[which]( pb->pb_op, pb->pb_rs );
+}
+
+int
+slapi_delete_internal_pb( Slapi_PBlock *pb )
+{
+ if ( pb == NULL ) {
+ return -1;
+ }
+
+ PBLOCK_ASSERT_INTOP( pb, LDAP_REQ_DELETE );
+
+ slapi_int_func_internal_pb( pb, op_delete );
+
+ return 0;
+}
+
+int
+slapi_add_internal_pb( Slapi_PBlock *pb )
+{
+ SlapReply *rs;
+ Slapi_Entry *entry_orig = NULL;
+
+ if ( pb == NULL ) {
+ return -1;
+ }
+
+ PBLOCK_ASSERT_INTOP( pb, LDAP_REQ_ADD );
+
+ rs = pb->pb_rs;
+
+ entry_orig = pb->pb_op->ora_e;
+ pb->pb_op->ora_e = NULL;
+
+ /*
+ * The caller can specify a new entry, or a target DN and set
+ * of modifications, but not both.
+ */
+ if ( entry_orig != NULL ) {
+ if ( pb->pb_op->ora_modlist != NULL || !BER_BVISNULL( &pb->pb_op->o_req_ndn )) {
+ rs->sr_err = LDAP_PARAM_ERROR;
+ goto cleanup;
+ }
+
+ assert( BER_BVISNULL( &pb->pb_op->o_req_dn ) ); /* shouldn't get set */
+ ber_dupbv( &pb->pb_op->o_req_dn, &entry_orig->e_name );
+ ber_dupbv( &pb->pb_op->o_req_ndn, &entry_orig->e_nname );
+ } else if ( pb->pb_op->ora_modlist == NULL || BER_BVISNULL( &pb->pb_op->o_req_ndn )) {
+ rs->sr_err = LDAP_PARAM_ERROR;
+ goto cleanup;
+ }
+
+ pb->pb_op->ora_e = (Entry *)slapi_ch_calloc( 1, sizeof(Entry) );
+ ber_dupbv( &pb->pb_op->ora_e->e_name, &pb->pb_op->o_req_dn );
+ ber_dupbv( &pb->pb_op->ora_e->e_nname, &pb->pb_op->o_req_ndn );
+
+ if ( entry_orig != NULL ) {
+ assert( pb->pb_op->ora_modlist == NULL );
+
+ rs->sr_err = slap_entry2mods( entry_orig, &pb->pb_op->ora_modlist,
+ &rs->sr_text, pb->pb_textbuf, sizeof( pb->pb_textbuf ) );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ goto cleanup;
+ }
+ } else {
+ assert( pb->pb_op->ora_modlist != NULL );
+ }
+
+ rs->sr_err = slap_mods_check( pb->pb_op->ora_modlist, &rs->sr_text,
+ pb->pb_textbuf, sizeof( pb->pb_textbuf ), NULL );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ goto cleanup;
+ }
+
+ /* Duplicate the values, because we may call slapi_entry_free() */
+ rs->sr_err = slap_mods2entry( pb->pb_op->ora_modlist, &pb->pb_op->ora_e,
+ 1, 0, &rs->sr_text, pb->pb_textbuf, sizeof( pb->pb_textbuf ) );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ goto cleanup;
+ }
+
+ if ( slapi_int_func_internal_pb( pb, op_add ) == 0 ) {
+ if ( pb->pb_op->ora_e != NULL && pb->pb_op->o_private != NULL ) {
+ BackendDB *bd = pb->pb_op->o_bd;
+
+ pb->pb_op->o_bd = (BackendDB *)pb->pb_op->o_private;
+ pb->pb_op->o_private = NULL;
+ be_entry_release_w( pb->pb_op, pb->pb_op->ora_e );
+ pb->pb_op->ora_e = NULL;
+ pb->pb_op->o_bd = bd;
+ pb->pb_op->o_private = NULL;
+ }
+ }
+
+cleanup:
+
+ if ( pb->pb_op->ora_e != NULL ) {
+ slapi_entry_free( pb->pb_op->ora_e );
+ pb->pb_op->ora_e = NULL;
+ }
+ if ( entry_orig != NULL ) {
+ pb->pb_op->ora_e = entry_orig;
+ slap_mods_free( pb->pb_op->ora_modlist, 1 );
+ pb->pb_op->ora_modlist = NULL;
+ }
+
+ return 0;
+}
+
+int
+slapi_modrdn_internal_pb( Slapi_PBlock *pb )
+{
+ if ( pb == NULL ) {
+ return -1;
+ }
+
+ PBLOCK_ASSERT_INTOP( pb, LDAP_REQ_MODRDN );
+
+ if ( BER_BVISEMPTY( &pb->pb_op->o_req_ndn ) ) {
+ pb->pb_rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ goto cleanup;
+ }
+
+ slapi_int_func_internal_pb( pb, op_modrdn );
+
+cleanup:
+
+ return 0;
+}
+
+int
+slapi_modify_internal_pb( Slapi_PBlock *pb )
+{
+ SlapReply *rs;
+
+ if ( pb == NULL ) {
+ return -1;
+ }
+
+ PBLOCK_ASSERT_INTOP( pb, LDAP_REQ_MODIFY );
+
+ rs = pb->pb_rs;
+
+ if ( pb->pb_op->orm_modlist == NULL ) {
+ rs->sr_err = LDAP_PARAM_ERROR;
+ goto cleanup;
+ }
+
+ if ( BER_BVISEMPTY( &pb->pb_op->o_req_ndn ) ) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ goto cleanup;
+ }
+
+ rs->sr_err = slap_mods_check( pb->pb_op->orm_modlist,
+ &rs->sr_text, pb->pb_textbuf, sizeof( pb->pb_textbuf ), NULL );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ goto cleanup;
+ }
+
+ slapi_int_func_internal_pb( pb, op_modify );
+
+cleanup:
+
+ return 0;
+}
+
+static int
+slapi_int_search_entry_callback( Slapi_Entry *entry, void *callback_data )
+{
+ int nentries = 0, i = 0;
+ Slapi_Entry **head = NULL, **tp;
+ Slapi_PBlock *pb = (Slapi_PBlock *)callback_data;
+
+ PBLOCK_ASSERT_INTOP( pb, LDAP_REQ_SEARCH );
+
+ entry = slapi_entry_dup( entry );
+ if ( entry == NULL ) {
+ return LDAP_NO_MEMORY;
+ }
+
+ slapi_pblock_get( pb, SLAPI_NENTRIES, &nentries );
+ slapi_pblock_get( pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &head );
+
+ i = nentries + 1;
+ if ( nentries == 0 ) {
+ tp = (Slapi_Entry **)slapi_ch_malloc( 2 * sizeof(Slapi_Entry *) );
+ if ( tp == NULL ) {
+ slapi_entry_free( entry );
+ return LDAP_NO_MEMORY;
+ }
+
+ tp[0] = entry;
+ } else {
+ tp = (Slapi_Entry **)slapi_ch_realloc( (char *)head,
+ sizeof(Slapi_Entry *) * ( i + 1 ) );
+ if ( tp == NULL ) {
+ slapi_entry_free( entry );
+ return LDAP_NO_MEMORY;
+ }
+ tp[i - 1] = entry;
+ }
+ tp[i] = NULL;
+
+ slapi_pblock_set( pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, (void *)tp );
+ slapi_pblock_set( pb, SLAPI_NENTRIES, (void *)&i );
+
+ return LDAP_SUCCESS;
+}
+
+int
+slapi_search_internal_pb( Slapi_PBlock *pb )
+{
+ return slapi_search_internal_callback_pb( pb,
+ (void *)pb,
+ NULL,
+ slapi_int_search_entry_callback,
+ NULL );
+}
+
+int
+slapi_search_internal_callback_pb( Slapi_PBlock *pb,
+ void *callback_data,
+ plugin_result_callback prc,
+ plugin_search_entry_callback psec,
+ plugin_referral_entry_callback prec )
+{
+ int free_filter = 0;
+ SlapReply *rs;
+
+ if ( pb == NULL ) {
+ return -1;
+ }
+
+ PBLOCK_ASSERT_INTOP( pb, LDAP_REQ_SEARCH );
+
+ rs = pb->pb_rs;
+
+ /* search callback and arguments */
+ slapi_pblock_set( pb, SLAPI_X_INTOP_RESULT_CALLBACK, (void *)prc );
+ slapi_pblock_set( pb, SLAPI_X_INTOP_SEARCH_ENTRY_CALLBACK, (void *)psec );
+ slapi_pblock_set( pb, SLAPI_X_INTOP_REFERRAL_ENTRY_CALLBACK, (void *)prec );
+ slapi_pblock_set( pb, SLAPI_X_INTOP_CALLBACK_DATA, (void *)callback_data );
+
+ if ( BER_BVISEMPTY( &pb->pb_op->ors_filterstr )) {
+ rs->sr_err = LDAP_PARAM_ERROR;
+ goto cleanup;
+ }
+
+ if ( pb->pb_op->ors_filter == NULL ) {
+ pb->pb_op->ors_filter = slapi_str2filter( pb->pb_op->ors_filterstr.bv_val );
+ if ( pb->pb_op->ors_filter == NULL ) {
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ goto cleanup;
+ }
+
+ free_filter = 1;
+ }
+
+ slapi_int_func_internal_pb( pb, op_search );
+
+cleanup:
+ if ( free_filter ) {
+ slapi_filter_free( pb->pb_op->ors_filter, 1 );
+ pb->pb_op->ors_filter = NULL;
+ }
+
+ slapi_pblock_delete_param( pb, SLAPI_X_INTOP_RESULT_CALLBACK );
+ slapi_pblock_delete_param( pb, SLAPI_X_INTOP_SEARCH_ENTRY_CALLBACK );
+ slapi_pblock_delete_param( pb, SLAPI_X_INTOP_REFERRAL_ENTRY_CALLBACK );
+ slapi_pblock_delete_param( pb, SLAPI_X_INTOP_CALLBACK_DATA );
+
+ return 0;
+}
+
+/* Wrappers for old API */
+
+void
+slapi_search_internal_set_pb( Slapi_PBlock *pb,
+ const char *base,
+ int scope,
+ const char *filter,
+ char **attrs,
+ int attrsonly,
+ LDAPControl **controls,
+ const char *uniqueid,
+ Slapi_ComponentId *plugin_identity,
+ int operation_flags )
+{
+ int no_limit = SLAP_NO_LIMIT;
+ int deref = LDAP_DEREF_NEVER;
+
+ slapi_int_connection_init_pb( pb, LDAP_REQ_SEARCH );
+ slapi_pblock_set( pb, SLAPI_SEARCH_TARGET, (void *)base );
+ slapi_pblock_set( pb, SLAPI_SEARCH_SCOPE, (void *)&scope );
+ slapi_pblock_set( pb, SLAPI_SEARCH_FILTER, (void *)0 );
+ slapi_pblock_set( pb, SLAPI_SEARCH_STRFILTER, (void *)filter );
+ slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
+ slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)&attrsonly );
+ slapi_pblock_set( pb, SLAPI_REQCONTROLS, (void *)controls );
+ slapi_pblock_set( pb, SLAPI_TARGET_UNIQUEID, (void *)uniqueid );
+ slapi_pblock_set( pb, SLAPI_PLUGIN_IDENTITY, (void *)plugin_identity );
+ slapi_pblock_set( pb, SLAPI_X_INTOP_FLAGS, (void *)&operation_flags );
+ slapi_pblock_set( pb, SLAPI_SEARCH_DEREF, (void *)&deref );
+ slapi_pblock_set( pb, SLAPI_SEARCH_SIZELIMIT, (void *)&no_limit );
+ slapi_pblock_set( pb, SLAPI_SEARCH_TIMELIMIT, (void *)&no_limit );
+
+ slapi_int_set_operation_dn( pb );
+}
+
+Slapi_PBlock *
+slapi_search_internal(
+ char *ldn,
+ int scope,
+ char *filStr,
+ LDAPControl **controls,
+ char **attrs,
+ int attrsonly )
+{
+ Slapi_PBlock *pb;
+
+ pb = slapi_pblock_new();
+
+ slapi_search_internal_set_pb( pb, ldn, scope, filStr,
+ attrs, attrsonly,
+ controls, NULL, NULL, 0 );
+
+ slapi_search_internal_pb( pb );
+
+ return pb;
+}
+
+void
+slapi_modify_internal_set_pb( Slapi_PBlock *pb,
+ const char *dn,
+ LDAPMod **mods,
+ LDAPControl **controls,
+ const char *uniqueid,
+ Slapi_ComponentId *plugin_identity,
+ int operation_flags )
+{
+ slapi_int_connection_init_pb( pb, LDAP_REQ_MODIFY );
+ slapi_pblock_set( pb, SLAPI_MODIFY_TARGET, (void *)dn );
+ slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)mods );
+ slapi_pblock_set( pb, SLAPI_REQCONTROLS, (void *)controls );
+ slapi_pblock_set( pb, SLAPI_TARGET_UNIQUEID, (void *)uniqueid );
+ slapi_pblock_set( pb, SLAPI_PLUGIN_IDENTITY, (void *)plugin_identity );
+ slapi_pblock_set( pb, SLAPI_X_INTOP_FLAGS, (void *)&operation_flags );
+ slapi_int_set_operation_dn( pb );
+}
+
+/* Function : slapi_modify_internal
+ *
+ * Description: Plugin functions call this routine to modify an entry
+ * in the backend directly
+ * Return values : LDAP_SUCCESS
+ * LDAP_PARAM_ERROR
+ * LDAP_NO_MEMORY
+ * LDAP_OTHER
+ * LDAP_UNWILLING_TO_PERFORM
+*/
+Slapi_PBlock *
+slapi_modify_internal(
+ char *ldn,
+ LDAPMod **mods,
+ LDAPControl **controls,
+ int log_change )
+{
+ Slapi_PBlock *pb;
+
+ pb = slapi_pblock_new();
+
+ slapi_modify_internal_set_pb( pb, ldn, mods, controls, NULL, NULL, 0 );
+ slapi_pblock_set( pb, SLAPI_LOG_OPERATION, (void *)&log_change );
+ slapi_modify_internal_pb( pb );
+
+ return pb;
+}
+
+int
+slapi_add_internal_set_pb( Slapi_PBlock *pb,
+ const char *dn,
+ LDAPMod **attrs,
+ LDAPControl **controls,
+ Slapi_ComponentId *plugin_identity,
+ int operation_flags )
+{
+ slapi_int_connection_init_pb( pb, LDAP_REQ_ADD );
+ slapi_pblock_set( pb, SLAPI_ADD_TARGET, (void *)dn );
+ slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)attrs );
+ slapi_pblock_set( pb, SLAPI_REQCONTROLS, (void *)controls );
+ slapi_pblock_set( pb, SLAPI_PLUGIN_IDENTITY, (void *)plugin_identity );
+ slapi_pblock_set( pb, SLAPI_X_INTOP_FLAGS, (void *)&operation_flags );
+ slapi_int_set_operation_dn( pb );
+
+ return 0;
+}
+
+Slapi_PBlock *
+slapi_add_internal(
+ char * dn,
+ LDAPMod **attrs,
+ LDAPControl **controls,
+ int log_change )
+{
+ Slapi_PBlock *pb;
+
+ pb = slapi_pblock_new();
+
+ slapi_add_internal_set_pb( pb, dn, attrs, controls, NULL, 0);
+ slapi_pblock_set( pb, SLAPI_LOG_OPERATION, (void *)&log_change );
+ slapi_add_internal_pb( pb );
+
+ return pb;
+}
+
+void
+slapi_add_entry_internal_set_pb( Slapi_PBlock *pb,
+ Slapi_Entry *e,
+ LDAPControl **controls,
+ Slapi_ComponentId *plugin_identity,
+ int operation_flags )
+{
+ slapi_int_connection_init_pb( pb, LDAP_REQ_ADD );
+ slapi_pblock_set( pb, SLAPI_ADD_ENTRY, (void *)e );
+ slapi_pblock_set( pb, SLAPI_REQCONTROLS, (void *)controls );
+ slapi_pblock_set( pb, SLAPI_PLUGIN_IDENTITY, (void *)plugin_identity );
+ slapi_pblock_set( pb, SLAPI_X_INTOP_FLAGS, (void *)&operation_flags );
+ slapi_int_set_operation_dn( pb );
+}
+
+Slapi_PBlock *
+slapi_add_entry_internal(
+ Slapi_Entry *e,
+ LDAPControl **controls,
+ int log_change )
+{
+ Slapi_PBlock *pb;
+
+ pb = slapi_pblock_new();
+
+ slapi_add_entry_internal_set_pb( pb, e, controls, NULL, 0 );
+ slapi_pblock_set( pb, SLAPI_LOG_OPERATION, (void *)&log_change );
+ slapi_add_internal_pb( pb );
+
+ return pb;
+}
+
+void
+slapi_rename_internal_set_pb( Slapi_PBlock *pb,
+ const char *olddn,
+ const char *newrdn,
+ const char *newsuperior,
+ int deloldrdn,
+ LDAPControl **controls,
+ const char *uniqueid,
+ Slapi_ComponentId *plugin_identity,
+ int operation_flags )
+{
+ slapi_int_connection_init_pb( pb, LDAP_REQ_MODRDN );
+ slapi_pblock_set( pb, SLAPI_MODRDN_TARGET, (void *)olddn );
+ slapi_pblock_set( pb, SLAPI_MODRDN_NEWRDN, (void *)newrdn );
+ slapi_pblock_set( pb, SLAPI_MODRDN_NEWSUPERIOR, (void *)newsuperior );
+ slapi_pblock_set( pb, SLAPI_MODRDN_DELOLDRDN, (void *)&deloldrdn );
+ slapi_pblock_set( pb, SLAPI_REQCONTROLS, (void *)controls );
+ slapi_pblock_set( pb, SLAPI_TARGET_UNIQUEID, (void *)uniqueid );
+ slapi_pblock_set( pb, SLAPI_PLUGIN_IDENTITY, (void *)plugin_identity );
+ slapi_pblock_set( pb, SLAPI_X_INTOP_FLAGS, (void *)&operation_flags );
+ slapi_int_set_operation_dn( pb );
+}
+
+/* Function : slapi_modrdn_internal
+ *
+ * Description : Plugin functions call this routine to modify the rdn
+ * of an entry in the backend directly
+ * Return values : LDAP_SUCCESS
+ * LDAP_PARAM_ERROR
+ * LDAP_NO_MEMORY
+ * LDAP_OTHER
+ * LDAP_UNWILLING_TO_PERFORM
+ *
+ * NOTE: This function does not support the "newSuperior" option from LDAP V3.
+ */
+Slapi_PBlock *
+slapi_modrdn_internal(
+ char *olddn,
+ char *lnewrdn,
+ int deloldrdn,
+ LDAPControl **controls,
+ int log_change )
+{
+ Slapi_PBlock *pb;
+
+ pb = slapi_pblock_new ();
+
+ slapi_rename_internal_set_pb( pb, olddn, lnewrdn, NULL,
+ deloldrdn, controls, NULL, NULL, 0 );
+ slapi_pblock_set( pb, SLAPI_LOG_OPERATION, (void *)&log_change );
+ slapi_modrdn_internal_pb( pb );
+
+ return pb;
+}
+
+void
+slapi_delete_internal_set_pb( Slapi_PBlock *pb,
+ const char *dn,
+ LDAPControl **controls,
+ const char *uniqueid,
+ Slapi_ComponentId *plugin_identity,
+ int operation_flags )
+{
+ slapi_int_connection_init_pb( pb, LDAP_REQ_DELETE );
+ slapi_pblock_set( pb, SLAPI_TARGET_DN, (void *)dn );
+ slapi_pblock_set( pb, SLAPI_REQCONTROLS, (void *)controls );
+ slapi_pblock_set( pb, SLAPI_TARGET_UNIQUEID, (void *)uniqueid );
+ slapi_pblock_set( pb, SLAPI_PLUGIN_IDENTITY, (void *)plugin_identity );
+ slapi_pblock_set( pb, SLAPI_X_INTOP_FLAGS, (void *)&operation_flags );
+ slapi_int_set_operation_dn( pb );
+}
+
+/* Function : slapi_delete_internal
+ *
+ * Description : Plugin functions call this routine to delete an entry
+ * in the backend directly
+ * Return values : LDAP_SUCCESS
+ * LDAP_PARAM_ERROR
+ * LDAP_NO_MEMORY
+ * LDAP_OTHER
+ * LDAP_UNWILLING_TO_PERFORM
+*/
+Slapi_PBlock *
+slapi_delete_internal(
+ char *ldn,
+ LDAPControl **controls,
+ int log_change )
+{
+ Slapi_PBlock *pb;
+
+ pb = slapi_pblock_new();
+
+ slapi_delete_internal_set_pb( pb, ldn, controls, NULL, NULL, 0 );
+ slapi_pblock_set( pb, SLAPI_LOG_OPERATION, (void *)&log_change );
+ slapi_delete_internal_pb( pb );
+
+ return pb;
+}
+
+#endif /* LDAP_SLAPI */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_overlay.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_overlay.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_overlay.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,901 @@
+/* slapi_overlay.c - SLAPI overlay */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_overlay.c,v 1.34.2.6 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Luke Howard for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "slapi.h"
+
+#ifdef LDAP_SLAPI
+
+static slap_overinst slapi;
+static int slapi_over_initialized = 0;
+
+static int slapi_over_response( Operation *op, SlapReply *rs );
+static int slapi_over_cleanup( Operation *op, SlapReply *rs );
+
+static Slapi_PBlock *
+slapi_over_pblock_new( Operation *op, SlapReply *rs )
+{
+ Slapi_PBlock *pb;
+
+ pb = slapi_pblock_new();
+ pb->pb_op = op;
+ pb->pb_conn = op->o_conn;
+ pb->pb_rs = rs;
+ pb->pb_intop = 0;
+
+ PBLOCK_ASSERT_OP( pb, op->o_tag );
+
+ return pb;
+}
+
+static int
+slapi_op_internal_p( Operation *op, SlapReply *rs, slap_callback *cb )
+{
+ int internal_op = 0;
+ Slapi_PBlock *pb = NULL;
+ slap_callback *pcb;
+
+ /*
+ * Abstraction violating check for SLAPI internal operations
+ * allows pblock to remain consistent when invoking internal
+ * op plugins
+ */
+ for ( pcb = op->o_callback; pcb != NULL; pcb = pcb->sc_next ) {
+ if ( pcb->sc_response == slapi_int_response ) {
+ pb = (Slapi_PBlock *)pcb->sc_private;
+ PBLOCK_ASSERT_INTOP( pb, 0 );
+ internal_op = 1;
+ break;
+ }
+ }
+
+ if ( cb != NULL ) {
+ if ( pb == NULL ) {
+ pb = slapi_over_pblock_new( op, rs );
+ }
+
+ cb->sc_response = slapi_over_response;
+ cb->sc_cleanup = slapi_over_cleanup;
+ cb->sc_private = pb;
+ cb->sc_next = op->o_callback;
+ op->o_callback = cb;
+ }
+
+ return internal_op;
+}
+
+static int
+slapi_over_compute_output(
+ computed_attr_context *c,
+ Slapi_Attr *attribute,
+ Slapi_Entry *entry
+)
+{
+ Attribute **a;
+ AttributeDescription *desc;
+ SlapReply *rs = (SlapReply *)c->cac_private;
+
+ if ( c == NULL || attribute == NULL || entry == NULL ) {
+ return 0;
+ }
+
+ assert( rs->sr_entry == entry );
+
+ desc = attribute->a_desc;
+
+ if ( rs->sr_attrs == NULL ) {
+ /* All attrs request, skip operational attributes */
+ if ( is_at_operational( desc->ad_type ) ) {
+ return 0;
+ }
+ } else {
+ /* Specific attributes requested */
+ if ( is_at_operational( desc->ad_type ) ) {
+ if ( !SLAP_OPATTRS( rs->sr_attr_flags ) &&
+ !ad_inlist( desc, rs->sr_attrs ) ) {
+ return 0;
+ }
+ } else {
+ if ( !SLAP_USERATTRS( rs->sr_attr_flags ) &&
+ !ad_inlist( desc, rs->sr_attrs ) ) {
+ return 0;
+ }
+ }
+ }
+
+ /* XXX perhaps we should check for existing attributes and merge */
+ for ( a = &rs->sr_operational_attrs; *a != NULL; a = &(*a)->a_next )
+ ;
+
+ *a = slapi_attr_dup( attribute );
+
+ return 0;
+}
+
+static int
+slapi_over_aux_operational( Operation *op, SlapReply *rs )
+{
+ /* Support for computed attribute plugins */
+ computed_attr_context ctx;
+ AttributeName *anp;
+
+ if ( slapi_op_internal_p( op, rs, NULL ) ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ ctx.cac_pb = slapi_over_pblock_new( op, rs );
+ ctx.cac_op = op;
+ ctx.cac_private = rs;
+
+ if ( rs->sr_entry != NULL ) {
+ /*
+ * For each client requested attribute, call the plugins.
+ */
+ if ( rs->sr_attrs != NULL ) {
+ for ( anp = rs->sr_attrs; anp->an_name.bv_val != NULL; anp++ ) {
+ if ( compute_evaluator( &ctx, anp->an_name.bv_val,
+ rs->sr_entry, slapi_over_compute_output ) == 1 ) {
+ break;
+ }
+ }
+ } else {
+ /*
+ * Technically we shouldn't be returning operational attributes
+ * when the user requested only user attributes. We'll let the
+ * plugin decide whether to be naughty or not.
+ */
+ compute_evaluator( &ctx, "*", rs->sr_entry, slapi_over_compute_output );
+ }
+ }
+
+ slapi_pblock_destroy( ctx.cac_pb );
+
+ return SLAP_CB_CONTINUE;
+}
+
+/*
+ * We need this function to call frontendDB (global) plugins before
+ * database plugins, if we are invoked by a slap_callback.
+ */
+static int
+slapi_over_call_plugins( Slapi_PBlock *pb, int type )
+{
+ int rc = 1; /* means no plugins called */
+ Operation *op;
+
+ PBLOCK_ASSERT_OP( pb, 0 );
+ op = pb->pb_op;
+
+ if ( !be_match( op->o_bd, frontendDB ) ) {
+ rc = slapi_int_call_plugins( frontendDB, type, pb );
+ }
+ if ( rc >= 0 ) {
+ rc = slapi_int_call_plugins( op->o_bd, type, pb );
+ }
+
+ return rc;
+}
+
+static int
+slapi_over_search( Operation *op, SlapReply *rs, int type )
+{
+ int rc;
+ Slapi_PBlock *pb;
+
+ assert( rs->sr_type == REP_SEARCH || rs->sr_type == REP_SEARCHREF );
+
+ /* create a new pblock to not trample on result controls */
+ pb = slapi_over_pblock_new( op, rs );
+
+ rc = slapi_over_call_plugins( pb, type );
+ if ( rc >= 0 ) /* 1 means no plugins called */
+ rc = SLAP_CB_CONTINUE;
+ else
+ rc = LDAP_SUCCESS; /* confusing: don't abort, but don't send */
+
+ slapi_pblock_destroy(pb);
+
+ return rc;
+}
+
+/*
+ * Call pre- and post-result plugins
+ */
+static int
+slapi_over_result( Operation *op, SlapReply *rs, int type )
+{
+ Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
+
+ assert( rs->sr_type == REP_RESULT );
+
+ slapi_over_call_plugins( pb, type );
+
+ return SLAP_CB_CONTINUE;
+}
+
+
+static int
+slapi_op_bind_callback( Operation *op, SlapReply *rs, int prc )
+{
+ switch ( prc ) {
+ case SLAPI_BIND_SUCCESS:
+ /* Continue with backend processing */
+ break;
+ case SLAPI_BIND_FAIL:
+ /* Failure, frontend (that's us) sends result */
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ break;
+ case SLAPI_BIND_ANONYMOUS: /* undocumented */
+ default: /* plugin sent result or no plugins called */
+ BER_BVZERO( &op->orb_edn );
+
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ /*
+ * Plugin will have called slapi_pblock_set(LDAP_CONN_DN) which
+ * will have set conn->c_dn and conn->c_ndn
+ */
+ if ( BER_BVISNULL( &op->o_conn->c_ndn ) && prc == 1 ) {
+ /* No plugins were called; continue processing */
+ return LDAP_SUCCESS;
+ }
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+ if ( !BER_BVISEMPTY( &op->o_conn->c_ndn ) ) {
+ ber_len_t max = sockbuf_max_incoming_auth;
+ ber_sockbuf_ctrl( op->o_conn->c_sb,
+ LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+
+ /* log authorization identity */
+ Statslog( LDAP_DEBUG_STATS,
+ "%s BIND dn=\"%s\" mech=%s (SLAPI) ssf=0\n",
+ op->o_log_prefix,
+ BER_BVISNULL( &op->o_conn->c_dn )
+ ? "<empty>" : op->o_conn->c_dn.bv_val,
+ BER_BVISNULL( &op->orb_tmp_mech )
+ ? "<empty>" : op->orb_tmp_mech.bv_val, 0, 0 );
+
+ return -1;
+ }
+ break;
+ }
+
+ return rs->sr_err;
+}
+
+static int
+slapi_op_search_callback( Operation *op, SlapReply *rs, int prc )
+{
+ Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
+
+ /* check preoperation result code */
+ if ( prc < 0 ) {
+ return rs->sr_err;
+ }
+
+ rs->sr_err = LDAP_SUCCESS;
+
+ if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, pb ) == 0 ) {
+ /*
+ * The plugin can set the SLAPI_SEARCH_FILTER.
+ * SLAPI_SEARCH_STRFILER is not normative.
+ */
+ op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+ filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+struct slapi_op_info {
+ int soi_preop; /* preoperation plugin parameter */
+ int soi_postop; /* postoperation plugin parameter */
+ int soi_internal_preop; /* internal preoperation plugin parameter */
+ int soi_internal_postop; /* internal postoperation plugin parameter */
+ int (*soi_callback)(Operation *, SlapReply *, int); /* preoperation result handler */
+} slapi_op_dispatch_table[] = {
+ {
+ SLAPI_PLUGIN_PRE_BIND_FN,
+ SLAPI_PLUGIN_POST_BIND_FN,
+ 0,
+ 0,
+ slapi_op_bind_callback
+ },
+ {
+ SLAPI_PLUGIN_PRE_UNBIND_FN,
+ SLAPI_PLUGIN_POST_UNBIND_FN,
+ 0,
+ 0,
+ NULL
+ },
+ {
+ SLAPI_PLUGIN_PRE_SEARCH_FN,
+ SLAPI_PLUGIN_POST_SEARCH_FN,
+ 0,
+ 0,
+ slapi_op_search_callback
+ },
+ {
+ SLAPI_PLUGIN_PRE_COMPARE_FN,
+ SLAPI_PLUGIN_POST_COMPARE_FN,
+ 0,
+ 0,
+ NULL
+ },
+ {
+ SLAPI_PLUGIN_PRE_MODIFY_FN,
+ SLAPI_PLUGIN_POST_MODIFY_FN,
+ SLAPI_PLUGIN_INTERNAL_PRE_MODIFY_FN,
+ SLAPI_PLUGIN_INTERNAL_POST_MODIFY_FN,
+ NULL
+ },
+ {
+ SLAPI_PLUGIN_PRE_MODRDN_FN,
+ SLAPI_PLUGIN_POST_MODRDN_FN,
+ SLAPI_PLUGIN_INTERNAL_PRE_MODRDN_FN,
+ SLAPI_PLUGIN_INTERNAL_POST_MODRDN_FN,
+ NULL
+ },
+ {
+ SLAPI_PLUGIN_PRE_ADD_FN,
+ SLAPI_PLUGIN_POST_ADD_FN,
+ SLAPI_PLUGIN_INTERNAL_PRE_ADD_FN,
+ SLAPI_PLUGIN_INTERNAL_POST_ADD_FN,
+ NULL
+ },
+ {
+ SLAPI_PLUGIN_PRE_DELETE_FN,
+ SLAPI_PLUGIN_POST_DELETE_FN,
+ SLAPI_PLUGIN_INTERNAL_PRE_DELETE_FN,
+ SLAPI_PLUGIN_INTERNAL_POST_DELETE_FN,
+ NULL
+ },
+ {
+ SLAPI_PLUGIN_PRE_ABANDON_FN,
+ SLAPI_PLUGIN_POST_ABANDON_FN,
+ 0,
+ 0,
+ NULL
+ },
+ {
+ 0,
+ 0,
+ 0,
+ 0,
+ NULL
+ }
+};
+
+slap_operation_t
+slapi_tag2op( ber_tag_t tag )
+{
+ slap_operation_t op;
+
+ switch ( tag ) {
+ case LDAP_REQ_BIND:
+ op = op_bind;
+ break;
+ case LDAP_REQ_ADD:
+ op = op_add;
+ break;
+ case LDAP_REQ_DELETE:
+ op = op_delete;
+ break;
+ case LDAP_REQ_MODRDN:
+ op = op_modrdn;
+ break;
+ case LDAP_REQ_MODIFY:
+ op = op_modify;
+ break;
+ case LDAP_REQ_COMPARE:
+ op = op_compare;
+ break;
+ case LDAP_REQ_SEARCH:
+ op = op_search;
+ break;
+ case LDAP_REQ_UNBIND:
+ op = op_unbind;
+ break;
+ default:
+ op = op_last;
+ break;
+ }
+
+ return op;
+}
+
+/* Add SLAPI_RESCONTROLS to rs->sr_ctrls, with care, because
+ * rs->sr_ctrls could be allocated on the stack */
+static int
+slapi_over_merge_controls( Operation *op, SlapReply *rs )
+{
+ Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
+ LDAPControl **ctrls = NULL;
+ LDAPControl **slapi_ctrls = NULL;
+ size_t n_slapi_ctrls = 0;
+ size_t n_rs_ctrls = 0;
+ size_t i;
+
+ slapi_pblock_get( pb, SLAPI_RESCONTROLS, (void **)&slapi_ctrls );
+
+ n_slapi_ctrls = slapi_int_count_controls( slapi_ctrls );
+ n_rs_ctrls = slapi_int_count_controls( rs->sr_ctrls );
+
+ slapi_pblock_set( pb, SLAPI_X_OLD_RESCONTROLS, (void *)rs->sr_ctrls );
+
+ if ( n_slapi_ctrls == 0 )
+ return LDAP_SUCCESS; /* no SLAPI controls */
+
+ ctrls = (LDAPControl **) op->o_tmpalloc(
+ ( n_slapi_ctrls + n_rs_ctrls + 1 ) * sizeof(LDAPControl *),
+ op->o_tmpmemctx );
+
+ for ( i = 0; i < n_slapi_ctrls; i++ ) {
+ ctrls[i] = slapi_ctrls[i];
+ }
+ if ( rs->sr_ctrls != NULL ) {
+ for ( i = 0; i < n_rs_ctrls; i++ ) {
+ ctrls[n_slapi_ctrls + i] = rs->sr_ctrls[i];
+ }
+ }
+ ctrls[n_slapi_ctrls + n_rs_ctrls] = NULL;
+
+ rs->sr_ctrls = ctrls;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+slapi_over_unmerge_controls( Operation *op, SlapReply *rs )
+{
+ Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
+ LDAPControl **rs_ctrls = NULL;
+
+ slapi_pblock_get( pb, SLAPI_X_OLD_RESCONTROLS, (void **)&rs_ctrls );
+
+ if ( rs_ctrls == NULL || rs->sr_ctrls == rs_ctrls ) {
+ /* no copying done */
+ return LDAP_SUCCESS;
+ }
+
+ op->o_tmpfree( rs->sr_ctrls, op->o_tmpmemctx );
+ rs->sr_ctrls = rs_ctrls;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+slapi_over_response( Operation *op, SlapReply *rs )
+{
+ Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
+ int rc = SLAP_CB_CONTINUE;
+
+ if ( pb->pb_intop == 0 ) {
+ switch ( rs->sr_type ) {
+ case REP_RESULT:
+ rc = slapi_over_result( op, rs, SLAPI_PLUGIN_PRE_RESULT_FN );
+ break;
+ case REP_SEARCH:
+ rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_ENTRY_FN );
+ break;
+ case REP_SEARCHREF:
+ rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_REFERRAL_FN );
+ break;
+ default:
+ break;
+ }
+ }
+
+ slapi_over_merge_controls( op, rs );
+
+ return rc;
+}
+
+static int
+slapi_over_cleanup( Operation *op, SlapReply *rs )
+{
+ Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
+ int rc = SLAP_CB_CONTINUE;
+
+ slapi_over_unmerge_controls( op, rs );
+
+ if ( pb->pb_intop == 0 ) {
+ switch ( rs->sr_type ) {
+ case REP_RESULT:
+ rc = slapi_over_result( op, rs, SLAPI_PLUGIN_POST_RESULT_FN );
+ break;
+ case REP_SEARCH:
+ rc = slapi_over_search( op, rs, SLAPI_PLUGIN_POST_ENTRY_FN );
+ break;
+ case REP_SEARCHREF:
+ rc = slapi_over_search( op, rs, SLAPI_PLUGIN_POST_REFERRAL_FN );
+ break;
+ default:
+ break;
+ }
+ }
+
+ return rc;
+}
+
+static int
+slapi_op_func( Operation *op, SlapReply *rs )
+{
+ Slapi_PBlock *pb;
+ slap_operation_t which;
+ struct slapi_op_info *opinfo;
+ int rc;
+ slap_overinfo *oi;
+ slap_overinst *on;
+ slap_callback cb;
+ int internal_op;
+ int preop_type, postop_type;
+ BackendDB *be;
+
+ if ( !slapi_plugins_used )
+ return SLAP_CB_CONTINUE;
+
+ /*
+ * Find the SLAPI operation information for this LDAP
+ * operation; this will contain the preop and postop
+ * plugin types, as well as optional callbacks for
+ * setting up the SLAPI environment.
+ */
+ which = slapi_tag2op( op->o_tag );
+ if ( which >= op_last ) {
+ /* invalid operation, but let someone else deal with it */
+ return SLAP_CB_CONTINUE;
+ }
+
+ opinfo = &slapi_op_dispatch_table[which];
+ if ( opinfo == NULL ) {
+ /* no SLAPI plugin types for this operation */
+ return SLAP_CB_CONTINUE;
+ }
+
+ internal_op = slapi_op_internal_p( op, rs, &cb );
+
+ if ( internal_op ) {
+ preop_type = opinfo->soi_internal_preop;
+ postop_type = opinfo->soi_internal_postop;
+ } else {
+ preop_type = opinfo->soi_preop;
+ postop_type = opinfo->soi_postop;
+ }
+
+ if ( preop_type == 0 ) {
+ /* no SLAPI plugin types for this operation */
+ pb = NULL;
+ rc = SLAP_CB_CONTINUE;
+ goto cleanup;
+ }
+
+ pb = SLAPI_OPERATION_PBLOCK( op );
+
+ /* cache backend so we call correct postop plugins */
+ be = pb->pb_op->o_bd;
+
+ rc = slapi_int_call_plugins( be, preop_type, pb );
+
+ /*
+ * soi_callback is responsible for examining the result code
+ * of the preoperation plugin and determining whether to
+ * abort. This is needed because of special SLAPI behaviour
+ e with bind preoperation plugins.
+ *
+ * The soi_callback function is also used to reset any values
+ * returned from the preoperation plugin before calling the
+ * backend (for the success case).
+ */
+ if ( opinfo->soi_callback == NULL ) {
+ /* default behaviour is preop plugin can abort operation */
+ if ( rc < 0 ) {
+ rc = rs->sr_err;
+ goto cleanup;
+ }
+ } else {
+ rc = (opinfo->soi_callback)( op, rs, rc );
+ if ( rc )
+ goto cleanup;
+ }
+
+ /*
+ * Call actual backend (or next overlay in stack). We need to
+ * do this rather than returning SLAP_CB_CONTINUE and calling
+ * postoperation plugins in a response handler to match the
+ * behaviour of SLAPI in OpenLDAP 2.2, where postoperation
+ * plugins are called after the backend has completely
+ * finished processing the operation.
+ */
+ on = (slap_overinst *)op->o_bd->bd_info;
+ oi = on->on_info;
+
+ rc = overlay_op_walk( op, rs, which, oi, on->on_next );
+
+ /*
+ * Call postoperation plugins
+ */
+ slapi_int_call_plugins( be, postop_type, pb );
+
+cleanup:
+ if ( !internal_op ) {
+ slapi_pblock_destroy(pb);
+ cb.sc_private = NULL;
+ }
+
+ op->o_callback = cb.sc_next;
+
+ return rc;
+}
+
+static int
+slapi_over_extended( Operation *op, SlapReply *rs )
+{
+ Slapi_PBlock *pb;
+ SLAPI_FUNC callback;
+ int rc;
+ int internal_op;
+ slap_callback cb;
+
+ slapi_int_get_extop_plugin( &op->ore_reqoid, &callback );
+ if ( callback == NULL ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ internal_op = slapi_op_internal_p( op, rs, &cb );
+ if ( internal_op ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ pb = SLAPI_OPERATION_PBLOCK( op );
+
+ rc = (*callback)( pb );
+ if ( rc == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) {
+ goto cleanup;
+ } else if ( rc == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) {
+ rc = SLAP_CB_CONTINUE;
+ goto cleanup;
+ }
+
+ assert( rs->sr_rspoid != NULL );
+
+ send_ldap_extended( op, rs );
+
+#if 0
+ slapi_ch_free_string( (char **)&rs->sr_rspoid );
+#endif
+
+ if ( rs->sr_rspdata != NULL )
+ ber_bvfree( rs->sr_rspdata );
+
+ rc = rs->sr_err;
+
+cleanup:
+ slapi_pblock_destroy( pb );
+ op->o_callback = cb.sc_next;
+
+ return rc;
+}
+
+static int
+slapi_over_access_allowed(
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *maskp )
+{
+ int rc;
+ Slapi_PBlock *pb;
+ slap_callback cb;
+ int internal_op;
+ SlapReply rs = { REP_RESULT };
+
+ internal_op = slapi_op_internal_p( op, &rs, &cb );
+
+ cb.sc_response = NULL;
+ cb.sc_cleanup = NULL;
+
+ pb = SLAPI_OPERATION_PBLOCK( op );
+
+ rc = slapi_int_access_allowed( op, e, desc, val, access, state );
+ if ( rc ) {
+ rc = SLAP_CB_CONTINUE;
+ }
+
+ if ( !internal_op ) {
+ slapi_pblock_destroy( pb );
+ }
+
+ op->o_callback = cb.sc_next;
+
+ return rc;
+}
+
+static int
+slapi_over_acl_group(
+ Operation *op,
+ Entry *target,
+ struct berval *gr_ndn,
+ struct berval *op_ndn,
+ ObjectClass *group_oc,
+ AttributeDescription *group_at )
+{
+ Slapi_Entry *e;
+ int rc;
+ Slapi_PBlock *pb;
+ BackendDB *be = op->o_bd;
+ GroupAssertion *g;
+ SlapReply rs = { REP_RESULT };
+
+ op->o_bd = select_backend( gr_ndn, 0, 0 );
+
+ for ( g = op->o_groups; g; g = g->ga_next ) {
+ if ( g->ga_be != op->o_bd || g->ga_oc != group_oc ||
+ g->ga_at != group_at || g->ga_len != gr_ndn->bv_len )
+ {
+ continue;
+ }
+ if ( strcmp( g->ga_ndn, gr_ndn->bv_val ) == 0 ) {
+ break;
+ }
+ }
+ if ( g != NULL ) {
+ rc = g->ga_res;
+ goto done;
+ }
+
+ if ( target != NULL && dn_match( &target->e_nname, gr_ndn ) ) {
+ e = target;
+ rc = 0;
+ } else {
+ rc = be_entry_get_rw( op, gr_ndn, group_oc, group_at, 0, &e );
+ }
+ if ( e != NULL ) {
+ int internal_op;
+ slap_callback cb;
+
+ internal_op = slapi_op_internal_p( op, &rs, &cb );
+
+ cb.sc_response = NULL;
+ cb.sc_cleanup = NULL;
+
+ pb = SLAPI_OPERATION_PBLOCK( op );
+
+ slapi_pblock_set( pb, SLAPI_X_GROUP_ENTRY, (void *)e );
+ slapi_pblock_set( pb, SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val );
+ slapi_pblock_set( pb, SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val );
+ slapi_pblock_set( pb, SLAPI_X_GROUP_TARGET_ENTRY, (void *)target );
+
+ rc = slapi_over_call_plugins( pb, SLAPI_X_PLUGIN_PRE_GROUP_FN );
+ if ( rc >= 0 ) /* 1 means no plugins called */
+ rc = SLAP_CB_CONTINUE;
+ else
+ rc = pb->pb_rs->sr_err;
+
+ slapi_pblock_delete_param( pb, SLAPI_X_GROUP_ENTRY );
+ slapi_pblock_delete_param( pb, SLAPI_X_GROUP_OPERATION_DN );
+ slapi_pblock_delete_param( pb, SLAPI_X_GROUP_ATTRIBUTE );
+ slapi_pblock_delete_param( pb, SLAPI_X_GROUP_TARGET_ENTRY );
+
+ if ( !internal_op )
+ slapi_pblock_destroy( pb );
+
+ if ( e != target ) {
+ be_entry_release_r( op, e );
+ }
+
+ op->o_callback = cb.sc_next;
+ } else {
+ rc = LDAP_NO_SUCH_OBJECT; /* return SLAP_CB_CONTINUE for correctness? */
+ }
+
+ if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache &&
+ rc != SLAP_CB_CONTINUE ) {
+ g = op->o_tmpalloc( sizeof( GroupAssertion ) + gr_ndn->bv_len,
+ op->o_tmpmemctx );
+ g->ga_be = op->o_bd;
+ g->ga_oc = group_oc;
+ g->ga_at = group_at;
+ g->ga_res = rc;
+ g->ga_len = gr_ndn->bv_len;
+ strcpy( g->ga_ndn, gr_ndn->bv_val );
+ g->ga_next = op->o_groups;
+ op->o_groups = g;
+ }
+ /*
+ * XXX don't call POST_GROUP_FN, I have no idea what the point of
+ * that plugin function was anyway
+ */
+done:
+ op->o_bd = be;
+ return rc;
+}
+
+static int
+slapi_over_init()
+{
+ memset( &slapi, 0, sizeof(slapi) );
+
+ slapi.on_bi.bi_type = SLAPI_OVERLAY_NAME;
+
+ slapi.on_bi.bi_op_bind = slapi_op_func;
+ slapi.on_bi.bi_op_unbind = slapi_op_func;
+ slapi.on_bi.bi_op_search = slapi_op_func;
+ slapi.on_bi.bi_op_compare = slapi_op_func;
+ slapi.on_bi.bi_op_modify = slapi_op_func;
+ slapi.on_bi.bi_op_modrdn = slapi_op_func;
+ slapi.on_bi.bi_op_add = slapi_op_func;
+ slapi.on_bi.bi_op_delete = slapi_op_func;
+ slapi.on_bi.bi_op_abandon = slapi_op_func;
+ slapi.on_bi.bi_op_cancel = slapi_op_func;
+
+ slapi.on_bi.bi_extended = slapi_over_extended;
+ slapi.on_bi.bi_access_allowed = slapi_over_access_allowed;
+ slapi.on_bi.bi_operational = slapi_over_aux_operational;
+ slapi.on_bi.bi_acl_group = slapi_over_acl_group;
+
+ return overlay_register( &slapi );
+}
+
+int slapi_over_is_inst( BackendDB *be )
+{
+ return overlay_is_inst( be, SLAPI_OVERLAY_NAME );
+}
+
+int slapi_over_config( BackendDB *be )
+{
+ if ( slapi_over_initialized == 0 ) {
+ int rc;
+
+ /* do global initializaiton */
+ ldap_pvt_thread_mutex_init( &slapi_hn_mutex );
+ ldap_pvt_thread_mutex_init( &slapi_time_mutex );
+ ldap_pvt_thread_mutex_init( &slapi_printmessage_mutex );
+
+ if ( slapi_log_file == NULL )
+ slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "errors" );
+
+ rc = slapi_int_init_object_extensions();
+ if ( rc != 0 )
+ return rc;
+
+ rc = slapi_over_init();
+ if ( rc != 0 )
+ return rc;
+
+ slapi_over_initialized = 1;
+ }
+
+ return overlay_config( be, SLAPI_OVERLAY_NAME );
+}
+
+#endif /* LDAP_SLAPI */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_pblock.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_pblock.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_pblock.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1374 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_pblock.c,v 1.27.2.8 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2002-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1997,2002-2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by IBM Corporation for use in
+ * IBM products and subsequently ported to OpenLDAP Software by
+ * Steve Omrani. Additional significant contributors include:
+ * Luke Howard
+ */
+
+#include "portable.h"
+#include <slap.h>
+#include <slapi.h>
+
+#ifdef LDAP_SLAPI
+
+/* some parameters require a valid connection and operation */
+#define PBLOCK_LOCK_CONN( _pb ) do { \
+ ldap_pvt_thread_mutex_lock( &(_pb)->pb_conn->c_mutex ); \
+ } while (0)
+
+#define PBLOCK_UNLOCK_CONN( _pb ) do { \
+ ldap_pvt_thread_mutex_unlock( &(_pb)->pb_conn->c_mutex ); \
+ } while (0)
+
+/* some parameters are only settable for internal operations */
+#define PBLOCK_VALIDATE_IS_INTOP( _pb ) do { if ( (_pb)->pb_intop == 0 ) break; } while ( 0 )
+
+static slapi_pblock_class_t
+pblock_get_param_class( int param )
+{
+ switch ( param ) {
+ case SLAPI_PLUGIN_TYPE:
+ case SLAPI_PLUGIN_ARGC:
+ case SLAPI_PLUGIN_OPRETURN:
+ case SLAPI_PLUGIN_INTOP_RESULT:
+ case SLAPI_CONFIG_LINENO:
+ case SLAPI_CONFIG_ARGC:
+ case SLAPI_BIND_METHOD:
+ case SLAPI_MODRDN_DELOLDRDN:
+ case SLAPI_SEARCH_SCOPE:
+ case SLAPI_SEARCH_DEREF:
+ case SLAPI_SEARCH_SIZELIMIT:
+ case SLAPI_SEARCH_TIMELIMIT:
+ case SLAPI_SEARCH_ATTRSONLY:
+ case SLAPI_NENTRIES:
+ case SLAPI_CHANGENUMBER:
+ case SLAPI_DBSIZE:
+ case SLAPI_REQUESTOR_ISROOT:
+ case SLAPI_BE_READONLY:
+ case SLAPI_BE_LASTMOD:
+ case SLAPI_DB2LDIF_PRINTKEY:
+ case SLAPI_LDIF2DB_REMOVEDUPVALS:
+ case SLAPI_MANAGEDSAIT:
+ case SLAPI_X_MANAGEDIT:
+ case SLAPI_X_OPERATION_NO_SCHEMA_CHECK:
+ case SLAPI_IS_REPLICATED_OPERATION:
+ case SLAPI_X_CONN_IS_UDP:
+ case SLAPI_X_CONN_SSF:
+ case SLAPI_RESULT_CODE:
+ case SLAPI_LOG_OPERATION:
+ return PBLOCK_CLASS_INTEGER;
+ break;
+
+ case SLAPI_CONN_ID:
+ case SLAPI_OPERATION_ID:
+ case SLAPI_OPINITIATED_TIME:
+ case SLAPI_ABANDON_MSGID:
+ case SLAPI_X_OPERATION_DELETE_GLUE_PARENT:
+ return PBLOCK_CLASS_LONG_INTEGER;
+ break;
+
+ case SLAPI_PLUGIN_DESTROY_FN:
+ case SLAPI_PLUGIN_DB_BIND_FN:
+ case SLAPI_PLUGIN_DB_UNBIND_FN:
+ case SLAPI_PLUGIN_DB_SEARCH_FN:
+ case SLAPI_PLUGIN_DB_COMPARE_FN:
+ case SLAPI_PLUGIN_DB_MODIFY_FN:
+ case SLAPI_PLUGIN_DB_MODRDN_FN:
+ case SLAPI_PLUGIN_DB_ADD_FN:
+ case SLAPI_PLUGIN_DB_DELETE_FN:
+ case SLAPI_PLUGIN_DB_ABANDON_FN:
+ case SLAPI_PLUGIN_DB_CONFIG_FN:
+ case SLAPI_PLUGIN_CLOSE_FN:
+ case SLAPI_PLUGIN_DB_FLUSH_FN:
+ case SLAPI_PLUGIN_START_FN:
+ case SLAPI_PLUGIN_DB_SEQ_FN:
+ case SLAPI_PLUGIN_DB_ENTRY_FN:
+ case SLAPI_PLUGIN_DB_REFERRAL_FN:
+ case SLAPI_PLUGIN_DB_RESULT_FN:
+ case SLAPI_PLUGIN_DB_LDIF2DB_FN:
+ case SLAPI_PLUGIN_DB_DB2LDIF_FN:
+ case SLAPI_PLUGIN_DB_BEGIN_FN:
+ case SLAPI_PLUGIN_DB_COMMIT_FN:
+ case SLAPI_PLUGIN_DB_ABORT_FN:
+ case SLAPI_PLUGIN_DB_ARCHIVE2DB_FN:
+ case SLAPI_PLUGIN_DB_DB2ARCHIVE_FN:
+ case SLAPI_PLUGIN_DB_NEXT_SEARCH_ENTRY_FN:
+ case SLAPI_PLUGIN_DB_FREE_RESULT_SET_FN:
+ case SLAPI_PLUGIN_DB_SIZE_FN:
+ case SLAPI_PLUGIN_DB_TEST_FN:
+ case SLAPI_PLUGIN_DB_NO_ACL:
+ case SLAPI_PLUGIN_EXT_OP_FN:
+ case SLAPI_PLUGIN_EXT_OP_OIDLIST:
+ case SLAPI_PLUGIN_PRE_BIND_FN:
+ case SLAPI_PLUGIN_PRE_UNBIND_FN:
+ case SLAPI_PLUGIN_PRE_SEARCH_FN:
+ case SLAPI_PLUGIN_PRE_COMPARE_FN:
+ case SLAPI_PLUGIN_PRE_MODIFY_FN:
+ case SLAPI_PLUGIN_PRE_MODRDN_FN:
+ case SLAPI_PLUGIN_PRE_ADD_FN:
+ case SLAPI_PLUGIN_PRE_DELETE_FN:
+ case SLAPI_PLUGIN_PRE_ABANDON_FN:
+ case SLAPI_PLUGIN_PRE_ENTRY_FN:
+ case SLAPI_PLUGIN_PRE_REFERRAL_FN:
+ case SLAPI_PLUGIN_PRE_RESULT_FN:
+ case SLAPI_PLUGIN_INTERNAL_PRE_ADD_FN:
+ case SLAPI_PLUGIN_INTERNAL_PRE_MODIFY_FN:
+ case SLAPI_PLUGIN_INTERNAL_PRE_MODRDN_FN:
+ case SLAPI_PLUGIN_INTERNAL_PRE_DELETE_FN:
+ case SLAPI_PLUGIN_BE_PRE_ADD_FN:
+ case SLAPI_PLUGIN_BE_PRE_MODIFY_FN:
+ case SLAPI_PLUGIN_BE_PRE_MODRDN_FN:
+ case SLAPI_PLUGIN_BE_PRE_DELETE_FN:
+ case SLAPI_PLUGIN_POST_BIND_FN:
+ case SLAPI_PLUGIN_POST_UNBIND_FN:
+ case SLAPI_PLUGIN_POST_SEARCH_FN:
+ case SLAPI_PLUGIN_POST_COMPARE_FN:
+ case SLAPI_PLUGIN_POST_MODIFY_FN:
+ case SLAPI_PLUGIN_POST_MODRDN_FN:
+ case SLAPI_PLUGIN_POST_ADD_FN:
+ case SLAPI_PLUGIN_POST_DELETE_FN:
+ case SLAPI_PLUGIN_POST_ABANDON_FN:
+ case SLAPI_PLUGIN_POST_ENTRY_FN:
+ case SLAPI_PLUGIN_POST_REFERRAL_FN:
+ case SLAPI_PLUGIN_POST_RESULT_FN:
+ case SLAPI_PLUGIN_INTERNAL_POST_ADD_FN:
+ case SLAPI_PLUGIN_INTERNAL_POST_MODIFY_FN:
+ case SLAPI_PLUGIN_INTERNAL_POST_MODRDN_FN:
+ case SLAPI_PLUGIN_INTERNAL_POST_DELETE_FN:
+ case SLAPI_PLUGIN_BE_POST_ADD_FN:
+ case SLAPI_PLUGIN_BE_POST_MODIFY_FN:
+ case SLAPI_PLUGIN_BE_POST_MODRDN_FN:
+ case SLAPI_PLUGIN_BE_POST_DELETE_FN:
+ case SLAPI_PLUGIN_MR_FILTER_CREATE_FN:
+ case SLAPI_PLUGIN_MR_INDEXER_CREATE_FN:
+ case SLAPI_PLUGIN_MR_FILTER_MATCH_FN:
+ case SLAPI_PLUGIN_MR_FILTER_INDEX_FN:
+ case SLAPI_PLUGIN_MR_FILTER_RESET_FN:
+ case SLAPI_PLUGIN_MR_INDEX_FN:
+ case SLAPI_PLUGIN_COMPUTE_EVALUATOR_FN:
+ case SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN:
+ case SLAPI_PLUGIN_ACL_ALLOW_ACCESS:
+ case SLAPI_X_PLUGIN_PRE_GROUP_FN:
+ case SLAPI_X_PLUGIN_POST_GROUP_FN:
+ case SLAPI_PLUGIN_AUDIT_FN:
+ return PBLOCK_CLASS_FUNCTION_POINTER;
+ break;
+
+ case SLAPI_BACKEND:
+ case SLAPI_CONNECTION:
+ case SLAPI_OPERATION:
+ case SLAPI_OPERATION_PARAMETERS:
+ case SLAPI_OPERATION_TYPE:
+ case SLAPI_OPERATION_AUTHTYPE:
+ case SLAPI_BE_MONITORDN:
+ case SLAPI_BE_TYPE:
+ case SLAPI_REQUESTOR_DN:
+ case SLAPI_CONN_DN:
+ case SLAPI_CONN_CLIENTIP:
+ case SLAPI_CONN_SERVERIP:
+ case SLAPI_CONN_AUTHTYPE:
+ case SLAPI_CONN_AUTHMETHOD:
+ case SLAPI_CONN_CERT:
+ case SLAPI_X_CONN_CLIENTPATH:
+ case SLAPI_X_CONN_SERVERPATH:
+ case SLAPI_X_CONN_SASL_CONTEXT:
+ case SLAPI_X_CONFIG_ARGV:
+ case SLAPI_X_INTOP_FLAGS:
+ case SLAPI_X_INTOP_RESULT_CALLBACK:
+ case SLAPI_X_INTOP_SEARCH_ENTRY_CALLBACK:
+ case SLAPI_X_INTOP_REFERRAL_ENTRY_CALLBACK:
+ case SLAPI_X_INTOP_CALLBACK_DATA:
+ case SLAPI_PLUGIN_MR_OID:
+ case SLAPI_PLUGIN_MR_TYPE:
+ case SLAPI_PLUGIN_MR_VALUE:
+ case SLAPI_PLUGIN_MR_VALUES:
+ case SLAPI_PLUGIN_MR_KEYS:
+ case SLAPI_PLUGIN:
+ case SLAPI_PLUGIN_PRIVATE:
+ case SLAPI_PLUGIN_ARGV:
+ case SLAPI_PLUGIN_OBJECT:
+ case SLAPI_PLUGIN_DESCRIPTION:
+ case SLAPI_PLUGIN_IDENTITY:
+ case SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES:
+ case SLAPI_PLUGIN_INTOP_SEARCH_REFERRALS:
+ case SLAPI_PLUGIN_MR_FILTER_REUSABLE:
+ case SLAPI_PLUGIN_MR_QUERY_OPERATOR:
+ case SLAPI_PLUGIN_MR_USAGE:
+ case SLAPI_OP_LESS:
+ case SLAPI_OP_LESS_OR_EQUAL:
+ case SLAPI_PLUGIN_MR_USAGE_INDEX:
+ case SLAPI_PLUGIN_SYNTAX_FILTER_AVA:
+ case SLAPI_PLUGIN_SYNTAX_FILTER_SUB:
+ case SLAPI_PLUGIN_SYNTAX_VALUES2KEYS:
+ case SLAPI_PLUGIN_SYNTAX_ASSERTION2KEYS_AVA:
+ case SLAPI_PLUGIN_SYNTAX_ASSERTION2KEYS_SUB:
+ case SLAPI_PLUGIN_SYNTAX_NAMES:
+ case SLAPI_PLUGIN_SYNTAX_OID:
+ case SLAPI_PLUGIN_SYNTAX_FLAGS:
+ case SLAPI_PLUGIN_SYNTAX_COMPARE:
+ case SLAPI_CONFIG_FILENAME:
+ case SLAPI_CONFIG_ARGV:
+ case SLAPI_TARGET_ADDRESS:
+ case SLAPI_TARGET_UNIQUEID:
+ case SLAPI_TARGET_DN:
+ case SLAPI_REQCONTROLS:
+ case SLAPI_ENTRY_PRE_OP:
+ case SLAPI_ENTRY_POST_OP:
+ case SLAPI_RESCONTROLS:
+ case SLAPI_X_OLD_RESCONTROLS:
+ case SLAPI_ADD_RESCONTROL:
+ case SLAPI_CONTROLS_ARG:
+ case SLAPI_ADD_ENTRY:
+ case SLAPI_ADD_EXISTING_DN_ENTRY:
+ case SLAPI_ADD_PARENT_ENTRY:
+ case SLAPI_ADD_PARENT_UNIQUEID:
+ case SLAPI_ADD_EXISTING_UNIQUEID_ENTRY:
+ case SLAPI_BIND_CREDENTIALS:
+ case SLAPI_BIND_SASLMECHANISM:
+ case SLAPI_BIND_RET_SASLCREDS:
+ case SLAPI_COMPARE_TYPE:
+ case SLAPI_COMPARE_VALUE:
+ case SLAPI_MODIFY_MODS:
+ case SLAPI_MODRDN_NEWRDN:
+ case SLAPI_MODRDN_NEWSUPERIOR:
+ case SLAPI_MODRDN_PARENT_ENTRY:
+ case SLAPI_MODRDN_NEWPARENT_ENTRY:
+ case SLAPI_MODRDN_TARGET_ENTRY:
+ case SLAPI_MODRDN_NEWSUPERIOR_ADDRESS:
+ case SLAPI_SEARCH_FILTER:
+ case SLAPI_SEARCH_STRFILTER:
+ case SLAPI_SEARCH_ATTRS:
+ case SLAPI_SEQ_TYPE:
+ case SLAPI_SEQ_ATTRNAME:
+ case SLAPI_SEQ_VAL:
+ case SLAPI_EXT_OP_REQ_OID:
+ case SLAPI_EXT_OP_REQ_VALUE:
+ case SLAPI_EXT_OP_RET_OID:
+ case SLAPI_EXT_OP_RET_VALUE:
+ case SLAPI_MR_FILTER_ENTRY:
+ case SLAPI_MR_FILTER_TYPE:
+ case SLAPI_MR_FILTER_VALUE:
+ case SLAPI_MR_FILTER_OID:
+ case SLAPI_MR_FILTER_DNATTRS:
+ case SLAPI_LDIF2DB_FILE:
+ case SLAPI_PARENT_TXN:
+ case SLAPI_TXN:
+ case SLAPI_SEARCH_RESULT_SET:
+ case SLAPI_SEARCH_RESULT_ENTRY:
+ case SLAPI_SEARCH_REFERRALS:
+ case SLAPI_RESULT_TEXT:
+ case SLAPI_RESULT_MATCHED:
+ case SLAPI_X_GROUP_ENTRY:
+ case SLAPI_X_GROUP_ATTRIBUTE:
+ case SLAPI_X_GROUP_OPERATION_DN:
+ case SLAPI_X_GROUP_TARGET_ENTRY:
+ case SLAPI_X_ADD_STRUCTURAL_CLASS:
+ case SLAPI_PLUGIN_AUDIT_DATA:
+ case SLAPI_IBM_PBLOCK:
+ case SLAPI_PLUGIN_VERSION:
+ return PBLOCK_CLASS_POINTER;
+ break;
+ default:
+ break;
+ }
+
+ return PBLOCK_CLASS_INVALID;
+}
+
+static void
+pblock_lock( Slapi_PBlock *pb )
+{
+ ldap_pvt_thread_mutex_lock( &pb->pb_mutex );
+}
+
+static void
+pblock_unlock( Slapi_PBlock *pb )
+{
+ ldap_pvt_thread_mutex_unlock( &pb->pb_mutex );
+}
+
+static int
+pblock_get_default( Slapi_PBlock *pb, int param, void **value )
+{
+ int i;
+ slapi_pblock_class_t pbClass;
+
+ pbClass = pblock_get_param_class( param );
+ if ( pbClass == PBLOCK_CLASS_INVALID ) {
+ return PBLOCK_ERROR;
+ }
+
+ switch ( pbClass ) {
+ case PBLOCK_CLASS_INTEGER:
+ *((int *)value) = 0;
+ break;
+ case PBLOCK_CLASS_LONG_INTEGER:
+ *((long *)value) = 0L;
+ break;
+ case PBLOCK_CLASS_POINTER:
+ case PBLOCK_CLASS_FUNCTION_POINTER:
+ *value = NULL;
+ break;
+ case PBLOCK_CLASS_INVALID:
+ return PBLOCK_ERROR;
+ }
+
+ for ( i = 0; i < pb->pb_nParams; i++ ) {
+ if ( pb->pb_params[i] == param ) {
+ switch ( pbClass ) {
+ case PBLOCK_CLASS_INTEGER:
+ *((int *)value) = pb->pb_values[i].pv_integer;
+ break;
+ case PBLOCK_CLASS_LONG_INTEGER:
+ *((long *)value) = pb->pb_values[i].pv_long_integer;
+ break;
+ case PBLOCK_CLASS_POINTER:
+ *value = pb->pb_values[i].pv_pointer;
+ break;
+ case PBLOCK_CLASS_FUNCTION_POINTER:
+ *value = pb->pb_values[i].pv_function_pointer;
+ break;
+ default:
+ break;
+ }
+ break;
+ }
+ }
+
+ return PBLOCK_SUCCESS;
+}
+
+static char *
+pblock_get_authtype( AuthorizationInformation *authz, int is_tls )
+{
+ char *authType;
+
+ switch ( authz->sai_method ) {
+ case LDAP_AUTH_SASL:
+ authType = SLAPD_AUTH_SASL;
+ break;
+ case LDAP_AUTH_SIMPLE:
+ authType = SLAPD_AUTH_SIMPLE;
+ break;
+ case LDAP_AUTH_NONE:
+ authType = SLAPD_AUTH_NONE;
+ break;
+ default:
+ authType = NULL;
+ break;
+ }
+
+ if ( is_tls && authType == NULL ) {
+ authType = SLAPD_AUTH_SSL;
+ }
+
+ return authType;
+}
+
+static int
+pblock_set_default( Slapi_PBlock *pb, int param, void *value )
+{
+ slapi_pblock_class_t pbClass;
+ size_t i;
+
+ pbClass = pblock_get_param_class( param );
+ if ( pbClass == PBLOCK_CLASS_INVALID ) {
+ return PBLOCK_ERROR;
+ }
+
+ if ( pb->pb_nParams == PBLOCK_MAX_PARAMS ) {
+ return PBLOCK_ERROR;
+ }
+
+ for ( i = 0; i < pb->pb_nParams; i++ ) {
+ if ( pb->pb_params[i] == param )
+ break;
+ }
+ if ( i >= pb->pb_nParams ) {
+ pb->pb_params[i] = param;
+ pb->pb_nParams++;
+ }
+
+ switch ( pbClass ) {
+ case PBLOCK_CLASS_INTEGER:
+ pb->pb_values[i].pv_integer = (*((int *)value));
+ break;
+ case PBLOCK_CLASS_LONG_INTEGER:
+ pb->pb_values[i].pv_long_integer = (*((long *)value));
+ break;
+ case PBLOCK_CLASS_POINTER:
+ pb->pb_values[i].pv_pointer = value;
+ break;
+ case PBLOCK_CLASS_FUNCTION_POINTER:
+ pb->pb_values[i].pv_function_pointer = value;
+ break;
+ default:
+ break;
+ }
+
+ return PBLOCK_SUCCESS;
+}
+
+static int
+pblock_be_call( Slapi_PBlock *pb, int (*bep)(Operation *) )
+{
+ BackendDB *be_orig;
+ Operation *op;
+ int rc;
+
+ PBLOCK_ASSERT_OP( pb, 0 );
+ op = pb->pb_op;
+
+ be_orig = op->o_bd;
+ op->o_bd = select_backend( &op->o_req_ndn, 0, 0 );
+ rc = (*bep)( op );
+ op->o_bd = be_orig;
+
+ return rc;
+}
+
+static int
+pblock_get( Slapi_PBlock *pb, int param, void **value )
+{
+ int rc = PBLOCK_SUCCESS;
+
+ pblock_lock( pb );
+
+ switch ( param ) {
+ case SLAPI_OPERATION:
+ *value = pb->pb_op;
+ break;
+ case SLAPI_OPINITIATED_TIME:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((long *)value) = pb->pb_op->o_time;
+ break;
+ case SLAPI_OPERATION_ID:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((long *)value) = pb->pb_op->o_opid;
+ break;
+ case SLAPI_OPERATION_TYPE:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((ber_tag_t *)value) = pb->pb_op->o_tag;
+ break;
+ case SLAPI_X_OPERATION_DELETE_GLUE_PARENT:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((ber_tag_t *)value) = pb->pb_op->o_delete_glue_parent;
+ break;
+ case SLAPI_X_OPERATION_NO_SCHEMA_CHECK:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((int *)value) = get_no_schema_check( pb->pb_op );
+ break;
+ case SLAPI_X_ADD_STRUCTURAL_CLASS:
+ PBLOCK_ASSERT_OP( pb, 0 );
+
+ if ( pb->pb_op->o_tag == LDAP_REQ_ADD ) {
+ struct berval tmpval = BER_BVNULL;
+
+ rc = mods_structural_class( pb->pb_op->ora_modlist,
+ &tmpval, &pb->pb_rs->sr_text,
+ pb->pb_textbuf, sizeof( pb->pb_textbuf ));
+ *((char **)value) = tmpval.bv_val;
+ } else {
+ rc = PBLOCK_ERROR;
+ }
+ break;
+ case SLAPI_REQCONTROLS:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((LDAPControl ***)value) = pb->pb_op->o_ctrls;
+ break;
+ case SLAPI_REQUESTOR_DN:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((char **)value) = pb->pb_op->o_dn.bv_val;
+ break;
+ case SLAPI_MANAGEDSAIT:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((int *)value) = get_manageDSAit( pb->pb_op );
+ break;
+ case SLAPI_X_MANAGEDIT:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((int *)value) = get_manageDIT( pb->pb_op );
+ break;
+ case SLAPI_BACKEND:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((BackendDB **)value) = select_backend( &pb->pb_op->o_req_ndn, 0, 0 );
+ break;
+ case SLAPI_BE_TYPE:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_bd != NULL )
+ *((char **)value) = pb->pb_op->o_bd->bd_info->bi_type;
+ else
+ *value = NULL;
+ break;
+ case SLAPI_CONNECTION:
+ *value = pb->pb_conn;
+ break;
+ case SLAPI_X_CONN_SSF:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((slap_ssf_t *)value) = pb->pb_conn->c_ssf;
+ break;
+ case SLAPI_X_CONN_SASL_CONTEXT:
+ PBLOCK_ASSERT_CONN( pb );
+ if ( pb->pb_conn->c_sasl_authctx != NULL )
+ *value = pb->pb_conn->c_sasl_authctx;
+ else
+ *value = pb->pb_conn->c_sasl_sockctx;
+ break;
+ case SLAPI_TARGET_DN:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((char **)value) = pb->pb_op->o_req_dn.bv_val;
+ break;
+ case SLAPI_REQUESTOR_ISROOT:
+ *((int *)value) = pblock_be_call( pb, be_isroot );
+ break;
+ case SLAPI_IS_REPLICATED_OPERATION:
+ *((int *)value) = pblock_be_call( pb, be_slurp_update );
+ break;
+ case SLAPI_CONN_AUTHTYPE:
+ case SLAPI_CONN_AUTHMETHOD: /* XXX should return SASL mech */
+ PBLOCK_ASSERT_CONN( pb );
+ *((char **)value) = pblock_get_authtype( &pb->pb_conn->c_authz,
+#ifdef HAVE_TLS
+ pb->pb_conn->c_is_tls
+#else
+ 0
+#endif
+ );
+ break;
+ case SLAPI_X_CONN_IS_UDP:
+ PBLOCK_ASSERT_CONN( pb );
+#ifdef LDAP_CONNECTIONLESS
+ *((int *)value) = pb->pb_conn->c_is_udp;
+#else
+ *((int *)value) = 0;
+#endif
+ break;
+ case SLAPI_CONN_ID:
+ PBLOCK_ASSERT_CONN( pb );
+ *((long *)value) = pb->pb_conn->c_connid;
+ break;
+ case SLAPI_CONN_DN:
+ PBLOCK_ASSERT_CONN( pb );
+ *((char **)value) = pb->pb_conn->c_dn.bv_val;
+ break;
+ case SLAPI_CONN_CLIENTIP:
+ PBLOCK_ASSERT_CONN( pb );
+ if ( strncmp( pb->pb_conn->c_peer_name.bv_val, "IP=", 3 ) == 0 )
+ *((char **)value) = &pb->pb_conn->c_peer_name.bv_val[3];
+ else
+ *value = NULL;
+ break;
+ case SLAPI_X_CONN_CLIENTPATH:
+ PBLOCK_ASSERT_CONN( pb );
+ if ( strncmp( pb->pb_conn->c_peer_name.bv_val, "PATH=", 3 ) == 0 )
+ *((char **)value) = &pb->pb_conn->c_peer_name.bv_val[5];
+ else
+ *value = NULL;
+ break;
+ case SLAPI_CONN_SERVERIP:
+ PBLOCK_ASSERT_CONN( pb );
+ if ( strncmp( pb->pb_conn->c_peer_name.bv_val, "IP=", 3 ) == 0 )
+ *((char **)value) = &pb->pb_conn->c_sock_name.bv_val[3];
+ else
+ *value = NULL;
+ break;
+ case SLAPI_X_CONN_SERVERPATH:
+ PBLOCK_ASSERT_CONN( pb );
+ if ( strncmp( pb->pb_conn->c_peer_name.bv_val, "PATH=", 3 ) == 0 )
+ *((char **)value) = &pb->pb_conn->c_sock_name.bv_val[5];
+ else
+ *value = NULL;
+ break;
+ case SLAPI_RESULT_CODE:
+ case SLAPI_PLUGIN_INTOP_RESULT:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((int *)value) = pb->pb_rs->sr_err;
+ break;
+ case SLAPI_RESULT_TEXT:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((const char **)value) = pb->pb_rs->sr_text;
+ break;
+ case SLAPI_RESULT_MATCHED:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((const char **)value) = pb->pb_rs->sr_matched;
+ break;
+ case SLAPI_ADD_ENTRY:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_ADD )
+ *((Slapi_Entry **)value) = pb->pb_op->ora_e;
+ else
+ *value = NULL;
+ break;
+ case SLAPI_MODIFY_MODS: {
+ LDAPMod **mods = NULL;
+
+ pblock_get_default( pb, param, (void **)&mods );
+ if ( mods == NULL && pb->pb_intop == 0 ) {
+ if ( pb->pb_op->o_tag != LDAP_REQ_MODIFY ) {
+ rc = PBLOCK_ERROR;
+ break;
+ }
+ mods = slapi_int_modifications2ldapmods( pb->pb_op->orm_modlist );
+ pblock_set_default( pb, param, (void *)mods );
+ }
+ *((LDAPMod ***)value) = mods;
+ break;
+ }
+ case SLAPI_MODRDN_NEWRDN:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN )
+ *((char **)value) = pb->pb_op->orr_newrdn.bv_val;
+ else
+ *value = NULL;
+ break;
+ case SLAPI_MODRDN_NEWSUPERIOR:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN && pb->pb_op->orr_newSup != NULL )
+ *((char **)value) = pb->pb_op->orr_newSup->bv_val;
+ else
+ *value = NULL;
+ break;
+ case SLAPI_MODRDN_DELOLDRDN:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN )
+ *((int *)value) = pb->pb_op->orr_deleteoldrdn;
+ else
+ *((int *)value) = 0;
+ break;
+ case SLAPI_SEARCH_SCOPE:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
+ *((int *)value) = pb->pb_op->ors_scope;
+ else
+ *((int *)value) = 0;
+ break;
+ case SLAPI_SEARCH_DEREF:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
+ *((int *)value) = pb->pb_op->ors_deref;
+ else
+ *((int *)value) = 0;
+ break;
+ case SLAPI_SEARCH_SIZELIMIT:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
+ *((int *)value) = pb->pb_op->ors_slimit;
+ else
+ *((int *)value) = 0;
+ break;
+ case SLAPI_SEARCH_TIMELIMIT:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
+ *((int *)value) = pb->pb_op->ors_tlimit;
+ else
+ *((int *)value) = 0;
+ break;
+ case SLAPI_SEARCH_FILTER:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
+ *((Slapi_Filter **)value) = pb->pb_op->ors_filter;
+ else
+ *((Slapi_Filter **)value) = NULL;
+ break;
+ case SLAPI_SEARCH_STRFILTER:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
+ *((char **)value) = pb->pb_op->ors_filterstr.bv_val;
+ else
+ *((char **)value) = NULL;
+ break;
+ case SLAPI_SEARCH_ATTRS: {
+ char **attrs = NULL;
+
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag != LDAP_REQ_SEARCH ) {
+ rc = PBLOCK_ERROR;
+ break;
+ }
+ pblock_get_default( pb, param, (void **)&attrs );
+ if ( attrs == NULL && pb->pb_intop == 0 ) {
+ attrs = anlist2charray_x( pb->pb_op->ors_attrs, 0, pb->pb_op->o_tmpmemctx );
+ pblock_set_default( pb, param, (void *)attrs );
+ }
+ *((char ***)value) = attrs;
+ break;
+ }
+ case SLAPI_SEARCH_ATTRSONLY:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
+ *((int *)value) = pb->pb_op->ors_attrsonly;
+ else
+ *((int *)value) = 0;
+ break;
+ case SLAPI_SEARCH_RESULT_ENTRY:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((Slapi_Entry **)value) = pb->pb_rs->sr_entry;
+ break;
+ case SLAPI_BIND_RET_SASLCREDS:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((struct berval **)value) = pb->pb_rs->sr_sasldata;
+ break;
+ case SLAPI_EXT_OP_REQ_OID:
+ *((const char **)value) = pb->pb_op->ore_reqoid.bv_val;
+ break;
+ case SLAPI_EXT_OP_REQ_VALUE:
+ *((struct berval **)value) = pb->pb_op->ore_reqdata;
+ break;
+ case SLAPI_EXT_OP_RET_OID:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((const char **)value) = pb->pb_rs->sr_rspoid;
+ break;
+ case SLAPI_EXT_OP_RET_VALUE:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ *((struct berval **)value) = pb->pb_rs->sr_rspdata;
+ break;
+ case SLAPI_BIND_METHOD:
+ if ( pb->pb_op->o_tag == LDAP_REQ_BIND )
+ *((int *)value) = pb->pb_op->orb_method;
+ else
+ *((int *)value) = 0;
+ break;
+ case SLAPI_BIND_CREDENTIALS:
+ if ( pb->pb_op->o_tag == LDAP_REQ_BIND )
+ *((struct berval **)value) = &pb->pb_op->orb_cred;
+ else
+ *value = NULL;
+ break;
+ case SLAPI_COMPARE_TYPE:
+ if ( pb->pb_op->o_tag == LDAP_REQ_COMPARE )
+ *((char **)value) = pb->pb_op->orc_ava->aa_desc->ad_cname.bv_val;
+ else
+ *value = NULL;
+ break;
+ case SLAPI_COMPARE_VALUE:
+ if ( pb->pb_op->o_tag == LDAP_REQ_COMPARE )
+ *((struct berval **)value) = &pb->pb_op->orc_ava->aa_value;
+ else
+ *value = NULL;
+ break;
+ case SLAPI_ABANDON_MSGID:
+ if ( pb->pb_op->o_tag == LDAP_REQ_ABANDON )
+ *((int *)value) = pb->pb_op->orn_msgid;
+ else
+ *((int *)value) = 0;
+ break;
+ default:
+ rc = pblock_get_default( pb, param, value );
+ break;
+ }
+
+ pblock_unlock( pb );
+
+ return rc;
+}
+
+static int
+pblock_add_control( Slapi_PBlock *pb, LDAPControl *control )
+{
+ LDAPControl **controls = NULL;
+ size_t i;
+
+ pblock_get_default( pb, SLAPI_RESCONTROLS, (void **)&controls );
+
+ if ( controls != NULL ) {
+ for ( i = 0; controls[i] != NULL; i++ )
+ ;
+ } else {
+ i = 0;
+ }
+
+ controls = (LDAPControl **)slapi_ch_realloc( (char *)controls,
+ ( i + 2 ) * sizeof(LDAPControl *));
+ controls[i++] = slapi_dup_control( control );
+ controls[i] = NULL;
+
+ return pblock_set_default( pb, SLAPI_RESCONTROLS, (void *)controls );
+}
+
+static int
+pblock_set_dn( void *value, struct berval *dn, struct berval *ndn, void *memctx )
+{
+ struct berval bv;
+
+ if ( !BER_BVISNULL( dn )) {
+ slap_sl_free( dn->bv_val, memctx );
+ BER_BVZERO( dn );
+ }
+ if ( !BER_BVISNULL( ndn )) {
+ slap_sl_free( ndn->bv_val, memctx );
+ BER_BVZERO( ndn );
+ }
+
+ bv.bv_val = (char *)value;
+ bv.bv_len = ( value != NULL ) ? strlen( bv.bv_val ) : 0;
+
+ return dnPrettyNormal( NULL, &bv, dn, ndn, memctx );
+}
+
+static int
+pblock_set( Slapi_PBlock *pb, int param, void *value )
+{
+ int rc = PBLOCK_SUCCESS;
+
+ pblock_lock( pb );
+
+ switch ( param ) {
+ case SLAPI_OPERATION:
+ pb->pb_op = (Operation *)value;
+ break;
+ case SLAPI_OPINITIATED_TIME:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ pb->pb_op->o_time = *((long *)value);
+ break;
+ case SLAPI_OPERATION_ID:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ pb->pb_op->o_opid = *((long *)value);
+ break;
+ case SLAPI_OPERATION_TYPE:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ pb->pb_op->o_tag = *((ber_tag_t *)value);
+ break;
+ case SLAPI_X_OPERATION_DELETE_GLUE_PARENT:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ pb->pb_op->o_delete_glue_parent = *((int *)value);
+ break;
+ case SLAPI_X_OPERATION_NO_SCHEMA_CHECK:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ pb->pb_op->o_no_schema_check = *((int *)value);
+ break;
+ case SLAPI_REQCONTROLS:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ pb->pb_op->o_ctrls = (LDAPControl **)value;
+ break;
+ case SLAPI_RESCONTROLS: {
+ LDAPControl **ctrls = NULL;
+
+ pblock_get_default( pb, param, (void **)&ctrls );
+ if ( ctrls != NULL ) {
+ /* free old ones first */
+ ldap_controls_free( ctrls );
+ }
+ rc = pblock_set_default( pb, param, value );
+ break;
+ }
+ case SLAPI_ADD_RESCONTROL:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ rc = pblock_add_control( pb, (LDAPControl *)value );
+ break;
+ case SLAPI_REQUESTOR_DN:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ rc = pblock_set_dn( value, &pb->pb_op->o_dn, &pb->pb_op->o_ndn, pb->pb_op->o_tmpmemctx );
+ break;
+ case SLAPI_MANAGEDSAIT:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ pb->pb_op->o_managedsait = *((int *)value);
+ break;
+ case SLAPI_X_MANAGEDIT:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ pb->pb_op->o_managedit = *((int *)value);
+ break;
+ case SLAPI_BACKEND:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ pb->pb_op->o_bd = (BackendDB *)value;
+ break;
+ case SLAPI_CONNECTION:
+ pb->pb_conn = (Connection *)value;
+ break;
+ case SLAPI_X_CONN_SSF:
+ PBLOCK_ASSERT_CONN( pb );
+ PBLOCK_LOCK_CONN( pb );
+ pb->pb_conn->c_ssf = (slap_ssf_t)(long)value;
+ PBLOCK_UNLOCK_CONN( pb );
+ break;
+ case SLAPI_X_CONN_SASL_CONTEXT:
+ PBLOCK_ASSERT_CONN( pb );
+ PBLOCK_LOCK_CONN( pb );
+ pb->pb_conn->c_sasl_authctx = value;
+ PBLOCK_UNLOCK_CONN( pb );
+ break;
+ case SLAPI_TARGET_DN:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ rc = pblock_set_dn( value, &pb->pb_op->o_req_dn, &pb->pb_op->o_req_ndn, pb->pb_op->o_tmpmemctx );
+ break;
+ case SLAPI_CONN_ID:
+ PBLOCK_ASSERT_CONN( pb );
+ PBLOCK_LOCK_CONN( pb );
+ pb->pb_conn->c_connid = *((long *)value);
+ PBLOCK_UNLOCK_CONN( pb );
+ break;
+ case SLAPI_CONN_DN:
+ PBLOCK_ASSERT_CONN( pb );
+ PBLOCK_LOCK_CONN( pb );
+ rc = pblock_set_dn( value, &pb->pb_conn->c_dn, &pb->pb_conn->c_ndn, NULL );
+ PBLOCK_UNLOCK_CONN( pb );
+ break;
+ case SLAPI_RESULT_CODE:
+ case SLAPI_PLUGIN_INTOP_RESULT:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ pb->pb_rs->sr_err = *((int *)value);
+ break;
+ case SLAPI_RESULT_TEXT:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ snprintf( pb->pb_textbuf, sizeof( pb->pb_textbuf ), "%s", (char *)value );
+ pb->pb_rs->sr_text = pb->pb_textbuf;
+ break;
+ case SLAPI_RESULT_MATCHED:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ pb->pb_rs->sr_matched = (char *)value; /* XXX should dup? */
+ break;
+ case SLAPI_ADD_ENTRY:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_ADD )
+ pb->pb_op->ora_e = (Slapi_Entry *)value;
+ else
+ rc = PBLOCK_ERROR;
+ break;
+ case SLAPI_MODIFY_MODS: {
+ Modifications **mlp;
+ Modifications *newmods;
+
+ PBLOCK_ASSERT_OP( pb, 0 );
+ rc = pblock_set_default( pb, param, value );
+ if ( rc != PBLOCK_SUCCESS ) {
+ break;
+ }
+
+ if ( pb->pb_op->o_tag == LDAP_REQ_MODIFY ) {
+ mlp = &pb->pb_op->orm_modlist;
+ } else if ( pb->pb_op->o_tag == LDAP_REQ_ADD ) {
+ mlp = &pb->pb_op->ora_modlist;
+ } else {
+ break;
+ }
+
+ newmods = slapi_int_ldapmods2modifications( (LDAPMod **)value );
+ if ( newmods != NULL ) {
+ slap_mods_free( *mlp, 1 );
+ *mlp = newmods;
+ }
+ break;
+ }
+ case SLAPI_MODRDN_NEWRDN:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ PBLOCK_VALIDATE_IS_INTOP( pb );
+ if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN ) {
+ rc = pblock_set_dn( value, &pb->pb_op->orr_newrdn, &pb->pb_op->orr_nnewrdn, pb->pb_op->o_tmpmemctx );
+ if ( rc == LDAP_SUCCESS )
+ rc = rdn_validate( &pb->pb_op->orr_nnewrdn );
+ } else {
+ rc = PBLOCK_ERROR;
+ }
+ break;
+ case SLAPI_MODRDN_NEWSUPERIOR:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ PBLOCK_VALIDATE_IS_INTOP( pb );
+ if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN ) {
+ if ( value == NULL ) {
+ if ( pb->pb_op->orr_newSup != NULL ) {
+ pb->pb_op->o_tmpfree( pb->pb_op->orr_newSup, pb->pb_op->o_tmpmemctx );
+ BER_BVZERO( pb->pb_op->orr_newSup );
+ pb->pb_op->orr_newSup = NULL;
+ }
+ if ( pb->pb_op->orr_newSup != NULL ) {
+ pb->pb_op->o_tmpfree( pb->pb_op->orr_nnewSup, pb->pb_op->o_tmpmemctx );
+ BER_BVZERO( pb->pb_op->orr_nnewSup );
+ pb->pb_op->orr_nnewSup = NULL;
+ }
+ } else {
+ if ( pb->pb_op->orr_newSup == NULL ) {
+ pb->pb_op->orr_newSup = (struct berval *)pb->pb_op->o_tmpalloc(
+ sizeof(struct berval), pb->pb_op->o_tmpmemctx );
+ BER_BVZERO( pb->pb_op->orr_newSup );
+ }
+ if ( pb->pb_op->orr_nnewSup == NULL ) {
+ pb->pb_op->orr_nnewSup = (struct berval *)pb->pb_op->o_tmpalloc(
+ sizeof(struct berval), pb->pb_op->o_tmpmemctx );
+ BER_BVZERO( pb->pb_op->orr_nnewSup );
+ }
+ rc = pblock_set_dn( value, pb->pb_op->orr_newSup, pb->pb_op->orr_nnewSup, pb->pb_op->o_tmpmemctx );
+ }
+ } else {
+ rc = PBLOCK_ERROR;
+ }
+ break;
+ case SLAPI_MODRDN_DELOLDRDN:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ PBLOCK_VALIDATE_IS_INTOP( pb );
+ if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN )
+ pb->pb_op->orr_deleteoldrdn = *((int *)value);
+ else
+ rc = PBLOCK_ERROR;
+ break;
+ case SLAPI_SEARCH_SCOPE: {
+ int scope = *((int *)value);
+
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH ) {
+ switch ( *((int *)value) ) {
+ case LDAP_SCOPE_BASE:
+ case LDAP_SCOPE_ONELEVEL:
+ case LDAP_SCOPE_SUBTREE:
+#ifdef LDAP_SCOPE_SUBORDINATE
+ case LDAP_SCOPE_SUBORDINATE:
+#endif
+ pb->pb_op->ors_scope = scope;
+ break;
+ default:
+ rc = PBLOCK_ERROR;
+ break;
+ }
+ } else {
+ rc = PBLOCK_ERROR;
+ }
+ break;
+ }
+ case SLAPI_SEARCH_DEREF:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
+ pb->pb_op->ors_deref = *((int *)value);
+ else
+ rc = PBLOCK_ERROR;
+ break;
+ case SLAPI_SEARCH_SIZELIMIT:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
+ pb->pb_op->ors_slimit = *((int *)value);
+ else
+ rc = PBLOCK_ERROR;
+ break;
+ case SLAPI_SEARCH_TIMELIMIT:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
+ pb->pb_op->ors_tlimit = *((int *)value);
+ else
+ rc = PBLOCK_ERROR;
+ break;
+ case SLAPI_SEARCH_FILTER:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
+ pb->pb_op->ors_filter = (Slapi_Filter *)value;
+ else
+ rc = PBLOCK_ERROR;
+ break;
+ case SLAPI_SEARCH_STRFILTER:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH ) {
+ pb->pb_op->ors_filterstr.bv_val = (char *)value;
+ pb->pb_op->ors_filterstr.bv_len = strlen((char *)value);
+ } else {
+ rc = PBLOCK_ERROR;
+ }
+ break;
+ case SLAPI_SEARCH_ATTRS: {
+ AttributeName *an = NULL;
+ size_t i = 0;
+ char **attrs = (char **)value;
+
+ PBLOCK_ASSERT_OP( pb, 0 );
+ PBLOCK_VALIDATE_IS_INTOP( pb );
+
+ if ( pb->pb_op->o_tag != LDAP_REQ_SEARCH ) {
+ rc = PBLOCK_ERROR;
+ break;
+ }
+ /* also set mapped attrs */
+ rc = pblock_set_default( pb, param, value );
+ if ( rc != PBLOCK_SUCCESS ) {
+ break;
+ }
+ if ( pb->pb_op->ors_attrs != NULL ) {
+ pb->pb_op->o_tmpfree( pb->pb_op->ors_attrs, pb->pb_op->o_tmpmemctx );
+ pb->pb_op->ors_attrs = NULL;
+ }
+ if ( attrs != NULL ) {
+ for ( i = 0; attrs[i] != NULL; i++ )
+ ;
+ }
+ if ( i ) {
+ an = (AttributeName *)pb->pb_op->o_tmpalloc( (i + 1) *
+ sizeof(AttributeName), pb->pb_op->o_tmpmemctx );
+ for ( i = 0; attrs[i] != NULL; i++ ) {
+ an[i].an_desc = NULL;
+ an[i].an_oc = NULL;
+ an[i].an_oc_exclude = 0;
+ an[i].an_name.bv_val = attrs[i];
+ an[i].an_name.bv_len = strlen( attrs[i] );
+ slap_bv2ad( &an[i].an_name, &an[i].an_desc, &pb->pb_rs->sr_text );
+ }
+ an[i].an_name.bv_val = NULL;
+ an[i].an_name.bv_len = 0;
+ }
+ pb->pb_op->ors_attrs = an;
+ break;
+ }
+ case SLAPI_SEARCH_ATTRSONLY:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ PBLOCK_VALIDATE_IS_INTOP( pb );
+
+ if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
+ pb->pb_op->ors_attrsonly = *((int *)value);
+ else
+ rc = PBLOCK_ERROR;
+ break;
+ case SLAPI_SEARCH_RESULT_ENTRY:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ pb->pb_rs->sr_entry = (Slapi_Entry *)value;
+ break;
+ case SLAPI_BIND_RET_SASLCREDS:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ pb->pb_rs->sr_sasldata = (struct berval *)value;
+ break;
+ case SLAPI_EXT_OP_REQ_OID:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ PBLOCK_VALIDATE_IS_INTOP( pb );
+
+ if ( pb->pb_op->o_tag == LDAP_REQ_EXTENDED ) {
+ pb->pb_op->ore_reqoid.bv_val = (char *)value;
+ pb->pb_op->ore_reqoid.bv_len = strlen((char *)value);
+ } else {
+ rc = PBLOCK_ERROR;
+ }
+ break;
+ case SLAPI_EXT_OP_REQ_VALUE:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ PBLOCK_VALIDATE_IS_INTOP( pb );
+
+ if ( pb->pb_op->o_tag == LDAP_REQ_EXTENDED )
+ pb->pb_op->ore_reqdata = (struct berval *)value;
+ else
+ rc = PBLOCK_ERROR;
+ break;
+ case SLAPI_EXT_OP_RET_OID:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ pb->pb_rs->sr_rspoid = (char *)value;
+ break;
+ case SLAPI_EXT_OP_RET_VALUE:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ pb->pb_rs->sr_rspdata = (struct berval *)value;
+ break;
+ case SLAPI_BIND_METHOD:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ PBLOCK_VALIDATE_IS_INTOP( pb );
+
+ if ( pb->pb_op->o_tag == LDAP_REQ_BIND )
+ pb->pb_op->orb_method = *((int *)value);
+ else
+ rc = PBLOCK_ERROR;
+ break;
+ case SLAPI_BIND_CREDENTIALS:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ PBLOCK_VALIDATE_IS_INTOP( pb );
+
+ if ( pb->pb_op->o_tag == LDAP_REQ_BIND )
+ pb->pb_op->orb_cred = *((struct berval *)value);
+ else
+ rc = PBLOCK_ERROR;
+ break;
+ case SLAPI_COMPARE_TYPE:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ PBLOCK_VALIDATE_IS_INTOP( pb );
+
+ if ( pb->pb_op->o_tag == LDAP_REQ_COMPARE ) {
+ const char *text;
+
+ pb->pb_op->orc_ava->aa_desc = NULL;
+ rc = slap_str2ad( (char *)value, &pb->pb_op->orc_ava->aa_desc, &text );
+ } else {
+ rc = PBLOCK_ERROR;
+ }
+ break;
+ case SLAPI_COMPARE_VALUE:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ PBLOCK_VALIDATE_IS_INTOP( pb );
+
+ if ( pb->pb_op->o_tag == LDAP_REQ_COMPARE )
+ pb->pb_op->orc_ava->aa_value = *((struct berval *)value);
+ else
+ rc = PBLOCK_ERROR;
+ break;
+ case SLAPI_ABANDON_MSGID:
+ PBLOCK_ASSERT_OP( pb, 0 );
+ PBLOCK_VALIDATE_IS_INTOP( pb );
+
+ if ( pb->pb_op->o_tag == LDAP_REQ_ABANDON)
+ pb->pb_op->orn_msgid = *((int *)value);
+ else
+ rc = PBLOCK_ERROR;
+ break;
+ case SLAPI_REQUESTOR_ISROOT:
+ case SLAPI_IS_REPLICATED_OPERATION:
+ case SLAPI_CONN_AUTHTYPE:
+ case SLAPI_CONN_AUTHMETHOD:
+ case SLAPI_X_CONN_IS_UDP:
+ case SLAPI_CONN_CLIENTIP:
+ case SLAPI_X_CONN_CLIENTPATH:
+ case SLAPI_CONN_SERVERIP:
+ case SLAPI_X_CONN_SERVERPATH:
+ case SLAPI_X_ADD_STRUCTURAL_CLASS:
+ /* These parameters cannot be set */
+ rc = PBLOCK_ERROR;
+ break;
+ default:
+ rc = pblock_set_default( pb, param, value );
+ break;
+ }
+
+ pblock_unlock( pb );
+
+ return rc;
+}
+
+static void
+pblock_clear( Slapi_PBlock *pb )
+{
+ pb->pb_nParams = 1;
+}
+
+static int
+pblock_delete_param( Slapi_PBlock *p, int param )
+{
+ int i;
+
+ pblock_lock(p);
+
+ for ( i = 0; i < p->pb_nParams; i++ ) {
+ if ( p->pb_params[i] == param ) {
+ break;
+ }
+ }
+
+ if (i >= p->pb_nParams ) {
+ pblock_unlock( p );
+ return PBLOCK_ERROR;
+ }
+
+ /* move last parameter to index of deleted parameter */
+ if ( p->pb_nParams > 1 ) {
+ p->pb_params[i] = p->pb_params[p->pb_nParams - 1];
+ p->pb_values[i] = p->pb_values[p->pb_nParams - 1];
+ }
+ p->pb_nParams--;
+
+ pblock_unlock( p );
+
+ return PBLOCK_SUCCESS;
+}
+
+Slapi_PBlock *
+slapi_pblock_new(void)
+{
+ Slapi_PBlock *pb;
+
+ pb = (Slapi_PBlock *) ch_calloc( 1, sizeof(Slapi_PBlock) );
+ if ( pb != NULL ) {
+ ldap_pvt_thread_mutex_init( &pb->pb_mutex );
+
+ pb->pb_params[0] = SLAPI_IBM_PBLOCK;
+ pb->pb_values[0].pv_pointer = NULL;
+ pb->pb_nParams = 1;
+ pb->pb_conn = NULL;
+ pb->pb_op = NULL;
+ pb->pb_rs = NULL;
+ pb->pb_intop = 0;
+ }
+ return pb;
+}
+
+static void
+pblock_destroy( Slapi_PBlock *pb )
+{
+ LDAPControl **controls = NULL;
+ LDAPMod **mods = NULL;
+ char **attrs = NULL;
+
+ assert( pb != NULL );
+
+ pblock_get_default( pb, SLAPI_RESCONTROLS, (void **)&controls );
+ if ( controls != NULL ) {
+ ldap_controls_free( controls );
+ }
+
+ if ( pb->pb_intop ) {
+ slapi_int_connection_done_pb( pb );
+ } else {
+ pblock_get_default( pb, SLAPI_MODIFY_MODS, (void **)&mods );
+ ldap_mods_free( mods, 1 );
+
+ pblock_get_default( pb, SLAPI_SEARCH_ATTRS, (void **)&attrs );
+ if ( attrs != NULL )
+ pb->pb_op->o_tmpfree( attrs, pb->pb_op->o_tmpmemctx );
+ }
+
+ ldap_pvt_thread_mutex_destroy( &pb->pb_mutex );
+ slapi_ch_free( (void **)&pb );
+}
+
+void
+slapi_pblock_destroy( Slapi_PBlock *pb )
+{
+ if ( pb != NULL ) {
+ pblock_destroy( pb );
+ }
+}
+
+int
+slapi_pblock_get( Slapi_PBlock *pb, int arg, void *value )
+{
+ return pblock_get( pb, arg, (void **)value );
+}
+
+int
+slapi_pblock_set( Slapi_PBlock *pb, int arg, void *value )
+{
+ return pblock_set( pb, arg, value );
+}
+
+void
+slapi_pblock_clear( Slapi_PBlock *pb )
+{
+ pblock_clear( pb );
+}
+
+int
+slapi_pblock_delete_param( Slapi_PBlock *p, int param )
+{
+ return pblock_delete_param( p, param );
+}
+
+/*
+ * OpenLDAP extension
+ */
+int
+slapi_int_pblock_get_first( Backend *be, Slapi_PBlock **pb )
+{
+ assert( pb != NULL );
+ *pb = SLAPI_BACKEND_PBLOCK( be );
+ return (*pb == NULL ? LDAP_OTHER : LDAP_SUCCESS);
+}
+
+/*
+ * OpenLDAP extension
+ */
+int
+slapi_int_pblock_get_next( Slapi_PBlock **pb )
+{
+ assert( pb != NULL );
+ return slapi_pblock_get( *pb, SLAPI_IBM_PBLOCK, pb );
+}
+
+#endif /* LDAP_SLAPI */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_utils.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_utils.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapi/slapi_utils.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3429 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_utils.c,v 1.136.2.11 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2002-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1997,2002-2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by IBM Corporation for use in
+ * IBM products and subsequently ported to OpenLDAP Software by
+ * Steve Omrani. Additional significant contributors include:
+ * Luke Howard
+ */
+
+#include "portable.h"
+
+#include <ac/string.h>
+#include <ac/stdarg.h>
+#include <ac/ctype.h>
+#include <ac/unistd.h>
+
+#include <slap.h>
+#include <slapi.h>
+
+#include <netdb.h>
+
+#ifdef LDAP_SLAPI
+
+/*
+ * server start time (should we use a struct timeval also in slapd?
+ */
+static struct timeval base_time;
+ldap_pvt_thread_mutex_t slapi_hn_mutex;
+ldap_pvt_thread_mutex_t slapi_time_mutex;
+
+struct slapi_mutex {
+ ldap_pvt_thread_mutex_t mutex;
+};
+
+struct slapi_condvar {
+ ldap_pvt_thread_cond_t cond;
+ ldap_pvt_thread_mutex_t mutex;
+};
+
+static int checkBVString(const struct berval *bv)
+{
+ int i;
+
+ for ( i = 0; i < bv->bv_len; i++ ) {
+ if ( bv->bv_val[i] == '\0' )
+ return 0;
+ }
+ if ( bv->bv_val[i] != '\0' )
+ return 0;
+
+ return 1;
+}
+
+/*
+ * This function converts an array of pointers to berval objects to
+ * an array of berval objects.
+ */
+
+int
+bvptr2obj(
+ struct berval **bvptr,
+ BerVarray *bvobj )
+{
+ int rc = LDAP_SUCCESS;
+ int i;
+ BerVarray tmpberval;
+
+ if ( bvptr == NULL || *bvptr == NULL ) {
+ return LDAP_OTHER;
+ }
+
+ for ( i = 0; bvptr != NULL && bvptr[i] != NULL; i++ ) {
+ ; /* EMPTY */
+ }
+
+ tmpberval = (BerVarray)slapi_ch_malloc( (i + 1)*sizeof(struct berval));
+ if ( tmpberval == NULL ) {
+ return LDAP_NO_MEMORY;
+ }
+
+ for ( i = 0; bvptr[i] != NULL; i++ ) {
+ tmpberval[i].bv_val = bvptr[i]->bv_val;
+ tmpberval[i].bv_len = bvptr[i]->bv_len;
+ }
+ tmpberval[i].bv_val = NULL;
+ tmpberval[i].bv_len = 0;
+
+ if ( rc == LDAP_SUCCESS ) {
+ *bvobj = tmpberval;
+ }
+
+ return rc;
+}
+
+Slapi_Entry *
+slapi_str2entry(
+ char *s,
+ int flags )
+{
+ return str2entry( s );
+}
+
+char *
+slapi_entry2str(
+ Slapi_Entry *e,
+ int *len )
+{
+ char *ret = NULL;
+ char *s;
+
+ ldap_pvt_thread_mutex_lock( &entry2str_mutex );
+ s = entry2str( e, len );
+ if ( s != NULL )
+ ret = slapi_ch_strdup( s );
+ ldap_pvt_thread_mutex_unlock( &entry2str_mutex );
+
+ return ret;
+}
+
+char *
+slapi_entry_get_dn( Slapi_Entry *e )
+{
+ return e->e_name.bv_val;
+}
+
+int
+slapi_x_entry_get_id( Slapi_Entry *e )
+{
+ return e->e_id;
+}
+
+static int
+slapi_int_dn_pretty( struct berval *in, struct berval *out )
+{
+ Syntax *syntax = slap_schema.si_syn_distinguishedName;
+
+ assert( syntax != NULL );
+
+ return (syntax->ssyn_pretty)( syntax, in, out, NULL );
+}
+
+static int
+slapi_int_dn_normalize( struct berval *in, struct berval *out )
+{
+ MatchingRule *mr = slap_schema.si_mr_distinguishedNameMatch;
+ Syntax *syntax = slap_schema.si_syn_distinguishedName;
+
+ assert( mr != NULL );
+
+ return (mr->smr_normalize)( 0, syntax, mr, in, out, NULL );
+}
+
+void
+slapi_entry_set_dn(
+ Slapi_Entry *e,
+ char *ldn )
+{
+ struct berval dn = BER_BVNULL;
+
+ dn.bv_val = ldn;
+ dn.bv_len = strlen( ldn );
+
+ slapi_int_dn_pretty( &dn, &e->e_name );
+ slapi_int_dn_normalize( &dn, &e->e_nname );
+}
+
+Slapi_Entry *
+slapi_entry_dup( Slapi_Entry *e )
+{
+ return entry_dup( e );
+}
+
+int
+slapi_entry_attr_delete(
+ Slapi_Entry *e,
+ char *type )
+{
+ AttributeDescription *ad = NULL;
+ const char *text;
+
+ if ( slap_str2ad( type, &ad, &text ) != LDAP_SUCCESS ) {
+ return 1; /* LDAP_NO_SUCH_ATTRIBUTE */
+ }
+
+ if ( attr_delete( &e->e_attrs, ad ) == LDAP_SUCCESS ) {
+ return 0; /* attribute is deleted */
+ } else {
+ return -1; /* something went wrong */
+ }
+}
+
+Slapi_Entry *
+slapi_entry_alloc( void )
+{
+ return (Slapi_Entry *)slapi_ch_calloc( 1, sizeof(Slapi_Entry) );
+}
+
+void
+slapi_entry_free( Slapi_Entry *e )
+{
+ if ( e != NULL )
+ entry_free( e );
+}
+
+int
+slapi_entry_attr_merge(
+ Slapi_Entry *e,
+ char *type,
+ struct berval **vals )
+{
+ AttributeDescription *ad = NULL;
+ const char *text;
+ BerVarray bv;
+ int rc;
+
+ rc = slap_str2ad( type, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return -1;
+ }
+
+ rc = bvptr2obj( vals, &bv );
+ if ( rc != LDAP_SUCCESS ) {
+ return -1;
+ }
+
+ rc = attr_merge_normalize_one( e, ad, bv, NULL );
+ ch_free( bv );
+
+ return rc;
+}
+
+int
+slapi_entry_attr_find(
+ Slapi_Entry *e,
+ char *type,
+ Slapi_Attr **attr )
+{
+ AttributeDescription *ad = NULL;
+ const char *text;
+ int rc;
+
+ rc = slap_str2ad( type, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return -1;
+ }
+
+ *attr = attr_find( e->e_attrs, ad );
+ if ( *attr == NULL ) {
+ return -1;
+ }
+
+ return 0;
+}
+
+char *
+slapi_entry_attr_get_charptr( const Slapi_Entry *e, const char *type )
+{
+ AttributeDescription *ad = NULL;
+ const char *text;
+ int rc;
+ Attribute *attr;
+
+ rc = slap_str2ad( type, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return NULL;
+ }
+
+ attr = attr_find( e->e_attrs, ad );
+ if ( attr == NULL ) {
+ return NULL;
+ }
+
+ if ( attr->a_vals != NULL && attr->a_vals[0].bv_len != 0 ) {
+ const char *p;
+
+ p = slapi_value_get_string( &attr->a_vals[0] );
+ if ( p != NULL ) {
+ return slapi_ch_strdup( p );
+ }
+ }
+
+ return NULL;
+}
+
+int
+slapi_entry_attr_get_int( const Slapi_Entry *e, const char *type )
+{
+ AttributeDescription *ad = NULL;
+ const char *text;
+ int rc;
+ Attribute *attr;
+
+ rc = slap_str2ad( type, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return 0;
+ }
+
+ attr = attr_find( e->e_attrs, ad );
+ if ( attr == NULL ) {
+ return 0;
+ }
+
+ return slapi_value_get_int( attr->a_vals );
+}
+
+long
+slapi_entry_attr_get_long( const Slapi_Entry *e, const char *type )
+{
+ AttributeDescription *ad = NULL;
+ const char *text;
+ int rc;
+ Attribute *attr;
+
+ rc = slap_str2ad( type, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return 0;
+ }
+
+ attr = attr_find( e->e_attrs, ad );
+ if ( attr == NULL ) {
+ return 0;
+ }
+
+ return slapi_value_get_long( attr->a_vals );
+}
+
+unsigned int
+slapi_entry_attr_get_uint( const Slapi_Entry *e, const char *type )
+{
+ AttributeDescription *ad = NULL;
+ const char *text;
+ int rc;
+ Attribute *attr;
+
+ rc = slap_str2ad( type, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return 0;
+ }
+
+ attr = attr_find( e->e_attrs, ad );
+ if ( attr == NULL ) {
+ return 0;
+ }
+
+ return slapi_value_get_uint( attr->a_vals );
+}
+
+unsigned long
+slapi_entry_attr_get_ulong( const Slapi_Entry *e, const char *type )
+{
+ AttributeDescription *ad = NULL;
+ const char *text;
+ int rc;
+ Attribute *attr;
+
+ rc = slap_str2ad( type, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return 0;
+ }
+
+ attr = attr_find( e->e_attrs, ad );
+ if ( attr == NULL ) {
+ return 0;
+ }
+
+ return slapi_value_get_ulong( attr->a_vals );
+}
+
+int
+slapi_entry_attr_hasvalue( Slapi_Entry *e, const char *type, const char *value )
+{
+ struct berval bv;
+ AttributeDescription *ad = NULL;
+ const char *text;
+ int rc;
+ Attribute *attr;
+
+ rc = slap_str2ad( type, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return 0;
+ }
+
+ attr = attr_find( e->e_attrs, ad );
+ if ( attr == NULL ) {
+ return 0;
+ }
+
+ bv.bv_val = (char *)value;
+ bv.bv_len = strlen( value );
+
+ return ( slapi_attr_value_find( attr, &bv ) != -1 );
+}
+
+void
+slapi_entry_attr_set_charptr(Slapi_Entry* e, const char *type, const char *value)
+{
+ AttributeDescription *ad = NULL;
+ const char *text;
+ int rc;
+ struct berval bv;
+
+ rc = slap_str2ad( type, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return;
+ }
+
+ attr_delete ( &e->e_attrs, ad );
+ if ( value != NULL ) {
+ bv.bv_val = (char *)value;
+ bv.bv_len = strlen(value);
+ attr_merge_normalize_one( e, ad, &bv, NULL );
+ }
+}
+
+void
+slapi_entry_attr_set_int( Slapi_Entry* e, const char *type, int l)
+{
+ char buf[64];
+
+ snprintf( buf, sizeof( buf ), "%d", l );
+ slapi_entry_attr_set_charptr( e, type, buf );
+}
+
+void
+slapi_entry_attr_set_uint( Slapi_Entry* e, const char *type, unsigned int l)
+{
+ char buf[64];
+
+ snprintf( buf, sizeof( buf ), "%u", l );
+ slapi_entry_attr_set_charptr( e, type, buf );
+}
+
+void
+slapi_entry_attr_set_long(Slapi_Entry* e, const char *type, long l)
+{
+ char buf[64];
+
+ snprintf( buf, sizeof( buf ), "%ld", l );
+ slapi_entry_attr_set_charptr( e, type, buf );
+}
+
+void
+slapi_entry_attr_set_ulong(Slapi_Entry* e, const char *type, unsigned long l)
+{
+ char buf[64];
+
+ snprintf( buf, sizeof( buf ), "%lu", l );
+ slapi_entry_attr_set_charptr( e, type, buf );
+}
+
+int
+slapi_is_rootdse( const char *dn )
+{
+ return ( dn == NULL || dn[0] == '\0' );
+}
+
+int
+slapi_entry_has_children( const Slapi_Entry *e )
+{
+ Slapi_PBlock *pb;
+ int hasSubordinates = 0;
+
+ pb = slapi_pblock_new();
+ slapi_int_connection_init_pb( pb, LDAP_REQ_SEARCH );
+
+ slapi_pblock_set( pb, SLAPI_TARGET_DN, slapi_entry_get_dn( (Entry *)e ) );
+
+ pb->pb_op->o_bd = select_backend( (struct berval *)&e->e_nname, 0, 0 );
+ if ( pb->pb_op->o_bd != NULL ) {
+ pb->pb_op->o_bd->be_has_subordinates( pb->pb_op, (Entry *)e, &hasSubordinates );
+ }
+
+ slapi_pblock_destroy( pb );
+
+ return ( hasSubordinates == LDAP_COMPARE_TRUE );
+}
+
+/*
+ * Return approximate size of the entry rounded to the nearest
+ * 1K. Only the size of the attribute values are counted in the
+ * Sun implementation.
+ *
+ * http://docs.sun.com/source/816-6701-10/funcref.html#1017388
+ */
+size_t slapi_entry_size(Slapi_Entry *e)
+{
+ size_t size;
+ Attribute *a;
+ int i;
+
+ for ( size = 0, a = e->e_attrs; a != NULL; a = a->a_next ) {
+ for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
+ size += a->a_vals[i].bv_len + 1;
+ }
+ }
+
+ size += 1023;
+ size -= (size % 1024);
+
+ return size;
+}
+
+/*
+ * Add values to entry.
+ *
+ * Returns:
+ * LDAP_SUCCESS Values added to entry
+ * LDAP_TYPE_OR_VALUE_EXISTS One or more values exist in entry already
+ * LDAP_CONSTRAINT_VIOLATION Any other error (odd, but it's the spec)
+ */
+int
+slapi_entry_add_values( Slapi_Entry *e, const char *type, struct berval **vals )
+{
+ Modification mod;
+ const char *text;
+ int rc;
+ char textbuf[SLAP_TEXT_BUFLEN];
+
+ mod.sm_op = LDAP_MOD_ADD;
+ mod.sm_flags = 0;
+ mod.sm_desc = NULL;
+ mod.sm_type.bv_val = (char *)type;
+ mod.sm_type.bv_len = strlen( type );
+
+ rc = slap_str2ad( type, &mod.sm_desc, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if ( vals == NULL ) {
+ /* Apparently vals can be NULL
+ * FIXME: sm_values = NULL ? */
+ mod.sm_values = (BerVarray)ch_malloc( sizeof(struct berval) );
+ mod.sm_values->bv_val = NULL;
+
+ } else {
+ rc = bvptr2obj( vals, &mod.sm_values );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+ }
+ mod.sm_nvalues = NULL;
+
+ rc = modify_add_values( e, &mod, 0, &text, textbuf, sizeof(textbuf) );
+
+ slapi_ch_free( (void **)&mod.sm_values );
+
+ return (rc == LDAP_SUCCESS) ? LDAP_SUCCESS : LDAP_CONSTRAINT_VIOLATION;
+}
+
+int
+slapi_entry_add_values_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals )
+{
+ return slapi_entry_add_values( e, type, vals );
+}
+
+int
+slapi_entry_add_valueset(Slapi_Entry *e, const char *type, Slapi_ValueSet *vs)
+{
+ AttributeDescription *ad = NULL;
+ const char *text;
+ int rc;
+
+ rc = slap_str2ad( type, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return -1;
+ }
+
+ return attr_merge_normalize( e, ad, *vs, NULL );
+}
+
+int
+slapi_entry_delete_values( Slapi_Entry *e, const char *type, struct berval **vals )
+{
+ Modification mod;
+ const char *text;
+ int rc;
+ char textbuf[SLAP_TEXT_BUFLEN];
+
+ mod.sm_op = LDAP_MOD_DELETE;
+ mod.sm_flags = 0;
+ mod.sm_desc = NULL;
+ mod.sm_type.bv_val = (char *)type;
+ mod.sm_type.bv_len = strlen( type );
+
+ if ( vals == NULL ) {
+ /* If vals is NULL, this is a NOOP. */
+ return LDAP_SUCCESS;
+ }
+
+ rc = slap_str2ad( type, &mod.sm_desc, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if ( vals[0] == NULL ) {
+ /* SLAPI doco says LDApb_opERATIONS_ERROR but LDAP_OTHER is better */
+ return attr_delete( &e->e_attrs, mod.sm_desc ) ? LDAP_OTHER : LDAP_SUCCESS;
+ }
+
+ rc = bvptr2obj( vals, &mod.sm_values );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+ mod.sm_nvalues = NULL;
+
+ rc = modify_delete_values( e, &mod, 0, &text, textbuf, sizeof(textbuf) );
+
+ slapi_ch_free( (void **)&mod.sm_values );
+
+ return rc;
+}
+
+int
+slapi_entry_delete_values_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals )
+{
+ return slapi_entry_delete_values( e, type, vals );
+}
+
+int
+slapi_entry_merge_values_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals )
+{
+ return slapi_entry_attr_merge( e, (char *)type, vals );
+}
+
+int
+slapi_entry_add_value(Slapi_Entry *e, const char *type, const Slapi_Value *value)
+{
+ AttributeDescription *ad = NULL;
+ int rc;
+ const char *text;
+
+ rc = slap_str2ad( type, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return -1;
+ }
+
+ rc = attr_merge_normalize_one( e, ad, (Slapi_Value *)value, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ return -1;
+ }
+
+ return 0;
+}
+
+int
+slapi_entry_add_string(Slapi_Entry *e, const char *type, const char *value)
+{
+ Slapi_Value val;
+
+ val.bv_val = (char *)value;
+ val.bv_len = strlen( value );
+
+ return slapi_entry_add_value( e, type, &val );
+}
+
+int
+slapi_entry_delete_string(Slapi_Entry *e, const char *type, const char *value)
+{
+ Slapi_Value *vals[2];
+ Slapi_Value val;
+
+ val.bv_val = (char *)value;
+ val.bv_len = strlen( value );
+ vals[0] = &val;
+ vals[1] = NULL;
+
+ return slapi_entry_delete_values_sv( e, type, vals );
+}
+
+int
+slapi_entry_attr_merge_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals )
+{
+ return slapi_entry_attr_merge( e, (char *)type, vals );
+}
+
+int
+slapi_entry_first_attr( const Slapi_Entry *e, Slapi_Attr **attr )
+{
+ if ( e == NULL ) {
+ return -1;
+ }
+
+ *attr = e->e_attrs;
+
+ return ( *attr != NULL ) ? 0 : -1;
+}
+
+int
+slapi_entry_next_attr( const Slapi_Entry *e, Slapi_Attr *prevattr, Slapi_Attr **attr )
+{
+ if ( e == NULL ) {
+ return -1;
+ }
+
+ if ( prevattr == NULL ) {
+ return -1;
+ }
+
+ *attr = prevattr->a_next;
+
+ return ( *attr != NULL ) ? 0 : -1;
+}
+
+int
+slapi_entry_attr_replace_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals )
+{
+ AttributeDescription *ad = NULL;
+ const char *text;
+ int rc;
+ BerVarray bv;
+
+ rc = slap_str2ad( type, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return 0;
+ }
+
+ attr_delete( &e->e_attrs, ad );
+
+ rc = bvptr2obj( vals, &bv );
+ if ( rc != LDAP_SUCCESS ) {
+ return -1;
+ }
+
+ rc = attr_merge_normalize( e, ad, bv, NULL );
+ slapi_ch_free( (void **)&bv );
+ if ( rc != LDAP_SUCCESS ) {
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * FIXME -- The caller must free the allocated memory.
+ * In Netscape they do not have to.
+ */
+int
+slapi_attr_get_values(
+ Slapi_Attr *attr,
+ struct berval ***vals )
+{
+ int i, j;
+ struct berval **bv;
+
+ if ( attr == NULL ) {
+ return 1;
+ }
+
+ for ( i = 0; attr->a_vals[i].bv_val != NULL; i++ ) {
+ ; /* EMPTY */
+ }
+
+ bv = (struct berval **)ch_malloc( (i + 1) * sizeof(struct berval *) );
+ for ( j = 0; j < i; j++ ) {
+ bv[j] = ber_dupbv( NULL, &attr->a_vals[j] );
+ }
+ bv[j] = NULL;
+
+ *vals = (struct berval **)bv;
+
+ return 0;
+}
+
+char *
+slapi_dn_normalize( char *dn )
+{
+ struct berval bdn;
+ struct berval pdn;
+
+ assert( dn != NULL );
+
+ bdn.bv_val = dn;
+ bdn.bv_len = strlen( dn );
+
+ if ( slapi_int_dn_pretty( &bdn, &pdn ) != LDAP_SUCCESS ) {
+ return NULL;
+ }
+
+ return pdn.bv_val;
+}
+
+char *
+slapi_dn_normalize_case( char *dn )
+{
+ struct berval bdn;
+ struct berval ndn;
+
+ assert( dn != NULL );
+
+ bdn.bv_val = dn;
+ bdn.bv_len = strlen( dn );
+
+ if ( slapi_int_dn_normalize( &bdn, &ndn ) != LDAP_SUCCESS ) {
+ return NULL;
+ }
+
+ return ndn.bv_val;
+}
+
+int
+slapi_dn_issuffix(
+ char *dn,
+ char *suffix )
+{
+ struct berval bdn, ndn;
+ struct berval bsuffix, nsuffix;
+ int rc;
+
+ assert( dn != NULL );
+ assert( suffix != NULL );
+
+ bdn.bv_val = dn;
+ bdn.bv_len = strlen( dn );
+
+ bsuffix.bv_val = suffix;
+ bsuffix.bv_len = strlen( suffix );
+
+ if ( dnNormalize( 0, NULL, NULL, &bdn, &ndn, NULL ) != LDAP_SUCCESS ) {
+ return 0;
+ }
+
+ if ( dnNormalize( 0, NULL, NULL, &bsuffix, &nsuffix, NULL )
+ != LDAP_SUCCESS )
+ {
+ slapi_ch_free( (void **)&ndn.bv_val );
+ return 0;
+ }
+
+ rc = dnIsSuffix( &ndn, &nsuffix );
+
+ slapi_ch_free( (void **)&ndn.bv_val );
+ slapi_ch_free( (void **)&nsuffix.bv_val );
+
+ return rc;
+}
+
+int
+slapi_dn_isparent(
+ const char *parentdn,
+ const char *childdn )
+{
+ struct berval assertedParentDN, normalizedAssertedParentDN;
+ struct berval childDN, normalizedChildDN;
+ struct berval normalizedParentDN;
+ int match;
+
+ assert( parentdn != NULL );
+ assert( childdn != NULL );
+
+ assertedParentDN.bv_val = (char *)parentdn;
+ assertedParentDN.bv_len = strlen( parentdn );
+
+ if ( dnNormalize( 0, NULL, NULL, &assertedParentDN,
+ &normalizedAssertedParentDN, NULL ) != LDAP_SUCCESS )
+ {
+ return 0;
+ }
+
+ childDN.bv_val = (char *)childdn;
+ childDN.bv_len = strlen( childdn );
+
+ if ( dnNormalize( 0, NULL, NULL, &childDN,
+ &normalizedChildDN, NULL ) != LDAP_SUCCESS )
+ {
+ slapi_ch_free( (void **)&normalizedAssertedParentDN.bv_val );
+ return 0;
+ }
+
+ dnParent( &normalizedChildDN, &normalizedParentDN );
+
+ if ( dnMatch( &match, 0, slap_schema.si_syn_distinguishedName, NULL,
+ &normalizedParentDN, (void *)&normalizedAssertedParentDN ) != LDAP_SUCCESS )
+ {
+ match = -1;
+ }
+
+ slapi_ch_free( (void **)&normalizedAssertedParentDN.bv_val );
+ slapi_ch_free( (void **)&normalizedChildDN.bv_val );
+
+ return ( match == 0 );
+}
+
+/*
+ * Returns DN of the parent entry, or NULL if the DN is
+ * an empty string or NULL, or has no parent.
+ */
+char *
+slapi_dn_parent( const char *_dn )
+{
+ struct berval dn, prettyDN;
+ struct berval parentDN;
+ char *ret;
+
+ if ( _dn == NULL ) {
+ return NULL;
+ }
+
+ dn.bv_val = (char *)_dn;
+ dn.bv_len = strlen( _dn );
+
+ if ( dn.bv_len == 0 ) {
+ return NULL;
+ }
+
+ if ( dnPretty( NULL, &dn, &prettyDN, NULL ) != LDAP_SUCCESS ) {
+ return NULL;
+ }
+
+ dnParent( &prettyDN, &parentDN ); /* in-place */
+
+ if ( parentDN.bv_len == 0 ) {
+ slapi_ch_free_string( &prettyDN.bv_val );
+ return NULL;
+ }
+
+ ret = slapi_ch_strdup( parentDN.bv_val );
+ slapi_ch_free_string( &prettyDN.bv_val );
+
+ return ret;
+}
+
+int slapi_dn_isbesuffix( Slapi_PBlock *pb, char *ldn )
+{
+ struct berval ndn;
+ Backend *be;
+
+ if ( slapi_is_rootdse( ldn ) ) {
+ return 0;
+ }
+
+ /* according to spec should already be normalized */
+ ndn.bv_len = strlen( ldn );
+ ndn.bv_val = ldn;
+
+ be = select_backend( &pb->pb_op->o_req_ndn, 0, 0 );
+ if ( be == NULL ) {
+ return 0;
+ }
+
+ return be_issuffix( be, &ndn );
+}
+
+/*
+ * Returns DN of the parent entry; or NULL if the DN is
+ * an empty string, if the DN has no parent, or if the
+ * DN is the suffix of the backend database
+ */
+char *slapi_dn_beparent( Slapi_PBlock *pb, const char *ldn )
+{
+ Backend *be;
+ struct berval dn, prettyDN;
+ struct berval normalizedDN, parentDN;
+ char *parent = NULL;
+
+ if ( pb == NULL ) {
+ return NULL;
+ }
+
+ PBLOCK_ASSERT_OP( pb, 0 );
+
+ if ( slapi_is_rootdse( ldn ) ) {
+ return NULL;
+ }
+
+ dn.bv_val = (char *)ldn;
+ dn.bv_len = strlen( ldn );
+
+ if ( dnPrettyNormal( NULL, &dn, &prettyDN, &normalizedDN, NULL ) != LDAP_SUCCESS ) {
+ return NULL;
+ }
+
+ be = select_backend( &pb->pb_op->o_req_ndn, 0, 0 );
+
+ if ( be == NULL || be_issuffix( be, &normalizedDN ) == 0 ) {
+ dnParent( &prettyDN, &parentDN );
+
+ if ( parentDN.bv_len != 0 )
+ parent = slapi_ch_strdup( parentDN.bv_val );
+ }
+
+ slapi_ch_free_string( &prettyDN.bv_val );
+ slapi_ch_free_string( &normalizedDN.bv_val );
+
+ return parent;
+}
+
+char *
+slapi_dn_ignore_case( char *dn )
+{
+ return slapi_dn_normalize_case( dn );
+}
+
+char *
+slapi_ch_malloc( unsigned long size )
+{
+ return ch_malloc( size );
+}
+
+void
+slapi_ch_free( void **ptr )
+{
+ if ( ptr == NULL || *ptr == NULL )
+ return;
+ ch_free( *ptr );
+ *ptr = NULL;
+}
+
+void
+slapi_ch_free_string( char **ptr )
+{
+ slapi_ch_free( (void **)ptr );
+}
+
+void
+slapi_ch_array_free( char **arrayp )
+{
+ char **p;
+
+ if ( arrayp != NULL ) {
+ for ( p = arrayp; *p != NULL; p++ ) {
+ slapi_ch_free( (void **)p );
+ }
+ slapi_ch_free( (void **)&arrayp );
+ }
+}
+
+struct berval *
+slapi_ch_bvdup(const struct berval *v)
+{
+ struct berval *bv;
+
+ bv = (struct berval *) slapi_ch_malloc( sizeof(struct berval) );
+ bv->bv_len = v->bv_len;
+ bv->bv_val = slapi_ch_malloc( bv->bv_len );
+ AC_MEMCPY( bv->bv_val, v->bv_val, bv->bv_len );
+
+ return bv;
+}
+
+struct berval **
+slapi_ch_bvecdup(const struct berval **v)
+{
+ int i;
+ struct berval **rv;
+
+ if ( v == NULL ) {
+ return NULL;
+ }
+
+ for ( i = 0; v[i] != NULL; i++ )
+ ;
+
+ rv = (struct berval **) slapi_ch_malloc( (i + 1) * sizeof(struct berval *) );
+
+ for ( i = 0; v[i] != NULL; i++ ) {
+ rv[i] = slapi_ch_bvdup( v[i] );
+ }
+ rv[i] = NULL;
+
+ return rv;
+}
+
+char *
+slapi_ch_calloc(
+ unsigned long nelem,
+ unsigned long size )
+{
+ return ch_calloc( nelem, size );
+}
+
+char *
+slapi_ch_realloc(
+ char *block,
+ unsigned long size )
+{
+ return ch_realloc( block, size );
+}
+
+char *
+slapi_ch_strdup( const char *s )
+{
+ return ch_strdup( s );
+}
+
+size_t
+slapi_ch_stlen( const char *s )
+{
+ return strlen( s );
+}
+
+int
+slapi_control_present(
+ LDAPControl **controls,
+ char *oid,
+ struct berval **val,
+ int *iscritical )
+{
+ int i;
+ int rc = 0;
+
+ if ( val ) {
+ *val = NULL;
+ }
+
+ if ( iscritical ) {
+ *iscritical = 0;
+ }
+
+ for ( i = 0; controls != NULL && controls[i] != NULL; i++ ) {
+ if ( strcmp( controls[i]->ldctl_oid, oid ) != 0 ) {
+ continue;
+ }
+
+ rc = 1;
+ if ( controls[i]->ldctl_value.bv_len != 0 ) {
+ if ( val ) {
+ *val = &controls[i]->ldctl_value;
+ }
+ }
+
+ if ( iscritical ) {
+ *iscritical = controls[i]->ldctl_iscritical;
+ }
+
+ break;
+ }
+
+ return rc;
+}
+
+static void
+slapControlMask2SlapiControlOp(slap_mask_t slap_mask,
+ unsigned long *slapi_mask)
+{
+ *slapi_mask = SLAPI_OPERATION_NONE;
+
+ if ( slap_mask & SLAP_CTRL_ABANDON )
+ *slapi_mask |= SLAPI_OPERATION_ABANDON;
+
+ if ( slap_mask & SLAP_CTRL_ADD )
+ *slapi_mask |= SLAPI_OPERATION_ADD;
+
+ if ( slap_mask & SLAP_CTRL_BIND )
+ *slapi_mask |= SLAPI_OPERATION_BIND;
+
+ if ( slap_mask & SLAP_CTRL_COMPARE )
+ *slapi_mask |= SLAPI_OPERATION_COMPARE;
+
+ if ( slap_mask & SLAP_CTRL_DELETE )
+ *slapi_mask |= SLAPI_OPERATION_DELETE;
+
+ if ( slap_mask & SLAP_CTRL_MODIFY )
+ *slapi_mask |= SLAPI_OPERATION_MODIFY;
+
+ if ( slap_mask & SLAP_CTRL_RENAME )
+ *slapi_mask |= SLAPI_OPERATION_MODDN;
+
+ if ( slap_mask & SLAP_CTRL_SEARCH )
+ *slapi_mask |= SLAPI_OPERATION_SEARCH;
+
+ if ( slap_mask & SLAP_CTRL_UNBIND )
+ *slapi_mask |= SLAPI_OPERATION_UNBIND;
+}
+
+static void
+slapiControlOp2SlapControlMask(unsigned long slapi_mask,
+ slap_mask_t *slap_mask)
+{
+ *slap_mask = 0;
+
+ if ( slapi_mask & SLAPI_OPERATION_BIND )
+ *slap_mask |= SLAP_CTRL_BIND;
+
+ if ( slapi_mask & SLAPI_OPERATION_UNBIND )
+ *slap_mask |= SLAP_CTRL_UNBIND;
+
+ if ( slapi_mask & SLAPI_OPERATION_SEARCH )
+ *slap_mask |= SLAP_CTRL_SEARCH;
+
+ if ( slapi_mask & SLAPI_OPERATION_MODIFY )
+ *slap_mask |= SLAP_CTRL_MODIFY;
+
+ if ( slapi_mask & SLAPI_OPERATION_ADD )
+ *slap_mask |= SLAP_CTRL_ADD;
+
+ if ( slapi_mask & SLAPI_OPERATION_DELETE )
+ *slap_mask |= SLAP_CTRL_DELETE;
+
+ if ( slapi_mask & SLAPI_OPERATION_MODDN )
+ *slap_mask |= SLAP_CTRL_RENAME;
+
+ if ( slapi_mask & SLAPI_OPERATION_COMPARE )
+ *slap_mask |= SLAP_CTRL_COMPARE;
+
+ if ( slapi_mask & SLAPI_OPERATION_ABANDON )
+ *slap_mask |= SLAP_CTRL_ABANDON;
+
+ *slap_mask |= SLAP_CTRL_GLOBAL;
+}
+
+static int
+slapi_int_parse_control(
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ /* Plugins must deal with controls themselves. */
+
+ return LDAP_SUCCESS;
+}
+
+void
+slapi_register_supported_control(
+ char *controloid,
+ unsigned long controlops )
+{
+ slap_mask_t controlmask;
+
+ slapiControlOp2SlapControlMask( controlops, &controlmask );
+
+ register_supported_control( controloid, controlmask, NULL, slapi_int_parse_control, NULL );
+}
+
+int
+slapi_get_supported_controls(
+ char ***ctrloidsp,
+ unsigned long **ctrlopsp )
+{
+ int i, rc;
+
+ rc = get_supported_controls( ctrloidsp, (slap_mask_t **)ctrlopsp );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ for ( i = 0; (*ctrloidsp)[i] != NULL; i++ ) {
+ /* In place, naughty. */
+ slapControlMask2SlapiControlOp( (*ctrlopsp)[i], &((*ctrlopsp)[i]) );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+LDAPControl *
+slapi_dup_control( LDAPControl *ctrl )
+{
+ LDAPControl *ret;
+
+ ret = (LDAPControl *)slapi_ch_malloc( sizeof(*ret) );
+ ret->ldctl_oid = slapi_ch_strdup( ctrl->ldctl_oid );
+ ber_dupbv( &ret->ldctl_value, &ctrl->ldctl_value );
+ ret->ldctl_iscritical = ctrl->ldctl_iscritical;
+
+ return ret;
+}
+
+void
+slapi_register_supported_saslmechanism( char *mechanism )
+{
+ /* FIXME -- can not add saslmechanism to OpenLDAP dynamically */
+ slapi_log_error( SLAPI_LOG_FATAL, "slapi_register_supported_saslmechanism",
+ "OpenLDAP does not support dynamic registration of SASL mechanisms\n" );
+}
+
+char **
+slapi_get_supported_saslmechanisms( void )
+{
+ /* FIXME -- can not get the saslmechanism without a connection. */
+ slapi_log_error( SLAPI_LOG_FATAL, "slapi_get_supported_saslmechanisms",
+ "can not get the SASL mechanism list "
+ "without a connection\n" );
+ return NULL;
+}
+
+char **
+slapi_get_supported_extended_ops( void )
+{
+ int i, j, k;
+ char **ppExtOpOID = NULL;
+ int numExtOps = 0;
+
+ for ( i = 0; get_supported_extop( i ) != NULL; i++ ) {
+ ;
+ }
+
+ for ( j = 0; slapi_int_get_supported_extop( j ) != NULL; j++ ) {
+ ;
+ }
+
+ numExtOps = i + j;
+ if ( numExtOps == 0 ) {
+ return NULL;
+ }
+
+ ppExtOpOID = (char **)slapi_ch_malloc( (numExtOps + 1) * sizeof(char *) );
+ for ( k = 0; k < i; k++ ) {
+ struct berval *bv;
+
+ bv = get_supported_extop( k );
+ assert( bv != NULL );
+
+ ppExtOpOID[ k ] = bv->bv_val;
+ }
+
+ for ( ; k < j; k++ ) {
+ struct berval *bv;
+
+ bv = slapi_int_get_supported_extop( k );
+ assert( bv != NULL );
+
+ ppExtOpOID[ i + k ] = bv->bv_val;
+ }
+ ppExtOpOID[ i + k ] = NULL;
+
+ return ppExtOpOID;
+}
+
+void
+slapi_send_ldap_result(
+ Slapi_PBlock *pb,
+ int err,
+ char *matched,
+ char *text,
+ int nentries,
+ struct berval **urls )
+{
+ SlapReply *rs;
+
+ PBLOCK_ASSERT_OP( pb, 0 );
+
+ rs = pb->pb_rs;
+
+ rs->sr_err = err;
+ rs->sr_matched = matched;
+ rs->sr_text = text;
+ rs->sr_ref = NULL;
+
+ if ( err == LDAP_SASL_BIND_IN_PROGRESS ) {
+ send_ldap_sasl( pb->pb_op, rs );
+ } else if ( rs->sr_rspoid != NULL ) {
+ send_ldap_extended( pb->pb_op, rs );
+ } else {
+ if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
+ rs->sr_nentries = nentries;
+
+ send_ldap_result( pb->pb_op, rs );
+ }
+}
+
+int
+slapi_send_ldap_search_entry(
+ Slapi_PBlock *pb,
+ Slapi_Entry *e,
+ LDAPControl **ectrls,
+ char **attrs,
+ int attrsonly )
+{
+ SlapReply rs = { REP_SEARCH };
+ int i = 0;
+ AttributeName *an = NULL;
+ const char *text;
+ int rc;
+
+ assert( pb->pb_op != NULL );
+
+ if ( attrs != NULL ) {
+ for ( i = 0; attrs[ i ] != NULL; i++ ) {
+ ; /* empty */
+ }
+ }
+
+ if ( i ) {
+ an = (AttributeName *) slapi_ch_malloc( (i+1) * sizeof(AttributeName) );
+ for ( i = 0; attrs[i] != NULL; i++ ) {
+ an[i].an_name.bv_val = attrs[i];
+ an[i].an_name.bv_len = strlen( attrs[i] );
+ an[i].an_desc = NULL;
+ rs.sr_err = slap_bv2ad( &an[i].an_name, &an[i].an_desc, &text );
+ if ( rs.sr_err != LDAP_SUCCESS) {
+ slapi_ch_free( (void **)&an );
+ return -1;
+ }
+ }
+ an[i].an_name.bv_len = 0;
+ an[i].an_name.bv_val = NULL;
+ }
+
+ rs.sr_err = LDAP_SUCCESS;
+ rs.sr_matched = NULL;
+ rs.sr_text = NULL;
+ rs.sr_ref = NULL;
+ rs.sr_ctrls = ectrls;
+ rs.sr_attrs = an;
+ rs.sr_operational_attrs = NULL;
+ rs.sr_entry = e;
+ rs.sr_v2ref = NULL;
+ rs.sr_flags = 0;
+
+ rc = send_search_entry( pb->pb_op, &rs );
+
+ slapi_ch_free( (void **)&an );
+
+ return rc;
+}
+
+int
+slapi_send_ldap_search_reference(
+ Slapi_PBlock *pb,
+ Slapi_Entry *e,
+ struct berval **references,
+ LDAPControl **ectrls,
+ struct berval **v2refs
+ )
+{
+ SlapReply rs = { REP_SEARCHREF };
+ int rc;
+
+ rs.sr_err = LDAP_SUCCESS;
+ rs.sr_matched = NULL;
+ rs.sr_text = NULL;
+
+ rc = bvptr2obj( references, &rs.sr_ref );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ rs.sr_ctrls = ectrls;
+ rs.sr_attrs = NULL;
+ rs.sr_operational_attrs = NULL;
+ rs.sr_entry = e;
+
+ if ( v2refs != NULL ) {
+ rc = bvptr2obj( v2refs, &rs.sr_v2ref );
+ if ( rc != LDAP_SUCCESS ) {
+ slapi_ch_free( (void **)&rs.sr_ref );
+ return rc;
+ }
+ } else {
+ rs.sr_v2ref = NULL;
+ }
+
+ rc = send_search_reference( pb->pb_op, &rs );
+
+ slapi_ch_free( (void **)&rs.sr_ref );
+ slapi_ch_free( (void **)&rs.sr_v2ref );
+
+ return rc;
+}
+
+Slapi_Filter *
+slapi_str2filter( char *str )
+{
+ return str2filter( str );
+}
+
+void
+slapi_filter_free(
+ Slapi_Filter *f,
+ int recurse )
+{
+ filter_free( f );
+}
+
+Slapi_Filter *
+slapi_filter_dup( Slapi_Filter *filter )
+{
+ return filter_dup( filter, NULL );
+}
+
+int
+slapi_filter_get_choice( Slapi_Filter *f )
+{
+ int rc;
+
+ if ( f != NULL ) {
+ rc = f->f_choice;
+ } else {
+ rc = 0;
+ }
+
+ return rc;
+}
+
+int
+slapi_filter_get_ava(
+ Slapi_Filter *f,
+ char **type,
+ struct berval **bval )
+{
+ int ftype;
+ int rc = LDAP_SUCCESS;
+
+ assert( type != NULL );
+ assert( bval != NULL );
+
+ *type = NULL;
+ *bval = NULL;
+
+ ftype = f->f_choice;
+ if ( ftype == LDAP_FILTER_EQUALITY
+ || ftype == LDAP_FILTER_GE
+ || ftype == LDAP_FILTER_LE
+ || ftype == LDAP_FILTER_APPROX ) {
+ /*
+ * According to the SLAPI Reference Manual these are
+ * not duplicated.
+ */
+ *type = f->f_un.f_un_ava->aa_desc->ad_cname.bv_val;
+ *bval = &f->f_un.f_un_ava->aa_value;
+ } else { /* filter type not supported */
+ rc = -1;
+ }
+
+ return rc;
+}
+
+Slapi_Filter *
+slapi_filter_list_first( Slapi_Filter *f )
+{
+ int ftype;
+
+ if ( f == NULL ) {
+ return NULL;
+ }
+
+ ftype = f->f_choice;
+ if ( ftype == LDAP_FILTER_AND
+ || ftype == LDAP_FILTER_OR
+ || ftype == LDAP_FILTER_NOT ) {
+ return (Slapi_Filter *)f->f_list;
+ } else {
+ return NULL;
+ }
+}
+
+Slapi_Filter *
+slapi_filter_list_next(
+ Slapi_Filter *f,
+ Slapi_Filter *fprev )
+{
+ int ftype;
+
+ if ( f == NULL ) {
+ return NULL;
+ }
+
+ ftype = f->f_choice;
+ if ( ftype == LDAP_FILTER_AND
+ || ftype == LDAP_FILTER_OR
+ || ftype == LDAP_FILTER_NOT )
+ {
+ return fprev->f_next;
+ }
+
+ return NULL;
+}
+
+int
+slapi_filter_get_attribute_type( Slapi_Filter *f, char **type )
+{
+ if ( f == NULL ) {
+ return -1;
+ }
+
+ switch ( f->f_choice ) {
+ case LDAP_FILTER_GE:
+ case LDAP_FILTER_LE:
+ case LDAP_FILTER_EQUALITY:
+ case LDAP_FILTER_APPROX:
+ *type = f->f_av_desc->ad_cname.bv_val;
+ break;
+ case LDAP_FILTER_SUBSTRINGS:
+ *type = f->f_sub_desc->ad_cname.bv_val;
+ break;
+ case LDAP_FILTER_PRESENT:
+ *type = f->f_desc->ad_cname.bv_val;
+ break;
+ case LDAP_FILTER_EXT:
+ *type = f->f_mr_desc->ad_cname.bv_val;
+ break;
+ default:
+ /* Complex filters need not apply. */
+ *type = NULL;
+ return -1;
+ }
+
+ return 0;
+}
+
+int
+slapi_x_filter_set_attribute_type( Slapi_Filter *f, const char *type )
+{
+ AttributeDescription **adp, *ad = NULL;
+ const char *text;
+ int rc;
+
+ if ( f == NULL ) {
+ return -1;
+ }
+
+ switch ( f->f_choice ) {
+ case LDAP_FILTER_GE:
+ case LDAP_FILTER_LE:
+ case LDAP_FILTER_EQUALITY:
+ case LDAP_FILTER_APPROX:
+ adp = &f->f_av_desc;
+ break;
+ case LDAP_FILTER_SUBSTRINGS:
+ adp = &f->f_sub_desc;
+ break;
+ case LDAP_FILTER_PRESENT:
+ adp = &f->f_desc;
+ break;
+ case LDAP_FILTER_EXT:
+ adp = &f->f_mr_desc;
+ break;
+ default:
+ /* Complex filters need not apply. */
+ return -1;
+ }
+
+ rc = slap_str2ad( type, &ad, &text );
+ if ( rc == LDAP_SUCCESS )
+ *adp = ad;
+
+ return ( rc == LDAP_SUCCESS ) ? 0 : -1;
+}
+
+int
+slapi_filter_get_subfilt( Slapi_Filter *f, char **type, char **initial,
+ char ***any, char **final )
+{
+ int i;
+
+ if ( f->f_choice != LDAP_FILTER_SUBSTRINGS ) {
+ return -1;
+ }
+
+ /*
+ * The caller shouldn't free but we can't return an
+ * array of char *s from an array of bervals without
+ * allocating memory, so we may as well be consistent.
+ * XXX
+ */
+ *type = f->f_sub_desc->ad_cname.bv_val;
+ *initial = f->f_sub_initial.bv_val ? slapi_ch_strdup(f->f_sub_initial.bv_val) : NULL;
+ if ( f->f_sub_any != NULL ) {
+ for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ )
+ ;
+ *any = (char **)slapi_ch_malloc( (i + 1) * sizeof(char *) );
+ for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
+ (*any)[i] = slapi_ch_strdup(f->f_sub_any[i].bv_val);
+ }
+ (*any)[i] = NULL;
+ } else {
+ *any = NULL;
+ }
+ *final = f->f_sub_final.bv_val ? slapi_ch_strdup(f->f_sub_final.bv_val) : NULL;
+
+ return 0;
+}
+
+Slapi_Filter *
+slapi_filter_join( int ftype, Slapi_Filter *f1, Slapi_Filter *f2 )
+{
+ Slapi_Filter *f = NULL;
+
+ if ( ftype == LDAP_FILTER_AND ||
+ ftype == LDAP_FILTER_OR ||
+ ftype == LDAP_FILTER_NOT )
+ {
+ f = (Slapi_Filter *)slapi_ch_malloc( sizeof(*f) );
+ f->f_choice = ftype;
+ f->f_list = f1;
+ f->f_list->f_next = f2;
+ f->f_next = NULL;
+ }
+
+ return f;
+}
+
+int
+slapi_x_filter_append( int ftype,
+ Slapi_Filter **pContainingFilter, /* NULL on first call */
+ Slapi_Filter **pNextFilter,
+ Slapi_Filter *filterToAppend )
+{
+ if ( ftype == LDAP_FILTER_AND ||
+ ftype == LDAP_FILTER_OR ||
+ ftype == LDAP_FILTER_NOT )
+ {
+ if ( *pContainingFilter == NULL ) {
+ *pContainingFilter = (Slapi_Filter *)slapi_ch_malloc( sizeof(Slapi_Filter) );
+ (*pContainingFilter)->f_choice = ftype;
+ (*pContainingFilter)->f_list = filterToAppend;
+ (*pContainingFilter)->f_next = NULL;
+ } else {
+ if ( (*pContainingFilter)->f_choice != ftype ) {
+ /* Sanity check */
+ return -1;
+ }
+ (*pNextFilter)->f_next = filterToAppend;
+ }
+ *pNextFilter = filterToAppend;
+
+ return 0;
+ }
+ return -1;
+}
+
+int
+slapi_filter_test( Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Filter *f,
+ int verify_access )
+{
+ Operation *op;
+ int rc;
+
+ if ( f == NULL ) {
+ /* spec says return zero if no filter. */
+ return 0;
+ }
+
+ if ( verify_access ) {
+ op = pb->pb_op;
+ if ( op == NULL )
+ return LDAP_PARAM_ERROR;
+ } else {
+ op = NULL;
+ }
+
+ /*
+ * According to acl.c it is safe to call test_filter() with
+ * NULL arguments...
+ */
+ rc = test_filter( op, e, f );
+ switch (rc) {
+ case LDAP_COMPARE_TRUE:
+ rc = 0;
+ break;
+ case LDAP_COMPARE_FALSE:
+ break;
+ case SLAPD_COMPARE_UNDEFINED:
+ rc = LDAP_OTHER;
+ break;
+ case LDAP_PROTOCOL_ERROR:
+ /* filter type unknown: spec says return -1 */
+ rc = -1;
+ break;
+ }
+
+ return rc;
+}
+
+int
+slapi_filter_test_simple( Slapi_Entry *e, Slapi_Filter *f)
+{
+ return slapi_filter_test( NULL, e, f, 0 );
+}
+
+int
+slapi_filter_apply( Slapi_Filter *f, FILTER_APPLY_FN fn, void *arg, int *error_code )
+{
+ switch ( f->f_choice ) {
+ case LDAP_FILTER_AND:
+ case LDAP_FILTER_NOT:
+ case LDAP_FILTER_OR: {
+ int rc;
+
+ /*
+ * FIXME: altering f; should we use a temporary?
+ */
+ for ( f = f->f_list; f != NULL; f = f->f_next ) {
+ rc = slapi_filter_apply( f, fn, arg, error_code );
+ if ( rc != 0 ) {
+ return rc;
+ }
+ if ( *error_code == SLAPI_FILTER_SCAN_NOMORE ) {
+ break;
+ }
+ }
+ break;
+ }
+ case LDAP_FILTER_EQUALITY:
+ case LDAP_FILTER_SUBSTRINGS:
+ case LDAP_FILTER_GE:
+ case LDAP_FILTER_LE:
+ case LDAP_FILTER_PRESENT:
+ case LDAP_FILTER_APPROX:
+ case LDAP_FILTER_EXT:
+ *error_code = fn( f, arg );
+ break;
+ default:
+ *error_code = SLAPI_FILTER_UNKNOWN_FILTER_TYPE;
+ }
+
+ if ( *error_code == SLAPI_FILTER_SCAN_NOMORE ||
+ *error_code == SLAPI_FILTER_SCAN_CONTINUE ) {
+ return 0;
+ }
+
+ return -1;
+}
+
+int
+slapi_pw_find(
+ struct berval **vals,
+ struct berval *v )
+{
+ /*
+ * FIXME: what's the point?
+ */
+ return 1;
+}
+
+#define MAX_HOSTNAME 512
+
+char *
+slapi_get_hostname( void )
+{
+ char *hn = NULL;
+ static int been_here = 0;
+ static char *static_hn = NULL;
+
+ ldap_pvt_thread_mutex_lock( &slapi_hn_mutex );
+ if ( !been_here ) {
+ static_hn = (char *)slapi_ch_malloc( MAX_HOSTNAME );
+ if ( static_hn == NULL) {
+ slapi_log_error( SLAPI_LOG_FATAL, "slapi_get_hostname",
+ "Cannot allocate memory for hostname\n" );
+ static_hn = NULL;
+ ldap_pvt_thread_mutex_unlock( &slapi_hn_mutex );
+
+ return hn;
+
+ } else {
+ if ( gethostname( static_hn, MAX_HOSTNAME ) != 0 ) {
+ slapi_log_error( SLAPI_LOG_FATAL,
+ "SLAPI",
+ "can't get hostname\n" );
+ slapi_ch_free( (void **)&static_hn );
+ static_hn = NULL;
+ ldap_pvt_thread_mutex_unlock( &slapi_hn_mutex );
+
+ return hn;
+
+ } else {
+ been_here = 1;
+ }
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &slapi_hn_mutex );
+
+ hn = ch_strdup( static_hn );
+
+ return hn;
+}
+
+/*
+ * FIXME: this should go in an appropriate header ...
+ */
+extern int slapi_int_log_error( int level, char *subsystem, char *fmt, va_list arglist );
+
+int
+slapi_log_error(
+ int severity,
+ char *subsystem,
+ char *fmt,
+ ... )
+{
+ int rc = LDAP_SUCCESS;
+ va_list arglist;
+
+ va_start( arglist, fmt );
+ rc = slapi_int_log_error( severity, subsystem, fmt, arglist );
+ va_end( arglist );
+
+ return rc;
+}
+
+
+unsigned long
+slapi_timer_current_time( void )
+{
+ static int first_time = 1;
+#if !defined (_WIN32)
+ struct timeval now;
+ unsigned long ret;
+
+ ldap_pvt_thread_mutex_lock( &slapi_time_mutex );
+ if (first_time) {
+ first_time = 0;
+ gettimeofday( &base_time, NULL );
+ }
+ gettimeofday( &now, NULL );
+ ret = ( now.tv_sec - base_time.tv_sec ) * 1000000 +
+ (now.tv_usec - base_time.tv_usec);
+ ldap_pvt_thread_mutex_unlock( &slapi_time_mutex );
+
+ return ret;
+
+ /*
+ * Ain't it better?
+ return (slap_get_time() - starttime) * 1000000;
+ */
+#else /* _WIN32 */
+ LARGE_INTEGER now;
+
+ if ( first_time ) {
+ first_time = 0;
+ performance_counter_present = QueryPerformanceCounter( &base_time );
+ QueryPerformanceFrequency( &performance_freq );
+ }
+
+ if ( !performance_counter_present )
+ return 0;
+
+ QueryPerformanceCounter( &now );
+ return (1000000*(now.QuadPart-base_time.QuadPart))/performance_freq.QuadPart;
+#endif /* _WIN32 */
+}
+
+/*
+ * FIXME ?
+ */
+unsigned long
+slapi_timer_get_time( char *label )
+{
+ unsigned long start = slapi_timer_current_time();
+ printf("%10ld %10d usec %s\n", start, 0, label);
+ return start;
+}
+
+/*
+ * FIXME ?
+ */
+void
+slapi_timer_elapsed_time(
+ char *label,
+ unsigned long start )
+{
+ unsigned long stop = slapi_timer_current_time();
+ printf ("%10ld %10ld usec %s\n", stop, stop - start, label);
+}
+
+void
+slapi_free_search_results_internal( Slapi_PBlock *pb )
+{
+ Slapi_Entry **entries;
+ int k = 0, nEnt = 0;
+
+ slapi_pblock_get( pb, SLAPI_NENTRIES, &nEnt );
+ slapi_pblock_get( pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries );
+ if ( nEnt == 0 || entries == NULL ) {
+ return;
+ }
+
+ for ( k = 0; k < nEnt; k++ ) {
+ slapi_entry_free( entries[k] );
+ entries[k] = NULL;
+ }
+
+ slapi_ch_free( (void **)&entries );
+}
+
+int slapi_is_connection_ssl( Slapi_PBlock *pb, int *isSSL )
+{
+ if ( pb == NULL )
+ return LDAP_PARAM_ERROR;
+
+ if ( pb->pb_conn == NULL )
+ return LDAP_PARAM_ERROR;
+
+#ifdef HAVE_TLS
+ *isSSL = pb->pb_conn->c_is_tls;
+#else
+ *isSSL = 0;
+#endif
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * DS 5.x compatability API follow
+ */
+
+int slapi_attr_get_flags( const Slapi_Attr *attr, unsigned long *flags )
+{
+ AttributeType *at;
+
+ if ( attr == NULL )
+ return LDAP_PARAM_ERROR;
+
+ at = attr->a_desc->ad_type;
+
+ *flags = SLAPI_ATTR_FLAG_STD_ATTR;
+
+ if ( is_at_single_value( at ) )
+ *flags |= SLAPI_ATTR_FLAG_SINGLE;
+ if ( is_at_operational( at ) )
+ *flags |= SLAPI_ATTR_FLAG_OPATTR;
+ if ( is_at_obsolete( at ) )
+ *flags |= SLAPI_ATTR_FLAG_OBSOLETE;
+ if ( is_at_collective( at ) )
+ *flags |= SLAPI_ATTR_FLAG_COLLECTIVE;
+ if ( is_at_no_user_mod( at ) )
+ *flags |= SLAPI_ATTR_FLAG_NOUSERMOD;
+
+ return LDAP_SUCCESS;
+}
+
+int slapi_attr_flag_is_set( const Slapi_Attr *attr, unsigned long flag )
+{
+ unsigned long flags;
+
+ if ( slapi_attr_get_flags( attr, &flags ) != 0 )
+ return 0;
+ return (flags & flag) ? 1 : 0;
+}
+
+Slapi_Attr *slapi_attr_new( void )
+{
+ Attribute *ad;
+
+ ad = (Attribute *)slapi_ch_calloc( 1, sizeof(*ad) );
+
+ return ad;
+}
+
+Slapi_Attr *slapi_attr_init( Slapi_Attr *a, const char *type )
+{
+ const char *text;
+ AttributeDescription *ad = NULL;
+
+ if( slap_str2ad( type, &ad, &text ) != LDAP_SUCCESS ) {
+ return NULL;
+ }
+
+ a->a_desc = ad;
+ a->a_vals = NULL;
+ a->a_nvals = NULL;
+ a->a_next = NULL;
+ a->a_flags = 0;
+
+ return a;
+}
+
+void slapi_attr_free( Slapi_Attr **a )
+{
+ attr_free( *a );
+ *a = NULL;
+}
+
+Slapi_Attr *slapi_attr_dup( const Slapi_Attr *attr )
+{
+ return attr_dup( (Slapi_Attr *)attr );
+}
+
+int slapi_attr_add_value( Slapi_Attr *a, const Slapi_Value *v )
+{
+ struct berval nval;
+ struct berval *nvalp;
+ int rc;
+ AttributeDescription *desc = a->a_desc;
+
+ if ( desc->ad_type->sat_equality &&
+ desc->ad_type->sat_equality->smr_normalize ) {
+ rc = (*desc->ad_type->sat_equality->smr_normalize)(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ desc->ad_type->sat_syntax,
+ desc->ad_type->sat_equality,
+ (Slapi_Value *)v, &nval, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ nvalp = &nval;
+ } else {
+ nvalp = NULL;
+ }
+
+ rc = value_add_one( &a->a_vals, (Slapi_Value *)v );
+ if ( rc == 0 && nvalp != NULL ) {
+ rc = value_add_one( &a->a_nvals, nvalp );
+ } else {
+ a->a_nvals = a->a_vals;
+ }
+
+ if ( nvalp != NULL ) {
+ slapi_ch_free_string( &nval.bv_val );
+ }
+
+ return rc;
+}
+
+int slapi_attr_type2plugin( const char *type, void **pi )
+{
+ *pi = NULL;
+
+ return LDAP_OTHER;
+}
+
+int slapi_attr_get_type( const Slapi_Attr *attr, char **type )
+{
+ if ( attr == NULL ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ *type = attr->a_desc->ad_cname.bv_val;
+
+ return LDAP_SUCCESS;
+}
+
+int slapi_attr_get_oid_copy( const Slapi_Attr *attr, char **oidp )
+{
+ if ( attr == NULL ) {
+ return LDAP_PARAM_ERROR;
+ }
+ *oidp = attr->a_desc->ad_type->sat_oid;
+
+ return LDAP_SUCCESS;
+}
+
+int slapi_attr_value_cmp( const Slapi_Attr *a, const struct berval *v1, const struct berval *v2 )
+{
+ MatchingRule *mr;
+ int ret;
+ int rc;
+ const char *text;
+
+ mr = a->a_desc->ad_type->sat_equality;
+ rc = value_match( &ret, a->a_desc, mr,
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ (struct berval *)v1, (void *)v2, &text );
+ if ( rc != LDAP_SUCCESS )
+ return -1;
+
+ return ( ret == 0 ) ? 0 : -1;
+}
+
+int slapi_attr_value_find( const Slapi_Attr *a, struct berval *v )
+{
+ MatchingRule *mr;
+ struct berval *bv;
+ int j;
+ const char *text;
+ int rc;
+ int ret;
+
+ if ( a ->a_vals == NULL ) {
+ return -1;
+ }
+ mr = a->a_desc->ad_type->sat_equality;
+ for ( bv = a->a_vals, j = 0; bv->bv_val != NULL; bv++, j++ ) {
+ rc = value_match( &ret, a->a_desc, mr,
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, bv, v, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return -1;
+ }
+ if ( ret == 0 ) {
+ return 0;
+ }
+ }
+ return -1;
+}
+
+int slapi_attr_type_cmp( const char *t1, const char *t2, int opt )
+{
+ AttributeDescription *a1 = NULL;
+ AttributeDescription *a2 = NULL;
+ const char *text;
+ int ret;
+
+ if ( slap_str2ad( t1, &a1, &text ) != LDAP_SUCCESS ) {
+ return -1;
+ }
+
+ if ( slap_str2ad( t2, &a2, &text ) != LDAP_SUCCESS ) {
+ return 1;
+ }
+
+#define ad_base_cmp(l,r) (((l)->ad_type->sat_cname.bv_len < (r)->ad_type->sat_cname.bv_len) \
+ ? -1 : (((l)->ad_type->sat_cname.bv_len > (r)->ad_type->sat_cname.bv_len) \
+ ? 1 : strcasecmp((l)->ad_type->sat_cname.bv_val, (r)->ad_type->sat_cname.bv_val )))
+
+ switch ( opt ) {
+ case SLAPI_TYPE_CMP_EXACT:
+ ret = ad_cmp( a1, a2 );
+ break;
+ case SLAPI_TYPE_CMP_BASE:
+ ret = ad_base_cmp( a1, a2 );
+ break;
+ case SLAPI_TYPE_CMP_SUBTYPE:
+ ret = is_ad_subtype( a2, a2 );
+ break;
+ default:
+ ret = -1;
+ break;
+ }
+
+ return ret;
+}
+
+int slapi_attr_types_equivalent( const char *t1, const char *t2 )
+{
+ return ( slapi_attr_type_cmp( t1, t2, SLAPI_TYPE_CMP_EXACT ) == 0 );
+}
+
+int slapi_attr_first_value( Slapi_Attr *a, Slapi_Value **v )
+{
+ return slapi_valueset_first_value( &a->a_vals, v );
+}
+
+int slapi_attr_next_value( Slapi_Attr *a, int hint, Slapi_Value **v )
+{
+ return slapi_valueset_next_value( &a->a_vals, hint, v );
+}
+
+int slapi_attr_get_numvalues( const Slapi_Attr *a, int *numValues )
+{
+ *numValues = slapi_valueset_count( &a->a_vals );
+
+ return 0;
+}
+
+int slapi_attr_get_valueset( const Slapi_Attr *a, Slapi_ValueSet **vs )
+{
+ *vs = &((Slapi_Attr *)a)->a_vals;
+
+ return 0;
+}
+
+int slapi_attr_get_bervals_copy( Slapi_Attr *a, struct berval ***vals )
+{
+ return slapi_attr_get_values( a, vals );
+}
+
+char *slapi_attr_syntax_normalize( const char *s )
+{
+ AttributeDescription *ad = NULL;
+ const char *text;
+
+ if ( slap_str2ad( s, &ad, &text ) != LDAP_SUCCESS ) {
+ return NULL;
+ }
+
+ return ad->ad_cname.bv_val;
+}
+
+Slapi_Value *slapi_value_new( void )
+{
+ struct berval *bv;
+
+ bv = (struct berval *)slapi_ch_malloc( sizeof(*bv) );
+
+ return bv;
+}
+
+Slapi_Value *slapi_value_new_berval(const struct berval *bval)
+{
+ return ber_dupbv( NULL, (struct berval *)bval );
+}
+
+Slapi_Value *slapi_value_new_value(const Slapi_Value *v)
+{
+ return slapi_value_new_berval( v );
+}
+
+Slapi_Value *slapi_value_new_string(const char *s)
+{
+ struct berval bv;
+
+ bv.bv_val = (char *)s;
+ bv.bv_len = strlen( s );
+
+ return slapi_value_new_berval( &bv );
+}
+
+Slapi_Value *slapi_value_init(Slapi_Value *val)
+{
+ val->bv_val = NULL;
+ val->bv_len = 0;
+
+ return val;
+}
+
+Slapi_Value *slapi_value_init_berval(Slapi_Value *v, struct berval *bval)
+{
+ return ber_dupbv( v, bval );
+}
+
+Slapi_Value *slapi_value_init_string(Slapi_Value *v, const char *s)
+{
+ v->bv_val = slapi_ch_strdup( s );
+ v->bv_len = strlen( s );
+
+ return v;
+}
+
+Slapi_Value *slapi_value_dup(const Slapi_Value *v)
+{
+ return slapi_value_new_value( v );
+}
+
+void slapi_value_free(Slapi_Value **value)
+{
+ if ( value == NULL ) {
+ return;
+ }
+
+ if ( (*value) != NULL ) {
+ slapi_ch_free( (void **)&(*value)->bv_val );
+ slapi_ch_free( (void **)value );
+ }
+}
+
+const struct berval *slapi_value_get_berval( const Slapi_Value *value )
+{
+ return value;
+}
+
+Slapi_Value *slapi_value_set_berval( Slapi_Value *value, const struct berval *bval )
+{
+ if ( value == NULL ) {
+ return NULL;
+ }
+ if ( value->bv_val != NULL ) {
+ slapi_ch_free( (void **)&value->bv_val );
+ }
+ slapi_value_init_berval( value, (struct berval *)bval );
+
+ return value;
+}
+
+Slapi_Value *slapi_value_set_value( Slapi_Value *value, const Slapi_Value *vfrom)
+{
+ if ( value == NULL ) {
+ return NULL;
+ }
+ return slapi_value_set_berval( value, vfrom );
+}
+
+Slapi_Value *slapi_value_set( Slapi_Value *value, void *val, unsigned long len)
+{
+ if ( value == NULL ) {
+ return NULL;
+ }
+ if ( value->bv_val != NULL ) {
+ slapi_ch_free( (void **)&value->bv_val );
+ }
+ value->bv_val = slapi_ch_malloc( len );
+ value->bv_len = len;
+ AC_MEMCPY( value->bv_val, val, len );
+
+ return value;
+}
+
+int slapi_value_set_string(Slapi_Value *value, const char *strVal)
+{
+ if ( value == NULL ) {
+ return -1;
+ }
+ slapi_value_set( value, (void *)strVal, strlen( strVal ) );
+ return 0;
+}
+
+int slapi_value_set_int(Slapi_Value *value, int intVal)
+{
+ char buf[64];
+
+ snprintf( buf, sizeof( buf ), "%d", intVal );
+
+ return slapi_value_set_string( value, buf );
+}
+
+const char *slapi_value_get_string(const Slapi_Value *value)
+{
+ if ( value == NULL ) return NULL;
+ if ( value->bv_val == NULL ) return NULL;
+ if ( !checkBVString( value ) ) return NULL;
+
+ return value->bv_val;
+}
+
+int slapi_value_get_int(const Slapi_Value *value)
+{
+ if ( value == NULL ) return 0;
+ if ( value->bv_val == NULL ) return 0;
+ if ( !checkBVString( value ) ) return 0;
+
+ return (int)strtol( value->bv_val, NULL, 10 );
+}
+
+unsigned int slapi_value_get_uint(const Slapi_Value *value)
+{
+ if ( value == NULL ) return 0;
+ if ( value->bv_val == NULL ) return 0;
+ if ( !checkBVString( value ) ) return 0;
+
+ return (unsigned int)strtoul( value->bv_val, NULL, 10 );
+}
+
+long slapi_value_get_long(const Slapi_Value *value)
+{
+ if ( value == NULL ) return 0;
+ if ( value->bv_val == NULL ) return 0;
+ if ( !checkBVString( value ) ) return 0;
+
+ return strtol( value->bv_val, NULL, 10 );
+}
+
+unsigned long slapi_value_get_ulong(const Slapi_Value *value)
+{
+ if ( value == NULL ) return 0;
+ if ( value->bv_val == NULL ) return 0;
+ if ( !checkBVString( value ) ) return 0;
+
+ return strtoul( value->bv_val, NULL, 10 );
+}
+
+size_t slapi_value_get_length(const Slapi_Value *value)
+{
+ if ( value == NULL )
+ return 0;
+
+ return (size_t) value->bv_len;
+}
+
+int slapi_value_compare(const Slapi_Attr *a, const Slapi_Value *v1, const Slapi_Value *v2)
+{
+ return slapi_attr_value_cmp( a, v1, v2 );
+}
+
+/* A ValueSet is a container for a BerVarray. */
+Slapi_ValueSet *slapi_valueset_new( void )
+{
+ Slapi_ValueSet *vs;
+
+ vs = (Slapi_ValueSet *)slapi_ch_malloc( sizeof( *vs ) );
+ *vs = NULL;
+
+ return vs;
+}
+
+void slapi_valueset_free(Slapi_ValueSet *vs)
+{
+ if ( vs != NULL ) {
+ BerVarray vp = *vs;
+
+ ber_bvarray_free( vp );
+ slapi_ch_free( (void **)&vp );
+
+ *vs = NULL;
+ }
+}
+
+void slapi_valueset_init(Slapi_ValueSet *vs)
+{
+ if ( vs != NULL && *vs == NULL ) {
+ *vs = (Slapi_ValueSet)slapi_ch_calloc( 1, sizeof(struct berval) );
+ (*vs)->bv_val = NULL;
+ (*vs)->bv_len = 0;
+ }
+}
+
+void slapi_valueset_done(Slapi_ValueSet *vs)
+{
+ BerVarray vp;
+
+ if ( vs == NULL )
+ return;
+
+ for ( vp = *vs; vp->bv_val != NULL; vp++ ) {
+ vp->bv_len = 0;
+ slapi_ch_free( (void **)&vp->bv_val );
+ }
+ /* but don't free *vs or vs */
+}
+
+void slapi_valueset_add_value(Slapi_ValueSet *vs, const Slapi_Value *addval)
+{
+ struct berval bv;
+
+ ber_dupbv( &bv, (Slapi_Value *)addval );
+ ber_bvarray_add( vs, &bv );
+}
+
+int slapi_valueset_first_value( Slapi_ValueSet *vs, Slapi_Value **v )
+{
+ return slapi_valueset_next_value( vs, 0, v );
+}
+
+int slapi_valueset_next_value( Slapi_ValueSet *vs, int index, Slapi_Value **v)
+{
+ int i;
+ BerVarray vp;
+
+ if ( vs == NULL )
+ return -1;
+
+ vp = *vs;
+
+ for ( i = 0; vp[i].bv_val != NULL; i++ ) {
+ if ( i == index ) {
+ *v = &vp[i];
+ return index + 1;
+ }
+ }
+
+ return -1;
+}
+
+int slapi_valueset_count( const Slapi_ValueSet *vs )
+{
+ int i;
+ BerVarray vp;
+
+ if ( vs == NULL )
+ return 0;
+
+ vp = *vs;
+
+ for ( i = 0; vp[i].bv_val != NULL; i++ )
+ ;
+
+ return i;
+
+}
+
+void slapi_valueset_set_valueset(Slapi_ValueSet *vs1, const Slapi_ValueSet *vs2)
+{
+ BerVarray vp;
+
+ for ( vp = *vs2; vp->bv_val != NULL; vp++ ) {
+ slapi_valueset_add_value( vs1, vp );
+ }
+}
+
+int slapi_access_allowed( Slapi_PBlock *pb, Slapi_Entry *e, char *attr,
+ struct berval *val, int access )
+{
+ int rc;
+ slap_access_t slap_access;
+ AttributeDescription *ad = NULL;
+ const char *text;
+
+ rc = slap_str2ad( attr, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ /*
+ * Whilst the SLAPI access types are arranged as a bitmask, the
+ * documentation indicates that they are to be used separately.
+ */
+ switch ( access & SLAPI_ACL_ALL ) {
+ case SLAPI_ACL_COMPARE:
+ slap_access = ACL_COMPARE;
+ break;
+ case SLAPI_ACL_SEARCH:
+ slap_access = ACL_SEARCH;
+ break;
+ case SLAPI_ACL_READ:
+ slap_access = ACL_READ;
+ break;
+ case SLAPI_ACL_WRITE:
+ slap_access = ACL_WRITE;
+ break;
+ case SLAPI_ACL_DELETE:
+ slap_access = ACL_WDEL;
+ break;
+ case SLAPI_ACL_ADD:
+ slap_access = ACL_WADD;
+ break;
+ case SLAPI_ACL_SELF: /* not documented */
+ case SLAPI_ACL_PROXY: /* not documented */
+ default:
+ return LDAP_INSUFFICIENT_ACCESS;
+ break;
+ }
+
+ assert( pb->pb_op != NULL );
+
+ if ( access_allowed( pb->pb_op, e, ad, val, slap_access, NULL ) ) {
+ return LDAP_SUCCESS;
+ }
+
+ return LDAP_INSUFFICIENT_ACCESS;
+}
+
+int slapi_acl_check_mods(Slapi_PBlock *pb, Slapi_Entry *e, LDAPMod **mods, char **errbuf)
+{
+ int rc = LDAP_SUCCESS;
+ Modifications *ml;
+
+ if ( pb == NULL || pb->pb_op == NULL )
+ return LDAP_PARAM_ERROR;
+
+ ml = slapi_int_ldapmods2modifications( mods );
+ if ( ml == NULL ) {
+ return LDAP_OTHER;
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ rc = acl_check_modlist( pb->pb_op, e, ml ) ? LDAP_SUCCESS : LDAP_INSUFFICIENT_ACCESS;
+ }
+
+ slap_mods_free( ml, 1 );
+
+ return rc;
+}
+
+/*
+ * Synthesise an LDAPMod array from a Modifications list to pass
+ * to SLAPI.
+ */
+LDAPMod **slapi_int_modifications2ldapmods( Modifications *modlist )
+{
+ Modifications *ml;
+ LDAPMod **mods, *modp;
+ int i, j;
+
+ for( i = 0, ml = modlist; ml != NULL; i++, ml = ml->sml_next )
+ ;
+
+ mods = (LDAPMod **)slapi_ch_malloc( (i + 1) * sizeof(LDAPMod *) );
+
+ for( i = 0, ml = modlist; ml != NULL; ml = ml->sml_next ) {
+ mods[i] = (LDAPMod *)slapi_ch_malloc( sizeof(LDAPMod) );
+ modp = mods[i];
+ modp->mod_op = ml->sml_op | LDAP_MOD_BVALUES;
+ if ( BER_BVISNULL( &ml->sml_type ) ) {
+ /* may happen for internally generated mods */
+ assert( ml->sml_desc != NULL );
+ modp->mod_type = slapi_ch_strdup( ml->sml_desc->ad_cname.bv_val );
+ } else {
+ modp->mod_type = slapi_ch_strdup( ml->sml_type.bv_val );
+ }
+
+ if ( ml->sml_values != NULL ) {
+ for( j = 0; ml->sml_values[j].bv_val != NULL; j++ )
+ ;
+ modp->mod_bvalues = (struct berval **)slapi_ch_malloc( (j + 1) *
+ sizeof(struct berval *) );
+ for( j = 0; ml->sml_values[j].bv_val != NULL; j++ ) {
+ modp->mod_bvalues[j] = (struct berval *)slapi_ch_malloc(
+ sizeof(struct berval) );
+ ber_dupbv( modp->mod_bvalues[j], &ml->sml_values[j] );
+ }
+ modp->mod_bvalues[j] = NULL;
+ } else {
+ modp->mod_bvalues = NULL;
+ }
+ i++;
+ }
+
+ mods[i] = NULL;
+
+ return mods;
+}
+
+/*
+ * Convert a potentially modified array of LDAPMods back to a
+ * Modification list. Unfortunately the values need to be
+ * duplicated because slap_mods_check() will try to free them
+ * before prettying (and we can't easily get out of calling
+ * slap_mods_check() because we need normalized values).
+ */
+Modifications *slapi_int_ldapmods2modifications ( LDAPMod **mods )
+{
+ Modifications *modlist = NULL, **modtail;
+ LDAPMod **modp;
+ char textbuf[SLAP_TEXT_BUFLEN];
+ const char *text;
+
+ if ( mods == NULL ) {
+ return NULL;
+ }
+
+ modtail = &modlist;
+
+ for ( modp = mods; *modp != NULL; modp++ ) {
+ Modifications *mod;
+ LDAPMod *lmod = *modp;
+ int i;
+ const char *text;
+ AttributeDescription *ad = NULL;
+
+ if ( slap_str2ad( lmod->mod_type, &ad, &text ) != LDAP_SUCCESS ) {
+ continue;
+ }
+
+ mod = (Modifications *) slapi_ch_malloc( sizeof(Modifications) );
+ mod->sml_op = lmod->mod_op & ~(LDAP_MOD_BVALUES);
+ mod->sml_flags = 0;
+ mod->sml_type = ad->ad_cname;
+ mod->sml_desc = ad;
+ mod->sml_next = NULL;
+
+ i = 0;
+ if ( lmod->mod_op & LDAP_MOD_BVALUES ) {
+ if ( lmod->mod_bvalues != NULL ) {
+ while ( lmod->mod_bvalues[i] != NULL )
+ i++;
+ }
+ } else {
+ if ( lmod->mod_values != NULL ) {
+ while ( lmod->mod_values[i] != NULL )
+ i++;
+ }
+ }
+
+ if ( i == 0 ) {
+ mod->sml_values = NULL;
+ } else {
+ mod->sml_values = (BerVarray) slapi_ch_malloc( (i + 1) * sizeof(struct berval) );
+
+ /* NB: This implicitly trusts a plugin to return valid modifications. */
+ if ( lmod->mod_op & LDAP_MOD_BVALUES ) {
+ for ( i = 0; lmod->mod_bvalues[i] != NULL; i++ ) {
+ ber_dupbv( &mod->sml_values[i], lmod->mod_bvalues[i] );
+ }
+ } else {
+ for ( i = 0; lmod->mod_values[i] != NULL; i++ ) {
+ mod->sml_values[i].bv_val = slapi_ch_strdup( lmod->mod_values[i] );
+ mod->sml_values[i].bv_len = strlen( lmod->mod_values[i] );
+ }
+ }
+ mod->sml_values[i].bv_val = NULL;
+ mod->sml_values[i].bv_len = 0;
+ }
+ mod->sml_nvalues = NULL;
+
+ *modtail = mod;
+ modtail = &mod->sml_next;
+ }
+
+ if ( slap_mods_check( modlist, &text, textbuf, sizeof( textbuf ), NULL ) != LDAP_SUCCESS ) {
+ slap_mods_free( modlist, 1 );
+ modlist = NULL;
+ }
+
+ return modlist;
+}
+
+/*
+ * Sun ONE DS 5.x computed attribute support. Computed attributes
+ * allow for dynamically generated operational attributes, a very
+ * useful thing indeed.
+ */
+
+/*
+ * For some reason Sun don't use the normal plugin mechanism
+ * registration path to register an "evaluator" function (an
+ * "evaluator" is responsible for adding computed attributes;
+ * the nomenclature is somewhat confusing).
+ *
+ * As such slapi_compute_add_evaluator() registers the
+ * function directly.
+ */
+int slapi_compute_add_evaluator(slapi_compute_callback_t function)
+{
+ Slapi_PBlock *pPlugin = NULL;
+ int rc;
+ int type = SLAPI_PLUGIN_OBJECT;
+
+ pPlugin = slapi_pblock_new();
+ if ( pPlugin == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto done;
+ }
+
+ rc = slapi_pblock_set( pPlugin, SLAPI_PLUGIN_TYPE, (void *)&type );
+ if ( rc != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ rc = slapi_pblock_set( pPlugin, SLAPI_PLUGIN_COMPUTE_EVALUATOR_FN, (void *)function );
+ if ( rc != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ rc = slapi_int_register_plugin( frontendDB, pPlugin );
+ if ( rc != 0 ) {
+ rc = LDAP_OTHER;
+ goto done;
+ }
+
+done:
+ if ( rc != LDAP_SUCCESS ) {
+ if ( pPlugin != NULL ) {
+ slapi_pblock_destroy( pPlugin );
+ }
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * See notes above regarding slapi_compute_add_evaluator().
+ */
+int slapi_compute_add_search_rewriter(slapi_search_rewrite_callback_t function)
+{
+ Slapi_PBlock *pPlugin = NULL;
+ int rc;
+ int type = SLAPI_PLUGIN_OBJECT;
+
+ pPlugin = slapi_pblock_new();
+ if ( pPlugin == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto done;
+ }
+
+ rc = slapi_pblock_set( pPlugin, SLAPI_PLUGIN_TYPE, (void *)&type );
+ if ( rc != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ rc = slapi_pblock_set( pPlugin, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, (void *)function );
+ if ( rc != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ rc = slapi_int_register_plugin( frontendDB, pPlugin );
+ if ( rc != 0 ) {
+ rc = LDAP_OTHER;
+ goto done;
+ }
+
+done:
+ if ( rc != LDAP_SUCCESS ) {
+ if ( pPlugin != NULL ) {
+ slapi_pblock_destroy( pPlugin );
+ }
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * Call compute evaluators
+ */
+int compute_evaluator(computed_attr_context *c, char *type, Slapi_Entry *e, slapi_compute_output_t outputfn)
+{
+ int rc = 0;
+ slapi_compute_callback_t *pGetPlugin, *tmpPlugin;
+
+ rc = slapi_int_get_plugins( frontendDB, SLAPI_PLUGIN_COMPUTE_EVALUATOR_FN, (SLAPI_FUNC **)&tmpPlugin );
+ if ( rc != LDAP_SUCCESS || tmpPlugin == NULL ) {
+ /* Nothing to do; front-end should ignore. */
+ return 0;
+ }
+
+ for ( pGetPlugin = tmpPlugin; *pGetPlugin != NULL; pGetPlugin++ ) {
+ /*
+ * -1: no attribute matched requested type
+ * 0: one attribute matched
+ * >0: error happened
+ */
+ rc = (*pGetPlugin)( c, type, e, outputfn );
+ if ( rc > 0 ) {
+ break;
+ }
+ }
+
+ slapi_ch_free( (void **)&tmpPlugin );
+
+ return rc;
+}
+
+int
+compute_rewrite_search_filter( Slapi_PBlock *pb )
+{
+ if ( pb == NULL || pb->pb_op == NULL )
+ return LDAP_PARAM_ERROR;
+
+ return slapi_int_call_plugins( pb->pb_op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, pb );
+}
+
+/*
+ * New API to provide the plugin with access to the search
+ * pblock. Have informed Sun DS team.
+ */
+int
+slapi_x_compute_get_pblock(computed_attr_context *c, Slapi_PBlock **pb)
+{
+ if ( c == NULL )
+ return -1;
+
+ if ( c->cac_pb == NULL )
+ return -1;
+
+ *pb = c->cac_pb;
+
+ return 0;
+}
+
+Slapi_Mutex *slapi_new_mutex( void )
+{
+ Slapi_Mutex *m;
+
+ m = (Slapi_Mutex *)slapi_ch_malloc( sizeof(*m) );
+ if ( ldap_pvt_thread_mutex_init( &m->mutex ) != 0 ) {
+ slapi_ch_free( (void **)&m );
+ return NULL;
+ }
+
+ return m;
+}
+
+void slapi_destroy_mutex( Slapi_Mutex *mutex )
+{
+ if ( mutex != NULL ) {
+ ldap_pvt_thread_mutex_destroy( &mutex->mutex );
+ slapi_ch_free( (void **)&mutex);
+ }
+}
+
+void slapi_lock_mutex( Slapi_Mutex *mutex )
+{
+ ldap_pvt_thread_mutex_lock( &mutex->mutex );
+}
+
+int slapi_unlock_mutex( Slapi_Mutex *mutex )
+{
+ return ldap_pvt_thread_mutex_unlock( &mutex->mutex );
+}
+
+Slapi_CondVar *slapi_new_condvar( Slapi_Mutex *mutex )
+{
+ Slapi_CondVar *cv;
+
+ if ( mutex == NULL ) {
+ return NULL;
+ }
+
+ cv = (Slapi_CondVar *)slapi_ch_malloc( sizeof(*cv) );
+ if ( ldap_pvt_thread_cond_init( &cv->cond ) != 0 ) {
+ slapi_ch_free( (void **)&cv );
+ return NULL;
+ }
+
+ cv->mutex = mutex->mutex;
+
+ return cv;
+}
+
+void slapi_destroy_condvar( Slapi_CondVar *cvar )
+{
+ if ( cvar != NULL ) {
+ ldap_pvt_thread_cond_destroy( &cvar->cond );
+ slapi_ch_free( (void **)&cvar );
+ }
+}
+
+int slapi_wait_condvar( Slapi_CondVar *cvar, struct timeval *timeout )
+{
+ if ( cvar == NULL ) {
+ return -1;
+ }
+
+ return ldap_pvt_thread_cond_wait( &cvar->cond, &cvar->mutex );
+}
+
+int slapi_notify_condvar( Slapi_CondVar *cvar, int notify_all )
+{
+ if ( cvar == NULL ) {
+ return -1;
+ }
+
+ if ( notify_all ) {
+ return ldap_pvt_thread_cond_broadcast( &cvar->cond );
+ }
+
+ return ldap_pvt_thread_cond_signal( &cvar->cond );
+}
+
+int slapi_int_access_allowed( Operation *op,
+ Entry *entry,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state )
+{
+ int rc, slap_access = 0;
+ slapi_acl_callback_t *pGetPlugin, *tmpPlugin;
+ Slapi_PBlock *pb;
+
+ pb = SLAPI_OPERATION_PBLOCK( op );
+ if ( pb == NULL ) {
+ /* internal operation */
+ return 1;
+ }
+
+ switch ( access ) {
+ case ACL_COMPARE:
+ slap_access |= SLAPI_ACL_COMPARE;
+ break;
+ case ACL_SEARCH:
+ slap_access |= SLAPI_ACL_SEARCH;
+ break;
+ case ACL_READ:
+ slap_access |= SLAPI_ACL_READ;
+ break;
+ case ACL_WRITE:
+ slap_access |= SLAPI_ACL_WRITE;
+ break;
+ case ACL_WDEL:
+ slap_access |= SLAPI_ACL_DELETE;
+ break;
+ case ACL_WADD:
+ slap_access |= SLAPI_ACL_ADD;
+ break;
+ default:
+ break;
+ }
+
+ rc = slapi_int_get_plugins( frontendDB, SLAPI_PLUGIN_ACL_ALLOW_ACCESS, (SLAPI_FUNC **)&tmpPlugin );
+ if ( rc != LDAP_SUCCESS || tmpPlugin == NULL ) {
+ /* nothing to do; allowed access */
+ return 1;
+ }
+
+ rc = 1; /* default allow policy */
+
+ for ( pGetPlugin = tmpPlugin; *pGetPlugin != NULL; pGetPlugin++ ) {
+ /*
+ * 0 access denied
+ * 1 access granted
+ */
+ rc = (*pGetPlugin)( pb, entry, desc->ad_cname.bv_val,
+ val, slap_access, (void *)state );
+ if ( rc == 0 ) {
+ break;
+ }
+ }
+
+ slapi_ch_free( (void **)&tmpPlugin );
+
+ return rc;
+}
+
+/*
+ * There is no documentation for this.
+ */
+int slapi_rdn2typeval( char *rdn, char **type, struct berval *bv )
+{
+ LDAPRDN lrdn;
+ LDAPAVA *ava;
+ int rc;
+ char *p;
+
+ *type = NULL;
+
+ bv->bv_len = 0;
+ bv->bv_val = NULL;
+
+ rc = ldap_str2rdn( rdn, &lrdn, &p, LDAP_DN_FORMAT_LDAPV3 );
+ if ( rc != LDAP_SUCCESS ) {
+ return -1;
+ }
+
+ if ( lrdn[1] != NULL ) {
+ return -1; /* not single valued */
+ }
+
+ ava = lrdn[0];
+
+ *type = slapi_ch_strdup( ava->la_attr.bv_val );
+ ber_dupbv( bv, &ava->la_value );
+
+ ldap_rdnfree(lrdn);
+
+ return 0;
+}
+
+char *slapi_dn_plus_rdn( const char *dn, const char *rdn )
+{
+ struct berval new_dn, parent_dn, newrdn;
+
+ new_dn.bv_val = NULL;
+
+ parent_dn.bv_val = (char *)dn;
+ parent_dn.bv_len = strlen( dn );
+
+ newrdn.bv_val = (char *)rdn;
+ newrdn.bv_len = strlen( rdn );
+
+ build_new_dn( &new_dn, &parent_dn, &newrdn, NULL );
+
+ return new_dn.bv_val;
+}
+
+int slapi_entry_schema_check( Slapi_PBlock *pb, Slapi_Entry *e )
+{
+ Backend *be_orig;
+ const char *text;
+ char textbuf[SLAP_TEXT_BUFLEN] = { '\0' };
+ size_t textlen = sizeof textbuf;
+ int rc = LDAP_SUCCESS;
+
+ PBLOCK_ASSERT_OP( pb, 0 );
+
+ be_orig = pb->pb_op->o_bd;
+
+ pb->pb_op->o_bd = select_backend( &e->e_nname, 0, 0 );
+ if ( pb->pb_op->o_bd != NULL ) {
+ rc = entry_schema_check( pb->pb_op, e, NULL, 0,
+ &text, textbuf, textlen );
+ }
+ pb->pb_op->o_bd = be_orig;
+
+ return ( rc == LDAP_SUCCESS ) ? 0 : 1;
+}
+
+int slapi_entry_rdn_values_present( const Slapi_Entry *e )
+{
+ LDAPDN dn;
+ int rc;
+ int i = 0, match = 0;
+
+ rc = ldap_bv2dn( &((Entry *)e)->e_name, &dn, LDAP_DN_FORMAT_LDAPV3 );
+ if ( rc != LDAP_SUCCESS ) {
+ return 0;
+ }
+
+ if ( dn[0] != NULL ) {
+ LDAPRDN rdn = dn[0];
+
+ for ( i = 0; rdn[i] != NULL; i++ ) {
+ LDAPAVA *ava = &rdn[0][i];
+ Slapi_Attr *a = NULL;
+
+ if ( slapi_entry_attr_find( (Slapi_Entry *)e, ava->la_attr.bv_val, &a ) == 0 &&
+ slapi_attr_value_find( a, &ava->la_value ) == 0 )
+ match++;
+ }
+ }
+
+ ldap_dnfree( dn );
+
+ return ( i == match );
+}
+
+int slapi_entry_add_rdn_values( Slapi_Entry *e )
+{
+ LDAPDN dn;
+ int i, rc;
+
+ rc = ldap_bv2dn( &e->e_name, &dn, LDAP_DN_FORMAT_LDAPV3 );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if ( dn[0] != NULL ) {
+ LDAPRDN rdn = dn[0];
+ struct berval *vals[2];
+
+ for ( i = 0; rdn[i] != NULL; i++ ) {
+ LDAPAVA *ava = &rdn[0][i];
+ Slapi_Attr *a = NULL;
+
+ if ( slapi_entry_attr_find( e, ava->la_attr.bv_val, &a ) == 0 &&
+ slapi_attr_value_find( a, &ava->la_value ) == 0 )
+ continue;
+
+ vals[0] = &ava->la_value;
+ vals[1] = NULL;
+
+ slapi_entry_attr_merge( e, ava->la_attr.bv_val, vals );
+ }
+ }
+
+ ldap_dnfree( dn );
+
+ return LDAP_SUCCESS;
+}
+
+const char *slapi_entry_get_uniqueid( const Slapi_Entry *e )
+{
+ Attribute *attr;
+
+ attr = attr_find( e->e_attrs, slap_schema.si_ad_entryUUID );
+ if ( attr == NULL ) {
+ return NULL;
+ }
+
+ if ( attr->a_vals != NULL && attr->a_vals[0].bv_len != 0 ) {
+ return slapi_value_get_string( &attr->a_vals[0] );
+ }
+
+ return NULL;
+}
+
+void slapi_entry_set_uniqueid( Slapi_Entry *e, char *uniqueid )
+{
+ struct berval bv;
+
+ attr_delete ( &e->e_attrs, slap_schema.si_ad_entryUUID );
+
+ bv.bv_val = uniqueid;
+ bv.bv_len = strlen( uniqueid );
+ attr_merge_normalize_one( e, slap_schema.si_ad_entryUUID, &bv, NULL );
+}
+
+LDAP *slapi_ldap_init( char *ldaphost, int ldapport, int secure, int shared )
+{
+ LDAP *ld;
+ char *url;
+ size_t size;
+ int rc;
+
+ size = sizeof("ldap:///");
+ if ( secure )
+ size++;
+ size += strlen( ldaphost );
+ if ( ldapport != 0 )
+ size += 32;
+
+ url = slapi_ch_malloc( size );
+
+ if ( ldapport != 0 ) {
+ sprintf( url, "ldap%s://%s:%d/", ( secure ? "s" : "" ), ldaphost, ldapport );
+ } else {
+ sprintf( url, "ldap%s://%s/", ( secure ? "s" : "" ), ldaphost );
+ }
+
+ rc = ldap_initialize( &ld, url );
+
+ slapi_ch_free_string( &url );
+
+ return ( rc == LDAP_SUCCESS ) ? ld : NULL;
+}
+
+void slapi_ldap_unbind( LDAP *ld )
+{
+ ldap_unbind_ext_s( ld, NULL, NULL );
+}
+
+int slapi_x_backend_get_flags( const Slapi_Backend *be, unsigned long *flags )
+{
+ if ( be == NULL )
+ return LDAP_PARAM_ERROR;
+
+ *flags = SLAP_DBFLAGS(be);
+
+ return LDAP_SUCCESS;
+}
+
+int
+slapi_int_count_controls( LDAPControl **ctrls )
+{
+ size_t i;
+
+ if ( ctrls == NULL )
+ return 0;
+
+ for ( i = 0; ctrls[i] != NULL; i++ )
+ ;
+
+ return i;
+}
+
+int
+slapi_op_abandoned( Slapi_PBlock *pb )
+{
+ if ( pb->pb_op == NULL )
+ return 0;
+
+ return ( pb->pb_op->o_abandon );
+}
+
+char *
+slapi_op_type_to_string(unsigned long type)
+{
+ char *str;
+
+ switch (type) {
+ case SLAPI_OPERATION_BIND:
+ str = "bind";
+ break;
+ case SLAPI_OPERATION_UNBIND:
+ str = "unbind";
+ break;
+ case SLAPI_OPERATION_SEARCH:
+ str = "search";
+ break;
+ case SLAPI_OPERATION_MODIFY:
+ str = "modify";
+ break;
+ case SLAPI_OPERATION_ADD:
+ str = "add";
+ break;
+ case SLAPI_OPERATION_DELETE:
+ str = "delete";
+ break;
+ case SLAPI_OPERATION_MODDN:
+ str = "modrdn";
+ break;
+ case SLAPI_OPERATION_COMPARE:
+ str = "compare";
+ break;
+ case SLAPI_OPERATION_ABANDON:
+ str = "abandon";
+ break;
+ case SLAPI_OPERATION_EXTENDED:
+ str = "extended";
+ break;
+ default:
+ str = "unknown operation type";
+ break;
+ }
+ return str;
+}
+
+unsigned long
+slapi_op_get_type(Slapi_Operation * op)
+{
+ unsigned long type;
+
+ switch ( op->o_tag ) {
+ case LDAP_REQ_BIND:
+ type = SLAPI_OPERATION_BIND;
+ break;
+ case LDAP_REQ_UNBIND:
+ type = SLAPI_OPERATION_UNBIND;
+ break;
+ case LDAP_REQ_SEARCH:
+ type = SLAPI_OPERATION_SEARCH;
+ break;
+ case LDAP_REQ_MODIFY:
+ type = SLAPI_OPERATION_MODIFY;
+ break;
+ case LDAP_REQ_ADD:
+ type = SLAPI_OPERATION_ADD;
+ break;
+ case LDAP_REQ_DELETE:
+ type = SLAPI_OPERATION_DELETE;
+ break;
+ case LDAP_REQ_MODRDN:
+ type = SLAPI_OPERATION_MODDN;
+ break;
+ case LDAP_REQ_COMPARE:
+ type = SLAPI_OPERATION_COMPARE;
+ break;
+ case LDAP_REQ_ABANDON:
+ type = SLAPI_OPERATION_ABANDON;
+ break;
+ case LDAP_REQ_EXTENDED:
+ type = SLAPI_OPERATION_EXTENDED;
+ break;
+ default:
+ type = SLAPI_OPERATION_NONE;
+ break;
+ }
+ return type;
+}
+
+void slapi_be_set_readonly( Slapi_Backend *be, int readonly )
+{
+ if ( be == NULL )
+ return;
+
+ if ( readonly )
+ be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
+ else
+ be->be_restrictops &= ~(SLAP_RESTRICT_OP_WRITES);
+}
+
+int slapi_be_get_readonly( Slapi_Backend *be )
+{
+ if ( be == NULL )
+ return 0;
+
+ return ( (be->be_restrictops & SLAP_RESTRICT_OP_WRITES) == SLAP_RESTRICT_OP_WRITES );
+}
+
+const char *slapi_x_be_get_updatedn( Slapi_Backend *be )
+{
+ if ( be == NULL )
+ return NULL;
+
+ return be->be_update_ndn.bv_val;
+}
+
+Slapi_Backend *slapi_be_select( const Slapi_DN *sdn )
+{
+ Slapi_Backend *be;
+
+ slapi_sdn_get_ndn( sdn );
+
+ be = select_backend( (struct berval *)&sdn->ndn, 0, 0 );
+
+ return be;
+}
+
+#if 0
+void
+slapi_operation_set_flag(Slapi_Operation *op, unsigned long flag)
+{
+}
+
+void
+slapi_operation_clear_flag(Slapi_Operation *op, unsigned long flag)
+{
+}
+
+int
+slapi_operation_is_flag_set(Slapi_Operation *op, unsigned long flag)
+{
+}
+#endif
+
+#endif /* LDAP_SLAPI */
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slapindex.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slapindex.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slapindex.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,83 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapindex.c,v 1.1.4.3 2007/01/02 21:43:59 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Kurt Zeilenga for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/unistd.h>
+
+#include "slapcommon.h"
+
+int
+slapindex( int argc, char **argv )
+{
+ ID id;
+ int rc = EXIT_SUCCESS;
+ const char *progname = "slapindex";
+
+ slap_tool_init( progname, SLAPINDEX, argc, argv );
+
+ if( !be->be_entry_open ||
+ !be->be_entry_close ||
+ !be->be_entry_first ||
+ !be->be_entry_next ||
+ !be->be_entry_reindex )
+ {
+ fprintf( stderr, "%s: database doesn't support necessary operations.\n",
+ progname );
+ exit( EXIT_FAILURE );
+ }
+
+ if( be->be_entry_open( be, 0 ) != 0 ) {
+ fprintf( stderr, "%s: could not open database.\n",
+ progname );
+ exit( EXIT_FAILURE );
+ }
+
+ for ( id = be->be_entry_first( be );
+ id != NOID;
+ id = be->be_entry_next( be ) )
+ {
+ int rtn;
+
+ if( verbose ) {
+ printf("indexing id=%08lx\n", (long) id );
+ }
+
+ rtn = be->be_entry_reindex( be, id );
+
+ if( rtn != LDAP_SUCCESS ) {
+ rc = EXIT_FAILURE;
+ if( continuemode ) continue;
+ break;
+ }
+ }
+
+ (void) be->be_entry_close( be );
+
+ slap_tool_destroy();
+ return( rc );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slappasswd.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slappasswd.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slappasswd.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,156 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slappasswd.c,v 1.2.4.4 2007/01/02 21:43:59 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Kurt Zeilenga for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/signal.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include <ldap.h>
+#include <lutil.h>
+#include <lutil_sha1.h>
+
+#include "ldap_defaults.h"
+
+static int verbose = 0;
+
+static void
+usage(const char *s)
+{
+ fprintf(stderr,
+ "Usage: %s [options]\n"
+ " -h hash\tpassword scheme\n"
+ " -s secret\tnew password\n"
+ " -c format\tcrypt(3) salt format\n"
+ " -u\t\tgenerate RFC2307 values (default)\n"
+ " -v\t\tincrease verbosity\n"
+ " -T file\tread file for new password\n"
+ , s );
+
+ exit( EXIT_FAILURE );
+}
+
+int
+slappasswd( int argc, char *argv[] )
+{
+#ifdef LUTIL_SHA1_BYTES
+ char *scheme = "{SSHA}";
+#else
+ char *scheme = "{SMD5}";
+#endif
+
+ char *newpw = NULL;
+ char *pwfile = NULL;
+ const char *text;
+ const char *progname = "slappasswd";
+
+ int i;
+ struct berval passwd;
+ struct berval hash;
+
+ while( (i = getopt( argc, argv,
+ "c:d:h:s:T:vu" )) != EOF )
+ {
+ switch (i) {
+ case 'c': /* crypt salt format */
+ scheme = "{CRYPT}";
+ lutil_salt_format( optarg );
+ break;
+
+ case 'h': /* scheme */
+ scheme = strdup( optarg );
+ break;
+
+ case 's': /* new password (secret) */
+ {
+ char* p;
+ newpw = strdup( optarg );
+
+ for( p = optarg; *p != '\0'; p++ ) {
+ *p = '\0';
+ }
+ } break;
+
+ case 'T': /* password file */
+ pwfile = optarg;
+ break;
+
+ case 'u': /* RFC2307 userPassword */
+ break;
+
+ case 'v': /* verbose */
+ verbose++;
+ break;
+
+ default:
+ usage ( progname );
+ }
+ }
+
+ if( argc - optind != 0 ) {
+ usage( progname );
+ }
+
+ if( pwfile != NULL ) {
+ if( lutil_get_filed_password( pwfile, &passwd )) {
+ return EXIT_FAILURE;
+ }
+ } else {
+ if( newpw == NULL ) {
+ /* prompt for new password */
+ char *cknewpw;
+ newpw = strdup(getpassphrase("New password: "));
+ cknewpw = getpassphrase("Re-enter new password: ");
+
+ if( strcmp( newpw, cknewpw )) {
+ fprintf( stderr, "Password values do not match\n" );
+ return EXIT_FAILURE;
+ }
+ }
+
+ passwd.bv_val = newpw;
+ passwd.bv_len = strlen(passwd.bv_val);
+ }
+
+ lutil_passwd_hash( &passwd, scheme, &hash, &text );
+ if( hash.bv_val == NULL ) {
+ fprintf( stderr,
+ "Password generation failed for scheme %s: %s\n",
+ scheme, text ? text : "" );
+ return EXIT_FAILURE;
+ }
+
+ if( lutil_passwd( &hash, &passwd, NULL, &text ) ) {
+ fprintf( stderr, "Password verification failed. %s\n",
+ text ? text : "" );
+ return EXIT_FAILURE;
+ }
+
+ printf( "%s\n" , hash.bv_val );
+ return EXIT_SUCCESS;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/slaptest.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/slaptest.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/slaptest.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,111 @@
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <ac/unistd.h>
+#include <ac/errno.h>
+
+#include <lber.h>
+#include <ldif.h>
+#include <lutil.h>
+
+#include "slapcommon.h"
+
+static int
+test_file( const char *fname, const char *ftype )
+{
+ struct stat st;
+ int save_errno;
+
+ switch ( stat( fname, &st ) ) {
+ case 0:
+ if ( !( st.st_mode & S_IWUSR ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s file "
+ "\"%s\" exists, but user does not have access\n",
+ ftype, fname, 0 );
+ return -1;
+ }
+ break;
+
+ case -1:
+ default:
+ save_errno = errno;
+ if ( save_errno == ENOENT ) {
+ FILE *fp = fopen( fname, "w" );
+
+ if ( fp == NULL ) {
+ save_errno = errno;
+
+ Debug( LDAP_DEBUG_ANY, "unable to open file "
+ "\"%s\": %d (%s)\n",
+ fname,
+ save_errno, strerror( save_errno ) );
+
+ return -1;
+ }
+ unlink( fname );
+ break;
+ }
+
+ Debug( LDAP_DEBUG_ANY, "unable to stat file "
+ "\"%s\": %d (%s)\n",
+ slapd_pid_file,
+ save_errno, strerror( save_errno ) );
+ return -1;
+ }
+
+ return 0;
+}
+
+int
+slaptest( int argc, char **argv )
+{
+ int rc = EXIT_SUCCESS;
+ const char *progname = "slaptest";
+
+ slap_tool_init( progname, SLAPTEST, argc, argv );
+
+ if ( slapd_pid_file != NULL ) {
+ if ( test_file( slapd_pid_file, "pid" ) ) {
+ return EXIT_FAILURE;
+ }
+ }
+
+ if ( slapd_args_file != NULL ) {
+ if ( test_file( slapd_args_file, "args" ) ) {
+ return EXIT_FAILURE;
+ }
+ }
+
+ fprintf( stderr, "config file testing succeeded\n");
+
+ slap_tool_destroy();
+
+ return rc;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/starttls.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/starttls.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/starttls.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,109 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/starttls.c,v 1.36.2.5 2007/01/02 21:43:59 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+#ifdef HAVE_TLS
+
+int
+starttls_extop ( Operation *op, SlapReply *rs )
+{
+ int rc;
+
+ Statslog( LDAP_DEBUG_STATS, "%s STARTTLS\n",
+ op->o_log_prefix, 0, 0, 0, 0 );
+
+ if ( op->ore_reqdata != NULL ) {
+ /* no request data should be provided */
+ rs->sr_text = "no request data expected";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ /* acquire connection lock */
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+
+ /* can't start TLS if it is already started */
+ if (op->o_conn->c_is_tls != 0) {
+ rs->sr_text = "TLS already started";
+ rc = LDAP_OPERATIONS_ERROR;
+ goto done;
+ }
+
+ /* can't start TLS if there are other op's around */
+ if (( !LDAP_STAILQ_EMPTY(&op->o_conn->c_ops) &&
+ (LDAP_STAILQ_FIRST(&op->o_conn->c_ops) != op ||
+ LDAP_STAILQ_NEXT(op, o_next) != NULL)) ||
+ ( !LDAP_STAILQ_EMPTY(&op->o_conn->c_pending_ops) ))
+ {
+ rs->sr_text = "cannot start TLS when operations are outstanding";
+ rc = LDAP_OPERATIONS_ERROR;
+ goto done;
+ }
+
+ if ( !( global_disallows & SLAP_DISALLOW_TLS_2_ANON ) &&
+ ( op->o_conn->c_dn.bv_len != 0 ) )
+ {
+ Statslog( LDAP_DEBUG_STATS,
+ "%s AUTHZ anonymous mech=starttls ssf=0\n",
+ op->o_log_prefix, 0, 0, 0, 0 );
+
+ /* force to anonymous */
+ connection2anonymous( op->o_conn );
+ }
+
+ if ( ( global_disallows & SLAP_DISALLOW_TLS_AUTHC ) &&
+ ( op->o_conn->c_dn.bv_len != 0 ) )
+ {
+ rs->sr_text = "cannot start TLS after authentication";
+ rc = LDAP_OPERATIONS_ERROR;
+ goto done;
+ }
+
+ /* fail if TLS could not be initialized */
+ if ( slap_tls_ctx == NULL ) {
+ if (default_referral != NULL) {
+ /* caller will put the referral in the result */
+ rc = LDAP_REFERRAL;
+ goto done;
+ }
+
+ rs->sr_text = "Could not initialize TLS";
+ rc = LDAP_UNAVAILABLE;
+ goto done;
+ }
+
+ op->o_conn->c_is_tls = 1;
+ op->o_conn->c_needs_tls_accept = 1;
+
+ rc = LDAP_SUCCESS;
+
+done:
+ /* give up connection lock */
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+
+ /* FIXME: RACE CONDITION! we give up lock before sending result
+ * Should be resolved by reworking connection state, not
+ * by moving send here (so as to ensure proper TLS sequencing)
+ */
+
+ return rc;
+}
+
+#endif /* HAVE_TLS */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/str2filter.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/str2filter.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/str2filter.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,84 @@
+/* str2filter.c - parse an RFC 2554 string filter */
+/* $OpenLDAP: pkg/ldap/servers/slapd/str2filter.c,v 1.40.2.4 2007/01/02 21:43:59 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+
+Filter *
+str2filter_x( Operation *op, const char *str )
+{
+ int rc;
+ Filter *f = NULL;
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ const char *text = NULL;
+
+ Debug( LDAP_DEBUG_FILTER, "str2filter \"%s\"\n", str, 0, 0 );
+
+ if ( str == NULL || *str == '\0' ) {
+ return NULL;
+ }
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+ if ( op->o_tmpmemctx ) {
+ ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+ }
+
+ rc = ldap_pvt_put_filter( ber, str );
+ if( rc < 0 ) {
+ goto done;
+ }
+
+ ber_reset( ber, 1 );
+
+ rc = get_filter( op, ber, &f, &text );
+
+done:
+ ber_free_buf( ber );
+
+ return f;
+}
+
+Filter *
+str2filter( const char *str )
+{
+ Operation op = {0};
+ Opheader ohdr = {0};
+
+ op.o_hdr = &ohdr;
+ op.o_tmpmemctx = NULL;
+ op.o_tmpmfuncs = &ch_mfuncs;
+
+ return str2filter_x( &op, str );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/syncrepl.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/syncrepl.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/syncrepl.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,3469 @@
+/* syncrepl.c -- Replication Engine which uses the LDAP Sync protocol */
+/* $OpenLDAP: pkg/ldap/servers/slapd/syncrepl.c,v 1.168.2.47 2007/04/06 21:49:16 hyc Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2003 by IBM Corporation.
+ * Portions Copyright 2003 by Howard Chu, Symas Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "lutil.h"
+#include "slap.h"
+#include "lutil_ldap.h"
+
+#include "config.h"
+
+#include "ldap_rq.h"
+
+struct nonpresent_entry {
+ struct berval *npe_name;
+ struct berval *npe_nname;
+ LDAP_LIST_ENTRY(nonpresent_entry) npe_link;
+};
+
+#define SYNCDATA_DEFAULT 0 /* entries are plain LDAP entries */
+#define SYNCDATA_ACCESSLOG 1 /* entries are accesslog format */
+#define SYNCDATA_CHANGELOG 2 /* entries are changelog format */
+
+#define SYNCLOG_LOGGING 0 /* doing a log-based update */
+#define SYNCLOG_FALLBACK 1 /* doing a full refresh */
+
+#define RETRYNUM_FOREVER (-1) /* retry forever */
+#define RETRYNUM_TAIL (-2) /* end of retrynum array */
+#define RETRYNUM_VALID(n) ((n) >= RETRYNUM_FOREVER) /* valid retrynum */
+#define RETRYNUM_FINITE(n) ((n) > RETRYNUM_FOREVER) /* not forever */
+
+typedef struct syncinfo_s {
+ struct slap_backend_db *si_be;
+ struct re_s *si_re;
+ long si_rid;
+ slap_bindconf si_bindconf;
+ struct berval si_base;
+ struct berval si_logbase;
+ struct berval si_filterstr;
+ struct berval si_logfilterstr;
+ int si_scope;
+ int si_attrsonly;
+ char *si_anfile;
+ AttributeName *si_anlist;
+ AttributeName *si_exanlist;
+ char **si_attrs;
+ char **si_exattrs;
+ int si_allattrs;
+ int si_allopattrs;
+ int si_schemachecking;
+ int si_type; /* the active type */
+ int si_ctype; /* the configured type */
+ time_t si_interval;
+ time_t *si_retryinterval;
+ int *si_retrynum_init;
+ int *si_retrynum;
+ struct sync_cookie si_syncCookie;
+ int si_manageDSAit;
+ int si_slimit;
+ int si_tlimit;
+ int si_refreshDelete;
+ int si_refreshPresent;
+ int si_syncdata;
+ int si_logstate;
+ int si_conn_setup;
+ Avlnode *si_presentlist;
+ LDAP *si_ld;
+ LDAP_LIST_HEAD(np, nonpresent_entry) si_nonpresentlist;
+ ldap_pvt_thread_mutex_t si_mutex;
+} syncinfo_t;
+
+static int syncuuid_cmp( const void *, const void * );
+static void avl_ber_bvfree( void * );
+static void syncrepl_del_nonpresent( Operation *, syncinfo_t *, BerVarray, struct berval * );
+static int syncrepl_message_to_op(
+ syncinfo_t *, Operation *, LDAPMessage * );
+static int syncrepl_message_to_entry(
+ syncinfo_t *, Operation *, LDAPMessage *,
+ Modifications **, Entry **, int );
+static int syncrepl_entry(
+ syncinfo_t *, Operation*, Entry*,
+ Modifications**,int, struct berval*,
+ struct sync_cookie *,
+ struct berval * );
+static void syncrepl_updateCookie(
+ syncinfo_t *, Operation *, struct berval *,
+ struct sync_cookie * );
+static struct berval * slap_uuidstr_from_normalized(
+ struct berval *, struct berval *, void * );
+
+/* callback functions */
+static int dn_callback( struct slap_op *, struct slap_rep * );
+static int nonpresent_callback( struct slap_op *, struct slap_rep * );
+static int null_callback( struct slap_op *, struct slap_rep * );
+
+static AttributeDescription *sync_descs[4];
+
+static void
+init_syncrepl(syncinfo_t *si)
+{
+ int i, j, k, l, n;
+ char **attrs, **exattrs;
+
+ if ( !sync_descs[0] ) {
+ sync_descs[0] = slap_schema.si_ad_objectClass;
+ sync_descs[1] = slap_schema.si_ad_structuralObjectClass;
+ sync_descs[2] = slap_schema.si_ad_entryCSN;
+ sync_descs[3] = NULL;
+ }
+
+ if ( si->si_allattrs && si->si_allopattrs )
+ attrs = NULL;
+ else
+ attrs = anlist2attrs( si->si_anlist );
+
+ if ( attrs ) {
+ if ( si->si_allattrs ) {
+ i = 0;
+ while ( attrs[i] ) {
+ if ( !is_at_operational( at_find( attrs[i] ))) {
+ for ( j = i; attrs[j] != NULL; j++ ) {
+ if ( j == i )
+ ch_free( attrs[i] );
+ attrs[j] = attrs[j+1];
+ }
+ } else {
+ i++;
+ }
+ }
+ attrs = ( char ** ) ch_realloc( attrs, (i + 2)*sizeof( char * ) );
+ attrs[i] = ch_strdup("*");
+ attrs[i + 1] = NULL;
+
+ } else if ( si->si_allopattrs ) {
+ i = 0;
+ while ( attrs[i] ) {
+ if ( is_at_operational( at_find( attrs[i] ))) {
+ for ( j = i; attrs[j] != NULL; j++ ) {
+ if ( j == i )
+ ch_free( attrs[i] );
+ attrs[j] = attrs[j+1];
+ }
+ } else {
+ i++;
+ }
+ }
+ attrs = ( char ** ) ch_realloc( attrs, (i + 2)*sizeof( char * ) );
+ attrs[i] = ch_strdup("+");
+ attrs[i + 1] = NULL;
+ }
+
+ for ( i = 0; sync_descs[i] != NULL; i++ ) {
+ j = 0;
+ while ( attrs[j] ) {
+ if ( !strcmp( attrs[j], sync_descs[i]->ad_cname.bv_val )) {
+ for ( k = j; attrs[k] != NULL; k++ ) {
+ if ( k == j )
+ ch_free( attrs[k] );
+ attrs[k] = attrs[k+1];
+ }
+ } else {
+ j++;
+ }
+ }
+ }
+
+ for ( n = 0; attrs[ n ] != NULL; n++ ) /* empty */;
+
+ if ( si->si_allopattrs ) {
+ attrs = ( char ** ) ch_realloc( attrs, (n + 2)*sizeof( char * ));
+ } else {
+ attrs = ( char ** ) ch_realloc( attrs, (n + 4)*sizeof( char * ));
+ }
+
+ if ( attrs == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "out of memory\n", 0, 0, 0 );
+ }
+
+ /* Add Attributes */
+ if ( si->si_allopattrs ) {
+ attrs[n++] = ch_strdup( sync_descs[0]->ad_cname.bv_val );
+ } else {
+ for ( i = 0; sync_descs[ i ] != NULL; i++ ) {
+ attrs[ n++ ] = ch_strdup ( sync_descs[i]->ad_cname.bv_val );
+ }
+ }
+ attrs[ n ] = NULL;
+
+ } else {
+
+ i = 0;
+ if ( si->si_allattrs == si->si_allopattrs ) {
+ attrs = (char**) ch_malloc( 3 * sizeof(char*) );
+ attrs[i++] = ch_strdup( "*" );
+ attrs[i++] = ch_strdup( "+" );
+ } else if ( si->si_allattrs && !si->si_allopattrs ) {
+ for ( n = 0; sync_descs[ n ] != NULL; n++ ) ;
+ attrs = (char**) ch_malloc( (n+1)* sizeof(char*) );
+ attrs[i++] = ch_strdup( "*" );
+ for ( j = 1; sync_descs[ j ] != NULL; j++ ) {
+ attrs[i++] = ch_strdup ( sync_descs[j]->ad_cname.bv_val );
+ }
+ } else if ( !si->si_allattrs && si->si_allopattrs ) {
+ attrs = (char**) ch_malloc( 3 * sizeof(char*) );
+ attrs[i++] = ch_strdup( "+" );
+ attrs[i++] = ch_strdup( sync_descs[0]->ad_cname.bv_val );
+ }
+ attrs[i] = NULL;
+ }
+
+ si->si_attrs = attrs;
+
+ exattrs = anlist2attrs( si->si_exanlist );
+
+ if ( exattrs ) {
+ for ( n = 0; exattrs[n] != NULL; n++ ) ;
+
+ for ( i = 0; sync_descs[i] != NULL; i++ ) {
+ j = 0;
+ while ( exattrs[j] != NULL ) {
+ if ( !strcmp( exattrs[j], sync_descs[i]->ad_cname.bv_val )) {
+ ch_free( exattrs[j] );
+ for ( k = j; exattrs[k] != NULL; k++ ) {
+ exattrs[k] = exattrs[k+1];
+ }
+ } else {
+ j++;
+ }
+ }
+ }
+
+ for ( i = 0; exattrs[i] != NULL; i++ ) {
+ for ( j = 0; si->si_anlist[j].an_name.bv_val; j++ ) {
+ ObjectClass *oc;
+ if ( ( oc = si->si_anlist[j].an_oc ) ) {
+ k = 0;
+ while ( oc->soc_required[k] ) {
+ if ( !strcmp( exattrs[i],
+ oc->soc_required[k]->sat_cname.bv_val )) {
+ ch_free( exattrs[i] );
+ for ( l = i; exattrs[l]; l++ ) {
+ exattrs[l] = exattrs[l+1];
+ }
+ } else {
+ k++;
+ }
+ }
+ }
+ }
+ }
+
+ for ( i = 0; exattrs[i] != NULL; i++ ) ;
+
+ if ( i != n )
+ exattrs = (char **) ch_realloc( exattrs, (i + 1)*sizeof(char *));
+ }
+
+ si->si_exattrs = exattrs;
+}
+
+typedef struct logschema {
+ struct berval ls_dn;
+ struct berval ls_req;
+ struct berval ls_mod;
+ struct berval ls_newRdn;
+ struct berval ls_delRdn;
+ struct berval ls_newSup;
+} logschema;
+
+static logschema changelog_sc = {
+ BER_BVC("targetDN"),
+ BER_BVC("changeType"),
+ BER_BVC("changes"),
+ BER_BVC("newRDN"),
+ BER_BVC("deleteOldRDN"),
+ BER_BVC("newSuperior")
+};
+
+static logschema accesslog_sc = {
+ BER_BVC("reqDN"),
+ BER_BVC("reqType"),
+ BER_BVC("reqMod"),
+ BER_BVC("reqNewRDN"),
+ BER_BVC("reqDeleteOldRDN"),
+ BER_BVC("reqNewSuperior")
+};
+
+static int
+ldap_sync_search(
+ syncinfo_t *si,
+ void *ctx )
+{
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ LDAPControl c[2], *ctrls[3];
+ struct timeval timeout;
+ ber_int_t msgid;
+ int rc;
+ int rhint;
+ char *base;
+ char **attrs, *lattrs[8];
+ char *filter;
+ int attrsonly;
+ int scope;
+
+ /* setup LDAP SYNC control */
+ ber_init2( ber, NULL, LBER_USE_DER );
+ ber_set_option( ber, LBER_OPT_BER_MEMCTX, &ctx );
+
+ /* If we're using a log but we have no state, then fallback to
+ * normal mode for a full refresh.
+ */
+ if ( si->si_syncdata && BER_BVISEMPTY( &si->si_syncCookie.ctxcsn ))
+ si->si_logstate = SYNCLOG_FALLBACK;
+
+ /* Use the log parameters if we're in log mode */
+ if ( si->si_syncdata && si->si_logstate == SYNCLOG_LOGGING ) {
+ logschema *ls;
+ if ( si->si_syncdata == SYNCDATA_ACCESSLOG )
+ ls = &accesslog_sc;
+ else
+ ls = &changelog_sc;
+ lattrs[0] = ls->ls_dn.bv_val;
+ lattrs[1] = ls->ls_req.bv_val;
+ lattrs[2] = ls->ls_mod.bv_val;
+ lattrs[3] = ls->ls_newRdn.bv_val;
+ lattrs[4] = ls->ls_delRdn.bv_val;
+ lattrs[5] = ls->ls_newSup.bv_val;
+ lattrs[6] = slap_schema.si_ad_entryCSN->ad_cname.bv_val;
+ lattrs[7] = NULL;
+
+ rhint = 0;
+ base = si->si_logbase.bv_val;
+ filter = si->si_logfilterstr.bv_val;
+ attrs = lattrs;
+ attrsonly = 0;
+ scope = LDAP_SCOPE_SUBTREE;
+ } else {
+ rhint = 1;
+ base = si->si_base.bv_val;
+ filter = si->si_filterstr.bv_val;
+ attrs = si->si_attrs;
+ attrsonly = si->si_attrsonly;
+ scope = si->si_scope;
+ }
+ if ( si->si_syncdata && si->si_logstate == SYNCLOG_FALLBACK ) {
+ si->si_type = LDAP_SYNC_REFRESH_ONLY;
+ } else {
+ si->si_type = si->si_ctype;
+ }
+
+ if ( !BER_BVISNULL( &si->si_syncCookie.octet_str ) )
+ {
+ ber_printf( ber, "{eOb}",
+ abs(si->si_type), &si->si_syncCookie.octet_str, rhint );
+ } else {
+ ber_printf( ber, "{eb}",
+ abs(si->si_type), rhint );
+ }
+
+ if ( (rc = ber_flatten2( ber, &c[0].ldctl_value, 0 )) == LBER_ERROR ) {
+ ber_free_buf( ber );
+ return rc;
+ }
+
+ c[0].ldctl_oid = LDAP_CONTROL_SYNC;
+ c[0].ldctl_iscritical = si->si_type < 0;
+ ctrls[0] = &c[0];
+
+ if ( !BER_BVISNULL( &si->si_bindconf.sb_authzId ) ) {
+ c[1].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
+ c[1].ldctl_value = si->si_bindconf.sb_authzId;
+ c[1].ldctl_iscritical = 1;
+ ctrls[1] = &c[1];
+ ctrls[2] = NULL;
+ } else {
+ ctrls[1] = NULL;
+ }
+
+ timeout.tv_sec = si->si_tlimit;
+ timeout.tv_usec = 0;
+
+ rc = ldap_search_ext( si->si_ld, base, scope, filter, attrs, attrsonly,
+ ctrls, NULL, si->si_tlimit > 0 ? &timeout : NULL,
+ si->si_slimit, &msgid );
+ ber_free_buf( ber );
+ return rc;
+}
+
+static int
+do_syncrep1(
+ Operation *op,
+ syncinfo_t *si )
+{
+ int rc;
+ int cmdline_cookie_found = 0;
+
+ struct sync_cookie *sc = NULL;
+ struct berval *psub;
+#ifdef HAVE_TLS
+ void *ssl;
+#endif
+
+ psub = &si->si_be->be_nsuffix[0];
+
+ /* Init connection to master */
+ rc = ldap_initialize( &si->si_ld, si->si_bindconf.sb_uri.bv_val );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "do_syncrep1: rid %03d ldap_initialize failed (%s)\n",
+ si->si_rid, si->si_bindconf.sb_uri.bv_val, 0 );
+ return rc;
+ }
+
+ op->o_protocol = LDAP_VERSION3;
+ ldap_set_option( si->si_ld, LDAP_OPT_PROTOCOL_VERSION, &op->o_protocol );
+
+ /* Bind to master */
+
+ if ( si->si_bindconf.sb_tls ) {
+ rc = ldap_start_tls_s( si->si_ld, NULL, NULL );
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: rid %03d ldap_start_tls failed (%d)\n",
+ si->si_bindconf.sb_tls == SB_TLS_CRITICAL ? "Error" : "Warning",
+ si->si_rid, rc );
+ if( si->si_bindconf.sb_tls == SB_TLS_CRITICAL ) goto done;
+ }
+ }
+
+ if ( si->si_bindconf.sb_method == LDAP_AUTH_SASL ) {
+#ifdef HAVE_CYRUS_SASL
+ void *defaults;
+
+ if ( si->si_bindconf.sb_secprops != NULL ) {
+ rc = ldap_set_option( si->si_ld,
+ LDAP_OPT_X_SASL_SECPROPS, si->si_bindconf.sb_secprops);
+
+ if( rc != LDAP_OPT_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "Error: rid %03d ldap_set_option "
+ "(%s,SECPROPS,\"%s\") failed!\n",
+ si->si_rid, si->si_bindconf.sb_uri.bv_val, si->si_bindconf.sb_secprops );
+ goto done;
+ }
+ }
+
+ defaults = lutil_sasl_defaults( si->si_ld,
+ si->si_bindconf.sb_saslmech.bv_val,
+ si->si_bindconf.sb_realm.bv_val,
+ si->si_bindconf.sb_authcId.bv_val,
+ si->si_bindconf.sb_cred.bv_val,
+ si->si_bindconf.sb_authzId.bv_val );
+
+ rc = ldap_sasl_interactive_bind_s( si->si_ld,
+ si->si_bindconf.sb_binddn.bv_val,
+ si->si_bindconf.sb_saslmech.bv_val,
+ NULL, NULL,
+ LDAP_SASL_QUIET,
+ lutil_sasl_interact,
+ defaults );
+
+ lutil_sasl_freedefs( defaults );
+
+ /* FIXME: different error behaviors according to
+ * 1) return code
+ * 2) on err policy : exit, retry, backoff ...
+ */
+ if ( rc != LDAP_SUCCESS ) {
+ static struct berval bv_GSSAPI = BER_BVC( "GSSAPI" );
+
+ Debug( LDAP_DEBUG_ANY, "do_syncrep1: rid %03d "
+ "ldap_sasl_interactive_bind_s failed (%d)\n",
+ si->si_rid, rc, 0 );
+
+ /* FIXME (see above comment) */
+ /* if Kerberos credentials cache is not active, retry */
+ if ( ber_bvcmp( &si->si_bindconf.sb_saslmech, &bv_GSSAPI ) == 0 &&
+ rc == LDAP_LOCAL_ERROR )
+ {
+ rc = LDAP_SERVER_DOWN;
+ }
+
+ goto done;
+ }
+#else /* HAVE_CYRUS_SASL */
+ /* Should never get here, we trapped this at config time */
+ assert(0);
+ Debug( LDAP_DEBUG_SYNC, "not compiled with SASL support\n", 0, 0, 0 );
+ rc = LDAP_OTHER;
+ goto done;
+#endif
+
+ } else if ( si->si_bindconf.sb_method == LDAP_AUTH_SIMPLE ) {
+ rc = ldap_sasl_bind_s( si->si_ld,
+ si->si_bindconf.sb_binddn.bv_val, LDAP_SASL_SIMPLE,
+ &si->si_bindconf.sb_cred, NULL, NULL, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "do_syncrep1: rid %03d "
+ "ldap_sasl_bind_s failed (%d)\n", si->si_rid, rc, 0 );
+ goto done;
+ }
+ }
+
+ /* Set SSF to strongest of TLS, SASL SSFs */
+ op->o_sasl_ssf = 0;
+ op->o_tls_ssf = 0;
+ op->o_transport_ssf = 0;
+#ifdef HAVE_TLS
+ if ( ldap_get_option( si->si_ld, LDAP_OPT_X_TLS_SSL_CTX, &ssl )
+ == LDAP_SUCCESS && ssl != NULL )
+ {
+ op->o_tls_ssf = ldap_pvt_tls_get_strength( ssl );
+ }
+#endif /* HAVE_TLS */
+ ldap_get_option( si->si_ld, LDAP_OPT_X_SASL_SSF, &op->o_sasl_ssf );
+ op->o_ssf = ( op->o_sasl_ssf > op->o_tls_ssf )
+ ? op->o_sasl_ssf : op->o_tls_ssf;
+
+
+ if ( BER_BVISNULL( &si->si_syncCookie.octet_str )) {
+ /* get contextCSN shadow replica from database */
+ BerVarray csn = NULL;
+
+ assert( si->si_rid < 1000 );
+ op->o_req_ndn = op->o_bd->be_nsuffix[0];
+ op->o_req_dn = op->o_req_ndn;
+
+ /* try to read stored contextCSN */
+ backend_attribute( op, NULL, &op->o_req_ndn,
+ slap_schema.si_ad_contextCSN, &csn, ACL_READ );
+ if ( csn ) {
+ ch_free( si->si_syncCookie.ctxcsn.bv_val );
+ ber_dupbv( &si->si_syncCookie.ctxcsn, csn );
+ ber_bvarray_free_x( csn, op->o_tmpmemctx );
+ }
+
+ si->si_syncCookie.rid = si->si_rid;
+
+ LDAP_STAILQ_FOREACH( sc, &slap_sync_cookie, sc_next ) {
+ if ( si->si_rid == sc->rid ) {
+ cmdline_cookie_found = 1;
+ break;
+ }
+ }
+
+ if ( cmdline_cookie_found ) {
+ /* cookie is supplied in the command line */
+
+ LDAP_STAILQ_REMOVE( &slap_sync_cookie, sc, sync_cookie, sc_next );
+
+ /* ctxcsn wasn't parsed yet, do it now */
+ slap_parse_sync_cookie( sc, op->o_tmpmemctx );
+ if ( BER_BVISNULL( &sc->ctxcsn ) ) {
+ /* if cmdline cookie does not have ctxcsn */
+ /* component, set it to an initial value */
+ slap_init_sync_cookie_ctxcsn( sc );
+ }
+ slap_sync_cookie_free( &si->si_syncCookie, 0 );
+ slap_dup_sync_cookie( &si->si_syncCookie, sc );
+ slap_sync_cookie_free( sc, 1 );
+ }
+
+ slap_compose_sync_cookie( NULL, &si->si_syncCookie.octet_str,
+ &si->si_syncCookie.ctxcsn, si->si_syncCookie.rid );
+ }
+
+ rc = ldap_sync_search( si, op->o_tmpmemctx );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "do_syncrep1: rid %03d "
+ "ldap_search_ext: %s (%d)\n",
+ si->si_rid, ldap_err2string( rc ), rc );
+ }
+
+done:
+ if ( rc ) {
+ if ( si->si_ld ) {
+ ldap_unbind_ext( si->si_ld, NULL, NULL );
+ si->si_ld = NULL;
+ }
+ }
+
+ return rc;
+}
+
+static int
+do_syncrep2(
+ Operation *op,
+ syncinfo_t *si )
+{
+ LDAPControl **rctrls = NULL;
+ LDAPControl *rctrlp;
+
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+
+ LDAPMessage *res = NULL;
+ LDAPMessage *msg = NULL;
+
+ char *retoid = NULL;
+ struct berval *retdata = NULL;
+
+ Entry *entry = NULL;
+
+ int syncstate;
+ struct berval syncUUID = BER_BVNULL;
+ struct sync_cookie syncCookie = { BER_BVNULL };
+ struct sync_cookie syncCookie_req = { BER_BVNULL };
+ struct berval cookie = BER_BVNULL;
+
+ int rc, err, i;
+ ber_len_t len;
+
+ int rc_efree = 1;
+
+ struct berval *psub;
+ Modifications *modlist = NULL;
+
+ const char *text;
+ int match;
+
+ struct timeval *tout_p = NULL;
+ struct timeval tout = { 0, 0 };
+
+ int refreshDeletes = 0;
+ int refreshDone = 1;
+ BerVarray syncUUIDs = NULL;
+ ber_tag_t si_tag;
+
+ if ( slapd_shutdown ) {
+ rc = -2;
+ goto done;
+ }
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+ ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+
+ Debug( LDAP_DEBUG_TRACE, "=>do_syncrep2 rid %03d\n", si->si_rid, 0, 0 );
+
+ psub = &si->si_be->be_nsuffix[0];
+
+ slap_dup_sync_cookie( &syncCookie_req, &si->si_syncCookie );
+
+ if ( abs(si->si_type) == LDAP_SYNC_REFRESH_AND_PERSIST ) {
+ tout_p = &tout;
+ } else {
+ tout_p = NULL;
+ }
+
+ while (( rc = ldap_result( si->si_ld, LDAP_RES_ANY, LDAP_MSG_ONE,
+ tout_p, &res )) > 0 )
+ {
+ if ( slapd_shutdown ) {
+ rc = -2;
+ goto done;
+ }
+ for( msg = ldap_first_message( si->si_ld, res );
+ msg != NULL;
+ msg = ldap_next_message( si->si_ld, msg ) )
+ {
+ if ( slapd_shutdown ) {
+ rc = -2;
+ goto done;
+ }
+ switch( ldap_msgtype( msg ) ) {
+ case LDAP_RES_SEARCH_ENTRY:
+ ldap_get_entry_controls( si->si_ld, msg, &rctrls );
+ /* we can't work without the control */
+ if ( !rctrls ) {
+ Debug( LDAP_DEBUG_ANY, "do_syncrep2: rid %03d"
+ "got search entry without "
+ "control\n", si->si_rid, 0, 0 );
+ rc = -1;
+ goto done;
+ }
+ rctrlp = *rctrls;
+ ber_init2( ber, &rctrlp->ldctl_value, LBER_USE_DER );
+ ber_scanf( ber, "{em" /*"}"*/, &syncstate, &syncUUID );
+ /* FIXME: what if syncUUID is NULL or empty?
+ * (happens with back-sql...) */
+ if ( BER_BVISEMPTY( &syncUUID ) ) {
+ Debug( LDAP_DEBUG_ANY, "do_syncrep2: rid %03d "
+ "got empty syncUUID\n", si->si_rid, 0, 0 );
+ ldap_controls_free( rctrls );
+ rc = -1;
+ goto done;
+ }
+ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SYNC_COOKIE ) {
+ ber_scanf( ber, /*"{"*/ "m}", &cookie );
+ if ( !BER_BVISNULL( &cookie ) ) {
+ ch_free( syncCookie.octet_str.bv_val );
+ ber_dupbv( &syncCookie.octet_str, &cookie );
+ }
+ if ( !BER_BVISNULL( &syncCookie.octet_str ) )
+ {
+ slap_parse_sync_cookie( &syncCookie, NULL );
+ }
+ }
+ if ( si->si_syncdata && si->si_logstate == SYNCLOG_LOGGING ) {
+ entry = NULL;
+ modlist = NULL;
+ if ( syncrepl_message_to_op( si, op, msg ) == LDAP_SUCCESS &&
+ !BER_BVISNULL( &syncCookie.ctxcsn ) ) {
+ syncrepl_updateCookie( si, op, psub, &syncCookie );
+ }
+ } else if ( syncrepl_message_to_entry( si, op, msg,
+ &modlist, &entry, syncstate ) == LDAP_SUCCESS ) {
+ rc_efree = syncrepl_entry( si, op, entry, &modlist,
+ syncstate, &syncUUID, &syncCookie_req, &syncCookie.ctxcsn );
+ if ( !BER_BVISNULL( &syncCookie.ctxcsn ) )
+ {
+ syncrepl_updateCookie( si, op, psub, &syncCookie );
+ }
+ }
+ ldap_controls_free( rctrls );
+ if ( modlist ) {
+ slap_mods_free( modlist, 1 );
+ }
+ if ( rc_efree && entry ) {
+ entry_free( entry );
+ }
+ entry = NULL;
+ break;
+
+ case LDAP_RES_SEARCH_REFERENCE:
+ Debug( LDAP_DEBUG_ANY,
+ "do_syncrep2: rid %03d reference received error\n",
+ si->si_rid, 0, 0 );
+ break;
+
+ case LDAP_RES_SEARCH_RESULT:
+ Debug( LDAP_DEBUG_SYNC,
+ "do_syncrep2: rid %03d LDAP_RES_SEARCH_RESULT\n",
+ si->si_rid, 0, 0 );
+ ldap_parse_result( si->si_ld, msg, &err, NULL, NULL, NULL,
+ &rctrls, 0 );
+#ifdef LDAP_X_SYNC_REFRESH_REQUIRED
+ if ( err == LDAP_X_SYNC_REFRESH_REQUIRED ) {
+ /* map old result code to registered code */
+ err = LDAP_SYNC_REFRESH_REQUIRED;
+ }
+#endif
+ if ( err == LDAP_SYNC_REFRESH_REQUIRED ) {
+ if ( si->si_logstate == SYNCLOG_LOGGING ) {
+ si->si_logstate = SYNCLOG_FALLBACK;
+ }
+ rc = err;
+ goto done;
+ }
+ if ( rctrls ) {
+ rctrlp = *rctrls;
+ ber_init2( ber, &rctrlp->ldctl_value, LBER_USE_DER );
+
+ ber_scanf( ber, "{" /*"}"*/);
+ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SYNC_COOKIE ) {
+ ber_scanf( ber, "m", &cookie );
+ if ( !BER_BVISNULL( &cookie ) ) {
+ ch_free( syncCookie.octet_str.bv_val );
+ ber_dupbv( &syncCookie.octet_str, &cookie);
+ }
+ if ( !BER_BVISNULL( &syncCookie.octet_str ) )
+ {
+ slap_parse_sync_cookie( &syncCookie, NULL );
+ }
+ }
+ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_REFRESHDELETES )
+ {
+ ber_scanf( ber, "b", &refreshDeletes );
+ }
+ ber_scanf( ber, /*"{"*/ "}" );
+ }
+ if ( BER_BVISNULL( &syncCookie_req.ctxcsn )) {
+ match = -1;
+ } else if ( BER_BVISNULL( &syncCookie.ctxcsn )) {
+ match = 1;
+ } else {
+ value_match( &match, slap_schema.si_ad_entryCSN,
+ slap_schema.si_ad_entryCSN->ad_type->sat_ordering,
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ &syncCookie_req.ctxcsn, &syncCookie.ctxcsn,
+ &text );
+ }
+ if ( rctrls ) {
+ ldap_controls_free( rctrls );
+ }
+ if (si->si_type != LDAP_SYNC_REFRESH_AND_PERSIST) {
+ /* FIXME : different error behaviors according to
+ * 1) err code : LDAP_BUSY ...
+ * 2) on err policy : stop service, stop sync, retry
+ */
+ if ( refreshDeletes == 0 && match < 0 &&
+ err == LDAP_SUCCESS )
+ {
+ syncrepl_del_nonpresent( op, si, NULL, &syncCookie.ctxcsn );
+ } else {
+ avl_free( si->si_presentlist, avl_ber_bvfree );
+ si->si_presentlist = NULL;
+ }
+ }
+ if ( !BER_BVISNULL( &syncCookie.ctxcsn ) &&
+ match < 0 && err == LDAP_SUCCESS )
+ {
+ syncrepl_updateCookie( si, op, psub, &syncCookie );
+ }
+ if ( err == LDAP_SUCCESS
+ && si->si_logstate == SYNCLOG_FALLBACK ) {
+ si->si_logstate = SYNCLOG_LOGGING;
+ rc = LDAP_SYNC_REFRESH_REQUIRED;
+ } else {
+ rc = -2;
+ }
+ goto done;
+ break;
+
+ case LDAP_RES_INTERMEDIATE:
+ rc = ldap_parse_intermediate( si->si_ld, msg,
+ &retoid, &retdata, NULL, 0 );
+ if ( !rc && !strcmp( retoid, LDAP_SYNC_INFO ) ) {
+ ber_init2( ber, retdata, LBER_USE_DER );
+
+ switch ( si_tag = ber_peek_tag( ber, &len )) {
+ ber_tag_t tag;
+ case LDAP_TAG_SYNC_NEW_COOKIE:
+ Debug( LDAP_DEBUG_SYNC,
+ "do_syncrep2: rid %03d %s - %s\n",
+ si->si_rid,
+ "LDAP_RES_INTERMEDIATE",
+ "NEW_COOKIE" );
+ ber_scanf( ber, "tm", &tag, &cookie );
+ break;
+ case LDAP_TAG_SYNC_REFRESH_DELETE:
+ case LDAP_TAG_SYNC_REFRESH_PRESENT:
+ Debug( LDAP_DEBUG_SYNC,
+ "do_syncrep2: rid %03d %s - %s\n",
+ si->si_rid,
+ "LDAP_RES_INTERMEDIATE",
+ si_tag == LDAP_TAG_SYNC_REFRESH_PRESENT ?
+ "REFRESH_PRESENT" : "REFRESH_DELETE" );
+ if ( si_tag == LDAP_TAG_SYNC_REFRESH_DELETE ) {
+ si->si_refreshDelete = 1;
+ } else {
+ si->si_refreshPresent = 1;
+ }
+ ber_scanf( ber, "t{" /*"}"*/, &tag );
+ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SYNC_COOKIE )
+ {
+ ber_scanf( ber, "m", &cookie );
+ if ( !BER_BVISNULL( &cookie ) ) {
+ ch_free( syncCookie.octet_str.bv_val );
+ ber_dupbv( &syncCookie.octet_str, &cookie );
+ }
+ if ( !BER_BVISNULL( &syncCookie.octet_str ) )
+ {
+ slap_parse_sync_cookie( &syncCookie, NULL );
+ }
+ }
+ if ( ber_peek_tag( ber, &len ) ==
+ LDAP_TAG_REFRESHDONE )
+ {
+ ber_scanf( ber, "b", &refreshDone );
+ }
+ ber_scanf( ber, /*"{"*/ "}" );
+ break;
+ case LDAP_TAG_SYNC_ID_SET:
+ Debug( LDAP_DEBUG_SYNC,
+ "do_syncrep2: rid %03d %s - %s\n",
+ si->si_rid,
+ "LDAP_RES_INTERMEDIATE",
+ "SYNC_ID_SET" );
+ ber_scanf( ber, "t{" /*"}"*/, &tag );
+ if ( ber_peek_tag( ber, &len ) ==
+ LDAP_TAG_SYNC_COOKIE )
+ {
+ ber_scanf( ber, "m", &cookie );
+ if ( !BER_BVISNULL( &cookie ) ) {
+ ch_free( syncCookie.octet_str.bv_val );
+ ber_dupbv( &syncCookie.octet_str, &cookie );
+ }
+ if ( !BER_BVISNULL( &syncCookie.octet_str ) )
+ {
+ slap_parse_sync_cookie( &syncCookie, NULL );
+ }
+ }
+ if ( ber_peek_tag( ber, &len ) ==
+ LDAP_TAG_REFRESHDELETES )
+ {
+ ber_scanf( ber, "b", &refreshDeletes );
+ }
+ ber_scanf( ber, "[W]", &syncUUIDs );
+ ber_scanf( ber, /*"{"*/ "}" );
+ if ( refreshDeletes ) {
+ syncrepl_del_nonpresent( op, si, syncUUIDs,
+ &syncCookie.ctxcsn );
+ ber_bvarray_free_x( syncUUIDs, op->o_tmpmemctx );
+ } else {
+ for ( i = 0; !BER_BVISNULL( &syncUUIDs[i] ); i++ ) {
+ struct berval *syncuuid_bv;
+ syncuuid_bv = ber_dupbv( NULL, &syncUUIDs[i] );
+ slap_sl_free( syncUUIDs[i].bv_val,op->o_tmpmemctx );
+ avl_insert( &si->si_presentlist,
+ (caddr_t) syncuuid_bv,
+ syncuuid_cmp, avl_dup_error );
+ }
+ slap_sl_free( syncUUIDs, op->o_tmpmemctx );
+ }
+ slap_sync_cookie_free( &syncCookie, 0 );
+ break;
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "do_syncrep2: rid %03d unknown syncinfo tag (%ld)\n",
+ si->si_rid, (long) si_tag, 0 );
+ ldap_memfree( retoid );
+ ber_bvfree( retdata );
+ continue;
+ }
+
+ if ( BER_BVISNULL( &syncCookie_req.ctxcsn )) {
+ match = -1;
+ } else if ( BER_BVISNULL( &syncCookie.ctxcsn )) {
+ match = 1;
+ } else {
+ value_match( &match, slap_schema.si_ad_entryCSN,
+ slap_schema.si_ad_entryCSN->ad_type->sat_ordering,
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ &syncCookie_req.ctxcsn,
+ &syncCookie.ctxcsn, &text );
+ }
+
+ if ( match < 0 ) {
+ if ( si->si_refreshPresent == 1 ) {
+ syncrepl_del_nonpresent( op, si, NULL, &syncCookie.ctxcsn );
+ }
+ if ( !BER_BVISNULL( &syncCookie.ctxcsn ))
+ {
+ syncrepl_updateCookie( si, op, psub, &syncCookie);
+ }
+ }
+
+ ldap_memfree( retoid );
+ ber_bvfree( retdata );
+ break;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY, "do_syncrep2: rid %03d "
+ "unknown intermediate response (%d)\n",
+ si->si_rid, rc, 0 );
+ ldap_memfree( retoid );
+ ber_bvfree( retdata );
+ break;
+ }
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY, "do_syncrep2: rid %03d "
+ "unknown message\n", si->si_rid, 0, 0 );
+ break;
+
+ }
+ if ( !BER_BVISNULL( &syncCookie.octet_str )) {
+ slap_sync_cookie_free( &syncCookie_req, 0 );
+ slap_dup_sync_cookie( &syncCookie_req, &syncCookie );
+ slap_sync_cookie_free( &syncCookie, 0 );
+ }
+ }
+ ldap_msgfree( res );
+ res = NULL;
+ }
+
+ if ( rc == -1 ) {
+ const char *errstr;
+
+ ldap_get_option( si->si_ld, LDAP_OPT_ERROR_NUMBER, &rc );
+ errstr = ldap_err2string( rc );
+
+ Debug( LDAP_DEBUG_ANY,
+ "do_syncrep2: rid %03d %s\n", si->si_rid, errstr, 0 );
+ }
+
+done:
+ slap_sync_cookie_free( &syncCookie, 0 );
+ slap_sync_cookie_free( &syncCookie_req, 0 );
+
+ if ( res ) ldap_msgfree( res );
+
+ if ( rc && rc != LDAP_SYNC_REFRESH_REQUIRED && si->si_ld ) {
+ if ( si->si_conn_setup ) {
+ ber_socket_t s;
+ ldap_get_option( si->si_ld, LDAP_OPT_DESC, &s );
+ connection_client_stop( s );
+ si->si_conn_setup = 0;
+ }
+ ldap_unbind_ext( si->si_ld, NULL, NULL );
+ si->si_ld = NULL;
+ }
+
+ return rc;
+}
+
+static void *
+do_syncrepl(
+ void *ctx,
+ void *arg )
+{
+ struct re_s* rtask = arg;
+ syncinfo_t *si = ( syncinfo_t * ) rtask->arg;
+ Connection conn = {0};
+ OperationBuffer opbuf;
+ Operation *op;
+ int rc = LDAP_SUCCESS;
+ int dostop = 0;
+ ber_socket_t s;
+ int i, defer = 1, fail = 0;
+ Backend *be;
+
+ Debug( LDAP_DEBUG_TRACE, "=>do_syncrepl rid %03d\n", si->si_rid, 0, 0 );
+
+ if ( si == NULL )
+ return NULL;
+
+ ldap_pvt_thread_mutex_lock( &si->si_mutex );
+
+ switch( abs( si->si_type )) {
+ case LDAP_SYNC_REFRESH_ONLY:
+ case LDAP_SYNC_REFRESH_AND_PERSIST:
+ break;
+ default:
+ ldap_pvt_thread_mutex_unlock( &si->si_mutex );
+ return NULL;
+ }
+
+ if ( slapd_shutdown ) {
+ if ( si->si_ld ) {
+ if ( si->si_conn_setup ) {
+ ldap_get_option( si->si_ld, LDAP_OPT_DESC, &s );
+ connection_client_stop( s );
+ si->si_conn_setup = 0;
+ }
+ ldap_unbind_ext( si->si_ld, NULL, NULL );
+ si->si_ld = NULL;
+ }
+ ldap_pvt_thread_mutex_unlock( &si->si_mutex );
+ return NULL;
+ }
+
+ op = (Operation *) &opbuf;
+ connection_fake_init( &conn, op, ctx );
+
+ /* use global malloc for now */
+ op->o_tmpmemctx = NULL;
+ op->o_tmpmfuncs = &ch_mfuncs;
+
+ op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
+ op->o_bd = be = si->si_be;
+ op->o_dn = op->o_bd->be_rootdn;
+ op->o_ndn = op->o_bd->be_rootndn;
+
+ /* Establish session, do search */
+ if ( !si->si_ld ) {
+ si->si_refreshDelete = 0;
+ si->si_refreshPresent = 0;
+ rc = do_syncrep1( op, si );
+ }
+
+reload:
+ /* Process results */
+ if ( rc == LDAP_SUCCESS ) {
+ ldap_get_option( si->si_ld, LDAP_OPT_DESC, &s );
+
+ rc = do_syncrep2( op, si );
+ if ( rc == LDAP_SYNC_REFRESH_REQUIRED ) {
+ rc = ldap_sync_search( si, op->o_tmpmemctx );
+ goto reload;
+ }
+
+ if ( abs(si->si_type) == LDAP_SYNC_REFRESH_AND_PERSIST ) {
+ /* If we succeeded, enable the connection for further listening.
+ * If we failed, tear down the connection and reschedule.
+ */
+ if ( rc == LDAP_SUCCESS ) {
+ if ( si->si_conn_setup ) {
+ connection_client_enable( s );
+ } else {
+ rc = connection_client_setup( s, do_syncrepl, arg );
+ if ( rc == 0 )
+ si->si_conn_setup = 1;
+ }
+ } else if ( si->si_conn_setup ) {
+ dostop = 1;
+ }
+ } else {
+ if ( rc == -2 ) rc = 0;
+ }
+ }
+
+ /* At this point, we have 4 cases:
+ * 1) for any hard failure, give up and remove this task
+ * 2) for ServerDown, reschedule this task to run
+ * 3) for Refresh and Success, reschedule to run
+ * 4) for Persist and Success, reschedule to defer
+ */
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+
+ if ( ldap_pvt_runqueue_isrunning( &slapd_rq, rtask )) {
+ ldap_pvt_runqueue_stoptask( &slapd_rq, rtask );
+ }
+
+ if ( dostop ) {
+ connection_client_stop( s );
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ if ( si->si_type == LDAP_SYNC_REFRESH_ONLY ) {
+ defer = 0;
+ }
+ rtask->interval.tv_sec = si->si_interval;
+ ldap_pvt_runqueue_resched( &slapd_rq, rtask, defer );
+ if ( si->si_retrynum ) {
+ for ( i = 0; si->si_retrynum_init[i] != RETRYNUM_TAIL; i++ ) {
+ si->si_retrynum[i] = si->si_retrynum_init[i];
+ }
+ si->si_retrynum[i] = RETRYNUM_TAIL;
+ }
+ } else {
+ for ( i = 0; si->si_retrynum && si->si_retrynum[i] <= 0; i++ ) {
+ if ( si->si_retrynum[i] == RETRYNUM_FOREVER || si->si_retrynum[i] == RETRYNUM_TAIL )
+ break;
+ }
+
+ if ( !si->si_retrynum || si->si_retrynum[i] == RETRYNUM_TAIL ) {
+ ldap_pvt_runqueue_remove( &slapd_rq, rtask );
+ fail = RETRYNUM_TAIL;
+ } else if ( RETRYNUM_VALID( si->si_retrynum[i] ) ) {
+ if ( si->si_retrynum[i] > 0 )
+ si->si_retrynum[i]--;
+ fail = si->si_retrynum[i];
+ rtask->interval.tv_sec = si->si_retryinterval[i];
+ ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 );
+ slap_wake_listener();
+ }
+ }
+
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+ ldap_pvt_thread_mutex_unlock( &si->si_mutex );
+
+ if ( rc ) {
+ if ( fail == RETRYNUM_TAIL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "do_syncrepl: rid %03d quitting\n",
+ si->si_rid, 0, 0 );
+ } else if ( fail > 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "do_syncrepl: rid %03d retrying (%d retries left)\n",
+ si->si_rid, fail, 0 );
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "do_syncrepl: rid %03d retrying\n",
+ si->si_rid, 0, 0 );
+ }
+ }
+
+ return NULL;
+}
+
+static slap_verbmasks modops[] = {
+ { BER_BVC("add"), LDAP_REQ_ADD },
+ { BER_BVC("delete"), LDAP_REQ_DELETE },
+ { BER_BVC("modify"), LDAP_REQ_MODIFY },
+ { BER_BVC("modrdn"), LDAP_REQ_MODRDN},
+ { BER_BVNULL, 0 }
+};
+
+static Modifications *
+syncrepl_accesslog_mods(
+ syncinfo_t *si,
+ struct berval *vals
+)
+{
+ char *colon;
+ const char *text;
+ AttributeDescription *ad;
+ struct berval bv, bv2;
+ short op;
+ Modifications *mod = NULL, *modlist = NULL, **modtail;
+ int i;
+
+ modtail = &modlist;
+
+ for (i=0; !BER_BVISNULL( &vals[i] ); i++) {
+ ad = NULL;
+ bv = vals[i];
+
+ colon = ber_bvchr( &bv, ':' );
+ if ( !colon )
+ continue; /* invalid */
+ bv.bv_len = colon - bv.bv_val;
+ if ( slap_bv2ad( &bv, &ad, &text )) {
+ /* Invalid */
+ continue;
+ }
+ /* Ignore dynamically generated attrs */
+ if ( ad->ad_type->sat_flags & SLAP_AT_DYNAMIC )
+ continue;
+ /* Ignore excluded attrs */
+ if ( ldap_charray_inlist( si->si_exattrs,
+ ad->ad_type->sat_cname.bv_val ))
+ continue;
+
+ switch(colon[1]) {
+ case '+': op = LDAP_MOD_ADD; break;
+ case '-': op = LDAP_MOD_DELETE; break;
+ case '=': op = LDAP_MOD_REPLACE; break;
+ case '#': op = LDAP_MOD_INCREMENT; break;
+ default: continue;
+ }
+
+ if ( !mod || ad != mod->sml_desc || op != mod->sml_op ) {
+ mod = (Modifications *) ch_malloc( sizeof( Modifications ));
+ mod->sml_flags = 0;
+ mod->sml_op = op;
+ mod->sml_next = NULL;
+ mod->sml_desc = ad;
+ mod->sml_type = ad->ad_cname;
+ mod->sml_values = NULL;
+ mod->sml_nvalues = NULL;
+
+ *modtail = mod;
+ modtail = &mod->sml_next;
+ }
+ if ( colon[2] == ' ' ) {
+ bv.bv_val = colon + 3;
+ bv.bv_len = vals[i].bv_len - ( bv.bv_val - vals[i].bv_val );
+ ber_dupbv( &bv2, &bv );
+ ber_bvarray_add( &mod->sml_values, &bv2 );
+ }
+ }
+ return modlist;
+}
+
+static Modifications *
+syncrepl_changelog_mods(
+ syncinfo_t *si,
+ struct berval *vals
+)
+{
+ return NULL; /* FIXME */
+}
+
+static int
+syncrepl_message_to_op(
+ syncinfo_t *si,
+ Operation *op,
+ LDAPMessage *msg
+)
+{
+ BerElement *ber = NULL;
+ Modifications *modlist = NULL;
+ logschema *ls;
+ SlapReply rs = { REP_RESULT };
+ slap_callback cb = { NULL, null_callback, NULL, NULL };
+
+ const char *text;
+ char txtbuf[SLAP_TEXT_BUFLEN];
+ size_t textlen = sizeof txtbuf;
+
+ struct berval bdn, dn = BER_BVNULL, ndn;
+ struct berval bv, *bvals = NULL;
+ struct berval rdn = BER_BVNULL, sup = BER_BVNULL,
+ prdn = BER_BVNULL, nrdn = BER_BVNULL,
+ psup = BER_BVNULL, nsup = BER_BVNULL;
+ int rc, deleteOldRdn = 0, freeReqDn = 0;
+
+ if ( ldap_msgtype( msg ) != LDAP_RES_SEARCH_ENTRY ) {
+ Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_op: rid %03d "
+ "Message type should be entry (%d)",
+ si->si_rid, ldap_msgtype( msg ), 0 );
+ return -1;
+ }
+
+ if ( si->si_syncdata == SYNCDATA_ACCESSLOG )
+ ls = &accesslog_sc;
+ else
+ ls = &changelog_sc;
+
+ rc = ldap_get_dn_ber( si->si_ld, msg, &ber, &bdn );
+
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "syncrepl_message_to_op: rid %03d dn get failed (%d)",
+ si->si_rid, rc, 0 );
+ return rc;
+ }
+
+ op->o_tag = LBER_DEFAULT;
+
+ while (( rc = ldap_get_attribute_ber( si->si_ld, msg, ber, &bv, &bvals ))
+ == LDAP_SUCCESS ) {
+ if ( bv.bv_val == NULL )
+ break;
+
+ if ( !ber_bvstrcasecmp( &bv, &ls->ls_dn )) {
+ bdn = bvals[0];
+ dnPrettyNormal( NULL, &bdn, &dn, &ndn, op->o_tmpmemctx );
+ ber_dupbv( &op->o_req_dn, &dn );
+ ber_dupbv( &op->o_req_ndn, &ndn );
+ slap_sl_free( ndn.bv_val, op->o_tmpmemctx );
+ slap_sl_free( dn.bv_val, op->o_tmpmemctx );
+ freeReqDn = 1;
+ } else if ( !ber_bvstrcasecmp( &bv, &ls->ls_req )) {
+ int i = verb_to_mask( bvals[0].bv_val, modops );
+ if ( i < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "syncrepl_message_to_op: rid %03d unknown op %s",
+ si->si_rid, bvals[0].bv_val, 0 );
+ ch_free( bvals );
+ rc = -1;
+ goto done;
+ }
+ op->o_tag = modops[i].mask;
+ } else if ( !ber_bvstrcasecmp( &bv, &ls->ls_mod )) {
+ /* Parse attribute into modlist */
+ if ( si->si_syncdata == SYNCDATA_ACCESSLOG )
+ modlist = syncrepl_accesslog_mods( si, bvals );
+ else
+ modlist = syncrepl_changelog_mods( si, bvals );
+ } else if ( !ber_bvstrcasecmp( &bv, &ls->ls_newRdn )) {
+ rdn = bvals[0];
+ } else if ( !ber_bvstrcasecmp( &bv, &ls->ls_delRdn )) {
+ if ( !ber_bvstrcasecmp( &slap_true_bv, bvals ))
+ deleteOldRdn = 1;
+ } else if ( !ber_bvstrcasecmp( &bv, &ls->ls_newSup )) {
+ sup = bvals[0];
+ } else if ( !ber_bvstrcasecmp( &bv,
+ &slap_schema.si_ad_entryCSN->ad_cname )) {
+ slap_queue_csn( op, bvals );
+ }
+ ch_free( bvals );
+ }
+
+ /* If we didn't get a mod type or a target DN, bail out */
+ if ( op->o_tag == LBER_DEFAULT || BER_BVISNULL( &dn )) {
+ rc = -1;
+ goto done;
+ }
+
+ op->o_callback = &cb;
+ slap_op_time( &op->o_time, &op->o_tincr );
+
+ switch( op->o_tag ) {
+ case LDAP_REQ_ADD:
+ case LDAP_REQ_MODIFY:
+ /* If we didn't get required data, bail */
+ if ( !modlist ) goto done;
+
+ rc = slap_mods_check( modlist, &text, txtbuf, textlen, NULL );
+
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_op: rid %03d "
+ "mods check (%s)\n",
+ si->si_rid, text, 0 );
+ goto done;
+ }
+
+ if ( op->o_tag == LDAP_REQ_ADD ) {
+ op->ora_e = ( Entry * ) ch_calloc( 1, sizeof( Entry ) );
+ op->ora_e->e_name = op->o_req_dn;
+ op->ora_e->e_nname = op->o_req_ndn;
+ freeReqDn = 0;
+ rc = slap_mods2entry( modlist, &op->ora_e, 1, 0, &text, txtbuf, textlen);
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_op: rid %03d "
+ "mods2entry (%s)\n",
+ si->si_rid, text, 0 );
+ } else {
+ rc = op->o_bd->be_add( op, &rs );
+ Debug( LDAP_DEBUG_SYNC,
+ "syncrepl_message_to_op: rid %03d be_add %s (%d)\n",
+ si->si_rid, op->o_req_dn.bv_val, rc );
+ }
+ be_entry_release_w( op, op->ora_e );
+ } else {
+ op->orm_modlist = modlist;
+ rc = op->o_bd->be_modify( op, &rs );
+ modlist = op->orm_modlist;
+ Debug( rc ? LDAP_DEBUG_ANY : LDAP_DEBUG_SYNC,
+ "syncrepl_message_to_op: rid %03d be_modify %s (%d)\n",
+ si->si_rid, op->o_req_dn.bv_val, rc );
+ }
+ break;
+ case LDAP_REQ_MODRDN:
+ if ( BER_BVISNULL( &rdn )) goto done;
+
+ if ( rdnPretty( NULL, &rdn, &prdn, NULL ))
+ goto done;
+ if ( rdnNormalize( 0, NULL, NULL, &rdn, &nrdn, NULL ))
+ goto done;
+ if ( !BER_BVISNULL( &sup )) {
+ if ( dnPrettyNormal( NULL, &sup, &psup, &nsup, NULL ))
+ goto done;
+ op->orr_newSup = &psup;
+ op->orr_nnewSup = ⊅
+ } else {
+ op->orr_newSup = NULL;
+ op->orr_nnewSup = NULL;
+ }
+ op->orr_newrdn = prdn;
+ op->orr_nnewrdn = nrdn;
+ op->orr_deleteoldrdn = deleteOldRdn;
+ rc = op->o_bd->be_modrdn( op, &rs );
+ Debug( rc ? LDAP_DEBUG_ANY : LDAP_DEBUG_SYNC,
+ "syncrepl_message_to_op: rid %03d be_modrdn %s (%d)\n",
+ si->si_rid, op->o_req_dn.bv_val, rc );
+ break;
+ case LDAP_REQ_DELETE:
+ rc = op->o_bd->be_delete( op, &rs );
+ Debug( rc ? LDAP_DEBUG_ANY : LDAP_DEBUG_SYNC,
+ "syncrepl_message_to_op: rid %03d be_delete %s (%d)\n",
+ si->si_rid, op->o_req_dn.bv_val, rc );
+ break;
+ }
+done:
+ slap_graduate_commit_csn( op );
+ op->o_tmpfree( op->o_csn.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &op->o_csn );
+ if ( modlist )
+ slap_mods_free( modlist, op->o_tag != LDAP_REQ_ADD );
+ if ( !BER_BVISNULL( &rdn )) {
+ if ( !BER_BVISNULL( &nsup ))
+ ch_free( nsup.bv_val );
+ if ( !BER_BVISNULL( &psup ))
+ ch_free( psup.bv_val );
+ if ( !BER_BVISNULL( &nrdn ))
+ ch_free( nrdn.bv_val );
+ if ( !BER_BVISNULL( &prdn ))
+ ch_free( prdn.bv_val );
+ }
+ if ( freeReqDn ) {
+ ch_free( op->o_req_ndn.bv_val );
+ ch_free( op->o_req_dn.bv_val );
+ }
+ ber_free ( ber, 0 );
+ return rc;
+}
+
+static int
+syncrepl_message_to_entry(
+ syncinfo_t *si,
+ Operation *op,
+ LDAPMessage *msg,
+ Modifications **modlist,
+ Entry **entry,
+ int syncstate
+)
+{
+ Entry *e = NULL;
+ BerElement *ber = NULL;
+ Modifications tmp;
+ Modifications *mod;
+ Modifications **modtail = modlist;
+
+ const char *text;
+ char txtbuf[SLAP_TEXT_BUFLEN];
+ size_t textlen = sizeof txtbuf;
+
+ struct berval bdn = BER_BVNULL, dn, ndn;
+ int rc;
+
+ *modlist = NULL;
+
+ if ( ldap_msgtype( msg ) != LDAP_RES_SEARCH_ENTRY ) {
+ Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: rid %03d "
+ "Message type should be entry (%d)",
+ si->si_rid, ldap_msgtype( msg ), 0 );
+ return -1;
+ }
+
+ op->o_tag = LDAP_REQ_ADD;
+
+ rc = ldap_get_dn_ber( si->si_ld, msg, &ber, &bdn );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "syncrepl_message_to_entry: rid %03d dn get failed (%d)",
+ si->si_rid, rc, 0 );
+ return rc;
+ }
+
+ dnPrettyNormal( NULL, &bdn, &dn, &ndn, op->o_tmpmemctx );
+ ber_dupbv( &op->o_req_dn, &dn );
+ ber_dupbv( &op->o_req_ndn, &ndn );
+ slap_sl_free( ndn.bv_val, op->o_tmpmemctx );
+ slap_sl_free( dn.bv_val, op->o_tmpmemctx );
+
+ if ( syncstate == LDAP_SYNC_PRESENT || syncstate == LDAP_SYNC_DELETE ) {
+ /* NOTE: this could be done even before decoding the DN,
+ * although encoding errors wouldn't be detected */
+ rc = LDAP_SUCCESS;
+ goto done;
+ }
+
+ if ( entry == NULL ) {
+ rc = -1;
+ goto done;
+ }
+
+ e = ( Entry * ) ch_calloc( 1, sizeof( Entry ) );
+ *entry = e;
+ e->e_name = op->o_req_dn;
+ e->e_nname = op->o_req_ndn;
+
+ while ( ber_remaining( ber ) ) {
+ if ( (ber_scanf( ber, "{mW}", &tmp.sml_type, &tmp.sml_values ) ==
+ LBER_ERROR ) || BER_BVISNULL( &tmp.sml_type ) )
+ {
+ break;
+ }
+
+ mod = (Modifications *) ch_malloc( sizeof( Modifications ));
+
+ mod->sml_op = LDAP_MOD_REPLACE;
+ mod->sml_flags = 0;
+ mod->sml_next = NULL;
+ mod->sml_desc = NULL;
+ mod->sml_type = tmp.sml_type;
+ mod->sml_values = tmp.sml_values;
+ mod->sml_nvalues = NULL;
+
+ *modtail = mod;
+ modtail = &mod->sml_next;
+ }
+
+ if ( *modlist == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: rid %03d no attributes\n",
+ si->si_rid, 0, 0 );
+ rc = -1;
+ goto done;
+ }
+
+ rc = slap_mods_check( *modlist, &text, txtbuf, textlen, NULL );
+
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: rid %03d mods check (%s)\n",
+ si->si_rid, text, 0 );
+ goto done;
+ }
+
+ /* Strip out dynamically generated attrs */
+ for ( modtail = modlist; *modtail ; ) {
+ mod = *modtail;
+ if ( mod->sml_desc->ad_type->sat_flags & SLAP_AT_DYNAMIC ) {
+ *modtail = mod->sml_next;
+ slap_mod_free( &mod->sml_mod, 0 );
+ ch_free( mod );
+ } else {
+ modtail = &mod->sml_next;
+ }
+ }
+
+ /* Strip out attrs in exattrs list */
+ for ( modtail = modlist; *modtail ; ) {
+ mod = *modtail;
+ if ( ldap_charray_inlist( si->si_exattrs,
+ mod->sml_desc->ad_type->sat_cname.bv_val )) {
+ *modtail = mod->sml_next;
+ slap_mod_free( &mod->sml_mod, 0 );
+ ch_free( mod );
+ } else {
+ modtail = &mod->sml_next;
+ }
+ }
+
+ rc = slap_mods2entry( *modlist, &e, 1, 1, &text, txtbuf, textlen);
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: rid %03d mods2entry (%s)\n",
+ si->si_rid, text, 0 );
+ }
+
+done:
+ ber_free( ber, 0 );
+ if ( rc != LDAP_SUCCESS ) {
+ if ( e ) {
+ entry_free( e );
+ *entry = e = NULL;
+ }
+ }
+
+ return rc;
+}
+
+static struct berval generic_filterstr = BER_BVC("(objectclass=*)");
+
+/* During a refresh, we may get an LDAP_SYNC_ADD for an already existing
+ * entry if a previous refresh was interrupted before sending us a new
+ * context state. We try to compare the new entry to the existing entry
+ * and ignore the new entry if they are the same.
+ *
+ * Also, we may get an update where the entryDN has changed, due to
+ * a ModDn on the provider. We detect this as well, so we can issue
+ * the corresponding operation locally.
+ *
+ * In the case of a modify, we get a list of all the attributes
+ * in the original entry. Rather than deleting the entry and re-adding it,
+ * we issue a Modify request that deletes all the attributes and adds all
+ * the new ones. This avoids the issue of trying to delete/add a non-leaf
+ * entry.
+ *
+ * We don't try to otherwise distinguish ModDN from Modify; in the case of
+ * a ModDN we will issue both operations on the local database.
+ */
+typedef struct dninfo {
+ Entry *new_entry;
+ struct berval dn;
+ struct berval ndn;
+ int renamed; /* Was an existing entry renamed? */
+ int wasChanged; /* are the attributes changed? */
+ int attrs; /* how many attribute types are in the ads list */
+ AttributeDescription **ads;
+} dninfo;
+
+static int
+syncrepl_entry(
+ syncinfo_t* si,
+ Operation *op,
+ Entry* entry,
+ Modifications** modlist,
+ int syncstate,
+ struct berval* syncUUID,
+ struct sync_cookie* syncCookie_req,
+ struct berval* syncCSN )
+{
+ Backend *be = op->o_bd;
+ slap_callback cb = { NULL, NULL, NULL, NULL };
+ struct berval *syncuuid_bv = NULL;
+ struct berval syncUUID_strrep = BER_BVNULL;
+ struct berval uuid_bv = BER_BVNULL;
+
+ SlapReply rs_search = {REP_RESULT};
+ SlapReply rs_delete = {REP_RESULT};
+ SlapReply rs_add = {REP_RESULT};
+ SlapReply rs_modify = {REP_RESULT};
+ Filter f = {0};
+#ifdef LDAP_COMP_MATCH
+ AttributeAssertion ava = { NULL, BER_BVNULL, NULL };
+#else
+ AttributeAssertion ava = { NULL, BER_BVNULL };
+#endif
+ int rc = LDAP_SUCCESS;
+ int ret = LDAP_SUCCESS;
+
+ struct berval pdn = BER_BVNULL;
+ dninfo dni = {0};
+ int retry = 1;
+
+ switch( syncstate ) {
+ case LDAP_SYNC_PRESENT:
+ Debug( LDAP_DEBUG_SYNC, "syncrepl_entry: rid %03d %s\n",
+ si->si_rid,
+ "LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_PRESENT)", 0 );
+ break;
+ case LDAP_SYNC_ADD:
+ Debug( LDAP_DEBUG_SYNC, "syncrepl_entry: rid %03d %s\n",
+ si->si_rid,
+ "LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)", 0 );
+ break;
+ case LDAP_SYNC_DELETE:
+ Debug( LDAP_DEBUG_SYNC, "syncrepl_entry: rid %03d %s\n",
+ si->si_rid,
+ "LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_DELETE)", 0 );
+ break;
+ case LDAP_SYNC_MODIFY:
+ Debug( LDAP_DEBUG_SYNC, "syncrepl_entry: rid %03d %s\n",
+ si->si_rid,
+ "LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_MODIFY)", 0 );
+ break;
+ default:
+ Debug( LDAP_DEBUG_ANY, "syncrepl_entry: rid %03d %s\n",
+ si->si_rid,
+ "LDAP_RES_SEARCH_ENTRY(UNKNOWN syncstate)", 0 );
+ }
+
+ if (( syncstate == LDAP_SYNC_PRESENT || syncstate == LDAP_SYNC_ADD )) {
+ if ( !si->si_refreshPresent ) {
+ syncuuid_bv = ber_dupbv( NULL, syncUUID );
+ avl_insert( &si->si_presentlist, (caddr_t) syncuuid_bv,
+ syncuuid_cmp, avl_dup_error );
+ }
+ }
+
+ if ( syncstate == LDAP_SYNC_PRESENT ) {
+ return 0;
+ } else if ( syncstate != LDAP_SYNC_DELETE ) {
+ if ( entry == NULL ) {
+ return 0;
+ }
+ }
+
+ f.f_choice = LDAP_FILTER_EQUALITY;
+ f.f_ava = &ava;
+ ava.aa_desc = slap_schema.si_ad_entryUUID;
+ (void)slap_uuidstr_from_normalized( &syncUUID_strrep, syncUUID, op->o_tmpmemctx );
+ ava.aa_value = *syncUUID;
+ op->ors_filter = &f;
+
+ op->ors_filterstr.bv_len = STRLENOF( "(entryUUID=)" ) + syncUUID_strrep.bv_len;
+ op->ors_filterstr.bv_val = (char *) slap_sl_malloc(
+ op->ors_filterstr.bv_len + 1, op->o_tmpmemctx );
+ AC_MEMCPY( op->ors_filterstr.bv_val, "(entryUUID=", STRLENOF( "(entryUUID=" ) );
+ AC_MEMCPY( &op->ors_filterstr.bv_val[STRLENOF( "(entryUUID=" )],
+ syncUUID_strrep.bv_val, syncUUID_strrep.bv_len );
+ op->ors_filterstr.bv_val[op->ors_filterstr.bv_len - 1] = ')';
+ op->ors_filterstr.bv_val[op->ors_filterstr.bv_len] = '\0';
+
+ op->o_tag = LDAP_REQ_SEARCH;
+ op->ors_scope = LDAP_SCOPE_SUBTREE;
+ op->ors_deref = LDAP_DEREF_NEVER;
+
+ /* get the entry for this UUID */
+ op->o_req_dn = si->si_base;
+ op->o_req_ndn = si->si_base;
+
+ op->o_time = slap_get_time();
+ op->ors_tlimit = SLAP_NO_LIMIT;
+ op->ors_slimit = 1;
+
+ op->ors_attrs = slap_anlist_all_attributes;
+ op->ors_attrsonly = 0;
+
+ /* set callback function */
+ op->o_callback = &cb;
+ cb.sc_response = dn_callback;
+ cb.sc_private = &dni;
+ dni.new_entry = entry;
+
+ if ( limits_check( op, &rs_search ) == 0 ) {
+ rc = be->be_search( op, &rs_search );
+ Debug( LDAP_DEBUG_SYNC,
+ "syncrepl_entry: rid %03d be_search (%d)\n",
+ si->si_rid, rc, 0 );
+ }
+
+ if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
+ slap_sl_free( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+ }
+
+ cb.sc_response = null_callback;
+ cb.sc_private = si;
+
+ if ( entry && !BER_BVISNULL( &entry->e_name ) ) {
+ Debug( LDAP_DEBUG_SYNC,
+ "syncrepl_entry: rid %03d %s\n",
+ si->si_rid, entry->e_name.bv_val, 0 );
+ } else {
+ Debug( LDAP_DEBUG_SYNC,
+ "syncrepl_entry: rid %03d %s\n",
+ si->si_rid, dni.dn.bv_val ? dni.dn.bv_val : "(null)", 0 );
+ }
+
+ if ( syncstate != LDAP_SYNC_DELETE ) {
+ Attribute *a = attr_find( entry->e_attrs, slap_schema.si_ad_entryUUID );
+
+ if ( a == NULL ) {
+ /* add if missing */
+ attr_merge_one( entry, slap_schema.si_ad_entryUUID,
+ &syncUUID_strrep, syncUUID );
+
+ } else if ( !bvmatch( &a->a_nvals[0], syncUUID ) ) {
+ /* replace only if necessary */
+ if ( a->a_nvals != a->a_vals ) {
+ ber_memfree( a->a_nvals[0].bv_val );
+ ber_dupbv( &a->a_nvals[0], syncUUID );
+ }
+ ber_memfree( a->a_vals[0].bv_val );
+ ber_dupbv( &a->a_vals[0], &syncUUID_strrep );
+ }
+ /* Don't save the contextCSN on the inooming context entry,
+ * we'll write it when syncrepl_updateCookie eventually
+ * gets called. (ITS#4622)
+ */
+ if ( syncstate == LDAP_SYNC_ADD && dn_match( &entry->e_nname,
+ &be->be_nsuffix[0] )) {
+ Attribute **ap;
+ for ( ap = &entry->e_attrs; *ap; ap=&(*ap)->a_next ) {
+ a = *ap;
+ if ( a->a_desc == slap_schema.si_ad_contextCSN ) {
+ *ap = a->a_next;
+ attr_free( a );
+ break;
+ }
+ }
+ }
+ }
+
+ slap_op_time( &op->o_time, &op->o_tincr );
+ switch ( syncstate ) {
+ case LDAP_SYNC_ADD:
+ case LDAP_SYNC_MODIFY:
+ {
+ Attribute *a = attr_find( entry->e_attrs, slap_schema.si_ad_entryCSN );
+ if ( a )
+ op->o_csn = a->a_vals[0];
+ }
+retry_add:;
+ if ( BER_BVISNULL( &dni.dn )) {
+
+ op->o_req_dn = entry->e_name;
+ op->o_req_ndn = entry->e_nname;
+ op->o_tag = LDAP_REQ_ADD;
+ op->ora_e = entry;
+
+ rc = be->be_add( op, &rs_add );
+ Debug( LDAP_DEBUG_SYNC,
+ "syncrepl_entry: rid %03d be_add (%d)\n",
+ si->si_rid, rc, 0 );
+ switch ( rs_add.sr_err ) {
+ case LDAP_SUCCESS:
+ be_entry_release_w( op, entry );
+ ret = 0;
+ break;
+
+ case LDAP_REFERRAL:
+ /* we assume that LDAP_NO_SUCH_OBJECT is returned
+ * only if the suffix entry is not present */
+ case LDAP_NO_SUCH_OBJECT:
+ syncrepl_add_glue( op, entry );
+ ret = 0;
+ break;
+
+ /* if an entry was added via syncrepl_add_glue(),
+ * it likely has no entryUUID, so the previous
+ * be_search() doesn't find it. In this case,
+ * give syncrepl a chance to modify it. Also
+ * allow for entries that were recreated with the
+ * same DN but a different entryUUID.
+ */
+ case LDAP_ALREADY_EXISTS:
+ if ( retry ) {
+ Operation op2 = *op;
+ SlapReply rs2 = { 0 };
+ slap_callback cb2 = { 0 };
+
+ op2.o_tag = LDAP_REQ_SEARCH;
+ op2.o_req_dn = entry->e_name;
+ op2.o_req_ndn = entry->e_nname;
+ op2.ors_scope = LDAP_SCOPE_BASE;
+ op2.ors_deref = LDAP_DEREF_NEVER;
+ op2.ors_attrs = slap_anlist_all_attributes;
+ op2.ors_attrsonly = 0;
+ op2.ors_limit = NULL;
+ op2.ors_slimit = 1;
+ op2.ors_tlimit = SLAP_NO_LIMIT;
+
+ f.f_choice = LDAP_FILTER_PRESENT;
+ f.f_desc = slap_schema.si_ad_objectClass;
+ op2.ors_filter = &f;
+ op2.ors_filterstr = generic_filterstr;
+
+ op2.o_callback = &cb2;
+ cb2.sc_response = dn_callback;
+ cb2.sc_private = &dni;
+
+ be->be_search( &op2, &rs2 );
+
+ retry = 0;
+ slap_op_time( &op->o_time, &op->o_tincr );
+ goto retry_add;
+ }
+ /* FALLTHRU */
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "syncrepl_entry: rid %03d be_add failed (%d)\n",
+ si->si_rid, rs_add.sr_err, 0 );
+ ret = 1;
+ break;
+ }
+ goto done;
+ }
+ /* FALLTHRU */
+ op->o_req_dn = dni.dn;
+ op->o_req_ndn = dni.ndn;
+ if ( dni.renamed ) {
+ struct berval noldp, newp, nnewp;
+
+ op->o_tag = LDAP_REQ_MODRDN;
+ dnRdn( &entry->e_name, &op->orr_newrdn );
+ dnRdn( &entry->e_nname, &op->orr_nnewrdn );
+
+ dnParent( &dni.ndn, &noldp );
+ dnParent( &entry->e_nname, &nnewp );
+ if ( !dn_match( &noldp, &nnewp )) {
+ dnParent( &entry->e_name, &newp );
+ op->orr_newSup = &newp;
+ op->orr_nnewSup = &nnewp;
+ } else {
+ op->orr_newSup = NULL;
+ op->orr_nnewSup = NULL;
+ }
+ op->orr_deleteoldrdn = 0;
+ rc = be->be_modrdn( op, &rs_modify );
+ Debug( LDAP_DEBUG_SYNC,
+ "syncrepl_entry: rid %03d be_modrdn (%d)\n",
+ si->si_rid, rc, 0 );
+ if ( rs_modify.sr_err == LDAP_SUCCESS ) {
+ op->o_req_dn = entry->e_name;
+ op->o_req_ndn = entry->e_nname;
+ } else {
+ ret = 1;
+ goto done;
+ }
+ if ( dni.wasChanged )
+ slap_op_time( &op->o_time, &op->o_tincr );
+ }
+ if ( dni.wasChanged ) {
+ Modifications *mod, *modhead = NULL;
+ Modifications *modtail = NULL;
+ int i;
+
+ op->o_tag = LDAP_REQ_MODIFY;
+
+ assert( *modlist != NULL );
+
+ /* Delete all the old attrs */
+ for ( i = 0; i < dni.attrs; i++ ) {
+ mod = ch_malloc( sizeof( Modifications ) );
+ mod->sml_op = LDAP_MOD_DELETE;
+ mod->sml_flags = 0;
+ mod->sml_desc = dni.ads[i];
+ mod->sml_type = mod->sml_desc->ad_cname;
+ mod->sml_values = NULL;
+ mod->sml_nvalues = NULL;
+ if ( !modhead ) modhead = mod;
+ if ( modtail ) {
+ modtail->sml_next = mod;
+ }
+ modtail = mod;
+ }
+
+ /* Append passed in list to ours */
+ if ( modtail ) {
+ modtail->sml_next = *modlist;
+ *modlist = modhead;
+ } else {
+ mod = *modlist;
+ }
+
+ /* Find end of this list */
+ for ( ; mod != NULL; mod = mod->sml_next ) {
+ modtail = mod;
+ }
+
+ mod = (Modifications *)ch_calloc(1, sizeof(Modifications));
+ mod->sml_op = LDAP_MOD_REPLACE;
+ mod->sml_flags = 0;
+ mod->sml_desc = slap_schema.si_ad_entryUUID;
+ mod->sml_type = mod->sml_desc->ad_cname;
+ ber_dupbv( &uuid_bv, &syncUUID_strrep );
+ ber_bvarray_add( &mod->sml_values, &uuid_bv );
+ ber_dupbv( &uuid_bv, syncUUID );
+ ber_bvarray_add( &mod->sml_nvalues, &uuid_bv );
+ modtail->sml_next = mod;
+
+ op->o_tag = LDAP_REQ_MODIFY;
+ op->orm_modlist = *modlist;
+
+ rc = be->be_modify( op, &rs_modify );
+ Debug( LDAP_DEBUG_SYNC,
+ "syncrepl_entry: rid %03d be_modify (%d)\n",
+ si->si_rid, rc, 0 );
+ if ( rs_modify.sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "syncrepl_entry: rid %03d be_modify failed (%d)\n",
+ si->si_rid, rs_modify.sr_err, 0 );
+ }
+ }
+ ret = 1;
+ goto done;
+ case LDAP_SYNC_DELETE :
+ if ( !BER_BVISNULL( &dni.dn )) {
+ op->o_req_dn = dni.dn;
+ op->o_req_ndn = dni.ndn;
+ op->o_tag = LDAP_REQ_DELETE;
+ rc = be->be_delete( op, &rs_delete );
+ Debug( LDAP_DEBUG_SYNC,
+ "syncrepl_entry: rid %03d be_delete (%d)\n",
+ si->si_rid, rc, 0 );
+
+ while ( rs_delete.sr_err == LDAP_SUCCESS
+ && op->o_delete_glue_parent ) {
+ op->o_delete_glue_parent = 0;
+ if ( !be_issuffix( op->o_bd, &op->o_req_ndn )) {
+ slap_callback cb = { NULL };
+ cb.sc_response = slap_null_cb;
+ dnParent( &op->o_req_ndn, &pdn );
+ op->o_req_dn = pdn;
+ op->o_req_ndn = pdn;
+ op->o_callback = &cb;
+ op->o_bd->be_delete( op, &rs_delete );
+ } else {
+ break;
+ }
+ }
+ }
+ ret = 0;
+ goto done;
+
+ default :
+ Debug( LDAP_DEBUG_ANY,
+ "syncrepl_entry: rid %03d unknown syncstate\n", si->si_rid, 0, 0 );
+ ret = 1;
+ goto done;
+ }
+
+done :
+ if ( !BER_BVISNULL( &syncUUID_strrep ) ) {
+ slap_sl_free( syncUUID_strrep.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &syncUUID_strrep );
+ }
+ if ( dni.ads ) {
+ op->o_tmpfree( dni.ads, op->o_tmpmemctx );
+ }
+ if ( !BER_BVISNULL( &dni.ndn ) ) {
+ op->o_tmpfree( dni.ndn.bv_val, op->o_tmpmemctx );
+ }
+ if ( !BER_BVISNULL( &dni.dn ) ) {
+ op->o_tmpfree( dni.dn.bv_val, op->o_tmpmemctx );
+ }
+ BER_BVZERO( &op->o_csn );
+ return ret;
+}
+
+static struct berval gcbva[] = {
+ BER_BVC("top"),
+ BER_BVC("glue"),
+ BER_BVNULL
+};
+
+#define NP_DELETE_ONE 2
+
+static void
+syncrepl_del_nonpresent(
+ Operation *op,
+ syncinfo_t *si,
+ BerVarray uuids,
+ struct berval *cookiecsn )
+{
+ Backend* be = op->o_bd;
+ slap_callback cb = { NULL };
+ SlapReply rs_search = {REP_RESULT};
+ SlapReply rs_delete = {REP_RESULT};
+ SlapReply rs_modify = {REP_RESULT};
+ struct nonpresent_entry *np_list, *np_prev;
+ int rc;
+ AttributeName an[2];
+
+ struct berval pdn = BER_BVNULL;
+ struct berval csn;
+
+ op->o_req_dn = si->si_base;
+ op->o_req_ndn = si->si_base;
+
+ cb.sc_response = nonpresent_callback;
+ cb.sc_private = si;
+
+ op->o_callback = &cb;
+ op->o_tag = LDAP_REQ_SEARCH;
+ op->ors_scope = si->si_scope;
+ op->ors_deref = LDAP_DEREF_NEVER;
+ op->o_time = slap_get_time();
+ op->ors_tlimit = SLAP_NO_LIMIT;
+
+
+ if ( uuids ) {
+ Filter uf;
+#ifdef LDAP_COMP_MATCH
+ AttributeAssertion eq = { NULL, BER_BVNULL, NULL };
+#else
+ AttributeAssertion eq = { NULL, BER_BVNULL };
+#endif
+ int i;
+
+ op->ors_attrsonly = 1;
+ op->ors_attrs = slap_anlist_no_attrs;
+ op->ors_limit = NULL;
+ op->ors_filter = &uf;
+
+ uf.f_ava = &eq;
+ uf.f_av_desc = slap_schema.si_ad_entryUUID;
+ uf.f_next = NULL;
+ uf.f_choice = LDAP_FILTER_EQUALITY;
+ si->si_refreshDelete |= NP_DELETE_ONE;
+
+ for (i=0; uuids[i].bv_val; i++) {
+ op->ors_slimit = 1;
+ slap_uuidstr_from_normalized( &uf.f_av_value, &uuids[i],
+ op->o_tmpmemctx );
+ filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
+ op->o_tmpfree( uf.f_av_value.bv_val, op->o_tmpmemctx );
+ uf.f_av_value = uuids[i];
+ rc = be->be_search( op, &rs_search );
+ op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+ }
+ si->si_refreshDelete ^= NP_DELETE_ONE;
+ } else {
+ memset( &an[0], 0, 2 * sizeof( AttributeName ) );
+ an[0].an_name = slap_schema.si_ad_entryUUID->ad_cname;
+ an[0].an_desc = slap_schema.si_ad_entryUUID;
+ op->ors_attrs = an;
+ op->ors_slimit = SLAP_NO_LIMIT;
+ op->ors_attrsonly = 0;
+ op->ors_filter = str2filter_x( op, si->si_filterstr.bv_val );
+ op->ors_filterstr = si->si_filterstr;
+ op->o_nocaching = 1;
+
+ if ( limits_check( op, &rs_search ) == 0 ) {
+ rc = be->be_search( op, &rs_search );
+ }
+ if ( op->ors_filter ) filter_free_x( op, op->ors_filter );
+ }
+
+ op->o_nocaching = 0;
+
+ if ( !LDAP_LIST_EMPTY( &si->si_nonpresentlist ) ) {
+
+ if ( cookiecsn && !BER_BVISNULL( cookiecsn ))
+ csn = *cookiecsn;
+ else
+ csn = si->si_syncCookie.ctxcsn;
+
+ slap_queue_csn( op, &csn );
+
+ np_list = LDAP_LIST_FIRST( &si->si_nonpresentlist );
+ while ( np_list != NULL ) {
+ LDAP_LIST_REMOVE( np_list, npe_link );
+ np_prev = np_list;
+ np_list = LDAP_LIST_NEXT( np_list, npe_link );
+ op->o_tag = LDAP_REQ_DELETE;
+ op->o_callback = &cb;
+ cb.sc_response = null_callback;
+ cb.sc_private = si;
+ op->o_req_dn = *np_prev->npe_name;
+ op->o_req_ndn = *np_prev->npe_nname;
+ rc = op->o_bd->be_delete( op, &rs_delete );
+ Debug( LDAP_DEBUG_SYNC,
+ "syncrepl_del_nonpresent: rid %03d be_delete %s (%d)\n",
+ si->si_rid, op->o_req_dn.bv_val, rc );
+
+ if ( rs_delete.sr_err == LDAP_NOT_ALLOWED_ON_NONLEAF ) {
+ Modifications mod1, mod2;
+ mod1.sml_op = LDAP_MOD_REPLACE;
+ mod1.sml_flags = 0;
+ mod1.sml_desc = slap_schema.si_ad_objectClass;
+ mod1.sml_type = mod1.sml_desc->ad_cname;
+ mod1.sml_values = &gcbva[0];
+ mod1.sml_nvalues = NULL;
+ mod1.sml_next = &mod2;
+
+ mod2.sml_op = LDAP_MOD_REPLACE;
+ mod2.sml_flags = 0;
+ mod2.sml_desc = slap_schema.si_ad_structuralObjectClass;
+ mod2.sml_type = mod2.sml_desc->ad_cname;
+ mod2.sml_values = &gcbva[1];
+ mod2.sml_nvalues = NULL;
+ mod2.sml_next = NULL;
+
+ op->o_tag = LDAP_REQ_MODIFY;
+ op->orm_modlist = &mod1;
+
+ rc = be->be_modify( op, &rs_modify );
+ if ( mod2.sml_next ) slap_mods_free( mod2.sml_next, 1 );
+ }
+
+ while ( rs_delete.sr_err == LDAP_SUCCESS &&
+ op->o_delete_glue_parent ) {
+ op->o_delete_glue_parent = 0;
+ if ( !be_issuffix( op->o_bd, &op->o_req_ndn )) {
+ slap_callback cb = { NULL };
+ cb.sc_response = slap_null_cb;
+ dnParent( &op->o_req_ndn, &pdn );
+ op->o_req_dn = pdn;
+ op->o_req_ndn = pdn;
+ op->o_callback = &cb;
+ /* give it a root privil ? */
+ op->o_bd->be_delete( op, &rs_delete );
+ } else {
+ break;
+ }
+ }
+
+ op->o_delete_glue_parent = 0;
+
+ ber_bvfree( np_prev->npe_name );
+ ber_bvfree( np_prev->npe_nname );
+ ch_free( np_prev );
+ }
+
+ slap_graduate_commit_csn( op );
+ op->o_tmpfree( op->o_csn.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &op->o_csn );
+ }
+
+ return;
+}
+
+void
+syncrepl_add_glue(
+ Operation* op,
+ Entry *e )
+{
+ Backend *be = op->o_bd;
+ slap_callback cb = { NULL };
+ Attribute *a;
+ int rc;
+ int suffrdns;
+ int i;
+ struct berval dn = BER_BVNULL;
+ struct berval ndn = BER_BVNULL;
+ Entry *glue;
+ SlapReply rs_add = {REP_RESULT};
+ struct berval ptr, nptr;
+ char *comma;
+
+ op->o_tag = LDAP_REQ_ADD;
+ op->o_callback = &cb;
+ cb.sc_response = null_callback;
+ cb.sc_private = NULL;
+
+ dn = e->e_name;
+ ndn = e->e_nname;
+
+ /* count RDNs in suffix */
+ if ( !BER_BVISEMPTY( &be->be_nsuffix[0] ) ) {
+ for ( i = 0, ptr = be->be_nsuffix[0], comma = ptr.bv_val; comma != NULL; comma = ber_bvchr( &ptr, ',' ) ) {
+ comma++;
+ ptr.bv_len -= comma - ptr.bv_val;
+ ptr.bv_val = comma;
+ i++;
+ }
+ suffrdns = i;
+ } else {
+ /* suffix is "" */
+ suffrdns = 0;
+ }
+
+ /* Start with BE suffix */
+ ptr = dn;
+ for ( i = 0; i < suffrdns; i++ ) {
+ comma = ber_bvrchr( &ptr, ',' );
+ if ( comma != NULL ) {
+ ptr.bv_len = comma - ptr.bv_val;
+ } else {
+ ptr.bv_len = 0;
+ break;
+ }
+ }
+
+ if ( !BER_BVISEMPTY( &ptr ) ) {
+ dn.bv_len -= ptr.bv_len + 1;
+ dn.bv_val += ptr.bv_len + 1;
+ }
+
+ /* the normalizedDNs are always the same length, no counting
+ * required.
+ */
+ nptr = ndn;
+ if ( ndn.bv_len > be->be_nsuffix[0].bv_len ) {
+ ndn.bv_val += ndn.bv_len - be->be_nsuffix[0].bv_len;
+ ndn.bv_len = be->be_nsuffix[0].bv_len;
+
+ nptr.bv_len = ndn.bv_val - nptr.bv_val - 1;
+
+ } else {
+ nptr.bv_len = 0;
+ }
+
+ while ( ndn.bv_val > e->e_nname.bv_val ) {
+ glue = (Entry *) ch_calloc( 1, sizeof(Entry) );
+ ber_dupbv( &glue->e_name, &dn );
+ ber_dupbv( &glue->e_nname, &ndn );
+
+ a = ch_calloc( 1, sizeof( Attribute ));
+ a->a_desc = slap_schema.si_ad_objectClass;
+
+ a->a_vals = ch_calloc( 3, sizeof( struct berval ));
+ ber_dupbv( &a->a_vals[0], &gcbva[0] );
+ ber_dupbv( &a->a_vals[1], &gcbva[1] );
+ ber_dupbv( &a->a_vals[2], &gcbva[2] );
+
+ a->a_nvals = a->a_vals;
+
+ a->a_next = glue->e_attrs;
+ glue->e_attrs = a;
+
+ a = ch_calloc( 1, sizeof( Attribute ));
+ a->a_desc = slap_schema.si_ad_structuralObjectClass;
+
+ a->a_vals = ch_calloc( 2, sizeof( struct berval ));
+ ber_dupbv( &a->a_vals[0], &gcbva[1] );
+ ber_dupbv( &a->a_vals[1], &gcbva[2] );
+
+ a->a_nvals = a->a_vals;
+
+ a->a_next = glue->e_attrs;
+ glue->e_attrs = a;
+
+ op->o_req_dn = glue->e_name;
+ op->o_req_ndn = glue->e_nname;
+ op->ora_e = glue;
+ rc = be->be_add ( op, &rs_add );
+ if ( rs_add.sr_err == LDAP_SUCCESS ) {
+ be_entry_release_w( op, glue );
+ } else {
+ /* incl. ALREADY EXIST */
+ entry_free( glue );
+ }
+
+ /* Move to next child */
+ comma = ber_bvrchr( &ptr, ',' );
+ if ( comma == NULL ) {
+ break;
+ }
+ ptr.bv_len = comma - ptr.bv_val;
+
+ dn.bv_val = ++comma;
+ dn.bv_len = e->e_name.bv_len - (dn.bv_val - e->e_name.bv_val);
+
+ comma = ber_bvrchr( &nptr, ',' );
+ assert( comma != NULL );
+ nptr.bv_len = comma - nptr.bv_val;
+
+ ndn.bv_val = ++comma;
+ ndn.bv_len = e->e_nname.bv_len - (ndn.bv_val - e->e_nname.bv_val);
+ }
+
+ op->o_req_dn = e->e_name;
+ op->o_req_ndn = e->e_nname;
+ op->ora_e = e;
+ rc = be->be_add ( op, &rs_add );
+ if ( rs_add.sr_err == LDAP_SUCCESS ) {
+ be_entry_release_w( op, e );
+ } else {
+ entry_free( e );
+ }
+
+ return;
+}
+
+static void
+syncrepl_updateCookie(
+ syncinfo_t *si,
+ Operation *op,
+ struct berval *pdn,
+ struct sync_cookie *syncCookie )
+{
+ Backend *be = op->o_bd;
+ Modifications mod = { { 0 } };
+ struct berval vals[ 2 ];
+
+ int rc;
+
+ slap_callback cb = { NULL };
+ SlapReply rs_modify = {REP_RESULT};
+
+ slap_sync_cookie_free( &si->si_syncCookie, 0 );
+ slap_dup_sync_cookie( &si->si_syncCookie, syncCookie );
+
+ mod.sml_op = LDAP_MOD_REPLACE;
+ mod.sml_desc = slap_schema.si_ad_contextCSN;
+ mod.sml_type = mod.sml_desc->ad_cname;
+ mod.sml_values = vals;
+ vals[0] = si->si_syncCookie.ctxcsn;
+ vals[1].bv_val = NULL;
+ vals[1].bv_len = 0;
+
+ slap_queue_csn( op, &si->si_syncCookie.ctxcsn );
+
+ op->o_tag = LDAP_REQ_MODIFY;
+
+ assert( si->si_rid < 1000 );
+
+ cb.sc_response = null_callback;
+ cb.sc_private = si;
+
+ op->o_callback = &cb;
+ op->o_req_dn = op->o_bd->be_suffix[0];
+ op->o_req_ndn = op->o_bd->be_nsuffix[0];
+
+ /* update contextCSN */
+ op->o_msgid = SLAP_SYNC_UPDATE_MSGID;
+ op->orm_modlist = &mod;
+ rc = be->be_modify( op, &rs_modify );
+ op->o_msgid = 0;
+
+ if ( rs_modify.sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "syncrepl_updateCookie: rid %03d be_modify failed (%d)\n",
+ si->si_rid, rs_modify.sr_err, 0 );
+ }
+
+ slap_graduate_commit_csn( op );
+ op->o_tmpfree( op->o_csn.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &op->o_csn );
+ if ( mod.sml_next ) slap_mods_free( mod.sml_next, 1 );
+
+ return;
+}
+
+static int
+dn_callback(
+ Operation* op,
+ SlapReply* rs )
+{
+ dninfo *dni = op->o_callback->sc_private;
+
+ if ( rs->sr_type == REP_SEARCH ) {
+ if ( !BER_BVISNULL( &dni->dn ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "dn_callback: consistency error - "
+ "entryUUID is not unique\n", 0, 0, 0 );
+ } else {
+ ber_dupbv_x( &dni->dn, &rs->sr_entry->e_name, op->o_tmpmemctx );
+ ber_dupbv_x( &dni->ndn, &rs->sr_entry->e_nname, op->o_tmpmemctx );
+ /* If there is a new entry, see if it differs from the old.
+ * We compare the non-normalized values so that cosmetic changes
+ * in the provider are always propagated.
+ */
+ if ( dni->new_entry ) {
+ Attribute *old, *new;
+ int i;
+
+ /* Did the DN change? Note that we don't explicitly try to
+ * discover if the deleteOldRdn argument applies here. It
+ * would save an unnecessary Modify if we detected it, but
+ * that's a fair amount of trouble to compare the two attr
+ * lists in detail. (Just test normalized DN; we ignore
+ * insignificant changes here.)
+ */
+ if ( !dn_match( &rs->sr_entry->e_nname,
+ &dni->new_entry->e_nname ) )
+ {
+ dni->renamed = 1;
+ }
+
+ for ( i = 0, old = rs->sr_entry->e_attrs;
+ old;
+ i++, old = old->a_next )
+ ;
+
+ dni->attrs = i;
+
+ /* We assume that attributes are saved in the same order
+ * in the remote and local databases. So if we walk through
+ * the attributeDescriptions one by one they should match in
+ * lock step. If not, we signal a change. Otherwise we test
+ * all the values...
+ */
+ for ( old = rs->sr_entry->e_attrs, new = dni->new_entry->e_attrs;
+ old && new;
+ old = old->a_next, new = new->a_next )
+ {
+ if ( old->a_desc != new->a_desc ) {
+ dni->wasChanged = 1;
+ break;
+ }
+ for ( i = 0; ; i++ ) {
+ int nold, nnew;
+ nold = BER_BVISNULL( &old->a_vals[i] );
+ nnew = BER_BVISNULL( &new->a_vals[i] );
+ /* If both are empty, stop looking */
+ if ( nold && nnew ) {
+ break;
+ }
+ /* If they are different, stop looking */
+ if ( nold != nnew ) {
+ dni->wasChanged = 1;
+ break;
+ }
+ if ( ber_bvcmp( &old->a_vals[i], &new->a_vals[i] )) {
+ dni->wasChanged = 1;
+ break;
+ }
+ }
+ if ( dni->wasChanged ) break;
+ }
+ if ( dni->wasChanged ) {
+ dni->ads = op->o_tmpalloc( dni->attrs *
+ sizeof(AttributeDescription *), op->o_tmpmemctx );
+ i = 0;
+ for ( old = rs->sr_entry->e_attrs; old; old = old->a_next ) {
+ dni->ads[i] = old->a_desc;
+ i++;
+ }
+ }
+ }
+ }
+ } else if ( rs->sr_type == REP_RESULT ) {
+ if ( rs->sr_err == LDAP_SIZELIMIT_EXCEEDED ) {
+ Debug( LDAP_DEBUG_ANY,
+ "dn_callback: consistency error - "
+ "entryUUID is not unique\n", 0, 0, 0 );
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+nonpresent_callback(
+ Operation* op,
+ SlapReply* rs )
+{
+ syncinfo_t *si = op->o_callback->sc_private;
+ Attribute *a;
+ int count = 0;
+ struct berval* present_uuid = NULL;
+ struct nonpresent_entry *np_entry;
+
+ if ( rs->sr_type == REP_RESULT ) {
+ count = avl_free( si->si_presentlist, avl_ber_bvfree );
+ si->si_presentlist = NULL;
+
+ } else if ( rs->sr_type == REP_SEARCH ) {
+ if ( !(si->si_refreshDelete & NP_DELETE_ONE )) {
+ a = attr_find( rs->sr_entry->e_attrs, slap_schema.si_ad_entryUUID );
+
+ if ( a == NULL ) return 0;
+
+ present_uuid = avl_find( si->si_presentlist, &a->a_nvals[0],
+ syncuuid_cmp );
+ }
+
+ if ( present_uuid == NULL ) {
+ np_entry = (struct nonpresent_entry *)
+ ch_calloc( 1, sizeof( struct nonpresent_entry ));
+ np_entry->npe_name = ber_dupbv( NULL, &rs->sr_entry->e_name );
+ np_entry->npe_nname = ber_dupbv( NULL, &rs->sr_entry->e_nname );
+ LDAP_LIST_INSERT_HEAD( &si->si_nonpresentlist, np_entry, npe_link );
+
+ } else {
+ avl_delete( &si->si_presentlist,
+ &a->a_nvals[0], syncuuid_cmp );
+ ch_free( present_uuid->bv_val );
+ ch_free( present_uuid );
+ }
+ }
+ return LDAP_SUCCESS;
+}
+
+static int
+null_callback(
+ Operation* op,
+ SlapReply* rs )
+{
+ if ( rs->sr_err != LDAP_SUCCESS &&
+ rs->sr_err != LDAP_REFERRAL &&
+ rs->sr_err != LDAP_ALREADY_EXISTS &&
+ rs->sr_err != LDAP_NO_SUCH_OBJECT &&
+ rs->sr_err != LDAP_NOT_ALLOWED_ON_NONLEAF )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "null_callback: error code 0x%x\n",
+ rs->sr_err, 0, 0 );
+ }
+ return LDAP_SUCCESS;
+}
+
+static struct berval *
+slap_uuidstr_from_normalized(
+ struct berval* uuidstr,
+ struct berval* normalized,
+ void *ctx )
+{
+ struct berval *new;
+ unsigned char nibble;
+ int i, d = 0;
+
+ if ( normalized == NULL ) return NULL;
+ if ( normalized->bv_len != 16 ) return NULL;
+
+ if ( uuidstr ) {
+ new = uuidstr;
+ } else {
+ new = (struct berval *)slap_sl_malloc( sizeof(struct berval), ctx );
+ if ( new == NULL ) {
+ return NULL;
+ }
+ }
+
+ new->bv_len = 36;
+
+ if ( ( new->bv_val = slap_sl_malloc( new->bv_len + 1, ctx ) ) == NULL ) {
+ if ( new != uuidstr ) {
+ slap_sl_free( new, ctx );
+ }
+ return NULL;
+ }
+
+ for ( i = 0; i < 16; i++ ) {
+ if ( i == 4 || i == 6 || i == 8 || i == 10 ) {
+ new->bv_val[(i<<1)+d] = '-';
+ d += 1;
+ }
+
+ nibble = (normalized->bv_val[i] >> 4) & 0xF;
+ if ( nibble < 10 ) {
+ new->bv_val[(i<<1)+d] = nibble + '0';
+ } else {
+ new->bv_val[(i<<1)+d] = nibble - 10 + 'a';
+ }
+
+ nibble = (normalized->bv_val[i]) & 0xF;
+ if ( nibble < 10 ) {
+ new->bv_val[(i<<1)+d+1] = nibble + '0';
+ } else {
+ new->bv_val[(i<<1)+d+1] = nibble - 10 + 'a';
+ }
+ }
+
+ new->bv_val[new->bv_len] = '\0';
+ return new;
+}
+
+static int
+syncuuid_cmp( const void* v_uuid1, const void* v_uuid2 )
+{
+ const struct berval *uuid1 = v_uuid1;
+ const struct berval *uuid2 = v_uuid2;
+ int rc = uuid1->bv_len - uuid2->bv_len;
+ if ( rc ) return rc;
+ return ( memcmp( uuid1->bv_val, uuid2->bv_val, uuid1->bv_len ) );
+}
+
+static void
+avl_ber_bvfree( void *v_bv )
+{
+ struct berval *bv = (struct berval *)v_bv;
+
+ if( v_bv == NULL ) return;
+ if ( !BER_BVISNULL( bv ) ) {
+ ch_free( bv->bv_val );
+ }
+ ch_free( (char *) bv );
+}
+
+void
+syncinfo_free( syncinfo_t *sie )
+{
+ if ( sie->si_ld ) {
+ if ( sie->si_conn_setup ) {
+ ber_socket_t s;
+ ldap_get_option( sie->si_ld, LDAP_OPT_DESC, &s );
+ connection_client_stop( s );
+ sie->si_conn_setup = 0;
+ }
+ ldap_unbind_ext( sie->si_ld, NULL, NULL );
+ }
+
+ ldap_pvt_thread_mutex_destroy( &sie->si_mutex );
+
+ bindconf_free( &sie->si_bindconf );
+
+ if ( sie->si_filterstr.bv_val ) {
+ ch_free( sie->si_filterstr.bv_val );
+ }
+ if ( sie->si_base.bv_val ) {
+ ch_free( sie->si_base.bv_val );
+ }
+ if ( sie->si_attrs ) {
+ int i = 0;
+ while ( sie->si_attrs[i] != NULL ) {
+ ch_free( sie->si_attrs[i] );
+ i++;
+ }
+ ch_free( sie->si_attrs );
+ }
+ if ( sie->si_exattrs ) {
+ int i = 0;
+ while ( sie->si_exattrs[i] != NULL ) {
+ ch_free( sie->si_exattrs[i] );
+ i++;
+ }
+ ch_free( sie->si_exattrs );
+ }
+ if ( sie->si_anlist ) {
+ int i = 0;
+ while ( sie->si_anlist[i].an_name.bv_val != NULL ) {
+ ch_free( sie->si_anlist[i].an_name.bv_val );
+ i++;
+ }
+ ch_free( sie->si_anlist );
+ }
+ if ( sie->si_exanlist ) {
+ int i = 0;
+ while ( sie->si_exanlist[i].an_name.bv_val != NULL ) {
+ ch_free( sie->si_exanlist[i].an_name.bv_val );
+ i++;
+ }
+ ch_free( sie->si_exanlist );
+ }
+ if ( sie->si_retryinterval ) {
+ ch_free( sie->si_retryinterval );
+ }
+ if ( sie->si_retrynum ) {
+ ch_free( sie->si_retrynum );
+ }
+ if ( sie->si_retrynum_init ) {
+ ch_free( sie->si_retrynum_init );
+ }
+ slap_sync_cookie_free( &sie->si_syncCookie, 0 );
+ if ( sie->si_presentlist ) {
+ avl_free( sie->si_presentlist, avl_ber_bvfree );
+ }
+ while ( !LDAP_LIST_EMPTY( &sie->si_nonpresentlist )) {
+ struct nonpresent_entry* npe;
+ npe = LDAP_LIST_FIRST( &sie->si_nonpresentlist );
+ LDAP_LIST_REMOVE( npe, npe_link );
+ if ( npe->npe_name ) {
+ if ( npe->npe_name->bv_val ) {
+ ch_free( npe->npe_name->bv_val );
+ }
+ ch_free( npe->npe_name );
+ }
+ if ( npe->npe_nname ) {
+ if ( npe->npe_nname->bv_val ) {
+ ch_free( npe->npe_nname->bv_val );
+ }
+ ch_free( npe->npe_nname );
+ }
+ ch_free( npe );
+ }
+ ch_free( sie );
+}
+
+
+
+/* NOTE: used & documented in slapd.conf(5) */
+#define IDSTR "rid"
+#define PROVIDERSTR "provider"
+#define SCHEMASTR "schemachecking"
+#define FILTERSTR "filter"
+#define SEARCHBASESTR "searchbase"
+#define SCOPESTR "scope"
+#define ATTRSONLYSTR "attrsonly"
+#define ATTRSSTR "attrs"
+#define TYPESTR "type"
+#define INTERVALSTR "interval"
+#define RETRYSTR "retry"
+#define SLIMITSTR "sizelimit"
+#define TLIMITSTR "timelimit"
+#define SYNCDATASTR "syncdata"
+
+/* FIXME: undocumented */
+#define LOGBASESTR "logbase"
+#define LOGFILTERSTR "logfilter"
+#define OLDAUTHCSTR "bindprincipal"
+#define EXATTRSSTR "exattrs"
+#define MANAGEDSAITSTR "manageDSAit"
+
+/* FIXME: unused */
+#define LASTMODSTR "lastmod"
+#define LMGENSTR "gen"
+#define LMNOSTR "no"
+#define LMREQSTR "req"
+#define SRVTABSTR "srvtab"
+#define SUFFIXSTR "suffix"
+
+/* mandatory */
+#define GOT_ID 0x0001
+#define GOT_PROVIDER 0x0002
+#define GOT_BASE 0x0004
+
+/* check */
+#define GOT_ALL (GOT_ID|GOT_PROVIDER|GOT_BASE)
+
+static struct {
+ struct berval key;
+ int val;
+} scopes[] = {
+ { BER_BVC("base"), LDAP_SCOPE_BASE },
+ { BER_BVC("one"), LDAP_SCOPE_ONELEVEL },
+ { BER_BVC("onelevel"), LDAP_SCOPE_ONELEVEL }, /* OpenLDAP extension */
+ { BER_BVC("children"), LDAP_SCOPE_SUBORDINATE },
+ { BER_BVC("subordinate"), LDAP_SCOPE_SUBORDINATE },
+ { BER_BVC("sub"), LDAP_SCOPE_SUBTREE },
+ { BER_BVC("subtree"), LDAP_SCOPE_SUBTREE }, /* OpenLDAP extension */
+ { BER_BVNULL, 0 }
+};
+
+static slap_verbmasks datamodes[] = {
+ { BER_BVC("default"), SYNCDATA_DEFAULT },
+ { BER_BVC("accesslog"), SYNCDATA_ACCESSLOG },
+ { BER_BVC("changelog"), SYNCDATA_CHANGELOG },
+ { BER_BVNULL, 0 }
+};
+
+static int
+parse_syncrepl_line(
+ ConfigArgs *c,
+ syncinfo_t *si )
+{
+ int gots = 0;
+ int i;
+ char *val;
+
+ for ( i = 1; i < c->argc; i++ ) {
+ if ( !strncasecmp( c->argv[ i ], IDSTR "=",
+ STRLENOF( IDSTR "=" ) ) )
+ {
+ int tmp;
+ /* '\0' string terminator accounts for '=' */
+ val = c->argv[ i ] + STRLENOF( IDSTR "=" );
+ if ( lutil_atoi( &tmp, val ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: parse_syncrepl_line: "
+ "unable to parse syncrepl id \"%s\"", val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return -1;
+ }
+ if ( tmp >= 1000 || tmp < 0 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: parse_syncrepl_line: "
+ "syncrepl id %d is out of range [0..999]", tmp );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return -1;
+ }
+ si->si_rid = tmp;
+ gots |= GOT_ID;
+ } else if ( !strncasecmp( c->argv[ i ], PROVIDERSTR "=",
+ STRLENOF( PROVIDERSTR "=" ) ) )
+ {
+ val = c->argv[ i ] + STRLENOF( PROVIDERSTR "=" );
+ ber_str2bv( val, 0, 1, &si->si_bindconf.sb_uri );
+ gots |= GOT_PROVIDER;
+ } else if ( !strncasecmp( c->argv[ i ], SCHEMASTR "=",
+ STRLENOF( SCHEMASTR "=" ) ) )
+ {
+ val = c->argv[ i ] + STRLENOF( SCHEMASTR "=" );
+ if ( !strncasecmp( val, "on", STRLENOF( "on" ) )) {
+ si->si_schemachecking = 1;
+ } else if ( !strncasecmp( val, "off", STRLENOF( "off" ) ) ) {
+ si->si_schemachecking = 0;
+ } else {
+ si->si_schemachecking = 1;
+ }
+ } else if ( !strncasecmp( c->argv[ i ], FILTERSTR "=",
+ STRLENOF( FILTERSTR "=" ) ) )
+ {
+ val = c->argv[ i ] + STRLENOF( FILTERSTR "=" );
+ if ( si->si_filterstr.bv_val )
+ ch_free( si->si_filterstr.bv_val );
+ ber_str2bv( val, 0, 1, &si->si_filterstr );
+ } else if ( !strncasecmp( c->argv[ i ], LOGFILTERSTR "=",
+ STRLENOF( LOGFILTERSTR "=" ) ) )
+ {
+ val = c->argv[ i ] + STRLENOF( LOGFILTERSTR "=" );
+ if ( si->si_logfilterstr.bv_val )
+ ch_free( si->si_logfilterstr.bv_val );
+ ber_str2bv( val, 0, 1, &si->si_logfilterstr );
+ } else if ( !strncasecmp( c->argv[ i ], SEARCHBASESTR "=",
+ STRLENOF( SEARCHBASESTR "=" ) ) )
+ {
+ struct berval bv;
+ int rc;
+
+ val = c->argv[ i ] + STRLENOF( SEARCHBASESTR "=" );
+ if ( si->si_base.bv_val ) {
+ ch_free( si->si_base.bv_val );
+ }
+ ber_str2bv( val, 0, 0, &bv );
+ rc = dnNormalize( 0, NULL, NULL, &bv, &si->si_base, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Invalid base DN \"%s\": %d (%s)",
+ val, rc, ldap_err2string( rc ) );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return -1;
+ }
+ gots |= GOT_BASE;
+ } else if ( !strncasecmp( c->argv[ i ], LOGBASESTR "=",
+ STRLENOF( LOGBASESTR "=" ) ) )
+ {
+ struct berval bv;
+ int rc;
+
+ val = c->argv[ i ] + STRLENOF( LOGBASESTR "=" );
+ if ( si->si_logbase.bv_val ) {
+ ch_free( si->si_logbase.bv_val );
+ }
+ ber_str2bv( val, 0, 0, &bv );
+ rc = dnNormalize( 0, NULL, NULL, &bv, &si->si_logbase, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Invalid logbase DN \"%s\": %d (%s)",
+ val, rc, ldap_err2string( rc ) );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return -1;
+ }
+ } else if ( !strncasecmp( c->argv[ i ], SCOPESTR "=",
+ STRLENOF( SCOPESTR "=" ) ) )
+ {
+ int j;
+ val = c->argv[ i ] + STRLENOF( SCOPESTR "=" );
+ for ( j=0; !BER_BVISNULL(&scopes[j].key); j++ ) {
+ if (!strcasecmp( val, scopes[j].key.bv_val )) {
+ si->si_scope = scopes[j].val;
+ break;
+ }
+ }
+ if ( BER_BVISNULL(&scopes[j].key) ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: parse_syncrepl_line: "
+ "unknown scope \"%s\"", val);
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return -1;
+ }
+ } else if ( !strncasecmp( c->argv[ i ], ATTRSONLYSTR,
+ STRLENOF( ATTRSONLYSTR ) ) )
+ {
+ si->si_attrsonly = 1;
+ } else if ( !strncasecmp( c->argv[ i ], ATTRSSTR "=",
+ STRLENOF( ATTRSSTR "=" ) ) )
+ {
+ val = c->argv[ i ] + STRLENOF( ATTRSSTR "=" );
+ if ( !strncasecmp( val, ":include:", STRLENOF(":include:") ) ) {
+ char *attr_fname;
+ attr_fname = ch_strdup( val + STRLENOF(":include:") );
+ si->si_anlist = file2anlist( si->si_anlist, attr_fname, " ,\t" );
+ if ( si->si_anlist == NULL ) {
+ ch_free( attr_fname );
+ return -1;
+ }
+ si->si_anfile = attr_fname;
+ } else {
+ char *str, *s, *next;
+ char delimstr[] = " ,\t";
+ str = ch_strdup( val );
+ for ( s = ldap_pvt_strtok( str, delimstr, &next );
+ s != NULL;
+ s = ldap_pvt_strtok( NULL, delimstr, &next ) )
+ {
+ if ( strlen(s) == 1 && *s == '*' ) {
+ si->si_allattrs = 1;
+ *(val + ( s - str )) = delimstr[0];
+ }
+ if ( strlen(s) == 1 && *s == '+' ) {
+ si->si_allopattrs = 1;
+ *(val + ( s - str )) = delimstr[0];
+ }
+ }
+ ch_free( str );
+ si->si_anlist = str2anlist( si->si_anlist, val, " ,\t" );
+ if ( si->si_anlist == NULL ) {
+ return -1;
+ }
+ }
+ } else if ( !strncasecmp( c->argv[ i ], EXATTRSSTR "=",
+ STRLENOF( EXATTRSSTR "=" ) ) )
+ {
+ val = c->argv[ i ] + STRLENOF( EXATTRSSTR "=" );
+ if ( !strncasecmp( val, ":include:", STRLENOF(":include:") )) {
+ char *attr_fname;
+ attr_fname = ch_strdup( val + STRLENOF(":include:") );
+ si->si_exanlist = file2anlist(
+ si->si_exanlist, attr_fname, " ,\t" );
+ if ( si->si_exanlist == NULL ) {
+ ch_free( attr_fname );
+ return -1;
+ }
+ ch_free( attr_fname );
+ } else {
+ si->si_exanlist = str2anlist( si->si_exanlist, val, " ,\t" );
+ if ( si->si_exanlist == NULL ) {
+ return -1;
+ }
+ }
+ } else if ( !strncasecmp( c->argv[ i ], TYPESTR "=",
+ STRLENOF( TYPESTR "=" ) ) )
+ {
+ val = c->argv[ i ] + STRLENOF( TYPESTR "=" );
+ if ( !strncasecmp( val, "refreshOnly",
+ STRLENOF("refreshOnly") ) )
+ {
+ si->si_type = si->si_ctype = LDAP_SYNC_REFRESH_ONLY;
+ } else if ( !strncasecmp( val, "refreshAndPersist",
+ STRLENOF("refreshAndPersist") ) )
+ {
+ si->si_type = si->si_ctype = LDAP_SYNC_REFRESH_AND_PERSIST;
+ si->si_interval = 60;
+ } else {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: parse_syncrepl_line: "
+ "unknown sync type \"%s\"", val);
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return -1;
+ }
+ } else if ( !strncasecmp( c->argv[ i ], INTERVALSTR "=",
+ STRLENOF( INTERVALSTR "=" ) ) )
+ {
+ val = c->argv[ i ] + STRLENOF( INTERVALSTR "=" );
+ if ( si->si_type == LDAP_SYNC_REFRESH_AND_PERSIST ) {
+ si->si_interval = 0;
+ } else if ( strchr( val, ':' ) != NULL ) {
+ char *next, *ptr = val;
+ unsigned dd, hh, mm, ss;
+
+ /* NOTE: the test for ptr[ 0 ] == '-'
+ * should go before the call to strtoul() */
+ dd = strtoul( ptr, &next, 10 );
+ if ( ptr[ 0 ] == '-' || next == ptr || next[0] != ':' ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: parse_syncrepl_line: "
+ "invalid interval \"%s\", unable to parse days", val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return -1;
+ }
+ ptr = next + 1;
+ hh = strtoul( ptr, &next, 10 );
+ if ( ptr[ 0 ] == '-' || next == ptr || next[0] != ':' || hh > 24 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: parse_syncrepl_line: "
+ "invalid interval \"%s\", unable to parse hours", val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return -1;
+ }
+ ptr = next + 1;
+ mm = strtoul( ptr, &next, 10 );
+ if ( ptr[ 0 ] == '-' || next == ptr || next[0] != ':' || mm > 60 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: parse_syncrepl_line: "
+ "invalid interval \"%s\", unable to parse minutes", val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return -1;
+ }
+ ptr = next + 1;
+ ss = strtoul( ptr, &next, 10 );
+ if ( ptr[ 0 ] == '-' || next == ptr || next[0] != '\0' || ss > 60 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: parse_syncrepl_line: "
+ "invalid interval \"%s\", unable to parse seconds", val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return -1;
+ }
+ si->si_interval = (( dd * 24 + hh ) * 60 + mm ) * 60 + ss;
+ } else {
+ unsigned long t;
+
+ if ( lutil_parse_time( val, &t ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: parse_syncrepl_line: "
+ "invalid interval \"%s\"", val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return -1;
+ }
+ si->si_interval = (time_t)t;
+ }
+ if ( si->si_interval < 0 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: parse_syncrepl_line: "
+ "invalid interval \"%ld\"",
+ (long) si->si_interval);
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return -1;
+ }
+ } else if ( !strncasecmp( c->argv[ i ], RETRYSTR "=",
+ STRLENOF( RETRYSTR "=" ) ) )
+ {
+ char **retry_list;
+ int j, k, n;
+
+ val = c->argv[ i ] + STRLENOF( RETRYSTR "=" );
+ retry_list = (char **) ch_calloc( 1, sizeof( char * ));
+ retry_list[0] = NULL;
+
+ slap_str2clist( &retry_list, val, " ,\t" );
+
+ for ( k = 0; retry_list && retry_list[k]; k++ ) ;
+ n = k / 2;
+ if ( k % 2 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: incomplete syncrepl retry list" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ for ( k = 0; retry_list && retry_list[k]; k++ ) {
+ ch_free( retry_list[k] );
+ }
+ ch_free( retry_list );
+ return 1;
+ }
+ si->si_retryinterval = (time_t *) ch_calloc( n + 1, sizeof( time_t ));
+ si->si_retrynum = (int *) ch_calloc( n + 1, sizeof( int ));
+ si->si_retrynum_init = (int *) ch_calloc( n + 1, sizeof( int ));
+ for ( j = 0; j < n; j++ ) {
+ unsigned long t;
+ if ( lutil_atoul( &t, retry_list[j*2] ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: invalid retry interval \"%s\" (#%d)",
+ retry_list[j*2], j );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ /* do some cleanup */
+ return 1;
+ }
+ si->si_retryinterval[j] = (time_t)t;
+ if ( *retry_list[j*2+1] == '+' ) {
+ si->si_retrynum_init[j] = RETRYNUM_FOREVER;
+ si->si_retrynum[j] = RETRYNUM_FOREVER;
+ j++;
+ break;
+ } else {
+ if ( lutil_atoi( &si->si_retrynum_init[j], retry_list[j*2+1] ) != 0
+ || si->si_retrynum_init[j] <= 0 )
+ {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: invalid initial retry number \"%s\" (#%d)",
+ retry_list[j*2+1], j );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ /* do some cleanup */
+ return 1;
+ }
+ if ( lutil_atoi( &si->si_retrynum[j], retry_list[j*2+1] ) != 0
+ || si->si_retrynum[j] <= 0 )
+ {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: invalid retry number \"%s\" (#%d)",
+ retry_list[j*2+1], j );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ /* do some cleanup */
+ return 1;
+ }
+ }
+ }
+ si->si_retrynum_init[j] = RETRYNUM_TAIL;
+ si->si_retrynum[j] = RETRYNUM_TAIL;
+ si->si_retryinterval[j] = 0;
+
+ for ( k = 0; retry_list && retry_list[k]; k++ ) {
+ ch_free( retry_list[k] );
+ }
+ ch_free( retry_list );
+ } else if ( !strncasecmp( c->argv[ i ], MANAGEDSAITSTR "=",
+ STRLENOF( MANAGEDSAITSTR "=" ) ) )
+ {
+ val = c->argv[ i ] + STRLENOF( MANAGEDSAITSTR "=" );
+ if ( lutil_atoi( &si->si_manageDSAit, val ) != 0
+ || si->si_manageDSAit < 0 || si->si_manageDSAit > 1 )
+ {
+ snprintf( c->msg, sizeof( c->msg ),
+ "invalid manageDSAit value \"%s\".\n",
+ val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ } else if ( !strncasecmp( c->argv[ i ], SLIMITSTR "=",
+ STRLENOF( SLIMITSTR "=") ) )
+ {
+ val = c->argv[ i ] + STRLENOF( SLIMITSTR "=" );
+ if ( strcasecmp( val, "unlimited" ) == 0 ) {
+ si->si_slimit = 0;
+
+ } else if ( lutil_atoi( &si->si_slimit, val ) != 0 || si->si_slimit < 0 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "invalid size limit value \"%s\".\n",
+ val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ } else if ( !strncasecmp( c->argv[ i ], TLIMITSTR "=",
+ STRLENOF( TLIMITSTR "=" ) ) )
+ {
+ val = c->argv[ i ] + STRLENOF( TLIMITSTR "=" );
+ if ( strcasecmp( val, "unlimited" ) == 0 ) {
+ si->si_tlimit = 0;
+
+ } else if ( lutil_atoi( &si->si_tlimit, val ) != 0 || si->si_tlimit < 0 ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "invalid time limit value \"%s\".\n",
+ val );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ } else if ( !strncasecmp( c->argv[ i ], SYNCDATASTR "=",
+ STRLENOF( SYNCDATASTR "=" ) ) )
+ {
+ val = c->argv[ i ] + STRLENOF( SYNCDATASTR "=" );
+ si->si_syncdata = verb_to_mask( val, datamodes );
+ } else if ( bindconf_parse( c->argv[i], &si->si_bindconf ) ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: parse_syncrepl_line: "
+ "unable to parse \"%s\"\n", c->argv[ i ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return -1;
+ }
+ }
+
+ if ( gots != GOT_ALL ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "Error: Malformed \"syncrepl\" line in slapd config file, missing%s%s%s",
+ gots & GOT_ID ? "" : " "IDSTR,
+ gots & GOT_PROVIDER ? "" : " "PROVIDERSTR,
+ gots & GOT_BASE ? "" : " "SEARCHBASESTR );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return -1;
+ }
+
+ return 0;
+}
+
+static int
+add_syncrepl(
+ ConfigArgs *c )
+{
+ syncinfo_t *si;
+ int rc = 0;
+
+ if ( !( c->be->be_search && c->be->be_add && c->be->be_modify && c->be->be_delete ) ) {
+ snprintf( c->msg, sizeof(c->msg), "database %s does not support "
+ "operations required for syncrepl", c->be->be_type );
+ Debug( LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ if ( BER_BVISEMPTY( &c->be->be_rootdn )) {
+ strcpy( c->msg, "rootDN must be defined before syncrepl may be used" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ si = (syncinfo_t *) ch_calloc( 1, sizeof( syncinfo_t ) );
+
+ if ( si == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "out of memory in add_syncrepl\n", 0, 0, 0 );
+ return 1;
+ }
+
+ si->si_bindconf.sb_tls = SB_TLS_OFF;
+ si->si_bindconf.sb_method = LDAP_AUTH_SIMPLE;
+ si->si_schemachecking = 0;
+ ber_str2bv( "(objectclass=*)", STRLENOF("(objectclass=*)"), 1,
+ &si->si_filterstr );
+ si->si_base.bv_val = NULL;
+ si->si_scope = LDAP_SCOPE_SUBTREE;
+ si->si_attrsonly = 0;
+ si->si_anlist = (AttributeName *) ch_calloc( 1, sizeof( AttributeName ));
+ si->si_exanlist = (AttributeName *) ch_calloc( 1, sizeof( AttributeName ));
+ si->si_attrs = NULL;
+ si->si_allattrs = 0;
+ si->si_allopattrs = 0;
+ si->si_exattrs = NULL;
+ si->si_type = si->si_ctype = LDAP_SYNC_REFRESH_ONLY;
+ si->si_interval = 86400;
+ si->si_retryinterval = NULL;
+ si->si_retrynum_init = NULL;
+ si->si_retrynum = NULL;
+ si->si_manageDSAit = 0;
+ si->si_tlimit = 0;
+ si->si_slimit = 0;
+ si->si_conn_setup = 0;
+
+ si->si_presentlist = NULL;
+ LDAP_LIST_INIT( &si->si_nonpresentlist );
+ ldap_pvt_thread_mutex_init( &si->si_mutex );
+
+ rc = parse_syncrepl_line( c, si );
+
+ if ( rc == 0 ) {
+ si->si_be = c->be;
+ init_syncrepl( si );
+ si->si_re = ldap_pvt_runqueue_insert( &slapd_rq, si->si_interval,
+ do_syncrepl, si, "do_syncrepl", c->be->be_suffix[0].bv_val );
+ if ( !si->si_re )
+ rc = -1;
+ }
+ if ( rc < 0 ) {
+ Debug( LDAP_DEBUG_ANY, "failed to add syncinfo\n", 0, 0, 0 );
+ syncinfo_free( si );
+ return 1;
+ } else {
+ Debug( LDAP_DEBUG_CONFIG,
+ "Config: ** successfully added syncrepl \"%s\"\n",
+ BER_BVISNULL( &si->si_bindconf.sb_uri ) ?
+ "(null)" : si->si_bindconf.sb_uri.bv_val, 0, 0 );
+ if ( !si->si_schemachecking ) {
+ SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
+ }
+ c->be->be_syncinfo = si;
+ return 0;
+ }
+}
+
+static void
+syncrepl_unparse( syncinfo_t *si, struct berval *bv )
+{
+ struct berval bc, uri;
+ char buf[BUFSIZ*2], *ptr;
+ int i;
+
+ /* FIXME: we're not checking for buf[] overflow! */
+
+ /* temporarily inhibit bindconf from printing URI */
+ uri = si->si_bindconf.sb_uri;
+ BER_BVZERO( &si->si_bindconf.sb_uri );
+ bindconf_unparse( &si->si_bindconf, &bc );
+ si->si_bindconf.sb_uri = uri;
+
+ ptr = buf;
+ ptr += snprintf( ptr, sizeof( buf ), IDSTR "=%03ld " PROVIDERSTR "=%s",
+ si->si_rid, si->si_bindconf.sb_uri.bv_val );
+ if ( !BER_BVISNULL( &bc )) {
+ ptr = lutil_strcopy( ptr, bc.bv_val );
+ free( bc.bv_val );
+ }
+ if ( !BER_BVISEMPTY( &si->si_filterstr )) {
+ ptr = lutil_strcopy( ptr, " " FILTERSTR "=\"" );
+ ptr = lutil_strcopy( ptr, si->si_filterstr.bv_val );
+ *ptr++ = '"';
+ }
+ if ( !BER_BVISNULL( &si->si_base )) {
+ ptr = lutil_strcopy( ptr, " " SEARCHBASESTR "=\"" );
+ ptr = lutil_strcopy( ptr, si->si_base.bv_val );
+ *ptr++ = '"';
+ }
+ if ( !BER_BVISEMPTY( &si->si_logfilterstr )) {
+ ptr = lutil_strcopy( ptr, " " LOGFILTERSTR "=\"" );
+ ptr = lutil_strcopy( ptr, si->si_logfilterstr.bv_val );
+ *ptr++ = '"';
+ }
+ if ( !BER_BVISNULL( &si->si_logbase )) {
+ ptr = lutil_strcopy( ptr, " " LOGBASESTR "=\"" );
+ ptr = lutil_strcopy( ptr, si->si_logbase.bv_val );
+ *ptr++ = '"';
+ }
+ for (i=0; !BER_BVISNULL(&scopes[i].key);i++) {
+ if ( si->si_scope == scopes[i].val ) {
+ ptr = lutil_strcopy( ptr, " " SCOPESTR "=" );
+ ptr = lutil_strcopy( ptr, scopes[i].key.bv_val );
+ break;
+ }
+ }
+ if ( si->si_attrsonly ) {
+ ptr = lutil_strcopy( ptr, " " ATTRSONLYSTR );
+ }
+ if ( si->si_anfile ) {
+ ptr = lutil_strcopy( ptr, " " ATTRSSTR "=:include:" );
+ ptr = lutil_strcopy( ptr, si->si_anfile );
+ } else if ( si->si_allattrs || si->si_allopattrs ||
+ ( si->si_anlist && !BER_BVISNULL(&si->si_anlist[0].an_name) )) {
+ char *old;
+ ptr = lutil_strcopy( ptr, " " ATTRSSTR "=\"" );
+ old = ptr;
+ ptr = anlist_unparse( si->si_anlist, ptr );
+ if ( si->si_allattrs ) {
+ if ( old != ptr ) *ptr++ = ',';
+ *ptr++ = '*';
+ }
+ if ( si->si_allopattrs ) {
+ if ( old != ptr ) *ptr++ = ',';
+ *ptr++ = '+';
+ }
+ *ptr++ = '"';
+ }
+ if ( si->si_exanlist && !BER_BVISNULL(&si->si_exanlist[0].an_name) ) {
+ ptr = lutil_strcopy( ptr, " " EXATTRSSTR "=" );
+ ptr = anlist_unparse( si->si_exanlist, ptr );
+ }
+ ptr = lutil_strcopy( ptr, " " SCHEMASTR "=" );
+ ptr = lutil_strcopy( ptr, si->si_schemachecking ? "on" : "off" );
+
+ ptr = lutil_strcopy( ptr, " " TYPESTR "=" );
+ ptr = lutil_strcopy( ptr, si->si_type == LDAP_SYNC_REFRESH_AND_PERSIST ?
+ "refreshAndPersist" : "refreshOnly" );
+
+ if ( si->si_type == LDAP_SYNC_REFRESH_ONLY ) {
+ int dd, hh, mm, ss;
+
+ dd = si->si_interval;
+ ss = dd % 60;
+ dd /= 60;
+ mm = dd % 60;
+ dd /= 60;
+ hh = dd % 24;
+ dd /= 24;
+ ptr = lutil_strcopy( ptr, " " INTERVALSTR "=" );
+ ptr += sprintf( ptr, "%02d:%02d:%02d:%02d", dd, hh, mm, ss );
+ } else if ( si->si_retryinterval ) {
+ int space=0;
+ ptr = lutil_strcopy( ptr, " " RETRYSTR "=\"" );
+ for (i=0; si->si_retryinterval[i]; i++) {
+ if ( space ) *ptr++ = ' ';
+ space = 1;
+ ptr += sprintf( ptr, "%ld ", (long) si->si_retryinterval[i] );
+ if ( si->si_retrynum_init[i] == RETRYNUM_FOREVER )
+ *ptr++ = '+';
+ else
+ ptr += sprintf( ptr, "%d", si->si_retrynum_init[i] );
+ }
+ *ptr++ = '"';
+ }
+
+ if ( si->si_slimit ) {
+ ptr = lutil_strcopy( ptr, " " SLIMITSTR "=" );
+ ptr += sprintf( ptr, "%d", si->si_slimit );
+ }
+
+ if ( si->si_tlimit ) {
+ ptr = lutil_strcopy( ptr, " " TLIMITSTR "=" );
+ ptr += sprintf( ptr, "%d", si->si_tlimit );
+ }
+
+ if ( si->si_syncdata ) {
+ if ( enum_to_verb( datamodes, si->si_syncdata, &bc ) >= 0 ) {
+ ptr = lutil_strcopy( ptr, " " SYNCDATASTR "=" );
+ ptr = lutil_strcopy( ptr, bc.bv_val );
+ }
+ }
+ bc.bv_len = ptr - buf;
+ bc.bv_val = buf;
+ ber_dupbv( bv, &bc );
+}
+
+int
+syncrepl_config( ConfigArgs *c )
+{
+ if (c->op == SLAP_CONFIG_EMIT) {
+ if ( c->be->be_syncinfo ) {
+ struct berval bv;
+ syncrepl_unparse( c->be->be_syncinfo, &bv );
+ ber_bvarray_add( &c->rvalue_vals, &bv );
+ return 0;
+ }
+ return 1;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ struct re_s *re;
+
+ if ( c->be->be_syncinfo ) {
+ re = c->be->be_syncinfo->si_re;
+ if ( re ) {
+ if ( ldap_pvt_runqueue_isrunning( &slapd_rq, re ) )
+ ldap_pvt_runqueue_stoptask( &slapd_rq, re );
+ ldap_pvt_runqueue_remove( &slapd_rq, re );
+ }
+ syncinfo_free( c->be->be_syncinfo );
+ c->be->be_syncinfo = NULL;
+ }
+ SLAP_DBFLAGS( c->be ) &= ~(SLAP_DBFLAG_SHADOW|SLAP_DBFLAG_SYNC_SHADOW);
+ return 0;
+ }
+ if ( SLAP_SHADOW( c->be ) ) {
+ Debug(LDAP_DEBUG_ANY, "%s: "
+ "syncrepl: database already shadowed.\n",
+ c->log, 0, 0);
+ return(1);
+ } else if ( add_syncrepl( c ) ) {
+ return(1);
+ }
+ return config_sync_shadow( c );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/syntax.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/syntax.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/syntax.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,231 @@
+/* syntax.c - routines to manage syntax definitions */
+/* $OpenLDAP: pkg/ldap/servers/slapd/syntax.c,v 1.40.2.4 2007/01/02 21:43:59 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+struct sindexrec {
+ char *sir_name;
+ Syntax *sir_syn;
+};
+
+static Avlnode *syn_index = NULL;
+static LDAP_SLIST_HEAD(SyntaxList, slap_syntax) syn_list
+ = LDAP_SLIST_HEAD_INITIALIZER(&syn_list);
+
+static int
+syn_index_cmp(
+ const void *v_sir1,
+ const void *v_sir2
+)
+{
+ const struct sindexrec *sir1 = v_sir1, *sir2 = v_sir2;
+ return (strcmp( sir1->sir_name, sir2->sir_name ));
+}
+
+static int
+syn_index_name_cmp(
+ const void *name,
+ const void *sir
+)
+{
+ return (strcmp( name, ((const struct sindexrec *)sir)->sir_name ));
+}
+
+Syntax *
+syn_find( const char *synname )
+{
+ struct sindexrec *sir = NULL;
+
+ if ( (sir = avl_find( syn_index, synname, syn_index_name_cmp )) != NULL ) {
+ return( sir->sir_syn );
+ }
+ return( NULL );
+}
+
+Syntax *
+syn_find_desc( const char *syndesc, int *len )
+{
+ Syntax *synp;
+
+ LDAP_SLIST_FOREACH(synp, &syn_list, ssyn_next) {
+ if ((*len = dscompare( synp->ssyn_syn.syn_desc, syndesc, '{' /*'}'*/ ))) {
+ return synp;
+ }
+ }
+ return( NULL );
+}
+
+void
+syn_destroy( void )
+{
+ Syntax *s;
+
+ avl_free(syn_index, ldap_memfree);
+ while( !LDAP_SLIST_EMPTY(&syn_list) ) {
+ s = LDAP_SLIST_FIRST(&syn_list);
+ LDAP_SLIST_REMOVE_HEAD(&syn_list, ssyn_next);
+ ldap_syntax_free((LDAPSyntax *)s);
+ }
+}
+
+static int
+syn_insert(
+ Syntax *ssyn,
+ const char **err
+)
+{
+ struct sindexrec *sir;
+
+ LDAP_SLIST_NEXT( ssyn, ssyn_next ) = NULL;
+ LDAP_SLIST_INSERT_HEAD( &syn_list, ssyn, ssyn_next );
+
+ if ( ssyn->ssyn_oid ) {
+ sir = (struct sindexrec *)
+ SLAP_CALLOC( 1, sizeof(struct sindexrec) );
+ if( sir == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "SLAP_CALLOC Error\n", 0, 0, 0 );
+ return LDAP_OTHER;
+ }
+ sir->sir_name = ssyn->ssyn_oid;
+ sir->sir_syn = ssyn;
+ if ( avl_insert( &syn_index, (caddr_t) sir,
+ syn_index_cmp, avl_dup_error ) ) {
+ *err = ssyn->ssyn_oid;
+ ldap_memfree(sir);
+ return SLAP_SCHERR_SYN_DUP;
+ }
+ /* FIX: temporal consistency check */
+ syn_find(sir->sir_name);
+ }
+ return 0;
+}
+
+int
+syn_add(
+ LDAPSyntax *syn,
+ slap_syntax_defs_rec *def,
+ const char **err
+)
+{
+ Syntax *ssyn;
+ int code;
+
+ ssyn = (Syntax *) SLAP_CALLOC( 1, sizeof(Syntax) );
+ if( ssyn == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "SLAP_CALLOC Error\n", 0, 0, 0 );
+ return LDAP_OTHER;
+ }
+
+ AC_MEMCPY( &ssyn->ssyn_syn, syn, sizeof(LDAPSyntax) );
+
+ LDAP_SLIST_NEXT(ssyn,ssyn_next) = NULL;
+
+ /*
+ * note: ssyn_bvoid uses the same memory of ssyn_syn.syn_oid;
+ * ssyn_oidlen is #defined as ssyn_bvoid.bv_len
+ */
+ ssyn->ssyn_bvoid.bv_val = ssyn->ssyn_syn.syn_oid;
+ ssyn->ssyn_oidlen = strlen(syn->syn_oid);
+ ssyn->ssyn_flags = def->sd_flags;
+ ssyn->ssyn_validate = def->sd_validate;
+ ssyn->ssyn_pretty = def->sd_pretty;
+
+#ifdef SLAPD_BINARY_CONVERSION
+ ssyn->ssyn_ber2str = def->sd_ber2str;
+ ssyn->ssyn_str2ber = def->sd_str2ber;
+#endif
+
+ code = syn_insert(ssyn, err);
+ return code;
+}
+
+int
+register_syntax(
+ slap_syntax_defs_rec *def )
+{
+ LDAPSyntax *syn;
+ int code;
+ const char *err;
+
+ syn = ldap_str2syntax( def->sd_desc, &code, &err, LDAP_SCHEMA_ALLOW_ALL);
+ if ( !syn ) {
+ Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s before %s in %s\n",
+ ldap_scherr2str(code), err, def->sd_desc );
+
+ return( -1 );
+ }
+
+ code = syn_add( syn, def, &err );
+
+ if ( code ) {
+ Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s %s in %s\n",
+ scherr2str(code), err, def->sd_desc );
+ ldap_syntax_free( syn );
+
+ return( -1 );
+ }
+
+ ldap_memfree( syn );
+
+ return( 0 );
+}
+
+int
+syn_schema_info( Entry *e )
+{
+ AttributeDescription *ad_ldapSyntaxes = slap_schema.si_ad_ldapSyntaxes;
+ Syntax *syn;
+ struct berval val;
+ struct berval nval;
+
+ LDAP_SLIST_FOREACH(syn, &syn_list, ssyn_next ) {
+ if ( ! syn->ssyn_validate ) {
+ /* skip syntaxes without validators */
+ continue;
+ }
+ if ( syn->ssyn_flags & SLAP_SYNTAX_HIDE ) {
+ /* hide syntaxes */
+ continue;
+ }
+
+ if ( ldap_syntax2bv( &syn->ssyn_syn, &val ) == NULL ) {
+ return -1;
+ }
+#if 0
+ Debug( LDAP_DEBUG_TRACE, "Merging syn [%ld] %s\n",
+ (long) val.bv_len, val.bv_val, 0 );
+#endif
+
+ nval.bv_val = syn->ssyn_oid;
+ nval.bv_len = strlen(syn->ssyn_oid);
+
+ if( attr_merge_one( e, ad_ldapSyntaxes, &val, &nval ) )
+ {
+ return -1;
+ }
+ ldap_memfree( val.bv_val );
+ }
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/unbind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/unbind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/unbind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,61 @@
+/* unbind.c - decode an ldap unbind operation and pass it to a backend db */
+/* $OpenLDAP: pkg/ldap/servers/slapd/unbind.c,v 1.23.2.4 2007/01/02 21:43:59 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ *
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+
+#include "slap.h"
+
+int
+do_unbind( Operation *op, SlapReply *rs )
+{
+ Debug( LDAP_DEBUG_TRACE, "do_unbind\n", 0, 0, 0 );
+
+ /*
+ * Parse the unbind request. It looks like this:
+ *
+ * UnBindRequest ::= NULL
+ */
+
+ Statslog( LDAP_DEBUG_STATS, "%s UNBIND\n", op->o_log_prefix,
+ 0, 0, 0, 0 );
+
+ if ( frontendDB->be_unbind ) {
+ op->o_bd = frontendDB;
+ (void)frontendDB->be_unbind( op, rs );
+ op->o_bd = NULL;
+ }
+
+ /* pass the unbind to all backends */
+ (void)backend_unbind( op, rs );
+
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slapd/user.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/user.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/user.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,176 @@
+/* user.c - set user id, group id and group access list */
+/* $OpenLDAP: pkg/ldap/servers/slapd/user.c,v 1.22.2.4 2007/01/02 21:43:59 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 1999 PM Lashley.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+
+#include <ac/ctype.h>
+#include <ac/unistd.h>
+
+#include "slap.h"
+#include "lutil.h"
+
+/*
+ * Set real and effective user id and group id, and group access list
+ * The user and group arguments are freed.
+ */
+
+void
+slap_init_user( char *user, char *group )
+{
+ uid_t uid = 0;
+ gid_t gid = 0;
+ int got_uid = 0, got_gid = 0;
+
+ if ( user ) {
+ struct passwd *pwd;
+ if ( isdigit( (unsigned char) *user ) ) {
+ unsigned u;
+
+ got_uid = 1;
+ if ( lutil_atou( &u, user ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "Unble to parse user %s\n",
+ user, 0, 0 );
+
+ exit( EXIT_FAILURE );
+ }
+ uid = (uid_t)u;
+#ifdef HAVE_GETPWUID
+ pwd = getpwuid( uid );
+ goto did_getpw;
+#else
+ free( user );
+ user = NULL;
+#endif
+ } else {
+ pwd = getpwnam( user );
+ did_getpw:
+ if ( pwd == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "No passwd entry for user %s\n",
+ user, 0, 0 );
+
+ exit( EXIT_FAILURE );
+ }
+ if ( got_uid ) {
+ free( user );
+ user = (pwd != NULL ? ch_strdup( pwd->pw_name ) : NULL);
+ } else {
+ got_uid = 1;
+ uid = pwd->pw_uid;
+ }
+ got_gid = 1;
+ gid = pwd->pw_gid;
+#ifdef HAVE_ENDPWENT
+ endpwent();
+#endif
+ }
+ }
+
+ if ( group ) {
+ struct group *grp;
+ if ( isdigit( (unsigned char) *group )) {
+ unsigned g;
+
+ if ( lutil_atou( &g, group ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "Unble to parse group %s\n",
+ group, 0, 0 );
+
+ exit( EXIT_FAILURE );
+ }
+ gid = (uid_t)g;
+#ifdef HAVE_GETGRGID
+ grp = getgrgid( gid );
+ goto did_group;
+#endif
+ } else {
+ grp = getgrnam( group );
+ if ( grp != NULL )
+ gid = grp->gr_gid;
+ did_group:
+ if ( grp == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "No group entry for group %s\n",
+ group, 0, 0 );
+
+ exit( EXIT_FAILURE );
+ }
+ }
+ free( group );
+ got_gid = 1;
+ }
+
+ if ( user ) {
+ if ( getuid() == 0 && initgroups( user, gid ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Could not set the group access (gid) list\n", 0, 0, 0 );
+
+ exit( EXIT_FAILURE );
+ }
+ free( user );
+ }
+
+#ifdef HAVE_ENDGRENT
+ endgrent();
+#endif
+
+ if ( got_gid ) {
+ if ( setgid( gid ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "Could not set real group id to %d\n",
+ (int) gid, 0, 0 );
+
+ exit( EXIT_FAILURE );
+ }
+#ifdef HAVE_SETEGID
+ if ( setegid( gid ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "Could not set effective group id to %d\n",
+ (int) gid, 0, 0 );
+
+ exit( EXIT_FAILURE );
+ }
+#endif
+ }
+
+ if ( got_uid ) {
+ if ( setuid( uid ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "Could not set real user id to %d\n",
+ (int) uid, 0, 0 );
+
+ exit( EXIT_FAILURE );
+ }
+#ifdef HAVE_SETEUID
+ if ( seteuid( uid ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "Could not set effective user id to %d\n",
+ (int) uid, 0, 0 );
+
+ exit( EXIT_FAILURE );
+ }
+#endif
+ }
+}
+
+#endif /* HAVE_PWD_H && HAVE_GRP_H */
Added: openldap/vendor/openldap-2.3.35/servers/slapd/value.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/value.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/value.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,757 @@
+/* value.c - routines for dealing with values */
+/* $OpenLDAP: pkg/ldap/servers/slapd/value.c,v 1.79.2.14 2007/01/02 21:43:59 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/*
+ * Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include <sys/stat.h>
+
+#include "slap.h"
+
+int
+value_add(
+ BerVarray *vals,
+ BerVarray addvals )
+{
+ int n, nn = 0;
+ BerVarray v2;
+
+ if ( addvals != NULL ) {
+ for ( ; !BER_BVISNULL( &addvals[nn] ); nn++ )
+ ; /* NULL */
+ }
+
+ if ( *vals == NULL ) {
+ *vals = (BerVarray) SLAP_MALLOC( (nn + 1)
+ * sizeof(struct berval) );
+ if( *vals == NULL ) {
+ Debug(LDAP_DEBUG_TRACE,
+ "value_add: SLAP_MALLOC failed.\n", 0, 0, 0 );
+ return LBER_ERROR_MEMORY;
+ }
+ n = 0;
+
+ } else {
+ for ( n = 0; !BER_BVISNULL( &(*vals)[n] ); n++ ) {
+ ; /* Empty */
+ }
+ *vals = (BerVarray) ch_realloc( (char *) *vals,
+ (n + nn + 1) * sizeof(struct berval) );
+ if( *vals == NULL ) {
+ Debug(LDAP_DEBUG_TRACE,
+ "value_add: SLAP_MALLOC failed.\n", 0, 0, 0 );
+ return LBER_ERROR_MEMORY;
+ }
+ }
+
+ v2 = &(*vals)[n];
+ for ( ; !BER_BVISNULL( addvals ); v2++, addvals++ ) {
+ ber_dupbv( v2, addvals );
+ if ( BER_BVISNULL( v2 ) ) break;
+ }
+ BER_BVZERO( v2 );
+
+ return LDAP_SUCCESS;
+}
+
+int
+value_add_one(
+ BerVarray *vals,
+ struct berval *addval )
+{
+ int n;
+ BerVarray v2;
+
+ if ( *vals == NULL ) {
+ *vals = (BerVarray) SLAP_MALLOC( 2 * sizeof(struct berval) );
+ if( *vals == NULL ) {
+ Debug(LDAP_DEBUG_TRACE,
+ "value_add_one: SLAP_MALLOC failed.\n", 0, 0, 0 );
+ return LBER_ERROR_MEMORY;
+ }
+ n = 0;
+
+ } else {
+ for ( n = 0; !BER_BVISNULL( &(*vals)[n] ); n++ ) {
+ ; /* Empty */
+ }
+ *vals = (BerVarray) ch_realloc( (char *) *vals,
+ (n + 2) * sizeof(struct berval) );
+ if( *vals == NULL ) {
+ Debug(LDAP_DEBUG_TRACE,
+ "value_add_one: SLAP_MALLOC failed.\n", 0, 0, 0 );
+ return LBER_ERROR_MEMORY;
+ }
+ }
+
+ v2 = &(*vals)[n];
+ ber_dupbv(v2, addval);
+
+ v2++;
+ BER_BVZERO( v2 );
+
+ return LDAP_SUCCESS;
+}
+
+int asserted_value_validate_normalize(
+ AttributeDescription *ad,
+ MatchingRule *mr,
+ unsigned usage,
+ struct berval *in,
+ struct berval *out,
+ const char ** text,
+ void *ctx )
+{
+ int rc;
+ struct berval pval;
+ pval.bv_val = NULL;
+
+ /* we expect the value to be in the assertion syntax */
+ assert( !SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX(usage) );
+
+ if( mr == NULL ) {
+ *text = "inappropriate matching request";
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ if( !mr->smr_match ) {
+ *text = "requested matching rule not supported";
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ if( mr->smr_syntax->ssyn_pretty ) {
+ rc = (mr->smr_syntax->ssyn_pretty)( mr->smr_syntax, in, &pval, ctx );
+ in = &pval;
+
+ } else if ( mr->smr_syntax->ssyn_validate ) {
+ rc = (mr->smr_syntax->ssyn_validate)( mr->smr_syntax, in );
+
+ } else {
+ *text = "inappropriate matching request";
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ if( rc != LDAP_SUCCESS ) {
+ *text = "value does not conform to assertion syntax";
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if( mr->smr_normalize ) {
+ rc = (mr->smr_normalize)(
+ usage|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ ad ? ad->ad_type->sat_syntax : NULL,
+ mr, in, out, ctx );
+
+ if( pval.bv_val ) ber_memfree_x( pval.bv_val, ctx );
+
+ if( rc != LDAP_SUCCESS ) {
+ *text = "unable to normalize value for matching";
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ } else if ( pval.bv_val != NULL ) {
+ *out = pval;
+
+ } else {
+ ber_dupbv_x( out, in, ctx );
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int
+value_match(
+ int *match,
+ AttributeDescription *ad,
+ MatchingRule *mr,
+ unsigned flags,
+ struct berval *v1, /* stored value */
+ void *v2, /* assertion */
+ const char ** text )
+{
+ int rc;
+
+ assert( mr != NULL );
+
+ if( !mr->smr_match ) {
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ rc = (mr->smr_match)( match, flags,
+ ad->ad_type->sat_syntax, mr, v1, v2 );
+
+ return rc;
+}
+
+int value_find_ex(
+ AttributeDescription *ad,
+ unsigned flags,
+ BerVarray vals,
+ struct berval *val,
+ void *ctx )
+{
+ int i;
+ int rc;
+ struct berval nval = BER_BVNULL;
+ MatchingRule *mr = ad->ad_type->sat_equality;
+
+ if( mr == NULL || !mr->smr_match ) {
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
+ assert(SLAP_IS_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH( flags ));
+
+ if( !SLAP_IS_MR_ASSERTED_VALUE_NORMALIZED_MATCH( flags ) &&
+ mr->smr_normalize )
+ {
+ rc = (mr->smr_normalize)(
+ flags & (SLAP_MR_TYPE_MASK|SLAP_MR_SUBTYPE_MASK|SLAP_MR_VALUE_OF_SYNTAX),
+ ad ? ad->ad_type->sat_syntax : NULL,
+ mr, val, &nval, ctx );
+
+ if( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ for ( i = 0; vals[i].bv_val != NULL; i++ ) {
+ int match;
+ const char *text;
+
+ rc = value_match( &match, ad, mr, flags,
+ &vals[i], nval.bv_val == NULL ? val : &nval, &text );
+
+ if( rc == LDAP_SUCCESS && match == 0 ) {
+ slap_sl_free( nval.bv_val, ctx );
+ return rc;
+ }
+ }
+
+ slap_sl_free( nval.bv_val, ctx );
+ return LDAP_NO_SUCH_ATTRIBUTE;
+}
+
+/* assign new indexes to an attribute's ordered values */
+void
+ordered_value_renumber( Attribute *a, int vals )
+{
+ char *ptr, ibuf[64]; /* many digits */
+ struct berval ibv, tmp, vtmp;
+ int i;
+
+ ibv.bv_val = ibuf;
+
+ for (i=0; i<vals; i++) {
+ ibv.bv_len = sprintf(ibv.bv_val, "{%d}", i);
+ vtmp = a->a_vals[i];
+ if ( vtmp.bv_val[0] == '{' ) {
+ ptr = ber_bvchr(&vtmp, '}');
+ assert( ptr != NULL );
+ ++ptr;
+ vtmp.bv_len -= ptr - vtmp.bv_val;
+ vtmp.bv_val = ptr;
+ }
+ tmp.bv_len = ibv.bv_len + vtmp.bv_len;
+ tmp.bv_val = ch_malloc( tmp.bv_len + 1 );
+ strcpy( tmp.bv_val, ibv.bv_val );
+ AC_MEMCPY( tmp.bv_val + ibv.bv_len, vtmp.bv_val, vtmp.bv_len );
+ tmp.bv_val[tmp.bv_len] = '\0';
+ ch_free( a->a_vals[i].bv_val );
+ a->a_vals[i] = tmp;
+
+ if ( a->a_nvals && a->a_nvals != a->a_vals ) {
+ vtmp = a->a_nvals[i];
+ if ( vtmp.bv_val[0] == '{' ) {
+ ptr = ber_bvchr(&vtmp, '}');
+ assert( ptr != NULL );
+ ++ptr;
+ vtmp.bv_len -= ptr - vtmp.bv_val;
+ vtmp.bv_val = ptr;
+ }
+ tmp.bv_len = ibv.bv_len + vtmp.bv_len;
+ tmp.bv_val = ch_malloc( tmp.bv_len + 1 );
+ strcpy( tmp.bv_val, ibv.bv_val );
+ AC_MEMCPY( tmp.bv_val + ibv.bv_len, vtmp.bv_val, vtmp.bv_len );
+ tmp.bv_val[tmp.bv_len] = '\0';
+ ch_free( a->a_nvals[i].bv_val );
+ a->a_nvals[i] = tmp;
+ }
+ }
+}
+
+/* Sort the values in an X-ORDERED VALUES attribute.
+ * If the values have no index, index them in their given order.
+ * If the values have indexes, sort them.
+ * If some are indexed and some are not, return Error.
+ */
+int
+ordered_value_sort( Attribute *a, int do_renumber )
+{
+ int i, vals;
+ int index = 0, noindex = 0, renumber = 0, gotnvals = 0;
+ struct berval tmp;
+
+ if ( a->a_nvals && a->a_nvals != a->a_vals )
+ gotnvals = 1;
+
+ /* count attrs, look for index */
+ for (i=0; a->a_vals[i].bv_val; i++) {
+ if ( a->a_vals[i].bv_val[0] == '{' ) {
+ char *ptr;
+ index = 1;
+ ptr = ber_bvchr( &a->a_vals[i], '}' );
+ if ( !ptr )
+ return LDAP_INVALID_SYNTAX;
+ if ( noindex )
+ return LDAP_INVALID_SYNTAX;
+ } else {
+ noindex = 1;
+ if ( index )
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+ vals = i;
+
+ /* If values have indexes, sort the values */
+ if ( index ) {
+ int *indexes, j, idx;
+ struct berval ntmp;
+
+#if 0
+ /* Strip index from normalized values */
+ if ( !a->a_nvals || a->a_vals == a->a_nvals ) {
+ a->a_nvals = ch_malloc( (vals+1)*sizeof(struct berval));
+ BER_BVZERO(a->a_nvals+vals);
+ for ( i=0; i<vals; i++ ) {
+ char *ptr = ber_bvchr(&a->a_vals[i], '}') + 1;
+ a->a_nvals[i].bv_len = a->a_vals[i].bv_len -
+ (ptr - a->a_vals[i].bv_val);
+ a->a_nvals[i].bv_val = ch_malloc( a->a_nvals[i].bv_len + 1);
+ strcpy(a->a_nvals[i].bv_val, ptr );
+ }
+ } else {
+ for ( i=0; i<vals; i++ ) {
+ char *ptr = ber_bvchr(&a->a_nvals[i], '}') + 1;
+ a->a_nvals[i].bv_len -= ptr - a->a_nvals[i].bv_val;
+ strcpy(a->a_nvals[i].bv_val, ptr);
+ }
+ }
+#endif
+
+ indexes = ch_malloc( vals * sizeof(int) );
+ for ( i=0; i<vals; i++) {
+ char *ptr;
+ indexes[i] = strtol(a->a_vals[i].bv_val+1, &ptr, 0);
+ if ( *ptr != '}' ) {
+ ch_free( indexes );
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ /* Insertion sort */
+ for ( i=1; i<vals; i++ ) {
+ idx = indexes[i];
+ tmp = a->a_vals[i];
+ if ( gotnvals ) ntmp = a->a_nvals[i];
+ j = i;
+ while ((j > 0) && (indexes[j-1] > idx)) {
+ indexes[j] = indexes[j-1];
+ a->a_vals[j] = a->a_vals[j-1];
+ if ( gotnvals ) a->a_nvals[j] = a->a_nvals[j-1];
+ j--;
+ }
+ indexes[j] = idx;
+ a->a_vals[j] = tmp;
+ if ( gotnvals ) a->a_nvals[j] = ntmp;
+ }
+
+ /* If range is not contiguous, must renumber */
+ if ( indexes[0] != 0 || indexes[vals-1] != vals-1 ) {
+ renumber = 1;
+ }
+ ch_free( indexes );
+ } else {
+ renumber = 1;
+ }
+
+ if ( do_renumber && renumber )
+ ordered_value_renumber( a, vals );
+
+ return 0;
+}
+
+/*
+ * wrapper for validate function
+ * uses the validate function of the syntax after removing
+ * the index, if allowed and present
+ */
+int
+ordered_value_validate(
+ AttributeDescription *ad,
+ struct berval *in,
+ int mop )
+{
+ struct berval bv = *in;
+
+ assert( ad->ad_type->sat_syntax != NULL );
+ assert( ad->ad_type->sat_syntax->ssyn_validate != NULL );
+
+ if ( ad->ad_type->sat_flags & SLAP_AT_ORDERED ) {
+
+ /* Skip past the assertion index */
+ if ( bv.bv_val[0] == '{' ) {
+ char *ptr;
+
+ ptr = ber_bvchr( &bv, '}' );
+ if ( ptr == NULL ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ ptr++;
+ bv.bv_len -= ptr - bv.bv_val;
+ bv.bv_val = ptr;
+ in = &bv;
+ /* If deleting by index, just succeed */
+ if ( mop == LDAP_MOD_DELETE && BER_BVISEMPTY( &bv ))
+ return LDAP_SUCCESS;
+ }
+ }
+
+ return ad->ad_type->sat_syntax->ssyn_validate( ad->ad_type->sat_syntax, in );
+}
+
+/*
+ * wrapper for pretty function
+ * uses the pretty function of the syntax after removing
+ * the index, if allowed and present; in case, it's prepended
+ * to the pretty value
+ */
+int
+ordered_value_pretty(
+ AttributeDescription *ad,
+ struct berval *val,
+ struct berval *out,
+ void *ctx )
+{
+ struct berval bv = *val,
+ idx = BER_BVNULL;
+ int rc;
+
+ assert( ad->ad_type->sat_syntax != NULL );
+ assert( ad->ad_type->sat_syntax->ssyn_pretty != NULL );
+ assert( val != NULL );
+ assert( out != NULL );
+
+ if ( ad->ad_type->sat_flags & SLAP_AT_ORDERED ) {
+
+ /* Skip past the assertion index */
+ if ( bv.bv_val[0] == '{' ) {
+ char *ptr;
+
+ ptr = ber_bvchr( &bv, '}' );
+ if ( ptr == NULL ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ ptr++;
+
+ idx = bv;
+ idx.bv_len = ptr - bv.bv_val;
+
+ bv.bv_len -= idx.bv_len;
+ bv.bv_val = ptr;
+
+ val = &bv;
+ }
+ }
+
+ rc = ad->ad_type->sat_syntax->ssyn_pretty( ad->ad_type->sat_syntax, val, out, ctx );
+
+ if ( rc == LDAP_SUCCESS && !BER_BVISNULL( &idx ) ) {
+ bv = *out;
+
+ out->bv_len = idx.bv_len + bv.bv_len;
+ out->bv_val = ber_memalloc_x( out->bv_len + 1, ctx );
+
+ AC_MEMCPY( out->bv_val, idx.bv_val, idx.bv_len );
+ AC_MEMCPY( &out->bv_val[ idx.bv_len ], bv.bv_val, bv.bv_len + 1 );
+
+ ber_memfree_x( bv.bv_val, ctx );
+ }
+
+ return rc;
+}
+
+/*
+ * wrapper for normalize function
+ * uses the normalize function of the attribute description equality rule
+ * after removing the index, if allowed and present; in case, it's
+ * prepended to the value
+ */
+int
+ordered_value_normalize(
+ slap_mask_t usage,
+ AttributeDescription *ad,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx )
+{
+ struct berval bv = *val,
+ idx = BER_BVNULL;
+ int rc;
+
+ assert( ad->ad_type->sat_equality != NULL );
+ assert( ad->ad_type->sat_equality->smr_normalize != NULL );
+ assert( val != NULL );
+ assert( normalized != NULL );
+
+ if ( ad->ad_type->sat_flags & SLAP_AT_ORDERED ) {
+
+ /* Skip past the assertion index */
+ if ( bv.bv_val[ 0 ] == '{' ) {
+ char *ptr;
+
+ ptr = ber_bvchr( &bv, '}' );
+ if ( ptr == NULL ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ ptr++;
+
+ idx = bv;
+ idx.bv_len = ptr - bv.bv_val;
+
+ bv.bv_len -= idx.bv_len;
+ bv.bv_val = ptr;
+
+ /* validator will already prevent this for Adds */
+ if ( BER_BVISEMPTY( &bv )) {
+ ber_dupbv_x( normalized, &idx, ctx );
+ return LDAP_SUCCESS;
+ }
+ val = &bv;
+ }
+ }
+
+ rc = ad->ad_type->sat_equality->smr_normalize( usage,
+ ad->ad_type->sat_syntax, mr, val, normalized, ctx );
+
+ if ( rc == LDAP_SUCCESS && !BER_BVISNULL( &idx ) ) {
+ bv = *normalized;
+
+ normalized->bv_len = idx.bv_len + bv.bv_len;
+ normalized->bv_val = ber_memalloc_x( normalized->bv_len + 1, ctx );
+
+ AC_MEMCPY( normalized->bv_val, idx.bv_val, idx.bv_len );
+ AC_MEMCPY( &normalized->bv_val[ idx.bv_len ], bv.bv_val, bv.bv_len + 1 );
+
+ ber_memfree_x( bv.bv_val, ctx );
+ }
+
+ return rc;
+}
+
+/* A wrapper for value match, handles Equality matches for attributes
+ * with ordered values.
+ */
+int
+ordered_value_match(
+ int *match,
+ AttributeDescription *ad,
+ MatchingRule *mr,
+ unsigned flags,
+ struct berval *v1, /* stored value */
+ struct berval *v2, /* assertion */
+ const char ** text )
+{
+ struct berval bv1, bv2;
+
+ /* X-ORDERED VALUES equality matching:
+ * If (SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX) that means we are
+ * comparing two attribute values. In this case, we want to ignore
+ * the ordering index of both values, we just want to know if their
+ * main values are equal.
+ *
+ * If (SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX) then we are comparing
+ * an assertion against an attribute value.
+ * If the assertion has no index, the index of the value is ignored.
+ * If the assertion has only an index, the remainder of the value is
+ * ignored.
+ * If the assertion has index and value, both are compared.
+ */
+ if ( ad->ad_type->sat_flags & SLAP_AT_ORDERED ) {
+ char *ptr;
+ struct berval iv;
+
+ bv1 = *v1;
+ bv2 = *v2;
+ iv = bv2;
+
+ /* Skip past the assertion index */
+ if ( bv2.bv_val[0] == '{' ) {
+ ptr = ber_bvchr( &bv2, '}' );
+ if ( ptr == NULL ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ ptr++;
+ bv2.bv_len -= ptr - bv2.bv_val;
+ bv2.bv_val = ptr;
+ v2 = &bv2;
+ }
+
+ if ( SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX( flags )) {
+ if ( iv.bv_val[0] == '{' && bv1.bv_val[0] == '{' ) {
+ /* compare index values first */
+ long l1, l2, ret;
+
+ l1 = strtol( bv1.bv_val+1, NULL, 0 );
+ l2 = strtol( iv.bv_val+1, &ptr, 0 );
+
+ ret = l1 - l2;
+
+ /* If not equal, or we're only comparing the index,
+ * return result now.
+ */
+ if ( ret || ptr == iv.bv_val + iv.bv_len - 1 ) {
+ *match = ( ret < 0 ) ? -1 : (ret > 0 );
+ return LDAP_SUCCESS;
+ }
+ }
+ }
+ /* Skip past the attribute index */
+ if ( bv1.bv_val[0] == '{' ) {
+ ptr = ber_bvchr( &bv1, '}' );
+ if ( ptr == NULL ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ ptr++;
+ bv1.bv_len -= ptr - bv1.bv_val;
+ bv1.bv_val = ptr;
+ v1 = &bv1;
+ }
+ }
+
+ if ( !mr || !mr->smr_match ) {
+ *match = ber_bvcmp( v1, v2 );
+ return LDAP_SUCCESS;
+ }
+
+ return value_match( match, ad, mr, flags, v1, v2, text );
+}
+
+int
+ordered_value_add(
+ Entry *e,
+ AttributeDescription *ad,
+ Attribute *a,
+ BerVarray vals,
+ BerVarray nvals
+)
+{
+ int i, j, k, anum, vnum;
+ BerVarray new, nnew = NULL;
+
+ /* count new vals */
+ for (i=0; !BER_BVISNULL( vals+i ); i++) ;
+ vnum = i;
+
+ if ( a ) {
+ for (i=0; !BER_BVISNULL( a->a_vals+i ); i++) ;
+ anum = i;
+ ordered_value_sort( a, 0 );
+ } else {
+ Attribute **ap;
+ anum = 0;
+ for ( ap=&e->e_attrs; *ap; ap = &(*ap)->a_next ) ;
+ a = ch_calloc( 1, sizeof(Attribute) );
+ a->a_desc = ad;
+ *ap = a;
+ }
+
+ new = ch_malloc( (anum+vnum+1) * sizeof(struct berval));
+ if ( a->a_nvals && a->a_nvals != a->a_vals ) {
+ nnew = ch_malloc( (anum+vnum+1) * sizeof(struct berval));
+ /* Shouldn't happen... */
+ if ( !nvals ) nvals = vals;
+ }
+ if ( anum ) {
+ AC_MEMCPY( new, a->a_vals, anum * sizeof(struct berval));
+ if ( nnew )
+ AC_MEMCPY( nnew, a->a_nvals, anum * sizeof(struct berval));
+ }
+
+ for (i=0; i<vnum; i++) {
+ char *next;
+
+ k = -1;
+ if ( vals[i].bv_val[0] == '{' ) {
+ k = strtol( vals[i].bv_val + 1, &next, 0 );
+ if ( next == vals[i].bv_val + 1 ||
+ next[ 0 ] != '}' ||
+ next - vals[i].bv_val > vals[i].bv_len )
+ {
+ return -1;
+ }
+ if ( k > anum ) k = -1;
+ }
+ /* No index, or index is greater than current number of
+ * values, just tack onto the end
+ */
+ if ( k < 0 ) {
+ ber_dupbv( new+anum, vals+i );
+ if ( nnew ) ber_dupbv( nnew+anum, nvals+i );
+
+ /* Indexed, push everything else down one and insert */
+ } else {
+ for (j=anum; j>k; j--) {
+ new[j] = new[j-1];
+ if ( nnew ) nnew[j] = nnew[j-1];
+ }
+ ber_dupbv( new+k, vals+i );
+ if ( nnew ) ber_dupbv( nnew+k, nvals+i );
+ }
+ anum++;
+ }
+ BER_BVZERO( new+anum );
+ ch_free( a->a_vals );
+ a->a_vals = new;
+ if ( nnew ) {
+ BER_BVZERO( nnew+anum );
+ ch_free( a->a_nvals );
+ a->a_nvals = nnew;
+ } else {
+ a->a_nvals = a->a_vals;
+ }
+
+ ordered_value_renumber( a, anum );
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slapd/zn_malloc.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slapd/zn_malloc.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slapd/zn_malloc.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,972 @@
+/* zn_malloc.c - zone-based malloc routines */
+/* $OpenLDAP: pkg/ldap/servers/slapd/zn_malloc.c,v 1.3.2.7 2007/01/02 21:43:59 kurt Exp $*/
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright 2004 IBM Corporation
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ */
+/* ACKNOWLEDGEMENTS
+ * This work originally developed by Jong-Hyuk Choi for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+#include <sys/types.h>
+#include <fcntl.h>
+
+#include "slap.h"
+
+#ifdef SLAP_ZONE_ALLOC
+
+#include <sys/mman.h>
+
+static int slap_zone_cmp(const void *v1, const void *v2);
+void * slap_replenish_zopool(void *ctx);
+
+static void
+slap_zo_release(void *data)
+{
+ struct zone_object *zo = (struct zone_object *)data;
+ ch_free( zo );
+}
+
+void
+slap_zn_mem_destroy(
+ void *ctx
+)
+{
+ struct zone_heap *zh = ctx;
+ int pad = 2*sizeof(int)-1, pad_shift;
+ int order_start = -1, i, j;
+ struct zone_object *zo;
+
+ pad_shift = pad - 1;
+ do {
+ order_start++;
+ } while (pad_shift >>= 1);
+
+ ldap_pvt_thread_mutex_lock( &zh->zh_mutex );
+ for (i = 0; i < zh->zh_zoneorder - order_start + 1; i++) {
+ zo = LDAP_LIST_FIRST(&zh->zh_free[i]);
+ while (zo) {
+ struct zone_object *zo_tmp = zo;
+ zo = LDAP_LIST_NEXT(zo, zo_link);
+ LDAP_LIST_REMOVE(zo_tmp, zo_link);
+ LDAP_LIST_INSERT_HEAD(&zh->zh_zopool, zo_tmp, zo_link);
+ }
+ }
+ ch_free(zh->zh_free);
+
+ for (i = 0; i < zh->zh_numzones; i++) {
+ for (j = 0; j < zh->zh_zoneorder - order_start + 1; j++) {
+ ch_free(zh->zh_maps[i][j]);
+ }
+ ch_free(zh->zh_maps[i]);
+ munmap(zh->zh_zones[i], zh->zh_zonesize);
+ ldap_pvt_thread_rdwr_destroy(&zh->zh_znlock[i]);
+ }
+ ch_free(zh->zh_maps);
+ ch_free(zh->zh_zones);
+ ch_free(zh->zh_seqno);
+ ch_free(zh->zh_znlock);
+
+ avl_free(zh->zh_zonetree, slap_zo_release);
+
+ zo = LDAP_LIST_FIRST(&zh->zh_zopool);
+ while (zo) {
+ struct zone_object *zo_tmp = zo;
+ zo = LDAP_LIST_NEXT(zo, zo_link);
+ if (!zo_tmp->zo_blockhead) {
+ LDAP_LIST_REMOVE(zo_tmp, zo_link);
+ }
+ }
+ zo = LDAP_LIST_FIRST(&zh->zh_zopool);
+ while (zo) {
+ struct zone_object *zo_tmp = zo;
+ zo = LDAP_LIST_NEXT(zo, zo_link);
+ ch_free(zo_tmp);
+ }
+ ldap_pvt_thread_mutex_unlock(&zh->zh_mutex);
+ ldap_pvt_thread_rdwr_destroy(&zh->zh_lock);
+ ldap_pvt_thread_mutex_destroy(&zh->zh_mutex);
+ ch_free(zh);
+}
+
+void *
+slap_zn_mem_create(
+ ber_len_t initsize,
+ ber_len_t maxsize,
+ ber_len_t deltasize,
+ ber_len_t zonesize
+)
+{
+ struct zone_heap *zh = NULL;
+ ber_len_t zpad;
+ int pad = 2*sizeof(int)-1, pad_shift;
+ int size_shift;
+ int order = -1, order_start = -1, order_end = -1;
+ int i, j;
+ struct zone_object *zo;
+
+ Debug(LDAP_DEBUG_NONE,
+ "--> slap_zn_mem_create: initsize=%d, maxsize=%d\n",
+ initsize, maxsize, 0);
+ Debug(LDAP_DEBUG_NONE,
+ "++> slap_zn_mem_create: deltasize=%d, zonesize=%d\n",
+ deltasize, zonesize, 0);
+
+ zh = (struct zone_heap *)ch_calloc(1, sizeof(struct zone_heap));
+
+ zh->zh_fd = open("/dev/zero", O_RDWR);
+
+ if ( zonesize ) {
+ zh->zh_zonesize = zonesize;
+ } else {
+ zh->zh_zonesize = SLAP_ZONE_SIZE;
+ }
+
+ zpad = zh->zh_zonesize - 1;
+ zh->zh_numzones = ((initsize + zpad) & ~zpad) / zh->zh_zonesize;
+
+ if ( maxsize && maxsize >= initsize ) {
+ zh->zh_maxzones = ((maxsize + zpad) & ~zpad) / zh->zh_zonesize;
+ } else {
+ zh->zh_maxzones = ((initsize + zpad) & ~zpad) / zh->zh_zonesize;
+ }
+
+ if ( deltasize ) {
+ zh->zh_deltazones = ((deltasize + zpad) & ~zpad) / zh->zh_zonesize;
+ } else {
+ zh->zh_deltazones = ((SLAP_ZONE_DELTA+zpad) & ~zpad) / zh->zh_zonesize;
+ }
+
+ size_shift = zh->zh_zonesize - 1;
+ do {
+ order_end++;
+ } while (size_shift >>= 1);
+
+ pad_shift = pad - 1;
+ do {
+ order_start++;
+ } while (pad_shift >>= 1);
+
+ order = order_end - order_start + 1;
+
+ zh->zh_zones = (void **)ch_malloc(zh->zh_maxzones * sizeof(void*));
+ zh->zh_znlock = (ldap_pvt_thread_rdwr_t *)ch_malloc(
+ zh->zh_maxzones * sizeof(ldap_pvt_thread_rdwr_t *));
+ zh->zh_maps = (unsigned char ***)ch_malloc(
+ zh->zh_maxzones * sizeof(unsigned char**));
+
+ zh->zh_zoneorder = order_end;
+ zh->zh_free = (struct zh_freelist *)
+ ch_malloc(order * sizeof(struct zh_freelist));
+ zh->zh_seqno = (unsigned long *)ch_calloc(zh->zh_maxzones,
+ sizeof(unsigned long));
+ for (i = 0; i < order; i++) {
+ LDAP_LIST_INIT(&zh->zh_free[i]);
+ }
+ LDAP_LIST_INIT(&zh->zh_zopool);
+
+ for (i = 0; i < zh->zh_numzones; i++) {
+ zh->zh_zones[i] = mmap(0, zh->zh_zonesize, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE, zh->zh_fd, 0);
+ zh->zh_maps[i] = (unsigned char **)
+ ch_malloc(order * sizeof(unsigned char *));
+ for (j = 0; j < order; j++) {
+ int shiftamt = order_start + 1 + j;
+ int nummaps = zh->zh_zonesize >> shiftamt;
+ assert(nummaps);
+ nummaps >>= 3;
+ if (!nummaps) nummaps = 1;
+ zh->zh_maps[i][j] = (unsigned char *)ch_malloc(nummaps);
+ memset(zh->zh_maps[i][j], 0, nummaps);
+ }
+
+ if (LDAP_LIST_EMPTY(&zh->zh_zopool)) {
+ slap_replenish_zopool(zh);
+ }
+ zo = LDAP_LIST_FIRST(&zh->zh_zopool);
+ LDAP_LIST_REMOVE(zo, zo_link);
+ zo->zo_ptr = zh->zh_zones[i];
+ zo->zo_idx = i;
+ LDAP_LIST_INSERT_HEAD(&zh->zh_free[order-1], zo, zo_link);
+
+ if (LDAP_LIST_EMPTY(&zh->zh_zopool)) {
+ slap_replenish_zopool(zh);
+ }
+ zo = LDAP_LIST_FIRST(&zh->zh_zopool);
+ LDAP_LIST_REMOVE(zo, zo_link);
+ zo->zo_ptr = zh->zh_zones[i];
+ zo->zo_siz = zh->zh_zonesize;
+ zo->zo_idx = i;
+ avl_insert(&zh->zh_zonetree, zo, slap_zone_cmp, avl_dup_error);
+ ldap_pvt_thread_rdwr_init(&zh->zh_znlock[i]);
+ }
+
+ LDAP_STAILQ_INIT(&zh->zh_latency_history_queue);
+ ldap_pvt_thread_mutex_init(&zh->zh_mutex);
+ ldap_pvt_thread_rdwr_init(&zh->zh_lock);
+
+ return zh;
+}
+
+void *
+slap_zn_malloc(
+ ber_len_t size,
+ void *ctx
+)
+{
+ struct zone_heap *zh = ctx;
+ ber_len_t size_shift;
+ int pad = 2*sizeof(int)-1, pad_shift;
+ int order = -1, order_start = -1;
+ struct zone_object *zo, *zo_new, *zo_left, *zo_right;
+ ber_len_t *ptr, *new;
+ int idx;
+ unsigned long diff;
+ int i, j, k;
+
+ Debug(LDAP_DEBUG_NONE,
+ "--> slap_zn_malloc: size=%d\n", size, 0, 0);
+
+ if (!zh) return ber_memalloc_x(size, NULL);
+
+ /* round up to doubleword boundary */
+ size += 2*sizeof(ber_len_t) + pad;
+ size &= ~pad;
+
+ size_shift = size - 1;
+ do {
+ order++;
+ } while (size_shift >>= 1);
+
+ pad_shift = pad - 1;
+ do {
+ order_start++;
+ } while (pad_shift >>= 1);
+
+retry:
+
+ ldap_pvt_thread_mutex_lock( &zh->zh_mutex );
+ for (i = order; i <= zh->zh_zoneorder &&
+ LDAP_LIST_EMPTY(&zh->zh_free[i-order_start]); i++);
+
+ if (i == order) {
+ zo_new = LDAP_LIST_FIRST(&zh->zh_free[i-order_start]);
+ LDAP_LIST_REMOVE(zo_new, zo_link);
+ ptr = zo_new->zo_ptr;
+ idx = zo_new->zo_idx;
+ diff = (unsigned long)((char*)ptr -
+ (char*)zh->zh_zones[idx]) >> (order + 1);
+ zh->zh_maps[idx][order-order_start][diff>>3] |= (1 << (diff & 0x7));
+ *ptr++ = zh->zh_seqno[idx];
+ *ptr++ = size - 2*sizeof(ber_len_t);
+ zo_new->zo_ptr = NULL;
+ zo_new->zo_idx = -1;
+ LDAP_LIST_INSERT_HEAD(&zh->zh_zopool, zo_new, zo_link);
+ ldap_pvt_thread_mutex_unlock( &zh->zh_mutex );
+ Debug(LDAP_DEBUG_NONE, "slap_zn_malloc: returning 0x%x, 0x%x\n",
+ ptr, (int)ptr>>(zh->zh_zoneorder+1), 0);
+ return((void*)ptr);
+ } else if (i <= zh->zh_zoneorder) {
+ for (j = i; j > order; j--) {
+ zo_left = LDAP_LIST_FIRST(&zh->zh_free[j-order_start]);
+ LDAP_LIST_REMOVE(zo_left, zo_link);
+ if (LDAP_LIST_EMPTY(&zh->zh_zopool)) {
+ slap_replenish_zopool(zh);
+ }
+ zo_right = LDAP_LIST_FIRST(&zh->zh_zopool);
+ LDAP_LIST_REMOVE(zo_right, zo_link);
+ zo_right->zo_ptr = zo_left->zo_ptr + (1 << j);
+ zo_right->zo_idx = zo_left->zo_idx;
+ Debug(LDAP_DEBUG_NONE,
+ "slap_zn_malloc: split (left=0x%x, right=0x%x)\n",
+ zo_left->zo_ptr, zo_right->zo_ptr, 0);
+ if (j == order + 1) {
+ ptr = zo_left->zo_ptr;
+ diff = (unsigned long)((char*)ptr -
+ (char*)zh->zh_zones[zo_left->zo_idx]) >> (order+1);
+ zh->zh_maps[zo_left->zo_idx][order-order_start][diff>>3] |=
+ (1 << (diff & 0x7));
+ *ptr++ = zh->zh_seqno[zo_left->zo_idx];
+ *ptr++ = size - 2*sizeof(ber_len_t);
+ LDAP_LIST_INSERT_HEAD(
+ &zh->zh_free[j-1-order_start], zo_right, zo_link);
+ LDAP_LIST_INSERT_HEAD(&zh->zh_zopool, zo_left, zo_link);
+ ldap_pvt_thread_mutex_unlock( &zh->zh_mutex );
+ Debug(LDAP_DEBUG_NONE,
+ "slap_zn_malloc: returning 0x%x, 0x%x\n",
+ ptr, (int)ptr>>(zh->zh_zoneorder+1), 0);
+ return((void*)ptr);
+ } else {
+ LDAP_LIST_INSERT_HEAD(
+ &zh->zh_free[j-1-order_start], zo_right, zo_link);
+ LDAP_LIST_INSERT_HEAD(
+ &zh->zh_free[j-1-order_start], zo_left, zo_link);
+ }
+ }
+ assert(0);
+ } else {
+
+ if ( zh->zh_maxzones < zh->zh_numzones + zh->zh_deltazones ) {
+ ldap_pvt_thread_mutex_unlock( &zh->zh_mutex );
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_zn_malloc of %lu bytes failed, using ch_malloc\n",
+ (long)size, 0, 0);
+ Debug(LDAP_DEBUG_NONE,
+ "slap_zn_malloc: returning 0x%x, 0x%x\n",
+ ptr, (int)ptr>>(zh->zh_zoneorder+1), 0);
+ return (void*)ch_malloc(size);
+ }
+
+ for (i = zh->zh_numzones; i < zh->zh_numzones+zh->zh_deltazones; i++) {
+ zh->zh_zones[i] = mmap(0, zh->zh_zonesize, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE, zh->zh_fd, 0);
+ zh->zh_maps[i] = (unsigned char **)
+ ch_malloc((zh->zh_zoneorder - order_start + 1) *
+ sizeof(unsigned char *));
+ for (j = 0; j < zh->zh_zoneorder-order_start+1; j++) {
+ int shiftamt = order_start + 1 + j;
+ int nummaps = zh->zh_zonesize >> shiftamt;
+ assert(nummaps);
+ nummaps >>= 3;
+ if (!nummaps) nummaps = 1;
+ zh->zh_maps[i][j] = (unsigned char *)ch_malloc(nummaps);
+ memset(zh->zh_maps[i][j], 0, nummaps);
+ }
+
+ if (LDAP_LIST_EMPTY(&zh->zh_zopool)) {
+ slap_replenish_zopool(zh);
+ }
+ zo = LDAP_LIST_FIRST(&zh->zh_zopool);
+ LDAP_LIST_REMOVE(zo, zo_link);
+ zo->zo_ptr = zh->zh_zones[i];
+ zo->zo_idx = i;
+ LDAP_LIST_INSERT_HEAD(&zh->
+ zh_free[zh->zh_zoneorder-order_start],zo,zo_link);
+
+ if (LDAP_LIST_EMPTY(&zh->zh_zopool)) {
+ slap_replenish_zopool(zh);
+ }
+ zo = LDAP_LIST_FIRST(&zh->zh_zopool);
+ LDAP_LIST_REMOVE(zo, zo_link);
+ zo->zo_ptr = zh->zh_zones[i];
+ zo->zo_siz = zh->zh_zonesize;
+ zo->zo_idx = i;
+ avl_insert(&zh->zh_zonetree, zo, slap_zone_cmp, avl_dup_error);
+ ldap_pvt_thread_rdwr_init(&zh->zh_znlock[i]);
+ }
+ zh->zh_numzones += zh->zh_deltazones;
+ ldap_pvt_thread_mutex_unlock( &zh->zh_mutex );
+ goto retry;
+ }
+}
+
+void *
+slap_zn_calloc( ber_len_t n, ber_len_t size, void *ctx )
+{
+ void *new;
+
+ new = slap_zn_malloc( n*size, ctx );
+ if ( new ) {
+ memset( new, 0, n*size );
+ }
+ return new;
+}
+
+void *
+slap_zn_realloc(void *ptr, ber_len_t size, void *ctx)
+{
+ struct zone_heap *zh = ctx;
+ int pad = 2*sizeof(int)-1, pad_shift;
+ int order_start = -1, order = -1;
+ struct zone_object zoi, *zoo;
+ ber_len_t *p = (ber_len_t *)ptr, *new;
+ unsigned long diff;
+ int i;
+ void *newptr = NULL;
+ struct zone_heap *zone = NULL;
+
+ Debug(LDAP_DEBUG_NONE,
+ "--> slap_zn_realloc: ptr=0x%x, size=%d\n", ptr, size, 0);
+
+ if (ptr == NULL)
+ return slap_zn_malloc(size, zh);
+
+ zoi.zo_ptr = p;
+ zoi.zo_idx = -1;
+
+ if (zh) {
+ ldap_pvt_thread_mutex_lock( &zh->zh_mutex );
+ zoo = avl_find(zh->zh_zonetree, &zoi, slap_zone_cmp);
+ ldap_pvt_thread_mutex_unlock( &zh->zh_mutex );
+ }
+
+ /* Not our memory? */
+ if (!zoo) {
+ /* duplicate of realloc behavior, oh well */
+ new = ber_memrealloc_x(ptr, size, NULL);
+ if (new) {
+ return new;
+ }
+ Debug(LDAP_DEBUG_ANY, "ch_realloc of %lu bytes failed\n",
+ (long) size, 0, 0);
+ assert(0);
+ exit( EXIT_FAILURE );
+ }
+
+ assert(zoo->zo_idx != -1);
+
+ zone = zh->zh_zones[zoo->zo_idx];
+
+ if (size == 0) {
+ slap_zn_free(ptr, zh);
+ return NULL;
+ }
+
+ newptr = slap_zn_malloc(size, zh);
+ if (size < p[-1]) {
+ AC_MEMCPY(newptr, ptr, size);
+ } else {
+ AC_MEMCPY(newptr, ptr, p[-1]);
+ }
+ slap_zn_free(ptr, zh);
+ return newptr;
+}
+
+void
+slap_zn_free(void *ptr, void *ctx)
+{
+ struct zone_heap *zh = ctx;
+ int size, size_shift, order_size;
+ int pad = 2*sizeof(int)-1, pad_shift;
+ ber_len_t *p = (ber_len_t *)ptr, *tmpp;
+ int order_start = -1, order = -1;
+ struct zone_object zoi, *zoo, *zo;
+ unsigned long diff;
+ int i, k, inserted = 0, idx;
+ struct zone_heap *zone = NULL;
+
+ zoi.zo_ptr = p;
+ zoi.zo_idx = -1;
+
+ Debug(LDAP_DEBUG_NONE, "--> slap_zn_free: ptr=0x%x\n", ptr, 0, 0);
+
+ if (zh) {
+ ldap_pvt_thread_mutex_lock( &zh->zh_mutex );
+ zoo = avl_find(zh->zh_zonetree, &zoi, slap_zone_cmp);
+ ldap_pvt_thread_mutex_unlock( &zh->zh_mutex );
+ }
+
+ if (!zoo) {
+ ber_memfree_x(ptr, NULL);
+ } else {
+ idx = zoo->zo_idx;
+ assert(idx != -1);
+ zone = zh->zh_zones[idx];
+
+ size = *(--p);
+ size_shift = size + 2*sizeof(ber_len_t) - 1;
+ do {
+ order++;
+ } while (size_shift >>= 1);
+
+ pad_shift = pad - 1;
+ do {
+ order_start++;
+ } while (pad_shift >>= 1);
+
+ ldap_pvt_thread_mutex_lock( &zh->zh_mutex );
+ for (i = order, tmpp = p; i <= zh->zh_zoneorder; i++) {
+ order_size = 1 << (i+1);
+ diff = (unsigned long)((char*)tmpp - (char*)zone) >> (i+1);
+ zh->zh_maps[idx][i-order_start][diff>>3] &= (~(1 << (diff & 0x7)));
+ if (diff == ((diff>>1)<<1)) {
+ if (!(zh->zh_maps[idx][i-order_start][(diff+1)>>3] &
+ (1<<((diff+1)&0x7)))) {
+ zo = LDAP_LIST_FIRST(&zh->zh_free[i-order_start]);
+ while (zo) {
+ if ((char*)zo->zo_ptr == (char*)tmpp) {
+ LDAP_LIST_REMOVE( zo, zo_link );
+ } else if ((char*)zo->zo_ptr ==
+ (char*)tmpp + order_size) {
+ LDAP_LIST_REMOVE(zo, zo_link);
+ break;
+ }
+ zo = LDAP_LIST_NEXT(zo, zo_link);
+ }
+ if (zo) {
+ if (i < zh->zh_zoneorder) {
+ inserted = 1;
+ zo->zo_ptr = tmpp;
+ Debug(LDAP_DEBUG_NONE,
+ "slap_zn_free: merging 0x%x\n",
+ zo->zo_ptr, 0, 0);
+ LDAP_LIST_INSERT_HEAD(&zh->zh_free[i-order_start+1],
+ zo, zo_link);
+ }
+ continue;
+ } else {
+ if (LDAP_LIST_EMPTY(&zh->zh_zopool)) {
+ slap_replenish_zopool(zh);
+ }
+ zo = LDAP_LIST_FIRST(&zh->zh_zopool);
+ LDAP_LIST_REMOVE(zo, zo_link);
+ zo->zo_ptr = tmpp;
+ zo->zo_idx = idx;
+ Debug(LDAP_DEBUG_NONE,
+ "slap_zn_free: merging 0x%x\n",
+ zo->zo_ptr, 0, 0);
+ LDAP_LIST_INSERT_HEAD(&zh->zh_free[i-order_start],
+ zo, zo_link);
+ break;
+
+ Debug(LDAP_DEBUG_ANY, "slap_zn_free: "
+ "free object not found while bit is clear.\n",
+ 0, 0, 0);
+ assert(zo != NULL);
+
+ }
+ } else {
+ if (!inserted) {
+ if (LDAP_LIST_EMPTY(&zh->zh_zopool)) {
+ slap_replenish_zopool(zh);
+ }
+ zo = LDAP_LIST_FIRST(&zh->zh_zopool);
+ LDAP_LIST_REMOVE(zo, zo_link);
+ zo->zo_ptr = tmpp;
+ zo->zo_idx = idx;
+ Debug(LDAP_DEBUG_NONE,
+ "slap_zn_free: merging 0x%x\n",
+ zo->zo_ptr, 0, 0);
+ LDAP_LIST_INSERT_HEAD(&zh->zh_free[i-order_start],
+ zo, zo_link);
+ }
+ break;
+ }
+ } else {
+ if (!(zh->zh_maps[idx][i-order_start][(diff-1)>>3] &
+ (1<<((diff-1)&0x7)))) {
+ zo = LDAP_LIST_FIRST(&zh->zh_free[i-order_start]);
+ while (zo) {
+ if ((char*)zo->zo_ptr == (char*)tmpp) {
+ LDAP_LIST_REMOVE(zo, zo_link);
+ } else if ((char*)tmpp == zo->zo_ptr + order_size) {
+ LDAP_LIST_REMOVE(zo, zo_link);
+ tmpp = zo->zo_ptr;
+ break;
+ }
+ zo = LDAP_LIST_NEXT(zo, zo_link);
+ }
+ if (zo) {
+ if (i < zh->zh_zoneorder) {
+ inserted = 1;
+ Debug(LDAP_DEBUG_NONE,
+ "slap_zn_free: merging 0x%x\n",
+ zo->zo_ptr, 0, 0);
+ LDAP_LIST_INSERT_HEAD(&zh->zh_free[i-order_start+1],
+ zo, zo_link);
+ continue;
+ }
+ } else {
+ if (LDAP_LIST_EMPTY(&zh->zh_zopool)) {
+ slap_replenish_zopool(zh);
+ }
+ zo = LDAP_LIST_FIRST(&zh->zh_zopool);
+ LDAP_LIST_REMOVE(zo, zo_link);
+ zo->zo_ptr = tmpp;
+ zo->zo_idx = idx;
+ Debug(LDAP_DEBUG_NONE,
+ "slap_zn_free: merging 0x%x\n",
+ zo->zo_ptr, 0, 0);
+ LDAP_LIST_INSERT_HEAD(&zh->zh_free[i-order_start],
+ zo, zo_link);
+ break;
+
+ Debug(LDAP_DEBUG_ANY, "slap_zn_free: "
+ "free object not found while bit is clear.\n",
+ 0, 0, 0 );
+ assert(zo != NULL);
+
+ }
+ } else {
+ if ( !inserted ) {
+ if (LDAP_LIST_EMPTY(&zh->zh_zopool)) {
+ slap_replenish_zopool(zh);
+ }
+ zo = LDAP_LIST_FIRST(&zh->zh_zopool);
+ LDAP_LIST_REMOVE(zo, zo_link);
+ zo->zo_ptr = tmpp;
+ zo->zo_idx = idx;
+ Debug(LDAP_DEBUG_NONE,
+ "slap_zn_free: merging 0x%x\n",
+ zo->zo_ptr, 0, 0);
+ LDAP_LIST_INSERT_HEAD(&zh->zh_free[i-order_start],
+ zo, zo_link);
+ }
+ break;
+ }
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &zh->zh_mutex );
+ }
+}
+
+static int
+slap_zone_cmp(const void *v1, const void *v2)
+{
+ const struct zone_object *zo1 = v1;
+ const struct zone_object *zo2 = v2;
+ char *ptr1;
+ char *ptr2;
+ ber_len_t zpad;
+
+ zpad = zo2->zo_siz - 1;
+ ptr1 = (char*)(((unsigned long)zo1->zo_ptr + zpad) & ~zpad);
+ ptr2 = (char*)zo2->zo_ptr + ((char*)ptr1 - (char*)zo1->zo_ptr);
+ ptr2 = (char*)(((unsigned long)ptr2 + zpad) & ~zpad);
+ return (int)((char*)ptr1 - (char*)ptr2);
+}
+
+void *
+slap_replenish_zopool(
+ void *ctx
+)
+{
+ struct zone_heap* zh = ctx;
+ struct zone_object *zo_block;
+ int i;
+
+ zo_block = (struct zone_object *)ch_malloc(
+ SLAP_ZONE_ZOBLOCK * sizeof(struct zone_object));
+
+ if ( zo_block == NULL ) {
+ return NULL;
+ }
+
+ zo_block[0].zo_blockhead = 1;
+ LDAP_LIST_INSERT_HEAD(&zh->zh_zopool, &zo_block[0], zo_link);
+ for (i = 1; i < SLAP_ZONE_ZOBLOCK; i++) {
+ zo_block[i].zo_blockhead = 0;
+ LDAP_LIST_INSERT_HEAD(&zh->zh_zopool, &zo_block[i], zo_link );
+ }
+
+ return zo_block;
+}
+
+int
+slap_zn_invalidate(
+ void *ctx,
+ void *ptr
+)
+{
+ struct zone_heap* zh = ctx;
+ struct zone_object zoi, *zoo;
+ struct zone_heap *zone = NULL;
+ int seqno = *((ber_len_t*)ptr - 2);
+ int idx = -1, rc = 0;
+ int pad = 2*sizeof(int)-1, pad_shift;
+ int order_start = -1, i;
+ struct zone_object *zo;
+
+ pad_shift = pad - 1;
+ do {
+ order_start++;
+ } while (pad_shift >>= 1);
+
+ zoi.zo_ptr = ptr;
+ zoi.zo_idx = -1;
+
+ ldap_pvt_thread_mutex_lock( &zh->zh_mutex );
+ zoo = avl_find(zh->zh_zonetree, &zoi, slap_zone_cmp);
+
+ if (zoo) {
+ idx = zoo->zo_idx;
+ assert(idx != -1);
+ madvise(zh->zh_zones[idx], zh->zh_zonesize, MADV_DONTNEED);
+ for (i = 0; i < zh->zh_zoneorder - order_start + 1; i++) {
+ int shiftamt = order_start + 1 + i;
+ int nummaps = zh->zh_zonesize >> shiftamt;
+ assert(nummaps);
+ nummaps >>= 3;
+ if (!nummaps) nummaps = 1;
+ memset(zh->zh_maps[idx][i], 0, nummaps);
+ zo = LDAP_LIST_FIRST(&zh->zh_free[i]);
+ while (zo) {
+ struct zone_object *zo_tmp = zo;
+ zo = LDAP_LIST_NEXT(zo, zo_link);
+ if (zo_tmp && zo_tmp->zo_idx == idx) {
+ LDAP_LIST_REMOVE(zo_tmp, zo_link);
+ LDAP_LIST_INSERT_HEAD(&zh->zh_zopool, zo_tmp, zo_link);
+ }
+ }
+ }
+ if (LDAP_LIST_EMPTY(&zh->zh_zopool)) {
+ slap_replenish_zopool(zh);
+ }
+ zo = LDAP_LIST_FIRST(&zh->zh_zopool);
+ LDAP_LIST_REMOVE(zo, zo_link);
+ zo->zo_ptr = zh->zh_zones[idx];
+ zo->zo_idx = idx;
+ LDAP_LIST_INSERT_HEAD(&zh->zh_free[zh->zh_zoneorder-order_start],
+ zo, zo_link);
+ zh->zh_seqno[idx]++;
+ } else {
+ Debug(LDAP_DEBUG_NONE, "zone not found for (ctx=0x%x, ptr=0x%x) !\n",
+ ctx, ptr, 0);
+ }
+
+ ldap_pvt_thread_mutex_unlock( &zh->zh_mutex );
+ Debug(LDAP_DEBUG_NONE, "zone %d invalidate\n", idx, 0, 0);
+ return rc;
+}
+
+int
+slap_zn_validate(
+ void *ctx,
+ void *ptr,
+ int seqno
+)
+{
+ struct zone_heap* zh = ctx;
+ struct zone_object zoi, *zoo;
+ struct zone_heap *zone = NULL;
+ int idx, rc = 0;
+
+ zoi.zo_ptr = ptr;
+ zoi.zo_idx = -1;
+
+ zoo = avl_find(zh->zh_zonetree, &zoi, slap_zone_cmp);
+
+ if (zoo) {
+ idx = zoo->zo_idx;
+ assert(idx != -1);
+ assert(seqno <= zh->zh_seqno[idx]);
+ rc = (seqno == zh->zh_seqno[idx]);
+ }
+
+ return rc;
+}
+
+int slap_zh_rlock(
+ void *ctx
+)
+{
+ struct zone_heap* zh = ctx;
+ ldap_pvt_thread_rdwr_rlock(&zh->zh_lock);
+}
+
+int slap_zh_runlock(
+ void *ctx
+)
+{
+ struct zone_heap* zh = ctx;
+ ldap_pvt_thread_rdwr_runlock(&zh->zh_lock);
+}
+
+int slap_zh_wlock(
+ void *ctx
+)
+{
+ struct zone_heap* zh = ctx;
+ ldap_pvt_thread_rdwr_wlock(&zh->zh_lock);
+}
+
+int slap_zh_wunlock(
+ void *ctx
+)
+{
+ struct zone_heap* zh = ctx;
+ ldap_pvt_thread_rdwr_wunlock(&zh->zh_lock);
+}
+
+int slap_zn_rlock(
+ void *ctx,
+ void *ptr
+)
+{
+ struct zone_heap* zh = ctx;
+ struct zone_object zoi, *zoo;
+ struct zone_heap *zone = NULL;
+ int idx;
+
+ zoi.zo_ptr = ptr;
+ zoi.zo_idx = -1;
+
+ ldap_pvt_thread_mutex_lock( &zh->zh_mutex );
+ zoo = avl_find(zh->zh_zonetree, &zoi, slap_zone_cmp);
+ ldap_pvt_thread_mutex_unlock( &zh->zh_mutex );
+
+ if (zoo) {
+ idx = zoo->zo_idx;
+ assert(idx != -1);
+ ldap_pvt_thread_rdwr_rlock(&zh->zh_znlock[idx]);
+ }
+}
+
+int slap_zn_runlock(
+ void *ctx,
+ void *ptr
+)
+{
+ struct zone_heap* zh = ctx;
+ struct zone_object zoi, *zoo;
+ struct zone_heap *zone = NULL;
+ int idx;
+
+ zoi.zo_ptr = ptr;
+ zoi.zo_idx = -1;
+
+ ldap_pvt_thread_mutex_lock( &zh->zh_mutex );
+ zoo = avl_find(zh->zh_zonetree, &zoi, slap_zone_cmp);
+ ldap_pvt_thread_mutex_unlock( &zh->zh_mutex );
+
+ if (zoo) {
+ idx = zoo->zo_idx;
+ assert(idx != -1);
+ ldap_pvt_thread_rdwr_runlock(&zh->zh_znlock[idx]);
+ }
+}
+
+int slap_zn_wlock(
+ void *ctx,
+ void *ptr
+)
+{
+ struct zone_heap* zh = ctx;
+ struct zone_object zoi, *zoo;
+ struct zone_heap *zone = NULL;
+ int idx;
+
+ zoi.zo_ptr = ptr;
+ zoi.zo_idx = -1;
+
+ ldap_pvt_thread_mutex_lock( &zh->zh_mutex );
+ zoo = avl_find(zh->zh_zonetree, &zoi, slap_zone_cmp);
+ ldap_pvt_thread_mutex_unlock( &zh->zh_mutex );
+
+ if (zoo) {
+ idx = zoo->zo_idx;
+ assert(idx != -1);
+ ldap_pvt_thread_rdwr_wlock(&zh->zh_znlock[idx]);
+ }
+}
+
+int slap_zn_wunlock(
+ void *ctx,
+ void *ptr
+)
+{
+ struct zone_heap* zh = ctx;
+ struct zone_object zoi, *zoo;
+ struct zone_heap *zone = NULL;
+ int idx;
+
+ zoi.zo_ptr = ptr;
+ zoi.zo_idx = -1;
+
+ ldap_pvt_thread_mutex_lock( &zh->zh_mutex );
+ zoo = avl_find(zh->zh_zonetree, &zoi, slap_zone_cmp);
+ ldap_pvt_thread_mutex_unlock( &zh->zh_mutex );
+
+ if (zoo) {
+ idx = zoo->zo_idx;
+ assert(idx != -1);
+ ldap_pvt_thread_rdwr_wunlock(&zh->zh_znlock[idx]);
+ }
+}
+
+#define T_SEC_IN_USEC 1000000
+
+static int
+slap_timediff(struct timeval *tv_begin, struct timeval *tv_end)
+{
+ uint64_t t_begin, t_end, t_diff;
+
+ t_begin = T_SEC_IN_USEC * tv_begin->tv_sec + tv_begin->tv_usec;
+ t_end = T_SEC_IN_USEC * tv_end->tv_sec + tv_end->tv_usec;
+ t_diff = t_end - t_begin;
+
+ if ( t_diff < 0 )
+ t_diff = 0;
+
+ return (int)t_diff;
+}
+
+void
+slap_set_timing(struct timeval *tv_set)
+{
+ gettimeofday(tv_set, (struct timezone *)NULL);
+}
+
+int
+slap_measure_timing(struct timeval *tv_set, struct timeval *tv_measure)
+{
+ gettimeofday(tv_measure, (struct timezone *)NULL);
+ return(slap_timediff(tv_set, tv_measure));
+}
+
+#define EMA_WEIGHT 0.999000
+#define SLAP_ZN_LATENCY_HISTORY_QLEN 500
+int
+slap_zn_latency_history(void* ctx, int ea_latency)
+{
+/* TODO: monitor /proc/stat (swap) as well */
+ struct zone_heap* zh = ctx;
+ double t_diff = 0.0;
+
+ zh->zh_ema_latency = (double)ea_latency * (1.0 - EMA_WEIGHT)
+ + zh->zh_ema_latency * EMA_WEIGHT;
+ if (!zh->zh_swapping && zh->zh_ema_samples++ % 100 == 99) {
+ struct zone_latency_history *zlh_entry;
+ zlh_entry = ch_calloc(1, sizeof(struct zone_latency_history));
+ zlh_entry->zlh_latency = zh->zh_ema_latency;
+ LDAP_STAILQ_INSERT_TAIL(
+ &zh->zh_latency_history_queue, zlh_entry, zlh_next);
+ zh->zh_latency_history_qlen++;
+ while (zh->zh_latency_history_qlen > SLAP_ZN_LATENCY_HISTORY_QLEN) {
+ struct zone_latency_history *zlh;
+ zlh = LDAP_STAILQ_FIRST(&zh->zh_latency_history_queue);
+ LDAP_STAILQ_REMOVE_HEAD(
+ &zh->zh_latency_history_queue, zlh_next);
+ zh->zh_latency_history_qlen--;
+ ch_free(zlh);
+ }
+ if (zh->zh_latency_history_qlen == SLAP_ZN_LATENCY_HISTORY_QLEN) {
+ struct zone_latency_history *zlh_first, *zlh_last;
+ zlh_first = LDAP_STAILQ_FIRST(&zh->zh_latency_history_queue);
+ zlh_last = LDAP_STAILQ_LAST(&zh->zh_latency_history_queue,
+ zone_latency_history, zlh_next);
+ t_diff = zlh_last->zlh_latency - zlh_first->zlh_latency;
+ }
+ if (t_diff >= 2000) {
+ zh->zh_latency_jump++;
+ } else {
+ zh->zh_latency_jump = 0;
+ }
+ if (zh->zh_latency_jump > 3) {
+ zh->zh_latency_jump = 0;
+ zh->zh_swapping = 1;
+ }
+ }
+ return zh->zh_swapping;
+}
+#endif /* SLAP_ZONE_ALLOC */
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/DESIGN
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/DESIGN (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/DESIGN 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,51 @@
+Design Notes: slurpd
+
+This new version differs significantly from previous versions:
+
+- It uses a multithreaded, single-process model. Previous versions forked
+ a separate process for each replica. This new design should facilitate
+ porting to NT, and is more straightforward.
+
+- Only one copy of the replication log is made. Previous versions made
+one copy of the replication log for each replica
+
+- This newer version is more object-oriented. Although still written in
+ ANSI C (and compilable on k&r compilers), it encapsulates within the
+ major data structures the methods used to access "private" data.
+
+General design overview:
+
+The main data structure in slurpd is a replication queue (struct rq).
+The rq data structure is currently implemented as a linked list of
+replication entries (struct re). The rq structure contains member functions
+used to initialize, add to, remove, and return the next re struct.
+
+In addition to the rq structure, there is one ri (replication information)
+struct for each replica. The ri struct encapsulates all information
+about a particular replica, e.g. hostname, port, bind dn. The single
+public member function, ri_process, is called to begin processing
+the replication entries in the queue.
+
+There is also a status structure (struct st) which contains the timestamp
+of the last successful replication operation for each replica. The
+contents of the st struct are flushed to disk after every successful
+operation. This disk file is read upon startup, and is used to allow
+slapd to "pick up where it left off".
+
+Threading notes:
+
+The LDAP liblthread quasi-pthreads interface is used for threading. At
+this point, machines which do not support pthreads, sun threads or lwp
+will probably not be able to run slurpd. Given the current threading
+method, discussed in the next paragraph, it will probably be necessary to
+have a separate hunk of code which handles non-threaded architectures
+(or we might just not worry about it). This needs further discussion.
+
+Upon startup, command-line arguments and the slapd configuration file
+are processed. One thread is started for each replica. Thread replicas,
+when no more work exists, wait on a condition variable, and the main
+thread's file manager routine broadcasts on this condition variable
+when new work is added to the queue.
+
+Additional notes:
+ See doc/devel/replication-notes.txt
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,67 @@
+# Makefile.in for slurpd
+# $OpenLDAP: pkg/ldap/servers/slurpd/Makefile.in,v 1.36.2.4 2007/01/02 21:44:11 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+PROGRAMS = slurpd
+XPROGRAMS = sslurpd
+
+XSRCS = version.c
+
+NT_SRCS = nt_svc.c
+NT_OBJS = nt_svc.o ../../libraries/liblutil/slapdmsg.res
+
+SRCS = admin.c args.c ch_malloc.c config.c \
+ fm.c globals.c ldap_op.c lock.c main.c re.c \
+ reject.c replica.c replog.c ri.c rq.c sanity.c st.c \
+ $(@PLAT at _SRCS)
+OBJS = admin.o args.o ch_malloc.o config.o \
+ fm.o globals.o ldap_op.o lock.o main.o re.o \
+ reject.o replica.o replog.o ri.o rq.o sanity.o st.o \
+ $(@PLAT at _OBJS)
+
+LDAP_INCDIR= ../../include
+LDAP_LIBDIR= ../../libraries
+
+BUILD_OPT = "--enable-slurpd"
+BUILD_SRV = @BUILD_SLURPD@
+
+all-local-srv: $(PROGRAMS)
+
+# $(LTHREAD_LIBS) must be last!
+XLIBS = $(SLURPD_L)
+XXLIBS = $(SLURPD_LIBS) $(SECURITY_LIBS) $(LUTIL_LIBS)
+XXXLIBS = $(LTHREAD_LIBS)
+
+slurpd: version.o
+ $(LTLINK) -o $@ $(OBJS) version.o $(LIBS)
+
+sslurpd: version.o
+ $(LTLINK) -static -o $@ $(OBJS) version.o $(LIBS)
+
+version.c: Makefile
+ @-$(RM) $@
+ $(MKVERSION) -s -n Versionstr slurpd > $@
+
+version.o: version.c $(OBJS) $(SLURPD_L)
+
+install-local-srv: FORCE
+ -$(MKDIR) $(DESTDIR)$(libexecdir)
+ @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-slurp
+ @( \
+ for prg in $(PROGRAMS); do \
+ $(LTINSTALL) $(INSTALLFLAGS) $(STRIP) -m 755 $$prg$(EXEEXT) \
+ $(DESTDIR)$(libexecdir); \
+ done \
+ )
+
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/NOTES
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/NOTES (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/NOTES 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,67 @@
+Written by Ganesan Rajagopal <rganesan at debian.org> and placed in the public
+domain.
+
+Replication in OpenLDAP
+-----------------------
+
+Please read "Section 10. Replication with slurpd" in the OpenLDAP guide for
+an overview and configuration of single-master replication. This document
+describes the internals of the replication mechanism.
+
+slapd/repl.c contains routines add_replica_info() and
+add_replica_suffix(). add_replica_info() adds a new host to the list of
+replicas for a backend. add_replica_info() returns a number for the
+replica. add_replica_suffix() must then be called with the replica number to
+add a suffix that is hosted on this replica. add_replica_info() and add_replica_suffix() do not lock the
+replog_mutex.
+
+Replicas are specified in the slapd.conf file. When slapd/config.c sees a
+"replica" line in slapd.conf, it calls add_replica_info() with the host
+specified in the "host=" directive and then calls add_replica_suffix() with
+the replica number and and the suffix specified in the "suffix="
+directive.
+
+slapd writes out a replication log file containing LDIF change records for
+each configured replica for a suffix. The change records are generated for
+add, modify, delete and modrdn operations. A function called replog() is
+called at the end of the routines do_add (slapd/add.c),
+do_modify(slapd/modify.c), do_delete(slapd/delete.c) and
+do_modrdn(slapd/modrnd.c) to write out the change records.
+
+In master/slave replication, updates are not allowed on slave
+replicas. Therefore replog() is not called if the suffix is configured with
+a updatedn (which indicates that this is a slave replica), instead a
+referral is returned back to the client. If multi-master replication is
+enabled, replog() is always called whenever any of the above updates happen
+unless the dn which is making the change is the updatedn. When the dn making
+the change is the same as the updatedn, it is assumed that this entry is
+being replicated by a slurpd instance on another host. (Note: For this
+reason, the updatedn must not be a "regular" admin/user object in
+multi-master replication).
+
+The function replog() in slapd/repl.c generates the actual change
+records. Each change record is preceded by the list of replicas to which
+this change record needs to be replicated, the time when this change
+happened and the dn this change applies to. The pseudo code for replog() is
+follows
+
+1. Check that a replog exists.
+2. Lock the replog mutex.
+3. Open and lock the replog file.
+4. Normalize the dn for the entry and write out a "replica:" entry for each
+ replica with a matching suffix.
+5. Write out the the timestamp and the dn for the entry.
+6. Depending on the type of change, write out an appropriate changetype
+ record.
+7. Close the replication log
+8. Unlock the replog mutex
+
+slurpd has a file manager routine (function fm()) which watches for any
+change in the replication log. Whenever fm() detects a change in the
+replication log it locks the log, appends the records to slurpd's private
+copy of the replication log and truncates the log. See the slurpd/DESIGN
+file for a description of how slurpd works.
+
+slapd can be configured to write out a replication log even if no replicas
+are configured. In this case the administrator has to truncate the
+replication log manually (under a lock!).
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/admin.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/admin.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/admin.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,61 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/admin.c,v 1.13.2.3 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+/*
+ * admin.c - routines for performing administrative tasks, e.g. on-the-fly
+ * reconfiguration of slurpd.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <ac/signal.h>
+
+#include "slurp.h"
+#include "globals.h"
+
+
+/*
+ * Eventually, do_admin will be the entry point for performing
+ * administrative tasks. General idea: put commands in a file
+ * somewhere, send slurpd a USR2 signal. The handler for
+ * USR2 (this routine) reads the file and takes some action.
+ *
+ * For right now, this routine has been hijacked for debugging. When
+ * slurpd receives a USR2 signal, it will dump its replication
+ * queue to the disk file given by SLURPD_DUMPFILE.
+ */
+RETSIGTYPE
+do_admin( int sig )
+{
+ sglob->rq->rq_dump( sglob->rq );
+ (void) SIGNAL_REINSTALL( sig, do_admin );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/args.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/args.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/args.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,185 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/args.c,v 1.29.2.4 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+/*
+ * args.c - process command-line arguments, and set appropriate globals.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include <ldap.h>
+#include <lutil.h>
+
+#include "slurp.h"
+#include "globals.h"
+
+
+static void
+usage( char *name )
+{
+ fprintf( stderr, "usage: %s\t[-d debug-level] [-s syslog-level]\n", name );
+ fprintf( stderr, "\t\t[-f slapd-config-file] [-r replication-log-file]\n" );
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ fprintf( stderr, "\t\t[-t tmp-dir] [-o] [-k srvtab-file]\n" );
+#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
+ fprintf( stderr, "\t\t[-t tmp-dir] [-o]\n" );
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
+ fprintf( stderr, "\t\t[-n service-name]\n" );
+}
+
+
+
+/*
+ * Interpret argv, and fill in any appropriate globals.
+ */
+int
+doargs(
+ int argc,
+ char **argv,
+ Globals *g
+)
+{
+ int i;
+ int rflag = 0;
+
+ g->myname = strdup( lutil_progname( "slurpd", argc, argv ));
+
+ while ( (i = getopt( argc, argv, "d:f:n:or:t:V" )) != EOF ) {
+ switch ( i ) {
+ case 'd': { /* set debug level and 'do not detach' flag */
+ int level;
+ g->no_detach = 1;
+ if ( optarg[0] == '?' ) {
+#ifdef LDAP_DEBUG
+ printf( "Debug levels:\n" );
+ printf( "\tLDAP_DEBUG_TRACE\t%d\n",
+ LDAP_DEBUG_TRACE );
+ printf( "\tLDAP_DEBUG_PACKETS\t%d\n",
+ LDAP_DEBUG_PACKETS );
+ printf( "\tLDAP_DEBUG_ARGS\t\t%d\n",
+ LDAP_DEBUG_ARGS );
+ printf( "\tLDAP_DEBUG_CONNS\t%d\n",
+ LDAP_DEBUG_CONNS );
+ printf( "\tLDAP_DEBUG_BER\t\t%d\n",
+ LDAP_DEBUG_BER );
+ printf( "\tLDAP_DEBUG_FILTER\t%d\n",
+ LDAP_DEBUG_FILTER );
+ printf( "\tLDAP_DEBUG_CONFIG\t%d\n",
+ LDAP_DEBUG_CONFIG );
+ printf( "\tLDAP_DEBUG_ACL\t\t%d\n",
+ LDAP_DEBUG_ACL );
+ printf( "\tLDAP_DEBUG_ANY\t\t%d\n",
+ LDAP_DEBUG_ANY );
+ puts( "\tThe -d flag also prevents slurpd from detaching." );
+#endif /* LDAP_DEBUG */
+ puts( "\tDebugging is disabled. -d 0 prevents slurpd from detaching." );
+ return( -1 );
+ }
+#ifdef LDAP_DEBUG
+ if ( lutil_atoi( &level, optarg ) != 0 ) {
+ fprintf( stderr, "unable to parse debug flag \"%s\".\n", optarg );
+ usage( g->myname );
+ return( -1 );
+ }
+ ldap_debug |= level;
+#else /* !LDAP_DEBUG */
+ if ( lutil_atoi( &level, optarg ) != 0 || level != 0 )
+ /* can't enable debugging - not built with debug code */
+ fputs( "must compile with LDAP_DEBUG for debugging\n",
+ stderr );
+#endif /* LDAP_DEBUG */
+ } break;
+ case 'f': /* slapd config file */
+ LUTIL_SLASHPATH( optarg );
+ g->slapd_configfile = strdup( optarg );
+ break;
+ case 'n': /* NT service name */
+ if ( g->serverName ) free( g->serverName );
+ g->serverName = strdup( optarg );
+ break;
+ case 'o':
+ g->one_shot_mode = 1;
+ break;
+ case 'r': /* slapd replog file */
+ LUTIL_SLASHPATH( optarg );
+ snprintf( g->slapd_replogfile, sizeof g->slapd_replogfile,
+ "%s", optarg );
+ rflag++;
+ break;
+ case 't': { /* dir to use for our copies of replogs */
+ size_t sz;
+ LUTIL_SLASHPATH( optarg );
+ g->slurpd_rdir = (char *)malloc (sz = (strlen(optarg) + sizeof(LDAP_DIRSEP "replica")));
+ snprintf(g->slurpd_rdir, sz,
+ "%s" LDAP_DIRSEP "replica", optarg);
+ } break;
+ case 'V':
+ (g->version)++;
+ break;
+ default:
+ usage( g->myname );
+ return( -1 );
+ }
+ }
+
+ if ( g->one_shot_mode && !rflag ) {
+ fprintf( stderr, "If -o flag is given, -r flag must also be given.\n" );
+ usage( g->myname );
+ return( -1 );
+ }
+
+ /* Set location/name of our private copy of the slapd replog file */
+ snprintf( g->slurpd_replogfile, sizeof g->slurpd_replogfile,
+ "%s" LDAP_DIRSEP "%s", g->slurpd_rdir,
+ DEFAULT_SLURPD_REPLOGFILE );
+
+ /* Set location/name of the slurpd status file */
+ snprintf( g->slurpd_status_file, sizeof g->slurpd_status_file,
+ "%s" LDAP_DIRSEP "%s", g->slurpd_rdir,
+ DEFAULT_SLURPD_STATUS_FILE );
+
+ ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &ldap_debug);
+ ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldap_debug);
+ ldif_debug = ldap_debug;
+
+#ifdef LOG_LOCAL4
+ openlog( g->myname, OPENLOG_OPTIONS, LOG_LOCAL4 );
+#elif LOG_DEBUG
+ openlog( g->myname, OPENLOG_OPTIONS );
+#endif
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/ch_malloc.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/ch_malloc.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/ch_malloc.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,158 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/ch_malloc.c,v 1.17.2.3 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#define CH_FREE 1
+
+/*
+ * ch_malloc.c - malloc() and friends, with check for NULL return.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/socket.h>
+
+#include "../slapd/slap.h"
+
+
+#ifndef CSRIMALLOC
+
+/*
+ * Just like malloc, except we check the returned value and exit
+ * if anything goes wrong.
+ */
+void *
+ch_malloc(
+ ber_len_t size
+)
+{
+ void *new;
+
+ if ( (new = (void *) ber_memalloc( size )) == NULL ) {
+ fprintf( stderr, "malloc of %lu bytes failed\n",
+ (long) size );
+ exit( EXIT_FAILURE );
+ }
+
+ return( new );
+}
+
+
+
+
+/*
+ * Just like realloc, except we check the returned value and exit
+ * if anything goes wrong.
+ */
+void *
+ch_realloc(
+ void *block,
+ ber_len_t size
+)
+{
+ void *new;
+
+ if ( block == NULL ) {
+ return( ch_malloc( size ) );
+ }
+
+ if ( size == 0 ) {
+ ch_free( block );
+ }
+
+ if ( (new = (void *) ber_memrealloc( block, size )) == NULL ) {
+ fprintf( stderr, "realloc of %lu bytes failed\n",
+ (long) size );
+ exit( EXIT_FAILURE );
+ }
+
+ return( new );
+}
+
+
+
+
+/*
+ * Just like calloc, except we check the returned value and exit
+ * if anything goes wrong.
+ */
+void *
+ch_calloc(
+ ber_len_t nelem,
+ ber_len_t size
+)
+{
+ void *new;
+
+ if ( (new = (void *) ber_memcalloc( nelem, size )) == NULL ) {
+ fprintf( stderr, "calloc of %lu elems of %lu bytes failed\n",
+ (long) nelem, (long) size );
+ exit( EXIT_FAILURE );
+ }
+
+ return( new );
+}
+
+/*
+ * Just like strdup, except we check the returned value and exit
+ * if anything goes wrong.
+ */
+char *
+ch_strdup(
+ const char *string
+)
+{
+ char *new;
+
+ if ( (new = ber_strdup( string )) == NULL ) {
+ fprintf( stderr, "ch_strdup: duplication of \"%s\" failed\n",
+ string );
+ exit( EXIT_FAILURE );
+ }
+
+ return( new );
+}
+
+/*
+ * Just like free, except we check to see if p is null.
+ */
+void
+ch_free(
+ void *p
+)
+{
+ if ( p != NULL ) {
+ ber_memfree( p );
+ }
+ return;
+}
+
+#endif
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/config.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/config.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/config.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,592 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/config.c,v 1.39.2.6 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2003 Mark Benson.
+ * Portions Copyright 2002 John Morrissey.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP). Additional signficant contributors
+ * include:
+ * John Morrissey
+ * Mark Benson
+ */
+
+
+/*
+ * config.c - configuration file handling routines
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/ctype.h>
+
+#include <ldap.h>
+#include <lutil.h>
+
+#include "slurp.h"
+#include "globals.h"
+
+#define ARGS_STEP 512
+
+/* Forward declarations */
+static void add_replica LDAP_P(( char **, int ));
+static int parse_replica_line LDAP_P(( char **, int, Ri *));
+static void parse_line LDAP_P(( char * ));
+static char *slurpd_getline LDAP_P(( FILE * ));
+static char *strtok_quote LDAP_P(( char *, char * ));
+
+int cargc = 0, cargv_size = 0;
+char **cargv;
+/* current config file line # */
+static int lineno;
+
+char *slurpd_pid_file = NULL;
+char *slurpd_args_file = NULL;
+
+/*
+ * Read the slapd config file, looking only for config options we're
+ * interested in. Since we haven't detached from the controlling
+ * terminal yet, we just perror() and fprintf here.
+ */
+int
+slurpd_read_config(
+ char *fname
+)
+{
+ FILE *fp;
+ char *line;
+
+ if ( cargv == NULL ) {
+ cargv = ch_calloc( ARGS_STEP + 1, sizeof(*cargv) );
+ cargv_size = ARGS_STEP + 1;
+ }
+
+ Debug( LDAP_DEBUG_CONFIG, "Config: opening config file \"%s\"\n",
+ fname, 0, 0 );
+
+ if ( (fp = fopen( fname, "r" )) == NULL ) {
+ perror( fname );
+ exit( EXIT_FAILURE );
+ }
+
+ lineno = 0;
+ while ( (line = slurpd_getline( fp )) != NULL ) {
+ /* skip comments and blank lines */
+ if ( line[0] == '#' || line[0] == '\0' ) {
+ continue;
+ }
+
+ Debug( LDAP_DEBUG_CONFIG, "Config: (%s)\n", line, 0, 0 );
+
+ parse_line( line );
+
+ if ( cargc < 1 ) {
+ fprintf( stderr, "line %d: bad config line (ignored)\n", lineno );
+ continue;
+ }
+
+ /* replication log file to which changes are appended */
+ if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
+ /*
+ * if slapd_replogfile has a value, the -r option was given,
+ * so use that value. If slapd_replogfile has length == 0,
+ * then we should use the value in the config file we're reading.
+ */
+ if ( sglob->slapd_replogfile[ 0 ] == '\0' ) {
+ if ( cargc < 2 ) {
+ fprintf( stderr,
+ "line %d: missing filename in \"replogfile ",
+ lineno );
+ fprintf( stderr, "<filename>\" line\n" );
+ exit( EXIT_FAILURE );
+ } else if ( cargc > 2 && *cargv[2] != '#' ) {
+ fprintf( stderr,
+ "line %d: extra cruft at the end of \"replogfile %s\"",
+ lineno, cargv[1] );
+ fprintf( stderr, "line (ignored)\n" );
+ }
+ LUTIL_SLASHPATH( cargv[1] );
+ strcpy( sglob->slapd_replogfile, cargv[1] );
+ }
+ } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
+ add_replica( cargv, cargc );
+
+ /* include another config file */
+ } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
+ char *savefname;
+ int savelineno;
+
+ if ( cargc < 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing filename in \"include <filename>\" line\n",
+ fname, lineno, 0 );
+
+ return( 1 );
+ }
+ LUTIL_SLASHPATH( cargv[1] );
+ savefname = strdup( cargv[1] );
+ savelineno = lineno;
+
+ if ( slurpd_read_config( savefname ) != 0 ) {
+ return( 1 );
+ }
+
+ free( savefname );
+ lineno = savelineno - 1;
+
+ } else if ( strcasecmp( cargv[0], "replica-pidfile" ) == 0 ) {
+ if ( cargc < 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing file name in \"replica-pidfile <file>\" line\n",
+ fname, lineno, 0 );
+
+ return( 1 );
+ }
+
+ LUTIL_SLASHPATH( cargv[1] );
+ slurpd_pid_file = ch_strdup( cargv[1] );
+
+ } else if ( strcasecmp( cargv[0], "replica-argsfile" ) == 0 ) {
+ if ( cargc < 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing file name in \"argsfile <file>\" line\n",
+ fname, lineno, 0 );
+
+ return( 1 );
+ }
+
+ LUTIL_SLASHPATH( cargv[1] );
+ slurpd_args_file = ch_strdup( cargv[1] );
+
+ } else if ( strcasecmp( cargv[0], "replicationinterval" ) == 0 ) {
+ int c;
+ if ( cargc < 2 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: missing interval in "
+ "\"replicationinterval <seconds>\" line\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( lutil_atoi( &c, cargv[1] ) != 0 || c < 1 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: invalid interval "
+ "(%d) in \"replicationinterval <seconds>\" line\n",
+ fname, lineno, c );
+
+ return( 1 );
+ }
+
+ sglob->no_work_interval = c;
+ }
+ }
+ fclose( fp );
+ Debug( LDAP_DEBUG_CONFIG,
+ "Config: ** configuration file successfully read and parsed\n",
+ 0, 0, 0 );
+ return 0;
+}
+
+
+
+
+/*
+ * Parse one line of input.
+ */
+static void
+parse_line(
+ char *line
+)
+{
+ char * token;
+
+ cargc = 0;
+ for ( token = strtok_quote( line, " \t" ); token != NULL;
+ token = strtok_quote( NULL, " \t" ) )
+ {
+ if ( cargc == cargv_size - 1 ) {
+ char **tmp;
+ tmp = ch_realloc( cargv, (cargv_size + ARGS_STEP) *
+ sizeof(*cargv) );
+ if (tmp == NULL) {
+ cargc = 0;
+ return;
+ }
+ cargv = tmp;
+ cargv_size += ARGS_STEP;
+ }
+
+ cargv[cargc++] = token;
+ }
+ cargv[cargc] = NULL;
+}
+
+
+
+
+static char *
+strtok_quote(
+ char *line,
+ char *sep
+)
+{
+ int inquote;
+ char *tmp;
+ static char *next;
+
+ if ( line != NULL ) {
+ next = line;
+ }
+ while ( *next && strchr( sep, *next ) ) {
+ next++;
+ }
+
+ if ( *next == '\0' ) {
+ next = NULL;
+ return( NULL );
+ }
+ tmp = next;
+
+ for ( inquote = 0; *next; ) {
+ switch ( *next ) {
+ case '"':
+ if ( inquote ) {
+ inquote = 0;
+ } else {
+ inquote = 1;
+ }
+ AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
+ break;
+
+ case '\\':
+ if ( next[1] )
+ AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
+ next++; /* dont parse the escaped character */
+ break;
+
+ default:
+ if ( ! inquote ) {
+ if ( strchr( sep, *next ) != NULL ) {
+ *next++ = '\0';
+ return( tmp );
+ }
+ }
+ next++;
+ break;
+ }
+ }
+
+ return( tmp );
+}
+
+#define CATLINE( buf ) { \
+ int len; \
+ len = strlen( buf ); \
+ while ( lcur + len + 1 > lmax ) { \
+ lmax += BUFSIZ; \
+ line = (char *) ch_realloc( line, lmax ); \
+ } \
+ strcpy( line + lcur, buf ); \
+ lcur += len; \
+}
+
+
+
+/*
+ * Get a line of input.
+ */
+static char *
+slurpd_getline(
+ FILE *fp
+)
+{
+ char *p;
+ static char buf[BUFSIZ];
+ static char *line;
+ static int lmax, lcur;
+
+ lcur = 0;
+ CATLINE( buf );
+ while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
+ if ( (p = strchr( buf, '\n' )) != NULL ) {
+ if( p > buf && p[-1] == '\r' ) --p;
+ *p = '\0';
+ }
+ lineno++;
+ if ( ! isspace( (unsigned char) buf[0] ) ) {
+ return( line );
+ }
+
+ /* change leading whitespace to space */
+ buf[0] = ' ';
+
+ CATLINE( buf );
+ }
+ buf[0] = '\0';
+
+ return( line[0] ? line : NULL );
+}
+
+
+/*
+ * Add a node to the array of replicas.
+ */
+static void
+add_replica(
+ char **cargv,
+ int cargc
+)
+{
+ int nr;
+
+ nr = ++sglob->num_replicas;
+ sglob->replicas = (Ri **) ch_realloc( sglob->replicas,
+ ( nr + 1 ) * sizeof( Re * ));
+ if ( sglob->replicas == NULL ) {
+ fprintf( stderr, "out of memory, add_replica\n" );
+ exit( EXIT_FAILURE );
+ }
+ sglob->replicas[ nr ] = NULL;
+
+ if ( Ri_init( &(sglob->replicas[ nr - 1 ])) < 0 ) {
+ fprintf( stderr, "out of memory, Ri_init\n" );
+ exit( EXIT_FAILURE );
+ }
+ if ( parse_replica_line( cargv, cargc,
+ sglob->replicas[ nr - 1] ) < 0 ) {
+ /* Something bad happened - back out */
+ fprintf( stderr,
+ "Warning: failed to add replica \"%s:%d - ignoring replica\n",
+ sglob->replicas[ nr - 1 ]->ri_hostname == NULL ?
+ "(null)" : sglob->replicas[ nr - 1 ]->ri_hostname,
+ sglob->replicas[ nr - 1 ]->ri_port );
+ sglob->replicas[ nr - 1] = NULL;
+ sglob->num_replicas--;
+ } else {
+ Debug( LDAP_DEBUG_CONFIG,
+ "Config: ** successfully added replica \"%s:%d\"\n",
+ sglob->replicas[ nr - 1 ]->ri_hostname == NULL ?
+ "(null)" : sglob->replicas[ nr - 1 ]->ri_hostname,
+ sglob->replicas[ nr - 1 ]->ri_port, 0 );
+ sglob->replicas[ nr - 1]->ri_stel =
+ sglob->st->st_add( sglob->st,
+ sglob->replicas[ nr - 1 ] );
+ if ( sglob->replicas[ nr - 1]->ri_stel == NULL ) {
+ fprintf( stderr, "Failed to add status element structure\n" );
+ exit( EXIT_FAILURE );
+ }
+ }
+}
+
+
+
+/*
+ * Parse a "replica" line from the config file. replica lines should be
+ * in the following format:
+ * replica host=<hostname:portnumber> binddn=<binddn>
+ * bindmethod="simple" credentials=<creds>
+ *
+ * where:
+ * <hostname:portnumber> describes the host name and port number where the
+ * replica is running,
+ *
+ * <binddn> is the DN to bind to the replica slapd as,
+ *
+ * bindmethod is "simple", and
+ *
+ * <creds> are the credentials (e.g. password) for binddn. <creds> are
+ * only used for bindmethod=simple.
+ *
+ * The "replica" config file line may be split across multiple lines. If
+ * a line begins with whitespace, it is considered a continuation of the
+ * previous line.
+ */
+#define GOT_HOST 1
+#define GOT_DN 2
+#define GOT_METHOD 4
+#define GOT_ALL ( GOT_HOST | GOT_DN | GOT_METHOD )
+#define GOT_MECH 8
+
+static int
+parse_replica_line(
+ char **cargv,
+ int cargc,
+ Ri *ri
+)
+{
+ int gots = 0;
+ int i;
+ char *hp, *val;
+ LDAPURLDesc *ludp;
+
+ for ( i = 1; i < cargc; i++ ) {
+ if ( !strncasecmp( cargv[ i ], HOSTSTR, sizeof( HOSTSTR ) - 1 ) ) {
+ if ( gots & GOT_HOST ) {
+ fprintf( stderr, "Error: Malformed \"replica\" line in slapd config " );
+ fprintf( stderr, "file, too many host or uri names specified, line %d\n",
+ lineno );
+ return -1;
+ }
+ val = cargv[ i ] + sizeof( HOSTSTR ); /* '\0' string terminator accounts for '=' */
+ if (( hp = strchr( val, ':' )) != NULL ) {
+ *hp = '\0';
+ hp++;
+ if ( lutil_atoi( &ri->ri_port, hp ) != 0 ) {
+ fprintf( stderr, "unable to parse port \"%s\", line %d\n",
+ hp, lineno );
+ return -1;
+ }
+ }
+ if ( ri->ri_port <= 0 ) {
+ ri->ri_port = LDAP_PORT;
+ }
+ ri->ri_hostname = strdup( val );
+ gots |= GOT_HOST;
+ } else if ( !strncasecmp( cargv[ i ], URISTR, sizeof( URISTR ) - 1 ) ) {
+ if ( gots & GOT_HOST ) {
+ fprintf( stderr, "Error: Malformed \"replica\" line in slapd config " );
+ fprintf( stderr, "file, too many host or uri names specified, line %d\n",
+ lineno );
+ return -1;
+ }
+ if ( ldap_url_parse( cargv[ i ] + sizeof( URISTR ), &ludp ) != LDAP_SUCCESS ) {
+ fprintf( stderr, "Error: Malformed \"replica\" line in slapd config " );
+ fprintf( stderr, "file, bad uri format specified, line %d\n",
+ lineno );
+ return -1;
+ }
+ if (ludp->lud_host == NULL) {
+ fprintf( stderr, "Error: Malformed \"replica\" line in slapd config " );
+ fprintf( stderr, "file, missing uri hostname, line %d\n",
+ lineno );
+ return -1;
+ }
+ ri->ri_hostname = strdup ( ludp->lud_host );
+ ri->ri_port = ludp->lud_port;
+ ri->ri_uri = strdup ( cargv[ i ] + sizeof( URISTR ) );
+ ldap_free_urldesc( ludp );
+ gots |= GOT_HOST;
+ } else if ( !strncasecmp( cargv[ i ],
+ ATTRSTR, sizeof( ATTRSTR ) - 1 ) ) {
+ /* ignore it */ ;
+ } else if ( !strncasecmp( cargv[ i ],
+ SUFFIXSTR, sizeof( SUFFIXSTR ) - 1 ) ) {
+ /* ignore it */ ;
+ } else if ( !strncasecmp( cargv[i], STARTTLSSTR, sizeof(STARTTLSSTR)-1 )) {
+ val = cargv[ i ] + sizeof( STARTTLSSTR );
+ if( !strcasecmp( val, CRITICALSTR ) ) {
+ ri->ri_tls = TLS_CRITICAL;
+ } else {
+ ri->ri_tls = TLS_ON;
+ }
+ } else if ( !strncasecmp( cargv[ i ], TLSSTR, sizeof( TLSSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( TLSSTR );
+ if( !strcasecmp( val, CRITICALSTR ) ) {
+ ri->ri_tls = TLS_CRITICAL;
+ } else {
+ ri->ri_tls = TLS_ON;
+ }
+ } else if ( !strncasecmp( cargv[ i ],
+ BINDDNSTR, sizeof( BINDDNSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( BINDDNSTR );
+ ri->ri_bind_dn = strdup( val );
+ gots |= GOT_DN;
+ } else if ( !strncasecmp( cargv[ i ], BINDMETHSTR,
+ sizeof( BINDMETHSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( BINDMETHSTR );
+ if ( !strcasecmp( val, KERBEROSSTR )) {
+ fprintf( stderr, "Error: a bind method of \"kerberos\" was\n" );
+ fprintf( stderr, "specified in the slapd configuration file.\n" );
+ fprintf( stderr, "slurpd no longer supports Kerberos.\n" );
+ exit( EXIT_FAILURE );
+ } else if ( !strcasecmp( val, SIMPLESTR )) {
+ ri->ri_bind_method = LDAP_AUTH_SIMPLE;
+ gots |= GOT_METHOD;
+ } else if ( !strcasecmp( val, SASLSTR )) {
+ ri->ri_bind_method = LDAP_AUTH_SASL;
+ gots |= GOT_METHOD;
+ } else {
+ ri->ri_bind_method = -1;
+ }
+ } else if ( !strncasecmp( cargv[ i ],
+ SASLMECHSTR, sizeof( SASLMECHSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( SASLMECHSTR );
+ gots |= GOT_MECH;
+ ri->ri_saslmech = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ CREDSTR, sizeof( CREDSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( CREDSTR );
+ ri->ri_password = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ SECPROPSSTR, sizeof( SECPROPSSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( SECPROPSSTR );
+ ri->ri_secprops = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ REALMSTR, sizeof( REALMSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( REALMSTR );
+ ri->ri_realm = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ AUTHCSTR, sizeof( AUTHCSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( AUTHCSTR );
+ ri->ri_authcId = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ OLDAUTHCSTR, sizeof( OLDAUTHCSTR ) - 1 ) ) {
+ /* Old authcID is provided for some backwards compatibility */
+ val = cargv[ i ] + sizeof( OLDAUTHCSTR );
+ ri->ri_authcId = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ AUTHZSTR, sizeof( AUTHZSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( AUTHZSTR );
+ ri->ri_authzId = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ SRVTABSTR, sizeof( SRVTABSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( SRVTABSTR );
+ if ( ri->ri_srvtab != NULL ) {
+ free( ri->ri_srvtab );
+ }
+ ri->ri_srvtab = strdup( val );
+ } else {
+ fprintf( stderr,
+ "Error: parse_replica_line: unknown keyword \"%s\"\n",
+ cargv[ i ] );
+ }
+ }
+
+ if ( ri->ri_bind_method == LDAP_AUTH_SASL) {
+ if ((gots & GOT_MECH) == 0) {
+ fprintf( stderr, "Error: \"replica\" line needs SASLmech flag in " );
+ fprintf( stderr, "slapd config file, line %d\n", lineno );
+ return -1;
+ }
+ } else if ( gots != GOT_ALL ) {
+ fprintf( stderr, "Error: Malformed \"replica\" line in slapd " );
+ fprintf( stderr, "config file, line %d\n", lineno );
+ return -1;
+ }
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/fm.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/fm.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/fm.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,266 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/fm.c,v 1.28.2.3 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+/*
+ * fm.c - file management routines.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/signal.h>
+#include <ac/socket.h>
+#include <ac/unistd.h>
+
+#include "slurp.h"
+#include "globals.h"
+
+
+/*
+ * Forward references
+ */
+static char *get_record LDAP_P(( FILE * ));
+static void populate_queue LDAP_P(( char *f ));
+
+
+/*
+ * Main file manager routine. Watches for new data to be appended to the
+ * slapd replication log. When new data is appended, fm does the following:
+ * - appends the data to slurpd's private copy of the replication log.
+ * - truncates the slapd replog
+ * - adds items to the internal queue of replication work to do
+ * - signals the replication threads to let them know new work has arrived.
+ */
+void *
+fm(
+ void *arg
+)
+{
+ int rc;
+ int i;
+ fd_set readfds;
+
+ /* Set up our signal handlers:
+ * SIG{TERM,INT,HUP} causes a shutdown
+ */
+ (void) SIGNAL( SIGTERM, slurp_set_shutdown );
+ (void) SIGNAL( SIGINT, slurp_set_shutdown );
+#ifdef SIGHUP
+ (void) SIGNAL( SIGHUP, slurp_set_shutdown );
+#endif
+#if defined(SIGBREAK) && defined(HAVE_NT_SERVICE_MANAGER)
+ (void) SIGNAL( SIGBREAK, do_nothing );
+#endif
+
+ if ( sglob->one_shot_mode ) {
+ if ( file_nonempty( sglob->slapd_replogfile )) {
+ populate_queue( sglob->slapd_replogfile );
+ }
+ printf( "Processing in one-shot mode:\n" );
+ printf( "%d total replication records in file,\n",
+ sglob->rq->rq_getcount( sglob->rq, RQ_COUNT_ALL ));
+ printf( "%d replication records to process.\n",
+ sglob->rq->rq_getcount( sglob->rq, RQ_COUNT_NZRC ));
+ return NULL;
+ }
+ /*
+ * There may be some leftover replication records in our own
+ * copy of the replication log. If any exist, add them to the
+ * queue.
+ */
+ if ( file_nonempty( sglob->slurpd_replogfile )) {
+ populate_queue( sglob->slurpd_replogfile );
+ }
+
+ FD_ZERO( &readfds );
+
+ while ( !sglob->slurpd_shutdown ) {
+ if ( file_nonempty( sglob->slapd_replogfile )) {
+ /* New work found - copy to slurpd replog file */
+ Debug( LDAP_DEBUG_ARGS, "new work in %s\n",
+ sglob->slapd_replogfile, 0, 0 );
+ if (( rc = copy_replog( sglob->slapd_replogfile,
+ sglob->slurpd_replogfile )) == 0 ) {
+ populate_queue( sglob->slurpd_replogfile );
+ } else {
+ if ( rc < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Fatal error while copying replication log\n",
+ 0, 0, 0 );
+ sglob->slurpd_shutdown = 1;
+ }
+ }
+ } else {
+ struct timeval tv;
+
+ FD_SET( sglob->wake_sds[0], &readfds );
+ tv.tv_sec = sglob->no_work_interval;
+ tv.tv_usec = 0;
+
+ rc = select( sglob->wake_sds[0]+1, &readfds, NULL, NULL, &tv );
+ }
+
+ /* Garbage-collect queue */
+ sglob->rq->rq_gc( sglob->rq );
+
+ /* Trim replication log file, if needed */
+ if ( sglob->rq->rq_needtrim( sglob->rq )) {
+ FILE *fp, *lfp;
+ if (( rc = acquire_lock( sglob->slurpd_replogfile, &fp,
+ &lfp )) < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: cannot acquire lock on \"%s\" for trimming\n",
+ sglob->slurpd_replogfile, 0, 0 );
+ } else {
+ sglob->rq->rq_write( sglob->rq, fp );
+ (void) relinquish_lock( sglob->slurpd_replogfile, fp, lfp );
+ }
+ }
+ }
+ sglob->rq->rq_lock( sglob->rq ); /* lock queue */
+ ldap_pvt_thread_cond_broadcast( &(sglob->rq->rq_more) ); /* wake repl threads */
+ for ( i = 0; i < sglob->num_replicas; i++ ) {
+ (sglob->replicas[ i ])->ri_wake( sglob->replicas[ i ]);
+ }
+ sglob->rq->rq_unlock( sglob->rq ); /* unlock queue */
+ Debug( LDAP_DEBUG_ARGS, "fm: exiting\n", 0, 0, 0 );
+ return NULL;
+}
+
+
+
+
+/*
+ * Set a global flag which signals that we're shutting down.
+ */
+RETSIGTYPE
+slurp_set_shutdown(int sig)
+{
+ sglob->slurpd_shutdown = 1; /* set flag */
+ tcp_write( sglob->wake_sds[1], "0", 1); /* wake up file mgr */
+
+ (void) SIGNAL_REINSTALL( sig, slurp_set_shutdown ); /* reinstall handlers */
+}
+
+
+
+
+/*
+ * A do-nothing signal handler.
+ */
+RETSIGTYPE
+do_nothing(int sig)
+{
+ (void) SIGNAL_REINSTALL( sig, do_nothing );
+}
+
+
+
+
+/*
+ * Open the slurpd replication log, seek to our last known position, and
+ * process any pending replication entries.
+ */
+static void
+populate_queue(
+ char *f
+)
+{
+ FILE *fp, *lfp;
+ char *p;
+
+ if ( acquire_lock( f, &fp, &lfp ) < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "error: can't lock file \"%s\": %s\n",
+ f, sys_errlist[ errno ], 0 );
+ return;
+ }
+
+ /*
+ * Read replication records from fp and append them the
+ * the queue.
+ */
+ if ( fseek( fp, sglob->srpos, 0 ) < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "error: can't seek to offset %ld in file \"%s\"\n",
+ sglob->srpos, f, 0 );
+ } else {
+ while (( p = get_record( fp )) != NULL ) {
+ if ( sglob->rq->rq_add( sglob->rq, p ) < 0 ) {
+ char *t;
+ /* Print an error message. Only print first line. */
+ if (( t = strchr( p, '\n' )) != NULL ) {
+ *t = '\0';
+ }
+ Debug( LDAP_DEBUG_ANY,
+ "error: malformed replog entry (begins with \"%s\")\n",
+ p, 0, 0 );
+ }
+ free( p );
+ ldap_pvt_thread_yield();
+ }
+ sglob->srpos = ftell( fp );
+ }
+ (void) relinquish_lock( f, fp, lfp );
+}
+
+
+
+
+/*
+ * Get the next "record" from the file pointed to by fp. A "record"
+ * is delimited by two consecutive newlines. Returns NULL on EOF.
+ */
+static char *
+get_record(
+ FILE *fp
+)
+{
+ int len;
+ static char line[BUFSIZ];
+ char *buf = NULL;
+ static int lcur, lmax;
+
+ lcur = lmax = 0;
+
+ while (( fgets( line, sizeof(line), fp ) != NULL ) &&
+ (( len = strlen( line )) > 1 )) {
+
+ while ( lcur + len + 1 > lmax ) {
+ lmax += BUFSIZ;
+ buf = (char *) ch_realloc( buf, lmax );
+ }
+ strcpy( buf + lcur, line );
+ lcur += len;
+ }
+ return( buf );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/globals.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/globals.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/globals.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,103 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/globals.c,v 1.22.2.3 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+/*
+ * globals.c - initialization code for global data
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+
+#include "slurp.h"
+#include "globals.h"
+
+Globals *sglob;
+static Globals glob;
+
+int ldap_syslog = 0;
+#ifdef LOG_DEBUG
+int ldap_syslog_level = LOG_DEBUG;
+#else
+int ldap_syslog_level = 0;
+#endif
+int ldap_debug = 0;
+
+/*
+ * Initialize the globals
+ */
+Globals *
+init_globals( void )
+{
+ Globals *g;
+
+ g = &glob;
+
+ g->wake_sds[0] = -1;
+ g->wake_sds[1] = -1;
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+ g->slapd_configfile = ".\\slapd.conf";
+ g->slurpd_rdir = ".\\replica";
+#else
+ g->slapd_configfile = SLAPD_DEFAULT_CONFIGFILE;
+ g->slurpd_rdir = DEFAULT_SLURPD_REPLICA_DIR "/replica";
+#endif
+
+ g->no_work_interval = DEFAULT_NO_WORK_INTERVAL;
+ g->slurpd_shutdown = 0;
+ g->num_replicas = 0;
+ g->replicas = NULL;
+ g->slapd_replogfile[ 0 ] = '\0';
+ g->slurpd_replogfile[ 0 ] = '\0';
+ g->slurpd_status_file[ 0 ] = '\0';
+ g->one_shot_mode = 0;
+ g->no_detach = 0;
+ g->myname = NULL;
+ g->serverName = NULL;
+ g->srpos = 0L;
+ g->version = 0;
+ if ( St_init( &(g->st)) < 0 ) {
+ fprintf( stderr, "Cannot initialize status data\n" );
+ exit( EXIT_FAILURE );
+ }
+ ldap_pvt_thread_mutex_init( &(g->rej_mutex) );
+ if ( Rq_init( &(g->rq)) < 0 ) {
+ fprintf( stderr, "Cannot initialize queue\n" );
+ exit( EXIT_FAILURE );
+ }
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ g->default_srvtab = SRVTAB;
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
+
+ return g;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/globals.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/globals.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/globals.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,93 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/globals.h,v 1.17.2.3 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#ifndef SLURPD_GLOBALS_H
+#define SLURPD_GLOBALS_H 1
+
+/*
+ * globals.h - definition of structure holding global data.
+ */
+
+#include "slurp.h"
+
+LDAP_BEGIN_DECL
+
+typedef struct globals {
+ /* Thread ID for file manager thread */
+ ldap_pvt_thread_t fm_tid;
+ /* pipe/socket used to wake manager from signal handler */
+ int wake_sds[2];
+ /* The name of the slapd config file (which is also our config file) */
+ char *slapd_configfile;
+ /* How long the master slurpd sleeps when there's no work to do */
+ int no_work_interval;
+ /* We keep running until slurpd_shutdown is nonzero. HUP signal set this */
+ sig_atomic_t slurpd_shutdown;
+ /* Number of replicas we're servicing */
+ int num_replicas;
+ /* Array of pointers to replica info */
+ Ri **replicas;
+ /* Directory where our replica files are written/read */
+ char *slurpd_rdir;
+ /* Name of slurpd status file (timestamp of last replog */
+ char slurpd_status_file[ MAXPATHLEN ];
+ /* Name of the replication log slapd is writing (and we are reading) */
+ char slapd_replogfile[ MAXPATHLEN ];
+ /* Name of local copy of replogfile we maintain */
+ char slurpd_replogfile[ MAXPATHLEN ];
+ /* Non-zero if we were given a replog file to process on command-line */
+ int one_shot_mode;
+ /* Non-zero if we should not detach the process */
+ int no_detach;
+ /* Name of program */
+ char *myname;
+ /* NT service name */
+ char *serverName;
+ /* Current offset into slurpd replica logfile */
+ off_t srpos;
+ /* mutex to serialize access to reject file */
+ ldap_pvt_thread_mutex_t rej_mutex;
+ /* pointer to status struct */
+ St *st;
+ /* Pointer to replication queue */
+ Rq *rq;
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ /* Default name of kerberos srvtab file */
+ char *default_srvtab;
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
+ /* Non-zero if we shall print the version */
+ int version;
+} Globals;
+
+
+extern Globals *sglob;
+
+LDAP_END_DECL
+
+#endif /* SLURPD_GLOBALS_H */
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/ldap_op.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/ldap_op.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/ldap_op.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,916 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/ldap_op.c,v 1.53.2.5 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2003 Mark Benson.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP). Additional significant contributors
+ * include:
+ * Mark Benson
+ */
+
+/*
+ * ldap_op.c - routines to perform LDAP operations
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/errno.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#define LDAP_DEPRECATED 1
+#include <ldap.h>
+#include "lutil_ldap.h"
+#include "slurp.h"
+
+/* Forward references */
+static struct berval **make_singlevalued_berval LDAP_P(( char *, int ));
+static int op_ldap_add LDAP_P(( Ri *, Re *, char **, int * ));
+static int op_ldap_modify LDAP_P(( Ri *, Re *, char **, int * ));
+static int op_ldap_delete LDAP_P(( Ri *, Re *, char **, int * ));
+static int op_ldap_modrdn LDAP_P(( Ri *, Re *, char **, int * ));
+static LDAPMod *alloc_ldapmod LDAP_P(( void ));
+static void free_ldapmod LDAP_P(( LDAPMod * ));
+static void free_ldmarr LDAP_P(( LDAPMod ** ));
+static int getmodtype LDAP_P(( char * ));
+#ifdef SLAPD_UNUSED
+static void dump_ldm_array LDAP_P(( LDAPMod ** ));
+#endif
+static int do_bind LDAP_P(( Ri *, int * ));
+static int do_unbind LDAP_P(( Ri * ));
+
+
+/*
+ * Determine the type of ldap operation being performed and call the
+ * appropriate routine.
+ * - If successful, returns DO_LDAP_OK
+ * - If a retryable error occurs, ERR_DO_LDAP_RETRYABLE is returned.
+ * The caller should wait a while and retry the operation.
+ * - If a fatal error occurs, ERR_DO_LDAP_FATAL is returned. The caller
+ * should reject the operation and continue with the next replication
+ * entry.
+ */
+int
+do_ldap(
+ Ri *ri,
+ Re *re,
+ char **errmsg,
+ int *errfree
+)
+{
+ int retry = 2;
+ *errmsg = NULL;
+ *errfree = 0;
+
+ do {
+ int lderr;
+ if ( ri->ri_ldp == NULL ) {
+ lderr = do_bind( ri, &lderr );
+
+ if ( lderr != BIND_OK ) {
+ return DO_LDAP_ERR_RETRYABLE;
+ }
+ }
+
+ switch ( re->re_changetype ) {
+ case T_ADDCT:
+ lderr = op_ldap_add( ri, re, errmsg, errfree );
+ if ( lderr != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: ldap_add_s failed adding DN \"%s\": %s\n",
+ re->re_dn, *errmsg && (*errmsg)[0] ?
+ *errmsg : ldap_err2string( lderr ), 0 );
+ }
+ break;
+
+ case T_MODIFYCT:
+ lderr = op_ldap_modify( ri, re, errmsg, errfree );
+ if ( lderr != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: ldap_modify_s failed modifying DN \"%s\": %s\n",
+ re->re_dn, *errmsg && (*errmsg)[0] ?
+ *errmsg : ldap_err2string( lderr ), 0 );
+ }
+ break;
+
+ case T_DELETECT:
+ lderr = op_ldap_delete( ri, re, errmsg, errfree );
+ if ( lderr != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: ldap_delete_s failed deleting DN \"%s\": %s\n",
+ re->re_dn, *errmsg && (*errmsg)[0] ?
+ *errmsg : ldap_err2string( lderr ), 0 );
+ }
+ break;
+
+ case T_MODRDNCT:
+ lderr = op_ldap_modrdn( ri, re, errmsg, errfree );
+ if ( lderr != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: ldap_modrdn_s failed modifying DN \"%s\": %s\n",
+ re->re_dn, *errmsg && (*errmsg)[0] ?
+ *errmsg : ldap_err2string( lderr ), 0 );
+ }
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "Error: do_ldap: bad op \"%d\", DN \"%s\"\n",
+ re->re_changetype, re->re_dn, 0 );
+ return DO_LDAP_ERR_FATAL;
+ }
+
+ /*
+ * Analyze return code. If ok, just return. If LDAP_SERVER_DOWN,
+ * we may have been idle long enough that the remote slapd timed
+ * us out. Rebind and try again.
+ */
+ switch( lderr ) {
+ case LDAP_SUCCESS:
+ return DO_LDAP_OK;
+
+ default:
+ return DO_LDAP_ERR_FATAL;
+
+ case LDAP_SERVER_DOWN: /* server went down */
+ (void) do_unbind( ri );
+ retry--;
+ }
+ } while ( retry > 0 );
+
+ return DO_LDAP_ERR_RETRYABLE;
+}
+
+
+
+/*
+ * Perform an ldap add operation.
+ */
+static int
+op_ldap_add(
+ Ri *ri,
+ Re *re,
+ char **errmsg,
+ int *errfree
+)
+{
+ Mi *mi;
+ int nattrs, rc = 0, i;
+ LDAPMod *ldm, **ldmarr;
+ int lderr = 0;
+
+ nattrs = i = 0;
+ ldmarr = NULL;
+
+ /*
+ * Construct a null-terminated array of LDAPMod structs.
+ */
+ mi = re->re_mods;
+ while ( mi[ i ].mi_type != NULL ) {
+ ldm = alloc_ldapmod();
+ ldmarr = ( LDAPMod ** ) ch_realloc( ldmarr,
+ ( nattrs + 2 ) * sizeof( LDAPMod * ));
+ ldmarr[ nattrs ] = ldm;
+ ldm->mod_op = LDAP_MOD_BVALUES;
+ ldm->mod_type = mi[ i ].mi_type;
+ ldm->mod_bvalues =
+ make_singlevalued_berval( mi[ i ].mi_val, mi[ i ].mi_len );
+ i++;
+ nattrs++;
+ }
+
+ if ( ldmarr != NULL ) {
+ ldmarr[ nattrs ] = NULL;
+
+ /* Perform the operation */
+ Debug( LDAP_DEBUG_ARGS, "replica %s:%d - add dn \"%s\"\n",
+ ri->ri_hostname, ri->ri_port, re->re_dn );
+ rc = ldap_add_s( ri->ri_ldp, re->re_dn, ldmarr );
+
+ ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
+ ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
+ *errfree = 1;
+
+ } else {
+ *errmsg = "No modifications to do";
+ Debug( LDAP_DEBUG_ANY,
+ "Error: op_ldap_add: no mods to do (%s)!\n", re->re_dn, 0, 0 );
+ }
+ free_ldmarr( ldmarr );
+ return( lderr );
+}
+
+
+
+
+/*
+ * Perform an ldap modify operation.
+ */
+#define AWAITING_OP -1
+static int
+op_ldap_modify(
+ Ri *ri,
+ Re *re,
+ char **errmsg,
+ int *errfree
+)
+{
+ Mi *mi;
+ int state; /* This code is a simple-minded state machine */
+ int nvals; /* Number of values we're modifying */
+ int nops; /* Number of LDAPMod structs in ldmarr */
+ LDAPMod *ldm = NULL, **ldmarr;
+ int i, len;
+ char *type, *value;
+ int rc = 0;
+
+ state = AWAITING_OP;
+ nvals = 0;
+ nops = 0;
+ ldmarr = NULL;
+
+ if ( re->re_mods == NULL ) {
+ *errmsg = "No arguments given";
+ Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modify: no arguments\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ /*
+ * Construct a null-terminated array of LDAPMod structs.
+ */
+ for ( mi = re->re_mods, i = 0; mi[ i ].mi_type != NULL; i++ ) {
+ type = mi[ i ].mi_type;
+ value = mi[ i ].mi_val;
+ len = mi[ i ].mi_len;
+ switch ( getmodtype( type )) {
+ case T_MODSEP:
+ state = T_MODSEP; /* Got a separator line "-\n" */
+ continue;
+ case T_MODOPADD:
+ state = T_MODOPADD;
+ ldmarr = ( LDAPMod ** )
+ ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
+ ldmarr[ nops ] = ldm = alloc_ldapmod();
+ ldm->mod_op = LDAP_MOD_ADD | LDAP_MOD_BVALUES;
+ ldm->mod_type = value;
+ nvals = 0;
+ nops++;
+ break;
+ case T_MODOPREPLACE:
+ state = T_MODOPREPLACE;
+ ldmarr = ( LDAPMod ** )
+ ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
+ ldmarr[ nops ] = ldm = alloc_ldapmod();
+ ldm->mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
+ ldm->mod_type = value;
+ nvals = 0;
+ nops++;
+ break;
+ case T_MODOPDELETE:
+ state = T_MODOPDELETE;
+ ldmarr = ( LDAPMod ** )
+ ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
+ ldmarr[ nops ] = ldm = alloc_ldapmod();
+ ldm->mod_op = LDAP_MOD_DELETE | LDAP_MOD_BVALUES;
+ ldm->mod_type = value;
+ nvals = 0;
+ nops++;
+ break;
+ case T_MODOPINCREMENT:
+ state = T_MODOPINCREMENT;
+ ldmarr = ( LDAPMod ** )
+ ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
+ ldmarr[ nops ] = ldm = alloc_ldapmod();
+ ldm->mod_op = LDAP_MOD_INCREMENT | LDAP_MOD_BVALUES;
+ ldm->mod_type = value;
+ nvals = 0;
+ nops++;
+ break;
+ default:
+ if ( state == AWAITING_OP ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: op_ldap_modify: unknown mod type \"%s\"\n",
+ type, 0, 0 );
+ continue;
+ }
+
+ assert( ldm != NULL );
+
+ /*
+ * We should have an attribute: value pair here.
+ * Construct the mod_bvalues part of the ldapmod struct.
+ */
+ if ( strcasecmp( type, ldm->mod_type )) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: malformed modify op, %s: %s (expecting %s:)\n",
+ type, value, ldm->mod_type );
+ continue;
+ }
+ ldm->mod_bvalues = ( struct berval ** )
+ ch_realloc( ldm->mod_bvalues,
+ ( nvals + 2 ) * sizeof( struct berval * ));
+ ldm->mod_bvalues[ nvals + 1 ] = NULL;
+ ldm->mod_bvalues[ nvals ] = ( struct berval * )
+ ch_malloc( sizeof( struct berval ));
+ ldm->mod_bvalues[ nvals ]->bv_val = value;
+ ldm->mod_bvalues[ nvals ]->bv_len = len;
+ nvals++;
+ }
+ }
+ ldmarr[ nops ] = NULL;
+
+ if ( nops > 0 ) {
+ /* Actually perform the LDAP operation */
+ Debug( LDAP_DEBUG_ARGS, "replica %s:%d - modify dn \"%s\"\n",
+ ri->ri_hostname, ri->ri_port, re->re_dn );
+ rc = ldap_modify_s( ri->ri_ldp, re->re_dn, ldmarr );
+ ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
+ *errfree = 1;
+ }
+ free_ldmarr( ldmarr );
+ return( rc );
+}
+
+
+
+
+/*
+ * Perform an ldap delete operation.
+ */
+static int
+op_ldap_delete(
+ Ri *ri,
+ Re *re,
+ char **errmsg,
+ int *errfree
+)
+{
+ int rc;
+
+ Debug( LDAP_DEBUG_ARGS, "replica %s:%d - delete dn \"%s\"\n",
+ ri->ri_hostname, ri->ri_port, re->re_dn );
+ rc = ldap_delete_s( ri->ri_ldp, re->re_dn );
+ ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
+ *errfree = 1;
+
+ return( rc );
+}
+
+
+
+
+/*
+ * Perform an ldap modrdn operation.
+ */
+#define GOT_NEWRDN 0x1
+#define GOT_DELOLDRDN 0x2
+#define GOT_NEWSUP 0x4
+
+#define GOT_MODDN_REQ (GOT_NEWRDN|GOT_DELOLDRDN)
+#define GOT_ALL_MODDN(f) (((f) & GOT_MODDN_REQ) == GOT_MODDN_REQ)
+static int
+op_ldap_modrdn(
+ Ri *ri,
+ Re *re,
+ char **errmsg,
+ int *errfree
+)
+{
+ int rc = 0;
+ Mi *mi;
+ int i;
+ int lderr = 0;
+ int state = 0;
+ int drdnflag = -1;
+ char *newrdn = NULL;
+ char *newsup = NULL;
+
+ if ( re->re_mods == NULL ) {
+ *errmsg = "No arguments given";
+ Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: no arguments\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ /*
+ * Get the arguments: should see newrdn: and deleteoldrdn: args.
+ */
+ for ( mi = re->re_mods, i = 0; mi[ i ].mi_type != NULL; i++ ) {
+ if ( !strcmp( mi[ i ].mi_type, T_NEWRDNSTR )) {
+ if( state & GOT_NEWRDN ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: op_ldap_modrdn: multiple newrdn arg \"%s\"\n",
+ mi[ i ].mi_val, 0, 0 );
+ *errmsg = "Multiple newrdn argument";
+ return -1;
+ }
+
+ newrdn = mi[ i ].mi_val;
+ state |= GOT_NEWRDN;
+
+ } else if ( !strcmp( mi[ i ].mi_type, T_DELOLDRDNSTR )) {
+ if( state & GOT_DELOLDRDN ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: op_ldap_modrdn: multiple deleteoldrdn arg \"%s\"\n",
+ mi[ i ].mi_val, 0, 0 );
+ *errmsg = "Multiple newrdn argument";
+ return -1;
+ }
+
+ state |= GOT_DELOLDRDN;
+ if ( !strcmp( mi[ i ].mi_val, "0" )) {
+ drdnflag = 0;
+ } else if ( !strcmp( mi[ i ].mi_val, "1" )) {
+ drdnflag = 1;
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: op_ldap_modrdn: bad deleteoldrdn arg \"%s\"\n",
+ mi[ i ].mi_val, 0, 0 );
+ *errmsg = "Incorrect argument to deleteoldrdn";
+ return -1;
+ }
+
+ } else if ( !strcmp( mi[ i ].mi_type, T_NEWSUPSTR )) {
+ if( state & GOT_NEWSUP ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: op_ldap_modrdn: multiple newsuperior arg \"%s\"\n",
+ mi[ i ].mi_val, 0, 0 );
+ *errmsg = "Multiple newsuperior argument";
+ return -1;
+ }
+
+ newsup = mi[ i ].mi_val;
+ state |= GOT_NEWSUP;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: bad type \"%s\"\n",
+ mi[ i ].mi_type, 0, 0 );
+ *errmsg = "Bad value in replication log entry";
+ return -1;
+ }
+ }
+
+ /*
+ * Punt if we don't have all the args.
+ */
+ if ( !GOT_ALL_MODDN(state) ) {
+ Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: missing arguments\n",
+ 0, 0, 0 );
+ *errmsg = "Missing argument: requires \"newrdn\" and \"deleteoldrdn\"";
+ return -1;
+ }
+
+#ifdef LDAP_DEBUG
+ if ( ldap_debug & LDAP_DEBUG_ARGS ) {
+ char buf[ 256 ];
+ char *buf2;
+ int buf2len = strlen( re->re_dn ) + strlen( mi->mi_val ) + 11;
+
+ snprintf( buf, sizeof(buf), "%s:%d", ri->ri_hostname, ri->ri_port );
+
+ buf2 = (char *) ch_malloc( buf2len );
+ snprintf( buf2, buf2len, "(\"%s\" -> \"%s\")", re->re_dn, mi->mi_val );
+
+ Debug( LDAP_DEBUG_ARGS,
+ "replica %s - modify rdn %s (flag: %d)\n",
+ buf, buf2, drdnflag );
+ free( buf2 );
+ }
+#endif /* LDAP_DEBUG */
+
+ assert( newrdn != NULL );
+
+ /* Do the modrdn */
+ rc = ldap_rename2_s( ri->ri_ldp, re->re_dn, newrdn, newsup, drdnflag );
+
+ ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
+ ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
+ *errfree = 1;
+ return( lderr );
+}
+
+
+
+/*
+ * Allocate and initialize an ldapmod struct.
+ */
+static LDAPMod *
+alloc_ldapmod( void )
+{
+ LDAPMod *ldm;
+
+ ldm = ( struct ldapmod * ) ch_malloc( sizeof ( struct ldapmod ));
+ ldm->mod_type = NULL;
+ ldm->mod_bvalues = ( struct berval ** ) NULL;
+ return( ldm );
+}
+
+
+
+/*
+ * Free an ldapmod struct associated mod_bvalues. NOTE - it is assumed
+ * that mod_bvalues and mod_type contain pointers to the same block of memory
+ * pointed to by the repl struct. Therefore, it's not freed here.
+ */
+static void
+free_ldapmod(
+LDAPMod *ldm )
+{
+ int i;
+
+ if ( ldm == NULL ) {
+ return;
+ }
+ if ( ldm->mod_bvalues != NULL ) {
+ for ( i = 0; ldm->mod_bvalues[ i ] != NULL; i++ ) {
+ free( ldm->mod_bvalues[ i ] );
+ }
+ free( ldm->mod_bvalues );
+ }
+ free( ldm );
+ return;
+}
+
+
+/*
+ * Free an an array of LDAPMod pointers and the LDAPMod structs they point
+ * to.
+ */
+static void
+free_ldmarr(
+LDAPMod **ldmarr )
+{
+ int i;
+
+ for ( i = 0; ldmarr[ i ] != NULL; i++ ) {
+ free_ldapmod( ldmarr[ i ] );
+ }
+ free( ldmarr );
+}
+
+
+/*
+ * Create a berval with a single value.
+ */
+static struct berval **
+make_singlevalued_berval(
+char *value,
+int len )
+{
+ struct berval **p;
+
+ p = ( struct berval ** ) ch_malloc( 2 * sizeof( struct berval * ));
+ p[ 0 ] = ( struct berval * ) ch_malloc( sizeof( struct berval ));
+ p[ 1 ] = NULL;
+ p[ 0 ]->bv_val = value;
+ p[ 0 ]->bv_len = len;
+ return( p );
+}
+
+
+/*
+ * Given a modification type (string), return an enumerated type.
+ * Avoids ugly copy in op_ldap_modify - lets us use a switch statement
+ * there.
+ */
+static int
+getmodtype(
+char *type )
+{
+ if ( !strcmp( type, T_MODSEPSTR )) {
+ return( T_MODSEP );
+ }
+ if ( !strcmp( type, T_MODOPADDSTR )) {
+ return( T_MODOPADD );
+ }
+ if ( !strcmp( type, T_MODOPREPLACESTR )) {
+ return( T_MODOPREPLACE );
+ }
+ if ( !strcmp( type, T_MODOPDELETESTR )) {
+ return( T_MODOPDELETE );
+ }
+ if ( !strcmp( type, T_MODOPINCREMENTSTR )) {
+ return( T_MODOPINCREMENT );
+ }
+ return( T_ERR );
+}
+
+
+/*
+ * Perform an LDAP unbind operation. If replica is NULL, or the
+ * repl_ldp is NULL, just return LDAP_SUCCESS. Otherwise, unbind,
+ * set the ldp to NULL, and return the result of the unbind call.
+ */
+static int
+do_unbind(
+ Ri *ri
+)
+{
+ int rc = LDAP_SUCCESS;
+
+ if (( ri != NULL ) && ( ri->ri_ldp != NULL )) {
+ rc = ldap_unbind( ri->ri_ldp );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: do_unbind: ldap_unbind failed for %s:%d: %s\n",
+ ri->ri_hostname, ri->ri_port, ldap_err2string( rc ) );
+ }
+ ri->ri_ldp = NULL;
+ }
+ return rc;
+}
+
+
+
+/*
+ * Perform an LDAP bind operation to the replication site given
+ * by replica. If replica->repl_ldp is non-NULL, then we unbind
+ * from the replica before rebinding. It should be safe to call
+ * this to re-connect if the replica's connection goes away
+ * for some reason.
+ *
+ * Returns 0 on success, -1 if an LDAP error occurred, and a return
+ * code > 0 if some other error occurred, e.g. invalid bind method.
+ * If an LDAP error occurs, the LDAP error is returned in lderr.
+ */
+static int
+do_bind(
+ Ri *ri,
+ int *lderr
+)
+{
+ int ldrc;
+ int do_tls = ri->ri_tls;
+
+ *lderr = 0;
+
+ if ( ri == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Error: do_bind: null ri ptr\n", 0, 0, 0 );
+ return( BIND_ERR_BADRI );
+ }
+
+retry:
+ if ( ri->ri_ldp != NULL ) {
+ ldrc = ldap_unbind( ri->ri_ldp );
+ if ( ldrc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: do_bind: ldap_unbind failed: %s\n",
+ ldap_err2string( ldrc ), 0, 0 );
+ }
+ ri->ri_ldp = NULL;
+ }
+
+ if ( ri->ri_uri != NULL ) { /* new URI style */
+ Debug( LDAP_DEBUG_ARGS, "Initializing session to %s\n",
+ ri->ri_uri, 0, 0 );
+
+ ldrc = ldap_initialize( &(ri->ri_ldp), ri->ri_uri);
+
+ if (ldrc != LDAP_SUCCESS) {
+ Debug( LDAP_DEBUG_ANY, "Error: ldap_initialize(0, %s) failed: %s\n",
+ ri->ri_uri, ldap_err2string(ldrc), 0 );
+ return( BIND_ERR_OPEN );
+ }
+ } else { /* old HOST style */
+ Debug( LDAP_DEBUG_ARGS, "Initializing session to %s:%d\n",
+ ri->ri_hostname, ri->ri_port, 0 );
+
+ ri->ri_ldp = ldap_init( ri->ri_hostname, ri->ri_port );
+ if ( ri->ri_ldp == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Error: ldap_init(%s, %d) failed: %s\n",
+ ri->ri_hostname, ri->ri_port, sys_errlist[ errno ] );
+ return( BIND_ERR_OPEN );
+ }
+ }
+
+ { /* set version 3 */
+ int err, version = LDAP_VERSION3;
+ err = ldap_set_option(ri->ri_ldp,
+ LDAP_OPT_PROTOCOL_VERSION, &version);
+
+ if( err != LDAP_OPT_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: ldap_set_option(%s, LDAP_OPT_VERSION, 3) failed!\n",
+ ri->ri_hostname, NULL, NULL );
+
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return BIND_ERR_VERSION;
+ }
+ }
+
+ /*
+ * Set ldap library options to (1) not follow referrals, and
+ * (2) restart the select() system call.
+ */
+ {
+ int err;
+ err = ldap_set_option(ri->ri_ldp, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
+
+ if( err != LDAP_OPT_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: ldap_set_option(%s,REFERRALS, OFF) failed!\n",
+ ri->ri_hostname, NULL, NULL );
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return BIND_ERR_REFERRALS;
+ }
+ }
+ ldap_set_option(ri->ri_ldp, LDAP_OPT_RESTART, LDAP_OPT_ON);
+
+ if( do_tls ) {
+ int err = ldap_start_tls_s(ri->ri_ldp, NULL, NULL);
+
+ if( err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: ldap_start_tls failed: %s (%d)\n",
+ ri->ri_tls == TLS_CRITICAL ? "Error" : "Warning",
+ ldap_err2string( err ), err );
+
+ if( ri->ri_tls == TLS_CRITICAL ) {
+ *lderr = err;
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return BIND_ERR_TLS_FAILED;
+ }
+ do_tls = TLS_OFF;
+ goto retry;
+ }
+ }
+
+ switch ( ri->ri_bind_method ) {
+ case LDAP_AUTH_SIMPLE:
+ /*
+ * Bind with a plaintext password.
+ */
+ Debug( LDAP_DEBUG_ARGS, "bind to %s:%d as %s (simple)\n",
+ ri->ri_hostname, ri->ri_port, ri->ri_bind_dn );
+ ldrc = ldap_simple_bind_s( ri->ri_ldp, ri->ri_bind_dn,
+ ri->ri_password );
+ if ( ldrc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: ldap_simple_bind_s for %s:%d failed: %s\n",
+ ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
+ *lderr = ldrc;
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return( BIND_ERR_SIMPLE_FAILED );
+ }
+ break;
+
+ case LDAP_AUTH_SASL:
+ Debug( LDAP_DEBUG_ARGS, "bind to %s as %s via %s (SASL)\n",
+ ri->ri_hostname,
+ ri->ri_authcId ? ri->ri_authcId : "-",
+ ri->ri_saslmech );
+
+#ifdef HAVE_CYRUS_SASL
+ if( ri->ri_secprops != NULL ) {
+ int err = ldap_set_option(ri->ri_ldp,
+ LDAP_OPT_X_SASL_SECPROPS, ri->ri_secprops);
+
+ if( err != LDAP_OPT_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: ldap_set_option(%s,SECPROPS,\"%s\") failed!\n",
+ ri->ri_hostname, ri->ri_secprops, NULL );
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return BIND_ERR_SASL_FAILED;
+ }
+ }
+
+ {
+ void *defaults = lutil_sasl_defaults( ri->ri_ldp, ri->ri_saslmech,
+ ri->ri_realm, ri->ri_authcId, ri->ri_password, ri->ri_authzId );
+
+ ldrc = ldap_sasl_interactive_bind_s( ri->ri_ldp, ri->ri_bind_dn,
+ ri->ri_saslmech, NULL, NULL,
+ LDAP_SASL_QUIET, lutil_sasl_interact, defaults );
+
+ lutil_sasl_freedefs( defaults );
+ if ( ldrc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "Error: LDAP SASL for %s:%d failed: %s\n",
+ ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
+ *lderr = ldrc;
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return( BIND_ERR_SASL_FAILED );
+ }
+ }
+ break;
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "Error: do_bind: SASL not supported %s:%d\n",
+ ri->ri_hostname, ri->ri_port, NULL );
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return( BIND_ERR_BAD_ATYPE );
+#endif
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "Error: do_bind: unknown auth type \"%d\" for %s:%d\n",
+ ri->ri_bind_method, ri->ri_hostname, ri->ri_port );
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return( BIND_ERR_BAD_ATYPE );
+ }
+
+ {
+ int err;
+ LDAPControl c;
+ LDAPControl *ctrls[2];
+ ctrls[0] = &c;
+ ctrls[1] = NULL;
+
+ c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
+ c.ldctl_value.bv_val = NULL;
+ c.ldctl_value.bv_len = 0;
+ c.ldctl_iscritical = 0;
+
+ err = ldap_set_option(ri->ri_ldp, LDAP_OPT_SERVER_CONTROLS, &ctrls);
+
+ if( err != LDAP_OPT_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "Error: "
+ "ldap_set_option(%s, SERVER_CONTROLS, ManageDSAit) failed!\n",
+ ri->ri_hostname, NULL, NULL );
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return BIND_ERR_MANAGEDSAIT;
+ }
+ }
+
+ return( BIND_OK );
+}
+
+
+
+
+
+/*
+ * For debugging. Print the contents of an ldmarr array.
+ */
+#ifdef SLAPD_UNUSED
+static void
+dump_ldm_array(
+ LDAPMod **ldmarr
+)
+{
+ int i, j;
+ LDAPMod *ldm;
+ struct berval *b;
+ char *msgbuf;
+
+ for ( i = 0; ldmarr[ i ] != NULL; i++ ) {
+ ldm = ldmarr[ i ];
+ Debug( LDAP_DEBUG_TRACE,
+ "Trace (%ld): *** ldmarr[ %d ] contents:\n",
+ (long) getpid(), i, 0 );
+ Debug( LDAP_DEBUG_TRACE,
+ "Trace (%ld): *** ldm->mod_op: %d\n",
+ (long) getpid(), ldm->mod_op, 0 );
+ Debug( LDAP_DEBUG_TRACE,
+ "Trace (%ld): *** ldm->mod_type: %s\n",
+ (long) getpid(), ldm->mod_type, 0 );
+ if ( ldm->mod_bvalues != NULL ) {
+ for ( j = 0; ( b = ldm->mod_bvalues[ j ] ) != NULL; j++ ) {
+ msgbuf = ch_malloc( b->bv_len + 512 );
+ sprintf( msgbuf, "***** bv[ %d ] len = %ld, val = <%s>",
+ j, b->bv_len, b->bv_val );
+ Debug( LDAP_DEBUG_TRACE,
+ "Trace (%ld):%s\n", (long) getpid(), msgbuf, 0 );
+ free( msgbuf );
+ }
+ }
+ }
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/lock.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/lock.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/lock.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,144 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/lock.c,v 1.22.2.3 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+/*
+ * lock.c - routines to open and apply an advisory lock to a file
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/param.h>
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+
+#include "slurp.h"
+
+
+FILE *
+lock_fopen(
+ const char *fname,
+ const char *type,
+ FILE **lfp
+)
+{
+ FILE *fp;
+ char buf[MAXPATHLEN];
+
+ /* open the lock file */
+ snprintf( buf, sizeof buf, "%s.lock", fname );
+
+ if ( (*lfp = fopen( buf, "w" )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: could not open \"%s\"\n", buf, 0, 0 );
+ return( NULL );
+ }
+
+ /* acquire the lock */
+ ldap_lockf( fileno(*lfp) );
+
+ /* open the log file */
+ if ( (fp = fopen( fname, type )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: could not open \"%s\"\n", fname, 0, 0 );
+ ldap_unlockf( fileno(*lfp) );
+ fclose( *lfp );
+ *lfp = NULL;
+ return( NULL );
+ }
+
+ return( fp );
+}
+
+
+
+int
+lock_fclose(
+ FILE *fp,
+ FILE *lfp
+)
+{
+ int rc = fclose( fp );
+
+ /* unlock */
+ ldap_unlockf( fileno(lfp) );
+ fclose( lfp );
+
+ return( rc );
+}
+
+
+
+/*
+ * Apply an advisory lock on a file. Just calls lock_fopen()
+ */
+int
+acquire_lock(
+ const char *file,
+ FILE **rfp,
+ FILE **lfp
+)
+{
+ if (( *rfp = lock_fopen( file, "r+", lfp )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: acquire_lock(%ld): Could not acquire lock on \"%s\"\n",
+ (long) getpid(), file, 0);
+ return( -1 );
+ }
+ return( 0 );
+}
+
+
+
+/*
+ * Relinquish a lock on a file. Calls lock_fclose() and also removes the
+ * lock file.
+ */
+int
+relinquish_lock(
+ const char *file,
+ FILE *rfp,
+ FILE *lfp
+)
+{
+ if ( lock_fclose( rfp, lfp ) == EOF ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: relinquish_lock (%ld): Error closing \"%s\"\n",
+ (long) getpid(), file, 0 );
+ return( -1 );
+ }
+ return( 0 );
+}
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/main.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/main.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/main.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,355 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/main.c,v 1.42.2.6 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP). Additional significant contributors
+ * include:
+ * Howard Chu
+ */
+
+
+/*
+ * main.c - main routine for slurpd.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <sys/stat.h>
+#include <ac/stdlib.h>
+#include <ac/unistd.h>
+
+#include "slurp.h"
+#include "globals.h"
+#include "lutil.h"
+
+#include <ldap_pvt.h>
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+#define MAIN_RETURN(x) return
+#define SERVICE_EXIT( e, n ) do { \
+ if ( is_NT_Service ) { \
+ lutil_ServiceStatus.dwWin32ExitCode = (e); \
+ lutil_ServiceStatus.dwServiceSpecificExitCode = (n); \
+ } \
+} while ( 0 )
+#else
+#define SERVICE_EXIT( e, n )
+#define MAIN_RETURN(x) return(x)
+#endif
+
+#ifndef HAVE_MKVERSION
+const char Versionstr[] =
+ OPENLDAP_PACKAGE " " OPENLDAP_VERSION " Standalone LDAP Replicator (slurpd)";
+#endif
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+void WINAPI ServiceMain( DWORD argc, LPTSTR *argv )
+#else
+int main( int argc, char **argv )
+#endif
+{
+#ifdef NO_THREADS
+ /* Haven't yet written the non-threaded version */
+ fputs( "slurpd currently requires threads support\n", stderr );
+ return( 1 );
+#else
+
+ int i, rc = 0;
+
+ /* initialize thread package */
+ ldap_pvt_thread_initialize();
+
+ /*
+ * Create and initialize globals. init_globals() also initializes
+ * the main replication queue.
+ */
+ if (( sglob = init_globals()) == NULL ) {
+ fprintf( stderr, "Out of memory initializing globals\n" );
+ SERVICE_EXIT( ERROR_NOT_ENOUGH_MEMORY, 0 );
+ rc = 1;
+ goto stop;
+ }
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+ {
+ int *i;
+ char *newConfigFile;
+ char *regService = NULL;
+
+ if ( is_NT_Service ) {
+ sglob->serverName = argv[0];
+ lutil_CommenceStartupProcessing( sglob->serverName, slurp_set_shutdown );
+ if ( strcmp(sglob->serverName, SERVICE_NAME) )
+ regService = sglob->serverName;
+ }
+
+ i = (int*)lutil_getRegParam( regService, "DebugLevel" );
+ if ( i != NULL )
+ {
+ ldap_debug = *i;
+ Debug( LDAP_DEBUG_ANY, "new debug level from registry is: %d\n", ldap_debug, 0, 0 );
+ }
+
+ newConfigFile = (char*)lutil_getRegParam( regService, "ConfigFile" );
+ if ( newConfigFile != NULL )
+ {
+ sglob->slapd_configfile = newConfigFile;
+ Debug ( LDAP_DEBUG_ANY, "new config file from registry is: %s\n", sglob->slapd_configfile, 0, 0 );
+
+ }
+ }
+#endif
+
+ /*
+ * Process command-line args and fill in globals.
+ */
+ if ( doargs( argc, argv, sglob ) < 0 ) {
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 15 );
+ rc = 1;
+ goto stop;
+ }
+
+ if ( sglob->version ) {
+ fprintf(stderr, "%s\n", Versionstr);
+ if (sglob->version > 1 ) {
+ rc = 1;
+ goto stop;
+ }
+ }
+
+ Debug ( LDAP_DEBUG_ANY, "%s\n", Versionstr, 0, 0 );
+
+ /*
+ * Read slapd config file and initialize Re (per-replica) structs.
+ */
+ if ( slurpd_read_config( sglob->slapd_configfile ) < 0 ) {
+ fprintf( stderr,
+ "Errors encountered while processing config file \"%s\"\n",
+ sglob->slapd_configfile );
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 19 );
+ rc = 1;
+ goto stop;
+ }
+
+#ifdef HAVE_TLS
+ if( ldap_pvt_tls_init() || ldap_pvt_tls_init_def_ctx( 0 ) ) {
+ rc = 0;
+ /* See if we actually need TLS */
+ for ( i=0; i < sglob->num_replicas; i++ ) {
+ if ( sglob->replicas[i]->ri_tls || ( sglob->replicas[i]->ri_uri &&
+ !strncmp( sglob->replicas[i]->ri_uri, "ldaps:", 6 ))) {
+ rc = 1;
+ break;
+ }
+ }
+ if ( rc ) {
+ fprintf( stderr, "TLS Initialization failed.\n" );
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
+ goto stop;
+ }
+ }
+#endif
+
+ /*
+ * Make sure our directory exists
+ */
+ if ( mkdir(sglob->slurpd_rdir, 0755) == -1 && errno != EEXIST) {
+ perror(sglob->slurpd_rdir);
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 16 );
+ rc = 1;
+ goto stop;
+ }
+
+ /*
+ * Get any saved state information off the disk.
+ */
+ if ( sglob->st->st_read( sglob->st )) {
+ fprintf( stderr, "Malformed slurpd status file \"%s\"\n",
+ sglob->slurpd_status_file );
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 17 );
+ rc = 1;
+ goto stop;
+ }
+
+ /*
+ * All readonly data should now be initialized.
+ * Check for any fatal error conditions before we get started
+ */
+ if ( sanity() < 0 ) {
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 18 );
+ rc = 1;
+ goto stop;
+ }
+
+
+ /*
+ * Detach from the controlling terminal
+ * unless the -d flag is given or in one-shot mode.
+ */
+#ifndef HAVE_WINSOCK
+ if ( ! (sglob->no_detach || sglob->one_shot_mode) ) {
+ lutil_detach( 0, 0 );
+ }
+#endif
+
+ /*
+ * don't open pid/args file in one-shot mode (ITS#4152)
+ *
+ * bail out if files were specified but cannot be opened (ITS#4074)
+ */
+ if ( !sglob->one_shot_mode) {
+ if ( slurpd_pid_file != NULL ) {
+ FILE *fp = fopen( slurpd_pid_file, "w" );
+
+ if ( fp == NULL ) {
+ int save_errno = errno;
+
+ fprintf( stderr, "unable to open pid file "
+ "\"%s\": %d (%s)\n",
+ slurpd_pid_file,
+ save_errno, strerror( save_errno ) );
+
+ free( slurpd_pid_file );
+ slurpd_pid_file = NULL;
+
+ rc = 1;
+ goto stop;
+ }
+
+ fprintf( fp, "%d\n", (int) getpid() );
+ fclose( fp );
+ }
+
+ if ( slurpd_args_file != NULL ) {
+ FILE *fp = fopen( slurpd_args_file, "w" );
+
+ if ( fp == NULL ) {
+ int save_errno = errno;
+
+ fprintf( stderr, "unable to open args file "
+ "\"%s\": %d (%s)\n",
+ slurpd_args_file,
+ save_errno, strerror( save_errno ) );
+
+ free( slurpd_args_file );
+ slurpd_pid_file = NULL;
+
+ rc = 1;
+ goto stop;
+ }
+
+ for ( i = 0; i < argc; i++ ) {
+ fprintf( fp, "%s ", argv[i] );
+ }
+ fprintf( fp, "\n" );
+ fclose( fp );
+ }
+ }
+
+ if ( (rc = lutil_pair( sglob->wake_sds )) < 0 ) {
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 16 );
+ rc = 1;
+ goto stop;
+ }
+
+#ifdef HAVE_NT_EVENT_LOG
+ if (is_NT_Service) lutil_LogStartedEvent( sglob->serverName, ldap_debug, sglob->slapd_configfile, "n/a" );
+#endif
+
+ /*
+ * Start the main file manager thread (in fm.c).
+ */
+ if ( ldap_pvt_thread_create( &(sglob->fm_tid),
+ 0, fm, (void *) NULL ) != 0 )
+ {
+ Debug( LDAP_DEBUG_ANY, "file manager ldap_pvt_thread_create failed\n",
+ 0, 0, 0 );
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 21 );
+ rc = 1;
+ goto stop;
+
+ }
+
+ /*
+ * wait for fm to finish if in oneshot mode
+ */
+ if ( sglob->one_shot_mode ) {
+ ldap_pvt_thread_join( sglob->fm_tid, (void *) NULL );
+ }
+
+ /*
+ * Start threads - one thread for each replica
+ */
+ for ( i = 0; sglob->replicas[ i ] != NULL; i++ ) {
+ start_replica_thread( sglob->replicas[ i ]);
+ }
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+ if ( started_event ) ldap_pvt_thread_cond_signal( &started_event );
+#endif
+
+ /*
+ * Wait for the fm thread to finish.
+ */
+ if ( !sglob->one_shot_mode ) {
+ ldap_pvt_thread_join( sglob->fm_tid, (void *) NULL );
+ }
+
+ /*
+ * Wait for the replica threads to finish.
+ */
+ for ( i = 0; sglob->replicas[ i ] != NULL; i++ ) {
+ ldap_pvt_thread_join( sglob->replicas[ i ]->ri_tid, (void *) NULL );
+ }
+
+stop:
+#ifdef HAVE_NT_SERVICE_MANAGER
+ if (is_NT_Service) {
+ ldap_pvt_thread_cond_destroy( &started_event );
+ lutil_LogStoppedEvent( sglob->serverName );
+ lutil_ReportShutdownComplete();
+ }
+#endif
+ /* destroy the thread package */
+ ldap_pvt_thread_destroy();
+
+#ifdef HAVE_TLS
+ ldap_pvt_tls_destroy();
+#endif
+
+ Debug( LDAP_DEBUG_ANY, "slurpd: terminated.\n", 0, 0, 0 );
+
+ if ( slurpd_pid_file != NULL ) {
+ unlink( slurpd_pid_file );
+ }
+ if ( slurpd_args_file != NULL ) {
+ unlink( slurpd_args_file );
+ }
+
+
+ MAIN_RETURN(rc);
+#endif /* !NO_THREADS */
+}
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/nt_svc.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/nt_svc.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/nt_svc.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,110 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/nt_svc.c,v 1.3.2.3 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+#include <stdio.h>
+#include <ac/string.h>
+#include <ac/stdlib.h>
+#include "slurp.h"
+#include "lutil.h"
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+
+/* in main.c */
+void WINAPI ServiceMain( DWORD argc, LPTSTR *argv );
+
+int main( int argc, LPTSTR *argv )
+{
+ int length;
+ char filename[MAX_PATH], *fname_start;
+
+ /*
+ * Because the service was registered as SERVICE_WIN32_OWN_PROCESS,
+ * the lpServiceName element of the SERVICE_TABLE_ENTRY will be
+ * ignored.
+ */
+
+ SERVICE_TABLE_ENTRY DispatchTable[] = {
+ { "", (LPSERVICE_MAIN_FUNCTION) ServiceMain },
+ { NULL, NULL }
+ };
+
+ /*
+ * set the service's current directory to the installation directory
+ * for the service. this way we don't have to write absolute paths
+ * in the configuration files
+ */
+ GetModuleFileName( NULL, filename, sizeof( filename ) );
+ fname_start = strrchr( filename, *LDAP_DIRSEP );
+
+ if ( argc > 1 ) {
+ if ( _stricmp( "install", argv[1] ) == 0 )
+ {
+ char *svcName = SERVICE_NAME;
+ char *displayName = "OpenLDAP Replication Service";
+ BOOL auto_start = FALSE;
+
+ if ( (argc > 2) && (argv[2] != NULL) )
+ svcName = argv[2];
+
+ if ( argc > 3 && argv[3])
+ displayName = argv[3];
+
+ if ( argc > 4 && stricmp(argv[4], "auto") == 0)
+ auto_start = TRUE;
+
+ strcat(filename, " service");
+ if ( !lutil_srv_install(svcName, displayName, filename, auto_start) )
+ {
+ fputs( "service failed installation ...\n", stderr );
+ return EXIT_FAILURE;
+ }
+ fputs( "service has been installed ...\n", stderr );
+ return EXIT_SUCCESS;
+ }
+
+ if ( _stricmp( "remove", argv[1] ) == 0 )
+ {
+ char *svcName = SERVICE_NAME;
+ if ( (argc > 2) && (argv[2] != NULL) )
+ svcName = argv[2];
+ if ( !lutil_srv_remove(svcName, filename) )
+ {
+ fputs( "failed to remove the service ...\n", stderr );
+ return EXIT_FAILURE;
+ }
+ fputs( "service has been removed ...\n", stderr );
+ return EXIT_SUCCESS;
+ }
+ if ( _stricmp( "service", argv[1] ) == 0 )
+ {
+ is_NT_Service = 1;
+ *fname_start = '\0';
+ SetCurrentDirectory( filename );
+ }
+ }
+
+ if (is_NT_Service)
+ {
+ StartServiceCtrlDispatcher(DispatchTable);
+ } else
+ {
+ ServiceMain( argc, argv );
+ }
+
+ return EXIT_SUCCESS;
+}
+
+#endif
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/proto-slurp.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/proto-slurp.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/proto-slurp.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,113 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/proto-slurp.h,v 1.16.2.3 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+#ifndef _PROTO_SLURP
+#define _PROTO_SLURP
+
+#include <ldap_cdefs.h>
+
+struct globals;
+
+/* admin.c */
+RETSIGTYPE do_admin LDAP_P((int sig));
+
+/* args.c */
+int doargs LDAP_P((int argc, char **argv, struct globals *g));
+
+/* ch_malloc.c */
+#ifdef CSRIMALLOC
+#define ch_malloc malloc
+#define ch_realloc realloc
+#define ch_calloc calloc
+#define ch_strdup strdup
+#define ch_free free
+#else
+void *ch_malloc LDAP_P((ber_len_t size));
+void *ch_realloc LDAP_P((void *block, ber_len_t size));
+void *ch_calloc LDAP_P((ber_len_t nelem, ber_len_t size));
+char *ch_strdup LDAP_P((const char *str));
+void ch_free LDAP_P((void *p));
+#endif
+
+/* config.c */
+int slurpd_read_config LDAP_P((char *fname));
+
+extern char *slurpd_pid_file;
+extern char *slurpd_args_file;
+
+/* ch_malloc.c */
+void ch_free LDAP_P(( void *p ));
+
+/* fm.c */
+void *fm LDAP_P((void *arg));
+RETSIGTYPE do_nothing LDAP_P((int i));
+RETSIGTYPE slurp_set_shutdown LDAP_P((int));
+
+/* globals.c */
+extern struct globals *sglob;
+extern int ldap_syslog;
+extern int ldap_syslog_level;
+extern int ldap_debug;
+extern struct globals *init_globals LDAP_P((void));
+
+/* ldap_op.c */
+int do_ldap LDAP_P((Ri *ri, Re *re, char **errmsg, int *errfree));
+
+/* lock.c */
+FILE *lock_fopen LDAP_P((const char *fname, const char *type, FILE **lfp));
+int lock_fclose LDAP_P((FILE *fp, FILE *lfp));
+int acquire_lock LDAP_P((const char *file, FILE **rfp, FILE **lfp));
+int relinquish_lock LDAP_P((const char *file, FILE *rfp, FILE *lfp));
+
+/* reject.c */
+void write_reject LDAP_P((Ri *ri, Re *re, int lderr, char *errmsg));
+
+/* replica.c */
+int start_replica_thread LDAP_P((Ri *ri));
+
+/* replog.c */
+int copy_replog LDAP_P((char *src, char *dst));
+int file_nonempty LDAP_P((char *filename));
+
+/* sanity.c */
+int sanity LDAP_P((void));
+
+/* st.c */
+int St_init LDAP_P((St **st));
+
+/* tsleep.c */
+int tsleep LDAP_P((time_t interval));
+#if defined( HAVE_LWP )
+void start_lwp_scheduler LDAP_P(( void ));
+#endif
+
+/*main.c */
+extern const char Versionstr[];
+
+#endif /* _PROTO_SLURP */
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/re.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/re.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/re.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,793 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/re.c,v 1.36.2.6 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+/*
+ * re.c - routines which deal with Re (Replication entry) structures.
+ * An Re struct is an in-core representation of one replication to
+ * be performed, along with member functions which are called by other
+ * routines. The Re struct is defined in slurp.h.
+ */
+
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+
+#include "../slapd/slap.h"
+
+#include "slurp.h"
+#include "globals.h"
+#include "lutil.h"
+
+/* Forward references */
+static Rh *get_repl_hosts LDAP_P(( char *, int *, char ** ));
+static int gettype LDAP_P(( char * ));
+static int getchangetype LDAP_P(( char * ));
+static int Re_parse LDAP_P(( Re *re, char *replbuf ));
+static void Re_dump LDAP_P(( Re *re, FILE *fp ));
+static void warn_unknown_replica LDAP_P(( char *, int port ));
+
+/* Globals, scoped within this file */
+static int nur = 0; /* Number of unknown replicas */
+static Rh *ur = NULL; /* array of unknown replica names */
+
+
+/*
+ * Return the next Re in a linked list.
+ */
+static Re *
+Re_getnext(
+ Re *re
+)
+{
+ return(( re == NULL ) ? NULL : re->re_next );
+}
+
+
+
+
+/*
+ * Free an Re
+ * ??? Something should apparently return nonzero here, but I dont know what.
+ */
+static int
+Re_free(
+ Re *re
+)
+{
+ Rh *rh;
+ Mi *mi;
+ int i;
+
+ if ( re == NULL ) {
+ return 0;
+ }
+ if ( re->re_refcnt > 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Warning: freeing re (dn: %s) with nonzero refcnt\n",
+ re->re_dn, 0, 0 );
+ }
+
+ ldap_pvt_thread_mutex_destroy( &re->re_mutex );
+
+ if (( rh = re->re_replicas ) != NULL ) {
+ for ( i = 0; rh[ i ].rh_hostname != NULL; i++ ) {
+ free( rh[ i ].rh_hostname );
+ }
+ free( rh );
+ }
+ ch_free( re->re_dn );
+ if (( mi = re->re_mods ) != NULL ) {
+ for ( i = 0; mi[ i ].mi_type != NULL; i++ ) {
+ free( mi[ i ].mi_type );
+ ch_free( mi[ i ].mi_val );
+ }
+ free( mi );
+ }
+ free( re );
+ return 0;
+}
+
+
+
+
+/*
+ * Read a buffer of data from a replication log file and fill in
+ * an (already allocated) Re.
+ */
+
+#define BEGIN 0
+#define GOT_DN 1
+#define GOT_TIME 2
+#define GOT_CHANGETYPE 4
+#define GOT_ALL ( GOT_DN | GOT_TIME | GOT_CHANGETYPE )
+
+static int
+Re_parse(
+ Re *re,
+ char *replbuf
+)
+{
+ int state;
+ int nml;
+ char *buf, *rp, *p;
+ size_t buflen;
+ char *type, *value;
+ ber_len_t len;
+ int nreplicas;
+
+ if ( re == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Re_parse: error: re is NULL\n", 0, 0, 0 );
+ return -1;
+ }
+ if ( replbuf == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Re_parse: error: replbuf is NULL\n", 0, 0, 0 );
+ return -1;
+ }
+
+ state = BEGIN;
+ nml = 0; /* number of modification information entries */
+ rp = replbuf;
+
+ re->re_replicas = get_repl_hosts( replbuf, &nreplicas, &rp );
+ re->re_refcnt = sglob->num_replicas;
+
+ for (;;) {
+ if (( state == GOT_ALL ) || ( buf = ldif_getline( &rp )) == NULL ) {
+ break;
+ }
+ /*
+ * If we're processing a rejection log, then the first line
+ * of each replication record will begin with "ERROR" - just
+ * ignore it.
+ */
+ if ( strncmp( buf, ERROR_STR, strlen( ERROR_STR )) == 0 ) {
+ continue;
+ }
+ buflen = strlen( buf );
+ if ( ldif_parse_line( buf, &type, &value, &len ) < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: Re_parse: malformed replog file\n",
+ 0, 0, 0 );
+ return -1;
+ }
+ switch ( gettype( type )) {
+ case T_CHANGETYPE:
+ re->re_changetype = getchangetype( value );
+ state |= GOT_CHANGETYPE;
+ break;
+ case T_TIME: {
+ unsigned long t;
+
+ if (( p = strchr( value, '.' )) != NULL ) {
+ /* there was a sequence number */
+ *p++ = '\0';
+ }
+ if ( lutil_atoul( &t, value ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: Re_parse: unable to parse timestamp \"%s\"\n",
+ value, 0, 0 );
+ return -1;
+ }
+ re->re_timestamp = (time_t)t;
+ if ( p != NULL && isdigit( (unsigned char) *p )
+ && lutil_atoi( &re->re_seq, p ) != 0 )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: Re_parse: unable to parse sequence number \"%s\"\n",
+ p, 0, 0 );
+ return -1;
+ }
+ state |= GOT_TIME;
+ } break;
+ case T_DN:
+ re->re_dn = ch_malloc( len + 1 );
+ AC_MEMCPY( re->re_dn, value, len );
+ re->re_dn[ len ]='\0';
+ state |= GOT_DN;
+ break;
+ default:
+ if ( !( state == GOT_ALL )) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: Re_parse: bad type <%s>\n",
+ type, 0, 0 );
+ free( type );
+ free( value );
+ return -1;
+ }
+ }
+ free( type );
+ free( value );
+ }
+
+ if ( state != GOT_ALL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: Re_parse: malformed replog file\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ for (;;) {
+ char *const dash = "-";
+
+ if (( buf = ldif_getline( &rp )) == NULL ) {
+ break;
+ }
+ buflen = strlen( buf );
+ if (( buflen == 1 ) && ( buf[ 0 ] == '-' )) {
+ type = dash;
+ value = NULL;
+ } else {
+ if ( ldif_parse_line( buf, &type, &value, &len ) < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: malformed replog line \"%s\"\n",
+ buf, 0, 0 );
+ return -1;
+ }
+ }
+ re->re_mods = ( Mi *) ch_realloc( (char *) re->re_mods,
+ sizeof( Mi ) * ( nml + 2 ));
+ re->re_mods[ nml ].mi_type = strdup( type );
+ if ( value != NULL ) {
+ re->re_mods[ nml ].mi_val = ch_malloc( len + 1 );
+ AC_MEMCPY( re->re_mods[ nml ].mi_val, value, len );
+ re->re_mods[ nml ].mi_val[ len ] = '\0';
+ re->re_mods[ nml ].mi_len = len;
+ } else {
+ re->re_mods[ nml ].mi_val = NULL;
+ re->re_mods[ nml ].mi_len = 0;
+ }
+ re->re_mods[ nml + 1 ].mi_type = NULL;
+ re->re_mods[ nml + 1 ].mi_val = NULL;
+ nml++;
+
+ if ( type != dash )
+ free( type );
+ if ( value != NULL )
+ free( value );
+ }
+ return 0;
+}
+
+
+
+/*
+ * Extract the replication hosts from a repl buf. Check to be sure that
+ * each replica host and port number are ones we know about (that is, they're
+ * in the slapd config file we read at startup). Without that information
+ * from the config file, we won't have the appropriate credentials to
+ * make modifications. If there are any unknown replica names, don't
+ * add them the the Re struct. Instead, log a warning message.
+ */
+static Rh *
+get_repl_hosts(
+ char *replbuf,
+ int *r_nreplicas,
+ char **r_rp
+)
+{
+ char *type, *value, *line, *p;
+ Rh *rh = NULL;
+ int nreplicas;
+ ber_len_t len;
+ int port;
+ int repl_ok;
+ int i;
+
+ if ( replbuf == NULL ) {
+ return( NULL );
+ }
+
+ nreplicas = 0;
+
+ /*
+ * Get the host names of the replicas
+ */
+ *r_nreplicas = 0;
+ *r_rp = replbuf;
+ for (;;) {
+ /* If this is a reject log, we need to skip over the ERROR: line */
+ if ( !strncmp( *r_rp, ERROR_STR, strlen( ERROR_STR ))) {
+ line = ldif_getline( r_rp );
+ if ( line == NULL ) {
+ break;
+ }
+ }
+ if ( strncasecmp( *r_rp, "replica:", 7 )) {
+ break;
+ }
+ line = ldif_getline( r_rp );
+ if ( line == NULL ) {
+ break;
+ }
+ if ( ldif_parse_line( line, &type, &value, &len ) < 0 ) {
+ return( NULL );
+ }
+ port = LDAP_PORT;
+ if (( p = strchr( value, ':' )) != NULL ) {
+ *p = '\0';
+ p++;
+ if ( *p != '\0' && lutil_atoi( &port, p ) != 0 ) {
+ return( NULL );
+ }
+ }
+
+ /* Verify that we've heard of this replica before */
+ repl_ok = 0;
+ for ( i = 0; i < sglob->num_replicas; i++ ) {
+ if ( strcmp( sglob->replicas[ i ]->ri_hostname, value )) {
+ continue;
+ }
+ if ( sglob->replicas[ i ]->ri_port == port ) {
+ repl_ok = 1;
+ break;
+ }
+ }
+ free( type );
+ if ( !repl_ok ) {
+ warn_unknown_replica( value, port );
+ free( value );
+ continue;
+ }
+
+ rh = (Rh *) ch_realloc((char *) rh, ( nreplicas + 2 ) * sizeof( Rh ));
+ if ( rh == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Out of memory in get_repl_hosts\n",
+ 0, 0, 0 );
+ return NULL;
+ }
+ rh[ nreplicas ].rh_hostname = strdup( value );
+ rh[ nreplicas ].rh_port = port;
+ nreplicas++;
+
+ free( value );
+ }
+
+ if ( nreplicas == 0 ) {
+ return( NULL );
+ }
+
+ rh[ nreplicas ].rh_hostname = NULL;
+ *r_nreplicas = nreplicas;
+
+ return( rh );
+}
+
+
+
+
+
+/*
+ * Convert "type" to an int.
+ */
+static int
+gettype(
+ char *type
+)
+{
+ if ( !strcmp( type, T_CHANGETYPESTR )) {
+ return( T_CHANGETYPE );
+ }
+ if ( !strcmp( type, T_TIMESTR )) {
+ return( T_TIME );
+ }
+ if ( !strcmp( type, T_DNSTR )) {
+ return( T_DN );
+ }
+ return( T_ERR );
+}
+
+
+
+/*
+ * Convert "changetype" to an int.
+ */
+static int
+getchangetype(
+ char *changetype
+)
+{
+ if ( !strcmp( changetype, T_ADDCTSTR )) {
+ return( T_ADDCT );
+ }
+ if ( !strcmp( changetype, T_MODIFYCTSTR )) {
+ return( T_MODIFYCT );
+ }
+ if ( !strcmp( changetype, T_DELETECTSTR )) {
+ return( T_DELETECT );
+ }
+ if ( !strcmp( changetype, T_MODRDNCTSTR )) {
+ return( T_MODRDNCT );
+ }
+ return( T_ERR );
+}
+
+
+
+
+#if 0
+/*
+ * Find the first line which is not a "replica:" line in buf.
+ * Returns a pointer to the line. Returns NULL if there are
+ * only "replica:" lines in buf.
+ */
+static char *
+skip_replica_lines(
+ char *buf
+)
+{
+ char *p = buf;
+ for (;;) {
+ if ( strncasecmp( p, "replica:", 8 )) {
+ return( p );
+ }
+ while (( *p != '\0' ) && ( *p != '\n' )) {
+ p++;
+ }
+ if ( *p == '\0' ) {
+ return ( NULL );
+ } else {
+ p++;
+ }
+ }
+}
+#endif /* 0 */
+
+
+
+
+/*
+ * For debugging purposes: dump the contents of a replication entry.
+ * to the given stream.
+ */
+static void
+Re_dump(
+ Re *re,
+ FILE *fp
+)
+{
+ int i;
+ Mi *mi;
+
+ if ( re == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "Re_dump: re is NULL\n", 0, 0, 0 );
+ return;
+ }
+ fprintf( fp, "Re_dump: ******\n" );
+ fprintf( fp, "re_refcnt: %d\n", re->re_refcnt );
+ fprintf( fp, "re_timestamp: %ld\n", (long) re->re_timestamp );
+ fprintf( fp, "re_seq: %d\n", re->re_seq );
+ for ( i = 0; re->re_replicas && re->re_replicas[ i ].rh_hostname != NULL;
+ i++ ) {
+ fprintf( fp, "re_replicas[%d]: %s:%d\n",
+ i, re->re_replicas[ i ].rh_hostname,
+ re->re_replicas[ i ].rh_port );
+ }
+ fprintf( fp, "re_dn: %s\n", re->re_dn );
+ switch ( re->re_changetype ) {
+ case T_ADDCT:
+ fprintf( fp, "re_changetype: add\n" );
+ break;
+ case T_MODIFYCT:
+ fprintf( fp, "re_changetype: modify\n" );
+ break;
+ case T_DELETECT:
+ fprintf( fp, "re_changetype: delete\n" );
+ break;
+ case T_MODRDNCT:
+ fprintf( fp, "re_changetype: modrdn\n" );
+ break;
+ default:
+ fprintf( fp, "re_changetype: (unknown, type = %d\n",
+ re->re_changetype );
+ }
+ if ( re->re_mods == NULL ) {
+ fprintf( fp, "re_mods: (none)\n" );
+ } else {
+ mi = re->re_mods;
+ fprintf( fp, "re_mods:\n" );
+ for ( i = 0; mi[ i ].mi_type != NULL; i++ ) {
+ fprintf( fp, " %s, \"%s\", (%d bytes)\n",
+ mi[ i ].mi_type,
+ mi[ i ].mi_val == NULL ? "(null)" : mi[ i ].mi_val,
+ mi[ i ].mi_len );
+ }
+ }
+ return;
+}
+
+
+/*
+ * Given an Ri, an Re, and a file pointer, write a replication record to
+ * the file pointer. If ri is NULL, then include all replicas in the
+ * output. If ri is non-NULL, then only include a single "replica:" line
+ * (used when writing rejection records). Returns 0 on success, -1
+ * on failure. Note that Re_write will not write anything out if the
+ * refcnt is zero.
+ */
+static int
+Re_write(
+ Ri *ri,
+ Re *re,
+ FILE *fp )
+{
+ int i;
+ char *s;
+ int rc = 0;
+
+ if ( re == NULL || fp == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Internal error: Re_write: NULL argument\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ if ( re->re_refcnt < 1 ) {
+ return 0; /* this is not an error */
+ }
+
+ if ( ri != NULL ) { /* write a single "replica:" line */
+ if ( ri->ri_port != 0 ) {
+ rc = fprintf( fp, "replica: %s:%d\n", ri->ri_hostname,
+ ri->ri_port );
+ } else {
+ rc = fprintf( fp, "replica: %s\n", ri->ri_hostname );
+ }
+ if ( rc < 0 ) {
+ rc = -1;
+ goto bad;
+ }
+ rc = 0;
+
+ } else { /* write multiple "replica:" lines */
+ for ( i = 0; re->re_replicas && re->re_replicas[ i ].rh_hostname != NULL; i++ ) {
+ if ( fprintf( fp, "replica: %s:%d\n",
+ re->re_replicas[ i ].rh_hostname,
+ re->re_replicas[ i ].rh_port ) < 0 ) {
+ rc = -1;
+ goto bad;
+ }
+ }
+ }
+ if ( fprintf( fp, "time: %ld.%d\n", (long) re->re_timestamp, re->re_seq ) < 0 ) {
+ rc = -1;
+ goto bad;
+ }
+ if ( fprintf( fp, "dn: %s\n", re->re_dn ) < 0 ) {
+ rc = -1;
+ goto bad;
+ }
+ if ( fprintf( fp, "changetype: " ) < 0 ) {
+ rc = -1;
+ goto bad;
+ }
+ switch ( re->re_changetype ) {
+ case T_ADDCT:
+ s = T_ADDCTSTR;
+ break;
+ case T_MODIFYCT:
+ s = T_MODIFYCTSTR;
+ break;
+ case T_DELETECT:
+ s = T_DELETECTSTR;
+ break;
+ case T_MODRDNCT:
+ s = T_MODRDNCTSTR;
+ break;
+ default:
+ s = "IllegalModifyType!!!";
+ }
+ if ( fprintf( fp, "%s\n", s ) < 0 ) {
+ rc = -1;
+ goto bad;
+ }
+ for ( i = 0; (( re->re_mods != NULL ) &&
+ ( re->re_mods[ i ].mi_type != NULL )); i++ ) {
+ if ( !strcmp( re->re_mods[ i ].mi_type, T_MODSEPSTR )) {
+ if ( fprintf( fp, "%s\n", T_MODSEPSTR ) < 0 ) {
+ rc = -1;
+ goto bad;
+ }
+ } else {
+ char *obuf;
+ obuf = ldif_put( LDIF_PUT_VALUE,
+ re->re_mods[ i ].mi_type,
+ re->re_mods[ i ].mi_val ? re->re_mods[ i ].mi_val : "",
+ re->re_mods[ i ].mi_len );
+ if ( fputs( obuf, fp ) < 0 ) {
+ rc = -1;
+ free( obuf );
+ goto bad;
+ } else {
+ ber_memfree( obuf );
+ }
+ }
+ }
+ if ( fprintf( fp, "\n" ) < 0 ) {
+ rc = -1;
+ goto bad;
+ }
+ if ( fflush( fp ) != 0 ) {
+ rc = -1;
+ goto bad;
+ }
+bad:
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "Error while writing: %s\n",
+ sys_errlist[ errno ], 0, 0 );
+ }
+ return rc;
+}
+
+
+
+
+/*
+ * Decrement the refcnt. Locking handled internally.
+ */
+static int
+Re_decrefcnt(
+ Re *re
+)
+{
+ re->re_lock( re );
+ re->re_refcnt--;
+ re->re_unlock( re );
+ return 0;
+}
+
+
+
+/*
+ * Get the refcnt. Locking handled internally.
+ */
+static int
+Re_getrefcnt(
+ Re *re
+)
+{
+ int ret;
+
+ re->re_lock( re );
+ ret = re->re_refcnt;
+ re->re_unlock( re );
+ return ret;
+}
+
+
+
+
+
+/*
+ * Lock this replication entry
+ */
+static int
+Re_lock(
+ Re *re
+)
+{
+ return( ldap_pvt_thread_mutex_lock( &re->re_mutex ));
+}
+
+
+
+
+/*
+ * Unlock this replication entry
+ */
+static int
+Re_unlock(
+ Re *re
+)
+{
+ return( ldap_pvt_thread_mutex_unlock( &re->re_mutex ));
+}
+
+
+
+
+/*
+ * Instantiate and initialize an Re.
+ */
+int
+Re_init(
+ Re **re
+)
+{
+ /* Instantiate */
+ (*re) = (Re *) malloc( sizeof( Re ));
+ if ( *re == NULL ) {
+ return -1;
+ }
+
+ /* Fill in the member function pointers */
+ (*re)->re_free = Re_free;
+ (*re)->re_getnext = Re_getnext;
+ (*re)->re_parse = Re_parse;
+ (*re)->re_write = Re_write;
+ (*re)->re_dump = Re_dump;
+ (*re)->re_lock = Re_lock;
+ (*re)->re_unlock = Re_unlock;
+ (*re)->re_decrefcnt = Re_decrefcnt;
+ (*re)->re_getrefcnt = Re_getrefcnt;
+
+ /* Initialize private data */
+ (*re)->re_refcnt = sglob->num_replicas;
+ (*re)->re_timestamp = (time_t) 0L;
+ (*re)->re_replicas = NULL;
+ (*re)->re_dn = NULL;
+ (*re)->re_changetype = 0;
+ (*re)->re_seq = 0;
+ (*re)->re_mods = NULL;
+ (*re)->re_next = NULL;
+
+ ldap_pvt_thread_mutex_init( &((*re)->re_mutex) );
+ return 0;
+}
+
+
+
+
+/*
+ * Given a host and port, generate a warning message iff we haven't already
+ * generated a message for this host:port combination.
+ */
+static void
+warn_unknown_replica(
+ char *host,
+ int port
+)
+{
+ int found = 0;
+ int i;
+
+ for ( i = 0; i < nur; i++ ) {
+ if ( strcmp( ur[ i ].rh_hostname, host )) {
+ continue;
+ }
+ if ( ur[ i ].rh_port == port ) {
+ found = 1;
+ break;
+ }
+ }
+ if ( !found ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Warning: unknown replica %s:%d found in replication log\n",
+ host, port, 0 );
+ nur++;
+ ur = (Rh *) ch_realloc( (char *) ur, ( nur * sizeof( Rh )));
+ ur[ nur - 1 ].rh_hostname = strdup( host );
+ ur[ nur - 1 ].rh_port = port;
+ }
+}
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/reject.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/reject.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/reject.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,155 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/reject.c,v 1.18.2.4 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+
+/*
+ * reject.c - routines to write replication records to reject files.
+ * An Re struct is writted to a reject file if it cannot be propagated
+ * to a replica LDAP server.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/errno.h>
+#include <ac/unistd.h>
+
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#include "slurp.h"
+#include "globals.h"
+
+#include "lber_pvt.h"
+#include "lutil.h"
+
+#ifdef _WIN32
+#define PORTSEP ","
+#else
+#define PORTSEP ":"
+#endif
+
+/*
+ * Write a replication record to a reject file. The reject file has the
+ * same name as the replica's private copy of the file but with ".rej"
+ * appended (e.g. "/usr/tmp/<hostname>:<port>.rej")
+ *
+ * If errmsg is non-NULL, use that as the error message in the reject
+ * file. Otherwise, use ldap_err2string( lderr ).
+ */
+void
+write_reject(
+ Ri *ri,
+ Re *re,
+ int lderr,
+ char *errmsg
+)
+{
+ char rejfile[ MAXPATHLEN ];
+ FILE *rfp, *lfp;
+ int rc;
+
+ ldap_pvt_thread_mutex_lock( &sglob->rej_mutex );
+ snprintf( rejfile, sizeof rejfile, "%s" LDAP_DIRSEP "%s" PORTSEP "%d.rej",
+ sglob->slurpd_rdir, ri->ri_hostname, ri->ri_port );
+
+ if ( access( rejfile, F_OK ) < 0 ) {
+ /* Doesn't exist - try to create */
+ int rjfd;
+ if (( rjfd = open( rejfile, O_RDWR|O_APPEND|O_CREAT|O_EXCL,
+ S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )) < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: write_reject: Cannot create \"%s\": %s\n",
+ rejfile, sys_errlist[ errno ], 0 );
+ ldap_pvt_thread_mutex_unlock( &sglob->rej_mutex );
+ return;
+ } else {
+ close( rjfd );
+ }
+ }
+ if (( rc = acquire_lock( rejfile, &rfp, &lfp )) < 0 ) {
+ Debug( LDAP_DEBUG_ANY, "Error: cannot open reject file \"%s\"\n",
+ rejfile, 0, 0 );
+ } else {
+ struct berval bv = BER_BVNULL,
+ errstrbv,
+ errmsgbv = BER_BVNULL;
+ char *ptr;
+
+ ber_str2bv( ldap_err2string( lderr ), 0, 0, &errstrbv );
+ if ( errmsg && *errmsg ) {
+ ber_str2bv( errmsg, 0, 0, &errmsgbv );
+ bv.bv_len = errstrbv.bv_len
+ + STRLENOF( ": " ) + errmsgbv.bv_len;
+
+ ptr = bv.bv_val = ber_memalloc( bv.bv_len + 1 );
+ ptr = lutil_strcopy( ptr, errstrbv.bv_val );
+ ptr = lutil_strcopy( ptr, ": " );
+ ptr = lutil_strcopy( ptr, errmsgbv.bv_val );
+
+ } else {
+ bv = errstrbv;
+ }
+
+ fseek( rfp, 0, 2 );
+
+ ptr = ldif_put( LDIF_PUT_VALUE, ERROR_STR, bv.bv_val, bv.bv_len );
+ if ( bv.bv_val != errstrbv.bv_val ) {
+ ber_memfree( bv.bv_val );
+ }
+ if ( ptr == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: cannot convert error message(s) \"%s%s%s\" "
+ "into LDIF format\n",
+ errstrbv.bv_val,
+ BER_BVISNULL( &errmsgbv ) ? "" : ": ",
+ BER_BVISNULL( &errmsgbv ) ? "" : errmsgbv.bv_val );
+ return;
+ }
+
+ fputs( ptr, rfp );
+ ber_memfree( ptr );
+
+ if ((rc = re->re_write( ri, re, rfp )) < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: cannot write reject file \"%s\"\n",
+ rejfile, 0, 0 );
+ }
+ (void) relinquish_lock( rejfile, rfp, lfp );
+ Debug( LDAP_DEBUG_ANY,
+ "Error: ldap operation failed, data written to \"%s\"\n",
+ rejfile, 0, 0 );
+ }
+ ldap_pvt_thread_mutex_unlock( &sglob->rej_mutex );
+ return;
+}
+
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/replica.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/replica.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/replica.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,83 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/replica.c,v 1.23.2.4 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+
+/*
+ * replica.c - code to start up replica threads.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include "slurp.h"
+#include "globals.h"
+
+/*
+ * Just invoke the Ri's process() member function, and log the start and
+ * finish.
+ */
+static void *
+replicate(
+ void *ri_arg
+)
+{
+ Ri *ri = (Ri *) ri_arg;
+
+ Debug( LDAP_DEBUG_ARGS, "begin replication thread for %s:%d\n",
+ ri->ri_hostname, ri->ri_port, 0 );
+
+ ri->ri_process( ri );
+
+ Debug( LDAP_DEBUG_ARGS, "end replication thread for %s:%d\n",
+ ri->ri_hostname, ri->ri_port, 0 );
+ return NULL;
+}
+
+
+
+/*
+ * Start a detached thread for the given replica.
+ */
+int
+start_replica_thread(
+ Ri *ri
+)
+{
+ /* POSIX_THREADS or compatible */
+ if ( ldap_pvt_thread_create( &(ri->ri_tid), 0, replicate,
+ (void *) ri ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "replica \"%s:%d\" ldap_pvt_thread_create failed\n",
+ ri->ri_hostname, ri->ri_port, 0 );
+ return -1;
+ }
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/replog.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/replog.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/replog.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,169 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/replog.c,v 1.19.2.3 2007/01/02 21:44:11 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+
+/*
+ * replog.c - routines which read and write replication log files.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/errno.h>
+#include <ac/param.h>
+#include <ac/string.h>
+#include <ac/syslog.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include <sys/stat.h>
+
+#include <fcntl.h>
+
+#include "slurp.h"
+#include "globals.h"
+
+/*
+ * Copy the replication log. Returns 0 on success, 1 if a temporary
+ * error occurs, and -1 if a fatal error occurs.
+ */
+int
+copy_replog(
+ char *src,
+ char *dst
+)
+{
+ int rc = 0;
+ FILE *rfp; /* replog fp */
+ FILE *lfp; /* replog lockfile fp */
+ FILE *dfp; /* duplicate replog fp */
+ FILE *dlfp; /* duplicate replog lockfile fp */
+ static char buf[ MAXPATHLEN ];
+ static char rbuf[ 1024 ];
+ char *p;
+
+ Debug( LDAP_DEBUG_ARGS,
+ "copy replog \"%s\" to \"%s\"\n",
+ src, dst, 0 );
+
+ /*
+ * Make sure the destination directory is writable. If not, exit
+ * with a fatal error.
+ */
+ strcpy( buf, src );
+ if (( p = strrchr( buf, LDAP_DIRSEP[0] )) == NULL ) {
+ strcpy( buf, "." );
+ } else {
+ *p = '\0';
+ }
+ if ( access( buf, W_OK ) < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: copy_replog (%ld): Directory %s is not writable\n",
+ (long) getpid(), buf, 0 );
+ return( -1 );
+ }
+ strcpy( buf, dst );
+ if (( p = strrchr( buf, LDAP_DIRSEP[0] )) == NULL ) {
+ strcpy( buf, "." );
+ } else {
+ *p = '\0';
+ }
+ if ( access( buf, W_OK ) < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: copy_replog (%ld): Directory %s is not writable\n",
+ (long) getpid(), buf, 0 );
+ return( -1 );
+ }
+
+ /* lock src */
+ rfp = lock_fopen( src, "r", &lfp );
+ if ( rfp == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: copy_replog: Can't lock replog \"%s\" for read: %s\n",
+ src, sys_errlist[ errno ], 0 );
+ return( 1 );
+ }
+
+ /* lock dst */
+ dfp = lock_fopen( dst, "a", &dlfp );
+ if ( dfp == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: copy_replog: Can't lock replog \"%s\" for write: %s\n",
+ dst, sys_errlist[ errno ], 0 );
+ lock_fclose( rfp, lfp );
+ return( 1 );
+ }
+
+ /*
+ * Make our own private copy of the replication log.
+ */
+ while (( p = fgets( rbuf, sizeof( rbuf ), rfp )) != NULL ) {
+ fputs( rbuf, dfp );
+ }
+ /* Only truncate the source file if we're not in one-shot mode */
+ if ( !sglob->one_shot_mode ) {
+ /* truncate replication log */
+ truncate( src, (off_t) 0 );
+ }
+
+ if ( lock_fclose( dfp, dlfp ) == EOF ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: copy_replog: Error closing \"%s\"\n",
+ dst, 0, 0 );
+ }
+ if ( lock_fclose( rfp, lfp ) == EOF ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: copy_replog: Error closing \"%s\"\n",
+ src, 0, 0 );
+ }
+ return( rc );
+}
+
+
+
+
+/*
+ * Return 1 if the given file exists and has a nonzero size,
+ * 0 if it is empty or nonexistent.
+ */
+int
+file_nonempty(
+ char *filename
+)
+{
+ static struct stat stbuf;
+
+ if ( stat( filename, &stbuf ) < 0 ) {
+ return( 0 );
+ } else {
+ return( stbuf.st_size > (off_t ) 0 );
+ }
+}
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/ri.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/ri.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/ri.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,286 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/ri.c,v 1.32.2.4 2007/01/02 21:44:12 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+/*
+ * ri.c - routines used to manipulate Ri structures. An Ri (Replica
+ * information) struct contains all information about one replica
+ * instance. The Ri struct is defined in slurp.h
+ */
+
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/signal.h>
+
+#include "slurp.h"
+#include "globals.h"
+
+
+/* Forward references */
+static int ismine LDAP_P(( Ri *, Re * ));
+static int isnew LDAP_P(( Ri *, Re * ));
+
+
+/*
+ * Process any unhandled replication entries in the queue.
+ */
+static int
+Ri_process(
+ Ri *ri
+)
+{
+ Rq *rq = sglob->rq;
+ Re *re = NULL, *new_re = NULL;
+ int rc ;
+ char *errmsg;
+ int errfree;
+
+ (void) SIGNAL( LDAP_SIGUSR1, do_nothing );
+#ifdef SIGPIPE
+ (void) SIGNAL( SIGPIPE, SIG_IGN );
+#endif
+ if ( ri == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Error: Ri_process: ri == NULL!\n", 0, 0, 0 );
+ return -1;
+ }
+
+ /*
+ * Startup code. See if there's any work to do. If not, wait on the
+ * rq->rq_more condition variable.
+ */
+ rq->rq_lock( rq );
+ while ( !sglob->slurpd_shutdown &&
+ (( re = rq->rq_gethead( rq )) == NULL )) {
+ /* No work */
+ if ( sglob->one_shot_mode ) {
+ /* give up if in one shot mode */
+ rq->rq_unlock( rq );
+ return 0;
+ }
+ /* wait on condition variable */
+ ldap_pvt_thread_cond_wait( &rq->rq_more, &rq->rq_mutex );
+ }
+
+ /*
+ * When we get here, there's work in the queue, and we have the
+ * queue locked. re should be pointing to the head of the queue.
+ */
+ rq->rq_unlock( rq );
+ while ( !sglob->slurpd_shutdown ) {
+ if ( re != NULL ) {
+ if ( !ismine( ri, re )) {
+ /* The Re doesn't list my host:port */
+ Debug( LDAP_DEBUG_TRACE,
+ "Replica %s:%d, skip repl record for %s (not mine)\n",
+ ri->ri_hostname, ri->ri_port, re->re_dn );
+ } else if ( !isnew( ri, re )) {
+ /* This Re is older than my saved status information */
+ Debug( LDAP_DEBUG_TRACE,
+ "Replica %s:%d, skip repl record for %s (old)\n",
+ ri->ri_hostname, ri->ri_port, re->re_dn );
+ } else {
+ rc = do_ldap( ri, re, &errmsg, &errfree );
+ switch ( rc ) {
+ case DO_LDAP_ERR_RETRYABLE:
+ ldap_pvt_thread_sleep( RETRY_SLEEP_TIME );
+ Debug( LDAP_DEBUG_ANY,
+ "Retrying operation for DN %s on replica %s:%d\n",
+ re->re_dn, ri->ri_hostname, ri->ri_port );
+ continue;
+ break;
+ case DO_LDAP_ERR_FATAL: {
+ /* Non-retryable error. Write rejection log. */
+ int ld_errno = 0;
+ ldap_get_option(ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &ld_errno);
+ write_reject( ri, re, ld_errno, errmsg );
+ /* Update status ... */
+ (void) sglob->st->st_update( sglob->st, ri->ri_stel, re );
+ /* ... and write to disk */
+ (void) sglob->st->st_write( sglob->st );
+ } break;
+ default:
+ /* LDAP op completed ok - update status... */
+ (void) sglob->st->st_update( sglob->st, ri->ri_stel, re );
+ /* ... and write to disk */
+ (void) sglob->st->st_write( sglob->st );
+ break;
+ }
+ if ( errfree && errmsg ) {
+ ch_free( errmsg );
+ }
+ }
+ } else {
+ Debug( LDAP_DEBUG_ANY, "Error: re is null in Ri_process\n",
+ 0, 0, 0 );
+ }
+ rq->rq_lock( rq );
+ while ( !sglob->slurpd_shutdown &&
+ ((new_re = re->re_getnext( re )) == NULL )) {
+ if ( sglob->one_shot_mode ) {
+ rq->rq_unlock( rq );
+ return 0;
+ }
+ /* No work - wait on condition variable */
+ ldap_pvt_thread_cond_wait( &rq->rq_more, &rq->rq_mutex );
+ }
+ re->re_decrefcnt( re );
+ re = new_re;
+ rq->rq_unlock( rq );
+ if ( sglob->slurpd_shutdown ) {
+ if ( ri->ri_ldp ) {
+ ldap_unbind_ext( ri->ri_ldp, NULL, NULL );
+ ri->ri_ldp = NULL;
+ }
+ return 0;
+ }
+ }
+ return 0;
+}
+
+
+/*
+ * Wake a replication thread which may be sleeping.
+ * Send it a LDAP_SIGUSR1.
+ */
+static void
+Ri_wake(
+ Ri *ri
+)
+{
+ if ( ri == NULL ) {
+ return;
+ }
+ ldap_pvt_thread_kill( ri->ri_tid, LDAP_SIGUSR1 );
+}
+
+
+
+/*
+ * Allocate and initialize an Ri struct.
+ */
+int
+Ri_init(
+ Ri **ri
+)
+{
+ (*ri) = ( Ri * ) calloc( 1, sizeof( Ri ));
+ if ( *ri == NULL ) {
+ return -1;
+ }
+
+ /* Initialize member functions */
+ (*ri)->ri_process = Ri_process;
+ (*ri)->ri_wake = Ri_wake;
+
+ /* Initialize private data */
+ (*ri)->ri_hostname = NULL;
+ (*ri)->ri_uri = NULL;
+ (*ri)->ri_ldp = NULL;
+ (*ri)->ri_bind_dn = NULL;
+ (*ri)->ri_password = NULL;
+ (*ri)->ri_authcId = NULL;
+ (*ri)->ri_srvtab = NULL;
+ (*ri)->ri_curr = NULL;
+
+ return 0;
+}
+
+
+
+
+/*
+ * Return 1 if the hostname and port in re match the hostname and port
+ * in ri, otherwise return zero.
+ */
+static int
+ismine(
+ Ri *ri,
+ Re *re
+)
+{
+ Rh *rh;
+ int i;
+
+ if ( ri == NULL || re == NULL || ri->ri_hostname == NULL ||
+ re->re_replicas == NULL ) {
+ return 0;
+ }
+ rh = re->re_replicas;
+ for ( i = 0; rh[ i ].rh_hostname != NULL; i++ ) {
+ if ( !strcmp( rh[ i ].rh_hostname, ri->ri_hostname) &&
+ rh[ i ].rh_port == ri->ri_port ) {
+ return 1;
+ }
+ }
+ return 0;
+}
+
+
+
+
+/*
+ * Return 1 if the Re's timestamp/seq combination are greater than the
+ * timestamp and seq in the Ri's ri_stel member. In other words, if we
+ * find replication entries in the log which we've already processed,
+ * don't process them. If the re is "old," return 0.
+ * No check for NULL pointers is done.
+ */
+static int
+isnew(
+ Ri *ri,
+ Re *re
+)
+{
+ long x;
+ int ret;
+
+ /* Lock the St struct to avoid a race */
+ sglob->st->st_lock( sglob->st );
+ x = re->re_timestamp - ri->ri_stel->last;
+ if ( x > 0 ) {
+ /* re timestamp is newer */
+ ret = 1;
+ } else if ( x < 0 ) {
+ ret = 0;
+ } else {
+ /* timestamps were equal */
+ if ( re->re_seq > ri->ri_stel->seq ) {
+ /* re seq is newer */
+ ret = 1;
+ } else {
+ ret = 0;
+ }
+ }
+ sglob->st->st_unlock( sglob->st );
+ return ret;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/rq.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/rq.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/rq.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,444 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/rq.c,v 1.24.2.3 2007/01/02 21:44:12 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+/*
+ * rq.c - routines used to manage the queue of replication entries.
+ * An Rq (Replication queue) struct contains a linked list of Re
+ * (Replication entry) structures.
+ *
+ * Routines wishing to access the replication queue should do so through
+ * the Rq struct's member functions, e.g. rq->rq_gethead() and friends.
+ * For example, Re structs should be added to the queue by calling
+ * the rq_add() member function.
+ *
+ * Access to the queue is serialized by a mutex. Member functions which do
+ * not do their own locking should only be called after locking the queue
+ * using the rq_lock() member function. The queue should be unlocked with
+ * the rq_unlock() member function.
+ *
+ * Note that some member functions handle their own locking internally.
+ * Callers should not lock the queue before calling these functions.
+ * See the comment block for each function below.
+ *
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <sys/stat.h>
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/unistd.h> /* get ftruncate() */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#include "slurp.h"
+#include "globals.h"
+
+/*
+ * Lock the replication queue.
+ */
+static int
+Rq_lock(
+ Rq *rq
+)
+{
+ return( ldap_pvt_thread_mutex_lock( &rq->rq_mutex ));
+}
+
+
+/*
+ * Unlock the replication queue.
+ */
+static int
+Rq_unlock(
+ Rq *rq
+)
+{
+ return( ldap_pvt_thread_mutex_unlock( &rq->rq_mutex ));
+}
+
+
+
+/*
+ * Return the head of the queue. Callers should lock the queue before
+ * calling this routine.
+ */
+static Re *
+Rq_gethead(
+ Rq *rq
+)
+{
+ return( rq == NULL ? NULL : rq->rq_head );
+}
+
+
+/*
+ * Return the next item in the queue. Callers should lock the queue before
+ * calling this routine.
+ */
+static Re *
+Rq_getnext(
+ Re *re
+)
+{
+ if ( re == NULL ) {
+ return NULL;
+ } else {
+ return( re->re_getnext( re ));
+ }
+}
+
+
+/*
+ * Delete the item at the head of the list. The queue should be locked
+ * by the caller before calling this routine.
+ */
+static int
+Rq_delhead(
+ Rq *rq
+)
+{
+ Re *savedhead;
+ int rc;
+
+ if ( rq == NULL ) {
+ return( -1 );
+ }
+
+ savedhead = rq->rq_head;
+ if ( savedhead == NULL ) {
+ return( 0 );
+ }
+
+ if ( savedhead->re_getrefcnt( savedhead ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "Warning: attempt to delete when refcnt != 0\n",
+ 0, 0, 0 );
+ return( -1 );
+ }
+
+ rq->rq_head = rq->rq_head->re_getnext( rq->rq_head );
+ rc = savedhead->re_free( savedhead );
+ rq->rq_nre--; /* decrement count of Re's in queue */
+ return( rc );
+}
+
+
+/*
+ * Add an entry to the tail of the replication queue. Locking is handled
+ * internally. When items are added to the queue, this routine wakes
+ * up any threads which are waiting for more work by signaling on the
+ * rq->rq_more condition variable.
+ */
+static int
+Rq_add(
+ Rq *rq,
+ char *buf
+)
+{
+ Re *re;
+ int wasempty = 0;
+
+ /* Lock the queue */
+ rq->rq_lock( rq );
+
+ /* Create a new Re */
+ if ( Re_init( &re ) < 0 ) {
+ rq->rq_unlock( rq );
+ return -1;
+ }
+
+ /* parse buf and fill in the re struct */
+ if ( re->re_parse( re, buf ) < 0 ) {
+ re->re_free( re );
+ rq->rq_unlock( rq );
+ return -1;
+ }
+
+ /* Insert into queue */
+ if ( rq->rq_head == NULL ) {
+ rq->rq_head = re;
+ rq->rq_tail = re;
+ wasempty = 1;
+ } else {
+ rq->rq_tail->re_next = re;
+ }
+
+ /* set the sequence number */
+ re->re_seq = 0;
+ if ( !wasempty && ( rq->rq_tail->re_timestamp == re->re_timestamp )) {
+ /*
+ * Our new re has the same timestamp as the tail's timestamp.
+ * Increment the seq number in the tail and use it as our seq number.
+ */
+ re->re_seq = rq->rq_tail->re_seq + 1;
+ }
+ rq->rq_tail = re;
+
+ /* Increment count of items in queue */
+ rq->rq_nre++;
+ /* wake up any threads waiting for more work */
+ ldap_pvt_thread_cond_broadcast( &rq->rq_more );
+
+ /* ... and unlock the queue */
+ rq->rq_unlock( rq );
+
+ return 0;
+}
+
+
+/*
+ * Garbage-collect the replication queue. Locking is handled internally.
+ */
+static void
+Rq_gc(
+ Rq *rq
+)
+{
+ if ( rq == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Rq_gc: rq is NULL!\n", 0, 0, 0 );
+ return;
+ }
+ rq->rq_lock( rq );
+ while (( rq->rq_head != NULL ) &&
+ ( rq->rq_head->re_getrefcnt( rq->rq_head ) == 0 )) {
+ rq->rq_delhead( rq );
+ rq->rq_ndel++; /* increment count of deleted entries */
+ }
+ rq->rq_unlock( rq );
+ return;
+}
+
+
+/*
+ * For debugging: dump the contents of the replication queue to a file.
+ * Locking is handled internally.
+ */
+static void
+Rq_dump(
+ Rq *rq
+)
+{
+ Re *re;
+ FILE *fp;
+ int tmpfd;
+
+ if ( rq == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Rq_dump: rq is NULL!\n", 0, 0, 0 );
+ return;
+ }
+
+ if (unlink(SLURPD_DUMPFILE) == -1 && errno != ENOENT) {
+ Debug( LDAP_DEBUG_ANY, "Rq_dump: \"%s\" exists, and cannot unlink\n",
+ SLURPD_DUMPFILE, 0, 0 );
+ return;
+ }
+ if (( tmpfd = open(SLURPD_DUMPFILE, O_CREAT|O_RDWR|O_EXCL, 0600)) == -1) {
+ Debug( LDAP_DEBUG_ANY, "Rq_dump: cannot open \"%s\" for write\n",
+ SLURPD_DUMPFILE, 0, 0 );
+ return;
+ }
+ if (( fp = fdopen( tmpfd, "w" )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Rq_dump: cannot fdopen \"%s\" for write\n",
+ SLURPD_DUMPFILE, 0, 0 );
+ return;
+ }
+
+ rq->rq_lock( rq );
+ for ( re = rq->rq_gethead( rq ); re != NULL; re = rq->rq_getnext( re )) {
+ re->re_dump( re, fp );
+ }
+ rq->rq_unlock( rq );
+ fclose( fp );
+ return;
+}
+
+
+/*
+ * Write the contents of a replication queue to a file. Returns zero if
+ * successful, -1 if not. Handles queue locking internally. Callers should
+ * provide an open file pointer, which should refer to a locked file.
+ */
+static int
+Rq_write(
+ Rq *rq,
+ FILE *fp
+)
+{
+ Re *re;
+ time_t now;
+
+ if ( rq == NULL ) {
+ return -1;
+ }
+
+ Debug( LDAP_DEBUG_ARGS, "re-write on-disk replication log\n",
+ 0, 0, 0 );
+#ifndef SEEK_SET
+#define SEEK_SET 0
+#endif
+ fseek( fp, 0L, SEEK_SET ); /* Go to beginning of file */
+ rq->rq_lock( rq );
+
+ for ( re = rq->rq_gethead( rq ); re != NULL; re = rq->rq_getnext( re )) {
+ if ( re->re_write( NULL, re, fp ) < 0 ) {
+ fflush( fp );
+ rq->rq_unlock( rq );
+ return -1;
+ }
+ }
+ fflush( fp );
+ sglob->srpos = ftell( fp ); /* update replog file position */
+ /* and truncate to correct len */
+ if ( ftruncate( fileno( fp ), sglob->srpos ) < 0 ) {
+ Debug( LDAP_DEBUG_ANY, "Error truncating replication log: %s\n",
+ sys_errlist[ errno ], 0, 0 );
+ }
+ rq->rq_ndel = 0; /* reset count of deleted re's */
+ time( &now );
+ rq->rq_lasttrim = now; /* reset last trim time */
+ rq->rq_unlock( rq );
+ return 0;
+}
+
+
+/*
+ * Check to see if the private slurpd replication log needs trimming.
+ * The current criteria are:
+ * - The last trim was more than 5 minutes ago, *and*
+ * - We've finished with at least 50 replication log entries since the
+ * last time we re-wrote the replication log.
+ *
+ * Return 1 if replogfile should be trimmed, 0 if not.
+ * Any different policy should be implemented by replacing this function.
+ */
+static int
+Rq_needtrim(
+ Rq *rq
+)
+{
+ int rc = 0;
+ time_t now;
+
+ if ( rq == NULL ) {
+ return 0;
+ }
+
+ rq->rq_lock( rq );
+
+ time( &now );
+
+ if ( now > ( rq->rq_lasttrim + TRIMCHECK_INTERVAL )) {
+ rc = ( rq->rq_ndel >= 50 );
+ } else {
+ rc = 0;
+ }
+ rq->rq_unlock( rq );
+ return rc;
+}
+
+
+/*
+ * Return counts of Re structs in the queue.
+ */
+static int
+Rq_getcount(
+ Rq *rq,
+ int type
+)
+{
+ int count = 0;
+ Re *re;
+
+ if ( rq == NULL ) {
+ return 0;
+ }
+
+ rq->rq_lock( rq );
+ if ( type == RQ_COUNT_ALL ) {
+ count = rq->rq_nre;
+ } else {
+ for ( re = rq->rq_gethead( rq ); re != NULL;
+ re = rq->rq_getnext( re )) {
+ if ( type == RQ_COUNT_NZRC ) {
+ if ( re->re_getrefcnt( re ) > 0 ) {
+ count++;
+ }
+ }
+ }
+ }
+ rq->rq_unlock( rq );
+ return count;
+}
+
+
+/*
+ * Allocate and initialize an Rq object.
+ */
+int
+Rq_init(
+ Rq **rq
+)
+{
+ /* Instantiate the struct */
+ (*rq) = (Rq *) malloc( sizeof( Rq ));
+ if ( *rq == NULL ) {
+ return -1;
+ }
+
+ /* Fill in all the function pointers */
+ (*rq)->rq_gethead = Rq_gethead;
+ (*rq)->rq_getnext = Rq_getnext;
+ (*rq)->rq_delhead = Rq_delhead;
+ (*rq)->rq_add = Rq_add;
+ (*rq)->rq_gc = Rq_gc;
+ (*rq)->rq_lock = Rq_lock;
+ (*rq)->rq_unlock = Rq_unlock;
+ (*rq)->rq_dump = Rq_dump;
+ (*rq)->rq_needtrim = Rq_needtrim;
+ (*rq)->rq_write = Rq_write;
+ (*rq)->rq_getcount = Rq_getcount;
+
+ /* Initialize private data */
+ ldap_pvt_thread_mutex_init( &((*rq)->rq_mutex) );
+ ldap_pvt_thread_cond_init( &((*rq)->rq_more) );
+ (*rq)->rq_head = NULL;
+ (*rq)->rq_tail = NULL;
+ (*rq)->rq_nre = 0;
+ (*rq)->rq_ndel = 0;
+ (*rq)->rq_lasttrim = (time_t) 0L;
+
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/sanity.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/sanity.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/sanity.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,225 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/sanity.c,v 1.13.2.3 2007/01/02 21:44:12 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+
+/*
+ * sanity.c - perform sanity checks on the environment at startup time,
+ * and report any errors before we disassociate from the controlling tty,
+ * start up our threads, and do other stuff which makes it hard to give
+ * feedback to the users.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/unistd.h>
+#include <ac/string.h>
+
+#include "slurp.h"
+#include "globals.h"
+
+#define FC_DIRBAD 1
+#define FC_DIRUNREAD 2
+#define FC_DIRUNWRITE 4
+#define FC_FILEBAD 8
+#define FC_FILEUNREAD 16
+#define FC_FILEUNWRITE 32
+
+
+/*
+ * Forward declarations
+ */
+static unsigned int filecheck LDAP_P(( char * ));
+
+
+
+/*
+ * Take a look around to catch any fatal errors. For example, make sure the
+ * destination directory for our working files exists, check that all
+ * pathnames make sense, and so on. Returns 0 is everything's ok,
+ # -1 if there's something wrong which will keep us from functioning
+ * correctly.
+ *
+ * We do all these checks at startup so we can print a reasonable error
+ * message on stderr before we disassociate from the controlling tty. This
+ * keeps some fatal error messages from "disappearing" into syslog.
+ */
+
+int
+sanity( void )
+{
+ int err = 0;
+ int rc;
+
+ /*
+ * Are there any replicas listed in the slapd config file?
+ */
+ if ( sglob->replicas == NULL ) {
+ fprintf( stderr, "No replicas in slapd.conf file \"%s\"!\n",
+ sglob->slapd_configfile );
+ err++;
+ }
+
+ /*
+ * Make sure the directory housing the slapd replogfile exists, and
+ * that the slapd replogfile is readable, if it exists.
+ */
+ if ( sglob->slapd_replogfile == NULL ) {
+ fprintf( stderr, "Fatal error: no \"replogfile\" "
+ "slapd.conf directive given\n" );
+ err++;
+ } else {
+ rc = filecheck( sglob->slapd_replogfile );
+ if ( rc & FC_DIRBAD ) {
+ fprintf( stderr, "Error: %s: directory specified in "
+ "\"replogfile\" slapd.conf directive does not exist\n",
+ sglob->slapd_replogfile );
+ err++;
+ } else if ( rc & FC_DIRUNREAD ) {
+ fprintf( stderr, "Error: %s: directory specified in "
+ "\"replogfile\" slapd.conf directive is not readable\n",
+ sglob->slapd_replogfile );
+ err++;
+ } else if (!( rc & FC_FILEBAD) && ( rc & FC_FILEUNREAD )) {
+ fprintf( stderr, "Error: %s: file specified in "
+ "\"replogfile\" slapd.conf directive is not readable\n",
+ sglob->slapd_replogfile );
+ err++;
+ }
+ }
+
+ /*
+ * Make sure the directory for the slurpd replogfile is there, and
+ * that the slurpd replogfile is readable and writable, if it exists.
+ */
+ if ( sglob->slurpd_replogfile == NULL ) {
+ fprintf( stderr, "Fatal error: no \"replogfile\" directive given\n" );
+ err++;
+ } else {
+ rc = filecheck( sglob->slurpd_replogfile );
+ if ( rc & FC_DIRBAD ) {
+ fprintf( stderr, "Error: %s: slurpd \"replogfile\" "
+ "directory does not exist\n",
+ sglob->slurpd_replogfile );
+ err++;
+ } else if ( rc & FC_DIRUNREAD ) {
+ fprintf( stderr, "Error: %s: slurpd \"replogfile\" "
+ "directory not readable\n",
+ sglob->slurpd_replogfile );
+ err++;
+ } else if ( !( rc & FC_FILEBAD ) && ( rc & FC_FILEUNREAD )) {
+ fprintf( stderr, "Error: %s: slurpd \"replogfile\" not readable\n",
+ sglob->slurpd_replogfile );
+ err++;
+ } else if ( !( rc & FC_FILEBAD ) && ( rc & FC_FILEUNWRITE )) {
+ fprintf( stderr, "Error: %s: slurpd \"replogfile\" not writeable\n",
+ sglob->slurpd_replogfile );
+ err++;
+ }
+ }
+
+ /*
+ * Make sure that the directory for the slurpd status file is there, and
+ * that the slurpd status file is writable, if it exists.
+ */
+ rc = filecheck( sglob->slurpd_status_file );
+ if ( rc & FC_DIRBAD ) {
+ fprintf( stderr, "Error: %s: status directory does not exist\n",
+ sglob->slurpd_status_file );
+ err++;
+ } else if ( rc & FC_DIRUNREAD ) {
+ fprintf( stderr, "Error: %s: status directory not readable\n",
+ sglob->slurpd_status_file );
+ err++;
+ } else if ( !( rc & FC_FILEBAD ) && ( rc & FC_FILEUNREAD )) {
+ fprintf( stderr, "Error: %s: status file not readable\n",
+ sglob->slurpd_status_file );
+ err++;
+ } else if ( !( rc & FC_FILEBAD ) && ( rc & FC_FILEUNWRITE )) {
+ fprintf( stderr, "Error: %s: status file not writeable\n",
+ sglob->slurpd_status_file );
+ err++;
+ }
+
+ return ( err == 0 ? 0 : -1 );
+}
+
+
+
+/*
+ * Check for the existence of the file and directory leading to the file.
+ * Returns a bitmask which is the logical OR of the following flags:
+ *
+ * FC_DIRBAD: directory containing "f" does not exist.
+ * FC_DIRUNREAD: directory containing "f" exists but is not readable.
+ * FC_DIRUNWRITE: directory containing "f" exists but is not writable.
+ * FC_FILEBAD: "f" does not exist.
+ * FC_FILEUNREAD: "f" exists but is unreadable.
+ * FC_FILEUNWRITE: "f" exists but is unwritable.
+ *
+ * The calling routine is responsible for determining which, if any, of
+ * the returned flags is a problem for a particular file.
+ */
+static unsigned int
+filecheck(
+ char *f
+)
+{
+ char dir[ MAXPATHLEN ];
+ char *p;
+ unsigned int ret = 0;
+
+ snprintf( dir, sizeof dir, "%s", f );
+ p = strrchr( dir, LDAP_DIRSEP[0] );
+ if ( p != NULL ) {
+ *p = '\0';
+ }
+ if ( access( dir, F_OK ) < 0 ) {
+ ret |= FC_DIRBAD;
+ }
+ if ( access( dir, R_OK ) < 0 ) {
+ ret |= FC_DIRUNREAD;
+ }
+ if ( access( dir, W_OK ) < 0 ) {
+ ret |= FC_DIRUNWRITE;
+ }
+ if ( access( f, F_OK ) < 0 ) {
+ ret |= FC_FILEBAD;
+ }
+ if ( access( f, R_OK ) < 0 ) {
+ ret |= FC_FILEUNREAD;
+ }
+ if ( access( f, W_OK ) < 0 ) {
+ ret |= FC_FILEUNWRITE;
+ }
+
+ return ret;
+}
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/slurp.h
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/slurp.h (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/slurp.h 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,404 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/slurp.h,v 1.37.2.4 2007/01/02 21:44:12 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+/* slurp.h - Standalone Ldap Update Replication Daemon (slurpd) */
+
+#ifndef _SLURPD_H_
+#define _SLURPD_H_
+
+#if !defined(HAVE_WINSOCK) && !defined(LDAP_SYSLOG)
+#define LDAP_SYSLOG 1
+#endif
+
+#include <ac/errno.h>
+#include <ac/param.h>
+#include <ac/signal.h>
+#include <ac/syslog.h>
+#include <ac/time.h>
+
+#include <sys/types.h>
+
+#include <ldap.h>
+
+#undef ldap_debug
+#define ldap_debug slurp_debug
+#include "ldap_log.h"
+
+#include "ldap_pvt_thread.h"
+#include "ldap_defaults.h"
+#include "ldif.h"
+
+#ifdef HAVE_WINSOCK
+ /* should be moved to portable.h.nt */
+#define ftruncate(a,b) _chsize(a,b)
+#define truncate(a,b) _lclose( _lcreat(a, 0))
+#define mkdir(a,b) mkdir(a)
+#define S_IRGRP 0
+#define S_IWGRP 0
+#endif
+
+#undef SERVICE_NAME
+#define SERVICE_NAME OPENLDAP_PACKAGE "-slurpd"
+
+/* Default directory for slurpd's private copy of replication logs */
+#define DEFAULT_SLURPD_REPLICA_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-slurp"
+
+/* Default name for slurpd's private copy of the replication log */
+#define DEFAULT_SLURPD_REPLOGFILE "slurpd.replog"
+
+/* Name of file which stores saved slurpd state info, for restarting */
+#define DEFAULT_SLURPD_STATUS_FILE "slurpd.status"
+
+/* slurpd dump file - contents of rq struct are written here (debugging) */
+#define SLURPD_DUMPFILE LDAP_TMPDIR LDAP_DIRSEP "slurpd.dump"
+
+/* Amount of time to sleep if no more work to do */
+#define DEFAULT_NO_WORK_INTERVAL 3
+
+/* The time we wait between checks to see if the replog file needs trimming */
+#define TRIMCHECK_INTERVAL ( 60 * 5 )
+
+/* Only try to trim slurpd replica files larger than this size */
+#define MIN_TRIM_FILESIZE ( 10L * 1024L )
+
+/* Maximum line length we can read from replication log */
+#define REPLBUFLEN 256
+
+/* TLS flags */
+#define TLS_OFF 0
+#define TLS_ON 1
+#define TLS_CRITICAL 2
+
+/* Rejection records are prefaced with this string */
+#define ERROR_STR "ERROR"
+
+/* Strings found in replication entries */
+#define T_CHANGETYPESTR "changetype"
+#define T_CHANGETYPE 1
+#define T_TIMESTR "time"
+#define T_TIME 2
+#define T_DNSTR "dn"
+#define T_DN 3
+
+#define T_ADDCTSTR "add"
+#define T_ADDCT 4
+#define T_MODIFYCTSTR "modify"
+#define T_MODIFYCT 5
+#define T_DELETECTSTR "delete"
+#define T_DELETECT 6
+#define T_MODRDNCTSTR "modrdn"
+#define T_MODDNCTSTR "moddn"
+#define T_RENAMECTSTR "rename"
+#define T_MODRDNCT 7
+
+#define T_MODOPADDSTR "add"
+#define T_MODOPADD 8
+#define T_MODOPREPLACESTR "replace"
+#define T_MODOPREPLACE 9
+#define T_MODOPDELETESTR "delete"
+#define T_MODOPDELETE 10
+#define T_MODOPINCREMENTSTR "increment"
+#define T_MODOPINCREMENT 11
+#define T_MODSEPSTR "-"
+#define T_MODSEP 12
+
+#define T_NEWRDNSTR "newrdn"
+#define T_DELOLDRDNSTR "deleteoldrdn"
+#define T_NEWSUPSTR "newsuperior"
+
+#define T_ERR -1
+
+/* Config file keywords */
+#define HOSTSTR "host"
+#define URISTR "uri"
+#define ATTRSTR "attr"
+#define SUFFIXSTR "suffix"
+#define BINDDNSTR "binddn"
+#define BINDMETHSTR "bindmethod"
+#define KERBEROSSTR "kerberos"
+#define SIMPLESTR "simple"
+#define SASLSTR "sasl"
+#define CREDSTR "credentials"
+#define OLDAUTHCSTR "bindprincipal"
+#define AUTHCSTR "authcID"
+#define AUTHZSTR "authzID"
+#define SRVTABSTR "srvtab"
+#define SASLMECHSTR "saslmech"
+#define REALMSTR "realm"
+#define SECPROPSSTR "secprops"
+#define STARTTLSSTR "starttls"
+#define TLSSTR "tls"
+#define CRITICALSTR "critical"
+
+#define REPLICA_SLEEP_TIME ( 10 )
+
+/* Enumeration of various types of bind failures */
+#define BIND_OK 0
+#define BIND_ERR_BADLDP 1
+#define BIND_ERR_OPEN 2
+#define BIND_ERR_BAD_ATYPE 3
+#define BIND_ERR_SIMPLE_FAILED 4
+#define BIND_ERR_KERBEROS_FAILED 5
+#define BIND_ERR_BADRI 6
+#define BIND_ERR_VERSION 7
+#define BIND_ERR_REFERRALS 8
+#define BIND_ERR_MANAGEDSAIT 9
+#define BIND_ERR_SASL_FAILED 10
+#define BIND_ERR_TLS_FAILED 11
+
+/* Return codes for do_ldap() */
+#define DO_LDAP_OK 0
+#define DO_LDAP_ERR_RETRYABLE 1
+#define DO_LDAP_ERR_FATAL 2
+
+/*
+ * Types of counts one can request from the Rq rq_getcount()
+ * member function
+ */
+/* all elements */
+#define RQ_COUNT_ALL 1
+/* all elements with nonzero refcnt */
+#define RQ_COUNT_NZRC 2
+
+/* Amount of time, in seconds, for a thread to sleep when it encounters
+ * a retryable error in do_ldap().
+ */
+#define RETRY_SLEEP_TIME 60
+
+
+LDAP_BEGIN_DECL
+
+/*
+ * ****************************************************************************
+ * Data types for replication queue and queue elements.
+ * ****************************************************************************
+ */
+
+
+/*
+ * Replica host information. An Ri struct will contain an array of these,
+ * with one entry for each replica. The end of the array is signaled
+ * by a NULL value in the rh_hostname field.
+ */
+typedef struct rh {
+ char *rh_hostname; /* replica hostname */
+ int rh_port; /* replica port */
+} Rh;
+
+
+/*
+ * Per-replica information.
+ *
+ * Notes:
+ * - Private data should not be manipulated expect by Ri member functions.
+ */
+typedef struct ri Ri;
+struct ri {
+ /* Private data */
+ char *ri_hostname; /* canonical hostname of replica */
+ int ri_port; /* port where slave slapd running */
+ char *ri_uri; /* e.g. "ldaps://ldap-1.example.com:636" */
+ LDAP *ri_ldp; /* LDAP struct for this replica */
+ int ri_tls; /* TLS: 0=no, 1=yes, 2=critical */
+ int ri_bind_method; /* AUTH_SIMPLE or AUTH_KERBEROS */
+ char *ri_bind_dn; /* DN to bind as when replicating */
+ char *ri_password; /* Password for any method */
+ char *ri_secprops; /* SASL security properties */
+ char *ri_realm; /* realm for any mechanism */
+ char *ri_authcId; /* authentication ID for any mechanism */
+ char *ri_authzId; /* authorization ID for any mechanism */
+ char *ri_srvtab; /* srvtab file for kerberos bind */
+ char *ri_saslmech; /* SASL mechanism to use */
+ struct re *ri_curr; /* current repl entry being processed */
+ struct stel *ri_stel; /* pointer to Stel for this replica */
+ unsigned long
+ ri_seq; /* seq number of last repl */
+ ldap_pvt_thread_t ri_tid; /* ID of thread for this replica */
+
+ /* Member functions */
+ int (*ri_process) LDAP_P(( Ri * )); /* process the next repl entry */
+ void (*ri_wake) LDAP_P(( Ri * )); /* wake up a sleeping thread */
+};
+
+
+
+/*
+ * Information about one particular modification to make. This data should
+ * be considered private to routines in re.c, and to routines in ri.c.
+ */
+typedef struct mi {
+ /* Private data */
+ char *mi_type; /* attr or type */
+ char *mi_val; /* value */
+ int mi_len; /* length of mi_val */
+} Mi;
+
+
+
+/*
+ * Information about one particular replication entry. Only routines in
+ * re.c and rq.c should touch the private data. Other routines should
+ * only use member functions.
+ */
+typedef struct re Re;
+struct re {
+ /* Private data */
+ ldap_pvt_thread_mutex_t
+ re_mutex; /* mutex for this Re */
+ int re_refcnt; /* ref count, 0 = done */
+ time_t re_timestamp; /* timestamp of this re */
+ int re_seq; /* sequence number */
+ Rh *re_replicas; /* array of replica info */
+ char *re_dn; /* dn of entry being modified */
+ int re_changetype; /* type of modification */
+ Mi *re_mods; /* array of modifications to make */
+ struct re *re_next; /* pointer to next element */
+
+ /* Public functions */
+ int (*re_free) LDAP_P(( Re * )); /* free an re struct */
+ Re *(*re_getnext) LDAP_P(( Re * )); /* return next Re in linked list */
+ int (*re_parse) LDAP_P(( Re *, char * )); /* parse replication log entry */
+ int (*re_write) LDAP_P(( Ri *, Re *, FILE * )); /* write repl. log entry */
+ void (*re_dump) LDAP_P(( Re *, FILE * )); /* debugging - print contents */
+ int (*re_lock) LDAP_P(( Re * )); /* lock this re */
+ int (*re_unlock) LDAP_P(( Re * )); /* unlock this re */
+ int (*re_decrefcnt) LDAP_P(( Re * )); /* decrement the refcnt */
+ int (*re_getrefcnt) LDAP_P(( Re * )); /* get the refcnt */
+};
+
+
+
+
+/*
+ * Definition for the queue of replica information. Private data is
+ * private to rq.c. Other routines should only touch public data or
+ * use member functions. Note that although we have a member function
+ * for locking the queue's mutex, we need to expose the rq_mutex
+ * variable so routines in ri.c can use it as a mutex for the
+ * rq_more condition variable.
+ */
+typedef struct rq Rq;
+struct rq {
+
+ /* Private data */
+ Re *rq_head; /* pointer to head */
+ Re *rq_tail; /* pointer to tail */
+ int rq_nre; /* total number of Re's in queue */
+ int rq_ndel; /* number of deleted Re's in queue */
+ time_t rq_lasttrim; /* Last time we trimmed file */
+
+ /* Public data */
+ ldap_pvt_thread_mutex_t
+ rq_mutex; /* mutex for whole queue */
+ ldap_pvt_thread_cond_t
+ rq_more; /* condition var - more work added */
+
+ /* Member functions */
+ Re * (*rq_gethead) LDAP_P(( Rq * )); /* get the element at head */
+ Re * (*rq_getnext) LDAP_P(( Re * )); /* get the next element */
+ int (*rq_delhead) LDAP_P(( Rq * )); /* delete the element at head */
+ int (*rq_add) LDAP_P(( Rq *, char * )); /* add at tail */
+ void (*rq_gc) LDAP_P(( Rq * )); /* garbage-collect queue */
+ int (*rq_lock) LDAP_P(( Rq * )); /* lock the queue */
+ int (*rq_unlock) LDAP_P(( Rq * )); /* unlock the queue */
+ int (*rq_needtrim) LDAP_P(( Rq * )); /* see if queue needs trimming */
+ int (*rq_write) LDAP_P(( Rq *, FILE * )); /*write Rq contents to file*/
+ int (*rq_getcount) LDAP_P(( Rq *, int )); /* return queue counts */
+ void (*rq_dump) LDAP_P(( Rq * )); /* debugging - print contents */
+};
+
+
+/*
+ * An Stel (status element) contains information about one replica.
+ * Stel structs are associated with the St (status) struct, defined
+ * below.
+ */
+typedef struct stel {
+ char *hostname; /* host name of replica */
+ int port; /* port number of replica */
+ time_t last; /* timestamp of last successful repl */
+ int seq; /* Sequence number of last repl */
+} Stel;
+
+
+/*
+ * An St struct in an in-core structure which contains the current
+ * slurpd state. Most importantly, it contains an array of Stel
+ * structs which contain the timestamp and sequence number of the last
+ * successful replication for each replica. The st_write() member
+ * function is called periodically to flush status information to
+ * disk. At startup time, slurpd checks for the status file, and
+ * if present, uses the timestamps to avoid "replaying" replications
+ * which have already been sent to a given replica.
+ */
+typedef struct st St;
+struct st {
+ /* Private data */
+ ldap_pvt_thread_mutex_t
+ st_mutex; /* mutex to serialize access */
+ Stel **st_data; /* array of pointers to Stel structs */
+ int st_nreplicas; /* number of repl hosts */
+ int st_err_logged; /* 1 if fopen err logged */
+ FILE *st_fp; /* st file kept open */
+ FILE *st_lfp; /* lockfile fp */
+
+ /* Public member functions */
+ int (*st_update) LDAP_P(( St *, Stel*, Re* ));/*update entry for a host*/
+ Stel*(*st_add) LDAP_P(( St *, Ri * )); /*add a new repl host*/
+ int (*st_write) LDAP_P(( St * )); /* write status to disk */
+ int (*st_read) LDAP_P(( St * )); /* read status info from disk */
+ int (*st_lock) LDAP_P(( St * )); /* read status info from disk */
+ int (*st_unlock) LDAP_P(( St * )); /* read status info from disk */
+};
+
+#if defined( HAVE_LWP )
+typedef struct tl {
+ thread_t tl_tid; /* thread being managed */
+ time_t tl_wake; /* time thread should be resumed */
+ struct tl *tl_next; /* next node in list */
+} tl_t;
+
+typedef struct tsl {
+ tl_t *tsl_list;
+ mon_t tsl_mon;
+} tsl_t;
+#endif /* HAVE_LWP */
+
+/*
+ * Public functions used to instantiate and initialize queue objects.
+ */
+extern int Ri_init LDAP_P(( Ri **ri ));
+extern int Rq_init LDAP_P(( Rq **rq ));
+extern int Re_init LDAP_P(( Re **re ));
+
+#include "proto-slurp.h"
+
+LDAP_END_DECL
+
+#endif /* _SLURPD_H_ */
Added: openldap/vendor/openldap-2.3.35/servers/slurpd/st.c
===================================================================
--- openldap/vendor/openldap-2.3.35/servers/slurpd/st.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/servers/slurpd/st.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,330 @@
+/* $OpenLDAP: pkg/ldap/servers/slurpd/st.c,v 1.18.2.5 2007/01/02 21:44:12 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
+
+
+/*
+ * st.c - routines for managing the status structure, and for reading and
+ * writing status information to disk.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include "slurp.h"
+#include "globals.h"
+#include "lutil.h"
+
+/*
+ * Add information about replica host specified by Ri to list
+ * of hosts.
+ */
+static Stel *
+St_add(
+ St *st,
+ Ri *ri
+)
+{
+ int ind;
+
+ if ( st == NULL || ri == NULL ) {
+ return NULL;
+ }
+
+ /* Serialize access to the St struct */
+ ldap_pvt_thread_mutex_lock( &(st->st_mutex ));
+
+ st->st_nreplicas++;
+ ind = st->st_nreplicas - 1;
+ st->st_data = ( Stel ** ) ch_realloc( st->st_data,
+ ( st->st_nreplicas * sizeof( Stel * )));
+ if ( st->st_data == NULL ) {
+ ldap_pvt_thread_mutex_unlock( &(st->st_mutex ));
+ return NULL;
+ }
+ st->st_data[ ind ] = ( Stel * ) ch_malloc( sizeof( Stel ) );
+ if ( st->st_data[ ind ] == NULL ) {
+ ldap_pvt_thread_mutex_unlock( &(st->st_mutex ));
+ return NULL;
+ }
+
+ st->st_data[ ind ]->hostname = strdup( ri->ri_hostname );
+ st->st_data[ ind ]->port = ri->ri_port;
+ st->st_data[ ind ]->last = 0;
+ st->st_data[ ind ]->seq = 0;
+
+ ldap_pvt_thread_mutex_unlock( &(st->st_mutex ));
+ return st->st_data[ ind ];
+}
+
+
+
+/*
+ * Write the contents of an St to disk.
+ */
+static int
+St_write (
+ St *st
+)
+{
+ int rc;
+ Stel *stel;
+ int i;
+
+ if ( st == NULL ) {
+ return -1;
+ }
+ ldap_pvt_thread_mutex_lock( &(st->st_mutex ));
+ if ( st->st_fp == NULL ) {
+ /* Open file */
+ if (( rc = acquire_lock( sglob->slurpd_status_file, &(st->st_fp),
+ &(st->st_lfp))) < 0 ) {
+ if ( !st->st_err_logged ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: cannot open status file \"%s\": %s\n",
+ sglob->slurpd_status_file, sys_errlist[ errno ], 0 );
+ st->st_err_logged = 1;
+ ldap_pvt_thread_mutex_unlock( &(st->st_mutex ));
+ return -1;
+ }
+ } else {
+ st->st_err_logged = 0;
+ }
+ }
+
+ /* Write data to the file */
+ truncate( sglob->slurpd_status_file, 0L );
+ fseek( st->st_fp, 0L, 0 );
+ for ( i = 0; i < st->st_nreplicas; i++ ) {
+ stel = st->st_data[ i ];
+ fprintf( st->st_fp, "%s:%d:%ld:%d\n",
+ stel->hostname, stel->port,
+ (long) stel->last, stel->seq );
+ }
+ fflush( st->st_fp );
+
+ ldap_pvt_thread_mutex_unlock( &(st->st_mutex ));
+
+ return 0;
+}
+
+
+
+
+/*
+ * Update the entry for a given host.
+ */
+static int
+St_update(
+ St *st,
+ Stel *stel,
+ Re *re
+)
+{
+ if ( stel == NULL || re == NULL ) {
+ return -1;
+ }
+
+ ldap_pvt_thread_mutex_lock( &(st->st_mutex ));
+ stel->last = re->re_timestamp;
+ stel->seq = re->re_seq;
+ ldap_pvt_thread_mutex_unlock( &(st->st_mutex ));
+ return 0;
+}
+
+
+
+
+/*
+ * Read status information from disk file.
+ */
+static int
+St_read(
+ St *st
+)
+{
+ FILE *fp;
+ FILE *lfp;
+ char buf[ 255 ];
+ int i;
+ int rc;
+ char *hostname, *port, *timestamp, *seq, *p, *t;
+ int found;
+
+ if ( st == NULL ) {
+ return -1;
+ }
+ ldap_pvt_thread_mutex_lock( &(st->st_mutex ));
+ if ( access( sglob->slurpd_status_file, F_OK ) < 0 ) {
+ /*
+ * File doesn't exist, so create it and return.
+ */
+ if (( fp = fopen( sglob->slurpd_status_file, "w" )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "Error: cannot create status file \"%s\"\n",
+ sglob->slurpd_status_file, 0, 0 );
+ ldap_pvt_thread_mutex_unlock( &(st->st_mutex ));
+ return -1;
+ }
+ (void) fclose( fp );
+ ldap_pvt_thread_mutex_unlock( &(st->st_mutex ));
+ Debug( LDAP_DEBUG_ARGS, "No status file found, defaulting values\n",
+ 0, 0, 0 );
+ return 0;
+ }
+ if (( rc = acquire_lock( sglob->slurpd_status_file, &fp, &lfp)) < 0 ) {
+ ldap_pvt_thread_mutex_unlock( &(st->st_mutex ));
+ return 0;
+ }
+ while ( fgets( buf, sizeof( buf ), fp ) != NULL ) {
+ p = buf;
+ hostname = p;
+ if (( t = strchr( p, ':' )) == NULL ) {
+ goto bad;
+ }
+ *t++ = '\0';
+ p = t;
+ port = p;
+ if (( t = strchr( p, ':' )) == NULL ) {
+ goto bad;
+ }
+ *t++ = '\0';
+ p = t;
+ timestamp = p;
+ if (( t = strchr( p, ':' )) == NULL ) {
+ goto bad;
+ }
+ *t++ = '\0';
+ seq = t;
+ if (( t = strchr( seq, '\n' )) != NULL ) {
+ *t = '\0';
+ }
+
+ found = 0;
+ for ( i = 0; i < sglob->st->st_nreplicas; i++ ) {
+ int p;
+ if ( !strcmp( hostname, sglob->st->st_data[ i ]->hostname ) &&
+ lutil_atoi( &p, port ) == 0 && p == sglob->st->st_data[ i ]->port )
+ {
+ found = 1;
+ if ( lutil_atol( &sglob->st->st_data[ i ]->last, timestamp ) != 0
+ || lutil_atoi( &sglob->st->st_data[ i ]->seq, seq ) != 0 )
+ {
+ found = 0;
+ }
+ break;
+ }
+ }
+ if ( found ) {
+ char tbuf[ 255 ];
+ sprintf( tbuf, "%s.%s", timestamp, seq );
+ Debug( LDAP_DEBUG_ARGS,
+ "Retrieved state information for %s:%s (timestamp %s)\n", hostname, port, tbuf );
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "Warning: saved state for %s:%s, not a known replica\n",
+ hostname, port, 0 );
+ }
+ }
+ (void) relinquish_lock( sglob->slurpd_status_file, fp, lfp);
+ ldap_pvt_thread_mutex_unlock( &(st->st_mutex ));
+ return 0;
+
+bad:
+ (void) relinquish_lock( sglob->slurpd_status_file, fp, lfp);
+ ldap_pvt_thread_mutex_unlock( &(st->st_mutex ));
+ return -1;
+}
+
+
+
+
+/*
+ * Lock an St struct.
+ */
+static int
+St_lock(
+ St *st
+)
+{
+ return( ldap_pvt_thread_mutex_lock( &st->st_mutex ));
+}
+
+
+
+
+/*
+ * Lock an St struct.
+ */
+static int
+St_unlock(
+ St *st
+)
+{
+ return( ldap_pvt_thread_mutex_unlock( &st->st_mutex ));
+}
+
+
+
+
+/*
+ * Allocate and initialize an St struct.
+ */
+int
+St_init(
+ St **st
+)
+{
+ if ( st == NULL ) {
+ return -1;
+ }
+
+ (*st) = (St *) malloc( sizeof( St ));
+ if ( *st == NULL ) {
+ return -1;
+ }
+
+ ldap_pvt_thread_mutex_init( &((*st)->st_mutex) );
+ (*st)->st_data = NULL;
+ (*st)->st_fp = NULL;
+ (*st)->st_lfp = NULL;
+ (*st)->st_nreplicas = 0;
+ (*st)->st_err_logged = 0;
+ (*st)->st_update = St_update;
+ (*st)->st_add = St_add;
+ (*st)->st_write = St_write;
+ (*st)->st_read = St_read;
+ (*st)->st_lock = St_lock;
+ (*st)->st_unlock = St_unlock;
+ return 0;
+}
+
Added: openldap/vendor/openldap-2.3.35/tests/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,71 @@
+# Makefile.in for tests
+# $OpenLDAP: pkg/ldap/tests/Makefile.in,v 1.54.2.5 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+RUN=./run
+SUBDIRS= progs
+
+BUILD_BDB=@BUILD_BDB@
+BUILD_HDB=@BUILD_HDB@
+BUILD_LDBM=@BUILD_LDBM@
+BUILD_SQL=@BUILD_SQL@
+
+# test primary backends (default)
+test tests:
+ @$(MAKE) bdb
+ @$(MAKE) hdb
+
+# test all backends
+alltests: tests
+ @$(MAKE) ldbm
+ @$(MAKE) sql
+
+bdb test-bdb: bdb-$(BUILD_BDB)
+bdb-no:
+ @echo "run configure with --enable-bdb to run BDB tests"
+
+bdb-yes bdb-mod: FORCE
+ @echo "Initiating LDAP tests for BDB..."
+ @$(RUN) -b bdb all
+
+hdb test-hdb: hdb-$(BUILD_HDB)
+hdb-no:
+ @echo "run configure with --enable-hdb to run HDB tests"
+
+hdb-yes hdb-mod: FORCE
+ @echo "Initiating LDAP tests for HDB..."
+ @$(RUN) -b hdb all
+
+ldbm test-ldbm: ldbm-$(BUILD_LDBM)
+ldbm-no:
+ @echo "run configure with --enable-ldbm to run LDBM tests"
+
+ldbm-yes ldbm-mod: FORCE
+ @echo "Initiating LDAP tests for LDBM..."
+ @$(RUN) -b ldbm all
+
+sql test-sql: sql-$(BUILD_SQL)
+sql-no:
+ @echo "run configure with --enable-sql to run SQL tests"
+
+sql-yes sql-mod: FORCE
+ @echo "Initiating LDAP tests for SQL..."
+ @$(RUN) -b sql sql-all
+
+clean-local: FORCE
+ -$(RM) -r testrun *leak *gmon *core
+
+veryclean-local: FORCE
+ @-$(RM) run testdata schema ucdata
+
Added: openldap/vendor/openldap-2.3.35/tests/README
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/README (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/README 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,23 @@
+This directory contains a series of test scripts which are used to
+verify basic functionality of the LDAP libraries, slapd, and slurpd.
+
+ To run all of the tests, type "make test".
+ To run BDB tests, type "make bdb".
+ To run HDB tests, type "make hdb".
+ To run LDBM tests, type "make ldbm".
+ To run SQL tests, define SLAPD_USE_SQL=<rdbms> and type
+ "make sql"; define SLAPD_USE_SQLWRITE=yes
+ to enable write tests as well.
+
+The test scripts depends on a number of tools commonly available on
+Unix (and Unix-like) systems. While attempts have been made to make
+these scripts reasonable portable, they may not run properly on your
+system. You may have to adjust your path so that compatible versions
+of tools used are available to the scripts and/or you may have to
+install replacement tools. Platform specific hints may be found at:
+ http://www.openldap.org/faq/index.cgi?file=9
+
+To modify the debug level the tests run slapd with, set the SLAPD_DEBUG
+environment variable.
+ env SLAPD_DEBUG=1 make test
+
Added: openldap/vendor/openldap-2.3.35/tests/data/aci.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/aci.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/aci.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,68 @@
+# Searching "dc=example,dc=com" (should fail)...
+# Searching "dc=example,dc=com" (should succeed with no results)...
+# Searching "dc=example,dc=com" as "cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" (should succeed)...
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+# Searching "ou=Groups,dc=example,dc=com" as "cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com" (should succeed)...
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+# Searching "ou=Groups,dc=example,dc=com" as "cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" (should succeed with no results)...
Added: openldap/vendor/openldap-2.3.35/tests/data/acl.out.master
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/acl.out.master (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/acl.out.master 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,348 @@
+# Try to read an entry inside the Alumni Association container.
+# It should give us noSuchObject if we're not bound...
+# ... and should return all attributes if we're bound as anyone
+# under Example.
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+# Using ldapsearch to retrieve all the entries...
+dn: ou=Add & Delete,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Add & Delete
+
+dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Added by Bjorn (must succeed)
+sn: None
+description: this attribute value has been added __after__entry creation
+description: Bjorn will try to delete this attribute value (should fail)
+
+dn: cn=Added by Bjorn (renamed by Jaj),ou=Add & Delete,dc=example,dc=com
+objectClass: inetOrgPerson
+sn: None
+cn: Added by Bjorn (renamed by Jaj)
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+description: added by jaj (should succeed)
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+homePhone: +1 313 555 5444
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+uniqueMember: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc
+ =com
+ou: Groups
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
Added: openldap/vendor/openldap-2.3.35/tests/data/certificate.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/certificate.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/certificate.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,103 @@
+# (userCertificate;binary=*)
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: strongAuthenticationUser
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+userCertificate;binary:: MIIDjDCCAvWgAwIBAgIBAzANBgkqhkiG9w0BAQQFADB3MQswCQYDV
+ QQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTH
+ RkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhc
+ NMDMxMDE3MTYzNTM1WhcNMDQxMDE2MTYzNTM1WjCBnjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1p
+ Y2hpZ2FuMR8wHQYDVQQKExZPcGVuTERBUCBFeGFtcGxlLCBMdGQuMRswGQYDVQQLExJBbHVtbmkgQ
+ XNzb2ljYXRpb24xEjAQBgNVBAMTCUplbiBTbWl0aDEqMCgGCSqGSIb3DQEJARYbamVuQG1haWwuYW
+ x1bW5pLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpnXWAL0VkROGO1Rg
+ 8J3u6F4F7yMqQCbUMsV9rxQisYj45+pmqiHV5urogvT4MGD6eLNFZKBn+0KRni++uu7gbartzpmBa
+ HOlzRII9ZdVMFfrT2xYNgAlkne6pb6IZIN9UONuH/httENCDJ5WEpjZ48D1Lrml/HYO/W+SAMkpEq
+ QIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIE
+ NlcnRpZmljYXRlMB0GA1UdDgQWBBTB2saht/od/nis76b9m+pjxfhSPjCBoQYDVR0jBIGZMIGWgBR
+ LbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju
+ aWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExH
+ TAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAMA0GCSqGSIb3DQEBBAUAA4GBAIoGPc/AS0
+ cNkMRDNoMIzcFdF9lONMduKBiSuFvv+x8nCek+LUdXxF59V2NPKh2V5gFh5xbAchyv6FVBnpVtPdB
+ 5akCr5tdFQhuBLUXXDk/tTHGpIWt7OAjEmpuMzsz3GUB8Zf9rioHOs1DMw+GpzWdnFITxXhAqEDc3
+ quqPrpxZ
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: strongAuthenticationUser
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+userCertificate;binary:: MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDV
+ QQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTH
+ RkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhc
+ NMDMxMDE3MTYzMzE5WhcNMDQxMDE2MTYzMzE5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs
+ aWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjEYMBYGA1UEAxMPVXJzdWxhI
+ EhhbXBzdGVyMR8wHQYJKoZIhvcNAQkBFhB1aGFtQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQ
+ UAA4GNADCBiQKBgQDuxgp5ELV9LmhxWMpV7qc4028QQT3+zzFDXhruuXE7ji2n3S3ea8bOwDtJh+q
+ nsDe561DhHHHlgIjMKCiDEizYMpxvJPYEXmvp0huRkMgpKZgmel95BSkt6TYmJ0erS3aoimOHLEFi
+ mmnTLolNRMiWqNBvqwobx940PGwUWEePKQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJYIZIAYb4Q
+ gENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSjI94TbBmuDEeUUO
+ iC37EK0Uf0XjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1U
+ EBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0
+ ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAM
+ A0GCSqGSIb3DQEBBAUAA4GBAIgUcARb3OlWYNbmr1nmqESuxLn16uqI1Ot6WkcICvpkdQ+Bo+R9AP
+ 05xpoXocZtKdNvBu3FNxB/jFkiOcLU2lX7Px1Ijnsjh60qVRy9HOsHCungIKlGcnXLKHmKu0y//5j
+ ds/HnaJsGcHI5JRG7CBJbW+wrwge3trJ1xHJI8prN
+
+# (cAcertificate=*)
+dn: dc=example,dc=com
+dc: example
+objectClass: organization
+objectClass: domainRelatedObject
+objectclass: dcobject
+objectClass: extensibleObject
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+cACertificate;binary:: MIIDVDCCAr2gAwIBAgIBADANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQ
+ GEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRk
+ LjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNM
+ DMxMDE3MTYzMDQxWhcNMDQxMDE2MTYzMDQxWjB3MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaW
+ Zvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjETMBEGA1UEAxMKRXhhbXBsZSB
+ DQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+ AoGBANljUGxiisAzEiALukzt3Gj/24MRw1J0AZx6GncXLhpNJsAFyA0bYZdAzgvydKeq/uX0i5o/4
+ Byc3G71XAAcbJZxDPtrLwpDAdMNOBvKV2r67yTgnpatFLfGRt/FWazj5EbFYkorWWTe+4eEBd9VPz
+ ebHdIm+DPHipUfIAzRoNejAgMBAAGjge8wgewwHQYDVR0OBBYEFEtvIRo2JNKQ+UOwU0ctfeHA5pg
+ jMIGhBgNVHSMEgZkwgZaAFEtvIRo2JNKQ+UOwU0ctfeHA5pgjoXukeTB3MQswCQYDVQQGEwJVUzET
+ MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjETMBEGA
+ 1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22CAQAwDAYDVR0TBA
+ UwAwEB/zAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQQFAAOBgQCgXD/+28E
+ l3GXi/uxMNEKqtnIhQdTnNU4il0fZ6pcmHPFC+61Bddow90ZZZh5Gbg5ZBxFRhDXN8K/fix3ewRSj
+ ASt40dGlEODkE+FsLMt04sYl6kX7RGKg9a46DkeG+uzZnN/3252uCgh+rjNMFAglueUTERv3EtUB1
+ iXEoU3GyA==
+
+# (userCertificate=2$EMAIL=ca at example.com,CN=Example CA,O=Openldap Example\5C,
+ Ltd.,ST=California,C=US)
Added: openldap/vendor/openldap-2.3.35/tests/data/certificate.tls
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/certificate.tls (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/certificate.tls 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,205 @@
+# (userCertificate;binary=*)
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: strongAuthenticationUser
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+userCertificate;binary:: MIIDjDCCAvWgAwIBAgIBAzANBgkqhkiG9w0BAQQFADB3MQswCQYDV
+ QQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTH
+ RkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhc
+ NMDMxMDE3MTYzNTM1WhcNMDQxMDE2MTYzNTM1WjCBnjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1p
+ Y2hpZ2FuMR8wHQYDVQQKExZPcGVuTERBUCBFeGFtcGxlLCBMdGQuMRswGQYDVQQLExJBbHVtbmkgQ
+ XNzb2ljYXRpb24xEjAQBgNVBAMTCUplbiBTbWl0aDEqMCgGCSqGSIb3DQEJARYbamVuQG1haWwuYW
+ x1bW5pLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpnXWAL0VkROGO1Rg
+ 8J3u6F4F7yMqQCbUMsV9rxQisYj45+pmqiHV5urogvT4MGD6eLNFZKBn+0KRni++uu7gbartzpmBa
+ HOlzRII9ZdVMFfrT2xYNgAlkne6pb6IZIN9UONuH/httENCDJ5WEpjZ48D1Lrml/HYO/W+SAMkpEq
+ QIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIE
+ NlcnRpZmljYXRlMB0GA1UdDgQWBBTB2saht/od/nis76b9m+pjxfhSPjCBoQYDVR0jBIGZMIGWgBR
+ LbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju
+ aWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExH
+ TAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAMA0GCSqGSIb3DQEBBAUAA4GBAIoGPc/AS0
+ cNkMRDNoMIzcFdF9lONMduKBiSuFvv+x8nCek+LUdXxF59V2NPKh2V5gFh5xbAchyv6FVBnpVtPdB
+ 5akCr5tdFQhuBLUXXDk/tTHGpIWt7OAjEmpuMzsz3GUB8Zf9rioHOs1DMw+GpzWdnFITxXhAqEDc3
+ quqPrpxZ
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: strongAuthenticationUser
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+userCertificate;binary:: MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDV
+ QQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTH
+ RkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhc
+ NMDMxMDE3MTYzMzE5WhcNMDQxMDE2MTYzMzE5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs
+ aWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjEYMBYGA1UEAxMPVXJzdWxhI
+ EhhbXBzdGVyMR8wHQYJKoZIhvcNAQkBFhB1aGFtQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQ
+ UAA4GNADCBiQKBgQDuxgp5ELV9LmhxWMpV7qc4028QQT3+zzFDXhruuXE7ji2n3S3ea8bOwDtJh+q
+ nsDe561DhHHHlgIjMKCiDEizYMpxvJPYEXmvp0huRkMgpKZgmel95BSkt6TYmJ0erS3aoimOHLEFi
+ mmnTLolNRMiWqNBvqwobx940PGwUWEePKQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJYIZIAYb4Q
+ gENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSjI94TbBmuDEeUUO
+ iC37EK0Uf0XjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1U
+ EBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0
+ ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAM
+ A0GCSqGSIb3DQEBBAUAA4GBAIgUcARb3OlWYNbmr1nmqESuxLn16uqI1Ot6WkcICvpkdQ+Bo+R9AP
+ 05xpoXocZtKdNvBu3FNxB/jFkiOcLU2lX7Px1Ijnsjh60qVRy9HOsHCungIKlGcnXLKHmKu0y//5j
+ ds/HnaJsGcHI5JRG7CBJbW+wrwge3trJ1xHJI8prN
+
+# (cAcertificate=*)
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectclass: dcobject
+objectClass: extensibleObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+cACertificate;binary:: MIIDVDCCAr2gAwIBAgIBADANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQ
+ GEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRk
+ LjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNM
+ DMxMDE3MTYzMDQxWhcNMDQxMDE2MTYzMDQxWjB3MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaW
+ Zvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjETMBEGA1UEAxMKRXhhbXBsZSB
+ DQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+ AoGBANljUGxiisAzEiALukzt3Gj/24MRw1J0AZx6GncXLhpNJsAFyA0bYZdAzgvydKeq/uX0i5o/4
+ Byc3G71XAAcbJZxDPtrLwpDAdMNOBvKV2r67yTgnpatFLfGRt/FWazj5EbFYkorWWTe+4eEBd9VPz
+ ebHdIm+DPHipUfIAzRoNejAgMBAAGjge8wgewwHQYDVR0OBBYEFEtvIRo2JNKQ+UOwU0ctfeHA5pg
+ jMIGhBgNVHSMEgZkwgZaAFEtvIRo2JNKQ+UOwU0ctfeHA5pgjoXukeTB3MQswCQYDVQQGEwJVUzET
+ MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjETMBEGA
+ 1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22CAQAwDAYDVR0TBA
+ UwAwEB/zAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQQFAAOBgQCgXD/+28E
+ l3GXi/uxMNEKqtnIhQdTnNU4il0fZ6pcmHPFC+61Bddow90ZZZh5Gbg5ZBxFRhDXN8K/fix3ewRSj
+ ASt40dGlEODkE+FsLMt04sYl6kX7RGKg9a46DkeG+uzZnN/3252uCgh+rjNMFAglueUTERv3EtUB1
+ iXEoU3GyA==
+
+# (userCertificate=2$EMAIL=ca at example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US)
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: strongAuthenticationUser
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+userCertificate;binary:: MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDV
+ QQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTH
+ RkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhc
+ NMDMxMDE3MTYzMzE5WhcNMDQxMDE2MTYzMzE5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs
+ aWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjEYMBYGA1UEAxMPVXJzdWxhI
+ EhhbXBzdGVyMR8wHQYJKoZIhvcNAQkBFhB1aGFtQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQ
+ UAA4GNADCBiQKBgQDuxgp5ELV9LmhxWMpV7qc4028QQT3+zzFDXhruuXE7ji2n3S3ea8bOwDtJh+q
+ nsDe561DhHHHlgIjMKCiDEizYMpxvJPYEXmvp0huRkMgpKZgmel95BSkt6TYmJ0erS3aoimOHLEFi
+ mmnTLolNRMiWqNBvqwobx940PGwUWEePKQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJYIZIAYb4Q
+ gENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSjI94TbBmuDEeUUO
+ iC37EK0Uf0XjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1U
+ EBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0
+ ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAM
+ A0GCSqGSIb3DQEBBAUAA4GBAIgUcARb3OlWYNbmr1nmqESuxLn16uqI1Ot6WkcICvpkdQ+Bo+R9AP
+ 05xpoXocZtKdNvBu3FNxB/jFkiOcLU2lX7Px1Ijnsjh60qVRy9HOsHCungIKlGcnXLKHmKu0y//5j
+ ds/HnaJsGcHI5JRG7CBJbW+wrwge3trJ1xHJI8prN
+
+# (userCertificate:certificateExactMatch:=3$EMAIL=ca at example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US)
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: strongAuthenticationUser
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+userCertificate;binary:: MIIDjDCCAvWgAwIBAgIBAzANBgkqhkiG9w0BAQQFADB3MQswCQYDV
+ QQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTH
+ RkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhc
+ NMDMxMDE3MTYzNTM1WhcNMDQxMDE2MTYzNTM1WjCBnjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1p
+ Y2hpZ2FuMR8wHQYDVQQKExZPcGVuTERBUCBFeGFtcGxlLCBMdGQuMRswGQYDVQQLExJBbHVtbmkgQ
+ XNzb2ljYXRpb24xEjAQBgNVBAMTCUplbiBTbWl0aDEqMCgGCSqGSIb3DQEJARYbamVuQG1haWwuYW
+ x1bW5pLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpnXWAL0VkROGO1Rg
+ 8J3u6F4F7yMqQCbUMsV9rxQisYj45+pmqiHV5urogvT4MGD6eLNFZKBn+0KRni++uu7gbartzpmBa
+ HOlzRII9ZdVMFfrT2xYNgAlkne6pb6IZIN9UONuH/httENCDJ5WEpjZ48D1Lrml/HYO/W+SAMkpEq
+ QIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIE
+ NlcnRpZmljYXRlMB0GA1UdDgQWBBTB2saht/od/nis76b9m+pjxfhSPjCBoQYDVR0jBIGZMIGWgBR
+ LbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju
+ aWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExH
+ TAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAMA0GCSqGSIb3DQEBBAUAA4GBAIoGPc/AS0
+ cNkMRDNoMIzcFdF9lONMduKBiSuFvv+x8nCek+LUdXxF59V2NPKh2V5gFh5xbAchyv6FVBnpVtPdB
+ 5akCr5tdFQhuBLUXXDk/tTHGpIWt7OAjEmpuMzsz3GUB8Zf9rioHOs1DMw+GpzWdnFITxXhAqEDc3
+ quqPrpxZ
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectclass: dcobject
+objectClass: extensibleObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+cACertificate;binary:: MIIDVDCCAr2gAwIBAgIBADANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQ
+ GEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRk
+ LjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNM
+ DMxMDE3MTYzMDQxWhcNMDQxMDE2MTYzMDQxWjB3MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaW
+ Zvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjETMBEGA1UEAxMKRXhhbXBsZSB
+ DQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+ AoGBANljUGxiisAzEiALukzt3Gj/24MRw1J0AZx6GncXLhpNJsAFyA0bYZdAzgvydKeq/uX0i5o/4
+ Byc3G71XAAcbJZxDPtrLwpDAdMNOBvKV2r67yTgnpatFLfGRt/FWazj5EbFYkorWWTe+4eEBd9VPz
+ ebHdIm+DPHipUfIAzRoNejAgMBAAGjge8wgewwHQYDVR0OBBYEFEtvIRo2JNKQ+UOwU0ctfeHA5pg
+ jMIGhBgNVHSMEgZkwgZaAFEtvIRo2JNKQ+UOwU0ctfeHA5pgjoXukeTB3MQswCQYDVQQGEwJVUzET
+ MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjETMBEGA
+ 1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22CAQAwDAYDVR0TBA
+ UwAwEB/zAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQQFAAOBgQCgXD/+28E
+ l3GXi/uxMNEKqtnIhQdTnNU4il0fZ6pcmHPFC+61Bddow90ZZZh5Gbg5ZBxFRhDXN8K/fix3ewRSj
+ ASt40dGlEODkE+FsLMt04sYl6kX7RGKg9a46DkeG+uzZnN/3252uCgh+rjNMFAglueUTERv3EtUB1
+ iXEoU3GyA==
+
+# (cAcertificate;binary:certificateMatch:=\30\82\03\54\30\82\02\bd\a0\03\02\01\02\02\01\00\30\0d\06\09\2a\86\48\86\f7\0d\01\01\04\05\00\30\77\31\0b\30\09\06\03\55\04\06\13\02\55\53\31\13\30\11\06\03\55\04\08\13\0a\43\61\6c\69\66\6f\72\6e\69\61\31\1f\30\1d\06\03\55\04\0a\13\16\4f\70\65\6e\4c\44\41\50\20\45\78\61\6d\70\6c\65\2c\20\4c\74\64\2e\31\13\30\11\06\03\55\04\03\13\0a\45\78\61\6d\70\6c\65\20\43\41\31\1d\30\1b\06\09\2a\86\48\86\f7\0d\01\09\01\16\0e\63\61\40\65\78\61\6d\70\6c\65\2e\63\6f\6d\30\1e\17\0d\30\33\31\30\31\37\31\36\33\30\34\31\5a\17\0d\30\34\31\30\31\36\31\36\33\30\34\31\5a\30\77\31\0b\30\09\06\03\55\04\06\13\02\55\53\31\13\30\11\06\03\55\04\08\13\0a\43\61\6c\69\66\6f\72\6e\69\61\31\1f\30\1d\06\03\55\04\0a\13\16\4f\70\65\6e\4c\44\41\50\20\45\78\61\6d\70\6c\65\2c\20\4c\74\64\2e\31\13\30\11\06\03\55\04\03\13\0a\45\78\61\6d\70\6c\65\20\43\41\31\1d\30\1b\06\09\2a\86\48\86\f7\0d\01\09\01\16\0e\63\61\40\65\78\61\6d\70\6c\65\2e\63\6f\6d\30\81\9f\30\0d\06\09\2a\86\48\86\f7\0d\01\01\01\05\00\03\81\8d\00\30\81\89\02\81\81\00\d9\63\50\6c\62\8a\c0\33\12\20\0b\ba\4c\ed\dc\68\ff\db\83\11\c3\52\74\01\9c\7a\1a\77\17\2e\1a\4d\26\c0\05\c8\0d\1b\61\97\40\ce\0b\f2\74\a7\aa\fe\e5\f4\8b\9a\3f\e0\1c\9c\dc\6e\f5\5c\00\1c\6c\96\71\0c\fb\6b\2f\0a\43\01\d3\0d\38\1b\ca\57\6a\fa\ef\24\e0\9e\96\ad\14\b7\c6\46\df\c5\59\ac\e3\e4\46\c5\62\4a\2b\59\64\de\fb\87\84\05\df\55\3f\37\9b\1d\d2\26\f8\33\c7\8a\95\1f\20\0c\d1\a0\d7\a3\02\03\01\00\01\a3\81\ef\30\81\ec\30\1d\06\03\55\1d\0e\04\16\04\14\4b\6f\21\1a\36\24\d2\90\f9\43\b0\53\47\2d\7d\e1\c0\e6\98\23\30\81\a1\06\03\55\1d\23\04\81\99\30\81\96\80\14\4b\6f\21\1a\36\24\d2\90\f9\43\b0\53\47\2d\7d\e1\c0\e6\98\23\a1\7b\a4\79\30\77\31\0b\30\09\06\03\55\04\06\13\02\55\53\31\13\30\11\06\03\55\04\08\13\0a\43\61\6c\69\66\6f\72\6e\69\61\31\1f\30\1d\06\03\55\04\0a\13\16\4f\70\65\6e\4c\44\41\50\20\45\78\61\6d\70\6c\65\2c\20\4c\74\64\2e\31\13\30\11\06\03\55\04\03\13\0a\45\78\61\6d\70\6c\65\20\43\41\31\1d\30\1b\06\09\2a\86\48\86\f7\0d\01\09\01\16\0e\63\61\40\65\78\61\6d\70\6c\65\2e\63\6f\6d\82\01\00\30\0c\06\03\55\1d\13\04\05\30\03\01\01\ff\30\19\06\03\55\1d\11\04\12\30\10\81\0e\63\61\40\65\78\61\6d\70\6c\65\2e\63\6f\6d\30\0d\06\09\2a\86\48\86\f7\0d\01\01\04\05\00\03\81\81\00\a0\5c\3f\fe\db\c1\25\dc\65\e2\fe\ec\4c\34\42\aa\b6\72\21\41\d4\e7\35\4e\22\97\47\d9\ea\97\26\1c\f1\42\fb\ad\41\75\da\30\f7\46\59\66\1e\46\6e\0e\59\07\11\51\84\35\cd\f0\af\df\8b\1d\de\c1\14\a3\01\2b\78\d1\d1\a5\10\e0\e4\13\e1\6c\2c\cb\74\e2\c6\25\ea\45\fb\44\62\a0\f5\ae\3a\0e\47\86\fa\ec\d9\9c\df\f7\db\9d\ae\0a\08\7e\ae\33\4c\14\08\25\b9\e5\13\11\1b\f7\12\d5\01\d6\25\c4\a1\4d\c6\c8)
Added: openldap/vendor/openldap-2.3.35/tests/data/chain.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/chain.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/chain.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,414 @@
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: ou=Other,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Other
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
Added: openldap/vendor/openldap-2.3.35/tests/data/chainmod.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/chainmod.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/chainmod.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,393 @@
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: ou=Other,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Other
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: cn=Renamed Group,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+description: testing chain overlay writes...
+member: cn=New Group,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: Renamed Group
+
+dn: cn=Renamed User,ou=People,dc=example,dc=com
+objectClass: person
+sn: User
+description: testing chain overlay writes...
+seeAlso: cn=Renamed Group,ou=Groups,dc=example,dc=com
+cn: Renamed User
+
Added: openldap/vendor/openldap-2.3.35/tests/data/chainref.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/chainref.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/chainref.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,4 @@
+dn: ou=Other,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Other
+
Added: openldap/vendor/openldap-2.3.35/tests/data/compsearch.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/compsearch.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/compsearch.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1558 @@
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
+
+dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: charlie
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
+
+dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: charlie
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
+
+dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: charlie
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
+
+dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: charlie
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
+
+dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: charlie
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
+
+dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: charlie
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
+
+dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: charlie
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
+
+dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: charlie
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
+
+dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: charlie
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
+
+dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: charlie
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
+
+dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: charlie
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
+
+dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: charlie
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
+
+dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: charlie
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
+
+dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: charlie
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: extensibleObject
+uid:: Y2hhcmxpZSA=
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
+ QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
+ 0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
+ NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
+ KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
+ zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
+ 0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
+ uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
+ dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
+ EkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
+
Added: openldap/vendor/openldap-2.3.35/tests/data/ditcontentrules.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/ditcontentrules.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/ditcontentrules.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,18 @@
+# $OpenLDAP: pkg/ldap/tests/data/ditcontentrules.conf,v 1.4.2.3 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+ditcontentrule ( 2.5.6.4 NAME 'organization' AUX ( domainRelatedObject $ dcObject ) )
+ditcontentrule ( 2.5.6.5 NAME 'organizationalUnit' AUX extensibleObject )
+ditcontentrule ( 2.5.6.9 NAME 'groupOfNames' )
+ditcontentrule ( 2.5.6.17 NAME 'groupOfUniqueNames' )
Added: openldap/vendor/openldap-2.3.35/tests/data/dn.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/dn.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/dn.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,225 @@
+dn: dc=example,dc=com
+objectClass: domain
+objectClass: domainRelatedObject
+dc: example
+associatedDomain: example.com
+
+dn: ou=LDAPv3,dc=example,dc=com
+objectClass: organizationalUnit
+ou: LDAPv3
+description: RFC 2253 compliant DN string representation
+
+dn: cn=Must Succeed,ou=LDAPv3,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Succeed
+member: cn=Must Succeed,ou=LDAPv3,dc=example,dc=com
+member:
+member: uid=jsmith,dc=example,dc=net
+member: cn=J. Smith+ou=Sales,dc=example,dc=net
+member: cn=John Smith\2C III,dc=example,dc=net
+member: ou=Sales\3B Data\2BAlgorithms,dc=example,dc=net
+member:: Y249QmVmb3JlDUFmdGVyLGRjPWV4YW1wbGUsZGM9bmV0
+member: cn=\23John Smith\20,dc=example,dc=net
+member:: Y249THXEjWnEhw==
+member: testUUID=597ae2f6-16a6-1027-98f4-abcdefabcdef,dc=Example
+seeAlso: cn=John Smith\2C III,dc=example,dc=net
+seeAlso: ou=Sales\3B Data\2BAlgorithms,dc=example,dc=net
+seeAlso: cn=\23John Smith\20,dc=example,dc=net
+description: "member" values contain specific DN forms;
+description: "seeAlso" values contain DN forms already defined as "member",
+description: but in a different string representation;
+description: the following "description" values contain the "member" and
+description: "seeAlso" DN string representations used above.
+description: ""
+description: UID=jsmith,DC=example,DC=net
+description: OU=Sales+CN=J. Smith,DC=example,DC=net
+description: CN=John Smith\, III,DC=example,DC=net
+description: CN=John Smith\2C III,DC=example,DC=net
+description: OU=Sales\; Data\+Algorithms,DC=example,DC=net
+description: OU=Sales\3B Data\2BAlgorithms,DC=example,DC=net
+description: CN=Before\0dAfter,DC=example,DC=net
+description: CN=\23John Smith\20,DC=example,DC=net
+description: CN=\#John Smith\ ,DC=example,DC=net
+description: CN=Lu\C4\8Di\C4\87
+description: testUUID=597ae2f6-16a6-1027-98f4-abcdefABCDEF,DC=Example
+
+dn: cn=Unescaped Equals,ou=LDAPv3,dc=example,dc=com
+objectClass: groupOfNames
+cn: Unescaped Equals
+member: cn=Unescaped Equals,ou=LDAPv3,dc=example,dc=com
+member: cn=A*x\3Db is a linear algebra problem,ou=LDAPv3,dc=example,dc=com
+description: cn=A*x=b is a linear algebra problem,ou=LDAPv3,dc=example,dc=com
+ // unescaped EQUALS
+
+dn: ou=LDAPv2,dc=example,dc=com
+objectClass: organizationalUnit
+ou: LDAPv2
+description: RFC 1779 compliant DN string representation
+
+dn: cn=May Succeed 1,ou=LDAPv2,dc=example,dc=com
+objectClass: groupOfNames
+cn: May Succeed 1
+member:
+description: " " // space, quote characters (") are not part of the string
+
+dn: cn=May Succeed 3,ou=LDAPv2,dc=example,dc=com
+objectClass: groupOfNames
+cn: May Succeed 3
+member: uid=jsmith,o=example,c=US
+description: UID=jsmith, O=example, C=US // spaces
+
+dn: cn=May Succeed 4,ou=LDAPv2,dc=example,dc=com
+objectClass: groupOfNames
+cn: May Succeed 4
+member: uid=jsmith,o=example,c=US
+description: UID=jsmith;O=example;C=US // semi-colons
+
+dn: cn=May Succeed 6,ou=LDAPv2,dc=example,dc=com
+objectClass: groupOfNames
+cn: May Succeed 6
+member: cn=John Smith,o=example,c=US
+description: CN="John Smith",O=example,C=US // quotes
+
+dn: ou=Related Syntaxes,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Related Syntaxes
+
+dn: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
+objectClass: groupOfUniqueNames
+cn: Name and Optional UID
+uniqueMember: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
+uniqueMember: #'1'B
+uniqueMember: #'10'B
+uniqueMember: dc=example,dc=com#'1000'B
+uniqueMember: dc=example,dc=com#'0'B
+description: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com //
+ only DN portion
+description: #'1'B // empty "" DN
+description: #'0010'B // empty "" DN with leading '0's
+description: dc=example,dc=com#'1000'B // with DN portion
+description: dc=example,dc=com#'0'B // with DN portion and just one '0'
+
+dn: cn=Should Parse as DN,cn=Name and Optional UID,ou=Related Syntaxes,dc=exam
+ ple,dc=com
+objectClass: groupOfUniqueNames
+cn: Should Parse as DN
+uniqueMember: dc=example,dc=com#0'B
+uniqueMember: dc=example,dc=com#'0B
+uniqueMember: dc=example,dc=com '0'B
+description: dc=example,dc=com#0'B // malformed UID?
+description: dc=example,dc=com#'0B // malformed UID?
+description: dc=example,dc=com '0'B // malformed UID?
+
+dn: cn=Must Succeed,ou=LDAPv3,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Succeed
+member: cn=Must Succeed,ou=LDAPv3,dc=example,dc=com
+member:
+member: uid=jsmith,dc=example,dc=net
+member: cn=J. Smith+ou=Sales,dc=example,dc=net
+member: cn=John Smith\2C III,dc=example,dc=net
+member: ou=Sales\3B Data\2BAlgorithms,dc=example,dc=net
+member:: Y249QmVmb3JlDUFmdGVyLGRjPWV4YW1wbGUsZGM9bmV0
+member: cn=\23John Smith\20,dc=example,dc=net
+member:: Y249THXEjWnEhw==
+member: testUUID=597ae2f6-16a6-1027-98f4-abcdefabcdef,dc=Example
+seeAlso: cn=John Smith\2C III,dc=example,dc=net
+seeAlso: ou=Sales\3B Data\2BAlgorithms,dc=example,dc=net
+seeAlso: cn=\23John Smith\20,dc=example,dc=net
+description: "member" values contain specific DN forms;
+description: "seeAlso" values contain DN forms already defined as "member",
+description: but in a different string representation;
+description: the following "description" values contain the "member" and
+description: "seeAlso" DN string representations used above.
+description: ""
+description: UID=jsmith,DC=example,DC=net
+description: OU=Sales+CN=J. Smith,DC=example,DC=net
+description: CN=John Smith\, III,DC=example,DC=net
+description: CN=John Smith\2C III,DC=example,DC=net
+description: OU=Sales\; Data\+Algorithms,DC=example,DC=net
+description: OU=Sales\3B Data\2BAlgorithms,DC=example,DC=net
+description: CN=Before\0dAfter,DC=example,DC=net
+description: CN=\23John Smith\20,DC=example,DC=net
+description: CN=\#John Smith\ ,DC=example,DC=net
+description: CN=Lu\C4\8Di\C4\87
+description: testUUID=597ae2f6-16a6-1027-98f4-abcdefABCDEF,DC=Example
+
+dn: cn=Must Succeed,ou=LDAPv3,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Succeed
+member: cn=Must Succeed,ou=LDAPv3,dc=example,dc=com
+member:
+member: uid=jsmith,dc=example,dc=net
+member: cn=J. Smith+ou=Sales,dc=example,dc=net
+member: cn=John Smith\2C III,dc=example,dc=net
+member: ou=Sales\3B Data\2BAlgorithms,dc=example,dc=net
+member:: Y249QmVmb3JlDUFmdGVyLGRjPWV4YW1wbGUsZGM9bmV0
+member: cn=\23John Smith\20,dc=example,dc=net
+member:: Y249THXEjWnEhw==
+member: testUUID=597ae2f6-16a6-1027-98f4-abcdefabcdef,dc=Example
+seeAlso: cn=John Smith\2C III,dc=example,dc=net
+seeAlso: ou=Sales\3B Data\2BAlgorithms,dc=example,dc=net
+seeAlso: cn=\23John Smith\20,dc=example,dc=net
+description: "member" values contain specific DN forms;
+description: "seeAlso" values contain DN forms already defined as "member",
+description: but in a different string representation;
+description: the following "description" values contain the "member" and
+description: "seeAlso" DN string representations used above.
+description: ""
+description: UID=jsmith,DC=example,DC=net
+description: OU=Sales+CN=J. Smith,DC=example,DC=net
+description: CN=John Smith\, III,DC=example,DC=net
+description: CN=John Smith\2C III,DC=example,DC=net
+description: OU=Sales\; Data\+Algorithms,DC=example,DC=net
+description: OU=Sales\3B Data\2BAlgorithms,DC=example,DC=net
+description: CN=Before\0dAfter,DC=example,DC=net
+description: CN=\23John Smith\20,DC=example,DC=net
+description: CN=\#John Smith\ ,DC=example,DC=net
+description: CN=Lu\C4\8Di\C4\87
+description: testUUID=597ae2f6-16a6-1027-98f4-abcdefABCDEF,DC=Example
+
+dn: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
+objectClass: groupOfUniqueNames
+cn: Name and Optional UID
+uniqueMember: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
+uniqueMember: #'1'B
+uniqueMember: #'10'B
+uniqueMember: dc=example,dc=com#'1000'B
+uniqueMember: dc=example,dc=com#'0'B
+description: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com //
+ only DN portion
+description: #'1'B // empty "" DN
+description: #'0010'B // empty "" DN with leading '0's
+description: dc=example,dc=com#'1000'B // with DN portion
+description: dc=example,dc=com#'0'B // with DN portion and just one '0'
+
+dn: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
+objectClass: groupOfUniqueNames
+cn: Name and Optional UID
+uniqueMember: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
+uniqueMember: #'1'B
+uniqueMember: #'10'B
+uniqueMember: dc=example,dc=com#'1000'B
+uniqueMember: dc=example,dc=com#'0'B
+description: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com //
+ only DN portion
+description: #'1'B // empty "" DN
+description: #'0010'B // empty "" DN with leading '0's
+description: dc=example,dc=com#'1000'B // with DN portion
+description: dc=example,dc=com#'0'B // with DN portion and just one '0'
+
+dn: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
+objectClass: groupOfUniqueNames
+cn: Name and Optional UID
+uniqueMember: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
+uniqueMember: #'1'B
+uniqueMember: #'10'B
+uniqueMember: dc=example,dc=com#'1000'B
+uniqueMember: dc=example,dc=com#'0'B
+description: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com //
+ only DN portion
+description: #'1'B // empty "" DN
+description: #'0010'B // empty "" DN with leading '0's
+description: dc=example,dc=com#'1000'B // with DN portion
+description: dc=example,dc=com#'0'B // with DN portion and just one '0'
+
Added: openldap/vendor/openldap-2.3.35/tests/data/do_add.1
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/do_add.1 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/do_add.1 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,18 @@
+cn=James A Jones 2,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff, ou=Groups, dc=example,dc=com
+userpassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
Added: openldap/vendor/openldap-2.3.35/tests/data/do_add.2
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/do_add.2 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/do_add.2 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,18 @@
+cn=James A Jones 3,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 3
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff, ou=Groups, dc=example,dc=com
+userpassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
Added: openldap/vendor/openldap-2.3.35/tests/data/do_add.3
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/do_add.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/do_add.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,18 @@
+cn=James A Jones 4,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 4
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff, ou=Groups, dc=example,dc=com
+userpassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
Added: openldap/vendor/openldap-2.3.35/tests/data/do_add.4
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/do_add.4 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/do_add.4 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,18 @@
+cn=James A Jones 5,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 5
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff, ou=Groups, dc=example,dc=com
+userpassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homephone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
Added: openldap/vendor/openldap-2.3.35/tests/data/do_modify.0
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/do_modify.0 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/do_modify.0 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,8 @@
+cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+mail: bj at mailgw.example.com
+cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+cn: Björn
+cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+displayname: James Jones
+cn=ITD Staff,ou=Groups,dc=example,dc=com
+uniquemember: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
Added: openldap/vendor/openldap-2.3.35/tests/data/do_modrdn.0
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/do_modrdn.0 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/do_modrdn.0 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,4 @@
+cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com
Added: openldap/vendor/openldap-2.3.35/tests/data/do_read.0
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/do_read.0 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/do_read.0 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,5 @@
+cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+cn=ITD Staff,ou=Groups,dc=example,dc=com
+ou=Groups, dc=example,dc=com
+ou=Alumni Association, ou=People, dc=example,dc=com
+cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com
Added: openldap/vendor/openldap-2.3.35/tests/data/do_search.0
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/do_search.0 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/do_search.0 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,12 @@
+dc=example,dc=com
+cn=Barbara Jensen
+ou=people,dc=example,dc=com
+cn=Bjorn Jensen
+ou=people,dc=example,dc=com
+cn=James A Jones 1
+dc=example,dc=com
+cn=Bjorn Jensen
+dc=example,dc=com
+cn=Alumni Assoc Staff
+dc=example,dc=com
+cn=James*
Added: openldap/vendor/openldap-2.3.35/tests/data/dynlist.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/dynlist.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/dynlist.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,129 @@
+# Testing list search of all attrs...
+dn: cn=Dynamic List,ou=Dynamic Lists,dc=example,dc=com
+objectClass: groupOfURLs
+cn: Dynamic List
+cn: Barbara Jensen
+cn: Babs Jensen
+cn: Bjorn Jensen
+cn: Biiff Jensen
+cn: Dorothy Stevens
+cn: Dot Stevens
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+cn: James A Jones 2
+cn: Jane Doe
+cn: Jane Alverson
+cn: Jennifer Smith
+cn: Jen Smith
+cn: John Doe
+cn: Jonathon Doe
+cn: Mark Elliot
+cn: Mark A Elliot
+cn: Ursula Hampster
+memberURL: ldap:///ou=People,dc=example,dc=com?cn,mail?sub?(objectClass=person
+ )
+mail: bjensen at mailgw.example.com
+mail: bjorn at mailgw.example.com
+mail: dots at mail.alumni.example.com
+mail: jaj at mail.alumni.example.com
+mail: jjones at mailgw.example.com
+mail: jdoe at woof.net
+mail: jen at mail.alumni.example.com
+mail: johnd at mailgw.example.com
+mail: melliot at mail.alumni.example.com
+mail: uham at mail.alumni.example.com
+
+# Testing list search of a listed attr...
+dn: cn=Dynamic List,ou=Dynamic Lists,dc=example,dc=com
+mail: bjensen at mailgw.example.com
+mail: bjorn at mailgw.example.com
+mail: dots at mail.alumni.example.com
+mail: jaj at mail.alumni.example.com
+mail: jjones at mailgw.example.com
+mail: jdoe at woof.net
+mail: jen at mail.alumni.example.com
+mail: johnd at mailgw.example.com
+mail: melliot at mail.alumni.example.com
+mail: uham at mail.alumni.example.com
+
+# Testing list search of a non-listed attr...
+dn: cn=Dynamic List,ou=Dynamic Lists,dc=example,dc=com
+objectClass: groupOfURLs
+
+# Testing list search with (critical) manageDSAit...
+dn: cn=Dynamic List,ou=Dynamic Lists,dc=example,dc=com
+objectClass: groupOfURLs
+cn: Dynamic List
+memberURL: ldap:///ou=People,dc=example,dc=com?cn,mail?sub?(objectClass=person
+ )
+
+# Testing list compare...
+TRUE
+
+# Testing list compare (should return FALSE)...
+FALSE
+
+# Testing list compare (should return UNDEFINED)...
+Compare Result: No such attribute (16)
+UNDEFINED
+
+# Testing list compare with manageDSAit...
+FALSE
+
+# Testing list search of all attrs...
+dn: cn=Dynamic List of Members,ou=Dynamic Lists,dc=example,dc=com
+objectClass: groupOfURLs
+cn: Dynamic List of Members
+memberURL: ldap:///ou=People,dc=example,dc=com??sub?(objectClass=person)
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+
+# Testing list search of a listed attr...
+dn: cn=Dynamic List of Members,ou=Dynamic Lists,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+
+# Testing list search of a non-listed attr...
+dn: cn=Dynamic List of Members,ou=Dynamic Lists,dc=example,dc=com
+objectClass: groupOfURLs
+
+# Testing list search with (critical) manageDSAit...
+dn: cn=Dynamic List of Members,ou=Dynamic Lists,dc=example,dc=com
+objectClass: groupOfURLs
+cn: Dynamic List of Members
+memberURL: ldap:///ou=People,dc=example,dc=com??sub?(objectClass=person)
+
+# Testing list compare...
+TRUE
+
+# Testing list compare (should return FALSE)...
+FALSE
+
+# Testing list compare with manageDSAit...
+FALSE
+
Added: openldap/vendor/openldap-2.3.35/tests/data/emptydn.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/emptydn.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/emptydn.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,28 @@
+dn: c=US
+objectClass: country
+c: US
+
+dn: o=Example,c=US
+objectClass: organization
+o: Example
+o: Example, Inc.
+
+dn: c=UK
+objectClass: country
+c: UK
+
+dn: o=Example,c=UK
+objectClass: organization
+o: Example
+o: Example, Ltd.
+
+dn: c=IT
+objectClass: country
+c: IT
+
+dn: o=Esempio,c=IT
+objectClass: organization
+o: Esempio
+o: Esempio S.p.A.
+o: Example
+
Added: openldap/vendor/openldap-2.3.35/tests/data/emptydn.out.slapadd
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/emptydn.out.slapadd (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/emptydn.out.slapadd 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,38 @@
+dn: c=US
+objectClass: country
+c: US
+
+dn: o=Example,c=US
+objectClass: organization
+o: Example
+o: Example, Inc.
+
+dn: c=UK
+objectClass: country
+c: UK
+
+dn: o=Example,c=UK
+objectClass: organization
+o: Example
+o: Example, Ltd.
+
+dn: c=IT
+objectClass: country
+c: IT
+
+dn: o=Esempio,c=IT
+objectClass: organization
+o: Esempio
+o: Esempio S.p.A.
+o: Example
+
+dn: c=DE
+objectClass: country
+c: DE
+
+dn: o=Beispiel,c=DE
+objectClass: organization
+o: Beispiel
+o: Beispiel GmbH
+o: Example
+
Added: openldap/vendor/openldap-2.3.35/tests/data/gluesync.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/gluesync.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/gluesync.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,410 @@
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
Added: openldap/vendor/openldap-2.3.35/tests/data/idassert.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/idassert.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/idassert.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,59 @@
+dn: o=Example,c=US
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: ou=People,o=Example,c=US
+objectClass: organizationalUnit
+ou: People
+
+dn: uid=bjorn,ou=People,o=Example,c=US
+objectClass: inetOrgPerson
+cn: Bjorn Jensen
+sn: Jensen
+uid: bjorn
+mail: bjorn at example.com
+description: ***
+
+dn: uid=bjensen,ou=People,o=Example,c=US
+objectClass: inetOrgPerson
+cn: Barbara Jensen
+sn: Jensen
+uid: bjensen
+mail: bjensen at example.com
+description: ***
+
+dn: ou=Groups,o=Example,c=US
+objectClass: organizationalUnit
+ou: Groups
+
+dn: cn=All,ou=Groups,o=Example,c=US
+objectClass: groupOfNames
+cn: All
+member: uid=bjorn,ou=People,o=Example,c=US
+member: uid=bjensen,ou=People,o=Example,c=US
+
+dn: cn=Authorizable,ou=Groups,o=Example,c=US
+objectClass: groupOfNames
+cn: Authorizable
+member: uid=bjorn,ou=People,o=Example,c=US
+
+dn: ou=Admin,o=Example,c=US
+objectClass: organizationalUnit
+ou: Admin
+
+dn: cn=Proxy US,ou=Admin,o=Example,c=US
+objectClass: applicationProcess
+objectClass: simpleSecurityObject
+cn: Proxy US
+
+dn: cn=Proxy IT,ou=Admin,o=Example,c=US
+objectClass: applicationProcess
+objectClass: simpleSecurityObject
+cn: Proxy IT
+
+dn: cn=Sandbox,ou=Admin,o=Example,c=US
+objectClass: applicationProcess
+cn: Sandbox
+
Added: openldap/vendor/openldap-2.3.35/tests/data/lang-out.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/lang-out.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/lang-out.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,35 @@
+dn: dc=example,dc=com
+dc: example
+objectClass: organization
+objectClass: extensibleObject
+o: Example, Inc.
+o;lang-x;lang-xx;lang-y;lang-yy;lang-z;lang-zz: Example, Inc.
+name;lang-en-us: Billy Ray
+name;lang-en-us: Billy Bob
+cn;lang-en-us: Billy Ray
+name: Billy Ray
+sn;lang-en-gb;lang-en-us: Billy Ray
+sn: Ray
+
+dn: dc=example,dc=com
+o: Example, Inc.
+o;lang-x;lang-xx;lang-y;lang-yy;lang-z;lang-zz: Example, Inc.
+name;lang-en-us: Billy Ray
+name;lang-en-us: Billy Bob
+cn;lang-en-us: Billy Ray
+name: Billy Ray
+sn;lang-en-gb;lang-en-us: Billy Ray
+sn: Ray
+
+dn: dc=example,dc=com
+name;lang-en-us: Billy Ray
+name;lang-en-us: Billy Bob
+cn;lang-en-us: Billy Ray
+sn;lang-en-gb;lang-en-us: Billy Ray
+
+dn: dc=example,dc=com
+name;lang-en-us: Billy Ray
+name;lang-en-us: Billy Bob
+cn;lang-en-us: Billy Ray
+sn;lang-en-gb;lang-en-us: Billy Ray
+
Added: openldap/vendor/openldap-2.3.35/tests/data/ldapglue.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/ldapglue.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/ldapglue.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,51 @@
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: cn=All,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: All
+member: uid=bjorn,ou=People,dc=example,dc=com
+member: uid=bjensen,ou=People,dc=example,dc=com
+
+dn: cn=ITD,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: ITD
+member: uid=bjorn,ou=People,dc=example,dc=com
+
+dn: uid=proxy,ou=Groups,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Proxy
+sn: Proxy
+uid: proxy
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: People
+
+dn: uid=bjorn,ou=People,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Bjorn Jensen
+sn: Jensen
+uid: bjorn
+mail: bjorn at example.com
+
+dn: uid=bjensen,ou=People,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Barbara Jensen
+sn: Jensen
+uid: bjensen
+mail: bjensen at example.com
+
+dn: uid=proxy,ou=People,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Proxy
+sn: Proxy
+uid: proxy
+
Added: openldap/vendor/openldap-2.3.35/tests/data/ldapglueanonymous.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/ldapglueanonymous.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/ldapglueanonymous.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,6 @@
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
Added: openldap/vendor/openldap-2.3.35/tests/data/manage.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/manage.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/manage.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,507 @@
+dn: cn=All Staff,dc=example,dc=com
+objectClass: groupOfNames
+cn: All Staff
+member:
+creatorsName: cn=Someone
+modifiersName: cn=Someone Else
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+objectClass: obsoletePerson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+creatorsName: cn=Manager,dc=example,dc=com
+testObsolete: TRUE
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+creatorsName: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc
+ =example,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+creatorsName: cn=Manager,dc=example,dc=com
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+creatorsName: cn=Manager,dc=example,dc=com
+modifyTimestamp: 19700101000000Z
+createTimestamp: 19700101000000Z
+modifiersName: cn=Manager,dc=example,dc=com
+
+dn: cn=All Staff,dc=example,dc=com
+objectClass: groupOfNames
+cn: All Staff
+member:
+entryUUID: badbadef-dbad-1029-92f7-badbadbadbad
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+entryUUID: badbadba-dbad-1029-92f7-badbadbadbad
+
Added: openldap/vendor/openldap-2.3.35/tests/data/meta.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/meta.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/meta.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1444 @@
+# searching base="o=Example,c=US"...
+dn: cn=All Staff,ou=Groups,o=Example,c=US
+member: cn=Manager,o=Example,c=US
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Examp
+ le,c=US
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=John Doe,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Exam
+ ple,c=US
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example
+ ,c=US
+owner: cn=Manager,o=Example,c=US
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,o=Example,c=US
+member: cn=Manager,o=Example,c=US
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+owner: cn=Manager,o=Example,c=US
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Example,c
+ =US
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dan Aykroyd,ou=Meta,o=Example,c=US
+objectClass: inetOrgPerson
+cn: Dan Aykroyd
+sn: Aykroyd
+userPassword:: ZWx3b29k
+description: Elwood Blues
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: o=Example,c=US
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=Groups,o=Example,c=US
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Information Technology Division,ou=People,o=Example,c=US
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=ITD Staff,ou=Groups,o=Example,c=US
+owner: cn=Manager,o=Example,c=US
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Example,
+ c=US
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Belushi,ou=Meta,o=Example,c=US
+objectClass: inetOrgPerson
+cn: John Belushi
+sn: Belushi
+userPassword:: amFjaw==
+description: Joliet Jack Blues
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,o=Example,c=US
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: ou=Meta,o=Example,c=US
+objectClass: organizationalUnit
+ou: Meta
+
+dn: ou=People,o=Example,c=US
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
+# refldap://localhost:9016/cn=Somewhere,ou=Meta,dc=example,dc=com??sub
+
+# searching base="ou=Meta,o=Example,c=US"...
+dn: cn=Dan Aykroyd,ou=Meta,o=Example,c=US
+objectClass: inetOrgPerson
+cn: Dan Aykroyd
+sn: Aykroyd
+userPassword:: ZWx3b29k
+description: Elwood Blues
+
+dn: cn=John Belushi,ou=Meta,o=Example,c=US
+objectClass: inetOrgPerson
+cn: John Belushi
+sn: Belushi
+userPassword:: amFjaw==
+description: Joliet Jack Blues
+
+dn: ou=Meta,o=Example,c=US
+objectClass: organizationalUnit
+ou: Meta
+
+# refldap://localhost:9016/cn=Somewhere,ou=Meta,dc=example,dc=com??sub
+
+# searching base="o=Example,c=US"...
+dn: cn=Added Group,ou=Groups,o=Example,c=US
+objectClass: groupOfNames
+cn: Added Group
+member: cn=Added Group,ou=Groups,o=Example,c=US
+
+dn: cn=Added User,ou=Same as above,ou=Meta,o=Example,c=US
+objectClass: inetOrgPerson
+cn: Added User
+sn: User
+userPassword:: c2VjcmV0
+
+dn: cn=All Staff,ou=Groups,o=Example,c=US
+member: cn=Manager,o=Example,c=US
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Examp
+ le,c=US
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=John Doe,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Exam
+ ple,c=US
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example
+ ,c=US
+owner: cn=Manager,o=Example,c=US
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,o=Example,c=US
+member: cn=Manager,o=Example,c=US
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+owner: cn=Manager,o=Example,c=US
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: cn=Another Added Group,ou=Groups,o=Example,c=US
+objectClass: groupOfNames
+objectClass: uidObject
+cn: Another Added Group
+member: cn=Added Group,ou=Groups,o=Example,c=US
+member: cn=Another Added Group,ou=Groups,o=Example,c=US
+uid: added
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Example,c
+ =US
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dan Aykroyd,ou=Meta,o=Example,c=US
+objectClass: inetOrgPerson
+cn: Dan Aykroyd
+sn: Aykroyd
+userPassword:: ZWx3b29k
+description: Elwood Blues
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: o=Example,c=US
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=Groups,o=Example,c=US
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Information Technology Division,ou=People,o=Example,c=US
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=ITD Staff,ou=Groups,o=Example,c=US
+owner: cn=Manager,o=Example,c=US
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Example,
+ c=US
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Belushi,ou=Meta,o=Example,c=US
+objectClass: inetOrgPerson
+cn: John Belushi
+sn: Belushi
+userPassword:: amFjaw==
+description: Joliet Jack Blues
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,o=Example,c=US
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: ou=Meta,o=Example,c=US
+objectClass: organizationalUnit
+ou: Meta
+description: added to "ou=Meta,o=Example,c=US"
+
+dn: ou=People,o=Example,c=US
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: ou=Same as above,o=Example,c=US
+objectClass: organizationalUnit
+ou: Same as above
+description: added right after "Who's going to handle this?"
+description: will be preserved
+
+dn: ou=Same as above,ou=Meta,o=Example,c=US
+objectClass: organizationalUnit
+ou: Same as above
+description: added right after "Who's going to handle this?"
+description: will be preserved
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
+# refldap://localhost:9016/cn=Somewhere,ou=Meta,dc=example,dc=com??sub
+
+# base="o=Example,c=US"...
+dn: cn=Added Group,ou=Groups,o=Example,c=US
+objectClass: groupOfNames
+cn: Added Group
+member: cn=Added Group,ou=Groups,o=Example,c=US
+
+dn: cn=Added User,ou=Same as above,ou=Meta,o=Example,c=US
+objectClass: inetOrgPerson
+cn: Added User
+sn: User
+userPassword:: c2VjcmV0
+
+dn: cn=All Staff,ou=Groups,o=Example,c=US
+member: cn=Manager,o=Example,c=US
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Examp
+ le,c=US
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=John Doe,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Exam
+ ple,c=US
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example
+ ,c=US
+owner: cn=Manager,o=Example,c=US
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,o=Example,c=US
+member: cn=Manager,o=Example,c=US
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+owner: cn=Manager,o=Example,c=US
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: cn=Another Added Group,ou=Groups,o=Example,c=US
+objectClass: groupOfNames
+objectClass: uidObject
+cn: Another Added Group
+member: cn=Added Group,ou=Groups,o=Example,c=US
+member: cn=Another Added Group,ou=Groups,o=Example,c=US
+uid: added
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Example,c
+ =US
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dan Aykroyd,ou=Meta,o=Example,c=US
+objectClass: inetOrgPerson
+cn: Dan Aykroyd
+sn: Aykroyd
+userPassword:: ZWx3b29k
+description: Elwood Blues
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: o=Example,c=US
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=Groups,o=Example,c=US
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Information Technology Division,ou=People,o=Example,c=US
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=ITD Staff,ou=Groups,o=Example,c=US
+owner: cn=Manager,o=Example,c=US
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Example,
+ c=US
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Belushi,ou=Meta,o=Example,c=US
+objectClass: inetOrgPerson
+cn: John Belushi
+sn: Belushi
+userPassword:: amFjaw==
+description: Joliet Jack Blues
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,o=Example,c=US
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: ou=Meta,o=Example,c=US
+objectClass: organizationalUnit
+ou: Meta
+description: added to "ou=Meta,o=Example,c=US"
+
+dn: ou=People,o=Example,c=US
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: ou=Same as above,o=Example,c=US
+objectClass: organizationalUnit
+ou: Same as above
+description: added right after "Who's going to handle this?"
+description: will be preserved
+
+dn: ou=Same as above,ou=Meta,o=Example,c=US
+objectClass: organizationalUnit
+ou: Same as above
+description: added right after "Who's going to handle this?"
+description: will be preserved
+
+dn: cn=Somewhere,ou=Meta,o=Example,c=US
+objectClass: referral
+objectClass: extensibleObject
+cn: Somewhere
+ref: ldap://localhost:9016
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
+# searching filter="(seeAlso=cn=all staff,ou=Groups,o=Example,c=US)"
+# attrs="seeAlso"
+# base="o=Example,c=US"...
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Example,c
+ =US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Example,
+ c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,o=Example,c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+# refldap://localhost:9016/cn=Somewhere,ou=Meta,dc=example,dc=com??sub
+
+# searching filter="(uid=example)"
+# attrs="uid"
+# base="o=Example,c=US"...
+# refldap://localhost:9016/cn=Somewhere,ou=Meta,dc=example,dc=com??sub
+
+# searching filter="(member=cn=Another Added Group,ou=Groups,o=Example,c=US)"
+# attrs="member"
+# base="o=Example,c=US"...
+dn: cn=Another Added Group,ou=Groups,o=Example,c=US
+member: cn=Added Group,ou=Groups,o=Example,c=US
+member: cn=Another Added Group,ou=Groups,o=Example,c=US
+
+# refldap://localhost:9016/cn=Somewhere,ou=Meta,dc=example,dc=com??sub
+
+# searching filter="(member=cn=Another Added Group,ou=Groups,o=Example,c=US)"
+# attrs="member"
+# base="o=Example,c=US"
+# with a timed out connection...
+dn: cn=Another Added Group,ou=Groups,o=Example,c=US
+member: cn=Added Group,ou=Groups,o=Example,c=US
+member: cn=Another Added Group,ou=Groups,o=Example,c=US
+
+# refldap://localhost:9016/cn=Somewhere,ou=Meta,dc=example,dc=com??sub
+
Added: openldap/vendor/openldap-2.3.35/tests/data/metaconcurrency.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/metaconcurrency.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/metaconcurrency.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,430 @@
+dn: cn=All Staff,ou=Groups,o=Example,c=US
+member: cn=Manager,o=Example,c=US
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Examp
+ le,c=US
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=John Doe,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Exam
+ ple,c=US
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example
+ ,c=US
+owner: cn=Manager,o=Example,c=US
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,o=Example,c=US
+member: cn=Manager,o=Example,c=US
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+owner: cn=Manager,o=Example,c=US
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Example,c
+ =US
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dan Aykroyd,ou=Meta,o=Example,c=US
+objectClass: inetOrgPerson
+cn: Dan Aykroyd
+sn: Aykroyd
+userPassword:: ZWx3b29k
+description: Elwood Blues
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: o=Example,c=US
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=Groups,o=Example,c=US
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Information Technology Division,ou=People,o=Example,c=US
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=ITD Staff,ou=Groups,o=Example,c=US
+owner: cn=Manager,o=Example,c=US
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Example,
+ c=US
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Belushi,ou=Meta,o=Example,c=US
+objectClass: inetOrgPerson
+cn: John Belushi
+sn: Belushi
+userPassword:: amFjaw==
+description: Joliet Jack Blues
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,o=Example,c=US
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: ou=Meta,o=Example,c=US
+objectClass: organizationalUnit
+ou: Meta
+
+dn: ou=People,o=Example,c=US
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
+# refldap://localhost:9016/cn=Somewhere,ou=Meta,dc=example,dc=com??sub
+
Added: openldap/vendor/openldap-2.3.35/tests/data/modify.out.master
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/modify.out.master (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/modify.out.master 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,396 @@
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+objectClass: groupOfNames
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+description: The replaced multiLineDescription $ Blah Woof.
+drink: Iced Tea
+drink: Mad Dog 20/20
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: cn=Gern Jensen,ou=Information Technology Division,ou=People,dc=example,dc=
+ com
+objectClass: testPerson
+cn: Gern Jensen
+sn: Jensen
+uid: gjensen
+title: Chief Investigator, ITD
+postalAddress: ITD $ 535 W. William St $ Anytown, MI 48103
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Coffee
+homePostalAddress: 844 Brown St. Apt. 4 $ Anytown, MI 48104
+description: Very odd
+facsimileTelephoneNumber: +1 313 555 7557
+telephoneNumber: +1 313 555 8343
+mail: gjensen at mailgw.example.com
+homePhone: +1 313 555 8844
+testTime: 20050304001801.234Z
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+uniqueMember: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc
+ =com
+uniqueMember: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc
+ =com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+drink: Orange Juice
+sn: Jones
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 1
+gidNumber: -1
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
Added: openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.0
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.0 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.0 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,411 @@
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones II,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+objectClass: OpenLDAPperson
+cn: James Jones
+cn: Jim Jones
+cn: James A Jones II
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=James A Jones III,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+cn: James A Jones III
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
Added: openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.1
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.1 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.1 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,20 @@
+dn: cn=James A Jones III,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+cn: James A Jones III
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
Added: openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.2
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.2 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.2 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,19 @@
+dn: cn=James A Jones II,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+objectClass: OpenLDAPperson
+cn: James Jones
+cn: Jim Jones
+cn: James A Jones II
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
Added: openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.3
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/modrdn.out.master.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,19 @@
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
Added: openldap/vendor/openldap-2.3.35/tests/data/nis_sample.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/nis_sample.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/nis_sample.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,8092 @@
+dn: o=SGI, c=US
+o: SGI
+objectclass: organization
+objectclass: top
+
+dn: cn=sys, o=SGI, c=US
+cn: sys
+userPassword:
+gidNumber: 0
+memberUid: root
+memberUid: bin
+memberUid: sys
+memberUid: adm
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=root, o=SGI, c=US
+cn: root
+userPassword:
+gidNumber: 0
+memberUid: root
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=daemon, o=SGI, c=US
+cn: daemon
+userPassword:
+gidNumber: 1
+memberUid: root
+memberUid: daemon
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=bin, o=SGI, c=US
+cn: bin
+userPassword:
+gidNumber: 2
+memberUid: root
+memberUid: bin
+memberUid: daemon
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=adm, o=SGI, c=US
+cn: adm
+userPassword:
+gidNumber: 3
+memberUid: root
+memberUid: adm
+memberUid: daemon
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=mail, o=SGI, c=US
+cn: mail
+userPassword:
+gidNumber: 4
+memberUid: root
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=uucp, o=SGI, c=US
+cn: uucp
+userPassword:
+gidNumber: 5
+memberUid: uucp
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=rje, o=SGI, c=US
+cn: rje
+userPassword:
+gidNumber: 8
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=lp, o=SGI, c=US
+cn: lp
+userPassword: *
+gidNumber: 9
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=nuucp, o=SGI, c=US
+cn: nuucp
+userPassword:
+gidNumber: 10
+memberUid: nuucp
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=user, o=SGI, c=US
+cn: user
+userPassword:
+gidNumber: 20
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=CMWlogin, o=SGI, c=US
+cn: CMWlogin
+userPassword:
+gidNumber: 994
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=other, o=SGI, c=US
+cn: other
+userPassword:
+gidNumber: 995
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=demos, o=SGI, c=US
+cn: demos
+userPassword: *
+gidNumber: 997
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=guest, o=SGI, c=US
+cn: guest
+userPassword: *
+gidNumber: 998
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=nobody, o=SGI, c=US
+cn: nobody
+userPassword: *
+gidNumber: 60001
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=mt-everest, o=SGI, c=US
+cn: mt-everest
+cn: mt-everest.engr.sgi.com
+cn: mt-everest
+ipHostNumber: 150.166.97.201
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=IRIS, o=SGI, c=US
+cn: IRIS
+cn: IRIS
+ipHostNumber: 192.0.2.1
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=localhost, o=SGI, c=US
+cn: localhost
+cn: localhost
+ipHostNumber: 127.0.0.1
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=all-systems, o=SGI, c=US
+cn: all-systems
+cn: all-systems.mcast.net
+ipHostNumber: 224.0.0.1
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=all-routers, o=SGI, c=US
+cn: all-routers
+cn: all-routers.mcast.net
+ipHostNumber: 224.0.0.2
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=dvmrp, o=SGI, c=US
+cn: dvmrp
+cn: dvmrp.mcast.net
+ipHostNumber: 224.0.0.4
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=ospf-all, o=SGI, c=US
+cn: ospf-all
+cn: ospf-all.mcast.net
+ipHostNumber: 224.0.0.5
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=ospf-dsig, o=SGI, c=US
+cn: ospf-dsig
+cn: ospf-dsig.mcast.net
+ipHostNumber: 224.0.0.6
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=ntp, o=SGI, c=US
+cn: ntp
+cn: ntp.mcast.net
+ipHostNumber: 224.0.1.1
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=sgi-dog, o=SGI, c=US
+cn: sgi-dog
+cn: sgi-dog.mcast.net
+ipHostNumber: 224.0.1.2
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=rwhod, o=SGI, c=US
+cn: rwhod
+cn: rwhod.mcast.net
+ipHostNumber: 224.0.1.3
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=rwho, o=SGI, c=US
+cn: rwho
+cn: rwho.mcast.net
+ipHostNumber: 224.0.2.1
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=sun-rpc, o=SGI, c=US
+cn: sun-rpc
+cn: sun-rpc.mcast.net
+ipHostNumber: 224.0.2.2
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=localhost, o=SGI, c=US
+cn: localhost
+cn: localhost
+cn: localhost.engr.sgi.com
+cn: loghost
+ipHostNumber: 127.1
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=mcast, o=SGI, c=US
+cn: mcast
+cn: mcast.
+ipHostNumber: 224.0.0.0
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=allhosts-mcast, o=SGI, c=US
+cn: allhosts-mcast
+cn: allhosts-mcast.
+ipHostNumber: 224.0.0.1
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=allgates-mcast, o=SGI, c=US
+cn: allgates-mcast
+cn: allgates-mcast.
+ipHostNumber: 224.0.0.2
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=dvmrp-mcast, o=SGI, c=US
+cn: dvmrp-mcast
+cn: dvmrp-mcast.
+ipHostNumber: 224.0.0.4
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=ospf-all-routers-mcast, o=SGI, c=US
+cn: ospf-all-routers-mcast
+cn: ospf-all-routers-mcast.
+ipHostNumber: 224.0.0.5
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=ospf-desi-routers-mcast, o=SGI, c=US
+cn: ospf-desi-routers-mcast
+cn: ospf-desi-routers-mcast.
+ipHostNumber: 224.0.0.6
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=ntp-mcast, o=SGI, c=US
+cn: ntp-mcast
+cn: ntp-mcast.
+ipHostNumber: 224.0.1.1
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=sgi-dog-mcast, o=SGI, c=US
+cn: sgi-dog-mcast
+cn: sgi-dog-mcast.
+ipHostNumber: 224.0.1.2
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=rwhod-mcast, o=SGI, c=US
+cn: rwhod-mcast
+cn: rwhod-mcast.
+ipHostNumber: 224.0.1.3
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=rwho-mcast, o=SGI, c=US
+cn: rwho-mcast
+cn: rwho-mcast.
+ipHostNumber: 224.0.2.1
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=pmap-mcast, o=SGI, c=US
+cn: pmap-mcast
+cn: pmap-mcast.
+ipHostNumber: 224.0.2.2
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=fddi-odin, o=SGI, c=US
+cn: fddi-odin
+cn: fddi-odin.corp.sgi.com
+cn: fddi-odin
+cn: relay.sgi.com
+cn: oni
+cn: sgihub
+ipHostNumber: 198.29.75.194
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=sgigate, o=SGI, c=US
+cn: sgigate
+cn: sgigate.sgi.com
+cn: socks-proxy-server.sgi.com
+cn: sgigate
+cn: socks-proxy
+cn: socks
+ipHostNumber: 198.29.75.75
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=odin, o=SGI, c=US
+cn: odin
+cn: odin.corp.sgi.com
+cn: odin
+cn: gate-odin
+ipHostNumber: 192.26.51.194
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=relay, o=SGI, c=US
+cn: relay
+cn: relay.esd.sgi.com
+cn: ares
+cn: esd
+ipHostNumber: 130.62.72.10
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=rock, o=SGI, c=US
+cn: rock
+cn: rock.csd.sgi.com
+cn: csd.sgi.com
+cn: relay.csd.sgi.com
+cn: rock
+ipHostNumber: 150.166.101.10
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=stiletto, o=SGI, c=US
+cn: stiletto
+cn: stiletto
+ipHostNumber: 150.166.42.26
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=stiletto, o=SGI, c=US
+cn: stiletto
+cn: stiletto.engr.sgi.com
+cn: stiletto
+ipHostNumber: 150.166.42.26
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=lhola, o=SGI, c=US
+cn: lhola
+cn: lhola.engr.sgi.com
+cn: lhola
+ipHostNumber: 150.166.75.55
+objectclass: ipHost
+objectclass: device
+objectclass: top
+
+dn: cn=dhcp-166-75-76, o=SGI, c=US
+cn: dhcp-166-75-76
+cn: dhcp-166-75-76.engr.sgi.com
+cn: dhcp-166-75-76
+macAddress: 8:0:69:2:ed:b3
+ipHostNumber: 150.166.75.76
+objectclass: ipHost
+objectclass: device
+objectclass: top
+objectclass: ieee802Device
+
+dn: cn=loopback, o=SGI, c=US
+cn: loopback
+cn: loopback.sgi.com
+ipNetworkNumber: 127
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sgicust, o=SGI, c=US
+cn: sgicust
+ipNetworkNumber: 192.26.50
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=bacbone, o=SGI, c=US
+cn: bacbone
+ipNetworkNumber: 192.26.51
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2, o=SGI, c=US
+cn: b2
+ipNetworkNumber: 192.26.52
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b4-esdvt-fddi-test-net, o=SGI, c=US
+cn: b4-esdvt-fddi-test-net
+ipNetworkNumber: 192.26.53
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b3u-engr-slip, o=SGI, c=US
+cn: b3u-engr-slip
+ipNetworkNumber: 192.26.54
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-isdn-fddibackbone, o=SGI, c=US
+cn: b2u-isdn-fddibackbone
+ipNetworkNumber: 192.26.55
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-isdn-net, o=SGI, c=US
+cn: b2u-isdn-net
+ipNetworkNumber: 192.26.56
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b4, o=SGI, c=US
+cn: b4
+ipNetworkNumber: 192.26.57
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b3u-ffdi-lab, o=SGI, c=US
+cn: b3u-ffdi-lab
+ipNetworkNumber: 192.26.59
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2-gandalf, o=SGI, c=US
+cn: b2-gandalf
+ipNetworkNumber: 192.26.60
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9U, o=SGI, c=US
+cn: b9U
+ipNetworkNumber: 192.26.61
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-vis-sim, o=SGI, c=US
+cn: b7l-vis-sim
+ipNetworkNumber: 192.26.62
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9L-rel, o=SGI, c=US
+cn: b9L-rel
+ipNetworkNumber: 192.26.63
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8-ofc, o=SGI, c=US
+cn: b8-ofc
+ipNetworkNumber: 192.26.65
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b12-mfg-lab, o=SGI, c=US
+cn: b12-mfg-lab
+ipNetworkNumber: 192.26.66
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-psd-sw, o=SGI, c=US
+cn: b1-psd-sw
+ipNetworkNumber: 192.26.67
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9L-comp-ffdi, o=SGI, c=US
+cn: b9L-comp-ffdi
+ipNetworkNumber: 192.26.68
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wpd-dless, o=SGI, c=US
+cn: wpd-dless
+ipNetworkNumber: 192.26.69
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2L-VSG-staff, o=SGI, c=US
+cn: b2L-VSG-staff
+ipNetworkNumber: 192.26.70
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-nei2, o=SGI, c=US
+cn: b2u-nei2
+ipNetworkNumber: 192.26.71
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7u-gfxsw, o=SGI, c=US
+cn: b7u-gfxsw
+ipNetworkNumber: 192.26.72
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7u-gfxhw, o=SGI, c=US
+cn: b7u-gfxhw
+ipNetworkNumber: 192.26.73
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9l-ids, o=SGI, c=US
+cn: b9l-ids
+ipNetworkNumber: 192.26.74
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9u-ng, o=SGI, c=US
+cn: b9u-ng
+ipNetworkNumber: 192.26.75
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9l-pfng1, o=SGI, c=US
+cn: b9l-pfng1
+ipNetworkNumber: 192.26.76
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b789atm, o=SGI, c=US
+cn: b789atm
+ipNetworkNumber: 192.26.77
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wpd-slip, o=SGI, c=US
+cn: wpd-slip
+ipNetworkNumber: 192.26.78
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9l-pubs, o=SGI, c=US
+cn: b9l-pubs
+ipNetworkNumber: 192.26.79
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=engr-fddi, o=SGI, c=US
+cn: engr-fddi
+ipNetworkNumber: 192.26.80
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dms, o=SGI, c=US
+cn: b1-dms
+ipNetworkNumber: 192.26.81
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-os, o=SGI, c=US
+cn: b7l-os
+cn: sgi48-150.sgi.com
+ipNetworkNumber: 192.48.150
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=show, o=SGI, c=US
+cn: show
+ipNetworkNumber: 192.26.82
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=timewarner-fsn, o=SGI, c=US
+cn: timewarner-fsn
+ipNetworkNumber: 192.48.146
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=vtel-mcast-net, o=SGI, c=US
+cn: vtel-mcast-net
+ipNetworkNumber: 192.48.147
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b24u-lab, o=SGI, c=US
+cn: b24u-lab
+ipNetworkNumber: 192.48.148
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wpd-fddi2, o=SGI, c=US
+cn: wpd-fddi2
+ipNetworkNumber: 192.48.149
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b24u-lab, o=SGI, c=US
+cn: b24u-lab
+ipNetworkNumber: 192.48.151
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-polevault, o=SGI, c=US
+cn: b1-polevault
+ipNetworkNumber: 192.48.152
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=barrnet, o=SGI, c=US
+cn: barrnet
+ipNetworkNumber: 192.48.153
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b3u-eisa-lab, o=SGI, c=US
+cn: b3u-eisa-lab
+ipNetworkNumber: 192.48.154
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=hippi-net, o=SGI, c=US
+cn: hippi-net
+ipNetworkNumber: 192.48.155
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=munich-support, o=SGI, c=US
+cn: munich-support
+ipNetworkNumber: 192.48.156
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=boston, o=SGI, c=US
+cn: boston
+ipNetworkNumber: 192.48.157
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9L-pfng3, o=SGI, c=US
+cn: b9L-pfng3
+cn: sgi44
+ipNetworkNumber: 192.48.158
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9L-pfng4, o=SGI, c=US
+cn: b9L-pfng4
+cn: sgi45
+ipNetworkNumber: 192.48.159
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9L-pfng5, o=SGI, c=US
+cn: b9L-pfng5
+cn: sgi46
+ipNetworkNumber: 192.48.160
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9L-pfng6, o=SGI, c=US
+cn: b9L-pfng6
+cn: sgi47
+ipNetworkNumber: 192.48.161
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9L-pfng7, o=SGI, c=US
+cn: b9L-pfng7
+cn: sgi48
+ipNetworkNumber: 192.48.162
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9L-pfng8, o=SGI, c=US
+cn: b9L-pfng8
+cn: sgi49
+ipNetworkNumber: 192.48.163
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9u-eprise, o=SGI, c=US
+cn: b9u-eprise
+cn: sgi48-164.sgi.com
+ipNetworkNumber: 192.48.164
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-oslab, o=SGI, c=US
+cn: b7l-oslab
+cn: sgi51
+ipNetworkNumber: 192.48.165
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=add-brds_lab1, o=SGI, c=US
+cn: add-brds_lab1
+ipNetworkNumber: 192.48.166
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-informix, o=SGI, c=US
+cn: b8u-informix
+ipNetworkNumber: 192.48.167
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dm-fddi, o=SGI, c=US
+cn: b1-dm-fddi
+cn: sgi48-168
+ipNetworkNumber: 192.48.168
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9l-isdn, o=SGI, c=US
+cn: b9l-isdn
+cn: sgi48-169
+ipNetworkNumber: 192.48.169
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-teleconf, o=SGI, c=US
+cn: b1-teleconf
+cn: sgi48-170.sgi.com
+ipNetworkNumber: 192.48.170
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9u-tr3, o=SGI, c=US
+cn: b9u-tr3
+cn: sgi48-171.sgi.com
+ipNetworkNumber: 192.48.171
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7-slip, o=SGI, c=US
+cn: b7-slip
+cn: sgi48-172.sgi.com
+ipNetworkNumber: 192.48.172
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9l-sqa-fddi, o=SGI, c=US
+cn: b9l-sqa-fddi
+cn: sgi48-173.sgi.com
+ipNetworkNumber: 192.48.173
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-asd-fddi, o=SGI, c=US
+cn: b7l-asd-fddi
+cn: sgi48-174
+ipNetworkNumber: 192.48.174
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sgi48-175, o=SGI, c=US
+cn: sgi48-175
+ipNetworkNumber: 192.48.175
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sgi48-176, o=SGI, c=US
+cn: sgi48-176
+ipNetworkNumber: 192.48.176
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sgi48-177, o=SGI, c=US
+cn: sgi48-177
+ipNetworkNumber: 192.48.177
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sgi48-178, o=SGI, c=US
+cn: sgi48-178
+ipNetworkNumber: 192.48.178
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sgi48-179, o=SGI, c=US
+cn: sgi48-179
+ipNetworkNumber: 192.48.179
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=engr-ppp-2, o=SGI, c=US
+cn: engr-ppp-2
+ipNetworkNumber: 192.48.180
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=engr-ppp-3, o=SGI, c=US
+cn: engr-ppp-3
+ipNetworkNumber: 192.48.181
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-tpc3, o=SGI, c=US
+cn: b7l-tpc3
+cn: sgi48-182
+ipNetworkNumber: 192.48.182
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-tpc4, o=SGI, c=US
+cn: b7l-tpc4
+cn: sgi48-183
+ipNetworkNumber: 192.48.183
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-tpc5, o=SGI, c=US
+cn: b7l-tpc5
+cn: sgi48-184
+ipNetworkNumber: 192.48.184
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-tpc6, o=SGI, c=US
+cn: b7l-tpc6
+cn: sgi48-185
+ipNetworkNumber: 192.48.185
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-tpc7, o=SGI, c=US
+cn: b7l-tpc7
+cn: sgi48-186
+ipNetworkNumber: 192.48.186
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-tpc8, o=SGI, c=US
+cn: b7l-tpc8
+cn: sgi48-187
+ipNetworkNumber: 192.48.187
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=bldr-fddi_1, o=SGI, c=US
+cn: bldr-fddi_1
+cn: sgi48-188.sgi.com
+ipNetworkNumber: 192.48.188
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=bldr-fddi_2, o=SGI, c=US
+cn: bldr-fddi_2
+cn: sgi48-189.sgi.com
+ipNetworkNumber: 192.48.189
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=bldr-ether, o=SGI, c=US
+cn: bldr-ether
+cn: sgi48-190.sgi.com
+ipNetworkNumber: 192.48.190
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-visual, o=SGI, c=US
+cn: b1-visual
+ipNetworkNumber: 192.48.191
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b3-esd-swlabs, o=SGI, c=US
+cn: b3-esd-swlabs
+ipNetworkNumber: 192.48.192
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b4-mfg-dvt, o=SGI, c=US
+cn: b4-mfg-dvt
+ipNetworkNumber: 192.48.194
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-pppnet, o=SGI, c=US
+cn: b9-pppnet
+ipNetworkNumber: 192.48.195
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-servers, o=SGI, c=US
+cn: b7l-servers
+ipNetworkNumber: 192.48.196
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=is-slipnet, o=SGI, c=US
+cn: is-slipnet
+ipNetworkNumber: 192.48.197
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b3-esd-sw, o=SGI, c=US
+cn: b3-esd-sw
+ipNetworkNumber: 192.48.198
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=ha-net, o=SGI, c=US
+cn: ha-net
+ipNetworkNumber: 192.48.199
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b21-awmtv-200, o=SGI, c=US
+cn: b21-awmtv-200
+ipNetworkNumber: 192.48.200
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b21-awmtv-201, o=SGI, c=US
+cn: b21-awmtv-201
+ipNetworkNumber: 192.48.201
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=voxproc, o=SGI, c=US
+cn: voxproc
+ipNetworkNumber: 192.48.202
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b4-csd-repair, o=SGI, c=US
+cn: b4-csd-repair
+ipNetworkNumber: 192.48.203
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b3-swltest, o=SGI, c=US
+cn: b3-swltest
+ipNetworkNumber: 192.48.204
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2l-system-lab, o=SGI, c=US
+cn: b2l-system-lab
+ipNetworkNumber: 192.48.205
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=nawaf-home_net, o=SGI, c=US
+cn: nawaf-home_net
+ipNetworkNumber: 192.48.206
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-wpd-qa1, o=SGI, c=US
+cn: b9-wpd-qa1
+ipNetworkNumber: 192.82.162
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=fddi-net, o=SGI, c=US
+cn: fddi-net
+ipNetworkNumber: 192.82.163
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=fddi-mezz, o=SGI, c=US
+cn: fddi-mezz
+ipNetworkNumber: 192.82.164
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8-b11_fddi-test, o=SGI, c=US
+cn: b8-b11_fddi-test
+ipNetworkNumber: 192.82.165
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-mooosehead, o=SGI, c=US
+cn: b1-mooosehead
+ipNetworkNumber: 192.82.166
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-ppp-slip, o=SGI, c=US
+cn: b7l-ppp-slip
+ipNetworkNumber: 192.82.167
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-mfg, o=SGI, c=US
+cn: b11-mfg
+ipNetworkNumber: 192.82.168
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-slip_ppp, o=SGI, c=US
+cn: b1-slip_ppp
+ipNetworkNumber: 192.82.169
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2-modem-net, o=SGI, c=US
+cn: b2-modem-net
+ipNetworkNumber: 192.82.170
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-tools, o=SGI, c=US
+cn: b1-tools
+ipNetworkNumber: 192.82.171
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-asd, o=SGI, c=US
+cn: b7l-asd
+ipNetworkNumber: 192.82.172
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=mel-net, o=SGI, c=US
+cn: mel-net
+ipNetworkNumber: 192.82.173
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b12-business, o=SGI, c=US
+cn: b12-business
+ipNetworkNumber: 192.82.174
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-east, o=SGI, c=US
+cn: b11-east
+ipNetworkNumber: 192.82.175
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-west, o=SGI, c=US
+cn: b11-west
+ipNetworkNumber: 192.82.176
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=china-web_test, o=SGI, c=US
+cn: china-web_test
+ipNetworkNumber: 192.82.177
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=aw-net1, o=SGI, c=US
+cn: aw-net1
+ipNetworkNumber: 192.82.178
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-firewall-testing, o=SGI, c=US
+cn: b1-firewall-testing
+ipNetworkNumber: 192.82.179
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b3-corptest, o=SGI, c=US
+cn: b3-corptest
+ipNetworkNumber: 192.82.180
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9u-networking, o=SGI, c=US
+cn: b9u-networking
+ipNetworkNumber: 192.82.181
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=uk, o=SGI, c=US
+cn: uk
+ipNetworkNumber: 192.82.182
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8l-lab, o=SGI, c=US
+cn: b8l-lab
+ipNetworkNumber: 192.82.183
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=isdn-net, o=SGI, c=US
+cn: isdn-net
+ipNetworkNumber: 192.82.184
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2-hwlab, o=SGI, c=US
+cn: b2-hwlab
+ipNetworkNumber: 192.82.185
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-labs, o=SGI, c=US
+cn: b2u-labs
+ipNetworkNumber: 192.82.186
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b4-csd, o=SGI, c=US
+cn: b4-csd
+ipNetworkNumber: 192.82.187
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-mfg-cubes, o=SGI, c=US
+cn: b11-mfg-cubes
+ipNetworkNumber: 192.82.188
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9l-media-lab, o=SGI, c=US
+cn: b9l-media-lab
+ipNetworkNumber: 192.82.189
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-ort-lab, o=SGI, c=US
+cn: b11-ort-lab
+ipNetworkNumber: 192.82.190
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=meriden, o=SGI, c=US
+cn: meriden
+ipNetworkNumber: 192.82.191
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-idslabdev, o=SGI, c=US
+cn: b9-idslabdev
+ipNetworkNumber: 192.82.192
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sylvain-siou-net, o=SGI, c=US
+cn: sylvain-siou-net
+ipNetworkNumber: 192.82.193
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7u-hwtest, o=SGI, c=US
+cn: b7u-hwtest
+ipNetworkNumber: 192.82.194
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-mktg-high_performance-lab, o=SGI, c=US
+cn: b7l-mktg-high_performance-lab
+ipNetworkNumber: 192.82.195
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wan-serial-routers, o=SGI, c=US
+cn: wan-serial-routers
+ipNetworkNumber: 192.82.196
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=gouda-net, o=SGI, c=US
+cn: gouda-net
+ipNetworkNumber: 192.82.197
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=xfs-slip, o=SGI, c=US
+cn: xfs-slip
+ipNetworkNumber: 192.82.198
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-ngs-net, o=SGI, c=US
+cn: b1-ngs-net
+ipNetworkNumber: 192.82.200
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=siapt, o=SGI, c=US
+cn: siapt
+ipNetworkNumber: 192.82.202
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-token_lab, o=SGI, c=US
+cn: b1-token_lab
+ipNetworkNumber: 192.82.203
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=asd-slipnet3, o=SGI, c=US
+cn: asd-slipnet3
+ipNetworkNumber: 192.82.204
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=newport-bch1-net, o=SGI, c=US
+cn: newport-bch1-net
+ipNetworkNumber: 192.82.205
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=newport-bch2-net, o=SGI, c=US
+cn: newport-bch2-net
+ipNetworkNumber: 192.82.206
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b12-esd, o=SGI, c=US
+cn: b12-esd
+ipNetworkNumber: 192.82.207
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sgi-psi, o=SGI, c=US
+cn: sgi-psi
+ipNetworkNumber: 192.82.208
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2-100mb-net, o=SGI, c=US
+cn: b2-100mb-net
+ipNetworkNumber: 192.82.209
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b3-100mb-net, o=SGI, c=US
+cn: b3-100mb-net
+ipNetworkNumber: 192.82.210
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-mfg_engr, o=SGI, c=US
+cn: b8u-mfg_engr
+ipNetworkNumber: 192.82.211
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=vsg-esd, o=SGI, c=US
+cn: vsg-esd
+ipNetworkNumber: 192.102.96
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=mbus-fddi_1, o=SGI, c=US
+cn: mbus-fddi_1
+ipNetworkNumber: 192.102.98
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11a-endusr-net, o=SGI, c=US
+cn: b11a-endusr-net
+ipNetworkNumber: 192.102.99
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=is-test, o=SGI, c=US
+cn: is-test
+ipNetworkNumber: 192.102.100
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11b-endusr-net, o=SGI, c=US
+cn: b11b-endusr-net
+ipNetworkNumber: 192.102.101
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=tokyo-training1, o=SGI, c=US
+cn: tokyo-training1
+ipNetworkNumber: 192.102.102
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=tokyo-training2, o=SGI, c=US
+cn: tokyo-training2
+ipNetworkNumber: 192.102.103
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=kawasaki-agd, o=SGI, c=US
+cn: kawasaki-agd
+ipNetworkNumber: 192.102.104
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=mbus-fddi_2, o=SGI, c=US
+cn: mbus-fddi_2
+ipNetworkNumber: 192.102.105
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=hk-net, o=SGI, c=US
+cn: hk-net
+ipNetworkNumber: 192.102.106
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7u-hwlab, o=SGI, c=US
+cn: b7u-hwlab
+ipNetworkNumber: 192.102.107
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b6-brief, o=SGI, c=US
+cn: b6-brief
+ipNetworkNumber: 192.102.108
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=kawasaki-indy, o=SGI, c=US
+cn: kawasaki-indy
+ipNetworkNumber: 192.102.109
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11a-highend-1, o=SGI, c=US
+cn: b11a-highend-1
+ipNetworkNumber: 192.102.110
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11a-highend-2, o=SGI, c=US
+cn: b11a-highend-2
+ipNetworkNumber: 192.102.111
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b789hippi, o=SGI, c=US
+cn: b789hippi
+ipNetworkNumber: 192.102.112
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8-benchmark1, o=SGI, c=US
+cn: b8-benchmark1
+ipNetworkNumber: 192.102.114.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8-benchmark2, o=SGI, c=US
+cn: b8-benchmark2
+ipNetworkNumber: 192.102.115.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8-benchmark3, o=SGI, c=US
+cn: b8-benchmark3
+ipNetworkNumber: 192.102.116.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b3u-community1, o=SGI, c=US
+cn: b3u-community1
+ipNetworkNumber: 192.102.117
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b3u-community2, o=SGI, c=US
+cn: b3u-community2
+ipNetworkNumber: 192.102.118
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b3u-finnance-is, o=SGI, c=US
+cn: b3u-finnance-is
+ipNetworkNumber: 192.102.119
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-agd_lab, o=SGI, c=US
+cn: b8u-agd_lab
+ipNetworkNumber: 192.102.120
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-highend-mfg1, o=SGI, c=US
+cn: b11-highend-mfg1
+ipNetworkNumber: 192.102.122
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b6-demo-net, o=SGI, c=US
+cn: b6-demo-net
+ipNetworkNumber: 192.102.129
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11b-mfg-servernet-1, o=SGI, c=US
+cn: b11b-mfg-servernet-1
+ipNetworkNumber: 192.102.130
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-asd-net, o=SGI, c=US
+cn: b9-asd-net
+ipNetworkNumber: 192.102.131
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2-mfg-net, o=SGI, c=US
+cn: b2-mfg-net
+ipNetworkNumber: 192.102.132
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11b-mfg-servernet-2, o=SGI, c=US
+cn: b11b-mfg-servernet-2
+ipNetworkNumber: 192.102.133
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7u-syshw, o=SGI, c=US
+cn: b7u-syshw
+ipNetworkNumber: 192.102.135
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b4-csdlab, o=SGI, c=US
+cn: b4-csdlab
+ipNetworkNumber: 192.102.136
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17u-cselabC, o=SGI, c=US
+cn: b17u-cselabC
+ipNetworkNumber: 192.102.137
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b15-websafe, o=SGI, c=US
+cn: b15-websafe
+ipNetworkNumber: 192.102.138
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14l-engr, o=SGI, c=US
+cn: b14l-engr
+ipNetworkNumber: 192.102.141
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14-upper, o=SGI, c=US
+cn: b14-upper
+ipNetworkNumber: 192.102.142
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b5u-finance, o=SGI, c=US
+cn: b5u-finance
+ipNetworkNumber: 192.102.143
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14-dms1, o=SGI, c=US
+cn: b14-dms1
+ipNetworkNumber: 192.102.144
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-highend-mfg2, o=SGI, c=US
+cn: b11-highend-mfg2
+ipNetworkNumber: 192.111.1
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-totestack4, o=SGI, c=US
+cn: b11-totestack4
+ipNetworkNumber: 192.111.2
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-totestack5, o=SGI, c=US
+cn: b11-totestack5
+ipNetworkNumber: 192.111.3
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-totestack6, o=SGI, c=US
+cn: b11-totestack6
+ipNetworkNumber: 192.111.4
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-entrpse-mgmt, o=SGI, c=US
+cn: b8u-entrpse-mgmt
+ipNetworkNumber: 192.111.5
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-desktop2, o=SGI, c=US
+cn: b11-desktop2
+ipNetworkNumber: 192.111.6
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-desktop3, o=SGI, c=US
+cn: b11-desktop3
+ipNetworkNumber: 192.111.7
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-mfgsystest1, o=SGI, c=US
+cn: b11-mfgsystest1
+ipNetworkNumber: 192.111.8
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-datacollect, o=SGI, c=US
+cn: b11-datacollect
+ipNetworkNumber: 192.111.9
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-mips-mfg, o=SGI, c=US
+cn: b11-mips-mfg
+ipNetworkNumber: 192.111.10
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-OOBA, o=SGI, c=US
+cn: b11-OOBA
+ipNetworkNumber: 192.111.11
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-DCO, o=SGI, c=US
+cn: b11-DCO
+ipNetworkNumber: 192.111.12
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-dskcopy, o=SGI, c=US
+cn: b11-dskcopy
+ipNetworkNumber: 192.111.13
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b12-imsd1, o=SGI, c=US
+cn: b12-imsd1
+ipNetworkNumber: 192.111.14
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b12-imsd2, o=SGI, c=US
+cn: b12-imsd2
+ipNetworkNumber: 192.111.15
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b12-imsd3, o=SGI, c=US
+cn: b12-imsd3
+ipNetworkNumber: 192.111.16
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=dms-moose, o=SGI, c=US
+cn: dms-moose
+ipNetworkNumber: 192.111.17
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-video-lab, o=SGI, c=US
+cn: b7l-video-lab
+ipNetworkNumber: 192.111.18
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=corp-fddi, o=SGI, c=US
+cn: corp-fddi
+ipNetworkNumber: 192.111.21
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b16-engr-net, o=SGI, c=US
+cn: b16-engr-net
+ipNetworkNumber: 192.111.22
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dss-hwd, o=SGI, c=US
+cn: b1-dss-hwd
+ipNetworkNumber: 192.111.23
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dss-sft, o=SGI, c=US
+cn: b1-dss-sft
+ipNetworkNumber: 192.111.24
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dss-mkt, o=SGI, c=US
+cn: b1-dss-mkt
+ipNetworkNumber: 192.111.25
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dss-sftlab, o=SGI, c=US
+cn: b1-dss-sftlab
+ipNetworkNumber: 192.111.26
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dss-hwdlab, o=SGI, c=US
+cn: b1-dss-hwdlab
+ipNetworkNumber: 192.111.27
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dss-guinness, o=SGI, c=US
+cn: b1-dss-guinness
+ipNetworkNumber: 192.111.28
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=corp-isdn, o=SGI, c=US
+cn: corp-isdn
+ipNetworkNumber: 192.111.29
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=kodak-shutter, o=SGI, c=US
+cn: kodak-shutter
+ipNetworkNumber: 192.111.30
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=zursch-house, o=SGI, c=US
+cn: zursch-house
+ipNetworkNumber: 192.132.105
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14u-mkt, o=SGI, c=US
+cn: b14u-mkt
+ipNetworkNumber: 192.132.108
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=atm-net1, o=SGI, c=US
+cn: atm-net1
+ipNetworkNumber: 192.132.109
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=atm-net2, o=SGI, c=US
+cn: atm-net2
+ipNetworkNumber: 192.132.110
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-corpdc, o=SGI, c=US
+cn: b1-corpdc
+ipNetworkNumber: 192.132.111
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=qa-net, o=SGI, c=US
+cn: qa-net
+ipNetworkNumber: 192.132.112
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=aw-net3, o=SGI, c=US
+cn: aw-net3
+ipNetworkNumber: 192.132.114
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-engr-lab, o=SGI, c=US
+cn: b8u-engr-lab
+ipNetworkNumber: 192.132.115
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=euro-mbus_1, o=SGI, c=US
+cn: euro-mbus_1
+ipNetworkNumber: 192.132.116
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=euro-mbus_2, o=SGI, c=US
+cn: euro-mbus_2
+ipNetworkNumber: 192.132.117
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=lsil-asd-dev, o=SGI, c=US
+cn: lsil-asd-dev
+ipNetworkNumber: 192.132.118
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neuchatel-slip, o=SGI, c=US
+cn: neuchatel-slip
+ipNetworkNumber: 192.132.119
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=dialup-isdn, o=SGI, c=US
+cn: dialup-isdn
+ipNetworkNumber: 192.132.120
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dms3, o=SGI, c=US
+cn: b1-dms3
+ipNetworkNumber: 192.132.122
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dss-cad, o=SGI, c=US
+cn: b1-dss-cad
+ipNetworkNumber: 192.132.127
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=cabmerwell, o=SGI, c=US
+cn: cabmerwell
+ipNetworkNumber: 192.132.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b21-studio-hippi, o=SGI, c=US
+cn: b21-studio-hippi
+ipNetworkNumber: 192.132.129
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=tw-wan-net, o=SGI, c=US
+cn: tw-wan-net
+ipNetworkNumber: 192.132.130
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=beijing, o=SGI, c=US
+cn: beijing
+ipNetworkNumber: 192.132.131
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=homefr, o=SGI, c=US
+cn: homefr
+ipNetworkNumber: 192.132.133
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dms4, o=SGI, c=US
+cn: b1-dms4
+ipNetworkNumber: 192.132.134
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-mtcast-net, o=SGI, c=US
+cn: b1-mtcast-net
+ipNetworkNumber: 192.132.136
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=fire-wall-net, o=SGI, c=US
+cn: fire-wall-net
+ipNetworkNumber: 192.132.137
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=lfsh-home-isdn, o=SGI, c=US
+cn: lfsh-home-isdn
+ipNetworkNumber: 192.132.138
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-nei4-1, o=SGI, c=US
+cn: b2u-nei4-1
+ipNetworkNumber: 192.132.139
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-nei4-2, o=SGI, c=US
+cn: b2u-nei4-2
+ipNetworkNumber: 192.132.140
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=frame-lpbck, o=SGI, c=US
+cn: frame-lpbck
+ipNetworkNumber: 192.132.141
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-gandalf-142, o=SGI, c=US
+cn: b2u-gandalf-142
+cn: Net
+cn: 192.132.142
+ipNetworkNumber: ISDN
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=home-frame1, o=SGI, c=US
+cn: home-frame1
+ipNetworkNumber: 192.132.144
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-fdd-mzz, o=SGI, c=US
+cn: b11-fdd-mzz
+ipNetworkNumber: 192.132.146
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=corp-is, o=SGI, c=US
+cn: corp-is
+ipNetworkNumber: 192.132.148
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=munich-firewall, o=SGI, c=US
+cn: munich-firewall
+ipNetworkNumber: 192.132.149
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=taipei, o=SGI, c=US
+cn: taipei
+ipNetworkNumber: 192.72.19
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=taiwan, o=SGI, c=US
+cn: taiwan
+ipNetworkNumber: 192.132.150
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sydney-tech_centre, o=SGI, c=US
+cn: sydney-tech_centre
+ipNetworkNumber: 192.132.151
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9U-atm, o=SGI, c=US
+cn: b9U-atm
+ipNetworkNumber: 192.132.153
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=is-fddi-test1, o=SGI, c=US
+cn: is-fddi-test1
+ipNetworkNumber: 192.132.155
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=is-fddi-test2, o=SGI, c=US
+cn: is-fddi-test2
+ipNetworkNumber: 192.132.156
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=is-fddi-test3, o=SGI, c=US
+cn: is-fddi-test3
+ipNetworkNumber: 192.132.157
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=is-fddi-test4, o=SGI, c=US
+cn: is-fddi-test4
+ipNetworkNumber: 192.132.158
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=is-fddi-test5, o=SGI, c=US
+cn: is-fddi-test5
+ipNetworkNumber: 192.132.159
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=is-fddi-test6, o=SGI, c=US
+cn: is-fddi-test6
+ipNetworkNumber: 192.132.160
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=is-fddi-test7, o=SGI, c=US
+cn: is-fddi-test7
+ipNetworkNumber: 192.132.161
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b4-evtlab, o=SGI, c=US
+cn: b4-evtlab
+ipNetworkNumber: 192.132.162
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanb8-wanb17, o=SGI, c=US
+cn: wanb8-wanb17
+ipNetworkNumber: 192.132.163
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=csd-insight, o=SGI, c=US
+cn: csd-insight
+ipNetworkNumber: 192.132.164
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b4-wan, o=SGI, c=US
+cn: b4-wan
+ipNetworkNumber: 192.132.165
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b4-csdindy, o=SGI, c=US
+cn: b4-csdindy
+ipNetworkNumber: 192.132.170
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2-hwlab2-temp, o=SGI, c=US
+cn: b2-hwlab2-temp
+ipNetworkNumber: 192.132.171
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dss-os-1, o=SGI, c=US
+cn: b1-dss-os-1
+ipNetworkNumber: 192.132.173
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dss-msig-1, o=SGI, c=US
+cn: b1-dss-msig-1
+ipNetworkNumber: 192.132.174
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-eng-lab, o=SGI, c=US
+cn: b11-eng-lab
+ipNetworkNumber: 192.132.175
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-b, o=SGI, c=US
+cn: b2u-b
+ipNetworkNumber: 192.132.176
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-token-ring, o=SGI, c=US
+cn: b11-token-ring
+cn: sgi132-177
+ipNetworkNumber: 192.132.177
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-guiness-lab, o=SGI, c=US
+cn: b1-guiness-lab
+ipNetworkNumber: 192.132.178
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=jwag-home-slip, o=SGI, c=US
+cn: jwag-home-slip
+ipNetworkNumber: 192.132.179
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=akmal-home-slip, o=SGI, c=US
+cn: akmal-home-slip
+ipNetworkNumber: 192.132.180
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=nasa-jsc, o=SGI, c=US
+cn: nasa-jsc
+ipNetworkNumber: 192.132.181
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8l-nsd, o=SGI, c=US
+cn: b8l-nsd
+ipNetworkNumber: 192.132.182
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-fddi-servers, o=SGI, c=US
+cn: b7l-fddi-servers
+ipNetworkNumber: 192.132.186
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=msdtest-fddi, o=SGI, c=US
+cn: msdtest-fddi
+ipNetworkNumber: 192.132.187
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-mfg-test, o=SGI, c=US
+cn: b11-mfg-test
+cn: sgi132-188
+ipNetworkNumber: 192.132.188
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=paris-secure3, o=SGI, c=US
+cn: paris-secure3
+ipNetworkNumber: 192.132.189
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-digital-media-lab, o=SGI, c=US
+cn: b2u-digital-media-lab
+ipNetworkNumber: 192.132.190
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7u-swlab, o=SGI, c=US
+cn: b7u-swlab
+ipNetworkNumber: 192.132.191
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=eng-spine, o=SGI, c=US
+cn: eng-spine
+ipNetworkNumber: 192.132.194
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-ddc, o=SGI, c=US
+cn: b11-ddc
+ipNetworkNumber: 192.132.195
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b12-totestack1, o=SGI, c=US
+cn: b12-totestack1
+ipNetworkNumber: 192.132.196
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b12-totestack2, o=SGI, c=US
+cn: b12-totestack2
+ipNetworkNumber: 192.132.197
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-mfgoven1, o=SGI, c=US
+cn: b11-mfgoven1
+ipNetworkNumber: 192.132.198
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=aw-tokyo, o=SGI, c=US
+cn: aw-tokyo
+ipNetworkNumber: 192.132.199
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b12-mfg, o=SGI, c=US
+cn: b12-mfg
+ipNetworkNumber: 192.132.204
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2-cddi-net, o=SGI, c=US
+cn: b2-cddi-net
+ipNetworkNumber: 198.29.64
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=aw-net2, o=SGI, c=US
+cn: aw-net2
+ipNetworkNumber: 198.29.65
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7-net, o=SGI, c=US
+cn: b7-net
+ipNetworkNumber: 198.29.66
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14l-dms5, o=SGI, c=US
+cn: b14l-dms5
+ipNetworkNumber: 198.29.67
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=portlandwa, o=SGI, c=US
+cn: portlandwa
+ipNetworkNumber: 198.29.68
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-engr-net1, o=SGI, c=US
+cn: b9-engr-net1
+ipNetworkNumber: 198.29.69
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-ssd-benchlab_1, o=SGI, c=US
+cn: b7l-ssd-benchlab_1
+ipNetworkNumber: 198.29.71
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-mfgoven2, o=SGI, c=US
+cn: b11-mfgoven2
+ipNetworkNumber: 198.29.72
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-mfgsystest2, o=SGI, c=US
+cn: b11-mfgsystest2
+ipNetworkNumber: 198.29.73
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=burnham-local, o=SGI, c=US
+cn: burnham-local
+ipNetworkNumber: 198.29.74
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=dco-fddi, o=SGI, c=US
+cn: dco-fddi
+ipNetworkNumber: 198.29.75
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-engr-net2, o=SGI, c=US
+cn: b9-engr-net2
+ipNetworkNumber: 198.29.76
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b3-cddi-net, o=SGI, c=US
+cn: b3-cddi-net
+ipNetworkNumber: 198.29.77
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7u-lego-test1, o=SGI, c=US
+cn: b7u-lego-test1
+ipNetworkNumber: 198.29.78
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-networking-lab, o=SGI, c=US
+cn: b7l-networking-lab
+ipNetworkNumber: 198.29.79
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-gandalf-80-isdn, o=SGI, c=US
+cn: b2u-gandalf-80-isdn
+ipNetworkNumber: 198.29.80
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-gandalf-81-isdn, o=SGI, c=US
+cn: b2u-gandalf-81-isdn
+ipNetworkNumber: 198.29.81
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7u-syssw, o=SGI, c=US
+cn: b7u-syssw
+ipNetworkNumber: 198.29.82
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-asdlabs, o=SGI, c=US
+cn: b7l-asdlabs
+ipNetworkNumber: 198.29.83
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-compliance-lab, o=SGI, c=US
+cn: b7l-compliance-lab
+ipNetworkNumber: 198.29.84
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-gandalf-85-isdn, o=SGI, c=US
+cn: b2u-gandalf-85-isdn
+ipNetworkNumber: 198.29.85
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-engr-net3, o=SGI, c=US
+cn: b9-engr-net3
+ipNetworkNumber: 198.29.86
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=barna-internet, o=SGI, c=US
+cn: barna-internet
+ipNetworkNumber: 198.29.87
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-gandalf-88-isdn, o=SGI, c=US
+cn: b2u-gandalf-88-isdn
+ipNetworkNumber: 198.29.88
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=appletalk_net_9, o=SGI, c=US
+cn: appletalk_net_9
+ipNetworkNumber: 198.29.89
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=appletalk_net_10, o=SGI, c=US
+cn: appletalk_net_10
+ipNetworkNumber: 198.29.90
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-gandalf-91-isdn, o=SGI, c=US
+cn: b2u-gandalf-91-isdn
+ipNetworkNumber: 198.29.91
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-gandalf-92-isdn, o=SGI, c=US
+cn: b2u-gandalf-92-isdn
+ipNetworkNumber: 198.29.92
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-gandalf-93-isdn, o=SGI, c=US
+cn: b2u-gandalf-93-isdn
+ipNetworkNumber: 198.29.93
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=uktraining, o=SGI, c=US
+cn: uktraining
+ipNetworkNumber: 198.29.94
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=vbt-testnet, o=SGI, c=US
+cn: vbt-testnet
+ipNetworkNumber: 198.29.95
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14-mcast, o=SGI, c=US
+cn: b14-mcast
+ipNetworkNumber: 198.29.96
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14l-esd_mkt, o=SGI, c=US
+cn: b14l-esd_mkt
+ipNetworkNumber: 198.29.97
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14u-apps1, o=SGI, c=US
+cn: b14u-apps1
+ipNetworkNumber: 198.29.98
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14u-apps2, o=SGI, c=US
+cn: b14u-apps2
+ipNetworkNumber: 198.29.99
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-prod-eng1, o=SGI, c=US
+cn: b1-prod-eng1
+ipNetworkNumber: 198.29.100
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-prod-eng2, o=SGI, c=US
+cn: b1-prod-eng2
+ipNetworkNumber: 198.29.101
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-time-warner-3, o=SGI, c=US
+cn: b9-time-warner-3
+ipNetworkNumber: 198.29.102
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9u-time-warner, o=SGI, c=US
+cn: b9u-time-warner
+ipNetworkNumber: 198.29.103
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8l-prod-design, o=SGI, c=US
+cn: b8l-prod-design
+ipNetworkNumber: 198.29.104
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8l-mktg-net3, o=SGI, c=US
+cn: b8l-mktg-net3
+ipNetworkNumber: 198.29.106
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9l-enduser, o=SGI, c=US
+cn: b9l-enduser
+ipNetworkNumber: 198.29.108
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=partner-net, o=SGI, c=US
+cn: partner-net
+ipNetworkNumber: 198.29.110
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=solectron, o=SGI, c=US
+cn: solectron
+ipNetworkNumber: 198.29.111
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2-isdn-network, o=SGI, c=US
+cn: b2-isdn-network
+ipNetworkNumber: 198.29.112
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-lego-systest, o=SGI, c=US
+cn: b11-lego-systest
+ipNetworkNumber: 198.29.113
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-lego-ovens, o=SGI, c=US
+cn: b11-lego-ovens
+ipNetworkNumber: 198.29.114
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-time-warner-4, o=SGI, c=US
+cn: b9-time-warner-4
+ipNetworkNumber: 198.29.115
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=paris-secure1, o=SGI, c=US
+cn: paris-secure1
+ipNetworkNumber: 198.29.116
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=paris-secure2, o=SGI, c=US
+cn: paris-secure2
+ipNetworkNumber: 198.29.117
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2-b4backbone, o=SGI, c=US
+cn: b2-b4backbone
+ipNetworkNumber: 198.29.118
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=home-frame2, o=SGI, c=US
+cn: home-frame2
+ipNetworkNumber: 198.29.119
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=add-brds_lab2, o=SGI, c=US
+cn: add-brds_lab2
+ipNetworkNumber: 198.29.120
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-gauntlet, o=SGI, c=US
+cn: b1-gauntlet
+ipNetworkNumber: 198.29.121
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dms-fddi, o=SGI, c=US
+cn: b1-dms-fddi
+ipNetworkNumber: 198.29.122
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14l-nafo-lab, o=SGI, c=US
+cn: b14l-nafo-lab
+ipNetworkNumber: 198.29.124
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-comp-lab-a, o=SGI, c=US
+cn: b11-comp-lab-a
+ipNetworkNumber: 198.29.125
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-comp-lab-b, o=SGI, c=US
+cn: b11-comp-lab-b
+ipNetworkNumber: 198.29.126
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-comp-lab-c, o=SGI, c=US
+cn: b11-comp-lab-c
+ipNetworkNumber: 198.29.127
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-wpdlab1, o=SGI, c=US
+cn: b9-wpdlab1
+ipNetworkNumber: 199.74.33
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-wpdlab2, o=SGI, c=US
+cn: b9-wpdlab2
+ipNetworkNumber: 199.74.34
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-wpdlab3, o=SGI, c=US
+cn: b9-wpdlab3
+ipNetworkNumber: 199.74.35
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-wpdlab4, o=SGI, c=US
+cn: b9-wpdlab4
+ipNetworkNumber: 199.74.36
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-wpdlab5, o=SGI, c=US
+cn: b9-wpdlab5
+ipNetworkNumber: 199.74.37
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-wpdfddi3, o=SGI, c=US
+cn: b9-wpdfddi3
+ipNetworkNumber: 199.74.38
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-wpdfddi1, o=SGI, c=US
+cn: b9-wpdfddi1
+ipNetworkNumber: 199.74.39
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-wpdfddi2, o=SGI, c=US
+cn: b9-wpdfddi2
+ipNetworkNumber: 199.74.40
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=la-pri_hub, o=SGI, c=US
+cn: la-pri_hub
+ipNetworkNumber: 199.74.41
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=rpa-mtview-serial, o=SGI, c=US
+cn: rpa-mtview-serial
+ipNetworkNumber: 199.74.42
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b4-mfg-endusers, o=SGI, c=US
+cn: b4-mfg-endusers
+ipNetworkNumber: 199.74.43
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b6u-corp-bc, o=SGI, c=US
+cn: b6u-corp-bc
+ipNetworkNumber: 199.74.44
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=isdn1, o=SGI, c=US
+cn: isdn1
+ipNetworkNumber: 199.74.46
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=isdn2, o=SGI, c=US
+cn: isdn2
+ipNetworkNumber: 199.74.47
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b6-fddi-corp, o=SGI, c=US
+cn: b6-fddi-corp
+ipNetworkNumber: 199.74.48
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b18_xplx-apptlk, o=SGI, c=US
+cn: b18_xplx-apptlk
+ipNetworkNumber: 199.74.49
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=ppp-isdn-network1, o=SGI, c=US
+cn: ppp-isdn-network1
+ipNetworkNumber: 199.74.51
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=ppp-isdn-network2, o=SGI, c=US
+cn: ppp-isdn-network2
+ipNetworkNumber: 199.74.52
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=dss-isdn, o=SGI, c=US
+cn: dss-isdn
+ipNetworkNumber: 199.74.53
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b3l-community1, o=SGI, c=US
+cn: b3l-community1
+ipNetworkNumber: 199.74.54
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b3l-community2, o=SGI, c=US
+cn: b3l-community2
+ipNetworkNumber: 199.74.56
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b3l-community3, o=SGI, c=US
+cn: b3l-community3
+ipNetworkNumber: 199.74.57
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sf-studio3, o=SGI, c=US
+cn: sf-studio3
+ipNetworkNumber: 199.74.58
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=mbus-ether, o=SGI, c=US
+cn: mbus-ether
+ipNetworkNumber: 199.74.59
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=cole-weber, o=SGI, c=US
+cn: cole-weber
+ipNetworkNumber: 199.74.60
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=tre-nei1-61-cnet, o=SGI, c=US
+cn: tre-nei1-61-cnet
+ipNetworkNumber: 199.74.61
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=japan-external, o=SGI, c=US
+cn: japan-external
+ipNetworkNumber: 199.74.62
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=nsd-oracle, o=SGI, c=US
+cn: nsd-oracle
+ipNetworkNumber: 199.74.63
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-is, o=SGI, c=US
+cn: neu-is
+ipNetworkNumber: 155.11.1.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-1d1b, o=SGI, c=US
+cn: neu-1d1b
+ipNetworkNumber: 155.11.1.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-adm, o=SGI, c=US
+cn: neu-adm
+ipNetworkNumber: 155.11.2.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-1d2b, o=SGI, c=US
+cn: neu-1d2b
+ipNetworkNumber: 155.11.2.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-csd, o=SGI, c=US
+cn: neu-csd
+ipNetworkNumber: 155.11.3.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-1d3b, o=SGI, c=US
+cn: neu-1d3b
+ipNetworkNumber: 155.11.3.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-mktg, o=SGI, c=US
+cn: neu-mktg
+ipNetworkNumber: 155.11.4.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-1p4b, o=SGI, c=US
+cn: neu-1p4b
+ipNetworkNumber: 155.11.4.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-1p5b, o=SGI, c=US
+cn: neu-1p5b
+ipNetworkNumber: 155.11.5.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-1p5a, o=SGI, c=US
+cn: neu-1p5a
+ipNetworkNumber: 155.11.5.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-lab1, o=SGI, c=US
+cn: neu-lab1
+ipNetworkNumber: 155.11.6.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-lab2, o=SGI, c=US
+cn: neu-lab2
+ipNetworkNumber: 155.11.6.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-train1, o=SGI, c=US
+cn: neu-train1
+ipNetworkNumber: 155.11.7.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-train2, o=SGI, c=US
+cn: neu-train2
+ipNetworkNumber: 155.11.7.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-mfgtst, o=SGI, c=US
+cn: neu-mfgtst
+ipNetworkNumber: 155.11.8.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-1r8b, o=SGI, c=US
+cn: neu-1r8b
+ipNetworkNumber: 155.11.8.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-mfg1, o=SGI, c=US
+cn: neu-mfg1
+ipNetworkNumber: 155.11.9.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-1r9b, o=SGI, c=US
+cn: neu-1r9b
+ipNetworkNumber: 155.11.9.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-mfg2, o=SGI, c=US
+cn: neu-mfg2
+ipNetworkNumber: 155.11.10.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-itlcomm, o=SGI, c=US
+cn: neu-itlcomm
+ipNetworkNumber: 155.11.10.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=par-bb, o=SGI, c=US
+cn: par-bb
+ipNetworkNumber: 155.11.11.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=par-csd, o=SGI, c=US
+cn: par-csd
+ipNetworkNumber: 155.11.11.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=par-sales, o=SGI, c=US
+cn: par-sales
+ipNetworkNumber: 155.11.12.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=par-train, o=SGI, c=US
+cn: par-train
+ipNetworkNumber: 155.11.12.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=par-eng, o=SGI, c=US
+cn: par-eng
+ipNetworkNumber: 155.11.13.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=par-adm, o=SGI, c=US
+cn: par-adm
+ipNetworkNumber: 155.11.13.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=aix-net, o=SGI, c=US
+cn: aix-net
+ipNetworkNumber: 155.11.14.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=par-aix-ptp, o=SGI, c=US
+cn: par-aix-ptp
+ipNetworkNumber: 155.11.14.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=tou-net, o=SGI, c=US
+cn: tou-net
+ipNetworkNumber: 155.11.15.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=par-tou-ptp, o=SGI, c=US
+cn: par-tou-ptp
+ipNetworkNumber: 155.11.15.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=lyon-net, o=SGI, c=US
+cn: lyon-net
+ipNetworkNumber: 155.11.16.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=par-lyon-ptp, o=SGI, c=US
+cn: par-lyon-ptp
+ipNetworkNumber: 155.11.16.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=rennes-net, o=SGI, c=US
+cn: rennes-net
+ipNetworkNumber: 155.11.17.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=par-rennes-ptp, o=SGI, c=US
+cn: par-rennes-ptp
+ipNetworkNumber: 155.11.17.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=milan-net1, o=SGI, c=US
+cn: milan-net1
+ipNetworkNumber: 155.11.18.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=milan-net2, o=SGI, c=US
+cn: milan-net2
+ipNetworkNumber: 155.11.18.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=geneva-ptp, o=SGI, c=US
+cn: geneva-ptp
+ipNetworkNumber: 155.11.19.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=geneva-net, o=SGI, c=US
+cn: geneva-net
+ipNetworkNumber: 155.11.19.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=rome-net1, o=SGI, c=US
+cn: rome-net1
+ipNetworkNumber: 155.11.20.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=rome-net2, o=SGI, c=US
+cn: rome-net2
+ipNetworkNumber: 155.11.20.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-h-2511, o=SGI, c=US
+cn: neu-h-2511
+ipNetworkNumber: 155.11.21.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-blazer, o=SGI, c=US
+cn: neu-blazer
+ipNetworkNumber: 155.11.21.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=helsinki-net, o=SGI, c=US
+cn: helsinki-net
+ipNetworkNumber: 155.11.22.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=FREE-1, o=SGI, c=US
+cn: FREE-1
+ipNetworkNumber: 155.11.22.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=zurich-net, o=SGI, c=US
+cn: zurich-net
+ipNetworkNumber: 155.11.23.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-zurich-ptp, o=SGI, c=US
+cn: neu-zurich-ptp
+ipNetworkNumber: 155.11.23.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-1fddi, o=SGI, c=US
+cn: neu-1fddi
+ipNetworkNumber: 155.11.24.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-2fddi, o=SGI, c=US
+cn: neu-2fddi
+ipNetworkNumber: 155.11.24.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=london1, o=SGI, c=US
+cn: london1
+ipNetworkNumber: 155.11.25.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=london2, o=SGI, c=US
+cn: london2
+ipNetworkNumber: 155.11.25.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=falkirk1, o=SGI, c=US
+cn: falkirk1
+ipNetworkNumber: 155.11.26.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=falkirk2, o=SGI, c=US
+cn: falkirk2
+ipNetworkNumber: 155.11.26.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-wh1, o=SGI, c=US
+cn: reading-wh1
+ipNetworkNumber: 155.11.27.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-wh2, o=SGI, c=US
+cn: reading-wh2
+ipNetworkNumber: 155.11.27.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=demeern-net, o=SGI, c=US
+cn: demeern-net
+ipNetworkNumber: 155.11.28.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=demeern-net2, o=SGI, c=US
+cn: demeern-net2
+ipNetworkNumber: 155.11.28.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=demeern-net3, o=SGI, c=US
+cn: demeern-net3
+ipNetworkNumber: 155.11.29.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=demeern-net4, o=SGI, c=US
+cn: demeern-net4
+ipNetworkNumber: 155.11.29.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=lausanne1, o=SGI, c=US
+cn: lausanne1
+ipNetworkNumber: 155.11.30.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=lausanne2, o=SGI, c=US
+cn: lausanne2
+ipNetworkNumber: 155.11.30.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=stockholm-net, o=SGI, c=US
+cn: stockholm-net
+ipNetworkNumber: 155.11.31.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=stockholm-ptp, o=SGI, c=US
+cn: stockholm-ptp
+ipNetworkNumber: 155.11.31.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=budapest, o=SGI, c=US
+cn: budapest
+ipNetworkNumber: 155.11.32.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=budapest-ptp, o=SGI, c=US
+cn: budapest-ptp
+ipNetworkNumber: 155.11.32.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=FREE-2, o=SGI, c=US
+cn: FREE-2
+ipNetworkNumber: 155.11.33.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=FREE-3, o=SGI, c=US
+cn: FREE-3
+ipNetworkNumber: 155.11.33.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-mfg2a, o=SGI, c=US
+cn: neu-mfg2a
+ipNetworkNumber: 155.11.34.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-mfg2b, o=SGI, c=US
+cn: neu-mfg2b
+ipNetworkNumber: 155.11.34.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=lan-tst, o=SGI, c=US
+cn: lan-tst
+ipNetworkNumber: 155.11.35.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wan-tst, o=SGI, c=US
+cn: wan-tst
+ipNetworkNumber: 155.11.35.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=demeern-net7, o=SGI, c=US
+cn: demeern-net7
+ipNetworkNumber: 155.11.36.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=demeern-net8, o=SGI, c=US
+cn: demeern-net8
+ipNetworkNumber: 155.11.36.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=basel-net, o=SGI, c=US
+cn: basel-net
+ipNetworkNumber: 155.11.37.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=basel-ptp, o=SGI, c=US
+cn: basel-ptp
+ipNetworkNumber: 155.11.37.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=brno-net, o=SGI, c=US
+cn: brno-net
+ipNetworkNumber: 155.11.38.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=brno-ptp, o=SGI, c=US
+cn: brno-ptp
+ipNetworkNumber: 155.11.38.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=warsaw-net, o=SGI, c=US
+cn: warsaw-net
+ipNetworkNumber: 155.11.39.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=warsaw-ptp, o=SGI, c=US
+cn: warsaw-ptp
+ipNetworkNumber: 155.11.39.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=moscow, o=SGI, c=US
+cn: moscow
+ipNetworkNumber: 155.11.40.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=moscow-ptp, o=SGI, c=US
+cn: moscow-ptp
+ipNetworkNumber: 155.11.40.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=munich-1, o=SGI, c=US
+cn: munich-1
+ipNetworkNumber: 155.11.41.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=munich-2, o=SGI, c=US
+cn: munich-2
+ipNetworkNumber: 155.11.41.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=Karlsruhe-1, o=SGI, c=US
+cn: Karlsruhe-1
+ipNetworkNumber: 155.11.42.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=Karlsruhe-2, o=SGI, c=US
+cn: Karlsruhe-2
+ipNetworkNumber: 155.11.42.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=Cologne-1, o=SGI, c=US
+cn: Cologne-1
+ipNetworkNumber: 155.11.43.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=Cologne-2, o=SGI, c=US
+cn: Cologne-2
+ipNetworkNumber: 155.11.43.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=Berlin-1, o=SGI, c=US
+cn: Berlin-1
+ipNetworkNumber: 155.11.44.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=Berlin-2, o=SGI, c=US
+cn: Berlin-2
+ipNetworkNumber: 155.11.44.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=Hannover-1, o=SGI, c=US
+cn: Hannover-1
+ipNetworkNumber: 155.11.45.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=Hannover-2, o=SGI, c=US
+cn: Hannover-2
+ipNetworkNumber: 155.11.45.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=munich-3, o=SGI, c=US
+cn: munich-3
+ipNetworkNumber: 155.11.46.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=munich-4, o=SGI, c=US
+cn: munich-4
+ipNetworkNumber: 155.11.46.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=demeern-5, o=SGI, c=US
+cn: demeern-5
+ipNetworkNumber: 155.11.47.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=demeern, o=SGI, c=US
+cn: demeern
+ipNetworkNumber: 155.11.47.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=telaviv1, o=SGI, c=US
+cn: telaviv1
+ipNetworkNumber: 155.11.48.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=telaviv2, o=SGI, c=US
+cn: telaviv2
+ipNetworkNumber: 155.11.48.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=cort-tst1, o=SGI, c=US
+cn: cort-tst1
+ipNetworkNumber: 155.11.49.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=cort-tst2, o=SGI, c=US
+cn: cort-tst2
+ipNetworkNumber: 155.11.49.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=copen01, o=SGI, c=US
+cn: copen01
+ipNetworkNumber: 155.11.50.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=copen02, o=SGI, c=US
+cn: copen02
+ipNetworkNumber: 155.11.50.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=oslo01, o=SGI, c=US
+cn: oslo01
+ipNetworkNumber: 155.11.51.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=oslo02, o=SGI, c=US
+cn: oslo02
+ipNetworkNumber: 155.11.51.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=brussels, o=SGI, c=US
+cn: brussels
+ipNetworkNumber: 155.11.52.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=brussels_1, o=SGI, c=US
+cn: brussels_1
+ipNetworkNumber: 155.11.53.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=brussels_2, o=SGI, c=US
+cn: brussels_2
+ipNetworkNumber: 155.11.53.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=brussels_3, o=SGI, c=US
+cn: brussels_3
+ipNetworkNumber: 155.11.54.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=brussels_4, o=SGI, c=US
+cn: brussels_4
+ipNetworkNumber: 155.11.54.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=lausanne3, o=SGI, c=US
+cn: lausanne3
+ipNetworkNumber: 155.11.55.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=lausanne4, o=SGI, c=US
+cn: lausanne4
+ipNetworkNumber: 155.11.55.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=vienna1, o=SGI, c=US
+cn: vienna1
+ipNetworkNumber: 155.11.56.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=vienna2, o=SGI, c=US
+cn: vienna2
+ipNetworkNumber: 155.11.56.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=madrid1, o=SGI, c=US
+cn: madrid1
+ipNetworkNumber: 155.11.57.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=madrid2, o=SGI, c=US
+cn: madrid2
+ipNetworkNumber: 155.11.57.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=barcelona01, o=SGI, c=US
+cn: barcelona01
+ipNetworkNumber: 155.11.58.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=barcelona02, o=SGI, c=US
+cn: barcelona02
+ipNetworkNumber: 155.11.58.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=bahrain01, o=SGI, c=US
+cn: bahrain01
+ipNetworkNumber: 155.11.59.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=bahrain02, o=SGI, c=US
+cn: bahrain02
+ipNetworkNumber: 155.11.59.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=frankfurt1, o=SGI, c=US
+cn: frankfurt1
+ipNetworkNumber: 155.11.60.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=frankfurt2, o=SGI, c=US
+cn: frankfurt2
+ipNetworkNumber: 155.11.60.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=visual-land, o=SGI, c=US
+cn: visual-land
+ipNetworkNumber: 155.11.61.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=gland-wan, o=SGI, c=US
+cn: gland-wan
+ipNetworkNumber: 155.11.61.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=gothenburg1, o=SGI, c=US
+cn: gothenburg1
+ipNetworkNumber: 155.11.62.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=gothenburg2, o=SGI, c=US
+cn: gothenburg2
+ipNetworkNumber: 155.11.62.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=munich-5, o=SGI, c=US
+cn: munich-5
+ipNetworkNumber: 155.11.63.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=munich-6, o=SGI, c=US
+cn: munich-6
+ipNetworkNumber: 155.11.63.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=munich-7, o=SGI, c=US
+cn: munich-7
+ipNetworkNumber: 155.11.64.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=munich-8, o=SGI, c=US
+cn: munich-8
+ipNetworkNumber: 155.11.64.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=zurich-ppp1, o=SGI, c=US
+cn: zurich-ppp1
+ipNetworkNumber: 155.11.65.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=zurich-ppp2, o=SGI, c=US
+cn: zurich-ppp2
+ipNetworkNumber: 155.11.65.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=stavanger01, o=SGI, c=US
+cn: stavanger01
+ipNetworkNumber: 155.11.66.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=stavanger02, o=SGI, c=US
+cn: stavanger02
+ipNetworkNumber: 155.11.66.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=jerusalem1, o=SGI, c=US
+cn: jerusalem1
+ipNetworkNumber: 155.11.67.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=jerusalem2, o=SGI, c=US
+cn: jerusalem2
+ipNetworkNumber: 155.11.67.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-debug1, o=SGI, c=US
+cn: neu-debug1
+ipNetworkNumber: 155.11.68.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-debug2, o=SGI, c=US
+cn: neu-debug2
+ipNetworkNumber: 155.11.68.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-peripheral1, o=SGI, c=US
+cn: neu-peripheral1
+ipNetworkNumber: 155.11.70.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-peripheral2, o=SGI, c=US
+cn: neu-peripheral2
+ipNetworkNumber: 155.11.70.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-15, o=SGI, c=US
+cn: reading-15
+ipNetworkNumber: 155.11.71.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-16, o=SGI, c=US
+cn: reading-16
+ipNetworkNumber: 155.11.71.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-17, o=SGI, c=US
+cn: reading-17
+ipNetworkNumber: 155.11.72.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-18, o=SGI, c=US
+cn: reading-18
+ipNetworkNumber: 155.11.72.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-19, o=SGI, c=US
+cn: reading-19
+ipNetworkNumber: 155.11.73.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-20, o=SGI, c=US
+cn: reading-20
+ipNetworkNumber: 155.11.73.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=demeern-9, o=SGI, c=US
+cn: demeern-9
+ipNetworkNumber: 155.11.74.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=demeern-10, o=SGI, c=US
+cn: demeern-10
+ipNetworkNumber: 155.11.74.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=demeern-11, o=SGI, c=US
+cn: demeern-11
+ipNetworkNumber: 155.11.75.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=demeern-12, o=SGI, c=US
+cn: demeern-12
+ipNetworkNumber: 155.11.75.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=demeern-13, o=SGI, c=US
+cn: demeern-13
+ipNetworkNumber: 155.11.76.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=demeern-14, o=SGI, c=US
+cn: demeern-14
+ipNetworkNumber: 155.11.76.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-21, o=SGI, c=US
+cn: reading-21
+ipNetworkNumber: 155.11.77.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-22, o=SGI, c=US
+cn: reading-22
+ipNetworkNumber: 155.11.77.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-23, o=SGI, c=US
+cn: reading-23
+ipNetworkNumber: 155.11.78.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-24, o=SGI, c=US
+cn: reading-24
+ipNetworkNumber: 155.11.78.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-25, o=SGI, c=US
+cn: reading-25
+ipNetworkNumber: 155.11.79.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-26, o=SGI, c=US
+cn: reading-26
+ipNetworkNumber: 155.11.79.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=praha-01, o=SGI, c=US
+cn: praha-01
+ipNetworkNumber: 155.11.80.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=praha-02, o=SGI, c=US
+cn: praha-02
+ipNetworkNumber: 155.11.80.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=strasbourg-01, o=SGI, c=US
+cn: strasbourg-01
+ipNetworkNumber: 155.11.81.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=paris-08, o=SGI, c=US
+cn: paris-08
+ipNetworkNumber: 155.11.81.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=paris-09, o=SGI, c=US
+cn: paris-09
+ipNetworkNumber: 155.11.82.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=paris-10, o=SGI, c=US
+cn: paris-10
+ipNetworkNumber: 155.11.82.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=milan-03, o=SGI, c=US
+cn: milan-03
+ipNetworkNumber: 155.11.83.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=milan-04, o=SGI, c=US
+cn: milan-04
+ipNetworkNumber: 155.11.83.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=cort-desktop1, o=SGI, c=US
+cn: cort-desktop1
+ipNetworkNumber: 155.11.84.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=cort-desktop2, o=SGI, c=US
+cn: cort-desktop2
+ipNetworkNumber: 155.11.84.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=copen-3, o=SGI, c=US
+cn: copen-3
+ipNetworkNumber: 155.11.85.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=copen-4, o=SGI, c=US
+cn: copen-4
+ipNetworkNumber: 155.11.85.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu-isdn, o=SGI, c=US
+cn: neu-isdn
+ipNetworkNumber: 155.11.86.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=home-isdn, o=SGI, c=US
+cn: home-isdn
+ipNetworkNumber: 155.11.86.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=lausanne5, o=SGI, c=US
+cn: lausanne5
+ipNetworkNumber: 155.11.87.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=lausanne6, o=SGI, c=US
+cn: lausanne6
+ipNetworkNumber: 155.11.87.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=lausanne7, o=SGI, c=US
+cn: lausanne7
+ipNetworkNumber: 155.11.88.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-01, o=SGI, c=US
+cn: reading-01
+ipNetworkNumber: 155.11.90.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-02, o=SGI, c=US
+cn: reading-02
+ipNetworkNumber: 155.11.90.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-03, o=SGI, c=US
+cn: reading-03
+ipNetworkNumber: 155.11.91.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-04, o=SGI, c=US
+cn: reading-04
+ipNetworkNumber: 155.11.91.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-05, o=SGI, c=US
+cn: reading-05
+ipNetworkNumber: 155.11.92.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-06, o=SGI, c=US
+cn: reading-06
+ipNetworkNumber: 155.11.92.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-07, o=SGI, c=US
+cn: reading-07
+ipNetworkNumber: 155.11.93.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-08, o=SGI, c=US
+cn: reading-08
+ipNetworkNumber: 155.11.93.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-09, o=SGI, c=US
+cn: reading-09
+ipNetworkNumber: 155.11.94.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-10, o=SGI, c=US
+cn: reading-10
+ipNetworkNumber: 155.11.94.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-11, o=SGI, c=US
+cn: reading-11
+ipNetworkNumber: 155.11.95.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-12, o=SGI, c=US
+cn: reading-12
+ipNetworkNumber: 155.11.95.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-13, o=SGI, c=US
+cn: reading-13
+ipNetworkNumber: 155.11.96.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-14, o=SGI, c=US
+cn: reading-14
+ipNetworkNumber: 155.11.96.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=manchester-01, o=SGI, c=US
+cn: manchester-01
+ipNetworkNumber: 155.11.97.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=manchester-02, o=SGI, c=US
+cn: manchester-02
+ipNetworkNumber: 155.11.97.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-27, o=SGI, c=US
+cn: reading-27
+ipNetworkNumber: 155.11.98.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-28, o=SGI, c=US
+cn: reading-28
+ipNetworkNumber: 155.11.98.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-29, o=SGI, c=US
+cn: reading-29
+ipNetworkNumber: 155.11.99.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neu_comms, o=SGI, c=US
+cn: neu_comms
+ipNetworkNumber: 155.11.99.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-30, o=SGI, c=US
+cn: reading-30
+ipNetworkNumber: 155.11.100.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=reading-31, o=SGI, c=US
+cn: reading-31
+ipNetworkNumber: 155.11.100.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wangate-common, o=SGI, c=US
+cn: wangate-common
+ipNetworkNumber: 155.11.254
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wangate2-wanatl, o=SGI, c=US
+cn: wangate2-wanatl
+ipNetworkNumber: 155.11.253
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wangate2-wandal, o=SGI, c=US
+cn: wangate2-wandal
+ipNetworkNumber: 155.11.252
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wangate-wanhud, o=SGI, c=US
+cn: wangate-wanhud
+ipNetworkNumber: 155.11.251
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wangate2-wanden, o=SGI, c=US
+cn: wangate2-wanden
+ipNetworkNumber: 155.11.250
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wangate2-wandiego, o=SGI, c=US
+cn: wangate2-wandiego
+ipNetworkNumber: 155.11.249
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wangate2-wanhou, o=SGI, c=US
+cn: wangate2-wanhou
+ipNetworkNumber: 155.11.248
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wangate2-wanmtv, o=SGI, c=US
+cn: wangate2-wanmtv
+ipNetworkNumber: 155.11.247
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanfarm-wanrose, o=SGI, c=US
+cn: wanfarm-wanrose
+ipNetworkNumber: 155.11.246
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanfarm-wanoak, o=SGI, c=US
+cn: wanfarm-wanoak
+ipNetworkNumber: 155.11.245
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanfarm-wanhud, o=SGI, c=US
+cn: wanfarm-wanhud
+ipNetworkNumber: 155.11.244
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanhud-wanmil, o=SGI, c=US
+cn: wanhud-wanmil
+ipNetworkNumber: 155.11.243
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanhud-wanhan, o=SGI, c=US
+cn: wanhud-wanhan
+ipNetworkNumber: 155.11.242
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanbeth-wantim, o=SGI, c=US
+cn: wanbeth-wantim
+ipNetworkNumber: 155.11.241
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanbeth-wanatl, o=SGI, c=US
+cn: wanbeth-wanatl
+ipNetworkNumber: 155.11.240
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanatl-wanmco, o=SGI, c=US
+cn: wanatl-wanmco
+ipNetworkNumber: 155.11.239
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanatl-wanlaud, o=SGI, c=US
+cn: wanatl-wanlaud
+ipNetworkNumber: 155.11.238
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wandal-wanstl, o=SGI, c=US
+cn: wandal-wanstl
+ipNetworkNumber: 155.11.237
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=aw-sydney, o=SGI, c=US
+cn: aw-sydney
+ipNetworkNumber: 155.11.236
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wantokyo-wannagoya, o=SGI, c=US
+cn: wantokyo-wannagoya
+ipNetworkNumber: 155.11.235
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=osaka, o=SGI, c=US
+cn: osaka
+ipNetworkNumber: 155.11.234
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=nagoya, o=SGI, c=US
+cn: nagoya
+ipNetworkNumber: 155.11.233
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wagner-home, o=SGI, c=US
+cn: wagner-home
+ipNetworkNumber: 155.11.232
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=ntt-nsg, o=SGI, c=US
+cn: ntt-nsg
+ipNetworkNumber: 155.11.230
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=bos-nei1-brige, o=SGI, c=US
+cn: bos-nei1-brige
+ipNetworkNumber: 155.11.231
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wsyd-wperth, o=SGI, c=US
+cn: wsyd-wperth
+ipNetworkNumber: 155.11.229
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wellington, o=SGI, c=US
+cn: wellington
+ipNetworkNumber: 155.11.228
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=connyers-atlanta, o=SGI, c=US
+cn: connyers-atlanta
+ipNetworkNumber: 155.11.227
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sydney, o=SGI, c=US
+cn: sydney
+ipNetworkNumber: 155.11.226
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=melbourne, o=SGI, c=US
+cn: melbourne
+ipNetworkNumber: 155.11.225
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=brisbane, o=SGI, c=US
+cn: brisbane
+ipNetworkNumber: 155.11.224
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=adelaide, o=SGI, c=US
+cn: adelaide
+ipNetworkNumber: 155.11.223
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=perth, o=SGI, c=US
+cn: perth
+ipNetworkNumber: 155.11.222
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=auckland, o=SGI, c=US
+cn: auckland
+ipNetworkNumber: 155.11.221
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=tokyo-net1, o=SGI, c=US
+cn: tokyo-net1
+ipNetworkNumber: 155.11.220
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=tokyo-net2, o=SGI, c=US
+cn: tokyo-net2
+ipNetworkNumber: 155.11.219
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=hongkong, o=SGI, c=US
+cn: hongkong
+ipNetworkNumber: 155.11.218
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=milwaukee, o=SGI, c=US
+cn: milwaukee
+ipNetworkNumber: 155.11.216
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=kansas, o=SGI, c=US
+cn: kansas
+ipNetworkNumber: 155.11.215
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=honk-kong-test, o=SGI, c=US
+cn: honk-kong-test
+ipNetworkNumber: 155.11.214
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=beijing1, o=SGI, c=US
+cn: beijing1
+ipNetworkNumber: 155.11.213
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=kawasaki, o=SGI, c=US
+cn: kawasaki
+ipNetworkNumber: 155.11.212
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shangai1, o=SGI, c=US
+cn: shangai1
+ipNetworkNumber: 155.11.211
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=guangzhou, o=SGI, c=US
+cn: guangzhou
+ipNetworkNumber: 155.11.210
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=riverside, o=SGI, c=US
+cn: riverside
+ipNetworkNumber: 155.11.206
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=minneapolis, o=SGI, c=US
+cn: minneapolis
+ipNetworkNumber: 155.11.205
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=canberra, o=SGI, c=US
+cn: canberra
+ipNetworkNumber: 155.11.204
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=newdelhi, o=SGI, c=US
+cn: newdelhi
+ipNetworkNumber: 155.11.203
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sanantonio, o=SGI, c=US
+cn: sanantonio
+ipNetworkNumber: 155.11.202
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=frame-relay2, o=SGI, c=US
+cn: frame-relay2
+ipNetworkNumber: 155.11.201
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=pittsburgh, o=SGI, c=US
+cn: pittsburgh
+ipNetworkNumber: 155.11.200
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=albuquerque, o=SGI, c=US
+cn: albuquerque
+ipNetworkNumber: 155.11.199
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=syracuse, o=SGI, c=US
+cn: syracuse
+ipNetworkNumber: 155.11.198
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=rochester, o=SGI, c=US
+cn: rochester
+ipNetworkNumber: 155.11.197
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=tulsa, o=SGI, c=US
+cn: tulsa
+ipNetworkNumber: 155.11.196
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=leffler-home, o=SGI, c=US
+cn: leffler-home
+ipNetworkNumber: 155.11.194
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=melville, o=SGI, c=US
+cn: melville
+ipNetworkNumber: 155.11.193
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=hudson-slip-1, o=SGI, c=US
+cn: hudson-slip-1
+ipNetworkNumber: 155.11.192
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=hudson-engr, o=SGI, c=US
+cn: hudson-engr
+ipNetworkNumber: 155.11.191
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=hudson-sales, o=SGI, c=US
+cn: hudson-sales
+ipNetworkNumber: 155.11.190
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=nova, o=SGI, c=US
+cn: nova
+ipNetworkNumber: 155.11.189
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=singapore, o=SGI, c=US
+cn: singapore
+ipNetworkNumber: 155.11.188
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=allied, o=SGI, c=US
+cn: allied
+ipNetworkNumber: 155.11.187
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=manhattan, o=SGI, c=US
+cn: manhattan
+ipNetworkNumber: 155.11.186
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=mtltac, o=SGI, c=US
+cn: mtltac
+ipNetworkNumber: 155.11.185
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=cleveland, o=SGI, c=US
+cn: cleveland
+ipNetworkNumber: 155.11.184
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sao-paolo, o=SGI, c=US
+cn: sao-paolo
+ipNetworkNumber: 155.11.183
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wangate2-wbldG, o=SGI, c=US
+cn: wangate2-wbldG
+ipNetworkNumber: 155.11.181
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sanramon, o=SGI, c=US
+cn: sanramon
+ipNetworkNumber: 155.11.180
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sanramon-fddi, o=SGI, c=US
+cn: sanramon-fddi
+ipNetworkNumber: 155.11.180.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=hudson-training, o=SGI, c=US
+cn: hudson-training
+ipNetworkNumber: 155.11.179
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=hudson-tech, o=SGI, c=US
+cn: hudson-tech
+ipNetworkNumber: 155.11.178
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=singapore-eptc, o=SGI, c=US
+cn: singapore-eptc
+ipNetworkNumber: 155.11.177
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=ottawa, o=SGI, c=US
+cn: ottawa
+ipNetworkNumber: 155.11.172
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=calgary, o=SGI, c=US
+cn: calgary
+ipNetworkNumber: 155.11.171
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=vancouver, o=SGI, c=US
+cn: vancouver
+ipNetworkNumber: 155.11.170
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=tampa, o=SGI, c=US
+cn: tampa
+ipNetworkNumber: 155.11.169
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=birmingham, o=SGI, c=US
+cn: birmingham
+ipNetworkNumber: 155.11.168
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=stlouis-sales, o=SGI, c=US
+cn: stlouis-sales
+ipNetworkNumber: 155.11.167
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=stlouis-service, o=SGI, c=US
+cn: stlouis-service
+ipNetworkNumber: 155.11.166
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=albany, o=SGI, c=US
+cn: albany
+ipNetworkNumber: 155.11.165
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=neworleans, o=SGI, c=US
+cn: neworleans
+ipNetworkNumber: 155.11.164
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sacramento, o=SGI, c=US
+cn: sacramento
+ipNetworkNumber: 155.11.163
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=buffalo, o=SGI, c=US
+cn: buffalo
+ipNetworkNumber: 155.11.162
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=urbana, o=SGI, c=US
+cn: urbana
+ipNetworkNumber: 155.11.161
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=korea, o=SGI, c=US
+cn: korea
+ipNetworkNumber: 155.11.160
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=harrisburg, o=SGI, c=US
+cn: harrisburg
+ipNetworkNumber: 155.11.159
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=dallas1, o=SGI, c=US
+cn: dallas1
+ipNetworkNumber: 155.11.158
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=dallas2, o=SGI, c=US
+cn: dallas2
+ipNetworkNumber: 155.11.157
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=denver1, o=SGI, c=US
+cn: denver1
+ipNetworkNumber: 155.11.156
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=denver2, o=SGI, c=US
+cn: denver2
+ipNetworkNumber: 155.11.155
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=toronto, o=SGI, c=US
+cn: toronto
+ipNetworkNumber: 155.11.154
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=stlaurent, o=SGI, c=US
+cn: stlaurent
+ipNetworkNumber: 155.11.153
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=charlotte, o=SGI, c=US
+cn: charlotte
+ipNetworkNumber: 155.11.152
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=bothell, o=SGI, c=US
+cn: bothell
+ipNetworkNumber: 155.11.151
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=space-vision-tokyo, o=SGI, c=US
+cn: space-vision-tokyo
+ipNetworkNumber: 155.11.150
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=cray-mfg-pro-tokyo, o=SGI, c=US
+cn: cray-mfg-pro-tokyo
+ipNetworkNumber: 155.11.149
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sandiego, o=SGI, c=US
+cn: sandiego
+ipNetworkNumber: 155.11.148
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b16-corp-avai, o=SGI, c=US
+cn: b16-corp-avai
+ipNetworkNumber: 155.11.147
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=houston, o=SGI, c=US
+cn: houston
+ipNetworkNumber: 155.11.145
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=lauderdale, o=SGI, c=US
+cn: lauderdale
+ipNetworkNumber: 155.11.144
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=huntsville, o=SGI, c=US
+cn: huntsville
+ipNetworkNumber: 155.11.143
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=jackson, o=SGI, c=US
+cn: jackson
+ipNetworkNumber: 155.11.142
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=triangle, o=SGI, c=US
+cn: triangle
+ipNetworkNumber: 155.11.141
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=knoxville-avai, o=SGI, c=US
+cn: knoxville-avai
+ipNetworkNumber: 155.11.140
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=orlando, o=SGI, c=US
+cn: orlando
+ipNetworkNumber: 155.11.139
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=pensacola, o=SGI, c=US
+cn: pensacola
+ipNetworkNumber: 155.11.138
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=atlanta-avai, o=SGI, c=US
+cn: atlanta-avai
+ipNetworkNumber: 155.11.137
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=hampton-avai, o=SGI, c=US
+cn: hampton-avai
+ipNetworkNumber: 155.11.136
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=timonium, o=SGI, c=US
+cn: timonium
+ipNetworkNumber: 155.11.135
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=clubfed-avai, o=SGI, c=US
+cn: clubfed-avai
+ipNetworkNumber: 155.11.134
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=dayton-avai, o=SGI, c=US
+cn: dayton-avai
+ipNetworkNumber: 155.11.133
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=columbus, o=SGI, c=US
+cn: columbus
+ipNetworkNumber: 155.11.132
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=chicago, o=SGI, c=US
+cn: chicago
+ipNetworkNumber: 155.11.131
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=indianapolis, o=SGI, c=US
+cn: indianapolis
+ipNetworkNumber: 155.11.130
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=detroit, o=SGI, c=US
+cn: detroit
+ipNetworkNumber: 155.11.129
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=trevose, o=SGI, c=US
+cn: trevose
+ipNetworkNumber: 155.11.128
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=parsippany, o=SGI, c=US
+cn: parsippany
+ipNetworkNumber: 155.11.127
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=meriden-avai, o=SGI, c=US
+cn: meriden-avai
+ipNetworkNumber: 155.11.126
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=richmond, o=SGI, c=US
+cn: richmond
+ipNetworkNumber: 155.11.125
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=aberdeen, o=SGI, c=US
+cn: aberdeen
+ipNetworkNumber: 155.11.124
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=hacienda, o=SGI, c=US
+cn: hacienda
+ipNetworkNumber: 155.11.123
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=hudson-dfoulser, o=SGI, c=US
+cn: hudson-dfoulser
+ipNetworkNumber: 155.11.122
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=ftworth, o=SGI, c=US
+cn: ftworth
+ipNetworkNumber: 155.11.121
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=tokyo-net3, o=SGI, c=US
+cn: tokyo-net3
+ipNetworkNumber: 155.11.120
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=tokyo-nptc2, o=SGI, c=US
+cn: tokyo-nptc2
+ipNetworkNumber: 155.11.119
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=johannesburg, o=SGI, c=US
+cn: johannesburg
+ipNetworkNumber: 155.11.118
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=tokyo-nptc1, o=SGI, c=US
+cn: tokyo-nptc1
+ipNetworkNumber: 155.11.117
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=ssi-prod, o=SGI, c=US
+cn: ssi-prod
+ipNetworkNumber: 155.11.116
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=bangalore, o=SGI, c=US
+cn: bangalore
+ipNetworkNumber: 155.11.115
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wan-atm, o=SGI, c=US
+cn: wan-atm
+ipNetworkNumber: 155.11.112
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=clearlake, o=SGI, c=US
+cn: clearlake
+ipNetworkNumber: 155.11.111
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=alamos, o=SGI, c=US
+cn: alamos
+ipNetworkNumber: 155.11.110
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=troy, o=SGI, c=US
+cn: troy
+ipNetworkNumber: 155.11.109
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=temp-ring, o=SGI, c=US
+cn: temp-ring
+ipNetworkNumber: 155.11.108
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=silicon-farm, o=SGI, c=US
+cn: silicon-farm
+ipNetworkNumber: 155.11.107
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=perftools-melb, o=SGI, c=US
+cn: perftools-melb
+ipNetworkNumber: 155.11.106
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=memphis, o=SGI, c=US
+cn: memphis
+ipNetworkNumber: 155.11.104
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=nashville, o=SGI, c=US
+cn: nashville
+ipNetworkNumber: 155.11.103
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=access-graphics, o=SGI, c=US
+cn: access-graphics
+ipNetworkNumber: 155.11.102
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sgi-uk, o=SGI, c=US
+cn: sgi-uk
+ipNetworkNumber: 192.35.108
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=melbourne-net, o=SGI, c=US
+cn: melbourne-net
+ipNetworkNumber: 192.68.139
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=oasis, o=SGI, c=US
+cn: oasis
+ipNetworkNumber: 163.154.0.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=ids-1, o=SGI, c=US
+cn: ids-1
+ipNetworkNumber: 204.94.208
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=sgigate-net, o=SGI, c=US
+cn: sgigate-net
+ipNetworkNumber: 204.94.209
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=is-test-out, o=SGI, c=US
+cn: is-test-out
+ipNetworkNumber: 204.94.210
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=is-outside-ring, o=SGI, c=US
+cn: is-outside-ring
+ipNetworkNumber: 204.94.211
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=is-devforum, o=SGI, c=US
+cn: is-devforum
+ipNetworkNumber: 204.94.212
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=is-devline, o=SGI, c=US
+cn: is-devline
+ipNetworkNumber: 204.94.213
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=alv-temp, o=SGI, c=US
+cn: alv-temp
+ipNetworkNumber: 204.94.215
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=ids-2, o=SGI, c=US
+cn: ids-2
+ipNetworkNumber: 204.94.223
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=ssla-cidr-1, o=SGI, c=US
+cn: ssla-cidr-1
+ipNetworkNumber: 204.250.254
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=ssla-cidr-2, o=SGI, c=US
+cn: ssla-cidr-2
+ipNetworkNumber: 204.250.255
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17u-cselabtr, o=SGI, c=US
+cn: b17u-cselabtr
+ipNetworkNumber: 150.166.1
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17u-labiso, o=SGI, c=US
+cn: b17u-labiso
+ipNetworkNumber: 150.166.2
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17u-cselabfddi, o=SGI, c=US
+cn: b17u-cselabfddi
+ipNetworkNumber: 150.166.3
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17u-labenet1, o=SGI, c=US
+cn: b17u-labenet1
+ipNetworkNumber: 150.166.4
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17u-labenet2, o=SGI, c=US
+cn: b17u-labenet2
+ipNetworkNumber: 150.166.5
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17l-new2, o=SGI, c=US
+cn: b17l-new2
+ipNetworkNumber: 150.166.7
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17-microwave, o=SGI, c=US
+cn: b17-microwave
+ipNetworkNumber: 150.166.9
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=etc-fiber-channel, o=SGI, c=US
+cn: etc-fiber-channel
+ipNetworkNumber: 150.166.10
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17u-cselabmm, o=SGI, c=US
+cn: b17u-cselabmm
+ipNetworkNumber: 150.166.11
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b30l-csd, o=SGI, c=US
+cn: b30l-csd
+ipNetworkNumber: 150.166.12
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-tring_net1, o=SGI, c=US
+cn: b8u-tring_net1
+ipNetworkNumber: 150.166.13
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17u-lab-conf, o=SGI, c=US
+cn: b17u-lab-conf
+ipNetworkNumber: 150.166.14
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17u-cselabhip, o=SGI, c=US
+cn: b17u-cselabhip
+ipNetworkNumber: 150.166.15
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-tring_net2, o=SGI, c=US
+cn: b8u-tring_net2
+ipNetworkNumber: 150.166.16
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b24u-performance-plus_lab, o=SGI, c=US
+cn: b24u-performance-plus_lab
+ipNetworkNumber: 150.166.17
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b21-softsuite-blockhouse-network, o=SGI, c=US
+cn: b21-softsuite-blockhouse-network
+ipNetworkNumber: 150.166.24
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14u-vsg-apps3, o=SGI, c=US
+cn: b14u-vsg-apps3
+ipNetworkNumber: 150.166.32
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14l-corp-net5, o=SGI, c=US
+cn: b14l-corp-net5
+ipNetworkNumber: 150.166.33
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9u-lab, o=SGI, c=US
+cn: b9u-lab
+ipNetworkNumber: 150.166.34
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1dco-ntservers, o=SGI, c=US
+cn: b1dco-ntservers
+ipNetworkNumber: 150.166.35
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-engr-net, o=SGI, c=US
+cn: b8u-engr-net
+ipNetworkNumber: 150.166.36
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-core_render_net1, o=SGI, c=US
+cn: b8u-core_render_net1
+ipNetworkNumber: 150.166.37
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b10l-pandora_lab_engr2, o=SGI, c=US
+cn: b10l-pandora_lab_engr2
+ipNetworkNumber: 150.166.39
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-ipd, o=SGI, c=US
+cn: b8u-ipd
+ipNetworkNumber: 150.166.40
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-ipd_lab, o=SGI, c=US
+cn: b8u-ipd_lab
+ipNetworkNumber: 150.166.41
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-ipd_engr, o=SGI, c=US
+cn: b8u-ipd_engr
+ipNetworkNumber: 150.166.42
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8l-ibmi_lab, o=SGI, c=US
+cn: b8l-ibmi_lab
+ipNetworkNumber: 150.166.43
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-tirix_net, o=SGI, c=US
+cn: b8u-tirix_net
+ipNetworkNumber: 150.166.44
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b12-imsd5, o=SGI, c=US
+cn: b12-imsd5
+ipNetworkNumber: 150.166.45
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dss2, o=SGI, c=US
+cn: b1-dss2
+ipNetworkNumber: 150.166.46
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dss3, o=SGI, c=US
+cn: b1-dss3
+ipNetworkNumber: 150.166.47
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-add-mktg, o=SGI, c=US
+cn: b8u-add-mktg
+ipNetworkNumber: 150.166.48
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-ipd_lab2, o=SGI, c=US
+cn: b8u-ipd_lab2
+ipNetworkNumber: 150.166.49
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b10l-pandora_lab_engr, o=SGI, c=US
+cn: b10l-pandora_lab_engr
+ipNetworkNumber: 150.166.51
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b10-community1, o=SGI, c=US
+cn: b10-community1
+ipNetworkNumber: 150.166.52
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b10-community2, o=SGI, c=US
+cn: b10-community2
+ipNetworkNumber: 150.166.53
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b10-community3, o=SGI, c=US
+cn: b10-community3
+ipNetworkNumber: 150.166.54
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b10-community4, o=SGI, c=US
+cn: b10-community4
+ipNetworkNumber: 150.166.55
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b10-community5, o=SGI, c=US
+cn: b10-community5
+ipNetworkNumber: 150.166.56
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b10-community6, o=SGI, c=US
+cn: b10-community6
+ipNetworkNumber: 150.166.57
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b10-community7, o=SGI, c=US
+cn: b10-community7
+ipNetworkNumber: 150.166.58
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9u-tw59, o=SGI, c=US
+cn: b9u-tw59
+ipNetworkNumber: 150.166.59
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-empty60, o=SGI, c=US
+cn: b9-empty60
+ipNetworkNumber: 150.166.60
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9u-engr61, o=SGI, c=US
+cn: b9u-engr61
+ipNetworkNumber: 150.166.61
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-empty62, o=SGI, c=US
+cn: b9-empty62
+ipNetworkNumber: 150.166.62
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-empty63, o=SGI, c=US
+cn: b9-empty63
+ipNetworkNumber: 150.166.63
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-empty64, o=SGI, c=US
+cn: b9-empty64
+ipNetworkNumber: 150.166.64
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9l-sw-lab1, o=SGI, c=US
+cn: b9l-sw-lab1
+ipNetworkNumber: 150.166.65
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9l-sw-lab2, o=SGI, c=US
+cn: b9l-sw-lab2
+ipNetworkNumber: 150.166.66
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-empty68, o=SGI, c=US
+cn: b9-empty68
+ipNetworkNumber: 150.166.68
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-empty69, o=SGI, c=US
+cn: b9-empty69
+ipNetworkNumber: 150.166.69
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9u-tw-itv1, o=SGI, c=US
+cn: b9u-tw-itv1
+ipNetworkNumber: 150.166.70
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-empty71, o=SGI, c=US
+cn: b9-empty71
+ipNetworkNumber: 150.166.71
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-empty72, o=SGI, c=US
+cn: b9-empty72
+ipNetworkNumber: 150.166.72
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-empty73, o=SGI, c=US
+cn: b9-empty73
+ipNetworkNumber: 150.166.73
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-empty74, o=SGI, c=US
+cn: b9-empty74
+ipNetworkNumber: 150.166.74
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9u-engr75, o=SGI, c=US
+cn: b9u-engr75
+ipNetworkNumber: 150.166.75
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9u-engr76, o=SGI, c=US
+cn: b9u-engr76
+ipNetworkNumber: 150.166.76
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-empty77, o=SGI, c=US
+cn: b9-empty77
+ipNetworkNumber: 150.166.77
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-empty78, o=SGI, c=US
+cn: b9-empty78
+ipNetworkNumber: 150.166.78
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9l-100bt, o=SGI, c=US
+cn: b9l-100bt
+ipNetworkNumber: 150.166.79
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-empty80, o=SGI, c=US
+cn: b9-empty80
+ipNetworkNumber: 150.166.80
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9l-advnet-lab, o=SGI, c=US
+cn: b9l-advnet-lab
+ipNetworkNumber: 150.166.81
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-empty82, o=SGI, c=US
+cn: b9-empty82
+ipNetworkNumber: 150.166.82
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-webgrp, o=SGI, c=US
+cn: b9-webgrp
+ipNetworkNumber: 150.166.83
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=aes-ams-atm2, o=SGI, c=US
+cn: aes-ams-atm2
+ipNetworkNumber: 150.166.84
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=aes-ams-atm3, o=SGI, c=US
+cn: aes-ams-atm3
+ipNetworkNumber: 150.166.85
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17l-csdtrnglab, o=SGI, c=US
+cn: b17l-csdtrnglab
+ipNetworkNumber: 150.166.87
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9l-sqa-fddi1, o=SGI, c=US
+cn: b9l-sqa-fddi1
+ipNetworkNumber: 150.166.88
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9l-sqa-fddi2, o=SGI, c=US
+cn: b9l-sqa-fddi2
+ipNetworkNumber: 150.166.89
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b20-dco-fddi, o=SGI, c=US
+cn: b20-dco-fddi
+ipNetworkNumber: 150.166.90
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b20-dco, o=SGI, c=US
+cn: b20-dco
+ipNetworkNumber: 150.166.91
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9u-atm-lab, o=SGI, c=US
+cn: b9u-atm-lab
+ipNetworkNumber: 150.166.92
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9u-atm-lab2, o=SGI, c=US
+cn: b9u-atm-lab2
+ipNetworkNumber: 150.166.67
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b21-etm3, o=SGI, c=US
+cn: b21-etm3
+ipNetworkNumber: 150.166.93
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b21-ssi2, o=SGI, c=US
+cn: b21-ssi2
+ipNetworkNumber: 150.166.94
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b22-1, o=SGI, c=US
+cn: b22-1
+ipNetworkNumber: 150.166.95
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b22-2, o=SGI, c=US
+cn: b22-2
+ipNetworkNumber: 150.166.96
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8l, o=SGI, c=US
+cn: b8l
+ipNetworkNumber: 150.166.97
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b15-micro, o=SGI, c=US
+cn: b15-micro
+ipNetworkNumber: 150.166.98
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=ss-wan-net, o=SGI, c=US
+cn: ss-wan-net
+ipNetworkNumber: 150.166.99
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=fddi-campus, o=SGI, c=US
+cn: fddi-campus
+ipNetworkNumber: 150.166.100
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17u-cse1, o=SGI, c=US
+cn: b17u-cse1
+ipNetworkNumber: 150.166.101
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17-b21_micro, o=SGI, c=US
+cn: b17-b21_micro
+ipNetworkNumber: 150.166.102
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b15-b20_atm, o=SGI, c=US
+cn: b15-b20_atm
+ipNetworkNumber: 150.166.103
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14U-apps3, o=SGI, c=US
+cn: b14U-apps3
+ipNetworkNumber: 150.166.104
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9u-100bt, o=SGI, c=US
+cn: b9u-100bt
+ipNetworkNumber: 150.166.105
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b12l-mfg, o=SGI, c=US
+cn: b12l-mfg
+ipNetworkNumber: 150.166.106
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=atm-utp, o=SGI, c=US
+cn: atm-utp
+ipNetworkNumber: 150.166.107
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b5u-demo-room, o=SGI, c=US
+cn: b5u-demo-room
+ipNetworkNumber: 150.166.108
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-ssd-benchlab_2, o=SGI, c=US
+cn: b7l-ssd-benchlab_2
+ipNetworkNumber: 150.166.109
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2u-gandalf-110, o=SGI, c=US
+cn: b2u-gandalf-110
+ipNetworkNumber: 150.166.110
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dms1, o=SGI, c=US
+cn: b1-dms1
+ipNetworkNumber: 150.166.111
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-dms2, o=SGI, c=US
+cn: b1-dms2
+ipNetworkNumber: 150.166.112
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9l-media-qa_lab, o=SGI, c=US
+cn: b9l-media-qa_lab
+ipNetworkNumber: 150.166.113
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b23-micro, o=SGI, c=US
+cn: b23-micro
+ipNetworkNumber: 150.166.116
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b23-production, o=SGI, c=US
+cn: b23-production
+ipNetworkNumber: 150.166.117
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b23-t1, o=SGI, c=US
+cn: b23-t1
+ipNetworkNumber: 150.166.118
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b23, o=SGI, c=US
+cn: b23
+ipNetworkNumber: 150.166.119
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=btl-essA, o=SGI, c=US
+cn: btl-essA
+ipNetworkNumber: 150.166.120
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=btu-essA, o=SGI, c=US
+cn: btu-essA
+ipNetworkNumber: 150.166.121
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=bt-t1-b1, o=SGI, c=US
+cn: bt-t1-b1
+ipNetworkNumber: 150.166.122
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=bt-mcast-b1, o=SGI, c=US
+cn: bt-mcast-b1
+ipNetworkNumber: 150.166.123
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=bt-hssi-b1, o=SGI, c=US
+cn: bt-hssi-b1
+ipNetworkNumber: 150.166.124
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=btl-essB, o=SGI, c=US
+cn: btl-essB
+ipNetworkNumber: 150.166.125
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=btu-essB, o=SGI, c=US
+cn: btu-essB
+ipNetworkNumber: 150.166.126
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b24l-b2_micro, o=SGI, c=US
+cn: b24l-b2_micro
+ipNetworkNumber: 150.166.127
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b1-b28-t1, o=SGI, c=US
+cn: b1-b28-t1
+ipNetworkNumber: 150.166.132
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b10-b28-micro, o=SGI, c=US
+cn: b10-b28-micro
+ipNetworkNumber: 150.166.133
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b28-b29-endusers, o=SGI, c=US
+cn: b28-b29-endusers
+ipNetworkNumber: 150.166.134
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17u-cselabatm, o=SGI, c=US
+cn: b17u-cselabatm
+ipNetworkNumber: 150.166.135
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b16-endusers, o=SGI, c=US
+cn: b16-endusers
+ipNetworkNumber: 150.166.136
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14u-endusers, o=SGI, c=US
+cn: b14u-endusers
+ipNetworkNumber: 150.166.137
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14u-endusers1, o=SGI, c=US
+cn: b14u-endusers1
+ipNetworkNumber: 150.166.138
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14l-inperson_lab, o=SGI, c=US
+cn: b14l-inperson_lab
+ipNetworkNumber: 150.166.139
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14l-endusers, o=SGI, c=US
+cn: b14l-endusers
+ipNetworkNumber: 150.166.140
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=ntg-net, o=SGI, c=US
+cn: ntg-net
+ipNetworkNumber: 150.166.141
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9u-sw-net, o=SGI, c=US
+cn: b9u-sw-net
+ipNetworkNumber: 150.166.142
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2-b27-micro, o=SGI, c=US
+cn: b2-b27-micro
+ipNetworkNumber: 150.166.143
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b27l-csd-endusers, o=SGI, c=US
+cn: b27l-csd-endusers
+ipNetworkNumber: 150.166.144
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b27u-csd-endusers, o=SGI, c=US
+cn: b27u-csd-endusers
+ipNetworkNumber: 150.166.145
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b21-corp-users, o=SGI, c=US
+cn: b21-corp-users
+ipNetworkNumber: 150.166.146
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8u-hppi-lab, o=SGI, c=US
+cn: b8u-hppi-lab
+ipNetworkNumber: 150.166.147
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=isdn-engr, o=SGI, c=US
+cn: isdn-engr
+ipNetworkNumber: 150.166.148
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14l-moose1, o=SGI, c=US
+cn: b14l-moose1
+ipNetworkNumber: 150.166.149
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14l-esd-users, o=SGI, c=US
+cn: b14l-esd-users
+ipNetworkNumber: 150.166.150
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b2-b26-fddi, o=SGI, c=US
+cn: b2-b26-fddi
+ipNetworkNumber: 150.166.151
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b26u-mfg, o=SGI, c=US
+cn: b26u-mfg
+ipNetworkNumber: 150.166.152
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b26u-csd, o=SGI, c=US
+cn: b26u-csd
+ipNetworkNumber: 150.166.153
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b26l-mfg, o=SGI, c=US
+cn: b26l-mfg
+ipNetworkNumber: 150.166.154
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b26l-csd, o=SGI, c=US
+cn: b26l-csd
+ipNetworkNumber: 150.166.155
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b26-mfg-floor, o=SGI, c=US
+cn: b26-mfg-floor
+ipNetworkNumber: 150.166.156
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b26-gcs-csd1, o=SGI, c=US
+cn: b26-gcs-csd1
+ipNetworkNumber: 150.166.157
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b26-mfg-server, o=SGI, c=US
+cn: b26-mfg-server
+ipNetworkNumber: 150.166.158
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b26-gcs-csd2, o=SGI, c=US
+cn: b26-gcs-csd2
+ipNetworkNumber: 150.166.159
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b27-telecomm-net, o=SGI, c=US
+cn: b27-telecomm-net
+ipNetworkNumber: 150.166.160
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14-isdn-esd, o=SGI, c=US
+cn: b14-isdn-esd
+ipNetworkNumber: 150.166.161
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7l-hippi, o=SGI, c=US
+cn: b7l-hippi
+ipNetworkNumber: 150.166.162
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-atm, o=SGI, c=US
+cn: b9-atm
+ipNetworkNumber: 150.166.163
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b7-hippi, o=SGI, c=US
+cn: b7-hippi
+ipNetworkNumber: 150.166.164
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b14-community, o=SGI, c=US
+cn: b14-community
+ipNetworkNumber: 150.166.165
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9-eis-hippi, o=SGI, c=US
+cn: b9-eis-hippi
+ipNetworkNumber: 150.166.166
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b9l-laddis-lab, o=SGI, c=US
+cn: b9l-laddis-lab
+ipNetworkNumber: 150.166.167
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b24u-dev-hlab, o=SGI, c=US
+cn: b24u-dev-hlab
+ipNetworkNumber: 150.166.171
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b25-1-community-net, o=SGI, c=US
+cn: b25-1-community-net
+ipNetworkNumber: 150.166.172.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b25-2-community-net, o=SGI, c=US
+cn: b25-2-community-net
+ipNetworkNumber: 150.166.173.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b25-3-community-net, o=SGI, c=US
+cn: b25-3-community-net
+ipNetworkNumber: 150.166.174.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b25-4-community-net, o=SGI, c=US
+cn: b25-4-community-net
+ipNetworkNumber: 150.166.175.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b25-noc-net, o=SGI, c=US
+cn: b25-noc-net
+ipNetworkNumber: 150.166.176.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b25-isac-net, o=SGI, c=US
+cn: b25-isac-net
+ipNetworkNumber: 150.166.177.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b25-mmedia-lab-net, o=SGI, c=US
+cn: b25-mmedia-lab-net
+ipNetworkNumber: 150.166.178.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b25-ntg-lab-net, o=SGI, c=US
+cn: b25-ntg-lab-net
+ipNetworkNumber: 150.166.179.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b25-cvt-lab-net, o=SGI, c=US
+cn: b25-cvt-lab-net
+ipNetworkNumber: 150.166.180.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=fddi-annex, o=SGI, c=US
+cn: fddi-annex
+ipNetworkNumber: 150.166.200
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo1, o=SGI, c=US
+cn: shore-nafo1
+ipNetworkNumber: 150.166.201
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo2, o=SGI, c=US
+cn: shore-nafo2
+ipNetworkNumber: 150.166.202
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo3, o=SGI, c=US
+cn: shore-nafo3
+ipNetworkNumber: 150.166.203
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo4, o=SGI, c=US
+cn: shore-nafo4
+ipNetworkNumber: 150.166.204
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo5, o=SGI, c=US
+cn: shore-nafo5
+ipNetworkNumber: 150.166.205
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo6, o=SGI, c=US
+cn: shore-nafo6
+ipNetworkNumber: 150.166.206
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo7, o=SGI, c=US
+cn: shore-nafo7
+ipNetworkNumber: 150.166.207
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo8, o=SGI, c=US
+cn: shore-nafo8
+ipNetworkNumber: 150.166.208
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo9, o=SGI, c=US
+cn: shore-nafo9
+ipNetworkNumber: 150.166.209
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo10, o=SGI, c=US
+cn: shore-nafo10
+ipNetworkNumber: 150.166.210
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo11, o=SGI, c=US
+cn: shore-nafo11
+ipNetworkNumber: 150.166.211
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo12, o=SGI, c=US
+cn: shore-nafo12
+ipNetworkNumber: 150.166.212
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo13, o=SGI, c=US
+cn: shore-nafo13
+ipNetworkNumber: 150.166.213
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo14, o=SGI, c=US
+cn: shore-nafo14
+ipNetworkNumber: 150.166.214
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo15, o=SGI, c=US
+cn: shore-nafo15
+ipNetworkNumber: 150.166.215
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=telecom-solutions1, o=SGI, c=US
+cn: telecom-solutions1
+ipNetworkNumber: 150.166.216
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=telecom-solutions2, o=SGI, c=US
+cn: telecom-solutions2
+ipNetworkNumber: 150.166.217
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b20l-saleslab-2, o=SGI, c=US
+cn: b20l-saleslab-2
+ipNetworkNumber: 150.166.219
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=magic-mkting, o=SGI, c=US
+cn: magic-mkting
+ipNetworkNumber: 150.166.220
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo21, o=SGI, c=US
+cn: shore-nafo21
+ipNetworkNumber: 150.166.221
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo22, o=SGI, c=US
+cn: shore-nafo22
+ipNetworkNumber: 150.166.222
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b40-leadership1, o=SGI, c=US
+cn: b40-leadership1
+ipNetworkNumber: 150.166.227
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b40-leadership2, o=SGI, c=US
+cn: b40-leadership2
+ipNetworkNumber: 150.166.228
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17u-cseserv, o=SGI, c=US
+cn: b17u-cseserv
+ipNetworkNumber: 150.166.229
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=atm-bckbone, o=SGI, c=US
+cn: atm-bckbone
+ipNetworkNumber: 150.166.230
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo29, o=SGI, c=US
+cn: shore-nafo29
+ipNetworkNumber: 150.166.231
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=shore-nafo30, o=SGI, c=US
+cn: shore-nafo30
+ipNetworkNumber: 150.166.232
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=atm2-bckbone, o=SGI, c=US
+cn: atm2-bckbone
+ipNetworkNumber: 150.166.233
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=intr-fddi-3, o=SGI, c=US
+cn: intr-fddi-3
+ipNetworkNumber: 150.166.234
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=atm, o=SGI, c=US
+cn: atm
+ipNetworkNumber: 150.166.235
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-mfg-endusers, o=SGI, c=US
+cn: b11-mfg-endusers
+ipNetworkNumber: 150.166.236
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b27u-tools-lab, o=SGI, c=US
+cn: b27u-tools-lab
+ipNetworkNumber: 150.166.237
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17u-isdn-combinet, o=SGI, c=US
+cn: b17u-isdn-combinet
+ipNetworkNumber: 150.166.238
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b17u-isdn-ppp, o=SGI, c=US
+cn: b17u-isdn-ppp
+ipNetworkNumber: 150.166.239
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b5u-visim, o=SGI, c=US
+cn: b5u-visim
+ipNetworkNumber: 150.166.241
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-5l-mfg, o=SGI, c=US
+cn: b11-5l-mfg
+ipNetworkNumber: 150.166.242
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b11-5u-mfg, o=SGI, c=US
+cn: b11-5u-mfg
+ipNetworkNumber: 150.166.243
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b8-hippi, o=SGI, c=US
+cn: b8-hippi
+ipNetworkNumber: 150.166.245
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b20l-nafo-training, o=SGI, c=US
+cn: b20l-nafo-training
+ipNetworkNumber: 150.166.246
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b21-etm2, o=SGI, c=US
+cn: b21-etm2
+ipNetworkNumber: 150.166.247
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=dialbk-project1, o=SGI, c=US
+cn: dialbk-project1
+ipNetworkNumber: 150.166.248
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=dialbk-project2, o=SGI, c=US
+cn: dialbk-project2
+ipNetworkNumber: 150.166.249
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=dialbk-project3, o=SGI, c=US
+cn: dialbk-project3
+ipNetworkNumber: 150.166.250
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=dialbk-project4, o=SGI, c=US
+cn: dialbk-project4
+ipNetworkNumber: 150.166.251
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b21-ssi4, o=SGI, c=US
+cn: b21-ssi4
+ipNetworkNumber: 150.166.252
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b21-csd1, o=SGI, c=US
+cn: b21-csd1
+ipNetworkNumber: 150.166.253
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=b21-csd2, o=SGI, c=US
+cn: b21-csd2
+ipNetworkNumber: 150.166.254
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanaber.aberdeen, o=SGI, c=US
+cn: wanaber.aberdeen
+ipNetworkNumber: 169.238.31.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanbeth.clubfed, o=SGI, c=US
+cn: wanbeth.clubfed
+ipNetworkNumber: 169.238.31.4
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanham.hampton, o=SGI, c=US
+cn: wanham.hampton
+ipNetworkNumber: 169.238.31.8
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wannova.nova, o=SGI, c=US
+cn: wannova.nova
+ipNetworkNumber: 169.238.31.12
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanrich.richmond, o=SGI, c=US
+cn: wanrich.richmond
+ipNetworkNumber: 169.238.31.16
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wantim.timonium, o=SGI, c=US
+cn: wantim.timonium
+ipNetworkNumber: 169.238.31.20
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanalb.albany, o=SGI, c=US
+cn: wanalb.albany
+ipNetworkNumber: 169.238.63.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanbuf.buffalo, o=SGI, c=US
+cn: wanbuf.buffalo
+ipNetworkNumber: 169.238.63.4
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanhar.harrisburg, o=SGI, c=US
+cn: wanhar.harrisburg
+ipNetworkNumber: 169.238.63.8
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanhud.boston, o=SGI, c=US
+cn: wanhud.boston
+ipNetworkNumber: 169.238.63.12
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanmanhat.manhattan, o=SGI, c=US
+cn: wanmanhat.manhattan
+ipNetworkNumber: 169.238.63.16
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanmel.melville, o=SGI, c=US
+cn: wanmel.melville
+ipNetworkNumber: 169.238.63.20
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=anmer.meriden, o=SGI, c=US
+cn: anmer.meriden
+ipNetworkNumber: 169.238.63.24
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanparsip.parsippany, o=SGI, c=US
+cn: wanparsip.parsippany
+ipNetworkNumber: 169.238.63.28
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanroc.rochester, o=SGI, c=US
+cn: wanroc.rochester
+ipNetworkNumber: 169.238.63.32
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wansyc.syracuse, o=SGI, c=US
+cn: wansyc.syracuse
+ipNetworkNumber: 169.238.63.36
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wantre.trevose, o=SGI, c=US
+cn: wantre.trevose
+ipNetworkNumber: 169.238.63.40
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanaccessg.boulder, o=SGI, c=US
+cn: wanaccessg.boulder
+ipNetworkNumber: 169.238.95.120
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanant.sanantonio, o=SGI, c=US
+cn: wanant.sanantonio
+cn: is
+cn: down
+cn: due
+cn: to
+cn: move>
+ipNetworkNumber: <Site
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanaus.austin, o=SGI, c=US
+cn: wanaus.austin
+ipNetworkNumber: 169.238.95.116
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanclear.clearlake, o=SGI, c=US
+cn: wanclear.clearlake
+ipNetworkNumber: 169.238.95.112
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wancosprgs.cosprings, o=SGI, c=US
+cn: wancosprgs.cosprings
+ipNetworkNumber: 169.238.95.108
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wandal.dallas, o=SGI, c=US
+cn: wandal.dallas
+ipNetworkNumber: 169.238.95.104
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanden.denver, o=SGI, c=US
+cn: wanden.denver
+ipNetworkNumber: 169.238.95.100
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanhou.houst, o=SGI, c=US
+cn: wanhou.houst
+ipNetworkNumber: 169.238.95.96
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanslc.saltlake, o=SGI, c=US
+cn: wanslc.saltlake
+ipNetworkNumber: 169.238.95.92
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wantulsa.tulsa, o=SGI, c=US
+cn: wantulsa.tulsa
+ipNetworkNumber: 169.238.95.88
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanworth.ftworth, o=SGI, c=US
+cn: wanworth.ftworth
+ipNetworkNumber: 169.238.95.84
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=cisco.chez, o=SGI, c=US
+cn: cisco.chez
+ipNetworkNumber: 169.238.127.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=router-ala-jwag.engr, o=SGI, c=US
+cn: router-ala-jwag.engr
+ipNetworkNumber: 169.238.127.4
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanalamos.losalamos, o=SGI, c=US
+cn: wanalamos.losalamos
+ipNetworkNumber: 169.238.127.8
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanalbq.albuquerque, o=SGI, c=US
+cn: wanalbq.albuquerque
+ipNetworkNumber: 169.238.127.12
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wandiego.sandiego, o=SGI, c=US
+cn: wandiego.sandiego
+ipNetworkNumber: 169.238.127.16
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanlos.losangeles, o=SGI, c=US
+cn: wanlos.losangeles
+ipNetworkNumber: 169.238.127.20
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanmtv.corp, o=SGI, c=US
+cn: wanmtv.corp
+ipNetworkNumber: 169.238.127.24
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanmtv2.corp, o=SGI, c=US
+cn: wanmtv2.corp
+ipNetworkNumber: 169.238.127.28
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wannew.newport, o=SGI, c=US
+cn: wannew.newport
+ipNetworkNumber: 169.238.127.32
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanphx.phoenix, o=SGI, c=US
+cn: wanphx.phoenix
+ipNetworkNumber: 169.238.127.36
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanport.oregon, o=SGI, c=US
+cn: wanport.oregon
+ipNetworkNumber: 169.238.127.40
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanram.sanramon, o=SGI, c=US
+cn: wanram.sanramon
+ipNetworkNumber: 169.238.127.44
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanriver.riverside, o=SGI, c=US
+cn: wanriver.riverside
+ipNetworkNumber: 169.238.127.48
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wansacto.sacramento, o=SGI, c=US
+cn: wansacto.sacramento
+ipNetworkNumber: 169.238.127.52
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wansea.seattle, o=SGI, c=US
+cn: wansea.seattle
+ipNetworkNumber: 169.238.127.56
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanspo.spokane, o=SGI, c=US
+cn: wanspo.spokane
+ipNetworkNumber: 169.238.127.60
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanstudio-sm.ssla, o=SGI, c=US
+cn: wanstudio-sm.ssla
+ipNetworkNumber: 169.238.127.64
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wantuc.tucson, o=SGI, c=US
+cn: wantuc.tucson
+ipNetworkNumber: 169.238.127.68
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanvegas.lasvegas, o=SGI, c=US
+cn: wanvegas.lasvegas
+ipNetworkNumber: 169.238.127.72
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanallp.dearborn, o=SGI, c=US
+cn: wanallp.dearborn
+ipNetworkNumber: 169.238.143.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wancleve.cleveland, o=SGI, c=US
+cn: wancleve.cleveland
+ipNetworkNumber: 169.238.143.4
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wancol.columbus, o=SGI, c=US
+cn: wancol.columbus
+ipNetworkNumber: 169.238.143.8
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanday.dayton, o=SGI, c=US
+cn: wanday.dayton
+ipNetworkNumber: 169.238.143.12
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanfarm.detroit, o=SGI, c=US
+cn: wanfarm.detroit
+ipNetworkNumber: 169.238.143.16
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanindy.indianapolis, o=SGI, c=US
+cn: wanindy.indianapolis
+ipNetworkNumber: 169.238.143.20
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanpit.pittsburgh, o=SGI, c=US
+cn: wanpit.pittsburgh
+ipNetworkNumber: 169.238.143.24
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wantroy.troy, o=SGI, c=US
+cn: wantroy.troy
+ipNetworkNumber: 169.238.143.28
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanatl.atlanta, o=SGI, c=US
+cn: wanatl.atlanta
+ipNetworkNumber: 169.238.223.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanbirm.birmingham, o=SGI, c=US
+cn: wanbirm.birmingham
+ipNetworkNumber: 169.238.223.4
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wancharl.charlotte, o=SGI, c=US
+cn: wancharl.charlotte
+ipNetworkNumber: 169.238.223.8
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wancon.conyers, o=SGI, c=US
+cn: wancon.conyers
+ipNetworkNumber: 169.238.223.12
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wandur.triangle, o=SGI, c=US
+cn: wandur.triangle
+ipNetworkNumber: 169.238.223.16
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanhunt.huntsville, o=SGI, c=US
+cn: wanhunt.huntsville
+ipNetworkNumber: 169.238.223.20
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanjack.jackson, o=SGI, c=US
+cn: wanjack.jackson
+ipNetworkNumber: 169.238.223.24
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanknox.knoxville, o=SGI, c=US
+cn: wanknox.knoxville
+ipNetworkNumber: 169.238.223.28
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanlaud.lauderdale, o=SGI, c=US
+cn: wanlaud.lauderdale
+ipNetworkNumber: 169.238.223.32
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanmco.orlando, o=SGI, c=US
+cn: wanmco.orlando
+ipNetworkNumber: 169.238.223.36
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanmem.memphis, o=SGI, c=US
+cn: wanmem.memphis
+ipNetworkNumber: 169.238.223.40
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wannash.nashville, o=SGI, c=US
+cn: wannash.nashville
+ipNetworkNumber: 169.238.223.44
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanpns.pensacola, o=SGI, c=US
+cn: wanpns.pensacola
+ipNetworkNumber: 169.238.223.48
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wantamp.tampa, o=SGI, c=US
+cn: wantamp.tampa
+ipNetworkNumber: 169.238.223.52
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wancal.calgary, o=SGI, c=US
+cn: wancal.calgary
+ipNetworkNumber: 169.238.229.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanmtl.montreal, o=SGI, c=US
+cn: wanmtl.montreal
+ipNetworkNumber: 169.238.229.4
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanott.ottawa, o=SGI, c=US
+cn: wanott.ottawa
+ipNetworkNumber: 169.238.229.8
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanvan.vancouver, o=SGI, c=US
+cn: wanvan.vancouver
+ipNetworkNumber: 169.238.229.12
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wancedar.cedar, o=SGI, c=US
+cn: wancedar.cedar
+ipNetworkNumber: 169.238.239.0
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanchi.chicago, o=SGI, c=US
+cn: wanchi.chicago
+ipNetworkNumber: 169.238.239.4
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wankansas.kansas, o=SGI, c=US
+cn: wankansas.kansas
+ipNetworkNumber: 169.238.239.8
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanmilw.milwaukee, o=SGI, c=US
+cn: wanmilw.milwaukee
+ipNetworkNumber: 169.238.239.12
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanminn.minneapolis, o=SGI, c=US
+cn: wanminn.minneapolis
+ipNetworkNumber: 169.238.239.16
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanstl.stlouis, o=SGI, c=US
+cn: wanstl.stlouis
+ipNetworkNumber: 169.238.239.20
+objectclass: ipNetwork
+objectclass: top
+
+dn: cn=wanurb.urbana, o=SGI, c=US
+cn: wanurb.urbana
+ipNetworkNumber: 169.238.239.24
+objectclass: ipNetwork
+objectclass: top
+
+dn: uid=root, o=SGI, c=US
+uid: root
+userPassword: {crypt}xZuUdcHRxN1cc
+uidNumber: 0
+gidNumber: 0
+gecos: Super-User
+homeDirectory: /
+loginShell: /usr/bin/tcsh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=sysadm, o=SGI, c=US
+uid: sysadm
+userPassword: *
+uidNumber: 0
+gidNumber: 0
+gecos: System V Administration
+homeDirectory: /usr/admin
+loginShell: /bin/sh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=cmwlogin, o=SGI, c=US
+uid: cmwlogin
+userPassword: *
+uidNumber: 0
+gidNumber: 994
+gecos: CMW Login UserID
+homeDirectory: /usr/CMW
+loginShell: /sbin/csh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=diag, o=SGI, c=US
+uid: diag
+userPassword: *
+uidNumber: 0
+gidNumber: 996
+gecos: Hardware Diagnostics
+homeDirectory: /usr/diags
+loginShell: /bin/csh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=daemon, o=SGI, c=US
+uid: daemon
+userPassword: *
+uidNumber: 1
+gidNumber: 1
+gecos: daemons
+homeDirectory: /
+loginShell: /dev/null
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=bin, o=SGI, c=US
+uid: bin
+userPassword: *
+uidNumber: 2
+gidNumber: 2
+gecos: System Tools Owner
+homeDirectory: /bin
+loginShell: /dev/null
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=uucp, o=SGI, c=US
+uid: uucp
+userPassword: *
+uidNumber: 3
+gidNumber: 5
+gecos: UUCP Owner
+homeDirectory: /usr/lib/uucp
+loginShell: /bin/csh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=sys, o=SGI, c=US
+uid: sys
+userPassword: *
+uidNumber: 4
+gidNumber: 0
+gecos: System Activity Owner
+homeDirectory: /var/adm
+loginShell: /bin/sh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=adm, o=SGI, c=US
+uid: adm
+userPassword: *
+uidNumber: 5
+gidNumber: 3
+gecos: Accounting Files Owner
+homeDirectory: /var/adm
+loginShell: /bin/sh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=lp, o=SGI, c=US
+uid: lp
+userPassword:
+uidNumber: 9
+gidNumber: 9
+gecos: Print Spooler Owner
+homeDirectory: /var/spool/lp
+loginShell: /bin/sh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=nuucp, o=SGI, c=US
+uid: nuucp
+userPassword:
+uidNumber: 10
+gidNumber: 10
+gecos: Remote UUCP User
+homeDirectory: /var/spool/uucppublic
+loginShell: /usr/lib/uucp/uucico
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=auditor, o=SGI, c=US
+uid: auditor
+userPassword: *
+uidNumber: 11
+gidNumber: 0
+gecos: Audit Activity Owner
+homeDirectory: /auditor
+loginShell: /bin/sh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=dbadmin, o=SGI, c=US
+uid: dbadmin
+userPassword: *
+uidNumber: 12
+gidNumber: 0
+gecos: Security Database Owner
+homeDirectory: /dbadmin
+loginShell: /bin/sh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=sgiweb, o=SGI, c=US
+uid: sgiweb
+userPassword: *
+uidNumber: 13
+gidNumber: 60001
+gecos: SGI Web Applications
+homeDirectory: /var/www/htdocs
+loginShell: /bin/csh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=rfindd, o=SGI, c=US
+uid: rfindd
+userPassword: *
+uidNumber: 66
+gidNumber: 1
+gecos: Rfind Daemon and Fsdump
+homeDirectory: /var/rfindd
+loginShell: /bin/sh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=EZsetup, o=SGI, c=US
+uid: EZsetup
+userPassword:
+uidNumber: 992
+gidNumber: 998
+gecos: System Setup
+homeDirectory: /var/sysadmdesktop/EZsetup
+loginShell: /bin/csh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=demos, o=SGI, c=US
+uid: demos
+userPassword:
+uidNumber: 993
+gidNumber: 997
+gecos: Demonstration User
+homeDirectory: /usr/demos
+loginShell: /bin/csh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=OutOfBox, o=SGI, c=US
+uid: OutOfBox
+userPassword:
+uidNumber: 995
+gidNumber: 997
+gecos: Out of Box Experience
+homeDirectory: /usr/people/OutOfBox
+loginShell: /bin/csh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=guest, o=SGI, c=US
+uid: guest
+userPassword:
+uidNumber: 998
+gidNumber: 998
+gecos: Guest Account
+homeDirectory: /usr/people/guest
+loginShell: /bin/csh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=4Dgifts, o=SGI, c=US
+uid: 4Dgifts
+userPassword: *
+uidNumber: 999
+gidNumber: 998
+gecos: 4Dgifts Account
+homeDirectory: /usr/people/4Dgifts
+loginShell: /bin/csh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=nobody, o=SGI, c=US
+uid: nobody
+userPassword: *
+uidNumber: 60001
+gidNumber: 60001
+gecos: SVR4 nobody uid
+homeDirectory: /dev/null
+loginShell: /dev/null
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=noaccess, o=SGI, c=US
+uid: noaccess
+userPassword: *
+uidNumber: 60002
+gidNumber: 60002
+gecos: uid no access
+homeDirectory: /dev/null
+loginShell: /dev/null
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=nobody, o=SGI, c=US
+uid: nobody
+userPassword: *
+uidNumber: 60001
+gidNumber: 60001
+gecos: original nobody uid
+homeDirectory: /dev/null
+loginShell: /dev/null
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=gomez, o=SGI, c=US
+uid: gomez
+userPassword: fRJsjYGR3q7TE
+uidNumber: 37425
+gidNumber: 10
+gecos: Gomez
+homeDirectory: /usr/people/gomez
+loginShell: /usr/bin/tcsh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: uid=jcgomez, o=SGI, c=US
+uid: jcgomez
+userPassword:
+uidNumber: 14427
+gidNumber: 20
+gecos: Juan Carlos Gomez
+homeDirectory: /home/people/jcgomez
+loginShell: /bin/tcsh
+objectclass: posixAccount
+objectclass: account
+objectclass: top
+
+dn: cn=ip, o=SGI, c=US
+cn: ip
+cn: IP
+ipProtocolNumber: 0
+objectclass: ipProtocol
+objectclass: top
+
+dn: cn=icmp, o=SGI, c=US
+cn: icmp
+cn: ICMP
+ipProtocolNumber: 1
+objectclass: ipProtocol
+objectclass: top
+
+dn: cn=igmp, o=SGI, c=US
+cn: igmp
+cn: IGMP
+ipProtocolNumber: 2
+objectclass: ipProtocol
+objectclass: top
+
+dn: cn=ggp, o=SGI, c=US
+cn: ggp
+cn: GGP
+ipProtocolNumber: 3
+objectclass: ipProtocol
+objectclass: top
+
+dn: cn=tcp, o=SGI, c=US
+cn: tcp
+cn: TCP
+ipProtocolNumber: 6
+objectclass: ipProtocol
+objectclass: top
+
+dn: cn=egp, o=SGI, c=US
+cn: egp
+cn: EGP
+ipProtocolNumber: 8
+objectclass: ipProtocol
+objectclass: top
+
+dn: cn=pup, o=SGI, c=US
+cn: pup
+cn: PUP
+ipProtocolNumber: 12
+objectclass: ipProtocol
+objectclass: top
+
+dn: cn=udp, o=SGI, c=US
+cn: udp
+cn: UDP
+ipProtocolNumber: 17
+objectclass: ipProtocol
+objectclass: top
+
+dn: cn=hmp, o=SGI, c=US
+cn: hmp
+cn: HMP
+ipProtocolNumber: 20
+objectclass: ipProtocol
+objectclass: top
+
+dn: cn=xns-idp, o=SGI, c=US
+cn: xns-idp
+cn: XNS-IDP
+ipProtocolNumber: 22
+objectclass: ipProtocol
+objectclass: top
+
+dn: cn=rdp, o=SGI, c=US
+cn: rdp
+cn: RDP
+ipProtocolNumber: 27
+objectclass: ipProtocol
+objectclass: top
+
+dn: cn=iso-tp4, o=SGI, c=US
+cn: iso-tp4
+cn: ISO-TP4
+ipProtocolNumber: 29
+objectclass: ipProtocol
+objectclass: top
+
+dn: cn=ipv6, o=SGI, c=US
+cn: ipv6
+cn: IPV6
+ipProtocolNumber: 41
+objectclass: ipProtocol
+objectclass: top
+
+dn: cn=rsvp, o=SGI, c=US
+cn: rsvp
+cn: RSVP
+ipProtocolNumber: 46
+objectclass: ipProtocol
+objectclass: top
+
+dn: cn=icmpv6, o=SGI, c=US
+cn: icmpv6
+cn: ICMPV6
+ipProtocolNumber: 58
+objectclass: ipProtocol
+objectclass: top
+
+dn: cn=portmapper, o=SGI, c=US
+cn: portmapper
+cn: portmap
+cn: sunrpc
+oncRpcNumber: 100000
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=rstatd, o=SGI, c=US
+cn: rstatd
+cn: rstat
+cn: rup
+cn: perfmeter
+oncRpcNumber: 100001
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=rusersd, o=SGI, c=US
+cn: rusersd
+cn: rusers
+oncRpcNumber: 100002
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=nfs, o=SGI, c=US
+cn: nfs
+cn: nfsprog
+oncRpcNumber: 100003
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=ypserv, o=SGI, c=US
+cn: ypserv
+cn: ypprog
+oncRpcNumber: 100004
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=mountd, o=SGI, c=US
+cn: mountd
+cn: mount
+cn: showmount
+oncRpcNumber: 100005
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=ypbind, o=SGI, c=US
+cn: ypbind
+oncRpcNumber: 100007
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=walld, o=SGI, c=US
+cn: walld
+cn: rwall
+cn: shutdown
+oncRpcNumber: 100008
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=yppasswdd, o=SGI, c=US
+cn: yppasswdd
+cn: yppasswd
+oncRpcNumber: 100009
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=etherstatd, o=SGI, c=US
+cn: etherstatd
+cn: etherstat
+oncRpcNumber: 100010
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=rquotad, o=SGI, c=US
+cn: rquotad
+cn: rquotaprog
+cn: quota
+cn: rquota
+oncRpcNumber: 100011
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sprayd, o=SGI, c=US
+cn: sprayd
+cn: spray
+oncRpcNumber: 100012
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=3270_mapper, o=SGI, c=US
+cn: 3270_mapper
+oncRpcNumber: 100013
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=rje_mapper, o=SGI, c=US
+cn: rje_mapper
+oncRpcNumber: 100014
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=selection_svc, o=SGI, c=US
+cn: selection_svc
+cn: selnsvc
+oncRpcNumber: 100015
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=database_svc, o=SGI, c=US
+cn: database_svc
+oncRpcNumber: 100016
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=rexd, o=SGI, c=US
+cn: rexd
+cn: rex
+oncRpcNumber: 100017
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=alis, o=SGI, c=US
+cn: alis
+oncRpcNumber: 100018
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sched, o=SGI, c=US
+cn: sched
+oncRpcNumber: 100019
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=llockmgr, o=SGI, c=US
+cn: llockmgr
+oncRpcNumber: 100020
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=nlockmgr, o=SGI, c=US
+cn: nlockmgr
+oncRpcNumber: 100021
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=x25.inr, o=SGI, c=US
+cn: x25.inr
+oncRpcNumber: 100022
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=statmon, o=SGI, c=US
+cn: statmon
+oncRpcNumber: 100023
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=status, o=SGI, c=US
+cn: status
+oncRpcNumber: 100024
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=bootparam, o=SGI, c=US
+cn: bootparam
+oncRpcNumber: 100026
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=ypupdated, o=SGI, c=US
+cn: ypupdated
+cn: ypupdate
+oncRpcNumber: 100028
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=keyserv, o=SGI, c=US
+cn: keyserv
+cn: keyserver
+oncRpcNumber: 100029
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=ttdbserverd, o=SGI, c=US
+cn: ttdbserverd
+cn: ttdbserverd
+oncRpcNumber: 100083
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=autofsd, o=SGI, c=US
+cn: autofsd
+cn: autofsd
+oncRpcNumber: 100099
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_snoopd, o=SGI, c=US
+cn: sgi_snoopd
+cn: snoopd
+cn: snoop
+oncRpcNumber: 391000
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_toolkitbus, o=SGI, c=US
+cn: sgi_toolkitbus
+oncRpcNumber: 391001
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_fam, o=SGI, c=US
+cn: sgi_fam
+oncRpcNumber: 391002
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_notepad, o=SGI, c=US
+cn: sgi_notepad
+cn: notepad
+oncRpcNumber: 391003
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_mountd, o=SGI, c=US
+cn: sgi_mountd
+cn: mount
+cn: showmount
+oncRpcNumber: 391004
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_smtd, o=SGI, c=US
+cn: sgi_smtd
+cn: smtd
+oncRpcNumber: 391005
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_pcsd, o=SGI, c=US
+cn: sgi_pcsd
+cn: pcsd
+oncRpcNumber: 391006
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_nfs, o=SGI, c=US
+cn: sgi_nfs
+oncRpcNumber: 391007
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_rfind, o=SGI, c=US
+cn: sgi_rfind
+cn: rfind
+oncRpcNumber: 391008
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_pod, o=SGI, c=US
+cn: sgi_pod
+cn: pod
+oncRpcNumber: 391009
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_iphone, o=SGI, c=US
+cn: sgi_iphone
+oncRpcNumber: 391010
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_videod, o=SGI, c=US
+cn: sgi_videod
+oncRpcNumber: 391011
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_testcd, o=SGI, c=US
+cn: sgi_testcd
+cn: testcd
+oncRpcNumber: 391012
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi.ha_hbeat, o=SGI, c=US
+cn: sgi.ha_hbeat
+cn: ha_hbeat
+oncRpcNumber: 391013
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi.ha_nc, o=SGI, c=US
+cn: sgi.ha_nc
+cn: ha_nc
+oncRpcNumber: 391014
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi.ha_appmon, o=SGI, c=US
+cn: sgi.ha_appmon
+cn: ha_appmon
+oncRpcNumber: 391015
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_xfsmd, o=SGI, c=US
+cn: sgi_xfsmd
+oncRpcNumber: 391016
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_mediad, o=SGI, c=US
+cn: sgi_mediad
+cn: mediad
+oncRpcNumber: 391017
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi.ha_orcl, o=SGI, c=US
+cn: sgi.ha_orcl
+cn: ha_orcl
+oncRpcNumber: 391018
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi.ha_ifmx, o=SGI, c=US
+cn: sgi.ha_ifmx
+cn: ha_ifmx
+oncRpcNumber: 391019
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi.ha_sybs, o=SGI, c=US
+cn: sgi.ha_sybs
+cn: ha_sybs
+oncRpcNumber: 391020
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi.ha_ifa, o=SGI, c=US
+cn: sgi.ha_ifa
+cn: ha_ifa
+oncRpcNumber: 391021
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391022
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391023
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391024
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391025
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391026
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391027
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391028
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391029
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391030
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391031
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391032
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391033
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391034
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391035
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391036
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391037
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391038
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391039
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391040
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391041
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391042
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391043
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391044
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391045
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391046
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391047
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391048
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391049
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391050
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391051
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391052
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391053
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391054
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391055
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391056
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391057
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391058
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391059
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391060
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391061
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391062
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=sgi_reserved, o=SGI, c=US
+cn: sgi_reserved
+oncRpcNumber: 391063
+objectclass: oncRpc
+objectclass: top
+
+dn: cn=tcpmux, o=SGI, c=US
+cn: tcpmux
+ipServicePort: 1
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=echo, o=SGI, c=US
+cn: echo
+ipServicePort: 7
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=echo, o=SGI, c=US
+cn: echo
+ipServicePort: 7
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=discard, o=SGI, c=US
+cn: discard
+cn: sink
+cn: null
+ipServicePort: 9
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=discard, o=SGI, c=US
+cn: discard
+cn: sink
+cn: null
+ipServicePort: 9
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=systat, o=SGI, c=US
+cn: systat
+cn: users
+ipServicePort: 11
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=daytime, o=SGI, c=US
+cn: daytime
+ipServicePort: 13
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=daytime, o=SGI, c=US
+cn: daytime
+ipServicePort: 13
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=netstat, o=SGI, c=US
+cn: netstat
+ipServicePort: 15
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=qotd, o=SGI, c=US
+cn: qotd
+cn: quote
+ipServicePort: 17
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=chargen, o=SGI, c=US
+cn: chargen
+cn: ttytst
+cn: source
+ipServicePort: 19
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=chargen, o=SGI, c=US
+cn: chargen
+cn: ttytst
+cn: source
+ipServicePort: 19
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=ftp-data, o=SGI, c=US
+cn: ftp-data
+ipServicePort: 20
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=ftp, o=SGI, c=US
+cn: ftp
+ipServicePort: 21
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=telnet, o=SGI, c=US
+cn: telnet
+ipServicePort: 23
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=smtp, o=SGI, c=US
+cn: smtp
+cn: mail
+ipServicePort: 25
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=time, o=SGI, c=US
+cn: time
+cn: timserver
+ipServicePort: 37
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=time, o=SGI, c=US
+cn: time
+cn: timserver
+ipServicePort: 37
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=rlp, o=SGI, c=US
+cn: rlp
+cn: resource
+ipServicePort: 39
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=name, o=SGI, c=US
+cn: name
+ipServicePort: 42
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=whois, o=SGI, c=US
+cn: whois
+cn: nicname
+ipServicePort: 43
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=domain, o=SGI, c=US
+cn: domain
+cn: nameserver
+ipServicePort: 53
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=domain, o=SGI, c=US
+cn: domain
+cn: nameserver
+ipServicePort: 53
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=mtp, o=SGI, c=US
+cn: mtp
+ipServicePort: 57
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=bootp, o=SGI, c=US
+cn: bootp
+cn: bootps
+ipServicePort: 67
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=bootpc, o=SGI, c=US
+cn: bootpc
+ipServicePort: 68
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=tftp, o=SGI, c=US
+cn: tftp
+ipServicePort: 69
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=rje, o=SGI, c=US
+cn: rje
+cn: netrjs
+ipServicePort: 77
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=finger, o=SGI, c=US
+cn: finger
+ipServicePort: 79
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=http, o=SGI, c=US
+cn: http
+ipServicePort: 80
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=link, o=SGI, c=US
+cn: link
+cn: ttylink
+ipServicePort: 87
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=supdup, o=SGI, c=US
+cn: supdup
+ipServicePort: 95
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=hostnames, o=SGI, c=US
+cn: hostnames
+cn: hostname
+ipServicePort: 101
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=iso-tsap, o=SGI, c=US
+cn: iso-tsap
+ipServicePort: 102
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=x400, o=SGI, c=US
+cn: x400
+ipServicePort: 103
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=x400-snd, o=SGI, c=US
+cn: x400-snd
+ipServicePort: 104
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=csnet-ns, o=SGI, c=US
+cn: csnet-ns
+ipServicePort: 105
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=pop-2, o=SGI, c=US
+cn: pop-2
+ipServicePort: 109
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=pop-3, o=SGI, c=US
+cn: pop-3
+ipServicePort: 110
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=sunrpc, o=SGI, c=US
+cn: sunrpc
+cn: rpcbind
+ipServicePort: 111
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=sunrpc, o=SGI, c=US
+cn: sunrpc
+cn: rpcbind
+ipServicePort: 111
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=auth, o=SGI, c=US
+cn: auth
+cn: authentication
+ipServicePort: 113
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=sftp, o=SGI, c=US
+cn: sftp
+ipServicePort: 115
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=uucp-path, o=SGI, c=US
+cn: uucp-path
+ipServicePort: 117
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=nntp, o=SGI, c=US
+cn: nntp
+cn: readnews
+cn: untp
+ipServicePort: 119
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=erpc, o=SGI, c=US
+cn: erpc
+ipServicePort: 121
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=ntp, o=SGI, c=US
+cn: ntp
+ipServicePort: 123
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=loc-srv, o=SGI, c=US
+cn: loc-srv
+ipServicePort: 135
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=loc-srv, o=SGI, c=US
+cn: loc-srv
+ipServicePort: 135
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=imap2, o=SGI, c=US
+cn: imap2
+ipServicePort: 143
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=snmp, o=SGI, c=US
+cn: snmp
+ipServicePort: 161
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=snmp-trap, o=SGI, c=US
+cn: snmp-trap
+cn: snmptrap
+ipServicePort: 162
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=xdmcp, o=SGI, c=US
+cn: xdmcp
+ipServicePort: 177
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=exec, o=SGI, c=US
+cn: exec
+ipServicePort: 512
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=biff, o=SGI, c=US
+cn: biff
+cn: comsat
+ipServicePort: 512
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=login, o=SGI, c=US
+cn: login
+ipServicePort: 513
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=who, o=SGI, c=US
+cn: who
+cn: whod
+ipServicePort: 513
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=shell, o=SGI, c=US
+cn: shell
+cn: cmd
+ipServicePort: 514
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=syslog, o=SGI, c=US
+cn: syslog
+ipServicePort: 514
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=printer, o=SGI, c=US
+cn: printer
+cn: spooler
+ipServicePort: 515
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=talk, o=SGI, c=US
+cn: talk
+ipServicePort: 517
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=ntalk, o=SGI, c=US
+cn: ntalk
+ipServicePort: 518
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=route, o=SGI, c=US
+cn: route
+cn: router
+cn: routed
+ipServicePort: 520
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=timed, o=SGI, c=US
+cn: timed
+cn: timeserver
+ipServicePort: 525
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=tempo, o=SGI, c=US
+cn: tempo
+cn: newdate
+ipServicePort: 526
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=courier, o=SGI, c=US
+cn: courier
+cn: rpc
+ipServicePort: 530
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=conference, o=SGI, c=US
+cn: conference
+cn: chat
+ipServicePort: 531
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=netnews, o=SGI, c=US
+cn: netnews
+cn: readnews
+ipServicePort: 532
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=netwall, o=SGI, c=US
+cn: netwall
+ipServicePort: 533
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=uucp, o=SGI, c=US
+cn: uucp
+cn: uucpd
+ipServicePort: 540
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=remotefs, o=SGI, c=US
+cn: remotefs
+cn: rfs_server
+cn: rfs
+ipServicePort: 556
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=ingreslock, o=SGI, c=US
+cn: ingreslock
+ipServicePort: 1524
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=albd, o=SGI, c=US
+cn: albd
+ipServicePort: 371
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=ta-rauth, o=SGI, c=US
+cn: ta-rauth
+cn: rauth
+ipServicePort: 601
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=kerberos, o=SGI, c=US
+cn: kerberos
+cn: kdc
+ipServicePort: 750
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=kerberos, o=SGI, c=US
+cn: kerberos
+cn: kdc
+ipServicePort: 750
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=krbupdate, o=SGI, c=US
+cn: krbupdate
+cn: kreg
+ipServicePort: 760
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=kpasswd, o=SGI, c=US
+cn: kpasswd
+cn: kpwd
+ipServicePort: 761
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=klogin, o=SGI, c=US
+cn: klogin
+ipServicePort: 543
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=nfs, o=SGI, c=US
+cn: nfs
+cn: nfs
+ipServicePort: 2049
+ipServiceProtocol: udp
+objectclass: ipService
+objectclass: top
+
+dn: cn=nfs, o=SGI, c=US
+cn: nfs
+cn: nfs
+ipServicePort: 2049
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=eklogin, o=SGI, c=US
+cn: eklogin
+ipServicePort: 2105
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=kshell, o=SGI, c=US
+cn: kshell
+cn: krcmd
+ipServicePort: 544
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=x-server, o=SGI, c=US
+cn: x-server
+ipServicePort: 6000
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=sgi-dgl, o=SGI, c=US
+cn: sgi-dgl
+ipServicePort: 5232
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=sgi-arrayd, o=SGI, c=US
+cn: sgi-arrayd
+ipServicePort: 5434
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=realaudio, o=SGI, c=US
+cn: realaudio
+cn: ra
+ipServicePort: 7070
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=wn-http, o=SGI, c=US
+cn: wn-http
+ipServicePort: 8778
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
+
+dn: cn=sgi_iphone, o=SGI, c=US
+cn: sgi_iphone
+ipServicePort: 32769
+ipServiceProtocol: tcp
+objectclass: ipService
+objectclass: top
Added: openldap/vendor/openldap-2.3.35/tests/data/passwd.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/passwd.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/passwd.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,29 @@
+dn: dc=example,dc=com
+objectclass: dcobject
+dc: example
+objectclass: organization
+o: Example, Inc.
+
+dn: cn=md5,dc=example,dc=com
+objectclass: person
+cn: md5
+sn: md5
+userpassword:: e01ENX1YcjRpbE96UTRQQ09xM2FRMHFidWFRPT0=
+
+dn: cn=smd5,dc=example,dc=com
+objectclass: person
+cn: smd5
+sn: smd5
+userpassword: secret
+
+dn: cn=sha,dc=example,dc=com
+objectclass: person
+cn: sha
+sn: sha
+userpassword:: e1NIQX01ZW42RzZNZXpScm9UM1hLcWtkUE9tWS9CZlE9
+
+dn: cn=ssha,dc=example,dc=com
+objectclass: person
+cn: ssha
+sn: ssha
+userpassword: secret
Added: openldap/vendor/openldap-2.3.35/tests/data/ppolicy.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/ppolicy.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/ppolicy.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,67 @@
+dn: dc=example, dc=com
+objectClass: top
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+dn: ou=People, dc=example, dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: People
+
+dn: ou=Policies, dc=example, dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: Policies
+
+dn: cn=Standard Policy, ou=Policies, dc=example, dc=com
+objectClass: top
+objectClass: device
+objectClass: pwdPolicy
+cn: Standard Policy
+pwdAttribute: 2.5.4.35
+pwdLockoutDuration: 15
+pwdInHistory: 6
+pwdCheckQuality: 2
+pwdExpireWarning: 10
+pwdMaxAge: 30
+pwdMinLength: 5
+pwdGraceAuthnLimit: 3
+pwdAllowUserChange: TRUE
+pwdMustChange: TRUE
+pwdMaxFailure: 3
+pwdFailureCountInterval: 120
+pwdSafeModify: TRUE
+
+dn: uid=nd, ou=People, dc=example, dc=com
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+cn: Neil Dunbar
+uid: nd
+sn: Dunbar
+givenName: Neil
+userPassword: testpassword
+
+dn: uid=ndadmin, ou=People, dc=example, dc=com
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+cn: Neil Dunbar (Admin)
+uid: ndadmin
+sn: Dunbar
+givenName: Neil
+userPassword: testpw
+
+dn: uid=test, ou=People, dc=example, dc=com
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+cn: test test
+uid: test
+sn: Test
+givenName: Test
+userPassword: kfhgkjhfdgkfd
+pwdPolicySubEntry: cn=No Policy, ou=Policies, dc=example, dc=com
+
Added: openldap/vendor/openldap-2.3.35/tests/data/proxycache.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/proxycache.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/proxycache.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,223 @@
+# Query 1: filter:(sn=Jon) attrs: all
+# Query 2: filter:(|(cn=*Jon*)(sn=Jon*)) attrs:cn sn title uid
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+title: Mad Cow Researcher, UM Alumni Association
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+title: Senior Manager, Information Technology Division
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+title: System Administrator, Information Technology Division
+
+# Query 3: filter:(sn=Smith*) attrs:cn sn title uid
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+
+# Query 4: filter:(sn=Doe*) attrs:cn sn title uid
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+title: Senior Manager, Information Technology Division
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+title: System Administrator, Information Technology Division
+
+# Query 5: filter:(uid=bjorn) attrs:mail postaladdress telephonenumber cn uid
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+cn: Bjorn Jensen
+cn: Biiff Jensen
+uid: bjorn
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+telephoneNumber: +1 313 555 0355
+
+# Query 6: filter:(mail=*@mail.alumni.example.com) cn sn title uid
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+title: Mad Cow Researcher, UM Alumni Association
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+title: Telemarketer, UM Alumni Association
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+title: Director, UM Alumni Association
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+
+# Query 7: filter:(mail=*) cn sn title uid
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+title: Director, Embedded Systems
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+title: Mad Cow Researcher, UM Alumni Association
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+title: Senior Manager, Information Technology Division
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+title: Telemarketer, UM Alumni Association
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+title: System Administrator, Information Technology Division
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+title: Director, UM Alumni Association
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+
+# Query 8: filter:(|(cn=*Jones)(sn=Jones)) attrs:cn sn title uid
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+title: Mad Cow Researcher, UM Alumni Association
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+title: Senior Manager, Information Technology Division
+
+# Query 9: filter:(sn=Smith) attrs:cn sn title uid
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+title: Telemarketer, UM Alumni Association
+
+# Query 10: filter:(uid=bjorn) attrs:mail postaladdress telephonenumber cn uid
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+cn: Bjorn Jensen
+cn: Biiff Jensen
+uid: bjorn
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+telephoneNumber: +1 313 555 0355
+
+# Query 11: filter:(mail=jaj at mail.alumni.example.com) cn sn title uid
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+title: Mad Cow Researcher, UM Alumni Association
+
Added: openldap/vendor/openldap-2.3.35/tests/data/referrals.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/referrals.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/referrals.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,29 @@
+dn: c=US
+c: US
+objectclass: country
+
+dn: o=ABC,c=US
+o: ABC
+ref: ldap://hostA/o=abc,c=us HostA
+ref: ldap://hostB HostB
+objectclass: referral
+objectclass: extensibleObject
+
+dn: o=XYZ,c=US
+o: XYZ
+ref: ldap://hostC/o=xyz,c=us HostC
+objectclass: referral
+objectclass: extensibleObject
+
+dn: o=Example,c=US
+o: Example
+objectclass: organization
+
+dn: cn=Manager,o=Example,c=US
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userpassword:: c2VjcmV0
+objectclass: person
Added: openldap/vendor/openldap-2.3.35/tests/data/referrals.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/referrals.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/referrals.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,239 @@
+# extended LDIF
+#
+# LDAPv3
+# base <c=US> with scope sub
+# filter: (objectClass=referral)
+# requesting: * ref
+# with manageDSAit critical control
+#
+
+# ABC, US
+dn: o=ABC,c=US
+o: ABC
+ref: ldap://hostA/o=abc,c=us HostA
+ref: ldap://hostB HostB
+objectClass: referral
+objectClass: extensibleObject
+
+# XYZ, US
+dn: o=XYZ,c=US
+o: XYZ
+ref: ldap://hostC/o=xyz,c=us HostC
+objectClass: referral
+objectClass: extensibleObject
+
+# search result
+search: 2
+result: 0 Success
+
+# numResponses: 3
+# numEntries: 2
+# extended LDIF
+#
+# LDAPv3
+# base <o=abc,c=US> with scope sub
+# filter: (objectClass=referral)
+# requesting: * ref
+# with manageDSAit critical control
+#
+
+# ABC, US
+dn: o=ABC,c=US
+o: ABC
+ref: ldap://hostA/o=abc,c=us HostA
+ref: ldap://hostB HostB
+objectClass: referral
+objectClass: extensibleObject
+
+# search result
+search: 2
+result: 0 Success
+
+# numResponses: 2
+# numEntries: 1
+# extended LDIF
+#
+# LDAPv3
+# base <uid=xxx,o=abc,c=US> with scope sub
+# filter: (objectClass=referral)
+# requesting: * ref
+# with manageDSAit critical control
+#
+
+# search result
+search: 2
+result: 10 Referral
+matchedDN: o=ABC,c=US
+ref: ldap://hostA/uid=xxx,o=abc,c=us??sub
+ref: ldap://hostB/uid=xxx,o=abc,c=US??sub
+
+# numResponses: 1
+# extended LDIF
+#
+# LDAPv3
+# base <c=US> with scope base
+# filter: (objectclass=*)
+# requesting: 1.1
+#
+
+# US
+dn: c=US
+
+# search result
+search: 2
+result: 0 Success
+
+# numResponses: 2
+# numEntries: 1
+# extended LDIF
+#
+# LDAPv3
+# base <c=US> with scope one
+# filter: (objectclass=*)
+# requesting: 1.1
+#
+
+# Example, Inc., US
+dn: o=Example,c=US
+
+# search reference
+ref: ldap://hostA/o=abc,c=us??base
+ref: ldap://hostB/o=ABC,c=US??base
+
+# search reference
+ref: ldap://hostC/o=xyz,c=us??base
+
+# search result
+search: 2
+result: 0 Success
+
+# numResponses: 4
+# numEntries: 1
+# numReferences: 2
+# extended LDIF
+#
+# LDAPv3
+# base <c=US> with scope sub
+# filter: (objectclass=*)
+# requesting: 1.1
+#
+
+# Example, Inc., US
+dn: o=Example,c=US
+
+# Manager, Example, Inc., US
+dn: cn=Manager,o=Example,c=US
+
+# US
+dn: c=US
+
+# search reference
+ref: ldap://hostA/o=abc,c=us??sub
+ref: ldap://hostB/o=ABC,c=US??sub
+
+# search reference
+ref: ldap://hostC/o=xyz,c=us??sub
+
+# search result
+search: 2
+result: 0 Success
+
+# numResponses: 6
+# numEntries: 3
+# numReferences: 2
+# extended LDIF
+#
+# LDAPv3
+# base <o=abc,c=US> with scope base
+# filter: (objectclass=*)
+# requesting: 1.1
+#
+
+# search result
+search: 2
+result: 10 Referral
+matchedDN: o=ABC,c=US
+ref: ldap://hostA/o=abc,c=us??base
+ref: ldap://hostB/o=abc,c=US??base
+
+# numResponses: 1
+# extended LDIF
+#
+# LDAPv3
+# base <o=abc,c=US> with scope one
+# filter: (objectclass=*)
+# requesting: 1.1
+#
+
+# search result
+search: 2
+result: 10 Referral
+matchedDN: o=ABC,c=US
+ref: ldap://hostA/o=abc,c=us??one
+ref: ldap://hostB/o=abc,c=US??one
+
+# numResponses: 1
+# extended LDIF
+#
+# LDAPv3
+# base <o=abc,c=US> with scope sub
+# filter: (objectclass=*)
+# requesting: 1.1
+#
+
+# search result
+search: 2
+result: 10 Referral
+matchedDN: o=ABC,c=US
+ref: ldap://hostA/o=abc,c=us??sub
+ref: ldap://hostB/o=abc,c=US??sub
+
+# numResponses: 1
+# extended LDIF
+#
+# LDAPv3
+# base <uid=xxx,o=abc,c=US> with scope base
+# filter: (objectclass=*)
+# requesting: 1.1
+#
+
+# search result
+search: 2
+result: 10 Referral
+matchedDN: o=ABC,c=US
+ref: ldap://hostA/uid=xxx,o=abc,c=us??base
+ref: ldap://hostB/uid=xxx,o=abc,c=US??base
+
+# numResponses: 1
+# extended LDIF
+#
+# LDAPv3
+# base <uid=xxx,o=abc,c=US> with scope one
+# filter: (objectclass=*)
+# requesting: 1.1
+#
+
+# search result
+search: 2
+result: 10 Referral
+matchedDN: o=ABC,c=US
+ref: ldap://hostA/uid=xxx,o=abc,c=us??one
+ref: ldap://hostB/uid=xxx,o=abc,c=US??one
+
+# numResponses: 1
+# extended LDIF
+#
+# LDAPv3
+# base <uid=xxx,o=abc,c=US> with scope sub
+# filter: (objectclass=*)
+# requesting: 1.1
+#
+
+# search result
+search: 2
+result: 10 Referral
+matchedDN: o=ABC,c=US
+ref: ldap://hostA/uid=xxx,o=abc,c=us??sub
+ref: ldap://hostB/uid=xxx,o=abc,c=US??sub
+
+# numResponses: 1
Added: openldap/vendor/openldap-2.3.35/tests/data/relay.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/relay.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/relay.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2585 @@
+# searching base="dc=example,dc=com"...
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
+# searching base="o=Example,c=US"...
+dn: o=Example,c=US
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: uidObject
+uid: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=People,o=Example,c=US
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: ou=Groups,o=Example,c=US
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: ou=Information Technology Division,ou=People,o=Example,c=US
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=All Staff,ou=Groups,o=Example,c=US
+member: cn=Manager,o=Example,c=US
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Examp
+ le,c=US
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=John Doe,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Exam
+ ple,c=US
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example
+ ,c=US
+owner: cn=Manager,o=Example,c=US
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,o=Example,c=US
+member: cn=Manager,o=Example,c=US
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+owner: cn=Manager,o=Example,c=US
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Example,c
+ =US
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: cn=ITD Staff,ou=Groups,o=Example,c=US
+owner: cn=Manager,o=Example,c=US
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfNames
+member: cn=Manager,o=Example,c=US
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example
+ ,c=US
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Exam
+ ple,c=US
+member: cn=John Doe,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Example,
+ c=US
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,o=Example,c=US
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
+# searching base="o=Esempio,c=IT"...
+dn: o=Esempio,c=IT
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=People,o=Esempio,c=IT
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: ou=Groups,o=Esempio,c=IT
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Alumni Association,ou=People,o=Esempio,c=IT
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: ou=Information Technology Division,ou=People,o=Esempio,c=IT
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=All Staff,ou=Groups,o=Esempio,c=IT
+member: cn=Manager,o=Esempio,c=IT
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Esemp
+ io,c=IT
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=John Doe,ou=Information Technology Division,ou=People,o=Esempio,c=I
+ T
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Esem
+ pio,c=IT
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Esempio
+ ,c=IT
+owner: cn=Manager,o=Esempio,c=IT
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,o=Esempio,c=IT
+member: cn=Manager,o=Esempio,c=IT
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Esempio,c=IT
+owner: cn=Manager,o=Esempio,c=IT
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Esempio,c
+ =IT
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Esempio,c=I
+ T
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Esempio,c=IT
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: cn=ITD Staff,ou=Groups,o=Esempio,c=IT
+owner: cn=Manager,o=Esempio,c=IT
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Esempio,c=IT
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Esempio,
+ c=IT
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,o=Esempio,c=IT
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Esempio,c=IT
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,o=Esempio,c=IT
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,o=Esempio,c=IT
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Esempio,c=IT
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Esempio,c=IT
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
+# searching base="o=Beispiel,c=DE"...
+dn: o=Beispiel,c=DE
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=People,o=Beispiel,c=DE
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: ou=Groups,o=Beispiel,c=DE
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Alumni Association,ou=People,o=Beispiel,c=DE
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: ou=Information Technology Division,ou=People,o=Beispiel,c=DE
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=All Staff,ou=Groups,o=Beispiel,c=DE
+member: cn=Manager,o=Beispiel,c=DE
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Beisp
+ iel,c=DE
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+member: cn=John Doe,ou=Information Technology Division,ou=People,o=Beispiel,c=
+ DE
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Beis
+ piel,c=DE
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Beispie
+ l,c=DE
+owner: cn=Manager,o=Beispiel,c=DE
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,o=Beispiel,c=DE
+member: cn=Manager,o=Beispiel,c=DE
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+owner: cn=Manager,o=Beispiel,c=DE
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Beispiel,
+ c=DE
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,o=Beispiel,c=DE
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Beispiel,c=
+ DE
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,o=Beispiel,c=DE
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Beispiel,c=DE
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: cn=ITD Staff,ou=Groups,o=Beispiel,c=DE
+owner: cn=Manager,o=Beispiel,c=DE
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Beispiel,c=DE
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Beispiel
+ ,c=DE
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,o=Beispiel,c=DE
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Beispiel,c=DE
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Beispiel,c=DE
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,o=Beispiel,c=DE
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Beispiel,c=DE
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,o=Beispiel,c=DE
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Beispiel,c=DE
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Beispiel,c=DE
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Beispiel,c=DE
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
+# searching base="o=Example,c=US"...
+dn: o=Example,c=US
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: uidObject
+uid: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=People,o=Example,c=US
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: ou=Groups,o=Example,c=US
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: ou=Information Technology Division,ou=People,o=Example,c=US
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=All Staff,ou=Groups,o=Example,c=US
+member: cn=Manager,o=Example,c=US
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Examp
+ le,c=US
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=John Doe,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Exam
+ ple,c=US
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example
+ ,c=US
+owner: cn=Manager,o=Example,c=US
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,o=Example,c=US
+member: cn=Manager,o=Example,c=US
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Example,c=US
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+owner: cn=Manager,o=Example,c=US
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Example,c
+ =US
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: cn=ITD Staff,ou=Groups,o=Example,c=US
+owner: cn=Manager,o=Example,c=US
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfNames
+member: cn=Manager,o=Example,c=US
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example
+ ,c=US
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Exam
+ ple,c=US
+member: cn=John Doe,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Example,
+ c=US
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Q. Doe,ou=Information Technology Division,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Jane Alverson
+cn: Jane Q. Doe
+cn: Jane Qissapaolo Doe
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John P. Doe,ou=Information Technology Division,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Jonathon Doe
+cn: John P. Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,o=Example,c=US
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+seeAlso: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+description: Just added self to seeAlso in o=Beispiel,c=DE virtual naming cont
+ ext
+
+dn: cn=Added User,ou=Alumni Association,ou=People,o=Example,c=US
+objectClass: OpenLDAPperson
+cn: Added User
+sn: User
+uid: auser
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+homePhone: +49 1234567890
+drink: Beer
+mail: auser at mail.alumni.example.com
+telephoneNumber: +49 1234-567-890
+description: Just added in o=Beispiel,c=DE naming context
+
+# refldap://localhost:9012/ou=Referrals,o=Beispiel,c=DE??sub
+
+dn: cn=Added Group,ou=Groups,o=Example,c=US
+objectClass: groupOfNames
+cn: Added Group
+member: cn=Added Group,ou=Groups,o=Example,c=US
+
+dn: cn=Another Added Group,ou=Groups,o=Example,c=US
+objectClass: groupOfNames
+objectClass: uidObject
+cn: Another Added Group
+member: cn=Added Group,ou=Groups,o=Example,c=US
+member: cn=Another Added Group,ou=Groups,o=Example,c=US
+uid: added
+
+# searching base="o=Esempio,c=IT"...
+dn: o=Esempio,c=IT
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=People,o=Esempio,c=IT
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: ou=Groups,o=Esempio,c=IT
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Alumni Association,ou=People,o=Esempio,c=IT
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: ou=Information Technology Division,ou=People,o=Esempio,c=IT
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=All Staff,ou=Groups,o=Esempio,c=IT
+member: cn=Manager,o=Esempio,c=IT
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Esemp
+ io,c=IT
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=John Doe,ou=Information Technology Division,ou=People,o=Esempio,c=I
+ T
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Esem
+ pio,c=IT
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Esempio
+ ,c=IT
+owner: cn=Manager,o=Esempio,c=IT
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,o=Esempio,c=IT
+member: cn=Manager,o=Esempio,c=IT
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=Jane Doe,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,o=Esempio,c=IT
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Esempio,c=IT
+owner: cn=Manager,o=Esempio,c=IT
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Esempio,c
+ =IT
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Esempio,c=I
+ T
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Esempio,c=IT
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: cn=ITD Staff,ou=Groups,o=Esempio,c=IT
+owner: cn=Manager,o=Esempio,c=IT
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Esempio,c=IT
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Esempio,
+ c=IT
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Q. Doe,ou=Information Technology Division,ou=People,o=Esempio,c=IT
+objectClass: OpenLDAPperson
+cn: Jane Alverson
+cn: Jane Q. Doe
+cn: Jane Qissapaolo Doe
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Esempio,c=IT
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John P. Doe,ou=Information Technology Division,ou=People,o=Esempio,c=IT
+objectClass: OpenLDAPperson
+cn: Jonathon Doe
+cn: John P. Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,o=Esempio,c=IT
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Esempio,c=IT
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+seeAlso: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Esempio,c=IT
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+description: Just added self to seeAlso in o=Beispiel,c=DE virtual naming cont
+ ext
+
+dn: cn=Added User,ou=Alumni Association,ou=People,o=Esempio,c=IT
+objectClass: OpenLDAPperson
+cn: Added User
+sn: User
+uid: auser
+seeAlso: cn=All Staff,ou=Groups,o=Esempio,c=IT
+homePhone: +49 1234567890
+drink: Beer
+mail: auser at mail.alumni.example.com
+telephoneNumber: +49 1234-567-890
+description: Just added in o=Beispiel,c=DE naming context
+
+# refldap://localhost:9012/ou=Referrals,o=Beispiel,c=DE??sub
+
+dn: cn=Added Group,ou=Groups,o=Esempio,c=IT
+objectClass: groupOfUniqueNames
+cn: Added Group
+uniqueMember: cn=Added Group,ou=Groups,dc=example,dc=com
+
+dn: cn=Another Added Group,ou=Groups,o=Esempio,c=IT
+objectClass: groupOfUniqueNames
+objectClass: dcObject
+cn: Another Added Group
+uniqueMember: cn=Added Group,ou=Groups,dc=example,dc=com
+uniqueMember: cn=Another Added Group,ou=Groups,dc=example,dc=com
+dc: added
+
+# searching filter="(objectClass=referral)"
+# attrs="'*' ref"
+# base="dc=example,dc=com"...
+dn: ou=Referrals,dc=example,dc=com
+objectClass: referral
+objectClass: extensibleObject
+ou: Referrals
+description: Just added as ldap://localhost.localdomain:389/ou=Referrals,o=Bei
+ spiel,c=DE
+description: ...and modified as ldap://localhost:9012/ou=Referrals,o=Beispiel,
+ c=DE
+ref: ldap://localhost:9012/ou=Referrals,o=Beispiel,c=DE
+
+# base="o=Example,c=US"...
+dn: ou=Referrals,o=Example,c=US
+objectClass: referral
+objectClass: extensibleObject
+ou: Referrals
+description: Just added as ldap://localhost.localdomain:389/ou=Referrals,o=Bei
+ spiel,c=DE
+description: ...and modified as ldap://localhost:9012/ou=Referrals,o=Beispiel,
+ c=DE
+ref: ldap://localhost:9012/ou=Referrals,o=Beispiel,c=DE
+
+# base="o=Esempio,c=IT"...
+dn: ou=Referrals,o=Esempio,c=IT
+objectClass: referral
+objectClass: extensibleObject
+ou: Referrals
+description: Just added as ldap://localhost.localdomain:389/ou=Referrals,o=Bei
+ spiel,c=DE
+description: ...and modified as ldap://localhost:9012/ou=Referrals,o=Beispiel,
+ c=DE
+ref: ldap://localhost:9012/ou=Referrals,o=Beispiel,c=DE
+
+# searching filter="(seeAlso=cn=all staff,ou=Groups,o=Example,c=US)"
+# attrs="seeAlso"
+# base="o=Example,c=US"...
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=Example,c
+ =US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example,c=U
+ S
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,o=Example,c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,o=Example,c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,o=Example,
+ c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=Jane Q. Doe,ou=Information Technology Division,ou=People,o=Example,c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,o=Example,c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=John P. Doe,ou=Information Technology Division,ou=People,o=Example,c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+seeAlso: cn=Ursula Hampster,ou=Alumni Association,ou=People,o=Example,c=US
+
+dn: cn=Added User,ou=Alumni Association,ou=People,o=Example,c=US
+seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
+
+# refldap://localhost:9012/ou=Referrals,o=Beispiel,c=DE??sub
+
+# searching filter="(uid=example)"
+# attrs="uid"
+# base="o=Example,c=US"...
+dn: o=Example,c=US
+uid: example
+
+# refldap://localhost:9012/ou=Referrals,o=Beispiel,c=DE??sub
+
+# searching filter="(member=cn=Another Added Group,ou=Groups,o=Example,c=US)"
+# attrs="member"
+# base="o=Example,c=US"...
+# refldap://localhost:9012/ou=Referrals,o=Beispiel,c=DE??sub
+
+dn: cn=Another Added Group,ou=Groups,o=Example,c=US
+member: cn=Added Group,ou=Groups,o=Example,c=US
+member: cn=Another Added Group,ou=Groups,o=Example,c=US
+
Added: openldap/vendor/openldap-2.3.35/tests/data/retcode.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/retcode.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/retcode.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,115 @@
+# slapo-retcode standard track response codes configuration example
+# $Header$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# From "ldap.h", revised as per <draft-ietf-ldapbis-protocol>
+
+retcode-item "cn=success" 0x00
+
+retcode-item "cn=success w/ delay" 0x00 sleeptime=2
+
+retcode-item "cn=operationsError" 0x01
+retcode-item "cn=protocolError" 0x02
+retcode-item "cn=timeLimitExceeded" 0x03 op=search
+retcode-item "cn=sizeLimitExceeded" 0x04 op=search
+retcode-item "cn=compareFalse" 0x05 op=compare
+retcode-item "cn=compareTrue" 0x06 op=compare
+retcode-item "cn=authMethodNotSupported" 0x07
+retcode-item "cn=strongAuthNotSupported" 0x07 text="same as authMethodNotSupported"
+retcode-item "cn=strongAuthRequired" 0x08
+retcode-item "cn=strongerAuthRequired" 0x08 text="same as strongAuthRequired"
+#retcode-item "cn=partialResults" 0x09 text="LDAPv2+ (not LDAPv3)"
+
+retcode-item "cn=referral" 0x0a text="LDAPv3" ref="ldap://:9019"
+retcode-item "cn=adminLimitExceeded" 0x0b text="LDAPv3"
+retcode-item "cn=unavailableCriticalExtension" 0x0c text="LDAPv3"
+retcode-item "cn=confidentialityRequired" 0x0d text="LDAPv3"
+retcode-item "cn=saslBindInProgress" 0x0e text="LDAPv3"
+
+# LDAP_ATTR_ERROR(n) LDAP_RANGE((n),0x10,0x15) /* 16-21 */
+
+retcode-item "cn=noSuchAttribute" 0x10
+retcode-item "cn=undefinedAttributeType" 0x11
+retcode-item "cn=inappropriateMatching" 0x12
+retcode-item "cn=constraintViolation" 0x13
+retcode-item "cn=attributeOrValueExists" 0x14
+retcode-item "cn=invalidAttributeSyntax" 0x15
+
+# LDAP_NAME_ERROR(n) LDAP_RANGE((n),0x20,0x24) /* 32-34,36 */
+
+retcode-item "cn=noSuchObject" 0x20
+retcode-item "cn=aliasProblem" 0x21
+retcode-item "cn=invalidDNSyntax" 0x22
+#retcode-item "cn=isLeaf" 0x23 text="not LDAPv3"
+retcode-item "cn=aliasDereferencingProblem" 0x24
+
+# LDAP_SECURITY_ERROR(n) LDAP_RANGE((n),0x2F,0x32) /* 47-50 */
+
+retcode-item "cn=proxyAuthzFailure" 0x2F text="LDAPv3 proxy authorization"
+retcode-item "cn=inappropriateAuthentication" 0x30
+retcode-item "cn=invalidCredentials" 0x31
+retcode-item "cn=insufficientAccessRights" 0x32
+
+# LDAP_SERVICE_ERROR(n) LDAP_RANGE((n),0x33,0x36) /* 51-54 */
+
+retcode-item "cn=busy" 0x33
+retcode-item "cn=unavailable" 0x34
+retcode-item "cn=unwillingToPerform" 0x35
+retcode-item "cn=loopDetect" 0x36
+
+# LDAP_UPDATE_ERROR(n) LDAP_RANGE((n),0x40,0x47) /* 64-69,71 */
+
+retcode-item "cn=namingViolation" 0x40
+retcode-item "cn=objectClassViolation" 0x41
+retcode-item "cn=notAllowedOnNonleaf" 0x42
+retcode-item "cn=notAllowedOnRDN" 0x43
+retcode-item "cn=entryAlreadyExists" 0x44
+retcode-item "cn=objectClassModsProhibited" 0x45
+retcode-item "cn=resultsTooLarge" 0x46 text="CLDAP"
+retcode-item "cn=affectsMultipleDSAs" 0x47 text="LDAPv3"
+
+retcode-item "cn=other" 0x50
+
+# /* LCUP operation codes (113-117) - not implemented */
+retcode-item "cn=cupResourcesExhausted" 0x71
+retcode-item "cn=cupSecurityViolation" 0x72
+retcode-item "cn=cupInvalidData" 0x73
+retcode-item "cn=cupUnsupportedScheme" 0x74
+retcode-item "cn=cupReloadRequired" 0x75
+
+# /* Cancel operation codes (118-121) */
+retcode-item "cn=cancelled" 0x76
+retcode-item "cn=noSuchOperation" 0x77
+retcode-item "cn=tooLate" 0x78
+retcode-item "cn=cannotCancel" 0x79
+
+
+# /* Experimental result codes */
+# LDAP_E_ERROR(n) LDAP_RANGE((n),0x1000,0x3FFF) /* experimental */
+# LDAP_X_ERROR(n) LDAP_RANGE((n),0x4000,0xFFFF) /* private use */
+
+# /* for the LDAP Sync operation */
+retcode-item "cn=syncRefreshRequired" 0x4100
+
+# /* for the LDAP No-Op control */
+retcode-item "cn=noOperation" 0x410e
+
+# /* for the Assertion control */
+retcode-item "cn=assertionFailed" 0x410f
+
+# /* for the Chaining Behavior control (consecutive result codes requested;
+# * see <draft-sermersheim-ldap-chaining> ) */
+retcode-item "cn=noReferralsFound" 0x4110
+retcode-item "cn=cannotChain" 0x4111
+
Added: openldap/vendor/openldap-2.3.35/tests/data/rootdse.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/rootdse.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/rootdse.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2 @@
+dn:
+vendorName: The OpenLDAP Project <http://www.openldap.org/>
Added: openldap/vendor/openldap-2.3.35/tests/data/search.out.master
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/search.out.master (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/search.out.master 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,389 @@
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+title: Mythical Manager, Research Systems
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+title: Director, Embedded Systems
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+uid: uham
+
Added: openldap/vendor/openldap-2.3.35/tests/data/search.out.xsearch
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/search.out.xsearch (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/search.out.xsearch 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,642 @@
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: dc=example,dc=com
+o: Example, Inc.
+
+dn: dc=example,dc=com
+dc: example
+o: Example, Inc.
+
+dn: cn=Subschema
+attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) D
+ ESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBSTR caseI
+ gnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-aci.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-aci.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-aci.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,57 @@
+# stand-alone slapd config -- for testing (with indexing)
+# $OpenLDAP: pkg/ldap/tests/data/slapd-aci.conf,v 1.1.2.4 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+include @DATADIR@/test.schema
+
+#
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+access to dn=""
+ by * read
+access to dn="cn=Subschema"
+ by * read
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+access to dn.subtree="dc=example,dc=com"
+ by aci write
+
+#monitor#database monitor
+
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-acl.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-acl.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-acl.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,109 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-acl.conf,v 1.46.2.4 2003/12/15 22:05:29
+ kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+# global ACLs
+#
+# normal installations should protect root dse, cn=monitor, cn=subschema
+#
+
+access to dn.exact="" attrs=objectClass
+ by users read
+access to *
+ by * read
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+#ldbm#cachesize 0
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+#access to attrs=objectclass dn.subtree="dc=example,dc=com"
+access to attrs=objectclass
+ by * =rsc stop
+
+#access to filter="(objectclass=person)" attrs=userpassword dn.subtree="dc=example,dc=com"
+access to filter="(objectclass=person)" attrs=userpassword
+ by anonymous auth
+ by self =wx
+
+access to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com"
+ by dn.regex=".+,dc=example,dc=com" +c continue
+ by dn.subtree="dc=example,dc=com" +rs continue
+ by dn.children="dc=example,dc=com" +d continue
+ by * stop
+
+#access to attrs=member,uniquemember dn.subtree="dc=example,dc=com"
+access to attrs=member,uniquemember
+ by dn.exact="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" selfwrite
+ by dnattr=member selfwrite
+ by dnattr=uniquemember selfwrite
+ by * read
+
+#access to attrs=member,uniquemember filter="(mail=*com)" dn.subtree="dc=example,dc=com"
+access to attrs=member,uniquemember filter="(mail=*com)"
+ by * read
+
+#access to filter="(|(objectclass=groupofnames)(objectClass=groupofuniquenames))" dn.subtree="dc=example,dc=com"
+access to filter="(|(objectclass=groupofnames)(objectClass=groupofuniquenames))"
+ by dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" =sc continue
+ by dn.regex="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com$" +rw stop
+ by * break
+
+access to dn.children="ou=Information Technology Division,ou=People,dc=example,dc=com"
+ by group/groupOfUniqueNames/uniqueMember.exact="cn=ITD Staff,ou=Groups,dc=example,dc=com" write
+ by * read
+
+access to dn.exact="cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com"
+ by set="[cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com]/member* & user" write
+ by * read
+
+#access to filter="(name=X*Y*Z)" dn.subtree="dc=example,dc=com"
+access to filter="(name=X*Y*Z)"
+ by * continue
+
+access to dn.subtree="ou=Add & Delete,dc=example,dc=com"
+ by dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" add
+ by dn.exact="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" delete
+ by dn.exact="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" write
+ by * read
+
+# fall into global ACLs
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-cache-master.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-cache-master.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-cache-master.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,47 @@
+# master slapd config -- for proxy cache testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-cache-master.conf,v 1.2.2.4 2003/12/15
+ 22:05:29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+#
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-chain1.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-chain1.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-chain1.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,65 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.19.2.4 2003/12/15 22:05:29
+ kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#
+# uses the chain overlay as global;
+# no chain-URI is configured, so the URI is parsed out of the referral
+overlay chain
+chain-uri @URI2@
+chain-idassert-bind bindmethod=simple
+ binddn="cn=Manager,dc=example,dc=com"
+ credentials=secret
+ mode=self
+ flags=non-prescriptive
+
+#######################################################################
+# database definitions
+#######################################################################
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
+database @BACKEND@
+#ldbm#cachesize 0
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-chain2.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-chain2.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-chain2.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,65 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.19.2.4 2003/12/15 22:05:29
+ kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.2.pid
+argsfile @TESTDIR@/slapd.2.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
+database @BACKEND@
+#ldbm#cachesize 0
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.2.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+#
+# uses the chain overlay as database specific;
+# the chain-URI is configured, so only that URI is chained
+overlay chain
+chain-uri @URI1@
+chain-idassert-bind bindmethod=simple
+ binddn="cn=Manager,dc=example,dc=com"
+ credentials=secret
+ mode=self
+ flags=non-prescriptive
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-component.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-component.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-component.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,49 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-master.conf,v 1.33.2.4 2003/12/15 22:05
+ :29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+
+include @DATADIR@/test.schema
+include @DATADIR@/ditcontentrules.conf
+
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+moduleload @DATADIR@/comp_libs/compmatch.la
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#hdb#index objectClass eq
+#ldbm#index objectClass eq
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-deltasync-master.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-deltasync-master.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-deltasync-master.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,77 @@
+# master slapd config -- for testing of Delta SYNC replication
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-master.conf,v 1.1.2.4 2003/12/
+ 15 22:05:29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+#
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#syncprovmod#modulepath ../servers/slapd/overlays/
+#syncprovmod#moduleload syncprov.la
+#accesslogmod#modulepath ../servers/slapd/overlays/
+#accesslogmod#moduleload accesslog.la
+
+#######################################################################
+# master database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "cn=log"
+directory @TESTDIR@/db.1.b
+rootdn "cn=Manager,dc=example,dc=com"
+#bdb#index objectClass eq
+#bdb#index entryUUID,entryCSN eq
+#hdb#index objectClass eq
+#hdb#index entryUUID,entryCSN eq
+#ldbm#index objectClass eq
+#ldbm#index entryUUID,entryCSN eq
+
+overlay syncprov
+syncprov-reloadhint true
+syncprov-nopresent true
+
+rootdn "cn=Manager,dc=example,dc=com"
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#bdb#index entryUUID,entryCSN eq
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#hdb#index entryUUID,entryCSN eq
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+overlay syncprov
+#syncprov-sessionlog 100
+
+overlay accesslog
+logdb cn=log
+logops writes
+logsuccess true
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-deltasync-slave.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-deltasync-slave.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-deltasync-slave.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,77 @@
+# slave slapd config -- for testing of Delta SYNC replication
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist1.conf,v 1.4.2.4
+ 2003/12/15 22:05:29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+#
+pidfile @TESTDIR@/slapd.2.pid
+argsfile @TESTDIR@/slapd.2.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#syncprovmod#modulepath ../servers/slapd/overlays/
+#syncprovmod#moduleload syncprov.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+
+#ldapyes#overlay chain
+#ldapyes#chain-uri @URI1@
+#ldapyes#chain-idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret mode=self
+#ldapmod#overlay chain
+#ldapmod#chain-uri @URI1@
+#ldapmod#chain-idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret mode=self
+
+#######################################################################
+# consumer database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.2.a
+rootdn "cn=Replica,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+# Don't change syncrepl spec yet
+syncrepl rid=1
+ provider=@URI1@
+ binddn="cn=Manager,dc=example,dc=com"
+ bindmethod=simple
+ credentials=secret
+ searchbase="dc=example,dc=com"
+ filter="(objectClass=*)"
+ logbase="cn=log"
+ logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
+ syncdata=accesslog
+ attrs="*,+"
+ schemachecking=off
+ scope=sub
+ type=refreshAndPersist
+updateref @URI1@
+
+overlay syncprov
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-dn.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-dn.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-dn.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,48 @@
+# stand-alone slapd config -- for testing (with refint overlay)
+# $OpenLDAP: pkg/ldap/tests/data/slapd-dn.conf,v 1.4.2.7 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+include @DATADIR@/test.schema
+
+#
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-dnssrv.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-dnssrv.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-dnssrv.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,36 @@
+# DNS SRV slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-dnssrv.conf,v 1.10.2.2 2003/12/15 22:05
+ :29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+pidfile @TESTDIR@/slapd.pid
+argsfile @TESTDIR@/slapd.args
+
+sasl-secprops noanonymous
+#sasl-secprops none
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+#monitor#database monitor
+
+database dnssrv
+suffix ""
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-dynlist.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-dynlist.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-dynlist.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,53 @@
+# stand-alone slapd config -- for testing (with indexing)
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+include @SCHEMADIR@/dyngroup.schema
+include @DATADIR@/test.schema
+
+#
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#dynlistmod#modulepath ../servers/slapd/overlays/
+#dynlistmod#moduleload dynlist.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+#monitor#database monitor
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+overlay dynlist
+### DO NOT ADD ANY DIRECTIVE BELOW THIS; TEST APPENDS STUFF ###
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-emptydn.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-emptydn.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-emptydn.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,83 @@
+# stand-alone slapd config -- for testing (with refint overlay)
+# $OpenLDAP: pkg/ldap/tests/data/slapd-emptydn.conf,v 1.3.2.6 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+
+#
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+access to dn.exact=""
+ by * read
+
+access to dn.exact="cn=Subschema"
+ by * read
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+access to attrs=userPassword
+ by dn.exact="cn=Manager,c=US" write
+ by self =wx
+ by * =x
+
+access to dn.subtree="dc=example,dc=com"
+ by dn.exact="cn=Manager,c=US" write
+ by * read
+
+#monitor#database monitor
+#monitor#access to dn.subtree="cn=Monitor"
+#monitor# by * read
+
+database @BACKEND@
+suffix ""
+directory @TESTDIR@/db.2.a
+rootdn "cn=Manager,c=US"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+access to attrs=userPassword
+ by self =wx
+ by * =x
+
+access to dn.subtree=""
+ by * read
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-glue-ldap.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-glue-ldap.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-glue-ldap.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,73 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-glue-ldap.conf,v 1.1.2.6 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+include @SCHEMADIR@/ppolicy.schema
+pidfile @TESTDIR@/slapd.m.pid
+argsfile @TESTDIR@/slapd.m.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#relaymod#modulepath ../servers/slapd/back-relay/
+#relaymod#moduleload back_relay.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+#metamod#modulepath ../servers/slapd/back-meta/
+#metamod#moduleload back_meta.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#rwmmod#modulepath ../servers/slapd/overlays/
+#rwmmod#moduleload rwm.la
+
+overlay rwm
+rwm-suffixmassage "o=Example,c=US" "dc=example,dc=com"
+
+#######################################################################
+# database definitions
+#######################################################################
+
+# remote
+database ldap
+suffix "ou=Meta,dc=example,dc=com"
+subordinate
+uri "@URI2@"
+rootdn "cn=Manager,dc=example,dc=com"
+chase-referrals no
+idassert-bind bindmethod=simple
+ binddn="cn=Manager,ou=Meta,dc=example,dc=com"
+ credentials="secret"
+ mode=none
+ flags=non-prescriptive
+idassert-authzfrom "dn.exact:cn=Manager,dc=example,dc=com"
+
+# local
+database ldap
+suffix "dc=example,dc=com"
+uri "@URI1@"
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+chase-referrals no
+idassert-bind bindmethod=simple
+ binddn="cn=Manager,dc=example,dc=com"
+ credentials="secret"
+ mode=none
+ flags=non-prescriptive
+idassert-authzfrom "dn.exact:cn=Manager,dc=example,dc=com"
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-glue-syncrepl1.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-glue-syncrepl1.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-glue-syncrepl1.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,107 @@
+# stand-alone slapd config -- for backglue testing (with indexing)
+# $OpenLDAP: pkg/ldap/tests/data/slapd-glue.conf,v 1.5.2.4 2003/12/15 22:05:29
+ kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#syncprovmod#moduleload ../servers/slapd/overlays/syncprov.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "ou=Information Technology Division,ou=People,dc=example,dc=com"
+subordinate
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager 1,dc=example,dc=com"
+#bdb#index objectclass eq
+#bdb#index uid pres,eq,sub
+#bdb#index cn,sn pres,eq,sub,subany
+#bdb#index entryUUID,entryCSN pres
+#hdb#index objectclass eq
+#hdb#index uid pres,eq,sub
+#hdb#index cn,sn pres,eq,sub,subany
+#hdb#index entryUUID,entryCSN pres
+#ldbm#index objectclass eq
+#ldbm#index uid pres,eq,sub
+#ldbm#index cn,sn pres,eq,sub,subany
+#ldbm#dbnosync
+#ldbm#dbnolocking
+overlay syncprov
+
+database @BACKEND@
+suffix "ou=Groups,dc=example,dc=com"
+subordinate
+directory @TESTDIR@/db.1.b
+rootdn "cn=Manager 1,dc=example,dc=com"
+#bdb#index objectclass eq
+#bdb#index uid pres,eq,sub
+#bdb#index cn,sn pres,eq,sub,subany
+#bdb#index entryUUID,entryCSN pres
+#hdb#index objectclass eq
+#hdb#index uid pres,eq,sub
+#hdb#index cn,sn pres,eq,sub,subany
+#hdb#index entryUUID,entryCSN pres
+#ldbm#index objectclass eq
+#ldbm#index uid pres,eq,sub
+#ldbm#index cn,sn pres,eq,sub,subany
+#ldbm#dbnosync
+#ldbm#dbnolocking
+syncrepl rid=1
+ provider=@URI2@
+ binddn="cn=Manager 2,dc=example,dc=com"
+ bindmethod=simple
+ credentials=secret
+ searchbase="ou=Groups,dc=example,dc=com"
+ filter="(objectClass=*)"
+ attrs="*,+"
+ schemachecking=off
+ scope=sub
+ type=refreshAndPersist
+ retry="10 3 300 5"
+updateref @URI2@
+#overlay syncprov
+
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.c
+rootdn "cn=Manager 1,dc=example,dc=com"
+rootpw secret
+#bdb#index objectclass eq
+#bdb#index uid pres,eq,sub
+#bdb#index cn,sn pres,eq,sub,subany
+#hdb#index objectclass eq
+#hdb#index uid pres,eq,sub
+#hdb#index cn,sn pres,eq,sub,subany
+#ldbm#index objectclass eq
+#ldbm#index uid pres,eq,sub
+#ldbm#index cn,sn pres,eq,sub,subany
+#ldbm#dbnosync
+#ldbm#dbnolocking
+#overlay syncprov
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-glue-syncrepl2.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-glue-syncrepl2.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-glue-syncrepl2.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,107 @@
+# stand-alone slapd config -- for backglue testing (with indexing)
+# $OpenLDAP: pkg/ldap/tests/data/slapd-glue.conf,v 1.5.2.4 2003/12/15 22:05:29
+ kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.2.pid
+argsfile @TESTDIR@/slapd.2.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#syncprovmod#moduleload ../servers/slapd/overlays/syncprov.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "ou=Information Technology Division,ou=People,dc=example,dc=com"
+subordinate
+directory @TESTDIR@/db.2.a
+rootdn "cn=Manager 2,dc=example,dc=com"
+#bdb#index objectclass eq
+#bdb#index uid pres,eq,sub
+#bdb#index cn,sn pres,eq,sub,subany
+#bdb#index entryUUID,entryCSN pres
+#hdb#index objectclass eq
+#hdb#index uid pres,eq,sub
+#hdb#index cn,sn pres,eq,sub,subany
+#hdb#index entryUUID,entryCSN pres
+#ldbm#index objectclass eq
+#ldbm#index uid pres,eq,sub
+#ldbm#index cn,sn pres,eq,sub,subany
+#ldbm#dbnosync
+#ldbm#dbnolocking
+syncrepl rid=2
+ provider=@URI1@
+ binddn="cn=Manager 1,dc=example,dc=com"
+ bindmethod=simple
+ credentials=secret
+ searchbase="ou=Information Technology Division,ou=People,dc=example,dc=com"
+ filter="(objectClass=*)"
+ attrs="*,+"
+ schemachecking=off
+ scope=sub
+ type=refreshAndPersist
+ retry="10 3 300 5"
+updateref @URI1@
+#overlay syncprov
+
+database @BACKEND@
+suffix "ou=Groups,dc=example,dc=com"
+subordinate
+directory @TESTDIR@/db.2.b
+rootdn "cn=Manager 2,dc=example,dc=com"
+#bdb#index objectclass eq
+#bdb#index uid pres,eq,sub
+#bdb#index cn,sn pres,eq,sub,subany
+#bdb#index entryUUID,entryCSN pres
+#hdb#index objectclass eq
+#hdb#index uid pres,eq,sub
+#hdb#index cn,sn pres,eq,sub,subany
+#hdb#index entryUUID,entryCSN pres
+#ldbm#index objectclass eq
+#ldbm#index uid pres,eq,sub
+#ldbm#index cn,sn pres,eq,sub,subany
+#ldbm#dbnosync
+#ldbm#dbnolocking
+overlay syncprov
+
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.2.c
+rootdn "cn=Manager 2,dc=example,dc=com"
+rootpw secret
+#bdb#index objectclass eq
+#bdb#index uid pres,eq,sub
+#bdb#index cn,sn pres,eq,sub,subany
+#hdb#index objectclass eq
+#hdb#index uid pres,eq,sub
+#hdb#index cn,sn pres,eq,sub,subany
+#ldbm#index objectclass eq
+#ldbm#index uid pres,eq,sub
+#ldbm#index cn,sn pres,eq,sub,subany
+#ldbm#dbnosync
+#ldbm#dbnolocking
+#overlay syncprov
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-glue.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-glue.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-glue.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,85 @@
+# stand-alone slapd config -- for backglue testing (with indexing)
+# $OpenLDAP: pkg/ldap/tests/data/slapd-glue.conf,v 1.5.2.4 2003/12/15 22:05:29
+ kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "ou=Information Technology Division,ou=People,dc=example,dc=com"
+subordinate
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager, dc=example,dc=com"
+#bdb#index objectclass eq
+#bdb#index uid pres,eq,sub
+#bdb#index cn,sn pres,eq,sub,subany
+#hdb#index objectclass eq
+#hdb#index uid pres,eq,sub
+#hdb#index cn,sn pres,eq,sub,subany
+#ldbm#index objectclass eq
+#ldbm#index uid pres,eq,sub
+#ldbm#index cn,sn pres,eq,sub,subany
+#ldbm#dbnosync
+#ldbm#dbnolocking
+
+database @BACKEND@
+suffix "ou=Groups,dc=example,dc=com"
+subordinate
+directory @TESTDIR@/db.1.b
+rootdn "cn=Manager, dc=example,dc=com"
+#bdb#index objectclass eq
+#bdb#index uid pres,eq,sub
+#bdb#index cn,sn pres,eq,sub,subany
+#hdb#index objectclass eq
+#hdb#index uid pres,eq,sub
+#hdb#index cn,sn pres,eq,sub,subany
+#ldbm#index objectclass eq
+#ldbm#index uid pres,eq,sub
+#ldbm#index cn,sn pres,eq,sub,subany
+#ldbm#dbnosync
+#ldbm#dbnolocking
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.c
+rootdn "cn=Manager, dc=example,dc=com"
+rootpw secret
+#bdb#index objectclass eq
+#bdb#index uid pres,eq,sub
+#bdb#index cn,sn pres,eq,sub,subany
+#hdb#index objectclass eq
+#hdb#index uid pres,eq,sub
+#hdb#index cn,sn pres,eq,sub,subany
+#ldbm#index objectclass eq
+#ldbm#index uid pres,eq,sub
+#ldbm#index cn,sn pres,eq,sub,subany
+#ldbm#dbnosync
+#ldbm#dbnolocking
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-idassert.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-idassert.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-idassert.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,130 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.19.2.4 2003/12/15 22:05:29
+ kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+#ucdata-path ./ucdata
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#rwmmod#modulepath ../servers/slapd/overlays/
+#rwmmod#moduleload rwm.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+authz-policy both
+authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)"
+authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)"
+authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)"
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
+access to attrs=userpassword
+ by self =wx
+ by anonymous =x
+
+access to dn.exact=""
+ by * read
+
+access to *
+ by users read
+ by * search
+
+database @BACKEND@
+#ldbm#cachesize 0
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+access to dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com"
+ attrs=authzTo
+ by dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" =wx
+ by * =x
+
+database @BACKEND@
+#ldbm#cachesize 0
+suffix "dc=example,dc=it"
+directory @TESTDIR@/db.2.a
+rootdn "cn=Manager,dc=example,dc=it"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+database ldap
+suffix "o=Example,c=US"
+uri "@URI1@"
+
+#sasl#idassert-bind bindmethod=sasl binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" authcId="admin/proxy US" credentials="proxy" @SASL_MECH@ mode=self
+#nosasl#idassert-bind bindmethod=simple binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" credentials="proxy" mode=self
+
+# authorizes database
+idassert-authzFrom "dn.subtree:dc=example,dc=it"
+
+overlay rwm
+rwm-suffixmassage "dc=example,dc=com"
+
+database ldap
+suffix "o=Esempio,c=IT"
+uri "@URI1@"
+
+acl-authcDN "cn=Proxy IT,ou=Admin,dc=example,dc=com"
+acl-passwd proxy
+
+idassert-bind bindmethod=simple binddn="cn=Proxy IT,ou=Admin,dc=example,dc=com" credentials="proxy" authzId="dn:cn=Sandbox,ou=Admin,dc=example,dc=com"
+
+# authorizes database
+idassert-authzFrom "dn.subtree:dc=example,dc=com"
+# authorizes anonymous
+idassert-authzFrom "dn.exact:"
+
+overlay rwm
+rwm-suffixmassage "dc=example,dc=com"
+
+access to attrs=entry,cn,sn,mail
+ by users read
+
+access to *
+ by dn.exact="cn=Proxy IT,ou=Admin,o=Esempio,c=IT" read
+ by group.exact="cn=Authorizable,ou=Groups,o=Esempio,c=IT" read
+ by dn.exact="cn=Sandbox,ou=Admin,dc=example,dc=com" search
+ by * none
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-ldapglue.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-ldapglue.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-ldapglue.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,82 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.19.2.4 2003/12/15 22:05:29
+ kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+#ucdata-path ./ucdata
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+authz-regexp "^uid=([^,]+),.*" "uid=$1,ou=People,dc=example,dc=com"
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
+access to attrs=userpassword
+ by self =wx
+ by anonymous =x
+
+access to *
+ by * read
+
+# groups branch
+database ldap
+suffix "ou=Groups,dc=example,dc=com"
+subordinate
+uri "@URI3@"
+# FIXME: doesn't work with authz=native
+#sasl#idassert-bind bindmethod=sasl authcid=proxy credentials=proxy @SASL_MECH@ mode=self
+#nosasl#idassert-bind bindmethod=simple binddn="uid=proxy,ou=Groups,dc=example,dc=com" credentials=proxy mode=self
+
+# people branch
+database ldap
+suffix "ou=People,dc=example,dc=com"
+subordinate
+uri "@URI2@"
+# FIXME: doesn't work with authz=native
+#sasl#idassert-bind bindmethod=sasl authcid=proxy credentials=proxy @SASL_MECH@ mode=self
+#nosasl#idassert-bind bindmethod=simple binddn="uid=proxy,ou=People,dc=example,dc=com" credentials=proxy mode=self
+
+# root
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-ldapgluegroups.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-ldapgluegroups.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-ldapgluegroups.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,64 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.19.2.4 2003/12/15 22:05:29
+ kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+#ucdata-path ./ucdata
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.3.pid
+argsfile @TESTDIR@/slapd.3.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+authz-policy to
+authz-regexp "^uid=([^,]+),.*" "uid=$1,ou=Groups,dc=example,dc=com"
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
+access to attrs=userpassword
+ by self =wx
+ by anonymous =x
+
+access to *
+ by users read
+ by * search
+
+# people branch
+database @BACKEND@
+suffix "ou=Groups,dc=example,dc=com"
+directory @TESTDIR@/db.3.a
+rootdn "cn=Manager,ou=Groups,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-ldapgluepeople.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-ldapgluepeople.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-ldapgluepeople.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,65 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.19.2.4 2003/12/15 22:05:29
+ kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+#ucdata-path ./ucdata
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.2.pid
+argsfile @TESTDIR@/slapd.2.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+authz-policy to
+authz-regexp "^uid=([^,]+),.*" "uid=$1,ou=People,dc=example,dc=com"
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
+access to attrs=userpassword
+ by dn.exact="uid=proxy,ou=People,dc=example,dc=com" read
+ by self =wx
+ by anonymous =x
+
+access to *
+ by users read
+ by * search
+
+# people branch
+database @BACKEND@
+suffix "ou=People,dc=example,dc=com"
+directory @TESTDIR@/db.2.a
+rootdn "cn=Manager,ou=People,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-limits.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-limits.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-limits.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,70 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-limits.conf,v 1.9.2.5 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+# Need quality indices on "uid" to check "unchecked" limits...
+#bdb#index objectClass eq
+#bdb#index uid eq
+#hdb#index objectClass eq
+#hdb#index uid eq
+#ldbm#index objectClass eq
+#ldbm#index uid eq
+
+# Need extra limits for pagedResults on backends that support it...
+#bdb#limits dn.exact="cn=Unlimited User,ou=Paged Results Users,dc=example,dc=com" size=4 size.pr=unlimited
+#bdb#limits dn.exact="cn=Page Size Limited User,ou=Paged Results Users,dc=example,dc=com" size=4 size.pr=4
+#bdb#limits dn.exact="cn=Paged Results Disabled User,ou=Paged Results Users,dc=example,dc=com" size=4 size.prtotal=disabled
+#bdb#limits dn.exact="cn=Paged Results Limited User,ou=Paged Results Users,dc=example,dc=com" size=4 size.prtotal=10
+
+#hdb#limits dn.exact="cn=Unlimited User,ou=Paged Results Users,dc=example,dc=com" size=4 size.pr=unlimited
+#hdb#limits dn.exact="cn=Page Size Limited User,ou=Paged Results Users,dc=example,dc=com" size=4 size.pr=4
+#hdb#limits dn.exact="cn=Paged Results Disabled User,ou=Paged Results Users,dc=example,dc=com" size=4 size.prtotal=disabled
+#hdb#limits dn.exact="cn=Paged Results Limited User,ou=Paged Results Users,dc=example,dc=com" size=4 size.prtotal=10
+
+limits dn.exact="cn=Unlimited User,ou=People,dc=example,dc=com" size=unlimited time=unlimited
+limits dn.exact="cn=Soft Limited User,ou=People,dc=example,dc=com" size.soft=4 size.hard=unlimited
+limits dn.exact="cn=Hard Limited User,ou=People,dc=example,dc=com" size.soft=4 size.hard=8
+limits dn.exact="cn=Unchecked Limited User,ou=People,dc=example,dc=com" size.unchecked=4
+limits group="cn=Unchecked Limited Users,ou=Groups,dc=example,dc=com" size.unchecked=4
+limits dn.regex="^cn=Foo User,ou=[^,]+,dc=example,dc=com$" size.soft=6
+limits dn.onelevel="ou=People,dc=example,dc=com" size.soft=5
+limits dn.children="ou=Groups,dc=example,dc=com" size.soft=4
+limits dn.subtree="ou=Admin,dc=example,dc=com" size.soft=3
+limits users size.soft=2
+limits anonymous size.soft=1
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-master.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-master.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-master.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,46 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-master.conf,v 1.33.2.4 2003/12/15 22:05
+ :29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+
+include @DATADIR@/ditcontentrules.conf
+
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#hdb#index objectClass eq
+#ldbm#index objectClass eq
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-meta.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-meta.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-meta.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,68 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-meta.conf,v 1.4.2.8 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+include @SCHEMADIR@/ppolicy.schema
+pidfile @TESTDIR@/slapd.m.pid
+argsfile @TESTDIR@/slapd.m.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#relaymod#modulepath ../servers/slapd/back-relay/
+#relaymod#moduleload back_relay.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+#metamod#modulepath ../servers/slapd/back-meta/
+#metamod#moduleload back_meta.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#rwmmod#modulepath ../servers/slapd/overlays/
+#rwmmod#moduleload rwm.la
+
+# seems to improve behavior under very heavy load
+# (i.e. it alleviates load on target systems)
+threads 8
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database meta
+suffix "o=Example,c=US"
+rootdn "cn=Manager,o=Example,c=US"
+rootpw secret
+chase-referrals no
+nretries forever
+#nretries 1000
+
+# local
+uri "@URI2 at ou=Meta,o=Example,c=US"
+suffixmassage "ou=Meta,o=Example,c=US" "ou=Meta,dc=example,dc=com"
+pseudorootdn "cn=manager,ou=meta,dc=example,dc=com"
+pseudorootpw secret
+
+# remote
+uri "@URI1 at o=Example,c=US"
+suffixmassage "o=Example,c=US" "dc=example,dc=com"
+pseudorootdn "cn=manager,dc=example,dc=com"
+pseudorootpw secret
+
+limits dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example,c=US" time=1 size=8
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-meta2.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-meta2.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-meta2.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,53 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-meta2.conf,v 1.1.2.7 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+include @SCHEMADIR@/ppolicy.schema
+pidfile @TESTDIR@/slapd.2.pid
+argsfile @TESTDIR@/slapd.2.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#relaymod#modulepath ../servers/slapd/back-relay/
+#relaymod#moduleload back_relay.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+#metamod#modulepath ../servers/slapd/back-meta/
+#metamod#moduleload back_meta.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#rwmmod#modulepath ../servers/slapd/overlays/
+#rwmmod#moduleload rwm.la
+
+idletimeout 5
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "ou=Meta,dc=example,dc=com"
+directory @TESTDIR@/db.2.a
+rootdn "cn=Manager,ou=Meta,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#hdb#index objectClass eq
+#ldbm#index objectClass eq
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-nis-master.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-nis-master.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-nis-master.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,56 @@
+# master slapd config -- for testing (needs updating)
+# $OpenLDAP: pkg/ldap/tests/data/slapd-nis-master.conf,v 1.10.2.2 2003/12/15 2
+ 2:05:29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/others_nis.at.conf
+include @SCHEMADIR@/others_nis.oc.conf
+include @SCHEMADIR@/nis.at.conf
+include @SCHEMADIR@/nis.oc.conf
+include @SCHEMADIR@/internet_mail.at.conf
+include @SCHEMADIR@/internet_mail.oc.conf
+pidfile @TESTDIR@/slapd.pid
+argsfile @TESTDIR@/slapd.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database ldbm
+cachesize 4
+suffix "o=SGI, c=US"
+directory @TESTDIR@
+rootdn "cn=Manager, o=SGI, c=US"
+rootpw secret
+index objectClass eq
+index uid pres,eq,approx
+index gidNumber pres,eq,approx
+index uidNumber pres,eq,approx
+index cn pres,eq,approx
+index memberUid pres,eq,approx
+index macAddress pres,eq,approx
+index ipServiceProtocol pres,eq,approx
+index ipServicePort pres,eq,approx
+index oncRpcNumber pres,eq,approx
+index ipHostNumber pres,eq,approx
+index ipNetworkNumber pres,eq,approx
+index ipProtocolNumber pres,eq,approx
+index default none
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-passwd.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-passwd.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-passwd.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,40 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-passwd.conf,v 1.10.2.4 2003/12/15 22:05
+ :29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.pid
+argsfile @TESTDIR@/slapd.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database passwd
+suffix "dc=example,dc=com"
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#file ./data/passwd
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-ppolicy.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-ppolicy.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-ppolicy.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,56 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-ppolicy.conf,v 1.6.2.7 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+include @SCHEMADIR@/ppolicy.schema
+pidfile @TESTDIR@/slapd.pid
+argsfile @TESTDIR@/slapd.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#ppolicymod#modulepath ../servers/slapd/overlays/
+#ppolicymod#moduleload ppolicy.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#hdb#index objectClass eq
+#ldbm#index objectClass eq
+overlay ppolicy
+ppolicy_default "cn=Standard Policy,ou=Policies,dc=example,dc=com"
+ppolicy_use_lockout
+
+access to attrs=userpassword
+ by self write
+ by * auth
+
+access to *
+ by self write
+ by * read
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-proxycache.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-proxycache.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-proxycache.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,64 @@
+# proxy cache slapd config
+# $OpenLDAP: pkg/ldap/tests/data/slapd-proxycache.conf,v 1.6.2.4 2003/12/15 22
+ :05:29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+
+pidfile @TESTDIR@/slapd.2.pid
+argsfile @TESTDIR@/slapd.2.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#pcachemod#modulepath ../servers/slapd/overlays/
+#pcachemod#moduleload pcache.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database ldap
+suffix "dc=example,dc=com"
+rootdn "dc=example,dc=com"
+uri "@URI1@"
+
+overlay pcache
+proxycache @BACKEND@ 100 2 @ENTRY_LIMIT@ @CACHETTL@
+proxyattrset 0 sn cn title uid
+proxyattrset 1 mail postaladdress telephonenumber cn uid
+proxytemplate (|(cn=)(sn=)) 0 @CACHETTL@
+proxytemplate (sn=) 0 @CACHETTL@
+proxytemplate (uid=) 1 @CACHETTL@
+proxytemplate (mail=) 0 @CACHETTL@
+
+#bdb#cachesize 20
+#hdb#cachesize 20
+#ldbm#cachesize 20
+directory @TESTDIR@/db.2.a
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid,mail pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid,mail pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid,mail pres,eq,sub
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-pw.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-pw.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-pw.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,60 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.19.2.4 2003/12/15 22:05:29
+ kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+#ldbm#cachesize 0
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
+access to attrs=userpassword
+ by anonymous auth
+ by self write
+
+access to *
+ by self write
+ by * read
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-ref-slave.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-ref-slave.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-ref-slave.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,52 @@
+# slave slapd config -- for default referral testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-ref-slave.conf,v 1.25.2.4 2003/12/15 22
+ :05:29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+#
+pidfile @TESTDIR@/slapd.2.pid
+argsfile @TESTDIR@/slapd.2.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+referral "@URI1@"
+
+database @BACKEND@
+#bdb#cachesize 0
+#hdb#cachesize 0
+#ldbm#cachesize 0
+suffix "o=University of Mich,c=US"
+directory @TESTDIR@/db.2.a
+rootdn "cn=Manager,o=University of Mich,c=US"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-referrals.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-referrals.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-referrals.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,43 @@
+# referral slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-referrals.conf,v 1.2.2.4 2003/12/15 22:
+ 05:29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.pid
+argsfile @TESTDIR@/slapd.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "c=us"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,c=us"
+rootpw secret
+#bdb#index objectClass eq
+#hdb#index objectClass eq
+#ldbm#index objectClass eq
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-refint.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-refint.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-refint.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,52 @@
+# stand-alone slapd config -- for testing (with refint overlay)
+# $OpenLDAP: pkg/ldap/tests/data/slapd-refint.conf,v 1.5.2.5 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+
+#
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#refintmod#modulepath ../servers/slapd/overlays/
+#refintmod#moduleload refint.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "o=refint"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,o=refint"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+overlay refint
+refint_attributes manager secretary member
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-relay.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-relay.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-relay.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,98 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-relay.conf,v 1.4.2.9 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+include @SCHEMADIR@/ppolicy.schema
+pidfile @TESTDIR@/slapd.pid
+argsfile @TESTDIR@/slapd.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#relaymod#modulepath ../servers/slapd/back-relay/
+#relaymod#moduleload back_relay.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+#metamod#modulepath ../servers/slapd/back-meta/
+#metamod#moduleload back_meta.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#rwmmod#modulepath ../servers/slapd/overlays/
+#rwmmod#moduleload rwm.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#hdb#index objectClass eq
+#ldbm#index objectClass eq
+
+database @RELAY@
+suffix "o=Example,c=US"
+### back-relay can automatically instantiate the rwm overlay
+#relay-relay#relay "dc=example,dc=com" massage
+#relay-relay#rwm-map objectClass groupOfNames groupOfUniqueNames
+#relay-relay#rwm-map objectClass uidObject dcObject
+#relay-relay#rwm-map attribute member uniqueMember
+#relay-relay#rwm-map attribute uid dc
+### back-ldap needs explicit instantiation of the rwm overlay
+#relay-ldap#uri "@URI1@"
+#relay-ldap#overlay rwm
+#relay-ldap#rwm-suffixmassage "dc=example,dc=com"
+#relay-ldap#rwm-map objectClass groupOfNames groupOfUniqueNames
+#relay-ldap#rwm-map objectClass uidObject dcObject
+#relay-ldap#rwm-map attribute member uniqueMember
+#relay-ldap#rwm-map attribute uid dc
+#relay-meta#uri "@URI1 at o=Example,c=US"
+#relay-meta#suffixmassage "o=Example,c=US" "dc=example,dc=com"
+#relay-meta#map objectClass groupOfNames groupOfUniqueNames
+#relay-meta#map objectClass uidObject dcObject
+#relay-meta#map attribute member uniqueMember
+#relay-meta#map attribute uid dc
+
+database @RELAY@
+suffix "o=Esempio,c=IT"
+### use this alternate form of back-relay, without the "relay" directive,
+### which causes the target database to be selected after DN massaging
+#relay-relay#overlay rwm
+#relay-relay#rwm-suffixmassage "dc=example,dc=com"
+### back-ldap needs URI
+#relay-ldap#uri "@URI1@"
+#relay-ldap#overlay rwm
+#relay-ldap#rwm-suffixmassage "dc=example,dc=com"
+#relay-meta#uri "@URI1 at o=Esempio,c=IT"
+#relay-meta#suffixmassage "o=Esempio,c=IT" "dc=example,dc=com"
+
+database @RELAY@
+suffix "o=Beispiel,c=DE"
+### back-relay can automatically instantiate the rwm overlay
+#relay-relay#relay "dc=example,dc=com" massage
+### back-ldap needs explicit instantiation of the rwm overlay
+#relay-ldap#uri "@URI1@"
+#relay-ldap#overlay rwm
+#relay-ldap#rwm-suffixmassage "dc=example,dc=com"
+#relay-meta#uri "@URI1 at o=Beispiel,c=DE"
+#relay-meta#suffixmassage "o=Beispiel,c=DE" "dc=example,dc=com"
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-repl-master.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-repl-master.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-repl-master.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,55 @@
+# master slapd config -- for testing of replication
+# $OpenLDAP: pkg/ldap/tests/data/slapd-repl-master.conf,v 1.27.2.4 2003/12/15
+ 22:05:29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+#
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+#ldbm#cachesize 0
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+replogfile @TESTDIR@/slapd.1.replog
+
+replica host=localhost:@PORT2@
+ binddn="cn=Replica,dc=example,dc=com"
+ bindmethod=simple
+ credentials=secret
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-repl-slave.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-repl-slave.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-repl-slave.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,59 @@
+# slave slapd config -- for testing of replication
+# $OpenLDAP: pkg/ldap/tests/data/slapd-repl-slave.conf,v 1.31.2.4 2003/12/15 2
+ 2:05:29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+#
+pidfile @TESTDIR@/slapd.2.pid
+argsfile @TESTDIR@/slapd.2.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+
+#ldapyes#overlay chain
+#ldapyes#chain-uri @URI1@
+#ldapyes#chain-idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret mode=self
+#ldapmod#overlay chain
+#ldapmod#chain-uri @URI1@
+#ldapmod#chain-idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret mode=self
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+#ldbm#cachesize 0
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.2.a
+rootdn "cn=Replica,dc=example,dc=com"
+rootpw secret
+updatedn "cn=Replica,dc=example,dc=com"
+updateref @URI1@
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-retcode.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-retcode.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-retcode.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,54 @@
+# stand-alone slapd config -- for testing (with indexing)
+# $Header$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+include @DATADIR@/test.schema
+
+#
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#retcodemod#modulepath ../servers/slapd/overlays/
+#retcodemod#moduleload retcode.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+overlay retcode
+retcode-parent "ou=RetCodes,dc=example,dc=com"
+include @DATADIR@/retcode.conf
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-schema.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-schema.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-schema.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,59 @@
+# stand-alone slapd config -- for testing (with indexing)
+# $OpenLDAP: pkg/ldap/tests/data/slapd-schema.conf,v 1.20.2.4 2003/12/15 22:05
+ :29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+#
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+#
+include @SCHEMADIR@/corba.schema
+include @SCHEMADIR@/java.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/misc.schema
+include @SCHEMADIR@/nis.schema
+include @SCHEMADIR@/openldap.schema
+#
+include @SCHEMADIR@/dyngroup.schema
+include @SCHEMADIR@/ppolicy.schema
+
+#
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#
+rootdse @DATADIR@/rootdse.ldif
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "o=OpenLDAP Project,l=Internet"
+directory @TESTDIR@/db.1.a
+#bdb#index objectClass eq
+#hdb#index objectClass eq
+#ldbm#index objectClass eq
+
+#database @BACKEND@
+#suffix "dc=example,dc=com"
+#directory @TESTDIR@/db.1.b
+#index objectClass eq
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-sql-syncrepl-master.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-sql-syncrepl-master.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-sql-syncrepl-master.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,80 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-sql-syncrepl-master.conf,v 1.1.2.9 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+#ucdata-path ./ucdata
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#sqlmod#modulepath ../servers/slapd/back-sql/
+#sqlmod#moduleload back_sql.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#syncprovmod#modulepath ../servers/slapd/overlays/
+#syncprovmod#moduleload syncprov.la
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
+access to attrs=userpassword
+ by self =w
+ by anonymous =x
+
+access to *
+ by * read
+
+#######################################################################
+# sql database definitions
+#######################################################################
+
+database sql
+suffix "dc=example,dc=com"
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+dbname example
+dbuser manager
+dbpasswd secret
+
+#
+# rdbms specific directives
+#
+# IBM db2
+#ibmdb2#upper_func "ucase"
+#ibmdb2#upper_needs_cast "yes"
+#ibmdb2#concat_pattern "?||?"
+#ibmdb2#children_cond "ucase(ldap_entries.dn)=ucase(cast(? as varchar(255)))"
+#ibmdb2#create_needs_select "yes"
+#ibmdb2#insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select case when max(id) is null then 1 else max(id) + 1 end from ldap_entries),?,?,?,?)"
+#
+# PostgreSQL
+#pgsql#insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select case when max(id) is null then 1 else max(id) + 1 end from ldap_entries),?,?,?,?)"
+#pgsql#upper_func "upper"
+#pgsql#strcast_func "text"
+#pgsql#concat_pattern "?||?"
+#
+# MySQL
+#mysql#concat_pattern "concat(?,?)"
+
+has_ldapinfo_dn_ru no
+
+overlay syncprov
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-sql.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-sql.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-sql.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,76 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-sql.conf,v 1.7.2.7 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+#ucdata-path ./ucdata
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#sqlmod#modulepath ../servers/slapd/back-sql/
+#sqlmod#moduleload back_sql.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
+access to attrs=userpassword
+ by self =w
+ by anonymous =x
+
+access to *
+ by * read
+
+#######################################################################
+# sql database definitions
+#######################################################################
+
+database sql
+suffix "dc=example,dc=com"
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+dbname example
+dbuser manager
+dbpasswd secret
+
+#
+# rdbms specific directives
+#
+# IBM db2
+#ibmdb2#upper_func "ucase"
+#ibmdb2#upper_needs_cast "yes"
+#ibmdb2#concat_pattern "?||?"
+#ibmdb2#children_cond "ucase(ldap_entries.dn)=ucase(cast(? as varchar(255)))"
+#ibmdb2#create_needs_select "yes"
+#ibmdb2#insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select case when max(id) is null then 1 else max(id) + 1 end from ldap_entries),?,?,?,?)"
+#
+# PostgreSQL
+#pgsql#insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select case when max(id) is null then 1 else max(id) + 1 end from ldap_entries),?,?,?,?)"
+#pgsql#upper_func "upper"
+#pgsql#strcast_func "text"
+#pgsql#concat_pattern "?||?"
+#
+# MySQL
+#mysql#concat_pattern "concat(?,?)"
+
+has_ldapinfo_dn_ru no
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-master.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-master.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-master.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,54 @@
+# master slapd config -- for testing of SYNC replication
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-master.conf,v 1.1.2.4 2003/12/
+ 15 22:05:29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+#
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#syncprovmod#modulepath ../servers/slapd/overlays/
+#syncprovmod#moduleload syncprov.la
+
+#######################################################################
+# master database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#bdb#index entryUUID,entryCSN eq
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#hdb#index entryUUID,entryCSN eq
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+overlay syncprov
+#syncprov-sessionlog 100
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-persist1.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-persist1.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-persist1.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,74 @@
+# slave slapd config -- for testing of SYNC replication
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist1.conf,v 1.4.2.4
+ 2003/12/15 22:05:29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+#
+pidfile @TESTDIR@/slapd.4.pid
+argsfile @TESTDIR@/slapd.4.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#syncprovmod#modulepath ../servers/slapd/overlays/
+#syncprovmod#moduleload syncprov.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+
+#ldapyes#overlay chain
+#ldapyes#chain-uri @URI1@
+#ldapyes#chain-idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret mode=self
+#ldapmod#overlay chain
+#ldapmod#chain-uri @URI1@
+#ldapmod#chain-idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret mode=self
+
+#######################################################################
+# consumer database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.4.a
+rootdn "cn=Replica,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+# Don't change syncrepl spec yet
+syncrepl rid=1
+ provider=@URI1@
+ binddn="cn=Manager,dc=example,dc=com"
+ bindmethod=simple
+ credentials=secret
+ searchbase="dc=example,dc=com"
+ filter="(objectClass=*)"
+ attrs="*,+"
+ schemachecking=off
+ scope=sub
+ type=refreshAndPersist
+updateref @URI1@
+
+overlay syncprov
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-persist2.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-persist2.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-persist2.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,50 @@
+# slave slapd config -- for testing of SYNC replication
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist2.conf,v 1.4.2.4
+ 2003/12/15 22:05:29 kurt Exp $
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+#
+pidfile @TESTDIR@/slapd.5.pid
+argsfile @TESTDIR@/slapd.5.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# consumer database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.5.a
+rootdn "cn=Replica,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#bdb#index entryUUID,entryCSN eq
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#hdb#index entryUUID,entryCSN eq
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+# Don't change syncrepl spec yet
+syncrepl rid=1
+ provider=@URI4@
+ binddn="cn=Replica,dc=example,dc=com"
+ bindmethod=simple
+ credentials=secret
+ searchbase="dc=example,dc=com"
+ filter="(objectClass=*)"
+ attrs="*"
+ schemachecking=off
+ scope=sub
+ type=refreshAndPersist
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-persist3.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-persist3.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-persist3.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,62 @@
+# slave slapd config -- for testing of SYNC replication
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist3.conf,v 1.4.2.4
+ 2003/12/15 22:05:29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+#
+pidfile @TESTDIR@/slapd.6.pid
+argsfile @TESTDIR@/slapd.6.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# consumer database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.6.a
+rootdn "cn=Replica,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#bdb#index entryUUID,entryCSN eq
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#hdb#index entryUUID,entryCSN eq
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+# Don't change syncrepl spec yet
+syncrepl rid=1
+ provider=@URI1@
+ binddn="cn=Manager,dc=example,dc=com"
+ bindmethod=simple
+ credentials=secret
+ searchbase="dc=example,dc=com"
+ filter="(objectClass=*)"
+ attrs="*"
+ schemachecking=off
+ scope=sub
+ type=refreshAndPersist
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-refresh1.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-refresh1.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-refresh1.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,70 @@
+# slave slapd config -- for testing of SYNC replication
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-refresh1.conf,v 1.5.2.4
+ 2003/12/15 22:05:29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+#
+pidfile @TESTDIR@/slapd.2.pid
+argsfile @TESTDIR@/slapd.2.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#syncprovmod#modulepath ../servers/slapd/overlays/
+#syncprovmod#moduleload syncprov.la
+
+#######################################################################
+# consumer database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.2.a
+rootdn "cn=Replica,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#bdb#index entryUUID,entryCSN eq
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#hdb#index entryUUID,entryCSN eq
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+#ldbm#index entryUUID eq
+
+# Don't change syncrepl spec yet
+syncrepl rid=1
+ provider=@URI1@
+ binddn="cn=Manager,dc=example,dc=com"
+ bindmethod=simple
+ credentials=secret
+ searchbase="dc=example,dc=com"
+ filter="(objectClass=*)"
+ attrs="*"
+ schemachecking=off
+ scope=sub
+ type=refreshOnly
+ interval=00:00:00:10
+updateref @URI1@
+
+overlay syncprov
+syncprov-sessionlog 100
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-refresh2.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-refresh2.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-syncrepl-slave-refresh2.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,64 @@
+# slave slapd config -- for testing of SYNC replication
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-refresh2.conf,v 1.5.2.4
+ 2003/12/15 22:05:29 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+#
+pidfile @TESTDIR@/slapd.3.pid
+argsfile @TESTDIR@/slapd.3.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# consumer database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.3.a
+rootdn "cn=Replica,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#bdb#index entryUUID,entryCSN eq
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#hdb#index entryUUID,entryCSN eq
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+#ldbm#index entryUUID eq
+
+# Don't change syncrepl spec yet
+syncrepl rid=1
+ provider=@URI2@
+ binddn="cn=Replica,dc=example,dc=com"
+ bindmethod=simple
+ credentials=secret
+ searchbase="dc=example,dc=com"
+ filter="(objectClass=*)"
+ attrs="*"
+ schemachecking=off
+ scope=sub
+ type=refreshOnly
+ interval=00:00:00:10
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-translucent-local.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-translucent-local.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-translucent-local.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,60 @@
+# stand-alone slapd config -- for testing (with translucent overlay)
+# $OpenLDAP: pkg/ldap/tests/data/slapd-translucent-local.conf,v 1.1.2.8 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+ucdata-path ./ucdata
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+
+#
+pidfile @TESTDIR@/slapd.2.pid
+argsfile @TESTDIR@/slapd.2.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@
+#mod#moduleload back_ at BACKEND@.la
+#ldapmod#modulepath ../servers/slapd/back-ldap
+#ldapmod#moduleload back_ldap.la
+#translucentmod#modulepath ../servers/slapd/overlays
+#translucentmod#moduleload translucent.la
+#monitormod#modulepath ../servers/slapd/back-monitor
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+#monitor#database monitor
+
+database @BACKEND@
+suffix "o=translucent"
+directory @TESTDIR@/db.2.a
+rootdn "o=translucent"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+overlay translucent
+translucent_no_glue
+
+# XXX this uri really shouldn't be hardcoded
+uri @URI1@
+lastmod off
+acl-bind binddn="uid=binder,o=translucent" credentials="bindtest"
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-translucent-remote.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-translucent-remote.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-translucent-remote.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,49 @@
+# stand-alone slapd config -- for testing (with translucent overlay)
+# $OpenLDAP: pkg/ldap/tests/data/slapd-translucent-remote.conf,v 1.1.2.6 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+ucdata-path ./ucdata
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+
+#
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/:../servers/slapd/overlays
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+#monitor#database monitor
+
+database @BACKEND@
+suffix "o=translucent"
+directory @TESTDIR@/db.1.a
+rootdn "o=translucent"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-unique.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-unique.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-unique.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,53 @@
+# stand-alone slapd config -- for testing (with unique overlay)
+# $OpenLDAP: pkg/ldap/tests/data/slapd-unique.conf,v 1.5.2.7 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+
+#
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#uniquemod#modulepath ../servers/slapd/overlays
+#uniquemod#moduleload unique.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "o=unique"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,o=unique"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+overlay unique
+unique_ignore o cn sn ou objectClass
+unique_attributes employeeNumber displayName
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-valsort.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-valsort.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-valsort.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,57 @@
+# stand-alone slapd config -- for testing (with unique overlay)
+# $OpenLDAP: pkg/ldap/tests/data/slapd-valsort.conf,v 1.1.2.4 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+
+#
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#valsortmod#moduleload ../servers/slapd/overlays/valsort.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "o=valsort"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,o=valsort"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+overlay valsort
+valsort-attr sn ou=users,o=valsort alpha-ascend
+valsort-attr departmentNumber ou=users,o=valsort alpha-ascend
+valsort-attr mailPreferenceOption ou=users,o=valsort numeric-ascend
+valsort-attr ou ou=users,o=valsort weighted
+valsort-attr employeeType ou=users,o=valsort weighted alpha-ascend
+
+database config
+rootpw secret
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd-whoami.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd-whoami.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd-whoami.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,67 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.19.2.4 2003/12/15 22:05:29
+ kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+authz-policy both
+authz-regexp "^uid=group/([^,]+),.*" "ldap:///dc=example,dc=com??sub?cn=$1"
+authz-regexp "^uid=([^,]+),.*" "ldap:///dc=example,dc=com??sub?uid=$1"
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
+access to attrs=authzFrom,authzTo
+ by * auth
+
+access to attrs=userpassword
+ by anonymous auth
+ by self write
+
+access to *
+ by self write
+ by * read
+
+database @BACKEND@
+#ldbm#cachesize 0
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,48 @@
+# stand-alone slapd config -- for testing (with indexing)
+# $OpenLDAP: pkg/ldap/tests/data/slapd.conf,v 1.32.2.7 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+include @DATADIR@/test.schema
+
+#
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/slapd2.conf
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/slapd2.conf (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/slapd2.conf 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,43 @@
+# stand-alone slapd config -- for testing (with indexing)
+# $OpenLDAP: pkg/ldap/tests/data/slapd2.conf,v 1.2.2.3 2003/12/15 22:05:29 kur
+ t Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+#
+pidfile @TESTDIR@/slapd.2.pid
+argsfile @TESTDIR@/slapd.2.args
+
+#mod#modulepath ../servers/slapd/back- at BACKEND@/
+#mod#moduleload back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.2.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+index objectClass eq
+index cn,sn,uid pres,eq,sub
+
+#monitor#database monitor
Added: openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.1
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.1 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.1 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,9 @@
+cn=James Jones 1,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: James Jones 1
+givenName: James
+sn: Jones 1
+userpassword:: amFq
+telephoneNumber: +1 313 555 4772
+telephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
Added: openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.2
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.2 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.2 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,10 @@
+cn=James Jones 2,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: James Jones 2
+givenName: James
+sn: Jones 2
+userpassword:: amFq
+telephoneNumber: +1 313 555 4772
+telephoneNumber: +1 313 555 3923
+telephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
Added: openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.3
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.3 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.3 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,10 @@
+cn=James Jones 3,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: James Jones 3
+givenName: James
+sn: Jones 3
+userpassword:: amFq
+telephoneNumber: +1 313 555 4772
+telephoneNumber: +1 313 555 3923
+telephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
Added: openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.4
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.4 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_add.4 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,10 @@
+cn=James Jones 4,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: James Jones 4
+givenName: James
+sn: Jones 4
+userpassword:: amFq
+telephoneNumber: +1 313 555 4772
+telephoneNumber: +1 313 555 3923
+telephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
Added: openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_modrdn.0
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_modrdn.0 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_modrdn.0 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,2 @@
+cn=Mitya Kovalev,dc=example,dc=com
+cn=Torvlobnor Puzdoy,dc=example,dc=com
Added: openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_read.0
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_read.0 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_read.0 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,4 @@
+documentTitle=book1,dc=example,dc=com
+dc=example,dc=com
+cn=Akakiy Zinberstein,dc=example,dc=com
+ou=Referral,dc=example,dc=com
Added: openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_search.0
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_search.0 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/sql-concurrency/do_search.0 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,12 @@
+dc=example,dc=com
+cn=Mitya Kovalev
+cn=Akakiy Zinberstein,dc=example,dc=com
+sn=Zinberstein
+dc=example,dc=com
+cn=James*
+dc=example,dc=com
+sn=*
+dc=example,dc=com
+cn=*
+dc=example,dc=com
+cn=James*
Added: openldap/vendor/openldap-2.3.35/tests/data/sql-read.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/sql-read.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/sql-read.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,520 @@
+# Testing baseobject search...
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+# Testing onelevel search...
+dn: documentTitle=book1,dc=example,dc=com
+objectClass: document
+description: abstract1
+documentTitle: book1
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentAuthor: cn=Torvlobnor Puzdoy,dc=example,dc=com
+documentIdentifier: document 1
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: book2
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+# refldap://localhost:9012/dc=example,dc=com??one
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Torvlobnor Puzdoy
+sn: Puzdoy
+seeAlso: documentTitle=book1,dc=example,dc=com
+givenName: Torvlobnor
+telephoneNumber: 545-4563
+
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+# Testing subtree search...
+dn: documentTitle=book1,dc=example,dc=com
+objectClass: document
+description: abstract1
+documentTitle: book1
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentAuthor: cn=Torvlobnor Puzdoy,dc=example,dc=com
+documentIdentifier: document 1
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: book2
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Torvlobnor Puzdoy
+sn: Puzdoy
+seeAlso: documentTitle=book1,dc=example,dc=com
+givenName: Torvlobnor
+telephoneNumber: 545-4563
+
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+# Testing subtree search with manageDSAit...
+dn: documentTitle=book1,dc=example,dc=com
+objectClass: document
+description: abstract1
+documentTitle: book1
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentAuthor: cn=Torvlobnor Puzdoy,dc=example,dc=com
+documentIdentifier: document 1
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: book2
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+dn: ou=Referral,dc=example,dc=com
+objectClass: referral
+objectClass: extensibleObject
+ou: Referral
+ref: ldap://localhost:9012/
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Torvlobnor Puzdoy
+sn: Puzdoy
+seeAlso: documentTitle=book1,dc=example,dc=com
+givenName: Torvlobnor
+telephoneNumber: 545-4563
+
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+# Testing invalid filter...
+# Testing exact search...
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+# Testing substrings initial search...
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+# Testing substrings any search...
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+# Testing substrings final search...
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+# Testing approx search...
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+# Testing extensible filter search...
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+# Testing search for telephoneNumber...
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+# Testing AND search...
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+# Testing AND search on objectClass...
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+# Testing OR search...
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+# Testing OR search on objectClass...
+dn: documentTitle=book1,dc=example,dc=com
+objectClass: document
+description: abstract1
+documentTitle: book1
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentAuthor: cn=Torvlobnor Puzdoy,dc=example,dc=com
+documentIdentifier: document 1
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: book2
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+# Testing NOT search...
+dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Torvlobnor Puzdoy
+sn: Puzdoy
+seeAlso: documentTitle=book1,dc=example,dc=com
+givenName: Torvlobnor
+telephoneNumber: 545-4563
+
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+# Testing NOT search on objectClass...
+dn: documentTitle=book1,dc=example,dc=com
+objectClass: document
+description: abstract1
+documentTitle: book1
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentAuthor: cn=Torvlobnor Puzdoy,dc=example,dc=com
+documentIdentifier: document 1
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: book2
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+# Testing NOT search on "auxiliary" objectClass...
+dn: documentTitle=book1,dc=example,dc=com
+objectClass: document
+description: abstract1
+documentTitle: book1
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentAuthor: cn=Torvlobnor Puzdoy,dc=example,dc=com
+documentIdentifier: document 1
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: book2
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Torvlobnor Puzdoy
+sn: Puzdoy
+seeAlso: documentTitle=book1,dc=example,dc=com
+givenName: Torvlobnor
+telephoneNumber: 545-4563
+
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+# Testing attribute inheritance in filter...
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+# Testing undefined attribute in filter...
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+# Testing objectClass inheritance in filter...
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Torvlobnor Puzdoy
+sn: Puzdoy
+seeAlso: documentTitle=book1,dc=example,dc=com
+givenName: Torvlobnor
+telephoneNumber: 545-4563
+
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+# Testing "auxiliary" objectClass in filter...
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+# Testing hasSubordinates in filter...
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+# Testing entryUUID in filter...
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+# Testing attribute inheritance in requested attributes...
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+cn: Mitya Kovalev
+sn: Kovalev
+givenName: Mitya
+
+# Testing objectClass in requested attributes...
+dn: documentTitle=book1,dc=example,dc=com
+objectClass: document
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+
+dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
+objectClass: inetOrgPerson
+
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+
+# Testing operational attributes in request...
+dn: documentTitle=book1,dc=example,dc=com
+structuralObjectClass: document
+entryDN: documentTitle=book1,dc=example,dc=com
+subschemaSubentry: cn=Subschema
+hasSubordinates: FALSE
+entryUUID: 00000002-0000-0001-0000-000000000000
+
+dn: documentTitle=book2,dc=example,dc=com
+structuralObjectClass: document
+entryDN: documentTitle=book2,dc=example,dc=com
+subschemaSubentry: cn=Subschema
+hasSubordinates: FALSE
+entryUUID: 00000002-0000-0002-0000-000000000000
+
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+dn: dc=example,dc=com
+structuralObjectClass: organization
+entryDN: dc=example,dc=com
+subschemaSubentry: cn=Subschema
+hasSubordinates: TRUE
+entryUUID: 00000003-0000-0001-0000-000000000000
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+structuralObjectClass: inetOrgPerson
+entryDN: cn=Mitya Kovalev,dc=example,dc=com
+subschemaSubentry: cn=Subschema
+hasSubordinates: FALSE
+entryUUID: 00000001-0000-0001-0000-000000000000
+
+dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
+structuralObjectClass: inetOrgPerson
+entryDN: cn=Torvlobnor Puzdoy,dc=example,dc=com
+subschemaSubentry: cn=Subschema
+hasSubordinates: FALSE
+entryUUID: 00000001-0000-0002-0000-000000000000
+
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+structuralObjectClass: inetOrgPerson
+entryDN: cn=Akakiy Zinberstein,dc=example,dc=com
+subschemaSubentry: cn=Subschema
+hasSubordinates: FALSE
+entryUUID: 00000001-0000-0003-0000-000000000000
+
Added: openldap/vendor/openldap-2.3.35/tests/data/sql-write.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/sql-write.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/sql-write.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,474 @@
+# Using ldapsearch to retrieve all the entries...
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+dn: documentTitle=book1,dc=example,dc=com
+objectClass: document
+description: abstract1
+documentTitle: book1
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentAuthor: cn=Torvlobnor Puzdoy,dc=example,dc=com
+documentIdentifier: document 1
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: book2
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Torvlobnor Puzdoy
+sn: Puzdoy
+seeAlso: documentTitle=book1,dc=example,dc=com
+givenName: Torvlobnor
+telephoneNumber: 545-4563
+
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+# Using ldapsearch to retrieve all the entries...
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+dn: o=An Org,dc=example,dc=com
+objectClass: organization
+o: An Org
+
+dn: documentTitle=book1,dc=example,dc=com
+objectClass: document
+description: abstract1
+documentTitle: book1
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentAuthor: cn=Torvlobnor Puzdoy,dc=example,dc=com
+documentIdentifier: document 1
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: book2
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+dn: cn=Lev Tolstoij,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Lev Tolstoij
+sn: Tolstoij
+seeAlso: documentTitle=War and Peace,dc=example,dc=com
+givenName: Lev
+telephoneNumber: +39 02 XXXX YYYY
+telephoneNumber: +39 02 XXXX ZZZZ
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: cn=Some One,dc=example,dc=com
+objectClass: inetOrgPerson
+objectClass: simpleSecurityObject
+cn: Some One
+sn: One
+givenName: Some
+telephoneNumber: +1 800 900 1234
+telephoneNumber: +1 800 900 1235
+
+dn: dc=subnet,dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: SubNet
+dc: subnet
+
+dn: cn=SubNet User,dc=subnet,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: SubNet User
+sn: User
+givenName: SubNet
+
+dn: dc=subnet2,dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: SubNet 2
+dc: subnet 2
+
+dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Torvlobnor Puzdoy
+sn: Puzdoy
+seeAlso: documentTitle=book1,dc=example,dc=com
+givenName: Torvlobnor
+telephoneNumber: 545-4563
+
+dn: documentTitle=War and Peace,dc=example,dc=com
+objectClass: document
+description: Historical novel
+documentTitle: War and Peace
+documentAuthor: cn=Lev Tolstoij,dc=example,dc=com
+documentIdentifier: document 3
+
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+# Using ldapsearch to retrieve all the entries...
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+dn: o=An Org,dc=example,dc=com
+objectClass: organization
+o: An Org
+
+dn: documentTitle=book1,dc=example,dc=com
+objectClass: document
+description: abstract1
+documentTitle: book1
+documentAuthor: cn=Lev Tolstoij,dc=example,dc=com
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentAuthor: cn=Torvlobnor Puzdoy,dc=example,dc=com
+documentIdentifier: document 1
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: book2
+documentAuthor: cn=Lev Tolstoij,dc=example,dc=com
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+dn: cn=Lev Tolstoij,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Lev Tolstoij
+sn: Tolstoij
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+seeAlso: documentTitle=War and Peace,dc=example,dc=com
+givenName: Lev
+telephoneNumber: +39 02 XXXX ZZZZ
+telephoneNumber: +39 333 ZZZ 1234
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: +1 800 123 4567
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: cn=Some One,dc=example,dc=com
+objectClass: inetOrgPerson
+objectClass: simpleSecurityObject
+cn: Some One
+sn: One
+givenName: Some
+
+dn: dc=subnet,dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: SubNet
+dc: subnet
+
+dn: cn=SubNet User,dc=subnet,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: SubNet User
+sn: User
+givenName: SubNet
+
+dn: dc=subnet2,dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: SubNet 2
+dc: subnet 2
+
+dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Torvlobnor Puzdoy
+sn: Puzdoy
+seeAlso: documentTitle=book1,dc=example,dc=com
+givenName: Torvlobnor
+telephoneNumber: 545-4563
+
+dn: documentTitle=War and Peace,dc=example,dc=com
+objectClass: document
+description: Historical novel
+documentTitle: War and Peace
+documentAuthor: cn=Lev Tolstoij,dc=example,dc=com
+documentIdentifier: document 3
+
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+# Using ldapsearch to retrieve all the entries...
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+dn: o=An Org,dc=example,dc=com
+objectClass: organization
+o: An Org
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: book2
+documentAuthor: cn=Lev Tolstoij,dc=example,dc=com
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+dn: cn=Lev Tolstoij,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Lev Tolstoij
+sn: Tolstoij
+seeAlso: documentTitle=book2,dc=example,dc=com
+seeAlso: documentTitle=War and Peace,dc=example,dc=com
+givenName: Lev
+telephoneNumber: +39 02 XXXX ZZZZ
+telephoneNumber: +39 333 ZZZ 1234
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: +1 800 123 4567
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: cn=Some One,dc=example,dc=com
+objectClass: inetOrgPerson
+objectClass: simpleSecurityObject
+cn: Some One
+sn: One
+givenName: Some
+
+dn: dc=subnet,dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: SubNet
+dc: subnet
+
+dn: cn=SubNet User,dc=subnet,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: SubNet User
+sn: User
+givenName: SubNet
+
+dn: documentTitle=War and Peace,dc=example,dc=com
+objectClass: document
+description: Historical novel
+documentTitle: War and Peace
+documentAuthor: cn=Lev Tolstoij,dc=example,dc=com
+documentIdentifier: document 3
+
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+# Using ldapsearch to retrieve all the entries...
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+dn: cn=Lev Tolstoij,dc=subnet,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Lev Tolstoij
+sn: Tolstoij
+seeAlso: documentTitle=Renamed Book,dc=example,dc=com
+seeAlso: documentTitle=War and Peace,dc=example,dc=com
+givenName: Lev
+telephoneNumber: +39 02 XXXX ZZZZ
+telephoneNumber: +39 333 ZZZ 1234
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=Renamed Book,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: +1 800 123 4567
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: documentTitle=Renamed Book,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: Renamed Book
+documentAuthor: cn=Lev Tolstoij,dc=subnet,dc=example,dc=com
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+dn: o=Renamed Org,dc=example,dc=com
+objectClass: organization
+o: Renamed Org
+
+dn: cn=Some One,dc=example,dc=com
+objectClass: inetOrgPerson
+objectClass: simpleSecurityObject
+cn: Some One
+sn: One
+givenName: Some
+
+dn: dc=subnet,dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: SubNet
+dc: subnet
+
+dn: cn=SubNet User,dc=subnet,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: SubNet User
+sn: User
+givenName: SubNet
+
+dn: documentTitle=War and Peace,dc=example,dc=com
+objectClass: document
+description: Historical novel
+documentTitle: War and Peace
+documentAuthor: cn=Lev Tolstoij,dc=subnet,dc=example,dc=com
+documentIdentifier: document 3
+
+# refldap://localhost:9012/dc=example,dc=com??sub
+
+# Using ldapsearch to retrieve the modified entry...
+dn: ou=Referral,dc=example,dc=com
+objectClass: referral
+objectClass: extensibleObject
+ou: Referral
+ref: ldap://localhost:9009/
+
+# Using ldapsearch to retrieve the renamed entry...
+dn: ou=Renamed Referral,dc=example,dc=com
+objectClass: referral
+objectClass: extensibleObject
+ou: Renamed Referral
+ref: ldap://localhost:9009/
+
+# Using ldapsearch to retrieve all the entries...
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+dn: cn=Lev Tolstoij,dc=subnet,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Lev Tolstoij
+sn: Tolstoij
+seeAlso: documentTitle=Renamed Book,dc=example,dc=com
+seeAlso: documentTitle=War and Peace,dc=example,dc=com
+givenName: Lev
+telephoneNumber: +39 02 XXXX ZZZZ
+telephoneNumber: +39 333 ZZZ 1234
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=Renamed Book,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: +1 800 123 4567
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: documentTitle=Renamed Book,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: Renamed Book
+documentAuthor: cn=Lev Tolstoij,dc=subnet,dc=example,dc=com
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+dn: o=Renamed Org,dc=example,dc=com
+objectClass: organization
+o: Renamed Org
+
+dn: cn=Some One,dc=example,dc=com
+objectClass: inetOrgPerson
+objectClass: simpleSecurityObject
+cn: Some One
+sn: One
+givenName: Some
+
+dn: dc=subnet,dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: SubNet
+dc: subnet
+
+dn: cn=SubNet User,dc=subnet,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: SubNet User
+sn: User
+givenName: SubNet
+
+dn: documentTitle=War and Peace,dc=example,dc=com
+objectClass: document
+description: Historical novel
+documentTitle: War and Peace
+documentAuthor: cn=Lev Tolstoij,dc=subnet,dc=example,dc=com
+documentIdentifier: document 3
+
+# refldap://localhost:9009/dc=example,dc=com??sub
+
Added: openldap/vendor/openldap-2.3.35/tests/data/subtree-rename.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/subtree-rename.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/subtree-rename.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,97 @@
+# Searching all database (after add)...
+dn: ou=Another parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Another parent
+
+dn: ou=Child,ou=Parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Child
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: ou=Grandchild,ou=Child,ou=Parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Grandchild
+
+dn: ou=Parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Parent
+
+# Searching all database (after PASS1)...
+dn: ou=Another parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Another parent
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: ou=Grandchild,ou=Renamed child,ou=Parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Grandchild
+
+dn: ou=Parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Parent
+
+dn: ou=Renamed child,ou=Parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Child
+ou: Renamed child
+
+# Searching all database (after PASS2)...
+dn: ou=Another parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Another parent
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: ou=Grandchild,ou=Renamed child,ou=Renamed parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Grandchild
+
+dn: ou=Renamed child,ou=Renamed parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Child
+ou: Renamed child
+
+dn: ou=Renamed parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Parent
+ou: Renamed parent
+
+# Searching all database (after PASS3)...
+dn: ou=Another parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Another parent
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: ou=Grandchild,ou=Renamed child,ou=Another parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Grandchild
+
+dn: ou=Renamed child,ou=Another parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Child
+ou: Renamed child
+
+dn: ou=Renamed parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Parent
+ou: Renamed parent
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-chain1.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-chain1.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-chain1.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,374 @@
+#LEAD COMMENT
+dn: dc=example,dc=com
+#EMBEDDED COMMENT
+objectclass: top
+objectclass: organization
+objectclass: domainRelatedObject
+objectclass: dcobject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephonenumber: +1 313 555 1817
+associateddomain: example.com
+
+dn: ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: ou=Groups,dc=example,dc=com
+objectclass: referral
+objectclass: extensibleobject
+ou: Groups
+ref: @URI2 at ou=Groups,dc=example,dc=com
+
+dn: ou=Other,dc=example,dc=com
+objectclass: referral
+objectclass: extensibleobject
+ou: Other
+# invalid URI first to test failover capabilities (search only)
+ref: @URI3 at ou=Other,dc=example,dc=com
+ref: @URI2 at ou=Other,dc=example,dc=com
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Alumni Association
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectclass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postaladdress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homepostaladdress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homephone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimiletelephonenumber: +1 313 555 2274
+telephonenumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectclass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: Ympvcm4=
+homepostaladdress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postaladdress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homephone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimiletelephonenumber: +1 313 555 2177
+telephonenumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homepostaladdress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimiletelephonenumber: +1 313 555 3223
+telephonenumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homephone: +1 313 555 0454
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: amFq
+homepostaladdress: 3882 Beverly Rd. $ Anytown, MI 48105
+homephone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimiletelephonenumber: +1 313 555 4332
+telephonenumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectclass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 933 Brooks $ Anytown, MI 48104
+homephone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postaladdress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimiletelephonenumber: +1 313 555 8688
+telephonenumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homephone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimiletelephonenumber: +1 313 555 2311
+telephonenumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homepostaladdress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homephone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimiletelephonenumber: +1 313 555 2756
+telephonenumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postaladdress: ITD $ 535 W. William $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homephone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimiletelephonenumber: +1 313 555 4544
+telephonenumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectclass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userpassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 199 Outer Drive $ Ypsilanti, MI 48198
+homephone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimiletelephonenumber: +1 313 555 7762
+telephonenumber: +1 313 555 4177
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homephone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimiletelephonenumber: +1 313 555 9700
+telephonenumber: +1 313 555 5331
Added: openldap/vendor/openldap-2.3.35/tests/data/test-chain2.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-chain2.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-chain2.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,88 @@
+#LEAD COMMENT
+dn: dc=example,dc=com
+#EMBEDDED COMMENT
+objectclass: top
+objectclass: organization
+objectclass: domainRelatedObject
+objectclass: dcobject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephonenumber: +1 313 555 1817
+associateddomain: example.com
+
+dn: ou=People,dc=example,dc=com
+objectClass: referral
+objectclass: extensibleObject
+ou: People
+ref: @URI1 at ou=People,dc=example,dc=com
+
+dn: ou=Groups,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Groups
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectclass: groupofnames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectclass: groupofnames
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectclass: groupofuniquenames
+uniquemember: cn=Manager,dc=example,dc=com
+uniquemember: cn=Bjorn Jensen,OU=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniquemember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniquemember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=Manager,dc=example,dc=com
+objectclass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userpassword:: c2VjcmV0
+
+dn: ou=Other,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Other
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-compmatch.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-compmatch.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-compmatch.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,483 @@
+#LEAD COMMENT
+dn: dc=example,dc=com
+#EMBEDDED COMMENT
+objectclass: top
+objectclass: organization
+objectclass: domainRelatedObject
+objectclass: dcobject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephonenumber: +1 313 555 1817
+associateddomain: example.com
+
+dn: ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: ou=Groups,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Groups
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Alumni Association
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectclass: groupofnames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectclass: groupofnames
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectclass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postaladdress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homepostaladdress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homephone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimiletelephonenumber: +1 313 555 2274
+telephonenumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectclass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: Ympvcm4=
+homepostaladdress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postaladdress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homephone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimiletelephonenumber: +1 313 555 2177
+telephonenumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homepostaladdress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimiletelephonenumber: +1 313 555 3223
+telephonenumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homephone: +1 313 555 0454
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectclass: groupofuniquenames
+uniquemember: cn=Manager,dc=example,dc=com
+uniquemember: cn=Bjorn Jensen,OU=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniquemember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniquemember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: amFq
+homepostaladdress: 3882 Beverly Rd. $ Anytown, MI 48105
+homephone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimiletelephonenumber: +1 313 555 4332
+telephonenumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectclass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 933 Brooks $ Anytown, MI 48104
+homephone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postaladdress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimiletelephonenumber: +1 313 555 8688
+telephonenumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homephone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimiletelephonenumber: +1 313 555 2311
+telephonenumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homepostaladdress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homephone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimiletelephonenumber: +1 313 555 2756
+telephonenumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postaladdress: ITD $ 535 W. William $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homephone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimiletelephonenumber: +1 313 555 4544
+telephonenumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectclass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userpassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 199 Outer Drive $ Ypsilanti, MI 48198
+homephone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimiletelephonenumber: +1 313 555 7762
+telephonenumber: +1 313 555 4177
+
+dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+objectclass: extensibleObject
+uid: charlie
+cn: charlie
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDVQQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MONBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnAKUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUAzNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTySuz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5UedAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4XrEkBJ/Q=
+
+dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+objectclass: extensibleObject
+uid: charlie
+cn: beta
+sn: Jee
+userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDVQQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MONBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnAKUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUAzNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTySuz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5UedAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4XrEkBJ/Q=
+certificateRevocationList;binary:: MIIP0TCCDrkCAQEwDQYJKoZIhvcNAQEFBQAwgZMxCzA
+ JBgNVBAYTAkFVMSswKQYDVQQKEyJDZXJ0aWZpY2F0ZXMgQXVzdHJhbGlhIFB0eSBMaW1pdGVkMSUw
+ IwYDVQQDExxDQVBMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTAwLgYKCZImiZPyLGQBAxQgY2FAY
+ 2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUXDTAzMDcyMjAxMzAyMFoXDTAzMTEwMzAxMzUyMF
+ owgg27MCMCBDi/biUXDTAwMDMwNjA2MjEzM1owDDAKBgNVHRUEAwoBBDAjAgQ5Il0KFw0wMDA1MjM
+ wODAwNDNaMAwwCgYDVR0VBAMKAQQwIwIEOSo6ZxcNMDAwNTI5MDIyNTQzWjAMMAoGA1UdFQQDCgEE
+ MCMCBDkx1QAXDTAwMDUyOTAzMzYwMVowDDAKBgNVHRUEAwoBBDAjAgQ5Pd7GFw0wMDA2MDcwNTM3M
+ jRaMAwwCgYDVR0VBAMKAQQwIwIEOUcavBcNMDAwNjE0MDc0MjExWjAMMAoGA1UdFQQDCgEEMCMCBD
+ lIlLYXDTAwMDYxNTA4MzY1NlowDDAKBgNVHRUEAwoBBDAjAgQ5SeOkFw0wMDA2MTYwODIzMDVaMAw
+ wCgYDVR0VBAMKAQQwIwIEOUiGjRcNMDAwNjE2MDgyMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ30oX
+ DTAwMDYyOTA4MDQyM1owDDAKBgNVHRUEAwoBBDAjAgQ5SdUjFw0wMDA2MjkwODA1NDVaMAwwCgYDV
+ R0VBAMKAQQwIwIEOTHlfRcNMDAwNjMwMDYwNjA1WjAMMAoGA1UdFQQDCgEEMCMCBDkzV6EXDTAwMD
+ YzMDA2MDYxMVowDDAKBgNVHRUEAwoBBDAjAgQ5SIFOFw0wMDA2MzAwNjA2MjFaMAwwCgYDVR0VBAM
+ KAQQwIwIEOUiCbBcNMDAwNjMwMDYwNjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlIgzkXDTAwMDYzMDA2
+ MDYzNlowDDAKBgNVHRUEAwoBBDAjAgQ5SIQEFw0wMDA2MzAwNjA2NDFaMAwwCgYDVR0VBAMKAQQwI
+ wIEOUiFBBcNMDAwNjMwMDYwNjQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlIhfQXDTAwMDYzMDA2MDY1NV
+ owDDAKBgNVHRUEAwoBBDAjAgQ5SIcmFw0wMDA2MzAwNjA3MDJaMAwwCgYDVR0VBAMKAQQwIwIEOUi
+ H4hcNMDAwNjMwMDYwNzA4WjAMMAoGA1UdFQQDCgEEMCMCBDlIiGUXDTAwMDYzMDA2MDcxNFowDDAK
+ BgNVHRUEAwoBBDAjAgQ5SIjaFw0wMDA2MzAwNjA3NDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiJhRcNM
+ DAwNjMwMDYwNzU3WjAMMAoGA1UdFQQDCgEEMCMCBDlIjoIXDTAwMDYzMDA2MDgwNFowDDAKBgNVHR
+ UEAwoBBDAjAgQ5SI89Fw0wMDA2MzAwNjA4MTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiP1RcNMDAwNjM
+ wMDYwODE1WjAMMAoGA1UdFQQDCgEEMCMCBDlIkEoXDTAwMDYzMDA2MDg0NVowDDAKBgNVHRUEAwoB
+ BDAjAgQ5SJC7Fw0wMDA2MzAwNjA4NTBaMAwwCgYDVR0VBAMKAQQwIwIEOUiReRcNMDAwNjMwMDYwO
+ DU2WjAMMAoGA1UdFQQDCgEEMCMCBDlIkgMXDTAwMDYzMDA2MDkwNFowDDAKBgNVHRUEAwoBBDAjAg
+ Q5SJKqFw0wMDA2MzAwNjA5MDlaMAwwCgYDVR0VBAMKAQQwIwIEOUiTJhcNMDAwNjMwMDYwOTE2WjA
+ MMAoGA1UdFQQDCgEEMCMCBDlIk5AXDTAwMDYzMDA2MDkyMVowDDAKBgNVHRUEAwoBBDAjAgQ5SJQ3
+ Fw0wMDA2MzAwNjA5MjZaMAwwCgYDVR0VBAMKAQQwIwIEOUiVXhcNMDAwNjMwMDYwOTMyWjAMMAoGA
+ 1UdFQQDCgEEMCMCBDlIlgcXDTAwMDYzMDA2MDkzOFowDDAKBgNVHRUEAwoBBDAjAgQ5SJazFw0wMD
+ A2MzAwNjA5NDZaMAwwCgYDVR0VBAMKAQQwIwIEOUiXPxcNMDAwNjMwMDYwOTUxWjAMMAoGA1UdFQQ
+ DCgEEMCMCBDlIl7IXDTAwMDYzMDA2MDk1OFowDDAKBgNVHRUEAwoBBDAjAgQ5SJg0Fw0wMDA2MzAw
+ NjEwMDRaMAwwCgYDVR0VBAMKAQQwIwIEOUiZBBcNMDAwNjMwMDYxMDA5WjAMMAoGA1UdFQQDCgEEM
+ CMCBDlJzksXDTAwMDYzMDA2MTAxNVowDDAKBgNVHRUEAwoBBDAjAgQ5Sc64Fw0wMDA2MzAwNjEwMj
+ FaMAwwCgYDVR0VBAMKAQQwIwIEOUnPVxcNMDAwNjMwMDYxMDI3WjAMMAoGA1UdFQQDCgEEMCMCBDl
+ J0BAXDTAwMDYzMDA2MTAzNVowDDAKBgNVHRUEAwoBBDAjAgQ5SdDKFw0wMDA2MzAwNjEwNDNaMAww
+ CgYDVR0VBAMKAQQwIwIEOUnRZRcNMDAwNjMwMDYxMDQ5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ0d0XD
+ TAwMDYzMDA2MTA1N1owDDAKBgNVHRUEAwoBBDAjAgQ5SdJ4Fw0wMDA2MzAwNjExMTVaMAwwCgYDVR
+ 0VBAMKAQQwIwIEOUnTDBcNMDAwNjMwMDYxMTIxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ04oXDTAwMDY
+ zMDA2MTEyN1owDDAKBgNVHRUEAwoBBDAjAgQ5SdQSFw0wMDA2MzAwNjExMzNaMAwwCgYDVR0VBAMK
+ AQQwIwIEOUnUoBcNMDAwNjMwMDYxMTM5WjAMMAoGA1UdFQQDCgEEMCMCBDlJ2SQXDTAwMDYzMDA2M
+ TE1M1owDDAKBgNVHRUEAwoBBDAjAgQ5SdmwFw0wMDA2MzAwNjEyMDVaMAwwCgYDVR0VBAMKAQQwIw
+ IEOUnaTBcNMDAwNjMwMDYxMjExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ2vYXDTAwMDYzMDA2MTIxN1o
+ wDDAKBgNVHRUEAwoBBDAjAgQ5SducFw0wMDA2MzAwNjEyMjNaMAwwCgYDVR0VBAMKAQQwIwIEOUnc
+ IRcNMDAwNjMwMDYxMjI4WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3KQXDTAwMDYzMDA2MTIzM1owDDAKB
+ gNVHRUEAwoBBDAjAgQ5Sd2xFw0wMDA2MzAwNjEyNDBaMAwwCgYDVR0VBAMKAQQwIwIEOUneRBcNMD
+ AwNjMwMDYxMjQ1WjAMMAoGA1UdFQQDCgEEMCMCBDlJ3skXDTAwMDYzMDA2MTI1MVowDDAKBgNVHRU
+ EAwoBBDAjAgQ5Sd/IFw0wMDA2MzAwNjEzMDJaMAwwCgYDVR0VBAMKAQQwIwIEOUngPRcNMDAwNjMw
+ MDYxMzExWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4M8XDTAwMDYzMDA2MTMyMFowDDAKBgNVHRUEAwoBB
+ DAjAgQ5SeE/Fw0wMDA2MzAwNjEzMjVaMAwwCgYDVR0VBAMKAQQwIwIEOUnh2BcNMDAwNjMwMDYxMz
+ MxWjAMMAoGA1UdFQQDCgEEMCMCBDlJ4mgXDTAwMDYzMDA2MTMzOVowDDAKBgNVHRUEAwoBBDAjAgQ
+ 5SeQvFw0wMDA2MzAwNjEzNDRaMAwwCgYDVR0VBAMKAQQwIwIEOVsGJRcNMDAwNjMwMDYxMzUwWjAM
+ MAoGA1UdFQQDCgEEMCMCBDlbBusXDTAwMDYzMDA2MTM1NlowDDAKBgNVHRUEAwoBBDAjAgQ5XEKPF
+ w0wMDA3MTMwOTAwMzhaMAwwCgYDVR0VBAMKAQQwIwIEOVxEKRcNMDAwNzEzMDkwMDQ1WjAMMAoGA1
+ UdFQQDCgEEMCMCBDlcRukXDTAwMDcyNjA2MjkyN1owDDAKBgNVHRUEAwoBBDAjAgQ5fohgFw0wMDA
+ 3MjYwNjQ2NTFaMAwwCgYDVR0VBAMKAQQwIwIEOaNqPBcNMDAwODIzMDYwOTQxWjAMMAoGA1UdFQQD
+ CgEFMCMCBDlcX2QXDTAwMDgzMTA3MTM1OFowDDAKBgNVHRUEAwoBBDAjAgQ5YsflFw0wMDA5MDEwM
+ TQwMjRaMAwwCgYDVR0VBAMKAQQwIwIEOWGHDRcNMDAwOTA2MDcwMTE2WjAMMAoGA1UdFQQDCgEEMC
+ MCBDliz/4XDTAwMDkwNjA3MDcwNVowDDAKBgNVHRUEAwoBBDAjAgQ5m3S6Fw0wMDA5MjAwNzA2NTd
+ aMAwwCgYDVR0VBAMKAQQwIwIEOy6/hhcNMDEwNzAzMDYxMDQyWjAMMAoGA1UdFQQDCgEEMCMCBDtB
+ Yw4XDTAxMDcwMzA2MTkxNlowDDAKBgNVHRUEAwoBBDAjAgQ7MEG6Fw0wMTA3MTAwODA5NTNaMAwwC
+ gYDVR0VBAMKAQQwIwIEOy68CxcNMDEwNzExMDYxMzI5WjAMMAoGA1UdFQQDCgEEMCMCBDswSOsXDT
+ AxMDgwMTA0MTkyM1owDDAKBgNVHRUEAwoBBTAjAgQ7MYgeFw0wMTA4MDEwNDIwMDJaMAwwCgYDVR0
+ VBAMKAQQwIwIEOzGHeBcNMDEwODAyMDI0NTM4WjAMMAoGA1UdFQQDCgEEMCMCBDsuveEXDTAxMDgz
+ MDA2MjIwOFowDDAKBgNVHRUEAwoBBDAjAgQ7jdxLFw0wMTA4MzAwNjQzMjRaMAwwCgYDVR0VBAMKA
+ QQwIwIEOy67QxcNMDExMTIxMDYyMDUzWjAMMAoGA1UdFQQDCgEEMCMCBDsDNXcXDTAyMDUxNzA4ND
+ Y0MlowDDAKBgNVHRUEAwoBBDAjAgQ7AzXMFw0wMjA1MTcwODQ2NTdaMAwwCgYDVR0VBAMKAQSgMjA
+ wMAsGA1UdFAQEAgIQoDATBgNVHSMEDDAKgAhISAKVrWisNzAMBgNVHRwBAf8EAjAAMA0GCSqGSIb3
+ DQEBBQUAA4IBAQA1xNXgyrtVB5LSOc76JF+aJzf8IfJGqF04CMzbo4lDpec/LgOrTSFV223ccJzuq
+ cnxGUfDbXFfSWDHGnj9HLLTCkrS3clL1TPVjGXg5mFu1l6DCfcP2v4i4dlradNYDQg/AVBoJsYa3l
+ efSFHw8RFXNHJWwIjJA6J0CBJ/8Uq2ywr8umdndb10RLtPWp66A7wxu7OvTjt68d3LgSniQ0mIJCn
+ 4ooE30oF/ew0EznbxlSCNRPpB8jYYJTibGrTUVU43lr8h3URIgBkA4InOhuDv0ePMSCDSxBUhY0+G
+ eKo+YiXHy4SGUGLakahuq/hlGTRJJUddqFA1dNZdOUl23nVE
Added: openldap/vendor/openldap-2.3.35/tests/data/test-dn.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-dn.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-dn.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,362 @@
+# Tree Structure
+dn: dc=example,dc=com
+objectClass: domain
+objectClass: domainRelatedObject
+dc: example
+associatedDomain: example.com
+
+dn: ou=LDAPv3,dc=example,dc=com
+objectClass: organizationalUnit
+ou: LDAPv3
+description: RFC 2253 compliant DN string representation
+
+dn: cn=Must Succeed,ou=LDAPv3,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Succeed
+# at least one member must be present; thus we use the entry's DN
+member: cn=Must Succeed,ou=LDAPv3,dc=example,dc=com
+# specific DN forms
+member:
+member: UID=jsmith,DC=example,DC=net
+member: OU=Sales+CN=J. Smith,DC=example,DC=net
+member: CN=John Smith\, III,DC=example,DC=net
+member: OU=Sales\; Data\+Algorithms,DC=example,DC=net
+member: CN=Before\0dAfter,DC=example,DC=net
+member: CN=\23John Smith\20,DC=example,DC=net
+member: CN=Lu\C4\8Di\C4\87
+member: testUUID=597ae2f6-16a6-1027-98f4-abcdefABCDEF,DC=Example
+# DN forms already defined as "member" in a different string representation
+seeAlso: CN=John Smith\2C III,DC=example,DC=net
+seeAlso: OU=Sales\3B Data\2BAlgorithms,DC=example,DC=net
+seeAlso: CN=\#John Smith\ ,DC=example,DC=net
+# comment
+description: "member" values contain specific DN forms;
+description: "seeAlso" values contain DN forms already defined as "member",
+description: but in a different string representation;
+description: the following "description" values contain the "member" and
+description: "seeAlso" DN string representations used above.
+# list here all string representations used above in "member" and "seeAlso"
+description: ""
+description: UID=jsmith,DC=example,DC=net
+description: OU=Sales+CN=J. Smith,DC=example,DC=net
+description: CN=John Smith\, III,DC=example,DC=net
+description: CN=John Smith\2C III,DC=example,DC=net
+description: OU=Sales\; Data\+Algorithms,DC=example,DC=net
+description: OU=Sales\3B Data\2BAlgorithms,DC=example,DC=net
+description: CN=Before\0dAfter,DC=example,DC=net
+description: CN=\23John Smith\20,DC=example,DC=net
+description: CN=\#John Smith\ ,DC=example,DC=net
+description: CN=Lu\C4\8Di\C4\87
+description: testUUID=597ae2f6-16a6-1027-98f4-abcdefABCDEF,DC=Example
+
+dn: cn=Should Succeed,ou=LDAPv3,dc=example,dc=com
+objectClass: groupOfNames
+cn: Should Succeed
+member: cn=Should Succeed,ou=LDAPv3,dc=example,dc=com
+member: 1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com
+member: 1.1.1=
+description: 1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com
+description: 1.1.1=
+
+dn: cn=Unescaped Equals,ou=LDAPv3,dc=example,dc=com
+objectClass: groupOfNames
+cn: Unescaped Equals
+member: cn=Unescaped Equals,ou=LDAPv3,dc=example,dc=com
+member: cn=A*x=b is a linear algebra problem,ou=LDAPv3,dc=example,dc=com
+description: cn=A*x=b is a linear algebra problem,ou=LDAPv3,dc=example,dc=com // unescaped EQUALS
+
+dn: cn=Must Fail 1,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 1
+member: uid;x-option=jsmith
+description: uid;x-option=jsmith // option
+
+dn: cn=Must Fail 2,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 2
+member: at_tr=jsmith
+description: at_tr=jsmith // invalid attribute type name
+
+dn: cn=Must Fail 3,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 3
+member: -attr=jsmith
+description: -attr=jsmith // invalid attribute type name
+
+dn: cn=Must Fail 4,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 4
+
+dn: cn=Must Fail 5,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 5
+member: 1..1=jsmith
+description: 1..1=jsmith // invalid numeric OID
+
+dn: cn=Must Fail 6,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 6
+member: 1.1.=jsmith
+description: 1.1.=jsmith // invalid numeric OID
+
+dn: cn=Must Fail 7,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 7
+member: 01.1=jsmith
+description: 01.1=jsmith // invalid numeric OID
+
+dn: cn=Must Fail 8,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 8
+member: 1.ff=jsmith
+description: 1.ff=jsmith // invalid numeric OID
+
+dn: cn=Must Fail 9,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 9
+member: 1.1.1=#GG
+description: 1.1.1=#GG // invalid HEX form
+
+dn: cn=Must Fail 10,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 10
+member: 1.1.1=#000
+description: 1.1.1=#000 // invalid HEX form
+
+dn: cn=Must Fail 11,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 11
+member: 1.1.1=#F
+description: 1.1.1=#F // invalid HEX form
+
+dn: cn=Must Fail 12,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 12
+member: 1.1.1=#
+description: 1.1.1=# // invalid HEX form
+
+dn: cn=Must Fail 13,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 13
+member: UID=jsmith,,DC=example,DC=net
+description: UID=jsmith,,DC=example,DC=net // extra comma
+
+dn: cn=Must Fail 14,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 14
+member: UID=john,smith
+description: UID=john,smith // unescaped ,
+
+dn: cn=Must Fail 15,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 15
+member: UID=john+smith
+description: UID=john+smith // unescaped +
+
+dn: cn=Must Fail 16,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 16
+member: UID=john\?smith
+description: UID=john\?smith // invalid escape of ? or unescaped \
+
+dn: cn=Must Fail 17,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 17
+member: UID=john\Fsmith
+description: UID=john\Fsmith // invalid HEX escape
+
+dn: cn=Must Fail 18,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Must Fail 18
+member: UID=john\GGsmith
+description: UID=john\GGsmith // invalid HEX escape
+
+# String representations we should accept for compatibility with RFC1779
+dn: ou=LDAPv2,dc=example,dc=com
+objectClass: organizationalUnit
+ou: LDAPv2
+description: RFC 1779 compliant DN string representation
+
+dn: cn=May Succeed 1,ou=LDAPv2,dc=example,dc=com
+objectClass: groupOfNames
+cn: May Succeed 1
+member:
+description: " " // space, quote characters (") are not part of the string
+
+dn: cn=May Succeed 2,ou=LDAPv2,dc=example,dc=com
+objectClass: groupOfNames
+cn: May Succeed 2
+member: OID.0.9.2342.19200300.100.1.1=jsmith
+description: OID.0.9.2342.19200300.100.1.1=jsmith // invalid attribute type name
+
+dn: cn=May Succeed 3,ou=LDAPv2,dc=example,dc=com
+objectClass: groupOfNames
+cn: May Succeed 3
+member: UID=jsmith, O=example, C=US
+description: UID=jsmith, O=example, C=US // spaces
+
+dn: cn=May Succeed 4,ou=LDAPv2,dc=example,dc=com
+objectClass: groupOfNames
+cn: May Succeed 4
+member: UID=jsmith;O=example;C=US
+description: UID=jsmith;O=example;C=US // semi-colons
+
+dn: cn=May Succeed 5,ou=LDAPv2,dc=example,dc=com
+objectClass: groupOfNames
+cn: May Succeed 5
+member: <UID=jsmith,O=example,C=US>
+description: <UID=jsmith,O=example,C=US> // brackets
+
+dn: cn=May Succeed 6,ou=LDAPv2,dc=example,dc=com
+objectClass: groupOfNames
+cn: May Succeed 6
+member: CN="John Smith",O=example,C=US
+description: CN="John Smith",O=example,C=US // quotes
+
+# Other DN-related syntaxes
+dn: ou=Related Syntaxes,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Related Syntaxes
+
+# Name and Optional UID
+dn: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
+objectClass: groupOfUniqueNames
+cn: Name and Optional UID
+uniqueMember: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
+uniqueMember: #'1'B
+uniqueMember: #'0010'B
+uniqueMember: dc=example,dc=com#'1000'B
+uniqueMember: dc=example,dc=com#'0'B
+description: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com // only DN portion
+description: #'1'B // empty "" DN
+description: #'0010'B // empty "" DN with leading '0's
+description: dc=example,dc=com#'1000'B // with DN portion
+description: dc=example,dc=com#'0'B // with DN portion and just one '0'
+
+dn: cn=Should Fail 1,cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
+objectClass: groupOfUniqueNames
+cn: Should Fail 1
+uniqueMember: #'1234'B
+description: #'1234'B // illegal digits other than '0' and '1'
+
+dn: cn=Should Fail 2,cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
+objectClass: groupOfUniqueNames
+cn: Should Fail 2
+uniqueMember: #'12ABCD'B
+description: #'12ABCD'B // illegal digits and chars other than '0' and '1'
+
+dn: cn=Should Parse as DN,cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
+objectClass: groupOfUniqueNames
+cn: Should Parse as DN
+uniqueMember: dc=example,dc=com#0'B
+uniqueMember: dc=example,dc=com#'0B
+uniqueMember: dc=example,dc=com '0'B
+description: dc=example,dc=com#0'B // malformed UID?
+description: dc=example,dc=com#'0B // malformed UID?
+description: dc=example,dc=com '0'B // malformed UID?
+
+# UID=jsmith,DC=example,DC=net [AoOn]
+# 304631133011060A0992268993F22C64011916036E657431 [AoO]
+# 173015060A0992268993F22C64011916076578616D706C65
+# 31163014060A0992268993F22C64010113066A736D697468
+#
+# OU=Sales+CN=J. Smith,DC=example,DC=net [AoOn]
+# 304F31133011060A0992268993F22C64011916036E657431 [AoO]
+# 173015060A0992268993F22C64011916076578616D706C65
+# 311F300C060355040B130553616C6573300F060355040313
+# 084A2E20536D697468
+#
+# CN=John Smith\, III,DC=example,DC=net [AoOn]
+# 304831133011060A0992268993F22C64011916036E657431 [AoO]
+# 173015060A0992268993F22C64011916076578616D706C65
+# 311830160603550403130F4A6F686E20536D6974682C2049
+# 4949
+#
+# CN=John Smith\2C III,DC=example,DC=net [AoOn]
+# 304831133011060A0992268993F22C64011916036E657431 [AoO]
+# 173015060A0992268993F22C64011916076578616D706C65
+# 311830160603550403130F4A6F686E20536D6974682C2049
+# 4949
+#
+# CN=Before\0dAfter,DC=example,DC=net [AoOn]
+# 304531133011060A0992268993F22C64011916036E657431 [AoO]
+# 173015060A0992268993F22C64011916076578616D706C65
+# 3115301306035504030C0C4265666F72650D4166746572
+#
+# CN=\23John Smith\20,DC=example,DC=net [AoOn]
+# 304531133011060A0992268993F22C64011916036E657431 [AoO]
+# 173015060A0992268993F22C64011916076578616D706C65
+# 311530130603550403140C234A6F686E20536D69746820
+#
+# CN=\#John Smith\ ,DC=example,DC=net [AoOn]
+# 304531133011060A0992268993F22C64011916036E657431 [AoO]
+# 173015060A0992268993F22C64011916076578616D706C65
+# 311530130603550403140C234A6F686E20536D69746820
+#
+# FIXME: currently doesn't work
+# 1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com [AoOn]
+# 304031133011060A0992268993F22C64011916036E657431 [AoO]
+# 173015060A0992268993F22C64011916076578616D706C65
+# 3110300E06082B060104018B3A0004024869
+#
+# CN=Lu\C4\8Di\C4\87 [AoOn]
+# 30123110300E06035504030C074C75C48D69C487 [AoO]
+#
+# FIXME: currently doesn't work
+# 1.1.1= // empty value [AoO]
+# 300A31083006060229011300 [AoO]
+#
+#Invalid DNs
+# // some implementations may be liberal in what they accept
+# // but should strict in what they produce.
+#
+# uid;x-option=jsmith // option [oOn]
+#
+# at_tr=jsmith // invalid attribute type name [AoOn]
+#
+# -attr=jsmith // invalid attribute type name [AoOn]
+#
+# 1..1=jsmith // invalid numeric OID [AoO]
+#
+# 1.1.=jsmith // invalid numeric OID [AoO]
+#
+# 01.1=jsmith // invalid numeric OID [oO]
+#
+# 1.ff=jsmith // invalid numeric OID [AoOn]
+#
+# 1.1.1=#GG // invalid HEX form [AoOn]
+#
+# 1.1.1=#000 // invalid HEX form [AoO]
+#
+# 1.1.1=#F // invalid HEX form [AoO]
+#
+# 1.1.1=# // invalid HEX form [AoO]
+#
+# UID=jsmith,,DC=example,DC=net // extra comma [AoOn]
+#
+# UID=john,smith // unescaped , [AoOn]
+#
+# UID=john+smith // unescaped + [AoOn]
+#
+# UID=john\?smith // invalid escape of ? or unescaped \ [oOn]
+#
+# UID=john\Fsmith // invalid hex escape [AoOn]
+#
+# UID=john\GGsmith // invalid hex escape [oOn]
+#
+#The following strings are invalid for use in LDAPv3, but were
+#legal in LDAPv2 (RFC 1779). Some LDAPv3 implementations are
+#liberal in accepting these but should not generate them.
+#
+# " " // space, quote characters (") are not part of the string
+#
+# OID.1.1=jsmith // invalid attribute type name
+#
+# UID=jsmith, O=example, C=US // spaces
+#
+# UID=jsmith;O=example;C=US // semi-colons
+#
+# <UID=jsmith,O=example,C=US> // brackets [AoOn]
+#
+# CN="John Smith",O=example,C=US // quotes
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-emptydn1.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-emptydn1.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-emptydn1.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,14 @@
+# dc=example,dc=com naming context
+dn: dc=example,dc=com
+objectClass: domain
+objectClass: domainRelatedObject
+dc: example
+associatedDomain: example.com
+
+dn: cn=Geographical Naming Contexts,dc=example,dc=com
+objectClass: groupOfNames
+cn: Geographical Naming Contexts
+member: o=Example,c=US
+member: o=Example,c=UK
+member: o=Esempio,c=IT
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-emptydn2.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-emptydn2.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-emptydn2.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,39 @@
+# geographical naming contexts
+dn: c=US
+objectClass: country
+c: US
+
+dn: o=Example,c=US
+objectClass: organization
+o: Example
+o: Example, Inc.
+
+dn: c=UK
+objectClass: country
+c: UK
+
+dn: o=Example,c=UK
+objectClass: organization
+o: Example
+o: Example, Ltd.
+
+dn: c=IT
+objectClass: country
+c: IT
+
+dn: o=Esempio,c=IT
+objectClass: organization
+o: Esempio
+o: Esempio S.p.A.
+o: Example
+
+dn: c=DE
+objectClass: country
+c: DE
+
+dn: o=Beispiel,c=DE
+objectClass: organization
+o: Beispiel
+o: Beispiel GmbH
+o: Example
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-glued.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-glued.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-glued.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,410 @@
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-idassert1.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-idassert1.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-idassert1.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,67 @@
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: People
+
+dn: uid=bjorn,ou=People,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Bjorn Jensen
+sn: Jensen
+uid: bjorn
+userPassword:: Ympvcm4=
+mail: bjorn at example.com
+description: ***
+authzFrom: dn.exact:uid=jaj,o=Example,c=US
+authzFrom: dn.subtree:ou=People,dc=example,dc=it
+
+dn: uid=bjensen,ou=People,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Barbara Jensen
+sn: Jensen
+uid: bjensen
+userPassword:: YmplbnNlbg==
+mail: bjensen at example.com
+description: ***
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: cn=All,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: All
+member: uid=bjorn,ou=People,dc=example,dc=com
+member: uid=bjensen,ou=People,dc=example,dc=com
+
+dn: cn=Authorizable,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Authorizable
+member: uid=bjorn,ou=People,dc=example,dc=com
+
+dn: ou=Admin,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Admin
+
+dn: cn=Proxy US,ou=Admin,dc=example,dc=com
+objectClass: applicationProcess
+objectClass: simpleSecurityObject
+cn: Proxy US
+userPassword:: cHJveHk=
+authzTo: dn.subtree:ou=People,dc=example,dc=it
+
+dn: cn=Proxy IT,ou=Admin,dc=example,dc=com
+objectClass: applicationProcess
+objectClass: simpleSecurityObject
+cn: Proxy IT
+userPassword:: cHJveHk=
+authzTo: dn.exact:cn=Sandbox,ou=Admin,dc=example,dc=com
+authzTo: dn.exact:
+
+dn: cn=Sandbox,ou=Admin,dc=example,dc=com
+objectClass: applicationProcess
+cn: Sandbox
Added: openldap/vendor/openldap-2.3.35/tests/data/test-idassert2.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-idassert2.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-idassert2.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,27 @@
+dn: dc=example,dc=it
+objectClass: organization
+objectClass: dcObject
+o: Example
+o: Esempio S.p.A.
+dc: example
+
+dn: ou=People,dc=example,dc=it
+objectClass: organizationalUnit
+ou: People
+
+dn: uid=dots,ou=People,dc=example,dc=it
+objectClass: inetOrgPerson
+cn: Dorothy Stevens
+sn: Stevens
+uid: dots
+userPassword:: ZG90cw==
+mail: dots at example.it
+
+dn: uid=jaj,ou=People,dc=example,dc=it
+objectClass: inetOrgPerson
+cn: James A Jones 1
+sn: Jones
+uid: jaj
+userPassword:: amFq
+mail: jaj at example.it
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-lang.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-lang.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-lang.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,12 @@
+dn: dc=example,dc=com
+dc: example
+objectClass: organization
+objectClass: extensibleObject
+o: Example, Inc.
+o;lang-zz;lang-y;lang-yy;lang-xx;lang-x;lang-z: Example, Inc.
+name;lang-en-US: Billy Ray
+name;lang-en-US: Billy Bob
+CN;lang-en-US: Billy Ray
+name: Billy Ray
+SN;lang-en-US;lang-en-GB: Billy Ray
+SN: Ray
Added: openldap/vendor/openldap-2.3.35/tests/data/test-ldapglue.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-ldapglue.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-ldapglue.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,5 @@
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
Added: openldap/vendor/openldap-2.3.35/tests/data/test-ldapgluegroups.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-ldapgluegroups.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-ldapgluegroups.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,23 @@
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: cn=All,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: All
+member: uid=bjorn,ou=People,dc=example,dc=com
+member: uid=bjensen,ou=People,dc=example,dc=com
+
+dn: cn=ITD,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: ITD
+member: uid=bjorn,ou=People,dc=example,dc=com
+
+dn: uid=proxy,ou=Groups,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Proxy
+sn: Proxy
+uid: proxy
+userPassword:: cHJveHk=
+authzTo: dn:*
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-ldapgluepeople.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-ldapgluepeople.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-ldapgluepeople.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,28 @@
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: People
+
+dn: uid=bjorn,ou=People,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Bjorn Jensen
+sn: Jensen
+uid: bjorn
+userPassword:: Ympvcm4=
+mail: bjorn at example.com
+
+dn: uid=bjensen,ou=People,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Barbara Jensen
+sn: Jensen
+uid: bjensen
+userPassword:: YmplbnNlbg==
+mail: bjensen at example.com
+
+dn: uid=proxy,ou=People,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Proxy
+sn: Proxy
+uid: proxy
+userPassword:: cHJveHk=
+authzTo: dn:*
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-limits.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-limits.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-limits.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,137 @@
+#LEAD COMMENT
+dn: dc=example,dc=com
+#EMBEDDED COMMENT
+objectclass: top
+objectclass: organization
+objectclass: domainRelatedObject
+objectclass: dcobject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+description: Some example company at Anytown in Michigan
+postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephonenumber: +1 313 555 1817
+associateddomain: example.com
+
+dn: ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+ou: People
+
+dn: cn=Unlimited User,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Unlimited User
+sn: User
+uid: unlimited
+userpassword:: c2VjcmV0
+
+dn: cn=Soft Limited User,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Soft Limited User
+sn: User
+uid: softlimited
+userpassword:: c2VjcmV0
+
+dn: cn=Hard Limited User,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Hard Limited User
+sn: User
+uid: hardlimited
+userpassword:: c2VjcmV0
+
+dn: cn=Unchecked Limited User,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Unchecked Limited User
+sn: User
+uid: uncheckedlimited
+userpassword:: c2VjcmV0
+
+dn: cn=Other User,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Other User
+sn: User
+uid: other
+userpassword:: c2VjcmV0
+
+dn: cn=Foo User,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Foo User
+sn: User
+uid: foo
+userpassword:: c2VjcmV0
+
+dn: cn=Bar User,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Bar User
+sn: User
+uid: bar
+userpassword:: c2VjcmV0
+
+dn: cn=Unchecked Limited User 2,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Unchecked Limited User 2
+sn: User 2
+uid: uncheckedlimited2
+userpassword:: c2VjcmV0
+
+dn: ou=Groups,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Groups
+
+dn: cn=Unchecked Limited Users,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+objectClass: simpleSecurityObject
+cn: Unchecked Limited Users
+userpassword:: c2VjcmV0
+member: cn=Unchecked Limited User 2,ou=People,dc=example,dc=com
+
+dn: ou=Admin,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Admin
+
+dn: cn=Unchecked Limited User 3,ou=Admin,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Unchecked Limited User 3
+sn: User 3
+uid: uncheckedlimited3
+userpassword:: c2VjcmV0
+
+dn: cn=Special User,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Special User
+sn: User
+uid: special
+userpassword:: c2VjcmV0
+
+dn: ou=Paged Results Users,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Paged Results Users
+
+dn: cn=Unlimited User,ou=Paged Results Users,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Unlimited User
+sn: User
+uid: unlimited
+userpassword:: c2VjcmV0
+
+dn: cn=Page Size Limited User,ou=Paged Results Users,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Page Size Limited User
+sn: User
+uid: pagesizelimited
+userpassword:: c2VjcmV0
+
+dn: cn=Paged Results Disabled User,ou=Paged Results Users,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Paged Results Disabled User
+sn: User
+uid: pagedresultsdisabled
+userpassword:: c2VjcmV0
+
+dn: cn=Paged Results Limited User,ou=Paged Results Users,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Paged Results Limited User
+sn: User
+uid: pagedresultslimited
+userpassword:: c2VjcmV0
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-meta.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-meta.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-meta.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,24 @@
+dn: ou=Meta,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Meta
+
+dn: cn=John Belushi,ou=Meta,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: John Belushi
+sn: Belushi
+userPassword: jack
+description: Joliet Jack Blues
+
+dn: cn=Dan Aykroyd,ou=Meta,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Dan Aykroyd
+sn: Aykroyd
+userPassword: elwood
+description: Elwood Blues
+
+dn: cn=Somewhere,ou=Meta,dc=example,dc=com
+objectClass: referral
+objectClass: extensibleObject
+cn: Somewhere
+ref: ldap://localhost:9016
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-ordered-cp.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-ordered-cp.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-ordered-cp.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,16 @@
+#LEAD COMMENT
+dn: dc=example,dc=com
+dc: example
+#EMBEDDED COMMENT
+objectclass: organization
+objectclass: domainRelatedObject
+objectclass: dcobject
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephonenumber: +1 313 555 1817
+associateddomain: example.com
Added: openldap/vendor/openldap-2.3.35/tests/data/test-ordered-nocp.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-ordered-nocp.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-ordered-nocp.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,392 @@
+#LEAD COMMENT
+dn: ou=People,dc=example,dc=com
+#EMBEDDED COMMENT
+objectclass: organizationalUnit
+ou: People
+
+dn: ou=Groups,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Groups
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Alumni Association
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectclass: groupofnames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectclass: groupofnames
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectclass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postaladdress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homepostaladdress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homephone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimiletelephonenumber: +1 313 555 2274
+telephonenumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectclass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: Ympvcm4=
+homepostaladdress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postaladdress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homephone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimiletelephonenumber: +1 313 555 2177
+telephonenumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homepostaladdress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimiletelephonenumber: +1 313 555 3223
+telephonenumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homephone: +1 313 555 0454
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectclass: groupofuniquenames
+uniquemember: cn=Manager,dc=example,dc=com
+uniquemember: cn=Bjorn Jensen,OU=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniquemember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniquemember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: amFq
+homepostaladdress: 3882 Beverly Rd. $ Anytown, MI 48105
+homephone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimiletelephonenumber: +1 313 555 4332
+telephonenumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectclass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 933 Brooks $ Anytown, MI 48104
+homephone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postaladdress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimiletelephonenumber: +1 313 555 8688
+telephonenumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homephone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimiletelephonenumber: +1 313 555 2311
+telephonenumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homepostaladdress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homephone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimiletelephonenumber: +1 313 555 2756
+telephonenumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postaladdress: ITD $ 535 W. William $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homephone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimiletelephonenumber: +1 313 555 4544
+telephonenumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectclass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userpassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 199 Outer Drive $ Ypsilanti, MI 48198
+homephone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimiletelephonenumber: +1 313 555 7762
+telephonenumber: +1 313 555 4177
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homephone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimiletelephonenumber: +1 313 555 9700
+telephonenumber: +1 313 555 5331
Added: openldap/vendor/openldap-2.3.35/tests/data/test-ordered.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-ordered.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-ordered.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,411 @@
+#LEAD COMMENT
+dn: dc=example,dc=com
+#EMBEDDED COMMENT
+objectclass: top
+objectclass: organization
+objectclass: domainRelatedObject
+objectclass: dcobject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephonenumber: +1 313 555 1817
+associateddomain: example.com
+
+dn: ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: ou=Groups,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Groups
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Alumni Association
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectclass: groupofnames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectclass: groupofnames
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectclass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postaladdress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homepostaladdress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homephone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimiletelephonenumber: +1 313 555 2274
+telephonenumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectclass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: Ympvcm4=
+homepostaladdress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postaladdress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homephone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimiletelephonenumber: +1 313 555 2177
+telephonenumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homepostaladdress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimiletelephonenumber: +1 313 555 3223
+telephonenumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homephone: +1 313 555 0454
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectclass: groupofuniquenames
+uniquemember: cn=Manager,dc=example,dc=com
+uniquemember: cn=Bjorn Jensen,OU=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniquemember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniquemember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: amFq
+homepostaladdress: 3882 Beverly Rd. $ Anytown, MI 48105
+homephone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimiletelephonenumber: +1 313 555 4332
+telephonenumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectclass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 933 Brooks $ Anytown, MI 48104
+homephone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postaladdress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimiletelephonenumber: +1 313 555 8688
+telephonenumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homephone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimiletelephonenumber: +1 313 555 2311
+telephonenumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homepostaladdress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homephone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimiletelephonenumber: +1 313 555 2756
+telephonenumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postaladdress: ITD $ 535 W. William $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homephone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimiletelephonenumber: +1 313 555 4544
+telephonenumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectclass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userpassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 199 Outer Drive $ Ypsilanti, MI 48198
+homephone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimiletelephonenumber: +1 313 555 7762
+telephonenumber: +1 313 555 4177
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homephone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimiletelephonenumber: +1 313 555 9700
+telephonenumber: +1 313 555 5331
Added: openldap/vendor/openldap-2.3.35/tests/data/test-refint.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-refint.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-refint.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,115 @@
+# base
+
+dn: o=refint
+objectClass: top
+objectClass: organization
+o: refint
+description: referential integrity test database
+
+# container
+
+dn: ou=users,o=refint
+objectClass: top
+objectClass: organizationalUnit
+ou: users
+description: container for test users
+
+# secretary
+dn: uid=alice,ou=users,o=refint
+objectClass: inetOrgPerson
+uid: alice
+sn: typist
+cn: alice
+businessCategory: test
+carLicense: ZOOM
+departmentNumber: 5151
+displayName: George
+employeeNumber: 6363
+employeeType: contractor
+givenName: Alice the Typist
+
+# manager
+dn: uid=george,ou=users,o=refint
+objectClass: inetOrgPerson
+uid: george
+sn: jungle
+cn: george
+businessCategory: test
+carLicense: SAMPLE
+departmentNumber: 6969
+displayName: George
+employeeNumber: 5150
+employeeType: contractor
+givenName: Big G
+
+dn: uid=dave,ou=users,o=refint
+objectClass: inetOrgPerson
+uid: dave
+sn: nothere
+cn: dave
+secretary: uid=george,ou=users,o=refint
+businessCategory: otest
+carLicense: ALGAE
+departmentNumber: 42
+displayName: Dave
+employeeNumber: 73
+employeeType: contractor
+givenName: Dave
+
+dn: uid=bob,ou=users,o=refint
+objectClass: inetOrgPerson
+uid: bob
+sn: bitchen
+cn: bob
+manager: uid=george,ou=users,o=refint
+businessCategory: rtest
+carLicense: SL49152
+departmentNumber: 42
+displayName: Bob
+employeeNumber: 38
+employeeType: contractor
+givenName: Bob
+
+dn: uid=bill,ou=users,o=refint
+objectClass: inetOrgPerson
+uid: bill
+sn: problem
+cn: bill
+businessCategory: otest
+manager: uid=george,ou=users,o=refint
+secretary: uid=alice,ou=users,o=refint
+carLicense: DRV818
+departmentNumber: 42
+displayName: Bill
+employeeNumber: 69
+employeeType: contractor
+givenName: Bill
+
+dn: uid=jorge,ou=users,o=refint
+objectClass: inetOrgPerson
+uid: jorge
+sn: burrito
+cn: jorge
+manager: uid=theman,ou=users,o=refint
+secretary: uid=alice,ou=users,o=refint
+businessCategory: rtest
+carLicense: CLA511
+departmentNumber: 42
+displayName: Jorge
+employeeNumber: 93
+employeeType: contractor
+givenName: Jorge
+
+dn: uid=richard,ou=users,o=refint
+objectClass: inetOrgPerson
+uid: richard
+sn: cranium
+cn: richard
+manager: uid=theman,ou=users,o=refint
+businessCategory: rtest
+carLicense: DHD722
+departmentNumber: 42
+displayName: Richard
+employeeNumber: 114
+employeeType: contractor
+givenName: Richard
Property changes on: openldap/vendor/openldap-2.3.35/tests/data/test-refint.ldif
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-translucent-add.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-translucent-add.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-translucent-add.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,10 @@
+dn: uid=danger,ou=users,o=translucent
+objectClass: inetOrgPerson
+uid: danger
+sn: danger
+cn: henry
+businessCategory: frontend-override
+carLicense: LIVID
+employeeType: special
+departmentNumber: 9999999
+roomNumber: 41L-535
Added: openldap/vendor/openldap-2.3.35/tests/data/test-translucent-config.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-translucent-config.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-translucent-config.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,26 @@
+# toplevel
+
+dn: o=translucent
+objectClass: top
+objectClass: organization
+o: translucent
+description: backend database root
+
+# backend OU
+
+dn: ou=users,o=translucent
+objectClass: top
+objectClass: organizationalUnit
+ou: users
+description: backend user container root
+
+# bind user for frontend connection
+
+dn: uid=binder,o=translucent
+objectClass: inetOrgPerson
+uid: binder
+sn: test
+cn: binder
+businessCategory: binder-test-user
+displayName: Binder Test User
+userPassword: bindtest
Added: openldap/vendor/openldap-2.3.35/tests/data/test-translucent-data.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-translucent-data.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-translucent-data.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,43 @@
+# typical user
+dn: uid=danger,ou=users,o=translucent
+objectClass: inetOrgPerson
+uid: danger
+sn: warning
+cn: danger
+businessCategory: backend-opaque
+initials: dw
+carLicense: BACK
+departmentNumber: 7341
+displayName: Warning
+employeeNumber: 5150
+employeeType: contractor
+givenName: Danger Warning
+
+# another example
+dn: uid=example,ou=users,o=translucent
+objectClass: inetOrgPerson
+uid: example
+sn: user
+cn: example
+businessCategory: backend-opaque
+carLicense: SAMPLE
+departmentNumber: 7341
+displayName: Example
+employeeNumber: 5150
+employeeType: fulltime
+givenName: Example User
+
+#
+dn: uid=fred,ou=users,o=translucent
+objectClass: inetOrgPerson
+uid: fred
+sn: said
+cn: said
+businessCategory: backend-opaque
+carLicense: RIGHT
+departmentNumber: 9919
+displayName: Right Said Fred
+employeeNumber: 44199
+employeeType: fulltime
+givenName: Right Said
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-translucent-merged.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-translucent-merged.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-translucent-merged.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,41 @@
+dn: uid=danger,ou=users,o=translucent
+objectClass: inetOrgPerson
+uid: danger
+sn: danger
+cn: henry
+businessCategory: frontend-override
+initials: dw
+carLicense: LIVID
+departmentNumber: 9999999
+displayName: Warning
+employeeNumber: 5150
+employeeType: special
+givenName: Danger Warning
+roomNumber: 41L-535
+
+dn: uid=example,ou=users,o=translucent
+objectClass: inetOrgPerson
+uid: example
+sn: user
+cn: example
+businessCategory: backend-opaque
+carLicense: SAMPLE
+departmentNumber: 7341
+displayName: Example
+employeeNumber: 5150
+employeeType: fulltime
+givenName: Example User
+
+dn: uid=fred,ou=users,o=translucent
+objectClass: inetOrgPerson
+uid: fred
+sn: said
+cn: said
+businessCategory: backend-opaque
+carLicense: RIGHT
+departmentNumber: 9919
+displayName: Right Said Fred
+employeeNumber: 44199
+employeeType: fulltime
+givenName: Right Said
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-unique.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-unique.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-unique.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,29 @@
+# base
+
+dn: o=unique
+objectClass: top
+objectClass: organization
+o: unique
+description: unique test database
+
+# container
+
+dn: ou=users,o=unique
+objectClass: top
+objectClass: organizationalUnit
+ou: users
+description: container for test users
+
+# manager
+dn: uid=george,ou=users,o=unique
+objectClass: inetOrgPerson
+uid: george
+sn: jungle
+cn: george
+businessCategory: test
+carLicense: SAMPLE
+departmentNumber: 6969
+displayName: George
+employeeNumber: 5150
+employeeType: contractor
+givenName: Big G
Property changes on: openldap/vendor/openldap-2.3.35/tests/data/test-unique.ldif
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-valsort.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-valsort.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-valsort.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,49 @@
+# base
+
+dn: o=valsort
+objectClass: top
+objectClass: organization
+o: valsort
+description: valsort test database
+
+# container
+
+dn: ou=users,o=valsort
+objectClass: top
+objectClass: organizationalUnit
+ou: users
+description: container for test valsort users
+
+# manager
+dn: uid=george,ou=users,o=valsort
+objectClass: OpenLDAPperson
+uid: george
+sn: jungle
+sn: alpha
+sn: zib
+sn: tree
+cn: george
+businessCategory: test
+carLicense: SAMPLE
+departmentNumber: 1
+departmentNumber: 5
+departmentNumber: 3
+departmentNumber: 10
+departmentNumber: 72
+departmentNumber: 37
+departmentNumber: 46
+displayName: George
+employeeNumber: 5150
+employeeType: {1}contractor
+employeeType: {1}staff
+employeeType: {1}anarchist
+givenName: Big G
+ou: {1}Chemistry
+ou: {8}Academia
+ou: {3}Hum Bio
+ou: {2}Computer Science
+mailPreferenceOption: 3
+mailPreferenceOption: 87
+mailPreferenceOption: 22
+mailPreferenceOption: 1
+mailPreferenceOption: 66
Property changes on: openldap/vendor/openldap-2.3.35/tests/data/test-valsort.ldif
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test-whoami.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test-whoami.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test-whoami.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,468 @@
+#LEAD COMMENT
+dn: dc=example,dc=com
+#EMBEDDED COMMENT
+objectclass: top
+objectclass: organization
+objectclass: domainRelatedObject
+objectclass: dcobject
+objectClass: simpleSecurityObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephonenumber: +1 313 555 1817
+associateddomain: example.com
+userpassword:: ZXhhbXBsZQ==
+authzTo: dn:
+
+dn: ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: ou=Groups,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Groups
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Alumni Association
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectclass: groupofnames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectclass: groupofnames
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectclass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postaladdress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homepostaladdress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homephone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimiletelephonenumber: +1 313 555 2274
+telephonenumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectclass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: Ympvcm4=
+homepostaladdress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postaladdress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homephone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimiletelephonenumber: +1 313 555 2177
+telephonenumber: +1 313 555 0355
+authzFrom: dn.exact:cn=Barbara Jensen,ou=Information Technology Division,ou=Pe
+ ople,dc=example,dc=com
+authzFrom: u:melliot
+authzFrom: ldap:///ou=People,dc=example,dc=com??sub?(|(cn=Jane Doe)
+ (cn=Jennifer Smith))
+authzFrom: group/groupOfUniqueNames/uniqueMember:cn=ITD Staff,ou=Groups,dc=exa
+ mple,dc=com
+authzFrom: dn.onelevel:ou=Information Technology Division,ou=People,dc=example,dc=com
+authzFrom: dn.regex:^cn=Dorothy.*dc=example,dc=com$
+authzFrom: dn.children:ou=Alumni Association,ou=People,dc=example
+ ,dc=com
+authzFrom: dn.subtree:ou=Groups,dc=example,dc=com
+authzTo: dn.exact:cn=Barbara Jensen,ou=Information Technology Division,ou=Peop
+ le,dc=example,dc=com
+authzTo: u:melliot
+authzTo: ldap:///ou=People,dc=example,dc=com??sub?cn=Jane Doe
+authzTo: group/groupOfUniqueNames/uniqueMember:cn=ITD Staff,ou=Groups,dc=examp
+ le,dc=com
+authzTo: dn.onelevel:ou=Information Technology Division,ou=People,dc=example,dc=com
+authzTo: dn.regex:^cn=Dorothy.*dc=example,dc=com$
+authzTo: dn.children:ou=Alumni Association,ou=People,dc=example,dc=com
+authzTo: dn.subtree:ou=Groups,dc=example,dc=com
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homepostaladdress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimiletelephonenumber: +1 313 555 3223
+telephonenumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homephone: +1 313 555 0454
+userpassword:: ZG90cw==
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectclass: groupofuniquenames
+objectclass: simplesecurityobject
+uniquemember: cn=Manager,dc=example,dc=com
+uniquemember: cn=Bjorn Jensen,OU=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniquemember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniquemember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+userpassword:: SVRE
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: amFq
+homepostaladdress: 3882 Beverly Rd. $ Anytown, MI 48105
+homephone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimiletelephonenumber: +1 313 555 4332
+telephonenumber: +1 313 555 0895
+userpassword:: amFq
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectclass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 933 Brooks $ Anytown, MI 48104
+homephone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postaladdress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimiletelephonenumber: +1 313 555 8688
+telephonenumber: +1 313 555 7334
+userpassword:: ampvbmVz
+
+dn: cn=No One,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: No One
+sn: One
+uid: noone
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: bm9vbmU=
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homephone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimiletelephonenumber: +1 313 555 2311
+telephonenumber: +1 313 555 4774
+userpassword:: amRvZQ==
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homepostaladdress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homephone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimiletelephonenumber: +1 313 555 2756
+telephonenumber: +1 313 555 8232
+userpassword:: amVu
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postaladdress: ITD $ 535 W. William $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homephone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimiletelephonenumber: +1 313 555 4544
+telephonenumber: +1 313 555 9394
+userpassword:: am9obmQ=
+
+dn: cn=Manager,dc=example,dc=com
+objectclass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userpassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 199 Outer Drive $ Ypsilanti, MI 48198
+homephone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimiletelephonenumber: +1 313 555 7762
+telephonenumber: +1 313 555 4177
+userpassword:: bWVsbGlvdA==
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homephone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimiletelephonenumber: +1 313 555 9700
+telephonenumber: +1 313 555 5331
+
+dn: cn=Must Fail,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Must Fail
+sn: Fail
+uid: fail
+userpassword:: ZmFpbA==
+
+dn: cn=Should Fail,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Should Fail
+sn: Fail
+uid: fail
+userpassword:: ZmFpbA==
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test.ldif
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test.ldif (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test.ldif 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,412 @@
+#LEAD COMMENT
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+#EMBEDDED COMMENT
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen at mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn at mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots at mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj at mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones at mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe at woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen at mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd at mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot at mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham at mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
Added: openldap/vendor/openldap-2.3.35/tests/data/test.schema
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/test.schema (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/test.schema 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,69 @@
+# OpenLDAP Test schema
+# $OpenLDAP: pkg/ldap/tests/data/test.schema,v 1.1.2.7 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# For testing purposes only.
+
+# For Attribute Aliasing.
+attributetype ( 1.3.6.1.4.1.4203.666.1.34
+ NAME 'x509CertificateIssuer'
+ EQUALITY distinguishedNameMatch
+ DESC 'Aliasing attribute: Issuer, use'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 1.3.6.1.4.1.4203.666.1.35
+ NAME 'x509CertificateSerial'
+ DESC 'Aliasing attribute: Serial, use'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.4203.666.1.36
+ NAME 'x509CertificateSerialAndIssuer'
+ DESC 'Aliasing attribute: Serial and Issuer together, use'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.2.826.0.1.3344810.7.1 )
+
+# generalized time testing
+attributetype ( 1.3.6.1.4.1.4203.666.1.37
+ name 'testTime'
+ equality generalizedTimeMatch
+ ordering generalizedTimeOrderingMatch
+ syntax 1.3.6.1.4.1.1466.115.121.1.24
+ single-value )
+
+# for UUID testing
+attributetype ( 1.3.6.1.4.1.4203.666.1.56
+ name 'testUUID'
+ equality UUIDMatch
+ ordering UUIDOrderingMatch
+ syntax 1.3.6.1.1.16.1 )
+
+# for obsolete testing
+attributetype ( 1.3.6.1.4.1.4203.666.1.38
+ name 'testObsolete'
+ obsolete
+ equality booleanMatch
+ syntax 1.3.6.1.4.1.1466.115.121.1.7
+ single-value )
+
+objectClass ( 1.3.6.1.4.1.4203.666.3.15
+ name 'testPerson' sup OpenLDAPperson
+ may testTime )
+
+objectClass ( 1.3.6.1.3.1.4203.666.3.16
+ name 'obsoletePerson'
+ obsolete auxiliary
+ may ( testObsolete ) )
+
Added: openldap/vendor/openldap-2.3.35/tests/data/valsort1.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/valsort1.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/valsort1.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,45 @@
+dn: o=valsort
+objectClass: top
+objectClass: organization
+o: valsort
+description: valsort test database
+
+dn: ou=users,o=valsort
+objectClass: top
+objectClass: organizationalUnit
+ou: users
+description: container for test valsort users
+
+dn: uid=george,ou=users,o=valsort
+objectClass: OpenLDAPperson
+uid: george
+sn: alpha
+sn: jungle
+sn: tree
+sn: zib
+cn: george
+businessCategory: test
+carLicense: SAMPLE
+departmentNumber: 1
+departmentNumber: 10
+departmentNumber: 3
+departmentNumber: 37
+departmentNumber: 46
+departmentNumber: 5
+departmentNumber: 72
+displayName: George
+employeeNumber: 5150
+employeeType: anarchist
+employeeType: contractor
+employeeType: staff
+givenName: Big G
+ou: Chemistry
+ou: Computer Science
+ou: Hum Bio
+ou: Academia
+mailPreferenceOption: 1
+mailPreferenceOption: 3
+mailPreferenceOption: 22
+mailPreferenceOption: 66
+mailPreferenceOption: 87
+
Property changes on: openldap/vendor/openldap-2.3.35/tests/data/valsort1.out
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/data/valsort2.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/valsort2.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/valsort2.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,45 @@
+dn: o=valsort
+objectClass: top
+objectClass: organization
+o: valsort
+description: valsort test database
+
+dn: ou=users,o=valsort
+objectClass: top
+objectClass: organizationalUnit
+ou: users
+description: container for test valsort users
+
+dn: uid=george,ou=users,o=valsort
+objectClass: OpenLDAPperson
+uid: george
+sn: zib
+sn: tree
+sn: jungle
+sn: alpha
+cn: george
+businessCategory: test
+carLicense: SAMPLE
+departmentNumber: 72
+departmentNumber: 5
+departmentNumber: 46
+departmentNumber: 37
+departmentNumber: 3
+departmentNumber: 10
+departmentNumber: 1
+displayName: George
+employeeNumber: 5150
+employeeType: staff
+employeeType: contractor
+employeeType: anarchist
+givenName: Big G
+ou: Chemistry
+ou: Computer Science
+ou: Hum Bio
+ou: Academia
+mailPreferenceOption: 87
+mailPreferenceOption: 66
+mailPreferenceOption: 22
+mailPreferenceOption: 3
+mailPreferenceOption: 1
+
Property changes on: openldap/vendor/openldap-2.3.35/tests/data/valsort2.out
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/data/valsort3.out
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/data/valsort3.out (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/data/valsort3.out 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,61 @@
+dn: o=valsort
+objectClass: top
+objectClass: organization
+o: valsort
+description: valsort test database
+
+dn: ou=users,o=valsort
+objectClass: top
+objectClass: organizationalUnit
+ou: users
+description: container for test valsort users
+
+dn: uid=george,ou=users,o=valsort
+objectClass: OpenLDAPperson
+uid: george
+sn: zib
+sn: tree
+sn: jungle
+sn: alpha
+cn: george
+businessCategory: test
+carLicense: SAMPLE
+departmentNumber: 72
+departmentNumber: 5
+departmentNumber: 46
+departmentNumber: 37
+departmentNumber: 3
+departmentNumber: 10
+departmentNumber: 1
+displayName: George
+employeeNumber: 5150
+employeeType: staff
+employeeType: contractor
+employeeType: anarchist
+givenName: Big G
+ou: Chemistry
+ou: Computer Science
+ou: Hum Bio
+ou: Academia
+mailPreferenceOption: 87
+mailPreferenceOption: 66
+mailPreferenceOption: 22
+mailPreferenceOption: 3
+mailPreferenceOption: 1
+
+dn: uid=dave,ou=users,o=valsort
+objectClass: OpenLDAPperson
+uid: dave
+sn: nothere
+cn: dave
+businessCategory: otest
+carLicense: TEST
+departmentNumber: 42
+displayName: Dave
+employeeNumber: 69
+employeeType: contractor
+givenName: Dave
+ou: Test
+ou: Is
+ou: Okay
+
Property changes on: openldap/vendor/openldap-2.3.35/tests/data/valsort3.out
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/progs/Makefile.in
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/progs/Makefile.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/progs/Makefile.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,52 @@
+## Makefile.in for test programs
+# $OpenLDAP: pkg/ldap/tests/progs/Makefile.in,v 1.18.2.4 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+PROGRAMS = slapd-tester slapd-search slapd-read slapd-addel slapd-modrdn \
+ slapd-modify slapd-bind
+
+SRCS = slapd-tester.c slapd-search.c slapd-read.c slapd-addel.c \
+ slapd-modrdn.c slapd-modify.c slapd-bind.c
+
+LDAP_INCDIR= ../../include
+LDAP_LIBDIR= ../../libraries
+
+XLIBS = $(LDAP_LIBLDAP_LA) $(LDAP_LIBLBER_LA) $(LDAP_LIBLUTIL_A)
+XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS)
+
+# build-tools: FORCE
+# $(MAKE) $(MFLAGS) load-tools
+
+# load-tools: $(PROGRAMS)
+
+slapd-tester: slapd-tester.o $(XLIBS)
+ $(LTLINK) -o $@ slapd-tester.o $(LIBS)
+
+slapd-search: slapd-search.o $(XLIBS)
+ $(LTLINK) -o $@ slapd-search.o $(LIBS)
+
+slapd-read: slapd-read.o $(XLIBS)
+ $(LTLINK) -o $@ slapd-read.o $(LIBS)
+
+slapd-addel: slapd-addel.o $(XLIBS)
+ $(LTLINK) -o $@ slapd-addel.o $(LIBS)
+
+slapd-modrdn: slapd-modrdn.o $(XLIBS)
+ $(LTLINK) -o $@ slapd-modrdn.o $(LIBS)
+
+slapd-modify: slapd-modify.o $(XLIBS)
+ $(LTLINK) -o $@ slapd-modify.o $(LIBS)
+
+slapd-bind: slapd-bind.o $(XLIBS)
+ $(LTLINK) -o $@ slapd-bind.o $(LIBS)
Added: openldap/vendor/openldap-2.3.35/tests/progs/slapd-addel.c
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/progs/slapd-addel.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/progs/slapd-addel.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,411 @@
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-addel.c,v 1.27.2.9 2007/01/02 21:44:12 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Kurt Spanier for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/param.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/wait.h>
+
+#define LDAP_DEPRECATED 1
+#include <ldap.h>
+#include <lutil.h>
+
+#define LOOPS 100
+#define RETRIES 0
+
+static char *
+get_add_entry( char *filename, LDAPMod ***mods );
+
+static void
+do_addel( char *uri, char *host, int port, char *manager, char *passwd,
+ char *dn, LDAPMod **attrs, int maxloop, int maxretries, int delay,
+ int friendly );
+
+static void
+usage( char *name )
+{
+ fprintf( stderr,
+ "usage: %s "
+ "-H <uri> | ([-h <host>] -p <port>) "
+ "-D <manager> "
+ "-w <passwd> "
+ "-f <addfile> "
+ "[-l <loops>] "
+ "[-r <maxretries>] "
+ "[-t <delay>] "
+ "[-F]\n",
+ name );
+ exit( EXIT_FAILURE );
+}
+
+int
+main( int argc, char **argv )
+{
+ int i;
+ char *host = "localhost";
+ char *uri = NULL;
+ int port = -1;
+ char *manager = NULL;
+ char *passwd = NULL;
+ char *filename = NULL;
+ char *entry = NULL;
+ int loops = LOOPS;
+ int retries = RETRIES;
+ int delay = 0;
+ int friendly = 0;
+ LDAPMod **attrs = NULL;
+
+ while ( (i = getopt( argc, argv, "FH:h:p:D:w:f:l:r:t:" )) != EOF ) {
+ switch( i ) {
+ case 'F':
+ friendly++;
+ break;
+
+ case 'H': /* the server's URI */
+ uri = strdup( optarg );
+ break;
+
+ case 'h': /* the servers host */
+ host = strdup( optarg );
+ break;
+
+ case 'p': /* the servers port */
+ if ( lutil_atoi( &port, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 'D': /* the servers manager */
+ manager = strdup( optarg );
+ break;
+
+ case 'w': /* the server managers password */
+ passwd = strdup( optarg );
+ break;
+
+ case 'f': /* file with entry search request */
+ filename = strdup( optarg );
+ break;
+
+ case 'l': /* the number of loops */
+ if ( lutil_atoi( &loops, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 'r': /* number of retries */
+ if ( lutil_atoi( &retries, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 't': /* delay in seconds */
+ if ( lutil_atoi( &delay, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ default:
+ usage( argv[0] );
+ break;
+ }
+ }
+
+ if (( filename == NULL ) || ( port == -1 && uri == NULL ) ||
+ ( manager == NULL ) || ( passwd == NULL ))
+ usage( argv[0] );
+
+ entry = get_add_entry( filename, &attrs );
+ if (( entry == NULL ) || ( *entry == '\0' )) {
+
+ fprintf( stderr, "%s: invalid entry DN in file \"%s\".\n",
+ argv[0], filename );
+ exit( EXIT_FAILURE );
+
+ }
+
+ if (( attrs == NULL ) || ( *attrs == '\0' )) {
+
+ fprintf( stderr, "%s: invalid attrs in file \"%s\".\n",
+ argv[0], filename );
+ exit( EXIT_FAILURE );
+
+ }
+
+ do_addel( uri, host, port, manager, passwd, entry, attrs,
+ loops, retries, delay, friendly );
+
+ exit( EXIT_SUCCESS );
+}
+
+
+static void
+addmodifyop( LDAPMod ***pmodsp, int modop, char *attr, char *value, int vlen )
+{
+ LDAPMod **pmods;
+ int i, j;
+ struct berval *bvp;
+
+ pmods = *pmodsp;
+ modop |= LDAP_MOD_BVALUES;
+
+ i = 0;
+ if ( pmods != NULL ) {
+ for ( ; pmods[ i ] != NULL; ++i ) {
+ if ( strcasecmp( pmods[ i ]->mod_type, attr ) == 0 &&
+ pmods[ i ]->mod_op == modop ) {
+ break;
+ }
+ }
+ }
+
+ if ( pmods == NULL || pmods[ i ] == NULL ) {
+ if (( pmods = (LDAPMod **)realloc( pmods, (i + 2) *
+ sizeof( LDAPMod * ))) == NULL ) {
+ perror( "realloc" );
+ exit( EXIT_FAILURE );
+ }
+ *pmodsp = pmods;
+ pmods[ i + 1 ] = NULL;
+ if (( pmods[ i ] = (LDAPMod *)calloc( 1, sizeof( LDAPMod )))
+ == NULL ) {
+ perror( "calloc" );
+ exit( EXIT_FAILURE );
+ }
+ pmods[ i ]->mod_op = modop;
+ if (( pmods[ i ]->mod_type = strdup( attr )) == NULL ) {
+ perror( "strdup" );
+ exit( EXIT_FAILURE );
+ }
+ }
+
+ if ( value != NULL ) {
+ j = 0;
+ if ( pmods[ i ]->mod_bvalues != NULL ) {
+ for ( ; pmods[ i ]->mod_bvalues[ j ] != NULL; ++j ) {
+ ;
+ }
+ }
+ if (( pmods[ i ]->mod_bvalues =
+ (struct berval **)ber_memrealloc( pmods[ i ]->mod_bvalues,
+ (j + 2) * sizeof( struct berval * ))) == NULL ) {
+ perror( "ber_realloc" );
+ exit( EXIT_FAILURE );
+ }
+ pmods[ i ]->mod_bvalues[ j + 1 ] = NULL;
+ if (( bvp = (struct berval *)ber_memalloc( sizeof( struct berval )))
+ == NULL ) {
+ perror( "malloc" );
+ exit( EXIT_FAILURE );
+ }
+ pmods[ i ]->mod_bvalues[ j ] = bvp;
+
+ bvp->bv_len = vlen;
+ if (( bvp->bv_val = (char *)malloc( vlen + 1 )) == NULL ) {
+ perror( "malloc" );
+ exit( EXIT_FAILURE );
+ }
+ AC_MEMCPY( bvp->bv_val, value, vlen );
+ bvp->bv_val[ vlen ] = '\0';
+ }
+}
+
+
+static char *
+get_add_entry( char *filename, LDAPMod ***mods )
+{
+ FILE *fp;
+ char *entry = NULL;
+
+ if ( (fp = fopen( filename, "r" )) != NULL ) {
+ char line[BUFSIZ];
+
+ if ( fgets( line, BUFSIZ, fp )) {
+ char *nl;
+
+ if (( nl = strchr( line, '\r' )) || ( nl = strchr( line, '\n' )))
+ *nl = '\0';
+ entry = strdup( line );
+
+ }
+
+ while ( fgets( line, BUFSIZ, fp )) {
+ char *nl;
+ char *value;
+
+ if (( nl = strchr( line, '\r' )) || ( nl = strchr( line, '\n' )))
+ *nl = '\0';
+
+ if ( *line == '\0' ) break;
+ if ( !( value = strchr( line, ':' ))) break;
+
+ *value++ = '\0';
+ while ( *value && isspace( (unsigned char) *value ))
+ value++;
+
+ addmodifyop( mods, LDAP_MOD_ADD, line, value, strlen( value ));
+
+ }
+ fclose( fp );
+ }
+
+ return( entry );
+}
+
+
+static void
+do_addel(
+ char *uri,
+ char *host,
+ int port,
+ char *manager,
+ char *passwd,
+ char *entry,
+ LDAPMod **attrs,
+ int maxloop,
+ int maxretries,
+ int delay,
+ int friendly
+)
+{
+ LDAP *ld = NULL;
+ int i = 0, do_retry = maxretries;
+ pid_t pid = getpid();
+ int rc = LDAP_SUCCESS;
+
+retry:;
+ if ( uri ) {
+ ldap_initialize( &ld, uri );
+ } else {
+ ld = ldap_init( host, port );
+ }
+ if ( ld == NULL ) {
+ perror( "ldap_init" );
+ exit( EXIT_FAILURE );
+ }
+
+ {
+ int version = LDAP_VERSION3;
+ (void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
+ &version );
+ }
+
+ if ( do_retry == maxretries ) {
+ fprintf( stderr, "PID=%ld - Add/Delete(%d): entry=\"%s\".\n",
+ (long) pid, maxloop, entry );
+ }
+
+ rc = ldap_bind_s( ld, manager, passwd, LDAP_AUTH_SIMPLE );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_bind" );
+ switch ( rc ) {
+ case LDAP_BUSY:
+ case LDAP_UNAVAILABLE:
+ if ( do_retry > 0 ) {
+ do_retry--;
+ if ( delay != 0 ) {
+ sleep( delay );
+ }
+ goto retry;
+ }
+ /* fallthru */
+ default:
+ break;
+ }
+ exit( EXIT_FAILURE );
+ }
+
+ for ( ; i < maxloop; i++ ) {
+
+ /* add the entry */
+ rc = ldap_add_s( ld, entry, attrs );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_add" );
+ switch ( rc ) {
+ case LDAP_ALREADY_EXISTS:
+ /* NOTE: this likely means
+ * the delete failed
+ * during the previous round... */
+ if ( !friendly ) {
+ goto done;
+ }
+ break;
+
+ case LDAP_BUSY:
+ case LDAP_UNAVAILABLE:
+ if ( do_retry > 0 ) {
+ do_retry--;
+ goto retry;
+ }
+ /* fall thru */
+
+ default:
+ goto done;
+ }
+ }
+
+#if 0
+ /* wait a second for the add to really complete */
+ /* This masks some race conditions though. */
+ sleep( 1 );
+#endif
+
+ /* now delete the entry again */
+ rc = ldap_delete_s( ld, entry );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_delete" );
+ switch ( rc ) {
+ case LDAP_NO_SUCH_OBJECT:
+ /* NOTE: this likely means
+ * the add failed
+ * during the previous round... */
+ if ( !friendly ) {
+ goto done;
+ }
+ break;
+
+ case LDAP_BUSY:
+ case LDAP_UNAVAILABLE:
+ if ( do_retry > 0 ) {
+ do_retry--;
+ goto retry;
+ }
+ /* fall thru */
+
+ default:
+ goto done;
+ }
+ }
+ }
+
+done:;
+ fprintf( stderr, " PID=%ld - Add/Delete done (%d).\n", (long) pid, rc );
+
+ ldap_unbind( ld );
+}
+
+
Added: openldap/vendor/openldap-2.3.35/tests/progs/slapd-bind.c
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/progs/slapd-bind.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/progs/slapd-bind.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,307 @@
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-bind.c,v 1.2.2.5 2007/01/02 21:44:12 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/time.h>
+
+#include <ac/ctype.h>
+#include <ac/param.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/wait.h>
+#include <ac/time.h>
+
+#define LDAP_DEPRECATED 1
+#include <ldap.h>
+#include <lutil.h>
+
+#define LOOPS 100
+
+static int
+do_bind( char *uri, char *host, int port, char *dn, char *pass, int maxloop,
+ int force );
+
+static int
+do_base( char *uri, char *host, int port, char *base, char *pass, int maxloop,
+ int force );
+
+/* This program can be invoked two ways: if -D is used to specify a Bind DN,
+ * that DN will be used repeatedly for all of the Binds. If instead -b is used
+ * to specify a base DN, a search will be done for all "person" objects under
+ * that base DN. Then DNs from this list will be randomly selected for each
+ * Bind request. All of the users must have identical passwords. Also it is
+ * assumed that the users are all onelevel children of the base.
+ */
+static void
+usage( char *name )
+{
+ fprintf( stderr, "usage: %s [-h <host>] -p port (-D <dn>|-b <baseDN> [-f <searchfilter>]) -w <passwd> [-l <loops>] [-F]\n",
+ name );
+ exit( EXIT_FAILURE );
+}
+
+static char *filter = "(objectClass=person)";
+
+int
+main( int argc, char **argv )
+{
+ int i;
+ char *uri = NULL;
+ char *host = "localhost";
+ char *dn = NULL;
+ char *base = NULL;
+ char *pass = NULL;
+ int port = -1;
+ int loops = LOOPS;
+ int force = 0;
+
+ while ( (i = getopt( argc, argv, "b:H:h:p:D:w:l:f:F" )) != EOF ) {
+ switch( i ) {
+ case 'b': /* base DN of a tree of user DNs */
+ base = strdup( optarg );
+ break;
+
+ case 'H': /* the server uri */
+ uri = strdup( optarg );
+ break;
+ case 'h': /* the servers host */
+ host = strdup( optarg );
+ break;
+
+ case 'p': /* the servers port */
+ if ( lutil_atoi( &port, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 'D':
+ dn = strdup( optarg );
+ break;
+
+ case 'w':
+ pass = strdup( optarg );
+ break;
+
+ case 'l': /* the number of loops */
+ if ( lutil_atoi( &loops, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 'f':
+ filter = optarg;
+ break;
+
+ case 'F':
+ force = 1;
+ break;
+
+ default:
+ usage( argv[0] );
+ break;
+ }
+ }
+
+ if ( port == -1 && uri == NULL )
+ usage( argv[0] );
+
+ if ( base )
+ do_base( uri, host, port, base, pass, ( 20 * loops ), force );
+ else
+ do_bind( uri, host, port, dn, pass, ( 20 * loops ), force );
+ exit( EXIT_SUCCESS );
+}
+
+
+static int
+do_bind( char *uri, char *host, int port, char *dn, char *pass, int maxloop,
+ int force )
+{
+ LDAP *ld = NULL;
+ int i, rc = -1;
+ pid_t pid = getpid();
+
+ if ( maxloop > 1 )
+ fprintf( stderr, "PID=%ld - Bind(%d): dn=\"%s\".\n",
+ (long) pid, maxloop, dn );
+
+ for ( i = 0; i < maxloop; i++ ) {
+ if ( uri ) {
+ ldap_initialize( &ld, uri );
+ } else {
+ ld = ldap_init( host, port );
+ }
+ if ( ld == NULL ) {
+ perror( "ldap_init" );
+ rc = -1;
+ break;
+ }
+
+ {
+ int version = LDAP_VERSION3;
+ (void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
+ &version );
+ }
+
+ rc = ldap_bind_s( ld, dn, pass, LDAP_AUTH_SIMPLE );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_bind" );
+ }
+ ldap_unbind( ld );
+ if ( rc != LDAP_SUCCESS && !force ) {
+ break;
+ }
+ }
+
+ if ( maxloop > 1 )
+ fprintf( stderr, " PID=%ld - Bind done.\n", (long) pid );
+
+ return rc;
+}
+
+
+static int
+do_base( char *uri, char *host, int port, char *base, char *pass, int maxloop,
+ int force )
+{
+ LDAP *ld = NULL;
+ int i = 0;
+ pid_t pid = getpid();
+ int rc = LDAP_SUCCESS;
+ ber_int_t msgid;
+ LDAPMessage *res, *msg;
+ char **rdns = NULL;
+ char *attrs[] = { "dn", NULL };
+ int nrdns = 0;
+#ifdef _WIN32
+ DWORD beg, end;
+#else
+ struct timeval beg, end;
+#endif
+
+ srand(pid);
+
+ if ( uri ) {
+ ldap_initialize( &ld, uri );
+ } else {
+ ld = ldap_init( host, port );
+ }
+ if ( ld == NULL ) {
+ perror( "ldap_init" );
+ exit( EXIT_FAILURE );
+ }
+
+ {
+ int version = LDAP_VERSION3;
+ (void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
+ &version );
+ }
+ (void) ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
+
+ rc = ldap_bind_s( ld, NULL, NULL, LDAP_AUTH_SIMPLE );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_bind" );
+ exit( EXIT_FAILURE );
+ }
+
+ rc = ldap_search_ext( ld, base, LDAP_SCOPE_ONE,
+ filter, attrs, 0, NULL, NULL, 0, 0, &msgid );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_search_ex" );
+ exit( EXIT_FAILURE );
+ }
+
+ while (( rc=ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ONE, NULL, &res )) >0){
+ BerElement *ber;
+ struct berval bv;
+ char *ptr;
+ int done = 0;
+
+ for (msg = ldap_first_message( ld, res ); msg;
+ msg = ldap_next_message( ld, msg )) {
+ switch ( ldap_msgtype( msg )) {
+ case LDAP_RES_SEARCH_ENTRY:
+ rc = ldap_get_dn_ber( ld, msg, &ber, &bv );
+ ptr = strchr( bv.bv_val, ',');
+ i = ptr-bv.bv_val;
+ rdns = realloc( rdns, (nrdns+1)*sizeof(char *));
+ rdns[nrdns] = malloc( i+1 );
+ strncpy(rdns[nrdns], bv.bv_val, i );
+ rdns[nrdns][i] = '\0';
+ nrdns++;
+ ber_free( ber, 0 );
+ break;
+ case LDAP_RES_SEARCH_RESULT:
+ done = 1;
+ break;
+ }
+ if ( done )
+ break;
+ }
+ ldap_msgfree( res );
+ if ( done ) break;
+ }
+ ldap_unbind( ld );
+
+#ifdef _WIN32
+ beg = GetTickCount();
+#else
+ gettimeofday( &beg, NULL );
+#endif
+
+ if ( nrdns == 0 ) {
+ fprintf( stderr, "No RDNs.\n" );
+ return 1;
+ }
+
+ /* Ok, got list of RDNs, now start binding to each */
+ for (i=0; i<maxloop; i++) {
+ char dn[BUFSIZ], *ptr;
+ int j = rand() % nrdns;
+ ptr = lutil_strcopy(dn, rdns[j]);
+ *ptr++ = ',';
+ strcpy(ptr, base);
+ if ( do_bind( uri, host, port, dn, pass, 1, force ) && !force )
+ break;
+ }
+#ifdef _WIN32
+ end = GetTickCount();
+ end -= beg;
+
+ fprintf( stderr, "Done %d Binds in %d.%03d seconds.\n", i,
+ end / 1000, end % 1000 );
+#else
+ gettimeofday( &end, NULL );
+ end.tv_usec -= beg.tv_usec;
+ if (end.tv_usec < 0 ) {
+ end.tv_usec += 1000000;
+ end.tv_sec -= 1;
+ }
+ end.tv_sec -= beg.tv_sec;
+
+ fprintf( stderr, "Done %d Binds in %ld.%06ld seconds.\n", i,
+ (long) end.tv_sec, (long) end.tv_usec );
+#endif
+ return 0;
+}
Added: openldap/vendor/openldap-2.3.35/tests/progs/slapd-modify.c
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/progs/slapd-modify.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/progs/slapd-modify.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,296 @@
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-modify.c,v 1.3.2.10 2007/01/02 21:44:12 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/param.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/wait.h>
+
+#define LDAP_DEPRECATED 1
+#include <ldap.h>
+#include <lutil.h>
+
+#define LOOPS 100
+#define RETRIES 0
+
+static void
+do_modify( char *uri, char *host, int port, char *manager, char *passwd,
+ char *entry, char *attr, char *value, int maxloop,
+ int maxretries, int delay, int friendly );
+
+
+static void
+usage( char *name )
+{
+ fprintf( stderr,
+ "usage: %s "
+ "-H <uri> | ([-h <host>] -p <port>) "
+ "-D <manager> "
+ "-w <passwd> "
+ "-e <entry> "
+ "[-l <loops>] "
+ "[-r <maxretries>] "
+ "[-t <delay>] "
+ "[-F]\n",
+ name );
+ exit( EXIT_FAILURE );
+}
+
+int
+main( int argc, char **argv )
+{
+ int i;
+ char *uri = NULL;
+ char *host = "localhost";
+ int port = -1;
+ char *manager = NULL;
+ char *passwd = NULL;
+ char *entry = NULL;
+ char *ava = NULL;
+ char *value = NULL;
+ int loops = LOOPS;
+ int retries = RETRIES;
+ int delay = 0;
+ int friendly = 0;
+
+ while ( (i = getopt( argc, argv, "FH:h:p:D:w:e:a:l:r:t:" )) != EOF ) {
+ switch( i ) {
+ case 'F':
+ friendly++;
+ break;
+
+ case 'H': /* the server uri */
+ uri = strdup( optarg );
+ break;
+
+ case 'h': /* the servers host */
+ host = strdup( optarg );
+ break;
+
+ case 'p': /* the servers port */
+ if ( lutil_atoi( &port, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 'D': /* the servers manager */
+ manager = strdup( optarg );
+ break;
+
+ case 'w': /* the server managers password */
+ passwd = strdup( optarg );
+ break;
+
+ case 'e': /* entry to modify */
+ entry = strdup( optarg );
+ break;
+
+ case 'a':
+ ava = strdup( optarg );
+ break;
+
+ case 'l': /* the number of loops */
+ if ( lutil_atoi( &loops, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 'r': /* number of retries */
+ if ( lutil_atoi( &retries, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 't': /* delay in seconds */
+ if ( lutil_atoi( &delay, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ default:
+ usage( argv[0] );
+ break;
+ }
+ }
+
+ if (( entry == NULL ) || ( ava == NULL ) || ( port == -1 && uri == NULL ))
+ usage( argv[0] );
+
+ if ( *entry == '\0' ) {
+
+ fprintf( stderr, "%s: invalid EMPTY entry DN.\n",
+ argv[0] );
+ exit( EXIT_FAILURE );
+
+ }
+ if ( *ava == '\0' ) {
+ fprintf( stderr, "%s: invalid EMPTY AVA.\n",
+ argv[0] );
+ exit( EXIT_FAILURE );
+ }
+
+ if ( !( value = strchr( ava, ':' ))) {
+ fprintf( stderr, "%s: invalid AVA.\n",
+ argv[0] );
+ exit( EXIT_FAILURE );
+ }
+ *value++ = '\0';
+ while ( *value && isspace( (unsigned char) *value ))
+ value++;
+
+ do_modify( uri, host, port, manager, passwd, entry, ava, value,
+ loops, retries, delay, friendly );
+ exit( EXIT_SUCCESS );
+}
+
+
+static void
+do_modify( char *uri, char *host, int port, char *manager,
+ char *passwd, char *entry, char* attr, char* value,
+ int maxloop, int maxretries, int delay, int friendly )
+{
+ LDAP *ld = NULL;
+ int i = 0, do_retry = maxretries;
+ pid_t pid;
+ int rc = LDAP_SUCCESS;
+
+ struct ldapmod mod;
+ struct ldapmod *mods[2];
+ char *values[2];
+
+ pid = getpid();
+
+ values[0] = value;
+ values[1] = NULL;
+ mod.mod_op = LDAP_MOD_ADD;
+ mod.mod_type = attr;
+ mod.mod_values = values;
+ mods[0] = &mod;
+ mods[1] = NULL;
+
+retry:;
+ if ( uri ) {
+ ldap_initialize( &ld, uri );
+ } else {
+ ld = ldap_init( host, port );
+ }
+ if ( ld == NULL ) {
+ perror( "ldap_init" );
+ exit( EXIT_FAILURE );
+ }
+
+ {
+ int version = LDAP_VERSION3;
+ (void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
+ &version );
+ }
+
+ if ( do_retry == maxretries ) {
+ fprintf( stderr, "PID=%ld - Modify(%d): entry=\"%s\".\n",
+ (long) pid, maxloop, entry );
+ }
+
+ rc = ldap_bind_s( ld, manager, passwd, LDAP_AUTH_SIMPLE );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_bind" );
+ switch ( rc ) {
+ case LDAP_BUSY:
+ case LDAP_UNAVAILABLE:
+ if ( do_retry > 0 ) {
+ do_retry--;
+ if ( delay > 0 ) {
+ sleep( delay );
+ }
+ goto retry;
+ }
+ /* fallthru */
+ default:
+ break;
+ }
+ exit( EXIT_FAILURE );
+ }
+
+ for ( ; i < maxloop; i++ ) {
+ mod.mod_op = LDAP_MOD_ADD;
+ rc = ldap_modify_s( ld, entry, mods );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_modify" );
+ switch ( rc ) {
+ case LDAP_TYPE_OR_VALUE_EXISTS:
+ /* NOTE: this likely means
+ * the second modify failed
+ * during the previous round... */
+ if ( !friendly ) {
+ goto done;
+ }
+ break;
+
+ case LDAP_BUSY:
+ case LDAP_UNAVAILABLE:
+ if ( do_retry > 0 ) {
+ do_retry--;
+ goto retry;
+ }
+ /* fall thru */
+
+ default:
+ goto done;
+ }
+ }
+
+ mod.mod_op = LDAP_MOD_DELETE;
+ rc = ldap_modify_s( ld, entry, mods );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_modify" );
+ switch ( rc ) {
+ case LDAP_NO_SUCH_ATTRIBUTE:
+ /* NOTE: this likely means
+ * the first modify failed
+ * during the previous round... */
+ if ( !friendly ) {
+ goto done;
+ }
+ break;
+
+ case LDAP_BUSY:
+ case LDAP_UNAVAILABLE:
+ if ( do_retry > 0 ) {
+ do_retry--;
+ goto retry;
+ }
+ /* fall thru */
+
+ default:
+ goto done;
+ }
+ }
+
+ }
+
+done:;
+ fprintf( stderr, " PID=%ld - Modify done (%d).\n", (long) pid, rc );
+
+ ldap_unbind( ld );
+}
+
+
Added: openldap/vendor/openldap-2.3.35/tests/progs/slapd-modrdn.c
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/progs/slapd-modrdn.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/progs/slapd-modrdn.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,287 @@
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-modrdn.c,v 1.7.2.9 2007/01/02 21:44:12 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu, based in part
+ * on other OpenLDAP test tools, for inclusion in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/param.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/wait.h>
+
+#define LDAP_DEPRECATED 1
+#include <ldap.h>
+#include <lutil.h>
+
+#define LOOPS 100
+#define RETRIES 0
+
+static void
+do_modrdn( char *uri, char *host, int port, char *manager, char *passwd,
+ char *entry, int maxloop, int maxretries, int delay,
+ int friendly );
+
+static void
+usage( char *name )
+{
+ fprintf( stderr,
+ "usage: %s "
+ "-H <uri> | ([-h <host>] -p <port>) "
+ "-D <manager> "
+ "-w <passwd> "
+ "-e <entry> "
+ "[-l <loops>] "
+ "[-r <maxretries>] "
+ "[-t <delay>] "
+ "[-F]\n",
+ name );
+ exit( EXIT_FAILURE );
+}
+
+int
+main( int argc, char **argv )
+{
+ int i;
+ char *uri = NULL;
+ char *host = "localhost";
+ int port = -1;
+ char *manager = NULL;
+ char *passwd = NULL;
+ char *entry = NULL;
+ int loops = LOOPS;
+ int retries = RETRIES;
+ int delay = 0;
+ int friendly = 0;
+
+ while ( (i = getopt( argc, argv, "FH:h:p:D:w:e:l:r:t:" )) != EOF ) {
+ switch( i ) {
+ case 'F':
+ friendly++;
+ break;
+
+ case 'H': /* the server uri */
+ uri = strdup( optarg );
+ break;
+
+ case 'h': /* the servers host */
+ host = strdup( optarg );
+ break;
+
+ case 'p': /* the servers port */
+ if ( lutil_atoi( &port, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 'D': /* the servers manager */
+ manager = strdup( optarg );
+ break;
+
+ case 'w': /* the server managers password */
+ passwd = strdup( optarg );
+ break;
+
+ case 'e': /* entry to rename */
+ entry = strdup( optarg );
+ break;
+
+ case 'l': /* the number of loops */
+ if ( lutil_atoi( &loops, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 'r': /* the number of retries */
+ if ( lutil_atoi( &retries, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 't': /* delay in seconds */
+ if ( lutil_atoi( &delay, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ default:
+ usage( argv[0] );
+ break;
+ }
+ }
+
+ if (( entry == NULL ) || ( port == -1 && uri == NULL ))
+ usage( argv[0] );
+
+ if ( *entry == '\0' ) {
+
+ fprintf( stderr, "%s: invalid EMPTY entry DN.\n",
+ argv[0] );
+ exit( EXIT_FAILURE );
+
+ }
+
+ do_modrdn( uri, host, port, manager, passwd, entry,
+ loops, retries, delay, friendly );
+ exit( EXIT_SUCCESS );
+}
+
+
+static void
+do_modrdn( char *uri, char *host, int port, char *manager,
+ char *passwd, char *entry, int maxloop, int maxretries, int delay,
+ int friendly )
+{
+ LDAP *ld = NULL;
+ int i = 0, do_retry = maxretries;
+ pid_t pid;
+ char *DNs[2];
+ char *rdns[2];
+ int rc = LDAP_SUCCESS;
+
+
+ pid = getpid();
+ DNs[0] = entry;
+ DNs[1] = strdup( entry );
+
+ /* reverse the RDN, make new DN */
+ {
+ char *p1, *p2;
+
+ p1 = strchr( entry, '=' ) + 1;
+ p2 = strchr( p1, ',' );
+
+ *p2 = '\0';
+ rdns[1] = strdup( entry );
+ *p2-- = ',';
+
+ for (i = p1 - entry;p2 >= p1;)
+ DNs[1][i++] = *p2--;
+
+ DNs[1][i] = '\0';
+ rdns[0] = strdup( DNs[1] );
+ DNs[1][i] = ',';
+ }
+
+retry:;
+ if ( uri ) {
+ ldap_initialize( &ld, uri );
+ } else {
+ ld = ldap_init( host, port );
+ }
+ if ( ld == NULL ) {
+ perror( "ldap_init" );
+ exit( EXIT_FAILURE );
+ }
+
+ {
+ int version = LDAP_VERSION3;
+ (void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
+ &version );
+ }
+
+ if ( do_retry == maxretries ) {
+ fprintf( stderr, "PID=%ld - Modrdn(%d): entry=\"%s\".\n",
+ (long) pid, maxloop, entry );
+ }
+
+ rc = ldap_bind_s( ld, manager, passwd, LDAP_AUTH_SIMPLE );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_bind" );
+ switch ( rc ) {
+ case LDAP_BUSY:
+ case LDAP_UNAVAILABLE:
+ if ( do_retry > 0 ) {
+ do_retry--;
+ if ( delay > 0) {
+ sleep( delay );
+ }
+ goto retry;
+ }
+ /* fallthru */
+ default:
+ break;
+ }
+ exit( EXIT_FAILURE );
+ }
+
+ for ( ; i < maxloop; i++ ) {
+ rc = ldap_modrdn2_s( ld, DNs[0], rdns[0], 0 );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_modrdn" );
+ switch ( rc ) {
+ case LDAP_NO_SUCH_OBJECT:
+ /* NOTE: this likely means
+ * the second modrdn failed
+ * during the previous round... */
+ if ( !friendly ) {
+ goto done;
+ }
+ break;
+
+ case LDAP_BUSY:
+ case LDAP_UNAVAILABLE:
+ if ( do_retry > 0 ) {
+ do_retry--;
+ goto retry;
+ }
+ /* fall thru */
+
+ default:
+ goto done;
+ }
+ }
+ rc = ldap_modrdn2_s( ld, DNs[1], rdns[1], 1 );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_modrdn" );
+ switch ( rc ) {
+ case LDAP_NO_SUCH_OBJECT:
+ /* NOTE: this likely means
+ * the first modrdn failed
+ * during the previous round... */
+ if ( !friendly ) {
+ goto done;
+ }
+ break;
+
+ case LDAP_BUSY:
+ case LDAP_UNAVAILABLE:
+ if ( do_retry > 0 ) {
+ do_retry--;
+ goto retry;
+ }
+ /* fall thru */
+
+ default:
+ goto done;
+ }
+ }
+ }
+
+done:;
+ fprintf( stderr, " PID=%ld - Modrdn done (%d).\n", (long) pid, rc );
+
+ ldap_unbind( ld );
+}
+
+
Added: openldap/vendor/openldap-2.3.35/tests/progs/slapd-read.c
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/progs/slapd-read.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/progs/slapd-read.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,203 @@
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-read.c,v 1.22.2.7 2007/01/02 21:44:12 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Kurt Spanier for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/param.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/wait.h>
+
+#define LDAP_DEPRECATED 1
+#include <ldap.h>
+#include <lutil.h>
+
+#define LOOPS 100
+#define RETRIES 0
+
+static void
+do_read( char *uri, char *host, int port, char *entry, int maxloop,
+ int maxretries, int delay );
+
+static void
+usage( char *name )
+{
+ fprintf( stderr,
+ "usage: %s "
+ "-H <uri> | ([-h <host>] -p <port>) "
+ "-e <entry> "
+ "[-l <loops>] "
+ "[-r <maxretries>] "
+ "[-t <delay>]\n",
+ name );
+ exit( EXIT_FAILURE );
+}
+
+int
+main( int argc, char **argv )
+{
+ int i;
+ char *uri = NULL;
+ char *host = "localhost";
+ int port = -1;
+ char *entry = NULL;
+ int loops = LOOPS;
+ int retries = RETRIES;
+ int delay = 0;
+
+ while ( (i = getopt( argc, argv, "H:h:p:e:l:r:t:" )) != EOF ) {
+ switch( i ) {
+ case 'H': /* the server uri */
+ uri = strdup( optarg );
+ break;
+
+ case 'h': /* the servers host */
+ host = strdup( optarg );
+ break;
+
+ case 'p': /* the servers port */
+ if ( lutil_atoi( &port, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 'e': /* DN to search for */
+ entry = strdup( optarg );
+ break;
+
+ case 'l': /* the number of loops */
+ if ( lutil_atoi( &loops, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 'r': /* the number of retries */
+ if ( lutil_atoi( &retries, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 't': /* delay in seconds */
+ if ( lutil_atoi( &delay, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ default:
+ usage( argv[0] );
+ break;
+ }
+ }
+
+ if (( entry == NULL ) || ( port == -1 && uri == NULL ))
+ usage( argv[0] );
+
+ if ( *entry == '\0' ) {
+ fprintf( stderr, "%s: invalid EMPTY entry DN.\n",
+ argv[0] );
+ exit( EXIT_FAILURE );
+ }
+
+ do_read( uri, host, port, entry, ( 20 * loops ), retries, delay );
+ exit( EXIT_SUCCESS );
+}
+
+
+static void
+do_read( char *uri, char *host, int port, char *entry, int maxloop,
+ int maxretries, int delay )
+{
+ LDAP *ld = NULL;
+ int i = 0, do_retry = maxretries;
+ char *attrs[] = { "1.1", NULL };
+ pid_t pid = getpid();
+ int rc = LDAP_SUCCESS;
+
+retry:;
+ if ( uri ) {
+ ldap_initialize( &ld, uri );
+ } else {
+ ld = ldap_init( host, port );
+ }
+ if ( ld == NULL ) {
+ perror( "ldap_init" );
+ exit( EXIT_FAILURE );
+ }
+
+ {
+ int version = LDAP_VERSION3;
+ (void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
+ &version );
+ }
+
+ if ( do_retry == maxretries ) {
+ fprintf( stderr, "PID=%ld - Read(%d): entry=\"%s\".\n",
+ (long) pid, maxloop, entry );
+ }
+
+ rc = ldap_bind_s( ld, NULL, NULL, LDAP_AUTH_SIMPLE );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_bind" );
+ switch ( rc ) {
+ case LDAP_BUSY:
+ case LDAP_UNAVAILABLE:
+ if ( do_retry > 0 ) {
+ do_retry--;
+ if ( delay > 0 ) {
+ sleep( delay );
+ }
+ goto retry;
+ }
+ /* fallthru */
+ default:
+ break;
+ }
+ exit( EXIT_FAILURE );
+ }
+
+ for ( ; i < maxloop; i++ ) {
+ LDAPMessage *res;
+
+ rc = ldap_search_s( ld, entry, LDAP_SCOPE_BASE,
+ NULL, attrs, 1, &res );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_read" );
+ if ( rc == LDAP_BUSY && do_retry > 0 ) {
+ do_retry--;
+ goto retry;
+ }
+ if ( rc != LDAP_NO_SUCH_OBJECT ) break;
+ continue;
+
+ }
+
+ ldap_msgfree( res );
+ }
+
+ fprintf( stderr, " PID=%ld - Read done (%d).\n", (long) pid, rc );
+
+ ldap_unbind( ld );
+}
+
Added: openldap/vendor/openldap-2.3.35/tests/progs/slapd-search.c
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/progs/slapd-search.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/progs/slapd-search.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,223 @@
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-search.c,v 1.21.2.7 2007/01/02 21:44:12 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Kurt Spanier for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/param.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/wait.h>
+
+#define LDAP_DEPRECATED 1
+#include <ldap.h>
+#include <lutil.h>
+
+#define LOOPS 100
+#define RETRIES 0
+
+static void
+do_search( char *uri, char *host, int port, char *manager, char *passwd,
+ char *sbase, char *filter, int maxloop, int maxretries, int delay );
+
+static void
+usage( char *name )
+{
+ fprintf( stderr,
+ "usage: %s "
+ "-H <uri> | ([-h <host>] -p <port>) "
+ "-D <manager> "
+ "-w <passwd> "
+ "-b <searchbase> "
+ "-f <searchfilter> "
+ "[-l <loops>] "
+ "[-r <maxretries>] "
+ "[-t <delay>]\n",
+ name );
+ exit( EXIT_FAILURE );
+}
+
+int
+main( int argc, char **argv )
+{
+ int i;
+ char *uri = NULL;
+ char *host = "localhost";
+ int port = -1;
+ char *manager = NULL;
+ char *passwd = NULL;
+ char *sbase = NULL;
+ char *filter = NULL;
+ int loops = LOOPS;
+ int retries = RETRIES;
+ int delay = 0;
+
+ while ( (i = getopt( argc, argv, "b:D:f:H:h:l:p:w:r:t:" )) != EOF ) {
+ switch( i ) {
+ case 'H': /* the server uri */
+ uri = strdup( optarg );
+ break;
+
+ case 'h': /* the servers host */
+ host = strdup( optarg );
+ break;
+
+ case 'p': /* the servers port */
+ if ( lutil_atoi( &port, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 'D': /* the servers manager */
+ manager = strdup( optarg );
+ break;
+
+ case 'w': /* the server managers password */
+ passwd = strdup( optarg );
+ break;
+
+ case 'b': /* file with search base */
+ sbase = strdup( optarg );
+ break;
+
+ case 'f': /* the search request */
+ filter = strdup( optarg );
+ break;
+
+ case 'l': /* number of loops */
+ if ( lutil_atoi( &loops, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 'r': /* number of retries */
+ if ( lutil_atoi( &retries, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 't': /* delay in seconds */
+ if ( lutil_atoi( &delay, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ default:
+ usage( argv[0] );
+ break;
+ }
+ }
+
+ if (( sbase == NULL ) || ( filter == NULL ) || ( port == -1 && uri == NULL ))
+ usage( argv[0] );
+
+ if ( *filter == '\0' ) {
+
+ fprintf( stderr, "%s: invalid EMPTY search filter.\n",
+ argv[0] );
+ exit( EXIT_FAILURE );
+
+ }
+
+ do_search( uri, host, port, manager, passwd, sbase, filter,
+ ( 10 * loops ), retries, delay );
+ exit( EXIT_SUCCESS );
+}
+
+
+static void
+do_search( char *uri, char *host, int port, char *manager, char *passwd,
+ char *sbase, char *filter, int maxloop, int maxretries, int delay )
+{
+ LDAP *ld = NULL;
+ int i = 0, do_retry = maxretries;
+ char *attrs[] = { "cn", "sn", NULL };
+ pid_t pid = getpid();
+ int rc = LDAP_SUCCESS;
+
+retry:;
+ if ( uri ) {
+ ldap_initialize( &ld, uri );
+ } else {
+ ld = ldap_init( host, port );
+ }
+ if ( ld == NULL ) {
+ perror( "ldap_init" );
+ exit( EXIT_FAILURE );
+ }
+
+ {
+ int version = LDAP_VERSION3;
+ (void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
+ &version );
+ }
+
+ if ( do_retry == maxretries ) {
+ fprintf( stderr, "PID=%ld - Search(%d): base=\"%s\", filter=\"%s\".\n",
+ (long) pid, maxloop, sbase, filter );
+ }
+
+ rc = ldap_bind_s( ld, manager, passwd, LDAP_AUTH_SIMPLE );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_bind" );
+ switch ( rc ) {
+ case LDAP_BUSY:
+ case LDAP_UNAVAILABLE:
+ if ( do_retry > 0 ) {
+ do_retry--;
+ if ( delay != 0 ) {
+ sleep( delay );
+ }
+ goto retry;
+ }
+ /* fallthru */
+ default:
+ break;
+ }
+ exit( EXIT_FAILURE );
+ }
+
+ for ( ; i < maxloop; i++ ) {
+ LDAPMessage *res;
+
+ rc = ldap_search_s( ld, sbase, LDAP_SCOPE_SUBTREE,
+ filter, attrs, 0, &res );
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_search" );
+ if ( rc == LDAP_BUSY && do_retry > 0 ) {
+ do_retry--;
+ goto retry;
+ }
+ if ( rc != LDAP_NO_SUCH_OBJECT ) break;
+ continue;
+
+ }
+
+ ldap_msgfree( res );
+ }
+
+ fprintf( stderr, " PID=%ld - Search done (%d).\n", (long) pid, rc );
+
+ ldap_unbind( ld );
+}
Added: openldap/vendor/openldap-2.3.35/tests/progs/slapd-tester.c
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/progs/slapd-tester.c (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/progs/slapd-tester.c 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,637 @@
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-tester.c,v 1.27.2.9 2007/01/02 21:44:12 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Kurt Spanier for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/ctype.h>
+#include <ac/dirent.h>
+#include <ac/param.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/wait.h>
+
+
+#include "ldap_defaults.h"
+#include "lutil.h"
+
+
+#define SEARCHCMD "slapd-search"
+#define READCMD "slapd-read"
+#define ADDCMD "slapd-addel"
+#define MODRDNCMD "slapd-modrdn"
+#define MODIFYCMD "slapd-modify"
+#define MAXARGS 100
+#define MAXREQS 5000
+#define LOOPS "100"
+#define RETRIES "0"
+
+#define TSEARCHFILE "do_search.0"
+#define TREADFILE "do_read.0"
+#define TADDFILE "do_add."
+#define TMODRDNFILE "do_modrdn.0"
+#define TMODIFYFILE "do_modify.0"
+
+static char *get_file_name( char *dirname, char *filename );
+static int get_search_filters( char *filename, char *filters[], char *bases[] );
+static int get_read_entries( char *filename, char *entries[] );
+static void fork_child( char *prog, char **args );
+static void wait4kids( int nkidval );
+
+static int maxkids = 20;
+static int nkids;
+
+#ifdef HAVE_WINSOCK
+static HANDLE *children;
+static char argbuf[BUFSIZ];
+#define ArgDup(x) strdup(strcat(strcat(strcpy(argbuf,"\""),x),"\""))
+#else
+#define ArgDup(x) strdup(x)
+#endif
+
+static void
+usage( char *name )
+{
+ fprintf( stderr,
+ "usage: %s "
+ "-H <uri> | ([-h <host>] -p <port>) "
+ "-D <manager> "
+ "-w <passwd> "
+ "-d <datadir> "
+ "[-j <maxchild>] "
+ "[-l <loops>] "
+ "-P <progdir> "
+ "[-r <maxretries>] "
+ "[-t <delay>] "
+ "[-F]\n",
+ name );
+ exit( EXIT_FAILURE );
+}
+
+int
+main( int argc, char **argv )
+{
+ int i, j;
+ char *uri = NULL;
+ char *host = "localhost";
+ char *port = NULL;
+ char *manager = NULL;
+ char *passwd = NULL;
+ char *dirname = NULL;
+ char *progdir = NULL;
+ char *loops = LOOPS;
+ char *retries = RETRIES;
+ char *delay = "0";
+ DIR *datadir;
+ struct dirent *file;
+ char *sfile = NULL;
+ char *sreqs[MAXREQS];
+ char *sbase[MAXREQS];
+ int snum = 0;
+ char *rfile = NULL;
+ char *rreqs[MAXREQS];
+ int rnum = 0;
+ char *afiles[MAXREQS];
+ int anum = 0;
+ char *mfile = NULL;
+ char *mreqs[MAXREQS];
+ int mnum = 0;
+ char *sargs[MAXARGS];
+ int sanum;
+ char scmd[MAXPATHLEN];
+ char *rargs[MAXARGS];
+ int ranum;
+ char rcmd[MAXPATHLEN];
+ char *aargs[MAXARGS];
+ int aanum;
+ char acmd[MAXPATHLEN];
+ char *margs[MAXARGS];
+ int manum;
+ char mcmd[MAXPATHLEN];
+ char *modargs[MAXARGS];
+ int modanum;
+ char modcmd[MAXPATHLEN];
+ char *modfile = NULL;
+ char *modreqs[MAXREQS];
+ char *moddn[MAXREQS];
+ int modnum = 0;
+ int friendly = 0;
+
+ while ( (i = getopt( argc, argv, "D:d:FH:h:j:l:P:p:r:t:w:" )) != EOF ) {
+ switch( i ) {
+ case 'D': /* slapd manager */
+ manager = ArgDup( optarg );
+ break;
+
+ case 'd': /* data directory */
+ dirname = strdup( optarg );
+ break;
+
+ case 'F':
+ friendly++;
+ break;
+
+ case 'H': /* slapd uri */
+ uri = strdup( optarg );
+ break;
+
+ case 'h': /* slapd host */
+ host = strdup( optarg );
+ break;
+
+ case 'j': /* the number of parallel clients */
+ if ( lutil_atoi( &maxkids, optarg ) != 0 ) {
+ usage( argv[0] );
+ }
+ break;
+
+ case 'l': /* the number of loops per client */
+ loops = strdup( optarg );
+ break;
+
+ case 'P': /* prog directory */
+ progdir = strdup( optarg );
+ break;
+
+ case 'p': /* the servers port number */
+ port = strdup( optarg );
+ break;
+
+ case 'r': /* the number of retries in case of error */
+ retries = strdup( optarg );
+ break;
+
+ case 't': /* the delay in seconds between each retry */
+ delay = strdup( optarg );
+ break;
+
+ case 'w': /* the managers passwd */
+ passwd = ArgDup( optarg );
+ break;
+
+ default:
+ usage( argv[0] );
+ break;
+ }
+ }
+
+ if (( dirname == NULL ) || ( port == NULL && uri == NULL ) ||
+ ( manager == NULL ) || ( passwd == NULL ) || ( progdir == NULL ))
+ usage( argv[0] );
+
+#ifdef HAVE_WINSOCK
+ children = malloc( maxkids * sizeof(HANDLE) );
+#endif
+ /* get the file list */
+ if ( ( datadir = opendir( dirname )) == NULL ) {
+
+ fprintf( stderr, "%s: couldn't open data directory \"%s\".\n",
+ argv[0], dirname );
+ exit( EXIT_FAILURE );
+
+ }
+
+ /* look for search, read, modrdn, and add/delete files */
+ for ( file = readdir( datadir ); file; file = readdir( datadir )) {
+
+ if ( !strcasecmp( file->d_name, TSEARCHFILE )) {
+ sfile = get_file_name( dirname, file->d_name );
+ continue;
+ } else if ( !strcasecmp( file->d_name, TREADFILE )) {
+ rfile = get_file_name( dirname, file->d_name );
+ continue;
+ } else if ( !strcasecmp( file->d_name, TMODRDNFILE )) {
+ mfile = get_file_name( dirname, file->d_name );
+ continue;
+ } else if ( !strcasecmp( file->d_name, TMODIFYFILE )) {
+ modfile = get_file_name( dirname, file->d_name );
+ continue;
+ } else if ( !strncasecmp( file->d_name, TADDFILE, strlen( TADDFILE ))
+ && ( anum < MAXREQS )) {
+ afiles[anum++] = get_file_name( dirname, file->d_name );
+ continue;
+ }
+ }
+
+ closedir( datadir );
+
+ /* look for search requests */
+ if ( sfile ) {
+ snum = get_search_filters( sfile, sreqs, sbase );
+ }
+
+ /* look for read requests */
+ if ( rfile ) {
+ rnum = get_read_entries( rfile, rreqs );
+ }
+
+ /* look for modrdn requests */
+ if ( mfile ) {
+ mnum = get_read_entries( mfile, mreqs );
+ }
+ /* look for modify requests */
+ if ( modfile ) {
+ modnum = get_search_filters( modfile, modreqs, moddn );
+ }
+
+ /*
+ * generate the search clients
+ */
+
+ sanum = 0;
+ snprintf( scmd, sizeof scmd, "%s" LDAP_DIRSEP SEARCHCMD,
+ progdir );
+ sargs[sanum++] = scmd;
+ if ( uri ) {
+ sargs[sanum++] = "-H";
+ sargs[sanum++] = uri;
+ } else {
+ sargs[sanum++] = "-h";
+ sargs[sanum++] = host;
+ sargs[sanum++] = "-p";
+ sargs[sanum++] = port;
+ }
+ sargs[sanum++] = "-D";
+ sargs[sanum++] = manager;
+ sargs[sanum++] = "-w";
+ sargs[sanum++] = passwd;
+ sargs[sanum++] = "-l";
+ sargs[sanum++] = loops;
+ sargs[sanum++] = "-r";
+ sargs[sanum++] = retries;
+ sargs[sanum++] = "-t";
+ sargs[sanum++] = delay;
+ sargs[sanum++] = "-b";
+ sargs[sanum++] = NULL; /* will hold the search base */
+ sargs[sanum++] = "-f";
+ sargs[sanum++] = NULL; /* will hold the search request */
+ sargs[sanum++] = NULL;
+
+ /*
+ * generate the read clients
+ */
+
+ ranum = 0;
+ snprintf( rcmd, sizeof rcmd, "%s" LDAP_DIRSEP READCMD,
+ progdir );
+ rargs[ranum++] = rcmd;
+ if ( uri ) {
+ rargs[ranum++] = "-H";
+ rargs[ranum++] = uri;
+ } else {
+ rargs[ranum++] = "-h";
+ rargs[ranum++] = host;
+ rargs[ranum++] = "-p";
+ rargs[ranum++] = port;
+ }
+ rargs[ranum++] = "-l";
+ rargs[ranum++] = loops;
+ rargs[ranum++] = "-r";
+ rargs[ranum++] = retries;
+ rargs[ranum++] = "-t";
+ rargs[ranum++] = delay;
+ rargs[ranum++] = "-e";
+ rargs[ranum++] = NULL; /* will hold the read entry */
+ rargs[ranum++] = NULL;
+
+ /*
+ * generate the modrdn clients
+ */
+
+ manum = 0;
+ snprintf( mcmd, sizeof mcmd, "%s" LDAP_DIRSEP MODRDNCMD,
+ progdir );
+ margs[manum++] = mcmd;
+ if ( uri ) {
+ margs[manum++] = "-H";
+ margs[manum++] = uri;
+ } else {
+ margs[manum++] = "-h";
+ margs[manum++] = host;
+ margs[manum++] = "-p";
+ margs[manum++] = port;
+ }
+ margs[manum++] = "-D";
+ margs[manum++] = manager;
+ margs[manum++] = "-w";
+ margs[manum++] = passwd;
+ margs[manum++] = "-l";
+ margs[manum++] = loops;
+ margs[manum++] = "-r";
+ margs[manum++] = retries;
+ margs[manum++] = "-t";
+ margs[manum++] = delay;
+ if ( friendly ) {
+ margs[manum++] = "-F";
+ }
+ margs[manum++] = "-e";
+ margs[manum++] = NULL; /* will hold the modrdn entry */
+ margs[manum++] = NULL;
+
+ /*
+ * generate the modify clients
+ */
+
+ modanum = 0;
+ snprintf( modcmd, sizeof modcmd, "%s" LDAP_DIRSEP MODIFYCMD,
+ progdir );
+ modargs[modanum++] = modcmd;
+ if ( uri ) {
+ modargs[modanum++] = "-H";
+ modargs[modanum++] = uri;
+ } else {
+ modargs[modanum++] = "-h";
+ modargs[modanum++] = host;
+ modargs[modanum++] = "-p";
+ modargs[modanum++] = port;
+ }
+ modargs[modanum++] = "-D";
+ modargs[modanum++] = manager;
+ modargs[modanum++] = "-w";
+ modargs[modanum++] = passwd;
+ modargs[modanum++] = "-l";
+ modargs[modanum++] = loops;
+ modargs[modanum++] = "-r";
+ modargs[modanum++] = retries;
+ modargs[modanum++] = "-t";
+ modargs[modanum++] = delay;
+ if ( friendly ) {
+ modargs[modanum++] = "-F";
+ }
+ modargs[modanum++] = "-e";
+ modargs[modanum++] = NULL; /* will hold the modify entry */
+ modargs[modanum++] = "-a";;
+ modargs[modanum++] = NULL; /* will hold the ava */
+ modargs[modanum++] = NULL;
+
+ /*
+ * generate the add/delete clients
+ */
+
+ aanum = 0;
+ snprintf( acmd, sizeof acmd, "%s" LDAP_DIRSEP ADDCMD,
+ progdir );
+ aargs[aanum++] = acmd;
+ if ( uri ) {
+ aargs[aanum++] = "-H";
+ aargs[aanum++] = uri;
+ } else {
+ aargs[aanum++] = "-h";
+ aargs[aanum++] = host;
+ aargs[aanum++] = "-p";
+ aargs[aanum++] = port;
+ }
+ aargs[aanum++] = "-D";
+ aargs[aanum++] = manager;
+ aargs[aanum++] = "-w";
+ aargs[aanum++] = passwd;
+ aargs[aanum++] = "-l";
+ aargs[aanum++] = loops;
+ aargs[aanum++] = "-r";
+ aargs[aanum++] = retries;
+ aargs[aanum++] = "-t";
+ aargs[aanum++] = delay;
+ if ( friendly ) {
+ aargs[aanum++] = "-F";
+ }
+ aargs[aanum++] = "-f";
+ aargs[aanum++] = NULL; /* will hold the add data file */
+ aargs[aanum++] = NULL;
+
+ for ( j = 0; j < MAXREQS; j++ ) {
+
+ if ( j < snum ) {
+
+ sargs[sanum - 2] = sreqs[j];
+ sargs[sanum - 4] = sbase[j];
+ fork_child( scmd, sargs );
+
+ }
+
+ if ( j < rnum ) {
+
+ rargs[ranum - 2] = rreqs[j];
+ fork_child( rcmd, rargs );
+
+ }
+
+ if ( j < mnum ) {
+
+ margs[manum - 2] = mreqs[j];
+ fork_child( mcmd, margs );
+
+ }
+ if ( j < modnum ) {
+
+ modargs[modanum - 4] = moddn[j];
+ modargs[modanum - 2] = modreqs[j];
+ fork_child( modcmd, modargs );
+
+ }
+
+ if ( j < anum ) {
+
+ aargs[aanum - 2] = afiles[j];
+ fork_child( acmd, aargs );
+
+ }
+
+ }
+
+ wait4kids( -1 );
+
+ exit( EXIT_SUCCESS );
+}
+
+static char *
+get_file_name( char *dirname, char *filename )
+{
+ char buf[MAXPATHLEN];
+
+ snprintf( buf, sizeof buf, "%s" LDAP_DIRSEP "%s",
+ dirname, filename );
+ return( strdup( buf ));
+}
+
+
+static int
+get_search_filters( char *filename, char *filters[], char *bases[] )
+{
+ FILE *fp;
+ int filter = 0;
+
+ if ( (fp = fopen( filename, "r" )) != NULL ) {
+ char line[BUFSIZ];
+
+ while (( filter < MAXREQS ) && ( fgets( line, BUFSIZ, fp ))) {
+ char *nl;
+
+ if (( nl = strchr( line, '\r' )) || ( nl = strchr( line, '\n' )))
+ *nl = '\0';
+ bases[filter] = ArgDup( line );
+ fgets( line, BUFSIZ, fp );
+ if (( nl = strchr( line, '\r' )) || ( nl = strchr( line, '\n' )))
+ *nl = '\0';
+
+ filters[filter++] = ArgDup( line );
+
+ }
+ fclose( fp );
+ }
+
+ return( filter );
+}
+
+
+static int
+get_read_entries( char *filename, char *entries[] )
+{
+ FILE *fp;
+ int entry = 0;
+
+ if ( (fp = fopen( filename, "r" )) != NULL ) {
+ char line[BUFSIZ];
+
+ while (( entry < MAXREQS ) && ( fgets( line, BUFSIZ, fp ))) {
+ char *nl;
+
+ if (( nl = strchr( line, '\r' )) || ( nl = strchr( line, '\n' )))
+ *nl = '\0';
+ entries[entry++] = ArgDup( line );
+
+ }
+ fclose( fp );
+ }
+
+ return( entry );
+}
+
+#ifndef HAVE_WINSOCK
+static void
+fork_child( char *prog, char **args )
+{
+ pid_t pid;
+
+ wait4kids( maxkids );
+
+ switch ( pid = fork() ) {
+ case 0: /* child */
+#ifdef HAVE_EBCDIC
+ /* The __LIBASCII execvp only handles ASCII "prog",
+ * we still need to translate the arg vec ourselves.
+ */
+ { char *arg2[MAXREQS];
+ int i;
+
+ for (i=0; args[i]; i++) {
+ arg2[i] = ArgDup(args[i]);
+ __atoe(arg2[i]);
+ }
+ arg2[i] = NULL;
+ args = arg2; }
+#endif
+ execvp( prog, args );
+ fprintf( stderr, "%s: ", prog );
+ perror( "execv" );
+ exit( EXIT_FAILURE );
+ break;
+
+ case -1: /* trouble */
+ fprintf( stderr, "Could not fork to run %s\n", prog );
+ perror( "fork" );
+ break;
+
+ default: /* parent */
+ nkids++;
+ break;
+ }
+}
+
+static void
+wait4kids( int nkidval )
+{
+ int status;
+
+ while ( nkids >= nkidval ) {
+ wait( &status );
+
+ if ( WIFSTOPPED(status) ) {
+ fprintf( stderr,
+ "stopping: child stopped with signal %d\n",
+ (int) WSTOPSIG(status) );
+
+ } else if ( WIFSIGNALED(status) ) {
+ fprintf( stderr,
+ "stopping: child terminated with signal %d%s\n",
+ (int) WTERMSIG(status),
+#ifdef WCOREDUMP
+ WCOREDUMP(status) ? ", core dumped" : ""
+#else
+ ""
+#endif
+ );
+ exit( WEXITSTATUS(status) );
+
+ } else if ( WEXITSTATUS(status) != 0 ) {
+ fprintf( stderr,
+ "stopping: child exited with status %d\n",
+ (int) WEXITSTATUS(status) );
+ exit( WEXITSTATUS(status) );
+
+ } else {
+ nkids--;
+ }
+ }
+}
+#else
+
+static void
+wait4kids( int nkidval )
+{
+ int rc, i;
+
+ while ( nkids >= nkidval ) {
+ rc = WaitForMultipleObjects( nkids, children, FALSE, INFINITE );
+ for ( i=rc - WAIT_OBJECT_0; i<nkids-1; i++)
+ children[i] = children[i+1];
+ nkids--;
+ }
+}
+
+static void
+fork_child( char *prog, char **args )
+{
+ int rc;
+
+ wait4kids( maxkids );
+
+ rc = _spawnvp( _P_NOWAIT, prog, args );
+
+ if ( rc == -1 ) {
+ fprintf( stderr, "%s: ", prog );
+ perror("spawnvp");
+ } else {
+ children[nkids++] = (HANDLE)rc;
+ }
+}
+#endif
Added: openldap/vendor/openldap-2.3.35/tests/run.in
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/run.in (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/run.in 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,193 @@
+#!/bin/sh
+# $OpenLDAP: pkg/ldap/tests/run.in,v 1.28.2.17 2007/01/02 21:44:12 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+USAGE="$0 [-b <backend>] [-c] [-k] [-p] [-u] [-w] <script>"
+
+# configure generated
+SRCDIR="@srcdir@"
+TOPSRCDIR="@top_srcdir@"
+LN_S="@LN_S@"
+EGREP_CMD="@EGREP@"
+
+export SRCDIR TOPSRCDIR LN_S EGREP_CMD
+
+# backends
+AC_bdb=@BUILD_BDB@
+AC_hdb=@BUILD_HDB@
+AC_ldap=ldap at BUILD_LDAP@
+AC_ldbm=@BUILD_LDBM@
+AC_meta=meta at BUILD_META@
+AC_monitor=@BUILD_MONITOR@
+AC_relay=relay at BUILD_RELAY@
+AC_sql=sql at BUILD_SQL@
+
+# overlays
+AC_accesslog=accesslog at BUILD_ACCESSLOG@
+AC_dynlist=dynlist at BUILD_DYNLIST@
+AC_pcache=pcache at BUILD_PROXYCACHE@
+AC_ppolicy=ppolicy at BUILD_PPOLICY@
+AC_refint=refint at BUILD_REFINT@
+AC_retcode=retcode at BUILD_RETCODE@
+AC_translucent=translucent at BUILD_TRANSLUCENT@
+AC_unique=unique at BUILD_UNIQUE@
+AC_rwm=rwm at BUILD_RWM@
+AC_syncprov=syncprov at BUILD_SYNCPROV@
+AC_valsort=valsort at BUILD_VALSORT@
+
+# misc
+AC_WITH_SASL=@WITH_SASL@
+AC_WITH_TLS=@WITH_TLS@
+AC_WITH_MODULES_ENABLED=@WITH_MODULES_ENABLED@
+AC_ACI_ENABLED=aci at WITH_ACI_ENABLED@
+AC_THREADS=threads at BUILD_THREAD@
+
+export AC_bdb AC_hdb AC_ldap AC_ldbm AC_meta AC_monitor AC_relay AC_sql \
+ AC_accesslog AC_dynlist AC_pcache AC_ppolicy AC_refint AC_retcode \
+ AC_rwm AC_unique AC_syncprov AC_translucent AC_valsort \
+ AC_WITH_SASL AC_WITH_TLS AC_WITH_MODULES_ENABLED AC_ACI_ENABLED \
+ AC_THREADS
+
+if test ! -x ../servers/slapd/slapd ; then
+ echo "Could not locate slapd(8)"
+ exit 1
+fi
+
+BACKEND=
+CLEAN=no
+WAIT=0
+KILLSERVERS=yes
+PRESERVE=${PRESERVE-no}
+USERDATA=no
+
+while test $# -gt 0 ; do
+ case "$1" in
+ -b | -backend)
+ BACKEND="$2"
+ shift; shift ;;
+
+ -c | -clean)
+ CLEAN=yes
+ shift ;;
+
+ -k | -kill)
+ KILLSERVERS=no
+ shift ;;
+
+ -p | -preserve)
+ PRESERVE=yes
+ shift ;;
+
+ -u | -userdata)
+ USERDATA=yes
+ shift ;;
+
+ -w | -wait)
+ WAIT=1
+ shift ;;
+
+ -)
+ shift
+ break ;;
+
+ -*)
+ echo "$USAGE"; exit 1
+ ;;
+
+ *)
+ break ;;
+ esac
+done
+
+if test -z "$BACKEND" ; then
+ for b in bdb ldbm hdb ; do
+ if eval "test \"\$AC_$b\" != no" ; then
+ BACKEND=$b
+ break
+ fi
+ done
+ if test -z "$BACKEND" ; then
+ echo "No suitable default database backend configured" >&2
+ exit 1
+ fi
+fi
+BACKENDTYPE=`eval 'echo $AC_'$BACKEND`
+if test "x$BACKENDTYPE" = "x" ; then
+ BACKENDTYPE="unknown"
+fi
+export BACKEND BACKENDTYPE WAIT KILLSERVERS PRESERVE USERDATA
+
+if test $# = 0 ; then
+ echo "$USAGE"; exit 1
+fi
+
+# need defines.sh for the definitions of the directories
+. $SRCDIR/scripts/defines.sh
+
+SCRIPTDIR="${SRCDIR}/scripts"
+SCRIPTNAME="$1"
+shift
+
+if test -x "${SCRIPTDIR}/${SCRIPTNAME}" ; then
+ SCRIPT="${SCRIPTDIR}/${SCRIPTNAME}"
+elif test -x "`echo ${SCRIPTDIR}/test*-${SCRIPTNAME}`"; then
+ SCRIPT="`echo ${SCRIPTDIR}/test*-${SCRIPTNAME}`"
+elif test -x "`echo ${SCRIPTDIR}/${SCRIPTNAME}-*`"; then
+ SCRIPT="`echo ${SCRIPTDIR}/${SCRIPTNAME}-*`"
+else
+ echo "run: ${SCRIPTNAME} not found (or not executable)"
+ exit 1;
+fi
+
+if test ! -r ${DATADIR}/test.ldif ; then
+ ${LN_S} ${SRCDIR}/data ${DATADIR}
+fi
+if test ! -r ${SCHEMADIR}/core.schema ; then
+ ${LN_S} ${TOPSRCDIR}/servers/slapd/schema ${SCHEMADIR}
+fi
+
+if test -d ${TESTDIR} ; then
+ if test $PRESERVE = no ; then
+ echo "Cleaning up test run directory leftover from previous run."
+ /bin/rm -rf ${TESTDIR}
+ elif test $PRESERVE = yes ; then
+ echo "Cleaning up only database directories leftover from previous run."
+ /bin/rm -rf ${TESTDIR}/db.*
+ fi
+fi
+
+if test $USERDATA = yes ; then
+ if test ! -d userdata ; then
+ echo "User data directory (userdata) does not exist."
+ exit 1
+ fi
+ mkdir -p ${TESTDIR}
+ cp -R userdata/* ${TESTDIR}
+fi
+
+# disable LDAP initialization
+LDAPNOINIT=true; export LDAPNOINIT
+
+echo "Running ${SCRIPT}..."
+$SCRIPT $*
+RC=$?
+
+if test $CLEAN = yes ; then
+ echo "Cleaning up test run directory from this run."
+ /bin/rm -rf ${TESTDIR}
+ echo "Cleaning up symlinks."
+ /bin/rm -f ${DATADIR} ${SCHEMADIR}
+fi
+
+exit $RC
Added: openldap/vendor/openldap-2.3.35/tests/scripts/acfilter.sh
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/acfilter.sh (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/acfilter.sh 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,18 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/acfilter.sh,v 1.8.2.5 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Strip comments
+#
+grep -v '^#'
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/acfilter.sh
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/all
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/all (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/all 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,44 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/all,v 1.23.2.4 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SHTOOL="$SRCDIR/../build/shtool"
+TB=`$SHTOOL echo -e "%B"`
+TN=`$SHTOOL echo -e "%b"`
+SLEEPTIME=10
+
+echo ">>>>> Executing all LDAP tests for $BACKEND"
+
+for CMD in $SRCDIR/scripts/test*; do
+ # remove cruft from prior test
+ if test $PRESERVE = yes ; then
+ /bin/rm -rf testrun/db.*
+ else
+ /bin/rm -rf testrun
+ fi
+
+ echo ">>>>> Starting ${TB}`basename $CMD`${TN} ..."
+ $CMD
+ RC=$?
+ if test $RC -eq 0 ; then
+ echo ">>>>> $CMD completed ${TB}OK${TN}."
+ else
+ echo ">>>>> $CMD ${TB}failed${TN} (exit $RC)"
+ exit $RC
+ fi
+
+ echo ">>>>> waiting $SLEEPTIME seconds for things to exit"
+ sleep $SLEEPTIME
+ echo ""
+done
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/all
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/conf.sh
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/conf.sh (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/conf.sh 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,76 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/conf.sh,v 1.32.2.13 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+MONMOD=nomod
+if [ x"$MONITORDB" = xyes -o x"$MONITORDB" = xmod ] ; then
+ MON=monitor
+ if [ $MONITORDB = mod ] ; then
+ MONMOD=monitormod
+ fi
+else
+ MON=nomonitor
+fi
+if [ x"$WITH_SASL" = x"yes" -a x"$USE_SASL" != x"no" ] ; then
+ SASL="sasl"
+ if [ x"$USE_SASL" = x"yes" ] ; then
+ USE_SASL=DIGEST-MD5
+ fi
+ SASL_MECH="\"saslmech=$USE_SASL\""
+else
+ SASL="nosasl"
+ SASL_MECH=
+fi
+sed -e "s/@BACKEND@/${BACKEND}/" \
+ -e "s/^#${BACKEND}#//" \
+ -e "s/@RELAY@/${RELAY}/" \
+ -e "s/^#relay-${RELAY}#//" \
+ -e "s/^#${BACKENDTYPE}#//" \
+ -e "s/^#${AC_ldap}#//" \
+ -e "s/^#${AC_meta}#//" \
+ -e "s/^#${AC_relay}#//" \
+ -e "s/^#${AC_sql}#//" \
+ -e "s/^#${RDBMS}#//" \
+ -e "s/^#${AC_accesslog}#//" \
+ -e "s/^#${AC_dynlist}#//" \
+ -e "s/^#${AC_pcache}#//" \
+ -e "s/^#${AC_ppolicy}#//" \
+ -e "s/^#${AC_refint}#//" \
+ -e "s/^#${AC_retcode}#//" \
+ -e "s/^#${AC_rwm}#//" \
+ -e "s/^#${AC_syncprov}#//" \
+ -e "s/^#${AC_translucent}#//" \
+ -e "s/^#${AC_unique}#//" \
+ -e "s/^#${AC_valsort}#//" \
+ -e "s/^#${MON}#//" \
+ -e "s/^#${MONMOD}#//" \
+ -e "s/^#${SASL}#//" \
+ -e "s/^#${ACI}#//" \
+ -e "s;@URI1@;${URI1};" \
+ -e "s;@URI2@;${URI2};" \
+ -e "s;@URI3@;${URI3};" \
+ -e "s;@URI4@;${URI4};" \
+ -e "s;@URI5@;${URI5};" \
+ -e "s;@URI6@;${URI6};" \
+ -e "s;@PORT1@;${PORT1};" \
+ -e "s;@PORT2@;${PORT2};" \
+ -e "s;@PORT3@;${PORT3};" \
+ -e "s;@PORT4@;${PORT4};" \
+ -e "s;@PORT5@;${PORT5};" \
+ -e "s;@PORT6@;${PORT6};" \
+ -e "s/@SASL_MECH@/${SASL_MECH}/" \
+ -e "s/@CACHETTL@/${CACHETTL}/" \
+ -e "s/@ENTRY_LIMIT@/${CACHE_ENTRY_LIMIT}/" \
+ -e "s;@TESTDIR@;${TESTDIR};" \
+ -e "s;@DATADIR@;${DATADIR};" \
+ -e "s;@SCHEMADIR@;${SCHEMADIR};"
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/conf.sh
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/defines.sh
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/defines.sh (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/defines.sh 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,302 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/defines.sh,v 1.107.2.19 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+MONITORDB=${AC_monitor-no}
+BACKLDAP=${AC_ldap-ldapno}
+BACKMETA=${AC_meta-metano}
+BACKRELAY=${AC_relay-relayno}
+BACKSQL=${AC_sql-sqlno}
+RDBMS=${SLAPD_USE_SQL-rdbmsno}
+RDBMSWRITE=${SLAPD_USE_SQLWRITE-no}
+ACCESSLOG=${AC_accesslog-accesslogno}
+DYNLIST=${AC_dynlist-dynlistno}
+PROXYCACHE=${AC_pcache-pcacheno}
+PPOLICY=${AC_ppolicy-ppolicyno}
+REFINT=${AC_refint-refintno}
+RETCODE=${AC_retcode-retcodeno}
+RWM=${AC_rwm-rwmno}
+SYNCPROV=${AC_syncprov-syncprovno}
+TRANSLUCENT=${AC_translucent-translucentno}
+UNIQUE=${AC_unique-uniqueno}
+VALSORT=${AC_valsort-valsortno}
+WITH_SASL=${AC_WITH_SASL-no}
+USE_SASL=${SLAPD_USE_SASL-no}
+WITHTLS=${AC_WITHTLS-yes}
+ACI=${AC_ACI_ENABLED-acino}
+THREADS=${AC_THREADS-threadsno}
+
+PROGDIR=./progs
+DATADIR=${USER_DATADIR-./testdata}
+TESTDIR=${USER_TESTDIR-./testrun}
+SCHEMADIR=${USER_SCHEMADIR-./schema}
+
+DBDIR1A=$TESTDIR/db.1.a
+DBDIR1B=$TESTDIR/db.1.b
+DBDIR1C=$TESTDIR/db.1.c
+DBDIR1=$DBDIR1A
+DBDIR2A=$TESTDIR/db.2.a
+DBDIR2B=$TESTDIR/db.2.b
+DBDIR2C=$TESTDIR/db.2.c
+DBDIR2=$DBDIR2A
+DBDIR3=$TESTDIR/db.3.a
+DBDIR4=$TESTDIR/db.4.a
+DBDIR5=$TESTDIR/db.5.a
+DBDIR6=$TESTDIR/db.6.a
+SQLCONCURRENCYDIR=$DATADIR/sql-concurrency
+
+CONF=$DATADIR/slapd.conf
+CONFTWO=$DATADIR/slapd2.conf
+MCONF=$DATADIR/slapd-master.conf
+COMPCONF=$DATADIR/slapd-component.conf
+PWCONF=$DATADIR/slapd-pw.conf
+WHOAMICONF=$DATADIR/slapd-whoami.conf
+ACLCONF=$DATADIR/slapd-acl.conf
+RCONF=$DATADIR/slapd-referrals.conf
+MASTERCONF=$DATADIR/slapd-repl-master.conf
+SRMASTERCONF=$DATADIR/slapd-syncrepl-master.conf
+DSRMASTERCONF=$DATADIR/slapd-deltasync-master.conf
+DSRSLAVECONF=$DATADIR/slapd-deltasync-slave.conf
+SLAVECONF=$DATADIR/slapd-repl-slave.conf
+PPOLICYCONF=$DATADIR/slapd-ppolicy.conf
+PROXYCACHECONF=$DATADIR/slapd-proxycache.conf
+CACHEMASTERCONF=$DATADIR/slapd-cache-master.conf
+R1SRSLAVECONF=$DATADIR/slapd-syncrepl-slave-refresh1.conf
+R2SRSLAVECONF=$DATADIR/slapd-syncrepl-slave-refresh2.conf
+P1SRSLAVECONF=$DATADIR/slapd-syncrepl-slave-persist1.conf
+P2SRSLAVECONF=$DATADIR/slapd-syncrepl-slave-persist2.conf
+P3SRSLAVECONF=$DATADIR/slapd-syncrepl-slave-persist3.conf
+REFSLAVECONF=$DATADIR/slapd-ref-slave.conf
+SCHEMACONF=$DATADIR/slapd-schema.conf
+GLUECONF=$DATADIR/slapd-glue.conf
+REFINTCONF=$DATADIR/slapd-refint.conf
+RETCODECONF=$DATADIR/slapd-retcode.conf
+UNIQUECONF=$DATADIR/slapd-unique.conf
+LIMITSCONF=$DATADIR/slapd-limits.conf
+DNCONF=$DATADIR/slapd-dn.conf
+EMPTYDNCONF=$DATADIR/slapd-emptydn.conf
+IDASSERTCONF=$DATADIR/slapd-idassert.conf
+LDAPGLUECONF1=$DATADIR/slapd-ldapglue.conf
+LDAPGLUECONF2=$DATADIR/slapd-ldapgluepeople.conf
+LDAPGLUECONF3=$DATADIR/slapd-ldapgluegroups.conf
+RELAYCONF=$DATADIR/slapd-relay.conf
+CHAINCONF1=$DATADIR/slapd-chain1.conf
+CHAINCONF2=$DATADIR/slapd-chain2.conf
+GLUESYNCCONF1=$DATADIR/slapd-glue-syncrepl1.conf
+GLUESYNCCONF2=$DATADIR/slapd-glue-syncrepl2.conf
+SQLCONF=$DATADIR/slapd-sql.conf
+SQLSRMASTERCONF=$DATADIR/slapd-sql-syncrepl-master.conf
+TRANSLUCENTLOCALCONF=$DATADIR/slapd-translucent-local.conf
+TRANSLUCENTREMOTECONF=$DATADIR/slapd-translucent-remote.conf
+METACONF=$DATADIR/slapd-meta.conf
+METACONF2=$DATADIR/slapd-meta2.conf
+GLUELDAPCONF=$DATADIR/slapd-glue-ldap.conf
+ACICONF=$DATADIR/slapd-aci.conf
+VALSORTCONF=$DATADIR/slapd-valsort.conf
+DYNLISTCONF=$DATADIR/slapd-dynlist.conf
+RSLAVECONF=$DATADIR/slapd-repl-slave-remote.conf
+PLSRSLAVECONF=$DATADIR/slapd-syncrepl-slave-persist-ldap.conf
+
+CONF1=$TESTDIR/slapd.1.conf
+CONF2=$TESTDIR/slapd.2.conf
+CONF3=$TESTDIR/slapd.3.conf
+CONF4=$TESTDIR/slapd.4.conf
+CONF5=$TESTDIR/slapd.5.conf
+CONF6=$TESTDIR/slapd.6.conf
+ADDCONF=$TESTDIR/slapadd.conf
+
+TOOLARGS="-x $LDAP_TOOLARGS"
+TOOLPROTO="-P 3"
+
+PASSWDCONF=$DATADIR/slapd-passwd.conf
+
+CLIENTDIR=../clients/tools
+#CLIENTDIR=/usr/local/bin
+
+LDIFFILTER=$SRCDIR/scripts/acfilter.sh
+CONFFILTER=$SRCDIR/scripts/conf.sh
+
+SLAPADD="../servers/slapd/slapd -Ta -d 0 $LDAP_VERBOSE"
+SLAPCAT="../servers/slapd/slapd -Tc -d 0 $LDAP_VERBOSE"
+SLAPINDEX="../servers/slapd/slapd -Ti -d 0 $LDAP_VERBOSE"
+
+unset DIFF_OPTIONS
+# NOTE: -u/-c is not that portable...
+DIFF="diff -i"
+CMP="diff -i"
+BCMP="diff -iB"
+CMPOUT=/dev/null
+SLAPD="../servers/slapd/slapd -s0"
+SLURPD=../servers/slurpd/slurpd
+LDAPPASSWD="$CLIENTDIR/ldappasswd $TOOLARGS"
+LDAPSASLSEARCH="$CLIENTDIR/ldapsearch $TOOLPROTO $LDAP_TOOLARGS -LLL"
+LDAPSEARCH="$CLIENTDIR/ldapsearch $TOOLPROTO $TOOLARGS -LLL"
+LDAPRSEARCH="$CLIENTDIR/ldapsearch $TOOLPROTO $TOOLARGS"
+LDAPDELETE="$CLIENTDIR/ldapdelete $TOOLPROTO $TOOLARGS"
+LDAPMODIFY="$CLIENTDIR/ldapmodify $TOOLPROTO $TOOLARGS"
+LDAPADD="$CLIENTDIR/ldapmodify -a $TOOLPROTO $TOOLARGS"
+LDAPMODRDN="$CLIENTDIR/ldapmodrdn $TOOLPROTO $TOOLARGS"
+LDAPWHOAMI="$CLIENTDIR/ldapwhoami $TOOLARGS"
+LDAPCOMPARE="$CLIENTDIR/ldapcompare $TOOLARGS"
+SLAPDTESTER=$PROGDIR/slapd-tester
+LVL=${SLAPD_DEBUG-261}
+LOCALHOST=localhost
+BASEPORT=${SLAPD_BASEPORT-9010}
+PORT1=`expr $BASEPORT + 1`
+PORT2=`expr $BASEPORT + 2`
+PORT3=`expr $BASEPORT + 3`
+PORT4=`expr $BASEPORT + 4`
+PORT5=`expr $BASEPORT + 5`
+PORT6=`expr $BASEPORT + 6`
+URI1="ldap://${LOCALHOST}:$PORT1/"
+URI2="ldap://${LOCALHOST}:$PORT2/"
+URI3="ldap://${LOCALHOST}:$PORT3/"
+URI4="ldap://${LOCALHOST}:$PORT4/"
+URI5="ldap://${LOCALHOST}:$PORT5/"
+URI6="ldap://${LOCALHOST}:$PORT6/"
+LDIF=$DATADIR/test.ldif
+LDIFGLUED=$DATADIR/test-glued.ldif
+LDIFORDERED=$DATADIR/test-ordered.ldif
+LDIFORDEREDCP=$DATADIR/test-ordered-cp.ldif
+LDIFORDEREDNOCP=$DATADIR/test-ordered-nocp.ldif
+LDIFBASE=$DATADIR/test-base.ldif
+LDIFPASSWD=$DATADIR/passwd.ldif
+LDIFWHOAMI=$DATADIR/test-whoami.ldif
+LDIFPASSWDOUT=$DATADIR/passwd-out.ldif
+LDIFPPOLICY=$DATADIR/ppolicy.ldif
+LDIFLANG=$DATADIR/test-lang.ldif
+LDIFLANGOUT=$DATADIR/lang-out.ldif
+LDIFREF=$DATADIR/referrals.ldif
+LDIFREFINT=$DATADIR/test-refint.ldif
+LDIFUNIQUE=$DATADIR/test-unique.ldif
+LDIFLIMITS=$DATADIR/test-limits.ldif
+LDIFDN=$DATADIR/test-dn.ldif
+LDIFEMPTYDN1=$DATADIR/test-emptydn1.ldif
+LDIFEMPTYDN2=$DATADIR/test-emptydn2.ldif
+LDIFIDASSERT1=$DATADIR/test-idassert1.ldif
+LDIFIDASSERT2=$DATADIR/test-idassert2.ldif
+LDIFLDAPGLUE1=$DATADIR/test-ldapglue.ldif
+LDIFLDAPGLUE2=$DATADIR/test-ldapgluepeople.ldif
+LDIFLDAPGLUE3=$DATADIR/test-ldapgluegroups.ldif
+LDIFCOMPMATCH=$DATADIR/test-compmatch.ldif
+LDIFCHAIN1=$DATADIR/test-chain1.ldif
+LDIFCHAIN2=$DATADIR/test-chain2.ldif
+LDIFTRANSLUCENTDATA=$DATADIR/test-translucent-data.ldif
+LDIFTRANSLUCENTCONFIG=$DATADIR/test-translucent-config.ldif
+LDIFTRANSLUCENTADD=$DATADIR/test-translucent-add.ldif
+LDIFTRANSLUCENTMERGED=$DATADIR/test-translucent-merged.ldif
+LDIFMETA=$DATADIR/test-meta.ldif
+LDIFVALSORT=$DATADIR/test-valsort.ldif
+SQLADD=$DATADIR/sql-add.ldif
+MONITOR=""
+REFDN="c=US"
+BASEDN="dc=example,dc=com"
+MANAGERDN="cn=Manager,dc=example,dc=com"
+UPDATEDN="cn=Replica,dc=example,dc=com"
+PASSWD=secret
+BABSDN="cn=Barbara Jensen,ou=Information Technology DivisioN,OU=People,dc=example,dc=com"
+BJORNSDN="cn=Bjorn Jensen,ou=Information Technology DivisioN,OU=People,dc=example,dc=com"
+JAJDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
+JOHNDDN="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+MELLIOTDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
+REFINTDN="cn=Manager,o=refint"
+RETCODEDN="ou=RetCodes,$BASEDN"
+UNIQUEDN="cn=Manager,o=unique"
+EMPTYDNDN="cn=Manager,c=US"
+TRANSLUCENTROOT="o=translucent"
+TRANSLUCENTUSER="ou=users,o=translucent"
+TRANSLUCENTDN="uid=binder,o=translucent"
+TRANSLUCENTPASSWD="bindtest"
+METABASEDN="ou=Meta,dc=example,dc=com"
+METAMANAGERDN="cn=Manager,$METABASEDN"
+VALSORTDN="cn=Manager,o=valsort"
+VALSORTBASEDN="o=valsort"
+
+LOG1=$TESTDIR/slapd.1.log
+LOG2=$TESTDIR/slapd.2.log
+LOG3=$TESTDIR/slapd.3.log
+LOG4=$TESTDIR/slapd.4.log
+LOG5=$TESTDIR/slapd.5.log
+LOG6=$TESTDIR/slapd.6.log
+SLAPADDLOG1=$TESTDIR/slapadd.1.log
+SLURPLOG=$TESTDIR/slurp.log
+
+SEARCHOUT=$TESTDIR/ldapsearch.out
+SEARCHOUT2=$TESTDIR/ldapsearch2.out
+SEARCHFLT=$TESTDIR/ldapsearch.flt
+SEARCHFLT2=$TESTDIR/ldapsearch2.flt
+LDIFFLT=$TESTDIR/ldif.flt
+TESTOUT=$TESTDIR/test.out
+INITOUT=$TESTDIR/init.out
+VALSORTOUT1=$DATADIR/valsort1.out
+VALSORTOUT2=$DATADIR/valsort2.out
+VALSORTOUT3=$DATADIR/valsort3.out
+
+SERVER1OUT=$TESTDIR/server1.out
+SERVER1FLT=$TESTDIR/server1.flt
+SERVER2OUT=$TESTDIR/server2.out
+SERVER2FLT=$TESTDIR/server2.flt
+SERVER3OUT=$TESTDIR/server3.out
+SERVER3FLT=$TESTDIR/server3.flt
+SERVER4OUT=$TESTDIR/server4.out
+SERVER4FLT=$TESTDIR/server4.flt
+SERVER5OUT=$TESTDIR/server5.out
+SERVER5FLT=$TESTDIR/server5.flt
+SERVER6OUT=$TESTDIR/server6.out
+SERVER6FLT=$TESTDIR/server6.flt
+
+MASTEROUT=$SERVER1OUT
+MASTERFLT=$SERVER1FLT
+SLAVEOUT=$SERVER2OUT
+SLAVEFLT=$SERVER2FLT
+
+PROXYCACHEOUT=$DATADIR/proxycache.out
+REFERRALOUT=$DATADIR/referrals.out
+SEARCHOUTMASTER=$DATADIR/search.out.master
+SEARCHOUTX=$DATADIR/search.out.xsearch
+COMPSEARCHOUT=$DATADIR/compsearch.out
+MODIFYOUTMASTER=$DATADIR/modify.out.master
+ADDDELOUTMASTER=$DATADIR/adddel.out.master
+MODRDNOUTMASTER0=$DATADIR/modrdn.out.master.0
+MODRDNOUTMASTER1=$DATADIR/modrdn.out.master.1
+MODRDNOUTMASTER2=$DATADIR/modrdn.out.master.2
+MODRDNOUTMASTER3=$DATADIR/modrdn.out.master.3
+ACLOUTMASTER=$DATADIR/acl.out.master
+REPLOUTMASTER=$DATADIR/repl.out.master
+MODSRCHFILTERS=$DATADIR/modify.search.filters
+CERTIFICATETLS=$DATADIR/certificate.tls
+CERTIFICATEOUT=$DATADIR/certificate.out
+DNOUT=$DATADIR/dn.out
+EMPTYDNOUT1=$DATADIR/emptydn.out.slapadd
+EMPTYDNOUT2=$DATADIR/emptydn.out
+IDASSERTOUT=$DATADIR/idassert.out
+LDAPGLUEOUT=$DATADIR/ldapglue.out
+LDAPGLUEANONYMOUSOUT=$DATADIR/ldapglueanonymous.out
+RELAYOUT=$DATADIR/relay.out
+CHAINOUT=$DATADIR/chain.out
+CHAINREFOUT=$DATADIR/chainref.out
+CHAINMODOUT=$DATADIR/chainmod.out
+GLUESYNCOUT=$DATADIR/gluesync.out
+SQLREAD=$DATADIR/sql-read.out
+SQLWRITE=$DATADIR/sql-write.out
+TRANSLUCENTOUT=$DATADIR/translucent.search.out
+METAOUT=$DATADIR/meta.out
+METACONCURRENCYOUT=$DATADIR/metaconcurrency.out
+MANAGEOUT=$DATADIR/manage.out
+SUBTREERENAMEOUT=$DATADIR/subtree-rename.out
+ACIOUT=$DATADIR/aci.out
+DYNLISTOUT=$DATADIR/dynlist.out
+
+# Just in case we linked the binaries dynamically
+LD_LIBRARY_PATH=`pwd`/../libraries:${LD_LIBRARY_PATH} export LD_LIBRARY_PATH
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/defines.sh
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/passwd-search
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/passwd-search (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/passwd-search 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,133 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/passwd-search,v 1.8.2.5 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+if test $# -eq 0 ; then
+ test -z "$SRCDIR" && SRCDIR="."
+else
+ SRCDIR=$1; shift
+fi
+if test $# -eq 1 ; then
+ BACKEND=$1; shift
+fi
+
+echo "running defines.sh $SRCDIR $BACKEND"
+. $SRCDIR/scripts/defines.sh
+
+if test -d "$TESTDIR"; then
+ echo "Cleaning up in $TESTDIR..."
+ /bin/rm -rf $TESTDIR/db.*
+fi
+mkdir -p $TESTDIR
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $PASSWDCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test ${WAIT-0} != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -L -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 1 ; then
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+ fi
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed!"
+ test "$KILLSERVERS" != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $TESTOUT
+
+echo "Testing base suffix searching..."
+$LDAPSEARCH -L -S "" -b "$BASEDN" -s base -h $LOCALHOST -p $PORT1 \
+ '(objectclass=*)' >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed!"
+ test "$KILLSERVERS" != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo " ------------ " >> $TESTOUT
+
+echo "Testing user searching..."
+$LDAPSEARCH -L -S "" -b "uid=root,$BASEDN" -s base -h $LOCALHOST -p $PORT1 \
+ '(objectclass=*)' >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed!"
+ test "$KILLSERVERS" != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo " ------------ " >> $TESTOUT
+
+echo "Testing exact searching..."
+$LDAPSEARCH -L -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(uid=root)' >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed!"
+ test "$KILLSERVERS" != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo " ------------ " >> $TESTOUT
+
+echo "Testing OR searching..."
+$LDAPSEARCH -L -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(|(objectclass=person)(cn=root))' >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed!"
+ test "$KILLSERVERS" != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo " ------------ " >> $TESTOUT
+
+echo "Testing AND searching..."
+$LDAPSEARCH -L -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(&(objectclass=person)(cn=root))' >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed!"
+ test "$KILLSERVERS" != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test "$KILLSERVERS" != no && kill -HUP $KILLPIDS
+
+echo "Assuming everything is fine."
+#echo "Comparing results"
+#$CMP $TESTOUT $SEARCHOUTMASTER
+#if test $? != 0 ; then
+# echo "Comparison failed"
+# exit 1
+#fi
+
+echo ">>>>> Test succeeded"
+
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/passwd-search
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/relay
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/relay (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/relay 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,395 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/relay,v 1.3.2.9 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "Using $RELAY backend..."
+echo ""
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $RELAYCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to populate the database..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDERED > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+BASEDN="dc=example,dc=com"
+echo "Searching base=\"$BASEDN\"..."
+echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BASEDN="o=Example,c=US"
+echo "Searching base=\"$BASEDN\"..."
+echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BASEDN="o=Esempio,c=IT"
+echo "Searching base=\"$BASEDN\"..."
+echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BASEDN="o=Beispiel,c=DE"
+echo "Searching base=\"$BASEDN\"..."
+echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+#
+# Do some modifications
+#
+
+BASEDN="o=Beispiel,c=DE"
+echo "Modifying database \"$BASEDN\"..."
+$LDAPMODIFY -v -D "cn=Manager,$BASEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ -M >> $TESTOUT 2>&1 << EOMODS
+dn: cn=Added User,ou=Alumni Association,ou=People,$BASEDN
+changetype: add
+objectClass: OpenLDAPperson
+cn: Added User
+sn: User
+uid: auser
+seealso: cn=All Staff,ou=Groups,$BASEDN
+homephone: +49 1234567890
+drink: Beer
+mail: auser at mail.alumni.example.com
+telephonenumber: +49 1234-567-890
+description: Just added in o=Beispiel,c=DE naming context
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN
+changetype: modify
+add: seeAlso
+seeAlso: cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN
+-
+add: description
+description: Just added self to seeAlso in $BASEDN virtual naming context
+-
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN
+changetype: delete
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,$BASEDN
+changetype: modrdn
+newrdn: cn=John P. Doe
+deleteoldrdn: 1
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,$BASEDN
+changetype: modrdn
+newrdn: cn=Jane Q. Doe
+deleteoldrdn: 1
+newsuperior: ou=Information Technology Division,ou=People,$BASEDN
+
+dn: cn=Jane Q. Doe,ou=Information Technology Division,ou=People,$BASEDN
+changetype: modify
+add: cn
+cn: Jane Qissapaolo Doe
+-
+# This operation (delete of DN-valued attribute) triggered ITS#3498
+delete: seeAlso
+-
+
+dn: cn=Jane Q. Doe,ou=Information Technology Division,ou=People,$BASEDN
+changetype: modify
+add: seeAlso
+seeAlso: cn=All Staff,ou=Groups,$BASEDN
+-
+
+dn: ou=Referrals,$BASEDN
+changetype: add
+objectclass: referral
+objectclass: extensibleObject
+ou: Referrals
+ref: ldap://localhost.localdomain/ou=Referrals,$BASEDN
+description: Just added as ldap://localhost.localdomain:389/ou=Referrals,$BASEDN
+
+dn: ou=Referrals,$BASEDN
+changetype: modify
+replace: ref
+ref: ldap://localhost:9012/ou=Referrals,$BASEDN
+-
+add: description
+description: ...and modified as ldap://localhost:9012/ou=Referrals,$BASEDN
+-
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "Modify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BASEDN="o=Example,c=US"
+echo "Modifying database \"$BASEDN\"..."
+$LDAPMODIFY -v -D "cn=Manager,$BASEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ -M >> $TESTOUT 2>&1 << EOMODS
+# These operations (updates with objectClass mapping) triggered ITS#3499
+dn: cn=Added Group,ou=Groups,$BASEDN
+changetype: add
+objectClass: groupOfNames
+objectClass: uidObject
+cn: Added Group
+member: cn=Added Group,ou=Groups,$BASEDN
+uid: added
+
+dn: cn=Another Added Group,ou=Groups,$BASEDN
+changetype: add
+objectClass: groupOfNames
+cn: Another Added Group
+member: cn=Added Group,ou=Groups,$BASEDN
+member: cn=Another Added Group,ou=Groups,$BASEDN
+
+dn: cn=Another Added Group,ou=Groups,$BASEDN
+changetype: modify
+add: objectClass
+objectClass: uidObject
+-
+add: uid
+uid: added
+-
+
+dn: cn=Added Group,ou=Groups,$BASEDN
+changetype: modify
+delete: objectClass
+objectClass: uidObject
+-
+delete: uid
+-
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "Modify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Searching base=\"$BASEDN\"..."
+echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BASEDN="o=Esempio,c=IT"
+echo "Searching base=\"$BASEDN\"..."
+echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(objectClass=referral)"
+echo "Searching filter=\"$FILTER\""
+echo " attrs=\"'*' ref\""
+echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT
+echo "# attrs=\"'*' ref\"" >> $SEARCHOUT
+
+BASEDN="dc=example,dc=com"
+echo " base=\"$BASEDN\"..."
+echo "# base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -M "$FILTER" '*' ref \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BASEDN="o=Example,c=US"
+echo " base=\"$BASEDN\"..."
+echo "# base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -M "$FILTER" '*' ref \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BASEDN="o=Esempio,c=IT"
+echo " base=\"$BASEDN\"..."
+echo "# base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -M "$FILTER" '*' ref \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BASEDN="o=Example,c=US"
+FILTER="(seeAlso=cn=all staff,ou=Groups,$BASEDN)"
+echo "Searching filter=\"$FILTER\""
+echo " attrs=\"seeAlso\""
+echo " base=\"$BASEDN\"..."
+echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT
+echo "# attrs=\"seeAlso\"" >> $SEARCHOUT
+echo "# base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" "$FILTER" seeAlso \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(uid=example)"
+echo "Searching filter=\"$FILTER\""
+echo " attrs=\"uid\""
+echo " base=\"$BASEDN\"..."
+echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT
+echo "# attrs=\"uid\"" >> $SEARCHOUT
+echo "# base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" "$FILTER" uid \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(member=cn=Another Added Group,ou=Groups,$BASEDN)"
+echo "Searching filter=\"$FILTER\""
+echo " attrs=\"member\""
+echo " base=\"$BASEDN\"..."
+echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT
+echo "# attrs=\"member\"" >> $SEARCHOUT
+echo "# base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" "$FILTER" member \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $RELAYOUT > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - relay search/modification didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+BASEDN="o=Example,c=US"
+echo "Changing password to database \"$BASEDN\"..."
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 -D "cn=Manager,$BASEDN" -w $PASSWD \
+ -s $PASSWD "cn=Added User,ou=Alumni Association,ou=People,$BASEDN" \
+ >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "Passwd ExOp failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BASEDN="o=Beispiel,c=DE"
+echo "Binding with newly changed password to database \"$BASEDN\"..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 \
+ -D "cn=Added User,ou=Alumni Association,ou=People,$BASEDN" \
+ -w $PASSWD >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "WhoAmI failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BASEDN="o=Esempio,c=IT"
+echo "Comparing to database \"$BASEDN\"..."
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \
+ "cn=Added User,ou=Alumni Association,ou=People,$BASEDN" \
+ "seeAlso:cn=All Staff,ou=Groups,$BASEDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 6 ; then
+ echo "Compare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/relay
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/sql-all
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/sql-all (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/sql-all 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,65 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/sql-all,v 1.2.2.4 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SHTOOL="$SRCDIR/../build/shtool"
+TB=`$SHTOOL echo -e "%B"`
+TN=`$SHTOOL echo -e "%b"`
+SLEEPTIME=10
+
+echo "#######################################################################"
+echo "### ###"
+echo "### SQL tests ###"
+echo "### ###"
+echo "#######################################################################"
+echo "###"
+echo "### SQL tests require the sql backend, a properly configured"
+echo "### ODBC and a database populated with data from the applicable"
+echo "### servers/slapd/back-sql/rdbms_depend/* files."
+echo "###"
+echo "### Set SLAPD_USE_SQL to the desired RDBMS to enable this test;"
+echo "###"
+echo "### Currently supported RDBMSes are:"
+echo "### ibmdb2, mysql, pgsql"
+echo "###"
+echo "### Set SLAPD_USE_SQLWRITE=yes to enable the write tests"
+echo "###"
+echo "### See servers/slapd/back-sql/rdbms_depend/README for more "
+echo "### details on how to set up the RDBMS and the ODBC"
+echo "###"
+
+echo ">>>>> Executing all LDAP tests for $BACKEND"
+
+for CMD in $SRCDIR/scripts/sql-test*; do
+ # remove cruft from prior test
+ if test $PRESERVE = yes ; then
+ /bin/rm -rf testrun/db.*
+ else
+ /bin/rm -rf testrun
+ fi
+
+ echo ">>>>> Starting ${TB}`basename $CMD`${TN} ..."
+ $CMD
+ RC=$?
+ if test $RC -eq 0 ; then
+ echo ">>>>> $CMD completed ${TB}OK${TN}."
+ else
+ echo ">>>>> $CMD ${TB}failed${TN} (exit $RC)"
+ exit $RC
+ fi
+
+ echo ">>>>> waiting $SLEEPTIME seconds for things to exit"
+ sleep $SLEEPTIME
+ echo ""
+done
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/sql-all
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/sql-test000-read
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/sql-test000-read (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/sql-test000-read 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,563 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/sql-test000-read,v 1.3.2.9 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $BACKSQL = "sqlno" ; then
+ echo "SQL backend not available, test skipped"
+ exit 0
+fi
+
+if test $RDBMS = "rdbmsno" ; then
+ echo "SQL test not requested, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $SQLCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+echo "Testing SQL backend read operations..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BASEDN="dc=example,dc=com"
+BINDDN="cn=Mitya Kovalev,${BASEDN}"
+BINDPW="mit"
+echo -n "Testing correct bind... "
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo -n "Testing incorrect bind (should fail)... "
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w "XXX"
+RC=$?
+if test $RC = 0 ; then
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing baseobject search..."
+echo "# Testing baseobject search..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing onelevel search..."
+echo "# Testing onelevel search..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -s one >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing subtree search..."
+echo "# Testing subtree search..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing subtree search with manageDSAit..."
+echo "# Testing subtree search with manageDSAit..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -M '*' ref >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing invalid filter..."
+echo "# Testing invalid filter..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(foo=)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing exact search..."
+echo "# Testing exact search..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(sn=Kovalev)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing substrings initial search..."
+echo "# Testing substrings initial search..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(cn=m*)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing substrings any search..."
+echo "# Testing substrings any search..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(cn=*m*)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing substrings final search..."
+echo "# Testing substrings final search..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(cn=*v)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing approx search..."
+echo "# Testing approx search..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(sn~=kovalev)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing extensible filter search..."
+echo "# Testing extensible filter search..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(sn:caseExactMatch:=Kovalev)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing search for telephoneNumber..."
+echo "# Testing search for telephoneNumber..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(telephoneNumber=3322334)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing AND search..."
+echo "# Testing AND search..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(&(sn=kovalev)(givenName=mitya))" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing AND search on objectClass..."
+echo "# Testing AND search on objectClass..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(&(objectClass=organization)(objectClass=dcObject))" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing OR search..."
+echo "# Testing OR search..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(|(sn=kovalev)(givenName=mitya))" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing OR search on objectClass..."
+echo "# Testing OR search on objectClass..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(|(objectClass=document)(objectClass=organization))" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing NOT search..."
+echo "# Testing NOT search..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ '(!(sn=kovalev))' >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing NOT search on objectClass..."
+echo "# Testing NOT search on objectClass..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ '(!(objectClass=inetOrgPerson))' >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing NOT search on \"auxiliary\" objectClass..."
+echo "# Testing NOT search on \"auxiliary\" objectClass..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ '(!(objectClass=dcObject))' >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+#### Needs work...
+echo "Testing NOT presence search... (disabled)"
+###echo "# Testing NOT presence search..." >> $SEARCHOUT
+###$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+### '(!(sn=*))' >> $SEARCHOUT 2>&1
+###
+###RC=$?
+###if test $RC != 0 ; then
+### echo "ldapsearch failed ($RC)!"
+### test $KILLSERVERS != no && kill -HUP $KILLPIDS
+### exit $RC
+###fi
+
+echo "Testing attribute inheritance in filter..."
+echo "# Testing attribute inheritance in filter..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(name=example)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# ITS#4604
+echo "Testing undefined attribute in filter..."
+echo "# Testing undefined attribute in filter..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(|(o=example)(foobar=x))" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing objectClass inheritance in filter..."
+echo "# Testing objectClass inheritance in filter..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(objectClass=person)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing \"auxiliary\" objectClass in filter..."
+echo "# Testing \"auxiliary\" objectClass in filter..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(objectClass=dcObject)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing hasSubordinates in filter..."
+echo "# Testing hasSubordinates in filter..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(hasSubordinates=TRUE)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing entryUUID in filter..."
+echo "# Testing entryUUID in filter..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(entryUUID=00000001-0000-0001-0000-000000000000)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing attribute inheritance in requested attributes..."
+echo "# Testing attribute inheritance in requested attributes..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "(sn=kovalev)" name >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing objectClass in requested attributes..."
+echo "# Testing objectClass in requested attributes..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ objectClass >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing operational attributes in request..."
+echo "# Testing operational attributes in request..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ '+' 2>&1 > $SEARCHFLT
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+grep -v '^entryCSN:' $SEARCHFLT >> $SEARCHOUT
+
+SIZELIMIT=4
+echo "Testing size limit..."
+$LDAPRSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ -z $SIZELIMIT -S "" '(objectClass=*)' >$SEARCHFLT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHFLT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" -gt "$SIZELIMIT" ; then
+ echo "...error: got $COUNT entries instead of the requested $SIZELIMIT"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ echo "...didn't bump into the requested size limit ($SIZELIMIT; got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" = "$SIZELIMIT" ; then
+ echo "...bumped into requested size limit ($SIZELIMIT)"
+ else
+ echo "...error: got $COUNT entries with a requested sizelimit of $SIZELIMIT"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo -n "Testing compare (should be TRUE)... "
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 "$BINDDN" \
+ "sn:kovalev" >> $TESTOUT 2>&1
+
+RC=$?
+case $RC in
+6)
+ echo "TRUE"
+ ;;
+5) echo "FALSE!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+*) echo "failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ ;;
+esac
+
+echo -n "Testing compare (should be FALSE)... "
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 "$BINDDN" \
+ "cn:foobar" >> $TESTOUT 2>&1
+
+RC=$?
+case $RC in
+6)
+ echo "TRUE!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+5) echo "FALSE"
+ ;;
+*) echo "failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ ;;
+esac
+
+echo -n "Testing compare (should be UNDEFINED)... "
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 "$BINDDN" \
+ "o:example" >> $TESTOUT 2>&1
+
+RC=$?
+case $RC in
+6)
+ echo "TRUE!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+5) echo "FALSE!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+*) echo "failed ($RC)"
+ ;;
+esac
+
+echo -n "Testing compare on hasSubordinates (should be TRUE)... "
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 "$BASEDN" \
+ "hasSubordinates:TRUE" >> $TESTOUT 2>&1
+
+RC=$?
+case $RC in
+6)
+ echo "TRUE"
+ ;;
+5) echo "FALSE!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+*) echo "failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ ;;
+esac
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif..."
+. $LDIFFILTER < $SQLREAD > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - SQL search didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/sql-test000-read
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/sql-test001-concurrency
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/sql-test001-concurrency (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/sql-test001-concurrency 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,127 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/sql-test001-concurrency,v 1.2.4.4 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $BACKSQL = "sqlno" ; then
+ echo "SQL backend not available, test skipped"
+ exit 0
+fi
+
+if test $RDBMS = "rdbmsno" ; then
+ echo "SQL test not requested, test skipped"
+ exit 0
+fi
+
+SQLDATADIR=$TESTDIR/sql-concurrency
+mkdir -p $TESTDIR $SQLDATADIR
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $SQLCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+echo "Testing SQL backend concurrency..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to retrieve all the entries..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $SEARCHOUT > $LDIFFLT
+
+if test "${RDBMSWRITE}" != "yes"; then
+ echo "write test disabled for ${RDBMS}; set SLAPD_USE_SQLWRITE=yes to enable"
+ cp $SQLCONCURRENCYDIR/do_read* $SQLCONCURRENCYDIR/do_search* \
+ $SQLDATADIR
+else
+ case ${RDBMS} in
+ # list here the RDBMSes whose mapping allows writes
+ pgsql|ibmdb2)
+ cp $SQLCONCURRENCYDIR/do_* $SQLDATADIR
+ ;;
+ *)
+ echo "write is not supported for ${RDBMS}; performing read-only concurrency test"
+ cp $SQLCONCURRENCYDIR/do_read* $SQLCONCURRENCYDIR/do_search* \
+ $SQLDATADIR
+ ;;
+ esac
+fi
+
+echo "Using tester for concurrent server access..."
+$SLAPDTESTER -P "$PROGDIR" -d "$SQLDATADIR" \
+ -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -l 5 -j 4
+RC=$?
+
+if test $RC != 0 ; then
+ echo "slapd-tester failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to retrieve all the entries..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - database was not created correctly"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
+
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/sql-test001-concurrency
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/sql-test900-write
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/sql-test900-write (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/sql-test900-write 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,573 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/sql-test900-write,v 1.5.2.5 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $BACKSQL = "sqlno" ; then
+ echo "SQL backend not available, test skipped"
+ exit 0
+fi
+
+if test $RDBMS = "rdbmsno" ; then
+ echo "SQL test not requested, test skipped"
+ exit 0
+fi
+
+if test "${RDBMSWRITE}" != "yes"; then
+ echo "write test disabled for ${RDBMS}; set SLAPD_USE_SQLWRITE=yes to enable"
+ exit 0
+fi
+
+mkdir -p $TESTDIR
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $SQLCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+echo "Testing SQL backend write operations..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+BASEDN="dc=example,dc=com"
+
+echo "Using ldapsearch to retrieve all the entries..."
+echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+case ${RDBMS} in
+ # list here the RDBMSes whose mapping allows writes
+pgsql|ibmdb2)
+ MANAGERDN="cn=Manager,${BASEDN}"
+ echo "Testing add..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+# Adding an organization...
+dn: o=An Org,${BASEDN}
+changetype: add
+objectClass: organization
+o: An Org
+
+# Adding an organization with an "auxiliary" objectClass..
+dn: dc=subnet,${BASEDN}
+changetype: add
+objectClass: organization
+objectClass: dcObject
+o: SubNet
+dc: subnet
+
+# Adding another organization with an "auxiliary" objectClass..
+dn: dc=subnet2,${BASEDN}
+changetype: add
+objectClass: organization
+objectClass: dcObject
+o: SubNet 2
+dc: subnet2
+
+# Adding a person...
+dn: cn=Lev Tolstoij,${BASEDN}
+changetype: add
+objectClass: inetOrgPerson
+cn: Lev Tolstoij
+sn: Tolstoij
+givenName: Lev
+telephoneNumber: +39 02 XXXX YYYY
+telephoneNumber: +39 02 XXXX ZZZZ
+userPassword: tanja
+
+# Adding a person with an "auxiliary" objectClass...
+dn: cn=Some One,${BASEDN}
+changetype: add
+objectClass: inetOrgPerson
+objectClass: simpleSecurityObject
+cn: Some One
+sn: One
+givenName: Some
+telephoneNumber: +1 800 900 1234
+telephoneNumber: +1 800 900 1235
+userPassword: someone
+
+# Adding a person in another subtree...
+dn: cn=SubNet User,dc=subnet,${BASEDN}
+changetype: add
+objectClass: inetOrgPerson
+cn: SubNet User
+sn: User
+givenName: SubNet
+
+# Adding a document...
+dn: documentTitle=War and Peace,${BASEDN}
+changetype: add
+objectClass: document
+description: Historical novel
+documentTitle: War and Peace
+documentAuthor: cn=Lev Tolstoij,dc=example,dc=com
+documentIdentifier: document 3
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve all the entries..."
+ echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Testing modify..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+# Deleting all telephone numbers...
+dn: cn=Some One,${BASEDN}
+changetype: modify
+delete: telephoneNumber
+-
+
+# Adding a telephone number...
+dn: cn=Mitya Kovalev,${BASEDN}
+changetype: modify
+add: telephoneNumber
+telephoneNumber: +1 800 123 4567
+-
+
+# Deleting a specific telephone number and adding a new one...
+dn: cn=Lev Tolstoij,${BASEDN}
+changetype: modify
+delete: telephoneNumber
+telephoneNumber: +39 02 XXXX YYYY
+-
+add: telephoneNumber
+telephoneNumber: +39 333 ZZZ 1234
+-
+
+# Adding an author to a document...
+dn: documentTitle=book1,${BASEDN}
+changetype: modify
+add: documentAuthor
+documentAuthor: cn=Lev Tolstoij,${BASEDN}
+-
+
+# Adding an author to another document...
+dn: documentTitle=book2,${BASEDN}
+changetype: modify
+add: documentAuthor
+documentAuthor: cn=Lev Tolstoij,${BASEDN}
+-
+
+# Adding an "auxiliary" objectClass...
+dn: cn=Mitya Kovalev,${BASEDN}
+changetype: modify
+add: objectClass
+objectClass: simpleSecurityObject
+-
+
+# Deleting an "auxiliary" objectClass...
+dn: cn=Some One,${BASEDN}
+changetype: modify
+delete: objectClass
+objectClass: simpleSecurityObject
+-
+
+# Deleting userPasswords
+dn: cn=Lev Tolstoij,${BASEDN}
+changetype: modify
+delete: userPassword
+-
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve all the entries..."
+ echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Testing delete..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+# Deleting a person...
+dn: cn=Torvlobnor Puzdoy,${BASEDN}
+changetype: delete
+
+# Deleting a document...
+dn: documentTitle=book1,${BASEDN}
+changetype: delete
+
+# Deleting an organization with an "auxiliary" objectClass...
+dn: dc=subnet2,${BASEDN}
+changetype: delete
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve all the entries..."
+ echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Testing rename..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+# Renaming an organization...
+dn: o=An Org,${BASEDN}
+changetype: modrdn
+newrdn: o=Renamed Org
+deleteoldrdn: 1
+
+# Moving a person to another subtree...
+dn: cn=Lev Tolstoij,${BASEDN}
+changetype: modrdn
+newrdn: cn=Lev Tolstoij
+deleteoldrdn: 0
+newsuperior: dc=subnet,${BASEDN}
+
+# Renaming a book...
+dn: documentTitle=book2,${BASEDN}
+changetype: modrdn
+newrdn: documentTitle=Renamed Book
+deleteoldrdn: 1
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve all the entries..."
+ echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Adding a child to a referral (should fail)..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: cn=Should Fail,ou=Referral,${BASEDN}
+changetype: add
+objectClass: inetOrgPerson
+cn: Should Fail
+sn: Fail
+telephoneNumber: +39 02 23456789
+EOMODS
+
+ RC=$?
+ if test $RC = 0 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+
+ echo "Modifying a referral (should fail)..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Referral,${BASEDN}
+changetype: modify
+replace: ref
+ref: ldap://localhost:9009/
+-
+EOMODS
+
+ RC=$?
+ if test $RC = 0 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+
+ echo "Renaming a referral (should fail)..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Referral,${BASEDN}
+changetype: modrdn
+newrdn: ou=Renamed Referral
+deleteoldrdn: 1
+EOMODS
+
+ RC=$?
+ if test $RC = 0 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+
+ echo "Deleting a referral (should fail)..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Referral,${BASEDN}
+changetype: delete
+EOMODS
+
+ RC=$?
+ if test $RC = 0 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+
+ echo "Adding a referral..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Another Referral,${BASEDN}
+changetype: add
+objectClass: referral
+objectClass: extensibleObject
+ou: Another Referral
+ref: ldap://localhost:9009/
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Modifying a referral with manageDSAit..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Referral,${BASEDN}
+changetype: modify
+replace: ref
+ref: ldap://localhost:9009/
+-
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve the modified entry..."
+ echo "# Using ldapsearch to retrieve the modified entry..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "ou=Referral,$BASEDN" -M \
+ "objectClass=*" '*' ref >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Renaming a referral with manageDSAit..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Referral,${BASEDN}
+changetype: modrdn
+newrdn: ou=Renamed Referral
+deleteoldrdn: 1
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve the renamed entry..."
+ echo "# Using ldapsearch to retrieve the renamed entry..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "ou=Renamed Referral,$BASEDN" -M \
+ "objectClass=*" '*' ref >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Deleting a referral with manageDSAit..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Renamed Referral,${BASEDN}
+changetype: delete
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ BINDDN="cn=Mitya Kovalev,${BASEDN}"
+ BINDPW="mit"
+ NEWPW="newsecret"
+ echo "Testing passwd change..."
+ $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -D "${BINDDN}" -w ${BINDPW} -s ${NEWPW} \
+ "$BINDDN" >> $TESTOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo -n "Testing bind with new secret... "
+ $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $NEWPW
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ BINDDN="cn=Some One,${BASEDN}"
+ BINDPW="someone"
+ echo -n "Testing bind with newly added user... "
+ $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve all the entries..."
+ echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Filtering ldapsearch results..."
+ . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+ echo "Filtering modified ldif..."
+ . $LDIFFILTER < $SQLWRITE > $LDIFFLT
+ echo "Comparing filter output..."
+ $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+ if test $? != 0 ; then
+ echo "comparison failed - SQL mods search didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+
+*)
+ echo "apparently ${RDBMS} does not support writes; skipping..."
+ ;;
+esac
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/sql-test900-write
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/sql-test901-syncrepl
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/sql-test901-syncrepl (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/sql-test901-syncrepl 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,692 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/sql-test901-syncrepl,v 1.2.2.4 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $BACKSQL = "sqlno" ; then
+ echo "SQL backend not available, test skipped"
+ exit 0
+fi
+
+if test $RDBMS = "rdbmsno" ; then
+ echo "SQL test not requested, test skipped"
+ exit 0
+fi
+
+if test "${RDBMSWRITE}" != "yes"; then
+ echo "write test disabled for ${RDBMS}; set SLAPD_USE_SQLWRITE=yes to enable"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR2A
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $SQLSRMASTERCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+echo "Testing SQL backend write operations..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting slave slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND $MONITORDB < $R1SRSLAVECONF > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVEPID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+
+echo "Using ldapsearch to check that slave slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+echo "Using ldapsearch to retrieve all the entries from the master..."
+echo "# Using ldapsearch to retrieve all the entries from the master..." \
+ >> $SEARCHOUT
+$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ -D "$MANAGERDN" -w $PASSWD \
+ "(!(objectClass=referral))" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT2
+
+echo "Using ldapsearch to retrieve all the entries from the slave..."
+echo "# Using ldapsearch to retrieve all the entries from the slave..." \
+ >> $SEARCHOUT2
+$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT2 -b "$BASEDN" \
+ -D "$UPDATEDN" -w $PASSWD \
+ "(objectClass=*)" >> $SEARCHOUT2 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results from master..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering ldapsearch results from slave..."
+. $LDIFFILTER < $SEARCHOUT2 > $SEARCHFLT2
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $SEARCHFLT2 > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+cat /dev/null > $SEARCHOUT
+
+echo "Using ldapsearch to retrieve all the entries..."
+echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+case ${RDBMS} in
+ # list here the RDBMSes whose mapping allows writes
+pgsql|ibmdb2)
+ MANAGERDN="cn=Manager,${BASEDN}"
+ echo "Testing add..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+# Adding an organization...
+dn: o=An Org,${BASEDN}
+changetype: add
+objectClass: organization
+o: An Org
+
+# Adding an organization with an "auxiliary" objectClass..
+dn: dc=subnet,${BASEDN}
+changetype: add
+objectClass: organization
+objectClass: dcObject
+o: SubNet
+dc: subnet
+
+# Adding another organization with an "auxiliary" objectClass..
+dn: dc=subnet2,${BASEDN}
+changetype: add
+objectClass: organization
+objectClass: dcObject
+o: SubNet 2
+dc: subnet2
+
+# Adding a person...
+dn: cn=Lev Tolstoij,${BASEDN}
+changetype: add
+objectClass: inetOrgPerson
+cn: Lev Tolstoij
+sn: Tolstoij
+givenName: Lev
+telephoneNumber: +39 02 XXXX YYYY
+telephoneNumber: +39 02 XXXX ZZZZ
+userPassword: tanja
+
+# Adding a person with an "auxiliary" objectClass...
+dn: cn=Some One,${BASEDN}
+changetype: add
+objectClass: inetOrgPerson
+objectClass: simpleSecurityObject
+cn: Some One
+sn: One
+givenName: Some
+telephoneNumber: +1 800 900 1234
+telephoneNumber: +1 800 900 1235
+userPassword: someone
+
+# Adding a person in another subtree...
+dn: cn=SubNet User,dc=subnet,${BASEDN}
+changetype: add
+objectClass: inetOrgPerson
+cn: SubNet User
+sn: User
+givenName: SubNet
+
+# Adding a document...
+dn: documentTitle=War and Peace,${BASEDN}
+changetype: add
+objectClass: document
+description: Historical novel
+documentTitle: War and Peace
+documentAuthor: cn=Lev Tolstoij,dc=example,dc=com
+documentIdentifier: document 3
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve all the entries..."
+ echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Testing modify..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+# Deleting all telephone numbers...
+dn: cn=Some One,${BASEDN}
+changetype: modify
+delete: telephoneNumber
+-
+
+# Adding a telephone number...
+dn: cn=Mitya Kovalev,${BASEDN}
+changetype: modify
+add: telephoneNumber
+telephoneNumber: +1 800 123 4567
+-
+
+# Deleting a specific telephone number and adding a new one...
+dn: cn=Lev Tolstoij,${BASEDN}
+changetype: modify
+delete: telephoneNumber
+telephoneNumber: +39 02 XXXX YYYY
+-
+add: telephoneNumber
+telephoneNumber: +39 333 ZZZ 1234
+-
+
+# Adding an author to a document...
+dn: documentTitle=book1,${BASEDN}
+changetype: modify
+add: documentAuthor
+documentAuthor: cn=Lev Tolstoij,${BASEDN}
+-
+
+# Adding an author to another document...
+dn: documentTitle=book2,${BASEDN}
+changetype: modify
+add: documentAuthor
+documentAuthor: cn=Lev Tolstoij,${BASEDN}
+-
+
+# Adding an "auxiliary" objectClass...
+dn: cn=Mitya Kovalev,${BASEDN}
+changetype: modify
+add: objectClass
+objectClass: simpleSecurityObject
+-
+
+# Deleting an "auxiliary" objectClass...
+dn: cn=Some One,${BASEDN}
+changetype: modify
+delete: objectClass
+objectClass: simpleSecurityObject
+-
+
+# Deleting userPasswords
+dn: cn=Lev Tolstoij,${BASEDN}
+changetype: modify
+delete: userPassword
+-
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve all the entries..."
+ echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Testing delete..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+# Deleting a person...
+dn: cn=Torvlobnor Puzdoy,${BASEDN}
+changetype: delete
+
+# Deleting a document...
+dn: documentTitle=book1,${BASEDN}
+changetype: delete
+
+# Deleting an organization with an "auxiliary" objectClass...
+dn: dc=subnet2,${BASEDN}
+changetype: delete
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve all the entries..."
+ echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Testing rename..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+# Renaming an organization...
+dn: o=An Org,${BASEDN}
+changetype: modrdn
+newrdn: o=Renamed Org
+deleteoldrdn: 1
+
+# Moving a person to another subtree...
+dn: cn=Lev Tolstoij,${BASEDN}
+changetype: modrdn
+newrdn: cn=Lev Tolstoij
+deleteoldrdn: 0
+newsuperior: dc=subnet,${BASEDN}
+
+# Renaming a book...
+dn: documentTitle=book2,${BASEDN}
+changetype: modrdn
+newrdn: documentTitle=Renamed Book
+deleteoldrdn: 1
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve all the entries..."
+ echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Adding a child to a referral (should fail)..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: cn=Should Fail,ou=Referral,${BASEDN}
+changetype: add
+objectClass: inetOrgPerson
+cn: Should Fail
+sn: Fail
+telephoneNumber: +39 02 23456789
+EOMODS
+
+ RC=$?
+ if test $RC = 0 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+
+ echo "Modifying a referral (should fail)..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Referral,${BASEDN}
+changetype: modify
+replace: ref
+ref: ldap://localhost:9009/
+-
+EOMODS
+
+ RC=$?
+ if test $RC = 0 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+
+ echo "Renaming a referral (should fail)..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Referral,${BASEDN}
+changetype: modrdn
+newrdn: ou=Renamed Referral
+deleteoldrdn: 1
+EOMODS
+
+ RC=$?
+ if test $RC = 0 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+
+ echo "Deleting a referral (should fail)..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Referral,${BASEDN}
+changetype: delete
+EOMODS
+
+ RC=$?
+ if test $RC = 0 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+
+ echo "Adding a referral..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Another Referral,${BASEDN}
+changetype: add
+objectClass: referral
+objectClass: extensibleObject
+ou: Another Referral
+ref: ldap://localhost:9009/
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Modifying a referral with manageDSAit..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Referral,${BASEDN}
+changetype: modify
+replace: ref
+ref: ldap://localhost:9009/
+-
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve the modified entry..."
+ echo "# Using ldapsearch to retrieve the modified entry..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "ou=Referral,$BASEDN" -M \
+ "objectClass=*" '*' ref >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Renaming a referral with manageDSAit..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Referral,${BASEDN}
+changetype: modrdn
+newrdn: ou=Renamed Referral
+deleteoldrdn: 1
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve the renamed entry..."
+ echo "# Using ldapsearch to retrieve the renamed entry..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "ou=Renamed Referral,$BASEDN" -M \
+ "objectClass=*" '*' ref >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Deleting a referral with manageDSAit..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Renamed Referral,${BASEDN}
+changetype: delete
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ BINDDN="cn=Mitya Kovalev,${BASEDN}"
+ BINDPW="mit"
+ NEWPW="newsecret"
+ echo "Testing passwd change..."
+ $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -D "${BINDDN}" -w ${BINDPW} -s ${NEWPW} \
+ "$BINDDN" >> $TESTOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo -n "Testing bind with new secret... "
+ $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $NEWPW
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ BINDDN="cn=Some One,${BASEDN}"
+ BINDPW="someone"
+ echo -n "Testing bind with newly added user... "
+ $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve all the entries..."
+ echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Filtering ldapsearch results..."
+ . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+ echo "Filtering modified ldif..."
+ . $LDIFFILTER < $SQLWRITE > $LDIFFLT
+ echo "Comparing filter output..."
+ $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+ if test $? != 0 ; then
+ echo "comparison failed - SQL mods search didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+
+ echo "Waiting 25 seconds for master to send changes..."
+ sleep 25
+
+ cat /dev/null > $SEARCHOUT
+
+ echo "Using ldapsearch to retrieve all the entries from the master..."
+ echo "# Using ldapsearch to retrieve all the entries from the master..." \
+ >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ -D "$MANAGERDN" -w $PASSWD \
+ "(!(objectClass=referral))" >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ cat /dev/null > $SEARCHOUT2
+
+ echo "Using ldapsearch to retrieve all the entries from the slave..."
+ echo "# Using ldapsearch to retrieve all the entries from the slave..." \
+ >> $SEARCHOUT2
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT2 -b "$BASEDN" \
+ -D "$UPDATEDN" -w $PASSWD \
+ "(objectClass=*)" >> $SEARCHOUT2 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Filtering ldapsearch results from master..."
+ . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+ echo "Filtering ldapsearch results from slave..."
+ . $LDIFFILTER < $SEARCHOUT2 > $SEARCHFLT2
+ echo "Comparing filter output..."
+ $CMP $SEARCHFLT $SEARCHFLT2 > $CMPOUT
+
+ if test $? != 0 ; then
+ echo "Comparison failed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+
+*)
+ echo "apparently ${RDBMS} does not support writes; skipping..."
+ ;;
+esac
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/sql-test901-syncrepl
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/start-server
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/start-server (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/start-server 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,63 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/start-server,v 1.3.2.3 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONF > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $CONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+
+echo "Using ldapsearch to retrieve all the entries..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC = 1 ; then
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+ fi
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - database was not created correctly"
+ exit 1
+fi
+
+echo ">>>>> Server1 (pid=$PID) started"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/start-server
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/start-server-nolog
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/start-server-nolog (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/start-server-nolog 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,63 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/start-server-nolog,v 1.3.2.3 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONF > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $CONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >> /dev/null 2>&1 &
+PID=$!
+
+echo "Using ldapsearch to retrieve all the entries..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC = 1 ; then
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+ fi
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - database was not created correctly"
+ exit 1
+fi
+
+echo ">>>>> Server1 (pid=$PID) started"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/start-server-nolog
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/start-server2
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/start-server2 (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/start-server2 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,42 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/start-server2,v 1.3.2.3 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR2
+
+echo "Starting slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+PID=$!
+
+echo "Using ldapsearch to retrieve all the entries..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -S "" -b "" -s base -h $LOCALHOST -p $PORT2 > $SERVER2OUT 2>&1
+ RC=$?
+ if test $RC = 1 ; then
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+ fi
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+echo ">>>>> Server2 (pid=$PID) started"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/start-server2
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/start-server2-nolog
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/start-server2-nolog (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/start-server2-nolog 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,42 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/start-server2-nolog,v 1.3.2.3 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR2
+
+echo "Starting slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > /dev/null 2>&1 &
+PID=$!
+
+echo "Using ldapsearch to retrieve all the entries..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -S "" -b "" -s base -h $LOCALHOST -p $PORT2 > $SERVER2OUT 2>&1
+ RC=$?
+ if test $RC = 1 ; then
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+ fi
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+echo ">>>>> Server2 (pid=$PID) started"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/start-server2-nolog
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/startup_nis_ldap_server.sh
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/startup_nis_ldap_server.sh (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/startup_nis_ldap_server.sh 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,56 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/startup_nis_ldap_server.sh,v 1.12.2.3 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+if [ $# -eq 0 ]; then
+ SRCDIR="."
+else
+ SRCDIR=$1; shift
+fi
+if [ $# -eq 1 ]; then
+ BDB2=$1; shift
+fi
+
+. $SRCDIR/scripts/defines.sh $SRCDIR $BDB2
+
+# Sample NIS database in LDIF format
+NIS_LDIF=$SRCDIR/data/nis_sample.ldif
+
+# Sample configuration file for your LDAP server
+if test "$BACKEND" = "bdb2" ; then
+ NIS_CONF=$DATADIR/slapd-bdb2-nis-master.conf
+else
+ NIS_CONF=$DATADIR/slapd-nis-master.conf
+fi
+
+echo "Cleaning up in $DBDIR..."
+
+rm -f $DBDIR/[!C]*
+
+echo "Running slapadd to build slapd database..."
+$SLAPADD -f $NIS_CONF -l $NIS_LDIF
+RC=$?
+if [ $RC != 0 ]; then
+ echo "slapadd failed!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT..."
+$SLAPD -f $NIS_CONF -p $PORT -d $LVL $TIMING > $MASTERLOG 2>&1 &
+PID=$!
+
+echo ">>>>> LDAP server with NIS schema is up! PID=$PID"
+
+
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/startup_nis_ldap_server.sh
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test000-rootdse
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test000-rootdse (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test000-rootdse 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,84 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test000-rootdse,v 1.22.2.6 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $SCHEMACONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to retrieve the root DSE..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -b "" -s base -h $LOCALHOST -p $PORT1 \
+ '+extensibleObject' > $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC = 0 ; then
+ echo "Using ldapsearch to retrieve the cn=Subschema..."
+ $LDAPSEARCH -b "cn=Subschema" -s base -h $LOCALHOST -p $PORT1 \
+ '(&(objectClasses=top)(objectClasses=2.5.6.0))' cn objectClass \
+ >> $SEARCHOUT 2>&1
+ RC=$?
+
+fi
+
+count=2
+if test $RC = 0 ; then
+ case $MONITORDB in yes | mod)
+ count=3
+ echo "Using ldapsearch to retrieve the cn=Monitor..."
+ $LDAPSEARCH -b "cn=Monitor" -s base -h $LOCALHOST -p $PORT1 \
+ '+extensibleObject' >> $SEARCHOUT 2>&1
+ RC=$?
+ ;;
+ esac
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+cat $SEARCHOUT
+
+
+if test $RC != 0 ; then
+ echo ">>>>> Test failed"
+else
+ RC=`grep '^dn:' $SEARCHOUT | wc -l`
+ if test $RC != $count ; then
+ echo ">>>>> Test failed: expected $count entries, got" $RC
+ RC=1
+ else
+ echo ">>>>> Test succeeded"
+ RC=0
+ fi
+fi
+
+exit $RC
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test000-rootdse
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test001-slapadd
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test001-slapadd (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test001-slapadd 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,75 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test001-slapadd,v 1.39.2.5 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to retrieve all the entries..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - database was not created correctly"
+ echo $SEARCHFLT $LDIFFLT
+ $DIFF $SEARCHFLT $LDIFFLT
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test001-slapadd
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test002-populate
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test002-populate (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test002-populate 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,80 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test002-populate,v 1.36.2.5 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Using ldapadd to populate the database..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDERED > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > $SEARCHOUT 2>&1
+RC=$?
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - database was not created correctly"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test002-populate
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test003-search
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test003-search (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test003-search 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,148 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test003-search,v 1.57.2.4 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $MCONF > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+$SLAPINDEX -f $CONF1
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+echo "Testing exact searching..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing approximate searching..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(sn~=jENSEN)' name >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing OR searching..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(|(givenname=Xx*yY*Z)(cn=)(undef=*)(objectclass=groupofnames)(sn=jones)(member=cn=Manager,dc=example,dc=com)(uniqueMember=cn=Manager,dc=example,dc=com))' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing AND matching and ends-with searching..."
+$LDAPSEARCH -S "" -b "ou=groups,$BASEDN" -s one -h $LOCALHOST -p $PORT1 \
+ '(&(objectclass=groupofnames)(cn=A*)(member=cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com))' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing NOT searching..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(!(objectclass=pilotPerson))' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing objectClass/attributeType inheritance ..."
+$LDAPSEARCH -M -a never -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(&(objectClass=inetorgperson)(userid=uham))' \
+ "2.5.4.0" "userid" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=$SEARCHOUTMASTER
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test003-search
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test004-modify
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test004-modify (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test004-modify 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,231 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test004-modify,v 1.53.2.6 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+$SLAPADD -f $CONF1 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd modify operations..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing modify, add, and delete..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+version: 1
+
+# LEADING COMMENT AND WHITE SPACE
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+# EMBEDDED COMMENT
+changetype: modify
+add: drink
+drink: Pils
+-
+add: drink
+drink: Orange Juice
+-
+delete: drink
+drink: Pils
+-
+delete: sn
+sn: Jones
+-
+add: sn
+sn: Jones
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+changetype: modify
+# EMBEDDED COMMENT
+ CONTINUED
+replace: description
+description: The replaced multiLineDescription $ Blah Woof.
+-
+replace: drink
+drink: Iced Tea
+drink: Mad Dog 20/20
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+delete: uniquemember
+uniquemember: cn=James A Jones 2,ou=Information Technology Division,
+ ou=People,dc=example,dc=com
+uniquemember: cn=Bjorn Jensen,ou=Information Technology Division,
+ ou=People,dc=example,dc=com
+-
+add: uniquemember
+uniquemember: cn=Dorothy Stevens,ou=Alumni Association,
+ ou=People,dc=example,dc=com
+uniquemember: cn=James A Jones 1,ou=Alumni Association,
+ ou=People,dc=example,dc=com
+-
+add: objectClass
+objectClass: OpenLDAPdisplayableObject
+objectClass: pkiUser
+objectClass: userSecurityInformation
+-
+delete: objectClass
+objectClass: userSecurityInformation
+objectClass: pkiUser
+objectClass: OpenLDAPdisplayableObject
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+delete: member
+-
+add: member
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+-
+delete: description
+-
+add: objectClass
+objectClass: OpenLDAPdisplayableObject
+objectClass: pkiUser
+objectClass: userSecurityInformation
+-
+delete: objectClass
+objectClass: OpenLDAPdisplayableObject
+objectClass: pkiUser
+objectClass: userSecurityInformation
+
+dn: cn=Gern Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+changetype: add
+objectclass: testPerson
+cn: Gern Jensen
+sn: Jensen
+uid: gjensen
+title: Chief Investigator, ITD
+postaladdress: ITD $ 535 W. William St $ Anytown, MI 48103
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Coffee
+homepostaladdress: 844 Brown St. Apt. 4 $ Anytown, MI 48104
+description: Very odd
+facsimiletelephonenumber: +1 313 555 7557
+telephonenumber: +1 313 555 8343
+mail: gjensen at mailgw.example.com
+homephone: +1 313 555 8844
+testTime: 20050304001801.234Z
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com
+changetype: delete
+# TRAILING COMMENT AND WHITE SPACE
+
+dn: ou=People,dc=example,dc=com
+changetype: modify
+increment: uidNumber
+uidNumber: 1
+-
+increment: gidNumber
+gidNumber: -1
+
+dn: dc=example,dc=com
+changetype: modify
+# EMPTY SEQUENCE OF CHANGE
+
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapmodify to add an empty entry (should fail with protocolError)..."
+$LDAPMODIFY -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOMODS
+dn: cn=Foo Bar,dc=example,dc=com
+changetype: add
+# EMPTY SEQUENCE OF ATTRS
+EOMODS
+
+RC=$?
+case $RC in
+2)
+ echo " ldapmodify failed ($RC)"
+ ;;
+0)
+ echo " ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo " ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Using ldapsearch to retrieve all the entries..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'objectClass=*' > $SEARCHOUT 2>&1
+RC=$?
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+LDIF=$MODIFYOUTMASTER
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - modify operations did not complete correctly"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test004-modify
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test005-modrdn
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test005-modrdn (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test005-modrdn 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,239 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test005-modrdn,v 1.41.2.7 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+$SLAPADD -f $CONF1 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd modrdn operations..."
+
+# Make sure we can search the database
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'objectClass=*' > $INITOUT 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# -r used to do remove of old rdn
+
+echo "Testing modrdn(deleteoldrdn=0)..."
+$LDAPMODRDN -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 'cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com' 'cn=James A Jones III'
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodrdn failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing modrdn(deleteoldrdn=1)..."
+$LDAPMODRDN -D "$MANAGERDN" -r -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
+ $TESTOUT 2>&1 'cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example, dc=com' 'cn=James A Jones II'
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodrdn failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Ensure the new rdn's can be found
+
+echo "Using ldapsearch to retrieve entries using new rdn (cn=James A Jones III)..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'cn=James A Jones III' > $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+LDIF=$MODRDNOUTMASTER1
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - modrdn operations did not complete correctly"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+
+echo "Using ldapsearch to retrieve entries using new rdn (cn=James A Jones II)..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'cn=James A Jones II' > $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+LDIF=$MODRDNOUTMASTER2
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - modrdn operations did not complete correctly"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+# Ensure that you cannot find the entry for which the rdn was deleted as
+# an attribute.
+
+echo "Using ldapsearch to retrieve entries using removed rdn (cn=James A Jones 2)..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'cn=James A Jones 2' > $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+$CMP $SEARCHOUT - < /dev/null > $CMPOUT
+if test $? != 0 ; then
+ echo "failure: ldapsearch found attribute that was to be removed!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Using ldapsearch to retrieve all the entries..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'objectClass=*' > $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+LDIF=$MODRDNOUTMASTER0
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - modrdn operations did not complete correctly"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+# Test that you can use modrdn with an attribute value which was previously
+# present
+
+echo "Testing modrdn(deleteoldrdn=1), modrdn with new rdn already an att val..."
+$LDAPMODRDN -D "$MANAGERDN" -r -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ /dev/null 2>&1 'cn=James A Jones III, ou=Alumni Association, ou=People, dc=example, dc=com' 'cn=James A Jones 1'
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodrdn failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to retrieve entries using new rdn (cn=James A Jones 1)..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'cn=James A Jones 1' > $SEARCHOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+LDIF=$MODRDNOUTMASTER3
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - modrdn operations did not complete correctly"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing modrdn with newSuperior as child of target "
+$LDAPMODRDN -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 -s 'cn=Sub1, ou=FooBar, cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com' \
+ 'cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com' 'cn=James A Jones 1'
+
+RC=$?
+if test $RC -eq 0 ; then
+ echo "ldapmodrdn succeeded, should have failed!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test005-modrdn
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test006-acls
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test006-acls (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test006-acls 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,438 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test006-acls,v 1.47.2.7 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+case "$BACKEND" in
+bdb|hdb|ldbm)
+ ;;
+*)
+ echo "Test does not support $BACKEND backend"
+ exit 0
+esac
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $ACLCONF > $CONF1
+$SLAPADD -f $CONF1 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd access control..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+echo "# Try to read an entry inside the Alumni Association container.
+# It should give us noSuchObject if we're not bound..." \
+>> $SEARCHOUT
+# FIXME: temporarily remove the "No such object" message to make
+# the test succeed even if SLAP_ACL_HONOR_DISCLOSE is not #define'd
+$LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT1 "(objectclass=*)" \
+ 2>&1 | grep -v "^No such object" >> $SEARCHOUT
+
+echo "# ... and should return all attributes if we're bound as anyone
+# under Example." \
+>> $SEARCHOUT
+$LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT1 \
+ -D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1
+
+# check selfwrite access (ITS#4587). 6 attempts are made:
+# 1) delete someone else (should fail)
+# 2) delete self (should succeed)
+# 3) add someone else (should fail)
+# 4) add someone else and self (should fail)
+# 5) add self and someone else (should fail)
+# 6) add self (should succeed)
+#
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+delete: member
+member: $BABSDN
+EOMODS
+RC=$?
+case $RC in
+50)
+ ;;
+0)
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+delete: member
+member: $JAJDN
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+add: member
+member: cn=Foo,ou=Bar
+EOMODS
+RC=$?
+case $RC in
+50)
+ ;;
+0)
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+add: member
+member: cn=Foo,ou=Bar
+member: $JAJDN
+EOMODS
+RC=$?
+case $RC in
+50)
+ ;;
+0)
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+add: member
+member: $JAJDN
+member: cn=Foo,ou=Bar
+EOMODS
+RC=$?
+case $RC in
+50)
+ ;;
+0)
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+add: member
+member: $JAJDN
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+#
+# Check group access. Try to modify Babs' entry. Two attempts:
+# 1) bound as "James A Jones 1" - should fail
+# 2) bound as "Bjorn Jensen" - should succeed
+
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+ $TESTOUT 2>&1 << EOMODS5
+dn: $BABSDN
+changetype: modify
+replace: drink
+drink: wine
+
+EOMODS5
+
+
+$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \
+ $TESTOUT 2>&1 << EOMODS6
+dn: $BABSDN
+changetype: modify
+add: homephone
+homephone: +1 313 555 5444
+
+EOMODS6
+
+#
+# Try to add a "member" attribute to the "ITD Staff" group. It should
+# fail when we add some DN other than our own, and should succeed when
+# we add our own DN.
+# bjensen
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj > \
+ $TESTOUT 2>&1 << EOMODS1
+version: 1
+dn: cn=ITD Staff, ou=Groups, dc=example, dc=com
+changetype: modify
+add: uniquemember
+uniquemember: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+
+EOMODS1
+
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+ $TESTOUT 2>&1 << EOMODS2
+version: 1
+
+dn: cn=ITD Staff, ou=Groups, dc=example, dc=com
+changetype: modify
+add: uniquemember
+uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
+EOMODS2
+
+#
+# Try to modify the "ITD Staff" group. Two attempts are made:
+# 1) bound as "James A Jones 1" - should fail
+# 2) bound as "Bjorn Jensen" - should succeed
+#
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+ $TESTOUT 2>&1 << EOMODS3
+
+dn: cn=ITD Staff, ou=Groups, dc=example, dc=com
+changetype: modify
+delete: description
+
+EOMODS3
+
+$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \
+ $TESTOUT 2>&1 << EOMODS4
+# COMMENT
+version: 1
+# comment
+dn: cn=ITD Staff, ou=Groups, dc=example, dc=com
+# comment
+changetype: modify
+# comment
+add: ou
+# comment
+ou: Groups
+# comment
+EOMODS4
+
+#
+# Try to modify the "ITD Staff" group. Two attempts are made:
+# 1) bound as "James A Jones 1" - should succeed
+# 2) bound as "Barbara Jensen" - should fail
+# should exploit sets
+#
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+ $TESTOUT 2>&1 << EOMODS5
+dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com
+changetype: modify
+add: description
+description: added by jaj (should succeed)
+-
+EOMODS5
+
+$LDAPMODIFY -D "$BABSDN" -h $LOCALHOST -p $PORT1 -w bjensen >> \
+ $TESTOUT 2>&1 << EOMODS6
+dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com
+changetype: modify
+add: description
+description: added by bjensen (should fail)
+-
+EOMODS6
+
+$LDAPMODIFY -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
+ $TESTOUT 2>&1 << EOMODS7
+dn: ou=Add & Delete,dc=example,dc=com
+changetype: add
+objectClass: organizationalUnit
+ou: Add & Delete
+EOMODS7
+
+$LDAPMODIFY -D "$BABSDN" -h $LOCALHOST -p $PORT1 -w bjensen >> \
+ $TESTOUT 2>&1 << EOMODS8
+dn: cn=Added by Babs (must fail),ou=Add & Delete,dc=example,dc=com
+changetype: add
+objectClass: inetOrgPerson
+cn: Added by Babs (must fail)
+sn: None
+EOMODS8
+
+$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \
+ $TESTOUT 2>&1 << EOMODS9
+dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com
+changetype: add
+objectClass: inetOrgPerson
+cn: Added by Bjorn (must succeed)
+sn: None
+
+dn: cn=Added by Bjorn (will be deleted),ou=Add & Delete,dc=example,dc=com
+changetype: add
+objectClass: inetOrgPerson
+cn: Added by Bjorn (will be deleted)
+sn: None
+
+dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com
+changetype: add
+objectClass: inetOrgPerson
+cn: Added by Bjorn (will be renamed)
+sn: None
+
+dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com
+changetype: modify
+add: description
+description: this attribute value has been added __after__entry creation
+description: this attribute value will be deleted by Babs (must succeed)
+description: Bjorn will try to delete this attribute value (should fail)
+-
+EOMODS9
+
+$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \
+ $TESTOUT 2>&1 << EOMODS10
+dn: cn=Added by Bjorn (will be deleted),ou=Add & Delete,dc=example,dc=com
+changetype: delete
+EOMODS10
+
+$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \
+ $TESTOUT 2>&1 << EOMODS11
+dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com
+changetype: modrdn
+newrdn: cn=Added by Bjorn (renamed by Bjorn)
+deleteoldrdn: 1
+EOMODS11
+
+$LDAPMODIFY -D "$BABSDN" -h $LOCALHOST -p $PORT1 -w bjensen >> \
+ $TESTOUT 2>&1 << EOMODS12
+dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com
+changetype: modrdn
+newrdn: cn=Added by Bjorn (renamed by Babs)
+deleteoldrdn: 1
+EOMODS12
+
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+ $TESTOUT 2>&1 << EOMODS13
+dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com
+changetype: modrdn
+newrdn: cn=Added by Bjorn (renamed by Jaj)
+deleteoldrdn: 1
+EOMODS13
+
+$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \
+ $TESTOUT 2>&1 << EOMODS14
+dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com
+changetype: modify
+delete: description
+description: Bjorn will try to delete this attribute value (should fail)
+-
+EOMODS14
+
+$LDAPMODIFY -D "$BABSDN" -h $LOCALHOST -p $PORT1 -w bjensen >> \
+ $TESTOUT 2>&1 << EOMODS15
+dn: cn=Added by Bjorn (will be deleted),ou=Add & Delete,dc=example,dc=com
+changetype: delete
+
+dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com
+changetype: modify
+delete: description
+description: this attribute value will be deleted by Babs (must succeed)
+-
+EOMODS15
+
+echo "Using ldapsearch to retrieve all the entries..."
+echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'objectClass=*' >> $SEARCHOUT 2>&1
+RC=$?
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+LDIF=$ACLOUTMASTER
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - operations did not complete correctly"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test006-acls
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test007-replication
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test007-replication (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test007-replication 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,345 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test007-replication,v 1.58.2.5 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test ! -x $SLURPD ; then
+ echo ">>>>> $SLURPD is not executable or does not exist."
+ echo ">>>>> Test skipped."
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR2
+
+#
+# Test replication:
+# - start master (slapd1)
+# - start slave (slapd2)
+# - start slurpd
+# - populate over ldap
+# - perform some modifies and deleted
+# - attempt to modify the slave (referral or chain)
+# - retrieve database over ldap and compare against expected results
+#
+
+echo "Starting master slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $MASTERCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+echo "Starting slave slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND $MONITORDB < $SLAVECONF > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVEPID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that master slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Using ldapsearch to check that slave slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Starting slurpd..."
+$SLURPD -f $CONF1 -d ${SLURPD_DEBUG-5} -t $DBDIR1B > $SLURPLOG 2>&1 &
+SLURPPID=$!
+if test $WAIT != 0 ; then
+ echo SLURPPID $SLURPPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLURPPID"
+
+echo "Using ldapadd to populate the master directory..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDERED > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Waiting 15 seconds for slurpd to send changes..."
+sleep 15
+
+echo "Using ldapmodify to modify master directory..."
+
+#
+# Do some modifications
+#
+
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
+changetype: modify
+add: drink
+drink: Orange Juice
+-
+delete: sn
+sn: Jones
+-
+add: sn
+sn: Jones
+
+dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example, dc=com
+changetype: modify
+replace: drink
+drink: Iced Tea
+drink: Mad Dog 20/20
+
+dn: cn=ITD Staff,ou=Groups,dc=example, dc=com
+changetype: modify
+delete: uniqueMember
+uniqueMember: cn=James A Jones 2, ou=Information Technology Division,
+ ou=People, dc=example, dc=com
+uniqueMember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example, dc=com
+-
+add: uniqueMember
+uniqueMember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, dc=example, dc=com
+uniqueMember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
+
+dn: cn=All Staff,ou=Groups,dc=example, dc=com
+changetype: modify
+delete: description
+
+dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example, dc=com
+changetype: add
+objectclass: OpenLDAPperson
+cn: Gern Jensen
+sn: Jensen
+uid: gjensen
+title: Chief Investigator, ITD
+postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103
+seealso: cn=All Staff, ou=Groups, dc=example, dc=com
+drink: Coffee
+homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104
+description: Very odd
+facsimiletelephonenumber: +1 313 555 7557
+telephonenumber: +1 313 555 8343
+mail: gjensen at mailgw.example.com
+homephone: +1 313 555 8844
+
+dn: ou=Retired, ou=People, dc=example, dc=com
+changetype: add
+objectclass: organizationalUnit
+ou: Retired
+
+dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example, dc=com
+changetype: add
+objectclass: OpenLDAPperson
+cn: Rosco P. Coltrane
+sn: Coltrane
+uid: rosco
+
+dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example, dc=com
+changetype: modrdn
+newrdn: cn=Rosco P. Coltrane
+deleteoldrdn: 1
+newsuperior: ou=Retired, ou=People, dc=example, dc=com
+
+dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example, dc=com
+changetype: delete
+
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Waiting 15 seconds for slurpd to send changes..."
+sleep 15
+
+echo "Stopping the slave..."
+kill -HUP $SLAVEPID
+KILLPIDS="$PID $SLURPPID"
+
+echo "Waiting 5 seconds for slave slapd to die..."
+sleep 5
+
+echo "Applying more changes to the master slapd..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
+changetype: modify
+add: description
+description: This change was applied after killing the slave slapd...
+
+EOMODS
+
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+echo "Stopping slurpd..."
+kill -HUP $SLURPPID
+KILLPIDS="$PID"
+
+echo "Waiting 5 seconds for slurpd to die..."
+sleep 5
+
+echo "Applying more changes to the master slapd..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
+changetype: modify
+add: description
+description: This change was applied after killing slurpd...
+
+EOMODS
+
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Restarting slave slapd on TCP/IP port $PORT2..."
+echo "RESTART" >> $LOG2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING >> $LOG2 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVEPID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slave slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Restarting slurpd..."
+echo "RESTART" >> $SLURPLOG
+$SLURPD -f $CONF1 -d ${SLURPD_DEBUG-5} -t $DBDIR1B >> $SLURPLOG 2>&1 &
+SLURPPID=$!
+if test $WAIT != 0 ; then
+ echo SLURPPID $SLURPPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLURPPID"
+
+echo "Waiting 15 seconds for slurpd to send changes..."
+sleep 15
+
+if test ! $BACKLDAP = "ldapno" ; then
+ echo "Try updating the slave slapd..."
+ $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
+changetype: modify
+add: description
+description: This write must fail because directed to a shadow context,
+description: unless the chain overlay is configured appropriately ;)
+
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Waiting 15 seconds for slurpd to send changes..."
+ sleep 15
+fi
+
+echo "Using ldapsearch to read all the entries from the master..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > $MASTEROUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries from the slave..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > $SLAVEOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo "Filtering master results..."
+. $LDIFFILTER < $MASTEROUT > $MASTERFLT
+echo "Filtering slave results..."
+. $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
+
+echo "Comparing retrieved entries from master and slave..."
+$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - master and slave databases differ"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test007-replication
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test008-concurrency
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test008-concurrency (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test008-concurrency 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,89 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test008-concurrency,v 1.34.2.6 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+$SLAPADD -f $CONF1 -l $LDIFORDERED -d -1 2> $SLAPADDLOG1
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Using tester for concurrent server access..."
+time $SLAPDTESTER -P "$PROGDIR" -d "$DATADIR" -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -l 50
+#$SLAPDTESTER -P "$PROGDIR" -d "$DATADIR" -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -l 50
+RC=$?
+
+if test $RC != 0 ; then
+ echo "slapd-tester failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to retrieve all the entries..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'objectClass=*' > $SEARCHOUT 2>&1
+RC=$?
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - database was not created correctly"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test008-concurrency
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test009-referral
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test009-referral (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test009-referral 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,166 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test009-referral,v 1.33.2.5 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+#
+# Test default referral
+#
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+$SLAPADD -f $CONF1 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting master slapd on TCP/IP port $PORT1..."
+$SLAPD -n master -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+
+echo "Starting slave slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND $MONITORDB < $REFSLAVECONF > $CONF2
+$SLAPD -n slave -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVEPID $SLAVEPID
+ read foo
+fi
+
+KILLPIDS="$PID $SLAVEPID"
+
+sleep 1
+
+echo "Testing for master slapd..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for master slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing for slave slapd..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slave slapd to start..."
+ sleep 5
+done
+
+cat /dev/null > $SEARCHOUT
+
+echo "Testing exact searching..."
+$LDAPSEARCH -C -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ 'sn=jensen' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing approximate searching..."
+$LDAPSEARCH -C -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ '(sn=jENSEN)' name >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing OR searching..."
+$LDAPSEARCH -C -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ '(|(objectclass=groupofnames)(objectClass=groupofuniquenames)(sn=jones))' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing AND matching and ends-with searching..."
+$LDAPSEARCH -C -S "" -b "ou=groups,$BASEDN" -s one -h $LOCALHOST -p $PORT2 \
+ '(&(objectclass=groupofnames)(cn=A*))' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing NOT searching..."
+$LDAPSEARCH -C -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ '(!(objectclass=pilotPerson))' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing objectClass/attributeType inheritance ..."
+$LDAPSEARCH -M -a never -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(&(objectClass=inetorgperson)(userid=uham))' \
+ "2.5.4.0" "userid" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=$SEARCHOUTMASTER
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test009-referral
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test010-passwd
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test010-passwd (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test010-passwd 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,186 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test010-passwd,v 1.18.2.7 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $PWCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Using ldapadd to populate the database..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFPASSWD > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo > $SEARCHOUT
+echo > $TESTOUT
+
+echo "Using ldapsearch to verify population ..."
+echo "++ Initial search" >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 \
+ -D "$MANAGERDN" -w $PASSWD \
+ -b "$BASEDN" \
+ 'objectclass=*' >> $SEARCHOUT 2>&1
+
+echo "Using ldappasswd to test a few error conditions ..."
+echo "Pass 0" >> $TESTOUT
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w secret -a "" -s newsecret \
+ -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+ echo "ldappasswd unexpectantly passed ($RC)! old empty"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w secret -a oldsecret -s "" \
+ -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+ echo "ldappasswd unexpectantly passed ($RC)! new empty"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w secret -a oldsecret -s newsecret \
+ -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+ echo "ldappasswd unexpectantly passed ($RC)! wrong old"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Using ldappasswd (PASS 1) ..."
+echo "Pass 1" >> $TESTOUT
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w secret -s newsecret \
+ -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w $PASSWD -s newsecret \
+ -D "$MANAGERDN" "cn=smd5, $BASEDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w secret -s newsecret \
+ -D "cn=sha, $BASEDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w secret -s newsecret \
+ -D "cn=ssha, $BASEDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "" >> $TESTOUT
+echo "Pass 2" >> $TESTOUT
+echo "Using ldappasswd (PASS 2) ..."
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w newsecret \
+ -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w newsecret \
+ -D "cn=smd5, $BASEDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w newsecret \
+ -D "cn=sha, $BASEDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w newsecret \
+ -D "cn=ssha, $BASEDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Logging end state with ldapsearch..."
+echo "" >> $TESTOUT
+echo "++ End search" >> $TESTOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 \
+ -D "$MANAGERDN" -w $PASSWD \
+ -b "$BASEDN" \
+ 'objectclass=*' >> $TESTOUT 2>&1
+
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test010-passwd
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test011-glue-slapadd
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test011-glue-slapadd (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test011-glue-slapadd 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,93 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test011-glue-slapadd,v 1.5.2.6 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR1C
+
+echo "Running slapadd to build glued slapd databases..."
+. $CONFFILTER $BACKEND $MONITORDB < $GLUECONF > $CONF1
+$SLAPADD -d $LVL -f $CONF1 -l $LDIFORDERED > $SLAPADDLOG1 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to retrieve all the entries..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIFGLUED > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - database was not created correctly"
+ echo $SEARCHFLT $LDIFFLT
+ $DIFF $SEARCHFLT $LDIFFLT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing sizelimit..."
+$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 -s one -z 2 > $SEARCHOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+ echo "sizelimit not detected at end of search."
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 -z 9 objectclass=OpenLDAPPerson > $SEARCHOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+ echo "sizelimit not detected at middle of search."
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test011-glue-slapadd
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test012-glue-populate
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test012-glue-populate (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test012-glue-populate 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,80 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test012-glue-populate,v 1.4.2.5 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR1C
+
+echo "Starting slapd on TCP/IP port $PORT..."
+. $CONFFILTER $BACKEND $MONITORDB < $GLUECONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Using ldapadd to populate the glued database..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDERED > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries..."
+$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > $SEARCHOUT 2>&1
+RC=$?
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIFGLUED > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - database was not created correctly"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test012-glue-populate
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test013-language
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test013-language (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test013-language 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,114 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test013-language,v 1.12.2.4 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Using ldapadd to populate the database..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFLANG > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -s base \
+ '(&)' > $SEARCHOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read name ..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -s base \
+ '(&)' 'name' >> $SEARCHOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read name language tag ..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -s base \
+ '(&)' 'name;lang-en-US' >> $SEARCHOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read name language range ..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -s base \
+ '(&)' 'name;lang-en-' >> $SEARCHOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering language ldif ..."
+. $LDIFFILTER < $LDIFLANGOUT > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - language test failed!"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test013-language
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test014-whoami
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test014-whoami (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test014-whoami 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,465 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test014-whoami,v 1.17.2.7 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFWHOAMI
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT..."
+. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Testing ldapwhoami as anonymous..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing ldapwhoami as ${MANAGERDN}..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing ldapwhoami as ${MANAGERDN} for anonymous..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
+ -e \!authzid=""
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing ldapwhoami as ${MANAGERDN} for dn:$BABSDN..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
+ -e \!authzid="dn:$BABSDN"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing ldapwhoami as ${MANAGERDN} for u:uham..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
+ -e \!authzid="u:uham"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# authzFrom: someone else => bjorn
+echo "Testing authzFrom..."
+
+BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjensen
+AUTHZID="u:bjorn"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
+BINDPW=melliot
+AUTHZID="u:bjorn"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com"
+BINDPW=jen
+AUTHZID="u:bjorn"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=jjones
+AUTHZID="u:bjorn"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=No One,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=noone
+AUTHZID="u:bjorn"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com"
+BINDPW=dots
+AUTHZID="u:bjorn"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
+BINDPW=jaj
+AUTHZID="u:bjorn"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=ITD Staff,ou=Groups,dc=example,dc=com"
+BINDPW=ITD
+AUTHZID="u:bjorn"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=Should Fail,dc=example,dc=com"
+BINDPW=fail
+AUTHZID="u:bjorn"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+case $RC in
+1)
+ ;;
+0)
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+BINDDN="cn=Must Fail,dc=example,dc=com"
+BINDPW=fail
+AUTHZID="u:bjorn"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+case $RC in
+1)
+ ;;
+0)
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+# authzTo: bjorn => someone else
+echo "Testing authzTo..."
+
+BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjorn
+AUTHZID="u:bjensen"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjorn
+AUTHZID="u:melliot"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjorn
+AUTHZID="u:jdoe"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjorn
+AUTHZID="u:jjones"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjorn
+AUTHZID="u:noone"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjorn
+AUTHZID="u:dots"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjorn
+AUTHZID="u:jaj"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjorn
+AUTHZID="u:group/itd staff"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjorn
+AUTHZID="u:fail"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+case $RC in
+1)
+ ;;
+0)
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjorn
+AUTHZID="dn:cn=Should Fail,dc=example,dc=com"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+case $RC in
+1)
+ ;;
+0)
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjorn
+AUTHZID="dn:"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 1 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="dc=example,dc=com"
+BINDPW=example
+AUTHZID="dn:"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID}\"\" (dn.exact; should succeed)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
+
+## Note to developers: when SLAPD_DEBUG=-1 the command
+## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' $TESTDIR/slapd.1.log
+## must return the sequence 1 2 3 4 5 6 7 8 9 9 1 2 3 4 5 6 7 8 9 9 9 1
+## to indicate that the authzFrom and authzTo rules applied in the right order.
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test014-whoami
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test015-xsearch
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test015-xsearch (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test015-xsearch 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,238 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test015-xsearch,v 1.17.2.6 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $MCONF > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+$SLAPINDEX -f $CONF1
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+echo "Testing exact searching..."
+echo "# Testing exact searching..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(sn:=jensen)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing approximate searching..."
+echo "# Testing approximate searching..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(sn~=jensen)' name >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing OR searching..."
+echo "# Testing OR searching..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(|(givenName=XX*YY*Z)(cn=)(undef=*)(objectclass=groupofnames)(objectclass=groupofuniquenames)(sn:caseExactMatch:=Jones))' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing AND matching and ends-with searching..."
+echo "# Testing AND matching and ends-with searching..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "ou=groups,$BASEDN" -s one -h $LOCALHOST -p $PORT1 \
+ '(&(|(objectclass=groupofnames)(objectclass=groupofuniquenames))(cn=A*))' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing NOT searching..."
+echo "# Testing NOT searching..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(!(objectclass=pilotPerson))' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing objectClass/attributeType inheritance ..."
+echo "# Testing objectClass/attributeType inheritance ..." >> $SEARCHOUT
+$LDAPSEARCH -M -a never -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(&(objectClass=inetorgperson)(userid=uham))' \
+ "2.5.4.0" "userid" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing extended RFC2254 searching:"
+echo "# Testing extended RFC2254 searching:" >> $SEARCHOUT
+
+FILTER="(:dn:caseIgnoreIA5Match:=example)"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(:dn:caseExactMatch:=Information Technology Division)"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(name:dn:=whatever)"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "" -s base -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing values return filter searching:"
+echo "# Testing values return filter searching:" >> $SEARCHOUT
+
+FILTER="(o=Example, Inc.)"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ -E '!mv='"$FILTER" "$FILTER" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(dc=example)"
+VRFILTER="((o:caseExactMatch:=Example, Inc.)(dc=example))"
+echo " f=$FILTER mv=$VRFILTER ..."
+echo "# f=$FILTER mv=$VRFILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ -E '!mv='"$VRFILTER" "$FILTER" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(attributeTypes=0.9.2342.19200300.100.1.25)"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "cn=Subschema" -s "base" -h $LOCALHOST -p $PORT1 \
+ -E '!mv='"$FILTER" "$FILTER" "attributeTypes" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=$SEARCHOUTMASTER
+LDIF2=$SEARCHOUTX
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+. $LDIFFILTER < $LDIF2 >> $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test015-xsearch
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test016-subref
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test016-subref (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test016-subref 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,193 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test016-subref,v 1.7.2.5 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+RCODE=10
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $RCONF > $CONF1
+$SLAPADD -f $CONF1 -l $LDIFREF
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+echo "Testing ManageDsaIT searching at $REFDN..."
+$LDAPRSEARCH -S "" -MM -b "$REFDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=referral)' '*' ref >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing ManageDsaIT searching at referral object..."
+$LDAPRSEARCH -S "" -MM -b "o=abc,$REFDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=referral)' '*' ref >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing ManageDsaIT searching below referral object..."
+$LDAPRSEARCH -S "" -MM -b "uid=xxx,o=abc,$REFDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=referral)' '*' ref >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != $RCODE ; then
+ echo "ldapsearch: unexpected result ($RC)! (referral expected)"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+XREFDN="$REFDN"
+echo "Testing base searching at $XREFDN..."
+$LDAPRSEARCH -S "" -s base -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing one-level searching at $XREFDN..."
+$LDAPRSEARCH -S "" -s one -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing subtree searching at $XREFDN..."
+$LDAPRSEARCH -S "" -s sub -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+XREFDN="o=abc,$REFDN"
+echo "Testing base searching at $XREFDN..."
+$LDAPRSEARCH -S "" -s base -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != $RCODE ; then
+ echo "ldapsearch: unexpected result ($RC)! (referral expected)"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing one-level searching at $XREFDN..."
+$LDAPRSEARCH -S "" -s one -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != $RCODE ; then
+ echo "ldapsearch: unexpected result ($RC)! (referral expected)"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing subtree searching at $XREFDN..."
+$LDAPRSEARCH -S "" -s sub -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != $RCODE ; then
+ echo "ldapsearch: unexpected result ($RC)! (referral expected)"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+XREFDN="uid=xxx,o=abc,$REFDN"
+echo "Testing base searching at $XREFDN..."
+$LDAPRSEARCH -S "" -s base -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != $RCODE ; then
+ echo "ldapsearch: unexpected result ($RC)! (referral expected)"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing one-level searching at $XREFDN..."
+$LDAPRSEARCH -S "" -s one -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != $RCODE ; then
+ echo "ldapsearch: unexpected result ($RC)! (referral expected)"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing subtree searching at $XREFDN..."
+$LDAPRSEARCH -S "" -s sub -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != $RCODE ; then
+ echo "ldapsearch: unexpected result ($RC)! (referral expected)"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=$SEARCHOUTMASTER
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected LDIF for comparison..."
+. $LDIFFILTER < $REFERRALOUT > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test016-subref
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test017-syncreplication-refresh
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test017-syncreplication-refresh (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test017-syncreplication-refresh 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,266 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test017-syncreplication-refresh,v 1.24.2.4 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $SYNCPROV = syncprovno; then
+ echo "Syncrepl provider overlay not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+#
+# Test replication:
+# - start master
+# - start slave
+# - populate over ldap
+# - perform some modifies and deleted
+# - attempt to modify the slave (referral)
+# - retrieve database over ldap and compare against expected results
+#
+
+echo "Starting master slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $SRMASTERCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that master slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to create the context prefix entry in the master..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDEREDCP > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting slave slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND $MONITORDB < $R1SRSLAVECONF > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVEPID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slave slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to populate the master directory..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDEREDNOCP > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Waiting 15 seconds for syncrepl to receive changes..."
+sleep 15
+
+echo "Using ldapmodify to modify master directory..."
+
+#
+# Do some modifications
+#
+
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com
+changetype: modify
+add: drink
+drink: Orange Juice
+-
+delete: sn
+sn: Jones
+-
+add: sn
+sn: Jones
+
+dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: modify
+replace: drink
+drink: Iced Tea
+drink: Mad Dog 20/20
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+delete: uniquemember
+uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com
+uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+-
+add: uniquemember
+uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, dc=example,dc=com
+uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+delete: description
+
+dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+cn: Gern Jensen
+sn: Jensen
+uid: gjensen
+title: Chief Investigator, ITD
+postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103
+seealso: cn=All Staff, ou=Groups, dc=example,dc=com
+drink: Coffee
+homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104
+description: Very odd
+facsimiletelephonenumber: +1 313 555 7557
+telephonenumber: +1 313 555 8343
+mail: gjensen at mailgw.example.com
+homephone: +1 313 555 8844
+
+dn: ou=Retired, ou=People, dc=example,dc=com
+changetype: add
+objectclass: organizationalUnit
+ou: Retired
+
+dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+cn: Rosco P. Coltrane
+sn: Coltrane
+uid: rosco
+
+dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: modrdn
+newrdn: cn=Rosco P. Coltrane
+deleteoldrdn: 1
+newsuperior: ou=Retired, ou=People, dc=example,dc=com
+
+dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: delete
+
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Waiting 15 seconds for syncrepl to receive changes..."
+sleep 15
+
+echo "Try updating the slave slapd..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
+changetype: modify
+add: description
+description: This write must fail because directed to a shadow context,
+description: unless the chain overlay is configured appropriately ;)
+
+EOMODS
+
+RC=$?
+
+# expect 10 (LDAP_REFERRAL)...
+if test $RC != 10 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries from the master..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > $MASTEROUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries from the slave..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > $SLAVEOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at slave ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo "Filtering master results..."
+. $LDIFFILTER < $MASTEROUT > $MASTERFLT
+echo "Filtering slave results..."
+. $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
+
+echo "Comparing retrieved entries from master and slave..."
+$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - master and slave databases differ"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test017-syncreplication-refresh
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test018-syncreplication-persist
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test018-syncreplication-persist (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test018-syncreplication-persist 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,343 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test018-syncreplication-persist,v 1.25.2.6 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+if test "$BACKEND" != "bdb" && test "$BACKEND" != "hdb" ; then
+ echo "Test does not support $BACKEND"
+ exit 0
+fi
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $SYNCPROV = syncprovno; then
+ echo "Syncrepl provider overlay not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR4
+
+#
+# Test replication:
+# - start master
+# - start slave
+# - populate over ldap
+# - perform some modifies and deleted
+# - attempt to modify the slave (referral or chain)
+# - retrieve database over ldap and compare against expected results
+#
+
+echo "Starting master slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $SRMASTERCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that master slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to create the context prefix entry in the master..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDEREDCP > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting slave slapd on TCP/IP port $PORT4..."
+. $CONFFILTER $BACKEND $MONITORDB < $P1SRSLAVECONF > $CONF4
+$SLAPD -f $CONF4 -h $URI4 -d $LVL $TIMING > $LOG4 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVEPID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slave slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT4 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to populate the master directory..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDEREDNOCP > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Waiting 15 seconds for syncrepl to receive changes..."
+sleep 15
+
+echo "Stopping the provider, sleeping 10 seconds and restarting it..."
+kill -HUP "$PID"
+sleep 10
+echo "RESTART" >> $LOG1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID $SLAVEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that master slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapmodify to modify master directory..."
+
+#
+# Do some modifications
+#
+
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com
+changetype: modify
+add: drink
+drink: Orange Juice
+-
+delete: sn
+sn: Jones
+-
+add: sn
+sn: Jones
+
+dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: modify
+replace: drink
+drink: Iced Tea
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+delete: uniquemember
+uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com
+uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+-
+add: uniquemember
+uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, dc=example,dc=com
+uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+delete: description
+
+dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+cn: Gern Jensen
+sn: Jensen
+uid: gjensen
+title: Chief Investigator, ITD
+postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103
+seealso: cn=All Staff, ou=Groups, dc=example,dc=com
+drink: Coffee
+homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104
+description: Very odd
+facsimiletelephonenumber: +1 313 555 7557
+telephonenumber: +1 313 555 8343
+mail: gjensen at mailgw.example.com
+homephone: +1 313 555 8844
+
+dn: ou=Retired, ou=People, dc=example,dc=com
+changetype: add
+objectclass: organizationalUnit
+ou: Retired
+
+dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+cn: Rosco P. Coltrane
+sn: Coltrane
+uid: rosco
+description: Fat tycoon
+
+dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: modrdn
+newrdn: cn=Rosco P. Coltrane
+deleteoldrdn: 1
+newsuperior: ou=Retired, ou=People, dc=example,dc=com
+
+dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: delete
+
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Waiting 15 seconds for syncrepl to receive changes..."
+sleep 15
+
+echo "Stopping consumer to test recovery..."
+kill -HUP $SLAVEPID
+sleep 10
+
+echo "Modifying more entries on the master..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=Rosco P. Coltrane, ou=Retired, ou=People, dc=example,dc=com
+changetype: delete
+
+dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: modify
+add: drink
+drink: Mad Dog 20/20
+
+dn: cn=Rosco P. Coltrane, ou=Retired, ou=People, dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+sn: Coltrane
+uid: rosco
+cn: Rosco P. Coltrane
+
+EOMODS
+
+echo "Restarting consumer..."
+echo "RESTART" >> $LOG4
+$SLAPD -f $CONF4 -h $URI4 -d $LVL $TIMING >> $LOG4 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVEPID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$PID $SLAVEPID"
+
+echo "Waiting 25 seconds for syncrepl to receive changes..."
+sleep 25
+
+if test ! $BACKLDAP = "ldapno" ; then
+ echo "Try updating the slave slapd..."
+ $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT4 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
+changetype: modify
+add: description
+description: This write must fail because directed to a shadow context,
+description: unless the chain overlay is configured appropriately ;)
+
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Waiting 15 seconds for syncrepl to receive changes..."
+ sleep 15
+fi
+
+echo "Using ldapsearch to read all the entries from the master..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > $MASTEROUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries from the slave..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT4 \
+ 'objectclass=*' > $SLAVEOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at slave ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo "Filtering master results..."
+. $LDIFFILTER < $MASTEROUT > $MASTERFLT
+echo "Filtering slave results..."
+. $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
+
+echo "Comparing retrieved entries from master and slave..."
+$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - master and slave databases differ"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test018-syncreplication-persist
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test019-syncreplication-cascade
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test019-syncreplication-cascade (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test019-syncreplication-cascade 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,454 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test019-syncreplication-cascade,v 1.13.2.6 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+if test "$BACKEND" != "bdb" && test "$BACKEND" != "hdb" ; then
+ echo "Test does not support $BACKEND"
+ exit 0
+fi
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $SYNCPROV = syncprovno; then
+ echo "Syncrepl provider overlay not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2 $DBDIR3 $DBDIR4 $DBDIR5 $DBDIR6
+
+#
+# Test replication:
+# - start master
+# - start slave
+# - populate over ldap
+# - perform some modifies and deleted
+# - retrieve database over ldap and compare against expected results
+#
+
+echo "Starting master slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $SRMASTERCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that master slapd (pid=$PID) is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to create the context prefix entry in the master..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDEREDCP > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting R1 slave slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND $MONITORDB < $R1SRSLAVECONF > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVE R1 PID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that R1 slave slapd (pid=$SLAVEPID) is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for R1 slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting R2 slave slapd on TCP/IP port $PORT3..."
+. $CONFFILTER $BACKEND $MONITORDB < $R2SRSLAVECONF > $CONF3
+$SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVE R2 PID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that R2 slave slapd (pid=$SLAVEPID) is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT3 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for R2 slave slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting P1 slave slapd on TCP/IP port $PORT4..."
+. $CONFFILTER $BACKEND $MONITORDB < $P1SRSLAVECONF > $CONF4
+$SLAPD -f $CONF4 -h $URI4 -d $LVL $TIMING > $LOG4 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVE P1 PID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that P1 slave slapd (pid=$SLAVEPID) is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT4 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for P1 slave slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting P2 slave slapd on TCP/IP port $PORT5..."
+. $CONFFILTER $BACKEND $MONITORDB < $P2SRSLAVECONF > $CONF5
+$SLAPD -f $CONF5 -h $URI5 -d $LVL $TIMING > $LOG5 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVE P2 PID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that P2 slave slapd (pid=$SLAVEPID) is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT5 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for P2 slave slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting P3 slave slapd on TCP/IP port $PORT6..."
+. $CONFFILTER $BACKEND $MONITORDB < $P3SRSLAVECONF > $CONF6
+$SLAPD -f $CONF6 -h $URI6 -d $LVL $TIMING > $LOG6 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVE P3 PID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that P3 slave slapd (pid=$SLAVEPID) is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT6 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for P3 slave slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to populate the master directory..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDEREDNOCP > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Waiting 25 seconds for syncrepl to receive changes..."
+sleep 25
+
+echo "Using ldapmodify to modify master directory..."
+
+#
+# Do some modifications
+#
+
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com
+changetype: modify
+add: drink
+drink: Orange Juice
+-
+delete: sn
+sn: Jones
+-
+add: sn
+sn: Jones
+
+dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: modify
+replace: drink
+drink: Iced Tea
+drink: Mad Dog 20/20
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+delete: uniquemember
+uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com
+uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+-
+add: uniquemember
+uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, dc=example,dc=com
+uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+delete: description
+
+dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+cn: Gern Jensen
+sn: Jensen
+uid: gjensen
+title: Chief Investigator, ITD
+postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103
+seealso: cn=All Staff, ou=Groups, dc=example,dc=com
+drink: Coffee
+homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104
+description: Very odd
+facsimiletelephonenumber: +1 313 555 7557
+telephonenumber: +1 313 555 8343
+mail: gjensen at mailgw.example.com
+homephone: +1 313 555 8844
+
+dn: ou=Retired, ou=People, dc=example,dc=com
+changetype: add
+objectclass: organizationalUnit
+ou: Retired
+
+dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+cn: Rosco P. Coltrane
+sn: Coltrane
+uid: rosco
+
+dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: modrdn
+newrdn: cn=Rosco P. Coltrane
+deleteoldrdn: 1
+newsuperior: ou=Retired, ou=People, dc=example,dc=com
+
+dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: delete
+
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Waiting 25 seconds for syncrepl to receive changes..."
+sleep 25
+
+echo "Using ldapsearch to read all the entries from the master..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > $MASTEROUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries from the R1 slave..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > $SERVER2OUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at R1 slave ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries from the R2 slave..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT3 \
+ 'objectclass=*' > $SERVER3OUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at R2 slave ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries from the P1 slave..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT4 \
+ 'objectclass=*' > $SERVER4OUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at P1 slave ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries from the P2 slave..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT5 \
+ 'objectclass=*' > $SERVER5OUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at P2 slave ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries from the P3 slave..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT6 \
+ 'objectclass=*' > $SERVER6OUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at P3 slave ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo "Filtering master ldapsearch results..."
+. $LDIFFILTER < $MASTEROUT > $MASTERFLT
+echo "Filtering R1 slave ldapsearch results..."
+. $LDIFFILTER < $SERVER2OUT > $SERVER2FLT
+echo "Filtering R2 slave ldapsearch results..."
+. $LDIFFILTER < $SERVER3OUT > $SERVER3FLT
+echo "Filtering P1 slave ldapsearch results..."
+. $LDIFFILTER < $SERVER4OUT > $SERVER4FLT
+echo "Filtering P2 slave ldapsearch results..."
+. $LDIFFILTER < $SERVER5OUT > $SERVER5FLT
+echo "Filtering P3 slave ldapsearch results..."
+. $LDIFFILTER < $SERVER6OUT > $SERVER6FLT
+
+echo "Comparing retrieved entries from master and R1 slave..."
+$CMP $MASTERFLT $SERVER2FLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - master and R1 slave databases differ"
+ exit 1
+fi
+
+echo "Comparing retrieved entries from master and R2 slave..."
+$CMP $MASTERFLT $SERVER3FLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - master and R2 slave databases differ"
+ exit 1
+fi
+
+echo "Comparing retrieved entries from master and P1 slave..."
+$CMP $MASTERFLT $SERVER4FLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - master and P1 slave databases differ"
+ exit 1
+fi
+
+echo "Comparing retrieved entries from master and P2 slave..."
+$CMP $MASTERFLT $SERVER5FLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - master and P2 slave databases differ"
+ exit 1
+fi
+
+echo "Comparing retrieved entries from master and P3 slave..."
+$CMP $MASTERFLT $SERVER6FLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - master and P3 slave databases differ"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test019-syncreplication-cascade
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test020-proxycache
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test020-proxycache (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test020-proxycache 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,310 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test020-proxycache,v 1.11.2.14 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+CACHETTL="1m"
+CACHE_ENTRY_LIMIT=10
+
+. $SRCDIR/scripts/defines.sh
+
+if test $PROXYCACHE = pcacheno; then
+ echo "Proxy cache overlay not available, test skipped"
+ exit 0
+fi
+
+if test $BACKLDAP = "ldapno" ; then
+ echo "LDAP backend not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+# Test proxy caching:
+# - start master
+# - start proxy cache
+# - populate master
+# - perform first set of searches at the proxy
+# - verify cacheability
+# - perform second set of searches at the proxy
+# - verify answerability
+
+echo "Starting master slapd on TCP/IP port $PORT1..."
+. $CONFFILTER < $CACHEMASTERCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that master slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to populate the master directory..."
+$LDAPADD -x -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDERED > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting proxy cache on TCP/IP port $PORT2..."
+. $CONFFILTER < $PROXYCACHECONF > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL -d pcache > $LOG2 2>&1 &
+CACHEPID=$!
+if test $WAIT != 0 ; then
+ echo CACHEPID $CACHEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $CACHEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that proxy slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SLAVEOUT
+
+echo "Making queries on the proxy cache..."
+echo "Query 1: filter:(sn=Jon) attrs: all"
+echo "# Query 1: filter:(sn=Jon) attrs: all" >> $SLAVEOUT
+$LDAPSEARCH -x -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ 'sn=Jon' >> $SLAVEOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# ITS#4491, if debug messages are unavailable, we can't verify the tests.
+grep "query template" $LOG2 > /dev/null
+RC=$?
+if test $RC != 0 ; then
+ echo "Debug messages unavailable, test aborted..."
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
+ exit 0
+fi
+
+echo "Query 2: filter:(|(cn=*Jon*)(sn=Jon*)) attrs:cn sn title uid"
+echo "# Query 2: filter:(|(cn=*Jon*)(sn=Jon*)) attrs:cn sn title uid" >> $SLAVEOUT
+$LDAPSEARCH -x -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ '(|(cn=*Jon*)(sn=Jon*))' cn sn title uid >> $SLAVEOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Query 3: filter:(sn=Smith*) attrs:cn sn uid"
+echo "# Query 3: filter:(sn=Smith*) attrs:cn sn uid" >> $SLAVEOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ 'sn=Smith*' cn sn uid >> $SLAVEOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Query 4: filter:(sn=Doe*) attrs:cn sn title uid"
+echo "# Query 4: filter:(sn=Doe*) attrs:cn sn title uid" >> $SLAVEOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ 'sn=Doe' cn sn title uid >> $SLAVEOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Query 5: filter:(uid=bjorn) attrs:mail postaladdress telephonenumber cn uid"
+echo "# Query 5: filter:(uid=bjorn) attrs:mail postaladdress telephonenumber cn uid" >> $SLAVEOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ 'uid=bjorn' mail postaladdress telephonenumber cn uid >> $SLAVEOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Query 6: filter:(mail=*@mail.alumni.example.com) cn sn title uid"
+echo "# Query 6: filter:(mail=*@mail.alumni.example.com) cn sn title uid" >> $SLAVEOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ 'mail=*@mail.alumni.example.com' cn sn title uid >> $SLAVEOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Query 7: filter:(mail=*) cn sn title uid"
+echo "# Query 7: filter:(mail=*) cn sn title uid" >> $SLAVEOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ 'mail=*' cn sn title uid >> $SLAVEOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# queries 2-6 are cacheable
+CACHEABILITY=0111110
+grep CACHEABLE $LOG2 | awk '{
+ if ($2 == "NOT")
+ printf "Query %d not cacheable\n",NR
+ else
+ printf "Query %d cacheable\n",NR
+ }'
+CACHED=`grep CACHEABLE $LOG2 | awk '{
+ if ($2 == "NOT")
+ printf "0"
+ else
+ printf "1"
+ }'`
+
+if test "$CACHEABILITY" = "$CACHED" ; then
+ echo "Successfully verified cacheability"
+else
+ echo "Error in verifying cacheability"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Query 8: filter:(|(cn=*Jones)(sn=Jones)) attrs:cn sn title uid"
+echo "# Query 8: filter:(|(cn=*Jones)(sn=Jones)) attrs:cn sn title uid" >> $SLAVEOUT
+$LDAPSEARCH -x -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ '(|(cn=*Jones)(sn=Jones))' cn sn title uid >> $SLAVEOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Query 9: filter:(sn=Smith) attrs:cn sn title uid"
+echo "# Query 9: filter:(sn=Smith) attrs:cn sn title uid" >> $SLAVEOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ 'sn=Smith' cn sn title uid >> $SLAVEOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Query 10: filter:(uid=bjorn) attrs:mail postaladdress telephonenumber cn uid"
+echo "# Query 10: filter:(uid=bjorn) attrs:mail postaladdress telephonenumber cn uid" >> $SLAVEOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ 'uid=bjorn' mail postaladdress telephonenumber cn uid >> $SLAVEOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Query 11: filter:(mail=jaj at mail.alumni.example.com) cn sn title uid"
+echo "# Query 11: filter:(mail=jaj at mail.alumni.example.com) cn sn title uid" >> $SLAVEOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ 'mail=jaj at mail.alumni.example.com' cn sn title uid >> $SLAVEOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+#queries 8-11 are answerable
+ANSWERABILITY=1111
+grep ANSWERABLE $LOG2 | awk '{
+ if (NR > 7) {
+ if ($2 == "NOT")
+ printf "Query %d not answerable\n",NR
+ else
+ printf "Query %d answerable\n",NR
+ }
+ }'
+ANSWERED=`grep ANSWERABLE $LOG2 | awk '{
+ if (NR > 7) {
+ if ($2 == "NOT")
+ printf "0"
+ else
+ printf "1"
+ }
+ }'`
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test "$ANSWERABILITY" = "$ANSWERED" ; then
+ echo "Successfully verified answerability"
+else
+ echo "Error in verifying answerability"
+ exit 1
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SLAVEOUT > $SEARCHFLT
+echo "Filtering original ldif..."
+. $LDIFFILTER < $PROXYCACHEOUT > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test020-proxycache
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test021-certificate
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test021-certificate (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test021-certificate 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,319 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test021-certificate,v 1.12.2.8 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test "$AC_WITH_TLS" != "yes" ; then
+ echo "test disabled, requires --with-tls"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+#echo $SLAPADD -f $CONF1 -l $LDIFORDERED
+$SLAPADD -f $CONF1 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+#valgrind -v --gdb-attach=yes --logfile=info --num-callers=16 --leak-check=yes --leak-resolution=high $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING </dev/tty > $LOG1 2>&1 &
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+echo "Testing certificate handling..."
+
+sleep 1
+
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Add certificates..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+version: 1
+
+# LEADING COMMENT AND WHITE SPACE
+
+# should use certificationAuthority instead of extensibleObject
+dn: dc=example,dc=com
+changetype: modify
+add: objectClass
+objectClass: extensibleObject
+-
+add: cAcertificate;binary
+cAcertificate;binary::
+ MIIDVDCCAr2gAwIBAgIBADANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET
+ MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg
+ THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh
+ bXBsZS5jb20wHhcNMDMxMDE3MTYzMDQxWhcNMDQxMDE2MTYzMDQxWjB3MQswCQYD
+ VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAg
+ RXhhbXBsZSwgTHRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJ
+ ARYOY2FAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANlj
+ UGxiisAzEiALukzt3Gj/24MRw1J0AZx6GncXLhpNJsAFyA0bYZdAzgvydKeq/uX0
+ i5o/4Byc3G71XAAcbJZxDPtrLwpDAdMNOBvKV2r67yTgnpatFLfGRt/FWazj5EbF
+ YkorWWTe+4eEBd9VPzebHdIm+DPHipUfIAzRoNejAgMBAAGjge8wgewwHQYDVR0O
+ BBYEFEtvIRo2JNKQ+UOwU0ctfeHA5pgjMIGhBgNVHSMEgZkwgZaAFEtvIRo2JNKQ
+ +UOwU0ctfeHA5pgjoXukeTB3MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
+ cm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjETMBEGA1UEAxMK
+ RXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22CAQAwDAYD
+ VR0TBAUwAwEB/zAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0B
+ AQQFAAOBgQCgXD/+28El3GXi/uxMNEKqtnIhQdTnNU4il0fZ6pcmHPFC+61Bddow
+ 90ZZZh5Gbg5ZBxFRhDXN8K/fix3ewRSjASt40dGlEODkE+FsLMt04sYl6kX7RGKg
+ 9a46DkeG+uzZnN/3252uCgh+rjNMFAglueUTERv3EtUB1iXEoU3GyA==
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: modify
+add: objectClass
+objectClass: strongAuthenticationUser
+-
+add: userCertificate;binary
+userCertificate;binary::
+ MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET
+ MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg
+ THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh
+ bXBsZS5jb20wHhcNMDMxMDE3MTYzMzE5WhcNMDQxMDE2MTYzMzE5WjB+MQswCQYD
+ VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAg
+ RXhhbXBsZSwgTHRkLjEYMBYGA1UEAxMPVXJzdWxhIEhhbXBzdGVyMR8wHQYJKoZI
+ hvcNAQkBFhB1aGFtQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+ iQKBgQDuxgp5ELV9LmhxWMpV7qc4028QQT3+zzFDXhruuXE7ji2n3S3ea8bOwDtJ
+ h+qnsDe561DhHHHlgIjMKCiDEizYMpxvJPYEXmvp0huRkMgpKZgmel95BSkt6TYm
+ J0erS3aoimOHLEFimmnTLolNRMiWqNBvqwobx940PGwUWEePKQIDAQABo4H/MIH8
+ MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
+ cnRpZmljYXRlMB0GA1UdDgQWBBSjI94TbBmuDEeUUOiC37EK0Uf0XjCBoQYDVR0j
+ BIGZMIGWgBRLbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1UEBhMCVVMx
+ EzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUs
+ IEx0ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+ YW1wbGUuY29tggEAMA0GCSqGSIb3DQEBBAUAA4GBAIgUcARb3OlWYNbmr1nmqESu
+ xLn16uqI1Ot6WkcICvpkdQ+Bo+R9AP05xpoXocZtKdNvBu3FNxB/jFkiOcLU2lX7
+ Px1Ijnsjh60qVRy9HOsHCungIKlGcnXLKHmKu0y//5jds/HnaJsGcHI5JRG7CBJb
+ W+wrwge3trJ1xHJI8prN
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: modify
+add: objectClass
+objectClass: strongAuthenticationUser
+-
+add: userCertificate;binary
+userCertificate;binary::
+ MIIDcDCCAtmgAwIBAgIBATANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET
+ MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg
+ THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh
+ bXBsZS5jb20wHhcNMDMxMDE3MTYzMTQwWhcNMDQxMDE2MTYzMTQwWjCBgjELMAkG
+ A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQ
+ IEV4YW1wbGUsIEx0ZC4xHTAbBgNVBAMUFEplbm5pZmVyICJKZW4iIFNtaXRoMR4w
+ HAYJKoZIhvcNAQkBFg9qZW5AZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
+ gY0AMIGJAoGBANUgO8cP/SjqgCVxxsRYv36AP0+QL81iEkGvR4gG6jbtDDBdVYDC
+ YbS2oKKNJ5e99NxGMIjOYfmKcAwmkV46IhdzUtkutgjHEG9vl5ajSwc1KSsbTMTy
+ NtuG3k5k02JYFbP+FrGyUE8iPqK4+i7mVjW4bh/MBCHW88FptnpDJiuHAgMBAAGj
+ gf8wgfwwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
+ ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEdo4jpxCQXJ1sh/E1O3ZBkLTbHkMIGh
+ BgNVHSMEgZkwgZaAFEtvIRo2JNKQ+UOwU0ctfeHA5pgjoXukeTB3MQswCQYDVQQG
+ EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhh
+ bXBsZSwgTHRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYO
+ Y2FAZXhhbXBsZS5jb22CAQAwDQYJKoZIhvcNAQEEBQADgYEAFpHsQUtSZQzmm9k2
+ Vrfs0h7tdkWF3LcHzHk4a/t3k4EXcqlHBxh4f0tmb4XNP9QupRgm6ggr8t3Rq0Vt
+ T8k50x4C7oE8HwZuEEB4FM7S1Zig3dfeJ8MJgdaLqt5/U9Ip/hZdzG2dsUsIceH/
+ 5MCKLu9bGJUjsKnGdm/KpaNwaNo=
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: modify
+add: userCertificate;binary
+userCertificate;binary::
+ MIIDjDCCAvWgAwIBAgIBAzANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET
+ MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg
+ THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh
+ bXBsZS5jb20wHhcNMDMxMDE3MTYzNTM1WhcNMDQxMDE2MTYzNTM1WjCBnjELMAkG
+ A1UEBhMCVVMxETAPBgNVBAgTCE1pY2hpZ2FuMR8wHQYDVQQKExZPcGVuTERBUCBF
+ eGFtcGxlLCBMdGQuMRswGQYDVQQLExJBbHVtbmkgQXNzb2ljYXRpb24xEjAQBgNV
+ BAMTCUplbiBTbWl0aDEqMCgGCSqGSIb3DQEJARYbamVuQG1haWwuYWx1bW5pLmV4
+ YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpnXWAL0VkROGO
+ 1Rg8J3u6F4F7yMqQCbUMsV9rxQisYj45+pmqiHV5urogvT4MGD6eLNFZKBn+0KRn
+ i++uu7gbartzpmBaHOlzRII9ZdVMFfrT2xYNgAlkne6pb6IZIN9UONuH/httENCD
+ J5WEpjZ48D1Lrml/HYO/W+SAMkpEqQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJ
+ YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+ DgQWBBTB2saht/od/nis76b9m+pjxfhSPjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTS
+ kPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm
+ b3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0ZC4xEzARBgNVBAMT
+ CkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAMA0G
+ CSqGSIb3DQEBBAUAA4GBAIoGPc/AS0cNkMRDNoMIzcFdF9lONMduKBiSuFvv+x8n
+ Cek+LUdXxF59V2NPKh2V5gFh5xbAchyv6FVBnpVtPdB5akCr5tdFQhuBLUXXDk/t
+ THGpIWt7OAjEmpuMzsz3GUB8Zf9rioHOs1DMw+GpzWdnFITxXhAqEDc3quqPrpxZ
+-
+delete: userCertificate;binary
+userCertificate;binary::
+ MIIDcDCCAtmgAwIBAgIBATANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET
+ MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg
+ THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh
+ bXBsZS5jb20wHhcNMDMxMDE3MTYzMTQwWhcNMDQxMDE2MTYzMTQwWjCBgjELMAkG
+ A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQ
+ IEV4YW1wbGUsIEx0ZC4xHTAbBgNVBAMUFEplbm5pZmVyICJKZW4iIFNtaXRoMR4w
+ HAYJKoZIhvcNAQkBFg9qZW5AZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
+ gY0AMIGJAoGBANUgO8cP/SjqgCVxxsRYv36AP0+QL81iEkGvR4gG6jbtDDBdVYDC
+ YbS2oKKNJ5e99NxGMIjOYfmKcAwmkV46IhdzUtkutgjHEG9vl5ajSwc1KSsbTMTy
+ NtuG3k5k02JYFbP+FrGyUE8iPqK4+i7mVjW4bh/MBCHW88FptnpDJiuHAgMBAAGj
+ gf8wgfwwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
+ ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEdo4jpxCQXJ1sh/E1O3ZBkLTbHkMIGh
+ BgNVHSMEgZkwgZaAFEtvIRo2JNKQ+UOwU0ctfeHA5pgjoXukeTB3MQswCQYDVQQG
+ EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhh
+ bXBsZSwgTHRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYO
+ Y2FAZXhhbXBsZS5jb22CAQAwDQYJKoZIhvcNAQEEBQADgYEAFpHsQUtSZQzmm9k2
+ Vrfs0h7tdkWF3LcHzHk4a/t3k4EXcqlHBxh4f0tmb4XNP9QupRgm6ggr8t3Rq0Vt
+ T8k50x4C7oE8HwZuEEB4FM7S1Zig3dfeJ8MJgdaLqt5/U9Ip/hZdzG2dsUsIceH/
+ 5MCKLu9bGJUjsKnGdm/KpaNwaNo=
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: modify
+replace: userCertificate;binary
+userCertificate;binary::
+ MIIDjDCCAvWgAwIBAgIBAzANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET
+ MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg
+ THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh
+ bXBsZS5jb20wHhcNMDMxMDE3MTYzNTM1WhcNMDQxMDE2MTYzNTM1WjCBnjELMAkG
+ A1UEBhMCVVMxETAPBgNVBAgTCE1pY2hpZ2FuMR8wHQYDVQQKExZPcGVuTERBUCBF
+ eGFtcGxlLCBMdGQuMRswGQYDVQQLExJBbHVtbmkgQXNzb2ljYXRpb24xEjAQBgNV
+ BAMTCUplbiBTbWl0aDEqMCgGCSqGSIb3DQEJARYbamVuQG1haWwuYWx1bW5pLmV4
+ YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpnXWAL0VkROGO
+ 1Rg8J3u6F4F7yMqQCbUMsV9rxQisYj45+pmqiHV5urogvT4MGD6eLNFZKBn+0KRn
+ i++uu7gbartzpmBaHOlzRII9ZdVMFfrT2xYNgAlkne6pb6IZIN9UONuH/httENCD
+ J5WEpjZ48D1Lrml/HYO/W+SAMkpEqQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJ
+ YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+ DgQWBBTB2saht/od/nis76b9m+pjxfhSPjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTS
+ kPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm
+ b3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0ZC4xEzARBgNVBAMT
+ CkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAMA0G
+ CSqGSIb3DQEBBAUAA4GBAIoGPc/AS0cNkMRDNoMIzcFdF9lONMduKBiSuFvv+x8n
+ Cek+LUdXxF59V2NPKh2V5gFh5xbAchyv6FVBnpVtPdB5akCr5tdFQhuBLUXXDk/t
+ THGpIWt7OAjEmpuMzsz3GUB8Zf9rioHOs1DMw+GpzWdnFITxXhAqEDc3quqPrpxZ
+-
+delete: userCertificate;binary
+
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo 'Using ldapsearch to retrieve (userCertificate;binary=*) ...'
+echo "# (userCertificate;binary=*)" > $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(userCertificate;binary=*)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo 'Using ldapsearch to retrieve (cAcertificate=*) ...'
+echo "# (cAcertificate=*)" >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(cAcertificate=*)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+SNAI='2$EMAIL=ca at example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US'
+
+echo 'Using ldapsearch to retrieve (userCertificate=serialNumberAndIssuer) ...'
+echo "# (userCertificate=$SNAI)" >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "(userCertificate=$SNAI)" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+SNAI='3$EMAIL=ca at example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US'
+
+echo 'Using ldapsearch to retrieve (userCertificate:certificateExactMatch:=serialNumberAndIssuer) ...'
+echo "# (userCertificate:certificateExactMatch:=$SNAI)" >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "(userCertificate:certificateExactMatch:=$SNAI)" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+CERT='\30\82\03\54\30\82\02\bd\a0\03\02\01\02\02\01\00\30\0d\06\09\2a\86\48\86\f7\0d\01\01\04\05\00\30\77\31\0b\30\09\06\03\55\04\06\13\02\55\53\31\13\30\11\06\03\55\04\08\13\0a\43\61\6c\69\66\6f\72\6e\69\61\31\1f\30\1d\06\03\55\04\0a\13\16\4f\70\65\6e\4c\44\41\50\20\45\78\61\6d\70\6c\65\2c\20\4c\74\64\2e\31\13\30\11\06\03\55\04\03\13\0a\45\78\61\6d\70\6c\65\20\43\41\31\1d\30\1b\06\09\2a\86\48\86\f7\0d\01\09\01\16\0e\63\61\40\65\78\61\6d\70\6c\65\2e\63\6f\6d\30\1e\17\0d\30\33\31\30\31\37\31\36\33\30\34\31\5a\17\0d\30\34\31\30\31\36\31\36\33\30\34\31\5a\30\77\31\0b\30\09\06\03\55\04\06\13\02\55\53\31\13\30\11\06\03\55\04\08\13\0a\43\61\6c\69\66\6f\72\6e\69\61\31\1f\30\1d\06\03\55\04\0a\13\16\4f\70\65\6e\4c\44\41\50\20\45\78\61\6d\70\6c\65\2c\20\4c\74\64\2e\31\13\30\11\06\03\55\04\03\13\0a\45\78\61\6d\70\6c\65\20\43\41\31\1d\30\1b\06\09\2a\86\48\86\f7\0d\01\09\01\16\0e\63\61\40\65\78\61\6d\70\6c\65\2e\63\6f\6d\30\81\9f\30\0d\06\09\2a\86\48\86\f7\0d\01\01\01\05\00\03\81\8d\00\30\81\89\02\81\81\00\d9\63\50\6c\62\8a\c0\33\12\20\0b\ba\4c\ed\dc\68\ff\db\83\11\c3\52\74\01\9c\7a\1a\77\17\2e\1a\4d\26\c0\05\c8\0d\1b\61\97\40\ce\0b\f2\74\a7\aa\fe\e5\f4\8b\9a\3f\e0\1c\9c\dc\6e\f5\5c\00\1c\6c\96\71\0c\fb\6b\2f\0a\43\01\d3\0d\38\1b\ca\57\6a\fa\ef\24\e0\9e\96\ad\14\b7\c6\46\df\c5\59\ac\e3\e4\46\c5\62\4a\2b\59\64\de\fb\87\84\05\df\55\3f\37\9b\1d\d2\26\f8\33\c7\8a\95\1f\20\0c\d1\a0\d7\a3\02\03\01\00\01\a3\81\ef\30\81\ec\30\1d\06\03\55\1d\0e\04\16\04\14\4b\6f\21\1a\36\24\d2\90\f9\43\b0\53\47\2d\7d\e1\c0\e6\98\23\30\81\a1\06\03\55\1d\23\04\81\99\30\81\96\80\14\4b\6f\21\1a\36\24\d2\90\f9\43\b0\53\47\2d\7d\e1\c0\e6\98\23\a1\7b\a4\79\30\77\31\0b\30\09\06\03\55\04\06\13\02\55\53\31\13\30\11\06\03\55\04\08\13\0a\43\61\6c\69\66\6f\72\6e\69\61\31\1f\30\1d\06\03\55\04\0a\13\16\4f\70\65\6e\4c\44\41\50\20\45\78\61\6d\70\6c\65\2c\20\4c\74\64\2e\31\13\30\11\06\03\55\04\03\13\0a\45\78\61\6d\70\6c\65\20\43\41\31\1d\30\1b\06\09\2a\86\48\86\f7\0d\01\09\01\16\0e\63\61\40\65\78\61\6d\70\6c\65\2e\63\6f\6d\82\01\00\30\0c\06\03\55\1d\13\04\05\30\03\01\01\ff\30\19\06\03\55\1d\11\04\12\30\10\81\0e\63\61\40\65\78\61\6d\70\6c\65\2e\63\6f\6d\30\0d\06\09\2a\86\48\86\f7\0d\01\01\04\05\00\03\81\81\00\a0\5c\3f\fe\db\c1\25\dc\65\e2\fe\ec\4c\34\42\aa\b6\72\21\41\d4\e7\35\4e\22\97\47\d9\ea\97\26\1c\f1\42\fb\ad\41\75\da\30\f7\46\59\66\1e\46\6e\0e\59\07\11\51\84\35\cd\f0\af\df\8b\1d\de\c1\14\a3\01\2b\78\d1\d1\a5\10\e0\e4\13\e1\6c\2c\cb\74\e2\c6\25\ea\45\fb\44\62\a0\f5\ae\3a\0e\47\86\fa\ec\d9\9c\df\f7\db\9d\ae\0a\08\7e\ae\33\4c\14\08\25\b9\e5\13\11\1b\f7\12\d5\01\d6\25\c4\a1\4d\c6\c8'
+
+echo 'Using ldapsearch to retrieve (cAcertificate;binary:certificateMatch:=certificate) ...'
+echo '# (cAcertificate;binary:certificateMatch:=--CERTIFICATE--)' >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "(cAcertificate;binary:certificateMatch:=$CERT)" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test "$WITHTLS" = no ; then
+ echo "Certificate matching not suported without TLS"
+ LDIF=$CERTIFICATEOUT
+else
+ LDIF=$CERTIFICATETLS
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - certificate operations did not complete correctly"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test021-certificate
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test022-ppolicy
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test022-ppolicy (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test022-ppolicy 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,346 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test022-ppolicy,v 1.6.2.10 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $PPOLICY = ppolicyno; then
+ echo "Password policy overlay not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $PPOLICYCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+USER="uid=nd, ou=People, dc=example, dc=com"
+PASS=testpassword
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to populate the database..."
+# may need -e manageDIT for draft 09, but not yet.
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFPPOLICY > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing account lockout..."
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >$SEARCHOUT 2>&1
+sleep 2
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1
+sleep 2
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1
+sleep 2
+$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >> $SEARCHOUT 2>&1
+$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS >> $SEARCHOUT 2>&1
+COUNT=`grep "Account locked" $SEARCHOUT | wc -l`
+if test $COUNT != 2 ; then
+ echo "Account lockout test failed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Waiting 20 seconds for lockout to reset..."
+sleep 20
+
+$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
+ -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing password expiration"
+echo "Waiting 20 seconds for password to expire..."
+sleep 20
+
+$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
+ -b "$BASEDN" -s base > $SEARCHOUT 2>&1
+sleep 2
+$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
+ -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
+sleep 2
+$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
+ -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
+sleep 2
+$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
+ -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+ echo "Password expiration failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+COUNT=`grep "grace logins" $SEARCHOUT | wc -l`
+if test $COUNT != 3 ; then
+ echo "Password expiration test failed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Resetting password to clear expired status"
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w secret -s $PASS \
+ -D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filling password history..."
+$LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w $PASS > \
+ $TESTOUT 2>&1 << EOMODS
+dn: uid=nd, ou=People, dc=example, dc=com
+changetype: modify
+delete: userpassword
+userpassword: testpassword
+-
+replace: userpassword
+userpassword: 20urgle12-1
+
+dn: uid=nd, ou=People, dc=example, dc=com
+changetype: modify
+delete: userpassword
+userpassword: 20urgle12-1
+-
+replace: userpassword
+userpassword: 20urgle12-2
+
+dn: uid=nd, ou=People, dc=example, dc=com
+changetype: modify
+delete: userpassword
+userpassword: 20urgle12-2
+-
+replace: userpassword
+userpassword: 20urgle12-3
+
+dn: uid=nd, ou=People, dc=example, dc=com
+changetype: modify
+delete: userpassword
+userpassword: 20urgle12-3
+-
+replace: userpassword
+userpassword: 20urgle12-4
+
+dn: uid=nd, ou=People, dc=example, dc=com
+changetype: modify
+delete: userpassword
+userpassword: 20urgle12-4
+-
+replace: userpassword
+userpassword: 20urgle12-5
+
+dn: uid=nd, ou=People, dc=example, dc=com
+changetype: modify
+delete: userpassword
+userpassword: 20urgle12-5
+-
+replace: userpassword
+userpassword: 20urgle12-6
+
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+echo "Testing password history..."
+$LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w 20urgle12-6 > \
+ $TESTOUT 2>&1 << EOMODS
+dn: uid=nd, ou=People, dc=example, dc=com
+changetype: modify
+delete: userPassword
+userPassword: 20urgle12-6
+-
+replace: userPassword
+userPassword: 20urgle12-2
+
+EOMODS
+RC=$?
+if test $RC = 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing forced reset..."
+
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: uid=nd, ou=People, dc=example, dc=com
+changetype: modify
+replace: userPassword
+userPassword: testpassword
+-
+replace: pwdReset
+pwdReset: TRUE
+
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
+ -b "$BASEDN" -s base > $SEARCHOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+ echo "Forced reset failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+COUNT=`grep "Operations are restricted" $SEARCHOUT | wc -l`
+if test $COUNT != 1 ; then
+ echo "Forced reset test failed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Clearing forced reset..."
+
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: uid=nd, ou=People, dc=example, dc=com
+changetype: modify
+delete: pwdReset
+
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
+ -b "$BASEDN" -s base > $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "Clearing forced reset failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing Safe modify..."
+
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w $PASS -s failexpect \
+ -D "$USER" > $TESTOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+ echo "Safe modify test 1 failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+sleep 2
+
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w $PASS -s failexpect -a $PASS \
+ -D "$USER" > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "Safe modify test 2 failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing length requirement..."
+
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w failexpect -a failexpect -s spw \
+ -D "$USER" > $TESTOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+ echo "Length requirement test failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+COUNT=`grep "Password fails quality" $TESTOUT | wc -l`
+if test $COUNT != 1 ; then
+ echo "Length requirement test failed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing hashed length requirement..."
+
+$LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$USER" -w failexpect > \
+ $TESTOUT 2>&1 << EOMODS
+dn: $USER
+changetype: modify
+delete: userPassword
+userPassword: failexpect
+-
+add: userPassword
+userPassword: {MD5}xxxxxx
+
+EOMODS
+RC=$?
+if test $RC = 0 ; then
+ echo "Hashed length requirement test failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+COUNT=`grep "Password fails quality" $TESTOUT | wc -l`
+if test $COUNT != 1 ; then
+ echo "Hashed length requirement test failed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test022-ppolicy
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test023-refint
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test023-refint (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test023-refint 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,188 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test023-refint,v 1.3.2.6 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+if test "$BACKEND" != "bdb" && test "$BACKEND" != "hdb" ; then
+ echo "Test does not support $BACKEND"
+ exit 0
+fi
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $REFINT = refintno; then
+ echo "Referential Integrity overlay not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $REFINTCONF > $CONF1
+$SLAPADD -f $CONF1 -l $LDIFREFINT
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd referential integrity operations..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Searching unmodified database..."
+
+$LDAPSEARCH -S "" -b "o=refint" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$EGREP_CMD "(manager|secretary):" $SEARCHOUT | sed "s/george/foster/g" | \
+ sort > $TESTOUT 2>&1
+
+echo "Testing modrdn..."
+$LDAPMODRDN -D "$REFINTDN" -r -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ /dev/null 2>&1 'uid=george,ou=users,o=refint' 'uid=foster'
+#$LDAPMODRDN -D "$REFINTDN" -r -h $LOCALHOST -p $PORT1 -w $PASSWD \
+# 'uid=george,ou=users,o=refint' 'uid=foster'
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodrdn failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check dependents new rdn..."
+
+$LDAPSEARCH -S "" -b "o=refint" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1
+
+RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$EGREP_CMD "(manager|secretary):" $SEARCHOUT | sort > $SEARCHFLT 2>&1
+
+echo "Comparing ldapsearch results against original..."
+$CMP $TESTOUT $SEARCHFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - modify operations did not complete correctly"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing delete..."
+$LDAPMODIFY -v -D "$REFINTDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EDEL
+version: 1
+dn: uid=foster,ou=users,o=refint
+changetype: delete
+EDEL
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to verify dependents have been deleted..."
+$LDAPSEARCH -S "" -b "o=refint" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$EGREP_CMD "(manager|secretary):" $SEARCHOUT > $SEARCHFLT 2>&1
+
+RC=`grep -c foster $SEARCHFLT`
+if test $RC != 0 ; then
+ echo "dependent modify failed - dependents were not deleted"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Additional test records..."
+
+$LDAPADD -D "$REFINTDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << ETEST
+dn: uid=special,ou=users,o=refint
+objectClass: inetOrgPerson
+uid: special
+sn: special
+cn: special
+businessCategory: nothing
+carLicense: FOO
+departmentNumber: 933
+displayName: special
+employeeNumber: 41491
+employeeType: vendor
+givenName: special
+member: uid=alice,ou=users,o=refint
+ETEST
+
+echo "Testing delete when referential attribute is a MUST..."
+$LDAPMODIFY -v -D "$REFINTDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EDEL
+version: 1
+dn: uid=alice,ou=users,o=refint
+changetype: delete
+EDEL
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test023-refint
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test024-unique
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test024-unique (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test024-unique 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,130 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test024-unique,v 1.3.2.5 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $UNIQUE = uniqueno; then
+ echo "Attribute Uniqueness overlay not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $UNIQUECONF > $CONF1
+$SLAPADD -f $CONF1 -l $LDIFUNIQUE
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd attribute uniqueness operations..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding a unique record..."
+
+#$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+# $TESTOUT 2>&1 << EOTUNIQ1
+$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ > /dev/null << EOTUNIQ1
+dn: uid=dave,ou=users,o=unique
+objectClass: inetOrgPerson
+uid: dave
+sn: nothere
+cn: dave
+businessCategory: otest
+carLicense: TEST
+departmentNumber: 42
+# NOTE: use special chars in attr value to be used
+# in internal searches ITS#4212
+displayName: Dave (ITS#4212)
+employeeNumber: 69
+employeeType: contractor
+givenName: Dave
+EOTUNIQ1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+#echo ----------------------
+#$LDAPSEARCH -S "" -b "o=unique" -h $LOCALHOST -p $PORT1
+
+echo "Adding a non-unique record..."
+
+$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOTUNIQ2
+dn: uid=bill,ou=users,o=unique
+objectClass: inetOrgPerson
+uid: bill
+sn: johnson
+cn: bill
+businessCategory: rtest
+carLicense: ABC123
+departmentNumber: 42
+displayName: Bill
+employeeNumber: 5150
+employeeType: contractor
+givenName: Bill
+EOTUNIQ2
+
+RC=$?
+if test $RC != 19 ; then
+ echo "unique check failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+fi
+
+
+#echo ----------------------
+#$LDAPSEARCH -S "" -b "o=unique" -h $LOCALHOST -p $PORT1
+
+
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test024-unique
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test025-limits
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test025-limits (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test025-limits 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,1365 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test025-limits,v 1.14.2.5 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+## FIXME: need to exclude legal but wrong results...
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $LIMITSCONF > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFLIMITS
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $LIMITSCONF > $CONF1
+$SLAPINDEX -f $CONF1
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+echo ""
+echo "Testing regular search limits"
+echo ""
+
+echo "Testing no limits requested for unlimited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unlimited User,ou=People,dc=example,dc=com' \
+ '(objectClass=*)' >$SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...success (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing no limits requested for rootdn=$MANAGERDN..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D "$MANAGERDN" \
+ '(objectClass=*)' >$SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...success (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=4
+echo "Testing limit requested for rootdn=$MANAGERDN..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D "$MANAGERDN" \
+ '(objectClass=*)' >$SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" -gt "$SIZELIMIT" ; then
+ echo "...error: got $COUNT entries instead of the requested $SIZELIMIT"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ echo "...didn't bump into the requested size limit ($SIZELIMIT; got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" = "$SIZELIMIT" ; then
+ echo "...bumped into requested size limit ($SIZELIMIT)"
+ else
+ echo "...error: got $COUNT entries with a requested sizelimit of $SIZELIMIT"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=2
+echo "Testing size limit request ($SIZELIMIT) for unlimited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Unlimited User,ou=People,dc=example,dc=com' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" -gt "$SIZELIMIT" ; then
+ echo "...error: got $COUNT entries instead of the requested $SIZELIMIT"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ echo "...didn't bump into the requested size limit ($SIZELIMIT; got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" = "$SIZELIMIT" ; then
+ echo "...bumped into requested size limit ($SIZELIMIT)"
+ else
+ echo "...error: got $COUNT entries with a requested sizelimit of $SIZELIMIT"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+TIMELIMIT=10
+echo "Testing time limit request ($TIMELIMIT s) for unlimited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -l $TIMELIMIT \
+ -D 'cn=Unlimited User,ou=People,dc=example,dc=com' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...didn't bump into the requested time limit ($TIMELIMIT s; got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 3)
+ if test x"$COUNT" != x ; then
+ COUNT=0
+ fi
+ echo "...bumped into requested time limit ($TIMELIMIT s; got $COUNT entries)"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing no limits requested for soft limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Soft Limited User,ou=People,dc=example,dc=com' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...didn't bump into server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test x"$COUNT" != x ; then
+ echo "...bumped into server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=2
+echo "Testing lower than soft limit request ($SIZELIMIT) for soft limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Soft Limited User,ou=People,dc=example,dc=com' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" -gt "$SIZELIMIT" ; then
+ echo "...error: got $COUNT entries instead of the requested $SIZELIMIT"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test "x$COUNT" != "x" ; then
+ if test "x$SIZELIMIT" = "x$COUNT" ; then
+ echo "...bumped into requested ($SIZELIMIT) size limit"
+ else
+ echo "...bumped into server-side size limit ($COUNT)"
+ fi
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=100
+echo "Testing higher than soft limit request ($SIZELIMIT) for soft limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Soft Limited User,ou=People,dc=example,dc=com' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" -gt "$SIZELIMIT" ; then
+ echo "...error: got $COUNT entries instead of the requested $SIZELIMIT"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test "x$COUNT" != "x" ; then
+ if test "x$SIZELIMIT" = "x$COUNT" ; then
+ echo "...bumped into requested ($SIZELIMIT) size limit"
+ else
+ echo "...bumped into server-side size limit ($COUNT)"
+ fi
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=2
+echo "Testing lower than hard limit request ($SIZELIMIT) for hard limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Hard Limited User,ou=People,dc=example,dc=com' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" -gt "$SIZELIMIT" ; then
+ echo "...error: got $COUNT entries instead of the requested $SIZELIMIT"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ echo "...bumped into requested ($SIZELIMIT) size limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=100
+echo "Testing higher than hard limit request ($SIZELIMIT) for hard limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Hard Limited User,ou=People,dc=example,dc=com' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" -gt "$SIZELIMIT" ; then
+ echo "...error: got $COUNT entries instead of the requested $SIZELIMIT"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" = "$SIZELIMIT" ; then
+ echo "...error: bumped into requested ($SIZELIMIT) size limit"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ else
+ echo "...got size limit $COUNT instead of requested $SIZELIMIT entries"
+ fi
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+# 11)
+# echo "...bumped into server-side hard size administrative limit"
+# ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=max
+echo "Testing max limit request ($SIZELIMIT) for hard limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Hard Limited User,ou=People,dc=example,dc=com' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test x"$COUNT" != x ; then
+ echo "...bumped into requested ($SIZELIMIT=$COUNT) size limit"
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+# 11)
+# echo "...bumped into server-side hard size administrative limit"
+# ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing lower than unchecked limit request for unchecked limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unchecked Limited User,ou=People,dc=example,dc=com' \
+ '(uid=uncheckedlimited)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 11)
+ echo "...error: bumped into unchecked administrative limit"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unchecked Limited User,ou=People,dc=example,dc=com' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...error: didn't bump into server-side unchecked limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ fi
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ ;;
+ 11)
+ echo "...bumped into unchecked administrative limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing no limits requested for unchecked limited group..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unchecked Limited User 2,ou=People,dc=example,dc=com' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...error: didn't bump into server-side unchecked limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ fi
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ ;;
+ 11)
+ echo "...bumped into unchecked administrative limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing no limits requested for limited regex..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Foo User,ou=People,dc=example,dc=com' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...didn't bump into server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test "x$COUNT" != "x" ; then
+ echo "...bumped into server-side size limit ($COUNT)"
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing no limits requested for limited onelevel..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Bar User,ou=People,dc=example,dc=com' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...didn't bump into server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test "x$COUNT" != "x" ; then
+ echo "...bumped into server-side size limit ($COUNT)"
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing no limit requested for limited children..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unchecked Limited Users,ou=Groups,dc=example,dc=com' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...didn't bump into server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test "x$COUNT" != "x" ; then
+ echo "...bumped into server-side size limit ($COUNT)"
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing no limit requested for limited subtree..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unchecked Limited User 3,ou=Admin,dc=example,dc=com' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...didn't bump into server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test "x$COUNT" != "x" ; then
+ echo "...bumped into server-side size limit ($COUNT)"
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing no limit requested for limited users..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Special User,dc=example,dc=com' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...didn't bump into server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test "x$COUNT" != "x" ; then
+ echo "...bumped into server-side size limit ($COUNT)"
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing no limit requested for limited anonymous..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...didn't bump into server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test "x$COUNT" != "x" ; then
+ echo "...bumped into server-side size limit ($COUNT)"
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+case $BACKEND in
+ bdb | hdb)
+ # only bdb|hdb currently supports pagedResults control
+ ;;
+ *)
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+ echo ">>>>> Test succeeded"
+ exit 0
+ ;;
+esac
+
+if test x"$SLAPD_PAGE_SIZE" != x ; then
+ PAGESIZE="$SLAPD_PAGE_SIZE"
+ if test "$PAGESIZE" -le 0 ; then
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+ echo ""
+ echo "Testing with pagedResults control disabled"
+ echo ""
+ echo ">>>>> Test succeeded"
+ exit 0
+ fi
+else
+ PAGESIZE=5
+fi
+
+echo ""
+echo "Testing regular search limits with pagedResults control (page size $PAGESIZE)"
+echo ""
+
+echo "Testing no limits requested for unlimited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unlimited User,ou=People,dc=example,dc=com' \
+ -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' >$SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...success (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=2
+echo "Testing size limit request ($SIZELIMIT) for unlimited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Unlimited User,ou=People,dc=example,dc=com' \
+ -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" -gt "$SIZELIMIT" ; then
+ echo "...error: got $COUNT entries instead of the requested $SIZELIMIT"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ echo "...didn't bump into the requested size limit ($SIZELIMIT; got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test x"$COUNT" != x ; then
+ if test $COUNT = $SIZELIMIT ; then
+ echo "...bumped into requested size limit ($SIZELIMIT)"
+ else
+ echo "...error: got $COUNT entries while requesting $SIZELIMIT..."
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+TIMELIMIT=10
+echo "Testing time limit request ($TIMELIMIT s) for unlimited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -l $TIMELIMIT \
+ -D 'cn=Unlimited User,ou=People,dc=example,dc=com' \
+ -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...didn't bump into the requested time limit ($TIMELIMIT s; got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 3)
+ if test x"$COUNT" = x ; then
+ COUNT=0
+ fi
+ echo "...bumped into requested time limit ($TIMELIMIT s; got $COUNT entries)"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing no limits requested for soft limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Soft Limited User,ou=People,dc=example,dc=com' \
+ -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...didn't bump into server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test x"$COUNT" != x ; then
+ echo "...bumped into server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=2
+echo "Testing lower than soft limit request ($SIZELIMIT) for soft limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Soft Limited User,ou=People,dc=example,dc=com' \
+ -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" -gt "$SIZELIMIT" ; then
+ echo "...error: got $COUNT entries instead of the requested $SIZELIMIT"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test "x$COUNT" != "x" ; then
+ if test "x$SIZELIMIT" = "x$COUNT" ; then
+ echo "...bumped into requested ($SIZELIMIT) size limit"
+ else
+ echo "...bumped into server-side size limit ($COUNT)"
+ fi
+ else
+ echo "...bumped into either requested ($SIZELIMIT) or server-side size limit"
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=100
+echo "Testing higher than soft limit request ($SIZELIMIT) for soft limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Soft Limited User,ou=People,dc=example,dc=com' \
+ -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" -gt "$SIZELIMIT" ; then
+ echo "...error: got $COUNT entries instead of the requested $SIZELIMIT"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test "x$COUNT" != "x" ; then
+ if test "x$SIZELIMIT" = "x$COUNT" ; then
+ echo "...bumped into requested ($SIZELIMIT) size limit"
+ else
+ echo "...bumped into server-side size limit ($COUNT)"
+ fi
+ else
+ echo "...bumped into either requested ($SIZELIMIT) or server-side size limit"
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=2
+echo "Testing lower than hard limit request ($SIZELIMIT) for hard limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Hard Limited User,ou=People,dc=example,dc=com' \
+ -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" -gt "$SIZELIMIT" ; then
+ echo "...error: got $COUNT entries instead of the requested $SIZELIMIT"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" = "$SIZELIMIT" ; then
+ echo "...bumped into requested ($SIZELIMIT) size limit"
+ else
+ echo "...error: got size limit $SIZELIMIT but $COUNT entries"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=100
+echo "Testing higher than hard limit request ($SIZELIMIT) for hard limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Hard Limited User,ou=People,dc=example,dc=com' \
+ -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" -gt "$SIZELIMIT" ; then
+ echo "...error: got $COUNT entries instead of the requested $SIZELIMIT"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test x"$COUNT" != x ; then
+ if test "$COUNT" = "$SIZELIMIT" ; then
+ echo "...error: bumped into requested ($SIZELIMIT) size limit"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ else
+ echo "...got size limit $COUNT instead of requested $SIZELIMIT entries"
+ fi
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+# 11)
+# echo "...bumped into hard size administrative limit"
+# ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=max
+echo "Testing max limit request ($SIZELIMIT) for hard limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Hard Limited User,ou=People,dc=example,dc=com' \
+ -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test x"$COUNT" != x ; then
+ echo "...bumped into requested ($SIZELIMIT=$COUNT) size limit"
+ else
+ echo "...error: bumped into size limit but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+# 11)
+# echo "...bumped into hard size administrative limit"
+# ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing lower than unchecked limit request for unchecked limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unchecked Limited User,ou=People,dc=example,dc=com' \
+ -E '!pr='$PAGESIZE'/noprompt' '(uid=uncheckedlimited)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+# 11)
+# echo "...bumped into unchecked administrative limit"
+# ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unchecked Limited User,ou=People,dc=example,dc=com' \
+ -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...error: didn't bump into server-side unchecked limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ fi
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ ;;
+ 11)
+ echo "...bumped into unchecked administrative limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo ""
+echo "Testing specific search limits with pagedResults control"
+echo ""
+
+echo "Testing no limit requested for unlimited page size ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unlimited User,ou=Paged Results Users,dc=example,dc=com' \
+ -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ if test x"$COUNT" != x ; then
+ echo "...success; didn't bump into server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: did not expect ldapsearch success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+ ;;
+ 4)
+ if test x"$COUNT" != x ; then
+ echo "...bumped into server-side size limit (got $COUNT entries)"
+ else
+ echo "...error: bumped into server-side size limit, but got no entries!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing no limit requested for limited page size ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Page Size Limited User,ou=Paged Results Users,dc=example,dc=com' \
+ -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ echo "...success; didn't bump into server-side page size limit (got $COUNT entries)"
+ ;;
+ 4)
+ echo "...bumped into page size limit ($COUNT)"
+ ;;
+ 11)
+ echo "...bumped into page size administrative limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing no limit requested for pagedResults disabled ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Paged Results Disabled User,ou=Paged Results Users,dc=example,dc=com' \
+ -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+ ;;
+ 4)
+ echo "...bumped into server-side size limit ($COUNT)"
+ ;;
+ 11)
+ echo "...bumped into pagedResults disabled administrative limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing no limit requested for pagedResults total count limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Paged Results Limited User,ou=Paged Results Users,dc=example,dc=com' \
+ -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+ ;;
+ 4)
+ echo "...bumped into server-side size limit ($COUNT)"
+ ;;
+ 11)
+ echo "...bumped into pagedResults total count administrative limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=8
+echo "Testing higher than hard but lower then total count limit requested for pagedResults total count limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Paged Results Limited User,ou=Paged Results Users,dc=example,dc=com' \
+ -z $SIZELIMIT -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ echo "...success; didn't bump into either requested ($SIZELIMIT) or server-side unchecked limit (got $COUNT entries)"
+ ;;
+ 4)
+ if test "x$COUNT" != "x" ; then
+ if test "x$SIZELIMIT" = "x$COUNT" ; then
+ echo "...bumped into requested ($SIZELIMIT) size limit"
+ else
+ echo "...bumped into server-side size limit ($COUNT)"
+ fi
+ else
+ echo "...bumped into either requested ($SIZELIMIT) or server-side size limit"
+ fi
+ ;;
+ 11)
+ echo "...bumped into either hard size or pagedResults total count administrative limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=15
+echo "Testing higher than total count limit requested for pagedResults total count limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Paged Results Limited User,ou=Paged Results Users,dc=example,dc=com' \
+ -z $SIZELIMIT -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ echo "...success; didn't bump into either requested ($SIZELIMIT) or server-side unchecked limit (got $COUNT entries)"
+ ;;
+ 4)
+ if test "x$COUNT" != "x" ; then
+ if test "x$SIZELIMIT" = "x$COUNT" ; then
+ echo "...bumped into requested ($SIZELIMIT) size limit"
+ else
+ echo "...bumped into server-side size limit ($COUNT)"
+ fi
+ else
+ echo "...bumped into either requested ($SIZELIMIT) or server-side size limit"
+ fi
+ ;;
+ 11)
+ echo "...bumped into pagedResults total count administrative limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=max
+echo "Testing max limit requested for pagedResults total count limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Paged Results Limited User,ou=Paged Results Users,dc=example,dc=com' \
+ -z $SIZELIMIT -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT`
+case $RC in
+ 0)
+ echo "...success; didn't bump into either requested ($SIZELIMIT) or server-side unchecked limit (got $COUNT entries)"
+ ;;
+ 4)
+ if test "x$COUNT" != "x" ; then
+ if test "x$SIZELIMIT" = "x$COUNT" ; then
+ echo "...bumped into requested ($SIZELIMIT) size limit"
+ else
+ echo "...bumped into server-side size limit ($COUNT)"
+ fi
+ else
+ echo "...bumped into either requested ($SIZELIMIT) or server-side size limit"
+ fi
+ ;;
+ 11)
+ echo "...bumped into pagedResults total count administrative limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test025-limits
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test026-dn
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test026-dn (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test026-dn 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,163 @@
+#! /bin/sh
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+. $CONFFILTER $BACKEND $MONITORDB < $DNCONF > $CONF1
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd DN parsing..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Loading database..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD -c -f $LDIFDN > \
+ $TESTOUT 2>&1
+
+cat /dev/null > $SEARCHOUT
+
+echo "Searching database..."
+echo "# Searching database..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+DN="OU=Sales+CN=J. Smith,DC=example,DC=net"
+echo "Searching database for DN=\"$DN\"..."
+echo "# Searching database for DN=\"$DN\"..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "(member=$DN)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+DN="testUUID=597ae2f6-16a6-1027-98f4-ABCDEFabcdef,DC=Example"
+echo "Searching database for entryUUID-named DN=\"$DN\"..."
+echo "# Searching database for entryUUID-named DN=\"$DN\"..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "(member=$DN)" \
+ >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+DN="dc=example,dc=com"
+echo "Searching database for nameAndOptionalUID=\"$DN\"..."
+echo "# Searching database for nameAndOptionalUID=\"$DN\"..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "(uniqueMember=$DN)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+DN="dc=example,dc=com#'001000'B"
+echo "Searching database for nameAndOptionalUID=\"$DN\"..."
+echo "# Searching database for nameAndOptionalUID=\"$DN\"..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "(uniqueMember=$DN)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+DN="dc=example,dc=com"
+echo "Searching database for uniqueMember~=\"$DN\" (approx) ..."
+echo "# Searching database for uniqueMember~=\"$DN\" (approx) ..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "(uniqueMember~=)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+DN="dc=example,dc=com#'001000'B"
+echo "Searching database for uniqueMember~=\"$DN\" (approx) ..."
+echo "# Searching database for uniqueMember~=\"$DN\" (approx) ..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "(uniqueMember~=$DN)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIFOUT=$DNOUT
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Comparing ldapsearch results against original..."
+$CMP $SEARCHFLT $LDIFOUT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - DN write operations did not complete correctly"
+ exit 1
+fi
+
+#####
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test026-dn
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test027-emptydn
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test027-emptydn (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test027-emptydn 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,172 @@
+#! /bin/sh
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+. $CONFFILTER $BACKEND $MONITORDB < $EMPTYDNCONF > $CONF1
+
+echo "Running slapadd to build \"dc=example,dc=com\" slapd database..."
+$SLAPADD -f $CONF1 -n 1 -l $LDIFEMPTYDN1
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Running slapadd to build empty DN slapd database..."
+$SLAPADD -f $CONF1 -b "" -l $LDIFEMPTYDN2
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd empty DN handling..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Searching database..."
+
+$LDAPSEARCH -b "" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+wait
+
+LDIFOUT=$EMPTYDNOUT1
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Comparing ldapsearch results against original..."
+$CMP $SEARCHFLT $LDIFOUT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - empty DN write operations did not complete correctly"
+ exit 1
+fi
+
+echo "Comparison of database generated via slapadd succeeded"
+
+echo "Cleaning up database directories..."
+/bin/rm -rf $TESTDIR/db.*
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd empty DN handling..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Loading database..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ -f $LDIFEMPTYDN1 > /dev/null 2>&1
+$LDAPADD -D "$EMPTYDNDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ -f $LDIFEMPTYDN2 > /dev/null 2>&1
+
+$LDAPMODIFY -D "$EMPTYDNDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ > /dev/null 2>&1 << EOF
+dn: o=Beispiel,c=DE
+changetype: delete
+
+dn: c=DE
+changetype: delete
+EOF
+
+echo "Searching database..."
+
+$LDAPSEARCH -b "" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIFOUT=$EMPTYDNOUT2
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Comparing ldapsearch results against original..."
+$CMP $SEARCHFLT $LDIFOUT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - empty DN write operations did not complete correctly"
+ exit 1
+fi
+
+#####
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test027-emptydn
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test028-idassert
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test028-idassert (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test028-idassert 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,252 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test028-idassert,v 1.7.2.5 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+echo "### This test requires the LDAP backend and the rwm overlay."
+echo "### If available, and explicitly requested, it can use SASL bind;"
+echo "### note that SASL must be properly set up, and the requested"
+echo "### mechanism must be available. Define SLAPD_USE_SASL={yes|<mech>},"
+echo "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]."
+
+if test $BACKLDAP = "ldapno" ; then
+ echo "LDAP backend not available, test skipped"
+ exit 0
+fi
+
+if test $RWM = "rwmno" ; then
+ echo "Rewrite/remap overlay not available, test skipped"
+ exit 0
+fi
+
+if test $THREADS = "threadsno" ; then
+ echo "Need threads support, test skipped"
+ exit 0
+fi
+
+if test $WITH_SASL = "yes" ; then
+ if test $USE_SASL != "no" ; then
+ if test $USE_SASL = "yes" ; then
+ MECH="DIGEST-MD5"
+ else
+ MECH="$USE_SASL"
+ fi
+ echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable"
+ else
+ echo "Using proxyAuthz with simple authc..."
+ fi
+else
+ echo "SASL not available; using proxyAuthz with simple authc..."
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $IDASSERTCONF > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFIDASSERT1 -n 1
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd -n 1 failed ($RC)!"
+ exit $RC
+fi
+$SLAPADD -f $ADDCONF -l $LDIFIDASSERT2 -n 2
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd -n 2 failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT..."
+. $CONFFILTER $BACKEND $MONITORDB < $IDASSERTCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Testing ldapwhoami as proxy US..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+AUTHZID="u:it/jaj"
+echo "Testing ldapwhoami as proxy US, $AUTHZID..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+AUTHZID="u:bjorn"
+echo "Testing ldapwhoami as proxy US, $AUTHZID... (should fail)"
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
+RC=$?
+if test $RC != 1 ; then
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+AUTHZID="u:bjensen"
+echo "Testing ldapwhoami as proxy US, $AUTHZID... (should fail)"
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
+RC=$?
+if test $RC != 1 ; then
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing ldapwhoami as proxy IT..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+AUTHZID="u:it/jaj"
+echo "Testing ldapwhoami as proxy IT, $AUTHZID... (should fail)"
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
+RC=$?
+if test $RC != 1 ; then
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+AUTHZID="u:bjorn"
+echo "Testing ldapwhoami as proxy IT, $AUTHZID... (should fail)"
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
+RC=$?
+if test $RC != 1 ; then
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+AUTHZID="dn:cn=Sandbox,ou=Admin,dc=example,dc=com"
+echo "Testing ldapwhoami as proxy IT, $AUTHZID..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+AUTHZID="dn:uid=bjorn,ou=People,o=Example,c=US"
+echo "Testing ldapwhoami as bjorn, $AUTHZID..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "uid=bjorn,ou=people,dc=example,dc=com" -w bjorn -e\!"authzid=$AUTHZID"
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+AUTHZID="dn:uid=bjorn,ou=People,o=Esempio,c=IT"
+echo "Testing ldapwhoami as bjorn, $AUTHZID..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "uid=bjorn,ou=people,dc=example,dc=com" -w bjorn -e\!"authzid=$AUTHZID"
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+ID="uid=jaj,ou=People,dc=example,dc=it"
+BASE="o=Example,c=US"
+echo "Testing ldapsearch as $ID for \"$BASE\"..."
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \
+ -D "$ID" -w jaj > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $IDASSERTOUT > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - search with identity assertion didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+if test $USE_SASL != "no" ; then
+ ID="it/jaj"
+ BASE="o=Example,c=US"
+ echo "Testing ldapsearch as $ID for \"$BASE\" with SASL bind and identity assertion..."
+ $LDAPSASLSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \
+ -Q -U "$ID" -w jaj -Y $MECH > $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Filtering ldapsearch results..."
+ . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+ echo "Filtering original ldif used to create database..."
+ . $LDIFFILTER < $IDASSERTOUT > $LDIFFLT
+ echo "Comparing filter output..."
+ $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+ if test $? != 0 ; then
+ echo "comparison failed - search with SASL bind and identity assertion didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
+
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test028-idassert
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test029-ldapglue
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test029-ldapglue (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test029-ldapglue 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,222 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test029-ldapglue,v 1.3.2.5 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+echo "### This test requires the ldap backend and glue overlay."
+echo "### If available, and explicitly requested, it can use SASL bind;"
+echo "### note that SASL must be properly set up, and the requested"
+echo "### mechanism must be available. Define SLAPD_USE_SASL={yes|<mech>},"
+echo "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]."
+
+if test $BACKLDAP = "ldapno" ; then
+ echo "LDAP backend not available, test skipped"
+ exit 0
+fi
+
+if test $WITH_SASL = "yes" ; then
+ if test $USE_SASL != "no" ; then
+ if test $USE_SASL = "yes" ; then
+ MECH="DIGEST-MD5"
+ else
+ MECH="$USE_SASL"
+ fi
+ echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable"
+ else
+ echo "Using proxyAuthz with simple authc..."
+ fi
+else
+ echo "SASL not available; using proxyAuthz with simple authc..."
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2 $DBDIR3
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $LDAPGLUECONF1 > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFLDAPGLUE1
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd 1 failed ($RC)!"
+ exit $RC
+fi
+
+. $CONFFILTER $BACKEND $MONITORDB < $LDAPGLUECONF2 > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFLDAPGLUE2
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd 2 failed ($RC)!"
+ exit $RC
+fi
+
+. $CONFFILTER $BACKEND $MONITORDB < $LDAPGLUECONF3 > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFLDAPGLUE3
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd 3 failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting local slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $LDAPGLUECONF1 > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID1=$!
+if test $WAIT != 0 ; then
+ echo PID $PID1
+ read foo
+fi
+
+echo "Starting remote slapd 1 on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND $MONITORDB < $LDAPGLUECONF2 > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+PID2=$!
+if test $WAIT != 0 ; then
+ echo PID $PID2
+ read foo
+fi
+
+echo "Starting remote slapd 2 on TCP/IP port $PORT3..."
+. $CONFFILTER $BACKEND $MONITORDB < $LDAPGLUECONF3 > $CONF3
+$SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 &
+PID3=$!
+if test $WAIT != 0 ; then
+ echo PID $PID3
+ read foo
+fi
+KILLPIDS="$PID1 $PID2 $PID3"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT3 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+ID="uid=bjorn,ou=People,dc=example,dc=com"
+BASE="dc=example,dc=com"
+echo "Testing ldapsearch as $ID for \"$BASE\"..."
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \
+ -D "$ID" -w bjorn > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDAPGLUEOUT > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - glued search with identity assertion didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+BASE="dc=example,dc=com"
+echo "Testing ldapsearch as anonymous for \"$BASE\"..."
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \
+ > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDAPGLUEANONYMOUSOUT > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - anonymous glued search with identity assertion didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+# FIXME: this cannot work as is, because SASL bind cannot be proxied!
+if test $USE_SASL != "no" ; then
+ ID="bjorn"
+ BASE="dc=example,dc=com"
+ echo "Testing ldapsearch as $ID for \"$BASE\" with SASL bind and identity assertion..."
+ $LDAPSASLSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \
+ -Q -U "$ID" -w bjorn -Y $MECH > $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Filtering ldapsearch results..."
+ . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+ echo "Filtering original ldif used to create database..."
+ . $LDIFFILTER < $LDAPGLUEOUT > $LDIFFLT
+ echo "Comparing filter output..."
+ $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+ if test $? != 0 ; then
+ echo "comparison failed - glued search with SASL bind and identity assertion didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
+
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test029-ldapglue
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test030-relay
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test030-relay (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test030-relay 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,107 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test030-relay,v 1.5.2.7 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $RWM = rwmno ; then
+ echo "rwm (Rewrite/remap) overlay not available, test skipped"
+ exit 0
+fi
+
+echo ""
+
+if test "x$RELAYS" = "x" ; then
+ RELAYS=
+ # back-relay
+ if test $BACKRELAY = relayno ; then
+ echo "relay backend not available, test skipped"
+ else
+ if test "x$RELAYS" != "x" ; then
+ RELAYS="${RELAYS} "
+ fi
+ RELAYS="${RELAYS}relay"
+ fi
+
+ # back-ldap
+ if test $BACKLDAP = ldapno ; then
+ echo "ldap backend not available, test skipped"
+ else
+ if test $THREADS = "threadsno" ; then
+ echo "Need threads support, test skipped"
+ else
+ if test "x$RELAYS" != "x" ; then
+ RELAYS="${RELAYS} "
+ fi
+ RELAYS="${RELAYS}ldap"
+ fi
+ fi
+
+ # back-meta
+ if test $BACKMETA = metano ; then
+ echo "meta backend not available, test skipped"
+ else
+ if test $THREADS = "threadsno" ; then
+ echo "Need threads support, test skipped"
+ else
+ if test "x$RELAYS" != "x" ; then
+ RELAYS="${RELAYS} "
+ fi
+ RELAYS="${RELAYS}meta"
+ fi
+ fi
+fi
+
+if test "x$RELAYS" = "x" ; then
+ echo "no relaying capable backend is available"
+ echo ">>>>> Test succeeded"
+ exit 0
+fi
+
+echo "Testing virtual naming context mapping with $RELAYS backend(s)..."
+echo ""
+
+first=1
+for RELAY in $RELAYS ; do
+ RUNIT=yes
+ if test $THREADS = "threadsno" ; then
+ case $RELAY in
+ ldap|meta)
+ echo "Need threads support, test skipped"
+ RUNIT=no
+ ;;
+ esac
+ fi
+
+ if test $RUNIT = yes ; then
+ if test $first = 1 ; then
+ first=0
+ else
+ echo ">>>>> waiting 10 seconds for things to exit"
+ sleep 10
+ echo ""
+
+ rm -rf $TESTDIR
+ fi
+
+ mkdir -p $TESTDIR $DBDIR1
+
+ . $SRCDIR/scripts/relay
+ fi
+done
+
+echo ">>>>> Test succeeded"
+exit 0
+
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test030-relay
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test031-component-filter
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test031-component-filter (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test031-component-filter 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,327 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test031-component-filter,v 1.7.2.9 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+## If you use this script then
+## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes
+## and --enable-modules is configured yes
+if test "$AC_WITH_MODULES_ENABLED" != "yes" ; then
+ echo "dynamic module disabled, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1
+
+## Make sure that you set a proper path to component matching
+## module directory in $COMPCONF
+## moduleload path/to/component/library/compmatch.la
+## otherwise it fails to execute slapd
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $COMPCONF > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFCOMPMATCH
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ echo "Be sure to have a certificate module in tests/data/comp_libs "
+ echo "The module is in openldap/contrib/slapd-modules/comp_match"
+ echo "Test skipped."
+ exit 0
+fi
+
+echo "Running slapindex to index slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+$SLAPINDEX -f $CONF1
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $ADDCONF -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+echo "Testing Component Filter Match RFC3687 Certificate searching:"
+echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.serialNumber\", rule allComponentsMatch, value 0 })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.version\", rule allComponentsMatch, value 2 })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.0\", rule integerMatch, value 3 })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnID\", rule allComponentsMatch, value 2.5.29.14 })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=not:item:{ component \"toBeSigned.extensions.\2a\", rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# extraction filter
+FILTER="(x509CertificateIssuer=c=US)"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# extraction filter
+FILTER="(x509CertificateSerial=0)"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# extraction filter
+FILTER="(x509CertificateSerialAndIssuer:certificateExactMatch:=0\$c=US)"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(certificateRevocationList:componentFilterMatch:=item:{ component \"tbsCertList.revokedCertificates.\2a.userCertificate\", rule integerMatch, value 952069669 })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $COMPSEARCHOUT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test031-component-filter
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test032-chain
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test032-chain (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test032-chain 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,311 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test032-chain,v 1.4.2.8 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $BACKLDAP = "ldapno" ; then
+ echo "LDAP backend not available, test skipped"
+ exit 0
+fi
+
+rm -rf $TESTDIR
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF1 > $ADDCONF
+. $CONFFILTER < $LDIFCHAIN1 > $SEARCHOUT
+$SLAPADD -f $ADDCONF -l $SEARCHOUT
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd 1 failed ($RC)!"
+ exit $RC
+fi
+
+. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF2 > $ADDCONF
+. $CONFFILTER < $LDIFCHAIN2 > $SEARCHOUT
+$SLAPADD -f $ADDCONF -l $SEARCHOUT
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd 2 failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting first slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF1 > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID1=$!
+if test $WAIT != 0 ; then
+ echo PID $PID1
+ read foo
+fi
+KILLPIDS="$PID1"
+
+echo "Starting second slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF2 > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+PID2=$!
+if test $WAIT != 0 ; then
+ echo PID $PID2
+ read foo
+fi
+
+KILLPIDS="$KILLPIDS $PID2"
+
+sleep 1
+
+echo "Using ldapsearch to check that first slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check that second slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+for P in $PORT1 $PORT2 ; do
+ echo "Testing ldapsearch as anonymous for \"$BASEDN\" on port $P..."
+ $LDAPSEARCH -h $LOCALHOST -p $P -b "$BASEDN" -S "" \
+ > $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Filtering ldapsearch results..."
+ . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+ echo "Filtering original ldif used to create database..."
+ . $LDIFFILTER < $CHAINOUT > $LDIFFLT
+ echo "Comparing filter output..."
+ $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+ if test $? != 0 ; then
+ echo "comparison failed - chained search didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+
+ echo "Reading the referral entry "ou=Other,$BASEDN" as anonymous on port $P..."
+ $LDAPSEARCH -h $LOCALHOST -p $P -b "ou=Other,$BASEDN" -S "" \
+ > $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Filtering ldapsearch results..."
+ . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+ echo "Filtering original ldif used to create database..."
+ . $LDIFFILTER < $CHAINREFOUT > $LDIFFLT
+ echo "Comparing filter output..."
+ $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+ if test $? != 0 ; then
+ echo "comparison failed - chained search didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+
+ DN="cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN"
+ echo "Comparing \"$DN\" on port $P..."
+ $LDAPCOMPARE -h $LOCALHOST -p $P "$DN" "cn:Mark Elliot" \
+ > $TESTOUT 2>&1
+
+ RC=$?
+ if test $RC != 6 ; then
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ DN="ou=Other,$BASEDN"
+ echo "Comparing \"$DN\" on port $P with manageDSAit control..."
+ $LDAPCOMPARE -h $LOCALHOST -p $P -M "$DN" "ou:Other" \
+ > $TESTOUT 2>&1
+
+ RC=$?
+ if test $RC != 6 ; then
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+done
+
+#
+# Testing writes to first server
+#
+echo "Writing to first server with scope on second server..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=New Group,ou=Groups,dc=example,dc=com
+changetype: add
+objectClass: groupOfNames
+cn: New Group
+member:
+
+dn: cn=New Group,ou=Groups,dc=example,dc=com
+changetype: modify
+add: description
+description: testing chain overlay writes...
+-
+replace: member
+member: cn=New Group,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+-
+add: owner
+owner: cn=Manager,dc=example,dc=com
+-
+
+dn: cn=New Group,ou=Groups,dc=example,dc=com
+changetype: modrdn
+newrdn: cn=Renamed Group
+deleteoldrdn: 1
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: delete
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+#
+# Testing writes to second server
+#
+echo "Writing to second server with scope on first server..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=New User,ou=People,dc=example,dc=com
+changetype: add
+objectClass: person
+cn: New User
+sn: User
+seeAlso: cn=New Group,ou=Groups,dc=example,dc=com
+
+dn: cn=New User,ou=People,dc=example,dc=com
+changetype: modify
+add: description
+description: testing chain overlay writes...
+-
+replace: seeAlso
+seeAlso: cn=Renamed Group,ou=Groups,dc=example,dc=com
+-
+
+dn: cn=New User,ou=People,dc=example,dc=com
+changetype: modrdn
+newrdn: cn=Renamed User
+deleteoldrdn: 1
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: delete
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+for P in $PORT1 $PORT2 ; do
+ echo "Testing ldapsearch as anonymous for \"$BASEDN\" on port $P..."
+ $LDAPSEARCH -h $LOCALHOST -p $P -b "$BASEDN" -S "" \
+ > $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Filtering ldapsearch results..."
+ . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+ echo "Filtering original ldif used to create database..."
+ . $LDIFFILTER < $CHAINMODOUT > $LDIFFLT
+ echo "Comparing filter output..."
+ $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+ if test $? != 0 ; then
+ echo "comparison failed - chained search didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+done
+
+NEWPW=newsecret
+echo "Using ldappasswd on second server with scope on first server..."
+$LDAPPASSWD -h $LOCALHOST -p $PORT2 \
+ -w secret -s $NEWPW \
+ -D "$MANAGERDN" "$BJORNSDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Binding with newly changed password on first server..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 \
+ -D "$BJORNSDN" -w $NEWPW
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
+
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test032-chain
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test033-glue-syncrepl
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test033-glue-syncrepl (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test033-glue-syncrepl 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,169 @@
+#! /bin/sh
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+if test "$BACKEND" != "bdb" && test "$BACKEND" != "hdb" ; then
+ echo "Test does not support $BACKEND"
+ exit 0
+fi
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $SYNCPROV = syncprovno; then
+ echo "Syncrepl provider overlay not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR1C $DBDIR2A $DBDIR2B
+
+echo "Running slapadd to build glued slapd databases..."
+. $CONFFILTER $BACKEND $MONITORDB < $GLUECONF > $CONF1
+$SLAPADD -d $LVL -f $CONF1 -l $LDIFORDERED > $SLAPADDLOG1 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+rm -f $DBDIR1A/* $DBDIR1B/*
+cp -pr $DBDIR1C $DBDIR2C
+
+echo "Starting slapd 1 on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $GLUESYNCCONF1 > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd 1 is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Starting slapd 2 on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND $MONITORDB < $GLUESYNCCONF2 > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd 2 is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+SUBTREE1="ou=Information Technology Division,ou=People,dc=example,dc=com"
+SUBTREE2="ou=Groups,dc=example,dc=com"
+
+echo "Using ldapadd to populate subtree=\"${SUBTREE1}\" on port $PORT1..."
+$LDAPADD -D "cn=Manager 1,$BASEDN" -w $PASSWD -h $LOCALHOST -p $PORT1 \
+ -f $LDIFORDERED -c \
+ > /dev/null 2>&1
+RC=$?
+case $RC in
+0)
+ echo "ldapadd should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+10|68)
+ # Fine if we get alreadyExists or referrals
+ ;;
+*)
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Using ldapadd to populate subtree=\"${SUBTREE2}\" on port $PORT2..."
+$LDAPADD -D "cn=Manager 2,$BASEDN" -w $PASSWD -h $LOCALHOST -p $PORT2 \
+ -f $LDIFORDERED -c \
+ > /dev/null 2>&1
+RC=$?
+case $RC in
+0)
+ echo "ldapadd should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+10|68)
+ # Fine if we get alreadyExists or referrals
+ ;;
+*)
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SLEEP=15
+echo "Waiting $SLEEP seconds for shadow subtrees to sync..."
+sleep $SLEEP
+
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $GLUESYNCOUT > $LDIFFLT
+
+for P in $PORT1 $PORT2 ; do
+ echo "Using ldapsearch to read all the entries from port $P..."
+ $LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $P \
+ -S "" '(objectclass=*)' > "${SEARCHOUT}.${P}" 2>&1
+ RC=$?
+
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Filtering ldapsearch results..."
+ . $LDIFFILTER < "${SEARCHOUT}.${P}" > $SEARCHFLT
+ echo "Comparing filter output..."
+ $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+ if test $? != 0 ; then
+ echo "comparison failed - database was not created correctly"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+done
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test033-glue-syncrepl
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test034-translucent
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test034-translucent (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test034-translucent 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,744 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test034-translucent,v 1.1.2.7 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+PERSONAL="(objectClass=inetOrgPerson)"
+NOWHERE="/dev/null"
+FAILURE="additional info:"
+
+if test $TRANSLUCENT = translucentno ; then
+ echo "Translucent Proxy overlay not available, test skipped"
+ exit 0
+fi
+
+if test $BACKEND = ldbm ; then
+ echo "Translucent Proxy overlay not qualified for use with LDBM, test skipped"
+ exit 0
+fi
+
+if test $AC_ldap = ldapno ; then
+ echo "Translucent Proxy overlay requires back-ldap backend, test skipped"
+ exit 0
+fi
+
+# configure backside
+mkdir -p $TESTDIR $DBDIR1
+
+. $CONFFILTER $BACKEND $MONITORDB < $TRANSLUCENTREMOTECONF > $CONF1
+echo "Running slapadd to build remote slapd database..."
+$SLAPADD -f $CONF1 -l $LDIFTRANSLUCENTCONFIG
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting remote slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+REMOTEPID="$PID"
+KILLPIDS="$PID"
+
+sleep 1
+
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for remote slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# configure frontside
+mkdir -p $DBDIR2
+
+. $CONFFILTER $BACKEND $MONITORDB < $TRANSLUCENTLOCALCONF > $CONF2
+
+echo "Starting local slapd on TCP/IP port $PORT2..."
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+LOCALPID="$PID"
+KILLPIDS="$LOCALPID $REMOTEPID"
+
+sleep 1
+
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for local slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing slapd Translucent Proxy operations..."
+
+echo "Testing search: no remote data defined..."
+
+$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" >$SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+if test -s $SEARCHOUT; then
+ echo "ldapsearch should have returned no records!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Populating remote database..."
+
+$LDAPADD -D "$TRANSLUCENTROOT" -H $URI1 \
+ -w $PASSWD < $LDIFTRANSLUCENTDATA > $NOWHERE 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing search: remote database via local slapd..."
+
+$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+. $LDIFFILTER < $LDIFTRANSLUCENTDATA > $LDIFFLT
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed -- corruption from remote to local!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing add: prohibited local record..."
+
+$LDAPADD -D "$TRANSLUCENTDN" -H $URI2 \
+ -w $TRANSLUCENTPASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1
+
+RC=$?
+if test $RC != 50 ; then
+ echo "ldapadd failed ($RC), expected INSUFFICIENT ACCESS!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing add: valid local record, no_glue..."
+
+$LDAPADD -v -v -v -D "$TRANSLUCENTROOT" -H $URI2 \
+ -w $PASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1
+
+RC=$?
+if test $RC != 32 ; then
+ echo "ldapadd failed ($RC), expected NO SUCH OBJECT!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing modrdn: valid local record, no_glue..."
+
+$LDAPMODRDN -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy'
+
+RC=$?
+if test $RC != 32 ; then
+ echo "ldapmodrdn failed ($RC), expected NO SUCH OBJECT!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Shutting down local slapd..."
+kill -HUP $LOCALPID
+sleep 5
+
+echo "Configuring local slapd without translucent_no_glue..."
+. $CONFFILTER $BACKEND $MONITORDB < $TRANSLUCENTLOCALCONF | \
+ grep -v translucent_no_glue > $CONF2
+
+echo "Restarting local slapd on TCP/IP port $PORT2..."
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING >> $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+LOCALPID="$PID"
+KILLPIDS="$REMOTEPID $PID"
+
+sleep 1
+
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for local slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing add: valid local record..."
+
+$LDAPADD -D "$TRANSLUCENTROOT" -H $URI2 \
+ -w $PASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing search: data merging..."
+
+$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+$CMP $SEARCHFLT $LDIFTRANSLUCENTMERGED > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed -- local data failed to merge with remote!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing compare: valid local..."
+
+$LDAPCOMPARE -z -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
+ "uid=danger,ou=users,o=translucent" "carLicense:LIVID"
+
+RC=$?
+if test $RC != 6 ; then
+ echo "ldapcompare failed ($RC), expected TRUE!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing compare: valid remote..."
+
+$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
+ "uid=binder,o=translucent" "businessCategory:binder-test-user"
+
+RC=$?
+if test $RC != 6 ; then
+ echo "ldapcompare failed ($RC), expected TRUE!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing compare: bogus local..."
+
+$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
+ "uid=danger,ou=users,o=translucent" "businessCategory:invalid-test-value"
+
+RC=$?
+if test $RC != 5 ; then
+ echo "ldapcompare failed ($RC), expected FALSE!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing compare: bogus remote..."
+
+$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
+ "uid=binder,o=translucent" "businessCategory:invalid-test-value"
+
+RC=$?
+if test $RC != 5 ; then
+ echo "ldapcompare failed ($RC), expected FALSE!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing modify: nonexistent record..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF_MOD
+version: 1
+dn: uid=bogus,ou=users,o=translucent
+changetype: modify
+replace: roomNumber
+roomNumber: 31J-2112
+EOF_MOD
+
+RC=$?
+if test $RC != 32 ; then
+ echo "ldapmodify failed ($RC), expected NO SUCH OBJECT!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing modify: valid local record, nonexistent attribute..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF_MOD1
+version: 1
+dn: uid=danger,ou=users,o=translucent
+changetype: modify
+replace: roomNumber
+roomNumber: 9N-21
+EOF_MOD1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPSEARCH -H $URI2 -b "uid=danger,ou=users,o=translucent" > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+ATTR=`grep roomNumber $SEARCHOUT` > $NOWHERE 2>&1
+if test "$ATTR" != "roomNumber: 9N-21" ; then
+ echo "modification failed!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing search: specific nonexistent remote attribute..."
+
+$LDAPSEARCH -H $URI2 -b "uid=danger,ou=users,o=translucent" roomNumber > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing modify: nonexistent local record, nonexistent attribute..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF_MOD2
+version: 1
+dn: uid=fred,ou=users,o=translucent
+changetype: modify
+replace: roomNumber
+roomNumber: 31J-2112
+EOF_MOD2
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+ATTR=`grep roomNumber $SEARCHOUT` > $NOWHERE 2>&1
+if test "$ATTR" != "roomNumber: 31J-2112" ; then
+ echo "modification failed!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing modify: valid remote record, nonexistent attribute..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF_MOD9
+version: 1
+dn: uid=fred,ou=users,o=translucent
+changetype: modify
+delete: preferredLanguage
+EOF_MOD9
+
+RC=$?
+if test $RC != 16 ; then
+ echo "ldapmodify failed ($RC), expected NO SUCH ATTRIBUTE!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing delete: valid local record, nonexistent attribute..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF_MOD4
+version: 1
+dn: uid=fred,ou=users,o=translucent
+changetype: modify
+delete: roomNumber
+EOF_MOD4
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing modrdn: prohibited local record..."
+
+$LDAPMODRDN -D "$TRANSLUCENTDN" -H $URI2 -w $TRANSLUCENTPASSWD > \
+ $TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy'
+
+RC=$?
+if test $RC != 50 ; then
+ echo "ldapmodrdn failed ($RC), expected INSUFFICIENT ACCESS!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing modrdn: valid local record..."
+
+$LDAPMODRDN -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy'
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodrdn failed ($RC)!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing delete: prohibited local record..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTDN" -H $URI2 -w $TRANSLUCENTPASSWD > \
+ $TESTOUT 2>&1 << EOF_DEL2
+version: 1
+dn: uid=someguy,ou=users,o=translucent
+changetype: delete
+EOF_DEL2
+
+RC=$?
+if test $RC != 50 ; then
+ echo "ldapadd failed ($RC), expected INSUFFICIENT ACCESS!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing delete: valid local record..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF_DEL3
+version: 1
+dn: uid=someguy,ou=users,o=translucent
+changetype: delete
+EOF_DEL3
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing delete: valid remote record..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF_DEL8
+version: 1
+dn: uid=fred,ou=users,o=translucent
+changetype: delete
+EOF_DEL8
+
+RC=$?
+if test $RC != 32 ; then
+ echo "ldapmodify failed ($RC), expected NO SUCH OBJECT!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing delete: nonexistent local record, nonexistent attribute..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF_DEL1
+version: 1
+dn: uid=fred,ou=users,o=translucent
+changetype: modify
+delete: roomNumber
+EOF_DEL1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing delete: valid local record, nonexistent attribute..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF_MOD8
+version: 1
+dn: uid=danger,ou=users,o=translucent
+changetype: modify
+delete: preferredLanguage
+EOF_MOD8
+
+RC=$?
+if test $RC != 16 ; then
+ echo "ldapmodify failed ($RC), expected NO SUCH ATTRIBUTE!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing delete: valid local record, remote attribute..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF_MOD8
+version: 1
+dn: uid=danger,ou=users,o=translucent
+changetype: modify
+delete: initials
+EOF_MOD8
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing modify: valid remote record, combination add-modify-delete..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF_MOD6
+version: 1
+dn: uid=fred,ou=users,o=translucent
+changetype: modify
+delete: carLicense
+-
+add: preferredLanguage
+preferredLanguage: ISO8859-1
+-
+replace: employeeType
+employeeType: consultant
+EOF_MOD6
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+ATTR=`grep employeeType $SEARCHOUT` > $NOWHERE 2>&1
+if test "$ATTR" != "employeeType: consultant" ; then
+ echo "modification failed!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+ATTR=`grep preferredLanguage $SEARCHOUT` > $NOWHERE 2>&1
+if test "$ATTR" != "preferredLanguage: ISO8859-1" ; then
+ echo "modification failed!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Shutting down local slapd..."
+kill -HUP $LOCALPID
+sleep 5
+
+echo "Configuring local slapd with translucent_strict..."
+echo translucent_strict >> $CONF2
+
+echo "Restarting slapd on TCP/IP port $PORT2..."
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING >> $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+LOCALPID="$PID"
+KILLPIDS="$REMOTEPID $PID"
+
+sleep 1
+
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for local slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing strict mode delete: nonexistent local attribute..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF_MOD5
+version: 1
+dn: uid=example,ou=users,o=translucent
+changetype: modify
+delete: preferredLanguage
+EOF_MOD5
+
+RC=$?
+if test $RC != 19 ; then
+ echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing strict mode delete: nonexistent remote attribute..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF_MOD3
+version: 1
+dn: uid=danger,ou=users,o=translucent
+changetype: modify
+delete: displayName
+EOF_MOD3
+
+RC=$?
+if test $RC != 19 ; then
+ echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Testing strict mode modify: combination add-modify-delete..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF_MOD6
+version: 1
+dn: uid=example,ou=users,o=translucent
+changetype: modify
+delete: carLicense
+-
+add: preferredLanguage
+preferredLanguage: ISO8859-1
+-
+replace: employeeType
+employeeType: consultant
+EOF_MOD6
+
+RC=$?
+if test $RC != 19 ; then
+ echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test034-translucent
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test035-meta
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test035-meta (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test035-meta 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,657 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test035-meta,v 1.4.2.9 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+echo ""
+
+if test $BACKMETA = metano ; then
+ echo "meta backend not available, test skipped"
+ exit 0
+fi
+
+rm -rf $TESTDIR
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to populate the database..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDERED > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND $MONITORDB < $METACONF2 > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to populate the database..."
+$LDAPADD -D "$METAMANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD < \
+ $LDIFMETA >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT3..."
+. $CONFFILTER $BACKEND $MONITORDB < $METACONF > $CONF3
+$SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT3 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+BASEDN="o=Example,c=US"
+echo "Searching base=\"$BASEDN\"..."
+echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" >> $SEARCHOUT 2>&1
+RC=$?
+#if test $RC != 0 ; then
+# echo "Search failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+#fi
+case $RC in
+ 0)
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 0
+ ;;
+ *)
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+# ITS#4195: spurious matchedDN when the search scopes the main target,
+# and the searchBase is not present, so that target returns noSuchObject
+BASEDN="ou=Meta,o=Example,c=US"
+echo "Searching base=\"$BASEDN\"..."
+echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" >> $SEARCHOUT 2>&1
+RC=$?
+#if test $RC != 0 ; then
+# echo "Search failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+#fi
+case $RC in
+ 0)
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 0
+ ;;
+ *)
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+#
+# Do some modifications
+#
+
+BASEDN="o=Example,c=US"
+echo "Modifying database \"$BASEDN\"..."
+$LDAPMODIFY -v -D "cn=Manager,$BASEDN" -h $LOCALHOST -p $PORT3 -w $PASSWD \
+ -M >> $TESTOUT 2>&1 << EOMODS
+# These operations (updates with objectClass mapping) triggered ITS#3499
+dn: cn=Added Group,ou=Groups,$BASEDN
+changetype: add
+objectClass: groupOfNames
+objectClass: uidObject
+cn: Added Group
+member: cn=Added Group,ou=Groups,$BASEDN
+uid: added
+
+dn: cn=Another Added Group,ou=Groups,$BASEDN
+changetype: add
+objectClass: groupOfNames
+cn: Another Added Group
+member: cn=Added Group,ou=Groups,$BASEDN
+member: cn=Another Added Group,ou=Groups,$BASEDN
+
+dn: cn=Another Added Group,ou=Groups,$BASEDN
+changetype: modify
+add: objectClass
+objectClass: uidObject
+-
+add: uid
+uid: added
+-
+
+dn: cn=Added Group,ou=Groups,$BASEDN
+changetype: modify
+delete: objectClass
+objectClass: uidObject
+-
+delete: uid
+-
+
+dn: ou=Meta,$BASEDN
+changetype: modify
+add: description
+description: added to "ou=Meta,$BASEDN"
+-
+
+dn: ou=Who's going to handle this?,$BASEDN
+changetype: add
+objectClass: organizationalUnit
+ou: Who's going to handle this?
+description: added
+description: will be deleted
+
+dn: ou=Same as above,$BASEDN
+changetype: add
+objectClass: organizationalUnit
+ou: Same as above
+description: added right after "Who's going to handle this?"
+description: will be preserved
+
+dn: ou=Who's going to handle this?,$BASEDN
+changetype: delete
+
+dn: ou=Who's going to handle this?,ou=Meta,$BASEDN
+changetype: add
+objectClass: organizationalUnit
+ou: Who's going to handle this?
+description: added
+description: will be deleted
+
+dn: ou=Same as above,ou=Meta,$BASEDN
+changetype: add
+objectClass: organizationalUnit
+ou: Same as above
+description: added right after "Who's going to handle this?"
+description: will be preserved
+
+dn: cn=Added User,ou=Same as above,ou=Meta,$BASEDN
+changetype: add
+objectClass: inetOrgPerson
+cn: Added User
+sn: User
+userPassword: secret
+
+dn: ou=Who's going to handle this?,ou=Meta,$BASEDN
+changetype: delete
+EOMODS
+
+RC=$?
+#if test $RC != 0 ; then
+# echo "Modify failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+#fi
+case $RC in
+ 0)
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 0
+ ;;
+ *)
+ echo "Modify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Searching base=\"$BASEDN\"..."
+echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" >> $SEARCHOUT 2>&1
+RC=$?
+#if test $RC != 0 ; then
+# echo "Search failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+#fi
+case $RC in
+ 0)
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 0
+ ;;
+ *)
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+BASEDN="o=Example,c=US"
+echo " base=\"$BASEDN\"..."
+echo "# base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" -M "$FILTER" '*' ref \
+ >> $SEARCHOUT 2>&1
+RC=$?
+#if test $RC != 0 ; then
+# echo "Search failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+#fi
+case $RC in
+ 0)
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 0
+ ;;
+ *)
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+BASEDN="o=Example,c=US"
+FILTER="(seeAlso=cn=all staff,ou=Groups,$BASEDN)"
+echo "Searching filter=\"$FILTER\""
+echo " attrs=\"seeAlso\""
+echo " base=\"$BASEDN\"..."
+echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT
+echo "# attrs=\"seeAlso\"" >> $SEARCHOUT
+echo "# base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" "$FILTER" seeAlso \
+ >> $SEARCHOUT 2>&1
+RC=$?
+#if test $RC != 0 ; then
+# echo "Search failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+#fi
+case $RC in
+ 0)
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 0
+ ;;
+ *)
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+FILTER="(uid=example)"
+echo "Searching filter=\"$FILTER\""
+echo " attrs=\"uid\""
+echo " base=\"$BASEDN\"..."
+echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT
+echo "# attrs=\"uid\"" >> $SEARCHOUT
+echo "# base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" "$FILTER" uid \
+ >> $SEARCHOUT 2>&1
+RC=$?
+#if test $RC != 0 ; then
+# echo "Search failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+#fi
+case $RC in
+ 0)
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 0
+ ;;
+ *)
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+FILTER="(member=cn=Another Added Group,ou=Groups,$BASEDN)"
+echo "Searching filter=\"$FILTER\""
+echo " attrs=\"member\""
+echo " base=\"$BASEDN\"..."
+echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT
+echo "# attrs=\"member\"" >> $SEARCHOUT
+echo "# base=\"$BASEDN\"..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" "$FILTER" member \
+ >> $SEARCHOUT 2>&1
+RC=$?
+#if test $RC != 0 ; then
+# echo "Search failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+#fi
+case $RC in
+ 0)
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 0
+ ;;
+ *)
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Waiting 10 seconds for cached connections to timeout..."
+sleep 10
+
+echo "Searching with a timed out connection..."
+echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT
+echo "# attrs=\"member\"" >> $SEARCHOUT
+echo "# base=\"$BASEDN\"" >> $SEARCHOUT
+echo "# with a timed out connection..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -D "cn=Manager,$BASEDN" -w $PASSWD \
+ -b "$BASEDN" "$FILTER" member \
+ >> $SEARCHOUT 2>&1
+RC=$?
+#if test $RC != 0 ; then
+# echo "Search failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+#fi
+case $RC in
+ 0)
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 0
+ ;;
+ *)
+ echo "Search failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $METAOUT > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - meta search/modification didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+BASEDN="o=Example,c=US"
+echo "Changing password to database \"$BASEDN\"..."
+$LDAPPASSWD -h $LOCALHOST -p $PORT3 -D "cn=Manager,$BASEDN" -w $PASSWD \
+ -s $PASSWD "cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN" \
+ >> $TESTOUT 2>&1
+RC=$?
+#if test $RC != 0 ; then
+# echo "Passwd ExOp failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+#fi
+case $RC in
+ 0)
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 0
+ ;;
+ *)
+ echo "Passwd ExOp failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Binding with newly changed password to database \"$BASEDN\"..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT3 \
+ -D "cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN" \
+ -w $PASSWD >> $TESTOUT 2>&1
+RC=$?
+#if test $RC != 0 ; then
+# echo "WhoAmI failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+#fi
+case $RC in
+ 0)
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ ;;
+ *)
+ echo "WhoAmI failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Binding as newly added user to database \"$BASEDN\"..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT3 \
+ -D "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \
+ -w $PASSWD >> $TESTOUT 2>&1
+RC=$?
+#if test $RC != 0 ; then
+# echo "WhoAmI failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+#fi
+case $RC in
+ 0)
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ ;;
+ *)
+ echo "WhoAmI failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Changing password to database \"$BASEDN\"..."
+$LDAPPASSWD -h $LOCALHOST -p $PORT3 -D "cn=Manager,$BASEDN" -w $PASSWD \
+ -s meta "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \
+ >> $TESTOUT 2>&1
+RC=$?
+#if test $RC != 0 ; then
+# echo "Passwd ExOp failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+#fi
+case $RC in
+ 0)
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 0
+ ;;
+ *)
+ echo "Passwd ExOp failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Binding with newly changed password to database \"$BASEDN\"..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT3 \
+ -D "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \
+ -w meta >> $TESTOUT 2>&1
+RC=$?
+#if test $RC != 0 ; then
+# echo "WhoAmI failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+#fi
+case $RC in
+ 0)
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ ;;
+ *)
+ echo "WhoAmI failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Binding with incorrect password to database \"$BASEDN\"..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT3 \
+ -D "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \
+ -w bogus >> $TESTOUT 2>&1
+RC=$?
+#if test $RC != 0 ; then
+# echo "WhoAmI failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+#fi
+case $RC in
+ 0)
+ echo "WhoAmI should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ ;;
+ *)
+ ;;
+esac
+
+echo "Comparing to database \"$BASEDN\"..."
+$LDAPCOMPARE -h $LOCALHOST -p $PORT3 \
+ "cn=Another Added Group,ou=Groups,$BASEDN" \
+ "member:cn=Added Group,ou=Groups,$BASEDN" >> $TESTOUT 2>&1
+RC=$?
+#if test $RC != 6 ; then
+# echo "Compare failed ($RC)!"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit -1
+#fi
+case $RC in
+ 6)
+ ;;
+ 51)
+ echo "### Hit LDAP_BUSY problem; you may want to re-run the test"
+ ;;
+ *)
+ echo "Compare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
+
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test035-meta
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test036-meta-concurrency
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test036-meta-concurrency (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test036-meta-concurrency 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,223 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test036-meta-concurrency,v 1.6.2.9 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+echo ""
+
+if test $BACKMETA = metano ; then
+ echo "meta backend not available, test skipped"
+ exit 0
+fi
+
+# to be removed some time...
+if test "x$TEST_META" = "xno" ; then
+ echo '### Test disabled by "TEST_META=no"; unset TEST_META to re-enable'
+ echo ""
+ exit 0
+else
+ echo "### this test is experimental; in case of problems,"
+ echo "### set \"TEST_META=no\" to disable, and report thru"
+ echo "### the Issue Tracking System <http://www.openldap.org/its/>"
+ echo ""
+fi
+
+rm -rf $TESTDIR
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+# NOTE: this could be added to all tests...
+if test "$BACKEND" = "bdb" || test "$BACKEND" = "hdb" ; then
+ if test "x$DB_CONFIG" != "x" ; then \
+ if test -f $DB_CONFIG ; then
+ echo "==> using DB_CONFIG \"$DB_CONFIG\""
+ cp $DB_CONFIG $DBDIR1
+ cp $DB_CONFIG $DBDIR2
+ else
+ echo "==> DB_CONFIG must point to a valid file (ignored)"
+ fi
+ else
+ echo "==> set \"DB_CONFIG\" to the DB_CONFIG file you want to use for the test."
+ fi
+ echo ""
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to populate the database..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDERED > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND $MONITORDB < $METACONF2 > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to populate the database..."
+$LDAPADD -D "$METAMANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD < \
+ $LDIFMETA >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT3..."
+. $CONFFILTER $BACKEND $MONITORDB < $METACONF > $CONF3
+$SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT3 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+mkdir -p $TESTDIR/$DATADIR
+METABASEDN="o=Example,c=US"
+for f in $DATADIR/do_* ; do
+ sed -e "s;$BASEDN;$METABASEDN;" $f > $TESTDIR/$f
+done
+
+# add a read that matches only the local database, but selects
+# also the remote as candidate; this should be removed to compare
+# execution times with test008...
+for f in $TESTDIR/$DATADIR/do_read.* ; do
+ echo "ou=Meta,$METABASEDN" >> $f
+done
+
+# add a read that matches a referral in the local database only,
+# but selects also the remote as candidate; this should be removed
+# to compare execution times with test008...
+for f in $TESTDIR/$DATADIR/do_read.* ; do
+ echo "cn=Somewhere,ou=Meta,$METABASEDN" >> $f
+done
+
+echo "Using tester for concurrent server access..."
+$SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR/$DATADIR" -h $LOCALHOST -p $PORT3 \
+ -D "cn=Manager,$METABASEDN" -w $PASSWD -l 50 -r 20 -F
+RC=$?
+
+if test $RC != 0 ; then
+ echo "slapd-tester failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to retrieve all the entries..."
+$LDAPSEARCH -S "" -b "$METABASEDN" -h $LOCALHOST -p $PORT3 \
+ 'objectClass=*' > $SEARCHOUT 2>&1
+RC=$?
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $METACONCURRENCYOUT > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - slapd-meta search/modification didn't succeed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test036-meta-concurrency
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test037-manage
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test037-manage (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test037-manage 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,245 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test037-manage,v 1.8.2.5 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+$SLAPADD -f $CONF1 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd Manage operations..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# ITS#3898: #ifndef LDAP_DEVEL, the control is not available
+MANAGEDITOID="1.3.6.1.4.1.4203.666.5.12"
+case `$LDAPSEARCH -s base -b "" -h $LOCALHOST -p $PORT1 \
+ '(supportedControl:objectIdentifierMatch:='${MANAGEDITOID}')' \
+ supportedControl | grep "supportedControl: ${MANAGEDITOID}"` in
+"supportedControl: ${MANAGEDITOID}")
+ ;;
+*)
+ echo "The \"manageDIT\" control appears to be unsupported; test disabled"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 0
+ ;;
+esac
+
+echo "Testing modify, add, and delete..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ -e \!manageDIT > \
+ $TESTOUT 2>&1 << EOMODS
+version: 1
+#
+# Working Tests
+#
+
+#
+# ObjectClass tests
+#
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+# add obsolete auxiliary objectclass
+changetype: modify
+add: objectClass
+objectClass: obsoletePerson
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+# add obsolete attribute
+changetype: modify
+add: testObsolete
+testObsolete: TRUE
+
+#
+# create/modify timestamp test
+#
+
+dn: ou=Groups,dc=example,dc=com
+# change creatorsName
+changetype: modify
+replace: creatorsName
+creatorsName: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+# change modifiersName
+changetype: modify
+replace: modifiersName
+modifiersName: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+
+dn: dc=example,dc=com
+# change timestamps
+changetype: modify
+replace: modifyTimestamp
+modifyTimestamp: 19700101000000Z
+-
+replace: createTimestamp
+createTimestamp: 19700101000000Z
+-
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+# change entryUUID
+changetype: modify
+replace: entryUUID
+entryUUID: badbadba-dbad-1029-92f7-badbadbadbad
+
+dn: cn=All Staff,dc=example,dc=com
+changetype: add
+objectClass: groupOfNames
+cn: All Staff
+member:
+creatorsName: cn=Someone
+createTimestamp: 19700101000000Z
+modifiersName: cn=Someone Else
+modifyTimestamp: 19700101000000Z
+entryUUID: badbadef-dbad-1029-92f7-badbadbadbad
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing modify, add, and delete..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ -e \!manageDIT > \
+ $TESTOUT 2>&1 << EOMODS
+version: 1
+#
+# Non-working tests
+#
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+# update structural object class of entry via objectClass replace
+changetype: modify
+replace: objectClass
+objectClass: obsoletePerson
+-
+replace: structuralObjectClass
+structuralObjectClass: testPerson
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+# update structural object class of entry via objectClass add
+changetype: modify
+add: objectClass
+objectClass: testPerson
+-
+replace: structuralObjectClass
+structuralObjectClass: testPerson
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+# update structural object class of entry via objectClass delete/add
+changetype: modify
+delete: objectClass
+objectClass: OpenLDAPperson
+-
+add: objectClass
+objectClass: testPerson
+-
+delete: structuralObjectClass
+-
+add: structuralObjectClass
+structuralObjectClass: testPerson
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)! IGNORED"
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+# exit $RC
+fi
+
+echo "Using ldapsearch to retrieve all the entries..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'objectClass=*' '*' creatorsName modifiersName > $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+$LDAPSEARCH -S "" -b "$BASEDN" -s base -h $LOCALHOST -p $PORT1 \
+ 'objectClass=*' '*' creatorsName createTimestamp \
+ modifiersName modifyTimestamp >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(cn=All Staff)' '*' entryUUID >> $SEARCHOUT 2>&1
+RC=$?
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+LDIF=$MANAGEOUT
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - manage operations did not complete correctly"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test037-manage
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test038-retcode
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test038-retcode (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test038-retcode 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,109 @@
+#! /bin/sh
+# $Header$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $RETCODE = retcodeno; then
+ echo "Retcode overlay not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $MCONF > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $RETCODECONF > $CONF1
+$SLAPINDEX -f $CONF1
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing search for timelimitExceeded..."
+$LDAPSEARCH -b "cn=timelimitExceeded,ou=RetCodes,$BASEDN" \
+ -h $LOCALHOST -p $PORT1 '(objectClass=*)' >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 3 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing modify for unwillingToPerform..."
+$LDAPMODIFY -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+dn: cn=unwillingToPerform,ou=RetCodes,$BASEDN
+changetype: delete
+EOMODS
+RC=$?
+if test $RC != 53 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing compare for success after sleep (2 s)..."
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \
+ "cn=Success w/ Delay,ou=RetCodes,$BASEDN" "cn:foo" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test038-retcode
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test039-glue-ldap-concurrency
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test039-glue-ldap-concurrency (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test039-glue-ldap-concurrency 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,201 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test039-glue-ldap-concurrency,v 1.1.2.8 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+echo ""
+
+if test $BACKLDAP = ldapno ; then
+ echo "ldap backend not available, test skipped"
+ exit 0
+fi
+
+if test $RWM = rwmno ; then
+ echo "rwm (rewrite/remap) overlay not available, test skipped"
+ exit 0
+fi
+
+rm -rf $TESTDIR
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to populate the database..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDERED > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND $MONITORDB < $METACONF2 > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to populate the database..."
+$LDAPADD -D "$METAMANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD < \
+ $LDIFMETA >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT3..."
+. $CONFFILTER $BACKEND $MONITORDB < $GLUELDAPCONF > $CONF3
+$SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT3 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+mkdir -p $TESTDIR/$DATADIR
+METABASEDN="o=Example,c=US"
+for f in $DATADIR/do_* ; do
+ sed -e "s;$BASEDN;$METABASEDN;" $f > $TESTDIR/$f
+done
+
+# add a read that matches only the local database, but selects
+# also the remote as candidate; this should be removed to compare
+# execution times with test008...
+for f in $TESTDIR/$DATADIR/do_read.* ; do
+ echo "ou=Meta,$METABASEDN" >> $f
+done
+
+# add a read that matches a referral in the local database only,
+# but selects also the remote as candidate; this should be removed
+# to compare execution times with test008...
+for f in $TESTDIR/$DATADIR/do_read.* ; do
+ echo "cn=Somewhere,ou=Meta,$METABASEDN" >> $f
+done
+
+echo "Using tester for concurrent server access..."
+$SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR/$DATADIR" -h $LOCALHOST -p $PORT3 \
+ -D "cn=Manager,$METABASEDN" -w $PASSWD -l 50 -r 20 -F
+RC=$?
+
+if test $RC != 0 ; then
+ echo "slapd-tester failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to retrieve all the entries..."
+$LDAPSEARCH -S "" -b "$METABASEDN" -h $LOCALHOST -p $PORT3 \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $METACONCURRENCYOUT > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - slapd-ldap search/modification didn't succeed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
+
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test039-glue-ldap-concurrency
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test040-subtree-rename
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test040-subtree-rename (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test040-subtree-rename 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,209 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test040-subtree-rename,v 1.1.2.4 2007/01/02 21:44:13 kurt Exp $ */
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+case $BACKEND in
+hdb)
+ ;;
+*)
+ echo "subtree rename not supported by back-$BACKEND"
+ exit 0
+esac
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $TESTOUT
+cat /dev/null > $SEARCHOUT
+
+# Add
+echo "Populating the database..."
+echo "# Populating the database..." >> $TESTOUT
+$LDAPADD -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOMODS0
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: ou=Parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Parent
+
+dn: ou=Another parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Another parent
+
+dn: ou=Child,ou=Parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Child
+
+dn: ou=Grandchild,ou=Child,ou=Parent,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Grandchild
+EOMODS0
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Searching all database..."
+echo "# Searching all database (after add)..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Rename (PASS1)
+echo "Renaming (PASS1)..."
+echo "# Renaming (PASS1)..." >> $TESTOUT
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOMODS1
+dn: ou=Child,ou=Parent,dc=example,dc=com
+changetype: modrdn
+newrdn: ou=Renamed child
+deleteoldrdn: 0
+EOMODS1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Searching all database..."
+echo "# Searching all database (after PASS1)..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Rename (PASS2)
+echo "Renaming (PASS2)..."
+echo "# Renaming (PASS2)..." >> $TESTOUT
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOMODS2
+dn: ou=Parent,dc=example,dc=com
+changetype: modrdn
+newrdn: ou=Renamed parent
+deleteoldrdn: 0
+EOMODS2
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Searching all database..."
+echo "# Searching all database (after PASS2)..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Rename (PASS3)
+echo "Renaming (PASS3)..."
+echo "# Renaming (PASS3)..." >> $TESTOUT
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOMODS3
+dn: ou=Renamed child,ou=Renamed parent,dc=example,dc=com
+changetype: modrdn
+newrdn: ou=Renamed child
+deleteoldrdn: 0
+newsuperior: ou=Another parent,dc=example,dc=com
+EOMODS3
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Searching all database..."
+echo "# Searching all database (after PASS3)..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=$SUBTREERENAMEOUT
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test040-subtree-rename
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test041-aci
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test041-aci (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test041-aci 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,261 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test041-aci,v 1.3.2.8 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "Test disabled."
+exit 0
+
+case "$BACKEND" in
+bdb|hdb|ldbm)
+ ;;
+*)
+ echo "Test does not support $BACKEND backend"
+ exit 0
+ ;;
+esac
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test "$ACI" = "acino" ; then
+ echo "ACI not enabled, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $ACICONF > $CONF1
+$SLAPADD -f $CONF1 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd ACI access control..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+cat /dev/null > $TESTOUT
+
+# Search must fail
+BASEDN="dc=example,dc=com"
+echo "Searching \"$BASEDN\" (should fail)..."
+echo "# Searching \"$BASEDN\" (should fail)..." >> $SEARCHOUT
+$LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT
+RC=$?
+if test $RC != 32 ; then
+ echo "ldapsearch should have failed with noSuchObject ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ if test $RC = 0 ; then
+ exit -1
+ fi
+ exit $RC
+fi
+
+# Bind must fail
+BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjensen
+echo "Testing ldapwhoami as ${BINDDN} (should fail)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW
+RC=$?
+if test $RC = 0 ; then
+ echo "ldapwhoami should have failed!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+fi
+
+# Populate ACIs
+echo "Writing ACIs as \"$MANAGERDN\"..."
+$LDAPMODIFY -D "$MANAGERDN" -w $PASSWD -h $LOCALHOST -p $PORT1 \
+ >> $TESTOUT 2>&1 << EOMODS0
+dn: dc=example,dc=com
+changetype: modify
+add: OpenLDAPaci
+OpenLDAPaci: 0#subtree#grant;d,c,s,r;[all]#group/groupOfUniqueNames/uniqueMe
+ mber#cn=ITD Staff,ou=Groups,dc=example,dc=com
+OpenLDAPaci: 1#entry#grant;d;[all]#public#
+
+dn: ou=People,dc=example,dc=com
+changetype: modify
+add: OpenLDAPaci
+OpenLDAPaci: 0#subtree#grant;x;userPassword#public#
+OpenLDAPaci: 1#subtree#grant;w;userPassword#self#
+OpenLDAPaci: 2#subtree#grant;w;userPassword#access-id#cn=Bjorn Jensen,ou=Inf
+ ormation Technology Division,ou=People,dc=example,dc=com
+
+dn: ou=Groups,dc=example,dc=com
+changetype: modify
+add: OpenLDAPaci
+OpenLDAPaci: 0#entry#grant;s;[all]#public#
+OpenLDAPaci: 1#children#grant;r;member;r;uniqueMember#access-id#cn=Bjorn Jen
+ sen,ou=Information Technology Division,ou=People,dc=example,dc=com
+EOMODS0
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Search must succeed with no results
+BASEDN="dc=example,dc=com"
+echo "Searching \"$BASEDN\" (should succeed with no results)..."
+echo "# Searching \"$BASEDN\" (should succeed with no results)..." >> $SEARCHOUT
+$LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT
+RC=$?
+if test $RC != 0 ; then
+ ### TEMPORARY (see ITS#3963)
+ echo "ldapsearch failed ($RC)! IGNORED..."
+ ###echo "ldapsearch failed ($RC)!"
+ ###test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ ###exit $RC
+fi
+
+BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjensen
+echo "Testing ldapwhoami as ${BINDDN}..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Search must succeed
+BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjorn
+BASEDN="dc=example,dc=com"
+echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..."
+echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..." >> $SEARCHOUT
+$LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ -D "$BINDDN" -w "$BINDPW" \
+ '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Passwd must succeed
+BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjorn
+TGT="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+NEWPW=jdoe
+echo "Setting \"$TGT\" password..."
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w "$BINDPW" -s "$NEWPW" \
+ -D "$BINDDN" "$TGT" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Re-change as self...
+echo "Changing self password..."
+BINDDN="$TGT"
+BINDPW=$NEWPW
+TGT="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+NEWPW=newcred
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+ -w "$BINDPW" -s "$NEWPW" \
+ -D "$BINDDN" "$TGT" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Searching groups
+BINDPW=$NEWPW
+BASEDN="ou=Groups,dc=example,dc=com"
+echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..."
+echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..." >> $SEARCHOUT
+$LDAPSEARCH -s one -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ -D "$BINDDN" -w "$BINDPW" \
+ '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Search must fail
+BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjensen
+echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..."
+echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..." >> $SEARCHOUT
+$LDAPSEARCH -s one -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ -D "$BINDDN" -w "$BINDPW" \
+ '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=$ACIOUT
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - operations did not complete correctly"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test041-aci
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test042-valsort
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test042-valsort (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test042-valsort 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,221 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test042-valsort,v 1.1.2.4 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $VALSORT = valsortno; then
+ echo "Valsort overlay not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $VALSORTCONF > $CONF1
+$SLAPADD -f $CONF1 -l $LDIFVALSORT
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd sorted values operations..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing ascending and weighted sort"
+
+FILTER="objectClass=*"
+$LDAPSEARCH -b "$VALSORTBASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $VALSORTOUT1 > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+echo "Reconfiguring slapd to test valsort descending"
+
+$LDAPMODIFY -x -D cn=config -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+version: 1
+dn: olcOverlay={0}valsort,olcDatabase={1}$BACKEND,cn=config
+changetype: modify
+replace: olcValSortAttr
+olcValSortAttr: employeeType "ou=users,o=valsort" weighted alpha-descend
+olcValSortAttr: ou "ou=users,o=valsort" weighted
+olcValSortAttr: mailPreferenceOption "ou=users,o=valsort" numeric-descend
+olcValSortAttr: departmentNumber "ou=users,o=valsort" alpha-descend
+olcValSortAttr: sn "ou=users,o=valsort" alpha-descend
+
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing descending and weighted sort"
+
+$LDAPSEARCH -b "$VALSORTBASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $VALSORTOUT2 > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+echo "Adding a valsort record with weighted ou..."
+
+$LDAPADD -D "$VALSORTDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ > /dev/null << EOTVALSORT1
+dn: uid=dave,ou=users,o=valsort
+objectClass: OpenLDAPperson
+uid: dave
+sn: nothere
+cn: dave
+businessCategory: otest
+carLicense: TEST
+departmentNumber: 42
+displayName: Dave
+employeeNumber: 69
+employeeType: {1}contractor
+givenName: Dave
+ou: {1}Test
+ou: {3}Okay
+ou: {2}Is
+EOTVALSORT1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+#echo ----------------------
+#$LDAPSEARCH -b "o=valsort" -h $LOCALHOST -p $PORT1
+
+echo "Adding a non-weighted valsort record with ou..."
+
+$LDAPADD -D "$VALSORTDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOTVALSORT2
+dn: uid=bill,ou=users,o=valsort
+objectClass: OpenLDAPperson
+uid: bill
+sn: johnson
+cn: bill
+businessCategory: rtest
+carLicense: ABC123
+departmentNumber: 42
+displayName: Bill
+employeeNumber: 5150
+employeeType: {1}contractor
+givenName: Bill
+ou: Test
+ou: Okay
+ou: Is
+EOTVALSORT2
+
+RC=$?
+if test $RC != 19 ; then
+ echo "valsort check failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+fi
+
+$LDAPSEARCH -b "$VALSORTBASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $VALSORTOUT3 > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test042-valsort
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test043-delta-syncrepl
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test043-delta-syncrepl (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test043-delta-syncrepl 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,350 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test043-delta-syncrepl,v 1.1.2.5 2007/01/02 21:44:13 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+if test "$BACKEND" != "bdb" && test "$BACKEND" != "hdb" ; then
+ echo "Test does not support $BACKEND"
+ exit 0
+fi
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $SYNCPROV = syncprovno; then
+ echo "Syncrepl provider overlay not available, test skipped"
+ exit 0
+fi
+if test $ACCESSLOG = accesslogno; then
+ echo "Accesslog overlay not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR2
+
+#
+# Test replication:
+# - start master
+# - start slave
+# - populate over ldap
+# - perform some modifies and deleted
+# - attempt to modify the slave (referral or chain)
+# - retrieve database over ldap and compare against expected results
+#
+
+echo "Starting master slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $DSRMASTERCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that master slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to create the context prefix entries in the master..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDEREDCP > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting slave slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND $MONITORDB < $DSRSLAVECONF > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVEPID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slave slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to populate the master directory..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+ $LDIFORDEREDNOCP > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Waiting 15 seconds for syncrepl to receive changes..."
+sleep 15
+
+echo "Stopping the provider, sleeping 10 seconds and restarting it..."
+kill -HUP "$PID"
+sleep 10
+echo "RESTART" >> $LOG1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID $SLAVEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that master slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapmodify to modify master directory..."
+
+#
+# Do some modifications
+#
+
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com
+changetype: modify
+add: drink
+drink: Orange Juice
+-
+delete: sn
+sn: Jones
+-
+add: sn
+sn: Jones
+
+dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: modify
+replace: drink
+drink: Iced Tea
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+delete: uniquemember
+uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com
+uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+-
+add: uniquemember
+uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, dc=example,dc=com
+uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+delete: description
+
+dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+cn: Gern Jensen
+sn: Jensen
+uid: gjensen
+title: Chief Investigator, ITD
+postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103
+seealso: cn=All Staff, ou=Groups, dc=example,dc=com
+drink: Coffee
+homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104
+description: Very odd
+facsimiletelephonenumber: +1 313 555 7557
+telephonenumber: +1 313 555 8343
+mail: gjensen at mailgw.example.com
+homephone: +1 313 555 8844
+
+dn: ou=Retired, ou=People, dc=example,dc=com
+changetype: add
+objectclass: organizationalUnit
+ou: Retired
+
+dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+cn: Rosco P. Coltrane
+sn: Coltrane
+uid: rosco
+description: Fat tycoon
+
+dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: modrdn
+newrdn: cn=Rosco P. Coltrane
+deleteoldrdn: 1
+newsuperior: ou=Retired, ou=People, dc=example,dc=com
+
+dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: delete
+
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Waiting 15 seconds for syncrepl to receive changes..."
+sleep 15
+
+echo "Stopping consumer to test recovery..."
+kill -HUP $SLAVEPID
+sleep 10
+
+echo "Modifying more entries on the master..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=Rosco P. Coltrane, ou=Retired, ou=People, dc=example,dc=com
+changetype: delete
+
+dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: modify
+add: drink
+drink: Mad Dog 20/20
+
+dn: cn=Rosco P. Coltrane, ou=Retired, ou=People, dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+sn: Coltrane
+uid: rosco
+cn: Rosco P. Coltrane
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: modify
+replace: drink
+EOMODS
+
+echo "Restarting consumer..."
+echo "RESTART" >> $LOG2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING >> $LOG2 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVEPID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$PID $SLAVEPID"
+
+echo "Waiting 25 seconds for syncrepl to receive changes..."
+sleep 25
+
+if test ! $BACKLDAP = "ldapno" ; then
+ echo "Try updating the slave slapd..."
+ $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
+changetype: modify
+add: description
+description: This write must fail because directed to a shadow context,
+description: unless the chain overlay is configured appropriately ;)
+
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Waiting 15 seconds for syncrepl to receive changes..."
+ sleep 15
+fi
+
+echo "Using ldapsearch to read all the entries from the master..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > $MASTEROUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries from the slave..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > $SLAVEOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at slave ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo "Filtering master results..."
+. $LDIFFILTER < $MASTEROUT > $MASTERFLT
+echo "Filtering slave results..."
+. $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
+
+echo "Comparing retrieved entries from master and slave..."
+$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - master and slave databases differ"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test043-delta-syncrepl
___________________________________________________________________
Name: svn:executable
+
Added: openldap/vendor/openldap-2.3.35/tests/scripts/test044-dynlist
===================================================================
--- openldap/vendor/openldap-2.3.35/tests/scripts/test044-dynlist (rev 0)
+++ openldap/vendor/openldap-2.3.35/tests/scripts/test044-dynlist 2007-05-23 18:54:14 UTC (rev 793)
@@ -0,0 +1,451 @@
+#! /bin/sh
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $DYNLIST = "dynlistno" ; then
+ echo "dynlist overlay not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $MCONF > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+. $CONFFILTER $BACKEND $MONITORDB < $DYNLISTCONF > $CONF1
+echo "dynlist-attrset groupOfURLs memberURL" >> $CONF1
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF1
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+LISTDN="ou=Dynamic Lists,$BASEDN"
+echo "Adding a dynamic list..."
+$LDAPADD -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ > $TESTOUT 2>&1 << EOMODS
+dn: $LISTDN
+objectClass: organizationalUnit
+ou: Dynamic Lists
+
+dn: cn=Dynamic List,$LISTDN
+objectClass: groupOfURLs
+cn: Dynamic List
+memberURL: ldap:///ou=People,${BASEDN}?cn,mail?sub?(objectClass=person)
+EOMODS
+
+echo "Testing list search of all attrs..."
+echo "# Testing list search of all attrs..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \
+ '(cn=Dynamic List)' '*' \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing list search of a listed attr..."
+echo "# Testing list search of a listed attr..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \
+ '(cn=Dynamic List)' mail \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing list search of a non-listed attr..."
+echo "# Testing list search of a non-listed attr..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \
+ '(cn=Dynamic List)' objectClass \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing list search with (critical) manageDSAit..."
+echo "# Testing list search with (critical) manageDSAit..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 -MM \
+ '(cn=Dynamic List)' '*' \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing list compare..."
+echo "# Testing list compare..." >> $SEARCHOUT
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \
+ "cn=Dynamic List,$LISTDN" "cn:Bjorn Jensen" \
+ >> $SEARCHOUT 2>&1
+RC=$?
+case $RC in
+5)
+ echo "ldapcompare returned FALSE ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+6)
+ echo "ldapcompare returned TRUE ($RC)"
+ ;;
+0)
+ echo "ldapcompare returned success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+echo "" >> $SEARCHOUT
+
+echo "Testing list compare (should return FALSE)..."
+echo "# Testing list compare (should return FALSE)..." >> $SEARCHOUT
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \
+ "cn=Dynamic List,$LISTDN" "cn:FALSE" \
+ >> $SEARCHOUT 2>&1
+RC=$?
+case $RC in
+5)
+ echo "ldapcompare returned FALSE ($RC)"
+ ;;
+6)
+ echo "ldapcompare returned TRUE ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+0)
+ echo "ldapcompare returned success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+echo "" >> $SEARCHOUT
+
+echo "Testing list compare (should return UNDEFINED)..."
+echo "# Testing list compare (should return UNDEFINED)..." >> $SEARCHOUT
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \
+ "cn=Dynamic List,$LISTDN" "dc:UNDEFINED" \
+ >> $SEARCHOUT 2>&1
+RC=$?
+case $RC in
+5)
+ echo "ldapcompare returned FALSE ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+6)
+ echo "ldapcompare returned TRUE ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+16|32)
+ echo "ldapcompare returned UNDEFINED ($RC)"
+ ;;
+0)
+ echo "ldapcompare returned success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapcompare failed ($RC)"
+ ;;
+esac
+echo "" >> $SEARCHOUT
+
+echo "Testing list compare with manageDSAit..."
+echo "# Testing list compare with manageDSAit..." >> $SEARCHOUT
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 -MM \
+ "cn=Dynamic List,$LISTDN" "cn:Bjorn Jensen" \
+ >> $SEARCHOUT 2>&1
+RC=$?
+case $RC in
+5)
+ echo "ldapcompare returned FALSE ($RC)"
+ ;;
+6)
+ echo "ldapcompare returned TRUE ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+0)
+ echo "ldapcompare returned success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+echo "" >> $SEARCHOUT
+
+echo "Stopping slapd..."
+kill -HUP $KILLPIDS
+wait $KILLPIDS
+
+echo "Reconfiguring slapd..."
+. $CONFFILTER $BACKEND $MONITORDB < $DYNLISTCONF > $CONF1
+echo "dynlist-attrset groupOfURLs memberURL member" >> $CONF1
+
+echo "==========================================================" >> $LOG1
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding a dynamic list..."
+$LDAPADD -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ > $TESTOUT 2>&1 << EOMODS
+dn: cn=Dynamic List of Members,$LISTDN
+objectClass: groupOfURLs
+cn: Dynamic List of Members
+memberURL: ldap:///ou=People,${BASEDN}??sub?(objectClass=person)
+EOMODS
+
+echo "Testing list search of all attrs..."
+echo "# Testing list search of all attrs..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \
+ '(cn=Dynamic List of Members)' '*' \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing list search of a listed attr..."
+echo "# Testing list search of a listed attr..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \
+ '(cn=Dynamic List of Members)' member \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing list search of a non-listed attr..."
+echo "# Testing list search of a non-listed attr..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \
+ '(cn=Dynamic List of Members)' objectClass \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing list search with (critical) manageDSAit..."
+echo "# Testing list search with (critical) manageDSAit..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 -MM \
+ '(&(cn=Dynamic List of Members)(objectClass=groupOfURLs))' '*' \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+CMPDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,$BASEDN"
+echo "Testing list compare..."
+echo "# Testing list compare..." >> $SEARCHOUT
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \
+ "cn=Dynamic List of Members,$LISTDN" "member:$CMPDN" \
+ >> $SEARCHOUT 2>&1
+RC=$?
+case $RC in
+5)
+ echo "ldapcompare returned FALSE ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+6)
+ echo "ldapcompare returned TRUE ($RC)"
+ ;;
+0)
+ echo "ldapcompare returned success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+echo "" >> $SEARCHOUT
+
+echo "Testing list compare (should return FALSE)..."
+echo "# Testing list compare (should return FALSE)..." >> $SEARCHOUT
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \
+ "cn=Dynamic List of Members,$LISTDN" "member:cn=Foo Bar" \
+ >> $SEARCHOUT 2>&1
+RC=$?
+case $RC in
+5)
+ echo "ldapcompare returned FALSE ($RC)"
+ ;;
+6)
+ echo "ldapcompare returned TRUE ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+0)
+ echo "ldapcompare returned success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+echo "" >> $SEARCHOUT
+
+echo "Testing list compare with manageDSAit..."
+echo "# Testing list compare with manageDSAit..." >> $SEARCHOUT
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 -MM \
+ "cn=Dynamic List,$LISTDN" "member:$CMPDN" \
+ >> $SEARCHOUT 2>&1
+RC=$?
+case $RC in
+5)
+ echo "ldapcompare returned FALSE ($RC)"
+ ;;
+6)
+ echo "ldapcompare returned TRUE ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+0)
+ echo "ldapcompare returned success ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+echo "" >> $SEARCHOUT
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=$DYNLISTOUT
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+exit 0
Property changes on: openldap/vendor/openldap-2.3.35/tests/scripts/test044-dynlist
___________________________________________________________________
Name: svn:executable
+
More information about the Pkg-openldap-devel
mailing list